From 8e4701559479c66ed6644ffc77506984f95e52ba Mon Sep 17 00:00:00 2001 From: Arvind Iyengar Date: Wed, 18 Aug 2021 11:06:18 -0700 Subject: [PATCH 1/9] Remove charts, assets, and index.yaml --- .../ambassador-6.7.1100+up6.7.11.tgz | Bin 53616 -> 0 bytes assets/ambassador/ambassador-6.7.1100.tgz | Bin 53609 -> 0 bytes .../artifactory-ha-3.0.1400.tgz | Bin 146674 -> 0 bytes .../artifactory-ha/artifactory-ha-4.13.0.tgz | Bin 158052 -> 0 bytes .../artifactory-ha-4.13.000.tgz | Bin 158049 -> 0 bytes .../artifactory-ha/artifactory-ha-4.7.600.tgz | Bin 156835 -> 0 bytes .../artifactory-jcr-2.5.100.tgz | Bin 144516 -> 0 bytes .../artifactory-jcr/artifactory-jcr-3.4.0.tgz | Bin 154560 -> 0 bytes .../artifactory-jcr-3.4.000.tgz | Bin 154564 -> 0 bytes ...-istio-ingress-gateway-1.2.100+up1.2.1.tgz | Bin 9487 -> 0 bytes ...trix-adc-istio-ingress-gateway-1.2.100.tgz | Bin 9482 -> 0 bytes ...h-ingress-controller-1.8.2800+up1.8.28.tgz | Bin 16368 -> 0 bytes ...x-cpx-with-ingress-controller-1.8.2800.tgz | Bin 16365 -> 0 bytes assets/cloudcasa/cloudcasa-0.1.000.tgz | Bin 25878 -> 0 bytes assets/cloudcasa/cloudcasa-1.0.0.tgz | Bin 25872 -> 0 bytes assets/cloudcasa/cloudcasa-1.tgz | Bin 25887 -> 0 bytes assets/cloudcasa/cloudcasa-2.0.0.tgz | Bin 26853 -> 0 bytes .../cockroachdb-4.1.200+up4.1.2.tgz | Bin 20204 -> 0 bytes assets/cockroachdb/cockroachdb-4.1.200.tgz | Bin 20191 -> 0 bytes .../csi-wekafsplugin-0.6.400+up0.6.4.tgz | Bin 4784 -> 0 bytes .../csi-wekafs/csi-wekafsplugin-0.6.400.tgz | Bin 4769 -> 0 bytes assets/datadog/datadog-2.4.200+up2.4.2.tgz | Bin 47672 -> 0 bytes assets/datadog/datadog-2.4.200.tgz | Bin 47754 -> 0 bytes .../dynatrace-oneagent-operator-0.8.0.tgz | Bin 30364 -> 0 bytes .../dynatrace-oneagent-operator-0.8.000.tgz | Bin 30369 -> 0 bytes .../falcon-sensor-0.9.300+up0.9.3.tgz | Bin 6460 -> 0 bytes .../falcon-sensor/falcon-sensor-0.9.300.tgz | Bin 6457 -> 0 bytes .../federatorai-4.5.100+up4.5.1.tgz | Bin 17202 -> 0 bytes assets/federatorai/federatorai-4.5.100.tgz | Bin 17200 -> 0 bytes assets/haproxy/haproxy-1.12.100.tgz | Bin 12185 -> 0 bytes assets/haproxy/haproxy-1.12.500+up1.12.5.tgz | Bin 12587 -> 0 bytes assets/haproxy/haproxy-1.12.500.tgz | Bin 12583 -> 0 bytes assets/haproxy/haproxy-1.4.300.tgz | Bin 10529 -> 0 bytes .../hpe-csi-driver/hpe-csi-driver-1.3.000.tgz | Bin 9098 -> 0 bytes .../hpe-csi-driver-1.4.200+up1.4.2.tgz | Bin 12873 -> 0 bytes .../hpe-csi-driver/hpe-csi-driver-1.4.200.tgz | Bin 12871 -> 0 bytes .../hpe-csi-driver/hpe-csi-driver-2.0.0.tgz | Bin 14684 -> 0 bytes .../hpe-flexvolume-driver-3.1.0.tgz | Bin 8833 -> 0 bytes .../hpe-flexvolume-driver-3.1.000.tgz | Bin 8836 -> 0 bytes .../instana-agent-1.0.2900+up1.0.29.tgz | Bin 10471 -> 0 bytes .../instana-agent/instana-agent-1.0.2900.tgz | Bin 10460 -> 0 bytes ...-triliovault-operator-2.0.500+upv2.0.5.tgz | Bin 9232 -> 0 bytes .../k8s-triliovault-operator-2.0.500.tgz | Bin 9220 -> 0 bytes .../k8s-triliovault-operator-v2.0.200.tgz | Bin 12362 -> 0 bytes assets/kubecost/cost-analyzer-1.70.0.tgz | Bin 107875 -> 0 bytes assets/kubecost/cost-analyzer-1.70.000.tgz | Bin 107869 -> 0 bytes assets/logos/cloudcasa.png | Bin 21688 -> 0 bytes assets/neuvector/neuvector-1.8.0.tgz | Bin 12279 -> 0 bytes .../nutanix-csi-storage-2.3.100+up2.3.1.tgz | Bin 11372 -> 0 bytes .../nutanix-csi-storage-2.3.100.tgz | Bin 11370 -> 0 bytes assets/openebs/openebs-1.12.300+up1.12.3.tgz | Bin 12561 -> 0 bytes assets/openebs/openebs-1.12.300.tgz | Bin 12558 -> 0 bytes assets/openebs/openebs-2.11.0.tgz | Bin 164406 -> 0 bytes .../portshift-operator-0.1.0.tgz | Bin 3391 -> 0 bytes .../portshift-operator-0.1.000.tgz | Bin 3392 -> 0 bytes .../control-agent-2.0.100+up2.0.1.tgz | Bin 5077 -> 0 bytes assets/streamsets/control-agent-2.0.100.tgz | Bin 5071 -> 0 bytes assets/sysdig/sysdig-1.9.200+up1.9.2.tgz | Bin 17708 -> 0 bytes assets/sysdig/sysdig-1.9.200.tgz | Bin 17705 -> 0 bytes ...sal-crossplane-1.2.200100+up1.2.2-up.1.tgz | Bin 11603 -> 0 bytes .../universal-crossplane-1.2.200100.tgz | Bin 11597 -> 0 bytes .../ambassador/6.7.1100+up6.7.11/.helmignore | 23 - .../ambassador/6.7.1100+up6.7.11/CHANGELOG.md | 528 -- .../6.7.1100+up6.7.11/CONTRIBUTING.md | 23 - .../ambassador/6.7.1100+up6.7.11/Chart.yaml | 28 - .../ambassador/6.7.1100+up6.7.11/Makefile | 37 - .../ambassador/6.7.1100+up6.7.11/README.md | 478 -- .../ambassador/6.7.1100+up6.7.11/RELEASE.tpl | 8 - .../6.7.1100+up6.7.11/RELEASE_TITLE.tpl | 1 - .../6.7.1100+up6.7.11/app-readme.md | 13 - .../6.7.1100+up6.7.11/ci/01-psp-values.yaml | 40 - .../6.7.1100+up6.7.11/ci/02-oss-values.yaml | 8 - .../ci/05-auth-disabled-values.yaml | 8 - .../6.7.1100+up6.7.11/ci/06-hpa-values.yaml | 8 - .../ci/08-single-namespace-values.yaml | 8 - .../ci/09-redis-false-values.yaml | 9 - .../ci/12-daemonset-values.yaml | 7 - .../ci/13-rl-disabled-values.yaml | 8 - .../ci/14-deployment-labels.yaml | 3 - .../ci/15-test-resolvers.yaml | 11 - .../6.7.1100+up6.7.11/ci/16-test-module.yaml | 9 - .../6.7.1100+up6.7.11/ci/17-svc-preview.yaml | 5 - .../ci/check_updated_changelog.sh | 21 - .../ci/tests/manifests/backend.yaml | 47 - .../ci/tests/manifests/ci-default-values.yaml | 9 - .../ci/tests/manifests/helm-init.yaml | 18 - .../ci/tests/manifests/helm2-values.yaml | 6 - .../ci/tests/manifests/tls.yaml | 18 - .../ci/update_chart_changelog.sh | 53 - .../6.7.1100+up6.7.11/crds/filter.yaml | 27 - .../6.7.1100+up6.7.11/crds/filterpolicy.yaml | 27 - .../crds/getambassador.io_authservices.yaml | 115 - .../getambassador.io_consulresolvers.yaml | 58 - .../crds/getambassador.io_devportals.yaml | 109 - .../crds/getambassador.io_hosts.yaml | 246 - ...ssador.io_kubernetesendpointresolvers.yaml | 54 - ...assador.io_kubernetesserviceresolvers.yaml | 54 - .../crds/getambassador.io_logservices.yaml | 83 - .../crds/getambassador.io_mappings.yaml | 431 -- .../crds/getambassador.io_modules.yaml | 56 - .../getambassador.io_ratelimitservices.yaml | 72 - .../crds/getambassador.io_tcpmappings.yaml | 102 - .../crds/getambassador.io_tlscontexts.yaml | 100 - .../getambassador.io_tracingservices.yaml | 101 - .../6.7.1100+up6.7.11/crds/project.yaml | 34 - .../crds/projectcontroller.yaml | 24 - .../crds/projectrevision.yaml | 40 - .../6.7.1100+up6.7.11/crds/ratelimit.yaml | 27 - .../ambassador/6.7.1100+up6.7.11/ct.yaml | 37 - .../6.7.1100+up6.7.11/questions.yml | 84 - .../6.7.1100+up6.7.11/templates/NOTES.txt | 60 - .../6.7.1100+up6.7.11/templates/_helpers.tpl | 117 - .../templates/admin-service.yaml | 64 - .../templates/aes-authservice.yaml | 33 - .../templates/aes-injector.yaml | 161 - .../templates/aes-internal.yaml | 129 - .../templates/aes-ratelimit.yaml | 29 - .../templates/aes-redis.yaml | 106 - .../templates/aes-secret.yaml | 21 - .../templates/ambassador-agent.yaml | 371 -- .../6.7.1100+up6.7.11/templates/config.yaml | 20 - .../templates/crd-delete.yaml | 123 - .../6.7.1100+up6.7.11/templates/crds.yaml | 6 - .../templates/deployment.yaml | 282 - .../templates/exporter-config.yaml | 23 - .../6.7.1100+up6.7.11/templates/hpa.yaml | 26 - .../6.7.1100+up6.7.11/templates/module.yaml | 29 - .../templates/namespace.yaml | 8 - .../templates/oss-migration-test-service.yaml | 33 - .../6.7.1100+up6.7.11/templates/pdb.yaml | 23 - .../templates/podsecuritypolicy.yaml | 25 - .../templates/projects-rbac.yaml | 75 - .../6.7.1100+up6.7.11/templates/projects.yaml | 412 -- .../6.7.1100+up6.7.11/templates/rbac.yaml | 200 - .../templates/resolvers.yaml | 45 - .../6.7.1100+up6.7.11/templates/service.yaml | 81 - .../templates/serviceaccount.yaml | 24 - .../templates/servicemonitor.yaml | 28 - .../templates/tests/test-ready.yaml | 24 - .../templates/traffic-agent-rbac.yaml | 135 - .../templates/traffic-manager.yaml | 190 - .../ambassador/6.7.1100+up6.7.11/values.yaml | 521 -- .../ambassador/6.7.1100/.helmignore | 23 - .../ambassador/6.7.1100/CHANGELOG.md | 528 -- .../ambassador/6.7.1100/CONTRIBUTING.md | 23 - .../ambassador/ambassador/6.7.1100/Chart.yaml | 28 - .../ambassador/ambassador/6.7.1100/Makefile | 37 - .../ambassador/ambassador/6.7.1100/README.md | 478 -- .../ambassador/6.7.1100/RELEASE.tpl | 8 - .../ambassador/6.7.1100/RELEASE_TITLE.tpl | 1 - .../ambassador/6.7.1100/app-readme.md | 13 - .../ambassador/6.7.1100/ci/01-psp-values.yaml | 40 - .../ambassador/6.7.1100/ci/02-oss-values.yaml | 8 - .../6.7.1100/ci/05-auth-disabled-values.yaml | 8 - .../ambassador/6.7.1100/ci/06-hpa-values.yaml | 8 - .../ci/08-single-namespace-values.yaml | 8 - .../6.7.1100/ci/09-redis-false-values.yaml | 9 - .../6.7.1100/ci/12-daemonset-values.yaml | 7 - .../6.7.1100/ci/13-rl-disabled-values.yaml | 8 - .../6.7.1100/ci/14-deployment-labels.yaml | 3 - .../6.7.1100/ci/15-test-resolvers.yaml | 11 - .../6.7.1100/ci/16-test-module.yaml | 9 - .../6.7.1100/ci/17-svc-preview.yaml | 5 - .../6.7.1100/ci/check_updated_changelog.sh | 21 - .../6.7.1100/ci/tests/manifests/backend.yaml | 47 - .../ci/tests/manifests/ci-default-values.yaml | 9 - .../ci/tests/manifests/helm-init.yaml | 18 - .../ci/tests/manifests/helm2-values.yaml | 6 - .../6.7.1100/ci/tests/manifests/tls.yaml | 18 - .../6.7.1100/ci/update_chart_changelog.sh | 53 - .../ambassador/6.7.1100/crds/filter.yaml | 27 - .../6.7.1100/crds/filterpolicy.yaml | 27 - .../crds/getambassador.io_authservices.yaml | 115 - .../getambassador.io_consulresolvers.yaml | 58 - .../crds/getambassador.io_devportals.yaml | 109 - .../6.7.1100/crds/getambassador.io_hosts.yaml | 246 - ...ssador.io_kubernetesendpointresolvers.yaml | 54 - ...assador.io_kubernetesserviceresolvers.yaml | 54 - .../crds/getambassador.io_logservices.yaml | 83 - .../crds/getambassador.io_mappings.yaml | 431 -- .../crds/getambassador.io_modules.yaml | 56 - .../getambassador.io_ratelimitservices.yaml | 72 - .../crds/getambassador.io_tcpmappings.yaml | 102 - .../crds/getambassador.io_tlscontexts.yaml | 100 - .../getambassador.io_tracingservices.yaml | 101 - .../ambassador/6.7.1100/crds/project.yaml | 34 - .../6.7.1100/crds/projectcontroller.yaml | 24 - .../6.7.1100/crds/projectrevision.yaml | 40 - .../ambassador/6.7.1100/crds/ratelimit.yaml | 27 - charts/ambassador/ambassador/6.7.1100/ct.yaml | 37 - .../ambassador/6.7.1100/questions.yml | 84 - .../ambassador/6.7.1100/templates/NOTES.txt | 60 - .../6.7.1100/templates/_helpers.tpl | 117 - .../6.7.1100/templates/admin-service.yaml | 64 - .../6.7.1100/templates/aes-authservice.yaml | 33 - .../6.7.1100/templates/aes-injector.yaml | 161 - .../6.7.1100/templates/aes-internal.yaml | 129 - .../6.7.1100/templates/aes-ratelimit.yaml | 29 - .../6.7.1100/templates/aes-redis.yaml | 106 - .../6.7.1100/templates/aes-secret.yaml | 21 - .../6.7.1100/templates/ambassador-agent.yaml | 371 -- .../ambassador/6.7.1100/templates/config.yaml | 20 - .../6.7.1100/templates/crd-delete.yaml | 123 - .../ambassador/6.7.1100/templates/crds.yaml | 6 - .../6.7.1100/templates/deployment.yaml | 282 - .../6.7.1100/templates/exporter-config.yaml | 23 - .../ambassador/6.7.1100/templates/hpa.yaml | 26 - .../ambassador/6.7.1100/templates/module.yaml | 29 - .../6.7.1100/templates/namespace.yaml | 8 - .../templates/oss-migration-test-service.yaml | 33 - .../ambassador/6.7.1100/templates/pdb.yaml | 23 - .../6.7.1100/templates/podsecuritypolicy.yaml | 25 - .../6.7.1100/templates/projects-rbac.yaml | 75 - .../6.7.1100/templates/projects.yaml | 412 -- .../ambassador/6.7.1100/templates/rbac.yaml | 200 - .../6.7.1100/templates/resolvers.yaml | 45 - .../6.7.1100/templates/service.yaml | 81 - .../6.7.1100/templates/serviceaccount.yaml | 24 - .../6.7.1100/templates/servicemonitor.yaml | 28 - .../6.7.1100/templates/tests/test-ready.yaml | 24 - .../templates/traffic-agent-rbac.yaml | 135 - .../6.7.1100/templates/traffic-manager.yaml | 190 - .../ambassador/6.7.1100/values.yaml | 521 -- .../artifactory-ha/3.0.1400/.helmignore | 22 - .../artifactory-ha/3.0.1400/CHANGELOG.md | 830 --- .../artifactory-ha/3.0.1400/Chart.yaml | 29 - .../artifactory-ha/3.0.1400/LICENSE | 201 - .../artifactory-ha/3.0.1400/README.md | 1587 ----- .../3.0.1400/ReverseProxyConfiguration.md | 140 - .../artifactory-ha/3.0.1400/UPGRADE_NOTES.md | 38 - .../artifactory-ha/3.0.1400/app-readme.md | 16 - .../3.0.1400/charts/postgresql/.helmignore | 21 - .../3.0.1400/charts/postgresql/Chart.yaml | 22 - .../3.0.1400/charts/postgresql/README.md | 576 -- .../charts/postgresql/ci/default-values.yaml | 1 - .../ci/shmvolume-disabled-values.yaml | 2 - .../charts/postgresql/files/README.md | 1 - .../charts/postgresql/files/conf.d/README.md | 4 - .../docker-entrypoint-initdb.d/README.md | 3 - .../charts/postgresql/templates/NOTES.txt | 60 - .../charts/postgresql/templates/_helpers.tpl | 420 -- .../postgresql/templates/configmap.yaml | 26 - .../templates/extended-config-configmap.yaml | 21 - .../templates/initialization-configmap.yaml | 24 - .../templates/metrics-configmap.yaml | 13 - .../postgresql/templates/metrics-svc.yaml | 26 - .../postgresql/templates/networkpolicy.yaml | 38 - .../postgresql/templates/prometheusrule.yaml | 23 - .../charts/postgresql/templates/secrets.yaml | 23 - .../postgresql/templates/serviceaccount.yaml | 11 - .../postgresql/templates/servicemonitor.yaml | 33 - .../templates/statefulset-slaves.yaml | 299 - .../postgresql/templates/statefulset.yaml | 453 -- .../postgresql/templates/svc-headless.yaml | 19 - .../charts/postgresql/templates/svc-read.yaml | 42 - .../charts/postgresql/templates/svc.yaml | 40 - .../charts/postgresql/values-production.yaml | 542 -- .../charts/postgresql/values.schema.json | 103 - .../3.0.1400/charts/postgresql/values.yaml | 548 -- .../3.0.1400/ci/access-tls-values.yaml | 9 - .../3.0.1400/ci/default-values.yaml | 6 - .../ci/migration-disabled-values.yaml | 5 - .../3.0.1400/ci/test-values.yaml | 14 - .../artifactory-ha/3.0.1400/files/migrate.sh | 4339 ------------- .../3.0.1400/files/migrationHelmInfo.yaml | 32 - .../3.0.1400/files/migrationStatus.sh | 44 - .../3.0.1400/logo/artifactory-logo.png | Bin 12877 -> 0 bytes .../artifactory-ha/3.0.1400/questions.yml | 424 -- .../artifactory-ha/3.0.1400/requirements.lock | 6 - .../artifactory-ha/3.0.1400/requirements.yaml | 5 - .../3.0.1400/templates/NOTES.txt | 118 - .../3.0.1400/templates/_helpers.tpl | 127 - .../templates/admin-bootstrap-creds.yaml | 15 - .../templates/artifactory-access-config.yaml | 15 - .../artifactory-binarystore-secret.yaml | 14 - .../templates/artifactory-configmaps.yaml | 13 - .../templates/artifactory-custom-secrets.yaml | 19 - .../artifactory-database-secrets.yaml | 22 - .../artifactory-gcp-credentials-secret.yaml | 16 - .../templates/artifactory-installer-info.yaml | 12 - .../templates/artifactory-license-secret.yaml | 14 - .../artifactory-migration-scripts.yaml | 18 - .../templates/artifactory-networkpolicy.yaml | 34 - .../templates/artifactory-nfs-pvc.yaml | 101 - .../templates/artifactory-node-pdb.yaml | 20 - .../artifactory-node-statefulset.yaml | 711 --- .../artifactory-primary-statefulset.yaml | 835 --- .../templates/artifactory-priority-class.yaml | 9 - .../3.0.1400/templates/artifactory-role.yaml | 14 - .../templates/artifactory-rolebinding.yaml | 19 - .../templates/artifactory-secrets.yaml | 17 - .../templates/artifactory-service.yaml | 107 - .../templates/artifactory-serviceaccount.yaml | 16 - .../templates/artifactory-storage-pvc.yaml | 27 - .../templates/artifactory-system-yaml.yaml | 14 - .../templates/filebeat-configmap.yaml | 15 - .../3.0.1400/templates/ingress.yaml | 102 - .../3.0.1400/templates/logger-configmap.yaml | 63 - .../templates/nginx-artifactory-conf.yaml | 14 - .../templates/nginx-certificate-secret.yaml | 14 - .../3.0.1400/templates/nginx-conf.yaml | 14 - .../3.0.1400/templates/nginx-deployment.yaml | 192 - .../3.0.1400/templates/nginx-pdb.yaml | 19 - .../3.0.1400/templates/nginx-pvc.yaml | 26 - .../3.0.1400/templates/nginx-service.yaml | 79 - .../artifactory-ha/3.0.1400/values-large.yaml | 24 - .../3.0.1400/values-medium.yaml | 24 - .../artifactory-ha/3.0.1400/values-small.yaml | 24 - .../artifactory-ha/3.0.1400/values.yaml | 1551 ----- .../artifactory-ha/4.13.0/.helmignore | 22 - .../artifactory-ha/4.13.0/CHANGELOG.md | 1048 --- .../artifactory-ha/4.13.0/Chart.yaml | 20 - .../artifactory-ha/4.13.0/LICENSE | 201 - .../artifactory-ha/4.13.0/README.md | 1267 ---- .../4.13.0/ReverseProxyConfiguration.md | 140 - .../artifactory-ha/4.13.0/UPGRADE_NOTES.md | 42 - .../artifactory-ha/4.13.0/app-readme.md | 16 - .../4.13.0/charts/postgresql/.helmignore | 21 - .../4.13.0/charts/postgresql/Chart.yaml | 24 - .../4.13.0/charts/postgresql/README.md | 680 -- .../postgresql/charts/common/.helmignore | 22 - .../postgresql/charts/common/Chart.yaml | 21 - .../charts/postgresql/charts/common/README.md | 274 - .../charts/common/templates/_capabilities.tpl | 22 - .../charts/common/templates/_errors.tpl | 20 - .../charts/common/templates/_images.tpl | 43 - .../charts/common/templates/_labels.tpl | 18 - .../charts/common/templates/_names.tpl | 32 - .../charts/common/templates/_secrets.tpl | 49 - .../charts/common/templates/_storage.tpl | 23 - .../charts/common/templates/_tplvalues.tpl | 13 - .../charts/common/templates/_utils.tpl | 26 - .../charts/common/templates/_validations.tpl | 219 - .../charts/common/templates/_warnings.tpl | 14 - .../postgresql/charts/common/values.yaml | 3 - .../postgresql/ci/commonAnnotations.yaml | 3 - .../charts/postgresql/ci/default-values.yaml | 1 - .../ci/shmvolume-disabled-values.yaml | 2 - .../4.13.0/charts/postgresql/files/README.md | 1 - .../charts/postgresql/files/conf.d/README.md | 4 - .../docker-entrypoint-initdb.d/README.md | 3 - .../charts/postgresql/requirements.lock | 6 - .../charts/postgresql/requirements.yaml | 4 - .../charts/postgresql/templates/NOTES.txt | 59 - .../charts/postgresql/templates/_helpers.tpl | 501 -- .../postgresql/templates/configmap.yaml | 26 - .../templates/extended-config-configmap.yaml | 21 - .../templates/initialization-configmap.yaml | 24 - .../templates/metrics-configmap.yaml | 13 - .../postgresql/templates/metrics-svc.yaml | 25 - .../postgresql/templates/networkpolicy.yaml | 36 - .../templates/podsecuritypolicy.yaml | 37 - .../postgresql/templates/prometheusrule.yaml | 23 - .../charts/postgresql/templates/role.yaml | 19 - .../postgresql/templates/rolebinding.yaml | 19 - .../charts/postgresql/templates/secrets.yaml | 23 - .../postgresql/templates/serviceaccount.yaml | 11 - .../postgresql/templates/servicemonitor.yaml | 33 - .../templates/statefulset-slaves.yaml | 345 - .../postgresql/templates/statefulset.yaml | 514 -- .../postgresql/templates/svc-headless.yaml | 18 - .../charts/postgresql/templates/svc-read.yaml | 42 - .../charts/postgresql/templates/svc.yaml | 40 - .../charts/postgresql/values-production.yaml | 594 -- .../charts/postgresql/values.schema.json | 103 - .../4.13.0/charts/postgresql/values.yaml | 600 -- .../4.13.0/ci/access-tls-values.yaml | 11 - .../4.13.0/ci/default-values.yaml | 9 - .../4.13.0/ci/global-values.yaml | 47 - .../4.13.0/ci/migration-disabled-values.yaml | 8 - .../artifactory-ha/4.13.0/ci/test-values.yaml | 12 - .../artifactory-ha/4.13.0/files/migrate.sh | 4339 ------------- .../4.13.0/files/migrationHelmInfo.yaml | 32 - .../4.13.0/files/migrationStatus.sh | 44 - .../4.13.0/logo/artifactory-logo.png | Bin 12877 -> 0 bytes .../artifactory-ha/4.13.0/questions.yml | 424 -- .../artifactory-ha/4.13.0/requirements.lock | 6 - .../artifactory-ha/4.13.0/requirements.yaml | 4 - .../4.13.0/security-mitigation.yaml | 20 - .../artifactory-ha/4.13.0/templates/NOTES.txt | 118 - .../4.13.0/templates/_helpers.tpl | 302 - .../templates/additional-resources.yaml | 3 - .../templates/admin-bootstrap-creds.yaml | 15 - .../templates/artifactory-access-config.yaml | 15 - .../artifactory-binarystore-secret.yaml | 14 - .../templates/artifactory-configmaps.yaml | 13 - .../templates/artifactory-custom-secrets.yaml | 19 - .../artifactory-database-secrets.yaml | 22 - .../artifactory-gcp-credentials-secret.yaml | 16 - .../templates/artifactory-installer-info.yaml | 12 - .../templates/artifactory-license-secret.yaml | 14 - .../artifactory-migration-scripts.yaml | 18 - .../templates/artifactory-networkpolicy.yaml | 34 - .../4.13.0/templates/artifactory-nfs-pvc.yaml | 101 - .../templates/artifactory-node-pdb.yaml | 20 - .../artifactory-node-statefulset.yaml | 777 --- .../templates/artifactory-primary-pdb.yaml | 20 - .../artifactory-primary-statefulset.yaml | 897 --- .../templates/artifactory-priority-class.yaml | 9 - .../4.13.0/templates/artifactory-role.yaml | 14 - .../templates/artifactory-rolebinding.yaml | 19 - .../4.13.0/templates/artifactory-secrets.yaml | 21 - .../4.13.0/templates/artifactory-service.yaml | 109 - .../templates/artifactory-serviceaccount.yaml | 16 - .../templates/artifactory-storage-pvc.yaml | 27 - .../templates/artifactory-system-yaml.yaml | 16 - .../4.13.0/templates/filebeat-configmap.yaml | 15 - .../4.13.0/templates/ingress.yaml | 149 - .../4.13.0/templates/logger-configmap.yaml | 63 - .../templates/nginx-artifactory-conf.yaml | 14 - .../templates/nginx-certificate-secret.yaml | 14 - .../4.13.0/templates/nginx-conf.yaml | 14 - .../4.13.0/templates/nginx-deployment.yaml | 217 - .../4.13.0/templates/nginx-pdb.yaml | 19 - .../4.13.0/templates/nginx-pvc.yaml | 26 - .../4.13.0/templates/nginx-service.yaml | 79 - .../artifactory-ha/4.13.0/values-large.yaml | 24 - .../artifactory-ha/4.13.0/values-medium.yaml | 24 - .../artifactory-ha/4.13.0/values-small.yaml | 24 - .../artifactory-ha/4.13.0/values.yaml | 1710 ----- .../artifactory-ha/4.13.000/.helmignore | 22 - .../artifactory-ha/4.13.000/CHANGELOG.md | 1048 --- .../artifactory-ha/4.13.000/Chart.yaml | 19 - .../artifactory-ha/4.13.000/LICENSE | 201 - .../artifactory-ha/4.13.000/README.md | 1267 ---- .../4.13.000/ReverseProxyConfiguration.md | 140 - .../artifactory-ha/4.13.000/UPGRADE_NOTES.md | 42 - .../artifactory-ha/4.13.000/app-readme.md | 16 - .../4.13.000/charts/postgresql/.helmignore | 21 - .../4.13.000/charts/postgresql/Chart.yaml | 23 - .../4.13.000/charts/postgresql/README.md | 680 -- .../postgresql/charts/common/.helmignore | 22 - .../postgresql/charts/common/Chart.yaml | 20 - .../charts/postgresql/charts/common/README.md | 274 - .../charts/common/templates/_capabilities.tpl | 22 - .../charts/common/templates/_errors.tpl | 20 - .../charts/common/templates/_images.tpl | 43 - .../charts/common/templates/_labels.tpl | 18 - .../charts/common/templates/_names.tpl | 32 - .../charts/common/templates/_secrets.tpl | 49 - .../charts/common/templates/_storage.tpl | 23 - .../charts/common/templates/_tplvalues.tpl | 13 - .../charts/common/templates/_utils.tpl | 26 - .../charts/common/templates/_validations.tpl | 219 - .../charts/common/templates/_warnings.tpl | 14 - .../postgresql/charts/common/values.yaml | 3 - .../postgresql/ci/commonAnnotations.yaml | 3 - .../charts/postgresql/ci/default-values.yaml | 1 - .../ci/shmvolume-disabled-values.yaml | 2 - .../charts/postgresql/files/README.md | 1 - .../charts/postgresql/files/conf.d/README.md | 4 - .../docker-entrypoint-initdb.d/README.md | 3 - .../charts/postgresql/requirements.lock | 6 - .../charts/postgresql/requirements.yaml | 4 - .../charts/postgresql/templates/NOTES.txt | 59 - .../charts/postgresql/templates/_helpers.tpl | 501 -- .../postgresql/templates/configmap.yaml | 26 - .../templates/extended-config-configmap.yaml | 21 - .../templates/initialization-configmap.yaml | 24 - .../templates/metrics-configmap.yaml | 13 - .../postgresql/templates/metrics-svc.yaml | 25 - .../postgresql/templates/networkpolicy.yaml | 36 - .../templates/podsecuritypolicy.yaml | 37 - .../postgresql/templates/prometheusrule.yaml | 23 - .../charts/postgresql/templates/role.yaml | 19 - .../postgresql/templates/rolebinding.yaml | 19 - .../charts/postgresql/templates/secrets.yaml | 23 - .../postgresql/templates/serviceaccount.yaml | 11 - .../postgresql/templates/servicemonitor.yaml | 33 - .../templates/statefulset-slaves.yaml | 345 - .../postgresql/templates/statefulset.yaml | 514 -- .../postgresql/templates/svc-headless.yaml | 18 - .../charts/postgresql/templates/svc-read.yaml | 42 - .../charts/postgresql/templates/svc.yaml | 40 - .../charts/postgresql/values-production.yaml | 594 -- .../charts/postgresql/values.schema.json | 103 - .../4.13.000/charts/postgresql/values.yaml | 600 -- .../4.13.000/ci/access-tls-values.yaml | 11 - .../4.13.000/ci/default-values.yaml | 9 - .../4.13.000/ci/global-values.yaml | 47 - .../ci/migration-disabled-values.yaml | 8 - .../4.13.000/ci/test-values.yaml | 12 - .../artifactory-ha/4.13.000/files/migrate.sh | 4339 ------------- .../4.13.000/files/migrationHelmInfo.yaml | 32 - .../4.13.000/files/migrationStatus.sh | 44 - .../4.13.000/logo/artifactory-logo.png | Bin 12877 -> 0 bytes .../artifactory-ha/4.13.000/questions.yml | 424 -- .../artifactory-ha/4.13.000/requirements.lock | 6 - .../artifactory-ha/4.13.000/requirements.yaml | 5 - .../4.13.000/security-mitigation.yaml | 20 - .../4.13.000/templates/NOTES.txt | 118 - .../4.13.000/templates/_helpers.tpl | 302 - .../templates/additional-resources.yaml | 3 - .../templates/admin-bootstrap-creds.yaml | 15 - .../templates/artifactory-access-config.yaml | 15 - .../artifactory-binarystore-secret.yaml | 14 - .../templates/artifactory-configmaps.yaml | 13 - .../templates/artifactory-custom-secrets.yaml | 19 - .../artifactory-database-secrets.yaml | 22 - .../artifactory-gcp-credentials-secret.yaml | 16 - .../templates/artifactory-installer-info.yaml | 12 - .../templates/artifactory-license-secret.yaml | 14 - .../artifactory-migration-scripts.yaml | 18 - .../templates/artifactory-networkpolicy.yaml | 34 - .../templates/artifactory-nfs-pvc.yaml | 101 - .../templates/artifactory-node-pdb.yaml | 20 - .../artifactory-node-statefulset.yaml | 777 --- .../templates/artifactory-primary-pdb.yaml | 20 - .../artifactory-primary-statefulset.yaml | 897 --- .../templates/artifactory-priority-class.yaml | 9 - .../4.13.000/templates/artifactory-role.yaml | 14 - .../templates/artifactory-rolebinding.yaml | 19 - .../templates/artifactory-secrets.yaml | 21 - .../templates/artifactory-service.yaml | 109 - .../templates/artifactory-serviceaccount.yaml | 16 - .../templates/artifactory-storage-pvc.yaml | 27 - .../templates/artifactory-system-yaml.yaml | 16 - .../templates/filebeat-configmap.yaml | 15 - .../4.13.000/templates/ingress.yaml | 149 - .../4.13.000/templates/logger-configmap.yaml | 63 - .../templates/nginx-artifactory-conf.yaml | 14 - .../templates/nginx-certificate-secret.yaml | 14 - .../4.13.000/templates/nginx-conf.yaml | 14 - .../4.13.000/templates/nginx-deployment.yaml | 217 - .../4.13.000/templates/nginx-pdb.yaml | 19 - .../4.13.000/templates/nginx-pvc.yaml | 26 - .../4.13.000/templates/nginx-service.yaml | 79 - .../artifactory-ha/4.13.000/values-large.yaml | 24 - .../4.13.000/values-medium.yaml | 24 - .../artifactory-ha/4.13.000/values-small.yaml | 24 - .../artifactory-ha/4.13.000/values.yaml | 1710 ----- .../artifactory-ha/4.7.600/.helmignore | 22 - .../artifactory-ha/4.7.600/CHANGELOG.md | 989 --- .../artifactory-ha/4.7.600/Chart.yaml | 20 - .../artifactory-ha/4.7.600/LICENSE | 201 - .../artifactory-ha/4.7.600/README.md | 1267 ---- .../4.7.600/ReverseProxyConfiguration.md | 140 - .../artifactory-ha/4.7.600/UPGRADE_NOTES.md | 42 - .../artifactory-ha/4.7.600/app-readme.md | 16 - .../4.7.600/charts/postgresql/.helmignore | 21 - .../4.7.600/charts/postgresql/Chart.yaml | 23 - .../4.7.600/charts/postgresql/README.md | 680 -- .../postgresql/charts/common/.helmignore | 22 - .../postgresql/charts/common/Chart.yaml | 20 - .../charts/postgresql/charts/common/README.md | 274 - .../charts/common/templates/_capabilities.tpl | 22 - .../charts/common/templates/_errors.tpl | 20 - .../charts/common/templates/_images.tpl | 43 - .../charts/common/templates/_labels.tpl | 18 - .../charts/common/templates/_names.tpl | 32 - .../charts/common/templates/_secrets.tpl | 49 - .../charts/common/templates/_storage.tpl | 23 - .../charts/common/templates/_tplvalues.tpl | 13 - .../charts/common/templates/_utils.tpl | 26 - .../charts/common/templates/_validations.tpl | 219 - .../charts/common/templates/_warnings.tpl | 14 - .../postgresql/charts/common/values.yaml | 3 - .../postgresql/ci/commonAnnotations.yaml | 3 - .../charts/postgresql/ci/default-values.yaml | 1 - .../ci/shmvolume-disabled-values.yaml | 2 - .../4.7.600/charts/postgresql/files/README.md | 1 - .../charts/postgresql/files/conf.d/README.md | 4 - .../docker-entrypoint-initdb.d/README.md | 3 - .../charts/postgresql/requirements.lock | 6 - .../charts/postgresql/requirements.yaml | 4 - .../charts/postgresql/templates/NOTES.txt | 59 - .../charts/postgresql/templates/_helpers.tpl | 501 -- .../postgresql/templates/configmap.yaml | 26 - .../templates/extended-config-configmap.yaml | 21 - .../templates/initialization-configmap.yaml | 24 - .../templates/metrics-configmap.yaml | 13 - .../postgresql/templates/metrics-svc.yaml | 25 - .../postgresql/templates/networkpolicy.yaml | 36 - .../templates/podsecuritypolicy.yaml | 37 - .../postgresql/templates/prometheusrule.yaml | 23 - .../charts/postgresql/templates/role.yaml | 19 - .../postgresql/templates/rolebinding.yaml | 19 - .../charts/postgresql/templates/secrets.yaml | 23 - .../postgresql/templates/serviceaccount.yaml | 11 - .../postgresql/templates/servicemonitor.yaml | 33 - .../templates/statefulset-slaves.yaml | 345 - .../postgresql/templates/statefulset.yaml | 514 -- .../postgresql/templates/svc-headless.yaml | 18 - .../charts/postgresql/templates/svc-read.yaml | 42 - .../charts/postgresql/templates/svc.yaml | 40 - .../charts/postgresql/values-production.yaml | 594 -- .../charts/postgresql/values.schema.json | 103 - .../4.7.600/charts/postgresql/values.yaml | 600 -- .../4.7.600/ci/access-tls-values.yaml | 13 - .../4.7.600/ci/default-values.yaml | 9 - .../4.7.600/ci/global-values.yaml | 47 - .../4.7.600/ci/migration-disabled-values.yaml | 8 - .../4.7.600/ci/test-values.yaml | 14 - .../artifactory-ha/4.7.600/files/migrate.sh | 4339 ------------- .../4.7.600/files/migrationHelmInfo.yaml | 32 - .../4.7.600/files/migrationStatus.sh | 44 - .../4.7.600/logo/artifactory-logo.png | Bin 12877 -> 0 bytes .../artifactory-ha/4.7.600/questions.yml | 424 -- .../artifactory-ha/4.7.600/requirements.lock | 6 - .../artifactory-ha/4.7.600/requirements.yaml | 5 - .../4.7.600/security-mitigation.yaml | 20 - .../4.7.600/templates/NOTES.txt | 118 - .../4.7.600/templates/_helpers.tpl | 292 - .../templates/additional-resources.yaml | 3 - .../templates/admin-bootstrap-creds.yaml | 15 - .../templates/artifactory-access-config.yaml | 15 - .../artifactory-binarystore-secret.yaml | 14 - .../templates/artifactory-configmaps.yaml | 13 - .../templates/artifactory-custom-secrets.yaml | 19 - .../artifactory-database-secrets.yaml | 22 - .../artifactory-gcp-credentials-secret.yaml | 16 - .../templates/artifactory-installer-info.yaml | 12 - .../templates/artifactory-license-secret.yaml | 14 - .../artifactory-migration-scripts.yaml | 18 - .../templates/artifactory-networkpolicy.yaml | 34 - .../templates/artifactory-nfs-pvc.yaml | 101 - .../templates/artifactory-node-pdb.yaml | 20 - .../artifactory-node-statefulset.yaml | 736 --- .../templates/artifactory-primary-pdb.yaml | 20 - .../artifactory-primary-statefulset.yaml | 862 --- .../templates/artifactory-priority-class.yaml | 9 - .../4.7.600/templates/artifactory-role.yaml | 14 - .../templates/artifactory-rolebinding.yaml | 19 - .../templates/artifactory-secrets.yaml | 21 - .../templates/artifactory-service.yaml | 109 - .../templates/artifactory-serviceaccount.yaml | 16 - .../templates/artifactory-storage-pvc.yaml | 27 - .../templates/artifactory-system-yaml.yaml | 16 - .../4.7.600/templates/filebeat-configmap.yaml | 15 - .../4.7.600/templates/ingress.yaml | 149 - .../4.7.600/templates/logger-configmap.yaml | 63 - .../templates/nginx-artifactory-conf.yaml | 14 - .../templates/nginx-certificate-secret.yaml | 14 - .../4.7.600/templates/nginx-conf.yaml | 14 - .../4.7.600/templates/nginx-deployment.yaml | 201 - .../4.7.600/templates/nginx-pdb.yaml | 19 - .../4.7.600/templates/nginx-pvc.yaml | 26 - .../4.7.600/templates/nginx-service.yaml | 79 - .../artifactory-ha/4.7.600/values-large.yaml | 24 - .../artifactory-ha/4.7.600/values-medium.yaml | 24 - .../artifactory-ha/4.7.600/values-small.yaml | 24 - .../artifactory-ha/4.7.600/values.yaml | 1653 ----- .../artifactory-jcr/2.5.100/CHANGELOG.md | 120 - .../artifactory-jcr/2.5.100/Chart.yaml | 32 - .../artifactory-jcr/2.5.100/LICENSE | 201 - .../artifactory-jcr/2.5.100/OWNERS | 14 - .../artifactory-jcr/2.5.100/README.md | 133 - .../artifactory-jcr/2.5.100/app-readme.md | 18 - .../2.5.100/charts/artifactory/.helmignore | 22 - .../2.5.100/charts/artifactory/CHANGELOG.md | 755 --- .../2.5.100/charts/artifactory/Chart.yaml | 26 - .../2.5.100/charts/artifactory/LICENSE | 201 - .../2.5.100/charts/artifactory/README.md | 1431 ----- .../artifactory/ReverseProxyConfiguration.md | 140 - .../charts/artifactory/UPGRADE_NOTES.md | 35 - .../artifactory/charts/postgresql/.helmignore | 21 - .../artifactory/charts/postgresql/Chart.yaml | 22 - .../artifactory/charts/postgresql/README.md | 576 -- .../charts/postgresql/ci/default-values.yaml | 1 - .../ci/shmvolume-disabled-values.yaml | 2 - .../charts/postgresql/files/README.md | 1 - .../charts/postgresql/files/conf.d/README.md | 4 - .../docker-entrypoint-initdb.d/README.md | 3 - .../charts/postgresql/templates/NOTES.txt | 60 - .../charts/postgresql/templates/_helpers.tpl | 420 -- .../postgresql/templates/configmap.yaml | 26 - .../templates/extended-config-configmap.yaml | 21 - .../templates/initialization-configmap.yaml | 24 - .../templates/metrics-configmap.yaml | 13 - .../postgresql/templates/metrics-svc.yaml | 26 - .../postgresql/templates/networkpolicy.yaml | 38 - .../postgresql/templates/prometheusrule.yaml | 23 - .../charts/postgresql/templates/secrets.yaml | 23 - .../postgresql/templates/serviceaccount.yaml | 11 - .../postgresql/templates/servicemonitor.yaml | 33 - .../templates/statefulset-slaves.yaml | 299 - .../postgresql/templates/statefulset.yaml | 453 -- .../postgresql/templates/svc-headless.yaml | 19 - .../charts/postgresql/templates/svc-read.yaml | 42 - .../charts/postgresql/templates/svc.yaml | 40 - .../charts/postgresql/values-production.yaml | 542 -- .../charts/postgresql/values.schema.json | 103 - .../artifactory/charts/postgresql/values.yaml | 548 -- .../artifactory/ci/access-tls-values.yaml | 7 - .../charts/artifactory/ci/default-values.yaml | 2 - .../ci/migration-disabled-values.yaml | 4 - .../charts/artifactory/ci/test-values.yaml | 13 - .../charts/artifactory/files/migrate.sh | 4339 ------------- .../artifactory/files/migrationHelmInfo.yaml | 32 - .../artifactory/files/migrationStatus.sh | 44 - .../artifactory/logo/artifactory-logo.png | Bin 12877 -> 0 bytes .../charts/artifactory/requirements.lock | 6 - .../charts/artifactory/requirements.yaml | 5 - .../charts/artifactory/templates/NOTES.txt | 85 - .../charts/artifactory/templates/_helpers.tpl | 85 - .../templates/admin-bootstrap-creds.yaml | 15 - .../templates/artifactory-access-config.yaml | 15 - .../artifactory-binarystore-secret.yaml | 14 - .../templates/artifactory-configmaps.yaml | 13 - .../templates/artifactory-custom-secrets.yaml | 19 - .../artifactory-database-secrets.yaml | 22 - .../templates/artifactory-installer-info.yaml | 12 - .../templates/artifactory-license-secret.yaml | 14 - .../artifactory-migration-scripts.yaml | 16 - .../templates/artifactory-networkpolicy.yaml | 34 - .../templates/artifactory-priority-class.yaml | 9 - .../templates/artifactory-role.yaml | 14 - .../templates/artifactory-rolebinding.yaml | 19 - .../templates/artifactory-secrets.yaml | 17 - .../templates/artifactory-service.yaml | 50 - .../templates/artifactory-serviceaccount.yaml | 16 - .../templates/artifactory-statefulset.yaml | 695 -- .../templates/artifactory-system-yaml.yaml | 13 - .../templates/filebeat-configmap.yaml | 15 - .../charts/artifactory/templates/ingress.yaml | 103 - .../templates/logger-configmap.yaml | 63 - .../templates/nginx-artifactory-conf.yaml | 14 - .../templates/nginx-certificate-secret.yaml | 14 - .../artifactory/templates/nginx-conf.yaml | 14 - .../templates/nginx-deployment.yaml | 194 - .../artifactory/templates/nginx-pvc.yaml | 26 - .../artifactory/templates/nginx-service.yaml | 73 - .../charts/artifactory/values-large.yaml | 11 - .../charts/artifactory/values-medium.yaml | 11 - .../charts/artifactory/values-small.yaml | 11 - .../2.5.100/charts/artifactory/values.yaml | 1268 ---- .../2.5.100/ci/default-values.yaml | 1 - .../artifactory-jcr/2.5.100/logo/jcr-logo.png | Bin 3135 -> 0 bytes .../artifactory-jcr/2.5.100/questions.yml | 271 - .../artifactory-jcr/2.5.100/requirements.lock | 6 - .../artifactory-jcr/2.5.100/requirements.yaml | 4 - .../2.5.100/templates/NOTES.txt | 1 - .../artifactory-jcr/2.5.100/values.yaml | 74 - .../artifactory-jcr/3.4.0/CHANGELOG.md | 151 - .../artifactory-jcr/3.4.0/Chart.yaml | 22 - .../artifactory-jcr/3.4.0/LICENSE | 201 - .../artifactory-jcr/3.4.0/README.md | 131 - .../artifactory-jcr/3.4.0/app-readme.md | 18 - .../3.4.0/charts/artifactory/.helmignore | 22 - .../3.4.0/charts/artifactory/CHANGELOG.md | 905 --- .../3.4.0/charts/artifactory/Chart.yaml | 18 - .../3.4.0/charts/artifactory/LICENSE | 201 - .../3.4.0/charts/artifactory/README.md | 1151 ---- .../artifactory/ReverseProxyConfiguration.md | 140 - .../3.4.0/charts/artifactory/UPGRADE_NOTES.md | 39 - .../artifactory/charts/postgresql/.helmignore | 21 - .../artifactory/charts/postgresql/Chart.yaml | 24 - .../artifactory/charts/postgresql/README.md | 680 -- .../postgresql/charts/common/.helmignore | 22 - .../postgresql/charts/common/Chart.yaml | 21 - .../charts/postgresql/charts/common/README.md | 274 - .../charts/common/templates/_capabilities.tpl | 22 - .../charts/common/templates/_errors.tpl | 20 - .../charts/common/templates/_images.tpl | 43 - .../charts/common/templates/_labels.tpl | 18 - .../charts/common/templates/_names.tpl | 32 - .../charts/common/templates/_secrets.tpl | 49 - .../charts/common/templates/_storage.tpl | 23 - .../charts/common/templates/_tplvalues.tpl | 13 - .../charts/common/templates/_utils.tpl | 26 - .../charts/common/templates/_validations.tpl | 219 - .../charts/common/templates/_warnings.tpl | 14 - .../postgresql/charts/common/values.yaml | 3 - .../postgresql/ci/commonAnnotations.yaml | 3 - .../charts/postgresql/ci/default-values.yaml | 1 - .../ci/shmvolume-disabled-values.yaml | 2 - .../charts/postgresql/files/README.md | 1 - .../charts/postgresql/files/conf.d/README.md | 4 - .../docker-entrypoint-initdb.d/README.md | 3 - .../charts/postgresql/requirements.lock | 6 - .../charts/postgresql/requirements.yaml | 4 - .../charts/postgresql/templates/NOTES.txt | 59 - .../charts/postgresql/templates/_helpers.tpl | 501 -- .../postgresql/templates/configmap.yaml | 26 - .../templates/extended-config-configmap.yaml | 21 - .../templates/initialization-configmap.yaml | 24 - .../templates/metrics-configmap.yaml | 13 - .../postgresql/templates/metrics-svc.yaml | 25 - .../postgresql/templates/networkpolicy.yaml | 36 - .../templates/podsecuritypolicy.yaml | 37 - .../postgresql/templates/prometheusrule.yaml | 23 - .../charts/postgresql/templates/role.yaml | 19 - .../postgresql/templates/rolebinding.yaml | 19 - .../charts/postgresql/templates/secrets.yaml | 23 - .../postgresql/templates/serviceaccount.yaml | 11 - .../postgresql/templates/servicemonitor.yaml | 33 - .../templates/statefulset-slaves.yaml | 345 - .../postgresql/templates/statefulset.yaml | 514 -- .../postgresql/templates/svc-headless.yaml | 18 - .../charts/postgresql/templates/svc-read.yaml | 42 - .../charts/postgresql/templates/svc.yaml | 40 - .../charts/postgresql/values-production.yaml | 594 -- .../charts/postgresql/values.schema.json | 103 - .../artifactory/charts/postgresql/values.yaml | 600 -- .../artifactory/ci/access-tls-values.yaml | 11 - .../charts/artifactory/ci/default-values.yaml | 6 - .../artifactory/ci/derby-test-values.yaml | 4 - .../charts/artifactory/ci/global-values.yaml | 47 - .../ci/migration-disabled-values.yaml | 7 - .../charts/artifactory/ci/test-values.yaml | 13 - .../3.4.0/charts/artifactory/files/migrate.sh | 4339 ------------- .../artifactory/files/migrationHelmInfo.yaml | 32 - .../artifactory/files/migrationStatus.sh | 44 - .../artifactory/logo/artifactory-logo.png | Bin 12877 -> 0 bytes .../charts/artifactory/requirements.lock | 6 - .../charts/artifactory/requirements.yaml | 5 - .../artifactory/security-mitigation.yaml | 19 - .../charts/artifactory/templates/NOTES.txt | 85 - .../charts/artifactory/templates/_helpers.tpl | 237 - .../templates/additional-resources.yaml | 3 - .../templates/admin-bootstrap-creds.yaml | 15 - .../templates/artifactory-access-config.yaml | 15 - .../artifactory-binarystore-secret.yaml | 14 - .../templates/artifactory-configmaps.yaml | 13 - .../templates/artifactory-custom-secrets.yaml | 19 - .../artifactory-database-secrets.yaml | 22 - .../templates/artifactory-installer-info.yaml | 12 - .../templates/artifactory-license-secret.yaml | 14 - .../artifactory-migration-scripts.yaml | 18 - .../templates/artifactory-networkpolicy.yaml | 34 - .../templates/artifactory-priority-class.yaml | 9 - .../templates/artifactory-role.yaml | 14 - .../templates/artifactory-rolebinding.yaml | 19 - .../templates/artifactory-secrets.yaml | 21 - .../templates/artifactory-service.yaml | 50 - .../templates/artifactory-serviceaccount.yaml | 16 - .../templates/artifactory-statefulset.yaml | 734 --- .../templates/artifactory-system-yaml.yaml | 15 - .../templates/filebeat-configmap.yaml | 15 - .../charts/artifactory/templates/ingress.yaml | 107 - .../templates/logger-configmap.yaml | 63 - .../templates/nginx-artifactory-conf.yaml | 14 - .../templates/nginx-certificate-secret.yaml | 14 - .../artifactory/templates/nginx-conf.yaml | 14 - .../templates/nginx-deployment.yaml | 203 - .../artifactory/templates/nginx-pvc.yaml | 26 - .../artifactory/templates/nginx-service.yaml | 73 - .../charts/artifactory/values-large.yaml | 11 - .../charts/artifactory/values-medium.yaml | 11 - .../charts/artifactory/values-small.yaml | 11 - .../3.4.0/charts/artifactory/values.yaml | 1376 ---- .../3.4.0/ci/default-values.yaml | 7 - .../artifactory-jcr/3.4.0/logo/jcr-logo.png | Bin 3135 -> 0 bytes .../artifactory-jcr/3.4.0/questions.yml | 271 - .../artifactory-jcr/3.4.0/requirements.lock | 6 - .../artifactory-jcr/3.4.0/requirements.yaml | 3 - .../artifactory-jcr/3.4.0/templates/NOTES.txt | 1 - .../artifactory-jcr/3.4.0/values.yaml | 75 - .../artifactory-jcr/3.4.000/CHANGELOG.md | 151 - .../artifactory-jcr/3.4.000/Chart.yaml | 22 - .../artifactory-jcr/3.4.000/LICENSE | 201 - .../artifactory-jcr/3.4.000/README.md | 131 - .../artifactory-jcr/3.4.000/app-readme.md | 18 - .../3.4.000/charts/artifactory/.helmignore | 22 - .../3.4.000/charts/artifactory/CHANGELOG.md | 905 --- .../3.4.000/charts/artifactory/Chart.yaml | 17 - .../3.4.000/charts/artifactory/LICENSE | 201 - .../3.4.000/charts/artifactory/README.md | 1151 ---- .../artifactory/ReverseProxyConfiguration.md | 140 - .../charts/artifactory/UPGRADE_NOTES.md | 39 - .../artifactory/charts/postgresql/.helmignore | 21 - .../artifactory/charts/postgresql/Chart.yaml | 23 - .../artifactory/charts/postgresql/README.md | 680 -- .../postgresql/charts/common/.helmignore | 22 - .../postgresql/charts/common/Chart.yaml | 20 - .../charts/postgresql/charts/common/README.md | 274 - .../charts/common/templates/_capabilities.tpl | 22 - .../charts/common/templates/_errors.tpl | 20 - .../charts/common/templates/_images.tpl | 43 - .../charts/common/templates/_labels.tpl | 18 - .../charts/common/templates/_names.tpl | 32 - .../charts/common/templates/_secrets.tpl | 49 - .../charts/common/templates/_storage.tpl | 23 - .../charts/common/templates/_tplvalues.tpl | 13 - .../charts/common/templates/_utils.tpl | 26 - .../charts/common/templates/_validations.tpl | 219 - .../charts/common/templates/_warnings.tpl | 14 - .../postgresql/charts/common/values.yaml | 3 - .../postgresql/ci/commonAnnotations.yaml | 3 - .../charts/postgresql/ci/default-values.yaml | 1 - .../ci/shmvolume-disabled-values.yaml | 2 - .../charts/postgresql/files/README.md | 1 - .../charts/postgresql/files/conf.d/README.md | 4 - .../docker-entrypoint-initdb.d/README.md | 3 - .../charts/postgresql/requirements.lock | 6 - .../charts/postgresql/requirements.yaml | 4 - .../charts/postgresql/templates/NOTES.txt | 59 - .../charts/postgresql/templates/_helpers.tpl | 501 -- .../postgresql/templates/configmap.yaml | 26 - .../templates/extended-config-configmap.yaml | 21 - .../templates/initialization-configmap.yaml | 24 - .../templates/metrics-configmap.yaml | 13 - .../postgresql/templates/metrics-svc.yaml | 25 - .../postgresql/templates/networkpolicy.yaml | 36 - .../templates/podsecuritypolicy.yaml | 37 - .../postgresql/templates/prometheusrule.yaml | 23 - .../charts/postgresql/templates/role.yaml | 19 - .../postgresql/templates/rolebinding.yaml | 19 - .../charts/postgresql/templates/secrets.yaml | 23 - .../postgresql/templates/serviceaccount.yaml | 11 - .../postgresql/templates/servicemonitor.yaml | 33 - .../templates/statefulset-slaves.yaml | 345 - .../postgresql/templates/statefulset.yaml | 514 -- .../postgresql/templates/svc-headless.yaml | 18 - .../charts/postgresql/templates/svc-read.yaml | 42 - .../charts/postgresql/templates/svc.yaml | 40 - .../charts/postgresql/values-production.yaml | 594 -- .../charts/postgresql/values.schema.json | 103 - .../artifactory/charts/postgresql/values.yaml | 600 -- .../artifactory/ci/access-tls-values.yaml | 11 - .../charts/artifactory/ci/default-values.yaml | 6 - .../artifactory/ci/derby-test-values.yaml | 4 - .../charts/artifactory/ci/global-values.yaml | 47 - .../ci/migration-disabled-values.yaml | 7 - .../charts/artifactory/ci/test-values.yaml | 13 - .../charts/artifactory/files/migrate.sh | 4339 ------------- .../artifactory/files/migrationHelmInfo.yaml | 32 - .../artifactory/files/migrationStatus.sh | 44 - .../artifactory/logo/artifactory-logo.png | Bin 12877 -> 0 bytes .../charts/artifactory/requirements.lock | 6 - .../charts/artifactory/requirements.yaml | 5 - .../artifactory/security-mitigation.yaml | 19 - .../charts/artifactory/templates/NOTES.txt | 85 - .../charts/artifactory/templates/_helpers.tpl | 237 - .../templates/additional-resources.yaml | 3 - .../templates/admin-bootstrap-creds.yaml | 15 - .../templates/artifactory-access-config.yaml | 15 - .../artifactory-binarystore-secret.yaml | 14 - .../templates/artifactory-configmaps.yaml | 13 - .../templates/artifactory-custom-secrets.yaml | 19 - .../artifactory-database-secrets.yaml | 22 - .../templates/artifactory-installer-info.yaml | 12 - .../templates/artifactory-license-secret.yaml | 14 - .../artifactory-migration-scripts.yaml | 18 - .../templates/artifactory-networkpolicy.yaml | 34 - .../templates/artifactory-priority-class.yaml | 9 - .../templates/artifactory-role.yaml | 14 - .../templates/artifactory-rolebinding.yaml | 19 - .../templates/artifactory-secrets.yaml | 21 - .../templates/artifactory-service.yaml | 50 - .../templates/artifactory-serviceaccount.yaml | 16 - .../templates/artifactory-statefulset.yaml | 734 --- .../templates/artifactory-system-yaml.yaml | 15 - .../templates/filebeat-configmap.yaml | 15 - .../charts/artifactory/templates/ingress.yaml | 107 - .../templates/logger-configmap.yaml | 63 - .../templates/nginx-artifactory-conf.yaml | 14 - .../templates/nginx-certificate-secret.yaml | 14 - .../artifactory/templates/nginx-conf.yaml | 14 - .../templates/nginx-deployment.yaml | 203 - .../artifactory/templates/nginx-pvc.yaml | 26 - .../artifactory/templates/nginx-service.yaml | 73 - .../charts/artifactory/values-large.yaml | 11 - .../charts/artifactory/values-medium.yaml | 11 - .../charts/artifactory/values-small.yaml | 11 - .../3.4.000/charts/artifactory/values.yaml | 1376 ---- .../3.4.000/ci/default-values.yaml | 7 - .../artifactory-jcr/3.4.000/logo/jcr-logo.png | Bin 3135 -> 0 bytes .../artifactory-jcr/3.4.000/questions.yml | 271 - .../artifactory-jcr/3.4.000/requirements.lock | 6 - .../artifactory-jcr/3.4.000/requirements.yaml | 4 - .../3.4.000/templates/NOTES.txt | 1 - .../artifactory-jcr/3.4.000/values.yaml | 75 - .../1.2.100+up1.2.1/.helmignore | 22 - .../1.2.100+up1.2.1/Chart.yaml | 18 - .../1.2.100+up1.2.1/README.md | 220 - .../1.2.100+up1.2.1/app-readme.md | 18 - .../1.2.100+up1.2.1/questions.yml | 300 - .../1.2.100+up1.2.1/templates/_helpers.tpl | 4 - .../citrix-adc-ingressgateway-deployment.yaml | 330 - .../templates/ingressgateway-service.yaml | 60 - .../templates/metrics-exporter-service.yaml | 17 - .../1.2.100+up1.2.1/templates/secret.yaml | 11 - .../1.2.100+up1.2.1/values.yaml | 50 - .../1.2.100/.helmignore | 22 - .../1.2.100/Chart.yaml | 18 - .../1.2.100/README.md | 220 - .../1.2.100/app-readme.md | 18 - .../1.2.100/questions.yml | 300 - .../1.2.100/templates/_helpers.tpl | 4 - .../citrix-adc-ingressgateway-deployment.yaml | 330 - .../templates/ingressgateway-service.yaml | 60 - .../templates/metrics-exporter-service.yaml | 17 - .../1.2.100/templates/secret.yaml | 11 - .../1.2.100/values.yaml | 50 - .../1.8.2800+up1.8.28/Chart.yaml | 18 - .../1.8.2800+up1.8.28/README.md | 234 - .../1.8.2800+up1.8.28/app-readme.md | 5 - .../1.8.2800+up1.8.28/questions.yml | 211 - .../1.8.2800+up1.8.28/templates/NOTES.txt | 14 - .../1.8.2800+up1.8.28/templates/_helpers.tpl | 11 - .../1.8.2800+up1.8.28/templates/cic_crds.yaml | 1009 --- .../templates/citrix-k8s-cpx-ingress.yaml | 221 - .../templates/configmap.yaml | 31 - .../templates/login_credentials.yaml | 8 - .../1.8.2800+up1.8.28/templates/rbac.yaml | 73 - .../1.8.2800+up1.8.28/values.yaml | 81 - .../1.8.2800/Chart.yaml | 18 - .../1.8.2800/README.md | 234 - .../1.8.2800/app-readme.md | 5 - .../1.8.2800/questions.yml | 211 - .../1.8.2800/templates/NOTES.txt | 14 - .../1.8.2800/templates/_helpers.tpl | 11 - .../1.8.2800/templates/cic_crds.yaml | 1009 --- .../templates/citrix-k8s-cpx-ingress.yaml | 221 - .../1.8.2800/templates/configmap.yaml | 31 - .../1.8.2800/templates/login_credentials.yaml | 8 - .../1.8.2800/templates/rbac.yaml | 73 - .../1.8.2800/values.yaml | 81 - charts/cloudcasa/cloudcasa/0.1.000/Chart.yaml | 19 - charts/cloudcasa/cloudcasa/0.1.000/README.md | 51 - .../cloudcasa/cloudcasa/0.1.000/app-readme.md | 6 - .../cloudcasa/0.1.000/questions.yaml | 13 - .../cloudcasa/0.1.000/templates/NOTES.txt | 5 - .../cloudcasa/0.1.000/templates/_helpers.tpl | 32 - .../0.1.000/templates/cluster-register.yaml | 2982 --------- .../cloudcasa/cloudcasa/0.1.000/values.yaml | 92 - charts/cloudcasa/cloudcasa/1.0.0/Chart.yaml | 20 - charts/cloudcasa/cloudcasa/1.0.0/README.md | 51 - .../cloudcasa/cloudcasa/1.0.0/app-readme.md | 6 - .../cloudcasa/cloudcasa/1.0.0/questions.yaml | 13 - .../cloudcasa/1.0.0/templates/NOTES.txt | 5 - .../cloudcasa/1.0.0/templates/_helpers.tpl | 32 - .../1.0.0/templates/cluster-register.yaml | 2984 --------- charts/cloudcasa/cloudcasa/1.0.0/values.yaml | 92 - charts/cloudcasa/cloudcasa/1/Chart.yaml | 20 - charts/cloudcasa/cloudcasa/1/README.md | 51 - charts/cloudcasa/cloudcasa/1/app-readme.md | 6 - charts/cloudcasa/cloudcasa/1/questions.yaml | 13 - .../cloudcasa/cloudcasa/1/templates/NOTES.txt | 5 - .../cloudcasa/1/templates/_helpers.tpl | 32 - .../1/templates/cluster-register.yaml | 2984 --------- charts/cloudcasa/cloudcasa/1/values.yaml | 92 - charts/cloudcasa/cloudcasa/2.0.0/Chart.yaml | 20 - charts/cloudcasa/cloudcasa/2.0.0/README.md | 51 - .../cloudcasa/cloudcasa/2.0.0/app-readme.md | 6 - .../cloudcasa/cloudcasa/2.0.0/questions.yaml | 13 - .../cloudcasa/2.0.0/templates/NOTES.txt | 5 - .../cloudcasa/2.0.0/templates/_helpers.tpl | 32 - .../2.0.0/templates/cluster-register.yaml | 3073 --------- charts/cloudcasa/cloudcasa/2.0.0/values.yaml | 110 - .../cockroachdb/4.1.200+up4.1.2/Chart.yaml | 15 - .../cockroachdb/4.1.200+up4.1.2/README.md | 477 -- .../cockroachdb/4.1.200+up4.1.2/app-readme.md | 9 - .../cockroachdb/4.1.200+up4.1.2/questions.yml | 8 - .../4.1.200+up4.1.2/templates/NOTES.txt | 50 - .../4.1.200+up4.1.2/templates/_helpers.tpl | 64 - .../templates/clusterrole.yaml | 19 - .../templates/clusterrolebinding.yaml | 23 - .../4.1.200+up4.1.2/templates/ingress.yaml | 52 - .../4.1.200+up4.1.2/templates/job.init.yaml | 157 - .../templates/networkpolicy.yaml | 59 - .../templates/poddisruptionbudget.yaml | 22 - .../4.1.200+up4.1.2/templates/role.yaml | 23 - .../templates/rolebinding.yaml | 23 - .../templates/secret.registry.yaml | 23 - .../templates/service.discovery.yaml | 62 - .../templates/service.public.yaml | 46 - .../templates/serviceaccount.yaml | 15 - .../templates/statefulset.yaml | 334 - .../templates/tests/client.yaml | 65 - .../cockroachdb/4.1.200+up4.1.2/values.yaml | 382 -- .../cockroachdb/4.1.200/Chart.yaml | 15 - .../cockroachdb/cockroachdb/4.1.200/README.md | 477 -- .../cockroachdb/4.1.200/app-readme.md | 9 - .../cockroachdb/4.1.200/questions.yml | 8 - .../cockroachdb/4.1.200/templates/NOTES.txt | 50 - .../4.1.200/templates/_helpers.tpl | 64 - .../4.1.200/templates/clusterrole.yaml | 19 - .../4.1.200/templates/clusterrolebinding.yaml | 23 - .../4.1.200/templates/ingress.yaml | 52 - .../4.1.200/templates/job.init.yaml | 157 - .../4.1.200/templates/networkpolicy.yaml | 59 - .../templates/poddisruptionbudget.yaml | 22 - .../cockroachdb/4.1.200/templates/role.yaml | 23 - .../4.1.200/templates/rolebinding.yaml | 23 - .../4.1.200/templates/secret.registry.yaml | 23 - .../4.1.200/templates/service.discovery.yaml | 62 - .../4.1.200/templates/service.public.yaml | 46 - .../4.1.200/templates/serviceaccount.yaml | 15 - .../4.1.200/templates/statefulset.yaml | 334 - .../4.1.200/templates/tests/client.yaml | 65 - .../cockroachdb/4.1.200/values.yaml | 382 -- .../0.6.400+up0.6.4/.helmignore | 22 - .../0.6.400+up0.6.4/Chart.yaml | 14 - .../csi-wekafsplugin/0.6.400+up0.6.4/LOCAL.md | 28 - .../0.6.400+up0.6.4/README.md | 23 - .../0.6.400+up0.6.4/app-readme.md | 20 - .../0.6.400+up0.6.4/questions.yaml | 6 - .../0.6.400+up0.6.4/templates/NOTES.txt | 10 - .../templates/controllerserver.yaml | 242 - .../0.6.400+up0.6.4/templates/driver.yaml | 9 - .../0.6.400+up0.6.4/templates/nodeserver.yaml | 182 - .../0.6.400+up0.6.4/values.schema.json | 104 - .../0.6.400+up0.6.4/values.yaml | 40 - .../csi-wekafsplugin/0.6.400/.helmignore | 22 - .../csi-wekafsplugin/0.6.400/Chart.yaml | 13 - .../csi-wekafsplugin/0.6.400/LOCAL.md | 28 - .../csi-wekafsplugin/0.6.400/README.md | 23 - .../csi-wekafsplugin/0.6.400/app-readme.md | 20 - .../csi-wekafsplugin/0.6.400/questions.yaml | 6 - .../0.6.400/templates/NOTES.txt | 10 - .../0.6.400/templates/controllerserver.yaml | 242 - .../0.6.400/templates/driver.yaml | 9 - .../0.6.400/templates/nodeserver.yaml | 182 - .../0.6.400/values.schema.json | 104 - .../csi-wekafsplugin/0.6.400/values.yaml | 40 - .../datadog/2.4.200+up2.4.2/.helmignore | 23 - .../datadog/2.4.200+up2.4.2/CHANGELOG.md | 328 - .../datadog/2.4.200+up2.4.2/Chart.yaml | 20 - .../datadog/datadog/2.4.200+up2.4.2/README.md | 481 -- .../datadog/2.4.200+up2.4.2/app-readme.md | 32 - .../charts/kube-state-metrics/.helmignore | 21 - .../charts/kube-state-metrics/Chart.yaml | 20 - .../charts/kube-state-metrics/README.md | 79 - .../kube-state-metrics/templates/NOTES.txt | 10 - .../kube-state-metrics/templates/_helpers.tpl | 47 - .../templates/clusterrole.yaml | 180 - .../templates/clusterrolebinding.yaml | 19 - .../templates/deployment.yaml | 191 - .../kube-state-metrics/templates/pdb.yaml | 17 - .../templates/podsecuritypolicy.yaml | 42 - .../templates/psp-clusterrole.yaml | 22 - .../templates/psp-clusterrolebinding.yaml | 19 - .../kube-state-metrics/templates/service.yaml | 36 - .../templates/serviceaccount.yaml | 14 - .../templates/servicemonitor.yaml | 25 - .../templates/stsdiscovery-role.yaml | 27 - .../templates/stsdiscovery-rolebinding.yaml | 20 - .../charts/kube-state-metrics/values.yaml | 139 - ...and-worker-with-dedicated-rbac-values.yaml | 17 - ...nt-metrics-server-service-port-values.yaml | 13 - .../ci/cluster-agent-values.yaml | 25 - .../2.4.200+up2.4.2/ci/default-values.yaml | 4 - .../ci/dogstastd-socket-values.yaml | 12 - .../datadog/2.4.200+up2.4.2/ci/kubeval.yaml | 46 - .../ci/no_hardened_seccomp-values.yaml | 7 - .../2.4.200+up2.4.2/ci/psp-test-values.yaml | 9 - .../ci/securitycontext-nil-values.yaml | 7 - .../docs/Migration_1.x_to_2.x.md | 72 - .../datadog/2.4.200+up2.4.2/questions.yml | 221 - .../datadog/2.4.200+up2.4.2/requirements.lock | 6 - .../datadog/2.4.200+up2.4.2/requirements.yaml | 4 - .../2.4.200+up2.4.2/templates/NOTES.txt | 76 - .../2.4.200+up2.4.2/templates/_helpers.tpl | 137 - .../templates/agent-apiservice.yaml | 24 - .../agent-clusterchecks-deployment.yaml | 191 - .../templates/agent-clusterchecks-pdb.yaml | 17 - .../templates/agent-clusterchecks-rbac.yaml | 38 - .../2.4.200+up2.4.2/templates/agent-psp.yaml | 33 - .../2.4.200+up2.4.2/templates/agent-scc.yaml | 56 - .../templates/agent-secret.yaml | 23 - .../templates/agent-services.yaml | 70 - .../templates/checksd-configmap.yaml | 16 - .../cluster-agent-confd-configmap.yaml | 16 - .../cluster-agent-config-configmap.yaml | 21 - .../templates/cluster-agent-deployment.yaml | 245 - .../templates/cluster-agent-pdb.yaml | 17 - .../templates/cluster-agent-rbac.yaml | 225 - .../templates/confd-configmap.yaml | 26 - .../templates/container-agent.yaml | 161 - .../templates/container-process-agent.yaml | 72 - .../templates/container-system-probe.yaml | 33 - .../templates/container-trace-agent.yaml | 58 - .../templates/containers-common-env.yaml | 95 - .../templates/containers-init-linux.yaml | 51 - .../templates/containers-init-windows.yaml | 38 - .../templates/daemonset-volumes-linux.yaml | 69 - .../templates/daemonset-volumes-windows.yaml | 13 - .../2.4.200+up2.4.2/templates/daemonset.yaml | 150 - .../templates/datadog-yaml-configmap.yaml | 51 - .../templates/hpa-external-metrics-rbac.yaml | 52 - .../templates/install_info-configmap.yaml | 19 - .../2.4.200+up2.4.2/templates/rbac.yaml | 116 - .../2.4.200+up2.4.2/templates/secrets.yaml | 38 - .../templates/system-probe-configmap.yaml | 218 - .../templates/system-probe-init.yaml | 15 - .../datadog/2.4.200+up2.4.2/values.yaml | 1254 ---- charts/datadog/datadog/2.4.200/.helmignore | 23 - charts/datadog/datadog/2.4.200/CHANGELOG.md | 328 - charts/datadog/datadog/2.4.200/Chart.yaml | 20 - charts/datadog/datadog/2.4.200/README.md | 481 -- charts/datadog/datadog/2.4.200/app-readme.md | 32 - .../charts/kube-state-metrics/.helmignore | 21 - .../charts/kube-state-metrics/Chart.yaml | 20 - .../2.4.200/charts/kube-state-metrics/OWNERS | 8 - .../charts/kube-state-metrics/README.md | 79 - .../kube-state-metrics/templates/NOTES.txt | 10 - .../kube-state-metrics/templates/_helpers.tpl | 47 - .../templates/clusterrole.yaml | 180 - .../templates/clusterrolebinding.yaml | 19 - .../templates/deployment.yaml | 191 - .../kube-state-metrics/templates/pdb.yaml | 17 - .../templates/podsecuritypolicy.yaml | 42 - .../templates/psp-clusterrole.yaml | 22 - .../templates/psp-clusterrolebinding.yaml | 19 - .../kube-state-metrics/templates/service.yaml | 36 - .../templates/serviceaccount.yaml | 14 - .../templates/servicemonitor.yaml | 25 - .../templates/stsdiscovery-role.yaml | 27 - .../templates/stsdiscovery-rolebinding.yaml | 20 - .../charts/kube-state-metrics/values.yaml | 139 - ...and-worker-with-dedicated-rbac-values.yaml | 17 - ...nt-metrics-server-service-port-values.yaml | 13 - .../2.4.200/ci/cluster-agent-values.yaml | 25 - .../datadog/2.4.200/ci/default-values.yaml | 4 - .../2.4.200/ci/dogstastd-socket-values.yaml | 12 - .../datadog/datadog/2.4.200/ci/kubeval.yaml | 46 - .../ci/no_hardened_seccomp-values.yaml | 7 - .../datadog/2.4.200/ci/psp-test-values.yaml | 9 - .../ci/securitycontext-nil-values.yaml | 7 - .../2.4.200/docs/Migration_1.x_to_2.x.md | 72 - charts/datadog/datadog/2.4.200/questions.yml | 221 - .../datadog/datadog/2.4.200/requirements.lock | 6 - .../datadog/datadog/2.4.200/requirements.yaml | 5 - .../datadog/2.4.200/templates/NOTES.txt | 76 - .../datadog/2.4.200/templates/_helpers.tpl | 137 - .../2.4.200/templates/agent-apiservice.yaml | 24 - .../agent-clusterchecks-deployment.yaml | 191 - .../templates/agent-clusterchecks-pdb.yaml | 17 - .../templates/agent-clusterchecks-rbac.yaml | 38 - .../datadog/2.4.200/templates/agent-psp.yaml | 33 - .../datadog/2.4.200/templates/agent-scc.yaml | 56 - .../2.4.200/templates/agent-secret.yaml | 23 - .../2.4.200/templates/agent-services.yaml | 70 - .../2.4.200/templates/checksd-configmap.yaml | 16 - .../cluster-agent-confd-configmap.yaml | 16 - .../cluster-agent-config-configmap.yaml | 21 - .../templates/cluster-agent-deployment.yaml | 245 - .../2.4.200/templates/cluster-agent-pdb.yaml | 17 - .../2.4.200/templates/cluster-agent-rbac.yaml | 225 - .../2.4.200/templates/confd-configmap.yaml | 26 - .../2.4.200/templates/container-agent.yaml | 161 - .../templates/container-process-agent.yaml | 72 - .../templates/container-system-probe.yaml | 33 - .../templates/container-trace-agent.yaml | 58 - .../templates/containers-common-env.yaml | 95 - .../templates/containers-init-linux.yaml | 51 - .../templates/containers-init-windows.yaml | 38 - .../templates/daemonset-volumes-linux.yaml | 69 - .../templates/daemonset-volumes-windows.yaml | 13 - .../datadog/2.4.200/templates/daemonset.yaml | 150 - .../templates/datadog-yaml-configmap.yaml | 51 - .../templates/hpa-external-metrics-rbac.yaml | 52 - .../templates/install_info-configmap.yaml | 19 - .../datadog/2.4.200/templates/rbac.yaml | 116 - .../datadog/2.4.200/templates/secrets.yaml | 38 - .../templates/system-probe-configmap.yaml | 218 - .../2.4.200/templates/system-probe-init.yaml | 15 - charts/datadog/datadog/2.4.200/values.yaml | 1254 ---- .../0.8.0/.helmignore | 22 - .../0.8.0/Chart.yaml | 20 - .../0.8.0/README.md | 86 - .../0.8.0/app-readme.md | 6 - .../crds/dynatrace.com_oneagentapms_crd.yaml | 145 - .../crds/dynatrace.com_oneagents_crd.yaml | 368 -- .../0.8.0/logo.png | Bin 9908 -> 0 bytes .../0.8.0/overview.svg | 2 - .../0.8.0/questions.yml | 175 - .../Common/clusterrole-operator.yaml | 47 - .../templates/Common/clusterrole-webhook.yaml | 47 - .../Common/clusterrolebinding-operator.yaml | 29 - .../Common/clusterrolebinding-webhook.yaml | 29 - .../0.8.0/templates/Common/configmap.yaml | 25 - .../Common/customresource-oneagent.yaml | 99 - .../Common/customresource-oneagentapm.yaml | 46 - .../templates/Common/deployment-operator.yaml | 86 - .../templates/Common/deployment-webhook.yaml | 125 - .../Common/mutatingwebhookconfiguration.yaml | 39 - .../Common/rolebinding-operator.yaml | 29 - .../templates/Common/rolebinding-webhook.yaml | 30 - .../0.8.0/templates/Common/secret.yaml | 29 - .../0.8.0/templates/Common/service.yaml | 31 - .../Common/serviceaccount-webhook.yaml | 20 - .../podsecuritypolicy-oneagent.yaml | 44 - .../podsecuritypolicy-operator.yaml | 50 - .../Kubernetes/podsecuritypolicy-webhook.yaml | 50 - .../templates/Kubernetes/role-oneagent.yaml | 31 - .../templates/Kubernetes/role-operator.yaml | 124 - .../templates/Kubernetes/role-webhook.yaml | 61 - .../Kubernetes/rolebinding-oneagent.yaml | 30 - .../Kubernetes/serviceaccount-oneagent.yaml | 22 - .../Kubernetes/serviceaccount-operator.yaml | 22 - .../0.8.0/templates/NOTES.txt | 58 - .../templates/Openshift/role-operator.yaml | 116 - .../templates/Openshift/role-webhook.yaml | 53 - .../Openshift/securitycontextconstraints.yaml | 50 - .../Openshift/serviceaccount-oneagent.yaml | 25 - .../Openshift/serviceaccount-operator.yaml | 25 - .../0.8.0/templates/_helpers.tpl | 113 - .../0.8.0/values.yaml | 51 - .../0.8.000/.helmignore | 22 - .../0.8.000/Chart.yaml | 20 - .../0.8.000/README.md | 86 - .../0.8.000/app-readme.md | 6 - .../crds/dynatrace.com_oneagentapms_crd.yaml | 145 - .../crds/dynatrace.com_oneagents_crd.yaml | 368 -- .../0.8.000/logo.png | Bin 9908 -> 0 bytes .../0.8.000/overview.svg | 2 - .../0.8.000/questions.yml | 175 - .../Common/clusterrole-operator.yaml | 47 - .../templates/Common/clusterrole-webhook.yaml | 47 - .../Common/clusterrolebinding-operator.yaml | 29 - .../Common/clusterrolebinding-webhook.yaml | 29 - .../0.8.000/templates/Common/configmap.yaml | 25 - .../Common/customresource-oneagent.yaml | 99 - .../Common/customresource-oneagentapm.yaml | 46 - .../templates/Common/deployment-operator.yaml | 86 - .../templates/Common/deployment-webhook.yaml | 125 - .../Common/mutatingwebhookconfiguration.yaml | 39 - .../Common/rolebinding-operator.yaml | 29 - .../templates/Common/rolebinding-webhook.yaml | 30 - .../0.8.000/templates/Common/secret.yaml | 29 - .../0.8.000/templates/Common/service.yaml | 31 - .../Common/serviceaccount-webhook.yaml | 20 - .../podsecuritypolicy-oneagent.yaml | 44 - .../podsecuritypolicy-operator.yaml | 50 - .../Kubernetes/podsecuritypolicy-webhook.yaml | 50 - .../templates/Kubernetes/role-oneagent.yaml | 31 - .../templates/Kubernetes/role-operator.yaml | 124 - .../templates/Kubernetes/role-webhook.yaml | 61 - .../Kubernetes/rolebinding-oneagent.yaml | 30 - .../Kubernetes/serviceaccount-oneagent.yaml | 22 - .../Kubernetes/serviceaccount-operator.yaml | 22 - .../0.8.000/templates/NOTES.txt | 58 - .../templates/Openshift/role-operator.yaml | 116 - .../templates/Openshift/role-webhook.yaml | 53 - .../Openshift/securitycontextconstraints.yaml | 50 - .../Openshift/serviceaccount-oneagent.yaml | 25 - .../Openshift/serviceaccount-operator.yaml | 25 - .../0.8.000/templates/_helpers.tpl | 113 - .../0.8.000/values.yaml | 51 - .../falcon-sensor/0.9.300+up0.9.3/.helmignore | 23 - .../falcon-sensor/0.9.300+up0.9.3/Chart.yaml | 26 - .../falcon-sensor/0.9.300+up0.9.3/README.md | 90 - .../0.9.300+up0.9.3/app-readme.md | 9 - .../0.9.300+up0.9.3/ci/cid-values.yaml | 2 - .../0.9.300+up0.9.3/questions.yaml | 97 - .../0.9.300+up0.9.3/templates/NOTES.txt | 10 - .../0.9.300+up0.9.3/templates/_helpers.tpl | 62 - .../0.9.300+up0.9.3/templates/configmap.yaml | 17 - .../0.9.300+up0.9.3/templates/daemonset.yaml | 134 - .../falcon-sensor/0.9.300+up0.9.3/values.yaml | 50 - .../falcon-sensor/0.9.300/.helmignore | 23 - .../falcon-sensor/0.9.300/Chart.yaml | 26 - .../falcon-sensor/0.9.300/README.md | 90 - .../falcon-sensor/0.9.300/app-readme.md | 9 - .../falcon-sensor/0.9.300/ci/cid-values.yaml | 2 - .../falcon-sensor/0.9.300/questions.yaml | 97 - .../falcon-sensor/0.9.300/templates/NOTES.txt | 10 - .../0.9.300/templates/_helpers.tpl | 62 - .../0.9.300/templates/configmap.yaml | 17 - .../0.9.300/templates/daemonset.yaml | 134 - .../falcon-sensor/0.9.300/values.yaml | 50 - .../federatorai/4.5.100+up4.5.1/.helmignore | 22 - .../federatorai/4.5.100+up4.5.1/Chart.yaml | 25 - .../federatorai/4.5.100+up4.5.1/README.md | 96 - .../federatorai/4.5.100+up4.5.1/app-readme.md | 39 - .../crds/02-alamedaservice.crd.yaml | 5009 --------------- .../federatorai/4.5.100+up4.5.1/logo.png | Bin 2838 -> 0 bytes .../4.5.100+up4.5.1/questions.yaml | 90 - .../4.5.100+up4.5.1/requirements.yaml | 0 .../templates/01-serviceaccount.yaml | 5 - .../03-federatorai-operator.deployment.yaml | 99 - .../templates/04-clusterrole.yaml | 257 - .../templates/05-clusterrolebinding.yaml | 12 - .../4.5.100+up4.5.1/templates/06-role.yaml | 107 - .../templates/07-rolebinding.yaml | 13 - .../4.5.100+up4.5.1/templates/08-service.yaml | 14 - .../4.5.100+up4.5.1/templates/09-secret.yaml | 7 - .../templates/10-mutatingwebhook.yaml | 24 - .../templates/11-validatingwebhook.yaml | 24 - .../4.5.100+up4.5.1/templates/NOTES.txt | 3 - .../4.5.100+up4.5.1/templates/_helpers.tpl | 45 - .../templates/alamedaservice.yaml | 87 - .../federatorai/4.5.100+up4.5.1/values.yaml | 41 - .../federatorai/4.5.100/.helmignore | 22 - .../federatorai/4.5.100/Chart.yaml | 25 - .../federatorai/federatorai/4.5.100/README.md | 96 - .../federatorai/4.5.100/app-readme.md | 39 - .../4.5.100/crds/02-alamedaservice.crd.yaml | 5009 --------------- .../federatorai/federatorai/4.5.100/logo.png | Bin 2838 -> 0 bytes .../federatorai/4.5.100/questions.yaml | 90 - .../federatorai/4.5.100/requirements.yaml | 0 .../4.5.100/templates/01-serviceaccount.yaml | 5 - .../03-federatorai-operator.deployment.yaml | 99 - .../4.5.100/templates/04-clusterrole.yaml | 257 - .../templates/05-clusterrolebinding.yaml | 12 - .../4.5.100/templates/06-role.yaml | 107 - .../4.5.100/templates/07-rolebinding.yaml | 13 - .../4.5.100/templates/08-service.yaml | 14 - .../4.5.100/templates/09-secret.yaml | 7 - .../4.5.100/templates/10-mutatingwebhook.yaml | 24 - .../templates/11-validatingwebhook.yaml | 24 - .../federatorai/4.5.100/templates/NOTES.txt | 3 - .../4.5.100/templates/_helpers.tpl | 45 - .../4.5.100/templates/alamedaservice.yaml | 87 - .../federatorai/4.5.100/values.yaml | 41 - charts/haproxy/haproxy/1.12.100/.helmignore | 21 - charts/haproxy/haproxy/1.12.100/Chart.yaml | 23 - charts/haproxy/haproxy/1.12.100/README.md | 199 - charts/haproxy/haproxy/1.12.100/app-readme.md | 8 - .../ci/daemonset-customconfig-values.yaml | 4 - .../ci/daemonset-customnodeport-values.yaml | 7 - .../1.12.100/ci/daemonset-default-values.yaml | 2 - ...emonset-disableddefaultbackend-values.yaml | 4 - ...daemonset-disabledsecretconfig-values.yaml | 4 - .../ci/daemonset-enableports-values.yaml | 7 - .../ci/daemonset-extraargs-values.yaml | 4 - .../ci/daemonset-hostport-values.yaml | 8 - .../ci/daemonset-nodeport-values.yaml | 4 - .../ci/daemonset-publishservice-values.yaml | 5 - .../daemonset-serviceannotation-values.yaml | 5 - .../ci/deployment-customconfig-values.yaml | 3 - .../ci/deployment-customnodeport-values.yaml | 6 - .../ci/deployment-default-values.yaml | 1 - ...loyment-disableddefaultbackend-values.yaml | 2 - ...eployment-disabledsecretconfig-values.yaml | 3 - .../ci/deployment-enableports-values.yaml | 6 - .../ci/deployment-extraargs-values.yaml | 3 - .../1.12.100/ci/deployment-hpa-values.yaml | 14 - .../ci/deployment-nodeport-values.yaml | 3 - .../1.12.100/ci/deployment-psp-values.yaml | 2 - .../ci/deployment-publishservice-values.yaml | 4 - .../ci/deployment-replicacount-unset.yaml | 5 - charts/haproxy/haproxy/1.12.100/questions.yml | 73 - .../haproxy/1.12.100/templates/NOTES.txt | 67 - .../haproxy/1.12.100/templates/_helpers.tpl | 130 - .../1.12.100/templates/clusterrole.yaml | 60 - .../templates/clusterrolebinding.yaml | 37 - .../templates/controller-configmap.yaml | 34 - .../templates/controller-daemonset.yaml | 234 - .../controller-defaultcertsecret.yaml | 35 - .../templates/controller-deployment.yaml | 222 - .../1.12.100/templates/controller-hpa.yaml | 49 - .../controller-podsecuritypolicy.yaml | 80 - .../templates/controller-pullsecret.yaml | 32 - .../1.12.100/templates/controller-role.yaml | 38 - .../templates/controller-rolebinding.yaml | 37 - .../templates/controller-service.yaml | 101 - .../templates/controller-serviceaccount.yaml | 29 - .../templates/controller-servicemonitor.yaml | 41 - .../templates/default-backend-deployment.yaml | 84 - .../templates/default-backend-hpa.yaml | 49 - .../default-backend-podsecuritypolicy.yaml | 64 - .../templates/default-backend-role.yaml | 38 - .../default-backend-rolebinding.yaml | 37 - .../templates/default-backend-service.yaml | 40 - .../default-backend-serviceaccount.yaml | 29 - charts/haproxy/haproxy/1.12.100/values.yaml | 157 - .../haproxy/1.12.500+up1.12.5/.helmignore | 21 - .../haproxy/1.12.500+up1.12.5/Chart.yaml | 23 - .../haproxy/1.12.500+up1.12.5/README.md | 208 - .../haproxy/1.12.500+up1.12.5/app-readme.md | 8 - .../ci/daemonset-customconfig-values.yaml | 4 - .../ci/daemonset-customnodeport-values.yaml | 7 - .../ci/daemonset-default-values.yaml | 2 - ...emonset-disableddefaultbackend-values.yaml | 4 - ...daemonset-disabledsecretconfig-values.yaml | 4 - .../ci/daemonset-enableports-values.yaml | 7 - .../ci/daemonset-extraargs-values.yaml | 4 - .../ci/daemonset-hostport-values.yaml | 8 - .../ci/daemonset-nodeport-values.yaml | 4 - .../ci/daemonset-publishservice-values.yaml | 5 - .../daemonset-serviceannotation-values.yaml | 5 - .../ci/deployment-customconfig-values.yaml | 3 - .../ci/deployment-customnodeport-values.yaml | 6 - .../ci/deployment-default-values.yaml | 1 - ...loyment-disableddefaultbackend-values.yaml | 2 - ...eployment-disabledsecretconfig-values.yaml | 3 - .../ci/deployment-enableports-values.yaml | 6 - .../ci/deployment-extraargs-values.yaml | 3 - .../ci/deployment-hpa-values.yaml | 14 - .../ci/deployment-nodeport-values.yaml | 3 - .../ci/deployment-psp-values.yaml | 2 - .../ci/deployment-publishservice-values.yaml | 4 - .../ci/deployment-replicacount-unset.yaml | 5 - .../haproxy/1.12.500+up1.12.5/questions.yml | 73 - .../1.12.500+up1.12.5/templates/NOTES.txt | 67 - .../1.12.500+up1.12.5/templates/_helpers.tpl | 130 - .../templates/clusterrole.yaml | 60 - .../templates/clusterrolebinding.yaml | 37 - .../templates/controller-configmap.yaml | 34 - .../templates/controller-daemonset.yaml | 237 - .../controller-defaultcertsecret.yaml | 35 - .../templates/controller-deployment.yaml | 229 - .../templates/controller-hpa.yaml | 49 - .../controller-poddisruptionbudget.yaml | 40 - .../controller-podsecuritypolicy.yaml | 80 - .../templates/controller-pullsecret.yaml | 32 - .../templates/controller-role.yaml | 38 - .../templates/controller-rolebinding.yaml | 37 - .../templates/controller-service.yaml | 101 - .../templates/controller-serviceaccount.yaml | 29 - .../templates/controller-servicemonitor.yaml | 41 - .../templates/default-backend-deployment.yaml | 88 - .../templates/default-backend-hpa.yaml | 49 - .../default-backend-podsecuritypolicy.yaml | 64 - .../templates/default-backend-role.yaml | 38 - .../default-backend-rolebinding.yaml | 37 - .../templates/default-backend-service.yaml | 40 - .../default-backend-serviceaccount.yaml | 29 - .../haproxy/1.12.500+up1.12.5/values.yaml | 162 - charts/haproxy/haproxy/1.12.500/.helmignore | 21 - charts/haproxy/haproxy/1.12.500/Chart.yaml | 23 - charts/haproxy/haproxy/1.12.500/README.md | 208 - charts/haproxy/haproxy/1.12.500/app-readme.md | 8 - .../ci/daemonset-customconfig-values.yaml | 4 - .../ci/daemonset-customnodeport-values.yaml | 7 - .../1.12.500/ci/daemonset-default-values.yaml | 2 - ...emonset-disableddefaultbackend-values.yaml | 4 - ...daemonset-disabledsecretconfig-values.yaml | 4 - .../ci/daemonset-enableports-values.yaml | 7 - .../ci/daemonset-extraargs-values.yaml | 4 - .../ci/daemonset-hostport-values.yaml | 8 - .../ci/daemonset-nodeport-values.yaml | 4 - .../ci/daemonset-publishservice-values.yaml | 5 - .../daemonset-serviceannotation-values.yaml | 5 - .../ci/deployment-customconfig-values.yaml | 3 - .../ci/deployment-customnodeport-values.yaml | 6 - .../ci/deployment-default-values.yaml | 1 - ...loyment-disableddefaultbackend-values.yaml | 2 - ...eployment-disabledsecretconfig-values.yaml | 3 - .../ci/deployment-enableports-values.yaml | 6 - .../ci/deployment-extraargs-values.yaml | 3 - .../1.12.500/ci/deployment-hpa-values.yaml | 14 - .../ci/deployment-nodeport-values.yaml | 3 - .../1.12.500/ci/deployment-psp-values.yaml | 2 - .../ci/deployment-publishservice-values.yaml | 4 - .../ci/deployment-replicacount-unset.yaml | 5 - charts/haproxy/haproxy/1.12.500/questions.yml | 73 - .../haproxy/1.12.500/templates/NOTES.txt | 67 - .../haproxy/1.12.500/templates/_helpers.tpl | 130 - .../1.12.500/templates/clusterrole.yaml | 60 - .../templates/clusterrolebinding.yaml | 37 - .../templates/controller-configmap.yaml | 34 - .../templates/controller-daemonset.yaml | 237 - .../controller-defaultcertsecret.yaml | 35 - .../templates/controller-deployment.yaml | 229 - .../1.12.500/templates/controller-hpa.yaml | 49 - .../controller-poddisruptionbudget.yaml | 40 - .../controller-podsecuritypolicy.yaml | 80 - .../templates/controller-pullsecret.yaml | 32 - .../1.12.500/templates/controller-role.yaml | 38 - .../templates/controller-rolebinding.yaml | 37 - .../templates/controller-service.yaml | 101 - .../templates/controller-serviceaccount.yaml | 29 - .../templates/controller-servicemonitor.yaml | 41 - .../templates/default-backend-deployment.yaml | 88 - .../templates/default-backend-hpa.yaml | 49 - .../default-backend-podsecuritypolicy.yaml | 64 - .../templates/default-backend-role.yaml | 38 - .../default-backend-rolebinding.yaml | 37 - .../templates/default-backend-service.yaml | 40 - .../default-backend-serviceaccount.yaml | 29 - charts/haproxy/haproxy/1.12.500/values.yaml | 162 - charts/haproxy/haproxy/1.4.300/.helmignore | 21 - charts/haproxy/haproxy/1.4.300/Chart.yaml | 23 - charts/haproxy/haproxy/1.4.300/README.md | 190 - charts/haproxy/haproxy/1.4.300/app-readme.md | 8 - .../ci/daemonset-customconfig-values.yaml | 4 - .../ci/daemonset-customnodeport-values.yaml | 7 - .../1.4.300/ci/daemonset-default-values.yaml | 2 - ...daemonset-disabledsecretconfig-values.yaml | 4 - .../ci/daemonset-enableports-values.yaml | 7 - .../ci/daemonset-extraargs-values.yaml | 4 - .../1.4.300/ci/daemonset-hostport-values.yaml | 8 - .../1.4.300/ci/daemonset-nodeport-values.yaml | 4 - .../ci/daemonset-publishservice-values.yaml | 5 - .../daemonset-serviceannotation-values.yaml | 5 - .../ci/deployment-customconfig-values.yaml | 3 - .../ci/deployment-customnodeport-values.yaml | 6 - .../1.4.300/ci/deployment-default-values.yaml | 1 - ...eployment-disabledsecretconfig-values.yaml | 3 - .../ci/deployment-enableports-values.yaml | 6 - .../ci/deployment-extraargs-values.yaml | 3 - .../ci/deployment-nodeport-values.yaml | 3 - .../ci/deployment-publishservice-values.yaml | 4 - .../ci/deployment-replicacount-unset.yaml | 5 - .../deployment-serviceannotation-values.yaml | 4 - charts/haproxy/haproxy/1.4.300/questions.yml | 73 - .../haproxy/1.4.300/templates/NOTES.txt | 67 - .../haproxy/1.4.300/templates/_helpers.tpl | 123 - .../1.4.300/templates/clusterrole.yaml | 61 - .../1.4.300/templates/clusterrolebinding.yaml | 37 - .../templates/controller-configmap.yaml | 34 - .../templates/controller-daemonset.yaml | 153 - .../controller-defaultcertsecret.yaml | 33 - .../templates/controller-deployment.yaml | 141 - .../controller-podsecuritypolicy.yaml | 75 - .../templates/controller-pullsecret.yaml | 32 - .../1.4.300/templates/controller-role.yaml | 38 - .../templates/controller-rolebinding.yaml | 37 - .../1.4.300/templates/controller-service.yaml | 100 - .../templates/controller-serviceaccount.yaml | 29 - .../templates/default-backend-deployment.yaml | 71 - .../default-backend-podsecuritypolicy.yaml | 59 - .../templates/default-backend-role.yaml | 38 - .../default-backend-rolebinding.yaml | 37 - .../templates/default-backend-service.yaml | 38 - .../default-backend-serviceaccount.yaml | 29 - charts/haproxy/haproxy/1.4.300/values.yaml | 116 - .../hpe-csi-driver/1.3.000/Chart.yaml | 22 - .../hpe-csi-driver/1.3.000/README.md | 110 - .../hpe-csi-driver/1.3.000/app-readme.md | 3 - .../1.3.000/crds/hpe-nodeinfo-crd.yaml | 54 - .../crds/hpe-replicated-device-info-crd.yaml | 57 - .../1.3.000/crds/hpe-volumeinfo-crd.yaml | 32 - .../hpe-csi-driver/1.3.000/files/config.json | 128 - .../hpe-csi-driver/1.3.000/questions.yml | 29 - .../1.3.000/templates/NOTES.txt | 0 .../1.3.000/templates/_helpers.tpl | 32 - .../1.3.000/templates/csi-driver-crd.yaml | 16 - .../1.3.000/templates/hpe-csi-controller.yaml | 171 - .../1.3.000/templates/hpe-csi-node.yaml | 165 - .../1.3.000/templates/hpe-csi-rbac.yaml | 408 -- .../1.3.000/templates/hpe-linux-config.yaml | 13 - .../1.3.000/templates/hpe-secret.yaml | 47 - .../1.3.000/templates/nimble-csp.yaml | 60 - .../1.3.000/templates/primera-3par-csp.yaml | 61 - .../hpe-csi-driver/1.3.000/templates/sc.yaml | 38 - .../hpe-csi-driver/1.3.000/values.yaml | 20 - .../hpe-csi-driver/1.4.200+up1.4.2/Chart.yaml | 19 - .../hpe-csi-driver/1.4.200+up1.4.2/README.md | 101 - .../1.4.200+up1.4.2/app-readme.md | 3 - .../crds/hpe-nodeinfo-crd.yaml | 70 - .../crds/hpe-replicated-device-info-crd.yaml | 57 - .../crds/hpe-snapshotgroupinfo-crd.yaml | 57 - .../crds/hpe-volumegroupinfo-crd.yaml | 64 - .../crds/hpe-volumeinfo-crd.yaml | 32 - .../storage.hpe.com_snapshotgroupclasses.yaml | 60 - ...storage.hpe.com_snapshotgroupcontents.yaml | 104 - .../crds/storage.hpe.com_snapshotgroups.yaml | 83 - .../storage.hpe.com_volumegroupclasses.yaml | 60 - .../storage.hpe.com_volumegroupcontents.yaml | 96 - .../crds/storage.hpe.com_volumegroups.yaml | 69 - .../1.4.200+up1.4.2/files/config.json | 128 - .../1.4.200+up1.4.2/questions.yml | 37 - .../1.4.200+up1.4.2/templates/NOTES.txt | 0 .../1.4.200+up1.4.2/templates/_helpers.tpl | 32 - .../templates/csi-driver-crd.yaml | 24 - .../templates/hpe-csi-controller.yaml | 223 - .../templates/hpe-csi-node.yaml | 171 - .../templates/hpe-csi-rbac.yaml | 563 -- .../templates/hpe-linux-config.yaml | 13 - .../1.4.200+up1.4.2/templates/hpe-secret.yaml | 47 - .../1.4.200+up1.4.2/templates/nimble-csp.yaml | 64 - .../templates/primera-3par-csp.yaml | 65 - .../1.4.200+up1.4.2/templates/sc.yaml | 38 - .../1.4.200+up1.4.2/values.yaml | 24 - .../hpe-csi-driver/1.4.200/Chart.yaml | 19 - .../hpe-csi-driver/1.4.200/README.md | 101 - .../hpe-csi-driver/1.4.200/app-readme.md | 3 - .../1.4.200/crds/hpe-nodeinfo-crd.yaml | 70 - .../crds/hpe-replicated-device-info-crd.yaml | 57 - .../crds/hpe-snapshotgroupinfo-crd.yaml | 57 - .../1.4.200/crds/hpe-volumegroupinfo-crd.yaml | 64 - .../1.4.200/crds/hpe-volumeinfo-crd.yaml | 32 - .../storage.hpe.com_snapshotgroupclasses.yaml | 60 - ...storage.hpe.com_snapshotgroupcontents.yaml | 104 - .../crds/storage.hpe.com_snapshotgroups.yaml | 83 - .../storage.hpe.com_volumegroupclasses.yaml | 60 - .../storage.hpe.com_volumegroupcontents.yaml | 96 - .../crds/storage.hpe.com_volumegroups.yaml | 69 - .../hpe-csi-driver/1.4.200/files/config.json | 128 - .../hpe-csi-driver/1.4.200/questions.yml | 37 - .../1.4.200/templates/NOTES.txt | 0 .../1.4.200/templates/_helpers.tpl | 32 - .../1.4.200/templates/csi-driver-crd.yaml | 24 - .../1.4.200/templates/hpe-csi-controller.yaml | 223 - .../1.4.200/templates/hpe-csi-node.yaml | 171 - .../1.4.200/templates/hpe-csi-rbac.yaml | 563 -- .../1.4.200/templates/hpe-linux-config.yaml | 13 - .../1.4.200/templates/hpe-secret.yaml | 47 - .../1.4.200/templates/nimble-csp.yaml | 64 - .../1.4.200/templates/primera-3par-csp.yaml | 65 - .../hpe-csi-driver/1.4.200/templates/sc.yaml | 38 - .../hpe-csi-driver/1.4.200/values.yaml | 24 - .../hpe-csi-driver/2.0.0/Chart.yaml | 27 - .../hpe-csi-driver/2.0.0/README.md | 115 - .../hpe-csi-driver/2.0.0/app-readme.md | 3 - .../2.0.0/crds/hpe-nodeinfo-crd.yaml | 70 - .../crds/hpe-replicated-device-info-crd.yaml | 57 - .../2.0.0/crds/hpe-snapshotgroupinfo-crd.yaml | 57 - .../2.0.0/crds/hpe-volumegroupinfo-crd.yaml | 64 - .../2.0.0/crds/hpe-volumeinfo-crd.yaml | 32 - .../storage.hpe.com_snapshotgroupclasses.yaml | 60 - ...storage.hpe.com_snapshotgroupcontents.yaml | 104 - .../crds/storage.hpe.com_snapshotgroups.yaml | 83 - .../storage.hpe.com_volumegroupclasses.yaml | 60 - .../storage.hpe.com_volumegroupcontents.yaml | 96 - .../crds/storage.hpe.com_volumegroups.yaml | 69 - .../hpe-csi-driver/2.0.0/files/config.json | 128 - .../hpe-csi-driver/2.0.0/questions.yml | 83 - .../hpe-csi-driver/2.0.0/templates/NOTES.txt | 0 .../2.0.0/templates/_helpers.tpl | 32 - .../2.0.0/templates/csi-driver-crd.yaml | 24 - .../2.0.0/templates/hpe-csi-controller.yaml | 240 - .../2.0.0/templates/hpe-csi-node.yaml | 204 - .../2.0.0/templates/hpe-csi-rbac.yaml | 566 -- .../2.0.0/templates/hpe-linux-config.yaml | 13 - .../2.0.0/templates/nimble-csp.yaml | 87 - .../2.0.0/templates/primera-3par-csp.yaml | 89 - .../hpe-csi-driver/2.0.0/values.schema.json | 170 - .../hpe-csi-driver/2.0.0/values.yaml | 36 - .../hpe-flexvolume-driver/3.1.0/Chart.yaml | 23 - .../hpe-flexvolume-driver/3.1.0/README.md | 173 - .../hpe-flexvolume-driver/3.1.0/app-readme.md | 3 - .../hpe-flexvolume-driver/3.1.0/questions.yml | 172 - .../3.1.0/templates/NOTES.txt | 0 .../3.1.0/templates/_helpers.tpl | 32 - .../3.1.0/templates/hpe-config.yaml | 58 - .../3.1.0/templates/hpe-doryd-rbac.yaml | 40 - .../3.1.0/templates/hpe-doryd.yaml | 67 - .../templates/hpe-flexvolume-plugin.yaml | 216 - .../3.1.0/templates/hpe-secret.yaml | 18 - .../3.1.0/templates/hpecv-cp.yaml | 66 - .../3.1.0/templates/post-install.yaml | 28 - .../3.1.0/templates/sc.yaml | 16 - .../hpe-flexvolume-driver/3.1.0/values.yaml | 97 - .../hpe-flexvolume-driver/3.1.000/Chart.yaml | 23 - .../hpe-flexvolume-driver/3.1.000/README.md | 173 - .../3.1.000/app-readme.md | 3 - .../3.1.000/questions.yml | 172 - .../3.1.000/templates/NOTES.txt | 0 .../3.1.000/templates/_helpers.tpl | 32 - .../3.1.000/templates/hpe-config.yaml | 58 - .../3.1.000/templates/hpe-doryd-rbac.yaml | 40 - .../3.1.000/templates/hpe-doryd.yaml | 67 - .../templates/hpe-flexvolume-plugin.yaml | 216 - .../3.1.000/templates/hpe-secret.yaml | 18 - .../3.1.000/templates/hpecv-cp.yaml | 66 - .../3.1.000/templates/post-install.yaml | 28 - .../3.1.000/templates/sc.yaml | 16 - .../hpe-flexvolume-driver/3.1.000/values.yaml | 97 - .../1.0.2900+up1.0.29/.helmignore | 23 - .../1.0.2900+up1.0.29/Chart.yaml | 27 - .../instana-agent/1.0.2900+up1.0.29/README.md | 164 - .../1.0.2900+up1.0.29/app-readme.md | 5 - .../1.0.2900+up1.0.29/questions.yml | 236 - .../1.0.2900+up1.0.29/templates/NOTES.txt | 66 - .../1.0.2900+up1.0.29/templates/_helpers.tpl | 76 - .../templates/agentsecret.yaml | 19 - .../templates/clusterrole.yaml | 68 - .../templates/clusterrolebinding.yaml | 22 - .../templates/configmap.yaml | 44 - .../templates/daemonset.yaml | 210 - .../templates/namespace.yaml | 8 - .../templates/podsecuritypolicy.yaml | 55 - .../templates/serviceaccount.yaml | 9 - .../1.0.2900+up1.0.29/values.yaml | 111 - .../instana-agent/1.0.2900/.helmignore | 23 - .../instana-agent/1.0.2900/Chart.yaml | 27 - .../instana-agent/1.0.2900/README.md | 164 - .../instana-agent/1.0.2900/app-readme.md | 5 - .../instana-agent/1.0.2900/questions.yml | 236 - .../1.0.2900/templates/NOTES.txt | 66 - .../1.0.2900/templates/_helpers.tpl | 76 - .../1.0.2900/templates/agentsecret.yaml | 19 - .../1.0.2900/templates/clusterrole.yaml | 68 - .../templates/clusterrolebinding.yaml | 22 - .../1.0.2900/templates/configmap.yaml | 44 - .../1.0.2900/templates/daemonset.yaml | 210 - .../1.0.2900/templates/namespace.yaml | 8 - .../1.0.2900/templates/podsecuritypolicy.yaml | 55 - .../1.0.2900/templates/serviceaccount.yaml | 9 - .../instana-agent/1.0.2900/values.yaml | 111 - .../2.0.500+upv2.0.5/.helmignore | 23 - .../2.0.500+upv2.0.5/Chart.yaml | 17 - .../2.0.500+upv2.0.5/LICENSE | 1 - .../2.0.500+upv2.0.5/README.md | 41 - .../2.0.500+upv2.0.5/app-readme.md | 37 - .../2.0.500+upv2.0.5/templates/NOTES.txt | 3 - .../2.0.500+upv2.0.5/templates/_helpers.tpl | 33 - .../templates/clusterrole.yaml | 53 - .../templates/clusterrole_binding.yaml | 12 - .../templates/deployment.yaml | 101 - .../templates/mutating-webhook.yaml | 24 - .../templates/ns-validating-webhook.yaml | 30 - .../2.0.500+upv2.0.5/templates/secret.yaml | 6 - ...iovault.trilio.io_triliovaultmanagers.yaml | 826 --- .../templates/validating-webhook.yaml | 24 - .../templates/webhook-service.yaml | 15 - .../2.0.500+upv2.0.5/values.yaml | 33 - .../2.0.500/.helmignore | 23 - .../2.0.500/Chart.yaml | 17 - .../k8s-triliovault-operator/2.0.500/LICENSE | 1 - .../2.0.500/README.md | 41 - .../2.0.500/app-readme.md | 37 - .../2.0.500/templates/NOTES.txt | 3 - .../2.0.500/templates/_helpers.tpl | 33 - .../2.0.500/templates/clusterrole.yaml | 53 - .../templates/clusterrole_binding.yaml | 12 - .../2.0.500/templates/deployment.yaml | 101 - .../2.0.500/templates/mutating-webhook.yaml | 24 - .../templates/ns-validating-webhook.yaml | 30 - .../2.0.500/templates/secret.yaml | 6 - ...iovault.trilio.io_triliovaultmanagers.yaml | 826 --- .../2.0.500/templates/validating-webhook.yaml | 24 - .../2.0.500/templates/webhook-service.yaml | 15 - .../2.0.500/values.yaml | 33 - .../v2.0.200/.helmignore | 23 - .../v2.0.200/Chart.yaml | 15 - .../k8s-triliovault-operator/v2.0.200/LICENSE | 1 - .../v2.0.200/README.md | 41 - .../v2.0.200/app-readme.md | 4 - .../v2.0.200/templates/NOTES.txt | 3 - .../v2.0.200/templates/_helpers.tpl | 33 - .../v2.0.200/templates/clusterrole.yaml | 53 - .../templates/clusterrole_binding.yaml | 12 - .../v2.0.200/templates/deployment.yaml | 84 - .../v2.0.200/templates/mutating-webhook.yaml | 41 - .../v2.0.200/templates/secret.yaml | 6 - ...iovault.trilio.io_triliovaultmanagers.yaml | 1605 ----- .../templates/validating-webhook.yaml | 41 - .../v2.0.200/templates/webhook-service.yaml | 15 - .../v2.0.200/values.yaml | 23 - .../kubecost/cost-analyzer/1.70.0/Chart.yaml | 10 - .../cost-analyzer/1.70.0/app-readme.md | 23 - .../cost-analyzer/1.70.0/attached-disks.json | 425 -- .../1.70.0/charts/grafana/Chart.yaml | 15 - .../1.70.0/charts/grafana/README.md | 162 - .../1.70.0/charts/grafana/templates/NOTES.txt | 37 - .../charts/grafana/templates/_helpers.tpl | 43 - .../charts/grafana/templates/clusterrole.yaml | 25 - .../grafana/templates/clusterrolebinding.yaml | 25 - .../configmap-dashboard-provider.yaml | 28 - .../charts/grafana/templates/configmap.yaml | 76 - .../templates/dashboards-json-configmap.yaml | 24 - .../charts/grafana/templates/deployment.yaml | 272 - .../charts/grafana/templates/ingress.yaml | 44 - .../grafana/templates/podsecuritypolicy.yaml | 42 - .../1.70.0/charts/grafana/templates/pvc.yaml | 26 - .../1.70.0/charts/grafana/templates/role.yaml | 20 - .../charts/grafana/templates/rolebinding.yaml | 20 - .../charts/grafana/templates/secret.yaml | 22 - .../charts/grafana/templates/service.yaml | 51 - .../grafana/templates/serviceaccount.yaml | 13 - .../1.70.0/charts/grafana/values.yaml | 275 - .../1.70.0/charts/prometheus/.helmignore | 23 - .../1.70.0/charts/prometheus/Chart.yaml | 18 - .../1.70.0/charts/prometheus/README.md | 471 -- .../charts/kube-state-metrics/.helmignore | 21 - .../charts/kube-state-metrics/Chart.yaml | 20 - .../charts/kube-state-metrics/OWNERS | 8 - .../charts/kube-state-metrics/README.md | 73 - .../kube-state-metrics/templates/NOTES.txt | 10 - .../kube-state-metrics/templates/_helpers.tpl | 47 - .../templates/clusterrole.yaml | 180 - .../templates/clusterrolebinding.yaml | 19 - .../templates/deployment.yaml | 186 - .../templates/podsecuritypolicy.yaml | 39 - .../templates/psp-clusterrole.yaml | 17 - .../templates/psp-clusterrolebinding.yaml | 19 - .../kube-state-metrics/templates/service.yaml | 36 - .../templates/serviceaccount.yaml | 14 - .../templates/servicemonitor.yaml | 25 - .../templates/stsdiscovery-role.yaml | 27 - .../templates/stsdiscovery-rolebinding.yaml | 20 - .../charts/kube-state-metrics/values.yaml | 126 - .../charts/prometheus/requirements.lock | 6 - .../charts/prometheus/requirements.yaml | 7 - .../charts/prometheus/templates/NOTES.txt | 112 - .../charts/prometheus/templates/_helpers.tpl | 276 - .../templates/alertmanager-clusterrole.yaml | 23 - .../alertmanager-clusterrolebinding.yaml | 18 - .../templates/alertmanager-configmap.yaml | 20 - .../templates/alertmanager-deployment.yaml | 141 - .../templates/alertmanager-ingress.yaml | 44 - .../templates/alertmanager-networkpolicy.yaml | 21 - .../templates/alertmanager-pdb.yaml | 15 - .../alertmanager-podsecuritypolicy.yaml | 50 - .../templates/alertmanager-pvc.yaml | 34 - .../alertmanager-service-headless.yaml | 32 - .../templates/alertmanager-service.yaml | 54 - .../alertmanager-serviceaccount.yaml | 10 - .../templates/alertmanager-statefulset.yaml | 154 - .../templates/node-exporter-daemonset.yaml | 125 - .../node-exporter-podsecuritypolicy.yaml | 57 - .../templates/node-exporter-role.yaml | 19 - .../templates/node-exporter-rolebinding.yaml | 21 - .../templates/node-exporter-service.yaml | 46 - .../node-exporter-serviceaccount.yaml | 10 - .../templates/pushgateway-clusterrole.yaml | 23 - .../pushgateway-clusterrolebinding.yaml | 18 - .../templates/pushgateway-deployment.yaml | 99 - .../templates/pushgateway-ingress.yaml | 41 - .../templates/pushgateway-networkpolicy.yaml | 21 - .../prometheus/templates/pushgateway-pdb.yaml | 15 - .../pushgateway-podsecuritypolicy.yaml | 46 - .../prometheus/templates/pushgateway-pvc.yaml | 32 - .../templates/pushgateway-service.yaml | 42 - .../templates/pushgateway-serviceaccount.yaml | 10 - .../templates/server-clusterrole.yaml | 49 - .../templates/server-clusterrolebinding.yaml | 18 - .../templates/server-configmap.yaml | 83 - .../templates/server-deployment.yaml | 216 - .../prometheus/templates/server-ingress.yaml | 46 - .../templates/server-networkpolicy.yaml | 19 - .../prometheus/templates/server-pdb.yaml | 15 - .../templates/server-podsecuritypolicy.yaml | 55 - .../prometheus/templates/server-pvc.yaml | 36 - .../templates/server-service-headless.yaml | 28 - .../prometheus/templates/server-service.yaml | 61 - .../templates/server-serviceaccount.yaml | 12 - .../templates/server-statefulset.yaml | 224 - .../prometheus/templates/server-vpa.yaml | 26 - .../1.70.0/charts/prometheus/values.yaml | 1387 ---- .../1.70.0/charts/thanos/.helmignore | 21 - .../1.70.0/charts/thanos/Chart.yaml | 18 - .../1.70.0/charts/thanos/requirements.yaml | 0 .../1.70.0/charts/thanos/templates/NOTES.txt | 0 .../charts/thanos/templates/_helpers.tpl | 51 - .../thanos/templates/bucket-deployment.yaml | 87 - .../thanos/templates/bucket-ingress.yaml | 42 - .../templates/bucket-poddisruptionbudget.yaml | 27 - .../thanos/templates/bucket-service.yaml | 30 - .../thanos/templates/compact-deployment.yaml | 108 - .../charts/thanos/templates/compact-pvc.yaml | 27 - .../thanos/templates/compact-service.yaml | 30 - .../templates/compact-servicemonitor.yaml | 32 - .../thanos/templates/query-deployment.yaml | 148 - .../templates/query-frontend-deployment.yaml | 122 - ...uery-frontend-horizontalpodautoscaler.yaml | 37 - .../templates/query-frontend-ingress.yml | 45 - .../query-frontend-poddisruptionbudget.yaml | 27 - .../templates/query-frontend-service.yaml | 34 - .../query-frontend-servicemonitor.yaml | 32 - .../query-horizontalpodautoscaler.yaml | 37 - .../charts/thanos/templates/query-ingress.yml | 89 - .../templates/query-poddisruptionbudget.yaml | 27 - .../thanos/templates/query-service.yaml | 65 - .../templates/query-servicemonitor.yaml | 32 - .../thanos/templates/sidecar-service.yaml | 61 - .../templates/sidecar-servicemonitor.yaml | 32 - .../thanos/templates/store-deployment.yaml | 121 - .../thanos/templates/store-ingress.yaml | 85 - .../thanos/templates/store-service.yaml | 65 - .../templates/store-servicemonitor.yaml | 32 - .../1.70.0/charts/thanos/values.yaml | 739 --- .../cost-analyzer/1.70.0/cluster-metrics.json | 1663 ----- .../1.70.0/cluster-utilization.json | 3473 ---------- .../1.70.0/deployment-utilization.json | 1366 ---- .../1.70.0/label-cost-utilization.json | 1193 ---- .../1.70.0/namespace-utilization.json | 1156 ---- .../1.70.0/node-utilization.json | 1370 ---- .../cost-analyzer/1.70.0/pod-utilization.json | 798 --- .../cost-analyzer/1.70.0/prom-benchmark.json | 5670 ----------------- .../cost-analyzer/1.70.0/questions.yml | 160 - .../cost-analyzer/1.70.0/templates/NOTES.txt | 10 - .../1.70.0/templates/_helpers.tpl | 200 - .../templates/aws-service-key-secret.yaml | 17 - .../awsstore-deployment-template.yaml | 26 - .../awsstore-service-account-template.yaml | 12 - .../templates/azure-service-key-secret.yaml | 21 - .../cost-analyzer-alerts-configmap.yaml | 12 - .../cost-analyzer-checks-template.yaml | 63 - .../cost-analyzer-cluser-role-template.yaml | 105 - ...nalyzer-cluster-role-binding-template.yaml | 33 - .../cost-analyzer-config-map-template.yaml | 30 - .../cost-analyzer-db-pvc-template.yaml | 29 - .../cost-analyzer-deployment-template.yaml | 672 -- ...analyzer-frontend-config-map-template.yaml | 174 - .../cost-analyzer-ingress-template.yaml | 40 - ...zer-network-costs-config-map-template.yaml | 15 - ...zer-network-costs-podmonitor-template.yaml | 31 - .../cost-analyzer-network-costs-template.yaml | 93 - .../cost-analyzer-network-policy.yaml | 19 - .../cost-analyzer-pkey-configmap.yaml | 16 - .../cost-analyzer-postgres-deployment.yaml | 49 - .../templates/cost-analyzer-postgres-pv.yaml | 22 - .../templates/cost-analyzer-postgres-pvc.yaml | 20 - .../cost-analyzer-postgres-service.yaml | 22 - .../cost-analyzer-pricing-configmap.yaml | 121 - ...rometheus-postgres-adapter-deployment.yaml | 53 - ...r-prometheus-postgres-adapter-service.yaml | 20 - ...cost-analyzer-prometheusrule-template.yaml | 21 - .../cost-analyzer-psp-role.template.yaml | 18 - ...ost-analyzer-psp-rolebinding.template.yaml | 16 - .../templates/cost-analyzer-psp.template.yaml | 20 - .../templates/cost-analyzer-pvc-template.yaml | 25 - ...ost-analyzer-saml-config-map-template.yaml | 13 - .../cost-analyzer-server-configmap.yaml | 69 - ...ost-analyzer-service-account-template.yaml | 12 - .../cost-analyzer-service-template.yaml | 69 - ...cost-analyzer-servicemonitor-template.yaml | 27 - .../external-grafana-config-map-template.yaml | 10 - ...rafana-attached-disk-metrics-template.yaml | 25 - ...na-dashboard-cluster-metrics-template.yaml | 27 - ...ashboard-cluster-utilization-template.yaml | 25 - ...board-deployment-utilization-template.yaml | 25 - ...board-label-cost-utilization-template.yaml | 25 - ...hboard-namespace-utilization-template.yaml | 25 - ...a-dashboard-node-utilization-template.yaml | 25 - ...na-dashboard-pod-utilization-template.yaml | 25 - ...dashboard-prometheus-metrics-template.yaml | 25 - .../grafana-datasource-template.yaml | 72 - .../kubecost-cluster-controller-template.yaml | 282 - ...st-cluster-manager-configmap-template.yaml | 13 - .../kubecost-priority-class-template.yaml | 11 - .../templates/network-costs-psp.template.yaml | 24 - .../network-costs-role.template.yaml | 22 - .../network-costs-rolebinding.template.yaml | 20 - .../cost-analyzer/1.70.0/values-thanos.yaml | 117 - .../kubecost/cost-analyzer/1.70.0/values.yaml | 561 -- .../cost-analyzer/1.70.000/Chart.yaml | 10 - .../cost-analyzer/1.70.000/app-readme.md | 23 - .../1.70.000/attached-disks.json | 425 -- .../1.70.000/charts/grafana/Chart.yaml | 15 - .../1.70.000/charts/grafana/README.md | 162 - .../charts/grafana/templates/NOTES.txt | 37 - .../charts/grafana/templates/_helpers.tpl | 43 - .../charts/grafana/templates/clusterrole.yaml | 25 - .../grafana/templates/clusterrolebinding.yaml | 25 - .../configmap-dashboard-provider.yaml | 28 - .../charts/grafana/templates/configmap.yaml | 76 - .../templates/dashboards-json-configmap.yaml | 24 - .../charts/grafana/templates/deployment.yaml | 272 - .../charts/grafana/templates/ingress.yaml | 44 - .../grafana/templates/podsecuritypolicy.yaml | 42 - .../charts/grafana/templates/pvc.yaml | 26 - .../charts/grafana/templates/role.yaml | 20 - .../charts/grafana/templates/rolebinding.yaml | 20 - .../charts/grafana/templates/secret.yaml | 22 - .../charts/grafana/templates/service.yaml | 51 - .../grafana/templates/serviceaccount.yaml | 13 - .../1.70.000/charts/grafana/values.yaml | 275 - .../1.70.000/charts/prometheus/.helmignore | 23 - .../1.70.000/charts/prometheus/Chart.yaml | 18 - .../1.70.000/charts/prometheus/README.md | 471 -- .../charts/kube-state-metrics/.helmignore | 21 - .../charts/kube-state-metrics/Chart.yaml | 20 - .../charts/kube-state-metrics/OWNERS | 8 - .../charts/kube-state-metrics/README.md | 73 - .../kube-state-metrics/templates/NOTES.txt | 10 - .../kube-state-metrics/templates/_helpers.tpl | 47 - .../templates/clusterrole.yaml | 180 - .../templates/clusterrolebinding.yaml | 19 - .../templates/deployment.yaml | 186 - .../templates/podsecuritypolicy.yaml | 39 - .../templates/psp-clusterrole.yaml | 17 - .../templates/psp-clusterrolebinding.yaml | 19 - .../kube-state-metrics/templates/service.yaml | 36 - .../templates/serviceaccount.yaml | 14 - .../templates/servicemonitor.yaml | 25 - .../templates/stsdiscovery-role.yaml | 27 - .../templates/stsdiscovery-rolebinding.yaml | 20 - .../charts/kube-state-metrics/values.yaml | 126 - .../charts/prometheus/requirements.lock | 6 - .../charts/prometheus/requirements.yaml | 7 - .../charts/prometheus/templates/NOTES.txt | 112 - .../charts/prometheus/templates/_helpers.tpl | 276 - .../templates/alertmanager-clusterrole.yaml | 23 - .../alertmanager-clusterrolebinding.yaml | 18 - .../templates/alertmanager-configmap.yaml | 20 - .../templates/alertmanager-deployment.yaml | 141 - .../templates/alertmanager-ingress.yaml | 44 - .../templates/alertmanager-networkpolicy.yaml | 21 - .../templates/alertmanager-pdb.yaml | 15 - .../alertmanager-podsecuritypolicy.yaml | 50 - .../templates/alertmanager-pvc.yaml | 34 - .../alertmanager-service-headless.yaml | 32 - .../templates/alertmanager-service.yaml | 54 - .../alertmanager-serviceaccount.yaml | 10 - .../templates/alertmanager-statefulset.yaml | 154 - .../templates/node-exporter-daemonset.yaml | 125 - .../node-exporter-podsecuritypolicy.yaml | 57 - .../templates/node-exporter-role.yaml | 19 - .../templates/node-exporter-rolebinding.yaml | 21 - .../templates/node-exporter-service.yaml | 46 - .../node-exporter-serviceaccount.yaml | 10 - .../templates/pushgateway-clusterrole.yaml | 23 - .../pushgateway-clusterrolebinding.yaml | 18 - .../templates/pushgateway-deployment.yaml | 99 - .../templates/pushgateway-ingress.yaml | 41 - .../templates/pushgateway-networkpolicy.yaml | 21 - .../prometheus/templates/pushgateway-pdb.yaml | 15 - .../pushgateway-podsecuritypolicy.yaml | 46 - .../prometheus/templates/pushgateway-pvc.yaml | 32 - .../templates/pushgateway-service.yaml | 42 - .../templates/pushgateway-serviceaccount.yaml | 10 - .../templates/server-clusterrole.yaml | 49 - .../templates/server-clusterrolebinding.yaml | 18 - .../templates/server-configmap.yaml | 83 - .../templates/server-deployment.yaml | 216 - .../prometheus/templates/server-ingress.yaml | 46 - .../templates/server-networkpolicy.yaml | 19 - .../prometheus/templates/server-pdb.yaml | 15 - .../templates/server-podsecuritypolicy.yaml | 55 - .../prometheus/templates/server-pvc.yaml | 36 - .../templates/server-service-headless.yaml | 28 - .../prometheus/templates/server-service.yaml | 61 - .../templates/server-serviceaccount.yaml | 12 - .../templates/server-statefulset.yaml | 224 - .../prometheus/templates/server-vpa.yaml | 26 - .../1.70.000/charts/prometheus/values.yaml | 1387 ---- .../1.70.000/charts/thanos/.helmignore | 21 - .../1.70.000/charts/thanos/Chart.yaml | 18 - .../1.70.000/charts/thanos/requirements.yaml | 0 .../charts/thanos/templates/NOTES.txt | 0 .../charts/thanos/templates/_helpers.tpl | 51 - .../thanos/templates/bucket-deployment.yaml | 87 - .../thanos/templates/bucket-ingress.yaml | 42 - .../templates/bucket-poddisruptionbudget.yaml | 27 - .../thanos/templates/bucket-service.yaml | 30 - .../thanos/templates/compact-deployment.yaml | 108 - .../charts/thanos/templates/compact-pvc.yaml | 27 - .../thanos/templates/compact-service.yaml | 30 - .../templates/compact-servicemonitor.yaml | 32 - .../thanos/templates/query-deployment.yaml | 148 - .../templates/query-frontend-deployment.yaml | 122 - ...uery-frontend-horizontalpodautoscaler.yaml | 37 - .../templates/query-frontend-ingress.yml | 45 - .../query-frontend-poddisruptionbudget.yaml | 27 - .../templates/query-frontend-service.yaml | 34 - .../query-frontend-servicemonitor.yaml | 32 - .../query-horizontalpodautoscaler.yaml | 37 - .../charts/thanos/templates/query-ingress.yml | 89 - .../templates/query-poddisruptionbudget.yaml | 27 - .../thanos/templates/query-service.yaml | 65 - .../templates/query-servicemonitor.yaml | 32 - .../thanos/templates/sidecar-service.yaml | 61 - .../templates/sidecar-servicemonitor.yaml | 32 - .../thanos/templates/store-deployment.yaml | 121 - .../thanos/templates/store-ingress.yaml | 85 - .../thanos/templates/store-service.yaml | 65 - .../templates/store-servicemonitor.yaml | 32 - .../1.70.000/charts/thanos/values.yaml | 739 --- .../1.70.000/cluster-metrics.json | 1663 ----- .../1.70.000/cluster-utilization.json | 3473 ---------- .../1.70.000/deployment-utilization.json | 1366 ---- .../1.70.000/label-cost-utilization.json | 1193 ---- .../1.70.000/namespace-utilization.json | 1156 ---- .../1.70.000/node-utilization.json | 1370 ---- .../1.70.000/pod-utilization.json | 798 --- .../1.70.000/prom-benchmark.json | 5670 ----------------- .../cost-analyzer/1.70.000/questions.yml | 160 - .../1.70.000/templates/NOTES.txt | 10 - .../1.70.000/templates/_helpers.tpl | 200 - .../templates/aws-service-key-secret.yaml | 17 - .../awsstore-deployment-template.yaml | 26 - .../awsstore-service-account-template.yaml | 12 - .../templates/azure-service-key-secret.yaml | 21 - .../cost-analyzer-alerts-configmap.yaml | 12 - .../cost-analyzer-checks-template.yaml | 63 - .../cost-analyzer-cluser-role-template.yaml | 105 - ...nalyzer-cluster-role-binding-template.yaml | 33 - .../cost-analyzer-config-map-template.yaml | 30 - .../cost-analyzer-db-pvc-template.yaml | 29 - .../cost-analyzer-deployment-template.yaml | 672 -- ...analyzer-frontend-config-map-template.yaml | 174 - .../cost-analyzer-ingress-template.yaml | 40 - ...zer-network-costs-config-map-template.yaml | 15 - ...zer-network-costs-podmonitor-template.yaml | 31 - .../cost-analyzer-network-costs-template.yaml | 93 - .../cost-analyzer-network-policy.yaml | 19 - .../cost-analyzer-pkey-configmap.yaml | 16 - .../cost-analyzer-postgres-deployment.yaml | 49 - .../templates/cost-analyzer-postgres-pv.yaml | 22 - .../templates/cost-analyzer-postgres-pvc.yaml | 20 - .../cost-analyzer-postgres-service.yaml | 22 - .../cost-analyzer-pricing-configmap.yaml | 121 - ...rometheus-postgres-adapter-deployment.yaml | 53 - ...r-prometheus-postgres-adapter-service.yaml | 20 - ...cost-analyzer-prometheusrule-template.yaml | 21 - .../cost-analyzer-psp-role.template.yaml | 18 - ...ost-analyzer-psp-rolebinding.template.yaml | 16 - .../templates/cost-analyzer-psp.template.yaml | 20 - .../templates/cost-analyzer-pvc-template.yaml | 25 - ...ost-analyzer-saml-config-map-template.yaml | 13 - .../cost-analyzer-server-configmap.yaml | 69 - ...ost-analyzer-service-account-template.yaml | 12 - .../cost-analyzer-service-template.yaml | 69 - ...cost-analyzer-servicemonitor-template.yaml | 27 - .../external-grafana-config-map-template.yaml | 10 - ...rafana-attached-disk-metrics-template.yaml | 25 - ...na-dashboard-cluster-metrics-template.yaml | 27 - ...ashboard-cluster-utilization-template.yaml | 25 - ...board-deployment-utilization-template.yaml | 25 - ...board-label-cost-utilization-template.yaml | 25 - ...hboard-namespace-utilization-template.yaml | 25 - ...a-dashboard-node-utilization-template.yaml | 25 - ...na-dashboard-pod-utilization-template.yaml | 25 - ...dashboard-prometheus-metrics-template.yaml | 25 - .../grafana-datasource-template.yaml | 72 - .../kubecost-cluster-controller-template.yaml | 282 - ...st-cluster-manager-configmap-template.yaml | 13 - .../kubecost-priority-class-template.yaml | 11 - .../templates/network-costs-psp.template.yaml | 24 - .../network-costs-role.template.yaml | 22 - .../network-costs-rolebinding.template.yaml | 20 - .../cost-analyzer/1.70.000/values-thanos.yaml | 117 - .../cost-analyzer/1.70.000/values.yaml | 561 -- charts/neuvector/neuvector/1.8.0/.helmignore | 21 - charts/neuvector/neuvector/1.8.0/Chart.yaml | 17 - charts/neuvector/neuvector/1.8.0/README.md | 159 - .../neuvector/neuvector/1.8.0/app-readme.md | 12 - .../neuvector/neuvector/1.8.0/questions.yml | 160 - .../neuvector/1.8.0/templates/NOTES.txt | 20 - .../neuvector/1.8.0/templates/_helpers.tpl | 32 - .../templates/admission-webhook-service.yaml | 18 - .../1.8.0/templates/clusterrole.yaml | 119 - .../1.8.0/templates/clusterrolebinding.yaml | 145 - .../neuvector/1.8.0/templates/configmap.yaml | 13 - .../templates/controller-deployment.yaml | 186 - .../1.8.0/templates/controller-ingress.yaml | 68 - .../1.8.0/templates/controller-route.yaml | 73 - .../1.8.0/templates/controller-service.yaml | 89 - .../neuvector/1.8.0/templates/crd.yaml | 448 -- .../1.8.0/templates/enforcer-daemonset.yaml | 119 - .../1.8.0/templates/manager-deployment.yaml | 77 - .../1.8.0/templates/manager-ingress.yaml | 68 - .../1.8.0/templates/manager-route.yaml | 25 - .../1.8.0/templates/manager-service.yaml | 26 - .../neuvector/1.8.0/templates/psp.yaml | 77 - .../neuvector/1.8.0/templates/pvc.yaml | 25 - .../1.8.0/templates/rolebinding.yaml | 31 - .../1.8.0/templates/scanner-deployment.yaml | 58 - .../1.8.0/templates/updater-cronjob.yaml | 63 - charts/neuvector/neuvector/1.8.0/values.yaml | 216 - .../2.3.100+up2.3.1/.helmignore | 21 - .../2.3.100+up2.3.1/Chart.yaml | 21 - .../2.3.100+up2.3.1/README.md | 93 - .../2.3.100+up2.3.1/app-readme.md | 1 - ....storage.k8s.io_volumesnapshotclasses.yaml | 85 - ...storage.k8s.io_volumesnapshotcontents.yaml | 233 - ...apshot.storage.k8s.io_volumesnapshots.yaml | 188 - .../2.3.100+up2.3.1/questions.yml | 116 - .../2.3.100+up2.3.1/templates/NOTES.txt | 3 - .../2.3.100+up2.3.1/templates/_helpers.tpl | 43 - .../2.3.100+up2.3.1/templates/csi-driver.yaml | 7 - .../templates/ntnx-cs-scc.yaml | 30 - .../templates/ntnx-csi-node.yaml | 128 - .../templates/ntnx-csi-provisioner.yaml | 111 - .../templates/ntnx-csi-rbac.yaml | 124 - .../templates/ntnx-secret.yaml | 11 - .../2.3.100+up2.3.1/templates/sc.yaml | 73 - .../templates/snapshot-controller-rbac.yaml | 78 - .../templates/snapshot-controller-setup.yaml | 24 - .../2.3.100+up2.3.1/values.yaml | 67 - .../nutanix-csi-storage/2.3.100/.helmignore | 21 - .../nutanix-csi-storage/2.3.100/Chart.yaml | 21 - .../nutanix-csi-storage/2.3.100/README.md | 93 - .../nutanix-csi-storage/2.3.100/app-readme.md | 1 - ....storage.k8s.io_volumesnapshotclasses.yaml | 85 - ...storage.k8s.io_volumesnapshotcontents.yaml | 233 - ...apshot.storage.k8s.io_volumesnapshots.yaml | 188 - .../nutanix-csi-storage/2.3.100/questions.yml | 116 - .../2.3.100/templates/NOTES.txt | 3 - .../2.3.100/templates/_helpers.tpl | 43 - .../2.3.100/templates/csi-driver.yaml | 7 - .../2.3.100/templates/ntnx-cs-scc.yaml | 30 - .../2.3.100/templates/ntnx-csi-node.yaml | 128 - .../templates/ntnx-csi-provisioner.yaml | 111 - .../2.3.100/templates/ntnx-csi-rbac.yaml | 124 - .../2.3.100/templates/ntnx-secret.yaml | 11 - .../2.3.100/templates/sc.yaml | 73 - .../templates/snapshot-controller-rbac.yaml | 78 - .../templates/snapshot-controller-setup.yaml | 24 - .../nutanix-csi-storage/2.3.100/values.yaml | 67 - .../openebs/1.12.300+up1.12.3/Chart.yaml | 22 - .../openebs/openebs/1.12.300+up1.12.3/OWNERS | 6 - .../openebs/1.12.300+up1.12.3/README.md | 135 - .../openebs/1.12.300+up1.12.3/app-readme.md | 10 - .../openebs/1.12.300+up1.12.3/questions.yml | 200 - .../1.12.300+up1.12.3/templates/NOTES.txt | 27 - .../1.12.300+up1.12.3/templates/_helpers.tpl | 43 - .../templates/clusterrole.yaml | 50 - .../templates/clusterrolebinding.yaml | 19 - .../templates/cm-node-disk-manager.yaml | 46 - .../templates/daemonset-ndm.yaml | 147 - .../deployment-admission-server.yaml | 76 - .../deployment-local-provisioner.yaml | 99 - .../templates/deployment-maya-apiserver.yaml | 165 - .../deployment-maya-provisioner.yaml | 98 - .../deployment-maya-snapshot-operator.yaml | 131 - .../templates/deployment-ndm-operator.yaml | 87 - .../templates/psp-clusterrole.yaml | 14 - .../templates/psp-clusterrolebinding.yaml | 17 - .../1.12.300+up1.12.3/templates/psp.yaml | 28 - .../templates/service-maya-apiserver.yaml | 23 - .../templates/serviceaccount.yaml | 11 - .../openebs/1.12.300+up1.12.3/values.yaml | 184 - charts/openebs/openebs/1.12.300/Chart.yaml | 22 - charts/openebs/openebs/1.12.300/OWNERS | 6 - charts/openebs/openebs/1.12.300/README.md | 135 - charts/openebs/openebs/1.12.300/app-readme.md | 10 - charts/openebs/openebs/1.12.300/questions.yml | 200 - .../openebs/1.12.300/templates/NOTES.txt | 27 - .../openebs/1.12.300/templates/_helpers.tpl | 43 - .../1.12.300/templates/clusterrole.yaml | 50 - .../templates/clusterrolebinding.yaml | 19 - .../templates/cm-node-disk-manager.yaml | 46 - .../1.12.300/templates/daemonset-ndm.yaml | 147 - .../deployment-admission-server.yaml | 76 - .../deployment-local-provisioner.yaml | 99 - .../templates/deployment-maya-apiserver.yaml | 165 - .../deployment-maya-provisioner.yaml | 98 - .../deployment-maya-snapshot-operator.yaml | 131 - .../templates/deployment-ndm-operator.yaml | 87 - .../1.12.300/templates/psp-clusterrole.yaml | 14 - .../templates/psp-clusterrolebinding.yaml | 17 - .../openebs/1.12.300/templates/psp.yaml | 28 - .../templates/service-maya-apiserver.yaml | 23 - .../1.12.300/templates/serviceaccount.yaml | 11 - charts/openebs/openebs/1.12.300/values.yaml | 184 - charts/openebs/openebs/2.11.0/Chart.lock | 21 - charts/openebs/openebs/2.11.0/Chart.yaml | 43 - charts/openebs/openebs/2.11.0/OWNERS | 6 - charts/openebs/openebs/2.11.0/README.md | 250 - charts/openebs/openebs/2.11.0/app-readme.md | 10 - .../openebs/2.11.0/charts/cstor/.helmignore | 23 - .../openebs/2.11.0/charts/cstor/Chart.lock | 6 - .../openebs/2.11.0/charts/cstor/Chart.yaml | 29 - .../openebs/2.11.0/charts/cstor/README.md | 241 - .../cstor/charts/openebs-ndm/Chart.yaml | 23 - .../charts/cstor/charts/openebs-ndm/README.md | 79 - .../charts/openebs-ndm/crds/blockdevice.yaml | 241 - .../openebs-ndm/crds/blockdeviceclaim.yaml | 144 - .../charts/openebs-ndm/templates/NOTES.txt | 8 - .../charts/openebs-ndm/templates/_helpers.tpl | 132 - .../openebs-ndm/templates/configmap.yaml | 38 - .../openebs-ndm/templates/daemonset.yaml | 176 - .../openebs-ndm/templates/deployment.yaml | 87 - .../charts/openebs-ndm/templates/rbac.yaml | 44 - .../cstor/charts/openebs-ndm/values.yaml | 121 - .../2.11.0/charts/cstor/crds/cstorbackup.yaml | 93 - .../cstor/crds/cstorcompletedbackup.yaml | 80 - .../charts/cstor/crds/cstorpoolcluster.yaml | 491 -- .../charts/cstor/crds/cstorpoolinstance.yaml | 455 -- .../charts/cstor/crds/cstorrestore.yaml | 106 - .../2.11.0/charts/cstor/crds/cstorvolume.yaml | 271 - .../cstor/crds/cstorvolumeattachment.yaml | 130 - .../charts/cstor/crds/cstorvolumeconfig.yaml | 639 -- .../charts/cstor/crds/cstorvolumepolicy.yaml | 425 -- .../charts/cstor/crds/cstorvolumereplica.yaml | 216 - .../charts/cstor/crds/migrationtask.yaml | 128 - .../2.11.0/charts/cstor/crds/upgradetask.yaml | 257 - .../charts/cstor/crds/volumesnapshot.yaml | 226 - .../cstor/crds/volumesnapshotclass.yaml | 111 - .../cstor/crds/volumesnapshotcontent.yaml | 291 - .../2.11.0/charts/cstor/templates/NOTES.txt | 11 - .../charts/cstor/templates/_helpers.tpl | 217 - .../cstor/templates/admission-server.yaml | 59 - .../cstor/templates/cleanup-webhook.yaml | 39 - .../cstor/templates/csi-controller-rbac.yaml | 196 - .../cstor/templates/csi-controller.yaml | 137 - .../charts/cstor/templates/csi-driver.yaml | 16 - .../cstor/templates/csi-iscsiadm-config.yaml | 18 - .../charts/cstor/templates/csi-node-rbac.yaml | 73 - .../charts/cstor/templates/csi-node.yaml | 143 - .../charts/cstor/templates/cspc-operator.yaml | 86 - .../cstor/templates/cvc-operator-service.yaml | 15 - .../charts/cstor/templates/cvc-operator.yaml | 83 - .../cstor/templates/priority-class.yaml | 19 - .../2.11.0/charts/cstor/templates/psp.yaml | 24 - .../2.11.0/charts/cstor/templates/rbac.yaml | 117 - .../cstor/templates/snapshot-class.yaml | 8 - .../openebs/2.11.0/charts/cstor/values.yaml | 248 - .../openebs/2.11.0/charts/jiva/.helmignore | 23 - .../openebs/2.11.0/charts/jiva/Chart.lock | 6 - .../openebs/2.11.0/charts/jiva/Chart.yaml | 27 - .../openebs/2.11.0/charts/jiva/README.md | 207 - .../charts/localpv-provisioner/.helmignore | 23 - .../charts/localpv-provisioner/Chart.lock | 6 - .../charts/localpv-provisioner/Chart.yaml | 27 - .../jiva/charts/localpv-provisioner/README.md | 143 - .../charts/openebs-ndm/Chart.yaml | 23 - .../charts/openebs-ndm/README.md | 79 - .../charts/openebs-ndm/crds/blockdevice.yaml | 241 - .../openebs-ndm/crds/blockdeviceclaim.yaml | 144 - .../charts/openebs-ndm/templates/NOTES.txt | 8 - .../charts/openebs-ndm/templates/_helpers.tpl | 132 - .../openebs-ndm/templates/configmap.yaml | 38 - .../openebs-ndm/templates/daemonset.yaml | 176 - .../openebs-ndm/templates/deployment.yaml | 87 - .../charts/openebs-ndm/templates/rbac.yaml | 44 - .../charts/openebs-ndm/values.yaml | 121 - .../localpv-provisioner/templates/NOTES.txt | 12 - .../templates/_helpers.tpl | 79 - .../templates/deployment.yaml | 114 - .../templates/device-class.yaml | 25 - .../templates/hostpath-class.yaml | 25 - .../localpv-provisioner/templates/psp.yaml | 30 - .../localpv-provisioner/templates/rbac.yaml | 99 - .../charts/localpv-provisioner/values.yaml | 121 - .../charts/jiva/crds/jivavolumepolicy.yaml | 1506 ----- .../2.11.0/charts/jiva/crds/jivavolumes.yaml | 1670 ----- .../2.11.0/charts/jiva/crds/upgradetask.yaml | 257 - .../2.11.0/charts/jiva/templates/NOTES.txt | 8 - .../2.11.0/charts/jiva/templates/_helpers.tpl | 150 - .../jiva/templates/csi-controller-rbac.yaml | 196 - .../charts/jiva/templates/csi-controller.yaml | 134 - .../charts/jiva/templates/csi-driver.yaml | 9 - .../jiva/templates/csi-iscsiadm-config.yaml | 18 - .../charts/jiva/templates/csi-node-rbac.yaml | 43 - .../charts/jiva/templates/csi-node.yaml | 165 - .../charts/jiva/templates/default-policy.yaml | 12 - .../jiva/templates/default-storageclass.yaml | 16 - .../jiva/templates/jiva-operator-rbac.yaml | 103 - .../charts/jiva/templates/jiva-operator.yaml | 76 - .../charts/jiva/templates/priority-class.yaml | 19 - .../2.11.0/charts/jiva/templates/psp.yaml | 27 - .../openebs/2.11.0/charts/jiva/values.yaml | 213 - .../charts/localpv-provisioner/.helmignore | 23 - .../charts/localpv-provisioner/Chart.lock | 6 - .../charts/localpv-provisioner/Chart.yaml | 27 - .../charts/localpv-provisioner/README.md | 143 - .../charts/openebs-ndm/Chart.yaml | 23 - .../charts/openebs-ndm/README.md | 79 - .../charts/openebs-ndm/crds/blockdevice.yaml | 241 - .../openebs-ndm/crds/blockdeviceclaim.yaml | 144 - .../charts/openebs-ndm/templates/NOTES.txt | 8 - .../charts/openebs-ndm/templates/_helpers.tpl | 132 - .../openebs-ndm/templates/configmap.yaml | 38 - .../openebs-ndm/templates/daemonset.yaml | 176 - .../openebs-ndm/templates/deployment.yaml | 87 - .../charts/openebs-ndm/templates/rbac.yaml | 44 - .../charts/openebs-ndm/values.yaml | 121 - .../localpv-provisioner/templates/NOTES.txt | 12 - .../templates/_helpers.tpl | 79 - .../templates/deployment.yaml | 114 - .../templates/device-class.yaml | 25 - .../templates/hostpath-class.yaml | 25 - .../localpv-provisioner/templates/psp.yaml | 30 - .../localpv-provisioner/templates/rbac.yaml | 99 - .../charts/localpv-provisioner/values.yaml | 121 - .../2.11.0/charts/lvm-localpv/.helmignore | 23 - .../2.11.0/charts/lvm-localpv/Chart.yaml | 23 - .../2.11.0/charts/lvm-localpv/README.md | 159 - .../charts/lvm-localpv/crds/lvmnode.yaml | 110 - .../charts/lvm-localpv/crds/lvmsnapshot.yaml | 109 - .../charts/lvm-localpv/crds/lvmvolume.yaml | 153 - .../crds/volumesnapshotclasses.yaml | 112 - .../crds/volumesnapshotcontents.yaml | 291 - .../lvm-localpv/crds/volumesnapshots.yaml | 225 - .../charts/lvm-localpv/templates/NOTES.txt | 5 - .../charts/lvm-localpv/templates/_helpers.tpl | 116 - .../lvm-localpv/templates/csidriver.yaml | 10 - .../lvm-localpv/templates/lvm-controller.yaml | 147 - .../templates/lvm-node-service.yaml | 18 - .../lvm-localpv/templates/lvm-node.yaml | 150 - .../charts/lvm-localpv/templates/psp.yaml | 24 - .../charts/lvm-localpv/templates/rbac.yaml | 197 - .../2.11.0/charts/lvm-localpv/values.yaml | 159 - .../2.11.0/charts/openebs-ndm/Chart.yaml | 23 - .../2.11.0/charts/openebs-ndm/README.md | 79 - .../charts/openebs-ndm/crds/blockdevice.yaml | 241 - .../openebs-ndm/crds/blockdeviceclaim.yaml | 144 - .../charts/openebs-ndm/templates/NOTES.txt | 8 - .../charts/openebs-ndm/templates/_helpers.tpl | 132 - .../openebs-ndm/templates/configmap.yaml | 38 - .../openebs-ndm/templates/daemonset.yaml | 176 - .../openebs-ndm/templates/deployment.yaml | 87 - .../charts/openebs-ndm/templates/rbac.yaml | 44 - .../2.11.0/charts/openebs-ndm/values.yaml | 121 - .../2.11.0/charts/zfs-localpv/.helmignore | 23 - .../2.11.0/charts/zfs-localpv/Chart.yaml | 23 - .../2.11.0/charts/zfs-localpv/README.md | 136 - .../crds/volumesnapshotclasses.yaml | 111 - .../crds/volumesnapshotcontents.yaml | 292 - .../zfs-localpv/crds/volumesnapshots.yaml | 225 - .../charts/zfs-localpv/crds/zfsbackup.yaml | 116 - .../charts/zfs-localpv/crds/zfsnode.yaml | 87 - .../charts/zfs-localpv/crds/zfsrestore.yaml | 238 - .../charts/zfs-localpv/crds/zfssnapshot.yaml | 383 -- .../charts/zfs-localpv/crds/zfsvolume.yaml | 449 -- .../charts/zfs-localpv/templates/NOTES.txt | 5 - .../charts/zfs-localpv/templates/_helpers.tpl | 116 - .../zfs-localpv/templates/configmap.yaml | 17 - .../zfs-localpv/templates/csidriver.yaml | 9 - .../charts/zfs-localpv/templates/psp.yaml | 24 - .../charts/zfs-localpv/templates/rbac.yaml | 200 - .../zfs-localpv/templates/zfs-contoller.yaml | 128 - .../zfs-localpv/templates/zfs-node.yaml | 146 - .../2.11.0/charts/zfs-localpv/values.yaml | 147 - charts/openebs/openebs/2.11.0/questions.yml | 200 - .../openebs/2.11.0/templates/NOTES.txt | 27 - .../openebs/2.11.0/templates/_helpers.tpl | 43 - .../2.11.0/templates/cleanup-webhook.yaml | 45 - .../openebs/2.11.0/templates/clusterrole.yaml | 50 - .../2.11.0/templates/clusterrolebinding.yaml | 19 - .../templates/cm-node-disk-manager.yaml | 46 - .../2.11.0/templates/daemonset-ndm.yaml | 180 - .../deployment-admission-server.yaml | 84 - .../deployment-local-provisioner.yaml | 115 - .../templates/deployment-maya-apiserver.yaml | 173 - .../deployment-maya-provisioner.yaml | 115 - .../deployment-maya-snapshot-operator.yaml | 147 - .../templates/deployment-ndm-operator.yaml | 89 - .../2.11.0/templates/psp-clusterrole.yaml | 14 - .../templates/psp-clusterrolebinding.yaml | 17 - .../openebs/openebs/2.11.0/templates/psp.yaml | 28 - .../templates/service-maya-apiserver.yaml | 23 - .../2.11.0/templates/serviceaccount.yaml | 11 - charts/openebs/openebs/2.11.0/values.yaml | 604 -- .../portshift-operator/0.1.0/.helmignore | 23 - .../portshift-operator/0.1.0/Chart.yaml | 23 - .../portshift-operator/0.1.0/README.md | 5 - .../portshift-operator/0.1.0/app-readme.md | 5 - .../portshift-operator/0.1.0/crds/crd.yaml | 53 - .../portshift-operator/0.1.0/questions.yaml | 60 - .../0.1.0/templates/_helpers.tpl | 45 - .../0.1.0/templates/clusterrolebinding.yaml | 18 - .../0.1.0/templates/deployment.yaml | 41 - .../0.1.0/templates/portshiftinstaller.yaml | 13 - .../0.1.0/templates/secret.yaml | 14 - .../0.1.0/templates/serviceaccount.yaml | 10 - .../portshift-operator/0.1.0/values.yaml | 11 - .../portshift-operator/0.1.000/.helmignore | 23 - .../portshift-operator/0.1.000/Chart.yaml | 23 - .../portshift-operator/0.1.000/README.md | 5 - .../portshift-operator/0.1.000/app-readme.md | 5 - .../portshift-operator/0.1.000/crds/crd.yaml | 53 - .../portshift-operator/0.1.000/questions.yaml | 60 - .../0.1.000/templates/_helpers.tpl | 45 - .../0.1.000/templates/clusterrolebinding.yaml | 18 - .../0.1.000/templates/deployment.yaml | 41 - .../0.1.000/templates/portshiftinstaller.yaml | 13 - .../0.1.000/templates/secret.yaml | 14 - .../0.1.000/templates/serviceaccount.yaml | 10 - .../portshift-operator/0.1.000/values.yaml | 11 - .../control-agent/2.0.100+up2.0.1/.helmignore | 21 - .../control-agent/2.0.100+up2.0.1/Chart.yaml | 19 - .../control-agent/2.0.100+up2.0.1/README.md | 52 - .../2.0.100+up2.0.1/app-readme.md | 5 - .../2.0.100+up2.0.1/krb/krb5.conf | 17 - .../2.0.100+up2.0.1/questions.yml | 65 - .../2.0.100+up2.0.1/templates/NOTES.txt | 2 - .../2.0.100+up2.0.1/templates/_helpers.tpl | 32 - .../2.0.100+up2.0.1/templates/deployment.yaml | 87 - .../templates/krb5-secret.yaml | 32 - .../2.0.100+up2.0.1/templates/rbac.yaml | 91 - .../2.0.100+up2.0.1/templates/sdc.yaml | 22 - .../templates/token-secret.yaml | 12 - .../control-agent/2.0.100+up2.0.1/values.yaml | 28 - .../control-agent/2.0.100/.helmignore | 21 - .../control-agent/2.0.100/Chart.yaml | 19 - .../control-agent/2.0.100/README.md | 52 - .../control-agent/2.0.100/app-readme.md | 5 - .../control-agent/2.0.100/krb/krb5.conf | 17 - .../control-agent/2.0.100/questions.yml | 65 - .../control-agent/2.0.100/templates/NOTES.txt | 2 - .../2.0.100/templates/_helpers.tpl | 32 - .../2.0.100/templates/deployment.yaml | 87 - .../2.0.100/templates/krb5-secret.yaml | 32 - .../control-agent/2.0.100/templates/rbac.yaml | 91 - .../control-agent/2.0.100/templates/sdc.yaml | 22 - .../2.0.100/templates/token-secret.yaml | 12 - .../control-agent/2.0.100/values.yaml | 28 - .../sysdig/1.9.200+up1.9.2/CHANGELOG.md | 437 -- .../sysdig/sysdig/1.9.200+up1.9.2/Chart.yaml | 31 - .../sysdig/sysdig/1.9.200+up1.9.2/DESIGN.md | 34 - charts/sysdig/sysdig/1.9.200+up1.9.2/OWNERS | 6 - .../sysdig/1.9.200+up1.9.2/README-AWS.md | 45 - .../sysdig/sysdig/1.9.200+up1.9.2/README.md | 377 -- .../sysdig/1.9.200+up1.9.2/app-readme.md | 20 - .../1.9.200+up1.9.2/ci/test-values.yaml | 2 - .../sysdig/1.9.200+up1.9.2/questions.yml | 100 - .../1.9.200+up1.9.2/scripts/appchecks2helm | 11 - .../1.9.200+up1.9.2/templates/NOTES.txt | 9 - .../1.9.200+up1.9.2/templates/_helpers.tpl | 109 - .../1.9.200+up1.9.2/templates/auditsink.yaml | 24 - .../templates/clusterrole.yaml | 66 - .../templates/clusterrolebinding.yaml | 16 - .../configmap-custom-app-checks.yaml | 13 - .../templates/configmap-image-analyzer.yaml | 34 - .../1.9.200+up1.9.2/templates/configmap.yaml | 54 - .../templates/daemonset-image-analyzer.yaml | 148 - .../1.9.200+up1.9.2/templates/daemonset.yaml | 227 - .../1.9.200+up1.9.2/templates/secrets.yaml | 9 - .../templates/securitycontextconstraint.yaml | 42 - .../1.9.200+up1.9.2/templates/service.yaml | 15 - .../templates/serviceaccount.yaml | 8 - .../sysdig/sysdig/1.9.200+up1.9.2/values.yaml | 220 - charts/sysdig/sysdig/1.9.200/CHANGELOG.md | 437 -- charts/sysdig/sysdig/1.9.200/Chart.yaml | 31 - charts/sysdig/sysdig/1.9.200/DESIGN.md | 34 - charts/sysdig/sysdig/1.9.200/OWNERS | 6 - charts/sysdig/sysdig/1.9.200/README-AWS.md | 45 - charts/sysdig/sysdig/1.9.200/README.md | 377 -- charts/sysdig/sysdig/1.9.200/app-readme.md | 20 - .../sysdig/sysdig/1.9.200/ci/test-values.yaml | 2 - charts/sysdig/sysdig/1.9.200/questions.yml | 100 - .../sysdig/1.9.200/scripts/appchecks2helm | 11 - .../sysdig/sysdig/1.9.200/templates/NOTES.txt | 9 - .../sysdig/1.9.200/templates/_helpers.tpl | 109 - .../sysdig/1.9.200/templates/auditsink.yaml | 24 - .../sysdig/1.9.200/templates/clusterrole.yaml | 66 - .../1.9.200/templates/clusterrolebinding.yaml | 16 - .../configmap-custom-app-checks.yaml | 13 - .../templates/configmap-image-analyzer.yaml | 34 - .../sysdig/1.9.200/templates/configmap.yaml | 54 - .../templates/daemonset-image-analyzer.yaml | 148 - .../sysdig/1.9.200/templates/daemonset.yaml | 227 - .../sysdig/1.9.200/templates/secrets.yaml | 9 - .../templates/securitycontextconstraint.yaml | 42 - .../sysdig/1.9.200/templates/service.yaml | 15 - .../1.9.200/templates/serviceaccount.yaml | 8 - charts/sysdig/sysdig/1.9.200/values.yaml | 220 - .../1.2.200100+up1.2.2-up.1/.helmignore | 21 - .../1.2.200100+up1.2.2-up.1/Chart.yaml | 42 - .../1.2.200100+up1.2.2-up.1/app-readme.md | 36 - .../1.2.200100+up1.2.2-up.1/questions.yaml | 184 - .../templates/NOTES.txt | 15 - .../templates/_helpers.tpl | 21 - .../templates/bootstrapper/_helpers.tpl | 21 - .../templates/bootstrapper/clusterrole.yaml | 26 - .../bootstrapper/clusterrolebinding.yaml | 14 - .../templates/bootstrapper/deployment.yaml | 53 - .../templates/bootstrapper/role.yaml | 24 - .../templates/bootstrapper/rolebinding.yaml | 14 - .../bootstrapper/secret-entitlement.yaml | 9 - .../bootstrapper/serviceaccount.yaml | 10 - .../bootstrapper/uxp-ca-tls-secret.yaml | 7 - .../bootstrapper/versions-configmap.yaml | 10 - .../templates/crossplane/NOTES.txt | 8 - .../templates/crossplane/_helpers.tpl | 14 - .../templates/crossplane/clusterrole.yaml | 93 - .../crossplane/clusterrolebinding.yaml | 17 - .../templates/crossplane/deployment.yaml | 104 - ...-manager-allowed-provider-permissions.yaml | 16 - .../crossplane/rbac-manager-clusterrole.yaml | 94 - .../rbac-manager-clusterrolebinding.yaml | 19 - .../crossplane/rbac-manager-deployment.yaml | 85 - .../rbac-manager-managed-clusterroles.yaml | 279 - .../rbac-manager-serviceaccount.yaml | 11 - .../templates/crossplane/serviceaccount.yaml | 15 - .../templates/upbound-agent/_helpers.tpl | 22 - .../templates/upbound-agent/clusterrole.yaml | 40 - .../clusterrolebindings-managed.yaml | 34 - .../upbound-agent/clusterrolebindings.yaml | 31 - .../upbound-agent/clusterroles-managed.yaml | 66 - .../control-plane-token-secret.yaml | 11 - .../templates/upbound-agent/deployment.yaml | 103 - .../templates/upbound-agent/role.yaml | 66 - .../templates/upbound-agent/service.yaml | 16 - .../upbound-agent/serviceaccount.yaml | 8 - .../templates/upbound-agent/tls-secret.yaml | 9 - .../templates/xgql/_helpers.tpl | 22 - .../templates/xgql/deployment.yaml | 59 - .../templates/xgql/service.yaml | 14 - .../templates/xgql/serviceaccount.yaml | 6 - .../templates/xgql/tls-secret.yaml | 7 - .../1.2.200100+up1.2.2-up.1/values.yaml | 152 - .../1.2.200100+up1.2.2-up.1/values.yaml.tmpl | 152 - .../1.2.200100/.helmignore | 21 - .../1.2.200100/Chart.yaml | 42 - .../1.2.200100/app-readme.md | 36 - .../1.2.200100/questions.yaml | 184 - .../1.2.200100/templates/NOTES.txt | 15 - .../1.2.200100/templates/_helpers.tpl | 21 - .../templates/bootstrapper/_helpers.tpl | 21 - .../templates/bootstrapper/clusterrole.yaml | 26 - .../bootstrapper/clusterrolebinding.yaml | 14 - .../templates/bootstrapper/deployment.yaml | 53 - .../templates/bootstrapper/role.yaml | 24 - .../templates/bootstrapper/rolebinding.yaml | 14 - .../bootstrapper/secret-entitlement.yaml | 9 - .../bootstrapper/serviceaccount.yaml | 10 - .../bootstrapper/uxp-ca-tls-secret.yaml | 7 - .../bootstrapper/versions-configmap.yaml | 10 - .../1.2.200100/templates/crossplane/NOTES.txt | 8 - .../templates/crossplane/_helpers.tpl | 14 - .../templates/crossplane/clusterrole.yaml | 93 - .../crossplane/clusterrolebinding.yaml | 17 - .../templates/crossplane/deployment.yaml | 104 - ...-manager-allowed-provider-permissions.yaml | 16 - .../crossplane/rbac-manager-clusterrole.yaml | 94 - .../rbac-manager-clusterrolebinding.yaml | 19 - .../crossplane/rbac-manager-deployment.yaml | 85 - .../rbac-manager-managed-clusterroles.yaml | 279 - .../rbac-manager-serviceaccount.yaml | 11 - .../templates/crossplane/serviceaccount.yaml | 15 - .../templates/upbound-agent/_helpers.tpl | 22 - .../templates/upbound-agent/clusterrole.yaml | 40 - .../clusterrolebindings-managed.yaml | 34 - .../upbound-agent/clusterrolebindings.yaml | 31 - .../upbound-agent/clusterroles-managed.yaml | 66 - .../control-plane-token-secret.yaml | 11 - .../templates/upbound-agent/deployment.yaml | 103 - .../templates/upbound-agent/role.yaml | 66 - .../templates/upbound-agent/service.yaml | 16 - .../upbound-agent/serviceaccount.yaml | 8 - .../templates/upbound-agent/tls-secret.yaml | 9 - .../1.2.200100/templates/xgql/_helpers.tpl | 22 - .../1.2.200100/templates/xgql/deployment.yaml | 59 - .../1.2.200100/templates/xgql/service.yaml | 14 - .../templates/xgql/serviceaccount.yaml | 6 - .../1.2.200100/templates/xgql/tls-secret.yaml | 7 - .../1.2.200100/values.yaml | 152 - .../1.2.200100/values.yaml.tmpl | 152 - index.yaml | 1649 ----- 2693 files changed, 310434 deletions(-) delete mode 100644 assets/ambassador/ambassador-6.7.1100+up6.7.11.tgz delete mode 100755 assets/ambassador/ambassador-6.7.1100.tgz delete mode 100755 assets/artifactory-ha/artifactory-ha-3.0.1400.tgz delete mode 100644 assets/artifactory-ha/artifactory-ha-4.13.0.tgz delete mode 100755 assets/artifactory-ha/artifactory-ha-4.13.000.tgz delete mode 100755 assets/artifactory-ha/artifactory-ha-4.7.600.tgz delete mode 100755 assets/artifactory-jcr/artifactory-jcr-2.5.100.tgz delete mode 100644 assets/artifactory-jcr/artifactory-jcr-3.4.0.tgz delete mode 100755 assets/artifactory-jcr/artifactory-jcr-3.4.000.tgz delete mode 100644 assets/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway-1.2.100+up1.2.1.tgz delete mode 100755 assets/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway-1.2.100.tgz delete mode 100644 assets/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller-1.8.2800+up1.8.28.tgz delete mode 100755 assets/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller-1.8.2800.tgz delete mode 100755 assets/cloudcasa/cloudcasa-0.1.000.tgz delete mode 100644 assets/cloudcasa/cloudcasa-1.0.0.tgz delete mode 100755 assets/cloudcasa/cloudcasa-1.tgz delete mode 100644 assets/cloudcasa/cloudcasa-2.0.0.tgz delete mode 100644 assets/cockroachdb/cockroachdb-4.1.200+up4.1.2.tgz delete mode 100755 assets/cockroachdb/cockroachdb-4.1.200.tgz delete mode 100644 assets/csi-wekafs/csi-wekafsplugin-0.6.400+up0.6.4.tgz delete mode 100755 assets/csi-wekafs/csi-wekafsplugin-0.6.400.tgz delete mode 100644 assets/datadog/datadog-2.4.200+up2.4.2.tgz delete mode 100755 assets/datadog/datadog-2.4.200.tgz delete mode 100644 assets/dynatrace-oneagent-operator/dynatrace-oneagent-operator-0.8.0.tgz delete mode 100755 assets/dynatrace-oneagent-operator/dynatrace-oneagent-operator-0.8.000.tgz delete mode 100644 assets/falcon-sensor/falcon-sensor-0.9.300+up0.9.3.tgz delete mode 100755 assets/falcon-sensor/falcon-sensor-0.9.300.tgz delete mode 100644 assets/federatorai/federatorai-4.5.100+up4.5.1.tgz delete mode 100755 assets/federatorai/federatorai-4.5.100.tgz delete mode 100755 assets/haproxy/haproxy-1.12.100.tgz delete mode 100644 assets/haproxy/haproxy-1.12.500+up1.12.5.tgz delete mode 100755 assets/haproxy/haproxy-1.12.500.tgz delete mode 100755 assets/haproxy/haproxy-1.4.300.tgz delete mode 100755 assets/hpe-csi-driver/hpe-csi-driver-1.3.000.tgz delete mode 100644 assets/hpe-csi-driver/hpe-csi-driver-1.4.200+up1.4.2.tgz delete mode 100755 assets/hpe-csi-driver/hpe-csi-driver-1.4.200.tgz delete mode 100644 assets/hpe-csi-driver/hpe-csi-driver-2.0.0.tgz delete mode 100644 assets/hpe-flexvolume-driver/hpe-flexvolume-driver-3.1.0.tgz delete mode 100755 assets/hpe-flexvolume-driver/hpe-flexvolume-driver-3.1.000.tgz delete mode 100644 assets/instana-agent/instana-agent-1.0.2900+up1.0.29.tgz delete mode 100755 assets/instana-agent/instana-agent-1.0.2900.tgz delete mode 100644 assets/k8s-triliovault-operator/k8s-triliovault-operator-2.0.500+upv2.0.5.tgz delete mode 100755 assets/k8s-triliovault-operator/k8s-triliovault-operator-2.0.500.tgz delete mode 100755 assets/k8s-triliovault-operator/k8s-triliovault-operator-v2.0.200.tgz delete mode 100644 assets/kubecost/cost-analyzer-1.70.0.tgz delete mode 100755 assets/kubecost/cost-analyzer-1.70.000.tgz delete mode 100755 assets/logos/cloudcasa.png delete mode 100644 assets/neuvector/neuvector-1.8.0.tgz delete mode 100644 assets/nutanix-csi-storage/nutanix-csi-storage-2.3.100+up2.3.1.tgz delete mode 100755 assets/nutanix-csi-storage/nutanix-csi-storage-2.3.100.tgz delete mode 100644 assets/openebs/openebs-1.12.300+up1.12.3.tgz delete mode 100755 assets/openebs/openebs-1.12.300.tgz delete mode 100644 assets/openebs/openebs-2.11.0.tgz delete mode 100644 assets/portshift-operator/portshift-operator-0.1.0.tgz delete mode 100755 assets/portshift-operator/portshift-operator-0.1.000.tgz delete mode 100644 assets/streamsets/control-agent-2.0.100+up2.0.1.tgz delete mode 100755 assets/streamsets/control-agent-2.0.100.tgz delete mode 100644 assets/sysdig/sysdig-1.9.200+up1.9.2.tgz delete mode 100755 assets/sysdig/sysdig-1.9.200.tgz delete mode 100644 assets/universal-crossplane/universal-crossplane-1.2.200100+up1.2.2-up.1.tgz delete mode 100755 assets/universal-crossplane/universal-crossplane-1.2.200100.tgz delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/.helmignore delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/CHANGELOG.md delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/CONTRIBUTING.md delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/Chart.yaml delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/Makefile delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/README.md delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/RELEASE.tpl delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/RELEASE_TITLE.tpl delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/app-readme.md delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/ci/01-psp-values.yaml delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/ci/02-oss-values.yaml delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/ci/05-auth-disabled-values.yaml delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/ci/06-hpa-values.yaml delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/ci/08-single-namespace-values.yaml delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/ci/09-redis-false-values.yaml delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/ci/12-daemonset-values.yaml delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/ci/13-rl-disabled-values.yaml delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/ci/14-deployment-labels.yaml delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/ci/15-test-resolvers.yaml delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/ci/16-test-module.yaml delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/ci/17-svc-preview.yaml delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/ci/check_updated_changelog.sh delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/ci/tests/manifests/backend.yaml delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/ci/tests/manifests/ci-default-values.yaml delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/ci/tests/manifests/helm-init.yaml delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/ci/tests/manifests/helm2-values.yaml delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/ci/tests/manifests/tls.yaml delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/ci/update_chart_changelog.sh delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/crds/filter.yaml delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/crds/filterpolicy.yaml delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/crds/getambassador.io_authservices.yaml delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/crds/getambassador.io_consulresolvers.yaml delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/crds/getambassador.io_devportals.yaml delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/crds/getambassador.io_hosts.yaml delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/crds/getambassador.io_kubernetesendpointresolvers.yaml delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/crds/getambassador.io_kubernetesserviceresolvers.yaml delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/crds/getambassador.io_logservices.yaml delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/crds/getambassador.io_mappings.yaml delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/crds/getambassador.io_modules.yaml delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/crds/getambassador.io_ratelimitservices.yaml delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/crds/getambassador.io_tcpmappings.yaml delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/crds/getambassador.io_tlscontexts.yaml delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/crds/getambassador.io_tracingservices.yaml delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/crds/project.yaml delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/crds/projectcontroller.yaml delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/crds/projectrevision.yaml delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/crds/ratelimit.yaml delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/ct.yaml delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/questions.yml delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/NOTES.txt delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/_helpers.tpl delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/admin-service.yaml delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/aes-authservice.yaml delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/aes-injector.yaml delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/aes-internal.yaml delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/aes-ratelimit.yaml delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/aes-redis.yaml delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/aes-secret.yaml delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/ambassador-agent.yaml delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/config.yaml delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/crd-delete.yaml delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/crds.yaml delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/deployment.yaml delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/exporter-config.yaml delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/hpa.yaml delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/module.yaml delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/namespace.yaml delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/oss-migration-test-service.yaml delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/pdb.yaml delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/podsecuritypolicy.yaml delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/projects-rbac.yaml delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/projects.yaml delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/rbac.yaml delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/resolvers.yaml delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/service.yaml delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/serviceaccount.yaml delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/servicemonitor.yaml delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/tests/test-ready.yaml delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/traffic-agent-rbac.yaml delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/traffic-manager.yaml delete mode 100644 charts/ambassador/ambassador/6.7.1100+up6.7.11/values.yaml delete mode 100755 charts/ambassador/ambassador/6.7.1100/.helmignore delete mode 100755 charts/ambassador/ambassador/6.7.1100/CHANGELOG.md delete mode 100755 charts/ambassador/ambassador/6.7.1100/CONTRIBUTING.md delete mode 100755 charts/ambassador/ambassador/6.7.1100/Chart.yaml delete mode 100755 charts/ambassador/ambassador/6.7.1100/Makefile delete mode 100755 charts/ambassador/ambassador/6.7.1100/README.md delete mode 100755 charts/ambassador/ambassador/6.7.1100/RELEASE.tpl delete mode 100755 charts/ambassador/ambassador/6.7.1100/RELEASE_TITLE.tpl delete mode 100755 charts/ambassador/ambassador/6.7.1100/app-readme.md delete mode 100755 charts/ambassador/ambassador/6.7.1100/ci/01-psp-values.yaml delete mode 100755 charts/ambassador/ambassador/6.7.1100/ci/02-oss-values.yaml delete mode 100755 charts/ambassador/ambassador/6.7.1100/ci/05-auth-disabled-values.yaml delete mode 100755 charts/ambassador/ambassador/6.7.1100/ci/06-hpa-values.yaml delete mode 100755 charts/ambassador/ambassador/6.7.1100/ci/08-single-namespace-values.yaml delete mode 100755 charts/ambassador/ambassador/6.7.1100/ci/09-redis-false-values.yaml delete mode 100755 charts/ambassador/ambassador/6.7.1100/ci/12-daemonset-values.yaml delete mode 100755 charts/ambassador/ambassador/6.7.1100/ci/13-rl-disabled-values.yaml delete mode 100755 charts/ambassador/ambassador/6.7.1100/ci/14-deployment-labels.yaml delete mode 100755 charts/ambassador/ambassador/6.7.1100/ci/15-test-resolvers.yaml delete mode 100755 charts/ambassador/ambassador/6.7.1100/ci/16-test-module.yaml delete mode 100755 charts/ambassador/ambassador/6.7.1100/ci/17-svc-preview.yaml delete mode 100755 charts/ambassador/ambassador/6.7.1100/ci/check_updated_changelog.sh delete mode 100755 charts/ambassador/ambassador/6.7.1100/ci/tests/manifests/backend.yaml delete mode 100755 charts/ambassador/ambassador/6.7.1100/ci/tests/manifests/ci-default-values.yaml delete mode 100755 charts/ambassador/ambassador/6.7.1100/ci/tests/manifests/helm-init.yaml delete mode 100755 charts/ambassador/ambassador/6.7.1100/ci/tests/manifests/helm2-values.yaml delete mode 100755 charts/ambassador/ambassador/6.7.1100/ci/tests/manifests/tls.yaml delete mode 100755 charts/ambassador/ambassador/6.7.1100/ci/update_chart_changelog.sh delete mode 100755 charts/ambassador/ambassador/6.7.1100/crds/filter.yaml delete mode 100755 charts/ambassador/ambassador/6.7.1100/crds/filterpolicy.yaml delete mode 100755 charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_authservices.yaml delete mode 100755 charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_consulresolvers.yaml delete mode 100755 charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_devportals.yaml delete mode 100755 charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_hosts.yaml delete mode 100755 charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_kubernetesendpointresolvers.yaml delete mode 100755 charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_kubernetesserviceresolvers.yaml delete mode 100755 charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_logservices.yaml delete mode 100755 charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_mappings.yaml delete mode 100755 charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_modules.yaml delete mode 100755 charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_ratelimitservices.yaml delete mode 100755 charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_tcpmappings.yaml delete mode 100755 charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_tlscontexts.yaml delete mode 100755 charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_tracingservices.yaml delete mode 100755 charts/ambassador/ambassador/6.7.1100/crds/project.yaml delete mode 100755 charts/ambassador/ambassador/6.7.1100/crds/projectcontroller.yaml delete mode 100755 charts/ambassador/ambassador/6.7.1100/crds/projectrevision.yaml delete mode 100755 charts/ambassador/ambassador/6.7.1100/crds/ratelimit.yaml delete mode 100755 charts/ambassador/ambassador/6.7.1100/ct.yaml delete mode 100755 charts/ambassador/ambassador/6.7.1100/questions.yml delete mode 100755 charts/ambassador/ambassador/6.7.1100/templates/NOTES.txt delete mode 100755 charts/ambassador/ambassador/6.7.1100/templates/_helpers.tpl delete mode 100755 charts/ambassador/ambassador/6.7.1100/templates/admin-service.yaml delete mode 100755 charts/ambassador/ambassador/6.7.1100/templates/aes-authservice.yaml delete mode 100755 charts/ambassador/ambassador/6.7.1100/templates/aes-injector.yaml delete mode 100755 charts/ambassador/ambassador/6.7.1100/templates/aes-internal.yaml delete mode 100755 charts/ambassador/ambassador/6.7.1100/templates/aes-ratelimit.yaml delete mode 100755 charts/ambassador/ambassador/6.7.1100/templates/aes-redis.yaml delete mode 100755 charts/ambassador/ambassador/6.7.1100/templates/aes-secret.yaml delete mode 100755 charts/ambassador/ambassador/6.7.1100/templates/ambassador-agent.yaml delete mode 100755 charts/ambassador/ambassador/6.7.1100/templates/config.yaml delete mode 100755 charts/ambassador/ambassador/6.7.1100/templates/crd-delete.yaml delete mode 100755 charts/ambassador/ambassador/6.7.1100/templates/crds.yaml delete mode 100755 charts/ambassador/ambassador/6.7.1100/templates/deployment.yaml delete mode 100755 charts/ambassador/ambassador/6.7.1100/templates/exporter-config.yaml delete mode 100755 charts/ambassador/ambassador/6.7.1100/templates/hpa.yaml delete mode 100755 charts/ambassador/ambassador/6.7.1100/templates/module.yaml delete mode 100755 charts/ambassador/ambassador/6.7.1100/templates/namespace.yaml delete mode 100755 charts/ambassador/ambassador/6.7.1100/templates/oss-migration-test-service.yaml delete mode 100755 charts/ambassador/ambassador/6.7.1100/templates/pdb.yaml delete mode 100755 charts/ambassador/ambassador/6.7.1100/templates/podsecuritypolicy.yaml delete mode 100755 charts/ambassador/ambassador/6.7.1100/templates/projects-rbac.yaml delete mode 100755 charts/ambassador/ambassador/6.7.1100/templates/projects.yaml delete mode 100755 charts/ambassador/ambassador/6.7.1100/templates/rbac.yaml delete mode 100755 charts/ambassador/ambassador/6.7.1100/templates/resolvers.yaml delete mode 100755 charts/ambassador/ambassador/6.7.1100/templates/service.yaml delete mode 100755 charts/ambassador/ambassador/6.7.1100/templates/serviceaccount.yaml delete mode 100755 charts/ambassador/ambassador/6.7.1100/templates/servicemonitor.yaml delete mode 100755 charts/ambassador/ambassador/6.7.1100/templates/tests/test-ready.yaml delete mode 100755 charts/ambassador/ambassador/6.7.1100/templates/traffic-agent-rbac.yaml delete mode 100755 charts/ambassador/ambassador/6.7.1100/templates/traffic-manager.yaml delete mode 100755 charts/ambassador/ambassador/6.7.1100/values.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/.helmignore delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/CHANGELOG.md delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/Chart.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/LICENSE delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/README.md delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/ReverseProxyConfiguration.md delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/UPGRADE_NOTES.md delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/app-readme.md delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/.helmignore delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/Chart.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/README.md delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/ci/default-values.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/ci/shmvolume-disabled-values.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/files/README.md delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/files/conf.d/README.md delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/files/docker-entrypoint-initdb.d/README.md delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/NOTES.txt delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/_helpers.tpl delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/configmap.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/extended-config-configmap.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/initialization-configmap.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/metrics-configmap.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/metrics-svc.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/networkpolicy.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/prometheusrule.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/secrets.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/serviceaccount.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/servicemonitor.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/statefulset-slaves.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/statefulset.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/svc-headless.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/svc-read.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/svc.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/values-production.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/values.schema.json delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/values.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/ci/access-tls-values.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/ci/default-values.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/ci/migration-disabled-values.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/ci/test-values.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/files/migrate.sh delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/files/migrationHelmInfo.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/files/migrationStatus.sh delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/logo/artifactory-logo.png delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/questions.yml delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/requirements.lock delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/requirements.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/templates/NOTES.txt delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/templates/_helpers.tpl delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/templates/admin-bootstrap-creds.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-access-config.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-binarystore-secret.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-configmaps.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-custom-secrets.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-database-secrets.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-gcp-credentials-secret.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-installer-info.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-license-secret.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-migration-scripts.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-networkpolicy.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-nfs-pvc.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-node-pdb.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-node-statefulset.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-primary-statefulset.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-priority-class.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-role.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-rolebinding.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-secrets.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-service.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-serviceaccount.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-storage-pvc.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-system-yaml.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/templates/filebeat-configmap.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/templates/ingress.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/templates/logger-configmap.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/templates/nginx-artifactory-conf.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/templates/nginx-certificate-secret.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/templates/nginx-conf.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/templates/nginx-deployment.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/templates/nginx-pdb.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/templates/nginx-pvc.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/templates/nginx-service.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/values-large.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/values-medium.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/values-small.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/3.0.1400/values.yaml delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/.helmignore delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/CHANGELOG.md delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/Chart.yaml delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/LICENSE delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/README.md delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/ReverseProxyConfiguration.md delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/UPGRADE_NOTES.md delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/app-readme.md delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/.helmignore delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/Chart.yaml delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/README.md delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/charts/common/.helmignore delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/charts/common/Chart.yaml delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/charts/common/README.md delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/charts/common/templates/_capabilities.tpl delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/charts/common/templates/_errors.tpl delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/charts/common/templates/_images.tpl delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/charts/common/templates/_labels.tpl delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/charts/common/templates/_names.tpl delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/charts/common/templates/_secrets.tpl delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/charts/common/templates/_storage.tpl delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/charts/common/templates/_tplvalues.tpl delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/charts/common/templates/_utils.tpl delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/charts/common/templates/_validations.tpl delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/charts/common/templates/_warnings.tpl delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/charts/common/values.yaml delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/ci/commonAnnotations.yaml delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/ci/default-values.yaml delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/ci/shmvolume-disabled-values.yaml delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/files/README.md delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/files/conf.d/README.md delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/files/docker-entrypoint-initdb.d/README.md delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/requirements.lock delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/requirements.yaml delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/NOTES.txt delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/_helpers.tpl delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/configmap.yaml delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/extended-config-configmap.yaml delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/initialization-configmap.yaml delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/metrics-configmap.yaml delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/metrics-svc.yaml delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/networkpolicy.yaml delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/podsecuritypolicy.yaml delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/prometheusrule.yaml delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/role.yaml delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/rolebinding.yaml delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/secrets.yaml delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/serviceaccount.yaml delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/servicemonitor.yaml delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/statefulset-slaves.yaml delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/statefulset.yaml delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/svc-headless.yaml delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/svc-read.yaml delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/svc.yaml delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/values-production.yaml delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/values.schema.json delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/values.yaml delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/ci/access-tls-values.yaml delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/ci/default-values.yaml delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/ci/global-values.yaml delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/ci/migration-disabled-values.yaml delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/ci/test-values.yaml delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/files/migrate.sh delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/files/migrationHelmInfo.yaml delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/files/migrationStatus.sh delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/logo/artifactory-logo.png delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/questions.yml delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/requirements.lock delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/requirements.yaml delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/security-mitigation.yaml delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/templates/NOTES.txt delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/templates/_helpers.tpl delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/templates/additional-resources.yaml delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/templates/admin-bootstrap-creds.yaml delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-access-config.yaml delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-binarystore-secret.yaml delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-configmaps.yaml delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-custom-secrets.yaml delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-database-secrets.yaml delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-gcp-credentials-secret.yaml delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-installer-info.yaml delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-license-secret.yaml delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-migration-scripts.yaml delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-networkpolicy.yaml delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-nfs-pvc.yaml delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-node-pdb.yaml delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-node-statefulset.yaml delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-primary-pdb.yaml delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-primary-statefulset.yaml delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-priority-class.yaml delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-role.yaml delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-rolebinding.yaml delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-secrets.yaml delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-service.yaml delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-serviceaccount.yaml delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-storage-pvc.yaml delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-system-yaml.yaml delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/templates/filebeat-configmap.yaml delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/templates/ingress.yaml delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/templates/logger-configmap.yaml delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/templates/nginx-artifactory-conf.yaml delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/templates/nginx-certificate-secret.yaml delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/templates/nginx-conf.yaml delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/templates/nginx-deployment.yaml delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/templates/nginx-pdb.yaml delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/templates/nginx-pvc.yaml delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/templates/nginx-service.yaml delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/values-large.yaml delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/values-medium.yaml delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/values-small.yaml delete mode 100644 charts/artifactory-ha/artifactory-ha/4.13.0/values.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/.helmignore delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/CHANGELOG.md delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/Chart.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/LICENSE delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/README.md delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/ReverseProxyConfiguration.md delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/UPGRADE_NOTES.md delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/app-readme.md delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/.helmignore delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/Chart.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/README.md delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/.helmignore delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/Chart.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/README.md delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_capabilities.tpl delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_errors.tpl delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_images.tpl delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_labels.tpl delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_names.tpl delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_secrets.tpl delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_storage.tpl delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_tplvalues.tpl delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_utils.tpl delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_validations.tpl delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_warnings.tpl delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/values.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/ci/commonAnnotations.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/ci/default-values.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/ci/shmvolume-disabled-values.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/files/README.md delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/files/conf.d/README.md delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/files/docker-entrypoint-initdb.d/README.md delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/requirements.lock delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/requirements.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/NOTES.txt delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/_helpers.tpl delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/configmap.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/extended-config-configmap.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/initialization-configmap.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/metrics-configmap.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/metrics-svc.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/networkpolicy.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/podsecuritypolicy.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/prometheusrule.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/role.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/rolebinding.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/secrets.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/serviceaccount.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/servicemonitor.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/statefulset-slaves.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/statefulset.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/svc-headless.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/svc-read.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/svc.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/values-production.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/values.schema.json delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/values.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/ci/access-tls-values.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/ci/default-values.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/ci/global-values.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/ci/migration-disabled-values.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/ci/test-values.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/files/migrate.sh delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/files/migrationHelmInfo.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/files/migrationStatus.sh delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/logo/artifactory-logo.png delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/questions.yml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/requirements.lock delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/requirements.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/security-mitigation.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/templates/NOTES.txt delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/templates/_helpers.tpl delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/templates/additional-resources.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/templates/admin-bootstrap-creds.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-access-config.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-binarystore-secret.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-configmaps.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-custom-secrets.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-database-secrets.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-gcp-credentials-secret.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-installer-info.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-license-secret.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-migration-scripts.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-networkpolicy.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-nfs-pvc.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-node-pdb.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-node-statefulset.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-primary-pdb.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-primary-statefulset.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-priority-class.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-role.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-rolebinding.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-secrets.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-service.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-serviceaccount.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-storage-pvc.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-system-yaml.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/templates/filebeat-configmap.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/templates/ingress.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/templates/logger-configmap.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/templates/nginx-artifactory-conf.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/templates/nginx-certificate-secret.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/templates/nginx-conf.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/templates/nginx-deployment.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/templates/nginx-pdb.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/templates/nginx-pvc.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/templates/nginx-service.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/values-large.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/values-medium.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/values-small.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.13.000/values.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/.helmignore delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/CHANGELOG.md delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/Chart.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/LICENSE delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/README.md delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/ReverseProxyConfiguration.md delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/UPGRADE_NOTES.md delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/app-readme.md delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/.helmignore delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/Chart.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/README.md delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/.helmignore delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/Chart.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/README.md delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_capabilities.tpl delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_errors.tpl delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_images.tpl delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_labels.tpl delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_names.tpl delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_secrets.tpl delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_storage.tpl delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_tplvalues.tpl delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_utils.tpl delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_validations.tpl delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_warnings.tpl delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/values.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/ci/commonAnnotations.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/ci/default-values.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/ci/shmvolume-disabled-values.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/files/README.md delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/files/conf.d/README.md delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/files/docker-entrypoint-initdb.d/README.md delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/requirements.lock delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/requirements.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/NOTES.txt delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/_helpers.tpl delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/configmap.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/extended-config-configmap.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/initialization-configmap.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/metrics-configmap.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/metrics-svc.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/networkpolicy.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/podsecuritypolicy.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/prometheusrule.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/role.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/rolebinding.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/secrets.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/serviceaccount.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/servicemonitor.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/statefulset-slaves.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/statefulset.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/svc-headless.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/svc-read.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/svc.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/values-production.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/values.schema.json delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/values.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/ci/access-tls-values.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/ci/default-values.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/ci/global-values.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/ci/migration-disabled-values.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/ci/test-values.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/files/migrate.sh delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/files/migrationHelmInfo.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/files/migrationStatus.sh delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/logo/artifactory-logo.png delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/questions.yml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/requirements.lock delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/requirements.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/security-mitigation.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/templates/NOTES.txt delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/templates/_helpers.tpl delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/templates/additional-resources.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/templates/admin-bootstrap-creds.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-access-config.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-binarystore-secret.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-configmaps.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-custom-secrets.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-database-secrets.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-gcp-credentials-secret.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-installer-info.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-license-secret.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-migration-scripts.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-networkpolicy.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-nfs-pvc.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-node-pdb.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-node-statefulset.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-primary-pdb.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-primary-statefulset.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-priority-class.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-role.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-rolebinding.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-secrets.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-service.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-serviceaccount.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-storage-pvc.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-system-yaml.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/templates/filebeat-configmap.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/templates/ingress.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/templates/logger-configmap.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/templates/nginx-artifactory-conf.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/templates/nginx-certificate-secret.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/templates/nginx-conf.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/templates/nginx-deployment.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/templates/nginx-pdb.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/templates/nginx-pvc.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/templates/nginx-service.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/values-large.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/values-medium.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/values-small.yaml delete mode 100755 charts/artifactory-ha/artifactory-ha/4.7.600/values.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/CHANGELOG.md delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/Chart.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/LICENSE delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/OWNERS delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/README.md delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/app-readme.md delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/.helmignore delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/CHANGELOG.md delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/Chart.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/LICENSE delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/README.md delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/ReverseProxyConfiguration.md delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/UPGRADE_NOTES.md delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/.helmignore delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/Chart.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/README.md delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/ci/default-values.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/ci/shmvolume-disabled-values.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/files/README.md delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/files/conf.d/README.md delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/files/docker-entrypoint-initdb.d/README.md delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/NOTES.txt delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/_helpers.tpl delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/configmap.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/extended-config-configmap.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/initialization-configmap.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/metrics-configmap.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/metrics-svc.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/networkpolicy.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/prometheusrule.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/secrets.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/serviceaccount.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/servicemonitor.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/statefulset-slaves.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/statefulset.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/svc-headless.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/svc-read.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/svc.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/values-production.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/values.schema.json delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/values.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/ci/access-tls-values.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/ci/default-values.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/ci/migration-disabled-values.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/ci/test-values.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/files/migrate.sh delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/files/migrationHelmInfo.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/files/migrationStatus.sh delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/logo/artifactory-logo.png delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/requirements.lock delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/requirements.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/NOTES.txt delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/_helpers.tpl delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/admin-bootstrap-creds.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-access-config.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-binarystore-secret.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-configmaps.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-custom-secrets.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-database-secrets.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-installer-info.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-license-secret.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-migration-scripts.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-networkpolicy.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-priority-class.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-role.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-rolebinding.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-secrets.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-service.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-serviceaccount.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-statefulset.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-system-yaml.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/filebeat-configmap.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/ingress.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/logger-configmap.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/nginx-artifactory-conf.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/nginx-certificate-secret.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/nginx-conf.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/nginx-deployment.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/nginx-pvc.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/nginx-service.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/values-large.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/values-medium.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/values-small.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/values.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/ci/default-values.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/logo/jcr-logo.png delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/questions.yml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/requirements.lock delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/requirements.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/templates/NOTES.txt delete mode 100755 charts/artifactory-jcr/artifactory-jcr/2.5.100/values.yaml delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/CHANGELOG.md delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/Chart.yaml delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/LICENSE delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/README.md delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/app-readme.md delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/.helmignore delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/CHANGELOG.md delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/Chart.yaml delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/LICENSE delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/README.md delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/ReverseProxyConfiguration.md delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/UPGRADE_NOTES.md delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/.helmignore delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/Chart.yaml delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/README.md delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/charts/common/.helmignore delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/charts/common/Chart.yaml delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/charts/common/README.md delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/charts/common/templates/_capabilities.tpl delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/charts/common/templates/_errors.tpl delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/charts/common/templates/_images.tpl delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/charts/common/templates/_labels.tpl delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/charts/common/templates/_names.tpl delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/charts/common/templates/_secrets.tpl delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/charts/common/templates/_storage.tpl delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/charts/common/templates/_tplvalues.tpl delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/charts/common/templates/_utils.tpl delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/charts/common/templates/_validations.tpl delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/charts/common/templates/_warnings.tpl delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/charts/common/values.yaml delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/ci/commonAnnotations.yaml delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/ci/default-values.yaml delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/ci/shmvolume-disabled-values.yaml delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/files/README.md delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/files/conf.d/README.md delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/files/docker-entrypoint-initdb.d/README.md delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/requirements.lock delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/requirements.yaml delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/NOTES.txt delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/_helpers.tpl delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/configmap.yaml delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/extended-config-configmap.yaml delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/initialization-configmap.yaml delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/metrics-configmap.yaml delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/metrics-svc.yaml delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/networkpolicy.yaml delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/podsecuritypolicy.yaml delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/prometheusrule.yaml delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/role.yaml delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/rolebinding.yaml delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/secrets.yaml delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/serviceaccount.yaml delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/servicemonitor.yaml delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/statefulset-slaves.yaml delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/statefulset.yaml delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/svc-headless.yaml delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/svc-read.yaml delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/svc.yaml delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/values-production.yaml delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/values.schema.json delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/values.yaml delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/ci/access-tls-values.yaml delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/ci/default-values.yaml delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/ci/derby-test-values.yaml delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/ci/global-values.yaml delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/ci/migration-disabled-values.yaml delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/ci/test-values.yaml delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/files/migrate.sh delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/files/migrationHelmInfo.yaml delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/files/migrationStatus.sh delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/logo/artifactory-logo.png delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/requirements.lock delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/requirements.yaml delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/security-mitigation.yaml delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/NOTES.txt delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/_helpers.tpl delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/additional-resources.yaml delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/admin-bootstrap-creds.yaml delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/artifactory-access-config.yaml delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/artifactory-binarystore-secret.yaml delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/artifactory-configmaps.yaml delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/artifactory-custom-secrets.yaml delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/artifactory-database-secrets.yaml delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/artifactory-installer-info.yaml delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/artifactory-license-secret.yaml delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/artifactory-migration-scripts.yaml delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/artifactory-networkpolicy.yaml delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/artifactory-priority-class.yaml delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/artifactory-role.yaml delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/artifactory-rolebinding.yaml delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/artifactory-secrets.yaml delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/artifactory-service.yaml delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/artifactory-serviceaccount.yaml delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/artifactory-statefulset.yaml delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/artifactory-system-yaml.yaml delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/filebeat-configmap.yaml delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/ingress.yaml delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/logger-configmap.yaml delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/nginx-artifactory-conf.yaml delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/nginx-certificate-secret.yaml delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/nginx-conf.yaml delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/nginx-deployment.yaml delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/nginx-pvc.yaml delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/nginx-service.yaml delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/values-large.yaml delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/values-medium.yaml delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/values-small.yaml delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/values.yaml delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/ci/default-values.yaml delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/logo/jcr-logo.png delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/questions.yml delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/requirements.lock delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/requirements.yaml delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/templates/NOTES.txt delete mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.0/values.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/CHANGELOG.md delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/Chart.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/LICENSE delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/README.md delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/app-readme.md delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/.helmignore delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/CHANGELOG.md delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/Chart.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/LICENSE delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/README.md delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/ReverseProxyConfiguration.md delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/UPGRADE_NOTES.md delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/.helmignore delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/Chart.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/README.md delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/.helmignore delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/Chart.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/README.md delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_capabilities.tpl delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_errors.tpl delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_images.tpl delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_labels.tpl delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_names.tpl delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_secrets.tpl delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_storage.tpl delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_tplvalues.tpl delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_utils.tpl delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_validations.tpl delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_warnings.tpl delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/values.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/ci/commonAnnotations.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/ci/default-values.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/ci/shmvolume-disabled-values.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/files/README.md delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/files/conf.d/README.md delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/files/docker-entrypoint-initdb.d/README.md delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/requirements.lock delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/requirements.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/NOTES.txt delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/_helpers.tpl delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/configmap.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/extended-config-configmap.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/initialization-configmap.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/metrics-configmap.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/metrics-svc.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/networkpolicy.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/podsecuritypolicy.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/prometheusrule.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/role.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/rolebinding.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/secrets.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/serviceaccount.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/servicemonitor.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/statefulset-slaves.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/statefulset.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/svc-headless.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/svc-read.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/svc.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/values-production.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/values.schema.json delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/values.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/ci/access-tls-values.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/ci/default-values.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/ci/derby-test-values.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/ci/global-values.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/ci/migration-disabled-values.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/ci/test-values.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/files/migrate.sh delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/files/migrationHelmInfo.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/files/migrationStatus.sh delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/logo/artifactory-logo.png delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/requirements.lock delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/requirements.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/security-mitigation.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/NOTES.txt delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/_helpers.tpl delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/additional-resources.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/admin-bootstrap-creds.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-access-config.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-binarystore-secret.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-configmaps.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-custom-secrets.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-database-secrets.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-installer-info.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-license-secret.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-migration-scripts.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-networkpolicy.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-priority-class.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-role.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-rolebinding.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-secrets.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-service.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-serviceaccount.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-statefulset.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-system-yaml.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/filebeat-configmap.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/ingress.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/logger-configmap.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/nginx-artifactory-conf.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/nginx-certificate-secret.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/nginx-conf.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/nginx-deployment.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/nginx-pvc.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/nginx-service.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/values-large.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/values-medium.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/values-small.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/values.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/ci/default-values.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/logo/jcr-logo.png delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/questions.yml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/requirements.lock delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/requirements.yaml delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/templates/NOTES.txt delete mode 100755 charts/artifactory-jcr/artifactory-jcr/3.4.000/values.yaml delete mode 100644 charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100+up1.2.1/.helmignore delete mode 100644 charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100+up1.2.1/Chart.yaml delete mode 100644 charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100+up1.2.1/README.md delete mode 100644 charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100+up1.2.1/app-readme.md delete mode 100644 charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100+up1.2.1/questions.yml delete mode 100644 charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100+up1.2.1/templates/_helpers.tpl delete mode 100644 charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100+up1.2.1/templates/citrix-adc-ingressgateway-deployment.yaml delete mode 100644 charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100+up1.2.1/templates/ingressgateway-service.yaml delete mode 100644 charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100+up1.2.1/templates/metrics-exporter-service.yaml delete mode 100644 charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100+up1.2.1/templates/secret.yaml delete mode 100644 charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100+up1.2.1/values.yaml delete mode 100755 charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/.helmignore delete mode 100755 charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/Chart.yaml delete mode 100755 charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/README.md delete mode 100755 charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/app-readme.md delete mode 100755 charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/questions.yml delete mode 100755 charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/templates/_helpers.tpl delete mode 100755 charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/templates/citrix-adc-ingressgateway-deployment.yaml delete mode 100755 charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/templates/ingressgateway-service.yaml delete mode 100755 charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/templates/metrics-exporter-service.yaml delete mode 100755 charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/templates/secret.yaml delete mode 100755 charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/values.yaml delete mode 100644 charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800+up1.8.28/Chart.yaml delete mode 100644 charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800+up1.8.28/README.md delete mode 100644 charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800+up1.8.28/app-readme.md delete mode 100644 charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800+up1.8.28/questions.yml delete mode 100644 charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800+up1.8.28/templates/NOTES.txt delete mode 100644 charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800+up1.8.28/templates/_helpers.tpl delete mode 100644 charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800+up1.8.28/templates/cic_crds.yaml delete mode 100644 charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800+up1.8.28/templates/citrix-k8s-cpx-ingress.yaml delete mode 100644 charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800+up1.8.28/templates/configmap.yaml delete mode 100644 charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800+up1.8.28/templates/login_credentials.yaml delete mode 100644 charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800+up1.8.28/templates/rbac.yaml delete mode 100644 charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800+up1.8.28/values.yaml delete mode 100755 charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/Chart.yaml delete mode 100755 charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/README.md delete mode 100755 charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/app-readme.md delete mode 100755 charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/questions.yml delete mode 100755 charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/templates/NOTES.txt delete mode 100755 charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/templates/_helpers.tpl delete mode 100755 charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/templates/cic_crds.yaml delete mode 100755 charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/templates/citrix-k8s-cpx-ingress.yaml delete mode 100755 charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/templates/configmap.yaml delete mode 100755 charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/templates/login_credentials.yaml delete mode 100755 charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/templates/rbac.yaml delete mode 100755 charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/values.yaml delete mode 100755 charts/cloudcasa/cloudcasa/0.1.000/Chart.yaml delete mode 100755 charts/cloudcasa/cloudcasa/0.1.000/README.md delete mode 100755 charts/cloudcasa/cloudcasa/0.1.000/app-readme.md delete mode 100755 charts/cloudcasa/cloudcasa/0.1.000/questions.yaml delete mode 100755 charts/cloudcasa/cloudcasa/0.1.000/templates/NOTES.txt delete mode 100755 charts/cloudcasa/cloudcasa/0.1.000/templates/_helpers.tpl delete mode 100755 charts/cloudcasa/cloudcasa/0.1.000/templates/cluster-register.yaml delete mode 100755 charts/cloudcasa/cloudcasa/0.1.000/values.yaml delete mode 100644 charts/cloudcasa/cloudcasa/1.0.0/Chart.yaml delete mode 100644 charts/cloudcasa/cloudcasa/1.0.0/README.md delete mode 100644 charts/cloudcasa/cloudcasa/1.0.0/app-readme.md delete mode 100644 charts/cloudcasa/cloudcasa/1.0.0/questions.yaml delete mode 100644 charts/cloudcasa/cloudcasa/1.0.0/templates/NOTES.txt delete mode 100644 charts/cloudcasa/cloudcasa/1.0.0/templates/_helpers.tpl delete mode 100644 charts/cloudcasa/cloudcasa/1.0.0/templates/cluster-register.yaml delete mode 100644 charts/cloudcasa/cloudcasa/1.0.0/values.yaml delete mode 100755 charts/cloudcasa/cloudcasa/1/Chart.yaml delete mode 100755 charts/cloudcasa/cloudcasa/1/README.md delete mode 100755 charts/cloudcasa/cloudcasa/1/app-readme.md delete mode 100755 charts/cloudcasa/cloudcasa/1/questions.yaml delete mode 100755 charts/cloudcasa/cloudcasa/1/templates/NOTES.txt delete mode 100755 charts/cloudcasa/cloudcasa/1/templates/_helpers.tpl delete mode 100755 charts/cloudcasa/cloudcasa/1/templates/cluster-register.yaml delete mode 100755 charts/cloudcasa/cloudcasa/1/values.yaml delete mode 100644 charts/cloudcasa/cloudcasa/2.0.0/Chart.yaml delete mode 100644 charts/cloudcasa/cloudcasa/2.0.0/README.md delete mode 100644 charts/cloudcasa/cloudcasa/2.0.0/app-readme.md delete mode 100644 charts/cloudcasa/cloudcasa/2.0.0/questions.yaml delete mode 100644 charts/cloudcasa/cloudcasa/2.0.0/templates/NOTES.txt delete mode 100644 charts/cloudcasa/cloudcasa/2.0.0/templates/_helpers.tpl delete mode 100644 charts/cloudcasa/cloudcasa/2.0.0/templates/cluster-register.yaml delete mode 100644 charts/cloudcasa/cloudcasa/2.0.0/values.yaml delete mode 100644 charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/Chart.yaml delete mode 100644 charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/README.md delete mode 100644 charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/app-readme.md delete mode 100644 charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/questions.yml delete mode 100644 charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/templates/NOTES.txt delete mode 100644 charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/templates/_helpers.tpl delete mode 100644 charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/templates/clusterrole.yaml delete mode 100644 charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/templates/clusterrolebinding.yaml delete mode 100644 charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/templates/ingress.yaml delete mode 100644 charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/templates/job.init.yaml delete mode 100644 charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/templates/networkpolicy.yaml delete mode 100644 charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/templates/poddisruptionbudget.yaml delete mode 100644 charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/templates/role.yaml delete mode 100644 charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/templates/rolebinding.yaml delete mode 100644 charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/templates/secret.registry.yaml delete mode 100644 charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/templates/service.discovery.yaml delete mode 100644 charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/templates/service.public.yaml delete mode 100644 charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/templates/serviceaccount.yaml delete mode 100644 charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/templates/statefulset.yaml delete mode 100644 charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/templates/tests/client.yaml delete mode 100644 charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/values.yaml delete mode 100755 charts/cockroachdb/cockroachdb/4.1.200/Chart.yaml delete mode 100755 charts/cockroachdb/cockroachdb/4.1.200/README.md delete mode 100755 charts/cockroachdb/cockroachdb/4.1.200/app-readme.md delete mode 100755 charts/cockroachdb/cockroachdb/4.1.200/questions.yml delete mode 100755 charts/cockroachdb/cockroachdb/4.1.200/templates/NOTES.txt delete mode 100755 charts/cockroachdb/cockroachdb/4.1.200/templates/_helpers.tpl delete mode 100755 charts/cockroachdb/cockroachdb/4.1.200/templates/clusterrole.yaml delete mode 100755 charts/cockroachdb/cockroachdb/4.1.200/templates/clusterrolebinding.yaml delete mode 100755 charts/cockroachdb/cockroachdb/4.1.200/templates/ingress.yaml delete mode 100755 charts/cockroachdb/cockroachdb/4.1.200/templates/job.init.yaml delete mode 100755 charts/cockroachdb/cockroachdb/4.1.200/templates/networkpolicy.yaml delete mode 100755 charts/cockroachdb/cockroachdb/4.1.200/templates/poddisruptionbudget.yaml delete mode 100755 charts/cockroachdb/cockroachdb/4.1.200/templates/role.yaml delete mode 100755 charts/cockroachdb/cockroachdb/4.1.200/templates/rolebinding.yaml delete mode 100755 charts/cockroachdb/cockroachdb/4.1.200/templates/secret.registry.yaml delete mode 100755 charts/cockroachdb/cockroachdb/4.1.200/templates/service.discovery.yaml delete mode 100755 charts/cockroachdb/cockroachdb/4.1.200/templates/service.public.yaml delete mode 100755 charts/cockroachdb/cockroachdb/4.1.200/templates/serviceaccount.yaml delete mode 100755 charts/cockroachdb/cockroachdb/4.1.200/templates/statefulset.yaml delete mode 100755 charts/cockroachdb/cockroachdb/4.1.200/templates/tests/client.yaml delete mode 100755 charts/cockroachdb/cockroachdb/4.1.200/values.yaml delete mode 100644 charts/csi-wekafs/csi-wekafsplugin/0.6.400+up0.6.4/.helmignore delete mode 100644 charts/csi-wekafs/csi-wekafsplugin/0.6.400+up0.6.4/Chart.yaml delete mode 100644 charts/csi-wekafs/csi-wekafsplugin/0.6.400+up0.6.4/LOCAL.md delete mode 100644 charts/csi-wekafs/csi-wekafsplugin/0.6.400+up0.6.4/README.md delete mode 100644 charts/csi-wekafs/csi-wekafsplugin/0.6.400+up0.6.4/app-readme.md delete mode 100644 charts/csi-wekafs/csi-wekafsplugin/0.6.400+up0.6.4/questions.yaml delete mode 100644 charts/csi-wekafs/csi-wekafsplugin/0.6.400+up0.6.4/templates/NOTES.txt delete mode 100644 charts/csi-wekafs/csi-wekafsplugin/0.6.400+up0.6.4/templates/controllerserver.yaml delete mode 100644 charts/csi-wekafs/csi-wekafsplugin/0.6.400+up0.6.4/templates/driver.yaml delete mode 100644 charts/csi-wekafs/csi-wekafsplugin/0.6.400+up0.6.4/templates/nodeserver.yaml delete mode 100644 charts/csi-wekafs/csi-wekafsplugin/0.6.400+up0.6.4/values.schema.json delete mode 100644 charts/csi-wekafs/csi-wekafsplugin/0.6.400+up0.6.4/values.yaml delete mode 100755 charts/csi-wekafs/csi-wekafsplugin/0.6.400/.helmignore delete mode 100755 charts/csi-wekafs/csi-wekafsplugin/0.6.400/Chart.yaml delete mode 100755 charts/csi-wekafs/csi-wekafsplugin/0.6.400/LOCAL.md delete mode 100755 charts/csi-wekafs/csi-wekafsplugin/0.6.400/README.md delete mode 100755 charts/csi-wekafs/csi-wekafsplugin/0.6.400/app-readme.md delete mode 100755 charts/csi-wekafs/csi-wekafsplugin/0.6.400/questions.yaml delete mode 100755 charts/csi-wekafs/csi-wekafsplugin/0.6.400/templates/NOTES.txt delete mode 100755 charts/csi-wekafs/csi-wekafsplugin/0.6.400/templates/controllerserver.yaml delete mode 100755 charts/csi-wekafs/csi-wekafsplugin/0.6.400/templates/driver.yaml delete mode 100755 charts/csi-wekafs/csi-wekafsplugin/0.6.400/templates/nodeserver.yaml delete mode 100755 charts/csi-wekafs/csi-wekafsplugin/0.6.400/values.schema.json delete mode 100755 charts/csi-wekafs/csi-wekafsplugin/0.6.400/values.yaml delete mode 100644 charts/datadog/datadog/2.4.200+up2.4.2/.helmignore delete mode 100644 charts/datadog/datadog/2.4.200+up2.4.2/CHANGELOG.md delete mode 100644 charts/datadog/datadog/2.4.200+up2.4.2/Chart.yaml delete mode 100644 charts/datadog/datadog/2.4.200+up2.4.2/README.md delete mode 100644 charts/datadog/datadog/2.4.200+up2.4.2/app-readme.md delete mode 100644 charts/datadog/datadog/2.4.200+up2.4.2/charts/kube-state-metrics/.helmignore delete mode 100644 charts/datadog/datadog/2.4.200+up2.4.2/charts/kube-state-metrics/Chart.yaml delete mode 100644 charts/datadog/datadog/2.4.200+up2.4.2/charts/kube-state-metrics/README.md delete mode 100644 charts/datadog/datadog/2.4.200+up2.4.2/charts/kube-state-metrics/templates/NOTES.txt delete mode 100644 charts/datadog/datadog/2.4.200+up2.4.2/charts/kube-state-metrics/templates/_helpers.tpl delete mode 100644 charts/datadog/datadog/2.4.200+up2.4.2/charts/kube-state-metrics/templates/clusterrole.yaml delete mode 100644 charts/datadog/datadog/2.4.200+up2.4.2/charts/kube-state-metrics/templates/clusterrolebinding.yaml delete mode 100644 charts/datadog/datadog/2.4.200+up2.4.2/charts/kube-state-metrics/templates/deployment.yaml delete mode 100644 charts/datadog/datadog/2.4.200+up2.4.2/charts/kube-state-metrics/templates/pdb.yaml delete mode 100644 charts/datadog/datadog/2.4.200+up2.4.2/charts/kube-state-metrics/templates/podsecuritypolicy.yaml delete mode 100644 charts/datadog/datadog/2.4.200+up2.4.2/charts/kube-state-metrics/templates/psp-clusterrole.yaml delete mode 100644 charts/datadog/datadog/2.4.200+up2.4.2/charts/kube-state-metrics/templates/psp-clusterrolebinding.yaml delete mode 100644 charts/datadog/datadog/2.4.200+up2.4.2/charts/kube-state-metrics/templates/service.yaml delete mode 100644 charts/datadog/datadog/2.4.200+up2.4.2/charts/kube-state-metrics/templates/serviceaccount.yaml delete mode 100644 charts/datadog/datadog/2.4.200+up2.4.2/charts/kube-state-metrics/templates/servicemonitor.yaml delete mode 100644 charts/datadog/datadog/2.4.200+up2.4.2/charts/kube-state-metrics/templates/stsdiscovery-role.yaml delete mode 100644 charts/datadog/datadog/2.4.200+up2.4.2/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml delete mode 100644 charts/datadog/datadog/2.4.200+up2.4.2/charts/kube-state-metrics/values.yaml delete mode 100644 charts/datadog/datadog/2.4.200+up2.4.2/ci/cluster-agent-and-worker-with-dedicated-rbac-values.yaml delete mode 100644 charts/datadog/datadog/2.4.200+up2.4.2/ci/cluster-agent-metrics-server-service-port-values.yaml delete mode 100644 charts/datadog/datadog/2.4.200+up2.4.2/ci/cluster-agent-values.yaml delete mode 100644 charts/datadog/datadog/2.4.200+up2.4.2/ci/default-values.yaml delete mode 100644 charts/datadog/datadog/2.4.200+up2.4.2/ci/dogstastd-socket-values.yaml delete mode 100644 charts/datadog/datadog/2.4.200+up2.4.2/ci/kubeval.yaml delete mode 100644 charts/datadog/datadog/2.4.200+up2.4.2/ci/no_hardened_seccomp-values.yaml delete mode 100644 charts/datadog/datadog/2.4.200+up2.4.2/ci/psp-test-values.yaml delete mode 100644 charts/datadog/datadog/2.4.200+up2.4.2/ci/securitycontext-nil-values.yaml delete mode 100644 charts/datadog/datadog/2.4.200+up2.4.2/docs/Migration_1.x_to_2.x.md delete mode 100644 charts/datadog/datadog/2.4.200+up2.4.2/questions.yml delete mode 100644 charts/datadog/datadog/2.4.200+up2.4.2/requirements.lock delete mode 100644 charts/datadog/datadog/2.4.200+up2.4.2/requirements.yaml delete mode 100644 charts/datadog/datadog/2.4.200+up2.4.2/templates/NOTES.txt delete mode 100644 charts/datadog/datadog/2.4.200+up2.4.2/templates/_helpers.tpl delete mode 100644 charts/datadog/datadog/2.4.200+up2.4.2/templates/agent-apiservice.yaml delete mode 100644 charts/datadog/datadog/2.4.200+up2.4.2/templates/agent-clusterchecks-deployment.yaml delete mode 100644 charts/datadog/datadog/2.4.200+up2.4.2/templates/agent-clusterchecks-pdb.yaml delete mode 100644 charts/datadog/datadog/2.4.200+up2.4.2/templates/agent-clusterchecks-rbac.yaml delete mode 100644 charts/datadog/datadog/2.4.200+up2.4.2/templates/agent-psp.yaml delete mode 100644 charts/datadog/datadog/2.4.200+up2.4.2/templates/agent-scc.yaml delete mode 100644 charts/datadog/datadog/2.4.200+up2.4.2/templates/agent-secret.yaml delete mode 100644 charts/datadog/datadog/2.4.200+up2.4.2/templates/agent-services.yaml delete mode 100644 charts/datadog/datadog/2.4.200+up2.4.2/templates/checksd-configmap.yaml delete mode 100644 charts/datadog/datadog/2.4.200+up2.4.2/templates/cluster-agent-confd-configmap.yaml delete mode 100644 charts/datadog/datadog/2.4.200+up2.4.2/templates/cluster-agent-config-configmap.yaml delete mode 100644 charts/datadog/datadog/2.4.200+up2.4.2/templates/cluster-agent-deployment.yaml delete mode 100644 charts/datadog/datadog/2.4.200+up2.4.2/templates/cluster-agent-pdb.yaml delete mode 100644 charts/datadog/datadog/2.4.200+up2.4.2/templates/cluster-agent-rbac.yaml delete mode 100644 charts/datadog/datadog/2.4.200+up2.4.2/templates/confd-configmap.yaml delete mode 100644 charts/datadog/datadog/2.4.200+up2.4.2/templates/container-agent.yaml delete mode 100644 charts/datadog/datadog/2.4.200+up2.4.2/templates/container-process-agent.yaml delete mode 100644 charts/datadog/datadog/2.4.200+up2.4.2/templates/container-system-probe.yaml delete mode 100644 charts/datadog/datadog/2.4.200+up2.4.2/templates/container-trace-agent.yaml delete mode 100644 charts/datadog/datadog/2.4.200+up2.4.2/templates/containers-common-env.yaml delete mode 100644 charts/datadog/datadog/2.4.200+up2.4.2/templates/containers-init-linux.yaml delete mode 100644 charts/datadog/datadog/2.4.200+up2.4.2/templates/containers-init-windows.yaml delete mode 100644 charts/datadog/datadog/2.4.200+up2.4.2/templates/daemonset-volumes-linux.yaml delete mode 100644 charts/datadog/datadog/2.4.200+up2.4.2/templates/daemonset-volumes-windows.yaml delete mode 100644 charts/datadog/datadog/2.4.200+up2.4.2/templates/daemonset.yaml delete mode 100644 charts/datadog/datadog/2.4.200+up2.4.2/templates/datadog-yaml-configmap.yaml delete mode 100644 charts/datadog/datadog/2.4.200+up2.4.2/templates/hpa-external-metrics-rbac.yaml delete mode 100644 charts/datadog/datadog/2.4.200+up2.4.2/templates/install_info-configmap.yaml delete mode 100644 charts/datadog/datadog/2.4.200+up2.4.2/templates/rbac.yaml delete mode 100644 charts/datadog/datadog/2.4.200+up2.4.2/templates/secrets.yaml delete mode 100644 charts/datadog/datadog/2.4.200+up2.4.2/templates/system-probe-configmap.yaml delete mode 100644 charts/datadog/datadog/2.4.200+up2.4.2/templates/system-probe-init.yaml delete mode 100644 charts/datadog/datadog/2.4.200+up2.4.2/values.yaml delete mode 100755 charts/datadog/datadog/2.4.200/.helmignore delete mode 100755 charts/datadog/datadog/2.4.200/CHANGELOG.md delete mode 100755 charts/datadog/datadog/2.4.200/Chart.yaml delete mode 100755 charts/datadog/datadog/2.4.200/README.md delete mode 100755 charts/datadog/datadog/2.4.200/app-readme.md delete mode 100755 charts/datadog/datadog/2.4.200/charts/kube-state-metrics/.helmignore delete mode 100755 charts/datadog/datadog/2.4.200/charts/kube-state-metrics/Chart.yaml delete mode 100755 charts/datadog/datadog/2.4.200/charts/kube-state-metrics/OWNERS delete mode 100755 charts/datadog/datadog/2.4.200/charts/kube-state-metrics/README.md delete mode 100755 charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/NOTES.txt delete mode 100755 charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/_helpers.tpl delete mode 100755 charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/clusterrole.yaml delete mode 100755 charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/clusterrolebinding.yaml delete mode 100755 charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/deployment.yaml delete mode 100755 charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/pdb.yaml delete mode 100755 charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/podsecuritypolicy.yaml delete mode 100755 charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/psp-clusterrole.yaml delete mode 100755 charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/psp-clusterrolebinding.yaml delete mode 100755 charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/service.yaml delete mode 100755 charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/serviceaccount.yaml delete mode 100755 charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/servicemonitor.yaml delete mode 100755 charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/stsdiscovery-role.yaml delete mode 100755 charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml delete mode 100755 charts/datadog/datadog/2.4.200/charts/kube-state-metrics/values.yaml delete mode 100755 charts/datadog/datadog/2.4.200/ci/cluster-agent-and-worker-with-dedicated-rbac-values.yaml delete mode 100755 charts/datadog/datadog/2.4.200/ci/cluster-agent-metrics-server-service-port-values.yaml delete mode 100755 charts/datadog/datadog/2.4.200/ci/cluster-agent-values.yaml delete mode 100755 charts/datadog/datadog/2.4.200/ci/default-values.yaml delete mode 100755 charts/datadog/datadog/2.4.200/ci/dogstastd-socket-values.yaml delete mode 100755 charts/datadog/datadog/2.4.200/ci/kubeval.yaml delete mode 100755 charts/datadog/datadog/2.4.200/ci/no_hardened_seccomp-values.yaml delete mode 100755 charts/datadog/datadog/2.4.200/ci/psp-test-values.yaml delete mode 100755 charts/datadog/datadog/2.4.200/ci/securitycontext-nil-values.yaml delete mode 100755 charts/datadog/datadog/2.4.200/docs/Migration_1.x_to_2.x.md delete mode 100755 charts/datadog/datadog/2.4.200/questions.yml delete mode 100755 charts/datadog/datadog/2.4.200/requirements.lock delete mode 100755 charts/datadog/datadog/2.4.200/requirements.yaml delete mode 100755 charts/datadog/datadog/2.4.200/templates/NOTES.txt delete mode 100755 charts/datadog/datadog/2.4.200/templates/_helpers.tpl delete mode 100755 charts/datadog/datadog/2.4.200/templates/agent-apiservice.yaml delete mode 100755 charts/datadog/datadog/2.4.200/templates/agent-clusterchecks-deployment.yaml delete mode 100755 charts/datadog/datadog/2.4.200/templates/agent-clusterchecks-pdb.yaml delete mode 100755 charts/datadog/datadog/2.4.200/templates/agent-clusterchecks-rbac.yaml delete mode 100755 charts/datadog/datadog/2.4.200/templates/agent-psp.yaml delete mode 100755 charts/datadog/datadog/2.4.200/templates/agent-scc.yaml delete mode 100755 charts/datadog/datadog/2.4.200/templates/agent-secret.yaml delete mode 100755 charts/datadog/datadog/2.4.200/templates/agent-services.yaml delete mode 100755 charts/datadog/datadog/2.4.200/templates/checksd-configmap.yaml delete mode 100755 charts/datadog/datadog/2.4.200/templates/cluster-agent-confd-configmap.yaml delete mode 100755 charts/datadog/datadog/2.4.200/templates/cluster-agent-config-configmap.yaml delete mode 100755 charts/datadog/datadog/2.4.200/templates/cluster-agent-deployment.yaml delete mode 100755 charts/datadog/datadog/2.4.200/templates/cluster-agent-pdb.yaml delete mode 100755 charts/datadog/datadog/2.4.200/templates/cluster-agent-rbac.yaml delete mode 100755 charts/datadog/datadog/2.4.200/templates/confd-configmap.yaml delete mode 100755 charts/datadog/datadog/2.4.200/templates/container-agent.yaml delete mode 100755 charts/datadog/datadog/2.4.200/templates/container-process-agent.yaml delete mode 100755 charts/datadog/datadog/2.4.200/templates/container-system-probe.yaml delete mode 100755 charts/datadog/datadog/2.4.200/templates/container-trace-agent.yaml delete mode 100755 charts/datadog/datadog/2.4.200/templates/containers-common-env.yaml delete mode 100755 charts/datadog/datadog/2.4.200/templates/containers-init-linux.yaml delete mode 100755 charts/datadog/datadog/2.4.200/templates/containers-init-windows.yaml delete mode 100755 charts/datadog/datadog/2.4.200/templates/daemonset-volumes-linux.yaml delete mode 100755 charts/datadog/datadog/2.4.200/templates/daemonset-volumes-windows.yaml delete mode 100755 charts/datadog/datadog/2.4.200/templates/daemonset.yaml delete mode 100755 charts/datadog/datadog/2.4.200/templates/datadog-yaml-configmap.yaml delete mode 100755 charts/datadog/datadog/2.4.200/templates/hpa-external-metrics-rbac.yaml delete mode 100755 charts/datadog/datadog/2.4.200/templates/install_info-configmap.yaml delete mode 100755 charts/datadog/datadog/2.4.200/templates/rbac.yaml delete mode 100755 charts/datadog/datadog/2.4.200/templates/secrets.yaml delete mode 100755 charts/datadog/datadog/2.4.200/templates/system-probe-configmap.yaml delete mode 100755 charts/datadog/datadog/2.4.200/templates/system-probe-init.yaml delete mode 100755 charts/datadog/datadog/2.4.200/values.yaml delete mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/.helmignore delete mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/Chart.yaml delete mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/README.md delete mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/app-readme.md delete mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/crds/dynatrace.com_oneagentapms_crd.yaml delete mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/crds/dynatrace.com_oneagents_crd.yaml delete mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/logo.png delete mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/overview.svg delete mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/questions.yml delete mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Common/clusterrole-operator.yaml delete mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Common/clusterrole-webhook.yaml delete mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Common/clusterrolebinding-operator.yaml delete mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Common/clusterrolebinding-webhook.yaml delete mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Common/configmap.yaml delete mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Common/customresource-oneagent.yaml delete mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Common/customresource-oneagentapm.yaml delete mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Common/deployment-operator.yaml delete mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Common/deployment-webhook.yaml delete mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Common/mutatingwebhookconfiguration.yaml delete mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Common/rolebinding-operator.yaml delete mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Common/rolebinding-webhook.yaml delete mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Common/secret.yaml delete mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Common/service.yaml delete mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Common/serviceaccount-webhook.yaml delete mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Kubernetes/podsecuritypolicy-oneagent.yaml delete mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Kubernetes/podsecuritypolicy-operator.yaml delete mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Kubernetes/podsecuritypolicy-webhook.yaml delete mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Kubernetes/role-oneagent.yaml delete mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Kubernetes/role-operator.yaml delete mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Kubernetes/role-webhook.yaml delete mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Kubernetes/rolebinding-oneagent.yaml delete mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Kubernetes/serviceaccount-oneagent.yaml delete mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Kubernetes/serviceaccount-operator.yaml delete mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/NOTES.txt delete mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Openshift/role-operator.yaml delete mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Openshift/role-webhook.yaml delete mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Openshift/securitycontextconstraints.yaml delete mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Openshift/serviceaccount-oneagent.yaml delete mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Openshift/serviceaccount-operator.yaml delete mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/_helpers.tpl delete mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/values.yaml delete mode 100755 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/.helmignore delete mode 100755 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/Chart.yaml delete mode 100755 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/README.md delete mode 100755 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/app-readme.md delete mode 100755 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/crds/dynatrace.com_oneagentapms_crd.yaml delete mode 100755 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/crds/dynatrace.com_oneagents_crd.yaml delete mode 100755 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/logo.png delete mode 100755 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/overview.svg delete mode 100755 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/questions.yml delete mode 100755 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/clusterrole-operator.yaml delete mode 100755 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/clusterrole-webhook.yaml delete mode 100755 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/clusterrolebinding-operator.yaml delete mode 100755 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/clusterrolebinding-webhook.yaml delete mode 100755 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/configmap.yaml delete mode 100755 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/customresource-oneagent.yaml delete mode 100755 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/customresource-oneagentapm.yaml delete mode 100755 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/deployment-operator.yaml delete mode 100755 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/deployment-webhook.yaml delete mode 100755 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/mutatingwebhookconfiguration.yaml delete mode 100755 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/rolebinding-operator.yaml delete mode 100755 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/rolebinding-webhook.yaml delete mode 100755 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/secret.yaml delete mode 100755 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/service.yaml delete mode 100755 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/serviceaccount-webhook.yaml delete mode 100755 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Kubernetes/podsecuritypolicy-oneagent.yaml delete mode 100755 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Kubernetes/podsecuritypolicy-operator.yaml delete mode 100755 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Kubernetes/podsecuritypolicy-webhook.yaml delete mode 100755 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Kubernetes/role-oneagent.yaml delete mode 100755 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Kubernetes/role-operator.yaml delete mode 100755 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Kubernetes/role-webhook.yaml delete mode 100755 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Kubernetes/rolebinding-oneagent.yaml delete mode 100755 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Kubernetes/serviceaccount-oneagent.yaml delete mode 100755 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Kubernetes/serviceaccount-operator.yaml delete mode 100755 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/NOTES.txt delete mode 100755 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Openshift/role-operator.yaml delete mode 100755 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Openshift/role-webhook.yaml delete mode 100755 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Openshift/securitycontextconstraints.yaml delete mode 100755 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Openshift/serviceaccount-oneagent.yaml delete mode 100755 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Openshift/serviceaccount-operator.yaml delete mode 100755 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/_helpers.tpl delete mode 100755 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/values.yaml delete mode 100644 charts/falcon-sensor/falcon-sensor/0.9.300+up0.9.3/.helmignore delete mode 100644 charts/falcon-sensor/falcon-sensor/0.9.300+up0.9.3/Chart.yaml delete mode 100644 charts/falcon-sensor/falcon-sensor/0.9.300+up0.9.3/README.md delete mode 100644 charts/falcon-sensor/falcon-sensor/0.9.300+up0.9.3/app-readme.md delete mode 100644 charts/falcon-sensor/falcon-sensor/0.9.300+up0.9.3/ci/cid-values.yaml delete mode 100644 charts/falcon-sensor/falcon-sensor/0.9.300+up0.9.3/questions.yaml delete mode 100644 charts/falcon-sensor/falcon-sensor/0.9.300+up0.9.3/templates/NOTES.txt delete mode 100644 charts/falcon-sensor/falcon-sensor/0.9.300+up0.9.3/templates/_helpers.tpl delete mode 100644 charts/falcon-sensor/falcon-sensor/0.9.300+up0.9.3/templates/configmap.yaml delete mode 100644 charts/falcon-sensor/falcon-sensor/0.9.300+up0.9.3/templates/daemonset.yaml delete mode 100644 charts/falcon-sensor/falcon-sensor/0.9.300+up0.9.3/values.yaml delete mode 100755 charts/falcon-sensor/falcon-sensor/0.9.300/.helmignore delete mode 100755 charts/falcon-sensor/falcon-sensor/0.9.300/Chart.yaml delete mode 100755 charts/falcon-sensor/falcon-sensor/0.9.300/README.md delete mode 100755 charts/falcon-sensor/falcon-sensor/0.9.300/app-readme.md delete mode 100755 charts/falcon-sensor/falcon-sensor/0.9.300/ci/cid-values.yaml delete mode 100755 charts/falcon-sensor/falcon-sensor/0.9.300/questions.yaml delete mode 100755 charts/falcon-sensor/falcon-sensor/0.9.300/templates/NOTES.txt delete mode 100755 charts/falcon-sensor/falcon-sensor/0.9.300/templates/_helpers.tpl delete mode 100755 charts/falcon-sensor/falcon-sensor/0.9.300/templates/configmap.yaml delete mode 100755 charts/falcon-sensor/falcon-sensor/0.9.300/templates/daemonset.yaml delete mode 100755 charts/falcon-sensor/falcon-sensor/0.9.300/values.yaml delete mode 100644 charts/federatorai/federatorai/4.5.100+up4.5.1/.helmignore delete mode 100644 charts/federatorai/federatorai/4.5.100+up4.5.1/Chart.yaml delete mode 100644 charts/federatorai/federatorai/4.5.100+up4.5.1/README.md delete mode 100644 charts/federatorai/federatorai/4.5.100+up4.5.1/app-readme.md delete mode 100644 charts/federatorai/federatorai/4.5.100+up4.5.1/crds/02-alamedaservice.crd.yaml delete mode 100644 charts/federatorai/federatorai/4.5.100+up4.5.1/logo.png delete mode 100644 charts/federatorai/federatorai/4.5.100+up4.5.1/questions.yaml delete mode 100644 charts/federatorai/federatorai/4.5.100+up4.5.1/requirements.yaml delete mode 100644 charts/federatorai/federatorai/4.5.100+up4.5.1/templates/01-serviceaccount.yaml delete mode 100644 charts/federatorai/federatorai/4.5.100+up4.5.1/templates/03-federatorai-operator.deployment.yaml delete mode 100644 charts/federatorai/federatorai/4.5.100+up4.5.1/templates/04-clusterrole.yaml delete mode 100644 charts/federatorai/federatorai/4.5.100+up4.5.1/templates/05-clusterrolebinding.yaml delete mode 100644 charts/federatorai/federatorai/4.5.100+up4.5.1/templates/06-role.yaml delete mode 100644 charts/federatorai/federatorai/4.5.100+up4.5.1/templates/07-rolebinding.yaml delete mode 100644 charts/federatorai/federatorai/4.5.100+up4.5.1/templates/08-service.yaml delete mode 100644 charts/federatorai/federatorai/4.5.100+up4.5.1/templates/09-secret.yaml delete mode 100644 charts/federatorai/federatorai/4.5.100+up4.5.1/templates/10-mutatingwebhook.yaml delete mode 100644 charts/federatorai/federatorai/4.5.100+up4.5.1/templates/11-validatingwebhook.yaml delete mode 100644 charts/federatorai/federatorai/4.5.100+up4.5.1/templates/NOTES.txt delete mode 100644 charts/federatorai/federatorai/4.5.100+up4.5.1/templates/_helpers.tpl delete mode 100644 charts/federatorai/federatorai/4.5.100+up4.5.1/templates/alamedaservice.yaml delete mode 100644 charts/federatorai/federatorai/4.5.100+up4.5.1/values.yaml delete mode 100755 charts/federatorai/federatorai/4.5.100/.helmignore delete mode 100755 charts/federatorai/federatorai/4.5.100/Chart.yaml delete mode 100755 charts/federatorai/federatorai/4.5.100/README.md delete mode 100755 charts/federatorai/federatorai/4.5.100/app-readme.md delete mode 100755 charts/federatorai/federatorai/4.5.100/crds/02-alamedaservice.crd.yaml delete mode 100755 charts/federatorai/federatorai/4.5.100/logo.png delete mode 100755 charts/federatorai/federatorai/4.5.100/questions.yaml delete mode 100755 charts/federatorai/federatorai/4.5.100/requirements.yaml delete mode 100755 charts/federatorai/federatorai/4.5.100/templates/01-serviceaccount.yaml delete mode 100755 charts/federatorai/federatorai/4.5.100/templates/03-federatorai-operator.deployment.yaml delete mode 100755 charts/federatorai/federatorai/4.5.100/templates/04-clusterrole.yaml delete mode 100755 charts/federatorai/federatorai/4.5.100/templates/05-clusterrolebinding.yaml delete mode 100755 charts/federatorai/federatorai/4.5.100/templates/06-role.yaml delete mode 100755 charts/federatorai/federatorai/4.5.100/templates/07-rolebinding.yaml delete mode 100755 charts/federatorai/federatorai/4.5.100/templates/08-service.yaml delete mode 100755 charts/federatorai/federatorai/4.5.100/templates/09-secret.yaml delete mode 100755 charts/federatorai/federatorai/4.5.100/templates/10-mutatingwebhook.yaml delete mode 100755 charts/federatorai/federatorai/4.5.100/templates/11-validatingwebhook.yaml delete mode 100755 charts/federatorai/federatorai/4.5.100/templates/NOTES.txt delete mode 100755 charts/federatorai/federatorai/4.5.100/templates/_helpers.tpl delete mode 100755 charts/federatorai/federatorai/4.5.100/templates/alamedaservice.yaml delete mode 100755 charts/federatorai/federatorai/4.5.100/values.yaml delete mode 100755 charts/haproxy/haproxy/1.12.100/.helmignore delete mode 100755 charts/haproxy/haproxy/1.12.100/Chart.yaml delete mode 100755 charts/haproxy/haproxy/1.12.100/README.md delete mode 100755 charts/haproxy/haproxy/1.12.100/app-readme.md delete mode 100755 charts/haproxy/haproxy/1.12.100/ci/daemonset-customconfig-values.yaml delete mode 100755 charts/haproxy/haproxy/1.12.100/ci/daemonset-customnodeport-values.yaml delete mode 100755 charts/haproxy/haproxy/1.12.100/ci/daemonset-default-values.yaml delete mode 100755 charts/haproxy/haproxy/1.12.100/ci/daemonset-disableddefaultbackend-values.yaml delete mode 100755 charts/haproxy/haproxy/1.12.100/ci/daemonset-disabledsecretconfig-values.yaml delete mode 100755 charts/haproxy/haproxy/1.12.100/ci/daemonset-enableports-values.yaml delete mode 100755 charts/haproxy/haproxy/1.12.100/ci/daemonset-extraargs-values.yaml delete mode 100755 charts/haproxy/haproxy/1.12.100/ci/daemonset-hostport-values.yaml delete mode 100755 charts/haproxy/haproxy/1.12.100/ci/daemonset-nodeport-values.yaml delete mode 100755 charts/haproxy/haproxy/1.12.100/ci/daemonset-publishservice-values.yaml delete mode 100755 charts/haproxy/haproxy/1.12.100/ci/daemonset-serviceannotation-values.yaml delete mode 100755 charts/haproxy/haproxy/1.12.100/ci/deployment-customconfig-values.yaml delete mode 100755 charts/haproxy/haproxy/1.12.100/ci/deployment-customnodeport-values.yaml delete mode 100755 charts/haproxy/haproxy/1.12.100/ci/deployment-default-values.yaml delete mode 100755 charts/haproxy/haproxy/1.12.100/ci/deployment-disableddefaultbackend-values.yaml delete mode 100755 charts/haproxy/haproxy/1.12.100/ci/deployment-disabledsecretconfig-values.yaml delete mode 100755 charts/haproxy/haproxy/1.12.100/ci/deployment-enableports-values.yaml delete mode 100755 charts/haproxy/haproxy/1.12.100/ci/deployment-extraargs-values.yaml delete mode 100755 charts/haproxy/haproxy/1.12.100/ci/deployment-hpa-values.yaml delete mode 100755 charts/haproxy/haproxy/1.12.100/ci/deployment-nodeport-values.yaml delete mode 100755 charts/haproxy/haproxy/1.12.100/ci/deployment-psp-values.yaml delete mode 100755 charts/haproxy/haproxy/1.12.100/ci/deployment-publishservice-values.yaml delete mode 100755 charts/haproxy/haproxy/1.12.100/ci/deployment-replicacount-unset.yaml delete mode 100755 charts/haproxy/haproxy/1.12.100/questions.yml delete mode 100755 charts/haproxy/haproxy/1.12.100/templates/NOTES.txt delete mode 100755 charts/haproxy/haproxy/1.12.100/templates/_helpers.tpl delete mode 100755 charts/haproxy/haproxy/1.12.100/templates/clusterrole.yaml delete mode 100755 charts/haproxy/haproxy/1.12.100/templates/clusterrolebinding.yaml delete mode 100755 charts/haproxy/haproxy/1.12.100/templates/controller-configmap.yaml delete mode 100755 charts/haproxy/haproxy/1.12.100/templates/controller-daemonset.yaml delete mode 100755 charts/haproxy/haproxy/1.12.100/templates/controller-defaultcertsecret.yaml delete mode 100755 charts/haproxy/haproxy/1.12.100/templates/controller-deployment.yaml delete mode 100755 charts/haproxy/haproxy/1.12.100/templates/controller-hpa.yaml delete mode 100755 charts/haproxy/haproxy/1.12.100/templates/controller-podsecuritypolicy.yaml delete mode 100755 charts/haproxy/haproxy/1.12.100/templates/controller-pullsecret.yaml delete mode 100755 charts/haproxy/haproxy/1.12.100/templates/controller-role.yaml delete mode 100755 charts/haproxy/haproxy/1.12.100/templates/controller-rolebinding.yaml delete mode 100755 charts/haproxy/haproxy/1.12.100/templates/controller-service.yaml delete mode 100755 charts/haproxy/haproxy/1.12.100/templates/controller-serviceaccount.yaml delete mode 100755 charts/haproxy/haproxy/1.12.100/templates/controller-servicemonitor.yaml delete mode 100755 charts/haproxy/haproxy/1.12.100/templates/default-backend-deployment.yaml delete mode 100755 charts/haproxy/haproxy/1.12.100/templates/default-backend-hpa.yaml delete mode 100755 charts/haproxy/haproxy/1.12.100/templates/default-backend-podsecuritypolicy.yaml delete mode 100755 charts/haproxy/haproxy/1.12.100/templates/default-backend-role.yaml delete mode 100755 charts/haproxy/haproxy/1.12.100/templates/default-backend-rolebinding.yaml delete mode 100755 charts/haproxy/haproxy/1.12.100/templates/default-backend-service.yaml delete mode 100755 charts/haproxy/haproxy/1.12.100/templates/default-backend-serviceaccount.yaml delete mode 100755 charts/haproxy/haproxy/1.12.100/values.yaml delete mode 100644 charts/haproxy/haproxy/1.12.500+up1.12.5/.helmignore delete mode 100644 charts/haproxy/haproxy/1.12.500+up1.12.5/Chart.yaml delete mode 100644 charts/haproxy/haproxy/1.12.500+up1.12.5/README.md delete mode 100644 charts/haproxy/haproxy/1.12.500+up1.12.5/app-readme.md delete mode 100644 charts/haproxy/haproxy/1.12.500+up1.12.5/ci/daemonset-customconfig-values.yaml delete mode 100644 charts/haproxy/haproxy/1.12.500+up1.12.5/ci/daemonset-customnodeport-values.yaml delete mode 100644 charts/haproxy/haproxy/1.12.500+up1.12.5/ci/daemonset-default-values.yaml delete mode 100644 charts/haproxy/haproxy/1.12.500+up1.12.5/ci/daemonset-disableddefaultbackend-values.yaml delete mode 100644 charts/haproxy/haproxy/1.12.500+up1.12.5/ci/daemonset-disabledsecretconfig-values.yaml delete mode 100644 charts/haproxy/haproxy/1.12.500+up1.12.5/ci/daemonset-enableports-values.yaml delete mode 100644 charts/haproxy/haproxy/1.12.500+up1.12.5/ci/daemonset-extraargs-values.yaml delete mode 100644 charts/haproxy/haproxy/1.12.500+up1.12.5/ci/daemonset-hostport-values.yaml delete mode 100644 charts/haproxy/haproxy/1.12.500+up1.12.5/ci/daemonset-nodeport-values.yaml delete mode 100644 charts/haproxy/haproxy/1.12.500+up1.12.5/ci/daemonset-publishservice-values.yaml delete mode 100644 charts/haproxy/haproxy/1.12.500+up1.12.5/ci/daemonset-serviceannotation-values.yaml delete mode 100644 charts/haproxy/haproxy/1.12.500+up1.12.5/ci/deployment-customconfig-values.yaml delete mode 100644 charts/haproxy/haproxy/1.12.500+up1.12.5/ci/deployment-customnodeport-values.yaml delete mode 100644 charts/haproxy/haproxy/1.12.500+up1.12.5/ci/deployment-default-values.yaml delete mode 100644 charts/haproxy/haproxy/1.12.500+up1.12.5/ci/deployment-disableddefaultbackend-values.yaml delete mode 100644 charts/haproxy/haproxy/1.12.500+up1.12.5/ci/deployment-disabledsecretconfig-values.yaml delete mode 100644 charts/haproxy/haproxy/1.12.500+up1.12.5/ci/deployment-enableports-values.yaml delete mode 100644 charts/haproxy/haproxy/1.12.500+up1.12.5/ci/deployment-extraargs-values.yaml delete mode 100644 charts/haproxy/haproxy/1.12.500+up1.12.5/ci/deployment-hpa-values.yaml delete mode 100644 charts/haproxy/haproxy/1.12.500+up1.12.5/ci/deployment-nodeport-values.yaml delete mode 100644 charts/haproxy/haproxy/1.12.500+up1.12.5/ci/deployment-psp-values.yaml delete mode 100644 charts/haproxy/haproxy/1.12.500+up1.12.5/ci/deployment-publishservice-values.yaml delete mode 100644 charts/haproxy/haproxy/1.12.500+up1.12.5/ci/deployment-replicacount-unset.yaml delete mode 100644 charts/haproxy/haproxy/1.12.500+up1.12.5/questions.yml delete mode 100644 charts/haproxy/haproxy/1.12.500+up1.12.5/templates/NOTES.txt delete mode 100644 charts/haproxy/haproxy/1.12.500+up1.12.5/templates/_helpers.tpl delete mode 100644 charts/haproxy/haproxy/1.12.500+up1.12.5/templates/clusterrole.yaml delete mode 100644 charts/haproxy/haproxy/1.12.500+up1.12.5/templates/clusterrolebinding.yaml delete mode 100644 charts/haproxy/haproxy/1.12.500+up1.12.5/templates/controller-configmap.yaml delete mode 100644 charts/haproxy/haproxy/1.12.500+up1.12.5/templates/controller-daemonset.yaml delete mode 100644 charts/haproxy/haproxy/1.12.500+up1.12.5/templates/controller-defaultcertsecret.yaml delete mode 100644 charts/haproxy/haproxy/1.12.500+up1.12.5/templates/controller-deployment.yaml delete mode 100644 charts/haproxy/haproxy/1.12.500+up1.12.5/templates/controller-hpa.yaml delete mode 100644 charts/haproxy/haproxy/1.12.500+up1.12.5/templates/controller-poddisruptionbudget.yaml delete mode 100644 charts/haproxy/haproxy/1.12.500+up1.12.5/templates/controller-podsecuritypolicy.yaml delete mode 100644 charts/haproxy/haproxy/1.12.500+up1.12.5/templates/controller-pullsecret.yaml delete mode 100644 charts/haproxy/haproxy/1.12.500+up1.12.5/templates/controller-role.yaml delete mode 100644 charts/haproxy/haproxy/1.12.500+up1.12.5/templates/controller-rolebinding.yaml delete mode 100644 charts/haproxy/haproxy/1.12.500+up1.12.5/templates/controller-service.yaml delete mode 100644 charts/haproxy/haproxy/1.12.500+up1.12.5/templates/controller-serviceaccount.yaml delete mode 100644 charts/haproxy/haproxy/1.12.500+up1.12.5/templates/controller-servicemonitor.yaml delete mode 100644 charts/haproxy/haproxy/1.12.500+up1.12.5/templates/default-backend-deployment.yaml delete mode 100644 charts/haproxy/haproxy/1.12.500+up1.12.5/templates/default-backend-hpa.yaml delete mode 100644 charts/haproxy/haproxy/1.12.500+up1.12.5/templates/default-backend-podsecuritypolicy.yaml delete mode 100644 charts/haproxy/haproxy/1.12.500+up1.12.5/templates/default-backend-role.yaml delete mode 100644 charts/haproxy/haproxy/1.12.500+up1.12.5/templates/default-backend-rolebinding.yaml delete mode 100644 charts/haproxy/haproxy/1.12.500+up1.12.5/templates/default-backend-service.yaml delete mode 100644 charts/haproxy/haproxy/1.12.500+up1.12.5/templates/default-backend-serviceaccount.yaml delete mode 100644 charts/haproxy/haproxy/1.12.500+up1.12.5/values.yaml delete mode 100755 charts/haproxy/haproxy/1.12.500/.helmignore delete mode 100755 charts/haproxy/haproxy/1.12.500/Chart.yaml delete mode 100755 charts/haproxy/haproxy/1.12.500/README.md delete mode 100755 charts/haproxy/haproxy/1.12.500/app-readme.md delete mode 100755 charts/haproxy/haproxy/1.12.500/ci/daemonset-customconfig-values.yaml delete mode 100755 charts/haproxy/haproxy/1.12.500/ci/daemonset-customnodeport-values.yaml delete mode 100755 charts/haproxy/haproxy/1.12.500/ci/daemonset-default-values.yaml delete mode 100755 charts/haproxy/haproxy/1.12.500/ci/daemonset-disableddefaultbackend-values.yaml delete mode 100755 charts/haproxy/haproxy/1.12.500/ci/daemonset-disabledsecretconfig-values.yaml delete mode 100755 charts/haproxy/haproxy/1.12.500/ci/daemonset-enableports-values.yaml delete mode 100755 charts/haproxy/haproxy/1.12.500/ci/daemonset-extraargs-values.yaml delete mode 100755 charts/haproxy/haproxy/1.12.500/ci/daemonset-hostport-values.yaml delete mode 100755 charts/haproxy/haproxy/1.12.500/ci/daemonset-nodeport-values.yaml delete mode 100755 charts/haproxy/haproxy/1.12.500/ci/daemonset-publishservice-values.yaml delete mode 100755 charts/haproxy/haproxy/1.12.500/ci/daemonset-serviceannotation-values.yaml delete mode 100755 charts/haproxy/haproxy/1.12.500/ci/deployment-customconfig-values.yaml delete mode 100755 charts/haproxy/haproxy/1.12.500/ci/deployment-customnodeport-values.yaml delete mode 100755 charts/haproxy/haproxy/1.12.500/ci/deployment-default-values.yaml delete mode 100755 charts/haproxy/haproxy/1.12.500/ci/deployment-disableddefaultbackend-values.yaml delete mode 100755 charts/haproxy/haproxy/1.12.500/ci/deployment-disabledsecretconfig-values.yaml delete mode 100755 charts/haproxy/haproxy/1.12.500/ci/deployment-enableports-values.yaml delete mode 100755 charts/haproxy/haproxy/1.12.500/ci/deployment-extraargs-values.yaml delete mode 100755 charts/haproxy/haproxy/1.12.500/ci/deployment-hpa-values.yaml delete mode 100755 charts/haproxy/haproxy/1.12.500/ci/deployment-nodeport-values.yaml delete mode 100755 charts/haproxy/haproxy/1.12.500/ci/deployment-psp-values.yaml delete mode 100755 charts/haproxy/haproxy/1.12.500/ci/deployment-publishservice-values.yaml delete mode 100755 charts/haproxy/haproxy/1.12.500/ci/deployment-replicacount-unset.yaml delete mode 100755 charts/haproxy/haproxy/1.12.500/questions.yml delete mode 100755 charts/haproxy/haproxy/1.12.500/templates/NOTES.txt delete mode 100755 charts/haproxy/haproxy/1.12.500/templates/_helpers.tpl delete mode 100755 charts/haproxy/haproxy/1.12.500/templates/clusterrole.yaml delete mode 100755 charts/haproxy/haproxy/1.12.500/templates/clusterrolebinding.yaml delete mode 100755 charts/haproxy/haproxy/1.12.500/templates/controller-configmap.yaml delete mode 100755 charts/haproxy/haproxy/1.12.500/templates/controller-daemonset.yaml delete mode 100755 charts/haproxy/haproxy/1.12.500/templates/controller-defaultcertsecret.yaml delete mode 100755 charts/haproxy/haproxy/1.12.500/templates/controller-deployment.yaml delete mode 100755 charts/haproxy/haproxy/1.12.500/templates/controller-hpa.yaml delete mode 100755 charts/haproxy/haproxy/1.12.500/templates/controller-poddisruptionbudget.yaml delete mode 100755 charts/haproxy/haproxy/1.12.500/templates/controller-podsecuritypolicy.yaml delete mode 100755 charts/haproxy/haproxy/1.12.500/templates/controller-pullsecret.yaml delete mode 100755 charts/haproxy/haproxy/1.12.500/templates/controller-role.yaml delete mode 100755 charts/haproxy/haproxy/1.12.500/templates/controller-rolebinding.yaml delete mode 100755 charts/haproxy/haproxy/1.12.500/templates/controller-service.yaml delete mode 100755 charts/haproxy/haproxy/1.12.500/templates/controller-serviceaccount.yaml delete mode 100755 charts/haproxy/haproxy/1.12.500/templates/controller-servicemonitor.yaml delete mode 100755 charts/haproxy/haproxy/1.12.500/templates/default-backend-deployment.yaml delete mode 100755 charts/haproxy/haproxy/1.12.500/templates/default-backend-hpa.yaml delete mode 100755 charts/haproxy/haproxy/1.12.500/templates/default-backend-podsecuritypolicy.yaml delete mode 100755 charts/haproxy/haproxy/1.12.500/templates/default-backend-role.yaml delete mode 100755 charts/haproxy/haproxy/1.12.500/templates/default-backend-rolebinding.yaml delete mode 100755 charts/haproxy/haproxy/1.12.500/templates/default-backend-service.yaml delete mode 100755 charts/haproxy/haproxy/1.12.500/templates/default-backend-serviceaccount.yaml delete mode 100755 charts/haproxy/haproxy/1.12.500/values.yaml delete mode 100755 charts/haproxy/haproxy/1.4.300/.helmignore delete mode 100755 charts/haproxy/haproxy/1.4.300/Chart.yaml delete mode 100755 charts/haproxy/haproxy/1.4.300/README.md delete mode 100755 charts/haproxy/haproxy/1.4.300/app-readme.md delete mode 100755 charts/haproxy/haproxy/1.4.300/ci/daemonset-customconfig-values.yaml delete mode 100755 charts/haproxy/haproxy/1.4.300/ci/daemonset-customnodeport-values.yaml delete mode 100755 charts/haproxy/haproxy/1.4.300/ci/daemonset-default-values.yaml delete mode 100755 charts/haproxy/haproxy/1.4.300/ci/daemonset-disabledsecretconfig-values.yaml delete mode 100755 charts/haproxy/haproxy/1.4.300/ci/daemonset-enableports-values.yaml delete mode 100755 charts/haproxy/haproxy/1.4.300/ci/daemonset-extraargs-values.yaml delete mode 100755 charts/haproxy/haproxy/1.4.300/ci/daemonset-hostport-values.yaml delete mode 100755 charts/haproxy/haproxy/1.4.300/ci/daemonset-nodeport-values.yaml delete mode 100755 charts/haproxy/haproxy/1.4.300/ci/daemonset-publishservice-values.yaml delete mode 100755 charts/haproxy/haproxy/1.4.300/ci/daemonset-serviceannotation-values.yaml delete mode 100755 charts/haproxy/haproxy/1.4.300/ci/deployment-customconfig-values.yaml delete mode 100755 charts/haproxy/haproxy/1.4.300/ci/deployment-customnodeport-values.yaml delete mode 100755 charts/haproxy/haproxy/1.4.300/ci/deployment-default-values.yaml delete mode 100755 charts/haproxy/haproxy/1.4.300/ci/deployment-disabledsecretconfig-values.yaml delete mode 100755 charts/haproxy/haproxy/1.4.300/ci/deployment-enableports-values.yaml delete mode 100755 charts/haproxy/haproxy/1.4.300/ci/deployment-extraargs-values.yaml delete mode 100755 charts/haproxy/haproxy/1.4.300/ci/deployment-nodeport-values.yaml delete mode 100755 charts/haproxy/haproxy/1.4.300/ci/deployment-publishservice-values.yaml delete mode 100755 charts/haproxy/haproxy/1.4.300/ci/deployment-replicacount-unset.yaml delete mode 100755 charts/haproxy/haproxy/1.4.300/ci/deployment-serviceannotation-values.yaml delete mode 100755 charts/haproxy/haproxy/1.4.300/questions.yml delete mode 100755 charts/haproxy/haproxy/1.4.300/templates/NOTES.txt delete mode 100755 charts/haproxy/haproxy/1.4.300/templates/_helpers.tpl delete mode 100755 charts/haproxy/haproxy/1.4.300/templates/clusterrole.yaml delete mode 100755 charts/haproxy/haproxy/1.4.300/templates/clusterrolebinding.yaml delete mode 100755 charts/haproxy/haproxy/1.4.300/templates/controller-configmap.yaml delete mode 100755 charts/haproxy/haproxy/1.4.300/templates/controller-daemonset.yaml delete mode 100755 charts/haproxy/haproxy/1.4.300/templates/controller-defaultcertsecret.yaml delete mode 100755 charts/haproxy/haproxy/1.4.300/templates/controller-deployment.yaml delete mode 100755 charts/haproxy/haproxy/1.4.300/templates/controller-podsecuritypolicy.yaml delete mode 100755 charts/haproxy/haproxy/1.4.300/templates/controller-pullsecret.yaml delete mode 100755 charts/haproxy/haproxy/1.4.300/templates/controller-role.yaml delete mode 100755 charts/haproxy/haproxy/1.4.300/templates/controller-rolebinding.yaml delete mode 100755 charts/haproxy/haproxy/1.4.300/templates/controller-service.yaml delete mode 100755 charts/haproxy/haproxy/1.4.300/templates/controller-serviceaccount.yaml delete mode 100755 charts/haproxy/haproxy/1.4.300/templates/default-backend-deployment.yaml delete mode 100755 charts/haproxy/haproxy/1.4.300/templates/default-backend-podsecuritypolicy.yaml delete mode 100755 charts/haproxy/haproxy/1.4.300/templates/default-backend-role.yaml delete mode 100755 charts/haproxy/haproxy/1.4.300/templates/default-backend-rolebinding.yaml delete mode 100755 charts/haproxy/haproxy/1.4.300/templates/default-backend-service.yaml delete mode 100755 charts/haproxy/haproxy/1.4.300/templates/default-backend-serviceaccount.yaml delete mode 100755 charts/haproxy/haproxy/1.4.300/values.yaml delete mode 100755 charts/hpe-csi-driver/hpe-csi-driver/1.3.000/Chart.yaml delete mode 100755 charts/hpe-csi-driver/hpe-csi-driver/1.3.000/README.md delete mode 100755 charts/hpe-csi-driver/hpe-csi-driver/1.3.000/app-readme.md delete mode 100755 charts/hpe-csi-driver/hpe-csi-driver/1.3.000/crds/hpe-nodeinfo-crd.yaml delete mode 100755 charts/hpe-csi-driver/hpe-csi-driver/1.3.000/crds/hpe-replicated-device-info-crd.yaml delete mode 100755 charts/hpe-csi-driver/hpe-csi-driver/1.3.000/crds/hpe-volumeinfo-crd.yaml delete mode 100755 charts/hpe-csi-driver/hpe-csi-driver/1.3.000/files/config.json delete mode 100755 charts/hpe-csi-driver/hpe-csi-driver/1.3.000/questions.yml delete mode 100755 charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/NOTES.txt delete mode 100755 charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/_helpers.tpl delete mode 100755 charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/csi-driver-crd.yaml delete mode 100755 charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/hpe-csi-controller.yaml delete mode 100755 charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/hpe-csi-node.yaml delete mode 100755 charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/hpe-csi-rbac.yaml delete mode 100755 charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/hpe-linux-config.yaml delete mode 100755 charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/hpe-secret.yaml delete mode 100755 charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/nimble-csp.yaml delete mode 100755 charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/primera-3par-csp.yaml delete mode 100755 charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/sc.yaml delete mode 100755 charts/hpe-csi-driver/hpe-csi-driver/1.3.000/values.yaml delete mode 100644 charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/Chart.yaml delete mode 100644 charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/README.md delete mode 100644 charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/app-readme.md delete mode 100644 charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/crds/hpe-nodeinfo-crd.yaml delete mode 100644 charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/crds/hpe-replicated-device-info-crd.yaml delete mode 100644 charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/crds/hpe-snapshotgroupinfo-crd.yaml delete mode 100644 charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/crds/hpe-volumegroupinfo-crd.yaml delete mode 100644 charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/crds/hpe-volumeinfo-crd.yaml delete mode 100644 charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/crds/storage.hpe.com_snapshotgroupclasses.yaml delete mode 100644 charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/crds/storage.hpe.com_snapshotgroupcontents.yaml delete mode 100644 charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/crds/storage.hpe.com_snapshotgroups.yaml delete mode 100644 charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/crds/storage.hpe.com_volumegroupclasses.yaml delete mode 100644 charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/crds/storage.hpe.com_volumegroupcontents.yaml delete mode 100644 charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/crds/storage.hpe.com_volumegroups.yaml delete mode 100644 charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/files/config.json delete mode 100644 charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/questions.yml delete mode 100644 charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/templates/NOTES.txt delete mode 100644 charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/templates/_helpers.tpl delete mode 100644 charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/templates/csi-driver-crd.yaml delete mode 100644 charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/templates/hpe-csi-controller.yaml delete mode 100644 charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/templates/hpe-csi-node.yaml delete mode 100644 charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/templates/hpe-csi-rbac.yaml delete mode 100644 charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/templates/hpe-linux-config.yaml delete mode 100644 charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/templates/hpe-secret.yaml delete mode 100644 charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/templates/nimble-csp.yaml delete mode 100644 charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/templates/primera-3par-csp.yaml delete mode 100644 charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/templates/sc.yaml delete mode 100644 charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/values.yaml delete mode 100755 charts/hpe-csi-driver/hpe-csi-driver/1.4.200/Chart.yaml delete mode 100755 charts/hpe-csi-driver/hpe-csi-driver/1.4.200/README.md delete mode 100755 charts/hpe-csi-driver/hpe-csi-driver/1.4.200/app-readme.md delete mode 100755 charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/hpe-nodeinfo-crd.yaml delete mode 100755 charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/hpe-replicated-device-info-crd.yaml delete mode 100755 charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/hpe-snapshotgroupinfo-crd.yaml delete mode 100755 charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/hpe-volumegroupinfo-crd.yaml delete mode 100755 charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/hpe-volumeinfo-crd.yaml delete mode 100755 charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/storage.hpe.com_snapshotgroupclasses.yaml delete mode 100755 charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/storage.hpe.com_snapshotgroupcontents.yaml delete mode 100755 charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/storage.hpe.com_snapshotgroups.yaml delete mode 100755 charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/storage.hpe.com_volumegroupclasses.yaml delete mode 100755 charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/storage.hpe.com_volumegroupcontents.yaml delete mode 100755 charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/storage.hpe.com_volumegroups.yaml delete mode 100755 charts/hpe-csi-driver/hpe-csi-driver/1.4.200/files/config.json delete mode 100755 charts/hpe-csi-driver/hpe-csi-driver/1.4.200/questions.yml delete mode 100755 charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/NOTES.txt delete mode 100755 charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/_helpers.tpl delete mode 100755 charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/csi-driver-crd.yaml delete mode 100755 charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/hpe-csi-controller.yaml delete mode 100755 charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/hpe-csi-node.yaml delete mode 100755 charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/hpe-csi-rbac.yaml delete mode 100755 charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/hpe-linux-config.yaml delete mode 100755 charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/hpe-secret.yaml delete mode 100755 charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/nimble-csp.yaml delete mode 100755 charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/primera-3par-csp.yaml delete mode 100755 charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/sc.yaml delete mode 100755 charts/hpe-csi-driver/hpe-csi-driver/1.4.200/values.yaml delete mode 100644 charts/hpe-csi-driver/hpe-csi-driver/2.0.0/Chart.yaml delete mode 100644 charts/hpe-csi-driver/hpe-csi-driver/2.0.0/README.md delete mode 100644 charts/hpe-csi-driver/hpe-csi-driver/2.0.0/app-readme.md delete mode 100644 charts/hpe-csi-driver/hpe-csi-driver/2.0.0/crds/hpe-nodeinfo-crd.yaml delete mode 100644 charts/hpe-csi-driver/hpe-csi-driver/2.0.0/crds/hpe-replicated-device-info-crd.yaml delete mode 100644 charts/hpe-csi-driver/hpe-csi-driver/2.0.0/crds/hpe-snapshotgroupinfo-crd.yaml delete mode 100644 charts/hpe-csi-driver/hpe-csi-driver/2.0.0/crds/hpe-volumegroupinfo-crd.yaml delete mode 100644 charts/hpe-csi-driver/hpe-csi-driver/2.0.0/crds/hpe-volumeinfo-crd.yaml delete mode 100644 charts/hpe-csi-driver/hpe-csi-driver/2.0.0/crds/storage.hpe.com_snapshotgroupclasses.yaml delete mode 100644 charts/hpe-csi-driver/hpe-csi-driver/2.0.0/crds/storage.hpe.com_snapshotgroupcontents.yaml delete mode 100644 charts/hpe-csi-driver/hpe-csi-driver/2.0.0/crds/storage.hpe.com_snapshotgroups.yaml delete mode 100644 charts/hpe-csi-driver/hpe-csi-driver/2.0.0/crds/storage.hpe.com_volumegroupclasses.yaml delete mode 100644 charts/hpe-csi-driver/hpe-csi-driver/2.0.0/crds/storage.hpe.com_volumegroupcontents.yaml delete mode 100644 charts/hpe-csi-driver/hpe-csi-driver/2.0.0/crds/storage.hpe.com_volumegroups.yaml delete mode 100644 charts/hpe-csi-driver/hpe-csi-driver/2.0.0/files/config.json delete mode 100644 charts/hpe-csi-driver/hpe-csi-driver/2.0.0/questions.yml delete mode 100644 charts/hpe-csi-driver/hpe-csi-driver/2.0.0/templates/NOTES.txt delete mode 100644 charts/hpe-csi-driver/hpe-csi-driver/2.0.0/templates/_helpers.tpl delete mode 100644 charts/hpe-csi-driver/hpe-csi-driver/2.0.0/templates/csi-driver-crd.yaml delete mode 100644 charts/hpe-csi-driver/hpe-csi-driver/2.0.0/templates/hpe-csi-controller.yaml delete mode 100644 charts/hpe-csi-driver/hpe-csi-driver/2.0.0/templates/hpe-csi-node.yaml delete mode 100644 charts/hpe-csi-driver/hpe-csi-driver/2.0.0/templates/hpe-csi-rbac.yaml delete mode 100644 charts/hpe-csi-driver/hpe-csi-driver/2.0.0/templates/hpe-linux-config.yaml delete mode 100644 charts/hpe-csi-driver/hpe-csi-driver/2.0.0/templates/nimble-csp.yaml delete mode 100644 charts/hpe-csi-driver/hpe-csi-driver/2.0.0/templates/primera-3par-csp.yaml delete mode 100644 charts/hpe-csi-driver/hpe-csi-driver/2.0.0/values.schema.json delete mode 100644 charts/hpe-csi-driver/hpe-csi-driver/2.0.0/values.yaml delete mode 100644 charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.0/Chart.yaml delete mode 100644 charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.0/README.md delete mode 100644 charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.0/app-readme.md delete mode 100644 charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.0/questions.yml delete mode 100644 charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.0/templates/NOTES.txt delete mode 100644 charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.0/templates/_helpers.tpl delete mode 100644 charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.0/templates/hpe-config.yaml delete mode 100644 charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.0/templates/hpe-doryd-rbac.yaml delete mode 100644 charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.0/templates/hpe-doryd.yaml delete mode 100644 charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.0/templates/hpe-flexvolume-plugin.yaml delete mode 100644 charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.0/templates/hpe-secret.yaml delete mode 100644 charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.0/templates/hpecv-cp.yaml delete mode 100644 charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.0/templates/post-install.yaml delete mode 100644 charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.0/templates/sc.yaml delete mode 100644 charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.0/values.yaml delete mode 100755 charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/Chart.yaml delete mode 100755 charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/README.md delete mode 100755 charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/app-readme.md delete mode 100755 charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/questions.yml delete mode 100755 charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/templates/NOTES.txt delete mode 100755 charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/templates/_helpers.tpl delete mode 100755 charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/templates/hpe-config.yaml delete mode 100755 charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/templates/hpe-doryd-rbac.yaml delete mode 100755 charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/templates/hpe-doryd.yaml delete mode 100755 charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/templates/hpe-flexvolume-plugin.yaml delete mode 100755 charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/templates/hpe-secret.yaml delete mode 100755 charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/templates/hpecv-cp.yaml delete mode 100755 charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/templates/post-install.yaml delete mode 100755 charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/templates/sc.yaml delete mode 100755 charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/values.yaml delete mode 100644 charts/instana-agent/instana-agent/1.0.2900+up1.0.29/.helmignore delete mode 100644 charts/instana-agent/instana-agent/1.0.2900+up1.0.29/Chart.yaml delete mode 100644 charts/instana-agent/instana-agent/1.0.2900+up1.0.29/README.md delete mode 100644 charts/instana-agent/instana-agent/1.0.2900+up1.0.29/app-readme.md delete mode 100644 charts/instana-agent/instana-agent/1.0.2900+up1.0.29/questions.yml delete mode 100644 charts/instana-agent/instana-agent/1.0.2900+up1.0.29/templates/NOTES.txt delete mode 100644 charts/instana-agent/instana-agent/1.0.2900+up1.0.29/templates/_helpers.tpl delete mode 100644 charts/instana-agent/instana-agent/1.0.2900+up1.0.29/templates/agentsecret.yaml delete mode 100644 charts/instana-agent/instana-agent/1.0.2900+up1.0.29/templates/clusterrole.yaml delete mode 100644 charts/instana-agent/instana-agent/1.0.2900+up1.0.29/templates/clusterrolebinding.yaml delete mode 100644 charts/instana-agent/instana-agent/1.0.2900+up1.0.29/templates/configmap.yaml delete mode 100644 charts/instana-agent/instana-agent/1.0.2900+up1.0.29/templates/daemonset.yaml delete mode 100644 charts/instana-agent/instana-agent/1.0.2900+up1.0.29/templates/namespace.yaml delete mode 100644 charts/instana-agent/instana-agent/1.0.2900+up1.0.29/templates/podsecuritypolicy.yaml delete mode 100644 charts/instana-agent/instana-agent/1.0.2900+up1.0.29/templates/serviceaccount.yaml delete mode 100644 charts/instana-agent/instana-agent/1.0.2900+up1.0.29/values.yaml delete mode 100755 charts/instana-agent/instana-agent/1.0.2900/.helmignore delete mode 100755 charts/instana-agent/instana-agent/1.0.2900/Chart.yaml delete mode 100755 charts/instana-agent/instana-agent/1.0.2900/README.md delete mode 100755 charts/instana-agent/instana-agent/1.0.2900/app-readme.md delete mode 100755 charts/instana-agent/instana-agent/1.0.2900/questions.yml delete mode 100755 charts/instana-agent/instana-agent/1.0.2900/templates/NOTES.txt delete mode 100755 charts/instana-agent/instana-agent/1.0.2900/templates/_helpers.tpl delete mode 100755 charts/instana-agent/instana-agent/1.0.2900/templates/agentsecret.yaml delete mode 100755 charts/instana-agent/instana-agent/1.0.2900/templates/clusterrole.yaml delete mode 100755 charts/instana-agent/instana-agent/1.0.2900/templates/clusterrolebinding.yaml delete mode 100755 charts/instana-agent/instana-agent/1.0.2900/templates/configmap.yaml delete mode 100755 charts/instana-agent/instana-agent/1.0.2900/templates/daemonset.yaml delete mode 100755 charts/instana-agent/instana-agent/1.0.2900/templates/namespace.yaml delete mode 100755 charts/instana-agent/instana-agent/1.0.2900/templates/podsecuritypolicy.yaml delete mode 100755 charts/instana-agent/instana-agent/1.0.2900/templates/serviceaccount.yaml delete mode 100755 charts/instana-agent/instana-agent/1.0.2900/values.yaml delete mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500+upv2.0.5/.helmignore delete mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500+upv2.0.5/Chart.yaml delete mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500+upv2.0.5/LICENSE delete mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500+upv2.0.5/README.md delete mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500+upv2.0.5/app-readme.md delete mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500+upv2.0.5/templates/NOTES.txt delete mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500+upv2.0.5/templates/_helpers.tpl delete mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500+upv2.0.5/templates/clusterrole.yaml delete mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500+upv2.0.5/templates/clusterrole_binding.yaml delete mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500+upv2.0.5/templates/deployment.yaml delete mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500+upv2.0.5/templates/mutating-webhook.yaml delete mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500+upv2.0.5/templates/ns-validating-webhook.yaml delete mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500+upv2.0.5/templates/secret.yaml delete mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500+upv2.0.5/templates/triliovault.trilio.io_triliovaultmanagers.yaml delete mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500+upv2.0.5/templates/validating-webhook.yaml delete mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500+upv2.0.5/templates/webhook-service.yaml delete mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500+upv2.0.5/values.yaml delete mode 100755 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/.helmignore delete mode 100755 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/Chart.yaml delete mode 100755 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/LICENSE delete mode 100755 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/README.md delete mode 100755 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/app-readme.md delete mode 100755 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/NOTES.txt delete mode 100755 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/_helpers.tpl delete mode 100755 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/clusterrole.yaml delete mode 100755 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/clusterrole_binding.yaml delete mode 100755 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/deployment.yaml delete mode 100755 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/mutating-webhook.yaml delete mode 100755 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/ns-validating-webhook.yaml delete mode 100755 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/secret.yaml delete mode 100755 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/triliovault.trilio.io_triliovaultmanagers.yaml delete mode 100755 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/validating-webhook.yaml delete mode 100755 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/webhook-service.yaml delete mode 100755 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/values.yaml delete mode 100755 charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/.helmignore delete mode 100755 charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/Chart.yaml delete mode 100755 charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/LICENSE delete mode 100755 charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/README.md delete mode 100755 charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/app-readme.md delete mode 100755 charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/NOTES.txt delete mode 100755 charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/_helpers.tpl delete mode 100755 charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/clusterrole.yaml delete mode 100755 charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/clusterrole_binding.yaml delete mode 100755 charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/deployment.yaml delete mode 100755 charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/mutating-webhook.yaml delete mode 100755 charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/secret.yaml delete mode 100755 charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/triliovault.trilio.io_triliovaultmanagers.yaml delete mode 100755 charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/validating-webhook.yaml delete mode 100755 charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/webhook-service.yaml delete mode 100755 charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/values.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/Chart.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/app-readme.md delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/attached-disks.json delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/grafana/Chart.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/grafana/README.md delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/grafana/templates/NOTES.txt delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/grafana/templates/_helpers.tpl delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/grafana/templates/clusterrole.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/grafana/templates/clusterrolebinding.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/grafana/templates/configmap-dashboard-provider.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/grafana/templates/configmap.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/grafana/templates/dashboards-json-configmap.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/grafana/templates/deployment.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/grafana/templates/ingress.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/grafana/templates/podsecuritypolicy.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/grafana/templates/pvc.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/grafana/templates/role.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/grafana/templates/rolebinding.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/grafana/templates/secret.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/grafana/templates/service.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/grafana/templates/serviceaccount.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/grafana/values.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/.helmignore delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/Chart.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/README.md delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/charts/kube-state-metrics/.helmignore delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/charts/kube-state-metrics/Chart.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/charts/kube-state-metrics/OWNERS delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/charts/kube-state-metrics/README.md delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/charts/kube-state-metrics/templates/NOTES.txt delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/charts/kube-state-metrics/templates/_helpers.tpl delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/charts/kube-state-metrics/templates/clusterrole.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/charts/kube-state-metrics/templates/clusterrolebinding.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/charts/kube-state-metrics/templates/deployment.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/charts/kube-state-metrics/templates/podsecuritypolicy.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/charts/kube-state-metrics/templates/psp-clusterrole.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/charts/kube-state-metrics/templates/psp-clusterrolebinding.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/charts/kube-state-metrics/templates/service.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/charts/kube-state-metrics/templates/serviceaccount.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/charts/kube-state-metrics/templates/servicemonitor.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/charts/kube-state-metrics/templates/stsdiscovery-role.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/charts/kube-state-metrics/values.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/requirements.lock delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/requirements.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/NOTES.txt delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/_helpers.tpl delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/alertmanager-clusterrole.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/alertmanager-clusterrolebinding.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/alertmanager-configmap.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/alertmanager-deployment.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/alertmanager-ingress.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/alertmanager-networkpolicy.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/alertmanager-pdb.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/alertmanager-podsecuritypolicy.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/alertmanager-pvc.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/alertmanager-service-headless.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/alertmanager-service.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/alertmanager-serviceaccount.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/alertmanager-statefulset.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/node-exporter-daemonset.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/node-exporter-podsecuritypolicy.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/node-exporter-role.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/node-exporter-rolebinding.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/node-exporter-service.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/node-exporter-serviceaccount.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/pushgateway-clusterrole.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/pushgateway-clusterrolebinding.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/pushgateway-deployment.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/pushgateway-ingress.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/pushgateway-networkpolicy.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/pushgateway-pdb.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/pushgateway-podsecuritypolicy.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/pushgateway-pvc.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/pushgateway-service.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/pushgateway-serviceaccount.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/server-clusterrole.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/server-clusterrolebinding.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/server-configmap.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/server-deployment.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/server-ingress.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/server-networkpolicy.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/server-pdb.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/server-podsecuritypolicy.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/server-pvc.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/server-service-headless.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/server-service.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/server-serviceaccount.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/server-statefulset.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/server-vpa.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/values.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/thanos/.helmignore delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/thanos/Chart.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/thanos/requirements.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/NOTES.txt delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/_helpers.tpl delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/bucket-deployment.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/bucket-ingress.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/bucket-poddisruptionbudget.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/bucket-service.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/compact-deployment.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/compact-pvc.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/compact-service.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/compact-servicemonitor.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/query-deployment.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/query-frontend-deployment.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/query-frontend-horizontalpodautoscaler.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/query-frontend-ingress.yml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/query-frontend-poddisruptionbudget.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/query-frontend-service.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/query-frontend-servicemonitor.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/query-horizontalpodautoscaler.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/query-ingress.yml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/query-poddisruptionbudget.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/query-service.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/query-servicemonitor.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/sidecar-service.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/sidecar-servicemonitor.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/store-deployment.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/store-ingress.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/store-service.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/store-servicemonitor.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/charts/thanos/values.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/cluster-metrics.json delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/cluster-utilization.json delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/deployment-utilization.json delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/label-cost-utilization.json delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/namespace-utilization.json delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/node-utilization.json delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/pod-utilization.json delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/prom-benchmark.json delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/questions.yml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/templates/NOTES.txt delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/templates/_helpers.tpl delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/templates/aws-service-key-secret.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/templates/awsstore-deployment-template.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/templates/awsstore-service-account-template.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/templates/azure-service-key-secret.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-alerts-configmap.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-checks-template.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-cluser-role-template.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-cluster-role-binding-template.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-config-map-template.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-db-pvc-template.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-deployment-template.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-frontend-config-map-template.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-ingress-template.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-network-costs-config-map-template.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-network-costs-podmonitor-template.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-network-costs-template.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-network-policy.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-pkey-configmap.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-postgres-deployment.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-postgres-pv.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-postgres-pvc.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-postgres-service.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-pricing-configmap.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-prometheus-postgres-adapter-deployment.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-prometheus-postgres-adapter-service.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-prometheusrule-template.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-psp-role.template.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-psp-rolebinding.template.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-psp.template.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-pvc-template.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-saml-config-map-template.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-server-configmap.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-service-account-template.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-service-template.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-servicemonitor-template.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/templates/external-grafana-config-map-template.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/templates/grafana-attached-disk-metrics-template.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/templates/grafana-dashboard-cluster-metrics-template.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/templates/grafana-dashboard-cluster-utilization-template.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/templates/grafana-dashboard-deployment-utilization-template.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/templates/grafana-dashboard-label-cost-utilization-template.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/templates/grafana-dashboard-namespace-utilization-template.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/templates/grafana-dashboard-node-utilization-template.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/templates/grafana-dashboard-pod-utilization-template.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/templates/grafana-dashboard-prometheus-metrics-template.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/templates/grafana-datasource-template.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/templates/kubecost-cluster-controller-template.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/templates/kubecost-cluster-manager-configmap-template.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/templates/kubecost-priority-class-template.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/templates/network-costs-psp.template.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/templates/network-costs-role.template.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/templates/network-costs-rolebinding.template.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/values-thanos.yaml delete mode 100644 charts/kubecost/cost-analyzer/1.70.0/values.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/Chart.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/app-readme.md delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/attached-disks.json delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/grafana/Chart.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/grafana/README.md delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/NOTES.txt delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/_helpers.tpl delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/clusterrole.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/clusterrolebinding.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/configmap-dashboard-provider.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/configmap.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/dashboards-json-configmap.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/deployment.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/ingress.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/podsecuritypolicy.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/pvc.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/role.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/rolebinding.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/secret.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/service.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/serviceaccount.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/grafana/values.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/.helmignore delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/Chart.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/README.md delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/.helmignore delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/Chart.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/OWNERS delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/README.md delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/NOTES.txt delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/_helpers.tpl delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/clusterrole.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/clusterrolebinding.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/deployment.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/podsecuritypolicy.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/psp-clusterrole.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/psp-clusterrolebinding.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/service.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/serviceaccount.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/servicemonitor.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/stsdiscovery-role.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/values.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/requirements.lock delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/requirements.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/NOTES.txt delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/_helpers.tpl delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-clusterrole.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-clusterrolebinding.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-configmap.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-deployment.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-ingress.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-networkpolicy.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-pdb.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-podsecuritypolicy.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-pvc.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-service-headless.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-service.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-serviceaccount.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-statefulset.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/node-exporter-daemonset.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/node-exporter-podsecuritypolicy.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/node-exporter-role.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/node-exporter-rolebinding.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/node-exporter-service.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/node-exporter-serviceaccount.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-clusterrole.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-clusterrolebinding.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-deployment.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-ingress.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-networkpolicy.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-pdb.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-podsecuritypolicy.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-pvc.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-service.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-serviceaccount.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-clusterrole.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-clusterrolebinding.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-configmap.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-deployment.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-ingress.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-networkpolicy.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-pdb.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-podsecuritypolicy.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-pvc.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-service-headless.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-service.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-serviceaccount.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-statefulset.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-vpa.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/values.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/thanos/.helmignore delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/thanos/Chart.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/thanos/requirements.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/NOTES.txt delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/_helpers.tpl delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/bucket-deployment.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/bucket-ingress.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/bucket-poddisruptionbudget.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/bucket-service.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/compact-deployment.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/compact-pvc.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/compact-service.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/compact-servicemonitor.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-deployment.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-frontend-deployment.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-frontend-horizontalpodautoscaler.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-frontend-ingress.yml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-frontend-poddisruptionbudget.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-frontend-service.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-frontend-servicemonitor.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-horizontalpodautoscaler.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-ingress.yml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-poddisruptionbudget.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-service.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-servicemonitor.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/sidecar-service.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/sidecar-servicemonitor.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/store-deployment.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/store-ingress.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/store-service.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/store-servicemonitor.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/charts/thanos/values.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/cluster-metrics.json delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/cluster-utilization.json delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/deployment-utilization.json delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/label-cost-utilization.json delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/namespace-utilization.json delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/node-utilization.json delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/pod-utilization.json delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/prom-benchmark.json delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/questions.yml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/templates/NOTES.txt delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/templates/_helpers.tpl delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/templates/aws-service-key-secret.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/templates/awsstore-deployment-template.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/templates/awsstore-service-account-template.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/templates/azure-service-key-secret.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-alerts-configmap.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-checks-template.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-cluser-role-template.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-cluster-role-binding-template.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-config-map-template.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-db-pvc-template.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-deployment-template.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-frontend-config-map-template.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-ingress-template.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-network-costs-config-map-template.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-network-costs-podmonitor-template.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-network-costs-template.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-network-policy.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-pkey-configmap.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-postgres-deployment.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-postgres-pv.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-postgres-pvc.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-postgres-service.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-pricing-configmap.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-prometheus-postgres-adapter-deployment.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-prometheus-postgres-adapter-service.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-prometheusrule-template.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-psp-role.template.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-psp-rolebinding.template.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-psp.template.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-pvc-template.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-saml-config-map-template.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-server-configmap.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-service-account-template.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-service-template.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-servicemonitor-template.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/templates/external-grafana-config-map-template.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/templates/grafana-attached-disk-metrics-template.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/templates/grafana-dashboard-cluster-metrics-template.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/templates/grafana-dashboard-cluster-utilization-template.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/templates/grafana-dashboard-deployment-utilization-template.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/templates/grafana-dashboard-label-cost-utilization-template.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/templates/grafana-dashboard-namespace-utilization-template.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/templates/grafana-dashboard-node-utilization-template.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/templates/grafana-dashboard-pod-utilization-template.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/templates/grafana-dashboard-prometheus-metrics-template.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/templates/grafana-datasource-template.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/templates/kubecost-cluster-controller-template.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/templates/kubecost-cluster-manager-configmap-template.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/templates/kubecost-priority-class-template.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/templates/network-costs-psp.template.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/templates/network-costs-role.template.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/templates/network-costs-rolebinding.template.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/values-thanos.yaml delete mode 100755 charts/kubecost/cost-analyzer/1.70.000/values.yaml delete mode 100644 charts/neuvector/neuvector/1.8.0/.helmignore delete mode 100644 charts/neuvector/neuvector/1.8.0/Chart.yaml delete mode 100644 charts/neuvector/neuvector/1.8.0/README.md delete mode 100644 charts/neuvector/neuvector/1.8.0/app-readme.md delete mode 100644 charts/neuvector/neuvector/1.8.0/questions.yml delete mode 100644 charts/neuvector/neuvector/1.8.0/templates/NOTES.txt delete mode 100644 charts/neuvector/neuvector/1.8.0/templates/_helpers.tpl delete mode 100644 charts/neuvector/neuvector/1.8.0/templates/admission-webhook-service.yaml delete mode 100644 charts/neuvector/neuvector/1.8.0/templates/clusterrole.yaml delete mode 100644 charts/neuvector/neuvector/1.8.0/templates/clusterrolebinding.yaml delete mode 100644 charts/neuvector/neuvector/1.8.0/templates/configmap.yaml delete mode 100644 charts/neuvector/neuvector/1.8.0/templates/controller-deployment.yaml delete mode 100644 charts/neuvector/neuvector/1.8.0/templates/controller-ingress.yaml delete mode 100644 charts/neuvector/neuvector/1.8.0/templates/controller-route.yaml delete mode 100644 charts/neuvector/neuvector/1.8.0/templates/controller-service.yaml delete mode 100644 charts/neuvector/neuvector/1.8.0/templates/crd.yaml delete mode 100644 charts/neuvector/neuvector/1.8.0/templates/enforcer-daemonset.yaml delete mode 100644 charts/neuvector/neuvector/1.8.0/templates/manager-deployment.yaml delete mode 100644 charts/neuvector/neuvector/1.8.0/templates/manager-ingress.yaml delete mode 100644 charts/neuvector/neuvector/1.8.0/templates/manager-route.yaml delete mode 100644 charts/neuvector/neuvector/1.8.0/templates/manager-service.yaml delete mode 100644 charts/neuvector/neuvector/1.8.0/templates/psp.yaml delete mode 100644 charts/neuvector/neuvector/1.8.0/templates/pvc.yaml delete mode 100644 charts/neuvector/neuvector/1.8.0/templates/rolebinding.yaml delete mode 100644 charts/neuvector/neuvector/1.8.0/templates/scanner-deployment.yaml delete mode 100644 charts/neuvector/neuvector/1.8.0/templates/updater-cronjob.yaml delete mode 100644 charts/neuvector/neuvector/1.8.0/values.yaml delete mode 100644 charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/.helmignore delete mode 100644 charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/Chart.yaml delete mode 100644 charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/README.md delete mode 100644 charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/app-readme.md delete mode 100644 charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/crds/snapshot.storage.k8s.io_volumesnapshotclasses.yaml delete mode 100644 charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/crds/snapshot.storage.k8s.io_volumesnapshotcontents.yaml delete mode 100644 charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/crds/snapshot.storage.k8s.io_volumesnapshots.yaml delete mode 100644 charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/questions.yml delete mode 100644 charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/templates/NOTES.txt delete mode 100644 charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/templates/_helpers.tpl delete mode 100644 charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/templates/csi-driver.yaml delete mode 100644 charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/templates/ntnx-cs-scc.yaml delete mode 100644 charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/templates/ntnx-csi-node.yaml delete mode 100644 charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/templates/ntnx-csi-provisioner.yaml delete mode 100644 charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/templates/ntnx-csi-rbac.yaml delete mode 100644 charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/templates/ntnx-secret.yaml delete mode 100644 charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/templates/sc.yaml delete mode 100644 charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/templates/snapshot-controller-rbac.yaml delete mode 100644 charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/templates/snapshot-controller-setup.yaml delete mode 100644 charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/values.yaml delete mode 100755 charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/.helmignore delete mode 100755 charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/Chart.yaml delete mode 100755 charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/README.md delete mode 100755 charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/app-readme.md delete mode 100755 charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/crds/snapshot.storage.k8s.io_volumesnapshotclasses.yaml delete mode 100755 charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/crds/snapshot.storage.k8s.io_volumesnapshotcontents.yaml delete mode 100755 charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/crds/snapshot.storage.k8s.io_volumesnapshots.yaml delete mode 100755 charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/questions.yml delete mode 100755 charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/NOTES.txt delete mode 100755 charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/_helpers.tpl delete mode 100755 charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/csi-driver.yaml delete mode 100755 charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/ntnx-cs-scc.yaml delete mode 100755 charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/ntnx-csi-node.yaml delete mode 100755 charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/ntnx-csi-provisioner.yaml delete mode 100755 charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/ntnx-csi-rbac.yaml delete mode 100755 charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/ntnx-secret.yaml delete mode 100755 charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/sc.yaml delete mode 100755 charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/snapshot-controller-rbac.yaml delete mode 100755 charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/snapshot-controller-setup.yaml delete mode 100755 charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/values.yaml delete mode 100644 charts/openebs/openebs/1.12.300+up1.12.3/Chart.yaml delete mode 100644 charts/openebs/openebs/1.12.300+up1.12.3/OWNERS delete mode 100644 charts/openebs/openebs/1.12.300+up1.12.3/README.md delete mode 100644 charts/openebs/openebs/1.12.300+up1.12.3/app-readme.md delete mode 100644 charts/openebs/openebs/1.12.300+up1.12.3/questions.yml delete mode 100644 charts/openebs/openebs/1.12.300+up1.12.3/templates/NOTES.txt delete mode 100644 charts/openebs/openebs/1.12.300+up1.12.3/templates/_helpers.tpl delete mode 100644 charts/openebs/openebs/1.12.300+up1.12.3/templates/clusterrole.yaml delete mode 100644 charts/openebs/openebs/1.12.300+up1.12.3/templates/clusterrolebinding.yaml delete mode 100644 charts/openebs/openebs/1.12.300+up1.12.3/templates/cm-node-disk-manager.yaml delete mode 100644 charts/openebs/openebs/1.12.300+up1.12.3/templates/daemonset-ndm.yaml delete mode 100644 charts/openebs/openebs/1.12.300+up1.12.3/templates/deployment-admission-server.yaml delete mode 100644 charts/openebs/openebs/1.12.300+up1.12.3/templates/deployment-local-provisioner.yaml delete mode 100644 charts/openebs/openebs/1.12.300+up1.12.3/templates/deployment-maya-apiserver.yaml delete mode 100644 charts/openebs/openebs/1.12.300+up1.12.3/templates/deployment-maya-provisioner.yaml delete mode 100644 charts/openebs/openebs/1.12.300+up1.12.3/templates/deployment-maya-snapshot-operator.yaml delete mode 100644 charts/openebs/openebs/1.12.300+up1.12.3/templates/deployment-ndm-operator.yaml delete mode 100644 charts/openebs/openebs/1.12.300+up1.12.3/templates/psp-clusterrole.yaml delete mode 100644 charts/openebs/openebs/1.12.300+up1.12.3/templates/psp-clusterrolebinding.yaml delete mode 100644 charts/openebs/openebs/1.12.300+up1.12.3/templates/psp.yaml delete mode 100644 charts/openebs/openebs/1.12.300+up1.12.3/templates/service-maya-apiserver.yaml delete mode 100644 charts/openebs/openebs/1.12.300+up1.12.3/templates/serviceaccount.yaml delete mode 100644 charts/openebs/openebs/1.12.300+up1.12.3/values.yaml delete mode 100755 charts/openebs/openebs/1.12.300/Chart.yaml delete mode 100755 charts/openebs/openebs/1.12.300/OWNERS delete mode 100755 charts/openebs/openebs/1.12.300/README.md delete mode 100755 charts/openebs/openebs/1.12.300/app-readme.md delete mode 100755 charts/openebs/openebs/1.12.300/questions.yml delete mode 100755 charts/openebs/openebs/1.12.300/templates/NOTES.txt delete mode 100755 charts/openebs/openebs/1.12.300/templates/_helpers.tpl delete mode 100755 charts/openebs/openebs/1.12.300/templates/clusterrole.yaml delete mode 100755 charts/openebs/openebs/1.12.300/templates/clusterrolebinding.yaml delete mode 100755 charts/openebs/openebs/1.12.300/templates/cm-node-disk-manager.yaml delete mode 100755 charts/openebs/openebs/1.12.300/templates/daemonset-ndm.yaml delete mode 100755 charts/openebs/openebs/1.12.300/templates/deployment-admission-server.yaml delete mode 100755 charts/openebs/openebs/1.12.300/templates/deployment-local-provisioner.yaml delete mode 100755 charts/openebs/openebs/1.12.300/templates/deployment-maya-apiserver.yaml delete mode 100755 charts/openebs/openebs/1.12.300/templates/deployment-maya-provisioner.yaml delete mode 100755 charts/openebs/openebs/1.12.300/templates/deployment-maya-snapshot-operator.yaml delete mode 100755 charts/openebs/openebs/1.12.300/templates/deployment-ndm-operator.yaml delete mode 100755 charts/openebs/openebs/1.12.300/templates/psp-clusterrole.yaml delete mode 100755 charts/openebs/openebs/1.12.300/templates/psp-clusterrolebinding.yaml delete mode 100755 charts/openebs/openebs/1.12.300/templates/psp.yaml delete mode 100755 charts/openebs/openebs/1.12.300/templates/service-maya-apiserver.yaml delete mode 100755 charts/openebs/openebs/1.12.300/templates/serviceaccount.yaml delete mode 100755 charts/openebs/openebs/1.12.300/values.yaml delete mode 100644 charts/openebs/openebs/2.11.0/Chart.lock delete mode 100644 charts/openebs/openebs/2.11.0/Chart.yaml delete mode 100644 charts/openebs/openebs/2.11.0/OWNERS delete mode 100644 charts/openebs/openebs/2.11.0/README.md delete mode 100644 charts/openebs/openebs/2.11.0/app-readme.md delete mode 100644 charts/openebs/openebs/2.11.0/charts/cstor/.helmignore delete mode 100644 charts/openebs/openebs/2.11.0/charts/cstor/Chart.lock delete mode 100644 charts/openebs/openebs/2.11.0/charts/cstor/Chart.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/cstor/README.md delete mode 100644 charts/openebs/openebs/2.11.0/charts/cstor/charts/openebs-ndm/Chart.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/cstor/charts/openebs-ndm/README.md delete mode 100644 charts/openebs/openebs/2.11.0/charts/cstor/charts/openebs-ndm/crds/blockdevice.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/cstor/charts/openebs-ndm/crds/blockdeviceclaim.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/cstor/charts/openebs-ndm/templates/NOTES.txt delete mode 100644 charts/openebs/openebs/2.11.0/charts/cstor/charts/openebs-ndm/templates/_helpers.tpl delete mode 100644 charts/openebs/openebs/2.11.0/charts/cstor/charts/openebs-ndm/templates/configmap.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/cstor/charts/openebs-ndm/templates/daemonset.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/cstor/charts/openebs-ndm/templates/deployment.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/cstor/charts/openebs-ndm/templates/rbac.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/cstor/charts/openebs-ndm/values.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/cstor/crds/cstorbackup.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/cstor/crds/cstorcompletedbackup.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/cstor/crds/cstorpoolcluster.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/cstor/crds/cstorpoolinstance.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/cstor/crds/cstorrestore.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/cstor/crds/cstorvolume.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/cstor/crds/cstorvolumeattachment.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/cstor/crds/cstorvolumeconfig.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/cstor/crds/cstorvolumepolicy.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/cstor/crds/cstorvolumereplica.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/cstor/crds/migrationtask.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/cstor/crds/upgradetask.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/cstor/crds/volumesnapshot.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/cstor/crds/volumesnapshotclass.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/cstor/crds/volumesnapshotcontent.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/cstor/templates/NOTES.txt delete mode 100644 charts/openebs/openebs/2.11.0/charts/cstor/templates/_helpers.tpl delete mode 100644 charts/openebs/openebs/2.11.0/charts/cstor/templates/admission-server.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/cstor/templates/cleanup-webhook.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/cstor/templates/csi-controller-rbac.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/cstor/templates/csi-controller.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/cstor/templates/csi-driver.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/cstor/templates/csi-iscsiadm-config.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/cstor/templates/csi-node-rbac.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/cstor/templates/csi-node.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/cstor/templates/cspc-operator.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/cstor/templates/cvc-operator-service.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/cstor/templates/cvc-operator.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/cstor/templates/priority-class.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/cstor/templates/psp.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/cstor/templates/rbac.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/cstor/templates/snapshot-class.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/cstor/values.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/jiva/.helmignore delete mode 100644 charts/openebs/openebs/2.11.0/charts/jiva/Chart.lock delete mode 100644 charts/openebs/openebs/2.11.0/charts/jiva/Chart.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/jiva/README.md delete mode 100644 charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/.helmignore delete mode 100644 charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/Chart.lock delete mode 100644 charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/Chart.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/README.md delete mode 100644 charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/charts/openebs-ndm/Chart.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/charts/openebs-ndm/README.md delete mode 100644 charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/charts/openebs-ndm/crds/blockdevice.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/charts/openebs-ndm/crds/blockdeviceclaim.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/charts/openebs-ndm/templates/NOTES.txt delete mode 100644 charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/charts/openebs-ndm/templates/_helpers.tpl delete mode 100644 charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/charts/openebs-ndm/templates/configmap.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/charts/openebs-ndm/templates/daemonset.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/charts/openebs-ndm/templates/deployment.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/charts/openebs-ndm/templates/rbac.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/charts/openebs-ndm/values.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/templates/NOTES.txt delete mode 100644 charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/templates/_helpers.tpl delete mode 100644 charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/templates/deployment.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/templates/device-class.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/templates/hostpath-class.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/templates/psp.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/templates/rbac.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/values.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/jiva/crds/jivavolumepolicy.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/jiva/crds/jivavolumes.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/jiva/crds/upgradetask.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/jiva/templates/NOTES.txt delete mode 100644 charts/openebs/openebs/2.11.0/charts/jiva/templates/_helpers.tpl delete mode 100644 charts/openebs/openebs/2.11.0/charts/jiva/templates/csi-controller-rbac.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/jiva/templates/csi-controller.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/jiva/templates/csi-driver.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/jiva/templates/csi-iscsiadm-config.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/jiva/templates/csi-node-rbac.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/jiva/templates/csi-node.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/jiva/templates/default-policy.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/jiva/templates/default-storageclass.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/jiva/templates/jiva-operator-rbac.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/jiva/templates/jiva-operator.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/jiva/templates/priority-class.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/jiva/templates/psp.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/jiva/values.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/localpv-provisioner/.helmignore delete mode 100644 charts/openebs/openebs/2.11.0/charts/localpv-provisioner/Chart.lock delete mode 100644 charts/openebs/openebs/2.11.0/charts/localpv-provisioner/Chart.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/localpv-provisioner/README.md delete mode 100644 charts/openebs/openebs/2.11.0/charts/localpv-provisioner/charts/openebs-ndm/Chart.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/localpv-provisioner/charts/openebs-ndm/README.md delete mode 100644 charts/openebs/openebs/2.11.0/charts/localpv-provisioner/charts/openebs-ndm/crds/blockdevice.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/localpv-provisioner/charts/openebs-ndm/crds/blockdeviceclaim.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/localpv-provisioner/charts/openebs-ndm/templates/NOTES.txt delete mode 100644 charts/openebs/openebs/2.11.0/charts/localpv-provisioner/charts/openebs-ndm/templates/_helpers.tpl delete mode 100644 charts/openebs/openebs/2.11.0/charts/localpv-provisioner/charts/openebs-ndm/templates/configmap.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/localpv-provisioner/charts/openebs-ndm/templates/daemonset.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/localpv-provisioner/charts/openebs-ndm/templates/deployment.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/localpv-provisioner/charts/openebs-ndm/templates/rbac.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/localpv-provisioner/charts/openebs-ndm/values.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/localpv-provisioner/templates/NOTES.txt delete mode 100644 charts/openebs/openebs/2.11.0/charts/localpv-provisioner/templates/_helpers.tpl delete mode 100644 charts/openebs/openebs/2.11.0/charts/localpv-provisioner/templates/deployment.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/localpv-provisioner/templates/device-class.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/localpv-provisioner/templates/hostpath-class.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/localpv-provisioner/templates/psp.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/localpv-provisioner/templates/rbac.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/localpv-provisioner/values.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/lvm-localpv/.helmignore delete mode 100644 charts/openebs/openebs/2.11.0/charts/lvm-localpv/Chart.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/lvm-localpv/README.md delete mode 100644 charts/openebs/openebs/2.11.0/charts/lvm-localpv/crds/lvmnode.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/lvm-localpv/crds/lvmsnapshot.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/lvm-localpv/crds/lvmvolume.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/lvm-localpv/crds/volumesnapshotclasses.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/lvm-localpv/crds/volumesnapshotcontents.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/lvm-localpv/crds/volumesnapshots.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/lvm-localpv/templates/NOTES.txt delete mode 100644 charts/openebs/openebs/2.11.0/charts/lvm-localpv/templates/_helpers.tpl delete mode 100644 charts/openebs/openebs/2.11.0/charts/lvm-localpv/templates/csidriver.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/lvm-localpv/templates/lvm-controller.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/lvm-localpv/templates/lvm-node-service.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/lvm-localpv/templates/lvm-node.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/lvm-localpv/templates/psp.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/lvm-localpv/templates/rbac.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/lvm-localpv/values.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/openebs-ndm/Chart.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/openebs-ndm/README.md delete mode 100644 charts/openebs/openebs/2.11.0/charts/openebs-ndm/crds/blockdevice.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/openebs-ndm/crds/blockdeviceclaim.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/openebs-ndm/templates/NOTES.txt delete mode 100644 charts/openebs/openebs/2.11.0/charts/openebs-ndm/templates/_helpers.tpl delete mode 100644 charts/openebs/openebs/2.11.0/charts/openebs-ndm/templates/configmap.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/openebs-ndm/templates/daemonset.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/openebs-ndm/templates/deployment.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/openebs-ndm/templates/rbac.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/openebs-ndm/values.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/zfs-localpv/.helmignore delete mode 100644 charts/openebs/openebs/2.11.0/charts/zfs-localpv/Chart.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/zfs-localpv/README.md delete mode 100644 charts/openebs/openebs/2.11.0/charts/zfs-localpv/crds/volumesnapshotclasses.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/zfs-localpv/crds/volumesnapshotcontents.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/zfs-localpv/crds/volumesnapshots.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/zfs-localpv/crds/zfsbackup.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/zfs-localpv/crds/zfsnode.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/zfs-localpv/crds/zfsrestore.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/zfs-localpv/crds/zfssnapshot.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/zfs-localpv/crds/zfsvolume.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/zfs-localpv/templates/NOTES.txt delete mode 100644 charts/openebs/openebs/2.11.0/charts/zfs-localpv/templates/_helpers.tpl delete mode 100644 charts/openebs/openebs/2.11.0/charts/zfs-localpv/templates/configmap.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/zfs-localpv/templates/csidriver.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/zfs-localpv/templates/psp.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/zfs-localpv/templates/rbac.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/zfs-localpv/templates/zfs-contoller.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/zfs-localpv/templates/zfs-node.yaml delete mode 100644 charts/openebs/openebs/2.11.0/charts/zfs-localpv/values.yaml delete mode 100644 charts/openebs/openebs/2.11.0/questions.yml delete mode 100644 charts/openebs/openebs/2.11.0/templates/NOTES.txt delete mode 100644 charts/openebs/openebs/2.11.0/templates/_helpers.tpl delete mode 100644 charts/openebs/openebs/2.11.0/templates/cleanup-webhook.yaml delete mode 100644 charts/openebs/openebs/2.11.0/templates/clusterrole.yaml delete mode 100644 charts/openebs/openebs/2.11.0/templates/clusterrolebinding.yaml delete mode 100644 charts/openebs/openebs/2.11.0/templates/cm-node-disk-manager.yaml delete mode 100644 charts/openebs/openebs/2.11.0/templates/daemonset-ndm.yaml delete mode 100644 charts/openebs/openebs/2.11.0/templates/deployment-admission-server.yaml delete mode 100644 charts/openebs/openebs/2.11.0/templates/deployment-local-provisioner.yaml delete mode 100644 charts/openebs/openebs/2.11.0/templates/deployment-maya-apiserver.yaml delete mode 100644 charts/openebs/openebs/2.11.0/templates/deployment-maya-provisioner.yaml delete mode 100644 charts/openebs/openebs/2.11.0/templates/deployment-maya-snapshot-operator.yaml delete mode 100644 charts/openebs/openebs/2.11.0/templates/deployment-ndm-operator.yaml delete mode 100644 charts/openebs/openebs/2.11.0/templates/psp-clusterrole.yaml delete mode 100644 charts/openebs/openebs/2.11.0/templates/psp-clusterrolebinding.yaml delete mode 100644 charts/openebs/openebs/2.11.0/templates/psp.yaml delete mode 100644 charts/openebs/openebs/2.11.0/templates/service-maya-apiserver.yaml delete mode 100644 charts/openebs/openebs/2.11.0/templates/serviceaccount.yaml delete mode 100644 charts/openebs/openebs/2.11.0/values.yaml delete mode 100644 charts/portshift-operator/portshift-operator/0.1.0/.helmignore delete mode 100644 charts/portshift-operator/portshift-operator/0.1.0/Chart.yaml delete mode 100644 charts/portshift-operator/portshift-operator/0.1.0/README.md delete mode 100644 charts/portshift-operator/portshift-operator/0.1.0/app-readme.md delete mode 100644 charts/portshift-operator/portshift-operator/0.1.0/crds/crd.yaml delete mode 100644 charts/portshift-operator/portshift-operator/0.1.0/questions.yaml delete mode 100644 charts/portshift-operator/portshift-operator/0.1.0/templates/_helpers.tpl delete mode 100644 charts/portshift-operator/portshift-operator/0.1.0/templates/clusterrolebinding.yaml delete mode 100644 charts/portshift-operator/portshift-operator/0.1.0/templates/deployment.yaml delete mode 100644 charts/portshift-operator/portshift-operator/0.1.0/templates/portshiftinstaller.yaml delete mode 100644 charts/portshift-operator/portshift-operator/0.1.0/templates/secret.yaml delete mode 100644 charts/portshift-operator/portshift-operator/0.1.0/templates/serviceaccount.yaml delete mode 100644 charts/portshift-operator/portshift-operator/0.1.0/values.yaml delete mode 100755 charts/portshift-operator/portshift-operator/0.1.000/.helmignore delete mode 100755 charts/portshift-operator/portshift-operator/0.1.000/Chart.yaml delete mode 100755 charts/portshift-operator/portshift-operator/0.1.000/README.md delete mode 100755 charts/portshift-operator/portshift-operator/0.1.000/app-readme.md delete mode 100755 charts/portshift-operator/portshift-operator/0.1.000/crds/crd.yaml delete mode 100755 charts/portshift-operator/portshift-operator/0.1.000/questions.yaml delete mode 100755 charts/portshift-operator/portshift-operator/0.1.000/templates/_helpers.tpl delete mode 100755 charts/portshift-operator/portshift-operator/0.1.000/templates/clusterrolebinding.yaml delete mode 100755 charts/portshift-operator/portshift-operator/0.1.000/templates/deployment.yaml delete mode 100755 charts/portshift-operator/portshift-operator/0.1.000/templates/portshiftinstaller.yaml delete mode 100755 charts/portshift-operator/portshift-operator/0.1.000/templates/secret.yaml delete mode 100755 charts/portshift-operator/portshift-operator/0.1.000/templates/serviceaccount.yaml delete mode 100755 charts/portshift-operator/portshift-operator/0.1.000/values.yaml delete mode 100644 charts/streamsets/control-agent/2.0.100+up2.0.1/.helmignore delete mode 100644 charts/streamsets/control-agent/2.0.100+up2.0.1/Chart.yaml delete mode 100644 charts/streamsets/control-agent/2.0.100+up2.0.1/README.md delete mode 100644 charts/streamsets/control-agent/2.0.100+up2.0.1/app-readme.md delete mode 100644 charts/streamsets/control-agent/2.0.100+up2.0.1/krb/krb5.conf delete mode 100644 charts/streamsets/control-agent/2.0.100+up2.0.1/questions.yml delete mode 100644 charts/streamsets/control-agent/2.0.100+up2.0.1/templates/NOTES.txt delete mode 100644 charts/streamsets/control-agent/2.0.100+up2.0.1/templates/_helpers.tpl delete mode 100644 charts/streamsets/control-agent/2.0.100+up2.0.1/templates/deployment.yaml delete mode 100644 charts/streamsets/control-agent/2.0.100+up2.0.1/templates/krb5-secret.yaml delete mode 100644 charts/streamsets/control-agent/2.0.100+up2.0.1/templates/rbac.yaml delete mode 100644 charts/streamsets/control-agent/2.0.100+up2.0.1/templates/sdc.yaml delete mode 100644 charts/streamsets/control-agent/2.0.100+up2.0.1/templates/token-secret.yaml delete mode 100644 charts/streamsets/control-agent/2.0.100+up2.0.1/values.yaml delete mode 100755 charts/streamsets/control-agent/2.0.100/.helmignore delete mode 100755 charts/streamsets/control-agent/2.0.100/Chart.yaml delete mode 100755 charts/streamsets/control-agent/2.0.100/README.md delete mode 100755 charts/streamsets/control-agent/2.0.100/app-readme.md delete mode 100755 charts/streamsets/control-agent/2.0.100/krb/krb5.conf delete mode 100755 charts/streamsets/control-agent/2.0.100/questions.yml delete mode 100755 charts/streamsets/control-agent/2.0.100/templates/NOTES.txt delete mode 100755 charts/streamsets/control-agent/2.0.100/templates/_helpers.tpl delete mode 100755 charts/streamsets/control-agent/2.0.100/templates/deployment.yaml delete mode 100755 charts/streamsets/control-agent/2.0.100/templates/krb5-secret.yaml delete mode 100755 charts/streamsets/control-agent/2.0.100/templates/rbac.yaml delete mode 100755 charts/streamsets/control-agent/2.0.100/templates/sdc.yaml delete mode 100755 charts/streamsets/control-agent/2.0.100/templates/token-secret.yaml delete mode 100755 charts/streamsets/control-agent/2.0.100/values.yaml delete mode 100644 charts/sysdig/sysdig/1.9.200+up1.9.2/CHANGELOG.md delete mode 100644 charts/sysdig/sysdig/1.9.200+up1.9.2/Chart.yaml delete mode 100644 charts/sysdig/sysdig/1.9.200+up1.9.2/DESIGN.md delete mode 100644 charts/sysdig/sysdig/1.9.200+up1.9.2/OWNERS delete mode 100644 charts/sysdig/sysdig/1.9.200+up1.9.2/README-AWS.md delete mode 100644 charts/sysdig/sysdig/1.9.200+up1.9.2/README.md delete mode 100644 charts/sysdig/sysdig/1.9.200+up1.9.2/app-readme.md delete mode 100644 charts/sysdig/sysdig/1.9.200+up1.9.2/ci/test-values.yaml delete mode 100644 charts/sysdig/sysdig/1.9.200+up1.9.2/questions.yml delete mode 100644 charts/sysdig/sysdig/1.9.200+up1.9.2/scripts/appchecks2helm delete mode 100644 charts/sysdig/sysdig/1.9.200+up1.9.2/templates/NOTES.txt delete mode 100644 charts/sysdig/sysdig/1.9.200+up1.9.2/templates/_helpers.tpl delete mode 100644 charts/sysdig/sysdig/1.9.200+up1.9.2/templates/auditsink.yaml delete mode 100644 charts/sysdig/sysdig/1.9.200+up1.9.2/templates/clusterrole.yaml delete mode 100644 charts/sysdig/sysdig/1.9.200+up1.9.2/templates/clusterrolebinding.yaml delete mode 100644 charts/sysdig/sysdig/1.9.200+up1.9.2/templates/configmap-custom-app-checks.yaml delete mode 100644 charts/sysdig/sysdig/1.9.200+up1.9.2/templates/configmap-image-analyzer.yaml delete mode 100644 charts/sysdig/sysdig/1.9.200+up1.9.2/templates/configmap.yaml delete mode 100644 charts/sysdig/sysdig/1.9.200+up1.9.2/templates/daemonset-image-analyzer.yaml delete mode 100644 charts/sysdig/sysdig/1.9.200+up1.9.2/templates/daemonset.yaml delete mode 100644 charts/sysdig/sysdig/1.9.200+up1.9.2/templates/secrets.yaml delete mode 100644 charts/sysdig/sysdig/1.9.200+up1.9.2/templates/securitycontextconstraint.yaml delete mode 100644 charts/sysdig/sysdig/1.9.200+up1.9.2/templates/service.yaml delete mode 100644 charts/sysdig/sysdig/1.9.200+up1.9.2/templates/serviceaccount.yaml delete mode 100644 charts/sysdig/sysdig/1.9.200+up1.9.2/values.yaml delete mode 100755 charts/sysdig/sysdig/1.9.200/CHANGELOG.md delete mode 100755 charts/sysdig/sysdig/1.9.200/Chart.yaml delete mode 100755 charts/sysdig/sysdig/1.9.200/DESIGN.md delete mode 100755 charts/sysdig/sysdig/1.9.200/OWNERS delete mode 100755 charts/sysdig/sysdig/1.9.200/README-AWS.md delete mode 100755 charts/sysdig/sysdig/1.9.200/README.md delete mode 100755 charts/sysdig/sysdig/1.9.200/app-readme.md delete mode 100755 charts/sysdig/sysdig/1.9.200/ci/test-values.yaml delete mode 100755 charts/sysdig/sysdig/1.9.200/questions.yml delete mode 100755 charts/sysdig/sysdig/1.9.200/scripts/appchecks2helm delete mode 100755 charts/sysdig/sysdig/1.9.200/templates/NOTES.txt delete mode 100755 charts/sysdig/sysdig/1.9.200/templates/_helpers.tpl delete mode 100755 charts/sysdig/sysdig/1.9.200/templates/auditsink.yaml delete mode 100755 charts/sysdig/sysdig/1.9.200/templates/clusterrole.yaml delete mode 100755 charts/sysdig/sysdig/1.9.200/templates/clusterrolebinding.yaml delete mode 100755 charts/sysdig/sysdig/1.9.200/templates/configmap-custom-app-checks.yaml delete mode 100755 charts/sysdig/sysdig/1.9.200/templates/configmap-image-analyzer.yaml delete mode 100755 charts/sysdig/sysdig/1.9.200/templates/configmap.yaml delete mode 100755 charts/sysdig/sysdig/1.9.200/templates/daemonset-image-analyzer.yaml delete mode 100755 charts/sysdig/sysdig/1.9.200/templates/daemonset.yaml delete mode 100755 charts/sysdig/sysdig/1.9.200/templates/secrets.yaml delete mode 100755 charts/sysdig/sysdig/1.9.200/templates/securitycontextconstraint.yaml delete mode 100755 charts/sysdig/sysdig/1.9.200/templates/service.yaml delete mode 100755 charts/sysdig/sysdig/1.9.200/templates/serviceaccount.yaml delete mode 100755 charts/sysdig/sysdig/1.9.200/values.yaml delete mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/.helmignore delete mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/Chart.yaml delete mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/app-readme.md delete mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/questions.yaml delete mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/NOTES.txt delete mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/_helpers.tpl delete mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/bootstrapper/_helpers.tpl delete mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/bootstrapper/clusterrole.yaml delete mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/bootstrapper/clusterrolebinding.yaml delete mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/bootstrapper/deployment.yaml delete mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/bootstrapper/role.yaml delete mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/bootstrapper/rolebinding.yaml delete mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/bootstrapper/secret-entitlement.yaml delete mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/bootstrapper/serviceaccount.yaml delete mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/bootstrapper/uxp-ca-tls-secret.yaml delete mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/bootstrapper/versions-configmap.yaml delete mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/crossplane/NOTES.txt delete mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/crossplane/_helpers.tpl delete mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/crossplane/clusterrole.yaml delete mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/crossplane/clusterrolebinding.yaml delete mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/crossplane/deployment.yaml delete mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/crossplane/rbac-manager-allowed-provider-permissions.yaml delete mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/crossplane/rbac-manager-clusterrole.yaml delete mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/crossplane/rbac-manager-clusterrolebinding.yaml delete mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/crossplane/rbac-manager-deployment.yaml delete mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/crossplane/rbac-manager-managed-clusterroles.yaml delete mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/crossplane/rbac-manager-serviceaccount.yaml delete mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/crossplane/serviceaccount.yaml delete mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/upbound-agent/_helpers.tpl delete mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/upbound-agent/clusterrole.yaml delete mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/upbound-agent/clusterrolebindings-managed.yaml delete mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/upbound-agent/clusterrolebindings.yaml delete mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/upbound-agent/clusterroles-managed.yaml delete mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/upbound-agent/control-plane-token-secret.yaml delete mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/upbound-agent/deployment.yaml delete mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/upbound-agent/role.yaml delete mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/upbound-agent/service.yaml delete mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/upbound-agent/serviceaccount.yaml delete mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/upbound-agent/tls-secret.yaml delete mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/xgql/_helpers.tpl delete mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/xgql/deployment.yaml delete mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/xgql/service.yaml delete mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/xgql/serviceaccount.yaml delete mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/xgql/tls-secret.yaml delete mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/values.yaml delete mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/values.yaml.tmpl delete mode 100755 charts/universal-crossplane/universal-crossplane/1.2.200100/.helmignore delete mode 100755 charts/universal-crossplane/universal-crossplane/1.2.200100/Chart.yaml delete mode 100755 charts/universal-crossplane/universal-crossplane/1.2.200100/app-readme.md delete mode 100755 charts/universal-crossplane/universal-crossplane/1.2.200100/questions.yaml delete mode 100755 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/NOTES.txt delete mode 100755 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/_helpers.tpl delete mode 100755 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/_helpers.tpl delete mode 100755 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/clusterrole.yaml delete mode 100755 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/clusterrolebinding.yaml delete mode 100755 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/deployment.yaml delete mode 100755 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/role.yaml delete mode 100755 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/rolebinding.yaml delete mode 100755 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/secret-entitlement.yaml delete mode 100755 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/serviceaccount.yaml delete mode 100755 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/uxp-ca-tls-secret.yaml delete mode 100755 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/versions-configmap.yaml delete mode 100755 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/NOTES.txt delete mode 100755 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/_helpers.tpl delete mode 100755 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/clusterrole.yaml delete mode 100755 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/clusterrolebinding.yaml delete mode 100755 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/deployment.yaml delete mode 100755 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/rbac-manager-allowed-provider-permissions.yaml delete mode 100755 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/rbac-manager-clusterrole.yaml delete mode 100755 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/rbac-manager-clusterrolebinding.yaml delete mode 100755 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/rbac-manager-deployment.yaml delete mode 100755 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/rbac-manager-managed-clusterroles.yaml delete mode 100755 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/rbac-manager-serviceaccount.yaml delete mode 100755 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/serviceaccount.yaml delete mode 100755 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/_helpers.tpl delete mode 100755 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/clusterrole.yaml delete mode 100755 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/clusterrolebindings-managed.yaml delete mode 100755 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/clusterrolebindings.yaml delete mode 100755 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/clusterroles-managed.yaml delete mode 100755 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/control-plane-token-secret.yaml delete mode 100755 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/deployment.yaml delete mode 100755 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/role.yaml delete mode 100755 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/service.yaml delete mode 100755 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/serviceaccount.yaml delete mode 100755 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/tls-secret.yaml delete mode 100755 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/xgql/_helpers.tpl delete mode 100755 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/xgql/deployment.yaml delete mode 100755 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/xgql/service.yaml delete mode 100755 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/xgql/serviceaccount.yaml delete mode 100755 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/xgql/tls-secret.yaml delete mode 100755 charts/universal-crossplane/universal-crossplane/1.2.200100/values.yaml delete mode 100755 charts/universal-crossplane/universal-crossplane/1.2.200100/values.yaml.tmpl delete mode 100755 index.yaml diff --git a/assets/ambassador/ambassador-6.7.1100+up6.7.11.tgz b/assets/ambassador/ambassador-6.7.1100+up6.7.11.tgz deleted file mode 100644 index e3f55bd0e10178de40a6c71673ec7cfb18894ada..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 53616 zcmV)!K#;#5iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMYacjCCVD1QIuQ|OU?tE&12!Vppw*6FieLLgIx1cOb&x#yQF zY=IqY%Vo(7sjlz-Tar9u2pK9p9K2R{1zW?Gv}bK?L2C#Jff{!A8ai}oaRDv!zuxvK zl}e?9{eAv#sZ>h;TdtNq|5tgxbg=*Vpz^u$`M*l#YPC}PFHm}8I5HoPQ0V?w>D7Iu z2lp3wplxFcsex@$&jFx93QasNs*q9>6%D+nB9|H?18H^OK$qIc%`B!F#4+KbU_%Sl z!BL1+ps9@!=u)UoGV8g>M35lAUWAP~=okueiGl4pn3i+Ual)VFV!2xUlG6}TUBjXL z-4QrLrUg`n!(fD6Z~`fu87_*!lG8EkM5ojt^}W5>Y*rj28uiKG$r&nZZfzOEf@4JX zOgzR##~$YnVcY*NXt!wKu=Ip~ib~oO7kUI`mbHiC zV^rGoCWz=>W@-OhZfU^?_FNV5kp#0hHmL3miz>GEf~NKoQ<728aj}J{jy$qQD5ONY zM{@_e6uG%+fB*-@&&6`NRQhkv5r5|XXfpcCJ~943g{FtdPY?j>`G57GT&t$}f9-Q+ z%m3fw*#ReL1U-`ivHYBO#@JnM2lRA<0D}Ms?vAd$7Dm{$Af-qHBf~_jzzI@K=przM zt^tQ8B7kBrM8JWBAPpEc#bALw7f@t5CZvcIbGaRG1#J(S<^m8zfrTh!Jc9R6bp#|K z7>c=_TnHm?xG40LHnb3DLf2E|x`u}8;KPS>(V!7lxDcxdJljNsBnto)b9PKXKAM1h zZseKfbNV3;R0U-GuSB(+iyYHXVFPHM^Ur%*Q!IKr;yMIv4wxfJiJ40G44(Vi8FlRM-nRk6zT+3q)N*bThdC;*Et7kCkAmnu9h8p8fy-G|G}0nBnj63j^Di|$cTME(lmqBf@TcSkUceAY+J~t zA%Ds30NGZt#a}XZrD^QHpmJ6f67rR(X&t$!m_zoI1IR#X&K=B=iD@1Np@vGp)PPKV zrR0Pc>GqC#-IM!f`{?*<^CU#n@Wa`4w^s*3b14wRp74(ZF-D;yhCPPmS-|$JA#wp8 z0fJO)YXl4togrj{CQ}XBT2bgy!fPL09UpbOM<>_Pz0~aXj-=jw@BFG+2jyC__2pKn z4k`a6n&sF&gN9I%v4d@Ds*12kWjB%zrKR(M9wUEhIDw-UW=qMVdhhiTdoB zphcq90EC~2N|GPOh({LKxdx}YVG6dkOc-{f*!BHVbU+2x>-I{4SWb2)-k z&o$^maF(wB3pB7z(OlpflUCte@ug+6=U}bK>jd(2;ti2&Bc`J;s}`$d&qX8TB3ng! zV`L*2Ql!O-6`*76P0Pjdm%SYaYXKyx=(;d17gX#r7U5tm0L+I=@LAWhkBCf=TL)jh zeEG6^1PtC7R!0j@9Hbf}g9+rt+YM&*NWz{o$HVFC#xhOWT`J70uj0cj=&HS zLuIN=(8dim4V5ziWD_r8w=<=|^=wg*&vJhZ9(tyGFh^fzD28BB15up+;Po9s|T$?LT2eOX*22+kO zF4r8S27fbN_|>qzdGvyjuF04yBj6)@5tZ~D$3%=@L-W+do-5#v;l^40UO6;n>>PmN2HiJYfYfAw4(_or?fKlzQQKrWqjZ`KXQQjf)7fsi-U= zraMyXF6uzT>I89DVV2vAH~my`L~@!vVs=y4-8zxf6?7cK9^c=H zIrUrSmABoch!hwu6OTW{ZsQ&sZhS7QhlHVm9jF_ngm`3xz`PXMDdW?vySE1tx~A z)j{uT*Vi_K_e&cQ{(E7&#J?0&6qwWia7tvToBuWc@0Y`K6)>;0u=oSdg|ZK7mSNuq zY^_v|zGwy<2OqwC{+#?^WA2oQHMHzA+ljxvAG?lv&+wyMz8|`VHb!whe5vFN4Oe~V zjg(e>HJs`G3J?rudazW@G^WT#gxotW9->VKWP0#kZ1}~;?;@xf&ufU$DRS?{T8W*w z#J51Uh0?|U<`Kj?nJ?}+vt1ez`|ctOQ*;kC%|(Qyd!CO*_qJ!KXKY=ps1b z8;`M?7M$P5{6Te4DeZrW&oy-y_kQ#7dg244lzeSI&&PVhtOx!(;qB+nB4}~0%Ki>* zQP33&;BPmE&huQ3Q%pBfbA)vh&alvWd_C#>CKu`qf`*6<9irn<;FoH?P9)?bTRROH zBi;;S{K1D@N{af;ElE0N75UBwVT>aJW;$ZV6OfLN8lm%*#D$iy_?8E=1HKxB+nhI8 zi<|+0sTIgBY$rWH!jo}63T@&gJ8i+nMiAX)c3$B6hK_@5O(=k@J<}jG!&Ebn5cGWB zVr!Qgo)+5|NiVY-?CA&}2TiOon=cy}HlfhuuKBbF&v(QXW~?w#F$mKNTn0Ud=n42P+GjnLWW`v?sUsnAWo4g}FnAU?Rt2+b2@!bQ*` zs4^z)Bzgf%eIG%?^jy@_T|{(jYV2(;lu2*cW^Rg2&+>x`;_E$dtv{pj#mfe zQmJI|pJKnO4h~ACD9SQ`Hs`no=I%}t64K`C!-o&K91{;+WFnPfSIh~; zCUS$BV51`>7y344WYgQku9oUlhUta{viCEP0+d(F(0z$6x|Q^0=viOuGdctd;8F^ZP9 z-qhA%=1$TGjKbYO zBVqe(`0xhb7{Z+3_t{Vy1dLpSI1O>K;p|&jvDl*k0@F~DO%Rx%MKQMnPBD`X0Zx36 znODrB`mu+!F}f$L?LDru?d@og=tB%$u3@-nZ1DZG9kDF~7>#?3IFcRZ#KIpnyAe7w zl|kTp*EjAsQm`?^^oDRN&zJdx3AyA1ygo8s|Cf@qF7Q}6{u-J8;;pHphtCNGpJd6ySW{}bO(XDhCSZp za)Ibj?CKhJn#BPPQD~UahP#6`KHl68P?1etXc~`56CH9Vevtu8P!J#$x|)2IHUTR4 zuM*vGNNy*->%*1NmE#scPO|isVJi2&CYvoLqK#5rhWkc*`zgo2%F@?5-<6L0$_&R> zilM*zmhPmH7+ECPBUKtZ0;S`9Wf)_jQ=N&|$j{A-`_9yH9n^}YqSz2v<5^FVQc}<} z@%DkFhmj&B-a#~$aK9<=n2X<$<`HNvsZBSr$GV6L?gB5|vrqU9MGykh|2QhT$ih=G zqpIhc3ovxKc>+fix!^<8@rPodnG*z{i-2Q76)^=6xdHC61}%?JrrlG|M*ik?T;UOx zccAoG;hR90snia*-otlFV!BVPUM-_qx$=cqTT*raNGLY|B$OY<$8tLnW{EhFBaiC7 z8WN+J2+dXzNyyA#)Ic%7Js}D>XJh7yFAzee81EC>T5iV=1YwIzvG5fmL40^-3ySP5 z9G^RK+cdIjj+)(FfgU2BMc@e2y#$}-J`SJPvNiJv%8C8grtdZfEyJXKAe|6^Dq~|l zeX1Uz*h=xb0A<-kZ0PYF@lFcSiyi+Bv$6_-3qKc|PR_nVYH7}?3x%f3%4AuROeVub z@Jo!>`uw8!951&&O2TXdy$~3t3755N1;J>d18CkS_o!mK%7(3)o`&v+SX)FJf)7U80jP&f|AU3AEoOOTn3sm_%I%q1SQ0R*Sq#ED5Q z!F8TGHNtf!bU=^n+7p^`n$H<+!&hqIRxDzLkV&q^5mDBPuDxH}S*5`jd- zGuIavWeS=qR0STB5m9&2#u5fagVzWrGNSFkDepHa_5q5%idH03wdlJTizZf~S^rWi zmBQK@q>$-{$gKkg3?nF^GIOEKwM78!I9iImAuw{W#g~nrP!d7td@Y{hn37d|G#uihJ zJSj~*g51K`Gc>g4yIBl-yc5&tv&1Pw7ah;yA!bV;iPIP{PlvU%0KY#?n}60%-VE zR=_TR+5^+ssg5iF39ylh2!ZZm_eBQ6J1YA-;0}A7;iLF--(_hIiX z9)~B^M@YmxuXgWOyU(h`6u@X3mi=gueh-HcO|9cqlO^lm?zY*AGn2_OZK11!>DN0Z&WBlF$W6Y z4d$V_LlfGQkVmo-#fblL2*gVY$9~NidkhcwjO%gthd(xZy z@%W~%Z;tw&+y=HRY>S=ykB#;x#-0E79~qPJ&*DEq?d_jTEB@bIFw+fH=Ucu^O8NWn zd=rM*{3q=$@HexQeTEJTpR4de^6f0~LX1%CZ>?S?Al4QJNVpuU$^)x@6G z5ZtzhC&>0ke>te^S5oKyYo+S;{QtW=g|~fj-@g}_5?xe8GKp{#7yS5q2J?j(94wiAJ7jE@Ga9l^bUNCl_=ixP8!Fv}If5J0`5xw;mxQjyeaONoLh^ zU1U>p5uQ+6v(;{crgHREKI)xcx53r*Nwb*CNy01xP;A3z?uG+MLut}&O3Hbod4GNr z+iAZ~@3iNbu&_oe`055Y$`-w85WZDoi(AC9rXt}CqP zzJHHne8%|LFcSMu!nyYSyT3OP&o@yF0_O6d_~S=`@49^d?$0Mkc9l6_%YOaMdyCxf zVV607SAg}LQ9sla^PtE8jQRa?HzMNFKh8@vd4<#c3Pz;nhf)c9bMnLmE~00n#LwTRnf-wHhVacO0L z6MK&0vy@tm-+Y&Tj2!r%tj3QYIRLWQ;fK}CFv7_HlY4Wr=wYTK^XWUk2|VS=U6x%o zktv@E<5p0FT>6wAwx$>|HqF!hep*!3|4(_?-w7Y`Y+);MwpgZlK7#()ypCT+&Kjn zTmZ^UAP7ci1}wu)#0JG%V^|}S{)C$izSS3a5NG^oVc z0S%iV4;|;XHKoN&?fUVEzh#J@{7P03B*x+m#fU$z7{s8#+?6Yzi=|?zSgwC5eJKU5 z0&$Sn;mL`ZjLGK!2u93iqTru40>1=P!jC-Fzm%4wmaosXunTl#I=f)XyJsDAO|CeG zu)r_e!y#T{7x}!$s~n{5 z|IgLZ*8YEw=ll1)U%}L{>O5wR8E}kU{${ahQFT-YzwU7su=i`OId}YIA&H|yJljYy z=a(x4k#x&Eun-mCF|qM{d;!l+90>azP}j3na8Tuc8dldEjf^?S7ox@(V=4$sbMMz& z5Rnn~A(ZHE9yEClTgD7I@WosoiPm{}%KBgfAz+A9$ap8g76O-HZV@qLo|Z^N<^-|w zJf_liqlikaXcRK0|`^QJk#`{T{pXtJPsx$ zW+SGv7lvh47T9Rkx!L3Y_=S(4{@dmY8-p{P4ADwbE{3os-aZ>Z$2Dv^0{Q<-3jden zQ>}@9pMz?v{$8~{+&53*ICFi3Q<&#Z*?mogUV7vYwL(KEQvZ#Py61lxgbB07^A;$92|t?B$ZBV zDid)!F*%vW2sk1nWH;C2dq|^LyRlstaT>!kRD+5`&AVLX%Ez``c%6Lin(D}%83gT$ z44JG+Hg{1VC5MH-;=L?=-;M8vg=K6^*YX9?{re)_FKqa2pC9D&iBG&Kwzx~5R-$S& znR&2;vQb~ZrNE6X(@U^;b;F6oJx?L_>Shw@g0gV^Wi%YkaJs{n((~#TH>2&<^;gq* z@H^t#b;h-$*^C-}nl1PWK_qE~WjBP3BQPT*z-R8pep-w1?Y<0}T1xo4BxzTdNJy&; z7vu}Z$sPHA!gQuha2DvRD54aP`dL3>UNFB>j>g5j_}kBz0)A(l(qy3L|2q%z_xYFW za%pul`=t8XVJyduWUgScSm0BSP%_kSK0e_U`LwD@TNwMvHBU93_y1V(V`Mh+6hfqD zk0)!`V9MMfRO1u%g0b^NfeE!Q6VMaUIRh?CNS3h)<4?jS>nxnk!L;zqb(zj25=VlM z=o=7In`dC;Kcxqr^glhJll;+E-R4iG{m*w3gQGXEzYyRF`+xuQel2DHe=b$ZTl@b# zo)iy^XW5B!z|?IlBKK90t0!<#*27CeHu4-7cxQecKZIzrZN^+YW;N85?1;>hp-v#5 z_9}+jCv==*GJ)vY0Yt#_+B!0=BGLD_oLpJSm!ieheFkS&>sdRKE9yAVr3E}%T_v@$ zsVQ06t_c3r3d4nHdTsTz-uHBK0i?m^bV>ot{<#CrpsN*BtRYRTJh$ea&Tf%B=^G1n z3{VdM$Hkhb(mH^MWE~y$z1etXBexFnF_H8Y4oN;>iK}m7wG!7D<<~@JFpxp~ zJY*Pv>G^qlbp%bS3oDZp6R@p_v476Fqj+WdOnV<-M2e!c) zrC?utk6~+&GFSxL$LJ@~L$o6mraT3p;72a6subuSLAZ332sA=wkeLTGot3ZHq5oH^rF8u7=j#5!R{wvGM?@4d=D$IJX2MTcC=?QA!IEU2R(v}l7W(*N zTOm%>F#t2N2!P)sUkWSgvzWiEk?{i6|NZQezp|0B+>VMZ2iqb`&{Jzu@DrjeHJdOf z0)5cW7(8|zHMcZt$et!7Ps-)bKIaoR5BZoC!F6wFiHSt^w3w*zgt!ZTutD9222(7m zNTfnYdkbQexFQov)JIy}ZBRE7c9muE7X0-`bI`x`vr_(t#}HqCALx4dU*11BNXP#i z92{)@fA8}66dhLpA}OD;L{g`ySAC8j8ZL%t6jaL49H8Tnz0j+85((`6@ zXUgu?fNTZ%PZQ*s64wpy3 zxVn@F{|?I_dm7Pfuy{wO&35np>ZpBm+LUP@p9B? zT+8hqM~9b#z8vSWOhYLK6m35UAVa3JbkP|Io!-$6X&`oyPk7fs@UUX1@yn!nhx|&{ zJ+V>snEVv&^(5XCRY$DbvtI9}8-7XLfDjvi#omaEWA~=e-E%#APvqDpd(A26)CwCEs+yr21u3!CEP3rDJHd59LD z!k5Uu$n4ASC9-u2rA~#%o~@baufWXws~y4w(qkLDJPoyHB45K1*P!_~zvUZJ^QhO% z|J%nPgWtK&zeMkRmc!pp%l`XVGU|Wj9juZ3zvFor-fsVA&HkSVF8%rYf2D(^^Zy42 zwe9);cX^iMe^%V{wK@nWp1C!wwqa#qOgl*u0avg0k}&hpNpN#$S32B^3Mn@%;Fy}qV@tL1kty!@wY_3CHiclk8teo zLi?%9JwJ*8{!Zw^MC8-n$KtP_J{DC%K81DeT{K4XaDRpWx(~QR&bJkq=DFN>@z+nn zobiT)8q^c+U%^lQr@WS-@XMd>T|^vg6BOQ=<{KcYj+p67U2Fz6Qn2&pctg`rcYy`x z%xL+odQd9u0>iRA%Cw+hb4^^KA0#?|9s63L{>*ep{d+kretw%2LDv}TFV=4gtf4Kx z+w!}g$M1X$`#W(vviHu~%%8*>DnQ5BGK(#<_=(C9N3g#QufPtnp<^W3#d=2ZN1SO` z>HiCJ!T<&rJ;$Yj^1k)n6n6T4JaI2*s{Q<^?^fi~GPC-Eoz|u*bUq zTG$@@S7%e*u*ciPUe8GEC74+Z3xcShI6A!`vsXOSIu_q7hILT=e7F>+?7v)_8%jXy zL)d*XK~#3}r9r$pOVl%%+_UmU{q%F-TY0jTC(leZ`BXZ{j7%oWJSG}JoEl?HrVO;JuCe` z;sEoTIDnq;|CFnxQriDhEp78ZzRQ!5|0#CWx9|dqBbC{{pcQ@~eg-oxo?om&FKJ+b zS{pF+g5$I82|~__T&@{ITgvjBAw5w+ic9&63fM_!+A@$ajP3jiU(IFyxKMm>g z&7#bskUrFf3F0z*)#!r@`Bw~BeEuEy=X`j%aL6E^&&qAP6(O&FviW~3RX9Hm^*SlA zp8r=XmCsB2|Fu$e%m3fwNoVxr%N@(r$G-mpO%u;VYKHo6z`ykV$B&%PQ1*TmF={rN zQ!q3rFbMF*=AsCG-SbZ@`^6fNAW*J@{L+PTd0-)E6QE)H0|i6j@8lO581|UQy;3+{ z(O{(xVt4ErBM|~;V+tT3$eJRzz$22w`><@!8X|X>Nt1Mgp{+%TXCW{{KU2A_2)U}F7}AjPrcHy+mwQnz&TOzJ$+`-)!zpa1{<=YO>S{-6IT z#{T(b#VPsd^2{O#t`bPBJ%B?zMfLdlJQKX^+?OA11U?Gv0eP_^dGLGqY6D=44Qx5k zMV~;SoB???fIPM-Ao}_5XHRev)at81U50c&fRv$_Xn%7M{fonWWQ!NvU?B<7n?{zBZdG$%7ZmHoC6@j-q#>2 z@rDmb6||QrMBYnuyoP+Ybi1Y7Ka6fg7L!6oqLO$z5|9^IWfpf4%QUvn0 zgWZzcezI1C&&i*{MwKsk;ME8Ie7%-W?i<(b zcC*pD?_FOu+X;wQA${V!)z3e1{Z;{YuRAumP6%v_N^e7QKZ!*C%ILl>W5*wIdv}B` zFF~01yt+FM>Fdq|zYxJ+h~zIv^h|`=m;&B_3bH8SRn(9{5gD)IhqRaP^?eDxtUl_U z#H#0CtNkW-X!9GPHoH7~<)zsz7hB2uhDQc6H9y>A>AkonIH1@_BCY7Qaouj6pWaK& z?zJp6nkz1Aez~fc>{GgF1mgbux_y6iaw0Xm-OT=yI)Lk_N1Em$LgI5B4yD<>@3xO_ zx@XtDds+Ir++f~M{&O@?iL-Jh@R2WXMTsyg_+5SCqudZ}afTekl*o^1Z_Y6T6Mh@yAM|4}aOm-f^7 zKPsQM_dmYNlac>Jbu|(m0sm-Yn*1_B$ocd$&TcN7IliEX(D8+0Vkw76KH%Lt#*=&< zIGE6=i_~}jgP&(4UkCgp@l+Kd4QUw_X2=-pG+zh#a(*kN{_Ii;q+JZ}x=)wdKHK8@ z7T4bs*JD>#$G7Z29y&%8-{|9e;Gao_oOpy{D|n|No{%ou%!{`3vUl@#L0%wT{*O5) zwk5zV0sfH$_|wm$tw!+ZP+H_5e3f$cGKvA&C*sn~V93}-v|D+BhcDiyWI(GXg0|=U zIjDSyM%YCK{*A}o8Q9)^2I*I~r2nTU{V;?4+6}{(qcM2>c4G<+UWf`WM~9c9#Kvgx z2B?vR9=16s$TK!6mv;~&vB5^JQZu%l6r_wEdUyeC zYT!M;Og>f!x?>XGn=60>2;!CMY9#TZV6H&y-=cx~6;i34uk98zOwUDIccOS!`TySN z>L>m@vHw%5l+*ctYn4)M>;HR?C&gX(%17LVeRZKdM&K6*QhgWvGF(tZK>asRY#AmZ z#ZwaxL7r9H`<0_i-VZtZB`AQXs2l`eZg+D3Oiw2LM}qGi{Qs5xN~N6k|L^Z__kZ8z z$%+O|Yf=zd*zSrl0)D z@j=^LyX|M$Z5cl^Ls&D%CgN1%&7^Y7FBM&Ne^(Ni%+8L|IqjFc6i!x;Fn_0r?uiSBzJCat*9?k&10CelOL!VhI%7u))kJ+4~hV*it09l6uI~*<7+<;+n2>(U?Cl@!{2%gQ4KYhbI7GOW%Dr zplogREGGPZQN5HqFrjN?R#@u!4P31&NX#`bpB@tul4RIRpAwKSS4`aZpE-&tHa!bv z_;Dlf3l7!_hCRYD*Q@KnsW!c6uI$hOwz+76jD+^e#wFb9mlZ8QU2uMQG+n&oSZb!ne(y)^`=wv;=9n&^Y+~P zx%@l#;`lG#Bq!nf#utpG+gV~A8`aHH%re@1?p0)|4%VKA%Mdv}2V13zy!7Tv!!~Fm z+~u^E$*0K3Oo?kINW5on+D)HE3v37)LUV+CN)pa zyQwqBAj@(SZ7(m^@`>lwWmhRJ&pfBiJE$L2KOa5|b+TTs)+}SH*V1gRn9HN9#SSVG!ycQc9qjO}8cJ*ly65fFug%Q71aa8zn%#|{%IINL)2RX2 ztANfzgs`yS{!31SsE>7&^eS$&Cig;eh6?K!j+1HAo-VI%TGl+|At zFEc@l-Cx9|#`WLU)rpB=RtfwLJjX$9upVm`@|WPw)+@ zo;A@+uU9)AL+QKH^$6CvAD;nnCSay9MK&Vj#>GRFY*we#IZfN|frBD;&GO!~w8vfi z_mH)gF3y#TWxXRqmrlU4W*|&$H{J|r*4pCbKqrA&1NGBZ&U*JHNZB^ja`v9CvC_nO zhAV9aj89r$vDsd#w)`e-6|#qT!<$X~VQZ-FEqr3&ZT({Dc`7bV$#WL*X)P+U@xmFf=F%&U(LwHZ^8jMR9&R#doCKUZQb^IVs2(dDLB{+Y& zQdGvTB%&CiQ$i_|D^XdL{mE$%Gx@)THP3vT+<*VI0ssG8sx0My-9Om!|Mz%OtU|1O znyoKg3p5Sb`V}vq!Nn7fxb1nmEtgNaqL$lHvE^VJ*{kO)zAXaPAE)F@MOO785m+8>-*aXSBi}{)vuNBEhG~pCtt{ z`G2%C{3asc$@~xd>HH4|mGV~qf0yTbI{yQLG#UGl>GTOpBv^l(XQz&sJ;`kdDOko>xJ(KZ5n2c$317kxp3?tnqFH@A$g@fwgD~8%JG?|Lza;KuWDWvDZ(a2DPEvc_qg=Q`hExTcq z?CR)PClL&rjOh%fGb=Bk#AWk-U z8h`0XWA-`jmmR!+S|@#-iocoW{WozFXYzkX8@{LicmMO}CI4@A%m3fyN$}g|>I3g|qM9$Jw0_L0LdRy1-*67c0?Y{9z ze*DSi|5yv6Wd*grP8vL^|5sA>f2CBaZSDVed6I|avhp}Yaa@~7fn=?%4A{zmwBz&1 z#32H8itx!~W-G!U_m`Zk&*_#4s<^;f(McsK2g389e>6Qm_sQn}F6Q?F6nL`fS6c#4 z@c;eVK{Xx!SE_9F|95#Z;y>aU#-r%-u|cRCMEvvfSkJqtWz(Z}LXz-%Exs@17LDI} z@jW}a=yR^Z2=M&Rvfa29A+OEF>0f7*yv!({|938ZX_0@VB)`l4n1O`D%meu>hYAg4bC8{8`2e+1`z?mbkSV`WUFr^l9cnbr4n zD(+{K%p2Tm6^0SM(PdVDR-e&Y{r`B0{*NEI zoi}-MJK)?dsDjXekANCGmPvI;1uT?-$QoiCmx38~2?dyYi*q{w%^efFNCO0e5p;{7rz3(AO+gpc zb8JEippSr!kOp7~KbSFK{BZ%tBl@1>nI<>Th+!Efbiqed92bG=8Y(q&JB*PB#XbQQ z+JGOW;s zL!`s0fn6dd)kTEQ0L388HWRF$fe2sn2r)q#a)SVl%?@%cgAikic7Z_!vNHr2VyXkx zM9}3qETFCNR(fB%e0T;08b$)cr^q!%3%*qBvx;pSapKrz=tqz_DiC9ABh6o+07QWy zBf~}lSTSW8fLeIU2+^=P)(b2#+@KGib{H5;?*@F1{fYfJgzOi#feUR_NA3s0h@u}N7FJ~2x!DI6(f3@L7Oj)W!Q#g zJaSwFF8byfE*~2QBg9;>>{J&N096$cvgg?va+w~;ba__DXNCdxp0vA3oE0-8$Z}?w znhISFV3#30a-hrVYBu5O1n*sdBnbXf0Q(*GIQ1r|C}0F3dk8>=z;V&YnD6qgdC&h~ zi1^RFfB0Y)M1g`dJ;CuuYjC1g_<$SrJ<)i06Mi~Ed?;k_x{&P3ReFR~c7*F`riBe)n zOrdfx%s45E&yhW8%Z)AxPAiBHovZJyYWV7#ebm3_02QIxe2FiG^SW`Fip|<}?Uw z2^ijE8wt5bFza%`oA7xRp@ywe0cC(!2ID!zpolXI!G|N+*bktBCc$D-4Ld+^)-BBK z0CBvFAS#63(6BX{aKg^AXODx7S?bByia3vXO-BJV~ws zU5;!~%SDg~q&E>{|B8(5&<=yj%!SVyjG-A(F5sa0U z!JHT_aqVSKErlLev3B7E`o7%g+I%CLUu874LC_?qj6iG-M> zuIGajY=AH}sUgh=mEoT;)+wJ-HWG$u0ewW{&YYHA(FH@S+z$BWF%S^pm#EMtd(hJu%80qx1&FFbc8##=3GA0>18^_}WPn&0b2JbW zB&G+?xdP)Fh-p5&{XnB6jGq)JE-*XIXOdjAWU_F&s>9|@b@ZX zHEC6b3eSv@%yS&co9JQ8z24GUq9-dm&&s@!R?M6+w7t)D*| zOSkDgdkS927M5IkTOP6H5zpii837>h3m0T~W+S%_@<-uBg0FB$^6@fJe)~EY8&vm( zMHO3njFx7Gi_(eX{8}0!s%voHP95Z#x)JN6sWB7A_64)BXhMQYbgp653+?KNeavRF z;*wO>uuAr#+;@B2BTM(<&8a%1qLupIp8u|E2Dd8sFNWTjL|v^P@}5D6=idb8S0|n$ z&N-|F77npT3myrI??6J)6{tV*mEjaIb z?ikfU=>?amKFN zo@osCmY@J(Vxr(vf#FM{q15+`{Lt~P5LNetw=k=>rPgTbYQ1z*(f5_t1FnW_#YJ#C z;KuiNQyqyN5Z@IS=8X*I+}9hx$S@J%&bAr!^EpMWQ4FA_@m*aVMXQx4^?Y3*y+F^< z3bNKHi=eh>TvZ!>8K%E35Kbzt$hF(+5NlM=b^M^H=LeR%+TK!m?r;8(KPw9s2PsBrBFof-Vg#>6&8qkjj!j<}|* zB9|H?Lxp^Mz}H^be?`@ebOwG~Y~t$#`7k1AQaxzTpC`>VrYLr6fuH>}b!P;3`Awl& z2jx=4EvfDzqGMC5gKEGlm)t7PVU;&o68qiRrY}Ch}hO9&2bz=UX~|1)YmcqGT@&y8^QC z#eJYJeeIU$*KWBX$=XHFI6je-3%M%~E;^-_Eb(t8+L)9ty0X$lllDpHc3=)lt!h`k zI3AQtrK=3wzIk!lohTQ)L8U>jd*+34)w(G4CiB^#<6kY-Yz^d|axu_KgX6v|^<|}XAvK%x zo@w6oY-ga9YSTeWzaE}S=d$gzZ6K#Lk zEO(__t*MpGree0FZb>?ZO=Zw;UEsmV1wo1{=ylc(jl{G&YH1*52T<*5dwDXQ)UUn;o zu-n%wcct2~+@}r6Qfsj6+=&J!&CC8oJH2X|cZ0LzhoPdB?-X@kE9v;IRBOXYtJ+hf zwpJ>ClWw)P(o$+lMSti`{NK$_gV zWm4XkEazB}FYKNeSZfZ9 zVP9hN+8>^_>F`Xx?AuODo|KQTo7(Y}qO>} zL50rYDRrbrvwGFMIFV)LRyw)p4o@YwW6@}(I}Vf|mD!!`oODX9UiVgO%CSY_4f2(e zl?Fpt=~S~N<@i`?wof`rYuc%3wj^I1_gWGiRLZkqg*+;X)=(z;x5h*3+pr?l(COjV zLF)o)r9*#}ZQU4DYUjOM^9okx^RJKcLOa#0Uh~3IOu5{9Jg&fI%}}h`RBb9O)4MDQf1!n-0Ci@ zTvYnz#f8%E)V@9{6UAy)m9o^hvrUONs7>b6>*i$9?{})*vVL$^J$_J|rqiwHlGN00 zIvwY1c&cDnxllT#R#lQ)$9Hl~?#Y9eR?;QTp&pKJI+Ke5Z%~p4r@a%U*0$T{!_pyD zN-e3cD5ucI`^s6n**k67a!+e_9`v)uq&Zjm(uG!T4SMp0-bvLJw7jZ;p3Z4{&{V3D zd_L96t<#>|YIi0r>-tQ+lv=GpcS5KAiHS9xb9RnyK9}-e2zVUSH0thw%NSYlyj`e z!;*f}>C&sKTc_HsI9+%t4%~&IYsIgIR-T$40w#p|mS4-0vUK{%LDpY1Rfx^J1BWBIL6W=Xh12WFbE%@7_nQ{TzieXBKx4~lft!Cb(9m6dC$u|oKdfBVf> z8@Oj6Q*G$T6SLn@q}F+pw)#o6q0*7fMn{&8dy@+rR$CZW%(LrTb=Kh;z(7d(j?zBq zOz1$XXtrE2j|U~?xYIwpV1+u5N9AG3ncvCI^_4uZ74!VEePRyU6a7K0v`&Vma(h>j z$d%Q;Z8x2L!Mi49r!70WX3&Xhn&;?NySq{bH_DlG)ow|*R|>9l%NH$qVxB6Nsi>v$ zxpu36lV^_IsSIwFk|W8=pe*<29bZDVzIA)88#pD|u5#pzv7 zlG%S~z?!(7l6l=dxe`b? zxE)`rCl_7GbgqY%&mav63fYW2!g zdeTI<1_r%TOs#y?r&Z-qcY9}(irj2p`$(vps6X4kD$%=cxqSiqhf3#G|JJayhT77n z{fRnfx<_ZyI+o-%V@bz-d2U>tN^|X0xm8UG_iX1tDLE4#Z90|9(&Vv!ix*m@yx*~; zDlE0HRCzGyKIr(mPcD(|v{kcZs6BHI&5Qj(wN>f$6+CEaL_IO9=uCoFr{<%WL-}yV zR%lStFSW_VT$$`wq{&>8Z}m>Qd#K1~4r7E9$<)fd4t|v6+P?ar9Ji~Iep#YtlBJw> z&#o$ii4S3~iEDkUb-_Xw7dW zQ**8r)9WjpQvb~9T%R8HO^tGqASraX|#u6$aW!-{5i6-64HUg%QaDfdrH?sZSUMz_jjV9-ldX?^Wjnk1dh z54zpM+pEWcXb@UuM`|8kbx#zzVYl=_uVur>_LWjGdv{fRHh7eD_}E+^TmRZMCvIQ9 zFxs}dFQ3+$ie*mkD)a`HOww&ix-UcLkDZF*NRtb4RWWb6C#Kx*tCt11#Kt@DLe(c0ZJ{aC8Z%1X&OZ~D9e@?ouadic;b$0eog+_cNbGxRXH=}feKuQ@-x zZkfkY=}=Zp4N8xLncSr(NV({@tNNMTJ-q23;r));uE~lb7DcNLs@>9sE%jTs{nJ`a zvpVxT#dL-hI+q^@CTvOGRY~8!EPYu>r_zH|89ZEBihXz6Zb|*xynotmz_ZDsQ!-1w z+Hf>gDu>sq|}o+jd|aPWlgR3M-vUXwZe+)TN=NUkq=LPt>zcrB~LS!O6MXF$Wl$ zQhCslIs;Rmpzar@<~|N9wS#U&KfOLJ2|YyVOJ}e-nDkEv$HS6#EKLTb&dh;B2=ddIhJ$Z1~crYJj>#jO52UI${xP}#{+CTlWkWY?pwaTE}ozzO5s&d;? zG@-us&GzNja_jn9R^VOlcq&cg>h;N8wcnqV?jFpqs&afikY`iaI=^gJ=4IG2ZPn5| z#g@#@g!VgCt=f|hJ!Nrd_@q}_sAY4|sZ8d>$Gh@fS#diRZP1aW{jPjrU7rr*Ygsz! zmfCPoZcRJ4?UTEiGwnXAQ|(bZxto;rYerQM17Up+P9&pip1a*g=}~Ud4w`6{tE$$7 zwlL!4SSk;{+vHL%4)T!sJDqre!20VRN9pczCQw9*l<4AsS; zalY3$36Fw7liw@7`4K7~ju;r5xNn_wt;ngj+JC#I(#xHDJfEB75; zxgv|q^09%XTa-4vf@#AGm%e`w2IwDM5A$;_JDLBinR(vl$;|)rHfcY@XMO&k@_wzB z&i`4fl(zYQ-sMS)rdaOJ!jB&>$gH=V(d&g7@csk>WGgQIsGUDJ9=mAF5lr$-96%Riv({O#}zo9F3BAio2W1rsqHqyL6J`s{7dAR+yM>ggePzcpaDGXofd@|?1rfv zcw#4t!4Lt%1~9C_fY{CL@N@q>^=@>c&>+C|Y}-${BXa3QnisIJhW;pOEU2!wrO5wa zihO&j;bMoA4|x0+&V3*K|f$ao8|;r=gKy8$50>C>|t<&CWU-rL}#Z z?6I#9g3q_S*5}QBDFfgWm)mBG-ExEX;RYfP^il+0AtDIkzX%d|hd+60Z~s@ABWwe% z@b6p(Pg+LXEPnLs#(c-)$1oEawxgumK2rj(fW*%rM)nAW)LZ66_d-8_2K?DDflPcwsf68}v}FQT*6tB~CjPtx_0 zj+|9foL4b+HN%c87@1vjR=u+8R}3j&jIWu#8UR7z;MW#u4yYXFILbz>unO4R% zO#Y8IaPS0|9&G(QTRrl*dgQZj9mu*c;5o?lC%hVfk>I8l%SOX z|2+u$`||bRg+J@=V)p(YBG{ZF_l+(9dE)-RYN>XRzW<|I-roQEF3(bEO0e>Qc@Vn^ zWb<&C%aFY^{bnS;;cN-Crh7XP60^M#_HQLde7H9X{fJKeE=7-Q5)zWdl_Ln25m3c8 z@yr)te}h+jF2?&EZt?wZjPLPFg*V3g7h`;e)xVS}E`@#k_T$(s$KY>v-Tn4SJ(>ES zuPDD&2-p+)U+wdf{#W~4J=p4h@A14e+kAi`_S2asRu_G7yz<{6I(aK)-_bd-+^mW% z2iwS|^_X}q__&(2;r(aKKHsHKoq#b$1Psvv+Zv!Q)C_Ti0UX_&gHuS+3@*eSe&=F; zE_PbNztWEC2taMh&_M%;wd`L_M0gmR2xRkfyaNqQk%=AT`iXMQw3&oQix_@)c(F#^9#&|(+-GG!G&{kNy9@?68L7Wnal zkHN3IO6AN@d__i=4B@~&L=9vN#KcfLh9*N%_x#3Z;fZ&3kk4p%sa`%yFV5&NxN@oI z!qLc3<6Cc;pR&7O)yk$&5JZ@8J{s`=H^2YX%ghPQtoVW+MaIs|e#NIqf~Jg%^$jlF z!ti~?r3VqhrW@vkqRr4q@vswFqy_16GW!47d)Kzak#%8sf8F^Nwd{G;w6g^Qh~2vO z%=;*UVhd_GDgDgV6iES*B$Y`85XX6b)%y$HU-n*gNKy$P*sbWSZPs3lqxcOjg+WwDA$lj*RtQ=z`fe_vY|yEL4HW-0_$BIa{+p%UxgPeh97AQUH{v} zvltu2O_m%9^q8U;Tzsv4yZp#a+`B6GuF9={&zxKrD~6CB6I8L`09}qPi)YiMjm`K^ zQQQFhWpNg$Bv4AMIG5GG9LPI3>?$@i9@eV&`Lb*X%U;4Fd1 zyx=@1x~*!ttV&&6pAMaP;|1a*ix%6>KwsdsUc}Ink`R-Jm&`0kdmgD5Q6h9oKv!rm z>kL7354xzq>!L=@V?RGSSh&sg`Fd88qwgcGv-60uvNTqhdVdb;e}kK|h4kM?#OMD_ zc?cS_ALIZl>3?=NN&l%z@J|0X@JRIkV{kg@#s?&Q8+>%IABjhhN(FV~ZzpMeRJQ;d z3rP9adM3{Z=eC~Jo8ev3UM*?QU2tp#P#a=A+ByJibI6z_-48iXvJ6`wQ%?sdsKX)3 zuSv^d7{)8+J^+!T1#I=kWY)uXTM=>Bv28<&R9}Cl{rw!20)gIu902h3=e4lv;BhVV z5(k?u-vUh3j6OvA=o`aEHnN8(t?&bLZw*b5_jjQ2k3Ea&KQ~sV-~c&(>W8zztjPb8 zQ};e4>HjD7{r-O=&jR^Bio{D;g)TibG0{|(_7|Ivf)52A9a1z}6wR=z-2J0=rM1SK zvon3a!Z1f3KL8E=F*ZG9fF9D}m>_V9EE{l@DJUC4Ko9k?hZ1Yr0ll#wh>j^?X-)Zf zgdD){3R&S0=m2zQ5>`y4ewbcJmbY9Fr9_31CveRlf#18e>&2{HG4mEnI`aV(xe^YS z;0vpqEtBk^&J0slDC*EnPt%_2rla$;hmx{lI=5WsoSK#eC?2!CiM(^#bO)F|u*bv) zJp>HoBhNM+ij_Je98^GrV;`qP%&{ z9T53rNb=m#kpkQwK7dLeOi@@MFMz0+UXU~|H8l;i!^ILCL5I*bI&^;ag}8#i&oSQo zb8^%V9{?m&j4?1GOk!bjH834O)%aPoLRQv~2|ILB2pVAELB|IUnzHR6tOj{BS1|$s zALYqz&lmW6wrqXxWaym?z4QL(<^AjCGx-rDe?Le6KIiCJ^Ok)7jxS>NqGos8iH}GO znN3%~X7$_`I&{Cb+4B8)rsq-nKR+lx>;SaF{=d8XY3}|vpL@^$u#x8n?f)-m!LJJB zdvlWPs)@bx;LRDwUp#N~pO5BJmZtZP;qMs!irU&E%9@Lfn9{bM&bEou6=+(I9-ud9?m87R9y1g#ub&KFb^pIG}0XXpUBAU=Nm&JLc~*oOnj zw=`%Oz2hPH(L!bH1u>`9Mdy;e-IC)F7KA;BPAyeEjsQ~nuzIC-a$fpYJFJ%Kmxskt_$>e|)58Is%@}Pxw&VrfF6u8a zTW8S>!%-!uMb~sJ$Ul~PBI> zSeu*#pJnn$#8R;zo7(vz=xL?nO8r|?J6{g6Ma>sMZ1H!CP+o4mZhDe~z5J*B1@L(M zTuA91rjGXsv;#&J=pa;bld}G}A{m zk$*@%2_ZRSiG9dJyb>=KE^}Ud`(fE{l{N5Pdi$Rwy}jLpSxGOGhJ+X3lH$dC%Bp0_ zs;wG!&{iUmlTchMmr;Gr%H;u|pUz3A4))OVji@*L*Y#&;h~ zhsXiFv1u8mGXO5sM{s~hTKNDPLz4uF00|&NWLaQf;a(VOume0~vGQq56p?<1j-h-2 zj;QJjKDr+2n|H|I!3zJ_PJ;`_ngQ&vmUK$MMINwB2c?ztas6A}#~xBXfFibS?0{CW z4h+*HN_t@W8TMa3eI?zy_cH9i!4JbhhW;n`lT4gU)KL%Wqp=J6riF;|OPWkw<(G61 zj+9^0zU?Z%{9ok*XhF}!V*)D2C8DH7WqT!U8VF|icOJe~(i5U%17(zpcCDn<{|*E~ zI{(Gf!`eyd{Nf~S8_zn%y1Ht4K<)eec!DqWr>1;mz`2c(kQJ>EzA#owwBm{c1l&EhQ{*dWexRKU)YTt^`lmMs^_Q7Z z2(kUe09!I8Hlw|jGg_nzJTjMXGM}G5nZk=r=941f=Ay7f=okyM1mNIl=>4x_&qKN& z+I#sLA}ul+ZSUzz-+kt#rv%MC0At5Ogn&77H}=GD{jp`SRAyn~bdvydM-Q&)TQfkA zzmo{(6pI)WCR$k*=%Mg_!T{Kr_w!1FN*^4S>a1_>+r>NOKnbHlgWPCXS}!6y0Q*Da zO-+Ix|1{D(qunSxX*c*m%|ACL29w#PlPUAW*9VM~eU;`^#m3k|(RfeM{(bD4I>~rr zhcZ2RTH8Q}4nyT0#bT##4#plb7|si$3+T-li;X6l{|>0-UJ7bC`S>1V=VxDVYKB4@ zwh&XVxl$n@K>1AaYQn|_k}zWlTYq$o*_T@55^k3y6za1RiVz!R9?Q5gMHx7Oro{xa zeuDRgV?)=S!_s)ih7o3Vr@ef2u>pMSTG+ya86d8Qpg}Q{_#QMJpG515n`ap6>)6qe z>yykBdm{@&gJfLH|C92u%lb_5K2uVknQbsJAw!sM@L8RGRg6CBGOH`UqoAPo6ZxO_7w$*+cKaVfLMl@pyIiuCx}fjC5E9l4p$CkeGVz1!p$Su1 zz3}{fBp5iD<@2Y|;}J6p9IeQ9cnbG8NnC~axo78);rL4^U2^;vVhMYkxUC-lg^24O zr-EhkF1+*M_dt|>235u;*g~F?0#!Id5n@WT!N=gDUXS`*irWk6Ad1mI-XO5 z%Tj^&yXgQ1&9v0xpGE^i3UF){FtsWA=)` zo@kgv$1Jc{x`s+i09<_vs7#T4siR#;XPHLGPA#-7(6!77au6Yx9`2zo69BuE1Dev0 zfq*Ega>UL!g+Jqs+=3$wv_#vRTj~pmPla^$)0#7Qesm2^CZ(ZO=(-dW4a6!@&|!TX zsE$;b64=bIlIZ~-6C~kGc2A}rGP~D~fo>t_j9pG9D7!~@NFV!*BcnSP=`1Zy)K_6i zU)s@Ok+l~W$^^K`W3mX{aeB~16`!I72|+SWXJu~9B*Lg$3SU*GAldw*AMaDv6Mmah zk|!VbOw06V9DqV=0o_O4Bf24(kmdQn$K&zI$P>@TCIjhYf+8o(Qb75kI3O~8V(uz{ zN~2O=>+r(QFLyAO7=;qUzuc*y+>Id|gL$dW5RauhkkO9LXUk=A0iZMye%@o7WZ}9Vp+}{><8^7Y+X&2vQ#I3DbTMbNp$$<7A#W?9^l>z9Egk+zR`bf7qw4ej(rZs^JXLezu0c^Dpbg@I#n{eq%Okjzn zKR4rxb8|cen47eiY%oNT(@#hy#61ESli(YPza4P4MY7o(w~^`iagc&I z6NLo?-d_uGBD?!tIFa4mUIPq!FDM|cvkiMMhX(3;UYj2t8Q}x!2vKZW3y^zV%xl|lpiV74f zz(akg^8yf&oVv@Up1{;rWV;w_E0xdcNFRHqKVuHK%=c`;H1|J!-z@h(NeK3N9Sko# z|J7G8{wEm_8XB0y_huod5zIg0ey+!=Zgv-Y(sg5f5g$`6Ig-)|@zZ*ZJt2S zq>>9sgJa}+NN3q`qhTb>*jsNyp8rDb&@fQMW(e|`$s#DL1}c|ifsG^FsYoO{g9JOE zZkzsa;k<6?d$OC89mHIuu-j*ilbQt5*k9)l_S#xh6Df)+Rv z1Y<3j;100i2mwM*3T@#qvP#59=_L1}Djdr(2rY|WlLtzT%n#QRvWR42pge@G%irw-Zn9yuG~B1uiN(09x1?5Q>J0 zF@t`f5!U4n&;__W@GoxFO)Clj5l$7cpS%z*~mt_4j;k}S)x=TWkv z!5$p@Xt8wJ_xM{$yv(g9c;wSLN~xLzh3;i6#wU<_sS3v#C3F4X2`4VU>M{q7bQ+{m zl-$JXbbnQUXaD&1v)T>sQmKSCKui${^$*0n5Wv`_B#8J-d5jjb*6GNnvve^U_j4UP z4$={G)C67eQCHlfGjb*K5JHuCUASfVm?`mLo}HZq?5j(qLfy9l_Rx*yy4FF;r`2@S zBtU(M?NC`rApbF%Tw>3M7Vz-ckBC-wJ-p7*Jr0}1tc(l}Qak#wN?X%^WTjU5$6IC7 z*`SpwwaTq(CC19e#>y%Rr_vSM_3#8SfAoVz!~qB1k%1wZB9b3mZiM?6b*%fFMG z9j0PQvXJCh!fqEUR1q`AIwDJ4u#-*?lCK5r=mR+N5FF8OguB0@NF7~zk>w$jhqybt zaL7>8Y8qUMdjo-R^S)xygao=3(&BP-(FA_^rG|a<%P*kP7kzT;V^o@l(Y;(uas>_s zQ1^u=hl7xTjGfRgOZY5s7*P5X+#55!$Hs=)H`#r0ibq%EVb+Ywi)%&^I)k_)He z57CUN2m=fEddLW|(nIVfOUfupyJcxayJ>KWr)WY2?pW2NJYN;pIQ+kq^godha;KS{DI4%1A zf@W#nB1q8LUG*JjD}omWdF}BO*kj8#T`RnSBTLjiNoQtn=E58g zs7lH=zlZ%HNDu@HLDT=4h#USOOnA*vB)zOF>BC*YfeH9X5CUIiRXG+8zQSLqX`6&@wh=~hOO6x)m^r)ZLsM7>C|RV`RfmLbLFvxL6oHa= zHM|qa5CSNMIQWI|q;X;nVl6cr+Z&Q2}&OXE}_G5x(y`%j<# z-lu(`cjmaC@nV!SWID!1|3~DI0%OXHn*J1et>yTg_`*JyG~UYwZfrSzp}llMvUml@ zJ|;S}c;qVm@9E{?4xoIXE4}Lqca(H6!tQrWPmLNcogPES03BFJ!VnX`hWsh^M#59n za7dt&hz|2hXT!XdPcQ0?ZF*LAVM zll6tuW;U890a2w&Y0!9g%{`Xso^}Dg(#@q}n7!DtBGWI~%0pOOw0st{(&2Hnl(vlz zabCS0%`yMv1?Hm0xhFTyMva$YMA^KH`~amcSbH^UzYHCg4<0toK88zFq+Ph;{7+}VmB$6FnZs!%N%K8~mXfp&b}&qe4wDLoNxImG z{|b9!O5Ih}6!ubTK~=Z^4yjQ7M?P}?my23Ms~j~OmD=;BfLW3MDVrsjqv0zMWb zh4ZjuG(i@2O=qAehn5AXm3Pu6hXD8cpvwsx z?)e2BLgsxL*tqv31G!1>1;!hZtD46fmRGf?+tz#Wqzf9=CTYyzO+!HFph z+CEjBmH5C+2N;u~1U=e5WKl^I8r|}4`kjNk$RpAJDjcD{X+3lDzt!|Vx0{`#|7w2k zo&Im)IW3)6zcotr#KK7xaSKgFH_e)?EF{8B1c&P(6UEA_@UeMDzpnn$JLMXg*pp?$J!&!ceS@!t6etG2N7{^_9*~km)OdG{%^An{t;x z$^8a02AX6X%KQJt*%XC>>zR(<2S3wq9PCH^>;Tug2L^X~`T1Y;W0sX0S_HAb`ewL{ zMN^j-6ixj=`A>U9aX;mPu3>u2bzuQsbd~?~@mL=&dbeO$2{y_i1X;de%W(iaJTOZ) z{VG7{?Z5#ya8Ti|WRkEAQmIj%u=_6LrJy$eTd9+xH3 zL|?EZe^d|=`G^|l|2o$Gr6}EQSH}*)7E*rV>Y#^Q%<=#PmMO4Imk3(SyK*lwp3$M$ z(19NTH*+#An6u;_#y;^q=u)jl&KCE$SHQM>@r@k?g0B&*!j!175U+^7Me$%?sVW|g zBx(|D2ML=&P`;O~;nG7)MYWY$|LLXDrR+s~H%VgO= zrLB1CMns@xI}t1?Ff>F41vw9)Ka9nNGj7?nXDRVR_aK2CjJNq#z@4Ocg=mix7!mch z(43l*^P}=bG+6pcE?w|#UFQ2HoM@!(q8SPEhO{Zcev4LtuS4uwIISoZcGNsXr+^$o zB=-_tISYqk!CjEd0{=LY=8O0m>-zVPA7X!R1A@3an`IJTI7>kf+Q>(qFiq&tNu)6} z_@#~PuO&PY7K5lFeHc4wV);a}HPMcj6D)4ru`Gc5!1PJtIvw+Zc+6UI2(+Z*P~7n* zbVQ1U#lbO^8vWq*Belo{XK_nrpki)2rZb=oMPiyR5m%`q>d+H5DG!gik*Ly_*B*tO zK!?W`$yB8u^GYK)^ob>rXBA;P#+~ru@Iju3JtCs5aFCZh;UMKLTJk&&Kp#Nho3<2p z1ud4~f_v`Ko)=9m>cMn4@exOY%Hr&V62#GbUCiyFz_G)0n3rF|tJR1Sg4w~ji|k`D zoV}>mmm@2M0r7>ME@>f+can|~yNh~#N6wzvWw}AR@{y(k^Nb!OE zUwkQjY*~29AjsoVBQhCF-y+dWVS$~?ZpvJ4hsg9oq8~b%Jb=rfJy`pB0LM{bob{W% z#`6$f)4u2^%0ucqp6_b(I?raN`k*{;mxUlZb$888zL4WJ2FO7kJJlThX@}_m4;aHw z^LvvTd$G~yVKbvpI0n`A)`#U%ILZQY0+Mpsqz%GygK!K5-L(O^796=(&T?Ri_bbAx7Lg8!x+%N2dBZaP(*HI_G);z6G$OJqV93CZWIX z^8mVGExnfm<~$swu#DxyK1f-vc$5&!-yAOj6o>9>JrAJ!=U*?3jf>!DVQ3sd3p)BE zJNN)9mjD`u$I?1us?V4M2YfX9B003{;fZNP!Nmla{`N~RX312$TU)OT$2!wdHKwC= zBBT5erz+t-%O6NzLgXsgSh56#6FgS*1k!z>x$dCL> zX1pUjbDW5=kv-aFKhHILe)eaB_!y6wS#NTZ+{0V4P&>((6(kRf8A4xrISZ${F@DY9 zxR%@)O-_Pik+n?1@vS_YhT{k!ckRJqa5VeLn*bK>6**6ikn8gRx5%ExLNhJozqnkq zK{y&g-q`PhV=>TY!u+#oa1`YwlXB6DY;+d#LSM~*3%%S5L06c5U-Dsa^bzrYfIbR1 zGUugBR%!@LkZ1O1Nn2T$qqsJhMot|?TyK-hwokzlnjosSjaUeC*k9mh&u!3z$d)<*w6hj&t;08l`q*uP|@VPEuICyTUx7aZT}L+Ss* z>aNcUQ3;MdT;Gha0FFK!JmIJLuSseXA_EOi$$pO;?CvZ;21(veY|`m@88 z!Es3fhes#32#)ni?c}_)5}YhATf(u^;DP#PU!+Zn=e7Ew6>d%tcd>D}&b5p@IZ5zI zX4-mfkuf>djR`)HXWF{pTo;ZDOAu}L*&rOF96f6{li?_(ZhTv)$es;4R7Ci=E;!eK z;~PLlG1ZNX!Y;Z*wa4|b{{b8Z6(Zj#8ivmX&-EjP)|XDMA=&`m2uQ7xX|*V5)1b~B zZn-0QHl5wy(5=@dMy;3HKw|;3mOK;1@-72bCinJRAKfqo+zeg z@-*6S=Gh>>4s)b^heIxj#l9`i?7xxKES_q21MV;!jy!Q)5s%k3bUuLE*zO@Ok!3E- zfcJ);2hh#GJRk)e1=2i0pDA88Gd8lZH;ZEWM0g&_i2USl;-UN+Z1EXw9sIeayW_2c zt*ol5_SVi8U&7YG)}E?X&8@$7wt_`O-{umZ=J}^FA%NR^k`=1fm|UHeg^AakVr<%d zTld!jj^5ZgBu#?6tpl+2`Sa(`Ti{uRp%@%xUh_CiBfHr`SSB1PUKO;j0mm>6@hWIO z4USRuv{!gI99ahNOV6B`78;-u(IIyw+!B$WKMK{Q`1ttM;X~vdHCHH3_OTCu>SE(H zoFBnv^_h67p!Fsf+QSo#`)^P$+?3qoBhNM+hUX_9)X^pKOonCHF&6W1363io$1qZk z?aHgb?DP7bFN&%ggkv%n`#O^=${F2*ICj%Fp=I8qBm;j0tF4Llo!qh(Hzg9y3wa1W&gS{)+`&X%3+2Tz+S2)YI? z?fa!yvv7r=n^#{0j_yk8$O32>T==(d8H}6M3*&I?L(>|2s4?^q8DeXptMdaW^RIv( zeD+oWxl#QZ8s?J@_S)wH}LH=k^m ze=r=^%H1O-SAUb)dKNqnpnERStCtK!O3IIw%hhstDG(bgmyFYRchq1U?id$7n*8Mres-?~map<<~A23BL_A zVQMzCShAChfpwA*<$~!SV;ec##FlxT#9W(#qh;#IA?OR5rCC1gCk9|kwE;v=X;89V zf5x-)1Zm1m2O!!#$5%O+hiOPgX8+Qu1WeB z=rkOdp`{`$SM^#U!(yr%#>b~be>?y!8SIgOW{8@v{cIeLPl*N)kH;>F>L+HullN>ac# z|7@~Qg#<_J^6VYo;?hbtIXRJtoqrxNnR%GL_OnSo6Vw)5TZW9|V_2K;?P24F<;Q_Z zd~deCC?1F7rH5~k?sq}h(aTQyNzVrJa>22Wi4HB(8LXNAn%x)DZ4Pb=2{^@`d5;|* zS}bMrq3H8}Qj%knWAjBPP z{5JLhbaNZ>$Bn@e-aRiI;oYmlvG5vjM80S0tNkgK!7(ga3x+NPqPG`c#-mf+$S5LD z+_6c#F_U4A#>QY}sf7nd1C6i|=&@G78(VK6)lBT!Y}_!mCdeacxOM0YPe_w}9)@|gv2T;ZF-&NYKItFQeCFn5FvNPw1klW+84_w#&CF9^y69ChrF zv9(%`l<=|0n!GI>l%H3@M*+u`o>EDCj05x4aWFpBE?-s3(6cY=Cp8C0;v)Tr;3$<| zh&!xo{@Ea(v9U3>o`m=hVc~Ore_%rgic0m8W?g0dg1(3CsG9r>E@sJ8H<-5&+sGfH zF)7`-*z=LMNX(m?+aRA=0!QY0 zGlAB^d;k^k5wkYv7)tPwB?K#uX+Fa&P{j?0}Z9ssK#0Ad~$61(v+=$np_IQFkXC0X9Whyxse z(YS|F(GSm)2U3nhy7bV*MALPyXr%j@!2LT2OcK2S9osH;kmHksAmu`et34k0XZQ;o zAcxXZDP+Py$l$)I7QsJGOgBg$6L1u3tnx*t7nMPa`PnxTP_>WF8B{~zzdG`;aiJ0WPSj#xxT~+ ze*}()lyogT)l2Y^)4I2Hs^7r5mf@H@1uNnBR!;RBIM)J>&MlK{;#_2 z-(f7*Z)q~oUv`DeMJ6>s4)UOnj2()aCQrwf-zxwE&YnT8T_27kG)uzK^~?!{;Rwy% z;kW{hF7_7KJ|7Z9G0GrCzXuL4V!;ZGbLb(1$AWDB&+SbG!)`!8_e50N)D z2@^yKfM8(Z9<+jr`K&AGx|Yc^TcHW^X2~%(>DSC4ww~wXDmY39mxD5@#Q6Jxjn4 zC_P2!Lkkan|H$&$9b_`lb<+dnO9=)|oME%b==|Hv_P^-fA=~w5JAiKy3zK)SFUFJx zTsGB>xr%c*dai!Rlj*IM8bIXT6VccbIwjx+JXdF7bI5xY&*ulweRSiV2gDK_pQ1Vi zCB>t!7vxY8XFLiwjMrM=$_DPgkkS@Sbz>?bd_);sHn~cu3H~qupIKX*o9bp%MCF%X zY8Q>t!7smnDjXp|#-e0G=wxd|$q9WZV-I|t^I-Xz zL=!WJAfdop9*4u5pBUz z@Bq_MD2OA^N1$`oD+F#}ARRfr#|nVNB8Y8lAd4-HePltpfC*Au=t09A*l9&Mng!9@ z!sA?Lu0gT|8qC1l?t|(0~UIdRV$H8<8 z&HxdG%En_y=Wbx8KND~-YR7~^*d$s?H0kns-lHy&3SGh&# zuzuL}B=P}vIC%P|NBoQp*~Z2y1F~MDjzVd#9$jsXk;527EhJ zEIB;E4)@Z$Ijo+?^#F#mK`sMvwsbspEr#(t{Xx8vsEJrA9fsur;sjrGMev3|!7f`G zNzb5d(N~s4G#S#8sHkSxHwBY8L>#f_EBx_6nAsdb&oYrGCSnBKh%GBZ)}X?TkAXLK zD7S#X!A{D<*r)w?Y*g37L$hc4%#^}Pn*kKoHe+Alv2U3U0uXfPDvWiRa^wW;fv~l5 zhfa=OHuBSoqA1;NmjXlymUW;25bZH2O4W=YUqw)}N2nYwHqxw3z!pX!nWX%HW#)>Q zLTGD|K1)H@%uKTB?B~n}7aPG$L;;}GB%7ktgJSz!EkHV30K!Uo2jKJP&!3mCU}^C> z;v$`y{VZ$te2ZDWl4aHS_zUA( z>ioILvrU$om#hMUjvXDjKFM&e!i!jFG&e?LIig>)d%p)|yS_=%pY z;NJicbZ$E1yXXhNqM8nXMi20zGmE|)yRL;;5m=9K)75WrPqmx22`YtloKu$NuqRdOnhudNo9@^%jUrt z)ki7~ZHLE~@~tr^AL0Z;|a}mME?- zu-bbwm-E1olnQz{Uz#SZC}LMk$49)7JKd3mVB7&7vJtzmV8s%dqQHsayva?ZkdNB4 zOC%~K_3#7YhurpxNG2cvs z3e`7M#efcQ@RToYm9wdjqXgL9_8DotQ7+R=gO568WO(-4Y8%nLmIg_sC@UVJ*{|&Ee%%TG`Fj^YZ@@CeGCwq?$_fZ}xymBW@(vS| zb?gvqA>}6^e+g2lDKvdx&r*SE^?w-AM(5raSN;WqfphK?8%mw3=2GrQ-M=HpW!tT5Q7UAv)y<+auvnpvsYl z;D~+`STbaWbm`%sc1(11JY?euCwOcYX&?^F*D;%ASQud8jMhIX6oT97V8I2x;Kft^ z<(C@v(J#MH_BRed1)vida)#V062D8s0CJv1DH}otGIoILp$XT;C8#k|LwJGFL%_xc z#V8}KC@H`!F8L5pePO@=Q%Z>qMj-2w*0d8?FMyA1ml>sUgQbq{5Kp205srW<64?M(}VUPADNUMh^CUi653|O~Z;ZK88JVh+B zv4?a>>A6^8XmO!X2q(BBjBY(-@nhwnX$;T=45_s5ARQ3`J(HPS=*}6z=I-*%rNRaK zr=a|y+yH}1eB2K%7Z>)(2>$l#lELV6$qS=2r@$z>JSTLyXyh- zcIzrBP&V(70c?}djWqz7&!rfqqGT+y4^4}ccuGVm@zx=sTfj5RlbC`Kbt0L|>1+j1 zmQn3Sz>V46lZ?jFl~Blb$dF2>4yTZikg<(eagCHHsNDr0*~JL`iJr=CGG!P2aa)Pm zHYtxa%zj__?>r?tzbSy<8VF-qc(r!`{usjL-X)2-=VuKMowWM&4(j2J@Bu z#^)zq@jn2FAz|<%M_%!pP>3l9$VcowjG@4uFR+9Xd4A%hm5%eaN8>vrj3~c zZBwT*@(@!tP{UL1MM4QN?gN5+KM>~_v*g`UvN)Q-6Gs>{TjQ^~K5EU7l zz?^!<3&sg$nt7xF%N!wYTVv)pme!u0IRkozylYH)wV`A75us9A*Y!|}!KW+Ppc#xP zBGE~4go*>4{z7MY06wbQM?pbCpJ2uydg7$ zWC4N%m@4Vuaz17GW|?2;avWzCU722Wt0KdKq~FI>a4y>iE?zOoKG=^XHiHB3K;fK9 zDF8s%Y$1;@+g9{#W|CC^7@3Z7AnY*;5ZfZDC_q4uqmaBPv6*yd*v3#daL`<0j{kV67EKW!A>{=ffs(FQHrqL_cz+}J2ARh}6GA7dvcw7P+{7!jlk?KI+F`X+zdS5PbJq}OTa&=rEM#~t3dyJvi0W)8 zZo6XQocL5&il!mS;ip#^#9N#%WG{-|a?| zi2E5Pg3{)nSckO9WjyXB*Oc{u4Et$lDIM<;J#PvFi197fH8Hi7YA?eO{CV2 z4n0M=^kTAWfyu5C^{2u)r^f{A&=>Z~KgK3AUIzUzcbPlxyU)@m1@}*BP+8n>q^dCg z#i(-wBjWrlxKcC#bY@I9{MrOPK)p(R3IO-Ub9Y(V#x2(-uTdNbDk~6fvDqcZUi`vL6j=ZL)tt zhxxgL&0`TLW@uFi2&FXXV4|lN^+q?mRgPp=DKAEJeJUhR`X%#sVxnFIbAF|*v%3<0 zXMp8?2okr?^J$p6!3~!3AMelq&_^;DXr=SgVZD_0UF&(rP*qjk+uddVuc~VD|J8h9 z_dl|`>fY|Bz1*kVr~gp1`J9^j51>BpG!{Q&Do6f@`om)-7xy=LK70TNJ~ZG#%<#bI z&QHZtDoM9WTD@{n6Q3zcQ``|t->1NuI$wCT`(cPIJ3aJmOKGt*JB(IZcp&v9d4w!b zyfQrt_k;_3h7n34zb&2~)=o<27bj`k5SQ@pRBpjDfBwHUDvk4Jr2?zYzq+d?&i`&U zpMO99n|M~7`u8*QZ~jQ{*XTUlPC%nQyS&!r^kYcP?N zn8>k<9iE_^Lr40p^pk3WV$Q>_H!;xGPZX-*lwLdHsh* z5SIfP-y#A_m|cNEA3-up`8YKuNV?8p7ZVJMRFP)p@x#l?bF9;(Xppj@>zdAhWQ0d! zB1u3j3@+}a7>_%Za3B^%DtX>;PezIr1H?=tBV#M8-OLZSZ7msItsBL$?5+w zHuX`8K_>GdOQ+x<-A~bhQsUBxVu<9N#kv!b1%|=HoY?x4$sU3z2*@lhKYJ)N-i%$z zbC}-`QJkzeeXJ-glbAf_>FX7p9Nl7XRlveB>>K;oGoeK?13q+0;6P>@xRgpr4(G)8 z#%#i52Vjp!!m`*52J@#l#w8|0H?qtEt7d@Z+78F?F}TG+@EEr3v19tP9WY@KV8hm} z7(alY*#Lz8%C~^P85o-XP?TTd(Z?bpfyBL_0?Q}vgKRpxN9RC^HuByLS3mqn@}F*I z)NINnZc1_@dyX+y$$!~=HX;8NvY)c=^4}(&_gLunSm^gy=)Ywww1`)ILKyV320_n- zKr{bgI&wN_n1+@+gz3a^d^;~a+&8%=*a5{+-?UNijyofU@zjZEYOpw#dU+%@SQ@Sj z62Z#+StnGPKe0gN;7NojC!(icdoqh7rq_#?o{N?S%VVWqo3Xt=Yds11FPFlEY*_wN zvvc;pLQZ|R|8L~^5KFuzNe+jX6>!3BXG$3J64hfn0CG7qMF}fk1oT3Q3>tNxN=pOA zvHY1!2{+;__MJ++_LDgO1s3O)3fys?hZ3wj|M|Vd`TvxCKmVI~q<9~GGy|VFMS)SQ zBYhnNe!U;>f2SvL{`XQt7jB&Y&z=85c6aan{BPn}>liDKQwdC!1=C?cWbr7(*IwQG zv+7Bl|IaBNH;@V)TAzU!tUUj7{y(4g)c5nhk>`<OLf&)90jth`E}P{4dxcN$=YJ#5Bj=xCLX4+N*AR*9A@K|_bE#j_@A|?Ued6ao zn@brG+1Me-e?Bc>CI8ROo&S8{{r-0&&-e0w%u?w!SunDqaHOdt|DEgq&7Q>h&!;@= znXP~8=>N(1pS?n1_x=2D;(3h!2MNsHt$+W%PvZRVrlOrq@r;l^E&!}L|7xKycm8wg z`}yC*6Kyvu9m(W}!MS-||VE|2=;Gc{Zu%x&T~t{`1+S{9nlLzMub% zJbb4a*B`@gME6YBCp^1kP!10uXM$(nu=CAB#KjIlAA^5<8$!ph(6&g28~gEKh@gQy z@^SkB8pg-1^D#`-dH<;rwxd9!Y;AK2q$mKG?l>$?!+USaJTd**X3HQ#SX`|2Oh{ z_(!H^I+-3MLq#FT2Pvc|#ipixJFaNIZvFHT=mwzwXP6!p<-yiZe;ysyPrubKnp&~+ zRsH?1EwH@>e#;nWl5xhC1#-XrGYkItPvA}su)U>x1u5D?(B~HT9XvdMKLOH*7;Kdf z8;9oytPtbjftUJsJK#+gtwv0Nt5B$o>obr8F)s*(AfRGwHOV zd;nyKEQ<%i^5F1ab!^+%Nt2->QVc}X$%OB=6opOcr$0r^+=$i;X{q?7h1LS{; z{U&|9tte(6`~wU;uzUNf=BblId0m<~BK0=Q1vi{%M{BAP-_f!7Ur+50l zi6@mxDRKdUxwHV2tRjjC@B|o&jeKZ8A0CAD1pXLfAEgAYD1mLq^-$luI{*O^Wt6bM zfM}v52M@;*Zs*I!ipKcv5*0xK9T9o!y36JSU6({aI1bI_E9d4R*D`fTctl=&JeHh0 zGPozE005CL)fQj5gRp#;=uw&teXLmLiSFYDxG1(e_$7d5u%$sKJPs(Tb;tTUP}93< zHT)*rl6Y6)#w5m!ZHfpe405{2VURqx%t0)+QFq4&U`tJBx8fm>$Yv#ZvZ`7&-+9jC z&*Su8H&Y@c_eXpIR@(n_3Hd*l&A-e4n|VGUXL6u?0N{}%@j|_ie^k5p_N94LY9BU= zr&NCbHX8R3D`m2_=kQY3gVzSi|Dfmb^FKtEoiZKM{~-x*)%h>v=k)(i@ArS3c^(tL z4t17=Z-J!ao0f$<@uzV2r{_OKX2eJKoDjuQU%;_H#GZN2>vWAilbCopUrA~CxE{8U zhWZD*_!UpCuzZZL43;!R*kh0_j1@0d$hdcl^gyIs2#n}XGX%m?FueBWuJNos|G6J_ z16+0f)xBJT|Eu}zd;IT4o=5!ubk86QT>oBs#_!K_K98S&|2f?MR-OM(^Y)*;y?6h= z%{&WCFagV@o3B&t{JgIE=k;t+YZ_+_^XOP>oi*#t&e@e(ZffkE>K8}ZvwE|3ua#=Y zS1s4MQfr!a+PbgbmTzjM!fx&MtaQ~Z6gxTp4xad~c5mgYrL&{vb?xM;sU6)kv-M8i zIO$}qQp+l9T1h*)Xb-;JSjHE4QoV23L#W+bg+|%9=$+KY&1<6qPihy9mgb>S_7Cma zt-(<%-?(;Qnrc4L*X-W$ z%@^I)rmbe#YL7-2)8Xf z`;s?0#_`pp?%?}c-a4wDo=s~_?F(uQ3iY~wRkK@K-L4VTY|Yv>nP|=0SSughHLT(B zmuzdMTdi6B`iRsmumj#tkc$WH@8RaD|5eb?j| z`BJyaEv?inR7>THdi#vrv|aV$xK^mD<%*u$uh(Y2+d8SJSJ&l9YwDV{lft>)YGr$+ ztK3yny=yfGYU5s0>!rI&RV~z!-MTo>ma?6u-|DHIqmG&_UNy^QL)El)(>?EH-7|RF zxowQfn%2B4Hk;*A(KZ~dd3JQA?iPA#LA_|5T{m)P7mdb|4Q~fo-QGWGo@DQ}QnuMH zS>=mnpS3(rI_j>!b30^5Dr?xp!JqtF7Af z#wph?PWB5%X&*Q5J8rF9YxmlBP;cKIX`{PByR2!&+sOYvi(DI;FFG$3An6>$2LsE#LL7jajYe-|M%BYPB@PSE^fY z*_PI98mBPVYS&xMLg%!6d82klol&9OxWa{+t=~7*>`nVb^Yqs6=;pp$?&XFZqvQ{( z?dhb}INUFqoYra0La9=!m7A7!rj4xQtCm*gG*bN{=;jE`=ICaeJ9evznyuZNTkVgkS}S%=_U{`f zXJ+qYe{#`k-NUkWY_zOtvr*Y?9p4ms*M?oo4zfkNbyv-m+gHt@-^?DVomLt5?BVo$ z=2y=1<$9~x$u;gfo%(U-OJ_99U7Q$=M($?TJlUVYT*tYxTf=7Q>aLfob#7XyA9)ui#zpPd>Tf;hPG*7VCv;E_C$-RXoGHY8$yI0pod34+PqvaU6UWw$YO}|jjx>o1@Xjrt* zX6@s$t({n-npLax)P4V=+0i<;N6w9-<@As7qj^`kxvk}jR;^MSb!zC^^{Q=uw|71C8&-32b$?a3%AfsVjQqXMb;m@d zU9Xuxy06{d6l&$e?76C0T9K&Qi95S$Rdze4wV{4enKo^sc$Gc;(rFfm;b@lDHtM~W zf$NQ zpTB7K(AP^t%D?0B?RIFkPU!!v#!a>|(M~G6jh3a| zy7Kw=Np9&vz|#I<4i;ZsE!2yG}!c^?U0Q*=J_cvTE&iA*;8w)1qB2ppzkP zj)$sD(%2(G`sd`=c(m8Ea>nB=OKiO}#OGd79+o`lh`=?h~x2@k_P3qT!Y&Cn7 zZ9CfaO}0F`8R>=Uai`Wk)ux7Jw2k9h7L7i8t(K8%pPW_Nr$_bbm3!N1x4h=5Hr5-J zU5XEl9G)5Z8g7-ft1Go|(NK+MyQF68_gbmfXx-LsTM)Hx)OPFa_DZdFY9+T`Z`S^3 zpO)@WX@9KevQBaId1f>^=8e_5YM1sW=(=pTEUW!Rold{x3itYH?fjxyD;jDCR&US# zs9v|ugT3wD>$6Vd=>95KhK;g*r6SZnZV@^S$FTtlJjWo2u72 zbZ0khU%P5(H?Y|$^sdkTXqUA~_4=sYRNaa0T;0{})~VLivh9X(-6>_;uzY4-w91nk zyHl+uWoC@X1O_m+3KC%zPqoVw8+KD@VE}!4DHS#6fsnxG*g^qnztv0U;RcqL~D4*T*8fPc)x|FTA?{4+- z*-*EPFOA04q*glng4)>}Ir*m8|rFV1HU^H`+rLQ zpHKAnbkH<9B)=|n?sU*JZ5xVbgP;D4ef}2(0=rh94owSzO1b_k@DMaW$^(|^An-3> z;K+M3#UM{#{I#|CSMb|!bAzxi%|7`0Rr>DN|I7SSYv|4oGR$v*-+z~VP9vw$<=sZ# ze5AX_UJ@`v{`NX;*7;_!6Ya8geN#~k>>%*p%lvE=#h%RX!?KS#*isIK-0?-N@vV4K ztyUV}jw|KzUrB)R2`4`TCIJNbJG`O+^O*HbXCOJvs?2HD?1OR^o39(N4fFj?oV9P^&k{KdskW5hNU=cKHF`xkp>(G*y#5)E(q{A^m z!Jj4pqEp#58Cj3aC!F=urx6S;N=2CtfFS4&&?U0s=SX(LcDWn2s4)S9d9z9q9`eQx zFJ8_=@sj@4GPGk$`S3x4>R$@oJZKn8k(<8fivlSdY!##R{r~KJdvhDPk@)}q6!_7p zlARK%hh^)c+}@TWdlTJyZIz@=ephjd0%t%H(ac~Dz=-Ci^4+h{c+3+sLrSK--kE=F z5$^`N(cS1ro{4u3`J}+yyoQC)L7Isr8fS=cx}b_S7C}2OUcZX3$p7(Bm~?@U7Wx;y z4*u`x@Tltle{wR!|J%)1Hg%@tlOzdb0?G|^W<+9VrIQKC;wxjJ`-aSELM3HMNm{FA zhJj??VtKG+?CuN&JRF;(15e6^$~a9c$zrtNmmgAX+pV)2o*_(x6An$D%UWJLCowLx znNY3VSnrtd1z3^=nr84WA(EPtl*>zJGi5`sVE$^uxuww`YiiR0rjneLA~6aRQY61XB}8I3}sACH{v;^E|Ea zr-T{1yKi3SX_=mA&qyJEtd_i^LY6M0;$$l~PNB$m;oyjdIvXUkWhqHsUtaw6#dWYG zvGX|%iB?*{W)voas7`UOYrBlR#VMiJmlrNUB})mHl$5+z-6<=$dX~o9Qxmdb5!AUd zdG*cdAR!WZcsADxHcnEVyv}9m#|dKK|1kll55k4bHXE?yo^S~n$`=X!#q|b?NHvU3 z-HvD?2~Ti@z-M9~LM6m_jW|*LqAV%&VB9Kn7I~V?*_lhwx}ehHkIS%r09Zh0nPgn( z{QC!jF2tT=Qt+OIphHT%-~g!6k`RtZU9%EwDXD@Lhk3Hdv+UUU8f`{ zo%WCj%8AiBt214t7JeKFJ?1+dnZDec;#n$iVSYD@JmO zB?@qYmMjVphH6A1Aa@6BQtOx{CZo)yW*xatoB$sL!&&s$i*8J zk|4sI2(((#U|Gs`Zqki7x}D-R!cuB<)ub9Iza~x-gnq(nM5tU6t|*8jZEyI+106hDqky^o{OgCX0953SfR_V0#5 z`+_%EuPMwijWSNAF$+l^v9aE?>6p_bh_aA0B8QJYA%|Ki=91#5Ufeb$(h0Grv$bsM zxpL}mmP8PQIZ5^;g3CzVQi|NWXFs_lYgGfTBt>}ZG|SFMHD4HYasJtM^-U}-vsUU> z(U+Q~ST3g~Bun4jO*xaSTAL(UT%Tuy^C&qrm8vRA-rx$&PRCi=1 zrYxBf&KYl|K!01V5f$nn00sGHCZu8)X(GS>euJ|cu&{<)sN;xuw^Y)YuuM+tM8n^m zjB1rX(`~&yZK`8#6PAoi6sw(~s{G^x#v}uQuu-4ZOEXr~zx7hReQ9yO_I2uibmZ;_ z1%&U=|D2p0*YrPw{ojthLI1P0{-=r=yHf$3!^l@=2A$BL6S6VztoBS{pAqGT)?Qu2zfrv5T0j+_EpLCC6i>;W!{-TR12 zln@dM0344sir^W`q>;o;?{GbEIOcE8&B&8}$|pz!(wBc9^atf7e_8!OAz4em4IKFN zui@+D|3h-0GA{80BEhut|3}9s)%@?rho^@_{>Pns1OLA@|6jn2-Ld{}$o(Y@TH*TL z?=^-$pJs*EcLk5g=8xPwJS@H|hbLck(d8{1R|>oiov)$A?P`hTEwB@}OSZZNr01^1VTKYC?NclMUtiwLAP%8w*po~K2Z=z35rPt?STUQ!L6cHrsng>Xb>6)p>Yrz;cFEd9nN-}5tOeT zKYpP>F8j*lGIP1K?!&pRW3F8aTR=F`C}Yd)m0P;SQJ`)xg=`zVf@wEF|2vq+jw7Ts z(Xz8m##^3~dSr(Ja$zH%-+!kc!FxS?n&qe55nLT7pA`YMJ6X5k}XB%Q7q#gn6#? zph^ndlTfr>u`UKF^MNfI|EH<_UuXaM^VPfmLNZGubsOsEduL#1IgRQ$wp;};E3iAI z>985(sR-?bLIwKy>fL0o2D7#UpC>+PD5`+FVl!zPq8TZIiiC|FwW5L-87dR_`Rbh= zT>aN^W*QP^7FD~09^-ov%Wol+;Fu? zoKj$rQ@kJuS_w45Q8YG}*GOZ3y)llWdIzRaWddc|JwYqX6*8P5OWg9|3@;jFz-?f@ zAlxLSL374r%4s6&1f=<->Eo17q_Ma#_9I<(<#a`!9dp#2ih=;QWDEeJXN$URpQv9hxL(3h2AuIe-Y=7!_^}EwD~QRZ z)?#(YRYf(dToQh;S~58OIJ!fx&wqMrv{ek@OtKhD8sI2eqZlV30WS&qos5JI+*@VV zTYYP^%bBb>E{Tml zIxfQmRJJyGl7Yyfx6O=#?#NnGPoh_hb@n;*j0hkAYP1l1H5=>LgJG%b=M#kfhh>%wE2t-o$8fF^LP8jZX#bb-xTwZq7YV3P5 z&Y?aQavc#AFis}-N0WCfz|jXF1y=-Kv;(5!bmFA&^kiDy{tIFnPX6U&<$vE=zZZo5 zWW2#vWRDZXQkp2XPm&O9CS8txk)G)aS@_kg#N|16|t55`n0M z^{n80%s@I&JT9!_HqU@~i{_N58fzU(5TbZsjj__h zr1}!qMgEXwDjQ3xx3ps9?BOjy!mj3UWXyl=Ohzko<$nkVp3q-_JO_FM;Q&jZ_+b%(z*`qlSW!z z;7eP;bYoD`5fep3O4rsSsVw_HJD)?yXE<$9RD5SPU`NjsRqyuGv z-wKNe%5OfqCN?)Sogj40V2MI6XRp}zUfDKkMWdQ8@0ZHd9EtW`a*c8X}YMo_@c*o@%kGaWb^7(9A0rS8m*c}_CFI{V!3=IYH9>O9oDXO z)30<*i;1}fz$Sa8xc(sHjWFxFv2ozLh)@f(5J2pTgp@bkae0NtE6^3QOjcii?bmU| zmNbNnHwqM}!#5oDc~^h%^PVFnD*^;$PLmMLGY$m5^zd9pVoS2V`&~)9nSY(Hes4de zN&?6=!7bCRHYh)GfzsEl+j^A8T0?TPB&A;`_H1KByk`=AdC>Co&^;HYE5qSQG>?!QGP*@vXpzJLf(mp2p&HC8 zKvkjY|2or4j zzfp=Q2Oj`IlSM>IWrmwBcB6Wr0x9_3<4BQ0g@_3vktU36UZdpuXtiWQ(>bkMpaPBV z$a=J2JEfzGWR!a}l+LB2uPlkyXar@WO^N?Dw{2I@m790h)oT=8NG&u={RRZe8RHZ) zV{(aZWh6|dG~*j1BXPTtt~W}PsSUf+cvf0ZN`R-rs|f9A84#Ubj3(1Ljank&_f11ij_`))E_8!yZLG6t~e0oRL z+wCD`1pTh~4*h&zCmt(1Iw2>p|51Z#MRl;lVx5npk0U*dg@b5NURLlDQk|TRhor3! z$CB0*o&JZFlG$bJn#)zSyGp^x(z8li%6RL#o1L8Azpnjc^}9dND5`m(jp4@mSrC5d ztYyx%t%2l23!Mx0kn?_T3B$qQe#QboN{69gCaGR&}xL< zCRvPP%iOM~JE@B9DlE_?3 zT^tBp#Agw)uioIWgoRdM9iSAL|lMzvDop!xeB}R|h>r`DNv@u+C(crrH`xU`qRpuWf zIL3WXf|4ZjgLDl{O?6_;ll?ilOW3NaUKykJEU7zGeo%L4<1y|x(ZOe^`Rnxm$+;nG zC%kbi;LiBJhn4*Q$0sjNUk?61yZ8qGpRN6W+Aw2x0l{*a@~xSLCoZtRV$F%AWo4S& zIoB3{%|{F>=AXI8&&5Bh!TDuyei@u!a-Be%^Ggfb`Qi%~6kN7VQPtHPcUU4E$PD=C zB^D^rZxu#sB9}O+#Ukz%O?ZexRru^LQe1N5yF~nXk<`NyWWtC-8&CG)>M0+Rl9HX9&`SNibI?(2@VP0 z)Gw*qDOr1oP7UJw-9FnLwkmyzlqJF&F8`ez9lfZ^e}^wlhWDSHe1rVAwfyHW;}JtZ!)PXav*x3nyG3izW!1irZlu)1 zW&V3-AELlB>Q3G$>88j^e(p%r9Nanzt*`PQD$O5VxHd@}Dw4JNwI){E15lBvW7o-! zB0ih>d4z2{%R$l}B<(@c?k8y*jOrG%iv+`uTSyB`Q}EH}p-)=!GqYJadgg-gy`US$V}+t2*o5=;)II$???ZbAoO|; zxrmpIlr_S zk-+i$???a0iG^e=5)(?~e8TwRU@7D1fX{=|;}?fdgE{(Dmh;|3S}iEdn@BsmZYH0OVZ9$R`rqmb11!-(>P44c7-RCPxofYITR89n^)} zLH1Dt0%vkL4RkP!}bzaQX&>AwzA9Yl9l4`F~%b7f&r^o0)@{W*q{ti-3y;(2XBFK&{ z?eLT?>7pqfZ-+9slj~?m@~l(&PiYtt(6X{jPU|Pb4+q;p`D{!hIwz{Tt@@I<_M+fj zw;6N0xwATAv|&KNNvLyZv_!r0F@@w)$^`MU@Te9<7uNcL>wn)-otx>OnUE$yrbGg- zg{3i)COY^_;sWDPlaUceD^)SZTr6>fu&Cd3h||SVwOu`KhDHy6-N|9MU0cXKd<;N* z5D*p0;>G5H@nRyEEF6IUAmB4j7qmxk>H&zGKR@^43%FbE3Kl-_StnfYT8KUyIg=rTBj{qEY70 z3`R4N)}(vZ5{OD+Q-BMI?S?qZl2CG*rVu4&g=^7R{1DnkNP+k($TmW*Q64|foZJbz z(&4m)&Sb9jMq5fVpiaR_ZEYTUQ3-YLW@}_Xm@7`SCWMq0w4t~%W1)vJuf-cm$SR+R zYS-AT+v>z@{}i^>Q>S5goBmxjv+2?dw962Hx#?I^I(fVfOAGW0sXfmBoLY@XF|op) zs&J4-m?nD<3O@f&!4fl&f1Uk9i}xP4_OJx+fH{01KaT|D=pBK0OF2L%zKmF%7Bo;L@2Ka&cx@+SG*qR>9IU5VIu{dkZWex{ z&XLL3qt22!D+c*js966^EX`nl1#|WRGpG|N?#!-a% zf|PNE+SK%gQ_OoM_d%@9=((7dkJHm#l6o>K(@@u62<3 z4Zy6MEy$;h+qCG&8|JsQO7D)46h{r}=GHu1b~L|;;KL$o<+*vwl(ShgEpBV)-TtUC zNy-)o@Y-4as2=~!S(b{|Hjzy+0Z+Z!1YMxJgst`=31dV))ltGLhxg~Vs!UXI9{EfQ z;klEd+?!ALth5@FwaVmvh*g|KD?GWPxoK8JGm{c$`4| z)i{eJO(Oy(G{Vhu9|`7ShsTT)3vlg2ydry{;R2-&?>Rx&gqR@EG3Ix|Xa}t6Qi1}o zQH1ja0^scgOjuYlS+H7$75%lTh}yRa;BRbx^vVl~aIo(HoJmYlTwu`K zGK+CC<^+czv;teA6-l7{c6q76hOTjoTiFBuiYr_HhQ*jBKk2ML5K;P`a3!r;85Zmg zO>!XBEBJ=TI29;_rUE@vTMj#}HqwO)*YdDc;%KaY4ki+6R{0UpORVKZ^V1K8!|4o1 zI0@>O{jCoRjNQ?#QW&=JnVr0zPYcwmv6PJjyGPr${5jg-ebY0gS(l9!T4`gBO4OPu z6I41=&Std9DPxSlxnqe%)AQXJ#dr~s`^KV(U?J^$=B6vrV$+n?;)|mWRiJM##s)Zj zkG_5r=*^qx>YK7bTHVz5E&Ge>_O^PEWtog9;nR>v(wLsq3sZ&7UVgL$j7uz+HlJQ> z5~)EhizP{HS`bh&7%iOb6r^pF()qT;{?=|c|13EPNJtW&!%Y**rtQ=F0|Kf~$tS!C zUv66U10d9O8q3{+PtS5A#POLac!&AljPUg|#T>^({>Ftumj}%0#hbJmHGPItLs^YR zzavuA*1kAA+ThGI`+2@NtZEC?Z^sS4y=eIDwBfh^=#95h-y1&9Husu1xJ z+iwsO&G*NGeEwUc1^SH&rEd`UEr5vGJ?Zk0_!bJAA7X#Mijr^eqGSdtZ9k4Zyz8C}B| zfsW^xMj3BXAB_$GgY2rx{HM&q{P6ZH3y z>u21e{Ylh<5;Y=HN3ufepV=p0VSg7*-k5mMkBCh< z(3-`!n#<4_T_iY=^uC_y>MBbTAGsOgm<-?Je%nyq zxpgaFtyZ`oH6!jimGV>jmls210xgWB9HazeHI5haG|+&p0m zYcm|;7Y=Okz!rPi;#M5%4rJI!Q2f}2He$HX!F=9CuPbucdQG*bpD!GLAI#1-uv660 z`KI@E@`JoD0{3;>t^2C!)}uWcZsR`m>wIKueuwJy==2+5_$yy0|1X2|p&{Tq`2Sa@ zN2j&?U#|`a{(l$W!2fT}{}(Z1cbtD7NVUTA=LI!xzcAAZpP!dJB8Q*P#KYSc<}+~h z16MzA_5HZ|9Iv|h`3jlvV;Iu5!kh>XbJ)Ov4XXC?lE1L3eFzde1c|K``Gdr65|?#% z5#BZm+R+gdqkMn;aPj|tdiyNO?ub}s&(F|x#!0l+1jSGrML`m@w?`AXxA%Rskz|wT z&v=K2A>)dyBzqf2zG-vE+R*lVV{O5&Qu2Q!i&e(uZ%TF0E&oTt1egD8^8fK^E&un? z@ryzJ-^Dk`|J%#|1)&qq|K;gXRsKIc9_)X2@(uF;_VRxP zGj^y0&?7h7{+0{tx`6VmtNMUa>0{~yO0)9m1c zh6Z8(YZLYx-Rs((^l=anA*Pbuk!GR2WA~jAJBuvE+djn-AMBV9A8sDqozrAGb?3CzhC#a4J%q*sRh1K75Ji z)J09EG@KqC|Hq7O+=174A>_2-WxH7^5Yfd_3Q5vh$uBg$tHt#mBSmCG)-$jULITHW z)F4*3Mu3Mq$qx>nb%}|Izj;HBld!I2=xXPM|Hh^Qc;O2g_*g2f=68C1P)a|2>o4`6 z=c~&9DQCd!J|Nsr?dy>LkB(1YmgWDWlUJulgZ#gXZzuBmE~IgDa9hOiVnkdJ$@dVtIPhYAs^H(pS=%w|_4WrYshpKZ-u;G2LG0O1XdiI6x> z3q8GFkU~dF!1)|nhD#06lJ>wtxuP~mUDYOifyib~-aIq35W@SRfBpMGME6T0&o}US z=zp$pdxV>yi~b)TzN*mwSEsLD4)lK)-?v8p^Mkufg{&c!=Wg&OqFI<)Gx-dP%?Cm{ zd^`9&^q-S^s?O4*$N^pS|K;&fmHwZc91rw=7vHx=|LwtjL^(hU#4e$ol?HO=xKkY9 zWL}a3=6##pmzv#oH-qb7k}k0*PFBas{uRm|S7tYxu2Z+u&6g?9n+{j0|Etn}7k23p zH9(#G|8bT7e|da3#DCt&_s!7%JYLwB2*Xw)Q2A6eeONLs-{%925sxY~%eC-XTr`m* zvoU>?&EGf?8@{c-BK?0{t$+S?^8YW7EA;>P)#+gWx0CNFq(d**z$~-bBw+D@qS*(* z5_370L`cOhK6wgRyv`tso69OM(40m(Q+hxTem^!AOzJ3s;oy^}<~eRgkm`wq2xpST zSkeGT(RzY@U>p$~EX(2I_gzCfoCNzGnjlHy6l|*w;HQJ%!)UHPm@Cc*3YH|eBjM!9 zlcyVgPo5$Tip^U-;UoqiF-{jW*=lS6`xZk(J9A0sy%Pue$8kt`a{(tQGbQT&UQtfI zbH|~2Q9eniU#2FfoZPKV$hlc`=h`qQ<_x4l7Nkp(9W4Q3o?4Mi0hXi*5 z?C5e^M6m_HOlvZZF-;_<3E{%tnXXL3Nt^bW`_YxDb7y`t(;Az*dQ6jmLtf^u`c5s- zf3Tke)^Gi|w?GH|KY4Ld<^NBPUJd@=JNewEpDFY~=T~pgPdLE~IJr;8=pO4#dBC=d zi4N@%TE6`ZopXXEQSB77Tebtd)@FSLlfSp&f}m@OgF6)HhT0ZZ4G8hv&#&I>iSI{G z>h?p<4#csv#x(B?jTC;3a{hi)Ud5=sj5`8mLuL&>5|VDQf;-b}Pv~r~V3ew81)>6F zi4k!~_~^?4kzzHa^D{Im?#g$%A#CIul16L|Y2iKl8DbK%i=e8mPnEH>plTS`+rp2fX}~XbmIiX~Xh0Grk(WRg z!LQ^;versbat&^GIrK(`0P5xh{YchG*BRA-sjF&(Y|}BiBWvTzhcaQU<%^xY!4gj% ziZiyuW`rp$5}5bG>Z&uTFX}oa0iDx^Wl4r`nnvrw?1hD1+vM9PUc>>sQ+7E&Nh#T3@=ZXFOTTm380X*pdl?uyi68PScu#>cRV4n`(WTLBz7~ z+(mS|VRs}c9%EIE@^Seo*g=7d@tk?O?8{qShGtsaw`H?8?>30@R dUz*DrzTq3b;rsf&{|f*B|Ns1uq%#0W1prAz(yssj diff --git a/assets/ambassador/ambassador-6.7.1100.tgz b/assets/ambassador/ambassador-6.7.1100.tgz deleted file mode 100755 index 4a1ec9bacfb946c63b25f7c32f5a4a9a82a65198..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 53609 zcmV)pK%2iGiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMYacjCCVD1QIuQ|OU?tE&12!Vppw*6FieLLgIx1cOb&x#yQF zY=IqY%Vo(7sjlz-Tar9u2pK9p9K2R{1zWTBtgXGFHH3sf4ZC{{9lEr*fR_1RZ~K%= zrP9IvKL58=Dy9D|S3V#7S9!m5P}x7I?pLe-RVr7jmC}EK(i@K>^YI9U?thhD-B)^Y ze~|~;Hl~mo*e3NH04k)=#N(n0DK$~izkiwbaqS#n+I%b{dlscrow>O*3iep5hKG}G3hRT{-TgI^97?C{_ zk8#nl$GHhw%&@DGdaeMVV}LQFXa*PTSJZa_X#R+D1%T`+UgRuj*c2Kza(Pu`LBp&A z3%V1J{67nhVUeI50AguI=0Y>3$h8+y(UG~Z?f)0FTQqQ3dcr?NCGCj|J%TdJ+C%X% zDs6fbM078+wEr!)v|$8$u8R0fg4G)vRQHBO6=aV!2!@<^E{w`RhM1`agxHhsaN00PE?0^`Km7qd+tZ*S#5qP$V2uT(ID(2*vfPAz7`P|4e&FAz( z9H@$s@xKz)axQXALxm0O*|ZL-ISnEU+g(KKU<6Hqa>07f4ATV2X3NQ!gCar;E`r(u z++YoS+>FE)I6vGQns~TpK|+zc7w*9xYf}7QG|Vyo6Wh>pD*7i5oY??^p+^=&JP#HK zxopxZG|d=u{Xl@KBXx2w28nFV!G=v)$tg4q4N?RQ%HU{*-HBn3fr?!hsnlE)b8HYy z{16k?>VUc)V||>{)`R}p;xxsQK#yXgLX)-Q5%&Kx>>7`3eC7?-j{MKa&Fz5L8nb41 z6P5WqhX`l};a%rq9}^=I+XH}Q*pk>pQU?|G0?wlsHTD8g*HF1QRRDD1pgNF{;Ep)} z0C4>ub^a^htE%JqzbSObhz4JQ--JvJ(|F{PTKEM{kqgHt_NfjIO3&-pLKb!xZ`F0q z!P<#IT#t)o$DYQT1K)qJtqW0twZG$cuL(3_-;XrSV6~tb12kk$4Hw%MvS~j9h6N`!A@RRfU9fC2CqnE-L1bJ>>&rLu$?)%z=qX9tNR?O2E{BOnjx}gcs@d zj(Xjb`)2#-_-ped1k~`u*>$&92SRcw5W}AEj|4G7p(6%8hUHnn_N*at0UiN@RBUSm z3=y3nWP>IX4cT5%=u*OKA6*?Eb-PC=*V4Vz?DmeN-hJ==aa8+}mVFS#t-XBAH2q)6fdD|brX8p&sf#d*K9c*g;;22FY z5wwBl0BCCf%?-MCB;7N)cXHhi22(Ea0wx?HlO#K(I)FAfKVf}9)5J60y^8ITG4@=x zyhQI>F1G6YCt%y?B6^7y5*h{X0>a@U%^-zDefCVyBGGCv zgq!P=`}3RZZbk+&wL};E%?+fwz$K3q9ju+-XkeS7xqvmst-`h9Tgz6@!CH~m3Ha&68zR?6Oh#c^Emp~%i$=&rwu<(~$VM)t zNQ)IKK*!jdmW$;tdpi!+f|01A>%z2LP_fHMgoCwUVE(uSopn9?h{y!Fb@1iOmoKYl zz{VSc>S*JMgH&T=FowK%yUDDcN!WAdd^mpHxW?2l(HJ!uFZKCDz(RMx5g0;Zs7#az z+PJ}{p>iUCY~m&Kb|y5qo^1<$&2ZUqT0tdO4L70L_o>~MI+bVJ>*>iZO zdk)qLK|2Ni9c#lME0a(02)GCmEW{5j5dI7Tut!b9Mj99*6VHmFxNKtzR2Q)o2E#>A z1wg{YAfjW>)Bv{q9UG!}SqQKlNxA0h!6>v7taT3F7)mC4RWE&=AE!_ zc_9YogVs5vr8=^KiQtr%_G~s`M*B7Gb2i3DQIKJR69IS~a%j&tN%3}J1J;em=R#tuR&Rap3y`?~`j2eOX*22+MG&et5I z27fbJ_|>qzdGvyzuE~fiL*OHO5tZ~D$3%=?L-W+do!3TTf&(7{Dc+6g!JGzG%f-FQR;=`nPvdA=c6{JH!dQ`rlPWhnCwWg zyQl*Vs}sacg;{1V-t<$&5y@#b3A$?t8Kh;ngywWiXd6+cMul19^_I!Mfgy+Dv0< z#BeOEc_t!zJ5)!7n2svmbK>AqUu_aH18bP?A^TDXUrM=1NxAV~`7hZx92ZlpVzUl< zjhpbTjWr|+S4;8IY#DE&cH@1LSf~5@)#YA;mz(t(FCFz7yxn2-uAt)>_W1rrtf}8J zFITBlD&ed6C=wr@9tA7S6xumOt_{te3r8bE^&yOXA&7I&qtVE)xh%E(uE8Op9&hLT z#+SiBf`oFN4}hJwe0Y0txxnY5LllB2(tLA3LpotBmyO!Mc7lhBW_(5(8}lxwU?a@P z3~Rz5Old%KXfeG2kHWHo)-8`l;Dr!T#wH#LT_8doU_sj$Aws#x=})JN(548)#IG13 zVH{Gl@tpe96uN_jU8akS@Xy#KP8Pt@P{eA~!S6YrEEfue;LrGZPuwV74hl>RTdRZK z*RC&Z2Je>+BK-G4cZq)~s3=gW0pOU(KsWzu{@*Vj&s9LY){e!WcrN69P_qpCJ|JtQ za`Z(r;5hj3<@4v{2OD#vM697@o7qnM_5Ij&)O!XWZ{>Q_g4(TaHa=K)l6fGY(&VtgAlP!|PV zu>t;ZV`x0jUY`Tkw2CTw%rv6BV$o^uWY1m^Eg(pX8k^V?k`C-ut;DVvp0Y$;h;H#I~nRFup!a{(uG3DcDI(cAL zAi-&hXviQjEEX~t7pMHwv+(RMa3sj(G~}3g!PMj~W!1)uNPUqohXL8qSe2Y_01ky! zid@UEIRc)#P(?S$H8{9pTVn)=iG7XG*yq~_4GpQ#O}`Ep(M`ZUxX1|26J)|g&?2ZZ zBJCu40Ze=!LBsT1)YDx=bZlzuZ7$?VZ`fvTicQb*QPBT!#kR_S<6!M8H+&0vKl7c~>1AluB1d4utK+3Rlu)tGsN^aShDPohBrt&BccgA96Xy9=gaxD#fl?6N*jb z1}njK2L?Ko|JlJN9xu8MgOmog33Z_nZe=7s`sx<%Mdc1g%R)^GwI>KU{*T-axCyrt zTsv$?*bO-B6}AnUR_=2`AJMStar2chuVkDxGgShUn6pj+`|T$Vn@{2m?Lo&VTH20J zYb-HDT@r_f|u6IcWVH1`Y(VUH$0B=+V_bseVeB$dF(-3>Gn zy5EKmZ}5#rm=p9qdz1zNBNri#LmX{5`4(C%_9%eBG*o001SV)v%>+K8?g?vqkIQU(I~pYV5JQ(s7%mzc{5)+(9LoTP;~qnfWJfu%@kh;W1kOxk z5b)mhl{*d;Yz{HGAw0_Sc|KuGF1Y}?ox~E@k(>~*=bS&BOT_t-I4=tkE*OB1c0$?Y zG(j91M6{4g8B~yxBJ3&(>dqR`V63rdVBvnX(uyjX$7XBoT zn%%fS$k)ubSQtVkb3G(PKSp~kNX5BPz}8*t(b(x?*n2T23WP6wi&dcGXlUy2_iX-b zXg4kz8S^?HXN(4{2S$(W78FN|VoPmRfTjg)IA-&J9@UY}M$OvW&FugtI|$G+#Rg(`Q~BN-}!J z-ae4@G*YOnd=tnrmD&N9d-zF7O!kS@t7TLxSHAFSOTrES3E>8Sgz&@YSZ*hREa4||cf!Qh~35gku8Yl*^Cs+ZeY)oD88A3=D<9$L~%kB7%AZ(K<7Pev}kPpvnfswt1 z<5Nejn?_pAQM0=%z(e@62pD0qm!PxU#^KXiwr3teIdT5l^v&j=Wth}=q!SEKWn|39 zPt_w7TPa!>fGk^x4K2PS-bo>PvE#pCT2>)2;pbw@$;o$!EzLP~p^$W0nJi6`@no2A zeu>dqpI#K7W99Z|NtkY+7XrmJVX}6uz!^<+0L}a48CC35*|1g9)6o48Ym4YW(1P>( z;es-J-!B~=B+nS{9q2N3Eu1BnBDovNJ+|+W>*CniqKY-dS_w{beD&?#!Wz2g?ImT` zv=uEt#k2`cyth5;o_*uimr8I}t!ekBVNZ~&-Rp>HRU|Q1Dum#Bi))#sQYi}wB}ma% zMm7Sh2qcJA$afinw=a_m;0<_2*d8~895uVeoEyB#;1QWX#wu`9<|{7`NM)Lyix|&B z6oL_gly!zj33CjiAp)H>G({%UML4S@6pjOQ7aj8L5@=>)s&gR$bB+gX0Kq9&abjFc zP@Si4jc{3v3BCm(_;LqZx<|2NsAP}R4W=vc>Fni%2<$H6s}g$uN{C={%Er&8&Fzwj zW#+8eAS#|BcM;lch;KoOIAkXEeBC^JADlfm7~)BP)Hcsdf45{^W~ zGuIavWeS=qLy#}W!fgVzWbGQ#b^DDO8Z&H;+Ph*l(1wdk7|izZf~S^rWi zmBQK@q>#yn$gKl57=}MOH_kW)9ebT&) zV3L|pFi(ta6&U!XzE^4XiHG>2i#$gqkNM8h*ggEm||dIjV%oOIz&30 z8kqZmTfUWm&y@QT1}vNer$C#S8&_Wn+@mf+dt!fg1hf|XP7Bc13Q6-O>ru|$Fuqy9 z@U=dJ=<)pyCGtdb^_Yn}coq6KM6LwE8Uzbp5N=j=@PQvbhfL?!qUR9mB52*K;W_NR z#r^Qa{s@kk=hg20YWG={m;e|Z!?IuQy*OC;pc{nZu?wxJS>Z7sKhX`^_B;HgoKMp+ znV`&L#=tpaC;S>Z2k&G!JE!E*Koq@k(bPb*&6PuOVL%%rm6~xy(U*_>_KFGPxlrEX zdZO<6wP=aT(r(l9Do^&1t!P|SeB zPlLH@?$CtxB&3n7L@}a&d<5bpg=4>Fj68-He8%;-`NN-^kiPwq6ofG2Mq}ga@opna zpNEEu&AKtev7q9?x&PrI(|VFZq99%w+XQB4sAD|gY%vXkNuUUgrXf2MjTqP#90 z!Mu{^HQ~bXL)EZwQFZA}^GYmL@NR+@{GH1g>(tPYw#(0Z%~63EV;gC}znt%z4#aW3 zL5Rl>eSLM*x8ydkWno*K+<$DeKQZe3zyHWsjDHsY5lV0WWK!|}?t+FaW}3w;meam>eR2EQk6A z8-s$8;SvhQh^di|V;XD?xw|{-gNaH0O-s!X{DAiYDEEp37MyU8cz*cIVb-OBx2q=h zw1%LzJv>3SKP%T!j{-F#;A7BnGU5yb8qbkC#*Bt!8Bbq|Um-5V(JXdS+r!ulRz2eE z!VQ^q!=xmkwm7aa<;McP%9;~}xQHaizvQ?ewx@?kU|0w~{LxpPw@=0sb8U=n2Dh(! z&2Ev->D%=2MEsY7%6=tv|G!q+#(#OAr|`B28%|*1ho&ki;irI{KSOy`qndK$WiA*XPjB} zTo>8YT!c5&)*Q9lps5^vm5+Mo*KKfhebOxEa*|NX02IgYnWy0Z(vX{Uo04+gXx^XS z#7^4p(0jrh+|H-{MTJ$iJk@@nS-vpNOJzw>|m$n(*ty70lO@9q8KkE#AkxQ-E|CAK7fDRA|+2nKgf zfdv?^{dfD7Ndh}ebZTb5fvDefV^D+IL@g%_D!}nnK&Di=D4SURXp8V71@)^d7Xacmun;#pHo15#C`}WaQGqp(E z5$pvxY=S&=oZr@z7Av*u`y>9A!G7{9NkI@8i#HTQ{=8xkg9d9?u6!<*ilt(?{-yM# z6qpLcMP7#oCt^G%p93J6FKs)TH;#1JlDc5(2?ovf+_EwbJ{(bLPFg2_?_gP~K93z*%S!`KU9o50Fdz=L9{hDje9Y0t|;_48O zHd4&_%2T=eXxlTFhnY3w3A>9fy*$qh?p`DOC&sV z0$+LV(`^v&aVSndePcL3d~%TbiEAy1+h-xu62WT4?WyQG9(VbHgb7`qY5JpGx4IEO z4i+V*Bc`JlhGkY3*l5+c+T;KDh0mb=+vXb^8)vu}qLn0H49A*y`|JTau3^&=$p2qb z_`f8dYEAU}98g>J_p1Hjws{K2nfoIQ_iPi+*cg-yTh(}R3I@rgIZHh1aM zN>Gg!GY^(PHtOrQ)No_l^b#mu-Ebms&r^WCx|u|{pe$H_84gD)obK?Y_`JHs&2W2l z{ndCL{En!0ol)&*HKRtKCJVkm5OG?e*$pA12uukH;F+7TpO#{Ly)Of&mID4RaoW`- z65J}o1o?t_aznl!Fr7&goCNwJiYUdse%8;J7tF8Zqj5Gb{`MoLfZrLVG}+Me|D6Z< z`~1sgxwN>MeN%nyG?x8FGIuapEU>9ZAQ{RxAD^&_d|K6{EtLJ_o~Ihm`+qFiF)|x@ z3Lw&}$AdL&uw?EKs_}(-!Q6SEz=YVBInWc)IU8IUkSya6#$SX@_E{L6gJt27>oSc= zBn|{0(KjHLHqVBU|CFA1(*E>>O!7x-b(=q#`aeHS46fe1J|Vyp`v3mt{aQ-@|6D44 z-s=DF@uX;AJjza-0;aODh}c&_te(I`Sr3zhY-Bku@Xq`?z6;T2$BenS&uSt!JG~uBhWcmlp77 zb(Pf4rj}%7yTbWXD-0K+>9y6r>%CGUv zU_%D+`;egnrsv1;)e$tQF0@QiOpI-XkNtD*9mShdbx7-32LE`Wp*JR(?)(`mvd7(4 zNxVAo9O28mcCc`WJzDTcP<$`Bwmh_zErM6&+t}uA@eI7U^L8fLi-ABK9x1+qmI;dB zcVHW=Q403O_ZYMWA%lgpeGGpRJwzu`VaQVe3cly^s!Dh z^_~K%_@VOojSpDKm#gev7?q6mQBBU=h9>XVqitdj8p(f|GQlE1Q&vD}V|EeG2oO3+h#Q}6?# zEH#@@C<1xVj~G059W}SKYRH}@I8Vyt&pzi9nTLGHipF(sXo-bH_OzI&@dUdIf3Qj2 zhYC~7t4M@GNLveHn7ASmOVmf2-EB}eVs@2f_7?p0M^n(h_Op`zhu08apAU3B|1a+! z9Hjk!4i5IW_P=*|e2k6@01=l@X(Fjx)T=(nFAWz%FbXPVNDk0($X;kwJPDb=i-m>o z`t|GC{xf;^>Va$-`A=iynH<**b8?oKRB|4F;cIM{-*lf}vH=0@^~V>3djOIE`R0Rt z5n#R?IA02&8w2SZ0BRPnz6xM7fOZLRK@i<4xGf(AD)-+6DT@4P1*?{2EjeD{9|OYB z4j{kmd%tN@8E*S)s!}+P>1tUHEBUp%;g5F(-1**5#V58P%qJP9qx+s3N)$3EUeCYz zR0sb8`M9{02mcPsAbT3&Y_NGpr_FZn{_3cGblQ}-&wcmisL>3|g_$|?oAImsQV%`p zsMR`e+>4&huZ~VvwEm)9UbSQI1PIxa6#xHv-t9Hp;sVr*C+wTq^Dn`!ROpg8ykw6% zxbbq-Xk5$f9tVe)4}ICsWf_N31SmRw5Q7Yf&QhW?5E{Ls3~3;i$S2Ho5In5dX*`)U z?~tc--4h2@kI7HbSx@3UQFX++J?r&uy5W~Z287rIEcQkuj@_F=chB|gJrQG@>`{{} zO(yxyMNqr8%|$HeOwiR56^_^Rb4|rsiUkCJCR;ABhSMVQo1M9DMdSY<(fH4Mn7uy8 zQa2G=3A@{)>=j4Z$>ZjD_N%1A^HWjvDGXXl>-mCSSLfms41>|jfIu?BnZ$47ju%2hE6Or0J zeM%pIKc})-%L!Vn9qJ`oylSK(gxm{9>Q~ORNosyFc|YCZp^D;+G| z|35gWZtwrU%d_nNvm(#eYA2w0j^fw1A4kaf=^*~(J(^{zsIIxdx~tH z0t^`R0|AD`^N)!eVI~io3Q55TGrMj|@xnxATc4pV_kL@ip*V1Dc8vMwbro{_1b>OW z@TXUdG60IgE}FRpMN9_ZCYgLLb}u8J^fSso!?iGre!K|V3y=^*-$KXVBK;QWvync6 zvA+xMr;>Yq6chZN(1nS}r@fEGUq5{;s)T$B>)g9&jOO9_3jcKX{fuv zf^(*{{8l|Em3Dz)SsrClP;j^=Qs@VP&R<8qR){|{9a29pr^WAYlOpIEWBtYQO@TGE zrFUC;_w(qT4`F{NYDf0oS(^EiXhQ|)7+YeoB^EzXIN|{Ix1kl-K{j-ZB)M2mDE^2$ z4J++`VJ!Hc9{;0Ks-^9JpG)P+*8cY%&$9h*DXYLMZ~vw95xm6}z-Ww5TmTHAczX+Q z%fEgG|B6y({PlU)s(XLiyLNxyXEpyvnnB*+@b78<|GE4*9slc~T&->S|9dL`$V?&A2 z`XlT<86YaV_|ha^9VO}+MDAJfqJH{4@GU>t@{?zVntUo8WJV;DWf~LBAdZbOBJ#}3 z>CYh(FCi2M@yh9owr>T&FTM7i*r4a#lYid2y=3LSB&%<7W&EY9_quEIF%aMEl6kW0 zjJx4tX`Z_6pdsg$<=R6cLxKfcS85&tQc>RVWW#FffyThIzS5Wj;NXU{Jdp_e4E zK&%ajdcpC@_5>kkMJ(5hsVzl$&fp#^ia#BLHM`3wCO~u;mEd}7$|hxt=g1I|zMmfH z^VOovtC0Sv3lqe7_^R0l3Het{SbY8+`1gExxp2xLpU;YIyJaD-ezNI*EL1qZ4)r=N zu%7-`E0xbn=l}bk%Uk;Y9#1-=C*ST^tUmVr7igMzCPFjRe*=Ef`yW4YK0(?0Rrsjc zXimY) zUeREs4q`d>jFE7GvoQq_5M)h}Ti_naVLmL|vxdmsW!xm)V5n;m;#mmH5YV~v9B}Xq zxxgdH<;;?Lu1JQ@R}5gg=vT}fVKqI%$Pm2C`mhnw0HlEFZxob^3zkMz~}$J|M?&7zyIfd zim`uwS#e7~N}gE+K`Md7-UB$qQ&f-d&ohUY9sBa5jlf3%Js>Z3BoBTMUu`hhVgp+a zbkQeJC})hk8jL)4C?NXz?`JP?a;Vi;4Rv{>`@u*Vh>7+$AEKW)+y}OJ!3|Cl{ZLjf z&oIO~`b!yrGX}pk{{A7x-}Jn&IzevHBj`M^Tlsp?j~_WB`6_vzKh;92Y&(_CF9R!h zCOzm;9lOTknm`m1Hqo(RYp=Nw$AK;i1hGY&E#f>Eaa?R735^&41R)RBz;F(L2zp-w zti&5WAXVUACKGut*6|wj-Qw*QZ~rj76;VtI8G%aT;YdJUK$!&{BBI?+kvkM$#)#&3 zLEbb7|98g3eOBhBDB-(VycuKLLirZTU&ftckoY3N`^$5u_yTNkaEpVl!9h44yJ*aT zP4Z0c%%Mi$6&#@ZK6M%XFdSx=90nO?7sdjiS8Pg@);tCVg71NUy$PFor2yw(jieCd zZ6~`$x&KU*+gP~sgU!8@RQF1BiPm?EHCwECFRX!%Ll`2UIYl;)-I#$#G0=QRE$Nl` zglx^h#ul5l*z||;pb!lII+zpLM7F52MV-HzZ7$ObL^%H)xnnFHA2rg>e(#TBE;dc< zZF$oc!QM~ObH~_m@dMl9Wn2pY@~^|Cpu_JSaW~d28g0?&Pk}~ppxhLdlGjO+Q08+l z6MI?%+cr{Z4^NN{^7*wcMF(|za%Kao1`749_x`-WrNcQds zTwVe&@0q$gKGN6S2Yw-dzYxe@4(OQxvoQv|0TyIo!mF?$10ynC#V=_u=kGFx!6kP8y*?R)O>f3rS~FDaDcH9M_SQs{GgF1nmC&x_y6iaw0Xm-OT=yGJxx-N1Em$LgH&3PNmts@3xO_ zx@XtDds+Ir++f}h{Bwq&( zCN%0I_1*vA#~I1j0e?w6RYgccT1JH#GR8X1*FnCV-*TxxJC_1!6T`cn)1{8jwy?g1 z_4kDJSnBHdksZiG$B6tJeRvP-Gbxu7k5Fs{?=-{%(nW`P(Q#h(Y2Gf#3!uyYG55r_ z2)ISSKN10d`hB$303KaRiwuOX63$+RF(CU!T$&gR8M%l~D=+Zy#mAIv(5i``?KyuA zEFYo~c2R+U<9>Grws)U_`qeG!|LIXbj3B@E!0_c@3|@cSm;!?rg2Kze;iVw4F<86- zXk>xMt3V`!L&Q)2QuE@h!OzYTHt>uS!c7Tz#v$eM31Y-H*vwUG#*UMMkkLaAFQ82g zyyut6#|lArOyXyA1&|nmc%`};NxUeSD**eqXrg|FRA}dGy9Eu?bJ5nED4tdJzc)(# z#Gfb5e@c~dI{t61{JFZd|GmePqAq;rBkIDwy3igY@QVYfz6*XCE+`_P{u?N^3=@&! zsfmXm&#LYH%0VXYyPW+J6hKr|4xBHyC%J#7Clmi8#`g~P|H^))Qcm0d_p96U-*MY1rf7B=J+SL`YQp$heWiZz2l}f7xJ~N=jaMe%2%sIGb&dFlnjm&&idv zq;9`KhNN}G8vxJIAVpp3LW;(V`V!G3=`TsBTM0Npi>Z89uT0pqddr@(qrRxSP98jQ|x}4y4A=Fb%qhf~RK^y<~IAf{8R;>7p@vVB*88lY^lkQzkG{i1p)b6`T&$gHr`^Bb62SD=_{V7@#iBqT|&mp&y%zFaYp?>}=EQ*3$`%CO@` z!!I~kD;V|&$4svpp4kkZk8aMBH!2K@ERw!tQCNBX0<5@#A>@Ij!VWK$`na@w*g{lC z9%;@U>{8^$)0m{ENhqYGfc%mL3p$QrkE8g>!J`Il&dC`(=a44sWU2AYWh(%lM=7W! zd|^G2aW9v(EXlERO8*R&p5^ep1}1*S0>%8mH(Z?bpflHHY1Er8&5LuPrPuAb`MLa@ zdvW*|Z<34fed7dU>2{V#$3}It1hb4bpPPy-)xp}^a2YJer(ml@k(Xw^G;D)5!gH>u zVDkN|cvsdj+N+3JR5~O!8Ru{bjT!~KW(k2mJI8DFfDQfHty1#@Ud}b6BDRjpuxU89~5)d-S#T2Va4c{NQ z|3!4Xx?IK%C%e!wSuu#RTer;yPC5VshuG!saR2e<2YC1Imd)1(` z03j?asQ;4DAnIcsCcTOpt%<#mT%p4HjpJzAw5QAan-(_0lB)!ZHT#n46lL`n`pZnv zV)qx3)VTiJx;im7%qoH3f#*2L4fbQrM*b4yOwKC!A_5f~rUYkMg%ZkAcCnR8(X$qM z>Gf)(W5|71njXPA^W!r{oH;Plm?9eya^vD5N;a!g>YS$a_rO3AOS8N;E$wj=|2<@_ zrHgZ+Vp;CUkfjr2Su+tPwi|CYXx7@|<%3QRX3eOd)^gUHFF{JTp_a4vbd8lN&NEDD zE5`Vw_7z+0rE1G>(pn*Vh&R01#2&T=>)yg92Hw^#mR_gg(vm!96Q8CvamdS}RxhO; zn`_BWsl?0V(a?|z-7I6)+nCC1tcAIHqGIv4uP~D>^#(`$USUiN4&H3u%Ts+&Y$7*( z#2I_}mOVMx#N$QRVSw4dHlZ#w62P^x$csl2GdF~JYS%zqx^VWsX*S8QU4(C=f=noH zBRa$GBvCZ>9&8?LC6oT^4t&GwUr*Bi zgU@ODUn^BUZ|VPgJQ@03hV%A1-|fT=lBnw5v@%2#R(vjThF#;4sUqeL){gvQ$bIPz z{w;_2J93D?3zWk~kDoGzHsq{}N+1j!5xaB*p67m)1HdwDDeL+{91&t={7P{Cbfu__ zUrBf|M7M-eDp#ViDEpJcAZF5k3u~VFHnIQyYXkcKxl~z-|61MO(*O5(Qlvuce44B; zr3IP>Wc`Yl&!FN7L)`X0-ImHHO;OA3sMvC_jqKHH7C)AU6q$x)(5$u-ms@9Fpt2-2kQL#ELuERi7nahjdFV)i7}jZ^>s5Z(LF z@MPjYCZu2)V_`BWP()}U@FaW*L3m33tCg!s{I8VvYg_y8yF5#Lk?H$AL}-kEuZ!}W zA^LH6iLm}Pf?p;prwa$w!B-5mV`wrF$>l~xktw9-!qLc3gCnW0ScPUT;VrwNm+Wfq zSSR5OoAl`nmNUymHhQ<-l{WL_l{IQ(4JC^PZ=wd5%dBi}+4c4**W8R#&A?AKc^iM} zN@Mmt?w4J>e_AGeoru4g6KB$YM;pGU{dfQK=Vklvmj1uXlRkC9+KEA2&taVZ z*we-$a73H~h?u3R0L(Yb^|q$ntFeg{4is{9>je*DR% z|5yvWWd*jsjvG8F|5sA_f2CBaZuS3nd6Jjqvf?;Ieq5Vyfn=>M57_d6wBhr~z##&3 zitx!`W-Htu_m_;U&*_#isyM@1(McuA2g3WHe>6Tn_sORJF6Maw3Ov~Kt2Kcq=>LB0 zpqlpoE0wqM|GPXH{vYuOmMm?Vz z1$m{`5~W0;H=|9P-%@^w(40W0KLr`w3g3SO<$P`)s?DJ?#?sSs%SvYTJspbs*(mb{ zd96Y>!Z%80^=Gvit(E`Z=n!DN{J&q>FQ@arACybm{J-z=ECo_X%K1Njo2Fil{=2?A(}+y%cu2u7Z*@|zrx00=a!PLP}1 z0pY;GIsHI@jVUlR1WiCOpsWczMJ}K^0{LkrA9S$`h8|^aU6k7a&_w_O+p~tq1$YG1 z*tJZmLn_8X*$`PnjN(!-!!Dr!b8B&K2cWrQVi#$EU@(Gi5%hFKP@*a5qI!-kNCET_ zuo2P#495>>93=_KGBPx!IKy?k3nzQE{Bj}kF7&e$xNjSt$K!;NVG-EVEE?XzR9B*cbbT~Dz zOT?nOi0~Dl7=+Pgg8efP;aeU7CP-&gIvoX#F(O8U{C?<3;>3h>OeISba@O5 zXluNc-q$XloId&QN5oC@E#2DL1^EW6MqJWT*VIwhE zv1AzoweXZ7qG5BW7f@ojK_5QuuwgK{8}K#u7xv>2vR~K+F0@r0xgQ8a_6fkFV9&+1 zbPYfXrsZO_SpCGhWb@((2^NSlYzEji7eI_VT9)BLj7DrzF~X-AwE5OphHY5JBZo!c zqHmtz^11P0gpez?o$3MupsFH5_B>ldE|UY9EYAx0#4v!~lXf==vtnfgTFwkpQ=zK? z>@t8y4s=;v%_dx&;Ju3>355R?jQtLK9D5U36cB=tJOo3Az;V&YnD6qgdC&h~fcVe7 zfB3^JhywrIn^yLU#o{i|@r= zG0_U~?F|N71m`2LV3dR3E$7<}EgwApF~aztd;b_h_n*5l>LU=t#CXD&PLvW;Vgi+e z8BG;ycxp_M4WKEA7Y~b^AiOigNxX?hRA92mw8{2ZKzG1+SVycGwxEO$niGA4@R{JD zi7X#R13L6cyysD>Q?IO`VXc7V9v zMGzHCZ)n&WNfJBOwBzD=5+ykw=zZ-L!Eu25GuFU4nAmv680zU|lhLB{#2{4_TNc(B{&1>@*+w8sP#y;pVhqg%rx=)RN5pX0?y{ML_ z**=isnGHtJRu^GE!Qv7X+GG!U8Uq=z7P|mZRq(D6Ry_gz5^VrJOffP*EQ~oAhy@bM zgXdg;aSg;IAKrc-Q4&T^3KSQZp5_xtE?F|(!B$~`JvL^x#F`*uY|u<+8e!Kef);jx zgXIC}y&)O+7y5Ap(#=7{kbr3qT=OiY1RW0ovLgLwV1&0UnJK zn~!Z&Tr!HSxx^!A&Wp1tha2|Syy+7k|JL~QhZvuN!&V_C)B$7g+z32#4T{3wtCZEi zSiGDP&NuJWc~CP_-`h(B4}G$FaxJnNdmefu)_@uo!XCZ1NF7wU(O?N@*Lqt&e>Ik} z={K>f#dvI8X~G|aNABD!YbL6~^`%v(RWlgi3U-Vbu%u>WF;IX0zfF zSJtpf_M+H#d)y*R_u|c|I;5hN`re-Zu4@Ka75o=NZ%m@D)=zoQAjI=Cf%(;m=ZJd_ zYX=L5*rNrH1jYA~i{~I)L$+!lQV01qwoyKHiNiPi^GMWdZxDp*>eJvL!W>zBm0(qs zm5B{sex+bF;d}M{g2dI8f`9j9f4`b>r=-R>2)Ciebd*>sUtyODe+M(+N-bkJgtE6H z(jn6Xc-BQGSQCo5{2R#L(3egN7Ib38RF6<>8IM9?Kry3iQvKTHIw17(hlmD{CKOnc zEDNqdw1=fg4_juqJ*53l@7I&dhQt2 zLFom_RG*~BFQmwCnO$`qReqCHtLt-{W~PB0VO$6KS`Y^QiTtM;-t{&NnL~uLc#wbJ;zYO$W5m~SPCh%J_{StL&i8Lo249ec5Jrqy<=>|n9) zAiPIt^m-XS)z)8Gl;7I5{&1N-K!PCFwq@4+z_!x>eM&_U>(IpGfC}*>Ixz+v+NKj5 z$~1Q-`UD~qRP|W0kD-Z&frSgZbzs;QvT!Iva6Zfr8lx&M##DHKa7$XYu){4=ffTH1 zZXMKPa+Hn$Z9tO0pq9ved0XHqS!`P9EgV$1c7)6f{$*og8>7*`16xO2QdW^mjgg^3 zemvkyFYLdf>P9jH&la2bIzj#z5j3eDwCAsr<{DEJ%Ua+^KTYL~;3mH*H0z*Til`;k zT|{(jYIRTzXyuYwnOgLju1E zYy-YkrYXFRAb7yTHHa_LZM-|C3(@Zl5Ixq=7SFeM{t7%7heXL<7<2__;j{ZdUi#WC z(XZWdLz1rUd~rM|nMzj~ zxP9~Dv^!BQc!NrVUiZukP_aeLCdN2dWx-;B&jbuUx#Jq0-g;XdXttU$+OFj z**exL8tmWdCuq{T>{!~hGPyYJE7CD_Dcl?KOsS?bG5>q2Ta=RMQB>)Fmg zDb=QfmVP}vmCj|`Y0HyxRZ?05>BwPa&!uK-rktKHuKM!_(V*$f?k3v)uvzX(w^~yx zn@z=RN!^lk44cZJ-@3qqlM8|rN0t<&-I%c`O0|Ax(rWkQ_IcNu!z*ikFlg$RZMocSpK0eE#k}lR4q>;iSMEx+ zW4TWolBL#Q*|`%9PMVkfiFSI`GVcaw#}7kADc>pTzE;xlU8&ZFlUB8-NNufD{wCdO zZKb8ul#2e)oA|$*lX9=`w6s!L7MpTw-oi<{F+6ozy(6dH=~I777q}<4`^u!eFImp9 zB45}&bI|DYwYJof=kWCEv1jRnD{DNzd%Wmhol57t!QQRjLX%cE*sZ%#`DECvRT|dC ztzw&#VSoO3H_?>Tl1zJYyCqxtL@M1q-YNPe+XLR9e5OH)BDZ+*sMOATx8@bB%;#Sp<%M>tS-s|krI>QL_jp`^&6=TDwW-=vx>8^3DWmBHYyub1x3<9*d2LU%%A$3xx2Z=DIflq(mrtE$wOt6Htw)X81- z;-Y<~UCR}z+^NiKa?3HVTT-c0(N8<_Tvz3q+n2AVs@XohEX{-_)9tIXfpu4Imo%?o zIxWQ_i^0jo11ufh4kyk5oJhAH3lR3?hmtSV)xac7$nZ%~`er`OHNqTlaSyJh|0u6q2SHch8n(Iu&=-E=z6+3-}s zuyUbvO0B9Sw~p`Rn%t8IEv=+WoI*Vu-*hGy1Kyw{4^De0O08|T&xfT$s+3w%Ur|n> zjrWzacC&ZdvgMxE?mXycjY)H^^rZ`}+#2-c3%!%7D{y&L13jJN^q{F!CHZ`+m0PDh zxz+AWTGsWMdMUM9gYJY*`x6suR{Of6v|0j}n-@|?mh3@EX>{b)Ksz(-_DTDs*SsJ@ z#hl)i+LP{s;&jbcsoj%G&~BZ|75)6`QEO>ceZSvv${nRSm(HZVU~{ETwPTMTWmy^w z%IX}+<<8w>t0$f4cgSwZYJdLFk8i*Gg(%?DXoj{)uh!Ov|2Sq z_Nh(799$2YgGcqusa>5)_RuuHUEkhS)QPzdC)zc9RL%ys=T%j9_It7fW%;h8HNI5Z zXM?YI{r2MeY;fJFYIfH;ulW>v0Izz-4{ft~sVVJlTTzsD*}3ZVFK$p@+lM9nrqiWY zSGP{JTXDMZb|4QcgR5b4ese8Lowj^2yP6#8*QaA)M(Rk za%|Zi=-0iLC!Gyuy$7=f&yJ0D>q2Q)TDador2W&@zS67>l;*`;X_mb~Ul-|$VPC)L zJZQ(=%AlkuO;>xk=npE2c~x%B;pxSG<3W|^uJ zG|yrA*p|zt$R#?I%h&Sa5caAU-M-bD!v{sW>0r*_zskzB)L6m%$G`pNiw)c|kSR8F z*ot|6**-A`?TP-NR$3=RQ@On>N#x3E-?p31 zzMx%`veT9wT{GxJHO+H$tKD5GgB#^cx@xzi+bacEy5)3oF z612_ZcI$4@sq8PL%AuiD@%~-+u-ve&%GYOif*5M$wxje*mBESDS8m&Fcs4Hgo3z#| zm77YxW(=yw5AfmQPMgS8xqsM|<*S9-cc4^iRoV~7cwkN3PRYFPo?Hna9NdmC)su^^ zWIESFOY*uCiKu7hL;FmfYfZEN^>N^~?Y8o@s>~JpxTTekPvyRL+NqRj-(*auRlA!w z70q;njYd0>j-~Q=UsKG6G;?nIT{3N-nbXUPybn+D44obKWw{Ky6SaC}Dm`hUTLXjM zDW+Dw>eH(7sJp$hNkwk9uYDlYP1K+5UzO-xx7@yf{X?a5tAA@)T0?E=)BZ%AGufjv zX&p;)n~|jBzC1UsPNlhas@$rkgnPDgpp=}64>q03Woh!*zr_o!Qr_=aQWcikSE@W1 zbRTql-6xmGcG{}hGSr?qhvvoppxUbR`U)O2HKLxFRdgo7t5fq)tf723V>>h`>6hB% zVy;Z~E7D{x$+vo^-91#~GlvnviDYW!UI#x)a&2FIP>$PGNxv-7Gs#j;yJuIG!Neb7 zuZe4Yt98(8>JzCyw}yRraoua34$cOT{no{mHc^zeOs!7;uyj=!7>eEQ_a9pGhAnxj za{hQ%(we<0V>YF!7~$i^<-k&o?t2*B`jBc~#L&<#JdW&)R3L>#ikD`VY#Lpsq*wvHu`l%2s(_ zvQ2p)mtFa^G=~+mfY)}evNLG$-tnOs?z$}u{23KogZ|&hqqUc z1JNL~%8t}Lyy~7Pa>H)vgI>#qkL@d^V)pK;`fTth>F}|+K(_w1Yfjw0d||Y0bzeTM zH5JR8-c{%gESaR+lyskm&L2A!#gQf#xcbWcpV-&Zd?)}e7%y-)^9TORhcYbdwB zbxr5IujuEpc~|Z=+m+#Ivm{S+UA=8z^-q1TGGscm*Q}i?{lh!S)M0Oe7oA7*o7{A2 zy)IpJI?lK2{>9h6*_w8GtxCIb`0ZNOu6noaDr#N~kX3fH5^W61EkXagmOgKv=JnU$52bKWkMYRGOKcl#Gz*e_iU zPg-r&BCb4f+@Y+TBH2IgQsu*1@AUAYZH`My*|}+#k7wv%aMPJ+{a$l^dfhUQrP86S zni`ZI2Q#@#PmpraZ&&p*xqEoiKf?PRvt5%FMQn;z9aOue3tQ^9Zu_UTnr3z8cZ%r@ zD|9YD4oujRysMJFe_8snkWQrssWN!DvK0I7w%wBYwR!)v-GFD4MW`ihg>1S`u=I(wEL)b1>)tA9~8-(C|^Ov{1|Dpi`O5hmUvVyRzbTD%zkUOZ#2&pxl~v zZrdk!GiTa;RHxdbc5*i<>(>mc9tJ}D9-K%<*F1N-kJ6*uq#ZQTDpysl32kjIF{yLX zK9J>dODdJE>pnf`^;>tt(&4T4*oN&&yV01K=Y!tGiG1tJ!|h6Yp!LgN?;ctcCc7cI z{OwB7I!fcP(QjT{4jzxIP;Or-CFuc9w2oAoxBI<|1v(|utN!fqYi0g$xj5`A6ICcF z?FVTvkoEGNX`0u~!*gUgHMu!B?b;Uu?Xh&&FoeJ)$+hNr>$uxh2FFTM9(PO1KnPl; z%iP<=6!2pQfQGoWZX%ao?Q39*ySNJbt4Dz`3LQ!S#XvKNxM-y#U>T~5LF0U{aS~ny zgC@@_z4;X?e;l!4Y+}B3(zPO^-fH{pno2J>-ujKI(fI!k7Tl~^ZB4oFXv!5)WR|ZD zEM-yJGzHU!375Wq4<_heT@T}PE*qKutdV)%=gEx!^EP2W!)JZ`pYndKmX7~fD<5p* z|GdkSW=*l!pM@VkUJzMtIilAKBjEiB7|51g{81-=a6ER=m;;#PncQbdjX)~&gBJnb zGOjCdI9=j9E;dnNEJE9D27@A=DEOC%F}VX8(g_dX6pRM&uy(0(1{=g~ZinCd=b?9_8-)e|u4mhR$Q=<&FOs}~g*Eg?VPipcwJk>e2V>;hV-?5U zc;r`*hmL{f6xoDFX%Vn2V!oy$!ivj=!8;9&4BOy-gF*2iNNjf0*(j{-`$Ug@1rvO} z=CwX<_Dcx>U%1>hTI`k@ybm=HaiEtx_zDq15dTFGz&rfOLwozb!Wdy2P=$ZzGHB8= z*k;kAUpJ;Z9>0c}h_D?6-S&wRc*RKk2x4T9P)NOHdg%9`*@KPf47(G<9v6ea2E~a8 zX;#$GbOk9E#Ko}3E+Pc+nCj7wjh5x9!ORQmc)^Bi|8_GDXBVvT?(!D;NKDL)m2V-?K809yPoCuF=!PARfejQ`C#_Z1pZ=_r!yAy`&>&)e`4b zj9tyJ;{rxz*PK+Z?D`c`3JBwCmM?ijEZkJ=CM^o-G&=?&8|Iu^n#>20dFsRRls=@> zmKlhANKWm8M^LIJ7ud36j;tDa;x>5t?)9ols}h+e`R&HJxCC?CG?`XL8Ych88yI+k zqz79&&sL6nt{nO7tOHpI1D*qHf5OxN3YN>XR&i_&Qyv_gmF3*x{O0e^RdJxM5vbj6VWk_C{ zelwEaa5e{8)4iQ=iP>g^{adjSf7~0nenhu^m%K+daS6$y%Fzgx0Z_#@@yr)Ne}h+j zF2wsCZsGlJ4Da!z!W+Z=iy=Nk>tBi#mx4Z?{WzB882ruB-EW`NlPUlCg7RCrfIT7q z)jluDf3?q*{jL1>9?wgo%?BW2KOK2ubO&8i@1b&&I#V+_|$|`{RZ%5%z=G~8pxQ4iJ^83O$MUw`HfG)6YuIEpV9DAy?mBjoY7&Ba;fLS(a2EaM{k** zvb$f^%BG_rh%n}SG~y0!e*dYLnG2d(@dZ7Kh@F}Jicb*-O(_@a8(hl5@O?$ng9u>L z4f8_LVQ3_H*oi380(ChWQNSxDPjJ~9M0pgVZ}Hp;|37>0zm_<%EexN3Pp+c2J@1}& zjz9phTlbmyUPVxBK@Go@e&=b5q<~10%A^8_qXzqC6o<1b+Ccrp9a4~9nOEVv^&?sKGq}A$s`o}h0l8a{bHFY zmhzEm8_~*%#NpBQU%JN2Q@O7e@js?9J+Yn!{eua;$2diu`37i|?8rQ?k>Adf{|eGx z!EP#-B+g_imkY*tr14{;FVO!VIsZX^pYg-Tz!m4eY(Y)d|NfNQE4-ioHt{T`MsbrR zM*=-|Pz)}<*1lbS)1n>urqg3dWcTGxBTq$+?1`$f-0=(1|x*AWpJqvDFOD3%u5g7+N|c#Ps1MkOgVaqvJ)C2%R#}6(^W=h9J5J zUDV)pQKROupC278T;}?GJuAu4_Yv3Gc|uuP8Y@h_KZo_d!Ohu1{_i8=^Z%wi1dZ7b zN`RI8Kf9ac|GS^^@BDugkHr5!2D_6ke8AGT!AA%Ck$MEFR!~R&c9PdebqlbufR%5p zXY!0_ZtGdS8QwMR)tdI)1;l!OIvk?>nlvp& zVZ37Q0}v@%z*cWeW<7kj6)|@m+cu;`_4Q}k-_JoQ5a{ti6;v1c*==f>(393aO}{ctvz75QIs>fWa$ z|KI!ce*eFbXMz47MdBr_LYE$zm}n|%`-{y-!H0s54k;Neie^|_V9EF176Q&2X9fF9~&4<+Wb1A1dWP#sgk(wg$|2swb? z6|%x1&;jVqB&?W7{V=_dEpNFVN{I?1Pmr2Fg1>ib*Na)ZV&*NDbmjvn@4FIy3CBLP>`%dYblBHyxd)J(LbBrgO{BoKw@X0HtG=H<5Qvo9+P92lklwpof5g zeB{}tL#a|{jDsqOaO~rhsCbr3LYQo0YX@uvnKt;ppAdZi`{ojBd{083H3KEzH{JWD``%6W+5wS2 zMkLQ29VyWL;RC4j!4!oB@&b$s@Pedysi|q89j=zx2s(te(V_FRFVqzTevZlJpOd40 z_y8cGYK(yqVHyk5tAXhNdW@e%Gh}7`n6g8GLeKyM4>~?@(3C9)VKvAjSj7kge3XIR zo-gqCY}xwW+0Z*1dYAprEBn{YXYwON{=Sd?efH6_<}LaD6<;LmMa}NG6CaTTG6PrO zW;N^!9lBrJZ2A5?)AOkPpKp{Ob^uyo|KHvHGygB3ei|1|r^U++&5_sAtVakn9X3?>5&ZG5*sVII*T&SQ0M&4(k*r#u%B)5UCOCm?{FCD1EFL zINt%#_pN(?E&%4eG$U)#BZIEx+!b&G=FORo5?w@2oS_5gg82CLJ3Dw{V;>GA-_oFE z^p1z%M-!E)7sQ-a7wt>-c1w;!SP=FgI=LKMR^T%#O@f2shA-uIk>4xWN*H4TlQ?~l zGdWngTFd28oB*WsVf9Mw_riTLx%@}PxHsuA~F6u7}^!}fvnBLIC9S%#4NbH87*c$r{3M`I`E5rhFI<|Ze> zXPG<_u~h8Grgpvvds^wZQvcS}&X=QXQS(I@Tm0Q3l9yYro1WxgFaK$O0X`nz7gBl$ zdDess4XLk?Y4MZ^pVeG0d^^F`*hW=m+Lk-A=`VcUGQRCf9^EMy8!6N2V`&6FY~n@2 z&HK=r!dVb3#a-W+CV1jO9bF>NWa;^_V~_)&Dl&8uuQl-0nL^JvysXHSX8On`@(-ye z5hNEZu@8BOSK`IOY0j%}Kdk$$vIf3uZ~v3Dx3`-xE9qs@kmv$jQo49gS(Qv#wN=9o z+DasH5(n4HWmKQDa(Mvgr*oS54{yp`WBqU1kJ#@_#pMTE& z-Q#_dk3>Xi%GAt(gFW=TW2}h(R15iJ{+E0qmwUhe+r;w$TteSRp2OVQ`09h{5ILYX zHZ8++2Ec{-2o4ZQD<42(Xp$fiAOU2EEDH=Q+zUeuc7TU0Rz8iXBGT{BF_aI$5mkM` zN7qAr^9~t2Sm7VrX>j3KGk_h|l7a+W>=d?C}P{j4rmqYz%V_c zqz9&-VgKdeE9u_7mtp@6ei#li^gqF$Wa4C^j(SiZja|?;Eku-G(q!r?zodI`r2LZh zZCCl_|0*9q3wkCV6HqxW5hX1u+be0)Krq9<^YE>bo)8@yD5G4oYbCAzcVH0G{x6;$ z)=o<27bj`kc-Ao<-~YSW>|FkjeD=Nm!)Bfjpg3g7_0I7?QP}pT8vz6=4`HsZRFUgh z2*l$87wFg=_b zV<_licreMPv-$Mr1MoE@eGX4T<3hGc2=rztQQt89A=9&PFJnWh_r$i(_Ck;(4fItY zIvNl9=G_7Ckc}q@7-MEe^$|Ziff1UqO65`(3l>Zkof#yot3QbKPj3$EF9T7CvHise zTLKb;Xm2G%i_QX%z!C!U`RTwEUJRH|ibR`>!V;llEI1_q2Tw!qe;s=s(*4lh%jXcC zBBRmvo<8;6XP$aW@Z1A1b}U2)m@{`{PyE&&TNX=Y7A8(N2|#yrs1XC3oV+%#&J>~T8W7pJ4#v40S=*eJh z106bylzWtloxV93d&pokFN`jrH)A3;0yO^}Sj)W>)^hUpJ;u(@zL3<6gfwg+cD&|? z3V{JCXOdSFHa3t%8B4_aqjSu@)Et*cyCkDfpPf;J)F{hXCY344zzH-hrkM2;vNs$X zy6zm6#yd8QFta=D<*SPg;A7Xq79Pw1aXkbLN}0s>py~J|npfOB!$@Dpj*eWPWTw~~ zSr{55<6{1wl#gB3XNvcklKRYSgNX?l!E}Sq>g=mx^ih{tUHKgaMZF)l??q}#8hrGJ z&>4{(@b!ONaB7*z|Gd9&J;Jx!{}38dnUXO@3YG1YRJ*b2J6(pPsBVtL%q3VPhYkXu zhxlp@1|B{AA_I&a19@x$T=nX%s-@rMnzhsgeFuh+uwDq=U~HF(A6ySj*n!mx_uof? zfrD8-e~LXGF|)wYifo6waF4UZRfL~=b_p4dzl75z$A2M_u*aF(>hWKQx$bc;ST^s% zJ0E@zMEPe>Wo&{iSS?<}Hsmya+*P6|QmIu;%qfFF3G!Gm4Lb82v1D)4?c z9l)@emU=ui3<4lviK8gsbQ{vP$r1V6VHR33^ABJ(Hat^%kwD)qIF zEd2a(8)J!4C^7uY?FuU07{M`|m+Fl0Sh@q5>?k~2E{h8QB`VKIdXi-sozsBdq2n>3 zT-fJrkpZ^2uhSOGa^_$^XfILgYOa)}XY!Xq{c4s(hktIxGR07SG$yknd?${vlD(!k zqkAYwf!d`y09}!g?Ne4Coox;+=zzLuP2fVvE^IV_trmhVcIfdYocaro6SiZnU5a_DTp&sSU}+Y zwU8#VyWd3<+1>3m(6IM{3gSA;u=jFgpsqK5j12yIJ^*%wbWU&$;v(Jb&nQQb3)BTX z!!mW`5R@9BS&9d|EhY+e?}*m{mu}EnLZa$- zLX%auxq;vS7?=rK<^ao$LVRqKC0G(~r_k|P9?3^AlmA}K=8` z5uu@hNqlb>N*W>jBkAXQtm7mmwNy(XXlU$g7s=;YjE(S{f-(tJbgHterw#D`VawevS9mbm{&@-v#Lek(E zxgOG4cHC$fi8A)qTaf3!kUKOC6p0yvd}gu;%Bq3NC0StO2v;gn$<83b4yfCvKU@gc zEqzaRbCN!`8(e~|n)M4AId^0CUZ8KmfmlM=vnUp@2MlH@3+V7`_mVq6b%7^{_J^*; z7=>qqQx(b3^$3WAK@u*b@v)%Y!gL9U<_Q9|olkpXFXp z>M!$w4IyE9Ev>5XQtHHRV9H)K{tKxSyIh?K7!*APbuSaVe%1wKh{qPsDBMFLleQsS zg9%GuZ2FWt!dQC1FdQEEL+A%RVaJ-uU13K@X+^2@!3>YVlzn5FBW6JhoC$)l767;d zY&b%I(49hCIE<|l@liS{z335+;)65P?97~#eR*?{F^&_lkDyolMdd*D>mnHVgvaXJP|Iju7m zkldJ{s2#IQI4Ym88`$)grjrbceiQI95m&bpPwu?Eywe3PDmwsL*clK?hKVtQexMQ7 zJE(AdVX>S7}TMd!m1x|CByXG!VyHHI^~I6el)%n{^t z+>1V6OWf_o#oaTWEAm|4RZRzbpf?_XzIlg8^p^2yx?#}(T!gz%4|3qgmw_t?x(C^@Yhprh>0ulBLo_Df!bKkR zu@`imTbK4;>P(vxx|Vqd{27CoU@opsk!9yua$4prXy*VW!Up5ThU+-j(xOP zyX<@Xt)yP&)>Az4=^W)$O@c!AG8W?#=)Lp^#|0&G{oe@zmtS?6gGM?HQYp%AVs*N| zs=u>;{Q6n#hIgq{LmMD=5DCv8hPIFeJcOz9}kJ023dp@*)hsS=zw6g2bb&jra*d%6UWO$I;(T`Qyn*JjzwaP!WS1bZZkXs=wE=Lyu@XIeX?4w_P0hPY!lUpC7(mags+nFFZLM zgbZZtgnn7VXMy8@@}J<|n4NoUY?ytM-4~~LbVWX90_P2=hGrPZNP{{vo^f9Y?zvmk zjzgzks?d3~(+T(da9w;Raiz)(n;eu}2#P;MGj>E6 zSh&|iMo5(&VmDb*Mp4==OC#D%gHt?36RL2>swU<6toVt;k35!lA~!iMiySmf91(_a zfeXDh;^;wX2)E^>f4 za7L816TjQ`kht-a8G*3tF$*2*9 z5_EP~eaFR$kcB~Bdprg9*z!%+3UA=Zl4GBAW@c~Z*`3(boYyYL`a*Al@H}tPBPn0} z9`=VI!4N10P5);iZuo;R;WbB*&ShQcJlqu$n1GK2A@Ef`D#yaXR~U{w)JGn2bQDwu zA{jXLhbi$_W;?hOmJ?NYI7L5707U1R_{xJmV%P!QX6VSDBZc35>WE4hIb-) z{84BHQuw~jKfZ4plA$K*d`>EGF&G$X8QTg(DwXHP%z?IWBJ(l$tbSGj_Q2=e-8=)6 zt}O$NEixrZ7wNt^LDr0l$8MnF(%0Rc_}`?X;I-C`smxtA z1al1z_ngsPFh#1hcNZr72`&4}HezBgG2FPOKBD?JClo1>Pvw}oBv8be5(%*zgs)#e zWD9Dp@cY7(2^Ek$Sq2I3i|E(P%+mey&)}+`&hxLoc===!n<^(nA20iw-Ab@%V{mg= zJr6aMPzKQh0o4X$)|O}l?hkE5Oi&0~#^E?77GhZJnKbw+-BM*fWDB467NcT${)P-~ zw7nQk=0MI3Iux*wLr3dJ0(Q)fGoVhjRe5t$QivEj+qK*;jdO(r_C#Uy9Qe2k6$kH{ef#ttuP`cvq&mg9Hg3;SHscrP2cvE}%M_ELak^$L!COmt}R z$W{8^)62shK;=MJde;^1DCuB?-R}TTjT$cnkC9_Q4lE>Lh>2fA{uFy7;VEi3Bsi0Z z4)aT)VP49o7xl)s%H_gKm8gqHP!{*DGaXa1FA{;bF8#R}{@M-gjzXX7y4c{!`a-ao zjpj*6ROz8KXuP}T8q0i7y8vJ5;!-utUTj&B`Il_vAuKLh-V0jk@VHt^+s22utlo}b z%s+X8xu|jO$&Is7<7E_4Ht!-oK&cDXUX9u>BZuXKhmEt3(Gpc@m&mU^cM=V0KR$*x zcA{9aNHYxvRiBEkLOw#5`qb@Q$VJl)b(bom=-Y_A>0%@PE9{La zbyrnW*h{GeRo(tOq(b>0`N;WSE@};}a@1^8YR{VjW<~y|Y_5FtCG|?Ew(vLXQfWo(CO$2ynj-x}32w39IPA zY=a{=1easWVx`;>38Wj-T}88WWB}%IX#Au|0$g!mJYEW(-L{L+T4qoU@0&~qC|#Z; zhucBfR2zsHkSS^r=;~%hvb_fCGyy!Tp*XY!<_oI&Ug|A8{Qq<#SGT!0oarPfur+FZttd#q(ypQQ}Fy z!LN)zr=k`q;i0D#PY<=mx8sTi4t@nceRQEu#y#SL|CQPKUpqg2G)xct^bz(5OB(po zM+*{viai7T^s##QrBtq*m%g1>>Wyvsh|az=k4nXhTDfvU`()XkN8=vihsDe&Z}5L9 z#m2YNb*Tt`6A-Sr;o|bwhuBM#(svmSZ8=2@|VXIZTmnd&LEX?xETfv zG4a7q9~1c82D;DC#2`5M6-49wx?pH9${UKp5yvwNTc#ua4O|cPEpssRCHw-Rc{3A# zi0uFT>7$tRb|{!rDKV8m=hwL)0{{Fc_&>^j{wGKDw&>767LqzlU!GpnZVo^MnW99H z9Y~->D-eT%e!LWfu=}V>MOif4WdnT>5%*@FA~1G|t^DWzHv8ZoK}LPLko1$>Zy;l! zNyeeF|6g28Q7pKg>G*x{GyTTFe$>wnaIJe_aHp4_|3yD$S-GJ_5c{idhSOLCx;&u> z^aJHT?GdH@lnc6s=`q)Z1$5C>{?o@}eYoh|f?*}xD2oVW`GPH{0r2p^EZy|0fS|Vn z2i(9xg};(n!Zt{yMtQ>SyO5WH-T-W+QVve>tDj$e52C&~+6rf}kf4=C5FIQAg@3dN zl*AYb8h>q0{5sDf%jI*A@u>XI7V@gPmyrLty+Za~{%_*>Af49uDP-~Kjk((sWc7oa z>mBB#=%FEUh&e(0(w7BC@MDTeBv*!%!&3rN4%{1?7K@1cT5=|M#`CSmZ_yEb!IJz@ zMMUHyYMlS;So@cvbh}+0I|N%u`H3F~J>+7R2OzLafn{fjpvAl^_afsN9f}Pd_z`e3 zCp!gmk=(=BC%y+=da9AL#Xas7uq|JFV@HADYlN#XC2B0hE8=faJlI!y6puy{H3_zZ zgv}r*-^=E3=^=JTC8p2qkdmWGHl5A>7yIhaFn}MP@}-P~KBh-oVGhtOlVt;ymg1=k z5uui?L@=em&=46EC%vy2?w4~!u-0>!KM2dyQ z!7|ozT_OTevUexQ$ ziIw7j_`*(?w2;O-NynJoMZLZwXV2`i+#p?fOVfdQ#t`l?n03Mw~=Vzyw_q4BniQ%$M4=OJW!Ncl*ioj!-V3{LyW0K;car9U3x(%M^UCPK9xSU zEIefx4cQtyQXEUHaC=c9aA;?bMU2~BygSgxv9z#WUZA7kxNA8ug9GT+%OV9A72jHVn zJTk9Zq1J_w0xN*4^g)-o!|p`!nt|_i-0SXV0@whcS=q>x=0N3ezVIk>cyzFVxCi*7 zz*YKD6lP5{;l6ncXHte3aqn!r>_i>`^>y&*&)jwP^#Xbea7TL(9$idBf8FN+bi-PD zFNe%|JW631%ZGiCvRv^fA(p>6UIZwP-Pd{^K=;qTUYHse;nBj-ID!^*^hZ|k0aPvl zGz^cWb;k5OV-6hf(d>)l(5{CkrV#}f6JYw=FFlzhpmw*mUKx*dc1G3M8Lb-!?h+Dl zs!kw|wg)}Y0icK#!A~DidT;;^+jUSnKiV8lA6PBS7axV;G2Dy%bh?iI$iHO9JHj)^ zi5MH%qh0p%T(jqAe>O;u@tB$QfRpqd-japdNye-od05O4`qI-`2QDDcRfmo8bU zAuvIn*`FnCp@Awn#omZWS^7V+GO1a+^*BubMV zqVf$r51`u{lUWbny(B6b9%HePYXT?Hvu?zlQxwRvPw2_jR&J>v!Sttv;0hFRbqRtQeK> z=)?8R2n+D&!@+X`_H54s=<*WY8xYtG6PIJlsR!jBE!(yqsQ24y`T$X{_4N6Bwaq7>GSBA$W2^<~; zZV?{qmDc$kG$TMwSbgqlXg(ZkK`)m-8QI4Lqo5^^TQa8RWQe@8t9V#MvTo;{d;PDNRq5yRx zqp*uEQSEVk>VE)-L50XSN`~RH!F~Nmq4lM}HAEZ08v&_RGOZRxZ5q_M!!36t&!)5c z8@lz{r2dEvR2K;{*ENXOq&9DwCO0W(JQK5u7ZxO>wvHo7;!cR1vdSnS*K%>Emh&0)Pq4NRM#&!>Ri7azr2D~@)Jb-Tg z=b7SVGh-tgd$TB}PlV@@jL1*^CLSuU!4`*T>)_8V-5qZoY-LqdwYPS* z_!PDdw)RxDYHt0tvlUDt`ZkyNG|xYcDFNKxldMp+25@y&7A9VEiiv6WZQWlBJbGj2 zkTePMwhqA7=g*%%Z-Hl3hGKY>WzFL_jqGL%ahY(WcvaNC1|GvS#H+CRG(1Mt(_Z1> zcw`yCFFkW&T4;buM2Fm!a7#pf{wP+L(&OV-hYyi=)LfxB*~dOWs*8=+aDD`vJ`?!Uov;imK+A9=RvFgic+ppGt)XEG|oj4kF~z!#$K1WOa-zI9s;2A3%kF1q}Kb_(--FSRH>RAm|#nwC|Um&B7Ui zZeD#2Ji05nBMYEmc;Vl^Wi)Q`To}h=ADY(KLye(_$Pil#U7a65nSTZR;Ip@i$c>(_ zp(TqksI9C2|TW`vDe+#uaCx8q{lTj_S*aU^%1#2Jd&rx3=81a2poRx zkl_H-jor@#ctm$R&sT%joqyz<$j&p|6dp7Rs?`Thxxqo^wXyjMcwGN#LBgYamGIg) zTlB;NdecE}nCC`p43E6#;CjHFn}p?<<5B9edoE9Wg&flvfH#nBik@fw+@iSKIsjWk z-*>lmwkXtF2jH{1vlUe{Vn2LV|JsRvPNMI3ck{^xySw?ne(%QdxK=Iz0o;2+fcPlO z@VGP=fB^12AwYZ-8IJ@JVq)iTwcC`$A4MY&I9t8TnIs+`$+GYm9z_cL|G{`%D|e3o zuKp&o^(=TEK=)kYS1%cel++(9m#g*gQlK_gE}5k9@YoLvv-(= z>v&8pPH^U+X^1z-J9}yPS3eu{lS<%m4Lvp5*8#rX?ADIy;V*_whQ|rE#x|-_e5~o3 z@&H<_4Nu*((BJXZH*^T<#`ZPG<5MCR13bQI4Dx4#cns4@KgCZF?MMres-?~l1-xP z?(5JakELE2v+w|FF|#9W#B%lf*o(QEiLSv2&4Bq@iQ-;?9@o5Dn7>!>eW(wE^Ni>) zHA1r#NAhcVn^92z{A&ZF@Ov)9Bu(x7DRFU4?VOUM7b}3mD&GZmvfeCKbLX|5O~%hq zWR#wg#peNh{NKhho~rkZUi)$<0Byb`TJO4ZqGV?fn?Prs6Ca5jAwhkGm$FMfx+oQ$}>yHDI_}*-NRXmQz zOAp^7-S2|1qn8ExNzVrJa>22Wi4HB(8LXNAn%x)DWe#o&2{^@`d5;|*S}bMrq3H8< zf(m1xz6u^~)6qmU`lI&8N*_qgM3Dt!hu13Zo5*6NFbS|t$F#?G5aJFtejED$y15Pc z)^|c>C=8mud3Dh!g@{K<1exAehf~ZX3QO6D$TdVa*i5`or z$=jkq`FRz36nI?eDV3zhI5JYOo=zG|Xs>#3LWR`%s!MugoM*a|uN$JkTo{zj$ z$HNC8T^54NusuMc13*jzrF7^8n&nGRWa+cXyw~%1Tv4?mj>pPdu2iwXLKO?}xT0#s zYI=M#)hopOGQ@{IF;W45&y3GycwAAn;_rpWiJJbLemPkU9;L@eFJa?&eABu2HYu;U zH6bl-@T=INJNhwM6YAmhSQFug3qCHc@g9|i^s%r~zkGb$2Ib5WJTljt3A7gG1E`3X z0Qz7$H1%O<+ljD6bPu|(9l*fyQ#^0go<*ZPf=7;qhG`=_PRO|jAbtk0Pq`t-B=d!2 zjeto2a*Wr;A$S{jT<%=)09XY95c8;z#Ep+Z-*k+`wtp2a$?_IP65s%g#yymZet4cd zka8T-rH3Xanyzz2Bi+vg?%zRRlIR8K*mkjl9G@HnDHl@w*yDkJhQGi8awtEQLM9x9 z4DOq15&YxKbc6gcfk!dNDxY+EQ5m$DpM4{Nr8lGUu;&5Pp^X3wAOMhjPg%EhMp+k+ zafNaXJie8}XG`$-l(KH?jItV!@#sVDg8wjwykJ`&zO{Hm<_8di^(A)rBX~TdtZU(} zUP6zY*S)P>{RZ~6jK}0ISc%8Cva8>~z7}|NZkc8im*NZLbv#%z6|{RsSif_I8;`$! z9FMx^UzV!f0Jz3^9q7pO&AzGA0|2o=PQPN{a8|^&jh!$|>Ax4C_P6wZhp}A0rO8Bp z*%>kynbZI|$b&vIb|`6@JRMtpuK)}>BQ$%*;|e^w*jr%x zd`K|GD1#LJ9yq*+1uHPlv4;#E3$pp0{{XuC`|3+)fLw{kMOx3_?OYf;JiQD;SL1PE zwbEFg4OmgEIH;T{hArZ*7JN^g-2=Qa#TjuxONtyRYr-xu9Tu7#Od=) zcGDs9C2^ojhM1?XX9*aBLr)R<(87b? zKeBvw2bm0X-ShzYQi4GfXBZS2oqwCz{uf<4WV`-s2k<3gVe$_4#hB87%Rt?jt2oD_ z=jw+%nciBd0Yu(C5sfX8Qvz?mb9ELrhrCzue0~7kM;GpSP%Po`DMzQEqQ|E60AdOo`Izx6$AcN2llX+`<) z;R7pl$stUJuP90*?tddiwum&CRJYKv?Rsd49AZw;4j{FJiv4misH!g z5$Ig>3WXaONJozEu>v5m2x1!>$YN7tA6bx2V1g7EdeATjc3M%6W8IGBRq3=mPMZaj8$ z?gnQ1GlBP_c1$RSO#+6d*;*_pt&1 zbY=nDbO2#V^&xXG;4>1dAC$6E6lrcg93c`_3}ae3L7s`n#G0i+nE_$422fbrjD3N}zGXTHK+v75FxF*h7*BhA_bVqp}rNh%LmX0AvmgtivxvlMjA z%p{x6e$ISwu@OKb3IL@h*%aj-l-lQN0a9oI2rKCwfX|;le_lR=rN!%ri*#o8v#i)0SYB!3G5b`a16>!!yxDln#yUvrH`8o7Do1y%|w(ZY15CKYaM5c+P5 zbJDG#ceWRO%B3v?C+urhB8{c^vMhl8A@WFCDr2{-hB6yMw4w|lITA_7HvxzF0Q~tE zBbyHt)rJ8MUH8zlF=r!nq*E;iNU2i7kAHA|KS0-obRf~8G{k}UiSDc5-vAJFZaU+; z=m)@}nhtCg2J>lm z20TQ7GTQ;|Ivx8q1#Htf0NL1&0NC*E0PGbC`9k=jPZ(rx53o>R7!kwZZ&ouF{$0dS z=O!1yOST*G0SK1l^@A5h@Rqhtt{Flu{9s z$N=3z+qDq0q0FD3);>K^L6M1GZi_>Nu!eqZoY#fOcv_FXMYfY!qWF1%)!v)ATn2`$ zRPe+3(llvB5vyW4KH`Pk>542w;|}nUjo5_+E0)L(3Y;0vo7_YS`KUd+M50<% zZrSwEXF7fC+2Szhh@HrmJ`)BO2T^;xm2e`}v1Rey7aTm8k~X95TWlXHiueg2s1E@> zRNIKIwKPa7MMd!l&3TMdIOdzmieKvqpZMSmmgWgUfyA9vW^{sEu{Pe z{%)}TKyl!H2J_WXJUWmqF-y+K$qC_#b*Ze;na-nbX{Ckl?5%Y#;PgX|h{`Fkfj%nLje~R3Au(tmSh{ zrBaIW0W{r#2dUtr>kAqf?4{MTswfr5_pmXhN3O*toF1YeN7NoEhk{g&JOoGdo4}GG z3#3aA2eo6Ot>YmZPdLM4P^5v_Fki0rVIKH`{+08`3|4aOkr(y3`DuwDQk*)B6yfhnQ~O@>w{ zhM~oUVj%=@M;P6D$l}||LDLwb2^dms-$6Pe1bQYjxzLp}g2mnCi%XRY_D{k2L%jh8 zm-x6JEP6m>Q#b<&iVYI$(WPSxB<&J*4o4niw2qE|KX!z46aFl8kBm)j3&AdOfKaxg zG2&VjJ*B3YS`^E=OPDNVnRyLi8i4}+a$tCn#W&iPN{XILkO8`B&brgChtqS(f+JD7 z;=90>$80acqu9bzV2?%8<I)bk%DpK>92z1SRbie|0=x#u`K9oD~W+loPlG17}&xy z+uMQ~Bs0G2;S~KS0T5GD<6n8uM+`es`l;CWl&AuQ6B5B@=z%(<0@?0*z`WhMN(z+C zJ7fUcBy?d7K<0BPhN&o-$m~PY;w+vrQOdk^Nazyq%tQ8D8~AW=03?u7YI=|Iwf|;J?Z1AY z`~M2NSJR);D%TCF$RA>EwqBTZLP`R08B9@gBxdV9ys+LYX|ja--6R*SSN++yuDol`GT6%z?J4QyqDT zsTio?Dfc3wj2QO;LB1cTb4*zBZYl9{l4f@U^etrwjGh^1*kQ(h)v!A z#9^9wqyftuA#Ph^<~Wwtp6)pVdWO7eOnbGVWA+iDT3XljP>SKFE7_nKjwm5fpg2Lr z5l(-hP#%EKs=~=9xWDA33PoG;c;nsO{CsQrBU`-ga=6%f(SM|vG&x{{tp%0bfUFHl zL)-{D1H=e}**3(51gHIOIuZ_z;^ieTSQ)=jqrx|kAC2OrpgOV80p|^cAtVb3B%oC3 z3@+zWmT#8%g)XOYX3>@TRktcKEJ)}3*b$uT_JNC6OtTNxV~Ne+06b7Ur&0<4&^24g zBh0oHeVdtN6#z!2V;l&3i~_{6NJkVPu*XSAo|ITjx-x8Gs4h%(NhScW(;pLli{%f4 zyCV69o6l?rJtL)KBe>dQBuZa2&g;NOo^3h;D~^P>bnFBZvWQq&QMP+2fNZ0mHX4^~ zStv1uztm+zIx(qeoNzpWuA1JXWDh=aJvI0}m(HctZL#Ls(P5E0pRqgOL(rAH(8MLa z^vjXy&_hcXa0%W0^UvU@NPqb2uaxc?U490UDG`Gyb3#~fXY+`;P+S}&d-Ko$dWI#r zHAUi?=-5T`4v!o$;lV)OA;HZ*Z>cEUnjdPGMtAN=$q&@g7Yv6x>`G+u_(H)E9uc(r zxaLDgjbB6yX90uztutLGw3jmC#hyd!Oi z$Z9r)AUyWwBDp9nZRJ=|-)@zPNY&$-%MjWc8G~AdJo_-w0H^sAW-5371-2?@VrXJAF$vTC0<(DG`iqn z4qp#!`Kso?<60Rz_jMO2cU^JPO)wHQy-QEQ*aK?1pr+MrMd4|1sQ&MbsT7Hb0g~uW zyeGNH5X?y1HU~qWnKu}bxdtU@X7QBz;GRZ7bx|J+*Cu~xh8{$wZ8`(0kMVy5b~JXh zUrBj_I3$Gg-A3u{|NDOzEzqJRiurfVt<9qKnp--bL7(;z@ga*Ph%cU2sy7a`#~Aqv9!JYE z%sh^o5Ia$oCC+H)0I$?e&P(5Fht*R3@~{}et|2bACV{nC=l1U{{)!9(ocE!{= z@u{#BO+%K$cdszYNrr0)A2l>x^dfp0NO8`g7b9q0B3eXsv9hX6(wzFf+l_#T`xz#J z(&nF7hqTFMJnkjgVJs|WtqudzdUtV$j{JIMhmk%`So7|DhqCV^eMxn%?$Qn;9EPsg z4@qxK8HsC6nZ%Je*P)EW^*W3rajrudiBHBM>CSg3Baz~8cQ>EFA=`^3ISZH$Jw>_n zV!CUA>8=v@r^-3!#{}!p7xv0O#wIgf2K_L1nLF;g&(bFa_fKh1S=?`QRAK&$QRfCm z#Q9lBrDy=?%-GpI8p!m?++g+C-`oSxBs|ZV?E4bA?FCuTdb3a<$qG=n-Z*U3kH3{_ zhezk77WeVU&(_u1r8xZ6~gZh|)Ets6p*hNk$VmhPl4pok1KN{BBWdDQ?^K%KC z$0AV7(5etHN(txy(9?^0qZ{5TN4l$&7bChp6`CjglKDF^RWHIhztYy(T?xN4z;ZtX ziQDJ-G)&##221&m_ve4;BN+^|(s}8yUP}9}^}J)Ks;cho?y~<^RWV>hprJ_!(0@@;}rc9xFMyzsd9A132)Z0S{t^2gY}PDxOkJ zx>eHZm5ZAAOi`NRj#&CW1=c+Cg;%>DhRCwhL*KTP7E80kc%_90QeTos$by4crf1=v zaAD6dMoHwi#nZ#uN$LFJByAhw68@dbEqLbl|F=e^asI4aVAcLtch$uH-_7Q-@B4of z&x&3DzGwc;A8G$X*G+i{8a7JX#&eFbV*lrJpFSn!|EGNZegALb`LM+8j2^y9wn+%| zW}xB>Sg17P5Q_5kd;G#&=J?^0OjPebvn^ajNX${ESSyx!!5QSalqG!)07(fz)*TAE zW@-R^G=(!dmKTd_`U}z48DcPean5`($Yax#S1Bn}JcHwnm`WG$%Q|yiU>}_kY?ub!^_HZ%+sV~kg}ocn$Cb^ghyi{NkA+N zF7Blmk2{rUAQnX`dERhOMoJX}#7s3_nDAzKPKU>Lf-qI2!t@S7BoFv{9MWx3)TF+& zptH(*Kcx1Q*d{5Lw#sa$0jQg{Yt29qGA81yixwUmfF-wBXHj@M3b7tZ@c$T_`Y6RP zllhRPAUH_(Q*@w|xHO^^A~|QV?nGpPVel{~HveR@had_9GK&V^{JV=J!LC zCM!-KD@w~GCXadgdPRYwOYE%*SXf4VV;_4av`A*ahfWC^$ZP|batX=docP|D0ZeuP z_IM;Li_Ks-e~M#V0vNiGWfoX911#5eIEIhGEe?Xmux*bW)1U2t3Bv#zwr<7b0sPDc zAoN$h1O(2&(ENv@{1T5o77+;~?gbTCK5-vp)7d==17+ICdpBJD@FVGex|vb4DVMk@ z$%*Va##p8QW%JpD{#VErKE3OIn|R)1q2FVn-(#Wwma)(xUiArK(9aqKJr@Ga{D7Zd6TJ8|06T|W4y!3G2>mcy! zeS7~qJ&FClmm0co!iD#{CtUS&oFg+}o4htfSMk;onr&j2%*`X&8-UU;KVeE(;2DFY%K zI|TX9cM4c3|8sNuKc9cU|J}&*z49NkRC-MojI1b}XzIv+m->IRC$azYDbIRl>)$%( z|785nUST))zW+DzJSP8x1ZMBnzklB+vHy2d(aNTHM#vvm09NgPwNRMb|LWfR{@=tC zEjKG2$@G1;?gyZcaqvg(0Q8{uzM=p9p2YqyqS z-_1PXO7nw0&rQyqdt#X$=?^@6T<}qf^9SzLNXFKqjrb>`N!+&!@;ZzM;HN)NFY1kN zmCL`x8w2`KM~;uY17PUc*GAR9<&)U|dwl=%Y*Np40k~@a=d(%uzmU(r@BfWFe5IMx zAH#1%_e|F(JiBC24i6w_f@j~b^UXuV#STFqgMWM*LdUSswn&E?`|)6ipn*K{ar*!o z#>cJmF-+BY|EUtUC~ob5txFHF=5B-fQFX@AxG4|ECn0=qXo}%HGia&o0{k@AkiqJn`b_^Edc%wRHM6 zD6_vP=kROK<^6g36W{+VeDE7jF=>1Yld`1A@JGg2vH!E#x%2<0Z1!FLZ{+##k4(>W zGCfF!ib9YNQbcugRP(bJUXnOeyd+JwPNY3`uks7 zV0#PvmNC#IOg)u_D)|2R_tGxBdkHx-)%{{TKL4X9nGJ0Az?P ziwDB;;P78{Y}?pLlc6F~3`F2$!gpJW!a(}zPtoyT3JVANCc;mD{psTX`QKu{Ngr=3 zirEMM00R%XVC%yNF!|}v*tdUeNngkE6M^4A0(;uUusW$jPEW{5fso7k+-h93?}HhBtpV*Xf9s~n}=M>)FI&!dGYaBa_-3Bo&W&= zB3-I2zH$d)`7Y6;1Py(xSm%lE;|91WwmbMGz-F+dK_@&8D5`bG`a4k5yJ;Id1J|JgupnL$}ktFfrcpv|$cJb{?^QhE5Y!pwa{{C$= z?jcsnWNpvkrLG6BjgV(F((-XVY#|Nx4|wq_ zo?K!17-1PKX^61LAX^wKUaXLD?-uESO1Tgj(Vb?9gr#VB?ZsW=S-t;rKkNp$YX7Ty zxrF>z^Xhy2??#?S{Qq>%APZdoUK`@~=Q*Fp_rL!f?tiQH|EGET&)(j<|KDbw1tyq4 zFNBuuKMToY*A|(XASe{SZkd%>&?#Dm0E6U?49ZtN7=J_vv#kQYR6YC*SS(_ zns(Z{uiut$YNf(%?e?s6)hrY{IsXox_^x(u<*TK$qvmz(D~`KVU1ip7zZzvADXU$yto=)0@?vs>LJ*^9x#Fc%Ikn-to;B-PWe9 zX4z_wMqahiI@WTn)1LWR?U?>lv&z>O$Hugi>r8sbL+dqcfv5%4^p~t2c0GjeO?}-s*R-*=fV<)h--qH=Xvr)@~bLpmmk4wuifQ zlgyCSI`8CLe&_gT?_4c3>!qo8<%@dzjNG(c_2RfzsH)|Pp4+e2X1?1xsi;@i80v1m)+mn}&edH*z4_8 zbm%s&a>lr2RkO9x@Q+S2Td3Zj9o3x5o!%TCooCDBW;F8P$yvE~T2rg7+VsXL*Dp@? z3r1-lH}5-ctz2vO+ILWI-yLbAyF$CHX~o;lUd=8{^<2Sf*v57BdN?wUYq{pgwa|5| z+%A65wx!ja)^)?d)7DA#3u?8n zanfntw98uS_AqPYvR^u-vwX)sbByb<+Pp2_^{$Ost?1wDw})!AG{je`TW{Hx)@&N5 zFxP6=Tg^h}w0wD^c1E31q1?E_g_^D3H`VM-`$Y5f*6`@&zFh9*h8?5i53B9zq}Djx zFPfa!Y0W~ZQmU1kmUgC%tmCVeR^~iX{UZ402+ijBX1%GF2F>!>S!+c3=Fz#<8nOP) zuiRR_X_fU-nevRIx>`GGHd{x=N#VTK+_yV+tBRVf-J4tOkE&WLc24&18z*OG?__^+ z(Q4hpvUY5=tZB1R*=-%)6nfW&UCR!#MZ0xZ&6V3%&7t4S9;uyH8Tahr^nB)5&hzDZ ztJ%pl?mM0Oapy~CG|XL`7>!2mX4X8}pTS(mxw2csX6fp#m#cMdTD5Agxxd?J-h8Rw zcJ_3~I{R{Obzr#zwfg>j z`_7Ge_T}bw*wHLJYuz5^tBqExI&gh-t6jHpT25DuYNvHnxVayB7bnI={k~&0udQ3d zI%+geu-CKw<95ltg(Wg;TSvQB*GGAD+xesA7`a}Fx@u|-?Y?#0yEp8{?NBw; zO1`ePtn=KyS2g{kdcO2UvsJI|Sa-eB-LzTv9j#PoUzvW%Xx`P)^`L;P)@?QC+SStj z4Q$_?Us>fdtyI>onrBBn)hb>!TNhWe{XgJwE8oeLcCW0%oPOp0VT{Tpqt(i_u3g;9 z*HmP?clv#8rZs)oxi@m~TAS3H`{yv*%Ic*uyg1pvGpw`SW}~F`a(73)Y)iekKGK@j z(Qc!8SGl>Z<%(9VQX6$@=-TzFZGX3SJ@gw^b8>ZmRk+HZ{b7v!z0P&VM5SG?nLoO( z-QE;x<-_c`s##i*sM?7;yJ}T-JEygweo~n>ZKHUVJ^a#X7Kq_!mew}vy_SLNjiW-x zF)pjuM!kAc-8I@Z4VDTg`faUds8;nVTQ1erjtg_O#gBl&C%|lt?r_Br_;7H4C(l#!ns~2cNZtd2p0Ww)aYEEXEmqM z>g0^<(RpiB@jA^RzOv6cH#u#ub#il8wC_xqcU!1g9(HUk-?EMx4QJT8Xb;oy)f&Ou&a8e~yKY!VZQagRdf66fI<;Hf!8v$5yzE$4YOlH9ZkV6HX!g+8 zOG7HZoOZKyRI^&8TFYuzn`d6TG}x`@vTf~lXtqx1|E$JMwldL9D!YxArQPIf=e7GQ zuT~lqV5w~PZneCT@3hgCYZ~VM=sZ^=7wyjJje2)oQ>WRhb~W2>Yj-uP*6y5?PqkLZ zZQZvn8ne%LEp+OHLxc5u>k`>#X4A52?RFunx3$xvT`r)LA#RR{s^tpf z-hJn~+OVqaww^Vz<$R-gHfi41>b-L7uGy~To6T&gZj$?IOW#HI)PwhidvQEcjaKWp zleNlM*H)=|UHQ^EZB^?hT2(*UZ?;QDu5;U|v_|`|dz5WE+VxGg zJh~a_h3avq);`syhGn#k<60JtK6|Z}k!zovRobUV_3D*-+iADF=BYN;8+JSQt#xW8w_b17{%D_;?oere ztmm>$arAj+G&<&u)w*hz_9y7NY_}|{{Y9NlzvK${`f2U_qFE~%Y6n(t&;F=hx6XsL z?cM9MPUGnQDp!V$vVNzRwRR(4^HIC<2~W!tcPW?r<)lN-BJtv5S& z7stll&FJj*%e^*2&Fth$-klalexWhC(>m8jnw~T6>&M2;mwagon?}`W5523L(Yb0` zH&<;#>)89Z)uw;aXw`;w$1<;OYr|%_If2>go!-8?ub;HY#mVr#etr0*meo29t9;RO zjB%$#Jk2hj-?TOICEKahuWN;leO9eDuL@Ob*t#g6-Siq~C-AzIt+(%P_43(Jw~Q~1 z#?_=&I{Sj!*&I5t_G$ySRJ}E1uGVSW1z)pjdyQP@rhQ#IyRkoeozmG^!z#^c&XIaiHlTh|of(cxYNMKW zb=}H0+S4yr&HY==vb^5y(RJNvooUzFxaSNn8+mQ2J43Z~qE*@_mB~fB)4oyn)u!X- z8m2#K-PUp!ty&3Mo!fRpE7jX>zItuB)sdfVP2Ih!-OARoR z(@F5Jp*2|d&>|}^K~_J->!PG|AjQ-D`WBfp2QPOrXq?wYO6*0}UyFpd>qAU@ zasa+={j&8tyI!X-E&%D>T=n>~rq9<8jj_W1lh5XJN&C;IcmJQwJn#OWlK!v;@RM*KVzT&MUlX+)u%(#LZDKv{|Y<=4UqDHWjYA_3m7=^-b^vf z(-(hjE&dh!_S@Vb>`Su`zJ8Uy`}O}a|I`|~^MefYTj2NKWuMc?X>@tF(KjFI>amvu z%#gpmPMdYUS?ol+tXtl9zk)3f^+{%kpg}T0rGrJ-ti_N9EUZIIo)YgE^pFn61OP^7p0<12S5;X2j~=8@pB}*VY}Q7Thy3<0o<&TgonJb!;6>mP`spn zwT$i9R6cx=u=w8`%(PEp`YlSDK#m;*4Pxv6~jD>Q(4V}_(; z+UuS9#}@HwG=N5TqaSG|mt>p~F4%%;+E_;Iz; z|NrODhxmW{`KqSQ3_dAHFcVN=pfdwSb1R)pDjr{03*9#`X9-h`ClzU}kr@V)eaq$1 zlJlDr5{PhYlMXzn8Ywf?u&ojcvEdYIs5@$XqzIc`h4y?Q)56Va$XY<<@$~ zhA*HB7F;m*_n4G(2#U~T(lNOB0Y@|tMVX*c4umnWUUH${7hR8asVQN}B8#YS^|kzp zQB+ADJvDqloRd$*zTK?GQ_~HI+uZjOe^6YYfwqg&n78U{Ft~62R=;-oZxTN3$^ZNK z$@7N)_p8DFdq3YdM*mZrQ*H0pfXRx}av3;?e0M_HdL^W;yWwIOzR&s9>3{uPOlhW; z)<|?$Tfjd1zZWlF)%|~-J{#w{OS~XYbyg5D1x)B&H#d*_teA z5|S0e%#@1EfTRKpxtO%LN`9vMqsYWRUO<9Z#4KY`28T-3$ zUKeSZ9vII^seY`Nykk;TE~7HAwHv2YFe|>ftEFsQ)PD3zC zD_o2cFoc;D_ojB9k+%#Id3}DCC#d8p2*se{y_)Z`lB;KByaNr83yYxlmCdVfcL#(- zn&J7}DA)v~CV5?+rJp8*qyNVQojyQFmu)uS$t?(l8Oj$4`z7xU6_I)vle(R-M1e?X zM9^pA5JM%zbWH^4eo2;;da!O4CW|~v=KLg2(7IsCou53z`VpQ2Hp>(j(&XPil58=i zB3Lp7fyx9N(Ugr5*aVNyBn}_u?z9Ib)R~uBsRTFwZUppRTc==$YIGGgsC|fJjPyJltB~EB4UszBC}bnX_Ej4fN zZNV%=?#t!_fhmYvmY@S6ricnb*R8`kpg;eB`4u;1VZF!79vT(tMb6%k5Q2ybkYu%F z!LpL=+@>4J>2^xjgeql@t0C1$`3-TJ5b_gU6JTlyLQ{~OwBat)7pp!(<~KPZ*4UxCz2nnlnTXY)GY2Al9+_p)7e_J^<3L^S4)sU zsDR`^5xk7_Ev3nQ{_Llgu+}y3O45Y4NwXY0y7|JYi;K^-Yc67CnvK$Y7MoJDl&a;_ zhGf}vbyL9=uh)hoi<{8a!h4t>7a|R|8Y|$Ddt%&dSgXIN{Pb+oA@v=Z$th2!AOshk z6zFfuHDOY31f(GU%%sxnB1_cw-*2&Z10FUG7wOp|-X&Em2A-*DlW6$6Q&FSxXS%I- zr%lb1+jdIE6^hl(P}P3Q1;!*pfv{DdwvlG6tbf}`_4cL3{l?d;|1puf?-UTeNB{Hu z`O}8}XR!a<(>LgUcGmyYPsaXKK&LqJg&n!31*#S{6hSqpYr3Fn={>50s!(|}LbXbR zPH4~x4LTwBW2a82c5)O%kt|EbiW4obm}>ejd&Ehuz}6UY>K(U%%VPH-VTvRGp+v-q z*c=f$Xg5%{-BhsWwQkw`1G&g>*fDL zxJ|iG^bV0=y7~X(r_by8-=98t`D)1jxR-C>|99s9ODAK0tp6LhJ;y<7Tz~$1gW)g0 ztnvDJ!9BA1qZ|$oi=UU{ldrz$iWWInio6b+ud&7TYDv{KvJ=-!zPd)Ink8Q)#@ixq zj<@FTU3E-8UM@!U)eMTgq_?$N8g!Fu7oYk1uuyhs{!v1Rup6^1eYaoRK-ltn;u?oM zkk_~vc=^xCBga-9l1xO8HCPUGTBwpakvs-+twGWp@HKfv2|BK6o=OWJXKw{U1 zSY%lq4iCOYwl0qeH9ks!etM1@mlN{3JW|2uBdpXcCXH~%ACl{0Z(kpp0m^s|crs^; zOgPEGaYZHA9vS+hp}9WNs6V>al*-n8JQ)o_;~+E+LL+{iLSuer`^^Zd*N*>ukwGr| z%H%S8xpc0>si|YHU4}~l0?d(dW$wzY+~OqAH<&(bTfBl9H$ne9n8%JIWDU`>w@oHG zo`^fF6h@{QdqaVC+HXz^0x()x5VS-;a7hl+GQVC&ni8vq_iM_Z|40k$wl z+wj@dww|q7rPn!_x^pBIwE?m?zx;}kPVm$M4fRpWG}lQexwKrCWvMXCbFBwmQsSPZ zrtO+_v4^r4*d62lw6*{1#KieDA^XTL>jIX31iT98v>!wS%Ysn1Lk7ta1`EnMQO?Ms5R)8nkPYAJ;s5 z_eB41Bg=!%CZ>2|%q=!HM*z(s^vu#-*jN|OBHD?_oNulAqn1NVfC6jKq5c@nKhCes-u^X!*j)^27vOD&bslp%wh z(ghG~CCP|J(b!&IBXjzjjcF7$JFtyv090xBgsiC0hv9@c;#Lf2dC?$4Zi9*i2%D6K z%sE%7V2NrHkoKKswo?H}YjJ7pd%EnZ>54onmQ!;kO9I@Ib3}-i!z;4-uG_99SyK7i z%qF!55skV1R18{Ti%>wb_l{8`8Et{P@2yy(XX~^Ch!jJ;OQm>`6qLxjYOUnbq9j+= z^qaE%RIP6=a5s^p_#G$XZc1yQ7j6cxhn3g>?>_49#lb#b4!*R0_H%!|`hN_xb~jJp zZvFqWCoi7X{eNG*d@<<%_wo(;|DE;!=45zP|K)oLwRxvJ%3?=@{`>O7`*W(6CuE`< zOmt^CCu#csOZlf74Xt*7hOGEcx&3AS_XdsAC6#c><1_*%U6@|ZbpffCY}(&Bm_$DH z-paps_2o9j1cN0po?NjQq@rhkrXJV~1z@!sEE^kUSWT=Y+k*B0CqwTG6aY1{V3 zBC}a7-J!wX3HjH*cYK1;V0j*25V*mtYS54m8uHCFC zmowFH$mxX91KR==2|(yAXcaAZgx`TWkmPL=h;^#|NZ6c=5}v?_JPN1;eNSr+La|$T zd`Lo$e1{TiRO)auf}v+jBIf? zb~bs6qsU>F&5lBDU~Q-;m>E-(eU3Z=i3C6|_o36$mpjlKLNiGq^Z_L)m2$;JSa!PR zV-tHYtaSZ&LdgH{%#mS@^@NKU_f-NA;xJ(RU&iCI8asbCnNbNL;R&H6;PH$lIk_+9 z;Wn5Ri3Kc}R3OZ2eEt%ROXLg!36+uu3?a_7v=(Z7?|#pfby0Czc1rZvw=gcSK9*`7 z0SUN($?fsv9S>;q0ZG9H;EQ$uCQc_!N>5L=)%CwHrs3pYxvc!}Yv=bu$e*k?*a{8= z5T3F`vwaFew3*Cv^vf(wIo@n$Jf{-J&A<{u6OIp7`55Gp^D~R}oo=R7-bjVPM97na zVg!wg$A@H=DSf!=(Na*GK+{ zV=7xq>bJCJL0Ehi<$?GV|ELz1!Z`!+peFRkm*KAA%+N_=Stny&1T z%!!F6B9&|Fo>Z2bKRcgd$Y~?O_XPgrKV3I3(>a{qKKrx(+I3#d9^KJnsrziO0VhdjF>=K=(oZnAjQq+ z=EUa~(g`7#9H%JFbPmdWA5?9lRxE1x@_yNMcM5{eHFqilO(%^NMb(VonY9VP2*vdo zc6jH4CQ?5)9}w$y1f@qP$8wyT#`u~z2dcSyy(;dZ(-v2m#I$H*E>HXRv<)-c@my7b z`b>Jkv|ZF)e98U1c>N7GvVHX`53e~GbFA7%_CFJyQ?uHX4$vB~*UFkPffkziE%>(DBk$yMX=Ae5z)Q)ifR+n<5>lxnW6qcxm!7(6iw3z zrC;6-64~U8kbK@70+*wyP=Ogl9!P^Uy*HLDHNu8wM)^F~5B`-#EX=zw``|1&)Dout z=dETDr15OyAm4L^zuakhX6OwkXDZ|7Nequr7&7LQI5Q$ijtC~n8HQ@Gvp`j?>Bw~9 zUaz&(2XU&_t$o6aY+#Q3XddfRKd7#v4_fRKbD;BnGhnlInBpM`_3D z+Zg9vZ_eiP#bq(ySnnrKi9=b(OSng@>W1ozSV5EqH54nRsort_(u4^Y{of>|OrQ^d zWXU3eN}1)R%iZW6m?Rp%w=~kEP#?sEKx7CbpEoG^Az3ZCG<44B7MLWX8(5DH8@qIL zmW&FIhRVLo=_^m7H5p;qXj|gH%Wc~ibmi*ZW&Ii@XUYi8%De%ga>hEv%(z;TYZXbG zDb4!Es7PLKrR$B-Wa`51wC8GiRq%SN}Z|^Zn?$q8Y#HTl~-fgXgW0GK~LZhge>`FZbW%{5@ z-&mR6b+`DG=--F}eaAE3{&46&@}ONmj!q;O*#BrywPGgNVY$x7(Z`V)Cg-%=&$iPQxcA$TBa>5o zw;ia>Ky3zU^Es$ZyP=CQEPLR=51P7Qm5Q+opIL9~ZLM7}rskh$aKq<~ClK$9u+arj z+2j-}z?SMAnm=;OK>NN_8XW~X!v~=&9?s;u@80Sv8^3^52dM*R;vpI9!?9uwMW_E^ zrDAs3Ip=CsW-m2%NJ?{+7r_pcj2IsNVrEQ%UlXk)x_ewHB4b8DGXV{78A zd68Ryv{pGSF16DojUq@E+acE?U_kA?q82CIt<+conKL1seNd!937tmhZIZ<#rs4)2 zv;!Vnax?k`1Rs@6I?LDALQfbi#w_kfByeR7i=;oAOH>_5au#EtlSCC->heJ7B0h`2 zy?Ud=5|u`QdBkI;lyd;JZiNQ46+Wa!(OUC2E8YFIzB>XHq3s)5+g=++ZCwJ{qF{7+ z_4?|qoxHtaq zlUn}&r_Z0gd^Y(1?Bg5!e|Gl&={gzv3kX)oly5B*p18pNiVY{0j+q&9m%Fz3Yu;l} zF+b!UKNmk#gY(Pa{4zMd6gq(}=a-IS=Zh~~QgFF8WmQ*u++js%pfcp6msFC(yj57O ziCWU65sP@EXu?Ajs>=5ztyhOozhCXQ1^;i4?DnZZ`uP86uj=uCpFe%_YT*C(@eTa{ zJ@EgHlkp|ke``mRuOf$RV3zh3@7;*0#$?idBEhyQ=^vL65I>G6~2L;SD3d;|Z#Gyh*c8T(`S z-|jhJH5wpe?!e7PM1JK5Zn4C^*bdS zFVU$z_|5$>IFB;9oZ`)P zOQY#*tzatIFAX65ep9s`6l>1V-*_R?puKh*Iz1T{z5;WwuUahj-{XHSRspS^s8{I|3Gm!FJ#3;~U!+3?MVkIvmKI)g6j_N8Q8N`-Wx}MSL~Q(uJU5w};f|HK|9u&NUr+vn4zk|K;lHoa8}TY{*i+ zA|FR)1ePp5j`YuXsM3m92tBfk3xwZ-5G-s?sv7Hc zj#`&P+lfAk$(mgI`nom&0_(OYB<5ijLA&#K8_1f@Pjf22`BVcYf{dx@OaQ%UxgI?` zuUoGg(@%Q8*sGy4WRySZsO}^+UZsvRxkFF)(Ss5_A@BShq=I>~UUWr}9Xs0LDP6Kf zTRh$#Wo|Fm(URoZr1GD#Fap%F@=Q&eJHw9$*Fkk}Od~c2-Q7-oDcX2Z@Xp(gxf|@f zc`&+8Kp-GAIW#(=-uak9_>^)9UKXA-g6QI0KM3>hJ7#h-{WFuwCdgDo(zSFnMzO>M ze@XJdILu~bq|r)OjH!@I8WAd+HysgdvD9r>_nV>7!(aDu*j?8a$saxjB;E;$`pDA7 z_JQ$YP)i;T$iEZvxnK*nL2&8;iQ7LvZj|i)ESYo1&r2eC3 z=MNb0a(9_)MxEaD5vIJDt!pXaA8&D|*tj6xH{4GAutmam3PhUHCg0pUnkNhVE}XxK zD>r57?eoof+M?0RZ5rM3b# z2X_iS|4+#iJCJ{#n}-(Pc-+Rr621c#_`&=<7M){zb);#;0;K0h8f+7|+Xna!XyU?q z+gNOfLlUtYz<5gqLMOhASiKfBSf%J_!;SIU0c15)mB$=vz^v?x2|2YBzta22X6(^> z$?g?>#LGK0kJ<=P`;EWxvNZSIj*~QvLl-%6&LU``J9foDOvukRI3gD$qGAEnv%*|z z`ciVj84#OEfF%)2aG9$?)V-kh69D~bpu0`78fZWoWW!8)XPxq}mhXdB_NbR7 ziN#rbLSFpg5A79LVk$g;@?-}EkUtXqxcwFx*Ko6q3MXdC8Q!SmcthpRc6M-gdPu7* z=bt!_oWx>YrOm~LdzU6;$)k`^tOhhOs(0V!{TwfJUL-Gh(^S+uj#XTnAn{wE*)&_g zr>)y`=*U~(+gYV|1CY|FMcv$)hs%xT7ZH4?$XR)A-!c_^)=rDN+Ig2hYE6=|!vT1m zTmI-C|15Zx%GWNDO*sKiv)Y85k(-3C4lxO11fQBm!YhYw&TrM3s4^S{q^0oONm=eK zz&)wV#%8UuxgUk}a7>+vcslUt(jp7;XwDKEMeG0fI5)DOE{hBTfjpi7jK3OZkz#2C zXhI`%I1h>BdF=3*3vdWGKEx|H2rU<=OnA=;xdgC5pkpd-q}2{M)1`z2XrqYx3kAUI z37W9*WU}Cm3@hgAQW1486XM_6{Fs@S65&wa20X#kRRKrSr!-FlZF7NPZ_6yE$yfjl zQD{ZB#3+(b`JLybMjN`;CGKPo{4=gC{Tm)rmi%P0{$NDuTM$}Wbuuj49opnTx>xiK zk7+7Nh)pGVq?a65TrXrEF5Jk&PKjeq{bMwd&`=dy#7wb~7tK#UI1Q&W8qp+ZTK0E7 zEO36qc1mH`#b@^NdOj`CMvawfCDbyP``1ZFwX;)>&4r&8V!9$u7+|Njm@@5SzG(; z$?+C@rrpo;*^|1qK>zl%<+o=ozrAYt?LRg?x4291W}y46Y$1(^;ZW5v;v=@-AST-H zj|F`GTciW~tqP@Y5cwU5i1{t_c}RSX1{q)0bU4Rbw-d&IxF+IEK)j7PF#$?n8m*FQ zXKJ%7?lNud(W`=(>S3++cx%Dh0NtLn)h}AV`1Gmu_XSn3qU$lVWS22DtP$vVPFa+R zHub?6VPaZT8$b7qBVe9M2*<`%qo)(|h%?sAo!kyR9mHrm1^;$|3kZ=*8uHcVQiK2P zpuz0gs;E~hJOK5X%_P(;Pd?;UDc8>6*U{f%M4!dUPld$^Qv@)xeEYT6wzvE8Y2V*H zwmZ#eTZv4ApCo#|&x?IF2aXs8utk2PF3qXDg%e7Pxk5?>&nn4~h zOs3|=_}qe`8JT=}b0hqT+YS?xgxn-wHF=e(0P=BEAnD^sb8sI=Dv}>Z=v(gG%2%sZ zV{uGAX9yR_`v*5iCaTDh;wcN{kuaCS> zN^-Dun|i3I7ShQx>JkG|w_Mr~!VRY5+Qw5QwH{nYXuq1|ZZlSW=cu=PcS>M7UEsU$7!S zXCJV131TWUrZ$cn)a$z0#2^IWavEgf_Hz!R<=oHMeM~=TmVL{|=;KK}ZYuuRj5%_9 zJZX8jKAvp+bRDzgtA;NX?3OB+-oSdht)0i02_m4vL{b*KF&V#HzvbaI)u%2R9!oq* zoz`6G3EOa-Z%f!6zQ)%t{|nq)yIcSE%l|K49oOamSI2|>?_Rz^{@-2xubqrN>Hy5h z?Y6(w!lo{u3Uyr{P$|7noj?UDpI)E}+n^g5bOVEKU_;$N<$P_RA83*g|4Ac*u>Z9Q z`>pPET~GQn2tdlI;y2JPwD&--$BZHf6c5NkKm#eGu>3?5- zct8DXU5cz#@Ry!ne7O3s`vjI;s-5!1+52&~WOH&!1%y+X(!^zr_V?jSJf|;en6hws z{PaI&Z0ioZ#tWffEic>cN`Z(imP#r}8zsN6^rjKldrUNu4f%$FbqJ9(PNNpFx-$Yi z-bsFR_^eB8O#JN|3YvsXB|~33FaEbS6`%`W(7^jrX|=!8n~hTW>05uP|2$t^{!ax* zX7>)^ei~no{D1uP)r+e9fBgLAi&umEzmIP(^7}rdal3Il#PD)NTolPpd6dQOuD&FHhqE2X1Tn1Vre0U_ap!M_nnCDmp(k-z~`a=g~sh3 zZh}7g|K!Qb8vTFy>cz8x{_o@a*64q+ardc^wWRViAH0odmOyJKpFz3#KuCvg51)tr z3%F%^FWrkA&`1AYJUy<{|L4!14D^2=-?v8p-NwB~Ilu_Sc|toU4HV3AuQ(uJUXcUl zn>M?xG`sC@hS$L)T~b*F*2KyF70MnLb~W3s(|o1dFH=!89j;RUSEv7Z*rj{a0QK_! zPwV{ui{n>A{O7%V-wgdP;)Q*QFl-e9Re)mX!;%a2z8GLkL{y_$c?+M#MH@M?3$ux` z`5Px?L8=P9B*b#~~B#1p-oTOZ5G{VgkO)w?qA+ ze4uy57(OXM$5brj2^o)F(x{hDo=Dsx?&7N4+YgC=2&jZHUic^O&mHjt!Hq;ay22Jw z?tn1c8pbhYiJ~k4A>Eysml-@6(>{AY=4E={+21T!V|!PRSrQ1$%luW}sU`Z4_H)Sk zt?&01=%N45pFOYh|Id$K4F2DH`SL|S(Z`3JUc4bc(S$B==RO#dTWT`pA=@q|CbUQB z`1TWWDu61`?KHDnwFA5~W_=}-zqjE6$fcse4GBy`V+*SX#CYzf7jF*a_oD|*`=Q(p zBxh-@Y2FDL>GL%z`1?_H7Nh1gZUD`O>>PdsNOzdQjcs-yO}1AwO4YQ2FiEn+iZ~G7 z`*cvGSWVgdgpA6o@||gj3;71ph_5j%yk|W_3NcSEK^2HFjR=+G4Hil)tfIu$X-5f0 z?9bbNPaa)Bz~dN_FrVq;yJDj>vrCinPF7b~KpL@tp7Jay&F#YcO5D%YS^b5t^fp|( z#<@*u`#eRK)F=0>G%&mS)DQ+bQ|WBDjM9Fde)PrTG{lCjxCu4LRBte(KKx+sP4SJ4N#lY3?iO|r+GxTD}Dn> zc^m6uQj`;{(6`)JNzX9Ut1V!`^dTeEoqChsyahjZ*%K}6Qf!IJnttc-^rgA1;Tyi; W8@{ja`@aAH0RR7a8tbS4NCf~rgYPl` diff --git a/assets/artifactory-ha/artifactory-ha-3.0.1400.tgz b/assets/artifactory-ha/artifactory-ha-3.0.1400.tgz deleted file mode 100755 index bedccb9f655a2ba5c692909248ba2c07d3f16735..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 146674 zcmV)HK)t^oiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMZ{cH=gZFg}0lDG=E^c4wNDZ1*LjzU-&A-5pO~?4RXMCTBA1 zfk;R~ncANPfGEQx8i3244vgdU=TrBIyVvm%^C*tFeDyKHmxwYL zfKwC`h6NPx9!7AAC}2q(6UuQk1uzIe2tN@DV(4AKsdzUbG=!Wz>;N!MaNq+@NWcJ$ ze6W867@`8Q+nEu8<&5)~4SKz+t1I`@go^%tIh{WC~JvXC?} zh|5Z{de0N9hxJ0pIHEnq;W$9O!U_w>l;qxt7j7I)I~QnvMX1jP9mgKPjsqn0jstvj zNn+LsA&xl25u&mz3Ly>#0EU>)F8)v2kq!WQGQMBa8x6QC5HXC!$$t6!_4G z6@}G@tRRJ2_?NtjIONeY9dRs*SR#Lx##xXok#tC=WDOgyL<}Nc?p9Au{Cc1jr@P- z@uR)Hog)9=d-C+2|9^>R100|UOaczn)C&$;SbJ_~1Dwq;1DF8_ej2`i=O{MIkq;&~ zK%&4abOk8_S2Gj=Zw4dDjWx&_qR0h5kp!?ANdg~SMC1xw%^(MJk^oW9CpemZ)7bz+ z&qIs>K0~JV73MSW`7>~TP_%i0<}ORd7ibP{ZaSR}uusB}L>(MqzE3n`JPP4duruOa zAnF=Ufk_VrF^-$kOAp@}WxvM$Mk>4GF z?)NAN&kGAkAgY8Yy~Tl>o9;u*?rTBx6J)#1ZSJ zeNPc`4VD7@&EIdf#6Y|zx&1Ltf#V)`-1W*CO3`|jkC={zcVS=y(;7Jk$@;gVNph;wQ^9}&EYzaQ! zi1jq3h{+K|kr0mj0hqvmiAtL8UqSBzMZOy3w2laA?z*BF510czA<1+F z_FY*-7IqDUe1({j>$x)~{@h{spQ2u0R0`l21sN`!!pQ`Cj^tJVU2{Yu7*u@1QTmAo zW;g^v%C!!{gmExNAcRo@gJ7;l)CV|{^D5?$#n4kkB3Fv2_(4l_ka7oI!!Qnz!viME zn32~%4#gsVrv_ZV0szKwNg9>JnbNXoLrxC> z7KNv8H^9fpBVmZt!h-@|K%!u7LzQesQZ@<0Boh1$sjV+2j0>Q@1YjFate>u49%iXN z&@-jFo0Ze^QRweRRgX99K9?X^o!gMz6FZAN-IYx=G*dUcl64+H4#$uo;E`y8rwLW7 zQhfTzkR;M8h`EqO9DfYN_AiR6{oe&6Bu87a7x4$Xz;Q=ZculAQtr?2|xoz|RK0ZopqT38{u|r@X5SxZPC)qpJbtvd+YwEOX;L2|;-i$H%@P+( zHo|ceU>)1R6%GQ4hd8A1j;Ujd>psPoYQ7ZKqCFwX2%Hld zJOlxPmq>0+a$gXW4Nw?!L52wp@-?sI`6R#>$nIh$a0sYsCp5gqjE_H7fMUHA9tsId zd|~D!BidsMRZ}S6_)H**t}&D1``c7H&@D2%Nq;O*@=?Sw447<8!78+{2( zR&|&9%(2#IN)#7JkcmHbL?!(;hx#%wOhx_04E<7Q(4gDt1Y|l@eaLacjN6q@edC19 z$K={#dhXtiyCV)w7P)n-#s``Dthn`WfDc5H0_0#kPY-NYNX~es+!SOpMO6=F^0{vlM z3evI@<{)DZ1wcU^Dkfi;r`k2=}+h1AHP5BA@22ZMdkTMKsk7IlD<5SMuMv) zak@#_{7r6l$1#d>8{T)K|D1##*b;vjK)W zY(k~&$gilFek#`r5r=|BRMbj8m1`*#NJSm}p|%F65KZuf^}$DUJeR-ai+5^fZCXgh z)@p1MMy3Qd{1a~H=UA_*TMk3?cq z+Iy01;)h~e0x?C7WY1FhA%t`sWpKffIN7I~ebKU3gM+^uyxP|X06C}c=c8YO-g`(f zJQ(+mDf9v(62ufqX1}jm7=Uhg;bRJ%81zWY%W_ul64G8JPwlB$?ge=K40!%+>VrT2 z5nKrw(K)^im|i$%zXVPy3pk(PC3GIUJMN<$_Ybl592#nAx#YW6^VW>7^P zhIkUEbgZOn(6y{aW$O^Qxye^Ju_S1_s=b}cf^H^j+dwq&S_&=)Y_Zu^?ziLRe{+&} zIrEm?nx)lnLm{o5Kt2OEH$9_zwR@k!y(B>rqW98lkV7T~QQyD17Q43AP7S?k#;oM} zxnG7j;DjT(JZ;>Q#cz%*N|Vk?+pyj<&t`%fkV`C%8M+7JsKEdf3XKm z_1TPEF+h_@DofHf0c3y@!ofE7LH|KYPFhB2q9~2O6JW+2#J#UfRYn*V&7f;;O(;#G zA^XS>9e{rJcEY4t)OxoPU9uVIDOW9~|8=b@Uz+n&!Y|`j0m7^hS;YR#lCgr5);3>r z)?+i)MQJQ2T*dFgETyGjU3w_93bYFsiVsTWF#mMc52j`8ndY@t$B zyslL>>xH&8DYQbM*$*HNvvY+}nQhqEtKaJ6{GRy8GW~TO zjlVRj=s!83aEhevOd5(;>i{Pbe-v>{EkkrgXTESxa>`=x{ZKA{Oyy3MMEI8kY3mWV zKyw!y7FAFY@sTpTOHIGDCBV?G^o?rfCz1dUMybOEAd%L*i8@|-gds7C7z+RuXC`Nc zuEE}JSAjTzi~%f77c&%us`i%SNG}hI?W(rlqWO!>&+mt$v%}N#w}(I7Z0Y_6(usiM zOBBo>N+X59OKOJYu`SiAYNLp328yl#4+a79b>|%MW;{1WAWY@ab@jZ&j#cKH;9@>&DhJ4;BCK8gb}4^hOwDM8Jg*~Bg7`EddD1JtEpsqq ziZc!|f~84AKqgBXZ@S7YPkuC=)`Rqdu2jFG4AFHD0s_41ev2&6`3@Ho| zM|5YPCVHpx>#qK~+koS4J(9bwYC4bSuUS*llq*@4J!oK83mKZYk0wgN|4{nwXlfQk z7zvQn!YTW2L^z;GnI)tHjpTqNGDWriP5*jFrp9p40l-quSLvq|BGR=^*|FqeGUj7r zu}rsAV`@?r5{9T=Y$H^Aoj`OsNQ7A1^D&D9IPd-C_381Oo)FR5pJ3$wNjWTT$QLm3 z)lcUXNoyF6rhJC9lkQM7EXq;!5lKg>5NqWdj-}A})a|={cSpHQB&qX8SC;H*drD@- zHAZ6fx0p<^L@Rc@0DCA>ZiD*I)X1iP3nqXSPtkAWTEr2E1BfFajw-IS$RR9wm}E(M zbPae-ElhDO?Gj?Zr!5{$K*7#oSH?_s5%~|rCMd~htc4Ba1ISXfMV0BU09U#V1O$rn zCFJ6KC3Tu^Y3Q`yr5-`UFvlo$s59P}8c9)5@hate=T=RCw%n%Tx#n>eit3ZA>=f>G z7)XT80kQaA3`>ek1{Fuz)mEBF4WsB-=Yj%1gwb4j>SSO-7#H^wrEjU8Sk{j-z@+^k>3Uc5@VtPsF8iAu{SJzQgA+zR_r)PrZ{4HogYU? zdr(TguRd-mORy{>>YT{8#ccpmZ-y_CLjpf_a$x48ysPAR0fLbHter|pK zoI2TpZa8)IwIfLPyZ(1O z-8OaK5C3|8_WkMM@L*H`v8#Lrt0C;~AC5*1l^-|MwOT*?>)Gk>eE;~v>!UXX2#eZY zrD|H|!=Y%uvD(3_^ONJ_ce0Pe{j;MV4hzM1isNI~I68P&E}t*{{-^WN;r{92+4xF~uRIb0cr)8&Fd2^p%#G%^64GPcRJB76t&DL5h6i zaubm06i3s{W!w@)(|4BWS)&2XYJr;@+i&MDx-aT1pmm-Hc2(`%-~|{(+zsKi>t$X; zFYNYILB;>vlrOoN*HG5>=g*E3HY(M%YSi3xoYQJ0+}J$wT#rz6LP#*e|3nfY`$fJ@ zJOS=?n1}e+kcmpU*P^W0)hjAr7b;(?%GWI_e+sWt$NF5KJQBJriQG`$L>9bEl%*&n z9JMUw3Q0`%UbG?&>aCk_X^3xCpRpjV%2-g{bLl3VgDEChwyiEt%MxNW3RpZ2tZJKu z(G3_{0#qv56fPfT@=Xzb-R!}H&rrnG6^i!bV^@2TdM~u8sMeH_0n-6i?_T3z84S#! zEDy@O%>%0*;r1QOTl`KAX#|17+T)VF@vtzOvMcst3`FYsc?}&JP8d3 zp!>-mdjsnZMNi(yJXO&NTycg0H#d$|z+#S8!^SB}ud!Zrsq#GsZLm_0pl`kV>W(X4 zbwKFU26G@^XC28-?2DQ;H#4keKYuRKg&Hy&n3(}re9GZ$P^>JiPYZTqxv4GqPp30W zXyqP~x`?LpTwN-44=vM!*rRL6sJf+CSrxN6O5IfJw&l9IwTomyAIcbH?yvPY)YUIw zv2d+byA{_on@)VWPS%3$jSQ+hl0m^Mxu&sJG6^X9GPeb0RZ6K<^60_J1Etvh-H*`{ zB3t9|)WE42nKCUG`dZ7EyA1y&s@9YZZO#tPNq>{44pwNy!5 z%N31p?#h&A0JNdC1|~#N9Ei=Il=x`&#o$zS+*MGvJ0Qr-6i`vb7k-;?(<5Djr8ombyb=%EutG4V48*nTI~ z6=yov^!N!W(&j#StwL#!C(_d-^5#Z`9NAV;Cn?^nN$ z^Mj$^vP3Q`8%jssg47+mvu^zP3-qGJb7{i6UC1vb&TE)#t-e{sUfaUux62OP!vqNoK zm*y5cjR-~Bw5LgXi~@3{^o=3BKp=@Lp(!k0Wncap>KG*hg>MM2_n|jKBYmYee>uz( zpH7rVAeB;;e4|EQ-&!(!E=s~NqQ{eT_N$jx9i|4n>vXHCb-NG2)eL(x;A5uLw*EYVA@-E-Bf}&z#xeyjiHr~J zwq?3}AY^gfRFnk4LlBWtbJ9=_aM~jvYCHtqjF9v?urYn7sap@omyjiEPAz@njP58V1GdfRnvc;W9lR+aQ&Cc(m=f0& zbJ$+~mvfoD_-8_qGY-hOlgUgsuneh1h8^@8?`n0Asl}9j%faAPee7>?<5^anm9M`yq zjHJ3&`iYfA*Q|B3oE>nW*H+OaDD8X?rCrU$OA$p5hG#>$5x*Mlzx{Y(;rv_?lyM+> z(S6i?Y02u(y&1%j{YJjk^G5;pUvwq&awe=R$-w&k5|kg=nauJj%c>wKkNY z@^LgZ4W_?aG-%3#6k>IYWrSIAyuU|#QK@pg|LNj=Y34KXP68WcOjHBnh z+=pTZPQKg~ZKb~!59M!h<@S27302p=bL)0n z%C8R|rtwGQaVlkqLhw!_$<@x|GHbpx(6Wo7F+rzk%XJ{1_j2WHCL=!=IZpDtr}i9s z+stc(OPkW}8aJiZ+l%7`3FC+s7fAZPj(6r4j7JG$A5>VdkzT~jODBbsUmw+g8rP78 zQM!6sa5Rg(i21HwdO7$3iZF`!I~-yzR%`BeU8N95qZm^3F_zA2^iW>2BUAvW{nmaj zv`BuLo$t9mx8$KI6O{p^f7Qd#ku~PhPvAxOpCm%8tNaUIbmdw4VH1q|4fZZJSSbn$ z=It{8eP8J`a_6LU$nr5m@*?8%Wyq|V*-Dn;OqjD%&sAkDK|n7hzR!E|@8x=Hj^c{u zR_SIX{g-EVhP(@1vh1F?-GXT;-P5#$et0V46Rr7tf|| zS{H~>9EGuX-{WEYyk~wb+rL%}t9Da8@?YwrUO*DxRLEMckb6wf_co)WfNNE;Yii2% zkb)_~mv;z`qoCEEmTw@fDqF|^6`L3*-i5lexO^K~UD=2Qs@Mva0Y~`?{V+9U3n`e= zdP_r^F5f~{S23pyREbm|pDhnx`&~Wn$?DbPFV$3R)frH=tvS%(ZZ8`zBMPU+sG<}+ z{BZN@XlHDql$^kK+3ziVnC|R`- zmTC;hrlp)Pv_Q&gDLB=dte;afH3Osm)ZAoR8i=x>+FtfdrM6~4EGNsi5YIE}$|sko z=x4rwY#?1X*88^eq*}cQ*+^c88etzDMjoBZG?;JE{HSWIn~G-`HI`Z$KY2Y<&uaxf z>E~Sg+1sVt+ZX7P_ryol4QAhSEn2UaStq5UkQLPg8f1z&QSpy$1sk7Yy( zcXOIyOMlQMfLAWhgrO6P7@kHrn#vK&y^+J0FH^E5;Ate&)g4~Pm>TC<399;&gjrLo zX5Qs#{WT>KKah!{G)pM)u8LwA6;ys*j{Y(bZ_)e&Vp_QjD@rL|T3OphEGxe%UMDJ* z-&<6*k5m<_8XxQHVmzv(>UMqy>4gEX@=3Jj7`nDIXzPRLSFzB1F%!eBPnVfA_4Ut@ zU+fThZwa`!1bjV9z{>39UQ@A>rXt7WZe>M~N7cp0la?;;3K}H=s*#$^r}n5>z@GQg z>g7q4F*D2JaK(p0w`v68ii+)VF4fh#plnm5$W2k_YCn$wRm%r-!odCmDX>e zOK*pj&PL)3comRwcA05C=cKI7)C7NjZj$Gwijld+IjSC7#h3eY*8MrFax{xWr)fJ& z+E~FTMmhkqx!Egcq1iY4U*q^ud;3Wi%w4tEX})^#1~_Lkz4 zB}}2`ktAv_U<#08vA9-6xgc#oHH{br?6Per{chSsNmIM*i8F=Y&SxzRFT4C8<*F*a zl>@ehLr~h*QU{@>WHb3@V*|V<6g0|X_Pu;jC%e*UqD<(N9wD3q7%(DZ-(;x^ie21?6j{UGS0{q2w`L*+0+jO zCo1-c3$}Imd+-A6Jjfc?q0vu%*k{T}l7>2YFW~DqBix&r0PH#!*dP6^}q?_>swP z3=QK*QH2L(>NgV>Ni>yFW+cO!&_L$!kdeOJj)fvpu+!{1x#&u|T*WQpED%>k=4oI> zi7Af%PFiAP1B}ve{}6aH9QalyZ8BLlmtP9mH{l7FO`MiX8ZV$^k8Oh20GDAGm449-$$OHR3}SAn)XA*K?Wm(76i&_!+G5B*&QPT3=gs~JP|7@3h(QI^75?okb(owO8K*y{m}N;w zNEFNsubg_ZKI#mWWVLYl>o_|)WeJQxG3`)HQ7kDNM*#YlF!E#&ojBn-VVBgqY*Q2m z&_m`OM-hJ@s)*n6jKJ(BDVk(CWu}4XVMeugsq7OQITKY`~lKj2;Lt4B;WoV{il9j zy!bhiuMR&PR1~XdMMYRYMeaRnDE(oLa``i z$Uy^U`Wk_x3(_N^=x$H^zXA>?7bq$MQdKk<7-J?u$)a_r7!msX`f>ly=N_W`JfVRN z^y=!W2vMVUxziIBSp8@$1C)|6;l0ZpS3KPu#58`sKHdyc0Xh%E@LFTr$S-{rZ7fah zr??Q%xd_CQ85sseG0&NLDIYcJezUMLMY?&TLKqf6WcRMRx%Skx5G%`7JNBE8GNzqn z4FdT?Q+^m0qp!?3gNjkHdjzjouDf3RUf&>F<)1bveM?=$%AYc~t--Prp9*GK+}8K-0s)p# z1V(${A7;q^Ay10`P;>eZb%Oc^j1Wq9BcFK8g;&glA^aza>N_8Qyi_uJE0 zK4M|2pfLk$Das13(xh(X+03bp7I7-Q=c-~+k@?8CDvsj5Iwc&P*qvi4)T0pUu4b4c zmD)^=rX2y$q$%7^7@8yjz!MYR)O?cT@!}nU{wo*=PD0bLkSca1W-5!J$)0v}0``v% zPL+)_J7HH&sS zwjqd_Gb5vsaKVXAbtER<&WR*IeM*xInbB5hW@Q44hJe-Oc-0X2Na^}~a1>3cz@LnT zfGl;9r)jWpvtl~s2;>zfF|0tPk$WwcFe6eP(xg*OJgQ3OF>uIJ7;nM@FsfHKso0N{LK=Jd7)&f(G>9S< zvDC+63S}7KG2&MUso{yOr6L0e7naM$2H2O!W^6(tV+tr@l9#Ed>}mmYS0;B%lz?Ua;Zit-852x@;YRq z2h*R}k~pgzA%%WC}@Koh2#91e7%#he(~xbb2IZ`xz%V z;8G4pOyx6@Wj+ZGAllP8;<>DExG2`y*K76$A&(LvYx7L@RbfYU!XRsJ&~I$wekQgL zuEY38By!~D@z8+o7Iu)Xy=6p%%N@uqZ&LqqyHu7lZes%+%IODZ??zxe7bhNZ=2PiW zc)$RPIGuxS>9Jta{>zm7;tw%3sqxRG?^TKX=P*=ZbM-kRX9&Eyx^krjP%2$TjUW+Q zP|wFK4&c1^m)EDqZ+h=x1O+mGI(s+z(>@Z!t%hU6d^vkJvfpE7; z;4iN!nS!B2SSMNWxUuhB0KqWfGa`Gty+3@QGKAx)>aQ3v&uUze#&|BZ7Sj7kAIi9H z?<9bHLTH#fe@V>;idaHT5_7p%5?|^gruzf? zjGdZVH2?QtB)zy)j{TxNc$_*!Nsl9WPP7L*GqrYd?mh$K(gY;|X=us}{trQu9uM?6 z-h340o?A(>UjoMwL;J#mu17g=oC`D;KeT<+y+HGSbTX@NHCiTZyrc(;7~*Qi_lIxM zoMrogO$QVy6989CZhvS`u~IpiBs>}yaDnC$l~N1YR*_GZSCuGF<{`5aES8ch+KClY zyHPGp;+7zTm`iEsh0K4x)#=!I`&yyV*#Jio=9$`>bp*%RPk#ckd$tAT@0-a(ivI`vf18{)ifXqV_ z@s5$kjdCm}1?QzmAu;A<$bOa??@nGE1*LEtWk+Zz>BloObDABXx)CTMR|QBgrc54$Or%m~&B zD=pD7?juTVQ7=H3C>Ve%NFz}zW0AokNisJ$e}*sPfGO30_9?}0L!gME9%^$b!3!_>t`yS!x{ zKY{FJxgVk_TYH=K1}O96_557gpv06#UXb{UJYxqn4v(@=*Od*a9+pxetI4}W5oc*f zG)-9sPaxBVKC?gwp)0Lmkk%7{xThwf7vfME{g^>RbF*`48I@V+vLSoN^nD5(V1CL>$A8-tqj4^;>--&bH}&?>1;$BrYm;%v69zU_vvZD^ z7)B1dn-Wiogp5wD8v28Pe-5W8;$2hrTA+3XsgHc|S9hxdYmTLZ{uYkG3y?!SZ9roF z0{q;yyYjPzf$WZ)XH_igqg_fI=tLXx-}J2>0RvzDuxshzcmd47q+jINh!4e)$`Fq= zTb01gFWEc0iS&c+K~|C?7L$k}^`(e&T0ZyNDkW!1HEz$H-S)?!^*x)ypR>7AqRUGA zUncbcJ(WycEV>?kC9|aYGd(m zJQK_^n}dQpv$0{M3a>1E;7|#O?syF8CGT$QOG-U*J^giwg=+#V|OffpN0I!xOMw z-c%*i0WZMT)&omcXNZHkvS5>WGZdn{?5tc2Gl?~`tmzZ2E@JHk@;XUi4%oT-2Nv7U zbN!7C>oC;-AU!vkiWI4Qo&RMQ>;2~@=mCnQB!u6kZQc*|`dC$VL zLWBl??)R%sR$7h*K%ec3WjsPIFgllURsi_#Z~v?3ehYe)XEd9J>(-E>9(`2n^=^Hv zD;()8#45RwaYJM*Ad^Wzpl>ZCBlGiYOu%0qsY`Z_wJFAV1sQTa(x7gI40=5&A?6V& z#;sawQ-e*-_+mnNab}8byf!c#Ib@)^Zbguqh2SKAs6n+EtM7$GoqH6R{5UQ`;58Ai zHdQg``^DqKvn+%_wrK2?Yb~IR4=Bkvp&0ykfqjUjznNnXmFwXvEC$OgY1V~}_~y%GhOaxUK+8$gG)0pfs-J%D2%PRNL{5`?3ZlrEGr zr*uQUA^@hBL5aDd`oI74f3?s5|NhVa1KV0Vr)-k{`#=Bp9r0lBzyI_9l>ORJ?wN84 zH+BFGK;e;h1lrJVoC`D`=s%?qx}!9R1z*?nMo8YL^*d#l%KN{{m&)|p3do~JdlgXB z+YNAVcyfBUKRi1;7!>?ujQ_a4p(<^$?{@l69y{-L`cI$8d#zxS@I?A}NY5h)(QaLw zDm2C$pm^L!KNM@Q4877BO?|Q*hL`dVuJc%DWtVk%D_rgnk!J!^fB;{j2r;Hp!b2a+ zUojCF%f_)K>Ua}0w66u|7>*p8-&3B*A{ z(b$a=6HkQ1Hu{8K8-YAHu1B^A@6c{wrv-ind?O|T~lmaSw z8m4NS@@0OBR5w41xh-v&-3SO_1gFRcCk8$TKS=*VN%7KU(9}9rj$O>g#VwPGa%%L^ z1V_k!D4iJ1Jp^<8AZ>k&CWIoOJQ~xP8j~dT!pu7_Y9ClR`|{3a7VhOZ(i<+59&(R$ zsDcfB3qu9dDfiMuKHCoeP>-G@5dj*pqN10C?oLy5gf-T8gb}dm}^pc)+&1MbW4s8 z3ryC#kNYL-^N#ipZ7^C_Ra0)IooXk*3SYXs1KS38jRQ1BkeBWL9nE$0RZCwQtYy)> z9UHTfi=j07f+G$fV@Zf)SPK&cMSSCs&5SsPe7PRe-OAUOIfJ>|F)ij?Im~)5yHT6s z_0AJr?LC14$T;>~kMu+Z)-zQVZ!!K7;HmrA-O(NZ0_l%57=W(%HF(^A^hgdqM>NEd z9FI2?dPs#%mt4JOE4@Zub`R8Y!v^w75}R2+9MAgkt91(6_@32%0(gl?yJWlwR z>G2ZYPdoj7h5OTD|EJn&ovhuROWG|1K6^`o1`++T5AiI zA^^W6C_ye$cSiraW6zL_qc}1C;*LJSD(|6cQB8&mVCWo?$pCDA-hX#IIvhxrV9wa0 zW7Zu%;H=cYZ`}-w2}Xf$fiy>V(ET)_ylZJ|rsvx6)@nz6S422Sm7$u0WN4aOo^~Lt zbd)Uq18#1*fA9R^{%P|RA|05Zb*%T{`0Q}x@@szkHv0X3|H-3A^51^HU-)j=Jd1Vz5_`?f@w?}y)XIt{L8Dk_!EQl-lYIc7T|ytzVlAbS9|YoelO(7Ug1 z`E(yhAFgjc+^Oih<3`fT|1N0?nnDJr^e+<7;nAmB{GmY90Z+ za%f)Mc4Rd0JA3r7nA=qH1_eshr83eRxr%`CEBArauq^?66QJvuP!8S?M`wqp=Wh>x zda=1pViYkJ04m7QnW1a2xBFmu%r^n@W&~`0&Vb*nFbLJa@9Yu4PasnlHnKx`N{XB) zU9cVFu$sDZ9pCygm=6P~>Erkk1#@+AviT~8>;{xQ^VC^Nb-)pCL<9Ql2VJo+6EHj0@+w2n_2A~zpUT-=&(?^K-jQFBFMFF~mkqTF#)$tlgh$1dyoPQ&5 z{22R?8$+LofSyH1lvm&{G0dU%@dywKP7gwcc>~-(^;h&C_Ay2B<{sbfc zPa`CHD<(1|6agP`hy&)9$Xs1-CA3;QuVRw8CZvq}DZEbQsj3Px?pI~$o14yG-v2dk zwj3C#Eg~Fj*X>W$H#99aCY5Uia#BWoAexl!X_7)n7$@8$SNP<|YMzW&qbQiVv zB9GrU-+UuR(F|yflw>xvqmx0?vAJ=?Z*GhTdUAU7et7!R`Q7ee2ANy#U4wf5ih846-VnaktgmTfGs|MvS&pBC)D zPaf~?-rIk_#Pj)c?^|$*!-15pCOAM+hziB9cr!Er-}WSn=zZHcypByYWVuIbWq@>< zbvwG8qrE4~M{dcioUD*Mn7RA1wsc!e52P?e=H?Xm6>yqF9(b}R|HR=anN09C=sFoN zb7fMYc~%JNtFlTgLNCw$oih8*VP(F@6i0jly8ppU5aRAFx?%3%iXWSDhzBq7B2o%x z_s>;0*k~vK_V_L{l-0v(MGR~=s&fBXc}P`rUwcFi7V93+;&M{1%H}AucxY3#O~tAz zt9I73xYGD^rYRwZ%)u`S4DbXaAHX=4-EliVA_ZNR=b{b4DHs?d4<-x&MnYt(JtUgS zkxX9DknVjZRx4&;Tl?=Hd>ENro-9V*16Q0b^`#UABt5H2)}-Fy!es!dbP>pFY!?l8 zCT~>`viVpd=Gp?QQ*Ud|Y2ld;h^FD(0!VSKTo$bn%q^O30orDCoAt5+8Cppu{#7Y5 zOPSG3oc4LZs$*gsL^&E*qRwq7#K6QP>aLNc{@Ze=qCKN(v&|K$8RRz;Y*=}*m`#~K@Z89njZVJ4s|LC>? zuxRwG)gr_u6C@3?+~q!1O5VX;ylQ0OZY@pN1griwF-d8%Va#nyuY z&nb%bhj|bl?1H@~kFAo3a$Rj zCD32N_{k#_c|aGDeo|?Xw`iU#QJ&C|450wFXPn19X(4(bojH7YqfS{o&fbm8jg6kZ z3Ft3g@H#d_)!we+>)1i8-CX$YGHrKtO4WsoQ5S4xc3)e4asS-%sn!2UOSm&8gfmWI z?06LU$}GEd8_oK^{?5*B;r_?&&hF!<_xist@z^$Av9DI003<0GzlQn(KIHH%nm<@z z`%s0ASA{67VvZ{h>kf=@ng{iACl`cWU7~Am6)9407QI|uC6D7~XoU!IQe0@Rp(Tp6 z$_!D=;Z$Lr?uk16yeXtl2ZNG9R1`3MPrKsEuE@gM8MFRB|G{2Jp`~`f6NYF`6I3pO z;}#S4pmH0`|M|6v`u=JC)bsyR7(d6#PqI`S3;2Kk$Q1a%mvIGP^l!N_Oz!C_1&cjxNfxj-@wz&0m8!7ykV z{s+L#Vu(IkJELv2{>M0ibS^WX>ol%QF@Z(v|LN|d!usFa-P^lg|6k&<*5Nn*1uw5A&gf$0507B zclL_szsGy`{vTiD$tTb$h9;9C$XKlekVYxH-3rghYuN=}5yv}QKFAtPj~O_e_!NTLjN-*WEvnHG})bc@u=WpWC?&DEZ3g8TU$$j zwr)q=nVxCt#lPFVB`+mTJ!K`-%hmnF#Q3z=G%cKHWfy4BK;2&{`@KA^_`eB6O&uIf z$lA~Uj~^BFf4h5okM8;Zmw1YbymfNaJlXsn`Ksx9VF74{+A(*YEuNZ|Jc=enq4Kq- zxbbPV{&nz+RcwEMXruq%-7T&Eo%{3u7kNsDxvG#h`d=L}@-EK!n}T2HW>#Yqo69qb z%}Pd5*5WPJ-qjuN3xlbcOyvRiYe`J4)_;hnDkhA>Jc{FG6@UxRfBmBVZ?FI4e*J%u zr{RE>&bod4x=TA?iOhb_B7^D-a@owN>R;mkG4~DPpgR$N_Oc?~!codp$0Yh51>upA zx)*>d7H7|>%2lYuM%)Ff-XxV}DwD;vj!)BqcmGB5ahsDUtLRiJb zH+jeu5bK3>BgvKc6=)~X{Kdkbqi)&mYh|alVS>*&W-UI7(L9^Sh#4!CKuq87R%IM; zq<&V}e?)1ND|}c{wi2%Xp*m{5wCUt-&Y*39w-G@WaC8gUj^o(2^RK;3@9b&E|0m3e zFTK@ne=X$yPx}4h{jdJhd-?y%Jf9oWKiF0Q8I!mhO_)seu(7dGjJ7J+ef9YuOTDQw zZ{FS&z=zv zLR)CXgGO%0@L&u*%vG>ulOVKJRz1;KJEbhJae>%QkrzN5nnd2Gh(j6T zIhtt7VTfL8FNiki;MmNhN{ZZVS#JgpAcyZ|s0ZUdMiKOnqhM}wc8Xo6ddaA4yzA7? zYvS^Luj{CGK`f+@s{FjU+>{!DEIIA%$(E(^oq!cW?#@+pDcv-#g0o6j?cwKMvA?d|>3_WVzL z>Hiv=lf3OSnU4?PBEq58S!IKaybG3uJu4K7#L`5ARRQt9 zrhBG`(|rXQI)Qu!x@`g)byct>HiNs5pRgp%&#-Qs%^63b^2S=FZB^fq2@abZUH|2& zQfKs~Cw)_BwGK7h4s7mQZpJf5l+6n?e+V{ZB1oC9qbeq0Mjv@PlC|aic=5M_QMiR) zYTR(!<`JiuP|W92o#dix%s7swC-&Q{fn4E~d*2dlE>`bi3dsT1;lCFkxLR27`d0It zr7-Fx3MdCQZ)S~EfzT};$q@~4Bx&Rgg&sOV6cc}hJQDf!yJBN48+B{gaR{gABnbj5 z_=Uou_{H!t#|n6{07%6!srb(OB;x3rXY7$C(U5&)4SMbb=eWRxy`dzD+ZD$V=KCr# zKcZ~ma#5E-k8+h>p(&2chENwNr?#H8cRZ;aoR;jezz&ynfSBL_X&&BPnpKO+BUv|H z>Z2K?$d{V`GN(3l(pBr%DF)?md`!FPd`c3^TPt$2b|k*1W{Dhq8q-M)CCGAaoE9ty z7$J=Oj1C>J#b#UfPsg)=zD)lHAiVG~1x{SNMz!JqiZMCBRI-6*mOztg{LALAJYBnK z*^JtD`gV7f6+&8gnB8Y-Dm#(pq865ev~+oM5|5g7ZSZKvJsT*{M*-sK;MEBwF`^tJ zb{v_E%Vknir5%6l#A*589F3KztVCz>1r32Sxm<2SZf;~+Qh)4b{oneMw6u0=x(z+m z#RQik{uRXhHK8Xe=bR>~1}-MbI}<|FEOoy%vRa09$y~VIA0d{x)+dDKvkr0s#z@+J z=dSB^pIJ3;KeS6$<2WpkghGB4AQa1-?F7IeAXh+^tm=zLLIjdH*AFJDH>wvJ(J2l| z=DTd3s~HXu_#5bMZeL9i2adyH>>~;sCnAnK#5h*!6yS`2a|ZV8Q%qel4Vg8!*IQ3U zV06t9jbL!1lI!-s?#n;!fM3Csq8M!b7XaU%ot^Zyz^?#aU4X66`ee0xv-O}0zIg$< zyZwF_{QX&O&H6;o(n&fMT+!Z%TBT;{j`CcP03S zF>HAx&K-=mii}}v5o6eDT-3cWj(SV3?0pi?fx=0iWyLC3VI#?nur2N^3us+%ddhL4 zcY)@t$7#Yi@@?2&EceVF4`W%}9)eYxv+9>g@)U*S5-klkAdLTMLXyY_6A}oHAVhc} z5VG8Oi~XOjAOK|WYfu(U^Ao|5jK(K~(o(Z4iXG;3*E7(c<(5x5R69isag|D4AN>GAf3~-v4Rw0i8`GKY{&fC+ zI66B#J%4-n(+zleJBn1}kf%u$UD}LRvGeNoEmWmi?lmRhAh+Ww#o=2tKSh)L7bC&e zIpS4K=dVkuvuxo~Ju(BB0_|L&c@r&ukt1e>6fY@heP;#JMyBJgZl_zdJJ`d=lCdgj zeQ&2S%6uYEh;O+?Rvaf{iegBS2~V7Pg=$y9+Z-=eJaN9vk&rhdR}pYdYqtWWVXG4> z)z`YZ&BK*j#~o{hRqGCO+Qa^rKJAv2p-c3$XuWE;B9sJ7Gz2N_6n-)MOy7;!*k>bX)BAUk>B|m&sSyb2}LnsSY8ED z+^Ue&cNoVerhYw;%QWi#)>@S~4LnWiG)^eK!~vS3L*~Iij)w8XZ(1nw$T)_r*GsFJ ziYbyxkbTu)rKp}nkr33ia9pgRQ7xR?YiX{&X}3xPQ$$I}VG*40MYl&{-upD6WNMp# zdoYg0SXB$Rn-+xfQA&x|21V1FRE(V_QTC-%VVi&awZoPu*u*}Gf;}DUAXNFVo61?2zXqB`6v^PURn1u&&12TOe zb!;v7gbKH(1+t2Dt|{-~#n9*~q;^A~ZNo1VSN_ZE^U?Ri)5C-FgW=im)o^rp{&948 z`eFF~aMd$Xf%#M;SP+tIPdjR{>5eFM7=43b;{djzOa90$Q59Pi*)tLIXqns4Va@5lX`E^o| zX|EBx=BX~A*C1(E;gEf;!DRtOFXnKxVwTbr1q-S5`XrOBPJ{%t$o}Zi^y&s;Iw08s0l`?d9QT^|ShaZNo-W`@W)c|xkO;ESl zdm3GH3J;@8Oi2`?i2nd77K_I|Y^7N=AIR(ywu5O!Kby5{RWS(7Q&NCg0sN|TU)kq% zG*b%hSKnl@=$e|(0s%HQofcb4b=l^QwJjHRJL~b?x+Bjm%bk^Fx;;-O~9vJLO?uc!C6V*Zg2a7AU(j(<6l>O?fT3QHrK%s}#2dDNU zWHnx>)Wq1AIT)2v94|5KqDHSGvv4K(SCnf(>~~^XtQnFudtf$niz4Xb2r+g-$+(gQ z=S$csg&F7Z8&uF{$4&HEXe};?p>mewrSd_$d*{D`B#z6P%y^Z9rV7i0VQ_!~IA0Xo zsL+#&s(ILPtB6U(@u>=!q@KJ_a9e;SPhtz=1mYl}=xjz2n~}h83$s|S$TZ}o)}^5q z>#crz4)7&vB=B5;+tGKvt=}Mo4Vt%*AiZ!NT)2e~HF&I4VFvc-!{X`QyC z_XT7+MYPIzZdc=QT3bnc%a_j1=`~>j>kjo6kbLsX+z`mdty!`4BH&jUVHJ7^bkDn> z>vZimu6k4LQ=rF2c@1o;UNwZTXc_8=%|K5(^Yu8yffJCazU#4ByicKeV7Gd!E61Ca z`WaK%ATvc&dmB~*s=~fX5~})KDSK3&v-PB&E_E%?82BnhCdgrcBlxaJEzQJLTkY!* z*`k}FOOaQPlhA|w-$ZQ`Ywz_2P zl3jQxA7LMPkS=+7yj*KxRMa+(YvO-wqZ8@owLJ*&v)ugnT}4k7BU~0OrjK zs2Pn?jVfF@^AUd-aXi$mXq`AC6W*=D!BAA8TF#Y@q6wlD`3DKb(RAd^ke>uNnjTFf zlDHICKcOlzUq5?VMW@f6W~0ZV zw52xBR~gv9hC0l8K|7L04{H@lt1Z~Faj~MY))_ss=88=$bA(u%6|mU`xbl=O!b8hL zHPQQ)oXFcXw$|x2!??=a-i@KLjhS(&X>K$YE}poi>bEu*t~P09t83GoH4IIQm`?Rq zcT>~0Jr7I!k(S|?`m(_IxgI?RomjBVSI5-$)o0QE`=qkp^RZg23Y)5@=BKdFYk)Rt&@RxRU&RjuKzzUm*5YU#cq`&F$S0fjN2 zAK;uWhT(srcR0lLjvRJNqI8B{itA-Y1SYYdR2;P2NOSl*rCgq+zAP9TrKhst+gqR+ zr7S^UYdo1cOs4tuN<^}aev#(eWdT_`a`DpubnE?@D+;%n#Bw(p-CgrZJf+jfd*UND z0Do)MURFi41pcleS>_%?j1>KnAeN6Lt+8E_JS!Gc`?xL5_i5?~^!7JvTIH-<0Pj{b zx+LtoC)?#aTSLi>blgd6H28KjV`72JdopO3k9<`A5;kjE3yX%UihFx&faKzY&7DT@m-K%{SnAtcK>Xp9W?D7v5)bTLLapVNns)k z=o+U8`pN)ojLD$;bM$lct$BWqj^3XfpPmgroDIOolQ*ZsgF`SnJ3cu%JOG@4n4(L8 zr+^Cr!q_)IN2ll#qbsog{qVz^!*|DT+|UQxGtOf+==G+U&yun0kx+-Bmy^zV0%~^b50Tf zDFTW7C{saF5-O54bOo+v*qebFv>Q%8ie|6fZYeN?-JC5JSW{}GKy7_qMGMgZ(xVi6 zkPX022Y@8@Ax9%lAxBf~G{EOE8h}$01UQ<0lm%p~w!OZ>O252qez9@9vIh&-6G#DS zWD8<>Q1C8T#j9WiE_KT;FU#gy^QIQ#nTgJ~#2- zZ0i)8uF)~LuOLIx%`tZ!&o-w!N|mRA>pqYevKicc{DdW8ex7yXnSOA!wk`eNf<}vH zJe71${j)DsQk4j*0$ORc8jd*-EwKDTH;>aUYJ0i96}(y>r(Wz>K-$qkU1uZ0!FFA0 zU+9N8YBI#D0{SZKgX&2YMO2iZCAupsSw>J%eU%<+gVY6@KLndHW>4MS8*Aa_7r3kq zZf=xUzk*T9MOSFNmAWIQm`FcwamG(Ic_;SUtbttNW>1m!U{n2t(`pUm0IL-Lix6Bc zr{UsO8};xd3ShZ~xmesNm(T5A?cJ~K4m8%XQMZOYy^Wxpcq}?7erbpqTL+|Km})K@ zSl102bN;0jChQF*N!+e@KJ{5k?O;A1*()@~Q7iLARlSAI=&LCC*JZ1}BTIdnv`?+y zT%t8;_Vh9R+IjBRn#S=~Sq1GhSGAFOmk;NY58hjMe`k$}QY$P?i@9e51^OsJ938wm zp(I9>W5kXloi4wE)KqE5A3Jec{@y!2 z|Gnqj<}2$>^lm|0Gm~1};4K@ogIiTLwkQj4=|16o^t`VWJ@3}>^L}Fy^eTg(w2$=m z8;PTrIrOgWlwV(@9JD&!476gVaHRj&-Vs*G!LITyoXAx1IGU~`A*iv=LcY0btn zR?gs>wU7ts#lU$-Cn~#aH41C&O`+{sNPO_5-@lUXqmr?$n0DJXL|V`IBD zXDD*>MUnIxD_7rAvZG1n`_;s_>;0wdG2Ze>oKtc)W*x6&PFr72)RZ|&TFaYO{%X}h zl|Gu2Rn|*&>g*K&tqYDJ^$Rp-Jx&wGkzbegS`@d3V3p>q`sF0yr}ETu3&|c#NZ=zX zwGg%W6A|bitAFKE5_dRqRZ~+0Ubn!<@t`yPk2(Vty7Dmkphh#G9=TbWisC+=J)&hFXuC zQuFR3fd%#iLDpS>&B)kF&*fPaS0Uosj(x!?DN;HQnCnr##!2#^0Jx~l3p8JEn=!?g zkRt)O4Q15aUi?IGBqWW7Z;MF=7$~=*5#2wznP}t7y6L2%iPC1}L}2st@bv8H^>F{} z`1GgqzZ@TZIDdQi(+zmJ-lltE*lsz0%4Mo<2Gg%C<}ib_+IF?(Nn37?-VaA-ho`H~ zQf^YzI4qnNE0f$>*I3S*TnXV-#AuDkQfZge6E%9_m)HHTOWLf9N+X@UNC0*&(EKZr zd)0Vmgmaf8T7}q}##Dh`G^)3X+ITDbNW(?Uit~BlBvBbg-TJ zms}LA9keM$Wx7fPJZD0vR<^mw1I|Bza|L#*{Fbehnf5?ieazyx$x!s* zkAGBBqjAayslzmQS=M$)~vn)@%F=)Jz_yw_Nbd0I!o61??Aw?|^G?;hDV zj9@Gic2yrxzvx$oWkznLSWcmQ?zWn3Pvns7Zc^kjaPoF;b`RVWT(>K)6^| z=cmsn2Kl|Dr*GE4)<=Y`P_1QRVWnm*`@D{3igIH^lf|NIYCaYCnww6GEv4SRcZR-C zCH`-nO1xfa^hI*c-Yy*KeM0jT;C({#LQj8-3C%49Ywnv@xbeHtK2ehg?su$F{f+29 z8REb}wkirwz~6x5gB-0$`S9E$(FFV*{PB+!B~oeve}4w}3`IF{IqzQ>%8xU2)zs{zxq!Ax+yYplHi)TQKK)KykeipuK}88Y84#OkR6$ zhF0(oWiQcM+9f)0bJG*m({3yr_=ea=cWLI3Lg#IeQ--A_kknOVAQn8q-rZmg0J=sV z=%I+yc}#G`Z9AZSJ`3;!d2=twB|nb|;}V;^l19KR`dn4GOMqIgpMJ}GPk;&!3Nv!g z3U8a|!{A*x5fy`20lePD@ZK13Zw$CM1}sZ8_r`#GW5B&J;NBSUn==N)gyyXPsRH1H z(E2!_IO2##FgQ_;Z7bIwX77rinnT@5iSrY@gvT*w?x*m&dc$akO(ndz0-yG0JH}?W z!AMlE8{^g{oh3Y%E8UjYngM7Px739Wz01u>TX*gC`{b_QBX{}UH)4FRW%lg!q7VXZGbGJ*+-D*;D;}azEBC`fmWQnUJ_FfRX$keTjUQ~4=Z9hWx)yjOO zCQjeL`fKuDw;E+pqn8IzPyQ9H35PaRPCWP;@q;^Q$(tD=b9*D^Y;eM$aSeA=q&HN8jb^m+$K zy@>+{cTUB%Es@`$T^98j*?7MJ-BF!yJp86QxJvB}hEF}kRatlPJ@fa!78A0gBBFOP z8b+;%k5z)(({d6SuD~7jLA5=eR@%7q%X%_nma35LYCu)9uM&o;ey$WhDphTDs8?%c zS8HEsrPM?-8ig@^Q^uAh@i=v_{W(asw66X-=(UsasZX>2#aLE4-Sx5Up>6OTs%{>x ziTB*7dbTFmv*tM)&$(I^>C)@f!JIT57m#G5RdCX6v`!0uO2J3($BUvzZ{6Y{i_uh1 zexXHRCl~1sSQU5l^X4Cg8a}A2T*T4rkjPnA;bP^Bf26s4PQIMi>CBu8Pu3}OWqoV` zyyBzv02k<+4y+|g=IV{7s-LXAvP<>yei$&Hrfb&Vn15?&tECk~0An7ozUt#?SLJ?t zxTI_2>N}vvq@$6P(r0T;wEPkw`kQ-9P#cr#%;Gvek_Sg|79OdAl!;vMQMOSv4UJu; z*9sAeDI2jgWx+|FhVi)XPgsygVLUz?$J~5<`hod5M5z~Ky*n0;C)pwCwA&>eE6`(I zvvgXHY0P-SBR-z}$m*l(YgcUFoe%qfzMlO;6Il0C(Gb@C+^5B={VeTH`ru=p&@{O3 zG3$=V_c`T1=(rXh*21HD$U&`kOl#7tj7Kajcb0U%T$3PZ#xD++8&?;4ftLAz&@O&h zvO2Her9md}(t`clRP`V%Y5AtQ-%7O?R|PxoC#x82)zB|zbIL>9*PHVoht^_u*1eBx z**p|quPLp&=0QGeutz;!y^Z%d+dsxdwu*yntz%y3=30Jmi(Y@Qqw9W$Ht#Q7mVtQx z5^wc+{KhHkp2OOqrStIT*0RKp_c-&Y1b)9@ujQd$Y?@@VlQ2CbA6GL&tuR`35ZC-o zDdSxEoj<}+ztl~?_zc$=NlkWDQl+eV_pxQqKWi zz(W4iwrorKO4ah2KcZpO3cRQQ{tuM-YTIl*egNB-5X=V!U?x?e+%CfU@ZK62@Kh&! zw31tYl?c#Ue!Vy>@DG|fjw0vY_~Vea7+)^pG4Pu_X2a_4IiqoO~+ayg}L z7REAaXX5m*t6`RldIl`+7;yiImbR-3{8A>rPM?57M| z!-jjfXRywF^*91rHT3n54|ialh{bAGNNH>}Zp^END3>7DZeYpbW>hX0<->omH{mo~ zkhkWHB%ij^GjqMQNN}xoA1sqA3NVHFx5$)bR1$SP&AGKK+Zt_Yc874K54}+$u|*bE zoT@;B)p10Hn7{Yoh-|WdLa4*KfE;0{{L>-Xs1N_IczBg_oL|PmVDQ2hNDklffQdu$ z>q_I>m2m{tKIGP z4m$ru+JD@#?I#x*P5-O?;IYb!`-^-Qhiky813B>glu^8LGznFyze5NSN7uG@^GtXl z-?{BHZo)V?B$w{%4VT6n`o3NhyXAA##9!5CsCS+_@4&P2rE$cEG&;d4>GFU9LrW|y zcEhQCKr|ErcVeUQ7bO8J-T#zFZ0%cbKg;g_{_a8P{$Xo%~gk= zXr4`Y8vYBNeB~>D#Uoa@>5&ssvThiOKcOmhr1lMX#C?TN6CSg;UjK5%!wE~n%&>nQ zoT6Ok`k^HOEbA)DjWmy{gBM|Y;iADKq*(mr4?F*r@Bc8214-uZK?auG|4yeJ}!kfbR1nV)jHd%MB%ej z{fE=>Y?iP?a*@z~=B$AWUlN{STgq?N8PF@*w<|lJ?Y>^ir!4&6$#8#{#lCC%nvcn= zo2Tl^Uq8#aw*6|3y6b-J3^n8>^ZT>W{L822vm*V+rpSK`{XgjJ?#Gbd$+>-vcP_; zZ!L{up1J8V&KJwd_EfpzsdYqKU|s_@drF=FM}IS=WrbJ=hC^AUR>4Nsb7yc4PMfS#y(5?;D@@R@mPDZ>V94IC~BdX@uVrKyyW*bKlulk_dut%nP1OO>ScUw!)s&0aUV9eFf`ue2O!2qrhpHQ9{t!+U@}ihZ zeLE7)BeF4N(;-W3Ol8WWCHx51Uv1O47e}(}rOp>0yAJk+yrb1>HJ*?&g#$!547=o! zf)*`uDTK$-?5oBT@=maT3}*y)1Q|KWIPoXUzp?rGgpZ2v57~&Pj7Z@q3*#}#lgH%# z^D&lRBmlE1l|sNAbuZi#&3T`YzU0zAjiMP5EQ6!d_yWu`|boR^k-~HV$_TSI)Sy13|aXys_@~rx~Oe`vO!~5q$ zJ>S@&pHRY0qe~Kegt8=BG`t>5}mxR+-h0@+j7$&x5$NZda= zVujR*dbz!nf>2IBSU2@xF7Ke=XN6%~pFXXB|5u~`Hvjbxp#SatIr*=%fAEF=f0obV z#eXc#oBj`%(+bfeB1^+~e4;iF_W`cXA^Ck#W-C5fY4ZDn&cE*dmoj>%G`V*M!1DXw zF311x9ej!Z|16&s^2l4QR<-(ftW(F=q!bJD#vg}Dc*pXerune_<|iZHt#Iv2d4~1Z z-+54PgIm10;?kR+^*?^8xbj+{xEE(%?NfXI!+4ysdnEf+e3sn*{k{EC{AXu>Z}&_5 z=V$qp?!P{Def?Vs3!f?r17Q2%i`srLZdgzGT`=6&H0&t&1HqBoLZb- zgULQzX*FAOdj#S`%f{dcHoax(F`p(hWn|;K7q=a+v+K1th<8jAIt-&Q3z_hK%!f>o zA@6mVITXpIvN6lT#~Th&Zds~aKiX33=Aswsr$MUc;TjBT zCZsU^CG~Gu929+7L;MoY*tzA15$?6uRTb<_EIecVaz#B@C%je8Y{G@EJ?T_Yli#|x zyyEE=k$>O>;PDc#o@AM+Xp_)vQfTO4`eHpTkAU9Uap}vJ9ZWX1JDnF~4eGr5a#c6bv7yI9Pu6@6|+!UoDW|2aMEUJv2bDygVj%zKB zp-fp4g+9%AT9$}`qv)SQ9-pntTpZBVe5Pg||GDg^W;d%j(Z+IC^t5cnUHFb-Mo%kU z+D~ic{W-Subg>$-8nUg;O4fk0I)|x@G5X8!m?c}X8tYjd$Rlv19XrC#pUHe&9?Emi;iv(-NHsn!2gA?k-)|CZ|i z-GlC&{jc{W|NrxRK0anW^GCH3))g=R%cYg-B|EJJ56SQF-jlC(hGD!TCJp%W&Bg2Y zCudhLo_5Ti=SOc(Up(!?-l80mhu z6R_KzIFF>TGGR0zt0oC5VmOJjhYd0W|Ko}GMh58pgu7B&a1VV;4g{Hl2^Iwa?y@Q+bg zdv70*XkE+y<8c^&Xt_U2QQ%%uz%u{e!Cd{n&hFlq_|MPsaq~Fb;s9{`DhkChs2gU! zReI9V_x?yJpc*Ux%2Gi=q~h_Y!dHkpOpB*b>nvQ)SGeT<`?f&4sseKl3b6G4x997B z?R}~L`B^@T?|&8vwUO$ z#zqTh8ZKJNAEUm?vipBup6`B^#{cYhO8)JvG^$s z<0ZWPu`P#7?tj3Nh|i|%9$8=Zv-tjZ_ID4;^?%yEgD>*`XZe(@<;8pbr$zs`)PyF9 zuq8$vmlw`eel73Cnjwhr?w?(R=y8e)R0lfa3U!EcZfC#$Jtz(UojE7qGS2`eae?^?P{A#%#dnsrG6#_pRKm-KmiVs zPaQ!EhR}CwGfBfZBTqfu1ju_y1%tScjk0jIu>~AMOlWs+U*uEQomLvBtU9kdW~D)> ze*CD^Q~o}^_%Yvot@+WoHOyMKP?c%0KIX{Dpv`C;8|NK<(#D)4G2;v)NI#Pc}#ZwJow zCJ0l~O4b5278V3H=6Wk1D8vVtS1Puq8g#iw4t(&u@Fo}fnF;3S&=Z5l8T;V$@k{gg zNW2p)tr$2D3yn}mLKT;udvNSN=-1-W(rc;^>+2fqNLj)~2(^$teL8gdi>TQDqa@MM zPF1hl)X%T~D8vLbg!jHKe%Bh8z6gM85Cn8UvB*}=U1p1x`lBA4uyq?#QDxd@TE{q~FWWBK7{*D5O>yc!{* z4M+MiIn{Lt^cUU8a0k(F2r_;u9`Km-p>;vGpynLEH<+N#>%s*QAm} zF@<%>BcP~1Ve-hnzrMblo56hR_k{!1)0^^0{rREd(vqaC7}Ds3MRe9@K97THU9qs0 z6)zQ`CM*qkurj>D<3&hWIAuJ~Rt8mkz6fhX!zfSL^(19t!lNn!M+sW_jUqgeL#2l` z;FaIF4^NB2Tek4_6dt(ml3%E)kfX zR_tYsr1G?KXRj7ZEFb3^?-tUll%~uB)>j5n`>y-#VRbdxXEipTnsMl8B*}$?r23o3 zfuHe+rEb0pkPZ9gnxp6wo-;L6$oCbE@GJRA$tPN6V40&G3*M>b7!UK2){vnU6_2@% zSg;LMpugfxE){Nn=YcYOK9dG#*UcisPedGp*k zAJ^96t!2|Bo1KK|A^BKCd{)r&Fi316<`ja8N^IDCU$GfA?^R<-3DQI2ipYG&jsKjk zMoawvNickP1&}52Kb=muTdx0cu=^$c@3VZC`u|;5d;%73lisUJK=R-u6lo4kvR~%G zc&?;sFZJI(&*$TOQ3;ot^wSB(m*SSai+Iisfm1>tLP;QxB7hOtqgBQQJs59Tb>Tn%?5ke+SwjCG*!dGbOX&Yzx4U1C|KH#J694;IK5NPU5A6E&??GxmU(juh z{lheJTpE5`dU8R7$Atr}+W@rw?e$xK7GW)I`dRUKW#_Qsb1U@>TlmWSRxX*;8>b8B zhK8}=tewZtE>)$P;+G31TY6iMR$KF?__mI&zfS3B6#8zMTIEj*Cb9rjJ^Nc}Qy$hQ zbw#)fn#h>Yy2lKvYpbBT6~gH-nr=xP-HQJ0iau=aqpP=ITjC9`YiTB5sO*hU9b{HJ zU3aE#xZT3p*2Uk46$jS2!$Dd0GoERT=($54UVqUkard z$58E$TXYEGk3bo5FPstgp6>%%CE6&)wQuMnv_~x3A|KE#aG{}cp;-0rt}6XUeoFeE zH(}8<9LGFmk2l7${O`SP+5WfN>wc;K{#iax$R*7rA&B9v-VSLW_QWSbZVm1a{f@~%!8-*WO zfMFnCZF%G(j%I|%@TQy+NmxpvFlJuEJL$jgXFO$%C*+tp-!+)ha@L&DKWV|E)qyH4Q@s0&Fr2b8wK&>v(*!IL-(%ANf^ro@xWz(dw{r@(e zke_H8@?4O!lT*>~l9d0({H)=H0i!$kT*`lIT>N}~de#54k94h1>HZ&oe{}x(^v%U< zZyG$>7>n=!ey>;V|JT`VcfQ>J&+>Ufet4DgvD-+#HK7C&rsRL)F^l-PaTGh&R8Hd8+bt8D6i3Y@`U`_^V(i#_aCH1e#j%z>oiHX-EB9v$-5+w z@G(JoLdQUOR+`b2emLfFj9VZ;r?de?+FXsD-07WYiC*ir=R$7JL4KK!N8tyu zQ_xd$!P3hpABVBd`~)KGPX53`eQtmrxYLCK78y521QO7U4yj-&_(ph*ZSs}};V5JQ z8DJ#yfXG({<;++7%?|m@4B1=%%;bLCbRlPZ4h+;X0tVF=AmfAvfjY=IAgafiGFi%> z6CMcoNq5=jL&+LkgxNQvTKwy)!@w{&a(o0Z3K3Q2{XPADr?+UcHFgdZdMV z%Hht=-QAt{+bHE@&*xLf5Q=gZ`)nr&MH123&JVAyE?)0A(7sX9`8Vf0W8#VPi~0e+ zZ#mz?n2l}n3YhxanfRxJ5x>zC<$*9JgCu285b+p;d|2hE~`c@|NE+BKVY% zgo|vPGC6{>xMW-kEh%8ajED)(qd-z6>iaweDF&z(BO)IH-LfO~=11zY;zdRu8S$e~ z-a_BGpc<-FVPGnR3PqLRm28qS8o1bCsK@>~huLjxlkM%Zx0e@J*GK2q+uPC>-y`i+VLS!HpSElf_L30ohl}c-&EAkV&q*hUQ z=gcxXcGoxPNFwdETLBw}G;Vd;t+e-SU|*$C62@%qwVv1MI!_IAF&pv^^U%Fs$LkC# zHt=kOd@2;GG^ee0LwHJNJSQ}Qa;=hJ5*k;Ky3K)Im{##$jA$g-V5=!HK`_HOx3>dM zVxCE!Ah&kL^X=`gN)w4mo{Uqf2oB64Wh57X!xLu0J}+_D{{OtGosrpG zSGT7bQB1mfmONxU0rRvz6O>c154mNU1~y^43wFRoAf zUiKj)sH%mr&(l=mZWxbvIt6}fLF^h3-PKWH&pY_+sIcc9*je}VtQ`iB(Jb_76wQcW zSq56LV*Q!`f(({%V!TsQ+PO^GEsHZT_w*>`Q!-={5c`mD!2*)x!zlEl8In@G;I3B* zN8mB>Bc4mqgWrY$OEoW%Gw;sNT;9+rBRSH2K+*BvG?~T=S_spsW_oypyaeRiC( zfW=uzBQbDjwNaU9L?S*8{l+$VnNO3Y2z*dL;4TR2C~!kSkez&2PrhTN+GFH1m_UO` zb3y`GqNlzfd*_zvX-!u|BHH7H-?X-CYMiIvPUH%q*XHw?3wPD3Dx>feKk6Giik zd#2C41Fr{%n6iK7ValYWtB&$M7}4$2VMJHiIOJZJO&lqcdm z=@FKu+!CvN<<%U3S$9B!Fa`hC%#nyndT0?j&kD#X)w;q>G!J@Z zZPw2Axt?r$UK*QHDK-4aW*}z&#={u?Ey{9P7YTF;%4sZepfnV1VDf!(!)BmCM1m8a zCm{<^v`~^mK!&q|4ud1f9W;x!>kVTg!$5-t9xx&@nz2zH36_CCn=+9wKNDJ{RM>*{ z5KxN~=A-pTzQ3aZn$S|a$b*VSDtiz0C#)6G8BWTd&@h%t5M-@Gg(UJCZaX;!IjOI0 zWXg4^NJpyVA^}3%pfzD1NDnBQ$QTVI82qxc@0_6GN2zPERO~>m?~cw;*>`BiK&LJb zD5~~rQhf+wFB=}41C3=fa*c68gLcOXi@01 zSg?VnxIjDfmb+>~7rERVbdgE!wHT)Awo(nYr@?j$%wMTT5g!wtV9*&6S-?`bRS_RU zmlTOJ@{x$$GKY?I%~T!ZZIVQ@QcXIi@QXZOpC_{xHq&oO!Zc`t*(sqZYazC_tX)+l zc@DrwMFy627p;^7r*xU3*v9swv~rM+nAG<}F_p*`m@T6f`~@Chkzi=M0=qdw!oB`^ z12ITY0bzksC@Su|C8ia}C9jIk_!nWoe3}ZQLr`P$(i}Kuci7_wx0*zB#`8?IWWnw+ zF`c>>y%7fgOdsG)PG$5mpMam^Rq=R)p?zbZvC^8rdGRmc1jT;vJiw>rIdd@Nx~NnY=5YS1Z)BX12{M?_m*Cev3DW`6wFy0;8I^xKunp2X)~B=B zPo=7?DR+|c53~2fd^AF`@Gs^7Fo@bIYfJ&5QA8veiWsJV0PP5PKD1vL`BD4dNwq#h zZfP2Vujh^m5->laDY_c_J$(rU8Ri)nSb?yjw2)>VIp=o@_s|3*fA*X;bSl<>LW7hc z6BXXx(uepMNT*Z)Ke>0>Y zR0%vJV*;OtSXL=V=FX;d4H6dBJ#ZLFs_ph8eQ)@}pyC=x4xRES(w12WKI0?!w^cR( zGx;5MJIlxvwRX9{m=RyT<4n#V_-^gxLpP)xbKvt>@QA(PW6+HT$QXeF4zNL;g$!u- ziVaI{U;{eia{s`OG=NL;D&^CGwp^$5G`yFab<_pe09Pt# zd!6SMuPr6PU8^K(54i;4m~l{=fsjPy;2%YFOa@gRh5@;og#HAsIt48t<5S0g-*U*PyGj35)HKc2;xPBO4`x(ISFgG#ucp`>PYx+!Z@(+?i<7? z(glM0d*rSjL*5z9C1kz41nR={Xilk5}A}GEDN*nme~n*%>=v7 zRUU;g7@7k~`c&x$GKAU>s2@m8OKL12Xu`nm%}aRT>_JBl(Rp6tzQ*f}2nsWn3q`2T z@1{$!h1#xwx`Ybsdz}MI271c(Cqe9&j1uevohA`0IuS8rQgImzGeAJihJD-4qX z*h()@RUSz0C55}opB$KQ6;GJ2aI*7UZJC4>Yng2*QBZXU1w&9o^Vpy0h)ZC_Du5=i zp!YOr)Pex?OO|CUt(b99p>jje2NvS4f!H$;-_rC33l5PfO|%FI^BR2o1q82}u)dnCP)IzFxwQF8&m)22OM#RV5zSPk#b&4}D z(oJI?ls@ z?I1Il>8$6L8nl)2h3cd8t_3i;aze^$Tdv3it->7|+ZY-8Ig`ICmt70|TPtVy1ST=?GWc zkAmWFVeA_ib63K(4V8T}QUL8JdlQ^^RBuXhy`FN&Jw0SKB`A>SWhs)VUEEE=j75rU z0PE0Zu1a9pEMYHPo72Ef&d{m-TH-?EnTmB75oT2ytMLzKij)m%)t&*Nq7@1|Zm)V= zDf8)6ry_+jSZ86F>$z7??k7$lE}Af;hSgLG3=INNltOtx&W_#^Nl~2HnoDf&$Imt@ z1gzN?@#!r~XCR~I$)JgnT+t1LNn!*dnOtKKO_}cCt)0{oq*jvA@?s`qNI`F{i)08} z+b+jt_;$8MW4PQB_94s!VwzOJmBOB+tc4xDMMlR;nz5t6JTLsrVO%!AkF?0ktJ9+& z&(2>HOls(VwY~lAF#WEvy?t`=^ZE7J+f(xP?DhB8Y4DHD@;6&@qRyZqAL>j2 zYLsVB_d#yLkoq@wGz}ohkY?d9V%ys&DuT!m1?HX2LEC%o z?G0cK=Un9#*v#$iZ9B2;Z48&ixv8yh5V8%~-s;-|-JMXO8`6J8`izlZ9rN}-Hl07V z3~i9ua>Hf1?qY+?bS;1X0$);`PNc^Jsq&xx7zKQ^_1Gs%aLxaWz93KG~6 zASmqE1IIbhC?eDpZYw%=@Mg8864WzS%Mv8V?^$-7JK~peyN2=D0oOI)I<=IvlEWya zT@}EnGWb=#CaL@?@2EP=>Oni-j-Kxv6JJCEds>zN7=}8P#j?d9+6Kfv$|HT2xTkPo zBxG?DCSZtdjd(Z;&k=>#yk8piXrKy(}s7%-EMm8Hc< z;6O%9f0xd4?d7V8C#L;);^t5`}pU{*A zSe)2~ObQh(Dyf7rnz%rB4ba^+X4dicT_8OJq*IvLnX>n%JkQV<9zZq^@aMUybTt$! zFrFY626GGm9=cg96Qfh9`QSF<{rlI^ew8^Yc34@z{au^Z(k=5=rQPTXR>mO(uXQV4Q#Te-5t3fRIMWE~>hf;o8V9Dy zDk%wsZsZ5bZBrUWO)_Ocm`^bzkfvi+<@N)>_G}$NT`*#rNeIU!Qq<-goKzkY?KRag z+h&}e$*b1hq!p2{1o);6nmYudWJn9>s=8;2Odp0+%LV8m1t|%8G{|zeh-6W$Z zi$gt|l(xUta(m8mCK{}T(O_jd*t6Mc^Mh1|^h!?g?&=L39aiJgfjdYhao9hs1UDg9T#X|b0C^qx{f`p?WhMm9a=bBPXcc{bgZW%0%tA?f|wyC?Rc!c z%-B{bqhl9+&8v1(`c>v(H@^e|uP;^B8AOrEtHk40lCo(im@c#EjAPQ8)}gd*N6+Y* zSfJSgqidz^NX0DnJ)fuSlJlq^{)-J%u9GK6rEibEdevk{Tr5@O1)SNFv_VWCkf%2oHIup zyiz^X27aDK15Kc{hx~5LvH=Nlrg?D8?$GKFx8DWcGm~!DyLXZ2Xv=YhNROt;M5hnB z1K8BBHEdifZ5}eJ4D~+?i8m4 zDv#VF>s0^g7+rxN{-aM?vu-V$`^yZop<&s-+_2bW&41X0JBt*z*>chqJo;LrtV-w z<8fX@X>(oLMLQW9nx1s`dSo*f6-NZwr;*&6!`q(`48GeS+SKT6gaCr4M;XRnTquP?5CdH?;z z+fym^lqDTEIb#j6@43UjJBo(@j3NU+K7%OWQcWYDHH~;Hj2$OHk=zAqf|9%4Ma#E7 z3hnj;W3xZ%<}`1f=wr@~HF@JC(8Q%JfA~x>n`tHJ$Qr9)sy2)68g?tz0A65y z-VokxZqm@vKRSwU*_;P_TZ(HKyO_)*dY4m#RL+}G;mXBu1!WN=gJIxEOJ+0vTQCHjTjEqMx z4#4LX@IZLVB&EqAwu{FZ`(Rw5M1--g>M7l^lo6jQxRTDgC;hAfwo8zA4gfIP#rgTEWby-&3m4a% zq=?R1m||G_bDKKQS;G!;U=R7ZO(3Y(L<)xs{+{L zsA~b3Q2g#e?RFmhD^D4D8S$Yp%)JE1o+(je;h7-(?piZ4Socg@UQGhR>Y`9FjG#hh zDe@#?$9%4b?9`c3_(jcE{5lb2W$oCf-h;aP z9(ooV@FuB1UFT;NIJx>kJyWJw39nZ;_@c=LRZAqvpfHm#urT&2U@SfCeQ(b~FsU}r ziV|bdB4@S_GZ^2ck*;T=3SP(?<0OYz$Cw?-9Wb_1Bl^-T7dxudPFl4j>v@GGD1~>QDb7L9opo~ zSlXa?$w?@(G#utw?8T`zYvTMp2ad(NGMpdiE!DErM(f1A0ulFb!g%ay8iUc{!Ei&x zcZN3R#Z}XlP2U~fMiH-pYkS^v2ZRY_?ml<%grOLJYc0LTty;QC7S{6$P!}p68mf_C z6ZS$vbQoiWV4Ea|IdT^2vkItsjc%1&yF@6%)Ugmu(!x4-de3`iA=s3KXD%;cbD7nu zAf8ft6c=4!f=4;JVB$Zp*$PU*TXDY5?Kdd}iqAYVM!JLtgvMFe(nYszWq^!V9+8D= z5(XTSVj_zQA*sdKSGhN79z*nwavWLti=A+Jqg=q!t{^4Q8`G)5x0K$>zz+ z_wTOWY&qC%qG~PfCPQ`TTFON zp0%HKfG)8Q6Pk;R1%%Aoff?H`I7pnz9~R~_1G8JgC@{$u(tE30pvf`ba2gC%28@M$PyySz$mhzR z=_|JhcSrkuw%icwKnL`UB{iRs+pZmL{~yIj>lJU817S}?=sYjqF0;c)%38+ip>|mb z(og}(CYb4WX*vwE6sw8Z1U_CYGUkR*L5lD;IgLj=^%)c$AyGIrX(GAudHeF5m2`{F zF~}+f&!!%HAowU75GkxpXc`Pm(znTMb4M-^kkuA1+||zqS-3c-68uDOpu!;u#zSg$ zsX{=oN|;W^K(B3UBnDP=pWj(0u)*0Pc)xZyd+xjD+{-t4u~=pyn4|$mu#?jAQ6gtg zx?Wq$U-li78Q^dO5c&H(6Vz0&5tGe3Du_Hrp9ebdc_4Z!x0Bup&*#&@mL0+d^LL5} zZIm}7gbaq%zhQAOP^3x6)0q+OA{{%7O+;Azq_$T?}={bUF$7;pFA9Zi~RvtwISYM+}(K5AU7k3Dt%i zjJC!I5fjF@QXrAn{?a#Y?N6!y)0?y7)ARo6ZoDxY2F5cWYmgOh;9Dr!b7i)A5c@BiL!k7q3sR-uB7S z`3X6`I6pbNKD#*YLzeEl{%Mn3onBsDoV+`hUpL{Yle7Ny)!EB;@*4oq@yLlO7c0Dm zn$3n<(FPF{srXEx)FGs~q*JVwW9nv`V3nq1o2D93Q-Oj;8LnjoD%4?(oZ*c0b+ed` zRI7MCo{;C5;v5QNu`17tr*jkYc`{4G@gyVsE@r8eO3;o3WvF->{tL!aaH`(G!c2mU zQz_&s;ZW^^GXXZH5jh3WbCbwpB{HklTOjeOSzui?1qMsBz)w;lg`rh-wk9T|t5R(+ z>84x_Brrq%iw~Xo6eRVaPWh#o8qg!JbUE5QO}Jpf?y5O(eMTD!$_6Y&kj-!lU*&f! zZ7SQloJ1Joznh@;Q6+*aC@S?r?m$YWG^S&QS>Piga(|*G)|B!$EPpt|*;9b+?#x{% zv5BW-GYq%zc*G=3Flc9#%}Byh$bQ+}YybbYU^pqaib`cuyDx71++(+pE`|a_+83`5+lKLsmcQTR9}!RrLnMK zdlHr9H<3|FDZ%XlaLwWZ6^zm{eLhV>P*|{c6E4$+`V|)JQZFC!?}RSzi+6X*f{;RG z4rkdv^YmtpC_pf!oH5WLiD~uAgp9fQZtoXAuK$3>yY zMAKziMij!Tvce_d7;Ps-4d9XL2|Rwu`A}LhvX;B)O^1vWu)x`EsQ(oTKNmvh(qmeg z79)QKif369`=B?WxK@piK95Bb`Z>=*J%3Ka-1RGn4iIP}t zob!xO;@(wnWBv-4mXU^gb-H1F* zII?Rg@H*EI2~pQ0uccTehdnmS*OC?K=g3?$Ua!nJ*UY8LjQSJeY!HzoWH>`94&;Jg zcuuI4@Di5gG}7pI$I~dd3#F_P^SA{kFTz{+v*k}{I+ltPpV26rwMHppO%kRlyX8Ja z{g%18cG5$iU(~jkEmJT@=`1-n9o1BKu%`VcVJWg&0pBRW!qwYcG2hT)5SHggtYGIr zTkwE-&H-Ig=-d0(Kb=kX!DmSZ4Qev#HhEUp(Xfdig^6BkO=ws3rVI5WL0 zeI8SgR5S2l$FmY9YLQ7Rqw1z;MZ?}P#qzXNh1@~MZ)#kjLJMr* zdgO|^mLU&@p3<46Y-K70VOyf8=r5D<;7Fv{2zm2O-P{rWpBs)`RGW$FcvVTsnpPEp z4Y8;-Wh^UIRkO6~uwnG7EnI0XGBTF)mD59gBV~S=gwQ3^6@86%C_i%xr6%XYJ+c1= zHmb)QI%A^Y#){HXkJ7nNK26bEIt^oqC#XFNXZS)Pa|u(GeY4dPizEBa$SKQc7&o=t z?5Oad9mKP_#W@3;0WCr_AuPji$EL#WrX-62lX6qj5hegdGke|C+Ry}1F`qI?ElO@k zJv9uNoT^NiuoM&ZxVmu=6kAxyJgY8lTCj!n4AuE7#ZMmf#`(qd+41QHfh-N|4kh#$ zQsj2Vac`GH0xE9G+|I&zIiR%aNuhXxDv+mmv;HV0cumG17se zr>=Hrm7CDS-4|g{KpoJhDC9GQO05Mcw?cxqro9T6k%}d;tLLMN z*);97(G`-bRT0-ZXRZ>!lS4b!JUf9oZ&iT{8>!ppQxv5o9u>?oMpG$i0)+$F17$}S zg8*ICN`b;7@33N?JTzSeJenay$3bH38?&+$=@_#dGghtX%1Zij#Ihj=MZKYGeO^a3 zQ(_iO(?J*nfud`my^r|*InU%v#(M+&Wynz}lh<|(>YZdGFg1}UEEOzZ=m?V6z&R2% z5K0%O^@dT2#wkO@pQ#%H8X5b*e22sX;WZm#dp*zT9?BQ6?~!XQfCv@Zt>tJ_9uP!s zwKyTGXG0SamLjGNZ#q|{WC5&{9bj0zr`NK*`5 zrYT0)K|fL9r{Pc?g;6@faX4?E)wfBXo8kr)EC6@vz#}K20M&`5@~NL`D)(h(E`gcq zaE1yjXx>uAvSa{GF~BfpZ3S!E15gfFX?6glVu3WeL#Vc}j{tNl>?EIujSco3r4+%uA znUz4LLKZk?QhS5IPD(YMnvpx)Do}{hc@oP<SaeGDHsQZO!$uCC9H-@Q4yBA4&3E-(70$ZgSE z7_kWY)h0X^P?!*ci5Y5zMRcJ_lJX=CrFaet9;paSz&}fI9eXKS8->WHpsQ$d9SWfA zg8QLSlaZ(^KPy;cT}SJ@GK;wP%p-5imdcmjgmf52;5hmPz=8Y7%?Xi7(25G z(-72a_A8TnOX0 z&_iZ~`k4Ulc=i22>RDhPJS9VYWD)ikP!<7<6Q9y?(S|SI)*%5lH~>P3t&uH^eaPxj zt^_H-piMV~Kwto>DYR+wNN9>abIHXGuNHZfl@(ps&D_wK9KQ);b(juabu9*)3w`2x zR&v=9M}!@79^8eIYdgFlBI8Ly$E*o5L7u7n{X9i(M59q2Tj2(nU_~SdG$Tp%Aa_AiUOBSU*u%LL zKTo9SUc9blXW>G3o0dZT3Fl}91xsha*$y^WLdl2$J!wLXk_0+l;vy0>gDUDb1H5C? zILyp_G~U}t&zd5>iV>VZI>gSTBmD=+;u?pnzt>l^_D5iF%^PA2Tx^0ZO+?`hchK?*agkx4%j_4 z!u*|sjgHu8=7I=(dVV7LYE>8<{C;$Kd3t_w_P0ZMgtjg(hA+6Gd-6A!%AN5g5kjt4 ze4(krD2mnuEmrd|VkuT^LT#>THF@YLEC`GJhzlh8!<70rEE8novJ?|k8EP~W@WT-?x+U-)fNG59n@4Y;dvBbOuw3k(heN9?f7P)o#8Cb=m+Bn z1*IM*;E|sh_SrZ64VA+{D{W9%67WU{Y(ffZ7l@gOX2#mJI%GCv1w5pBCeT`ZBS}Lr zTuU0fA$dj7^QnSgpcNezq4CG7ozs3-W1g`_4x0Lt@K#ew>rDJOo6TmQ$Vc5gwd7^} z1dl5u2^^iNh(1j>Ae3y%2TaW6)_+S7S|3pzdy(V8)+sR_3KUCm5lExKC?n!HT0b9x zwTu=_b{dgsrqO*_$f=5dZb1k=AuCDfb+U(wIcvC9%EEr>>4l>3K%E5sK=E4(-mqcVSe%x@XiCU*r+Wi7Gtx|m;=_az+v-~UsJ|2K{29&?O^@&CQ{!CtRj zj{o1?-~AH*|2aNS$PcelUaS)NeK?*FmGy+OC3H$Uo={cQ`!Z!f5k;6WK~7jk!$>q5 z+vG=Es=woPy5BUmi-3;`8Gr!LybdNL)hQ~BA`&s${zxy{7-MlGLxJ(Nc|!Q8(IQ8>9e*JQzD2I@cqt1GBM*EU zV@r1dF?$q`rqOuAX+SX78B4;EfXAj9tqTccb`K9XV)Ry-s0s%&Qj+|H#zDl$Z+wWB z*NlQ8Bo1`8Is|d1d7`{LVLaryd=68wy~cNFhg7pJBp9gji#nUWvX5cHc{IQZ6lZv_ z+E`;y{|VNzlz$#GIUBqhwz)#1@e-5&Lkj_Km~Gr8njrebN@$>}s@$(G*hvwr?ezr^ ze0azU`IZsV5quP~IBPTpgTauBNu!wQ=_}9*lKkE)f^%NTA>U3yYBcOExTF~WXF8f7 zip2p1M3iF0C}q$d6qXO-BcS5uf%kzNC5Z}q-NM~G#)?doo6vkHNk-e`9rd3kNtk16@wHQgQOLb^fq@7`y49Q{k3LDn-+v zRH4*)TB;62s!u7lI^5oFG^Av!)E4dAv}=~P4GL~c{UUS%%2eH4n&~C)=w5zVIAxx} z3}@?a*sQ@mKnCX9qyF{j)%zb$e|hnAlP4?|B7$~Aq%~n5NUyuqVE%-YryuQ;pAbi$ z*juBn%QZJxkeQZxMu=CH)loSb6vdFiVF`ux8d@z4vG@YPHfQdoHW>P%Fj>-Sfde6- zJ}U#kYp?^k&pV~29cGPv2&^sD8h3Fu7ufm>93ZwgcW=2aLmu=0nQz$$@W zcpp)u4Z6zV<(rYju~Hz<+}txvGr#RyxB zriB?`Ac7i2!gsSpN)aEw-WQclFLx{-{D#NhSn=+O{ej2!>lWgjqS10pv4!pw$&*JR z*h$z_+g^O0qEQgz#EU0HT0||d1^W!h*VJF(rrY*H>T5g%T@K(0!7ghhv~l>^Sw^N{ z*~p;I92v1YG7V#hKr9t-{aUDSVsdtg^&xydbyAnm;0V?DLGV%eSkQVzci)1#V_xGG zoQ=v$aXPH>JWKM-iDA*y&bN&=$148Ly#{BOF!sBvHy}@7XSp!*a1S7JzPtq&vCn{; zsoG*OyDN63Mj6G2KC=+&2sr3;zJ<7eN-8}^o9|C?&qjs*LU)i0hK1(?<2AIkS)3Ya z3pYE8`B?;qsp{vnV)Cuor|-zO)0yIs-?f|)3N2246Fg36HhHn} z(UXdbv%Hp`$fphRJ7kmX?~+z4U_KAn7VK!(Bk#08;BevL3>Kl~-6UnVA!cTjx&`2D z533K}ne;tRT`}^-?ckq&oZC|+gn;-Dau*u4!QED1y}G(Jj}f6wB_E5~>e}?t!)LbZ zoM%kPUy8b!UON!peGmF$Nl|z6C`q&hbgOZcnirgB^t+Bs3u;t2Ws)qZDJLnH7uwd( z16@m=%amrJ50a>Sj0d`;KXi;_EMS4xILjpA0yi1DI&CQ{5JJr`a#VSntl{2`@O8E@ z1Z`H5cj8mQ1o9#iePk;78I!xMcFtl*f5&=qKpUL^Br_F|Qh|n-1c)c(t(mSV8dBW% z2C;AsLB>!udJajJ=4e<~D^*2!4@qyo-L{g3d$?0J<*GQ<@#QRv7L zCG_$X+HMQf(4R!$kWEg*=Q8m-Y)Al0x6e- z!Y%n9<-lVww@in-Mo?bVnX5ZTuhEd=>J&9yCyO~Izs`#_Muc&<%p|)e5shOOpfI|I zcye|9O3S%dj==E*zjME8UD;juo~FSaP1%;$aFn4_TUNU~{bfhwy4f`i{f*vIjXZ7% zLTCM3D{3}>cVZynGq39CF4<kDX#<$^@rn#gVJ(cB8upDJ$Q1 zx1w{;q4o6l+U<3xU*3QPNQkw?>hWN~%FC~=eEzj#>IrxE7A?7E+~xaqZ=LJA0+)6< znK7TEiG5S`m(HVL3!@>13wVb_djdosq13Gb<)vJ& zsssOkPJZ+u6#x6j^Q zUR+%tonIerLor`7aJey~3M4y!)!zcGTy?;-j*YsVNLi4_0ge6H!16ui#|~8sKSkar z{Ekd%JkxW=KyOoT*_c6~^0J9LRQ}Abgpm`Huvu8Py>Y`1>gH&qhNB zP-TlpMQ3vRN?|Xu-v)=O`-URrTHaXvB+}y)3MSet{4q|PQ#47m2?=O zS`8$oQ)R@y#iUUI?u!N?A3xfNiH+g`c%wXuBpz%Kk9_*nl2dObw|?teSWin~!FTIH z!F5-{kuy57)d(?bdcyAn>6Z3VZjT3B$$c)V)vQ zMc27a=db#WYjai3U-flkKPu)JZw0}`4b79{%jlPsD#qER1T;8*)qj6>IdFO0K%Sr? z7I;hpBcWs6Burv`)h8Gd!~#cxhr4zs?^z)j90fE@rsTVhrQk8RS4l#B5sw7<`;rIa zk?_Lg#nX?t3!li}0lGbd*U*n&x5hKaQTm=>H-D3MVa^3qK`GIxz@5@-s?*-3>a($? zx^Qf*72jkN20=S8*c0cMY{JaDu7A78#dJNdLG0NZm#fq>vIiv#k1b6ktOKE5=W=ThRxrKs)7GH4^AWb7x-5W@RS z=&&v&-b3n+y*X4Ug@DcwX+BINl_TzktQLxx%taE6{fOrQ3F%Z%vZW>|$PJqb-QV(C z3HUt-F{ITB=~O>PzE$tNS6|>muo*u?z%TgDb!Do8*`X8?EaPq`GV*DgTZ6+50e%&wOkD{LVZO-qMV{zhN`=(EpX6 z`CsKvE%|wQ`ugmgTwb01baZ`6emwmJzWsarf7R#3i@(S4)#>?3#bXLGM%cb*QyNBU z)c^l)?)c#h+DVs^tJe$1F(@_4Rsf9jYh220i_zstkc6a1|)w>zL zVR89od`!JclMq_t?7*Y$kh&Mp`wx5V=kI-%X7BSfasf%2Rf3|XaNF6DFNosm)&Z3A zA~|sR%W5S7VKj|GsSZCO)|>%mKzJ02 zi47U?G1h6LisEdLA=4%59lHbu5-X0S=5fPjUo~{tk=ji46A+!yFZc<@e$tYo3DRoG zCA8$6UU)lIvw#!pYr}#98mjo3g?m>D?{KI&hHex{x^i)h{iKhV>j>}0q49mpM|#K) z&H&NnoKD$c^+FNvj$%wbF5q60XSf(ko)M#L%icxHHF1GdZ;p-(*QfwU5@s-k&$A~m zeI131pN~Z!(qaPbJhzNg7am9@c>Ibu3C%~c`0+uP(v#u9nmrlC%{E;qZQccLYF1NZ8HJsedixBI28{$Z+p z#n4VyDM1MjNW^YgR1AqI>^oI@-bVB)og~bP(XSD{PY9M`n_yGqHqZP10jDoW6-PwG`*vr`zGlH zoCjw0&fBc>3|^=l=VC@BQid$>qh_`So(e3L&Iy9P(Jb ze|7r$?BaaYR~=w0VL(zp6Zr!W&j3^x-s#m^~}t1hq8Z zYrNCSgBdR@5`4v}T#BzaO~J{=11k(~QbBlWo!o%3wJ~&rH38;?v|>3g~c01I1MA3dW{ml_^H4$j9y^dKf|SRyj*6_ zHytU*ISbEdetIIdga@=#rZaLYkvw3~$|xRd>86M$TdVOeN9%nI=GD4gk-+}+5CZvA z&qGS$5XpY;{mXa9Kb~G2O1T=KM_^??t;5Vf4lZr_gPGdD_qIDdtGus6I{mwC?fiG8 zHbm@e1@P?XEi$~LtMgAK1OMC5Pr2Zuj2!(-^1GK2AC}Gi^S>;YLo43-?3_eSLC!!& z2H|Augw^>8|G~C@Do1P$<%mmhMK8ru>aa$a|L5J+sk{*v@6K1grDa%{{#^v6Zr7@i zT+t5TtRdMMAi7R`T3Foi#rgHo+4-dY}Vvj$$oV#WB=H6{@AKZ`kJ$V zIqUkHO(iGf+pk(Jtj~@c@VB>bh={`^VHs()zSB=B)169leX()d+4#<}J$&m=pzOX9 zhhA(rQEMAJ28yyNf7ihC>U!D?{JAaEDmB>b9#rRnPD!povahVsp%f+XyOxU|cmg+J z92}}=8#D=3`r;wE?KGw=qXEsRJcAg_sPkYNghX`6qzpi?B5uLh3SWXKRs33H63b2$ z@Dkb{lHXf@>H(KnuyLhV8TgHb9n()+aUpxTH6q?l&E_}c!Ie(hJ!pN-hxaas;Zi1? z#LL1(!ef6iKfec;%vez5rEwHNU8F3$Wzo!rHTtDpRs>Yr_?*%yQyS;kq2b@997+X} zl%@~WWUlca#$k+4YPXNv@j$J!C8xC5cQc)}bRIeSYoaids`m>E;lj8F(79fMn$RLao|pTnLK=CcQYN>P_{0 zbt2ecmE^H%bF?f0UR~fH*^C4T+{tOT8QPEmZ_7Q|!;?=#DPI+;FPw5xpvQOiiM(H% zy{;{mEsz^3>jcO@ay#sss1^;XuIYem?(Y^rg|VDPQ}u~6CtDa0`;iM4sC*rP4dKFZ z%u^P4C;HTXDimT<#nI>aJWoi`*bk%duY4LA~*B@BSmBRRC0 z&7cxL209E~IX)y#u|QAV)&M9a(|gtQ`v)Gzb0xaw>vH`j9|KZnbJ(5Koe33?k%QTd zg}A=W!YU*jxdyZbff?uq3y)zj{wX(=bZthOUTLmM{Zh9k7>jSil*dyRXJ0KXwFULL z9-p`TaB+6N3TM&JRa0!e#}B62YLj0$13rlF-;b}G<@}Lc{a!o&SR7rh@FDzMzyD$x zW;_xvS9tMn!O0DF+@FtMuftv|?!*Hb_JZAf0K4{z)%R*DuD;?ap?(H^3rcyH-yh)( z1ynVt5xcd~H5kBht@uNZC9D}zeq*XC8=7agx7}ghoo#P7$@ccuY5$rWUBX|`A#{7& z37o>s+1~aVkXnW{%@qr_xlDI-rt`|?2l2=|6An-bTMp~aLo*W^+|t;GS|pl7hk^`Q z29+7}Q1_V9#dpA=T}nrDmdiKL9BmsH14!P3k<A;b##jZPO zVYPP>v%4sanI~x#3ZJ@QtAPjgm@-0v{WMKo`!QTrw0`MeStxjG8iv^>UCI^o?u^_) zUxSF#z&50XTpfLs8f_aoeO1oK%;h$u<_WUiZac^QjRf({(dF3_=S%tB(dAi79m)4c z%IvJ_y^Af6*b|VeG4o&_66R-uZ2UdmFgapsV}-^Zy#%w+xr=L7jG2&gUPuQcp)uaC zbMcrDvBr4~ZCRsEw@l-7b_Tyo!z^P^DJ#q%ghuzRpXN~(CXs_Xn_50_1IH!gttJVx zuZ3!gt-P^Go{{bC?2bdhKHNS{Gzxe;jJSWZz5UgyajKiphDsC7i2Kys7Zuko$k#N@ zyeRa)-dZD)R1ue!23CwGRS*jjjMG83nta9dM%(CmE2!V@o}UbC4Wf5 zkJ-5qyOl?ajSI_ZzQ8=bB0#K5Az=6r3z{yelRD20V~JbKPZXRzw7A8g6k1Y7gPAe2 zs{sCD;Y*#wv6)TS%!IEhO?b;|m=cpNaGUuI1?wbXDlrtE8WLeHy@RC+t4f_`Rf%fI znrt{)W1as%O$SZV>W?4U%(W}4t{+mu>wMQ}RD9j7{<>E(53h)-qk^{k1+o5E#41HF z!a6`$HJvx-S%?!)ibh1(S*Iqds>@`SrKPE|<~LSF^fr5>AhC(*k!SJqmXz?`*4=P_YWC*6#DeaH1y3M&ZRsgpkh z2crZHj*3!Fl@`>>_1TAPLT^K!r%jxG$<(sj+taE_-Nvlp6u7CX0E#~! z*3sB`JVtWcB3KFMkhqxpe#m(yvXmw}W#2ZE*o>xQmK_q7`R;o=swS{gRNgjKu(NiT z;w0SE)T~_~P~5M8ZGpHO@9+oF*u__Bt4r8mF-26T?bhge<07huveoJ|r)oNNFrcn#up3=m0 zZIge$rHRdbS^Sba(p$*GSZBDYeB+X4lS8tTO_Kr^sP}eOyBKwEZ&zG~zv=}5!Or0I zIm_;NdUMI6(4RFLg+F!pA`|2eibKR>=wAlLG5jaU77@R5T92EFdIZbfu-NChlq>?p zkHA!5LL=`c49nQKrP{(+ZWI*Q_48D96a@(YbNw5-^w=QA87DAfliMI4clo@Q6>!uU zX!`=h*y4)$@HeR(dkrwrB|PY}2-sq?V)ad^?W}r)hr*U!&L%8&3mdh_$4>*;E5#0! zZ%L=?^E>1Y0Lg1Kj<5>w<}lB&V+mBx;t7klibW}~LoI0S-RhN)A%kKS4%z`K6t)fP zIUmW1V6Bgelg{`Kc%*1WIUk5_#mX{JD7j(pZ8_w`*-}j$Ai({N6RT1cuOg*v`901? zU)+zM;2&zbg>TJzd>+RVDQ+bem6sqd2^0=4RH;`H$=Ik@w={y5Nl;k0@SM9?`^)-k zExlV>lAO1Gp;ZOA7I@ueR@T`5;qBi_-BgqjRaa&M@zX6bO@};30~7mzQRZ)7g6svB z=@z-S(d&n|fBObOH5#YbE?&+~CwE%?X&q9kigT_|SopW;he92a+Bb`3aBE+?w_0gK z?U`ztk2w~lL^ohKa)XpqtZ5H;**2fIJMAq`A0|pS6XrxLI<1i4jiITPO$LL((w&m; z30Gng;P1QqK#r%_u^JvTI zQlUEy=;qmOa|uVt5*bUdyM%*zh2ooZ$Zye7d~A2FP!Lg7u0W0_nb#~~E*pVT+yJiT-pdaAn4go_Mnz=b-o9(NnQ+tg_o zPzTpYwnHUQH&#JtIl#&YtsdTLl0LMZU4p%hBF;Ld9VwHS5eaPLa_59uCHB0TTQ^<` zj8^0#Q$i;dpsrwDrf=PC*JaIg{gN>G4wyyZWXgru)JsK3a!bl!2qDE+VFEpmyrFsQ zJL@;1vMKfw1V;Ff6v18;^Ug|hJp5L#@VDuQmW1@3g;0Fu@LO1dea>*lms&ke%8ptZ zOvBi;n=$SXqfe_;F!|H~e3-U1O@Wl?s>k-l`B9vdp0(SLy%Q`I;H`U|@;nj$AAA4a z)<%vjj^pQVzY48kCP1(aA<4`#L-ylbe47(8$L>Yi$O?A%-;^;NfdZsIpy*KeBZ)m;_+= z+BV+RI5*7LP|GD*&_3`GIdw+XEWe}eXW!Mg>Ra{g)TvsMrSwq?a8RNN#=E5YVgit`iYsyCbzeg(WW>}(cd>u?&RmAU|V zK!(3W?Nf}+w5~JtD_S-|^NJ1v2*CMXuXK-v{MtILZg2tyF6?U+P(iT5Xj;?UH;ZLO zx15QhDOsp=S=u@0RfQB`Ufw(tFJkmoaxXuzSXD}&qL6>w^sZrbl046?M(%f?D7skDoRlxu{m{YTtLFs{YQau_P+0eNUaIaLF z;L4}WU2^khJeZW2txJ%r2Tm8I$^d3C$JBR<%y6bAU zax9p(sft~j@`>_p!-~!VXOz9dei^bz|K=8U*3r@7G<9S&rNxb47WC22gGS(1W+j>8 zk@c{!AJ|5GWsw(x0>mm_o@#{GRV|FfDpi<+Z}yM!jy-r?R;aMJY$3;oz%3cXY;0+i z)*oK0P@dK9Vg&&$tnbu?qikQ0r<{6em?XQBbf9Dum}3Pc*|HvU9q2h3SB@Agj}ViQ zQ!-QUKY+He@oZxwQ$t;DEZg!d)QIxm8yh>B_GFEcgeMd#usz4`)@@&AL@43#mZ}pb#8Yc=6o>>8ephTJG`<4Yv33gO?8828hG8%mGLaCKVEb>C6{729 zD02o*LAL|kRbwa#`)rd4ZqPG08K0H9!Ng}!!Y2)2S z131FF)6V(bE;5JH_W4~SN02840}2)+LwVn6weRu`#wA>*D52Cx9XKFI=#~+wn<^=_ z|1VmttrAyV1AoIRx+3b3_JmIo5+K{jIf|(}o18)%$-!$-d@r+~3%4y4JK>2dXl-ny zdvar=o>oD%O9$D-#_X;5z!VIcQ><5Bfz~=r2xal_1MXe2m;@s_0M}|SoG6W$b(qW? zaU<3%uZUzlnETZHD5)rlk{2rfcjIK38II)K{1QI$XwnFS-o4M^ij}!6_olEX4S|Jn zxZ`QTRM97UnN#iR?HRan>|-$gUUhWo2QjIQNrR7*{FU3dqH!bjcCvp-N%8~n{D<@> z-+oK3*)jv?csP}>>iRlz}F!U`P zp@AdJ8@*b>MWI_M1NHc*4lU}EJElc|Jb2&r7o#?h|eQ^g`dXM3sW9t z((q+FaA@cE)X`T}!9X~P5`yVpO)gPYaW4#dG~jq5vu>fV@nnlSX@&w{_eTd8M~AQ5 z&GyHOv*!6b!lEm3MdLtHu5M`>b)A3LW6jkxYgM6jXI89y$gm6*J!|=s+;6*TniZn> zh5iCJ7}5&2S%r{E9PW}IabLZvpq^iS(P_2iH>r;QM{DQ2%H_Cm`N}T&k7F!qopG6K zJt_jP76#GerhfDCd2Rde^_O5?+46hwr2g+4 zC=F-)#`fP|Zf!M|hWYKcWD?1L)c%N;$Jm-J?%VB)t@=)VdwZ+4b3sS`%jb2U^a3SNfOcq4%L`7;QzGIF26})+DfC`Kd3VVK04ZSD0A3AT@A--_aU1`o7Ib= zQ6JMoakj;(_;sB6Cf3w$G^%qeAh}PlMyr9J$%?QE0uY1+bTbFHOD2)z>24MVon9d; zKIlAO7_2&uSYf z4icljeB^hXJ5#wTj%nZWs?N!&L!K6{U6elEGi@Abk{!~rtYBR4F5cH>Jn z1w_l6X*?Gm*L09$8@;ldO^zI}kYxkE3rQDlTxqF!R;-`{1n%Rx%fXxh*O{lmOjd&8(z`YpjxHb^OnovW^ z-P%wEpH(hH^-zo1AP|YF_>9Gn;k~N4oTkip5{CG@`>aJ53!>^oq{Bg#L8IQg)`}&q zEJhsgm8jHJg^$E_*N&r;mQ-xIWoNQLd@&Num>gFw7*N* zNHb*Bz-GnRK(b@20hHxPe{CH%509`a1jH;Vc>$NnA`7JZ=-$gD3Y0&ageni7*t4hp zFjMFe9}K`w=`)YULTNzYxu-mqM8-811Ps+29!oR`;UUB)f`ojaPJqS4F!2HyOs{AV zg6E-;=P@DM20~eoF{!vWWZotC_3{zJXblrP z80wG`BA@6uym|GKzA{n7hI^Y$~R>OfD z`hBeb%%te3%jjm?Yp21|y+oW$UtrWmD+L&{C&`QevZn8sp~-HTH-T&%h;KQDCaCK$ z3X*;E^=mc=BJGa@d2(C;CZE)RGZjOyva&c@NV}!6S{k7=kO~n}{9%Fp8{vB}-y_|$ zb9VQ7jJ~@pu>-PrHTppSgJp5SX{89%V}vkjm5r!=DP*rIYJ6 zYiYDIZW_M{4#sMXghNdOFsUl6;1ysTPwemqR~fDg#v7t(B+TSV>XHftv6V2J_Mn2q zoF`;0@X6M?<*_E`&2Ch^uy_(R#e2|UZNV3P0sgx3&+P6~f^1e`Lt~0(w{dFd!P($( zenqmO^?^{=;UXIiPM*c-6mnl^cWF|T1g~akCPB(~n5Deilv!L8KF` z+8!K52m4b=|H6Va`L~9=NNQu~A=YP|_pB}s-oTFuTwY@7#br{KTP{@=U=c)vkf|^g z7{CblrFo^iVQ|H2JoJr|gIl3gwKxrZJu6Wk#GGF_!4Fxb$y~(n`+|f8a}d5}y&>n9 z4vOkKjaK1r%CTEMq3Qzf^%>}6!d2hb$SNeDJ-mw5^5{qzVP^m-IjnN>xDOl_TPt1z z^_xQ9m4_mJow~p3?4%i#;7ycqY}VTc*%IV?%h?jFB@*ep#L}4#`ozZPu@m2p=u{k&5P%<W7cOe`6LC+d&Ltz zJyVyAN_VTu9JyI_j_EiXrk>6Jr9>LtPqQAY$EMCmtbz@Q7_u-V!i$4(f*EVeQ~9hF zChA%2TJDJ97v;-ao$csyqHeT;f-s-DhxFeZyUE{B{khH6qjqEkLeeo?__ zE&Mh&B8(bBQ#~k;2X!YHi4O)rG^k^%`fKW4p2yT&o9mP$>ZVkqnpK5kxVi%6!FJgBsIv4Rs)es4AWx)3E-=`xbnzk?vi~ln;MaQ zs+EP(NI8LW=75*vks9eXwGkc5@g+>xH|SQ?Q5tcdJiRIC)|fTRAE5Wrofgk!<&J8x zouYhJC^JbZPqIZ_!xe0HmMEyx``<&Z%W%{OiFU^Lya@`BNgVA~Hd0|N6DX*4{g?$% zr?paPJnVimbEY}Nfq2m^-cQ}i27&!Y1Py$vH;?2KAip$ST}_m9^Ltp1)={Bj&h2-t zbOOxRDL=c}9V+|o^RbFvcQVlF%Qi?LbJdu|kZM@V!_Z-MPOeCG{kNb1Yaqa6a(>hS zJ4O=)E00MM1)h`~D~AzzcYc1>QDP?_jV6&YSW6rd?(tBi42!4Z1d_kQm@$n6gv1@u zDT~wC>$UTvj-%k(1o%1)^G|PLJ|JfyO{5H@LbU>+v$gwmQh|^`*$2SFx0|Y86LSc_ z!&VV^Kb;L}PLd%BsaFS*Pw5v;(s<08P`6^4RT9rPI>Wn^CO661!^OyBmG$-M`BCSo zMOLw*e>p$u*x#=sS#YWedQ#vcV-x**lTdWwz{V41e7|5q-Pv~6yn+-RQjI(ZgFsX| z{0n_~k>P4mYDql_g{_o2N2QXwvn1B`#@I|5kNhcH#m;Jq+{=oHD|Q)>qx_hJLMhEK zxe2M&+_h1Nl&nUP2}NI z0|>H~a6+$m;Ln-9$>M6mUw_~}(PE3e*E^QVIJce^LUNPLDMBsnjNCdsMw9I0OBoO? zABLRQRzcwiERHb33JUU?j%k>&M-suq3H$?;D6ONP7khDOMAdt1PA1gcvrBh(T+0=S zz|24>FX2`1=T~H{%IbhPUn%bBhD@1z(Ip`nQi( zz6_w#{`=1P>G8#z!=u*gR`dMgcj$=Q!~EjL-j?9MC*lqS1?<8{vBQ4q=F(CHk>(eS4ZX2x2x z^R2Dd<>eC0NI$E1shqDIjraRd$VB1jcSBwTt(#rt4Bh;tLz?@?E-Oqp z@p;j>^4~pY+`5y|5At5qWK(PTbO4*9e50;pEksz7ZAn>$AX^5WIut|nTVuA_$QthvspJz0t5&XAEhn(5p7)W)(eRjssmmb`z`IE=FBSb z1XT%)RY5Qh7dGHgBW6h)Fy$+rd!DU9Jp3p5T@5Rz#l;3!mWYIUmkqn+`g%sIu5J;Z zdy^515^5Ycz*00~@_81B5x(+FZN=16>HMg(sf*jf#?;uW(uw3-=V36WK^nKHQYWr4 zv93ae#ZVQbPnefLf=#RNqohP?*3w!HScct2o*MS5%D>e^V@#7_BjJrC6m|K9dUDub zn>WXy6%?)9p)rN{CZQpZ2C3xdGXYVK`ZS77jkJBI>Z7ivrgMSY_1BAxIb|nPGLJqS z%gsVCI@(j&QdOUVL#;k!Oe7^E2DFEzuA*XLTf6v_e^HLnJdki{Y(lJTnUC8 zN?bHGW0co3pp7IK4iOSgu6cZkc17jv-`39hY0a888*>prk29JKRrwlKoX<)1DYBz1 znWNw>K3$)J0+9Jn<bm=&2S0kgT{Ijl>Kwoj$9jicQgqJ>#JqAL9uJh;Y;Nni>nBPomJ?>9yBKWu5 z^IP+q$Bg>5Bp5M1kuY9vEzn24Jc|0bZS@FXG26B7YD^MW48S>nH4z2lF-uYdO3bd~ zAYtU6jkT+1>y3n8vdAd`)1c#^fw3NqXcC5vt7q8ihvE^|KK=8z#_t>JjkWs5dg(~3 z&l;=Sjn$nW=Hg$n28IjNvfQnj-zL?9lbxEt<4MQ_zOxH*pMyK6Z7;|E&`ICsu2KYN zL7I_a7JcQt3Br>HF_f59Bjyw1M%=iG>6FN8P!9WROs5Zj8V%{Jmr?2ATrzTU)MHYVDKzW0(AR{1KA!V91HOE0V-2 zOCuK}b90Q*0O*)Ldp42MkCL^Op6=In^W#OQ)&9_G!+#FL2hhU{{@2L;n0ONyf6jdFCk3{4ZCD zr~KI3k-M7a>-8_bO@>tJ%S)Qf_Q%tR$8}A-GEk&wfSeqRS_h1e;OIpvo zep6h^-qnt9uk#U0HgS0Jw%zJ6ikW-SyuE$Bg&tkb>NtO5e)rGpw zVYCEX7bejq^DmN^MxxK+3vhP95V;>LTZKi10%^POMz&9>WzJCgS(=0q2`!SCaqwqAa_j#1WJPhS9 z90GzgG;J2z*!Z>fhR4@5_L*PX*w`RLMtv5m++0`;Tw7R_v2tVM$waVP-*i)5pwh;Z zjSX!J!JKK=fnd0*=5^T*!VnJ}7fb_8U&hK*;YjR3LSp8z;7UhmV~HM>XUL&g-8QUh z#gALRe;$v-Y{i<(*eufh1#H@^k!>zmQnMU9aRsy$x}0>dcX+IDRalka`bZ!PXQ1)$ z+!}tV{d^(wRft65(c& zl3!a@Zu1Vd%J`w`w+FGY=_?c}m0QD-&h$XGG;wSF`+%XBjXX?cZQPHlol)}ZZRNH$ z^E2n?h1(SNtK5=qHmbhs%qp9$0Mb1uUEjQ!&;9^#C15l?k58hcj+?Iwqjsz+gA9Fr zwZ%&{x2gIqp%ppV_;LiKV?Bgs9r+ACpl7-_rqs_r62OOs_xx|?&y{Shv;e^OTu*75m@WcKI zPtIZ{Sd`3$UIN@+_&o3e;#6!;aEJn7n_W`WD?Pz1cb55XJF z@%Te-lsPjW#{u{p?#pL{!$yrC&6(XqKlxJND(B?_pE059I~x1?L9Xs8WoM$6Eh2VQ4%b7FV#lM%FJMt5e z&(NrnJMbaaO$OCclXhOpvqDS_o zb-|yjgtHIcv-5y2ylFES{TX|AK5E5#xCFJw+{&e>&Dqi!)c%Z}JrA|A9iBn$Pub{Y z368qAC0VU>>KT`dUf^bslie3qYk61^0-O2}bJer~>* zqLG#Xy8v(%o?`*GH=vy)<57X1nG}|1+(%6ILmG^1M9x0!g9C%(-sTgUB-9%cN+wb8 zuL)LYfi#Ws+c5{XR)O(kmf|P{ac*M3ty*C^Yh{NemUK&G$_}$He@%{XI?O(A;I8Te_coLukAb|Lv{nYI_f1X z7VCAgkA|f*;Q{KP`ItpQgd~=GwL>?e#a;wU$Yh*yyG;|EvbM1f zM`{Z*(#toiE?2z3qqzh}orE3VE&GfLtqgf`>S&AT4*z_ZcCivUNN zGtGa9pzEZg)6G~(T#!2@Z=EPpxWuc+lOcvw zhmhaG7>*}``E{3)d11$-Cz14WQ@6M?Q4&^fIzIp&vJ4rw4^>4+Sb_9*Eh{_yT2cHv zc(B8^)#3OGCxwtC4`z}H5)84Y)_$8gd6&>-8>aMzf7nANv!vabzztt{B;eZPM_)_D zW~j_XWFpesu(x@Zgi_$ibUXvN{B?nuk?uYQfE=C`GNdx#p6O-mWuA#8IXshRv3tTJ z)&+TB$fzG;Ftd`i6!0hr%kSb+;Gq?M*8z=2n??gBx+Ug7E&3mxk^RGiwv^lkDDPbl zgM>lS@HG&8A=AD?!az9De(Q4Qlp^NXCrgmY*(4PyKHtrhN=jjlIS=#O0E-4GsTOm# z=>S9Jy8`NU&cizCVm(;Vg;k?rC~;4}ECOyj2bS+a<1z!;CuZ!y@3+2xwzwH5h!z2^ zTOshZjg5m-`S{t`0FDY@hWr}t5E_x~t!K~IA0I^vF~s)qa7COJk*nuotJi5kY~5vj zTs(@aJvoNL7UTeDX){w<4K_PwzRNu2I{y*r`BdDB6Em`8n2HL84x#}@sG#S`O8T|@ z7Qd`@bc+8Xk^&m1P#DqADd5`JhL0P*2Q8`m|V=|Vli`SSe=oc|>Z@7q!X)-K& z?PM@|cYc0G-m(OpYjcP-Vm?V&43QUC+YPK`&=@ir7LC3bX3D~Fz(OkD{5OOtziGY$3!{+qrlld>1Fc6{{*J zBIgi`8TEtt3YWb zjVzuH-?$|&ALkHcDObcdz6#sOAXdmXz6#sOAXdmXz6#sOAXdmXz6#sOr(o1P>_}B` z!ih$Y|- zUY|jBza(JdG_p~JjfOfXxAtH`(!Yk^tB=h%=tZ8+s7?+bqaG^6bj}^C>>lj}VUSGC zQn;hxl4$b`X5EOURV21^-wcTEEpm%7={jeH&g%%TxyYA?gU9fI!$d`IIw>ZZe9JtR z$dDon@Q}Wy-sNOGZ^EY4BTYGl`q!kt%%s!uy2TQ4-jb|4n6q{sj2PT?Xi|~AZ%KFO zW$H0H18QD&D+8zHG#;B|pd{x3pErPLF9wg*O}5|ymo2NETfHSCjop%N6)HIw)_ATK zc^}&-xYM1BLS8n_Pk9kp!A1cy9UgPPK#yC1g378m;y!awXfx{n5(f!8jl2R}W}+a1 zf3t4Mg4-x?OmG`&T)xtwqF@2RZW88nHI=d zyJ=Ah{yGY?YP;-2j2m|bc!#k}dY>gwK+Dr>2a!%{7t-m2RCOB32D4}_;@mx(r_h^y z>J3>3wzNwFPySHr3!N1xCU$GdE_>6235mjst(k82v#B6QRP`LuPLkfaQI@*x0kS5=d>RC^8p# zPm7)16!_eU&jGG!G8ec<$J7gwsS$)E*}04TE#~;!61b)UzZ_kfDoC$ou`5JS=Gh_9EpACyaUeAW9S5TB@eH3^0ydbPPNPt6`8iJn&hR=uMvko{b|8{P`?)3E*DL06YzgW}XEO zZYz%m+9sZ*@+0>Ir?Srb)y3KQd-xRW1o9M4qK-q`fm=& z8XM@f95%qLoiqkC?Nrw?E9YhaDids!z| z+C)8n#!Xha392F>>x*D%-{A&1yrY$}NWIe(p}@zjT(h4CAbCfs-|uFYLH=qf^o>n} zOvZW{W(CYI0AK7huSGV_-@q5aAi_v0l~5qR4Vu4np4Z+TH}`9ucg<%nUd}Yh=HP!Q zp}-O}aIkq8H9mZGw)EkvGo}x@n`xmtY2o0^B7g;=!UBRqh6mAW@sNdoOn$g5GyL!$ zFRgso0qtLrA+i8Zw`l>bUKH6Ki-2B^LAv53Cny_^`JE#4A-~}}79Q=IlB#xRlvx#7b%0=3}<1Sz? zAOTBLzbj>e;#2jmeR{yJqmWa71%HJf)o=Qz8dM8P5m`G`<*e41oaE1JdPajd$9}9iO5Ov7 zFQk0%e{qgySbNWoEzC_))#uaNlmGZh{(BO$*CFrKmD=aTO3~DmKN9(?QI%-rkS%x2 zGM_C6Jf-YR;C4XOBLL6I7=^%#gp5Z3ZbIHp(vYq^@H8+kCHx}*&%H4UfoESDWX_vn zCU7YNcEC_((s6Z$G-iI9TS9r+DBE?EWNP6+Im%q7FF<$~RahmfEOgWPf8gS?hzK8Dh!X^|_*8 znhLzcq1)OX#ktVQTFgRrMI*HJx1xl_<2VrPDd-^9GZfN$C?Dh|hNUQEF|jGp>Ace# z5VEj&v>1Fg+HB?uNVsk=mzv@B&d%Q#jDaa8!p)Lcquk`?)L|t&CUA- zfqOh=XPk%H2@6t08&f(J)5s&^n5&=%s5aoy2si;GONnV1vQT^OI;hr+1fNRpml3}X znLl8)9u=%H;x|d^n|HRTf^0Y20MfIjM{?j{A_w;V}iVMJWZS&Je?9qFN@1 zEh>otaP^eg*Dj5V0$2SAYC2rt1$iKffscZyc}0UzZs=uzkAjF$-O)xtitvj9pCN$G z1YVlGcbPSxA%HFfJS&3U6L?MlolW)<5%giet$EJ^UM7Mr1$>48Ium%A6nJ0Y1;ru0 z6!6CtKrKAQmlHtU8GU8xGmp%d7d`VhJXG$qaa*jkL5b{{N9|Dr&-}1|s?=Ek?kkF% z1zYYb%bPAng*w@C23IC-F2&$x2%7*rBX1gE^X$WZ8fWCNv&E#%gvFyE0&2aDsmIRp z=^$>&dD@5!WGijaT~qelY-%mA=H{-b;+bF5AbG>%GnAB748Fq=o!QIg#o~3sm1~wt zrvZOR8coLcrOpfllVGF^yvPljhQZ4p9v9J?r1P&U+YyiJBYKktJvirRL~pF? z(hk;lQ)&@2n39RNihO2rfFZ*dIye+T{?~*}7ztT4NQOX~AoBP~Rs353lUve#B014G z0fB$7y1lhkeNuoJ#)y3^h;l4E%_`8-jpbhJ;@21~xh^jnAL`!qm`{c*wl!9BZO%Wv zX`jAr*!AYoI`{Nr^Y{oRmMQbmEnI2+G^PE%6s2b?n{^}opeo+oWkWd}u5cu{5*AAr zk)i#F7x~=1zG&~%YwYmqi-I_%#$w*@;*;JU8A_*A#e-P!tsP{I_LAy)G$Tg za;x~`5-$P=c&_|nmQQM!*(9g))0@r*?y8ZB;aV!Adx9(h4rQCOZV5#g=;w!3aPmII z8Xe%6VeBmL0enl^@RNa_%~y6yx{Z6#z+LoomW3!3QK1MAYn+Fol;qWk#dw?_b+VVX zyiaGAaGM8Qd4s;j;{0~T3Udr0NsMwD?W!vNU2_nr@0-%6RxN+X#BG)2&%|lWJc9-2 zPQG~pZwU3buj3#|ScI8j`p)ST%9%(7-35`BF$g5*N`_eKNCdvA@>J zl+T?}I~Pm8+uBF0pj!ewQ$g1TUK|TYmaCmRbLN@C#fwxeUaDkq3GhNgqF!^~oa4OV z@ZPeZ1$>?@PaXJq=DPwVxIM#6saiekqt&M^gE+I)r;Wp-75AJ6KJ`~C1pm+io+aQ5 zJk}iWk5!~|Hh9}-%>n;dg*Xj(Q5T8N;@E)eu*g^Uy!;tek+MY@M0iUs4^~QVVSbVz z)rGsnXT8Z_lLS$pZ<2^7fyXwDh?I*@EE)N!fEL z97i;e0$ATViIT^$$W$Y8s>B2O7&!#p<(or2JTPxuiT-XrBG!daj!zyJTZ{L2$Yd+e zIIB0S@XRgg+C^0E#r^Y@XK=&*nZ;*Z$TP~$xFmS=f-~hPWt1W=9*?dLae-&5-DGI+ zkUBRm93ev9?@Q`;^K}p| z@)s!w)G%QtkM-89UCZaN4q(EEpsK#qbs1#3{7_&?WfX*Bv4JOd6&A4sy@pOY3rH?l zvJ~MAlVoh`FK`I?ZCdIDe{EQ4UM(8Sr`}SqoFIlQVN0t8r7zV*0l6_7SwQ&!jr#%; zUy^*{p7gsV-RI9|rX|b)x*z?P0#q7WqoEat(r7@>%8M}-04j{0u>qCPZYe-EkatNk zhVl)qvvzC0dEPqM{Zn?kO~LsvA7|rd=PB+t(WQ1vcAj%!KFSVVtQ1nNvWcnfGqbYE z5_OSEQTj?nkV^4+l+s6A_bz=@NTRP>^r#4>uUzh^2&J!F=%@&#uUz6tt5@e2H~Ip# zjb@-!Ue@TAwEwiKM&JlLiwaTtx|NFxQTnv&F<>iNL4%IH!*r3~=xt*ydD^osy5 zRYjM2EIs1POBK5R1q_I6E~856K;$;>YyvnX((f^JH|LWqyt9`iEC&jqfW zt`C&gMA19w7wurJT`R~Mdfmvr5Rl{d;3%igdFyjs7y$T~i)0Wp@vpG-UHD$eUE+mY z-V0~gzVqKl;3cflF^!jc3R=LmA$kyqBz3F0wc(*DS~n>evcM!=B2ktAcdX#Wz;%-X z;JqM;=qPBU1D8KKbHEcia6RAiz!RFa3R%GaUVmBN{=Vk3UO=PT_Es$}@(jqrPXB4| zJ_oj0;?n%o-39&O%7MQZERIaJsv_VMQRt`h7{Jd|d`&rU6M>TjzUZeMc~1H1sR6U+$$!9pxQ3tZb~+?d0X9hcE+TEL(0%vR$T z1E1$HZ!?>v68GE_xZ^ut0Q~+=5#_*(z3A;t{$Q7gxxh32^cL`kJ49rGkElpk452R_ z7DAXsmlOlXrs(q{R9mu;k+U3b8f}xAPYGNTdGkQH2@hFJbKa(IaB8jc1W*S z8JS(U&@@lx`^^{OmXNs=u1)5Lz%3zjDO{V(OVHW)61#QPEO0Gtl`-5CoDbG4l)Iax zJDRG0@R)ibL!a7_kYBEspE4H*KMt-6d_IbBz@`LB5_fq#u&&+ufgWZtsFS!*kSu~~ z<x$=?kiNn|u)aKw&BC$Oj2h^7dpoir!J(CVyT|F{G zl}Ewh(n@f<2o83p+eg4b6I#(?=34w&bTBv|Ef&M!k?Amr!@8MPF&!pxSW1FN!y(-c z^KrB`A4T&6~PTq?N1mvI!27WmL|FrtU=%>PJ93c%*5>YT7 zGo##r^7@>7ixDvxu|vn>Fu-UX6LYJ*xLo?xh`jRGAiO5wkW4p-dVCW3y2E-2ek_aL z{qWG6*kljFZ4n094WFs9qI={=FVHO=MPnZLt9;Z&8SH{6j$6|GuKuFFogZB;MMA~!y({!!h`E$$RNR-xq9mpvIa2Ml z!^|cL`e4BxO39N)SrY5LXZtX6dvjnP8h2Cxw!qM9z&=*IQ8`%K#B0Dl zR-BOmtN-zF6y~8pB%2$i4{<6v;P*WAiy~aXSduAWR7$NzS&tH{+}+(;O)w~YvIj6e zZJK}n-X%01Oh5oiIO#&hxgZh=4a07|QdwCc?*;2mLJ|hirKl{C8>n^Gc*~L`hz3s~ zxfJu4>D@km(>O#t>F+{%d>ZyXQMQFJEkbxAR|H+uwcn?B#!vtw)_{$!8)G8vobUgJESS z_kZNGLVkJ^^MMl!r#1nBT|hc`hJ-rL;G-bV<;sfNu(Cl2Ima}5PIVQbQ%4wUdXPL3 z^5x@GXrXfNIiuBKI5!6uMDqwjGYC5Sl)QzKh)`3-iy4FTq?pn}3hEvOCJBj3DfpA{ zKIsQ6^x;j0^%N6EDwuuaUz0#eBQBHG4^Vg1WXK}ot8!M5ltghcRpcg|>g1>%k7Fjr zJn|(y(-Jtmj}OFH&29{{!?Y1nJ8DO%pEIc zeSD4j+yj=26H=7*36IDp+z!{lW$^pjy({z4r)r6w!V;|m>aV9JyNkW9!128y)P5CA zC?}Xa@{*)L+aAPt1<{~hkwn=z;R)N=(6J2o4D{tj3wjeN#zCA{3B*7U^w?AV@Hvj_ zH=+SPpTR*9=u#&{!i3FF-Y_WEC$gcWctYfi&-9kn^L959ASPJY*CqQpog?BgITWNT zHQNzZ25wjTdTdO_gP8gZkIEU^k~1LWJhGz(QLeU<%BW%XqM79Wkjmc%PHvuj+^hsz zc`q2DZkW9kN90O+_At;w63vYnmOHmFc(-ysWN2=1Xovoz;LMgLjxp#cy@#s8r83D((5%B231CE0g&UQPUquuS%57vw&-?>0ecHsr%A&Uhegh$wB zWkn~)an>07;}4%JC~YdglpNN%Kqqo{Ct?4vWIx$W_tD!Qo~M${ADnbhktY9;H&(*6 zL!f;mRChI9=r%9~u5s4U#_hl+w4^vT+)fnHIH$g94halY?TC~AR1Vdhjaz=27pGgzwQ{b>o`al`DbI5IEC!4S&xp#4H7ft zarq8*>wm1N4(tC|a2!c?vMQID{B4g^tHh>r3S{kS`}XSDdSk7=vF;8`$3X+dqy`Mr zSlw={J|n%D(aY=_6pZ)jpN-$2uFGLp%g22NgYM+#u7@e_y4}#dyx}CeWd21G(@4l; z%_5J3B%_ZrAzm1;D7hHXn~NUzrx)PVv}MjBSDVLyX3-1o`-_-S|3Za)5c2me(_c3j zQz0&fjQZfMhXtjxZ9L8|19qW8cm8+dpN;wkX{4?6x`AfmViE`Be=~alX=*R04PSjB z57BO;vG8%-wHT3|bHa`hl|0u*WOX}5`>uc#DSBT5n=GLPOVYIS-dmo2oTxYk@SRHba?5-;2Ip%R(aKoUixMyONF4?r6j@V}7kb3SIHOE%2-Zs|iCG?U-Xr&bi z8FE4f4<5#SnyVJFl=Go(p=vdwuH54f! z-CnIG+RK77SU#^4omttwwNN@tb-RegN2Q*p-Y{TS45i1OwkBwmB;0YlZ%tTF z4JHJZ$+_{}QXFy3td2poM5go7ijwlmQ%Xphka!YF2D6(ZrmX`ewHn}_5!C15x|gAQ zk+iSjer*fYU!Onold=E4KYQD59<(k_PS0DNhuD1W&ushe*30M5b~5(g=PzFF{AK_B z5}zXbFJ!wW@0E%`J|{&50`}nrsf#rUl&@)MlnIe+Nh0vkBB@`qr=2ndx^t-3@Dkjv z|0+4(v-+=O4Z*4m+hV;^*?`gzDpLR@5xch2Rr460F*KC2*fgycoOMHAD+oK^Ltol; zs5v1R+NYQx8yh~C(;&3pXI>%!{B2{SvH^B&8*geHO~-M-!KS)hzu5$g`avubAOomE zRJVkakS0tdrYG;qK5qT1AR?s-1-R8jqZjg?)*Tf4@$A2Ap1f@xoxZJ){Cb||TS)Wm zBARb(9Gw1ga(;N+B8MH)ZvFTB!*=U{yg6-?<_S^U0ZH;7vo>}J*rcZnyVq1`(!(-n zqIX}`U(|29Dg%Z7HV`m!k9wCo26})Ug)BN#gVCXx%(>Xq|LC3Z-YRmFtX3 zR-JISBp*;>t(z-dzPBYOgG-J?V?ObF1+>!s1ea_q2@B5rmyv`E0M@KxlPQ9|y5xf3 zv}4ccU6cI$y-2fan#46u0ZN5)8mZ62J!~Ml>%cw%Cw-4-;$@3o8tR;_TQ5-?S#4oZ zzN}GEvd@45YNrwE#atM!?ySQ8kaJXL;wdr9Ete8Vrgy6YNM+Yq%euqZii&Ou$g7k6 zFu-XcJ=V||K_k#^6TwG#M0KB?I%!YT0DM4$zhSfOE|xQi$?VNnF@@b#kck(@9{l*@|kx6zfNRuUTotZW7dhC@fxBM@=20haEL{5PPn# zV}6aB{~F4tTDxCLLGnZ_zwLiCzF@T}pU55Zs_Py(JPC-_{FCsqPTGo+h1Woy>D&C? zVVqJ*)Au-!gFzrgO36snP2|`Qhmd77;@5bNqc?`-|`{{Ir6qWAy1U@#=AYEuvf$rOcdcq>*a@1sE8 zS2QH;G|uxF{AOb!CSxVT0`nZvKX^>W)VrkM{wet(O~fYYO#%?cc_@JK?jI_1qre9% zzDo~SLW58#AJn@}@@1d9@2%ZRWur(XJPZayC%>TLCv~!&Dd`;fgkBIC~K1S zb7W;vXYm@Asi)z3K6vGI$OpUR(>oUX#U04*%cU+4?RU z|FgCI>@WWRB|b%B|1OkRsW{$aM5VF%nN4@en+JX>72IUtDG&cb%haxNcJU^0kW94_ zAqj=Th)8LiC0NgWzxgwp>R-M#8UN3I^5#Z3)I}(- zl9%-x`R8}_8*;2QzY;Me!eHRs!!0xIR`cMvRUi2)%63*$N|PGc&T89#Cetlk|NQwk zn(vw}zx7a7Fz@_7d-l>j|IfBwY<>6F`Tr81uXF#C)V_kZyt4i6V)?X*&OZjDAaiDQF?{TQDXXoOh{A(3k z5d80nZgzTp(L6glI^1u*K5Fe%FHV{l)kr;bcprz=Y|Bn-|9$)L{Nu$>r-vs$w?3L4TBlL}g9p*i zY+By)xY;>xwF~% zqtj}iG>;3WrV|;L_dRQNI=`H@5AuD}>n7W|b=2&fAMSTr&G!B~2Va#BQ!pBP!$PDp zeY2Qn1}H<{9VIshca(G@Ge_A!dN22Dr*;1RtYjo*bm_2UGM+cHlf(UH=lsp#QR(EO zz@s906NK~TXJe*0!N*ny&in!E2a!^G1mNQ3Pdv+ERd{hQPU@tC=3|vl1U*S;G6cWQ zC`cqGpfr)3GYHdac0nY-t3k!>C7fV1leTA553(VmJv)f{T=^rW4j&Z8apqoGS(J8q zy4EIaH($R#JU{;Li{?JCM_?GvCW>jV7bM63sv~m9Lfm~+ILP7I>>+|NkX+J7jwULA zp#*)=`Peyc9bbHG9?Qc33>cmqRjZBUq!+*rCF`tTO755birf-^S0x!TEe=mQ=gp&| zR$GBlffFoNkSZ(WZOD5RQt63=MhW^*%6-wB2uuzc@Kxy{aUH{i|jqdsWRi01=%-dkqyY>&DtBNG0VxhM($xRns4xEwNX1 z{11n^L6WJubNsts}*;vsRk{3cUCKAcc`D+up37Is#Yq^_W9wP z=KlF<`=kEVG9*?jKfO8L*FPKw5KId$V=)h_m4n01dHeA7`}4!o6W!=Q=XVNtRIU8l zZklm_jp@{$%>L=gdGqi@-YNS2$xg>=!b+xOHHpo%+O2~_2SCjHK**JB`ab3z5+fRh zLU_f8;jkHVVKFRVh0`WZPj1MEps}?Di<*esmg-{-k@n( zF&)uZIcuLDpPj?ryEr&(UmTt8HziH?sw!^)YHkm7&uT@U`GV%@5t5)T{2(q7NZvJD zCsGv5$R$IH$+G>b#;JL5aB+UB4~^U$7^6%T9ib9cfOd6V;RBV$fdFR%&A}Ce{RiTn z9X3ULNUN0(&7;EuWR;y<(^VtwRx6d`R;SZ^n;t#QRQ9UpLq^P~;QnOtDUen7K$*k5 zsompcbFIP7%*S#-FB|5!Xw7P6IK}SbDK0^-ZJ5l%8?h)6EBKxLRn7k6m?m*> zvu>6zPnQD>IKQTt)>9KDGZ(c?`R?gLsefJAvZJ$b`OePLt!U>BVb?41m19Z!?D*oK z^*S9y%ElK5tvAj0N9TLl(wHg#(EaqrNbiGmD0y)9s@c^W@{w|D1#b!Cxg8|JwVmrokca+hGgyUF^ZHo*c2dde%NYc)x!RmwS~2krVm6n!9M$D8-sSl}Zq~iRskuEsO#a)Pp~QKKVpy|0dPdJkTon{RhbG znRfGroYW$cJJ|2rM^&;y-tZXnn1jktIc=HBIP#?Hhn1CqA(_Mop&wLc0-3~NohaOP z$)^I0f3H^VD(%+W*02BZN36bKpQ!rApLnL~8`&c?58UG&n)-%wM&<#2z^SNjs6#LV zhS~OJkNvY?7yY&>w^6IzK5btV^ZUaH-Sdl%fsq^2=BqRGHr2`sIO~%`5QNdOUI`9L zRDo+Hq&*haNyo${jhGOav~?;U&8XIs=lOm6NR9;YJNXO8Xisvd%P3CV38Wq7>5{(i zR8kdAb}Fg%#+i!MVV-KMS~=`or0Ue7Ay5fyi3FBF;l8jIla~t~nW-$XoXk9HC?kW+ zN4HFjEf`+Ovh&Bx%eI+Erz76ZA1@>BI*;-qnO85CJKRC*ym@%kaRs?TGR_d{3RIkh zLl`De)M1|5R6gzt!KKHv2&Q|uOS>+lcr8Q0IvYhOxQDW|>q1)F%<(K8%$(5`vaghn zT2%mPg&-bRZwalmvbAdVeo(LLC)x`Ov%(!Fa4LI@^r3E+Qd(rx5Gp=b1;@)L{3P;O zOd2fl8rsCsuyuHf#6?IQBX}@{NKzHG$GOD0|1DbkX!zY2uML3qGn--v z8AOkfSEQqe2mi!e{pr&@MOSx5ilyI|(n;B{GE}lUYTBT6(qFstlrWt&Jqj_fzr!g#>{_1p^AF`)Y z|6)#^Y57mk`~3sn0lS~KHt#;c`PB-SYh+hV`Vsz;Z5+XRcWNZvMu@dzBm0K<1 z*LAXwm&=IC-4emlj94<{7!S=cIh+!g&2}|=;`sg1`Qh17>*DO~MQ8tA3)q4VOiCu> z+zSSinR!DtqNTZ67F4ZT^@EgEQ`o_G)6*bN-S|&v^#~zP;6L>jwszQi3aXjL(Zb>$jMRNtonU3Al25A^oZqq6(f);$LHDr=cGYfCC9g=sXIG7A5{Bg2t8cf-?X7{j z`j4tnzI-CpRs6n6_V!41t4e;)s$FdK-hh;$wt&R22s8P~(QL1}x@Nasug+4!T+y&# zh~HK}+e6%?I;6j$7Ae;yuSCiNv*&jZ_|cPu^n-MkJSJCaa}>__4$f@5^~UVbQ6Ri} zKjecz@P2}^fm93|Nie?fc*tXMK_f^8IHJIqD&Bs`XuMbbjeXi0RV&`>aKhlPo$r5m z@x#l%%kSFEKbV9ee7*g{&bIvSBa`e@f3>5Uy^e#yFiHDw|NT1{l!rbx9Z5cO5%R%+ z#cx@1%zf6T*Jjt_COro0>FRbhRZp$T@3d0t@Z`||3Vr!-JIB30o|2E&| z8&M_IPphBhXm`I8r^_$R_DR0S>SsOuyKlrdV)Zi;>`snTl|RE!RZ`8228_3CI3&|@ z1A+?YE=RpbA>Ha{Sa*p~?Zs@Q7NTj zvP8;EN+eWj9D8N(o6O?qv;~?kS67wB4u6KB_lGpzTU`Sgrn>q$(`9#Scl)kNZVA1< zBu_r$WJ$s&<1vfZR=3v4-IH~f-LvGhp90JcxP4bmg{JDN!C}?yT19F|iAs!_M`$QG z5p)XXs|4y8qti@}k&yM1S`r7N5%WO^&MJ9O~5 zc0L^!1AURg6hjt<2IdMNN)8Y7#3`nzmb^US%GF5NsLA$+2PL@SpdlaF+!EKU>NM9! zU;l=^Bm;KD<7}_bz@zV0x6>1n9R^q5rwJpyAd)M1&Erc!{Gi`wF^iILN_tda*{bUy zgSag8a(H|4zVW(qPzl6^?0=!+ub98LRe=F(HJxLvNPNh5+m^EE+mrYDq^#zetUJpd zjO2TKG&ZDztGl}T8Hc$`MUWE1&*~cDIU!HKd2{~FdHtK6lmEe!#zMj7x8K^@QtkTz zQqz_yVecsSGrX=vLyUtcVsWE#A^)|uUO~*&*L&5*?Qg%;;Qw%`u7^R$2zsmg96|Az z1W@@)uz!&)@?F>dl{hx1&uZY^)xa=?v;~Vu^|!6iTmKhNzFh;q}X11cQi%o2o7fL?*=&rAw8$UX+T;2?oobKra+mxWBmT4{mew^&b4 z#Ht09)CLLJ&Yg%HiO9FFim9S|T+<*?&E3}4agfiVR_5K}S}#*!e!H3#cve3@t5v0F zQ@yKXth@WCC+DqS&+{i+{jj&X=7C<`98TPm`6obT;G@&G7q46Inja2N+u%oZ+&XXO z!4wQsU0usbz$m4yJHII7(5mXEo-Gc$K^k;g?GK0h#$_AWNHx>uyxrVKU-8^8@7k^A z!CqBff9Y?TMv7V&M~5e^R6H@n)dC61Bdgn53ds)uPQGOW)ZSDZ)pVGXH}*ISlhkng zbz*;QUFGf%atRduo$u9+oEgOkA!OB_Q~H-AQDz{JI@U>zEU>=nX{fg+-W7+&q*zmO zk_XnaXewWj=2eU-#sZ^=slCZSzPCeu&Egy))z!}*TJ6`T zoz{hVFZ^wf7)?0&oqYRkX{#ijusKZtdVY2av}}m-2|TytShu&CUpj|JM<4SeWN2j3 zN%OfCo%BCl5qaklpEFn)&~`h@4v-epMY)@~DhMLs6K_bYl`NFF$TOBIdG#u@2lb#RSP!i0UaeQ|2%NNj z0j7XUmF}7%QM2kWfudWHR9FAs%nNYAnIQmk-t~4;^E!}QQeVLKmfdrAaIFfV+X`&) zomz5)Tw>@wUDQe+p&3og5pqb13j~iMeR_)S&|D+(>f4uP%vfve{(RyH3Fb@9sTIdO z-O9zdI-`QxrJ5TG>L0akf`mMDFqo7aXj_hZP2*^(A%AJMPx9!&vtpTHPEOBT`C)og z3i|M#F@q&R5;CocmxnohK-ZXjJ?-p#+8(WbhIV)G=hi5FWn06dpT(jBZ_N1+4U)`j zS%}P}_aJ;`LN5X+*_@?0d*I}&ZgY)H^}eIPQ;#KW=97$s6hz}mvghhwYK;5_3%w&3 z9$MV}rdGakCkJ{9#p;(D>RHK9sF7c8tev8<)V+2=eg7zk7-VQCuF^>otyZi37FE-Q zGcs!N+95hUv;^Q;u&=R*@AHsPV)dhQGBQgj$GBTr@Iwxd&raLt&69JoXqVN`8ky`q zQLyzcn%i(ui1+vu!cG^X6{T9vmGjesQ%nv`aZNB2It{%^C}qEpMT2BW{Aol-f#if! z%$`mYB0yy$n=>fH&o2oLgG*MhICD?YQlFwp6>lsh((SE2gFh|STzcMDRUb>Q39)`) z!oDU$7LEm(2vbteD7mlM6JMnc4yR-oU`SGe{Xu?K;#0w{2NI>_KNN`*ax#&F>9;St zWG#q9!l)1R#JrLJioCM$$C4j;j02$^VomC7O(F%MH%ZL2nJMxR*kNsYS@g6kD+elZ z8RWW=7`>E`V6vc-VmHhqFJD<&Dh=X@4@Bm1Y|HE`#*Bk|Q+;VH#Gm`>x#TFxoUT&v z4&uGlH9x?}f$FO4R9)B2oJUwc|NL43>F*P%`LY2Hr$LS`{U9c_F)=^LZ-2A;t*QA) z(dqEyE!ideDvx%eYq*VREYCse;J0Q*TgOE1>4|}*k_)g)46;9%nUi$|Iem(*yo8k9 zV;)3_$Q~@!MlX*VQTK#YZ7lMbQL9g);HEAT>RqxMtStiOaO3{i*na-v<%{hG6p*XQ zVQVz^v`k|C=JI%2gX7&%D76Z92%wU#hO zYBXK3b!AzES_wg)P%;Rv7;EWe{;W93dSnG(3TK<}L}u&urQ;SX5U(U$W_4m3;fH?hZaH zdy4bJ+t~SG^)tY{tGFY%irq^#b!7xI@1NOJ?3q+Px9DYgd&#D^3BP1YS(#B6DHMx! z63Sdrph5+`k4J@sX_;SfF!|yqPd@E}m38;`C-UFWLH_$$$|+J^C3v@dwg;7Oy8k7s zpPk9wk>5cvWX?p&8MgIX?XFT8u;ffW=#7`qY5!+7%>?(@bk9)NNPj7rF4;6sBr7AM zmrUS_1ErygOji4X_iY^`Fkz*K9AIsRFeI40aT2kcG4f`8fhx-bZctbCQHw~m%rnQD z&=qdE)n{r-i|*0Yf+R8d9b45~)|MC|vT8R1dj;~tedKaS+~`WIo%qw63+-z7?)11d zTT`Z9w7ZYD-QP;Q?Lfs+ zg)859qNSxzKGIS6j)h|uV@($D+LYwblz>3v48PrS4sZr{ogKh4hY0m87oFC*i}~k| z&Eq3HvPw6GinaV4wC<*zB4t%#f?ms@|AT}7?6YmullkBFp#F9-y)&&Pwv))zF1R$_RCJ<3zj~{cl@-}nNl+S|j*eTi2LO~{WwlGe$Gi_UqoeQq43E2Xq6C3tC%g3*a`uVGPwzHAz6=P+D4 z(j>IKOO4%6_MVj3%#kh&_IxILnyxbhqN|*=e&vekdW`I0uKpH%Q`=F#ZhF8fyz6Xf z$+!VYw0{6GiTeH#AGCRbj3m93t-XZCCQ?PWc(VHW&HI!6ljd>j)7I~I`qmuL$fxk) z1bwBjHj%vS6^nCRLqa}KUq7qrC#Hgt)`kfpauM)TT?R_jRk>~V)(!ZDV9Ce-KBLL7 zUtF;jNLU+CmUnwGD_OA(xyy;%mr$IQiX#=kQSL_WBeHQOk)t`Q~ z;?Q+8j+qcgNJp_Z>k?Pue?68<9q_2GdsmhHZq9|SY<$@hpTnVQ#$80T$YC|2H!x0> zRJAjk)<2*2UsLaLGFEV09G8aD3I5HFdsR|>_QD1uf`7A9y<2Sv$AG|2$O4K#QP>)XEwolKS=dJzIlQ$I& zN1fSKv$gQq5eN}P1AYmADQs6W6vd9&^@MLDo&#~Ykn2*9C5=bj(#Reg*$wWIS~G1+YPq||_E;m!rLNmjq3)`7Rkap0o!B4m|B}2A z2#^pHmX`z)0xyImf5Xc{a2^DbADHA32o3~7ek36afvlKdmfv^Rx?A<4WxT|K&m&dc zI``aj&pr3tbI+2JM@TF6Gl4761nDk-JRxTzak(KG$7{$H!_&JJy9v*QniC+=e9#M3 zN)dlM{Hi#cOOLt^7;lf68!XyQ$eMU#!nT=~pr8enj(cRPX7?|WP^YwwJ$chp ze7)WVxfa|GA@)rWBs4sY zVdku~fP2<%wX)HM8#v=FJBW6(ymkDWl~Sw*R$76nD{We*0yNepVfJ{-r1?u`3V9NN zYGJ80ot%cdw93cFLn6mS5}^YVjA|y*kmeQ`#=h)pen|a}@L~mNamI~1_#Pb+UW#&a z$A@He*eZ}AYog2EAdUTc&=J>D85fn6Bbm_&jfigik|}IRwn`j=ls^$MOZBiSw><$T ztaJc70w<@YuekY@cV-p2Q7kd&?t+MY*lxUiQs@j^!n4>jLlHHYJnmR8_y zxed5Z_ciL zf!%}=3ohEJZ)!WQ(L5cnQg#~EO!frrj5!^7ZQ3uzFc z_PmUjQaBA3^QjbDY2q^Je`o7^H^E!IX1GraZxifEMcG`R0eOiuq(VMp*gDBuh6luL zOmt9*5;Sq^J84E1y&W7`oWZb;b-x4RY&;U~3CMLZgpmVFdbEvbH%7d0?O@yWy4W7) z1%y;JeZyvM$EfE^NXy-dGcIYIgb%W2yG%858C9t$#Xj(i~Z zzhbF`#qNwed{Vd$*QFkxL+M?NB~OJzlK63!h$q{uIO?35pn+u2M_j~UrysJ{`$$1- z2O%0fxh)~4Gi=_SbcX5XNmK^jmiU`w6aV~yUT zE-?aX9SJwh*+nt9Ab_HcMMpf@+-byw|8ejcN;qD4nj>$mK72n#!~)|ND( zE`IF^;V!~HiakXGXm2k0t|xe}0ww82+{PUHqUJX^joM@PA|B=pmIWv*NaoyH{%bow(N{(6I!c#$MMtqRUS+)_cD9H`HxY<&(P_Pq$?8+xv8W>T>m624a? z`TsNMu(%y(i69@J0FmFU*%9##As5B#Q1uG6={X`xi?(3TX4$B60=q2n&4f60u-NIy z#|`lfatdqcRotuKWH8ub;w(ll)(5+s*YD-=^zPu2wln!^e!jSvUoD-h=7_MTtvVJB zUTC)}c(a`M*Ta1eVIV&zQ6K=Nd4?XZU2nZxUM49}QT4{5L5s`=*dQ{OhQ-s*HL6Jt zOT%Co6iDS`>dY2`QF5TmvgoKR+7!n~>Jy#G6udZ8;v*fWf5pxX*b^T%TXx{11D3lJ zA0Du)Do?^DjudYz#l=c>{NxKJ0WRFU108YlyG7p)#$!nU7Yew%0m}i2#Q-&rfb+zu zDV7FqNCR&}oQ;urx56OhhGn9=74f_L40|K%594)UWiur6AoRAn^La#KZ)x1j9dFC@r2T z#eed|h5QMkCN5F5R46YLE4VD)sjDYaOT}5k^Q*Cwu;1Dx_jNVDwM+cV#CxUCZwECc z#)e$!uy_da3@67=?@djQ`&%%;WvRqtIH_)VE3sRX!@7{+Pi#qT+j9+j9aoxCRkA$^ zR7Z?_R^Q+NP}0eHgV2zA8sC!ddx<)71sDZsLITtaz03k*Nxp3r($w}GN+iUhu`Ld- zH%f0!J()E0F9t(*42lrG>u!=wA6T677Ipg_1+^AP?+F9#5Rha@7LPo}T3j4iX`SiuN5q3`u~Y?oDsWY}7z%UoB722H_7(NIk*&mV(JwJL%Bl=% z@{&ZD$_r9j3~2aBK2J@L^99kdBu>L?D-3GnfJXjAP)%%SaFZh9)QN%cWjWdi!FV2! z=VPY5n|QG{?8x21r|Km;+R)R8#J+v(eSB>41G-InAU%rxN=bKM9Q(J_C2uhxc~FsU zbQT8g7UWova(sxx>?pEvk{gvD6acis0hm@_kRLQ*S-2Ag_A1d=jjix3D%F96S{CS7 zVEhh81WDkt|Dg+}v5M?xOz^IRpT)x=n-Iii@+Q z+bZBi=;;hU%{1*D;J2Vhg%wUki~gjSgOIoy(~unE-Ic;;p>y+Y6NwVVFQn;u3-(T_ z1wG<+l-`@19-lfnF)`6GwpwESFZlk)RjfqD|2C))&I{ zIX__iU7grM?CYA?8jtTdFhy`CEtwcG9dP=-P&R54{}Xw@qix(0jC*qQ{S0ZWQrr!> zABzY_IFzLK4DUPGeW2~(zMvz>KNB!8-iXl7El*BjhL$}>c7qm!e)tGcTLoyx5`rPQ zGXPOn7VI71wVP`s)1*KI6Viw>4S)LzdFim7L!Wx)vd%1hrWUahEout*L977`gyjjG z5!&|=syN3p+FApefL#dpxI#0!$@fY!Xn|8XJGFbTQ_QJ4OL2IXXvaxv(wm2B=3m>5tL-@ctdO` zXd}X1hEdS2MeP7uKsp(4g)<%s(;3BXxuJ}C7MMC?ZL|*QkK{vyRYiK~?}79lB^lYH z1htSn&q;*IvgYVF5p(VC0PDfDt$96hv4O@wa-w6Tra}Cn^nn<9$05r{r8(Pe5L*$Y zi~$toJQmfGieMO(q3zs;bebg?(0XQ?9^tsbYUHnCRYS=Jj}XY=$S2NHNdFeU=#cd( z;5wo-7~#gXn7gFC9U;0(Lf_>tv*^uuD@L8WI^x>c+!xuc(_C~gjIhHkhu8s=s>7TX zxJrP9?OF{&2Ra#0g~YclfVPv#WJDII*^vxhfNn~l)}-N){DU5HD#w?RFr%_fN^T|{ z(&(LA2jp^iT?`P)tX`y$iOtAr5649J5d08}?ut96Lw-XQsiiGnR_3 znAnrh@BmqCEDe}S{@GHYf=xEq-Le(Jxhl4l?sc zLKb0B%ywnbHQVV6Lw>(XkX%weQ9;`Q1na)0?{a{Sqfr7T_Sj4V0j#Gb%Ys*5iU1UOfm&7L8y$1EK**)p)xY#ak9UN$nnIcjmC zPq`1Bp5LZm2Mw3xJ99%E_X4&t^U%#6(Gxmgk~$RB@rf-17X5AXCr%Q!Z3kYM0Rm8? zw@PA9NS9fIq|OPsVTuRHT^F!V3hG(thLjC<=`EJs*e2CinviEg!M)flYX|o6U}0j+ zRT6t1c)mA|q!ON~6VjDEhRw$b+`523NNU;1YKHALLNFTo2r~7Pv9YH$_M_k-M)iij z9mc9736RF#N#TauTJ$}>X#k5cf3jz!>aU4y?%37IuM3NZ1jP~%)7%wY(u0P1-Xd0u zIr3>$9d-wZ774HCj>(H539Q}l*V$?(+mk2&;!%PW$ z9D+t4D}6P2BV!n7VmKE50SJ8d3Rm zJHF3~4-|Nr@=~UDv_bByX5D~BV(LVpMge@)i%3KEDR##!HRv#Z2kwePg8k7>!=8|Q zKD44;7Y&7a@EMg8lg@#!odtE{Q1k%Z4F`3jE|c#2{c@Up6YudntE0ZjQ=<+^!zH&$ z$o}w{-Gvp|Pjg&$7x;#xc#Mnj#jwP{b$TV75|aOpgW1yJNEPH~XTf~w%$efi86|-j zVR;12%=2~b*&wkypR>U^osEDV3HUivN&-1bE;n%2)itr%*nWmL>jpHdK|gC++_0ENyR=ADIko{OoEt1i~?mC`VAUs%u*E%IB2+KH&~Tfb+{ziuDZRmtl=zi4z7x7 zrT0kdj+MKR-m_ThaOxk3+u(tam#l4v?#0*u!R(l(R1NK*F)}79MFS2~1*wdbzN`8q zSVfT48+N!s0%PPB9ZPgf673jKF8w0WEE|v_wi8U)$+w@@Rp@w)!%h8-^0QEfx?1@E?vi9AEo4o)aXQ5qWLt%GI499DYr zg2f^YE?DW47qq+S6(Rd3F2g`uBZf5HW7DoDsb-1y3YzXP(dHp$VWjzW$&Lp`+aXPU z$|{4qz6aVtV+`PU*|6m!4T96#u5I9ak~mnvtek*FqD&Yx6xugO$zDgYKN?6?DOOhJ zOEdZTv!zOvoK;A!U&J|C&$m=H#`Ra%VN?v~(Zp@|VKmr$i{0g9ziL5zRPewgjfk?u zk{w{D_~o?Fa7CJxZHP_J4zwFQXP<%E7SFfEI2TwVPzzWMHbxx1wkK-b6dh7onzs`I z62LO`D;HF2)8Nkwk#QttB+e2PcQNadgDR=+jPb1FYEuk1(TIa6h#nS~a#$X$!)U3! z)^KZQ@x!s6Lr#;gdkmPix`e}Jco_#fYZ~lqzk{9aYp}DIe6X{|!LmF~%5c$ReZb}s z6Meb&m{Ge+J!*^_8F#`K7ums~>~I`Tmklnm1FCKh2wYiriaJrMka~+OBvQ2h3SZ@< z+gth(HU01aO7(=)szi3w4iSsgiL)+%-UQzTL;O~$x=7MMauBpb28#A*;|vH1!LlOO z=AK;-Mna4r`ty`p`%yxpn9#+lhU{= z2Rzb~nKgOx+RQ{|A~R`?iS|JS3`-9uKJFx!zZ9zL%3lzE#MK$8x`Ne^4L^vmfFKT4 zqwN-pEF)#d9X}fM*k_V4N-ZCRpFp5+ECIbbBAAF>NaNJ(5H#Dh4P2jqrYJionnEFL z1CnEj_C4xZ*UeCbZ$w2+Of(oI=v*iIvk$rc>Ke~@IG9eQTadI`AI!qgEx3|p7l}Vu ziOJF}z7mbC>f&t)mlwXuVi^?2kDVPqwlIFILRUuYcTe$+jZqoWPbR&`z|qm|!Vp{p z7f3XaZ1CBW;qfB{v4_r)qziEuD|jr>L6aQD22lR_3J*$D3xeQUApRB%>J5KesReTN z#L21arY5o*{`Pp}kJtQW%MRdpwC#@*{X86Zy>Z8n#zWY$u@eBRSUyfNPNMf~cDR8+ zT{Cg&nqm5H$_-bEyDI00njJ!5rBCN8XIF16lq<#3q6OS|LZ>p5nd4)U*j&n2tA+An zZsfw97nUc+UvOdNstf56smb-%^FNb5z7u`Aa+Uc*7}_;%*20Ib+z*2^{T8gOAhMFp z6_MsvGWbx6*IWkaVYHo}M9nd)==CkBF3@znRaWwy`J6Rf&uzAwU28z(5x-3yJC-?4 z8Ray3aFRZd>@|5>rF9akGFJLD{re>SJ5M7JPg_QG^|2ymog6-%A-4@D@o%~*$E^cC z<)oJ@uausgjt8ji!2<5%@NR~jVY7}2I-#VjXoxV@qrPBFc7xIA55~9xM97sPxl<3i zG^b9z;M!}hV=FTX+~)Z9h8scbfHPhX{N}igSKhc_9YeZu3)qbYXh0jM(Z$!If$ies zB>pzshq@WKO+^jdvW1MUEIkMBHO3UwHtfKzp$!K&CEx9B*}*XR=h(63E0(8m+v$~+ z;~lG`z~tEX1N0b$J$zh*%7Mmv>K50IBiL;D0Z#bEic+v}$bj8Sxe>@$@=K{1@)j)Vfa0i=dX{ikSunKpg)uy{nGC{0v_`Y`87Ql75quUM0D-J}x)2Nd) z9aBbotzgiP3ovyx*6MrXAh}OM=pY?)WCRzQ3$y7xVNf0XCm%>BYY8E3{9Zfu6X)dI zh)K%Y>yn3deJT27OL>1>@Wh|?VVV5HGWmy(Y}${wUm&TQWzyUM%W0w073RVu^t^%~ zksHsIei*0~U^QH3Ao_4X28te6oHLRgvE(VVMzZdOk@Uy~@4^N24vnW{jo>FE-KUdN zaX>b@v`8>cupK(z=(qycUE;4KBuz}&j&bto3{M(n_~c`7h9|@9omqj1gs#~hWW>}N zbRLhOD>7TIze-m(VGwmnSdBJiPJ%GL6p#~kL3BRn@22E;_`u}{G%ZP1N=MShhjO9n z-5?VqejM9&Xhjon5tGsi(|a6+4x$AgMMr)k4nlfG&&|>-UD~dh2`x593H=jm)N0-J zob$KDMT2{qEx>3oc6e-%oY<@q2AE~pwGcPqVMzv3Tt#%&4NRp8`OE(5<>~i~Ec?hZ zwoPMKZ3?ktfpKiR64Kn$92Ab^!n%8RjwY(;_j93|KXHNDy}Og$z1xtoh-6kef6MAp zzIrwnw-nY_N-Q9A)KijtBfopMd>`L)HYB@MVx2VXB}9nSJ9QZ4OJiem*Q8@g-;U~* zv^P^)SSnQtMs(D7$+*ZZMMP-c*4s#>Rd#km=g75&U)uzBJ;IK@jksTI!6Ef-Ip!)eBNy(4=Q z0-R8d`5yZoz>tWMiOFa%9**I?ml^T}&vpuG4lP8#9f9o)J0dWEBcQ`>i+wMy35FA$ z93KxLNvp;#EnHBBj^;ve<&~z9l%aFhj?@|lr3yHe*^&Ek!>|oA!sW;zbaJiQiD@u3 z=tX|mXIC@Oi%J#q%hg*8<(ze`R?(qU0oPGPNS}A3ZY_q%br!)bfX;>;aRmFqhje+J zsmp7-bb0N8yEKmSRF^JK9k|O=N|!x3H2!OZnuv4Pjts_915ltVIu2ZOZLiP1XG!D! zp|{uCUexXr`Z>~AtQVW?+v9T&Q@_qqFW?NIVNyj3%naBKR*J@n3m}tX4PYG1<*WI5 zp*_iNMYdNxPxX~FVn8WgK|jZ#*7Wx{vS4_a#f0Di`P&|r$-~3o48DH~4dp4=1D2N+ zN@-aaOVzW*#WT$3sZ>D-FW5C~)khQ~$zu28`sIh!-4>Lu!bRO;k2L65lAuq#$2#YQ z?H1CKpaV)3p#&;MGdXdvasW(-Nyov9t|Po9affOZO0^v?@rvI{9T>E{_@2AyZP^Xi z!8}#tr2tsf;ssJWO{)lE83si{EhW^s8@KpaJRso*t2|(n9-=(o(#tEblulxNkI(Ej z9QaBcTD+|Fyux^$m0plusx^J0oE+P(;M(b;d*ZK0ff(I>>>LeOm(cBu0mJdj^m!W` zTTlL6o(Vec90@E(%fT>B?Cs=AM>a$3(a-66;D5)xVn1@kY|A{#MQpE;mVA)7pkinH zrW;~soeaBFjX|tv0&LlU*|e$mm4s}WJ+o7or8mxiD~WG%pP!`?aU3j`7UNLu!x!g7 z-twg3G|Fw94j}}SiYN!YWjTvOIZ{cU>JnGS<$4dfJ&4FoEYdI3oz`S8lD7s?D~s0{ zz@?O}f;{ag($TmFW`N+`Os1B`U$bS>k?ZQyh0;$`wanyzYbAp@jNfkpT5f9%;(gR^ zG@yfoJ4=mzf<;l67U$37{0O88&c_tMaD!=3zz=XtY0YkjI41^nf54Hc=n!-Sy44e9 zF+RBfFUbNNFAuT?d$#Ux8M4&$Zr}i77NlDhx9TYMw3hrZS`U(!3uS$reT>jF4*K;2 zV27c*?iquz)z!ebm+?1#Pt%^?GQT>TujW_FrBZeOEN_Zk5Amr2lZ6cxXHOWU!~ipY znXuKOBNebqI8ji9br|FKD-_QRz=;B(gX<3v&JaV7jUQ(nJF=No4|3nkso^;Yd+Hze%b@y~*@nL!8nWpaT9QyNXRW{1teuJbO`~Uz1^$=*?vMXX zq#-Ln05&cCbtJ;sUR!gcg=qJ2fBYLt>HS5pw_?cTUHx7P8QcDEXC)7 z&{iJxDYs1np`u#?IITXA*%#y;2XPSd(zR(e+-MiLxSYY3>p+J+bYaN7CQAWz)n)Wm z-1Qh75|%t^ctai4PU^2*7?NC-VyaFDl41zVXD?^*97BXv5ewShE_3gswm&<705)6E zE@30)4<=w|k$my`!(0wnEcuRL6jNc~aaalr_OL$~bikGbgFiIDh}{aTJ8>;hj(F!n zcs#wwiPgy*Pg{UDp)jTN&5l!4dWzCUV%}}*S^=-6>D&XFrrpf#>u1vSKvBILasw%=_i?1XWHq$ zd6eX{=WJ?Bio{A(3-CdITpIf>Gs(;OrYA%kk6-{9OI+>xl4oRO&IrVX7I6dbcUtY) z0x!Jslz8EZg}6;Jb&|@oarsiTM|&fYydfj`J@0x@5!nd9YUHolj$flc`BZ`njP^g01S#};2EC-R$A!X0^{3v%OA5@zaj@FfXT}P zBZJ1I)ZoRTA1vg|b{yy^XmPF)F~GbbpsMW3agtCvU(&GX)POiuMRKAbnV$H4}gVKHv$S* zOvXVnuE(pyw(KwjHVc`-H)+tWv9v!tMwurnM?KIIc+)(;T!ED32G*_xtX*&(cwo^= zsc+TvXc!mzQmuP~UgZ(ixzY4V(c!!9w>^jEXF^IeB;OakqUXRJL^@n-hJU|&<4VW6 zp60}+F8#_kxg1DK$mst4q*tk~IIsG~vP9uFNprsrNsinRUYcE-NbHh|mQ=XO9li|n ziJK7^ICGR;tHD-u!Z1}K`g$tRzji~C-Wt~Jc7p)}qmhsLWI8?e%L(0Pt3m1?hcE;M z5AmSD0$^kvM(08p%n%q>J|Ok#>k#4y(?+|tx%(op)b=*7z`Wss^I#GEW{sqzZ`rQP zs(izFf4zhgzfmgN&T8Z~q2G>j={@n!>G6roHL|A?0+_QrTaDjBE8TI!R>R(vIgS!k z-o+__Rw+EHm?FZ2>>1hK+FpcBc5MfY<0Fbf0x)ecZe)$ozC#{O=hE`{J2Kl#WJn8O zMEz0ea2lk=&*D9;{{hn=1X_R`*KFjcUsb}y=VE!X#VxJ2(ez1d25;Ok1~*o;oYg@3 zh=||@#M%I<1|*%jQo}6kbpY>fy8$|2+0jObhLLZzNWx@-J$0m?EtYd}Y0LD)nE3K+ zX`zs_(xWv;u7A0QlR;EU=gKqWAU%fD2DG*vS_(72w1gpBchz+F{_9)Y&RrPYJBmvr zE0OgQw`HYRlmdBF^P4R{gjVWoVSa%=+klOxl`1c>zk^oOO3fBd(?5ytua!!XJeQ%c9RL&Af;9I$ENc7GaJx3NaIkA)-Nm&n8mr0E>B3v>fS9 z;sAs|d%qlG`g_`twmSh@tX#X0Mv&H9!Dn||ltnc0L_YJDp-FRah`kW?GYn{XYR+jJ zu+f4+m~uTgI!k`nwqsmk^t|0{kOny`y+?ValT}}4!VO8ZZn%N7WCzhMuF1g)^YYI# znO@;edMuL!GY)H-FP^@AVg6)Nvxd92(`=l~uDM=zr`c$@9?giy%FxfQ&KFOY^X2os zAT(TRo0J$9DHjSYaMT;iFUzwM0N1PgVApOEu8xa7>&dYf*f&M5?jyKlY6Oji@GB=L z@8m3OG|@*H)Q=%7aiMsooX5`kmGhNqVPW-reqnyKxHwnJ^#PBADK1v3`T6-m8GXf< zJP#S|j^iC}>o8H2z?m^*qN`5?%dJDDp#;v1AQO^(A~*}z4iiBMoEbqTw);eIhHM9i ziKGV7jHtLRnL?Pwnu%x?#>=zFm#1=c#Q6m{MoO)NC~)BxL~Ha`a)Og(D1s*^y_Tbx zrBG#_FIfswZi?j%Bm>MIgC6Gwk4MMeX{9sK{z%SpxP(=DFL@?d+M{(C#UqsawYq;V zrKM(r-op)U&Cj1>QzRCmXMxHZ$8Z;Smi-wUmu@2kUlVc&5lyYoY(=|l(6|yA9|4`+ zE@KcJ(BtGqG7gnZx0Qf^U^mlvQPVA&yu<{1Emw<0dqct70H3c+`#wnkwFQAMZ6Qj2&}=n9|&uO!&ofbMy?*P{+J$>vVmLTTMJkUaIq4*IRD~T zCcG7@iRiN|O{Q^B8!s(MgTrE}DkNx6eB;$-fKbeCwV;QyFKyX@Ty!d}^qE8>d3?AQ zT1w$9eIA7^Rwu|hjAq(lDV2PA*B$-;V4w1ZjA~Lh~eAm*oCW|kF3@s9gH49NsAZcVQc{6W&4&2{%PC3b_ zjj(rd@)Y_6r%#CjFtR+|Zna=Ay)uG+Z}{8fcOm=ln9NTxfGcvqvV+L2+oaSmNf@a# z5Hk>%TkHh(uBjSGyht^Y_CXuAQBvC)H$`B9WrrlLhk>(0kS|w@bNQKSseB&z0T2VK zr3JU&t?i~c?5&U!hc8++W=IxIjuK1ziEk~Mu18sqX4%A-Kuvo`ewreLg7~=3TIya5 z!WXJCuXUs<_FA8+jxWPMHF;gmI+dBcE;AuEYI_wHx-3Hrug#5G*Je&;CII^Hq&23b zrZVRnl{+Q6yoM<@7mmZb!2}U|hXQLdxhNgqBrqRx_oxhrIRG&!yT{afj+X*j1(TDC zay1D4>a-q&7KyM7v>>>S4%C6hK?guK8P?<&7Dgbw*M%9EZ(QjBoZ=TXoHugR4+*Rv24_AWw8*uK2iCgDSZWoV9S0~8_!sLn5S|7!igU#6&ik4@>y-o_B=-(xSkuiHn#FN`%`JzN-&I5gU?6qN@JwKm4*(PN}oy=r8&`_O$r~# zvXO5{W+g6ZaT3FqfPRwJY|sF5ss@ml{aD*}aJ9#q;jZY|Le{K=%9xsSSz%-|Y~q>G z6_TQ_Q;J$4sU)f!N(h+*21p`PUn6C#Kt?P)*uwM=o`grDEnV>14J) zhF2&^s2++nf!J&*t7FmUiVGPQ&BLrwLl~F=I_As)Kubi;C`yr>>B)2^>|eD{IQ@_t zBf|U%Zt}^=hT~^jOtrz!wl~n|igT6RNN$9>_5@%PG7||&yMVFZguB?g0e>fW9W5_| zE8_RL9|jkOGsh88nX?6XAv}ohXgH8fh>#zpl??b-nmsb^C#OgNw$M+z(A$HM_jTJ2Y5#hB)*kAf)o^V&3_F)zcH1Dqq z1!l>^d4FB1j^0Ir#rLp@R>=4+*?3iOE`&kebIt^QyEPa1O(cbc(InPx*9?RW9~X?n zE-9xcAW%W&*madwe89C7rD*-RcbG&x94v03? zUE?eP;!>f!P^=JTs4Ez_18d;Q7lId#Mi7E=JE`#)v9i;c3p?5X+Z!-|)Tanv;Iphi zw0wF9qYC$xb^^QCcvSEqthEC-+RZlYFoHp56Yd&8lx~wFU zr*&UF;0!NE0=a?Nx3=MKLFZ_C*!F|Xqk&9IcJ>Y1AOaPKlI~J)FuqIhqZ@3}vn`q$ zuHW2f@`yD{?PL2a2BTWPXR!mYjka8mwmZIdkG30aAs=mbd{rN9H^LGhtRsF*$0q^k zML4r2Xxc5{hJX~LrBMoYtAJlC>J0uy4BEl#2R|hTu;W(FI?giQAnK7XcSfC0|$nY>k+R?)NrQhXoJU%wSs;)dQ9`) z@g1mD4x@L;fH`3k-MEQM?g&-DJoj!^3yIHO3yc%hks#5rvd00hRo$_&Xyod32U-{A z3mJlwIL{(QtqK89Z#Nob`pv+Mr*w# z)WBpyI$^<5 zjEqJk@^LS&>uY0Si&Qts>H= zoWN_OWTbXe;DPb5i)89;&X##u11A9ky}^kE3w1L&S$*BugpOWi6*hZlqWp%Vuc1;-Nz;BdL9T6HLE4Yw7ZYY!-f3JO`4_j`{ zaFXv_*?B8&OAcMQx}=fQXiScn>~yRpTVuVj1{Z<7y$QzWtegc#_F94KMIb%d z8KFH_aJAlkkL8Ea_etFMFsKsGB$2WybOtWN&~I#YxwJBIfkR@P)T!>rWWA3Yp04po ze#4;=R~E3OKiEBDd@Vt-HpLWSH3zRj+RDUsq=6wqld>EmF7AW|c}aBS`C7#36TTuG zipAMdm$?yYY|9hCTySy;tBgl@(}wyGS&LDLH{vhGjB9KwE+)+!hNz237cK`TLy%Ui zA7^pwq9T~>Mx*j7j~B^Uf{*&BvN*Lb6i2*7rzoH}dPG*N=UmVr<>Xh-`u--+@=2HhDo(8i+F}J|C(5(~Q@#=QLsq8SGM2_C z`&%~N-KIJtv||29n4QiX&t^x)G?3hNiEbX@h8;jBz8qMYE*X*%8j zljo*F*?2YCp#mHohe@-mw?9;8VyD5h;hhZ^PL4O*11Kqn@|Z%G3u4Wg*8mj zwiJm@{TP@N!&134Q>avmi)UiLNKl#sOXbp1p#h z6rR!S!(`1Mq3e2WHCTlmnh}EWiMhX}+WkBY3=tIZB8(R(yMIgUb43=G*c%FqwGFm_ ziAcjziDe7lu*b0+7Bb*&~8Ad;7{U=SZG|5f7 zl{}Yhh4EY9bklChfw{sOGjjmHB^EW_UK7lIRApZ{jLHmZX|i7YF^1s)uCpS&nG8|Z zp8HIe;Ceh4DY+g$q5KWp42%yCY)m?u%6`ogs~U&UWesfGp}bl3UJKZWONgu)gfJfH z*oeIis@QB~u36{nf=jHSs1BdWr_Qw;kvz!}=-u~R1nwKOd zcLo%MVl?9`h7Zc{{XRwqdSr5YocL-RC~uhzH-ZMuX-m?hWJdt{-dEpeOtAv;Q# zd7jdcS^3l#h!bCeNs1*DIZWeei#oXom`@jmB@Wc7p}f(Z#l)J;1X-Fy5g+}`OGL^e@x)pt zhJA~Tc0YR;Jp=B4|7xg+WJTY_NwtDkf-Zb`%Wa=a4#vth)Owv_kDZL!; zF2Q0QUf><=@ahO_+w7`r_Qd7M$dbHVsR!3`G9d=_e$~1(d6ViiIsh)Zn%lILcq zYk&tp!sIG`iP50`rI?vcV}m*6CvCfs87i)(v_PJp9GuaVJAj$e(s_{HV=z0S&A)F> zGQnKPS7&gcS^;>UOwkKPA=DDgloqRn#i|)&(^MY{a5jOix8-j_#5Hqm4@2y02DuV& z(x?P5x41#3RoA`y^YQI_j=P%9(|f4@Ic$XOWMawD-F9x$Xc7(Si3(QFacaI}eKDbI ztl1YajX@~~0~>p$`z;sO<}ygASb*7{!vvI&7sGGuQYpovpH-%fXH!c;DG46s4pic9 zowH3cOlxJZRmIqldaq=4^v{r(p7P)ERjUfT*Nv;vzQ2oCKHS)nOL>!}x#p>@#gx}t znrp*`A+fn4X$M%di5Fc-7hI16JwM?_O|Wwx!VOw%S?J|>CJ(3&-!}Hcc~7tr#@^m^ z(bJen#Tl&sOExREa8n{hBQd`{& zcgg*62-cwoNulvJ_NUx{J7DT0NJW9$T;PpWsl#5NZ8;$&*p?kgNoR!5{f5Iq=hCA$ zr1wOC9U=eLSi)DU^Uzz5HrUxGy*Dhr?TDXwa69fykUKbAu?nyQ#@8b>er+8pvZh)t zE`Wu6rCKQ8TsR+3fz%tvPV8xVVtVRiCqBW~S|EA++AES8W;Jf1=>(;~U3Wckk`Qm9 z@6a5#a82+YFy*`Ypxy;RS?$DWn&W8zFYM<_hPZ?;V!tMI4A`n@#x`_qo8;$P)ihz@ zV=D8OZZ{fM_onBt)rEaPY%o1Okql=Ru$YOh$7d#Ulm#r&hDLnViT8!Um2VI|KK98H z99NwI>~{mfIdu&BsvP9b{c+ZGz1tL4tnz|9@5w~# zHem|PL1#+){8CMkN+=?X80^FF%j@QYXLhv%v2P2Yk@?aw+Xi?^q0@%rC;E;hQez-r zvhK%n^E?R7Ujv@*hC%FC8;@5$U@1fH!C1-uJH2kO_vdOR#OG^K24X2`J_-l^pU5qs9U47&;Z*DpwgAcpH#|G0>?~?=7vUn138pRGUcTgY6Bsw!vIZ*ZhWCBLa-3 zpvOL^89^aRGL@j$Sb;hs0||$30ZaTnHj2a;^fHI=misbf;Nt!Yd-eu4w$g=T@hw&q67yQP-o;lkZ&W0q!FYV6pNjZOj@WazkZOZ+5LQ%0#F zt&$;U5zM=NNC?g?Hss-kA4bJi4ySEE>VA8z;nvQghf8BhGybJ~_&n4i15C*-!&bwt zL2x4@=k$pi@d%x@=@U1y2|>RidQBs7apN8tOJ^F4&iKuiA40(6lw#eOjl{Y!%|8&1 zQP`Cy&en9xZc8X61;VpUCd3BFT|^Vx43e;jCfYHl1loj;qclZmBnQnZq1JTU@7qHZo~D~lV&9md9ijQ zrkP z)B=Fm^=7zBIJO^+v46dAP{okv^BY7pOx*PezbHnc{|M^g!F83s^^|1>O;=C2i7BqS zYEn*OCe(C{-b#krfd#A>o}_Q6EqkgS>IeJMLe4GC=Bou-Up7`lz-`6qS#WdVJjgH3 z0*paF#%~p+{RS_{n@7(vT@u5&K^DcICrj5yeNRwQSP?fRd_$pRXKeWE6}QpY1=a$L zHhc%9_vX$m&Mf8^3d<8K3$G&#B#TTAvIVBES1-O2T!tT z%}7oFIip)ZQqQWhnF(U2XEhr=agFG-)^*^qFCnoW5CWDO&ftQF>4#mtf$)EN1lZ91 z#S~wo%QGd!MmSigcblf1>HW{3K+!%Yt-lOP%OYse)rOn|aIK&Q6jglb0xwDPkoOM5 zT94_ZrkJD79V#33bm-Vm2^hj|#sV;y9##V6eq2Pl!{k)#q*Ap8w7qk!60f(A7!s^D z?Bbb0mO~$Us|M5pmg$)guB)NZGhkQ!VqY5U%zPog2+l2`Wed>K8qi@w!(woywYRwg z`xIK~QS>jk>e%^X&1257v&R!VNVqW@uZQ5tV5<;xXr0=kY|4mnX2(t)KB0Z+xuz?FC|g|aFkX;xa5CP~U` zeEpF#--sm4N0&K|zu%uOo0Tt8+y+cmX_GWqp4>)}4hF(0Cm!X(h=h!EW6UE}Z<#$g zfjS4#a{B^pR(6dmioWjUcf1enmbn+}PfVI^e{RQ0`-5w>!o~0)!+Js}vLyZ8zEsyl zT@(O8P$)u+*@kmnjm7+XlaOLxbQe+J(i(^5y@y}0t7c;3e$=?pDtQz)E&6lfE z+t{ZC9ZKd4)xs>OoST^`R4Q}l=I75_B#Vw4xpu>SiEz^v!YJQD!^D5B zw(NEY3p=pZCUE&{Dr`MBItv>u7=-5bLIWzo@w#OA7rnZV1gQCAb6Wyu9Y#xm@3d=? z`P=wCZ%?fXiS3y!1-nVvu0UMknoJJ}qGz(;k0$$K(wp~u{GPuS+%z3Gi~@HJqhS1g zR%l=XuoKwEj$PloJ+QStxmzgQaU(E6@+cI%upPhn4~s>wIrF(PCRHpp40 zG835zDeTDJQQKUrwqcdLir%bW+k`>RLdwHjex_O~pI^PTP_AJ8LH{5p@gl|EiVYk| zOR*n`$}`r8uBrK@B_gyknQR7nTdLyfHyp9KZ1R9nO_Xy&?Ymy4&m_z1rR)8U;?iK0 zl4ZQoc~?XZZ9Gz*_)CEzhGE`$yFp`CkXZu)ip-b2dm49JQhYs9til62kKgr zpYqE4Gwm?)n^db*TzvLf=6%j~ss1ZYq-H_Ddfgcqp+z3~HNO#u3eYG;KR_7X-fYaU zzn553ML@X+Env=YxRna#^nCI3?F;iKu@fN}AK$^gtRvZM1qNF%!2h^4nB|x)kEGp^ zmF$fS&_HX!T?g8wKeU#;A&Pv>OdzM?@8e zVOKil<7S6V$(r8BLFjqBFG7w{GdDVjv_J#e4%$p{ZpXmJF*YD<*)^KL$c&;;m)y{R zX)bJ^H8v4=+7F_B_!%`jbYAv@=-_dAuVNesqTm98A8t~Lp$`nrH#N2VINejsGl4*ZB?8OOkx$_5fa*nyFl*% zHtZefpq^(o?4TbmE~}p$HoaAx4oq(q;9=9dUm>0}FhPtPn@ED3%xgkBbzX02!(ey7 zi50#%qM40*IIO9SAwJ4;s}D_|T%}F&>}n0kzH_eSkla#2tOp4Q;p8Ekc`Afa*L}OI z4FY|jPAmd@UJ5npH|C~$v<~kuIb26jPuQiz2~gwZl&Ou3q!m*lbj|$_(F@^`#6XiO+Q}?9N4sX0MiW*i4nEIYFFecF?xq9 zDPQcDFHL|n0uIEUIz*L6Mc@bEQdOanc(s=*n#8hZ4O1}*=u|K-2m`hHToL-02V4?HfZZs*pG9HlBwL1P!!URJe4BaLD3S)qtx4gBI2XS`2IrP~d$o11No!v;xT6qcGLT zJ?wi8c(CS2!C@~0dDsanLZMB+3q$^_zky3x0=oh;b1INB2r6;akdycy52a(FS65v%HYRuri{TQ$cqeVT1GmyH zcTbO(hY;i?!6YLR?vQchM0#(wFqc0!UtP^(AM(|uQn}h;zPZV*%T?BLWd%n~nKI8Q zwB7eD%K+{S!g5r0H!HnYxV>7=ug;Vf=Za_WilQ>kBvgdSp_$zzpQ%S_Xa^mZafQd~ zg`zLhr9Bffut{CkF6EfBO?9`Wt?QVllU!hyx`gPW2?}?3ydGAHYrg9n4IWz`^J1;oSf_k4xPjN4hm73sjjNb*fUa^db$Z7CI+y= z1qn!Y{7CjW=}%yp?_Na2wb|!xf3i=9g1%-s2R%J3dU<*bJ|Y8%y`CJ^)m&?uDa|wr zdOA1sa3FW(7BcmB=SEoT5+cFYn zTUhxU5oOnimCde?#7$zcg&QhjLT#;*34dc=dg`YtJ#*HDkt9wYxnTY{rn~gD${6(X zOXtIxWIHo|B@3=DexD@V0x8Z8QL+i=UN>>|1Rln96W2|W@LPVeK#%ES&@>d2kICU4 zJ)Gn-N0JI-R!mGP%&GoWm}>`BNz6J-7nP)|4wImd$V!avtkcyCf^Nl;9kpo+g8dw* z46)~jcaSnDxH?GYZ{I&ydNvcl(tybPO-sjtr5|4O>z_oI9 zm9|8!Rx8zf^;{(vk~A3cIZ2Im%+K`mnGhViue))7t!N4*Vu3+)b))J2k&2bQ=Y$ltWYB&=WpDc18ZZaoS@ z_DP9w#ZgLx1Up{8JkBU@dA>y#XUvUsulJiRJ7CUc5j_-2n|rE;+rZ>Ng}NJrhV!A$ zcVe?e-!XVI)qKw}LYnH*j)J;6!Gds20`s5ZdVFoe_d^Ia-1QA8`W%Y4JfRqXnvrdi z2?Xd^V0=9SNL4kDt3yMTyL=Dt?)trjE*Hfr}LinI+Zz2Ye8z=+Da;PGs zft$#Cgwi{_yKOg6=WD)rWp<+Gd!g&V;IO)-M@zh#x{HuKoe8^d8e@HIdPy+#T~I)g zJfIu8Vj?V8R~PcPSI?FU`Pqv84jUJZw#9B@0qyLC#o2NpUnwmvoh|1p1s!y`FrUA@ zFpHkeoXwXFozoV#oGX;it4)*%v1@%yh+!=sd`1$1>Qf>hNgm{9OjDAdNuHAY%s!_i zKhteWbPIRl;#QW(37{`;(<)LHnqevKd!0Sn)B5B}dyI*`$M`y97cj*5Au2<0Id`H5 zrDFX6=VYwxLC3+U0{s5N<_ zxG7vJ9_|fi>-cU?aM%$W9Felleze1Za2_89VdMw+GAL35kD*-?R4IsEXo*yA<=?9r7PasbOz39EmigL;#Y^3hlN2i`ILzl9EYha#3uQ~dw`@obpi>f9cL0GX%=SH;ZfBtw4L;l zV!10Ot}@~mXWheUd)@UMP_E)*YijmE?0w4*M>jn zI>z%a^>`Fsw27Or+uvQ}6I25_4AMNdG!gb=@}M+hYILL))&qAV?y}xbnl4$`nMph- zB%clvEk*+_s2<3!M`mPuY}|*wX?G>(gbBlthD+d(2j-JoFMmDcSz0spnWnN>7nVb{5vkvoK=baQNrMCx z98a~pP>jx2#?{#O*|D1nIgkP=cq4cYXo{L*v|&eb9ybQ~@uDkU5>?UYVwW66WjL&Z zC#+Ugcg5JrK6In?$jr!9dlRCwc$_vGxL)KlF2;L2I@vtQqJ6XIKwh9vTowg~sI>w4 z3a!7hz=WZOD3RRdsvw>n7};(k>`!##Lq13}DaY3a197T(7dzx>?Q`lL|B803;F#<; z)X4bw)N#*X+sy{s7`iG#bOX?oAwiH(jp(|`Cpmtf z8qt#+e^8DGhh$V6eD%m`m3F71DNurPB`IB8v9d#;V|Zlxm9~E#GLu|NMmP)xc(jx> zQfS)`s*Ui-6|sGYXUA6zc4639I;>(n0<6PMbuS5E6=y1ktMiovp{tcRUMy7$)1bKS z`8fEaI$sf2cAG>Zv3y@AK+|{J`Yu)$$t?iM4Ho$TdiGiaA^;gs3fy(q!|tnyPMMu1 z4wVb-E$9H(BdNre6X>!c%dYBtWp$>sxLBB}mddMz+l!TIC70eKH8?v`(iqSA-&O@yr!Oyr$I-&VurCL}ll+AgCw7E!dKkcN3f$caw z7&B!%P8Gi*^ou$6Xt+_Q7-c{tU?z-3{79y?MW2HdGZK&!rR!nYk+}9xgqv=wB?%pL zpf&(BMB^COYL9J98J!4ANmW;_u2xG6Gx_T3*=lvEBFLo0{OS3^EP_XBtPh-#t|w?Y z4J_(K&-e-i^N1jK1v<7MOIo$lY*6R<5_@>GK3FP~QJ+C`d_4D%Hpjv9*WI>;#SZi4 zinC|L8ylu3+UrgrKBugS_CUz!<*fskq=z!$vRB+1Abe+~CnN{s9 zcIoZi=1HN4*h@MwvJG7p2}Vh$MtG2XlSY}@GZBa}py_ae5*ADIprZ zACYrn1dzb7j_yz?*eec+SP7w3!=U6fcFlA;!Q7g4n>eG~9NtXwGJj!`Auyr_C|^+= z(DSStO~^nG#yyxO+RhNuBtO%eCIU~zgt>0gKp4?On@>Sp7Y|Ob0EslDJJPvcFVVX!HJPZAHP=j;Q z8^Z>fvk>Q7(rc>NpjX#X607P&PN*Z!u*{G_-`;Fw$gZD><&9bK=nqQlL(E|%>LUF? zR1+w2xF!XtKafI3Z+_w$h+<;Zc}_O7CO!Ztm3G}U^xR0_V6~FH40xh)KLBv8KCJ@W za4r}ex=kAwc+nkNM z+EH?rNEu>i%WOnZD?Zt0h#lLZ3c8`Bg^ra4EaBJ6rrRRua5>ql`U7j&->IM2@GG!} zCAYOyE+Mg5Ts#97if79CYO%BkN^{`$g?TVnoG(png~ z?dX4e?X`G_fsdq_>#ftBjG6`09J7575iMsrMEa{X#HD`fj|h5JUln;;0c=6f0gHv( zR%i3o{OWA641AI4H};apD7IFt?Vi^O3Ykt z1LBAnd{UD;lGF`rjA+Kh;F)L(#@fTOXy8Rd;-+AB52SRoqDGA?wnfc{fjdtqfD*kJ z_~}49a3)!|fo$PEEW@^@iOH8=0_Onv9^YhE#dPVSu?|2WlYzMB=Sc<-letkc+;?Xe ze%k5AGDw4^S}R+*=$O_?v22OLDeGJawL3iO4z#PP?|#EsqOXjF{XDp>zLyN&y9req zV*G`GdCrz{7%tXJXHE05$)r3ag)7emsAN;d?s*+Rc~plP>o-A4>|g&o!E^svE=CadBKC@#*G#Di$}a;x16wGzZw zix@GqV`}_<0DRhB2qPc>6pRHxVqm7n$Q+O!g#`8T|@{@A|UH6 zMx`Rb))JSn$d{|dx%^DER6f6Yu2Lwc zIJI4ea9n1aM z(m|N|wU}=A{DvdERW}+BZg+X>HyqPNpa-|-43C?3OZ?M`;r6;QRJX|FTSjyHT)eS$ zH5v;jS-_J2itYR&;=Sy|Lfb>N_EWhySDY{OVGI|r$oLHh|Le%pYT+GVR(mL!#|^w< zBEZ172saM&k?H*RSzqRwG4gD{5PNbH*# zdR#u~t7Bi+P{u{3-$xmmjVa)B#;Yi4;mB0&dX?4bK`*A%l_bQF{wDUQXm|J!+w(HZ zI2GtCod?0T+i0*O>Y5$mxT!F*8x0u98e(y=Qq9lL7s}jNc1Lk(wR(Q3VA@}lEz?Tx z<(HPoTx2p?^J>5!ONJEr7--#9bF`~Q3&Fd-we8$xb?ICJ)alkgC75(7-je~+?+4%t z;dIg`S1d~Sq3ITTJS48@mjwsts9*ezAQdvN3@FE&b_)qJ{9j3ABmK`Ls=2b%v|Hv{ zZ0PKakMr2d+_YPoJzAdj1-qqL7rGv*1hq~z>%<^b!J@Jhho)H}iA|tsx9BKj>qHMD z0J{^#Md5+~))31DO*=ZF{0-a;j14pF$dD9-mcmIio6w7Z=Q}XtI%=**8vo6jK?lsc z9t8H9zXdVFBz#BPFZvEFI*ERh$}{z_;5s+M-CQ4DIc%K7+hfB<-Lg4MaQTQ;`6Kf8 zI2gjZ8;*?d5%}PAlbVSxB?CB!$foFU!w#U6LG077DVnfDe0w5}9b5$K0c-*5PS=^% za!Uqq9qv@3!1dN~Q4j=3t5XobR>Q8rD%^>3*6@|0wB|2X`4p~h`2Hrq70NkmA`XP+ zeO$BSLn`SKkicxVqH4AW)*!Ikk>9i}+9vAyHkj9Xf~TDmLe?2ti@uImeK%4_yGOqm(U1WIT}9}GgzkaStGl>#Y23+D;MYl6b;CSu zLT2@9v1YSwNL((HiZ@(AMc7u7$BWd%mXHXc+dVA$*&-HVETp8D#(P8B+HjMqU(pf% z4PkWFE)b7WA|!f74eU?y>J!*Q0IRo|f(XuRFqHQj(QE`pFaCN)F9)#cZ()rpF*bS4 zu5Gqk`0SwvTf`S>-AGwyN`Ds`)mmV@RgYVv-+0$Vq!2}J&UPC_IM)2uF27l-b5pZS2vxU>W@GCD3fFA01wOU%8 zIa`>yxnqGYSe_}D&MgUTWjz@2SjDeL^RBm<_naBbVbo+4uMswdx5sYv={*Ulj{FGs zF2#%Pw=2qwgY^gw*k#PT`yQz*F#8^&wn97m2C57~S+*n;O_eF}tyUQy2>O;Rf%0Lp zWQbb|ze*u8@ecH)pm@9qig-#H7aYk7O6bPKg@n<`w|He36+aFeJIfQlAVRF!hoe-40=42iDqzOnN(l6V|x|$hX2EbbT)Y zh`BL=6h?Ls@wgu|0J#nQj;XlksR=CMQ?;2Dj~|xd-EB93&a6u_WSGY$Yj^!tXeWKo)^FF3`Rd25+AYV9V9Y(qpPO3Jd2T@4JJ%{T z9C{7XW5$!3tI)bkg3^fbn_#3(;x?fP`O0jdF@J7uOZO9NAa7Fc-Ek}2*>V5(`m z-q4dj>W@J1@eMnRO*vU^v^)zNO*9W!{n>XP6B82?r>?#l|2r`;q5gYv>eSTGf z9wJDlL3YayvVJSdzPKLv>!L!R(sq?;B0B9B`DGX^`Vj=vAbr!^YPnRZ#(o9(CVLGs zlQ6Ms-~^)BR>4&geC@|#P^qpfzw(=4^qHnkTU{iS;H5u3j zp03)4y9FJkQNv#kjjiI@%?WMf6H`t&JjIC8VVavs!^J}~w-bgY;bm@3F+`dY-m@Mn z?Dv>qJ;er=(`HM2sn3!4R+yQv-D>$kB)z83QU=vUnv4Nx#V^9;Sp{;L)tDXVgC>k@ znT^6nTjV~be!B1f6&x~@2{#VZN3Z>V^3*AH|DTw;=E?p4Qv3{GkzI4W?3x{Jq*5e8 z3@1Y!9otJWD_Vp$^V~#g7%bR3pz1cE-zG&qaZFCg-C)2EPo0{WNHNdt9n`ecj*1=$ z-U)N*$<%_qQ>GBpqobx)*~tkoHkKL&x7jXsQvtK5aq=m2eg~>Vz&f_K5k;-l8Y$$DexJ@}Cr@6RnaE6JCa15Pxb9?@B(BNY zEjPP0nI#ua*$rqnqK&(VdF$lFgauZvPhr;~>`Z_#bG>zpoM;*0SdNd61B@tZH95hk zm16e5^d2Q`2iH?b@5Q9)fR&XL5NcN8UgIkt+)0MK*>NKB!p{UCjG-~Xp3Cnv8__y5VM z$tU;!OY!sLON(cok$O&QXlUpe#j~^Jp`oYTJ~VXM_22olp`oG6zWnX`hlYl}V?Do+ z9~yesE57R+_T@uEL!frHyf8HMk}HRX?)h&+Lth^n8oK9ihKAY`LqmUe*U-@PeM3Xv z-+KLT-g3jx(9qM?ZayqI(;j+b z{de9`dt~U5`yTn+eGfjZe(xVXrGC%C<-h!t@f+X$g{v-q+l`k$`?B|3wtVkTK5*ra zKI3VdpFRK7Z+*wtYV|*;Jn*dTQ$P5(fBj!R^V>iCk*|IA&wpp@f!d${(D(g8<|lGP z-}eVEue{^J^!wg^?ETqyzQg{PKfCzCkA38$UxE)@yzBYz{QimNhrj(-rOwmd_tSrP z>_^`C?e{$I_NU(Pv~NB8p*MZcD~4Y27vK8dwO73S<+uLO`@a0LfBut)9xlzkd*-s6 zXSeRyd+SCz{mJNJ{e^DsqwjpvJ#V__slW37`<35#;BycB>qE89^FMRXCm;CF4}9Ue z@4f5KzWn9)|KK}b{<+uwbt8P;{lEOumCn!o?K5BbhF`wtn3cWh%x_%xdk@xs>g&H# z-})b~eM9QGXPR?w`|5YT^Q+JH-yPgFb^nKda`U;~Q{Vrg;yXV453l@S^CLID%TIq5 z6r5n`foHz*i=X(@)%*VHjbB=CeP{hG(G@AieQFM#yQ%s1Pu=?Y?|J>tco%*& zy!MSRyy5l}&6nkF{66UQg&za75#EB|M#68!P%Up#cxgWpKM^FQDFfqUNbP;GPQ zO%JR*@Zg&-eC4mNz3Y>I{=HlO=D#90@qO-z)a};kNB--|+yCTMdoP&#zaRb0dx!76 z{1f%J{blI~FZ=RSz3sQWe)^YQ|4;wvV_&=RUAO)HduD&`^-p=t*;l_f`(N*PRr*gq z^B32B;B(&@4TZllKL4rp4}9!TQ#af@^_O4%*}J}R<*}8i3!?y>Kx4nJ`0(@Z`>_xH z!uQ_t$}9i)&dlP?XJ7s_|HEIp=7AsoME!05y8F(*fBmOF`X>u7|MoL4ZZuAO^B=DH z$RqFlz31QeW1slh7cLck?t{PhxnKJAfBE;-_##Kl39$`JsD9 z?tR^7|NWNfH{SUdx30W5_|yM!^;aL5O+WYY6R-U4JMOsiHE(`%_QRvk-a2*vH{VwO z;PY>Lb@<}V`@QzV-&OwjGe7pG5By$m?5hvVI{)w3T|e&3ufKKu-XHwPgI}Ba{D1lX zzwh+$b1wh2?QdAy?+<=u={H~W)q7^0HPq^ZzxdA|f8QOy`d2^s!16tX(c2fEHvGW- zFaP%Me>VHP<3D}thoApbKQ{l}m!EiL(fg;L`MuZv#ksGt z?fU=zlAAvL19v*FLcnIHzy4jn{<6P(#$8{zeDP_)yFQ%$-ReEByVrjS{Ki{en!D;> zA6jyriJE=KvmSod@~eLPd2hJuhvr`K)Ym;Y_m3a><4=6M`Gxn4zxU6+{&So6|Hx~8 zKmGIf9Q*j^rytq->ed$@tbgmhcRl?V7EZtJmeim9{g+p#zVxblPk-gr?|ORL`oq#? zH@`XmhELx%f5(H1^B?`z)4p*3#+#Pz{f7sB>C1onsfXV4tq=X~l>hO@YtFv3{J=Ba z8%I{}eEq5R+urx!JHPj`GynIuU-ZAe^{e0h=0_j-qhEbEeYyAHZ*G3i_dnxVUw_Ys zp8r!n_KnhmU%%|w$A9WIKmFtgfir@qkmy@$R$QQ!Hy+h2UwoqMyNu21~e`{tT|{*Jfa`1db=$9tZ)TG_q`|Lv83 zH}|7I^yZKK?6u9m{?_v9r~cQq&nP_S$DZ<;G}*8Si}7&Uf#8@C~1=|LWZzf6LoG`FCIcfBv_B_K*MMm4Exkcb9(m?WbM}uY37F zeYAMu1J8KbKc!Bcy7dhwVd}SDd+fJ<;CDvqkK8x)^k4t?2QJ?AmFKNKG8F#)$1)F} zyX&FPzUXI{R^IiCfApf~@7-vX-*nHhj}JZT-!gA_?H_*e&)@ZhSAPDAcYXNRzw3=J z{G+ek`T51|_doSZKRop#pLo~E+uYxL$qjG)wcq-+&BFb6K6U!9KJ^pf+uvTPPHbk%>R&=eXG%JdT*g!?}d!{6WqT;T* z@9+P7o9BI3X6D{=&pG$pbI(2Z+;h7fiOKOCG%5zVvPHk&a?9BBpXSjMJ0>^S)oU5F zFFpO}Ui8)pFA_>u=fzb=TfN^KylT{*G?76`_`9?v!!vY0h?2MOJ8pblWO%2fq(ZY` zKGX8ykXe}l*JI~a&8|-EQm!}s`r9|B^I!8abPcan^-6c3SDMHTLYGBph4;SNBXTtR znr%(Hn%GgdH+-Neq8DUjY}m1F#EQqqE>Cg$Eq{ATzyo;WPU{ipvC#sTE>pH2a``-P zR%rIn1+!V@MAjMnZ=vRY4nEjf0%h-8FZbj*RZJSwr&2qT&18 zMm&qNx7*$&L$~*Z2PXwx;5o{7<1-^0LawsL#{79eo?XHfxx;_6T-OP1yH+h2V zv#RG3qk@fjg*sj1>{2T3-zcrjzL`8C&xiX--zBAQz#MO{hHKRf`IW)P)!0OL;Cd==w@_DzX{|dXl34-hA47$?SU!Pi;B3YK)<&&YQO>KCJ{i3`6 zF=+#HI~*~S``ZOP9TaDmUUav9#omtR2P&pmJ{0Hmm=$`czdYww&-gE)`3?SQwC!S? zfv&yM9V%0|k0eexn)IaYsA);+-`r->H^UAFRn$K8ZJHV?hH z%FXOz&M8L32#+nb6S;=_Zr*)b<6T#Idok_tI~*Vb2e@Thu|>hkRT?jM9x@tdxLf14 zb}m}+`qivC^*8OdJ0JG2OIi>k-Ew(zWck#N=hMsz+f7M*ReR@d*Uy`Ojh?+FZ4cJj zv2vWI%aHWiv||;%rDMRequ@PKtFFZls>|~CTp9i>N}D#FedmGa;LR>o8mE`%WuJ`S zmLWJeF}73emCmwvvj*rUB-(3)}0XWizDkH=_la(sAc)=Eug{ITPTQC8 zx=kFChGXJ;&1ci*M~Ut)ZPSl-7wo%r|I?WgwktDd_7RU;>*exmC%Arv#qQP>gZd(x zwae{>1`qsn>PAEH)(OrQesoQf;AO7q@n~IX@aB??C$lC$y1!C$gjd~uZs%_DcjBc{ zF&n%m9ToPu3Z5;~TCvpN_@sF+!z(Mg_NhNu6Ud)GEO?pgmO}K3e%}hMmxk4B58dj5 zhPf*{wLkXp;I5;Z1K+O>+n6hio>KTa2F%Jd*3)o4GdNDG?96rdF1;o{=av~HFmP23 zBsbV)&ReBn@OzlAlwp{+raY+ZnEdqBF2d3+HrfL&{qE^LW)<5!GxuzG@7br{o76nM zaXn_x@ZYQpPT0`>w#FKnYxa59d*>tUyl$5Kyy$NO4 zU2?BcaBIhxKkmNdfKHuz1XNX~yS7XGnG)m|G!oA5%LzF5IPnqV^cc;mesJI3 z!D~)W8lAObG3}1s!jUfe$7@P2zbU-?{8+%XkNy_-R?RrK{MEVi-kA@b(9qgB*P{>H zMgOTiCwm%SFMn<=JF(-$1DDd>r;b|9S}ZRw+n0F4Vo~YV-wQi$a^2?_9c6?#Z{E47 z%O|~bvuhr;)|so^HD~QNQjN zM!mnBH+KB?m@T1;1bfYY&zUC58ZxZ^rcRp%f*raBtl9DTbfClIN%Jn2T+h5M_K(_r%KK2~-Yz^z7_?zWjOM4ryXzC)@y96=iwf>u zEQvgG!hpVdjUe42%(K4tqT^XZ4a_s$wY;7OM0a{$cipmK?N+W|!6tq{$to2b#KQ2jgD-Q~*i22~H8uZ8ie>H+gRCc(>&I}LjLV5VU1x{vJ9 z(F1Ll+_*B}Y31#W^W8$yuVyd1@ugGUDy?^8Hhnm9=6!+D6$nEpZkeL<}5b6?KMaJRx4W!LYNUGGsp zW~pl*nlGI_-%rxLC`j}AbKlzTiZ4YbYgX*5uH0X@k$)|={jupQ{bw{R%igR#dRoD? z>+|YH$AZX9uZw%G}y5%-UI0|$&)48CmbsE zI_q7Sah1gm+2yM*ugdNkq+R)L@w2(>*0EO?1pB-0AT z^P@C&70g)u$Eda87uGJJ&z zE9qP&x>R~d&Xinnx&F2yZO-I(z7~dV+;A8ok7|n5b2{2uN_WRq&wW_wZ*z-hxAI(ONyoYUIt;3=(<#k5IITm& zuE5m$!-Ac?Hri#r@U@t!voJdUlTQlztf(yTWkzJu6N>Xn`fGmrjJq;+WEeD|Yx3j#C`dVP!kUYVD**|Ial=4a?7@ z#u~Zp-j-{eu_-xzwr{zojdu=ulDXfYLqq$u=Q{N_*|%%Qd!0PyJeTD1>f|L2PTAQm zZ#?r7ckrvTy*B2|>gX%z^gbeG<>(&SK?ysL?p$U2dGo@+niPvno69AUisY##ZZ4WG z8&>=2NvD+$&p8s9b>R6drfBVAvw$kaAD=_FjFs+QeL2yKTQ{P|3auo|WS^Ob4t5D2 zlpdL9o_3Pm-{kF>e%V0@!U0vRy>D*h>g?&{D;QpLC?3tw7e+3(9H_&9IoEeScGsFh z3lISEIlQ{zuQy%VH?#`8+Wt_{pg~$pH)l{_v~_hD8AIh?sy((MUR5(4Q!WN? zRU}8w=~xqxv|8Kv7kZB1ox)lA2kPV&)%G$usv zKh*c2;x}6T*=q09(q8GQ=ievf?bhrhlGnZQVLmVGpY4^PcL0s}B2YxP8{Iqo($u6! zQ&yCuIpquscD^3M*4xRIXCd>t9au5ozyX$7pu`g`D)OFYF!+Yan)^5qpzV{#%x-c&zviELd9R{pl=$xmiIU=B2 zz@Timgyh)`uX|S)PA=aO3(dTLzb?5aY(n$B)~nCVsh5n-_8aHFrAP0YYr#G*qcS3U z-+_ClXhctbVHEev-Ofp2N!dH|CElqsd!?ri^Nl~6H*8^jO0HgA8ng4-iu}t*#P*K$Kb3uYG>5xqG&I!W@sh#H!3k((+%&`6xDB zbQbZdtR2H{dMG|j-Q+#a$Ya@uTZy-M6JQ$6H!(souxpjx)7SpR&jvASpS{|`U-02^ z-ji`YWfmFbx_ehxw$ovpKNx?adi|4uE=OLz^LIL86SkS&GylF#o`F_i^l)kMgNuC* zovHR3VyVM8f9Oo@DO*;6rh#i3&;5+Vi~oE0jE!rIic@@bpX_iA`X$>v;cBn+ArI%W zq~TjuAkvDY`_=Pa6$LJL{cS6^%(f6nxAR!0BY0Xg@cd{U#`!&7Z2t`&qf!iS+%HsU zDb7@T@qhPwk)hb-HmQO)uvhjZ0$Sz{S21i=)h|R!zAnBG zYT`ZD#$Qfw^~y`EGM`}4FlT!lXx{RuX?Y>%J7Y!CPwOZSW^JrE>a_x+_nj^-vRl3|HP+}3G*IWD&XEJ7K9%nA&OYoS*n3=Z@$|w@z7ZDj zPfZk+0Ta$MbQtFk7{=bxxIIW)682`?b1#PnX(?FTg0hY)7w!(86wJIUoo4Q$>0-XS z;X=H1dPB#|yr_ZhNWbdJPFdZzIq{?t-CMdx4rnf!kE1;-*m-Eg2}u8!O6K-=i=TxL zJU?1d-F|`{ZEWz|OFPe0PaV=rhjBi2i1W<$m%7dtFUc+u`Qy0XJGg98?9F+sv1!{E zeaMLH)zMMY#r%9tMBYl%+fSy9zHzKq!dbIOn*qAjLoY@9G6jcX@LE&z5?3CGXvd)! zl)T(M{cHhOVbUXIR90+nu6;=#1>P~e(ubry(HMM7Vf#L6#M-^P&PqIn9GtgrjG`{G zL$CDMwfPiAn|kI(PMe=8+;VZhO=ea`WUt+N1qOg?-i3`vZ;@m@aospd(dT~r{qW-C z%XonSLaT)zQx1qW;;F5{{V-_f3zrT9oRxWQ@yD{JX8IanXQsLRtb#H&{V=s%a6(zqrb)fksjug0V?{h$_rpt5dF-PpeR?*)j&dFLHu}g2%T}H<@ z1;09pXugSdg}s7jEOptK@v6|~%lIXuUEWCdYq;wio0E1F?vljEMQGKcPQJl2VvO7# zZ#5pVJ6qgA_F;O>xXjD+*~5aJ`($Z}HTR98g*2?OT%%iRR#mM(D>U)=Mz^?crs-l{z${{{KAIgZNbTsi zYyHqknWqw`euM`5^_rDDZT|XbL25svaZ9t};ztBKTR&U7h`&lV;$FvDk+o0bjNyqR zPaS`;_Lz>}Xm*cett5W@`Z%3qGX2b72CQ3dX3z*I#)NWRD-CCF&-#zbLTF0KMkScR>k4>k#QZhyxloq09Oo+yAupzR~uAN$nzmr4Lm*wrh2 z2v!_5>X%3RxeH2?ep}(it26Orr}&mKgY(d`f!UK1e(9AyBy#26al5*`uw60H>W0^ZSABNCN9~>&ZZCS*EK9PP zd-C^-9A?-8`qr#E#enyN7k2c0cw}sk>`4h8z0!wlEH*H{F+uV0*H1U*`d9UFoZynz zdDL&gnk$yz_$=2-;wSP}^^|CzK7Gkm)5RR&%Obnl_By9?+m)# zaZuMC_M45~+?}!G(%|9&3-A3gO+UV5o0ADHls7A%Zp&LdZf%*dJSL(_-*LW0SDgvT z_V0sNWVPd5n>=I;uC(T|atF=d`!d9>{C&LV)J`Qv*DqCd2tKT_HmoMQBx-cnD*9HF zVCSJ-`g|PpiFN9@a}h1gm^}9k{4jM%nTCG( z>&(0<!`%N*9l>PW-uZ``TR z$0xkUC^K?E*yLT$2SitRD3Eol`#AJpsFlRO6&()Soz{*o(W9p1 z>z?kn=a==V{3u{>_~W0C$*AwO-bCPps4S+}}X@zYedo&9_%F>}LOVY)TpTUNYWW|aJ*A%AWa%W>$!JN*`p zim4e^Gk|y4#IqZ2d{js4wez30v2U1QhTG19YA?P|*4ksW?KrWw#u=sTdHY) zjPu90E}7g-Be$FHgIzrd5d2Zk2#A0~duAVecMeeXk7w;BDEx)lqD~Vrrr#erb zw|HD{!A7I~W2>*_e~d_Ue*S*Ms*9R|d7s7^oxQZ@%HX(?G$*^Kdh;z89jr`?HP#Ls zBTNr}a%q@uezn)5?Hfvt)!h$v(Mk%Z=OcZGzg=|qy-zAGTwX!aHU0PO>cCN6}MDeoA z@vb2qr_tp*k@TxOAI?sNahQD>ZzC!@YrD5&WVUQ76=OlqT{(7rF9a?w>5rRp z_?jZ2++AyXtWm9LxL6odx2Gs)`ElPDK8)n~cd}!p{&BV=(jIybT4m^lBXD-yRwV7A zPxorG!Fg$3ia{F8)f2C67`yClmG>?SD;wUP{xfHm_Q>`jAU}B!HbRQ!(ISlnF(*=U zf0?yyVnRo(>dG;H)5uY#?BMmIM!!qr)eZMVXuj8`O*|~lE=!&lYt$p%BJR-<9F1Q~ z6q$?0+1wZG_blIVl3QknTi-T140!nMl%ogcn{^mHF#XbrjBpH=fy&|j_u4{T9W3}ndW;mx<#__7h+? z74L6X-6i00Ry;GlqL_ z`Gmdfp6#EollhEY4G%GBcPcvQSWp%GI0Ii3{vK=O25-6Q?`D_ND}0D__XL*}InmBR z?z;{jbO@VV_<}huvfNz3`E5yL`?EZ1;kGyRLXPd)b}WmMmEC;f?YVU$u1&2TL(9yZ zw|<_>yE!_8;tYv}>8)|@@Tm9fdAizb=QwJ;47}m9sXxAyT@jhRb3x7kTQliy-I5O< zt{yn?tMSmKmiRE6)%);(d1+c}Va?JFHqV!r?6=$>5Fchy>RfasO4nf5w4+1AatW)) z%ipi6WHDw|<5BL(&OGz^kIaB#cG#6`bCcfouC>ZsrG;s&o$;{nL)x4dM@}nrSLEE|9cEnX&@0_Rv-bq@$-~MQR z`0K6tIr(=o>XWJ}pN_cHzJ9=|mk~PBwWr`#BN{t zY8}tUV$A66Rz9ol=)mT?A0IQTj|`qT=t4v3^|zyL%lGa&Q|+IcU=qA+^yzUv&%zX6 z^wW=aecaXjJ%7?s|Lo%z7d|u5TQy~6OuIfewibsK=js#>q8v%D88i0=wCj9(ckzVN zWA4mkEiB#av|-$&pxXf!qjY^ecP5UwHu>Y~liXo%FAk=!j@L>$m)ZH#y|u zVSO2IOP1BgXuO-#&Rp+3!x^1e(OaiMbfMFX8I_lep6u5iGvz(je)A#yPXiVN<{U1l z4oXdUW*_hcC3~PLlIxgJzxM3GUC8c;6 z$@(ZA+e7i&Z*%6pDwREoFRB~IH}}Zv5us@xsGYJS;C|uZ-Ge%LvI~rtMe%|*-i)s4 zwrcvh9-RFqL*NZz>+j@h7TnHwYg?%J!#nrW{p!IlB8*HgLIq}MLmu<_;T^GyLt=Fp@g)Oq*9QiKFei3Td)n4y>yUW4Ljyo*~ z+^#$O3tj4->|!7k1R>6^g|fGLa$8x?S?qU@UOkcrf0>wkx_6C6p|JNphcH}t3U_@3 zs)MwwZybGnKllqcB<9xC>h*oS?&-)B~`FU>mt_{*(JW9(m)<))k+ z#BzFN(1pRi8M?7Y!lkSI83}8Hor7LMM+08J%zIA%E$C%U;Qnc2ZEkqY98^EksqdhM z{11zxdR2)k58KxpjQpHt`FQ{06;a*Jp3tMO#zoiVhF^8Gk>HEwrh!{OnMnIpSHypK zKgdT<_uzXwLz=eBUQhAJvn#QA7W4W(ua>;BY=~*UV*5s3S+|7qlUH?coca5_31xBB zpZfu4ACy^_$E`~)<1%+DeoK1x>(kD@=!a8tw{IAGeI+t=2@L?I;*t6>#%OkJH9i7ma^s^P8@65mV=ED#(+uk9| zOjnj%7HwVs;&6GgZt0u6MRj|ZMFsII7|))M9KN<_r)j-Lx=$)7lGp8@e*J>Yk`*H+ z^2&N9oSzb!?l5%Rq@%X?7$1zw*}Lsdtk_B`ey}@cjNA2~ZgsyM&OgC^{fYB2Te#ug zv%VD?lX_Mp0C|1i+Y}Tu6nkHsJb+uKm%#AI>#-gfw7vRhQjsurtZ||1t?RdrV)Ocy z^?zEKGom&s;mfldo=dX+oU_iTc1(Fmo}~Md)mmllC1cH}J-zO~o8Hqw(}k}kudS=< zHdiye=jr`WPZ=4zuC$pkt z-afgdzoe}$>}@x3Lv=;b#>-VXc_+_&sgjoucN#nTs`oLwTDu(AQFe?h{c7F4BJJ+y4@~@!r+0o&JbEQT@M(m!eOzYUChgGJ@ddeVmA54Zb(e2% zo>^O@y>U;{Z)=TH;x9WT@~3iZbMyN2j7h#}u|049;D%lLot7`$8EfRJo7_;cBsQvl zxOUu|bsc8q%53hJKCiJ~@cfV7F=)7-^Y~C>*>90gw03TI)pbj!BD>mkDMmWci|a>f zFFG;yjQ&a|3y-`WyH^)}PSMF5tM&5tj0v}{TWc+-j$Y4uTo&hD9i*6(JO37D`&qBk z>h%^o2K~COciv1LhK}H@{_V}C%ikE*#ORy6wd)mWO20fo(Yb8*qgU+1>Vtkb^E zTU9Yqq$AOuUjC{0{$a_=uJU)*QANW$_Ypsw7`kyx+%{&$ZLf`c=jg=MBS-T~a+9a0 zec=>e|H7|2xzw_!4kLl{{OR))Xylj$M-|<;2(B?_3_XGh$BJIK{BcC0gvtmm4-1AJ(XFTG{pVoLKE$cBSIC zR|+Ffj$ z)5sswua8=iZTw~S=>4C(XWu;tpYOixL&soaEn}@oSC6dH*nD~3^VloF&%Cu=vanny z2F;h=T|U##H6(*)T5ns^zd!b>{>>e&(ORR+r9F2Ct=;i#Z_?cvGsMTuCp@mS_}E|a zV!AM9)w~Mlob4O#rZ~qxG#iyaYu>DwawuQ?)5$&#}2Vo`P7uSIiem}_RqT_C>f(OnCl zn=f{ycmu%0h#8f5x^epkk!Bt2eiVydb78GdpM&cH zQ@fi4FSA^lzgF&c-tF>c=xmwhq+d`)cR!l>XK>HL zCx2wh=Q2t@KHU(<>y}%8R?n^;eZR{6!20XLgHzUDGcREzO9U3PH;T`Sg1Z$|Y`7Pl zr`cCmt5fXm8)Lrozu#e7;QhR0+aUTogD$cfP{u9z!sXFWBt_{hyy;>BX^iLquivkU&Xq2pwjrc0_OlO?}=#qV>J;1kmS z`H?kqu+Nc0tDgDocag8TMh;P0(;PW>0S0^28=#<=uLLcpd#bi@F5$F=dCEd zj&$uaS&^^5a_Q)?I*bJ8Ejh(jgRZBND&t)(Yq{H)_+{+iAxp-{W<2 za+tYJE9u;jKTCrwPuJRn+Z5f&yZGl7Y0}7=zBMs+duRTddftA-oR5`K|ph z!qt2Q>&3YWVHU&E<#Xa)@O0!^{nf5Vx{M2|{M_aAzJ83i@df(7F0C4fw?FGo??rc* z%=6Drmg+DZR+MLM(b^+>uV3@#2moxii_H#-5-Y31z&4eVLElR~3z zJzA}$(5zVSMYJXD<%uHg9tnZlVvQ0tUqrdQ@vYu+CQ$(%?`ZqWxqSV#$G6b30;}0m zk~{TudD-vjHO04+EJxc`+jimkn1QZ+yyuOL4NBmYX=lrK zZAmV2Jm8?|GGqbgW8~{{<9Rt}%io!VSkZQd{Ze~n_7_K^$4|UVqV6)L4O!4D-N9Vs zd{nsMzV3kIw=R`V7ROB=@$t_7!&A#=Dp*=yysh44`-Fv#9g)DezGRP6&k%O+8Gub$ zkC{+SpYo7{Irbr4N9z=K{k*yt%P^~8@$$Rq_|$&*SV)NftdG^%_1LCyXyx77u5;c< zxg(`E>9ixm_fD_B-eqITj1Nx+%+=dJg1&mGR+7`|%BRm$B+CZrocJa4`aG{#zo*#! z?b2Y2!mO@7^Me9+-+ej#-CIeVooV-F_6DhRw|!BLW*IkX%^sQt_bYmqrxo0O!<{)} zyn`)jfWkGq>w9+$vq{<4@9C}So#>aRXu3Fj-j$P^w!QLMRiBHSwQh9@>yee7)s5!w zaqsXftC}sRyF7V&?8Cb!hrn?Kcb1;BFbQ6E4y$DJt~hE`z}ple?VOeWO7~ho!RwV; zb=tYukuIMEE=Nc1eYCmnjOazTyqBHZoEmFHXNSD1t3Avw9UQst&gZ=Gc^w6{lV@!W zwa&V;mr*q^sN_|a{`I=Z%u4OfIqRrWZMh+ijY|Py-!C z_d7-_Cfg<1^k7_$+j-NE`KX)qL+Q!|d3`jn*b>Fu7ZaJWH{W!B*f+gnQToGByPDL~ z+O{#$YuRTDKF!Q5K6~rdK~Bo_>)!dj=e#whXFF)RILsgU`a%AA{Y-yh#p>b!n|lN1 zA{O^fzq0FmujgEw^pah6f=y>*uFQ4Qyt_*$V{{fTy0g>fS5}jmqvJd_E}HW(boCcA zrw^Rdx9;!JzEytW*sN!(SNVt@8YHc`R#Z31;ed;#i^K1}McI~{uiWXyu(6uG@xj$u z6FXh4yvqGm`^o~lLHjfY7MK+$FJJF7`>fdjOgM0E=emSHEX+9@MA`Rma>n^N{P%Nk zNKNpo(p;(`tF2>b?a0?(veb3XvvEGi$XdYRb%ri*;IvNOc$2p)&h6_rK4y=zwntv# zL~vY>$Y1E@&z`Naggbm(G?Y%Ko1g5Jjzb%|PAh5Y(xvCxdFA!!-o5+!V45$TPN(;D z)pT)ia3BKimM&fDYO2HN-o1N5#~raoKfQAO7Y)a0RY1?eH&f|(gvVXB<|LPJAC z!`X3)!@dc@^Z(a}S^oR|@UPkVui0`4Bd)_@Mf{C~FU@}6Isav0ZrVKmi=~Z~#ee6& z{*9li!#PCi{xDF&g8(W?FGgdk@_cjDPxrFKY6-xov)>$mKJjn<=ma$KWG;+II89F_ zlWhW_Py`E@h@b!l@#H8hivUmv#1IL_02B~_$xuWh6yYz)OjLXz0+FjSU*iubfG8wt z&{X-(VT?#{1xolFz!;H25)2aoC@A3r%n&FXurN2q5tKzpAr9USED_QGKm>9j5eH}; zQ5paUQA94~0CX=Uwo2a8X*9#e)3JcF7!*QH8BQ^l_@d5d>IT53obtvX)hT=jgck~- z04%0bXHhufMX1DPfD$N44HrQ~5GbJm02YEMf-pH(DHcJnfCDJ6`Bc)<9BaG{wK_!N z6?H;j2`p39QMRluID7(O78jPtP%wf8BWzG4g(VQjf@Nl|ygyByTHfbzsgE=lz)(k>UeyY zed=hmWE=s+LoO0|K|B1wh|EB*PKr|RH6_L|T#8^207|9Q%;5?~Kqz3N-U@^QOeJJ` zD{7V^vTdM#2E_n?QrSmU^}emKNv4D#m<;nb4Qw_J!eJ>3ZgoI9DX$ZeA>>@!G$#mg zJDFPgRgy2tJ4mQJyUp-aaZ3ps7hiG=wJNFPFm9zgTb(z_iwDR`00yC9WTuL*br@M% z**aeO@ALrPt9Vb+n+c&Eb$vujvM{m<7LH$&QP((xNdj8aPgG@sxJDu&iCo+oc1^Su zMH(=TY_}2fCfp`2CmuTVE7Y`^QHWGcDCzbhIc`rmd(g>e;_4#=l~IpP3I96BL~7-n zJ(}>YCBHmSBn;+5fR_xE!92j(gS@vvB7lW*6e2IFAQ z8#%#KmT!d-By|Kk$aa8W^|=%;82mjJ;gAIgO2JY$zsT?ZFvswfp<0_>G6cmfitpM9 zQrw8bWRQdhu`qZ}Q@OG-odkb-!KbP&1HurITnqs?khZPCJR0jxC+m8V2((ahN)EI_ zA-zqMwNS+ZSOhW2JYs*3KuR-zn>=N2P@1^~eQL^-(3j1yBi=~_nCfpKf(Y>vN)}MB zK?TOdEa=~37|l=}pC1zui2!54Er(pQ&i-cejkDH7FKT`UC}rPdI-KZ5&Gi5|tu&6F zZ}qYr!Kb#85&}AaGSIDseN1FE{f6N?(F?#U0;&w2t)h<}^2@rmn9`w#RgPV!~-joboHK>3=p=G{Z@R@&+j7 z4PZZ_eo4hoHO=D6d7-UXgH2_eDdc^lvngbh6T$=nBH?&x$(Ck_ldY>&}IfG*HGhmJX~J_&JJJYgO{oU$toaK1?K->Vh0a}2!?>7pTiIrs1J~(wi&@hQgCMpHGICyA0iDoETKlwKgSwF090UJ z7Jp6E5LMf#VnD?=yoBR@yZ|qYZ>tun%s--1lvZ)uiAEtI=~r&ccxg(WCsFl#1d zFG>7CElHt2-p4CwyuH1nmsgOBqhFA-!`J9+QSg6B>kq3yH6pwm?L8f*snPP)u5GpS z|B~#VpynvjzNg-(V*iv{Q<6?IBy4gnh<#dgf;%@0b-Z}LHW)6{;hfZ8!-f=R4sMizEmC3*M0kHP@1&; zO_J4nxn=*@DQ|548nrFGQ);xDn@)niL+w|+H(%e1Qz!Fl9;%;66*(O2MIeT?p(mXM zfLy|d1jJ?W2ntB#A`t_SV-QAMz@dyT@KS@yQUw&q5Tblj@`-{xRr3@R99jWHxHp>! z``=>&3X#{KU@TnbAWVj_cv5*YCYYO=ioYY$)CFPyPbvo}NNw(6XR5Bfhd1C!*8L~w z5<}vaJL^`arfzT>X(IvrW%As}>OY@C5iEvV?KiXU5QcXaQMt{u;9ca3*ZBG9x7s~s zlfKtERHytH8B|yN5G73_jwmhL(x=^6y`@V#Tn3>MP^79&U<#NtR$&0*2;v_E1$iO} z*DYcUn=KmF=1oXPWgDt_fO2<#e@grs^{Oq9<__|vq!OB<6}1w`B$2FVEBD@R2PKm>td5V2WK?9xaPR0cp|sVw5_MpjF{d3(0a zlK2kWTBR08?T5)#ZvOuW5l)Q(1OE&q)a6w_Mv0W#lx`~(9%Li`3M zg*R2_pX-Z8d+-PQL(Lp*VT^vgR~pOwZF;^NQcHg1yOS#D`>{t}A&5d%OSQ>N1k_+^ zyI(}H@ycTMO^UTO=(G9us1h25EB!mmiYBWr6c&SMMB9uqtFIVkO*T$RfPe(yLqBe! zHQ7j|AWgv`wQjKe1*(2z&i^i5KVqJJm$Vkf+V`lN1%`p{QW?ey7dKx+mh!g z)f!c8R#gOHe@joPlkykUlsW}%)l$uRSCPyKRsN;`=q24ILcz~!(0-@~j_V!Fu zQyX(j>i~K{R6t-rl=0WYv|5k>m^dKBm4W2p(qVMk|N02r|F3_|O1Yc!-!y{Y?V^>hKf?uw~h>ENFaK2w^e~fQ5kOR@NLFo+-rRjkL1m zjpUCs6_|3Zcow#n7S`rw);5+lwzgbLGfN0GwH#>!f!3y07LYB^(%Q~i*%QUr^W@^qcH{+O&WLaBT+L)PISXj^aPq%#c_pR|C0sfpb;NKhn z=4Q>$e_L6bn*KNb|BYYM@sAr!t!RK2Lz>*o{Xw+=06av(he=zimHqVpH7ovq`D-@* z!$6T7!k8iu6+-{o__sDQZ9e`jE&rSU|COIw|Kr1-a<_1(5l$`f$VWiAu2($+)Pjuz z(5;mVJz|_o<@g#(`GQ;^wo=K=v}G+@@`ZA3rmPh%#_(2zbk%b>UYK~s*I-JF8xJLO z0E_>JsQ5q7|7zo34Dn&P_-84A?~Z>{>lX9B<$v@4zw-N80t$gyo%$@*IZ z$FkYLvHs@pH~)W!i2oD)uQvWMF(?xKd-H$G@o#DK-}wJme*e?)|Mls%Z9~WMo8#Z? z{~aR!PxL=N{>cR#yK!~Kw#VQ6Jyr0X@o#2kZrN=7+gO|0{5SspjUOn5rz_X?VP-T? zDpft2nXznGrnDwoAcQnD3)W=-paej;vml;~i9%$07xg$CF(?6rgi8q^&z;i%z{K6t zVS=02FfuU$C;=d`Gz7$83_v6R6fT1#7|ex5uq=XzbweZoCIcmW5anY`9wL^CU{Jz? zShNsC3^lqR6bgk}5IYM&g=`wk!|_&@Q1?uL7zW8OHYNjkp-n^{77NuLnM47mnVD(0 znVAhsDiP8`p$G+n@(G8jnxmxgfyPvkPh$e)H%d9-+@Uc69+}mICI(?DF&Y645`(aa z1MrmD(y(!A7~{H*aL!Did@7CQAwCN8#_=Hx2Peh{wS*-=RTY|iptbPus5B%~#V8>x z3z2ixJvhpLnPk>3rds`G-l6}sO#k<5`|rE@pR@@7)&%fv{cmYu+1&qYZfa^}`Jev( zH-3hOz$6jE1w~D=Mgme01;vmILNS`5A>bi`Kn!945<~_8vJg;4X3JE-A`yUuK`09I zAtFw>d1VFwOL!tVAC?FKbx$*+F+mO=kRgB^BkK!ER0x^F8@89DC_Zn1VIV9b4nzsR zi7b^q&l3{Dm<%Q7jur{^3=L@{6vE(DNje9JjG`F=KvNJLKpdg`n>ebfDxn6FL%an5 zrdnYaC_*ix68>HNI1Ub0{rn3JrJj}Ufy!)zhK2wN2^wcJTtibi6mdn3s#LYw z_?3Y|jE&PwfZ`DQc}mi#x-imgm#-xl8UV;Zq0%N`@*yq^N|@1jq$UIO8gCsIz5}b++95y>t&V^73B!e&(jIj9#4`a(Q2xSW8Fdt$Q4Pb0TDGD*A za*+s@2$|$N0un9)DpWaudQ)UeWV|aV5=8)*l0*prq9_;vAc7X6z@oT8J^^AmCIh&H z4J0REkU6;d04yN{9-oRaDTtdgP3gi~Crk!np%_~=c$iXz&r}%;Y@8C3IHnYZ!$29t zRCYF7Nv$D4uS#(77vB zOrl|oZHR+sA`&JS#6p-VxI}aeS1we>RO6$_iwIM}5trfw5`8%gA8CffpY9YqPO}zqm~Cv01g3o51RxHRNNn3^Dyr*2 z{4;qf(E~!oFoqE^+PL{H5t6DFQAo)An)m~CYEXHQQH(F3r3fq`dfihl8IO5m5Xuo? zlTbu1#hY&loCW~YPF`d5x=QDKP3yF-cN)cjQafDISjL~fqiTM-viX_nh8luRRSt=t zvZcSEZvMK$`R7%RisBY(=X;8W)EP}A98e|Ewnro~D4f#JQxF-%A&BFJAPR{9Z9tO0 zQl^OvN&-a0$L$0R;3E=BQ;{$z5G+(F-6SwvFG&#c)D;&JA&Qp6i1i&1J|U0h{@yEEMABh z;WsUzoHLt&p%j`*Edr*5iuWc!0-%V9c$7f^#tVV?auI|w0Ei`I0d(8~45hPL*l}MS zbs!&Cg}ClxQVs*Pfhd-XWUy2OF;(r5hMr+#!}v(z&|EE0hM!i)#0EdadFvybxh>^~6%Fx3iB)kw5ksxyNLIjwI z)rB|!B4GfCK)?V{NQ}s!AW$k5MW~(>C@dq#lnCJw`B0j7Rx9o~qQ^$Etl6ksB7?;c zlk6X+0u-@AWMYxwByW4B&v;j+tK)P>R~+p|8_M~Z~|G)E3@-||2SuI;!GFs3Pg zX#n1US0j){#+#BbJR5-mRK{Zf=dbb|E&(iD#VEBgK?g2dN;RO47a+xr3z#rE)SwXR z01!t6slB6ynrg*Ks2r8t048z_;sXkNN(*l6JLRFzV5NdreG4AeVvPQXE0N6=AzU_j zg9h8valC_@BTLLTBu9fp$OM^6zbcb3x)2Fd0Hc_UiOMB_3BC%EATnt1Fq)y7VNFqo zDUWt?n$wJf0!)bcOfH2`;t{uIU=bvQFx+xfo{Yum{fB9#GHEeoArKQq5E)b17fpzz zwd{;Wmu_?VRKxy%hb}QMwM;P6qAOH_N18Bds+C9$ZD^=^McRrSWL=%!Q7)2z+{)F;?12K>;Wn z6iY=AhwObB3OY){h=;~-)rs!ze*yl11U9PKTrJZ!Wh{{5 zM6`!ha22A5esgN^@Cla-v~%#*1WKcE;A z*%NMS-1x?UMbfbl5QX>?ES#k+1yKYO`wnth2qcjyt*Wnz zC$ajGkQ?JtVNeJcWKm5jeNh~MPabZsxZObxcnX=6-0Wsf-oE}x0 zl<*9EYj~5E^R$+mNneq8GVx6d5^07_L8~y}dcaYPXQHi!hy!a_K}Tx$OcFdWS0!V)$XqI?1ILJ)xNfB+aGhGZeIM98AI#?v+s z`_;Z~f@5=>n=zldZ=@}40w%ah!{xQnzlH%AB*9>u;p!U|!zLjh2P5E~O} z2muKC6%3oBP8q08Cgo<+uWDIA$hFe+l_3BW4)NqNYE!kDz)>#LSckYUh{=<01MKa=ISusqlLntiTJoAwC4IiMO0cK z@?r<-L5iTtbU{)S62RfgLUKXl1FqB@rYIj^3BSpM%4xzOfP*M6BnXtrP*rop8v%@u zW#v0w2!vauWFA-%roMP+vN|DsK252l-f~F4fCqx%dQiPMm7I+{aILx>iSQHglusOB z3L=4246w4aFsC)$rzM;o)KyB9Yf5P!Ho2{c*r-#MQ%3=7PbQ({i|UC8`Klyh1PMi5$oN+`zy9B~?n zoe;uQRBo}clx?YjAR+-8_dT0)M4buv@PU;_+z|;rZhj(Dl#mINhskZc502ta(>tw{ zJZgFmoia@Zrp{T6g$Z&87hZ}zlaTK00bnE0+5NN z0_9E-{tbo1NEqduC;aS<-K!eh&9@&KLmC>}2qrdw02><{ps~Mjle6jlwbXba>;y7( zBmiRoED<6o#K*Z2+;S63MHGwy!NgP$ti+6Hl-y8iiezhEoK|uMQ|b4~ARS`|8-LG`|B=R&#HM~rivLRccCU^ONXHc`tNJPaW2 zYgT0mW&jeTMN`D~C;(%m9|wbE41gDcAk^i|jroUFtwJaZ08E5ZbG($+@Dmm+ z8E}U)hvi9ys30i7B0{(u^{mpJN|2$PLh$B^l^wq5yypawGjIe#P$H`cHzSU z0fefer<#YdVX7fXfbjrjA+7og)$qXNT-BmRxwqdq`bo_oLsYoHIN@RH4n?eSXCIM3 zfX8%#XR2)zaS(TW;VnOsN)GO4Uif2%>f zC1vL@r6>f6rPOvP-o6*bJIan$l1M$OAw;<0snl3XtGlHgE=BmR>LsKIe|*bA6gEv} zE|Nw^l~Z0VSWfwgP@Log`Cr0?@2o!KW0bfy?l$ldrph0p{H6?c1GsW5f{TPVzNf-) zIDo$~A2DVC#;Ur;fq0{>wMgtwkn>REDyQY(nywbFr;2AK;E`X54KXE~+Xk#PFijx< z7|e%wAc`rS$5Mo^nopYT*br}&^VE`()SbbK9!(+GJ=MaSEIELm}BbL@bpPamkb~j0jR}axT2- znQ-ONZgVSZH!5+JRE|HIifJ^;Pe*kEWk!&fH7R5E@Kwqb^hQ*rjSZS5iBzNm|AQTRTzY05*JpC z+&CdZr4bZgQ<2c9-A+P%s0F=Iq*800MxjTW#MlrX7kpK$GKLTdg$2HvW~i4XVB_GV zge@k4c%&CjfFfeTr%SSl1Y^=1S%44WOI2lr8!8*t=)Dz*5QQ?CztV$3K!F7S6fPCP zJeY_pCt}|*rDDaAC%iNgp_+>#GKyju#TO5R*fjxV0Ej}WKzj8KHpUtQ>l;^_L=`b8 z z>Wz#PqVAp{#=Hm)gCzJk!$k*$Kt4=7Nl}CgwP~5(*1%_FLrhg8OtKNSp;~3)%`lp> zum}F!nyZXT{p|pWzzFp{JOGe3-Pbe2-{De=$YrXRRx|(*fUro8LeoM}2n#_(d=6ku zcwq=3R(oqkqp2|dF?6i{8El$#s2Gx=Fb~6}073BufT1Ccde?d=xmsota*|Zr_-k!< zuc<{xr4W&#gwX`a2{FKUD2P|1D=(>PS%lgU9cgB3Ll$Vhhor*84UxdquxbT;KyCZ2 ziBYKxS0_dQ2N07`8tp-1Pb&;p(iW!FsV9KMdm7mrc;8TZ$DRye^H5RXDJNAL7g9P} z|F*l7tkx!f=~qMJcnAt17`u_vOr^dsBxCTDT}=jUEAL^EHlgds8Lh@<>Owz~6&OTJ zRI}umOi3#SpmGteprs^XARm+xI$DgglL$5;!U0sL!rZ`62*7Z`#%B;jg2_-2rsf#} zl+qlaV%XFoc9a6tc)|=X&rv?%sudJLxEMOgg^*g{yDKPcEJWy2lmkeGL27~RK_XBX zNx`?HM@BXt%%rz+kdh9tfT$=YH4N!d02{EdHZ}eK*n8LRHf|&VbU*V~V5#gzazs*; zUkP_Tdud5=bVic3lI-jpCszc!K@#I;qXVENGnVgfzXt`N8~q}iH1+UAeP&{@8;?Sv zP$(4Yf&OM<1DTFSibHp&?yDf#J{*x*kSoIB{G~Q>s+}B??}gQw)XPLrajoC3#x4`bjm@O`Hu`?=?a9f(-o^J@=pt9y0pwE9 zKb>k@=-}x50PUcIlYIq&`ig!&dwX0_9f6|^2iH@8I%HB2&F1%Zh3|a7jglW-^~0j| zdq{?;u`tbI$~nn9Z`2bD&=xe0`mYa;nz@hJ)D_my-Fn6Pr zhd#p^YZhG;lW$HdI%N>FqTf>)z=u9~qQ-*o^y7%}Y13g7U$*mISwrZhx=Jc7?kF`J zD(k^Pi7sA53%rL!QSO^+D07gOrj5@Qc3{uE=OpwAhb{u@J80D)!MkG`HhZXB_62`x z!p2zg?OjNvYS#^g`laFiYw?#TJ?daD8TFYl<3(pl^`wv^fT*H#ZV*amci~hewJWA8 z2lTwQ;G4c(D7>Ff0Q2T`@!V#SnN6%$ESMpLovP134ZAzfeyk{9N#fWc36v5-Qre5+ zd&Gs4I`JzJu~SvRB4V1uL!<2Pszs9=((5dnGU|4gQhMOuClb>@EM`|mKC4;+CY5jn z%QClPPREt(D#gRL!zHI^_wKIX_~V`j-Wwc zQk^=pW-Wl5OH6vfjQDHzn^h*T3NiVKg&<9-RY10pJa=A80J24!j8*vEF~U-=Qh6&- zgYvT@YN-EzxxKT=LiyinD@5ny?Zv@)TYi$u_Ay`n@9sQ*v0IS;yN~g|@8o&%#6)*R zLooS<3-9X*4Ty=ThPgykpdm3aTmv>EK6>(`(QqAmahTpa6CYhstnCDV(QNAo zXK2KNfL*Ij_D{63PhVJHQ#qlbzM?S3B4DMCYHH5gpFbz}Iql?XR(%jxUfZU)hQ7jV0w;`++L+ThCVL5r#{M`1j#Lh62 z=m1H;nlDXs1HPayo}pIDCm!?3RtCqF2&jU|`uA#x=Aq{yA!aT<6cP*xCRc}vrkBV0 z#cZwo^r-F7RJoc<#n|AqT6~IHEh%THMb$5&__loY{Rz1u{QG(sYUyj1%C6z7MN*4| zSFf6$(5JMSTAiEUeapmOUT;SoElTF;O-x#WQ$rY zGYP2GLXr3*K&=*pbf|gt*m?&Tt!5OejE{0mvKX1j(CFL(0Cu3u+5+xSq8dAj;)S;| zDLT;TISoCMv+twAs;~>jcG{?Jl_|6iSJ>KdrK=7Mwld*L^lp*oR+S4?+k(YXShG&k zLMHG)VHJyBvd<&|6`IyLyqVz9-v5Jxw1UK8cqec74=xW+b8HR_#cQtNEc2q0OvQ(t z-`hfB8H+adeXe8>cxQfmX>JujIDLC|kpp6t?nOjAAU){MnznvvCSGMVXMW2{4|Ie! zbGYjYZ;Ozb3Udh_2-Em!Z-%3k;{;W114rlgF8v5iDvJ1_%8*5Wz&%Cn*v)fkx zF|*nHVwYcS>Ry$&QxsYHu5tW$_;jBb0WRRMmMGNVS|i4;=WHL z@g(ulrh~vd2!?!$5PbQvmDnz(Hs%ym6GCzpj)NKEM9C>SpqFF_UomRqi1HK?foO;@ zia7IQ9r)1k6>m3wpy7xm1|L52vgyoI57N$rUAH9bKyWUIJkT<|v{WxGr(|Y2?_1-O zeU{MwT~0_45iZ&?S}qmTeEr|k-R|>T{?Far-R{#z{oh?YpFek=pes7NlF4=fOR!^qG?70r?JhUj;Up|mk_f!BHq?~ z%%r=k9gwsC0903%LAIYQ0< z5Uu}ETU@3!-S0AFQvLV0NIlxsyo88WpVse^Bt%Z_&Be2@wU}xbXwWNWJO!w!hui!b zB68bXm2Nb#oDmswt?k57#972C5JQqrRXcKOHBqEhO7odyR{NB+lVJ^lOs@#vW79}c zQS)!Fy6tDJoo)2r-S*4YP7}5FaD*XoDkY+=2+*|BenX`NOtsfENmf}XI#=Bxk+|E; zoIi3s{l80hkOs7CfBX^bWv^@(l}I%!P~SQwfiX?`JA?&-Yy@Vl=u)6xn~zy2*sNqJ z?$XeI+i~20dxSb9HGgQL=4DONtD+Nq*IZ2R2d>%k24M8k$r|NOLPE7p^WwD0e(039 z0(Mo6L;z3fD5<+pFn1V8IOi`Un4;Zww~Is^fjUetj3lmvjs zM2|wkV-eYI3}cB*<39l{?6$i*$Y(@^-%HyWqH-GvhOP-XF+ohmX%y&`!@yqYs0DN# zurc-8jea1Qb#?t-g0m||>YNY&>02fq;6G>9o6PvfKr*Aym|~}M=CC%Cpfb4+Ecw{Z zCaL_AT7qQBv-2OK2NXK5c7AeU;#yAk2`8N2NtUPYZRSlf|bFW?floNh~{6mqT+|#VS0P!B>ju%7V9sYkNIE7r*Hp z{*sjIC>NKa+@xOR*ykuR=c1tw&DFw*J5@{K$EgbG5tpSmsI(9>c>q`3UASDZm$-7} z++iDyJw(y2HDtHK!r|KcfGAUXiJ@8-*CeCSykRH)gUhZ6M@zocib(1$=H;29)$66$ zVx5DY5#Up)T_@>GOj?cgYLwdS&c$OfP;gyAzoO<+qJMQ83l9TTRUeNBkH>?1KOU5y zw5=g_%@emNzHmV%Dzau0>L8tvOe0IJ&3w(u6`6FelUY~w{kSk67v}vf%r|+PS#6Oz zUuoxBt=1AVvUwp<>9Cq;Q$|7kM!wss6ghGw%h8zYZ$ayoZIoU9J9ZgcOE5-q!l|Z9c+2(vC_+j z3^i2LE2D~>+B#EnJ@jEwRh|)TDV({v(-z^bG|$>%)RkAOfjL|8Hc@CoSI|E->TH^_ zWl)$+FjkJb@+4%7aaU2V2J%$RmKn~SpvBXIq)zoTs`Ka1+E(y$YFp;+sf_0?@0{pi6~~0K5>;pYX!%ilVj=|-frh?lC8O_6?gmv zt%q7^)zwU^!_^)|L~ZUqLV)Nj}M@I=6lKGMB@q&F3ax&LVOs zl2B8qZ6h9MFarli{iSVsMfpWsQf1TBxj~Zs15bmk^4djlW*I9}CxhPtrK(e~o`vau zciY`(OBsG9REe56imY|%?mW}nq+}h#TLl^o2*N>tt}zcGlNAkN^E1b~DG`d&bnYup z6&zu@z(_RjOqJZUn8pO^y@Et1g-xeu%W)1%%I5VEzlHDnNAC{K(fj_<;eP+(@a;+Ow-BxZY?T|p zW{sJ8Z$@kKWhhbQG{FUGp~DeU7-+{lP{(bs?UfS(!CsKh!tbS#Iwr*AEy-jqQ+1b^ z(rRow)bEB*0obf{IwXBIQB$UooMlVJJlNW*{;X5dZ)x|q6u@3G{B7iv1FrB779$Tr z%7bIhkjV)e*y00#bKuk&Ad_-MfK>vW8t-Kj+b6PV(@`AKKVpKe@yvu2FoCL$_WP&0 z$}xi^HzTH+w0>~c*VnE#pYgFtYo??BcW^8xEr4etr$HrM+_$&WmU47;pN0{L2t$KIKBPl;4p7A5G<#9=hr_KGM+drCRyMlt}DjiF*x{>W^y0 zU~#)_WK)6QD5`EJZ3D`}QmQU(oKlkFT)R~D3SRn-N(Bl|2&WPP^1CI^Om+dq%sam4)AZB(rUsgT%3Sf%8GF z<{`|0Y6jgP5#o=;(*}sI+}tK*I>l5dSWNG8@aC3V3TK6-VbGN}s8KbqM$*l*!pI(` zJNn~u$IlY`f9~$QRa+idu>W^=pXK9!K7ana`?&w##p9fNsssQv&uzc+qCajlP3iZ4Mv* z{28JE>+k5x7Xa})+dYxy!wnj~ct%1m4{VX6FW%7VkldH0Ho8`Jr^^taX-8ksfDOZ( zX8y%?r6u^kP4c+39&iEw-+A%kX^#It>%Mr@|J}(`a_?b{yzJFS{(UB$=UQ2|V<&5P z&o|4a?SM71tc@?M7!8(THgj=X&Pmrg|0}G2apf&{1F%s3E9C!py3>7>|L)|;8NlS% ze%0zW6u-JSmS!LRW|w#_<#+X>w%++p@tkH>M8s1V&{_W-oo>Df8}JupG7mU;JW4BM zLuYSQ7ItGgAD$WxoOw4FxU%XF-$D>j!OXNZ>YYd#ImDnIRjP-6>i+oBypWiWi9ChZ zx$=SpL@}@B$)}ngYylRK9?~)A{uL!Z{Vc)%v$5=!*Z~&Z|2}<|kN^7g*^6h7{QoYV z9RDv(lcA_yv;9ogi_FeYx#}vT8p29kb^rL5_YKSJBj%rH*w++GZ*t@eYq^2dhSfyt z*L`fDeh{#0M8hGAL*Gd+B@Cl>xOV!Y8Y;(}KVvUjGt)|1Z^YR&+iebC_9?+zYKFN) z-jyC|Lgtl5*2K1Yd3=fj>QR}*(iaxKtfg)efj3epiK}S{$=;Pf7=8iViA{ic=O+$v6$iZI5xn1f)+$4v?prMpl;t3Yy&t zC_^XTNyA~urEZ1auy9cqAK2GPjB%j%fJz;B-f~DwFLk?7oWi(qjya2?-05#VR=;y3 z8`X|39|dUBg1LphLpLZip#J!;udZMFvjqRw5o5%%*1wDS|BDyT3;92GANl{CJo6lx zvtfSP)z`DS$Y1g>r!{tOBm7595~Y91raC7$^D4P`U9;I@Cfi<>r*=v3>vrkIZ9#FD zcDAsOT20qUr|k6VlvxZxc|_z|1GUSc(hn%}a!5n}()O^GhglWL0$W{qF>JTwMza+E z2kOV3$Kp_~PyXL|Ubz2#`uxRX{`Wh1K9?jgHWS@96J4GxH&;mKfLU-|WC~|Cif@+l zuW(S&OZmR1Jo7BS{>{N|ed~XBcQ-HpJ$=!AT>p3StZ@D}bZ~6wV72rAd8Uza(Q!dI zv{GTB0?7Ht|E22wYv>6|l-m`db$!c0to#4-BokzMxaWVwqOXysiUKMLQX&O70vItv_5USfzQZGA(f7di@sf zryjL6_w+2Y|EIx2T5xAmR~0mW|9{%ud0DXkeD-MnbvIAFvv{4G{;JqA?bLkW+!Q%4 zRTedCUe*HbHNWM}x1c?TA+>|$H1QR!xK?I!t<)Cj_!avH&`*{z?3)nm2Slh1+7Oe- z>}f8A0l;Ub)E)0Qg-hw|WwdSHz~K-pLQ88m)f42d+Lyg#Uy^8-zL8%_a?Inaf)pd> zFSuPQyRs>7sGlcmK;lBu&UXL;mm%*G$xV0@;>Q8ut|g!n(VW+sQ&rVy7NxPz75V#% zVU``hUsOt$8YLm~NzvTIeOqQ_Qc^dIs(J#h;WVQW4XJc8Vc0j-T_<%`?^d#a@H{0r zFRMFuYp&A2Bz#IkXy6UU9yukPGXI=-Ec9Ji<`v5@!x|J>tR5f zwLH^%B)DBdxt7{M9Ro1ne$^XVWpcEf=~===wdGuflIMk(*2T+h(+WbdU@`ZI$d*c8 z_jI(!EXPSJr3MN$EcTF%PMtN%YoX4Nh8;1 z+akn~m@wJQybhRXEzj98Qc%Bq z=`FLfWWdNTjD;U^jBsfVR%}%hXzL8UeEAY}d~($hlW850Zhy8bxAdw>oKpdzq`L+D zbKXoZVr;s#W3}3HCdW(jD7(9qtn_3x_v)4MIv)X zRZ51X!p>q*x=i#jN3|#~JeQTtAGE#-n21vbv}I#hr{xQuvI6U(>V^Kjf*`fnCb9HX zj}{9uHN_V9Oj(dp(qm-__U=|ZS@!6GR%1P1!)Qo&m6x9M)V@BvIO!iBUhW^fe)lG~ z!XO}#nMEFAJ~PfBs5!!cAo;8lJ{iX2D$fSn-|5@)i#KNn=l^?j`Tp(EyW@k){ll~J zew#IzRdZ1%r*F?LE>GSazdo4L%L1pJ<~$Zwi;X6Lz1i`2;U0vpzC3=re^7ynM2%dtsdwj9Sgm1(R-Phd9;#zOtcBpuG+0Pt8BkCA z=jXq^J=?$h`S7S}_*EHFjFoR^f$?3DOv=Q@T2Ph&_;beh%RU;mzmwS+85O@SQp>s- zMN9mb)bo+ddW*~sSE9+iqj%>Q2WOZ4)6>h7{&B^mRH(^ul>D9D*D5+Y?n7U{ygk2| z!{nCP;;K7Y$Z{$zQ8mMvzZh=Sg0|4xs!K2ZW4-IHVAs3iqAS4nfLB~$%yk9r#q#&k z)4Jx_{K`rE2Ij8zl;zwu-2qE4YNc)F&*N5ZKV8lR85OA^pjRZx?^Z6hW{PB?C7;qO zq!hRk#T}|t-XWvFE4-ZNl2Obpmv8VJ$u(Ct=qkn2ItH~S2#ZX{M8(`E0iKmz@nq?& zq;$T)sPeWb+f-D3SEL`Qjl&kVk}a5TM#P>+gt(Y+A|@>G=QNZrnr~`^X%KT#r>T6= ze5oG(y~9_^YL%M56l+%Nev1Z7c{l|1iHGflLHYKz zFr{OzDJP#J+M46puOZaT)#0o4d1^g=su^XLZ>Q&?70ym2^ZX61hWYp_ECkQi%OY_8 zu`}EA@z>(-w)p5$Jai>QxFD>8kXk!-#cmBL4EJe1VifUdJnf-lGG%<0T@>_Bazv+8 z_E7f?tpT0uNxEQ1uh`8K7}4jY(2?haB42nB>lAsuRN8qQ`B;*3$+0BknMPzGx@WeK z6WlYKWcZBeNDR$+6%%y;XF)*2@jEEeLtz{Q4K$aZS5AOtuzLZf(+lecVqLQGCef%k zO$B3Kx1)lYx_&Yiy)I@Kq#CgWb;1!Fq`owh@BFK2*Ekp<45x=<=I6H=4NmF6(kfZt zw5L^>#=C@U)7#t3k@b(5i2O;yBy_G8OX;7b2HX`Ilx!yYvb6kx}>X z?B&ayLi~sB?qmGdJ9+NJv#T=RKLl6)7m5Z{vgesGroLTSDZ>#ao~2(i@o37Lo9pC- zvYs&2?XTU>tNYL;pZj+(GXcdPJ3 zy1#GS3(erBh8tShsj94Y9i&x(F~=2cPWO&8+Ui{|bVr*5K-M8`1sEPZ(rSWpj~;1@ z!F2qx3}HO_q&@niEx6(SrhU?uz0!MhN_%uldvr>33G~q^?be;rzInTY2WQbyQ>3nN zOG~S`-f45{)H{gP25V&pwZ-)xJ=7jO)b80sZT-$;cj5+@XVVE-hmhjAuf&4|gTFjH zIlS0^ec3;Ib6$z_xg9L$v9!j>W*Ohg734I~gdBudrN!nO>6hB*C+#`b`CD~e z2j=1Ee~&H?PWrEp4la-O`=^UfyE7u1s2Q>pv`lKIdaEr{WifyXvdi;>v-fk@K&ELy z_*Ja~5wxrh-Syg4hwLRz^BV5GUk+;Qy&7(BLdy5rJo03)@I-9^xHzg1Mw;Ccb`$z_ zv37Rw^Wp#1#2Y6g`e|v*z5BU#4vO7iXGir~k9knBAI#Iz+D+y?=3?)-pe-#DMk{rzDJ6@PD4e^3 zTrVXNA|69kJcg=x3{~+Ms^T$J#bc<7$50i{j90qY`po-Cc#DLR&me1COW%ip+wEsD z*%p5U>i_NWpI;mgTwUng<1~^Y^|3AeTqUD;v5;&E{k4QHnj_bYg+eu;E1a@30BY0e zCBSTHsdP1HOX|*t`L7#fVo4p_V|bN+H8ZDgA+ACVYP`cJBd$Hwl3_+FtF9Jj#5A{- zKqL9K>P8yLgOtmS>x{+DS~fu`T5Nu0+g#q3JX3R#1$o6tZp%EXs{K+ksd`3Is?>M( zV266Iz#pD+;-ltah#2K zgLdZpl`p^5T>ai)zkkucJb(M{Z13Rm-PvKKswLtylq1wkj)=Yg@H_t@{zr&l%6#(5 zr$UV$AgOR%F$c%3EeDxvy{U4?a@s#Xzt@YZJTMPf?YK&W=?vY>yQ?e((p5p+o(5_n zW%MQ=M+u=w?_Bw}RjHo!v*^HR+0Ghu8Rbo`dVDNz?JG`^sN`x{}&cay``}LZ78wRr;l00@bdYF$z z4}EC1%;CKKM@;yvr503k8#T?TJJU0Serf)`c(`*ePAV5=;o9V*NJVx|;=n?(CrLdL{L}^@4VZ73;WOFgZqtkKw^`Y@J3ym3dJM_= z7?KmMF%IW4@gJ|eB~nRL@U;uqD2Z+j-0>c>YAh%JEiL-Nvq=7X{wy#5b)PhGJSw^z6Hk7v|+U43`t8ABR`woS>IX&NnbeHRX?c!ao{d<(}9!0xH(e6>SyLZv< zQL@YAExGRve!;U){%cQ2Fs0*=ak6S33*^6@=iTQy`EO^Z`|?r#yNhQ7onk2o4+WA8 z>3K%i6B43fOaq^WV-#WUBOVjcZfu~72^C1h5wHX#CL{>ZIABAaNQs8yZM96Wq*nyY za-H`$^cx!}Bx7xuwy6WN5MSR%|NB-Oy$ypIVj6c9 zHl4B%z27@WKINj(9#h$Y|7!3X?ctxi1OK%zCgYC!kNqjG!cN-I5PKiv2!UZz<4Idw zM~x@#A^zBS(w5Vx@#Oz&Y@qj;Qx*$!xPKrT?TE8~5>GbT)F-&3%W?M4hrZU!o`viG z?4ZAYe9)fytM@T?{qOF)eBRCF|LeZ&K7abS{_o=1KqfTe`Trg@8XwXhzi&>Yj6|=~ zxxT)3{hk;fceW4}2#1Ib)jDYDCC@?}q<&RX9O5yVDk(8xc03RDC^bqOFGhLSTs_7rv-4dA}e z1sXCYh2%IA2&2+zD;d7|w`Hs^)Bd)QPojX$V7geSn*4h_Bs?UN2;F3_)A^XZYE!ml z1xXYOwM)neK_7l0!8Cuj}Qeor|8 zCq_Xf5sgL*rD#Xpc6axOMoSN5x83djfE3}YUr*aRts#;4srr8U9z~p8QFWXq-0se5 z%nF7$^a&4UYKmw$;#f!?dot$4&=*jnoj^cW4*gZyM}?{VL*g~@nph=K?eP16*)AJ_A4iZ@?^@dw63Yq zxIx7yfu!VHS^2Me_KCL6Ry4KdXD+P!1{3q@H*Q+XJxEr`ouu-=7Iv(4yY@F3WP1d)8XF;7$hfg60WB5; zgg*y?*2hU?FqrG$maup0v}1j}%4rAtQyL}+sGy*vi94sDTf&Y}^`0^=^KECa1A?%N z6MGw_KHS%Oa$&s{>^MezdE&W2XX!^^Jms|G+5txQL_O=oPCm(Xd8_#yJ=x0*_fcF} z3B(A82y>3_bCbV8gAczC(5BCb0PiL2`#M+_kjZ z$rj+J1Un${JjCY)4T>s?CD7zxN8)jviY3^Q_(7wK4M59+x=gTv7Ylc$^r5*CD$#r3n;nY&xr9?wlsv%@0ue_)U0%ByZ#4t5~B zkSKYM$JBq8mHFDg-hHj8a0xcPe zFqaeu!3hV3yr^NBWV(k-GWZ8A~TV~LSZIoRUN(58|iJy4Zj zPY5R&h5pAM)rrK$jU0gfcQ7(P%yRY_@RMuCKNhKNEi0>tojLO14LZ!CMb~a+F!4Zy z#I;C+)z~SK59?#+{)I$G8l2LQ`ee8qj^<*gR6eYao%dgDb}Q8b~JG;S#y0#pc^#US$)Sc*vSRMn%~|H`UPL71Xm<3Y{r+iUM({A7HDagw8Y0(Y zjXMdzTzVUEU(Z^kL7U90Rx>wx=$67M zfqa{_G#Hx4Ks7P2>_#Ez{6SDm`m7H-GN>mrrP%2vn7KGQM{hIBR)5yGvcPn{ z7VV_^9jlvR+AL6siNJ@nK*;#i8lmlxNf`@N1s6V@Jy!a~iw>vr;o;lStLDA0Qc@X#r7v z{{g54$8thKX|LYz@L3;rbROb5E9;CgY1fL92VDxWCsUvxdfyCsjo5)y%5|`_f1;#6 z7{6sEl4+6Wfj#TRPLeWu?#i;~`7EJ4L`1CxJ0&5v=AA;#8QrP1a`(6VtmTaEVkZ_0 z4qGMGO%L`lW4l~9sH*yT>?~Yc^K8E!+GDX(gJG1{&tnJT?3nSF9xZOri8+9dbWk2) z*Vu!*MpxMBezoQ_gPmFEO*ji#EcV!RN=vLN)j7*422LbYqABx98});LT@&A2#`VyE zg@bL?#gs{MiK8f(Ilr$tl|=mxn1=&%pT|a{HR*V6zOu0bcEWgio{qePh+Nu9hz2e~ z;aYrxuSf=WZsX{LNzy}m5Z?n02^w>PrM^fF=h5(rXaBWm-Cd~E?3%w%aG6Hq#s<$t zPEj~Iw9z|3MsWZ;J@&6~=n+4&wFx364aax31aHt_I=gh>ToP4)ow_Pz)8mS^?rn1f zfwB`UjG9bhBW-^qvy2gV;_lf>ndy!i}qCQdlkO zlH4Pf`M8?LXI7R@1!nMp`8b|J z5P*mB+zNJn#X&Xm$zVqvSm9g(s!5JRflc@bcHfqGX#Lp9Br2@(m^+I@NvFiFt2FGx zSB&F!o;72~O*2_ZJGRgqG;Qj;M}7F1s?!_e<*`g|Ra#yTb_xkd=gK=^z^IRqPQufb zLAb?7V+U;-Gjk7gG%nCv3oH*6cFJ?GR?<$I-!h52;)X)Wq!i;iSkWf&F5KF@m<5Lq4 zR%5OZ39xdG7+)E=Yr&42k)Vccy%Su`#(#%g1`qGKL4zb3_{ulanLsOxd(6jddAQFF z8a#jYba!Rq$zaC@FkfKRP(nLNI)#VztaW8MDG%oH9XF{#?y}6Zv@$qres0j<^OphI ztYAzF&vzN@WOF4{?pe81CUle_1=tT2Xy9fgxUcPe-LzAcyCLVL+c!=but8x?5H^+! zaET?ZJcS?^KkFFiYNIppe!h-&yb1B+fbjC0`h1Tkj-SfM9|cOPqfI6!)<(hTD(*F! z)_Q0spLT!#eT1>Zvw7dGv%6wJ9iLov#AFITbf9T{pa}34*%Vvol=++D&MCpcUcP*3i7CO)rVh#PE50-@{(xdr+L&;;%k%PsLvIlH1hff(`DC}wbK+mM>jXM^QFFmu2>b-!`GY#KR{`)^d7W!{XBL=Je-FcIEBW;G^~hWHwHfm&K?G$ zZqT6F{Mvia40aZU@w)-`a&E%+?Iq#+9EsVW>i(a#uPp3&M2KVNSDCwL?DU}+Qso{j zZnQLbMzH@Yr;@x4J+kD5dXaYMpNpa)xwLae{)mZ?4-`W;Xz=43x=z|zbP_F|LgBjR zp>5{ym{aKL^%ZtZ+Q*RjF!{}<$F6#tP?wU zG*a^Kg3zHisBg+Wdu z8S5k=u_U875agb*v`*U5gs@nHVX$N9=7A!{z`8!{M9l9m)}7X%orwA30pMos*g0BE zKJ#hk!63%Kx<>49${@IyIvrH13Dp^0movu*$61A7ZvyQ3f#BzBPZAmQfMMieNadal zsa8ftpjf6RC0;fH+k>N|b#7XK9j%@@RwwPMW2l22b7X*n`GdpFtzl>Wg;pLr4-hXF z*7adWP@j0XbU9^u?EAjLg~d>IVHxbK4$(TFwPL51wZV<{#I^b6u;Zqex%E?Q`dD8} z+}pDj1y2q;^Y7E=U?;gwe+ZaCw}c&Uu2shz>?9Q*3VPOa-5201Qd5JmoC*V4zQ6m> zwTOcnJM}ae%d0T%5kqUlPCX6ADk_Y7!_QjwEJHiBG#E>&FvPv0X^pf~PlHikg>k=# zF|e);JM}aeE2%K_hq_rBrSBd3H@=ARRfg?@nzfrpm* zkg%AL5MT2g(+)vn)r`(|cAw9hBC86p{I3<>=mzbbzUv&5DdRI_Ya*`goJ1#}Q~F?B zXK#>(vxf$|&tDwV!L|Y(e(jW+)aL7JPl;?6p#}Eb#$wslf=!EjdJu+`xo17r?m6s? z#2e1y3fIsZ1RveBOKHZX2lm{cL3d|o_3)vk*l{vYmGzj@`OGM`s zG8eSU9!sKQX7Ti3p7q2^r&lB-LY#6oTg(|P$h5LDU~75S z!j(fJuNnWSlL9Wrj#*hJZmrcvaGTG1a{p$q1D=crpCsWSE}_aBw9mrtB}h1w6XXR{ z$;qH91V(LAE`dt*o}b&Golj9fJt`G@5fS!?$Xo*6puX#M4cb;)K!*#_)q@!l@EYP7 z>xR&Xv#AZO8;-SqDaWG`^^j+iPFp|I^;K88_5cGha8`NDl zb|jq=7RxI1+@N14By_N$$_vEe2egyh=LS9hy81=zj4%yiPA(>#hzSewo7W9GrXiii zQ^kIjlnrrGOr_MZByx6lRgn6G6CcVEAK{TC98K^Qh)c2O5#ken?LLq<=*8F7FJcFP z6=FH;m`aP$V+xMqAd4b{w)H+YsQY#GwFU$Gw5~XKW1^Hg(qOj!0}=<{ z?O93Phq!62h419BGk??i%k5b??9AV^{&IU(4m6Vu|emNUA=POaO}ziiaF1^0Zm$8(9LI#efjdyJzK z7V6943Bi7#Hh9zMy=pPmW6qtUow;7=85<0ob51ucr7P`z4GwP5;IqR3+LU#K$8kh@ zsHw!n=63F@g1U#AKXre6+59pn$IjgNXk~HHIPs}SQ1fu2q}>MX9J7#0#w(b#$*Mh} za5-!wb;)el>+?(-ItE0_y;(#!R`2iTxecytv6I^9xaO9bm1RvUA;75|3BSr~-fz%3 zFg9dAx6$FqUdriMRt`njEC3=~N3kOyvfF)b6FYiD7y8sSNP9HcF~_lGkYlRc5pLFu zopg6Qi-RgXPnIhyrtB=IYzyL^neuwMat=FR$CdMlx(~LzR<4}GP8C;9nep|6@FKw^ zCQo8w@2IRj!5u$0+O-8wi32ni$T1e4Uw;mExEgDT_Ui+D_`B-@kEiy+2=j3akY&|d^aF7EQY$f-Z6l2S(LX+d+}HX>%%<`cY3?Lvp{AMX z&COY)voZPTdZL;zn6^{uO)!@$%};A&`fktgG^oVx-_VmM7c_eEq=){&VgM=@I#IK| z0{-B%^ZTarW2@2F*g%;K=a7fZK%-yyL}D5URdfS=Ftm@}pQFR+G?t)5l6dS~4*ARz zZ3AxGW7AF=z@;-`*Dc99ap)5+Bo6%+*A2E*8!e~gR- zQPB(th=$ry(vQJ050UVSat7f8+vs9K1tOtS6I>7ARz zW4J_z#cz`Ex{)-r>bB8%tr4IvQ0<&z6q0LA6S@V3N-BjLLHPWH( z%@71Mv|1KF12hWoSm#^w zl|Z1rhY1=(rWO|sHIs6-$dq5TQ9lr@*vH)E$hg~|vk1k6U59#$Htb;!?n~&Oiai~t z`8jo5pu}Jp*sYxr;%8TFqtVyd_auu@K(0stCQ2Mm+c>cwWy60GPa5+#pNy15t(mRu zMeV#pCMShNp?X*K35f_dH$3!D=-c*$Imvb8G^crLwn;E&RRi5^wPxeMI&zZ2 zxMYZ#1op0kK*Q{C^FtI&uZz-tjV!@N74f_Tl!eWvBxsXBog}`MFtlO7@zl1XpuWao zMc?|=p;+TAN;79`3Wh}-63w6m(Jdrh!EIdvj==+Pa&o2KVC1RYUF~8{?s+Gju$epq zYc?LYqSs7#t7HlRD2YER*^79@hy0*wO6E?0C2hUIyII-vJ`0Q5Ss=v{+DHn3O*TWj z1cj09F-Tj~-fc=eP6eY$JZu~53ndoulH`vaCC7BO+%th=N06-9tU&3MdDY!*@3eOY zdaP-?ZM8O02Sww{$q?&biYW+$g;}@9I5OKjNThmrSdo&5qsUITU1yr~uO}=Zx!qbd ztE6n-*9^?uy=wWIp(b?O$${2P_}w+*AJy2CER|*fYKg*Fqd_c5oy9Z(-UJSJv=4B9u{O9 zk@mQaJ~zb#bK<{_)ru3%9%??{**SjQ{L*eT4#Om5qCtcph=HlGNTJu$Nu)Ne(y=d$ z{I4*mg;}+@CS|iK%v4Z;d=?TkoT;{CGRRDgq}2@Bo-j!)8>D6>XPBwH*6f2aFv|q^ z&B}$~b+$)g*jB)>IuAfh2~E&W>TOrn8{{Z%&}bZv05LuU`q2E5+2fo;-j!1gB&lc& z;tg5K@CaA*=MaK}f4e9Y^5Gye(7+hj)Aga=w*Ah$bD_{9)T4Xn~2$tZd}5P{dQ4x;mMX#jH9v&I~oHzRvZB94}U!_*VF8f@DpL z2CN0tn1OVitQBb{$Sc6IJOc?53JPnTh9kzOrc~@rfYop%g{k`LNS`R~M9DEIGZJmx z<_^QC3r+YRScH)49>m2#TTBMq>YqP?0dQXUvpxQEU>4W8i7}iocaUAHqY3jkgxN6? zC}?R!0a9X4z|lf>L;urjAY@@uf44wo+JoL( zz&u*&1*mu7r~4^=dzzSW_E0~##xnumKxpj2pSEH3Drqr={1hA(ySq=Hl>=>0&J8#a zJV2;HDWC|@SS4yQ)*O#TiJBVNlF>>OoJ^Hu`XSX-R9M?@>627aJM@8XqD|Eb`l-5-Ax_OxmErvQ-PFFK_G2A-+6 zbHzG__Mk-22XjnuokomPQf5~!-Qygu0_V?Rz=j=7!D~CIr9GPl zTZY9XXg9lK>MN8p76n{53t!RWA2H!ni4f;RBWO>}^!FmGjm)_*z&yY%7D$U34TEC( z&L~PTam`swL`Z_<=yYkTZ)j<*6_V?gfx2}?aSOLJf?H~@-O`qe3{Ksk(Kjsfoq)st zIAB8@pexKN9tK3f)(6Esrl9|XghxWmDHGf1S{>GBTDzx4GGYpez@9kKY77!7@hSAE zYDz7S(p#|~TAAmE@=`bXtF+SUKOm&%LEmHkP}=Uzymm|b$P`K%OuJlAW6sNmUgN5) zM#;;o#t$WE`Jsrb!mCEv4CG3JWB&NxmUZU;%YtSNfi~zH#5eB z^pZ-^ONrY7YZ&=8??IkPh)~!%lEV=ylhuuXml$NdNK2sLR<#3d{6tMhM zs#$B9X``XqvIG&^rPt0H6igp{EU^_1Qh7)qBccsT^u+4OBqw$piA36NG?GC`q%+Z=y#UjxmheCW zs@69lk(Sn=YmYM_oa-g$G^#iOoP4ht|ESRSX76Ad^?yCz28gFLq)NVOH>@P|;WVMQ z-#0f>;@d((hs!m*3I?jHoW9>fI&Q2_1x!>H^A0H-0M?nT82(*P)S z7JBfn#GyZ&nHx2b#)81yjEZe52f?!7WTbiH2aow=wOQ73>5ngWpN~k_f9XHnAw%+` z{}b-MAU}0qKKFN?k6vQ`r`;Dj-cL_EKebXjLDJc1a#<7y_jqqJ@5Y5 zI(q*6#g;v)Crnx&shQBo*hZ1IF#tDhpqwe-;EzBb0H$z2&}L*=^C2{%Ar%wi>t&FM z2MxC(`T`W05W&_+3w-DkDo$7s`haaoVDUjbhLZr63Wk6Hf#uJz*%;L79GgyoBfnc` zV~NE_(ZRkVKXnRdnZrrPCtiR#X&C@o8q^JK_S>4VxHTkW8g6OoRUEAdcpAW>$m2YFUCUPSG5Uc@nMj>oy2{%j2hC2XzKo_!YPpK^JhnLgcEf7_Wa__*}?hcyYqvy?eypVYv;#l|NQ*dw`cp#tHYDSi~ZM^{j)dc z#karqkMwZJSxCoODp?ge|pE zC`_1@YpB|UsW(^aYF>C8CW(xIyz^N}v;tMzv6-Algioo^>Q*CJnB09@fgNh?ZIT#q z&_;dqk<8GLgk(geu0%!Nd`qP2CIyX=3{%(BAyG@6V^4y?2kcftEpv4q@~xVdg)R^F zsgRrwV=XBGd=t$5j6bW898Lm{cOH?UEFJu-oNRe>%` zVYt)+?`3&Um+A7gh#vxrPj3Pwk4>@@Bh+MU#6za!MWDbR6~kyWPB|ITPj+Kb!UG7M zNk^2Uh%?DNrZX>tl6j^-9|}o9;JQ)=d2IklM$pOvD_;hYqLl6vfWjn_kBN+IzZGu+V7uc_cU7`hWd-59ZI{Lr$<_yD-=39{asvc5H;MD7glu zpSjmm%f4wAOw$}ft#zJ}a}+y=uEQ44XB!=09#F#VaA9==?w%r_`oKzD&qISok8#aw zjg6?{wt|KpK|>`YDX{fA}qpuGn` zsGH({vIJdd7*8W>^bhMQN4+oF&)Y9y*zn0z+s>#1g8=qzXR}Kng?Dg8Xs+C?oxhRL zGd7S=>ojGH_G5Qv8+ElZxx1^V&bGSSe%?lhdas0eQzHi-wi2zddw0}RrxoB7!+7NU z+434K^iRP;_+w0%&>#N^xOlEtW+^V7JTYzzR(t7SquX^|1>6riPoAXC1>nk%_+8CnfWGighGdWPH*)l~IZ`)?8FcvW&SqaIwI?re;67cYeHH%c+ z03c0O(=H5Vvkb>}dv;7p1R>g=gmBKdk@B;sR&u?;f565fs~Gu}1fUAf9n75FKGCZ- z&f}rJ);1=B0Ixke4QJ?DaUa#=DtbfJ`V{0_5u5XmL3NT~6=Atj(;eMr<6P~UvGIEv z5#kTA_fa*Pn#24*j>}e~ad`6cTZCS{`Wt%kL_1RCmI`dN=*g2tQt-VJ{IE$vXlwv! zh#Ya`i8?2%^RZ~RogNa4xLg<3X|J6roi}O*D@?U{_(X#BLL0r&GN*Q~%GJ&pK-aIi zpImU|*{7AveSkPyYtJz?b~Plai0TwRVp>YgTC8Oo1YafH+LTG+=Am;+ol6!)Sy;2p zJb6-_OsfX|cQvhxDd5SI20|aYzoVb~7yY9iO8qX4WjTjyCbPu_W>?e()~4qE!A1X2 zRlTrx5$VBAZL+CBq7FM+G|5*xj>#ow9Qbnmxf=lLcH2+e=7!Ch@q>Z2;wdJw=ai1Q z5f?Q`AQpin7x-o;bz~eJPv0^e93mV=oMCU07{*BB_>r-U`2d}pE0MXp7Zl!J%sB~V zCppQqCvqBWygPk!*55xodDD7-*l(S_*?)I@+CMtla$vUS@Qj5?=J;#OUL3z!Ux^x4 zd1(i|ji&5MZ*iQ!MHZaNLl+aqq~w|2elJ}0fDt`X%~h2)%rR%PLb2#Ykv|qM& zTKvV2R;Oz}DF8*8k!8Tf)YHv`%qQ)C>JvK_6VpP8zoiB|QLJUmF$>DXfklLI@-x@& z+v;_4?H+L!5gyEP*IxsNCuu|QHpCw@rbmg%rYkq60IF4n{VQs2_UtK^PN&4DSdw6- zWZ~n}w`UjqlZzfojNW0jSgZHsq@T2Fu_4s~Iz3LQx`{2PGZO{uC0CN@t(*{kP33z`_)Vv z-RrA>4BSSg12kyG)M0?bkFFlW-jcem$)L*C7765a2|6>8o>; z>DLa;=yKf$uP3j=Kn}hR%v-gL42N1M% zpic%#ScT2O+oS!Ig>Bijn`#FgQCP<@D4c*Ysv*gY;>cJtnSRXgleZTK=WY4P#H!B# zYW*Lr+G#jLJPt!}Jukh>R18F1dDhkU(A+(5YK0^qcq`eN5)Z#(-~~=1t00;ai=is` zLQBba_FB;P7BL@f+Cz$i4;W}VFf?$-q88|2tLo;Kd?FrdQHj(v!oFquf2)q20UM7& ztZ+ATwTFX*o6uRZlO!9xJ^-r?NEIJ!8>JPN=sJmX?qx@qG?FKdJnW`X)S4id2vO@@ zQWfp@FZ!?h=jO}bP)AOqjyjseQ9D6$A50c_9Oj~kIBP?P;h09!IQZd&_{^p z3ccA?E(vqNtMdcs$ONiCa6W~zr=(M26c+lxnaGWRU_t-XAqHTc6vT`JRCT4zHQudQq-kW;flta zneY!GDqCnvN_EsBAAl zWpX$3Y6JP4MJXg19RHVF&aA}xC1XK2dUt+sRxAM~d5E)sqy?;XpF#ikuMaOy`p1WG z_nlDi_nBtKTwz)9wusX!8jvv&ie$@SROp)rPDL$tZKNlsuA;Pm`xYN{02yI8khUf` zQ5>iG6_0kzd8Xx<{x8+X&d$!xi)YW^-<_SE{J%Th=R5z_efsj*)2A<mEB3xvm5 z2@$B;rIvp3S?6GKuY#2LU zxO>8(-(kEYs*a6MD0Q>~*#VcglG#s89KO_XB2Eox1eLu*-*{5SlAk3F=-|3HjwVaYBkj= zI+xsB{YGj7gqcYgnIpqn)1TBZXcL&;6w@#p z+u(HI9aheD%K1)828QhnA@~9OUchSB&TQ7nZp;$QvK%Ke-)ih;b%t~MEGHRpf$c0} zJep@@C|nIv`#u}5VO_|^k|4-~IR7>W2ADSMV5~OkC~&F@&t%=0ad2_0(3Ws+)=fY% zwbZQ|te|CL@o2>xWE`QvlGhodj{UA}JG{xYwzts@yCaeeQn>hPxlh5OOcCLKg5O;d zUt3$&h#neHAGP8^5B`0FZjcvC)bg9CiCUxGfo@&{1cs*u(qN`q9mN6I93}4LuA`dg znV|i~C0s#4eStO=B6qCKx(Ro>Wp+7r=$ztNYMg6bt(SKsH%?|l8tN@a0i!#Km|vLe zj32qS9-ZrHZpb&+jA3XATSPnBH5r;rqDyHb9zPBUH}TDzN&@`YY!~FXWdgvY3vn6; zl12e(CH-hYZzJtktt7qwoHD<-e7<`1Tg0?Xa&73p1Y6kzBglps=%Mb;PPdW4CA>)? z)+UsFoiOX`0Z!i=>&%wP#now;7pAMy?MyKnwLi0wo@gDeDX}KC2A`%$FxNIF^@_G( z)tei1ZKRhZVaiw4TpRpw6`u_CG-guE6pP$Y+#+luLV%zS&O_D zNL--h=0di39HLEi1PPfW|Gw356N6YMUK_%ommf1&C2qoI7Dt4`Pse(Yj-Uj{-T-cO~(Ig5}kr1AiUmV7nfrzS4qX z&wf##j)8GzeE!roeQlIalBRm93TxEZP&00U{Fw&CJv#2?oyqQsl<0QL0jOO6l1EBKK{FaP=NTm1s* zO}2-cL(H2RNok$rFZAJe9S6|vv!g8Y;JHMO@$3%n~MV^ISvK(tOMblf%_{C6shECHJe?{8H|w* zs`C&n$}FTBt4=Nigjt?pBZ_6YT@2*+G*?^!5uMbnw}8b(9hF|r%KUQ;T@O9gs6nd5pM7&>7`S=qDDcb+bmK*p@-$X$=hkDRu$}tiw}_BLyr< zq1Ex+79gO89vZx5TaMqQI=Iv`g!nig{ZG)+Ez@%-7= zwrWf-swC?P_#=lb9#0S*<@SGl2^|C^fK5#u&L#w3QN5=$GTugJi4D>#m||>t9R)Xr zRLdc`MsgaB>@|`0rk=7ZqnZaTdpfIQ+tNAj{)5NpqDRSqIABL$cZumq0M?R zF7r0{GY!X#6JKFtP`trP21NxL=t%7rGU!y_CS`#v)8Z8KUKj%+q%DXxHqhb7YPh#E z)<#jCmQ`ssZSbk&-ojq=!8%tXq~X}Kr6g6YU*B|$qPHN=weBX2 zgJ2tltk4zQjUpT4>6P#{LYw1gSIrV+>wsJsnEObdE)aV2cb&)s z{inXVl-T-4)Ram?QRiw% zBadq{_aTcz-;$RJQww*o<(zvP5*&@(B-u#_4#>-x#F1^E8T%B*Q5#YfrF_<^Q(+i( z3%P)x2R2-87Rn_1E~r}IK0*f|7CLpW3FVWBFBv;Fku1q1ymP6((1F7ZH=PUFo^S@q z5?H7j_?4?r6zR1-3kf=Xufqq~YZJQzCyGq*04B28FVUnonk;Du9 zzYn}SQluoOdF_G0{$M~49#5onygT0APeia`Y}9`pb&)AIN3KGicWgE%TJt;;5Zdwu z>&j3(lJNjDT!^hOQUj6`qBa6v6?qz%6`rs}aGHf83yaN4j(nAo0bUjWFwMg?Oz{Ji zE=%DaAsN^umg?rH3s5>#trR`9&J{0NE>JjPCU+9&>kkE45d%aIJ9lw7GX5U z3UQV!(m1<&QM4CD|BNW|^!}g`w5u+`2agB%5Ax%qX?!#VKpCoOtXhxX5q~cgvm7p5rg^&(^Iey)U44rGhr`Yy`F_|W|fxma2$6!7A6{vwuexD zDu7NJ4K_BL?rg|DCDDd`M7%c*)rNJD3ILM0fa0syO;-ZBbhVvAv||wLAf4KWm$ zY+pn+!jx$nlZ_A{keUU{R>hzxXhJkSs+T^qLSDcDB8^ln5JW;;NaJ>3SN4t~AeRop&?d1OQi0eOD*|e#A(&6 zBwi*UrYeJt^T4{-yGiBOs4_~hfy-`x=bH(%8&IuExvYOo22^Ei!oDhU-?p%B>|{+@ z;FWm8z#a7Gp;i}#S3Kc)PQ}3eAcUhd6H9(CtNXrD$f_e(cj96vqpr~y&h$I#=FjrD z&2vR5&nGS-`W{&K`X}yKECx1MA`vz~Q@91bgW+Dmct7_T(WX5KgrJ$sjo`EeV*YOZD4)pcL*QwiKSzLmxG-KxF%Xq(MsOwukX0I+cvb`LK zAMiciZXJ2|r6{w5yg#h*U&gU7^;(0N$<9Lwzn;JbY_seZP6p z$YZRfPVciB8`+E}h`MToE>MszeHC|0w(CrkJWqI}Cu*T4sw+t*Yp8KTwA`!EcYT#m za}lC*fjXR3YoTO2T`vM1K#r#v`=jLY<#6WS)H^Sv81?}>KAL;%w-4T_ zB(U-eKN9QVrJrkJ3!O%Bpqmd^@A%W{sds$d>$CG(V}p@J9{y=G>oadU_t=qJ0h?t`BC!pFS<(+7w0Kn-iJ@90s8?U6DJdE<=yl{q*I zoaxa!Z|c-8T2jYRVdrMSZ^!CDKHXxuDR{oCoA*aw-g|dqZU%&~?-fT}xKr zGkizQyuiCMDO(oWdP3kc@bpNf8?~QD+X{>|wDzU~dWWjqt}M5!%exfj9V# g!rQ-H6=(n3|MtKA@Bjb%D*yoh{~`SIo&bUi0L>gzO#lD@ diff --git a/assets/artifactory-ha/artifactory-ha-4.13.0.tgz b/assets/artifactory-ha/artifactory-ha-4.13.0.tgz deleted file mode 100644 index 08393a4413e3446f5e951944b8d4f7dfb497e7a4..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 158052 zcmV)qK$^cFiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMZ}dfPU#Fy6m)6)5dp+igfmcARvTkMlaV(|Qxf{#kCjeRlV_ z5D7_$DS`z++uFqEIT!N2H+Qb&_uz{JKSjw-vh6XS-Nqt;!2lQxW(I>9NI4!upA$NF zr?9&}g_L`9I19hJzo*yh^`1O_EdTBGdc}YH{q3Ev`j2~09zT7u{dA}QRj>cJ-{1WT z^zIRd+9zQg(yw}VZmZb2-^l}`h;Ya;iP)e6fDbtg$;9&^=OOYi>H0`e2u8sG#E|j` z(aK^Jg$Od_MsS7(AWu~t7~`K1Wtc<*aMka?I8J{)_4-e}-A;g*PjSrUyB{Nbg(!m| zI72aESbzb?FoF|A0ZZbTP>!PsfMEz`@I9d*hW;g-h<9T`XOOc;9RNlN4gsrWnJJ=T(nSvBvdlSs3$tYon`Xu5g z;@5p=S!3H!?VOwAkHfoCWzhh2GGd=`%injyZs{n-+A)%f&YJw zXAK;nF-$@Z)YJ&zmNp5DM`WrTt?&?Tu&hfbCLj2FCaLYeBD_Cd%lkt1AK~1?Q6`Z;KK*t z{iJB~63so9j4sg}+}?INlaP#HDE6*3fM;-m&d>xiPUi!l_ax>9#J@yTvv^FhvZqNH z4v|k0X9@xUE||>?h&O1izP^JqB)+dHKI-kII~ed`1V#vuD@1V+pa>*PbX}q4Y2L^@ zYe)g1X=kk0p2W!GaH3jzM>raQ6B-~2$QZ;FjS)qWkHkFmw~8%*?X700U}vj@y=qBL zE{x+4BL-l|h$I3rg*R%L7}zwR<=YJCRtErs!2o=?)q`jupvLt*!OSg21^0{_Mf*K zoz5C~O>)9zoP?niC@GnNnBptQ5ul1OV8l9A9Hg0lbk^3up2Y^(oN+Y!1l zHCvM9+8Q_$Y^6>V7WKkJFr99ISscQ7SJG|Q>c_W3+19sWW9X!OOZGyNz3Cf3H<-zx z-PE&G&9E%gaRe-ZM2=s`5se_nS16o6vb$O0!&ewqG6Kz@(T#)@0xju+5MPQtCkZ)w zlzpW}0};Ftao+={a&-X7j;k6FYhLIvV1z<)t)?*o=mySWxm7Oa?3Gw=Z&|%PDUPWk zGr{7`3aB5(GMItDO6<>K5EF&~6iB)0glR4|ngbRiACKp10PUtbpzva#Xc>V3a`*<# z&E7wfWGb~1(RuN=1}_Q%v90?QL5>2i15D+CTs&taMBo)&kt_2395tF~4EsHmoZxB$lZdrFd6zYwoBHuRqqr3#n%CUjNoBbL5EQ4kXx z@$5}Z0`ubv(UDboB4jM>(1I*M}N{F zD+X25ggyJiTpcmS2}7PLdo%_S;ea77HFyO~tP%n45r7I1W?+IML7GR~sW{3Pj4czy^O8z>2`q8JaE3w@#V zI|6%07SV#8hLEoiQ*twRMxoJs9HB77g;O{lW8amcK*~WYKH(_+#6vS2 zf*|EK3T6r8f=$d|l)x}d`GMeLhIOzQ`ie;8N=YReAZ-$^=C&>mnU+Y^$m<_+HCkIv zKxPm}p01^&zP%v8VyvOypL!m}Y8Dfbev)iKc0g@TiXRYBLUVCbxnr2RA~PX7Mu=Y% zdKr@t`&ty%5MY=!D(D_55CZLzu|`s3OoAZ_rD$k)z)Y&dL`Ej_iWyIDCsfrb9ARrPqy?sEx()j1`#2|3TEkIE(*nyDLJNf`%_!;z30j3B0# zvH0{OQybzn#9ZjrZZHBuDi=l7-tU1SlA|s8k@$mM;94$z9U`Vf%-rDSauy5P+b=JWIg zCn2I{r;*&5h42d94MZm5q;>*|eoK(emuF}uC)e5SZy#gFy!PWnj7+aL)2~82!&TM# z-xn+G%1Rw2OT0Tdx8#FUHDkm7@2%QdFjKn+*evs<7jo@wJraQCBmu`i4$qA+Y&d;j z7I}a;#G$f#0YY<1pHzti9*jfEJEo4ULI)IIsrgb^i}r*BBydh>_y~juULm=o$=yLr zHbAqO3o=Y-n6G&)rEaO*SY6EI6iWct9LJ1LFj9bGy%Ziv)qqbCGqyR=9#g2ALixt0 z0?|~Bc#{ehxev5Oep4aAZ6opH{2^qErhD>MH$(WND27wPR}q(m`LI6^_zqEPC4<`GLpf7q8&y6l9}k}{K>ggVGql&c|C{mq0#$~G-! zc&**Yf<0SigfI_4hL@@GVN@7Gg7NP_Wkzkp7XXi(+_x8_E&VEsb zOvL?euBcR=1eAkUr|HX+XefAJ5~o|4%?0I_coL&1w=I4r`p?PChg^@C`fAI&H|JA| zV88}oTMriyS_p+o9vXlR==&(<`$ErrA+{4|LtA)%zXn{XI4P^8Bx(|)2+Rmfi_DB=kW z^Mbi7_rso0*rAa34lu2qnpo)Svg9l1UncS5vJ%PH*cg;ZJQx3#784*5K+vD&ZN_Tl z2v9X&N!jSyO|j+ zNlsiS&8?LB1zy+zZJh|5}T= z(a~J~mM`9_nYC#lRa>%&KU+qV>GvuWnT2{xuUu(K>7hHu6V2k8*)%DcfhXRL;2=*uAv@1Z znL53j;~63eA0nSbLfqJSl8I-BLg0|6Cz4f56PVagag@OYM-k>AJ22wJ_-=u}9=zJu z3ZR_R^SSeD#vHW1lNB7|NHecb?(v9q@W&e;&i?V@e;9cvWFZf4=WrJOeksK8hoxyms8zE6@*q3q0naIliJQ>yWj7n1FGM^g(qN^{ zTJNmqQ)C=B0^=SaloJMw--3n-HghgZTTS)Zlw31FlSrD>(l!BPfD*#NCJsPvDwjjRcMY!$n zDj}!?fYJ(6yoj)c4vQDKPSC5xG>(hU7Lg55SQ*GuITiM&3U2NGAl_pRGP{c8{ye=ww z`x(2c*P&&U`C(7;BTVJanMC-v1nDzRaEay~I4l~`A`&3wWg^d~})#<#3^J9U`cON6wXxb4cC<}P1Zh;dON>Z z|8TrFJU=|Ucysv6?S}4e-tBR|&{a=1qrK^17@|OT&J}O+etZ>v)~eB?N3DE=gTD*Zi`qn@-uT2or;?+|gW z4p%WV$42@zhw1Uuv#4F-mz@V)ZQ(4W?)czv!EnG#*>P;{i}IA!p99F@0KCiu1Xc7x6}?a*L{5~6A%!!<5$zAu zME5JdZtJhx4LEMsBf0IVrt^4y%$kx82$EIVg9f&>)T4>}XsmXLN7C<1Q?n?-NQk8E zP;HM9;eaA_up*tmBnKpsDXOi8`qx`Bv34Kpc%jOwrVx>Sq)LvLi^(`Wm~-}Yk2go3 zszSmL)r)P2YHxMc9x?sM5M|%ODEL-+=dQ^YFbdR9_YBF?SsYFH6zR)Sd!k`cj;fDH zdIip~HW}hrO0iG9p4apG%F!oDU5*@C($ObEneTydZBTz_p3kKnPoIK_KI=czLtp({ zFafN1ihd*4B91^DLL331I(hPh7-7l7BumnxYrt!2VTx;MMlsoBtn-|DV+OZ_gHCygXfk-AK<8 z^O9*hZ)R|lbrdZL7`e&H(F2OEFeQ=nsJ;>tJ(7+AQ^?JgrbJ&X;7OEsSmH#8ViZIO z1!gs5?%9gr=zF~YGFc1-9qklzn6>+pX?CDZi)x=59-jSlcy{r(Vfiy!}TF+AKq zJ3PNQeD~AEPkT9ZUgvz@74Ln6=4WVZOSKBnY_6qGH-fe`Qpu;;*Gn|l=fo!mCj;;r z-vF`DPGZf~XJ|G;RO;dkZ2AeMDB|HXDY(hIaf_Q0;H-81|UqlkMmc;oq* zN81a#JylTgKQHA=Ugpu3wf*6PtAve8Te2E8FCFK!S_wBck9^N36rBAwrEh@jC-J};pa((j2%wtL9&17&G!OKKh zie`kPmc=|FiOJrJR-{Wn>n1!p!*{CBSeRC2EUfOibo9=_6ca4lR`G0P39%XlEFOne zwe`a2h72tMDwS*s0UV&DuW`5x z21Y^4gEDXPz^X^MeFrl~!J5&m9A0IFvYHe~7G5rfmUqF;pldc$aZ}4`QC;gR+{6)2 zLc;-Y-UlOpVBH1k%6tB2$_?BTIt;kIb*%yxbF>;ZZe4nfb*oF2Z|dmNH1!Dj*1NCn zxVmit2%Xqq4&>{sBboNTs9AHj$ZGb(hZ0?=A+v#*8SuoX9L@&C%F0#KR5|X0g7bb&W39v^ zP;~ik3(Trypc%JSgC|3brA~oBy8#~KDB&oNwW;Xo8lLtS)Mdd(@LNK%ZBT7XgOw*l z?R1}hE|!o|8>gWLPQ?tA*G!?WwOf(XFhC{tsy3;H8VL;-^5bHi5?ij@LrRUYLbW)% ziP}&twUO6u1jeCyWlA#u+R$19v!f^ug}g&b{5tz$a4P%WTAeDLjvbB7d0HXPjb|bb zoD$0Q4aI|#^axD~6d}2mc5oPhesB9RfGlTgp-IG~5rssq^rVvUC}cGnohs>tx9#@6C4aczqixt05Gxs=7`R4B>kbjr_e{I zh+-0C9?U&Gny=D}eveA`SPXG>3h^sVqCF-=qhIC7 z$#-KWk63;+o(8|#Q2ryG#3d(k$YrE=ppN0J+eX@iZ;Bb=O zte1C7`LN(%W*<J^E zNZs z8)y^-Nff}ypAW!}+7@i5tt&{Y?e>l(svHZU8k`{*{7f-NCy{T5BiQcszQ-MN_9ic( zn&W4EO2bM13{V-d%NNj86vUJBLpz!noc?7Pf*q<79%0MuW z;0*i9wOEL+=ImF&OCsaQzG@ptSifI_@*_Kw z9p1~bD)z6OJPWh>2APF*W|nzA5;SlyzTPYR<60_!ZBpm&lZKLYCr3|@dF z;yBEL+O9a~hRYx7Z}Khsh$FrQ+?+C;>l#Z&Zh2%re5k-zXme(`g#7BlYegJvFK*3kS}4|$t&{+D zst3t>-R***jsqkEK_VE)HG3^&BfvO?98Kn0=r_Vws-dKWtyp17-?c+tzlw^3A~1P{ zrtk_A`jV0)3eLy~N6)*t55-y%?euGmsE;BJC+IarXc$8uJ@4j=l$$l3e7P;!N`EaL z%74d|+wHz4RK;P)t=mm0zivHBgFs20FJ*{A@J^$E*3RQHYrZtlvWucIL8ocUbs(R2 zbLDF$BR>~8PV&5~_8fcL%pYo$Hl^)*+>}~xFRu0!EH04reI4)2FBqQ^#@?w2jYGYN zo0m=sC%-Alb3>~;=E?r$-IR7FMVvaIGy>O&1 z{iq4X!v^~)HdrYN3g#Wi*i6c%k<*jXA`SMiJtRFj3LG&)DYOFasHNRq&eMMh8+vc5@D zvpmwKrbIafQ-m+Cew{?&3gezul`Uj|icO3X|59B$U%rj3u582tRT^Z-r_00F-ks08 zvU)Y<(x}N+#a-35u-D-3u1PJUIHgCIMV)Ey=OGyGfS-1jR+nUba~S!;(c7G8C1pT6 zPWf1=TApyz?UL=>gNjuJuD!aoP+zd1-c@C=K(*5v3LVdlw&`i^WuyH3ImF^z7eA-9 z?_Q|luFCh_mF`caY_F<@EFqhgr~VVjl6P61tD6*8R-Kk&b$?hjs`=uj)f~KL!=0aY zngq@kOt3=CXFT(>mi^AZlHDql$^kI~za@S)%Cs%S)EW`ew3HJ=7s$7*MAjyum7<9m z81<*-CX>=YltsK1q_$>3EGGrG5NtE*%IAZs=x4rwY#?1X*88^eq*}e4v7x;GIm7`v zjC?we1(-KzepEHqO~o^e8cQvWpS+K*=d}W#^mDHL?CsL+?F)3tF$pTHgwJ!|b1ho0 zmsu*+nrubOH7YNsNh^K0$@Y0?WxHv4CJdcY#PB4-(L|0|?u{J2e3>Ey@m^+qKD>!B zH4fDhRP`qbv!+(fyh}azH6;;0kSQTGODOTKieecRRDNBK{xT46(EJo)TDc4>N-17i zS=&Y|E59mUrz#`%8&tKAR28clAM5LKcqpsW5Kkf${7Azy6P2utN=?ZOo4Nw4Aan}( zbjar+(&>ro&?%HFB2)al7?moGqn!s&dX);Stfkke==Y|dw^qu($XVxSJFL62=AB8J zUtY)lYzp?nvC+e^(U&_mTA95(SaDXe;^dgzoz5nt8oyX|Yk7*MpivT{8i~?;YLA)) z?0Gk>UYaD{{3 zmS>Qvv09Utb#LPm%^!hv6>@U$qAlPowQS{Kw7p$?_#hjRmn8I_AzrB#Z*TK^MoV4k z{!cH{dzK~LNPGdWLNdy(1>TRIl(m`qEIjBCJCtMrb%oQ39F4u1^wqxK%5ESS5r)Nj7T^cjwjKmYmhCqFzc5vSRGnrLq+ zK3T#PD)++H0;T{d7K>+9lnc@ZRMUttPA}VrvVEsbl&sjxYMd$jcAju)tnuXsDOXkT ztsJlt^G!mIPa)NdYN@vJbrmblgR5*UhLj(MGF)m~mS1SI03mC+2>KpWzO?0~)V`%8 zQTb+V4ZJ24G)kX#JP%PPy9#Zh)9B1rGdKq@WJJb5%QE=L%frBzH=?tQE09BZhkYai zO`1DPIx31z*(@h^!UnmpG!nt zBDVHS16&rInqUDi18}JGOKm1HP*3%!4#4)7-R5j=a{8ti_7;5aSAVZU=^f!{0Dhk0 z5XrD`5kdjr*F+4z3f(C~3dtAjQARzdKV_k5I9G8@boe=$1J2Mejuch+P-bK`G2cW} z8D&N?91;y>Dk~ZB(d$?!A_Y55GM5V-r^{7DC#Z>&u6&_tJV!`p`$t)g)2#n?`fZ3a5glL2~O4~GYlf|Xl zkwrAlxB)m87|9Gl(3jHJ(W#g~3n@FNVAGgHW9H%b#rlVLuZI^$r!u)9Q0c1lUn-cf zOkXPI!k#7*V>tb2rlUv~4Kp}Rp)EP(s*(?5=wm)NLFUw3Nn|Inj#v8kf3~KMiV#{k zhj@!2|2##Jrl0TkPk}OBvO?@SphACaW*Ic)#K;siF~uy)#YLiUZg^$sO3lLMuj6y+ z%v~@7#q4`JeQ6+=7!0mpXv91v6yDE=jmvMo8Vg9>khkFOdhu$n$s~CPo@OJt>lixJ`rUMFp zwB7;mA@>Ua;D`x!2Efsm(l4}(?mQ}$j464Ke13rgQT}=M^JQgW>9BHfiRQY(e~72K zq$uW!=hfl&NAJMt+0jpX=ZE0U;V<&-KcfH8&x;rTh~%rocLx>4Dq2y=MJ~_`;!tDr zf8N`D@GzWt6Fmxg5X7|A!?L#=|w`ZC}qe&17`X{iKGkCC8FqdSNyjE4kwo= zDgshfG#D6TCPB%fb*LB-`r>A{_m>MFQGSuo&<1*aeO-j8QM>AQMFmzr8p{BsWJGxP zs_%)%$w5q0$7p44pi?Ibu4zQ+JT${~&6!S~38;95X|`L%kAP0dBcAMVWl$9O+=-uZ zRCCN>mRNRxVBV-urv(t%iB9WTp!>&-G81GJKm%=DO-jwUemy&P? z_pw6ZHFIjnEl<$q+<$Q2>$!X+pQAO4Em?1yma2WoJ^;?%&%?*=5664^?(m1b?cFDi zr8n&b0TuvY2&|Jqoe!2M`GoBhL*->fbqaDd3lh~V2bb&HYqj6&wWqOs?9|lcV+PhT zG!|av)XAxWr@&Sb#>`1?k`=c)hgc6YWn9s&8HpT0;n1|cI0 zJ!?$KOl4~~IUhqDp;D8wgvs3Lc^*(2STw=WO`5Ez4zCv*A983t%HgC{vxZJ7q-FjA zXi_!Y8Wew)rZkmWPYd)$7tIpj>JKL4fNTtmbZa0cBm|pMM@>s`3ddvY0~z<+m`!Hc zyrp4{Wo1i+SXg0oB;_WPj0@V97?VlNKl>}a zgbMu0NXYHdM0%Fy!Z0hQQ%;akp&()fDh)(#@s%l&!kH$WYT{8{x=c+O9wuE4((^+o z_GU@nR$)c&rcl0WOv%mM9VO#2qEaex$aw6utegvT=CTOKG2%tl&z~mIB?>M$g%KMg zdVwOJ$cU;WdS-ZGXm?xI)0u#kxo3pH3`PkI!!+%)Ssh~hSPXsSS+!j~lsQD)-1ZSj zDaz9p%v?d1DYihW&91R?@{nbT=`*`SHtPU0Gv_MCtj>jzFeDbIe~Bm4d>1Od8xgNa!*?R#G6lCK;MVjjBn>ug;8J$( zoBqzuUsTDP((6unel?pFLYX?}!G1m@B1@S*qDTc053ra#8P$J;_%%XmY+{Sm%Xt0; zcE7d;_N6rnn+ye*0*aX2i&Z8UwE>yr>@r??Kq3T0+X94cqDJ5n(!MUCx06C<@2rb@ z!!sxg93Sa}HJU^^0d+ndYz|U2e1%sCM<~ozPbsrVDwiSq$iXlUAvoo%6Vlu+zF0PO zZIlF1p3q3kXqti_c@yyKl}vu&&gN7lhIFfk$?g4W7=?{XPG{5{b6=UN`?}{d9HpjN zo$LjGBn}`)#wjH=I!F=tjD#VMCO^s|sWy6+PQN)EwWmb4uZvh>0+9KD(nTljOfxhi zbUpx1|9k9Yul+cYNv(Uc^kpbify%1e6;=C=LH1r{sa!|X^Ne3eV)hf2Rte3d=A+`8 zYtY%65oO?rT&a;t<*8I*yO}Z3gNb9kxe@(L-`H7-2cZ8%zkWZvS!g6rA_X^x%{<4HIc+^Wt0_5HJ24u46m4SOi_@6x4{%~%YbF**buWJ$|O#p zb6gHlsPgz}{s;gkA)+ul6jAEJc#I=?fRgD7(tTW>%;Pa|ObJJd8nc+swU{34MI7&$ z`q@JN35Gb(vcBxI!^oIBf+aXpNCW2?kcaE?tU`I|nxl6HA_8ERI3jDa1zuLR< zADX`w#g7O6`ftEr*Fa&+^8wW{zbj zZx=j6%E+P9V5+m-QG!D*wE@Ib-bz{Kz2Fz3J)J_4%lc-`Vxe!P{ipRY)Ut&T&hm-hoG0#<3K00Rf?Q9hcgx9 zUu$7G?}L_>h+`N*fy}q(Z-?LRBeCMt9Icrz=WmDh`%Y$aF=%?C6PVd%l1D(AIDn4v zpfbYw+&C3k0Ks0ur$qL4bANA3EtB>`z@%J=41u~2*-Y7>X~D9Sxo zf4gGgyacW*hW3RIJ)d&mx|e7!erTr*?-I?0e6!Yw)}Yg|ZEy^6HRJnxZ_u1&o0Lrl z6sc1}t~l@ho;}6NplmV*YFxl2noCqlEoA#wK2vj5mgetdj$bRgcPX>Coz*)%qR!>$ z-VkIEb1BfhaQeNTv(f3;Nuyh#(OCmW5$4&+7V8K$xS#$Ubc*uZniA=Z^rk&9QUUDA z<74cYw_5%ZlAC;E%-eX8OUVSEHS47Im7|- zA+;z;DFhIQ(kW9Q4MHM!!H`TQg0_@}bPc#>I|<1|zd)1{Du2rtZ&eK&dPs~AXchgC3-*9%%H^za{3%Yz3cXfj}NC%c49}F;05fQ4hIt|VGh|j?E#-8H&k=Xk5S!9hkYbtQ_+kp#^kN2YF68~x44YCJ z<)fpDJxL3xsk)HoDg{`Ndw+RSU(5#A-~R5Ir5Y3gZTB8meXmAH&AQm!FSNuCwjcL; z={RX$MwKq9vB-!7^XdYs4Lyx%k*B+b0t`hpNT~1X5G@^o%c`#oJnmI~WNC>y036NY z3&GDWw5cefN{RxSZ5sagn@O{?3^PehLHnjUE(RvVG*@z=nn$^1)QLW zJErW7K03Pl2EP1Z*V4oB0+@kGzsRu>ABrQDAs%bCDuJ6{vUhe9=?C3|tRzJ&CJ{sG zOA+U^eD1eZO3svO+@3qT?H~87@7WaoBbzHFx~#PSWl|5&^PF*`C=d(7>=fC_@*4N! zi-^Ptn-;!YA{4_AU!inGgD1ObwaLG5Y?n5S+hW;5&hUcnH&UxN9A7A$**0U#D1{AH zbyzC>#m$wmP>3m<_#|XPjlJrt|9a-%ZT;`gv$TS(iY+m)jD=kuGNDOU!n(Lb^Htzo zqIm{Sn{h5=`~ZD1X)qkV9rS05}KCj`*K~clLr^~ z+LBSge{KH9bD50AlSc~g~42fP3q8(WsF&JYK6Wx+c0r)Y-q zva@n@&Lr0C{84MPx`?$G$ZK+;QP*?#sw}pj=lW}FmNL} zbOF_l{PsYJ9Wf^0>lb1w?2*afY+m(0UTtr6H@$DRKn^O5aaS2Cx)Mxxz29Bm1|y2# zWpUKnxJqd$PRP>>A?^!1mh4hejEj%kkXz-U_uS&Dhax?&1w=0(M3Ax1RLPpC1 z;J?24&#w0k=vL}zHVxOUAw@k}RqJ-|tkxA&It#H%Ze;wJ84JmH91<8<3(3g*JR1}6 zH&>dg-4lHT<-URpxj)jdZiNiGT`3{v5h+F=yw|1%>zeV!g!1Cd6x(=hV7PL~Ky}@U zP-6?hN&ZlSYBN?p2#GrPC@}ePT!g@DB3`YlVlW7b>O%%eeAF<8oMNB5=VAehA#jK0 zLiPH(i;J*qyNAQdF98alSL|V&lPI%7PxwX?;26lLnP;aQ&a4;M|AyJ)hu26R+2AhdGq0~`ykAmp|Zgrn2!I9krP zy!>!Y08DSj6LVkxfByUb>YGOY^WXmuY-*F9IxGF3|Ng&ki4Vj7`S1Uy4*Lz|o~w%} z<~TwFP&IcdrzOpOa5S-@I*Sq$b%mV(QaL+ zA{yg0P}EV<55*cRL$9RRsZX|>_fkIHb@yag`J#;SS`a%#P`_1`BZlda}2`+6vFK4tfGi9#9>0w z`II6yC80doQ_M^Wk!kT=)u0SVp1#y&St7-E8%RfXiO*q%A+-%sS!z1FWkKIs`i1F zgevdWX92oSA}tj#b(dBLms!(ydsO(daxYC}PI+`)g};vNkR5G<=k}|YRvqnORKw(Zqt6L>ddQDZPoz#wsrq%BG?u3?G4rl$w*q2!PWb zNdw0t;7C?S3S=J1is5c6kn5~FCy zp?_&^km^~h=)LQdyhaur#&7TTO6Tf*?eW`i9A8yUISO~G-8w70Bl9kaYv45w(Fj3a z_Gsv6u4B9* zuVY%w`N5d=UUs85#fzRNnM;YIeNIpa8OOfoldh=1x~8h)EmtNKz*Fxp-nRB_5J>+> z!vS#2ufcBb@nbpo9MKt$t;XAh2d91ctC+qkxv(TJdg=8|p(Ztg(I5--U zRI>4;_uR7K_N1BCT5AiIA^^W7C_x@m*XjSOW6zL>qc|})09>tRE5E2}flP*VVdw&p z@c^uU*nfL6JRC@tUuoa&$}5S)@=gQ;U(bwVQ@#ulTU_i7J_&$>Q|d=zum z)$_~TNJRz5(WDE5z|{@AoVYOwT*Q4>w&`ADK9zsEFvO4{))7DU)ZcRFT@!SOW9d_; z`LJHY#-To2>Mn4`gm}_p!LeSBAhli^a6PZ@ZF@V5py`O;1#sr=SO1<*ArO#>63e>p zPR3vtZ==`i^`1O_{FRPSQ~0;P+w1Rs)qmW3^7!eK?Wa5auX_F6C)(y=oDf4dBf^_2Wcu_L*sMvql0kP~-|=y_r1N6uo3;=5dGGAq(Yxl)v5z7YeP z7vWVGz$Kc?8zx*Ru;!kLtrQ?*2d;Sp@XDciao3U2z(3iehs9iPl(&aaYLb_sRmpV( z%$60dMMU#*<#Ge;6L_pBNru66~%<{2}SI;&~|j}9PFL%z1kZd4m#&V-A(j)ntfyh z8A|W#Ka#;Xa>4UEno18|U7YR>hd-a39lTiIG#5rEhy&M6Lt#mK#hE%R_1>j#Z*M`q zirz$8)pUuv_Vy7>D2hSW$1U;cJtI*J`SgYJL7IfDF>p<3J@|JBqH`^N@%p}{6Eyhz>%r}m2H_B6;q1`ma zX>8s0tM2sVK+2ni(TGXVmX<@{_+%E72u1uw$&WlznZTS{nm0GWWl2rt1{3KAs9gtJ zvRTs~@Llh_-at9n*dv*prHBIASZb!X?aAZA9IL~T&c;E>HB;_DCQ*}>C%15rCe6bM zLsZE`FqmO^T4{LlApOhcpH-r=PVV99Jwsr*Z=V8uN=Y)AmNvy7k221A2>og9qYRosjk^LA2;smq=jFo0 zFAPL-cK*8i!``Ks;@*uI5P@a+(Z-inEw5sE;7IK(0IN@T9?T@zY;xT1mtc_zk_ z_kMPh%2QPpWZ1sS(zmyrzaIZBf9gCiQd>kg*sR;1s;>@PY)l&03go1GFo0-MxoX@-ithbUw{3z7)3LnHByq<(2hn!my1ukhZ$tqf^0} zvLmoNQ3*=|0@xI|K5*og_YY_NLz!lzCcGR0{KEk+Us`B7_c6Pb=$7VsA-4I6Ys6G= z`L{5M{EQFW0Ifh$ziGe?kR?a6&VRnLxmbD7-^YNrLbsi(f4Q9+Jk_6H`Y`I@`Rq^a z`R~OPg)ySc<8gS$Hk!|Ww|DwapBB!4pX_e$KAiu4j_1RN?l<5H&jwPu8siX2A!;Uu z#h;=9_@*maME9G{;Z1Dfq{}^08v~@rv)9q(TmVP(F@6i0jv zoIf!Wp4_=ZH_YX5@nc;M@!&;XL`vao|D_5C8w~}(9^Yk#vU*sp5T5NuRqj7452mM64J zeep>FNp)4pn$$a7xXU4pE&_Rt?V{n%TS(AEj-f!(KMV}04c7O z%c3=cxkcj?psh!DSuZP)p_M-Ak4lkQTA*g)wDke2jtROEh{4dz7LcqA2st_HE`lU-( zc5D)o5e!rR)#5Hy^Vzs+G`YeyNj@cb3wxa1V`$gsw0u*qGoUs7E*EI(c|Ex1QmyAZ zbFN-)=CgV&XuxWunHnkzwxEj!@a;<5J7CLzic6B%(!*R)vlZDb9_pr|tw^!ua4&4< zQw+Gg8Go9Dp-Iu&ZnTTlnufa6#O-aT_)eXf=0j~ZR0qJ-w~S4^%;FhgVP00nVYS8= zj=Bnga+FIp@(N9iOVMIsuC9L5Jk&Q@L->m;G?9P%=9a6q+UVY4V3!@!WrlO*kz9HZ zmmWVAH)gqk({&b)m;v56RK-Gz$EXhM;*!ga%CS)CRv8*qvF-TiW?BqVp=8^Us%fBQ z@wQ{8W67+z7)!Mmk6yXK#v!aPzIYrLH?>TirV-@{HHpAUoKNhkEdeU$l5|>Yp;z-G zQT!+xlUH+zs-Ik6k?x|-zJybPFFp5{jT?lx-!=BB?j@SDE~g3OC~%&2W|sk` zz>V(@=(ElkM}f))CJm;*l{a(7z>Nq8(w7-H-*}hO9D{C<5BwOoSK!0#{UHJV@l4}! zZy>u?KV%oQMbmU*c6HyK=;~CQqAxb_eQEc%|MgF;|7R8>%1wh+$y+(gx6$nX+3WRp z`g#A)?SB7h@4^4`b3FOXjunByln4rV95$9Jna93##~z+mPs943;m92k!WpM9c72M1 z6&b*S_22Jr?-tkp_U?oK_h)%NSacVLWvGO=N=`nd$use!oVt(YS9W|^B+BXBCY2B!<5wsKcaH=0FdI9!tGyV#xieH&;=kwLrbe$uDpgHjVxk@Uq;7 zkMEz)wp#xq96>r~oKWQI=oHH^fko^8>GtEo`rp~!=|8Oh&+%CD-y%zoGU2_-XyI=& zeT4sMg}AK2-y?&_^8~9i-i_o1Zb`eY8U9gj;O~nqv|9g)h0S2RngY0R|L^Y<^}pSn z2m8-wc?$NQTzDRxL5S5#0BMq;yRGnyyp~U4_IXX>1{tP%Ktl0wjb92=Xe?nHQKQvbJ8oj@--HB zUH6kH4(nz$o9iDHOv70$76>qo%`zJ6Xu-g$WMb*5itCl(S9DOlGMia1@tKd{w}kLY zezRV@tCW^(&_2WfUCI#8TH%oPIa_FGIwSwmWcl!Xrl%GEH}Q8@+yNHx|LvU;|9{ed z`oRA`$76X+1-87L444 zh6-CDUV`<^0-xJ7KG-Sf8vrvzGsrUX>3xB=4|OE?EQ;zfO+1_=e7>g@|DX8k1Wkp| zWy{(C7xDl8<6hDJ_w*tD*XMbbu>Va6nS@B^y!9r2JS^N0w-kVP*3Im?sEtd2wxT0` zGCSkMkAJs&OJ4M!`0A8cFIVq96XVm~(ztM<)wxiE1@gl~NXg&H(~AF_Ji^q)(U{z~ z{inD4xM=^~-r0Gu|9qCGXvn=!j+!T%-y>f&T`w#E%}_fg=CQ?7(~?Kgm?%`f^b|Kf zt=7K|e!t4u?^kWkf3~+v>%aG)|9_UJq|Dhufk}Fx|J51eKABBdH?ta}SYMt|tXDFM zvT1g)Nw!YCFAS!>-Cm^te<_Kn)%u^|iOLD#GN0mjSp(og{jXQF|Lyd4AJ+e8c^VY7 zbk=S4>r?|&u&)4DX3DWIwsK%D4ZP`se1va zV(|vBLzO9GA$E4rBDe=T-S7Wt#s77Z{+NW=pWnOxZ~yV*^7;Svga6-WdCF({xydfF zeEkte6Yugn=3&xJH-UHR)2Xa?Z-@JN+WY*XVYATJN_YgI!(!xTDQsdA3{i+gn+k~a zLb?&@KnK8n#ipT~%qQz(I$iG{2KGU=$jRp&pV zG|Ck|tSDOvSN~8QHDB6vay#dxV1c(0K^Aay2iUIb+71z4dYOK*ryc(vGdI5SSG@ka zi2pz7^@{gDdQTtZ|IhP$XiWcZp9;u`0Zue#GS&Oq+FCK&qG0#c`oXCI!&S_qySoCo z@zw89IS>VK&=yatrvNDXf>?=HY7Et$(wLIep1x?zRIG-RSP1o+UD|Jy2W#O*N?T|} zMI*Ok_%Mb(<|^4LVCrCL&?dTsXvfr6u+-(4V-l#X%LQi$20v5G(MjYZv9}e7?F{)L z#4{zA48R%UP^Nf|#+q^%qF34rq76DYHZvJRK2_d-ZR$iRG6`24$orEP)Lj^0l+4udfZDy_ux+YDWCTIpK-|1I0@O( z9$=09zu((^{G=HFWBY0E!T?@oa7ut5#dl9 zx3WP-{v}Ih-QvY%iK+?0uEHmRb?;n{srL#pBtuy{i?2UBDl!+F!tLEBEScpeS+{S+ z>{+epn#fzN8fSCH(M-9GtDS8QEJ?53(X@=F`<~xrQORzH<)o8O-}8% zSp&Jk={9pmuoa0STH~wJ%q~E1we+*~t>!sfVbn_$P)?xR%$lnb?pi#WBRa#8q>=9_ z^wBAzm;^)QlPIX)z8h=VsN*ppv_AP-i_CBmO3gr*lh#?R`$_E(HqZk@e5g|h?30M2 z8*Yz$?nB1$X%g+RA6bKqKfyW1GG^aXlEk&eCpc)}0XUZiY)~`S<>)w7IoMh!h|2=8 z*OGlh4m)oPES{Q{jJ&|8m-QhT;}GfH#aVh25tWCsZpws)Q%F%D4^PT_h{-GHD9+** zH+DC`)Je%gl5_sRCpXtJOG|pPlhzOmz??qS5R^*H5~l?VqSp*YK}OCl*kIEQ`={&M zKVPPQ17N2;X>+@G!2pUeIlxphsAra_mmZpwPZ0B~!Ar|#)Yk9W-Mz9BpV@s*Q;D=X ze901zl(tRrs9D!%M(y}|0|f>sL>wKwI+dw{I7aLw8gfW^5?7F#D(wa%H%`m{+tFBw z%1U%5U(gwF$5+cuh|UBPjJ&M>8=sSw?wy+MLQi#J^`-K24KaUB=qbfBNavcQ8n~D! z?~Vy|V^!ndj;xkpT`E7+&kzeH1jd8{-76r*25Gdr0$>=DYamNj^~EPM1d=${4<@QNT4);4DGo{I{%xM?DGm|%J8;%FuP2BD z*JUvd5CyIq5m%~LuATJD9Rl|p?0|-x$R?e<*dYepZjpXJtU zK=dq~rc=Q+JpoO1lCbnN?AWyf5}{|M={~jRR6_c?M3*@paL??n1m7@*4WGn0m3^bg z7&aC$hK*1zTk9~?@1w7T!}jwuxbRvyq{bl zN^yWP$t#VYoz?bZx#P;LbD}W|!3sz^>k7DCFfS737`_ewlell*L~0p5RCZ=M=Jdso52! ztu*hRf&Q#hLytPm07VS(J(X)>S1Px%k5c}1p9kHmUTf$U;xIH%z!bFI?w7E zRUH<7nl#enh0I5gDkAh&v|5!-a(PT@RP`BT98s~R3aWYeLuEA!|2hE8U6gDyYwV6` zGVhIhrVvY%?M7hz!`|8X(d)ha^OLh*E{^wx=Z9w(Zw`OC1uySL&1xL-^o*h_dv8)Z zV0HTzs?x^#nv&TdCnP8<@EbHgL*x7x>#Va*7OI%h!ugAOF426Tr_{Yf^Csf_EUI>e zHY3U7zI3MY3R}DhRvH7-TIwQYu?N{1$GvU8))+X}9=v!9wpA+tSTZUNWaIW-wfokY zNbONsgu1o0R^n%UZ`ye)l-&jeOfl%pzxk8|mWy*flx+KY9=pWxDMc})C|w0x6v_pElSSLW(EZAn?D>*_8TM4Q*9NYz@_bGG%~ z=QiR*O-E7-`dK`#2CW#}vV&J=^=Ui@u*IE{MIv_)P+77>@KX8H#BK{kcOdh7o!}L$ zL=Bs6Dc88SDq)p2z}2_F9HFK20_AkDx)z))wYbyBXAK_O8g!t=+$O3kN9b-cCkCT? z<%!E!0h5U15JWz3{{`G@uwCU&;%2?Er^V`{K4kS`Wk3Rd{?N9*{vEF!31$hi$~FzyqZfy z9IzQ;#(|eB>}=WV^FHj}4f~}u1D{fSg+nw!hs=ke?5Mf_)wF1&m2CuDubozt5K|=W z#`~(lN;N-;BBA7K#kyESqgpU^)*d(3H|=wE_GzHquE=H2&WN+z~1PZ!3q z7^`aKcHM$dHp3|O+MsA!lcMZd5@lan*}T!&CbSsc$0NqFY)0$zfbn;flT5}b6WD4b>S z=e&?iw&V#!%dMcouXce%WSKB5RVt?!754ge2{V%D?)Y$3qfLPuRwG!l&14Sk7CWn~t5k|Q^G+)WmuQ{`P^IhFj$IMqRgg`e$FBXwQnhm5>qV%OnR&Au1)4k#F=aaL8Pen2Lj3&!djj4Y(%1NOtM?GzjzfTG> z?KNW8Jkl@sCO3C|6%X&-QKIWhb2yx?z@c_CD0A0 z@G!c6LXFtctJAq3|JzUGeQRBoU|G3$$!vt^Bd{*7O(^@% z<{g`kB+QfXq5dY{vX408m2z>OvnWsC4<9P9tUqDV%dRr>=L!zD>p~Zip_e(Ks1BD} z`MkDkI&xEOAMT33f-ibtuq(Ng7yZi{&0IfOjH%kll`GNO#AVk~*Fs8n%&Kr*Ix=Dl zN?U#DM`M-}jBS8jaqinRSDfFxpJ4;vuyfrvNcHv=x0~DlX$kd270O$t!po=0-=P|(%cXNI;({>$<3FCF03-K8Fb3a7( z0#7UCReOO<(Z#I7odndb^z>Way988tnADR_u`^XeTrtp1mwTBD0l0yQ=Gmj=kdxwtqAH(@Lf~B zjiw+)?f38sp2VDa?`JpFJ4`!7%fR9qJh>mc?`JnFsyB>H?}DbNzG$KZf~+9Uw>j`= zz`E!NZ2PZQtgx2u#LW)M%eyBpa_nAirWUyEuiov2uG#nRm|fHRPjv_b?ky0?Cp(M* z4+k=z?m%V%xqb0NnM(ZXq{fFskBadt2Uz%B9)2{<`ycb%W7!`2CY^Edf^Ir%1~pd| zt?N$Kg(VD8HYO$kJFCATS)HT3X^CWM)|Z%r-1vlvypyW|6**wds22K?_xP^3ELl}| zrQ4FtBV;vRsMN&Rm(jgfE?L|q(>$#TOkYIO4e>dC*NTq`R3;^*!)19;Ca*G(FV zI_o;6WK_wn?eDgIL+Eecqk@$`ZldH|OL6J=3IG*dr}0oT3&8UcByn6es>ZA7yg0&w zZyul!&KHHB%=M$9VjgnbDx_t8Y^vf}s%H#wm{4>+rHD;Q7_F+AlwE+?OxrAxp;nfL zTCBG^g@^bGH4=EPz}@IO-`4M#yz?EoC+aSY&Yg)n5AR-RI}h@nNIMU7Daw`}DVe#a zCeZhSTj9-aHzAo!^nG1b+%~U)k20A9^bv3_9N@T){l-&o?#nA`9XJY^yhGHg(L>o3 zbhU4FmqQ%7A(`mAfa}Fec&f8@9J)J2uUW6O2%5?UnF*rW`MVlW74}uKch%=g`L)ur zqv!u@sVn5>)Vflnha84Df^Un2wZQ$WuG+snJuV73uoNYBIhpy8|1T!U0wF9#koRSxW@g{sVb{HGbxG*!`l0AP+v~pJ#HNxw@|&>0Tj|njz}Cgcd+WX zhq<3Z(lO)l!ggL-J~&S^nHuC9jaS`-(XO<2cTM^94{x5cRA%{Y1=dxxSXuE?9>kOc z%Ch|+#VJ>^&UR2#z#8D?i`D~dux(hd7T7e}=Z>f@S-WK0Sd4}^Kt804Vv>}LwYD9V zsum4Mbr~iW`>Tro40U3vY!vLbg9Z7Bnj`g;8ieDqkm2X;Q7qN~z`R)jHDe*IIoeS^ zyd>C*INsB(=rbNh#@wmG!4P4gTFw!cqA{Wr1qTVm(PZdPQILc+6o=aE^ehPg~;_EVA7 z%zjo$6_!1%5^ZHq^C4aqD2ar?QNGyuLp-bDmD7&pvAH)|oI)C`N{bZzmf#gh@l()L zBSkgR(_N@(DO$QOO1e88RZ-D0?4FYl(PADh>*bOh)yP<^;P(D`qy816%c-L^n_gHN zmNu6+YjLAi6v2vk#tZsZUAeV((E1#G(J6X)JX)S}t3JKT!2WF(R>g`f4DWq`EqfYN zG}hLy)Eb;(6U(S<_vRAN>=3Z>lr6$T3zRj1x0jsAyES&N(`$xtmAU;iUI%S_4wjnc zM$du86W3Jz&b|YyOhNeZN#rhx@sh^8I4@>*4m*JQCvcMDKe(V@anyj zPj6i1+ip*>FY7Ha&+F!TjT>M2ZJdg08CbKY=_kTmwIXou)FOD#j=XK$c<;Zro;^=r zc;vmxk#8YL-9w&>Lf0#DT(nm7HnZpq?w^=bZ*MJRYTE*il}pUoTB3U^X%ww4+uY+- znhXqNi2U}%)-(uQwu z?`D*;^z*IpWJ*O&v$vP1X%qb>{RNfY}rr@+C+7j8+Pb}a%V>s4bMPrdj`r++XA~>mJuC!I-88 zH<%_;;y{f*{#d~o{f7#edWkX!d)m5b_eqZ1E7vrQU!rpsA5p=JET=4eRm4M*ulP5> z(h{mhWkowp^$B0r4H}KG4%)7L10L~TVdIRYB%M)2!Mia=gwxz|8{=Hnz5(;lOb4vF z&qUxBu5bn~huD2w#`Ar))7`x-Z=UI6_6e$9NU5T}u=vNHeRlp6K1=a`k>i{UibRln znR{R+|8IA?omQ*F|GV3rC;tCQK0YtUSthn_3=_Z9n|--7^RDCzpEcvYF-x#akD^Cn z`7>iz%u=e=GnSL7FqQ2RXZ+3U&T7Ux5%04h$FURE>x-9}T2%Ut3xZ=6_he$I(CWX^ zf2AAd^RM*e-TB$Y)xqi2OZ5Ky&BejdF}l1uJ3l`@LODYjCpQvL2^S?yh%f(@UXU9~ zZqea)2d8h2-=4i`j$^bo%JWRT+}aw_d{p$C5gY5?U$DPotDmsGZVA05a*6X+iG%s@ z*3rMxQ=@9jcG?t6t^%`88UL%OjmXJ>d z?tNG%2?M&2V@0ustkBy3qV4A0I?6{lMzFOyz ztCM=**vz-nS8^CmvV=ysK3C1Wr5`+GMXJr!MHb_nT;?3-WC)brn3ZpC0EMri-%)DL zBS4)i#C=XenE|MgE!k_5QY7MiA`tJv#UD83<;CO$8Ttb2>1-+wW$ycBfT2|;O<8VY z7~N8n=voxxEn8GjS2ql9IOQBd&zr^q-F$@wfmDj19z~-JrD>c(=yxPWxU;h>igCEr zdVDYV?0!T0p?zxf#Rqqev-^$hdBEljTGpb$w59)d2u_ts1l0rD?Q%aH0}u;f`H8Cj z*eUApG+mMBesdf~S;GUe7#-A2Hf1?lt7}`2<1tNV#l5KqbQzlU>P?l8s3M+AOc!4A zVvgkN_nD!N0=XuWP4pZ}a@Hj*dyFGwFz`0|;}4azs9==MvE{)RvcqSbGDu@fun^Y8 zbnbua1_&OW9hkW|SZi2sEOZ6}z!4|dUx8`_t>e8;jqog6>kEuJ(~~?!0U|h<^W~`N z=Y#um@$52x0yE$8Q4gKTHs4ak5ls1zr+znjPR&A>pI==hZ)|pzAd+8(nV9~{*Q98A z37R$QRnUNS4#XSIimdkWA)V!H44aa_tXb=64@lSm{1q9}wAzVZ_250*jKj+d^%}pQ zU;ME`_dZhKo^8UfI7_1}aW!JfAJUZnF`C#sVgvkpB<=ehE&RqVwQWt7FY+07KB-Hb zo?o4|IwN`N+C){s8T0x23<``%LUMBS>YTHT@SGBHmQJrm?U1 z7`mx1+cliz(N^4Vx@DYSCE^oPk+M&!oDx6T=_P z{!stObhjLP8EBJH$=L9peIqPZt}N`Jrn;w{bCO|B)8V}&1hv+#5Oh%lYPV50I zFUr|{&P%{Z9>PW*3yvZ6YcdgAIWI&`;;&bxsQez;L`d_s!Hr^Taxf3U3P_He?==%| zcgi!EJ`H8e{H=ZL!E2hUf{OP5H3kh>5)%%>w%mj8mU>JzX*q9MaAfqe+TE4mJQ_78 z_dY(FS|9BcRb0kp!l;|T1I}6v$fcSQD-fIrk{_sjIQX7SL^YualFJi{)RXA&0Lf<` zXBA!RgAzCKq35iKMvn)23+DYH!XLtc7GAgM5;%3GKO8B09eKTSIpRK)TsyH(xFuye z&lAy%c>ai+6k!Q)-k8^9^0;GWoZjG^NWhCwMvar@7e-Tg7nNKp<*zGVsi?jbzC54Q zkQwGdw58VtZYS;RdTjct7~<>lj2bC={@cOD)yeCF!>hB4A3yy4?Bw*r_s2i}fxdm* zp||9+J#gPusA9#=PybN)TK(={CT3|6-IZ&Cp_0WptUTrdDa0b)hH~^+IY< z_ms&>{Jh_1>6#0R!*!Zm$%Hn$citR@sd6GU&wf0CzC5F#8fVRfv}9a40sY&9;a`(U zE&Lh$VvY@RPOAS}U3H0hIo8)SQ&x6jO>q^)q*gQaOhbWdxDqZ6#l;@t!T9{V57CI- zrl@gIYjROxV=re$iQO~ny|Pioj3xvT&TyY5G^eCgtr*8~`4ViP!|%?1IQ=+FKhHn# zSnaAmM#JiR72J9Bn!+rbm=osPB|h7;H9yv4hP)+bduUfD3=v(9ux2}+meg7*;7`?h zMpgVD9+^?k!@KEjG0k5yexy@7W>H;zo}kB_CA`Lf@kZQ#2qS(_ERPDZNF&tv6*X>A zrz$n4;br%EXnAvVWzC^`8~UIBQJSgAfQ4yCP{-G1W0sPyKgJ=L9W1zf zuCoxYp0v#|xjvg|;>01fo?B)qs@_haycqYkBz%jp}OXC#wy= zs~3*}i#j;%ICwoI|;S74SR~yTodl06KU)o$}P&A`~M1E1E?w8d% zJGgp+G{qnek#r@{sLSn0Z7N8!)Y zSNwXFo_qQI$@zyL4o9VYyr{M+^$WNV_FDO z@hf~=f!W_*f4Kba;Ntk`!_mRj!K;JI;}7pIC3f$Q?`yLw@vmwGr%ZFMJch@BD&JLV zMV)nTAqdxG5(22Q8`Z8|8Q~==^g=f9bhMAgJ?=N;SoL<7iZAAogAHh$dSdFAS@P;k zia9^Hy!_$p;^<>h%ydxZa#Um9e;DOhD9cgLBFH}`1)1??VmEuMOX$r|1*&jxzt-Tg zWQ&dIBg`vyNq)H?f4g}5(O4T#?#SpYNZPLR8t6f=He(lGiTrDEzLcu@XT(t zx6nL?k;>}OwRf5lLgi$u9-K8}&-OcOHAYP22MNW(uM+NkS!Fc!-S2VndsYR7s2YcL1Lmw|q}9s&x|=#cTQy*|d@uuApAq5TRn^Vo=1)~j*@z(}&>^!i zAIk*-X8ec*LHK!63~B0>=&3_Dg9mGnlp?ZvU~8iuPYq%&x-(i7uxxUc9^Vi?nW~v# z-hQ5AJ|s#+e)$b@4VAY3pIDtQ;5hlZsQ^`sAl1$z%Ar`~L=M8qklekdX^d8z8(XUZ z4x!lS8OcjvLT83qTFF0@`$$`|mzcmGe?Z2SoyOdSpHcbnV|sl+;(Z8m%Fnh0lKK@W zgGL85`Z!o4MD9q0wn&=uNyccJH-ebJ(Sq}1BCnfRLI)(8Lb6^O2&BTN3jNqbH?jSnbR~UJjKbm3S3+%@7^fSvwH(QaNo^>-!RWFqA(gs`xktJ z&$3)Je;MCZ-!Y5fS_v9<2T4k&)+?F%aMwR8P#QLSJ)dlS?3*i*# zYjyZ|mZISK8P1}aH_MYd^~s(38ehwopr%aBZsk$*9i&)1=_!YQ%{cu_Rs$VEL^OW|+*g7{sXrpnK|WoZy(I zM2K4Y3!iux1(rtp3)5g}CXYmg<@Kqj!v$%k1hAfJmZ0ns%-OUp3MeeHG}Q8Y_owiL z-jJCD9z5_c`VPnX3zK&^kw>EL(&{{zxI=i4Lfaw8MEmhdTdWJ?@(*(eKdo7DoiFepp4TjaC1fruycw!W5sQRfS9#p?J??H(!Yn+R}*< zTREmlBVj|GiTk{q0;?wL7xjKnRkP=nR#o$|L1sv}&g7^DRE2$&_+9mLr3hPT+|m1g zu~bP2697;t)#Dr|G{tYrgf%BpuI{zZo*w5mfLewUw{kX)aQ_G;C$DpZ=2j0vg(C12J*XWF1I+U}(EdUZrL=EHzURvUqndbM#J z{3#`!p!>Z0bw+Hr*LbqEAekEEXPT?F3chAq+A^dM&&gs=&y=b$>#Djs9@s)uaUV%xMN&&pXsc)6du_vMld!N>~Y>GfF9Wvk}&%7OjoIH{_IU0UA90z2(AuNZ96P*ZPl z%0t}Owfi9N_H5twy|-*09$GM}X$P_7Mm}t?N8MhtjQ82wkK-?2#9O}9HqZ2V&)>LN zuRqx9eZNhc4j!171%Ceup!JnkY=nlt4@-x#Ps5*@%N(cvL+onbnB9FkP9AF>M- zSo=e&=f*gD>_a^Tc*Yg-r}k@}({Q%-p7|J^WEZ%L0`MPE=Bw?$`}onUPx06fipI{W z@;ZX{5%As;6!6?6m^HGSXpwO6+WUHTjPOUoT#X`eU-@`M8-`#n5`g{qvu*nO^e3-; zvvTDZ&>J41ZB=RN6)me4wri}p`Xi11Csymtq|^;aVcw7`={B> zpXSSe3+`|g_yzG^tm)ItmP~V}ajzkllB*U;@O#Acz9kRp!-jjf^SI8#`8YCVHS{HI z6MlH~%!uoygRSd*WF;guf_448{L7|xrAy9Rt4{i7gZ@h1(lMQp(CdvPpLXb3TyGq; zTg=Ns3n#;VUF)j#y2w$=?3nemFJZC{vg)+t+CRm7R20;gC zjr7um<@Y0S)e3BFK#^Bs$cc!_>mXgv3d90~obA$e|g zLyw&NyC5R$@1(I^l0qxaQ~7Y+H&MBcMjxKC>`3z7C_aovmxTTC$#(h4&gi{WOUEnr zjTzy0voZ0&g%M;rDlhEKI)%+6orQVJRmH%+c>4UQpHN)bGLnw)6VDnMr;O8l(ugFf zL;3S%#%Q%#t=;Wy_;Yet-4#Y1pL|DmEHUqZr!3gT#9?~5j7TQ}{MYnsL{(YgQn zihpUPQ%Y@}^yN%e}#=RmXfqyq4ee55#cnq@{9??(s2&vp*f*i z%bEyQc#%{`_QLYQL4!w7SQ+f2?f=5(zfaRxviW!cRRgKD3*)O6f+>PmPCX{W5~2%KdW>1FJ$=JjkuifMg-_1)AI`_~Nk(3x zvkd>cAS-6#vz;|#EONrXCzGhDpXCKp#_F0hs!y)=e z{C{t|)tTb|+dEJE|5JRP8Nm|`7)LlskZ`7FLqmedL3a-8kbz+ zrdkB!*VhID>#pCfa3{?wU8YYhPE(fqiDBLs^Gc{y!3gp3a4`-Y<{_lk?STqp*28GS8`T?4NUSE4{d=`_{akFdV~jfOoWpxp%Ff0MVhZ8TP1g3ilMaZZgv8-Ij9+9 z30fVKaUaSPEIcaUTy0*t*X8JLy1F=r)DK>md5tw1jg@EUL{lLWp6pO^jzK>(ITggx zWb)<8GxT1N81*Met%#B-P|i>^BGI+0qk-5Ue7{cyj1yI9lcqydWREF`RP6DSFk%*^ zQXZMQXo3T3gn(!0QVI+aPLc@{B!{gt^aA&I&XB#yk)WykenbVL0^t-HP6y;;UbMo6 zeeo|RKYX?q@n7uj`j3$r7CMNZ{at+T3-wRG(*A4>{LlR?WBgW)_tS+5I!Y9&+Aq3|e(^L%H7P zpW=u#I#el3V7U~5Ir#xqxdHdhQ<&{1NznYj0;~I{xp;|My8g75R({WrROo+{m;} z=+oPOzI+!%ors*%barZ836On z|L#t!9RI(w_Z0vCNj?i?&^H>5>f?TBlIE8@@iQ~#ALq0;59L2?XL|R|KdgMW!0|05 zPSzh|??JN+er5BD!)t#w|M+pn(Y@ErzSyVs{L^&E$vu+&Dn7H%f4kEv=l`{LcREk; z|DWVjI{#+Z&GBz&DtxXj3_$HKzo`wd^TT?|?}ClIrbkX-g10YvPh2hzqwHU>;Pm9o z9BlUCLbF+)S|bnx8ZHJ$kns)Shisf-PSEPN-`upD?d@i((ON~#L!9A0O=wPuXntSx ziDpF2H#GNnlFw&TlHW3Z9pqN_NsikqzJlYwAy*)k{}kb)>h@Pm`$S=1&9Z|f`ZJ7c zbKRD6<*gcm4m_DPKmKl9oWG--)A4077|=Vk`mc1=W6KT4m+MEHYu}vpLOmL&8V}!O zP=k=B^;bB$CTScxjr!_Kwa4B$R}|qNd{ZdGoyFi8=L8EiVUzM!iP?w=Q!3OedMCg2 z&w0hu4J7|i2*Bf|+j^Aewwh0d^HI?6#P*4MULHaDL(9E*N~>fmA}p|4rDtcX+I-}^ z)AK1Xtl_`G7B@mUrOKgcv5#XaNgO8^F2&JSceS+LnQx3T5c5P6L!MN|&-u^Qg~v5! zM^WnFp`7uuObmC5`I)lxWZCP*16_U7)Zp=-d;!(0XZ2mQI{z|yUbf`Ud`DkL&nrF0 z&ueA=sf+3PY*k`0a$EW`Spv@DcT8n)&tK-2nX@E|T|SEgd4xM@%Z;%0XI?+P0eA~% zbjv%L_TQ=n*p|pS!DE^ZKP|$uub{=LVBRgV!0Yoam(oR3SDU%wvYGQ(&gDAulak(6 zbwx3L6+C>ei%O5T+=W#_(%xHkqdwiu6?%u}++6{SS?2btTb zSA$^HjOTVl6M}w1U!q2gp8uu+|ABt~8pWn_lt>84kQypxDN&#!|9OYj`Ni?;lYf5m ze2qjSrk{|w{egZ*g2d=6u_dYH`PSC(t966qYnsL=9}z$@XRrbm;_H*Q$KO0(O9X1P zbJW~YFx5DJY)D|J^X*nlZnn}QkvG_g;21U9>r+c$Mv%H_F#E=@XjOrggZ;5uJN<`Z z6fPkw(dt``5%MrVR6wHJhnYNXnpvLQ9`2VqV^!!T$<}G8HTt;$3fQkfx$Y;ou79FqQJeRfVuI1Q}ut_+dEJBAD`soCr|o8 zfUx~qoA4a!_A*~DJ?Ux2A5#jbrpmvvR1k<%EFDzD3aJ&w;V#UG^IK;B=bV49&#|ro zcMlFQ_xx{n%jbV@`>Fo-C;7}i|9K+(LR-~GKKyo+=b4zx4s@ijihaE<`h=$>Ct#_~ zlN#&lay-JL+`le+`0ckDR{0@GRr@JrgAe`Zi;4vE&i{SyeE%~y{&%-sivQbdKgIuj zn$IHl|L1Y(|J5&gy`rNt6`}}uWJ3Hn3zt!D+ zlK(%+r{rD;&-I@c{p)iRoMpn5824Nq3Rn5HJQqu*Ai%qSb`iqIspM0gu%u>aQk5#V zxw5)X)f00n{+S#yQnfX!N0^LRdP(wClNbqZF;Ri7U#JU})BM9)BV(LLqqp96Ex%z4 zEbU^8i|mjZw^D<)z{zcFJ5cpX6k|`&3QE_iMz833({wd#zQTe))aPnhI9pX+9mNQD zc6LQE_T8kVamuRmvSU^ngzCpnf*rcg9^LC;ExvQ=v(Q0Yh+_P{j?+~c?pehFRW=Q! zV>~41MUp6GYN}W0)bEB5)Nt?e^Q)DuLVugngHp1=jFHGqaDBsBw(_ zP=^NkO8b7k^1o|D{-57^(GGl!8hmh5u~=RU%CV#z9U8usFp>Xlz=|~f+JiH`jwwft zY$-rP;XtTvsPE(hL41dOrD{VfK~HTevel;)w+Wia3KA7S6fDijo!4cV7wLg`F9@#~ zxS&C2{ejR8Fs2?H`VU66bTpThXu_INgnUSHpstg2z+O!N*eY5}sK`+htpe25^(l~# zM|nVJ@ZMM9ca34`ix{qM#0G<}-7mI)o%%dON5|(E$A<@3CugVV^z7>RCAu0BG+;@> zZfQD16skN*-A1k{5=92(#|DfeXuc*;#tCXSyUn)LLp{j1G)YjOpeP|YB{3>8L{o&3 zIVhxO9-N0yP36HY$>fo~)0XG%2-=^@9sKU<>U;`=uvvdEm6RzZgk4|Z09&mC( zNDn+XA+QIZn-JVm#|B&`PMGr?CbMNe@Aa@mq{hevX{!f)dj|R)jPf`lX!XM?6lnCm zX{v7?%f#^CjbUo~C_cC+7p^OsHAthQiwfBf;)QVP!;<=}b6 zveyXI&nq|KVzyviB8jPL3fk<%VsfcHBJN%P+n3cn8}@4qxi#b9!9X5*&!S|$c^vpT zO9=Nf0^#txFP9v}?C_M`u0ofMOmxD_*;iI62%<{Wp5g#A-l^vM4-1N@VI~VI*;5NK zV;QPqL6=yO*{?t9($q}XTcpZW3Qm8uZ^L836~aPRRkPKXS|a&Ho#VrYt&47|lFPrl zJncHJJLS|~pS`qXoaK`v%3q@2YP~AUSo!AKGgJiWOezZ^4oerW{k~%1YTm1+s1l@y z1QymVn%AH2bM7HJC;lgk`wy=GI4AzE-R^YC_5b#|Pw~H>?}`6^l21iJqIxNJt@4^!hqewu3(o0qzID`IM=lVt zBG$ZC^o92x+HT}CzkD8E_q3*Gh-vguyVUOa(4~2g{uR@}r#n^5(Wk1qhx}IEJ7oUL zv$}-*wnUGRh0t7Gsh0Xbb6sE#|9@cTfAyKe|93jwvi!fdyWM)?|DWQsl>Gm|R=b}E ztNnCA_jMr>rjh&H@cYt}Ga9_l9B6*Gy;*}lto45gYi`s3ipMM4^@h(a)TnpnE7MCk z2dTGS7yeZPW5!;4kDr|D3S{AzGmtI4ZAPoDWfs0|vTLq59t>#YM~GJbGy{tn{Vwsbt}0+FmLkabQ7>w-?}ik8RzqlvKC!aV6t~&R zMzfEvS2mjYI9u8H|5l!%e_&2oA<)Uuu~=zloc%(ge5FZag16Ljoc*$L_QUD%#pR#9 zrAvKE=l}4#gVQ(1Z_nN|$MK_$G4uSlTf6OUt9<@jt*7(2XRbd)C1t6`OAQ_VUw~R!omi?D2%@& z$ry2xF+nBPD;wy27DGiyZ!RWDP$Iq8Z0|L9Py_v>r4Dq;aw2|S18MH%*4FLqtsXF9 zV@M%N3X(=-E2bh#@MP=nuP@HtYyUzRG#OyX~(0fB?jx^NJThBZo@QpwBmYI8J zd#Sm1RyNRCmeVo)mBc}I6of$A5!!Bq_P!lKu9~qwnDVFkb^B(^dvj+A+;*E?1LH+= z$ADaig2Lqwr_dE30~-n}4Wc0*#+r)kdd1iim_t9DdUsZbn* zC=TP`bS)Cgtntq0a8h=>lk&nHd2b@GK^B5KyA*P+(NwsZuE40ovr|}TDo{)XD3%U9 zoWs|okJ>Lv>xBA+nDp5l%JI-&re3?*?KImx2cu@T&}-OpjIyX*RFFbGP5qmhw_ z4koBj>mYKDb26NO)y|)f$Z<{vMIwkLynSy$9g9A`%a|ZBS{)ZjPR}vV-_kM7SHYyM zzRWPsj}szq#Y_4tS+&Kg4}L8;L9e9Te5pK%=oL*dpP+NjZfH!n8{2L~YnhGcH244f zjp#J@=9kmJ-G_;VSz;pqSmJ zVC5QcHby=5V^i}JkQgLgYh#0G=-;h8;f@4OGMbX96Va6ti#ri}%@<}Py8f9(5z8iL z>G2KWlS{>ZVWQt17∈Xhc#$9He~->F+p2ot;WfF5e$9ksl;f;_hDDGcS5{C~?pU zD?)JwwVn|tu@b@5!t1*W=kmuPW5a|Px3?Q$w_<=rh;8?CAhz9gH<2APk=9=6zVa7Y zu?L(W-Jb=;BnG0CGOX&L(yKD(&F#O{Lu*=C1#x+R6G1%ewk>vL{y(H4h865+Pu+t@ zBr+0X%T8|A>zc-h6tDa`Drk`4p%%5+ZMn({>L)C^mOuBU%%yH^IC6M4*W6RLoJ6zp z!lGF^+eQqqt2`z-r;+FZ7q#C4#pH5TU#ow?&*z+tNj@TlloxU`)EOh|6{ksEtLYHA z7NlO)Sr_Xf$yf=Npp$&CAH@yj_2~Qatu|O-w{i#y{e5qVSpi{_KWuPGiz@<80ftwd0(OGtO=ZBAhdh z#zY7y!f=uoJSDNZg>aseaR!HOBsKLS8*&^Ilj!H*12;QmH%4n*j4IoogC^gWJYCJA zV`kCmE;WnJXE6(hE3nKInt2MuQd7fD0LRT(EZj{Y87mbzW!BFmb&-fkQD|jD8;?q@ z9aS|#5Xd!qmVyq6(f5`cYxZq!C9U2Bnvo9HdB;+kGp^_jI1iYs-L;@^la&p0&dCi) zbCABznaICm?Anl`zTC(ii3+&-2k=-Sq(DGpl(O8a57@q>RaEWqht@Mn7^6ZIL>aa7 zL`z^plIny;g>03(mcQR;paWhTsN6x0t7rF>6lqnoAj7GB9N~l@H}ALP-?f`nD}ztza9=EH>jr zGUiOA{&ESoKXXU7}Qyy)u8g zs_71N*Mi=$pp~HMT^P{&sv@Bd-HvE9LO2l&4N0z4nJh~viRC3NFQSaoF@}p*l7_sZ zFs!-KMZPB!b@!Ulz)%1pnS=$R>u&Q-?aZCS+LCm8yKX_0FfeAEpnQZ=)JEqD6?sLL z+)9^Mmkzci%W$og0#L!JPl5ukugH+54wxmu))H6Ki>C5Gz2XD|e^<<1%Fc2Tdw!Td zNX!xAoJ4u}i`@J=)uiJPbK9;=hra%*1r@l^a7ny@i;oM};!ePts8`?)QnaI0V{7+U zBVUqiDZ%SD#n~y^m-^T$ zy)I&m$20}|Cr#0q4ylTG{!zSudzv2$;=lxef{ ztUQDAO4B&bTBqHb*YzZ8-`lb8m8}zFn$w|sWy(>|KtH{cJddUWHp5T^+Z~ZKCp@qX zfp5~#ksC|iF3oZ59e{0vp(k@!*iQrzk_Oh^pR8MPfTohMD-mH#BhIuk=YV%BfXihQ zV=0B?lZ;6q7sm%j?~XwO#4xgw^bGaK2n>ZvixMEis1}jN^kQ^>?}*q_?cFPLdDGr! z;MCY_?)%)yOk=;aH~#JA8%i_Ij6VRaN#QObaOtlDtHMbFRM2!IxbyE>c`EKJrESNk zSFYmTQ`eHZ;ziEoYq>;1iPpSh z-lutr$5b73v6XW|%o#U7xgnpuXtmZWf?iGrDq@BT-6YgWkce?KVFkhoG>(NE3a3u( zwMyt(&y8b@3g0Ncy}l_$L_w_by0H;6P;BvFAmy0}D>gR1EFqFwo1NTwz=0F(U6K-~ z3CB5C!(RU1+iDzgUH}Rbf@#zWw`s=74Mf$wXx?qLTg|(#gtt9SOHVMqnWx^73%M8o zS|66Kk$4V@A!;vSgxmWJeAavGW)iJtd&kbARpKgYMK9?vCGmTnT#%T8I4Td5)7Fez z50bH*BHr|dP!6af@jXaJs2UN&@CAvK#mz(;TwcCKIpJd|xajrcWROS{_1|A-$d(JOkW#8X1?=Qn& zc7eZqT7I$%F?CALe>ai0q@{>oFjtY;G)29P69`&3R7UNdllI)CEw6AV<>)w){N(+X6NiWme%$iOZx zY~+C@bLagqF<@OIH~zgyrkUUhNK4ZDaInG?IOl_24 zDH@Y;pK!RE9IRant37qqKpk8*FjvmhOm`~YJw3ZRzHH`qIZ{b8G&QzJnhqEr!+q;O zY+DdZ_*8b9d!L*XcA9$*>#o7ty8v>W(+DTY#2Tl})o&Oe$Y41`woX9PIef*`)1U|U zi3CJ+2xnIG6B;EGKYY&5?^h$R6h#RuV(ZB=cS*;%|3l0#z`|t$P8-%-Bcc0S0P-H= zI7&#|cM#hK;!c?sl}YRT=#?hHIcEHhaohqqEJF=DpPm|Kp14e^9$@Cu99j!vv1*)O|>OM94AApL@6g}Ynz{gwr8M)t}Ln9=%OuhYG)ZqJvGO@zH44@g_gmd zwo?&)k`7qUSda@UT$9ZtP2APnD%%kDqA%|eh9xjJb?4mpWQnp2#Jp2w@L%7hb? zupx~g>R_DBCE&e)fIHRhrjGGJOXS;5sy$TqjCSHe`EuiRn5Cz6jO(}r&asLfZ~b672e)P6E@A)OZnh1CuEmU2Xk+G}0BeQlvzx97+z}3hmyhPh4GJmRWh9MB z8cmdiQ0U-3!wq$Inl|wHcEDc6j!qjH_nUjoE^MOjK{7VZU0fP?Z-LBw%c75>L)y?t!b$5AeMK^VuOlQ9?c&3E_+DXtW?IHk%&rqXh@tV zp}!7`@Fdy?n`Ld*Vf(@$+nScfoP%7B{0pNg{9BaevW{ZVB`C+KD3s@0*}&xc=$cGG zgGdBJ5zDBFiPVxqjQW#6hfyQR6||Ff^QEbkVI+cJ0rBFkL7?SCWF*Rk5h+ddEW80~ zF+?p$MCAKh2A~amc9Yzzn54G%;Alh|37#mVq7kO4RDz%>hziVmqw)$4K~6HMEjHjs zu@0`~A^}2MuQ4Kbs0$p;`fAme?OksNcS~84-gO}7cZ(-V+4p!y&-9e&$<2^UC74tK zAY)azu#$<=#4x%%d2@Aq@lK-j3%lj>rx1_(-Re z-3c(WESZ!#?|O~nRLpZWX{eyRhGa~=O)xvn3^eL(s`!6*b%$0;&k-#&$F{Z~t(Ajx zM5Mk?#aI$sY?lmI+%NC|Nd!^0t04by>HP*~kSPTOf)F8GXZpN5W?Hdb;QZEITLg_s zgt;gMX8K{YDY;dlrfR8Cf+wuV6~`dAu%9U&`v<*MGpN4WaXhA}3W6=m;(Gi#_aQf7 z=RTKKR=5KRv{$w}H(@M$*xMfYZU@)0XI(kI%i-cWWa&Wp8;yFXS)gZ?39v?MKBI8} z5B-OF>kb)9_nqmxLymiS`4*XqOVoHuw6?kCtC8yncxMxxq&a7C5y>^GE8f&Y14< z2(4z<^6XOFp`qC~hv$%{rUm8ZFM_2A7x_qj5d{{FRr+J6gEU9<| z(0O5j`j!-BB|c)2(B>ZRjs2=OQYDLN-9p))OkphV-97VeAi2w{#AYtuVygYWo*-b; z^>D21OW4Hh%{Wjx4-I>sTTT)je<+Nv`eZw0*GmLa!?2j!7<;B*roeCBT?U zt#Haltiwm;O-6Drij<`UMe-dFIZNQxv8WJq0&YkMVT)KQSVG>iA?QXuFL9u!@--Y} zo8TR~f&DPoj5F{f_27`a=4{+EmTQiW(;LcJDz&(O=+oh^s?Fio>BwVw)K%C z@NlmAt*`9sz*%1;^~5F3FaSp6)Tv|c0nD}mbA9xU*#P0HV$%5$_wqbcQKeTm!e%nJ3CNl$LR zHAb3w17nkG4(Uh$V2rPo+7gPViDWXIWF)6Ky&(?4jzzHJ9pwQ{!O$E_)~9m@P#=;8 zlzt#JEvd1n%mg{GfATUGdu!0P>HjZEx3Bd&D*^?KRQmbrloByIksQcX*uX8V8n`Rpk_u*kz&Ym5KsX5vMN9cTqJ0l;H$JC0R4*OIpI}l zY=J`M7X$4%h&Gj1$@Bp69p=}n6C4`j%!q)1SMRq!yq9g&0ksG4@o=Zn1}pS8!hbu;%TW{>eSObPvpg5 zfD(F5tQRq6k!a#u(Zpl?D@(y}POilkw4BJdBzGMaG$va*%gXehXy`#3oF$|=%E!sN zn?|c*8uRyX$L(QT%SkS?)skdSc@moAxTk$wXiXbPa(P_WJs9l@7szJq1fYzFuNU#_=HtZX=LQ9Q>{=x!xJmr$)h}=mIPIKQP(schk*H_#(tE)Zd z7cia`@C~>z_U#y*CHBKQcO-~C3!?2)rg5E_T7zmm0>$6KC}j})+u_@W%Dx#XfVQ>0 z33fcGHzoOAPdTJb`>o~#0gIkjtX^psw8zRjuUkh6Shx0bo! zbfRM&28cM7#%cWhiDqTJTD7N#uxL=>#_d**D`h@Ya6060mg*b~dpvjQ+5N~1#8oB? zsbOuJ)X6v&p%ltubaLpD_W1=k9D#)+ziD7Av2 zmS)^2HpkIjTrR*5HPEYzNyyh2Lvb;f3%Qcw@FgXJB5)M>oY9cYh;1bkM)=QGZ^DvON zo+FF2OBWdxeJG*c6eE)nBtTH`l7JLWI7tw;Ei|htZnU5_sy$kcA$fk!vg6znzqH$x zrb7>$D^bv{<)oE2j8@upE21icU*&6(%P;bdZji4ZbokmF@u^FE77OeeSpr~K?o<}b zW`k&15W8M>s@sJ#S6lL$W?+bI3>a_3{c?seoRF^?4MB2LN~~3k=PPfh-HM^+EL+$n zs^8;)6w!1dt-iK~eQ#FB=!Nibkt?Ev5s*%0Sud2`eG>%Z4X4-Bw%$y z{S?@URVE4l05)xPz0(__d>yda+Vs#IF_8-ovQ1FyEH^<%i#vXP*nWVXQ7m=U2+QZW?%I$APzLbEYws+v41%tT#1(3+*)M29TBAv)j6cqHUcou3lBVF@sxKcyXBlgXCV6IHey z)NOI~y&zCa)!5MWoq(q(k&{S@*j~v@ z6Jh3!uv0O@A}plq!LZ3@q2gb4IjIi7?;x7B=X>e`r-BzK7Z#p^;kq@$1^nBjmYvRE z{Xm|^tx1K+$C9s(NRp{lJW?6)URszG$zwLgG_5k&0E#wCty^cK10%59NoVZTr&O^U zKlDQqqN?JGSdp7j9CAm93N8q3EB>*yOSRPIwmlFoKWQ0BtgYJUL0Ftr1JB_exU~hLKs+wq3qVN$RRLh2j*QoI9%n+#d}UFlEYt3J-X<0=O{@ zmaBYvuXQS3(+*gNF%PEADk%wse&mOe+r~IaHqn^Gv>2<9K+K1v z%Iyb$-QIeFx*+J#WN!%1B@$|L9!+YGiSe3-#X=!BvF%b>mJ#q;&210Ji!jk^-fla? zqdDQcNId4+b-8I3(vyyNRdS)af8)x0H+fN%#i6cCO50s(x?S%%8x7V_(O_jh*mc=z z(}Pro^vav!{l#0@I@K4^1patHcY+Kib!nH+8{4stK=b9oHp>Jc#y`E@KaC zdFnyegceSglfYXZAM2Wkz==ku8)FVZ+6%>ltsTq3MDtp>394&8dS^zZNfiN>nFnr|TK z=vbYDjCWr6FPAFUj0lcF&oJe2JqT@^Y!EsGOCWkvyXwQRsRka0Iy85@Jbj*VD##7F zX{+!AFIUbuXR92=kqw`PE5%1)FHHRjXlU92bD@QZa}Xj9D}|X(v%PD9c4n^4w1nqF zG1+Cw95DSNx+eLt)Qd$=MLE^vBq_Ky=gboaFG!Z)h)A4x(lZR&c*t*uB=4cPAm$EE z$*rz3H!cD1TBKX`?p<}~7|U^mNUuzjnMoh?2XLuhOW4X@c%0446-sn#f@)WbzChx6 z!EXv?t7_s}kV#2?%lI|QR3~Xk*+b4ertflhLX<$|k!$3f>i;;@g%PFruYA(x>Q>h| z$c^hB=zRy;-6*McXYY=o$a+cA@sl%_5c^(u_jg<0Apj%1 zzzX|T`X(8z9YOI2(a*%>KY*)+yyufC^A-vl!C+WZ44RapU+frOp zv5VP6l6N^pNaws+MGp9{a#fiyCa6~Ijnk?{-x(Cdj^JP2&`=*=+fUpO;-3>{nJX3e! z5boz40u*}$OGdisy|ovOPQ;5O$%u*`Z=vMZc4?T)IG*-B=ZBZGHf^(=0b$#N5T-X& z-b)eAaY9opRZN!_=##4rzg|M|+xJYcZ5Om(x;C^u+m{0|O{S61b-VyV>4xnd+=_qb zk=@Qg`Go1nD%eptqopt%7{ewuEMo@R_e=pTudCluYh_9onaE={K)uW3i+>zneE8?P zw;zuGd3AB{;qdJA^jKcVu(J3oKY%e@Dp}D1vE;eb4s{#=8;alAt6k3eHj-J;MzUr4c>=tpFtSv) zZ!E7i0by}bC=4U0kXgbzNw_gzm?7JBrW7_Xwrk_FQBe>MMk#kdUqVHidua>GIkKjB z(7N{PB#@Q0<(~Qg>h1^E+*X2jJsB0f>{rm_;v2Q^wP5T98y}inlxnG1GAPW5#tz0# z1&q0yy=%J7NeDL8WZMEe-eWW~)Sfop;tN(G>XqbqSE1d56gY+OvQbn0DJiu!#%W z;j$nEd!YBUCI`6>OCYh+Yx z9`{#ud?$4=FTR?tZTkN3E{b>wTH9&9@Ics5=FSVBPKXlYZ=9vqx>ZXj$-#P20qRWW zLqj!^C@JEwG76%psu1jwoL9j^+%be+*=DvgAQWp08 zyQJK=%ofDcYLC7}XPDrX937bW_guDuR`3?Y*E{_-r9j^^`_@R8u^8brrwvnd+f@e0 zS>+Zvs5W81V<|SWC)|BL`9%53!PX|+Xg0NAZ)z}?^~n=w zaz|@NuRgrLc)RXVw~eZGw4)8&I{VMWrtG)2TWC#%aZOYuB8aRes?V-%o|z;lSM>*V z-D1R2wBOoq179L{BV34_#2yYV27kY_o71JpypV5@+;!9sSWM)q6@IN1MMynUG02R# ztIi>e*bP{}^I=r==CclOukwe3x&L#}Ld~NnFv$k#y$1RfmqZq6gRmUqEyHnNXTUhv zdlj&qi+rm5nK^Q6aCVH}XWb96j!i(1YLS6%I&QSxpTkJ&1y7d;Vdv+d8JT~&>Gk8z1LEb}BSQ}v;_iWO)&1~~W4j9N{lNbK%r-LkfnlnAVx;@jP zP{l*KMup5(2{Y*!%4^#gh@KPOr&rbsZ19!{-me|b?YnD2S3b$J#WDxM^_trYbdrNi zVvjn_R@jtYzEkS-2Je8#f7!J`O<~KSwOcHZ+{TE-Ch)l@x;nQL->R0z>uv}a%-;?P z+A42W2`j=kNatmOHz-4G%O7 z;g%+Ggn8`O+G?5dz`zWG{pgKMnRpOrp}sCE)tFR8cPWFF@N3AoOp)LaZn^UR-{sM)1;wWwAghOQAp9B7=C5``yYxjx}9hygE2Eaz~}m zcV4O_g4V7WirH-nb;nFP3Htldt3%Tkf${aAgp?-+jPczEuX#eXAxA}9s|XPr#p3K&{6`qxw@wh2V?UgU2dQ?l1B|^FCT;c&p`w8BZF|PN&)0M1RL=A%&by ztF>MGlDz74ZFvmCG#MXmndF7775U=T@x{AKbZ~lv4$n@HPOeVQPA?%h`2FSaCb~F2 zzc@R3e<;7+gr|;9F0U?5UcHy!0DyKA9oZtaqPe26S=BRIMPek?tuYi>gyb4NRuy_| zwQd_CvnelYTLWoRgM#)PzC8!(;;G6!{Rz4>Eo$0QnPbIpgkGq`YAURqtc(}qQ;0<@ zn{YZD<%r#;giBdSS+Ah@731_*7*E5gdP9|i5@^VAnj4W+uY-pG8R7&T1L!Fvic|~g zy5Sed*%}K~%}s+*g<;?)DF?&Qx+dJFN`u!0;sEJQ1dS4jt`#lSca~~M`azRujB`C; z6TLP?a0{L>L4;dXyWwV!RyCAWn2JDabX~p5ZVBJi7JrEZP1V0QLD|Gw@Yhgu!iQV| zj>b5}L!xre2S^mrNF%l>rGA)xf1ZK$apcp720-ozk0@w4e#RltnK}fpEmNeX3SO*2A&oMnWt#%JHdxt|PY||z!Em>f<uwc}2&Xp~{J?TS#A=xW5xL<(WyP3=EsIl4T9spiOS2TS5H#2F%93s z_pmUWj4`$66YAMXN|Ecbsfq}4l1xxS(`#6`K23p6qz=ArHXSOW4R8dP#HM#g+C`m0 zO0EuJ1Gnpkl9lT_zH-OQXTTm=Z#=tzMrG1>sl`JA3-$zPSO+qjC52hxT)oA3E%KY* zp~zJ^OPnNzZHuBmrnzPwM(zOW0?bwQkJO>ppHztzW|z5cYfyh%_<{;pP2}*B-uq;P zlL2Cbdf{cU+a9gjIjw3~>b|#ZnGFzB9pWsd(WcymK2Cs+Zn=Cf1>vJejZIRX0)Nqo zTPV3sxp0RC)?aMSyoxOE^2cDQhZ7p>ki3M7Tx|MRmKB9mEnDHUa24YxMGd$k^%H9Q z<;|z06)S7`i@xcxk$?)k)rP8LR78akCWBukvl%h+2jF<_Y9e=L5yH6|dW={qG8z@E z5Xl6MF~3&kJu4j4&$@`OF9Cru>`FBCmTsbcp&zQQdrNHYQKgEbTP4q^JRdU!vJAETr zq02&Dt~sk$X1rtOb7g{~5%LxYNfy$dC@Bu)f*)Cdu$1sJk{38J65moOYosh~ zz|ISL1AjK65#~dwII#&%@=0UB3E4!Hb8^EXh&3+X<|Z@%x(h39i@4$lQ=HDRbKA#F z_axhN-(-ZVt5(1_TCni-HebxQycmS#sSzu#bKos%gSy@Zonz=0{MX-|HF6h`EQhu@ zxjBr0pl%Yqjxse@Z}-Odnry0&2`S|ngg}pGgMqFVNs?q!|Cf$4#&fkXmJet_Sxbe$ zX3Wf>R|o8o&5p{lM5>z*uK}wpd6z~_hXbo;y~*__3W&eDmT#scB0^wJ;dBl-O@~IK zA=KP`{=r`p>j)=MJWVTrlR zoiTmo8L3L$4kl{U&CO*5mRHZVLroZZj3mAMcEi-}Ot zpC{$PmPoM?vh_DjOG)@Yvo~_6HY435`daN!ex@dhZKjF8V_(BHYR2q)V=BXq6Q!jdWiqfL%$1LJ zOjAiGN_!OE@Im=>2~!uFb2S>nkt1(pPI64sO(QpZDm-Wh>11kh-oSQ1M-ZD33}SD` zO-@^{D7h)_XJCu3T3jHk_k`U?J5h-%77vaij^N1q*_CQ>O- zm$wxXNJZ@z2tAQfYar!TNbt_ISK%_!5iD-@Y*2yCraLyKE_1ai;#=qJQ37~!XwRDG z5Sa2-1-G!3x+6ALqO_!=z${}mm69e9Y{(8MJEjB$=&DW%6ixJA)#;O)W@?Wo69v(8 zkXZZ1q%1{x#w^c_RcpF(lD-_VY{*ffUf;JqFQb}iF$>W22u6WWqHAotkLvwXmdlr{ z_Xh5lK2u7WJhnqn@8mTCsEHyYT#%S3N02-Q-j?WrlyqSmepr=g$cZBSi9R8qk&!zR zc`P0nuU!z=VR}mU(7u4(Cb}{Lh|mG$Mvk^c2|?ucOOfb+Wk4EQ1!h?T1~ZyC=eD*uwbc;Z&d-)n5(!x=wd1&PWyT*tkOY;blN^^ zPLtU;eH&C<0cxf8n&^lMP@M>uPyK+oT$hPG1Qyl)L@BVKc}o?`u>sh{SOrfTE7+#n zFn#ugLv;-bed1_TR#E+@X)eOeT}M!m3#}epqLa&2^y=X9`$gPTw5AJ3hVIMDLC-4!=7%y*hYx^7iEFM)A_{wNZ#-47!S8*Hi#!7c8PyO;$`@`&q#n>pNPfm03l5 z`%U!LE~$L!EyaDBfb;xB-ndo}{s&6q^o9PobSjlN8OcCsmvG|rIzU}ZDiJWB_ z9+FLv35r}-4Jf#}jc_t3QYYNNC0G#&0xeK@6s(6Dn27aFphGF3mkn_mhBc<+_=bX$ zR5vDILQuU3Cb&U^S0~^_6CFhIPLQi$IIkSpYbW9ziXTQ&bPtbf*;zQ#-DafFXvCPZ zf`X+paJGZZ6=5_Wz)v=zGD-%0Hq|6DWd_yUZvu2j#wpG1d9>c!#NdutKhahwkXyDS z+mVv5ale0+K&@71a> zIQaeG{QUUz=;WU-XeiON9MMh7-CWxno8^QH0dTnU<|3FY6!hxF(X=)0sl@+4KWK(VBd~ z#$2v{EkPK4ME40+Hy$jV7UQ8TvJ@AAHCl?YB95o^vp!hMaA2}Cgp6}T?(;%Ub^LP! z0{0PGNJ6iZJ#@_3if^S1*2|zrMesnK1pYwr+X&vUY?p)tC>SEQO*l=tH#B57L{&uh z1x{@(aq_yDo>%iJ3E=bpl;ZzwySv96V`lt+duO*Z9sj?*yZaRX|0zDt(BEHk7S^Wx zjt)mi=UOS*68bY8jxf(xRyH=igM{QFdx_2p?)`>h7O56zV;vX75STV4XATQO2$~ZW z(d7?pD_Md8h@hWN)EA}VnXcWEWaBD9E@I=Yh^2$1kecY0_6ltM{q@D!n=J?CZyuQS z=EeqOXPt8b3|=B7&=JWoO~lH|2KwIhJ7_oCoxiPYgzIz=q*1ChFt39}Ot;&jNrGY) zicT+ApdNOXu&{N*hz>`|#BU9yiaR$^J1l7+1&U6PG1qhuvETU1roW<%jnlKMnq)9D`jajZMlw#H8{f(@raz_E{mHQ~B(A6peF` zEukw|nt}wCtspbTl3sJg?)VCNuWSu|!#~cfnRv~_nt<{t%*w)y-G9rj8>LN z81|kmAY)SkS#bn`&asN+v^{au`ATC9#34n(0VmL47A6g<0Gz|Mz2+S{$TA(myslR7 zP}TIps7UF*3xeLM;sf84$x6-X)?&4A@3?{mO^NElTuS7er9-gQPO~dhAjJcYPCzd= z&3L>Ff0Kdk9#;LBl!NGoNEVHGT&i*FJuTHhBvoOqnq|sMMrtWq1vP$ZH)qLepk%w$ z6{!~-s4Fky+)R1P(0WeCq-lx5Tl#Aw^6L2F!}rHOe)D{dWh50MfreJ7 zF(P-U+gV>B(TJhvzqu#>P&D$)of3UKu9&5Q+%{#j3Yo6WuN2*0C{p%bmZ;avq0ul9 z!xxZhl;`sqOQGKc$f8CAoIx3mNEry6f~``&7dyF2h>k9msrQMr5UOh!Z&@g z4b)RVs%l?N)g+P)bmmnc^eip5C@lZ>f}@b^PvwME1ks+3D+( zH}5YFq+a^1TXrQMluM!8b~9Tler>C&)67Zg5uWL&JK03HMAzhsRj``8d;MlMn{d38 zaU>cAKvk>bM#b0=<{?5rAlF*%f?Zmu>49N88UkB`0^86wN0mw$sP?oxz(9qQ=usqm zKj)_uxAW6|Y3cafmw#FMHz(CTb3d@uece!mr@6BnQ>-hem=s0^R9(VjV?m1;SEgMR z?H}$CY9Kwq2COqs-=_IWExKz>rN362U`k0mL#jhxiEg}`>?B8HuutVsqYw?qEgI7l z;z&!yf4>qsC>))ftJ)$F8+!?8n?}aa@}ADBgSIuMa~ssGYp%S8z4`yyd-wjfZ6$wr z|JJKOX|=H&lkz1=&v7H4Rctv?>)T3l+HBGzK_o1(rbsP8+17Erul@O81^~f}WZ6m6 zv(K;E&z{B-Ft`l{gTc&qWOR{{oi~~#(^+D8A}KlNrb${y(u>mE2kmoc`=WCU`U7Sq z^b-f?08kh5Q*ai#49+o$OBb@6Y({g`NnFTL3=XTngGSb5@a`y;&jqRc1Xap{9%%k z8qO7fSStR`&$_+0omRJh-t2aNJ^)-mqrdAMHmd7avmtYn09H|gF4-Y@ttV)oyq?VE zp}21wxEppve&bO%rOCKq-8tf7W(?0(9l5v2?+^_5>IJcFkGYY@YA~Za4!KY|fN}5+ z=P(GR(oSP`?PFj~F2w})cCUQJjZQyyx#gj~bk!QwyTW8jg#&Inpkv`<1U!>wPFsbA z9)-xl8uuyXWw}wh_%f^K=`>0h7r$gLp=!_|YF{~!O--n^>&@v@S*~l9W~?h1WmH{5 ze}(&^KVd=;$u3XhNNnL0Z4oY&VnHS}@m%Wb+=`eYLd({DUdR_mol( zI08EB3N*Bh4ZUz~@o{vnK{ zk?JXBb{8`ddo)pLj*94$vluel$=Jj)g$Kb=0X@zkZ{~`M+@Z!ciadryU z$DH$M3ftJoU+Or@Z$TwWPru6<9I+T6seHBrK;||2YWC5oRD`-d!Hc~SiXW1XMXgS2 zaORZhi0x@W!;pEXj6Xs<>-3J4p5HO_tu_44{L1d6v+$0_-VKexqLJPLTPY%azWWa? zk?AXS-#Vm*zJTx}q; z^F$iDGdLj)Yx}MLdEHTjUObYJSeCPC!kya*Z&=%-r&hjgST9zqEX{nMxh^>>k6)BU z-FWPZly~H@%K=oLv=;fA%NJr%-u&D$Y%f`bg(Na-@bW1X3XAaS#mVCNd#EFNC3pU| zgo>eLE}D&-e-@pGZPk=nzVA0!!@T4mKt)5>pBn%gIYx^9F43hKE;+?#|N zbEzY?=e14rBnIDp=8=zM7PDX1*R&bZHs;d4jAFZJ3bZq3$l70a%)jiIpJB%=NkW#p zfa%nWDs%d`2!6-_}cCwFI`MOM6+0?yve*^)GD|W)YCrNDdoiu8QK`M`0a)&_vM9o zvPHE)`jmzSGU>RNHHE0_j01OIZTXPR6`T$Lxm)ZW8(%*LIynWHSP_RpVggWn(`GF6^CKJhHlWn#t!TcHdk9?S$#{c-l{CIJ#hXY zo`6|dl_ApI3NWc&ZqqK~4`ht>lC0G=4P}NY3M6R?&^f8h&+$siEa&eJyPz_Mm)NI%VZUAO!vc*bxNY?~Cs-lJPUw*Nd*C>YKz zTjqY^jU8h*ogQ^7J-t;xoR>y z<+;pF^T_MML29jdo{SlID?wvx#xKd3>F;f9Ubc>ntF~)uWpZ8ogBNK8t=UR5e`vi% z<^UX(RQ!JeBj_xsp;%FEp z_3Ld%e5{IeXE_UXW_nZ)C2Q-b){kBA!%5}pl{Q*AepL4&mkZ%4ZvXI))GAO%51x80 z?=p-$n-zl?5Q)yu8FntZ4vXDlguAGOecFEK<9%6<#3PKxfiJGZYa}&ifEf^q0u zm1dZlqoto5oHNu-QY2wL8QMYtaT)N_k1Xl#CIb@qL&&)a(f0|1R6B6fYyRBTVLtG9 zphs^Ej>wkuY+>Ljv>=m&zvlx5a_v-%d$0U?)f-lK_p9Hky1NUmQnKrxbA?(XKVw>4 z#O^aQtM09GzrvM$@LEJ~cz4%P`9~YoyXMc`es{OuIz2o;YoGQWzE~lJn2r1>l=VBU zx9zjjRjV48IZ?TJaM0>@#f5C8dmYlq+~;5jt%FXhXAo1jJ9BbzD{AwZ&M*J}tLarq z{8i<%WAtk^ue)ia2V|t>vl!CS4phe_w_+~_XgrnMPOy45^gIf6KHGE$3XNNING7j^ zeTe!}P#1!SC-qTWk7?*JXPiueT1LK;_q$IJ4Cslh!aP#{ZSBkfgbsh&)B@y8{n9=B z>8neVCd^ECS9PL$_)|}c<(ib`>ClP-yEv*@82DE#E9m{nG+^mk!AY=C<~x-Ob$QV3 z`B{N4PbyR5%abPa$QF62GQ3VXiKf#?zL6pY2n$bghg@BP>6)bAoQ!9J&1z01J^0fI z2X%--Q1@gAZ$9!}_v&w4rflZcQS$A@nHsCw@RoX*L$U~-Q^BCc?xw3{rS)K)vcj9c%QIK1rZ6$R}3&k>OCcO8@@ zhLG&;_TO9_{M71cNx2%KFL0E-f6QS9dT?&iKl@Po_nvkmU}AutU0fT@qVQTE^Jh2Za0zg5|sWhKCe`^9n$hJ z^_pol{AgGTe_c2Js4WTwELa4Mas85F3J~)88{5Wg3pfG4oE#G#`qL>(h;8qyQqq(u zgZLWO^|rNd*kWG0V@RSQ)x(Bmc=1_vO-0(+_ba$wJB~7oe{GAs3=!9}2jEnY_slfV zcBOUR7pfJ0XPf+iD{$q9-kvO5p;KQ5weFGY?aG8D)T0R%YY>82xk#o$NI-{7=tKnZ ztuw}F_!3mh?AJUITy`jl=h$|S{BHlL3!GC)v}-}xgNJ@`z@TJ1%mlOBm&Be@_QZS%U9VX$F7?miX5!n5X`oZf<&|_W?+#hyTzo=U7s`e~GE~HOvk^o{bE|j!*%Vx|Fj`NEL{79dY=n0f8HW z!6Z=#es!0#M3i)C5Ui%~d_!c|#ibuZaxl>(Ts>uS*x-iFxek0Ctc*Z3a1><@LFrGW zS~kNt5EgO_`!P~Y=(Z2A_7)KkX#fII5y~iA=CA;7=kLV@S_!$SZlf_tE z04jVG#e}*EWE#oEn!an|)&w5aJQ14N3=|n)Z*{qcxKbE1ggJ*);#caj8yjXb7wwIW zO|r4kX?1&~c@BR;PT!3U!&wX`XJf;uKsX&{A&`e|8ozZz=PH)2*oY(1Y4O(*+M-#r zAL{s^-Zc$f0A5jNvd_toC4j#<^Ho+j1-k@~__+`~&e<#kk`#5WghX$F1QECyTy&fS*^6|KQCm~pCt*@RAtk7)CB5m*QwfI*;B zIExb_3Uyi$2!RgL>lA-^C}J_oH;{=Wh^UvQkcRjqwUml&D=K7H^hfvQ+NZh%dE9Ip%l%xCc-}m3 zuNhy8@0#arTQ14FrZg?f3=O>IkaPvaXmmf=?UcC*C)TIX(s6NeV!7fTH3U7-!p7Aj z#^}$&%d5eWkjnC7!3XtoEN)IkS z^?s4Q{G2?aapDBN`>gf|?^!8aY(*^VLn|p}R2L)X|7Yne>J-AxHI{U0v#gp&6Dm%B z*~QOPbEM)SBtC{B2kcs`Ddrf>$27yK@eKhfo%46YLd@GVWt_O)TroB^aT|H&C5L9` z))(4J%&0flHgp-SkVQ9D5i9G-n9a4XuDtZtoQlQ~HHoKT-hfdkBvS4qiDE4q^lmrU zQ?gSoNwh>DhY-<rqG;;NRbQ}`?&|C+;D&!VJg${l+Dp*1x<5! z?SpPAG)~n0t{8x(BZjM*5p26FpHv2AZ7W~wDdyH9rmuB+F~)_E4T3&`-iUJl&uMkM=aSREOE_xbqV}z zBnwDWWTd?|hhl^kEdVB7qCz|pr8pzb^Q1J&@t*sos_k$Z|CH z?If_V_JmG#N=5Pa37w{)Jr!2XN;;Zv0@ZEW(lKE4)Win1~0Q4dpK~_O9fZ;zun+T#CbrSlR_Y!*O z5QOt#p&QMFF5$@&2+RT6<@09D5T3_`pz}j9Lx33U&SIJ87tVadFsLX=u$xm#xL_jwAc4atfO zz$TmA-49@{i9hwN_VTRk2(3PZsZ*Mf`kLlBz;kdQOU2c)Mprq5QHxghfw zASGwYnS(VjxgR~&T;1G|M88!9yNvKc;)^D;6g2$DlV5V_aipPCAa$CF>4BdJQIg?_Q3cPeN#y)ivThDx;26_ApDo7`sbRTkFF z;`%PE_V^oQ8ap7}f@RQ1E^-f!7%?+a0aii>-pNgn-1`ke=s52PIH=IEc!K$oqMfpa#;~s4#Ba4d`bW@kHvEl*7#g5vE?7)2;y86cUR+-G}2Lvod)|Iaw)7NlZze3?U?2 z6*{o%kYhRvU1R)OE7q_zo~P9fAqvtRqU)^G$Gz8TguhL0Z9!>2rI4+%_Zo(fmec3q z8+8Sq=AU1wH}ONAH%LEn=sU9vY7?af@G_a^7|O^Hh2NZ3EVg0?L+t$8CbjFK4Vr^Kd1}%?A z)bPSNz_S7cu@b1CSwI(~_H`eK^&0XL9qwDHX#iY*)8#B1ve;{n66H_0ye(*a6=rpF zYFy^+dvP@ci_(q(@YtgtKY408#d9!?kl!GJd5~wsnk-=Mw?Q}LI23%G;gHS51RoT!SpME)zh;;d7%McS<7F0=xlRj=64PaI= zSj)mXs>{Ta)>F0t^Psm&BiE&;X0>%`pw+<434q*DX@W1Fe7zFvo^wHx8nw#$FA=wC zis7yNjsPMX!Ppn(*Dw=jqWq!t z^O%L|w`|sJ71ABdQ%^*l{$A@~{v|qU&=CB>3}mb*H0}`QC0c8$EOY~~ZWsynQ#)@> zCh$m%^pb`4HRDLX*26c8l1rASnv78A|DB9tHZ{yewa?ElDK_a~wOo!yukYm%BcHMW zT%EdUEF-%X^FYbO*ZT<)$mLz$x=?dAtsFC09?oZzOny_vf6&^-#?Hn@F3-PUEb}3m zON!#(8yma1@?@QoBuXgci+h3J)l4sB>`)S^AIbW5#?-l+A-8Hav{kmu?ur>T%~g1^ z?*DvwmP>!MC_GbFc z$!w3L%P?6YiP4hm zbmHWbVNS1IIWoIoh1kg|8vx@D!3+U8lrp$d+1P;hoHUpOxhj*TXK^kglcsS1Nc+{x{*=5}ryfZqKm^9dRL00l8t@c> zS+$7fN8<&iP{51*YZf=6cx3Ex=McUvmY&5yfEJjIk(QS3^iv^|!CQ)d%J4FDMKaP0}E>Kq{AAe0?@DaSe3)8%Ayz z?f^PVG)st&VyEEgB~NK`2B9B^Z@`@W7=A8gTgb^0C0W&KVi z8OEY?S=U~IIdY`nrt{DJpg}B(=f}jJl6o{v>V+e>eofaJw|l1|AF#PvR>KKbrDawASd`|NYb)F*SH zh)X#e#rALXn%Xa&ZRf?d^BaxzE9q}8L_s)1KTKje2M&h1r4;H&;UVhQ0x1gB779=| znmACx5#n*F07Y@vIWCcQ|Nj$*(g}J&YDT;esU!R>rf!hRD2*1FuMj~wZz#9EOkM`c zNth5ssnw9DGBIG_52+vFj?DXY0^^Ai4rvA)@AJop{p0qVPP6l&f8Ol9BP_fo*EIIU z%sGZNQM#VxJkPS$WMvLC&diDd+YHN4QKJ?=34Ys?!>kY~FVq*vU^rLEW)(taaj-{T zBVX-T(1DSRaYbvbe#0rEHr`#ic#ZfMNvK&76cU*G=wtF5j2quc!MJ2DH! zKkVPa$M@J6E%NPlf6Li*wzs$J-9DXouUh;TH>I`G?jZZ@-ibr+)XMGw) zL488~P)s4MBdPi_ir;-lh&R0&+2RlTc4_O5DD6%~nfmSDUiDwSz(Luga8}6i30T<{!KejiSK3~kAV+AeMc z4_^|@A*&nCVHRwH<^vA>gWQfCkXa~%c@`rgURIbp=6Nn~<~UZsd>! zEFYvT4tZ&{$UAnV;l7p1S%~)I>z&-rlyz-;I*Uhn%ackpBJ1v!*In6ZSOQOKM>98? zOa+Btu1GBjS#~O`+qxE5x_GIn%Zwje-Q>j|vU!Q^Sa>Ef>`Qi_8f}!!QsFWxojCMG z@#BIq>d{T`NA;3kZDX6x8Pn@f^{TkA3*wZs;bH?)|Ie4faR)R?Rp zE~-k(shOG1f&hQd-e=Kqg2+4;DLKf3sO@?;%A%yq!`KJB9!fh^>FuzVeX>!=A{BGq z@*`Ox78oZ@zb@F*$g?$4V_l5ZhQ8TyT(%-!MCQx9)*3>#yjLp8&9j(|@SA4~WUL4E zb;CqgAhs=kLnk*OM9&U>YIOj#w%h9fnu{!=yjapgN+8PurYOb&LL3_fAZCvd*pFqhvfBX^Q6^1ZyvPv$?Nm8L%&%EzFyK{tok)o0Ej~lwBc#|F8f=nT zD3QeAuIt14xr~dlK9{e=h<5IdnR^BPxzU7SxP=b)3sg)95tn@?6Ta$lL;0jU_3<#8 zO(h1QAEup^;U3A@#}g^WFj*Z;A|#+f25?J9tJ(o@|4U3v&4kXV^84n?D<8mxyhJhp zT<~y>?-KA}Jxi8^el0GLg-0gd)F zikJ)nSX*1YTR3-*?$x6^ltw~fhopR1fqz510TyedOzVKfR|V=!qR>wwuoTe|!UV-) z(-Aic0_{JyGXLo#x1<9P@zfV#sgkME3Cr-O(sk(;sx4a@)6BYyloo zWv@W}*Ulwo7(>?ltuoo`NmHHBgD0tnDP-!FT5MW_auP>TLe_ncY}E`uG%;>=D-)T; zv#`l8z-qMxUtDrAZo6R@K z(>SvXMl{ybab;I*p8Ls>+Xp}3-APQ)W~C0(gzAh385YL^n|hh>49IT*=Zi4XvccgW zX$T!R@-Sx0XNQ4Jmh@lpDg-E-Xekdf+`_>w61bVc339eeFmSg*9)W^i>h zP3lWlp3jC@a7me%QSU4a<}$})8jR?9S;P<_*3X04$PX3nsp+#(wy{4hs9%~Xr+C*8 z2Z=p}8oah_zvqo`aQXd`jf+DpJ-9S>xZyozG|c^Q6fhZe0tB>zzYzS%9sAeJjsj1+ zHDpt#$`WURr$)t{Q5;3rnOKIrwdBE$;rAs_0}pigh7HG2bd~9%{7!YN^f&3QEv`@w z$8&v2_Yn@&^HgVLC!joBhvo99z!z?Ub}ZPeV(`cZ84+ujuYvqcc0a2Rh0#sw;;OJi zb6tWvQO;{wu@8zR0A(w@9vDl+({b@fV-#Exvp-)9k9I=m5`Il6-^mOa$5-hl!Ic7H z>M*}pQ~sygxY|xOqh@X z;h$vt2s#M5#vqvngH$Mqm38=7!s|ieuzuoCd7p+}KZ$+!ir3d5+R#qM%uc3(t;SN* zqY}D>Kbe|N*fG749m&5@$Uccb0~(HIbRYUbpT-u` zSZGRv@|dmsF15#WkF1eXV}WzLij2ZScb*Md+0!v*B|BW~<7anwDF;}Sxs5D#IST?Y zP>VR^{vNG00R8HDzL-rKm~r--WQz9im|e1%d=whyli~uOpUcxlg3-!ELs=l46FSYu zndh;(q%NcCDVbx`*i?AIGLnGsF$)61-PoTdh$p)keP_KCTW7WNc%XwmG7_=G7fMD4 zEdftbv!T>Rqc=vTMVw=48Zca0#WxIQh`7~Q3slZZ#QMVCV~LKRaQ>$K{^`JoF(H3dvVaL5$=yd zEF`Fz!$w_HD47z}Ep=iq>ma6xXKGF#9MGPEG=hS2MB&k@aUg~TPw(jYB(EDdebS<+ zvD^{%z%gQyCDP`R0$vwta9e1A_)5_P>FTLZg`F+jIYMP+a1l}$- z(T6t)_y9I+JY(9;3kEb;{?b}BiK5e~R^)&PM3=+A&|eoNt(r=uq9*}2%}_lwBgw-` z^x9;M%~bG+pYjRhjG`#LjBvMd?*KvNbrNuCCPQ=*V%vgJ!=;WJC&Y#nA})2L6N7Wb z=Ga-W$T3q-9TEZ~!^nnTnwW7YjJxEZ`4gKL=3mlKhU=xPfF2Yq2F9k+D@mRwPGtj8 z=JycHICIvB{TzjCb6KCzOYAa=37-u)`=6QEe3Aes>q$iDb>w>w3|~X7n(fyX}XCQ(eHOA}dc6QbQs@Hg|Ct`sI? z76(fc^rWB_u&;V7p7^2I2i@+mpoTwn5z}hjgh;D7;#BdMV8luxD#k0QMVFV5SVZW|WMyCy5icsEEB-yq&~-8(e1J+#lTBsUQ_*P| za~sX7)SL$kaFXN$5TIV*c0>I`T^F#K6133V_1;oclzHYwRAza;%CDh6K z4bmHKLw<8Lbm+5~u{~nZINYN*e2==5z1v&+_V)I6?^b^Hj9IPUnjhcUGdcxv}Af7xu$I;izR>rmGHtcC6|jU>PKNcW=ZTb=>cB2iLFC; z`$zGejk(L>^4C^`dRWI7=sI1o+-0G>F1cs^oc$L(rny zhI~_X+B`+o9+yK?NZn?Z^RfqQF@kT#lE;%P#3@qMbE8eJ%_E73EY&0m;yFot5f#^m@-A7Yu&FP(vsvp`RWR1kFz7wOUr-Nq^BnMp_@audZ@_;x5= z_&dr4Kg}W2Vbh5FP~)5?W0_7yrpL>`a`HTtM?wy~#arrgu=O$Tx!5|-O~h-;pVQ~q z#&gw1twd63qfQ=!8*<`7iWa?LjO~&?zohl#4eB6!Wv5MM?QAlci$5K?1nO+dbF6GK zr>wl{b*tfHn{P>69huBT39|Vn1QzpY`?YomxGKu2`5!$x^3Nzm5?c z^>7vh_3Irh^+P#@^^gDjRR49OR$q5EY6~eKvWZo) zv(snpcor~@SLzaga`4qO-^8&#R8psT*8YK`Ak9z70mTP>}s4rt{Cg42|isyU@bTx!Ue5+k9V-VXgIl_%)cb_4@DCn&38z)T=vW7&CeW zPhIJm#4}h_Q@g(xBND?Dkj984^$uY%8zRdIH(43_7Bb97vlKZ98 z{Lt^VI`3N@_)q(w)i+zt)e?&Mf?DTio!)*~r^ICZTXrm;gyS*&%XqJ3VAg<#vTiKP zx_oy>ocFjHu&RQ|5I?_5lBuY#?>Exz{wpNNS-fA(Kwl5^c~8qPdHK8q`#VN!MzI?3 zV}+R{CZ$=YK<^2{EbUZX%QQ2>?XyMOGBrJS-%b0n=q8=f>J@gdkPq$Cx1CnEo7oUK zeR6?bLKazuRuqwBwR3THdC6kIsKkmcFRhiTJ|JNU_$AE3E9Ui+n1=k4#eMK(!N9j4 zjQ0p*7E09Y(xceip2m}fv>A6>2c1@Lzj$B|+1L*~LPJEd0yCmAJ*j638nZO&J6mKE zFW5fUUVh3JDW6~AzIYi&VWMrDy6uA~OyVdA1eplJd{k@d>1Si(7yBrRZ)of>&)(SB zAY(>77E6pR%)_l-QRIW<#>TT5XZEG8CaXXmjAt7g>b(Q8&u)Cqa8>oS^3o3i+;9oJs!%E7SvN8J$qD~p% z)!O_6O-i#M2r2@_aIFA!$MNNe4mZ*@&|Flf)sPd(TFrd8q5>lA!^j3h0N%0U@(os6;r*p8WUY5uS29$1Q zW<_#`_F#wDY;wT?h9dC8D_(g-GOpHn-dypR+MV7}UB00S3Z@tF3REip@z>{%{$#na z-eK1)=ImUkG?_dT&cu6i8(UjjTd!Wcfd6i7ZRP&E{c`KY&VOvb*n0Ki`&T>P?{5Fc z*7o<`@4WaAvh_try5KY8361|_>$BU+5AOfSXHB`w8A4Ms0Rb)`UEKa$no4D^29V;J zf|U(Ih>U>DnM=JKZVI?*O=##*WuO(6GSnO(XVTG_9yHg%44;y>7;q!5Om56rE-pyO zR-vrP;2{Po=B3X9O#G;#bx0+HznFCwkZO94DgZ1i96n5NAWvH~at8A>;yjKSpGN4^ zVC2`9&mXZI9o#F3%z8!$Q4<_68Y@$;34(k2wtf1G(2AQ=>W-Pbk(#vhQI|C(>*tFo zBp;C-Zu~3%Gk|pIbGby%VTo$cb;D23Tvx*ZV#XPl3V*TlVoD9Q81kcvN!d7!61K6i zCo3ZUkS7?;9|DpD9Eb~A6sM$#TZE5=xPBArW2`K=f5N;t0Q`r{PmVB;1{VuwlE)n) zMtrVVR*gHKKs*@}&VoyDKV=>`W|(h=W?l-ys5>rw+{LYOjxbocCd4@MRQ-?)0A(=6 z9|Q%?a1GXjJTTo+%T^CnKggMK!Aliov630DRt(>YF6GTwOtat}!MXU2aVCi$geuHg zS@QK^>O(E{H{BhH(4aiCwR^WyF%UWSifE@&o5s8{S>-VcjSMiJzi8W*RE(g)9`05b9C?nxxcS-9^lJvoRre)U$Oa9=v}dSN{=(n z{V43aAaVGZ#?0I6c8~YACqEb?7ILSLlC1Cg)3LZ66K%j)Ta!|*#OH@*mCyV<~;eXfv@mkyl z_MPXoPtM()h77l|`d7|~N>(oUgNk7CFUfjU$nE}ZUtchh=SYJ*dsfp^N#OWfRF+h^ zJ7yE6CgVPxlxB)am%)?bX%U>2zPL?+qzROa$yi;b!@4My_!B=I88gq~IEo)40EI;T z;tN3e5X&OwJe%)w+rPup+|n00 zK?WY>^b<;U4NB;J{Ac~w=kWAWUGb%_jLhPy+jUiI6?-JY0rw~Lwm*!#c^|SnZRx$J zTwF7)8S@3_eLrT@>&ur|LjJy`>#G7&%6T76CxpPAn8o=rZWLYltPgf?LjHH-pLJ)0 z)YDRG-M~KApT$1;-yARCoSMsNwlBYsaK$Tc*F8fJnJ+2kLx_;MW=E>qX}9l7rXua$ z*XT`tqB%>_wIILPhCsB>u2~%W9<$$2&g_dgSR{4!>h&tT2v()=oJMhCHv3Skso@v; zOiVhDs0$KsK_8csc^C17WIjknjB51`2o;5pDi))jm+8f26lVp(z0PRZ&MJmkZ^Oqu zpDlVLE9gZj{NEbU3H-$2D3jsjLb?lTy&p=gPv~OgElWysXd6k6(X=H&EC!kUXxA>W zLsHf7g*Yo|&f1Jyrpg#-Bp1wf)*&ZR%*e-*pOga0S44ABxSO(8J&75sPbg1VT!-Kw zdANy29Iu8d1pLoYidUApJQYWhR!Hwd_$SfhHwK#zf0WZfxs0IlZ_)KD4Su|0b0?+P zVbg%RIb){r?}5787^|1iD;A=KmM3gVww<)oiZ_W=A3RSeZxH+DBj8?$=0eDFFcjB% zj?R!WgD5G}mBpv*qO+oEytL}SgBJYa#cqj?`?sw>T!CG%>SV$9e<`Q%`Aa$dOF7My z`D2vRr8?n)9lH0ot-o#Ow9V}DuBdaaO#d(a@!v>)BzOeldAyryOa}JBWtqO9oW$|4 z7l%4vGB|}ZePJ$U8Ygy|{5Xd>mu*h>@`XdlVG+3uwZqi5i@i|cnbaLaXa;DHL-m@V zOp*%DD;=;J8fLdoBAsa(ti{c&c@L^Q5U0LKr!(N##E~bBkTfCjEEED}uP~VzG&g*_ z&ui}w^|g_k_fn`1+3uhHLiN|@kNo7`e=pA8cAAH+{^?n-)%~0|U-Ps4{dep8t(W=t z-xn`mZT{UPHDzd!ZV5+xPxHce9fTio|C za%XK#(}kPhw(|?*dv<<7z)3(!vR189fxJ;FEjuM4yOC}&6BYu39C!f+LMxjW z^7QKTBkPMZ1=coYpeVdlF-|r%ya*DL(#uQcCZd6FHa037@WO45fU41vY3xVvy1MP$ zqO&1J2Wk*+SuKeOU@#`SW^^g)z)QKDT)2HNG%X-@<$NGZIJx1G{ygoZV>~~tnt!7vH(Az03<(igd#Vuq- z!I1?9+}Jog`}wrjK53D5mvmbHbp@JBoT=60B zq~gHAE9a$iJ8%f>bM>vyf%1^LS3-G&tWY%Zho<{u6nMJ)`e4iXyYq5T`$j>&WS>j3 zd3{X;RympqAsdi&SALtZxs558<-Bh&DsQo}r2=im0$i~<`WgfETpxTc7YK2ySi-3|hDN zIC6k)y912_(#26=FUWTUJ20pb4#~~(ab{q^g~WkA*V)KC*;gfE#O+A?907E6FP*=H5+GL533fd%-WmZr(pIPY@u(tcpiwA0nPkh1!jK#Wy6 zUJq1{cN}sqp{oYC)&yB#kZzJe)0_C=fY|$FkY^0|Qq>Uu&Jr;f?qC7yC6bXP3xiE+ zo$>{I1~VWzjZim^I8Onsj8!-oM-f_ixr#v2dnA)PFAKFVaTM3{UP7k*W{@`II^-bm zaacGX>xoJ~oJi(4I1Ah(UgVRJO^#Eo(8HYHjkMNzWC^-qtAnv5CfF z&5Cltr07R^uVDk&ZGwg&*^8IPR+HQ4^R`-+h&k3badd;skNKJm?iX5+*b$Fs``6k< z&Ynjz!6EyD?3TlwfZcj{C%keJl z1^ds=tH10&U*l6||9R(+#-xe26hH8jIo>YdQe3HAguXbKX<#CzoFK@O%0B^4w?RNA z^tUJ`Q|ev;C@jJ7N4`mhGaqgpQGg*`2W|P>%mI~HnxGCb!>*ax6AmCR%3dt@DwU10 zCxNj)8V7Up!X*T` zVvqD!1Bog{bOgc1l$1EntbjZocEJ%F&Ac$rj=_WBv*l1qxV^1$t>4j<-M5Fqc z#h#rA`nDe?kvOShJ4X6;K!@C(0DV``x4EQm3;O1x9VQnhO*g?jz#sAoJ-8bQU8aKC zgiHi1Rg-@xpkY9}q#=QHEe@g)CA_|CY$85%#&jo=gLQf1S&!dz#3Tv7i?rJO9~>yyR2d|1!$wOKtuY^uL|${QKXl z-B;iLwg11yXN?>)s{A70eUDA1$sEBkIHudBiO|pDS;$du{POEu%(sCx=ntVI8rKGaq?bP1> ze^}`L**oF?%}-JOkAi4OgD)ulACmvOTd!W^<-a%*{*wP+;j>IG|9i^|B~ubQudp;Z+vFJ^KQsQaUGuLbnz>`Lpp}JD z#4?1%Hb*R}mZhR5wwcjw(U=ysWj z+cXV3;K!fG{XmVv-v(VT9&p^3mdBYtyn_Ytw>6gwNy*2(?gR)IB5n`$SD< zT~2_L+$KK|mnI8-xfw$ews^*VAYMdxz}S@RZv6lWjjUf+W@>X0Gu&FT__;hcC8=)A z%r(0^Y2q54yXNIq3jLSOc#}zbv-7u-x|sLo&pxyM`h2-hQUB8}KDJ7<_qn>@L-xNH zuX6UkovoLD>3?76^M6jbzxUz1)$g329JbyxEc~xkTITTV;HOrn ze{gnke%5U@Ec{#kX;muS)@irhYrk*xe`i^bU$>Ve)nCo(>m-!&f|;Dal=Ar2XtV+hyyEMvfDbi=(Kwu`ahnv zPk(BC&^6Rm){&N@#Whcw-CnCxT31V8G0<%F)3d`?zkR6dfXlb<6`J|6`M&w??4*?r zgsCeQwOKNe}2~Oz3sHR4J#GWiz^;>+V5MP zVsl>XU$b~|J#%?{p93-9PAv5kSrgS5^0|= zC*emiRl0 z$9#$QX}8xrK5lhnGcs_V#j>T!8hHyZ31XFbLc>HRrtm{DoN+&7oRc6L`ECV<3zDtd zYn~o9kIzoU^d&U(Xb^?WGD=A9gDGlQVj|36l^|(YN^n3&S~3!F9Stuv?QO_OC6zr| zo~nOY>5mzfXjqv)jbdsc8Htn)$rYB&;Fl^>5z4%81PK7c8yR3BF5u-)x-+HWp;?Xy!==uqMN z`cY_AAO({A<(HVw&A}X;o%WjTQ*oxK^Cv$XqX=6tB%?^Iht+8vwlfXH%=5We$)@Ka z?kt}`o@WUZBZFWm?r-$3;LTxtC%1i0xqix`ba))fqYT&806bfM(G`ljxfS-4{5%+jqX=WVX0TJX3h9m_lCC;h|L zo0N#qjr)hKqvpkNuVLi^fl~RQ>M6!Z&x4ed*fHHgk=wrMls4-_%?{ggiX9OD;XWTNSkgC02L;Nby z%QOo9q7$_6vA6-hLV`1^dfquZyg2B=;cgK>%phM?3kOXt^Sk(z(6@f`hVGtWa;n!~ zx6g%4=(M`s{k_+aPtSDbvNB|U_#xYi^f+6s`3GB`_!3|c&%}Rl9!w&SHRKD;^4=8B z&o4PCo^cXCu3zb?{kU0L(2?7i&b{HvU0|HL@P~g%J`($1#Htn>waBkOKxT)unmdk& z9g@PvzUUlVWQ`m}@aQfLi!x|K-N<04>jw-)GG@sv#uhI9%F;$=ao`Zyw>|Q)q{qKn zmHSGk^|tlPzx@_-Hq0I6Z2WS_ii1>DFgF(+vcMr- z4Z<*CoMY0Cxwtf=Sx@Zei_Wp21V9DF14mm=3cE`iPO<|?D?DUN`pQE|O*r|Xq}H3v zP>c!>nYOG-yW3CAsbwV42yCbXhC-3OVXdYwms~PaUE*;%^D@=}+5 zm}XJ8&0RV(>g~hya_Vm8QeLL>s>RBZJ8bou?c;7%kt?0XB}!e1iL;c177}F@9x|JX z%YA8c={7BEGrPGLR$a;Px~L1r-YDxrc2h2_x{}p4w>=jU(|dG{97yA%G8KT|7yu6` zmQY43)2e3jgS=foQ&AX*3f|T!3ooM?B~p-asXbE2vL7Qq6tkdUkT8)he53L=G6)6n z`ItaRE*Y}q1_8_g;YI^GVI1~(K$FWTo;aVv^$%L!P4U=()_!7hndj1*_#xRRT{(I1 zPt4VpUd_|)s>(QH>GuogNxos_X340i<_6Wx^oM_br1rm>_J42LfB*Gv`_<;XP$#m= zL|RxW5^47;Yebn2HLohexsgFvugDV9wqjlYfCZC#^)73syhmOXk|719QJAbBA(b*{ z?lvdC5=f|}Sy>-E%8V~jh%%Na6`-7q{Zvja>2a}t##;eN1=unY58C`!o@25eGFPZ3 zVgrW(g5}6$2I9DlIIArkRQvp)A^FoK1A^)gygrzFQ$EzH+YaiujNn#<{U!7%@E_)+ zdS_mA?#*~INOGRtkUHAEd}nInD{Resy*c&6vaT<8r~Vp7xm-YZ&#U;;*sgRHTk#^Y=5`)=3pW@9vv$X9LKh-(u4q~{ zQs2r~jpzDRqtYL-|%EB2(%2z0-}dyJrke8oHeZKx>>enEi=Mg)1ZXJr|O+a;y$$@eS=n{LY1Ns zso0n~zC+&&pC#ndPe&QW4@)P&vsfznnNc(cb&^18u>iBOb{D{@^L-!r+qgH zqL}w-2w?CN3WBNP9t4cW4eJy8xHYjV?wer7;IG}k{qXXKSAQ4Zb(nWJ3j+9h`-k0a z@!ba|#HspfR~CB{`=fD^*5Cg7_dqlXJS;j9a;6_dqY;bWvg9Q4Scl$du16+4f!EXO zww0Qvs^U9klxm+Ioz)Cjd_PPsiG`)5(c`f7=HhL!%(vVk*2n6dpmzT&$yE8d**PuN zsNSjJ-+#-$<<&c!uzNwr56FFm)vX%2e^$$i zdzPGCrVSPdZp*MM*`V%2HCxrf*$^5PpE8%wfJcPWIXqt_EKC%*+>nugT_$!C`;!Ut zKnYOD$YGSEN3}RuAxwaB=8&Hm@c>OIhJ?3ZE%PUS;uw?KO{ja-i>aH=Yr3z$wRg8T zZf~)!+k4d=T-AGX$MnWAqh3jMQEx*1FkeCD-0#h&<&C~f+vH;w1iH;N=qPC)s)18X zQ6yw}5=mDhZgx$SZyzq`8xjqoktr>4&8$puwe{6+SW5`tjC!1}bq6x~zPg?6kUSY& zeUB!L4E<27;7t@?apL)xmn>#s63oeva!gx%GiHFxfL;!7PcQ0kx`!2?_eK4_#9v@u zW2*uLZCim!m#GiMYTH5=eS3PLc1pESq?TEBek_;eT+cFfb8)+Pw&yielnJ=4a0ShisAW2j;IN^X7CX3GY>XEfmrc zEF{*at?jM!dklQsmIOnV{^Pz<;p6D0i}duAuaRy-V?+;;zhP%#eB?V>=!9M|LLsYw zkgtBi$+-lbZXc5M^Y&p4t98%Yr~UKxVWawutooB51Za;z^6KW!{ZUARO_>)H@MrE)c~^$ zwqQSjT;t$;AeM#9rpjo6>Nl^YJECedO6*ZWwhKF=Fh%6M{qk8+HEyV%$l}@3#&!_b zqE_zSl6}2QmHBNeukcjwc5F+iHr9P5_quyYx?a$LQA?|3evywuRasA7TQcGX=b+o_yl)?9 zmu(OuR<2C1(>y?5@xm|fI<4km!xG0|`dhA$oUQ(G`?Qs+Cwg*~LW258bz5m6MFQaD zyNG~&WYw*d%;}LyXXPo?(!NH_uZ^QT`-4~lIscjO<%yi5qLmO*HOG|xC8j7x2(*qG zvB?VSE3bx%J@Kq)>nBB9>ParVo`rL9gVeWT#8URT{K6qWqi3-jffoYt!%IK(6Gnn4 znmXiyGZgPhL_9W}jo`@aMMr*6datP7ZR>58{*=&o#K1MXQL-yKt;2Rltk&775@GEl zsYwTn_*@KTN;zlVCZWS9PICJ!CBNE@8mOoG=8y?_AI}h*ip9f-Gcr-=pYRVz1~HtC z#C$dvxzVJQ?uh2qjs6f73m-_P-& zB8rOj$T;rhdKI?7Y3pYY3b<4$*OaN6Rz?Vvor=V&{^!yIaK({f1A4zJc9P>d6fCI@ zV3TDVSq`=>h>e!bmY=B$worC56i=6xQd?+A5xs>nQ;G`&mm;-$%FfV2A+rD7t3|?C zS?vD!$>E}zuQjGt97icDm-jV870fPHffVGwZQc3_`CMW!C_!jj(7mB?_$ZP;H#?`r z?!mRWuYNDsa_fNr!nPry=>_ zbe1%-_7|IxPq5ItV&S30{U^Edm3u+xZOmBsI8r+cNTEgkakO^JXvuS}Pd)G04;iGQ zB3Yx8m^9nAKZRDha9T$#Upws15MKgtFPO(z7#&1GG>hernVpeaLP6txZN(31pPZj{ zdd<@wS+z>_PIV^FC$eqDMGqESwZ$iVO508sqZOuB&b8jz;TdMZp|~cP@`(oSED*Y1 zz`{{7Cf+=x6JJQeIi`uC3E^O}5ye^PiEG0Zp@DzJN*3qAUG%6=*`Uf9OR98@>JI#A zh~|a+y(;S%c1?)&gD318GG@V)lNr}3)wPlPhCTCSj+9_d#y*B5C0HNyX9w@8Yf|U@ znPJ2SXV)x-XhZNZ;pArQyJO-8Gk8cq_mhxED#u;~kHawWJc5*glHkCdc&4U1AU582 zRA0I2%kqpXN=ZaSaYvGo|9KbPh>k&a!HfsU4I{tJcp`>KCUic8AlJ)T047CgWEB@k zozqcVq^491Cd~BoyH^9U?uR^K)PsD|?!?c$;Sh9>-9!XKv1gK^fx=fqZXQ6-V@PxWo>=u(K!gIKG zf2?o6c=_t(b{!Ik+k&i3L(fhavy;eHBQ{M}tR`O;At{`HNhlfl*9^P|Wym>4v$cY+AUug7Ad-vuPtYu0 zStD=MYfEa(m3t|5wDy=Qq?Dg<$??)@Q@X4$@G=M^L5`3vgaMEl+%xxx&wpa`uI`0Z zy}M%bdy9PcovIE#D-9|6;clGyp?U{x-dD1evWDF&HqYt^dfY#;Id5pdpWo5T^7kt? z|2>JWm^4=A%tf+`Krv}leE@i9}L?i637V%4JSs7bfdZ1*CdWD`o z&4l+zI~|Bcbc>T&w(-qe$m?eS$G{UWJyM%}Su1sKCyhuz2E! zVCXFIT@Y6vpj}zhYDp9lW2*5qQU`>5RmkZE##$CU?p!7J!Q?s%F{on15)8iv7DKx$ zS}C*McDZs-@wWSBfwvu)SS&d5wI^Dd7<=9QqDrH$8`UPO#hefZEc<` z{w8`{-2FJ;xzeJyvry+Qd-7a=o*;q$DabgajD7}yWnsr8@IwGX*1eIY=V#yYPvJ8- z1^rNHe*60wAzt{`q%@o-;EZa^oT%niNg`tq!{cCWjU38QI~HF1aTG%C zb+z?5-emEBO2*{JqduWQr2f?Ek)ZQl-3(F%43dc}n4VO1qFmj2t;*V(s4F!n)s;Q@ zbz{Lt{PyD!X_fW(fqGaqhXh87pFLoOam15s4H@TAS_8*~ja1}tTj6!iwDjXqE4*%0 z*I~t3c&(fo{wXH6pcbX-NZ~Lq*JFs@Iv#aFx*}q3nJ7*!`^WY{8p3&dZ85cSKEHb%{cBUC`FAvue7c zk>AYLr|?^QSNggsf)?ECOl?WK0f}z^0BRETyyIxpi4qhf>7i`!5%BTPCp7dZ+&IBr$qgnFhrJYW8P|{?8p*GBEOo_{ZKSy&{gCwi=uG9i zD-d}+&tqqVg4mCk&#eQAgQkoeG@H!P3(!Q7l1 zaP_}tM^WIhxM9gZJ*$$L*U2ot3=gR|44ifTvh*{WtOymt7U`{5|Mg1=;MtGOA)iuv_~Z^J0@FCnW2{22wF zxW-g7Jca)eIG}p{i+%N;R$KC>4q=0zH{Cp1v`g$Ac~rMwVf(5K{jjj=~?K z;ZYPHD+Yd?$X5(Jgv9cf#y(IE)k=~=Ng-9%{irX^$St@(k!Nlkg$W%#tKqdrj0Amg zQ27==7wB1rNk*G-mz+N`_VZmdDI7t@(X^BK9%tw520VGIyL!L=%(NCf;|%;%rL(nv zNv09!K3odgiNcJSM6poDU7^V&V~XaLC}hgga@NhBh&YFDfM&z08hx+R>9n4V{n)do zG*0GqT{``jRmoWmtZI&CQE4kQYEV;U7Ob8wxoG_sGeve0N#4TZPP|5;@0ne0+Z^SX zIYr{a#1gk`YOuIP*1(s27;))$1e=vq%@r>_!SCddU@K;edlAFYfmOi4J+b6$$c+65 za&PXZ4x2>REE~xzZfGdF;YX#g3E7(A5TX2;9kcQtR-IXB^a+#>LKCvHyZ7=X8Ar32 z=k`E5OjvwPgNF6;CE3{}8}NTscaqgaQn1aF$P*H<4#i;^u;H7;aKpV2Lco+; zvny%6nvr(byGHhaXQk1uY)K=}%-UXSWo>J^Mrt(EJ?`$&1MPtQaqmsI;Sob125jd6 zgg|&1Vo1Vkb9op72Cji%a3ByucsYiIU=z&a|Ep(LRaehLkM$!K{Jc_k^{G>*PMtb+ z>O2HV-`fkARu6@lN4km0aOHvD>Bv7N(1@8{HbV zH~6$Tr|FqB7(kD}NDhzS3tSd~@0c}wicjv7pD(%O`53H2$MS*e09s29IOyEc+Y64> zkp|&Mo)_>^@<+gQHj!W}Ofv&y2J>mH6`34&Mu0<1pyRoEK$Vc&7E3I_#a!Jp_n7LZe@2tk#;?!vwq!d_%OEy z%MD2rYT?%&6Ye7Hqu5i_gXZ##YdeDXDo~Pcgl+V(FKT{+!>B!WFXCa&U{-*_QZBF` z(Y;I9cy*v>JajgI4o(Z;lxZS!k6e_os`Y{GG@ue;O?G$F0)sv%FS&ME2_`l~%S!L& zk7$t(yEDghsR&Vk({2FlTD=Ns6@H{jkk3-Bb({8<71@F!Sy#4pT-@>o3?#3l&d+}x z9{+gk@CtEct#U39Tr!^ED_}6y&!OFWiueYA>^WX5vpFHCOt=_Y0(z!*(@7X_F|VMzL^lG z4i-BdxVRy{K~7)|y@Y!eoD8~KOq|8&#d>#_^U-^GJiTjm*9*XCwv?Tmn9k1UkCie+ z*wa=`g9a}&>P5U+PP&W!riaj#pOYvMfYLlgkJq-d*eWlR6sV|rE{uuNe)ZBpcmwDWe(=d=7WB6pi8sps5IIX2T1CZD3d98aj3*cI!ynHog1(xKCIPE z&qW6;do4UXU{_V1giRbN-c}~2i>1MR&mBgCt=MbO5+}b^^lf)M76))DhsztV9FSNH zQ1b{lPMn%TX+SD%s{a$RC@@3=bVju%^R9LqoI@ z4F7a0KYb)0{>c*;@+XLzxJ1!Rt}r!G#AWdg9vDi@OpIxsAHYt+Zhf8H*OlG+I`J

$XfOS9ZGvfZsCGLfL_eN3EaTrAIubf8VAY_3Q(lNw_^PXYpkUx`k zNXiB2u|Adiklsuyp-_8VduB&@&TJI8}k=)1yi z&g%OxGr(KW?-^?8NFYF_=nkUt;cqY%(3=8$UebM44 z|CcOgDFn7d1s}5T;tscVywEcQdAPc5EXTiTRsxsv5LfYE$<~m4xx^h$%%9Z@$P??j zu~L*rj;ar|qndBwMxs|`C3=t0u4k4JEE$GZEY|Xb3R*_g9VKjep^4aI!+`Rb`Q%?= zJm52fm8iv+rHtvwBxP&OmZnjK5t2==^_G3bTC^68Jb^~Q`v?c*nyGMM?24r{sC;T_+tV{!GMb0jGS!J&EfxrD{=V4CU6s9A6s#`74{Wl~8vMW}_gaGRz5Evp z5mxJrc(Uu8jTdY$Kbc7{ANX|sY=^EkQ%4rieMWq!&7Q>#bFH|HD8G~+zoto|Z>Nl^ zUl#g|gmJ(=&idw&seSroQ+*ceZ&sq@H=OPv{~@mM{pG(-XTPTZd9uHf{~jbQfB$b^ z0G9#Wo3a;h<7jiOa9Ezu+8S%Cb?p&ebfrj*b7j`@3u3af51M!Eb@VPoZpTYgU`U zx0mkD|Fa}g0@}PCU=IIp@3*Vx|Gk}^mH+R9q^0M*-q~GX6WXaT|#43wV*3~yR zB;)@>$I(Xf*WZwB%H7w0o`s8?2_5UDgiS>U1eqUjXpa2?2c*rtB zwKf7~|11uGlSZ9{hb&X;UMVIjJ`Y}8c6v}x;TumsT#zqJso3)ENVQt2nP#Z(oFi_G zt4!b!)`lQL7Zz}P`|Q#BhrGx7Sp=Pc;#AIF;PqLI(BS?Je;*`BU&% zGR0@^CqJMW^<@qqiQL}ay5t6;0PgP+&kI~wejNK}flEG^*;sN0e#%;bOw`3HD}NNHC!+xj9;5|$oP!G5ZJ3U-<` zyU1!CC7sB$(h5_^X*t#jydgf>m}U^EJU}ko>7_jE&Tx1BZ#z28-UVj!|Lx9h&HiI= ze6`BVrg-wbob#;OI-j?;8IE=hK7VBwI}N2# zb*(G)O;ZyZ-0RB2Q1z{YRyM1pt7>;mbv)Fttu?hf1fTCp-Y))%jJKN$mFa!0>2Ar^ zfUA6n$=6)3AVYPn5p0Q!rz|K{Z1xr5slfsQ)IKn;e#}8>a~1B?eXC)RbriO` z_n)$|HxMeNL&&{7Mtw8TX7*}vK~G$@OIow1d>J-FRa05*`nWf9xzBIZbobXWO+y;= zis?0PO_n5$)%y5$*GG98mwjVlAPxY5vMl2H_WZ7X0}idFqCgtS-uC{KugoM@iiFyV ztkhi54anJT71*puRp8Ajy9(Jg-e1O9n5wzM2W0IBv4(e=aFdCBAs3)&Rml;yCMA~I z`;4rs`#FoSLcpwb!ZZEhERP&$r=87IX%0bhky&RXlV!-VLv#~-#Dh&&=?Ub3BvUu-J$I`g{C)tQ9sth~HzkZa^^Ql<05F9xGipmJj1!fD!W#(eq z;a>6dCAfE;p*CN+ml!H=FD3INYLonOw#}rX_!xrYWj=X<)@>Rje2LAfxo<6Tx?)wk&7%<7$f#>Q-RYX~QDKckmTJ@!w3+8JxHPs+v zG41hzr{B%mn5Nnj!v&GDbuQv+U5D8yj1|>-52~=@sawPB7L;v?E8^W0!??y=Ry`H@ zN7)?D{R%9PZ^&Oc&)A*Bmc}Wd6$EKG94YmH3QATofnIJ7RJTDj4;H+jo?o7|r(i!B z4a_~}XSI@PE6th@g)CzYhc>uhuMVk2OGUO&qqgiz3Kb0HGxnr*l&A@5OLpiKK~EnY%pn0o0nI)od<}tp z;TC-nR#0U9Rj@R!=;x-f0}wOo>ukm>B=(9)YEoI*$gb(5dd~7*V1HNJQJQP~{A{75 zpSTlWD4!|*#*?_QJ@;c(O}eEyY^$ln1&jH-T&_uRbq7Y*coO^@&yuNanln?T%!;J4 zxb3MhE8jm1|KRTSU)MB^!+5xW3GiJ1uXfG;tFya`|MMVe3Hz`2IN*f#c%CW1_moEw zgbSy`S!TaxuBiOybT|Y4^_25$mH^yXn(Z?M`Y+>|;A&T1mso(V8w!`Qir#udQZ{5C ze+uJ(xL*4E@4>$w-G~w0-rMiG2wD05;PlP$o0na3TC|=7EMt9nE?@uj$*zao-ge~^ zndkO)!(0Q$a*qKQ3dAoLS<2&KB)13IOcn=-!b7ik7}R?kObaMUQXZf&HnAdW`VP1} z8;|FJ_eCipS`mY6Ys9a;jBn-O+mX>Y@Ki0Hti`i(I+pLkKZZYk?`cW??~hnC4u>&M z+2VD~^Z(l0-mk`g+k3LJ;{OkkTI7Ug8B5Wb14kBN|9g2DL1>SJ_CEkNveUwNj3Q4G zo@RoG5sM-?ViAC$4CCP@Nm)d*@JiW370+oLI4u&hA?nrFlavj@k4lkA{$s-@Z{uh} zcnn`kl1Rc*5`{7I9skAI#aYHv=CsHmhK_u9ct(OS6^=g)vn}`+$#?wTztb)FS3ejH zx8y(ir?`r@ih_Ey{~=Fc?-R~rUtA~7W4}i~IFJ2ooH&pFpVK1mXd3cdkmDCe!ts-o z|H=B9(n^=<|SW{f#){lI#EU=-|ccBYzw$Q^)M}zu(?|QuY7pJlS5Y z{|8Ae9dJ~y1|7H+pza*!fcyp_TuYDtSl5z;#^c49(>w|LVk^R|7i#9TWS)&XM1OT! zEpqOMCBOc=ygkn2&{ACW$d z4U`VtkzKKfCnRRqYCMz(3bUa${u_FeAPAM5`i}FwG@PXhfaCx6OWtENNkmcF2lWJo zW1|vI5Ttr69)9wH6$HVq+%O8ZN_-n^+ zdp(xXoqu5|G^JxEyGTwFMg}~J_%)s=dJ%&we*t7BTfzF8_{WdIv+?m`$GMS2LEMml#j-nCO6H^+@}h_4$7g1EK%mfrM2xd*R%uzJbM(BmJZ$X}v^K8S|Fd+U%w$d`cSQ2nN6nMs?H}tcEAO{+ z+yq8@o}hQj>TvS?q!p|EPLj=PtN8CzxvgZii{RNm?3`>Q^m2KO{L9S(JJ4Vj5;5X= z6cFqg^xx6V+$?Y`0={}X=k--em7~gYknumX0~&XvTbI&01Eq8ou4X|&nOGUS@7ezMSZ0O<4yyn>iEo0b_nxelYqK&TT+M*Lcv>09B9d~(JZ`R$z@ zh2f9&mX68*?bsl52C|H9c4_*@MqgH0rpM7B#~Ddso0X?iF{1LY#?q9hu(#4EvVrKo z$UuIch!vNM_32kh^9HgC>wJm*^L_*YlkiL&YPXn6?PIP!yDVX2On9!(-Z{+F5WFpQ zFEoIt%6TlO#GU7Z8A!A2H1@5iA$>jiCM-bioaPK<6XfY7xj`Qxn?bNx@h(0BC;I-q8nz)?M)CKD;!)olcBTZJhl*F zuz2kjfW5kO+d+<1C=)9o_WMaIA@(~-Hm7X>VQJn*Zpb{~myPq1v@ z&?w0H19X3*{PK>eK9H3Veof82Aqxkz{|Zei5n9y%-6=f&-(kqns2!d6Ry*c*lU6(C zcalm*?YKnaMEPT0pY~lgmoX5m#ZTyrE-umJbHuN7!-A zpXCcpMt(agegDULOBX0qsID)nWNI474{S0IXv7Sp+8#f!Z{z;ClI}H-CTM{G=meA6OEg;}5#rpjBd>kyJn64sSehw;!MBq;XIu6FU$ z*{u-eh#U|K67fFGSl|%CKGJa#u`UVVD?j9pV*xMDsp_=A%cgN)p()rU>pRwX7{(tR zC!@o8#bP-b9oofo{La4L@dDNhY3y~{Ub?^II7uEwCp-%Kb7_Un9!v@5s{2>(5|va|5tY>674z6>2l z?g#VAJ)zl11>w^J8I(#g0J5{Dvz|IQ=&jOlV86DA)v=WhXc6cEAi4zr+g7z^&XzYT zGiw2Pc1|Ph0JwUK(^8t<*6~CY{(((i(#muoA)g!v?H{2n|U0CJ}thNEVKnkOf@R7?$Kvew}eyeu~aE2^S*lMPW9`UL}pPv19ykUB{NLuq%IIlT$V*znRfp_QA+RWSS<4R;ABMoThS>AJ}AOjUc)%S)q#krWJ!w ztL#6grA?Sjw^r6udFjtwOOh*q^E( z1>4^xo)@q_57>s&)DfLKbwtPRh|cHfh|U-2h)#1yXmtBG9O23PBN`8xaGW<=2Y;gw b8>_TRtF%hrWcvRB00960%tK^P0JIDMWw@fP diff --git a/assets/artifactory-ha/artifactory-ha-4.13.000.tgz b/assets/artifactory-ha/artifactory-ha-4.13.000.tgz deleted file mode 100755 index 79a2d99f927155f5877829ee57f14a2726f32c23..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 158049 zcmV)CK*GNtiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMZ{cH=gZFrL5l6bS7Z+ewp>?7n2wm;KbXJMr|z{#i~kIWw~k zL_!kU6u|(XZB4iL?1OyY%k7i=4sIlP6(zg7Ct35%q%9IC6o5jZs!*tcl;a8XIiU-8 z2D|$+NV&Iw^YE*?dwRWI@A1Qj^50&sSNyl%-`)GF|FHLP_wmEWPxhXC)$2d(@Akd| zy*tFA_DL9r^sC;j+bVYMck;j}A{=r|A~xs%;6n~WGWC4Od5Anrx;_#Vf>AI4F{C^~ zw6YjQA%YCK5uBp|$Wv7Z#`q^h879#HT=qLKj?!Q1fME#c@I9d*hW-Vdigy!2=a91pV4UDE0GyDJ0T=~f z{|GQd1zfK)BLc}8=P?^}yH{6N-unp^-68X?g?hJxeSwcDNa2+?#e9~G6NacyB90<1 zE6M6zUo0NhokPYE?J^F>A?g+uSV*QM_fEX<;%M5rK#MCv12*Wm_V{&NAfb0$5THvE zv(6mih(jD9D$Ald#Nhzoh;bN(h_e5acBTV>nh&|G!P~4NfE@hwl>l2gVT>fyM-sg0 zyy|$Vx1CEflMlWAp4aR3I$xTk@1GT(0(oA-FhT5&H-JX|-+$73^r&Ct|9ek%@A?1d zcs9TRn!qIFKux`1papK=bvD4+3^RZkfZ&(m+c&P_vK$3qfDQeNF!X)I7~nHxYF}YK10OyB z?})y(cj@ApQlSn#p65l|4zq zaD;q{I8zV+aKU_GK)gl^_4OT`Bk_GhaZ+!X?qI-&5f~#tE)m5+fFh7E(RGEEr@15Z ztRV%2rk$}~dlDm$!>MZN9pPvIj%k1>AQKQ%G(i+aJ`(fL-zl~Lc6XYgg1wy*_Npa0 zxiF4Hj2M6+Ba#Tj6ke-gVqn{VmTxnlI~@QF1_SWnMh~KefEw5L1V^ut{-HL=^r!xo zjdY<@@q?c*PUc4u=KI9#XD`tdM+5M&Q(L0&@h1`{b5#BIElDC?{4~M=@*yn)+yGic z@*x-F7X(Pi9e|5bWfFIAg~L!#iBDpzzHa{Y)#>r~=RX|3JwT;c!;u8AoiSCI`{!0|~m!PA6F zso9b(H#WejU@LXPu&5U%g6VVv%;FF(x{_|YRzJQS$+o@~8$&1MTe26D>`mVQy2eZn z?Y5q!YKCQ@jw4_RBy#*hj%WlqzC_{Tf!)m#AHKw}k`ZVIjjko65NKH!g!n@2IY}tA zhx98o8i?SHi2EKmk*fnpc3jnfSo1=U0b>-BD>aP~K-X{{%dK)bXRpM1cgO1OadAu) znF$teRzUqQmca}JR$_k^gP1S`pg_t^Crop(@dB_I`FOHW186th0fiR>Mau{Tki*w# zVfOy9BvYxEh|Y_@HF!}Fh;7}c2yzs79bhUCT^P)9)P)J35sLpMHQp{AL%-V*|CPG0Y<2)RO$6JdBt(j%3g}6QoqwQ#m8*?<>gtS^6u)jLXp+DfnV2#eUa*3^igdR27-4UUxP&I{K3a zSuv=ZChXZCjd}P$&4gj{rDj)5PU+SxUdFak#kCZNbC zRFd}ye2Lx5q{sGxhKKnS!;<{C+jF$qQ}l%k>G0dukH->4bVuYeHpOST?K%_;GV zHspK)U@eLC?FRTU^2vOT)JlZ{UqGU8VMCRCNiGF4pC^%&I+Yq16UGJ5-$JmBC)Q6- zuP3v%cl6Y%?q=om1QzC1o5y4#z@jFoKv` z#^TeDOl^o)5ObkdyTKR;sazCQd%p)pNRGDTN8%55f#Z&-@QP3aT5}=+a^G&m*6T$( z))WLNMp1wwUkZZMX8xA7Z;W{a=h#>`#~~RT6Q}upm_14-uJizjJPn+{DATSc=T{@w*#~ytv*B~Kq*<9g)Vq=g!v+U z!AXdy*=ZzqW+A*pw*!%hIH{e0qTdo^^W{03%gJ>f^>^Q5$GrCAM2t+YH`lL1JjYel z`rj8TJ(86=N|tzcd}hf9Cu+t<|KA(6vtXun53pV4OV8!n+j$@WEl2|1{x~`_!m#1= zfm!4M;t+?*?ga?VDSc8U5_m8UDess%whA3ke5vM3VJ+Gd5|F?-q2U7%B6x}9jwW{p zG1&mkV=l-rp<%w}m6W=ra$|KdlT$1KTyq>VKEYT4iuF=>AXNiCL(JIbM0-r3Y6|5W zp9w@$HR5$DROl9&-DEHpCk|osdkYst>p1i3wYb$+g7@y}ezp-|6HG51oQ_uJQy( zAS(1!z-LfuenzjnLP|r-ETEhSbwi;pn(bbu#>LxpN1Zd-h{cp>gO=!?Vs%Lvo+uFt z98KO4enJsL5m!>&z81zoOfjLDFMyPd)7@}blv)T?-HS4^C6N;F-yNSF0vEi6*La@H zmF$B8MVLaFfszu%K;Z}lS&Krc@0mv|75!mfO6jr_MoY>}b`t6!Us0}xRP{F#5-HoX zl;O2@BMbgm=th17bPednf4>G?sW>UCr6g(+qX^6qr`VTP zL?xSFLL3U9vWQLdPrN7IHQ3HpGux4S3LKM5tzVrHjgj1heyuXuiALY5HqD0ls~DqS z#r*y%p-3|$a96c63PSi+gYE!eHB>oP3SlvC=|GD?5DKS|$Yl4$@|McTyH_KCE>Xl2 z80H0YS?-6SP}rf6_YN?votjwa>ayfZ=wBr9^0E@iSJ)VoNW2jLmKGBr5kSzNI2!GqY(@G6#>nYr#RDctUob zn=*BJH^*~C5U@l)Ujx2X^Q{AX|_)B*SSHekB*1^X>@Qz_4V4=v(Z5hOmGx?T7W96o zbw*XxWr!znO2VeQ$D%}H#hkTCzftxS1tR8WLlIBL=&%N=5)apn{DNOyMF#R zCyAeP*s)u)tXke&$l)iD&%n)1*I4ZB-luRcZMO`&u@ppo|LR(FY}>6Gdew|s$@O!; z3UR;*M|5@Cs3!|~c)Nh}@b^n0hCi%KBSNi`{g(&XDGzu?QB2%~hA+C=@O&ZSDUk*% zZPt2cJ)0rpxDgol0HK^PVEh&|Ot77ES=wo;&t~L`0h&b8q?Wb`AOn;T4z_UsdOIo6 zRXR20=}zPChL~{|asLYwoDrEtGw7OI6DsX7Clp`e5KYk`^I@oV@l*j@pJLezbd`fT z)Bk!_mCwzdD&d#$s{mn`h%91%X31E=No$+0InM-Lz9h2cB(Oc(bYBp{(zgZiEic0D zepd-W9RQS8m>QRilUlBQIa03dywdyM!q`Hks(4+iYSs&FXAXqR5okGwbrWPCkP^7RQLOjou zohbEUwMI+*R_gp)5+LhT+Hv)G$+JHFCnpq6ku=q2Ua^(E&Dq6P9Z_ilMF2${Q_Jh3 zqPL&1t9l(;MwuUmk{@9zcg`fjza>bYd4dbH@W5fwh!&9mDK8UwJ|$1U;M}hCwQ9z= z#2N1*Kq75B6m|Sm@ggyb7z+Uvnw~pD*I;kgQ6NqrV*pEfo1t*7YHzu&bZN5ofz;di z`R0eW!_nE{>G|u!Uv9Q^fAemSi>0o5vKj472g48rx^u30llSAR@UvEp9=$y|K0O=0 zI~&-(`|1o;jhc}alZRI{uy26B5*z{1KWVU)TBG=r@R{`YRE~Pm25C)cslOw{ zxjJ0M%p4o((;TM9Q_rGyiC=XdbhV|kkhg7`|l|2BH1gAQA))(6PO z`%ADic`%j9wz+#9#XZGfmB+2qPhq zwnMc&MuY>3)WM2${*oM!M5d^=8tPwf$kf_>tmB0$tC~VY`jIL*UM?o%^kB}}(>>lC zeX0rxLsT!e5vsk{S$o9vBSVyZ3!~s$<(<1BU%)6(KiyL#PiJv7JDxrT5q;KwriZ@z zw_pNT@f7_=u0z`$8@hUTKx}O2c>;PUxk{&|U?p?x6Xd zjjsIUsgoA(dLBxIjq+N2FNP>ZCWDG2?PD&F?+w%FSV~KQH^OKkea$j3a~K!*CA)s6 zqvZ7mkIe?)qiZ+`@@E7%*>)`otD{J*jyMG%C<@wuKw?ZZ05!62H1>wQ7tgDuheaGF zQyek9=8q$!U5Di!pgwLXF9lgf)H#uFi(3Mu{tRCtmxMv;ro+rfd4b&ZLj)sv;3{8U zp|R+o`MLGsL+V`)ocY3)-c_FQJa>QxZf>@8-|CJARyY6O8~;D4@!y^;!gzVQ1iO)* zCFUj5cHYe3ChI6#5-@U;m7@m~U1CZi=}~MSiqAg@36#)5XC5n z5DLs{$lS9P!_oJ80c5fm3Od>;<}hpbC)4aen-G1UYZ*Sk6+w55gqk2_q zCne{*-gkYcP2IP{zn!1`aC$gA7!^S5DzDdS2>bhoqftZUM-6qY)(`)7b~-%YKYsV> z==%bMWo@rhHLdgRP_*Az?cnA4$?@?U*~j7j+0jpjh2s6<_}Dd$4&Ic@=ZnAn<$QFw ze|mU!e)#UE^Ph$}bYA6r-xcqDjTWb9VoS9O(0rk#Pd9?LHB!l^+1CrS(C5U*2gd{O z3SR@U(2irx)#qqFMpWwJ3~c)er6}UzLRr9Lisz6njO?K=LrNJmP!{m)5}Vq>0AMpn zQDEG`LNcA=XqsJpu*A~zoh63Wm}j$E;O55mDf_GLi_#0ULH59|s@*gE5Tl5Db9n9f znMd1myFFD<@jox+OJ3&DmbLxigR6v%N?WoTH7_0Kv|0%_wupSsCls9!5{~e{kVMFS zk#7@EfOkF5L;TyEiAuTGqO91}D=J?XDqpM0*DWf)pI@gJL~?!d$=qW})!F&sdmNWh|`jxpef-!4wlL+g1^6WC^hv1uPzi zR<+H-=!Oif04kMi3IQQ9`KAcJZuVfpXDH(8Dp33Jv8z2#{V&>7RBKAefaw6Mcdu}` z3I;|&%Y!m+^T4V{xP1pRN5PuWtQ=ltgtD3xNETi$hn9E2&7f;GQ*l$vYEfP5E8N5p zPeQ{1aNY-Fe_-7O>dJfmr^*f76FLmIxpA!m7IU;3Hf~*djdiO_m2c|k(=_!6`qsOz z?zp;b0SKMiU=HN#tRtEBzN}eux5#St!-o=Gs3Eg~nHliJryR}(#mdrJTd*6;O>M#1 zzcjNoe!Lm3bKBn*wAeE%ynzk00&W_Wns_Lw?`;aDx>V|STP95*F4RzTbxW~2ea*-v z_5ZEwZC%~k^}3`FWehUE;(8qF>Q@YSzzOQLErNMHYtOeU?A5=N+gM#yZO=GRZ zBT#htZwt(-WS|+hRf8u(jHOP2K)V6H#Zkgh9&1z4(=|NpFR06ckKnh2WZR(HmIiB2 zh}!8s{amadr8Z7O4V;P@D6g49Uu(A_r(u9f>{V@24K)%PF6GC?IwiJTw}+G(V})vQ zb`!OsT52P&-3W|B_1ctX0JNdC24+W5913}dl=yY_#o$!-y|p@3IvqQjnDewkoEy(X z95^AA>l=y($LSH86evP+CGFra0{!0ZLjYOM)sfPQbU*8yN^{ml`b<4F2LeNUl} zP7uW;$UK;PdNg0A7yTZT?#GQdJ;KvnnXh;M5ABj z$jNsTCXZNtHJ%2)+EbR`;8$gx$YO!W`>arf9tbc~UJA-~pKH77cAtg)1AVfD8Q^f5 z-mI5*OZlkaU}hgsoz0MCkxz{ikRp9BEUyqLoF>vqD)JZRfFZ<}C^8Wp1jEGgS4_!R zT`thyPsEEl*Yj9K22uAJx-iDw%f5Dc?9LDjxeD}xBg`=j4^Rjf=_D&3^$EmbLXqIv zY(_#!B9&h4k5q$sLeXVeBH51(q$96*>t6ki`=D=FeX<_x)pg-7oulGIfn6o!| z3Dq1w>r)y|@@Ig`h+V#brlKGopB>uK#PBpC6zP*{z5Z07Ey-}^@B)D(u7swrc$t0q z+dMR}sycfA+lT%PjdWav{M}n$d^%AMw^T~w@{JmKeT~rUTTwC}BYHeZ1*v{|LBx)e zA`crgH!7g~sK7{hJ%Rn~qON3r+J*c<*)0k@vtPZi>S$j#$91ZzInD!cHN*bQuu}$t zMFi*ASFXiEd^Kmk3SJT!NA_*&Bz{NeaJs1|3Bv~ht2q8Bgx#K-FaOKE%wGH}p~xMFWZcPQWvj*9vK{9ZiXCP!UC=da zR*sZDyn>k(kx(#$H1J7aj@9!`7(;$4J)+;1x=c%9-m$viWXiy^uU%K(v(<+MseFk^ z1YGyUa=qMcNwlFN9eQb?J9*+D-5$%TNY=Vp&Mr96YpZywEsv@n$fIE+Rf!@8!?U53 z7G4hbU;lVw;rvVyl<|jq?mTo}Si09Ue+F@6zmaeC{84~|=Z<7v?u0p#46NTTK>3lK z$qw&jSrz+NPM(EXeS=I)K8~iQ!Sr{F22ELzLac7l%qNA>6oE~aP0%~Zksp9f1P0GR z5^)@6L2cKZbHn8i^*8yJeZ&#p0d7ti&UK9?W4AmqA3jvzE3`Q?Tta?z;T5FF={EH} zXWz*++%>J1D5LVrv#utiPTiE&(@?Pidux5s<|>3$9^BkK>*fFyp%=I2HZ2tE$W}^# zI@N<@z3z6wNXG$^fglkKrSIAyuU|#QK@pg| zL^F7a34K9H5(TGZjH74W+=pTZPQKU`ZKc1K z59Pn(%I$Vv5vt-aho(+h4Iuri9)=EFw2-bY&z*mf2r)+)p`JTZ zmwwO$<9>tv6dSA*1qJgCWNap7)5z&b>5%1v_~b>zXRDA|GqaT}#hoy>U(Z!#EkQsp zB)-qO^6%ApYgBPXbL(`olK#uHJ4613vIxJ}>j|pNeizH?L-?cM1xHLpVG%(4&$`){ zVjXS0dLe_EJ?omEm7}G=m4^#dtj`$|JjTddSe%j4`#O;2Nv4R?MaCG!kEY6?y`e$cFH89Lf9yv5_fcFAaaYWYUC2L7DpI92X3(2At>NyLu!ry+?EHADa=O%z0c2kXh ziHyn7JQnY}d>%jRnqTdVEuV^;ug$qjy-OI9_rN0`?PtNEU&sT^XWg2wMKeZ;)33qR zOPFEV9B(C0*B6zTi9!Gx7VarQJm7F%c9OS{CNaMd*G+NmDMF#-yB9hcl0(VT1gqu zo>M+ns+K3*bh~7Gcc5ZbfordBE!7t+sJB%aEKu#VhC;`4qiuScd)X*Ie-5!Y*Tv6i z?Yk4IxUKSid!_qRDckF+AuGtH<*EM!vgB=6=lUkawNc>4XLeJ5X(uyEd<+)y7Kv;D*Bl(AR9>6jrG3mJgHVM=4>SIe~xf~ z4kMo~VgcqgS{zl4byM*SqsCGz<0tQ<>v^rfC;gmjKYP1!d;0=i@|FY@R>Ehw@3|JO z*Q+d*YE8DHP#_399;&gjrLoX5OWq`-+l?AIOxDnkAHYS4FXm3M#*@Mt>QI*JyD9F|AyN6{Qp} zt*mV$mX%)@uM?FK`!%ZCN2-cdjgR$pH9VBnX@sW{3Vx*FsfkKfMx~}?hD}|8br3p% zd^X~X5b5;9b?6kz6_F`^UXDtY#?j7$C%sAq*4EN%RP;O3&s!_yU*xRwvmMsmTJz2% z%`dNGe>MgC{@CdL*yzh08?DV=?yWd$S#feq?p9|LQjK4(y0tt-Q_v_0QH?}tKD9^9 z0`{z%RxeMY45nOG6)HXyx>chjR8(w_bE&Q-mZi8<>J)5mc*S(y!uCkmwUmlrgK1%R zY1PV##+g-5wp1f+PqZxCNXvOz(SXtlYAY+tN(-v3DQi_=)%LDRLR<;oRSaUQ16<>v zx8)h6YOL1eW!>AjK#K=pQ-z!yJZ}p)OD$V@7;SGCA3n%NJ`4AHlhm6kM&=fJR6VqcFZX)Zy`EJ$n#G~h zw4LQ6u3!|}^D4a~FK40omct)I{iwZ1C=2E;E%lo(F@1(3lFz(6S6Z^71h7<&Eep;|ks9?l1as}ovGGV&vhk_Fov&aM6ItvVV4*EM; z<2ozI$xr)CoeHHPlHLmVIzAEiXD0WEPSJUZRII%Wl8hMJBKooiZf;zeBt5?L-DeU} zmx!%B(*RcmrzThc%m5tf{8HPA4AfISsspgQW4Ae9n4G>ThP@@<`_+p$6`UeeJ7DB^wh zY6KulgKwa~Ou5QymZb%RX&PNoMTJLKi&$_xc`}Q~Ap+xt3Sjm+86z4Yj?y-b++=a7 zc4QGvGHw9g3XEiiAm~f!>*z#GpoNs3Q?O}Fq6zbG{CxAnyH}(0qZ6525U6xj`Y#pC zSf(!(b74=Di7}jhG}BR}i-sATrO;NKa#hKPG4wHCm>_fNtt7JJSjQ{<`#)P#M@0y& zoI||Dkbj<`NYl^v`zJt|E?FUV9Z;b^wzCYHa$;nPnwVmi<>DeyxG=o3bfsqL^4IaX zbmlG?fnxSOoxU^>ObiB>F!E*atvKO2Z>6*{ZBrD7&`0JSM-krlVr0C2uyj~Czd#FJ;XlOF zTv8Ns#q;v;`=fW@gg(E1)cec1k0?J+XlMhyy1FVt)TmwdyP^WCAB|OjQZgpI zd)fEIwL&jeJw!Zh2h;zvLy~f-$YfoJjveG`bW5oG5h1!AIAdpv|^24wkeRX^_s2CNy zNAQZ}x@)H;OS@W}LbLtk{B8%}kr8s6++PP-nbbwqdY3tonwQnimsX@#StRqG%#TyG z6XXEw^$fCAK8u6Wx72O0{3&zg%g636Io9Pdt8{opt*K!;tSL^0l-(k_KjfV>&kkuN3T z4(?)w!Yk&~kXxRh&AI>JuGe$n*v%29IWF^Q!WhFE_u7_qW&#Y^Twivp^xsK^QBTNM^|Unws~C-w+2 z6}eW(npZQ-kxDiim4dCCB*NPXLz5%~cw(Y8n@@63pT8k6cnL$n)@T~#c9aHZCjh4T zOpi{${?WmyI%rN+ENz(>$Xu`n(ugF~N2jvj0Q`Nc-}BV}9(DJ2w;llbqMyD$y{Y?H#r|e9HCN^vV_Up>3JSd8dx;N(RG@vs1C2^TOV?0J;>ptRkMapDWqlo z0ccV++!z#pmZmh7T2Bk~Mi;oD1+?Y+~ z*}SD;jb&v^h1l58>HgB6FjPEKlpLfVtD@}x6<$I>lzJzvgDRh}G1|NrpJPg-zqL`= z%URg7;LT$jf|xloG8zdFoap3(V&d&Ag#y(3H0_@mZIuLGrj%+(5>U<&06~D12{Hgj z(Uc1O$ymtk(nNZi=E5*5rc+LkQK2AW1u6|hZt;~Fk;0iKooeDyUAjn386GBG4bt;N zDE4Ma-&SEo@1{_`YD~%X!W}1*38GReamZxiw5*&9bLO%L$1&nX)z6pU8-+BzkIiVQ6<-*3+4QmAPk(z#K*i48t_-vsoQt{8$Wq{J(M{_+}!pN zNGZzG7R+2hmMOMCs?DykbMla7iRm-DLpJLGGc)HZ#;neTkuW3{r+?(c8^d44sU6+)Rh=fQqHBqB?hKB7nk5D&1JJQ>x0jQABoYHVVQ)ysJP z1$Mu&0rsUe3Y!cCm;#EJ+>2Ev7qtPI!nP7;m#LSC5CjXhso{zY8Zu$OHOCh9CKfps{6X_bpj;24#BB?fdnohqt9JQxJx37y>Vgiu)fYL=L?M!nt zCv-6YPXBxCWUu`=kx8w4^YmpXRDsH>yA@UYjzRWLWvN_8)ANj9NMiOAl~xJOrRJmJ znrqP6nh|B-m|UunO693kVY{9)(SxaDy}1_sOyAg9iU*+oSigQhzg}uOk0oRIORwKc zU&(}^=`Y5@qNPpl!MXgkLN$@ZZDo`dOEs4jRt&G0a!gT>g15mGam#>Z=-3dmA<869 zpmSV~P^j|wY5oWRCn2IRI}}ms!eoLYd4Q7X3etUCp3LJ3a7+nDiW>8nFSM8*3?q(* zrhc~2e}W+nw5%`t>@YInj$jGS4AQ`P3gqFsJgZP%y5{JefrtPYaqOB_bE_}S(aK3o zLNZ+lJsLRq?bW0!mcn<*)Xx z{D3t#+xpJ#{U_d*C{l>93n22z>UwP#%?GLx7**S>iM9YN2 zY3935AuF+9NP-4%B$%sAHmo)*|W!Q!h;E<|wsjd$2SAj!w?UaA5o>p(G#;P5IvZDi(^*Lv7+PA4R!m z>Tg#poEN}##n3+Yq32T$T=xPk#1HM1;a#AGkZ(2`(He9*whfLUu4a6H_!=!(wn^D^ zK#@8nkqTgs zAHKzod8_3wA-TynMs6!s>hFG6sVeP6o+InM-lHB zg~HejbAo)?*pL@&ds$lMhgnwUCvwu?5lJafE*EpJ=L)H1702e5GACe)IKXq6jS^0~ z`i5W!sCNS`6;CnaqWfC5XKq0J3q&=u#KZ{hgkdhnNjY!HZsin#m=Z17aHv^AoP^;C z39-KzfTPJf!cPRnM$*)`0Zu4Zj83N4RQiVH^o=7Bq{AsTWqo)XCKBMoLgjDy;*F|dLr=|Il{fQb3}r9N{SZyr=JT{SKsiBNFV5v5 zwwSWW50hY-$N!+lkz4lZy0RhF!<*tDs>!=V5oc*fG)-A<7eJ=Pe`+gQ|)KU$KfOdNitG-twq-I@g?&n%!2fGh@ zy>y(kFQZDA)L3Lpf<<)!)rOwNw8)c3g#rvkHAtxM>JTj*f{UuJ3_R>req?EhIshEa z<8#5!&gJD&J(iDp^L#NuaOZjt1%0nyH41f@hGcp!#Bj(JlLcUFQ(fmghe1Gr3(U`i zAqxJ!DMsU5Ub_4za5nY!;Q-@&zqQFYm1Ppxn!>*-=<2f(`lYWt7BR&*IDnmThY*hj`zhv+1CejbO2U$sqSWF^@ z)R!X8Y5Cl5tCXB6)wn%(cH2J=t?$_s{v(?!CAzG&|7B7S(DR&eqbLvy!|W8<$?^vG zOU$JY+(Xtb}!bffnn) zyFiN!o;Ks0%lHBMV$xtVdNb(HpISXek|n8)#mDhXFw1NX3i8axhLI}#vhm?x1EiHS1{_a-atjfd zfa8FV07rq?3wi>lQeQk!fGUQ;Ee(vD4IZ9=?eeB7nGSdkwzhUGS)Cyc>dJym=FiX^ z27=9?0_6p7~`%oRCFbn?qn6Rxrn~N3bM{{&0?|<-|RoN zP_}ohe-jR{1pf^Cn}XS=c#T9~4w>T!UnFDnK>I1E8yxRQfCTsla!FrFm&}AAU|;=^ zP}B)&>2=0F+O^taj04V*}`@WSX- zZ+ZFQiU642j3?&4{{Q^<|J65*{^!5{AK2C=J#|+4KmYxI-w+>$|MTDfPaXCf$~{vT zQOt3K2B7fB`&e!0H|_;m4D_G!#J;1Gz&ImY4j&B;kp4h>-_B5~AI@ zP(?Jx8=$D8q#uekScYCnu~VOHH}92vy6f)Au<}J2<+UJoh{!ildO(OTQG}Rs!4_g0 zmcL?3#_Ie=e?Ji~>gGq?h3v}fOjL@Ym;J7aoYb8m81k9!80Hv;2PlNu)mcRm6Ntlv zqO%!AY(_$PvZt7t5+c*$k5q#)9C`Xumt~0*-)$frd9J8?^*inZQw~g@tOt8_U3lE9 zLiSNjzcPXxjozeQ1vALg#b=x|vW+Dsfm|6pw0#E3HzMp?1o{~0EsW(+reffN(mTMo zBA5b$hI;m9o~u2~+tpG)B~R1TAXN^(B9U_PbCuh7huKY&IgH>G1>nTM=in#lUn-ZS zbQv|ZPL-=3vvKjt#Gss712n-A3LZ!&R&&3_Tx&^NAEODO2q=%%bf(56Nxg9M&a2u7 zS`wt@9b9HZ-|bQ1&&s_tkvZkjbrt?PwnKKb4W8MrURZUshmqqt zRn;8lfp+2wFq0=#Ku3L5N9hcc2uD*3UJ_|6z_#=zG8?PBP$-*`>0_&Qpinm;vPykQ7zj(Xaw?QEN zBMk?@F~0_ndJiAU!RLt1aU{p%dkTG|QhUe^sAj*vMt*kB-g3hS^0FJ7SwCFg`ti|H z)i%EFCX9B+IO?M45{$*Dy2vWvCo}}ED|R5z-+kisyq?z|JnB7uT(dLn)$eBg%1x_w zH?ETrK1;t-N|jEaU^drv z0b~FIhGIzNy=`;nGz~+Ut0ZHOL?&A5gVN3GQna;@OkEhkaKW+9+?bL%;xm-w~iA9BybV;UD>94h51bW>B100hFC}Z7^=VJ&buM#5XaJ| zPV-^ChK)mgw$xqVObGF$$AV+M97AfoG~jw(-`n-}mO;}IzYE~Z+pqpTpF$uY6D5{) z-yNSFjy!(NZ{J3**Xuog`0y(op{DR}|5301=&Sz2-oxF;4})r@<#u zu_2uxRF@NC=ypVSbA?Qw-T~V+NmnxH&Z}EK&W?0m?0nPq0Y48<-yOaC9<;9UP3Idi zuz3+)bpc$Ug}h=D3EAXAr>GMh?DikztP20N&5HFf1WzV&%9ABNJJ%<&}(7wX<~ z^ED*d4Jdo&D^*x^z!h)g#|(H=Z!@0seDlNTaR2o1?EKyE?V;}YQp`W$)3MH;ZEx%b z-u#~6D9@Q|*sLk&94>jBFT+Cxez)hKWge>g{d`%sTNCaldp;iz{p<13ySw9{1s-aE z-wg--H|L>-x~y(*eKyQL;Zw(nimWImj87?IzlFA=W9MLaHhei89S%BYMBPpFd76D> z3>ixA>pzgeIC8=BJDN%lUY?%}N28yQPY<4NZkr3EQ^bMmrlGK;z2a0ImU{2fw>LK+ zUqx>st!lbNU3>corWC~>>*J32^q!F@hJ5zi`5;X~))=^^S2qs$2t+?0KLoBDAfE(i zr=u5$)vx^EjtscPmWK|)*0TyNU#|Bo`A~!-utH)XSBVY{U4Bgr+?fy3Ij1|(!rqH-PCvtHq)W&rjsH4+;THwd#tpW6``jOz!8^u zZ#cXVg3ttAr2zm;5S5%GOq`5E>H(TYY&d_d} z;xx8y`&D;xd?4k`!f3=KXiLi>aC|b4NrWQ)yyQn7sZ3x_EzO&o;IgEqa)XKV1JtgA zE!nK;5BRS4U2mWqZ0wQD&Qe5yY%Dd?+x6t}VUE?|NN3}qq|wZKt^STg6dCgn&L@l%F>xWq7r+K)$oP;h!U zIs?O#BM%%+q;6#bj9wrVtJ8i17nb{_gEXY6loaX(B`xQ=5HF6S!%LI~x)D=o*{Qw! z5;7wi1mK6EX;j&$eXfEj{&nQWzv(l#c<59*r51~KHeUw2nsBu?-0wElj=Db{( z_@#kJPS0L-e;9syq|RZbiS1h$1>cU4=&hK@IiUyyh(jDQuSDkR-Zi1shbt;bkY{2% zdGF`fsXSFxL5A(CEPZp+`Rm)i7Nckev_?uY8`{yyph<0R9PyhQBZ8is z9=#o&{&N0l_b`LZEqAbj$X?U)M$$1hw!^nC4^KaFukT>bF6<+3VVo0cOzaB#-O-6) zP1zCHt*C@00Re0VTpu`c%ln730Fyv$zxkm|Gg1>?jR5}PfEO<;G@ZMc-AZ&zbG;PX z{KPe4D!BX`m_&ZY2W~as2FQw|S?51r*<7qV=nnRtV2_qbm2GwTDzS z_oYYFU~$(2T3k-b)7+>s%ZD~K+f=NovT5gz7FQaZ(KIFGkOlZHfgzq?6aW~=Ch=GYoKDkYOIN%!fGP9nOyYmrJJlhi5{Q&shj2*=g1KPv(KQJG2cK&(ny%N42J>S~I8 zq75$-aQ+u;cSX(1SSNL!QJo2H>0Gm1y7_l?^PMl|>5$v1U^*$=EkaT3)PdAzj>W-E zfjjySrxk!@qi3xaA$ObbkC5dq_o`AdP{8t4BMUpVG+`60`r8C_{%CIV1Ls=@IOon9 zqWJeF()eifCKpM5DcVyMxhn5@w%TAQDS?R%lBgP%+4HU>5wd%<1?9IsB z*y`$=z`^nbuLHg-i$vZ8zG*YE463YU1XmQ+%h+O!J{O8>$1~>RZMpUS{!(urM#{;;>%h zOGjOWKsm}K8+nPQ#-(VvFjrTDCzYoF}a=IX``4bAze$ z<_>U7RST6YUe8+aOl1oqhf~{DCjlvw$1qD{wY@?s98R4b@DXq_;uJ?yn?5Z7n&?c} z-4EF{^Kv0in|yNQ1GWj3m&{9;*zrYns*9*tX**!YZeNbY^VaPbx(F)blh<}ziBhL} zf{P)}GflkvCpHlJ_)-W(%8-4@p_LC{U)xZQUYA3)m#E#st)Sm#@xwSa7Q&^=9>%em zT5Clp#xZyfSR7&woPh(jYt3GjoMT(s;k*JR+KXbRv;bAJ-g&>$9#c6q+DNJb4ca*} zd=f8A1gYiw3W*o{X*NZ@pGbF6XJ5i8!Iz%e_`bCJ+yDBf*8ek$5#^@As^qPl)!S(H|Lpbp zd;Prs=Wf6MWbfYp^K(4;%#Ia-!ITIJcpNsCDw)T=bjR+WR!_tFpX10K6T%s%Fm`>4 zf;AbylJ(#3?>;K7|J}#;{@~{>j9Kz3k@_P^SjsmbYSx)SG2)R*|6NxEWd@b(J&-G}q7$0cn*PqL{;} zHfx(B?UDA|(1o;f&!BW6P82YGPrKsDuE@gMnQZ@m{=}Y3pM%-~PZ**(PvCM99JiRT zoyt?}{GVT%sPCWFPd)#)J}CD9S6vTYeGgbB|2=+Et3rso3 zuy4hobCmUauc-e$ z+Pk;^e3qwR|H*~t(HVqTtpt!J8M@sH&&X@l1zwS0I9uel|Mks{o4qmTk$0@5HLPQ6 zEUk6Bt8HuAWcEeozuo$moL_JKtMh72LT)Q?An8{(D%@XorKT^F@+1<+P> z#7|~toci(ac5lgx{!?F_66@vay=P*4+FKfzPP94~YOp|lxDP4$J9%31f0IX;x;UDU zySD%I9z87De|Pux?(ILH#USS54Oo3qUi}j){3}@zk{BQ8Xb6l`lQT zjZdrfuY=#ObN2gHoAaOD-O~E+-|PRM86{&JN4;A*1NOA{XFe`e$lX5=xZfB0?=VG^0O2+F$qQ}M50Xv z#Cjp!h;k)90_`Q7j|=&a$SEJ@r-{q(X_$+FM&P#u$y|>r z($Ve6mZkEYfHjBQpS`h0eQma|`h+bRT0w#p%zX^~i==cs^eNc8YUzImgSY#7&*J|8 zEdHgO(0?B$pAy(ToB!Rh`8;#Db4Gt}y}f_h>i;A_ZXAq1P5iI^?xUjpx8LvG>;IqS zX%H=B^3FMqhL;eBa2%?zoc8Xd%!u8~{uptXN`oXgz>FqRYIvCh)7!fK3p_sm?q%KY zs!Oh2X9Ql)g;Q^9OLvgf5L;{8AmNf3vhupN-EIJ|NvR(964BkelYYvlJ^yDMax_Uo zwz3CUBmeLB9zA?qjQ_Fwq<8QC`B@&Dox?b0*?Hbb&-Z9${$1t{e{kO2=tL(+Lk)nw z?{5_FdUuL!GmuEUTVu#|rcBn%X?3Z6t*~|gNa6r;G~yI;G?fX=+$M{Ggp#iVK7z>f ztDRExZ?i=iXc|+C>ctc0kX{GvwW#?v{cTCz>&O)?bawzMZVRruHohxDOKnba4x)%~ zsEu3MAS3^RCG&3a;<7~51YuX<6Tzl;rpMHK2^o^1texf8pB)vMi_PHfqsJ_n=OO-n{zVAQMnkW6rh^zP!Uyord)BUv|PLZca^D3FIIKBuWf zS{=S*iAPG?rg+q>>ocQve7%7J0~8{T4ql$fR6!ggb{vg3q&$f$NKKV?gRvW@<^Szy ztVCrcI+HKx9JrIq)h0w|f(gc6*8i=~NlSN5O}C+^y0H3E`MH9azasR6;yI)XO;Qb9 zOq6#ggu1b+@oz^~tFSJWAL?g_1rq`jLV@lT5Mu*40b?YO&ljHOIZv&cw;$RSt8qLp zkc2{h6e1K0>^T8249OLcC9C@4lQ{xOoa+Y@)f+7|jp!7IBy;~Z&(#cv2>cy5o7-1Y z#DVLw7zc;~*NuoP)hpLd`sI#*dj|GELr!FqPG0N~gKoD;^3_9N*(C-weMQ$C(Fleo zgbI1D3wB@pxeq>qDMc~Z`cD9UI6FJ(Zh?;gUR{8#4_fEjz1iAvz}L@#v)k)A;Ga)( zYc?QymQK>C;F_L*raDPjdK&iZ+5w5s)6#UG*mEi&eO;o<91pl-c2|OL7{iuN;+)F9 zRb&iX%NWB}-n1x^kB%O5y+^m_cEt{PhW|F;Zz|o%MyGA3woD6N9 zqB*%lD>oJr#=o7ABnrTUgn|(Y%|*-x%aNH7d*~W+PX@otJS56uuXs;zB!hDbS-jNj zn$lL9ch5k7+Nq&Ooo0X{hWJqB8W_Gt3sybM3~{+VtCC=U2xM6ogaig)LdhH$1F7@0 zo>A3d;ipL>OcxHa`qc&yHRV_s@<`e>s0U9GxAWp1(f)nlp;gPf3{tiZ3);uKBtU#zpvI$5YbXFRfu2(L0xg<|^RuYh z721p>kGs;D$}4R7CRk|C7{aRz-SbOmDE!bAA0AR_uG?0zkch&A& zXCk#nWf|($)>?_5^}T85tx$Fw6fni0Gymoj5?C(I`B1X$>v`+~$0roUkfL-I>{MvU zu_|K%*Ju9X+KKo!TJxHQlovUU;Lpfa1l-fwtzMa{>$D|hovy39WDsp$n<76y1W%?{tFK zuo5+Fx}{v>-nxWU+5p$z0&|3x&I^>&!RlIYvee>EBcC;RXlu}c7IT}Zt{kDe$($IB z@02I5Vg*bhjzbXn!2K6+ufT4VJBge1#-0|dkNS|+iXnAQw+TK=PuW zH2dtWfM1}oM4B#MNRuNCWJ4UKBS)LDDnSl_f)Wwb7$q@#Zc7Wv%il9+ejPbit%zC2wR z$6~CimD^1VLfH(X)N6yHX-$fT?}J8D()iM#+GTo6U5G}WY3cuPV5|L%XuvDp>UR2oY+a=)0*o5M6z8sDY z&wm^V?A{)(YqTkF!)gRewwcVK-C}2zb(Km{XWnTA;Q}r40IGET+OaDlyl(Q867D(` zNWERE;>9v@NV9>IN|e4d$*PSMb21!_em*`u_*4{=&uFqb)tLIXqns4VYShyP`Mabb z(_SNX%~M@KuR#r{!Xf)wgUb?%Ue4iY#VnmJ3K8NCk%iig?eXM{U3&h?}jhm9F{m$y6-k#lt9;< z!o%niQxeTl#D9Vmi^Y>u@r+QiBazgbVy`$!{c({#Cr^QOmHXXaP2{mF%uTJM~{BJ*z_pNnVf@S62CG#<&55T6pHlgf4 z+qY~wk}!`ahx(g*%Rb_WSIWhC&Z0blKYXabvi^icFT2XjpKCbWZVFvQhF<1`qB>k^ z<@4IE>BvpBeYh?D3cl!p!LH;|Ui2?-G;{rAF{WxGSFS{B6PH~}T?;AQF{{FL<;aLF zC~f_vA5BgO`0+HJtNU-ovq62RoUaJg0(3YGk#)qd`1`_h8Qwrc?DT7 ztBfFaowDV)f@S%I8#GG~{E8=f_ZDLFw%$U_5C<;GyF)c3@h0)&I6AyUsjG3>GhvfM zIz>tV89WEl6L$ifKe6tgn6rF4$)p!g0jg+0Nc9Jp%3I?L(FjFTbo~lP0dTx;x=s#< z{041VGz(zzmS;Z(?i)IhGplTM+U&SO2X1bpb7tC&mE7NQmk~d+fxg)+UxR$}E$$Wi zFh^3Dkv`NcMn0Zkf1Qp=k*N`F0MIq^K^H}wE@FZs?&kbxX6-r{6UOU07vc%>7k-HB z1)f&OtM&q!qKjFDI|-;=>FKw;cL}KQFsUbXs*j)<-nLQSR1Zr#O8x&f~R#S`pNn;Jc=L z8%;rq+V9~dJdQc@-p{YAcbImFmVw1Jcyd2>-_NhtRBsrY-3Cojec40_1X)3xZ*$<$ zfOXLk*!EwqSYa*QiJKjiS9ecd=GeX3Of7NSU%%T+U9<1rF}tSspXv|>+*u%$Pj(ms z?hj->-GR&!a{Jy_dn*j$ErQ{O*-S^1>JPk3~H__ zTGySd3o96+Y)ni7c2<8wvN}h5(-O(jtgkQ!x$y}Tc_&u`DssS@Q7!Z(@9|x6S+c6` zTDK*eN62ctP^pQrucCY5h;bN(h`KnMkky7=)ad2`)RTWjxmHy6#n0Vq2JntuuA4Lz zb=Gx4$+(hT+uv>bhS1->M+GZ?+(gN_mg3U!6#y!_PUE3w7J%m?NaDC`RE^iud2xgV z-#kDeTr3Mend?VI#XRJ=RY=SH*i^-{RL=zBFrnydMiHBlFlYy`SSt@Rf1RKm#L^Xn zHT7ePV1OgUSS|hKOWckE3$6W*X|T|fJEFqk_|(&3OPVPFtf!h4D7yf&nYLLXL#?a~ zwODU`3J>umY9#Pnf!on{zOCOedFMNFN7P*yom&%k9^ReMb{^y%k#-*FN|Y@ifE?xNTkoA7wHJ=p*2qJHT-r`;DjG+?7||9usdc4D4>=5R1m6@1Yl-_;UA2FEdR!K8U?ocIax(WJ|6fdy1wvSzFq^F{ z6C9#3f)xg%igSguaE<$?Q&m=ZW>ORrhPC(KpuU{Gd)zuYZlQX$11O}^9FaI~?qJn% z4|6|-q+`b8x$V5PdT^d*GBwCI8n3zuqg`q5?wa!HAKoHosm$`*3aqPWv9jW)Jcua? zlx6!tic_v+o$a8gfHlC&7p(`_VB4@@EwO2|&mB=+vUbU~u^5eTfP6@o#Uv>gYi&C! zRV^Bj>M~3$_g5AF8R^7S*(lg=2TSr1HAm_xH3%mYA;T})qgbo~fO)e9YQ{oZbF`y; zcu6pfI3DU&^cfE$6Yf;uV2H3#E$0YJ(F9S7f`f$OXgcy|C`dvaO^>D#NnamcBR`Q2 z@Hy%63gPLD4?w@yE9hQDuk zWRgyYGf={aC`r}QU8k3<=eB`9xczgRi9pFVE;A`t763#hWD<(mOTwB z8f)uUY7I`YiB(j#J97zWb_iH|%9i1w1g$CH+WP6U){@R zsgF-Hwkx!xhpFwN)F#=r%(e~2#k(1N1$&LHByGL|Yr9ERZVuzSCf^d^Tl+-bd-dMR zr#G(hZMUb`m-SYd=S_3H#*HuiHcrL046NDH^b=vOS`oN+Y7x9+N8UDWym#MQ&z`3* zJn~-U$hQ!r?jX-aq3abnE?O&k+gWr5_fO2Jx3?BDwe0}M$|dIPtkAu+G>TT2ZSL@@ z&58tbyXJ0x8di5?b2nRHHS`sg2HV-Q(SLMh*U@^Te*sC2U|nvJh788Fr%`Ag^Th$q zndcb(7kY!|xZeNAZb_8R&`WW>%&5hrt(Uf>mO?@fe;3RVhk|h$G)sM1GBnC`X~Va- zcQZ;^`uWy)GNmG?+1pFhw2gj~{sOB4vZRgTrvY&4uWVElZZnDHZZvxI=U%8pXKzV> z*Z};!ReM>L|DU~g?P}xJ8pr#ZPoa|ho&pCOU$`ZG+O-Ifl+y%wfSjJLo~~G)k!_Xn zXpS@kxR?KD|1WLb$1}bFNz-%ii#FIZTU*lB*1m5!68c#~@|=c-7&-ZOK}6WyLSwrm zc~%^zMap6=k}_CFpbt+TbR>Ci6dy*TOTzy6WV`%iXLKH^rQ;R*#*AR1*_e3X!gv@R zV-$82o5JRi&ceLqs^Z>X{0Du)dw0u-48qSxF}-rei&ebMT)ce{IEpw>s4bMPrdj`r++XA~>mJuC!I-88 zH<%_;;y{f*{#d~o{f7#edWkX!d)m5b_eqZ1E7vrQU!rpsA5p=JET=4eRm4M*ulP5> z(h{mhWkowp^$B0r4H}KG4%)7L10L~TVdIRYB%M)2!Mia=gwxz|8{=Hnz5(;lOb4vF z&qUxBu5bn~huD2w#`Ar))7`x-Z=UI6_6e$9NU5T}u=vNHeRlp6K1=a`k>i{UibRln znR{R+|8IA?omQ*F|GV3rC;tCQK0YtUSthn_3=_Z9n|--7^RDCzpEcvYF-x#akD^Cn z`7>iz%u=e=GnSL7FqQ2RXZ+3U&T7Ux5%04h$FURE>x-9}T2%Ut3xZ=6_he$I(CWX^ zf2AAd^RM*e-TB$Y)xqi2OZ5Ky&BejdF}l1uJ3l`@LODYjCpQvL2^S?yh%f(@UXU9~ zZqea)2d8h2-=4i`j$^bo%JWRT+}aw_d{p$C5gY5?U$DPotDmsGZVA05a*6X+iG%s@ z*3rMxQ=@9jcG?t6t^%`88UL%OjmXJ>d z?tNG%2?M&2V@0ustkBy3qV4A0I?6{lMzFOyz ztCM=**vz-nS8^CmvV=ysK3C1Wr5`+GMXJr!MHb_nT;?3-WC)brn3ZpC0EMri-%)DL zBS4)i#C=XenE|MgE!k_5QY7MiA`tJv#UD83<;CO$8Ttb2>1-+wW$ycBfT2|;O<8VY z7~N8n=voxxEn8GjS2ql9IOQBd&zr^q-F$@wfmDj19z~-JrD>c(=yxPWxU;h>igCEr zdVDYV?0!T0p?zxf#Rqqev-^$hdBEljTGpb$w59)d2u_ts1l0rD?Q%aH0}u;f`H8Cj z*eUApG+mMBesdf~S;GUe7#-A2Hf1?lt7}`2<1tNV#l5KqbQzlU>P?l8s3M+AOc!4A zVvgkN_nD!N0=XuWP4pZ}a@Hj*dyFGwFz`0|;}4azs9==MvE{)RvcqSbGDu@fun^Y8 zbnbua1_&OW9hkW|SZi2sEOZ6}z!4|dUx8`_t>e8;jqog6>kEuJ(~~?!0U|h<^W~`N z=Y#um@$52x0yE$8Q4gKTHs4ak5ls1zr+znjPR&A>pI==hZ)|pzAd+8(nV9~{*Q98A z37R$QRnUNS4#XSIimdkWA)V!H44aa_tXb=64@lSm{1q9}wAzVZ_250*jKj+d^%}pQ zU;ME`_dZhKo^8UfI7_1}aW!JfAJUZnF`C#sVgvkpB<=ehE&RqVwQWt7FY+07KB-Hb zo?o4|IwN`N+C){s8T0x23<``%LUMBS>YTHT@SGBHmQJrm?U1 z7`mx1+cliz(N^4Vx@DYSCE^oPk+M&!oDx6T=_P z{!stObhjLP8EBJH$=L9peIqPZt}N`Jrn;w{bCO|B)8V}&1hv+#5Oh%lYPV50I zFUr|{&P%{Z9>PW*3yvZ6YcdgAIWI&`;;&bxsQez;L`d_s!Hr^Taxf3U3P_He?==%| zcgi!EJ`H8e{H=ZL!E2hUf{OP5H3kh>5)%%>w%mj8mU>JzX*q9MaAfqe+TE4mJQ_78 z_dY(FS|9BcRb0kp!l;|T1I}6v$fcSQD-fIrk{_sjIQX7SL^YualFJi{)RXA&0Lf<` zXBA!RgAzCKq35iKMvn)23+DYH!XLtc7GAgM5;%3GKO8B09eKTSIpRK)TsyH(xFuye z&lAy%c>ai+6k!Q)-k8^9^0;GWoZjG^NWhCwMvar@7e-Tg7nNKp<*zGVsi?jbzC54Q zkQwGdw58VtZYS;RdTjct7~<>lj2bC={@cOD)yeCF!>hB4A3yy4?Bw*r_s2i}fxdm* zp||9+J#gPusA9#=PybN)TK(={CT3|6-IZ&Cp_0WptUTrdDa0b)hH~^+IY< z_ms&>{Jh_1>6#0R!*!Zm$%Hn$citR@sd6GU&wf0CzC5F#8fVRfv}9a40sY&9;a`(U zE&Lh$VvY@RPOAS}U3H0hIo8)SQ&x6jO>q^)q*gQaOhbWdxDqZ6#l;@t!T9{V57CI- zrl@gIYjROxV=re$iQO~ny|Pioj3xvT&TyY5G^eCgtr*8~`4ViP!|%?1IQ=+FKhHn# zSnaAmM#JiR72J9Bn!+rbm=osPB|h7;H9yv4hP)+bduUfD3=v(9ux2}+meg7*;7`?h zMpgVD9+^?k!@KEjG0k5yexy@7W>H;zo}kB_CA`Lf@kZQ#2qS(_ERPDZNF&tv6*X>A zrz$n4;br%EXnAvVWzC^`8~UIBQJSgAfQ4yCP{-G1W0sPyKgJ=L9W1zf zuCoxYp0v#|xjvg|;>01fo?B)qs@_haycqYkBz%jp}OXC#wy= zs~3*}i#j;%ICwoI|;S74SR~yTodl06KU)o$}P&A`~M1E1E?w8d% zJGgp+G{qnek#r@{sLSn0Z7N8!)Y zSNwXFo_qQI$@zyL4o9VYyr{M+^$WNV_FDO z@hf~=f!W_*f4Kba;Ntk`!_mRj!K;JI;}7pIC3f$Q?`yLw@vmwGr%ZFMJch@BD&JLV zMV)nTAqdxG5(22Q8`Z8|8Q~==^g=f9bhMAgJ?=N;SoL<7iZAAogAHh$dSdFAS@P;k zia9^Hy!_$p;^<>h%ydxZa#Um9e;DOhD9cgLBFH}`1)1??VmEuMOX$r|1*&jxzt-Tg zWQ&dIBg`vyNq)H?f4g}5(O4T#?#SpYNZPLR8t6f=He(lGiTrDEzLcu@XT(t zx6nL?k;>}OwRf5lLgi$u9-K8}&-OcOHAYP22MNW(uM+NkS!Fc!-S2VndsYR7s2YcL1Lmw|q}9s&x|=#cTQy*|d@uuApAq5TRn^Vo=1)~j*@z(}&>^!i zAIk*-X8ec*LHK!63~B0>=&3_Dg9mGnlp?ZvU~8iuPYq%&x-(i7uxxUc9^Vi?nW~v# z-hQ5AJ|s#+e)$b@4VAY3pIDtQ;5hlZsQ^`sAl1$z%Ar`~L=M8qklekdX^d8z8(XUZ z4x!lS8OcjvLT83qTFF0@`$$`|mzcmGe?Z2SoyOdSpHcbnV|sl+;(Z8m%Fnh0lKK@W zgGL85`Z!o4MD9q0wn&=uNyccJH-ebJ(Sq}1BCnfRLI)(8Lb6^O2&BTN3jNqbH?jSnbR~UJjKbm3S3+%@7^fSvwH(QaNo^>-!RWFqA(gs`xktJ z&$3)Je;MCZ-!Y5fS_v9<2T4k&)+?F%aMwR8P#QLSJ)dlS?3*i*# zYjyZ|mZISK8P1}aH_MYd^~s(38ehwopr%aBZsk$*9i&)1=_!YQ%{cu_Rs$VEL^OW|+*g7{sXrpnK|WoZy(I zM2K4Y3!iux1(rtp3)5g}CXYmg<@Kqj!v$%k1hAfJmZ0ns%-OUp3MeeHG}Q8Y_owiL z-jJCD9z5_c`VPnX3zK&^kw>EL(&{{zxI=i4Lfaw8MEmhdTdWJ?@(*(eKdo7DoiFepp4TjaC1fruycw!W5sQRfS9#p?J??H(!Yn+R}*< zTREmlBVj|GiTk{q0;?wL7xjKnRkP=nR#o$|L1sv}&g7^DRE2$&_+9mLr3hPT+|m1g zu~bP2697;t)#Dr|G{tYrgf%BpuI{zZo*w5mfLewUw{kX)aQ_G;C$DpZ=2j0vg(C12J*XWF1I+U}(EdUZrL=EHzURvUqndbM#J z{3#`!p!>Z0bw+Hr*LbqEAekEEXPT?F3chAq+A^dM&&gs=&y=b$>#Djs9@s)uaUV%xMN&&pXsc)6du_vMld!N>~Y>GfF9Wvk}&%7OjoIH{_IU0UA90z2(AuNZ96P*ZPl z%0t}Owfi9N_H5twy|-*09$GM}X$P_7Mm}t?N8MhtjQ82wkK-?2#9O}9HqZ2V&)>LN zuRqx9eZNhc4j!171%Ceup!JnkY=nlt4@-x#Ps5*@%N(cvL+onbnB9FkP9AF>M- zSo=e&=f*gD>_a^Tc*Yg-r}k@}({Q%-p7|J^WEZ%L0`MPE=Bw?$`}onUPx06fipI{W z@;ZX{5%As;6!6?6m^HGSXpwO6+WUHTjPOUoT#X`eU-@`M8-`#n5`g{qvu*nO^e3-; zvvTDZ&>J41ZB=RN6)me4wri}p`Xi11Csymtq|^;aVcw7`={B> zpXSSe3+`|g_yzG^tm)ItmP~V}ajzkllB*U;@O#Acz9kRp!-jjf^SI8#`8YCVHS{HI z6MlH~%!uoygRSd*WF;guf_448{L7|xrAy9Rt4{i7gZ@h1(lMQp(CdvPpLXb3TyGq; zTg=Ns3n#;VUF)j#y2w$=?3nemFJZC{vg)+t+CRm7R20;gC zjr7um<@Y0S)e3BFK#^Bs$cc!_>mXgv3d90~obA$e|g zLyw&NyC5R$@1(I^l0qxaQ~7Y+H&MBcMjxKC>`3z7C_aovmxTTC$#(h4&gi{WOUEnr zjTzy0voZ0&g%M;rDlhEKI)%+6orQVJRmH%+c>4UQpHN)bGLnw)6VDnMr;O8l(ugFf zL;3S%#%Q%#t=;Wy_~8Pwb@#q#bvoU>&KIcl@uuxQg~&1g zqV?dh%9Hzxd}aqG!L9>;Yet-4#Y1pL|DmEHUqZr!3gT#9?~5j7TQ}{MYnsL{(YgQn zihpUPQ%Y@}^yB`m6HD zmXG`eOGt3i6EApb*?_5NgmofS?Hllj{|XytEG22ZLg~x9Bf@EJ?1klpg9eYFurk<3+y8~nf1jqYWb^l619Q%QyWK9I|Mp(1{dE36#plt_ z|0_i&Pi$Z&8xTeR7ZOSJs)5wnh4EDj!4$zOryi4G3DE^AJ;p58p1$F%$YyNjeJ1l4 z6@8vQi}HU{OZ1*1;5`1nJthCOTf5yS{{JaHK8Lq_Tsfhtb+$#B!YAkY59j0gBqJ}; zS%&{zkQFoW+0L3V7CGVHlS$c8<9;Z6RMzH!s)$A}19gvRBdGeNVJZUG>C+Z~s$bCG z-6m-i+6U(vu4~Z$h0(NP9n9B@u7ZBPehsD`&?_LnpF4m3^76C)vybUV`z*-+;ShZ! z{=c`~>P+$foz@fo{}i8RM({)f#t}{ul$U8!OLTR3zJkIs@thSo1dh*I z&vK3RIk>~~_rt%g9(&y!Ty6GXl^0yxnp*lxtaA;7nM>}$Sy_Y``Bn5o+OOS|Y{qP| z1(#LT=~jR!QJ2nR7{%Vkj-Uo1H*y4r<0& zf>y_5+=uc63y%soSDRPvbve45t}f0Y^@A5?USo|$W91n-(Nu_pCp(m!W6%#xP6e?v znS8nO480d5M*Rs=E23lylrt2KNObM$XdpHS-|v$F<3v^3r0Eb9*<%VK6?^<7jF?5K zlt-p6n&5yMA>bLhlmbJ9lVpMf$zkgZy}&)5Gh}aaBxowXA5np*KsZH)(*gOI7p-t% zU;N9-51;Kt{1>~s{$pf@g%09pe;42TLjBXPv_D$||8qaf*nhCj{eSHEuf3hJ{in0t z*?qGAe2Pzrm5Nf8he}UyS>iH2ODA|u@w5`$`6h|lo@r&H!+(LW_5e@tTod+U=U)Z> zHnN-OW5j>#wRg+*U-|gc`Tqo;8HHkJXOih4&#Irx%%V~uyMHFwL(cn+L90$~DA)V^ zQyh^-hbmc8=2M# zeR})Pm+yk86OnV84v+NWsda!O_Y(cSQfl=a*dkoHfwFyWwg^~z{!6*cW1QVP17P0y z-`#1IG}9oSvMS zgUvo%Xg2FpYXo9I!^PkTGQJ`Fkc~6U30nR3o11pCz1?gzTC1peh%?-$3C$@H&F_mo z(Tu41hUOkm^7(8^@>|BQgWSqK$#HwdS8)6{M^LLbUI=(Ch1A2#6|CO$KY`Nk1a{Xv??VGb+s7C`;&)_Hj%liR0wLr8wH^u9mht^NmpkVxDMX$dk(WIsdu3@VLh8 zC`uhXlrvtIiQ!H$KU0>TEPK6ppsR118a)1!FQA(BtiFp@=U+z8%a+`k@9693d8Oz0 zd9BPpbum4ktx7CLZcAS#OTbzDj;Rdp`ODlgbCzVW%V%*Qk8me#xe>Ph%Lmuw^o9qAU>~*I6f8D40KcD6^JE?!k<};7#C9LZ-^Oq|tVW#Z$-F}IFhxeX+ zxz(rXmKd$TpKs6Jd^kF}_~v=r{&{-v?)aPM9r*kFOVo(b^WQY!KhV!#qu6wg5(yz0QbWZoB?@%pKkv{wzc_w<^3QLc zuaRiP^b-=dKhW<;kQjX>wj{MY-`W~}wQi7nP16|VBLYa~3|7EGe0}ov_?zczi9n5Z zj+$EvrW)su4G9c&zTJw+%~o0@@&+3b9HT~ieQF8J2vQdfX5aV~ttzl`us>F7r~gol z!X<geP*iavaoxd993e$w9 zL;s0Yo%2Bx)OZ~X|38+Fo_}e;yk#tt%SdhrP>~>z+=x+1Zedw(u|O&iJoZ*M=LPXr z^BFpXG`^{+Aar{C!-oYXBw?Hk0s!*7rb7~Ms>HA{!Ktt)aVh$f7JT^qA$OZU-+mg^2kTTwQ9VkNrD+pv~}*XJfU%Y-X2?zuV?uJUVnE|yF|fOr4wB7~1q$)`GDNzKrtDphWC zWp$sbC+1ZAGdX0WYHL=HFd4J-lH{uVe#yF2gZ@ukWe!~`6 z+Qk+Z*&#J1x<~g$04A&(*SUwyL^1iV^PY z?22OSyGcvqlvU?t$E-96)sLS9J9M8ty4S&4eCO0>p@X;(#rS<4r>ipDvx)<%Y#K_( zcu3BRBvH!LRIkvf-whwA;ojxvS1VhE{x+uvt6Jco$5MErrhcl}pXt}jJ?y6OpefA{ zS(;;-5^hP(v?E;=Brmd6yOA*2Fcmxia3X*A8v5xs&9rzeE_~52uvAh0pn2WNa8Q;r(h zQh)y_x{9RkW5+k)tMB1*og*Qy?FY z@_^3Zy|2RW8pF~TF^rU)a+ zJ-MmnVV|#LM58><{MD#^Xu6ZJTmnl7Q--k`Lrw_3J?hRRuGZsE$8vk5_tG1 zd{>%sP)N@_I1iu7H4=+Gb^oOl3$3O2#EU6v5xLKD&a76rD2jEp2Yn1(y}?@4>R7qY zgSFkod^|3{Me<0AgKI0D?e$zb((*5wt&*JNVtz)%g?#Vb|%o1I^-n;YgR$ zL#3rDNm-WSy0aIUN&LtTsVjgbq|RuB624D>q~<#9yN>W5V*(CB^B zRNp+7iQ_q1Rmg-kjtcu&5GaZHFwjuGYP=5YX21RBFPpYmZNcpR_~Wak6rMTC!Sjk` zuMw!9S8l?^Y{9xj5>wR_wAqQp{goUiCW~(o?MDmL|$A=GF7u{4Pmw$J8 z+I3ua%Bj6Rduhoy%O^*azeK;)dR3OO^3Anps0h-TR2D=WmM&iVeZ|7nyjM+8B}fkm zEUaBLuRq`C+(UFu{7)A5A6@})PW)fH-RYF;|Ltu*#s7Yi&)oPQKNKee=aMatpi98B z_=pN#Wb(d#Rm8)kD*%5U!8nV?3p`$V_qh=*i-#~gdhE-XrUy5eCXx^;M)!aIE3mnz zPt9i@|G!_ykMJ{(|L^SXmE*r#ttbBfNj?|KI6!%kux;?soTy|9^_lQu6-;TkU=x ztoG9d-PeUkm`3h%!|zK^&S>yHbD;U%_GS(Ku-5+}thr79D;}?G*Bd^!P@~?NuS_rH z9HicQUHDfGj2V0FJ$`boE0Bd>&Oo;Gwi&IqmRb0=$*#HLcrc)mA0b-#(+osrfU3Xp z7Fv``5H>DwIy5cH>VBP1v9)k#G?BDXt&bVc+S2i?3q-Q2K-M`StP47=D_S1=k1pQr zc#eyER>$Vb-e}cfnYHNpnEFAjGqJ6Ugk2WdSpl%qxfoS;@oM4}B4LApB+&&nOH}UG z%tKX%f8Wh5Th8Y~34;@=-E*@xL3|975%;1Qac_Jd(3RW;_AY%wAE^_0XpekAQ|_6@ z%9*0o=cpq6M}JECUvor~F&(CilgArlUj2uiPAUJpz1{6T^?&>%pJ(VC=aO@PP@{Gp z-Hu3#`UOp5Deq)By2e8ynk&!H)rbls@dzYFBuUUPVSVMjpy_Z^o^PDf8v?O;-uF@z zdWKRm1YH8HWtiOf2G;~m2bg+%@?ELmi&+TQ{1Fm4p1LQ*F^@k`ozjcQ`}}N z8_hnxUfF2o<7{Q)|66&6{((7Vg+M1q$6}?KarO&|@|7ly3EooAarVo~*$=137ngtb zmM--vo&Uq{4o=@3zdd`?9LJ9~#?15IZtb?at@8PAwV%%aC;2=>e}B!{5FG?`fS_5T z{BJrW2^+2)B#AD@2z&y{F@j;mYBn*8iZMxZ5=+en9*`%hxw7)?8Tx6v+3q%5KcfaZ z$T&^V&L--#I_;GWw6SsW?)>cH>frQhV`F6l9mFw-Q4fHN<}U-zhE2+P2n!nkqcHxC zBxA%$#srmEuWX?ASqv2+y}6hqL5cKUv%S~cK@IeimO9WW%Zd1T4Wzl3TU)ocw|c;c zjUk07DM%WTt(b}|!IQ1OzrHwov*m&Rn}+l^fb`7!MgIWbH@xo^66iZ&!lZ<(pqXJUA66~7e?{+pr&n-AaX|{Da-bWKn--RX3WWeaP-rN zaN_12RuYR@B(`!auEmxLaVt1!WGrsj>^kpz6SLc}LGKNnInq!=Z$0yXz&HNfTW0Q^ z?WN}4S=m5mSx(3FR}u%=Q4j)cM`*hd+WU3{xoXD#V9KBB*X^4v@6DYhaNBKm4U8Af z9Rs5E!XKQ(=)23SODKe^s>g!74-tj#{7_NMpNNtx&osT&rV^XsX#FmpjbNa za1LLSK5D-xtrO}OV$x@KD91y8nR@MJx6^F*9E_HQvA@(>cRz=z!5}CJjz&fz zI+&nBt%Jxp&dG2BRy%(_BF8xy6p0{~@bu4 z`ZB{jKTe3e6))+pWYrd{KKQlZ1ig}S^QH16qE|GWz-j(+V*_2@(mWcGSV|bzgsbcWfns)> zf|YB)*%Uq`%`7b#^K_xqN@bM1GJ^iMxAo&%Ef-p~OKa ztO&&!)Otpo#7YEH3$O1koXa1Fj13cF+}>`0-HHJgA-3Jmf!KD}-9&cGL|S{L`^sNr z#U5~ibbl5UlNg9n%CM?~O0UYCH@E**53Olo6~yHMP6Y9=+qT%1`TvlH7*?>OJ#`Nr zk;q7lEjzhcuWK43QoQo(sGvcDhg#HPx8*7;sGqRtTK?RZGMBow;mG0HTysy|auUtX z3yWsyY#TAauJV}VoJOJtT-1IG6qCzUeXaflKc90pCi#dIQeMc(P-l#+SDYqwt)@fd zT9A5GXI-p|Bx5C5hH~YQ=A)ty1Pr9Sm9Sw0r#PA9G!jxA)R=7b6V~4vV|nnmLfyKd zoI?;wvA*EB+HtGdwyWtjeGw2{2cl&_=sSH;5FMwMRh zCG`{HAnW2)8i!z{o|Fr{Rdj>6nYBtYLm3mfJe&VcriGqPbEnyA#H3Gg+Gw{LytC7@ zN3rM6(GUJn%u`?7O_IhLqiNpL7m?r7Q%T>#u*&Ck<`?SY{+p;OroEI58UjO-59NLF{*5T4w`&h@^m$e zj+sTLyVNW?pT#U3uD~)=Xyz#pOHBz$`f?+8Br4$QAHZXUkOBdXQOa_wK4ANjR#CObA6m~SVT=k<5M|WP z6D@%aNvabX6|zaKvs?)GvlelGd#hE74n;7I!EzZEYtgf*3m# z!Lv9?lrIWJSgCRe8-g1Q-C~|f#;iHbYc6GU$-tD|R6dle2qjT?>)W9qcN4FHNLuW7Rjobcs?)_R9R} zs-`>8T?=~0f>wg2cVR&9tBQm=bUUKa2;oF9G$grFWwI=xB$k)7yofSR#~3bNNgDEs z!m#E_7x|t{)ZJ@F1499bWD*vLuDi`UwKI1PYfIAY?Yad~!oZkug7OhgQ5&5rROA&| zaw}b4T{_s7EW@={3P1&?J_!oEz9K`KI$)LrTT5I`FPh2&^@jB5w{^(HfP`-tjS)^K0M9(^ionWeGAVpqka&c1Ya@ZI7|OxID?FUr7H6kuU+QD4 z^ty;K9@7-;pEN~dI;1Mb8u`@IYPMVT)0ec+CpZrTDY=84o&)g0zQ0{!JAKZsNviol zLvaM5k?h@Kn!jfJNJ}^`K{D-mtEOE|NaQq0kbGQ`<6yEMnKcL25xhMvq_VLuT>NE%psf3j}H0h&t2u0(_}jX2ZFoCDsi04|qJ zjHMKkPckNfTpS-9y*maC5W~ny(lgW_BQO*yElPk4qgq57(~Hsly(3~zwRf+~(%{Vqj0w*^A~KdatckC0g^2 zd7tJf9#eJD#a7M&8aRK(WPxfs|(^tk~H2vV=%#ZFX|!0S8XBcS%Z| zCLHHn4SV^2Z>w?0c>yR$2&Pdh+@={PHxO0#qItK~ZZ+?|65jSSEj_{bW}bRSF63eW zXnk0^M&darhN!)S5pM4@@LBJzn@O~q?HxOdR*9>q6}_axl*I3OazSDW;;1}KPFpi> zJxIoKig?o-LOGy{#P=W>p=v}7!xtn{7B>@ZaC!L_<%Ex=;G)-$lR+X;kgwq=FK~i> zJb3q3a+)H_3r_rDyLQ;}%p#U5$BeI!N|CyqhypQ~zgZjb(4TJ$` zC6==arl2iT&6N%Gj>U8!6~>+_6xl<-@5(($)NgLceLG}#`8^9oZEtz@EYz9aEEkF> zrSv$~8=1yN-POsXz*1POtkhb{L9G7^i2{PzwWB)vGtmj!8hCi1?m54Fm3@E5yuS>8 z*#-XcY5B=6#MCJ{|J_91l9nQV!CXaV(-ieGP9SLEP#Lv*PTF&mw!Fffkaz5cAi>7L zJ*+L^In!3Id_*Qv94wMp3Whj}K;==5;70_BqVL6bb&WI{j&w=FgRHFCC`zb2g^_na z4OBeVMtOvV=1TBNK9cvRPYsrP>@KsJo!XdHAk;$;^~=GjRqJY5Pb*M8Dq;{6Ap^U( zu#pFr%$@hc#DH~;-1zq*omT#5%1$ka)Afa??*2ltGM(N+L1yhH$YM|O56C|ivd%Xz zn!C;RejvWimVeZqcZ?TY?s;bkGwg1&{U@-ews&z!x~{#s%4=LC<@n8igxP@hCtQVq@Jwx;YBym*}G-`xm%W&|%jLh?|7`i$iw=Qwk~Gu^3p_w?-Q__CSbX*yth4EL=A zv28&t;ZxaZ?tOAn*lF%Lth)wl?*hniP9vNo6Kk9@SHEF^AcN%$**XDD=kOI%PlF!Z zClV0RA)Hy!PiT}({O~zHzh8~OQWPbuh^;5f+$A03{tq#~01KB1IBi&SjfC!R0myrd z<0v6<-$85}h&yFkR3@$SqgR>)=a}(3#&HYeunaZqe0pk_dEzpudVrZrd$<<4(kl3A z&n(Qg7SrG1NlBt6F}h;o2o4shwpc_0$~q`mTAs6cQJ)NyKZ>AL zyGD%>_KO0qh8+Xl$Xz?~b~yFAfG~V3F1!EeHVZ*cdLFN~Dicmn z!iF@0sDp7fmw@*I0`641n>xk^Es<|KsrFFaGunv@<;#uNVV0iOF|OkhIM1#gSo5On zGH76_zV(CU9Nd0UOt*1Hz=fNmyt9k zX*5w5LZO5E3^&x-Y1+W&+W~tOJ34J-+;8qRyReDA2g%qtm#2tMyN)6{+QuQ*x@_X$ zM6QXPsM9rEwIAmg+irJNsGsnlwx*%JgIL}viw!DLc{F?AyX+xlvr-v*Mj|Tdp&@ae zg#J1#!jotpY?ifIhwTf4Y-?H?a}IJj@-K|0@NZF;%Q}idm!KS{qEMc1WdoD%qiZq& z4I&W?MJ%HxCQ?fdG3rkO9Y&2LSI|z{&6lQDhLH$@1;mTD27#6nk&!4DMx->+v+xF} z#Spb15s~k28GttM*-dh#p)PPV>#J2?ws*Z9+%08Ede?!R-z}afW#8i+J=0U7CpSYbm0(f{ zfQ(h;!b&De6T|58;fHo@#PGtj8Fsp9|L)g4+XJx8?A9NXG{v{nw% z5s~^n6=O+kv0XA;algO=BoRc}u7do-rS}_{L8cTC2ttH#o$2%Lm}$j!f%98;Z4opk z5$2*4nCXYnrsP(InyRHn37)VbR~&=f!hWWB>>u=2&7k^f$MKk^DhReLi|g_0+=twR zo%>u`S>X;O&|cZ@+=Q|0VQ+inyB%E1o^|E;E{BWjkfj6VZ#3$mW`UknCcql4`HaQ^ zJoF#xtvh5a-FK$%4ms}SYtt(c0#kuSTvT;GIo$lIEPnMI_g#u6R=q4Jb); zag07=3Bf7op-qRGBb#pN4z@x%SO?^Kd!m76gH)hFA@yptVDwkqcg7Ge-FTUR_HMId zAheoY%d<;yhlXa~9G*j(niiCszX+BhT;wD9MHE;xTFvgx9B2>}W$*Hw(=m#bw(T@x zU*sLY_wEfUP`88R#k01%4M!hGQbAkyaIoyUCO%N&aQgbv$~cq=)EnVfP+{bVa-G*S z!bdpA@^24zx0K%vi56+ZrK)T=cgES>>V2wr3shm1x}psy?R`Zjo#q`{v!vn? zK<9-8>RVEjmH3E7LYsTMH}dbidV+vW z*Tb>4FJTk2lM|s6O!GVgIkNB;tz(HWRQJGPB)PVq)AqsM3%#n8J0`hYk{HV@lmKHY zwZbVIu?`=VHyO#jC{mUZ6v=ly@sLCI_+CkRg`^$r;DNzFp7#dwG`hjQj}VMTJV*HugCQYrDo3tsUx$@n2JuGS@c7IUtOXFCeAQ=Wwpo z!Na-cx4yEk1804a)DxF9!vGkOTMxx#q}-xSMlN1WIMjBkQS+C`a4HC5wyqPSqDEz7 zfP-z*ro-?NSZY`4!B%PU(t3^PuLNped$7Q}HYtC1D$mg#ji!``^(Ah2fHA&SYD*}dCX&f;l98O|^oBSDI~Ku?ca#S-1w(TzS)a}sKz&FW zQ2K$?w4}zOG85#${>jT&?5#oDrvJYv-M-fAtOyh^mJ?M_z2DVOW1KmttqQ1fxWI0+ zz313K*Hugi?{cZL-QjVjYaCc&R+UpsVwZ)oS1JlnMV!7cjCx=zJyWW3Pu^ZqxI6!c z2Xoiv;sZ^#Uzm~%HW@@0E*fA8_YxR_5?rKE(?VG&}g1UktS8Alg)3CDQ}McbH$RPHN1GilM{d6s7i9u4 zT}{xrpF89rxjeYNT1Yjoy7c2#X&%8e5;kP+C6`|sVjl8SZM3uth^M7)sZ&q$JdqcJ z0ZQmKv0lWOMWTssMH7$luPg<_Ik^^F&~hT*lH7Gz(3ouLEGyH0qM-+EaF&qfC?6;5 zZW^tMY0Tfl9k+*VEho9mR!fpSnif_h7UuVCX$C_c9AIqO|fU zIL&>FNYnlETwihDtgiN) zU%+@)z&GH=*tcVJme>#L+>s#mEQq#GnZ|WyY7MIO2o!$@qm)7HZ-;LiD*I-n0NU2} zCfM<$-jw8fJ>`%#?YEi}1T1=9v3jLl+>U5Y63sTk6rCzy`6MIX_%^4WL(cN4-CE{? z(}|9C7$D+Q8mIC1Cz_S@YSo?|!lFTi8@F3Mu9W#q!Re60S*mj|?D5>GXZIs75LcNn zq=vO=QYYhBgia{-7$K1^5(lM z^y(O09RJ_@lZ)dc^!n@q9h{=~=Wi|!j*h?l?}-x}7a~{gu@SMLrMkrn9qUR{^pjqf z4=ONh9RIvl{$^bw>J94hU8FXz0fRDV2&lK)+-ctRnySpR`IgFcNFjSNy1vCchEnf1 zr~QO%Z0JfCQe;SC`_5Xg)qK(1=>ZO>Oy?E29vT}P4zZ056)vkYBh}KcAhZE}H%z{y z&v!>ym`tQE(Ip}1C(pe7^O|31$?^tCE!Sisz~l(fOE^%Wsfol0gG*35SuaTr&%;38 zdX6m8E?s0)^r3`$Q;bYTkN`o!O9E0j;Uq!Ww$QAqxY2^zsPsz zn+>96LF{_jscsj}Ty4o~nt>s5HX6v^@}QlYrF; z^;2LYR+%LH1K70H^-gby@^!#wYtut>#6&JU$TmT(v)lw7E$;aFVfz7kM!mcoVNPPz zHQt3x3LPyfxr8>F_&~QU(CsBKYd3d&AYBWj9bl%bBO=ZURk}iD607@p3YCt5;snMc zbqj+z2KAILd5h%HmUTfiq26T=6)70dz;A7WUL-TuRuXH?1k!|pL2J5vjS(DlttNPj z<23f)q61Y9$i(rml&mXhz*u3X5Te38zNUl%xQ3kNM&Yr(Y3i@27?pe^m#4%@gi3Oe ztX+BgV@8BRNySk3>uAZ?3C+f!scQ15FcWq4Kx>wE6CJYjhUk1N{9jg(bj%{*-ojO(t7bPgL1< zP`Aa^_kutzRbxkc9Gywm2H<l5LD zb;)r%Q)kiS;`dpRqmlBQVTi&B>^v$W#Ruwg-#TSM!W_?o^AqhkbON5DL{1_pVtXYs zO@x^@!cN5qi?EQc2g4?tg^GXG<)k_Qzk_Jjp6{s(oC;o`Tv&JthU?Z07w~VBT6Q{v z^#getwub3gE^t zSg!Kvz1FFCO`ljrijee5)7%iKugm*A#5|ZbtE40l`jH<>ZX4qy*+gR!(_*Yb0x=(w zDz_g1c6;jy>Vlv{lf5B4mq@71c{Hg#CdO+T77K;k#I{RiSw_HXHMcz=FTzBxdAscl zkLHB)BJr4O*X5>FNKZQ6Rmp|w{*5d1-Q-147KgenDQ$PD>2|&6Y&2LyMT3?3VAo}< zO%GBT(kpL@_ZM$r>r`Jv6Zqo+-3c<7)ICoUqHp-P-_!*IsV2O#bzGMi@*vt%x{N)n z<*5f<6IwV~P6BUve5`9C0w+ERf|wyCZB?&tXeyte91nf+wXeEGxvVk|`}rjhcx^fZ zKol7iFHaj8Cu1szsWk76W7C?J;j}GJ&*<1#pverQYo+dp#UzcI5#!{XvE-8eN_sw6 zyLwJa&=Dy`3L2EHBiRdUu0wQGzewYRGzSDjafz_rv>L$XJ9O*S(!am^CmO5zYQBM_ zqhoarGTwRNzg((ZGa@(!J;Rj8^&qruvO(w&EP?1v?WzyMrW$x0>d@Tr^7MJesUSDx zrmeygyj(fsoUL*cM>c#Gt`r}Iy)gABprL68%!L*r&OwMctQ2NC&GxPZ+L^gF(-NK! z#blQybHMbA=$homQZE)g73EZulceC? zAUCdip!XeUccbVsEtSPtym#&K*e+=fHXB)IcpeugG(2+_6Bdb-6~WS z$%nz--a9*$@0czRoa8Dcz)lrqFjt|YsGz&G?f#nJbXbHWZI4SUw38`A)3eS_7p)bd zVv8XARB|cZdQn%?@wcX10b8Mdsz^rn9xr7?1Z_7|Xemw-A8^MlO1%l(TaB^-!_U^( zogqC&ESn%~bN!WMoilWBadqQo)oxMATBI_kd$4|~!LhO6t-QR6}hX9Q5 z0zW)~DBw~}qlj!;@m5$nPOL<7AFK^Z?sR5N-}xwv|0~dwrbxW4FNbN!Wv>3e-UaqM zp!aR_e{I*c-%TU8Z=nrZGsF2v)o#^MmD+KF^O10QK_h~bd{j2YwDncvvOnr@nl?{d zs+=8X@>WPF6PL04sb|7$riGxZtFa2E%0UX|uw5|+@B*9thVX8`oTUGDH_UlZZ%c7a z#V%$ON#5lYA)WJP6*=I)%2j2;n4ns*H%_Nw9N(<14BBM{$;92b#0jNnc;%=ZQA%c{ zR7}ZH3>8?th1yx4-_LTvK<{rQo74SfK%BNcI7%#M-X{75Z z-4af0U2x#D{!Z^#!1fvP_MW^I1BmD$B&X@5B?3;2P0Ky*Vb~hxQ@=V=@ zL%5%J2vF=1EE(yh_tsuCIuS3DBqJ(%yoHiq+ofSH<9OQloF87!+O*Af283-7LYUrA zc`rpc#|cfbR54vzpiizg{CWw+Z{IV)wq4ME>DtitY+nwW`~b#qsbob5#FFPyJJfLiY$$$buXZ`>+el_X8_AaG=LztZ!pKtH zzOlU81cb#!p)ib~LS_l?B;m$@2+hbT}yd0 z;!{oeJrMn>!dyjV`j|x4wKUwfo2?S{b>3O8L{s4Z*Cjx5<{c&rXwL##VA^d5!6q(f zhs%Nx?1A3XnjGXlEP=#Mv)%Pz*!&l5iQAt+u2tqN<@WGfzsBqDBnRt71*kKf z4-M5wqNIq!$|#7YszR_!l2bWy4(fgdRM!;GRk?LjgfdKR2f-#SEOVxJn)?odOIg_W z?~-!gGFuQ&t3CP_oneAka&%zg-*edtTESZoU+?tWlmdOv>{}yU#$trioHk6+ZC4o} zXO&yzpxT51kEPhiq97zSjD3}B!;2K6cTAT)t%s8|=M&{C2V0wPquJDgy{W-m)+bM# z$sMg7z54L};_bRe-8QP$(T+B7>+C-ho3h{9ZlN_5#x+ruh#<0>s6M;4d1jKJT-6`c zb&C;8(SB>c4Sb2*jc_4y5_>qf82tUxZcdjX^FqEsa@SEmU@?)aR`|766e0CY#UL}{ zt~!S>VmDy@&WBOeo6kDDy~-aB=Kjw?3pJ0Tz$6=__ZsL|ToPHN4Z?Daw+zR9odM%u z?^VEdF7m1JXXePQ!Pzl>pLIXPIyM14sznC6>A2B$e-0z97d%}agq@#*W@P^9vMZc% z(y&$!y~h?^F zLKP3`8Wl2ECCsE_D6ef}AbL)8pI%unu)$j*c)xZyx9_eAUHK%>7Rww2*K2Ms&`Az5 zi9PBxTVYdr`A(_R8@vM||7F((HH9sQ)^4#tavLKSo51Iu=<3`~e5+a-ue%{!Fn>EF zXsf(gA*9#G(KSiqo@PxZp3au|AaUsH(GPf|wJJtiU>U7|yyKS9oxlGpSnllRHayTU zgj<@#5$3U9YpZ3-0|PS%_MJ-CZ8wZdL|A;MyN=avdvW=l8o^5!mc;_4EQS7XiwxpL?sqE(Io5Q2@#^5v$Q_kJ z-+8H$2wJ;hC}y`Q)EzVFBlQRFvfQuyygkjh8z`bts+Eh7~evH zM9tR97f+wR#3zi1-Fka+czk+!{J3MZTCLXZ_BQ;#)oPXg-`Q<B z{Nn8B{h|DN6P`LcxxBhKdG%g?0|44hbYzRvisp*OW>wE<6^W5lx5iLl5t3{8SXJn; z)w*qn%%;4oZ4IPN4GP+G`1TyAi>E5{^e5=jw5VxIWsViY5qhB#tEsSdvNB$bPazhu zY{Kbqlp}VV5-w#SWxaypSB%qNVLT0|>J3#6N}wUfX>LSPy$&7%WQY@V44|iwC{it` z>xN$-XKO4}H8%}L6^4PIq#O)G>zZ(zDh*y2hy$cI5j099x>mGQ-&v|5=?6`sG0ydX zP4wCn!7X^k1QBjk?S`8@TGdciVJZTx(RKAIyCr;6Tl^&wG*$oJ1Z5Lz!Cyns2_JF= zI2z*=4~fb>A0SagBaPUml=@-%{fWXJ18jd~ZmFau#?cz3>uP(%h-NBOXpm1(MmXf$ ztnIY^-#QE@wFR~C22hcU9H*cQi4o>fW>OI8I_i^@3}{4g5<>UzbX)!-D^}4O0^j<7i(ImfAR!Ge;M8p32GRnX+~_E zQBadq$0#*T7ho7n*ymmmWc>+KR9KzeF^MULdLZ7ke_;H2iYY({r^Fcekfbzs1ZZle zVGqEW?PoRKL}MtNUa6K-CkgKS9{?1;gD^mO~>L&EB+mF;5YBT9 z#kO>auEbV@SaTVuL87Lv-*=E@B#r4E>XU@suDew@BAnh}@B_;Q5vyeikYiM@fu6mF zq}IS7-Um6IrEnBuIfkTu&c=#Y$)S+3bgHr@jv0^`g4uC`IJu#)m7BhaXA_YG_Zc^T zF>bcmKTR5#yyb`>X}+oAjc-RRfkS~9r$Y*bN2m6DnjafJH3*LXCMqwVUOh?8#x#5j z-^0RiGRD-NPpD@nDMhZ!rYa)HNisnRO|N0$`ZNVPkvjOg*>tFgHoy^F5}V!~X%}@0 zDY-g?4cx9DN>;A#_{tqGp8V=oZZhN$9=d`L}sr%ltWi~)ib%?W+Mw@aM`ZxhPy5;h{6oii=H8x3k3j9SU zZlUBl<-#2nSbwoO^D45u%O8WK9!_YiL-GYW0-m2qXWjHdm*Qa7n(l(>5n?uE^sr zpyZF^(x5H@m6M17C+|;!aoiyk@%x?evXg zg)R$qx#p~1nemR9&y@*|M#x(rBw0v*qNF&G3w~q;!cxM^NM7K?kl!uiNqkGCtdX*` z0Xr|~4gA@NMwkz!;>0F6$tR5gCu9>*&dCjnAlA5io14%8=q{|ZE#itJOmRBL&TStz z-IHw7eUlNcu37=#Xu-nQ+k7$K@?sE{r$(%}&Vje64eELubdI50@Lzv-*2rB%vK-pt zS5CT1#4Fh0{6UG#wg^ zhEQ|&`3HYZtRtL2@ieUfj{Bxzwz}&nFTY?WWJ+lP0YWETDddI7=^<|AR+zi4iB1M` z|E(@0a+*t;wwsdEp$^3vV)-*LIjy*_xeLq6)|?5^fCYm}C9IJ0llq&c2%`kwih|~H zstFm|TGIx3Cli#o;w%OScY;D(XjR+6iQMK)%(TpYj6qV(!E>HYN|b0sCZmk%lVTJN zcgFOUXQV21JD8|ZLn~Mqfel>in)vMMQkBXaD^{@GL>I)j3^ifsF`hWiR^~zwEG9xl zf1Z>FTO!3q$kyL9EhXXq%-+bM+KhCctx8U|=~N+D5Jy^LLh@2AH^;kPu2{WlUCp!* zIT}iQC3;HV;3T3Mh2EUL=xen@`I(w1wwWgWj(rW+s2Q{Gjj0SbPL!5 zF-;|%DD6>r!w2QlB}`px&edoPM~=LaImt0iH;vrvsqmm3q?4)1c>~)49YJhDFo?Y! zH#K!{O12miDK~9;!UT|L?v9(Dn=(OE;8SL)q2#8xr-1>;>3WD6;VM0l=@SQ`xWP=O zuj+8o;&oL;QSZN2{Nz@zo}OKu93HPC$PH0Fse~Crirn5f{^{~qK*dR!T3OgH50p_o zF_di3W%&%zk;-K?G0Xn)Yo-RAK}`gvu(`;(dSI$oxN=>A*l>;#f`wG4d@H?v#hq5j zW)?3En%Lmz*4nL5KviNU4qyAsJRmavT!#iILN`F~dQc4NdW9A_37cy51&ssJ0euQX7BxxZ zVr&Z``4nRqi_-thc9wY>EU;HdrSdR=wMvzrf@-H_`cn&2=eMX_BBxb=*b2saB>W*P zKb%~BclQ1Y{cvz` zad3Kda(s!-E_}EA*=uxg`Xl=O? zRG<*?X%@={=<4L^?eQi$Jv(ijoW8y|Iel~d?)da-6TLgWIQ;J5^y=W%$=j2wAAy8k zpIn_DU#jqd0}bQ+;Nt4!@cr9^3v~Ye;{5FLSlzbDTbPgpy5wdo6;KWlLYRrt3PW;jKL>QlVrWWJL${{G)nG8}gOz4oL z5n11~-tNu7lxrJgdYP?!=Y_!Nrbub znaf+;-qoT=^0J}}t65kcQ>brfsyEZ)tG>lxZKhA$U?r!WFh#IK#^PI=__o7qByyHz zct|!uCMa@UHK5??Hp0oENS$y4mtaLC2(&=qQLr9rU?SExfexjBUN*#O7}l7M;~NT2 zQr(z<2|@KDnBWEtUY&p!O>_{+J3+33;k-rD>WgdO4&4)f*$0#1*D<%*ViqjBssN z(H-Z4bLTD7mSZdgfxe;Ih`Kp#H||fgu;C^&kt^WV)C%*r9yNMmqs2uL@bT%9yjQEj z;NbUz^Yi1=qmzHWlw0Vk0jux@KXgz22B_RxUlKy-YQYyabr?lxO)z3LqY2@vPL$H- zHk~F9eT)SnX_PRbn0}w*=$hmLt^W4Ms#8)D9GTm0Vu(p)XezDG)1;edP1TInMjP*p z8sJ~9Bhc1CO%)?nB(cgQ(0FL=z`M3R-z+pyoTNFvvyMJTbUCoW_KJfsE_XlTBgaSDcO$%9wrT@iXdb?^%`z{7%C zf4p8f<9D^@8E53cJQ~p(!zrCJ@wdrjGWi4jW?HtEysUq~eSi$1gWF zVClVX&aTOrE$+T--)L{}H0YH8i&I)R5Iu4db@fopQd`p3hXg7} zQ*CZS@Qt>(1sgNaipdD4aYE29tgj5oIR?8<8k>}Vh)Lx|rkz$a?XyBYr}EkLC>rM= zTS8Z`GzAGNTR~=wCB5c~-SHLlUfCM_hJTz{Gx3^dJqG}B**wQt+&n?Pg7a&0nB1zG#sy0c}2 zpiLwe= zvhqq5lA!Kg^`L74CpJN#O|>Y9b%ny8yyqN1$HGc!zUx-&Qjil$(tKs5*X#AM7_BUk zFzh{BK*pv7vf>B=onsZtX?xpv#RMozks!1dp=*+7?=vi89QCR-%$Afoo{}!P7x7Rcw;HsgyPz5HND<@tHZmF|z z8iy1eU>Z(lvqC&Eo93iFFUiR_2Nv(win zZ{A-VNWJu1x9mzjD3?OF?Pj)A{MuGkrmE2kmoc`=WCU`U7Sq z^b-f?08kh5Q*ai#49+o$OBb@6Y({g`NnFTL3=XTngGSb5@a`y;&jqRc1XIJcFkGYY@YA~Za4!KY|fN}5+ z=P(GR(oSP`?PFj~F2w})cCUQJjZQyyx#gj~bk!QwyTW8jg#&Inpkv`<1U!>wPFsbA z9)-xl8uuyXWw}wh_%f^K=`>0h7r$gLp=!_|YF{~!O--n^>&@v@S*~l9W~?h1WmH{5 ze}(&^KVd=;$u3XhNNnL0Z4oY&VnHS}@m%Wb+=`eYLd({DUdR_mol( zI08EB3N*Bh4ZUz~@o{vnK{ zk?JXBb{8`ddo)pLj*94$vluel$=Jj)g$Kb=0X@zkZ{~`M+@Z!ciadryU z$DH$M3ftJoU+Or@Z$TwWPru6<9I+T6seHBrK;||2YWC5oRD`-d!Hc~SiXW1XMXgS2 zaORZhi0x@W!;pEXj6Xs<>-3J4p5HO_tu_44{L1d6v+$0_-VKexqLJPLTPY%azWWa? zk?AXS-#Vm*zJTx}q; z^F$iDGdLj)Yx}MLdEHTjUObYJSeCPC!kya*Z&=%-r&hjgST9zqEX{nMxh^>>k6)BU z-FWPZly~H@%K=oLv=;fA%NJr%-u&D$Y%f`bg(Na-@bW1X3XAaS#mVCNd#EFNC3pU| zgo>eLE}D&-e-@pGZPk=nzVA0!!@T4mKt)5>pBn%gIYx^9F43hKE;+?#|N zbEzY?=e14rBnIDp=8=zM7PDX1*R&bZHs;d4jAFZJ3bZq3$l70a%)jiIpJB%=NkW#p zfa%nWDs%d`2!6-_}cCwFI`MOM6+0?yve*^)GD|W)YCrNDdoiu8QK`M`0a)&_vM9o zvPHE)`jmzSGU>RNHHE0_j01OIZTXPR6`T$Lxm)ZW8(%*LIynWHSP_RpVggWn(`GF6^CKJhHlWn#t!TcHdk9?S$#{c-l{CIJ#hXY zo`6|dl_ApI3NWc&ZqqK~4`ht>lC0G=4P}NY3M6R?&^f8h&+$siEa&eJyPz_Mm)NI%VZUAO!vc*bxNY?~Cs-lJPUw*Nd*C>YKz zTjqY^jU8h*ogQ^7J-t;xoR>y z<+;pF^T_MML29jdo{SlID?wvx#xKd3>F;f9Ubc>ntF~)uWpZ8ogBNK8t=UR5e`vi% z<^UX(RQ!JeBj_xsp;%FEp z_3Ld%e5{IeXE_UXW_nZ)C2Q-b){kBA!%5}pl{Q*AepL4&mkZ%4ZvXI))GAO%51x80 z?=p-$n-zl?5Q)yu8FntZ4vXDlguAGOecFEK<9%6<#3PKxfiJGZYa}&ifEf^q0u zm1dZlqoto5oHNu-QY2wL8QMYtaT)N_k1Xl#CIb@qL&&)a(f0|1R6B6fYyRBTVLtG9 zphs^Ej>wkuY+>Ljv>=m&zvlx5a_v-%d$0U?)f-lK_p9Hky1NUmQnKrxbA?(XKVw>4 z#O^aQtM09GzrvM$@LEJ~cz4%P`9~YoyXMc`es{OuIz2o;YoGQWzE~lJn2r1>l=VBU zx9zjjRjV48IZ?TJaM0>@#f5C8dmYlq+~;5jt%FXhXAo1jJ9BbzD{AwZ&M*J}tLarq z{8i<%WAtk^ue)ia2V|t>vl!CS4phe_w_+~_XgrnMPOy45^gIf6KHGE$3XNNING7j^ zeTe!}P#1!SC-qTWk7?*JXPiueT1LK;_q$IJ4Cslh!aP#{ZSBkfgbsh&)B@y8{n9=B z>8neVCd^ECS9PL$_)|}c<(ib`>ClP-yEv*@82DE#E9m{nG+^mk!AY=C<~x-Ob$QV3 z`B{N4PbyR5%abPa$QF62GQ3VXiKf#?zL6pY2n$bghg@BP>6)bAoQ!9J&1z01J^0fI z2X%--Q1@gAZ$9!}_v&w4rflZcQS$A@nHsCw@RoX*L$U~-Q^BCc?xw3{rS)K)vcj9c%QIK1rZ6$R}3&k>OCcO8@@ zhLG&;_TO9_{M71cNx2%KFL0E-f6QS9dT?&iKl@Po_nvkmU}AutU0fT@qVQTE^Jh2Za0zg5|sWhKCe`^9n$hJ z^_pol{AgGTe_c2Js4WTwELa4Mas85F3J~)88{5Wg3pfG4oE#G#`qL>(h;8qyQqq(u zgZLWO^|rNd*kWG0V@RSQ)x(Bmc=1_vO-0(+_ba$wJB~7oe{GAs3=!9}2jEnY_slfV zcBOUR7pfJ0XPf+iD{$q9-kvO5p;KQ5weFGY?aG8D)T0R%YY>82xk#o$NI-{7=tKnZ ztuw}F_!3mh?AJUITy`jl=h$|S{BHlL3!GC)v}-}xgNJ@`z@TJ1%mlOBm&Be@_QZS%U9VX$F7?miX5!n5X`oZf<&|_W?+#hyTzo=U7s`e~GE~HOvk^o{bE|j!*%Vx|Fj`NEL{79dY=n0f8HW z!6Z=#es!0#M3i)C5Ui%~d_!c|#ibuZaxl>(Ts>uS*x-iFxek0Ctc*Z3a1><@LFrGW zS~kNt5EgO_`!P~Y=(Z2A_7)KkX#fII5y~iA=CA;7=kLV@S_!$SZlf_tE z04jVG#e}*EWE#oEn!an|)&w5aJQ14N3=|n)Z*{qcxKbE1ggJ*);#caj8yjXb7wwIW zO|r4kX?1&~c@BR;PT!3U!&wX`XJf;uKsX&{A&`e|8ozZz=PH)2*oY(1Y4O(*+M-#r zAL{s^-Zc$f0A5jNvd_toC4j#<^Ho+j1-k@~__+`~&e<#kk`#5WghX$F1QECyTy&fS*^6|KQCm~pCt*@RAtk7)CB5m*QwfI*;B zIExb_3Uyi$2!RgL>lA-^C}J_oH;{=Wh^UvQkcRjqwUml&D=K7H^hfvQ+NZh%dE9Ip%l%xCc-}m3 zuNhy8@0#arTQ14FrZg?f3=O>IkaPvaXmmf=?UcC*C)TIX(s6NeV!7fTH3U7-!p7Aj z#^}$&%d5eWkjnC7!3XtoEN)IkS z^?s4Q{G2?aapDBN`>gf|?^!8aY(*^VLn|p}R2L)X|7Yne>J-AxHI{U0v#gp&6Dm%B z*~QOPbEM)SBtC{B2kcs`Ddrf>$27yK@eKhfo%46YLd@GVWt_O)TroB^aT|H&C5L9` z))(4J%&0flHgp-SkVQ9D5i9G-n9a4XuDtZtoQlQ~HHoKT-hfdkBvS4qiDE4q^lmrU zQ?gSoNwh>DhY-<rqG;;NRbQ}`?&|C+;D&!VJg${l+Dp*1x<5! z?SpPAG)~n0t{8x(BZjM*5p26FpHv2AZ7W~wDdyH9rmuB+F~)_E4T3&`-iUJl&uMkM=aSREOE_xbqV}z zBnwDWWTd?|hhl^kEdVB7qCz|pr8pzb^Q1J&@t*sos_k$Z|CH z?If_V_JmG#N=5Pa37w{)Jr!2XN;;Zv0@ZEW(lKE4)Win1~0Q4dpK~_O9fZ;zun+T#CbrSlR_Y!*O z5QOt#p&QMFF5$@&2+RT6<@09D5T3_`pz}j9Lx33U&SIJ87tVadFsLX=u$xm#xL_jwAc4atfO zz$TmA-49@{i9hwN_VTRk2(3PZsZ*Mf`kLlBz;kdQOU2c)Mprq5QHxghfw zASGwYnS(VjxgR~&T;1G|M88!9yNvKc;)^D;6g2$DlV5V_aipPCAa$CF>4BdJQIg?_Q3cPeN#y)ivThDx;26_ApDo7`sbRTkFF z;`%PE_V^oQ8ap7}f@RQ1E^-f!7%?+a0aii>-pNgn-1`ke=s52PIH=IEc!K$oqMfpa#;~s4#Ba4d`bW@kHvEl*7#g5vE?7)2;y86cUR+-G}2Lvod)|Iaw)7NlZze3?U?2 z6*{o%kYhRvU1R)OE7q_zo~P9fAqvtRqU)^G$Gz8TguhL0Z9!>2rI4+%_Zo(fmec3q z8+8Sq=AU1wH}ONAH%LEn=sU9vY7?af@G_a^7|O^Hh2NZ3EVg0?L+t$8CbjFK4Vr^Kd1}%?A z)bPSNz_S7cu@b1CSwI(~_H`eK^&0XL9qwDHX#iY*)8#B1ve;{n66H_0ye(*a6=rpF zYFy^+dvP@ci_(q(@YtgtKY408#d9!?kl!GJd5~wsnk-=Mw?Q}LI23%G;gHS51RoT!SpME)zh;;d7%McS<7F0=xlRj=64PaI= zSj)mXs>{Ta)>F0t^Psm&BiE&;X0>%`pw+<434q*DX@W1Fe7zFvo^wHx8nw#$FA=wC zis7yNjsPMX!Ppn(*Dw=jqWq!t z^O%L|w`|sJ71ABdQ%^*l{$A@~{v|qU&=CB>3}mb*H0}`QC0c8$EOY~~ZWsynQ#)@> zCh$m%^pb`4HRDLX*26c8l1rASnv78A|DB9tHZ{yewa?ElDK_a~wOo!yukYm%BcHMW zT%EdUEF-%X^FYbO*ZT<)$mLz$x=?dAtsFC09?oZzOny_vf6&^-#?Hn@F3-PUEb}3m zON!#(8yma1@?@QoBuXgci+h3J)l4sB>`)S^AIbW5#?-l+A-8Hav{kmu?ur>T%~g1^ z?*DvwmP>!MC_GbFc z$!w3L%P?6YiP4hm zbmHWbVNS1IIWoIoh1kg|8vx@D!3+U8lrp$d+1P;hoHUpOxhj*TXK^kglcsS1Nc+{x{*=5}ryfZqKm^9dRL00l8t@c> zS+$7fN8<&iP{51*YZf=6cx3Ex=McUvmY&5yfEJjIk(QS3^iv^|!CQ)d%J4FDMKaP0}E>Kq{AAe0?@DaSe3)8%Ayz z?f^PVG)st&VyEEgB~NK`2B9B^Z@`@W7=A8gTgb^0C0W&KVi z8OEY?S=U~IIdY`nrt{DJpg}B(=f}jJl6o{v>V+e>eofaJw|l1|AF#PvR>KKbrDawASd`|NYb)F*SH zh)X#e#rALXn%Xa&ZRf?d^BaxzE9q}8L_s)1KTKje2M&h1r4;H&;UVhQ0x1gB779=| znmACx5#n*F07Y@vIWCcQ|Nj$*(g}J&YDT;esU!R>rf!hRD2*1FuMj~wZz#9EOkM`c zNth5ssnw9DGBIG_52+vFj?DXY0^^Ai4rvA)@AJop{p0qVPP6l&f8Ol9BP_fo*EIIU z%sGZNQM#VxJkPS$WMvLC&diDd+YHN4QKJ?=34Ys?!>kY~FVq*vU^rLEW)(taaj-{T zBVX-T(1DSRaYbvbe#0rEHr`#ic#ZfMNvK&76cU*G=wtF5j2quc!MJ2DH! zKkVPa$M@J6E%NPlf6Li*wzs$J-9DXouUh;TH>I`G?jZZ@-ibr+)XMGw) zL488~P)s4MBdPi_ir;-lh&R0&+2RlTc4_O5DD6%~nfmSDUiDwSz(Luga8}6i30T<{!KejiSK3~kAV+AeMc z4_^|@A*&nCVHRwH<^vA>gWQfCkXa~%c@`rgURIbp=6Nn~<~UZsd>! zEFYvT4tZ&{$UAnV;l7p1S%~)I>z&-rlyz-;I*Uhn%ackpBJ1v!*In6ZSOQOKM>98? zOa+Btu1GBjS#~O`+qxE5x_GIn%Zwje-Q>j|vU!Q^Sa>Ef>`Qi_8f}!!QsFWxojCMG z@#BIq>d{T`NA;3kZDX6x8Pn@f^{TkA3*wZs;bH?)|Ie4faR)R?Rp zE~-k(shOG1f&hQd-e=Kqg2+4;DLKf3sO@?;%A%yq!`KJB9!fh^>FuzVeX>!=A{BGq z@*`Ox78oZ@zb@F*$g?$4V_l5ZhQ8TyT(%-!MCQx9)*3>#yjLp8&9j(|@SA4~WUL4E zb;CqgAhs=kLnk*OM9&U>YIOj#w%h9fnu{!=yjapgN+8PurYOb&LL3_fAZCvd*pFqhvfBX^Q6^1ZyvPv$?Nm8L%&%EzFyK{tok)o0Ej~lwBc#|F8f=nT zD3QeAuIt14xr~dlK9{e=h<5IdnR^BPxzU7SxP=b)3sg)95tn@?6Ta$lL;0jU_3<#8 zO(h1QAEup^;U3A@#}g^WFj*Z;A|#+f25?J9tJ(o@|4U3v&4kXV^84n?D<8mxyhJhp zT<~y>?-KA}Jxi8^el0GLg-0gd)F zikJ)nSX*1YTR3-*?$x6^ltw~fhopR1fqz510TyedOzVKfR|V=!qR>wwuoTe|!UV-) z(-Aic0_{JyGXLo#x1<9P@zfV#sgkME3Cr-O(sk(;sx4a@)6BYyloo zWv@W}*Ulwo7(>?ltuoo`NmHHBgD0tnDP-!FT5MW_auP>TLe_ncY}E`uG%;>=D-)T; zv#`l8z-qMxUtDrAZo6R@K z(>SvXMl{ybab;I*p8Ls>+Xp}3-APQ)W~C0(gzAh385YL^n|hh>49IT*=Zi4XvccgW zX$T!R@-Sx0XNQ4Jmh@lpDg-E-Xekdf+`_>w61bVc339eeFmSg*9)W^i>h zP3lWlp3jC@a7me%QSU4a<}$})8jR?9S;P<_*3X04$PX3nsp+#(wy{4hs9%~Xr+C*8 z2Z=p}8oah_zvqo`aQXd`jf+DpJ-9S>xZyozG|c^Q6fhZe0tB>zzYzS%9sAeJjsj1+ zHDpt#$`WURr$)t{Q5;3rnOKIrwdBE$;rAs_0}pigh7HG2bd~9%{7!YN^f&3QEv`@w z$8&v2_Yn@&^HgVLC!joBhvo99z!z?Ub}ZPeV(`cZ84+ujuYvqcc0a2Rh0#sw;;OJi zb6tWvQO;{wu@8zR0A(w@9vDl+({b@fV-#Exvp-)9k9I=m5`Il6-^mOa$5-hl!Ic7H z>M*}pQ~sygxY|xOqh@X z;h$vt2s#M5#vqvngH$Mqm38=7!s|ieuzuoCd7p+}KZ$+!ir3d5+R#qM%uc3(t;SN* zqY}D>Kbe|N*fG749m&5@$Uccb0~(HIbRYUbpT-u` zSZGRv@|dmsF15#WkF1eXV}WzLij2ZScb*Md+0!v*B|BW~<7anwDF;}Sxs5D#IST?Y zP>VR^{vNG00R8HDzL-rKm~r--WQz9im|e1%d=whyli~uOpUcxlg3-!ELs=l46FSYu zndh;(q%NcCDVbx`*i?AIGLnGsF$)61-PoTdh$p)keP_KCTW7WNc%XwmG7_=G7fMD4 zEdftbv!T>Rqc=vTMVw=48Zca0#WxIQh`7~Q3slZZ#QMVCV~LKRaQ>$K{^`JoF(H3dvVaL5$=yd zEF`Fz!$w_HD47z}Ep=iq>ma6xXKGF#9MGPEG=hS2MB&k@aUg~TPw(jYB(EDdebS<+ zvD^{%z%gQyCDP`R0$vwta9e1A_)5_P>FTLZg`F+jIYMP+a1l}$- z(T6t)_y9I+JY(9;3kEb;{?b}BiK5e~R^)&PM3=+A&|eoNt(r=uq9*}2%}_lwBgw-` z^x9;M%~bG+pYjRhjG`#LjBvMd?*KvNbrNuCCPQ=*V%vgJ!=;WJC&Y#nA})2L6N7Wb z=Ga-W$T3q-9TEZ~!^nnTnwW7YjJxEZ`4gKL=3mlKhU=xPfF2Yq2F9k+D@mRwPGtj8 z=JycHICIvB{TzjCb6KCzOYAa=37-u)`=6QEe3Aes>q$iDb>w>w3|~X7n(fyX}XCQ(eHOA}dc6QbQs@Hg|Ct`sI? z76(fc^rWB_u&;V7p7^2I2i@+mpoTwn5z}hjgh;D7;#BdMV8luxD#k0QMVFV5SVZW|WMyCy5icsEEB-yq&~-8(e1J+#lTBsUQ_*P| za~sX7)SL$kaFXN$5TIV*c0>I`T^F#K6133V_1;oclzHYwRAza;%CDh6K z4bmHKLw<8Lbm+5~u{~nZINYN*e2==5z1v&+_V)I6?^b^Hj9IPUnjhcUGdcxv}Af7xu$I;izR>rmGHtcC6|jU>PKNcW=ZTb=>cB2iLFC; z`$zGejk(L>^4C^`dRWI7=sI1o+-0G>F1cs^oc$L(rny zhI~_X+B`+o9+yK?NZn?Z^RfqQF@kT#lE;%P#3@qMbE8eJ%_E73EY&0m;yFot5f#^m@-A7Yu&FP(vsvp`RWR1kFz7wOUr-Nq^BnMp_@audZ@_;x5= z_&dr4Kg}W2Vbh5FP~)5?W0_7yrpL>`a`HTtM?wy~#arrgu=O$Tx!5|-O~h-;pVQ~q z#&gw1twd63qfQ=!8*<`7iWa?LjO~&?zohl#4eB6!Wv5MM?QAlci$5K?1nO+dbF6GK zr>wl{b*tfHn{P>69huBT39|Vn1QzpY`?YomxGKu2`5!$x^3Nzm5?c z^>7vh_3Irh^+P#@^^gDjRR49OR$q5EY6~eKvWZo) zv(snpcor~@SLzaga`4qO-^8&#R8psT*8YK`Ak9z70mTP>}s4rt{Cg42|isyU@bTx!Ue5+k9V-VXgIl_%)cb_4@DCn&38z)T=vW7&CeW zPhIJm#4}h_Q@g(xBND?Dkj984^$uY%8zRdIH(43_7Bb97vlKZ98 z{Lt^VI`3N@_)q(w)i+zt)e?&Mf?DTio!)*~r^ICZTXrm;gyS*&%XqJ3VAg<#vTiKP zx_oy>ocFjHu&RQ|5I?_5lBuY#?>Exz{wpNNS-fA(Kwl5^c~8qPdHK8q`#VN!MzI?3 zV}+R{CZ$=YK<^2{EbUZX%QQ2>?XyMOGBrJS-%b0n=q8=f>J@gdkPq$Cx1CnEo7oUK zeR6?bLKazuRuqwBwR3THdC6kIsKkmcFRhiTJ|JNU_$AE3E9Ui+n1=k4#eMK(!N9j4 zjQ0p*7E09Y(xceip2m}fv>A6>2c1@Lzj$B|+1L*~LPJEd0yCmAJ*j638nZO&J6mKE zFW5fUUVh3JDW6~AzIYi&VWMrDy6uA~OyVdA1eplJd{k@d>1Si(7yBrRZ)of>&)(SB zAY(>77E6pR%)_l-QRIW<#>TT5XZEG8CaXXmjAt7g>b(Q8&u)Cqa8>oS^3o3i+;9oJs!%E7SvN8J$qD~p% z)!O_6O-i#M2r2@_aIFA!$MNNe4mZ*@&|Flf)sPd(TFrd8q5>lA!^j3h0N%0U@(os6;r*p8WUY5uS29$1Q zW<_#`_F#wDY;wT?h9dC8D_(g-GOpHn-dypR+MV7}UB00S3Z@tF3REip@z>{%{$#na z-eK1)=ImUkG?_dT&cu6i8(UjjTd!Wcfd6i7ZRP&E{c`KY&VOvb*m|+^>cy+?cfbFS zt?lo>-}(MO$krDf>4MLUCp7+#t

NKe+!RpEcz!X9!Kn1O&K%baDH0X)2Yu8bFF? z3RX4Wxs zgOOibK7Yh=ba1aAGV2*3L``tOXsk@VCJ657+xF=%LMv`gsXJ!!MrzX1M_tyGte-EU zkbFdTxbd(2&j8Y;&*c(5hb5{(*9|{Cb6pJwh#6;GD*VOHizzkKV#tpwCS~I^O4!E6 zo~(%YL!MwXe+Wnta3C&dQJj({ZV^5f;`&XfkFm1g{t5Hq0Pr6&KRLoY8eA-#Ngj8I z81cDcSvBr_0`X)_I14Vp{gip&m|?ydnt3S*qwcu$aTmABIl^G&nh@j2Q}shK0F=QL ze-IQn!!=kB^1yUQEn7WQ{UB$`1us>U#Y$$pS}}Ypx|BC#G0lQ^1n1&6#+f935UMa| zWy#lvsSmZ(-*k5*LWA?Sd4MmwaZ*aFf5qlcp?AgRDLu|O z_oJ}yg2drt8Z&RN+dbafp8Q~pSje3|O0vG|PsieROtb-GZB0tKk~d2E!<{r%1kkl& zul+DR&k{Dp|SY4=RGmza;BbA-DUteSN`1o+AzN>{(4uC4u8_QCU*u z?wC!OnvDB&Qkp3yT?S8zr$um9`r3Hke$uCEGADd&AOoe%tJkaWB3PBea~j2o+3Z8DriNeW zGcoBrqAp0l1$|sj=3T@SlKCJRF{;%&AXF4Ws#uJAUZxk9QJfVB_d26tJF6IGy$v7t ze75L~te_XA@PBJWC-4)8qfCaA3+XPX^?oR|KB0?|w=5~mp=~5NM$?uAu^43Xqg}hi z4oOwR7vij>Icqa+nJQzTkz6p_S%;iNF(V&Keo_h~UlGkk;cm)W^(1DjKA}8eaUFt# zCp2S|Pm;;h#j0-xzE@{83H^=)SE8ZkheegV?yg}@nkAQn2nhPPz!BAZ5 zIXXki45Fk=R~DbLi_VIw@zSdQ4qEVw7rP}o?%%fla0Pb3s*?rZ|D~M5=P%{-FXc2- z=8sWMm+FKIcIe*Uw*I!A(>AlqyQ0pyGX1~w$A2UJk>C-G=kac;F&Wqgmu32bauUbG zUL5Lx$>0>u^o6;YX`I+;^5Y!lT(&vg%NGtIhehNv)DBbIF7`r&XHs_zp&6h(4%KUd zGD#{puXMm_XqeqTiFBrEuogG7<~^wLK%Dv_oz8$`6GxsjLehl9vrq__y~1Q>(A@Cx zKCit$)YnFC-be9h1D_usAWw_fJo ze_y_)o9OjrmAa^M9R2(4^h z$kVISkE}1w6jm6@FGY|N-r;&n}`O!+1RLTzzerI0;)zwrm-Kv>*}_1 zi_V4^9jHOPWwj(CfWesPn$e}G125%ra^d#9(6oTaDfM9x4V4uE0B2ZEgx3$=HBaBR zj?dmY6Hmc#>=DC96Z<5NBDoxphUqd57nPnht zFU73%W-uq9Zh{+~TmnBd3Gmra9_tG-_ZV$+^7`!fu-|DNx0+q)LvN?Flxtd+6}ONT z1xFSbaAV`}?B~;7`=mwMUD9d&*G0S2IwVJD9nw4{QfMN7{M#_9k%^Yih6-YUa>a+h zlZpceubh|8?Z6?h&(*g+2g*b0UJ2z9vO>|sADZruQQ+zF>w_)l@6O9X?HdL8l6@}C z=JhoZSmkIcgls_8UHNUs<~F8Wmh-;BsJz9>mI|~L3vk8e=xYqrbA9l+Tp+~ZqB>(! z7a*@UupwhEQw7riO`Q!L1)M7PrreL|I%1!|(yBAbWX8uU8;T*J;lst-LX2$TTy7Fd zbW%J8VX9dx&8MQBj>QV9=X1fYDo3eW3o{LRN?4|7QHj7mUe1C*Fcb05 zN4k=Skt^BJd?T=};v0g+t#8&tdwyBzp!eCA&ETLi~(1|P`twRzSGHBi6 z4CescM9il@1bHFJ- z{f%p*Fvh3?f-IX1Su6qGWS>>M%QT9D1{UChTAC(XO>g3d17h!!L7p+-OI1VsJ4?h|xPt|(mqG(z1t;yeYkGFIVW97Sm5yU%M z$6?`otS2h{cmnCfqX}+NRcF^BotfNhnFs&_p^@FFW5pq7foC3PiYYOjA3AG^@`5>) zFgGV%XNv}tmC6T5EIfsUSk@X{Ku4C0ugIo@l>4|Nsx;<|4;*qt{Xj-UNe?UAgK~A_|4W?LAau-`NG0cC6h2GHO%%s-<-+(ZAzUUq6Gs9H0+?LHuOsaQ$0iz! zH7m*mlcFExy@m~7w+R}CWG`MCTTO1G&)aHQBIa1%#L*2hKjv#PxL;^NVn;ll?O$sb zIeQ+>1c&SovRe*!0(R@+o$$&b9XXSw$3Ri&oAN#*IE9v`&haSrN4`)gg&>h9QRZ27 z4EXqAbc6dy?1KbRb`+T~iYGJ>{3+j|{_LCTU!OnXle;j|=@eiSChSWYe;&5~Z0~OG z7VJN}+ke@AzQ(7_{`1ZsjY$)4DSqH5bG%)^rMObL2z_xd)4)VbIYE#mm45=9Zi9eK z=xrqsOxP*{TDk9?C1XFl9Iq5wm>4%+g$nFA`ZG(jC=hFvqWCmcXtl)YH)RVo{0 zPXc3qG!EwGg-a$ZCfiwUQFLJ^BTk)^A~kgneLG5jR(O9nfOQ1~Su4g}y$Pbx9{Ko= z#UAO!LL+I1NhI`>m~?39j#*5O>5!9?S&;blK@iP6(oJHTu+hBW$DUrQ(hJovh(`4> zi#Z*xiC7WB)s{A70eUDA1$sEBkIHudBiO|pDS;$du6BSm# zR5lpMsVtE*YimTMhJn`*mmx|H+}elCr8CaRyC&E|cq)bv1w9Nk@+-oTfIcS;hG>CK zl$!{POEu%(sCx=ntVI8rKGaq?bP1> ze^}`L**oF?%}-JOkAi4OgD)ulACmvOTd!W^<^Rt1%fICR*Z3@x%m3c;0{K)FQ?3c9 zl9>{eeD7@UIDh-Xf|QWoB0mILtp`3jK}b9FlR`FpmC?-7`H_>E!hDB#^gUu3v01)J zqYd%u_xEP;^H~s_M}hCovlUHON+{?|b;*>3&MPcU&Ng|*$IpzvY}foNiDvGYENEq6 z6tN6pvCR=ns%5FDiEUA#HGoCUv9>bge{)2ABYzb9xyf~yIVg%LL=+fm6_UH#0leY z#jBkCZ)fY}U;5wI`TXD2|Ng+6GD-d1O7XV;>_z*6pW^;c82^&Szg71CZr=X)^84Mb zzxMyv`20Ece?knEy$lL^1wmjbNnm9Pv~Ck{RR!23pgf_s2WTgROQO(XcC3fH@Mo{g z*ZJi3KY|gU^kWVme~~tp?*A9Bc6VRq-~V3jZoT+x|9_3o+Bfx~AJ!qDqOwMg0y^TA zqvPh={)dJ&xA32*4J*WdcKaX1UsWtY@V}?3*jcaNJU>5fA2i<_w;ERewAr^Rm4k~; zr*+!vzi)NA?X%NHb-Pmexzjv9Z*}_JgHHRr*YABeZ}mIpCx@*!4GaHkm6ka?JNT*9 z=^vb(oS$`D4GaI4e_EAFw{_ZW_uB7U{hwMN`tO^^7os11&O+`d{xu*w^vAyEv9RA4 zom(SafNN0xi&t#UE8P!WsNa3p?6eO1kn{MWbKI~H+5sKdFXF(;m+ZCHk&(y)`@1LJ_dv80fZo^82^x}$#o%Z`y zr`Vhq``0X9T+dt{U1?UbL}`s~t8>~sDH+;~vl!5k7S>gYZ?SHADCH}+j+@VB3=VGLO+=|GlJIXJ!${Mv2xF3uNFl1^7$ zG;S^**=hTr+3g**j~5Ou^j*r6BR_a(d}hy-B>2$k!k#~5mwqT8J$;B}@n)_Ou!trX zhjh_TR$9@}WnQMxn1y~KdV-lE*NEtm&K2*69Nf1hZc7poM6=Kt5M3dRR7(5sGLnH; zsb@O{I+?Lo)>fT6HC%%UJIyz5+P#zi>NgKSJc7W;Fi}j0Lq9qB9|t>!A|%U4r9|52 z%SrfCm~t^cm^=@9D4OnfKXiMolm3V1iP#JvfZ@tv8D)ed?SnWJqSLt&(l7lLr6vB3 z;xS*MecJ6ckB?g&*^CUFXR&OlvPRy*OM+Nsp3pFni7EV$3}@UA8RsO3M!s8t;eurA z_L`@M&EvCEF?|UQJsLzIvy2jw`(TP1mY4|hS0zXqmJ%G$k(P`ETt~x8O?w-1Qb}cx zmZ$1pR{CRxB^p-dPotPx$cClrTFrghw~Qm;p=l4Uhnpk;EWRngobf9?P` zO#a8JRGOV$`>1))JL`Nio$M$0))U49O@G>tS_ThwV%QG4p&bR8D5-JU=H)cdrg*Xq5r$?&U4W&2p zriud=#gzw3ZahY$?IJRt!gZsRmK1xdXJ-JtwvM4Q&pQZqK4D?P*YG>@E8G0zgeI|n zThq%|oR>oc98-CA)THFbBA2OHJzXgIufC}}W)`kkIkR+Y%6XfssTMr$NyqZe`APq< z^(G}EbmRVE>!^8g+-q35K%i89sCtSq((@oCB{ojO%CFuyn#lM)@Rrsgs(!+=9#m-~ za*`Lf(VI`xw7aDZDjARxg{``fVmkjuAo>`u32Mw))%#pWz!|~D#TmCuDWqzz*ATx- z^fHZtzvu)ld@OFjuaMx(s-Abw4lfRRaJXB<4>QPD)xtqj%ls}rCG@S|yrH{in4IeM z*X?s56FRMKcYp6S%s+ zVuz%#u`fEu7Fi=l5j?s}!=en@P&YEz>G}afk&Ia~i?M}Ezp}KESsXY-_HB=REa~yD zR^`6ZX}xXz@^8PzoDFkFIU9fAo^m$wTj-(YzTBp9HZptUp@u(WS2!DT6D(;%v%TiA zf0l63r>bBhc+~5c%lmeSamZ!cK=( zGZdr3L#8dO((d+Cb7~n0Gy)qcfuT@jZ&<78%O#i0RF`<1&b*A2)s7wXmHwM5% ziY1iM%CxGP{2*`F&r}o!qJp<|%EHTN26?aaEg+lS3SxE<5=~s;XQ9VpQfG-P8f%M9?;}6iYLyeaQ%apcT+qzptYaaT;{p-CVoivNmouD z{1bDvrC0N`yQ(tISo;0Kd6I8fxmhwQs<}aRGyUP8AF2JXrv2Yr_TPWK+kUlqFVu;w zGLaTmibUGI${JCoL(QwoaBgJK)hn{Zw5^yI0ARu7UcJkjDesXNg=9!UX%r^wM@Xd% zn!C-(uLKfmX;#(;k22#+6rzkJN(Cqb8SAE+e>AVSfpI3jBvT zsot3voqIE$43eB@H>8esFW;G(_zGL|UT;qQu&nFL-Kl@b?@slL-gUaH z-ED2&e}w(FwfUlK|LJOa|D`>ES8>U+Vk+cgf23XZghY^_hhlm0@&6vU3ZAisEQrDp zYzc8~Bg0vu1mxN2@dp5Eg0Mmi>GKo9BXY&q6flt!jQkU<7DhJ?Il#kZLIt;kurw2v zj3WeoiVz%Js>_;PHBX#e9QWGi$F2VP+kW@pT?@p50wzdi)4~k~!K~deo6v=boGY4E zjnudDRpYsS)u{AGEIEO3oXwKyEIEtc)7YoOfPs_zxeh|!wg`^~2hn(v@^08{P z^DEXmKIjV_^nfJuDI=Cy!Xo>m?y>87I12)@v;W;T`Tcj@YV{wMHokl$Ru#XuNTWfl zEsOk`H@leKI|403vViDeS=2e&t2y-h(Eb}e5i1o30C#c>3N-|Y`Zgx(K zHL7=N`1jxPZ+Z0&C+uF(vBb|n$|6>d8VKG+M^E#kITB>@{*gr+z{MpEGXUWCE55ok^;M(u`xS41SYa9EH!O z-JuC2Uqpp+%dgz%&1pVUDTUUKg?HX?deB(>D2-1%YmJ4LVBNhic#y zQxpkVox!;r=GN?-hI zy;i}V%dZ<&{r69wZ1^8sDhy0SpLQ?8rlOemkolRj{~=rC`+@l@$-Ft;Ny2+oUkin_ z1Ph7vX={5c{T>4!wVMV1+3l9*13btNd+e4^{TadOA2q65X-3dyrK1VxVF(m-lU`xk&xA4Le_UQRyDvZ zgDu!kAlEoJABbfkv#By#p!&^g>5ixxjS_p5knO^bC`=LgZohn1RE-eT>wq88Nvqc^Hd8{#s;(C_VARrTnP24NP*v8G*OrX9!8z!*I`7*D z+GQKWh?OhT>ogD0SG@4cyH2Zl*s#R$m;RP3BxkFC+&*ok>WQ9QrI4ULQr%WsNRa?I z`7R=0A6a!PC3AXY(ph;*wY0Ah^K0WM&;B5mK+b>WdwC+~sAwgGRLwD^e~Br|5dy8F zMr^Xe`pT=JVoy9P+WJY+mU@y4uV>+0+#vO>7_pRnF28Wd&*)j~M&N}&{P5Bb{e+Pq zilz>^;0(ok5)qFLXCpW=d(n{}l-?_yf1vyAled6ekI?1x3E+a&)5S+p!MSDWYeM`>L+mB z610B*J@-queSG|(NFg^z#ylxGx2BT5r7I%NT;fFxRtBuy8Dj@%i|L}=FI^RE0x?63 zl`PfrB$}SFlu{Y+;a1=Y)mi@Fjwg{vUcJ~_ji{`39F5d%h38c4PocOp6a|Y#_V;r< zsEDFsJu;4axn6}WaN7DAgaR&A$~9%Grj-!_Wv3#ss{gt409Xv*l;%f-RJt48_xBrPLN$Qbcc|%#`8+!KFy;p0YEvP>Ae*_iB+a zRu;QIesZ{I=4*|q6~|G^%H@5{PzAG#RUifVZ(Fy1LOz!m3`!8%7IbfD96pNV&&|$h zv3qc>cnq1-vtFx6W=Msi5BC{OEb)_oDNDTA%;^Q%X5#j=yZdo_QoVz6_wc8}WP#Et zS@g45mGH&`AEKHh50xzK%xw5s{aM<2S%X5%8J4rp9K4k+t~z5ql?q(-Skhr0$!SP_ zIGrVpto_Air>A=_Cp4# zs7Ti6Bqq(a?N6bVE}Yg;%hwLOGsKqw+zaM07DfkA5Y1xwV`gXMmQc{RUt94*+9&5{ zonG^_M^>#;y;GgZ^NDO*anXYXS8eeLpVGF|#b|}8m2<6kc6f$aa44<`rhKA-I}3#F z7qD=YjEOf7>BJY3aE@uBXhJxcY(#Mudg9t}MQGq(v697ka2Gx5Q#Pn_#*!*sqq+ls z8lrjOey_?phFue4{oo1vhKyM-NeR{m{n^2L>YCI! ze`Xl*!Pzy7A=(gpOgOn2`|g;y!3-V}(ETLjk;<_b!Q(JYJdYq{pd>hOC!VS44v3BS z9o1KE`m#LZic%60QQVPaK}PGoFYck_nv;A;|S|7Jx}n8d=2! zQs;CO7pW-~g9$S|{qEI(totEP81*2Zv^(+k$-dEl%xzfgvCox5tj-anrbxChoF#hL zOlPz6&9FALENa-5wL=M93|Kd!N3TRnFj%ljv0LVnSNn#QN;PpDjd<>IZ0hW5`WXj# zQ+}ymi0>}tbtz*c%TyJLw;wmE>zP?I)w&x*U&Co!X~w$sRe734;=q!+S~r(<@b6q$XQVucB+OAUDx8^23DZH3t<3c2KUT8;`5)_ysLX* zRqw9Y{N5tpeW$8}&q_l|ez+TFeyH9-oA;G0rL1B1ip{e+f*$uzY|a}R@aK2*vi$vu z&3{j#D<+MVIdhThV!2I1K39~OP{HowQZCvwo?nrexbc%`ANSyub??__;@?m~{Cg*r z6sfHeyj$)}qT){XzodGX8QeYj6%0dqPo$DzTiw;}E0qyT&c%gZdkLLg{>0|F;2v|{ zbF-_pzjT_e*t|GN1|qwg%;1OvqoIsUmV6Oinl?rd!qN^o!X$J-KoGrs7P8wZ%4T(d z%9jUZ(5&gh4vDqMGshUvHL_fFM-FLK9<7#u#1uK!QY>p~3?ZqSh2Xsc<>3KJx#LLN zN(@f?@u;s{4d0!ew3b`Sqh6t> zPcz{?(oP3r5#8csmTi197xMZUz%g)0Up@7w>bN&--R*=xidUiKX0sA#Cn~UWCoG=$ zAs9MKd>6#k2WVH;v|18{#F%P4jnn}lUlnq?fw7hak2_b%eK5JsLJX=Hu>`}ffyL17 zidM?3w_UE>Q@riIS>SC4CKd~heC>&r=6L)-C&4=wOj(S{C&6n|Ooy5Y2sF;g+pWw7 z&h=fP1Gst_gZaQhFjFhub>oMK`A=Cfmds~|) zi@%8;7k59-cdoSP?JU%}%bq;fpC?G*e+n`VDWjhOU|HBP3H%U%kacgQ>G|2W{8RW0 zPC-8un&19@MhF->Fj-T1NoBy57%2_s2{@zLGAF8eRg%aU#PB#+TO)@u)Q*MMejJ66 zdtGgPjyG96ppr59@u*K|5UD@4dL-z)S2u%H0fS`X3Z^GjohVngUaPXUChAHJN_AyV ze%)B`5x@O-L|SD%exM#!%^`u2;%5(7VI1)!TSLZql-9s8VIvhe+*Wv#Ult zXyiAu^(p+;-j%*?il7DeI#XNHZa|{jKY*GxC_i(h){d-f6kpnM;b<*weWf$sY+o8803<$i=MBrFelR!Z z23-BG*-;dDEN)oxPtU4k=5;cS8Ry41kG!$$5SQw|6N{zxqtH>cE%|=;z=1B``0_ix z&<9J?T}8Dh^lCzHfsREi<;a|6lB6Xc24YrP&Pk|HaM} zx0)@S=&4uRL83_o(Fo|WoKlMc0g}gmg#?>bwG)2T{0_+>GWCQSq|7Pl{y9)a)O9IP zkI&wA&U(#W>)`D4sG{1Dd$y`s3$GnM=YBYfuHY}(+iGq`v0{Eb;oC4u{7cBH0e?n; zC$2Ho43DCKp$TKR=#Ri|6CvcHkcj!$Kcfkg*x!Dzzn$3MBHjih*00{BlYd{iuVhD9 zBZfh*dS}du&|L_AgLflyy9pVmlV!L0n|YT`*aa^*0ixz3e#lEH36m~%K?q zS*^UlDV;D?B&-?7W;H`aY^ZA5qEbz(IZB0Mi$G82jHhqR=JB9Qgpp;~D}>ZPh@=Pvn^!M`1#T&uVz>5hFog z98|u=&josxVUp2i+$HCajQxBUO$tYlaWw5@zQ@@)y8%z$>aO0eKQpZb&o~1=Rq1T) zUy^CWxeu3ucA_vNCQ&SuaaU+E$(W*fB?_6cw48ObCnC<_8=%>+sz%@IbULjkV?Xxn zDUFkPU6)S(WmR%k1FM>&Syb8zjT+QcnFXt-ODTLRddBlPw+cAB-o1C;$FmXbYK;5a8E2b8!}`6 zf!v$>slz7GHOodaiyIn>Zun6tY(lnXI7BFaX2-0&hgD}58hrw#gV2QR?C!mMNygDE z=D9u44igq%)1YC!d`Wh8$p-vi)tzKDkrZt6B=Up=ESI_Y?&)Wf_NDd-Oi6+B-zK>M zlem~&vEl3)yr;o)SFG{`VdbgxLKhoP6dzMLk7-EDRAndP={B*d+1{hN6Gp|2vMz-c zv4bMZ8270k)G1}opj9Kk6HOpr+b-I@&DI`A+>rGDAAA1-AIVW2io-Hs!#9cHhI=7| zfGM|TSJHYlBkittjqCx>N~2xbl184HwY}EL+SYW9)M%!A+})!G+5!9H-kWg4BZfc> z*vqjj3d8O{^Q>RXy zI(6#QdGz)Irqx4X=8qfVR z?F~LH&S`pP4F=F7Fp|R~_yU(j;5%jwpW>7Id zb)-S~k>>@xl>8AeolPXzN)wk!=Q~@+y9wUvBZm8=@HWPtG$EVoQy?pm1`A5guoaTG z3=fFgnCPHlC1~u{w@;5OdfPp+ID=sY>wa6rS$ibh5RhwO2qOoUWPbzEZh&~G&XKWC_f#qNwed{Vd$k4im0htj(cOP&gcB=O@c5l*&Vag1_mj0TcIA8`?boqot( z?;-`U;rVFr2_?~Ql!S(;q$D>)!ZfuCM=W?WhBMFwx$HV4 z-K4qwWLx^%`V2BQF~AuhfW(dlIT8qqs;l1U&=Dt-aD?z`&Rum#nthFW27yp6kzh-m z+Cz=rpe`{2YE22Zh_j1ga6te?8%q@Ncyp%~6aL56XDH^#ty|e$P^4YY=&WBi8$Qgf z!E!^=gj)Eu$Ar5G`zZDl^`N;tA4T7@5}66CW~Yu%>3Wkt52NY<6D9T&H}0Rzb^sq^z+ zhsQr2JG??1St~RysjJhU{_xixw8V=f>1j!D2I7_q;^aVmHf8Ix53%osC*RO>bu*O+ z-H`CTBFX=sLWjlGFiQmacrOUtTGT!<$UyB9#8LD-Sq-6nk{7~C#JLW`D3LF z5%#oI)1bi%jd~GpmXq$Hzv&@#<>w>{1fVoe(c`u4EVjzaBn2v}-Z(U9k=X#NMCQ`4 zc=~ySYLdfJFX#n1T$zJ8v-zN(9O%+4Ix3Ae#Q~D~B+6t8UK}d%kq*0)Vc-*bo2U@P_-w8Y786@A+skHrC;%Hi?`EC(bO z1JpbMjuWS*P#Ta*+qf)}1&LP{DH@)z{Q}Y5Ch)r~FDEYR4}%q8q*EmGAaqt*$?=mL`$q=d73krzRN^t5)WE!w*saN7UC8h!wxqW0@v6Cq zD@~~?*@gtFDMmi4Z*Tx8>EyUZXh=N`uE_VjL>)OF^n)ZJ0qTWbW`Th?-?k!YYC0Ar z5@ONN7KhgxrFTR<8P@bK217SBiV(i*u8~b27@YD3b^GlH(k37a& zTo_qt9CMgEBgc0yPhUEMpkjwk0;UN<6bB@sCu;;}7!^sA;B4-P2i+=7c)Mt?K!-BA z5O{!nIsL$Ph+@HCF!h1TpjEp{Fk5H@#Di-(Ujlq8a8ex=>CPl=l6$0VQ zvcKws!7L!p2XuQk@nWr-fxUuH)iY+W6ip)%`u4H+;jzi}=r-+uWIy&RCEbBR?B7z6 zyv2azK}ELFG3ePVkYhp0@gWW~gTTZ|Zd86y0MH5tU_^aEe$a%a;acFC^F&|Ow!*Wh zR0k4jS)gNq_B$LAB!N$pe^P6;s`iTrx!bf?h~FB=xXvS;l7N*onX7bDYOM4~nK8Mc z0%<0s&qPa-5alF8GX~^iI9qT+(36yd0{3H}L)E+>W7Qo8Ei&QE&7IXMHu^7-LjVw~ z+X%R7VtOopRS`TNJsstznVPu<+&Xlqu)?Wm(Vz5k5E55o8j?f2yAt>;bZpYDAyK0E zh16_k%3RCWp+nq`k{iP#gZuXl4GlH5t!7w1ndHX4k-_1ieFwybJ`7mo&Hj-=B@dirYT-V-ev9hmz!m=6w^p4>TOy7qkTVrvnBCs{z`%<;jW7(6YhEuF+!94<8|F zs{m~pLNFwE1|aInl(`0+Ms0y)niPnjLmE-0>aLzIFCDgXM5ms)tTRiWu0^Osi<$y{ z5NZHjVYwG)gmztoD$enYwpNcOU>CwY&W{+~V}Ddf~BOL2IHXvc|b z(;;gKAE@jlyxJm*HDng!fFBAr6FZM*HKEnEvKxoHC6;R@5`4?@71?dp>tkkM;)q>2 zei2)bh_jxk^ARhQpD`A&TO?R;-N46*2XWO57?g?OVb%4Pso-RU4g12xL>wm2BjLi}^KG5`8uPZL^PRS>c|Y(nhK)K!jhcq6$1*kv38W&|hG6(2I=MkQ63*=BgV?33 z^q`tFTkr{9U+UbD8^c{=z?i=gdx9QB}mRFpQxZs4}wM4wWz88SYTJ}V4WG)!mUiK z`Gt)$q8Sf|SeBRERR>g{8Q@D6KN0H{iiYbWhHr$n#Yis+ts`i`bwy!^?T4$lt_&{H zgb<_oFQ|o&d5TWjKF+HVy4jSM>}tppHa^+oTV&#d;@8bG@iW~&LI}OO#FOHco7c5vyI3yKd^E6>6yL zp4DD3fPuz4kE>Dv0}q7!k%+>U?V_IR1`%}`%?i@4WnCF{kxA|sp5TtCBjE;m-4rbs zl}5FSEm3TrVfPWVPkrJY$+0PHY0wVvZ@Ay4p~7Wo>j86gLa?ENi!?>7-EtU`$y4~2 z{fabN3&CJ*B*b~E7|ekfC*9E+-jT&A+3v|lZ25J&fcBr+1r(kE)ubz)?5EA#R&0l* zcg{F26S%a{kM>d>*v^W(3@sunXOk2%bx38$G5VAp#RNM)>x0D(1_7+qv1TJ4H~9Cs zxp-s=A;(_t5Fl2lL(GPs%^Awl#m>l*Q%>j!ykB+k#eo3FCdSf7i0d&+2TisN>@*w3 z0E(B5%x{ibTCzEigzPsMcF0wkM>^EI?A{gxoNN1LUp?*e3<`EObN42HW%&%dD=F>MJ$KGoj#K zOqR6+`*^T0G3F|XJr5k$8AMVE&(vP&${xe!;{|`~=w5vYo_gw^;`pKBs z(;E9x@DQU))m`;N)sX~9WA7w?$*xbk4&O9@!I(eZGg9@}#5Q;A>f~00#Y2K(35XHy z3NGnEy*zIbtHm6+w5krf14N62*K^0@#gGKnuDXkCwUg~h6aZnVFq#u;F?6TQ@Q}8+ zSb`!t(fU4;@arN*RFH~GFasX_F zKZ&00bRw?x8s~8c5&9U(1LTd2fh2;WJ98+V3_i4Qhhu+;q>bC^NVmWQzFR@sjI*rJ zqV4$Uee9$nk0S|_@a+_Wm`V1dMUDER4g>tN=vfMf=W#c*^&0+4oMn<7j|%o#b_<63 zX$m#)h|MBGRDRu#@3X=K1zx7Sl&Kjkkvpp~+oO?~QKC?z0KV!)q#^qhyJMCbG?~8x zcf}#W{%EIRPe?u=TG6hBhC)5~w91K2=fKy_g1WISdO*|-2X&(^lh*tFY?6Hw?(saU zV|0_JMjeudOKugD{o!G|3oEjp=D2Jv@HI*C7#HJx=*WBKX663C8? zfyw-lBNNj{lmudg1%wgmNf45VQJ?^Qw@M?8S*oHg2Mt%uDyuT94wod` zRkwGRHJl~R!BtU>pA>s-fXk`vyd% zsLNrhAeE8QcO{nus|d1s$@G^wtz=9RN69)~~xrgW&Ww%S$+)Bn}qPD<@!@C=(hDh4#%+ zG8d8T54uuSCW`Zu`O)m;(R{H)&MG9=FXEiE;~J_OW4rTp=y_p;)ermhnyr|w;3>Pbq0sa@X`);OgGrEP6s>I(O}2U_+ZDh zgJpS~l;NVs(E;m6O!VdUV@B=H^r$gzWZW@ZTwr?JvcqvWEjGBo^r*VsC2(ckDe6SN zNa`)JkVw(~D}0raZg1&F)bzsxDAf~Ey%?B5!$&MqALN)4$wAN# z87SJLi8CO?1j~w8>wC5x7zi{?MDfXR*qb#ConN1XMORAwrfS5v0znC#7Wy} ztVKtpj0UkKc2XL&<$y(B?MzzGr!BpZA-WO)2YLF}R9Bfi5%^|Xq%@vX6N-}s~ir1V4$zHUb??cTot3>NtQeB{CJM*mMJM%fK*^XUn z)LPbn$Rd6l-nA>Whce1x^k5%-AlYlOv`XtRR%MLjVfyzz`gfK_ARacf=tjqin02^! zPm0_&?8CoBO*wW2@F^#~?A|RsIUEi!vIh&e55nsha+=LLB;Ov#dB+eCSG}if^`h(%5`8? ztDp)^oJJR4i+ZMwkCXUYe-rAaXV(-paK#idy0Y{fyw?y@P+l@Uvy3(z+?0H`v0{3? zZ3+8L~BFO|XzvQ}+%Qg=# z!nLT~fV|>B)H{s|Nz<`kYp)dy`e6a4md4uX-q=m<6CYYg$L#CFh35QpazhwY6aUEv z(o7pdNE^S`4*kSAIhR6`vi4EQL%Ti`{j#OJIWBngPkXOS{$82~a>U2AgJJ1!GE!&-^tD7*0Iwh<|n=&V!A6^Q`3A-RVpYwP7<#+hN z<$5$NNm@!r(!hsuq3T^X6C-{c+IDC~6L1QX((scT9EB#L1s_FIej^S-dPUF8(kz|X zu9*ofG)D>j6Km9b#dfUYSA<1_+nOyv|3v8USS2~JStSfG#{hXL(y*5hAyWI) zVU#bmjrCoVjwyYcs$0^=XntxYU(9LIQQyVmBDWL~p?O=cB9&Iz*$tf|7piV~8JLv- zJNj0`y2-eDGmnh5QXP+_I9iyP(Nk7=6+aTGp+wOpyC}vc_AwhNXbW|U(~;xzcN?I7>6Pi9r8tR5k-Xbc^&H3V3=HF z5ZpXyEtvsFup@j(mlx@}Jk+AgLtE}rJIaGCx;(h$E)ObQw&l?9uRdxb&K&CNj-|Sw zKudHixL})3hkcKc#+^fNEHs>;(INC>q_J2pHr}_#zCH+P`(Nm zb&CzsplL{gKK35#nBzCYf{r^w0?W~I&`cA1J3QBv%@7;(bGjb*-(j!Vj~p@E zERS*#+eb)CK8RgVp|gF>_OY{0ie0LPAm$NCujlZ#AM;7Ox?IGbvjIdD>K@qjnEW0l~YOOf8MSX3L~0*VU&BrIV&=naM8K zN(yrrzuyG3+|~lb`>0v1LJJ9ZmKuF8i=xg?Paenl5l9o9kI94n64Ri7>*1Kvvf1!) zP7Lh+fFo1UA!rA5t4GUXd~5-pkp(zd=w=PJZQa>2WU1+G&jQ3ONVh6()luqc&A5KB z=*2G=%KA9_7@=tx^y_-S^nH8L(FS9ytATMZ<8S<)raix6a(*mZ%FY+^`O@ZDUKhLW z<5LAD3mYoVp3qH+0cQTvVH=5#RKU*QL_q=8VYJ`RQ9M%sCkliXu0KFHLkvCEew?<< zz@&C-C7Q7X!onMz6JGyF&c9HkG53;$j~^3>36?>Qs1N37UISwr`FVQLcGeymW+o~6 zcb<>&5I4=l3YOjQuli}HtQ+YvmSLmF@rNO!3Z)P_X45F@ghK_`BQoTjV9s3C^aHzG z#J&a(4U^_3v&GWH=ow&BX|S7S*9gAdFl_YWPFXhkWgAhe!xKFgC2Y5{Rfj%dTS27m zq%bW&%YKM715(mt=eZOQanszXVA&0Cs-JesnUOAISu%`VbAEtoib?j%XHOU^flRZG%ZP}m$lGY zYt~N3{kqY!#{&OLe|N_JI?|98AOIVY{@M}YY%VO=!PFHGk$h%FrOtqerUTu)l#bxq zm7tD(-Lb6JbQ~|Pby$ke1);4x>QHX$20}%*1aL%sAhR#XS{C9U=A~=WY`DQXuyHwq z72ARqduT(Sdrjs&>Z;4=tGMeiI3z52So4NDs_l!uvY}6MRf?%PEl7$XFrU4Q!E+1| zRz)mmI_u26liL1F4+2=L2kV55m_L|+ok8-&M;~S~z+lOD1f!S=1CPT{V6cas!Jq>+ zBpCdm21e*sU|fr9iE_l7C;UCh4Nk0PYERMtya|OVr6aKmVy@N8W97`8v?4zt{f%_rSl~X zi%ty)Q&q$#3NmR@oqiIFUq_l+0KEaKlpvNe9bkH%xeogGITmSwbh&{7d}NOdEiaK&UCBx5_gN^ITqePFVX8GMrl%`!{-!()_rqH@#&ErB<} z^ULK(S#Dsg8^Blx$AJT;jfDDEO^=3gp)b|CH|SLsVV&tu?h_rpD{jNFXnrQ7L__lZ zgfrn-a1D_T7n|YV&t5v$G%lt&v8hYH@=YcKk`gje|9;Y|R9Bo=ePdaoaGSWfUxXw_ zZXYkr9+^n&l8Tm;zsw!JH1mm@5g0gglvysrdazeBRX+N9zZd=5_DOncSTP$_1`PBE zF6xu%^w=-Qw`=t(sekN4ALJawg8~bHzC{=u^Px9NU>I4C)T^&Rh$Bp^jq>vP^TABR zSw0{0h69d+Y4n@Xmyo_?yDqEp4JX~jJWl*Zscc&Ffn9@cBgiB-#6L#{hf){Ho=ON{ z#&AqEehaO1%l7M4b6w^*N>F(hrv#d(@Tg*n2;;M7WP58k0WJ=ztcE0MWbog7LrTw1 ztMXsW{tcaqsu0#eQXC}c#mS)|t}N{XcGr!Saoii#C0Mv~O1RlIEij0WC<+O{h{3p# zHAedmc{Gwq%Hwa!Y%h@^DS#36N2S9NkQ6@)_q5IjOoI?;0dickk)M852@{@+<;fPe zwDMBTC9xU2aZ?-ISd8SX2GU1F1Xm%}21qp^>C~0zWm&I1cwNKx&;iQ~mV7jfY`snr zCKK$bBmLM!ArqFiOb!i*FOTM@av3ApU$*4>mm4@4L@|G?FiH;612}C!ebu6+Ftal= z7_xD)9Ch!%xV~zg#OPi#F+;Kv885W!MuJ5tkVj>=R(E}9B#!1Lr|7dKSgjd}!VLS{ ztJjRgSne?WllcA`i3G`WN$SSyGNX!FQF(X*oeZ_Q4=uec`pnYIduXqtC7Njw=1`*$ zGoffA8U*-kBE=4{nAb(ik?thU(Wbwr4Qac*pw7y*3uy#ty%l_R$3Nwgjtn==llTv4f-J_sDjPON<^jYgN)9V$SjROvSYclNc`DT|+$kE%B*6^BnkFX>Up+OsFRoeDURbMD_oWwXC%smyR&9r7 z#A9XX$L1#|4i~b8tP!pbi#|t_V^6Vf zCY*|k;F75kG#0|IoSeLqqp(^-AEi(~ny|#Fi6ez9cGfQ*FP3ss^T)GOlk*eP>0&86IhiYDA- zHF_mE!O1cd!IP6-%Tdfys4~x&ECngo#PSA`0cL|i4|9Wuqhs$Pr8Cj~NX~M&gjI4Q zekNGjqeU2mBb56!T7NI4rDlWPzzwdyOEPDI2&UzBPcM02eEQt1EmEZ;rNXlgy8>wptHvnFqRCNWX+QC;Ma_07 z>(MNm_!6jQuE|dmgisJ4*ICP`7lZJHs?0|^QWg71pQ?^8!#_BDQN}o!8onqsBsOX| zMHad&L-P-1`i(=WeW@XU{yS_8D5*kn&^cpjJ;~A$D=B@UI2_S7{GD>EfJ4M_j`fu*nw?gD}Svsm6ojp z%{U|Q`N(Z)j5N4X(;-?i^yr;w|y;behqcWh1HajBy$6+MSZC$r5lyh1@jbziIr#AZub9n&sXT*$C!9_9!&gn?E_m z$$)g(p^JuW ztYGPn2(MNB&eAvYguCLj_p)f9Nq12wFiRdzx{FeE^cE5DV zb;NTU^>NRwAt@w`Cbo8a#6Vbealtt3k}_Y)&yOC>jb2W8ABS5D&m=n{1}U9~(BdTl zB`mawSOE}W)P*vcKQcc)F`1j6&Q9erf{_cMgWHKT6+R5jUJOLk=2>+Y)5#5~3za9@ zS$$)trKM)4M^1FaiouKW9IxFS1wS^;!LhEHBltWP)jgy4VJ;~=Yi+-2M~fm zGp_Lfv9i;c3o}>(t4q*>)Tanv;Iphiw0yb`gCh5%!57zj=0!Ut^U;wf4hH440J_DT zo!@>k*j6Iq%3Q|@vUpd)qnb@_sMtv!0+iihWX*>K^5be{t6Ks04v;njRk$fW1K~|g zS-}Gc)wZ|W=S&tOKrHM{`KY#R*&Z0IEAJH9e(F?Yd|e6W&3g>!?&3FpcTX1}4-PzR z`q0Wd6OJF4)hanJh!i5Otntm;v&=)cg$TKidm~1Jr%}Ih094OLML92wdqi~+s6G<&CGAt&6;Pn8;=U!hvkN62kYsY=?BnDEyHy! zXj~Dm3Akb?d4V(bvZ0?~DJ{sWFBVScE?xs&UPa#@$Nd}$8>xWfKGrjYl50t2euDLL0TH6VAgZ^wW7}8Z^WP- zyngUgasb<7WQ;w`W0}3i|t*_(oO6UYWaYCa} zRDlaD=m)k#yed({(V7(*JZ>B*=!c`nBHlZ$1tXQi=v^{kPS`{@uHlk9LKQH_zK+#G z;8l=H;ptJxq97!)`k8;hTtU5vq({+NB~qC)hZ%b-4^sqm4dSz zC6+{n;xuQ7Mcgp$HvvPZ2m5tcwkviyN}_s2B+;2A5W6twm>TUq&<(wA1_AUOwCDTn zhJS_`1XnTvIGI1re#{Zs(-|o`{8mSm3iq9qsNq!}TQKy{$hSidhleRq5lCIjQMb0U zh(%!D86~Z8{k83phSG78l)n@^@x>XVwccWCU@{>cv*59L&9$^8DTRAKP7ltC3Vme- z2NzG%ZyM;;7B`K^22op~cjnp=cFe(@U$RP!j7B8#aXYT-Xk!jJ9MiHh=%h67daY_Z z%anFu40M9N*edY}lwxCn)PdaJ%3>~CMWjzTffq>0$jD8B0|xyTlBvBpTju2mI0+bN z4^Avt7&ViV)z^wm=;&2eVY7!O%B@<_HPyl-AF@l4PP$xffh0rdRHjh`kyxX@=AA8z zG!46KpKRM4XQ3ZqEyM~&3LyTDqCJqP&7-||W$U+}=fTXiScn z>~tJSw#Is44Nd`bbr}qf8yN%iZPY#62|#kV*++XW;%dE}9?Q3*?|r!MUQi;QNg`zv z=nPzdzFS>sacQOF0*k~rsZ-sF$$AqvJT2pq+^R(*t_)yEf3SPR@LGamt&1tbY7Sn5 zw3UwSNCQoTCS^HBT-*r_@{;Jt^RpA9CNjdrXqprIQ zBKair02QZJ4Q;W4vKFKoo-W@A`yngSu4_xk{2O{3X+aR?2ZLn6ilt-ma6eMVy7ARO5;{b%L0c!OfB2##sy#uce6NQw+&eG-K$l zM^id7Fw6u96fLp@Y38}QkaAmI{vygT{+znw4bXXR%J&|EwVwV?lBITXOkv}j(c>L@ zVGBORyoWjFwsX|X;mlqZj?fPGCz{g_wW7;vhPxkNBcSg3V$$}5jBY2>?P8*p#;gmr zhjszic!U^-6gJ-(z+jylG`k6vz!al)Ib2x77;Q_D=+uvaIWf!>@}s$8abo&N=obm{ z<6x$cpUD+U$HDl-B=cs#H3V&vLrds3BJrcH5;)B}DIpieoVpc|43oEZNjm&xip>zE zA^kO?D+(%!URm5!$0Yl+A^fWCnCd+Gj&;{wyLSuEX!c>UW{}XeorW5$!Vb*{!SKY~ z*-~wNo(7r-if|Ez3zXfz#r8QT3rp+`g~i$uTfju5VX4Hjg)fO8n@j%B$>}^oOW+RPNr{*@CfE<5gZEgt> za{@`QG=@0OCN~&3geS8_GJP=ib!3Br&-&pdb{Z8DBAcP@3;IF*?vDliMT2 zS6f4QLua@VG-ys+k{%`92hjfpB6OnGk#J)8CT`gt*~7zuUJTS-Tmr)XKzLdl7*M>+ z!)6_r<3R_G+5*6Yv`in7uIXqAxb^isx5;m_qlBL4DGiyGPkn(nF(aD;Sz_&8K<&y> z)-Jw3)7t`^-mPi|Xd&aYs(>4HvF#}|O)Exm*_&6i@wc-?wzM$HkncFdvoaI< z1%v=D6|ux`bENyix@$WDttG*)o=`86Rj8(P6s}$}$Wc0!pLorlo77I==<)5S5TR5=V+#Lu<@br6B?-dKV=yvf{R&y}{C; zByc^IZ$;{7q&;YFUdBBplC~_8TAdd+wIU|1QKo7ubQ8F2IaS5-wME&47F zs};Orbm8q=Zkt?kKt6;=mYzDaP8VW?Nm`05rI$UeC0MA#3%nCKyjsHA*1Ia}J#l$5 zvN$hS>cKS|Pl#^4Un5=Wyh)=p+5#?7pHm5kIL}Q#ssU~R37xC>8AgNpmttl*j1A_L zpCa3Z%ur!9r77}!U-yir+yRW{XO4s927}oYZT=l|k`Crnwls!x~JfU^m-ofUT(BCZ*4I2d9_Gsu;IeOe`exy5xetx?^(GauiM=eVWm zJh_4TAIC=6W-62%t!?KzjV9KR9;;xr9cRRMtRp6rjWwGhrZy;LYhXjqbhmEf+FTk5 z6$&uZv6z4o@?yC4bt^&yxonf(!R5cS3ca(l1q7$rMc#*t;Lkrku=wu4MSpcMbdV$W@9h9;x4!z z0eXJSjhbNR-i8~r(6Z3Z@k}022fl6Whx49bBMiO0>7u7Gk%}`|=a+0o?8PMSo{J~3 zdn#Ubu6x}ctC8(7r;Lcf{tVtk(upScX%9Y9`AK&DM+Q9QuE1EOqARC++&1a*_5Fz5iSpomQ-PpA4=&kXex7J=nl6%Ra0j=xuUSEx3sdp-qsMnkGGxK z0>+|IJ0V`tTVxvSvq|fjerSxSn=qn9(@>}&`PVF{D@v$%%yfdk8#n>1)us3h;bVQv zwz#nHwJG5qr;TQXI&Gm<;n%X_rFA81r$)8k+Z9C6&K`LZszA!SwknX)ep9|@Q~4`% z(VRKm461vTw@doy%T!L$0 z|2~iiJi9i<8>>=>y+GS?OiHj7)02|U2%o!Ei-XQ2`!7juhya^H{;h$SujVJAvluL~ zvrlrPSA5$PKXc$}*qI=AaJFIRC(MN-4ehb)x zYt?GyXfL{Sk)wUQmx>T;z662aSdg;o@dc#hWNo2@X^e(lE4&?T*m8Jti}OiqY}E*1 zB8cep7|DM2yN2MLIvRad4sz%II15p|TNhTW@`60?@kDDiVG7J{XDagfnVKS%P(&Cp z*xTWk*UAS^?`j7^-xfe4^QB|93Gk9arwz-E^&N|)MpwRMt&ipUc@Uhxx;)+Wg3zxv z9It%9Qij}yvEu!A+TCDp&ecqa&yPeIh^2@HdrwObw5{VWdZlqxXJaAHZN~^Y62Tqf zA8}M~VWd&->I0W~bJG!NeApE})|jT+pB$)`)kaRY_kISQX7dP>zfhl2KE-5mW6(&? zZF{}tczkMdV*2tfZ6UnR|GHKXF0?6Eb|y8##5!?8@iALV zL};|Vuzmy>T0oq!g~ZH{x{gDZBng>U1(J}GLQ(`-=)K~&=`6aWHH|69PjJAz(9AOz z7VMyQoz#*%oVreJ%+f4NjV&`U(Mccz8Ctg75_bt2V9LPYL}0qhcg38GybJ~_}tba15C*-zRidW|4)ap?vbOLGMDkGi$G>qEffltSH@jl{S#$v+T|QP`Cy%-JDJ%jAYQyG>2v z15RQi#N3E9Bg}|t?va5~W|or&#je`UV%)66A}`i%#5B{)g+RJFjoD^Pxoskd zbeiA>akhwOBohy@<03Q79h~eGg57mriHmze;WuQ4^8# zs)%zH`Sf9xOGUb9=2YFLG%EH^WKrn_WQ+Fs24Xr^SUE)4L8t`)vFqh#Ko9qTEx3|dq@;U=cA>Z(pT37IgWW3*Q?)D8?_ zgzzMNLv7hs^-w?9looPqW-MFE(fYEX8Un7GC>;ft=Z=Hy^ccVxbYlEgQQBxoNHuJ_<6i^eaQC&C507nQ^GeCN_NJoyI8cV)pcM@!C=X?KyqXJ*!1Xhb}BbJ zG)KBtE<29oM(!)vxapwv==0nM)hQGko;?&I87IB8rXJxjq<2#G+ zv1~7WBAr$af9yvFy935f%qP+ywdDep;YQl*WM#exdTIr=7FfoWJ_lhg&Q?X-I1dr| zFJYoQ!d*(G+Y~nBHGu`FY2kF=4LV}E+wPF+t^=0JYqNtV*|bI_CxDFBEg-IE)!9r3 zvDvnoO*C;%2jAO$Le`rZy`1$SZ&zCGlMLL4)oRtPy-mc zXF|Ac1dX-s7;n>(;ip^@xI|AGs49p6>k zW$ik;Yl^N~QG98un9_d+aqSFdlOTkcsMTFBFr5Gxd+-m)S1nwK1EEl{7aL@tJ}^B< zJ=hy{s(gkEP+a8%j)vn#}o6v5VdvWxMPP6UI?O18Qb*)yo8180Rj|xSWq`%vg>Kdzy0w4$qMQAbGaHgfP zn18PmQtXS?A_|;YCs(H^7mLWp=%0~}8mm|hS%hHw$9hCP(Bg_2Zx2wVQ4W3~S_^l3qd zlF3{tHwKEwMn`kS;`p)2$>RpeqGJcPS+!p%+_d>H$kx#?@n7?Gv*E+s8Z0*mT>hF0 zTgMKL!fG9QzP`QCfQoRuE*bt4PQ^t6RR6KQErGKLgBj1Y8s$L$ZTOzIr&fj7_RN-o z-K0!gATDuDrUwMkGg zNRCftkIWx865O9GQru6`8;BogTv&jtWrkJsaP_?1yMbKobB|#yq?X(oG&JY=&X4EX zeZXP^$QUj1Kp-kf5AkQR_XqQWj28Cup#=>8)CL_z^Hh@edP;EVja*;~xT#zE89^wF zc?0@#sBsku_uYWb2) zUbI}U>OkAcOtq|mxs|A%4ntZ5=lFD*1#4Va9Z`;(f-4FxP_7B+iT6J4#-%=;76MX$ z(JPz(qV!`G;sx;z>SVV8E70?iw8k?fG`NyHkEEWl9lB4^1{vdEYA7`%g&mn|YMVo9 z8&=6{!WnbR%h1ahNO>5~j+XL;=7p7Ui5!`>vhoGtTmQ=6b(oVx~Jv$ueH)yd@&rHXbQY z{Fy)z!_e=%t)MY0a;WyP^@h&S>KdczgVkk49t$HR4+Q+k19h#*PkH72(S{$mHL6uA zEjfS1FxU(eGaN;t)y%chk_S!8?|^huVdL#4Ajf0NR18P7gS3>< zrMe%Yrw<*g08QU@W|lnDhaFJ0sD85Dv{iB1GKp1yJ4k3P?gG6%ST)z6g?b)cGQCc? zxS)Qr-Sk#*+A_UWfZI*)PK9{fzyvX_Z6XPBGOsc1)Oo$40loDuCsz1ohh{eHVY{X_ zg!mB8ZFFeS$yM6K&u*k4*>{fBEs|SGi1i==A)Gv9Gf((1Xt{5j@IEF#)s<&>Iu7)*bB|q|R72R6HcUr(6UpY5gFuVzT@O(z=of^BS{<&4=$Bhu5?X+*D889Rq3I-MRjB=Kep&cRbdIzr za%+KSj^g*7E(e_nTv-b+gu2})RITy6OYRrY+b+HrLCT!2(xM%IEA2ZR+!?sOh_0L{ zs<9K))nZZM(j~$ni&s@$t_loVSQ}_Dur)w|ceo6o^i|vnAa8fVR3rDW={4ZMvKx5Y zy$s}G$E*m2Hk~dE`LoUjE@cU92~5waK*}Jf$U)3M9Tbffo9obyUtkd|b@ShKy1f|a zbK*)Vhr5U_=N_#35CFl;y_+$dh*AYa#&yDYXhz0M|51Bp+u2L7+xi`Bdax3V$Y}MZmJ{*D7BpUEz>3FW;D#C+ z63%d~4C~aFZg03a!QSYd$li!;7@eM55mbMQj`x%7jEs7yEu98wY)hY?u4Cn|Pn2DK zMmoLN7d8pS7H+7B3AMFKCj58YQp^voD1`rF z;6_0*fBVkC(zBTWmIg#-FPqsDm)kq;Kxav()tHa@5m)>^6MMwd1g;fI^Ry*uHD4@c zOUH^CpQOPE&q->mV|KKY&xBC+^~6ghDbJLOsy5(b}D6C(H1wiU8r>(sYIRW z5(yv`QWsp(u#T`-IO;8#D`U_Z!ugvzAUB|aA=xtZG^k|7!Q)>~j5oN;Go5nx~n_e8u=q@OrNFLA)T`>_B zO7m0Mt4l`!x#_V&E?dk`&m1jei@7N1LT)m9b#4qj8$FsW zXga4Yt~iz}99Nqt6JnM-m=Mic-ujHh0*y|IfFya49o0=qb~JuUvZI@vlI&=!DT!LR zV;8rwMD~K{^46^)Wua-7;-=TxLp`mJt+a=k=zEy2Gj;((j31&h6qa)*dQc+N4{%P# zl1r2*ZF#rt)4$`CtWMOY)=F3##VTqC5Ko2zR0p-Ln07U>>0<#s8tk+tPZT$WOU1*z z=4>6_%?S=WVuKx0*4aO`7J?*5!F2{plI7 z_3aX~2y}KKu00||ND*>dThm7DlGskH^~VtjZLu5;kdyz#ss7|lNS7R5R?>&DXM(sd zd&Pr|?E@bMdx7JwGPwq(pAULZnoZN_2snAmc7EjEu9L)(mI!SyInE6VzQ zqXr2p3CBF!2ZhpJg;I_iAZkSqGLM}=9u0cYL#?VlA~Yj$cROtQ(8@d0u9JO19q(JJ z>f?m3wk;0}gQoK-6E8TnQ&|X2^0D^-ae3+l5>PwNFo@GE^s2){s$E2O(ld(Xx|q01 zi(i;^53B7J+p$2QgpaY=(NIN8pcjQ8>sZ-xtXK8+D(W=RE9d{Am~}D4tdEN@z?Ck` zcqO?N)C$}A!DGht(73MkXcXz0?C)1df5Gs8pz|x!qApQcKWn*+c^wf+p|C7Ei;T-i ziha`uCRUj+ZwhJEbZSH|m@>U(dh_FxD|f^Jrg9b66;p^OD-gR}H9|cy{BGAVo`0#w zo$#WK-GuGV?jj$h8qju-=HaD@upgZVr5;nQBek#|xEpbc^}bJc$->S|;z1$)bP#JX z>T*G~L3T0FBim-<-u6wqB{_$582U6^0*6FM_uoos>{cwGU&j&GiIy-n!$xPGz)b6j z)f^Vl&>BvVuMl~zYCOb4FD8_d?T-=l9P3EQ{W=XPc_69*O-GfT|6VtuP;sBkeoXQv`D(QoqlD=G{h<1~Do)o@#la zXq~OJtFhy=V=EQ1D+N;UMsO@p6E($P$qeK?ZVd1vMOQo{s-o7#ExDGDK(bFl{ujoxo*WjQ4nSvU!X}J7&?Yyg(nlEDE+!YXkBXT4!g0 zAx#ZYBDo7CK|EV9Fzu?}ndrucd=P6=4zCTm;#B=Ew$0Pp;nY3y741;L(b;dPk@1nK z<;XF{54ENvE~CfxhfS(5@|5n_9`Pu)n{~G_v{Z!X1`tt(1VKVIqKk$fT#M2~U& zRyiJQlToev)g!A_kvo-$0wpL{lG4Q$E7J#240lYwitL};%p_-$5w?Q?9x5e`6xw#Z zQq|vaMQjt|*>V+wo$ps?wyRi=0BgHb-Ae*k#hJ?C(qu74=tfE$Pv=Xy5iqgnxH$Nu zG+7i^c7sGBv3y^9LCv-7$~smS$t?iM4HmcnI_5$ZA^<6n_v}U6!S1VwPN}sT4wduG z6=(t5A*sY>W9Tv`%dXO7aeg#EJ)IjZn8i-5G9-Qj9Vn5->yBB7P*(+O*3-iWv#WiPCnk?1)|ad;Mj*UYCRpI#6o> zYNBzpYqiZbri@O6rKGAWl;%tMsnKj{{%EN*Qxs&cLh4uAxm1dR;yCy`8<2Lvp!fVlTn{ReSAFkkk-e+^VhAmhUq5r<_fcC zgc}>CCfe)vB0i_AiS|Iq=;bT|o1}-*>M@(~6W}XKhc`b#(T%O6#FeokVG~RrhEo(u z@{K>v`6;Yq+G>PmCAx*NQ?P((LR7jYMhBbr{JyaeBgpoM~$TqQ+B>KExM3o;uyH zH4a;4r|i~AC%Urn3oT)rP|U~LXp`=BM{+F|b7aJ?`(uqR1F;9jNXfpk=p-eLP;&*^zif8xa=K?8>ZA`xEt83M9yBdk3UL%kFjBc1Zk_gXyx8arHxb#M| zL1qlZ`G)kGDmLiVMU=#~E+;sVcY1ke*0K$}gw4G@e-sw`mA+KAQ>I3~6^8@05f zWDJoq#L$*n3W9ogvQH5^wnY_mO-YL=Rt7MHUyI9jouI?zWV`AQtYK%TeqzHf!ZMcJ z#!MlP#OB2G5im7zq>wF5)}dp8>D*QG zW7$%6er%!uT%=^%72YebeVl4IuvZ|yG{GM$TWGSM!Wy$R8lMQCDGcPT>?+hx%v^RA z;)oc0Qj z(@ravK^iR8TG`4)$FydGWlI!JS;u@Bxx=IGKvm4J>1rW z)MJQeM(#@g0;`AmS9qt(;EG*h=fwDxK|7lGm?Z7NPw`_Jl`sXrW>(1+b>HFKk%{Sz z@nR-FUd$LL45PVGalL*!v+rX2lIih_?F%yd1{VFsLVp^h_ZpWPdz1D+bC}*<%Oec? z(@27C>968?@)!~CB-PQeNWgGway=PU{F#cRm{d&K=tRjE!r+%;66976g=B8|9Ev{+ z9yFJwr;(HzA%u`S_y9FNbQ0$HLvApv`Z~R+4FgGIBz_D&FfKKK0TdTZsbpP5!e~m= zi52Sj_?0!H({b4kTOLuuM5^$0HdC#oTn8%8C#Xz6gq(y*-E7?PufHS(_4fAeWTw# zbz60-ZMxMK-C}=?AT?$N=9uke5;~;tA!OY4{2+%0j8_`^g`F-Gd~tJ<3RmA=6fc}N zG|atfdc;ydrqcEStkuyk4yc)RT=x-!onuF}3O#IaqshFu0w$)%^Ws6Yb-C46g<1(> ztVM_z+A$;iz6E?5jt>JM02GV`Kw@B~$H*Lz?1w96^-9yTu_LFUHZbHF7)W%|Yske- zSzrlMiPosN@H8|GHBojMAblW`L8E*s15;b51EXp@pInV*CkvAqz4(&Ott~_dP9h-d zEn1}_#?}&+u*eol6XV&@Qoe9}{#Y?rNXQ$WLUOfrSoA=9UX}sG9%D3WX=JAn2%&LP z2jbMW9Ks%%ZT83m5DzwI4*6m!TPV#>=0~%W^M%~Z%91AU~se-K`^pu3UmM_cejC5N|NvRo9b(SqrYIs?Qa7bBD7v;{3LeS|^PbolAh4t@@_~lTO7OGC=x$ z7hEBnPCDd@X$e0x-C~d1#1);gU>6;AioX`5Lgu+H<#^4kBVmUBD~W8R|LH_ESC(pK zU0;h0ot^P<9$T4fW<6q$mZyEntVgU1Ee}nUjyA#Dl;XDtP5zBcsGuW&A4eS&Q4KwV>5Eq1&z)3V~&YOY5b|IL~~ z3ryM$1m=Rf0x`qHd`H_)yB3_VV*MtSXX;_Wwl0V3nGU>i*f@!|$C8P40D;*E+?pBKWwTmc2Nn#VSF;^xQ5C@@a=YB{JhY6L zTt9Hk8U(I~KK5Y%8rX>nH7Xv>7II_r)A_O7{KOc5&Wi214qpB%)Kr!Nr6uS=B5!~L zp+#b7>Q%dJ2i0}p*J0VNtOGj$sA0+w40c!-MB~=dC1^(wVyzI|^(LH(I|Y5;T%;C@ zc52XQerhIP%rRAn6n2a@JDQuEidC0Piw>a|%Tc^%u9`krgbqZTfkmRItc6sVPG+yi zEj3vDVR!x|a}ZCZkadREqOagp--;B{?$IemG-LolR}tDPp}S@DDmE@%8g??{xfN1Y zT{BP1kXgOztl60D6PL@l;tl6h5w;TN@gnuGA|yg+bq|YvR)~cd3n}TP_TG@T*4(5< zujmN>`Yir5fW{q1~w;oqZ8Oh0IRo|f(TA6F_bqO(X0hVFaFv_FMF`&u3(KS zHa2;|EH5|e`0No4wg@lMT9LBCl>QbpD%Zhay%M%Yzwxe#NFj>cxM^33a4fs^b$+u{ z;ii7+yKpb5fk6?x1|A`X0U5SBq}2*oyXkh0+&(}%K*}qI1}?_51Iiy zjN9ZZlkOt=6`k)poevU)FzGI$7VOj}b1@9cY0@lRCGApcj3FoxFR^(0v`9H2Ozhh-!T>UI5mOAe5y7x!tuibyslw;&>FL8h7A4qrFOLU z^;*?-mKnuu81sF!9qr$(uebeJX++Jc?h0)CrP7Fe8F+SW%Jc*1T@Kgv-$_kqe`Mxo z_|XG%eN4C7wh|n=p|t#-wvoOQ?Ak5A71~MPv-R8ZW4`)vt47^20~m5o{O7usbe^lw zbdJ^YRf}GOw3+d^<|?!nlb|$W{3aM_}@hv}B6? zLYSzTw$t<2kNP7Jd~nH3V^dC=8!eB*Y7NZ;R)03#$I#Hw(7^)-@V`StL+Zc#_8;8e zGkjp^z`lbA4j$TnsAp*S(7~boJz!{CM;i0fK-)sk(3bmB2loj1;Zr@5z%G%d=f8&wN^ zZaeJa46d2AdKHf70Aw_HQ!SS$S@d|7p;is@khTb|9qcs>%JiLO2Bz{7J)&<{U2j== z8`K!sDxR+LlDz^grBT&g^tG+R+06)Teu7Q$WgKmQq`NT0fK6irwFWP@_Xehxvx7Se9 zd?T1}NbruINe(Bb%(ViAnC$P@wMq{Ufq{WUFSyFIv6~7QJB*W0q4PUP_*Dq&VE<5} z;RJRS%mU+Nx#3m8pbrLJ5GH>fTm{Cijin%{&zDIdfAsrEIz7DaP--YOlo}qnXy~GS zX_B}mZPxAd%5a)oIHi}MSq+v>67$x+p&cbQ>N@U|$|e#(hHx;vFH50z-!u@Eb_7RvOjndMcH&9Wde80T^|iz_f8b9r9^0 za7oq*u{=tobt;uI63Gp}?Ai6eCpVH(UZy4B2X39h%&iduYhd6z(-2C=(5s_qvtCE6 zZ6rb#%Ov+D5T^qL4|;G%I3$PZD##?CpJ4MuBPVHbq}{v0UgoCZ$)28( zn|gYFvwrj6TyaTHPtQ3EmmeAH`4#%#AAjgAukPs?wkF21rM0jA>(^ET>#Em0@QWXQ z_}HsP-tRy0C13mOZydRKU(O*eny^!2ZM;H>j*`qSJ1#-~!hm+AS9 zPrah}t`j34ddIGhq~HB6^T+>i>Up32^k?pcr%#-_AGB`OqJHZr6)% z{nh)Pef8rnIp>$pxciMyer3-qzxm6*D!=j-uekC#AG+^l|Ni%PKad}L&*)i~kF8v@ z@z$ke@=L*~%Jb~ZXWsqB>)&|&g1R9e|a1pyR7z(FJJkMC*S-U=fv;$hi-k|C0FmQ zy)1L-Z`daiR~!HSEB^&Q{J#T5?+f$ay!(PXf1Z5zf4||Q*T3)X@^a4`PtTpc^Gzpy z_%DY}e(4{dvhox6m6@U6u=ggeHV!}dw7GZu{i`;fJO2MZ^EWs2-f;F8D{uSf{BNIi z-{YOtx7^O58gNS`kNp3+M}<2LHcReyej#Xd%k(mN5B50pvV97 z!O1T#e)O|nNnCQn{(rvj4^RGl_pZ79C;DG`$9XsX?#KS*DOcRM`wQ2mrY}GGigVmM z?!EBzOTSoo+kdRT`v*6F^)r7z^@?9T_0&>z?=SxK!cRZ={*Rw`)9-%q51%)ad;Q1$ z^y_ba?~niUwNHM@RcGCD`uy+i2XER_|D%sy|F`fpdtP$E2R3dWy7o;I-~H&ZFFi5vQEc*EEJ^NNvMul?qgbMN=Q@_!E8 ze|jwWth4vt`0LkPbM0&2^rrM3{m)oAc>6EjR{7X@SH0SQ!Sd}+ZJR`VsHXXa45-_g_C| zEudB(`_q5F>qFPP{o5};J$rqw|LUo8dQac}ieG*5Yw2h2`GYI(IPdp=ckh-PANTYB`^|g4ap>1qeqwJt@y3bE&br)s>i7E} zc$WEzdv17t@t*7E-t+DAzwyLdfA&D;Cl~+k7hd+&-@4X%6#_Ok^0Qxi@5}!A+><{% zd-@#jwmXu4Te|)YH@GhVen5f0gg<}FOEMSy$K5m5Q&F=gJpF;E&%Ww|&%Wj4bH-o! z_&3}+{-aNS;fuejed~RL@BfFNy?*)j7r*wC$v?h+*InNjd2r+YmG9hH`Q`ghKJibc z4!_}w#6SGtzWM$4zUqdcm4ir|KO{Gx4rN2!w>%c zm%jer{$cR`n;tju);mA(vU`8}%(FkSa;o;kgWsxt{O3Ked^>7pFRIzkN?TfrXDzU^6sxa{|{&8Zu`^EKmWXqOO3)Cuitf7&(nXBy5)7B z`_4b!_N^PgasF+0y!Y2`ectDPdhIu+S3mOjdtbEw#b3Ow?``(qyzr8@zVid`T+ZEo z?c+zj{pH{D-|>#(O8%*DDBpeJ=H|1XJoK%hZ#?N6Cr^&N`oSOn=qZ2o;tv&`eesLo z=l=M--}*lXuK(1}Z!li<|GVWEnFk;DoO8bZ(SN?@MSpVmUvK>St53iDz878i(|4SF z<;8FRi|TW}w)T_1_?7wf8Gu``UNTy5s*pc;H*f7rghx7p^~b z?{)XR>D+Jp=9ORgj~{>ZousT^If6 z2|v32;xE7cKNG7jddY3Kz5dVMc){;|`)}@?p8A82zxmb^|75@6Ee9|7lz&O(@^h!( z{JzV7`K%W#e_;1Z5|ANbNO z7o5Io;pgXFe(N(%yzp4@7kAyaxAD32zxlLR4F2U;tKS;_;?w``(7!K!ckaGle&w>p zJ+Hj#CvSh|?`58GW9186qK@b4}VUkS3NRo*&6GB9a zz2kzrSh1{qZ6IPp1S?i_t*A7+A|f_Wv3$>zgoL8F?fw0qZ}YtG%FNt*?m6e)d+xdC zoO|w4=k&rmwTpMRKG$10-tK`kuhZ1113eWvH#;YNjXM1~WG7>blwhD&mvqm3al;4`ic=V0{$RYr4*i>Yjzhs%-%WVhDN1E->yJeV*K6(9W>h#(h z&RaYV`Z}l1PLOZ7v_7_MLhExotqWR=-~6ij_MP@$*8dzoZNtu8SX;O9k@}wf)2nwL zc@k7I96U1=-X*thUv$5+^z^RFgPz41GA40v-}mdc-m^mQa5ld{{1d**SXXS+sh5*`@0@BkgA`I$87T?Rw)jTjmQojOo9Vz$EBu z;M(;MQ+!@Jr62An+H>>Xr&GmTFLutfL%ugxDHKo$i>5k}EFLE9b(fiYh z>z|7@j`pw(X6jo;Ec8lGLTgGQ))!|yo;vQ~y(RjC{cHB}+jdaAlP-u$SRF9-u(;b5 z@Jy+};st$=j-B~3ru<3!ZngWX!i2L1MlAH&P=H=G?f%5zrCBA{*SIqO^Nb~JS|0hh zfBRwm-tU)3ugMk1k1u$g0A^)cnCN+&>bKOO^wc$(>(c4En_( z|Cl2)cw?fujefUxUAH~N&Kb8G-oB#SG|LV{<4rf0_NW*%!nF3-**8(#nu|VFN`CdI zvPT`~?=!0LQ9%`@#w*$-ojS&42LHU+SugqAo}AFLk5V48P7c?v=mB@{8u9DNvBR0-Zk@qI~r9z{aXA%=lDMir)N(T znw*|d%}r@NX5Ynhp9w>kbLJ_^O82B3vz=SA@wbAuYrXaa$H$o?9_zQQZTHC}-TJC; zwL|7IpYKbUp5O^Xm0^uaf6g=~ewYE^GSn^OgH9jl;?1&KmWAqVwZH+DZeG5uK?RxUSW@p=ZC((ls973 zmV^yab49yte#@CC$?89_=h`-FdxNdohyJ?t%kho;(zuM5^Un&mjGe>ej*8upp1ta` zbK$;LkH*ftP<$=(mNX=8%ZY#kZM%93WYN&-tqJ;{QtqruekUBMOexI2bD=o))Um$I z<-dy3U8DVKyUsnDHK4CerjLRD^U(M7@xbG1w6LNUu(@p+vGAySpGWtnh-R$($Q>5n+iCvw z%e|hK-&!-vJ2L%B_QLC5+te&GcsG3QheM~{=bJw&7~`~gvhb>JUME$@JDzhV+16rZ z?G&8P=@0t$+VnbYCf{T6?KOoXm8GpFeK38WpJ@C%h<7~3yI^wZwcDlFI@Jze;MI*0 z#N^HjmUS!)*T42WsJf%_YoX<@i}zHP@2y!QyqehZ$fPA9lRq!aUT-*TV*b@@Gi!$8 zr;Zsjm(MjwJ=-SeddOPwnfyc}1*>-DgC~;W1E2G6Mep`Klrm!Sgo?g9H^-k#TD2>` zJm{m|>}C6Fy45U=>)<-T(1?}%*Kn8TM+CmSiSPQ@PWd%AFDPtL&#-lccYQuRx;lfX{3}uU=Sgq!XT|Al z&!4>f_n|9d&aary$mu1h;Vi#g_4@VJ-vhrGJ=r#L^86I3Xst6gX80NKI&=9fgVeK` ztfRk2jp2wBywgg0;@#2T*Y_AyeG|*rC%kz6{v!LzXBLTF6@ygU1usKF%YU!wv5>B| z{~@;5VEne>Bl_0pJ!#+dyz*3K$bj7A{AaTK5k^H*mQ8QD_foLz_WfhO6%6X4>Sn}B z7C*IoS0NT9=wE*j^s^$*V$iR6K*cfhp?;aaI;}S>pC)=Fv8^54X-%(eBzerHMDu+o zGjfM>`n|fP?^*6EJ5_wy^V-`dJExC(7i4SZ&5wbRBU_Gq;Fo>%UGMgC??n(9QN5_M z-D30CZ5ct#p%-O$-}s&^Y3H@WrZyQI4&CVk<1^3R1N3d(&e+bh4G@C|&qDWf*EqUWHu&d=VP%q+dRvFKIh zQSe@X^PPKPLSrLV$HZS;j+YocGzh%&upn?y*WBUJ7gFM8hsE8RE*%i%Qs%d?hdAqi zTv)Nrt>;{WRJ)u9oEK+GY9u`IkVFDJpXV%-*1TkiAHiSNn-6HARbPy`a~nY5rd z)7{KBFJ)`=r^|QW%*$!*WGCOTv~tFS@({sO2{J{NAF&{pCB39`6CC^zNH2 zPA=?{z8Pj8{=LxPK<`=Hi#fN7FZU|14C|XMhNrlkE_wHJe49gq@_x5e|x#fzpZF*Yn*}nC?Q677yXIfch+WgP%+1Z|N z{PI$^3M;ey*W^rX9VBY=UbSw?uuj?G$=eQZTjum-{hY9>b+(y~mx^PRX%j5HJ@q|T zFAp}6Pb?dhb0{op-}9+#$%=W_p%u#CzeH^qA>Xn5Qi?ynW^kv)2B~&wfm06bZx_=i zJvPr~=W%XN%eTXOWQQk#CSMo7$k1qXVM%GOaBmJp7+o)>O>@!{gA)IOCQ(e=U!wnBq3YT`{bW-st$f z2fFW9{=%p|QyH+iq)YndbMKS$cIdZ}C~DpWvY(gs%=S+<*@vpWij?s!hILK9I3e}n z_{GIL-E#&;cwCF*nr!3ahPH;O1HtGx0_v`D(5@w&U&lsstK41$W*sEJuIrM%SrxQz z+l{0%t)Vq1eT=iGyA-rs;I)0)!QDv-D>h_j-@U&XIzKZbw(AZHBNl90;E|`VKRC2Q zXrFBF98O#=JB}Mc1dV*Cd9wPa8h0TeeT~im3sY^P;QtPe^ZHNe%L=sCZd$x-ww1X_xf= zZ+M=kRo(Zt3c9bqce7zeZI{~tuzeqc%GUUY-s$PQNogIkeUhj9=A~3*K9raJJTg$Z z_JW5*P~qSfeZyDzVZz#gk>nRp~GME%-%-a=Z7~CxYHxvd5CpGPin3Vf%^}c?Q28!md3Yw>@hR^N*O-ds^;k z7j(ZW$!|r{rDQMvyp#%?$<|30UU_#~etMjGYj>-6yli*7*{82|D@rij3=S&n7&Jcr zvHRA65gwv|oySblfh&)0-H*pAOx;doWY3&$5cbJxcCkQd*(t>!RXB-rPYzrcEU*vg z`!%k@)NS;%H?=cs4Z`C0oGdDIUNmQOqWNv8x6yv1L;Hq)D%ll~eb7_1`>5=~$vJI; zRJKV^EtTb=qtCI7Sm*YcCEnD#)yGg4{buBIf7kmv*I`R%m$qIqXGg@?2=*QML>o_i zPn#W|&nG#ge{P+b7uVYd=}}qUCadEncY$1HeAD>QKK=Q#2($-AcnnY-gG_%aXK#5o z?^#UmbHkLCEk`>uMnufGxb0Nsg#KNOSm!qP_n6Z1V*6>*`Ps#i5CZqR`xlN)yfKqA zV&|5*A2MRQw06_?v^iI$%3ES}>+$$u*N=2bK4Ts0*vq(bz{U6=w&*|tQENh8%94Gm z7CdHt@yi{P&gAozmYvoO%}VUbcPZ|sBs!)`djFk|_4?gZI=zn@ykhtEGcw=)`)BSM zuB?e|)g?V~#c3L&wViWgC(g&%zCl>L zDC8LX>;+3^1_5cM`L&tBGda243VUXcO+I2hC@4MAe(q-P`NKU25Z|4=EDC$g8D>9e z_tXw7*tGJ2lTXVdAG_E_FE0Mgy%i%UWr)aYOSgRnRqdWT3_s)?y^Q%TWqQ^k)pnDi zcUZ08_>H(h%v@Rl3xHbsOie|X9HR9_e79|Q@9u625PwJX+lY4LjZ9P=}lKi!Yn z-dn^7O7S2nZZx>*Bzlmsrt^-Wn+)c>FYy^xba|)yL;~r@8yA*7C#I z@uJPGgSW35FgEi<%7l+lzu+!Y(d)Q6|473m(Hkx-1CQB9FJtzzjPPiA+cKSfCCh~@fU3}zu`Q2$>i$zX z04HznlHMOHiW~aV!@d03#i_q6_7~Jx`f=9GqR2)gPzti#1N_^aeanZu*!lg&SlnOtlz z=i|Nk7rpd7Z4eCk_Q%K-r5Bbw5Y$+9TJqs|-mH;?A}g17bL~0DAXRwN7j(OkaktgM_Rm{oK3q^3 zx5&$>=5wOJFf5LJrZ4}XWvA5!slwIwmidRg?06z{t>DS}(vA6ZQhM~+vhFCjxYa@D zlZHvfCiIeg&Clo7tkQ1fA4M#laMbhR8MR$jS&F<)2aP{e+M#Ay(xjKminqB(GJ;ZI zm$|P$_Gwe>GNh|dR(nsIQyq+x+T*XR%ML{OaGx(AS8muK+PEra!{V0<&C_0dK0Tv? z<2GQLoa6>DPf!J}To)T7*no(>+==*?U`lrN1yRYsHc37QDopBhA<&L7u7FSkR`{q6ld#xE(}c6QIWlp=WK_Rb7HW$wVS7w#0sExJD2 zAXQj;yE0FaH*aKD(Hir;BPy?+{-{dvc>aFyvJ3iQd7nm_pSif}a=)d;JKde1n#{7B zyT5#AqJ?4DaB+IfJ$5652FW+2)l``ZJ$?K)?8dz zyz^{9xux=DyQA$RTTf&vwjt?Pwmq1(875$MXT4RGw>9)>!OCp$;9+6Tq6*gR&f9aG zyPpr6SKO0O=ZHN;a+#08mPGSvs~D*`p=MWM&Z471F9KOw-l+)KZfox-*wu5&l#))_fh6R|_oD~P zu{=hsg(%_J=G>pAZW@!^8mqW`B*ZFqs1-M2)zD$@b_!|+`5}y;s}si@lxCNv%}g}! zly1B9;UNNzpNo~5b4NPf6YcdYTYa2g>P%?gjz%na(5-cc_sz0yHLQ2~#bd3j_aqHA ziR$Lr^X7@2)3;{7X<3$+2;DrgEq6ijPWQHqpsVYY zr_Jhtvsqe;Yv|DGs<^GcX_lol_7^L>F zecy4RbZPNk671Tdy)7!+g+9tkVkZ^vO(Jwn@ha_)fKjT)y{rk2!5g&deyaIldLF@^COEmX}H(UwvcFyS% z(_g-0wCCcSc#m+O?FaX}Mvp6a!5$e~W~1c&GC#KE83Da<+r9aGj?;=39NXe09fFcv z_%(yCPN*Et$jqF%YNqGA=|+8)nvomRn~(`ivbJlh-o&p>%m?#cN(mK^-ESeK3`P4*KTiUQnYP}N8#l- z#OKLs-A;A^J^Dyfw-!eaL=BY2gXNDGWqc2~bk@~i4wSDF?1I%E>N!+ zdo5nHA<_JV;`FgUu7AFp*LkMrqvIuugOwHQwk+&^!MdR3=)T2o51mvRFV49uILNx% zs!O`7-bvYS2e^}-2JceM`|Ki4cvV*D>{+d-R`#8Ddw!xyVX18W-a8|<8{CBv#LSD> zsO;~3t&O~Lugl@nF|RkC&N+QMqc*jo{ORC}Eo*z7c&RdyuQ=(`vP~SX+gPEo5i7aR zjG_eN_LX?zx3`|AaBaT*Hs>zj?7TUX%MFQdQ8xN1D`cEG_0d0Whugqvg|$zy&? zG~ai!>e-_S7r8CVU#%24+72JK#XfM^Z6nxb$Dl=%ri*k*M`p|}? z*Q_bKLtC`HwWDbC$>F!BaORY(cV9hnZ1}BE+o8rme%n$8Umf>x`EmZhw-@>`mnRvd zp3Q9gZdc48?+-nzgniDNci-#D`f#@zy|t?_=fXq9ovw4ArCx~ZUa?d$=)1~~rZ>oh zxuc?8Qrd{?Is6c{)I~zh_v%t^G@F=FWiz*YXakpAm(Mk2H%pk(?2T8Zt_x{&oANjwnB2YUBV34Z4JFwaBxST zHh$cEi-mE5@HIE$t2!*3bhZ<3uVsIDb@Zy+x%&CHGTu5BD1Q&g{dBLg-wT!bYvxmz zkcV#NPq~#y|0nv}ZXJG$6n*YHXv)C7gZ8)!N{tt8%FJDv$TqGuDIbc>by*+#F3x2x z>fGMNs-D(}&KeH-Ac&9IxE`8OtES~ikK zsplSjy?JrC%Zt+7b!Yl;++X!=$Ku|ITGJ`{;+3APp|4-&J!k$B{<11; z@5B*~*ZrsTsh#59z0c>QhPF*7xS}iHQB-yy?#lf;P4BR;iK1rjq-*CL=Pw>SMo`*0`P}%Zbk_kR#~yaN%lcqZ#@*q3Z1F}$(fu6>!@aMC zcc}U0;OS%B*PnPFv&F0LKI{HOZ*1o$$v|HB_m27bpNj%6jO)cOHA!aq=5<;H^x0B* zIJHomIKra9>*lqahq0MGN_##n&ly}Dm;CkFb-(#pe@tI#UOl|5I8WAb{&Is-pW+cV z6Q5oS*}?4Ws_!W@P*m4cbeN$Z(|KArbB94-cCBjQGw%F0k9KFgTzY-&jNqF6JN#cP z6&+oFr`L9CUNY!(@M<-p}F5!#3?2K5+db|tHWBD^$ z2aWmkbAVALR`bUFbILeQ93BvuTk_M+b=Qn=<)MNZ!FQ(r3-WrN&D47(C= z#JSqJ)4AUYM?7S%x)EGCyk#a=ulQ7lVBfoI@h#cmWjn&`uNP-KR44A+vnjMFKi%|V zi6Lu1<(;GAa_oKf@jWG_r%e~QPZ}7pu*LP;rEzTwpX|6Kv_F6OZp#gAXDqw!X?S}0 z?#rtq7EfO>9yxcAWn5su7-^Q)M>RJ)0Z+eDbGOj2Ama!(OX;8*A7b?cmvcEff{-rjzn zx0|+EG-q3)xu0>`=i>Q^aXn)Um%drqYHBX-c(3GnmCNkszjsYQV}dcwH;SKEJH&AAu@R?Cm$=*d=5^Y!yx_|^qr4FYFMrDzee;@w!R*TT zRf0#QO9LvymD6))-Nc-}n6z2G%64m?pI3Ixn_|Q=5}h%87(qv46g~6JsBb~k{M1a`&4xAplnHd#XE<%!a;4jNgs@fS~Gm< zCU(Xx|24a(8!fFx4xcX0O`EjyE3fF<1p3e#m#~5wjTH$Lwu~ZS%|QY-2lDjf-f1rDv?yK-`&@f#U4~8O*D=hcyZ#u_-_<7S6%>}b zK6ON&_fGQ36|XAhyvRe2BheMzP9ncgx;Auvw#Cpv>oR<{uHA3m*TTshGhk{`hqDQbC8@+A}83wdnh0KKoW(6Yn3t z>Z(mKD@`V{owi1LMiS8>|H(~l@MGE^?6$-qV$o24>#f1kmQ!11-QHfjU0Qv3=+DcFB|ukY{EGsUT_>_;Ux?kA zVcehj)mz_lvp$=nxO6%AOPuHv()0PDU#DYVVh2<_3*Ifv5425)->v`ULfTi`pr>(8 z)e)`_6Q(}yV3|Dcz~<|=<}+os!xv5KbUW=*ipgGs&?lAQUU3!Y@7>>UAmS(3ml4El zw#s@O7_^0Q)J)g^1J>EKetO? zP_bul%GVtRq3veGt$llI=aF%D1s&X7r>rzcJ=_0}l5o3|)s8Wag}3uA{Bc>HI;5(5 zRf6;GDL-#M=Q4Qu$MOR?a~D+fjB{G-WwV&`;_MS~7R%1_OUfPaWb7H!aV z`bWP$y{+&UXA#?d$*tL+xl@hDM#bHHxZFUg|77-8$%dUTj};nrN)FqUXr7|~BF^(o zQ00bGDN68YYp0*io;F=^bOR$RtdcuEtxadompz_d)xX3H-jHaX(r?$ZbY*d z<`_B|I?Xwk(A%q9z|0Ye;mN#G!)(R&4QYjL`&{)s`_JZmjD1~ZF*D~(**nWfd&ait zpQO+X$n-;tt@hXj!R_wVMaymzbx;CNYqw_IM{U>E(T?l(^mux6QXA%_@%o;w zU$*Du?%Y!TtfJe6^#(WFMR&?d&+5Pk@x6O+s(sallkFbAJ@Vn*;{)Kx{M!r8+FC{| zJd2gHx;{Bu|w@Xi98Pv+5K>R_sQ{dZw4$pyMA+` zIg=ats;2s&u%ut?%G+P^M&-2@RgasxG0Gw9_HI^1@9^SRS*GuIpIqAVpk57cm{Z}6 zY=>$+IygD)z~<}r<|`hGx57u}2cs>{ylQFTd-n=Hz^c#6mitecK7Z5Q_<(-Mj@?_1 zn0yk=Uo&&4eBHQWhYlvOWBDB>x(?`T#Oiq4eDOHvRL4%NOG~%i2xdR*;P61cWOiOR zJuIH+-K1*)r@Kyn zYr)KR)%SFrHRSdE)8|YxL&Q&(7lk_B?KK0jy?gSNbKAR}XE>%8Z+8~0J(F;GhPVEm z?M4~HvIOyM-PgaeAIBcH)OXF?=^vw(f3!x-3i(kO3~<=e$)_w*Q*u*<{HH!o!jII>ghPfVL<&z9N2tv=2jz+^IQj(15X zpbc1Qkh);Og0n6B^E!3x*l|?^BZ$dlGCOjhWJ-3M!K<9!tc6xex=D1rBE(CFiN2MXsv$3)s!nU?%+gMGs8p5-+=h@f~wzA?` zSxtU=c%x1QDI$bLs)iM;t*HtV6wDWTdU|>uZsT3|jEP;|DFH(H-4H9=aH%Vqd}Pf0_Y^Y7=x|J^Uc#f z-OG_`B>7Gia+61B?6$coDpa2F56ex_V02Bf-M24{d zB?MqNipazg;w6=dN(iVBg(mYg@qhw|QllkXhH$OKoQOvnQ)5IH2nFbRNyG9kc@ zgkk_&8w&zKTqTEiL_4rd%m4rh$cH36pm9VQ03b#Yg`5X4{ngm2dCO!l%<4|Z0v=LO z4CykQW-R$do6qzOfV!Ltz#z>jd{;ye1)%^erBi3oI1)wZ#AbjRC`An)K_n0;V*mga zi73M{1z$ZZ!eJ2)P+#+@rlmgCL>pRl$iyq!gupTw*VIwBtUYjqB*Gj%EW=Sy#eoqn zD3QZ5h-b^Owo%`orcEt*w3wt1kbzPG5a6RO-hc#JCzRNysG#WCF1mdfZNce)ixZN^A3~#H0iD|43ju|rK?x`m5R&k_(x1%PPG{P2K@>7vXBDt%D8|Ptq*Q@c`Tz}qOopy-5~C1?aUd!Ky*4Roxu;8v zTZ|mRAOMuh>6OC^R6!`j0Dm0BVFBRbOWoTb6TxBy z3Q?C-kc??sfVoh2qfqSAMiL-f|2793cDA!Nh`-9>hFroW7_~Og>teH*LEdIOXbf_BWfa zTeZgc)9W)p3wxdAaEw2_)&tbCQa5|P)yvK#pPEZbBfjw8X5J1 zFq(u&8eST*r5@r`>l%~J-@~K&E8CAV1r|awy#8=#HUrdqs8Ip|AujAwVILA)w^%VTdQxh&1>PN1~v=Q8@l}me4ofH#K3X{K`0jenX9|M=+Tb z+(SlBpYQUAOhXRK=o$3SvBnGlm6*TnpA$7?)nun5#5!r#rs&uyX>ElqZ9qox0sWd99fjwbDU;*Bo$Pl+`(=?pVcC+CA$6Ps2! zg5hEm!lp@n)U@nN)%2g>)tF(qDYI*X%335hz?AtN7s0no{aS?8{pky0m=ZyS_3ZwQ zS^VoT1mturZQH(F8&cD@eJv;}&RvW9a@OP+f(t6Xh zD^8otrYux{BURLNaFKu*){LI?5CICA5E7A>#Um&nQ%EE%K!HIRc>#wyy1-uxDn}Dg zfFopiUGm9-0!{NY6I>esM4C5s2K!%Q0}4^spkN$g%t08AaRhQjJto*#SxLV$r0EO9 z0D)Wq(2$zl!ya^97vBKDkE;7m&?SYW4L$4jR#x6{Gijp${Au#Msp@|}g%Vf_H`;I3 z-yw|XEV6R5X(77Ei>UGUqu*%vSdaZ)=g^(@k5m8L>$plwxLbCu6je0b_@=o zGEkzaO=1dI)>UBvQWg0Rf`S4GM93B?hE0zt}p8J!5{1oEp@bkGTL;n)Rpq?u)L>fPFS6Jubuky6V$BWutnVIGL!)tJerH>uv+F`(DTu0? zrZXFx zppP8KI5E=tdkAas579$F0)nJiGqy=hk}*yVgWfAOzi*mUCL4_}Zjy**s+LU>psi^B zF!GHKE4v>YR?Sx|nVqAv$Co&s+ujTNW%V-oYE%cPl_pR3YsgW>h;K<7g5^y{|O1D zjeBzhRO5L6S?Q#W{GSs}+W0q9Hq{?9KQ5RW88bgBml_!}v{+)80Uk11Gi_9Jq(iA8 z)I%mhwDm@d(AZEWeUGC%Br z#{c>Z-2b0{^~M8jfRREn9OFn3LDb*T#&_=jwX(Idu6O>^-rmvrzw@8}#!pCHvn>;l z_w}<$|G2h6lQhbyk8knFD|9g)mn(<_Q5@s&VO$1EVU7Tia_PSr06-s};sHZAwj4W# z5Eeri&I7PW(8k_@=OAzpI6{1ZqsU5NYY#dIMMJC|og9Yjg`RO&e6ff$q^dDcVegya|%flzKs>zY6#oPW}?*)p4||hl_SU2%Ff!# zcCeK_&(`Wc;qsl|x8}bJ{Cm!Te{cTVSlia0{|;9F&HsPpr#t@%g{ct<&|pea&fFgq z3jiQMWI~wIr5f?4|F2o`|I1&!`L8}y&z8bCEG8|6e_afGXZ~B;+B-J5|M$Q7|L^?F z%z#mHP!I_LUa$a?VGuBhn(BZJ$BJQQroJ>^sZ?@6vLFXR#aszh7~^_*xVVk?cVpXd ztT=cK&LFDz3nC#YsFoQ3BBGKj1dsCe0z|L`Vqj!}NotuAZB175iH1;6A_3}#9)KyN zQV>-!=zn>DCXIqtAy_6tP$~7d2tldFKsk9lS$zpRj)H34tan}eG6aXH00vklgri}h0+awQliV;y9duf@3Zfy}(MUYG zOmbt}SXn!=oot5;A>W!2`#vFoH$=2AhyukB5P-rYbY&zgh}1z}hYJ`Wr;eiuIV83` zF86-oR$#^qfI4PRJ(JCVA`v9OA)znTLI4W$)KwZg%AiIqkVJrFg1U1tI&VfaM6v5=H=|n}#}vkBI0~y#jUW2@d1GHKzWrp8SsnB?<^*OF&c%{cHN4gSAzC z{m;(M;XnERZ~V0SpAby6xt&LAc(jR6Ewa=$WA!sY8|-)h(?M=5A?s*{Fg#P zSRwtp1i*Lazm-FS{h!@``rp6u`@819UBfwG^WB-_)UcAnw;HF%_&?GA#QdiWc-%Vc z9M^^1^Zq4K@ICvFwL|^08p7p081Y~*U{eo z1F6J0pbUVd@<ezfJo&M7?cSh4kHqg zLUrb8rBbPN$cZ#$F<=3KwYr415=2*4ho`lrUWb%Ydx~b0&Ht*s~Br*M~+-3 zW<)_MC4ve`hnkilz3zd*))3EN1JpNKcoDo|umJ&;^@n8! z4Gj{inwc>uD5S!x8RA z9FqX6eg2X3DbQkD`$QK-pgJ3^nHhjWqPo?Jkic{fT|y9}8d0n@e{oQZaS579P&_i8 zLrof87e?wuc{BvW000~mt5C=v_#zTmpkmNQ zelk9dG~HW_k|;qHW&yyWx|F#9i~$xB5Qi|_f(1Yl45AJ{A%KO4Xgq@Zq7Vkja0?2Y zh6_9{H%h^WP#J_n7zakULPUUZ6&QrF#R^ymamfZSu9+N#*m8wL0?Wi~>KzG*7y%ko zd4P6PR7=!x2T&qW0hpRZ833Xvr~(jCgOR|Yxj{VvQU!(sd{V(tkT9q#7&KlBVx`68 zAfc(~(uFln7!G1l7*{iQ*m6Y3*60FUf)a{2wj70{K^$VM`$;*Q3XVFnhH?>N<<+M0unfiOm~Pu5TTW!ppG*RkpU7!OfeepzyVx=$}nK`D1Ucy zVvZl>?EwfOzCtV}k$i<% zeWZqTP?AB41mbdH{UduuBgeE9M3F)wp)xu`QaLd=0ZUTmsg*La4^fDej$~gBBqo{} z`KJ#Jk5{in0%kK?qkySj>i}esog#&b}6xcmLsr?>~%kdY!nuNK`2jzjYScKoM^rwa0UR-fgE**moy@$DWTK2 z*r^)^wAA5Kx-bBISJeFN!shQ3H}n+L6*&}s>X!b5xcTz}=bslj8j2f;o$mmUKySYZ z9@-bKJ;Ljp|1O9Ohhk_6Js!a!9!Z=a5>d+3W138$Cqg7bLQTK`AtIwC6$OI^!9mrd zn*v72B^g2;y5&O>MA>i}alQj0FcOjhns-Fo^w=UhRIS|rOi+O%Ocr@`LW@RHz7VPl zjsSv4B|>%^1z4LR907>>LSnj0$%GBWARIsjU9;$9;`C(}7!Qbmg#cR-!6W}23(Non z3LIbynE(@Di)z7UP6L`6UqDJ0}}-bW6}{3BrzP6r}Hf*61a1k?^)s3K;r zfW!h8Vt^&VNGk#u!A(#iL6neiAic^3BMLwYssJTONf=7|gRvjswX+&s89^r>mQhO% zfeh7%91%9?Y@OqoWM5;EQY!lfM-VARgt{fvYi2z#v_R8{MZk&_@c|@A0F;pN?l=Ts zf=EcHkU%I4fH-0fz$6sFC?=k_yOCb>n!ywSA`?Jza$iqW;Sx;I^d0?yUFHapM6Nh)6_lY{sC7lv=1Y_g_Tl5E=ofGxUIbBpPCAQbg2Mz#|ci z-lmhQNhBBz>F`9`(nyVJpNVcfLPHmj=3qjB7_Q4-20%36Uk9X)@m3TJzdE1*ow8pi z2#*-V970H{*AtQsVtS|rnKoVkIVxdNZPJ253N%2f3fFo^PYlhLnG~9uaRXQ?Fh~d} ziA6c0uJ6=Y3nJ7@l;&H+zy>qwM{J#3z69ZOsVktker}^&z1=ucp&2!yWnwnSRvUiV zq}qtc*diFka5k!t0hYu*N`~N2zkv)ht*rq~9j4Arz^hL)0Sd4rS7e18Ldi!$AA=>3 z7{UnMSDo5{p!Xl9l}-i8#v>s%iXb>!-4{B;WRl*%O#kLrCK1>I!PEZ&aFU%m8W3A|J?W~9Zj)F1_6p)`Ki1=SaHxQH%L#6&$)k(>s zO$@Cb=oZj2*-%ql2n%q{_6?Lm5*O0$PHZ0tV6jXr5=0^4XoW}wp%{}+^fsCqM-EJS z=K)7UgjSn#ikS=0cD@(V&pwJ^>iRo z|EbSCon$l(*hhMHh4oY0ki=nXg@>=e0b>0p3x<<+$w-Ja$u&~zJ1iO0I46jg9AQ0% z{FxDDM(%vs>g3359AWbzwgdr%kdQ4x5h zEP|yC2ciTf9VZGr5|ZI+t*Xi4Np9d|l;2)14v*x69J)!hHH`-dsbkxeN?*U!cL!fx z@ox@1KrVLYgSw*xn879;D5P2rfD-EeII6&K@;#LjjeboQBHz?2AXU}H8>lc+MY0}Z z!?AX7;#hI4xHfixRA^5vj~Yoz+BUv5y(!IkVnc6O6C<9=+}40ZhM6vC4FTRKI`(kqE$a zMF0$uLU<%B6LXl2@w6GlHrdxYIM&Cx9`or7vzpT;U`dEH@<5BmLWltvB*S2W;o7d2 zf%WhsIzfq`Q2;1GNY{!MLI8PCsWA-eqfRTRI*W3>@^~DhYih%?Qoc0RW z8*uas(%_?c(p9L{c5pzbo;a|KP=*nikg}b~5n!<=a4DFeE}y z-ni)lmGA%y3)0+(Mnfq5AV*MK{U-{E;23owg{ba<5NfXD)eo>tsPmvPn(#>AAS#Fq z2XP$LG)KM>!NgovzY|14gjPyE;1W!G^Psakq0CmgRMKyGlwH6V!3a61U7XG?N+k@@ zT<=Gkx&-Pc9xxt}K^g|w+u7PMbUn?a(SyDVkhZR=^+TQO_DENwx|}u&STmijnn6NW z#@I3lCk6~G6RY2G%?OBW0v|eeB<*cgW5}biS6>+i%2dSe0j7t!Ru~>_UYCL@QYz4v zH4flL&`A1nNL5koB;=^u(vIW-il!0Hq&h>Vywe2f&e~xhiK-f)7RpTntt+JcCk@ip!QO5livUK=DFGR@z$a~N03<^c z;z$4%)mzUfN4i7;NysIX*qcQ{U^GlEDGZIrh*vkmBI?{ov|Oh+g`*0H{EPIc10W!S zlmIT3i`1?z;u{J{k!aezKza)5x>qx|>pM{DVlwL5h#);!fTN=$P}g6C#;JS%Iz3-V zHGxWf48Rxw%ftu@2?=gQH1xu0h=MU7f?NqA)R>WtQXVl~BpWm0G?Me4zCMNuf-*A$ zJVa^(H%ljAin9C;(|$FaE>F8xnQUfbRhUc`-TNBfi`rR9&U1o7SSF@n)g{2U)XI53 zkkFavW~i+AGNeIMq<^cNHB-vN5|M8D8L~D%#> zVUY+zHQ`_NL-8=plqA9Uf_P-3=0YtzFa=+;r%?wd)XjcMGT?{?7nmSCTHBt8)rBS? zG6?XUMDk4IHBm3X8q6>SpTf(+f<&WU;31REB(w!`9rH$nkS6oF9|Q^mQ5c7OWaL7I z!P6lg;6&boQD3>7^_#!99b&1%F|rjcrn31E4zlT_gny|) zq9t|bu;nNON#(RRlxW|d<{hm@t4X9EwGbk$@N{ZNwbI>C4VNQAFYOX?L^!HpAsQR4 zmCJ(m3A<@*@>QAKL)JQ|xxbLC8;A8Y?t@AYq5w^w}qW-21)&uwoOvOiH>fX~~ zL_8qGLWo$f01HiB3xfE@8YG<))GAcB#c4RTCTWEmYQk|zc+?lt8>VJ*^MEx5Mi&Br z!9qv?qL|upEJuV|{L^vQkZ;uG8?aG@C{Q}~O{NK1)8b^^_j;dv8w>xV3lO`$XGn4$XCPlL=Vc*xHezo5s1WCw#Qy^c&r{Q_BiShg#B+Pt;bP-cM4Jv);Z| zciY~GAoVAtemyx#t_1&y(f`Egza&N*l~Ob4IMgQOA{C6=h-gI_Hxq^7Kl2Tz3LZOaT z6Gteo9k~;hOAr+#tUH@ev_;G)L{@)FGib9SJ#1*ThvKa|N|M-Bjn^(#2bcr+$RsMj zLq=@N$TV;w5lrmT0m|M@hb+nvWkXvFZSvM^+7ETj42i;zwp5C=dM(wtn-?qCb7?j%Fq?wG71 z1#v;7+Nw$HW>FZV3=4=1qQR2fCeIrph>+?A7HM)oA&^e7=Q^4;l#N#4l)rKo10ae;AM{?!Rc0*bd?}$;0C~(b7dj)rbTssYK0n3)1*TmGdVdxR6z`I)g0PpgLHOs7VI`kaJh# z+$TXoC=QFL9H0z9=TRLoN?8U-kS=wf$=C{7Q6g%Mp&y$p?+K~u*YSi@jaM7hR7<4Q zSe<#ak;SJj0Ez4suD`#RMndv6SH;jqaw!066HJ0{b_71r6q``O5g|s!o>4TpjM9*# zp@(>*9VZFukmmG4M;)CBTRsTL^TUyxLGt>gbpMaV(sKe6=>*trSb4aWH2q? z8$ln?a$D={$J8fPNKwoKq!g68trY1CjwZAPTPym!BS7IjkrE4pkf0Yp7b@`6S3`lH zf?8Yo(ErEYyT7+>D~qE0*QLJ#N9j7TQ;W8oXMJ|ozKZRp{+8o-TTZ&xO?xefge24y z!4jYyHO~Fp&xZj(f=^Mh{K$^^eQjhCkHKIt7!2lNZYZvO&!DO`x@f30DRo&y7~f1W z-7y>2BW1g4rdl~Wm;`)bW?YLS+CuZ=#7XrOgaaut{Sk9v#>!C?`%+Q})xfZaL!p+M zV9H1f%xDsS(0BNpAT9}8iZU$VBEnP)JkXSpOSSE%W$9)JDD^Fs<#)_qa*xM8k!1Kw zJSLXI$RQr5gRse(mUG*#3$((bE@O zTj(D;D46bOBt?bp)PChBa*TD_`n4@fPgoqS@pUH$zX_jhHD-geXv1n=^$~kXCvP+2PQo`6ckeCd zRW8QFt5*fT>0GD=^x!?6_nzJZMrm6aX?uFTEb3X?WyE5_1L7w$b!KMjk!&&;cLH*0 zmRRS4;tn>>ZxG}i^dr#WyL2~{V29%~FY)zIuMqk(CJ;@pzkj&Ddx|{A!=Us*y*{9Q z1MT+u`{>tS_K#!(E*98lV`qYS(%4zz@wApy-$0Ld-ya?A@18zhN2j^U79eMw{$*8L zNBf8UeYA!4kM<-4^6S}fCJ0AApS*up(Fg)Rvj}|80rr3iNjhtf%|hRLyn&KGy7CW$ z+{cg%Tj64w#h0ZEv);%j=AdtDANJntAGUKJv#HB$(bK@&&UBEDv8tQ5y$^5q>$~aG zzY5(*6hOOeBYxF5(SVlvRmLeEJwlw2g$dWXRqv!;I;Hwgl<||%uZ&9a`0d&L zzmDIZobI2T?H%-cZw~j*_V$17eKlVVE9=2Ri7H-13%rL!vG$v4D07e& zO=x9PnZg$AnfDP1JQ6_{KJ_fLDv;paI~ufiP`B(0{@ex`pybhx%8_6@~l?0!hx4#&b?=2%NWhj;RLJf#MJEE5S@9Pbpz~;*TMq9-< zkKUi|_Z{(BEZRrC{NLSr{`6@<{_j5If4i0E$rByj8x6r_1`Kd6Cn^ml(a9buM?<1x zcq_}TCr?@}J1znaQac#pp$m$Y-BQ&hhy187I8=yBG-AHbE@dZsM@r?Z3}`N?n9xAo zRB3ZN@bWUy^G*CovU~ANYmq=oTFnT0;52Y=RSvWiQqG@}-052st0sS=i$4 z#x)Lo{ki~5pzc~6Fl{82g^L8xxq%S}9$E{SKx^dB1mNO9ECsH;zK+&dR8lq{bquYk zVD8zG#hmPC0$R0^v%U@>oia4m{>MpZfDwzVzEKnhdNviCM91&@r*BX8`)9qqcLzsj z$Gv|4*Y_uTuYXuOkB7t+J~XMrVs$#Hg;NzaE2o4f*Cm<|I}FKVuiV35x4$?Z7TCf@ z5{xB@5B9Z!(ljE8bewHOFa(`ao00NYn(O#yo-VS^n=^3EHX z6cw4ePXm|a?2{=s+WmsDurdl>W(tjiD>inh>8b;R(@b#*kjO zkcsnBSjBuN*_RR%x3-DJ(N6Ga%tjy{#n-PHhIjOSZ~yGzILGF|HK*Yk&N445$drHD z`rY9Ii&>7Iwg1=555j5ER4cH+g`aOT&Iv_VJZ z+p=NGviLeeU%y(6sa?*QG$Gh4{s)bI)ad{!en@a}k5;*&G5DS#G&|-=EwLrxZ>M;M z1U@GSqY=48QyRo3wR<6m%E7TQ{x-R3oa7+)E7+ieJtjIK-IBG_xZ|emzLS>v@Ry((QxqBcZg5<=|8$?&j?Uq*hA8CVIwKZc;>c@88T`WCY)BpRF}l+L>Hqsy z2%@|F(%EvhobElErulxx`UGgE4m^6(!*mk5g(= zLUB^}2ZQ{Ns(s3W{U~A)M?0?z4PPW>xO0)mN-~YSjn+Ks3e@KMOj$bX7Okzz9>9{N zjec0K9vA`0oH!gu*du9&4w;5xmUMfO8%i6k`Bd_Zszf7hy=M$ZEJzq1MPLlSXE zgo~vDoRj}=tGkug|7~w?J$=ys-Ny6f%jOewL8m+5j5ne_k$c4JsYHuAAv@^F=GU(+ zS*o@FIn?2~lzL9G&_mSjq>V|Qrx*L?lU5qoT=$`}ZT%TzpN=T;5Dr6?iJQLRIHA^VU6;b=%) z9CHFbf9RiyX`9waQsR3YjO@Y5R%I`Q)79Egg(TG4O9=TM5_i2GGbsl%1G4s$eCDsD zOl5&a7?XRA`Qrx|*3RqZlVZV{h#abwjI5Btnt8i0fMG-fF+%OX^UmMpmX&Eu^}7g} zRR8`KsYeCtC?TTdr}c*<3!PPaZT>8*&!^fs8uW@8PXTJH;kK_sM0R`2(v2dP6C&bB zX)kdYMl6gd5JQqJTRE01wU5fNGlxlLwMj`k8P>qb^nygYY#K@`YX9SP*Ll|2+Ccx= zbzXM1+Q`|(A%?`*lyFB9pl-!^ON9YUw%684v{}G6FSel=iv{J& zD-4@)+U4V_`Z&RBRy5&?Nz1HVA1u4SkhR9@r}#b%3sYHm0uA>iL`* z*Zao;oPROmG#L9p`i6=7_^+99D%5ULkj*a8R_E!QS*%SbC{FGJOFlZ;B*kA-bC4`~ zZvLI`0EO1o&QC5(T*vA@;e_>_WQl5itM(eUd$?BXjaaUoY)7vVl>jNp5>&UA%uh>Y zP_jX3RF~8%xfiuYzEu4T9!vEJrB(8MHtoT#8{xp~`QZc~#Z%PXT5b{=p?zs=FN@^` zu-g!;w}Q<~60|0mwPmRVv20ac49#T~tMFU~Un!<53*H#6&2@V%e$zYo1u5537A{1& zNxjOk*C-}y(a?nE8sWsAss-_5RfYVxi_#lZnv0n{fJ^Q!k(jfW*m7mbWsK(JbNeEXr?8JX`(G_87y%$;$Nxk{JJX5rKy%bw)a?sNPd@8l8 zEX|2st2SW`Q^Va_JQf43Hx=|NYAz)DSGO_uFi=(X;dt zT3u8+tTtK`q2Ig_eUn=za^y;uqcPXtoYpJbn0xo#oH<4@jN&p02?>iR$R#DNpPCYr zZ)=7uTk^U1ZGcRGc;WG3V+pOCe#~IgTqgAjV<=NHwm@a&YiI?(%s9+i$p$D+lNGA# zr&{1Mi6q~ZuAcH_lco1183L}TS4PM=O?#&1YDn6ksyqkgLO8RtWzNH0X=cs&s4K75 z0CT3|O`x!_YE&On99k>JB+RK#hFU94$rkEx%ObSq{7ikqowq(4qP9vCnxpFWdU>fd zwQPI6KNq3UY{t%V$}G?7IiEBu>NTKES+k>u zv)V;nfik^8EQqf>CvS#{l3ltKRCBagWIA;ndm=5g8Yk8zFj{pK+Edy24&eBc2%&n2 zVB9(X2GRVdEkw3wJt)|*~re0o2Rm{5kTl=?myUqDHM9jiH)aC8~XKn1*w!Znzd% zRV@@TwjAE-v9~A=7aXsR&Po*5X_Oa5^|g_F`()X8T(yX+;e3HdBAzm$Y{HNv3;qWP z(%h=rOF|#OZKE}mcsR*FlTlzXaRhV3gs4|pf2OZrYdLJ%d~Wi^EF=d!3FC$w6I4Ef z890KgFOKdNMJ%|j?80*{EUbdfthfKO>vW$jWK^9{ zC2Hd^G?v@jb!P8L$tFha5;W=)$kb+B01*vf^V0|9DdCdRRAx?B793$Z#{fI;c$nN` z>c+rR5d7;(zu*w^bENM|h3sr6j_=_xquzT5nPDC#lm{o zE@D#_{DaW|wSNoRR?&_XCMYSJ*FOCgeC!>5*zco{y~BgO-s!>nqn+OZxC%5?u3*L+ zP?PqN)Tvgu6sL}paib187$G@JP8|7&YTJG>ArR~dc`SG=v}80PI*(c=_p7YC0NGVj zgtbC#!5?5VlK+|&SZNxHS+-Oh`RnV|pH)_=brlvV1#l-B{sywj0q6QRi;)YNMZhs{ z$ixH} zKkcwToF(aIKIZjaix4&J7ZpTpt1dEBUDUKC5sq>+ZZ)xiDysplmJAa(ISf;$!!5Lc zFh`ff_f^VV$U9|cyaSJ94hcJ<4^ZCG@kH20md*l(VOUI(1Xd(c9?$i{OQNzdjYlRJ zb-OGjo*aEr;xa)=U{KO7D3KBs(p9nxSE*QJalZL?-o)7~KhkrZ?XS^jLFrUKU^{!@ z;)Avl4c^?icYBLWaxXj0&0(t13N8lj$zelKPYz2jfB}FsQ{i=oQqoe{BD?Dl1`p3Q zo(1B6B(@>W3{Mw{05T{4$M)8XeEyH^=iTjx_#e0NSfLN^g%M6J#A3NA4oE4f__%{E zx~+2>csr>LMr%q0_OQS^EtK9CHj1g3F>A6jLVhWUC#1eQT;RaND*n_J3TWVwK%i$z z5A`K)e3wgfuS(%e=KG2ePIL8m#l|f?9$GI4POHcix{M085h=h{(5$S})3!zE3TY6w z^A-y8=msFpwY;M*U)5dm59egIVRBbm2J(QcM$JQ3lR$H8QK?v!f& zUc1>OyMSu4mIM?)Ovis}ut__s*?Au}sKuWJ_ z|5u)^9TJFW28o$E%1j;@$QM4@;D7q^KWF^cS8IF7*wW{Ag>sLB8$H(9t_t7PZcw)m z)K0CMQrI1aG{DhpFWFZ#8xOIVY@i=hV)T@cfB6DwK-72i^()NL52kw}^oJ`neDRC~ zu4R8&!O`b$XiaGJ>p~k{C%e;SC|0+ltWJP7YMQy;LK2*2{jidzdH26hpKj&(|Fh>0`Co74$uY~) zw0DxW72D5bvCHfXRcyaHsyRq_%kCfFm1t-SKc8O>(WO3kGIcK@%$QFA}UsTVY<%gJY^l6w*F|9X>*fiU14kzX*;KugtSs=OM z4r)Vs#a7lgsCvzO4t?rUktEFG2EMF|QIcjW1-~feH*Px7Ky(DyU_KhYf#`4L_n6)F)%&?Vu6%x#XG3 zf<8GJJ$8+r?Xh{IBHtx{CjO~H`5El`m`;RlY#sET24rvg7&Xj{Pyim zPM`Q~ZE8)?B3XiPlCJpSM9zRdCe?(^=}1OLB`C&xW3H|A7|KVd$}@OCI=yoptkl_bUAgM{CN87j6^ z1UP&ClKc*bR13c7ljYCc{#}WvgtItu34F~T%P29$E=V+lA~7eqnxITdW!%Pd^?kC- z|8dWP{C`LTPl|Laz5n0deo?spf6)Kj&eN3tzflwaunnws8(=;;AtO0dYpY!tVP=o0 znUWTdArk_iwSzKN96i@%aUfdeS^|1bazD=rL5)%q0iJ2jv2)+$&Rcf==;T!Pu#Mco zvjG2BdPTnY5nvwwfB7uW|F^fdAMC$w<@r(*wm6#x#i=&WS4AFJeiN3j%(mW#_|KRm zMxP~GxD=j3HeVfQ?9Y<2NgmK-Jni-MyxVlg{Op*FO!@1bLJmeNv#e8UxL>f|N;{j| zN28`IGRj)o$4swQnfVZur_gOQP_uq21IJ}vO7Z#3^st_XSr*9xTU~iRY|TQnEX4m| zd&hcvUzz@Y>&3I@dHMhO%Lo1ctvt4AXoVb?ga*sFaFqyqbsI!R(6l#->vR4Ex0-Kd zqqrS$c=7eGFLqY9{ zWc~HuLUmVsPuO$><@bb5oCzvhsDS00yID-^Wk}$G^Jj8d7?$|~G{-p&1c@$e^HcMt z3EdQH7mP8RfuRf_PwAAfSfrIRubTi=(M|@c60_9AFtm78P_D?yx>~H#O!+}YwCZP( z{XY$G-vJBWrmCR&{r~C9?QUNG^Xyso!T;k{o@PhuCY~Nu`422}(7rCxFI5(`8`|Xq z?X_31`4((Zpk-YVRr&bmBcmRqu%86N zyer5Ys*q~NSaLByFdb%z% zf+}yQ#FsX=2pV+&GK{945@CqD6XL}_iH@v$Bq{Y+uNBj%s?jbAI902znBUX_{6(d} zrce?vj})DJ?6+mUJtcLssA?uN>h(Js(SVAXH6Qv-b=OIq<+~NkCsCdfte4fD+clTz zUyx`@18CrFgk5q>A_~q1Ebwet>WXD}O~VG~;zb+a>?)R=)lUQcW(%aAOvWJH1}fj0 zF0%+YWvV+5qO**S&zYECa+k%J=}PEeoPzLEVnr&n#~};E2_G zT1Bqb%odk4BN?mm|H)8yUA|XUJbSreo`TG(ZQ!z{EYr9W9Z6cra#)=2JBduH*sObG z2W<{%u*oO6w;lI$?#)%f7qv1;USYB3>X1Lt8WOAzsnyV04O;VTB=OHd>+7hEW5L?R zUfc=04A6jjs1px%;NQ3C3c0a>M5m~YI-~7@J)bu4kn;an#s4Y+zdVavFarGS6^ zy3>eHE(>3N+T}An_h_WEtriv-xd#lP?T@N7m}7OLG+t^^28f*ZS!20Ec|SL_71^XI%U^ zVsYTL(G~jbPSz?ypK&zidI5D#<}TaDOR~`NN>^vol~?;Ax9KjtTUITe&Ix+?@+I2z z$i*g~Ocw;HWCt$kC`6DpStVe3Qkhy=eZRwPpaDrO4t(7vuxd(M0=jCp`a-eQQo$&n zwYy2nH$Rh=r;e(bsHtH4_tuMZb<;La&Qh(tlZ?9%i()~E$q2hS30FSJ?y|Flpupo{ zZB_j}U$KI?@+Y?f8><>skvCbRD&=0yAgJM7rtb(}cI#|hAiRK?7 z8y*>L9be&un5y|ouy?yh!$nm=XgNN69j;1(i~Pw|P3@b5)1%(IgR{N;Hy_^SmK|I` z=vj;c9L;n{B-DoJ2JPJBcw`ul%TMlUf5-3pr*BX8`~Q7-_VNAUhj;sDdj}`w{k9u$ z=Jvc!j^Cf0o*jL7_h!GQmpP%U+I8Hr(Vme2_I9s#+N(r!(XMw73%p08Dy&v8^gJHU zPWF!v4|XA|^Vz%id;1lrNN(5~Hua%jh1CWIx3M-^Rx0<(;aRATIWe}-KU04$iDf`N z?)Ce>zCYPJ`}yFoYWP)qi*|t6oMUEOB$F~hw-J;Ty-aNSx%+Ry<#}^i^0lA-rNx&qjs)wFen2n=4Agf<$?y|)Fotn#Y;8)vD$T7 z@OW5qkrv>)$1Aij=B8(W`A36=r**}%dCf`u2IlS>9QD5s&-RacZw~j*P7nL@MY$Q_ zZPX4}yY%4KY)5WzRJ5QwJ?x(ypX~p*c5a>|J?ug^4*l{luD)|mxQ_@3VKUI)~i54b1j3N zX}Te>Cx=TydvdrKsD;S%8$KfJD}XaS+_t_t@DHZQAPRETq5zO3ph!yIJcb26J#Hd)~*<+V{~g1Xx;oh@g} z>FV3Z=9FU*a>f153ebKnEXp~%K}@#o+q@NFvdAfPZoEC><5`(?QFg_al+HI8RvId0 zn+nU#l++`XssH>|vIXDW;%yY zX3N|jqwJs#Dd(Q0>Jl5sT?Ile*!GJ>Niv6>Ytdw`t!0Ta*UUAjGS||z$THW~5_DO2 zm$l5fYTiMi(M^dtS1lp4-TmFvw|MJUGpvXyaWk_VEPQcLKqO6K_+TF&+OE3D)szu+S#36e4U8mO;oow%5QC zr2+Xz3Ez zu!FudL0ltQtwK&qy2{{eN<11*chEaBWzj5)PWl%)q*E$(Q1>luNauDmnG$&}A8$rk zvXqr88&Fp0TNZcu{f6fY&)cAQmCIhH^EmXdAbk;GLB=zM^+I~bY#}SVW2$u{f1>sY zQDNKKbrlnwMa=hUF#Z5Vc2E%eehZcEnwi*SCDQlYc~V_oq&Y}Vjc2)u){ytAM8(N0 zI3?O06`WYrlXK5a8`4?K&&g~9{Qx_;snt_P|M6!`c>Y+*1&fU3R_Pgs{zb}rEtQ{ib6|efE@WHy z@(|SF?w;l1KddtT^YfR_x1Z+YKXtbs;y>KVb1RV@D)YTV3f-HE2AWMXqPp^z%dzrJ zM|jXfzegb+y7yh?xt-V&I)n5#5nLjHwNwhzB$f#>Q52HPdnlEkDq5c#d1CSYzVQeY z8aE9>P?Vil%4#>Cq#_tKVJK?4w*pZt-}T&36g2>3gHbF2!$UNRhTz;`G>Z9PTE?-O zFdpJjJjA1Th)3}dk79*>$Pe)-?mw^(@hBeRQPi%y+7A!$C?4Wb%-;td;!*t1iAV9x zo2GpmMt|RHK#H2fXtv5S%I2EJYt5LhHmDsES zTX%9Tz$vs;B>B>rm*DnyPY#Yx`w)7gQPhO$9u|Qx2@$Xulyx50B~VuN(vS%5VI-CU z7q7@*SdG!9v0Kyz`4GJ2A$W`RtSWemt=F=`j%4yQ%mQ~3v4F*VmrbWspf($g+UxT$ z*#Gy@?k^|rkKTXipY6VX_wL}dhRUmQL=^gNxM$1FIs<{8&-r_p-F*;G`zZuTu8M2M zY`V$#IQ7%~5Mt&b#7y?N$q+LIL@c~9-TY?s5Xa^QQ_teFXDBxx9O(ogPZ~R(v z9cWSZgNxE)_1c+Ih4yDqcld);a=}}{^__FcPEqNy4h;WRGAN;giHqr zn!D#g(;NZ-HEmfQ(wns_59JG-{uSK2zw9^Is}TR;-n#ke|y8Gmw1)8%8Dv{x#^dzu!CA{pGB8dfJ$I;K-evVIdlG z5Z%Ym2ZyK4Srqg#qP}R(sXm+>HfueO{EGdc@pkYKGVUQ{+(XE?6^D$gkP<)Qi0{5D zTxS$HaVPb?F6F~17q&vv=XxoLDEAQB?jf|@Luk8)&~`Q^A41zbgtjX#qleIT525Xr zG>fZUmxH#XZavK3Z&11guLtfr9OJhi z5$?`SOaG@C?S2b!*qYGl?S)me?O+!SOITTTxwwS7xs?Pa%(vAvGGQJhA|mS624K@g ztTE0pl{IZH?x&flInO(@Vk9?Z%39TasYz=ygH~DU2XnYbJFl&1bq4`rkw+pVm<~Q? z<^j!Ei~>SD`H6?brK1_bC~0P`+_DY6Sr!~)pAE6^WDbz|^6Txzl_D@E&iyI#U`UC! zR*$WX+8*U{K;=5-YJ-)9PwAyRXs>tLJL|vyaI(8!Z*&tzG!P@yo-i(6rzdcE%zpiM z55=5Bum8@G9;*Hc3IX*~9{2yw0fQC3g8Ib1zFuiFWAqm5DN0L=rn-iTwlWHa(mAWM zOR#bF;pAX0$`Wkt{N3C9JO8f~N6pZYu8CyWOR19^N_qD1j(h$7o!WrpfhmLIp4{jy zlgcPVN_A#Hr9j%Myg8e`+1D&x`KoL;O547k9mh&_zfauH-6(8|t6BuU=L&#B^;e;cHo}+{ov$FxIN90N;XUr$jyQ5Mlqm zM%Zt_p6^|niF;MFn=@%;dfEkl7k1}?O=!cR^2T*!x7t@B9b4_x7*iFyFUv**y>%~?v|HJc#{13PB*!dqWx+a^0ik`ecCWq>%|EtO6 zFhAQuAqxDhr(Q5@QDrgM^7D1G$umnI126A zDGh4oqB4KMvu}>MJv?)t1^ItOu(w$9pZWa%>5He&bNqjM`^EMH|G$l=a2He>m`Isx z=$QHzbKH52T!wwZ-Bi%ixlmQ%j0~HUDEZdO^>R83NrUDgBTT+sc$shTkYVo)_Hp1! zM%8{t@$t+;kc= zADE)~){_si@tcuKB=cH{MDnergQBC-)!P)T3{+(eRaiC56OrWc(_Zd2yz-D`PUWu%#txl;qd~PI=3kgvI2)g+)Jj z=E;B0pXcSj?$hTF^53mIi%53HnEa+hyIlJ#mF;qE-=c6=)AMaece(CYF5czZzeD-% zL9}}i?H)wCZ$z~Fz9c)HJ@u|P`;up_{O3%FKc(Yp}jz zjpq?M#zK%N;7Bl}=2_Xc3}fnhG#H~0yXSaJxYK%sPA8Nj9*3~l5uXs>M`NE2Rfc35 zj5kn3d@Se%0RwRBJr2CqBNULavLIYj(E*94?!W)nx`W;a{tU4IYD$n$NFwCZfH*B@ zuYcATEF!H(Xcv|s`ncOi9*ua*8B?(d|5xC*oZ(;5Cj8&Ln2a~&|IDBKBG^nD8e;c6 z4iQ+8wVpWqGHg9@hWNbo#1Yf5_2mC=JwhLGL|M$y!QMV^Ibp>9Ag*XR)FXIPm5bOP z_i=sCd*-hHll|V_yM1TsE#F7&`rqDu{(L*P{<|-`&tE>Q|J!&TAsw2#|KEqL)~EE3 z-`6HWgnVan^YZf2b^vA3cyk?5j&Ok3P_BcHTJkKwe(GR4#Q`3ZsoV_tj0-YFYwu6? z-n{Fts|Ak(M5f^cbIK755LmHtI;1`oGZ0%?fQ+QhJ1(1sK9v%Y(`x<9BJ@jd1BE`3 zJ#j+NCouuzypW}EkExi%Ln&h?ruUk>MMTJ^+LKGH@;ei}-fBI1gia6t&)!L^H5d$B z7I5a1)(=SThR_efo`-a0WV%%CJNmWVwW&%2F0k*T=}ck`;4eZTy95Xh0ueDUb|rFK zEnvRT1sXCYxQKAb5k{r6Rx*11Z%13nrv0rWkAyy(!ECWWHu=wZNTPrU!c~(yo15p! zD~GamBO#)g%S}Q|2>SF3@uw*Sa=Z?oteXu)lSJgST5mMo6uyv)12iNk=4Lm5?r|9M zw6$~n21c}wMl7;{mIPx_92+4C3))rf)4)K>9b{o~f;k!z5+FgiP_ELKEIL;(9KAg_ z`WHF~B#QV37=m{62sY5jk4Ydr==V5cQz9lL20|7rl-&b9-u(0UBs+pIVxB|U=DGv( zdmIrkDCJZT-fDGFigwg>y4ydtI%*)>@((2GUjFse+3F05z)$7($MHIUtj)kyM{2T!XB-3MbQARH7)N+YYH3@^l5b_@ul4K^ zgu?GmR6f@xEt>$<1WG~m;M{;2)pCcR~97XspH~A|x z`1Jb#t$B=a@CL)4r=r54F!p^7GH9*UQHXdbWF9w@Xk*9r*Qv&Lf*oBPxw5>{G|c3Y z)lCoDl4alJvl7}-@$;g2a-iwa;yd?Q6jazzIxdH@WpI?iPRKYFYz}@(umcj$eSEIa zps0gc08JKl1Rgi3Sb`ma?{)!IK38b)<+S$}qW*ndf_N(8Xr5)gKp$ckwubwM3 zI2au~_dh$BI<@6V7C15t@3 zS!$G`E~yY#4XlCgFpNk@lyWYk2VaHYxRM>+45JZ-Z0yL2%VFkro|Rxn`RX5&XiB*h z;*!V|W$j*}eHBob22`Z+qx7Y~L>XkM7EzcsncPNTfssceup*kFH7P~9a2IenArZ;k zSe(C-ClV7NcmVp}!ASq1m$S!!pIox&yhv>;Sy@Hw)X0Zd=pc(0RlAeH#61xbS0W8o zW2ZzuY>u6~7ZNRLa7qK}k>O%Es>M#JeApa2cP}JL?7%JKl1r-=JEihrbL`x`ka&d# zJ^vEVY6ZBu`sLWEjGaC}R|sOLAMC-gTr$xddtL+EwGnpVu8wobJ86L4ha~7v=tv+I zp_qCo4$cF18EhcQnp6ywHjV{ruTBYcg$7&8?^qf;xu|UQ?OmZ?@P*o2jHC%69Ek@? z9WZf&duxI{&^`wj=mJM~B1f-e&$2U0H;@MPj()h;J5KB*?&q^Y>{MSv zO-T|vYOz5>&e9;Q@L3&p!jjvW@*cs_Ac&_!5*a%t3oUYixhx2X3v2C8pB2&$B(-m( z!B9K~s_}tgHxfbpdqFYjvpVbuznRRGVyBy6=Jc?SNZ>}Z8?nM!{#oJ50@r{>w3F(0 zjBbW0yGJP|0v}QWA&aKQ7;NuI78=sPTN>0Qo)xaFc(gEfaCongv(h~)$>Tpq`_(gB zvK%q^sUSSYG~hWL>1|#$yflQ@c~*`cC3n;`cm;N|ddRA@VLw1J$`(?6{}HGK$6`VP zVXoe9@mU>qq_nno)MRCyFec1ek@BETA?9QX6h!ZuL9Y-yH1L{XXYWW#e=vT-OaxOR z&pmrqi=DGDZ_8BHqdCuK3FST_Y9-hy2`N^03e{(HtJc!p-|(}NGrEnPn9n(El~_03 z+eeS>Z0?|{>gTaDcWu?#e%-gnV5b4YD6gN#4#W=9<1am0T%jX<03E47L)@&fdv}d4 zvD3Y_<}`zyS>R407O<`D<=e4kwsPhZCEpaBa88?uWj z6XXnsp+B?!zKp0K@^7EH*w^=YY&2Stj_2x{jTNvH#M6E{@)9DlX(u5XxCn)7@d>^l z8Qj^8qa!BB4%&slDriX1I3if6i`1ZwhL=41uSDx^LnUWd|31QH8jULx>lax?;ppI? z51fo*A9i}|UEshaUS@0KLC!r=5yS$JHWjYbH5lcH$X__QHZqnU zE7QiUM6R^3tA77U@r9*?J5(k1#iCI@^Fo$c5<7S=}W5>>7T1h*mPz{>a)QzG#QcUHUj78-kSZ>s- zay8f~)=Wb|I>#BqVgNxCEiwu zod)M~RCBA!!8?u;57A&jgx}b+`jxd5SI#Z3A{Wjs-lbUVGNW5LcII0?>-5ZknjBh` zyO&lwa}sb0v2AHEV$oDbvQ?NX1Tn0fBNi=<+?8O*&ZW@6YTk+qr$h8ZkoTowxVh&F z4U!1uOW!$XLa5B|F&~ZP{ytY|@ch}+?WKt)gB=r8eU80C3GF0_Anw<*(v@Xpk*MQ4 zcA|ycHJEN`X>eBjT%p02uLHDJ!IW5=CLnOBb^&)P1Lj|26gTzgQ|R*b)qPej=VHCAY-0z!y%6^FwI_yj z0y>OaL^vGQI9iKH;E`zIbIx_2m0(Aw^9-0r`Z@<*ZOjPCY*aElpq-G(QFA(0<|u1c zng!MJot?E-i5)x|$cWA+2)H0_-T=)jJjk6{b8H?CA3pXf5s?Zf*=a^|yU_ z?A$}V7+6<_9Zo&s;?m`m>9OZ|5*G$T*@dOCvphtrd{&B`My427$^qHr5yX~vV&+Oz za_M*K&gRaZRdVHK#s)RmNo)=717^?-VaKgCd8xrpQt`f^XEk@BKE5Cg6&Q&mdxOo6eK2IH=l)@rfSK!LHS2IEe5tyN;Dkpg3J4aVK>S*wzFnkg`@rNOuZ zuDq%}tC<4h8XAn-C!(9dPW_F|;u?%QC-8_H;&g=NWr;-2HVeHyrY8+2|WC@Rcef#udjS; zvYDmkcmil!cT)?tbn^LLnBeA~)%Z!|uruOsBNkUU6<;CvXs6;zvvA$B=L!wFTU*PA zlr6=Mm6fcl$9$f$dyAY^VF&i|p6kl<(i}$;Yh@|f536d%mD;$9>eh5D%)p<4`DHBF z6btG?GFKJTM0w%lV8}!z-W0=f@En&hxK3lasmgetGl9t$1|kZ@>3kn2-ls%TR{1)EXT{Tbr$8e&|lhR`TtQxk4E7%R`@2#-e8MXpIiZakD%gPrT^ zm9u<@22@b&?-3u*N=_432)>{p8L@~YJO_oqbSOuvzPM|iqhNiyb*=hE?1XivEZO5P z>=Ln&AP`?NBoSmqghLk~=pH>+sJm+H2s$M!7FFnhGkRcQLzd@=#rJ3@H_sJ%e!cod z?2It=q`*bqVo^w{q{S?ohlJO=G@Mk}r{wOl zVor2sOYk8k=Aznc3jpF1vz1RX(2p89Z=R!)GR zm{7@zRjDq#>~^m)&gGt!=mrgTex^Q|lf?$^v(f=W*knlHdoQ1r#85HV`6rppM^F|! z=VW$|F|<RPr;EJ8;tP{wc* zf<0dz*>$6LdM~jW@3kE5)J7=E*qq{Apd#H;y3+2}!14+WzE}*vp=^`85e~@?YD+P( zy^;GWq2595pSrJJw!aR_u~Qo>w=70(L_Eq9)ZCwlxi>*O?^r+uiz=A3%IPa66wJM} zq%N3AgVN8mq2ht1+?$0Y!t(v?JU79W4R%tSWZSzWv$BjQ2^=7-IQE?7(PWZ|dX&5D z0*>p$nT@!ccvce!qZ~WQ9p)h0|Bp4=Mi-mYn#Z8a7+T@ig=oQ)a9th>AuJo#HWZA~L32 zL{&izGO1ej&5_|iRz;@j^6;$oxk3Yvx#uKuC|mj%n#WGaxZJhM@l%JL`=%niLW6v4 z?v6PFHgbC?Vn^U{{UN;?I|AQ_B&x|Hx$Pk(n-)8*KyFhu+AEYQla zQ(=hq-C3ZOW2eFp?Ypx;E5}ZSA=-Cmfo8DN$a?y_vzo5JPWh(wZS7er1P?!QO7DkW*Q_c<3m#dz0uUXjk2!9WxL0%{l#kdVjCvj2;cK+Za6wc21a2Af2uJ z@rDMTTp(-O9o$pbjs0V}wk}z8epgv7u8Eyi%cvYxyh|M6DUl38#m|x~WYFnwBG5UR zy@sotPaDb4-v)A03(>%_RFwV z8ER}2N>i`TcxQJLV_Gc&}l72{_)BMR%(hLZQ2Fljgiy>Hqt)X?$ z>4b7b0uD0GjKz^wmcx=tRO{{p2jhG+8#+pFjRhWq83^ng9=fDrl8Jq%t{+;hHwppD z1i;KGMgh50G@)9MsHB41Q7P$27rP)4m!r@*XQ!A3X}Jx=={Nv8@4!IKHxP@E8&QB8 zUBrGsB0Qu%6_T34FU3*wc$^~1ElmG}Mf5M(k&n2GH7Q$wnWoASl`Ef3Gi!)NlmtReXjlakjC&g5h;kN~sGSiR$3Bh>2&!Kvw+1Lz zkVt|i*fXd!3xfr6raDHEt|RlwK6m8el9Sr%*ssmOeFwp2(E73bqdXa_)!9Ku@pMQc z*)xRy<4OF#sxF||i7AA-xlVGQw@p8NA`qVi?j&LXi#hOGD$ta9q_U^9_%4**L2Wh~ zwevle6${$M0Va_RfsF#;Pq37gEwCEkIEbhHv_?AAtsGoc<+=$eW>D(4R zr1N^ptX1OAV4Y}!gGI8DkiB8XgHFfbXMjdN9;@upo)ie=_aH%Iz~thhfnrkD7Mb!Z z2laf;iha~BM;6)rS&NWQ*kz!$Xw4pW;m(i#CE1fsKq47~isYG?yaT&6GeW%Vs%^D; zDwnumA@a!u@xjP00#yx8ETGx&58?`K!0C~ZJdP#4h0u%Kd526)blN2VM1|snUDYEb zB$2+Qq<=x*rY9VcTt`-Oil=6q1cPijFppkPFP2lQHx8^~ol1-ghS&v(BI*%aLZCr* zxcMP+rq)Gizgm`HqlyT;9LmCGQxayCqs=5DE!VW6!ExobBcZ;;K}Fx{$SPUmEF?)g zih^Mg2ShPwPE-p?S8(H;fTQsMoSa<9HyF8ccbB`EL}P*~z=NC|J$V||YyurgubF_f z$rJ)m0-sCSi@3yt2&!^QYA3*uw%XwB9Mfu_g+*;GkYWjC<_Ewgo1s~PT+8+tq%CUh z=LH_8g3%-%I@*3nibYXLD*H_-$84_KX9CL-CRwvtfzm4T`d`k!o&R@Wh&Bu(CJ!4x zz?{h!ab}n+&n~OL7&CFxLzJ9S*ge03xlz z4|J=&sDU=jLRD+$a>A7Vnzh}_W~G?!d5QyS0|X_YGt`D|H*=u16NV{|h!S~8(teE$ zC6Z`^Ob8#Z?%@;QjbvfTVjv8Qq!!G-4oC(7n@O^0MfpS*j~RJFv8rT;Z!uWGx9Rx{~ zbd3m35Cdy_ooF7a3$Gl!#X*kZ2Cde? z2oU2z^g6|0nK=(y-yF%@zjk{giO ze)PW`wKsKAG_LDiEGzuPN}@;@Gj}5zD&|hBL37YSfLP?|i0Ge*8w(vpLe&SMZHA^X z7i!v-P)R|Pp6XK2i21USfg*DaGYLdA3mFYWN5bF@9dDo{E;2L1mCFJiPmS?aG9~j_ zb#9y)YLfb+sn zXZ+VdFD|8|msrygVAO1%9`;+U)5Cre5JuCKxr#T^Hc;p=;pGYXh0mRVy|pW4A?PfX z+rCy2DLHw>B>eJ2_LydTCp0rk^d=#R{FzBJAUm`{wPD+l=i*FUoE6Y1n~EhtQFfLOe z+3ss+QvqLx+nGvc@>Fp-l|*#!r7JH~pKMaXC4u>{H- zUDwks!(&nexS&|^;51{D;-B{3*Qe9apJ@e@mTnSzVeGn0VO`6?R^W`Zlw|o1-0jTp z)Neh4BYN&|s5Bfc_0LWVAp?{A-GTe69q7FSf>%er0D6W$?N9036Rp8U`&0MT%XO34K(@@Ku&GoCG+iy08c??*MH83# zzWNL&9ZT#zf5nZePfH^lK!RU%N_`CSraB5qv1^zLB%kz_X8W9KpXSVorj#RDPKnmf zq0fe!ih`x|4Oi02Nm2J@m+qu|%9&05buFGHXxAr;)YUlWZ34Kk7QUp%KVuS6DLM3s zLeQ?9>Bl^K6_oRWgn57yfG-SYw5|(fMp251%ZSB<2gFa*PG_e2BXtt)1mv=#q3&Ez z+`%1%VAzz`mCpeKl_y-MYL@vy@#(S8hS*QNNZ{B2#a$+$|BSdx0vu7sH_#dRPJU^C~y2=|elve){AvF)m0_n%ncCYH%E$t&y zC}}Y5a!!q!m-oHKMOlrKmlv%cOVILT5m$v*t+E-&!*o^hN>;S?hooXZ9(G(q16R3M z+q&X%J?2Rj70EX<#)R||3luStivwWcXh?i^sh5eA@brZkQCI1aFr@6DU)ZITd^Qk| zhq`hXc*!;_LUT2uGgQc*7G^LZ0rHi-%rPC#zZ4{t03T1qOsSgJX8h{Q< z8(}010JcJOoMuD3AuT2sEFuNFGY<=Fgo9Kb;z)~VgOW?S0Sd90m~kW$sncpDgAn@2 ziFSQVr%J+u+atNY2?>?723@-mwI#VSAII4JIhKgef4tt`G|DA zm)_GYG9<6OpK$jD`KkNzxwrLv^b&hNZNJ!Ze|oz4lk;NJBSVUV&QF^WV`9WNeLA$L zo=+YfKJUKj96o>kV%?}Y6DF;6DU2&*Y@kpXctMmGp+bsE9Q^641Hcpx2+9CFYrBa? zG@yK<57F5KQE(-#Pv<&kkTI_Yo7jYk6BdL%VN()VydRI@B!Gp4!6!gq`7>-bDV03O zrc+?a?!2FzVVo#EvJOy<0;bhYzu8$+q(ExN5sE?GxPG`pA&XA00u&$_AaNHDV_z$7sYl^%S@(t(p; z#3Gm2m_Nh5f2PuE>w{L()K1R4)2RP+4|doYb8*!Uh;W8PU?+?1EFNEf`K_&UIQ`b% zk$-TeOf-LM@BG%b#`RnK>sM`_^{d>3viQ(Q-bgguhEYRaQAOQlpADhl+9u$+t+KQJk~rd%@_!U6b2K~1azXxlE}^gRwZ6JYV%QrtVm0tk7wx# zn8hND1?Z-2Uktro)S}zdHY_fYqM^7XBtXU8$6SU59{RKg><7J<2&CArwDCAgwhg@t zwOSoeA>FJPgp@}!(4DKe zRiXrLjgyF=nS zdxv`mCxG+gw|l+Qo`ZV&8Z07H9rL&xbTIx>rrfSk+*M7gqi3aZ(m|;cbmT@MF`-wk zrs_n0418A3OB4r5W@8}lydqXzJ}Dz&odns|IV;IR>0|ZfU!ZQjc8#<#a8M5}G=?M~ zBPvuS%Ja6fJXJSIXtZRQ28|dJxzr=<3b3|=-HOX)F3&@rQPZ-(=D{B2BBH}sNlF0U z1V>&b5(O6#rgF0Z!=m>g3HlQ{5)#vrnItbZ;4CB0QiQ_2zShCQ6dP?dfTi=^rs`OK z1_sX}nyHa1{mM+vpsP=|c|Mz1#|D4XF}{?oE$ zVu0lsi-|5`^v~!+IF7JKTCD@|n4^Hmy#`C-WQi$(GAPj(q{%I}z75t+yKo;IpjfqL zUBRT6kczuW{ABzPXrOElBOG{a>d&klHR;PiCuBZ@~mM@k%X zvX|V%j3aY4Rx;8M^NI0)F@v@IUpP2+SjR5yW>o33^vP@<|9zP3Grwmll>z+v)5-qv z;lXb2^x*wbTF*GwC}Gf+{CPa&f(m2368hLB6R=6)=&TfmGbQkzmG^X(E?57@#}`?qK+crIf%NVGoB|&QrSqeE&sGgOa7PTY{AF zA;w)*jB(d44mDeScFHhU*e6(3D_(^*_Y!`K8<{z@bA>a88+-JCkvYBOC}q zDk(>8F zOPlLxO#H3ebzaF;lAg`Rz)(DUsQKq)zqj{qgpe7AeA7Seot(`u?AU)eI1G7ZeTdcp zi(v=0pdGnrhSc*&u#-x~EVEE$IXHZeDDl0F73gDgMg4dKJvLF*9xJZ-7*_Jg z^k#6smvRZK&+?PJ<|tM7z#ojEIj+Sw!G&r z?x*F8``Px+)+=Xgd+X_|=dWHpo3proa=Om8S=t(7zbe0)bDCK48o`TsiKUE`d~Gtb z*O$JNR_>TAP>yt!1R-0k-~uiAt$dz4Tj@;S50=#ZNwcJ55X3e>z%V|2V!~okv0H*$ zm2uKpvym#19Wrkn7GHwiAsph_g|?E&R8RCdCZHuAV;ZEQ(!i$mf$=N{A?TG7f{r6H zqMyy_nngM}tr0&`#6OKv6BwOg6GlE54qf%EuB zRrjA%N?j~MZ$JLiQC?O?u6q0NpGYYtOi&b@lmCVh!Sd`00&l8lc&tx+Y=kZ-xrCcf zE!W9Cs;#HLtu^t6cJ$^c7cF!hbU;XV&_0fQN)oXVjyQn3r^uro$ai+&B#lOwMe4w* zy%gny91!AwqzeUy^f6p7MZ{IH!Xv_CUwNJfW%Ho?*G~&lHX6p$ z(72t$y2?@S3+K7>vT*v?$lQtgJ}56T>Dn};@DA*xw9U5hG}mg%j29l%I!?DZ^Rc_N zfx7BOy}K=`&a}GiJa^E6QW(Iz$&o_{o|3C^+kgh7bl?=jcx3(TxUCNQgR=mBj0xlF z;~#*F=cOkxg^MRov?IN_!nLr`?b^=j_J^$}Pg3`GaHba~Du9>huVLT;Q!x>AQ~+~m zOo!*w;GFNEPlh@#FE8!;UKWiv@sP!0Ga#3Iv-|3&XPfD{uR-B;r6iwQV??lsBQnJz zqMw^|k*%<9E+&9Vwcdbd@wTDQ%i5&^)Jt5j2#-MuoMIJYB33L?ZUcZcSxq_7YmGrL zHk*y*lOPYq5Yd20Sz4<)v#6G$yT-rI#yopF^egef9w4Wkwj{UYa=F!yhsw53oBRX3 zMpPco(52))vd3jEPi5;AY7gxbZ3FfKc|(=&e$`sqh}T+Bpx}<~8>cE1x|3H0ntY zAkNm>wR~0WYob(7XB9qVO5u`qdCE2j{vxWisgw-$<(%A5tx|o#!Y~VKwwWhSij!&X z!vB|?*7+3h z+H1MVrXFo7bxYAHT<$nZFwk18e192LT(|2yb+nn0aU=&JTk;g`;WMS<$T*ztLZn4`j@PKSAf(E~J+C!mYm>M-d6cW}=jHCSvM8QtE?) zqqm)p2ffbm+r1C(j(dlP>lV!BG9qJUo4Er>&RNO)c~aCcH@Ifd8%Q1&l){RDH4j`& z1U4qLUF|cq{hr!)BwF-HukWg^1TC9>Lv%12Glzrjmh;lt>O?PInTu`nNdm~ry!3oF zrmkuxU>@L;f8#j*d8XXVp$uYfyI-Q zC$R(J)3yC|;`3+A%_)F#m0|CKYV#(ef1uMT@hBF=pGjHx-SPXA)85hP4obYHVYL{y z>4GBF)?NqJaZ1)roB^$wC}1zK%R=wPghZFrEHfa5u}OCYd$+nRl02Y9fnR#T3>N*< zP|W0+N2d{UbP_F6UZZz-`2N?k{ddQw|4!O|J<~Y@5=DGUed>q|G-$-sp^t-e`!dIv zirK-j;67iOg~RC(k!06GUlTH) zM0OI;e3X%pdE99oXj2_^GRJ|EIP@L4#ddTkkWuXWDhu+2_@P9JR_+1D*^t0)XiB}; z&Z>$BJVI~eX$E#PB?yD>BS0-?gY+N}5fvv+o}+ZXW@!4NONAjxUMg?Hbinm(WeQr& z+3%r68@u&QW=mRaWQYfy z-L4c)K$-h7!SwB!HtE*==)aHNpYHb^@mc5l%K&O3@R+-|;ViioDcAZ*2Es2~qij6T z_cCkhRu&Mvp6pCXjG3agJ|dw}5YgcKU2Q2C>54%;g>q5^h3g$xf1N^y&aCHy~Mju%VS! zSfI-!Tb!F6VbVyRIP$RTMp0*iY$8OR4@p(D*E{XK>Gk!Of1ph<4L9Y{Bo3Vf$vv>! zjN%{{$I@CGDiGupE>^+TH6cEI2bj_#&yGTEc9ly)Te+zmiz+sr><_{p!P!&LDbWfG zb>K|oMnEv9f2kmMFi#TV#BoRs6Q(FV(^`_1j%{d0o1AVTz5r1dm|29w)ng@g|Fays zML8HG3NY2PoGyLlV*A>2L&tYWQI}4IEgG+70uU;JF<}Jjsbbd%A_f5&ESlSb6s_)r zOmS+Z2OP^7%4AGGMl|BW=AFPbEm<5;>C8c8qRfB&2ze0;Q%Ev6{y%m(y%L+3j5&$W zhyMOau>|-fposY-Enr+6H2NREIXFG)y*mH{z=VPyXPOyD63cLZ9nlNwlQ97o>v9++ z`s%=`sKqX|^kmhQl=dIr&LfW?*!v$_*X}DnxNqbs z%xNy^Bwd!j7UdI3LA1e>1e6rajt0RlF;!)?4ZY;?&EK15q!r_ll8B) z7#+*&d7(b$uK(v-`Sri`qWiG^Z{vA{{x5sq-rcsX?E61I1rC)S+u0^9`IS`nv6M;$>E&S*2)rW~nSugnLShSJ8&uq1af5F(EwcW_XpFYip7Pua zmSY9;)_;3vx3d0sx3{-f>;EB=aWatmeg&BNYtyz$Up~!U|A>BgdUWvO^^rdg?o!9x z{eOF>vi>CpSgrquNQXR`5FI`tt=%}&IN0K80~oW8i;*G7r2@Jd(`2>P|EtBKV z-i-~+TmMgXtMY$mx3fC`KS){-S^BKx&0}>SB3h+vz$9bkNTy@l{C04~9 zmqTco+IbXU^E5>GhUI(gf9(jThvn;-xBho_s`7tld!_$-m{c}E z*HEZTJPxl<- zXWk_)dU5^ewL9mXC*9q4x4rE@`EjrP<9_GqkN?+QokJE$%dP*VRsWFYp8t3EYU}^W z?rQx%L@KZU0u0%3fYOrw=zoMqOR|Np-N;p%n&z(m=16}_)iHbh@9ypI*6#necb}}* z|3jo!i@Zc!Pld{ZFjSV$Myo~Y{<%{Ew^TpgRGxKJSGUbdWD#v zJ%=-i?c$SDHVj3kV1Wz@JjRBQ4N}mflHV0Gy-PmbIxP(wuZ!rC@kIaqhK^a0!z!{1 zPbKp#GXKIR_||--yul75DugWd%=!(kd{aTev{7fPMN&2>Snk4c{$!gGBOhcs-8A)W z$SaawgAFJl869>>r{n+Vw><@D*=c)e$04NEB4;KnVFh&`U)y0`))0n&jf8_Dcp(V| zSwj?xwN1hz!4Qd-leOc)8=jq{Ot3gx!{SUYGy_NGf~DRt4+FM^K?k>5Ny@w=#|Y5) z3`&wSzzPsxSA{jbEnxjk-s(4U8DU0un7X zIrt}H_%b`@5_+RxN0Z|WU^4}IesK0PEX+3tua8Nt4Dz^s} zi>;O{-s7>?qhjQlavg$o=u1txh|aQ9*?T5(|AUb+e9TheX?y>|8(7ZNjat`LxOlSqdg1l!V;z=5NsLWQrBiB?>VgIvoo8|$!^pV zEVCRdCdu8{&D|N!muESq#Wl7wkMSVSD9vycGA)}Bg_nq#G>R@GeF!hDL$8BBBZlzP zvFdEE%$>w zVyTLX>q-IegX`DCxMiTPi-kDOqby7!=9zj>&TADF%aw%t&j}Ce%je#!Uv~^VVjnZ8 zzoECvaqWo)SnZNdyDjBMt1sb6K{5JG9rXKhOS(V7#dGD7cot>GQbH z5;)h(Pqt*In6XpOoJ1tD)wp5U($XP35$Ka4Il)<}t7Mi_R1%^`(#hG0llEx8p)?B? zplM#@Fa>0$iyZl>_W4jx^-sAdBYMS76&zcaY!{NMn8f{2%43eW8sjh{V;-3o6yg>&4Bi^S`gFrsbWBo^ee=E)7EF3c(i|Lw1=(hgy*F*39!7K08 z(YvEplI()GL!hlo)_AOrH9u+hwIU+OWvQK)3bZ&t|FF#>Qoi{B5sDOuRurKVmfa=R z7^pe@_WYkwJNSy4#Q@9Ow>YT-Q`st{r-20TKCLLkgvi`@j;As2^c zV`az)IVVF9nygZQosse6!g{8bMG*-{vP{d#4KaM=mTcY4OICy4zG{Oq?=ClL>uLGe z5GrPwxfpNh=&K&}v?q}VLL=PMry}#xJSOY%6czJ~{l|u5N5t3QLmGd!TWvFVQ?0{( zoF^=WpO)8CIDi~*vdW!p zlpe)b@T0hG`RVOjd_Yi6=n}U_Qx`j__{RK2e)|K1xM*?23gNA!9h`oOH~=Clm-ddP z;_$W7PN<`%R^fzM&?7V*iZ9gZ_P`%QZ3ihpR+Uco$_54Ev+MX{6%h96IyicOjYU=B+>2>Y2iywNd>4ngZK4-c}iPp%lzlm*Z8!GNX0 z?Gksd-G2Sty@iR{99llfvu4ZQJce`RNSWJh6>vngUYv*2BQhz(Rzx5Wf2zHAXt%%C zea0%V){h553p~9%BXa+Tj2GHv8^G!6U(M-~$IU&VY+cJ8awiicIQM$mn9$3(*JBk|>f+R!{3u{hIG)zs+;$F~>}KrK^m zr_iN!HHwaM;I8DFJNYd8@mUj(B*UM3v^-15jR)5!=$20-{C}3_B7^56E;92NGQpEd zhVjJsaE~VfM5NA-+kR&sKwP)BcgZ-|!|l;WEJ_CM~Tw zM-zL7<=`#bcyb}1USQ$A7)vKh6Aq+YURv6XQAXRD=44SDSGfd>%TFej}SFJ*lvEDd>ZhSYV*4r&AI zK+5v#D4{Fod;*HDzW&uEZ+Og12kh9+YfSvF(Q@S-RAHL!=cupf4_Z2SK8=cQ4 zK`eOXY9@*LSa?O)L;Y;4B}?=qJ(A$!u2oamRn(s-#|j!x>|oti}W)N<6T z`Q%8pks3D$eMRW&x~w9=kfFG@t@eoB33B-u$XXuDb@LfJMVAaBkJnQK6ulE!WF4QV z86#;W1+fT2J*WK(Xwm`X$Fmei4I1@+#Ph&Y&M&DvtFmhvMO&?ui7XBKnWu^w@D$pl zo20eL%}qOlHk<-79NxHlq|^5Ce^T^NH^el}YG`)rVnZ@J`5z655786VWZ^LpqcIt? zF+`$jwaD`VbP~5&9dZ^m-~ryuDD=IF@?$BkpOg$QfX72k%uS6gB<#%P)QyRR=% zRRxzC*$C7Jzp2UqWv|g-Uv2tP*h^_TF=uOq+Pk&e+27FMM^Kf4oMIA{N1(CeLOgMz2ELQk;^zv|3@8#U)Zbt|&$@ z%cU?5KvCH^8R&~H1c4g!D|NX5_XNf8nzdb3lNS~lMID!Le?^`=c|wZuk`gB=1@lwu zMIn9Zzz;7p@JK`t=@gQg5B#rv=_kxfdRddy;F0Y%URs?{RL1FhiR zESXE8=J&tsNB^zztIJi_bDKVKU5%M*ZeH|NC9HGV!Z04HvZSDj>h*QYt7}6FF{+w4 zkD^Ty^IBCHH6|3O#t|&rB>fTR#_LQkN>eLKeL~iU$+jFNh_noGjA(NC|(^ElAcONAJN+vH}>y$QkT2jvh}7DQqZ{=z?17B)O3K7^Ss_^j5Z zLNoL(dk$D_I@DR2N?41M7SOc7bp(b0gOM@_q(*uv8R7}EBu!|(Ms=Y@haD=g5^mFQ zhKw6pLfP;uTc0Qj!vr2Pa`FyQPxY;d-hd5dBJUwxYimG8#q7}aTq!NUKK7aiOc`T% z;ExLAa39vmEWH5+>RX(1b>qnb3H_)~mXHaWN@f^7@oV zaOG`Qt}CGU};l0r#p<)}#l=OH#(hiMkE7VQrNdt(&NRS_FX> zo?s|LEp*q#@Pr4i>>LRX4(gc{HP+6xrtX9fieo~3dcLy^_KZO*Xz}q4+$d>67b~o( zm~sh3gaPZ*)Wp9@cwjhk<;nw|==|zuaqThTd8(|(Vq^40w1Kt#zVhm%$$(B}kSDOB zDq>Y9-<0c-$q0^cP$Qk~on2smie|WKLEAjr(!KHUYXMRhwnKOvR%bHgK9#d!`RLog zjLs0)y2Oiso32>ViWNN^D>^dQgO=H`egzBOVgtZFj_tEYefT;_u~R(&HbC z=gOY3OMY7m_}V5}GvBWLq4`y%!a0l&*VX4?qIOv;9(qq63e4>uEL0ofB1#8WC!~_{ z5{65M^Q<0Fjc-W#pw)EBJv0F>bkH;_k`aJekHd#D=Tg50mPd}`XLrH_59 zO%~-L=Z&4MDA*@&<7h&TV|hvvBugbjlZR%4>Stv?81w78>O*Ou&ACdIJ>~(6pgBnr zO?))IR%dmLqK_Cg5L(&9UsHkhurzg7iV>*`lR4E?byO;rXIs*{lrLoB!_+K}+qsCv-$=t?0iDKdQqE(9v3CKIewnC%`pqmMLvJj5sIF*8CD z+zGJ2w>E;K(k3u{EDf)Q9#^}3!J|_SCSWPt^9QB8M;{Zp8nq7(e&CT$AK0V|-)*Xp z08$J&jyDyoYnS|{i~HjicDkvgX^la_Dbdad^^YipM&T8ULF(_4egq?mo9Sv};n zc5Ceoj8~y+0&5AA5!kgd6@gNal$KGraILR_E)4UXK?#TOsVMZLP@%S+lV7Tfa#*|O z@*9d|X%-H`KFvU=vwvy>PLz(J$iw0_m^vsyNq+T{`Z+cKFKkl%<`*_;{_J2{O`yb8 z7g#~V=2O@M!KiGVoxL&~vNzE}h03RFRSvTc+LZXreN5n!voVK(;oT6 zHd~~n=AE)DZ2|Zy6d5=bL`5NG&N60M8uo=`M?96s@K(!F&l)x5g>a(8OY8c&>5jU5 zta4ELO;R|BupHQt=%-YEwkGRXYs{jq^?&RzPh-R24rUj=tZmkeB8}1A4t@X#x z7E=39HSp~7lyR|D^t7kY+y00}LZ+kBn^B@*Qn;^O|uOMI1vZF#VZ}Ot)2# zG>@d9kYK}TK$FbG>IRc3FlsTrnXm28-hCd6ETy56cc3UOmMTk3J5Z6DK!u;D%-_|& zG!g9~Ji0JT>D*u`L=~Lkz?KZeGyTm8Ax1L&s z?k(9OJNxZ6`ET$YF%=D@q|h1Lk0K++Scgr)u2>365GhcG=&57g*H)+b4#VIiXi{kV zn#jqxSR1N>KSjs&-b8*c`{5DJV$nq zhilzp&#+D7dfoP)R`4F4KCSsMS6~y!%9FY3$@~HsrET-0tlQPHn9bU*Q=T&sv&f9p zg&wJvEHWMfyrC+~y9%jCwI`aC4p2P;6}~PuLrHcrya*n)KvUd3P&6}gc^R*3f zUisJ}gq-Hc0=^<@!%1y35k`Nln3v8j3=aapstJLGfuJ1=h)_x z?6kA&l+!FB_0#n?Lfei%*ZRF%6@x zb#eN?ElM1swlxI-=afJ=&9#p=%MA@X&8YzJ&K>{d*8iPCz|F;f-KpZgZtrie@ZTRK zwOZyBsAd~twL#2w1?th8ki+Ax!xtpuJQB*Fgv*VJ3Exp7+dGu9un-Ss%?kJR+fPfb zf6em5)HU7Bb;y$qarlXZ?3N`<-h1hbJri*M~`;K5acFSK+t|_rHTMV%a2N z&&IM_`XkmQkGF1b9hu8HWm%r0@`WZz%9At%90?;CC}0=4L(B7>@2GD*r6(pX&LY1w zb*vAHqFmysPs0HbY<$JiLq1Mu%82`49lx{dwO!&L+U5L`_n7+He;H<)CS6XFhH*w* z@Qj7q&aJCXk7cw|R0TkQmHaeGWKJtn9Mt|^rhh`Teps+`bnb7kX9|xm|HD%_c-B8_ z=&P?i;a91Y?#};Nn(}lG=f^aM|8H+^SNZ?${!V+v{~sbP!T--kDfrC6z$>pA2m~(A za|-VWVh3xFV+DGr?0i6>ukghnpYJ%of=(0o!=o!2g#nyIk7NbyHt9Z7@Zkk>EHVjS zoke8D5%Zx)m#hb2KO-)@`-M$h;wCg3`5E^$RqeJ*Ttrqff4qS^9(NG3D1c8C22{K4 zZWs<$qp=_tAA8z^yA6U7GfLsQ^05;oAfc1sb3QoN+Bi9hhE*qu% z8mFoc^(rcfr**rf`c5d^pQ=pLH|Kd>Do28lrr9FoWcibaF>zhu*L%Ty7(&#|hVOk% zow^wJkHxP@hx%Go3^b}f?LH&!@A1jO+1dNIr!UUP(dp^iQ!om~^{6BLsi0r#7TK&{ zYmqY>?D_}cmg)qNU{J2Q-hdm>dsFO-F^R89+976|KHiG#{b&gTj_rvCf)7) zCr>vf{07*bHEcg>g1~=VvQBWf!RQ*CXD;#I;r^)izih-XH*qmQhu%`AapQ6gW}i;2 zcpZ`h`le1_zp^uHdx*yD`epG!Mu(ML^2rU!xZcN#^O>*0l~}B@c1}EnFQ>ALsnNYu#caTM)MM$CDJ@kDwP+K7PoKalt3*eM zjFn_DKiz%*N9(-Lu>W^Doof8A-Mzh4{J#fDOYHx@7%P(kssty&RHmxth|Z22l_rT_ zwpcOixw=(=k)K~!U^*ifjeRk~Svlhqc(1;x*QetEBM;HXDcJuS^D77yuQw@wq2m)Y zZkK2$to<2ytTf}kNLb(3UeUhguY;&hSN(F1d3|dYaR2UIwyRd`_3xhU&i`@pEWrNf zp8wjryH)($D;k;*9I^@q}9g=cE zdaO_7J|y^<5o;%hE&{Ex0Dl#5SI3~7;268Ey6VLnu>FQu1_|qL_|Ea56#B04o3r{p z%na}r^gBi}$fHP6JG;*d?+g1#t>#HJES||THN!&vZeMghij_uS;rVLOX}SYTDQ}&I z*3#3Z39Qb-QfXN4GLvnklKtnUyYK%(IquAt0OsufJDt5J)&2j;lfBjc{}5@3{r@G4 zSqg#eP{D^Rytu=y9WV3@K_0Gd8_V%;nw7xiJj7M}SF$x^UoLUS6Z2>F0`kPVZmbmL zk)!GZ?WpEkxRK~pS&7~wwCkB=1WShD6^pezp@NnXbw>$XUT7lr*f5|xW7!UZ& zU?pntWhrAiGD+E5v!!WNVT5FpYrSP(u@fFXZ^zm#XI@W?pM>ZsTUD9E1VqcA6MaoX(H+ zBVin{kF&mcWNM#&*;Jp!`kR#~`3D_0NB7vt-}4%%Z8hKulee}_L+9XuGjc% z_D3`MX*j49R^syO>@PUSm$GbBu5&d@u4Ci>?*8uDcif;_Snyk5@KY$8+M3lS@a?6$ z^ZzV~lz=vG2bjbE+xzY6`G0R`x3l8^50RGQ|8W4ZDivH)1ue})ng_ z4;@Dv&0l{*wkdaC|9KWJX8ti({@dTJ`G4&0uh##Aq$Sq>3HW`5F@geU9N{6$2-VsM znEkUj08Scp5+1Tlt$U@IsQ5g1aoOoXJ%w*P{cu6PFr{M4wmTwS>t_*kj_MlED*#|WeX1Mt8{kxOdkY!Vcel61(@HB$A*bb7C-8>&WMi5^r1Ai{aHp5@usg%u`M>SxG|C{2;_j1m&YU_O7+GaS~HTe9MUFB}0E>x!XwWhlzTLZ50 zAtqmQy@CwYwMMWdGM=)aRI%Atgr^1z2vGaLy!tU)Ne2(0c+FL~Q}?ZgLDo^&>fV3K z%HBYzlnx>H_89feK%3dC#RWZa)h=nxp7Leb3{_2Kwd>>F%;i46QPbUD$21LT&?~0b zyfs;pG*;{5+g%^!XU4w^d-XB2|Gmr|c?Z*LZ&!XJM-54j+)UAH*8oX~In=_Jv%4rd1_J*qW4BYVR|$ zuI}e7!U_Si)(Ow_hqF9#pq+L$Q>8fs$wg+JkxZ5$%MQ^^_+4#0O8(25A(h1ST1`ux zwyf`~WIQv&L(cI`YQth90_gAY@3B_c{2+dh-MRt6lvAR=F?+0Z-B>=1e~nvOsNVru z^E@eT{UDw_l9@G%HwL)!!IsZVmf|ndYqjRjRlb)Qy5hJ6!k6*XzbBIyewCSvX@`5o z)0g1hb%xq}fG_ z);>RloPyrsd|rPylX}xpCH|-!7N_-E(DQS_(v8yPUxl`1x~W2eRJRbY3iGz z)Dq*HJFzTO``X-Xnpj2l#U_?j{L*u)`1Xr*V^dq^cjW@ywQ}I79WNV*Dp+jw1Tf2e zcjo?Kg_-yQTZk2ZVbNVg)=OL zHQF|lisEAkj+go51zNXhknklotLDD7#OaDvS%W&py?NKLb#X53RRZ^4~wv6-+?&&=PyK2J~0+Q%AC zLJz)&&EB&P@{eH@($wH{%cEAn`eDE%V+WqABUKS)@ukR|wQ1FtW-geo&D2zbjK#Fa z2cCX6Yh#*fPYf4C%GSAvt92b_qcB!f>piH#il=T3vs+NMC9a5fQw-x8b6NFN=)}Dg>WHd1M zn4i^3rmZw)RKD*n%dq$TXX-s6B1+T(eq0N+y{MG!8W z4riJDnz^F#pVQ$C_}5d;vsnUgV`;X}6zIQmp?3`-9Ur$8TPC$!XDg60nT*<+*(Q(NZ+pKQ|84Kd{)+!UL~4-}nq@3SXAT@$g#GX3VFaN)659U&*vL)`BQlCSNqCwG zB1SBV;D|*4hBAzYn}(f)@#fxS;Sk9~2SIFJ1v{op+IvvJ}){(nx3yrXHzb3u+@90|uyQvN6F zXO15RjBa7Rl>h1YSEA1Yw)HpSh)b^j)1!kIuaEq3uuL7Z*Z+Qd`$^URtMg=gwf-L@ zwRFf)y&81jR)D&5oCES3gm5iA{$pKB78;KiV@~rV?2D}kvtFo~(~@~MmXH4GIIR{r zfAzm!oI1|s<>iEqBPU>q6pZ42$kgGr6ev}m?X38xAN`N|xTl1%0t7}?Vhcq&aO>se zCDhoXV&ps`l6+z+o{&5VXvRz~psNxc_d^&5T@@(%HBFo`%VAfBPlxF`6WzDD8uK0>iOU z2`30rJr)l?`M?S;4B~J<%0HCc8*Z5=I6*iug62D0&ftD}MocDm^*q6%8YJrwqi^;#RW;j9~gaVPHTW zgo6PCgImG+n)t_$!L#x4W5>CXL_yq;fW@*qSW4!k8}g!vD?Kms*GxC$=wpHhz~eZ{ zv#(9h7fd(Kjkk2V!zW)S{cQ-nf4XsQ$Yl+t`Et(alUX>>lJn$(k;^7{+&LwG=5#|Y z{Yw>kUV|`vr>Q=WT8x;{hM|A4n@++?3&L8p!#f3?I5_wSoLnVG$ozET58K z!^ALFs}1wJNvjR>J4rU5tpxR(&OQvEogO*xL1*LC^p852)CSUuAov|@nE#xCbRIue z_}i-;^Seo_9rHU$Hlr;;)6WvOn;2~gWB&nX;>=`DCU->g*GJ8h;_V;nEi3Q0bKC?* zd!C?o%j$6Q{iGGE{Z5k2YODC~Q@O2VwTs}{KkS@rB=mB5jQq>Z0z1%P77{Vyc@z-r z8T8-L&D<;^wWX||vp9<;`s02{p1yo^Nq7o^_GfRZWVMGhp}jB)vv9?2zoWF`w%QpYkoIrwQGJS$!4~5kg{!Ny8sINSDl|KmCq;(#aZy<#X#LJH4r11 zS^yFjO&Q@u9P60$sQ~Eo3A}=sHk+0iJGl;{$UvwQN=E!zo9SEOjC^v&82Rm;9fjeK z^_Gsx0PWZya|W`EZgy$<$3|aPS*FL)AjcU=VVjkwQ!%3Qu*TAqr?9uuD6)a*zsNv- zo`@Bfi}mSON%ID>3hR7{{queV0h91d9BQ|iOYLK>KD#VoV@!Ci&)zxA)DXNabuTo4 zsLFXPr^KD-gBeJ(>@@bRs3Cnl`X($u?wsZfWE14+CAmQ#A)7(4Smfy!8H{_it~QVs z4rIYoX8^uj786m$dJu+v0$1(B%{1Ch z?UCHGR($sRNh?14og|yjf@CTDJQ=1mV1)=<)fJE%DVWX_WJPg2Mu?Yd22ZeT;Ls?@ z`Q&&&E(=*2ImM+E9E}_-#Y3nq8>Rf3&{)a9QU-+QBI5~gNkuxL>XdCO3rZDK&zky$ zb<#ACIveC~aDo9o`)d}ijM~4Wv|_X0NwV2&L)f`#;;adyt>N~_6-`3`$*9NF{;C&X z(*tyWqx|xYsXmaE5PnU~y&($+wEqfCDiK=M0Np7({@-E9(Wo7r_f|XRcav5-=68}x zM(wyv=VQj)keB-Et%@0=*!08A#F@!3+FC%f29wK5%n?^%sJx+Lc9stY;YZkU&7b89 zO-6n@Dt-UQdP^55RH&{ms$^;!$Pa8X4`{>;q}m=ouy5o3xsvWRkS1;u#1{M}Mr&46 z0od&$!O%m3XREP1*3KH=?%~;?N!amY*60t4`;444mj$;8Y&Z+9Oz{{p_V4*44CF?uZco@bX9Ves1 zdBtKm86Dcibo|b~-|+(03u)|i+FrW9<2XqkMJGH8`*Uf9&K^t%#o|xQhbH&|$dPLY z(KVfjH4+XAI%J=%VYKeGO$KYz^sAl2AbqO;b8?2njQW(Hmw{ zs)IO06CyOxF%}{@upwX7<2z2kdb!oBJ&XrY>j5Mgt_#BfUJAk;VibO0@{L?G>|>Tv z62=3bjuG+~5kG}J78oQ#PT_+XByk$|nJTQux=zc?K6_%dN|2uAY0;A1JY|qu#2RH{ zcev9c*mOma0@iF1%R#AFKq^$o+Eid^zF*qx2U9 zX5<}@@-ZtrjBS$Rfu3Tn=WY_anm2$&>beTeF$jgEQ;=XHJG77Jp(5mQ7!OMnyPoSf zwBKh!yygL$NA3aSBx4>Fkx-`6U8?Am(cpa=X6!8tfC&FRx3aVF-)xB*p1uqnNA3sn z$~~dkNCn~30~wS`G61r(rn8G{W zd3H`C?EtuXi_=n?-PZ9$75;%uUehEAW8fO4vea{f?~7%sBhLpmK}oO)N>IKG<7q@7 z{k#Vd+_U-`p>_?aEn*YfBE%@hWhNbO<`*`>o_zfH2wN+u$^|%CzgJpw2>eR~i$w@f z=dcpN`ojjSg$NBu_a+g1%t#iFnUDos(-@ZIP=1|pS$>MnHVGFZ>_uTV!Fu76bi~3` zRQp2mYdy9tQbcA^Jq6D_&ua!JR(*1JWMZNa9B>z+NwWB-IDl^x`d7{j!f`PcpFUY~ znliz;A-(-w7WYkbrrTSm)aW3IiWd96uY!iL_^NASqH470lY_If_is;MSi!zQY4TIb z$6d#kuCObAVUtrfD8HG}UG~AqL}Z#KiB_f0N}Q&0l^@t-W{n`aE?J?9{iYRzP^;`e zr=?ApOt)6nQ+esnTuYKGm23b37x?Y@(V3rp%;d_F*>t$%nw??ynQqlI`_gv1ZejYS ztRB+@dhNEmVPZTrnJ_L=UuTK>I;y?}|?^y zj9A4yd$j%`@3DRs!N)p^JSbsBLi^01s1~z=euk)>Wc4?r3=!i~pM`(2WHyq)~`y(0;nQ)vpTL*um5F4ws YN~^R=-(>p#0RRC1|M@C4m;kg409cDc zVQyr3R8em|NM&qo0PMZ}dfPU#Fy6m)6{zf8+igfmj+1oNBD9u+twr-rm{nKYsL8f3P#?Z+`{) zcZfsnlQ0hHSN&VJRqWg!Uxm#0J)g-JR~RtBYy~DNO^>4 zWig5Z1Q~K77@{G_Q&k7X_(wz;CeaXF4mvQ7)1Ob=!M6Lj<0Ix#9CP{ZU4$J1P4Cggai!0$On6e zfFUa2x}6yjNX|Hq*|68Uy1H`TPpIe)340dmy$<#SKBgdrSMC(^Su#!-q8^Djiny#K ztM@#ycvvrlj3e4(9F7CjD=e^pOiAvYc;Uv;v~z*xSA_a(*m3Of>o`C{?>N9mmn3GL z5aNhK93d*pq7dR>2ynzW3<5;i|4BR30YJ@%T-M+ys|X+me}5^!R!$fr3H6W!Z#qB5 z5vOo&bvLHOPdwg}aGYHW!U-k4ON_3p>T29dgVnh-gs|g2aUb{loiDv0{+B%k^1OsW zg4i8z0FC^A@OWqE$&(`gfB5*xJ^%k4&l=cA6PN@XsHqnWw7?DA&KfwIVFoY*5d6G* z^u|$KmLnfbaDYUC7w8I71g>T%0^STpk{N4|GenUKekKWEGm->8xQNIVxSBx@<|F~4 zo=0Ecjj zPSF%IPUl156Ym01*KjUOvO*_G5R8yV5of9@01gP}rtWJrS6|=45Q*<=iiNtn>DC22 z7=bYYDtNe6!d|r`XBEbAfDr>QU_{Qon7eB=Obl!q(DH2tbgKh^!C(kJ z+~`5H5K!a#p5W*;(m&MBnEuq?vXL&7Dt_=1#z}Y>VZKMqM)m?taWn)UJGCVWAAcl4 z5~Aw2M<51CA~+B{_uG$`xOU}i}f_L zz8^*tG6WkRx_Xa2^t(gQ{Q(8xd4XYzg`pln9`ZrLkO!IIAAII2dtvw&JIDqrs z-(Q{{zv@~2_;w`Q`c|;gPP*V_FRpNq^$nnF%;eB+>RGB@=@#lZ0@fBT$1mWBMv&u6 z6wDvk-7GP%OAISlkmhXYT0#ndmJUIHF9erP0wHgwU#XGV1ye!XbHRyJ4S?ihRSf`! zJR$jmF$&0)n#KsAYZ%6Ib6Lz1E3w|*vU+=598*PRf;XBKP(O@iFhhZr*wMrwCJX^6 zkaE%qV+#6s4p@vlJejKjw43gL!i%AzWdwZ4;cGNEyX9Dtsg&eJ=f&R|yeJ67M(9xl zIr7~OFqMaL@tl$XfftY=-)yX6d?*Pt9cNUWt$x9`eB!Yl^g|r=V8UmF;(tpWu}8vhC`rM4)W9Rf}hu}e}CNRB4=meV9aa;d38E;!_1LV|!?soh-^)`NpR30&5sqM8EY z02t#}lq9i!Azp24=szh+l@#+$=y%vdEPa6@KPEWh*_)X7=Eo(XW2^F1&WQT^3UY6j z{t7VTax_N@z8FfeQM4aJjhF*fMdqm2owc=&{-i-x463FHd-g}UI%13yhFn$lZ~`L2 z0YhABy$YCEB?8<702Lt2z!XJ@3Zl`gTL7LUK_I_#6bgoqi~`vKz%~?!{l0^vDMd_< zAc};l>kq*M2251aOX>ymE>PsFK~4*qj)8ZAE>j8-YyMEd1QdCMN^+hNCU)e1{!7wV z!Vx`zd^QBVPEOd+FLTO!8E4UGev))2TrYr(4VCCqQH%%7fu2y5y8`>JETSbM4Iy74 zrsR6=jEO&Y82-1Y*B6xnI7UH+3#V{0!JZ>Ufs}(*e8N%si3esl1VPGe6od)mf=z@l zN?;JA{6O$A!#Y?DJw+sPrKFM-kczmYxvj$krbRh5^7@BdjnGYBLZDqTa7b#5i9bRC5-$u72*s*@qh?6I0zx`2Sw|!_r^GMXkn;(EwItHFYv5hv zkuXGRr9y!(AW<;4p-R3amjVgHBoYh}Da9uyj0>Q@1z;0Tte>u4PiAdz>8VxS&C2Ns zEcAD+s>f?~pGy#|&MB!)$ayw>R5sDjOx^HG%Gie-j)l}<1TnRY#iw^nZHQM8bD@bk z{ul^xTohG%zY9i4j<)1S;tzI# zxlvh!!|4zVw%tc=-|^8H!^j!*9lHHUC?#ppcT8}e@)F8QoIu8|2=#}c+s%E*2D+~5 z!8I4->5K7K{SuokigtZp(3;>B-HmTHx*bJE*Lx(2l&mPe3?B6*SB-_{BdU3*daD6I zG2uu3SGWU=oG{dkfbt=DwDWMg1GMU?K19SvDLtDNE|_wJ`8<8WNr0%?VkBE;0lY-F z1Chx#sb)>lZway)a)?4Xx!p&D?IYYZue~@CBh&AP`c;5KTvcuGs#xiftkh9L#M|RD zOE5T5GdBAF-l#1FGqr7i%`!uJCKuh-0|97G5^(fxbY`Sr!{U9jx_!hU4wQ)q5Sr8W zq%I`zU>s83F?DR+*{AqY&6mPjv?oL#fpbEG2OvQ363MMhZVO_v0SaR-$S|QnzUGw_ zx20BNbuklAEXiB58Z$orSOJRlQg|SB0zN~`n6X5AOrdHD6fOg5%q6*eHj?0qW)rr zekn9)(Cu^rGM%bEtjY`%HXoB~ivzk32kxNL$(b5D1w&TlDT%;PXr_SApw#t@CV7RF zPM8@BIS~qm!dW!iyG-qHEA~U3qSzS4RFztj{Zh;=34#+PErG+yTf$E$VkqKDVB6Dj zH;5@F6!STdVsN_g?G^>!M)U-mN9y{)lfl>P^7027CVEFDN_hF>q83eZ(oi8xnmp zh_sJsWpi=?3%ypB6uNX0FD@&Qe2I`q}Ktm-f?triRj$W zqhiQwV0X+&kZ>g1Q!gED63lDh=VL-R;}pidF^(XeGfpUSuS26z$cYQ2X|fVWQ;b78 zMSKXv3My#$D`R96Sb)8|!bq(cbz+d|Bbuc`EbZg=hzDdUC{OKbnPTq%D9v>aOnl7U zfK2nRwKQ1%z>t>+R#jI~i@x>;YX?ze!pDnk(BpaQ0$r9TfnAt`@s?1GIVQRyeZMI+KwDkz#1U^B_JLQgkYYH zRb?~N;*b^E{L({rgr}OVGqX`r5`xF>wcsF6Tp?+Orc9lB%5jKD!biv>k=UajKF(yC z1F=iX(*?<%rHM#vqBzRng2M=NkR7OSV*G)?-}hhaX+25K>Ct@jThKd#6vO>-@0da_ zFcMNsk!1FJs)Zrwh8I4jz==VR#JpD$IeV9o_9}U5Pt9^Kz~k?M=ijD2`0HQ6l@Okt z&{>;H09F^B!J8=aD;bcLwfzNK@J2y@w)h$=*VOkaa5|^b~|e(7TibvMV%N59s-aiSn3Y^V_sb9moNz>!r;U2DkcXRd7zTe_3Nid) zX&T{PPxW6O^rk%EsnE2Yga*%h+3cJWl{TAgCq4D^)CGt>XNR+Z1qo+{y&@v8t~n20Q5e`d*8 z!AWbIuepjFVbEV>wc;?7Y(T zk6>(}QdPXJRW<8{wlmMP#R#;V!@3Ewj}T{sTqv=#5x6dD%2u{gE>mcZqPDHsC9B&i zlt|B~%}}Rngd2`1TVlWgyE$u?I{))!{lkeoMm(V?h7@JOHfHL~fk=5CJWz)R^7KNK zS1?p1BaCG2JG%Y+CZ5jzNm}rP_=*(v0*J#**@;s3NNcpzZ>7#35g%Enwp~Y$mpl^F ze{w?M6iNGL=5ATp+ng1~FBP}SaW9O?37?E|SB?X&d{N4ul5gVXcZ2S49z=>F#20_O`| z*<>@?+YAN)@^$AN@h0!*R^h;_8a+HZIX*qxeS0>vy}{K{qZ&0Mb)+DaHz3e{utNUz zQ5=wYh$8-V32Nr1F2)hcxe)*+6tNjN)G9HV0BM)rjbr1(tVE#9KN-Bd<&%eJdonAe z|4wiOME|6bR%(snPr_%?A5uB8NgJd!rKSFk5a;R)5;JqwqK`nB9#1`s+Shv7dC=7s z&O++v4GtDOcSe4q#R}ppIhEV!73U!*R_k+C;~gbfnmo)uiFhcZr3BZ?W(5pcz(>9 zlIQf2RoR0EwzbrwiTiM(c8LelFH2LiD8fj9r0q~`j}hU3B6XM|ouecNB#|kqt%my7 z8#1+aAL~e=%BrRik$#p+j+cwc_y(Bc=yZ=a=Y^_5!VuMqZG>uX3f3Mgy<>>7Z(-zr ztGrj&-2>ZfyxMFP6Tph6=r?jL;t0e6#1RmxlPix^ z5tckmvLrpa2E3*grnr{&_c7qp77r(&a5`gG#!Pk*`47Y zR2*r)YkAIX7)8fYR0{kMMsw+gm4OLiT-=N7`k7vm*BM+k8-kCH;U37F5zx)HXi-=l zIcgQ8TL6M0zYPc^#zX^9Bl|{UZ&-TqTw1y!#6dE}5!37ZI6~T;R`PxIaYG&F%QB+Q ziF{k!1|aoj_!2oJ@KX;KWlMF-8#jSnAEk898k=ZD z0*Gzp5LyjkZ|`61F`_8Y71zc@cR zK7J$nxVv|D_~SvL_@FpGc8$aRH|6sA;zvK9j}G=u56;dH-u`(0<8BU}mpOlM#d}|) z`6-&%lB@z0&b7qpM9{WCDw#CK#)YLOM6{hQ1&ui5$?yVN1SI?ide5^iiBd9Ft&Iw2$&;eR8Eko_XxCY}KII?O}-N618_+-p%*?CKSj zuM3s0RpsjzmEVWg>7|KWpF9$}EQ#Duh8PjNOq8W4BpkIY<_bwn_Fl9i-2hrQ;nEP_ zsy<^uT9vV&y64gdItNosuxwk!MUf@MY80?|99Y%X3!@t_v;?SBvMGcW$mE+M{JPnL z37?^etLriC$H%VrEcLl)Q&FucAp@oZtlquE!7>;ar7RE1yv+lv9^v*K%p3x1MzeBw zmEp;1QXpA)xfojBS2csK*-XXlC96es)va(zMLY=&hM@c2AA3XVeoRl^eLq!khg_k< zfSVh~Dqt~3t6}5HrPo-mx>WfRi#|b9kDzb8`|6IXiwJ#e zWg3-pcQb_ zsMG}4NPTQmDAlD>|JpKX3UQ%^qN`hq)ro6HE~%eyU2p5^)~?qDeJEp)`489QP*=ZV zz#Er+wVQfPvndUh>trq1-tC~u!yOd7+-n+ZB_4sIZ+u%|RwVsnUtq;l!Mw6=J`*<`(`5p=&A|{O}Byyzpl#J0J!xVrqR%RgqhZO;Rtqd+%^WeMwciSBRayXfnrli$$ z`h8$ks{5W`e+UNshy4x!Q|oVzXow@}1NDkR51k;2iJy5b_w{JLNUy>@C|x8Qamdjm z2}a76Zz2`w^Sy#Imas%vl-_7C)F5@vwIX?ojSUc2O@f>W7&D0MbNmPI}_PC$zE zVX(X^q;Q%@$Ee7gn*)XbU!urFIS>pJ%U>}iV|AfGe?Ji~>fFs^6)i*EVd%ja_bvz8 z(Xlr}FyJcq363zwFxW={oTrmK_)dAIPaqBwiUikYGZIK5sq|&nuj4$e=(jA99LR>! zkr$wK$39s%{`MJq(c)gZyai!j;-bh;A|FQHd$zw!6}0N zPZV=>9C`L7`0alG74Dd0EqM{roaX8S5Ki((YRW!bzQd)W)g7N5*ukstG$It~gI`VB zDz1}U%OSi#Ac-rXDJ))OU;YsWCNxq4{G#%72wgL07&}Bd>4b znJpno!ZD)9lT=0-r1vfCupIInFY`(Q$}I_uloJuy%Pxyb&Z0fCAC$d}z*GCxbE}Sa z9qT&Xs%qWt18_CN-pp_+2K;#hL+mL}T_G8oqf`YiiHu+PrggBrCDbF`RFnk40}zo? zbJC3h;Iv1QlRW_5jF2=EfH^2nTSwFdU~?L80}_GVpGKk=F!CYwfez^;A-#Hi@IZV9 ze+6Q*A93hiZ0XPHpQ_$F-IP#A=IB0KRHlX$*IbJRVH^i@Sz3l35x5uVt#FzNQnv@y zmb%G8u4U-5s&hy18uicVpLj~4z)3|EVm@mBu%Tj*Ux>?Q+*w<^T zcwj6~fgi|IS0k{9BKx~%yK*CbvAg&B-HCb= z0_;EQO6KKESXYvP_4_#}Ke98~xwtH=g0srWvoNb~kcr91(bP1U{%+BrDGO4F)h(L& zq%fKyu+FjxdMi2d1F(+3@EJ%Vj)N@t=!$c0xcq_sCf~A;IO1Et$?2K7uCZk7lt<>n zhYEa!qGX0kh=vZlf)sUoO?}UqPI3+ROsgfzsQmJ@r^%>OH>LG7RBXWBTA#PMSzwh1 zH#bjvIRHiI#jUwb3&lFJl@g#%^&nZVdp$7H(Pw1bK?HrdX0L>71Q@4~qv>4B(?955@`FmWsz1~YgRVahpy4{rW>(+xb^pI4iQido5?=U|vHDqCwuAUYg&0;TNzN?pB4t{_l zj3WL9hnS1in)_W>Da6qzh7`SvrE4QSkXJ_u6##0#wciUZl3!-$d#d%8JT!HHX#nY8 z^)PhsoVoNOdDi_mi4f~5`_8kj)TJLZ!MNXGKg9+sMM1&5eI~3to@ z@+4El={#c$;zv{EGJqm!D@cX6wOcJ{+%B^c_E7xkw|>d`5eFf>24=lVt9m1kzn2k; zBeL>xS!u)m#2fBiY@V%9&lyn_{`RY8k!ab-C_dz{mny9b#3+u!SiJA?Fn-!Izn1M^ zD~46OsUG^zbx|)MiEk=oEmz1rCO<@*(NVy)sn|6&<$6fL6yeJoCdX0GYER2IkXDr~ zWPplIj1%ud-Dq9DjjXP0!~#`p1hYImDz@qjsM^*XXmGcejh7LH)5EBu6ukS>2#g+rA0I9)0L%L3c*UY(+~@S1!+lp%aQ2 zo<=yD$`Q-Gk;9iSQ#wn)(@3U`J-CiBHO{jVRP`qbv!+(fyi0BUB_$ExmpSD$ODOTK zieecRRDNBK{xT4+(fkBrTDc4>N-17iS=&Y|E59mUCn}}xYgDz5R28clAM5LKcqsq5 z5uQfKe@BB;6Sk?0N=?ZOo4Nw4AanxxY{cgQ()ms6&?%HFB2)al7?moGqn%GidhZ0R ztfkke=y#@{w^qu($m!K*JAS#f=AB8JUtY)lYzp@MDarjQ$(K7NS(&}uTX9yh;^dgz ztxi~^8oyX|Yk3_&L8Bx

%y)E+ep*wbEGy*!CB+H6@>sQ6ImR*jNSQL#PFrMj9} z7UEK=Q?Q4-S4<~!YmbCoOQ{Gpm=<=IR;?^)oLTmKPBqf@T+XtMw4A3U4JfUkwz9G; zwV>LXvX%u_ZSSfi#HH|E#vrylz&fj0{Q_!x2B{jWHF;T{_!nsY0IaL{e8XpL0cQy- zD{#zj7au;zMx@)j-ZR82)#A-fe$QyBE8YF+WqNb2q#KDZ;6*^j*+s9r(UY<^Q}={> zy-Dg#6(e&CJ*pmB#g}_M>t4^Q9L?g;Y1+<`v{o>Rkq%vMZavFcX!cwGbEqG+H^XGX z+%=Rz^R<-EaD@E%&yPR(;cf<}4F zj#(h;WY;}S1P+}HCxmkV14d*Br7Y=(ydViYdFwMv(f~P>_jJcHPMx`zp(8)&EDz?g z#^&4Ik*ujxnQZB>CNd7Tyu5Fqsi=3r$CT+<8;~Nv;6%pbk*EMD`6&pKfa5qoxga4j zny_2$mbrLZeV0`QZ1+_x(;2w}A&g9vpZcNTM8#!s!KO|e0iJ=uR@S&qDsb}S9#iKe zX&9Iz0bj>p;oi)oF3?&1E|Ch=l|hmLCtCz>b-~SzBl9Z9m!9)fBI*#a*=0J>vf$JN z3xFAb1D%p)Gm*hasz-GQwzupy!?{TVnqt^r@O@DIy$Yqbgrgz&X@&zNqe?{x`G8*$ zG5jj>pA4HKU$6%m^_={eh2P*@#cI&et7O_JL&G>yRN+CH#L@+V`F7lKvS8)ToB2cFtSQgZd{~#@~wgyINq6`SU84i3ab3U0Yo31m3 z?3-ws%jQ6|BPPii&jRF)v-p?|VU{!*sC2&VSfLdY=5PWO@xFaI0+6Kv29R&2T%|(F zGKs-7^QNexqAROKEI6J#tHk2~f$>}gX?mTE5seT>X`4opu((t^vWO-bHvmThBbi_X zdQu)aJP{LUA!Vl_YZ{Yi!dx6bTmSI(<>>tIMCKy{D#MNbOT|K!84tx=*wbV}l%^le zbQI~LVFqU@v?ZrpRq|jAJo$LojpqQ{r zXFQa7%AtP=BTohxiW9C=-ATL4CPi@oJ!IZ-6!9%lMf{dJ0<)W>Xp&`Pnqodn#xh-p znlzahLW%IX(Pw_v`??KKNO_{U!Pj{XBd2OC(<%yxp%TR?&*eO>mAvhy#ty|9Nls!No9i zr+O6hAc$$Jhh=rEvSTpev-5;vQOb~m2F&yo3rQEGM?}%>p7?JC98NA!R0O1|XfQCw zOoEa{>rgQw^!fFp{@>0$MEQ9_0~_eo)m0IqM(uLY6BStfXe$ipT|28$ z+STF|n(Zg&i8=(2jF8*p5IW4tq)waGyUeZ9ysUOdw4zzcBAGv7ew?b^0*ByX-ymD% z#WyT{OC9OTpEBpReCXejt63hiN*Ayd2`ClyvVg)z@B#srPy|K~!LMfOR0P{!6>a>g zbh59(2%&U;^NGh?c*R^8!he%UE^n1LHs}c@it*l*_9%>ei`_pL0`Qd1H&l&x&yZz{K*V3DIeIE+| zFaXwBnNA@|lzhS-7Q=yMMRnF-g zHgkrkMI2A>;;L9wWMcBIidwm+^p3+5yK_th))Zpm)eLi_(hNqWFv})o=w`yuBnbeX zm|(KzlN^s{ZwT~Xz(8;$ng-z1@S0OX57`XUwfg?KAeqzNUV%FS%Dy#+Wzr6y$wle5otU7(bw zXo{ojG)+kzUe7i@)<8^105+w1nU>%bPA1p`GGMc@c!b%!rBPR9WlQ>BThocY(w{I;>`s&%rXQ=~ zYyTZyLO_&eCJlQkd#JIuyceHiN~H6!(Y4Dtm$TTiV;h2)IWsaE2^XB`v}0o8?fhf{ z)cZ8ymlwR6X$TKqjt&likCgS$2Zzy=3jE1fh}_b;d74JSH!G%74vk--+hGMN zjgxG#gc*@?l_s5P;!$0?NUabqCOr+(^#UliRY~7gVMXtzP`+wR$@SbBCzA=HQlRLP z$)ww|axMy!!y+8Vh!?dsZm-UXsyf~1i4z`W43mB!DV1aN9`0Uc91-GJBDz=_PrBzA8^MPHXo zp8WThluW-pL5Mn>IO5-L|FZqv$@a-#w*U6+KDmknpHX}uk6|g>gT3>wK*!6F@olL1 zc0{})4d04{%M{#}fLqhAkTlq=flJw0F9r`E{!NvLp)-tY{{0>=mXOpGRxPCc7X1et?W4PW6Ez%dH4 z)l*7*kjiDqJ}oeeLkLbe!-BMwi!YWrT-y@?l!q(QsF^0;M(z~+dMRV`JK>zFlyFY< zFgg8S4WqDeDXM#x{wDW+yU{aOuN>bYthg2jh&%% z2nLV!>-XXHLc4b?SUaXWrbJf?8)3}nT2S|QBaU}X{cNfK2m|bEXfthyWOI?3h-~Zm05hnfc}>*nNt(dIP(IDofgd?_0 zcLgzjNvJj}NT!g))w%6*Oh7rG;1DUpg-&Xxj#|eF4!D%?5mQ;{WSRGZ1Bmu?LNqSx z8!n244pqN52w|59L7r!VwTghObC+3rgMMQZ_xED^;5ws7L?TCS9uExYZea)M+FM3M zxZHu<@+S4C+okM`qH>~TdeAi4R;Q3-R4^n#12_`QRi+MATaa>fQ%U9&L?F*N6(vO4 zL1c`K8D1}`d>Yar*m&6A=ybC5qibv6K++^Qdou##xzO>1f~(R;@qhsoaXJT^(rYP~ zcu)Kx=p}UkFv;(wa^}uqsKSbC%_`>%(9*ha1S2Sr`S$G1=-WLcR-BrnHS^`{&B%V= z$?PZwO;>aRGu!m>07$b1&_M`P5-N`yA0G=K*iHD1$lh-5?QY4X$M973SB#ivHLmD& zJePJx=>e(LP_ElM2_T;k8s;=ksjr}jB@{8`DGXx<9ln3aQehHzf~7(wYQiuB4(*$T)S1lwOBYGqwjibGPW^T>gf}tr1EB z($JJE%&%ghcs$T%3-eKwd#e6+#KL(F97hc8GY`5R<-l<+&|Lh`J`(N)nhS|#tr4wZ zr(@gI7~*Qi_jX^SIm2)vBDU zGEbwOtGAS=*Ur(Ko*3sc?rsP&h`AKeo^=QPes`nOu~WddLZh<=4kOI7gC^DyY;Z6A zIqVeWw>2fw8R<j2ON`vk1O0~8hiE0AFx6+;`O>qL9 zVyeaq9Qi}AkK%yLLlp6jQ4x$CFejRq?E!hgwx1!~qUv0z5eF=__mNp9b8 zb^|rWzEKEzJdAs~LF}i4PKLF*51NQ6@*E2{F3{w|E?NXb06b7=F z<$j2!Y+HER8=#yKuIK0SL|RN)fuds5Y^;eqKLD!Bbufx z_Xi-eTYqnX5CUCV!62!-&;CC5zuyj zr|Nq(LTc8Hu&Q#^-{coy%*FdMqFH!+bG8aOZmS1OsX>b-;gt?z-MSy1+QWZ>%#8dBVWDYIe>M6T`?s zcU|Hs4^m1Ppxn!>*-=;~6jmlYWt7BR&*IDnmThY*hj` zzhv+1CejbO2U$sqSWF^@)R!X8Y5Cl5tCXB6)wn%(cH8fEt?$_s{*uj=5?xl>|1zlu z=y}e#QRIt-VRnk_n0SqQ@p(kzgv|0?k)}cY)>^JZ--@mp9w>1)cy$w@ntY z=I$&%0G80SOy8I5dYwGDxYw490{(0BKb{KR@VWc#)-P^r@v*(2X(6HF*qELeHyG() zlFRj~2S_Vv40K%q$|=MK0^Kh72yoeoYKHJ+2G*`*eq|VlIehF zU}Iy;lGPdFpsp-fXWk5jC@(uJhvQ6Q&5jbaMyrchdx5;J78rFscfZME`+2Uvwq_|) z4FFQT$yB6BQB!u7xJq@s`>@}7lfg$ND)*6&wo zR$7h*K_Tw zQ!--#nM?u#eQO~ZnV)B40{-DhJGFDH&z_tYkRj(C4eD0Nu-B6kVjhuVT)aDNYPhZ$ zUrZ=3&P=h5mj;F-hYVELtq6j(5S-)>HK;aY^@EV8bB_X(AIC)qyd>h)x+(^JzoHe~n-y<~j|BJ!a&=xwSILASU|-3QP}C`B>2=0K zY{O-Xdm_qeX~VNT-0v@dEO!B9Z4KzqSwJY**aJ8QLPJK3l^`6RWJk(!zU8HaD*|A8 z*_@aw@c;AQ|5x7t`k(*)e_&Hv=hS)U|NQs=eM3AL{Lg>?KXqVlDECZV5HTkU8i2wh z@ARtAQn7_Q}^_|hwyjm&@1mvEMKZ)SNP9Zh|*-LIGOwXVCr!pav|l;?riAtKKNz5xNgL=j@jHCjkuSpJGB8LOih z{ryC|sGA>ky|5>*8Br-wUJiOH7*TJAV8Ca(W0+$Y?4tl?w^0Y0CMFOE2}Nf!ir9<< z@_bIQGbIsb71ZlkhP^JnWr-BVZ73aiJg7VN>AJD~sk@QR^=R}aJ#?Qzp3=4PUC4NL zOnganJg|?{%a;Ib$9a8Nas*>};HP+_AfgU1C-tVlu%Vv4Pv&ax=B-aDppt84YPKl{ z3z0~5^Rt-S(sr}U6(Nk^6#3x9z~|sc=};*tUiwIyTBpjBjoG-kWinA-oIaZ12>B1B z*QUABVQzAyt&h=!Pz00vXHCb-NF=kCTs?JjY4%^~(cihDn5@ zsRb{IG!|e}I@_2%OWvWAO+`r%JOB|XH78YefYTmHGr$Aj%?L3!Khm@Ov~@&X05+%b zwh(Q0e;SEiz{rQx2ih_xA-#Hi@IYqx_$xS$Q8ePvyD*m~^{iF&-szT{Di$1BZ$Ijn zPM-(bA-3Vrx~iJ;qwQ3CJytjm<~{b-z)KvUF@n5&?%&Z|$M_7$18Z3{e~yh=$){2t z`hr6aAY)00WY`=NWl4PFkj;!ZrZ32)yOpo6b_a8}V_M9)iJ0|X_8T|Fi;fwY<3(5d zW}pBvjy=~SJyC)6OjX5OF3rXDC+^?eZS4UdkbXylA?TW4!$lqDwFqqv{~5fS1q! zIF8twz+n4{+jsl!VECy2_;Jma^{`=|YudJod)%Yiz4x>9JEc_Vb4wB)C;apDcnQy{ zLBC(&TD91>s-f)MU`}@eGM(aR>S{+798E|n^SIKvY}w#&(wJ$jwFOHNfZr07 zAeX5d_Y=yymbGSju04&dcGP!8gu~PrsyRr8rnxI?2ii+V$>KlY z=BE3vj$qEaDh#Jky?tN&--OY~9GWfXDji15aU1{{fPkSGQh8O`T(eArCgv*1NEwld z?fIZ|*|-!NEFe<{MlhIj>@g>%Bt(3Ml6Ju_aE=<$bb9&e&OH2qyFI0SA(7Y;PLj(cK`9Culj>Wj|bad zf&N`|aM6=64(V6@Tens0+#lrGBhi#Xo&@^lv-IMYLXo@+q8v4mZ~WUWaq5TNuREOv zH#oJXbhbiWPRLZ75#h}hGUad!Y}RCe$e?#$-ty^gNq@D@H*FvA)9&fp!?&+M>l)v5 zz7YePmq%3>zy+Gi+XP%_W9CkQE#V?#FRXb4@XDcicH5EBz(3iehs9iFlQ%_BYPywC zEy+~`jQ_k3q_uAe;OhWg$Aoflv^zRGI6Z%T@bk0vO%kJsu>ep(j?N5SgNNH&%VWL{ zkT)Y>{X+))W`#kh2L8z&0sI6qbulF~5TvBYiLy)E@m#B^E7$Rj&x84HAgzuZU!q{H zZml+7Ig#CfvS*&s>r@9E@kV~kfH(Cv<4MofKa39cP7lt`-|ikA=#DSM{1ZMM>$uT& zz-{2o?+K3boVkY0nu6Vf1yA?O@KAx@?Kx!&&Nameth`$?l@?H zhZ^8_!$E)NJk(H^)$NVXhWRIa>Nru66~%<{DMjqJ!1itH?C+lKzStcd3_E8;-9z(u zn)qQ18A|VFKaimma&gN$no9RyoS*EDMn4^&?mt`KG?xRXhy%w-Lm5fs`&1pOxo^|A zH#Z<(MQp+;Zo1$j5dD0-102Uk z9`VsuM=uboU-`iu9h|*88FmIPc%?!CF?s4J~Fx=;=dn z$YshA4ljftG(lJCWp5KOBj+#?C*uHnf;iN@yz~J7Yl)b-$$OP13en#8`jpm$=N!+| zkQE!bWpn8P=W6M>+py+tba49P;aBZ`sy!v%T@bOtS3&VVqONeB=0Lqde6a z+D%iO#zt+w>Q0XLrMy`fjhOgtX*mF0kAyLaP{f~=T!$l-mZ)1x^XAsCEUBs7U?MPd zw6|DGHf#C=zUzP2AF4xldnB`i0Z||uOU?AQU3nIkV|6&vi4Z8cV#;mAbO|FBD?}d+*cWL@6wGBbvUjl$xjA$+*&ecpjqu$ z!Rf*14D6m9y5Mjkbt@Af@&ch)9bFr^u-q?wAwSJxqfjp>X}NRwczzrmT%t6niI_sm z=<4Q|kQq_m2S4nZMwO-6QGUd*uI64|Lq8g-inC~2}Qt19O8hvB{El6Z3(SDDNq4n zTocd7eIH(@@>Ep?8Fa0(^vzA@???a0AE6G7)D{sAHtY7M>f53g8NEj#FB$9dWk%*B%2d1(@9d#GA_biX!*I$1vM$rstjg(|Iw8N8OliJ)k;x{)& z1U)%DJlZ||`TW!FVFsC7?qCIxy{6}lq+@Js2S+asPCs$4?_kd^>?21o&IvUpT!H=W z@I8^h$(~Q)Fmm`2*y5RY93(f9b%x)#RrMX^+ zZGPe!F%?|?4NM|0;{&%Ea06t?(X8{cu52z=p4N9U;H}VY=Mr9Srv^{;=a)W=x_>_V zQ+xhU=%2XkR zAu_kPz(>Go5_#b9L-{8TN6BP@uR+(zfSK!?3eB@ZJY|*dW)XUM_V1M0cMdD_J*GI~ z6VUw&GvTGXx9Ens4=jGH%OM^<%Zo@UobA6=;b5bo0NCTZ%urSjs}-)X-Kfg_XXPPP z&3)++HCWvBfEJgNa+@})%;KR<%{CRQs%+Z1qs5iR;WJGMIb;rgOJIN}82JFkvFwi9 z`3WiLvOE`U2u{Jk7N+w37!ymN3QZ~U&ku{XB0v29~x+u2}aTN~T9ZQHhO z+fF9)=KDM6yr)i8SI_*{(_K?f_2+u-`5F-p%w~RrB_?}}d^`kN#S?ZkBLgE8 z=bP9fdNMc~^yo3yf{#Zt3goS=B*~&!7<26KvT_fJzytHuoFu=m%E>}EA~o`=qwqx= zXSN~!x!@ESP9R)!NB*%%Wdiq5!SrF1U9~3t!plbc+cc)5vzv)3V^-o61~FXox!^g= z$o_6|Z^wI#4b6`T@fj^T;cIqeAkoB@ifYke(EU(_IL7tze4uRYxh-nvOF`QcLi>)3 z&`W2BKjqiBXc9rx_F;Z7gQ#aXi9}K6v>Glv898I!{-41>*$STOQ@JY@vjv^zV_WpS z*2{TqY_;$zD2Qxjw5zLQA-7sM0)C%ANur4t_0({;*=}{3xE2GeDlLM6V3r!-3Uie| zD#3ckXr$^v)IkBz!!fQ3hakG5-0MYRdIj#)qVB>H%mmP@nf3%PhsX!XkC69APYTX| zT%Jw;R1-cuHmUjE`LFyFFL&`mryY-ezCPaHO!?bU@esrCC$ilj!}|q|2}Os*U{h9= zGDHk8Uqr*hjxdS^Sq8MQPbq)1(qT*2G0Y&#LFo+Qo4#ghyl~X&E?dE#P4`KGV}0r* z&~YqVe#qidXW)3y?80C*V4IggK!?zt6$5*9DZ0Y1HG%IU|7~?Jjq-+!RiIq#$Bx90Bukwt;G@b{UA&xF=pf4! z>aQf1SZC|qHkcOvDXQs27Oh7})NC3YAT49+^F~KxXcfyXgx&|Hi%yeGmmDo7|47o8 z;I3+#t$53$^udxHjc5~Hny>XHL080kJH=^bX03ZC+Q}qI&|jx!k(@~7<+p88lu1Hj ze2Pu%bs|6h4os@jsnqYX(Dbn+(S_p4S!-v37s?QHXpZMkk!$VQt#5%6f>4mk*|RpC zEr8~RO^a#)Vs%*73*HZAb-cpa65ROirnN&Q(*6B83->oqOB8`oS zby_bC@iNMq)B=t02F(11K#p^HF8!yp8q~>8Ruf$~TLiSPagpx0iD2|XM@|*yDs3)iQE0yCUrg@6*BlO zr#Y=EbBxzn^p-$XcJLG7{wOwTKXwVD3vc)*I(D!BlK_^L0ChF+Dl6pW0_ey~SjnR& zY*js9OGcII8TAD5KMnjHExQ*XboLf%F~cNnRZTD+#$kbU!IYE$o%*#!!PR>;(KwF= z+A8WwYdj7Snm-kBu!fEZ-b9&dX~f}NnHCMjT=RHmj-I-bJg)H4nE9e03onf{)tBM4 zooQn(z!QecG+xJQ{M$g{^apS{%s%@Fn2mDYp-JFdQP}&}U%=vn??nJNflDRtrF2uB z?UPg4SC%0X$!_ z$I@V|CyQ&f@UF!_kA#FALoC*)FATc|CsQ8R88huF;Qy&#Iyw29r1s`N0snZG)P51# zAZBmY0B7zr?sxLd2ghf>ND6{{1K*)v7GUi)1AIjx<4$1I%r-5@;45wCBDtkT1_UGxunh0&Tan-1x8+Nk8Tzsamx6u-)l8dTAWO zO(Qm+d%D`}>p6~j&!dwXgPpCSikfU%nyh6rCc8&JTeN}k4;NLw?gX`?Ukf`vN{K*1 z{_~yxej6*6#bckxaiOZqkp=BF=QM>P-tv?M`!x_`MWXI5xw+{(0T(CokPem~9Il*e7Qlvcga2NIYQvB;-IkjVOpRbJj%F3qJ>6AL-?;o_i&N55pgk z-zJ0lLIIO=^LGeXlFcooOsuk2&)zHc>07(Nunx?Izn<|Gm}m$De21l31-bu~@I37+ z?giHt{pf76IbIgK(gtlr$G=Hf!!FVL4B67Y&j&6lmkfHewcn&+)%N4RTrN6L1*Ec zjE%Onc-iROv1CJqkEG@84;Cx{7rQ4FnE;=q<4-fsj@GZ1n*(2;?2^LCHQ|3S9yP!v z>;e8XS#^#EoB|E~Y{g1-=J5KzE_J_~<+>Q)i@UdUihlS~g_SM6Bi^YTf!n1@*mqWf z*yVk#eBUj>v+MN=(99hNtTNuxYVt+Px@1)Vi*F&z8Lxm|eptegTsG2v^KVKdiU*5z9O!I1z zZlMK3hDIlpQU?bK^L~V}qa$4eIgyShy+Svp*zwcvGAOoqrRMw^A0GfGbePogLMw1* zk3nWBQ2=E^g;R$*oKw`UnD!O@n@HoOpxBI3{guaU(cO4<=rS$c2Wm^|PrG}HQHwuP zhfmV|$PD-+&+{c_ZV<{=m_k0*f zk$BNhP7L8L)0Ai2qdu+HxOogM#ktWdEP}|qkT$7im{e{JCDO%wd}ZxEr4-}n(3)m? zs7#VmpeU2XNLk*?ULldSbu9KaWDRZz_aVKzn zF{96WG!OnI@%>u>12~{e{m z>pbLCXh4jhz_yNnT# z{jBMGF31PC5`DF;00jmXh_przqllwj7>IxFaw-^NUv2$PL-tGwVA^L)f(+}4!Imvt zyd}9SX>kT%x_NzVO|oBG>-?j`iodA{v~jV=+Z3xl@mj_l>_un9x**(jMj9?=9qur(@OVE zX&cDNbmicl8=F%A%f0!)h3MSQBH4f^L$OuIa>$~JV{_EfwUDQ&#Qzch?cs>x48oIb z;;wP3RYn2lOz%#BSie;1$;cWJTu9X#q|GJ@d89V45iM*vvz5-*71J@#iw9G%hq2R) z2UbJVv5}8)g_88=HEWs#M0Ua@2X^gy{|PG(tE$Q;@ppcai7ER4W&Td(!aHH^SX`I; zXLc>YSCnoIfX5ecMqvuWUab``~!p4<0Yj@PGD|`aaaG7ED6GS8BjrC9WYk6uaw)gRw#&WU{=HL#jIB}y$nf<_3hD4^3 zFjJ1SV{$|_(*b9C_Nr|Iq(jic)G=(xZ6SFCe zP5nr*$&FQlbug|lP94qT6kJi}6Zu~9aOGw^s>y2c4jf4H>{>`j41@K8*ZDa&V5VMS}l@_~7-s+O)>AY|t)m7hNZ_N+T8D+Wd<4fx!FYq@D-C za=0Duv6#9^?V?j()9XpA-d0lf*yi7m@?3i%8;};$U#|rbCxQ9W)G7?-b9`zDZ;&=;k2?Sie zIy9*Oso8%$`C!1p-DS?qLJtTugO|)dR7{4{Do#HmnP;XX_;XL`Md=ygaj1Z|rQKo^ z77N_Rt7|>2x5`WY36Vim_t@oq8FD(^ZT6u8Q(Z!crh^Lvw9|qg_Km=OQB%J?thxj9 zLE@v|IzkrZjR!GVoOHmBf;yC>q*IyhTw=RlDHF1zQ?iKmH77A!l|bB_gyieYbQ=+Q z=ehf$d&mExAEz)w#D$KsN(eeKiLSo_x$DaBI!G%_G%)W?!JT~lH5iE*iP28=K$zJ5 zP#MMVRlKg-ZC*Spj;}&o#w_qcAmSB9V?YCq{_#=#fCOm+t^cE{&x=A5JJ{yKsMs}k zJ0B`%FUeeE^Pn?j=hrJBpxXX!bU+8h9!L|2~1#}wQ4H`#jE1h=F zC@CG{H?oGz*0)C2Rm+xOH=Zt%{E!WwJHVOq7fWuPS;P zWv;3Ux;#9j)>|m9DzDtPa-46QCDi>>&=He-V-iO@>TmI*o!KT!kVd{01?UB#i~P(_ z{p;&2{G2Z@pZ|+{5!`%uEYuESOU%%8*F6)~K`J&{6q4ANQxXFQGGlWqd%tT1XtMYE zm86s0nx#hKa3>7sZGsPZ*-9s%QyHNT4W;Yo>yczJ9rJ19G*)-NH2%WNSeAXn4H5h? z!*gv0Xc^BoJ?{=_*H&qP^v2u&CBkjFDc@?D7PW{OCt0kjYC;jX@LZVI&bwr%Gzb?m zvzee6Y~f9LKsMS~aa@ClmZuCS7CWO}EuW1yRvjKJnAz-Yvc0u#JVr;LnsLPI%ZRIh z<}7K_?qXJ7`71rnt*h?ZN3`C_E>^x=pWRUPBG7_NVZj}*H9NC!&t^Wfn~dLi?rcb8 zdF8DiK`sklk4M=y_IVIVX|T6_8^~rq;jJLJYvkV2WcQQLzGtsb<@xqu zxdcQ0{Tp_9^xWSC$72HKn_$|38qQ$vSA6Q{&KQf&wqlo#5!DzTX?W4JV1Z&3UYKPo z&!$n9Os+_l$Xo@DZfULpS6sG!koR7^MNMjqOpYJ;+iu8giy+MX1`rrucI7!2U{5<- zu7$1HLX@~C@iWn|w!z*$G38{0!oky^Gzu z%gfZ;S42Ju54f&ef=YZ9k5|1*sZl;8`fd;Lr7uB4PY*94pw`o)*0;OIv-!iw)yeM5 zhOCx{TSIk>-fqAGT)N%qSlz0wVZ2=myi$2YTc}m=f!B|EtJ38%9J(fbAV08UdQ`zy zqSUP}6mPx|{^<;7eY89Z&9R;b2jJw@4lJYmm7`(gUe5GnE5SvTcvM<~aPRtCsJKh~ zGQFhTPcHyRAxPx82{Hu&tt)k4E?iRzwV1YW*|o%$AKS8^Z#**!vgMBzt44ASo3Uq! zRTQN3tl-jP7vHwPcbEP@5K5Qk8{{oxeFJ1c@*@{qb4 z%F|YGtJ(1rR<)tp5hR<)_8MZexS>&4Zv%A{txJ?zF7N`TI{tEU;v|T}xls91W(i3h z-f4kz2bc2(A#+Xee|^3{PBVLapPBrR`PS_GZhSnBAS?YO`8 zrm^$@mR;WOP8(r+F@Ny3w#@l*;{re(KK5PSr9RIKhdp`RhF+6yB!R?Nd$JE-C#*pX z8^$waICR@}(q>b+$EEqsTVw6DfyCp(gN5RzPbrz@4HO)7akL=!D2}nXIYe%E-du8r{mBVmJ=~y4k?dnuQ0F(iGi%07Fe)V`?u{Jf8=b;!Q zOUT>kE<0TF1d`JOXeJlovDSFQ6X{jj^I-QSw1hqhD-2ZAJlKZb# zK5hDKhJpEPW{h|Wrxo8;*T=D_+Xme#j{DHd7YCg|Z^idM*?0#_aP1~_72OJ&Yh$xN z+1rA#J`vhR{(JI|UTkfD$fMY9MO3*JR;VUjI2)j8kLMg&XzPo+=WP z2<2sVBdu}|8svF2QD7A=;Key*ZO*B!aE$`c;-j%+%$h$&?~#9|k1Z1InDd{KM?M!0 z)tQZ#__jV|R#8p>C~B+ohsMKm=F#*}C?{}q!j-H4WId~?^y2IuMJ$6^&C=6pz%`CP zgS1viFVnBFbASA&GIdhS^>e6OUiU1sPzO}!<*>M~NstpyfJBrwQ=OIDoTHU20v9foh!<QL>Cm%HMUBKn zP*j(_S0NIqXEfe(*(_wT!OKQK>pi8EEDSh!5+u9$&BiE+4=$Git@r`e=l~=!1+mMD`WxL6HTU;vJT@gByj16>- zh%DvnC@$!jW-f*$cET9C*t5f$;49a3uTTxEwUAp~Es#5nZF||f{l1f%E7>Isy!SRo zqb*2<*F@XSc^Bw))f4;5LP)<+$;Z8@{@crP{OWIi`ZXXtoJ=>{R2Kss0J8h-utOoM3qM4;I## ze`kaX4s`%1Zfh5Mp{sG3EP4jtg|;#gsU`ES_4nsrDzd{{S1IfYX>UzN*70}KftD6m z7AZ}f^<_8aB9anK9qGl!FrNg8?FrEO!l?Zc;?w01Z*?>qmarom)^>;!WmRd{G}3)i zc5tB8lAfAaBluSlvF3?hFc#H2oe(V{zpilynY$WoG5em{`X)~~>FmaiphXh4yQ0It zjoH)qS^>T_`kgf#DVxFrIjw>|!eVSxIGybxk&dxLmWagKwt}Ww^Vag#7j z3p2!oiN?x&0qTb_cAxDS`#Zn~csCvW*|Kwk3BpW|6(M8k|d5j16aV)O#fh_+bd+H-VZ{MeYfI^GZ0w`3HMb^mu%O z&8Yr2T7kbadH(m!Rj9;`K*DQYyv>JiT)f(eH_UXQi}Q?XVqm zvx?NpI7IRoy+wUtn^G>FVlPOIp&OUe-IVbRxzyz?nw=?pdq?{HYd@;mK0LR^ z%QG?u>GTT)fZ}bOt)D+o@LxD$tHn&@_WE$??D`7?>wB)r#JdEO6O@@N>Q(NA05QD0 z(9c(P3Y$Y;{V;sFstDj1so9)`%3zr`X1{zYPMwLbyNFYu$clTI@c7oBI$w_x9Dtta z{R>#TZSG~5)9#-`%A8_E{ex*R_#@1pt2I3jdh$0YkrYy6A}E&8N{q%7){q5YPM7PI&4xH=@JoX) z#PV1}lWs)vp?18DN3=0dSxeZ}h)eUvLJ5Vxq@=JcvW{P4mG#Hh^NWF9iKMO-g{*4< zqBU(?00<-2q&E_7?#Ud!5uWq<+}1Cg151C=vAhYl=pezN(A?HT9eNWw=(at7w5AUz zw*p{FmM(3`M+*bUo9v@BRe0O1dPz9roBW$cjzqQG`9EWpoml+|L(VZ}oP%R8+J|JH z+t{SEX0sG`e>ewCJDu3PpOG}bxZMBIYoyOxy%G>;h%$a;g42DwwzQe%3zMMRKSZau z0$2p>#wQ}W;h4`LmKU&<2*zu3R6&A^Q)!KZ!nz!#W%n%=qg$-Fm~}DfTAP-gpa7$( zSq17ENRlAX%xl`JlyP_9c{{OKd)L?5lp}j;7k6Eu4IcX990Q@YAd4wx}>cg^ynR<#vwPWl9 z;UTxhdw|vPS7?#z*VEg(aM(MJa@d9XMHfA3q&S2n(Gtt93c$H1XEg0NjAiJrk zmovNNg*a}@1t zjVSlvZWS5kRm{}T$KS9f5P(zB55Noi9^op%bq)5Xd1qh2f!zf+Fxz^0Nt(H14g73j zz*+WKze09N@D>YZt$5j7;d7hGZo0h}jxx0EGUMTty ziKK^*SwHv?qALM(mqZ~TCo>>oJRQ%`)rzNyY*R?VWP)zN{Z252Op;?3X6Fvf}8*1HLa&wHj$vwJ-7K z9Zu7~qq(MnU*eG#wK`Dh4#d(Vh1#XgBK{nxEu!}1RY z8;aR8x?R!OeZi}NzL!5F=P6{q3F>aAgjT?Qt+9=x;Kj5ml( zUr0Y2Z`-L3o{8f$X0b3uS(iTS3NN4TBfBtfM8={}KLWLtiXOgqyC)+gHVd(&{T_xp zek9CxOiyC}%AHpSmKQYWuu>A>kN3uS1{1eonx%V?MmqF<7}p5YVz^grV*-Ge1Pzm$0+>- z%PYfPOdND8P3JP{QEWfdMiAc5t|%oNs;U8$@po>{5Mb_K!37MXnO2M-;$b& ziJ|U2{djy_u9B*{*niQYI{Pn`9i4hhQBmvacUV0q=Y^P{ZUerF9!Hj*+Ujy>lCsXT zxP66PBUO=CV3_NAArT`{rTlWAtW3|J&gpgQTlPn2c6RaxMNlz!HDd0p?TdwQs4Ww* z5=nTb@TrM;Rq68l%=+7{3gn=w5EvWqkh=O3?m2aa<9kimiqi=2-UG2r} z6ejHZkugsuvkYpqvXdJaq@*P!8QtFf99J9Z^}tl>;9|FO-g=9p(b8G=p> z7*~ZsKu&kK->g}XMdQV5?sz+mK7U86=aR96G#mOmZZpHxl}CjgZ;X6^mV6E2j{$rD zD0z3@{?#$pc9bJ(zg0lcuq2{ym~607+nFt`4)%!}wktc%8sjPMU<51)f|Rb;*V zNa{bfauR0dn+ZPB(My#SD_%@7cve5w7g3daCgau3lqTQ$j*bw`FeL~hjEVzJlM8Sj zz6K~qgf*i*FoeFCs750>P&?MNb%kt$sTD#3KAJ#M$Ulf=2o3cbr0*vn-Zq9dVush< zJZz_j7oeEgv*{;ROpQNEt)gaXzm}jQ7dBiyT%11lKKBo|`i2spdK@g-yT7*j?#}uu zT1J#3$3asyDf~9k@d(X05*w^!>i2U}mEB!H>1HTNE>8azIrYxV{X1qyX8R>UQM#;! zw>1;PB%>Oi#q{TCP6B5;JhvgFIYt)YgK3@BXDm*GUt<3sHcF1F&mg=wI|Ijl!)T;N zac--T))RZ}ZWy_AL`6&a(@@UT$Xm8II>tq1Evx4!WIsxL55!Ahh*)sN#={xq8g{3N zsd39&)fV;TdcbGj(95gwCYugklG*X)M`ux+#8ToKU=}0&gi%fLwOvh$jCfJ5`MOV& z<=LvI&(^+ZwO2=9TIA(yW?}UsE!7l)N+IG^jhS0eAWzL7l=+9yoycT8$U8RR%9c%D zLs&?_Hy|8&4780aQqFmXI;6e)ZJE`e4@X?9YD%{KFKFY^57P-KmfWei!>=yI9c#-k zm7&BgjQKJ=X55E59ir9Vmt)xenFR+)mYUArsO?<5tA2%O>PukSxKnNxNRD$^iVIms z2@RL8!M9^7T_6w73!o3giu>mgDWlH0YwrR^&fT?pf3_q+%CUvY{Uj1a^18zC0uzYa zJY^fetHg1&D?oncL7!k((ijMj_-ks72_(`;XeXtl_TKb}G>2ymZwBQkvRxZ{7zn<5 zK|73}G=ayzqf-)#L9u>uYLJRvOGY+Js@?vcHdkx(cPpRse=yEBPuGxwBFi46g28dk zz!YYQ5iQ2SQbc9<$Ekt)(8dz;w;=hQewNRj)=sYHl6P~k@w&fWo5N5Y_5UA8A>Us= zW=}C!hJm@3q-MO2e>K2{xDKXFa{sC!W$!)eKpkqp=xlS6jF85F1*3#{FK25w{XSY`)6@(a2>*uuSq6jG>pJU$to2vgs zJD>WfsGYD)G45uA_u}B$Bq`tHIpt{+`g8!L!65LFrj~a0e7jy+pE;z~)7aFWyJbS0 z3F=)1LpY;^#w##j&+=gUw!i-QzmH#^`@eMj4?bPnVNU3U3M@_E)v~fE&W{@dgJwp^ zikQYK=Q$pb0YIr{o2|4tdHNQrzV|}%Me135W(!(SR_9|0QBsnS2W5@bUO z?g*^ZEM@L&fmsZT$p!8F&bnNS6fz;2XuB#XQBd}Nf3+MO*!D#uHPUHe8{YMj$^^AO z=M^e$w)6#L&Jfam@AiQq7TnlX3NX2cpt_TtS65C4gz*HvP&VTGdy&om{12-k@$WfZ z2eT{6!nQ*duBpYAYzh7*T|B7zNj?R^1OF_cwS)4aQQgQfa|5hmUXCTE8Bi+y>nW?_l3Im53&= zme+84*$#@8+}q!>@fqi$)w`9L#HHz46TNc$_cZuYo&`gC4oj3fCf%~Wdl&yNj0ZzO zvWlu++17RLpI?dbaqnGIj?ru;+)hvcFJ zOi3eMiHIf!9~sNnL_w~qLCs8mij2mVa!__Ky;pOVUToN6D9dQIHn)?$cM9B?OA?C@ za#_j9x6W{yg&4ZZUimJqrTvU|RC+Y8w7Ni@^X&y2;!j)s$um~o4m8EBR5!-h_|HF7 zq7@9pf4bYC{D*m${+M&bmCx_7=l~;+d|`^VKm%M;-!NCOQ$id#GdITpZ{=5TW^cM?aJ{+yzG<5v{M%t_vpiYl zF)B{iEGvCq>0cD6-hu3?Pd|nfSxKa~2xkHJk#y{ylvo59GCFn#dZ=Ue(Lg=xA2e2D zmDL7OV3v=zQ?CA<(VjAh7_M-SXh;+S8n=y_@{C@0nLOOix_XLy2Rk_K4FmYjpVLh` zXSRLtN;XL7TZ)?9iw~^6hNnCLebo&g*6WQ>4tiQA0O@zO6s1}lJzv7)=#Z>n0k#yb z?7oq{0*qHc|Hv^^Oq{)*Of;qMKOf!6(WYMWCqu&piXth;C0G973*YJk-)91Prg(7| zMYSU9;Fo%u=~^GYpTDVB5!ZrnDgnexj>ee+&w1IPya%vvBDkj0XRj-6GhUHuK5(02 zAg?i$4{Yp$UZ1h83_@9muxFDO{sRH;TesUNXt#@h${O!8+~QK_hd(@Aa`z!HkHfJVzhX43 zn;*3-E7JkoT2DCX)zu74T|-5cng9+{*PT=bF#6U3=UvP}&$?<{7Ehzetl_R;9jR(9 zGU-!f$G~LXQbgSAy|0;H6k7+Q-+q^rM%h=UWR?N;l;~9}mj{*DMQC<5l{!ZF3n|S_ayH<3*igx~RJR z50TgSBu&b=4p=<6eCkA|YsMjA85U@6LCeD(B(i#1BKg^huSd`-b_(f5-p)~eIeBB# zQ?J{g{frw8;X$~^1>u7>^+U;1Gla1RG+d9v!yR&D!xN0Ct9Udm$L#Wui|(~(S=RU4 zP6>(l7x6no)^@VX82RQ2`R0G|X7hL9-p1nKYgRJ6c7{laKWX7I4rC1J#SC{{OsAXQ3vj9UtNC|H7s0T zI=i-Cb#3)Dc5Gd3ZS~|nGY4$GD2IbS^fVIksyRFO#?M?bBCR@ehAU3Os2xT-zRRNr zJcITxBu((P`}`sqZ?@s4Sz-NV4vxSl^qd}3<#+Xj+@mo6Czoy{i2*m~x^UBy&X=FO zH2O;YyK%x}XkId*^|$?h)VtCVM+JrKeyOQnyMBJ%&Iq66G$hh`pKqCMzwKRU1T6S z`?RKbz3J8n=9GBgLcdhuivdw2y-Cw{K{y}9(>1Lo`> zIJ!-YB=r>PnQ13dc{x-A?fCU%9PUB0j$U`jHJMOzuGF!N6_LL9(p0=*uS3f3e60y6 zXSA2V7y0t9oX=B|%ly^~<+XoMYj^gvh}3hknoKp-vF8He3N)v> z>ViH3u3zs*M`l0?!iAV;%~)WC%_d<8@aCqmL;2I!^8*g}{bVV`Z$-g|k>!*Raoe1R zNJd#u=cEQqKyH9zHWBhQq?5nX7lCo z{rqh42aj>Pd)N}r2$&vl!dZyv;NghH$BTUJIp{7a3Xt{YKnF_~E-VKQ-Jjwd+M3Pb zGSixUM#LDjIl(Z3(nwo-<50y`q%V^mFJiNXFpBd+f98-NuBtO;M`-ZGb@w*1O zIRsPN4hb@o#8Tt**|-YpE_Xo2G^rJXcf`w<2TYy0+^s8cd1buPq zi|rbV%T4?A5rxPH-Gj%LgE}e|YHA1=3%)+pu!&dNtX;OD1!}vK z3^E)~aMh@vK(PLGFy1~#+0}?FU-W|YaohbEWMJLST1GhV^xBu}`wz`hKznjoNP&N- z`Qn(Qxk&xzMPAEe)V+tvoNWwY={(#wlyv@7A<6IgD1YrFuzn?|Zil1D$fv%a4+R}# zRLOi)0lES8Iw!4GP)oSMTn7eN6a2-1`z(O|aAUn$)6-vDwd1S*^~o>{)Q!K8*acnz zwzke*dl z_rcL*|6sPePx`Ho?aY|m zhPnELWmgM3myFnr`c;}9&l|>U0giePPH28kVbJ9MwIjGuUx>k;@j5cOG+txUKK{Yq_90XCIRK-ELzVlx7-WcbV%N>42Im` zr^=oPwG(}D`HJMtw42lKvA*i$^>4wXfHM_FX>**&*(CQ>$inXX2;|| zbrWXxL@{<0)@{hmU!xZz96xOLGHu)`7QVFEbko`b}@3?(= z8=I4U+C_Z?D~2f4EwTzl8CUE(v_PtSAKr{MmztG7ttm~)E$Ol7?J3CV5eob3K&B+@ zP#7$wA&z#s>bsri>|_7=eyGooQyu3v_=t+qvNLBZ84K=B-b~iSyS0wv(_|Ct^*!XH zlY&ZOz^nBNdwJhKzaA|#spP7a2+k$@mkqypi-3x3*|wlKG$bXJb@qvaQz`*L#4uPP7*XZ7G5!!9J6iU7k@vmS($7d`OdfgI8j@<5B;P7~Uc2}v7hg*c+v z%}_;g8$(UoIzehA-aECHUGh7%2N>=^*6y-0A}5c}fe?saWQLjWpg-=V{JUmnjqP3== zF>-v_mVeornVm>~jZnP3jwSdY5n1&t|Kbg4@0whpk@rZy8%YE`FT0-8>}Exx;2}!JGgC>Fd)9_VWwzn2J1^i8UhM5n_cB`_1Rh z%k+zYYTG2r_q_(_```7ob)NWZEN-ONxt74+>j zp>E)LX^2=amxbLr!$VKa^bL3yf$-41IOJw5y+A@m<7ntY5 zORT`!g*bJS_Oey+6s&!vxrap@^oq-r>WbI3HS1A56#>gz8LNkCniXW-{@gv+k+;(kCz`p|tlc{KUa>FjM) zV%Yu#2u;HwF5>hncOG8TebEnuAh0|f*X{&F@H_nHq;`ZV2)?GWQMDYU&0nXk)RH=& zinWzQu6iN{dZtkOT|}LxyYY~+yHLU$y{R5{rvg|U^K&|C`7oB^$oIrle(iGgAf9X> z1{LOXMfrlrS`eib7s^D0G53DcyInQ?H(CSZm@qn9p$L#Wt@>6VJWuZa(a|#u(TIrE za?^5iXKPD$a87I_=DqWYTk}?-lq&9t?NK_)WaD__F$h=^vtF{fnW&3l%>~hmB7CDQ ztg?zZxt!#jq%hQuqAY=NhuNEp_q8)C%=wCnhhG+~{H$9}>h%A}1IwiBwlkc?cD=Nc z5h0+#y=X!uACn(m&0%=G(7G#RxF`$F2r@(DuW-VKvfF`5;X%tvUi(96QK6e=TxM!C zI%q@1>jC`1)!PQ77P6I_Cw=SJM*IXRJ0xP2gZ*@7o3{k$Ci;9D50;$bQ6eR#ol8Tu zv`DfERZGEl)ZUGA2b;QZS+^Fj*nnEu z`^|r*_Put66K8q#J&J zX4PM2Z4DX*nS?3`)$)9@UStcq-DweS|A(JZ8$`Vkg^~_1geTV8E zwHZ5he1R5J?sn0akBz2lxQ9_CO&NAf+SjGAgDUlH%j25D^i6%MT^GI|`Q3$p21p+D z0nTr<6tb<{I>iwK)?+}m=hKgd=kszDUyzEQ&1|_C`d(+h-JR-fqUts1oIZ*Mm3k+~ zx8s{S)A}!swlqM7ZZOiM6fQ~INX)e7t5kY{QP(!kLY;~e@KmfH1F-@P=dSx(THhk< z2vgR@kg&P>cPaJ!*YUhYM(cIrjIHwS1n z^|N)V%PXQwB8ClH=&;s!ulagL49&c=P<)Zfza!TC;Gp=bSU7X3c-ndH=+NI6;2$!x z`3xZpj|*_@D;~K(*`?*m_fKgXn&i~pUp}FDX$Tzgdd@dN_kNoRm z7x0%FCePIAyDaMUDgT)^0=!wdBmSH`0CsqOe2;@S-_syjPP#wql+mZw6k) zVd^@$$2p-|-b_p#a9(eGXYCJ?YS3_xY5>!d>o(c_lJ>?J1kII%^+S68xt))h=xp7-G%wQ@HNiDPayp{4_{&r@p$c>6oG1xP!%Xg7*qRi!j!(7CXa2`jNTHEh2^xIc1 z(TKikBirlS8c&AqQK#>z??O>5b=Kj5Iv8u3Ah8Q|ug<|hk9{-}lYoC@a}ey(i`UDO zBC0{YJ5yEdkjKI>1q|namJ$w(#`XUJdO(H0 zK&VkWk8VdKL;aGbiIjJ89AD!h5z)#MbTy*FNIU|G5lK@tOj%!fFK9O0l;;~4^oBt2 zq4&KMg`S{{3_+JbYdI$adPfo!_VU;D2%Tl=1hEX>lqjK`aFo)FL@UwJ<%i3HakBCR z9kTJ5W$2%WmnflJtVBavY{7pO`YTcYKYR=RYrYr_x8#4!pW-Ila)A0czAkg9)h1Rp zB5|9qY(#y0y|NJ%<9ub~|66&2{)stdr9dY~$6_VQIs1jg#Y#jIg16Ljoc*$L_QUD% z#pNHprAvJ(=l}4#gVQ(1Z_nODE+W%{NfB%d9=aYP%pntsPY={m5 zIzZ4YPyRO>l9UZs4$@Q?;{!ec<@ms`Vl|tD#pRe}1xci40}ntw#+4^e&`&$jezf;9 zYN3DN40Sr2sN3$gS2oc5Jb@a1-smQ+OAfOib-K|WYN4OBoPbVQLB!8%Ab-8s+Pb~H zjeZ$$HjH96hNO?QBw0+h5-Rc(PqzN?`r_=(mIwZ84e4uu^u+r`{{Y{&yzdnf>uw^u zW+Lr-xWb>?23s5rN_e-EwcP$$@m0Zs++u-mcN z?O5zy1D_qz5JOSmf(*)3kixybEnhz(G1~4_CO7MKcm@elT!uNCXpmy4{E4OVT+QG_ z{glPm^5;H5oQ&BGNzj0^v0oIe9?h;nv-{klxv_CFme}E}c(Jj8E;K;9%41S+8jBtn zo$R+jF@;>!*Xm#J^Eqc@QjAC`kQA(kI^1&I%+y;4D2*xaN!Q-Ut8?Z2D3Xjh84!*} zgcC=@Lt2c=J`gaF@>a@*Eu7(WQqWkma*N4UKV|)`F%|{kTOr?WDZ>Mp>DL!LSG#UC zJ9agfJDS@LMB9MqJX;Dx*V0$*X<#|Y-l=`F^lt{;b9i^E#HwO8OAhe~y-H%d#vvG~ zC%Kllif#}$vvy@>C}*OOXY=1FD)7*sTTd=<)NUoDPjS}jv|GHp+p|Zp=g-l1EDaeO zrsPt&mm-oSIip$8Q>UV*-A?)`oKqpmrUwJYAj~AVzzt7%8=^S3v0xD{5E)}?=e(;} zoSgGc^XZa0owsYQ1F^zq`g_w&y648(v1@C`Igz5&4MBu+#?hDvfrpYi6eZ83uqZ`S zDIShZ*wapQ~-leEF3c3jce;2%V@#4qBr0?pbEKbLEk1T8|a*q8mnyH9ZV3mFM$9>j5Qg=DBv833Q-cJFcqo# z1r152vjG&cb*4xuj7d4cos5p5sm}A|Xli8xy()(TdWTv%)*w>MHln~EqPua5m_F+0 z0G>dvNn&ucoEa`uhfv!hw7(QW9mkGwn$wI-vEprc&vY!;*-?@x4CT1OITph2w~lTo zw(b!f5e-y{lN+4HB$0aFfw3c3kE?!9*@`}Q+=1Ld&o=nu;Yeti|kP^uxED&AyqC2%ScMfYy(w&{A1yRDl zm~n!N5zbHtohwx26 zT>A_GYocC(J4n%vR*lWb9X0YL$(ItWpGWOK{7^o(C$b%Nx@H#L-KuI=FnPgCt{1Y? z!-Mk=hu@w3aEfRq3W5_UGjhfX1h;j_#ejrw7)=n)CIHVo>Gwo0#y8RH4fa6yEmoG~3z6~BXg>S;%vcJuTlE%XU40zpdd zV7KQ0Jh$&xO-+5yu1Ti(K}&H2p^@y}Vp_ar{76eUFF-Qwd8-CpJjxu2f~F~wk1Mh~ zdgaD`X2+hs*g3(;n7C*6Yo3*7P+n;o$64#N*YLWYWaE3g_PwfgVoVD=~(zX-St5%5YscT7H@uJ}JwL&5xiY8dv)~5>AaWbT$ z;1gw%je}u~l}=fc)K>)__F&ox1Cu&@Td#oWn_gX;9s&49FPbTisczK;t$N#`Rd2u3 zt9w(Fea(&i*PlxNx7U@S z?%ny>#nr*-)yBrk209riZwwW>0g;m+5#wmWN`zBrN(DC*&Yaq7mC&`G8^;(GUMjx5 zz9~gSL9Ft+v5_!PZ1G?q<(Ua9H#YuSK_s&_JGt|K11CtSBvRru$=v5^*vtR>wjPIq zmwB;yzPlBJ;C^9o_a?v^O2v^A3{0fD|w5s$nflmn_v zeGifmsz$^xd_iJmam&yt=rxy@Z&5+`SPCwB{Wuw<5(W7hj*Akf=*NS1ZzZQGnf^Ezm$1fHnmMt6>V-G8L_C zpm!{x1F10fRF$P30)AJmZ>)ZELq4-ZZZE%Qp{VUG&%T8^)0^eo+)_$U61|aGV$@xo zm;fw=CCW;zr5wcizmPZ}m_0kHqrXeN8QL0nc%be%zxIQDf7iUf41d`J{_<)0$zHT= z<@|ROc}rS~_yuzn^+Pk%%Q=CzcZbTT-E-2Oo3!N>?u5K!Hv|bb4(?%X2``woaup*o zk>X&PCQ>lOaSSStYBD(@NR)lJGu=qr(<5Dy@E|K|Hi}a!PhspGPy-c@wNV~np}7*g zQjFyN=~IK{9(&7dX1C`0R_6f-^$?E0VC_HUH>n&ux_nzvPV$x@K)6k>sP6V>p7x@R|pBh=` z<@0DS>O2d?*V*!q+VigQg3CScE@6hm!#{)o6F2@*IY!IZwa|9SPn@j zW>1uyA_`9M7>!v{rUdm#j3w33LT+ouZo!MkiT>Sf-R}B=AV*_*LOwDw+=H1h?tK-Y4xGRtf$fTLEMbd1*_!#b6 z2V%#9Si+~W8|{B`QrM059oE|hYwrRma6x07rW0$NGFQK0fFOev4A~sC$T@t))YG5` z_lX2Vzz&fBTqB|T zTLAJN<2X)9(svL$2I6j&7L`fs{OFY?!8vC9u5sJ~IV?jByPuvKW}diQsvcnG(jKlw zuCy9{+A|BYqs8=hcv6w5NrJA}IL3w41Fn?lfc^%uL|#C#1P9}}1yS|vcxY*rN*PId z=p1uACI#Wb!FgukR86%NLmVeVtVAg%X=|IGgSKy=g{~~A+318|IkmH#WS*MiUf(mX zw?oTdPur;oKgkBHXDmvJ1-aLi4x4j-S?5yRjtN%l8rO3Lf(|LEa|a>D6J^ZjWrq4> zp!`t;t=ctejj&%)Z#C>j;zr)KBkzP$Zwd&*x8id9pW9I>$cbE?EGCDXBqS>+PDRh- z)mCM~DN5Op#t?Nd&gT;Fen7z8dUsRT_@E{79VgWus(VH|aiR97@jA@X)4IlWTmk3V z)dOo@oL>gban!edu$+V2ws4oQ|L#N`17X`@Mr*V&b5MY_LiE|qwh7!34n*4n;YrCt zigr245|YIeWg!$gxX*Ay^<|_De7+s9SF@wjM#g8+ezXmn=zEZijdOX5=ysYYqN{Bj za;>W-4o>8n$cZ{#!)1~?$JkD1TZQ@w4{CcF>N|+#owC@VGLuKM2foW5QZ_3Fu4*F@ zRrJu1I8Q=<9Twq9v=2sAZPsD?+#uVYmd2ceT#oz;qZ#~LROPa+V$c;R$C)UV=Udsp z+&BhpIoL?IQAFwLYA1QoSaVBQ-z?dTBX zq)THXGXXz}b#N^g2@u+Ptr59H+rZJRuU388+4FW#-$&fHSnBIQ&hHjal(O&fj-DyV z+>@Ijmr5|H1VA=~a$%(trHNs5dGhA!_~M;J=@)#1-N3sw1Dmk*q*U5C3C(EQ!P7Gw z7kGzRa$im8s#|Ufx+vuBH5(@5e%MC^?6v{h4Pz^mdX%!EPJIwBkSG$u;Z&t;2*HYy zW+3E<+z^kCbS9|94k+Xr=TV z(L!@uD>iblTC9x%T$#Bj60uPW>5M{g4!JW!Jwe)@iGsu+!0zrrnt}}h! z9W$-jE^vP9lIMaZB*t7+0yF(E+Kk+)P*b(kD8&<27K&q#TiDMGkNtz*ZWvTw?Km0J zOa;MKWpO=zllzdHuydbFD=XZA1lp_Gog)~_9`=q$zB|FS>{(Zi?+UoM4p}x({zju7 zY8L2OWdf|xn$Kt)z(fC`-nv7^(tUUO?vUeNUcN;po1Yp_iPkpPd^K_%0q=~^Nmg){ zl(Af+rosR{G@vBaiI;uGQi3zkLnDWoBb)8Y9c+bkunx%e_Cy2C2B|=UQtH)e!RUW* z-x)(X9(gQb>)wvK20}a9wmiEMcW7w#&EYwUouC~3B3OoSS&ZZtabVGCN87t|pg~ZS zy~_(u$0$+Sw$q4xk#_*!yEmvn+g&6tp0&LlIQlr23fj7dgJstZ@qrSD)7O_)#-T)@ z-Uz>f?A0U6bzaj5AK?PazdhKN=soMxNfvXdDjUw7b9OiR&@TrA#TNcUJOGwZJ5`M- zfuK?yZUBYeRQxh4`|b-XKbkCCRIksV8_X&AdTy~m35iq8RYKwAwmF0X^-C2w4UE+~ z@zE)})wHKfF!JZfn?t8&4oYZ{GNgRNh5sX?XL!|*JW!T^J=I0-)%#5E7O281bwwLa zI?oiHbfY`8W=X{(fbMe()VHK4EAbJFg*NwiZ#=7eBU7@N)-9C%$rN4i-rYCv29mqH zN^IuhEvDN4>j?rjT@NSPzJyK8PCL$D%^e3AiC4ge_*7U@3Xa zhM*huyu^W?m-Y&ff$UzBe#H&!hq>mQfgh;{hvYS9{r1|Ah9lHG8N|KhHux5K6e7`sI4G$tbI;`=xjG``sL+!m1{#n@&<75?2>v4za(%i zG#tGGec+byM3Ak1`g{TBS{*!GXnyM}`#Nye7fC&FNiz(95xezJOh(Er+GOP7)r3QBw;nZr zi43QLAZF`2F)C_YH3m4?Hf=f#AAzM-3{k~sD?yHUX}w1DR|2)KJy_t|2Do?FOrE1X z8j+NT^(Ah2fHA&SYD*}drjp5Ul9PfK^oBSDyB5K& zca#S-14DBnS)a}sKz&FWQ2K$?w4}zOG85#${>jT(;;li)rvE>$+`iW9tOyh^mJ?M_ zz2DVOW1Ksv?HZ_axWHc2*>`MUTl@Ybh`nk^)Eyq@DG8m3sxGQY?6Oey>x%-^q#7t; z81=wbdZtw6p1i%JaCiPs59XfD#Rr<~Jl9L+l0kCL`jP}Og?kAMK`Ab?cx39Tz*VdR zXc7n7Cip5X2tdCgML~F78e5=H`Gux>4x&xvRWdz5e24k9YNLY2I5#37;MM!}ckg9e zbwKR_ynK+cVnjIPHo+NV!y(Kv^R*yVxX(edg#navGFY?4AauffZ-q-`Cl`a%4zim8 z(0tn5bF|s@a^#*h;-X9dreZca_j89FB$o%b-w3JURhNF;uFNBtM#_fFz2x#sL(D^d zs*RR*0r9ldEp_T?o+pZOFhD82Cf19XuvkR+Rz!G=|HCpcoRe#@1?7y3Ey-PnB~8ed z&ayJKjaz!q7H27mM#VT?chhLsOk@5Y?z%nfXgSGcwpx#sT z-GkAofuZ-n+{-M;h|a<1?FLl*1Zb_fi4=>GW5d2-E40*D=+7;1$5SpzfykZY z;I!~9B9Z&&xxV6FuCDf+U%+@)z&GH=cxK1wF0mihxg$aBTM!+eGL7rZ)Ui?P5h(r+ zMkRyT-wxk4RQ1hB0kos-O|au>vnk2+$ z{ojcb9G9X{?y(WEpryLSOC9SQmk%m1Y@GbOR{dsOBI*t5@?E4huK|NHXb7mc z7wtxOy-1Z1G~ZIW4jE)m#@Dx)Cs0Nd7qp*}jSXGtLW&G&V&7TowWH_JZVzxcWje3G z)o0$=aENVesBl@G8L5_j1)&Y7>1^^PeZD)w!ek=-6?%h?b1a?Wgp6OMq*?#f&>T(UJ{VP38yK- zwmnl_#f`R9f^6Ejrv!L@&#L3x6Th_Em1aW^oGVe#Y2>7}H;h)=b(#A*gJ11ylFKjh zj_xk2A9VQI9Pz13d=?AbHnIf3u-vICmdysywjlPr>{Pc4XI4TM*E9!1Y-_-HE9qA= zjNycQ)oKY+ph{w`Vmx1YL+#ZJHD}qv76d&Hm`iWnUT(V^GwyxpHZ`@|tc6+VO-^DT zpi4(xMjPuIrxU=inWfK{0@3k6bW8$PH`GsojaX%p@DE_qR@XbdA13~1oD zHbF0vnQJSFwPpfoLcyRlUB1Q$4!Twoyv1>r_;1mHDhFiZcvwc(l{8?iFjELo;T~U8 zLIGSu&T^yhSl=}DS5%BjF_Ozu;Uq#Oxk%Qoy!{CyLZPH$DExJ_WbA}yW6)GJc~qE* zx_Y4OcPB!JEW05(-^zF-=6D{QpJ>ma6YvxzauQ1s+bfxABFwxIc56mhgoSK-Fl@3}sQA}iPXF}!;P-q_ zUEoyk0_DQOQ!w0i!*BurHmPN&Ggv>6r*UgiVe+x$t0R);Y88)EM!c66CPngujWNyY z3^stG%~IQLveAJNSni}VcIs2A*o`0hAqi1caYd{wOeqezBSZxkgtis`*xIF9YI8dt z2$!F=z29mCh)j7y{_qqRarE<-P-~{vxQy$lY(6Pw|p+m3& zqBpgxJ`9^`;Blx!bH~fm=NYGh+>o1&3QzEI<&1N-&QToO@L9N0d=&P>)SrNcrX4UB zT8KCYA>y!BnCV8HJqxrub8V(2JRge5E=%Wt>6h^}DUPLHEP5)+sUasx!L>POo;Y|x z@)XBJ;>6RQVbI1yemf*Z4<#ircW_2-b(Ohs1^Bi_y4~#FRdA6!`zql+|%h(%Sx~R1`c*E`0p{hte4EFZk*{yxYba~*UP$>a+swjuK3LQlSofB_e8m5hj> z?S=|1#cApT?z%;3Hi3JqQ8i%r*&2H@q{o=$6NGK9zmlvAh7K;SPF^1zUY%Y1_~E;= zcgIjd(K&(L^&=-s&=c6 zs??4XT#SUv3mOre7Ne>urlYSKm;KR%)3kZwQswM8lea=bnYfJQPdyW6Gc5#NU5#}x zRSr@xhn<=^fEU>8H-vZlp)X5z;wtR*?h#t6Wtkj0vh0 zd*gI##_`SC%Aj3UkWAc-OPo-OhF6Zt5v62CO2w3%2v~3!ajpXyedsQYz@4HWjOngU zods1!`}UOqh87;c=QZ#^cq*n^?-(z%pjoWzDcurIY+Z2Rv;Iy$tAXt^oA|pgY?k=~QRxE*!%ByhDIuk6^_}H@&y^qS1+Xu_PHW zRk~GFB)^VJ!(7Jk^vrX9csXm+Hrp8xc034SdPD8K6ypM?G{aKGbZLP;x!UmSB^1AB zo(Z<&g7z!dhPG$>av-MZG!nXw7eJ`ou-gZ>LN}`Sb`HuXOh;D1j=~wOgz3N-HnCwD zGte{76wr2SH5IQn6ND*UWFn8*0QD}9FaCLa@!?>RaY}UQx+69LMCGaLSTP60UPURTQCW!}+u{}M8woj!gsC zwdJ1r0P5}s`IG~1lM3{4epW-1i*M93uLa|Fu<@bEMX8pGC4<6@XyRb(*1(v%*?Xqj zoP=OgZJvb^V?!52mBIL)r>-VAcxL2@@sdNFW6X_Y^KO>7c~yDKsnjbUxf$`Pru-g= zesy84qBea@BI{ZjKC_#x67_Z7S+7D<;Q!YpKnms^CJSia0$O0&9S6ZCE@+3#f)MP1 z-q)HOC*KeyNJRc-3ZYoPXrOadcOO^ACK3jV!g=I`WS|%AjdgWO$5<4o~{4 zI=+*-m=|A7*EW5Bco#*y1g-5x&pi+}l)3xdrxT*Y_#0>GwQkkQNpi5B*MK_H`Or{} zBu>jDtc-$arYZ!xBsrBM=b%2Tf$Ey#xhl7Aicp5B;~?0ig=Nn4ZuHDSa48GV{JW&u zx6BsA(`t{tMQ51cl^h+I`1f75f>!Vr#Me9hHl;w{GtaD%E@uhCSwUN-=(ej2P_Wu9 za!_r;fX7m7WKj^38pgiLwc%w3(L1I~pVq@kR`7}Pm4mHKxY2BC!T!`>F6)!0&g72P zj$VCufAMzRqi!2j>u5(CxOMiQiA{Od-f5#X6~;ADm53m+ny5azws~fnqC(Xl)OCvy z%h0p-vkvejayP=IC`jVr;9~HfRd#c_6qy(D4U)T#`T>iHT(#1#wW0{AXDSAn5%<(N zgb}v`*6(~6b-nql!`rL;;b1=dIcTBgQ52YDgY;el{fbK>i?u;mj`5b^q^~nz9PIrX z*v>^hRsPHzxivUD#_zN4hgc^jphvaHKsQ}C+TPD$r1gTQ%Y(4{bI^>;KV5c(b52^; z>Y-Oz3(`;l$t9SXcQNnNf~#s`E`g7QMaKLPDo7FDK*!mD@t8o-5tP!gO%pLa>SDRi zTDn!vF~}+f&!!o?C)l9qAt|hlFi(0m>Dy+u`6CAmWUd zx>4K6U+$esr#E;9ME=Wd8`KoG99p}@0?BQRSz-d8dtzJXcH&#r(s{|~jPCsX-;x#1Zf?T^4MVu4 zX%b_e__em$raUk(gJ3^;BU2_G1X`%Ciz+oHRnc9_U?uz-@@-QjID}iRm=Dw1an!Nv zwG`T)_m*9Z9WMo9FPKA2w+bSP)>Q4uwkcHMx|i9P>RKEQ!g>&5(=X*#Ff^vwfz6j; z1JrTDxI~1-cY52g+8r-0zuO>q>B6#Dpp0eEA8wIByvY6S+Ch#rU0=L9I5cuct#oUU#S4-rN04 zyR+Td-~9_}KQ0>epHd3#e`!B>tm@?cBp)>Iqwn>%`c9wmr18FVqxL5H2hK_N))hx-@NMI#S_c<#2?atK?@YtSzgG7voci#Vnt2 zIvf><-DZSKc|}>6pg8 zIKxAt^1}y6l<`O-wkaiZn0|kvu*U$~UzuAfsfls4M(MiR9xj(m35)?I$<_g*?r{CraUAlk}6L|s)o0cyi{T+l3K-PB^^b9Q4egI^IwU*@Yu&0 zG)|gE9cL5u9VbEynBddY1%qR34oJaqCR{+DBxU(cYSmSY)baqh&2WMmMrE2Y8|M^M z8P(NEP16Md1{3zVR}7hX!W8~hXLn2zilJtQH|-x7zn)?W5N0Vc20kPy%^d-nnQ7Pq zaAtc>jW^L4iW^wrTb+N8FKtS0DhW{at?Ew@wtT^Gw~Q6gtVOdoZ30YGwKRl_0z*M8 z9Y!m$)gabfmS~VnscY;V+1#^=qJKuOX>5 zFo^d-mS!0o#YB!Fsh_j4;#G1eWUP^@^oU~yB!Pf)oFYzcC~W1XZ-&`KB*lHk&0mb0 zZT3%-1}1MgB1l$js+i#05li7vAjavCLUGWkJ)h>shEENG$0f|{c(~`P)f6FShzmTfKH^Iylyrfs+J9K441^FcSqVqokB{k z4q*eg>xYt+>pQ-7$E#<+9$9ZZyMRWm(RZoELjnu-1ZY?X8=EDCS>Zyx#dss~o8F-) zRLM!4riN{cvOlJUW*$cF0O|tFRfUesq1T_(i4|s-xo$nsd|UW}3RpJe@RHv9WQ5ZJ zVuNPkWwF~Ht=c)QYFO&Nw``dW5L5=@ETi$J+=V_)fsSsud@lpxqs)xmP@V#R(TQ6q zxlV;}hXvMOY|gxjEbsEiV3~tbsRl!`)Z`d5|}g;c#+;j?fRhbKi1xFhuwYWwBQ zr=%4tYx#@5>9LW33cS^Z%3xH)r4S~|UL~9vG4coCcKdaH|^bxMe*LK?G1kM$C`~{T! zaaNLJ{w zRF`YPnw1&vnE70p;CO_*1wxXA^e0M+1G(TwRw67VyqpvzP7V3pGM*;4RLU9|%UZDW zg5JQNt$2j_P%2Jrg41Hs8gN235#^lRuo&WjtGBsv-$MsrrEL*cz+j5gId*P)t?9mD zo9>&OaCOxR_(lsBzTW1G`IZ-husk(l&2{-i-PHf3RE4c{fPqNudd~r8HtGym{T~N15UG{(P#)Y zcb|Xo*Tg!)DHJ%<3gEbJnp&&7p7QDoWmqbAko#|S zAyLpm(zM-_f(~`K%n-|;fyrsbea&51R<`C$h!!juR1;yPl%Le!G(#Ar_*Rs(kW)>` z(AI-C$UB*!!WCyRIJgrO;zFz14o>VgXJV#h_G1i^Y60HuY*L{_BQhCfRG$>1Xt*<` zuRJ4FsoTLsb{bm2!U$~O{?^22SC^`E<3zE7od{hJ-!c@z&|^GtoUO`*AfQWxivBz) z54J>#jgV2lY1%%*|Czm!L$w*{URbr9Y}2Viupo}K#)K4=dTWk%y;!k&)w-H#DGD@{ z_)7GYzQIXMa|-=4ebLuyhw?KuQEan8{2luSu2C~)-y2gIZk#AB^(d1i6=SaasAHN* zI#JrA@P-dcoJ*LxAe^hC7>*o!BXd$Umhr2p3pOIJQ(A|L3@EPBnUS(`#JUxD1ISHF;^#x4=(gA%6L#8vyl5%W| z75Nln7>m;X%yw3J8Z59^?4 zNFX)!Ss*+_O09vETO+|c(_W3sNJp8t*|R|nHku}KS?>+p zFMXzzGI?x=px()A1W*%YPPiZmQH~&a47@GT11agkHs!D?(U22G_!E6XKqDh}B=%T5 zFkZVLt_$>(?xB4Fdl9-a0*KH--$stMg#$t4_REFnpkhE8+WBafg~vpA5{=lj9Rc*8 zu0M>fE1-$iV7%$9PFhX1$s!QCOR!*>jX_mG&6um$JLohjVov*dE3DE%hjiLLYfh8d zH+>t_TmfpO_9Jve1*lGh%cp+8T&~N+9s-MMf1(sv(7dIJ<=6o1Vxj_^jTLOuZJ0j$ z!lAkb#W-<1s;a2|)3gxb=B^_snuS&mF44*5DtdKrd2(qM_lJ|K@6O&|p&t$|E)Gtw zPL40p*@f?xKYNW1PJcw-pPU|TB0`l1_%4TdHaiojVMr3sOzKV$*h#VBQxkNnmI@Ri zKFwm;09~D2y*=JUr)Q_FlhfB1C#P?Y-yNS`ZK8L_7l+>+oL(KgI(d6?^&^nb>yxX~ z<4YAjaG+tFA6#6W9KL^haDmR>U!0#^9;@3{c?(mLLMPjtWdceTLYOg8T46{oIL|rD zIhEo$On9JUGlBjb$Mx)`%GxMIIR;(Duxl!SvkMket0pU^uKlcFjrAR^)5@%(y=M`6 zYnN2M^p@g2O~HA7B5z&lVKqz3V@mZ6&Gcq^eATxYtj+X^8?5BCQ>F-Z$XIeqQ{Q%YjYPrn91qDR z$OL7fGy6-fZX=uy%FGEja0%8#fV)7p9s-uFRmC`%QrE$T*{gJ&)FVn;P5^>!;cZ1#-)lWIIyw zRjwA*1KH?TR0QrG5~1(dt<;2+DrpxC*3$#*<_8fiS?YO1tjw+5B4EVTUrR>n*eKu& zl8*DDIF9ZtMIISwo3PH51O6-zygKi&HUqmh2^o+qQE!Y`n$(!iF&_gbGQzc8MR%M_ z&YibRTaK|11bTaFBkJa~-MBx|!iJmBM6Q5aQ!C8hderENjTRS0z{jUY@?NbAgM;4> z&d-lek52yeLT;g}*sH=9{Lnr58=!J)eMtzRs|8=!)L|5%HNlA0jHZOET24xv+jN>d z^coh3WO2%bV)}iK<7-j~wEFAst4>Ktacpk8i6JJHMX9ttPm_+&nyTxpjW*sHHNgM6 zjzC)nHC2pQnI zbR&dnPYP-mh?%*$jE!rxPh7|fct{N<&~$t?=M)Urk_WHKyCU>_>fje>Qilb#{&>A| z#_wv)GtS6?c|4*whEqCc;;)m*Wb!-u)wETucv*jk$2E~8p3W4K&!!&`iq_-0^-tkF`G6>&VRpY_37h69tGA!J+_a-SD+s^gzq5L}PY zLK1qD?4e`MR(vaEuwDi|DuM@^B=84{-$w9;WxFIKK*12XZIo$BvY{cnA*yP*FK}vW ziIdmG^t_@kf%>2SrxO2fThcw|7&GJlJG*FSwM7Ok8VCx^RFV5aV*{4n z>$vP1f!PA=%l3Bm2G4?i2Cz7lbpz3(AaPN0vT{`^NBiA@nY6VntA(UOg$tKCVuO_y zIzUo=PAkd&Ep&CuD(QYIkRryJ>Rm4&1QDyPSy_3@aDr4)x2k=I5|-JryFMgPK_a!e zDZw||;udVoKr1FAoFyqizp%bCBo`R$I$2`U@*yUbm$`OY(X7u(`JBo**Q02hgKP<1 zWzrN4sBPDnGnV$E6}#gr=)JNv_)YmZvu5Ho6Kev>r!XrEGm?{D--Isu(;c{UEsaA~ zX2r`k^e6Z7HKP@&Vu%>)h}{5g!O*x&3!3XM#M-x=^-Z9$W4Sgtr-H0~z3yz;AZQcG zO(c~;imT~jw{|Sm6M&mZaSS6ta^jo9*HzsSkEzIY)NJjEB+?{Ne;yJ!ykc#xrN+w2 zD^>D=ItYq;x^``16U5p~3xrtL68y;rI|{)%b_Nh)cqpQ5-6~)Td`d}HtgQ5Uy*?JB zl`y|I)}S>c`F#|E^Ij++%ThvGaRh?Sv5M`qeQeZu%MuL4B1OajC(slYrVpwCoXfTS z=nfs^xejSwSF3rb>TqFHX7t}BLGM(-fbYpe6~oOSKS5)tIXWm-5n)T8mam zjo;eMS+X7|vo3W<>IDnxYRR}TQ{FPPU(hj$EM<60e@!MUnkK4G4%9T_vG)2MxMA+qmRoKvs6&nMv7KJ)AjU~;@b;F z%-)L%37a{zS_WeH0#eQGe7<8T^ksl7YPG;Ql;fCGfv97!1;WBsrB#ca<0S-5S1Qc= zv|0+)@C(w@bc}UfiPjeCsUKCLu1NKFWCNX$705zMOEU_~uYWvv_x9@m)vsUElz<0^ z7DCmAj8;y(?%7h6<1`5gJHRxY%w~<$V)o8k!xt+^uf>meoW4N6fwKMgAJ5)je7OAa z^6L2A2Z`*5!?V-ZCvV}x0NK5;*=%zfQbgr}Lb98;_-UzwCq z22|b6V`Es08CMoxl>`v(5NaVk!4|ADP~WEcN-etUDy6?xn_#LyJVC0tUWIPF3+<#p zV=!A4P+kxX$SoSv48lt*b$h=OI#wK=oU5`RF&le%X`4p$&|;uYwu6o{rs*1#n~PRn z!`|qmBd@V8D~r4=yZ|M`?qb(pb*O_Y{c~_~4r9N+cnboBYA8sHNUZ@BOsFowSr!wx z&U8t+jNFFJ$d!;1LwjL}V+9)Y8XiN?M=hJ4V$SzxxhI1_8oh-?KcxXC)+Ovp@_423 zW;T*XYuI&Flt6J=FdH7WzNt?SQtg=iJ$kXyiO?Ip2jBt73J0n`F(tqp7d$_^yn1tS zeEH%0;PUc^vx}pbPuH%?K8cGIHdB{PYGvr}cAdUOe;-fu75Qz;tDMnd=oi7V92cXP ztG`B4ZS$trGKl=XihhGs!Mz>SY9%CQ30a2~?MCRmkqEqNxIckO7=btEr_L9A$7z-lQU1UScY#~SMPjN-=Nd~nIR2f0wjb3z_MFqrE;NcYs;t6_Z(Y3W= z!gXIk4$cb@GIVLC7pUN+@|x(G>e|aM(Dq)t4fLaWg}*S8J`@|U?NeZ&jv8nux>FwP zJ~Sou`KH)JxjIvc>o(@fgn1>Q*}$)fV@meh@jRhLakM@sD!JXzFwJ}bqU^)tPRKW0 zMkC^lEzsZ3-X49pIDUJ4aC!XU^x)mG&t{z5o6j)jVF=%QiNunx0T> zTtZ>)E*z9_;i@c36WE z=1a(G7gw*1)PLbgUr*F`{#UIFw+i23p4?&%W)G(t9=p==RrKd=ksnZEE|g#J4K~E% zm*Mp7tPARS|Idr|h0nC&XFA2(1&<8MQJj}AS9ja(@#_5m>D>k}-Fw2Y$fyN*x!QR{ zABK(rw6i22xh-dTA)>pnc)8jc-uLCZm#aIAy{v7458Rgul;t<235{iUq#luFw*#Qu zYcHyA&fbWo2Kbe2=*-xKMi9Xs?A`~$)F$lhylY;+d5GAZ>^_?T#S=1{R--$MC~M#M zm!fmep$+=G?e?s&J`)uz%8A_BVOLe-4;~t`xu6(|5gS zWku?$Aekh}>nMc`BYRctY1%Ave=DSvBMwrjl@CYS%Zb_Za%=cS<_UkqKDa5is+Um1aTmFDc9>t z*?k;eBa%to%1lHURmNi&KUKl%*L6|$CH0i=4!%C|w)<Ydz;?Q|2-q!*|Cw7H}!K_V=%rbrz@+19$g*Z%up1^@w)lI1wf?%l84&o&kb z3muafON))x#K`LEq#KBUj0!q*S0UlsUGzA-uA>4~5 zsIOANdw@k{Nb=yHQr#b+Z!p*{n1vuVGQx$3^{~hlRA>{MLtUdda+jnI#BX4IWZ15l zw{_aorlhtu*sNRT90*C0h-HbeTXC~nVLkn+4OCuC;I%D&abHWNFNj(Dt}RBnvPpNd zN0>L%m9(mOe))Nvt_5E%hHDoa(d>R@+Bt~yWzeDG-&7| z0{gv<<>pvc-;}erEJ|{JYM=KezoWDPiXNeZ0{x3<8vJ=6F0cv&viRf5r^smu9n!{aAg^;_u%znhNC&0U$ zhM}MXhj`@v-W903lk0)|8v5f(D%gJ<6zq2?9Dz|ii@S;O0Y>o+C)>HPRKq3qAk~xc zOjgX(k;Z#-Q7Hqjh2=D~ttFvt0e&uIJAl*Rob6VK1}JN4GHe4i05N(h8HH^{2dp5O zG8_cgB?Y$k=oXOdp9TsU!`WrSTu*#&+gMGfN9{^SFO}1ywn}bEd12!%VVF3e(}`Uf zFKNXQqj@d>^-ho4-R61E+~ay;1|_q=Y3gYS9V3LHyY^9=pn(+g4GA9B+KpIemfHgg zXo^jVx`w9UOYB}b33V^J1*1#u1(Ut%9gf01`2^6jId~h#!;q=;ka{|D?@50; zxMHbxFw*k^M?oRcNi(KgHJNSlT;`g2OFCluy^GDu*0FKb z_L`cR9EyMPBn_c8S4rj%&DYTEfTz*~?p5#J9-McZhxd;JkmVhcAixwZqXF^%!mdT$ z9-QkK3qs#$#5_+n&95=Tp77Z@gAJivXw)*JP^i0SF~oHPI#$KVYgw-=Utl2^j9({x!;)eWGTIw=*_Z~QZ1w;BZsO+!bnFdfuVkmhQn%|HC~KtYG#z!PNg%!`ZlUH^ zQaA97xE70|+coiDSvQTZSd_1f#bi}F2_QXG4T_pgs(e`8+n1X^bO$U+yVE2z0STU! zgCbG5-l~ZT-0t0D03~rhPHWd&o_L&!v}!qvbf$R}4<%`957>`wu*%8!>XlYnc|lzB z;{g}URh<6ek4!62LwlauTHc%(Y1U?g=sbyr(H1!u&5FfpFDk}(*12{fygJC?-bip{>!))8_r1( z;;Q4?*wuF*MY9+2AO=V-r*zDA%R7p6SC7!i-lDz9G{w$j>=`L4OIy9DyV^*Ss=-lq z@`@CINP-kl_&Q?(=qsCKeD3T!q{R%{DEAPnwu&xb+U4cGEc-Uvcp@V&LMmbDMxiG# zcXLiYi_PcJ_;L)tI0{c-{TZ-(LrllS(b9f-eVzQw*hDP1aiGEr(M@9Mv_yX~EBjV^#a>OLFt}niqYuWD zkY#fPJHcF@?^Q0;;X$_-*bHCpR3^ulJB@Y87W5NUC8gL8xa3ue09hIJ(d_2S)mIt6ZRjThpna26iUd9OR zIY4_Zp*>g7R`4r)l;6}Rcgs_|0!v5C;CFg^SbKzmT@5gHvKw2h{TUuZvbgaEP;u)1|pq9u@`%ut7;~vn(W2)CD+?kaRT=l_4UrI(Kk( z+Nn2B8?A!)iUfRs$~82s($^>uHUcd_Bc-=9&-6+s_c2%ROA+Oo_qw0#S2|$AMup^d z6Duo0X%7?dN@dF<4Ik6AnOeh-hNkehRpZCnJdePFM$qWjuUVi0LSBF4x|o>(2jJI} zW5T0gGGQrk-F;O`sxqZ7-=1^5z@Gf{ zZH>M38`q-;fvg}$nyH{|OYM9hL@Rvfn)HD)a1})Ut}I)jlR)~m?vm@R%9y3przsV4 z5P@2`2&O_vNc&94LG_} zH`$FW*LL@kc(pl$Ul9|Rn`v{R)jaQhcDNLiGa(Xhtc8TrzE{NW$pKXsgaE44LkJ<3 z2G=Z{WoDj(+$c*1s&t-4V4X3IrkI=M-z8X136bQ`hgd@${6k-$V@Y)lCPv(s{d5IN zi|?|=Ggk!}!27E(NLfO|y$r%$0n2k`^Q`V=B#1Ny(tCPfp6n88&qVOEsmTcH5vkCo z1IpP3BpF04kJt)TzrZNLpp`fRE4#~SDoPG$7%nINd_$xY#$}K|S~1Zi97JVW+3<$W zxb}waEgh?<=PAe>Jk>uJYS}Y23~#NYs&`O<%hV=BmC7{v+mJ@QVl(v6ZK(9sFNNheK$ zaXI+NH@a}eX3FFwkU4h*ES?5om?^Xbu#7PPO<#(pH8#Cc`sgXMe0dQhXo~p?^(;U{ zF4BTm&cA<(gQyU|tr)fKcTo&jUFOqoxH63>2M;Cm_O$FASFK(MIHC`z9Rs!46^5n5 zG#ukt$I#9^^i)r$GRQYIBgV1lI!NMZ%%b$02LrJ|^tLa*xBPV0JY8mIQRT`xwi@Fn z^K3cDdq#s#+V?+iU)SCFGk5jR8u>4^ql+FsWj|N-_a35*FSM6Sy7;%)$u)I+{yyG$ z%=TKcCZ4!qFBr`yY}cM0n{iHX;-ferbdW;ElAIsvyE?8=AXQBok(m`ifdML42Y>K6 zg+7A|bVOy`OI>z--E8KfxxT(Z*4JB&c8Ao@;TPlvUSBs1$#8Ji*S!k3+F>>Wxdmsw zT{m>5{OpR2crwZ@el3A5nlq4tsF^I7 z>NnEAiP%Gg&UeaFtk}Q?5u7nsN#+XXEJ@8-UPW8<9#VN(lwX{ z(}z_Mn~+fPf^C*f0*1sD6s__*h>atTbb1nSj}Ege3@UdX=6N6yy9tAcd4gBTpiwfM zuZ9P~x>7=6``OSLErzgIQTwHghaobtP8FCBX)H$h1~Qt2G4-=l)Zn|Mrc#k@MY;0| zd^9fC0o5hQ<3`(VPjk0P!O{v)ZC5m50+L7{yVEpK<9I|UMwV1Lr@AeFv$2SC+bl2k9P)9zn{_2&{+&Y~0g0m7=zxm(;q4EtJCBErZT0dr-P znn667okfjnmdx5RFsJfpNsVXQ7{GOv5Et_k&PtY zE){~Fb8V>fsMh0%Fo>eB+wI)MYAAUo2;In;--QcC0U9nUaz18CP|HW}@3RrT4&rID zf#~P1nsVI%YJ{Q8`cpPW8x>UB;UN&vRN*^O61-v%a~*@esu97q+w$_ISJt+&+MZy> zE@E0`XUAlm2-zS=Cs@8Pre$&5wOYdn_)``h7C-OK%{<2dDM zLMOHS-8Qn=lqN%#?h=*`%z8B$Fxp5tkfq$nur|A5I3UdlXuLq6_`K-G7IW9P!}VyU zt}RP41!$GF6};DgEOSg!PI_TH?9;)O7_Oc%f%4XKOeaR}M60mfuvhs~lW%H>WtfD# zSzjq~#c`-8@1^$uhO4`MSKc_w-nh5p(8bzgI??$W#qSe3$$WtpS29~V0l$>TG&dGC z&S^T@CAD-sv8X`St1Y)M=G9&=Sq%SM7XS!$nyyb-dJ`vC=W!SeW|fNdQ<-xzPHrGr zMl^)Xg`gb6KS8z#;~TXv2AEqD5cLR#0bCPFG7qbfU)-V5XH@XUdamB>I_c%9K=|=$8rC6aX9uWprV_^ zew&4`EpC+beggu3$7psN@GK@bBt$X-J-OuWz6WC^w*z^%q{0`(H@G_hB(GAbV^rkT z{xrpWHV{oLp0H@m4$^_Sso~VVUEUMYXAr!@AUhxhYuGT@cU>TYu}?~7I*n^^BSlNX z8-cYiM%sbE(Uol7=1oqFAyv!)4E~P|Ta_|<6(MDd_lS*JxOeyPheX$UtNSyEqeu|N zwVVz21W(CF=Bg@|vet41iTuxS~v}2BSE@ zJnQ0%9neWG-f}lb(Ou~G?}IpkgyyR>c4@khAjEtLAUv8Dw!de7MtC9I;C&p zt*wsdDCtj}HwB(vG7dZ$ZDb4M_}19tfh55W<#g`(>$ zh2!pP)x+P%x2}M+pFyyz?7oIBWaaek_(mO%C;5w7>W_m+=OWVAA^JQmUE@Tl9^7GO zd5bJoqM|@&6^pGHE>4ej8@b>t;c#2`Hi@Sbz5*|30_mpJQACQr*<66L*U20>l{f|v=E)*OI~zW*8r;=G0=M~C}P zrY`^k;%qw0x-8b(qd5BKpXlb`unf%(a+mUWS@SnuGKYjrUlF>E;(+jvQ=+v;TcFTh*1osY_F zEKZHIRF_CPMPF58JCk4WW)n28Xdr+MSnt(L_gNU<7^~HGPC&JA046MhDJ@K=I$?a)w8}PM9Q3N$%c1ndEV=_4YT3}* z50F+Wbui_V*Ik16a~4ce%%=Sy6dX?m^QKvNaAmdx(YG}4_ zL52yN7#gLurzf%$Yqhsrwnzi(d%5AryDx~_P6wHrB)b;lK*>1J%L-D|xXZ$jFL--{@K~d#and#`UOxHeu>>-`KcgrS?Pf0CrvV88ry*k6vI=R1_RCY*Vm5XUB*!cb42HsrheG}G;644Cs>PjV!$VKZ|rBEpWs5eWq zd9Px{9R|ChlAG?#ps6I{fw4Z7+VYZyJPY-#T0}*qab;5|;3vT~OZMVqXe@Q_5Z)F` zPm^%(+3$XTu$vX$t<``dygO@m?st(noV7alwZecrD*?z^f(+%N-Duqx3ryy4ow5L1 zAC%*OfY6&aNWDx+sqBC8*4jw<)zj^-8%b!m2Vr31X-WcQI|V~Axo49z@FO{V1B&m* z&~qu-Lh_e5wFRy9^^7Lh*S#z&teHy5OulB4;uAwKC{D3f*$1t479h*u--q$wiX|i% zQ_LSc2&YmbW-KP%M3Ig8VDy*N-!L*j;$&)5QagY1~IP4yjds^o+#mw zddTr~e|*?IZoX;NTOYdT_0BuOqHA(ZlR%7|XJ{Iw$y&~0&DJz4RiUwGR*d-2Fbx&e zYw=0Y+pg?pg-Cv(ULb+tSRt8J2$?3~E_sb~wO>I!zkJbdw8WcC$N$=(oc%(K8=J4} zl7BnKBIg;W+3iyv4BRk?rnlbhs~7Ip58f-dUfJ~f$<+I2FdxWmHo3%%``Q3M98i_yL-=oK4Z1fiCcB{MT?RZ;To9<4Rj{R3J zJfHQUW4pE5WjgWtiFgyx$cvL<4gai7;yA30X%LAaq%{OpTLkgD?+EcHS3_6)aBmm3 z?upWai6~RM{oAYVs~6ZQcNk4;>%?;i5mbJgCbW@xxxbfd2yAqe zMqR6yd82+w3&q7ZR^_MT%r?=L)TmYGhC}it!JM_a{ajRp4G@69EufcMxIHqB1W&i4 zFsSefdGSHT`9f#aNy1zmp?Pzl3kcBMo_$~H&sl3RWfMhPjmC9L!O6BYA+ya$# zU3W4~hIu`dN^BzQ?v&SE+U8gWy403wgLpg<5W<-PwZIM9t1PebnxpXIr5Z2O8EtvZ z7k^0gC6;613dvA2xuI%wuVj=8XHseIq0fsS=k!tcZbFA_p{s04`4z7v)5rz$V$5q> zLkwLmK?-WE$pqLkmZ3bTC2Sb*RA#`&d25a(N`C6b7j9= z1-uvu(7Mnym~1&#Dyh!1gbne{vpGE0hx)o;xL zETZgPvO%K|1V#sY#J8wDUuN%pmIQg0q(mJIM&l=1>jlQAq1?xXivSE4ZT=hINe z!Q*>o*PnJ3dK?dja8K#80Zq8nfWUE2S}gILX)FjBvN#-;Xb{3dD4uc>#zVOR3?_zw z7vRG5ng$_Q9!e=|anwz?AykeDni@6Fn8bd85rO7C_BnAQ^7^!X(rBO84;uUA_4(N$ zgfiW??*5+Lc|y#{f}rw`>%YO~cK?k0LDGag6aV`ZJ;Nb;AF!LuRU?dt1q5IO7BoH} zuaD2(=HjbL%L|hm1yPV1eV(H+q=*a+H^?-SAN$m+g74^4K<22+T} zf%wkHP&;)sqaZ!duivm?5Gi{ch?8SCpyNpmVxbwqackzZ$yU}fhZA+jtt^3)RuNj)1TgXOAvU7roISCl?;{6 zlZKy4=cQe!wrFaUF>dC+2?oXzMjAto2e?v|Sivbk8=jc%54JK~CD7M{rjXE`Cz(kq zBnX$nY*vGElEiUJRs)}Gt{E0!$Tyn726+iRTCk5HOz=oG8 z1G9{kQxMihoD^py?^+*lxg9P;Xt44OPA8H3O4Ox>Vvh4_e#}G@iUPe83Krn6aXj zR7_K<6D?RIjs-UKG~phQUjp72A*4l}!ylOk9yiiI+U4zTV3Q^IOIigtXEOrJ!vr_C zv-23P)j0vq9nd5@7|A|en~vH`O}FWy9Z%BQf|=*jJ{DY1CSlY+i^7>qEt&Z;`o0~0 zM6mVqa5@Yk6=2o0;3!+zALrCBP0&+3Ylw}+oj?t~wrIWQb#ZV8{*sN0O)T5EbjWhU zq{?WR2hlKO(oF>bXaRq2T&ck*xMpq~`r63B&e$qToQ1yX759co9A8_`4|%1@gNWh# zl7IydAbi96qd2~@P?YZ!TBYBlVYfI!c^vok1?XeIRo_?0N+h5>oQmc2C{Gz~MgW(i}=~CdwH$EAm0M1o7SqcL~N6@vL9`(UA@= ziHXmb4tzVNGa2Ab$l&P|=_gRhF2TM6eDN^5SzL&c3pL+mksiPgA2VEWJXR`&f~Sq# z_<%(;31U=Rf(e!#Ml|5iUN|HEETZFJ0P%J+>*MQyX5#MUGywkn)U({S+|%wM7Go?ikdp313j#8!(NNN(fsK(e$L@g7`qSZ_19x6_ z&J;QU8cKk|_nd>X)AreM!y$u^a=zybM&5tN+*54~;)Hnz==EBcH7$4mlSPAAfLs7W z7V(bhES{#nNN2PLzAZoms38^2M5Hh_ zHQ94(5^8D|_ABP=5Y@{#Gv=OD9CE-G`O%)!JUu$g65bT1+D+J{ShU$}*KBOC-Tk?! zh_PpbFqm-W{m#<#A$)$Rw@$wtKCkU4u5!o(6GIVy67$rB$Y?HzTzr%*3kU%3sASV) z9l1-?!Dwnk)Nv|Hg^{ux<@5rd6Gv*S%D7`X5%5Kuwr$WKGLOrl+#2l3tO9 z1+=zw9kX`78>tguz6$x-%TuVRdk{~g_qr8QLq{?F+{;YNRE|eMBa5e=WQu=#^dock{8wjhcq6QDh%^aM@c*+=OImn3?yB(0jP zBTr=1*XNz%_H$!c`HK3|Ic}Tp*UZ$aDOytCA!7sWd()8jV8JF+rft8VL%qfKu0;hY z8l-A@4uF7HI{byUyvT6XP%2414Y{e5>Y!3d?pXqBlQ1?i#v?xEv)CC$k$V{)apfih z0?O+&J5^VxRA1BKs{;M;9ap9A}c02Vd~;TM$oVb*)UcUBMyae zl^oQ6X0yWhOBhOxy>J%Ltb!##*i@P-$!*1}tYbL)U5t}#Z8>5+#}V6DgcF*MUB(IF z(>`baJr#>j0^npdjS0Pu1OI{U>nN^f`)g066D78owB9yU#)bK;5K`!5K@n65@bV9@2eI(&=IE6nziPAX!dASppLR6l&9*Bfm zICiP(mT9>hV$sKx^3erYiGMh|XmyXz-nKjS_B&-To-h=h z^LV)tQr|up@iJhX4ldfAvy<*o^SJS*QSWp=oE-1}>7t_5;m;8i^CpUTQs6QVeSy$n z4M<^65HlSP6E>u2oRIj^3{$rO?(t?MIrGr2X>sb-~Anr9yH1PoQHFwEy-IUh?aq?4#g04 zc(grCkP*XJsuG-svIBZ0h{s3-Z(ihK?7Kcosb||1(i`qVu65OQz*&sgE^%lQ?a~{* zO9$iK+gtbc_V#x7RzADNsMc=H$N9W=g@Df@-&NxDE^)+=d?qx}3s4G6Fx>g`mOjL` znm_Av9SIh*09<@oINQ!~TP&O*OHqq&sQ4ot_ZEZaD!Wt_ZE!;oD`yx3NhW;}XF3yc z38hG~2E|(OUGuz{U;w{N`)kMN8Bb^g|CZ^HbM%dlRHw1e&f_FiOQlk>IKJAvmJHA5 zO>I+gW*K;b$^gbPA=m&XHi)BI!qOyQ(pJ21JX-~S_>bb9i<#4s@(Wj%@{|s)YG%o` zwVYO6?jn9Xn2uSLQf+q|mE0BxQ(-StCz9{1gTaIb znct!eow&;QnsgQBBbkssWrGv~Y#NCl#Ykk=T1u+{)3CeDQNx^7@mn4=CNv$@(zup} z+!HV4k;8ng&m2v|DO#FCV+ipLLc=&3W|E)JICwd#)yOv#(&nD3mb&bkiUn@wUoX4N znYS_p^SFd%xl!7T^7fQ>sj^PVqE^t#fao5nLMJi}l@2H#Ts0l)C$F%2Tg zE=qScdlL}H4LX1Ti2`$H5$3RzEKg5aSl(ahgqs2hl zOwMP8`s8^ikBm|97LTsaK>^78=VIwRH)Cp3{+vF?HlC|C)=D^)*7W3~d_zV)NC~4C zjImtu+n7|Tyg`X%w`|j~=FTPKnfU3+DNtKno?>N_IpO6pP6iBw29@W}qTupMlO(>K zx&7Fmxjgu%p!v;*izkfwZW@ePJQZ!c+FYWJIC+%SvCAq5aAUS>?9~_~uDk(j0lGX2 zCKHxs7bpq4NrIG-f7Dj5x7TWEe8nOw1x$@jf*SgI)S_t^)~>g))Q{y5RzLpZQ|-6) zwc4t;zBU(9b-PyGs#SM>d=URRbD+6^o9Av$kxZPDm7QIIC)1E|JZG20J_mD7^S&JG zLnXDF+e#7a1*u1xSzJo%O%R?2;6sT~HIjI$&4_Ea37rwK4GOToCUo}nqtS>iIvLGf zoXf4wvc>oH2-aEsd$0y$wp#n6x+bX2A+_o@=_ia{!8KSmZ7nfd*=?Vok6rTmn|s>L0r8M(cf}1^+Y;8eOyHTrDAw zUO*6Qq+AteUm-x9HWnvcieXIZvb;n{$OY!jD7DBs-??>#OCtg7N_h|llRbRz2O zV~(`U|9Y8t<}X{*GuQ{Q-q&nQ9z`!fH;?X}aiaSDSe_<4LEfy2$-#+*KH(P$F%Y?#SjUHLf$HKDpgE zXf-*s*QmydR zZ6Cx@n#5r!z{KDXq*_zgLhI|lx<_$xLld9*?)v&V88Pa!M8@XAWZ>$CMP62}uRoh| z=3eS*vI=C{c(%T-?m{qT+D*V2&Z<6LUIt-^3ohnNHJF`@x{D}$h1&H9DTz^-BWiBqGlr{|9; z5LKMWPDpg;bRv)XXEyn`t|>~I3Rcz$A=14tr)czZu}Q${X-p%ZD%GZ_ zWI^))oC!w<%%C|0EjlG{(Tzo%G6o4_Id2=mj)Z(8U2+&mWtRa9F)5?+fgu$u)S-Rt zE+yL>RETA)Lf&C!0l7h;dN7=2?%YYj_#{T-03#E&yf{c???4nMG6xwUL=AArXrh#) zX1v+cx6RXEg&*g$yA zhVwV30Xm|BH6@IT2Ql`L_{k9_u;60iOz^luM32uE$*O+mQ+=l+!dZ9;)||`-0|)cA z%}fYE7#)mCZ%1*doMWh|Toa-nd8k1|dJxbr3-t#wk6~%6J9%JQcb3f_N=uNlE=!yhO^XKgL*Rg7>K zyT!nwQUJxgF19?gM1E{-8ItRQIt6ncc9p3F+-F^H;eS2#@3#C`YO+NIbMA^-CmmvJ zz&!0zK<@8roQHTPnxv($x>s!WIqX8{BS4F_aUHG#5#y<-5V$O_oD3|A6ZXSQ*{*iGwGm5 z4o}df$7#_Q|`u)6uydTmH(aAIZ`se^h=! z!6jL(3clUF?dmfb(j3_%&z`O6p(L>V%_~c)d@y2TrUv6a8tG)xIjaVSPH8)QGyQD^@T||9w?f zSo`~uaKx~aDx8tN*&~ia%yBkvw6^|$ORa@>Spp1PXX(oadk#wAef&r5x94zaQC;$m ztPITjs#`TxYZ(20?k`?D^jRoc{RQCW;ytr_D5`+YZI)bGkWOhSIx)b&+? z3FW+t+6F@47|D`+nL!+11*{9IVnY6B{U0@Noz${YYTiJl)tx2*`JWsu;Fy}zX|^w4 z$jHD;FV|gz5t(-o<`shAxh5jjtqkq^lA*}Z`x@Bf2b!}qn+x)*YcNFj?3yJ>;4}9P z<;=ZE!g*Y0w^pmdU0PK#&q%@XhTQIcE^&WTeH1AreAQxq^^;U>ZpeHs*nRh1VC|wZi zgGfq!LKY)$Sz4Od+DJK!+8`MrqGu&0yB-iXB2^t55Jx4;AZyt*s*HU`az7hckDSB_ zBOgmXDFKo%87f7^wv@GMX~I}-OnJ(Z8u;4C%}q4o`D-Xbz<-XiU|^ZCP_ZXjh3q_p zKZ)+Y(b>E=p&Sm%r9)D1i$+tKFX0uNc^SkOn}l?b)BhQN_te?On7x!e?fh$>n(d;7But7qBzBtx%G$WLWJV}|XES|E1&XS_>!m9rcQt*ox zJ0&vi-!}hr0d~%;lR5AI5>DayOE~>YIJL_BIl}2enQ+bu-Tm9<-?nnnraiq&%A8BX z|4V-SH~i|e*}52`%i z_B~IgGh&^IEl(;TX-bl5BpA$YVKA*wX?WkAm);-3buTyWrI9aWyZ`DNs=uB;^U2-+ zUYx&e)ejrp)3Z*a{ggXj^I3fVyZQa*%l!TCix7+A43jM zdU?qPsc7Jv_4Ud++;E#cpsIIdk_0i_u5Nj^XrG6Ebvi<}td_NpBjO~sA~_w9>gt7e zYfJ~;l&U$@rbb5kAf0ha<$sYE>qa768NxqnFN*}}Phm_z+yu)rIR!yv0^rlW+}7u0 z$1&RG#vtG!L{2k&KX?Hd(A#l9}JQ|Ov;O=WK?gsek?Tlv<~xs527<@|5Z zpKZRdrCe0S1YEHhn&$%a91a1O6NF){sLqPihIrEJ*pM-nnSg18BAxa<6^>M{O}QSk zc|@E*)2h?7SpDObbw!ZS@ZtPrA$m4hOID)obj1v+>vKV`Djler z3p3+*23Y1lQ8~9iUQWYMB{yNW5IqZwV8-IlN1Bo}p%NI9ME>)}t^Bnn^^aLbuTD%j zxFZB(wxODhqi{yXETy6+fP_s)tB|3E^cuH#IdXuOu00)3qm8{lEXa2R5$LTE4hh8a z9$KKlh2(qz*BQTjiK}8U;&i0V*tb0LCX5GH7{yp>;A~F@vMQG~A5Bv~zKPcK>5qD( zJ)mMIj&Gzzk#tE1-|JvZlbK9vFGgauC;s-Nx57a@jnchM(V1BCZkg4_@0W~~GPAg1 z6EUzPju^R$M7z+yDkhGBCNl*49#PKnxd0?T|BY*ot}Rh=D=w5D>g zSw{0lz(aPUwiS<@g}%9+DWb%bd1$O9$_wID%-kGwotPO^Rx0Nnac~zFY*|ZmAssr> zCBaU)DA#dIRN0#`-t)*24MOQeBrWK0=STEleS@Vo*8E0d^uoiSV$k>oi6<#n6IOmQs9#?7_f-5HIKBff(h&^anz4#0>afz@K3Q{1Jf}_BIBHgar7)D zH*u28lnLXrlyI3zOl%3r2w-qA92{w;*f-HwqDfIsm}LFP@3q4{yG>CsB(ZpDEH$}| zp0?C%AZB0RB=HRrKPE#ms9#7yVnsZj>|bjWId>LM1%>SQ>?MaQ0nvJRCA{)TOO9me zHc({xCcn2Br;yUrJ{~8*Fc2c8U?g%UvaVG}5OqF^Z*U!nb&z718U-eblQ9hiead^N zfAvZAujkKratB5_nLxmSG5b==pNI87TRU4j1^v&~i@)?gU*jp$|GW!^BT~mxN)QI= z3{MwuD6Uj4qCjlSG&Ez4oM3n&mDK@^Zo`m_>F;quCUkHGF;)qB4Dt=qp9XO1h(q*( zI%vx4W)4Aqr3&g0v)GzxGhqYrWBXvaTdAy>Mbd{npq z-mWaq|DW#0Z>yqc8t*<-a82!6LF)arL4D4XNH2=(IyX5GJPi2L4VsaGR5(p0whs1RgHswrG9C3+C z(%&YHR_m;_i~jC#h?8e68DuSiD6}fAw6qn|s&-Ic0UN4hsyNXbaQ8udOiG8lWNX{o z@itwb^#dBYTbpk3{g%wZfR)Z=3%k0l&yK)6FP`$hV*ZQkUwZj`sl~s9{I|W8zyEu+ z^YZ0i>;G#!E996_WfuYWdu%*OXBba{V=h~o3i&LVMjYifPUw&Z5l=0zutIENgMhrs z0zR{{LR7*PxD6RF3@ihu_C6cXDQDze9dsc)V?!8JJc@MaRE*#O@|;u{q6RuuW)_%) zRAUBuF_c%yE4=vn-n%6yO2sV@vr-Q{{XVYMs2`p*ys^I`?@nFGsa&`_b+`U+Gu?&U z^k2Oa{{Q(D`TsDC`!xK5?EfMDzq9$OApdP|ZvMspzs9qOFaLY<3#3y~OqnL2tYvag z^1ZjU%{*!I`ZTXKBPtjUG&Ye>H@-Ogc0ScKWWz$hASxXOiN=-(|76F(I7oL1 zB;lCT683RX3b_T1n&VN!58NqaP|xS)<_pqr=ZI0(b;E$CE=vdhGJ;fRD7YoP&2pSW ze02E8*>K!}v*AE`zh`m;gjguUx;-QN`$P?9O%8yU z-ljj20Zr$8xfwxDvt-JCBz{bI$k>GJZ2k!Oft=r#CTepMEov>9{9M|YlFTt?BAA`+ zEDwxM1@m$ZL9J zZEwE(OaA*h&;MTe?@v4_lg!SoG*b1ydeXk&Q(XTk<6lzwx5WAvi`_o|z5IUjFa7^l zdHyx}e?knAy)1h21KRo@yjR}V-z;tY9CqO-e&JXJ8n-DJv_fzufIFtQ2dGViqoj~^ zww;F&{a4T5Q=i=W$6y4={g}r`U!;wN>;J{8ot>92^Xq^6)nDuXt2`^;)cQeG1BZ&r z3ONetkXMe5>ufXlr&~WiKW-k>-yApgobGA8 z>r^TS7p+#~w9|dxXtkSXr+d|{O68YU{rtSq>b4JB&GSyT^WnVFZJnPSHs0(x_^(r1 z=J4#`=SHi0aCUNj)^6-M_*?#TDwTHQwB779-#5BHH$HUV*N-m*9$n5N9;CrFM0V(o z0^es*w=0laA#DiPpzIf~*o;@&AKFmA{jT0>9Cjgv@I~u*&%w|RXuy7vgigL>yK!*Q zYIZ(!e>!WP{@nPWYpA2FCpAa&Yo65Gokpv)uI9j^qjvSvv%^NWd8q4v$#>uvn)#{z zzW(m)q>*)nUekB+m=!@D);sk#^>zaWUYA$kS3t`dBUb+hdzU%7Ey zZ+Dsp?MA(I@Xo@Qg_NhkfHRs5Mx{vS>gF-e0hour4W-Zr8%oxZg-{NTF9f}|8=Z^u zIgq5$RU4I?i+gt3JgB!jN6q88or{72<>^rnKGZ)GGsOu$G}^G{57}i9$xF`wd|CYI zz;IYZm5WE(XeTSRXlODovrbH-AQhNks>Kx|Fw&{lgNTFqwv5}7#ss5T=-hz=!HiUf z_~XPn>WqQ$$xh12f!YIVOT_z(0)HiPyX9O00s<44#y}XIB6Hype=*07M$n6L1w3FKgP` zkdsQrdo({)e>vGlizN0O>!(pnP2`@V{&Ff61+IHsf73YLb26((r(%$slbk15I)K|lh(5d`%baJ3RoCFX|NoB`yDu>N>r`3FO(P^HY zszQedzrBy_m%6aST~#la2qE6*~{kVCEtg>AwTGi67Q>mOZ+U@$=Z0RYcvgdS0jA*Ff z=b_{2k*d9*^kUvne!!x*vS7*e$MCeB2j)|>YLwEPVt4t31|Zkg&~@f{3xl1HS(Ne> zd}qFL%^xQ;O@iAsJ$=P-IgG93|7uWjeUZ~tte#Dj{Htrqj@HB#D_c{yqKvn>8frn~ zzBDXvou70M8*efoLN@LmHje5S$DKVV=LnSX4^>YQMz$Yhpv1!2bMmt{ipSD_53HrN zi)xT^+kz@Kewc5?E$l@E5JHftSU5@D*}`Io0#l+2O@O2R3(y1d$c_s#@4+)~xU1DS_|& z?)L|~hRUf{d)+)2JfYQSxA%8nLnb=Yn9H%i{`jMfMYf$S*ZhMmj{_NC5ckBta~_Uk zpY6#Tn#I@@_s=gmD88{1KMt>K*M8h6%|YZgp)G}dgflOFBO|XT_pt7)$X%c!w z;7MiR^cIC(pTwpI7>lj zCQ(-5A+@PE+?O_&Ez`0#?ZrK}>Qai=c_Qpl-4%4Jm&(_YjlMiNadqa z6@c9s1Rhc(p_EppR?VabdAfe4yf82-cvENjyNsuh_e!4v?Ce(Hvx_0o#1VcP`79wd zmJVv_ilb)g@Z=DeA$5Yy!&QhFsG486(z>&OGScoBm{w7u;Tu+S|Q+WoqC{EX{kpIQ7M{t}j=o{*Ygt>Wf}=y5v7V z@Ar2&2khQ$Zrp!_^|!h4qHO)?YI^-;7{IN#q**Z(^0GhHCVPS-$e@Q}dhzoA9;gbg zvHC2GqaiE_acm>~X{s3H+3E2I2-E~_h3L{3q=d)him?gAL{8E3Pmo#^-+1HzH%oYP z>D-8%OR83lY_alIGit0X%I7><6=%|5Y zFFR%&=dakT6SqO&+pBIF9~gv$46fM;9xwKcZwcemFx_)D@u;{$!g$yY!f-|$1SR8j z$g$ofAFDMmKmO3IR{!p3<;zFn zRPnt-_V$Rg>5$*@Y8Ml|BakvA2?z|!FcVK<%=Vn>s#$i;S)_!yreO()Pt`jU#C@hi z`UbT~g(^iQQn4|!e}{n|Jxj@Dko7W7$h9Pn(jMQ#nr$_XG=+`>KJYHXco^{bGR4>+ zl#gm@FzF8BFiv=vMi2~sOo1^~1_vRd$)59xecT*7mBE{E%HY?|-+p}gm0NfJcqC2_E{RC*jX-dwybmid-D#Q9jg6VUE| zBUY7P>aEjajq081{{6T7TVB1x0lOD)9Pt@IImF391I9ZK91hdt0D=nVzA$=UWaz4Q zFz*5(_vK=wmKtUEduyB@JgF1`f3{|`dzPMEW(^hqZb`Q**`UUuYFBk|G=xOOCu~4y$Ya9k46d(I7NshsoJEeoGPC^IS zxMu76TX$!Z*VW`_& z0YpjjP<5PQiXy?w(^#4saT7IBzIiwYHv}5SLz7$LoH-=`@f{U8!EcoQdAocO`zB}-V8hBMNq9Mcxxj2OgaKr4s0rx&$1?ZZmI zyP|$q#$RCm-ev^=x~>W)T_!#ht8EEc^zG?|S}D~+ku_`DgRwY|k0*NQVC#0OcL?S_ z6G7%&{8U#F&nbES?NR63j`!`(>3`u$W7_#}QTffyOVAw(#R&-@^D}4vO*YB*J@YHE?wsx< z;N5DVnL<{AMa22ExwVVy-QU6Mb@Fkuto-VDUhtJdxv$-G%g9HZXzJuR=pv5ltkBqfcA1h0-# zvbwEfRYRC%&;-0kkc*=eWoYp1xf<%hlM>Hzfe zdT}C67LNcqz{h8AyKfrr>hGIpEwCdxX>{tvW=a4#)zyLoj8fW~^+jF|Rb@SSY_Zr4 zjzPQ8dfz|3so9Iftg^R$tPCwg#|K!Wl} zbxTPhMF3#rI}d<+A@@S~Y6ZeXyzEX6hoHT&jvuGwxkor`Nv6KTYUwGsfv@9OPV1+<} z=rV|cl#wuwCmy-r4B2}c6QA{`L)bDq@lg<#o-3+%TY8ygpHi9(8JK48m8^&4#5 zrbR)NPvE#EVEyq&?n}FQeEgvZAvZ?GI4M52qLRL4Ga~j};>QeT2DIIlvIC^WY*OwQ z&I&exF++@*ES2(Pm^@=Dr7#e{slXSav-~g^jbop@da=12P+99Z9;(v{&xzQdB5`Oa zG8TvI@8@Vx0Y$-jXl(a#z6wj=wDAit1)QpkYRW`S$6^9yyCQL_|8L<2xMa_;0lnT8 zImvz<3X)VCut~CeHU+y5_(scS%lFhdOUND!Mbl-a)Dl`yL@yz0NO6MTP^4B**&bRb zME1XXHIEr9joqI=I9xRIwffXZk~kyfa$GH_pmuQzpdkNk<2FdiQ-MLJ1fVSe_l73X zqd@*rZ=Dv=gJZ>Gz?`0S8bvUDDg=Ev&uCz2kcLcY;>BXl4$v+Wr>C8rk6YvF9hAF= zpDHE`l+M7SoyD?%*B^L@YLYxuvJ{zV|4H~PY`v^O!R8Fj*%LeO*u@nx&gVjbqaI6J z%qKYsDTpT1bkEkmxQu*)iQW+t4<+tD$(gU*3qWrZ#-hi8+MWXnHS&*xwNnO5?rUA@ z`^Q1VAQcs{l}=*NT-W^+IoZT%8MS=w5S>2W1mIdQx3MTbh{JfA$dA^_$W5Vualf+U zLz*Y&XRS{Cv_qDyQoU2i`LOv|~_IXgVVEI1VB1XDiI za4-#p>=&|Vn2v})i|9BIoN$I|qG(DusBA=W7Wv}Xa7AbsT(OeLd2kgy>M83~IblhW zZm+rxKMmGAcfD6-9Ye1PzJ73peM3epoNzMbI;FZ+a^J9LzRZyl&d4Z0m!uTygZ%8_ zIdw(KoWC&i_~7iCCE#rcHYS|hjDo?448kc~B%t|8#AB6XFNVuu79B`_llC!3YS%$ zr~UT)POfw(Kcx-|0LlrcArUDXdajE7vj;He)^Qz$~kOUPF429cYN zn9J#yxoI%Akc1=XKG|PQ86z&uW^7H~EJ9Ma;F3@>46Yei4@#GFj%sTazJl;H0f$H~ z#y>^1cx8pWQMWCbGFPsp%+T6r1Hq+&luL@2Mw`-Pg@Khp6bo>Kw80I4OyQilO9K8g zo3%9-PWA4J&F&rY-FK=w*sSbH&JSl}>qGSp+PtsWkZi^76`R>Ig6{XvY{vI=D4##j z%JPpZHv1!uub5O;=F~+J#d4j5ysjuwp@QCLK)GnsxPC=o;>1s$ecXjx*4^KpiNB$O z_jrOs;imCBH%=i)%Gt%S}le`d3s zbB{UhxzW|qUp7ovY*rj3BO?1Cox&CeN<-upDN0F>4F+`+l7J~Z<PuqJt|7sf+GSF`v9wH!;=mTf4O zQm=sN=c(`>siyG z+f8c$=Wtii0S0;zp}wWtZggzS?>^K|j&aFK-54s?ihWSJn^uODk#ZJlJqG2M`_N~2i{#;C5$iE18|WMm9tSRAaZkVENe$D->X zi6h9pu9iN>lPqpf>4^Mv)Fm{G)lV%R2{`Z7$siNJAep!d)02r#l&e#(Q(0LNb)^KQ zP}!BQ_vSp}+fPTNQHJpY^{{F#5*R5yyFdz~n5T9P>E}^e1N(%HRAhG>(REI>^wUuz zy56gKWSv;xU z9bKFroYqeoA2)xySG(qzMm~iTC+I7=K}2G+mn_aQ4GH6+e7)_cBc^O4%MBSsq#ML% zD&H;l_^4#p4dO0m>4*P>3u|(-!#2LatN!Q5QCIDC0joSN{PBE z8S3%b+tyj9-f0}1ogP(GJ95odHEH3oBj7xUhVd2rlGs*rBZ?LC^9gUGI1Mf#s|Ngx zLth+YsuqnRgP|#7w`h;RZd1YJ;)sax*Pl^^N!)KgxZjT5Z!z8mB-XFqWrKfTxv$tg zTqA};uX<;UiI80gzQMDRx!eSg)5)@%{LQRQ$LxX^i~v#c5g+ngN`^@npPGkz)z!c! z?sToZz$qOwRU}$7w#}*qMJ%Xl)}j(kt2s!8V)KHY%oxw^n9c1$mxyA=&{qhqe~`q{ zPjUY!PL34;KaS-q0`5a%`AcIRD1&OnNui|RDyu=MvUV`2;&1G$)qES>XkTRO4D-Iws%Av!#4nP-?*XU$YOGiQC zyAztEvzjiQ{pD10S_7w=gIN^X3XK}jRGB%mr%TS8zxhOAPa?@{SO#N%uYkL?%3YTu zA2WwY9GF--C>t6q?vNF*W$(va+8x1SB~^3AOLy=)*(F$tc5y#u*gMb)c(^7O>R@b3B3ZD_lh_v=u$<@S(bLx^%}Z?)n1KT0zYTH& zDseHoV!^pnxKD%Yu0-Vt!pakAg)SDJC_bWc95a`eiONpIvt{B`ZR}CpiQ?iyS(VI+ zxM7iGjPulwYL_xc&{-pY5Dg$-+b!z7&DI_V+~D*pD?~~4%$Rv0n^46UMWG`agrdkG zjxeAj7bjyeFRD@iN;Y-d)K_l0aNQV>LEpe-a!#7iF-uv3FsfU-aDl5l@FO~gQ+##X zem{!w{UMvM$mb-Eh|DENB5`h6Ss@n_AwlrM`xY!EzDrK)m5N$v<}z7+XIpwVfvvuv zxUU*t=jfA~wz}RUb!%vVQEGy{#JFY9A+2MQotn!*=Wc!5<;aS!k4F|F7+!+x_e7ja zkA!yyatjn;cwninPQ}=*p%pGoZh~lm?(x__C@-dus4`1tk?sZaJz_bhk7)$gFY|SL zxp|nP^azrKH3j%#`O%l+mAi({pHj%dpg;a4?9U zCW&ma%LT_GrOuH+JW)xr7%=+5y*?HK;xyr+^LSf=sxwgU9tL9Hv>FlnJdULJOAeu9 z3Mth)b71aE1&+DkMIXLG6L{J6Rhp@3{mB<;@98tB$iyLEVE`<0bnr-EEUHJfCc7>u z8Ql@GtGW0l!Z7eXh2aR7t~{#cNrUR8R+vwoDEn6VF99n3}l|*MVZQ4p9ayC z^YvRnqe3za@`<+IRRG4OuUxU(%yaf8~e2he2Dkh(S*~hB1)V zRG^WAwAr+^&zynnMPlF3YjM-7WM)WkuZZ#gJ#kpP$)ZGH+WwWhR*#MIzy_ujX%m@ULLp0G9Y{JfTS}4p_l$c6b0&RUL%Q>?v$3&C_}9K0~W4Od4JZcnf8>CVZ>wbmF%B z;9e4^=3(SP7F{oj%dRjgaJpQPQ?;EEfxHd^chPRN_I~)`hsx>O=IO8ab8GX3{Q0(Z zc5%M9wfTKT72Vq0+?1JMbk&oy)3;~YPaU{WzY(JeDT>Y;t&?UO(&D{(u~|899+td+ z0Y<{{WQO;3gLpDS`!e%h3G;&6_Op1Uqx>Q89R$a(-tFwV@ij{zEtPo;$LyBxQE!ch zbtA%`SyJk@k3u?xOjCK0?9KvpZ+brGzkmZMHu9l_X;>|}*Y$TNbHiMJ&!?(%RDQci%6L>YJ4|z_|jbg6%0BN%st6aT(g*-EfIWWR4hqClR3{0 zx}gksI}EN_BnjPcJOEoxo(2&L7W#t{A0!XD2|~oIKmGsMdlUFbs%mjKfPk+R{p39X z74TB&nIuEfoy@?185-!xG7~0Ahwco_kO`SeS9MaPyQ-(EIt!V`;m>=n2!hK)Wl@30 za|aPz(NP5SvFHO-1X+B@LlMD^MFIJKcdNSh)~#N$49g?>W0I;{=bn4+Ip>~x?z!i< zID%_1H4MC|Kvm&jO`?0Qdpg8J`hhVoAVB6O9K47MYeY1DAv5{8q;W3J*2vm z!89U%Y#)8^Z<{QeEYl{4Hlw&w+#P5`@hv$nS`2UzRCpQf)@@^2_prd__#lU=uB)OX zHzGd>07!)c&?&yaKXAh0`mAfKW7uAmwnDQgR0m>eS-@?9^gDDThyx$T|HNhsdFdAc za#v|D5Wg~xVVws$#TQoMc&_4QuCdS~VaDjZ2&5e0K4U#e%q=G#n$p5=!>PbAm!7yB z6sR8sZmPx@9V@OlP{^1)w->CIGvI%*9s&S+-8#XkeS_VpQ#0TM__WL0%@ovGU=?+f zC@YkT7XC>N2X!23Os?eM=&lIb3vKQ<3Q&~@aUli698hOdMcu?TAZ+n}On-@--EFee6_iC)X5{T&tBg6->Q-y4t4 zI1oipCM}*AJ{?f{K8JT|O%kv( z*FBC1INkVjB_1@xsUAC(s<4yKsX>&uoucnDB~zB5{z4x z>!8GgsA`7pX0hX8#T)UKYOSY~6 zZfD>boc>U#&B%7^Im&2cfvhvyCeR`I;bMr8sYnj}O%RZ9PXwwYoHmPS8up>0X9&@cRWNHZ6;2{DDbo0q$DQJJQUzD+YGPpJg4VpaXn$KO_ z+71yN!&l$=FXQk{ThT||3w1=bvAtMiBS&)4>5hv6Zas))&>;rQ1um{)U`{EU)pbqR zVqjRuv2C`lYOz?1Wr3{f^57ZhvIJ@cay`=fpo*SKcw)rNDDRWvn{k^oa^_YBi3F01 zI<7K{2PrtY1*E615hhg!(Ik#blQZ*z<2=YRS#oq6F`ri#co~^*@!VG$Gc;N3w4seT zuANW}*ePsOR(Ly>vWZV15xFV^LkH2(dE61RXFmdjimuRu=+dmf8}vXHJI|!t;hliF zV^HBHqRsGk(AJ*?iZ_>?V1?Pr4y6;UP+QRnyWI&^Y$owDonXZVMMRfP?1^c(h%7cr z0GLSr?o>|(xol9lWzn{Zx?Ob=fhvC0nl4`)za8C0YRB1ZCG5Dy=X6zw-0lvl$K zv&l{xd7mc?w6jO2$T$eaDXLiybh)kfG1W&4jbl7Xk`IFT!ct#*yix=D;ZDrU+BD#iof;u9Bg!Axqne|-cO8GqUMA3DIo=1>A<%xH= zz$U+?LOMXdp?=GX2$!NQ2kfEagY^wuXelD=)`P*hJehCluh62^APm}uL)>c>f;nLC zN!KL9%Oaed?;d|d#jjogTC-;b$ln8sNmpz>PMe0U7$!~coG>k_a7m#b>7hC>%xP;% z*RZY}i4w>pAeC;%$Wyu%WBmNI4|;ddb@f6KSvKr;!}}gJXSXaq14n3ynpz)G{f@b|Yfb3x-jhiDL7xL7Lp$q1> z=~3;xf%Bai4!ZXOW)Sm`#U9dA*FXmeD9E85TMP_ZGw@H8By2{tO(zBzpweiS(4L?z zGp^%0C-{WPAD|byfMQZ$&rCPCY_LI2vDEwwuD(*xy-X;m7nNr1KrtTlnivh0M3D!k zWwt@Bgl4LhJF-Wxy>S8~#~|R~T6Vmdp&EGyG&>fAOyXoz6lsm(D7-61xx6*w_@*Pi zAdRAvoJpfNXqn!k0Tjyo;gOMIye9IwqfjR+#|RI;6pKN0dZFN)9n|RMEuyuUU5ixJ zp=W?lNW6OPh`b0A!`gXkf=WAHo>&FomkJ{}p(gxr%7k~NE$l8q2JUDb2Wt2^79*la zSrLo@kirK12wnvGy33tp5$NkKkFqDOI2bTv<=lS5oJyKnm$#k-_jWQBS6Rlrdk6vg zDAA+v8y*8r1qD}TUppz@(EJsS{=t$qY^lTD0u?w`4q7wjlt7EB<0t2_{enIYBuql5 zQxIYz+6;vn_C*2)yw8GrDRe#03qzYLps(0j#@X?RVjrQWV6dMuQv(nCECNLJj@!|B zmcOAuV(OJLRozK^X4P%jqR;^52vaHXM7a6TVW z(XN7pLL&I2#)-`4K*!FExv?a6Krjpkb|Z>O<@J6fO26^fcrUACaFHiY9h`=XZxxdL z;bprD3%Z}=xU8)3B}wrp7o&q=j)8OJNI1eI|7`=^slldUknHXT{izKb`UW=$3B)kV zLuhiI&v}sz9J_mSRzIiH5s)o`x6kB~KsMvU4U~0toNd;!kl}S3HpyyGi%hc%7YY;U zkjeH=Fp~vs`4$Bg3~CRmLY^2BZ>T_;;2hJc4gNf{TaCJ@Ku92;XA)88&$35>00k8< zu1RU(ihYDqfEl5j1U`u<1=6}><;hKBnyRSILF?0Mo>rL^hl`W#ipx9A8cq}EpsJ`! zbRM@ZD~WB4k)ljnYO)acZROc{7kitmGyI~7o zR$+AYr0PuKi!pqQvcd)?v3?9U5j}x*%i6ezZ97$VeC~{OIB^D>En}TGzY@BX>^vR; zm-S!))bIfLVYMRJ71#(byoNP4sX7Cyo1J81!7D9eEYFa%gYCjrlw1umC%_114kg;L zO`$gpwkgro+X83PqfGWqREB}Hh72h?$0l8O5X%y+6(rqZsLzAV!btM#;uQ}xmmHG( zlvV~eEEAOMd<#JLWu2l0EeMa^YIYLklSG#Vdm-`DVLI@Nw0Q`pBSxaTXC_ zi6PZSLGdF|rr{_zD>FKBJ!`s}_j2}0sI7SUwkYQUg$1erB~QnQZm-R=7B@i$SC;nL zF&7fR2#G6aOl#TTw=y^5aLP!OCCKlh+rS%DT-_PrnM2j4C~mA12T~9|>>ElTeK4WB zL#6S&k==+Mwp1N*6n|Z1z@*h494^I6I@oU6V7qG_Yq?UoLf=5Z2+3m*pu zEFUqpm#dE%w%gOAM!4Z|hb(cfYA?wO=fSD4z`3eT%fG9ZLp zmSwS)_iUKD%iIx!f36j4KXPbP3gm)4fxaO=>x+%8T`d@lrRU{D>^IEPY;Z)vXdqjn zAf+~gzwk(QW=hBEV`A;G_E?9~!ukgVFf=_J`?wrl{*tM#%YT9S5mjd-<_a=HCN0}V z3IYdIHJ6I?W*II!u32uq+di3&5o-BB{1^f`Eg|UTAi-Gd9CA-hbwHt%okaBsNQ$z> zqRAA(mLS;@>fa-gb(I`N=tPvY#8`(xh|Senn}5i##>TyjhxOT1K@U=()(7=4RJvSA zvy1p2jQV7$biWdgZP-A|5-Klzq(U<&wyoIMwql@dMTSU*A9qji^_@{M+)pezPr;GV z&FK!<3AW+eK)l0eo`>gcDX>4Z7bjityBI}d(KR^9j_&~VJ|FciC5i<>P%RK^TDNm~ zYeuLAa#Z{3HOH=Lk55`NZLZapwF*Vm*4x|}s}0-dPMcx2X_njO=tUI;0nm!&Z8+m3 zd_S%_lMvL=?Q4&2B>zSXXAFm{di;=89UUmq^~ub}u~T}|nZDGZ0t|mb*Tgzvt6Dg< zIg}h8?nw_Onzo(3ZKS>JUE4;F+!k%(nyg#r{TcT0>G0FhBjq3Jj+*t{T4>XiI15C{ zw_tP>k`*tmkTj>@!8_c2%@Gi7gv-O^@zJdDrIP8|MxkwH(r|SYfYX+L7_fVpWK1;GrQR+)^hG(CsctB)zjPO7$=g$oX9ioctmR_#Xo&x#cz zM~rl$wwQ)a*wqU~%SH*mXi*A!9nz+!QicnX zndDHUkye*S`T0n7B2xplUd%(hTzwX~X-TOJ^l(_8b;kKxK+182 zxzgsHYx{BH9yup{lG64;%|p806a7+AUKkg=`lr2-Cx0VP{>EjS_GRuDaOP$jH`l;O zl<9PohA=Tbk3vZJ#B;P31}fUf4Cfh$Jgk#}+*cImG{u_~ehQVQxUsD%+O*Bwwhg|6 z<0&gm=t)!M>GY^rCmZcqBq%4S8kujnUC}2D9IwPAO^m3Tbn?jzcSvS<^~-REJDm9G zafXPPuJI~lMAWHw9+#mjJX?k}Mx+}vh&Uy*Mw>7vw&NcP@CmzgxIg#at>NFH4VPt; zv?OsZ9Z3mo%9*Nn^-K)=vG3a<6-~fSL`ubp&U+}7AuYU7l=(O8Ah=g#-^|U@p6!~t z(0q3k(?9k`jpYne+j_EJG`OnU0yOve0gri{6Ps4T0NpgZ7UU*0EY3lSs)%+QwyZRv z_p-KndBJl=ntfyh`KD2*Hi1}HKpXO1F=_5e4hoG6VV&ENAc-n!{hX=hk3*p5c9i3D zJ0vNKaAu{gCyxy!hc_ntmW+Hw*a9-kJtg5M@^d@*^Z2T>!TGI1>!hJ5Axxy|sly0g zN*l|&#vK#-mc_87`L5K!P%6_SMMr!Wjtk$CMTF#SJr!44rF%EHj~vfi*(sprTomY= z_vdoHGSS?obSTbGdz9Bhfg;(Jt;Tm!jEz^TyK&<5IzS24Xza0N0t5*=nW&BiZB7eXd#NLziEJmJdZ8d%B^S(0sxF2B zGzJ}dT5OqqO)!+`WL2B3Q|tXwG@Nm|!7s;*e$Ae8}YW3zlehU1j< z7;`wX1f3isb|M>0RySSCsj;gr-E>nK`OC3WdeRBym_S8`R0bSN5W#)!fZZw-lVcT( zo2_e;s_P+G6F#`hV`W_)Q=!Xa7Tu+Elxr(=xpvWAt`)kh%Ax*WO~gfSys>X^1C4n~Wgx->Y8H9*A;oaA*oB0CSn;c;aAT0~m5A9bH~DH0CY7cPLh&6x(?v zUeQ~w1BsRApL6$_(`w$(5Km>jQUJ7S@c^!!7N`iKNCt(kT5_m+VchIvc7uc-jCmI} z$tKFQlwf%Un$n5A-(yj~jR$10R&-s}k<4)j<B~a2XqLk98}lk^d8ExYVt^hdv%^(ucEi> zQQ4tI`kA`Z0o@Drtwh!G>eUCZCv_{MPs@UKl&*m>z(hCWsU`QXshE`cy81*=YH2E# znXFS*Vu-`M^G!g?ZH?<_9aZyrU4zPw>yg2#t!ooQnws9QHGtiMWU2DJIzm0I zA~L`*tdFvfVVe4vek~iQj$=%i(#zPQG*IrP{Egm|wC5-Hk98-9lVj;rYIxx+ zFT1<$pj`zb3mq!To={JT0qXveVH>y|DS#b9iGo~Y!$`j$C3waFN))JTsQv)v4EE}= z^y9dux+?Ko3%407Ak4f$IpO7x`1}hQa_64Y@Zn>^cY=A4o#KO0lGi|4LVg~cFwEJP zhM94S{^jRmG{glnv4CYg{40K1E9(Zj3}x6La^6FqQJGQ*HM40Db`or?axiC4 zUUgg}n?bP#FAbCS^d~dJeO-HiO}W7?m|X+-*2A#Dk85Sw;FncYtqf22nANcL>Q)*0 zm~9!Ax}3^1t!u_hWEtR+Cd<#IXow5uP65k$cvJkeR?ZA`8OoAD%bHaLQSQC}k>0ZAFm=g_h!OR)JvmW*geq1Yq2EUBwtqDhxO-Ira zU-i<)Yimv0$+%xOdit2*f9~(v_+LgEECCF#PVTQ|QO@f4xZw_*{1WMBT2yKesAw|K zg=^^mu5~Hu;MXRN^+`^(M>CPktpsu}p8HZJvJm#OCU_@*jE zbRR(i($~0w<4Z3iBMnBtA+(SiynZ{yo)vKX%C+o)CsN`n&eVx3)B5F0;Tml=x%`3* z^>@Ev>VnFK0LENvOw}}5@kdgLfigGAb#Kp+Of#ycVHBbr@K2OgXXRRd;NMlK_(f=`xw_p#j1tIFstHuvR_8$TYE#24pe@%D zX#^eg6Zilq7?f+F{25B55pW*>1)6Rc6snkvF3A|CS0%QnIu20jl^JxBrmI<+_Q$)U z>?JCPJ&+Q3onC&q9$c0iD02!>=D=29fAza8yvF;6gm4sL)nxm`PfbX1D zGBuK)2^!Hl{=U!bGc|n{k`5J{@xC89akQ+gBRR22NWbt+A_1ZtGQs$M+$&dC+^hOV zvqYgbVRJvB;~cq7UTOBgM52&XC{oUp7w{#SPt**IlReCfEuF;crS)g!`7Ry0pr--fvB$P~ta2WmOw5K+(dMq z{j;;JJ$5u7sRRKg6jK%NZ$U}d45ye^=Xj1I1m#z8LZC4Mj~J$qFb;i&m$#DXqT--} zG(>SD#rw@sxb*C#D*rnAuOC#D*YzTZvV#PTC^@u_DoZN*9Q8(Q33}Z*#+>Y` z8fZgX6oCYwQ=!~Q8^d)6Kk7_G`SF)|w&%zYWx%lZqtIa|h_avgYg+9CCYKOM0diEc z(cArs8phuj^OMakY1zqwh3{r~jmy%@jhR5sYQTMjRd8NM)&Q;s#O=BwjWp}Et?wuq zHr!yT?xX{Ukt`N*!eop+38e4tODFu&meKYW_T|RZKu15Q401&j!Q$*A-{9?Fik|`i5{;BIQh@s6^;31^g&$6^fRlE0K*o z{R8CLq@FJ*k@OJ#+b$NANO#YA@+Xe{RU#3b=MvYAmt{s}v!Z&}6UbzU)qP0mWj1D( zWZr{o9VyXFiZJ^Y1)B*)a-)HPPbZS?0I7M|Z8_W>$2rpU_oN|d*9wZXTsxCSkkng2 zdv{cng>~_`7LAr6NpsK@d*;?pBOv9eJx-g{^F`fuB8F+W8}aXfZM50^NF}`DMMV1i&zJ z7MN2Dn5+Gw&%xx_1N56dGiO1#cxo7n1@o&%POp=VdcFWZiot#)*AfT%Hl&j%SUKh`(cn@ZFG&jZspm>Ev?_xGgXSDwgwS4J!2c$!gMN)$P8atx{Jsu96- zaY<>&fs-Rhm1KD_MD239+3SQZRWCpE9_eZC<1V{5<5Hp>{l|p1*);=(=1K0aS$IbDM^E_ z#S&A9v7WqzH!uU3VrsFdn<)Fzv}*H3r=miiVKm~$hiaik1l|hHBeTQ?2{NI(T_wl0 z3Zz&qN`DmEeX75kA#ZInfG+=z0P>oLP<4WQFBvfchtjD5xS1g!P=Z(}dga#m>p1%i`loBi#g~l8!rhq^~zKzHm{s1U7Uc`A!N+;^9kK0@)9tvtEp0S z&>?BU+a6)9D#|id@j*_nN6N`Yo|-I5JQjohCwuw&X+~1(VOs|b;WCamQ!BC|!dFj7 zX4>9cwSrcY;)y|w6p2KZ1#2hZG%^amn3qgVU)XX^I7w=a(06|F6!HY6PjPL~G}2ir z7InLGvfn1l6rAdSWO}%-H`z6uN^b?04cH6SoWLz~X*;PGMJpuO;j>1ex7TLz;Tm@htR2Arb|@`EYASiYQNB}b%Lgz;?!q>G z2WZD?Z%JTvgcqgr774_MUU*at_#6P4l%8V-d-g>ENdrb zwl388ASrzrhM;2K92ifFznLfZ{+S&=G%5o4DdBsyan&?+JL9Uh3zTl%)w8ayv3LZ! zZv}>FxQ2?n{Ds;~S}F;WaR%UfBR9A)lFOBn4zW-$>$<-_hp0Z8a_gw3+&JxL>N8A% zGfwYWd5w8>l%Nt(tV5sKZDpsB_xWhq`-Bo*8?H(dtUntUKHznuw;;)lxG>?wjxPrN zFsoT&0VG5VAT;}NVA(;{9yjT8Y+wtPSq_yJG3TiS>jY1HDyH`GEDV29`#=qYFG{L)<7wF-lwLjqybx%RY=n__Xg! zE=voSp*p#6i5RK&`Cgzql>Uf1VR7;=WB+B>I)bRkIgHzxEsWs>3Sz1|Y)v3KTY_{9 zTAty8heh%*2dKdeOadKoW*wk8qQ(THh|lyS+Y{Dq+K23Z@QD#-{*W;F@MOdOvuSGD zpl36aaCCjWnM6~fiG=ppU`nSh5}bAcVLzqMq38zm9TRmlG6Ih9-zUxj+Zto5AW>4e5Q3y24)WLCnhz9Shpy`h=ujQTE(l>hvciCxgq_=_ktqG>UEPmK;O>ouGD`+tP z95&Po>7OM_j|w(Bx}7w&4YpM(_S#kfY9VGcp|#rs4#K>J3dW(3l(FH|Sl7m$u1%Qt z(RFL)8RthtAi4bz6kdFxgkEjJUI0iKQBe9*8^(J3`g_I(lLI{o#>oZILG4(YG9UVG zFA5^)^UPZl@#s9)g~$`tyuP8+Qqi)LBgY0}h2TYa&a2%W1VkDJL*o<%;!sa|pf7`s zp^9MiSv?C@9uJOhc6A-JsbP&UUUGr7>LSEh#BxtYO(?zfT^~<)G=qg8Ubu!Z^B1~Db27!TTyr?==PmE1LFXu zKv}=5OF1t*VnB8lzwonrB7olI!1b!5YbmqObX+x`$NL4ALO7H)ym@t&dFhrACifA) zGIR#k1#$8Nk+sZqM-xPS*5xnKEVFJFFLnw@&czF=xg!8m6 zs0WncWmzES5&LE*jcHw5o*rf_dun+glaie^!KDc*psQWDB48nI041`!*c7R`o_P{l0f zDg}0E;rJhPpI5cb2>ef94nLIGRkGk~CMa97mx=`ZqLp0S!2n~!L>b42je5cy*_b`K?N+tj$^GDf_Jw#U3Mv5B0l~E<< z#ZGe6uyd~o4B0e#%b^FyyQV}`APFsp-5TZuQh_P63%5q~*Oo>ba@$E<{*vv)VP}lg zdJCz6NtJYnz$5pXrAbRtGUt9CJv>$v=*t^8sCb%u(SWZOxo89yh{7~EGnbCAW)80X zkd3;r;&5ULmnfbcVl>Og`% zkLv1`%5NnNOR6(-C)=3b>bPU&ORjWp2Ki97H^V)kH^NmN78)cg*cM+UDU|GgANVFX zY`!(ci9d6t`z^mM-gKer4z}acy>XSTG2UX*-Ekn<8tsKP*a_5`DbUudBoxpzU$hO= z1<{Uj6X`jFs`b{oEnkYhSEIfg!7z?YVksMed*HP0So!G+hgLE!(C{56ajI)^Sufy( zr{aAiE3c6oR|-(LKj=B4e=I?;mfa~rW)6};(n`j5xPjz`CSf^BT+|7<RN!(T za|8v7^`k6~6-)%V->8|Fa$iVVLSodL1>p>QAq3)u21Vhu)XQdTI5)CAQaXI<1jg~b90{JB50EM7d32l*qGV8`lwk+QW{lSuH z6s4u{@%k3`SGP6gCQ>oK$%%KyR>k8@Edh{T=n`2xoJrNzwU}vXdd$E+c%z8N76=v! zQq42WNf5*c4{j7+ZX7`{kt_uQpF&6`q8UPWIhx#-fnvr$AZTF`B$?-mOv-Iu{8^Mk z;yGp88z76^|^2W9rs&<$;WeIhyi zU@Ib4Ltgj+astYZFZvC~O~_U<*(%0*Y1AU)d#HBd8jTR)5JT=e1t_$0g=9A&8kk^I zEr$zj7-DS+8lA*3&>)7PbgHW-lj$4W;KxORR4*7xr-pjc!&^abUq6jzKs5vnoI{K0 zHlXo?p%N&~J1!yT-#N8%AnGS?t&?=<%NU&@LPPRvz*b~T61lOsppJ3&XNCDy+A*b7y;iPdo{{XsSZ1KoHO!KDS%q$zA%gynxi(R)yq^Y=8x+0}`T|PN-$MHw<&`Ch zhC*s>k_s?ZX-F&4Y~hn?8`8r}CVay|*-&-U6}7FP2{@8+ZR?)vf(n-v{NKO~!yhRB zVH3cM#^9N?W2vlef)38p`yvCnKqc?MMix}N=!Uc&*N z%?j;iJVf4lt}$7HVS2ep@$q=8@Ha4Gy1#j#V+x`vtk+&*Rp}5a$iR&1@QYP-SwK!) zOyqz=2;l*@jVRh+7`crkUY&wfGF`m=4fVN2Sj;gb#?$EIJQAI!;2@sV|JdpW%NZ^k z?e9fXdnJkSnE?SIIL$nX@dhRNegUHcRWiA~LSnTglviYq8^(h6Xp7UM#G3&8UrT^a z#5>|ojJJquhK<*7f1vAtxQcT?ygwkGngg5w(Ku%2X?m(JYyAcq-GMBZ>Tc62k0ZQ+dS6wK`D6J~+oVv*O z*K!?QaX`2g|pf3#n}i)r;S+JJu;!% z5C%&3k3IUVCEw2xCuB@$s_>m&bRxi?ar%2@s`S$k0aPkt(mT!J&I^l{VY;N2gm?4= zd*Qr71)(EfdhsN49|pZy)HvxjZ0UK<5#i>Ew+Y51WKox`WMuWN?qFk3>Y^ttbt6^# zDR_;j_|)Mzl3f}qVxq8LkT@ghMtk8p?lqOPXq8lH zzqlZY48&pu)A`mdkuR|rgr45k#QQ@y&}@K&WG%4>1deBw==@PMaqyx=gC4iY#KYhE z$wh?ABk}4I6Un+oN4t=AMEqhAAE%A!ewG+G2M z!I)DHhp@;^CujjK0ts2D_#Q@s#FrvwT8|v&gr5S-1Y3J{?Oj`pZ_RUD(RCi3hyC{=Cu}+9YmUmkbD2dG>PQbY zu&RzT5Ia^A6Y|cQ1rbwvDP?hB{m68yXrS6$5)I`mFxAwkf@1PwSj9P_rReQvk!k(e z3?!lC6pwHQ%5is)vt>Fg&`RQ~^0C47Ua@r4&X9iL21Qwu4u1xV|Ts z@Fq=j?WMM6Q(gzsTuT-Vj?D#4TZhbs9(08raJ>TT{E!nh#?QS3CuqKBp<3V>KcE_7 z+vtzSdyJ3JkM<@)Pwqqt!CSg)5m#wi9-5#>b2srHb;7KHz zXpEn9|Rk;!GB1$xiqL!(4p zfDHE+F%cQrz6&QB;;hRV1!AWhIJdfH7(fu_2vrulgikNH-xbwBGaQpo9XWof_v1F*sJ^{ zcP}1iJZN{zt`&>Cz|VU)(JD=t0JGki3Vgn&rbr|dRz?)|QpDv|iouhI+5tbd1(2Kh z+%{VUNTlFyL$g9-$3m%5S1eiOZMl3NnBcEEcXy4zkE`{^%WtrRAy;9n@c5l-C)f)M zHDm7Q2W}a#rHC1SPsIqd#pBOLrFp21ghC!&iV@VLf@{P-5U5_kNh6-syB3Y+CL@x> zunT-FaZOd{S0c&=HVxQAu*-i6ywPaK_fo8;4!oMk>*urLRT^Kw}Fi4 z6LBptGihWeX~^lgl{d0jfsqvSDCRWA7(`*N68IV!P|M^X@!%^!VSo3XB0dJy+#z1e z1vx@8TL=341~=8|3-S8=zv~6@ls4hY+O&qBSSL&=zUFHQD2=KI)~^6Z3kY+z;5+kO zmT6*<#8>7;g~X(!;0!@}^IetZN3}5D39<#fkHHEagtn z++`JtmZJmjo|11H(~&4AM!gT1Z4?US@pE?Y+A=!N&Td(f_`oBv;$yA^nqg){G`I0U z2{ZFa2Rvx_Pl7pX=mS2G1>@*(brl3DJ@+(ztT;h-ZBTnm_IQ&fr7k-LZ_wy7s!5lOToPYE=o zzk<>f!I3OBL(zopGS)GZD#xEp_&45EMF5*OE5xD?rXi9h-lCay0#-w4j-4O{>&!d^ zMaamiu4NC|R?f&9=0w=6gd)$@ZbUSb%mqWbQHk4TQMqjbh}4?k268rwXCM;~_T`a_ z^^hm{f;xWw7H1(zUKrgV+m2S;sX-jMWG_x2(@XU&W^TdTOD?es>?1U(3+iJJ<#Rzq z*@J0Zg#KOz*;}~frk>PFpr)&QSoOU$30`WQiT^9PRai@e&#S`DRp8T?RW23opxLA9 z5~WcwmLrQwBfv|v<1HYnsri*dm=%P003f?=(&sS8)?zW%ZWq>T7<&2q>M;#NSAEPc zf|Ka~f_b=jTcu_@WrRWtnkSx%$*;O9GfsRa4A>aejSR5^1t>l|&fXAPRy94u4;EyF zY#!=P4)>7yvc4GtPVF1s2sZU>1d&F@r(MA5};o9{j zUlW8BRya%volpqb8S~ae#>nUAfHI)Fla>ae^Szq~y9Sd3JtOU-c<+wC4z1kly$)ov zMvp?GW`v9MdM*dKb6Vf*=v+vR_X1Um6EkCLI2cBrm03f9@AQU`X4vs<@wl-0qdz>@ zWpH*PKH&x_Ef**ZH_&D|EAs`=6Dz1yz%s1#Iq-9FRx0A=@etPk945je)FoHCO<+T> zCNKjv&g|~%L5D4OTOU&ObwE>jEp+fWn^qSW1dx!11%&l12AjzsmaA5?2_~*#gVrhz z+>a&1-UCd)R9>rJ@lgA)Vl)u?Pn8QcWPOp{uL z8I(p?&}^s;-U*;uL3y1u@wo%MFw28qJ0!C1(@9J*M}j*by1N6#6e`hX_%Aqe#nu&t721l8D+Y+vvg%7( z#gzQhhH7U}p9CgEU!iE(u4=kKS%rQ;DzBkJ91w+^F;T(;b%1K?B!azEB*v#NfUJ~b zI4o+6y;ylMt!|1-lzFHo2(w(5#qMMri$}d?kG}ft(bsIz|1-8Ixo^tl%VkaiDvq4L zav~U{b!#IGo~W6+EAi|JW0gZvZnO$b!i-n{_#+`d5eb=(3Uls%zc5=i&L5;0c|F{u z4YOdqU;{{l^G`u+Y zL}uC67IrMOU%XYz91PbptXG90i__mN$aD?0MFC(Gg`l*kZ#YrWS?ql;Q&RMc$|?%% zS?4gn_IL;EqMKN{9@P{oE??qmi5ce(?772vqF$gjK{w-;C!X5tU)10%68>&w88H#; zikj9KNfbgLni`<{bgpW={r10 z7qsI%3O%M%vULX(bXUdR3d6zniWcclZ5UhMvoU!}Un)J8?Cu^L=owBXlxS~%a>LkG zCE~@C1&aF#b_0&%47(Pvbm+(i=FyWN;Ig^gV)*f9DOz%b|u< zXj}v@RCG>+`7ajWhY4%LcuT@r&1YC<3SyHgx_c7S44c9aZHN~a+*Hb!bn=4ba>W4J zT4t(Z4a~*d>Z$Qc3lkh4kJHNdE+SluoA5N0p_cn$H8(#iqFKRHS3lZ?@Ew%m({d3_VxX zM93E6=7t-QBFO8i1{YJ5+tF6h9UI^j)htP1Bu9~{OD<_ZEf>1ZN}Dh|ZP{)u{0y5d zIWJqbyLdjfY_~=p1`Av?rn*I>_Gld4?{7pKKf zmYUuoPK&0u2ym(CU8@og8yKU;rA;_Rj^{O`oj9*2mvnos&WUBdS*DrwdswQe^&!5* za~m95aB_t<;jtKM*Gtg5AnpHLCT_ zP37Aacu+*-Z>Ir2!yWd?hyw{djAMPmEJ+Bjb(kqgX3GzXsVTY zUB(UyREr_7mYj!Cj00=Y)bcgMfdzFIP}^{c7%?!|z!AAfjOy2wgfAA#moh*B0@lTz zL5L!cvcMO?rJ_N_@oF_wG>m2C7N%HCLuj-tJRD*#*2&EQD}ISsI*bGYXNOX%8iR*@ zxKKW?0IveA>tg)SE=2y9_qGU05KT}{5~^(y!X!a%A`6lrHd+=*2(hs1l!Ul7!GML`jhMws=YK&2^b5gm0^=$bz_~kPCy~YB{AL zup?QRI54zWT6qXkK`syyYSkza!7mpn5>kMbD83M(kaQ9v6=Hu27Yj$Yox=%5&#Y^! zUFdzS;vjQ@3$md5P?vg#Ds`UM$^8s^OU3srNS@P0T2$k2p?!^m+XKfJLCFcC8ahFB z35y7qh=>Q7J*uixDiCN!HlQ$286d!G6a$_6Dog_K+vRZ8@I5S8224F`x%N_v0YB^z zi4bU0t6=b-)i!W0OJGG{a!v(Y20=j&BL1nNXe`@YhIY7s1+bLOf8FW!LZFYbl9KgT z5n0YXJ@4oMFj4OHjA2`lDj+bfZOThCGOzR>@n;4;;vJkcHjvjP0TYvP)CU~+va4EN ze_d9|bOZTIX0!Q{rg!T(wUl>>pP0K*Y9y5C(IG2y0)%TbhI`Qziv5s?wK?69@No_* z(PjfAKnGX{3~*e6<9{@ivI1Wnd1Olq6D`bMmjKc;Y1tXL5;eT=bYDD}OI{pIJR;@{ z8Qq+S&Ug3pCO7vFk0ntI`Pfh@JzS=-x#6wT!?fk-D7rNz%RDF0cEP7Cb%Zl8;wY?c zN_4(w%Wyh5)|DFU?c0DPis(3*Qeh^CWOn0Xre30>k3xOHp&nS+PHX4w)j*qTlt20g4hMXZD6QY`qm4X(XtxN~+l71li zq*x1}qrF_|8~J{*qod3ObT)ctP>{;hbQN{Ryp+-;(v68Qk$`0mNI-btM|jLhZ3;_% z_QE0_n0+tokB{jP&<}XdLDdM0YLOoGk4OSyzA8smbl1veD&QIgRf8L<1zFTTR0)Xr zs3j#h5JZ)GPs z!mO>`ggK^OlSFRAR4_>@+AtyZ2yes$gLNuKL6D``RoxOvL9mbwmE`XE(ru(925t}} zjkm8IEZLheV9ABZmwS2~0l@Hm3DA9StyPm<4O&C*UgSVPVSyi=#&21fKT}>uYZMH-N zaD~*FkThf?v@%=0Np%{o4xHA7n$^2lVmKgq(h$|Kj0>bMmpr5R5-8c%G{OQ=on;^TDt>1sQ;EAPgAkp$v}(YQnD(Lht&H zlA4E|k6Y}KS!>oZ9YfRYrRtV!Es-=;Rw462Cak<@wA8TZg~1H2f((lI0a?%m7h!sM zY#_O1cw@RJ*_{c#L(WC1Z?TeEfGc~?V0XGFnMn-}ZA>RKJwedvp8n*Po^JT8YhyAk z>72AUd2>&CtJp-C5H(xFgh*t0@iP(%G&m&;lK4TgOEx9RuJ9>Ib}ev9l3kUiBdR9T0u~}Wl|&vnnV;AEN3tEw7w>3FEiEmGM6)Y0E3+$tTE)5bH{d2#J3MnPR3yi z8&T5oZcAr>hZ$M5m`|0BuquXC&=0`w3>l~Vv_Z3p7gEkb}4KDSkMZG?)%QerLNj&NwRFvX=AhsAAT#o<+0JSq%rA(n+_N3m8>(s4=! z9kUX%%`+U39&QyVWm+zzR&XQp+79H^U>CjArs^xgGGbS^^{S(5DRa;=lV=psx+R)E zrvGZm@~}{7vY0aVfMY3*1>YqfdJYhlr;Z^3@#A!WFv~)2I=rOTMPMb}qgc+diL0de z`C0dn*`6~@4Wx(BHa6Min`jaEBJCzkEtw6Cs$N<{og{ko_`f|wF50R0aYA=drOPam zBr6A7AwNHO&AIM7*QF7SEIp&m%>wC<>}X+ZeqmZf5#{Z(iel{55#bC9O(U~NxeTY+ zR~?`tlL_%AlU7Y;Ml^x})t(|JKMp=}ha8{^M{#vA1-r8Xq2el0>Ve_cE5~U5xgM7z ziZ*l+HflSIe3e>2OF^2KmnA}fWD%5dOr?R;j68T@#1-Uywd|0E?wQz)Lip|=)MHeq zKvh9@!j&UiW#L}(MY|$7+hrI! zY$cV(n)i;COvt(nNG2M=)Ifo?6x~VH<@2~vz^@cragUga(h$4wTU3(GI(XGuRXKyb zJ6VHmG~vn_d03s&;a=QN8x0K8wI~;(H6HG4USrXkS+uSw&{r>uf+e)t0Dpv5+g_ku zQbQDL?({IDo;BT7jl5Hv>PDM<5b9F)j}7YLRQW2l#M4^i)V=ZzZQsC=`EQ7m@s(-i z@OO+~YD@2s_yt--uW|fh zIUX#LQ>}jK;mxYRnM%NbVvH-!=<*CJ)d4{am(9Kkte;EFBzuw(mVyCZDkBXS+P3WB zytC|v*aFnEW(f{E$H@;ZRk0oh)>5as=M=DrGttAt{h1J@8z^x+m>TZs1bq{xg)V;# z_h(qiF5#ONxoPq0VmOCuZrl%PKJeOlj~?(GH0-u8>Zszb`Y~GuV@s=M@UfMM(H*InoGJO{>C~ z5mnQM(JM?ppJSJY8-o-h3is-XEa zu&|e4##g|&M;N`!(6Ok~q*b$pJPDpp(TB?$gC#N*T; zLdgyT4pnMi?fEg&t`|Dg0WZ6!w=dw**oNe*-crc-8u`FI>RJ5QNyvsNBMI}&u}XGU z@8#Y|7RZDGIbY#k6T=3+I+l=FG$#^F9dU|f3=eusAs@r5e$3Z5a>JuGD1HpF2P@PT zsSTo-K+%IMGk|IX$z=5Qc3gE)jIBEFkxg!i*8xhTT_p=W(Nr_oK*?STJk+?a19+f5 ztpHrIFQ^|nQzDguU&!P$fP);6+C1Eou8Rw7tK{l7!vNB3+EsucL}FP6lgduCn!r)D z?XgisKT1MjDT5ttu}Rl0`aAm=_G4?rK$n!X2x6rGh50ozWfUDZP$-| z_!&KmG`BL8PC>QVH@E=|^leBdhx<~4Ak_=D4D^HEzW$z!Qu|04`cj3i0EPLLE7id) zZI#Ezm>so`uQcut(YByAGt3FHk`cFH)WdASLxkc?hDd%53~{KI`Xh{;RZ~TtqOBKo zQv-uNr;c?ehm&L7eQ97pBiqP%y#m8QsfJx+T1ST_=wo3CjW!cl-G;>CW8qVS0l(!# zg_^OO%gF2KMhx1i@f~sIhSGv9W9;w@^#vpAVT5(?!XbICV0sQDbTlg78W((vffxoa zctQXa8pYu44gwp_Fz+_tJ={y>*bZ1?{NWeFIe5k^&-l|?rN(PG{+@Ll>o2%#9~fbpw7x6A)vHG6{*SZk`i^H zYyjnJQZ*-ZG~se!q{g_(^MaHQm~07Yy_h$$s^koJq4Uqo?;0|TOG^J`qP;H{C#lnF zs)&w-UT!kM_2}c7;JcE)K<1(R6S$4CLSiR0TZm@Tqab#k3%Y;)JZ;pd_t8${!8Z}zV z9pvuzM#|U{RDvplc1oW3C%jQupq!`x1qdOS zT*K^X5-QyDjq??1gh}WHdB?g?qx;<;Z5kbDE5?63{o;n_@Sj zmCLPGD%6S*qb+>I;EEaG_eJ1SG9BFo3_!+N05}Gwb_~w}(Pn*G&7Y#$1`6a<#0CmK z11*tSdiA-u%quKrDxr+Bf+wM&Z;8^w0PX{p3=-p07?{{X92harZth`^VBfL;ZbS$>CI$nUH@& z=Oegvt#LGSe904TBTV92WT$&pUSr;h3yrDIRCsIUHQ7O+sn7IE9v9Ri`={o^t#)E4 zE|KAv1dV8;V0*Itam?0?m;&ezwRS&bIQvtsU@*tQo@_D*N9akN6Z_07id|tPC3$br7Go0-2?@4>kveWv8 z#)h{J^~ly2VaZgY^U0whJQuN8TrLghW6qJnZv&O>SuJqXs6cq@iZj}Fr9$T%pmL@D z3BkBs@jMTZd|wAwFuRi)xnhvR4^B7R;}UU2tt?naN44TF1u2kuv`#%

!6FlKaCCA8s++-CKN5k4dHM}5-05irW>PJg%qMy&&#WhD%~@w% zTYK5wfFcc{w0<2u3TA?T)#$%!^dC~A4Qi>WOdjet^dg<2T2C#~um3S)b=y&Duk0FHR%=5?h;F;S zZlgY(z6Lhov;I`#x(JgiRUmttakzn8&RWL-)IJPAySLxb#WjFA-BGEc9_{6HnuJ(f z%d1IZbkq*4gq1QZ77^=D8=%^vBnng16=@dZR%FDW% zf%=wG6Ep19U&PALLg$E!9?I)YZCbOSn6~&pg1!%>vc4a zft)iOBo>HkmGzEMQqrj1Hbht8LUEIjSOKWVfiNXy98k7{uYyB+k|>?71vfq(%yi#G zP3xl2Yf3t?iFSC>rlSm1BMM5+DAvIdSd4-vC5{P^A973lXsWrkA+D|wF5L*<%AhiM zW5?1K4x*kLa_vzz6bj3{5E&e67;*$NhhZ4ffqF-AEv6!MFI`v=B!N+x3P(mo;|LLr z$;1N46?lyR6C1pBV6k)<|2cGA{vK@TmBlFkkosX&lHon=)Ib$tlzoGl{GhDCY^~jZ zOvher2)Y$i84VI?5#SOOAq0fObd6}3)=IRj+W_YqT`mMb@B~!}y+al>s7=8bw=aw`}^iK;b}dHiO1KP0wp9X}+t;cA1w z)e`U;Yfm0+VDix?Ac0ZghlKd+G^8+AYg8~!aybMWb{K&F;S7ALDK2G%V`75NJ)`^N zIat>vU4N)IhIx{3t?mUQYHiA)KT42bAA?K}q_$>}BP5QB2udAcIJI`RvSKms8s0@> zaL5vEUm66=8;Xk8UJNnEC@FEU-au499}yxPrmERc>}Jzo5hjtKuY5jo-SV_{NMq+f57D%Jf?FS8jCm|3) zF*aq&U|rok~4LMRZKZlof$BV|Q_R7klB zM57fkt{R28uy*qsIOHApM?ixC`q_{|TPckc>-KukuOMi$3IQhthIspXdyay{JTVNM zKG5J0Kz0t~IXJ`{3iI(EK>-lKBrLHwkoO2L3IpnEq%f952xw?H z0ev68)y%NLp~Jkt-%JQPrCu`>2>@KS*8KX;CK|9$g_(L71FIoTVPypo2=b>H*C49S z)$h`2(Ekb5+9$)j(z+yrhDCaZ2L%R?@(zyl@(me0#NRv8%X{eHQ2$Yp0p6p6eLX|8 zWYX^Dp)4~ts}5AKPGu4e8rY!yUr;giw`fD(+0@>E5mI+=_J0AVzqmA}EyKUOqKBY* zYwP;U+3zf98(z{jyr})wvi2JbTL`MZ(Efjd+yDA}vVVVn@9#f3|Bt@Lg*TDF6yI&* z56*vecCB~*vx}4Czvut`BfmHn1hIS4Bgqy(Y$jMljVYHIUksP>=|8R59I7}Ot3;@> z^og$YJ0(u7d`T1`*a9dHs1tVm9p1Wc22coaG!}qDzehvR zBgS*;Hl^K1@~4{8Rr=$G^x?UNS}-69UA#V7zt+LqlKS7&fp08u%8fKuHR&{+MqFif0-AtEHdL_w^&x z)Ad?+zDTgHx~`Cc0ZJA9PH?or(fz}r($)UPaMeNjd$7PaI&fO={r4H*d*k}YV_Tb; z0RRDTW(z`)^$XTw1p9A&2HfCi@9h4K0$P>`FklHt&j`BGBBknoNDI%P(Ek!4?7vk& zO9*)#IjKO%6HcLpPZ5`rx=AOS}cO<#kFF!w#81SCY5GrZ}{t=_#^EW>jVV1+&p1`$JQ6sGf* zz7^!4J~9Cg`iM(Ng2`lgZjFQD48nTkNXYaM9C zhIn>%0HskFBxUv=>y8GHV7Nis5Ux@%qe-htC@3&w)UaUhkjTMa0lp(5g9e9$garnB zdGxfMq!J<`QU*XW$6|50`V6OUQS+NaLg>OJ3?p(eh+6hibGQdPjwgmm*nk?k!&r3Z zgT=Fh$u|k`Eu6H+DbN^wk39dM2=iTfP()x@Ru^&BMFwzH zUE$Z}RnxuJc8x0cgQCUc5OTS=9O80GG8W>Z)DuGKdD6pX1foW8n;)YPmk!Q-vuW^E zOC&C$PZHc(z?V6oLYSN7X^%uQX36 z5fNZL(4KZPK|EWxi}wdd-cD<6ppu5CWvx=CirYa@e7u2TVmGXr7)CIZ_?`^;Aubn? zqNk1)|Bs}c<}vWS7NZ%SdGcLm(;a^+hhrfUo`gU!BtbNg995{aSG(6cM8!8qoBXZ4 zn}(-b$c2F%bdXO9xC}_P0J5nyQ>#Tk$U&MPX- z;;6|72Mc{$R3S!UAg!PorW^85WtIVw@k(R%IV7c=D zpYL_Kqko`bwM;>Ejw``%4UCI_j57$ei2sA!@y8Su`~cB={UZ$F;ONG)=h^cd{vQqU zkDD-cmVylsNe#lZ6fSwEK3) z5P%s^rIg~Z7|}P#L*z;_R@bb$PFL8F?fN%~y2l8k)bh(zc&rhvWwMJV> z0SJVo4D4ZNNsd%jqAPTbL>T!FdiflF(%Arl9-?L|X-x7wz1X*(HIl&Qx(}6Y>$eDd zbWDkha1f|W1dU&aY8}c8*@qkmM6bsH+3yWxBeoxtW;~N-(|?8{P*`rJt|m70THb}t$&WQ&{?%N7SF=wVya!B zK`)u{1fZrGZu2HYWVg2}-6&!?B_axy_7Vp{$bygpF~r%jm1DV5`=}f{3z%eDn-sT` zVhx$3E%cw=_N!K>iQ0QOz>pT365f^ss9R~jr@{ax+iU6+ z+RW$Mm)#K&xZ6yfCo(<#ze{(J!~<<#yav8tS(h$2EA#$U{%_uT9iEuSt4kbfPYt^XXl|ld@_6TF)G>(a=gr zE7xgCFmIc$c6sA}Q&z)#PwEIf$rqF_uaRInon_29eO=km9eodRhXrJ-F^UAzjlTg}*lBk=$Yq54Plf3WQL%+MLstZR z*&w9tEbvr9d0?+}+yc7x*n~RmM&IMixZXb%;QWgbr~bqP(l<=p!@tjsQ=xW~f^2ra zwmMJd%wlaiL2-N^Sn#o(PE!0wVh)lf&+WhP9#Cji?d;^j#I>yMV@_DzNt&n@w`#9p zyN4UKUW?`0$#(P_Q3;UZEJ0Ok$^5ib1_c|GMs-2Gf_qVG%G*9i0dup<*B0O>m}b}or9hh;1j7`WoeG>TD1vlkQnY(;xQj+y{@2NQgbQMzr2lw zhk>%HkH>?@7!kxWRck)_sVwr1&yjJt>H7*W>u z$|!7PMa4 z#=^Vr`phwmU=&wzNJv;jekLh#_0$xYd|NYQ*^)2BZw+Ju#7mD48%t>A^kW8_3NvdiMqP2W8kjQ`Zv%z7RipZt;lNrkCSgu>GSo_GO14mi zTNa{?_D|F!y#3x|Bh*xBLNip|+$=7Yq?T=N7M%6c30ULrxg@NMsC@OstmC%O-&H>* z@8>cUn$Fl+Oqs=5Jr|Q^Nxd4hDQmX$aMru1OHigah$Zor<>d7+QLsxFf@+Qy%S@-P zV^5@oR^!CF0!GV@Li;K^-ys}-Vj)xy5sW(*-#}WS^P2a1hJbx|9ft^L=$4KV6-NjQ zk+Nj=U9X`P+!Io#dJ>lG+c#wm`YkaAwMAD;GE>JwE2?10!Lg`Bnf51GepH1O7mg?0 zMmfOCw^eg!i!q)(Wj$j5zOY}&vNOTqjK9)?I}bZV+n%bS_+SfNo8?}}u@i-PTYKw~ zuf##Y|7h1mz*qOm(XkUTf~I1K5x1s`QdFzMXOU~h8}w!8hi^cPVJd`mkyc@ z2LIfXFUz_T9^WIeu|DVC1(`1>`*$)|#gn;fqSn;5!LMcb{w=YdUk6%mge5sAw}`3c zH_IzvMNB1&B;_(A?U(xlou2N7uU9{do z#g=H&sbecuNml;L?^tlD5I0(tYD;_kIgO&^S>!h`V5_LMnW~pnQsuMm{;T<~W;54U zvQX=`Q=mqz9F3uxN+qg&ahQa2D{r_GS!FHcF}51sstKfXTOG2J7qIANLI1BzK2-4gr+e-ouz-^)p6ni+yKjTqgF>MRh7E_{L zrTv-y_@k1;Ce3FiU(5q?$m1|>sBMDEr!WIYaP_6FdqvqrTu^00*SSW5{S(i;&End5 z!EhN1ZY#U+f(r|)U_I;Y|LnHAFP1W@j;RtgaS#~G?VT#K_qb#oqjm`z^$28YGcJIL z`mp)w1M-Y;NoguGry~oFF%WqmmTUMB$xNKJY^e_K& z|LD`f0DbNs9q#wf4nH3E{^i3}ps8{VGhTz5w2!1twZf%1brO#owb0=h$ysVgp@*op z?H5x5!Jd%I{HH=oMpL5msHJkh%DPLCT{%TqE7TVJ0X8G~Z&-nqW`UTeOGTl#xmo^M zWtG}gVUZF5d-3qMkW~&i*FRZ=9LOvJj(H;{rf6u24*|}hRcDBF3OEi{Npz;85$M=n zIzJP_DDvrV5kXff^nMa#|7gE|qN;pgkaTa%WRr{XF6ksND)$n=1BsVzOcy7E6Dvpx zI(^sQvu-5JYr)tu1OSV*WU>Pu=xe`pjF)hP9sMCUdr6%wWR(LfmOxB%L!&-op-V!Q zKYsvGC9YU_Q85`+33`>M5oG3#L;ve{Pvj)Akp52niF!u~uWwURu}22XHJw#>I%Uh$ z-y}P$ZjuE~PL*4w##FxSinM%oG(attn^XR@!~SpN)UaQa5VftkNKtiO z(-ucK%Fwvg#1<;82DDl*OyJ}&Oq~ul*8;*ET@lYyDRUw3l%4SoJd!yi?1Vl*c}FKx zVH;VtmoN;&Vj3r~BBAnlt`=Tmm5pgUG{LBwMJe&*=;IPsF-m-cl4eec6swS~<6XE+ z#UhLI?Z5Ck&Su$>Ug&IpwMGj{r|JRQ*#nm!w3TS^_Qt)}UuKf~>1nPHQ-xM=IdD&p zYJz%tRCoal03?|TZ#tBMmWmeHeTOi3d~WdEF#bnuFVddlSy=>-1^GXAIxn;NKVI&3 zJCE@{?&7gRA3g{poJ@$tVpANDQWEj8hc3H~3+lVQ#0H}=BLcfv;9dhIw}rK0DyGbu z?2M4#3gQW=uWc@{?_w2y>KggfcZo013#EtpmNmZ1B)V6na4PeCNeHKfdc1t&mL3mn z76YeMWC~qI1zU?0U@NFsw%ymZMd%u75O%T_3XA9lAkMVh)0eO6F8R+FWWHr`S6T-0 zfUH{0L!2?$47x_##}~v=9!qcSoR~#d&dGkfc!5;l%`UeT&hiFr3SCKq3RP7#;%;8# zMrMB9H^+K>*7@9U|IZkwwhHBe1^a*Z`A#PO*Yob~?&JP{Cy%8yC=&qWoVMNVXXTsw zfo0pA*}x0Uo;PoC`z|(@{z3O~Fxg%>rJBE2ZZ`2Qpqi{C0R<4#@tXHB7#Z!a-E6>&z@kKa?#7r$^CJzkc8=r3R-#qzW zd-D4q*7lIHrO)gN#U2N@daScu6@IAQplTneoLV)duse*XkHh(Xysv0B9$+!uLVs3? z(Gx!Y?Hi;4QQy%Yf5065*>q2Y{&0;(FJBPfvFtBPIQrrZtqzU;vD8M_O7CH!z<|IVuyFEaeU(|!3E|MyOwf?Gpl(w{YYHt(H?3pV?p zy`I*|vMsMD%}Rb8Hf=DZuxnhvU^yv-X=YP78O5BmYW~->{`sX-egm*j{_AGe|IVvU zXZLaa-^G(z9@({Dwz>x@;MD5knC@sTOWa<(wO2g4pJg7~uNE(76UfUNQnooB5JwJE z%meKLRnmq@_JLAa$E>t~g%#3ib2dv0+xc7$Pc*kqy{iPSsCo)b;E>S+d>MDIsStrh zIP#IDdgx8}^(*~C;BZ333B1mf=foqDqb(q{85Yj;2!0n*8$u!TNDrxK)Zc-KSNYtK z|EJ?ym+SzG?th;@?_~M^i`~ckuXplfm}OzwJ4xG$?WeNXrFMogwqG9A93;F|_m3Y+ zG&CGPVD7-;VF+2Qs+Zr=YO=MLsz05QOSSU^^*xVWA?lA<WxD-OLv>WiFtCkv3+}%NUqpJO-QfUNc#qrubHobM;$8Sgjw9cmv%9V z(`+T+=cWAGO~)FD?oPU!jOei{(pDj??u)#)n%X)cqkp3iKtp*!$Yw-LNyHI%LL86< zga;zPcfJ?j$8*E|KX28&y#A-V`!cKl?>v98^SJ-t#gpM>mK#Lo=$CdZtg_{AC-TCH zWHhRvmKh#5{AD)$kX}-cOo-bd@_3K7(Lrl^F~F!i~o%MQ-$&~*z+)* z#b3c&X`hBk@sRzSID)wH&6IJWWxfOg`SS2&Fa6@=a6fqwMt+}v;zaK*VI-OU(+?3B zr}E1&^G_KA2st^Te)Kg}4$AcXIed=-?Glf@_aTb{UfiStAFd_h&7p;6)bF8gBiY@) z_R!1S-RHXvgvK1&TUT=-!R|-jo6CX0^~9VDGBYT7xEs?=`G34kOB9wI02lH97cX+> zzn43Y_rG`Ytf2o-=KNI7d5NlU#(XMRNc~CMVIg6_5w~Ln;z_EJ)whM*MO_J$zLmeW zVM*VGL4?+|*VF+FyDpXc1NM{*oz%9j7pwG%-`A#A7cG*VXwWAX-)}9T4n-M%P7WT> zjw&B`Xv5%i6aCo&_VssnZM(MThWuZi=c-&k;911~yWLkA{=d81dHKly@8ZdD56g`? zk>XF8M^d~UN*Qlrm1HGO@%Jd<*I|Z=E#(1DpT8u(!vWQTFZyEnGdF)#A}Zl53LOGp zv&S+@OtDK6j-W`yNv0+!lM)%X_FVm#?DBuyvj+Y@qP{D|yp`|&cXnRp?*AY4KX>!g z<^S*0BtLEg>)i&JM^4FD4%OOfmqwV`BPyn(!6V3o0BCKYlodzcaaiPwhPjr2p5xrl z3qnw%#6*Cnnrqv+?=t5tJAZV1Dtp{U?%}y1|5v(3UVQ{u#Q$Ht$nyV}J3Ei|Uw86+ zs|Z`1PJ_}eH_ul^9$9`JmaojVJ_h)=h{Q&p1zNZSo?JFx9cS#fg0gWQ(0Dw}&CRUa zbj$o~nT$-?>z!Nn(pJ{eS1>i`}gJzx(o0|9>ZsZ5mo4 z$Hk$+QZ8Ht!d}$|krFiRjpF8i7bLv2%}>pnI&_n-oioO)2Zl0$JfkzhB9T;1y{-dLNjoX1 z3d~Yt!_fRyL9rqy?P{@3Gv!AW(Yl|T?*B>9`xaRB7O8@&_y6awcDgUK_Mb1hkNzKb z^3*$8*YWfy%YR^*gAR0&L7}p!S<@~b=&ZSh%{OO@0xj!`sLaPd8yRgy|HFIoJ}enC zE&{KX0g~B!^pdaam7S&e31z$sgG`TV99;4e!BHiZ(Oxg_u8W4|r(?J206MpZqTQLo?enEF)A zt@+Sz%Day1tlq6)9tpFQV7)Bw+^)Gw|AK@w>O%wXL+p?f5>jwBV7_a^QdKO)Yic&Q z5HH#QXHT)@w0;`sH(em{WHJWnHc;8tbeUzqDN^Ox(AeLP*L(T95K1d0s-g<=RfPD^ zr(#bfxFR7>tJX_15J2>*qLf^z1TJxJ)0uLH$SFCJFV1wv+*tW(Zc)@B&;~HWz8(a$ zMHwJAQOXBUZCMZ%3+lGyer9>=0Y@y~(@Ju+rnb1a8Od0c|4)j#tMa|7;_1r`^W1@^XtcQ-}P9 zHjrQgNUer8D$tr`Be8!D+T27<90}IU_u@?1m5+whMXhMqgMZ(nYve=%5}l$ZYK?b> z_I%pFL(2aX75}RM{Nh}Os>=%gmjM39AH7<9a#i@U(=MOcg-b)7ZFNzb+j2Rfs@rua zor=B;agR1@0u3=d%VC8zjb3#+-vh8?>brHCL9Llws)3lIE^5v2SM%HQCSMx-maNrM zm*y%Q>NhLTuJy6aeH`#96V23Xk8$zWF^hb+iLTMV?q#ha^c9B_t`|`2bm6kCy(Duj zuXT0SU3rxsGMnzwyJgwpX`P~1uU?^Tmt1c1>1;`m3U=UvjsgT}lT`wiXQio?)%Sbc z25OMh^1xSZ0_&!<6`(6;t1lH>EfkEhS-b1BeETz5dg>^fiHZuge{Z!oS2b;m-cgf#6-qVy!-S%v+UpkLeFC8<8ZD+BB3TkH)v)i$0eg^Qhahx`aAhJ zID3D3F!=AI^UoiTK7BYi-#^LD-aSm1pcmSMGop=a@MetK|nbhrmuozFjf+&?HmMSR0nv#C#mGOX4x zxQ(>QvQoL14$ne$#EG$m{)u`ENh}5GNq;c-<>Tr8`A>&OWy3GqTeP#o_5w5GJed>; zy0xGz0`R9)1T^y~*#1uD+MOu-R5Nf@`?!dOo9BYedy5RLSE9+iqfdjggVXc=$;tU~ z|3k^7l-vs9ApV`+*GfA3(1*T${x~?RU~9nCqSa79S0kp4K(b<_#zD zJD9s0aMb@kIzKq>zdJfOKRX&M7UkxIH&N4P&BB9Uy&bv6QPG0#>}YU)a(eL7!Rh(n z;Pmss>G|H_$wM}w(6f7O>iB{+Krr)L$!xj@-dV^h%m{Qcmc zt9MhZQ!1E>OcLsvDCn;US-%7Y^|cIkrsa<|YBI;8qir-fSX$yP11gb%*3)fkzn5 zi#f4DH7FrN!Q`CskYIO?TA#{fq~b#ZsH5GH{P4D21-{!3e zlX*^|^Wg0h56_FNi_$B$pmesupwv()-BeI)rlcOBO#K(Pk}jBShDVM=I6s?)gio30 zRy33?nr&)~sTYN$PE*;U%PZg{HPZ!rGF|5G7-b8!NHO;;RF~L5?kNy5!M0y6OOhGv z+=wPKZLLa_nPzT4m6?`qM3$MhR-ntOyR22tRf`S^wQfqxxoQQO?f&nkzQ5V7RNv)u_DwyZ*XgOEoFSnB80Q+eKR;&D+ zoUP%F@ON7q!BU&RN{FyQSOp=A*j^1wlp5q8lHVd45*Ic5`jb)DP=A8Xjt0nX8&RIr zxSA3lN>Gk8e9hd6*VI%OCktkvWEdt>Ll1qcgSc9?Vx{#IKG10n_-%#_EsIYC#s){krLgsnYpL~KMJ>*B8*Fc54W-2yW zf%Ls_o>Z5YNe+@T<3(2WZZL;hIAJ53o_qAe}*01N@AWA zgc5NYb5*X2cjaE#PL2p+IEsE?Zg$I8;1mulsgedx1z{+<>nI@Z#Of)f|M)E;JbNtV zf`!I%tMH6Ne<#Jg7Rpb$IWRwK=CUn(dkpGuf6w~jKdc)6dH2=s&hu>ir|!;U{D(Vv z?j*89X})(zp?h1=K+|bPR9D_=Iaa>w2oHMb4=BV#_o2%?cN1GeXOR9bf=k4(7D{27 z#8N>f@;9>rrk ziprH&`Qb4h#bZ2*#rwcxJc|E0@hHA~)3ooy=rQS2IE9w-Bwsl565PSw>EX%Q077rnikeW~ z!!i)YAp(|zvdZJS0LrpnY7)T%jKq@T;w2dj%Q0Fvc8l5|AA`3%25+&Rbp>y+^;%Zg zkyM_Bx$jIv=Cg?JvDu6Y)MVpvb8`^}2md_Y`}y?a@yAbt^SzHBJ{+D^Pkm&$H3->%|nnM7fx-H8?dcAh#p?rzczk+-3=Ytx1 zwSwE3lH$ENi#*{iJb@bkN@G7Yy9MmVck5#9^x&t%f7HZVNXGQ*(wO`7Q|%sjG`4!E z*}=R1;NX1!xLyyEFYF)Jh5g;(@qYcLsqf~SHe682U9&*U^RN4*I8iKcDx{&T2Cc96Hl;EJSS%qWk#i@aU{Qi-KOp)D!hN)u+>=daXyHSF#_} z-VPo^#yy6Ndkh)3=8$nEQsQSE^1Tna>x?`nZY93gg?u>S!d7VdOfLly z3~l!q+Rn!0V`#g_(02J{^cdRiF|^%^W^pAEZCvJDkg!F35zYffebG`^zYyi-8=r3R z-#qzWd-D4qR=^uoXyAl25IhNKQ~0?|E_5O;*bMq>aaA-!t|@c1azIxQT~h$&qrofy zv!xEyt3g{(w;JXjHz?hb*8}$*j`91C2zT$MrT^26cE5)>Y;|b$?!qeCcCbr^B`mGF zT3kZi+*$$?X4|S8nJ^0y5g~Od1F-2L))*I<%9=Kp_tQ+(T;!cuGLqXeWi4yJ(4@7V zL8~nFXLGnmy|-4hxv?ZFCca)E8saoH8!nCMR%t%zpb97e$GW_R%3^Hw{^D-`h5uKAqk8B_)}!^;d|kF1g>B!= zj$^I5@~IHP`)piPgaRd4W#58gUsh@5H~Pg28H0;8>I#dSTva_&+}aJaG{p_xNLf?d zASwE64e;a1#HmvWWd4fUJu>sRFrFM)w@wzX;#x9EkBzJE}E9Q zWLkA%3t)K6`%u25)|>YsuasVtyr8H?o$Ljv?rjxZR%={aKv^i9thA(bGb=2n2a-dh z0L4|A7*gM~TOA}`D1<(Js}U- zKitJ*=YP2Dnrsd#dh!yP9Ll5quP2wo;%p1KDDZcldcm+omBnDsi=;Spc+!xYpZ?uL z$IK^^qVX*J#>HSIBmf`CQfA0L0W&DGt{`nO9b|3WQX_ zEHLq2RHOHJugZ0oe95+d%v>Tjof^&irf9bH_=9ZxcBB%?sMaEpd~fNX=(uq8)&(mC zRZ&AFRt<|pBzgR_m%9zGJfxQ_-3{_vx?a;R(9{R>^!iM7mT9jPXAu8rQD+Mmd=47> zYb{Z=5dWq9)t-z6lq=m*at`EPeOEC202-+h$-?&MiUvNOiyw3$wpG=em;f9J1NL+RQ z{l7Nb=%eq=5%Zy@1PKKsL>~1?yV2esoDT#GN#hCHgC&SQ?+uVkL*8glsMv=8EASib z(eL3l{NKEoPPXO$%%A+y-%c7DVdo+W5Ll2kp0)W^(0JA!;fuzzwwMKtXa8U03Hppf z$|8;q_YZiZ9fa)P#1V})bqU^94_QlKk=O##D%a_qMmMuC8ncP!>+MHxcCs`-qL?I%ugS z&wT794yH5g;|ZC`&5+NzATzY_@pS*)hry;=@YqLW7ECdx95Ek(6)UGB>QONVv4#1_ zNb0=huvy?yDG{|Bjh|SEe(rCfz$3CJP6+xUreK^GumtW271L-WW$f7WUX!v23E5VA za)DKTYl=4;jVDjg+0p;mKW#LI!=b}`&OFliGm<+W^n-(&{o3x@RHZ%_ z*z?eAF0lsi=OK_?0tAP?2$>r>61j~AFkk2bjTjSLggD>`qrzD$7`^_trLAO>{x*?I z0*}pMwwN!Q{ChMap-%+is>$B=_C@@vP1&ZA5K+YCCLyK-efgPqvjhS;-Zr0Znhivg zMA&XL-f6rkd?5$>XhcxN&29kQ;~?NkYZv+rjA#>$S!e?-3C5y0HbxQ_w5QsqzJZpv zk%h%6=4eESj|AaDxk_KL@It|G{QmIxAL!7RDB@dS2-?yk*g|73BEE2;-;%PrmnsGSlUL52YJNKKaT zlw*LLZi2p?;1JJxGa5X5)3nWLahs^aF83IaVS88>C@@WzNwtl zq(&aeA(^pD!jYM18?|f}FrWB>qfsQ#$>+VN9AVCxL$NT6G$9T(Wgb+uXrv88u?A4w zP8AW!HRA}+G!k4os1@V&ZFY2W4vv{1auW7s4TD(K@fG!wmSXCIEem0eu88Ng(TS!~ zf*c$P5c)=BETv+X!L$p#bYnVESRFIZV^`229(jaYBo$NS$V<_eW)l{XC+HMYLc^G* zFO|Be(YQwWCx)cpTT%HNJ^Mtt3CKmW=BEa?i5m@AJ7Stk;ceG}Pfd zAaKelnNTjm`LKLG-a~P;5Ap&!l(kT(tKDR#*Z*9jp-;Wip)9U%VW%?K$uQ~BTDM79 z6?RF&kh+AUVL|21b&Yq)(cLz7Oe&ya?3j2ACD@58|Ifk>No6t`rh9~BOl*uyA>(}{ zn8X%Hw-y48vmH-iFw?;;Vei&y$2c7p(++lL)Q=HRLP2p8cTPdKgdMGS?!A->N|{u&Lx{5nJ%E+ZVg!LaM9sBkEVJWqoRT5EL_A}$J;%grR( z*s=X}%JCgzM;AwqEUz>Tb9rQSl7qHn+4uRZg?3c@yl{~mXnM5x&O;Uj6?T-4t4-M| zI7(qBV4MoJ06zuT0g2}!KG$fN*TF1-CJQ?PPwG@Gz>dK8yMRicYc%|J)_)IC|NdBk zcr5HBktvs@9pG?*3TpYFo@+Eb93L}r5)w}QoN%(Zei}QKyOrs2prcnF=9&Kkdkj}z zbYtEsM!6K?;>Z+5?Ovk;6;PM@R3!1E^rgU58DyyzQIIql-$r18 zkxN6cBATNODMdPP7jQKtAxYg>T)dVi5)&YJ2>RdQSpT7yv&(>=T(R&XPi<>iS$XVK z$cNYHFpU;fyOqMk0}&F}A`O;fr$9cekDdD$5-n+PMt$m%(Q-Jd#7?1nSRXt0FCs0ojyd@2x6!o?!&QMGSLis-T>RR zF?Qgtj&sR7sgFJe#2-xQSRfXnh`K29FMM|8Zz0K=R1B0Rjs$D2PYHC5hMm=SERCH^ zRJQ8&uF=o#08}en7F~cHNh@upZ!a8iNkx5qt~)$*%_s4NP~JuKicn~ z#C8%7^I0Qy%C8|ZJ=VCB0L&$~5%=}1MH)02b89tot%m;T^azc}g!;a+0D+}8X5maV z_l5u3+uoisF23|6as9eI!koDNm;d^Lg$U^=66Dt}|Mi7CEPx*>5Ad(Q{`%`p7)1`& zbzw&(RIhUiJv@;|-H>oD8LY1M9|Bg8jI~pM3 zJK_9RtZ-I;*0{33HJ}#lB>Ekrn_JZR*sb;bfj#TR&UuivWh&~?oafVo@(>ZV7VH#+6stOg>NC1k zYvt~5`B}>u-NsJD7aX<a8PCSv)Ea&j#Z!`Zr0d?yGEDT>E2j#n!?W9ccvlpS;Y6)Y(@*LD&;xLDh6IMRG=Ai zNgMS&k6jU0U&i&&kom(c*~N?ra*l(*n_GWhg;Wsvx5pgp>H9o396B7+wgu=D>6kn1Q?(D|VF%zVR_8_nd8WA)J2^Q)i)vu!A70>=_(Yo7E z$=TJvk8zPkY7w(f0x1c9VhOVrXyGlu@Oa)fqJ^WMG1@AD&7f!vsevENwl~numb|=(mJRS z#C(u86|U7a80Cn_UpT%tGL|1})5fhuuC%bLf8{(0>>ew83Y6cmocltmpvsiXCIaef z+&Y+(;QA|f+_Z+840PQjc?BDU?=CBvj96F zIBhtUfLgJ_4+n;KI4$@eW)!t zVWg7Mp$|B)6O=t1%&mE49YW@~emE)T@u`)iGRjr?x78(A^KS4*`1jcb>7WS*XAla*;;6)FadB` zn}yghEi6FO9Usxx%eRhY{KF)W=U7OsrkwP452 zrBK6a-iiySL-a$C_myF|z2_PY;|S#|-#Mp3s4VU=8;#}RKG$ft`{Mb|%EXhxjtQ#1 zz+Rz%cH%@359?X$%CfRZRPh}<(L&}LOt-W$IBR~c(eT?JL$p!Cm=>P#QrJo7Zz$cf zGD%qII7SMvAIj0t&XjPETl!jQr!1dD#{agj-7R2)!XZIe+bF;V4Zn0Gf^7V(W1y>z zPDk>&8SOYz;zk|`i|^pGJsw*gC>O6eimRgyCZ@*vKo z4I(VGW2vlwUcGu{h$+U;hDs*jO1@MTSwONWWhS_Oq^$)z_I*x$`%J5rj&6MNd2dxX zZs%D)cC-P@o`>nI*v9T8WS7(>5Z&IGy9`fE8$ywxs=o#Fbax7!9IWfmoEF^$mTSM{ zSI`&BqH6ex^WX<44Hn*o)~=t$4v$7vxPen>G)e-7Xm+FV6XWb*AnF9*1oc^;}Fh2Ft^O)MPa88#gHubU~!|Q!Bc|WUqUL# zN8ce!UaIG5hyK1O&XG+!r{uSYaPdGfbd83u-_v!{&Z3iO{uHVM=HFlxxAo{#=<4;= zeO4ytVzsPnV+Xvw5O(#oCx&zaI*eOLI2_hE+6am7l5pvB&P|`SU`MC(^qETrItN~5 z%m~SBR5CoEoq)+vb2?GxC>vIq1=aGsowe499XuY()4_s}sn@8l%RPJytrI(fc_du8 zw64)vT<)RcXDzm0hIVT5oevoD2;nsQ!EWrt%>@=@9C@7FGnUp#JBkn%>vuGEG~GN< z#AsO8hn;}AHTJChMtZT$hNErlGlV_(=CF(Ug(dG0Z z%W~2o*qH)*ejxZ+%Q;J92P{VqeJb`$B)K9g0?qyU2NwAy zraUR^=<^h4Egl?hZVfxtw|!acJV3k{Sl5RgPF>>Q!sV3evG2MP7Y0M=g{85xIz;Py z){324rWn`C0omjc#Flqr>Pl2{=@078=H8xla^-r)1{K(eZ4Dj*X3#BR$Eh@VslZNL z@u8q+J$IoVz9cmj7|Urepym6!EMAK=sIXH{fw8;>;~p`zM(os6V639SxHtT)WzW*I zQ%ixdqy~fE0M|e$zbl&7NIUfu81*$6_lp<}>)NnWPl2(L2IIb#)_Sp1LxHiZ2IF3L zt#x9jmI7mW4aWWMS?iK_>M1a8q`|lcuDq^2tDXYm1{#dJC!*WIPW6q=@*0eLDhoNj?a>*1Fpk&P zNWs}d!=2riALwvP0uO(63XQR|^_7oJIy*7C4ev zD@)0KSXDEw)W%g*x29uZ`raJOFC)QbSWpL&xvH2Z$_pn0LnxrLFFNse$KMC1rp%2nE`URqz%~_-(n_-lyuZ?tdD=P!GmS-(o*(c(P zg%>JO;~%@K#!5aU`kgvKG8 znQ+VgM0qBMcs!;Ka!ev}<5aJSd?cTH3=;h7o=dlC8a=sjPbfv}U z(FMnmmqw9B+j^gC)V*1KrNO{1tt$>*>ln9|G?=dcfW*PI?C2TnRBu|DJu9yJ5I3#0 z@SO~HsyD44ZqLeKr+U-+;r6TycB(h6A8yaeV5fT1`r-C0;qlsO=#w-0+0h_ABt6h{ z^lLezOY8(88Iy1T39t8PFfFl9$=qi}oaoG&vffh;D084XQY{i+o<2jI1a$&sD;(^f z-u5AWJ@;82Z#yIubPOqZs>4-UIRX59LM1C!rMmF4+r7a!S9{i?8#LJYiF#x~78|(F zN(KyJlOcicgM8K!L&ad{?_|ChL22wurC3T6r zWycJGYl&1kt+S)S_F!$upclB#D5I7VFOFEg!-7DgVe3cvegS+or%Z_faQ_K46 zhm9b-z^=*kI1pG+$FgN&Av$KhGKQNH?0WLZt{c7Adx`aUuVrYbGD1~e&F!$1ux?m;^${^K-iU*c(Zx)ac%lCKl+y+-R*hy@X zZSRuQ$}*lLaDcGl*mIUelSwA(Qtq%zIIfT8HsWsMSx+2{V(i3sn8S3B9|Mh>xImKi zvy_PL<+;t3MSVfS%j{kHH5ve8L*_Hc$lAJAbDP*vBRW%h z)M3)2#*S97E`uCh<&JQ(X6z)p+iB#L-Q1+PvSiBEa!R+r@0lsDmn&zmb2F}-Mbv$; z<+XC<40g)6a>9(SrX^=jM0f^e~&$~Cr)J$b74C+E=A_NLL!DP?F%vetl6^$M`!xPdD$%JwdmIXCPrD{1aM}|XL6`885!?WJ!8Vz0MT#&F$ z*~-VzEOr9M<*rqXpDOG;G!@}B8fIg2x6B!^mfJ%fI|5It59#ID5%?h_QH>wTmCyR` z&yV{b4p!mL1;_~^&r>FZOOuYQih>7YgnEsJhvQ==PC~+ozc{^9u6{9c)Rj$%!}S1C z(9LaxsQa3GH!;mVMi|_18BtdA*mV)j!!1}6_c&m#Ne7a`juUagW*^jF<>tzkxT9*s zs*8vAtW{LD6MGFi{lo5AwXCOq*gdP3_4E(BXVtQv{^9nlC~&bL0}*0D zCW~XyeuCnN>+%mst(1M_F*_GV3moXXxzXJ_m$P+hS+H| zjLK2PyTl=$5y=o#{4B{rhOHJS0$q^#Te!;kvK9aQb%<~{i9p#T7#dEAH$&9t0(;)D zjecUGx$oI(G={^WR!)hnp&puQ!#JFV=^h50 zhG^KfRFvKvQK9d`IKn7~%f~a~qM-%qu-$0%JqSb~*|;~~LKywC|KSMiiq)MihiRgO zCz)U^E^nrdo4a3QgN&}GvI&i8Go{WHhhnAqX^nN??Kz%#rP%!&diLy$2G5@L&_7uO zKpFQ8W5n>qYUkGt>yOPwOF}NN@3unKU`w{qvPy0?8i!zT!9~dYi8n_f zk@Q1+o#s!DlBPgF)K|8?ZUn(1Yz=K2olPl6#OEN>%vls_WjQRVShemz;Pn1R5~;i4-lrm5I>>iVJ4c&8AcOaRQBV&s!6MH8w8iApNC9hH)fb+Jnlaybf} zb9RQQpOo7|oKAeO^Y#tYd<(G5oT-*kr0d9hvd^AeTyjzy zE&H`Oxc3lj293WKf0QR{%=SJnj-J2iz+H`7Vx^N#6fKm_7* z-PB*E^~Ql!tW$|`!4SJ7VMtwKO9<3Y4>vnR&eXan>{rVYY+Mq7mqS_DYzo4xa(pDS1onu<< zv#_YG1(GkJ%=`e@cr!FhkZai{k*`FL@=60qqepml44Ok?ukPVv;EiNq$zmW3i?|ldzYa(S z0Gmm&Xhr!%=Z_g#Lb0l(hi@@viwctAro?rNCX`KqOC7PLD>`^aygkgx79#CQ8+~i? zDGrJIE|N=@H+!hL+v$9G*Zia1XdL=+lyr>vqsppu5= z>YNtMD%Vp%IdYj#&}c5(67e8YHR4uNbbrhQF?^J2R*>Sx;!5!!%D^%i;Mdd)@v2Ra zCT+OKusl#epfp9$EbX*zgvDWo;)adJ;TRC(Li9StV3|1&TI5|i)j*Px#vq8Mp$vzF zlKw10u<&mdg+xA_goX+j4STXaYsz0@>fQ28QUhK#``Xa!<6GbEc`k(M)btjYLLU5`l?iqSYE ze5wxYzC)C<<%>CcCWM!4LK7(9S3)HPO?skBL1X60Muv*aHO#~p;XGi} z7cB{cJ8HW_C2^6t5w0BO^Jr#_ui`0L%&IfvOi{D!YoI=4c(LTfx58IrBr96fU@f4= z6r}59tw=G!ummi_GY}^}r?A$kKW5=fmx`Pzu$oYcak4&_a-UK2@q%+yY9uBqM=}hp zZ`3g@VG(k0O_lQIu+68#E&0!H-Viu1{A^EtAL_-Wl=Kp7Is%NE?X#mnqj7dLhy%iC znle}MM%o4n9mTvnM!)cQduVU%N?8axOXaq&RYXco9y1BQ{E$AT8Q%%bjAFe>KtgYB z(hSHBZBT94dh%SHii^{;!`|pBZM3g=s&dg(if>b~ASg<2_3$T>>O>0TfwicHkpyu8X4Gqd9^BII%0Dln z5pjfPTGFjdh)+W5q;Sy^9&hRIt(M&ITC&}@?QL1A?SzG|<)AXJu`Fv~k%Kv#5`QaR zLPgY747*AvbV9-z<*(Jkk4WKed=W=uuzx~%zPHM~=&WQql2P#lyeUkW21R+DB> zpk7y5I_=rnfU^ts?RJdyE(?*zCKCyiIl68pTZYS|2yjWU;=xJAD8)bRy>CEgfj8F* zC@tN@_QKe4n8Lc2gRQ_BNh!(l+iAS8_gT-$d+=0qE?(Z1=v zezj>b8_1Tq6gHI#fhMcPQUmICq-f$W&r_e_q+^M_7q7Wd^=WB@14!_T&Zvh$-c&~+ zDRzw#f#i$c(rlko?bDn((G+qd%PG@wbSCR7ws5q7bwvXZk5mUj=2nAYmTh1mFpS8LjI=sZkVS z;woej;Xd(VwbQw&{zRRGTRypJX{cM56t{3oAs9C0P33dIK;;S7shVYeQha*iu@UwX zFA_L5Kyimj=)WTF5Fdw>@hx;k&tPWD>}ur|(eNlw2N#HVJ=irJlbQ zm%7dxG89(-D?(}>lm*gX3){V}YPYbDRH3-Rq{{_0DqcSH8ka>i3SM3|{#t;Rzvgk3 zd(|kKfh5 zV^?~aNC{70h!J&_9tuOsZS*s{l9JCB;?YP~?gB5_fkkMpMs$V>`P0G-=IDxeURw15 zQb|#JrmYK~U1j%R>wLT=g&KLpS6dr!7IiZSI$v`}RIlPS8J}88gnx-AOMg~i5+n#0 z^1p_GyxU%~!cN@^g~ejaBX`tY1VdrjlI~Mwfm{y9nHyQdPlcSdmYz21%Por&zEx=R zqcEN`7joE)n5q=aT3k9FQz!C78})sJ6IGP<22e(&=I+f_lqg{!yLU*cQ4j?zQojn0|xa$hoy}$;spR(Av#I2A>NV}lM5D-oZXp=1vbJ# zA`fw-MYLhTCEXAOSWL}0Vu`ffXvBjM`pAj)JWOXw!h_o*xxNVrl(Yt2J0auTy4$xj zd6EUSrat9UeTYsch=MC=eLB}UgN%7K*u=(E9J3(w z1)Gw<;=O1BCjl%Z3?2aj%bsD=NvY&HHkkrTemAj71m+if8@rPH}9vTi~hI#=cT2>0R6d$LSOFY z>G5PV;aan~PyD$Z0Va-NsPy1HO9xK;F$*1HWBwd_-nmMvtq)ppQ@xCNr&0gu9_+9) z=Hja96VVua!(%yi7-V$i|( zOPO*zMsZg*sck(grIQXy9ls?v3W*85ay3=Q`eWd;a$ds7k24zsd1n=|>heh$5$hz# zw$52e7D^whFaLaX^R;KBjbR)0;X-3Xd@`m&RiZp=JIfPwlY~Y~hDp$f5s^zh#Et-K zJJ_wbT;}pTr5n?Jg8!#;T7!ZFjrDGv6EtyID zVhheP@+?It-0N!{EKIS{Rs&c%?`@)v_2yvkEW)`Oxzex9HHnxRLWzS3re3{naW8-Ds`KHCk6r~#b`5^VoN!Y3}Xuu zXh2i(Ou2M0>Wemdhq*GX-zsZB%7v2qjT9wVwRQ8dE){5sjh%>O?<32&1vbEJkgd0d z9XAq_xo)TZvXMUH?9=e=wghE6n8<$`woDALoM184MU4I#eF`Qac1fdgD4ufU6S>!5 zNt`S;B~S(>`hqmR<<_^s+G!W=gMAdK)~qX-7B`Ye4ho5z12#rw>!sY*ovzx{H0aB_6G*FQV_c%0NT&NWIHv?YHYjkut~Sg!;g zcE}WLQaCyr={>|9*QtpXf61O?}mxw$i$L^#C0Af%LX)J86OJ^nWf%>dhtMxP@L$7CF`$ak$v zK;jWSRf%PS6vW4oCuw3M<$mX2?qHW_sa4tOgOF<0n`+M8G+_whRa)%prMa{+7Qsj@ zPYLGOV^?5|q4x^xBj&mBjBUJb|D*kn%?eL3YhC0u6sXlQExm4cJMHcZ;}h}G>IB@F zfHcF%my%RLcOGvX_dgscJ?x+4&%sH5@8D0T2cHiIhaZps^yy^3e|E56q^-7}KMl_M zXP*WL{b}##{^?ozTmR$)eLgsq?OBZYPv(4t{$#wG|FqND>9jhpTb&oE`@Hx3O>g%_ z`_=2`FJ5!L%tcD^-s^_@BaG(3vNp((drqE2-SPVVbf_ie%jHv4pzn4hGEVWQ&IXHZeDe>Ht z73foQMg4ROJvC9)o+_^UH0{p*6jt)s^k#6spKuAQ&*GE3<|tM7z#q}FFpHrw!9ZF?&rme`^8SL^Sa&H={$eE`}*~Z1&jMlyW8F| zOIu^?7v)!TL1Rl^BX}`4wv>^QuT5t5`qFpO${myW%8{;=AY`j0T%aMp70+|4lg#wP zU`gFKnkAipAhrbphVkhWQx=Jm-4fiYjFZlWjZ}&3fVrEn_+s>q;1JI)wUtDwdaTbe z0WI+aQ$G=vhBmDajb}LsL9dk%bP|#={c29vEYx|?<0fc`f{+R3Fi#mEFfajv&xc%4 z&^lcb-*^xhWB>G}VbZR#v*$!a!4{g~3xbr`&NNGl)xseeL!x$bg!3oL@eaLecO~e3 z*Ns&#!19jv`zPsxy(tev1=&rX9;6)PF?JCJvCq18KpSCB0B|Zen!r(dLo%Svtwij& z>}u^SF!zo9_*P<5yOpUc3Cy7pIFEl;b^lJK)Wt&d{`244%FD{gRqsFl9Vx|x35tR< z^4};VSe`vW;7t?_PxXn9jnO3~S8(&G$_o!_og`bF`Pl7jp{}}7@9s#dGp+8lciZStDGXrVDNObFxZ8w{QxbZ3FfKc|( z=)F?Bsqh||+8Gbp`Zf1sE1xX;H0ntgAWqlXvwT(UYobI?XB9qTO5u`rc}h13{vxWi znUoCm<(%A5tx^NQf*=iRx|wIs@{?)q!vB|?*2NU?>{$b$FWq0!PyMt0Q4b}Nf3$0I z2(~tQi}UoZs62Fa&HaP3{-LaTW(+bC?X}!w6OT5Px+U)vE_WOy7-%h4w!f4ruG?)t zZ)-Cn<46udw&W?=!)Hb(p>a9^kU%T~NzQX^Js2?u6N}+sKXLmu*1 zszZYa9cD(`9&X9kvF%~(DwehZ8d^L_c@noFe7d&3j(z@Yxj6w)t}^UiQf=O3^bd44 zBQC{)cylQWe>nMgde%Qa>!H|d8di&Oo6adxZSA#h9j9d7*cs58i5&J~yDaokOi6e} z%`yX0n3!}|uy?E5BFO^^6!?V~%wW+!3&dQWd2|}Fwoal&ifiSs?4NPl zZ|6E^K&*&Qs81b{fd-A3I`Xi8VPEDLQ!zU@7To76v(QW8u|PtRI7vLWmPRZy0eY!O zT{4=xp(MhGq}&1VfIV&@JeKTQ=xajek??0Z-67d76RUObNo^`v_2r`7k*Mgha)O zljkViuNj)Y=u%-w;+M+XFd1-lTd9IpbM|{^(Z+6dlj)LHo2d_)74F0*k(dpbwHEW} zVW<6%_CJPb6k=Z`QXF>SO=@4VZi|!wH5ViR&%qY@2zOTcic*DLf&4@p!@Q)vIyczFIag3R~wmu|*Q4m!`11t;w z*OKy`v5hjl12`I9r^P9%0-_mN>Go>qb#)ifkf8txs`P zwBJALzv~b5m%pKHF$=ck(Ig7mF_QaWw;4u$CXS`GHdG+U8CqLVN+DE-=#whpWd@?EYslcJp#DNEBeIXE|MZ%)$1x=a!D|kf1J^3R^VZ zNChBN0%ObwHWS6J5kw3EQdl&%1qoW6DVgEKN)I@eF_cM}evE0zh0QyGYg)26pt8LH zm9aAa?GxmNEJz?p;rRd9<@8FdUozq(M4tu+r}+}#mw-a%k)(ieanR_0`tI=Txc}i0 z3;<&aewu1#5=tz?{dGt$sYfORT&#;>l<2Dhr=%9U($bSvS5n%4d_Rvoc8oC`LtFoL zLZdIXUdJlrMAPEXZMjyN-%m2KgEM4tADvF8^YXJ+A+|c%Gmm zqQo>4xlrjEY-3O?(B7exN;w)u)N{GIBj-Yg0w{{aMtwV|c>9qXJkV#=_0Oj>WpCZm z-h6I3D_FGtJI`OF*Z=d*&Q9lX{olnCI~mA*KNFbxzF~WOZvRMsk=f>zmsQ=1#@K5Cxp2hXY9M%EG!7dZ1Q3V735L}x|-qOajXBX zo*S%x9r$-K8(6gdU%kl6|GO``kLUk8d1^+MzG*mVC(UMxgG#p>XArbD9VeRl|5oA3 zGK@x94`J7hV?&dQ^T_>0hW-FbZhstSO88Q0!i3aXS}iWclhlA!G_b|Y_y+60JR)+2 zCoEe3FFG0h-}CN^ZufEh-^KIK;svVBveIFUS(rpIRy@E2zQ!Rjk+xmrCg}>)mBffK zVJ=)v)~Y2|#fr;;TBdd_3}N$3i11Cz_qcuEGjPApO6y-+3aKDM9&;|L`&hL8pFhva z|GPVn`oFt*(gx@z6so!vXdr8y^kSo29Zbtkyr+LRkg-4Lp-%f{d#B;j3E`rL_!RH# zzU;kv(Ruay`OceN_j#u~cHQpF*JC_(M;O0)*>TCvD?HkLG3t!R&tHyqyU%xDzrnkB zXSciCd9^co{d%_%`o@ zSE~NuS$O_`v71}}uXY~S|6M%k^`8VojyXVTNq=pBg;z_mh5H`l<5T*qwEl~;|CRPp zz5ZY9zI>6p|KEAB`?&t^;(77}y;pHPbyOY|hRX8Uc=810{c}qaw`41CY0tW>tJ_v4 zvxqUXjzf%k5rK@s$``;2?K!Cgwx`~lk_qKPhXsnGz^mL4azHxtsN{DERrk=hKN?R= z*m%=K56$N0_c5N4q=eOE58g`VnH2sznX9jHE$t1q=V8uevjgjIaOEov3TBKtpFBY! z87C~acAh^uW)&kJWI8i6U6-o+i6~&sxbUd5gjMV3lZh$sft4JbPExW6BUV;p{IxAV$JLi(}Mp1}HhXTT8a`di0_!$=FasR_1 za>*!Cc{QjHab{gIvT#x538+iApku!ML^j`IertsJv=z78K&lUOsVNuHK!n=fGmsk{ z%uLM3EES%y_fNb5Hh|~NF!f_wXJa@m3vSAV_5|5J0=-O+vdx;ksm8KS2hdQK zrMwl9-IDG40iExt=T$)=@R_%ar(5KuK_Y z6tSC=k#3L<0SWGV))-aFVP(+mOs|xYy=vGVkzh#Hcja=Qfg6b=!v77yHsY+T%AB6} z(2%;Q6%Bjv?|XEOoJgRS+eA&&8t)8M^9msFHq(%LbJ^-R^1#s`4y0*Er*IsdD_RG` zlu%HYqYa73j&W4gN%A)JF85CsK^)H5BhLhxTt0-Rjw~^vzS?pmFshS)xw*+sMbK0( zW0f&BHThRZ5GD4GaTzzG^??xU8bynP_6aX)p?VK35Oz7)mA9co{50xKuLe>a<~t;SGrX*_Es+w>oqpE{cpyiuHVj)@+JiS- z`D92=Fi4?F7CBW4LFJKjGB|03BkUBkW`zYPqKgPfKo&ZW6hAdSANsBNQ!YvmUy@TD zj;)7w5=oWMePI{|JFVC$i$%-6@7pN#ujk`ZK> z8s|_4Eq0ZE*jAD$Kdzu66zL#Zo~N9!Y?N4YplSN!*+Ear=Sd{ozopUJK(d2D(nx}L zef&GM;yvu?6k<9Dyb2u(i7-DUy9ta#E)K)S(jg-xO;Qk=tX6=Xq1pW0dZ(8~k_kt$ zOv}kl#qg0^vUN8vS&j1c)f-g&ZMd0RPs`_q&^gQEOYkQq`)Uifj3-eGghsfh54mWC zk&iayDavPp{IAW1oe|#zA2RW0d)YCAH`NC0$5B8+_|x)wqGKolM+?etd#u`Yq9vvT zqL{bLT%-ou$WKNuaY4(BFJATc2QKWZ`B1>QsfYY7+kBFls`j+yamihFm!A z9xBqJL2PabLf@Rmqy+A|TI*4m7(f0IFX4~mw&kafAJq$_@%BLLE)Nf~v2RU2#UXLuMdL9Ed9#O_yPeL5cg;V5FpE>m2azbY?2UXl zM^3f5-F6a=D2K&Gk$Sk0LTp9^`v2Mc_NKUvXVL%lDf(!g3phxy*v2_~52r2$;!u83 zK^;$Eg^bjX_*Dww}W%cp=%Np`>=`$Hwg~CFj%nUDyPSmoZ6dLv&i@ zrVRw0830Y%Fy@1(T4_yDcNK8W#sWcpLKc%0RgJ2E4xgLHKr+joZ=O}xO;lHWvf*fH z&p8^{6WNZuWgCsp#M?93xX*_jxK`J1(E5*!ZWwRyp?*PoLk8|XD-s#|Zi&lO_=%B| zOTl9@ri~j-z%6?Q)eF>Lm|tZHv9g47%b;=PJplqx{`+xZmk7}z;Y+$w8!Frn*>8KrGX5=iz-k- zl?Ey4QM_Q8OUY)`A_96rmib1)#TtN~`iH)!UBL3mh>n=%8IZ8z*AK z;y)d&D>yttMORP%>cD#zQ!@cCo=UdMcPCCZlfhy^aMNt;Nq@TL)cN!A1TKQ5|8a<<3&DWPGo^~ zc%(2!zzPMhG7R;M@z0@2#~?qRr8sKPsP`h42cB|%NyS-}UXdu;Xr+{AY1qp=)l8qI zI3_(Ltxawo+6j)~7$d{U8+Q-do4)*?5IxilF-fypG`m&4CWxK*j}D2C*%KAAuo(Do z1S2}aOjNBFyefiDN;a!g&PokO0RidjAwLfEgce|e1_MKnU5CeCIq@*RNjY`foxLZ)N>Xq3n-8#P^}gm z_O*h0y<{#WHNXF5zxr=gUR|!bp4(K#b#=^KbMvCFDsi8S5r*+VwIu{qsa{{Tyt>we z5Tm+@^C((}nAN(HSz|&j)i|7H>(CoAX1vbyrZm0M)CX7{BwJ#YFw-*TF(zpM@^At0 z`i)G&4F5}BzGkF%ffgoKlDMX86d{@y762m>lK~AHreAC~OdG9k+pWnz`nYFo3A71; zX;EdQGFc;~pI(>caiGylr5MB8+l!2=s3TnO|mXFIB-iMA6oNh8dR>v+M|r@DS|J}F($`jka@ zyNgA>=%*H)2^My+(Dp{D=4Lls+5-%uomE`RW*$m!u3u$wsg=x@LXx95}S&!8t zao~|S3qAeje*4KVpDXraO{&+W8SzxMfID?4deV#IB`Kw&MBRqkVQrNdt%s<7S^%LI z9%L#*Ep*q#@Pq|#?GgzKcI$-{G#2MtQFp?-#WA6do*ylPJ!8;{T73BhZXTziaJo+|6H*cg3*Hn6t8S3Vsz8PKT$;sjQ7 z1y*E3wwwE|KXwnOqbtj=VT`c%$_<)d!{ zF*=cftxL2Bsp*mwElJVCk)i{0J!qL7>rc4hEi!=Q28sTt~ zBpUnD_*$LSWfpxIqXtteoBV4k(VlEg-IdCW)P>2M8mc-f727l|S?Hj`Mj(ixU@TTp z2n<;-Cs2waY%a;{R7Nta42j1|*(sY@tpW=H6(?P7AD3oph3+?s*ww*jschA#iLHcv zpq~YbhiFxgmj7IH6#+addE$Yk;rMc+rcBMt5yLwdlBpy|D&)Dfz$?6PD<}@DSVd+k zR7ys1xJ*N`u0y-4W=)j%0b_w&hIJJno~Sg3`>&MV>Q$b}tGsYT`8r%tWkZf-bb5Xn z&t2sfk)u$PECDgVqI;qp68=i69<)8WQb-Gk%$%VMfy${#IW0A2yGKr$BON{-^OJO` zS)mB;1Zdz}jNqWe1SYSgq18C!ipv)?I%Q}Amf}5sP%3-yIT5>2`|!vL9(=i=;||ta zS1AF67;+e|tFW#e_)RzW#|?72iJ)nXK|v{{osrZ(N+~o7FKI0HnasIFf)IZtDeKa? zv;_0oed~@q(}^cL*=Sjn@y(i}3m=K!O`0|pV`iU5WNhC6BImGg1>54Cz*?4P=H&|q zFtc`^($ir|`H)3H2ewg(gGg+>Z99&EcrkEZd>v@yA?5V#N&S{HQ@E#DgD9kkeWO`D zmbJLG_6C+$p(|YW5+*~mYo#g!C5M!hqj1T+zJj_iS?&Z|*u$#4(2rt=+ICLVR2SvA zcg^KDHc8Vg?1w#)p-^Z4)CQbVI>sjViqB~3padmR>u2?IV)-|8T&?qlj+?9PPU;Dj zxatBcXkb2tJrJ(S#>vTBLm|6kEmSC-^$3VPU~GPFdw9{6C&Y6WaA^uA$F#R=hGfPg z-q>b~q%^!^dZ{e{--bLxr-GRQn5!F^iA1jST)V2P9wtspl3)F8y6&&wa94hkOuyeq=L@u4| zwATny;tq^tD^f-g-|%MkQV0vrHkI!oNVrcWRS+~n@xMK3hIwR0aGXolib=EazTnPU ze_3rVwf{r|&mK!D;~T|Hdzx>xq$R0dYUz3)(@5GYBgVD(L|fCmVjM6{h9Mj zkCj83M?z3YvcS z+J){7Y{0Ya%}w}k^c^uB^@XI+9@(!VBgR;VO-?Uqib@b6P=?Y|$9%8tPE${&!AYb^ zq3vrTka4~-R0V$`9oM^KQD4l%6N$$+H?Al>WO=&E*Zd0n`DjGMS0+&phq$iv4KA%+%$G({Et>m^>tX;`|$q#!QSc0 z8k|-tTY#ML@NcWy8XUYmIe<+#c)u?o5MSZv;}7p9R0s6;O3?!xp^h1*;#ytNTYPh6 z9n6om_@SqDWz99SFe=ZKr3ACyh$rW$Xmj80zB+j8Rz8-Nlx*4_1VGyJ^FBbdT@NUe|WO{>g~bV{=v_?zrH;^dv|bpe7JX_r$~F$2zktP zDy`z-R9*HrxJcgvVW~Sw!xXpj2GOJH9eocl-SRvv<-uDY;{j?1>bgiiZ%lm(g}M4C`~QxPXW7% zrA<-928YV`6$LN3`P=k(xZ{=P~N@9ZwI#(P5(S>eB-{ zB4O0Au1^1t1&ITSv8f<%PALqhx%ly>IiksFb1ETtXRQC-_y5cka5Lk-KC8xm-QM0> z#(#g1r`0m2K!s~ERvYGQS3y0xW7s>~*xQGUv4|^!5+)cG<-VgtwvSTEl8tzXAQi8H=}_8<*`a%}BfG3IhRF%9A7!C9OhnQ2Tq4`3a@_&OMizmQ+Ry&7eC>_ zvtF%XuD&(GFQ3wLzx1D`DN8NNFP|Coe`{;2O8+;vx3-t`{~?|Q=>O?3MV~obWaTx3 ziNM8qPQ^RI+`-!8SOvXPc0Q=kSMkNLobNclqD~X(!;?!Ag#n&K4@3u>o6y-&;lm5! zSQO&EI(LYUBkE(5F02M&F9R39y`f_l+=OI9KV!azYID;CS4LJcf4s*#9=9LTD8MQz z2Gr)JyJjd@4Z`-ArI)Do2A&R%?3plvKHl^L>szIPV<{8B0GaJNhV{kMibTCIgDXsB zmkm>PB~jJKeifA9Y29wAzaxV8r>f9o<~(ak#YzA)VG9??@+S*pa9!~0vtTNQn02$E zzOSKE7vugR|5d`FYO9VBMm49M9dLh-k9JQ^K7BaeKY@ee;}6GZ6fF0n&h)2}eyLkz zvwy8kPVHdVKXA9yCyE69a@X|%T%+F88tPI$_~y_3@_*$exgh_4_TpKU|G(H?p8p=? zx!w6soNi3|4YWOLU_S~O@INlBg5)+by9Q&K3;svRA2t8WhE$dYS0?DtEM*ckF85&g zbZX`65ERfiefs*7U0B;gG#1w%iwYSTR7#0A*N`#I$BOfruhNxRq_TMHmvfb-m60Z$jO=>AnHpV`f<;d<0_>69TYb&S1e6M!#Y z&?>70M+uCjWHI}>U;ZyG_7>#-?RLAG|9A7ni)H@52YD9Y|8II1B;br+~*1H`PwVmxBPWv)Thf{xx}owwHmnl^e#G8OY-_pf9{w5 zON6SB|C#5%&F9an^#A$R=92zD#IpeXKlq%e0Btf#lQJ+xWSFcmvuTW16v1Fv(yc>M z6D_LSsm{cyD$U~_Y(K+4!_f%_z695+UouG`Rd9Q0GGs!zDw7x>955k7cU*ujdDyH0 zD27r$R(aw~RT_x=Ti>!>qjf*&QE-2B!985#3IS*L-u^mbtYt5{fSP4>G8vMp7z|Gwvb`9D|AJY@-B2LFH7e(|!(|6jg*w&ed0 z@hrgqU(=YTnAlD#_#_E0?r>|z3ylquhO67ga{ilUC2+Y6xQhM?vL?xw3+`xa{;Xa= z9$D9om8Lv6sJ_sSYQ7aWQhHTZviET9dS)5C!XUh)v6d%P(lStYl*sZzld;DR1Il9R z!;fLyXH%1vsEwATldG6^|dcmPlwce*1@@ro27CP#yGc=#DFpa)!6cC^Lf^C+El%-X<152 z5DgPlYI+BHB-4C*a$!qG^JHw9D&kg~MF5-Y7p&Y>#hXRJ>L$FPYI%hY%f1iNN*pkIvd+@stxLh20A<7V{bMVH{e=v8BzWyD!(I1qHm{+ zs$Vp^17RG{&(rEWF}+W|Y^r0iuCo*+zvJhgX?S~cy6 zUGH&cdZnrKH0)OzD^dAX`WK$#OGVZy*SVS`*JI=V?*8uDcigC2n6oYt_z93r9L^ zt%4!o>t{8(}dhEO>uLJ?#Y5#66r7c5Lq%cDUr&e%Bre! z4H^4?WE8D6*Zz)dQ|@>F=UG@c|ClNNZ9lL1e>{J&-2V^qEU^EN(C;gZWl#VeM|eOp zAX*!N*guT|NCZ(Q;Q`ImzE_HgiqC@=mz^HeTdd>hmvhpE2_0L$9jR6;HN%YkoiZ6W z##JV8GOP{A2wk#)o12{{s~35f_Ob{kM@^0A6#-zse5o7ro4~1XbAts`y_*~G82rgu zEQsQc`^67PMto5ML4uo`8yBuI3*h#1@VtQbSU}erbVsl9FbZ^tA9+D1)ha~Z0M1;u z${ff=(+e>go80N{?3JiAWm#I{7gV<;QJ9GZ;o=YU2och*8n#s1(n*B$6 zdnx}t%(DRf|0ow%>t*M4=#!Bl_E_APE`5{z-xN*0lXITcTl;={o8oBK;PY2@vD2Y6 zs;+gVxoH|ggL_?h8LGZ@ILc&Jj>+dcg0}O&BIE7mVrQDKHQg=Q z8gNxk#^h`6m%~6^YXloSV<`_9lc%=@4>fk5S(&w8362E@;G6T++gx@@3c*RZV5L>*L zEzoP$o-9ck%l+~F?vFAWmwjV#A$BnWWm&}YZTzm*L5J2-Qz&_4AG&{vPX@`ABB8b; zD?L|q0|L9P2AdVBDtL2BFGG4I?=RylOcn01KCJw}SLB^0-ek(T5F5~ps^kb;lM+kg z-GNngKW70}2$;1=*wGcIdF0?Y?P8`&a|jZf%sL~PA_JQ3NjKq-we=|ZFKdES64z@z zEp*zl>Q}+oG0Ov|@=R)n#g-93e~*8UwZi5H{(J1!4G1Qj68*L5Yo+^^?c@5_sHGM4 zJAf6>6XMnneCLTMtfP3#1Xn)V@)=|){xY*x8~#k?dzqjsid#hZGM@T(B=X#^5_3N3 zaIa|k0@S-sP@AvZO9U0EmzG#bN?|_wxrh)@A92l@A6?)ow8>N~-@C6(E+?armiMDx z!Xx9eUpe&_S6367RoJc?D%z>+INi}PW7#`dRhLB**-2bIWi0!Z)3k}b`vodk++9}m zL`93wPXMQYw>Y2IzfFbSOjLIq<) z`|ec!VWpY)3M|CRzc4Qs;dxg%Xkggv8e2KKD;u#!yf81pP8ERQ!7IihO5&0{u9F{G z-DulP!i&n7953@>Us|{6AmIxztLC}2#OaDvS%W&^kO(rWrGS2=DeVu-JZo$hj!9}#S=q?0sZzaUnHSjgY8<7x$NMJ>CH=&$=tB8S z@efAg#_`;ZR5j_AW{|C>7Uyi{eyLoO;_4QJuJI)J55|&-W14{}6R;wwY;GGBrj`4b z#Xq=T`>!jK#$i0Dm;lf8|JtnCf3=@4^Zz`^vw;2AC%L#lx-8FB!1t6z5vB_#gK1{J z1}{|kQ!>PaV}r|^2P24Zf-i_jVN<-vu3V= zW5Hw4g+j(J=UK|)K_u9N7$%Ja8HI;jvM{L6HkuX?NKzI^V{EW8Yx)klJR6Vafc1DO zBU+JzY-7l-yo_z+=-ZKzIPg?2p6JE1N;;PB!oP+-KKADx=)XUt(I_0mETzqT%<}(w zv9(>z|MueL^CkU%h^GZdB+F#B#ku1Da_E5!p5(iETVmgp|_0=S${qVC=WWs-}`S2l*#=v5%DL{gR zrVxcO^&Nlzd-n zjiRA0>0RUr@;>f7_4!reJoUTe!g=avqr`do|D6_mBx%TU4u|^(-0_o?{YiV7&45h<^F$=r==5) z>fN9dw_>O}$JvG7FokRB^&hKRve5B(WzK1qggw3y$)aZpOIo7L+AXrbI;|F*zWv|( z$BuJ;em*9n$O&j71f#eYQgwJOrAZZMJ1hI?XaBQ4?kQoc2m+%zv4tX?w)On{9DD2% zK6IXd03S@pW5|<$WYm;GxGLFkFTyzJs6^TCNaBoWMgo$Nj>+;mF&M8EyhzAdy4Gl{ zvzY%vqlm#LmPUaqfoQehFwTr1=r~r=T$SI21JQGC0x-!Wwj8d8VQ&aM5}Qyuct>_g zBbGo+uhe=d5frhZw*G6HNq`KMocfOQs+o+?+1925+h=< zKuz&ej29E}ki_UG)IK;$Dc*|mFr(aYJR97$-`@Js@#J{7#1CMp{PoP=^tv=7&wiAx zkd%z5m?D8B6#6WR*p)m{bR&va{v7pG8ac=%2_yWb48+yuR#<~ZFg=z~G$0ScexIVj zEvG#V{L`oC+4%IS<6H}%FmFgeV=)~xg&EH^>=${ZXBGaI&ovx;PUHdbFi!I9Tf_4e zpKIsZTll#}m2dO>V*tJTbM0Kic`Z!y`Hap(h<;gjP^QQ2)Gg`jq=NiuabCr5t z2Vr=mPkkY^7%^qauVMbM(hoV920;JC3yHgG`o_6dbAy{PiE?hjoquP~ziJ_!r%y32 z)>86$JkL_{c_fcbXYC|{Qwi-g)HC1-K?w616sZs&4jm^0dVZ^1i|6aWDTUt-b+tcM zTUaJ#EL$@+3^M*to_=GoKn}IOkXF993Cr2Ekh4=6KJ?IP3;DIuB0j8GKH))zDbrXj z8RnyTmJIWeJT{%JB=wt2J`A0moH_78v2o(_uR5627ShTf_y`#0zh@zxr%zSmREvtL*o4+(bfqnn>@K z<>BPu>(!aLf}J|M*+y0k^Vb+ znCnHRwv_gA8fVd1SMHVM>GLP&z)}>n?|rC()b5dlbi*jj!X>qRM9-4iK9a|#wmoaF z`c`Jh!X8o)iIQMT5+T~AAsQc;k`;5mZzb*hn=}X$7BY;{-Mqev3oN8=AdG%C?E^98uW6DSoP_d`6io&w?M%7u5Y+2Vz813yg$C zQVOidV;w_}a15P3#!r~jX5BJlhpRA(ObB%#Fl1NSOy5dp_GHiWg+h;W5xM= zbNWr5SqoVW>wGTf=hF}qCdo5#sNG`DwU4=~c3z5&F=n|wd*_I$A$nWtS!f8ND)3mK z#I5ncETq|XI`%EEMf!U3U08tJ`kAqiO(9Ru;ad6#*#v^dJWs#MV%%wTwS~0eKo&H0 zO2C)%0ufcN2X4qGQq>+}W|v}QFA(FvAi80u+}=2_SjE8=n2eJp@Ysq7Bb(Q50diIs z9y`jhD$2xCh{*SYSUFbnddmwn$ zlFmM!XGv!t$z#)5lq|WQCxes(v=Cvdx&pWsg6UL2mKVok8RF%N;v3mEQfMj2`Eb~W z^Fo%El;T_njz$g^;vx2y4O4anBvvx8kOA>M&sc&~Qh^Rcow99ZL8*i4SyO+oPMYRb zdky{pCm5u&zh>dmsQnQ=OEUXN9-GWIq@9~2&YCpZI@}&yk~G918TFjn-}C}(a)R#f zlwRKQsV`(DgHLS!VoH>4xN#g`Ts6=o5wFjd}q9S0yAC$uA=4 X5EQ(#qh0)TaVtf+j2sYh zh**zgG;jduXEI76+JOLT`5|*0EAZlsu8xa%*(46EXbN`A`i?aogz;y`$;e<S&bV$N1%w(ga6nUsLj42vK3-?Qu}rJTmuiiAf=LIpr1P082+2s0|PH%y0ACvk|z zz%|gZY(!9C1HS6VcbtHBb8A++G9N^31|-OMT^RP|r6ArRM&Sh&U&NlFpR<%e824E^ zk|BR(#7}Oog-jA5PIsZ=2|=Sio|kmbR0Z}RO)z=TSUauP!~uURPgddRrU(q90W!ABP5 zBU*MCTZhBGMlsiO*TL@QJ;ow+T@}qS2)TfhLogN-+LO^kdC1~09+V(gbq~;8PlA^aCyc5C5Lo*-7{}U7&}bUWbk&_`$4pk4QFD zN%-_a2Bnrv0NH8itWifUdaJY?a$Z|tO>AWXT7WZvK({c!w$-h{*)p>-Sc{QoXAII# zfU8-YmeTC8j>f9-3p##Bk|d0gYLwbi?@fGP*`_-3T+p$U1e-z$ijQGD2?z;4>tYD* zX>%<@?HW*9U<2C%Fp6M77Aqz*8iw3Spj9YRbYG+KepGs$&gmE5rqc9uGe({oYNW+v@=R(kH zy|yhVvaqO`!uOu%H3uhFb8`F0#GoQLNG?Q@Wd5ph0Y4<c zy4%lb+%wskZf=~?po1hTM(q2(N*YGv%Z|y3s-s08?Vg-``f$8&CHqFD$yUeNK>9#M2%utSymO)CbmS22H1OPes6 zX|3$1^46camjqQR*#Kf(;18z(yg1XA#vQ(vbv55r)`?(O4zv@`UVBS*jh^U9ZgMj_V?>uT+Yz z)U9Jp1|1Rvu+rSY6TQXHL=!?(9a0Q{PU66a(;`P(FHcjc!H;sGpH*ynyyt zK-Zk6iD=(yBHH#uwC`sk+FxNJ+RYQ8quak{GCX;2Na6wIj`MzF_aBsEWBDwf<+FUg T%jbUr00960v(dMQ0Ky9ZZ#kF2 diff --git a/assets/artifactory-jcr/artifactory-jcr-3.4.000.tgz b/assets/artifactory-jcr/artifactory-jcr-3.4.000.tgz deleted file mode 100755 index 7335cf942c66ba9855d0e60a69a70ba9237726f2..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 154564 zcmV)IK)k;niwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKAUcpOKSuol7s!n{Xc? z|5vZ7x~qG7bQ%ZtbAS0_O?TD1>eZ`PRj*!Q&o?Vr_Z_d1yF~Z$12ydVS_9Xuwqy1b z3WY*nPY?WCC=`U4W9;ncmZU z9aEopdFtb`Me@ncVL4SNe~Iqp*dLl}S2MGuG4FT=EoE{l)0rFsu$deRNz3GrBrcOf z2AOkQD$C`X8OYSJDc%8eQpcuMLN#L5pA#~kL5K?+x-A-wsvzuhF=o9ZlCvicE?yx~PA2Bv)~~I`(~Hpo(b`Et6?SJIFlt2%4`E z8|gJ{S53Prf!2seG<1;@AX;+*%RsZXGmqwL*hdW~K&+nOn0EE_Ogrk=bwVlfYed$b zH~ktqbO>qZbLE^R4UGonS<*m@iy28ASSvdEa2;v_F?y5JEIL`4FvDAb*IiS10@y5vYdIQ z=^hb7Dl$mLv`sEs$3rgW+Fa+%vD!@HmT40S(|5p4@Ei+(>TUpyQYUrBegqj?mZM|V zj^zfF+#8gMXA_@Lq+0=#e1@|ohj(;nkt0DMG(vq^k}r@zP(s<_E;Adw*4?0lvb}{u zJ$z}Ibu+zcPfFEdR&q8SlhGbLhaCG4~7Ine*Tz_wW(MPoGyRWT%# z_*}SH*B#GbH3YOsY^)3}J98uiFg!XjJ~`b#HeEuac$OdeQa68 z<1%(F>@yo%Ld@M{PG79huw8LVXv3kb>p4cC`@=@IgtEJdRi8-?=*({NNu6-H(c)sZ z6J;v|`+-MjwuJVhL*Z`@X+of9wGGijv$LVHWkXXOQlv?W8TiGE7dLQIG*&h3g=MW0 zlsf+Qhz(H-T;9ZH-;EOTy?}R1-=b4Q_lQ3R{&SW$8ztVHsfSj^Z@8p{MjUMHz!tW3 z;t88PY*#%(>9U-Qa>t){lOs-WU%?g)*_Y$XghTzRN2bmjiP&l8#O0;vrPlFhroEj_ z7L_4d@nx7Ph&Vt7afxjZTUUk^4#6XpR8q>OZ{xZti78u7SrQ{ZMZD)Hhx!LchqStp zL5fJylq@3*q)C}a!K{oJ)(oIKaH}3R2xaEX^&Fq*K5{HWIgIVhap;@V-6*M+JjRFcbGcF|lhi(W&k`!m?zh&Yo5m$(Z#Q#qY7e1*oOHOEhYmoO{#Pg# zx)Srh-c5Zc=6}cK8F1{XhyB13^B?f7YOHHs5>TI+OUr2xqvev^=_gi${;Z#-_5a=d zW4ne%#&>CT<5=NXy8jo8-G$!d`cJX9c%uIwkEgw5&lYRS1K?9wPBqhSS<=JcbF9!o zfbqIa!ZDW^p$8$ChuYD8SU$cO<=1^Dny6|+R;OPqSbZK1@&z5zd z>Ct+d&=j;j1x+zzXI*HTrB+a+*2SeZuKTFCK6VNzcp|A4Ii4xvqVB>v@D!WzY|#oK zngVYehNejgm`9I|I*G~_W!YlyI!G#L#Ux3aw9N`hA?L-Yo1Jymj`%d8bkrm`1T3@rs`?O*xif$=#8x_}V4z{G(wq9+Mf+gf-&6b)WX=0@}v^ZT_m)6UW zjN%6B+O&2oJ=&HemL5fSy0o4U%Q~8+N9$V}OSi;QSQjr%V*y|Rg+vEq>x>5x^*v@b z_?}Nh2^hY9*F#;K*F#Cua1rOX7-Cr$zfB#oM^Sb$CNV6_? zm26@CKZ&I~99RUUOVspoh zV=0DM*6d+0EKQvK>Nef!BNlW8s z3KGqFe2WyPu@HLZMX9B1vblEk+01Nf97~^8+!RAol+3KTFEA`U$C>UzG)e9TZ7gnC z3z}}NH-cD@5V=`cE5vRNu^>l(n8UWtoPmdW5$(_TNv{8n z3=a&AO${AW980hNcJ&pzlk30T-Mu|0)_;%3gO+>xU98s#8ZmWZi`ak`kBl$r(h8ky z_zJMc=E8-ZmX&J0@0RlU`T2Pb0~*cos(Fi}qIrn9njV@QokIO%gJ@uUY;bsbczkRM z?Hr#(`=*9E(d5v?uw|h- z!92LkCtjUzA?uE9h&V3Tk*A~+c|?TVn2y~kK*4r1GfHMTfZb*+g1~s7))dh>kRtMH zo)c7SXbZP)CJmR&lXN*=6JfgJHaxRh^N};pETQ8eV*94wKsfMgj%Qv5_+)5GN)5k; zAwsh1VcVD6{z4840i=p8Gz6fVhzM-Pps>wY2Pl#X+d$Z|1Q>{J;-5@HIcgE))(Np+ z;)ex9cOnQol_8M2Q?EO=fFwiXAZ8QbaD*D#DdIcaz;hi+Xe8CJ!DSm|1(YnXLeWOE zgI9ItiPwn?(}MsD51BUqyAz`Fa6n-qiJ^V=AkvyWsoXn#cv>&csc{UvA1w$2cUC2IVeg%flqyGL(m(o zVUJJ=(dyZlaL^wQ3D? zS%-3fIKgI>*u(<|H^#7Py>!PG-YIPD@xEIphKV7>O=0^2$D3_33iFOP3lxJLVwx6p z0n?UjgdKp3POw$S20?fZn-)aQL?O^ZSvr|DWeOMuzT(g>Nb6=hzNwSYym3kKO-N=| ze4mXiVVEhSR)E-uZA2Du-L(j-=z7kaX~^A6g8E(NKAQ`uOe|-81icd(7X|rfM053)jkJPal_D|ws4>X0z1=y$)k5~<4nf5FQu58+%CpNB=4%z6Y z?Gvwpbr>W%l`%3DY7f0&txysT`rN7;}k5oayN`_L>q6+|qe`<`Q)dM9gzGPXdE z<~>%=2InKNh4c~Y1**_VBq$~)pGKVpV^i1E11F$X1J$uN%S@jac}LRaBGjzfSj3dDHUhz>Y9cdM z*)hjQ7^!_#%Qko6gnu2fEqmayE{`feW*_Sbq^O1|DidNOkLUy}dASk86LmsLE)9t7 zTMVu4c&@{TYv%AO-H#ihE)DHsZWTj25V9{lD>N1G!ByyL>SRXgW~x;tSg#>PKoF{1 zZg4LS{DO;|0Ac3gxx^2!CDm`<@hoHBWWI*&*g0r3L+%(U~D{8qLN0k0F$^Ez-%{L6_-qlckHyIbS=s8cb1L3pYBWH!kt`P)p&Ba4gh$ zo9gC=wiuk{CX6Y=IoKB7K;23MO<-np{|~gzMzWw2*JmA!`dAI{qI^Qsfn3h3(t33~ zOFDTlDf99qK`@VYDi!AEIfxR=>J#pPZykSB+ARJ}k6@r4OuHJMzcS_6r*`~}v;$$w zv56QFb*El7?a-@-YRL+cAwI(uqpj}Zn38!MJ9l_C~#%V~lWP8-XQ}t_vyJB%olrEE;jEbHjCmK;76GNW#s`%)@ zx+rTssVkUDhYgm+h4O{c6%mgHHw8T!nk4GV5D%}e<3?oJl2%A}TvPfsF?+Oxmj_M4 z+(u%ULA{gf5%XwFzvhG^a(vp%hwv7btTUPlfj}bFsuPkt`54)*QYM^Nb#P7t>Z2;7 zmyyTk8y?Y3*CfnnsjhE0J7iB2qZr1A=7TEcBk~4l_@;T4(vt~a|+@RVWbe9a27cn z9Xo|~cQUhR5au^^D$WF`s2_DV!CQ2$HbGC)q{clrZapOoAkJ{Wp>>JJ*kt15J>e%Wky{HoP zR@cICFj$a@C5@4+BMHT{iY`gRR@IotluYf{@dYSkRw6sYhRkX-0ye{Uyv}ARW9jQD zt6XAkkRqi@qNjiZF-JV!Sboj)j2vUK5w?x(cy%^mW{w5Ho(2b+MfMolEM}#>!Fk|Q z>2Q$`Tgv2>c_?vmMBf67)rhUlhryJ4;s}%0u!1z*j_@s<=+bT@&*f3HPsYr-Ni9z^A5bFj?lL$oI zyWk6?K8dD8RgZARZ-^cOGcvM3bj8Gj;SB}ikt*iN6q@E9VlSXiL(|d$p&CENEd6N1 z0n6!gms{BpVuBYNYTSL1+Zeb`sN&JkPI=HCiJy*#gbwqU5T!(%%q zhsSmejSh`XccRgu$${PdW7GXRhDU~{F9H?XIXpc!G{wUQ`UQ-M{>ka#fqf(WlW1b! zxNjj*`UvYjh28P={=uzhZ1`|IRF+L`I!YkOc z0-ndAj;%^yN6rllf+>+8kTuEEWAfmL3GL_vJ!B4gav@H@2p7|_F=xUiX+?x@P-+Sx z$lwM6p7($)8YC2Rq2Ec%%P{vx1GUmAE~qirJ>FfDn}thmw@EKluQ?811%;K)*k(Jd zxgv}z1nfyC!ayOmb)w`{>6F&50eVO3w&{ocG2FeiB<;v4TVfRo{FXd3JIwRtTP-Gq zK}yW8Od8wnAsX84%(IygpGt-T19>WdBmN+w#kQ2)kkIEA+aj=tD_%208ktd`7d)M4 z7bUXj(Mpk`24YQ^&6&&!x6iD@^ZpL9sf4mINQKx2uTgU>BW39vdv&lx(zy<$7MmCDw$nTHv}?LxeA=p?mBbkTM_cB_V{SS6HD_gi*v-6Qo=1m=^IMZ-|)9 zbw)G!ib*VkB4X>7L%Go}dsv?(K1JC>i`i(BVqsm5b`7aaU{%GePnk(;Xyc$`ZwTWB zls+nfpWcCBwhq%&ku9uDB09wEKpD1`y;;^*Xv6mLLbwqMlX^~ohAtooThu`w;ibho zskGuymg^0r;IZ;)SCr%yMsTsUS|(A*3Qt=ow+30otm~PuaLsIRmW>tholg<`!pJ0; zn&E!Dkeu9i4VP!4MGoxgHFHi{%4jq3P@~akETTg|w^K>(vMxe#p(KVfXNs#&ry3B7 zHnIX?%w@+`213q9m?7Z9msmcRZoFxWX(*V+P@_T@N163IWmql4u_ZgH$k>alg0|P^1#>WeoMz2#5P4pj0CCVJbRO=BMaNr z09OgBI&;LclaYO5wIuS_X)|BiiMaef{U;g!ALcJRhB%hX|FWqm|5JBg*NOa3$K_cf z{|jUy7~m&_S{8zoz!m0-si%tw_hz`s9^~mE*Z>$$ZosDX!r9d_nX}H?O|U^x;Fi#M z;3?>l;pjYHXkEk`IS7_anZ=Lid84LJc%+z0PI#Uj7M2LwKg?ew@{3-)Q6_|A!$T~) ze8mdb3^y-!8}fU0PLA)&M_|rYz;tM5odrjoCOiTI2P2B2L7o6FlQ~OG+gj9$U1vjS z&Z;amoye|ZIC0Ob#NZ4{5+y@ZmvZcwDR%bbPA-EhH` zEP&q?0aEE(+tx5O3$IyU&G?|v0*Ee-?2ujIQ`_<*DKzehxY~+ z@(>$rCiZCyOdgxG1+=l>b>%FgBh&9GXPLt?vaWE^*>L381o>v2u!a$bH$+xxEzDzY zutGTS9X6lT!K$%hj)9mz;0G=;D_{kf!#wP>)`F!bzFa6zhHxi3Lc_2+fzsJxQ8LP5 z64ORx!S_g=ARSXe`Nnd%gC}z?N7L3Q>ol?92w4S|8SAb^)J?pQ6pb|k9J)#}A`2$vYgIn>NhPqD@nMteC?9c|Tm1-MWEG77+B2C! zm$i=qfCgoeeqVMHHiGHCB?(b*Q?zY-WN>D3Xk@5=YG`Jxe{|@aTm(x9W2ZdOCDY>K zGVCBW9U2eQ0K;i0w7*6?5)C-564$CpiklPH=J!qPn(QAOn&By4>qZCft%Ho2C2dV+ z+~$MXTvuXz5Q50%+`y~0wj10ugiyLeDCkf9iLtrF*w=d8dWh&gc<>-X8SYSWSCaDp zgFs8aJ{ldgZDsEqWvql17Z~wiz_CchM`cnoZ3DTipYny~ImZg>gvKuYP&WFb4qT6q zK8cRy&gn?gwC30FR*W-|mpZ*v!T{c(*eENm6p5z==Xq|+4QYHi-#ht!AM{airHGn= zJ7(0GMdr7OggLckdgx9x;yANNM99iK)neN@T8!MUj*5{}x_pOUI#YFrCf!8tmNWZ0 zJu<}{#VYZ+o6JTvkMR9AnH^r9BLrz-RCB1$)Vou<#grg_-hrzuXz1($G;zzt+MUP) z8IQ^?#VjKR=wg901Eqq0d`HI`e9D_`- z@s!tFk4ro4pgOh#a8x4iV|rw&6ID!)`l9jj9`QYsfFn3d8tBhR!ol>T$`-*C!g3ksxg)8+d0^|*RalJDcJ!lXL%e7KtX&8^Ib}-o;1Z&cd z0xcHl>klgTVI73EY0m75Jge9p3o_?EQ^d|xGGrEAE;}QvmFjLqFw;PVd`HDb0}8Qq z(HYlDSlpx%dJ-x0iBcGb*ZR6T&2Z}2w8f=#2(~(7Hw*G7KJ)i2n!`F=ufdqgF3l8c zrkKHviu0Q~D38D{6Q!$gSvIL`l25qqBI1%NH-97)R|!c>2xsL2lH=As%A7_xxk@vs zYftHK)fK6AF0v=rf3fT4c-Gouw+6i2{h!^Nipl)neVaC&SpPj9&kEOn_t_?!gkcL! zMyY8>;Yg_`XN|CaVp*t;FM(^X^jTbu@`ln*R1QqbK)&Nx+yxmJ7R!)Sdni{x|1=gh zo9w|3%c+*o{@uhg(6q-4+psM|mnX5U*NBHkaG9df!1B%9faL@Rn({sDld2#)b!|Jc zB4x{|=4-?=az2BfGi~3=vC%K*arik4muapJ@O1`1M+N*GgP&99lzeTrU-!*9Hu3|R zaVt)FgiD5R+>6yJvGaN^n&2~gO5gx4zwVT|Bl{&S+_1`>+UO3{i#M{OzEfJRAgsqS zf7kT2%!$28{v_?cZsx`OCwI)Q0$uL@m!3_9g#GX9?KyG(!*O}q(Fk0`q{Lppl}x^a zh)wwlC-#}C_5z!76HdcJq}rP%Kn2gqhm)##*U6nd~#y)@UF3=d&dsL*CQh%@E9%-9je_~>C?Wi)!jC}eN;-8eWR1rB&Y@`pz`($T{sqaPELi~!lZ@Cd8Ehr=8T zr3WoIb_AN^$liUQ+&3l*Gt`2BQQ&d!-XnYWT)$`ZlcOBS$PJ9b2~OAzdj$$!{pg6G z=;+bWJvZ%PS_Gu-y%9*_ppK4?9%bz~c7*A}gAYDP9z}lN z*4B29KRGtl_VgXbOWt+#_V4}gumA9q@BZ7z-}=I>Pkh?GSAX)qZoG2%aTDME@*8$O z@~`y6zrFth2Oe?#?|$+34|~Sl^V&Oq{x_(2-S6LV#(Q7?)W=_S*P z4W9h|+m5{ZEw8)gJ&)?SV(RP*UVhJ)vgMzi`4^q`NAG?3j|Lt+_Q2d@K6cXcKJ~Xx z{(S!Le)HjH-ucE)KjB-i{MXNZrz2yYJBV|M`QLyvnq`^Vk>v zzspbm@oP7pe{J_^PkPY}&#ATFJo)yk8?TxD;!OviviVp4@}J-Q(5+usC|o$w@z-y@ z;OV26h&p2i8mM{Ha+v7j|#ECE6fAZ^Zd)akUSG@6wPk!m0|90!GUH|yM zr%&yD^pj6{!{wivI=i>`j@w?gvG=sQKYh*YgD<=HO_vAVTjy_>|J~K!eB1MW_6Kw3 zRlj@d4WIeR&u&AHLMJ`qW#78v!;7`IeE7v1ulnB6*PMKHY5oe-+guYzOOtt z8@#;lN9O;$|Kra(6UO+jsuO zde8eWzVi-p`)5zNHh2HWfA{ty0|!n$^~^7v_jB#)AHM&q&%d(kr6>RFsfQ`s)^hG?Sknuo_oQ*Q?eI)GV|k$ z_ms4sb=~>W$1lA4iAVqP=iizfJp6&PF26YV;PqF!&wtuuJN|IxwsW8KgZs`rbH_C| zJ>~OT2d_Ejq`Tj~^+%%@`Tx3q;@j8XKXZ5Kx}6>SH$LX4hfjL;(XU;$ZOf(Syyb?g zcfa*FSKfj?{fzs*^^zm6`}T|e_Y=2We#+nnKltJeFZ|9Gx3qUZa^Z=+Z`*jo4KKd^ z@UP$Wq4#%x?)z{3y9a)!{q(NuZ+cJPr9Iaie)W|%9Q@CZxBbJ9=YlJKTl)R)M?d?F zYkpPy>BPC)UNbQ9+M9oK%{%_{8R!4>Q!}5t_lwWneR{`Rel_-?m%j1K&-lf?JOAr% zUiYvYulvhQwcNYj_~`fkYTJhv-}vR%UG=;l-SP3KO#WLTGjII?ec-R}>$~Tx&)waz z^^1S`;B#hA`|MBpZ+i8??`-|i*)RO`{r~=@4?NIy-Cvqdy5iIK|0?^^@154we#;X& ztS9{U=>BaFzo+9%x4nGR>7={uWuKdP%7c&U_~sLSIJ*Ct&w9^Eznpy4(S;{X8ZUX~ z?x72|J-y?(55N0?YZq>KdhavQD^DA|^$F*l?41APcW!v)JFEBg|K#QE-#_&O{h#~b zc~9Q;+S@<#x^MfR{Zjk6S3c{~XJqYnYS-v<=y8wS{rbLdK5yIT>-%2(u6sW8lgk0 zlq+vNH+afVZ++e7`zz%q4BS3$Hr-!q*Hx`1)tvchT;Pp1k!gvxYO>cip}9^p9@Xde_w7?0D9< zjFZ1{*Vn&z^Ub%t{4q~`-IqV|saqa?-cx5@_LNOm^lquY=!^aCzHj88`i>`A2kW2s z>N!`vV%KMHD0Dq+{}VrW>3bXR{_2jaj=cP;XV8y7Wpd9~&%E=QzrN$7q0DvN|2_1f zm%efG%G>|;LlyGwD_-~N-rr;{>HgvsAGJSq+nZWs3qN)4JM#yBHU7RQjDGI+ zFZ|*~zZ~2Dim#pg=-0jf%^y1HV~;v~`+t4=9f-c*BX9cdk-b+`25$K1ub+O+%;S2V zyZEeAJFonUTfTA08$a>`_gNdi@!P9Ak3QXc$3HymH&>l`0e?)J8#t)9{?SIe1zWRxOnZ58k@9hh&8oMU5c*Tvw7jD~d z`Fr0#q-J{ujK`v;XF{&wl-zxBSEP zeQ)^kb6@nmoA3GWTYGnX<_(K)(JuPt+n#jh-@bR@G5>Vn{_J`0yXU5x+AldUaNEg0 zzU4jN&pqngC%u05NxvF8`*|Dx@y@v~5BUr~f8~X*e8Q>w+@Z6c{?;FQ z#lv4jmwo$1*WLJmyI;R|;050Ae*1#ke(^x?;a`niGjPW@zg>CT;3ogVOFwtr)nB}S z_!l=k{xxS``Z4{I$6Z{1%)4Lmz6<6i zzVf3B>RajayWjVqX7H`3R>?~bpMe|k-AdTjbtSM|R5WzNGFUUL7_9(eUH zZZRJ`_3wXi!*zfEwl_^XAA0ozFYZ6}`mg-e^>e{t@5i@(<`I8!fAw+CJm~>^-ktv$ zobrzkzxN{tjq6W+%ck3}{`vLiRv&osb=Q`k{(0k<=YI6Be!ThroxDN&+V8hNXLi#g zj7R+EspjVT$Nocm`saJDsaA%b_V|~5=6mkuXU6~eTIazlK7Z1s-#O>x-#zVFPyOLt z2euWych`Zpzw(hAAKY-?3)=qfIluYp@4xugTw7b)nf}m)zJYyG;@cl>U4`P7T(Owz zDohu)l)4M0-k!4yg;JsLMC$I2Rp4jKTUWr^zxC1^{olkQ9 ze`!D{Kjz<9@3LR`ER+AgyU=|9bFtWUV*YShARiDrpN0#At^c&0DUUeZo9PZ0Gz z$F9QpeR)W);RIo#py-TY1TDM`9}<-E5Eit-afwZ-g*`FszIS!&sV}rs7QZr^MbUYzs#L_N*^1 zYl{+*UTW`<${Htlh;Q;@*A?A;1UHC>HUVNJL;F!q#_wcP`i5X;WuRL1CDC~!vyc!1 z3Z=kEkY`ZCdMoW_$@sQ};w_l2W;$t_w_8LJg`s`8`Aik;_NXl`LyzE96V0LIBy86D zd_R8KhK>dQEo%gac)A~3+3R1bA$e&@2}B00qh(lYvlh-S6_NQq&`8LaRLhLL~`PdJS?L@Jd5OD#*Ywa2gKxrXjm0$$e*Cyp= zMcJ-`K9)_gv{ZeIPKAMUD;4I{h!_WuG&SoGX$0*d(%Gd2#Dhu||Bw?uirp1TOPA$S zgvBKQB9pytb#@tFV5MXFk|!z?1AN-huAE_zAr0yv?y8Vl58?`x815z6Z>2)b?Y3P81+PR3 z^5}_9G-_T(;xgze>@t^;Lh|SeVo;WLWmWd0>gV(7Q<8{3I=8;#;VK!hFr_PK`QZv= z>fpE2IUceD%j!e{6}bcDym3l_s)bWU-+}URu|PpRL@$Ihm;wlFORS^(am3>herXET znC=qlQ%!e+gmAhFh59mG!xUGN>TZApq!nv~yv}rBVjr61b&n^%by9DhMfVm8qvi^E z<^a~r_9(A@{5XeHG->TzT!vxRxKMe;JhCQ*w2H@%t<>f$?pm%fMI)|`J<)V)=CBoi zGUl&&E)#)jc6}Cn;@OZiP>dyT3V&l%r4!W~@Q>qRou}QZQ+lb@vEmueki-#=S7O$) z{4l-}sf50cGM#}LOPpI7iV(3Llr1Z{S(W_>)6TQr$N>qRGSAR9x{8cvdH} zAUu@K>cKUGX`hpa7D&7mu1 z%q!(?f+IP;oCOrtUslH%tF+p-+b8NA|F(<##bWcDsxQvT-Bx#FKF=d zHgx%g+Nqi|k7TWQd^uJ2GN4$$EH)4;w$g2l#8PYsP0+g5T@BYW>)30o%pvV<;gG7+ zZ~+k6jzL!Mo~n>01f($rDcxCJCx@%?S(fE-HSXxLY&JQktKsw#Jcq|!pK1&BD(z=*#2X1`0(-tqynO$_K(0{O)Ya2>AbVi(z{Lj^ zH#ARpq$AtJ2iiEO-ZIva{XcV(@x-&1C#jKQjjT>=pK6w)&mIFD%box3?oOWn?%mXV z;{5kr?#+FUEXY-~q*^z{}o);DLu8y;cvrmL7M6mx~1>0(c*x35&(r1kY}>D_#Gp|{jsIAPUR z`YhT1*Pr?Up5^*~u_u}Tr*~6N_lf?0Jf3*}XYN~?1!(TvJTPDdcHyCB@Wiv^)0F>( z=aW=3`#@Tz_1J>t@_!Y2dgJ}St57VQxc}j}JlHkQmtA|Vn8B_a{@kP$yR_a+Y!dcI z&jVI-nDt4|dZ#L7#?%=-VY+-gukqZd0VSTelCwEYYU`B9koQFG3^M;oW|lM{bqw>4 zRI4ab{bh2AUS2eo15^Q{G3VVmFg|B$!3zq{-IXV6VD&*S%LjucOI}M?SHYmyD9%q zSE0N2#Qg8LJndnip2)2QS0XBFb(!|?&IF7u>K`4+aXSvzZSzZx+tCg(k3GVZYe5Qq zX72^S8u3Uh4fw3>%%k}l_QRV149B#qr)T7)9T0pXYC}Bpp+iVJpKIYPX=pSk&yogO zT+C!LRm&-3NZ8fR4@Al1O(oQHW-KbCoM_@znd4h;$hvz;BNoUmb5m;l;qVCeX_N_a z=7?t+2C>BfAWn}w<3+W^g(8xT=2KxloWp8w7xyHLdj`KP+J(gb#Ma@SxMD{V1M2En z8Y=4UXri8Df_8=L>qZHh2Y81-JEHkMEulk;LWqehZ|&$3$F%nn z@gqDb8v7PWI#DY5fk(9u+om5LW}`bu)wE0K@=VJTiH|%wH~sCX6WD(8)0Alt9eW9Y z8B;|9XWCK}E{`qOv`ML(c~V8bu53c4JOL{X26Qo84O^-|B8qLfK-WF5d86g62xauFXxgx_Vi)Oz5nX+>b$`>(%8I%cukJXmp$k`~fYBp5&kQz;r z$iOdNytsjh8qNhr9;qAf3!mVw5!d5cN=0&Jlh90>WmwuSWDaqG%r5J{2k0;kbuiBPKthtia|MzwjWJ#Fa%1-6S&? ztvu+KH<>AXoIM4&&Sthg6WXKb`UuHebo0ta(MsutNFhC*6cXfT!TyAA&JnB8sj}H* zU*}Am+QEh4B{JqobRT4yvuqRzEH>o`zs4?~BfhT5#IyWaGrj+wr7K#gVA)j_4|&mSSuMQ({zIBrkoU1Yt&0F1jj*LoYYPeV+|3 zKoxZcC0>-cF7qob_L7EjH<8S&E-xVx;8{U9R4|2jz!Q8Oo<@}ez-~5 zv4kE+TAY$s85?!e&f~zZIi7hLM0@4EGS>4M_J3x#INC6_%X2IuZaiv7lYzyrtl)(- zH0+Da(%k!Cg~Q8Gqh#|Qt0v=jv1{(~oWKoJz~|704dTzpiih81{^#%ou?^QTZ9jVB zI)?l)N4&C9xk~)-?|JO&weXi^Qn>vtJh9oY>uelbxeNtiIm|249Dki@Z_kKN0%VF% zg-)ogKNYJZuBO*A^8N$c@gcw%ZbIj`M3_|EihwyFlZHtej4&euL6yL=_^~%qhr6cb zG&&>h0EqFg-an9u-$uX&){JsFLwK`76ov?WZU@$9iEZ#!NZxh@*}9GRwJ9juSyyCy!zE5!mS zbJR9nm-x)9;Xa(}ISUQAif^VyFtce$oQU2UD?y1L6+jo}_=DG_SehRoCs%fiMvj`7v3i9tIy4fT@8L?t)N|rQfEW)_KACp-$+u+N zt>KCZQ2E4N5-_{YiLpc6Ceg0mB+)KUmPK7ao@B*x-VYd)dRMPX-)VEj2tk) zhgxpk#C4PWh^VNXkwX;k6U@UES?XQKGIimw3kcYXkg{G(IEdDJ2d-mG5sR=F(xTOw z4IAMt6kec#UAMV1QSMO5@y1Nttdf&Wyw8?bw=*UgvBKY`q@X{8}8C zV=C9ZZ8X*E<7CLQG*ca-T{*AH&2FM|#F=eRW4B#pxCw&79CtvO%c?3zDvBl0q{=p9 zIn^q6^uh5hi7lO_X3z00pK?GOWrxS^__$g^MXkHYr#Xr{naup1rXt*h;+e*y3%Jlc z;m%7m>6QunW#*H7luKoeOf;vFaXntD9hl+@99Y%_?+9qPGUoUb9-+kc<5mV38IboS zxt{4jk{>-h`Ix+a$aUZZCh%xS?zCg`@nvj$dI;svC|)q@L7gi!F}Ul;23ri%1|-jN zh6tI{DYsS&Z2l%bz!6N&kQ~M3fQLBLQoJGztD$QuTO~~H(H@SzP;g&@jko|r4f%B< zP80Au7+vaUlr`6LT;lo6O^3Afrj7b1r-yg;4@{3wUNp0Nd~_&Jd_5m43S&2eGPq+R zd^v7U@hd%}1oQGV1t-3a7sg#;4>-2XU42?Yo0$N7r>U+#P1wS8%_G>LCDbM4 zh2U0C%+DZ{&<3pQ#PtW5Ke9brEEKXEIIC0go=wL?j!SG*C%$LuFi+$rOI`yDMO3BP zq`}RoQKz6C(S4bkOrFne7C2f5(k;YV@Z15`Ur>5V%sTs_d#(#Ww9!Fnw|;pWZCyi&()jN3zV#B0d5=Ju~0^_Qt* z1#tP9U*j)xVvZR1xMs?Z<5SQBl}1_2$6l2=R7^V) z9^INLQrpfl^YXbj@W*SZ)TnKz8qPAtLM|pq|mHVZ!KR~;QZfA0 zT&qre%#2Y=t?*NGEk2V-sUtqLtl@i@RLoiBgF(D<1AfDc5#F+@E`(FrsNpALYm}g5 z(Hf=DxoEjjoH=h#tWm-nxklMssks(kqFjN-PJ`J-8+Ghs%d~Na)LZ#tq)C6drO(L% zih#ry%h9pL-1JCRsc5Q6ktJ|G)S_F-UC)V|o}2G^PQB$>xB)|K0EFcxFwZiLA{)P> zd$M5}JX&G%qYLZz4DJ{}hG)(ZepBUWW9m{XKZ-pQ50>-ea3EUv60S$U*bm4=joJFF zVR|U%qP*k!%^3pobJ)wL+SEL6<-BES4k-G%X z;asm))Ow2ACD;pxB0CiI#d4YA)jJ^tHw0zI~689UvjByOoQw{QacHMF>xmumtl_aWRlb$d!h7J_Ka zUn`7Rb%NM5Da&z`t5E}7@rk#3EoiL(u&mv{b?eVp7o;IrwKn*Ap7Re&{Lva3o4V!# z&pIa`iRVvIO=!~yEr!$SnsNoLP4~l;^>JRQ#(cRUSHZYk{ko))a8kx2GY!fdPFP!hjcw*gxhI{r zm=D(7rMO@TH!OUcaNtnN9(@ypVnKRxvF;{r+YdEdiE@bPbt>~=QbC23wBoI>at%n} zj$$d6Ct!tb*s6ilrP!L|%yP$bN#LTWESrj@xl96`M^=hWEt!rhQ6gOAm!fV?PY0MN z%Ax+)QjyQ>qhmn*;R>R&raR#g7keafw@u1Z{5aszqfVah95(k^c@BeDlKx19U-ZGm z=pMFyln8IaF}NxWSlFyb)17e3PL&q_%_sDujzN^w?`%%U3pRJepGs1>C_pHc+t@pTaC@o`JdsctoXf`z`8JFM!bQYdDBL&g-si= zQAL9#Tw?k)HYH;!A@oUt7yJ5@A0_4IYD4fL#^DM|tX8R&O$zyHh|!5mKfLlDq(cmZ zsf3cc)|-F}>z&Y||yI zA6eCV&vzSP2NiWFi1?$&Lu>sn~K&E`h_g zhie5@)21S@VB97$jj$Vj+`zXEpbV=s0dM1RpE-m*y=KmloMRc`h1OJlgrf>M-6GhA zg=Tm;Ps)rz`E$deLt#h)%GMh>*yYt^xIz|bXmN2vO1Bkf?U*D2+q^U&>b(}cxD4V6 zFRgHFv0us5HN2uCn|4J-R$#Qlgc7VW6MO*sXfnd0+=x--*r;N9vTXyG?6waZDRA*ud({GEv07@VGhgnVIzxIw$gddC?hObcUPBn3o<};bMt5bTRd7m-yPX1dUy- ziR=>NN1V>fBUBJM3T8kR8tM|3T`2Z&g*!l<5Vs+31kfFuIu?P2aXt#$j*mQIm>$u2 z`~+AR$CgFKlDPOa;#3vKO4%<f956$jPa&j^=m{Nh3IF9Svik?BoI|oH^q9m>B0nU zlUC3Qn#e9Ia}SnK7E1EBlC@HkN0RU*S}mHdeqsE?viKi$SzK)`hx*OU#hg%x0gx}L zSQw2~rJxS?Fc^$jW5x7=*mI`m*bvbqlh05dB_pDv0}+Dg2X;KPMBdn96JkgoDGHC` zZm2l&gD{0+kS8BVABymvFVU97`WsjBsiDd9hbCt(937ca9d$O63Hv1CNwS*@n~T|% z)E(`=aAtb<>L8;-eSMObrc84o%Mtjh#Pp zet(Rdow3+6Zo>AG#w4kzLm~%MZ-}8QXJd7hjt_3p*ICkFdLG5C^I;7kTEiYOWPpw3 zRI8?4jp759u_t_|j5RHm8lzfhaZ!!Z*&`BA@xfm#C=SMQR`CD>-7<;oYjwP!=~0Z( zb`>8l$nBIC+7B&?5sGjhI+WucR2s1|DOOaxi6+{xbxn6XGT}JZlzABeLev*=TxJDn z3-vg}3+t3sioIrK*<388@h>W)uV zSPT*%1NRIIY-X<*h33`Gb=9ZT3ahf2S1RX_HaiBBH89}jC*C!gaGJsLT}!EUMnbw4 zC941x&PP?B(9IvX@8idyo-H|iD92S{BJccDrpSX}zc=2{hqcXL$m;yB6TS7|`5!g-5+afSD zf>&1qIME8m+?4QA39X6PX6;Lh$8CWq6iaiR2!k5Ni_$`QQ6ikT1+oTr(h3%5(<{k{td-~#{cWhcXw^*MDU^*zPMNdgB(Vb z@;J#FvFhP;-!g5|gc3@~MH@}iP%g)&+O6-MRO#Bj;ZTgM&KOOL{B-FOOmU)98d&Ur zMLS7S@YqXSBZ!ef4Df4=@I0eazJ%!fw8CVlZnDiX%{th0pfYh{3n?c@;%6k&$QK=L zg=Zf{*%cfZ3@R1ku?Z&1I+aRxWp$T0JSl1;q}Kv_mKZa>hizIR-VCvI$KXeMwn{r_ zsVuWOP zP>d$|QkGOuhu@1zrB>eq(bk>uuY-9Q>^nd!;Py9n6wF$_*03nHg&ro)m+hLdj%)M zAsWlp8*(4tGUtdb&!;laz=U6}=al(52JwA@y=WEX?(##~{OCj;yJmi_D8erDHG(a_ zCM+9lt_~6lH^N3PZsq~;6>M68N0@s;YmNmdB2?Z3#@zfZqIqaox7i3$o+un})BiqR*??%e~oRE0X!e(98nv}coYHVUE{Nai` zblHg}&L0RZw(O-Lb`cpb;)`UkOW6r*eotz29+C$RWfX6G)G0%og@X9)`2RA`)v9nqHy>(*2}u4e%2wPPWPI$i)! zQy`Jv_%T?WeGzvsdxNG|;%_o>-;}7DBjdKfZ`KrXVAr)8P#R8aGvk(EJrQVt!fjxV zi#yxI0LWkvLt#`*i-@@SC@GKpXjel2xav4nR+5t_-{N_iquudexw+`YWr0U>Wy>im z^8p28OoPg?HdAvNg}T*3eLzxTdkaVFn2v{P*fVs;kl|Qy6p;%iW>MtQWdo04;U%lE zkVUz00=ezqgBP` z%1ME7D2ccEmV~tEYs-C2|I*wUMZ2-_vW^#!lqrncO7pFwHU6)4wU!cD#ws^a4hD`5 zUn`_Kb{@^ZKF)^&;I@1WSP~N(v)TK+Uw60V<*(K9w<1Mu*@cIVb3{?yasoqEh%gTu zO?72Hwv|YS0~e0CCTl{=hG3HLAv9^+wi>HP5LN{Y5uhZBa-h%hwVc)Ci0T3o1ymA? zX%O2t{Wb6*YXXK4Oj9TG2zM=xhc{htdHK_{rYpaLv@*c4*57pDSXsR2X-+f}ZHMVDIw=^vvDh?$6^2A{K=Qr3c8Kb45 z!}D~i`~2>uW(g}$k(42n`q2g<@Ev~zY$ZyiPQw(7yQCRkfn{znWt5m=mUkJGzCtVA za+12uBULFF{wKf@ZZIwE_nz#UH}k;{YH7e(strl zXX}(F^qevcGGyys18#TOOB%yzvR;&AKN+^2vt9=`O^!Y<9h+wmT&Q~nUF*%($cVDduA2DQ@dwC z$%IF!S+z~O3KEOG0rADlBq6Z(kQ07r!8JX(BLSe&KLN}ZwOX`0ObvE=j_nV^?x-*c zO|~ngSfmB1UstDp5s1B{F@a4lwHv0C;!SZr_RNz@OoCV95qu*E$l+AC~tSSGbA6 zp?Qu)S`20K)5=LxfNjf%)tlY%ibrUz*+)tFkYKBYcal#Lel5%^F6wLl{0+N;IE zr}80+rb+o~{n!xx%JxFTYzV6tQmiU(?ijFR;97;aR^?u;%HqQtaeih=E3bs@4Ohf% zSYtb<5az+&{K&ivf#KPEARe`b=Lo`KQdCxjpA+U`mnIc)re@h9sNCQooqNNx4icx% z5Bwn8F^CA2Y;Q+ngy)?ABz`hd8%o)g@Hj#{8f6s0DH^OZJC24YkW*2Kf`ye0{H)AU zGO;UEGu`cH92(m>H8VW1C@)+y-S9XG9>hL|{F5b=h0uj;_-O~$X9G9Va(GQ zuc@pi8&CX>Zzh#cue{7=sXd)iR3_YaQQk#6Bl2bXj)D?d4@IIafw-K~SN2P&JG^-( zZ6UtY^etQqZ~hdmPsdMEHmw%NDN9|&U84epmOeUYHHv2mqRgG2>P81;)A5r%2f1z> zdEaM?H|ZZ?e6dD?UUk)-O8s- zHbt&8aUhm<%TRcka3CtG9CvKzbVjLXa=O|@i_wJ}%d1vAa6j~Jq(~JnGw~|c72@p} z^SPEcbnWf2TlgTsYV(;KIaeKsZVZc`wrNU+i?*q+&Qa=!49D4AHmzDV+ll6Dre2e0 z+bA*`Hm;jGZynasGRLj(yli=|!A2!XT?c}Luz<=AEUOdQP7^vviHOXQBRKokiS(M| zgqNGj6D%Qi;%NwNth!xHar!TqVq9R`z@CA`WwZck*WRH{*n@dC8h4330 z7&$H%1ontXhAdBIUcx@Ro}=>%J-O?yoCQ*{!iq$pB8y@jx~vC>aRsbMNO0Y5*_mUq zl?kSx%eJG1I%Tw0v-0NxV}}1km(&-Uatf$s(S_5nTM9)v1lJrI8VE|Qq^oy9jo2ub zQ7F3kH_GuNb0LR$dYG6*s$4_bCk03xO9UtyF(O#Z#-8>32o>uY{+Dy93k!P zXoz1gI6X4O`kh|Gc2ycO-=c`vzSlq-naT8Ghlb@{>K*bhyUei0GiAeFCu}$udhV(B zSFbSP=P0%@Bj)Vsk*Tu>*tiNecoW(#zf6xzsqZ-|(9JM4H)A56CBGBF{l@a5a(29m=(A@-WT{LEbLbtuO3an z;*Kw+Hr6;C==bc10+x9@ zV%K$xgdzicokmHv&=cia*aQN6h%XKX>T_$oJ{UNVSK)H6m)`)u%`(^qQ$4JV%u0Cs zQSxSAC6o3t_aj16Eq9lvas?vsJjeT^-Vxc?({yEFSMRbH9mej+NnUg~;#8^hv^Z5_ zJ(Btc@jP{Cw#Xc@N@yN?Hmh65CR6Z=JW||_MzLuNsm1cY$du#=%{$&K@n(eUMkqo( zTlwVw&>?l>mZz3s#Auujxp4?8m~3#nK*drf)pc+1TZ z+ovHHLZOsNKY|oDTLlPSiTOrh6-l#b2jc6z9rAUv&X)qHBt#g>8CV~Hlmx<4$UC}E z{2Z6?R=GhICZC?EVOpE1K;}9(w7TMIB zC_stbf(ZVd=c@`uFq`(3qMkzPM;exB1;8hDcZS)snR(CjiI8P)p&l>BG;T%=o~Wo5 z)1=T$sVHPQ)fwi@VxL=Cgf^VP6ROT&!|+fJ$)9k=%l;fZg9(x8c*k9QVX=M9m zosFOyOc!lOG1@~6K>BucAgl6nKp_G6ftKdQA|};RkOO!-Is^U<-wF{(`0zumCFHRk zNy&s?Ksf9}QdAM)t}v_sT>b*?R21O{!9i5gBh+1D86-TZ%o{D>4 zzw$k5!vjiVaqneKLty0iAkokvRMt6J=a8dCl*p~!*WDT0aRXWlzlcw>gt*u;=SbMC zQD1NPwY_?o>Bh=S1Fo2E=5A<4{w$awi-O$vD?^UztRzNS&NfV;lcOx97V}qpM|UjB zCWUiF{(nvW+a><(-Wpa=CpN1PFQr!Aw&x_fvr%POMYr< zq*SbLRX8SKoA?N$n{JI+&8R^Wj!k>JbT9N~H$?S2Qsu5X8@pK>L}6O3e3bvs-n(wM zaU+Yu`K_lw7|mGHh|P;`wz8e`$&&17#+I~2Ihm}P9IM$4k{vZ0J&kTjOya%vgPikn z`$@iq!o6>7QnDP+5!afDOag^Mp-`wQR29m)FvKhLy+szhdQjdxryA)|3sfoj=iIq3 zKJ{uXw`SIhO}a`Qte>x?prHR+`(N-Z?|05$*8k}=(;XYCm74gd(u2&I{B1!fqsUW$4JK^svu z0F=EXJ0=(uC-lFqr)&P#D(a|rmA*9y#m>Q)ps!!DwJ<58;jG>Ce!uCjch;PZb!0(x zlzA>AbH2YvqW`9FS^|_i%RIv z2nm}m-^L^4I=~+w@)x21+W6lcX9IOgZ8MXJOLq`w9buwDt@(S{aydKBK&ey!$@0FG zhGaAfiR&ACNNV}1rUv?Z8@#;jGx1Pd`;|*^`+X8t?T!6T2Q)$(k$eutgATR7Dx_UZ zk~F_2`7vHg7;PXKD(_noFg+I>NQMej>#_QtY0%b(gR$v24}sT&eYMJ)xxSyb7rxce zq6Oq5r9-x|o8Cr-%*{v#o- z(f*k8)Z}ZUi+GD^5CzxS5S!I)2|6V{X5cqrL*Bysd>O^atY;2TcA^R{i>%66h$~WVs>@lp&&-gFvcQI#e{ltZoWF4@C)qpmLONXD=qxe z`{;lE`~QfN`v3Fa|5w-SgiE9U`S1VpmUwRXKmYxIdEl+&=F7w#jRH?zDF^_JSD9R^ zsso%aj16Dr3u6lyv>A}??X40h>|66Pe1V&9guX#X$LANvhX zuSQ%n%F+x11mHcH6<$==HYCKvzCn2lL;aBNLFL?veW;q?Q<3UFMv>}X{}HAk7JD#w ztL~pCu71E=UgK+NEFa-dL-TgISYcm0CeCZ(9;#=*M1B(o7c?Vc@s!%fE-UDjemrY#)Sg?`a9ji{c*2Bs9#Ap z86mh-+}JnYAoW<86SpU9}fdJYWKSB zq`$*tVBuM}{4+?p#kqXinLpQBe0Q$8>+xO6$m)aJo@ zdv~YTUuN%C#rCdnfyf`Jk@Cyf2@tIqP=0!&wc>k-{0+$UO$JB=z{xuIGJp#CICX=N z@^{-wf%cJi^I49G9galIZe#imIfZI)&Ksvz` z3n8<@-&O>D!+0894-WZ+DyGng<)-3sBx6W_XrzZw7)->D+arpunyVxVzy;!+$Hb@Y zT$Z1HmcQi>+pLrL)1B;G?sAYtjG~9X)YDSf>>?K=6PAK zWqC`8dmOqn4Lrvq9oB(%WLGXLZ)Aqfp7X-#i=Z!t^m}-SRQ_v!r@OrkQDS8l)*beA zj*EDdU3!Pwh)#@uv_0b=zZ>qZZ@%tilpT6e2S+z($mrI_MguQPLey?Eiv{)idrsHs zI=%g!?(S}dC9_py{?u7BdDCa7(jWXU68)@(t%NdA5jG%Jm`9 z1qDxhZJsUP@WYy)EzP^F=!yTNUn&vLn>!-iv&YzX}; z!x?sHOh~wo{%gftAt#99Oui`B79L9;5?ZcoKqe){A21p1qt)LI-<}PQ_hHjZpDLS} z@rEpFFEzgnM`JMxaOfK#rH+GIzl@T!WjN%=AH)N^g;Z|NgvOimTt;X#<@1E*YrKj| zhJ-;MKem1bP2wO7$t`!a`ab)gObXOb2^tZzLdS2n+sLKxxLfQd@WA2_r?(hKXqts- z5Qo_A1bKfE60U?z1c42xU8b0Gvppo^wi~(OEDb!`juSG)=>%uCqHgjEKSCiZV@1!x z2<-iR<*TR9m;Eu<`xh^fwwrl7B8vdg>3Z@xV#%(#6K;cDvo(?d`9`lUlj|_IkT} z+h6szyS?51c7Lne`>NaT?e@05Lfua_Y4elO)J?wX-g~V4}- z0iExcjHV*>0Q)lgNwdY*D>XsgT$qS*v7#MQ7uO<^)_2gp(si^}Q3*>!Z@s?fr?n0N z*ee@NKj_DUi_??SH>h!sjg<{XR9n^NQ($^MwVvAUy#YBc0FLNc?;=Qhv+z*iBz15@|i!Qk@v;=|vLe|ovPMq(UM z8lr@;V|#+{&{ltaam-f{_9g_a{-%L{T!IMYz(3iC0Y4Y1*M_rPv0_U21*}<&r<}X2 zi9dTB%nw4iiA#eU9L{*9qxxh-@memMna535K7ls-27c7Q>t?HE(#zG~2FHgN$Cn>Y z58fS%iO7^ zRE-PnvlWgf%I{%wGEBxi+X3G5VxwhbkVD6T zh|O|(c69vV{OscL@7^InN;pbq1C~HAwLku;i&njw|o8 z*mvR|A6py)w(-T1tO`8#R~6klE7i+kM!B`noHb!!_(Al$mCsIMWCtwdmtz{2G3XC{g1jn|OCw~MXrGh=lJ#}_}G z9F{C_cAD!Ok)z^D1BMTC5d<`(pKe`kQEi6WyvPcmjDIW`PeiuGdT}7zqW`(ZZ?-yNsVGo zOvzY9gvv5|asqXw??CK^CGvwvyc?g8TgpRTk3@)wQD8iGDFu#LxUoa7KMf#EL|wqC zznH>Xsqc!4N6s(PJM-}P>$|_(S7Q58AC5?h*5*naD`?r^Jn$&U%TzZ4jg&_eAvPog z!h-EWrg4_a(x<<8B%&k~6x^K0$PX+8%1bmiuRmS#ff*pma9G{GToK-FF7?*2>D3 zgWkGXLL7p3;BOPOmG7*R5{iXj4;{Js>z)8Q6d79I>JS`)#`N2deU7QARN_SWanObaqOqg5Db z|7G)4mObMnh|&>i{fV~!L|gV5Bfx$Fl8RDODM>yHbx%ezb%6s>Y6p+Ig71P{oH<+* zvv~+?Ygb6muVk?*R3@X3w59tbjyQMc_{^XE4o2WL-NR&}rPY2QGK-VlTxhgLf6m?(slR2X6ED|b)+}|bYOO_PZlM-nHusnj4V#=C7nqXp1|xYj1`$&A zlM+o!XEhGV&<)i^TmE>h_*r_y>hA37PU-@@xzp7F7Y!z?8rMx(L#&u|u|eImtHIT` zYP{0=3V4Av*PR-yzA-{QACxp~z!5dzo3%ENxhAD+7UZnO2wc*w5x31Ja$VC#9N3W1 zbH{mbQbTP0c@~BPkxS8l&iOudL@vPp_;Drw9e1(X_jNVh5o(JNW_fRyzhum<$g(&r zH~3tV^9-PqC`b=gt=w0597IiMU)i~C5voV5;P?3*>bSo7aEtX?j3U`J^k3R!hI?=JSa-f2c+J)R8mIl1PTE#n`IeAZ&VGwH_|u<{8Q9 z32S>2jmWDR;Axo4J^|Y@h~R1p`3bd2yg$0a#mLl++!!*3s`MC4)2xqOr-G1^~fv zxl)*J+IM&g+IX=+hW#jR4Q$!`@9xJEK6{ica z!1;=i+QjbsiS9E)doF}LXTV%6wCp;dl>=G)Iv=XJKg|*D1^qrd-;HDG=&RrJZXC;X zHMRp68T&60jl&>Ct^F2SEB9fQ%8WH|r#U$uG`GWgVe9cRoe#ZI7fUHoKKJG4(`T{! zf1L!_R;h@P9#}s{{r!Kp+uQ2p?*DgsJKd-I|Ht^`;--pOo?HV!X&lzJDmWrO_r#t) zjXn$R|7j4lhlHdwP29NcCD?Bu0OsufUayzW|J>`Es%I7yDi!MS)=_70p5Ry9q6xWPKDm);24e|~OWe)=r_Sxo*Ljrmn<+jzONa*TQU-|lW+{_l48 zwx8txV|?b{v$LI@6UvsrUS2|5Ec9i`XI@R_EO!5u;S~xN@sXf`{iJQ|rryMv@v=Wc zk6ug3Pwq6VBlm15g#j@3F%*A1$=OOCHM7o7@ax{rIu1 zzmXR~4{WE^Y-NLr#@6i%ubOa{ea7`)e*eR1Addce88FZP)9vl%_5ZEyC;#uGd}1$vYMZy)?T0rUR^^745%eWOqcuk@U@%&y$f)ih6a%A&OakYenK9BubTK>yQaKb@mU@!A*Y$+u*+ucUOFmwhNu zJ4-|?5ij=6QDwR%TGbwS>(KbktYcIInBqi3hJqRo1=_sJ0r0v&$09>K-6VX5&(iW= zz5|f7gJ?wVqyKkzw)zGAzxSm7KguU>$Um6p&gPFVOJ>U%=Xm@V%BUjW*|$u7)$$}7 z5su2|UfE`!rT2drcsQbSeg9uI@&EPm@n5_B-6#F;Q9gxJ-P~DXjpctu)!0vC(~B{d z5EQEm3X0WIK~Xf#=bPkJ>Rpb8B7>|<0n$3pXIlTI_y05)^Rj7e>Lo#3X8_Li{}t*# z?RB@G;=dl{Q{(?rD{NNH`(*b31%CQ6RR%r{?9hqyzr7AZOr1A4MXeG0v!k1|a+i6s zdqAS^aX3AZiuD{&`Q|lX2fWtaTJT{PKk--TALeq$X0pdr4eOP@M#>{X zD>TNQsw(Tm#Fy`)av;VRaEENQ_#KHTF}tqPKciOhGKc4^6=0&@ET+^Z&8d*lK)S(zXSF2rpO6qY$o>4PiT|&l|7~w=J^BA1<&)e0$4N$2+OJ1_)(Sawv@TQpm$>>$wJK4lU(dSP!;wPG-bn2gbUq0679`c{RsdIn%ztter@ItAt)TPXteA0*AKY&&tV~uVTu@OWkCQ z)APD+<~y0PTbz)TcqH6Mmxt%@4c}LjG>zK{$x?V1vmri)M|w%rDj?KiX~0=2Jko3} z4V~DJHP4wAv|o11w-gQZFsuQBFsM5`tl*UTbrh~_WTyIKv6svG3R zC9R#yI5(BCRxEz*gY4Y#7Sd8yUK zf*{Soov+N8Ws=q*d#v&p|2Nh&mvsg=H)NOJ|EZheQ5MoU$shCff3Mr`_4D~*q8T~Wbke`1>C-2VBE-nvFFZa>=^EVd<9Ed~8}ePvwf{i9o^!X3(utd*iA#+k_;UqL>W&c^ zp%=~_A_?ksox4pmb+0j^SprYe$1bJ(Rn9C)7$HkRu;r#WEnPi89Q`voyI2hQ?_P53 zH_pGw|#lR%(16rN&# za~QeuR)xXkNmA=bv}1PhT|mDv+>KK`bC*?Zm)Uy)LBP!)`ib&u1GN|?B-0VnqEE*af**#ox^)wX@Kcj zG)Ubf&0G2l@y<$6~=7>Du{yXwmwurFfO(ALAm zgFR*UYBn=Cs;#DXubWc?r*7nH=4F$AMkmkgFWO%2i)4!0qnk>xY%I-`2^l!*K7Q=r z)a&>|M-x+ny)oXfw9(;fVJZW>tsfpLry<{0-0Yvgz48+4Su3j=|0_h&r`rp($3lP&p*=4Dktq4UbZ? z%yzNl$bF>9L&1^UeT`?dlO`EWv2Vi8UqS-~*ovIp;3NrrtgLhW-iYqa#M zPT3Acyd^q3K&~Xz<-{IwN%DN2hSc$r^Z^&ia~Z&SV_xIg!;Tpz!Ht_@2Dk}lESEp? zFu5|7Qd16dFWwS#fzwI&G#{G3N{0A0KcjYpR)0IVxIB4%aCmuk@zaODo}HY2_}lSM zAJKOYJ9LMU?Vju2AbsrNQpGCQUk|qAIr*>)zS#P{I~ZIZUo5-A)`D_6%w19(-R%ES z_q8;U%65Q3O1P7Iosj9iZKVOszu}q4A2&ZL+N&_@s)?ChWrd|ZDMZUtqDV<0~+fS#|=VyeI zl+K%w(2h$dAbz_y{A)a`gkK{$=C~d?RnFz^PtS?}14xg<&<&>c%R$ZiIrKV+xuYE` zciei()kVzP$Tta<6iS5*yU!)YAN2xaAk1xY%Z8o=l?oS+7uc^24?rYB=RX`)fta&Q zR+5;S>V(`zsC`lC9BPEuatN8aocu=a=~ZGZU3-DdNyrOgeNMQISC$V2U4QTrD4%R*M$M$ox2M}uH8 zFIl8{qCfwc?^_uqipcf1$S1a*7-AfwzG?jUB*Nd8pR$$L$W5bmngr}D6|2)EOs6hm zy!7D#o9&+I=K_qLg$to7y?TsOV8N4UL|)ARg%(;11DYboYT2@4H6P+ayG9JTVMuPz zli(%@@faUd&kbE(e3aKCtz&PvZW_9cxx5ki;{-!^(;*+Q)bE=`k>Rw=_YkPI?CXlk z*OIG;W=7B4I}h=41e1g>TOAUoA{WKXIC0~c(W=~Mv1&jl_#lMWM4~811EuI9i}Ww8 zDtDxQ`N0~=_`bep{-K95DET&XA*y#CDxj&~AH>TOlCcSgaqPTtD|fLQ$BxK*;Z|`K zHkz%{V2VkW>d;d39r|u9#miigjXM(@PW8hjPDsY&? z*~QVPVwYk}++r*v``?dk6qLnSrwQ^8#y)beTGZ;-Ifq+~VqJ!V{7Kc&Seo}+v*3bFFFPWG~=&g7@yxHDc0EA!jwpC4kF!b@V+L*|=4(D3@z zvD%?kv!X-vF>f&Nzvcpg3TdrqL|diq;amb~1&taY8;$t(I|>rZu~IhD(Dkmf_==rTj-Jj}*HWaNfcp&UcQ3PjoI#T#@ss&N${8lh}I z$7d5co}ERAo5Ym+32(^9PCSI!)=rUW4rexd6^{P&VJ$ESzrPmKSC(Dn#O(j<=Onf?9IFon-W@eu?-!DPCnkH zOFb&p1gYh z=3YHjFJ5wtvd0&$18uc=fYs@c(VO8DuJc2Z*JU4LnE^B-$f0@c27q;VK9y8IYW2%JJhGip+%GKi%XRa`Z zt@gF5X^xzq#g)5|Q=_;@^&!i8UFNCiPafreGmml@csNq0Zfz6s-(1Ll8M#Hv#ipDa zvenG&gNBA%uS=Ds|`DDRHrdd zoU$^F{A0)2H3e9R&NCp6+#t*nd^t%losiIP3Nzm?FGL`JW?`uLe)H|qauIifYdPC$ za6iVj$NEzF+MdM&v2~6#_vUIF-h(i;4f26_+6KBHORs8`x}s2U)vZh;izFoDvB*E* z&CQ!`^gGm%cRh?+A6lr@ZkgXW{F?{4_FhFTj){Hay?EV2Izb%~2h&O2AZ&+ZEMl8i z^Kr#|j%Ky02TR&rElrJ*fFxpLoQR;EazJG>DN}XIelFD*N^kW93tY_C97^2Vr5co* zx?vExZ}Yr0=hn5V+y6r>*-6RNbJHizEaQm9Ika9y7zH67VmGZ$e=-ERYFrWP(<*Dr zBXJTO6B>xy_x)Yq!5o;<(uSQwEbqTH*@du zg?^>M{(TyjRVbmV8bu?&cvG-te%QibjV=HU%9MNR?w1%`9d)jp`6l%jySyv{FYv=0 zcj5yeQ3`pv+ot(TQ2(hcT(J@!T8om+v(BJQV(>#ez$TlGx5z(@kwrZ*|V{#wdL zt1%!RU{7+u_gR7xlucgZ?WS)0pz^E$^>OdEn%rzHbYRxrRn0#b>$>0jwrYu^vUtn4 zNHo-EeNAFc3H-`c{S>wB8?3wq{!=MFmCpe*UezUo1LlSXEO<0E4)kirH(m`6xuAhh zfdwDJz@v(^RTau=9*Syo>MI4xIbT~g$F8DIiE>{^9x>qga{VPm1dR}*45!S{$a(~zl%vBFE*$O_a<-!%! zqvl$<9uotceIY7to9!s(0yfJq`V!h`|s_IGx7dS9XLV-O&tshfP&z4uu8 z$$cT85*4eFq2PG);nNd?W~9l+fQtzpvD! z{2Layp&4)Iw2cQ||AqE{&X}0G@w}}MpSk;gyPwDcDr4^-4CT{ zy2y^NwM`#j%R7hcPnCJBzxhE$F*VrqIsK}7^BWB%0nB)wk}a=(mVf+Iv*FtxKYrTv zUugda(Kx}BHrn*YXU_iL-RtM~e}AX9`?UWbr74__a=l5Th2d$ci zdA=ir{Z|Bv<2xfYKy@@)44T8p=R+%SVrFsz$~`@QD(eO6fQjAKu__c#Z*X!*rm>q~ z)cWq_P0#6VJKc7-g`7h-c85V2qyeVR-?AYVg2;Ijq=rl~C2WM#TasJ{(b&0uPMv^s zZhAwUy1fJJkAT)G`EeTTA5X(cCB^sTo>ke6e4Kf!U!N4OET?8$x<_Di9JZ z{>t^Papc<`(jotnudcDTIWL%-U3!xA7PQ*vbRNqEkz^qc*eu0tLZ}Q3(ms+^_N}?S zOIo)P`v*q=n&-~xNt!A@dF-YWE528yN3G^ZNJy6Aq*$)ZqLOl%G@w?lZ4K4tBWG-# z$H1^c>{?6Qwl$QMlAue4z3&H%#oh2CvukfSX333yfrqO3It>Lkq+!KtF}j_tRTXDY znR6P4f#;?q$t%Kemgt{P7CKc7u;m9#MdQM`qiFMZCy(uRopbhBE7|1qDW_=pInAdVv4!#s;tD>ePXp|o0WKs4jDg%6Si;50v9tfl+nPMA3)X?E~52l4>t zQAdx^`J6{j?vb28;T4cb{ms)|Iy6nNI}M`o<04#t{50o+c?U>??(@!-iZe#OmIZ+H zky7z{&896GM*h8+{kM?)FXCqx^Zw1X|NDF0y}bXgzx(9>dz8P5067(C?eCq1Y{*tiV6tp1t{SbaL@>wWt1hdhqV}!9kDFF&7h_6rH9=}{& z3n^;%Qsi_vOg_%X4F(MLzw7w;rW0i$6MYlx`l#JoFOWcvz>Xwq_U&I$i-To@eQZ@u z|GpU6B;@6X-wKS7fdL9A*7=pIz9gJLxTx17$+kO0Nbq582g(jodgt3u^Ul^Qo?jv>_hNW zgs~5}r*4u8)D^Rd(*3Q~-y{|vTj=YT>r5<5jmv#zOIbjDpI2`w+K+3!VSbIEe1r`Mi|5TEM*fzrEg8{{DY^>*@ag zQ9i#_)Gvpn7W$~+Q&)%idak8m`+YJkpq%}_OsycF1XglU$O-G(#IFerSZe*3*#Djm z1aI@e@i`J;?*8u<;(zw~Py7E-KK1)Q4UJI${Fa}jX-wyCd=V4GBV?|#Ax5aH1FJ(pZfjZ+uJI{|7>q< zKl%S2<&$$z+xzyXlBZ{*RY#^4I zHi*V3peQAX8BdI$h-NXoF*PCyf1{0}IKimrY&kt<-x`o_gD^xxjJy!L5%y6QqaZ>q zVnQ=PqTH=&Un+$rX=**bTiIyQ=c$aI3q2fG5L#Bio6O&dVvJ5$`vwrbs(Kw2q@If>!=q#6x{Fv31aq4kBu%o>vMpIQe zx#U-SjFP*elJQ#2k1Nnc{Z8>Qtdc_oRlZWT;K9{sM;LE3tFlcrH2vdMFUU2YJ*CD& zS$f%xp=*mZOVevkrRLJEuw9jHzM z+9M5$L*?HYpZ8)*DJk#qSWEfREcH%HDX68NXeotukJnjB;Z;A(()^VD)GrN{jqh#*3KKG{?cYM}Z18G$;$cTYwz(-5-uF6?2_KA#2;0dwc6@ zJT6__vjnzPPXBkE$yq9E3-?s(^)#(`Mq$3QyTb1=*TS<)yq1EtV!Lu@ZFxD^+J5D% zv`lf_vcRrNiWSQ-e(oFfFYB{J{6~D_Emi?$PW)GIr;z{E-+QY6_Bfy4igov^1@BsU zn8>Jnmo9MBeij%8It@4>F_ht>sG06$H%}11&2A zS_BUDJ`J#QkL3}iqYs6BKfR#t+&MWU%8> zuzSmZ(#ymhjRMb%Tqymi29X+2)ki`jq72|LzHpwK=Lgj>lXMzqC4##wYl zoJI2pi#f3s4X+E@wbukzfU(%Xshf;(x@ho4oRE}wB-}@rhx}H-3dHy=|0Y01yg((o zCZ=YzMJ={fAsUM!TNjy83=b@GPn2^fr6C!O7>_nsELyr+wYw@0f7!*&J22)#v9E>7 zeWP`YKtBb`(4}~WE{$)~0F=rJK+8pUXjPa>75X}4r6$mOG4-RNIx$yM_{;`G1O4Bb z;BXp@Ba-0d#+aA?x6{w(|97{#J5T!mV|>0r=Wfb25*+e;mC@}4M`)M@q0i3$*!8a6 zF{aMSH|TN_P^ke>L?<{5(KsYSo+S}P<4wl#ZW`QR2of;9XR5(BD8ggVU(s5e;8Adg zeSSmr^}2)3qHu;t1U(r_D8>m2g9tk-&e7n*0N#xL1|5>=ltk!la+#HrkN-!*ka*YZ=OIQ3 zo{}5vqftVpX4#GkJo^&Q{tJcY#>UB%q31^F{>BEn5D>4V+Azgw5_t3q-0#{YyKDfe4dagPA52{h-pCLL3+9_r)m%asy8tSu8Z&*6&SQf7`4$q55@qKY6Jm{j88wZr}%@qvj z!8z-@saw&?SQ0K*q_Y7h6yd2G=t=K5J95(7)%%NS;Kst~mvuNo#qZ@yM_0x`+lsns zpc8h^-(ZB3gd}K+DRsw8LZn#|F-?Z)O-y&0#<1_0;*7F*oVY%g(N@L)Akt3B4cf{t zUma`qoE^4dg)M{^v(8^%U!1+^7~uaRApHd( zePjG0et_@W#`g?~bz>fVIgkFiTdHXUfV3I#2Koj#8+Xcur{gJt5bU8^sxi@35D_={g|2KqY^{YBQU>+F7hfzWk!*Nus6 zE74{i<9x$G#`++gg;+3AoRAnN>5MPJEp5}S_RSU=29cZ0*snK%j}zrzGKSeI4%38Q ze}IFa>+G2Hf}`NfOHp6XG|8m0Wwf@UU#dkV3xwUT*J8z-0v>o(sV zZ5>}IVih5NU#HO-BXs2m3kj_5AK?`2I(@x}TY3?DI~J{^^k65LI1`H5^o;jG#3NlN z$bhZZ;YBHEEtpQMocmXJ97F~fMeGGc@e7c|8yl|@?1DJsvW#hrjFqm;AP~?KJ(48Y zOYL9SBr8?&zD7)w?)WYy6q|;dIGaI$ySWn`1bsqvX=4gR;ax!H^7B>Lglgy>A9{e} zh1AIxPWQ9(-;4Fq14`ScK~%Nvx=ybrr`_Ml8$l^yM2cv*fL?jN#X~QoAUWjgK@xb{*lFTUFSvh{N)RSma@Utynkf?c&-5CJu}0ET;oV+ zb#1P`QGw;vtsA7TNpd8#fPJpPT^WRfvdmeGXc~keV(mFEAH6b0-&3RO6XOEA{uHAO zW?|B8x1=%KyG-f}G;3+KQ_){cw7TQA>X^6Zr$HKwbsw0Zx!c<4AMZ%Q@EVaC*9t7U zhoclHmN&&G9_>hW(ql3C>rDN11H~2HVkO$Q~?uCDqgB1!Q+6Y$&9-aJ!>54UE)3v{#ELZ zuYhHJ;$7o}=a`k-3*1E|jy+?6OkYh9ap}cR#fHwPE!!Ej*Sjk1$;G1C_l2|NY{OY> zidk+Owb4IbICtp1aK7ZY!`ObqAY~@My!c2HjOE^wKWQYsdC~2zbBEKr^RtV~gVW26 zjg<{_GU86}fQoAGTK7RDK{JveH-r}e-~e$WZMP{aYVAsoBMsx1T&AvXGJBh1WqoaI z_yjC7cQj%e%8XzL zbe-OgnnpJ#D>+FA!8pSH`y{-;egGOK+h5w$km1V^!KV#L#~g!Sr(~gd9U`@!2}T#k z2S@LYnI6LZMiDv%oqRBOi&C6SnPMR*nBY;!aA4hBFU{N#{dDl|EfYVPmu3mJ#@$lm z=I7>-h~F}p<`e@u4a6k{qFxfjDYXFhB|t+HIuh4O)}q4$5i$|d0?{i0Ar5Ev?vO+g zrvhDq%-s^u!cWq%q+>>Lavo;mAd>aaKub3#ux9{%q2OA_DHMlINr`ljK9&vij`+bS zU{alDo?jslhF0_q|G^mVxf*Y4@ny61VUs?43T*ua4Zl%jinQ;Gg^ZZy5KP@i#sTuN56tIFC#zs* z5EvKgVL8R@+Lw=g1H6zyQPHliRjin>wl%A*=U0tf(MGFbMrT8ESA_0t^&C*to>U=F zg-X<(moJ=Mr}x~_ZJVeh%2_Cy#0ni$va3pDHyAoROMP4NrDPwGEXEBZp z{akn7k=?s{mY?n_h-m7DAx=)B5xJ5sk`YO!t}#07{)0F%$vT(ewq@AR3wa?25O$4w zEV$GsiH{Su>zR-$yQ=`BDvQt%j|kVFP)m`@ER@l*3ky4X_`Vu`+n#?_aE^OR2U|aE zIT^(#j6{)#4-@R;C=J|@GL2APW+;8%4N*wOfd>}NG@i@EdlnP-%kMy5$g4Jne9xdA zmyn`RjBwJ{nHMkQjT!)2z%97#^dy8Wg-TGO>`Q(InFWzLH(N5ofoc$41B9V}QKmG+ zIP!7i&A4w$xb3c_%;H}oH>__!XlyZ3OL%hvwDMPIo*+G>AMbIGmTAVLA$l z!Wrs!$HR3;kF~29yP#5V*W=&t3^c`GND#r_G_PFrxs0@dFoY9vR8zSAx@u4G9omB3 zs?gJY@0k3$b!XfJGj`pTEFX5o=1FmiC}D~j#02w8fpEsPV;2oh z-drAEykjW+;@-G=;4L|D-@Xv$+FwYS>NCc4q_y!xy+*gya zH>@%%g}M)C7-ohIEfFu!0EZNFyI2H48MZGQyH_$FxS1B)q{2`1{K#@u0IVT9@CZAYsC0fcMFM(q%?OE zx5Ez@(5r&$3C2>4)srW=b&xXDZgiOs`3i&?v%$J5p0qU^xy2yM3f5#e(>I;DD`Eym zv)H!94u*kue3ycVJ0#JF--pO+PNCWxhM`3`v}W!r4e-!xbhWOLQM_r~Kn@H);$ZL= z$#lj*dToV+V9iXzUT1uP69=6{X+r$WW6M;P8F__90S-l~&5)1~yAilO9gUgh+^w9r zR!SFKVzMPS&JeNd1Bymj7|sO2f?t`ztbun+fX_Y3x17F&&~^GR6o_tR=!lk{X%bA4 z&n=W)=Z*usGqsKpe6M>16m9hplZ!sW<0zPHj%ozL#O0ctmqI!)E~vZW6WWcy7cj zb6|i{(xI1k-C0~A&NSd&e3vF}i7G>N|I6O|g~9EK2V5>|g_~cREwwpqM54x=vq-iJoaPa~IYT@u)Dx zjUK(S9udDO5b9~14a2~bDXB(ZwL5JY4Gv}|;LV(l59$cHDvRABOd5rubmD-J7PgXJ zGhake!?WWlnsPJAjUf5YV|_GoJ+<$*E4Mwrwt%PC7+YUngXGC7oP}dmP;a35l3m{)5d4+B# zfj0rEdj+l7#7Fw?W&QvbGH2o@e%m903}6>pdN}t#UzKErUuhf^GgJpmUZrt(CG}BI zLP~6$=hCghU~O02oQdl{evn-UGF#=j^r--MS$OcI0Dhawlg-kJn~L+pG#*7Pp6Ty5 zlqwMIE{EZP(Qr!=F3V%kZiJ@*6cO_nc`ltbe|4kWoivbxTMs;%ldELd2rQK9KG)8T zfIbbpFM%7oN~Qs+J>W3qTBPr(@8m45xSxeB5ceG!x;}_LMi+?F2LMy|nwu)Nq8TzV zl;9YrK^oj(jbKkA*n5#Xj@1PdUts{pu;Agj#_#;6sT*sk-4dvC_TsM7+tZtIOI*}4 z5WD#>h&y*0huFR@;KjvcI)Z|t(!KcN_FjnT={Vy!Aw#y7ZU9FB+@ghU7I_nyTn+_g z#ND>9L8}BWZWsXQS2#^^QkE!TnK@?hi7O3JC8=^X7a+cKlWSf87ERq)>TiJ8)o&k- z&MI@1)61G^O2%WDU1S;ryo!&8ptBD93PN63G=tQ&a^C>Z{MFyptKZidEc|dS#f1w% zSrZbSo5AE7l1e7w-rQ116FIO6xha{jKm<>fXX)1w@80E%cJBUarkB{E};dlpO#nC=rK zG?kIf1_Ip@1i*i2r0xk@j)pFsXgO@Unrx?xg8o7Q*Me$*Q-trB2oF-z^Wf+|&&2`s zvemlMo?7YZ25+q%T$Qq$Bl@OWzi&C{wk)^FqBB! zsXmM*M&KRyX)v+6Da;7h_o>xBCO$ejc!!u6F|bv;UvG~e8QI0OJrd8(qT?H!%m#ep zUTtzUi)P&Nj=n zLSt)trx{7`U64}FY0QEa_I8}$HV7&vuEs(`(xa$MC4H>wP#)AquP%-c{&sTu2J!kY zgReI>{$rSYx3aNuboS%v<;lBa^zP)%_m}9^F}gVZ&-W)6$4BV(*#$Z{MeonwTpS!7 zfBpYXM9?&&DZg}?UDlG+z?u3#ujRj4XNVeu(rhSet+>i$ z25U+((ABQ9uM=o46>6gc$Jq%>fbE1&eG2)YK2sO?eI+1ArG-b_9`W5=?TLFYs>s} zs=0V2M>N!9syxlYL0l)swxl`$Fzh7F#vr;1#Ga9`r73x)R9ku-#E@6k9+9N&5A&IO zz~#@{ZHiNrOIPE<3HTJg@| z9MIB<3onf2jh>}K(KEK2a*k26eo1-d5`e7}6bx%En8sl+nyD?EW-(86n2;pJk$e^q z#FTV4r!5$QK^!WQu@BBqgdM97d%lPX_L#b5RR5Btri>A`OGaq2`L+xgD)hf+ zpH-Gnk}>|LHS!E-Ew79MD&yi=*9i_|KCL63wP?iWGkwV?Q#XjpjA=kor3-9X(m^=p zuJMeAT(MbVew$k&9#qW#BEqg`NP08IJAXdbflyK_!CbkwFE2#xPJ93JUCI=&A;uA! ziVPx!%Z|(sit;`-!<7WCP{wcCc_{WFmnUXS06!|=-iTx=CyPx{%Nt-Iva1lu9{|PD zU`Dr{l5S#ia3+J~q995o>zO8$S$^1nsbk2u8o1Zo2%Vg3qZXujn@8TrT4^T2TNS{~ z>wT`NP2DiuL{sbs*_1~-F*CL7E(8Fpm~+FC$N)p=GBa*;_TQVt_3*j%7-&wUYOpFO zytjyI({;8D7&;8xV0em639G&Ow((#vlyLgXTQ0k<+8#5d6*D*TiyFldrMOA5&=9@b z^0bJ`v=TEmA>b#QUz!8KBz|6wY-@gBNbBrEW|(ZJ;&a+OKF9J&!zgNd>=p)j1Eu)T zVMsC`iRylEki5Tm3uNbI;APN=0aWb|LqozL7Kf)lbVNO*K=3mnk$r7yI#B_l+7yep zPP&E$zAfXcW{YW|T|+Q$%Sfo1$?NQdkXuOH7D6yRO5L&1wJWXfsN^g-f zSKQzVu6)i#WYAHNSTob{y3g&?1@d3cPfV|a6@-1$c~jk=#||ndMf-74lNUf z9XqJr;;f=){X(3z=Wx~@mMTJ9B8eP;*3$-1{lR#~*P@Qhl?Zd!j(IS{%)7?v@m)Yu zdc}iCpss{jSJZ^7k{}Gxcp;ugzVfmpypr-%UZ>uUae9UP49inK!ndNN&ol?Tr;zSe z-zxGWLb?Ra4IBm@jwt3nr(D(;A3!HBEZ{(SVaTB^6_g)}n#tuZbRq5ic`-=<@_E^` zg`yPU^p+&oDCV!+Fuooq#1PP1DoEbKNaVwpX2BbM)h61`83z1922S}Q$x`9uEKMzQ zvy`;;^_&VNlBTgS+>S zY_3yTMcsZ5{3)lscwi_O8@?u-(MJ7IHKP= zT#W}0Zz`pZD!+iwbx0HJo*kB5HGS>FmG=XdqF-RczBoIIkn_UvKa6wWcR=qu=RcIU z?RV*f`%b*z@1_%8qE3Wu3CFUVPN+^~m|!u7?320VK~=eltu zxXVO3l6V_4n5rRke!`T&6nSIj9JWj50Jmgvy&-zlEPZA6*0H%-#RJz854?(JjJ@;8 z5%FU}+#U0x$1g$<FiA^us;VeJ0&&6%I7glvc57E-(OZZVviO3G zs3aqFH8{Tb;rQai-`~CcaQyeni-Qk`XQ!vf>~Ow98MQH2Vcao;JI)j>-PFNMQ$8us48CB4yG&yb_TyPX<|I)fv#$OWLJ8O zEjh+cPF@?={v<*Zp6b9as*6f3o(?ha+YwHNGvzYU!}QCCdC;jS{#$4j`x<}>8163w zL2=S^Q4@H}DCA6P35UPn>e*A=$WZ>j}gw4uP)Fm_5{%w3yZ`4kI- zpkD8JZYx{1r$|kgXBxdvLR}UV?j>?gAAPN(M^eH33!I3&P*x!=!bGkn^i9_Afmr;q z2s&DtAi|KybEsn=B1TzjU*w05zC)PeV`<+u|5&2tn^QwG14cg=g8saQUCSIQ+)vK6McYW-6AH3^??wR^ZbcpPr$Wjh58r^G zsI;R12q)-KK+_}`X8a8ZqjH=I;dL||6_C5N0I_$R7aD>Jw-p!A&#iYzbTKv!017(v zG=#leSbReqo@)p?*jD3E@=k;*fFok%g;1^WG4gZG@?q}jI9s8e7xoI%T_WP+fe0|Y z+C*2f-lNE^Nl7T4>Ck7_o(_^VAUB|d!M0nu;OFN?W|UQOB^S8`Wy-TC0#*~>2}24; zX)@zij^GKQdNdUnyH^-YCln>2_A8>bqgNl^U%Xv6I9bJn>9rGnJdqD0Qy8Cjx4USK z$85}abq0tF#Qc>r^=wfXqLddM5*7BC>hiq%ya$ny_-^86G{wGwgN`75o}+uQu!#|{ z2tkH2-hL>`IAmr*K4+#YS^7baD56PV#4U@5w4=7{Jrs2b=jjY-4RfyqCU?q#!_3MY zD}N81jq#Sa{!qkkYuLL#ThC!woLN#$MQ*z_k?G8x+v{e4pf4jHc%5f-)7PWz69AckTyeWxprL)}NmWA^ewg9@6rMd%8YIT6!?5F=p^w8evnj4Vo>RgTQ7 zq3d1a$iEUhQ^wn<^lI$ej%d+fUE|m-!Lb2llnSz=`A@Uoe`X}rPCXSqB=^H@5c-~* z_-09zJz2JoLE5%RY(xURps~Q^-`qV)}g4v*)Hec1)UVrv|SSBv8}887sXZO0&YPiRr#i+ zxJy3&;ZQ^E=0aMFdWNW&=28@q2p-pHGO`gnx>Y*JvEbp0R|ki3x0LEQ=ee9|w0235 zPi`Zq!y;pb(O-{V9m-m@Bw4qLe;6m;)V=#)RJ1KOV|f@MzwtekDpsR#0jK+buZ1^w z|M%_5;qmFE}X5esOm6{*ZmW39XJ!2A3Bnuimq706@<{M;NRKcv*EtVAB#aY9Tsdy6+T9B0*Sl zGUW%SDwU{id^ef!SM>-s1t_TLYnqQxb7vGpJcD!~D_i%NW=*p31ij!nS^-sdaUL&{ z6cF=BJWGP{Bt_&l!U^JD=^&j!ISY~mzruI|PFW9Lnt`Hm;zp?qYY=oW5Wr(MM8^QS zfJ7DvQ%yV<0E&~qg4cBsU`RT_0>OZtu@h08Da4p9yx|Y5b?h^LGyP- zN|%5l!jl;V5;S!qcZ_)&+X&Ijn+U`Q$&8H#ZNA=_&^-9N3vaLlUYgqMJ_l%{S3$}OF^38oTau#Sc}!lS?o+|Y(@;Hj7V zCz7?$8cE=i6`!A;<23|4|n{ty809ZtLev~nHlB>0SP0$7#;tMS~~7UbmS zIW2}KsS|#eJrxPVP@j&+FLSQ}l?xn1UYG$XWLYb)7B${|&jc$)qV`Ku>1myGkxd=@yYR@URkZ zoKn1|851jM>Ow6L5fsL-6(H7h>W`HoBdn-{IL475+@T>3$?dwP!Vyk_8yE5v7(r+& z&jD67eBuk|cty=(91zyYpODv7wN3JMj!@Eex;^!H;f;5_}WDQf`{| z_9nuiJ0ywx7fIwYo4ZK>W2YRZI7&Bpgxl?egs>?PNrG{}jO5~)7v-^(QzL8pZ=yW; z1oap4~nMarZ;iQF)hVw+~eX^;xxA@vUawl%|?ClW^*z2U4(t&pn>$6f7dVJa$M z!?WQTzYp=m4M&KKs+E^!r#)(^Ikf~Ve%>pwOhyR&%L$1BZI?gX(mv1bY}H`EX{9qcX}ND8YCW1xbQ$hzDVL`O{op1;X28+}grA zEwv!&v^eLt&fyG+MYH%4$MO$NX!x;x+Qdh~% z2z!`PHwj>Oj*=i6ON#~v^6WD={u*6JZU}W)gaJ4m%IEg@Ssx_%4st>=F$NeAUf^O% zo{gLs;+8FiJnI~EGGgnmY$2KkDdTCiDC&_~ckHsCLC6WieN7)&O1Dl3rEOlt9`1lM zray_Q_7QSX=-$#SNZC|FJXUodCGuJ)$VtUI0S9LSN1O^%Tf_16;>_f<Gn7R5zcCf^7#~VAC_? zz|d27rX^cm3PErPwGI7wS{^J3QyU>kbW=XV1OFxJM7GUlBpy*Hm1LXR6as>1)|z6R z=E}lo*|oo-?5cG>(~PEQ%>-6mMukQn~`O zxhV>0 z*icZ#SZ`1sxGAlid~RqMuS`R+(eY({89x}!EZ@93HeBCle<#e|F*(wJB2gC>>mUcCe&sPp{C2~%}% zQA#3hRe;(G&U&r@;g_YLrkttWD86R108D**DECFjlcEH$?NzY)bYAujD z=smBH#1>6fF%4%NqH#f@{2Q~p7HK%M3^!J#>q=|-Y{a}HhpT!+)BC)LX(rSxK+|9t z4uY$$zPx?p{ZC2CI;q1i5Q4$7u-Rb zVr>$Q6U-TZCUyu|WcUtyhKL8js|cds_$$~R;x1sY8}bNNH{k^* zg9!PUdPy)8OQDR8U>p?vvvN1dbrYvS$q~RQwdbItfP(47-wpiHO&DEfY7;0_hcj-# zg5}LjEG-6L6~TDXUa(EQU}Eo6jp`c16}#RfZ=#y5gOu8fyN;mP3Thn;(8-{MUL6ch z29mfxo?L!^_Wlz6cyMuXaC&)iJV0j`=C%CUYjkk>6Z+f9>Cq;_0lxvhi}};Xawbp- z3;TwfRPP}0le$t)&Co3;6&OTGQN)rFx;(jjd%THG&raJXr>`$gPTw5AJ3hVKMDLC- z4!=J*y*zkz^7iENCt#u1Czq$k10FtbAYhyyTwI;z=>L3T<|A<2WI45-{}~CM+L#0RGbw*YKBeZzHAI6l@hKt^*2^of0ol zW-=G*;+_?}vF1f<(U|4D_uN5m6-imAw}Cqh!vCMWcW-aoMjnOtZ+!}sRvXJPDPNLw z>qOaCvE@XKZ$C+Co0D{9N`xfV6rm+3+p6o|XMZ2e03bk8ww$zS_nc~~mV;T=>ZBtvjH!W4J z*8JQ{@9QWia1zic9DqOvlN%?Db8WX!L#D(ZrW~x}<>v#rr*(a>gbdV{MVKI2Y6Q?# zcDcQn!7($v8G$jZD26eh2_>%%q#i4a+DdHz+GZ(kGzN`5> zO7jn0z~)@@m^pqE#&RM)NomZr~Cu@dSZNAj#0e2M$bmZ4>BF23(n-f{|3_IA)xO z5(&z=L4wB<@SR7RP&QX!L2+I&vXPnGI21olgy?P`*SxXtPIH@*LWdK^Pzws0PRrO1 zI#=S85e0s-DGU4h@sQ#oW~c_0+;0JNN2hU^>hq|rw~?AVVS`9&p+Ih_3$`O9Uo^Eq zoOr6 z6(!^7nWo4f1E~`hZ>DgB{8=1$Jnw*;k;Y9xM>Gzw$Am>eiR#=>rof4maILYJ9p`zH zWY#jNIrcfHPzy{dQ8$Zv>bW2Rw@wbky;|l52fsJZ z&RQo2?Vt9<7J{~5Hj5V0eZh3y6TiV!uCy(Q5Yk(*!=`kju(b(FtY%?E6HI%8uenXL zbOwzAPG~%gn5@<~Nc`aiO*wIHZk_Cr68S@Q+bt9^0aul;KI0|rk#$VhDU~+H8CAf) zsu6gt!!tE2-KysyUkApuZP;d^pwS{u{cCLqg-1P3z#~6W;zyii6^^9AKt0+Z-5Jmg z=U5U7o?R5{-O9^YnN|lhb6EikshSBCD|Kc`2#RaLgB@{K*p^S}`~pGhJ`c4$USdw! zUA1~9Q*!vpa1vfBPMH}KZx)Ni;+EW~;%zxA>n${wL=qTpCYyXVO@~mj4rQ>F&t>ho z0HNL^vIZgEcz`-7#zPWMAua-I)D)#f9OKo`2B0nTEtQ=jWIt8pexJ*!^mTT@wVaTZ zB=lvnhx9qCm|98;Uut?Gw;C*yz&}&`R)RO6txKsj1x4gCS@BS3FCt@hNs~D5*(bFn znY_-6>+*g_H}$_if6!+I|9@St@>9pS)Bk__$=1_n&+`8NPo6yc+yDPdeAdYKhY7P& ztwCXjeXMJ}vGE3CLFcnQayn0p-$=lQSQ}+3y?_`2MW*1xcDOeWQ;Pmu<}f-98>o9I z`OwBMa+%+m? zv1WTM1Lm8-aXJJttB6u4i6LjXKJ;Ty+M|uMMm9E1PJ6ArjSbjwqkLml6h$X4erTac z&zP^O;pRtHB5_?I0(8Ul8bquBTtK70LedqLGW~=4hefg3K4uxyy^uluGeLMlI^lJx zqvWp4oEXOAx(rm5TWe6XK;gcs6~Bf#>%^b?kXZ=NRhGxRQh9}8qI2{%$3VIXj?LL@HU`_pKT z{074Ji}$DRI{ohZZm)IR7nAMppPn4HU%%@#h4}h1LpvVu(gdK(awWZ5sQGW=GXhBo zQ!eo$9J8#GO5gy`2W>u?v7qKv+UX-Ml}xB8T$03z&FxZAQm-I`pz?v`HC5mYIlM%? zv`XnEez4b=(M2#Y-!6e@Rj+w^C)UV;tmA8LYsR-%J2RY`ee9ZBpLV2doJA4l#gLiP z1)i5|t|vJrWZKM8MJ2mz+9{dBBQ=G@L}Wy-$TW<>nJkym?~$&B-af-{_aU1aQ7B&J zkYR!HNv?<&o2RpRYIqqawZ?> z2C9e8Q>I-yYMYYd5UliOZpmI{+as?f%0X)vrx~chLgi=4IMvx{xA(f!>h{l?-R_U4 zor6YoU0n0SG=ja8IW63nywDhWNnT7B@;-X$8ZwZ}$S<75Ge4a)oEuNjtg$>-P2|=g zzd?ASNScH-sW(mCv(N#W|0~u$#wrTXT79? zX!WLmwOfmV3{)YZfE)|Q9QBJ}`LJ$Al`NFSNWnTcM@Gu>oOIFHq7ik%Qp&|IYt|uC zs|IoWnFmEbzV)ujdUG~Y%BWhUndlBi8`W28dc>_RB>Oa+Qo&Z_lxGPOCs^9MA$&K+ zqOnsy4Tm6cie@ZO>5rjU6QuzSN-mQuv5eT`Y#1@BI7gWd)pWKrP#A)coY1K(Addb? z+7U$Y{!IG`L8R$K2-h)0B4dW9=`5nAFNmHB+$xYGB6q*9kz+kwo!7v|dxd0h_CN%X zm&hJTlR4@*0HU(D|{PoS2G z3^o#{0J3RAy&25BW9Puzly5H4z<8b!TM(m|(G4nx$e?e~tE9BVQL#Sav6l=5XO+D3tQfj3AGgu?TbWo+W(z;$Qj-gF43+_@ANI1Rj?fYWN2f zXTiwSPo@2%Y%t6}WF`v}!<^1i?p;s0%wM+T=j(G*dTV95TveTq`!+^MATt(l)8wnJ z4|BD8FYL{%ts)YBG@S9^gZGA=0a9YaQ}gtOvw6dLy0tZR9tJ?}8+6}!U|&5ruDaoD zzYafbcm?3eiU7t(MOV*$ujIBUn|Ei9{ZFE+^) zl@Fx=qg4`0EmUoyh8C=&!-1ILyImz$Cr)r5>XQoP=#g8*Z_geM?i?gp?R4GYWSd7VQ=oKgK$WaL9ZaP(` zXvh-u?FghqWbP1giCiEO3FwtJ)mMo0tZ1P88aDxRlNDqim4DqR@ecB=PS74HrxvT1 zN|xu7t568~a3;hZD-#F~{NV+malo^ca!Lyv<%0?IP*to~sVX0^EuG$BeLrJQkJAZ# ztl`xvNbpLNg>QZ-4(W3LYU<**D_^jBf=BiWIZaMbNSqqhHd*@q2vS)B<7DMrYI#h@;p(6M)W74!iyK*?Gk!`|Z5eN-bMCuCU?~@tTIdhR~TZnN?7-1v$7W zkDY7T(DS@XQGUp8aU&ja^6{RA@rZljtWmu|EZmZh09`#c*2p_NSh^|{=&_}S+wkqt zdu~=E0Rj~S%$a(bs%s8{$J9lsybdy(hPpfFGu&u_EvUE5bFXZr(UVJq!REt>8cey7 zB7125*d?vQE)ogoB-HgkSh={aE8ax!`g%5KBhlgk(T_g0`Lr(l*I>)G?GW6l0 z0^c5V^;bd5Ms8D|aHu*ZPh3F38D4wG4ky%~ks#z3yrvHY7+zHm&LRwz$f-U(RLo#f z3=GYo37Bv34JNAxVfj&Y36(6OZp}|HOHjLt_xxtXm;O+X#F`d}bJg+dUBSmr}w^*p)Fxrc?>jy^22C##O#VuaeR@ z1#M#2AV91Lyo7{m6+bm0OLUD4N7HzEqpnix~; z3?*Rpw1^G9j3>*XxUo4_jk}`=}XUZqisP@F6n?w4C|rWRKLR3v7Xn z;TN1$+b|d!j6?6KxzV5~2MP!(#5|>lj(pL_rNg2}A4)|Elh7hVtF7Bos$DhNf&uD| znLfz4d52cF{0ZfbtO~yw!yc1>Nyxhej^w=&kbR1|;j1#OkZ^w60zT{NmUulLXT?StC~ z0?1NXOAv2c?~9kdxG1~3(x|qvLEch26XM=9R35Iz9fkMj6?ggWdExdq?phhtsX{Hx zg4xYuB~r~;fYq^V3w1t%EU&rBCnMrG^LOp61YP1$F8ST z-f&lH6c{TcawLs1bf1C|a0AH?{9Gkw5%;7PrRC47p5gB97eBY%-6e-rPW^KZ=^FVF z^Xg-~shQq=ZSR4bE(Aw{`dIm7XKTPE2>aQr8{l5#nVnsrN zQk_qa&~9Tg)XXsf3MFwNGj(^#xth47R-DB-8W-fT6QpiCP_me)euf(e8*(ur&!76g zvKY=G+J&RKU_3mnkCS@h#{u;w=@bjbY9>#9*!={?fR;Ap#*m3JT8|2V4&H8R26C!? z=^niO;@qSOnCb4SNpuh1_9R=bNnV~Ut;n#8tD48~07)mB&4<%jM6;cOdtfQY_bTsH zoP!=MwAsD9tW16{?-}z-61-nm5nJ~;VY3-TwP*-f#xr-t)#aP7;EI#X1(AtImA?Bk z1HQUPAv42t0C}yk95a;NlbLNf=IG5vSM%rS{Soj@e7$|Rm=EYq=ufllABX8=K7hR! z>|1%ErwOHXEN)Sk?x(76O~xAH3z~=1F!B?xlDjQ_ur3UImQu6g3LGh^4HrLYoUdP5 z+C}xfhnp92q9&4sOh6SAe?cw0cKL)kJvoWPpbo2O5?%4tqAQgKzl5qJyy`x z@K^Xz{-%C%w>@BQXI2)y; z`K!47Uqx(?e_j`VxnC+T>GQ?!RWSuI137_xoa{2uy*S}N_^s`W5#50p@!qqemg4zC zNOP!;&;NPXX$cN-`tD?9u9b)NmM#jQB)3@=k}2o{oCnCc8i=laYAtU6^rY8ppR_s! z;kB|swEibkCo1hFrh)W%rvD=;8)Je9e8v_weA9?uFSZuU(2&;Ebh>QPDvka{Ycci>CKtki4w)z!vBWar=rXtEn^u zg}hSP_DCzh9M4+54P)}b&{_VxZv0VOrg$$XdyRGdltm>F^5QGk#k6jSfS-?r zjHbkOU#eE9`Bt8V4d-&(d1<(XoAra$uu1O!b0~cW& z?8&wje-=tt+dXo*U76C<5B$^@dw>RjBA5yxSX3D|%Ad{l%)@}HdhsH#zvii+vI7Y` zN49(9H}_B7;G86>?NF*NrFQTLBdWba(N)@w^BQ}vz6ALdv2nSbHaA-B^WNtKO5MYr zU}mqZ(}lFqC{B8Xpev23c^v*{PRTJAlzdAUmJ_Gps4W|2l_yO%RKsg%BHqa{`g4Y{ zX$B$dmLV7+y`_tDd=al4$H>!!#bZbrRSalU^k>df>UyDk0o;trFs){vHAa04=Bc}+ z$%0J$1gpMi_b#)wpF);q@h4CHG2PgxY;3@r9$;~q$!f}U8j8&IRjKUfGEatYuHLAS z{nf@s1@0BuO+_VSdjjt9HaEhIbyE4^rwWgCMVo0jrC!;|xuA;*dR>s?X1CYs2vMq0 zU1u{Ia~_dI4CGGeHQC*%Rp@ZSNcARbd8^L~Pz2iAOpK)rj?U`gQKcl)u*UqvD4S*k z5o2k1Nuxy;?=#FX5uR3R9Z+Q6q!UxSvEMh~I}ikTZf9ZqDu#h{T9|i&eIdq0i|i z$pm9n+FlF228l4N`8=AZqUF$!qSfAFUlHkwISLcVv@M2AGp76PjBgh1PI)SD#~JHAO`7D z#UL4*Ct5>ZD{fcweM_aM!1gmDj@A0^PL?^2ql_n2#~{@UbYwkIXLVk7I?u`avnLj) zFc!1eltmNt&RPRv1dg~5(2JR4b%bynvxEj7c_U9=<8A(v^%A^6Pe`3^jO_T`KkukcsV zTNmqAq1P4V&2MG9kXAdv_wyady5z#kl}@!yGeA2`F%P>|VJhm+CkKeanEoD_OIC^4 z-rng?e%gKVpDUXD&(1xJN?`~esE}V6$kNcss`D&}5u%pt0QIRL%yJbItlCrYKM^e? zJgA(;sI$1-$+~<_n2L-Y) zExFqS$YT3-NUg0{3V4<4fnho!Cy)Fj^`db2sCLh7WG2c}K;*q7U^TqDgk;@BMm4lg zzk*ae6V9knGLy}+=7O9A50~@$+}ldtAL)bz7{U|LOFvF!&4my%U1v#1#AD(s0?ABr zzLeOA1~R58lTa@xotaF9TXsU<#%L%morLdDdzGBWCaeSMZR*+%C5O()tOhT0z^swmMJfV^ zY_>R!TbDFhbY)5jRk4^)AVY3!IFsX(0d&feGZ-gCQgp78kIdBtc@io)*YGmKikv^{ z>g6AA>B3aF%PguwY{)6XSD}B)LH%#4{eO&V;rc7-KBB%5c`IO0RFOgw%DG7ZF1=0@ z-xb%=xe=Tvt|CxyK!H774E(&=>9r4=`@Pf7`~I8L<5r!fL$lv}#!PjWOzYz1quVql z(R@~{9IqYd9yGdmpM$brkK4Oq3Y9#oSa>COeh)0D0yG$1v^fmxktlOR-pDYZ6aO+~ z^JEjJpR=XqmIKrXsLa+=hNI02YH*BLGnFj`Ge2KYkjXL0j=~6z-Ia!<^Rls3K*0?2 z851*LAbUgMM#up{5W)5ZoR(#^TQzJ9f8JZhD~oizCxf9dRD6$^l-nOLmhv?5XZ5`C z9vN%uCu5rK5tSBrtsF@P*et;FJYwU4 zKfDlFIyd%BT63rV%t$D2HMR%#D!s@2Fq8K(EuCBu5BCKD%GJ2n)5yi%Q-7wD z*o(i9{aF^Fc6X=yBlqqa&Wzkkr!$Km%YOCM&cm|a8zpDpzl`od9Mj}{fqG=}nr zX6BMG7Wjd@O~ZL2>#D$gFN2p=CXRC%6+D9(>v$v4+`QG5WPqbCh!1t`MJs#7464s^ zuTlYPI}5r{5}!dylKkqSmZPea7IL#%Erp_xDwnBCZf?&3SCaWlqk@XcXIFR^03@$c zX<~Az^}#$vBRk}ZU^5!mv;YG)8P@3my~s}aO2~jhV6j1MKnfPxFqK+UOa%6`Y^PIJ zhnKJU#;atgQK=!3W;=5M+qv(+!tYn?$>`bvLtnx{;`CSA^DI8rV!6xhF5n-op6Jh(|p*1y}@ z-l}fpVJ+?rl$3cFT?xSF=jS!A(uFEB_YsjzI)=tV$ej88 z1nsUs0oN18e8q(&AZ?%36#kqwz4x3(iVG3`uvm4G{0=G1NdLdO#uqCJ^+V#kh zKaYpT%(W1wrr`&Hz8}Sr$|z0uSw70%i(jVKuIOfD8-Jx9U9)^%GC!DxanX*XUuiPl zTeLbCZ|Wp7Az24XC7a7S7Dq7xx*i-P^N!PmKlbC`@#}=mXM7F5@Z$jgbUPG;5Delt zKr(KMQAN81f21`so`(VTK!G41Ft|2X%#FK-P$!c}N!M|Rn>!=xhGWC_&bQu{x8-eT zzQ_VCOW#Z|4&JQcY>zlE+GqVv^W=5wr9*T=%st|4IGNlg**=OK@dA=e0R*uVC^I+! z7b}eEIS}Usq%b~s>15AQT>@?Sk_D;%;ctc|qvJ$(J<_3=G~F^tv4E_fzqJ$0&R9TR z%vjI|!auLwN9)6!d}7(OmUqMCfjZ$D*gXuZlGgR%osy*_*dT)TkmSUcE;$>oBR23O zTX_1!fP}0f0$;PfgRfj`iRpym$X3JJs-}$u*^?iaxE2QiIa7_^Evo6YeOl2 zp9jThtXywOxaP4A2Irfo_0kD2;fN?2G{7rO4U5UU&XG#XSprbKUR3>0mAO+EW5Eh#So8}F zjU_tr%mP{xUAeTZjEaQRgTX`2&=eF2jmKD$tfOYANvOFTo{|u=^A{}3UrDk)1^2ImSD482A(UN4 zy+Uk=nbc>g^1B-w8EI~8c$IEhu3a;Iw@HPc8I-DcMy>J^p7vRu7lRcYu;B$wuv#8h z1$to?Wp(n95WUJvD0+wPbNWYtMP8PeOqOiZUI{sHq~I5jvgy!I>rpuPFX-XM(A z#9sgfL*G&eb%byqbY}?{g>Fk3=#Wi4XyFO=cqaozcGo#7;dcM`u|w%YwWNvwmZVcR z`Dx-0ql`!C>{|H_4B7<)dGuuhZV*%ARMuY9DFS5<`zRdvA;S}y_agzq6D>T_j5y{` zK04?hwO@6bo%j8-X73H5@g=$RlMt($WsgBspUbv&+sXj-nltXqijnUWwxOa{Eq)U8 zwkMZaA(CIHFOa|xS4d_RLgq=dM_wRZiKm(%B>6?R)e+xh>YEn^<-9CJ{o8zHkNo8r zi`-}2W_RH8aOg&1Jiqp?pFMH6zw@4f=4>k%By;cAa7MCpZ^t*!cl$Nc6SGLOYS++X5{&)8Tk((QJC%iHy~x3}EgzCR6~J@EoMP^H*M z>C77>;+xQqWko~r&-#q9s6O?>SfJ3aBdGda5Wo3`kYIK(cEum=^_`=8qV;el+SITA z`KOxvV8`hwtf*kBI3pvtXT-z5l-~SmsSrB{H)@wbVN!q2rLJvIG!T$ARaTI;X0(^=uwR_`Cfo zL*oybCE=wYaRtsUjIAO{DrSUBegZ2*yre$A$iiKyJ7a;X6KmDQ6kV8>E2rZs;KhtQ zmZsM@-Q}}_Fh3fQM+qI{H;d}flb{|e)}?Ori^H^Ay|>J zUo{iJUuWXq#?N%>hmrgZ{*C%{aI2R$6mF4$5(pkUf4H&{P<}R#WX>7hFxUL4O2#8L z9@B*IFrY&}v5N9bt0&L-i@;?jn}byDhY?8JY|cr<#*$Xevkck%z|UUQ9ah)*-3hOt z(3x_g(*&qP^kyt5D2K2qMr>S|0AS#b!H49<(dp}4MmobtFWE*IhpDmT zC7LN8=i*13WFE`33h=@TQ&qv0f+GeNX2qDZV~LJp731cO1e+oa%tR|#f5)7o2mz1oprDQ#HU1)!$3 zRdDkTm*r*3J`Q7*6Uj88m+`I-OZt~4 z_%Ddv@YZl=(1X|RVrh9T2&ln+&%wo>nKj{L?#%3^)-?v^VLXngbo>MWTHIZlLtr=w zFR9C-K--qN<(nZ}oJN6K75ByoW0%&OykYq$-#07#z9hWtp4nc}!Gy63Yku-OHK)?w zq`#ARO?Vt>c-h=BO;Ql3naUYJV|WzGjZt2w+>Fs&!imJnkpisy!!5_Y{7uf?KKL=a z%F^(toI<%N!Q&w3F{3k|q$*QLQF&|Z56{-cALd{>BIaa%zbsW#A7Xn!1mR&iN16#$ zZLF-;A{Ikog_Ks%^Nmr}bKA;ZY$yx|Nd-hUYP)EGmS zP;Vb2N1C#y1rK1-c*q3EJ7CBr-jTmx^YlmQk=?>?3lITn1WgrCmW(~ivz3j-P^sdk3QDO z*Hg;5Kc-*DFY2mO*=*}Lkpgb&a^==0)YUG$te9U%s8_|EF|VQ`%3-$1i5gD(F~H=!eOXtUj}+q1!OUoM@Bz&#yC;fz!77n-K`&F9Bv=j8XB&kH+;mPDCgV)$U0 zF{qU5C#eep7N2Ct0`fFEsw(AFXH^h=Fu?^8eVoclA^xUdoE`8bG5%B4#+~{z0bh)1 zdtdw}bN5eKKptP0bgSRB%IDDg!JSsmGhjnC*iKol0hE@6SSQ$`Dt-s4Dh%0AW#N3N zAeUpOpD4>|+uSBRGUrLWSJ}vtg8VMbZ_}x)hyCtxNApDmG}Kk}sX-2~+glXEPb`WhDhscWjtK zR)HB!bfFlXZK!%r)*gB5x1eNQ$iYU?JL-ZFu!)k?kO~xqLm?_w+A(?4>z#F_oXMus zc^t|yX9-K$kVP_`L$a8Og&|&gi63)_PCoJ%G|A$Q)_X@?OG~#2;}2+hMQKdFKTOz| zoJD>rL?05f0L>vm$iZCik;;z~8bco#7QWq-{hAne2Txat;Qeehq&ZI~3}><5tPviL zV{9a#naf5QR0x+ccSq(qTsA?hV@nlI?_JQIif@O83k>MiB5@>^l_m?aj;<#1nStn& zO46FzaEvtcj5r>dPDzN8;Ik}*$W3zg`O@RD%)j-xchr4spp~zwUwTJf^ZS}vd@V)S z6?|1}qT^&5aR^6;z-i@I0}DF8+s;_j@}j4o7UKX2L}bCg&`A>ctU{#{(9?*UnzbIP zjpS7&W^EG2X2y8LPx*o=MpNWoUS(M@jLQETaq=RKxYYb~CVG zq!T5rn6%zC^xlR2tPoOIq)Bu6q#S~D2GmdUZ!T#fG;H<-rxsHkDq|wCvgi~PqHsqi zew4E~63(JI`~$Qmt)sWAJ+#zB`D}iHKsnFyaV@JC}wta`nua| zcHbyZ+=QaUB;VSJAQGOvyr*;uPkLv2YwI|4RPw3W9KV`6GE3w%d`KTl3x_BHjg8Dt z{Ht{9&S55HxDjlg&gNK4*SJ&kEe_b{Y&8t2-`*RsqFD6pUAK37+&^p|wO+NFz5e^- zqnCfIglMhyGkjZ?`jbLCett$^w;ek3I2pXbukCSx|vy{<_T^d-jRY!GA}`# z0va2QBIfI)2v(Mk2*emRl97^v^R}+{q-SUI$1Z8^AKSbqWh7u_aK*m|7F^Ftz5*%# z{B%?4(NrjorQY&wQI_*)NlE}|w1E&uBy+s?)g#UJl}FA8xKu4TkK_V0>4}d~o7FV` zVV08tO?}VyQ}eI53*}GM(qYa5V|&E$lX%a+;(PvZx_5o;USD5d?_JB!o`Kc+wfS*A zZCoKy(>QRI{JKXRfs#*zCRPDzR|$qYf9zSiW7j|Hk#4lL44;zB3`qSuW7`jDNp_3Mcr&!tL4R8gWm2A%%SNYc1usjrdOKV~YtDH;Esyc$~>v0p$>| zrH&)tRFgJuRCU(n(o|+dv$$rNy=2+Z6x?G3=W?@j7!|lCt(3A)$*ES*%7EwQ5>7>;z~Ofg^%b_c@<*whbW$uCN;Hv1M30=_?lG(KYH&RsKyqhtlG$;Q%9qzlkw zbS}-gd3rM!lSal;OsAV1z3Ds6TK%0ED7h0fI;0v;=gXFUwJ>c&Ik%9IGIGU|3pCwH z5Au%k0MGJucj%1q5Hkk(=|raPRyD;9cs|cVd0@EpYkVv|29+BP9*d*%*vvxc^T+;U z9OJPXqgKMHv~DGz7cmsCXGn*w4~%hK^7oijV!T3;WUuVjvG&d-(}noclUtzfxID$m zA#>8ph$TY`QbQuk!&?+w-f5Pw>xDaD!NTR?uY%^c?r)w@KXB77h26|jk5!}JXa zn`=M8x}X9ggcJexr^H`;{>$}_SL;%~xfxiw&ES}=%?vWSA?;-UI#+%4%JWY+X>0&2xm--BipqBY}U?M5|$aj!b zTK?2&zVCNiogZ2q_)mMk)i+1Z^%8HTCB4p0JH3}>lM=}IOHM4GYWgAbv%GsukqT+Z zcJsMw$~QN}`vDIFc2(IM#LsWibSC=iC#dwhz4w&~C-%;?j^$_339h` z?zFmHi`a8w{1S1HEYr`ed~>cOj?70Rng}8!4jYY}mAc-0?GiGa%;O6h^wY$T`G_Wc z@Z!O!x95g6#=t_!>!wr!GLN2Nu#p<`Zfn2O>b)%9!~;4B z?F{eRO*T=l5pwO@s5HXT_zchVQNrR>Ynb)e`z%fq7DWOKOH^HDF`6=bZEXDH9(gu%)R94((DinNPt= zCcSKang68rkS)$rKR+>gpT?wo`#w9V$R9)v#Y!q!3Ig_ang+aXpx3PE)$U)Mspgc2b<(9fe>Lj zN0tBU#2@*w52r3uvz9j!lOFrP2&Xhn!eKFfoTQV4&BwT9;;Lq&Z0IsgFd#t9Rot0u zuTohWBNMT)t6RG>JBg(!0|;tV=_xfMEJ?uK=a;kH5^v+_7JV ziHu0Flqns0NfS=bggj!UmG-8=N@HwoZEZb!@&x|7wY8P|@AlKJ?VW#YKiS%Tw)13X zcWe6}TRXeoZf*aAZ2jS@|HnW6F&8Z4A6uV2R(^5+C7(6r)n_mkx#0wMoOJP&aH-0Y zNsNKhSq&>2gb*2fn$vd$xwIzWO*Zx8z*h=v(aD150XP$mPQ2mgCTP(ld5!Tv;%zfb zD9wc}2^J)zDjC~EK^7c^G{Q1PDwv2=tlWI|Z6M|898}1`t8%mf-%{5iDuJU#7WbJX zl+PI6Sw^i#c_Srqb?^Wnva$#vL?Jk$exg+2W`fj{*X@&^g!tN=`NIj7Pe&7$z7A|v zyEgBzn0!ETxC$@A&q%WBKbBkc7`CVeQ#afR&3!feMdqAxDVY~152eI2`4#GQ38ZYC zu#|3W?8%Opx-<}k77pg(MGg1Hk`cvaB14{`9~x6}|E7M3;kMwV3V87#DI5|%ImC*j zP@~=ik0(T|_)L+kT6eyfWjZ08MkDZ&r2+V{m^RfcwvEMv`ol@75gd=o8J3gH4I$Q% zhZ@G@95T>lx#>XCGCY{|BKJ+N*|Ob384Z$&zvHD6t=LJ+`4*$g*hoHM1)2rz2+GB8 zjLS#-AY@if%L;)GGFNXYVfxpzecmMSA052>dkG|263o%0AS-$_~utA9Zk zp91fKE;4wWavrj{KLn1$Cw@YMy>9ntZ+rUOSh3(cedJ{QVK|$JXDrd0hP5@x-D z5(!*<%i5AEA5Q3$Dm2_?=xEMR&jz=kk?x6SO%NY_@zwwy6DjUu1>H-JdeJHkr(rxc za88qiCHDbRRBtbZ=gc!&y$e+Z;loar{;E=Yl-W%vPomLaBg^Pe@+mHBCzkOB%HXQQsr;X`Gw+4Eg1dxG|~fjDm=dtahE{tf~s<7&Ufs z1;EKMODOqJ@{_K&zhX)ml?7Aws;3F1^{LNOn$#g;NnU7T5HF~qzySYunB@q{9Kebz z$vR}OAN-T(^&5-L$7D)$_*{l{h1ci^mqlb=(1n*l?9f@{4|D20R-?p zb(TD(GqUYvlU7toq{t8iLR5o*Jgj(4W7MHRzWafA#B+2Fm8HN)nPerlp z{uN~2Cr@@uB-(#&{o&&3l3gcDzW-Ywh0ost>E8mW)#i^8NbeK{mz>bOe{TJAJ11n? z+qB>voe6W z#CP^^dX`T-LJo>a)KEIiG`Tnn6*KA&ClIIt(&Iqc4wM2?(&i=dgboc4s_TMk@DYO6XgK6xY zR2PT`rmTPfZ%S3yo~tbTnM;*usj}btX(o|hVi9PL4jX1YpnrNl310Y}_Y;_^kpHgZ z1Z3%GUaM4~o=_^2T=^uXSJHcAN@GZK2kv^2kkb~03ah#}&ie8yaW#{oNR0a z42o9zqY)jZVt}tUHYyun;Wk&`tJRTN5;Cx^{?ofguRx5R)alb@x0De`5t-_qY$W=C zrCcHx-s4M^4f2o_gUX2*V{`K2^yr}9X&tqiUFpW|X0Vj!sZEIAA|VQTERf&E#=+^2C%yJ@i?q9> z)B2xx?M~}}9G-Sa^MpwDh}7|yAycD9DW4BiJ_esFDg=sD^mqQud+J@Edjw9o`ZnYM zdEgH(gfI!^e*82Xm|lu33UvGR^DXZ?@9BB%E0veVHkR5IU(NKeay1n~HlQA>{MORJ zO?)of1z%yz;&S0jg&~U#xS$Jk2?pr7IfPtp5GD)rNmr6l7gCLH;6Mg0GlA2{=sF*G zDyyqJnesGd`-pP_ovSYPVy%x?HWWd^zz55Zg;?2ATy7Gd=u&C<;>||Q6YU!;c2F75 z1-+{3m1-}{QrQ_`Sw=-wivBQ~N0F+LLa!kw8MweerTqswlC+@{xRJ!c6Y3cZl?)-~El_R+icTswJoaTPcV@(sZW zoYx2s<6)s97p9 zDz3@CJ03Zc$)L`0Vg%=Vp6%#)Gnj_)IdNZ-^ZY8{OVvaC+XkZFoW4i)m*6RtSeN() zh040mmmmfFG$dMxKTH_sS&Aq%+CYrP7^*0_ifYjtie-%yYOR4}X2SKnLyLJ2o@WCM zJ+dE#xGcoSda9}@r%)A{O_82dpIwi1=8`fjuW}>jA-z&O&?Bc&V3%}9HEPj-dE0!b+VM@=51&pT>15Ob}s5_W~ej}?y$>K9kG zI1vvg`xn}q%U!U!ppcj6_L0MrfYZAFBs}v-M`E&+XGxZ4+4CllB|c_Xcm@OwrM_L3h)16SjP=_)5uDfv+5Z4y#KeJJj=iTcfS4hZ~yNv z@+rGCWZdMM5U>uzYXXs@EF!L(&^f1)1c*yi_17+Gbvmb=Jq(3|>r37;GT%)CDfm>? zNNM8L?_rQK;aQohF%CYtC^n`3c#mxFc)Q+~i}j)1?JYO?c3bA1#!hFtO1K*9lhaQw zOD6eeZ`kkrS?&Bw&)-iu{HvV*C%gIczx(vb-{=2JeAdVj^_8Ur^m}wVOBWc$%CYE` zpOXDHN#-#pgLxPQocLoujCpE#g%?8R3}W#rckr3N0He8+gZ$ZB^oM>{J^#sI;ii;- z5(~KR{BM1mzyEi)w!Z!Q{C|nhUFXt1Be}#cfA+-x{`@YV)z1GoVgo<=#OwdQ^S`^j zwUxjBx1aqj|9_FsUt0dZ^IArl6wQ=z3dMM<)Y!M)_O`cEAq352Z|P!>9De4fLdY*H zi~&~bp3mLIvsKw0M^`3I=PE@qzI}*e`00lxj5fq8-rkzc&*o8d#-ebzusfR0HPFzT z>6RG?UG7ql+A||vSgH{QDoAo*)>-zp_UbaC9YX^XxW;Ujb`Mc zDb_c_;qrBf?=I7uuSp9PXK)Y@n-9W7&zy(9(xY%1rh5bu-7gsl*LzoWraJ~TaZ|@1 zxKk*#{P61GnlNQwHwt;`(scNz5oc+ATXEW>h+Ul};bj=nF>Udok98T$TScK%t?7fUt# z+4tAqpU?ZOCjV)}ud8ZAJwz6~@BO#?l9p&Aejb0o%+}NERM0X0v9s&&i#}8v$6fx`>b&OF=Q3_EA{x~!DHNc{+~SC z-F^BrfBtv=*8hB&&)Qe@K^WJ;rM9w04kLfeD~CtT*ZubmXW`&KPZ~~)|LpePi@&Pa zg5ZBoRI}4wzj=0c)ZTBtI%+kX{z0fJbEYQ(dRVgVH#dStZ#o31_6!xeKEN;(uDwCrSiNa58qjyyHQq{X?r$94<)0OPVb2XKs(~G%wkrtVg%i zIcXl3EN#wd0+}+F_Emy!v9G$liui0DHM_m`ez(=^?7y+*OCz7B;gC~58BR(ko$H&Q zc@Ds`>Dy2WYp|hY3%L`@{?R)@uiaMf-PsaIvMg2?m7903?4-Tl?Dh`ZM@ttMheMyI zhhcQz`plUrPVm0fg)@IZM`0|D-XVB12lJs3u!3q9k95(2O=`~24^`$mpT}V;W`Y&f z)`*yqE@>Rb9DE{WB!9{X#y9Ht*lneY|aVeOg7`oqm-|e-I z`|q2_;xGUMhUbN2v=N-N0Bk^$zYpwCuuktnaKG$V=YC1o~1x4*ZD4 z)G=B}>H`!t9DxY)SH(ygj$#}zk(P`FSw|&HO}q4RQptFa=BMgkPWGck5)H@t(`cqP zvf-$IIhBe6*FS2$Y8^G4%#GQp*rX;Kv`p%BDw;av&mEwK>3^I`#VnXEe>MC>oyzxz z$NTDs;}FtosGRIh<)Gc|b=t4q_1dQ=s?mYU?-;V!sX!eH`O8mDt%rpdzE$^uynNvt1&q+cfU*1h%;Z(JUc>SsD2P8O9YZP&DMz!1#@!A#K+R?furWsJUHn0 zPSv3i#DQ5$e2K@{ENUTOKrWLw3q4aDTr${y;oS3Jvx!f9r}9JdsC|H}vRi0c)zYq0 zsT{Yu-RA4;=qaYsaC#F;G*ob&*145P)jm-AFmI|zFwuO7Z`k~Lj99B>U_Qp{Mk~!J z_Et|~jV0&NAN_F$lif~fobomN&iu+X|2X#3B)qQa?JMHtfLTSg6;g6*k=s=4o^6!; zSKpK!t&J;owzh6fMPqP97(b+^mRk$K*n)_j(O8nuu9uaggsiQ45X54fqu*(Kyw!&gsFs z{T^KI4hdr`7fQ8o(bTNp#isc6A z!OByh+#kXp;fQ=7?ytnD76*06&(9&Vch+qU zaMBI^CVmo{&J!GA6jtsWWS&GGk#pN4A4+EYvs1aPbXu=lKmFy8n73h`C~xBrJX79A z{s`SS-0yd2ybbG&+&A!NoC^AF}Sbn7-+dM zYhJxWZ{t+fAk>evK@i5UJSjLxQ3dOl_yZbwq^rYlr<8L{+P)BvW>o8m^Zc%JBp_YH z>?$r^I9hvBI9*zCVlN=;aGx&e3oj*8;pCT+X>Y8h7#;3YZ8?>8x1Xs~%RrzK*boT} zfx>=attKy*JTfy`;$brLU7)lKa{qLfiLoW%r7U|t%%W_Ydvsdj?fvj_;;!{5FOzxI zX4&8lTD@lbsA~&yrD(iEs4G!%mV(esqO8MxYE$vJFC8vBre$N=hkI$)l@zbbreK_n zvMJbya%tC9%*EJMx0Z@=9wyi5W zjo3WaCDn6k2$_mPro<6X_<0=Agw$y|tSb{o-PGYp6qilv7>5T_h(J|Yn>-$i7M2_i zOMw)4T&9l{yzF}x#sUi}5e8N~gl|-tD+r3#D@2h^S56r`K7WwIj zB~$NXy#8MEyBS^^Fxp$XkhQ>qX&952q$`mJ|HN87+0#6muIh{!%f4TVCuzgVVae#I zaD(Dz_QStF`0lSw_y26U-~D{E{cQ7Ah!eIjku_F=L^i$38d0i4O{+?AZj?IIJ939= zTM;j$1O%0P^~P3H-Xbju&X8q#P+9suK+Q{#++9w7CQwjCld`^elo}uH1GXkg#k;4I zFyoVV%(yr|!&X2t26h*Sdv*RRF%*5bNloYwAKRQv3{C55v) z76jezu|Ak*QyOa3YX@aqO7N({`4aLJ_zZJWy)hp;w_>ME$s%_kG0}QFq~#}517G22 z-s;1t4a>T}Je~T7{OMG`=u@X#{u}gu|AKeG-p$tL?FTr2TbobH&Y$k4&tEnJu!>8X z6{wKLex_aa1V@l*uf+DE@&6X63d~po8nJi`M?yT?$Y7o-26=jN^d7RGKv-!^X#fgv z&d3F&Gsu#e5=ep}NG)bp9@)psW$FuRiD7G|G@UTarou2?tQ40uxoVm?es|PspB=UO zXRrI+{WmRO3z)+Uf)5HW7))e&5e@xS3SjXu+oz2tJ zW+pxb zoHd;4y4kko+@*xM^rI3GAFDSeh}%qu^c8B63SEjyq~c)a`VPV%ew30?n5~i}56aR%ywFbnnI@`A9|yRjYG~xDUj*F=aYIG&iX?Zv4r>i7}5hzePB$L;eJH@q~Uy| zAGW4WW%w$ZQ}}E5pUc20^tsyAx+w_o$GdG!Vnb}QgG;%5Nm z5GMx>81FK0h^B`D1QpJ00eim->Z&)e?_xsk)4M0N5|-U>Ej&LM%@3NyikN;7Ooi+< zvhUBr)Q>_=x$%;TXewkTDH2LGj=3}VO>T2o5{|>zj}%{as#0TzKLhCfiJvs8>mb88 z)tg+Gy{*0NTZjBc{HqJ{=mr-{QZ}E>XtG}2s*&4AHJjbj^mLRBSOB;!L#^b1dJa{) ztAp4O5*44(A@L*52=^CU)u~olp9YjfbdBTy03kr-#*A5-UDe`Zg)jl1Q;+;e zNdO7I5-4~G+OlvOrk;V+Zt4#&dWk>G@S2_Luif1(j>lW<>-JuC2Y2<>JTbjVLj9nm zyXZId!#LkTmL~2kX61uE&Bo*t8bx}{HJB)AAE<@5U<-&VJ?6OspmyC3)|C4(>)J9x#C3r>P?G@=QO z(`b>E)4rNeC}WLY4zEw%)n9cFDk1NS{(U~5%~+Dsps`f}fUc|3iI#~E#cta|7JYs4 zPMwr$p-Ii!_HZiR1yINO_~WKI6otBk~&=Cv-;KtD!)>8tvAR z%$ugfG5S4jXn7r;ZGI|WQqqY?@ai}v>pMDIX~>Dx1&1lrn#H>L6Lv-BGo`dZ@tfDO z6Hzq=CGI#S+l3QRKoR-oWjR(ny-)oT`q zDFNhE*9#IbN@+Fg7ik=-%6{_MVzC>$)O2nWt3`eUnAz% z##L_rAhtl_-}+wO$T=ul2q9H-P1#=pML9qqb<~JUR@h(pG*sk?cST#96kRDN4Z(UA zFT@K{zlt$IX~^Xl9{CYHi-!!n5J(u0!Z=JRi5Q!CbI+%~)%IvYjFe-gl zRByKRG0T2R{bWqRHM>!ADmtx$c1P^i>4{=t?L#R^N0fwIEN13&PJ>P24_K1s&RGV2 zwHGx&&*aSk75qM#V{S5<3>c?m$^!JtfPX+b@WFg6-rEtoqDf&QPW9%8R_E1ex7C;L zg|8Y!Yr@ITA5pm~|fKk{P&~{tO4v-eJO}V{uS8xc-8Di{Ysgx%(FdADag@F)W1%VKq0JJUOUinGBUk9?&iouczJJ58Kn~4Ya$3KUE$UXq|yYKZ{iXZ`|`CYDjWl%hJir2cI>c zJ4Y`YP_Q{ebM~2wckJeBGR~($fu|l#J2W6U2`P+c^R!{>UtCH)!bb0kjfWPuALY(h zZUvy%38nGFKG*x6>Z;!MlA);m2o#nKW!?gFMpD7>I0n{)3edeEnAQRRdsMY=|H2mUlz^V0KPm3<7oCdB%I3HypnXf)$w z&UKMpt>nI`F`w z>PuN3AXk+9GUusSBANP&0R*{@<`JkArIJ-VAazwQ@sOJNVllBb({G-gll3s>DfI)W zFglzDFUd<|{#f0rIOC8jhge;BL!n5HFqo%$*;Lmv3eB)KwJmDdm9+zzxEk`>h#5T- zBf(-pCq=L6kUV>7XsOf?M{LYUt1j z9NDNm*Bbb^SPSQ%c>G zxoRD5#Kv5F!P9`vQ)uFgFQI;|8^&%rp)U8Q)J?;wHA#4az9cW#Q%Z^JXFFDtmPM$v z6pn~b#^EIe??D-I&QWcx(pM0kCJ+$G1^!c1i&xgjD`joTl)3UOWscSX9SSZLrd(3I zblQ|ID-^s8VkW>5(uFVpGKY8O9trtdy6EazIMtgAy0~@7H{Yo4;Iq<@oFCrC)(_Pi z81uGbL$VdS7j$9E2zuRb>4G;L-vhMx-Nc7oFdazf_KY}2~@o4{+Cp5ti|1upFuIC z&qT%^h`YHwU^N8=q+93f_qH7=di1#zYI+mbWuc-^y3OS@rUUgt~gK{ z%E)9%7i?te7=Z~(J>(cGJ4F#0`r^u($MkxJyjfkK((-@=YO6lnm^jNkbBqODBFR;E z7uhkfO0_~!Jub+@KWzRF8f zss%U@pBk}oUGi8jVq=`HX7P9Qax7h2cA;2Gy~0dCO@;SBJsq$`bc>T!R?%iI`1K=5 z$H1Y2=`5V7>)z0Hw^IT|{)CikSEbNSRG{ZhX)+CCP;{2~E{LZOz^<%mv4q9MKsDY* z>Vl9~g`8|)>}A2@Zm9S^s9fhU233q{is9ElVyJgTEv4;kmuvSa-gaLt@wNjMivw4_ z_C(7Hr@i;5(Hk1gXo3~pz-v>WLtz2}jdT2V%R0chxvT5|Lw$%)-_q~4diKn3-Zzhr z@W@Kt7%J9^Yf!qIPBtk5wos6Oq1QvE|J<7Y-Dg{?CyT#{85d7K;yc$`%yu5@a-pA$ z>(65(@P7p!hmg_F0CHKl35miOk{|2YNY(SBuldLL5!`}dEF`~|FD)iu$iQSx75kF` zS7N1pyhyKgS9nsAVckFd>JMzhU&ZO=yQC@;supX$oGeR;zvyV zsl_7!=LhvN$OJGbC#%x*WTKPL)vMR3tgVT@Qi4)b*^^&4mVCr--yf1z*^KY$hh1}- zz)1142c$4zJhgksIFHgExF#H=BA45WFLSD;?+;t?Wuv+dJ5J+E<<#(Rf!u;vl!+sS z%e>@twc^Wr?@PR5{FJ7mID@$>=6yZyIlt3ray@tjq`m(86TZiGo zk|v?;ZD#C#)OfVSW{!ASvFDEHsk`1G5M36e^-Eh!S1|I2+4&fM?e0onHwDmvcbzFM zX*VD-?dKpS`9W~R#vPU-BgrmhgOzRBC)Jz7cPINN&EwXGt)FkztvU7Mz=szn z=qtHFMB=iSEY5NbiP%_vz2m4SrW_+H#~j9_AF@+bh?0AJQgZ8ttj}rs{(qptK>3|3 zrFJA`qxqd97p~UQ(O0_j&GDro0usZ=!$rdh{4iRWxB*xHOM1wnfF=z`{uwwG3$N2z zLODM|Jo3g}m$(%Fy+mwv$YM|RcBK98o(o;t`0^*dFb7A&T}8Ag%xdai1007q%9%~+ zpHD}x{NcrXCdaYo_~22x;ji>~;1Fl$sW}V}f2F62TFnuTHR{!IklCanHU_x4%Hc8~ zK+^cn;@bRBRVU$RP47?;!s;i)Af-;p&d#6%S=G%a3)zzB}`L~tZioL=bF%){$8v`dob|Lr;zKzV|CU~5# zV%z4g7F~Zz-|>PIAWA;shdh^(Y0||{?Sn>jJq(CDua!4A@uyTZiEGBSS+$^u169pN zRHA7$2dU6(S<;gQ<(ZAyydHFmm^p^NLU8^4gvH;p!68eI6ahbs~MStIz9?R7=5gPQg!AI$MV$GGm;F@F-}fDrdx$B~YzjNHXcf zNA(JesnWEZcI_Jxarg>gHk_(4_qsou)ze9s1n$gF(nVdj&i>_8a#{nYnuA#s+6sdj z&{UfxyQf<&+rQ;RVQ(VIYgmTUpi!8+b;@0rBOfzSBpysO9hRX6n>%C;eAx$#OTQyH ztfXr0cB@;GJcJ);KO<9`;Dohv5jcf|~ z2F_y9>C8|3DNSjDFsj>oV8B%o__05QSA2EH{(i#n`vW?oali?SiL50@V)1TSTO;pg zLW1Ch?>lgm_#QcFRx0YGna5=Hn{DOW1g`pm;=XG9xR?<3Z1^TI zd~pIH1e+&07}3D@#*7y<@91Hs^!KnUS7hJ;`f%<=!#*;UomGd()iM=bbxrS9ri zuU@@+_3G6-M00%#WChY7LCF}lg7cQ40WljB8C0YMjokWntC59oJ4Y5}FsvZmZ<9DH zkA&+SaxDyD_`s6vZ9v-fVJ}?WU9s#Iw#Nw$Az4jd)TvvtX|qw7MhXbQ={4O(*DujF zK4~5rSbId8gfIp8MSSX$_FG2q1=nfRp)- zKgJTlWUCd&FsDXnASw6}6EVo?2k-R`R1h1k2M3RDOR(t-nRiDmxNi!bzk!7f`?-`30>gJu9MPDn%Pgbq`%G2AY~H`oCE?0?5N=*0k^0+>WvH? zaxxA_2(IRw6&t77SEy$u;7TN7Y>88QpwVl@C5A(-Dc}}zc99G&5Fl@32_qhD?o?vJ z{@DBsMI5I!X%OsJxi!aL7NR}br zvKyupVU2fp-2ej~C@(rzSqdiBc*{!n#*b*B4?8o*bf^dsfK!eStXjQ_5{R2PZwvk` z)mpb{Z&?v7D1vombH~L^Z@@tCN{WB}i+TKGvBS&Qk+nkNk~%v5sSkhcK?}Tylb)71 zXCP*&z)lXtXH&F3dnWR|aK#&Xrf#MZfg2LKSH$`MQ}D335@d_sg-pf`-b3) z;ssOo3f0LuB29|6AkSvesM3#Ime^*3ojPdjwC|vX=mt4~H1rbcm2)!aY%wtwBNywP zUCxK^<U|~;MH8m2v(5M&DW;x+3cpDx_1uDcFAU|Fld;Q_g-vLtN$NYS=3K2=Ot*q3kPrT3i3`~iNKI6tXgXJz9514> zc>DGaCZ@+n70>q~Ct;_)hVSdjPJIpgm+|*XxE8qRKZ~z)XgmadhLYna*Y^w$ILoGs z%2M&ia9l6*GHkcThjlK)AK#MLw#Taa0;)76t7Pi}s3srzEWbekptzI63ZWtNG_Wk* z_hNPAY|smmm;|sFa+wACqI}zmxT$U%gh-G@16v$gZ-m|<^<+rVKOYR;R478|uDgae zeV{SQYsBrh7nJKDxy}u=i9zBaX)N*>X>mbhrFO`s?u-oIewMy;7(zu3ofu3L1Ss|i zLQm8PPBJQjCc)U;3l6$flJIuHS~hLM=v?3d^5yh=%f^ZYdqLF)B7;_}D#mQS;bRZ3 zseB2rsX$fX0w~nQ3-1*M-dE)7M!FKcDJM_iNUPEDlSN2F~H$N`MhU%fGvoo zCU6>BTb^6S2Q>UAgsNgYg_{%>r$zvTEz91j2L`eLKkrlR-Pnt@s{7V5I#o~W{$eGTB|C*2$8!@ zdx`k1ag6Fb)F}>FN#nUnH-*MhkAxYM>oSmLLimigBymwrA~dZ}JciQ+#|1qJIVey+ z8a!0ZaWYokao{53&fLsdtzyCdVmSl=wz>_2%g3ii^OqOF3*pldcABZ_tH7z7HW5}R z6)pUeTn?Jp)tH3jVDGL3Itv||uxe10NPZzT%bwI%^L5k4Zb!-Wq2Yl&y9Wmco61(x zw4Y3JefRLd(BSU9d_&LlY2?kG;Q=V<`L}QrwCsgRZ(+=FX@7eoTkw6I8(8Df9S5Qa z%A_R{BcKCH-{*-&ZR~#{4!F00T7m&vjJ_Yijb(~k9`j@2;c$nN6Pcl9oswOl#lRmnLfBRU+SIsUNahTH)s;zo71)j1JkB)95kZAC zq)gRWIa^#hbms_9J#|^9mOfRBK#Arx1@s`$06N05A7zAg9Ed8)@eH?Cmn2~4!adFo z8QsKtB@r~osf?W(ZP+Q`)G$jicp7iViE0y*wYU#t_TpY`lEoS#i!s2D1e@`lN3$B& zYD?LT!QB+gH4_Q8WqFe9*6a0A-PcjXt{A_FtVh^ckJtII70SzK^T;g{%sYWsDtbx3{$A0nhGl1qOZB-aVa@E*mfh4^_!AWWJzhrjWdhwcuL z9!%P**Ao*Pa11ynIznm~1Rn|?@S%4MvUpS))2%AD6%ooPKoQQPQ7sAI^!$RU8<#_! zX4-T~J+qJ=VOZ{*@5~`pL&^pZ5y+s(C&p4x|K`7F;`Pbl+9NgSVaBz9yM(n^DmwB{mZdY2?nW2{IY9E;Cp zatlb$Kq4&a9->JamnP@t1^aoBZL;B+E@D1b7kC?)Z}Z&On6nI(@3dvidA^&`EZ8Y* z)YL>hma<7eAQ`zf1Vb0m$#vWjcV<5uL@r&a2ic_Af;Z@eEH<7gxr5z+`EyX5nPITwfF`5MC-%fN+(Z@|Ed)#^|7bo} zL?#>LZdrGoy6Lu^gfLJ>5XIX`r-3df10JZM)F=9~*~!dr3t6~DG1`(v=XE0%hU|V7 zBRMU7B7@dl6D&B6K}`LJe5-2tYt*`*dr|5*`p}ZP_n@xGqss=n^ zp_4tjMaE7jUR^I^Khr(Kn9wVW4)s=nBSpo~C?+XVv0bmCPxcNI2er80M0>49IIRjk ztKF~}%J!e=CIc_faUxR;U+o&-brT=0KtrYXtk%2+G&tTlRFw*7Xdw8HL>RVc7j+%S z52?#=R-kq*>dLT-OmYwR1a(9l3D@E4CU3c@G^$l(iK6=qy^kP$suS-Bj!i*JjdXy1 zL;W^287@Uz4Va-5fDIH}s3{`tmcbBAp4_+eSE$h%5C&}{AkJDvU=H{==~!!cTNbBa zyT>2V<=5!~+H-OjP;ds6ldia;pEh+{v22>&Ib%Ci;F3Z=%1d=%*~`w7X<%77lO&Ld zLn=Lvk*D-1#@YF4A2fE*_sv=zX*T?EgME*h^GB8da^&?624Vy{#7ywntR^j8Y0fvY}K?R-IQeetifq$YTVJo_8dnv#HReGyL_5^jAc@x(;!8c67 z0GaCo@=1X`bKT&w!4|p2(yJ@D`by1YnNUzKI?dXFd^~8F7;piVcX`{9}+%3?7=Tx9JV=qaxXghv#A3Gt*<50pRbUOthW|F;dQNzB7 z!vOm%e3nAtdCU!Mt%knhXBlV5BZ7T~-h#n?np_P$Y_kXvm0h=^`>fzVftD#NWvcs& z_|9t7a!Dj+m?*?3fUbHWY4AQp@0f)KP3rH!Tyb!)Kip~P6P(Y7RJ3cMp%4!~rE;Ru zIncE;r*3SC9uRiJf!)Z30@;f%H&E8qdA?cSMusKWcPL1wsP#JQI()V3rvLLKM`PUz64+6#Iyz05?K4 z2?7#P3KUGwsgg)znyRS7L7U5Zl~$RRhl`W#%G*258cq}EpsJ`^avisBYMCR+b&aMD zC;ow`4H^i3N!vEbUW^P7)Q+i2)zEOOJ$<}V)Zs8?kkUxWyOM*0RXAC_sC$bzFh*?A z)Og1v-j3mCk}u@VvMw%SJ4l6{m^`_UjfWU8mlt_o@K)Ox&od(w2oK`?sj`^1! z@VFzkIA3?SWQSvLT5NE>?hfO`nSqgn#an zYd;ETv~uKvJ%RCQG3$$qwOu3ZjAd5UM4Yhf#%g#((r6%CA}6H*OAL4*MW%5*V5uj(^;YE`P~Y*A>6O{D`VE5_JWsA&ZXdBLRUOs(KrB8d-+RjvJ2O z>9J2GW29O>5I>GUUS9-y6-Y21JCDSv=^m&x%8RHz0ZCD|Sv0vq*a{^3BJF#`v#yn) z2;GSCniy{|h|szEm8yKTfxSv#Voq{8yTQfay3>?AHK%&8CU4+Mu z6xbd*hLbJ?UCg4fm*K)IpD8216V)z1}uBPaQp$!tn0`LfL1IYz!@ju`+414grLqH+;?s_`8Q#C zbJ$&#@k3enOrRzAXNw2tF3S~)JLp%FEg_iI&@`T43gwqFgpv$iZ@qCn#=IuJt1Cm z1|+-TcD@@nN30UAZ%K54nq|+?lJC^#tY+C(tx;=P10oCgZD_}i)Gop(`{9G##(n3&v0@7}a<%1|%R{t_;DQy3?h(XW#SBJNJCL zGJV&o4Xi9$zKI-g1}d&o8_?0p8{n*CP*<)4y;=oTQ%7lZ(Y2_nTj)56zV$YsZn{=Y zQUjNDE~6_=&%t^PFa_mB-POx*!$D2)ck9c#+l~L(v18`!nPJp+cy@MIQ)@~v8TN62 z?jW$cckxge&|ptpX4eNOdCH0IpfD zLcDx)6`5&CsSNb6WUl&iHERK9f|y%$oX};PYc80pVY>l-#em3n8Wo(TV~^5a%Ng{8 z0!%H9wc)+7liVksX+Rybrw0|9^U}$6Zct71CmTpJt#Ki3>|Q(Y6KCXH3`k1bhb0f` z`egJ=m-5EA;PF50-6HwBMe=uV+q7?Uzd%qo3%I!fW|CZ|v($x&>v z&C&hoVZ?aDIg~7GU550z1t(cLkBL$C22|0LOPNLI+Sx&?>dEw1zO=y8Rit8U+qvk4>Z5+NdC>q?> zYyo=51Bb^d&WTMcVSrJZT?=v(8kS%nMO8#cEmu{VkiCpoFE4!0NVAX3Alo!@)g};| z8W=#fD=y7F$w6TVF05fs%#Ds0ONH_Mhfta^R_{n(G671cMtzSR z8z4y7$V6o{81VYg-b)SnoM$@$H3k==)9}H{qV8iDz~IoKx5bVf)C5C`PIe8rCQhqH zFD)!kFpZE4!OoqkkrYhhpzg~x4)R5?FSRQ6V|iY~OmUYZThPgQawn?6lug@ryqH~$ zn6{rUs$b4smMdhm^FkFJ@N&v~Q2YJWQPmO}&6JfO=6CDG)OtH&`JWCn$i7i#31&FqSQ4C%E=FyA|GE z!+ENAl86DRcm??!g<6x}gUEvJZWRNG5l8g9GUP$y1c4pbuzXR#QmJI+ZUS z9G^NseV+0~i14IdMpk`DF`O)RBd%YLS6Zu^;#D}WTdd;-O-&H=k@r}KY_Cy=T9Rpi ze32`GiqMQs94s9GBVy7~@S1SD-1K`1l@&+HDx{*&wud zCe-sR<#k$mL3k{|k z=%s1^Vm2heW)zqWt9qY}$d=hQJB3<$qYSu$_{R77X(AB^z*K%J2-V(tagOCJOBzn1 z+y=-HJTN4Qa?oCu(>RoEmE?&Qadk|tw~^bOi0sHB{aoGYknDx>Rv~Id@frX)nX;9W zr%g#ZD)+z?;Jlmh)ROpXx=fm4U461p;xv`ZOm?_dQi#LY{U#vgw&qQ=kLuN`X+Ysl zQ=|9ODC+#w#9@>l0XISUm|W9aq#6`(TohAU)*BwmiGkc7P-H4R1Z{(E^>|r~Pb|Qb zvH%APovgvOt>Z02nws8n4S>ypWUFFU9jTtywBz{;ZuD{?tdFvfVVVX(zm5xZ&$AY6 zWiYn98YuTt{zmUf+Ve{%=0>xn>|7zAFKwLVRk7%?v?MKiWQn0teA!mA&N`4@^L z=3bES(PP3f!6L|E`N1s7YoKi*KTj=K_Ua?U%s55=_VY0s;)a=6!m<@-=v5m^3$$EtbYdP6C?>gWWK@ zhVbo#VZ$HCW!dnTZA7gKPxzRZu${_Q75bQMIgz@Z!n9x-)+3}D;F2cW&!uRH8|F?4 z%T9Px{xmLUhPsSo$uM&4VZf8Z-|^Toj5%gX4%D#l*LJYxq+>5Qj|^*~@;amYPXcqI zL2j5iLwI(=p5c$L%4P%sKZ~!meq=mqs6rfOa3`0w53Ne z<+f@dM05)Phvf$%`+}@tKn|i_x;n{*>#qR|l`~kj4AYQeej?s^ms z4oethY==Ipb1&VQECNG+Pz}JplUE^zTd8SXSs+5y)2`<+%q=Z~s#L`bNZJ23?WAiA^ zXV2JFnG}hZsOI2p?N_@*sH6px?)8A#mF^(D*5NSzU|3oYaZ*6*;~vj$$U zb02@*|{&6xU%lED*yzFW#AbY16q>nTmu6u*N7j}SwA}i27$`U10e&) zB-P+Wp&vBlOg9YEkkDdW!()JWgF{u?m4hUqWWI!9k*NVes*31DK{`pQ(~D#A>rhkk zO}CFIC6J|b8|bd9uYum(wt-tfU9K;DBnT(GqglE5Iz7JRNXKrR52L^ z$yhe45?j|j59l;x2Hm8YdYPvEVKK@qQ90~^l)xKi`Q>uBEH}{BG@z}4!@vepT0(v+ zr$S46{levBtH{WqD}n$xIJzg<|-r|DmKHupSftZsa-&F zViT8s>6=UjBn4!`{{6UDp{_Wq`bM)vp*B%-zhL4Vxjn2jduSq&ODbGa-V$^8Qp_i6 zhGC%0QF^&-*8P6PRC)00J#P4G%fsod&5GWrQedFhcVM4Xr$>G{o>i+?as6Y@^gzyr zJjk&C=vgrRL!Rl5U>I7~#r5hdrimg|DI|Gr7e?#ef-OV z`N>>HOZJuxvHs;cN(NEPA1aLCgLEHC8&F>{NGZ(h^fZF39W965`!A@k7)KGhSB_8P ztVG(2th$zx+?cmkOWxw;Q2z0CW}lFWN>uOlUzNfG8iqu?{4C?Xm-_;e!q4v?5vMa$vt z1kO>Wzb6ezyM9oo<=VM4f~4LGI=iEyEWC-wcc`}vNt%N~?766)Za~UYGfrDHt98@$ z5|(ZG2l4Nr?HH99J*?NNxIsost`lBqrsbC@Z&47fi#o0sYI4xRyzKK-s$IBK zIF?C(8H6=WjPJiv#K?}TC46(&s%nSwN|ZKHpz%b%g~R`O^oj^WDAGeL8w~9 zHYqSHR4yc1pr|*RUzTMh0G3^Gz?xpeTpbjB4kyQ+q~DC&6$iq_Q^RR2m|qz=Stke0 zY7Ksrg8eAM5+}zG6tc)!zj(M<%1zE4&Q4CujZcl`Gcn*XFym9jQg&h@SAbu!CC@@e zTjO}8Ro_Y!1#oH%spyJ{V4=RHG!($85u`#gCW52p{8l0;fKww##db^tNAPyAl}Ls_ zsuAV4B~=JBUo#P|!eDuhv*jrr9Z`M(hLKe3z;`Wk*@SEKGJJv)WhjIvCcPG;n1xVf zmM>WdQm*mk4Fm(sI)xtO1`kF@--SwN!u=7S(6mPjrXP$@>{o03y^xlg z4tgCmxGXzyh)xk-h@J*2hd740xYO*<$hdSlF8CUeLkMeXxmw*{qk~43$k+(T?6w#K z=YSq0FA{MmE?M;m1US1{h!;b;MU9o1ps&Shv2bt5*~>t5_hdM+g+S2a1z#AuZlYl1 z>}AV!Y;%3Y4H9+3W+>=m+sYy4XcXcBO~5<5Tt{8uWx zC93i0(=1J@aS$6XDM^FEVu>omX-{n94b1?im|m}&Hp;%Vth-{-sif3r6ph63p;~AO ziMPV@$ZfGhTC<1N9a(=`=|&0}XuH@Cn# zSY%xI`GV<_^%7F9+lf+i(V=J}>K;+8TCQa(;=`QY$touYd8)E#=~N2-pPc18rx{7D zhjkq=jmtRVOszaFS9R zq3?p^DdY)CpW?fqXJ)ujubb}hY!Cds>a5`3x$M7vB0mKH&dvZ$cYUj(<5I&oVWiZ6 z&p@DVvFhq;s%jv?A`Ou=25sm@No;G(6oCYm?%}u|3QqSxwon=$%Z`-tg~Pyc0UuB; zEVzwsZ5NLrZ-op$eBP=tg0pBclxW&dbZb$wY{GgZ%O<)6s_CoZ(*!1ziH_^EW!Q^> z`$AUcLmkPAeW*`a#~0!68#+Iu?Mn@vpBm&FHS8h{T^6Bv=Vf}e^HRH0g8=?_Nb8eQ zQ>pWfik)IzK7=VU7Y>-$fI%$wwglEtbWu9CNgzIC?olZaZ~$addXE|IIamsC6$}kY z%2g-$%hS3UT13K9&;sMy+ffH04%!5=(XfX4kT3$t^%l%HbJ1)QpcKEb;mDyvAvaZ` z*@)pArFwzOkEQ)uJ&lCe1(C`JN$JZm1YP#Mq4D$uhj|kB&z<<8QW3&Wi$1H(>$YvW zMPGM)ppBZoS@unX$0O8zKd@}ew{&FXuf%smU zA^KFpZK$1a6QrMQu5bm;1i9x_4er%mNhBg)hjDwQ`g z87(16`Z}Sg=HW`BVM7Tf6UP8iWQsLX$_jYI0#pf4idY4zjL{2P&IHd7eHJP-Gh#Qh z!F><4q|pT9WFe*`%ERS07+&s?+}BbYdV=+0v7XdpsJ9j(AMn=I(AJ1gbfL$*iyP%A zPH0QLakeO=*+;R6nD%|k*V4w#*)mma(6g0AIJ)t%Vx}k4LtJ}Yuw+sb2~N9!uwOFQkaq+6j`KR2 znE_`9?=vq3N4itHAW^Ba1%AOj2<~VYkR=l$-%BbPu&+Y)$e^E$BmtC5ayby&w9}nC zv6(F6yA2cmHSe1GQnWz8jnO@nya)`(Ho=8~i-u^dpy`h=uT{Nx>6=-?U4GiTX*AG; zv%nRY#SbT(1)(~63keq7!$w*mgS%wqRly<8bhEZ`z;zn+G1sX+X(#dt93z;X{S$!j?rKM)4MviyHiolET z9IM?O21FW$UE?$k;&iSsIbOudP)ji8s#yj*UjSav>zgJR(4!jnVJka{xzPPZu(D{n zCh;jk7x*+Q5GkMTnSPP^(V&ZKHuJollKSX~6KDG6GzYrHoSof%GU!&q<4Rq}F|ue^ zL8F>UuFKd79s-2j&Cr?;3gk!C%9ghR<{cnx2C{IIdnzDok;HqtJwa=L-MgU*f zoA6O>$*^27P?z3Gvi;bx(D*tM&Kvg_P~F9E{O+DCKo%UhU-wKSZ;#uauUD)1yueck zyRt?%Z_hH1+!n&+J`#6^;n2PyPkzX=mJ4^ZK{8-nF_31PWwRXEDItxMhX;Y2><`h% z#?vg?$rVuV?1p841zUU(r*Bv}SMC=F!~bri){OahUiWNcUl>0Bf?e7At!VZUuu zA;k}9EMrM$7Kp{=lH_2^SC!*T3SxOUdEgq7)K1+`UtMvXg*5je|9dKkoeGu{SA>qg z9&6K~bhnNACz_epuA5a?Z#Nzpyl0jhuH~<#Yr5x~ZfeO~Q-Ven@tS}shJqJ3WiQM0 z5;Ua+el=?GZo0%C-Iy2+Xv02ibsQ3`rJhh9tS4Elx-+Cl3FJ;evGU0O!lMLm{j z-5{dF)1uk%5vrKQg;HRH7WV%^@w~cgC*Xg^EBK*8uTnW*b57Zcvs5Bv7j0$Y4m%iI zHtK*L4>#s%EFXJ>vqx}3QrVrz!3fS`)ma#E>T9@6dnmkzSky(@RGo!M=5Q`h2aYs& zwMUp-wb3_pClUas>0DYHb?I4*>zc&Yl%4t-3a>P6-@{I5B#O#+fMI&RWn-^O*l?s~ zga(fqhYI?k=&_LZj$@di%3>d=Ryjy@?z~P9N@u1_4!#e46CSqMn&Kqhxzh7i&=w!MP<02_^Xb{R&CwViG3n_zlx&UmLK_?d`pOa* z7}GKu=vlA3mhFS&P_u{hTtwA+;~vYmqVL_P?`}}So=H4q6YvaNFg>Tb+~U$o#RUeA zagwJxj>&ohH#{xlk({bQBCa%`34hRg#Nb+jV6BQNLTV0LgQS&;?QjD{geGA*N?gQw1>Ok0=u@t-<)D}} zbr>QpA}zQas0=}&V*MzKV+$2QZ8z!_S9!2V`XYSPd!@x0`a*KVi*$;@dnwCiYk4?B zB(>4aP`I-+tq47v#xp!cm7`ZA98e<0ryanERj@}R8`Eq@hOjU`k8_8&O?hpz)kXXl z$pRZS-FYM*0%SrfE(Vx`P;PAm3{Hb7%G&!Nm- z28z%Q_9v3l54Ix9YMQwpAS0ma`eMTJ{ETWRQ|)5Bl}4{~wug2B*Jy+YhZHj3X+Wc$ zYb3h~k-!9_b~#*V!w79llIX;bfjTiv7xE*yVsU)xK;Rb%@?&7Ske|*KN{7MN_yqN4 zKs5v{oI{K2HYD-Gt`aECJ1!v?#GE=6kPMQyc1Sw(Ws1%ap&|J-q$_eNiCS6QP{%m? zv&Q|Z?3n00>W)>{UORVk&q(%Ryk?-#wd{r*tU?dX5W(QY9B-+%K2HNh1Vyk2g9S?O z-y-{*6@?}8hC*U(kuG2?(vVc5*}@m~0VIdHO!$_EvZ0!`FH2iV5(p#}+IBqGH63m% z_`jhUhCguqM@_IW$u+$mJ(qNav0LC|O|OfAx!f94a{#*~<~81S6HI?(WuH5YiVUiS zWIg|*48s9TXN7t*9-^o{$4r)B*(?_+z8>$F{svac3=R);Okp&o{hB3KRSu!W8d%Xi zakFZ_7LXAa6FFoMLU_PqBl0#VA+wRfs#9|swvUg$kv6vkk2!|KSsDYJXOim_9K@5_ zANvDmIm_q0{h2p4D@ly+3jDJ@zqvPUQ-!vI1QT77N6#9gfKy+~Gn@PtJ4&c|p3sn5`Q#Un6EmVYkS5md2E?u`WbI=6Gr285>D{Wj4;L~@ zs|uJ=7ulWy)3jt17rl9T8-F`XWJ?R9INp%^WY|n5eL!q|;#X2iCo-pSHYb>$jdXR| zjaNG(6RHhip>+S)qR(sc69RD}#)PH{$Mm8b0r8GAI4e`3Uw{apQW1;nHb=NGtUH$N zlUfq&>IwEDScPg*N5SgFlPr7~wq{Y~WYlt%_c>=rt0(Lbj7i9&uG-1S?%UqL#-TJq zZ(2G=D*i2aOjH8u2pq|84XrVgm4*g|k@BFuaT)i7 zNZPbWYIR=R(25NCVujQBcDy1V;bjncdmD@Qr?I2iByq{w;w2Eep4F1;duig}O)m|4 z-J)6^!O>5>M1(vNkFRB-*th6tH?nt;GvLPeud0kln)h8Ck}G&c=)zmK+%~x6fOrTG zEj@W?aTj8UNm`05sh3@?C0L-tbG#Eeyc*ovR=X;zJ#kqwvM4WC;=wf&O^8mtUqfB0 zyh+0}+5|3PpHl&cD9=qVtO0HU36-n(Nk)VCmm+4`j|}F7pF-P($WTEwrAhpJcjt^I z-2sf`rw@bVI)&NfZT_)2NdgZ3^FBPw^9k9ZgHJVYgqS==i?iDj$4|}lk2emF=T{orUJ>)+IFte zXd(^ikqTDZafW=yVlkm;tl1DTl|d<+0~>gzJ9P`y=2A$gK!EACK?M|-7sIKq5h+EZ zpJk>EW;2w8QV=}S9jL(FVa`^`uuv<7tt!9<*L%gQBR)eSdWwGsSFJMeb~mn4`*;_x zY`B3Xm+&S{bInp)^C_=GX|5F;hQQ{Mr0rnMMqYG9U2r`H^!$h$HO|hx1vhAcWucwp znK+;rzHRh}@g8R*47|O`q9-wtk~3KROExX?Vv=>w#1r2=5ii@5 zp~50Nl#*ePROZ;w9c+8DrcQNoNnw|7X+?d#ts#INZ{yhlM#E7%0bb!-WD@MNLF<`% zXq2cMFrtOiP{<(J*EFarOsHtgRD!<~IKEk{3-KA;$Lf}CaiQUBliWQ{8_f!K+Cr;B zuSLa6=}Oj4jcUKQONhXoJ@h0{fuwhBRUoPThJ4Q^^OxnqIdeK0ROc$o6Z*j8M;{Qk z$H%S~pws}mLCLjh0H?OP#9YJo#~xTPZ4(z7ZyA9$=HpzttD<)!c+>FZhe}?2}yY=HE8?&unug=!}y) zC|j`%un7hhd^rBlI+SEhsW3hXCbPv-u5d~2a4-czZwx!Wr{TfjJ-eI13BFth(c=%j z!l_~Af)*j2An#fWmd#HR#cvtUMS|BK@ohVInFb&`ZalWL83;06z ztC@xZTN%y3h924`+4)vBO=#$tO1-5U)vDII=^qL(ae6qNQ^MdxyH=Nd8(+-+*sx>}$E7fZ0XwSQJ;iG-DmkJka zzGwokF)w7-V+%;i$=X5*Qy2|9R(NA=*kX8di}OiqY~=`HEQrYTXvtpsyMo}1ItqPN z4031wIP+n>TNPF;^MW|<(L`%CVG_(vXDamh$(kaWP*@mI*jwS3*UAS^?P>=C-xfe3 z^Mzx!4$zW>^pRl!rghty7>&Jkh1w~_JV_3lbCY!1O?1<&0Kwc-tueL2rco$$!p}sG|jTm z*wB3)o&-XWO~Vpfq9>`cG|CXtG8r-&#=O;snBdG}gC8zBoyBEV9qQ0Ky+lmI5MtogCM2n$;OXgPHj+R6MfQgqzkhhf{6Vdkr|dnz@u)q zkq;D*Oz1cd4VS(MuC-257hyEURAu0>(-8>o1>CbGD#SX-T|^Swbds=$B-&A@1X?m5 zLurcONH&|HXuCG z^gls8+`O(5TThvx(8B5oGcg5KS5?YMz=R8+=h4#j5#JM} z6js)*ZiBHC z@rf`C3z$fcP?tjKHi->cO<)dc znmgThf(~EqwlkzU>wu>6+UVeMHmwoC2_U0%3yA7jb~aN%Y__dt6HZ*iJFT@Gc;HKj ztp}KZ`Kr;m;Gz0qOK%|bpEdzDWPee`*M#Mn6k@|2EabaQRnGMIGssai=A^~TpftmS z=3Q;@NdVOfs+zotFI?b7X&&Op~ zq%}-N#bzQ=u9~`isGeu_79vA}<%TUhGw^bVp|^&BYCuyx@Q&IJW5>ZAlVsKM;!9b@l>9S* zYG+WJ1SZ6It?szKZu>yng?>Q3YM??K5QU1h(7*%rfbN>agS}BF%4e_u`BjeL@ThV6 zV(ZPcy(+E{=8=*hN^{*7y^}L6?tMZZef;aAPw1lmV{}mxZz|-=M9fEvIS;WSB)uZm9;5I= z2zgTj6i?^tt{*stFcB+Nu|pFR zhc%o<$MP+`YQ2cNY4c1!TZh9$f6dkPhG*th&2j_7Wv_{_wJrakS*@F{r*6+RAR-*C zON#%vU2&iQRe!8*i{UJo{QDFh1mKjvhL)G(k?gV1B&s~}^pIUTkrlvU0$3LDc_W^?rAfvU&0|BWdJVc*~ z-XGKpGF;ftGYz15$JWUxn#Yo?*JGSZZ|DM(!%g1OPYOao%o|XbLyfA?xCvfpX`G0% zUu?h*6V-;ZmPE5!z_8pDq!x7)dy+CNm%@*1h&LD9RLPfg^1|hEWe3_gGu5&N=4PUL zVurME&hhCq4c54(IxHPGIad@^pj;8q6YYK6iA#Mt%>|?Yty?tzh3Q8t#B<^u)bVZu zmQB}#(i+Va*WfbzJd}FIvdKP08f3J6sln8s5O$=m%5Bb*+t5m0_{nJI6QY*u24k!L->P?z>5TXEiiCIEyXwzm1V5qT~o8u(^zPwQt6awFUyLnQ#JVJ zqRGSb%eeju+k@hPjkKhp4gr$)3&$;D@bW!}ehi|D`nM20K~ zNUu9!`f!o^PT8pjp#mgI(QzS$SJbK_^zUifR1#3uW($~894;e*IXN-D|BA_p-N=a$ z3=FIyU)G*W2E)s!rU``8RUcf}%PA2D;ogGe1z zP2GT-Da!5W>L|trcy+x@5*VpbYf>cszv#et){Jv)22x*1KdVJD{<%O?V446)ihwwBa6Blhl>mHCtFQ#8K+ItTL!q* z^o}dUqXx!_ab*)hkmGrcXeZC>r47?v>u_SZZ?gC4eOY6FOm@Z5%n7M@(GP4w)B z8sdHDP~E_}rMOrR91z0DgE#YpXZkJo?UptO_<=mJ5bR+g)F^JuP3veK)?swG4yT^b zONo9^X62NLjSQz1lOlB0{dc34f(VIVBQhesLj_IPu>n|i#X)bQP8h<-c@jyNk^=SG z-LdkG;}J9*b0oo#2;EWakpM~=e}teaW02ypY@m1ue9M%kxXkNwdQhlZ41u-fJdAuC zc#S5`*Bl4d^i@E0!!2UO&|pJXo=6 z{IBk96DvVhL4}pj?vN0*64WZPv=Zb-+p-cOH0%ynLg;+8MJpkS1ky@~q*S|=5cT0k zS3(PTEoj}*N{H-2UJ2^nHop=AbzQX-qK{Q=)`EPbP%nm{)po9i(1~PY%YmcC)~<&z z71RqtL9Li8BK+khmxK~vD~fMqQ7AfzSQT=A8($Wl6rCe1irlL2>LciV+~uG$flF(_ z44`iH2~}x4?~waB^tOucd5|Kf%d}|6-%|USgF6Y=7vYr?Mm2JRI$A6;T(U$MWd5qE z!&QMmb87=G2D%0a@R-ZM6uydD0r>59m}-&}=u^a2ZEsharCTFM*8Squ1TCBejr(ye{{3Wa9 zYQr!`&5GWr`ovBwM3h@13!Qe~c#XuIKCmJZw*xaBDAZd!6ZcSWg?og2wd zjg22bD~iZCl~Ca(hh%mWe5M|up>1|p$`u}{7m~hAmi9=%z$$e)bSX!jZAxqP(7FzI zI?4rRTD+s!t86r>Fdd)UMpx&W?u)oXJTF2tov#Ef8(X;!p0E5swn_0Cz|df`)i>(% z;?Pi&bLi}5cTkYZRCSeQ#=4Ty#M6!QFj0WzE=WMM<43g5Nj!n2zI)*j56wPv`xAXS zB=kd;bI{hqqMfHl=Oa>pSZ~WwEzPy6nF^UkL0jjBc1{+Z4^;tTz3p0{`jOg3c0|+E zBjrqAp`nJa#M}BEYM+rj{eo#uhkUX~2@lqVEJ68WhgvYT2w4U%LKaaf1Hv zok)MkHVjYCtq7_)~ZrkCsj^^aM=;v4t8+VnS{$ zlL>vJUV8GUGCecek)9|{?m43VIH0@mwaggg^ONVp8D%?DeN+yW}j23E2$ z=bk^fcMuKZ{K4~waQH1dS-{6+F@!V}m5<5R9zBfcGe?vPqgG5*D$Kt4D$IGEsw8S1 zriDtNd-JL2-+XCjYyiomr(X^ymnt>%iQZ0S%j$ z`HTydk2r*A$#si`XYgc`#?)HjZKqPU6>U*-+ksjaOC^e@OC*3$NS$*@Lpnk~chpiQ!fWS@`-XK$xOh_K_u<#9@R&2}`hI0J4Z zd%aVu>n?RR^U0x5*xVCk)W(bsRH#_4r#K&m`HpWke`VHRc5Kfw zOn0lgB}YrNnp%sH^)M5*-Zc7RYi3PZ`=cYyrxoj~%HGQy`3&KWJfkQCE1ZyQxdjtM=ow@iS&c;@>Z=PX`v~W z;)d7RBR#E8th7g&=zEl}GkO7ojUT)+6qIwvdQc+J4^U3Vl7p2fWqG%))4!vXtT^gZ zYbC6WVimRn@FznKstsFLbgP=!@Ueg#4Ypg8$BLW8rTpPuakdWb<~WBPzQHyr>+~md zIN;9X-N5r57hMMVa^SJ4mpRodL;^N*O_Ju)QssHU{izwS_3aY12*kS(R~`{UqzJgJ zt!X22No*z7>f?xjHeZegh{^w=RDXOXBufr0E8)Y)GeOjs-TcAE@_=Xh{lIoss9Xb+ z;#DF$-C#g8FA%10I7V0sj<6=glIQ8O_samPH%1BFt*L@C?x zA+^E>nI}#lj|aWzkyce76PgjfyY1IK)5zOXj-9=_j`l5C^|6CjTb74~LR0ya@fRFh zsVoF0`N(^Ks62HX35XqM2t;WXYSrNp)hz#JU)y*2e|YN0lziXeBun*b3SC!4t;yz__mT zXyoac?Cq6Ef6h=Jr}InGA}>)SQjMw7k(yf%%#FCkdf%*Y7Pr zOlzeNae1i3R)`PBp!OZ;DV(_xs^2F;^KPR_g9sHIO|`gCl+ISl)foHi*h+=$NP*fb! ziEebr2azV_;M$-gPF3$>TRg2Xr|z+@Xa@?8%6>zPjE_w%M~pFkq%|FW89lK-Y*2*} zr*zx)h{v(rth0@wr6NQ&fRHl82@;|aoj>#h$8S(0dV=FO%kf}~jB1^)9#O3d-Km5W zC{DQ&lrE-N=^hAUxNZ7XX#d<|COMgmuoVpONGWN!(6-~2s@}FMVjB?8h9ep5Jg+*v zRmFNZSX-UyUJ$@C&O{EECW;Y4H&o(yDqqSCgYgC1LBSuTi6XzU8#oe)=KJagHOH_j zYe-qdw*WXdnC}47*5|7x1dsxG*IKY_^6N-nSQ&iD<*^~ zbsnm_5q`!k(g{tB7fZRRTtS^zC^Q!l?x)Q}H_#2E4Pz#B!ziIwn0^7rZVxwxDMlC& z3YbA<5kH)1ZOUOF`HTekL}}Sbc0{iIes9UD*9D;i57Y{PifA0=T5Yq9Nu%RoNvY}z zrMXgmawJ=tJ6I}B7de?UmEAv)8-?(2jrEQ*(zOLGrh$dMgfqSZ&OE}&U5<`*lP0ZN ztyPKhe4aksULP!($%xOOIzFCxNUP)E+3QwY!&H-ca|PKmf{hJP6Yh2Wkk1Kg!adNW z^s*O#h0{YR^_Y$L39uEV!ke9-$i@~cab=`P*Z|W9;S`0Ec;k<9esU`rHQ!dN=wno4 z4@k%o4p|kMoF33!lX(+HWe(U1N=i6oM_Nwnw#;hiEOzqk-RemphuD)kF`^A!6bVX6 zCr5bTe3MF<*)|xYn{&n$*#HW^(B{NPqN4Od=u=EIbUz~I#BfavN87$bC1}HLkhz19x9Il!iby#M4MQ|y0RTgAM6VsO`Xoy8iOsfQ+D&D<6YU zNakZ@v`Oc>Bfb`kI5MKwy^%(jzQ_Y(sAON6cajoDs5oK3p(@p@lRswK^+ty}$+CO0 zbAgb?HX>j36}9S^RSm^auj0pEMm0 zI+5Y(h*K<6c+gkWswuqdrviDSRy^WC34DkdtVmrX9z;2TB7>_^fZ~DVGJ3NUS4R}% ztIjjBsWtHqK*_XgrJ-kfVuKBp?4`gXmHQ5Whw9Txz!m3$&Y^Q9QYrY2Og;xV%mMjB zrCgySE^wWOZ@L@(NJ`xLfg z8$>}@l(YzAr2&omwYX%}F*;06wyXX?8^$~JV;g?aEF;OSO&9V|Y>rPI0F&bf3faSg*kH zP^w|yS~k(83Hn&tLX*7&)~Kb>_;~nKVZd)iSD{{P=CZ0LiiklcHL)W>-O&25W{eG< zk+xu@JN8C%M|GLJI3yLgp? z)`TRf3g8{zSga`v)HxNj2q-O4MQZZ9qC{OJ8^HCosM`xBns7BRQe)f}c|pksT(*RQ zS+81UU2%uI(fQ}*cMqAxEv5f9(LPug7wgM}LWLAMgp66P=jY&n(Mp5A(9?y4FKUic;i}v7;)U^sg1J|87h4MOR9YS|YjyaG z4QhHF)qO-@XX#O`LJk|uXfnsIfbprZJbw^vU2e5ip;n9-Z4n>_cgzsKZvvl&?U_E{ z0CL6xATTi1V?+)}_L|Fj^)lVHkRzuiH_*fx=u5=uHQ?f=D6qJxglm*vcnTT@nkc;t z5I*3^pin-gfypi8fe|&HO|C+-6NSmNT6_uT))pcJB@qzy7Nt@VVQUFWSY!*O@v-bk zDPK4|cc_>vB*YC*BDvf;D0-kgFN**ok1-0hG_=!jgiyGt1Ab~-4q=zbHoL?D@CTcd zhkUV=EtKXa@*~-axk7GwVtgc9%D0&b^*3}r!bjJbqgfM6o(KnF;@6_O-E*o2_g3C$ zY;&c>Tc>KME&^?HWlZt7rq}sDjR0=D8$)@EjJ{=5x6cF{TT7!chmr;~@vp$n&m-Q> zPRzC4Qfohvi(}&xxfsT94vUmiHPF9?IISAm0Y*a)1@pLqS5yS(7#Hrwfjm;(KX9*F z&|ORR!Yz2bl0(}rUM>>WaKUs&ojz=li;&4t+JX|7G0uP*lPsO~9(w}FN>wmJc;U;_ zp%4w5Vg`x}#|*Z)5_K8H%a~4>A&hnOJVa4vtC)csLwh7P%nWTVpTetSL)TEsMHaq~ zQZ(z6z-N?KQNqFzsoL@?tJ#KLRH@4gh(Z00?@`k3&>^<%WtMU(;8$TD1S?jxN{^`X zx`*PXJYTO?O;^+q$ES*=?8HQ_z>H;Aj!(~(4o~M)`-`+?YRUEN^faD}R4T1r4d`RR zkRl!fwWDPtbk(Rqco)=HjH6nM&ILftR{ax#38&(95g_@#1FqmsCo#EVO27|JH{atH zaYbAf?4YB#_$xt5WS;F%j@R@$6lUnZg2;yYpGs6SWvQmu)wS5**%=+@k(Ifo*F*Mb zaoQ*KddRxa@=(R8b+TC}03iz&nWY%CkQEZ!1ZsMnj6$?dv@rtEJ5f{=&UMW)WI4B{ z`~A}2z)G2cVTK+VqJq#8D2Zmxw0&SZhMBSqIoBhJ|EA4M158-93G{hq*+dKz@f~SD zmWkn&L&u4|Jr;G?EuF&%mybY|-zI;L%^@6i!x0hQ1|OVO zQZv$}qyq;L(G=}1>aJ;|Ap68MMPqgdZcq5JgJWR9HS0jT$})ySxg}k5!CWo+u4ONv zq971Zs7`@v)~kBiESal*M(f_mOKbLGj!og*qT?(9RH2-~#^Qi$9^;xF9a3?Z00(B% z6;;-4FmD3A;X5_mx5|38x&{o>H{F_Ln+8!494xoX4cCRsc+v5ETd$eGapA|F>4OGx zqJoWz2eXCT=-gC(G&eUs3QT+1avd8j|7Bt-OM%j&>6%#H0NXST979vDT4l?xt^u!Z zmaWPfuzUa;rZmoAhjc+WZY5p(b_BuJ3eH_`+^#s2rswGk#A4A-4I0T$PUnj`stV!4 zj^Snpa}$%1>XL4dA#@`-iuTME-2)4zZNkmKz)@7jd@4vM)9*4%4HAFIoqtguKvT(O zogua8D`?fXB89Mf#Knk&3_$2ILj3}|n?|o;;cOzpmZLmggdUc;L`{t^ zMBAu=jY;0{1hx^t@@*z3f>VnW<&8!(D}j-VzqZlKu32-Ikwz66n>??Vml}0+_6P@C z1Q%(oNLisue+wFw>tLW>30lM7Sl3vjU`1|Bx2jk;mYw<c|`M|1nz;a8aM06p06Tq!>{axgb?NmBzY zusl%6ADZUcih3~Qv7%G)CoFp@Ya1ho!-&Z!SR-@_uL#`glj{OfP4N-xU5FRmXjg<8 zJL?f_vde&ZH#|~NV8$L|XoWU63{)C~v}|!Gnk-X-Tde{*5X6=&uJmEFWC&VvzX~BT z!4C9G|O=Hv|88X!47uu2D*J@SEUZNDY%!u#9 z?MVMleXZ@sQX^tkb(YPxUrLSem%eM&CUws@-Al|h^>;!O(jT7rX?FBLTp!V`vaJAz zY$z?iCvAl9IJ&yUH*Yoq8Sr(ha5@-vq-TdGXj>A)hY=eg)_z zd)}lbVQkkx2}F^tf~h3v+MBqA6ITSm=>QoiLf|3J(Or=H6%^#-lEf}8t`+= zrWa@Cs$Q#C&0!UQi~?_>czBc_bd1vUpF1>`0$lDdiU6S7V zH43(hrmMVYEt`hasOl_u%2vVbX1F%ui7CS!o&rS4FxAb3;i4g_+i^n^@KU!X7(z`6 z?OBf&_IuQ@o@4{dgl3C>8J;8lEjKe>qh5DhUwBQPB^0WQFc}@tid}?@vkJsAs{uQZ z2Q|~zMK_yxxs)J@7Xsvn4q59tFURl z;g8!mc*n~mhZ2+eYJosZ_V%h;rH2MVUtgjdT&`QlO$ChZN6Dw)`5h#@s%h52p20-J z_N^+I0ou`W!>xh=4-7aUNd7#q0<<0Li@slYH0ZU!Si>g zapIb^UboWALuq{BlwLITs=s&?o40lk4r*Zbf&_9MLe2ybGs|8;$nlmDhULJ(06>V+ zRzri7S_x_oOs*5sHc>r=NU9XL7k-Vn^nsPLkVIPb2-wI-_IEW zC>1!S+t6SF`SK7l?jB5F?+AVr2)bziuK^`%rBSV}rBW%&2IIEngAvE}bqnRw!Jig= z2WPF|%cF!^r&1{`kzDu6u2uIvd?P93Wm*KD@6-v*+$tup0tUJ>4WMK+wK|&C>vhQ5 zS|VVvOmcSuaypRkAP0AdLvo0$f=u#-2|7}P8%$KJM_TGV@k4)N?Eh6~!Qmeazz33J1>+0${<$+({-qqFh zl!feMwyW#5>wn`H`l(%AU7&ohFxl1hqMcn`$Nx`P*U!7Ux{iOhtE(~C)%E?OU0uUB zc6I%3{ic7o^un&LuG8i(IWXGwYxuvv_|RKl)73R(jE`nZt6%%!eJj3k`D-8g<&Qpm z=+(pT_n!LF`#$$u2W}cZc=e(2`}W;<(J2Y>TtXI3Vj`-gk~kN(Ne zKKc67cRu^pk3Qx1?=8Ic%D=q#`A468-TB{nVEH?LG2M9R;RCn--bc=Q?$_Q`e5?P1 zhYnw|blV4?wesi9nO(p1ANc$4JX_PQeXjStb84Ubuiq=qxC8Gy{`wp5I?+7so?9v( zeoy(~u7_`Y`0F>`bz0@x&p)YheDc)4e$v22@BP*}r@sB7Q=fgx9jDA(`>GQ=Uv~Ow zOZOdq@~@uqvvTFr#S_n3+4uY3`}g0u_k%C~%+DVDmk%$WDF4gze(TezS7f?=>(kd2 z-*aU6L+{%0k@T(a(SP#K$6oNc&wTcN^Te^EXWja{gS9(<{q217v=9C1=Xbp1mS5j- z<`qxA@U&k&`<^#F{rax!zxk`bD_?)zb(cNwLl3<2KmX~Thw`KE9XaKa(d8@G-?o@c ze%U`(d4ZMr?5%G){-)zk{+mDeo4-Ht^%MVfPq}&4y~n?N;-=XN{pSZB_{i_S z=en=I{@<(K8*l&Xm(Did@Vzr`xcRS-@6gg0ANc$8KXF&(Pk#R4%JLt-{^rDU57frq z{@~MYeel`Nd)=dZZol(YOV72R{E<(Nzvs>$-th6-XD+(UNj?a2hC6-Yj2pi5rLWH2 z`0ZQnU#LH=^48)0_kL~S%X_{uW*)k@_O7p7_Km0C^jiDK%e?b$dBKHO^w(aQx#+j7 zBZ(`t|NOOg^^g8b>7Q|6^Z&n&0L9&A`N07C!d5 zuO=?McF(^(@MlMVv2(}lo+G{2-+9)JfAsOce8#0W?EKg#WL-%tMg zbx(ik<)_?y;_UD40dL+_|MQO>|ET%eT`xW71M9aBUiIej?|$r1@?*n4f5qSb$I!j+ zddrtTH@JGv?O%O+^HUGr`;u3E^4gwj-+14DUpjotRo}d9_WkZx|9J0%Cq|RcJ+=Ra z-@Nk5t6ul!H>dCHefILc+kg4?%E!;T{59UyOSjvNhkm1Q_Zgpi)5kvH?s)LTsPV6T zM_+DCEWB;u+TZ`oT|e9NjordU6K6BTfUUuhMfAU8YzjEl-&E=n3>rcI5{NhtCG0ymY??cbkKY8!9?=Rka z&Fp)>efBq=ddtrr%KY?#KYY=}U;DkQj8{Woqr*S{jrYCs-%daJqf@6&b8ovd`O(tx zH(u+!$o$1yUz$1RzwVhf&VbFH@~nrRHS_8Zo_X`p=Z#(e`K1OJ4V>WHwb^GF*rmy|siMKrPy|3JJ$FDy5(LK)H z)z=+-Y2m~f)Ycy-rejZ7x}w>e#(x!|KxRl`n7@E?s)Rh!+-MSumA6V9(eG^Cyl@Du1~)5 z{+~VP)K4xSt37q!x2m7G=Yhe>>i4g>`sh{bqhG5GKJ&)0+P}Q#Z5RFEy7%01=3H^* znEBHizCZS|=e_xJe|BE&-+whT_my{?cY5wQfApl+9en9`@1J|!@!vgu{gW>F^wi+9 zPra;o!H-u@zx7$Gzq$JHo4;In=QVe~_3dB&{?GsM@0^2Q{HGhf_r+`SAAQ%pmzw8a z_aC1f@Bi58ul$e1zI~V7yxUBC;PpE`@OvNbsXTn+o~OR=zfT-H`lB=F9`5o!^|{nT zhmPKJ-wXe2diJ)z`oas(TE9puyy^IkyStwC)6~tc|NM9U<+g9#@Qt%?yYqd&amx$7 z@UyGFF}3oMC*S|#JumsvZ9Q+d{^3OzzU|!~c=uB7_N$&e{Ozy2!h6@dip%*k-dMip z$W6^NpFa4l!EZe68%K{0zvkhe{P-Dv_mU44&b;6y=I8(7tl#_Ny~jWOi)*!4|F4^W znR)n0&pYkwAN#j^U;LN*e|W>!UvuJB54`x?pS|no^%uPJ9o6UExBAm}ylmHPPyO%e z&2M@42YWtU?f&Y0_kHJ-JO96dz28b+{k|h#Jbvu{YaV#>>EHO>%f9$uKl#`v{>n@?JO<`>Rbzc79G`9FTjkB?vQl{fr%V&%mzz3sL){Pmm8 zdBwN?;jXF4KmEj8ZaMO=)*Iit@0?G27gjDged;ZDT=J{uUcK~zoi9!N_?(qr|Lu3~ zo_X2uXI}J~>Es!w_TTWdsr%>NFwrx2@Yeh(ZykL8i=Xx9UH04mVAs1R&-vb~Mlx?X z{kEq*^B@29!=JnF)o=dkYb!TZZlC>0{x9yhWoh@{J?m#r`N9QXc*`e#qzz5{;WHXH zOnmSDAJ{wYeB+7Fo%-}wWp4S-H^21t?|GyB3Uw-rHzvv!3@4?kuM*iSyGcS3^b3gL5zZ+`IWR86I%vWV@z2|EWzv5m0>(kF& zncDlU+KDr+Ub^EsjSv0PZ(sN8rBD2F<{gQ*)F1&Te&^QF@4xv?A6d_P4}(v>>}@~1 z?@Nng$3O7V&sg7o;aO+iesATo2gm;L%)8E=`RV*k?zeX@edhZApS|afiy~Q?AfjtJ zBSst-5zq}}a1|4vARq`LV1n7**=2NhXPued1(9IRc;JZ&Bg@m7&#Tw`Q{*y`unfD1hrW6guTCTx|4m%RcKtR@;njnI6NRynZ!tO3e+AO}_hs zJkn+)D%V|F8&^8A>ACF=`HeXZZu<_Rxp&zhW51pmRof3e2`?T1 zpXrD0P`b1%ykAjrddKD7&*Dv4qxrY*2lrU(S8jB2es0e3}ec3i^w%mYhAOlq8CPH*eP4RKaEbb2tQ#u zV?1m0`mP^7ERnrztL}FeuNqN$>H5uRm+A9QR=;|?*1XxKIiglWdv2#N3BMY)dhNs1 zz?beB2U|;a-MshdR1x2wdt~x~pqndHs;ftZ5&4CIu1~sk#Eh%vd-RIx`su{=&xPxU z_&P|h*+TjX(ro?2y z-0p{mO?w$r_M~Npn!T0d#nbJg=J~J7$1huUd}8v_s)8S6UXk~C>cVD?4}ILb^`LRr z_e<2Pj!6?nRMoncEg_wOS-3UC{+!mfA+|lw%Dlquj+6m z$0~PeX=KSE)yXR@q{ZvpOuJnCH8^mc);( zpJeT5+~HmOEf0xv<}C)aEblPcwpG6b%Z(+S%6kvAtT}r2%_M&H#lT99uxfDWqtwmWLN4@r&-18f6Z^c+J9F>LcBHRyLQX!7N0CK9Iggcxn?a6 zTw9Ev$s9O-^Oi2`9G`(+?3{HQuE+moU9~p%Rm$v2qspbjv!@(CU$N)rWq*9Z`O}?Z z%RMAjw{i!k%$~g9y zN5iIFD7uz)OFlM!(}~c1&D;Bl6l!GU=0xL9sdrYSyb}-7q!#4exlj~$>S%ZNlBJRi zFLiKD`&oyxdv$lr3N#6MJ}#lz`|4}XpO>u{M&zv)kBi$jDIxXY*A;gn(wv@;OW6Kk zZNQP&OYfav9f`2rv&4CZ^`0d=tYfoR#LxXWXL~?tq`EqB^nr;jJx_nhyL$a=q~<7V z$8O@ov)P}K{MTFf6)&!If57hNYwRbsA%BTW&OViI{P@Pfw;`oZhP=BlW7gG`1=WMg zq+1L2w|w6w-)362iZ`%(`2*jpYH@iD5X|tNWbmm%BVI zyR~Y1Ky=2HoO##3HmhE2@@~ND4+l=Y&$E7%Kh%BW81dDh+%~bT@A%Cc?NmdQwovgt zXFTZMWy9tk0-&*UYUsW>&uA3Tv2?faZ}OT9DbKc3H^z6) z>tivjNrc~$!$%T*w-t1*v7GBHpz6U_5Xs9%cgjZL-7245-#&2M?V_-GMaP_XO*=7v z_{z-#jlXg-4vj#@<`yq;dOpACn9qig+%~Z-Uwro9JH3Z864Qq(Opkh%Sv0peKjsRL zAH6l)QdOSQGSal{-Rx&mGmcf1KTn7)|Kinu5E5pB`PEN>yG;RsMPOo4o1qMqBg7 zEcvb9vY7MB=CF=*5mob+T&{fmdh>5#U(B9t88l{2s$8<#gBUvC41ArvWV%V(*(}cC z-zE*^NfQIoi#wAY@!!^V>Rok{$lN2oc>ex;mx^aLN$pj=W4DT4jvZI_TXm;-Otrla ziQOh6whS29z1rwW%l79rrz*zwI(A(6Op!OxtZ>5ODUEkuics9XfArV<-tA&Lm~m31 zPi^0oOC^cM*B^xctje|Ny_5_sKWg1CIBTi{D2Nc)idUYkq!aPUe%9zhD1cGVMZHkYZ&g?Cufy z?hT@9?p2?58D2@rUxa?bb7PZ4WkD4!HD6Bzg}vO6S(8@Yx%XR-XYVbhmE2rk_^RSC zd@t1F&b{$sb2Cosq+dLb7n?ma3A^(!Kdg8AV*}I|QsZZgkH0lV-fNO)Y4E&G((HXo zarqkW&a+I?oR2)xue8fMSdiD-V&|C6s<7bh=%$aN(l*fBgK2Y;jvdL` zL9o0B8T-wQ$Ql!9G{J0U@zRfOrIFnQM-u(Y*KCSy&VODq>Rnk_Qi(YaiNe%=$#aXc ze5`_UQ#Y$WUB3Hf_K~LU&dP0zDyBXt8|!vc6lau53 zCO9{Bv$!HBWYv+0O~WP4-p8(4*uPCqWXhIQV`e*=g-d!@?n}lqEv0euox7TGP{Fk=j{;3b zu*OLs)f7>6@7Jp@?&?(zUunFrpj$T+Zh)_`-^%2J*{0@ZoXlRTuN6V-v5@i!-fJ#I zt=FW-O=(&glj~R$o_e^KdNZ2+Q72fnC!sV`FUi zo-H?$&oo6=oeVV3nc|t>c&`7}$@_OECoWr;lXLg}M&$go%((X3Y|J>QWxj8&v2mYq zt;TiB2}ntw{P}hJiu~cFo0E_U_wH4vw?%DP;aA&rm@x99^_fnC#;$AAzVd2R*vt6L zxc0Zv_G^q1hQF|0^wXW@Y3j6`EvFTs8z;2O*k~7?d@$E;X3d&o7S-E@)poCgn{!`o zpWez;)0h+DlkOp`?j6jh;J)rVw#mh2;rC~gvbXyR;^!Y8^^4YzFw6S*)n}V{|-5UDa$5?Ud~ll8lRBgzLFLmTweY%|8zy@M$2{? zJ>LlYPRDlK-6Z_J@$QYLnKkWhhoUasOe&g^AG&5_2u7#3&IwGJ5|o=-p7l^!`tzVL z&FTxjGEup!xB5nq=EKOv(>-YC~(=>g)}&9Fy^%>}M2-G`4M0P13}pdH0mibDqTsS$i zS$M2d@>5$)*|;I+IA)x4d#sXf8r|w)#T z&)Cm#+voGit{I=3X643r4a7QClr_t4y}?JMRG8m1Kd{Gm&U6ZGyC~mYu}2ZhpUSwK z-pzg%)Ad|`O-17&9;|^;Q!j2gRWY(>J2TF?jXixQG``q!vV2ZXk!&o5``x|sh9%vY z#v8bO)2t7faqXIV8~Zt)tBlQEXn*VRi2m0PwM#kU5a-s#yrS2|gmA88Um{g&WNzxh zJ+X}h?7X6v+eV+s6KZVRtm&7X)L!UW)ImcHOuLMp+aDYCxT$e}AKz!$&aGz@K|S|Q z+ciK_9oM8?M$)p=3`VQl9*Y|_JxjXo!fv;$?98}!+br_BL;ktvR~@`bck8kLs(zXd z_mc0$6sBLI3UraW%>1}!e_xx(g!!&rmihk@miU6gN!Y!kWhu70fO&r6+`nio5iS6EJ*lzMno zz@nlJ01I#K^&vOCx~Ry;>zy}5ja~BalE|MsFI929$xV03gUnTJxAog#GV^_LVE@9)+kHk+NIzbmTDd2CM44R055BgC2J5Sx7|z}U|*k6XZ5 zaxf=BvaxBz))l>mWt~VJ`4Q<6(Qab;sOc*bBpW+f51O03D7jCRuj{jAv&4(dWA8Sd z7+3XlkqtVu?}@`NmK`#S=+AGHZjvTWUa`pR5NVn9Q>jpJzKw6&W^k`$dx8RZEZ#V-@u5#0 ze=38}l&$SDdJ={4{eF75TR5XA?Uw~1qH5b<{+jS&Zd5K_(luvT%1`Ywdd4l>IcRIE z7anb{2smixc`0to+dh45wH#Z>j9K5=vzmv;!JAd#SH1eTy4Z|-l`=nTfO-yS{&CEh zB9oaPx5sq%H1=CLY~`3f_5-gx+P@?6`6^+xZJX&PY2y6ZzyE$|M8>iCPfVOB1l;m1 zb1SCpI{L9{f7K)#&AFbGERBuK#tWmyue?B zF##{ySI$dwn|l1$3j(fs277&WwWiDa9y6PUKR7V3P0p~CpmrHOR~2@*xjsbm;O9@* zr;aV};621Iw|T!`qKp^Jq41e+k|s_SEpDqYJ$dq?zp|4N6ACCAn$-0wtj;WK$_)jCOLUU6u2Ir=h;|lYk zrsMh^cUOz|{^r!wIxFp$Lr;v%%@0joxw&vaknN-;BY|S(>^9qxGHBV_yEoIicA&b` zCd+i1smb^RdFt}2+*E2xx%k_dcauwhAGECG!omllYTGsoKOE1UJ}B(iDrH{8JTQ6g z==x#goDw6;($`tJBTDxy+1t|3Q98Ngs$H(bpr1b%7ap|Q*|=Z+@QoA;Ncuhy%`Wj; zo@Azsskwf;<}@|oJ;J$hUDU(3KJSw7BuIlTU(&&=^GuU8@y#IE`$p#7Ci`1HZ<6(J zZbAHffA{LoNg~tn@!T`rh5K#WtTagzue`T7WbDh^97N2NV zcq-~S>-EQO&5Atxwhzp1>F0Q=m3eYY@|8pBzDa@n=X1f#jhd**Uvm18dPC@+q z>oZK!#3i>Ya#gvr2ep^1vfe$g;_B&-v8le#-}hO3!FYV`r$N?dF7CM8V^Ps|ACIRN z)17DSE!&=CV>*6-G$ZEmMLYA;6(J8dtt>iJeJ{$-BrS%08td5m?W{ZR!!}aP6;d!D zbwHANKUee8E2nnYsMoUj>FGlcT=F*V?kWu^=XsZT8~d$1u^06<_gmKcR-_A)=j$P#5XZwTD zZi}q~CireIb0mzT< ztNSR4TvnWoB=P9RV?RyYFf^qpQGWT*So^qs_WY<7{rbP#E~@SwjIqM6jvBgOo>P)O zEy=n~hSQ>l2PiatF4APp8sv6QvOBnR<#Az&2W5S`nQ_qGx7HloGu@#{|E?Jqk2bB^ zmE6Z-QU|}zH&1MzvN`8XzD8ac{#Bafo1mDQOt^4T&e?4qhJ)d8++j;l6WVKVV zZ^7kw^X^+m9qgq(2CSZtu@U7(vk8aFpweJ|)~PSQWsNK3t1n-jn)bGRl}pxQ6T)QK zm^+_uyF9vv@U5TPkwvuR$(3l8~>hjcG`d*GzTe8G{s zqWzq!P1wvan zg|l;`)@ynOTx+JR*zI}nbj<7Zr;nVzomrDsUiP%l#l|&VPP~jYQ!YCh*tl7|pu;e+ zxfv&=+tk8D^MoF-Mq_>!UcK~!wKN?^dUVgh&aKH0?vdFu*1U2A^tRXj2f3T97Dig+ zU@1d?O|sr|vhvxZkr(-m%U&%Pxj7B!zsV(R@oh8IaoeLq4mEL6L%W^-Tzu_qzgw!E zTTfMt-I!tG)ne?BLj(!xv^gv$a?}Vqs#V4%gQgstb>q z6?S7BNv}B*c8+V*{MNR@Atwjip1_+~yw+#spka}>#yRyf4-ejw+UM%f5*?`phuNY zF)ZnBEV;R@yhU>Q!0ShZW3`??q9f;R(Y%^OqjyspIa<8u_~JvKv^V=KJKt=~n6iu3 zk9V6681bHHymp`Er!F(bAK9N*5xFttndi8Nv73%H;`R7c93I%usGKNX*{-VQ`1YO*>^&`uWYdr*D)MY|5;$KuK0O`?6?VQ1R+1A62C{1!*4V7xKH> zW5>KRYnGkayA|6OyC7Rs6#o`vzUJYQsdHAuo4M~x-gHYa^;I$XFu9<5kk~OOw@s|E=XldK zo5$VD-@mO}vtWLn&AfO~^$mJ)anFxpnX@R`|Jl?+JFhd++iQm6*@lkacW%64$)OqO2b= z%X4kqyLiu8xJOG*i*t=GMa?_xGh_TF^T}V?%D{BL?ovr4=KESozO_)flWiyR-#vWw zP!;ucX!^wE$s&`qvm-h_wcBL%tm#D~vGeBsoL4acPF z^0*%NxMlo{6VE;Rdh_A{&le@f)|~0a^Lf?11&4oQ(yBHo7q4{Yq%4c_jeLb19QXQV z?sN7pkuNL9?;bVK?RvaOcQ*(y6#JW2lWzFU}u`QG;)RxDG$ox$?HXBHCEoThbrUZHs9 z{5i4lf=#PLC9P7<4PV^Ed%~~NhLkL-_|geFbHBv3bkXwk5+Qes=9jc*KR<0Aj(<2Y zb<@g$*A`+US9M#|dY2_xo!Gf#0Pa^_)5CGav!IBS@%Aq+Z!YfV;YKW2!EL;GXvY&r zCF;)ZHD5mr*7T3L7jKpMa^7L*7mw~wI5_or&BgL-xvfvdp2)aaG|=qEf-qk9>pQld z z_wBu`V2gc?QAXHCSf;ApJ^I>tw>b;?3>B5MO*uDWQifNrLBkHZ-{pL;DdlhTIJ#gx ztMLA|!~p@e6mL2I+6`%6;+4bN#*}qR&Ze2B?v?y26 zdd?D)lE9*Yj-#Gl8@r9&*2~yWY@({FE^jr}IHv97NcJ|9u$-D$yJ!44%^vN{e7WfQ z>ZuXcd$)zWSR^^T_D+|r4w@&L(k-aV=bH5usry7ftr)}#XSdz4p^(_x>FdxJ7f%#m zWxGy)wut$7!#T6xoI}Ik6?Y9)NAp!r+CH$&ICeb7B}4PDN8ifl&W}!ddS4>v`#YO) zQj7!_JcbFUHVq&8>E}?h3ZnXr&*#+Pym&G+>{#(n+n40G_ZYge;z_}(OXWv$kDvNl zt}5;AGqC@a&_f>Y>wc!E2kgAOGHSt;Wh1b2`#I+MCaghL>D^*yPxrQPN*s{U9}_amt{69ygG1Bc`@$*X08P9)fpNPjq z_zs?AL;e!?*ksGfS1s2yEAXgVzQ)=tVRlVl(^*Fcp0Zr%;}n$JX4{hdFKf(l2b#S6 zHFL<#Ypy0UDiT(R9+fN#t%%f2IX3+!;r_*<*^(7bo4ftIynXHjGme?$jODGh_VeFZ zRVG^6zV&DqXV1Pg#Mp0Rvf#q3zCTZGlvQndO|7rxlqqlz*6khu(Ey1c_l?6=X^`pwC)`8v7(?oXkU@9ag- zwVwB(X_SqLjmfYp2NoNxy)^B4(&eaUp{9P>#4#TZE1cb0H6g-3I#Xm{<6hahGx4hC z&25wZCjCp5ZMQ`(+x%>2+MO|D$r-)vl}m{U?(D66RcxnN2qcj-ixA0j3n-f;@M@nY+mklnq0(>c74Ft&i9&Z7=JG} z-93{1u6qlz+NG#j6ZWFv#(o>8ad@gnc-rcTX`f6pR-Z}mlZP!deXf}*Z{#{MuJFK( zSMu3%)1gTYm6P*+yKXX87}IiphlQ?D^ZSK3Y>tpOp4d41_ST}U@~VUVeqLN8gW78n zUgTTsIFUW$LfrOD^PcRl0mgnCjk!G4rOOdt;w7K3&d(1lokDzx>s9_NVy8GS%qcNp zr}38y>0h0~pT@gaMR`3;ocOqvZOZI@8?QTAPg6Jzm_NDA?et5j7Q0QxJ*kNFk1s!e z@BX@dQ9q$UtZ;UVU0LJ$@7?z%=Sa5#o2r@Zw&+H&FC{sYZ8DZcBD z6uNY~{I2J`&n+_MmhbA5`gNPhxE536SHHcr{m}5cqEs#5eGSOq_gr7H_^XxO_W7)nVv*wm}j(1<+@3?^X;_MS?HpkiTOX?l? zWZW6cCH@Cm42mrK(&FTRTKk@g_S+}{|bI*?#n{m7rlxD3n*+IUy ztbB8PSFwts5}z_9da7Ta-cs<3hlK01@Yama{E6nnCdJ=;xWq(b{A9*g*}Cm7j~1A= zNg2N($vV~eMZDje@QQV(QZ?}5rtUwTJ#D${@H$rZ_zM1r^k!}SUUqtV)%X%SVqKDT zYL5j8H`h#BaYN0Scf{1))P3f;#IF7wLZ=N(icArdnC7Uqu1hcQ-s5HL*K>y8W8CXf zn`uYRl)kf#c42K%|5SB(@>g%`M~_2`;_q-q^_~B`s z^2?HTJge-y+4Jwo@e)s?0{YI-VT}9s~jHKM|CQAmTMB#c;)RW145&mDxv(P+iKc3RlBX( z)#>TY(aqSGMi~2fec5{C*!E3j&&oSoSZi{#g}P04Ms_RK*r2=nC%ROwJK5s#+e07T zJ>CZo%DX-Htdnijyt70Zr~Q+I)_J1U(aPr8r(c<09hdidp-HvrG2%drPZGa_eRn=w z+i^_7tec_p&aT~}B6=dE>pO zET6yWXui*Q?6#eo4q1GX%vm+9pK{IcBG*ZpLYS+j_xpk2JS7oJ)(g z+=$>lY~}huxo}2q2O}b>NHg`tP;SzVH?1FZ%xGGW@nDii<;Ihy?up8)IcM@dO~@)d zbMxk2!J5(6LQl7!^45l(<7MpUHNEfa`=`%YW{s6TSyDL8?QWN;nA6>puRNOHZ9CO1 zqiCy#Wc8WE%Toi4?`$>8?4K=4XzsK2mCJB$|3yKoW=;7xX~|aypAUkQH}CB*y;*wn z(8Om;7Kh0mbWdA)wV-;K*B(D(Kd)cI3v!&-UcTLq%Xc18HJ>E#(7 z-F6vu&2uPBpT8n(@)?INgtY6_=G7^`IXMbe%5v`A5Dbd&`uFGMwJ{~4+<2}LSyjz3 z*?ih^&RqW~&jy8IeXAg^*O}(fo|9&|gKgg~IJ>LU;KUuira`%>L*YSf;(lT~K6|#< z8Ex`$RxdW2?RdOh1_iCxa+9>VbLXCI6q4Jfb?eqEqFCW$Uzi~D)GO{MU!$~nrA_DptA|pq8hrV0~2d<<2 zDEqzwCl`UEOCNiCfxZ2hrw7;9svyV2s3f+21qTPZ!blbSg^`hwk+1g%uU$i;rvI-u zv;6z})4w0s|Ao`%R>=_sN$_NtXwsi;;}7#;NtB1@BXiU;wPq$Sx|_; zc`aN>0m~5qq{IkPiX+5i8Q4>-#0ZpP1p(MXO$hi5oA87vset7uPlU<&%-<{sQqw21 z3820_C!RA)j7kxL6hK5Y?C9bua22_V+z_G2O=2%{a)DjNlD-aZ?rwcWVmFbC1LElD zDsggvoyAU$_K3ZUlhDc4(O%@@?B?p|?uPUgy0di0SPLMwqrIa&*S;^;-jPyG&W-{X z7oMAodtVo~KK3pGCwn&Qe@)>3=f6KI|37@_lfmzgr2a2{KOp}EB2wWf8OxQUBr2uvBl%Nm z;1A^A!O6wB-uW*s|DONykNm8xputL56pcXss0dLI2*jML3OVxZSyoosLsK*w4G#td zc^EF`%jm)c-{05Mdqjvg*O6z>BV$MwRV73ejmTlG&Y&;wMhPflaDYEJb)H3l0;9D$ zMeP8p1*#DomdPMJn?Zz1E{E}07W1zF3SoHBun?-CkHwH;5t0bj)W*8*r1)r#k6Z*aW~0j?xKAPE|S=x!l{WlB^*UxEjra*Ak}1X4&*MGUwT zj6OW(-wCFH-w)`2a3USSmBF|a`Frd?=X&;^v!lzu`v0H!84R=lto7*Q0~swvnf?et z>U5SIkpp{=?K%wA9xg9Zsss?*nK>LEm7@(5cd)Np-ko}!NMFCrl#h{9D#DdH8$3oH zLlu+$yMp^$e?Kn&azu=(f_G)$lbgef2-hC~zuDnw-{84J!_#}p7j!U{2riwUj> zlPhH?tPmkQRx~C@^zLbmM#D33JY%?&&q75M*4h$=o@|-1p+;~cblr;&7)nK?71k?;1>G}s2SJ!zK7oxvuk1j_s1&a%bWGaG0aByu2 z?Y{uf5IKy>1bU|iF~|U87Q{I3hcG^OeR)KTqoP4#grLC5Dd|@5B)G0Ztq-hv5dhts zz||2-ijvVPp`nLg`!APvH*pQ>*NGnduX+C8pZ@ok^gnG8{_q6wef{t3YVT}cNB=w9 zJN>Kw|B;`S6*NqS31J!J1;mzdpDJM-mLnvB6D%t$C`g9D1j3=cyks;?(vDwnR|BR- za2yrWm;2YP%z;paNTw2_3Mph5Y2+|hN2_r9JaZL6*O$_$(05>1SwWu6E#u_;7yQ9CJRACI6_h#V$o2*l{Y%B7C>?FEGr1A4MG6PW3_*e zfaQq3gaJqacnd*XgTj7DEd5niiy$!^mLi@qm>?*yAqLMNrogCegNc*rAfrF2GB_g9 z&sLNMrnN0l#JEls8^|gNO9?*JX8?+}@wHuJ>Y`YkERXtNSP(?QQtgb-6(d3vR&X8c zxwr!h`0+!SYu;f!ae^=zDvD(>Zhmk<0C3*h43=r&Si%NEB~1TFSPG#8WFvz~gdlA= z;ND_z7d=(nS26-4gK&gE6r>FePDcd+pFc?@L~sQ{A_Nb`_+m^%@KpqYbEPU&jPOAN z1m8-DBV46QCPNicF8vNbqBuZ@ssJ)HDB9XE6`sZ-%>BW$G6(v4^ zm^*o_tRP1q~B? zD+)XpQ*eba5zW=XWkGZs0tnp6P6sGSoNAH8K#UIsBcsz}1_q);C6iG@1d)hbNiip6 z3v`~=C<9}NBS1TXv9zNE%?kV($iNfSX%Sqf@MEpfz_hPx0c3$lAxaupf`)34`mDxe zDmfB_;Bu5;;%}bOutG{}T1=xra5}n)KuSu#5F}Ftl4B|b3GN4=5Dr!;1{0wKf(s-B zxE7UazCLgk1Tl#mT1qo|QtL@*Na-}JcJyq(XdNMK3o{|Z@2Q&qy0ZCisvAZGYpWa@ zKW$5YLEZdyh4c5T99@s=shvMkJWMRyki+%Ce@{$7A~B4H9)XdF0CY|ijcF8Go~G7U zkOY&7DKmk9#F&E7R5T0*1P|A8Hw}!^OA3qx5QK;f)6^Fu-XDMni$)ZX?j6-O!&_iL zwbl*9hE*iSrVON7eFXZ2r0?($MQboHY&2lQ9+4PC)fZFZE=LuJm@=X8UQ$XvIgpB= zl#K|J%VC9>5I|9=7~-m;1mNFc&{RmIA|bAr4Y47v#4(BnPa{O(i!hkVVkxK+l?*KB z1C@v(BpQ{FOd>)wOhAN4M6b}rv6SSB02Zj2fNUv3+H0>rfn_pGgNW^zSuO%oL2@`2 z(!jKap{+lZ_%pQj(4woL`YA*e^pry(LpP$t#PtT7QBWR0KY_6(qUEDOqdZZx923_r zp`A19fMFDxPAx+AK*fgwkPs{*5nMsd6@(}n5vybf&Vdk~ln1dX18@?XSI><5rqsb= zN)=MNkIVQ23YUw5h z%7S1)5HpboAP0MU%6>GUC3vI97+0er1R5+7QB%@?jd6fo?9cW09_{Tr3K#Qu?(I`laNPxnJg_s)Q(34B83S=}!Fw1l>n?%EEq!vvKJ&iP1 z2afU=oe6lZ&lrfmTSlFjwpNo$aD-3n}Oo4)I!Hld@A~<-Y>@ie^ND+dveN{|{ss8@WeI;nM z$0ef?E{m1QQTU=cb|xf<$03CFfL2pb3Q<#W4j4pQvFRrF1IGiW+e(l0#8h z0~#HI^+AY#h~>XWQEkAf9z}uOD@O6Z0Z9sn+8EH6TsPoH1DD8BC=AxF$0!?IEN1*3 z4GjYDoesrt-F?0E=#x0?tx$sp{eFv~fr0c3h_)025L*c2Y??^=I=a80vEuLjQ%09I;O6EyoV$WcfUwV{oMal$iz@lP;|O|26LCB;Gr#-+sHM0CS}_XVvD#-&7U zTwq9~B1lXQrelNbZp4r|NE}uWun2sXVbXsL-7r`NE;Fvft6Bq-o|z0f!wl8irwGrhL4E$&+`eAGGpu5K*0W~ zOFd7+{?{WPi0q0HaeX=tCbR~RP(?!2{0|C7>aT|eE5W+8{(vOC8>R&Hk|(Z1kiWuF zR$%4JWu_Q{OJZCh!j)mL7!h+NI40+U2Dum+jo@4|8diX5h`CPJ01$;yT~c~8#G*)A zpAls!2%MAP z=!QvWsI?~LI@7OiSpoQ3Yxo6Si0yunhPqhtdtsfi` zYX!&Px^WP)z{L9PK(rH-(n?Ys79sSF)qlz{LJ^Bn%LHGE(f{FFX`!N+f{RJG)CZa; z4L%H`+6zK(6caPImkS^#+8^leH8`lA!eGh7u(Dy-2QCvpHa5WBh^rBtc~D|Fsr?g2 zBxsDbkV>L|pp=@|2<-!^5Z8LpIZXrrIE;&;BVm%nbw@vLtq)K5Ft1nYSfl9M1lChpsS8an92lKfsho#pbDw> z9p8$A$ffY15Y|UqwHOK*?1Sh%dJwFLrB)9p!{!EQc#L~p4#xtmzc|Yx@(p4* zhQbxnBTMI={XzeKz?Uu(Aq2rSa2z$@Qy0lFm6*%yqr|DTDx!g9GQJg#5G0O@NG=0L zg5jV~+AeAR$qjcc1oR;oR!9*h=FSECAi@7A(}Rf-!#D}i%MUs@A%oS3En!C~JL(^5 z(!f+Con*~03#NdGXgQN<4Rqd+SctJ7nNTZ$rSpM{>DY`CBM4L|i-mycX%K*7YD%q9;;hh z^Fa-Q@9f}e2T;`lG(h>=K=p+T|71Wqxw<&paVTK4Oo>3!f)M!FAVh(wq|p#6sWYF^ zfpnP+k%1|cTAM{9uo|VO6qYVxB+yG(ls=5a=yjS>B(6fhUm&6m!H@#cK%`tL(T2LH zZ#W{y)J%8*L<;o7tCQ`z0Tg{shQ5s`5W#}n+}t4jcu^K7m|#8i+h9R;U?yNn?bcyb zA;oY+Oi?4MeiTmEDU^Vsz)TRO#SAn`N5pC)*^m<_h|V*h78*3UASMS2qLZMktRP>B z*1^rGl`utne)}7~8o-oi!mDg9yP+yK@gc1 zBsVQ5p1N!TZ4!YFq7ac_IHF}@U=0fqNQkKvVl8_i%$$r85Yn*b=0F6-0dqFvALHm! z6o3IsCk#@=;RQ1}HW&`^K!Ukm&uYD?pc~p*mTF!Jlk{%+I#>c(q;LVA77&gA(E-}) zB1R<=1lOg1)lJ1CbRr4B1i@rrWm!Ppi5rS14O@Yqv48}luPAK@S&8afzKma`v*UE%t(X+Ea zn|UHeI1nt6PzpAd1Cf{vp>1G-LobMM6vI(6Rzy)A(t3etCksYN1A$7x5dTS=tCqdZ zr@??oH)U<|t*HMJhzzjYe;2a0uUuFm=E4dR;KDAj%lLp#Qd)^?G3G(ZS=;UP!{3lW*t=&o;uD>1RZVF@KB z9$dc=gN?z=Wy8dTy>&i$gKR(TC!jcW+K_SX`x;L81jDWRSc4ej>bxP^Z`x!%NT?!W zg;Zx|B5oO6tGY`4rSp`X5t( zT0QEUf*`{axp1;}JIs+NoTvouXP#Ez+<5Kr4Pz zThYSs-_d-Au>Mti|Doao8tFgKd)nMz;7%biW=U4dTMCAYNpd3Uu84KpQEIR38d_Fs zLq~{iyS{FtKApY>HsQ1WRN}e_lPgsqdz*2%fn3g7#{twn3_!cL-_gZ2fH~b!siGe3 z<#d{aSX|4iNn&)=4y=TgGAtGm>rWe?+M*;1Q`8k{7UNcA*oHBCXxeJCB&k)^2*YA} zz&t2WA&Z5471Xi}90MnjpwucIqW#@W%Ax|()c3V8E^pmJj)5)5#E1-ZN2!#>^5}eT z#yJ40aDX3`5-);|^MKrR45!wBG&CkS3lyF~jvmuhW^JYyQ@mCHfIxr0N)Yf6Q4FH9 z-Y^A&1;rs8!?FN21x^WUM+G9H2Sb8ma^Qld$wY&(t&1!qMyRE=HX#ou?exxOnGDl- z$I#wgEo%ZOs02b{C>BRSB0tz{Kxn4|3VGmFQb-M4Dsk})$r!o>VIar@lMsv}x}6J# z18hU+cQWW#$DoQFCPmR&uO_vc#Zj1cEMN+R0Sl-N_8VfDm>vcWa5>-z%p9@jHH2}L z4N;MF>=2bB1P9U}Oxijq!-VeW0YfRCBr&EJ43TL>bjX4ok<77qAhkn7`#Q8K@QeqX z!bnFmuxo+(n`)FmY5_Cck@+1OK}0lgeZn#VAgmoB83;lkVxGZ7;9YAH`1V-pbTyzj zGd1gVG>(CsGaMuqh-;Pgj!{z5sNFV1SKvZ%laN>esK~A3jQ|rHymer)bQu3RbX@)(Z0ME6DF2Z9VO5ghJ?+#$6=IZqgPHuG ztif!p-GEHTUTp}v6;v4w5@`|O5)>f>gu`@=XqeVYw5;0z=Nnxv1VHcvRSCUA7Br|$ z)}v}Ni2y)$b-{fA62VDSLZ1Q3f@(c#Ge&98008N!{|s^~7(kYFE!Ob?{CW|1Q#j*19M9bq`NcDAx& zG4C4QMPhKs5^Y}^1k4+Xiq~EYF~=w=aj@P%R6rjQA{?fw*--3e(_j%Mk)W@GyBl4g ze(aUOBLGvNjDBwbeaIkeU28q2-Khdpu>g|OQ1nYF5DQjQ)`F8gv)>V-@g7C11xiUU z6QC!Z_!*?@L9mLRTZM==Lh&ER8R%+16lnNnN~s9L5scvLDb3YRTvl}Ms&=U9%?@A$ zS%xD+_3O_Q+JMY9x=pI1fN?-sOcPZEsqHHP;VKzrDJbcV!D3iR(xOIUbdnZGqtWdL z4S**h5J53EWy)X*g2Z8zF?awdtzF9Gei~%DX&Ferx0EU`&^}RfJS;;fHuOC%3x_61K)!k7pLEn&2C@|H5=kV@$pfoo!68kT1^49j4tJ9mh z?cVl0_c~`xxVzWeH(lqb2I$}2({*=GdjUmhm}SJ|(=%f6ebuJHF%?265SebIBDEuB zMS)aExe7$16)~)a`h()m7&}HlBeaMtFOU zvay3k)v0WNNF;$yF{ow-dHaWWL-vsO2rmi)>T9GhmP80>XmDV_H-JE3pBWDJo&($! z7)h~?t&LXD?QJ-a?!ke2&=S|ij;*7Gyf(cId|?J}sGo`e{x-J%;33}r>^dK7DId0> z>8Zt+U8@0oAHUViu)(3jyuaT}2s))+GZYB`T(;Ky`pzaAuup}VdKd$%Ax&Xr1rZ4H zry18Es?OE#(rM8D3Dw#s!@SbEB!h-UdWQ!E29NR%j`Z>k89c<_JJQR0=-^QQQIP@O zqk?@sL$qYl?&hH^Gd8OZRIpBE5)B&Ip#5J^G4;1-L*Lod-hdHOcW?H80jIyXG^Q=X zzr3P{pn7ZT`penxENB~E(l)%P{noPf8w*w!SVWB}mlE_CLHc{Jz&AQ@TJQb$8Q^>4 z`p08io0tIr0dQsuLXhVHTJ&!Eu% z5+UrrRX|G!c^x{i8v6TNLZkE5{D{~z#N7s>r1$%HAta2-h(A_Wj4App5fEaS41pEj zP+3e!#-QPEsw+JmI0m}X@F1FRp@1q#L|Rv+=}@3EWpprpNLxmuVlkqqFTcR}VKYml zI?Swu$!MxQg8}1fY4<0_yWS3r|75E9D`WR9n$#Ura6q3vrK&cNx{CR~a`@yQ%`aM) z?>|g1y+ZkBT<8awzIKmT)c@oE<`vjqvj4RnEP_8GaFlllkBlL|*T(nle+PRPr@HsQ zxj4H0d;jM@^6TB3Io%r)f-N&30Y?)}UxSG-_dTKnBt)1qyy?uX-o05Y!*dZ}g+31k z5kqPert_A*7382kG64?yh)YO<$z+&@YQ$>_8fp*t!jf3Lj{{&9J z-Sy`YW0It5e<7wvj%{ZL*}rk4Hwo}9oV3R&&=`G>JpZ2v^IdvSL||A} z7jf1_25?nf;n(I>)4kSqjVkwpqQ&G8a=Ex1;&Mqc7UH7R6GG{E(!*v1qDF9=AEOYL z4$ghEY4BA`Brc**d$5Cs=|`sCV6h=XDb-3`t*kw*Lb0QzxZyIjvM=oz-NWV5vFjg> zj?`zY6}>4Mfn3W5T!f+mO-IUrVc?BBBV}!GD>K@`}LBA>7?MlGKAUX;*xIu=*g86D(?-B~6!G!3 z6yAtHFYid-pgL*}Y|Z&W8Lq9oP!f?7W9`TD2ofe$1P>OAamr=^@0f>pwp~3Gf&zm_ z)j{H~G*2iI5nw&go^~@qJX^Pm_XkJbPHSzTl7^>ctx~3n+d)u#yn$k3H>{Z$Mlh84 zo(%aRE*FrZr;Zl?kEERDG4Q<>qZyug@?B=r9e*o_V<8frgg`JPK{SvYRj9OAyVpBJ z#WzTs{H?v4hNoM|g@GJ&kWUJ@3`n*BvZ*ywt3^M^L7E@r37cAi6XG2_+SjuI+4KuAx2^#t)LmE8}d+QKZd;>7+oIqA7(V!@mlfwVebB`%&jMp zmcM^sx$^&??{&GOf1qKtOhI*yE5UFLjEjGaGYGYa|AXA|#}pO(0MUE>BMjl-=*F|> z+4CI!9}V)4n=o~jf(;N!4a-n5Od>QkR84NZ;`A;oo(9Ghs6tBcaQc*lQLt3cO|((0 ztJ_mc{LwUg6jONPIEE9Dz@r{uwXO`oQ`e=6ZWswRWGhBRB*Z3|HD!aNZoq4HR0|-J zg$?zz`*z0=fEiDvl;W@$(KpCL#x6RqEzkhi>JbKN%fr4-vfCxYpPsB+2<$L zsa&ItxBvt~k_Ps$v&2U#BheMQMS&l>7TVo{pLE)Xpogg5h#M0;Pc8P=t6Ch`T=gNd zZT%5qhmI(*5%xTpiJA4%q{Oi~7}nK03`wZ8mk{#ZBi4F3W?~Me2W0Fg>C9hInZg2~|3|DgON}QjZMQkwZkwPwNj+7CNK$+Wc8q zpHH=OH0T909s^XD!>!+ih|Knur5i~s=OhSyslCLW=QGczKnzi~Z0T4o)jl%E&KxG0 z)FwskBv=C{(`(}Iv#BSjsQ!<)o#u9!`VpJq(GlDd9~)fU1?|dm3oK zM0<6WM4P$1b=?_~0C(z%^F*qr|99aI;&`CVtJh!}e671EM5T|5!)$%Zj8|L?`mXIh)=UJSoctp!Ceq z8ug8Yv|^nm1oNi;YL?gjH$^q{_qa}g$Jv77-#935p^N|fr`F|xWzoOQ5%KTG(uM+Q?>vyDtOX8KS`k z;tbso@MVLLwo}iM3FU#k(oqBG+F@gAHETVGGwpi+G63gaj5u}24v@ZP;tu|Erkx6v zn-pZTbCuP3JZA=LQwfTr`@o!!&190|zhZNcBzd;}&bvUNWwq0j3lrBcx{o+vc_&Gt zn%}CqhRq)C)OsbBYbM)KYeXhMin0WittI`_P#NTGPzu#K^>Xe-jgc=^KY_jqPQzya0A9V)a3=nMi_G1+%6swIG&_s*9mH zuVN9N^We+HbYa1J!?nI{FU4)m{YYNevGP+ zA9qoDgGzHTlLm0f-Ng^)>?NjLSvqW`frlgnm4<9qm^)mp-}e%w7Z|E`bdD0jl?^-c zA6;}s7+UXzRzy^9J}*xcEnY9#7ONcelmH(~?J`SqWY?-pSiRVAw-k@rKQNT5JA99m1RM9X3RDnI<$v)%ErKQgLe8`g+b;FPVTf`kqO`I*-biU(70Q z3;k2}qw{_)LZQiwo%xiRpVf0dX%^J0K%1gwLk(xOi@E@1YJ*r1UujNW4HG%LbS|j+ zXtBt2sygOG8feu{tV>|D=qPj`v-2In@h1{O)eynBbN&sa5jwB_sAmY+hgWfkfQIhr z7*TSBFc2w9rr&jIO2IuQRjS8f$-aJ-)}UWwV^C9cH6$~6EHt7D791S&N)%~-yv0YA zTXF7ql5G?Nym(s`hc+MM=~LD-_8$xTxhy*s98UWy&AIb1L$vM78j=q-(5+tXxg0xI zm^YQT9{EBnSB6116MSp}W(AMX5dni7naSeu+|^NIV%p$WGJO9UThFfot#`tb zn3H?NRQ;>r6|f|x;zg2h8PP#`>&1pafZxxkF+wfo1vx1%Tfx+8H6yu=*yuNOd#kGC z6i*hdc2F@Tnq=zOQdN?X|MD9aTuQ`^MycA;9DhcmD0mk60}R+os;wvLrIl3Kth>L~ zf34RueZ>p4YCAb<)Y8#tswq{Xniq$0IJe@4OOaL7LKb7o;jJ8di{fy>@tWu?L~)r$ zc~Ml~8OaY%mX*gQF(XPQ42iPfe}o{-wW7Vma{$~rT0@bCllU_l1r8?7 zfHi{&k*|{eOn?1V%3x}sU$6)HIpTM@LUyu~ zrek9-q24=z%rFV1$=!SLxVPdK1BVy4cte8;3j^b2J&R3I@OMUCRR7hj8$}yNn4qX^ zTKn{?`>A*Q@vx6R^^T7YdKX6@PP@Ola22Sl+`^1kpeE%bsZy5|#-iV1N=jB~eNnm8|C4dJKFWs3g z&iZFYkQ8+OuD5U8Na)uAV~Y>~EY^a__PD36{gN?W{2{i~hs^B7bvBSu4zO4NG0hB( zx`_EU@n!z}K17wcVg6OgWRxZ7m7YeBnKugkuim{7lf-=bCw0g29VNWFO-;!j=`mY( zR^sWDE>nGzY%jY><~TW(Zj}mC*|JO0^2KoJdiDsdB`#MLONXOu{h z3h6f5g^N@yqBw8;omX)-OONzQW&5i%T2MNb57^8excH!rM1%J??)}~(liW*Ab9IY=`-jqg&4?qw;Q$b4TA!fCD^ zFWb1G$3yG+z$q1(M3+{8+U)Gw;ed-jC-mkP^I^ky*JM#aenRY(=pUeMub~+jU-`RcU{}1t0;Q!LIwL#p#pFv`#hBT802J)3p zHuxWo_^&zs^Dkq2NZ8V+c7=S8gL^&JnXU@o)oxI>50p-=oKn~whSbIW>>%1#6dU(& zFxfyq$i(O|AOHFl(tybC=&!$Ej(*VHlR$mAMZ?`~;#!9NWdTQ@zoAv3(Z3ej=o-nL zEzI)iFt^LkIc2(UjU!5O?xmFL7Ef}_nLwJ8p)$ua!Sr8b0o=8!Iu(Wt)x z5wG;QBmYmvw=UQL=H35pZM9SUe{Xy1IsfZ}JSk?GoAyr7wq*N>EOv>Vp@{7lM>Pit zZ`u9hyAlmG$M=}sH+UFA2CM33x3r3EZCCcEQgX?5UZ9@iup30(Aq!pG$T`auM>g1V z{GxdF3_rw#qff&!)+4Q#jF21~;Z}&jQI6yQmK76>CY~pyD<2#dD}dgD7DZ z*YG7>jG{DKG5A?2zjD)&2BNc>>?S38EQ_>d2&=Q5^;VNxCuH=mFn&L_5bay&Cc`w{}4}#mlAyS)d2lYioHF;EF@TVhW9o)q66K&w&z-^d&{Hn)*m>`>(Bt_{O7P)YBHA1pXiD8K z>eS-h?MoN!?(A&s)DRkRXm3@``2^b^TxTW*2G!r_^IVzh2R!rmf2XsT;{Q9_yF1VP{~?|f z_b}X;V=4ZeIV8c`p_KL}mPuBk6o1bWeiddY*-{qZIdz{t$|UoTO@kGAWjEE6>&U$u9rLJuBe%v<{Ye{*v;E&sQl z^*;~uROSEg~=v4N+jXc70NB%E$jlBE_FpvN5ZKwJF?q>Vh z{_8=WuO(rNlW9t9{=EVuqQH}^W3^}qML z{vYI7;{H#~`H7nI149}>UeGCFVGvhNysiRJ zK|2Yka?DaA!_e$iLB1j<>1we`Gv#L$(W;-j?*DPn`vzF`=Ba|p_y4WE&CYJd{&Vly z|KmZPYDeoTo*qT{4-9kAzADnsRTkAN+T{bC)mO0jW^7TQWmORs`S_nU*HNA2yA7B_{4^yPFN-@jYcA7&K>R6np@H{4w#XUrDL5N2*EV4(E0*9j z6&sw37iEC6FIjR@KMnMoED(D#X@hhVsB~+p%p&0Asq#!{%faq0uDY+5}T%z74Q|SzmQF6pztjUzwk@8dDqR2y_31EtS zJqc*@GC-`Ogb$$HvLGrJ)NP3U%<$F&j##{>736A7Y;jRDg0V{fp9FQ6<$IOIlb0L% z$;hnA1}<63FpbO6k;Ih@hsF86lSrqEO}a-mP-{rt7N4ZvHmonHH@6vI)WRfrnZ=r_ zL;gT(C}4d^t%lZ0(3)l=k$(E=%}d4ESGvbu017W#LOtyLhHoHuY7u)p>2U#BxGq zx9d$uST9-<71P%*y9rx)Dy2A#)BV6EOhNUx<$V}%34L}3--rcEuhBv++|yN zNoHDJ>FTVy@=8CXHr<7H%c8~8I7fSXd#GiT>lU9(7X&G12hQopLy$IECSZA0m|9tW zf5dH|0!b|neAyEFs6Z0CDj<|;VR{6l2LBcrL~%bXBnHD3<)9`8#Ooc>3b%<_IPfdopKN7Zol9_TRN*o*sixMWc$QD=J$y}CGXmc+aPWfUm@{w0}1W2fz zOB@XHzzR7z{6cv^-Er&^vcBS_8vj`BI?Z@IEV)QC@IB!bni+G|Gr;_#!NSwJ;@Q08 zBz^;PcL$F8-^Z7Sr@eQ_hnE+}{rRHYjPN?DyR4pj@T;~XS2!vf&|Mt&FVD^oe>yzB z>>r+gIy}GJKRWyQ@O)`tJ)ew--zWYx@%O1W5$CV!@}~f2|M2{xggECYdn#-Ss-J%z z{(Jdu@^wl%Q;|wST@eMnB_Zn-prE>z!OS#W5!mzNC80e(UJTUC>r?Z+62gJd%JnN$5ip?pVZqO?a75`C^(LS}pXyQy#S)~{q( zE6KbZea_9fT!EHSsgp}4F7M)vxg!nm0ux#=@>Guh`g(<&`dREGbK6JXvuW>R-wM-2 zXaUqMi?JmSOmj&79&c0QNY`By_#s(_d&GC9pA5#BS1Z?aJX^E)o-S+rpN4}|n^;(1 z?k?$*lWMBSAt%oRA{Eg+2VW(dLbVM+a{A=P6YHdw&|Brq^Eb4d%kh_4$x(p)Bm&D- zepbfT@J{%`#O<*ZRm>?{Jka=vcf+b1?^7qLfA@zxk>OJ*It81t`Mi<9@WVVec zk89jahzlhsM+&}r=ESRO%8QdZGf*%LovERVzE(k8C0VUNPK&xq;A~248cw_DgiM(~ zOQMthNsj5123^#7Pb<>78BHcfo=eA@k(MlZB93iC|=~Um*_n7 zY#fk&;NyUdXAqh=S^>ZS_w$;ljMmY1C<4||}5sGw?8#+!6zWS{5yEg3Jz;iw%a`Ef4lJ&c1WpEF$h+&vA@11fDWU)PBP2Y1 zEad_7wdGds8HfH!@_WsdpHy>Tepb(9Tlo4M)Zy`-)y02UHvaR@-p=M$I{s6q{T%<{ zL7oSR>`<8R9a8AtS2WOMni1KRvs{jqZ#u$*8u}9o@z8ndGS9=rmQWd_zlq=y5v;jV zm?E)6kcq62oZmyP{8Z5T+{hD)_xFuQpisD}5P~A_ypmVD`Xpt+C<#MR(!CLgV)?G; zhN36|AQ_Be2^gNEQB(xy5u;Je2h%W)RfO>zkK#EV#dAE0=Xew=^h17*NAdK5eU3-* z9FL-O<&}PTjz{qvk7E8l@Enige@;A#Z{9TR+c5h3UIS8;97dB>mQgmBG+t`PbhoiA z9nfNa{R{-p5iOo0TBO$PJx8=yeXxlK37e7L$Re-=U$BQgA$QLi{N>T<(Z#{L%ij6> zVsFmU4i<}WF$d&duya8DszCqJJ1)d#3D~NWI{{9ir7X$k&b$D(zkhyocF~8>8Z&oICD?n8i2ysPxVd?yK(KRSUW%b>F8e-@#d2e{jxCTKK@j>2Of@$ z9x8V5uGc@jJUFe^gWwAXr&VEpcXWDCy=m&&*`_rYlycY93uf6`aSHjl%rF7jH?UzO za^T;APWy+w^ZlPMdlwg#nFsc*$t4bg${a-X@zc@qMRgVhy^N?6ROeJ5&yTCM9{Ntf zeo%Qkcn%r&95U`XWZa5F#uZ43pRmvOPcqjTSx(%DeXn!*aLk2`(DbQZaw5t-hqikT zZTB47?m4ubiOJ{CcF&>hvdic>wB2)PyCu!y3L@Ir%(^0egSde|^B8r5hP?WPC^ujE zWP|_Vi2s`7KmRfU-pE3I%cowzAmmVXjsT=n|r90>ErE zm^olJZsPp#4bY^sPc#yO_4y3NJ?G!r%Fd1n@kXOO}Q9QzK*%rU}fP`dM*z-=w0+K z`yW1@?;n;M-FQBAgAuAv7!TgYCvb7he*1SDg`D_r|IU#bs`?2E0r^uL_y5iTg9W~V z>cqajUT8C;^%mg0-2o;kd;UcdjSHXvzW^5A$PH+svYGD?tAnHf+nkfthc&Ze*THA7dvD%*|R zw(n-gu~J?6BnZ6s>A0u}c~Y=SzXipKDwL55O@*BL9 zvL?UD$JZr31|h9d!&lJeT}f$m8oz=TS3*qB$u0iJX;bvnN(JJHIuDd<8S~a+as-)U zbqS={AM-ByTyH4tUGtBS__K!K2=xtAS8BOL&k#Md{@eWFmfTSna+S;t^_$M?y<&zK zuZ<;qEwhy?`CMkkT9g&wThQ#}s0W@S>_62A`xV&plS?!4L~fO;-6$3R4oPE2ABP^m|s^I1ISvq0Z)5{tX$f4H`y5buQvAjU3i&p@R(uy9d@v52}WF@X(w4B-AU?mS$BO9Q_qDsTm@xLQPnaK z5(U%1M0-(%-lM%L(_Q=}-To=FiP&^1H1F!7>DHqUqVfBYN(7@?iA3_PrGuiQ+|^qZ ztOQhf4HZ~5%oCBs@zY%HCcNU1Ua)l6$REjib+bTS9n6#KGtpV9y+WKp{G)lD&0X*r zXw0vbMAcmU7xq_qGUkjkVj9LEV@3k?4Y}4pZ>mtD$HnB{6$!owWtKt2v7#0<|49rb zTkLC5lCY&EY82(z0#5nBnuNQ{f2E=yJoDtgot?D&x3jhREdM>ovxsD;jmhszv`e+W zQrRxm_5%ucB|SfcbeHOW<>Fnc{YRAVo<+N7(e7Ea`$j~&?@O{%*;5~Tv(I^!lK+|$ z;!Nq-Wj?9W#~k^uz0*m{e_MNdJJ0gpLp(3g84d#CyBq}!$vKs_EyIvHHg(6y!`2lZ z6W*-7Ko=9r5f43B?1)c@aTp)P6Gng{*Me!zTEdx7?038GK?ePmOg*P3G*wBY{| z{91GPr{9AA>lc%8OZ-p&$*1aAA$4dl1F?m< zNK5LxVX>*_P$3aDYqg)4kACiLAkQJ9Cr$|Z98ADC&toy%V;W4tp^&j7(|bkAflo+F z?#Ve;`Hcx)uhm|>Ko`gV=it0n8w>^(b2)QJ?FS@wKIjKw+eWG~(p}2-o9eaMwXRBC z9$?2o)0w~;z@LRcbO{g~xq;8@&=Sb4)qwdz7ih>>zylw99AT6@YdND=|2CABY~0^E zvWe%g8O#=QMU(#whs1YDK)7tO+iG1!ubPytYY7pBTx=4-grLtq6K5JjAjaF|lXbm; zD3b7-wc0y{H;FG~VHXVv3c215pnL3jJZ|kuy@3&}qY?8>pasDg6vswLz=HN=`_$FY z@+LB{IKdnZ32{+CcpzP+ZcA8QRckWKLi z5_B*A+G@5NLlWRE@%`)*@_cqp#c7)OdUF)Ck#z? zQ>*<0y?S*)y;rZg=$P^ViBYQ|bG1eWfD+M_T-_gCnumWe0ipiXvWY_i0-sH68^oWB zcvUT~kwvmkrtF$CuTfIAsA5lW-tvXvE5nZ>STu6j2{+SqO7jrWZ^IXp>Ie=LMpZyOnab~ZbT;%t0U$(>;^i-Lx*sKq#}wOItltxY{DS&7@fg{ zP(PySYpE`()oxMti6F`OmRJ5x&jFEc0%Fmu_$h_;Kw+Y+e(kog*t2N)$9(Pz>uv28 z4OBP}2%K_G#*_#CY*0KO@1Zz40C@o&iCV~4)$TIWtAB3Mz@<*%Q0CV+uu~fBWDxgg ztlK!O3cDu0Pi?}{AgA*Bs>ZwE=`$n(+;+$)Qu2OKtWLx4^Bb%gdL@%K4X56 zZaaY;kn~NQ=-W2&;jz|}3G2OJ$1qY%6VEL=k3RzA$)_FD&e3}$>RBarqHt-F8Swm8 z(>r>!mn-fgxUi7V5q1&wef*f4{4E-M{%wHPY(_YEgJIj2QQ?pmI*tMvwAS({L~P_S zo9jt5v19t{6yrO>jw+5UQC?~qX5z?d#RqM{vLEwV3GK-EdHy^(Q1@u?ou@1cO6*7- zSCg`3aFoD~$2bkx9Q@>92PB@S_}rpFRtK{Hnhfj&cwD7o4t4_kxC^N8xkZDo7rplo z_3y7Gh{wQA9GP-a+5ryd$)J``>bXUOqtPh~&V0g&n-Nat*H2=nbhpwy_Eq%Cqb&1( zVvpv^%Whf*b|B^aeDucHp(7;I)Jt6v;u97+HX0JdNvYc8!Jb<*fb9Cq?plBy!Bsyf zIc{!4x2PY0t~OxE!+t=qOzen?%VFkWo|Rxn`s$w%e@eL!;-bhDdF|e!Lm5z)x-^L6N2yDJi8RQPEg~;& zGP;ex0Y*0U!HQ^x)`S#k!Ck=3g!m+JV{!FboJe$l-~s4=2P5@|TFy2DesaV7t1Pvx zWMyTsQz9SUqN5~QWbH-*6Hi1)T!}PTjGY|$usU`gUr02h!6|jAO@@o%s1!T7@?mxC zJid@9umiV@OD?Ta?BvRa)v@#VLgFnN^qdgQvpFn0O?-6DvgesloGa=}DX z?0F4r*GAZayE@JV@1!pJ;1Rb!p`!pXABEILp?l@B8+QW<)+A$~)NvTF`s$QGw`kB_ ze#cVSNkwHVZ|@fUjIZV1q9siT;Ye&y>VSzG+*=cDgZA0IM%UPX6ghe&dzP6|x`H&Q zcJ$+e-dSWP@idipt&q}00oiVpkGq-Z+AJ31`kc_G8N(&HJ zY9r=PWpkhTZ{1dF!g%nxD~Rj2)(~@IyPyB-GY$fu4#R-__W8d)bBlTKL*@bg?YG~4 zy9=Ypz`82z$b{-uPN7F<;;8Er&IN;Y6(tGm$i)T?HJ1iyh0p4+l~XyAcTLKM9J7pVeU}aH`2nF?Ko; zW-gBVh`5$NyB8~*<)0Oe?WI9o z;#uL!3P%fL2YXK%IV;_>qCEa{v|l~FC5sV*p9;cbOkJMBk=o{E!%IVWmuKbJk#a{# zgSTKetA;E~YxV;qBW)q&_aA{;a2QO88|bU|2YgnC9U-k9oK{&`=Zpn#B5Ebr$q6Y| zb_!KzbfebN-QV-Gk~6xAosiEtY~@%tJ=sT%?Q-s*it4AaGk0y3*?v8>M`Nb~!^p3n z#ty^|Qsd7(THK;jbpRd7Kto)wu_t$pF0j+Nv*t8`otbM*eCD!{@3ZNY=2%sVbCyvI zykuyArpzWy)N>qmLu_>!*F^*74mLy=Qx=d*?0L@2`1{7E0TF*Y%)*Yk&ts#}igY}; zcWf+!9XFizDX zv;Ru8?j}@XcGd4woTt&a)vlOnd;4iS`$RIXP+T= z<@q1TqYVv21)GjW#8dE>BCCqCpeeVA2&k)YYhg~}51P_s2iomreL=k4qDvpUHk+bO8$1HB1oLy{ z?rAm3s?hHW{MBHoYGZ(@)Tw|X~C+Zms(G3`~I`oQ2J5H|REXYlr*$=aMDSwpZ>zmm5 zgnhn$Qdx4sNG7F2C)hI+lsz5Ht$1Y}LFTxgKQ89+iIpWY%_)3fe;iIBcEMA5?gcx) zV5gY*B(Ninp>Wy&g`D)vIzf*vaI#EtPk`EKwc|jeNRGgK&?J#12|h z#^X|^H-TQCV^1islb_?GJFl%2$K zwY;)iIJtP2VzJANZspjSZ~3g!GXrW;Xp!z-O6|;v%PGXRrS6FNQx(ZpVlETJuyBr; zzcg}Jf*muLLItaNBQBf@(GNl1mxkf~o?A4CB9t$E=bQ+kGQY=kG?u6P+@itG_SWXo z#FM~|4yr!KULl8eqC^l+>sjf_GO|dN@f|bKLh2e!wX`%iD}HX#;Ok!lv{t~F=AQ8q z*h%JZDBQDBNm%G8LJF`S%F)2gl<^1&i7`sJ-zz>%;u}fpe znoOBpjw8?wA{;2kQc(fz?d@q|itw{0lL^>@FO@|W5Nt}C39cS#E5VL=pHtmF)2OAQ z8=rmJUlxx0c~*}dWx%rUU^>mWu{-nGHMI#ux7X$_gEQSmAjweH-vD}gIE79I)>UXu z^X>wRwO`^Z=!->BIef`^@Dr23)2Eg zoM8JGp9bWEYmo&n)w8ri|C|@+$fTWf@<&K`@I*0miw3XX(^b;Wypw456siK|-(eK@ z^{7+m^7Z9?Rx0OWxvXqr2fV!yw$-&KhI9fdjGIq59M(8m^NDK{f8le^U7wX;N2T+0 znN9jC2VQB+2*GS*GCZIikBL!pI+o@rYet#{+47^EwN{B8JQ|79!JLq(x2UJeJ$($V z5<3BNh(C8}-J*-A+*8NTN^HM0?NsDDCm8Yw;UxRPcI3p(100Z1=y3ALSXw3RNJ5ye z-%;36bn`?JqhMVfc06WR*taUsj>l~N1aPx*>>ST0pK{uHGKf*It`IvuWe`+NoSh1l zsJG}$l~ac-!%2r=YXa=~iQs1?=PZRCupB*dX|S&&$>mWIXx*vGbeIf0_v8p^m3tOo zN9wLlSm+j*@+7dM&QqYZcyhS8H|&((_NB4&1o5I_T^)8fwTXpums6t0o^1BV=b-KVyA)vV^Iyp zqwZR(#7-pz#^M@`$KA75CGS*I0N6k$zhK-+gYgJlc~yH>H3h~UG#C$0ME8T8@*A7Q zH5iY`l~;wGY6^_+PlKVbQ_YuT5e-IPG`u`;cYapLl`DEnRMlWSHfGTMV5eMxQC)-a z1kkfW>{PVNy+yxFh%{+uNS2daH;&Y2+Uh>)vl5HkfcR7D!lB^3k1cXWe9G)Tv6yRT zm^AqIi4PG2b_ua1M^^0+G#1Us40w_dBBmzs^kkmZ#LuVK#3h`c`D{4X2k9350#VIoER>PWFiO-{M!Kq%r2$*X zvl6cClHi8X19w`jkYOFm6> zG!i@2HMNPoVa5!BYl%cUt&8J+tKUCX{D-6AOy8!e{Mu85%|*Fvj=Q@pECV~fQ)ywL zTO`VvxkqpUS?A2()9J?mnV?V$FwG3M(=A%>QN@KVQ!L}og?5fd6y_Z;x_gac}N+T2{ zY))}1P?2gWUTKeOV0nuMUkwJ(q^!j)AA6*W>OxGcZ=}8osJp2Crt^BQ{?{NMJEgI5 z^J3)s#HKt#&C`jPdmprO!dx0Kzko^0oW8+?g1MKH)B~o|p!5@M$ar8e_hugPv3UP5 z&wX%Zjh)yg+4L?+tSs$G0tW~qjy-2-H0flbHsuz(hU5BhW+LuBp4G&`$j44}hdD_0 z_`y@Si3-G7KMRTIQJ(u;S=0@Pf1SQdzeRmuY)F3w8CjXx$hf8kMd++hJXuGuBOtQ- zeeM%GazqzWk2;8ZRM=4p)JT%H0H=~jw-KT zf*oIsHRnF-Gko}MZ4v|?@3vY=anoiNH(s?I91tF~61m1&*b%3CcYFy=wbr$EULtV= zSrcMi$*9$Gd4e7iPd#TbWyWfPs3`Q%DISxiPsWr7eo;_^M5>lUePlQiRgtc`JUpv? zZqdMI))n!alr4P>O=HJnTB2GIR`mj=s41ZaADFBRgw2(j8JdU;AnKpf-|3R;?7U+l&PPO z9C>9^;BeiC6m&BaA@aWF(M?R#j}`{kY(}KjJhp8_vv3D2j(hAeTc-m_V8;r1z@{hi zuVQm$L)?)yBGtuHdsZqcn~A_n6sLzJ3BF^`>sZrVAx%^2JX66Rs@M<8RKh)tXT^Gy z3LZaYo<2_vKP&O{(b%bEJ^kHTP3L2$z!2@bvp~zoPJtoXcV~f?kDUTTwC~OWEgw4t zhG^fN1)9cACF|+$&T6^&E_>SX(#D zzj~~!7I(x>t)^9uGTtTj@stRLAme8V7BXlwI0?`dnZ1RpoX;E4&))_J`{NLlO#wrL z32~-~x;(&+Giaipn6K}9HfpuOU?4aUb4cw6WR^tJS;Hp|!JMF9YY55y;=8Xi%=r!T z?YB~;=&3(9;t~fqz(dT*+v%)ftKZNRLfOQe0+3qmVnPrevTMN>r&GvU4BE;GF*Vc! zU2PDB)6m_+fRhjnnudzfnIRgeyD*M0ir{kbl-OusfI4W_YCQ)65ePQ!%r+24|L&a} zgI%$_)8#Ntl<+tctik2=v~hj+t8I|c%|tYzFs-N5nqWUzYJM6c)pv7-r%oYu|AAh; zx}e^xS6%dP76MS(JwqEYd^XzoZO!;&y;ghi0_~eOjj#+AH1dT_0!$q)ioQUf72`yo z`sipn4Fk|X26${-Z`#b_O$Bb#V$)U}a4b+9tY~P>zVpL8h6p&{xWGSW=N{ z-I`!`oQ`HgNAaz3fX8440y~F|ZfGz`#J-c)54GAmi2!K=pyw1Lm)uC2kSz#Q(tw*$ zDd|WRyCyytqfj|#rk3` zS&SqrGyN0h(?3N=4&oLTvm+KUT25%gN*hRGYQ#7Px*EvUBy9m^iYiA`tb8_2 ztRd!8;s$a;y&{-k+*1$xlrvXH?exhwbg-{Mko`7OYk+bIi6Cf#ZH-F3FqkW5s-YF> zDl(twvnv*tnABRse60`eT?Cs!?Z^C&;$$pWX9Jyv(;@Li&k+8PNAdrPx`1Nmx)AE5 zI!S%r)cy2HfcVU{CO&gn$br|=08N=q3VVu+??dS>sdFp6vlY!nE8 zf`zPXfK>sqICiw*EK!PWcqXbDQ}P&+7#gIBhZ#$Faz_5PA_i?~nx(m39dLk)b$YSG5W8h_7xb>7UTI?g{%O)sfMh zvL+qOPKDCJ{Ay79t-1HDRlj|b4UnNVhQ9%S= z4rO7p$qBQ{Q7ei_%N1=Xa4fOy2&iwcThO;WvI^EX^GMW=q+nRYE|CnH6WK!472G&S z;3zx*Cnwk94MvvO-Nh~@&={c#@E|5fO`d`^nLtO-Ya$?RG=%_EfUkt?MJ!@N1XVF5 zr4yh@TW;`Xj%m5i!lE`7NVbGD^8;X`%}_5vu4H=*(iYYC^8p^mg3%-#HkJL55R3er zRQ4?)$F$bXGl5|V6Rp{#KxveD`>*D|oBwy9iPrOcCJq}wz?_K}VzGk2#1I4TT&T;X z!dbINu8$BZrAdNjNvCx!EDll>H>lN)Mt~R_qSr|V%k+8BAn(Gd z29gvs20=76Wmv=)^k)!)fq%Uy1oGh|G?2h3*yHsf-Zt%4*}AA*Oc*Ds=AtXZwy8UA z3Dn<+1BaSIjjZH2O>QO+50^Ie2MQE=t!7m1u`8RP;zhU!8G}vG62z=$NHn`7EvM*M zk@1nd9uq7SqmfVeL>|~(i%4b5XMOgJ2`}D+#xxN7kl29q_M`r7$i1l%qj6pBVoBjA zloCb6n7QRsPcnB}3|bQ%xrq6;iirM&SYe=|NXYsiw9U{oq{q4xG-8fu zWFX00!A#u1pLvYBK|{b`51aNtN?c^7g)57>Je+Fdt7uB*v+C416VxpF>dOx)UMx8A zz3|lt$&wZoSaYZ`0qH7PE0RpmF91vP48)1cDXewsj+j4Hr9x{0ti~5&oT$%*+^5xi zJm(yh7>SO`5f4M@8&yn8ScDv0Q-!=aX!6NmL;UlHGXTyDKbzw}2WoLiCB49!iU1>L z`{KA?t6d!Tqku4qru0?3mbQUHhY>H2&>uLwIWV_&sVoGYrF7d@Dk3Q-kC=d8d`KSC zwC{vsMv>mcBfc}!X$C}xCa5NCU2!f>#Kq~FVQ*BGCOVKjRk~A9k5e=#2PN%3&30vUv-t5K+XSrR2*joxH6VjJBSrq$f`n z7eh&YH|AFrxgxWAJY4bPACj91nii}4Q+ga-Qz%mxO+1#o;(~~otV_xtYZ2E<(iR7| z93DvRZWA3yCpzpR<~GJmApA4sJS4fh@l_O!!Tbs3d246y&F0oR^2r$ca61+kNkA(G zE2daXH5-*h$CsQHc3Z_a2ASC&$mAtF^a&!@#GeHd(YKH!;oL{Qc*F{bt$C+P$rK63 zpg1T_zT}54tR}^vK)o)rbeglX24@%Sn(b)oUFIW)jmH8geRN%qw+x#J5#X9)$%EsJ zQIda}dtaYUJ!hsAP)fRq?1iyqF^P302OEJi;!=X;H{ot)hNn*L1su^+heN61sL6l2 zHH0)w;&%h?tGdv80|c*zcmebbf101-w`Y+XNEh{-8$9Fi4G!F0_^BHfuc8)X$j>0& zL1%MoJ0EDRwyc3R<_SU#t6mVGa%+$xfZU6j7u^wpNT*c7nHUw~RR1|v6c;$_t;_8> zs_oh!bD}laXy0^R@2%_12BKvygiWbJpz&%k)PSlTA(~jsapY$>=@??~)oZR*eM%bP z022J7Q|e%lH|0@Ch+V^2Ao;AeG}Gr)`7|d^G`Sqfa7r|O4jndZNeULyH(W_eCq>nl zS-KJPspf3ztSj*>Lc2Oy#ID9EZxg_UvG4^w{t*(N3dx~QB!c$EOuyvGtDuw@B+LVx z0GvQ$M(MgxVidWUxbay?xJ#T!?R2TDzmO;4hD&Z53hKr+#SPq$2!>60UHTj_P1uMiv*4hP~2hy`Y(uE#Kk^kd;{GOG{rM{wUXS<1D{A8GV#RG)3vB* zN-U3Dn}i=5iRZ`sQnzVChTQ5uA|&TQS|I(H+wN^yySaTN3PlaZUCyad^75(IxX!DQ z^YXg(V-8w=%;GBZs+KncX_#(vUWtmv{t#8{hr@=YY2Y^XYExBQuE#W~qAd9)#u$-a zWPuV)#Nq&0I2sa%-Kb?EBs_H?M&wnxA81l;qMzA~kbE`}4~MF92YAUQEJA%XqB2y7 zp9W?yM>oWAlBy4oO7hy%ZC$zSCcOt6=i?0_)QBU#+}eP%$eTgX`RX&Gd=;(9=+sgm z{0lr8`m-F9pn&i|{8!VEcbW@U*sNM1w^(F(WDh&@V8|_7(0!sTkjv31bt9|!X&`2; zp{9+xV$0%$Z{*tiNQ`I9g)BBDx+(>;7MqSn)C!%TiFz)=u_{V=14yG%efMT6N~AE5 z-a7=<$w}7pDoa#Fep%@(u0ZK@gJ&BV=(Iu^Ut{XP0fV}r!%{{V(E@<25S_)@5bsHg z$phw-jNO@y1FVIESRUd?iD-kIOS%E_a4^y1h$PZxtriU;P)AO*?_fHW5+2+hiS&;f{O>?(plOe@!<4wzFEEw^YLx%>{^T~_jozCmV@y^cfx>j>W zOj_zv7?;S{K%O-4f+#P63@Ivb@P{K008=<1NCWVs?Is#gm-2}^L?;tO!IiW+ovWNd z+PoTUVk0V!SP=S*bxC0HPB?~>01gBU4gms7pJ9_psl+)po&rOD*Re_h%&&M0+k*VW zDWIVaCoP*;4)#ey0nm`3zK{+(jTs9YLo%lBx};vg(TcKYMSWHgH-;_>a*U+XG|)35ce_=7WPqWNpR`)l18*RS=z z{!->yzlcpJi4TS3jYz|-88ze;mDK&az$uXI&i2-(nglqHcs{Wx*T~q&o5e)7ueVZp ztaw_SF%Sw#3`U{}=tQL@k(mLkNW5yw%|{k8A}x6ip2a6%76x7zfNt9K#Zc=-F1iC{ z!(tI38U{CnxG1~(=*uwIMxPIW{h$v5ffPH1HXfJJwxM>RTCD*pgj56BZX%0Rt;RP^ z-!wP!Fy{!nGxK9^T!IZn&sw6OW0(2Fmg)?cko;%{s&g5)D#(Fb;lwBC>_h+J{rO@4 z@?-z-d?Wtz;GOZuS+C#!<-_@b@#^UG=;GkrW$*lbKl}EV-tocFIpF;4{Xy@d*F-&a z4d#=nig}z5Iv9URQ*KKu?usV0sb-~c(m|=?HpE6DFrikiqUuP0418A1iyyjCW@8}l zv?5ksK1m~Dl?2(;IZMex>SNXApDS;^_O-MzXrdlmXbg!C{NqY@>ty@piz=x z95iA`#8UUM6@axJ>{eVXb8#NBwVIZ>CJ(kL4}3ZdrKAM#O|Wk#B2nMxjppZ5@XJt8Wy9-;k_qgHNVXwrg6GDYKJbrB>%ap1qWvH%RFv>-|Xbg`a$; zji$7{*><{qc`@k zO=`8H;3Y>c5qk|5#K|I40%=g9E=Z$WZgm^1oOaaCJ8INd6P=SOfs<_!T*^vQaiKx>u&A!i%^fLn%t>By6FrW^*;vX*L(C`I z|3weh@PFap*kK&Il$%kZ&(deTdHnZrw9ovOsFVlr+t25RXU9kTy^Es{r*S>)TqA`+ zQ}XBGkOwr-)+?TaEiwU{6pk))VYrk6?`3{Zm+|t|h#vxrk8c73KUCRIl~9v#&~cfN z7l8ub2!;X5W8e;&j~Ge`%n`P+r{p}j8^HIU#WYA+D!C;H8Bd%n&(T(Uvr~FFljr%C z7dlQ$6o%^(9H1$|>gs=pt*aZcRe(cBK*2d>rteI~A@;Ew5K>4vaw8YK9{g*bNwCsJ#Nah&gsNV{5OQ|7!kgy~I<@SQl9h1!^>OORt-q zcC)jseIh;>oq!t?kftBHLXyhq&f&Gw-pQfV!~RYD?4R}a5C3+4`01#B^x^bxAI}bY z7l#LV+G_LpTmPbW@v)E4-}Zm*onIus_0G=Fr^9p6p23L!rq4&{Z`!N*Z=3DScBB2e z(cVU#t?t&F?#^~|@AcO9>-OgBUG!tS-EO0g7yEzHanSx2H`h>@_*hN^i%KX`0${s z_gxPM)&$jaM^%>`>x#NIWJwT9sZWBg`9~9b9xtp9(K=u;bYTnXibXS|woTk_EETiF zLKWrU@I9i$u@hFHFZC7m%MJ8WM^$?%x$euPJNrvm$s^sH#{EIeC5%4vPx6YR80EMe zZHj%M+`-q3dgVw`tS0iaQjA*9E?8km2)VoP>_6D@p1-)a@)!5^X1D#i+1_k#z215K zdV9{|e$(tUH}%q182d%~)m+iYl2;2}%#JK&gyd_InYq5yowRhvWUh3iD+^V#b&YFo-fozZ2>#+DD^bX+= z&#sk~M5216&(Q%b@fcG#7L^7jtq-(kIS4_or4V%HlM(%*PuI*>dC{XLsE<6K10B@gzxJPZ|NH+6ata*)H=Rp>=N>&gLbh&chkX~5AK zj?!y_0j+PuV#jqyX=j1CuN_3U66?yXOkPP~4voNh{FAKvPb#D?=A-wY{@IjXR$8ul z|LLDdDkgML6r7U(hCadK>Ht|_^Jn@=Uzi9M>WroXN<@tStj<|!5} zbnP}kNN=J;>^qc1Vj~=J0C!u+rZ&iTX5b`+MvM9Kz^S|x#gUU!*CJ?0h>HY~fiOLV zEfcm7X$p4aq8wpa5N<+J?(A*8?nt7>9#!ZZMAu}-GSXqxImq$)=oc_i(c`V_&HxSw zp-bY0f<5{Yu9tjb$ynh&;h`fv&)vLvkpAlz87UhL!>Om;&S71psCT!y)7;CPJ~k3} zqK*T~i$uCM1u47(J1J$etv$_^nlj;q2er=PElz*zv^P*k-l%sr1=ZXmY&*H^d( zHaZ>CS>625e)TGLZwF`kKt~0zBmFfD++{K*f{F^D4~_Bg9O_>2F8Zvg^XBHpyzgcH zxP^x-3|cO^;jPZ=H`}fF+*hISx>SP(_q zi0%si4jc32?a(j80egUycG{5KqRZu4KO9QiK4tO`@M=+cI72sr`-mQwxjYrEPeIAY zL!|^(sMd)R;X-_=ds*3LtuJ=XP(|Jt5n>Oqb%kQr0OIri#|Roys~w&G^Z}u_Z~uW_ zy^^l{siguNEqe8;78U#?P83)>LNoY^9m978eLHTJv4eR6>l=UN2+$pgSL9jgUHG!%|5ky(gui=we}5PRr8uC*3%hbVBHQ5JS8@0tbYFCsVx~k^E;YIIARK3s!8L{?SY_hROn@ru3bqW_djuZ@( z7AxIfLKWBPG`E_{%t$+ugODwFit_N8(y_0dP5>kji$IcdY*Pk!otMUE??<>PF6h#!O_e z7ujW@55a`^H&ib(Ace6`cLjU5ye$$uAV-0pd%+AA{ZlWPi8GH%Bi2+&v`Bu9-tqB= zUoH<%&My8Pwf%Ocat1_-_?Y_S5gBMui>X5gyI1CAjy4rDgJZ#czBCKHCJyri6tR=U zma#Md2Eh zcBRCj?#KVtAtl|0}DdM8dZu$xIi7R>jA4+1`sapJ@|O7*LUrY^c<7?S9v^frtKT;5iqpwXQ99$GZ9Ti#@{q|s*LgJOl7 z(Mcp?1A47RJbKV>{;T<~0UG+)m5CGw9e9)2myFvYX+X^b;(_O21ATxyD|JOF!>&Mn zqP0Q)@ch%!{vl+(8OW1C6xeTV@ZtC%W?}1k?HZc8SQM7GE145e;(jb(>h?^TbgO>U z-=`lg4*SjEi^}(x08~fd(RXjdS#&Fsuk{lQgkM`)*?6SxW!B`aEFgG2+L@vlGg)oD zPdu$4Dv1VI6#lOv9Fw_#0qmW7kfBJxDlO2J4v+B%LB03fJE`ZhEiJL0Nq5{;;iHdqejxik%nD0 ziW(DS5+Q1QjH;r8-bL?SudlxR1GR#w*AhpQ&}&9W?t$H=AG)bHmd4tUfgq=Fu?n`X z5%H-zz?c?!aujm2D_j!F%1!22l(F$de-Qo%&Yl6C5~Z+^2hK=t1O#*Xrwnoj^CTdS z9EapEVT$52tsz;d*oJzv(dicA3lMpMnM62TJr-j3Kl8Dhm4iW|08>4~>C#~qHm^N5 zRD6dRb@5b~qVZZH0HG8ZBSx?uD|WRYq7jh5qP{JN(P~Y|6vtM2z_GNUOv3bIM13BZ zyc4*lA&Ubln{!YZDf8dHK(^1k7?K2z|BqQtt;FgjLr#43v441;EdhQB$Y&0T3uqSy zh5ncCjxJ7nCr4la7*X)cL^ESwU>WYOeR@qDGA7_+oe!fxUl}+Bwb+f4o{YMJ(*EPy zdBm|}gy9(4_}%igzSwvjsgPq$i$z;vtunV4XJiLw$oxLq?RI;2dmH|3x7+D|+nue= z|LAPDJG-0Pn_KP9f3!DucQ?2G1GOIl0ih6k|D%29zS4vHMxM+(c54V^gC?J}CX8Km z(M!)K4J9dTi0!1Iq>h)VqKz9u$CIFoUN$-}zokX+9Y4#if2G-I7@p9Deav0|JMHxP zZ*T2Bum6X5UZ7(l#WWqcQ0f{?V^AER{Uafjax@I7V{>^&&I1(+ATJUdb&x*^V!9$VBY#~Z*3>n|5m%RxA(mMAL5Ce48*>l3QYajusuKb|17os zWkkgD!`{KkVRLHF>tpWzzqys#|F<_g&+Gp|o_*%ckWQcAXKtLaYqyx66O38s#Rz1O zOBLv9ioNHp{+oL4u>Mux-}!7{-umC$PRsv0TYJyv{|9+0MwY&7IB6@%X7YndH)|IV zv^E(hn!3NsaAhe*Bdv$9ZAY=8Ny&NS@ghT?fRfuCMVS&l7n(33xt5lTOYtHxU>OZ; zJ~O_<`Y(=%oZ<=d*8g@prT^RNZ0)t5*Z)I2|IS~a$}B4x#+dnW6l2K)bl_|36CG*W zMs}R8Kwe1<84L7VdZulNIAA1HK_gQNFD@!36M95** zRe2xt*8kR4TK?bJeAfRx%#$=g*P&45tw0SK>!ceQ<*Hy>X5u~dyN0y=K^L`~yUop- zO~-@>UBoANb7!}^x82@*y|wvf$KGmpMz-DAeLcb>dx-JgZrdiCdw96BJ#3FgTf4)Z z&eqQBH+Tnc?sRtAdz-`8uXk#ZpLrM6r5D$mM!R#-+3Rk%yY0>9-kY8Fo88XqH~+W( zd=9Dd+FTYC*Q}*n@n23ZJFc ze}4AA!amB^|Mt%AcIN(nb94K7{XfL>;stsy<9e#7JTeTG;j{7L1-^Enj zMPL7_z0hIfbrW4Qo$24FcuL|DMw4B5E0||o_@87Zzecr`H`u;|ITy|LjlaQ_uP`W> zHtKxw0{LVVv)syg{=}GNjC_#k^w3mY%2JYEjtwY60Umczr_+4XY&TRu%TBxDcWMZ| zc!By+TEbM+efil;^YT)L;eUzfC{A98C`T`46pEJ{h&Y_cNVE*SJQ|&{;LInSxWP-= zT!e-Ez>y&*eq$U`o3v!o!PX1UCk-!@8KC7mXh~3jks!eAO7`?24(lIfUUU)meLNFK z+B79J6*g4xB%NbwirrAA1_1jvI}^;YnHpDVM9gUIG(2XxV>48W=Hx1*EjpWZ<7D)0de!m!vm}L^L`IAZ#W_?|S{8 zVPT&3PL7aGhM~->L0yP5Ym=dYi!x6@Rk{Hk^VSQ|e1o}-A?A}t)NT#QKJ=xgSVaB6 zSN5Ks*yvzpB0grQ@U*>u>MK&H?SEnQe(^@cHR7x4;)t88%CLQ7fhR$`=x~__gC%Vrzp1nTS zX*ra{n8$ST*-lIbit7v^>?`~|ht;f{*{qV?s3n+WIYv&B<=D;g4Cnq?PBh{S+nL9B zB+p1txJsE8%#ezgC=2N*x&&E}URtMK2Y*JH!cXU_15Q;ClTkLNyxI-dlLf*$$|io9 z5Z4GO39gSpB)&g8QB^MwxP08gyHe8);-O8#YH2FeK{RV!2PjjYJUP|At^2 zQC3!IPS3k&KyB0r2VMC0J-S6!7@&q-M|IQ~Z4PAf5+Lw4Q;<3{(dsC4z|kNIq-jQ{ zuq>4;S_Q)tP*9trHG#;sc2reK^48TZ_iq+L9L~riPY0P?JcOo-EHR|6+;RjkvJ;Ql znaNH>(3CD?r7<=Y`KFpt3@u`ds4assLX%NkeQCLGhYs;oR@}M}0I%xJj2O2_=<9eP zPD3Z4o;67*>tO>UZ}2ew== zR=qNolb$((f`zDLrK_rRjm(7wBQ-MFX;hnD1*BNawTK62cu}P#kP^+EdROzfCq^wd z3{zU#hc{gMWC%{sPoPQ^IhP7S>5+8SKdbpeY~{3Ogayc>ix5aa6uJy0Kh-`T>aG4$ zEJ_DolXDf0t&28eNtMrBYvMDP$+#L*8lWk&Nf$A91F_L)L&X!g#GdEOqQB$~GWZ`c z3p+Uid6CEZo91rI58Z%HiO$7zgB|I%{{G{B!O#;RmYm2 zwEJ3|5oC}U=RgH5wxxgAMw}@>svsj2sUTX8Bb~5Jlo)fMX!^s&VOPlKaU|S-B+*+# zqJw_iNQ`%N{5v<|J?yI#Vk!r`3>^xIFh9n-35-K54$a1rAtMA$QV^PqR)C$M>Fm;Y zr4f7p;j?l*=$M~@bRI04S&S9EkAwuAYULU zCv;JLi2b@mQd}qcg+Bi#lelPc#7N<-q#a3q3OEQvlx*!2_WAya(oU$OrdHw5z#by( zkNG_z-JJL%=&k2N$g0HYUfG~Pes-OIEEU8(@UhFWr30Tl7`VS+N03UIRudLj=3ta` zkg`cL0+_=Rx2Y9Ghc`SW&OT_}#o<9T_O;F@*eCY8a5N%5uXj;>r`s(lZ1PeCK*?Ty3F%XCHivnWbTS*FLSF^hc zT8*O7f;Wcy*-uT+L!-yO0Aq)&>i2V4X&yZ@J>5M${ZQt18+kaQ$}G-`)Wb6&#Fj)L z6o1OIw{MTXGJVD>uriN(Tnjv%Q3itlW5ILnvW>y%sBHi*yB>$hKBc9>= z0ppo@jfL<{slae-e7J{Wjv`X)KeznW4hC`E*m@4b;Duz5hLYN$A8WU_l$_71cVQDS zUdAM;4AE&6n>G-%X8<&5!F5aHY#(h3$!;QLrgT{Ysbi#Op5A+M#9WZbYSf0q( zcMDvm#7~TzTnHYMF>Tyv0&dwes9vD{!u%>qh@~Z*V{Rv+R$)rYQ&d`ODPzvnC#(tz zN~BAN5+S&iklwo2X_nv?&xV07>0?VD0(=LkxZW0W| zlm;>cFRDNVRqCgtOYwqbE+v~$iwNiiS>_uFlmBcqbgLnYJ=XIuL^k52_2ISX@0g|` z3r;0;ZP=FDz-l06Q9BAqQma}TrBNGJR#4fPUeQ$jNHF)f{1c;0>q4Vm{zDM8gZKJJ z7zc$PMrVTg)G0~3gL9H)sp$^i^g^+h^}FtX3aJ!-WD&Oy4~5f-R9Y2Bsou7wUf`H< zK?m*P**Fm+7XN8$UBS^YD!RJ*R~z25n3@TA@qByBDc&=q(t`!`n5CK0t!er2EhE7z z5|Oy8;)1=`}Y61-z@_XCzjM$SPwvP!}%VM!_9&l20%P8`A z9R)x>JCOy}(Xql90W0Ld$}rS3#y^K99fSOMmg1;Jqu!0!DDaf?ODfK)^qNG`MkA#> zOT%vFsb+dC#WCq2X>D@-&`xm-Cm0z{-ne_v+VtiBgy^Aeh)J4NqS>wTrXY6WKRP5n zW=~Ye!eZcqAq?pdGf_1f@G1{FDcP(}IV&~bfxMYf(f7v6k0rl;QZhV88jn4}#YRA{ zHuzvDvt{l)e|I5ORd}h94N!gXo9Yas?A03VE2bZXos^_wbGBAddpDl9cA7f)5jJRn zJh{=lko~7>a(m~+^X9r}OztU@u^PiD#cb3cK-ep>e|e1_MKnU5CeCI9O0Gi5Qk;Uj zwAx`8`6W^{uc*vmHWI=(28zmtNl#yN$skZecBL*C@SY%FUbDB$YVzD7Bk$t^@2}wH z%a@R^mykH2kjzi*7ZvGCC+-X5K1*pJX5*rI2WJKqa=4Hg7&K(qsk{#>0$HcTspc$J z7EmBfpc)N0>S+b{dcj;uYJUIAe)Zp~yt-U*|=f=H^9TRpLGuBMjrdYD);J zQoX)vd37~~5Tm+@M^Us6F{^YXv&Mv6s&P2Y)}cFK%y^yYO=)_isSmK)PqxG=VWwrw zV@%QjIwq&@6;oJQArkZS7ygN|uwg0q zm}Wkwvs#;q!_Zvz3}dzFRA)sfaW4v3P}73f5i$iBu9S&DYNVHfAs#nd(xm3ARTo-t z*r@_b={5~z$e4j86a&Aq^@%(;OkgpE%X+LHi35+sS?K9E58F?M`CPFVYf`-q&4{P61>CDc(UV>rFG(pKCh9iS4r{B# zXgx&r(*g*!@E}teYN5L-h9@j|YnMn^uvaalps_gDin=}br)Z)u8 zc%!5Nov*RFW{NEU4+GjIsmXtnu)t8{(v=6k(dE_8{Muv8MyawMi;dA2Xaj5ed+F10 zodKOHAWmR;S73D~z7+crj}aX4pa!k2?dM4T6wG+lB5m_*OZVEtuN9Cww;htlVRa^x z)TeYdEFOJph|#GGY+ay5NKKcdXi175j}#r6>p{!xSbxF|Z;=5cA4m4tqq_eC<{8Co zW%GANeB5E5^Y_Z0u?@ei1Z-s;R!rTMKQz56bvT3Y$$j-OMAU9;Nki{RLy@@MgM?~B zTp6Wc+jdl;6bO5%{Ef}n{*Gf4HbvLB4ubyfADG|=W; zrP>~{fJQi+B#FkpG`?16b(uw9#;C#6$|nDsO0*|iQ+K5@BXw>vr-rJIO8GWT3l=)4 zun`DiC>VMdT>dBuhXHu;`v>hlIbDst0Y4t`yP&A~R>`LZEVLQceqv+3t~3 z=17N+$NVH6YE~%1I{_N_79%(;FoDTyX=pXhxZ?6TjZPVwfTeiP9~89~#c)>TRXA%+~q>nf~k8-CNx{c($&ZX#$}V~|ryX=fz$k5USa!Ydk!eI|1* zks!ohNy<8OE-k^lcHg=q&vfF+PBt1=Wqi|gbm3$1yH3-lV$2-Sh>YzUK;#_utzb*M z6IjbenR)rb0nDsDO6l1krF_7mpba~y#6cvs-nJaaK)e_@FTM^m@{n@&_OyD-nJL`U ztU(k~#J<+79?M$XT6+V_tI!oLdkK>P+O<-Zfs#W?icz@aUSC07m@IdSE$m}ep6f@k zLv1@JYO0HJ+`H!T8=ItQ7WTp}$xx`Xe`*6xDIH^z`}t=ybx?wmsP(h@IkEg3Ixg3F zL&x>i_9pd&N?dh;71S`F+#U#5W#jbpt)Y;eu@)+n&Uy&M9xygPw>`Y*$`j%_3%E1| zlVjT7Gea`t5pQg>MN$~v3BA%5fNw*dp;JMWH&Uc5Lz<;wmkV;lQgIA#G#vG=R#Tn} zCrZ4uuCMFvsEfxcM@qj*iU$!oLUP2rDG}9HL?0`)Mbx$af3|*lDGO9@LKPhESR5+y zUbAz+xF17ze1J5o?DdQXYOnaJdHKZk}UTW!jAk#?NDLbQB3eA&~hX-`={S^ni`hRo?VV@Q;Q=BF<`7 zV>UR8HZ0dwov`odaIHt|8M0|yuQ&alO7R|k`l;f>Tnd{2OHbyqC-VUkO55f~S+}cg zF`cwsr))%dOe3>W=X#|YqRF_A;SE(=-c?9EqCL@sbRg9u*x|dJ849qI{&`?LFXStL zzeZGGhkJVX_Hh3U0zV+A^MSonoc49t-#a~oPrn?#7Y%etMk3bt2ZWo(&W-=ks;RyX zEBhbbzdzhRTWP{ssj>ygIS>D~sx{&8?dc(G!r}V^0fG1mKc9SfH=#P9zgLPL;0Sfh zFcsJ8ir(UzE9+o>w8RfRtt(B}%)+oZQSuaraR+Jc@fMkqK`{DRoE^e$;UwuUZaCl8>cGuQmtTgSXPo6Mmu55D-I3e+lf#t>$lMm^sdupu>9E7#Z8g&>qp*cBjY zT4{d@*mW!|iXzr$+<0;gNqXrgao@S5V@!YDc03&s(^DCu9WRg5d_g){?W$%0c4CtTp5%w!Kf(r9VN1Tlv0*# z#6t{O#(n+%p9k3gnhf%d^Daq9Cyc@@q}%oO(R7~;6OvMJ|EuMJ~rvXY7llaaPiw4I(ETLNH*{@=4+@nH(hXLWF_;*d%WXu zdm)VitfFE-ZEm_vL%}K#w!RjGtpy-#83-$&sNJZtwVUR76%u<`+=bOBq9UR#+VFZ1==?B)cN(0AICV&Al+jR`DQd zdSM3Fn9432r0iOvs*n9DD8bXZ-9mrI1n*B(p~=j7)|85s0I0(jE|BF<7RKPZ;8$nC zR17ieW=(xxL#Hmr{UiRXghSO<9V3itPTRZS{vIFiot}RBaB^@8hbJc=PS7Y=?nj;J zPbK|Qx5#GyTAQ5O!LEPcZlO;U33|n@s{^<}y{9$QrF`(spNHlD%1d%V{=fZVyUhPz zEcL&S^W5$HCr&pe{RY~e)vzCh4EP@xRzY$bnO%di%mx3W{3k9mcR^h>40n;XcO=41K!%vb43EK-@j^^3Vm zR2iraVRu3en*!I7Qj0RXKk$tocw5lzV%z2MndG5Lhs#EPx=K+>9L?5S+|J9aP zAymB1xL8ByC#YqY(oR_WGq6}`#(kd9uCKkKeal}*Mt!>K7E8>UTdRTlPw%2rwIr|q z^ygvezeK1K`JZ|I+kF1KO#ioEzFgA($9NW?|A(Iw6`)NpsR{#;f9qSe8?^2xT?+1xF1Y9J-3LX?#K|Obe~m~K_Cgv6Azh}} za6VDlI+o8w9|Cd?9oi*=4{FxExcVAz%mvVT9f@Qf^18b?7#1MSpLtIGfzzG}rGMc$zEGrDy3W-kxf&b)clUSKzT-yK!kl%Hz)yf| z;%Jsk;QM(B3^M7l*wX>xEkMS%-|Kk92RjP1JrD$m;BhTc+ zNRA#Uwv{skd|l59@KxoIKZy%eyC_j`F}x!#Xqu4Qr77;nqI=}B{vXe`m;3)wo(1;*G5URlu?z~J z;|TX@21IKk5c{W50Er;#B;2Q&+V@H^QSy24;-b@odW&^D{c=vaFrj11wgVRqyr| zJO+Pq77L=d>wfVAk`Z5&K#<_}_SS_P%mTRc96T?eT^7)0jqd2xD2xIf;zwT4Nwo@* zH-IzOtuzO6(ey$L$0m2WJ9{NcO<9(f_yyH%Nfc&cLAdw>Jwk-EtA=gW7$pf!_X(#z zSE{0&X2mYD+($ttGO4xP6mn9DRlqOcLvxZrr1AhccPF>A&s#lyiaU^na`M zykh^++F8nfkMk@*|3Avb)q2@^9r|Qshuyjk0T9VQ%V%P~%=#T!yl59gebIEnQZ-YpCPC4%=E$yJPbCwxI3&ugG}2x!9TJ zYjt-^wgz04lQH?~`{mGA*BZeF&sa)>LdS-$a8E530-*T7to~)Of({;o;?;NIPUKrP zi>$M-RlWa|mAwg}QaFU%+hf!>3vIAhiwhcY6_>QIr+67QMO9PU?fSSkb-T|V)MWS9 zAxT3LbaM2XwI>Ub#&Umrzx$(z#zo&)T!=l4Kv@*=d>g;Zb@t(j0=sCbP~+rbwS=`_fJLV`V)G{>z#m z6~y&QPYa#4tomgzcFpp@nLLx)VX@8fnc&JtTRwv<`Cn$%D#M?td@mAoMRD^8U&d4aow~i8h&v#e4VWmX5B|J7h`=wKFeswjWS%vMYp}d{aj?*2TFqXZORdrc3k)6cVQ^vAiIZf->yPur78mN;FqDyvb4TTN(PN7GHFX`C4<;P~b*MVtm+=U>vsnJa6txgUXnH@2Xv`SfYe>Eb^?$7Uaoc_%9MKAx=qwuSlL%9C7MvGc`3J zV=?Wqo~OS}V@wn6iSdF+**fQWwXVZ#5XK5>&4Ws$cp__H|h%Ic>i z|0tW|nYGaJ_y+zOv5ekHY^g;7tsqFl{y?b*R8q2n3G`w(P-cS)59Yj}p530sQ{+4u z4a`08v)sv~oo3-fF3VWUp$+a=%S&p(Qj#sysy2(mDcK{=)yJX@KM=AgifxT>L4?uL z&b={3H&ooXwF@Zo%5W}Q#Afxb*D;5UT*+$a>0!hjOX^ah4W=-EgmuKVg z9I!4g^!fMF=ZxW5i5jYt+=DSN2=J&6OS0Ws}Mz4~gB(q8ykDKgi-}yV;z<>3NL4QO1 zqkr`%wP;$0TdjeihDe1QFba=3T!?$93wllqvx|93XGUY7j7wqCs4T<-rz zc^W$9sNM}aaVv(pbDTZ+4O6%lUjMPGB?}#oSLU2%N!aBZkt}+yu%sc%G#AhQ>Nt%C zoW1?u2Pckmad9yw!^jC}A_Swj8&Y+6EhI`6XFDtZ>1Y45KJF=DEDr*sIaR!<6eew&{m1E-;u-_(u@QoBW;uCbz(4HD|nHR zvvjTDSZ6W+g+>vBPb`fBR|3&!z)_qTLC|rmw7Dw33kRa-+yr2fX>2)M55n#Mx+FHC zbnuSsibgDfm|m;(P$DQ|LuLJ&nn{2Rm7MyH^Qy3%g$|J7|Mq6op(IIo-rA*lgUit@ zr4vM{UN(l zN{oob0yV`?FLlUE(Q2XFGrFbjK!;Esr@oaEgerxMT$CKmT52+vE zwttkZkdzFmm?D8B6nZR**tI-SbRvpZ{v7pG8ac=n2_yWb48+yuR#<~ZFkO~VG$0Sc zUXP-|EvH=#{Ms6NHm>T-;$)P4 zYk0ombK~523qNOq2pvgFYc6U@nRh~rSRL4 zuJ*@j1Iwh0WldwlAmjgx(r+vl$e~sj(#jV%VL9s-a&{`i#~xZ`A-`5y#K#rOCp^e7 zWg4p`!+bK&l3_lP$ELHTq<)jhhoQ5RGY38@Hcov0RR@#GLRuLFp8&)B_bjBdwx;55 zFFEFud6pdWi99x;Erh0@CT`ae+Cq%|N5sUbk2#s#F_OPNY98lb|5$BUWxt=}CKB4S zM0&R@4<}FOS(4f(^4O%d9RGbHwH2gxo_O|;i<7m0UMwCX|6)Cl9cW?}0w1tZ6o8x= z>A$0gxt?cgOKEpR<18BM%H4uIeevu9Sc-!7gAY}Z+I^CcP8fw*xTLmE=vh+RC-T_T zwrlNG-^vV`+e0cMQ4nlNB1GFXMB@WfvSjY}t)#twlLleJLWVKAn^#wHfrZplnI(W9alTe!`qK>y{ZiT!&F)LZ}0Q0lU^_`c^t4A5JNS-#*$|82(so z=&TGljwZ}l$YOM}3o}1<^kr3Kavlvh${Y^M#zBPXkPtB+ta5c8j^tKIW?0MIkoEn2q$=dxV%8qPL}`;vC1!5c+L^sTo+ZzWKt2npH9$OJ%Wb@iB zK+fvIV@EkwMVVL%u}|k&3b9Y*u_Yh);~9JVJu%S{&AMD3q43_ z4+YO!(%Gl;Ea~hMd2Bk1k|p;?Nk1h4%|+OOb0BBhQbf@(A|AZx%M(xshZ^<#A%(LW}Pvj{W zwaaZfJ7&xcyw+E5<(M&wOg|nbPJIlatt2$7F}W<|9C1|)mG@*wPe;98_!&8_`LlST zN#VD{Lj6Bh8@fTRQgwY*B~#r(UefWbKqF=$6??p--^cxP>ABZJn!HVzTkyMBt!YEW zz;34r?S>?R5E%*Y4(O0@@udMqg_%byOqI7@+X2YN32h6g!?^DN1Uc_)YZpIV+)7a{ zBL{>WBGx4t4IBXanGBPNwjsb;e#jih3cNU@tCKulHi-i(nu6W3zGIF1Vf@)~GSZ*b ztZXMEeY=^K-`eq8UO+n`iM`gQm+ovkPBMz3V-|(onXuwy_r^eE^T(#5Nq&HGYzP!14DQ!;h{!i>u74bvgj zNgSdva1C@U8xa)PfUo-T9Veijku|FwnGd2e0}^DsE)09}QV{PDqwtc7FJjNo&sjCXYo z;3JDhLt1ngTZf~bMlsiO*TL@QJ;ow+T@}qS2)TfhLogN-+Lh5mdC1~0?iV0-J=bwa zw@W#H#{xPF+&wG_Ll)$jP$t4%=;(x!;8PlA^aCyc5C5Lo*=hJUU7&}bUWbk&_`$4p zk4ZLAN%-_a28EVP0NH8itWifUdZVx$a$Xx?O>Aib8h|r^KsPYJw$-h{*&?$tSc{Qo zXAII#fU8-YmeTC84#%qTOFDi>k|d0gY82X1?@fGP*`_-3T+*?W1nWWxijQGD2?z;4 z>tG1(X>%<@?HW)UU<2C#Fp68m^ z?nJcyumjd&h6V}uI&e0mkcC6aMFZC)#x2!Z;5*QJ9Tozj#SHpkd0( zb0O%pUfTxbSyVp%jIk|geVo(trBo`t{GJjRMfFBa_*NB=3$N5@(`C`dw z$^_>IIy=v4+%?&mZf~8!po1jJN9_B)N*YGvtG3CBs-s08@1350`fze!CHqFD$_+`p;*#{$&k!g}7T9!Ubd76q{UefW@9#M2%utSymO)CbmS22H1 zLz^&}X)W!i;?|$KmjqQR*Z^W&;16eqr+)T16FW;3)9I2cc82X;J*r9erJI{o3)A;S z^_T|G+uU@UCdX5q3FAEdwHD~FrTUvQ|M|=Wx%aWi#P!8BIqC^Q)MIH^uuH~`J*rAH zit=}3a32t#bcaIBJac|!ImE!D2;u9s$W*L4xs zS4u@!s@Ab4gANG-SgG&encm{(q6s0Y4k!jdCvo7zS)QYU6VbZUM6~RQXg$nCw7$YbwCX29N4I~^WO(xKfW&>u9q0YV-ajbC#`0M{ X%V+s~m(TwM00960BE3)z0Ky9ZWKy3o diff --git a/assets/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway-1.2.100+up1.2.1.tgz b/assets/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway-1.2.100+up1.2.1.tgz deleted file mode 100644 index 494788ecca8decd1aa8912627348bfc616f3f2ef..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 9487 zcmV+qCGgrGiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKDHQ`<<^=>Dv~;#~99x4=cR4J2XxO;XoGoGi6qT$p5MDwTpp zYTKH~YE5?=;vI7T_FMgs)Oz}XA(^@8hnZmY zF?)M*$f-F5*1Ej!&8{rraO- z*y})qC=W3$ZANi`5yN(frnm!(xXMD2{}EH>lduD~Z3{(F@@L!GciNVRnM?hM%b&XN zPaI6a6|4v&Lg84B58b!NfEb*p!Qs6c9Q=@R6a*40@IyEeAXorHOmBS`!x?51AR+u~ zc7th%Ic5+Ah>r-JS`#ARpKuL1|8G$+!|XuQ&w%~H&Gw>N8__cd>YKyZIagIG0`2lt;F{~RPis2SfAKe6)0Vi;SAwrB{ z5B!i5n3EX=j;G@E#muoRHSzJ_mkx|jz%W?W6m#mky{{3W98)2q04V-_=2Ib(IGthn zlRrgc+=1U`XfCBz=6Di_sBxH$^+>XpaZ(*RE%}pp+kvB_qa*nz!|sgY4m5u44IA>8 zfQ(P^Ee<-+ySO;NNM|3+f?z-b-<@~hWYi~oKrzE1w=7A-t~wn%i^0vFrlL7V<5(~* zo=&s~F=s9cF#SM-4urEH0EHbTU+0(e2zP*zSxg3n~e#sw+z!;Oiu=#c+deQ zVu97)-M42agAT<1e&>f{Ob65txq9ys{NduXV}T;Tzz>LiqePIxGZH^1zp@Cq$tyNz z98V1p-_yt)$OUS@Xtgyl!m@X2F^AoL2Uz5fM!3^#y1|TbOr3zZC}@VPY0lDQsA&LX zGo>up$aTp~E~454TFF>q8NVDc+l{`)o5xtl1E*ylzH;{Wmt4)>htqBc`sebG>3GWj z$$6x4ZMBYCncrFb;_&c5z7W#8Pdu!CKWMde2PxH!7wx!1;EyN#-&p)tZpAjlOF%LI zNP^iEGllK%Fl7#pR#OEQ$p6;Px1WmhYcPc`5}fzEE=yu=0^>%zkRdB>;IY}?oOcd8k~&2%ynvn140Xra1KEzrQ!F{)*2E``>Ju zIfQKwM**2nh51`%C)Dr%gVuiQAh-Wty?puX|9O%}>@R-=`1fRUCpx&)1L51ZjI#zs z5o_MItuKD)b>MBX@Ip^V9^$Bz_#3JOwxQx14WT)8=pTJ zRm_o1;a;3$(voSE&fE~=vIx6kOp2qxcM!WQzF&&tx-Y zI5iAdv!hj1%`c8oInoc=+($gQ@S*pnYMh{)z}T#f|Iks`Nd_of7wxnyXp&P zABLCka}QjKk+9uw@Q6?h>NpoNTn_{&6c&5d2e1@!=yCBwPk^F0At?&SxM~k(?4oq1 z#gq{nLi{UzvxrMYkMwW2hu>#}XZn|uE!LF^AP6heCE+OPkEaozzx8Pc{)pSUBy~d< zg+gvC#}1f8M8pHfGiJOj>e04x_4yzhz_)Lm>L%J>lO@Gs`&m7Rj+sev8ydFF5glW0 z3yt@6d;gWwa#~Kik#8lYf4#!Vrn?1XYzO!j2Q__TcT%oD4sWxtD!TTES09GG3*!wa zYx^A~(@y5+n5X`Q=NEXCe+L!kXZ(D@^A5}yrlMInAcO93`0w+Jw@(C2gc!Rc)Uyg~ zo^?}6j4pG9yfv1mg&uNOvhSBx$5Mq1?*|y%libEfUs4@S87El z`8v1xJi@hr$4ip9SWUG|Ia?d$XL+*f!)|{G+6=q>LjS}Fw`VlS9zzq(qfWD#9&V8B zswgGogW#dpRcK{6Ek8Z-rnVo&%v#!CdixeFexY#{*EAaDa@EbNoX`b=xdazTRRv8t zL@A3@9MyyKw^#k{S#P=HapdE`D?J+Jn*rjJPGT%L6^C*><#5nFezbYz)+?F(q(8ju z_K$m4+Nrz#)W*z=BR*qJM7+$Xi4;12+uJmeh0)=J#KZk^B6kOa)05-w<;i*f(biX4 zfuH`4qUi6Rvs&Ve`h0#&LXN-k>|hil?>r3V7liP4et`Aime;ER=q&8A4-C@|9PGFD z4`B;FoV*1x%F54FCHy;+s(>+wvc}HHEaW)>HWj}qbefpE&8+?px!_OnZHz?$?&8o| zU4W9&%QT4B)f0j%11wdA4uhkJQ^=K`&QSA;YRb;bGlq%a;R+lXqKcmeqdpJeZzx4w=&IIlC zD?+n}h@ePv_NZ{64p~;dKRi4rXaQN!&9G^Hu?oXgQy@P~jTTbgk!=V7Rslin2GEhx zrKXRHgMPVuZ{=5T%Dd=_EsG~8{n4{XyzrfRs~*OvrmES^}9cx z_OAN9fA@!{=kLp5Z8xgSFFnw|KK$If==Uyr!>h~g@LyLaZ_5WNCDrNh>SR#bzTN;a z47f(layQ3bXNe0b55^)?L1ZM@RFhk>-mrJ^v3Ics#`VL#JL$jgU0e+=PWt5t*9>j~ zUttBOv(<0TCHLl1v(&8KvisARr=EvT&)*L(FM8dxtK;+2)86sr`NhNeQn00E+qU(` zABm;>9I$&1*nRha-6jGGmEnX(3MSO4!etYbtHN2YZXwJdi4nTN%q!;HIAEIuUn}?^ zJ1KWvO*hp5?jay|m=^l49lFRUan)gq3P(v@l%Os~P#&(R4^}(|2-QJ~`Vhrt0u-b>l_%$miS>^Lu=+Ru{&)m>_Sx;uYA9MXFOI?_C4$KEkRqDE2!g09)f|k21 zxD${n*j1A3U~I9@%4|=K#2JrpG8CI-urY;%hd2p1c+{d>#!c!ODsc?%g72By&zLp;I$B62z z64QAgYTqHAvtl$Si=d%;t{=;(kL0Wt$El!yVZS~nr#>gAK5=rY-YS2}>{R8hlz%>7 z>-oOV3ip3<{H-s@E>Rg^(f$9I`|aHQpBL@+tLOVaPw}jL|7XUDu#x<5+`Qet!5qb* zg?|$2|3~PO!GL&O-3(JJ>o8xG>99q*hqlh)xJE=J7Eohc$H-ll)&h7p_kiO>HPYGQz$XyUho)Gr{w?;)*)W&C)$2^f{ra+|Qopn+>_ACwe~kECaDt zZl~AAWUbQeU*9Ds*dKfSSJ?l`=v$)_*rNS^u%EC0(SFr#J@5agcvjW_4dqgBL#cLe zIZjX8#{8m1YnJ*)uPmaL@deo`w70nc!gRk3&N7 zx^pbr|1b7m=Ij5xeD!SqKgqKN1H?I|p{&oR)*0?5IE0&-A9#K^h6uS|&=@l(F8jx3 zk(83aCO8OS9FQB8gXf3iJ)k&1+`q*-kdXY2LeJWQ5RX+|*6oPmk^dEYaOd+0{I4Ac z&ck31B$Pb`NDyHPfgfVWa^4QFhMZ7rZNV{_PDuzKkB8v-lv&Q$=S}%v1-|9n{D(H> zf8!q}lWZ^<)?Kp+(v1&>JnTVhn6*xtsk?)Gvs-LzaV2atqvBaT;ZUPKs zB&WwAXI9&RPnW0v18*<>=kxX!4?MbK?K|-4L=5lEWQ_Ck_Lgt_xnmtT@To|wkAq); zP|*1kMY?_7-cs1v##XzHzS@M^)99;>n2o~xuG_H=OD8*CX%@G7_!ka*`XJY?_f_os za16()(6=jeeL+lbIllP3y(O8z#(E&zH3qUdv5SCJ0QJ&=PeVMWQbdH~WM!p*n9c(3 zM*+^y&pvN&v9yz|JK3U>9e2vl#dfS$4t)CPvl$Bf|A@($uuB>DT_!oj$S2CNp@im4 z`9dHz-#%||-KK-t>0mY)*~P+XF&rAooMUCjI&$EX7+S87=4S?U7KY*n5<*Bq`=6JW z17)s$-rmBxb?lU3wr*{c&=##HoJZ1vWjoeC9QagQLcIeB7@7)lr?uTaZ*OJSFpmtf zRUe}s+>X_5304brO?J7g6KtFqf`5#+HlJXlV)~BN7JKzrr% zQSxfXvaGEw_z6i93?dXH{$gcT$VBVqCMTQVmJMl*$sAipd+|(Tz8B^ zOno;tguu2(luYfw=a{14b!^zY{>h-H`0-7?Wo+qWTE;)V0XvM{B)U>=43;1uP#h6J zo~PR+>2SI11$w2wl$;6TX2OuBbeGJO7{1J@E{@mQnre{xW4{hrOWldjvCC%^f8Jj0(+JI*fZQ~vh;dAt z9&uR{8KXHvSe9JC$mlynX1j1dj$tG(({$ z$Gb+})Mugz#bcjwC5@afNAjZ7ZCl34uc13Q5j4P|P)G&Ic6Z-ZEm)-t(tEkHyDJWh zV)v|y|ltaRlK5SE)paLUP4NHY|2 z=o5}RySuO?@A&zg?m3wOn~+)H0cITC1U{QcD0ObRf9vx(++co(aac8O=p~yaBpzmt z@(pE%(AHft3HHR=#2T9bTHYUE*}QlGbDDqpX@ZwJXTKb!3aOiznZ*NF=dU-VitdW} z{ctSL2toyPDM3G#C#^3Diy(>t$c`g6QbuB~ZWcD)tZsiQ>ARkuTP<(*z$3ZsB~EY$ zPC|8{bknTW?n7$|AGkur9SGNB3B8}x*GFqy%7=6?saP1Vg^AB=7#b71>*qnCw zW2uLGD=OrB%d6sbyQR{-QMOGgb;`Q^QQ2uz>_45`xyp#~rf@}J3YeglSbPtzIcEGy02bk?+8!tax6w>C*-O@98J$lABS+ zRvc#4H2dCy^{;gPJ&NeutGfg8sr6arKE4)=TFTrDyQkMb9xzC9_3E{8gROG73dTNO zlcWCvoRgKDf5{~`b%E7mJdHQ22a{46F9f0Hx1@E=A?#rlqY+{%1{IsJ$y=R4kh&OI zwRsgA)5?BE?!?Epai+wsJ7b(ob?)S@13%B>)W*F!2;=cxBINcgQllyFRTNd+3Ak3% zXn0g6rJHDnU_nxt`9i6i`<=BL3+l?30`T z`#$cD{JL+zh>@HVkZ`O(sxwb(V1W_l?nD?rF#%AZ>`7^&nihEI>BM^`4s=dnkQARw z5+O>%R}TDpfNr5G2Q!+>Ne^1c}g(wvu@seZZ$SDA-MTYJN9%7Rlf~YXP z3fStf98Bz zw1(+ek_EC?Tt7MsSqUGMNk`L~jfkf-BUMO7ters)pCuQ@s|?tZul$So$&43Z+yimM zq%AU>EZ|3BC0EkZA%J@hDw6is19hWT37bC_RoYXSMXS}4pUr|ndGj7zbX(Ow^N{*;$lwLJ_ zE%>T7uJv$MFGjnvY@6GbQsEGb8LIeJmgAERaUi>Ihs49`hfId&PCW30Fb-4XPUQWN zzY_P=8>%a^O?+Yf^}zzxS&zRml4<4a;KrNPvyhdT>K0$*wCd8NsU#=rXF|UC;fQ1+ zZ@y8paM`pIlXW=7ILY{e;giC&Zc+;~%yI;|5c2_yr6%m@mw47aIdOR1)3 zqR_d(bG0PPYy>@Q+EFDx=>VJ5pKh_R4T5~+&?VD|gwo-O7$dGPgI%c~Pl74NP*W&t zNl%iaR8_Kf<4rb0Jbe=IHYPlkKAMB{jV<++F_Ru#VQq3!HDtvc*0FilH%UmK`Kvmk&-RrVHC%OZQ9`BH9y z(~2`Cs?BxM_@m*^S4D3VCr8HHu$?ZSKQc1Or6sll_YewDYgRc`(~EFrTpbB$A1+Qs zkF4J%r<15^wFMqf^?KO?s5Q_4_iI6&snmNNv*<{vRLXZDO9e{rmsACEfTnqs40JjF z@x|a+oK<0n19ikIHj_n`6$f5?DA`^Mm)cK7Ysj=6^fK~7E|bTsF_2DCm{ zY7~&es4E^*La}+hL;GdKmP!}MBW_&gLaq`H?OCd*r8C=}p4pxzGsj++rr8dKD45I0 z017>$aWgJyGo~n-I1@e%c1j7DUAe6KT@+-dB+C)o!^|ItQo-Uxm~*9DVk1w5fE1hA zjgmO>JwQEsJPd{sdKKmFJ?Qc!B?No2=N{SzPRl-gxsaCPp zICZ;1Sj+iM(F;BJz%YeV^>H=mjwzNKaa%Os0gmZZxouq%da~}d&O5+Nm%5iXWRU15 zb2H^<1k1ZEheQ8-eF~W4)UrnjeatVRT^obM2dMO{6!oD;-xBxmkJeF9!ChmVI_}7P zpzT_$H9 z4RC(##@D%R_i${a#w9M#s(ir5dG5>e2_HUg9RakbT97~(197A@P2jvd9wgTxALS|N z_UnyOwB*vyLlu2%sfn8Um6XB%xNBSji18V!hm2E)zchj4gT0@-CSfA)r-AE7dSZNa zSZDols_@Nz=__?@XVz-Y!3$~@80!xKz%SO>qA@*Q(%!l8sSc}sjrPY0dY~# z3|Z6ML`{a8#vu~BTWsXI@>W`wVwHJa#=LQU7*28!vj)@?JhfieRmQ19zTQuiv-1jx zeVc#oq1-`KmTbB{*1BxNb!KA2-LnX96?b_I?Ay*^NhD{LA?oms40(`Dsmz>PO!fY+ zL);}nfL+ew&sJouoaNjbC0HLF9UVOc=_OEC$5}44*OQesSd5m``eMWcK`u{+4+m=j z(C}+-Ba_r(AAfW?bH=I9Fq07kWIWcH(KUAKvf5N&nsX z9{js|(Ld?G--F)8#ree^9ABJVo*Z|VRc`N9zsIG;3X#vJJ^Nsje$bQxk5E^3Q5I7Z zMUhQ0@}_w08n6rMKOgKL?C0vgw_4BjpP%O0T3jS7(Jd{j8^R~~&ypM9$ zy1LZ{3agnzkX(kdD*Ldzt23N;cR?jO#Hr2M(q?{`uczRLvT%lwmhp#=9XOs4qKilD z?#5s2V(>VD}4|@zuCLlUcXp z{E2Gl|CyhK`rq#}%v8jCzUp^>;-_B!+uwinGXMRr*1`UB{r@Lt8b)aEX?Hww|H)~|j)WJ;|SE$C6aUonxL>pT9XcVw5Xf5$Ythn4$ zULO%dunD=l@<++1q>~iWhJj2xP&p>WjNp~FYjI~7WSO7LO zx`8ZlukJUqpF>Fu{NEi&odOPrcz$mhq% zF~B3{ia!YT2EqEF?e$ zKH2n$YNTRb*BHsPjdD~9Bc=yVwP=&Kl#8phVv5SzRLG}^tVD;_vN$HEYzfs$Ajrw- zRTEa$CdRPaUr9CINKQrtSrjZerdTd*og}U9xG05&V&titE;o2YD3hDGoTggkUiofNN zGYg-Q_(RljILxS4bnByh2-Jbg1Z@-&KEX8Zxu**xi-Yv?;zMsQE+G=ewGd_XB}pUY zA>Pv$bEIChr@zG@Kc(%5z-BiL|2`9&aOC5_Gj)hEqCAAir4_`N(1Hw|Y{9B6V8#pp z1ygYo7^OwczaL&17_uz+kn384Tn*SX!IA>*-;Z7<2oJ%na9OPCG?h2EDuF8-rrfQx z)CIJMo{SR6l}we=Yg*Nd5l@iAafJ(Kn>qaZBor!(_GxYS{EyXrm4KrBuzA_GJ={r( zRhj}IDNz}}OhiB#;9}5A>8`Jq3#ta6_^+*Gf~vx1tKUQ7VRctkFqZON-UN83Ok6kx zaZw=SgDl8wX}VR|5K_Q~M%7VWi%<_7%YX$ZOBSb%XyhdY^%iMkQ$OseT882e^tA&A z`>$TUO7YCa!L!v6jajO+IQZ}XUS?}lxaVRe54JgxjE27o*712T-vd`=!%4P^^R^@^ zw!~p)gXD~sAZ4C0vZRW&(v+Uxn?=$piK}8})Zfeu@&xFVrPgo2=T&yw$2f(O;6%C0 zEBm^_*_DNSIrMbi>56#-hfd3YJvZ;iWXOjAw#$?{t%w zJ}N;n##;zh-fJc=r^HUP{=0MiPkl{A|0So_|GvEF9`_dW_~u-TIaC&Dc zVQyr3R8em|NM&qo0PMYMQ`<=PFut$#DbC;gY8NOZ+dvZ5ze(!vAx@TBFfL58GnGm~ zBeiW!WVNQd4e<_nKKoOBk<_~Sf+3lC(2JR1_2rz?r~6#{$n`n(zuL%iZJ%+U*nT*s zm@#{dIKD&k=J5nk?#$6N_}jWqtJP|~JUo>DZ?#(a|F_$RFaFj(cy)Mi@bX3b)r-Hi z+OG~@9sCViYtOjCGh-alzqKAbS01@P$%Dd>aKwEQvW^AdB8~zwc3i}HfE}MST}-(@ z^0C)}2vHtlTH1`_03(L&5KVCh7IBq@BL5?%%qL+7Zrc`$qU6uEv+uMm4>Ong5tl!8 z;a@nIf-6`NMuft#93Q%Gj{z|_QG>&KH8}Vo<0uFuR^W$lB0#VJhM3;^E`~GACO|^? z_v{AK5Od5R3J@O=I<+Q5z(3(UVx4C5?(WV}xHvAETD~iwiCsU76De{93coUzZ-<&b_ z(DeT|AOKJV_9hrp^jkPiyRg{}ViU(h;g|$veN+R_T5^dPnNb%@pkj;_wk0U45s-%> zPN;R8S;|(+`rb_b{8T;*&;MH#%rJY909bJT?;o@a=l`pN_VfAw6wemC#UnHeIH-k| z$LqqgVGAxNJ_DZtf?vC5r?xmd5$D*0ksn~k62rOyq8M%w_0dg$8E^tO7$U?N_P`H0 zfjOB`;CL!dU(6iKQWGB!e(Asn1q_2_O);mw+xr?3$}tr(3V`C@XFe4oiPIUDKlxKM z#vS;5hUQXgWsWC-h#H64SdS!o87I}D(~>`lw;eb-Iy#bnGVIPM?m*+$-moEm3CQ>q z-{PPHy^D+Ui*)wEEC>c9@ZEU_PDXvg2NW|La?6rL?5fkTvl!g$X)2m?G>!%1;^{<- z5Oe0D0MidN=s-9N0#Mjd@^yYWk8lSlnZ;yKNFI|g#4b08ddo1q#q?y*i3c4}A{JQv z-F)fn1>Wi&k3`BP@HT7IWC`cYsCyXoNe>rW?!{$J7aki-Kmzn&vD`hMERIHdD%i zja-+^b0avCee{IJC<>bWSFKh{%^RQ_ zvD@O!p{N<3M3ShkBF3|xvHG)6{wK$C^J;>F2vg?pXf;(}f&6dnzc|dw|NZ^e%a_mc z|0$k7{;O<9#N7#WUW4;dDTA49Y>FDV2Tq2Z`r#Pv zf#Na#`pyqMXf&J7?x)V@-NLB%z^Om&1_3lW4fC&N+7ySL{P*{!)nD;hVgH*=Gl#J4 z;V2;UsW5-b?1cLLf6&@*9pv`^tCueipZEV$JYs+OBf!5Wn>*3Lr5*_1zGa*>D2iC~ zwrzd!L$3pGlZ6+0I`R-loy6ZzC9n-O?~gygxlo=Xryu_;rqohjs~ISYRNMIc$*5wE zYzp_{9Fvwzqjctm7?(xZ6=PBy1-^?|2ZR#IaDd%JH;5hYX1CwL~CDZ{B@ zz?wDP9PvN+_N}Tvb14#bNkg!mY80=Qv_(w46TsF?7P5eh{V+vEDyb=I@h|<7)^^4Y zaWUnrW*j1&kti_iqv8Z|C`YeGZkp1i+03-%%dW<5z!sdG4bCqvyZy_KGTc>PIQuZX zgr9rhQjCP{euGDZVo=Aqkl}hDK%ubMvp#^OkVB7)A9?~5#R*AKIL1|bFk=^`J1wS+ z*bw4h>6=AdDte@U!#(^yBRtc;oNTeKQ~*I(p)LtWNq;XBqAanIG!=%Wl@i|m8;JO*#N$M>r^+<{+cW)7TeG2L3GSalH1U*ZI0*|b6aS< zuiN{toR-sa+KqfGG5zZmPBz^wAY(hgw>YTj8@rQo{c(7kg;mkDKfL-d>|GddKv~=G zD4BLLKgT@vZ#=)iqx?IlI6vd(3!Zmi#xNDl$^jX4hr|DzU%Y)HU?RlW9ig68VDtP* zZhFqtQ{=sj2~);-nFbt<7w}x|&}l>X_6=%TQhT2Q;z}W1vK2GKXFPX>-6#gk117z2 z@<96b&H3Yxig&RhR-lM#lJ&R=q_#|No?|-JI?7ciS1n*q17F@JxCDf)GQLtPLdn;; z&F2xW1w3Ao#Kmf=Wy;ywC_l@SRUdZyOVDQ6?HBqdMz}qrLG~D$a2|D<&Gc}CY*$4o zAs++}y{e;tGK4oFqf-tUgd-?5X>dGK&mQe(jiJ& zq~fR^oWH&5ch7pu9gia)2VUvXDBlbapL7yq!KpZu<0*%O?(w6|E4N~q3UC*P*6IS3 zj9#WmtT3_!u32VH!4{mMFBsU2V&D_RldKczMfGLQ$pkSK2#FA%z!Zn#R~hsK6;X3| zAT1QxdPFD;PtFFXJ-9p_mLRi?;kXe5(WByc_TlnF_jENJ^Y&vcn(JC>u)taqk3m4u zB>A&kqAvilLVK-_aH&UYv5jhXP^luDZK71!#$@m#_{{7+S-bKH6*&AM6c8CAII(b_@P${WShgT?8p$Z}+!KRwrlJ$nYi;umFH88Fp_T5SUeedFGaB!FibHMJq2kbTxP^b(iJW?>BP8BYjpj;KsdUXq721$(24Q5_3=f(lsB=}mv2iZxv z>uS2G25=7nxx=*3f9=pkMv1EqTU0no>Y@a7F@o}NMSZa1F+iveQq+eiHWQ$Lr5Jfp zd;;p%vc#`hLCGqg*FulxB7f$F=F56A>;0JPPg&~1taD&KV5(BrlCfC+} z@}oDOIzniD26a)Tu|z6s78-pO!uF#@pnOy<;bfq1ytpJB`Qw>rl!3GYh~&~m4uW;! zbjDKU_s$laj9|w6a10*@zckMVznE7kwH~?$e1b!HuK1(5_ya=B?+E=Obit7yV0pHH zG3wpKcPDU%m}qh9dqSrpG1h(JVK^osrz8k4h3(`1@lLJTo8CDovWKltljCoFL3WAC0E_Pbzua%*{8hT3LtrqD+TnVhyR6d5XSXWC8;KQ$NiABmudU9$3SfQ5GaoZwjFj z_46Xob%lXc3E=Xc{RLK)RFdP7>K{5qwJDkzzbT(__ZCw$#viyJ`2R(!9?r{_d4%Sd zC<*rHdN&)7^yESkj~Vz`hCM+O`jjB=XB42&#WZVDWy3|AjL;alD|UuWCY(q6OM)+Z zCHL^FAu})Xmzs@HHdjV5P$q$<2qb$1AlVX7#>ED*V8(eo|Kl?;y>aI_g=vjM7dx>m zids*KzMixW=WsD%X6{T8LGd>IJ2#Bj)K7f=uOR>P6;zhi02bZ)#PfzrG@L2|8t=vwp zjmcW2+rPd`POv}r`meD6mC?6GC9p;N|6o5~|D*k?{apX?NuE{pe?z$x+)%3Bn~tny zG)lGM&m;8v3|r}7aX7yNjhnDPzuEt1OQjjaLH5jxC)_iCrDx&(cP2QP`s0vLyzU%} z_Wz6hmxcO&t!MlHNuDhjAkHxjWqm%i&Tu!uA>7RT!1Kc~M9BSu#+W&A**`Xmq?80U z!9f7yfZV7YJU<-o0mT90{w>ylgyeS=de#<%c&zHOZbuZ4{IA%9JD*SB|J!lkJPhVQ zLfKP*1QDhX_#t*I=k4%n$O*;P795l5l!Wl{cnF?PndOXq-jx4U;9Jhke`!p#NB#bP(SG@&u>V_!&-(w9 zJX_k&l`E-?!jh`Ws*p0^@Ybg!oZ^t{1cJ0WGqbFCph!C5Oa(Wzc zX0;vobb0!}@b=<=KW}gGz@t0Xz5}05#PHrs#yCH3Z~4ZbJJx{%pNho#IQRt!1)V=p zq}%81Erp$JY_;3yt4*jqjlSB5*(l8Kx*hAVbh6`>W^t>Bf8oHV4|45#U&X!;$8f9) zeY--}7sT|InMMOAGR#pm#=`7%W6yW^) z?DO^(OFP-RlPx;gai{!TY{z=#z^9Kso1wt}ub7MpyOeR?Ws*~je4-p1N@&iMF9c%q z?eq55Z915p4rY^)T`Zgy!=a(fIaYS8BL_Z-q2&r`er7;tVJLneA%rBf|8;peQ0D6A z?JcZZ$4(h$>((|2ZP9wdc_b}ZwqyO%flsw1)H{HHp{XEuTHEdO_EvTc^T;4u^)c$f z?O5%WV6{-!WS7f2!N!Rp_{Vr_^9eR8rtes7u~(0E3Y9ue28g05=9mh^UGtS4C9ifY z%i7w4pO7>`UN^)hZ@kf){--8-BVKR8Wf`L{+S45?cGG{E-C&moI)WR=b;mfw)OTY; z2yA;q$O#SsDIdAd!K z4yQ}Q>tgOn+1gB<`s_%0c^1}%hGN;}@^-eJCOT#?0NZAmL&;^n*T43L@!P7Lz1K;` zU&xG{zmi@_lHKc{P6oG!(Dghq;Tx#oips;c^Zy9l6VJeF8P(73FH=@F-k5?^Z8m8+ zs4qAu(z4u++Y|e3Pwcx&LJJ*4oE}9vuN9HxXwfzcOi_r&m^$!|Q1CEEejsz2R2rx_ zOh^cxKN?{w)S2|)(kTpV4;aR=D3&j})SdVoyL?9R=k3)#jnKRa$W3#K7{|2f5tlWQ zF`6^=b{xfk1B#{NmH8YqK|Bm25(MN<8f4~6KoqB0s3VDHoIbL=PG{1xV_7!z!ZcfK zcULuvFU+)^1E;mS3qFfE6nnWYauKAYj5{4TUo#!Vk_d!U(%C1*akK0B8oGlMK?58Lg;bDiclTY@f>p{Oy_Y+?yW+4oR)Pna z&}u0pctHSX3@U_-%Gec<$AZMzJSmg8WI9Em*RhPGydO>4{Yqxig1E&rPEQsjzM0o! zRKN#CzO9#-!99#Aj$oM;&2LOH|r}?L!CU~iH_RCSKkh+PPSv+uc{(4iY=&qRG56AM1 zAXGq?67*Af()yCH2%;E(>^Nd0WhCb6W?|#a>h`CSzU%3^)$(=^Jd)d9;skf#Bvc1F z{whrY=?=t*>3ae`({~AcW$Rxr(pat~qoqoV(MKHu*G_Re{~*Ux3|8`w&1r`}mU_6i zqC&p6yeeL|TPocfW!t1ur>xr_m7O-l{?oaw8{`??mzOcTdWL^2hDyPDbk?c0DK_I+ zYP{Kur%Q2)&^e}P4tGKlb0StrazYFx7*NVJ{etIG6+<&V5mL=n&MoA+(tAn7OvrGS zD%GXh0i~G?ac~jCN}3Bn>(*$3luQ=_=|HSb$x9KkeQ_wnz(X9xHy(t9r~%coE=e6= z3Re`SfC*}e#rNQvW5%xpU=g0G?SV3I8_i^sy<{zx(fKq~`BOWFj0ddlP6XJtfYbyL zZ21aec)+rxqLwi-iX;#^lTQEF(pDHJ#z}A|6rehXq|XxnxgvP2pqECOo?9(q#bH)W zv+pff|4QfIqlnJEx;r4BTAyX^<7>gFrOdssdwTuj0fQu0uU;EB*eZvsVC>^HIr=Za zIa$g1mt1mF7g#;U(|EIbFe#PsLJ(?xOIp_)!X8#J8X=})P_Y@Cyww>5sf&?Sn^&*@ST0dH{NV6*+2;?^Vm0|`Nhgu4MZvimKs1}$*WJSrrx9xp>SQff36+Nl2pk}YnYBD zSs;7G^`oxw%q*J51xp=rnZp=I&23wgbxzhd2A%Qd&GhIG(0;F18vQ^IjDPyBK?z@qnD5SoMx z*vy>>b}`SB&`Zw`nI>=%kJ6Q+2tL0|2I|Uz(&Jc_xA-EbRhK4BB{@+)6Y|9mM`MK35==3MnnGDidXgNa zs*=4MZ?YNU>6PSHQaB(VnWc@BV zokUfuE%1P<*UJ__t$_x(UkmC?rQYk9MMp}dQoajWDo}dAq$-dDG|j7Ipv(D>F9yfr ztO`RMs3TUfnJlubIPl^_$@W^f^hN>QYqLkctQ@cm58ce+({cZJ&2&k9+fOY-RVssA zym}uNK(b0p;i-!9W>FLyIrh3V&2}h6!CXcLQ0N(r zn{i2-F-6hDneb__Q%b<>%4OB>q98LRS&rBqX8t&o3Kl2AoGaZD8+j@Oq}a@El*Ezm z0qWV~VK9`?t0;HxL6n<+md zSl(?p9Qx<$Q@|XjmOV=7V}1$k+8880K&5A;s1H5*mbiz1wvLJl?i%CNaYyC@ZP%*( zP-#fhA`PAl|9kl7;o-q1#;HTzEEAb5y{tA!!i?K2RiLE8#!2iDOkC`+ebn077>VxT zpw-^M;@>aAo@LQr1N)&yUq&}Jga17ov^TN(wb+{}cgfm!VTvMwg*@D3&427A8Qkh4 zB{DTHamE(Xl-WapE~u-IfPCSbn%Ab!;Y=;5KLRAb6=iM`0#P-2%tUHf&{`Ch$E$G0_WxNAh{0tC{IDRUvHG6 zC6|64s_0uwP1Mw{qzwMYUE>l!jL%R#WSlzur3oA#?ETy|2@`og4O~Cc6XUDHI_r;9 zg>UvtU#V+L>oV^z2FL3BD#bqV8OIX;?f9@`m~%fI?`#5h`Q@{Rk5h$v{yS%hI6KiV zmPdc%k3xRqnoQ<%Xl46+IJ@}`yBtu!F%4CjJ?U{voVyzRM7NPCSc+UxQjr6E4~N|6 za~M%H#nOQ%M!>h2&Pj-2dpJ0G_pY}C>Vr{PAL4qL0*n072zQ!IeQn$ch>L<|$eQLR zYBJO`4w2a1Vk6g;x6-l{tIX>%=8f~iaFT~a==wjyigEa%=R!TRXv=;$FxFM+x`&T^r>o~*3FVzi{z7b7MJa(Oy@I9LmShF^Od znWPr`_@m32GfsVmnT#MH~)qbx3{4~$j;v!**ZfRNF5I)I&mSi#SY}ayipu;*irh zM8pr%x>SDXlBsz$Q{A0(W#nCZ+c_lxGioI$b=JJ>al+Ltl?c-jp;HFBq>mgSAjpFo z`Ar}{9A~bkd^#TdvTR6D6&u+}E7X1ZxJqXg_}i-}cAKY~#qpJ8$|V*7`3_1FMA!!&K9=|{P4>IirdxY5~lUJt)04BCV4KC z6-m+%wj)7)E+_UUDkr8ZY9fvTGJcGjn)O99i}%@+l9}!VyI;tRug3kE%(@-tPgFzy z&-^UZ|9+ogrXt?+RloZaKlS?G{{E|%`R{+V4i28{|3Ar-EUyq+VowVZ-bqs(El4zo z-D#JSMPdoN9M?m%ORx%!fjE|yiSuNF%beNPKS51C;ZcZub6p=~4n z{A3p5F(tF80}Z2U?@&3uStEm{4sOc0LN%t03*llS+R(~JqkwHeYl$yn#pRyz`iK~U zO~~DqKT19&oursH3}oVg$}uTs1h0h863Na6tiD1}Z=+j=h+~hTB76tR-^C0}Zl%rA@F+FgqMVq{(TwJ9UQ&iTbLOxAoB|5a0#W6W$OQ==?K~7Guny|7q zF^1j#N~-ZjaxyB&qF~7}#mf0B)tM-bRrzxTik958*nl~eyBcHCEi++-NtJ8l*Vt6K zrb}VDgjoeyyDGWQQjJO0yjlmWOaNQN?vMJ{4I~1S@?{^ zAEJ)KVMev0TOZ{^pblInXrqwu38rz+JzXGK9Hf^QA9{On36U_ag(#~pNg62+@t(ez zBlV&^{VfLhDQ!OlHoIZ?_nFv)BOeEzsY8?z2)2d#Kc!C^`D_l6+%;DcBp-@@0Piw>Hf2{7S1Qg|m&C9m!;Z9Pl(i8wm ziOTq8A_B?)7lU3(cYU>7P&N3(e{CfbR24Q`{T>nztGlX#v6S!fCcryo;=(D2ivk%R zWI<+2)2+gWkODR|s*dVfgnHmu1}r#PvN&x-BQGhaw@4eC`e8@aG8BKHuN^qpfA#WJ zif1kko~?#x%u=Pr!QcPB%+{!I&&5g}Y;z(R4SyA^J7lWY~|ZAnyYiNnqY z$r&v{$~1vptL(OqaSA2DiE@`$_H~7` zD+~E@=;^%E74rxVot6Q6Zr+c{kPiWDnf;J}baZrdR0)q}oreGu-!)m@=_W6IRDxuT zw-Btn*GyhciJfNscjx+_`kIRVOHQxDc zVQyr3R8em|NM&qo0PMYcciXn|DB8dEDX`>oSK?ktmL2C&?cLt1$V#eRKXfFekCWBw zKqMsLXNq6}(2jP~?|v5s00~m0MEQ}Vdz*hG7Kz8qU@$Wn3^svN>LtA)9)}?f=QV_|K!WKei3R3M{Qo*YAfyRui-<*2 ze@$zPc#6fM<>PS9f}*;*fM2UTG=jz4BLJaAU!z`t@6{_&)WmgmEZgn>JC4k-erb+> zeB7sk{J+LQOvD`&z!v#`+&*sS<^Qv1$B**=b3A+Kgv@XpNTi1uWb1aOXw~-6WI+X@ z0%7!9_w2MeV|!l^rxZR0 zmCoU_R=fH9RqI*17R5m@WC8V79WFAU1Pb zFvV-;e>DcWMhAtgwr4GaUVw$Lz=4*u?F_8xpi0!-;s6bspOR}5Kvf3x3*a}K!Qh{= zxv1Gf9dy!v{qAioonhngDKh4ihb5```u%u(+9O=54*CHWl6rz*?ky1G=qEh8!s?Iz zL!&DiA` zOgv8D=M;zjFVvTdQ#1I6Bb_e*Rd4uit%MhS>@luPp4whQL4`e*`AN@aDB^5Mcv8`<;cjb6EdSAh2{{tp+SH`CY55Np^!KTh~H9Uu74OAy{9CsBXAo^ z+=Lq%cH8wyK$K$jW3J?~T4R`ZEvTSZ4?47nAONltG66`m0r|{icj{xaq9vnUTmjqW|MBzZx%q!|{PJ=Bf0pOZKM%e|*L2wd<3z38xSi7R3-ziP~vGoB&oJEAo#18?4 zG-Ga`qB80+K<&_SB-T2BhQD933dW^U!oXy>0L{&-5lxf8%pi$%s$wz7EpvhDMt@{ww5|+eQGD$V!ndxHM zvEPC4lhM0=t3sn=4HsfzGL$nG1nfpZs&`__i0wY#qVxW*6Vya~1B7-OZQ{=jEao!U@ps=9lnK~8 z!rm2;m1bGj_XWbC_C6vbe~|VfRzZ5Qu%!(XQX+5EU33o zUrQ$HW?5qJ+%|pI(KTb#6su6;k0@9l=qDVd65J3&SRf1^f!yY7vIItr_93a9ugKaNuW8UW+E>ijWG2H*; z{9@GqWi*)dpES^uQGeW@s6S3d7sDsT91OM}$GgydvWh?f#e(prC8f2GjBLNB$s95k zsX3_Kkm@fQ3c}^(LdxiJL9kDF`aS!0>zLL(#(5mAHD*f)UvBTk1<*F+1(bv`AVOSTN8u$2J?4|r4^?~0RrX0qtNKF@ zDM5D`9YZF!QaWVWx0Z(Lts$~~Cn92@AkO;bUgh~wnLJ-IpU$?gKkk4x zEFp~DBpK2Srh}neB2<*?F0HWMV6k2KC}19l#|DDP8!V9-evvDvN%whdwq+bh8U>`u zJTK-X^hi?^y(*>0Iyz>CJst4^h}i%k$M?B-SyM_+7;wU;_Jl~?1&VZ4mM`k*1~+&mkdP1;mMkah;05%bE*s%~J=MX=m?oT{ z`m*kDyIy9h{--OmMh0t|%wXCJ2pb|kL?ToKOD#O=VTDdOoiEmVsfzt?EJhv<6M#h?NYTH9xJi##hhaeB2*RE?@WGT#Wjc-P6;C zebs$4>5ufAQGa;a?U~OCl#~8xe*(WhlPyd+*~tukO~Iu=wInpAJOkI2QCUDH|fK##Nkt-MWyN=G$ z^XJ=EdwI5OxKmi``bIjG>lAXDay^%g+}iN>TF$4cWUWv5e~wqxAhcx^A04Y@&!c1Y z(XsmISbcP?ew~ih?aS=X?0C)S&pWtYwQ8?Au4!0p^yaoN+VZvNEq&c3B(Y6aK72*gI=djb$@KS38$!^ zu7(i{@1JKjxSlx?)!pnB^fH__Qp+mX-%uuHsMqvpx@&(7^giiZ5wM+@(%VhNu4g?K1B_Xbb#5 zXb1daSbg*R!F`l@|JLVqQf4PsF%eiuE@n{Lsi;l6-x~$ZDS?swpd|iUQIe~z1kdj~ zIYP5*wVW%|#}XGv`g`_&LR9XKeoq70#t_kJo}y<*1tp+?3Lx1i4ei!SHU!vxz-V0p zG`c=kD|PLygPs29`i1&G4p=ycUI zVphc{5R$D|ECll?_;QVNv?2<{esOn#;w5Q7;f8@ZH=80Xzs|`t1i&6@ESOKYuyjaMEnjlNOX6=3jj5xNi z{SA3h+#~FFWye!0z$|@wMOF={wvQrAd9pXiVymVS$k8^?Z@Dp8Wz}rbu#`PnTre8_`%SdxG) zsr*{c;Ay;y4&qtJ;azeDFTn?1JIC*w;*TfqzRHt#n}Rl~gli;0L<^D*H?k2YklGAK zQ9ui}7I#+E8>jt-s0?8;WnEs8)fOZt=2(M{XmmsTG@1&Rl~R}28r>$~dmtB_Ng2>^ z-a_3VPy#H2JHi5W&rcjT2O7*!$kKv|ncr~QHPr>eGD#B#`;~c8ZcHjXqlP8TQI$p8F z;bj8Z%MIW>?O|I~*D~u=pM)}vMuSVWSYVJh&O5 zDPsY_VWtcxe_YB1Ct|^ZHQvcet26x3I-Z51fX)RMC@~R-R9Z6`2LZbwezE*5+HFpn z*&-~H-e`!HG@ybg0SAHKNiaB@p~H5|22KG;hwXOTEngil7>**RR!)}1Tu4Z3hZsj< z$(USZL71i`j1xR*8qzGWbic~a58(!0w3F@iyU}>^+mptV@!7@2bHI}>Yofo{ocg98(y5BtWD}HiB33+bf&ueCXYbmqeqCJu)k;^=tmdl<-1&s zG&IE&wZR_Dabvw3ohA<3q)GEbF3|DOcj!qUAW(W!vo7ct#Yz^&C-vN%(LG%j#Hnl` zXO<)u_~yIOsoVSpud_2#e}_fG-dKlz^hPH-wO8mVL$0>xt|n5m`{4SpwwHn8=fM!9 zB95?^8d|kIZGT_WsJ53bDE5+s=1)S|@8=<}@L(ivJ+ z@D*8frGx#j#TzusTkxHF03GAzkd~s3A$(gjq zedj_#|1ARNZ{U)-bzY*+=8#c*co}haO?|kRWfP9wST2yxL1-dLwKWEfprnz8K7Yb> z?o&+@LEt#ylpqkzWh{%NTk&tL)erfkUxAnyw7oMu3!g;WHy&Sca)~szKUyCBem zPwiEUXrw~KI%WE%CkxsDJQ#B2&N2vaV-WIoMMCYqGYf6F`Cy&T@=wM6i~qT~5|=Tj zyMYX`_Zr&d?gG1ot8di!*DpT_^z>hXh3FSDML&_%J}}C^ewjG0CknfLrHS{G>VyW!O}wE$G>g1jQ34nv-A&@srVX?;t{o3g15yqCO&&S>Z1K!x z8{A3|z~hpJmkWPK{`A1qu}(L*S3{o(*Q9}o54RUI>@rZj%Th{L{_1H1k@dS#=Z~21 zl@pS`fj(ar{le1VxW9zFxtIR5nkdy?d~n1n`KyGNO-KQexyt%QG=w}A0Xlj8q^Rq} z;ZfM7wzz5q3cci*aaLt^UG-AzTH8S(m$hBsNZza@tkql1b(~1n#LO?)Dk*dQR?$|Q zwnWy!S>N=~+Z=X(qlL;~L6up%0$W#$O5M08^7-LGciJP_Hdzo%7&RotwjS6u6+&U^ z?v+Vd%hLMpG~YK6Sw?cD7Ox@8$$$jbVs3c2bMu>M)J!@9qOaHVOzf#8p|uQ#|fv|)tCz42iYt;zUMCVL8D<`0VGAr|{V@bmS=!G>zHu{V- zSFW$;H`_)LC-#24GKITU=jYkYX%Y2O;+Q)ML%5=^NMDNN8oV+f%5YqV;-`2@l;k49 zG;8V>>*-wBVzFVe-N@YJNvdc&m76GlQAiXwX*sD z-s9%K+s*HOfBL>@{`%Iw+W&w4SK0b4-3Pr-RMX2#48B(>zL^pHN0Kpy3M3SP5`gSN zbU{+hYl!sVlrg@5P25`)no>-R3!R-Up@k!2tp9b1`IU}>vt9`8z=7@mDY1)iotP-h zwUwM8P2z(WOh`q?To3?@?;sd$tU0t|24Y=87AvDWioqSFVEM$|QTVyr2THb&9Mp>$ z?@mm&Wh&kR_{XA>N&@%Z)onnYstN)E`E|5=geh+%=WYR74|AU6>ro>Dy@&>) z`k+@V*%GTITo9}he%!QzD`6^xvR3yt{jhO7^f}PA*Uj~q`ef99U)O}0;u+%R_liMi zbT@=c6(XGrc`~BMq_VQ>W;>-j=t9e#*VwyKYb(Z+c&0qLH^qDSF|u>rb;Mr5W$GPn*p2M0d6CV?Vq(`TORVmpX915@oFBvN=dAiNn;$ypOe^nip1 zhexgUL8i9@$O<&Y0S-MH&JTjA0m}JHZ{-I;4$f+{+$cxwvx_RucTmBlZMYSjfp;9W zO&8SX2ksvaI&iQfcHp9x{qeUPwN3c}@5NxynVix@UPT%^Q$a1StmU)4uo~!1rMC&g zOas-n-+Bui&h^q+cnh*5`hIoQl9GPVBKXN^I7jbBr%H9=vK2uU3FuO!;#n9br1l}D zk?%HRekLIv3-!9TDwrGQetw{{>mAH--}}jwG<@fs!6>4XRBW)!UGHvDkV~ z5>9z=cthv}i`t!FqrG6)hKd9QeZogdPN%WlawKQ7l~p0{;)aZih4VEto9af6u6fC` zr7ZW zWjD)u5bx?O^w|>AP&1!NbGX39s|(H?V5v;-)st_Z+>`gPM84+aW(r}>U8-nxC;WRR zWwydmiCJh-Ycm{LH;c&~_plDrHLnvcxk}+Pc~-kx^+U+D@oj65UmTEzR!7ztz&ahC zJt@l(4U=5tmas6Rel7>mhb#VbVBgXyvN5N6QiGbz7B_+=Il%rra>0vEJ zzJ#OnQz3k1;}QUet72mt<<)b9<)X|jmbINB@={bP>oImkNwu;N_c+8HFRPW;F>;ru;72qa#{HovRx5#Zho87Fh{aI_otMtw8z(2<+xRjs;Gx^CnJGcWHR zq*yG~Otkh)=RM6x`X)L{X^Mj&(Hf$OCi)P|S}qY~io>ZFxxgVhgyNe9VVj`TPv!W^ z3VxH^(paPKs|7vM zh?1i&UjXv19i0^7%<&t&G|(y0;6|f0!@T&ZBslK{pGDb7fOO5v)he)uY$qP7vKLVd zx^)u0!GR#K&z>BA(WazYo6+!^a7p|Y8nj5}=nM>5$SN~hssAg3h z9jn1mZL6d4|9M+-KmFWY&;eKB&__DStrmF|1UK4QbZw4rTgU3I^Ixy{)J%8Gq9o5@ zm1*+Xg{@Yb>(cgX6|n{IS}?v!5n2H6f3gfsi>8uv=V@>onW}w0w~?&6<}Kx`uDnIc zI&1NVT2K7%>@i1y{%e;OYm~UHx~Z;es;QZsd7oO!O=cSJftB zMO}1fysU`qYb(EsAy8fO+#7UeeW@tFz}LjF;h&0ls{h*G26sjEb8kTZoC0mx1#THp zx<|Wtm)k(Dq;z&uICoYy`cU_sbMFz!3W%QuR2vtfOf$p+#1Q}CwABF0O%sXg!F`hKg@ZF?=bWR9Fq_;(0=XOgU z4E{|)dg32C!;N{p#mSvrz(mzf@#yDX&hqGIC$)4BXGly# zTTb^Bp_w`3v;DH)Oc3h!;+0PPn4;Cr{phFinHl}u+sPUI?B?j-?G#NB!1s2RMnAiH zV5^?1DFXe!>2!@t-HLlq=+sZdPhGGdWJ_oRV8ng^E^dBKftLT7x3-LFe{$$DT4hW&iU*F ze3dglMSws2$sZSu?We3OodPli%g+MoXM=>Ob}p!>>}NO~wC4oOq@E7NQfNj=;0rV* z0lR6y-rE$S)>VNSv+{4PzDyC(qWGI(W2al&+2BkA=>H zHR_Kis5=~V;2JS;V30WYr#Y4ML&>3~J;*cxw`}Wz0*N?M%L1MB8d$ZI`1xx__K6^cfc%P%IGBJ@-xrz))&N`BX%K*+ohZ z~xkQN78#7h$NU@s*BL=m}#eq%9D^W!dYNM~@*m739N)@kplEDe@ZGq!r7Y9`|eOhw1k6r|A^(iRFZW zh_*^NH(JoZ9Fmw_h9|!~gAeJNN(L^Y+X3H;2dV7soGO9KC#Y z^iBKd`Lp)(Z&3Sl5Fi#3^KaUB?kkVn-{i@fW05$xww6~aaSBdiJHwxtC?b=J37=k5c%8SxT*+db2VKu&aR@>%(*&?Q zXMt6hW_KxbDyLZrpnB*MERFh~e*0;;#dOLf2Ho5$9G8tCtbU9zjAEk`)eQavD8alRR zQ3QSoMY|_wrQ>@(z61!y{n5|;(JsW)t!_rnw*F>t{UC!>D%?6P-pdfM+zE=D`fwY4E|czAEZP{gh&tl*|N^lzx2 zoS4-U!5FcQQ>ZumRlDfACua?F!B|q)vY0aIpH`at`{*h8qp+lE^cU6WsjdP-biag9 zue;|bzYI<$KbFxZ$>LoW_C6!lpFirNq1L4c}$yb}wX30N#ZKz35|)aU#&CB>%jMr% zF|P$|PD9f~1{3{UkyQt7^@00%%JCd_$K$^}o)H$}hH<}G6<@O;UXn9qN#+)*O|(>R zwaetdi$21()-p}B~tzBm8h3$_mlqc^y0U({`utc?Bb+f4C#1q((iRgWpMV-yRT3CmuDB}gUQ8c zaQ?QqmEW?$)onpZs)9-dQ+U%1PWTh%TkhjFVWPlLg5;NrQPG0p-a*OCcV`X-Y(C`d zsJH2>299{hS+ctJcTB>U24=+xD-Kxn_*aj(-qpkzsdOdCjDr#AiTrFKPC>Eme zu-p4mV8MLKk5YOa!n@IF$xx+bE@K{Sl_&Wo>&1hG`Fu?SG@CjmVTq$0TB`jK2?!RX zl?sQy{!&7|=~2(An8VQc8+rj2BCoVmkBL`L6@bbd_PdMfuj#x$|7>kDk8C?ejE%>q zaHmEAB&I}Dh@k0Q%}|vR&Je8kRS87$5jMGaq3*NnU<+;5a7k0Us=1_MnXW71n|iaU zW6Qn|S$+MR-cE0Zf=1sLDl1b?_56JyER0LhN<3S}pHZ)%f&a^OLZ-oTPaG%MzX*fX zh%xzw21KlcBunFzTazBzXe)6quA7B$&E5&+X4kQ-%28PrXTh8pD9k7J0)*BTSrvcK z=P44f-ES%EuGy1s^{>A=rQegr9rC~yPA#V%w8z>6x0bl8jf=OIbr>hk;`DRk4Q}ea zBeUy)eGhg$mMo-_@x<+|3!O8cs3}v^aksxw8ySdc#`EWD6-Hr}Xjh zv#rHNMX6@ntUlkNBP~mYx2c+ypCE0r%$?mOSo78E;jMyQh6l``&~V=J7$;0XU}2s! z&dks`3}P2EnISggZ%5i?nCz!~P0JL?)n%O;YQp9tzs5laJ!`|BfF6`Ak+OtY-#w|s zlj&s#2${TxrBBGthqXE-WRrP;MekwVp6wa!d6+t}&F+tdEf{nPv+_>^3eAXx-| zLIJxWTx$+x-;FLN7rl$qj=8DFl6Xvjev1|Mua_qn!Rfetz_*|3Ax9vXJ&T$%cKcc|`O&Cty)?Q5JR&g(CY`Q!7=uJfNyvA3J)56_nQfBgLLWp4f-zI^`dasGdf#~A$jh{K2l zB;!_r0mrdiFi!ssv6J~zIvYbn)3C|pdXFZ;5q-;99ElEkU$6h3H?~kRe@V|EI!k_wP9rc%FS0v=*nvxq`D28Zs?0G~8=Y7b0T_N$K zz^`PjBMiJG5ad4LtK4tsn_jO8pF)pwB303V3i$s9a@PG0r&)~4NF3-x8E{5{5MKxW z#F4L-0C49l!@fQuO*k415e<`*zNY4kaUDX>A*SDL9gd%@B7#mC_Fvmp;J6|AD3vk@ zntmt>hklKGIfzY>1lK4*Zilw=jT9104bU!)Yl}PIvkjNXxuheo( z&!(atQs$`w|NVBkEBTAg@fCHTkAm1&esZ4d);QuQ5=9+3r-5$Ubb4B@r~^)JIF$sB z?a^eiuAfCxAC&xb3#z4eK$ld1wHH3akMusU&jPj`=Q8M>?=BL~>l7E~WrC9PF2$^b zxpD}W^4ewuuW3|y!kgLJKy@DuYZmneAg4O1gs*oRGQGpGrgvY{&{v}MVbm`Rh}q<{ z=xu1dW{;n_X2HhxjXo8fS`%e8mj#(@hNOC-zQO~A; zT2hZQYvC$`9ZvQdnzc|j^c(s}uEt~o#x_BYx!NlWYO7Y;+e4Gnf1Hf|q5j-MZx~1E zKr4m!;lqa-+}sf?5hoEt7{Z648B0GiEOROs@l=t}42!DN^cI*)aZpQI0r~`i62_*X zgY9ApHJgG+lnwO#ewD(QfS>SR?e747BbgW9+v9tH%@63?ZwJeWafw6O`S#n|549hF z+3MLg>Wa%STH?^hlJOP7d>$+74uXBeg2e&k#8ACUhUzOK>go>@DXn-y6245+3~18W zPHMm*1BHekgU`P%tEb*$ynj}jLLGKm( zX&sxdV;@D>yTWrgw~yz9w=`P~If1P~LDi(FH4%(NC17pp3M$ZH>xF_nz*1jdp}|QT zK_tAUoP}!iT1h9>P_*4VYaJf8J{EM7%nB3*Sk4$}|)^5o$KE_pHHig^A-X}@h zaI~nZ$|E>34v_mKpx1=2ntD2_iD84c4%~9d?sXG~zEjvHjcWn`t%Y0$`z=rskpBh- zl?H*iW`QBSWJK7Vl-i+ZW|6|z*&hQL8<}HCRHB;&4M>JLfxTO(SKhGAs}~DkB-Y5k_8jwb_)fN6TJR_WA3*k8h?4r(@MoGqIHm4xHqd%KzQ z{Xen4Y}#KxuztO z@s0f@4G%I70N9*5*hgx`uIHWl3r)3KMYL))rOFJGBsR$%EE1DF$Coc0KZANCHG1g{jS! zJ#@4y^Qx}tIK&70MjjSeHh||_U9Pn@N&BIQ zIZ3(b0ZgS}nJjXNypUVu>0QoUVO$Q?Eb^MAXEp&#j z2+9hcDfX^V96?(A5_Cae2Ly+z9ME=3W{fLM+@vWWJF$aad2s@>7o!=uLF6M|MrxVH zW@y1~Y(8Tx-!)I@MB1uK6hI>0BxiHr6W&p?2ij<=;yd~hT?J@BX{u4#H&;;@sxE;X zmWQwno@#7%xqSHWA?Ivq&d@(S?l(&9x{NaNx{$!A3~*j17Yk#NSiHbd2*a3YipNiGvff*2qLy=HS9BFA%vK)a#ta9~b_ zv}!do(#EYNvQDeAl+gk`RR}2~0^~jTI~58Fo%^w6Jnn-_U_ZMMR-Bbsl;uK8G6Vrh z1c+TkShL`_b<;`Es?`iPq8SZH2fbHKT)N|ZPaJx%*6@A}X%;CA;8Dai_b=lR^Hrx- z>%kw1X$_l0l6Z@d{-NawCw}Z{V}et0r5KZ%?Hv$8C?q#Xu$jD3oR(}~go+`|7Lekj z8RbGEMO^Uu#);<#?pa_6Be7KTO2kto7TF9OoT7!gGrbiOyFqTab_&RjIt zsny>1%-wS%bNAfS-e~_G36$w?-)52~ABh*+{RcfQeRJ(0%x#}Y!k22Yg7#AyBH7Z+ zm_Mq%iG57A(5FP+5E5$kfGRg+>XJ@0O!hr94e~|9kIlt>JycfN8iO zXfYEx;;4_5wbQ_l_i$Dbs<{NLqV+3sVFK2^6(p%Ag7GsW$TLs#|uuxsZ$V=L1jXfwg(D1)otf~zDF$3HRUqKfhzv= z=fQAaNyvove?>nJe|4jkOg*aIT<*m=ZilT}?H9FVG^R*e$*k5ITTDG&40vjEV%9#1 z3boCdi=cIy92Z-V=9*YAa*i8MD^wu7z4xP`SBUTz<7mlzo$<=(CUbEI@QFT=Az+`_ zbiO{Az0pYvU4+I!bKs}KG_V!@?3&*hR>x2h5%H9+%qml(-6SQvdFZYJe>S0FO2lVF z%u_jkRT#(8(1tgJ_L)1NJQUy+;pk;*dP{~DIP?R8ghxWmDHBMfSF5TE0P?x%&CbxYwEp*LPe`~?MrvC>Rbk8=KKI*lzQ(GJmw0-y4?gyBS5;f3rK`2jl zny>XCx?1fM8m8TSLTAb5G3-~Fz2i^l#H|OvlS_Zlr`jjfOdjO^XqLav{)R?!$yZ%y zKB17IPiRae`miG6LoV{LoEXX!gEgXQ9N{@9Mjxs^bxOW$S0Da}@hT1UD7nt0bNH;) zZa#n2de;7cJ{89AslS6Y2dwDC+fZ4IrEv9L6D+9kiWjlwhSFNL0 zIrt06=%A9zy;~KXvPO$BOA@GLo0lB8uQ%wKi<)>Gy4y?c%&_zW&Po%;xJ=!D{qC)S zGGOxnN=RlwG-n>?LdQQ@|88&4(^@@s!P&~-RO_JLXfPS{x~C1)AB`?X4fIQQbUrwL z+dzZ!Hx~`lubPyTQMcFEi^L^^O^X@hOXJB9grN7QY(A&q{C-_q;JG4;9!shsVkSXq(cRfAs>j`(9&M)4) zL7z|`b}=!Q5LYDfknfU19ad|Dn+p4U;T5 zZue}eI>%EQP`OIBUUjG01kO&sSFeO&K7CPrVp^^(Ds#d1T5!3kTnq3S%#wuu$=q|! z4uDI;@c_G@kWXhb0$0b`nh8khuB*L=EY(+VPXL%vtIZD7)MRlm!$L5R!YqSnoET(D z8wyq6()8?i265Qmt*{__h>cjrapC<3cadXR@iCn6WV;mP3in_`O)zro>*7pS+d|n zPrD~)`?(;;?U*jWxL&0+Q_1E2HB1jvxN|I ztOcchCmaqdy70tl_Y=A;feV|@UN^Hgt~+(5+d|OT#xYaV@2iQ^UK>~E=7s`_fNs}c z&EyW)97M5RT6a&*H0}=C>a*FQG`o2+(~2;3$s7Rr{pnt0e@h|?AYHrdBm?dnSKcvg z9OaG}C?Q>bRZdQUCc35U>X-s!K!BB&cH!X&drApv=_H6O=taq;vuRYoukJ-K1^sQo zRMox}lFpqkPM?PkhGD#%5)Sv^s!ldxXXNX8GTK6AWdm|tUFG7XEL>Q%Cvji79>)?_ z@^Kf(hTwpO^KC0i$+VT8gk~8-C5!hb7iqgRaWF1fnH0g*Icy!bp4(-~M$Fx%Nm0J^ z3eZ`Pm3m6r0EJKobqf7tSiwz@ zCgp=zd#>&I-bLRm&MKv#++>s`#tXm+!3R)F8EB@VqSZn5Y?awL3@UnTZjIO87Plu` zQ*X=A5JiN0B$VlLH|f_J{wA|!seDS2#A_~a#?i_7IQ^;pJ1Eg-HhLo0bv_Gbrt9a= zUpz~2Tp2GQmuYYZxX9HIrY?Rpfs;0qCC!Fz*Rp0h0Bjvv#bt`dnb6Mi0WMFn>2!*( zIa8)mc4(m-o0*=fAXboVb2sjVS*`PZf}sFmT-7nm=j6Oi=emueh}pG{3v+hfrcbw} zt>~_0`phx#^Ov__U`JHB1FgDtf&#OB84uFCP!uf^bqHekq#y#ZbXPHrK=W8A;-%vy z`eZ@L-S%I7)ta#cppgxbK#(HVVKJc_hNnGNROoO-9dfAHvN#i)*?eR&sSmt1+-Eq`sGix;`*5jTJ7tE}~eubAo z=JeczM(&~h_fEMxoSd$Z?ZxS6-x@C>Gc1N=M#rUu)yX2>g|z5w=Y*wPcA$f1;p>MF zA2Np-9e>6etxdJGyc0`~MusJQ=D{p8(a+6%gg82J3+xy#et6V8gxi=f_ZCzVPsW_U zTGi}1HfI65Ndn2s)xIYKT769H-`C~l2eLVZ$FV)fGQ}9%f2snzGoM3-RZkYpW zOa9lx!j;4%BAvuoRIL(3#A=?f+I;``h z+5f-(sUZI$+7_00t6ejH>u0n4KYVt0ye9u&K6{k^pXEsgw^M7PYs{&>7$h6AQ$xuu z+vdJPWLEiYml7%$;t5=PWPb>rP%=>WU6#9}6B-#4q>;yhz@d(BV>b#((~ zJE4YjU_b}eoueFf2S8QRd!{D)IOI3ee<`?KoD&7)Vh5}E1idL^0m0!KhUvyN6*iNa zb=T@;7&sF2mUMD{nuf)@*AA{paxXLs@O&GtE;dehLIS>!=E}D$^urBd3aMy!pi2A+ zy5=rm<+3hp11%E`VGf5t797JRiF#2590)V-cY!a7D9W%nME0z4d6uyt=EtyBQof1m zgY!2R=1&tZWPU*qQGE^N1cFqt7AVn(`3}0Lrp_*yWeC9Tg|W$n) zac;Q76fKmb7w3)>e&?7e2R~hxg{n@a(Z~nUtdELm`P_|K`HAdA!S%SAYTdvM5@=gb zwM<_dqGd`u?Vg-j?cqg0r{S}XTrjwl;cY-fA;{hQM zw?)CmT9jj8KW}f>#v<#z`HTp4xBAy)sqJjgLj&01AG(d$etU!7fr3XDDK{0n!3|zn zYcbz%6V=bjHQ`yn?*eoJ(dPy_2|3Tee2aMVdg+8rN2CHu8GF&dwWj;GgIOHYUoW8e zjxc3|VJbjV9tu-Hv7A|BgG)3(X>6#2N4AWEO!8q19%)!j1+J|Is1sUK3Mnx9Fwf|f zfnE>MaiNC*onl#(^w7&yt_VVfSeYtINDGZNfa8(7@%85g3%GV22Rv5_+) zU27K@a-lTk;^3l>`qmyF+p@d#l#85kv3vgf#j|qsobZ?^JL)@jn~j{=eZU<+OjCD< zWy!J&jwkq<)v| z#$CE!pC`{>ZkQ)-98mR{;sofpeHo|WW-r=cmhqh>As8mU|C yNw^*eR1(zr)dd9QsF#a+szS^!?dE=b9-qhO@p*i5&;K6)0RR8U;Na5$Z~*}P5f*d+ diff --git a/assets/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller-1.8.2800.tgz b/assets/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller-1.8.2800.tgz deleted file mode 100755 index 90f4def03bf1648ea2cfbf5c81f243af5213c9d9..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 16365 zcmVDc zVQyr3R8em|NM&qo0PMZ{ciXnoDB7R(S76EKuEbrEEZcFDYVY=5MOIRM^+QKe`Z!s= z4n#r{K2rn>fOhmX{ol{R03bn%lqf%v?7ht&5{txRW-yo;3Nh~P~MW=?4hb0c!yyamj1Ja`G zz$0AJ86|!PMVQNw@WNu81OyAx4Dph5&~~n>;fVf1xS%ZTpqs-Qj-uq}Ve3`v=vB=p z!s9fO@UDw~BEb@QiWkw0anyq@Q1`Tldc)t4>c+k^y`f&x8{%;o(r{iw2n!^rPdv<9 zwFOhaE~Jb^=iuP>_O_(~Z+UE4qn_&5e&qPJHK%eBPh&y2!h?iTl{?T?%zw=V36@QO zQXI?|%?QtlI8aTsqHtbYVj4$_=tv*p%sfcl4KbLSQ62y z)%K7VeWXh~CrEXNX($j4b>ozUC?v!uzG`Vkq_+U!55;TnZwLJu;}s~bH94j5F{pG7 zk6Z2L$*b0JyB5VkFk}JsRvk2$T`)Q1M37J_P^h;HD1)8>#iO3mrduIeCv3+kKZHub zLWq+;W6G6EmOLi4+H$^>KS>!48J8XOefw2AeJ9Mz7cY)$dx%9O6bm|&YTyKs3V789 zqBE^q1yUn6B{ZBPpF{y$!APOYh=gOPNWvS+S-4dCua>meK{Ff(QrknJxWG#yBJ2^> ziChpAaWbPHfwk06PK<^@EQA-SF0VPYJGDI&P>+NH8j2OqV9z6wgi4a|r9f=vwqT0a z%>QZ(bd3%QS#8f+2E70aVSxiJY1=!Q5LQ#?jAsc8%2^|A$7` zG(;ryBSyoF3B;y?@Ebg(0hKF6K1Pg7!WA4t&OWYGyJJ1lmlx_^66(qL(_}I{%G*+^ zDe4h4=PZsC+t27c=Gs84DQnDKM*LL zTCIC}J|85`ZqV7T^5^Xt*ecDr3esC#;@%XClA-_USQ_>j|3LM=9@;h1=w zz|ScT{a>js7iVVh4M#d(0IJ^b-C7AR`q*P!nLM?Ad3K?laud` z;ithp(RtC^$g!|_6%O(*rzgJ^9{Ag4GCrGcgb-mu$L@yidwL6p1iEpJnqAE zAIx-t2I|E^vgOFgty40iA%*4;x}`yYLMD}BqoI&E2#DWOW3GP~8NH_@tRrw6O5B7S z8g|?DNkEih^<%E&vRY%9cP*`jZ}BP*!@i;&>3p|qCHB9f!eax zq$!;gj+CvxO9c`LlCNF&7-{`Kq9ty;mKVfA65a}!hl6@nGUz31(o*QJ{r#l}>k*!v z=D$b1D`gz-=nLF9{|}E|9=}|h|KAdfzM@d5UOSG!DKE8SvPZR%`SzLo*)Iom%&b|*6#R2$12=B2VURnY) z4ROa%#Vm)FK<^;6*oO@;^<=iz>b;nA5=v7majA_?>!$dBjV~{TSS~uKrGbI}NT$nk zA_Sh3s(qTiOs&lw#o}t2w0?sF>cgOGlvzZ=?r`wS@z`6CCAL0*h_i@rnfM`qkY>#7 zQ&dJhW}KRK7_(n3a+q_x%6*}dEZ2&ccVxiQE;onI@=u0z&n_H)rKu~BTwnf|OonpCf`HvBNcB!k8L{2xTXfO?ZGxJpZ-CJ5b`2P8i6>Yu=v$$yCA@vk|}6la7@b$ghQCEw+rem)Yp=U zx>=SOJhx4sb#%=bHN`5F_#;Xi(2_;l^};YJUt$UHnm7o{!U`vYPYLv>nzYCa=gaTE zKP*QTHejk^*@eMWU_!Nqp>{ezTBhC*m?FvEP7XJ-JvJvH;Yu*v7grL-%MN;9@1OTa zZ~GU$-|G!j@1FHX6ZJ=LG?)x}-81!fe>A!rsXu=0jxGilZ`Gd{myhL*o9?!8dQ_TQM zj%PFKAu3XF{eT>JcvL7*G=O^E=&4?r54B*B3`K;i`DAqqCqhX|Hd~jpum>9IiRh!} z?=DXJZ}wZLf+$i?H$+fFZCQDhJtW;wU9EpS`h3Lo_^21-8!aqk8vJHYmJ#Mrewyr+b5n$U4WA)z#gg6g(<4L z;6ymU;vjGuvp+MP>zCVmaRIaqc>yJ%42Td{H&J*+LXY{R^h4F2a+Q5j(yIQDLrTzH zM#qrJt&|Q~_N}F%dTWSmU-=X-i6V5-$w}f8_0*qgxClHdD z&xzd8kU%Adglh{a$sJ*ym=8)N5h0Zg&xwdwD2TIuc~E(NR3^`t%%`*M>yLZj4NC}P zH%W#xgXv%>mk1T*x=SmpH&|>}J_?uz;<14s@&-#}hF|0gYSMikn{62fl12e(GS7=S z2|d!(M6XKev5tBxk)WLpyccH1AIVvwBS1 zMAnqj69$~{sXZZ5cYz{ZmF0_iy1^}82_z)Mg(b_$I(Py7=gUU8Ur%+gGNuV9sJ^T_ z+^(0Is{iTAtdYT*CNr4!0>Xxf50MBJ!BPv4dRU|ND4V4MJN+@yW4T_B=UOpB$@C zj@2i}>euO5-M-BJ%#PQL{=A3lRjc-@1N%;`!IjOz;ElFyS1d-iSX*r)(_m(CW$a)5 z1J+|&if=XOwj-dPm~UXr0vtwX2tZdX>B7znVBY{7s>*k$@;pP%kTmsPchh4&*#*6y zCX-?61TbNgs*wi7bdryFsn)?q?REnlw~rd=Mf*hq5$RPzm4=ec;n42}Txm#`YO3k8 z0UL>;3!aoNA~F==1dC0gcAXfG#ga2obX!0Y+kX1#iwwOZ31VJ2>rp!MmC>>Dq>V7w zKE(BTYnnwlx6>of+=Y};Gs3HYVZW(KdB@QO?dc*Ul)l6w<2w902Dbp|vcV1+iyllg z3u4yMc03J5BF?1thnVO|8VX6UuQYN+hlJrCm_Q8CN9UVuKInDoRQJcGn{bNy>1r6U z@Zou8gX@_SQQgg6K`+B;Bekr8{S9SOhI&nprYqzHOsLU&+@bUN1G2MfEGw(1T(DRI zpDSGO+T4$Y6@8C`pP2?bZ)9&_PG_wd3k|HVr1+AC#9iv-WO(Y&-!Ak1jkdu5jds8< zht)T~AKgcp_iue(CuMeG6%&DlDD`=e3NoDvw>4@%;%6(zaaO7Q%#lOr^{ zR?E3UeJpW-q<>)lCq(7$==U^`Z442u<|#TpDkuRBQ~=3FX=t}rvLV180!Hf+pwZ0> zwNlsKI@sxtZoX6h#{moH5bVI>X#f!dOY9Xc<~L5k`%S-x8;auDw#gNmh5Q%mT+FH% z1wyj*iiKbv1z)alj#fmW*e~u*P`o4!DBLhG=Vnuc<<~ixh5*=O&80_Vz38C;zc1&F zp%+C@Z-F`XB;jUD#$%z7RK}pb6~Ib;gX6S}87m-FkrxZOP!nW{*R0*IfDy+Qwtqoh z6b}gdecADh3NTBbUz1e>s_ml)Q=aS%ve>Gr1ahW$NWLsW(^nX;~~$!ZId6LYLVM>M)2ei}`M%Sx%s8;x!g@I8}v1Cjx zvLH;;62=LhG!1E%Sh`>3=ZA0uFWSlW`rT+e`Tber+4%hOa`IDdf*JlISH=GO3hjfN zI`vyW8}&~IqkeB<-VHA=PS+-NmPDtVMLJVmev?Na^3fy2PuO2H5cH#q^YUG;MjD!8 zirQcg=D4xmjm{E>ZPKLqAs6Vy(f8oY^uaGto zpqXhPB3>(DX6Qge`paNgD}d1=(ltov&%VXeY1uMp%i{#N3)G^-%jom0;L;gdRqz#A zbftxXiFejebt4z_flf$pmD|s88DLZMkL!xTv0QxR36V;jF$wIejC^rX%E_6u#zW^q zLjNfO=U>1jbLYH7pUoko`0y&??1uVqFUuwzyRlp#orBOsl4@%V8bL`T4SoKE>)fZB zCW63m!YM%@n#)!|J0P5ABh#?S+O7>Zm~R2e!lxj@aP*pbYA!<8ckz`}UX5$!(1slq z2_Ox$z?L!ea#q=~GXjTVeKcJexQzfQ^TKCFzOW2a?No!b>re_nPy!x;gP8k?m!8_I z7STwBh;_>JO-~lI0eCRv%AI8p;Km^2?V5zzePK$@n66GEYS1+5-dc&k}3L`toDIX{_EF?^LnDN+gF-M-=09X1!q>q z3&%cH?6w{GvS&vF!AB`f`(lNs&`pR>B?U{Z6LCKH|qQu6TWgn z@;A`u%c5Uc8XWgmkT>_rpH>s4+KUg4SS5dz@UjUhATn23zlesAry@Y7ub&lloj5!S zyVMp}tw5od95c?U%&x0mid}0vDCDxX3mnOtm4vl=tGSL7$(oq?1zRO$uHP!!YSWg; zIymc_9(tR@?r*eE87!zWYgb_FYEh{h_e4HFJm_9~B-Q2Bxv?%r`oEZ$V36>MQP|lfPKRkIZAJdWGZazfB`(p?Hf`*;J ztwcq$2fdFtlgwk8gOFv~$(Fr?FA%OYtv3+-u@=^yrRUIeldfDXpJj#C&H65H<&B=c zT^6M~xD9j}nY>PLJ=^fN^gIH*nNY%;hvtGl2&T-!1GiZf0#tmQH$A|c|6mX7es^+m zoDH9JZnE1UmrE9Rw+)0PTse_M`dh0;peDLt(pfnH4U}1#R~<_l4nQxgA+phDq`7i^ zJ-^vDia4?NZ_^JO$3ve3U3=YJkEu^a{f~7`m?@qiZho&AghqEm zxKtt1xsWF#dQ2)SyKc5qx`QsY+z45;A!?3JO4StU z{B0Uv)!RJQ8yKf33aSA{Z<$}DikHhYRNc|#N-RTX+sJkg*H%Z+y^W3HWk5MPCe8|K zZHIq*UZB!NMW#^s0>gbO7*1vABvrqTF)@si-ppJLo41e?Ey(kkNtRI>Gma|nN5UE+ z=HzOF#3%>vogm7zjyZwjeQ{`L>OTWCaPN+g5ppmT8GlN%B!qBeczxh}SYh%+$N4niV@hXcZ!A(fmpaYPSDcyM^s zY9C~JJAkY}Qyk#Xqv8A@m>Qs*zw}mq5ai&jM$3(I)IPhY;(P}cT-t_P!5MhZQQLGu zeSYBn@u&j_J7NbeYS|zElB2dMKj4EH3_6ojn#ik2V`nO;<(0L3wii|dy{YszVVG&4 z+V)#-fy238Ity<>mPFsLu3A#k4_X92ISuFN-RMlIPF%Jks3HMfic~xc!-Uj6q%`u~ zX3Wnd#ABge*H#5{!`#mgbTvr3rk-7^r|`ybqQ#K}Ha$?%!<|93X`^}@GA|Ze?@7Wb z4-Rh#onTSB6Ku2>?AlO~prB9qNXh9mmRpYGY__s0gFk>NgRvJh-I98J}_#%qBgorO20X zlzu9NuWVcb;BZxJY@@t-j<8&mxy7=!GelmBN@YF9t|_Tj7UCX%4fr8vBuFGp6R@&8A;zn=P6Bb5F}bdG|@yKVp+>2qD*l(^&%HIM2Ap((;#dUl=`V0Us=I# zl3N;U^nJBp2t*MX8mPA*-nB`l5BoEEpATEwG495^H}&QkP;E2&Rh{FO2QD@SN$gCB zQeuE=FO*mf^b_GEO9q2_#-FfVzU@i@R8^3;M5r`rHxL4Lc$!G2ysjk+h#DZmb`()^ z)a466-nFBXLYz5%qn8FcB^umlv}TwWKa~XMgW$6$8wrrEdAV8z_K@wwLsj-7ib1zd zqBl4Y1oqjJ<1gBjRBJOD-ViQ{-$H{H$sC=5Aq!b$Ml1EdW}l1!1?*gAHI>w{?7U+& z7^-b`H2%MAOYWzi`wKeYDjfPqC%M%kuY%x4JBzN(@ono^-FN=$6`z{vj#-rCIjk~G zKD)5hYI9xMeyt+50A35mS1CdZ;Qe=&p=r@nlI}bW?jlpQ&*v_ZRoA?ueASh=NLgns z{#fgY|D8SNDA0fG(qfGgcU3plRZTTDvy(h2!fCU1vFRkWz@frTCz*+!#o?;jM69Tb z?v0lfk$r9DS1|;tYn}&#&a5vLoqwWK*@C%xn-B`UvKy<`x(>)PnEXs2=*6Ls|EwNW{ccUlB} zjk?I7_@s;;RT-g5X(P~mHjW@;iteLO9g%ql4KK%&1{%JbG?2~-fr#|B$m`s0>7&8F zDM(NJLudGMf^u`AxFl@GP8{yRlK2!Kq%Ab{_G2sZXGQpKx`uG8YRm;rWY6Yk9pP`# zZW1LV&UZ3`cemv_KecCk^HgHS+GX^ z@dR~;gAQCHCJqb|2mdsul71{Xw6q7ACg7HBT~HtqM`~H1lU@U>mJ&aI&Bz{d&iLF| z>wgdRvA3{A?W`ano(9A}@Tq`5RBvioqJ&m}=dGkNJYb{w9VB^7k}sE`-bQ6M*N^Q2 zI3SbZNAHa>j^|0KqzCgpX?zb6DiLV!G$v*#H4ChW zo=itdQ0Z&B_!83MK#O=uf*$OpB!DO)x6tn_=4pQ1B@XEf?zvJkTFpAmo?7~)y`Cn$ z>Pe~Xd5h|TaS2?huc*>5(#vioGh%U-={rSUBb&5hnbYHbZT&FaUj8(lLO!vaFc8sJ z3Fk%&+8kCIyGOXE!s9F)=gOirJ*qTNDqX*MdbCn#deO(GG7+2RdYq=>JkElE@B>Mf zQGg{82d41#D*+Wu+13g#gH3(3+wJyuFJ8d^?RGo&|KUmdW&4}MB2ce+~k~LSp_+``&%!k^2{UvgTMM4sNXFl}em~li1GiCnk!>q#^@>qce`# zDT$*fTT@x#kkiv_dRtC2EjYa*RMfM6A7nZy>;_)vtuR-z80SIP^H>~$5X>|IEYDeB z)uq{8%ACq+mIA0Ax&%w3{?}iLy$G++-+$Nh#fEVZ48b7mAg6qkyw+xAA|Z(vb1GMG z0QO^k1sQRALjy9;8Bqu_;@-H0EdurayR&XCzbyo0XP^(LM?yhb`j(L#8c9<>zkA&u zUGyjY@zta|{`qQfTHJ6wZ%lVj&&`dfNmpPb^1(2RebUw0_-ZgLY~6u+Q?sAYpE1)m zyJLV?g=@&TEQf4(Ihx!VHfXvSx`N)$-=0sdews{%l{#I{m+~hmqkJEm8m@+pZCMn7 zUqaFD>3Qk+UW~5*f^mQJOMkQrF?Fk(k+ZG88C<;WkFJKJ!NpDk);&FcL&G`YVCHY{ z>@fz&G<(nCDPrKux8upE-#x$TU7nrwdy~u2j&p5o2pk^Xn=lly8wxA9DGvQx>L({= z^+Yg6tm72w4S&-vy6)+D!(1?y)U_<8O#0`Q=KelnY*khas^eM@IakxR|XT`t5v6Qd(i@)V4R)UNb zJnzQ+(Knz*(nT&9K@~-&$dFUn`#Io}M3^x$q&66Uh3215wOt z0h`m%G?BqXKi6c{fm?mxKAv(shu!h`Umnj03vtW1U#yC6SP(DCxw0g4i_|7ss<+x@ za^OWDVO#5~e*H?+OSSuHe|UEJ`+5Ija&>-r+AoH5JUH$5x}!2U`xo8UXZ@@5%ZtI}ax}Pj zTinX;S>fuopd?j6rGhEEX$B|!3G*%YahotvU?@TI>*c6uLGj?AWahgwhXOVqa`tgm zZjhZ_z8#J(fBStKJ0vYtweyFUr@(I2WGQTe6v|Q80dTV(w*wWmtVynxE*TUH(RkSH zeJQYDKIKO#y$<2s=&WR@(lS>u54Osae3SL!!NPpLrU9Bw9h0!cQ4THD{)hww3(`u3 z!{2`^A>Z_<=TyvLX#5Sm01J^P7D<06MF$d>zb^JKj`xm z3E1wp6n59_$+!CV-<{I$N#hQAU<;>~QxDo>ZGu}%+||a#Tgy6(6K8SyIq?QJ_1=-$ z^}xOdyBMw<|DtsK?fbTVNXC0N|s1j!mRI}RN~3> zvV-wjYw6Bz(;=7sZFH&rQKo!r?m&L&eXFPEVV>Rgf35wwb;~#NY~KHEA02*ooZJ6B zZnsaK_J2ReQ>aLFaLGB2N>pifEmEXVHCL@OQ_VJZcKP0e2XJsKvl_d5P9 z>-I`IaOzETwU#cwzC$DMG71!hvD~3Gx0Y?oYAbg$oN#E9hF%c+1l4hfgO#M7Xz8zY z)XIY->5>S-oyeRu<0AzvEezH~iq?`yPCdu)-AFH|8B?*8UI;Cjze78!^m;2e_Nffm z{0;ynRZBr6HzeaSuG+G$SJJHHI28I&q^QJ$ZiP}%Hw~>@-wy7R>F{+vJL!K|3tu@q zDAnwME&9KG`0^;H|6iOOJ?a0?@{}y3Jx;P=Uuzx_y$-pI@SicMrKPNcrh}&8#cF!= zy;=JjXNmLrOJn}@e6#EP=Tq$MX8OakW&Xc7IeeL$|A#M6zI&SgpW`tGzdqtHVgbpx zRbaqzEEkN^|AE-a{3)G{p`mHmWOBVn6XA%yUJ?lMknmORH}p-fH-t~2$2pOzXg~%0e+xP5{(#dg#$_Z9^q~wmqd;4Tgw@$w^;RbH=z1q300O@3s!dPgW5@XAJwVZ7XoxkbIO%83au~ z6oo^-M!p=xrbvQolpwc5Tlq!`38n^Um&Uclop0KMq(Vh)q{rOqje1DrE#uc}Ii_b* zQ4cBeRDu6tyWExhMd$d6I?zW!>?=PxPj+V}1f zGFjKpBB>8be!2zK(mS9_s=wL`pW#P(AJ}IB+m3S?^v-t|3Fmc+i}Nx;$$6JzR>E94 z1WS2sGlDlXsyyM%Y;B;r4~I32dIOMCom9ftI}MrM;aJnVuW9Hj(fT;*mj%RZa$58@ zv|h8v&s?)$WBW#*icYPGGCMBjK*i?T?)A>)yAM?fQ(=eDLRFD^)!>6}zqC2G^Hah8 zAN9MZ=l#~wziS_x?f)0Y?fm-x@a2ma$4~bE=Xmz=LG@s{nRf%t3~;rcW(LILFr?ue zk~`|i&{nNB2oXl_e@nP=Q9rF6#U{;2P>gm8^p+_Pq4wPM`ENF3{ zOnmiElieseLv9cDTWGQ%c@oo5NM$Bxl69yiP?D$!?D7l7<)S%ev0Na@@oYvtn*wS{ zJ3L;T9(D#Q`3S$C(!hf}Y1@Ifmy!gQ$-vexZMBjcpSVoLX9LmnO-`0Mt{Rqrf z&$dxlT!zsShd!2!uMp<*SXp-v>?0N|4j?Cn>RmEaUlCDPf0#&V#S@b7WtwI{lg4&Z z0}dG|H2fHR{EjOa}^_tAU4%~#^1_e0K>L@r1y6a~1NBE^tFRMA0{6mK$9d>@kYDlK)3LzqKK^lK@t zw-R$x$Fjet*xXCZ8n>h5H!ZvAK698x}>7|7Vj9801S-7aWAGRz6=-9o+chHYNGSlDZwpi#4- z;>avL-yr1%TPk_qQ94QMHzjpE8CV2N({r^-ryj!o5;k>EvpM5z*$k*890xzx&72?p ziT!2M{`xUr%)+9J*loXn z(qa!`h`5IY-nakw;h*jcwG{p_W1L(tNvvJ+dX=1TO3^b=3WK5=KN9*%D34xudmD{! z>@R6}kZ}OO=G4JHQY&^n@6=yts@*E0RjVmgW|$5Qf{PFAaw)Ovksm`6AnGVgZMN*8 zqg|O-b=^1GshE@BpMP;BW;2cHK{huLm{Bw9rySM_Eu)S_qP5|8c|l>jd`m4IxlmS3 z0-E|Q67BD(we1;DHxq<}2e1(s5y~w>-w>+6< zYSHPRsazp*l0^NlOfniuuqK@z9bz%i_Wh>tyryKJx!vZ?(GvrtfwA+?#LM|( zr!4o4#ryN?y$1T=XuXC>msV)?d=~a8S(ZPE)hDs~?;=)<$yIeqRFR&8gbW^AMl6K% zjbNx{@GxJ@l{cnJ2mCDeatAvJ$GzyIUjDg_uA6{&o^|`^Ii1*d5lqXQVg#18_u&jeA6A--YM z*Ioo4ON;_01mO6gAWg8wPtA@Gt=!_tT`A)^rXl!TW|#)Zk4b7e5Mi(5S0rhnb9_xu zR`5)*ca7o*(&Cq(3j#YJI8^0;wo@`=TxsGaO##`79rVhJ6PUdi&B!exAMr9$%QQAa z3wCSs8Eg5jc|s@BR#l<^67eQEn**Qlj+#BtMpG5v(U<5dKm$rsjmo~cio#HJ3FNRm zgl+ItW3$WU!-o$!XG?R2{^@bQX}W>{${!OEc&a!dNPL885@v;1#~2iD^o9D+LA6>p zR`W(07Z*xCE1JQsl4OX4Gsd+Uss@D>|RN1;4GEPJ&jgX1Ec}Xh1sXy=vmh9q$L?(1W#x_iISANMQhvBCffA8Hbp!I<;C4 z{zyz~*c_6?TZHsaEl)V{V^13soQiA3nAB|VfDl3_}lQj8Ayx8tP=xOPjYY$;=`$Q7HRFf67pVAP?mS)EM zQT0viW3q)lCGwV#P_qYAxg}GVbfRIh@0l5Iuiu*zMF2rUsrLxXJZvCrFZFUVnJdX@ zZlX7L5Eu!stYIQ#PH2b@djHd8GE`(HS048tRBWubyx&0Y&&>Egcz0_J?;8e8!v#T$ znaB}GeWa|N27bJUvx-p7C14e;Uy%zFu=cGWNj0P40WhBI^EE2=w{V#*z z!*Rw9jrR3jQeqW)3(i6%pEK98CGtcK?_k(H&+Hh4{x-{atqv6#t})dW5Q8DYz7MUW zdzdXWkdXG@!)gXOWehJ{UnDqQa3W5ff{+X<6RNa5P{^rnJNNTFVu5ZbmoW}h@#nt` zhWkoFCcOU}`epc=8?9vOQSIh(FV1m0Y}IPNswJZ_Mbb)Uwbs~T>gi&@Q=?O}_DNKz zZO&W-t<&VV*n%|I#DbA?+<01{0^#kw9}T@igufU^OXlm0S4KCPi#vc%^oa}s`^2X6 z^}+0oPFv_QGzOXjKNY5dt>|ah{LZjChLVVgr*vgjnHudTDdEjScNO@H2^CW!J{w}5 z%K7WUIF^PsydkvD+yUjG0Ivu~FH_T7GPJ;<9}pxw5@Jr7Kq6KPMA1mExeDh9Zq9XL z<#5{QyU|$#O#|j#Yctjui7AP7KT3Yjl_)iOZw2fm((E^76!G0sNz=7q|NRu9# z8Nu~bV0~y!bPsju#@>Ls)crKM?W1X-Yo_{J3-&erH(1ku%1~7kF69I52S_kp*N-OG zSO%7g zg$#W{V%(BzdmIGKUx27Z_v|PJ$1p^%HUM%px$UO8T7hm4b&fvE=LXYYj<=pxOm$@ zgNrwp4b!ihl#@}n*Vl{0C4)_i8RJXi$q^#sA(TPP{`GoD>z^~e9A(KQW|EI4lW zY^plPQyNgYO155gr`ZI~PQTZ$gke5?QGH@st}QBa!S-5kxv5+W@EOdKg#O9gbIuNc zOT+O1yPuFxXEOp<$Jv?*Na?Pty@xE-S8z`Nm{F_E4%F0SaWKO|Fpt74gK3-?WJwze zRp8R}>~{un*!VG8LSLb2L)fVk3gKFn${N<*8bt>)Uir+E1;o8zKGE5%kSgIYyc$Ed z1-nlL%rg9~sYI7!{H*tAHSDH7b(spis##XpY3&o*e8o-a{BZfv@gkmDSLAuJ;6%^6 zr|0{*wTV^3d6wQJ0&Pt2qip3T5yuDnpEgm&Tz}%w<>+O*-B#MjqH+$|juf+n5Ob^r zrG6(I4lBCw#A){vx+{STo6lZ1vo@|fb*0-v(AdT?Q`7IOiPK&iSLf!20*Zic*I&)# z4%i$-v0hqtPtP^(4%+Io*`YMMc{0M^> zjuv}TULS@%#K2f3$Aqv{bX3dO^_z# zgIIg6?fKqi-z?55rJ&qolqJRszzM+zP)iwTrlF$MLG^5v**Od2f#e*BbsNvt_A#N|D5CE^x-t>BTtxsr@@B(PuV#BG+|33udP4laud` z6C78@3&>>}+yO3fHH4{)Urpeo&16Zlq1&~rnGOJ3hgNZ!qH!j)vwVQdlWaPj;v3GC zsgxaBD92`|rz(gQWZT@0dtp}Ve4k(_Kp0nb4D&fT@6x$$qbOo_t>eO+opgc|t zRdYb;)A|Xn!OUF`aS}j%*HVTX&}HiIFF1D8Soe7AFc^a3X#Ln!dd9pPKqfIsZ%D9m zQ$px~E%bZ${0w#n(nho=JTYk;=es>V=@!cz%(Od>`fO&c=EQnD@Zo})b=a@)GRT~s zo6yKT)c@WocaM|P6|%iJ9qn7=MP!D>kj&_~l(0Hk#Ji9do$Z{kl*#7$We|LAv-mc+_G)% zD@1lR&_Q*59i_exfQ0c9J|C~V73!# zNCyUVP~ADoVRryjHN9tQvX4W4GyRu>+r>FiKrVK$icip+G8PaVu3?yNTvK5)sabce zUWS1qL2pSX=cj2{ynF57nk4r^vjESx;p$@JgeN563u&%=%R)cg5T=ldb_c4&pP*~* z0#+{T!Zy${(Gccv2xP%AT#~34RltET^L`ijl8B-Vi$i438kc7o3u1l@YbE8Is6M!O zb7}rG@j~Vo1QFHOP);C76>EVKjhOGCduHnFf@wA+Xxl)TZB^qCuog;^;D&H2=?o%( z6dR4lXXr+|yxmc8VvJ0m7FyUZDH{-o?b!z4!^QVx>1sQ#OxIkvQ-+T&-@MtvMVA+b zJ513+NqTwVIN^7WnR4*cby=wDR2q$Z5Y76in3gZxsFk0|P83{^o2k|f+#rFr^;FCB zwIN!jwA1eCxz#>S*_3$aC3tO&L2>y6B2bd)X`bt#^n{*@)jAP|C)nY-~MS zZb!Vly5P0&!Oq zY^+5&2KMvzc5N)O-kZ;ePx}4P0xwe><4PG5z%dith+h zHW;P?H07Z%1r*DfH8!|J1C+*wI(THuILIU)w&0P5)l}fxYJfVSHKmXOqYv|pUK!~1 z5FHnK2+%2(MM)36T;+-&REU+SvV^qIXftlTDVHlR`*(rG4WDr#IxMp;pdTAKGt#wo zfgu-4Q!WlJ`>1d2@v$wtOHaAT85g^glkbkp(R0FMqU@;e*ljj)X7>Si05MJ7AC@J{ zE;ydy8_u3>9ENo;(7A5qj zetn*tyxcHP+&G}>GsOwear-h(!_8i_!7SrDOF}SAe9L`8c3iDLI^EfsRuJs7yOVG| v5U3=m^Q#L8%26*D^;CtJU)s(6^gKOJ&(rhtU8|CFlI;EKplYpzFcJz4 z=s)X+8i>|VN{Pu>>K6yVgPYxmRgK9+ncYH5nVUmiO^xH1y0xXDt%-+?@~u=W50!BIN+rg5-mlS2xFGN)m$8N z$3=tVLU0&@1=fhk@Vc;k#QY8u$W9=(;9Ds$W*ZVRg77MjZ08*>QEEn7yTwj zS|Y@wEII1DVW!>82XT?w88Ku&`U|~hMEB$CPbf24?~xY)4~l(*w9lmN z-KjkMS{1ZYSeSi6F?#hdBtP?G#wL^Q69sAj{qu7_J6c=$`SbMmg8s)h;$#^1-kVI4 zjpT%-%`DTc zDCAcghh@*h{%{QbamW|z(X;Xzb@PI&-rDhv=1>xu|1nwkJTxX(g?I5Pmmo^XnK>2+ zQOXrT#UQq`^AEPcPQONlaNb*fKB{+H;Ee!ShHu{sp@FsMGY#Yuv_s&)UAYDcJLmkj zp7H5)?mF?%+&FZ)X3e*ydzYwGg2dnED0e17;?x6LiyHI=KpMV?2!{+Mr3rv^nr{FP z;xup@?Vn*V_7gZoXR0&*v|b-2qO0OLQ~eF2{J^U1!UO)=i{rCK_{}OmIy8aeY{V%y zI=%=UIg(GXIY?x?bsPIM*349qOD{zLiVoMy^KF^Uo!i6TOKzrE0k3>`?%MHSQNvm_DiE?gB+{9)p;n9w6!w_|VNFvQS01Gp*aeWFOF$g^B4xnxxHE!;+UJQb(8i$p{RsVb zW@b=(vpEjLMNq1!^5HNVepxC^q--bztQdvkDiS5LhCnR-6!dwoO|iZ{6AmX&TYF{K zN+*TR`M^pI_hEkPw)I$eZx!P^zbJ)27Zw>F90cvT8OKX|>E!;kKP)rg$?$`XL5a)`Ak^#b>}y1_KEnX!Np7eT_Mpj z!Eyt8B+&sN?hb;-&V-!KbXaaeL^HptO?_zyvgN4vGk662S+FYRG+1SFqQT=8h0LF9 zfwsOjc}l2RIqqjg}Ne!OFQoFOIxSe3pVt@pXX0quG)E8qHhTs2r5OsG)Ntyn~w<>PZQ@et}8*xF!-Wnq1H&1xp)wEEO(^H zuQDSrFseg3BKU6S`=hs|Y8xxfY&nfO!OeC&RI}S5VG!tLzN=N5&k=Z<1-;v%3l4fDbB1s;?vsfnoM7xe!E8rP8OsJz4+WpWc+&bJrvQ-tz~HRyXYTR zSCjin)zKvL2jKdTK~c#?3v4!bCsbi1RgmK`*7 z@E4XPYo17)v>he+8Hg%0V?rpM_+vlhgQ5&@ z%FM9b?AE(4h?f|r4e@3t;KYZ^bzpSL#F1%+!AI1mnkw~)(LO7cX4i$-=ZLapZkrZVwJWI5wg{4IGB$T#Gq1UqUZxXg>5hrY= zhx~G3C{O$*x4exIPZF%&+)r|}pIC8CDSwBAEY2lvx@jqi`o4k74e$7D)Tfohjlf6t zvub~4Q)GFw0akk-Z@(G;j2-P=x(~teZxe$7bICTx*K_jcuri(4Q@cV@i>Pn}_9KFc zQIZ#imG=jQ=Zo)A9VvzhoK4m9^5XbFkJy`O9Vl(yrCEp`90rB4MeO235eL_AO=KNP z$oEoj&9D9rqyE%Iba==^UuA*Evo0{na2Mt58H!mOMMB>xaKrPBXyfo@{QL~DI?y9m ztT0dVUiz~1P{dI@@(s;J9cEKzeGY8HychO@9PqTAAr*sUF$8CU+FQYnc83bPN16x< zU$~fj(cgwp#!&uYB`$Uc15382?ch}p;AAS81u$plF>4pTN}^6e(|6KS;h2g-um>fG zIT}J?4&A23rr3&9ZJ=xB$dQiekqb5p2r*@qr3*M!b*3!q9d8&4Qf#G&^8BuAGh z*8Y3tP+#NYv@;}JH$1E#!oDzKKdWQhZexIJ^ zefjuX8%6=wJ5eO7BpbIw{=xaUX>CM7h=Cc;)rNPuZ6+Ic1shf1^RD_t$OwyjCez;& zNyW(S@z^55cTJrU+pG!0fVC@ZakBUvH}lFYp1BZq4WvX;YElXDBl-_4F^jQ*sO;t6 zI_Z<*)uOhDdG-(*w_@KIZB(joU?6aG2E@0+)K+3W-kWDSU+u|3xAl;P=<=+RD$4p5 zXxXg>#1E9NVj|bRVhl)kKyo40wV(t7uxNndE`5%x-Zc*HSrT9=5tE@3=aFJZ)amk6 zZxdllc`i$-u~B0PL*nry%aZP%d5*7VdUL|19tHNY2k{13pa*O4N5cs)KNHQ?WLU8= zGd_St5KKH2l4FLjLa5i?{!*T3$dO?a76UUQHCBAYP>S(NW{bRu82w3{lo3sInyY9? z-`D+@N8AC5yg3q0xU1aM@fp1~fmg?E3Pu&1eR`JmAMF-1rUX6!w|jkC$dmXJXA)pA zrcfGXdV`|Dx%pPJ?d;xc{JAn_r3v|=6jXg8m;AFlieEJ<^VOSVws8$T?51J4S@2G{ ztpVMfaWrT+Je?59_OrGH)5R79?}Syt-uJw#>iP0lc6MDR`~x-#W|}>Q)I55E`_Sjubo1EV;;&(JU=oT)< zTh8>~*x-sMC8|yaRDl=k?P5*Sdkl)2?D#&T{_kC*L`{J^FG@zpOy`|~?>jDSLlEo^ zr)hjl6M52m`m0|aAONVY2gfXI&h3S;&^06}v($Y*9ckkqr@MG7Gkl&@fW91QSmgaVd-P|(zU%y~70I+%8w!$C<9}%-MQig4S1!t4nA<*liPNA)2urD4ibSfxo z-Q#+GvgFr%34KY%bIGI`*yZQ1@t&>cIVP|V-sl=n`#J(EML{zpro&}s@W3g?6lzf9 zZwZu%WP$|cI(x~g#~F*SVZ%!(9n?-AR-85CJ{Ck_jiAr~ycM}t(0it291p&s)>UBF zn>DYOycR20#$g5m%x3R|Yo1uBL2(M`Jd$bAMsFI^X1kdYU3f zjIqKX?Ae5O#K!$By4|^X?OVu0qNc)x73;(rFN_AIL+)m@*GLLVp(PQL7EOZq+~-g~yeYX|#WPW<<5mmvC`O#PG+!(J~}yNe6j{^25r! zs0g^*NpYBlB_11Bs^8g&is86{{sFoe85Y@USpDRkC>#}P z-eXQY8vrHpl_~2P%pq4-0SMl6MMFo^EA3_NGgt2Z_&b7r&OZYkTaa_%I@27hHGKaP zDQ+qS=!o;!7l{me(Goa=yZkfmE&Kgye5(7ldF(7+b(5SNB+x~4RB zV!$Uvvvir_9tp?yg{!gD9!*oc2Z<6r+H&~i$^tjs!W-Qj%2Z;qBkZ*$VrjsiyjWH> z_gigVmU*;USe;$@=z5vw-)zT0IhElQ8w$G8&;}Fv=-ZJtX_muO#BQPDQ-_H$6(zUH z%kUnzmEG7T2vLG0#|?M(h7gih=-XsSgCUn5#5l_CWaQJ&Lit0pR>u989_Lm3ZE^AItm9` zv=ft6#S}-B6L)%S7ubP5p@al^QL;YeV|7+}WQjRZ$+T%-H)Oc4w513LFBLn|#oyXa zR^u)b<*xe|+crL`1Nt%&FJA1Mgm=B-O5xfHrz0Jfq5|wVYcVWH(X;C~8Cu=ex+be- zsg-P5{}cwjEGg%fCKwtx~(KARF7vQmVh8O#P&Ax@p^u8yWdE|4X#J$}sPLNOdY zAhbngFgKSrA`@ZT(5WssJHrEyjmb+vSv+_3k1d50vM0b}rKeI@2$L3l_Teg5zeiG> zr&;`>6yUw+Z%FTw3qaL#O0?kC4hIS_H>f&}?&C7;n6s2ml#NL`34CiWa5ebyFV_0U4Is1`u5i(-9^sQE0XW zZuH7ep5`oE5^jfUtkGncaq_=FV2F+f{PK7>%3Sd^G-p3FqQBgSQlM7M1jdamW+|hE z%iB)oC8LW4|G@dJifZeK&si!Ow}DoOb2=x)!HLyqfuvy(fNv>U81mJd5)VJ4C#y;K znZL(WLHy9LDiE0oI6yuJWy0Hs#`7LKE8tE^^ibHun$(OakuaiT3@0g|FVVV(z`Wyf zXM~St*jV~$C`(~~M)kXXvJkS^MFyl8q=BvUB6O!~m zMYHattAqy-oWT7t1O~&|Ok{I7M$^|gm^*rfACVcU(STgvLCCT#ZfhEVF^BblL8JpD zFqO%L?3^OC*JFJ}E)s|)pV3@yrrLiHcNT>Q(gzS)ju|JsGV28^odbPGz{oJmksHD=uwP9NuK91~B@fj{%! z!fh`|`~~hiV{TT0Gce7SFuuGh@H(2M>9N%y1Xw8?RiM*f&vtsRFb;cGOU+CDG&sNW zGybNNzu=wy+&phBv9m9rvWQgbPxT#DA@jhOJktq2xs~936E%D& zZ@P2&UkqSc>U2UEg;^%%Qnkq4L2{{W&ehkRUiipZw9}-N-Ynp8O=(~N_K2a z*kZx&gqK|dM%4vrZ2z2DL(N_3fUN)=+5sisE%SVtw<-d0%yHFBfAN&Kk4bJH=u<+1 z;1%M@$ICaY904&>W6jCXY;g4jiM0+5?q+k!?xnN4vMK4S$!;(9Wx~hq3_E&3Pahj( z=f6{VKTn}N#|ye?Tc(E_5_)x5jfG&5rchW_o#5Iq25L})aNjg9&x$MhjFh*j;IB1h z**wzM^9)Pa4)m|J1R_^V4d`@PML_A!yBi2#SIbtob@XDC z0F)>bnrNh$pW?lr2OJz z%7sv?j~+$u5fvNmvFAwIC`1HSM}oJp(2gtc0(Jv|4W3Q>)xUi(hHqu4Y1^nVrmHLH zNB^9iQUJK>?Fq){8kFC$)>X}$_{FO5 z?@I7bM_is6BKTU=W;5DRksI030Mob?p+YnIuz;c>Kp;$N-d@=#4Yx)WjJDSfrI!Y1 zNxarE&Gzeh2C-wPU3Dnmj-+CtI`DQjt*Uqp|#`5%M z%QoDss(aZnlx7lc#=;HNXaq~A9;Hh=fcwFTx!8X2npu_)UXU|I-SR2Dxg57ml%vp6 z<@wQ(y>K)C;g?Iz1|p|j%H`!lmuZc49%&prTkb0Aa?gVyPFU2$o1TQM)ADwQrnPE2 zIE2Y5B2-zO8CXTpn(5V_8u&;-N!W)0Rm$$>tZI^na9WmdIOY@|R?Y{#NhJCF6xu(u zH@Il&G(zm+CG)%CXzA4i^-H8Jf5hbZ3mP_3&ybUkzu>xByJdo#LgLlMr&{8IyM)3z z`PA#hENzPd9NB5npphp@HEMKDWzeNI*cmfi=?w|XRD@)dcB~(Y_eyNNGStJy2Tn~i z=$rOYnk&ZZ_}QB{1U8^{&Yp@-stJS<=2JQ>Ws}gL$o=W!k9M{@@eW4kNDz=Svf4Mt z>9iwZZLr|CVzET_xABQ`9q8!H?lDS(_QSy~XhU~oF%JWP6{tpr0co2I$0BvrRkIVh{3sYf2j3?k3*T?1|8HCK2qx*)ANu%g5gtZ6dvrV30HNG!|E zQP>^^ifp$l+X4pk{IN1q8}el=$xdI_TW`FWohGR^Buwt(=e*C0HDGC)LP|Phq}~+m zkqtPd&vaPJjf%W;eF|`%9fYGMG$LrRtvQOxHc0AJ6;hJ_%7T#nrD-q9E7{VFu{zK zoVCV=n{$Nea+{7ym8u|TMfwP^F>}^Q zvgs2vj1C;Q^}T8?`NhvG=*{^y$!#Y!C?}Rebp7wz)<>{)2ZSEn)Ri*H91l6Ji+|-a ztyHupf}kxV*27~IgFGaI;j=bqfGdz2CmSa8wv(d&?9C8mMh|JK)KwMZtwC7D{4z!3 zSP{pbhF?H0xu`_)EJD}%SQ_w=OLpjiUFDWYh`S&wcz_!V4xZ6LJ{-AyAP*102ymj- zB2({WZD-Q&)gzLpD?fg!{+c-O$`{Svo_rvu^~z*_Ov-_!NFSVxJx=95f$rwmYKchk zRXaMKF(vF>5CT)6xvf&rej#YSRxBicxWBL5&aqpn24bR6h^OQ#1%K=S~ z+c}bV8&yEFJhquR0vTS!Iei`n=ponJnK?9rh3$5mBsF`zXO^WOTigblL+X!x*2_nK zrQ{BG=1$`8rd(@7PqcCE|GaKBKK)_4t$|y_F^N7$?IS4MdWCmMuni&HOq08Iud}_8d{&X*@cD_Yz%)XEe_AP zIbsFfmyUScrmQ|nevYGlCD8>TF3`GD|jx5D);Pv|{gjxFN|j-IQBuq>ABhO%@x(b#KunDx4kaKry=55yq$gwn=Q z7{~~jpNrr#Xuhhl@FtUStgcOdn5Zbift0d{5xqzdw20&R*hDPJUP7I`F?B5w5RfGk z2|{y8;wE3Dj>6)AQ@l8_bb4y!8Z7voqwZOrY`<;Eqy5XQ@~kTF?De#iRT=!)A{|@C^e#-s<^dMhxEB4VrYLjc1RT zvfpdLRR6fo-dphLhqoTCG0H$QyfH(u#xU>_>7UC0La&a?GmI{_%j;8J1E(>A?Vy70%_S(Jj>m=&?_w*`Of!&#ITg%Lf5gD>0ollBdmAvev7 z_1sq`SPjJSqqI6M<_FM$=pXc;Q!1LM2W-+dK^HwW&*zdExz*{AH@J9M!0Yne?o61s z@+J6RCr!W=F!sZk(5@{boSo5t?hFjbh!rY;QDB`_7xM}(`&jSl(w4~8(cn$tp=2IQ zHI=td>Kj%{s#N{NCRzF)3H!7N#IFk!mAL(h%eBc`j*&bCDl*QWd7x>tq!Z?Q`;YUy zLbs}K;AV52IQu`!v#P(o&iNjrWJ<=e-oSV4+{6@h*6rT0PWpxZoG`W#ogyy3(?HB0 zd~G4jOV(5Q`jRXI_{rk|Xfr(--rw1k8euG%?O70$u-!E^BU`qlw#Z+f02~}@9tNr} z=DI_`z{oX392TU(R7&x7Y=8ayR_QGr$5%evRdlEvB3WOG87O3%D?~I-h5VBaYX%=QEF-t?D`F^WNU6a9&~rXDY^q6{o8^uT*n(CMUS`XzD$4J zS(r@8Y2kP@ze=Kpxk5EsLcLo~PnWZG`030DU! zUXYccnw=<#XRNv@Q6!ALe4^3jg)2WkK(Pctu4(4wcH`T%u+7S)Uc^=)9aU|Ud_yBR ziizvq)-?~Lk)+J&ViiAnk)dV=YyxlmZ{)@7Q=<6w&+0Y0zaX>CH;O5uIFH_O{aM>N z^<LjKkhvNl!|jgxRl!IPQY+=z!FY`m_(1+jF7X4}dE9j_X7ajV`&KMVmK z7MhfC4uFk>8jOHHA^fb2B_F8Yr4-cHH3RQ~?R>HuldRiuSVZx$fN~1bk)Z%OzmgLN z`HHki*;gR$?bmS$N3p6VFoN(k5);8Nx;nnuzfV>woE826k|JtL)ta9i3gen4YJ`}- zb+IJfnqk-OQzq+SYi3VRG3KQZ^G%nCMV1}-R{%s1T>&=?6Z#OyF2?0oo2 z##J!8_g$(q5xk$sRCTd%*LkZ&_S4`uby(=yc$~wHiwJjRX60W(BMIt?LX5JY8XOnF zw0``vIBsCVgGi{dw~x*!7#-Q#S%T5_FWdsO5QL==XrS~o?e|XU36K#9z2pl<$3C2| z?=_$TD(tF%FS+Ww7Yd*P<$MZ{caJ5>Ns{`z`C*KC3_U$Fvby; zuY^DDLR|j@dpc*l1lW}pCd1bp1J)7+kp43Qq+tq`VB`g)(3k&8TFRH3V4A}Y) zl$|H(IaGEoL>cG~u!9!og#G;xdsuZl1PJ@{Cl+l8g9SUo~FP&xb1TZXNp81tu~S z4e^RKuIRb+lF(qWU{I(cK_Y6zpY>enS2NJn6zD(PoIws%6YPw46V|0d*#d?B%U!Hn z_###X24to~Wf~Sq*T>BzrI{O@XJ>{1R)73TI0m<#9iKyNce;??p#NGVNSQjPBrr7< z`6zs&?!&|O8m_DEg^Coc0H+OxiiE_io_#wj4O;*~*uQ{G-U5m_Qdib;!{I7@&(IOH z8jvZvsst=jOSA5@YxK_@6D|dNAC{!{mW_s^4MB=1ON?l9@m9N&U zNL>z{{JTr&!v+Plq@wP*8>`p$cGzvH845@mR_0lIQbiL0uS& zrf)H?k?FSU{1eItJhPnN{zk{l)ex`2B2jZWGpMdUoFQP0UHc|Z-0&#w()~b@s#m(5 zo-F~zV}ja)gUh!H?0lOfx;E7a!DjRb?T#l)zayJ1)ozKOL+r%~jr5H@3kmDv*iy&H zqRTAqs@b^E@du~9x!d&#$phNfR>b8B!|eSpF(GalFozXtiP5}+SYZbSlT^EfH_>g5 zj9AD7*I(QxxP758$>c}}6T{*GB~vWmP)k}6S?^LoU46-*xOx5`VkpBP7%a$4W6m5gd{CKOeJi|OD_laT|A?=HjE{4b!{^ii(}L$m z1v*2J%YrBfWk4jlDVPt+Uqq@KyO7~cjx#Ln?}j7B;L^&1TWr=;$|O%>0q3W_#Rrij z>dUNcv>eC-!T~BA<@&~`r6_)*afCOa5-+1v9wSx^ZtTz@l{x5=0i3hxY&G>JT&cS{ zvdew5HX>JL@r00ImSh};4$>34@WV~hmWa5%EzbkC4%3ocPsieF5G1`)MQ3`_ZI$fy zi+i1c4l;XTJ~(!=8!-Fgg;W2TC*XD?))IuVqgR;>D>Q>i2l>^wTV`$tRYdsgr0ad& zI(G&HKe$u>3khg%8xRj*QqA9CzJl+LVqQ}L9!S+a@^YZ|DJQ0MFpm`{>vgM?4E_;= z#15?SBCLSyhoVg3fQl?VWl*iBJU|hLy{Du;f?mmtl^~qXpj2U4aL_0-Y&8S+bYs+V zLJrK6p>6^BA*K?t1VDHuZ$U=(3SOBRGcT(^d2UNi#2iTqy`zgU_rlnJ+!ZE^Dmb}f z%aA+5#J*OV1}^sAL^AhmRp+viwA}0m&%{c=ufi>q@m~E_bcfUn|Ex@#!u6~CP?1Fg z#vWca9$MPiV$E}}XHk(D${>t->xf2yjp;f@sMAJ`nX}f)PM^53@YPuwEVj*H_|p!- zqtR4Gtiz3k1iC!{hxIG91c3as7KZ zDX0i*Z@cQeO{2d+#f!rrR9_sd>RIn^mNoX~OVvxfkfjUn&2>$$SxLjv)u})M=%R7S zh!Q(mobGp3=SitjEt{-TtwII78cDyX-Y$QisatogfV~Gl*$=rg>{nP!fkz5#MLKb( zYng6mE`84Th&hx;t-Ih;#bOr+H-^C)T;LE)jWTDqqhm~AH1QmwC5*x-bZgJW0|2*E zVkZp!kwx8utbQ~mEKD9w+lpuDo=L8A-ddI_y*u!N+z`u^ilZM59z zM9PNVnv>k-fIAMZOFXJGsKk8x<lHl6vm&&f5 zd<#7qp&kf+8aY}LoWhQ@fgkWvXP$0mD_knV3Z(;;hdNUxY=arj{~}Cl#GkO%7!(zs;woT1AX?ZU$!HOS45|jBkFk2R4!hxuT+Zt&O~yxsbhfZg~_cow8f7BVL!z^n=~}y5~%aYzAb85tDI3wuV%MVA%E0nCl0K zHQR1sEoR`L7p8jocO@#2eZ`7kEIUI85f!Y!B6C39)X@bVJxl^}vviPuK=r^Q*FSY> zUGpN?;Y%(&Hd}1Ns&S1jLRLG7)o}iKjYlt*^RZ?4`p2~n;(tlK*=6{@7yr9Pm|ccy zb`fP0)aD#IF%H=1AQpgc_q_-?z4L0I>|2Hx77!(9Qwx!wwcUoaw_$Hxa+0p;ubBcp z5s5oc(gX1^(rA;Ro)vyUewopX>mZmQ`rDHU$7hdNYGl&ROt z`6i^CxyV(p)6HvJJ>HDqbcgg?P6s-=*!(fAxz4I^QyzX)k?6MQ6??I3_tUNcp=R5} z;+X7e;VCpYEHW>8cqy+(T4(m6fU|v}s-V|LXk;`^?uq@VVN1ycT|1pr zr#19MFSisI{aL_%TQSV7gn7%2H1w_B>MjxfL1j9w?Z?dB2HlVqewx*Tbv$a;9OddQG4#PN{H%a@8|56S6^E(JFi_*@t+M;0xp8@~iMz#VYpc1n z`W+SW%uZ#XI?|e8Xki*M49=M)aY9${pp7Ag{49`93m(PtzRZ=iKsE6N_m+=7$KVZiyi!HYGYRposot1}0-I4L+ZOFz2@kl1Z!b(!)0OR$%Vkg3Uq9ix z9@=m9Cl8vPmmGA0J_Peg|C&h3Jye9x4JQIE?sWE;7sN`?!(UcitoYEruZqi))!J&I zE1u-mbr5E1D+@9d9DQ6q_NLETG3`PQ10WWRWKugD313c=X0Y)}O7xaafK>~+D+zja1xJ3d__ zFl+>)Br03p@&l}ftP$O=X5z9UxO;}arrGNQAW&Q4jW2qHj;{YAeecv{7dLnbI$=Yw zOY-Evd7+`#ogIHqCC{;z{xoO1-szoNI{*=DOy)#Ns}u$LR4ni;%{dXRRHK zUrJ$EsrB!ZIJatIms}pZrTNUSFJt6U5@9wu>c&K}tNxM?sNbr-^gZIxX&12)&;tBo zqQB9g6*Et?L;58G&4U(#1$cuIs5v1Wh2P}qH7BP5VK=|Jeq<;Dretx3>;h3J@F?i zjV;LWmi$M?N7>H!B8=D$WAT2Sakze0AJwg#_`XxSRm zx7Md@XiVBv9Tk}2TCLq$8`Gx>{x@KH&=}pU^ZGCF!T&EX|L}2_Z1>-K-JE~r9Lo)N zYa?36vmDEgxK`3F^(o!C|BhWbNlYaCcV=!6TXS^tC!pxxBf6TJtj}L!e*+kiw!~_` z6EzL`CE*k`OJ%(st;5ZCoTwsfze~JqNeBitM3gy8^l`kW+{Qyn@ZjU0{ybhtS-Zl; zrOt=A%n!fJ2a93}r@SBZ`7-J2b$4O#Q_HCT?acN%o7?OD7EAnjAphaJ^|SPIH~jrQ znJW18b@k%5f+_g$rSFSk;T7xq^?pz3dgnAM{QUCsKDwP}n|71hI*Xf^6|jV3m-h|z z89l->tPO?de}aoqeVe=fO?-jJJ~LUjCBdI_#W7&xd|+PM5ucS;XHNQd08_x$=+H*N zay)VlP~$EhwuiBmkqO!uKw1)o-!@AKCPA~?f8o68^fY3jhilmD3<^BYCrp?)TtJYp+@*dN4xE65s?ZRzG;wy^5xk2cQtc*tvxVZ1GOO&I zSdBoaeNLs8aGWcLG1=$n&DFb(5rTQX8b~gf;Qf`xs47h_ zw@81Rt48&k%TGea;h*CM6!Jilv+Sx|yQE+Fr+Lx^EzmAyvN!dVeV_-0{9R&Hz=e}0lxvnemyvT}(Xqmg6- ztZJ8|Blovz)MKyZaV*lZ;V<6!Y?TyefTu^v>*3bobPgQ)oR4gX=|gEGtWgcQHigWJ zC$OWjAYz4eY^V#%#vn)8=DX9^&ME!)H@CI?-RY}L3*+LTEwYAe@&in0$Uy^?-1_Tv z_xG>Ag?)kSuN)k+qoY##Ram#YfDRqo@O7DSM5^3HrqRBnn3rDYh6uB=b`QO;u1TD8 zI~wg{vDwRws0j1iBB6OA-c79&o|LrAU**IeaH*%=G~1rEV4n&T>n2*bkc9ibP!WJE zgbIeCZXUc0bJB!VY2=<>WJ)e{&n(I>J|>-3eX0K`!BH8aI1>D_e2H&9b&qQKOtg|E zBCM=rc4t|0QnHME{{~0;BXt)wL%>*;Zl9zwsLR=a?yFt~4ZPW`Pb@BU7CUhN%(6+N z!D@_&&3U@OaGclb3#MzMsXfcU$ZlIzUll`n2*qD0C~HdJzH_x_il7N1xmBct(C@%p zhn@D8l439iP5>P`C{#q8G zyGgr;60v|+RmFN+MFb`Swm~kpuf#_pzRS^oOkCpX8rUbn>3e?ZBpPPN9!AV4Z+;s> zq`eK_N4B-7j3Ot?OT)%d62<=+YfSPXlzrjT5o_esDI)y4*4u;P=?Od--$x3L5lkUH z^l%XiD_1o+ucTH>^85+XLK{tDv6jSdQ4VFQ^O1(Gqfrhs9``91W{mH`YsA_jLgLiC zAC5l^!$fewL>GP(7en3Uygl<@@n^ZhvZ7>; zJGUF5v5JqyH%p4V;&qQipVBT56stcamu~Q-e{CB4VRw3cJw3Gu<`dpPliVAy>TjUo zjceG$2CTs_Z+agEQlL2(oY~+^bnIK<*m6%rB^5zop9J3u+i#( zY9zuMg;x59Du}Yg<#WH)^+PJrStnBHz^DF_=U|FH;oJo`+%6F2>Y=VeAqbJ$2d-_M ztc~&D1lZhbXbqH3Ta7hlkym=;FkgF3gOIcaD?-(3)6|%Ty^&~k@hx@*cAHXrDFDbE&tnSor_V4ouRWAJNy zuXcoV;D*RJIxRo_*D7|vm$ZV`e!TaIubFmh@#Ck@y>07%GaY;z9rXVY{h#Fb|8~dyE8hOk{r`S(F4_X# z7M9wrN38KBYR<}`UFyGWQ-hFBl4ygfV&?DCsJV{zBH4G8Qo_>P)3RTrSe<~{$r+3) ziaR6YgW*$y?K9Ph3>pBm)VV5uOncESx@Mtx&eOZ*H%cZd>j_`SoD3}k{0^zQc| z*bd0sLI*H7shVMaHGs2 zgjKO#Q;31H0^xKW;uzw+r~SzzrJaag@P)1d|0z{;RQ~bI>g#bt`$R2$n9O|0BfLQ6 ze}x*DgevgMNP-f{m~nJJ-~4RL;;bm~PeDbzE3in`MPbSi44DKwKFXPNi1m46{l}nj z9Q*l@36dCoWE-l4?A4aX@G*qy(u;vHm}nCgFwT9P_c;K=Izp#|+9mASbr(6u-5mb# zbY5>DeF>68-ABELGpGEzV8KIBvKT@4d2RLUL@Q~0P#iy&bQgNV|2`>*32rT38bQ}Q z3=$F%jm+3iw_1UOZ$JxHR1rs7+IQ+OHwBOO@Z+%vOod9wb0RDqam1uv0E*pEH7v*b z_fx@Mio$mO_P$S>qI^Y;@v!jlVRYL;$3=?}U@G!pKf>M)!sOWb!MJGz*jHRJ$9WZ% z%Gv(b1oKrPIR#{6(}4Ro9TOTtruZg*nftnUF$#;I2rtdXlFzS2u`u5 z8Vxws+uS6EqM7nBO)d3`)i^K7LUXae58gKkxkp}y{3I1q4HC=t9X9lrBhMld?)n6! z1RO%sB{suVX>4Vess<*Q52&X5K6*{)fyH-QIuY-9gE1)ypdCcv3r3@^PV7 zk<=2*k-#Stb{n^wz65gJ(q-55SvZ2LbK<#yxo~%X^(DisoF7}46~XP2V2E*2t{_6c zBVYb$uQ9nXxsm2ZD-anEl2fa2QR|m-;X+|SJ5PhC$Jj39Wp=3kB+uVgzl_=@h?m

BlCG1H68Ik~q1^T&0_3hyVuD2774jvTFUU9WmZYJ3{I3?pl zwl(HB%k^kYW<314P}%Cjf_)LE*`=&pZ4mhyOC_?`dh3p(YwGpS5V=@1A`&Ytl-#9_ z@$ciXXrMX;rz>&heq!(lr+;D6^ZAjM9wz=bd)Xj@V-GEiNr(#55^WNg_MYr5D1E{7iSqCH7@1taU`baaWRtQ&w_{`jXlArZC+}u z%cXQ3h@&>NGt*VC8M5*`YaQgoFN}==a89#!esnNuKK$&pPM5uAG4JB*P$3jrvKomo4 z?I_&>up+qSbCT5aR24x9WljD<*1Vnr&0gPWmgt0{CW`Wa^dy(OeFZ(9 zD(cv2AbsYpDqMcMZ>(5EePPynh7Kg`*LEa!F)Q7(h5Bx3diJZ{#Q^iPKV)X=Y-)McqD5zQ zrxV&^pfiXW%Cf4;8j))C4~Es=^^_+N+~&)aJ1mm-G~!`41k%N&I3QQj*#BI7pRHM_ZY&Q{Waq7a`WE#3UI;z1$xrSzCOCl z;J$HHRjga+21AF+V>HpqEru8cG%=|!L?5II>Luk>PN>I4DjXI@!cK5-+ksd}*o+C{BJ5C=N1f~r zGZ>Ag87-377TFshpz zpQTBDS8VIVNSq()Boym^VO2b?a!LU|6mQV|7N9+uQoW2lUE4NUO{K!t$vD$Z!=`~n z6=}n53IlS*9vXiA4v6)AR)f8v$)&hfa$;qRhL>l4Z#2BSrV6hL!H=|ly$|kmX}c`r z@ukLnwtN;O{poJryl(zQmu>vM(!63~qWSFr76)!KzT{)nTmuW^{&Sm(9;gyrOqNac zN7t-@XSoqJ$F)328{=DzCvWY?8B-b+-{a!n4l`&e&t4Lw;IM>m2b%kBKxo3>`$1{K z*+;_!CQaP`1+tW8$0KH_9r2!v(AVYhCd+d+h6HlpAimfqLIWNqTB>&J?yifN8cdiN z-lrorN_iAA1z*Z0cQpKRcm#bw2r3=p#l(LOk>RCD_hZDh`FrWb8?OCwCQ+(rRQR@E z5iTZaL{^`Ng=5MTn7c!1^H>dnLVU3VdC`q^8J@k)`8}m zs8KG)&65jgsI@qwTfvN!C^qo$hD0itI?n?q2m3O2-kYIPk#C1)A+JD+?ULr6oeH)p zxz!x;un>!2P~5y|U_q#<-_z9Z(;>M97N2=t0x4!pflMwZg8wTUEz8XXvm?aoF(qh( zit~ZHk!em8gZ-b1!U*0B)sPQ3;l^*XK*n(@xS1cqCgG#hNTm-$He=DD=92+c!IT>o zSjqa3CVT+E3fN!6IDC;A{r4L9N{u4}`7Xe+rDAtf6pU#(GJWL3&Bg6qkxaPuJTRx0 z9L*L*T#S9#dZq|55n{pNLK>7#M{xVBzdV^(MY`dZ^-Dp{Xw0HBs+%vD-6WDNHub!6UC*g*g`PC;ffJ@`c7Ku zoVOI2ErERA*s;OVqTGv&llqdxu5z%m7C1pCDMS~K<{rF72D!Q{v zwt;p%>@cm3t1GPRnpyO{) z6C}U$(^W?tu_>K#tA|u%h^#U=HN`^QR%OnNqKnY7+y|%@FJ^59`9j)d!Wt)SKm$9p z;91_7CPjBN7urzaOuICLqTT7U)a6rx5}BWe)ndJLhCm@}g_ly-o3>AAL^WnhgOX$= zTH>#IAG;bFxW^B2yrQU7_6#rbZFS8C=*p{FFx0@c%9Uq}3@gw7x;?}x}P&9j>G z(xS{Ab256wZgtqU)p3_cz;)zu`Ll%Im9d%!s{C6awM!sX`B@fL)tgvdTtYE&h?nkI zD#uy<&Je#EHP^$n`ciWztY^dgPLRGN(5w8khkYFoUUIo%pjThaZxR80GS#|8buGZf z6UKOzpB~ABpK|v98wZa)avv~StpDc=DtF~Mc(N=zX=Bf0V<$Q!N>vh=nppec@ zyQC-A%c$3GMRelSvRQPdkEBC+)k@(6ZO|Z55`7vi7Ww^CSbWZ>06;pGVR6NXW>-zK z^6hij(F)|d`EEh}wu_z%7>K(2pvH>Ul&3n8rnBU$Bsvo5!q!T;1G#Vwta*Qa(c##~&&hsg1x9i}ADCS4iH zh027L^wg}zP2rAQzY295WLxTNB10&k0u>sIUrRge&MIp9$=4WXvm$1ErM29!FqIFL z+)yx&LxnzW2on(J0{2h)&@~sp0_?6M*Uq2jFtWC10Bgxbk6ObR{q>kj&?{e;JWkFo zFyum}uD^l7=W+VOC=WKGS@pfg!%bf~*loPc3%A_?832kp8o7E1PRsdSqWXzV*NXKQ zPZGs3Z*c_)#gP;h^R0*i&sId)iYV^ciYV>RRzz9aWhYYN1uDkmYaS=j9Ip1+Eq7T@q>EwNicDwyHvnNtA;ui*u*L;7dylWofWWY7Mbc zsiB^Uuo2Y;No+~x>6@%!u3>0{wpYLJpt6Wcg|obJohQ(?W}QA}1(B8O&_G9@Xm{HN zdcQ(67s5`Wy-3W05;eceA}MYAaa$kcN$Z1P!2)10z5v0xr9xmxZ9VNIs9oU7N z*(;UixIiWfo~w~eO{uUS47;sJvaLw6tw^$ZMUwj7gv4^*UYDey%WyMdVFN6V546{z zTnbIQgt)R0m0jvz5vP`cLVAl<*FM&(mv9)R6W*lulxK#mP`hbnv~D0P_=4i&>I9Vd zZ+Drg;p>-TEDNo>C!jHI1 zhDyI-j8rVY@Xwohx1#)3l;4W-D~s~Y`>;=`!R8UViqm*yVf`H4{8bNU@Fh!r7JPpn z!65V8`O6dC6oLQsx?sT%xm+fKX4(Ds{%@xccm}t)lyHxd|Na9TQMX#?1$C?Zj_@TH z0IWwdT~x5|sq4%RpHO?Ui7LS%6N+Zb1~7rlVmX`9 zcl+)NE;T2^Q1Mxb=+5&WDy*p7kKvst*D~S(8VM>jZVgj02oF9;gI0K|Ro|iXr@QRN zOqEP0c)xe0rJc2BPnp{vK=8#itwcAHsR%1wEvI)4hs9ae!Cy36PgBF%Y8A#jov^|{ zAv(RCI@q>eCDpJ=G0dmlrV~PoOd)Jm2OZg<64#;%2JTBsv_Pi=I##k%aR8yqr>YUQ z=z|MRYnW6a&?lja#>^FcqlQqDijb*jZuJF+)9g^xb8T2mQq7#930DoGGb_3y#OHbO zubt>fb_K|2?%KnbE!9D&4Hq@?&UC?sVOc&f*7y|zQC6y(g`Z|kc9VK+N#xjwPFouB zbJ1@brLZ#3Yh8hIGZOaZgk`aBF<0!%56i2O^G0%;CW%xg!#fb>?hS-i?ZP_k0@Gx> z!~Ex%QK2i~y3qRO8A9^1(IlD9H4kW%-xViCVM~{Wblcl+YYW#sOUy6>2*FtL>C%uL z!D#w)hOir_YZX<3sxmOZgNBuULgXzaHaLgdi40!XOEqO$qi+FNnNkr(zzBGGxf&>{ zd1j3;R*gNIGWC?1&_>KYWs3TYOhAo@&yT~BopY(dq(!+bty|%!hE z>~+7Q-kfXA{%wQeTvnTNBMJ=ymKc|uS(Nj3cS`~r{254rOQ=uCPe1Pv7mWMf17m;O z>PlU8C1m^?RF-g6hl$7B6w{|SWj4Q*mx*(aR`w69G^;du`@`*>H=vg$Q#8}p#%x~}e}pw{VbbEAZ!pS{X2Tp= z0V zE+eh)QJhixYP8}K&&-9mbjND$5`t3_!vhO?w%--*B&f%0+~q{aHQ{lb8b~_En(u!5 zwa;Nu@VJNKZ(wd+8p~d8Ua2);vA^qEeBj|OoO=yJwrshsB+|?p2r9lAdYaOY7sg$o z(BBae#l}r&!1o>rd4yCW*p4o&{#Kxig6@wjmqyVXiUtT*`|Ru8Xw2k8spTYiVgSr?$)-HVwdD+!r&TmuFPv7%^L7}@K-)v>QQz@NOk2xQxV0+kmI^L4k^;Fus^>JjCo)wX-$UPhPNK8Xyxm3&_oop>4 zAxJ-%51hkyKt(u!;>X(9-+N;&*jnw%nHccs4aZ$_ESUE=nv7OvBkwKnn%s^$aW#`SOCPewR#cuFt@n(j@=4 zS{4>TyB4UKuKk8<z z`bbPo=Gn@G4oZFy{38)mNX-H%LXG1w5y+5*Rsg1gaACfFT^DoS3Fv)Ly2RsuLTVWK z;y?6%T>XzjQF;F$yrTHc`f72@-jDzD&qsr!Xe3s^tE^TEgusrKx&&gp9-uEhB(oW8|C)ynyoL)v7cT7~fwZVrevQ>GrcX7#Pp za879k>f!F4f&#;hr-XOLF(3jin6BeMR_Vo`9gW1=RDrb+C%1%LvvxIkYEk%HoqxJ; zx}H>8S?H!=^R>5te1NaC(r6n^)&}lFquoI54rhxf(hg%gg$~J&mP6t)mJ)#Mmzrs| zIJxrbx~^b7y?O^0R2|bOLaUN!+*(Bn!aK2wrlZ0Rax@R}ELOg-_#9K-aJj`&`O05! z0AFq0AB!Z9me^w3#sC#%z;Q?+dRf7a@3b!!k_4~7(hF#k_f!RU_W7kM&=h8%5Vd(-G zd-{U24kJBx$_%#-f0N^I;aoPHK2Ro#rnG@g1fAbioIFkLa2FbxN3~S^!$s8fi#bP> zf!BGlf4L9LjszA(pu5FyiaB3#*^At%0phM^y9H)CPq3{?31?LhN+Ir_NTfWxXf4gQ zI5vK9P<-cT_)_V$M-PZcn@p;i+RJtl#0EGisE}7*B8i=tiSn6f)8&=vhEJ1a}L8qFOK=hk8b3HV#@}iWOs28^pGb0jmu?ThPA5yGQDk7%K7YE!6j% zfv9^eotnbk7gg5r&oW89mM{^rkfez(q8bFLqQQJf@^a>xLfGj4Aetey0O@u{yk%pDgZMU0cUq8ZE*L zkx|gCTjHbZZk8;%ysPEC+qhGz9bqs*bP7Sd<1k&^I$Q6PX%?fmXMem zNopg~ndBi!q}CiR5@bQDxS12KwN;!tGOBHy(>Bg&GjUFi8MmMtCd>j-)Qmn2a z)c`kV?Rv9+?~tQJAI^Mq(K$;ZIggnzrFbHoKz2RDPN&NZyhBE_hy}(A+c7o4^iAmo z2%042!L?D;u*uwcZ50DSSDz4zJb!(<8?JKePx)?%hOtTW)oLJ;##UTT!P=LAXZt^D+Wl%MaPWAFx$v zih$50UDh*5(n`08$Gi&^&~617s{N`EFfq$N?%BoZ+wAndIE{+(lD`Kh~RG>Tl^GIBY-lI9x4u{L^cxR{3c%~hCXATM8$KM~*Tr?FHdVl=_`Kkt)o z$Y1{a_3OXj>khtu<<|biO)$dvSYxdUjFo+IGNJM|yMq;mzf@ zH>WrM_2K&T?r#k+)c2#~H9y{dxc%Gd&BghLvzv?ai>tfK(>J#tzPo(W08Wu(9O^F* zfl1`YpOun}D9VnwYd9_KVOiVp)nm5tv}oeeEv(jU{5q#!#MfP?MyB3;Qnem7J-=V+ z)&M~lM*f&gcoT;P7aSZF9poK{2>PHuAoLwMeXYYfOdrP_;CPmm4Cq4>iK39&eVq(d z6K0ky(;~D4n)gFXt;1%~5@`NZXt75CRmOvP3a&NxPM0oZyIOb`n+K^th7b;L&Q%HU z=A~KCv?{wSXj2`0vrtQT4yCkG_8W zhvU~rua3X^^6Rhv{PiD>j$gh0^Pm4fjy4WS!;{)=`-h{ozg3;wXY#xtXO;rasHTN` zT*xV?$U8q}FModNV~>hD_dXerQ*s+qWys$o)>;62rfmbxy26;>f;6pnc3zN6D`ST# z#2W1E_f=B zLvLs2#S3z+7#I^ZH%#yB91n}I91oBG{Kd|zA>QU120+7`ibieQ()T9TO)qirh5ce&|jQcABgVnv8AM zOGlATcfXVGNme!!s`Cq+eyZyg{10EbnhRZ5JQHU)!<{S;B+}Qi&E!IK0y)Szp69TU zjoQH;snvu+&^F=j2yBZ@h~1O>Yy zkX=AF6WJVp|IU>*79%}M<+DYaL61#B`-KraSTtnrMrq)5zU)-6f(22Z;UKcMAE9g| zXjnAzqy=Pj(d((SDq}l4PJm3&%FThN@=360Y-VoJYo!QjqcwdE%V&Pdwt#JpfWmMD z1O&?DF5be(Zx#CIXOT6w&!em=xi&g9Lvm>zwV4{Udf`&R`OA=xf0ACR4rvt;eiM}> zI}8RZp&^9eKHh|7+#=n$eXZ#{G|jPVqiUBHf)YiEaqt!n9NSy$awFI+leV0PI_Lf< zN$5kbn_oZ*iJ&ueJjJaJ@#CJQ8yn-N`#*PrXg^FGLZ|>HclY`rOI}KydbmeTT_~Q5 z14sfvpCZx@<+35kw~W&?WE=5cniq%+A3!ARg;Uw`ZzrW~yiP)l*N+ zboW|>F;Hkg{~15jK(t1Z%1kDba_q8RTx`ZH>P)68Y*yMTTg;kFw$?`Wre3N_ z4t$bkwst_5Uw$5>ZAnzICk}ovc-%f@BP8V0vAH!f(~JUI$@qG+mab%8pO*)o76bN) z!&T6(K+UYNS2y2ys=!~{m-fjx)0~$+O#}_Vu7!$Ji#)-S6h?w-{(t{0s&9^BZTqs1_XVd?}&$%3xSJ#QS7Q; zdzM!YzbRibc~zmTD)y95Q}BgBtS!mPivw{`8<5i@fK|d3IAIkeWq%{fF0sRQ#FKVn z!Ejqp9!@DQVJ|he*4h=D;MAigC+{RquD3>u#abVa%4OfoW%QXyyHLvmhGOt>#?JD` zii_vxN?Xavk<1AZu|(~F>pSecSyy$YkU(B>Hws-ds&Bo%vzv2&d9o`J7x znNqMrQyH51cm!qjvF)3CL0_=}M@VdNmuY`V#l)CQCgdZmr(^kJ4^_`Mp&Bx-H=9O^ zRSWsou(_!`!Vlq)2SGn>&?;ZXGfEe>zJ9)*JY7GXU0He8w=z{2;EsZ+u_C6a6Xc;V zQQv+LKNYp*r%2Uo(Ex7<#0X7CZ9HbN0%&(1o1tBP?DwXhKSAQq3kps^&9^`40sP-p zQ$GgyJ)8GG33tAC;BO4cCOAnh*qbb3uQ~FWW>2m&a4Oy>F^mAV+g(tS5~Ja%3S#q7 zHm^e^(L+#`=!jIW&WXCc@NurTZ1=JB?V=^h$=X??>!RY59 zizsDTEMY>bgi}sw9abQp;J(dz>J@Q%_ug0IF$9;P?@Y&!%E!YsEA9~62M;=9>106{ z6p8UvSiGfPW!vP2H!Ws@FrY}Y(unh0VD8QzxP}`?k|n0O&$+ou{>=f88_?;UgO3-c zRz9EKA@8B>LVJ>`bZJ?*RsnyQ&fXQSkc>|sLwWJy;w2cx89kt)Qm8u9kP$H`51pOK zr(2A(pqoS_0i)xOp|X}GnGzX8Kz@taga0NmxH*X)5Qwz6eEAPgS6*&yufNq(Xl2J1 zt>>=Jw*f5^MY&$w6zcp1DqT+8@@3MRt_0_Md~o~A@IRUfx-P}~dg(pS9Wp(^n z!`q4XXG5(Xw&_1|rj3@z7{Bks(+wb;oP~S2xwCFWeP?L>db$1Y z!Z8hm5)NE*9yhG=(;1!f$Mr?}Fbzr#s@y-{)!u8BIe?I``QcY(#fep@%OQv}VztN! zlfEQ$neIn0c?6MHq|mk+1%DMQ02Bm31N<)HA^PvgqKYOGc;pcT;6XB>Kyf0C7wb`t zRR`Un#xE!j(|44;mfYjbJhi>;0=mqEirTeuq>NS}L;5Z{34a^7e5O!{p9hNT%F>g` zuA)*tf=K{!VsIhe16yT806G3t--Z=g%r5RBY_SxSDat z?mWWbmuX^jOv=Q*;^MMza;!D0PY za&vhI@)HRwq0Q&MS>yGJJMblOtx@Dq?0AMeo%zd2c!9%lG9qQM8&#Rn$gM8p(4Lus z?6IqV_U?iFm29gzjMN)l@bLLZBlE_|V6JSB?}5dpaK(qfJ6iro96ARFibl;_QPxGV ztCt)F>#`Vyse3vJ68uI}324>LOOe3x6DOn_%#fVTm_I2;U%C2uVZj)YJxhw>D1vFd z{K1r9G)Q~?(J<)YUBCYKzkc3N?&SkO^Yf9W;WBR{GsUL9x!WwE%`Zbg&u-gx+-<9K zV-OpD2VaghSTH4}#PYvj=CuMNXMgiLjs=^z4_d=yduiO4uPe=Ze^JuH0zuuz8@ zw4jlJzF#Qc<0oz7rh@{B15CKFQApo$NO?h*f|l>_w61gj0aTnI=#)85h*b$50cJe> zb=(hl9>mFg5bG8t`V%?_>`-h4&KP023S+QC%0oILxGS!^`_J>`)|MLiF}hX4D_!|W z7UO-QATZcmcUyG-1Bl;Nj2_BzR6sWcdcnGk8fKh(DQNj-g|v1Hs|BckNps^KB{KTQ z4Z8l=Ak3g)a!#B=Acy6uXu|eALoli9WgImjz%_F|{?jPjW6) z>Z$)xH$AZy9i!9k9GwMT5 zR~A{k&D36@=zjeCIj=7M^P}7P^Zm9Ib8z+c^DB=L;K(vNgBhBrGi1zE5K3nZ(E{0= zarg*awK_gS(RZ-~^)kQM?31xV-W^_GIy{P3@-g^v&KcB*BW1euTN8$2%7DcMn)@`T zz}BmeZ#tCKlrj09KWcn;&r=XWgCJFCk190Z8P6YZWSIZ?tTSKj)$KA{o0f{u$YK#5 zzBrdMWvB6&pVr+G3TIB2mGF2um(3miYjqid@-VMq6~un+%c1W|Q+3(@n{CBB0+$^! z!MGPXj_boPqdwql{>$Joa&jo*;1|oIX9Uuvf0`xf$#$pvOuz9!=_)aqKrYTIbR?v- zII_wRH7aS$x6@!Tl3!(|$o-z>BMMyajQ4P9`+-XteC`;fD47!2&2GVT+?DzhSI%XgiGWwwY+Ir@!bePy!LWn9NA3QrlKh^lXhzTPMG{IYBHv_$RR!@9(uwh~_!R?eamrXM62WxJnH6pD4jt(2R-V|o^rd5)^7_otH2h$>?je@77m?8 zr(&sPNN-8lo`amtJkWbA$l{(FHdvx1>G*Eu)PY?J;%MrLD8`haf|ra_M~Z8-IB9x5TIN5Ok@1v|m+_eP{@AZa+lxEShMMcFam` z0`^0gbZF=F<)O02%$)?=@A}sD7c&Q)a%QmxzA7IYH=8)z+z0Ksrz|3M4F|1iL^Xzc zXI{98e3MDod5KU7u*=?!JyB7woz+(@*D9W2?|^6JB%6yzQ`vVVIUqX=8G_iUq@feTKvgm~4!);OW4({p%O=K6YRm z23>MG!|I`%s22xlYvwrk#YB87I4Nbl=_x@vpQk>_-m& zc~3?qn5ZrY}To1(2jLx2Ghep4iXY#G3Vf(&)l>7hP2j2LeP;Jfe3~?h2yXv0cWy+@2yZ|xQX~kAOtGRvYorDzK%5{ z)#GOrmaZVw@}BEtvu9XmWw*{kt-f6Z`*oca8bLjK;OM>V8uBd{dCw3T0%}jt;F$X~ z%iu&`aigd;yhY^)2JssPdCH$oA{s~?C;6xJaj!VLMV*gPPEAb(JV7X zkD?Gw>jmson@V_^6L91bb)R&76H3?MZ_vu_rPao?c%JSFugkAqoEWFE=tNJLK9h&}6v z2X5hGSWJNo!oKhaVUxw`LP|3(R2V;-oTHBU;R7|Ex(frt9w-v$_7mt90>{1y-Y(p{|m8i?l7pmgaaPf?)g6>4A;hdpNmv-5J zH4?ool}IBA0k2ZAVKo|3PiQL|5bsu;w8nV=amf$hi5^6a*JiS)Y)p39h z)M@;6rt5?mtZQ^cclo6%%Jm-k4QU$t7*82nMGn-AuF%JL6sRt3E>m8J>FG{UZ*$ac zX5W}j5rg0=IH=@D5(m+Gq`sT6=@b_tb86`6(n%P9vzLBm`>0SE+g*Cl4w z3%A&L&PRYA)4R*dEq^k7gHQ1S^kkoS>Yt}itLx`-Jt(O?}~hi?Mst=PxX<7 z%P+3%#Mvyr(prMQ>Th;jzP0>w{CTtLv35N<^b#X~mvrxys}d_qK~z@UbUVYv$a^2B zl|yr9N$YFxg|UX&KXjq*`7nu##_RO10|UF$=`it<^4Ay0qGZijv zvhEGz3mi5;xw~PMx&U{0Mhtj|KcoaM*bJoBL?F+4H)vNh~brQSsJhcyfh;Y2# zLU&9pEVZ&di+6G8%aTfdhst@D)|PMXhN?g_)6&%vdDn181^8oE*9uhKo(ns-huC2F zFSRV84sj0nOV-w(oN);hDUN)H2}K%+W&Sy1pMmI1zPwOg;dRMtJ- z`3Sz3z#y|S-Ibo{C8(B%g|IpPm?OO zfO%0q3+;u<*%|LczK0hL}Ja=-UjqcL8S zM*pmIb6TV^vNpbXH*-^MFkNJs?ek)`U+@0KnjA*sFlhDq!W35*nOX6fNdQ^`YQb(C z7o`d597M9_?hqNg*R20zq|UZSvEanQ4b~y|t11Wq-qa=JS2je@Z;I7IcGjx39~&^5+@kh$5V~S>-Fg$Hxqx8-Qv9_f-I@P4>cHqCLEsm-v)%#F; zDIl$L+HKXVBf7mRGwe}yqYM0WGs&wJo#(~8y)>-#owHYS)8bCe68ZS=Fnwc-ed&>Z zd`&$7BIPN59%qFJl%C%DDJ~ea7^^*Q`&F-~)0#@$t5@W@=;-u**8j5fvKg{=(S?al zwqK-K?6*()%65c&Z!)UY1iR&sJ_5H3_Hw%yWc4-R7Yb$Ta^l) zZ^ShfI%lC@2#P4tZfxG{kH#W&v8y+C5Y$98md^&p)PWJS)x8s`;GBmNKim zCxRQ-{4i{G#%}&gG-o|hWyy`LK~u^Ji=)q1Z@<^9E#sidy8S-KmN*w3UM35&fx+`% z)2Ut6aza$M&JU9vQd6o#r(yG9Gzpq)CAXDBg4_YrPm{Q3vC|2nv#^~obdO0i9?xL- zhKQ)rg_^e%Dg1iKuQh1QyvqzftMuV1024l+zRE6U{zAtzKuAv1IAn|Vsv$Ja zJ9p^lh-$=@t`N;#f+7pJol9N2FLH=PgQn+!^M(xF^(hGR2t<|j!J;0oIFkq!o&fEdh~*43hzC{FfbOtXh-f8F&A=P%4~?z9OZvS=w8o7B((OXpYuS zwFW{fFPeK2u0~o+nb}n{ibr?dx#WmyGFu%-N=bbu`nc=98CH$&3pGB9T9;ykmjgib z(YI;41hsFNvg?AnoP1LMTW{%l#YkTV_kOII_`nV4bs3j*xmyYtgfc@RIf9tB6_CZw zmImP7rAZsj62Dl*)?g!9o`RB-MJU@Gp?wnu@K4#<@NH@%wk;2-)kd&oBZ^vXyPAPu zM7w1(Ze-~VnKvA$*{QW{cdD|linEq+>lXB?l7heP?q$jAIn7fBvUTYT(fJlg952aN zGn)F_vA%cS8epP4UKSE%Cv|Bn$$LvEGr*^GKLe}jC|#nWj~o_9lEHJ3hj;AZh}G|Z zaNkvfDXKlvuzO-ORCC5u0gkp!P^$J&ajlwTNKINv*40HfqAjaq zEJxxxb$N@|dey#4kVTf7XO2|i+QP*%)P-YgjT7R^NV`s2K*2f$hi=;Mj9Fe}Yhd!Q~eM=pL?;4}KTm013(XX7hST3>O zMOcfiQd(cQvKDU;ImtfPZ6mbTZ@avFs4*+EEg(&VXUktlUG9A_!ikLi`=&1{r|b6$;5Zsb-z-sWi6a1{-abJG~KMg{Yvk@{aApvZD$I|1`~T ziIFQa9j3NZl=hM7Y95X@YJP3lzuL{;2lWIZNGlP&77TK5VJRY+lCO=fbkt8Q?O|f! z6qaw!9m<}Xc z+KZ<792ouv52xRSe;&E(Z!l?uh z1`Mner0t;O@XZ=D_9}e-$0K8!e*kVG-=?IZhgBei;G zlq!Zlu}fUo0^Y*lD!QP*_uWI_CHje2JJcHFJ;*^?d#lT)2lS>lF^pss?b1& zAV71)c?LilQ&iaZ{ETdK=A~-9?JxVAI`_iEVRol;mAuPVC1^lKeW#(^ow|PtBzczv z`;28=FLjBm!D65yD{eh#nI}v5ww~Uh&VpxxTfVNi#ps1b!b65KeU0$)QyANlrzLPi zoNxlNjDXXJ*EjV%FXn6xWqEF7gE08i_Z9rp;;18#Y{N}h6ZVyK3MLwou#T0Q@weN_ zQ&$_mXWwF*>yTwo%CuEvO?>o73TmwwKGphw@o94}G5Q`7jf{;+fC01y^i8u;Ks)ab zXGzZOZ}+2QCTChDy>N`*sM|QQ{wkK2VI??gbao4Wf^lmn5q5l|C-B|4cC5}OeOj^h zgX2V|R1bIHAkk|Egw*;1yML0>Qktn%4w`Q- z#dE(~xwKfzBry?BOY+SBie|c@Y71h~As1vbch^#1o6K%hV%)+uZA#*tgh^vdCEYNb zZpe%seD9<>2s7#&cJ)IyPH5J(>C;}Ftz@3@0OlE!L~+KKa7_Z~Xr9ZY4c5i=-%hr) zB<4&n5^{dxNr8QMswTe|m0|niaH)}Z42ysMsGrwXb8ELgr{YbKQG&oIkY#WjOZm9& zxOC@|Ot&&YnR#34grC_(`uclmtAC}!3gZ#G zuftLyIZ&f|apO z)v}A;4znq*cItr^_-%3ugmSG&gacj&=;7Df*?BZWDIE@*Bz1dzXV&E(TU>^l!y1qM zw#!FKGV+Hzb0<&vgRNjuRJi~AH z2Xa)hYTm)8;x4{IR0*o(fR<9k)Vdg6;H`2)^2?nFdX2SlK~7u=K%WTu4f$Rcv=Mzw z>%e}Yq=K$jZWRPa2fEcZeUz2OhMqJ6KR#4J*jI=koLI}eQ?$em%3-&7E6BjzMdE>UZ9N9 z7RZXZ>#aM|``Io>Y`7a+?w^v%fEG1jer$46P$Mb1dC6%Z$+!jyLXN|VLDo{|?6ob) z#1s`PeZerj!|SL=X<-`q;#BQU9DKd0y4$fAt(J6Y=#$#ArX|8|n6t@@@1)`w#sCvJ)SzUO!u{>M8fP;VU)Fb*f}(>#Vb09XAEe>BbVFYR5_FwjpHJIL=ni-Bp4aoUrn(7w`YyzxVOqpT``zWM;z|N z(ZkA!&E$oqSh;54IXGJd2i|)NC}(^57)6W;8WP`Y3qjbX3a~m<#*8U<{%wGVO*`=Y zt{T@X1>X$tntu&7;ZdH%v*rqu0121gYlr=3=GJq4eAsF|0;{#$rW7gvHta?J(0V!;ho|` z*^-ko4rls#`8j_u{j^fZ}}p~*h2{Y~pt9Y{aB zxU>-Kw9Ce3u$G6Z3+hx|45<7sHKPr4++MIM*5oak^#Ubsjeq~&dMCD$p^!Tp$R&dxqf)+w^dK5C!B~O?BJu}+h*+`;#6J!0Bs`dj)Hh_gC=w!*0q7agdNmc& zbY>Cl`VG!}Yi>IUba%let`i^q+lnDd*FQW>pQri0!ojYS45hNy>LWHVw~rwsG&`@3 z&EOp9tQlj;1p?UR8>I&3A;xS%FtpD|F9VqiJj8Jr<|d~xmvA(`pRM8IMUd17PV<-; zD&|%(F=gV+U68;+nKVJ6Ne<%0_7`WxW!69`7G8;vSD0UN9(^JaOQ1)H8^UmW>RhFk z3ytJ-<02-R2gx*Z1<$+?UCWzKk5&*5Ns~zK{r-*T&C_i&?RxCEEOe4^FUO8Xov99hQB;amTfjybn zxRm@>QWlf=OQvq^O7(8TK8P|sYw_L!o}9$pK{)qUa7Nn%SAS<4$= z>J1x&&!s_iZ-(P1?f#Tn(eBL94dwIKMGpn^adJE{8w>~=FTS!#4b1L+w;IVk&nGlh zeFEHd!D@-)H26(D7P$@{$6M1P!d;0)<(J?@vWAi%BP^&U`$ZUSAm1d82bj?6u>Oc=4%!%uSy9XPWk4v6;lp|$97uvh#I3&Tk$TPlLPCRKEIhf7; zSdT|J$IT!49o@?i=0W~p)m1mSW&soB*mcBTcm2Q7TqH|-as&%OIjj>$F*TLgy>H7s z8NRUAz%ZSRyUm7nnDe1z4?UonyxMh_fYWD&T?I`rjB7!pg)>+GWm5@|p-rgwW4dF= z9gcP`sNpxz&;4l9M4VfoMXRY*OvX6-w*(ebQyI?Dx!FWAwPeCs>z>i}9V6lAK7N2O zGv1*@9PTOPTjKlJ!UJOw#%Y8FGtSS!r7pt1&FGjS+>0z2Voz3pCxt(?5eg1(Y&*5p zs?iFJM?m@e44sl3@cv$+btU7x9n`cy-AgysG1Xn!Kb`(QUT$q$`WshIUF-U?yfxh| z`aA+2|3b{EWZ zs{^Xoc`&8aIfjtE4lZ9)b9(xC``SCZKA-RR%XZMl&mX0`i%qAauIm6UCL;vxvW;`O z-ogwj^)B!XM20z#Pk^PL>)4MRIZKqnOKvRIRAcSu8X46cnl+`fS%Hy7JGkqIPRA|o z8}2cupjs|qU{L?u(7@it?c16eAt;<@3g7qe(VeCd`0N^HQEc*E5qEhlSs3mI!ZQJ$ z#%DMwLIbZYmF~Fyx2L_!MpQjJX;Z%Yr&()@z<|7#g7oSmcbsrhkZMWRY%*l-g-5FN z3P+%zM@X{0y`6U!=pS344Q6r1lW?YZwGIq${mg5$iUkYSxh#*eE)h#PwAj*EEOgqq zzgykvFRm^=D|~#ij&6u^i{|Yc_M_W#SJ~(!0>s==CY7=BDk$PC^QgLJ6T9 zymp9Uu56hW$sg0Z*y+ro`8l&Df|9KUop((4e+ltAZVPofBOX1khUs3DQy!Yhla+>E z{ys=9`uRy-2^!o45XHeoh^l#@L8fQDwU7ujfMFIQLk>XLetlk4>rCm&Dnd%o?IJJ}Tx6cis!8iBj z&&Kw)g2d3z=i6jYKCZj>AE|~iS61~eB&NuxN0{YFtZ{s4+2qB>99azH zk5?q34E1j=NXnH&+XbItK|RxBj4M`yM2(I zo{x%D_{W~O4{0YmA*3mf^w#57~gFw(A} zBDqb8^cVCBV4*v1l^7tuhJ<(n1D9Gp3m+tXtDCXOxo zh0ZgrDYr(NcA1!9I$G{tN&4JRLV1wLh3*<%SugJGQoe+K1)V?+K(J#3R71Hnf*L z$QPJY%RDkb;LTaocQ9BCskT=^9@H_-!i>)Ou?lm&zC%G51U*7z-<&SYJcIj0iX#k6 zjjN{&qWN41TgGnpIldRKTQYaWAFDk)NgNp#I)7Hn(rw%_$-EikQMCf`0)?KqFEN_Q z7{(bQS6$oEAtTELc!HW6eCvuV6e38qaPs56gC8TqwY)znS*LOWKkYyg;w6i0@Rmx( z{V_BCX@s9A+53IgsPkB)!rS9j>>0-Y)F<>0DZbm}a2ViDf2LrKd780G@j{IPkE-BtL)tTb3ywWwRg4zyIz zBJy9+?^U?3w7MD9C}XfM?g3kTL{nfNhf2|Upt}ix+~#B(_Bmk+Q6|}06T=`qix!(6#9^l_$Pi8$x{21t*s}Isnpg^{4ELBK<}wV(W)$v#;e&*AAgD` z=_axzn9_AaaunV}@NH0C*OiZR(DW73djsZ%xr8%L?UIgyENtd_5%^30R?l~yV&cP| z{jbGp<%jjdj1V&xI279Una#)OajtlFaY2C!YC(L;&G))l7Q0IrKT`G08)ySBH1G<@iUXxYCalN#DG-?uCIzoiOPwOhiPS4E5Cg9Ec0tXc)$Z`@U_L> z0=uh)yXGJ&z1hyyJ5b~j%7yup>~cp`3|S-P;o%OSfCps20-QO4&cE05tZdw%3{x(1p6|au7u8 z5r^Kz)_7cWd89DD9~Z*9+T|zKC=TkL!KCr>^!U!)5)KGX!ZGP~MVadEkzuMu9B9rR zt`K_%@qu(#SNxKVzD!1Z<=u7%d*)&V^XBPldh@!Sq_`7Q;xkDUp5?!-aphjRRwog_ z_kgsPZRuL%vzQu_Ut!+dS_(r@5d#%BE^CK_KEw#WS4#Yq?Oe$By?gE#VdeOhkHw-xoCca(*UYgW5uL1d(i48 zV!MT;!!f)J-|+W8YvW0Zl0>V0Bb$Jo?w=8X{&ysgQbTK35zzWI3ctO8LDP7Z) z(m`%XZ1PwL9S2uT8=TtIK1=bwGo`%-FzdL@NXB{F5RSIc6zh+0e@SVVt#DN?*GoFo z&iCQkJmNr9vms6_wVeI#=ya*to<>_>!G0?H0@>=@1F`RbDVcLLSrs{NS)v9fr4%F0 z?Nf*gn~Q(jAhtj|G{^-5HgW8d(6{sAlI}}Yf9JpM`m5=WU|O8cs6O~iqr4Oy{+(cP zXb|C7M{^j!5dPKT{*ndprO=YPzEQL158Anw1@TeNx-8&B5BR-e zj(_l(75?THdtZ%nn7@tHhe2Iq9jvwX+1Pt#X4f=nVduKj-eKlu^1*_$zETjVhP@*l zUiupw19Q_6C$}k*!Cs3QaTeC>jw12Hx=29G1+(O?23EAEqwc8nwhO^pIk2cxXb;JcHOt$o6Mdxxv$x2 z`hW74P!Ih}*N&yYE61=A&EH(YW-}?6sinHd>U6FOZygxrYMTfB8PYuy_nYmPQ%)$utBPYfOLMGHB}Ekk*C0j?n2s z;NE7AxTdyR;vqjVi+49N*rP_+bQnb=Rr%hXx~*d(fLDpgBzKW9Qimuoade%=LY~sB zl5dfqb|sErn3p9?bONdC(7fYPV{sk z(+;I>eIhInwzRf@pOPlRYIiVDzGYRFQ4XwLt3UTS{sT$H5)Kv~XzW1LWDyqLeUtV{* zB7SVGJ;8Vs*6|*xF?LboaqxY3lf5ix^6SsvCd*rnWbfsS4*9g6y3zfKFa7PP3XVf5 zQ0{c1gjP%(ux}~d*3jgz6rnbA1PZH!_Q;n3WinoS*b>)r*^0EGIcZmO#J=o|Yts?e zqWf%XLT{62S7Y|k6xXsjs=dtr4^TSGzTCL;&q2rAM`-Z&zu>i_wNY*Rf8hLo;QvIm zHKdv1+N^#2bG!TTbG!9-?lirb4!d6;VZG^URmRiB9Z` z+S%#8xsH-*VOotIN|b9ioawsjT3e=dTcDFf)?^txQCMpO;LW3R-weKJa8mPPGfa3zw zmQmjnaK*!}N=!@su{Z~6c@~8cXbc3wGnE+toBPbqxmWvZdM2zM%bY_P| z*+pXPy|AsQ_dSLQH&>QfvLxJcAy2F<==3bOolYP~+^I~$#S)!?R;gpV@1b}%pm9oa ze}4(z8xz)ySd_2aIQ(2Zf1SN$PgXCr7U!}Q7isJSj=D~f_D=lLx|=+P1Z~9#k0?z3 zwJ$;r!fexc`cx#IuFw`_mVpMDLqij*L3UrE7F933KNc%mxc4sPTW$mx97N0iWxhWZ z(g0`-20U$SO#YNNSH*bZr$4ZW)*%~9IbJPwIw^H;Je|*f6^rAPSqypeCuEDFxd=8n zjq8Tniq_q68g@Rir>BXaleR`N;n^27DIbBxVL>Da>Dmz&Q_VtBvi|MKTsx->v8xUpD3ji{8ZpYXA zg(FgL@kPQX@@$q#-p^nwC;vs z*64@4{Uw9R8rTYJiSADI_+#L&PSjuxUMAG^RAhG{tS~8k&n*DF1A@_A-vS#MpgOc- zVr5>k2n1+aM+|wIug@*5bx}IAKjm8>Q>QZ|MishQ8egmE^M9J(EUItRP}aQHx3Oas z1As>BMr8e!4qh1>-$E;T4QfZ7MzefVca#tf$dA<;hNA&Z9Fu}CQ@G{IWfqo`h7w1i za0N-v&}Q37RBWUh3$nf+I^yCY@p;zysP9IdAcZPrQ~hmph$;XU2-YlCGFa;_7&`1@ zj4!Kxa0?R?V+pjea}$iVVu~hUS+;zPDp1o;c`wmkT1%3a7CUIP?AVdvyaAD;|u1x}J(Po-|J{Ajid64g0EV)<76~RbnjQCX{nosqJ5)s4i*BpuyWvtO-17f*($fjNb&c##z@`S9d>#0I9^R zEs**sF20LceinLFpMU6E_|W+PUfIKBFeku2@g zc(jc~bL%djxRrrub&n&mL|lQ8ggiruI3vBg9XQT(DuamG9E5M?Y}$4a3uj9FS!R%Q ziJZiO)Vdfem(&?OTP0ou8HcKpEt4{7&xspr9xk|w>6Ts$gcB0GbDv0$(8NN{AxDu}`Gtti$FP>DF`_#jZFdqFgkeDbQL>zxH?XQ6Oi zu4@4z)KjH#q$MJC0e9%Y=jnC%relZi6&(Z#sU-mXLDW;R{gY9?31mP^i`YXGXn=qY zzCKVZDTiJ0B?Yz3$a)4ml)u|Zdx5&^+G^VdWwn1WogRqJ3+$ilLgqMjd&x@?fM+BX zqDX+wp^kfqlL9$#Y!Gj@Mc>i9^D5LhlZF^Gr#ChN&~#!aMn%xKxg{ku^oAE}(6yoc zmfq7#C8$Gwn+G;mB>~Bj5yxaU4OIZ3ea^v%$m`>OovfI4*HdC<^u@8VN>gJ0`qk1t zXr~#=E%ytkv;^t)0Q2QwU&$M*F=7bsJ3J|88GY&8<+hd#XE_m7byzdAz?UC0b6i4} zthO+j&Xz3A38j$hSVzV#ut&7XTGxVpDr1mw3%&^}bL8YX8Z3!CXsD##%9G1KCgerdZRNNpxP%W>s zjCwHBhhIte=PS2@Dr3C<7r4}-^lboFup*jYU^cqvZ?jJq95HpvS=4;7M;Bdho2hft zC9TDdt`EjUm-czOEIh+Gvn-l!SUA5GCsZE-{)oW)|0s)Qus7-2nWbThU)xIndhopQ zrj822FU%)i^y#~=85*m{#0;-dC#>-cNWx--u)80$glA)YGZ?_9KK<{#9hnxOZ(-4U zJ6P#zQ9SaXvMO-9nZ|cuT|dS85*78kXxKOJ|>d6(z;4#U&P20_14A~w@GHV9P z>|wQeNnF63xVv)wznxdk&21|R;C4xlML8%}5}@9ZFTFeJOkYf2ik+!M!;*jH)~R09 zgeKiPl9^I1{(?8A@0Rc|zSMq`5$^f3irvFUlG`6K@RQ&wRFND7mHVBKqrIKV?@JCI z8J7_W0epoOG{gqc;vy6;F(#3};pC{%NxiXuOv8uZXyLcW^=3_PGjkEA;?`tLw~1L9 zm|tT&>HI|cBDmXp@57*F834)_wp=+P7%4xh(65098f2$zp)@C>DZA%<4!ky$)`i8` z_oE~=LVU6>(k+bR2rPt2XbjUD=NXdm9zJ~v8sZB?poC6OH(`%#&MXgSv>!xE-T(0_ zh+cjG*z%qUT|)nEf4P2y@MZmA5EvKAw2X|P7D~pgbIat#!|>=w<8)D^~t z5Hx&Ssz1*NY@SMRxIC3n=%Fg&pnog|IdQs#@V?U=%LAh&;`l8Hx$w<{@r#@f)Td;# zq=8=7(Ist7MJRF56<{B;Y}3Jg&}cH`uG*F~s;q1oX1w;2?s`n}Pf(RB7R4^R#kxbG z)cCagJP|hWTGS8Bj(sjTN<>&Hw}3hog!B$18)@ZC?(K&W%C20PpiHKu3PY|W1s}BP z{v2u(iKIzE?iE;LSY@(~jo*Qg;a^2c5NJvJ3HzBIw(d7v3*((@7;H$*4|Ea?7#)HV z|CDuWjElbcOFs`S=7x3zd?v-9^?~BetESqZA_BzqX}Wm09%tp4Kb()zSkOF4AF~T* zE3|mwt0Ve12m9TTm!`L29XNp~I79~;rRNWZ#B=}Ae`Qyy1$B7g%%Z|bNC`;!y>7q( z!#prPHw{M^2#P?pf~PqvPqqyedFh=*;oV2LHm8;eq+|BAzURJPZw7|(I<{pGjt$fzosLx zi&^QOE!B4m)3aaoE(VyV{UJ3|r&G(S7A-rgJDt!T1D!!kQI=L!)`(QAe=w}}u4g=k z;5J{T++mTtqY)3&A&@RE#R0jJ#{TEx1J?$fhUb#$D{0`DwI_+6?>t3p4&)?|%Rn#} zd?TI8<-`>_a_HciTnf9v-CWXQA=(Y$WAua+L*NFrV>lE@RlvZK;oMMQ>%lh=m=Q-b zV4*MSKrQstuqhA7oT(`|MuOQg#C9<6b`$|OA*|iAroO`zeNQ3GInD_OLIXDX+^5ru zu__0~PrKuZ#+DL)u`CRT;WrXfuJnkU`iQ6eJ9kd!hp{7YU8=TC1z|2wT23l_-ztJq zBS%clqJw+37#vincW@~NX^c{lUQ*CTOf@(vZCePF;ALOhQ*jN7a}p*U(IK zFk@j7vHB8OmE1Pp)F0r9;QvgD6~MeY?po*Pn`$IEbB*0c-+&0|$93Yk8^=W~W&_}2 zOKl*4PMCbAij&p@R|mv3=Q@R^X}xPGy`EnW-8Zhvigg3sVCYbBj5=Dm#So)_#wPKF z=z~N-y`-$l3H4ZU2q_HPET=i62bbcG&zUxKUQFv>AgNC-377TFskbupM^<&n{VsHNSq()Boym^VO2b?GD-nI z6tB_!mY_YJQQgL#u5FvNrc!R}q@3xdX4Al;ilpW?g(10Ok2Sx33&i>^t-)T?qPbj@mbmK$MnT+4&BF}_uM@>YI)U`nIn zdz}B1~#K$g z$?}{{Ab}h>h%feu(13@D7OEY)yXzvRhEpa+_sN)z6CQ<3!I#p>9gSX&j-U?+L4_k9 z$Ozs=1y#?U)>1HGPKX_sPMI)66my0%7R3(Vh#@aY>Cpp-A|oz$2ncjI+!U^8A^De1 zG4Y>6WO!-P{TOj=zAwCZ&9z_7I7$?aa^LnV!o@U+sLI~J3ozNJ2lj)w7xGbjYxOyO zl1r)p*FjEoL4KNTW)G>1nK-?^eD@N{I?!wr)yl=Vc`^YFwH9Y|%bAg4#fBc9KQ^8gRx0)j!7Ge<$iklY=EC@CAdz$)vIwH5g z;#03nAjJbyAd}0f;QvZTOLKF<>B1@i4Y48=hC2bGKSk{ z{pHETD$+H#tX~RpM&~R#qq_cb*-awZVp9(-^17k9$Pt(F`aJttx}vVucug+kCQec;WZSz&2p4825V!{)KwaxDPexn^E)4%1V~ zpW&V?#L4 zYk?DV;#_p`c;UfYW}s`1h=aJJ7JqMLUKf>4nLRP{N#%@Lc)5dOwdSyK1Ids!vv;fc zwnZ2vt=49boh8oRM&xvL_8c}+*^EALtA~_ih_o^|HTgo^ zR%K3&qRY_I?gLcI7qc>hY$5G3VU3d}pn)A)@GNgk;=DVW3vH-yrd^ss(d_hTb@>#a zMCRvVwOB8lAyCL#;ic5orp*%?Q;pfupd?v|miVjQC$5GD?(u^RuP7=NJ;Td`0!Pg_`3Z(?B-eH>Xlm&ojBDti_Y{BcPOt~Dx9DV z8YBv$Pp!owyMGFc&-oMpNT)JvUNWNDRnx3^`y6((0{I}@Ey&*n=(&J_sJkD^<-SAN zwAQ8W$R%5hIH>`LqM(bG|90b1x&pnne)r4MN+y7urO9qg`*#;YS_MY3%Kc_tZZ(7d zscC{+IwP-7?O>d9aS0zH$4_>ck}R8aWhCb+6PD6b(;7FqJ97OhRBez=sk5;Rp@0fh zXv}{t>99M?sOcwPW1P*3nDLd?GQ+}5K9+Jr!8{HX`nVxXK%5KQKj}l)TmTEOyN+Bt zd+Ni;nw}x7B^Nzv4P*4zQ!YWTd|mQ1IlI7+bD6sS1_qzU=?|kU*odap_nrLEC_^SfB}6PvCT>o1uKOpWj$97OSSzS7LGT^&73j(h)uF0(^Jx{d4;4 z`vnDlg8uognp6j0{L^~iJ4-cPz3rd6kG=DRyZO_%Ui7+W^YL7plp~k>#5;MyJIR{u zFn98G_w{gh!s^zW-QgJOSjDHYfmCpJYl{%~bhUimmcCz#^7Q#OwpCt0gxGzbibcNX z!ex=$HO(DBkXQ#^_4G_EiUlQsQ?r;V=B{S~Wmk{L1r27!hH$qUrk#^PDzhK@Hujgn zh>&k(ssiO>@-?5w(E_ga85Fy$CvrBfv9Au}(w{m=owvmv^(AQ_B?{`yq+h_43b7#9 z@8I}!Wu4PB8h3np(XyOn)0DH;3k}Vxp3BC5ErTUx`b)J93Ox!rnr;(&!%cRd2+pG1 zHM3qin$C1!%xGVhHrBYCjEOo-S?f)1A~o+qea4`Zq{g96-cO76M|`_GwtB$0G; z`=$)BVqif9t$ii9F>B6~nMYC=(tKCnGqW7g?YRuEaa4h?kliFUV5p!X|8b0O>`nv29NDN*ygERxc+AGh^EK5Bgs zELZ?6#up%1w^RrWiCpUjhjj0ARYR(6>I#U|0Owb4CY8C$e|$)^_BvUv(nxg(XtQF` z5uJ=HnX`_OlV5(@A?ws7siFjTrvp28GkdAh92dw$!E-g1i76EJgJHK7NwyV9wiQWM zuSinen~+$}o9mL)bQx_%EUbaW@qy+#l&#P-ONc8AQR$`rC2^_^6w+I?y7sYNy@bOk znesZdr#Lfgh1yL$qjdvW!50)CS0|vrf4j>}HDA9J6Pc?mVsQ7cVu?|NqGrH0Uqh80 zbwVFL%Tg{{IxjQE4gsp#7Y$zirDm9w>+z*Qgk1|VUROHUU4iw1>S-Tzrt~}hlHQtz zXQ{|o-7Zh5L?Hp!N(Ytc-{#wTeo)v5URdZ+9O-!!f?s|a5{~g~dy$k@yB##B1p_i@ z(gg-&Fdze0r^s1AB5wi7%F+O3MK7suw~lJEs@_pQHD}W+T2TE?Hd3+dCPHt2-s%`z9b>Cw ztgK_y@54Sd5bH*fbPWV^5i z&C-kc{ohVg@eFQxjpH775%>>mL=SAB7gYMP%gbACCRmSVy6A@WUnppds43c(8jl)pft)vSd|hVGFi}aVIHv40J0D&65tbwWxxDFM(^+l%mQzJ z`z@2V><`V&inCE;8jNUSW>WEg;Yv3NzAgeRltCLO z1??)+$$iSlaMN%Os=ZFod2hckY+CgVEzHyDKS4ybW_slR9(e|f1AaETkd+^3Y05QGQw#nJ zYE=I42ch`P4wdn-|9kuP3NDN%qfqh8(1qVU&;L~6sKwq4Z=Jb@>Fv~ZO(z2Pyl`f-3+FU&7Rir(>Cju+-TeTdv`#IN!QS zET6Zh%u!_(3nQOSSz)-)2N^g$w|Ol)XuWx4G^xDMrd8i{q}8JB2I=>@s=AIn;!k-O z+`3M;nn~sYu41a_oVntA)DTJ%5i%7mta{`yofp{_+ORoEG;=0DTvLdXEh)sZDM*8{$8X%oVpxTtJ{RQ;_PnB|AYipydsik1ZOtSWp-6x)bGUmEkXSMQ75 za>-g08 zrRfj#^MnL*qe(nlXdcigyU$OG+;%S;#c}idEpK7FXR#TjKp`kCA1@8s5tO=*r)axz zs%KF{s%l3=JgmwAY>3ECBnW5wGSY(v)$&@YLhV}sj%HMZ5ikl~UceeUYntarw}zFO z)kbV%Wm@|^Sjw`aw73vmtV@l$cwrTDhc$O;L_=IhylT|U%7o_+;IdI88we6({UM$i zx?PQu9AlC({bvG~<$a$i0_}E#s-b8|Y9(QKk(Z{I+Z?=N)NFXjT6C~J6s=J-2v}@f z0&Y>R91Ke0q5C0_0+(5zke`0u@n2x!I}e`yIcMZ}LhTb-?^gYMHubY*0an#Nkwiy| z(Qt7mf6%N>iM$jc4`!h-J9cYo=I>1b#o}HdpG4zRg)mq(Z%itNelLZG1(*Viv5Xfx}tWQ?N=om`BWm)Tw^~8eEy~&Lr9W9b{h$zy&V@Rm&df3atPu^PRc$H&`$JWF%3X%sIGH-( zzF2ZToyV9(QcQIb%x0aoH_SI|G7`N(_Oe(J=;dO#>%tv*Et}EjW85jsvC+JPt=bJd zj(N9Pcyb?I+s2cMBpV5{u4h)N$aLM^rvoX5A=meVD(}jOrG<%YEh?XdMP;iZKD&z8 z5+9-Skr3Hta^B(|HY^un*?itM7#Et|;LFT$m3g$A(SY%uP5Y!~yoG8Ps2O=T5p>$*?MZK>|85qHk+!WyFdN*$1wRwv_`b zJ1b4z{BV2c{T+n~<^3u(qc$&)Kk(`|H(3%xQe!D4P1aJfJQAwTYD&6WPM4|}bvW+L z6kNp@K>xUDSPfMja^NXu5+$B?i;F9gOo@wm!>()Zx5s z!K*uzGyfi(uo&8!vjzA)<4%vdT=ct)Ah{-dK2Hqf^5azseuFNX%kr!Y56j=dD&8S8 zzu2Kv$iuG2z_)nM!vUO`wSzWn%dTY8#6k!vfWt2`V!j$AlL5c~>b5QE-rz^~plUmKtIFapEr_uS14Zd2nYmj+q!eIj3#XziX-O z^!n24+(GY)ZU^rGqQ!HIe z+{UQXW<~%j*bs^&117D*@8nW8=2Fw4AjzBwb3k-rc_qXm+m*SsZ$@(}_=IUQN-Kfu zpI-djRAcK~sGv>fam3(OOsMna6==U>I9@24t1WJ2+}d170F=Zsbklx>=|V9j>86`7 z67hR>LIz-p%)tD`()w?8`hk7+P>g_zRD(?Ttw?Ygkf={6KAkdEyCaAbXPH&1_lZ>K z5z7rB-2GK)!SxEzKfU<55#l1g2p1vyKwhAj&$Y$UzT1C#Aq@RszZA@*W&&!bH9>6m z?gJxQ&KY@RQ8e`W!z0!^^b3b^Q887fXpw3d_wMca+Y^M$64Vqjl!P>7!Y!x6T5ow? z;eusBMxIeIZ93SUS~E#ZqS$D6m3`ctLR(`*Dl?8}GsAS8Tyu(VadLT6{L;x4e3gfx z478nEz+$5hoIM^sN_Ef0bZAL)=xUZ7!fA8(1^j2_xnSIL#|ahAwx^sG6rMg@ zX;R+W*!>*az4f7orM@NMF3)2dcF&xK$eO8GJUJ;_ghDDyuoya*`H+fm2(`<#vA?f` z!Gw3(zCT=^e;fi&_)2@VcNMdSP!m!YZh}7|wUmCW2;nu>-v0SbE?KGMnenMi`BDrr z@5=9-?v``OwI~_+rrs)J()|83xgTuwLoOfzf0<%rhX4(+-4gwj_CG()dkgOXWuIF1 z;%qyh0fXv%29}X*!NKV;Ak&-cGcfbi=@?6_9LpeH6WmnWf6cY=0P7s6UaIsVVQ9pz z<96KCU2ww<)OZilBH$iOtc=GsNzm^JL1XoL&zzdnbC-%Ql>8w02O_ADngvpX8b@Rz zkRc1LU`++#!hHRzPGov3p#MSP&Yu4XsbS>H|Iq(&^*;_##a)Fki~LvX){WaE;rKuQ zd^9{d9v&T&qoWh}|Kx|ev*zLy0BZx&%7><8539eur?5Hknw_*HA*651F^06cm#$cK zWdj}5tumfuJ+;U=)0$2@NfoYX!Iu~^LwS^5L*uUz@)Kw{dYh(Y=a5q9h+MtByEyR> zf{$^`NF=9I7SEKR51@hXn#k(FE5Cj)Y z*I`1IsmGr=4Fp_Yra2dv*h<1_%ZhxqEL^dU-?{+Co|Ic!_WFS{TCl*phwn7fZ4;H& z4BdxryMo&t)&`Mg8Jx{jJ0d??PKpa!$W*i6YNF%(6pJhEI)lCU>MhuO^_)f#+Pg%< zmdn!D4%x;Uw5G%*YD1XK^|2v zeIe{4Wfax$51h;`jC=j=Y^Q-gHBRNB#WCD965lza(MnsmH_J*P;9$j=;B+o!%UFIU z^)BC*S#3OxrA#pO=_{K`bGR$H0(NyyF7g5r zAtj6YEQd7+BG21uVee`(U1A{3h$bi?MUd{Vz zI5CCz&)swfLR^TGA9Lk23WSsQDx{*XJ-D*t!=dAV6r)TURJTu|l4VI0-X?8qlQurX zq>Wu&u3zb*fk-f;iUx)$yY~WJ(p=N?w}i9t!f}Y+j#tN(50Me1g1r8so{{<|jVmi+ zquCv>S|oB?5Hbdn)+pXj9Us>yfp;+7H})+BY32l)28YCT-AJVjJP1n9;t^?G0BFPT zZlLU%xSsL74Z~KKWdrxMgc+m-G!%$VQgHTov!p@{LH};`(0*X zB^UG9)P?=I!_~#((I}FScs*gx0zQHOzP%5eis?T&75gWIl1Db4NqL_WAM2bO!d;M# zpV<`SAG%s~Ro`Xrvc5GzF{=i>?5-O1f^OdOS>$gH6qbhOGQ=R!@q(l`xw?cyDt!7` zW?j=xB1|fRqmxiV7BdmDkR-7$MI8i*qQPQBvfCtb8&I)U);Nn(#rOeF>NYuSWq##}H@>Et$zd2T^4jV#j)B?EA32Awmz zKb%sSV#Os((1M(~e6?f-56SO3SC`}=!) zKYjn^ySwX)pZWf;KZ#_1kAMBT_Y=GLx#J-F`+xgm1(XlNT=emCgthXtKXv1S8BgQ>SNjn%Eogmy(eJAj3GGTaL$b4 zfo^Ull{q1Uza0JLt3hKU9Vlw)ZD0w)H!FJXvXt>W&GI?W(IAKUdzj06cr&tszUD@% z1^Ml_lcrXNPRVbD%z3J&mTCrviB^Y^3}|#X=Hf6#)!={(hC{qD_B{`TsE(ri7A=J|WILB>Q&CUmY%bNJhzi&CeLDPmY*m^p zpf^t1`UY`Q=@{`j?*oY4e_|xkwEkU;>31SMEw5lHqW|s7Vylf4vZN9I><8%LDw^>GdVtu;!1UQa|@u zy%51LW{S)3uSexJaE=W#_tS6!`%(mpV%sms-iudcCKIK}pUBIvzak-B*nb`$kp-hl z?~^ad-V5?4;+y?6k%~l&#`yl{eezfGmp^~~>M!`Z1c!6Wd6DhL@258x=kL#M zF3vBm?k-PX-@gC$@^vj(d0um%I85{Dw0Dglw5<9V}+a=4p9Fn* ziQ^7&Ov`46^s%0dy;9O={R~x8W;!h2G9(3>_d`;p!{(6`X#Vk$WDicNj0gD?yuj&O zUATnxs`dWW48Q`hLY&JvSEZ>mE!)!ORk?6!^XlIE!}?FEs~z54oSwhA7|p{Cj9Pq- zj*gDLe)S6edvtVE{_m@!uV4M)_|?(ZU%h(y=dWJ8_`}ihi&uaC>JQ{-RXDd3E1n!6W^oPsL8^Hcir=RF_DmDld~$&j3q+c{N+{9R&U5-`l# zHsG(!jrk2oztgN8QN2sBJn?P`j|8VGd5Ge~)%<87p=8={sh?u6}EI91F>J z2@hHQsvJ(48ER~|54f27cs%dN+}Zi!3v#U(SV1*6Oz-R*kMgh_kBG!T=#Iy3>{yknf3L$ z9A+IIk0B;u%p;0}!UzSsAdsCyG7-rXf4}ES8*7Fh#qz}>&7jBT;XPpl4;J(p+!LCC z(;>nW!7^5h`V|JekAQ$c8Qq0z82O_@|MDV|%JzAZMIo0)hbE}57D7WE*86l*lW~jd#_elKhx}=dO&e9SCKHs%a*V|{ zaNyY9V3!-gZke>@JeDcu<&Q-@>R>JUHfS-i5@2KpZJMi6a>i9-n0 z0j2IUVaSr#Ql}p7QB`J&r(zEhLpIK>w6?LbvAAl!2|YB_+1jgDn>Ek4ni{!|99H4M zf)&Df!p?SKc6RMAX|?^&%d)2gPiJD+KENCH|HajZt2O(-KOFWu`~MK_*Y>}8t?$PN z_=jzN*uQmtIQiH5k3mUf&Wg{9UC!~A{tqrbuIc~avVYm>{~=nVcB3{&av9W>61ilG zTqBkUrLlwvKjm#)pCI8{WKvRhoW+?ofj{eJ>sVUFbw>>k z$6G+A*IIp^uj6s0G`R9>uvu@wthc@Y;b@E3bkvzNUF%xc{=fD!00960YNb!^-2*tTsuIsNSYzT^CXQ)7*)x>n8g<@&NP zCt(y68qk01hZ2a|KthSZNJ5rP#)Fg9kXenvSeeyAOPP~RUQLZnR^8gtz}DD9MbVB| z!o=DJ=<>_Qjifb!BKpM62L?~>St3$Y3MVe7YI=&EUo#P3cgEbA)Z_E=z}>9hHh!oA z+8L;cCHm^-8&3uJYx~kR5oe0y(u_5Qw;*X#XuzBIv)hwta{dH#xcXujaT$Q!|?^0jAv zWtT$!lEI?_Wl^@Lbee=O1Y&7UT3YCjgIbTA76z;wD$fBcFCmkHEVIN0+a62Ofd#{5 zMt(S{tZJjZAvVIIPfkkK3rK6WL65>(nvBU}+sSA28%aJ^%8n09<7SCn;D;P3EbNyX zb^haSy-V(Y5^X8Zr(Tfuw(Tj}@74PJB8V||WVE{j<<2;&!-ZLcr z`3WGDnuzcyii`o_+yM+3w0ydjM&E_O^#sm-^$Ed@>AsuS+_@LVUv1W)^wNnZq=3ewK}0@;DuZd5GhF3yeI^U}(CC#C(v+ zb5B8hA3!-Q{J~x6%txdHrikLmNCt??fXaa4Sb!vrHykL9Fa$6rlHz>GBclMCnxUL>4%f!Yn{kISasJ`k^0iRDm{3Q?Yj4xM&1CdFH!?hH~{d(>5=grIehv09E zS*@c&9uhkRUPR=uk`u|*4f-$LpK^R5xSZVhu)?{!)1%V~e4%~P$QqNOpke6tY#m9b z>U7hAOC*#A2PR$sDvrf5@-c$|;Zw=K%>^0sQL)xPz~rEGfsX(`E>Yij-Z_`pnoNGR4_A!TL<53Em>l zgbw|qQJCBU$Saa)TMYt?h4Q2F{Gfh57qJk1ccc*o<8j<_2>kFM8Bm}&;f9NKsD>&7 zu25qaRF4q=iSbeJQ^6%QBgqT)zepL&ZP!fL2+Rfl>cna%9?eO@V9mx->+oW)ArWj~ztd7sAx-Zs=^qkAv3Y zqvwc!@O@l#mVfkozRr)-zCW;LW_c<0fd`91wFzE04v?ix{`^I$8B6CBq)UXwc(38+ zcH`j#@GGHC{`s=N>lAb1j%QmW%_LoS4ZS<`mJ@Xcfn#Mr&R{YwH>Qx9U&W=oGyvIR zQu`S^0{$#mRdE`uGCtwp@{UI4O_D@gUzw_f|9 zkL&qtX!_}WKR;U8`1)bY)$`^2MD^HxKrP4spb{`PhOgX~RemN#Ogw4fTv6BL_H2U@9HCwGOfU!+)EKsnSgn}MY@GTz^Vh}xm13oQH zfRN*BdxQP%-)xvNZV`>GJOYO@L}&~g2nU)NLgZmpXa9I;Kak8 z|N0J24>q*J+Nzyf}Q=7fb3_LA%3>FsE?p{-nCgnbt0PD9;~ zPUnyy>K7`-*ACff6Es<$$WcLs>Ekv}BU+hI#g=;|9X8WEmD*roI}Lu6FeCXw{$+o^ za($5*#5@ch%hVw#VsL`CJW$&W9F2}?Dg^P9ANG?ESv+^!=|fR{wgV0`Nn5?eH0^Ae zwp59}){ZmB7?n!L*o4a>M-gZD+1d!7q*u*lD(b=XYA6741KDl*zFB4Q;T>Fh{pr@Q zh{Wn$vfKs1KAjP-l{)#!)59mUnfZyk>mnMQ;^C%;0>kB|@4#8O>nlp}_ zfvVIe<;eQ3R3cv&mRr0q)JnU<3yy`ya7w&{yev6@n6M^}R#4ZY$)xw19-}zVatf~9 z`+8+UTa5lDJ@P?G>L0xGhpXYC2pUj?;y>c}jGyS|d%J2aP=9bg$fztKD624rlb*M;)$_aB_ z9VX3FNK>z!1o<`yv^i>BgZ(8^zv|hK_oXk>ec=@E;5}XLO2e%le6Gy|n0q1%Mdm2J zDn6DfW+X*Ye(-%`(HCTR>j;Os_`WKN+zFXEKh^@)tip=J`01>>WvFIE<6ov!RUwrZVnogVr(HajDMGnR6d$jJws35k#CR_NA{@M)-OrJ#TnmRz?M#Q0# zr0~J5fkq*)<{^~Bm~Phf(aiy3-jMv!>mbD+ZbdB#w`hrGEW^n~aEFIkUO>XVp;Kv_ zNzU}uvqeK?>KtYc{|ztQjEa_|U7KlT zgoO#V^SXT3m%3PuWs^%uQff9(UcyR)(39^QP_x}D^dMTR0j5zQafxVPYPdLtOFRnp%o-yPB90Qrr%(Ke%=- z{BI>AS8x4g+>O)EqxNKF+9os&@;F)hFZY8|=$yCB=Pj;}rYRCUJeu6g0y>7!vkLcJ zAhE`LfjRdc&$B}&O5{5f<-unc$oe=K=X(PNc~fc>Mfr%5Hygoom((QVG72n=h6P?i zMSIL(AD8}EZo!zWm<*ic(sr;=%We-0H8Z1V(5w>be9}(*%Dp;tt&@DAJtvH7ME@0E zz`d~PAn3|UyfeQYJ<=E42TDs`?r?w~h%#TUf=DM8kH1?Rnayyaq z2S`v0730uL%Iog4=aLnso!@VL&17g$8K zYc^(YTgE-HaSOlRL5x!u9}Eoyzl>|Snha??jTWqzrN0b+h0h7Z$GcLtp}0plA~xWv zADa4`yXn5n&SqV|!oqf)k3|2Z7WVn7BrFuLx?|zI6%_QO5p~WPZCsE6c_diPyT)^^D1xg?>jYx>qxr(2^1(?qtgBcQkH6KQ#y67HmO{r-z?) zhXb7hiv4wpOO4G?oknj4IlXK+DiMQ)1}@FgNynaDgmu%ELQCu!sgFtMh=I{Lce!H| zJda5iNXHotd*wHoYalN_Z%c&szR1#VlaVk}YOgWX-WH4~u9F3gU=eb#KlN>ns*bRC(TK(ij$DybXT}sKUjRcA4;gu%nF21z8H6 z$&g7U09sQPc*1|CX)8E>1kEFN5<0;sx0k!)q~7~Ua0LCFe+D|XAmw-k#2QWhQUXS| zB4~K*v$rA!&o>tGNG^-@&d20?AI-2Ov61t?e7*zxDF{+5E&S7vEk0b)neJGv;WtO5 zwy6}TBg$o8Bs6SDP2ddf@^5o*+3#25S&f7=rY1hEk9|uA-Z6GH^-M_){-}uZTHR?(x?HFv6-GvP#o-JGBjt6TT^iYy zFRrg;9M%A7K3-x>mUML7 zMC>KC)jVZk2+iq2J5W|&v0!g%!`_yR+%C@?^&#_#&m8r{vi>>n4?0`zEdfFw5Q31y6&Gm1Rw$Pci(@k_}+`lRo z5Jxy$EOiU3-%h^>B}uoudnkp=u{1seqOQQHO`qLS?x8G5+TEVI9XFU;f!er_it5$r zB$1sF8IEn(42sX7tfhVe=cTWp^)>Rx$gH?3YpA==D%gSNs*^#F;cP;RHjgSD)vkcg zlBh&x`-aj=+<298a2^H}YnWR=0Ta(A00TrBB+9;ANKL}@rOu`}X2f3(q!y$$U_>PR0067Cd6-5F;Zhr14G%4Gt^dTr72Ba&Gf zz?h-3nwo!%2@PvH?6;$u@^jeJVf1HAEv9Mqm2I&zbVn&wjkrt(1;o^P50q5)JjY#z z>a89!sFgq1c9x}yW36*$cjvPnSUpc3{ffDWoaiq7s@g!#!|c|hNQC#bV3Su`WY5LN z9kQD`R2I&3Zr-pGsh>3-E?VpMc8WD`SY_#kn-i6(rB}Lm9zKhYw^&s}7bvuL#c_In zKkR2~_RNkRU(B8Vu^z0lN{x8X+3g6DHljgQ-t=BOe$vCzgy+<|;p7KV0bMj5{e@Z% zcMc<5c6NvWJz><}6RNosoFy|db&7PzHe3e5#S%XS|JND^Of6GCY<;%O^rzOuIH++& z2?N%zj5C^Qv}>|e{@_>A8`cvr7Q!7^EZ?E?97q%>AC+zN5sim331e!S2=W|;GQ3C7 zggahWTBums)VZIciZt#Aw7|- zi0xGK>sdE41tM~BP7vJ;kRb5ak|^9xk@Qs#r;eYYsAMNK8j$Nd2-&v9ZA}9(=CGPD zh%_>I%w>HcJEutP^>|+siv+?cXH=J)7&xt?oD2;qj<(gY=B?;MMcFBpxf)+`ubFsd z4*Lz7)dcs)#fBZS_LPCo4koEpLSv$sXGgl_9%D9!Zdz;wX@bwMLwdK2vG>g)pAQLJ z0K^=*=dI!}uI$}257}wWDh>UY<%r6Cc@`tlGyT>ydsUUD$8yGhWeQi)E{ZJm#qvH1c|B|qs;~`e}^e+LpQDg z?-?KYrdN2bLRalkX9^*qqe+#cAGZp;u4XADp*A=V1C6x?Wah`!PS-8^KJk5OY$%t8 z#~_UgGgsqbF5v5DyQjOO#MD(t%v=>KAhu3fxKR$&>6tbWr!AXRh`fI?_o(#ycl;os zh^KfsE+V;o&WBKl)k*-GqD{lXAszRU)b^=k&HC){&N6JQ}%HwfUvW9zZyI(2o<3S9h zMpr>|<0i9GK?0TNl?7+UI_1gxH0JJ4eH|eSmbBf9bM6V5^7@yloO)Wsr9Fk-Jt-+wu5~UacK=^mO zEhJWf$TSnPJGy_7ABG3(XlDovB2ja_S&~Ps?0duAJYsu~F`;(eU)Mmh%HYoo!+O?< z`6P+x-Z+L4;v2NmtZ#U4$k0%~POvgVGy(O~Fe*3q`C9=lxdhu1@`h_{Rl!rU?*B^K z&)^h{MJ+Wsb&H5!;sg)RYiVR@8Z7+Dn9mwM4b4%f zn*~a#ZD5Tcj?;novIaqrb(QL3o;tnqqs!vmQr1E%R%@5=1X?)EBsR!t;!ps392R{KCZ=~h8-fLohppzRUaswS93R|H%NrBi){?XHc}L} z(sBaY!<~~02R>J}t1h!S1w+GqkiZ>M`fS&wIBchh(qV)Ddqg@TY@GEYZ&9IHWVS-_ zrMKOuJBp4SDgjhD^LLv*=}40$>p|fnZ$u}HPVHMG=sYPtx{(Rl`A3q<8A=z+{2V- zlH4as-epZ`b}Eh6o11EcNrKR-Rbs34MGfK$ z|4I!UE1YU0Go7Vy4Q3J+M$U9c%-Ta(zz0KX^^?67@1_=_dNaYYH6K#G$3hCU2F0>X zkF}L6eAaNRdb8@5=Y`UmKJHxlxqZO9QViN|P?!~$%dlu3(DJ1xc>QevL54babx-_T z^W5phfS<0!Y-3oUwb-?#DCZfzWIKz@{W_$IjcC2R3R+SeaU#oRGS+dZ6(1# zx#L~5>4(}=k{F!o0#}+c<0cM{ffh7vLj*5dX6$9|3Ift02yluK% zLFi1g``=6}TDP)>$=z&Mc0fsVKRR`PCs{f(|A{gT`z1l+kn)3*jYqLqo@P=<0Jkx7 zg_wnWYbEwDLXKU9)0S_W$5un*Ok-+BLqMzm+oHFnyvE0Lm<17&)QJ}|?USb0g=u}t z5e8O#K0nc)fn4OW#1hQJix4*JZ%(cBv>L9n>LY9P40)Y|2$S&o$E@~@7p+it7*?G* zZBM#!jn-JNoRGF_g2mAa%0j8AnX`Ip?l-+t|sYFT&og1su zF&`$gOi42EvNV_VZo%kTxR9RF<_*Lvf_GWcN=Abs3!q7Ow!8T)cWY#h90nyjt#fUh zSv?%W79Dym4hL|!L5QE>z({5Eh*B218wzYn8N4Zib?gVCKsz{=NuQ)U7OJbRnh|rN zdL4>%wjeYATA0WaS6B)6`SZYGXzxZSX3iOUikW`!6#6ggs?C7J8)9?)Aq3W-pdrPt zgC;@lH6u6HXZOBd=+$`tvJrT;ClTB#2KHs(ZNDeY^}#yRxjRG4M(m5G9o!&S(tHh> zWW|tkl7Tf+2YNd@ngMN4&&J#%HYOaEj@I5^pLW_s%2-r@05<{w80k)M zlEl$OhJLSah*uS#C`NdEFsha~*X(rj`dt{NT{g&qL(psbjO4Bt12Mx&1V$Mb&5*h& zswEBOf)`q{Swd>vn8WlBwsf`UUQt|dw8t)oZdKxK(dOuw`qe$an*6z11i`@dp&(56 z+`YWJRjlx$D-o8~5XQ9ggDQB~gMFPDcLJ7dxd^VqxD`)FM?>V(u~7O=buoS6X6JM3 zTW)t2ItN0YwSc6Fj~+!%t`)_l&=fR0YvChIH2_daUH<#sgHnUCZBh7b@A2&*!MR6$ zHBM%5s8-McM@vQC#hU(EGP?>Z$=aZ~UZMxiu9b%0^M;nfeeT$^FrW5f%{UZ<2BVj1 z_j_cZEuWt$r|qantrBeBq8ASXFJBqMFNfkB$bLQmQ(Swv7af!_RWuq=kcRFHZKCc` zI$>Oj-hmCbzBkn+U+v=}a(%W%YST$Q!ikkgtL_^@`wissRa{MOyh15ts;d&;<#FNI zaw(PAKqxc8wZI6?U|Z1^)T~9y-*WP@p{gN`-K6k$2lJ>Yi9;$njTMD>OMj-(KmO#& zMe#4}pmW68JJk?@MfBERr%ilYzwLDXpT#IMjJa(FU8%_D8k1`CB_`iKwdMB~vPn*wLRGU5< zspNM$igJg^Qc(VedMnZW&R?TEA|Xh1FXoY%vZYM<7+pq+6iNRVIRC}c_B57M`FQ)biw=DqJPRXKf zAD4o?><(Tfpn?NZN)|)=q;HwC&IQ3cb2{KY*3JnbdBYE7I^aF@ZB@`t@Hwj$xAj6x~(J*}!F|&7u?JVtYAYN-&{h!q?B%}}{_$x_K_?fN0 zR?vMJh!}0k>LX<5IOk7cI}?b=OXs`% zVLC^*P|s3=RkFn>o1Iy?I?{Fb;%*u(=~GaqwPnpJ&#YN<&{^;azmiKoxoF8Z*1tgi zoLki{Q?R{p$w%z|$V5uXhOoLz=j%S_k_GI(A265%R@Ks=e zS?_k=DtPeQ$@)I;ml43TA5FY#)y22aZ~bc&v;~Gv0)jG(Bj)kh6B%xk~I9RhlXY=b>^;lLL1KVJmagt$` zrWa9^9Qq8QH_x4U9u{Q7<~a~RAj$m4+_}7)VSer|n8>s57Mr?Z((jMkT?(N^6cdwO~7!lb_k9<4V0425AxHB=n>S$em0hZGLPnBv?vVy{&nzWn{d*;0W;*LdA6SS z$^fhJk5LP*^RUK%495MThMH4M#yw#cv-dmiqItQL&B>|DLU_O?#!SDhKIqT+Z{!JE za5A614$8Eb5YV^v8*6(gxHB6aEPCZvx~_MfS;zDSHrG`5=GvCPqJ^cR#xtT$6g$ z@HocoC}nB2f~)Q??`zE%qkNZpjFLqu%X)o3i3{Um)EQSt?$x3XjHkGfe`U7BTn=+V zU*M&sNKbJ$wwo);l>d8|2hjDTRG0u)CmQ6T6wXIp6rxV2^wc!jg8F7*>8dDL4yRn0fi+lN}OiXX7Tqoc-0wP6Ef)OnAH+QITybAay4fZrV zxPjO!M71a~Jd-ZaCE;QnCE{pyIpyX9_GCwXHwk24=?RVtH`V8Y4odqc9BsF&`H|wz zy0avylF!03HZZrJE(0_>udY?kBJjKgZN&*3$nhtc2Kq7PL~;O>-(Uv=i6aceUO4(T zrwKQIG=6}U;mS>b*fUn$q%ac3UOo|d%EFaD&vcO(L7r(A-1VBFy}}x6kTfHQM9@9V ze?v|pLDT;`<7_-uiO)1CrbCbGZYU0qQ@7zH=a578>M; zPMp@0otx1XnJ+Uu8MpFo{VX$gug9zT(h#pmW&5d*xvdXah@fM z*kR}J^O!SOHphCd0dIY`*$p3U)_r~i=Gtx>HEN6vGT5? zLi-VRVZ%3+LGD*{=xk48ypcZePC1UES z{3jmNB1Ug+$^Z26F|`F5CJnG+b`2UPTRUtX&M0vYCFK@BgHlTW76tC6fzw~B!mI&$ zrm@;Y27?!tq3K^(kkmMJwYC3V9N0Q}rNQ>j#)(I4qBt6-Hx?qGl=@DUdC2(K+P&yR zcvVnU7i~Nka+QA|hU0pR(elqCObJ(jczLGCUZC9AS~|R(^2j6`$nn2cIyE9AbT>y_ zb5n8Piq%L(sv0AF+0NPS>gDorsz)4$`an`PSYe&}j+SJ!q&z!{sa=k2#Y8X2SN3`N|f!uw5l6Eh_2ko6tzIjTbHaG@>$$7qH(!%#q*82;;~ z_z94v&toe{$gl`96qEy4%AvKg6;#wlHG18M%vr!6cG zC_9cYa4T+}0GO$FaKe_S4B~xZqs*bPQSjX?+%jodvrJ02tSyh4SU8LWeR%xir_V@5u}k2i9G<(b^-x`_~e2H_A%++)65A%V!4!keT0wcHH*S!(=-WZlIjb) z%x*|Wb3W#u_j5JA!cOGtx$h`-#|?P67+f0Ve0|Gfilo%N7eKJG&UIS_|iT*teZ-7_nNDI@&v_+{py-`4X3!%qx$;n__@Z*Gky1*;7|FKed|_qcm4)DwTQ2fGs=h(c1{UtG)*}n z+E1|i;HF)=Ysv>8?bHS6_%&hj5owWAgP;P2fwK2;0KMpN!j*~;W(whv74BqW(uDMI!Ez-$9 zeZz#I7tKGm-7^`hT`;RdKVv7<(V0mqzT$ljcOLfopztM?#3xsFuv?{ykr)>EIg%=b~Pm;gzJsN(Pqsy8>B03DnDUr@s^!iW0Az3(t@h&u_oAB&z+Q zQ19MJ9D&+3&|7S)-s`X|BvvhPJh*FOSXB^n1gyk87N%iI^L3Ks3S%~Qr*EQQXbGph zAN={U&ENCt()QEZ-JKU3`t$aH>Ggxv&;Q-@)B2_NMW}aqb943e_?2~YT|@7C{L%YO zn)t^1{dBP{f4P4W8+3W|a}`G&^l6Z80V+&4sZar+ldw{FZx|tQQ}%lLn@88qqUA@- zcVMdXGW(F^5z8#!D8TrTtOoiiL?>phZU)WWiz^(6`P-o(BO3y`i`2}2xZ=5Hi&wi} z=`gQ)&%nx^0++xxp{7MGY_ky~OsD<9vT<08mHHLQOSr87vA(vxdpRy$Iy1^7TV#>t zRn0OxGIr0jCwsCs4yC_qdqq^PFx)=i5)*e;*l+e6@}qYuzvnohXWL+VFsLp9)Vq7oD+ZKB&3b^ps=ZcD)YNZG_m`zS;;`Yb zKDu#phQTHcMUh={cIkDuRPKFdb=2n6ehPdM%leVbD?sc~$$`;eY3~&3q8ZcCC5=BQUa&6`Gri%xi zfv#a25kV+ULMuqyyv3sg=DWX6J!A>O=+U86rWKlgl!N?g{4F%6gDN6?4#xF9cb)q* zqCebe!i5&Jj}3?iFo~vVxF7$UqlouFpeRyxkGveHeX5xWjpJhl=6YSbybcI@nDD+S zO^9ha*NG&12$(8ocL_w(xgfT*&F*t-4_=o<&WbNqTWEq9GAwl7jHbEEn0bO}6UL)T z8R7*BEuc3(lEDzh5h6!T%iJzK(+PN-k_&w6iZmD^KqY_TlXZ zKmy`lk{!6Ekam5{hDh67q zLo1JGNl5KJxt7L12?P>LpVzGd5d}TChHBa{MR$7Wcz#A_;=Y$p6S)nCO`Z8Uj%U{{ z5-IW`CrON_E=y<}H4)g?P}mTW5`K0?bbF!xMIoUWi{(h#Bo2g@JUZw*x4m_8LCF-*T|A|gFsTy$*;?>!EO@L$?=yOjoTmyV7eki9k#)@kWKqba1 zIjKi<7y`8|0I!1uSsE#(w}&dH$0T&`fq6sLN7aPLf42A24`UW1VICv`1`OZo$w*2> zB41Bc#73dhNWGbXy1uH4^f}(3PmQJa`;2%JLKi8uK3reFbDK(OZ^d4da0&35S`w?u z0e`MDyID=RLGk;=PUSLDcy1eu+>^zkt7 z2sH$e=SOD6Nhfh>({uRx!oY9}3%TJr16oj#I&4@i$S|fU6PlC~U=%bJ*Gj>MOCD$9 zr#r)M1%6=j3(bxsz@612g38T~GIwEI1(V@quY2Hlo8>HyuI>3}_4)I?vbN{bGI+3b z`?nySe68HhP7ilbRjX?Gt|ajuQIU^{oMzL}fC2`r8gN}jR8mBCY%EL*-CF78vwMk8 zJ;DPXNWHf;_7>P(HQY5jQSr@oj_!d1r(h0DZKBg1Q6XfNq??;7d=h?tZ=Wf!<-x%7 zQ^Lx$kAbQTON&AQRt(2xi0Ow(2|f1!m2Z^1*!7Oj1wK)?s=sPbR||RHUwNRBH`TqC zB)?A7U8jQpYPT5lPS%Fwg3BZMvHh4Jmeo!l(FQS4*K`K;m#4>frsmMmzyutlE@za< zu5M|DYQ+AgoS`z&cMvZ~S2cw%naImT#8;keSFmSJ7BEll&c-*7+lgOy0*bsw@j^3v zw^hzuOV?_|{P=E=mNLzqi@au&BXTQDn_EjE2+E?MVumGcaL|Vsq4$dMj9HHPyx+U$ zK4IowY7BM1P0?}eU|fK7a72k3WiS6waHA4|!Ov#RQfL{&9vnQ%aL?l2QfVxj-r&@O zs#aMrXwMw9xCmQsA!)M@EyLH(|93W=Bq@rw*oH5gU4*W706clM*+pvq_s+$mO|rNQ zulVyXA}2w_xO9EEhgt*m{yop1(GR}obyMu~3H}wgYO+Oh@C(AZkrn<~ z-lEFySu38pc8cro8!P<71=f)|>nMLWqc5$J#u8X#!<&iE!o<31+RXZCkAu_1`QK+V zmZn-k;7X>R6gX*WW*WM-Jr*uAWZlgMfylZSXk9A(>fG@md_W7@ zLD}iR!^_AW^5Z?ixw0<(NK>*j^E*c*38;f$YX<|h3%+s|V~<15xNEH=;yrgKl|X?~ zl}`(28`q#$Fs)V`k_83xF_G>Ge)wjh8?gqP&aHhh_gE!gZ*=41HQh67)i0Ns-{P)E zHb*15GiFx}8+D(r9ums`$w(%XV3gvR2`2APVDgw{jg=DJ<8)ish4*%TXKGo5d}RK? zxha}D+`a6es(>atQE$D`%ky=*^Aw>oXP78;Zs-1Rh?_nIB}pa?{9*2gi8Q9a>g+Z3 zX-#Rv*hFk~#dq#9LD*8BuW*x^p1`{r=owJPYukyY6f61c&)Cy7;K3>ZNfe6fM&51GQ-g#EuMXMCY6XGzlIg&Z{I?hJ? zn8^=)@~ByF85x5$C#^;*VA@=ai%9(NCm!+er;qX5<;Terf4eibFAnAM=qVHHYtELE zJ8?KuwXO|n%SJ7fvhxkUgx}J}3U*eU2(!siSMHuwRaQQ*eyjS@?}$yOUdW1VJv&oh zZL?l2eD>D{QD!iTGX)%D`W?Er&Ww00Zkvnmnp85F* zDo`3E-GLl1J7&3&s3XX~vM3_qxraBehXI2y%A7FE^m@E9>f|8jJ@^J>JdYKS*RF7I zsPiB$^TIFl!2Un1^ScGN7;U#)xi%V21AdktVO36x z9Q1>(xKHja8&IutF@-tzVvd0W4Kast)Zz0oBYT;noa}054dawkVaoQ(3dEZjp=AV? zw|q$~XaGOd-d>NLEz~4SgF5suK$d-fw%dVQW3~EuiDo>7EryvA)^mPZstRe8Hak*6 zeeWS5Iv*xS5ejfZe)n9=%PgU%0C4SP5a%UFZ2mi+HZxn(zF7-PiXwj~6zIuV^FAVv zp|Wc}C=M`fHTiuWTQtmuGbQ?X8b`>@F+_r`Ez=U;Oa<>BBv zd>x=4jqy=YcF`znZ%k|QL$7{o$r;akA(;JH1$dwac(m)(b^v1n6q?o?-Zkk{j@1W z2y0q6L}4$m3Rm?jsx)ZZ-9g?BM-StYBg97)~i>1O3@fa4Fnb0S1 z0`>@sV}H|w#CEu~aGe8(KIbzVI@&NQF>6!kAmb)F+)LkN6KMG69}_&VFDvu}9oE9e_&cm3dy3m=;{D8jVk z8))>4Wq##$UH-Z=6?C)OHgquN{A*W6LMw-vWGBcu$Y$TUIMHm{O`-I zX(r@*;~~-75m<{;z-r@?Iw?i&Kpn_4DQEAicVol9`LG+qu~i_5;*xM=@^+oL zOoB6$k)lauPQmCHn=N|)`No>Dpi75g6HbmI&zG&w1|H6}eh0PIe$my?$k-hAR4NwRwbR{ae${E3bgQpg$>-S*A{Un(VgqcIQ6 zA1cdzh(aIf~-`?;5ZFCb)iE5Mg9r0NY7p~_Bdx0yAP zaO545Fn7p!z@_JKNCaNwh`9;;wj+Woq`YIXm)OCQP8eNY^Nviqgk!;f+b1k0#FxQv zQ;5%uqAYqc>7RqA$Y81*J1xiwSOjV4tZck}0CgsE6h8Lm5=J3S7EzLkX#Fda7z*YZ zqjH!~!I@9`ryov+TP2=BG5+o!uZ1aWQ-x!S$Xi!pe4BQFyyq5Q|95hB@z*6>|2HWG zjl;I>=b1=>?L~|A|8LGdEiT&s?0%-v%*p1WWsz^AgZ7^_&$QT1%$sSq7Vk7xZz%oC zaUQMz`=Xm`vz7YK*8e?{dHrwnXp61%&41vFhq1A^f4ICJmgee>`wR(X>W*^ZZEEIL zX`yhZ@gpI%kul=|wCwxa;Yd45*&!L-$!V{m3{L+|6imjY*{$JGA&6>2oO>FucK44f z&o%N&@MO?vJJGt11Abv^U4gnmJ0!`NTs{#ghC(3*dJhLsoUwF9LE}j<&+LV)wK7JQ z^q9-EVDSoRk!i6-F-9)&Ln^jXyf9)G1tlvcdE&tXXNCf7Fja$H?MN_t1SaQU!48pk zR>;&z@~MDLH=t(3<9f{^LFj0iw)s#nWXO8(p76a0hHYSp7>L9WV5KVobU-#~{oLvP z41}|Ahz|Fe03p)3@-WgIfs%j=RM6YpmVEo3oQT+LJnV7A?H~I$y=+tPz{Uol z>pGx7UJV?5;6`Fjn?Kj&zM@K zyy=*d;?gCwgvm5lC1?&vg`6f^Q`dpKB21UsrnNdCL4$A$ywzz!v0vq-FqKYJ4q2+H z6|Mh~Xo@T){a-oWw59LWZ3}{)l(SI)bM8L@r|Zs}~-V%u+^V%-ef4dO)H% zVkq*FuhHfa+BH=E7Rji#n~ClAnIpV|klL(KP&II&bDJ~`@+U5{OhA1Q>x zkQs65mM?2UlN{|yj4G5F;S6cH$6XJtHs7ZOd+OCQdwPj*1t13f5S|4pkf9=Teett4 zby51fO2HuEG9tr+tTTdyS;1MJ1meZT#__ct?AACdw+v6IdgAR)zn3}PFKI1jui%!R zn+|KV(JKM-YYwL#or_-w^jRFe=rqiJLs-I8D@O$&TH<5=h54gl3I<2f_FRpEU;w@dm_GK&7RTyhS`|oQ*Z` zACKh!au+})H9l1Wrd?C@4dd zDoDfuslU2}UO@uX$w=J;Y4)p(G%<5I;xl}yi1Pr=sl8&p(!(}?glnTea`l7tD|rJ= zgD1pU3FvadnS=)u z5fK3Rd@ew~!`;xHw~Z!f@%{j51<@f)a3#ce9 z$0$+%Fwi{Ln{-3&26f0c_foh^Q<4;llj-S(K{-%IzEAeURif~tO#W}--dYJ$c+)*> ziD*ccEZNt9`ALdDaWs_CX>Y2VtNE*oe`|AozgRtC&)^XPeNY#Q)u0_+Oz9tA>fYv@ zt_6QvGFHkci!QOBbH3U~C5CDwF??!jb`j8ZrXlAB8|QS8He#Bs<_ccH^e>rWe;w1Y zPy=9p-8Cx}VH^KIjmUBt#EN911{-PNq4)kDNV>;RdUm}?pFlH~-f97Y(hz%ev+L7= zPaQv?3#6j{rb@znX0UjRl`pqck!SDk&j}1m%R3sK4HXewz`5%S^htsgWMA>z2%BKC7?1Ys+3Ko zGAHH8V4#P}=$^Wkp&8UsBHV@5{gLvO@sGRn+P{fOo_QIE1A^A*j?Z=l(Wia(JW=7A zW3XNQNh=~>GFYGGv1u#dDp5nMC!7%#W<3^_Jp?;RT5NR_u}@)Jx~Fn>@SN)%!pWr| zA{BO!rr|>UJY=;Ju}*4s&{gpov=kks(3tx_tNEa#w!#pPW(kGnV97>c4&yP}eGYq~>^xcf0B#xxS|t_hShK`&Q%hVwomz!+XojDbF2qY=H=Ir$X4ixoq8L9f zg|x9SC}#-j>N1S06_ED5g392Y@$`~!K{9GJ1TOLkA;rIa%8JlfUg0@ex`mIPQa4@G z1W0c>{k&HuQO|FAEs=tHtK60f1#1hke6tGUg}##5vg05`aff~qYwvfQkb6CC|MtS+ zf+lqbE7S1QWOHxZxwh6q#45z@Xio2TviiXer{|z43C_~^ciF>U#oJR? zf>i$_??+=Vvi8VqGBiCeU~AR)z?%@0;MUb!`M+}6R~GBh#}`l#yvxQh7v(l7d31W? z7QfGzCIZQ4hyL>nD+dA%iwP*;;<_j)k5VKbaS_i(Nc#;j#gC;RUVy-hkKa#-3>rJ? zHyNcHE;dlmQ(LY(fREfom*2DpS!E1=Li4M@Z_1!Hssd>=vapDzHFC14Z9BE5+`zq` z{QZ4CsIl7xvX91n|DHRpcDNS3`F814I7hrztKe~Gsd5=Sp;)?1@<^7@cJzm&uPf#c z?_`-vAa&vR=3$;K8&U-G+0AzDUT)Ttl^1-?(u&oY2gc(OEQRfPG_;MYz~Lo$;NSv3AW1&@6QWayh%j%GO){H6TQJ6CEji)!A74a(0F zI}@@^YRv}VSyWg$8(yY}d8w zW*m4$rT=DJ;ABdM%zOk9wFDbcwC>KAC)g~oAeQY8GX*7W&}H=B7pKEi_ijFUC2F4_ z&q69xo>Hgh7INKE8NcIJt;1hh>~@)Mf3Y=e=t+B zg6ECe?Se$etpk%)HPX11EabV&8oAMK&@{nUGu!EW181xD%fm&n&;Dvn&bWh`8-Js$jHm(a&dzWV(| zd}p70*l!dCs{O^tJ0AWhzGQ)^)Ea?V$S6YN`Z)I66aAnMb{1GRh^fX<4!vetre>#3 zjLbWku9iCfxzA{1K}y=QZ5h+#SKcIp(j{Mcu~ti+Tk&)^rgqFR zy0Fx^GfRtEiCR2y`Y$r>)OqP4J7z+mHJ?^vv{=JN(rE{{3gDlWUd#DBLfiRqTg1?X z2>rteKLgVPgbvldkY$WiyAOw$X(-g~oI5T}BkuYCY9#X^%szyK&AsrZOMXQ)oz+fm zp-le8wv!J_6z0dQ4PK3uK1RG-d0A&sVodqskVMnUcD|_xZ;6dJ%v|Ea^qT|u2>6j6&HL}rt zyFq|VTtr2hQUk5KBxAF`G;7J}Q>|W8sT1AeXv8QJ$*R;Wh0$I8l1!)w*~zR3nR)xX zU0~M1FlEgBeM9jb7hdP|$jPrXPp2H^EXmfnvRN#%`C_CNFK?n-ZQR~fuNO+FLYr~# zd3S=p<&j6nzd)BSU)OIxeo!0k<82_UMw6?c12a6lYSV%^DeA})cdOO&GHcd+lZEaI z>u%C@KA-<-Cu;#}Q>*m&1oScIb(TT9HlEdSpSviS7JayqPt?3dyD^NlA-nJ^xH-P6 zwJNw3OTBU940TX>kU=OCCEu@AM<<}EsBHhX;qF~Ep=h$Prs4*YqVM7r2)Gf%We#7f zw7mG@*T;WVT4Zjd0-!@kPwfY?xe8*@wf?t8!^j=bI?sBZj;xyUKGj&$iTqzwicLov zU-chUYWHt4d&yKVw$47%%NZ{jJSTe6#`I9kA`3;YqHIp{4p|5cfob-J8!TcxO)s2o z+MNwg+6SZ+rvKBouu#9(<$kcn2hh*{ECneasSHg!r7aQK)V@mC;p|tY+|Nuq6+#(H zz1G&(46K{T&lwW9x>jL0HJMz06NT}_`{Ykww_Ma578RC!CiW;p^V3#&Ohd4tkQgk^ z8M`C395cth#kIs7w7z6EgEDmR*5(~%mcp%=pqgTc?`c?Lg!F0`zu()Zl_Jj5sG!aQ zCNfa{81hq11?#w}K$sf0Cyn8PZPcQkltyrf!jQs%bis$}Y9Ck>QDis$=!w!!+GSMAQcaBJZ zyIDomDq@z!rfw1-UTRKTmP*Y!-$zgiNJ%!B$ zUU|O5;_8NltG8S?ngxa8OgrYfWv2TAu^bJk^qS34uz8()x4`*LPIBPH#r-=qB0`fo zf3f_>=f~Hre~;8vk684M%w!(=+s$Z9Mu2$7Hz4VCje%uO} z1WU*0A?wxZ42=JAAN5kgm!?1Mcj8(b8)nLb;qiK_KDcy(r$cOPN}T6S`cUGlDJ-VJ zM|!DRPI8sj>A!>AVKO}FcggY{uaH^Nrz|gx;;K`hNBD_+HIU09Nq_9}!zDG$+-}sG z=&>oh%g2Dy!vLy1dnQ>=f5U;J+k4{7uAobXE&qFu@>5Yf5p5j5cE| z?wT&@v!*q%1?d#+ZzNMIsA4UBCwmP$=_R)OM!zRy^@kw7h z8*Qt$dfeC%u_uxBp4M;Ql(3_;&&ID7Qmp@OD30?vOdzW{#`ymxLuMjI`>Zd~Rh=+@ zW#^!dr{BoYx3aX4sl5a=L3UkH%U8JZCxybxWt`XS6GVmGR;2aaxO>6I{D1PMyk9OqjPA3d1H+ z7(1jZMHet{Ejv=Pxa>*KU1kc+k%mZy+ ztDlP6`pFShajR5O1?r9&1&Icse(4a2h;u(o_(?`pw*2&twyemb|)!H4qkg;Be)ax^VXOmJ)RZ zg`7$F*)_0G3R);LRV6aab--*{NJ-*BJNsX7wyMezj6LQu1lCdq2?xf_b&eILE(csVe(Aa5h zJf=`g+3*w-gazfRV+P^6TY5B)cQZy-cbuiW(pZu}%+NDkxX z3nuq-U+rtU6ddt-J0JKUzhoBgnK@PFaUrI~au!(c(^8aAJo zTQrs7w<5{NK@{WHHjUp=gLkc=DmQR#w2n7y1bu$Mc1Qin`||@ z7N90ZWDuPy`u@Z9BEKvVxoiiQDw~q>rJ+Gxs(dNNYpcaVhp)P}Zf0*Bt(8Y{zf~Nc_OKRRjKXKz z0}*G`?J#5^F8!ncQSM?eQ>#R|2~2S!1)__u;%$iqn5j#BC0V^?m_`}OCM_}Bh?tIx zaD4!PH}BG3I;kZF3klOW0vw!AaA1LBG$PBvL4<$#2-C&0Q zO_ABun3;Wk{6;6USNka@!tCynlYQ|aQr}URQuO71r{7EVmxEeYF5m%f@q>*j< z1NeXH`#uN+?FQyHuk5G~RE!5gi^u}RdCsN(GJjQzvuXK1!uh3e2zl%$pyETlh;+#u ztslNvhHEHbGYmQzBJ?F-XO>>=pMW2)eUeszN0v+=NzEF1&-%|q9Nnrf{{f?fgix;lXK*7qXZo+-2kxo&wYnrs(stUi}ZA=cde^jK*eN%1P-Z$|CnopyM* z*lMO>I3+>$mm8U#f}%qJQ3Y~wSs8JfH3$Ck`=mo`W=$NEJ$&rhLjUy=uJ}Hxut*n; z<-u|KdM>Ga_FXq_4*9`huA(O#+GL)7mJHo)4R^c|k<}6y0QZZs5bJ%{^6qvX@KIMj zIEgd3(rlSLojaIiOPFyIW;atnvDmIbaKAkJ>Tdgc{LR9^#o^LL1)3n>o(aL#on*Dz z^MF%gLB4-ySazA>tE!e?|5Wo>Ffc&8Sg$hj-HRHTrfv4&ef#EZ7u~H#W2LOU>@Qb9 zYD|kA)*D7i!JV-rd{xcE!=$al@OSFT2qn{zWTO~&4evvz#&o$#$>AZMdv*NygU6!b zcY{1q2MC0x(XW&O&=w)*Nk>KXAJ6t1I&N@uuXDAy=Bp4Wc)&xB>If4gRK;M3lnvc1 z-;^T7K~1B5P1x(yt-=+sb!8-+=Ap>FY5^L8IHe15<8I-FAE8b5fM*O2#G`?c>9$Kn%qkF9nt_vX%vmH3R&AP^L4*tPaFG8lvmN zo01F)<z13^2ghq`b!xJkFsqNuc=N;Bqvf9oK|E@?G%tY z`eN`$^6m%-d?I7AM0%%JIhh246U3zVPR`f+LqE59gs~I_Uq)>;Dg>2tp&MvQwQUie z3oDfn+;xNO#+9=?$G(BsGv-hj&iE$dOai*+m+*{DP%lo#Tdi%X!|@v@IN+7G=F}#J zwBDIbBEd`C&6z-K*z5Z8cZ2X*XgU)@Ln-+41xKQZ?^B;TrlOAe zUY+T7nDg5L4C_Pw+Dz>tTKcpf%z@zVqF9@>;(D_qA*WUBwTo)*5YEx9Uxh0e&(jX7 zx>I6>sqgAo#D_(ix|WOhXYCrc-3Mi#CAX;!YJvvc%*-o>_BIv9#=14dFZB4QGn#FR zbXDzGML)D}A9K50lh0E3F~`!8gp>|w_llG4W)F6C4mNj3i9DHN;Xnk^0y8J+jgbPb zX3=J-_DopCj>tjsx`xIY(MXKC3fQw=x{?{Q^k)(-1fC#AnwCBJU-8tLj9NRJY;qK4 z-9vh5M63OCK?tsd16mT#ZE{a7NcTCN_p^r>^D#C~qb9 z3}{SI+m*3T6ZnzpD?RO6>WC0?1 zoT|x0>7N8lMxkZ^%42EGmWhtOl#Uo|8~Dy@L!&p8zR%~PPyl^LEdA{-W04A3dYcA0 zw%2)gA~7i{FbL!z+!f?r>N zAR%&9R>-ov(;yezOopHuduNxHnc!;%zg+(*r0JNc9~2~tPV{UrvG;x_h9Fi}gcj?Gh?6$Cmv#SpZ{B!>!hGPudl*tqTo9uX|VHWKzw}2kn1isPct59l{IQmvYq(zAax6#;NAejBxPB*?z zKg;~AENr|^-)|pfJl9nAU-zchcF^__C-NRI*5Ve|u$5hmH3tfa8TuVT_w>?+3JS3$ zex0i_#VW;j?EY2|zsh;g4Aae7E6@mpr1?X(XE6#u&#tFZd1jAk?8q=5lpmB*q?>zSE4}E9 zCUUvkCYWI$$keA5F*aEB3a>*ZI1`b7>FXrb9`mcB(5%es5sBQ_P^ zC9Yh?yex71vEQtHzed30FosvLQM=J0_s=XXDM;-$%$+x+f+8S} zYUY(!;o>Fp-$u8M@>1$mUMAfdrwcK`gayuGB-2*udxa_}U9w0yn~0Y1HZ!L-r79aJvKdM(!vF~H;KH+@>nb0Fj$3`!xi;`Q~S_miwSN2-0i z!A=>Lu)LwY*lF6z=66vcbJ11Yk^n83A?++HC;3(R%1iV8h=YW^bu(cSprnzR=(;R zVzi(nXjJr7@dV7@;WL92e8jmsAB!LJFamKtNb2RC4s63|<$61o_ReUr9V_^wt>KHf zJhq#gnd|8r8Sn4!&-)6*EXB)M1rU{ro4RZIS()>-ai)uV*wUU}VDSAu4^I)#$36Jv z?&9)a_1yW-L292iFQ3=P*|hN6M{^$B!%uXYTvTPd>Erp_f>Zvjif`^G38Z5Q{zGe{ zZKtQ#HTdr3<$izpczu7h?Cq+8Qpvx`{%H2&F*q$8u{!^D_Qn3CN}^`uP!z-vC(e+d z>z`m8m`;GIi5*KY@$fQRzb)c4R(%1~cY$oRK^e4-cbcXnxeLmjtHFt~3EmjwE$4Qg za_H`MU6A#2F3yR55uC{1ZPq-lzQ73GMYWe7H4DD0$&6@MoiTq${-I{Z57=ahQit1baF;0l}ALc~w8(x0k?||8L+x=kNPN zmJg9AZdBRvcuk|{-szQ12BixQcl{U+IS6y$>{`3#-dEsNM%GNS@a3~eWt)1ZQqW$) z+C&Na-X$hd{2#-G1_&Qhn=xCFn|T2NmZ5^g;9h7yb{7|R_^uyra>q>5?BA!@1oH-P z3+C{Ucp|#QS*br$nH?N>8{3Z!%s%*HVPB|3y9<(UXHKRkw6@tjD~E-#NY=zzr0yY& z%LjnBT|N-Z0~!&LE-qa@Z>~7wqU$|=L43R!8-gp%rsZ?n zMVEgeT3;&mK>(^v>Tf3ZWe&WiX2mt@LR&@`yVq@`j^>{;0URpuG)1|1t{S%`f(e2h=AVS!k&3g@^V?5AeNC#X2V}uK`IM2xUPMwAygL9z~6pz=NXzQ{! zdBY=QviNmEFgmeLuAT9h)M;2C>E9n%U|Ncs;!1xI2-MBOCP%C4deQZ;Sen`^{X~A} z&-sI1wb`FTw~R4vg&EKd+4WO(0z1B3l~sa>wo zl}!b^t+jO>`pJXkMZ3&BR1xhG*Gf$i-4h5Vo-v9hFMl3w1GpE$a^yliTx9Bw?A@P4 z@Vfo$C{cL=%+Q@e>~wC@d2%uswCKV2`z;U=4A zU$U`4Pdof|3s5FjJ`lzV0=P3dpKP`7UPtAX7;pAGqotQj(le+wJI+dDs-3^>LPsj03UB#PJ)H``S|e8 zJ{0POS3e$VI!H*jNE@CF-xr<__BM}%VJTzzSd6qQ9ikfVKAy6xJ_g}}v*6x0C9LOv zaURIzXsVH`&{Ym|?Uc;H%7t91Z7kdymawvG5R?TDF0|h84?t#~MM~!&#U}8E^MEvY zPhDUsAFca5xLop*^01J}SIaaCaYx*LOQK-f!7?AC{JnFj^2KAa&y?~v<*3g=ITyC- Tg!-I?@}URINB9LE>dXHC+X`l; diff --git a/assets/cloudcasa/cloudcasa-2.0.0.tgz b/assets/cloudcasa/cloudcasa-2.0.0.tgz deleted file mode 100644 index b4411760ddaea58122d8f9b177da6c08aa665709..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 26853 zcmYhib8u(R(>5I2wr$&XHnyEloNR2{wr$(C?Tt6K^X%_?*IV^YO-)brTr+?4Ide|W zHQj_!P-sB^D?ijgv_?|OOeRwD9C9Aq?8dC>Or|RAR@y4u9E$4d9P%1A)<$-w9;!XFYzERA*8D_ zg&>7g%qbrF_7K&C`m%Q9l@S%!Pff>+LC-`AewA|uN>LaIvGeogD49vf^2B}HPR%X+ zD{TgT@IU-KJTyNqD+`4BUt3jmao@LLg5B>!Rf2e5TMJcn`aWM5d*chOz!hF7w&m|_ zMKOJ9x!V@^zle(qLS+l$UZ9}M3lg$pL9FG5C3FcOKrwRVtiGhmAYk#!_FD zL*Cu(&+@l%6IH~Z5HI^wig(FPQWe~Oem>7v&Q>&viVhaOce9<0s4(RQxNH}HQAb3K$)wqy^GK+KBAaNhgxj@2J>y19ZU%4%7qqbj{7!{g9i4OD zsW{&Mam9aCs*{i$(wuO39An24<2X-h zv*0{plW8`J)Xk0=uOTy$Feb<3GbP4m3}~XvtmpyC@;N$S#)iWKtg;U+|B7=Q7y}beiQgaZkUmr1^PIO)&;>aZ~K!;m^E~2%M$}>~+82(=+x4 z64Wg^F4~v*^uDvaWL&a8e%xn0%C5xj`R4dmEyDv1JEua}P!z>iJoP5pF+Tf~)Fx7O8U+|j5GLjMhMHXE@FoC{C6Pta2wrnPosvPBlE6{ zEO@lUf8GNsDb{Bj;1p%*uIxGKq|i90RH)%TOmE%vUW)Dkv3`rgQuy=XQ57M<&|dRl zx%*HV&Wh>EE`%?t~Qg-rrt!n6kOC;1j99o5l(Tu$U{v#~mex^#0x5 zrH_l7h+76@we&+7t6kVeD28W`ponPAG2-LSQ$Z#GwLp{;D~0pm#g0s5`&NhXsuXU! zoc8c@1nQ&WSlMQx-RLR;7Z?rCogjm`vN>@Ipc!Q^I!N4JUn6y578WWTK5Ir@6T_`q zbP%phua|-C<|2BLiL4MjVwfH0j}|C`jbfr$9I|_SYY6Q8`f(gBOsD2&xl@+|rvLbv zDyr+Hx%#p1eX}n65uALOVhsBc#_;x)V`DWPBsEWE{#e>BBu{TJxhD+k`|h;Rxytd2 ztl=`}j75hC&oKX9-L!|@UNqoS`&{L?%b z4mI9pFd+E$Ns%Gk11*oQo*f@BOO-)B^kNB-s|Lds->iZcfEVR<7NS|sXa z(r0vPq@^o_IuoAioZ1FA6it~eUO=JB3=)Xvgb_cf&&B<6c|Y3PQmrsX=gz&^m5yXF zJSq$VjiG(DPV+emkE7BJB*$I=)E(ps?$qO-b`Y$n?44TD*DP-mq#zaN!m)T`2r}k( z(Ob*SrJ}n}RRj=2b5$^+|J=mw*K{B ztH(DfrwSRr$?_OQv`hF;@crwkAMYN}TiFV1je;;lA7T8!m~dT&06SolKkjxp=SLwG zr?4WRLf!|2cJ80OzwWo{dg*h1{9fOu>fBC$O!y4q4_tG57@>$cLq`lJptXkKrrz`@ zWoCP(;RAWpF5T_33|=OKKU}Q$1*ZXM-w!epHq*kRjNNsys8m&HV(L~AC5D5a)J?nj zS*sCKI@xjyU0>EWu{yTr@N4Ebuuf4DM7E7f4{Qq(vno0`+$M(k@ghM%AH0tqKa5-b zQX}JC>$q&s?MBWH=%<3xCbI(A6qg2`E-#Y&hxZP5*3)o4Es{`yL4;3xE_p}Fm&hy@ zp`pw3fA~crTghGnfR1D&kX44LQAwi~90!Y#a*is>JRI5HVdNTT1x8BRkDW{5bH>KR z$dtft_Q7Uit}rgRn(z=DOG52RY*?Eu4sJYyR|T6(v^(G-vuHAgcXgu~8%*Ar#lT6{ zzf99k!nWt?ZC+_&QN)WLtFASwFe#DMzTIBA)#X@Q3~xqq;$IHgrE)Xmqml5()A5sJ z6;FsiJM)ndft3hEuvs0Qe%~EbWf_j1EdR(!5ep3_K(#rQv5tGu;`4l>MJ*6jJ7O-a zlfk(7XUFTR4ptB+4=2K!uv-tEMt5^{bP_pz3equQ*$B6!0+*>L>W@=puwH&RB?n^D zVzZjLhdSq1L~A?urBbxmpI(U(Cs!i5OB&FT;Wz|l!mVwPEu7I%2E#yJhi|VR|JvNb z0HMZ^(;5bIqInfuTwuEZi|#kFKDA3n*{$*bTFPA_SDKEMMM=ONc-x=Q>5}b8AD{MM zIv%|l7MeYc*f;lp`UsChB~1~4+Xxg7%Tx?g1!uL>G)y~-AN7XnhglCS@^}@u_TOP7 znzQyD6T=-DVS53w^af9*Zy-H3)W{YOm9u~D5a{ceQ9)lrXyZPdoVQUL9tozl$;c&? z3zkxGPxr5oq5Q+m>H5`AXRl!>rVw!BFM}SIIw)}@60gEzu~3onLx?khk>zQbum(RP zUaDmi?LOHv?!Fv(<&D~uFZ9}qnb+=4!G*K96I*Seiq+`*_h3wD?E^?heNV=#{x*NR z5^Pz^mJ$(d>Bx6xlijMzgUcJF7KZd5Bh+<4x zB06$W=b1V@F+PNvvu3)TE$u-j?2@h2oo7m#BFNITP?g!(3MGg{6Uy6h)H=bQ(2Xn2 z&yI}P`?5o7OzC90;;(E<;S>a2u|P+x)VR0%I5-JG|3v)t@BSf+fWVAoH`}G}DBGkv zI+XlJc5~LwedUe_^W`al2BHQ^Ja)39Bn+rzN29Nrdn<2uwvtwd~%jz?en3LK*VL#U~1zU4Eo?arkVs2Q3oIoiGj!!$Tg+?oqnyQewN%=H>`mH)X{T+$vTm)TeFYQ+qWG@;* zuiGuLT#F_E(w=w;!0#~V){1ssUk)m3%-ln${jP6Qe>tPwF?$Yc;H%=HaJz}~x9gxC z&$LCjuHm2+lZ3`_@5Boak#`~q2OkkC0e0!Tu{$p6wUhd~g@Qa2?~iE-Y))H-OQu%` ztBk2W0X>0rK7-@PNxAzDh(x1-kOEf+pUFYxd6M0-3h<*TIFmy3qy4^vVhKPs0TGJa z%_hR4MQw4Q@EDgCqLY*E9$%*r5kl>+I#m|~s(_o#Mv0cyJqAT>PC~!&!1w-Pr54AX z4P{%9e5bwAk9&3va{$^7cM}rbc(25f&SusfRyvY<>Mw$zuBn2P>;sq&yF*SA#_4o)=D3Vh)b(CiaPBGb$8^8zwJwSR8 z3mOoSVg?J<=M5E&R|Ws9#+ro(4>j=)YOM{2pd&K^5ej+=#o;&x&R_*MdZI}GE$StS z;IBBxe&MS6I@XX-kDp#pvW8H@ccGKTk#3!t)j9{Y{+1Q!(RE&61a;zuqxZCL$iG_X zIZI?XUUP~D$I_=+3MckT8$qq%DW=fhkKZuJTlRDs)1c|lXaJ--22!Oye_8${B%PY2sLR(0L+ut!v0&O5Acd>@>jjSz1 z1Os-^i(GIdnV~7?T@a>gIft7}S%ye?2!v9u>XEH$K;;qs2~gd&w$YNEkTTVfVAYJB zZUw=w>E|7H1-UN)#)&f`!s%ZC^D!X@Eq%H;zU<%7hQqEv4k|Q^Fkf2{!q7~MQq(|owdwm?x^P_v{)q+%Rr#PlN~jl&L~B)ODmt11WZc}k|B#xB&)BK&l5@&SHOZr%LB+%5qPC-y=gx(b4k%VcN#iJr+AQiS) zR(1e_fR#rR7+NYhak+6n)>KLG}PD#v{uefeK=un_^tduK>V5TE1z%hUBx zm@z!mu*TAT14bMYbD9Q8Bl@P>i{YUTpgS$@Q`QXd{TFTMu}_Bh9@DrfK`mt*>c#%Et>beo zLds;l3W{CSnNmo8u0>D|MxSj{+v-MQMnRND(IGBr&Q0pJGwTo%IqhVWl>pzwQX=dC zy-AFeI9ME#hZUX^!S5rz=t<$5uV(GDtCJNU8Uwo*p&E;mwyQ#`=2uI?S=KFSJde{E`-Dz}VxQY5Ok}lHa zOLV0$$~mL5s_&2C*-M7%Hd5wji_a&^@xrMiXInzGKjHCfENX=J4O5wOe=MQF(IH0| z{zka904l&^p5)$DV=uW{Q&?eo zw|cdUV^m!xcgOSNjn~+2jQ@&6CT~UWQXTj_En8eCcbcnn8uW3kAQBffnb*~>laGqg z=kM+I3Om5(H7#URiEu<$EW%AXbXpmfHGG}Q?IuZezIkheDl^wV2ViW$s!w0uksTo~ zN;nZ-cpbM|*a17ZO-h^8=_Zn#5g1Ny*$v7pA+INYgOjIhqW0I{C(5q6sOxDcuc(=U z6zb4IPGfJvaCcN`95-)*E>fz6=LbYE%HMRB@vxtS6zN*nK#HVZO^FO*$RSbp=R#@` zrZ0Cj#<3z&IFebNy%Y!{>rS51J7BjMS{sy+3bAa8Rd$}A!GOdk5GKXra5RfnkHuL} zKtxa1NNdkSQ48LVs#bj$MtIIPm#XCD{I=hiPKFLWO-9vcO|oLvi2w?;G^{>}>E|-z zS+h1sl2RyWjQ2TU5x}RkH3rwk;xID{Nc4&9xES=9TMBjEHKg(9&obj~3RmnfGj$~{ zQ;j)Kh6lyg`ihlR3i(UChCEg~V^J%2^}DwwO$={?r(mFj^Ax~1cm5;wTj)f0{YTRg zd>L`C8B;QJxCMi%&L(R)F8L3a)k=BkQpfHCGg;bY@5$O){efVy^bNZ_!*EKX3a#u~ zH{a7|$;l47TIdp$_Ms$BpZ>#Pv{vu@_{raei+r1*YCvklgYJH3kgN$Es>-(a#>tZb zmKHp>!5FU~i0a#t`8Wk?1>6OUX!*(!0`!#0KyRqlN^q9k*vuKy5ywb51P@#M4E(4K z4w!nTVc6z;x%rR1scBHtnlc9L-Wr|+x~cxrR+(ecgm?5i5L}o$h$Nv?r)7lr&ow&d zs8ecpMFQ58Y+<-%R7Gg_fEpjduB>QLl=)L1Rb@%c7g)a6Z=7HHZg5HDSQG;-_GW36 z=}OEkrUj-fIUYRL`(I>omtndCR#!7_6iOszW86Xd>7W4+Ze$TT+#_o%TrS+cLlKG2 z8dacI_K*r~%DUP{;LRa)A&?jpvDm7sgZ3`r+nO=oYSwWDlP>74b}%tIM|fBpGTfXB zlEdlAOHK=@ReR6|iJDSEJa-vu0<4>oDn}_(!WqR~{B@+m~QC+Bc4#df&4jH=x zHy~IcFoS_*)4B?=dj(jnzTBm}S)fTr~Cuyw@2yCSoD=2SI}Uk*=D;=ziS ztP-Wniof#BCG!LVwif#rvFQ!K`qvc5?Ios;Am&q*uMN3%x1MHG%Am zK}C-bI;?IBy%8V~?_E9AwzNH|*$B8Yy@K1#QCuLnHQ>vQb5V~Krx#UeB`U7YS9SYQ z83Q>#s|2bx{jgC!{ik-BFX#5(rwuy3hG_xCNh+1(_F-nNI2isHit$9m7Qjj5pYz>< zF2M%ZQ0ms;+UR~TXVN~Rcp#gav7X|VrcrKmamS#~A1r>8CHAH*DxI%s`9fv;z?xeM z&+0|tkbU_Q=%|cEAyN%~HU(l%&{1v&nV?=|Wa6&5FnuDjm>pYuFiW0K77pz^P<2!T z3sdM`|KaLZUEr=N%O~S}?{??VKD{%xk9S;}`m|dzqJ6Nak8L^S4vK;6^N%Q{=jsyd zPP>SWI-f6eJ#&T7-}HI~=aIGF%jw~zpfoy@bBZueBD*h6Ou|Lj*X1RGM*Pujk#yE z4d!zIPUQA{!I5d#j=a%8MjiNVp#tlDb8pLxx}&9OYn=;{AenOs-(4&(2*B?Xc-zLS<19 z!(v86er3j#yPH^q@oKZT z3fl%30U+fpDeVv2A`IGvIIdg|Bff0p6J%ZKb6cj)uKnn_WHzUdXv3YyPg39QHsLty#xi7&u59WkBPe}T(67D@N0nxEmT|%>&A+l@0>WCzl)!iYTttkNII{oqL zOt^uNS@JV_GK5w>G}i=Njnt@8v#Vy5wr&N>nslwE(I<*kH1#%;3@rdU1nr)Wl!f_9 z>9*0X4hy5;PIVhLkm_O5jyyaid7aR=-ipP%kv{LwlF57CtrNcY->V2*{Xr06jcLqv ze`4C};7kto**)hEz@PoZWQp>*3!?v3O^K+N?NXq_9#6~X^EJ`j5r zqL}5b%MJ`ihHDn%R;Hflb;BRC8m0O+h7|Z#^q2|+%yPyRDPV!S{8AMS-A8EOxmt5% zSwgZ@@!{eWoyK%5wz7_8U`&PABO}wTgf49*1y4z%I=F`3`+;;`rOS*+<9mIv#Lz92 zp>2m463siGoL4oFavD!`TpJQse#2l1t3tJk>7Fq>w;{^qj)X{NoLm{i#r<+Nr*+8P ztK#+?w6>(f)wIJ%+}|x=l1)BU@6dFil~y?#m1pLm66q}xQ8tI*xbl*&a{x#vr-01c zXAD2L5D@_JT`-K&{1ny^B$NM%VWry~8)hBuJFSwL&mH*B_j1O!ItNXNU7gL}xU+35 z6}z+RQCo-^_I7ig2poYne0yIXWH$+xJ)co5U3#+a&QNaH-vTBcQv__XeC&d2>h=Ja zDt0TfcG1?NnB-@dE(+z#`8N`|wX3hEEDlQF)kdtpD6|~Q-qwnmAG44q#4IwWUdZ%M z(gRr(6RF1-Sn&l@MEM{lluTDf-C_(K%b_!ZlBAE5YLq?b1v#}3)4y{xL(?mpa=iNL zOvB554T0~Mys&pFVCP5Hs#w=Y)Gmo8Y@8$W@*9^)J}#5WboI!`QL*1xfcBoNMU*pZ z71J4Wh_jnMg>CO_M~)~vlcK8*X%|5xSRy)gxGd0{5!tR)Q~XH@_Q^*9#*Xue(rSiC z>AJI0_osq4%cLz|3t^C-GlXQYP92yC2=`>+xeAh$~pY z3*_Q7b?j4u{T7d}#0Hl-Zr3t85GZf*> z3kc&PRT|P}P-^&Qof%tbRPXuRfbQ#?hltUER9LGG*q4dF@Uvg3PpQBu>>;6q=VCmMs!S&0pq|-3gNrbiR z)Ql;=PoF+G1;opi+gt)11CnN}!mDE=kAqNa#PO*%2b|8Ddx_BxkYLsTCVmF68qhb* zN_z&`{0P*P-Zgq1B#YZJs+jSQYzH-WCu zYQo2&NKvwaBP?`Z%EgU~ve`50mvv@(fgSQpQKgl z7HSoP=DTaLJnvS{E!MILOvI?tybH{cOzhNc0jxUYLhR#1d=i}Fnsotv+Us)_EVFLFykk-*PWX~886X{vv4vF) z`nUzViBXosTuFt(PEWi^un$*jv_}!C#sPa9b$rv9JjuX)TmY?utmcBUM>!^Ge0^WG zzG-a5vzBvL@%PUr2F1OO;@n~K6qM0aZ)FDkf(`0pQUZ1N5RCb^%J`vuy`B~ED2dIDDozuqur0wg5M{w&Q@@D^X z61`A`jAxbHvM2p|(5vmLzXfWWydt4|D^lEk_Z^I=+l{%Jfl!tlK+R#G{Js1Dy^@ayO!8b-eUzrR)9Pe8HEW5*Haht09 zAKVX!TBH8IsyNlJ5R>rM-k@svG_wK9NyoF?_09;F*`RYv+`o43Y-afJVWy-P6j``qyeBN9Q&@6O9&0~}bVZGzE2;|CET zv{?3LN_2KUw~aP(APWJ_Lj^s;v~qwh2kxCU+S_zw8Y%GSK!7rbYq7^_$}7vx1IfKS z+b2(FMfv9lc*V-q(wn{bM4ip2I=SCY4WW{)6K;V?#aM~oBQ9nC<8yaXepU6fZJ4&cI(PGp?y0IL=}p4ZH|^jVhs`W z^fqvo2UpU+MUle&5SZ&*Vfauo z=9^k&DArp&a!o3=JS`$+NKS5og&(|I84(&M_OT(I(z{q{6@D%Q3B5Zn&mp>(FRu^v z^xk6h!buvIL2ad}uq7K>oYa0}bfvVd{>7cH^dn!m9g^!JTu-X=D8#gWJ?)u{{wm zB07^Lb6VcH{U3oV!qdSAsFcg($1g7fIh%kn%zixC>p#eqX(=})K$5v$N13y(IuZE{ zvai-WV%Qt5GPETv%Wf6f_?>ZU)t%^id_*r-k+S@cy^UX;kfF@II&!U-exbi0jB8@2 zh%e-|5DNg`SPS=-^q*%>^ z9F^9Gp>^bT3fC_Tw#G4kGlIZ+C`54XiflW`BVP*k`&YItQ-`tCprFZGY~AnyVVq=* zb;|P%5NH-qch2=Ap-U;~oJ{tzz-2mFA7LlT#p=LLRQ!K0VBc~UInI8^J%6N=R7@`- zOZw85N~-DHbA-_(HdVa5M}@7ZN9znwLf76#)`Jj(Sd$4R(fc@x>j^)3`GX=iY{U-b z^9^75R_bpM?!2Ya;;NMVT;sXrsPpgOp9-tMF50$lLk7jA=f-GGG6<<7Qr60ebmj&U z*!*jc^(5=r5pZw+?#=fJ2^O*H7BGT{bCP1gaJG8Bsf8ziDtl#s97*v6K&|$tmjbo6 zc>*zZp&pT>M=RX!EqkK)VDmWzi+j!!vm4I&Jz_42yTCbPzX4Pj?)%Vrc#Qv;q9zQ) z8~A#B?A6794hE%6Bz5;6jT;PPH?AjjAy=!@ABE!FWmnm>vj!R2ITSrPQD4K7c2Y+jM*y;tim*yKK-jd4n`p>zj-^~g z^lNB|n0>Soh+$5LoTP7v&>!Sud> zjK#HEP~8pBzNnfW`b;e9mf%Db)7cTHHME_tDv1d8_C}F|LYd7!MtiBv!YUQY4W#p5 zOj3&O?L0vvVfmp8UIQJmX3}2ItAo?m-Tl$ko9r)%^|ExBuG)xa3%N+84`K=oU1{bp z)y*hqG#-Z{2rKUZbhDxm!4c>4v2lv_aMVBaxZfo2VumDrvi=i8$CU`}E)=DpI88_Z z^j|2G!@i$xeY`~f;+yu4d1A*q09jc~-ir0$DpUdcE{NgADwTubR^dZkdCaUPlhm$u zfpjg2P*&D|s5_4_a4T;fi7`{};6$y@m?Znd##uvSqu_hkc;(U#ZecZUe5IDub>Yr` z&1s^olo7A}yT>9B=s8~VZmU(M7U)R^^^WX1VP@2i_-w6FW| ze7ZiocWvu&-TKSf(vz-P-P5wmH9#a;d(JbMQIbL2ky+`#-bwDGX@il%+VCnAbq%h> z3w&r|;Llx*qC}{zsFsxzMOKw{5Z?XU)muhEP(M4zU{}Apm#goZQ@l~2 z2jzxp!=dm4aKEkD0G=j|(W#<1ZU*C8J3tN={g6-4@otdgnAZR;Pm-($85F84SCuOt zanX{9pYr{wBDXWTFHi@&R`by7jEA|NiHgLuza|ZJM*A0j?j0{U-^hNj%--q~R7byQ zf=4u22}Hp3GrU*#v^yNMKcF8=W@WsQGi3o6@yaF&60;i*)NgVf-s+706MR2tT^ zL)(thNQ$gJQmjcDrGQmF&M5*05=qKW2!-IgLon%f4x^slE8Fo`R5 z@{En#$W;0(|CMqWmmt2cM9_G5Me*a~=OgT)?>q17EAJ=OFH81=h9dwaMkF-;{`}kJ zepDK$)bRxb_HnwH15@KXuK{k#@0>l>uo3-vTfL)sN@W_HL7n6GhRkzbollN(`<$ku zNjgwRWJO1cF2W_l)NtZR)j$%|Dv6OwZc^bb zHCLS5YM(C>LNY~K^4~rJ6FzASGaSe9hel87%)d_{et6)HPWw2~CpHW#EMG|@tQ;1R z5~69Rp7E|@cIO7`4YvW-_RCGW6pqc0pNS!gqaMo9E0m_ceIj99w9Bi#vXz<2q0>w2 z5S6V!e9erF&_hEHJsmf9_%ae0}&K7<|8tMCHYX{=7Zh7<|4! zecur>{(Ro&eaG$fdA}WwC<=CeeLr7(T72K<2}YRuhWULxj3{1yp2h}sd%vCT)xh7E z8I@APbufumgtima99&cp#BJMNtpNNwk5FvBB3^^D9G67r6i=vU`DQ>yrbRbVZ(%#m z3Vd=(?mx}t;Pl-`Cd{31ik}m+tuX%Xbh*0Oz~d(Rxl%;rNEg~9whMP|Zjd_7N#HqM z&HkOis9LW+(7S{`$lM+2HGkDcG-1eLNOeR}TH60z;mFAon&sia5+^7F_Tb5g#T`L1 z2;OLb)z52!CfXDF>ydzg4(f$f{TbC!V>Tt~Jp9vg?+^7UAGvP42MRWUWOOl$S*EB^ z`6|o)@)(tANgdug5d1b93N1!`e1yL+f@-3y1ffnzOm>v`1(M7>bZpqKFD%8Y{1&o5 zx{M{-JQ*U{6n-TfE7r){YIE--!WSx9vOtyNAQ|%QRG@r~WtLw-Uj`??_HKptE}3o) zbk;|Kdp8bx27qz?M{03wYfzFj^&Qn>x0Hn$Gou<}nz5xD4OUZ;+-ePr=XdwvV>qjn znOwe3#r7TL)Jc+8$Io*}jJA10QW0d+q6@uos87lod*F{C@SIQEuwa{OJ!-7+fv9DV_Gyj4lab7%!O zW`1^|%KVOwh$WH~dS^6K9=K_Mv>Qw|RYywYwjFn@sY97G30zzwn^YdCmH|XFX+_x& zUMWBz*wa1Cz_e~ZtXJ}tVo|9L@9IKjvfi{FZ67C<1U->rvGHYFzVeSQQa@BuPt;R^ zrQ!Bffa_MZiQVqH7>X14igRkmwiF(0Wv-Of zc+}U>R~kAh8X2P`95>2lQ6L=E%&B8D7}v9CdDAh7gc=E-Dg*bizom3^VJ`vXH;l%4 zBQe=X zw%_5~`;nx-yeW3@=8(?-f2}s{d`y65^8FmfDATB%XD&UC;pD4i@)devRGy2V&m0Zsh2OslXer?%4W%?VGIi2 z5%?~WuFKj-Cm5y%>AgmV=GmAF9{m!X(hMB-dI5y1pbplbEKP3Ze1XY47gTt){O*8?rV zCCBfL?It;n=gLH$thg*@8t)!Gv11EbWKIC($5Gx2Y6v3VmmH_FZsOCn=g4)Ik?{}~ za^qbFw6GE&Y(zcCIHoxhx|osJBxok?g;oHYGS19TZ%z;w{EsaqnmuiRJ3Dq1jaw0Q z?$V?xCe!Ib&+y4E+j$%VO=)y@BY)r5NmgAi_Q7pMn?`(8(o|9$C!qo{p`9L$d%P4E zl$Al23WjY5Q}Rfl8c_Acp(#mOQBh!x>@#&2f3Bs0%^+Wx5M3O7Q5I2e!oUtj@#ELl z5-lDLWx2|MniB&Ci?(4)=RZyQCDb=K2kbB0wAQ+~Zr5wrD&xY25R?(i;e%AREk;(K z4dm539X{L+zn>g8|3`J;RrveO93UM*V7ya}5U*d~#|r*)F_5)8?CO`JvY82a z^(Gwr3@~}*(BZKnG7eeD;&rely@W??CPSWIgJj?E3$L^W`aLsN?7A6Lp&YEx0;V|{ zf(kF?{E^s%>_v(!Gw7q^mRPTZ><6k0m9lyO!wAc5r2{ssaa*(S4bGyM+eo~e!`lCo zRk;>LvHxVv+uF`u?XFd$3XT&%q7! z4&`$wg3HU@=|(FH#PNKUZE16Zjl%8Xg`Y66EI*s6y)S%>uFni zon6_+I`Swd(PPyo^kU!P|4|1*&9+V6D%I13*jXPs5w=^Vs?@p_L0%fY6hR(OHL9bxi09?|Ag^Mwf?g@T9laZ}G zfsRW%AZ{}z>CdNKRDiB$0gJZXB*1&z<>b~x9Dm;2rdgZW+ucKaDO?_FMmi*V@wEkC z`tcmPfJNqbG1*2GB@MRK;@uD7@I{mxq!GI!Yk zUEboc-NP6^PZ6vHl{DCoS0FmtL{#(56#U<=nvs_MllGXu`G3Bg&vFyhdsLkCPb^QL z(Q^;`zs%*BS&m^XLft~{EYo?W=`wU+nplAFgNgv7;fABizbpA=3ShZiBFx|Yqfs4Z zMk41b4i{Jiv0`p3f9npJVHY>KopK)C@6hWG!ID#0Ebn`zucmJhTyN$eb0f=oM|@-f zjKSe4Y)HpeeF7#27NEZO`e&83dh*(@vY@eMX9&Kq3h5?(vE=)hL8wZ74I zF+_9fG$4Wo?t@4%sOd!Oab-;3ML*22>VygCh-%p$(Y`jO*WmBcoXWJo1Z;d?8q>Qq zq_)ic0~|L+wOqdZQ^3yIk7@M&2X^&vZAkqG-uws7_}?tOYVwT{?PuSAYP~!QO2L1t z<@K?(M74a%6<4&VucxIL2$nkhsLuWwW^%d;lY!2PPQ%Je*y`5laB?3kiwNBB7p-0q zfI|v5;>k05pBWl+_$}c*`vGpgNg0*fy}7@y`@pyU$hLk<7hb_E7h!Vm_s_4t`QiTO ztz$C!^5A@*&h`1-?UBBY`E`FjO!>VF`u^M>M_~$n-9CS8RXyarP5FJ3CBET*Kh0qZ zHaz6c%U>y25x|;ErE&krhkC85{iS(zI&xw9VNlw9whFL8zGPbCgmgf}p=9 z_ZQ^zSSw`sq+|xYV1T>xiIuUezFluVZZ9v#j$PMgXLHrZ3*7niSdZZ~ZVFo8jZee= z)xldPRTc^Faxo!ud5j+Y<+J;9j(WJHLw^!44t&A`?F@$AgD1 zWnnsKW{m6!iz%s7$QbZaNn1xVUL{t8eDHw-Xif?ZCYv!9AB1B|NOU0|VfMV#i@EvV zJfLR>F97&qOnqvshzLcoBT8EcOkzbc9F)us_n2!yRM!XO7jS>e*n}Dni#7!6jLR2r z{KSE)%ZMdZ!yz*}>m%t*MXw3*_x=$WJ6htk8YhjNz!^X9w ztfcmaan|sMy!|De$r{=UYlZGk^~B5myhhAOJytH*++1vTk-Q)wRp0$6P&WXRx2`D~ z%Cz#}Zvz{vvNh0=)>YWRyXE@q;%Y~^3+H33)&Cv%@?S2FY?k+Yzbx&PG&f|a={)S4 zTQNzFfW>P?<*mpE{{A_#gHiev+Kw=XY4)aVCoS}o8l^LaNC6)IQw*_0`I@bOT|hw& zMhcC}6Cf*BlW8wSrIq?ei2Yy2j701>>_<&neK+bPDO3r&YKqYjsvwv@ShINXV2!I# z@UWLLzMT4>TbQUQOQ5Yi`#>~KQ?wg)72Jo27r<@AC$gPYRX90WJ~t~{aVXDsf*JJ} zN9wgzd$_rMyOcmdlb{U+J5)yp?b1H6AWV9F}2kdHQ!4I zB=VveQRzA}uy2P{4vx>ML3&KyRmtB|+A?>oHHtZGM@gnRERC5>#xY~DHhUO?4j zCU`*hn1+nDnyJa^b?DUPPkGd;7zGe5Jx8gbZz?Q7H^QsZ zQ6Tkkl9R3C%b`+71)L=qxXS7fE%l#PKB9vPK7>&3*BP(o{8ot1LpmanP`b3P93iVx zo#>wc*ME^Lx%|7*C>Wl&=gNV5rDmFR{&K;(a>9FpM3LfXAeuYo?V?70gsVG<7nnPK zII{qT5L|3k6F(Tm_#Ov&2zx$|)pEBxJg!q9i^N(SZSCuJC_Qg=U}~!j+T;j{BhcjT z3EO0o`@O(oDdM4)iG7?AN_%gtT8__RLTbbZ{eGOS8-yAbHQUoumRH?Gs#T`T+L_Rs z4yfav-PGVOQiRiynSMLUp%K;75*r+G@IQt*=~vVY^o{E1_A18WBCl7G<4YZ-Ws|;Z z4mdl*Usbm8_u4)`&nLxP#b&NAzpUnrhkGg6vYl%NNCrk(sc*(%Z!U73SY=0xgl3)f zZwgLSe9ow>Eem|5+r!((wSE_n zrIE84z;5J)hSQ~ZCTvH+zhK9|duJQ{5tw3wa9K{5uoH<2$P$fZx|R46*~sbv#UwAP zGtlI~@aBd_Wr4vFfrGT63l7}Np*UXAtjEPRh<@C3c)pNoZqsn`dd{rM z_N)I7xpMsfLo{0aw@}pOq{Wl(zZsnZa|*uODRZ9Ri_5j%s}>~kHRq)W9(5qldiVF) zDhz4dObQgJrTfWYjOyO9Rs!A^#;&`hGtp4V z@V;gl_ksKsXiku2hLhYs9!zU1h2)5&vmb>;j_?QHf7vqM98{HY1z$n}0UG^k;cg^G1 zIG&Mo(64_HsOq>!IL_?@Ck6`C>x>=Ed+)-Hv#E$t^E;8_3+m@7QkxL>n zs!9~?cIZg?5*p~Q1w>%Kr{kS=_hf=l8^`paJ*LE^&dpFCgx(ghAsnZ`K`{VovSJlE zt4G}1C%bB5NX#&c0twq#x5A%c)R{`hoE8^E2nbHG2-tQe&>!h@k&EoeZ1XjW$e3{e zj`+VM?43zYr^>wu=aOQYK@_E_FY}0YTK!YZiHelu!{Jw|s!nK=&>)M-ShW)gqdb50 z>ke{S;q)&7Wqn`o9Lh?@xZZEl#PXE=A9t_iJwsfvB^xcCYR9 zr-{m@a%Zm(jdF&YXp3B+Km;NtA`6`oHxP@DEw<~i<#Fh!J@COP`t zr6w_nJUTgylvuPN)(Q!5;FGxnTl1+mv#W6#y-Sdwus^i_AXP=|TMUWSPVd)Q$+iKD51m?`9gT8%EW!B2@ zVXr#UrzyHl>i-KqD8bh&xPAk9Xl7(Jwp|sm3C2>BaR8n!sIsX)|QH`O1pz}{L1=~ivMNECiW^}A~NOHrqE|Z7D;tqJC zhs%Cvo|pvd9)1dNfRe0*a^UwZ0A5xr@l9~C%{V>i%?$2#_O^%|OPq5#wW z2Np3UJp;R^+@!HBTyS%m*;7G~!gR=Pi`HwoI^(iq!**1+k;Y0=XoX_c_g8f0B8ZZZ zokoc^OkFo$>Ql1y*7nMU%J|ys0X7-xK*k^+rA^Zl%z+U408EH!a+T737KAoZp^s7| zQB(>gQArJf*mm}WYlsk7B_(-)tYE5R+8G_W4w!zbBOZWgEBp)mmxbDW#H|W?onV4s zDLw$_g2=|h2uA!&b+V0$@5(LF2}N}jxM;e2DTvTO};H6Y0eB?yc!kXSnYsE5W&H%1c}~Piz9pBauMmv-K(Nx3RIJRu;=_*4(`B2{)KsD|hDIL{O77Sa-RM-f{C3|M>QK1@^^Tzf z3Hvo2iCxS}cWkA;TbQ2xs&_HKJnavunL3?XRy=OiS>5S`_8904Vv4e~xV=WCTK$9J zr5k$2V+d~Zw?#NCrsb$`2&9V(aX>DmvHv;$#I-@E;hALmQX2SW<4NM@J5Ldt133xg zG7!uK-$!^C96Gor7s76EH=3I5!m7dhiVd zX2cNXHmICe(lL@X<#U^rnaab;#s3QQ!cm|W>{5p8N~$_fR?%u%ZeOF#Y->;uv+ba)WVF0gX-KFEt4g1x25-QZ3YD#UZ3H zY_qWGEH_+=TRvyn(0R>;9OXJYBA1h zLc$hI5Emwh_6SrgvEr{2n?KvDbIEk2tUwi zBfZxL*1Jf&YesdQ_qH&}*ZHB_cA z3q$3$PRg0CYc>rmsz_>X<{6Spc3<=BYarGS>3tqGO)kWhl2a=n)x13Qd!y#v6;*ic z6n>=f>%DO2KxsX3u~{aFae+I@QXw5f9jS~E_jQg&{U=6NxnW)*<;5YuS+32HO(s&g zg3QAq;SW(9z20f%`Wy`lut9_=KKQJ63YDO1+M?;C~)Oy51qAgbH6_>UI8Hkm>XjamSE`zkO z2NgrDD*(&9i0HIR*T}9zFoXOvGgC5|&OFI9F*6b-zz*UlnR1ba{hLIIoV4xCE@1{j z-Qm{_Eh{8cT{u|CJ||Lr z(b7D8a4|q^E>rgO14Gz>y9Cn;KCu52ksHCAoNID_r`-5$7RdQL5!@^fVUzH2Vx-cC zAzQHMQ1j`Ks$j+q3#H7TUHcuv8dmflkONM5PA}%IAMJ2TtFcD&L@m$KIPR4NIzboqp?vk1i6>=fSDV?+E zl+|eqsoo&x*)@*I@HoAv72^kL{Lg0qE8>^Wt%so=W}<_e@DTUgS$Qq!$m> zVrn(E5DW;ez-U~3E3Hn!8wyGnKt8MOSYwb>?nU9|6<;KpP;XRof=-;vBp5F}c&m)@ z&C#zAW7rbgQJL3yrBkM|X8z}#;TrGLQmoeW-DD;vZ7!}>S51pBN?JWj9y==nI~tMG zHMrw5MGe&T>41*EK>eTWnsrwRbzCED~7s)?(YgM0iS!z+qP#VC+fe(bK9KV5lM1BPn2R%bpf~SHx--l=d%$)Gk4j#iuQV zvNy517^HlZATL~NS&XUtjUj$LYOaQ6_NC@dSWk!fjUc@xsI&Mqhj<Gm9VH z7#;1gr7MuJi!`k~y~_%$S0txr#$LZnvsLk`<(4hctHq~hPFkN?w#K;@pFUBqbwG7q zuU$lJufw(ng>-J(r4&K+%7n@ds7{<}n?+~(h&z;0E)_}91`QGg(Wlm8k=-?ig(iKv z52Q{SHZK{`?5b&2ylE0UT7i6!i*^A1HbBn>3`E^saIVe;lt^q{>W*Bp#fXy{a3~78 zX!&n99;GYLYwLHvD6wP$$XS}~#$_}WO$RUs{DrSa-nY=IMfrEJ*s&R5dn1DDJxNFu&c)9=ZsToVxa|(e5Kz?7$kjt| zYUg*c>L)f`Db`;+i515jD9>I* z=>lPE&8$vPb##lhf!*@0&h?eZ6W3T;6=T#nc&a(>u4{O}^Qx;vo<8oZqkDh5^_I$2 zg39HVo;}t&_~*A)c*&|M^;MT#eEn8yE_Fmty8z$ad;gR^`+h-z&(J^LRg>!Ai+@-T zd}pbqtGE5R``9~AxSKzH=S8o3wja;6O*wM4PrQ>Sypyci4s$18cV7>8C#>$g*&U9d zjupEa8%PEBG`9$G4_CMAUFrL!C{LenV_W3~M2Ow@saWI(E?gG5UDMnF1c`OvRZq{v zqF7K8I5mr@@>j8eva3hroCdREL%2r~)6U5tmDvw{8~e*(M96EIszCXee9h-^w1jKC z2E{I$iJXmV?29P5^rsF|=S{IkedQ)diGp%W=@&4iLM+ME2RJ@m3HLOO#vPwtv@B=Y zH07-ILPN8v=d!Wi$Y8~l9HrU@g&u_*O}B}?;U>E~2xn35nprO$O=mi=t01vrPK~?C zn5auhi`zE{I$WrFmY{+?jH%KLitW28xvORDKWFluMAFUeyE4Rzfdv(`_O;-~tT|6+ z9!XtD^Fw{l+_ugw4DM<#OKwTuBmkjGX-P>mJ#p1WOeqxH}!#pbX;0 zyrtTc^|j#qc>u%iim&X7uk4DitY3Vkx;G(*o;R0Zsp&G>j#yX&i{k^$m1$d{X_gSz z7NR0PVZkzpSV^2}1BLV!t*(4nTQA`d3mdl0%#}X`MXsLF`U;6E5uoF_k_ZL<+g)a= z`TB*J$Xpo}gS&?niw+|cH3PP}RjTZ$6Z-I3m0i-(d6nIH2vF6&Xb5OnX>nS+^k5n< z*|qlMRi%U76<7+Xp7ud!O26ap9(<5zEa<;MrCP$vZ9yNx7$QDSy%6< zpPDmY7LCPzCmX3)cEPGQweNI{osO~7G1k^G>i1!va*y>Rbd~e*irDG_zx}IqPT@Xc#XJ@uE>x+wzx>v^FK4%sfOK{GF?_-{7-&{QB8 zkkJP`m9ntk0XW73s_C#^-dto-Wjat7G4csT!u*uH^hbXAHIJ;uIodOe2kaz(^pwg( z9|+=KeyLfSUw_S{Q~N`6v*K*jmp;!4RSojOwso7&fi?gDeb|XIZ+3y)3RklO$ zV45>CV+jy_OwH_=9L||hJkZU}q%y~3@W-P+eluunqyt4QM;}<`>zfq?xHM}o2htEP z(=V*s9Zc#Y-m&sp*nKJr=d2k7vIZA@0`u0S{{=@ zZjP?)$8`9Q*oyr6>!2)*#z|Y>AWkYBBW`tyF0eq$wIC_?tir*>A`gN;?BD+Nv{`C~6dl1_Lq(s4)>6>ZLYpjv`PE`~yWrFk@;^9-c*-wSGfzHK&F)kM0}Pj^5D6 zN?6qnqO?Y+uDrDen=aBHB!wcm90rPoR^z2n@#3PKL^Z5$Qyj;6J!;0NzA5&!ywwD= znx5r1b?g)^dTlgSXjP#p`1vY{qAQS8kIBX4QkpBYXEbxe8X*TCV9$m5R=hq#G8|4A zg$S-cVJOh)&BX!!>*VSJq#q|h=u$uTS-lj&5bs&}(^0t%*yM(p4RAOCjwym=vF#V+ z#g|``nM{->|3SX`_8St?rTyotBeG;v>6hg9zfDv&nFQuWeHg8kUPzV=Wxr4zkBMfVOpba>32% zDt%#4J-g_={)jW_c-U1s;JG(g`{2WIhd8EXoC zem2n`H0DDZ$4V|(2tAZwhFQ?8lA8HrXUTXJ$oXN`#P07yJ0T@#H1v2dOdZBa6dk_$ z>OcK{+0>m-7cA0(|AJvO@9u;!fKxkE=D7KpM4-!yX$!0`7|aihstCL%0# zCS3c5qvCw)Cb4?nsllqUiiMF+rmQer=+mlPWKZ*2c8K%IBcmzE2imko_&CyXZJOeH zg7kY`gL|Bd1AodV9c-FrP&3I~@?A_7oilf{3N?h1M1)L5OD?9~Bbj5RXi6iAW-iDP z*A$8%l){4`4c>eBSCJ-3@7f+OT@U!WrA^3b<)X3;(tw|uftfB?YOp4RD8^2aCkM(GwMQslOKX;8QM{g$_|-Lcq=QlJo& zmXDVP?FdTU$5XUjyI`AQNJuptWQd1VIb|0S*@*<67Me@BCW#l}@vEXtLGK}kGxKLk?XGV5dV6MEROs)qORz|SpFU0c#V zk@fD>&nHtqTNYql{S!%aq!Qk;g=h??t`q9a zEEB*Q(J)%qrUI}ps?yVC78}zznL6RVc%NuGk1>m+nCc>!%{pywn6KF+AI{SeWG{;q zfnF_!yDr?3*QyzPKE|EG92?C$*s9&Yy6^b}HhNtB5TbVLG4tm2D=M9@E2y<&w&q&)Wv$LUZEJ zDsxD&u-R=hSj#SqT#M)>@Fa!1fXWj zj^?}zLBge=a~@>ld10bv)PQPs;J63WzrE*CWS4WoqX-Lmx;l!?O*kdQ0rsdF6!%)Jxdv0_8^iR+?m<-p3$N|U$mZ*IN6qcEYoU!`W$<^}QxUj61K zE0X4FETyE$T1r;ue%4t{Nq5WXN)@9H$Gw??E9VX9A2$uFp=56kJjG0+L{_lF!udTj zSg^&)=r3N9fJTukg-GjmFwSe$`m8F;0q1QCUfrRb`S;+2#bo}REx_*?cY4$n8okX3 zl54`}^Ta@*R=g+IZ_rh9SzU+5!}1rfir1HvDNe1>p;V>WuExN(_{hTnoSC(QHf+nT zWYfe#2rA_%qBbZ>+ZiSK=5+|c_Z}TthI0e>j#jKDnWL4Qg#y_$jiM!#UKZ{KnTN*9 zip1{*)xTwzh_$Q$wNgaEF3@Q{70tf|*h>4-N;laAYQSx?5>%`MrDmg>m<6NSu9x*y znvj9OZ3<~EZq%}xVAyv~e|K$J9nyKo6${X2O2(Mp>a3ceGQ)99XmOu+m9h{82U*Sb zEVON<5yl@UF6F;&E7&RJz@5=JW@7Z9ayqd$H5bJGP1ui<(`I*%iEK)AcI#4FH# z$8e44$S#hwGHz}4Hvp8xGIZ0vhv`D4eCei}FcR@Qc1#9fip;?L#nO5us^32^P>g`< z1_qh%Tan;0AW@%Cd^%;Sc1I8=&N8c1za&zjM=Uo41^{IdOJN1*pT7LL5#l1g2p1vy zM7~5ZpKFVymu~;*r7-l9{ZcTKnhCfVqX}ZWcNdIkIcMaaMbXgf5BGSPjbAv7i;Af- zMT=C!xVP`l-W?-kmY}9klSxQJCfss5yvQTZD_p`m$jCD)rcDRCQ)?!PNfaCHud|Pv ziw4#hk;;tY$;>bvC)ZrmusFHADSqYT3ckw2PzKsgEnud#UcYm<}yz z4&8+mhj7{)egXekdoEZ@pyPxJXWK*03T_oVTx(L^+SvUZ+rROlho!zH;V#c(8+Ol} zhRB+!SUxx@TZBUKo?z+IB!^UlL%5hy8~giO7)*Gl?fd@X>~RP@;cM;HMpdAx0#ie% z38@P=!5@)YNrhs$0~?71UJ?8-*9a_z&Z!2mnwZo7#gwbxE(ijx0iDR7kCEg4UZm7ybFYD zlAzxcg2w9go;fwC=PngrD0wgVCnBhjngvpX8b@RzkRc1LU`++#!hHL6oyhb~K>vfn zh3tO|sbS>z|E~Z2@^21N#a)Fki~LvX){WaE;njcs;b?gDYIyXD9336Q|0nNnPn*l} z0;~;8D<7JYJ*@s}_QK}GJJi!lSfF5~9AikEd+BZ>tZblzx>d%Ltfv+^XIj%~C#k|U zE%*{cW+;!+JI4JT@qPjgM{m=#>>N@G9g)j-x97(mLhvz;8Hwa{%ECGXkkpytwLweq zUL({@Xm0p|R<9X2zZM_9;o#TRV zb3mk-F?G*1tJ_vJC!A)WoDOakTrXLBws_Yg1A^d!={iivGWGZ~r-6X$@8HYDCAN}q z+Oi^_tqNDHiUKgHroyUt+my?h5YUp=Q$g!V4cu;udf#3vwA>HJ1Wcb3};ASGiZ zZj09m<+T@{w@PdN(rftcie0l>f|+x{=gIt-9Q6`z+I)Pg{Cj+rW3MIhpiSdwM_Qfp zwsGgq?9t32u4Mu@yMZASSJ>FqMmudz{6aYdT&x%soX(|e8_Un6-s#&itF0%plnJIj zfn{5X4!0$zTwR!h3#H9sno8dOA}agmIUoullAtYSpbzYhI96pnq-0T_=db}m|KqfD@>#rQLjjnIjsUxO09Tyc^d9j<0U(7nHg;<8Swh~-Sb%uD5ekrx}WYqhzxNO zWUin_fpGGEg;e;p2Um7{ICLD4Vw_2X^7b5V?lbl3F!E#YjubR43$>(z1PLu3T0D6hY$XQci~Bg=}|Xm$v!7mM5$hK%8) zHLCYRN60lw;2n(jjeSdDnmK`{!6k83H&Q7F55m&3h(uZ!0@^UV8weMnkYU{|!na}A z>auJQ`CKC)b`FEC>D#abtzKJFEy+^KuxOyj=Mdby-_Wft*dVHfR-yj?a1g)9)b^<_lY;uSsY4AgSJZMkp5$K74-l9n zYSD}s1#}vKE~uIxMk&mxVy;V+`54Z%2n7E%+*iGD(E!_m4XC_PbkL}3fMNma*HJT?!09r@7){(At zq-!1NT1UF-hub6uZ@uhVFS}pK%Pu8SQoekH|LT6*zjK}U-R{(P|9`&U{pP_xFP!(z zo&B-zINk2_k58vx&PM04b2nXPi!1%>t~;fp^DTim&im*0P`PzW4nRtqVcgYIw&L++ z2CH>NtGlAPu8Z~_z2wP!Uws}OpL`m5i)iO<_`dHS_51MG_x<|czTfxvdVPN|81x3c zfxqYX4*G+GJ?!rslZKKBN%)@spWCW;?k6c7JX9PoB!ZN}ZsTLf)r_Y3%k!?a5|`6I zJJ`j?c(Nc|;tx#UdxBM8)d6Lw1oL;uLM0ID;IY!Wq6{oP2o)HB9x@?hf(1)5t@Wz4 z&&0eC+R*MMAb!l1@T|5pCbjLz=8zKgmcd>LC@l%-3ndj$cxcF$7x6qZ3w12;-&q`9 z!B>=sl{Vl8M5z5cAznfWPm?Rz zLla7CA52fFgiU)Q2?U5c&EkkQkIJh#m9EhB9H7O*8vCu1gixo0&p3r8R>YDDgnC{X zm!8)f?4tuu_wCU0_u-qd?w&Rpp-!iRKkMYil{dJ1oTdW*4}T*3ipn%0A$6dIk8BQ1 z!tzsxOSYhuoZ>(^5=D5$GTuNQZQ}y^OsLFKEJ@(uKbf?fu8~1(_3??P`fD9#Q0!7~?iEAr01%d%@G~WG)`jVq$r&cUNZtP%JAd3#v?y;&_}m4%uJmNmL%*(&7n(}uKGf! zc&QYFgg`8f*=+XK5Nmw$ZZ?}0((YOszCp9u3_aICIZYXKBkvpJ6VCe`5=jy^k3+#O z{l{Qx-UjOZFf&4qb78b1=eRDuVZd#to z$2^$Rc`PKajJ_pyiAWZLSt#{F^EHh~?j}^!(VNV7@P{URrRnhrEO5Xz_F1sPf+lJr zK$53M)>+RSmM^qvF|x78fh70GTGz0TvUJW#M0Yk$K)j_Hqjdxi`eP|NhazQBD3oeEs^U zmH(fjY?lAkw*ELez)vjm_YV8*{C|p4 zMDr@iDKSF{31|YQt(bXSt43Z(xdi(pWC~NN4+@E-bH?E)(pB1(ont8HC-vf*@R$S% zv|_~_lsnQHBU#0A|E#3p<~9|EX(i>i`}D07Sg5A^-pY diff --git a/assets/cockroachdb/cockroachdb-4.1.200+up4.1.2.tgz b/assets/cockroachdb/cockroachdb-4.1.200+up4.1.2.tgz deleted file mode 100644 index 6b15c1904cbada68141b94c40c40354e00a9a38d..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 20204 zcmV)JK)b&miwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMYMd)qdaIKHp-DbAy0HgQ*^B|Aa zuOJeVP*Vg0fOa&Azx(gO0YHKjDan^6b1`4Eu?QX<+|CW>67lFu#hXnu03 zi1?5Gt^2AE?w{l#Y04E*jHhzg0f>kq37>`$Q7WM!CP_}iiT^u>3;BoL4hNys>% zJ&?J$U>Ek^O7L`=EP{xql1W8V1*d;`1u;=%Oe76EGp;e2DV53L_V(rFWmsU9kg*IS zKJTzdcj?*)av4sUn&snMQW5b~L)GoJ{Zmr>dwWi#qGCJdk=&lsn33|`ukkp{(rIT- zSgHt1sgT1?0CY}RGK3jT=0T)SoBZEpqyTD@sNZy!Csy)YL=@q=5g6>-QSMy0secj< z!kvEqzw!+K)%n`{@c#KakH1YWNRm@|_Y7b){oj4EySH1X|IY?b?&<%Rc-Wjwsiypb zW?VAG#iBxGJlX-E$aDx7mTCiJd6K;035ym(IGP-D^+r%hQ>7V%pfODqBZ(Zsr>hPC zzylC;%B0dg#5_8uB4pgY(FE5}xZn6J{Wa#)zQ~A_mt4d{h-M_6(mCyPIuGC=j+y2c zB!PsCX(B;!AX%0y@E=J6f6m8Lq*PG}f?86k(ISe*FkXO~F$qY6!;S%A5q+THgy+TQ zn!9Pv7x2jt=8J%28KQ8Q7*Aqo3C zjbTPae5t$R0@8dwrb6QyaX}@5drZS=2;FIxcYDzNICvU$w{%Auc{zl4@9hQ(K));g zm}Yqgzdz%OBp}(}DX?0Z4B=FRl=)=BKH3SBd6sdZ_nkp{H2C4W5s)<2|6<>bw(K-RMnyzZrNQwD zWV3~25lLW9=UglxA}NqWav0m0(o&fN8Sd;EIEeoccJ}^Y#(7GWmZJ3G(nsTh3O3QZ zp8~@ZsusF0QfwJBIWr2#4Pc&21#_aJ8H}mAq%_6TW%go;#RVfU(z`7Djk9#*py(q; zQjKsfX$(Yy9z%I{5gQhv{0WycngV5do)JIXi(DWmi(OCehA~&O9?ZyvZlYj86^u1r zEM>~=9zD4+FW#T0{8GbY6=-nu!XnCnrAqKPk7zj+X3kiu35p)Ipd?-delG=98DRn` z3WDRA84pu4J1H@fT5JvM2Ph>6{@{nOpc1FeZ!&~#*X~xDBseLOiVHnI9N0AFg4z!J zuSPIu5|_*!JzNMTVNOY^aF^$jn)%kaY9f>Z{m3N#+YKK_uDK)rs<{5BGJQBd{wQ#H z5G)dF{A@-m?aTe;ezi1mOf{X>z0nwW8c~1#s>35`j8LvMw-E99n58uC;pV^|ik*z$ za7W=z%Ci{RgyO}{fs|fW2GXkx&F=DI1cr}H3A^q#NV$J_>`s~y2`L9Una~IsNYkt^ ziQBz6lN!th9ZpChX{T5f632o{>4+guQyQ5a(!h(%$*6A}gZ~k-Ii!Cv%@V#aKqQTL z8dtTvR4SsEL(PbC+d-2NATVJOyez-9}?6%VZ1!W#rO)k_oB|Q$X(9Gt9W)oR+ce?pS7Nj{NQpa!j1x8o$*285oYu_W$5`tKQmL z7{cSkk(ql_H(?1y0;$ic-5|L0>?Fsm+|=}Ah6luOGY^FxjOOHHfXkpk2X^`JWO@Vc z7)dxGid|5*Z4qsYS5=|_|#vu+-_X{#3k!H9Wh9(MBGmMDmsUc~X zM8uj8FDw{rXhbTKs2R_v`lLY2HG|he5O!>lL1I=zWD6wkA=x+Ffu|ET&4r=;~W-?w>*WKfUz{N2Z5&)9b{e zcqQz{9XEu2m5`7m;g=|{@aP=)WFn~%13VTM>iOYglrO3+&8UmXW)c!MXR2pq5q)Zs z1R_D?OmF8oOW9m6uLhp5bDFRj=P~e!-T5Ro^x3oA=@|^+DAoFzbQ{Oc)TN;@_{sp) zM98cJ2SKei#3wKzEXjqYPZBP*z(mYWnh5$Kr)h+Z@-(7C5tgcjp_T6j~I z^0;FQY)~E^8$6_zf4DCYTiQ`&gjVCy*cu%c^yIaDRP-Pf&oYaiWLoDSDdo9L7AU}! z!cuW2HCI9`-Oe!UH-x=@e=e(AqR=TeVl9@RATNm$MpGqw2+nA3dc`t9Gt`(IuhB?W zSOY>4{8B<}sDo~~u$zlUxu(tGO<0Ae4=$-zO^l+hSk+Z1J$3R!Vvn$=OO?uVPm7at z5=cF0log#eeNGpF*(zEouq@YDxXre)J2&G~L9$svv8>`8!ddyMsvRQ<7mFTFq#h16 z44w-RBs$lfuxV;+`60Y;L@8H%PLv*RvH(G|M2mh#xSi|G;K*#u&^U~0IiCR45|d(@ zFlf$Vwy?&P;i^cZ(P=hM^%}F(4s1pt6O0Rw7(2)dEmoMpBJtJZl9~yknZop}35I1O zI9ey7MSQNszKQ-Yp;ESg?M+X~`wiA8_~SrU9%H0Lc3UH+__f*ZQmerVHB{sruHA%Q z>Z$sk3!op#JWHstw}3+r&1yKL{ap40oid*8=Q6mYQuRud-A}<_+|#SNKiFx76A=d| zA^{~;IQFMt$AEdV1SLyIO4U9kLd|-a;1?{7=>D9fOz|=4MLgmAMp`Fg(aZQH75lp# zAA(a(Px7=;phwcC{~41+bJn?5=#g5vZK$O&tD_h~_t<|kA(7$&_F-V9xR)szCk1=3 z%8`~XES=|?&*}HZlC5{=m|8_SHtP{I=}wh5Yjvh-bF_EpU+~wT4^EDcj(-@gLKRPz z(TQlR)d<7=PtOjHUmU!8ef-icm3^9Kwm3+qiYPkClT&IXw&T}l@crwPpWpxvU%fp& zdwCL8!M#Ay$tY4KW}3KXXaF&5g4oS9orgTd^QM)#D4|3oiz>i8jj6y@hD%NBtZ_5u zES=W+ek*fLg?g2)tt6DjhMYKC5lgis`CFbwg)yZHY$Wa2B~_u_HgX7qk&$c)=EYMQ zXo;aRsK*7JDISrhsa~*`J1;>|skNU;d75ztYSAR2fhH0a#rbFgDNh4B&oqrQMrOUD ze|ZHYkD1bno@4W+%`9eu>J5&9oaQ&!Hi(%hkCwOikEBsd6-Qn}QRPMM7-(LUr*?Z9 zGH1ASp}=dF&;bN6gq^25d(Sq5|Kr)&8$j_%8o6kuR2CR8&->5&oleJF278ZSS3(mD zV@Wwxnnz9-Lo~x`$$AJUJkjUlEjB>Z;-5%Lrc^JGyH$8Y1W6LArCy_>8VGap@oid2 zEJGMr-P^KY&%lUWI*o&brCR5o=4SczX1*jT4mKlFS~bjBmF%1tdvn|Y-MrGPF%BNSKK%2^>x07|e|>rU z!_o1}Uw=CI|9(CF+wtMAFW#OUoE^PBwjY2Yh(qY^JehT?_?*&6P%Uqfc`1t`OFY)U zpe||UXrB@}(O@G_wm{OG8Eik9sj1A{DEq~I$ zWNBboee;8a#V3mTENHZtl7+>_UiaYSEZ_A+e4g=?rmA||UhmvQDG|rKQw1Lw?%P|Tp#(rs?0II`5?}Uh_C{=Ge% zCQ?g`LB?aGY1UpD4!7cZ>1A<6RKdQMZYS9Q2eFK0ZVAgLjm4Kt#} z4Xqd(Ies46$xIb1Ce%`xvqeT*pbQ<}BgrRf)PvECh&Hk$EI3P3WfMH) z#Ey$-koKFODQZi4B1}(BABVQ_3oR?9T-kH0Kf+7b+Bdor`^_bSAHtw-jVt=(fuxCH zubNy-B?!~(dDX5A>t4ZI&h@{m1m=&7t`of5+R~;tCO9DzeA`h5~^5yDI3q-;B_tzq3CTCSjC& zt&;(h9%iWIj~w_=w;Ne=FjK}dIi>|P-2p0dBR7c9Ud^R&YUU)gja`G)7$btlOXNr@ z#&PBtO0A`oItm*`7fwFx!7B2eO#^CPPcda#^}4& zeBf;&mcpD%1rZZbKDVYLdwXq+`@?_Um8`4SES>6k#pSxBW5`+9vA+#b(L-C9vn~`v zFl4+A-H_kvm@KdmdF&9sF~(` z+gk0MajBf*s};~DuVt0^E!-DNE#F&gjCyyx?CKn-L@rMp-X3IBm@6Ya-^T9Zgv;WU z`YTUzO?6W(32HRn5H%Y)leHz^2+k4k2L)iXJCQh;@d!pJp1xpW6n5Orno%Cck|(*M zI7M0s)18#}Cd+t-rIpBY(6E@4-8g)l0Stxj;#=>#ajupJ9NN8uBONJ`Q^%?*?jxaH zO+6{4xOFsv(en4^a{_N_T^%Nb%?oUuQ>DA3cNYU~v(fYX8<*DyX?m?cbApSrp>gZr zPm=weqA>CU>vRf^i4s^jzjp0BA@jfepS~T1<)@m#Dh}PC+x~U8JL*}JN1><0iIv;dMsSQ$?b4t77?xxUI4Y87{X(-- z8yZ(OfxSeAI}dz^;Q!-eyMU!PpEPcrs8Kapx{%(eM?MRT(G{!73~kQPV5Dg~Q^QRS zR~j#rfsL{1TDB_P(RGbfh5GP+e0)ROR12iv#TrF?E6z1_@ZTHHwd!}fLVJg(ZLG_> zdr>`~*ty74^jj+&8ubp>bBdP??vVHgBh*5nUJyC6SMVQl7M)x71T8J5kMIIQu{3vj zuFU7uQ);cbxjdS_e`yHET+Gdd(V}#wPbhJ2b+TA@RLM1A&6Qz~#>?KAl)aPhhL>yY z@iprudLC3 zWB@KpL)I7Gx<&+3nwq0%;1q7xMqDnY_&fAi(OU}mWoq7mjA%*(7dl!^_CrH2;YSi#){XT~(P?j&cgPTflAePpkB(Erzqx+zqUbV^0#g4J4e6X|d% z?pGZP#YLWzDYXlaU)wX(ynWHq;sTuTj(1&e+S-#}<&PgF;5NBF#xZ^f)NLiLJ zt#|n5B##={>v%l$o?Qv;u;~A)`5u$bJJK^Nx~o>B$!0t**m?0Y;5D?0X0IwX2Io(( zEUKARHSuFX{2NK9eC;>R-J^^<`#n|=@A&U-1#dd@Xr!#peClqXuRZ^n;J?vG;l$a0 z--kFiJw6pwbe<)ea&8~LK6`l@s*mbU`dE|y;mP31PA&d-Z?HGGkN^D=Pes!;K}?2f z*q}bV8u|1I!oQl}a4Y%YRfr5VwG1oQBXD&E#=hJsFUMXSpIY%l695}zfwGj9$A_KH zr%&MaA9TH48BX#f(I0mqgsZE-*!x3`(uv7A5tfcBS689Dh{9U<>vuFFc`caM#$-yX zeMvPH^z<*U;F1ZdsfXebPfCH_QZZ1x2l*u+oLG6zMzY%x~U0Ng0RiBx5@qvn|}I(+wW4+@4$TSRc*D#wOd`)ZMFSlDD;0 z%+?T2SsGC|_8aS&vY<_vC|=*8*yTcTyos>ZzfObEQA=OLPG=CpkL1FcvGDi|;YP=& z)7c5(CoMNQXr2p$@z&9^rug5;JlS9-;4`Ew#r@gWbK+0`_bj#EzPuo0by1YWbC$x} zqw=_DsvJzXxFjMr`~vMbNXm=s0_a)D(;`l);&JY6*&0c#z}|HF`nshaCYzc)P{AS9Q{aY%~b+X!_La=O2$%oFLwV! zKh5(0uQQrtRLD?ecaREbo&4V))bsy5?e9Ljm;b-S^Xb#}H=UOsGwWjI*;}d0j`Pj7 zCG6(*vPvusp$y6vcpVv`%l5GHFx`+Kt4Rma;;OQ=oL>4lQ$7hY3t2<6s^05ku#ZOGV!LvBOJ3w= z#p4<7WihLP6^3=Y)HpwD<#)urPpmhJM3*BG4H$QuI`p|M6vvM3-&Z*uWg{}L$p{?~j^Owc#$j2^D zwoRDZS_L?D`>=8QyFR-1AKlGCwQiIXs&ZkIkz|?RnZPLNGF>KG!7F;jI$B(5TLP*~ zuB7t|Dh~NP)1{E{@;UeuydQC zlPqhS=l0gC=jLmRBKOZ%c$(#Zt3C^!&^t&6x-S3o&a)-?|Jl9$|I0j{jjYKO@wjfX zM#qQH`7WRx?3|@>;dOt)6Ix06EXE`XNv>vGu)mv&!h%+J=2VfGC^9UP9&c!svF*|F ziXSx?WIw})oGWTt`+jsYn#@Bv+eVpcMVD6Q3Z0F)?NYZDKn35`7rgZ$RIzXR);My< z!FW;q+J$aZ0O(~#`?Fh1>w@U93TN~4OnOhskF8P9*a$lSf##M!2%cwh2=BTTzYDXz zU2~J`IX+dJv1y8yMB@WxTVGHyHZ4)m>-L~KrAq(rlBj6beeYQqzxL7jmw49F|1nEr zEnwY(4XmU8d;Mos`oGiP?ce8r{vyxsLI1xqTjrh({Ohs-p3oDDDWx47Sh2(%fMprs zx+^X7@ozLzmiZWXRRe_Qzu5}3)%;Mb&UNgdd1y@%{O6<2w^w^Tr zia$$1#mafQx(aMxn=rk97H0SGcHHjaDt6bh<|WH(@N}p(s_{T?jbuhK=)6#fT6)7U z*mAM$X2O8chF#>f1{*_b#)%&kR~vpjzYEl@c7Tzo!+m#dy-N`dH^bOZ4Hw&0-U5tC zbWYQFSoyJt`8aOen#MD#`HMH)?l?mnLXCZxE-kljifsJLIw{$y`FEUxhW(|S^oF52 zD|WP6-p;MpT3?$f-9KOKX_o(f<713qx*Gv-wfr~OeL7f@{{}nv^4}MEJkR9EO}=Gb z%FB_b?f)OI7WNwx70qs?%41=bdwu?v`aB-m8!Gj8XC83Ek()l7wbR=gu#}zU_Umxl zwb*PrS4_n7DkRT4y%}(W&QOoRU(->o8#nJ@?Cy$)B9rRt^m~&X-vu;c&Tj1I2SFnG zh6={xQ_S})htT(Zcep6=o|7pJz34_$F{R0L=>LYpZTNPLb#bel7X0{4o+LJ3>99Ha zV7U)JKHz#3DU8RVi`HxlI#^>qy@NTp%>ZWt z69B!bef&x%^eI&kN#VUaJUuDuq@h2`g$uQ8hTxCFwuk?Yq)9#eZTX4!@ljcJ%>@u0 zyD;zqR2l_D zf`|kY!RPzi7es7}JS}oGS2?LYoWvZ??TCcYGNM>E$3&deU*(dD{UR@cd1!i3pF*=Y zDub*+LPOg3g3s&vIT$Zqdo$7a&ZNC^qDWZGtJnSl(+SzU(~ZcP@hxp#{b25E(@FFE zZzdVIoI9mhQ0Bh5o=ni(fuEzM?4*{t<}Nz&GS8I#RMOF0vl}RBySF;!%Gi{4MwxI= z15sH+OKw6!HlrM-UIr3K8?DGvASsM4XDmU_bvlBC^URCEv$>&|gfY)C%~}Z!Bgy6z z^32soX^i)O9Op%~F)W8*s@wTo57RkNwUk*)0#S-YGvgAE8OOIw6-Aj)nrX(jXAAqu z3b3MLsEPhFH7IjaO0=kLHDm4sFK~pJxdQ1vYrm6uc~oX4+gyCa_B8 zQABAhdlgW;_R);Uh7zWx;AprZ(-}8#ooF4;DYx98Am+7~8kyH`&-NcamQ+FT@lSPz zRVMW>18i#t50*vrTHtfFZEy|#RW}OzP+Wv>( zJha=X{_@>B=sq+bcVT}Yy8SM^e-HoppFlq{1^w3cuiu{G2j6u4V`NXw(sAm3vl1#2 zGT5vC9P^Y`wEj)@@$V}?K=XEL=Dua7wF-uQGO}jwJJ_iMUsexSPK23+Mh@LL_6C?$ zt+G0T*5*Y5scL&0yGm=c(@jHdm5ltmEJGIB_j14WY+TEy2C)9DT!tEGt!oI4@-*1X ztrf55SdFOvq~C9Yj99J$ZPHX|(fn3@oYTcdeKfag?4y~+H?5DKPWVPEWJ7y?YDJ?? zzngJ$*?cQ$zg8JsynlWL`+xKOk9DxfOeE25FM-y@|L#0{QoH|ow!5=?fB*9(o=+QQ zZ!y__d@ z?|53q|FqF4QOU0u_%%<;AH2dNONgvUuTmg1shGPSz(JDm%Sv*+3q~NyrQ&nH)X|E; zJogz_0kK{;&}0D*yyP1(<#=C}oerY(kMod4tF z+B%InS5gU*{o5>7%kA=AtWx{kUK8n1+{;ds#>NmP_?)U4%`G8mrE6F@sBwJFbWOLf z(Y5Q?fWNM|{4e)3%l{dVV*BwjJbhY^|Job$@8$n5@ff-O4Ub-`FY>Ims=RM~ z>v>D&hxhmL|L^*=)Bih2{9vE8^8a%D@3a1W{+}=MY)b#{b2|LXvw@rCboduc=J4;t zSeog-Ve>`Mz%6;eI{N>tU$6i2Z0|n*^Ot$NfN6bLdhjq3G{#K7EK<;o$KBG{zZAW) z1>Mq#-)q<&@3IADWWHB(0ekh|abY5h9@7stO|Re67Cda=SX=NorH!qxt~x;wbR414 zo4dlvZpyD7!qrvy>67jA>dFtZsnVW@zatlWcuOv};`=X_tij`B4{yoH)FPupSSp%& zPK9v?{!Q|<6wRrkX^I8!=hq|`P0=bfzL30`h=#@R`IVEw)A^wL2dNk_=Xl0_;1Al*3kdG!P9=- z{@>rb_y74K&jUC!m2}OC#6mUnBa^07u}!!A;`kJ!z?dz~NJ%tPiKe*Rl?m&N8CO%(1 zpnWMZ6u<*`>q2wNcNof3i?bw=%1L6P&tOawe(4w2vamc5CbCjt{Evw#l^MD&gXBCl z)vd8`69Qxs#)6-tv%7_bo$v#i#uzs$E8aUrJ>jBoE6jPy6vq90lH-->18dHefoO|If&%V_9!RW|rhhc$?Xh3(7pzqzIoJO$`Gm%qi`djGA5)BU zE8?OolE++~=${T8_C*!(!e!;t2D#}92br@Og*joS7FiFsyeZi+J$Z9z|CX-KqYNeq zx!_o|uV-r&d!@6LAd?A;z}43|e0AjfY04yTO~o{qvqRyItR<3aD8RWCwxfucQuW4n zLUalkg~t!q#s6$o+cb7oWGQGFRRQ=KqgoS;)H14yr_-6KR?gFyh=nO-Y8Ov0#oHqw z5-x2W#u+7vn&CRdbevD2AYN_j)sn=kX+S=0STPRkN>#m{|9Y(b8u#!U)2pv7@7_Pv zXSM!k3!dKc3TTb~xBFzUWdGaUxxfGaB9GPooMg@<%qcO&oSaVODN>g8YrSZ!X@=3- z=*Ns}nSprv8R~y1%2vwrqdo^#pYwfCI}e<^9J9%U3Qav+Hz-*AUg}zzxA9(Uy9=$& zl8mpevaLgKW$NFR-83aSLz82ZYG69k@2m57FPYv;ruUNRy=3~epOx~TP4)CU%YTFZ z(|Y}{XHV|szc2G#BY|OaDbB)6sOGfz?* zvpkE5qNhp_MW?lNnGHay&6mfM@%SfPk~vLPL(WGZRzutBdi~qR-Tl)if?u6iVSR#) z#vuI_hwMgBS7QA;CY%3spC?I z7DXZj#H5d(=MsJIG%a8gMq}$@;=vgOK>=n2L`=iR?(P%R!+nDKdeh%6L49!z;=L$# z>3+f^lFYbNy}{12upjorLGR&X{R7(6gUMF)&(Be=Aeg`)*nuF1N8zKb-t}%Duh~3o z?0z?Jy?aCZCrz+_v&^^~u`5qZ@#Q1EB@SHL{TAtd?fX=*gZ9+@n+TT`G`s`t|K6Up zw|^apvu$u*uino$@6;0!HkvQft@mnJ5s5bgXRcgp(lna@{jmAh-5C*aE#bGOflSc& zMJ`x6J&k5G&J&hSkESUvet!9pM!9BX_1&#_#uGkW{FyH55i0IL*LFRs1KPRcbo=@{Z|&Y&yZi2X|J~gVyu}`D-Gw{-_MV#dVawL6z*u9vs*})W zqI~TXfomDm?@&3Wjj9XA1yhT|gh**C?K)3}`m6TC)CS}_YDUx}Spc&IT_#+>RFFs`4sw>Om|vzC zR)MSJw45~s0H3<_=c}si#N*X^(O0XnL&S7BssD^7$vU;im<4i)Q4Sw+k{GRa)NvY@9~0ueNQq>9jnL@#fiq2igRC1?jZtb(cm9tFW~oTVc;e02nq zgiJLOT0DukDdGe4BZ*Y9fL-*K?70}DI);M~ek2zxot7X?UHX_hlLSv;)MRHL)j$Cl zC0hwLol*gL8dIrvt}CFU=MZBFHB<}^sg?DyQ2cllCP79dp)usyw%)m65yqmpd4*?` z=V}>{?N@hK>9;nwuoJ?80?jHE@YIwYVre-eOae`LKAmBoc@$A8wIa4y?oxkH34(EE z29m}wf(=+4aJ6bb~?ghR4e&SoCGj)&^nnE|(O;I&x- z+g$X>967V>`?Ys94y(}!ap$(k&G>HA8#R2fTwACeCG*avmtZ}3_$v(eAx{-cV7H}8 z(WfHE^g{-H-Kh7eQV75PJp6Qec5wFc`?s%7U!I{!<0|;{Nq>EH6;@w<|CblX$blYS zy9iQK-|cuc2zcfR0uo6Na*=j;|Y3ezm-{mnZFdKkIH2K2=<*m~6+zeSz0)dtP> zbJ9|;Y{kecVk!=dC?y(HmLR|vdLGQ79*&wAkhTOj37%I|&+TrWNKcBol zIQ;R~!ygZhk6*rO#;vrr1X_sdH0+h8C8Oy@)7q@9G}p3(wbBFrIEu0=&?MEa-W)~?;{PQ8DvWa(pF?a%#M z?ILr>zZFQsk#8368;e1%yCiMdi*59_;p=~@%Bkk+;GeB#Dw@)NuVSeP{OeRnZC{Nq zS|7FLhwDoNH}@Yz8<c$M-M0<^T$lf6Z#n;W|Gxh7mwAf%Z+DkaM{k~M zM)G~yunKjR!QHTe?5CA^JzW^#jPvs$=&=O$2Dk`lv)9bdJK>mKP*ER3ON2>te9CPi zPCnH`_cqW4D%xD3SKusF+}*FED>Uc{OZ2l@KUkp~tgG4IpdGBz3|43bEkgTBZNP#v zR8nxRZUlE(&R>SR+-3>xGUu$%^;+3~)oiy(|4ZAi_@nMPRNH5kO2D0Y4&Bac=o(sd zlPPw^AzJCV-X?x5MQ;SFJq`kpACfjB%xaTB;9q7o_E#HDlZ+NL-C^2M)tb$?RNfEQ zjC^Rj1F3Y8aZ&4H#eIK0ZPb$P5|yVfgaj$;*Qm zKfMg+@g4WETK;>syZ5A4|97z4AKce}`6ADQiu2l!G?~NUj0n}~yz^eXf85|y`-hSR^i@{&n*9z1{-Jj&-ZH6mH3^Bv|( zXA%gE1)~$-7y1O#OW+gThal)uhWYCn$6*Qu@OcrV7y+AS2`&0?PGuo{&qWb~ND^S_ zgp0XpgUzypFLY;KM?J`p6oI64*!dRz+fCEu6#0_=Nfh3PildwF*{f4O#?&}Zk|Y7EgCHl)Q|qtPgLgQ`F76eLV2M^v&=z#^ z-N7Mbf?cqLPN^($cS;2!t9ZsDxh=*d+TPMjh0GN3Wr>OQB`I`?(tHu|p9(z?`cVnu zf$stpg4-qbeQ3P}#tk{#-d?JPBex@-Ml@4$n~e1~G-+7%uS)PFp`wxnNN#_-)XgEe zphVqqHxCjvXI3FIU7BNDj0w}#qARDFuGqx#PI!{=OALVSd;=Q2JOcvpA|-R1dR9in z6mo8I*EM^X_$R^}tC{12I9{SOCxwXG>5N7r<7BRv8?^AM=?QqdweU?fzNld(FAbk> zYY^Dgk=a-UZ8IeKjJq9Y;+O3#s2Tn#j97${D2(Qd!2U2A)=_gn$~MqQ%;T{^s3bmk zI`n~!b6iO`f4y@5ChVLhi{k8Qf-P7~tE&VV5oAsk6V>rP3^*r7i9@uVs>O3^g}Dlr}&;5`WnBlT#5mO0zbdw9t;sONE(SzUM8JhWCVbdHr9T6vMH0bw#U?UA6 zX7U`2oSspkrw*OVqnW{rEP$nvz+K1%#MJ&j417^m8J(3hoPhTLS-YxE^%#&a$ zZj2UGj=Q56-4*mMdQ(bm-6xlO z-;+qVu+T+ArWq`rmOfH|kxGRa@AVhdcUuT&CE`7pFkyK_o>|UT+3sm<()Z)WW2xe; zs1RwZY}&jwW+jbHOPV5BMkwjb&toR6PmB5Yd=W@8p+S+CrBm!CY-blHh)Bf?-z0Mh zf`|m?bg{n#Wji8hMr{FRcBbA>H-cImJ(CpIm|9^_Y7(2^tv}{48!4v6E zlSuT5~;-cn7B)KFDiMl|HD$&SXdyMoy?R7@+?{m5sbvmz8 zuddgOq;ao8_(>wQq+*V6iA05%vxMTc-%^jxU8?*8`_zr9*C$KA8Qi{GfL0wZjJcE>SC_}3IS z4z;){<_3h;q>DuvotWtvRpN#bCEXRwh~|GZ)!Z;kDBhQr+PS|18l<5?`aj19KfQ!C z&&kV!7k|Tlot_<>y*+imo}L|?oaw&~et6kwn>HWNV0+*|+Qrt7*JLnngEP1zI6HR) z2UED6Km9Ed`ilb2p_~0BI5^{#^(|FRcX93?KSNX!!sa&jf-8>Ox~>=3TUCeg!JC7_ zqcgp}2Zx6*Pfy{e*Dqe4;sPJOIym|X-n@QwbojT*>YEoEJ*Q`{PY!<2piT|YgVWc? zU^h*65d}}5Jb(6_jwiunchV0A1NuB5tmpX`mFd`&zD8{!%Nai<@DMLc)b z;pxngZ?mZ&g}uSjNd3l{XKlGz*wwP8VH*={@`~hXGy{T{yj&2mFqMdqnDQQFruw+hUwMY1@jbZ2R34*;Q7!~c)vxxrpmm~tqu`E`ZJU%5my<~be++jB}=XeD(J9?B$96_u0|$53m+5*oQ}Tj2`{T?CO^vnK_PjnXvX0k{kVFd6r8) zhj{$*!F>K_7M%m17?X95#DnTRuLUBkCpaVN)RB{vUV^+emFsOZgKcq;Atqp?&dmozZ8TRUx~B?V7$M1)wN z9iD*J^WmM~=2FOFQl5^6n>Up!E*MG58@9mP-P>a#SrinnBvsoFFdIHgr-6Sbx24ZB z>aBIbTxu~p7%u{z(hzN`Q79}d4so@PYN z_8)z+fkEgG`tFQg8)8il22;=BHP;~S_Oq}{7WJb@xJ#1yvn0Ub70D4WCIc@W7k4J=uu&P70R1*Tj55F0ZaY7 zm8Nqox)Oov3|ARs^-Lf5pUR|eIR5VZyH z`Cb~U!t=^q+|VrI^Ngn$9kJx~@g^Y=t{ErX(PArMMghk{Y+zzwwOD@iA_ox8tSHXQIbgB;@LpPdeTZ5#CO&+bWTyJU`~GH zqHuTOld7|e)C%ugJLH<%4l=z`XkPCJVW+NKiolW_^nBO~YmS*VUnBaPj!ATWNkkm5 zRPP|7m}Z;id?20DTJVGtm1`0_rs`5l#RWyvN*>NB@@aHVwVtZI!qES2X>4J?bOYnc zcR^e+R{MqAwjhjGM8=cNs#l_3W2?>+Rn$}%o{j=x)Wp`7>E3a_f zHCHk29?&^|d9zVY#ws7O2}@|$>3oJag=@*0=QF&ZG7`+F$~Sp51cUbGpL9M$;GXsH zgJ9#vt07zu!%-!{)Myp_!$J>qOZejW6k?N^Y9kCsm0R5vomDX`QsS-t;`8!lll}_b z)8!@zY7F1K-vF&f46UQ!YWSyGAg)rmM-o_Sy$Qi2#9N8s&fXucg`$UHC9Px&{A0_@ zn;dI5>JCQT?oH=#gVdCt;e~0`h#^WM{s+w%ru?QDnnb*7X5bZ*$XH2&d5nUBx%wzO zk)>g4-fADVWJ9dN|A~AoJs(L%B6M8R`U#z97{;+~jHCYb5UgS7axAvO*BBDberOC) z!i^153soA+4L0Xz8141@^EEVM1%|$lZ!3oO*jnE(YZcWitp$P)ITft^G~enhyNr-4 zDfTOuQnH|f_R<_BORWN-2)GKvo1f)MX5=>bE6y@n$<2*c!c%kmvekg$&ChZz31%CH z)*TC{PA@Bd0tugP*4=I9&?FdK1HadofIz* z;$|5Bcy{(?Bebd*KJP!j7QsOb>ygLp`>-$ps18^0Vj3gA;Um}SPESXJ4Pn*sEHPAM zy1^<}F;rx;{pVq5&4e3IqlaM`ZoSDI>ei5%=W!e1rt9{79YZfYL#u2v za+wxJJs9PZ3LDpvVVr@V;6ZUa2*EChqIS+d!|2o14bF071%^fpeJ#GIiJa#1@#fOk z=Ih&nVYQ5MU2=GfZ$Y{$%SaVHtk)fBJ%?Sj$Y^&6-4k;KW?**PrgjO#hT_a45B_U` zmcSD&dyTe7T1`w6nv4u?XcS>Q-8L2-?r!9L49ib$IEUjro>Hadh_@-ZAPj@mMh^b@ zbE$E8!KBDhC;bkad$AI0x`WZ+wyR9Uv{g3x3@yuF~vC5jZ~?dO0c!O z!z<)NgCR{X;DU(F)Vn*!&`(rX2lW{a%J^gFK(Dw-AOS=ba_gMx(|w0pz;gAgHrd9* z(3ylMmBWm#j!L#2YCOv;jI8>Idu&l3@a272Chb{5vx1?Yd##3MJI%QZitU$cTwdjO zSlZUrg#?i&RK9<=^L|qt?*c=wVqC)vqgqh5$xw3X+d{IcQBHCvXM-)F@~m&;K;)N*;Ez8dO@bE>*4wt z!#uCAjkeX3TRtgxP~7ERlhi<@WYe@&CB2hzt?#_!^mE19lhBQ%_a<6#q1UtJFB9-2E&`l*i{T$#q3ow_GW0_mSV?D zM*M<`Mawj{%wh4_`f0rF9F`b1PvfdN+zic|%Qn?=2JIUC!C3MnR}?c+0#7kz6T0;) zF6jCzpPS1ztMjFo6#M5H#c)-7newLg!CG8Do2&qLhoQ-Y;=x}+3G+W+qq`!N%3Wbt zNtDurp-F3U9SrYwm1{@3Dxp7~blntjg&=T62~+L-VE>Y7K3r!KQ%UIENUL z`hR@v8*N%4tfz+>oM(|OFjrz$k=qN5cU+WZ>?Jx(!0q6L8o7V_rJcvHUI zfMJWC;(V4GF|y*s%I>GR?z*TL*I-W=9b#ED9M-}r7NhraldSIU7ORXjagD>nXE-vx1LjCf(DNGU;%2m_-OnL7 ze=Y+H3sW48R$|!d@K9h#rZ>d$GmQG-lbcZ+55rc62hCI3k%>0&fw-xkLk+`Lhlj7{ z=g?T|qtPnz65qkG|3Tfe?@{Z$6+@Oz1(n8*Sf9h6XH3zANmWf8YHBmV^yJN< zv4$-<^IDv5D%&(;xNJuIN*H!t`#E5pBe)jm|>F#Y?5a;nCQQ}*o4)YcfW;izByyrH{T44EKj+t&f_}|ST*XwBvhv~ zgP2`V8(>(;X|NP`;WB%;u+K*qWuhA|meXXkz?@SiaR*7xEl8#?z`xRs7Mw>mZgS*o zT4B}PuD6&}Q$bJv@(M1QVb@p+8Orbzm-0f;M-m9UyVRTNf(S;{LhsokZMc;=Hj96; z%Vd)P2C-llR7e})0|(N}57C25`Y1_EdV9<;UFNbdySRF6ifkrj9)&C+3$VeBrq;Rw z0%N9nm^#^b+CH{flv7G$JBfm37?9T%TIZ&>$Or8r?992U&Av@IOv*f$Wt!zOt2yrR z#>l)%1g=Y;_`8JRwnhHc!f-o36NdXupXZFnMGl-LEEU&>+a}fMVenlpaRZvXX}ymA z9KG;|V5048ikFzDj}!(R6@E^7m(DZQ10@!a3G2yCQ%n$|1={~ziT)68w7y*`D)L`J z!}DLA&xWMFuq6{5fo*N=Mc4g`Rg4KTjBNUAL=^Gek@e4VAr+n1h<6L@$Gaf-rQEv4 z7!OZg9-O@_MhRn*p8u&+`}O+p&JMnNWq^fNeUtE*#c*_d)_HSs^wYt~-{8+L|JH*s zNiZz^#mmE^pAKGa6@4RwYjk{ceERa_On30Q*6&{rUcG&J+Ic+K*?rQ3LBHSchkO04 zKXvRUgX?UGm#Zajo}hm;T+;E}80P2dIhAGvkRA7V$ z#SvqdOz9w=vlQMQ*-1T!Tqu(Nvf4ZDuBNzc+tsb_k-1A?v^4jwKP^9M zDK40BaY;-DR!rQ0!ih;HJSWi%Cy`^OPrH&BhyK_IO1Nh2SqPS-BnxI?H&A1^zK>OV zLW1Z0=Y2z@w8$=JJWp&O{#X-@gnAm6KhJvH7fc!=>ME)fiJXTT?Dn@s4&h5WhOuVB z#gX`)u!LV|>HTN|BwbV{*LV!W!~~EtrI)8jx&&x0DH2-ditCj%Ra0!54lgxTwG5C+ z5{uMN(BL;--MTekmwFbM(nOO=jF5*sD-+mabU(_!&djO1KWApk=pi*7+10rfG%;w) z$g?iXP>?{wl~+UFh~9=-Bf6WUuxd+OwQn(;mM#$b=ZYG6f%^uByl)9`g8IK=HNcgnz2l-d=Nehcegr3Q+o@=()d0m=i^{WnEOuXyAAKLn~`_)DrBgGpCC11$|Ed$y0YIiIyM=yo| zpEg;;tB(E-+v~Gp7qm#2Rj~$Rg)F*(nYdS&=H3xk=?xualYEK{jHt3qpsX{%DrhZf zuFk_qr}0qZGM`GC?CI-2i$`D^R@+zzdUA#&~oa3E`}mBP^ka zDGSW3;Le*96&c~Qut4L7c$;phWi7Fh%dZp>Eh%+6_8(689MdA}nx?V1pngKrk<(&B zFbrK#$^Ks4J{QViQNDubv0pmNWv2b%&o8wo`SQ=FTRpT8R%^aFRau$3ctj7`P6m+@ z6RTsLt%zvF2Km&kZv4a~8(lK5yS!GvbSfFV)}>@^imcs#(vp%@Z|a^U2Rj8Dj$(tGqwn}Hc$b;FmD{47l z!Gm{$_d{4gYJgG#_r=iScTbf*97LEZJB z`ej!%+|IivH|kS&=Hi2bOi((<*xc<0?nm^c{0FWP?H?ABWr3h1p3}Rn0lm8ZbAK?{ zeO9ag{G|W1e_#LkOFY&3&$iBJ?P89=i(Qn?@rrbe8RJPF~{*a{6-D@bn5 zpsca=(NW}_N{BQ+v1Sdg*0L!N^O31V*umoS0djZrlaxhoC|29<%te0Vb*}mTz?fpF zy&y0qmAI_Ojl-S*rc#zYQ-*m)L@e$1uQSEwnqe7z4syj3_IEQ~^n#)!W7ZJsCu@}c zfeGLJgO5-Djf)abF~98{_OXWk_jjHx(f{54lY9FAC7xoDc zVQyr3R8em|NM&qo0PMYMd)qdaIKHp-DbAy0HgQ*^B|Aa zuOJeVP*Vg0fOa&Azx(gO0YHKjDan_nb1`4Eu?QX<+|CW>67lF^^xi_z&pcEgH>FE)@~~ z(Z6+H^}+p3Y$N+bcp{#yy2PLo9t@l-OYXsY1!FRvgbij0Y*VQ0oQCNrfnIo#g9yu1txtP(PoVZ`Sh z7U?cs8$m9^DO0n2oJ%Sqo@%JN-L`*9ihpmstCpc$7;aj~fEGH>qyC^8+w zg*~+ZS)L?sdBUQ_5RN9tT)h=k(o|^zA!tlf#YiHD@cF6(0Pp|=oieF(4>6CTTk0iu&Lh?kxi{n#>xjyn?=K=hU=OAZ1Ph#K~R9p(CC@=+V0t=o$5)^XD(kT## z*2x{~PbWhh+d&Fk#8l825+)V!$x#>_}iobyf3Pg;V5=1OC5oYOBg3M^d zCJQ~9If-U0r4W&fj9J1Ib5LG4yn#8J&J?gTO7fT*I3!_zr!mZkh%a?_TtJ%7$5d!s zBQB^!aF1y?4WT>D@@@~hp9W8(?w0OIBQJ;W{)62>0qA$dAJZ)F;P+=-kpv|BI|Y`) zc%er(;Q}HO&8X~woDn@q^n#|zLNA(L6N(cs&lAP6gd!ZNxFAysF}+|Bl_8vJkTRc4 z*e5$-GS4zD^u9Alj|M+{Hv*Ez`d{q3(UzTN$f$^Dsx&x0fo!&rEFuZa>70uNL?i{0 zNDgB=Q<^I~km1grfrI!DVQ23TW}K%~X)dY{mp&R7RIrKO{S+9UP_@u~kz&i3$(d0= zZUFOKDwq=$&0tK`C8a5zF0&U)EG`&J zt3ZRJ7ZyH+RlelE==;1;z33EzP zg}XeL)XcZWRTH5U=qD!e-){Iga?Ks_SH<;5mFdIz@kfEngJ6+Z<7YEkXR~;TnV}x?8xrK<&$1J6B4>t$)Q0!y`hdT;)Ql7=gCKNAr4y5$5 zGLT+nXm*zuBQShqO4xO`LCXEZV|UVwNJu%*$%ID8K$>QSN!;$mnbcr5=x{<3Njt@= zkT@1pN=FQNn$pPZkOp34PDXv>82pcr%_04ZX_oMX0U~L{)3_?-r&1BU9BM|C+YXwH z0D%b;Qkg@Q(jIPGJ?&$f@JqwM6gO=Z$2SEs4ywWCC5dLh6rF2guiFtJ$imxu1it^v zi(`1K_l73cdX`g4V;XOv{E(pD0pkUN)0^QfkMVfv-jUznn^$})fhc_t$e3SHBWI|Y zpmN3&+)}4!FJ7LU=uZeET{a$=J~u}Et+FSnoyGq!cZ3iJem6V zD>~0OGUJ%Z^FXUUF)BfN{R{*6%PaVpQ=!={&M^HHQN6im)Nz(^9#5&VtVEBe2a*dV zdq7pBm(XxJKBtP!HB)maWGqQEouC5sAB86%PZVwqjgVt)QA9H(EhCralT1)$m;!R& zo?*rX=d_G%cgHeIbL4k-kYnQf*7&9F&%khOw*LpmTlLn~!Vn%Oj?CPfx(Q1t5=ebk z?FPY}XD2yk<))^eGCUxLn|UboU^FM60$c_SIu1nqfpdPYp@CBqG*)cwxa{LnBg=M9p|U z)h7jFt{J=*g0N$Y3=*>%B3mGN56Qma4m_Q(X)X-)XR-%#a<11^*b`nIuRa}!wH1dOGDJqSFd@R)@(gppcgbbn6gqb;QLY02Kp zebd#8-8IKegVMs;In7iFu|cvkaur)T1oiEVRH``e*f=E#!Yg4n?zkcJtAvCk3BN>n zg-7SWClg7H7~rw6P|pt^qkK_qX+~X4Hj|LBIa56=i|A96BoGNAXL>u&S<2>mc{T8a zozsNPIFEr(?9L~#q0gS>M$cdfN2%7&q}w=lrY;SQ!B+;TCPHQ2`)$zai}P z`*T^{5`|8&5o@vh1bIo6Fq$gaLvTiO(<_zh22~< z$~A2cZ^9}(eQ-&&YGM?1#j37C>8X<+6MKX`U8+=`ds>{FlR)Z0qpaw(>2taW%vRA# zfn~YI!fCdR-MJZ`3X;tVie(k&5YEb1RqYr_xLEXXBK2^nVenjlAkn$*giTXp%MIa$ zBTBjAbE5QklLZKxC0g_|!tGpd21jONhQ>iu%lQPTmY5XNgh6u_vxPOT3|B=OjZU+9 zs@IsMc3?9KnP6Oa#MnVzXtBZ!7KyJOm()xU%@n3*O)xAQ!O=PqE#h-6_D%GM36-+_ zYj1i=-fyr*!5;^*@)#o}vfCOl#jnkNms$;0sG%a~aP21aQcui$j7~&jtwtE`e|mOs{Nmu% zo8y;usqE7e*u#vQ5msEvz+sGjdMnrJZ4HOdXCMPHnW%s zsy8?aa+=>@+aPA5JX+r3Kaxf^<8I{*Py8Zvn+8Y2>1rQdwZYJnuj6cRC$!8SFiRT?tJrj3wn%X&yOU4ABg$CF>!a z@I;@Fch~??i(iwJOsQTVcdPK02$CdJOT9)%H4x_H)4Q~gScWjLy0>M)o`Dg$bQ%W< zOSR5F&CT-b&3s8x9Bf9Uv}%~MD%m+P#;=hBg4Sg*ts0kuU@g61= z0~bUv4M7&zpye&%_U5nyx_PBnV;nqubNJ_zHwTA5{_^tphoj?{zq~&9|9(0B+wtKq zFW#LToE^P6wjY2Yh(qY^JehT?_?*&6P%Uqfc`1t`OFY)Upe||UXrB@}(nFK>cMD6L_E^SAj7nZ^R{pJ$E4`I-^#ua_?K+?ppS52;^5`<~?^0jvoYAuKf z+I;n&r}od1#=Ny!*%tP^+=X`-iJ2@;wf+)*z zH_wY-oV{aju=AP~E*nPn+x)vuM^bUYB2<92q*#2b=~zTkq&U9U1N~%do2AJ}|1mvz zduYDL-|_agxIzS&iYzjKp#b3it_r&DHzPFZ@9a;7Nf_l`>tw*BhZ!pQBL_az?MBud z%#^WAj%fi+cYw;=$PFU2S92+xnmGw=W7l9c#)zQt5;>BJahy4ZQfn!tj>3i!2A;jx z2<@&XPj>e|(oH($#iK>HyfpSSv+=^&01E?8;dF;M>lMwo)SK3M$sD~khA^D6s!1y0 zB!)3b@Cwk=SDb~{SdiR`xULFeF3ZOWi+s(Z=+bVxO(aHtb$s#g8Uo@{XYCSVy~jqG z5ZA#TCE#hYFn5~>%c__!j!%K63eBx3O>3nk~BL<^w1XOtP8~u3>mLOH{`cECJQV?9y^3| z%F<7^VMK)r=BQ)~9KO|9nUpydLrAESG>ya})0{seYNk2gwpKf5Tq>vdY6Y~(YgHwF z3-`rR%MTVCquw1aySfG{k;@Z@w+9&&=E_LVx3Rl8;j(z8{>qbFQ{7Zcf*OstM9oId zWNpbef^!7?K>--;P9zRyJc1F5r!SZog&lXZW|W7q! zSBD8<^8#DvRO#;M-NiuLZ1g<;#^v=vnqKSAoZ#YYXxuvZlVpFVD2)8TI-P=Jq6AjX zuU$J&$oy~rr*B7L`Ke~GibFT(wtwC2j(XPQQRpf0A|-R?+zip0E*Vd)3Dj}&)M8fZ zK98-=<}R62zTD#ommZKCsGbF9?Y~atD|)1&T$dS_G=<00Y)5a>gP%@&)*3Hj;Hd@l z!=GRF^gH-Zc$3leRFUZ1s#rcEZmVoUhRZF{xN&5KIF|zIhQ^gmU@wv3&I8{e`2YCW zE@0`+CyiStYE(^@E~Gc=k;pJL8Ik9-aUvjR9v~Cq2b0&jg%lh|1-gKeRhuFk+zh3)yoOfM>{Z3a;QR@eMK!akCVni4efk zdz5i!zr_mT9sk{};7w;9jg-}yPu&glwdX$*{8t(&oH+aM&hH&+`49Q{R8Y}*mT1bk zef;L^AP1gi58LDA}`tWMx^JfVEYJ$V9 z)-YQdS-xb~>LwgWG@5^>$@A$&*BX z+=URXt^#B44>d|BCg(s{I;vbibW7z>J6%>cIsVP{dU+ky=Q!tQxMaIvvk*wCt8=7>#Cq z$>a>90C~k-e7ta;YeT~xGz*DTf&zZP6a;~om%>h9g~^`_xgrQqMA~nZhbrx?%lZB> zMwGZWc5H536?w!TVF}0BH1@ljF1bN@UkmZwO1CtvL3TH*LEs@Cdc%<)6FuP6Xg&}G zGcMKs9qqkN=X<@sF;KW%Llj>~q)I>iaxIBS zBy-9mI`#GtFT1l)EVG_($~uGsQF?-vwF2N#LcFc@KBdNFj3Jl=E=a;k7sgVg@1Qfk zdFv!)9I}&)?QqPtaHmc;c)W6ZZoy-HG#?wAY;#k0ucArb)>biFLpWt=MB&(PtY^xC zHesT8eTQO~3&rs!!dm}24Ms;TeGNOEK?pyR3unf{<1>UC9iL8TCxq8pZgS8(7Y5_4 zqi0R=zma*e!A!sxNLh;ev#;mGpZ@PzYQ24VLCET&D2eARg?C5ganV#cm~e4PL~Qs4 z+HsJS7uf~Svyi7noK(f*+}pA>l30Pg>Gbt=OFhO<#eC>P38TUlb_8EEMo*vMu+OyA z>qg^A;BKgzJ?c+2)JY3Fke@%>X&i2Ep(gBk<^;21fqtWmDzQSrSe|v{)c{=<^Nx1G|8xtp~~(c z70^2Qzdxww|9RSfvU@N8e~st!=k0GgFF$40#mcj{QkNa)n{7+j&Fy8CSQocOyLVCk*5*tJ;i^r`67>kPv=w%aCSVhv86ehY-zFBahGtd0*T-NVjl9Kn<@A=k$jyq!Gu+E!Rs$;x>vpY; zHkx`Z5c<#_;!uYBo3F6{HJg+(V<1)J=b~+ad*$sqgbQuJN80_E36`n}bpIfOKgezk zvcY9z_;x?G{kyVHy$zs`md(4S7vK5N6(`IHbZa&Owk#K@J}iGV%)f1tJ@|qVIa)#K z{#O^ezjSYY_UiPZwD%ei`$WpU7T#2Ft@b|aO(D9X&l+VlbwP3~Kabx%2=3 zmR;HbvveAsKSzuC#b9|4-*oCd&q=v@;(Zs8&8Gdo2jO7nHbW;_);7=Wtyj;@?=6bl zKflA%EdN{eS@4A3K|0WN`G0qwEy@4S?(P3y=kaW0O{R#)b(1wZK7`J90qtPtER74V z`xBnfO3Gg`CQ(RoHRFQ)-CPtFw7N5=io`^bVUhH9L#vE!kCs>bsKFrn1wQ6nQPbM@ zqnpuW9?ID^%2X@5v@%!dY|L$!x~%{z_^!U-tq-A!ebcwbkvk5?i|W@dbfW@5FEiSo z-C9}~M2}TCo1bUWds2REje5pL*Z~MMxBNlyJd;Cs->vvvnDydnrWC*$`oG)X*;}&zKfSO2@l~Fh$;~aiqyNrE z@DQT`VYt84(!40!p;L|5uHrCMw$rEk*xHoW8Sd~apP4k-eb5qOdC`%<&EqRA!}Q~0 zuIdq%mgEUc+4%6BE_(3L?xh9yY)WBdxPu8@@2ZEy_?LB3vQzW#I0X&+OF8KcLv>c{XtlhZTd%c#Z>Dtr ze6^=p{`-}WF@ouC1i;nu-(dIYU`hTP?B2_NU*+*UlOH$vmU$^JN1nF-f4o}QZA?@& zyOk=Bg;nnL`CIDqcxZ2^)Zd+XzzIig`fS!tZ)?C(c9z?(!)@1Mv*}zh5zniTJn!^o zzzsS>JqCYGN40L;yo0g3D`de-?JP--}l|& zqQrYnrZn`T8%@QOCexw+8xFVO+cnn3t#VrMrtdI9)~Vk zvn}XgjrsHr=HNC1&|L-w-s*ug{CNwbaDj2v(sq1X)0_zfKICOZO*b)RG6OT*GI=gY zn#P!j?DPa4d-qRZFQ8lm@fIjQ5Vx9^z^~}wT9n!BC}b2Z-epbz^rrUlE1l4%R6!(# z_wMlYq^OgI{wNnN)Up|ZKMLC({yUN;_3*dlC*H?LW!W_sKy>WFzza}m3~1$0)w!gp z5{rzpBDfh-{<0(ixtJ#`J+B0b93B)AO89jp%XM`dmwk9zlZn^H=!TZlQwDLv)zz@Q zog!1Xy6VVJ9?ZM&8t9nbE&md-E--~L;AGhmG?eYZ?2_}Ni_qQ*I*cN$O zI|z)>R$%f)(##li|Dn$ z=W5&F8vLtn6!xLG2;Zhp(uRHu;?-aS>H3u&x{Ww{4fa2O4jaKY_Iu3$H5dWo|>iO)cs~9R3v1uSN}QYDXnPzo9yG? zR(^oy?bOVD%S>w(4EDg_(JB`}?MC|6 zpft4WUE{uJoq_QF=ID3u1a(&qOG)w?lC$0Zg6B39wlrctYOj9B(=z_2jYf$|e#OAA zc~bu16&_haWJP+F0-;I8-1Ptsl7wGYlIvYC0#Pm%pZlebRt)C3&$tSR^}2y33z(n* zmTSi1w=Q7WAK_ApM9b8dcR`8Ob<)=ip=%P@)DborlRR^WtmW33a4`q6Y{9=7)^~A9 zdHcQWuk6Nqdd+qiENOaew_Q_J=2L3Qe(p5KEf_RyF*M`+A0OA&Y0SBjN|5Z|X0cjs zm+xYg+VA$7NQdHHcA_*khA_eBRLy8^2}vtm!^%O8<7=jCx_ynVUB?Fe`-;o|a!<4T zpYb?mQsh{-%~W2!g%+?b{_Dxpr}g-+y}^@v`TuJ?My`L$;}^wxe~0T`k?xHmSa{jr z+{w%ArF&uh_Z8OVzpJEPFC6Wg!@WK%#jCdV?cu-oslB_Wnf~8V;s^Vz&;L-j|LpDV z-P8ZC@~pPy8}4wQ)8Sv5E41ZwXiDH_(Y*Ll2vX?<9F@GufI#!SB~QqYaZ-O|{<6uq(q-O`EQYuFy|vIS*i zzE^Vrd-dOOVIqqj(~mYyuiw)aJZ#`tTktrgjjgY)IzbS09HG&hyTZwC%C8>6)m8ZU zv+eWh$`7-t(w>LEAs2giOD?wJ`>&R)!Q*2OZ^_8iBBMiCDw=vug>eV|Rr0jsmO8Az zK~!ye<#xh87k0Z^Z%D(Eq)`(|+Cl-`~6U|M@D<12{94 zbj^vxLN)XglcrR$O}G8x_!OhSm@UmnNi>6u$H3B#an1K~C4F=3}7cisskfCuo-h31s+ zFqEejXGtQJlf*=y!I&oe(l4%MVR;}-WTnFR9}`n5Gjv@B$$4t3TVvrS1jrX{=ymyLv!bRa$nDdk=jwP1)1WRw16`e3rru0Ves*qV|)sjy|ab@Sd z!1%U|1ko~qheWl3@lpOoDxz|^eL;k5YUGmmG)GWiP9GaMalP%`m^H+C)Td$nwn82N_q^K%}CBDI)ijv1ePS{MfHaz$1BqZ)|@K? z(H4&c1>6likXR{A|7gnFW53)lSgS~KuK!>135_!sv8h=;rWol~#6?*okGVS0KOH#i ziz?!U%gW~sa?=$KGG{XibHYq5vL0@EQ?g@v^7hdFEnS^Q8B7v#!Levx&(d5)ilu6#2ifJxqhr%6MOC;4$fO9EqM-efl>aFjD=oBytj~}j!|Jkax zY3!`XQqVH00`N6PwI&#;WmFYUr!!NnoTo7n3scI}E}mYBcSk@ZT-rK}GfEOQ!*z=3 zIG;j6yxP{QC5czlfPC7pVjR|$s(L;D`?2qTQtGmO?oKV@9Y48+sVQ2#?w zwo;xS^*ONmobQ9$dEn&bm`x^BXzJm*LBZm;QrF77jrUsHU1)8VWc=o zO;e&XG&we@2BtIpzB+&RlIgu)%-VZE}z}U`ThfX2mRX<%74+Ph5mc&^tbl^+}&x&|NZQ~{>#^SEbT6D z1UAd+&{pyGx;Y*0uTJk)3BSD<{98nuRjX!fxD#A7d25tbJ>1-UmS-_h^i&C==(LtD zvjIr8`SN%&9>2yVnbTA?oUp~@X;=rZdZ;|fTzE2f9Xiwe0iEvp#!#mLa@9kN8``3{;+XmivB4 zPCXG}qxmx3das5Rk$5w3=E}7uO|uEmkDGtpoe>e&5`JqM$OMgFNWMj^O>uv9?2 zx39nR*6zKvyYH^|-`(xNTkOHsUAWV4@2P1YwrtG`j5WrqItgti%GXX2xRycv29;yl zsJdWWFts>Lh?KU{uJdH5ziK~BZ9uLw?%$x0%>y{*m|7L1J!YJrV{n7zFg+k}di2BD z%ahlTCAlk%mM{>c^X$jKQrH`pIN$?a#O?LKC4HSS;vXx-dDHV{XF_n7f zx&k_S4l$NcL&e~bT3H_p#g9i}5@bXY8bh9K>zx}GVJwQ9S9nHwu9gAWesy=1ert0J zJ0Tn>(5ylMPfgh&mXQP&u-iVlnc}A-oI>DHe9??}TE81O=o`k0)3Vi70wO z1qezcPq*r$Jf(V%D#8*8^i!5-niPYcqWTtZ2yUCvWNt17<+i3B+k@wS{NwHejBbng zd`?pp?Cm{&_Q$M zuo{gJcW#T^jPFLhQNtI@wT0SIGVg493D$#$zrb)G@>H<|c3Y|xeJ*lLKV;C?je4Ie zh4Aao!_TK@2WKz8fA{M2_19NdVfE$re|d3?9O&V-iy$@i-Hum-fM=c{ zAn^qiib-lJKb4l8ttMob*1oMs)yS_w)v&9Uic~EN*_9ppunIk9QZup&kl=y}W13|= zZR~RGSIb*_dD5=;v+g$GQ^lo1- zRM(7Wu3Pu6^{lVjT8(V$V-k=&W=ik+#*tQ9T(@7tCK|7<#k4U&{)XUNP2hFDQR@KZ z;_G;0HakRJU4`-@3jJeZ$n6V`p&~7)9lkmI^U0fo!ykV+{PE!U_~ol+ z+)8UppoOST!(M4xGMZjAtb1h3)D?Q+kqbRFVK84EqwjQy+0olm}S3Kg$5Y7(Y zHuhK)JXqD^O-W^2_v`OWVxmaQL=9f!t%=8{^jF)p>EDbAUi+?Q6?bf0_0?3t+yR;y zX~V5d!Y^(aD8duMv}lL zGuP}i>_tmmn+jf(H1Ets;<%cEb(d*qA-{E3>btsvz3s(o1Ji1mlBT=Y4Lna;FICq# zS>F`+<^yVUyxz?9dZlYk>3@yj@RC9wPAsBuLP`9SV2Zv;BWjB%Y|fnR3%oB~VpEUl zN9YFK>p`jbC;KnVf$DbsQPyb2a`Oh>ym}0FN3JF=wart?Ocg=Oxa-zvgXwES#Ms~e zf%1+w$Nwok#%)`(`_=(~>+=8XE$9F4-`9WsI!{sm?d}rl=*@G@NWRY-R-vvkxEofG z{k$@-rwb#Taeh7oJ(j@U02cvm_L|vwCmhoYD(XXMi7;u7Pq|IR$>)0L-UhlrMVl-1 z3Y?{iyZd!?g$6xgiGDWg2P<@gbv64Nw1ZWe!3wRQMQC5C4Ono7N(#=^jo>cJ`O9#Z z+bqFd=A8ApUMu^rn(a2}e`)&_f7Bg^YWvJm3Ai)Qq1$;4T|uJ4`#OTC*9K%KPD(kq>QmAeAmME^1w@ zxbLs0jat%O0tl%0$LWu6eu5VVX9wRMoW4B$(?5AS3}5~`d3o^S^~-P`-*F$S<-cdU zdrxZhe+Rq$o%{MPU*&mFabEk8CUZEP5urMr_uh*Sj~kq-{H;^`dkX@S9Xg|_6##k= zB|MLVlqhyVA=YvW8|R9~aQc^5UNXtfg9q?}NBNwlMkMQWzQcU!Oag(iU~~ffLZ4uI z34Ega5CmPyFn?X+I831cJ}+VvBVh9^p+z6gsVs!=xhP@~NdhdLa4|P+uvwPyh3?Gj zs0SI6B9N30JKw^8yJ@<-ybOyuNyu2@jKw^{+$!UQZgUaMsKmSjfj5)EB~!D&Gqudr zJo&cMIo3qU6;*)PpC#upEX}ZY!#;2UGd7)3VJ7vhpx8z-MJ2p21MYOb@#9qo;q%Tn z@b<4Db9D35V>Z63F%=08oTU>%q!M|gazWuS7K>mL6L<=vHjQ_*6~g-$SY`!14=-67 z^Gk`=cP;7wawV;JP@$JP<;o#JTCvk|bbt5ah&pYW$Q=tb!KPf>x@LixnaJ$6553RSr zxFLtz+e_7Od%qnE2 zOLL5iF=4t|bmcVD6`NSz2~QG!i2=}^Z$P7$XFwocq-1VW&&r6HLe5R@x@Hd(|3r9W zHFJCr$4ivvq!3X%ozZAyoXqudgBD&jJppgG7QU&*7d5QprQ!2!4FbD5G8?O)ZH6SD zakt}4{IZ<|HN!uJ5sOd~h0%Nw*dIp2I%*C`*#;Vkc|0}|dA6*#vY(eJ9=)+_0uPrk`JiGid1^cSg3F=HiPUM6FHK?}Sb!i=XO{4}GfD~(ZQQhIHWWJ!wrLsHi* z{gfpvVk$w8ZgRm{T!7#?dhi=OLo?qiY?>pdBjRL@2L1jIY@`9iOrC?0(=#gc)S+{E zG&6XS1+X*{xC^;}nA(5qt%lR9$#jGQ!b%i8d+$hpV^XPFoScakBD4n=uxWb11Wz?D z#Xtk81W%{Q!dnMi8I7qCAQnJsz|2^%N0P$n=?g^EyTu)qc@j*;jnRV2(e_A*oT7ui zkuCIovYcv;fjXVu)<9%ZT-UciXBu zN_dRN+tgpnO)OP8gxWMVOy8C{Wy>mV**fK;?a_oJl8&}8cSKqeD_4VLPSPBigv*ZM zWsGRVhW}7K|6gOpR&@Kt??rtcT*f zvH9w3A0x!?kvDkPhNsnh8%3!vpYo-+Xf&LLJs8>3g}26G$xSL-rf&!#0!Qn}QXhJX ze&u6x(yZ?c`@22BjzKqeDL7Z7t+3NU+Sj-Xu(;XMw&|J5O`aTqRK{OjyPBE|O3lA2 zg_O)1Yue@bT<)qtv8wE;eG$``2bc)@C?d-w?5vh3Ln`ACQ5Ru@VF7}t8Y)1sm zs4c+E&eZ$qMo^2RXOiL?Q!7kqN(GC2;VQ6Q=mifZETN{07PRoN-2fjbQkX!I!UQN4 zj0Q6cq09&oI#dCOk?~bM%~r= zqK0rb%Vp10T-3aXB$s3%Q5T3&B^sG)kCFbTz0N59eNGpnPUlVP)%BW@H11UhKS`vP zRLl`Bk*E-JmQcL*Tk6rdOO=0MpSn@?`ef-hgWGot(5mBwG50ht$fc&7DV;E7$Z2sS zDj^A zyHoe;>Dj@_nf~kGhnJnUY4ZUMwg(QRU2Oe$O$PHeIDw0m$RdpC2ygfKPI@9ZWaCrFg^b}sd zdGYcT7x?hi!O?4Y`{vcr;omB&Z(eNloSwZoIru??IyFEKPTw4Z-89)n6g++M{MmCl zo&=NKNk142=<|S#_r}4Ko&KOtp3{DRcTZ2D*8A;Z{q)A~;RV$*?)~r`&(j$HWl!0* zb!QA#Y*ML68WRyO4Pb8|EuMdTvNwM6d*V6R5YPCJJN@`~#B*mIp3WTkE}IHc*c&X3 z)Nh=5)|Q)vT`g-GwlTpbuSlLoGaz`$%LNe&Q;7(Cw>@x686*+Is*el(g=ZKV z--Am`{@w(Mir)N%r_#PZ8cT(8NdsfMwbNEwQt%W_d+c~iOKf{~=WVGF$7y*(z9MM3dOQnmd6v*ELJ8u)i|Tlzes-dY#Tr53Y;@gm?U z4dJyZ;$72aP%<_tKZqlMC;(UFV@r{Lduh0Qdq+~Sd%UJQw~>w;;O*W7n-O3l9 zv}|4Z4zwOum9^7X-wFEsaQId7G$U%Z|LC&~3_^d<_uqWD z`W#j=&|ZD+{;axJpF^3^C@eh_-}gTl-$30U?Or`9x7ey3(Rk>G7d!oM5bmyA`x||^ zbK@^}*MErvKA|$7Q%Jd(lf?Pe@KlEICXHx8RwF*2aG^{}Gv|vU6&W*3LZP`tMg?9~ z>CfzyWg*8%O!B0mJ&J*T%4nolQ>wsHvmQ)Xin_SZH~yiezk>6fyu1+){*%Wvm!xTF zavW;*hH`bM^CCAE6vIHNE9j3-@nEh9^>0;a9GAgecJxZ#So#eWSDYS?_q`wBRUVzQ zWMNa1p*z+k!7JmK15+*|8<0pDyA}dMj|%InP~N253O8B|SnB7UG@WbFl?YU4@Uj3e zQY`aD+n({C@F$91FrLd|u7;h?59YEP=OO6tSXKFC9 zm$cypNo2T~C#{@6_yp~RwBYB?7g&4*0RiF=x~3()GN_h>s4alc_tIDuo>%VThGr3; zXFSE|h$XL&w+V@8eFk}2+Pm!e_I-jL+l@JDx6WDZ2EA1Hq%fCkHJx*_v9YsOdi-GjUirv~#B?8TvQ77YrGiZs z=J=)@m1!m|(AX9BO^cI5q^0m79N?N(aZVB#7iO&63 zf+v)yT$A82RhL>SE-0E-@^DU(Pos0H^;GQ@hW__UV+;GG8yHu<3*w5g+Arj`1!258 z8u1S-{#(W)?$CGJ=yc91E?!1XNSIXCwC)<~pFRICyPGOrd4=n)xr%Z3fX?~Ln~icZ zR{4-kSVF^2=L@_oTuatGU*H9mkzhtuzR9B@7_>M4r1J#=_pFB>1RFPA4dHqijw%VJ zMyuc-7J8st!WYM<5Sz?Y8(}!A-0H6Atcqcg5^wbvUzRVM^jGMfE;m6?WBC5V252>6 zXdMMt!#~vmah1wFlE6~yO$a6--bxI2_Wp1!6g>*V-yt3)koQhEDc-pR{O9e8)6my zYx1e|d?Xo(&~ZuYCv=`+7{|IXj{4U_u!f<_vDgY9l+1cBT(5hni zy#M@K1P1}I4o~qhtVbTV@591~X^i}ak6foaJsk};gjL70#88px2CH1fP?62{pNF9} z6K*_>9)@MO^(J$uTSI1|v#*8W(d3w`w}MKVuG{x@488OWt+LI?Wm*{ZV3bQLY+Of% zaRz>Z2gU6m1iK)L+ByFMqt912ILnO{7#cD3wfLeYa+=S_n@eAtuWt*6)iTO;$>ANo z1?j3RBUSXUUU#JR9CpxK{{ETuri6ysDkQl)Mx!PfE)uaFN7hBUo^3nDgC z@9rE!KT%yB)E77?F_h!ASDSMl#LD7@9hQBMbj0Q&kY_1(~j{hwB#%^Sr(`+E!0)`J~`M zahG>ZQUj5aP19DD^iK9+y?orrhyVU<{q=|UPd;oe;@ni%YpG4waF%fnwUlj`iET__ zyx17STl19S`nLhj7dUa@%tbYHj5RYM${Wn&jaPY1HlXq>Z=x@s8fa}4`$qcmDhz#- z>;@R3dfJZW7Z_>q*QYjXDkwE$h)se@ZjH6`c!zUXVAwu~tr)JDM>~gs1Hb8QMHR!D zQdzSVXN6T{)#j^Wcq6Mw1BQ(^0&N(s*?d(DHTaujXyOokR$PPs*2FtnQ~)ddUg!A& zBYUlN^maoun=ot@vs+~Btcvy;3~wf5S21iAvscO3o1uAIiXAf<@e3*zEz{UChs9^> zr}4IPSYp^bjjQHxGc<25+f>ULv}^PSW66_TQOrmQJjIkv=+>{epzE)EZZ6xb&X-7!&U8N%G=rpYjOQzvI5*4h9(n=2Y(4A%>R6i?ut|@cZFdkQA!hrCauYJFudDU zt{v%?vs_0T6X&;Lc&n4LDyREs%~{?I&6{GVHMErmn*x609AZf7|M9VJv}uK~o*rs& zo<+9AaFxMkHHKy1raNZH=yc zYYbPZp;ZiQ!76c|($eTCgP5E*IhAn!E^I2-d$chsy zySpLRYsyj74F5ZHXDAZinba>bqA3xK_ke}9ghfP9C=xv1a+RACg4eZxqlv}J@4Dww zYM{=i&x@a22eaFFb68J}vku=HhGn^;=DX1iF+|6|3Tn+5u5wIi!O%-k(um=kVrkKH zSPQFIjNZ#lvbwultTNKXH4YD7;K=w6m?JSk&ugTMo6(wfKZoG_xeP2UOmQ??iD9e5 zLxCZg-Vn<#FzSa-Zbof93|k!@G*4+qCfdLU;--EMH4IxF9)3SRhsIhTjaHGD_zsT! z59*$Mk6P~?Z+=p$7_xLKs5ExO`W*f=V~QqBs%qj;Q=18~sziG`cEw zL6b!f2>k8f^(%DzH{lsJ|F=GHxm0{^g9!?W&ci1nDU3a4dO6cjST!dv#weJ;44XV) zlRUe@ME~W*Cali9`z?I)%^AzS`DR#TdCFyV9^ZSws!!D*S^SG#CYuB>hy}Z#LfQx) zIFMd`h#p+hM@eGR+hd05GM9zf#nod|WHTxAC}as)fDLXmwbm677&Fzw)XB!v_OZ>P zoKhOwNfb20fV{TQIyb#VK4=$VXUvi_x zq%h#9@N?3;be^dmD6xP{SWj-6VuBDY(EjgA^oMw(_3ctok^c%Bp8x86F(mbcEt%j5 zY-?*Ty6zXOVoZ=>WYb?FqKNN~tbdjZspz~$yjx&D-UY!g<<>REczE*i;Ou2FN*I&$ z{7;?Quh)lncJSRR11z-an}o+KhNI)N&fAlt*9RwmgFnCgTMx!0!LalfFAtAiAH3Qs z`bG%X==kXP^ySH!?%++W-@hKbdiV0Q^LVhc`=kehe!t%j_xf9Z>ex>P*Vz&;U%fm$ zgKyyblQ*xc{S^D-zp8tK#hOFAaeirTrE!BV4!P!5j|X~nud}#6f4tTKR8-7aYLXZg z=g+3Cz~k4gf7Nwyt@mk{{@v3qp&Vlow$<-D-_eL*-qqY}J}vD5OQR%@sRTi%c|u%k zh-Nf8Zwx%O(KuB0K(cw3v}DK3cq~UYAu>nF$0oxVnOrj?hl+!);^V^LU3izv>rf8aFKB{s(WZ9(Db=V{V1x(75o4E3=^&o76y6=# zNj->MD3brO+B@#9rnqg~dew9vF-H#TWJP3=xl3TQH21DQEk9~0E|_p}NlXS-Ox%FN ziAg3rC(#Tikz=M$yOJ1({@4ggxMuBH2$rNI3ua+AP-D2hk5zj@g6I9`eM6+Q$S!9* zPi!FmSQCwedK#BM&wAV!Od2BUDykHToQE3h_P0e2;Y&J(v1Y-=k@%jlgkNas{b&Lt zT~sF5cnrhD1dubOm#0X&1ZXZP5?bbp>yz zdKQ?{M3YL4kcT`g6WC&OKgz$(%&EISXJ*UjAvGP@)wvZkF=)%kvo6a}kU+zgS3};2 z-iBEtx|^i1YD-+TamuQ;L{MIarM*=tr8fH>M{+R1MK&7ps@z@wmUB7S==+_1Yx=C~ zErvTr$lhFTCWU0p9?gQ3x~wi4j~_`$__Xl|>EG8Mp3eI)3_o;^22Th5o#!z4<8XIp z*#BerZ0|{b=P3;Ec7=*m^qdke+V_&z4+?<0lp$dAdelNnQp{`dCwDj|Gu!@>NIl!=y+_igli2e*LTPo?M` z6GgW5s}5dFyzhS)+WNHn)kYm7#Ty7EU&#b51KIUzcPuVPFNOf0H(A50j{XkY>$74P zv`Cm$u?Ay>EV_Z2xL26w-V;~p4IO2Ze2NT=sIp9;tTVtWXf0{3&cjILx!lHeXPBYD z&cSv}ql5?=SOfxN`F}8`6E0}5;CV2nQ0MW_5YrF z<)AR7zsdy`6{?PEyeJD$X}Q*>GI>GM#R$s6tEFQ{2*+H}p<&-B4p1#3M$}zs=q31t zB*`yD@hlCv0M$f)EOc7d5-+Tt-IS_OpTc_Pr^;OJfBv~^&EY?Hhx!l66GZpt?(pZX zH>jVxS67y!6uF5qK_e#J0D4U;P`wSn3zJpGcyt>H;jEY=ETM=g3(TzG&YKez8R4|B zK;wsan{KFOEwPcyuM`n2DRnybA5Qoj(<1Adrm?u7enQic(_%v~3|&yk{$AWZ7s_E# zzJlkmUpmWWrv2g1FSRK7^3SJRJ+u&3YrZ*ES(&YgPC>uXt6eK?qGC{Qi^- z;)8-rP&&uh-0cVMNA#uq2d)wA9~P2jfuJOw)4Qz!y}JH$e=yj6R;&N~r2q8Eef{UJ z@l@+S+d8AQi#Y->T52{M!YJ}og1dRuG|{h3OQ_*8(imz?HKTy1U<2dJgtO?_tp58zsTu{X zmLTK;@7`>|)48TC7ZiwyW=zpY<$@%b8gWMQB!p9AD>PiKAh|Vzvc}d&N0DM?PiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKBva~n6Zc>bPG(M$QaYy0OJQn$k@*Onq_6V=+1N|gOx%9V1! znI?${GnfDv%1oZ$XMY7?ZVnHL6di97f9Sx`-MIQd_W-`6?mga-fs9!)q*42HM1=At zBxK*MD|I@Z&e6ev`Q7Ps>c4k8o!#$t4?0H&$47g|`}^N@b`K5?JKsTPZ4}H&iBv>< z*I5}?y>s74B2mN@QItor>j3yf5ypp}Pn2TlQQr1ZC_11RbRi}}MJO7p31mnlx)BMn z3-wjykeGfzAt{f#Fy3=W9OwUbyd&?x2~hfi#>!;&~=`UOCj)bY>NGrkB>%LzdTTGd|>A91Wcr z<05$?e3V_sT>@)c3B>l;3|KobgVG)$3)@p*)g;C)kT_=4H z;$i|c0>Qaq#+rA6Wu9<9LV*xWA`(&`#+)S~N+1Fu7JN)K`@z6T%dfMnYobP7Xlayb zla|J&`K3mn*>xc37=^O~5OIYdb&)B*r;I@#A(0pu!V5&g)Np)B&rIt}UEkvI47;Yh zRg|W}2)gk1sXS;IMro+J2(_Szi5f|V>c5T9+<}(;$76Ji5lZRCg7?vtG(ew-76dq; z5lYh=KNno4Q9-;ZloT=`V1Pgh#DToP+O0Sr$QuA ziufZGhCK0b`m**V%Cf9kMCsYh>U78ZUdQXW!r!gZRhqoVl2)Gog1S=fJOWGA^tc_> z$4%gnN+rmW)X8b`atM$?aG=PXM_a@LbnQNH^9GvA{b?#C{bSuDm;#+gVOpg-?s$h8 zO({vfq?YuYlp?1_27Xp3BEkwfXf)IcXV##=o$lhYR#vKaONL!|S>Mc#Gi1C^*tKD6 zx16C!bzk`Vj1mXHg*%*d!OVf+486Ogk0L^aQWFqrJyMSn0FQMuF1m33nMx&1CJqMZ zt1evfoXOZG)5+2lGA^)Ex|D`{|ka)jI9<3~67Rdjjqy4>_ z{6E?~-rvgqO{71~5^X)R^WEw~OWPscc3aQ9o2~*bhHd-jPV1Fzpe+ntoA-Z1UuC(m z&^tg;l&vmU&?bM*a<5dZfF?qaNeVeHEZK>=&S~$$Sb`Qf_&khxqzy$?!cYT26^7Gj zXZNa7V@3}vb?k|@9pl+)aD)IDyHB3h<*DyCkZlNkame5-=+%&DXWcW~Wn~d8H zk==y)q2y27m>VK~8u3F(uN$BnBD{|F;bfO>(v1;aMmm?|CD>}CIk&n(e8~gcs=})S z|0+_~u|L0T$T2fz|0@h*Mik2S<<;$Z&r_e(syG(d|DA)QY5V`^U~B(xBHfNibO#fj z7*(A{QW3^zG=x9@1kc6-n4|MAUp&Y8nI{5LPcKku%&NfDys??3y0;t{5)nbj1p?{w zM43azwD~JgV$yXSfM+m57J^hnC9(-vQD=zCSQAZ^oU6fr`jjx^>NS?0Wvvi!KM66i zUT*M71bu`7Poe-uC`$g`fcr9Y4zx)eV-(QO=A6+r=fl>w`n6|ly=l(=FAi-aiZO~u z`vm9j|J~!mz5VL`-`nl%Z~cE8NtM8iUFVKQK^J-`#?;3X-{(oBtf%WbVXTL~KxLv8 zY&=85Ms$6FfpkJtBp`}(9hg@)Ut(!B856&uuE{pL+;v@N2Yi-Dg#rX;XtFHbr#AaW z=axGr`o#B0qDEZMKMWi2?p~X-`|<9>DHRE`em@sTOn($SiDef)wpza!*)1>&>VS`} zSd$!`^IHV2oN$0HzV_L&!M9L+{dC9)u*qm6^AkLYxwe-iARNDt@?a4|2 z7n5wK+8(fkO=GsgB6|e(8LRDK>zD^mIAG}<(`djSjfKP%KP!whtCRC^B~tM)%QBu= zYK_7g;$j_7%~QdPQtHx)YwCPNVmacZZB?)ME2G|FjJY-wECM9&$KY{2zg;viul(FCHE;1t8&ODpwIRmPjdv3%6fE;kr5 zMqh)J$V|js*9>E*SIk?|M<%=JaSw^(B~VH`cbCf%D9{A`$}a3W0GTzHl2GcePOL)B zvh)CC9W;MeR@Rb4>Xe_ImI%n~igLVI>7dLQA_ly`-xDe@Fm8@&M4IqPdSL6d!24js zS!$tg+4=34@-du5KM_<-PBo+bth$vGx>(RLWjMs33rZwdDkNektCd}7x#q}#1c5*) z-#mMMa&~re-s`<+O;;ShIV|U5G_FIlgOY-%9VME0oh~F1{oHN0+i5tKC%J!Ds%cr_ zJ3U2Hv|8x80V+43qJ|*Ujck;rhTJ$;B`3rZ)721TRu4>@p1KA!U?-46S;WyEIi%8H_x7*_AWl1-CTS) zzxi}|^6q>IW|!t-6vUiHDur==d3Jquae3PWz}QQ{n`h7e{r-pZPnTC`=QDAoaWZa9 z)F`9w=gX6K7pI@DPi}u|YT`>8@<8|Hzdz~v@2<|OpkpqkS4PgfuDMWM`2O|xuWO6L zu7D8|rbd6%%3{G4_c`mr?df%?EOSd=n@H|TqXD5T5qLWiC`X(HT{x_ikCcjk#M+7i z6F}63_6#x%?M-FIP$cXO8JYCZ=TV@wi%zAEq9O7`<;DBe#f*aTATQioW*e6m!lU+b z6;x?mHbbj0JrlbXpm8JEh%hkmXpnEI>X!vyzAQrg;rym|adr7P-09a_P3W`F6lPFR zEaPU(Q)*d52TFV9apa$+0c#%&cZE}JPidM>U|i9srntHJ{W?4U;r)-zG_?kVNvv;i z+qlX)n%e(M@UXsn00tCUkeWG-WtRPG_1M#VN-vEih0820%ci-ar`mW-M4Qom`!4Bg zW3?UgKsHJ$!DBKc_JhkGsQtQ!@`$iT+@_7;(GSIM+)C>pA%(Og{=%{4YLllCqOPM0 z7k~_K+}J$8v1vIa>8qasJ@pD`Qrfaj_%{2N$Ow^HT3cfP)CRO`D{NdXdEPvG{?qx% z+uNT$U0>bYKE0w>Kq;Y}!AZ0{&j|YSPZ#c~8WoIqc4&JsgryLiqAMDd;y;s+fd~Hs z5sd7PzLTa}7j12zL_?oP~A={-H7d1E@^D&Ak2qn%(J) z%s&?Zk4$^7);5te8bVuzv93;-H`X zMe$$z`-k=TujAd_ZT!b3Qu$cC>QQOu;UK5I3#-UCADFLXHDyQ1_Jrvs1(hFp#5}l& z2K*{AI#Zr)<=|U7K!4&he8+=KD7tW+M;?4zJMrtJIs4xP3#=CTWz&NAul@bKPHq1m zA0BV-|Jg|Ty76Cni9ICp>&e5s3_)uR@M>}%FK{_OGQ>(gDzIy%7^ub3YmW>cTRu?f z$)bl=AID9_tZkxm8x3YKyKv<&hLpKHaR5V#Wtq^0VhGO&hCEs=Ea3sXbM=6P6xo`> z3G$hFOdvtt7>xOLiRzwxC3&#(Z|_^ z%u>3O-HPMJs3S`_$nvpotwCqpc+A?`xN>>y8llYeicP~>k;6^7U>mPd*g9Xg&ez36 zJP7yJ`MPz!{->oW|Bp997SdtF1+ELnBLDB<-ckMj@1w2%XESL>n~w@bBtdbo^R5|I z1pS1vK(nEk_;*Hkb9Uf%L?y^1HU}^uN5~iq8SmS}L>diWL4FybxvsFtCsE++K!ny_ zg6FZo0sV}DmF0hX;lWkJCcq=pQj?_lBrqDG=XhtmPd&v2Iy-R6!;nYt;j{+<71HsB zRJF}dOTOdv{}65SGs_qa+xkcLuN+710#Kj$cS&q7PIO*+@;-K6dVO-|y!2EUJ1_s& z*?|v4P@YJ*I6Ie)7YqIy`pWTWfTV5f3I3bojit{6Y=1*sXlnnzy*fR4>xID@aV*&X zyZfEG|9AhmvyK1QNZNs`F^Vz8d&j)Ga+<%oVy@A#OQUpeDg^msERM4S?VHa<$3K4wjQVV5v`8Y zE!Xy4nn%*ySEi#@%NuaU_`PPtJ`Y39MKvr#WYKVCG961GypM;11Zc>zf5JfUF#7^Q zLLUcOM3`4-I4xb=O3nsCHW2 zlOtUdoLeoF@_~|&$b>NOYww?LJx%fdoAZ;icjs#r01Np4-tOT+UH|LsZts8FNc#A< zk8i1uk;Gq~XZN7daOlYqMHU#heV+tFY^Sx{lbHA;{C|6$J+I^TS%RJ%4__3Gd5n>b zJTTYBGuuqIZ98|*>%4G2{_W$5P;@|i1wXz2VJ7CxA^Fclus2y9lD14A+p^RNjJc%R zGAx;_C8}zTGL^P1kqCeEPu;x45?^TLuy>I?8kPn>I!5^|Fc|~ZKC4lxoQf?H1?H+c zJ^-quRi;g5fHB&$CZ9(GI!x?YhE+ec4sID@Nj7;#a9j&?&2g-x3LO{zoioh*@(Di3 zIqt5v``VyO;#c~g@6&%kpq3(tn zyboa_74$LV#%Oz%^#=p6SA(*N<61Q$y^uT>=$2~fMyA+jR1ZiMoIUA5U6Dq4AI&2n z#2=OWZ@g4`jEaZiw8${li4~N3(trd(Nfa)Ayv>=f2vm=VA0mBStE&`soLoCF>XZu~ zZBKwiaQ>NuF~jm>ZpE^m^HyA+@qYR=iMiOYooLuz7`!l;PJ)11?F`P!_akcL%iW|{ zP_fj#i7%FTjAWZOo~GnKiDOqF2|`?(4zS4nJD!sNhn?f?{f`?-JNbK>`8Ibx>a2gr zVuPo9`vt^AXa>zH@4f}dw3xDza72eAlnP=L11>@mr52qo3%OM04BVxWxv*?(p5nY? zoCNX}I5EFRp)Cc;Sz?_yiknx^7>2U+a_5Lhh)|1Ji5R6OiT9Tm(1iqbT)0W1NcXiO zvAFTh9I0DXs;sbDLjjM+2;P_k{yGA!>q?dP||1Eg{Ckv<8=${d!h9=JHf=9XPWoxTjZqqhx(>6UY{a*k80RR6a KoNe3yf&c*JCr|kR diff --git a/assets/csi-wekafs/csi-wekafsplugin-0.6.400.tgz b/assets/csi-wekafs/csi-wekafsplugin-0.6.400.tgz deleted file mode 100755 index 18ad93426529bcb2902258aef3fcaf7b50e515fa..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 4769 zcmV;S5?<{eiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PHa(LwR3pmuEe-S?l)amBr5tdk zNg~1wCIE&q(Ff2yfG??ghqq)PW0nkQ)IJ#zp}YwR z*>~$oold87bZ}sPcRHQ=@6OAkm*4FkbUFw7d!5eS!FQeAgM)+p@1V0b3g)ClDk8q? ztcQun^M54{3Gh$po`Z7YG;9-HB62WCjxBV=KF3apyM*aZ^DjQVD3opEKbI~^yV|0(_-6PBP{ zs{mNQ|9da@r}+P6r?ch%O{5(-#Q{l}0z2`BUFwU%bDSLrs6bzFF##HZ;M_2y<{q%@ z19u}72*D&GA@yO*SrVcIA`oK1$5bys44kz5D$BYeYSe|6MwvEgX>6KfGy=`AfuLg) z&JIAt6@t`7ru>dF27QD?Vqgd_5D8Pm@g+SqtuJ(ai^nqzOL?m(O@$G3;U80Z&@xP8 zs5%d|poxhZNr&pcjnLeImi@BfTh(UmknpNJL&IG_$t+-t^MWl`-EK?v3A25iq!Ujf6ORx09?4m zNf*o<2+q*EP5LMzR46q8p|&LSC;{+TH{+rUXP>B4(q!UbfWGR&1@HMI3=)Qpqvt_z z#!xhn@_ZI4jwaz=4HnA(S^8i4BMgc6hvd=9I%a|XKRVjqtLguv-GhUz{@+CUY?f&2 ziJk9O7h2j9?Y7%`=G}A^a4~G#KX+O$Yy)j$>e{^j2l^_@jfLg_MNzi8U_qPwIm^9L zu>zV1K_)5Wys)%S&~;9F=Vm8hfrHP(m`8e}ph_5OAgID{8tv>}Rcg%WVWo~`_?hJu zOi~FN4O@*Bzf9vdZEtb%c)&9ewgwDSxz(KFzY;C2ip4g2aioanua3(x3PA(Rtx3IH ztbSqxG?}<7_T*aI+uH8by{MbmPX#if=omrq(tg$$>Cc);oS`sQW5%Bi z&@$^8olY3b_To8zZkh6%VoGbs&0ZaiQ?qDVTD4un?75rEDtWEiYSdh(8RC@tx4EIo z2lc&5VG>UdSi^L*atm`q&T}C>W$OPbpM zD-2^s6w3C+<;_{oQ=inTI2QT;4vwbx|NDpA{r@J?&4@&|FyV z>kBqV=U={fj`J%|1f-rmpweus0#ozaW|r#Sa9~J81R)m)q|Xy&4jI$tFF=V&*Kq)z zzzA6gQW2HNCSXOKAu6+*XsYB~4hGbxgc)a_+38u)3IX?%5F_j51fN9EM;P!V3Sfky zVds4VSyF>+FEf5~)yt;0#TcrTfHYU+dg*$3&m_9!b=Q3;LH4 z1K#Z`b9O)8y+5TQVb<^G0*UF*f+w-;!iQGtH>0}+W^R4>(26w)QemVr=ccVRM$tDF zhNxOE^zKKR-*-g$BmIXjkSNrD1<26;mBc}s7n^FoJ&XpQ5gIN{$Xb!Mt(33hUIK@- zK_2P6HDOF^_>4%o$`V!CHH=62QeI+o`q(EMe1_t+2=* zfPKblyWcwI!6Ob>I>$5`@CRcdF~v^`BQ5IWJY0!XJj}9;CzjexVGVJyj;H3SkVPqV z>BKd4J|eLkapf&Laan^E8TjFNd8C@wY%v^*S8p*sv)A#e^evR3iwS;AG9SS6O}g$8 z2%9l*tI^kBkU*bC0gZ;uhRIK9;p5pSGBHOssfp5P(dhwL(kffdF4O(K#(_pTZHg_8 zE1T#!Ba#ico=Y4g3?!OBv=W?R*n4TE9;(WClQ@MH$Cnlal8adY3J@@IRXWmuus{AT?ZiB&7~xi`l}PGP_ryO09gmk-<6fMB#}Dh zXQw3svVBE4UaWLbW;P-Qyud#bDljl^j%q}j@JV`L>$SjpZ^Kz?p>Nsw?U(W~oJ2nn zR83B_p#7w}l@q#H&@p8=#GngGBv>jWVkoPXU1+)H$bbZaKq+58d3t<$dVSXGJ!?%@ z9KSv+=VCOjL$iaDf~XxOns}WqBoY18ZMWNLIF={5e_N_)Md4dLMN_m|=(+(aH=v@1 zAk>X)l%|H7fFrn5Ek27rx>zU%KNt z{@b^W)Or&Z7~7t<>v7hYFfs4o2Y>c>~L#bH;#2nkc8ziMT%;EMa4 zb>ZgZs#KP_rLRmRccsyQP?iY183~jl&Vnu+R?0_8#XnOy-48HV=YT9^w8%~pskBerH-N@@&pey0h2_L;&A3W{aijCsl|Yv@3UXC6lW zX&SKh-bhzC(fcV)vk8nV`qUIRH@{z}XFt9BxtXTcfG~-57PpP7qNAz(zXT8K+ygM6 z$bxj6(^zK3zc!COEvNL-SW>ynva)QNt9q)9$3(Ol?YD1}zTT|1V;;yxO(l3thQxkw z_Y<{W_fQ@Y)`;7*F*5qT_>Eg>9VDcXmc(B;wp_jCX@scj=)wgc0~|Lt4{&T+PHFn; zXF!j=0-B7rj0xXl-x3)mGRtaf41n5zb#0Z6t2NK-Cr^JlJAQNX%g3wB>zl_n^a>~? zv@;}$*5?^PpFg{BN7bkh#Ir-&iyml>gU2>1%Z9e z)x6=V3G()XmQACiUoc;FvA<|;GIj8^UHbP*bK*bj)@}`7f-j2y+TTB{$A29i?QP>f zHj&E5;#H4II}Zmr>783czWKm>rCn2Ylx$C!u2WF?kw?sf^Ju^?BV#k=*;Ws}p#$_M zKEt;>$dsZBS9#>Yx5bHHC(Yr16D+V=xO?{6~7>n$O|x>zmtp;kI75VmSW>uCq0{|GtvD=bQ1O&GrtKWG!qRSgVq- zbzp5BSe0SktOILmmTe4J`W60?^O4;XrzJz}KD(vD_@=)4-@q)Toa|N{H^v-U!a)Gh$^iGQ2K_Toh6xhL;p=egG>x6X43Ff= zf1s}%j|NEEww~aBINn(LJizuhB!#B<|IOve@f$A;)`(*P|L^X1>i*yTqr+|d$41f) zT#iwUDc(8e)s2(<)eUovj$In1ds89EALDSG9e5|n5S^VJIJY+kWq0+111?;~_ArD^ zAmjlZOrZ3*gsEW-1|ar=R_m|OxEt|7e*#p>#NG%FzyJQb{-q5%Uoo&Q$HE;l{n|#> z#?6T>9vA4AAeyU&(wmT`pn&VnMgea0dMeLrXR!4+y^Cmdq;9z0-=%pZ&3$1yYOTBh zXN=!zLG1G|)KXN#GDH>)S0>Z31j4&`C`f>YEc+)61P`+>5G3?*pjCuReT*dj_B6W(jfO){ zjwrIgxb6ES7-BoEemDBhm}WV}Wj|mTqKh@x&OvXrN^jvC`_vi zvpcbhQcoI?ASkKA#m{#+^9_OO5%GPruWN0UqK=bW2gaOo;e+i7kOoeX@pC&OE8@3Y-+Y5td2Gem6P-~sRY59IcjeNPA6bmYrx;OFJ5|5E=)5g=3 z{wHzl3M4^@YqJ3s?f+g*>Hovd;r9N=jijCYJ;j{Ooew(e2U#$9%G=K%CPE8nR(ba= zK&I7{)r2ED9HCSYqZn`zk|^EL>9UYZWzN7|8kq~r#^y1`TgFKsUw{+yI~01SAUR8{ z6Gw6L3L3*umfmh05eX4$H7gOLbW7s>?G<#PK^+&alPJ=Ct!Qj6K<|Ep2ggi}crqLT zXF>4+xU`$G8G8GLrfE{w+#A%v-?|Fkmi2};9z>w5xp;rCy=_4B{O zgWc`>UmHpJblWiNF%gvX8Fry5jLdl50{dQQ{mo7=G3VLmTjufwlV^g0yCz7@zAc(N vA@BK+k%2a}G1l2rLp@ZAMnl=!+Lqh2P203h_e}pE009601o97=0Du4hO-4#o diff --git a/assets/datadog/datadog-2.4.200+up2.4.2.tgz b/assets/datadog/datadog-2.4.200+up2.4.2.tgz deleted file mode 100644 index 7def37a523e42e23ddb16f6a17970ed994c5c7c6..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 47672 zcmV)MK)AmjiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0POwycH6eLD2%Va^%U50yOVTVlJDu#X?u<;tEqo+Y#qz#+8u4T z0+En}nj%;Lw5^rqH_mH(FYrCsd6IA7MiL}QQNG1pTO6Z}MFJBOz{JGF#Ju>BL!Zn# z{W+w(y@ZS4Zx8!ZEb`}=>}+1)$ZJ^CBi zd3aQcPs})^f7`itTlvoYMIIQ2ghP%=$hr*xJjh`{W^E609-uZR9S>2Crx^KN5JAdA zM4iPb3J_$d6~YDT0!>v77~!7~WtfCraJ}1rQIz~_zHT;r#5{^4E?*q0I-oa0A#coy zfHUVjV%<*X=H{lYVb1?(dt}kTo~UEK>u;?9U!yi&%OjvUamYIiae)Whf?_N>SMdbV5OKsZwP%>m zJis9gWMyN5^nd%5+$ zzjL@*|4;I4ZGmGng>k@vA^|WZG`AMFw!jFXJ_DcTpISDG#(Qh>wfb{pK_&?h&nvDL^n*9A@a zz1e8!IS@=fMGZ#yEm}H}lEoBSn28Bqk~l*c!xM0YmSBRWgsMT3v;t@xvbL&B(X@Ln zW(UAl185w(;G5&#W$*a>&A2x_8NVI;{9VJ*mBB4$0@?_96mjR|%1ZAU0!Wtyy70{$ zdvm}zp@=0N#3ADd`hvhbil8hHL5OYu36bvT$rLcex7A2VY!F8jaCn6nh$!-qk3tUt za*ZfxDny%Yt9v%yl8EyC9ghb6i@{}~+fi-??T(&I#l!(f5r~;6-~}<`h|1Y&t8I=A zDY?czqHPqyNq~ItE#Ndp+p_8+W?b}7!Gj42z$gl^r`Eq1DM7GQ3>EY|#8Q&cZKVB; zZ113uaMpYMsAPNL@wGHVaMw3<7ckm`5T}bxs&(0ERy3>vH`$@~#*_kl{cN z)a6|7HF7~rkO3{KnO8pHErtY=Tn_vd3K_VWBZ>f2KjoB(%8@|hUnMS}2_15J|D3L(vpbu@F0Am^#8BklP001~?XSQOJ1&iVrNex|A0v)`UZ5Vze z{+2zmk1JM(e19C%U}cv|H}g#Q#9Aup9z#?xOlL2*CAA8+tGKReUxCGH4-1i?xkS>) zcO3#RW}Ga*`-@XOW=1GuiaUyd*V2aQ6b_LOa0r^>L&Cn*P{;u*?XEp|0hyf&PE{>N z1!Oi8->wmz5Qh13TZnMj7atU-lgmag1x}%dwt_+(uL^qY;N3y;EEAK=1Y~Fd-yBFf1T`GSz~B5<=BD3NS4u z;I#DKo{>>qvR~$?nvwbi+8tC7 zWVdpxe~KWFDH0rNLNs62K-B?TZ5ZOU57B~ziHKzNz4ZJ8V@`a`JRw6YI~uYl+wLeh zy=)0^jUjj&PY@U(dW}7??LW3Ut8~1}ryrA@R|v z5Cm9{UBa0dz5uILeT9}?dGgSt&I;SEmL&lM3mD1Wl}sh#YTCgW@exqa#i}(dLbPL+ zV7~oS+5m#Xw^Jf&W6}}w91K0wQZfX*VJ+*Gu4z|Na)@|07Juq8-@JYQ{ovwka5)%_ z&(4nrvgVXOaXOGL?8;7JC5&zM~t9qz%EoVjwMv?9yj3WI`E9tuO2tU@p9DT3f z?OsZRkI?rF^!xy%{V$-983YU$ZMcB{Bq6+Ea`9y*9>Yb+-1pAT&M$kHC+BCQ)uX^g zubtgS0a{2#k?;4ZE-I^vt&4N$&Bb3xu64!rw#BcIOE$ywqL&N;cq9mrCq&H2Qf-&& zI47a&CK7cFfD;mP(U#bMDmjxb)6s*=^SNt@)DyZlg4mp}3S|Un)y}Ng4>RGBLCEFyeNoZ|T z@{9;k?wypS#NH&a_5v)bU?#;Od5}|bAQOj`_s7F54EcZYTceP}olrc(;W6S!9yu(@ zAVb30ty5J2eo|*jXnM{xWM?W>%%3mB77`(vow+!~w_`@UE5tinQi0J@4Yra7TT?7YBPLxtRnh zmV#N7HrGj(v^X*eAWR=`Bn)^BaiCULD2~cXL1F5cs{iO+oSmG#$ua~!hg@qjl(tW9 z4&u-qQ9)n95==2gH!u)#KjCvkZ?F^rlrBiKL@C&c6No;^dmf6!ZX;PG43}!cl;ljr zXoP~B%i+RIer($mYbKz4?a2}+$CWd5p|x0&(~FavnXMNLh`Qo5&m!odHnQ*CNuaYGgxGC@A1l$mM)t2`i54T`-=Sq4XlJJyxFu0^}I>nxI2(o*J0%EfwqoiL5 zQb0nO5JI$`InhEZ5KRExf3BKpI~kPgW>NHtwtQb5eYQ||jVTF*bkn+q6bl?!rq8)9 zIZqi{h#6dK5vg9MlPQS+pR$DRGb2iwXC&Layi<`UJW52&k%s) z1(Mk0am68E$RnX|qh+-zl`Tg*1+B{JbGt00*n!|#kv>moUaN#imTE>=URFa64M@!; zm(m~fIKGA)*|(-ruVc^38k9GI40~hw_c&&7hO)G{6_8mg1>ItZ$5CeW70>qey3?Ci zUqR>v!M#|HQl;Cym82jxuJpp;DF?vO#Z`mxo}nMGnAKH7AyrKphz767Q1Y9pgn>gP zmIP$hiHOg#cTV~iE|DN;9LmMh8=fRXbRu@Nn8i|+BNo|0?6*j;QYq`-z@@yt(jySg zBnF>zgx`x^$pLgJ<6yK{xs*kjnkyMbiw9iD2_Y*Opf`M%2tYWTZ3`Jpp6R~c-8;JL zhN*$I1d+7(9JPelQhUkPJyISykCal9(@g16kCR6aaHbNYf6voYVef{~;wes0a-7wC zuX%=o(cz-wVpcvlf%ik zjKk1})Gw7nMHf+cZK;FbEYoP2b0Q zks764My18TOCgG5PqG?I)Bj4dMIpp16B~~##7RtUE^==XpxS=*O^eeg(7J6omSZY+ zEH%norYEgyxiZ$8A^Scfk&eTupV7xs^)t z+3j?`{8IGf%P+fM?|i+}F%8&6CvR;0yD8N(1gLjWb+ZK-h?aa#Lf{b})u1+6?WyQZ zP>t$!hHkX_yB#g%+~xGj0_;jAnPb+fR>~NaO4o)Y&m}2mlwT#E&P@`<>$YAL{}dwN zC7uEwPo-T0S0bevwpWJ7D!qngugF)YU(udY&Pe8a)IMtOn8D0qXZI+N0I+j-g6`6M|<(kPGm2icV_ituV7?pbp|*CxVRK_{F=_ z1&Kpt&ZEydF+)^Z0#U?B5U+K-n^73eaX9PXa7rQLH1>E*QAgw1*~-|uWbc&=f})YK z9TU}0&tZ2QIx}jS6CDm$j^%}FfLW88*c2+&CR1iCroB15MpC1Qrc>l)J6hD4EL6 zqub~jQl+P^LMUmn3wHA8C}jI2428sbRXHFTbBkho1zj=%A>siJuLOJ2&{;fDHRW>j zeQ?&hl=d-nk(i=uAmW!;d?|TOlf5?q*y4l)tQ{gg#Q{gOP3Wvsn2Mx#?sdnI=aEHJ zVgRI!Iie_70vH15x8}r4s)(t;N{?PXD#i*BU@jIHzQzHX8HKCjVM_HciR}gl0hmw( zufPYvO*|d|bc;OjfB(<_3tFDtMymxn6C8FXkj+12&npVQE|7X-A*gh+^-4zIf)HLc z3R$Aej{p^QeN2(Z30)RZ5wP_^CBPGTz6%iV=&yN%Ceid*5N#cDG^SZ%8C(hG8z_R$ z;9$U&EJ+wekS+*KI#V$QOpgI9*2=HL3<9QX7sR3DQ6ci(EAg^F{NFK((J2aNQXW}( z<`%PY*&l*GL^Tkodg%M%53LDg$XD`MVNKZWlnjh2dVc=yEiO?rI&e8Ze+RBa`IR_m zz@^GPxpy3&jpSuwo#v0vM)Hm%v-4S6FAHF%Swg+JSfr2>I=GDjLJ@u79Yc&vwi&^^ zWjmR>#Pr6iWD^!l-|_$`-JLCg=JNdb9JD0A^@#@rPp;Um3RZaKl4C}s%^HjvTRc?} zFCt}0qdC01Q=&f|$I*qMH zb|AZrHK?kZrkvxQXi&;61n~mSDg>@$XnyJ8vkk`8za!o%b?wK9SvNO*|IGojN*Y2hEz|<&YRi+%yx?s2cx?PZ_qBsbK zB*0!}S1;!%YpoQ{ znxYwIoGyV!k<_xlfTg@Hy<@knGo^LET&WRf>DiQZBz3UPmTm=yvzB}%dcafVK^)MqpcEb2A1?7QH#ks z5*OQ+P`Zee+L23E8D@-4AeZ;A9PIC99Z6v8pS{*U8<{DBAfkxPrQ3#5^Y9yl6t2or zz&2?%{xaqupxKu(3>0W~rJG}JnFiQ{tn6Hp69CE7ZYHU}4e%6v2X+D0jv_^r04EBd zWFR;MKlZ?a_=(el0o4V&IUFa@D`#9rcV{Vg#@6zB!^G!aA(?}+jvQ8cS6H!$YG(vP zJhb*f{w9Kb5^^e}N?J!cRp(r>2102fYpQCqv>V6~T|jyz$TXEqXmU-=MKI zlM3q~khMSj!&Dyxh9$8f-65_<4h+8BC zkWMhCkS-G`suB`Z%kbQPI{ zT5;CKwv5VLH9>0BXuueMP~E4KVF6xxBVGYaUrZky?BDS=(-!CKE6vRHit~0;9aB80 zt=A_AM34#26=062m{OOkROzumPrz9JQUV0)Y*`c2QeDX3f!ekh{sJ>0mRhW5HEVX& zv)MBaC5+ziUFSGw$giMDM+SX)t9&0`qVRg#P|daxm|x{cABV=5JR*K#1X9GO%(Kbb zm0}J#dLK$h=Q4|t0^9vvo7t$|$O8+B#Ub?CI8F?${i_Egg zBUNHAdG`xw%^O@7(YgCSr970EfVFO%?{^=(Sh7EY;+?D^c8PCda#eZ9s#sAMy!dAD zpO=G+v)<|WWcb|+$NljB{?3v0TKTH`sR)r)fQ$){KcBz9825iX9}UjN!`^80kMoP; z?_T7EUoEO-R#Wa&tT!o}mzsKV;n2{vA1&s13oWYlesMC4i66xHSZL~b>IVW2rG&{((7Ehv8x9D z2~g-q1WPJT+tfg9i)MU{Ld4jL+e*uJPd563C3S(iwF$@!d#Q!H>4`q^hd>60AX9)D zi%}-9gsi=tC@+1?)CR|sA__zrfI@{C+DZJPO7k;OQ@;`9CD#6rmzPTJ6BCSKaEt=D97$VpajaJWB1AFq^KUs`AQJQB zwR+298JOmBP7#}v!0&=x`F;v<5L1+Sf0SqK(8ue}oJBS-SPEqI6iSYtZE~%l6jhhc zb}Z%P1)5dFoGN2NzQu$hM8#PcKpKXGNmM_arj8o{~@!_8M>Uhck^vY zSgUk1!KqMt211{3mj!Co`qi_+S}D17{E$hBLVxRQi67!+ax_gkm=ZX#;#rw{f&?Xy z8Vxsha|=M*GS(O@qYTfS)J$bgl-ZfNPq2lM{C$G1Wf?rn^&xhI%!x+r5a0ZGKDrza zdzU|^7SP%}`ls{L_wNR-kVmSCcLJx+&^6Vr%b?rB*z`uiSN4wI^v};Odnadui(HSz zHhCTfOP9Zjv0>Gy$pdP+)NJ~iT99#hmtu5hrPMB#)Js=euaY1G>f_iPh}B6sFX}1{ z-;nsnn9*3`_I>QnP^rIj!92_tqM)t{CaP}!$Y!CRnCg}_ov1KW@pbR4eOgJfdYo~b^4riG= zaWN_pqBrR)lCP#YK90{afA! zptwfXHv#xum;Q1m2hGIUMi6AP80Hqdb{0?kyH%Bu)L#Z9%)5K0lk|Fpt-(EQ3@U63 zR20nDt=|{7nfod6Yl^rxcN;ZHTZGr`z1{Y1!P1nR5iX-fUBX$Vru6%zIl*j8Bn^66 z=Z!Ma!YwzIOIiqs>7Hyyz+HIEV^k5mpbw16SUo$RNp=c z8K)5IkY)7;rvgrKl*$V~;Bbw~F?#rMt20>nD#dZxa*d8r7ST9BT^XYHA`W{7*<$cz z^{5*y6MQ*&tzzGq*vrXlrL~fwmy>ro^fD{jCmQdA>YLMKMzl6h8OLQRr%XM|r<3nx zRu(XVQZz`<*TuGbI<|18aF#`;Z`FXc!06}ExOe>S2A>@=J?HsqtSbEs)yJ8a; z`RAJPiFK{@V-&Y7mMsp?GR*!I1_78r@5-nel3;84$kaC7$oD&qb_}+XfX4u=x|es% z#6`t5eBD{dU(*96W@hi|^(*@VK6#nHwbvigtNV4T7ipo!{iCjNzdJ}X#rM321mLcB zkrs&*?<7I-G7UJdB7y6gt@;uTlwPEP(#teZaiIpvFV*sNUgMIoYI^HmP(G{qb={O! zPjL2v^tsP)(LMe#b{E}BUIo9|Wz@eIMXEDmKGw!#a1Sf? z!DgfTyd0$7WIRI_B51##Qvf{HAc?jLVN{>-=sdC^OcG%5U&;n%MX#RN{N=B0!q@-r zZNlg99NHN0t!2RXD0a4qG0+PJhN%}@se$b`!}H@z9-{BM;KeT=n^$Pr?5b2d-!-?5 z0j_wXLY6i^{q`asQ6NAx>4`gpL27ZGnk?lUVZ^*9elXx=5@aT0gz(+BV7Gl_EQd4g z7JU%cb=N6H>n{E|Pv}MC#`{^j%_y_^k;6*ARwp0SET2Pm#X1WZ!Wq)R5Id^A{?%eC z)rRDQ7UFla$G5ESo4Y$-<~c*&L#;CVECa(rc|0|lC)=f7ZzZ|qDhyCXTWL8*8|Is1 zz8UJ9>%)qj-gt@2$gqm~7Eq?JHSrUz`;mO^uJ=rbS;ryp$YO#+ZH#Hoy&q)Nw%Vqp z21&K}Ax*!W+3*sKZ9A&WJ#ik+{jGPMR=XK%-MW6Uit{LUZEK`jDl)DNaVzRp@`l94(^2#6eEYO*3=A+SvjAV1=8};lVx#k?}*Cp+1=+U5vvk z6e_Q6o#frjU144_J6=BFr2zldN(L{L7L23N3e;@&b{!B*Pc4>$0L`G67`Z9GZ%rCzgju0MRl2IZWF#`d@F&Y8XRYM6$K&4c-FR@;`~Gxr z3{ZG|4XFuAvJD88=D}J~g^Tt#DmCPy5V|_&HJ?PsjuzvPgkyOjKjtQ#PZ`3$!)pk< z86|O~BDCRf)&}C70Z6D_g9$^4EU8VrC&;wFoj~+ar1KAuY}O}Z2x=#_hXIk}19@s1 znj&Y{{01Dgr8Y`^{C#mdju{#&tjFp+JC?^^M?Y;)-+fyG%Lu|_O)%z^WhG+0h{I3? zEm+4gzL1g^YVSB7d(u=&=HZXS&`?Y+uWjb&V@l~mXkyRxf*EVwbr{>KgtiYJQf{R^ zc_Xit*%*|6W`pvLb@MZ`Zhl(VA(Mb$Jr5#l4X+ixO|v{Zej9tX(c4lUUaLXT4$M@t z+RR68vc_IH_@=?VHH1=Y*Q{N)tr{t{do9<5j4W`O;B(nsQJI>jeOqO1o>!t&c47Uv zctzCiZv|f?TH?u6$~iYs`Mj$gKRc`a%%rL)h}+6vE(r|j?0{)m%kz6}qrLJ04n@!G z&=>B?LbRvZ1W`I}2ASs8Uoj@*-aSL-C|Z7!06K^ITBL3Oox|ci$Q|OY6dBhl1(Ke^ ztRGe>tf63nLU^7M>LpH)GHP*>dgP4w3D9StmU4xSs5gfH?ZZZFwEt^q|L+(|s(QtK z9#yql_n!+XoGBybRz?n$3wM!3{=MV+mv;tot*3}|>Rb=h43zZw;v8)ijb{W+ptYV%wE zU~TN|?CcyJ9LRrnc6Rdr9v$xP|84hR=jh<|(cbI*{lD$(9_;VF{u|hNFbpc5m~lw| zwsY^c@}2vOJRd){0G@)Ego2mtpQLbQZg<)+!f(-XaEqA`s+5ZP6?iFD`b+c&a2E&7 zZ;pGHz2oyYASVm%hgJ4QgdZEZEh5>-Qg5pK( zIBGP`L%D6vuvm4-PmX4K*8?z2(12WDv6e&C<{uqx!N9iiInKmTpb*eFG_aHsZbqSx zfFSM*6d=e@TPp28eFDEGek84ym_K{=zWw?9{YC5T;OEwlgNuP+0+RrlGe{#tdyU+Z zb|%I9^vSXKt&+J^GufH~#ZtZz-Jfp^*W??p4(D*j_f>Y( z3}1L2j3IjNjA7_t3_8mU4CQ4k_7pX#mAlrOjc__Gp4wz}% zE^YB6&8(axx@gO9pFXJoKEroOcKBL|#GH5}oIVU~xyUJT88}7}MS9dj!m)=Qg@Pmt z1xde@QG=o)**x;MbCz|9tS>oxNNySv1Q?tmne6-;`I$8JQ(r-BgPvITqAHOomlg=J zn4)bkA$;CYYB_L&C;|&aXENrWhVt=a(qdu-(>8~`CTN3CpIWM=#ISU`F^R2g#$r!W zsNqoTZZVIk4g(0N-XR)8`L7sj?WN(zitdq0WFmuH%4nG~?YL+yz)~mg$Kn{=PysUO z47I^YXcG7^w4E6Y6mqJwq;PnJfEZ)sqp*bhG7^#%05M})lraqQt`Kb*6ilRnb;6#@>YTp7v zfuJ~=YL}J0L`2awCUMey!)kt_wl&e5ltfIvFsY9I&}tc+ciOvOw|72RbN;!Ha(8-) z=l}5>1regG&7(iWTdo|e~N?5 zViZrO_!cxCK#&^3ftI5NwA#qVMi6$Xv zIu1Q>w4W#MBHju=Bi1Kv2vKSY{)l0Kr&z_flbE*~|3C`5EYC$7q8AKIkO##GGP1BN zZDoI_7zNrsNUE%jIEWc|IZ@VU$7dr^Rt7zekoT(H=!JgKVn5Z?CxaJ#%#0~hTA2G3+96ck%8lHh8+T^qrO;*d{4^GnwHk~MSCRJ-fYYxO$Qbex%3 zvFr>BflN)VrZ`nfI@(lBuq@Rq?M`;I)!#qq*8Y^niO@r!`5#Tt95?TwOD&3>0=eE=nagpQo)>AH2Z}h#4}AvS|#H?SLK;eTCR4kU7=+YysR39S8EM}L;v+e!(gcuWrB6rP~?QHVx=7NNxc&5dPsyD=zD|ZC>yh5TN;q*>J*+Ja1ZQt(R*M7G%q+~|n z;uvz+InLc?<@>tU`M;?DQLgDQ!iJ!iaB)9H&4>#*liiZHr?h4Pjtf z)leEhZKgVy*&GFnHk)_kS)mJ>A3s_LgHNAY>6`N7!KY6uRy~ZO+}5alE^AzRltC~V z&b!6?ZzGH9i_&6U6)eSXO_p|TJ$kDFT$?FLN1+!*=|Cja#lgRu8bEeabG>>OK3RFw z7~r+cRb!HltT+ZLOW6Z$@Ol`OxweIN4Jo4yGK^P3N(N7pWJ9K_M_x?P=n6-dr=y<` z#nWYCktt&ibU``g$^s^g%sU+7MZAzf_|n$QSM_?`ji8MG+n#pmjr3i1gKGZ2`+8^p zwax$cc8^}~ZutLGJgfMBp1mi6QP%CLY!k2?N6UGC#8OV5I#4+{{Thr#5$=ZfKPvA} zJ$f^i8kJ7NvhCFSQH&J%87_j#+KKb$p8$uxklhb7AmjQbJG6k@o1bQ;TlVp8RAVY= z$Qeo$Phd52k7n+)XIiyk#_>JDN0o>d9esU0#^IF6Hr7#zvN_y4JYw;}P)vnIn`+U| zmQ0Y)-?YP~>S`2#m${kGfqDhnRX8MjE&zra9q84FEReu;IqrY_SPPn#k3W4{NAgkq z{P@wBx;0m=A<>c}kb$b184ufl?nyiMc)iKKkXL=fOw^N_d_-LlX5+ym4CQOPxfSD* zx>P5%QYYk^$fPjJkg)sg3^{F_tHjrqa==Pfi3)-QvJ+8eg7oQAx2zP0vt+xn#@>Y9 zDXW+X^^;`^sjuY(vUzhGG+SQtx0I988OsKqZvig?EeeY26wo12ny=1sKC|kp0ZN?3 z(La={A`77{0fKPyE4}76Pi8mp7sM#;7 z>e6!c_q$AU>SJkp>U-NRkn?i1F|b&{BNJslvt8ORdu$v8TF!J!skOXHo^;ozJ-Prb zI(5vi3{=qe!N31I;3W3ut|Hk8pQ0eTMV{6itBmoh7gY5gR9sy$YfX`yWXMP9L}L+* zyh;3ll10~g4fI{)TeQ4D)BLweaWi+}+_tG(Jy&Qc)pe~av~=M5_Wk#Ri?hMyU{u7l z3z|#BnyVKV!yLI+*75OpbaFXx!FJe+OE|exPug&9O_gHf`{S4frT82lkKbRM*2GA| zx;IWq9+EPwPS4+rPX|8@>LQi^tdClzwZVU0Ui8NO^RpjL-i(JA=Rchs4=&skV4Y!_ zZg4*idZ(8^j)&(LmrfXmhlhvRs#{6GDeGvIgW5lRKe`-TjC*eeXP4uYP{*Ue#ZM=F z<(XbGT$Kl{fBED1^8D@K?2#6AwLL-k+LlG@^gxH8T|r<@Ws;M~w!lcaAka8e z0bQAiE1hH@FCjmP$@tyivUl9O6ohzsI_O`XoIA$03z{;>olQT3+lVj(`lo#$V{?}E zzdycse|9#wsOo%E#t&Hu;m7llgSuT)FAegX(=NX#p+cY?vvx%MlcCkM3+Xoj;!x$n zK#<22m2~j^XfQrLe>1x5U5?y+D~w&H_VD7oKNyWxlSd_#)AKi@J6FzxMqazFm=HG$ zxcj6;$ZLnhM`F>HcpT<*q}S?Fq0R|X6wXO->&l95U0tPkxLVrQN+%pni8VMZo~U8T zYNf0awQt39%qt^YyYI?7l}*~Jk^)GFa99m4zf%^3`x=yBg>iA8GAa)>&P^+|W@y(Z zGYgZ|^p=ZkRj&;@;#UdX_oV(Axcmfs?=dqV3%y8!M%Ee1Bxq*su}o?>1~bPuw!k2iDWYx=Afc9I zNQh*BazsIds0?nQqL*D0>>DHZAixZhFx{4AULcNpN#C-(L`CX3mOhIk6=D#FGaa>7 zy&l{mFXotpHiMQI7bEM|B*Q(5_b2IduPYAqa1xP#%$9G3m}%cU%?ab7*(0slwIUoQ z;4DN^n@E9xC4E}k$2uBbD+*+7TCr-?QtQ@0B^$*tsh5qPSQEJ{oE5mG8u-tBJ-vAz z`Kf3B5&4sQm;tV`|J&Q!$=QGG>>X_EKc3{N!GJ1q1msLPRFVc`{H`rJ92GaF9naph zBOg?H_Yuu4?rglgdG7tx~e~3jV*pe{_)N{|CEA8~*1T!fw|8{3laK#&aIlI0{3K6qF>B+oNM@vnDdx-U-^yf3%Yik|{&wBFo%}bV z*dy%%1@8fdJdZ4*HZ!vigJ_=j{+EeYkUykkiUWDKtvLAa1c#ux-K?S}-GHvk9KC^b zL1>DABl^I7+BXf9Ay8`ov}1b)fi7rjSAFxbS-(H^z!}Xs@Q*CM8wx z=7jMxm08PGHD>6?v_x8EcyjDEW;2OwP0iuSu_h}uL0J#XE+{uu&Eo8tI@#+>y`3l5 zw6!1=EVk_n?6F?BY={?OkG*GzmV9UE6o>I`O&rXu_esdnEiXDS z#ZeTX1qwL~Bv#DX>>~!5EZhH?cMpY6?pd+_AM73G{r?X)`kyCyR`35g8t#*jaSE}t zF*mM3$$_-2s3j^SypTjFWOF>_+Sz|296TT4AZF47paqz`J@4vcmyQnJEz?$X>&#e` zaanJeWQt;|0V?O1Oft!Q&;gtZusG!K3N`*i?kjSq5yfO52(7U%5n2pZlZ!}hVIej$ ziGzUz2*ooT0v~am?mR_h&E3&zNawjsauW3~PR^C_j7-WZ)1eG0Ss*?~F#~)~Nj#f_ zfOs$v08%v8+Sju<$XGq9vofc72Sk*3h%ump5j5_(?e3`--|L*hA6Vp#`3Jy|jFuyl zpGtcenc7aK{M*vFbUcc66fv&iaz+^WDu;l0M^$L_QNQ2V zO6lwv)1TxF4}*AyLv7HQd_EcWO%`$aZkULmi38GlQmgLy4*|OUDU&=;OT|4uCuIKe zTO%Xisl>YPV#cK?)i7q57liO1#4sz?rV+M8Kb@1;NMLS3Emz1S?50+}L^GB$pe0S{ zT*by$IS>tz6AFGOF%4nhgO_4W24ptF;p|mo%VhB&RK+n50n&l@RE!W6t$wcZa*GB8 zUCONMa|GU;90N`oTk=PML&U%Y2?p>I28`&?`Z^(}j*c!$ZG#VX4?hS*io+_iqQP(` zh*G8eTL{YdW`V<&M6Pvm{GIs%Z^ajQoB5Jhv{4cjrt_~JVEvgtrSiXY7I~N>z$*Kn z{lmSS{C~8&x6%JS$#a*WqQ&6J&Z}S&8ufoaK9PurDDh*TCEM*e@2XSHv)laKa|JNI2VY2qNhk@}y+uy?Dv({Ev-c;66;7RTO?S**1%unj6=Kp&K zyL*TE_z#CW8~Oi9o;vrxPm-`{a}E5N6E^95kENNK%IPG@&r}sCFIUvT;4;w^wb>~N z0vyiXM?T~#BLdC7F;RyW@OBi_nGRB<-&nzmcI>!<4<5%T7xueqtRmv8wrUJkS~eN2 zBT$wH>2WhwJzWpKF6|+>dxA+bub($rRxRPWfYxJ+F{NW&jenvXDkA(~DuoKvpl|v& z|D)}Zg)O!yz4JI!uE8&UX-0_?P4l-Gb%Edz^ReoOg!1vzI(5~)z=R|SlINF?nI8aT z@EXT7Xm&w!&Uw`BbiVv@P8k34%kJUM&Q3>PsyDao+DY^nQ85>BX)N)`*D!#(;1}xy z0L>X0&j=+k$01_PZTVt>7ShdT{FQj29fQP=d}SEnF-3pGi19p@AVDot0yIs|({a)_ z&=h;aIKT_c$A83#V&rVgbWjo8_^YN>;J3`LPv*x8ewB+&vYKhxQAa9csVcAXl_}~p zXzdu+4DNGDKb8_TnjX(yvw751GkBq;36vz?AWSU_RI7??MH4Om~;BTx+_^vroAtk@755 zS*lx=ekxlwpLa^2c!T-8Z0nL)semg-?2+iK&Okc)>7m=EJ)OIpoG-_#|Tyy+zBq!x5FF zR#SPl1{Y_&)A75(<;6*Vl;qmFOERXiv06nxed2xPv zI=HycaNI;NH7>meMlz>T@3MD%{ziQp_b=`>PccI}tIa$0rU9MKg5!4sve}n*a6k7ufpeZ}R^;t-t^JYwNds*?Xt_+$2R^h0`-j zih4TeNy)4t73If|KnF6>StE-mAm}4H2vpP|gGjB>kTp*cWav0nd4E=+dOGL{Vdecr zuL9vZ?UavKz|j4-p4#X(cMtE(mBmi#@xe7JO~5CZg32_S%_ckeX>fMw+&x?z!fK^# zcB`mtlhyXVS#8CbjV}hH^Y<71!AOqRXxQtQ@>6Gw_LcNRs5eLQ_LI=TZ4?k%L%cq} z=>IqvU0(Dq&o9P<{~Vs4U#yvXHWvZA{HDJ;?`T@;;SxY9m=Bxz(I~7|r+nO`F@3Bw zrfLrI`Ab(!SnJ{;H1Fz+lytZiz0tCCaTaYc6{;H-)Y&>F#HO z^7G4!S~AsT6Mg@zqYfv92cm{rwD1TWz_ZLe*I2{#m+#7ivsI1VBh6(Iz&&zrY86l> zPpm4PO*31GM@hoi5+t53zp28mc4AXU@lDpyf4ygw{qOxUf2wD-|M%;>|M$+(;l}>= zDW1x0_L(LA+?WVIMdD8!_8vLyr=G`+zuz->R`LJ)W&Tu8HUHl|*xxP0|Jd8#+wlLV zch!#isOVnYXf1Rm(;EVay5hV1UD!qboAKDG50YBI28(h~}Eeb*k>&My>w+V@=c>uauL6Tysk$ZGvS3V?mEp=VhLIxAC1y1EFki1fN z1$Qv7&hg1}K%TXxJHDH9rIuQ#j=5rKs>`CQ?tu-khAd5=D7PurPMSu+Q z@9LA}^79C$>!QY3x>r%MR6-J7=-TfuPR#@vj?~mYm3iVno5dcj+JDN1`VKZ+PExXb zI2>cqyn!6i1*BK@y32K?DOR5D?F^Z}3%6Q9&CSwziDV~)A3CP}lOU_T|WJ1^&EPPN^_e$z>z)vV=F zsjq0LcQ*>u1&p6eIpL`;>mNP}Q1U|);=LR1s69H5gBsW>LSM(yuz+P!o}w9+tHjFk zokLk#>fvy9gC=uAt`sF{%Y>ARfnVf0-PQxRZN_Lj>CJXBpugosf}8*Verc+UY$iWE zKm!w5w9v}$WWrQ663V{|%@rWQC}IwD#r`{u1BR3{mht-4KU1fFXA{}IITvVklX?GN zQuu$;#QV9%A1w`kYSpsI!VflC`2R`^(oS&lKpLENk2+7m`!^wy&CT7wGu^;yFV~HX_VmPEr>8a@H1A5t76q@?PqnC2Ej<^i-drNy?{VD! zJwU`~`&niG@%nH#pa1J}Qbj+Z)1g0ABvB$v#O$kMS5oHl9@0+j( za=JirjVQ%F0)8yjUmUT`omw*z>3Y$$^TWf3?0ep zvHAb*{^4QX{_p5$|7gSipW+cD;-e`J5oqRSzNu1aW#hFpoB?-q689CMcC1oqke#Yv zHdd8<7@H)_&M!?J>I^h#9Of_QOS9ysk%rV8SDc#z)l??QQZbfH!JU=NWXv>QhO;pI zu*{D(DXc>}4KsD-`uCd6WbDh;)Fnk7c^Kax4;uinKu*7zcr+5tBvwZ$;m8pOv$c9owvb^ZA?6W$$uyoQ-)>;o)q< zyC+T|2~UX!gG&mhQ|wiucXoa@K0WXEPRExQy&rx!>92unzMXrbO(>q>@ECDzl2C>A z`Nheble6*h;L>uQu7h>HnOazvra#YlXjb}KCtlhPT6g+_uX3s`ar>?}@D={wHC?Ii zw9ZE{IttFwD0Si zo%71h&50GF>z#Y#n^PDt?d)uCEBRF9x%X2Xz`<+0bXb+E#vN%rGFeS7sPM^||y zbfB94`PpUf9JxaZZzEZGhFio|Sh_CWZ@(U8aDP7)?FyI7|!1< zbl!hESZDKR67mr8`5n1sRg?_3!Hp_=5r<(h+(6yPN@i3OOI~%hHv?S8JZr(!Xex-H zq=h28cAlTh#KqF!22~YG6L7c!2b8--R|N}LKTN=#0t6I81FRhspy0Kd^BV^_7i^ii zC)bj5?-GT@=gju7YE%Lo#<$Hpz0o-2c!AUk^D%X{FXOp`W=EW>I!*A>#}vFwPCMy( z^{x;-r+tb?$%1Wyw&a^$fM8fT4(_E~dy<_UsyUivnAhVndNsrhCCb}8Qg!4HLrfV* z_VuX1kYhGlK|Z2E`fbhOwyEd7+kwygiV2eRRcAMNwca+MZkgq-SjN)Xl11WsOEuDR zu87Vxq#YWE9aDPs;!fa}t#SuHQRud0J?EUd3zSHN5hb3xH*!^r&oy||Oxj150bxtl znX-;5RlU;j6x>6EEObt6eu%pJMOgt)hq z)vewA|>fqU%C{*45=zJgdz6V-y|9`l*Q^^0e zzq85z`6Q3~{>Pem`yR;p^qlU4))D+Kei%qS!7ggdkB@_v9 zB=jE^#WgR=G-9QBAv7a>wCg0Ref^`Kx|J4{5W|b}{$Mn!(%@!dCYEa zVP1)?->jpTvM6H>^;DtWowQUN4b4VF^Hv5ghyzrDS~gZ%k#_h@tedy>a}{>#q1ef-OQc}}N4hP+s&yd)t< zw_KYw!w61rfH_Ws7(-tku|_|SWQv|Mah?)COayrIdw6-#Q@_pzmubcRZD>6mad$t+srduT~-6 zu6c0HLM}hImdngOn#8lIOa2g|#}%R>3OcgTeRtZ2k^mm`!el}GI6$uM2YAx4zg7tz z)N_D{8SSKBN8zBrj53;8lHx@b|u%+f-lrlqBTTxMgr zj(RpTb885%xmur7HM>z5Zq&{9S2wS*U}3aa*AUKLtZoyyJJ@+-xo(BA$L3g}p9=Xu zyG1^x{C{+`w^NY+UvJ{SKgqKNF6RhDF^vdAfJ_0OW0tZK@i#FC1PB&5#0wYzhPWt; z!fQ-PxDcm-EpQDfhLZp>K+zvDrZU?vAdw0{>my&f*!!t)$N&zd55Eu5f`m+m11=m# zY*{UP9Fc;;iB934yWVwqE>-M#Fv2D7N;)q;mU;O#k7Q_ZjcA`NB1jQv{?~5%b!(>y z+Wm~ivHdolART|9{RVRriowP|@*u7W*^BDDX3Vk-zobi;T+J7Teg# zuug;lJLUApXOU?75oaKwenQbYbTIiJ;5B#SdPvvdv8XSjmbKHg5L=aK@&9B zYcM1}Qb}QY?6TN+hRDy(j|XF!m47tujdEzckX!u!kCCuW3omLQ77@Q5Uc>X_yP#Es zUlXfd8iS<{YQ3|w^GoTSyEcBVmR{Ha_EoEClPT!t60v4kH%w0QVkYwX`NvleR+?+v zm0^6HyyC0d5+^tJfiGL47AWYQ=#xZl!|IPu&ibeCkE_Qit-e+Vpf|WJX?5_Qby_vm z*J?G{s@+{q-AL>7ya4QOsJO==MWxPg6oB1pRID)Y<%2VRH@Lhw=~r{>GT8STt5pc< zAzKf@9PE3I;3+Ba$>Q*xp0C*HoKWvIaFuwOQLB$v7V3I<<$ZLr2wj|LMcR1SyZq6@ zB&P_e2AffOWPMAMrbHVTN{C%YccZb1LwwuqbR625`ihwXiq@djRJ~|?!U#u5A+#O_ zN#MC(e{F(hr|CfE8JI#CD>)Zuws6 zub821HU_+wXuDUq%Q_K}&QQy!fik<}bjXfDy`Hf&T$~ z0z@0&3k^!V3DMmq&~1P7@!nBU^NqW#jm7)6zwXUJ0UsGFqhLI&U%Q%B@k8o2{Gg^p z&+B65o`%^^Y(V{BepN8^!OK-a&t8?p{d)8`XU@Bz$Kk5~?eBqB%YRxbemwu*y~Bf| z|L@^O{(F+AO8!gELw_v^FuKw5M_;`wNFjX^En6qz$k)0+UQ8JRtse;WP#s$a(C>CG z(IUE&xS{Ksa7`OwarI=qLA=$UXFNRQLm-1L)0L=Q1A!_z3x^*l#s7Q-J_2-$IoJiCz>^r_JgxxQ?|vo`QZ#&5A@bqvSnewo z{kN7Ziu-?Z8LzoKySD~trT%AUuekqj?7yGn$?pFpGjH~PX`(9@sj|0K2OWLrvk!yfELD`R9`0@Oe?7?~2so3%V~)J5*0q%c*zHr65pSxF5HP}T(Q>? zGsCTOx!0Q~^|&c7vAA~I=@v>QYPq94>_j_hFw&@Jh)X-MdxuT_r z1q|g52x-qoW-c;+t1H2_CzY60b#e&wNys>bSdzA?+{#abv~Z~p^3@v6w;4LcVSIZY zC39Lbq=r`P3KiE(YqXlo!tPEfeblB>oqY5R@f$*~($e$vrR#RLtePJ(b0yqYhDASM z%J@GppX>7Lq34Gz&k2)P6{DF}tFe~WNYQ$7Y>&|JHR&N`1YL@FDk_*!R0I00k(MvJ0uQuu*RRo)rvE=+W1osMXIqM70He0haSFZI;F`YM8Sn)Ku@ znC>>;dF`Tlk~_9Fjh3?mSZOL<#--O-E-Nr!Kaxxd(ra$DIXk2>OQd@fi4Cs4j8urC zbniGy_wI@V<^#}&z4R;Y1xi@J+9(uRX*B}XthC&Qz)Cb#CmB^}}oPu9ua$tBluNr}5% z$K^$r&E4F?-_1F$ch7Do}G0zOfC z-iCqzdZKO2JaUcbQWk%kG%1S&m~oUS< z?deaz$%s?Y-9G`Rcrl8nQ+x}Wt=|{7O)G}!7Xb=qd@kSxC9HS6bc?xbVAgRjmY&A$v2+ zzr$;oDq#VkM_-ParW?PF;zc#%^RlxF=5G+VPP)UF>I*PI}VEJzYU!xqri(D~{Fu1b!r zgswIM8V87V8!Z4M{6@N{soWM#Q`Zn|`|4{kL`~b3R2Kb8yu3zqqF)FhP5v=M>fam4 zy?LY6YTcW#zsI4E!`X(uH}qYTzDa;|IB7%SU7(09=5s>vKc!f%sk;F{k(d6j*IAS(29uP5+_3D!2nTRf<@5N=O}$E{>)tjit=C9$87~{Qq7@edn`+{~zwZ&fWj)9vmEP^1nREdSNHjQBN2f7w?r2Y(j>B_5qX;0mjw2@#s zS>z%jp(roY*vPk;GqX7=Cue7UX3pRQerbx4fNc_?kj?Rwi}UzzMI3bp&0ATis<|>d zH4+5K;{(~r+5?ox(k$~$5R(3`p{txVU@LRMqlOdcX2sNtp+auNl}Sd8I4Z?xo)6iL zmIB{G20qvVr}7m@UdgUj_QINFumvs&&}@m%5eQ1))j&Mcqym@=nM1-0UHkpTsTmEk z9-I2-9KnFk|Jf{dp$;&89Cg&r_xi26mJ>Y)MOUv?d>D5(<-#(+GjCXgyv)ytlG|nW zGl$%<6!NI#hg?dXrMP6*eje~f=k>3-yWC%`v`%xW=0*@!iSA}yuh@(xCqFInwOrOY z`b`ecxz;zd`Fv>ed8^_+%Tql6sl18ziT9j;R-FI#4t9_7@jv!9`Tw8h*#f=c33!`k zwsb}5az*hF>#2+Zitn2k9nXkKs=$%w5&R=YiB?aiG*!MzIxT(k-N|Tla`vW}14_{V z_!CTy4p8W2p=YJth9IcnYJ!TK1a&WKgfe4;>dkr`T2*K}(!_3P_Q_~AT8n0*GMe2O zf2qf@{}+RvKI;A7?*9H!A^!93!NF$#e~M>4Pw+>%Ep$cM&7Z-(a38`pocA#}ubIL^ zMj~_fr#_73hca_*Ice*}7m#s*$I420Wo=n_NN6^ojgBKcR<6f7Xe^Dxj`@=O(H2E4 zghekxPN8>I7xTWUkYX^2relfNY8aDfdMrw&l{FsRi^hM%C`Myt16~)M%l`0xi)yFJ zay$=~kj3~42SHtM=jZR<;vfK-I2=;Dvik@92(%qXK zr2)7%Jm^{Rpq2^j^*a+F6fgRy3ACxj!JgDhH@l!Y>c1O~d;QDt;Ns%!yt!=(vL*9i z5U^$!{E|B7X1wp4a^9`a@-_546!C)uQsy;dg}2n3k0a{wApd28L%;AYnigKstNbeu zMl-}6Z<*um+{d)=G9cd7c!oH~3*`71x?Zy4OLY%Xd>t*vQyic%h2gANiy~O4CU-I9;RnMpp3Nl=&~^)b4ExX=mp>8@X#jol*ey4WlEwm69B z)&c((^Re`W$$y!8^93oisNNP~PrW(03Egk^3-hGjyP$-{;g&Ct3hQYq_7~^NlCsmn z;+wK%=oMbZ9Np$$&Jg!*3WG62+(#iVz%}oSh|Ca2GwcF{V&`jj;RqorS-9hqyF$rp z9b(JziNeq)3)ct4+(@Yp#mQEm+}%?j+;yZ=mg_^zV3BRi5NFONgb-IUR^k(hTy1bC zD8UZN)Q7I|a`*2Ra$aDsm^hdUjtZ2hd^HPi8A1h?AGj7n;9d+1=wIU^w_aR1b^`gb z2zjx91%4sk73OgfQNkU2z=9$dh&Xh-4Pi)FfKc%Rx{(XJh#!fH<0jq}OGYp*4n>6M zbS#Z2#x6(^j*3-qgbKYEyu0wu`O+l-L=-{4IDL^?7>*ArwDM8@y#V8S7vQi!N9KKT zpeXXLr?kis#QVj9&7ALDuU%`ABE})*V=Z$PJ}(@kDT?D6RC1j2TZH7jf5}Hmyai;% z5s+Wy*$RhK;{Hq#k7-G(EM}r%_ea4&eAhlt`IyhD8fM-c`9dZ$L2ujzmKYVq1T7F3 zUk8q*$ne=?7<>&{f{OMKR}2q~4aC4Or=3#GE^edh0+G&tSkAhhBlMmAb?I*0tu;mk1UY zo@=Xd?=)_yi!GUpz+=~Hj9uI!4qdEEy)B|9R$Box@v=Cq;;lnax}lh(X6D^**#b>i zJWBRXPtX6+v`f*MI4g#6kOp=8l$NM-uvBFDFnHLYKU%+pG!pvgw%G-{+xagthM4%W z^LqdF!S2_42ks)5H>BAGJB5!VN-z}v4gPo2D)FhbdmdRVP{>7XyGJ_yo9NZYPu3T7 zoB7hnH}P9T{o35|tbSJ9|A-Cg-j*OM>_2v1ALjGFyxu+7#D98{C!7Dt5#lwQ`P(D_ z6nj+k2F~H_12*4~L6P51=hqG-!Q2;r4}&Ejp{yxT0uiDhz#(ck+Q*~uh!ct$Tc9t~ zd4r$&Bj97o8tob89r=HSexp74C+*1pn-}w0NBqzHWY=LQ1vG))RUCmS4iIa6)n+$Q zi^%^0zW~DNzA~>@qjhj5hcGPk2l)bN3f&HQSy6Z3!MMsY;ZA> zu<}8=)Tierewg*&|FL)WW^j7`roHeVx{d1fzqh-$m&^aSyLa$6a&lWgV6ac(A z3}+}HvqocU3-rw|fEftM4S?4W2QoqzpHmXg=HLzHV2+vC;5%}68K7v2C<;9!;qSHg+XuUi##i76d5sNg&)c9nxc`y)QCXgW?kPv*( zz!V*P0R4;O6vVy&p^~J75Z$D6RFP=s1DIkI_@aALd~0HA0~L8LiA1jZl$oeKiEeNM zmkdDP2ZR9}TA`pbNM~a_XGYH~2;^s4N-p|E|7S$5iKNP&q(Ze?<=C3JN=8h)ti5^~ z08A-ah_xdI;Om2f{dVIkaI6;$kT*1f1V7~La<9`~>`9UpW9R6@423#cIKb0%J_>Un z#0*i7fDa)KGQcGTi}9^8HBrGc(@IAMqhUJlCL@*|gfgij3Hd!kLdHNI50*gm5?n(H ze(t?H1(SeyS4rGXC8L9vH;@4sPz3#@TKkZxd9!99WlMXC$b*2~C{rCl+vkE;FfK#4 zgTZYS5Q?Zgn`B);>9Qr8&1g zfS2dS&-PV9VurMilQ|y}Kf^BfL zU!@ceKEw>ElpR0GL$6#~dN9)2*_CT{q!}%wGr8R52xPV}-HS9F=m&jf|DZ-J1t(YO zjKakNQhw|=MiIW%ybrs4^oJ!D4}!_ z9{`_24m=nN0VWo^g+M{Y>y?-T<(?%EE#hp?NhyNKC`wi)8vs{AwhF*pdhyEX&C#Qt z*$n+jHHKjM;>U+<@ee@VB?vH{I5#Q|R2UdeG{FJ%{qP693o3CZMKZ$(b&y~qEu=)o ziRj%5qD(>V8y3!Q2=Jw^iN}F*+D=`Q

A(T1A)@( zfDzU-{j?MV*?bi5bx5#jc3YM>Pe-Aa!^&gM$&qeay)ljQ5`oQID_KKA)y09q!L8gS zjdYwl80DGq+?mvC%Lo;x14geIujFp|F*SR+&>t@p&!!x8iEJphQ%1@?%l-|au5l8< z9uo+R)@h8oq=!=u0uM$3i4&sOgk9XWJIkp$#*Eu>nAXHW0#dP_xuyw;LpC0{N4S-x zJBNoC`v(_V%-6g`ebXX;r-VYP?b@eEo~LYtX@t~4ux2G{xs$R(MYoWGat6A*s3^{< z)|JU=X!bs6d6?RfL&k+6*f>@KuruxK0=6b^hV3GBR@oP#FO8CXg zHM9HeZ7atG;)IQe7?M=)%L?gk#}I#x179zXsw00p<6m(?8j13ZHT#dt8?d|WZ|S(dqa52b!qt8d2ehZ7R5mLBx+I``H#QbmWGYuavcI>&@((01SiR%aXBK zRE8lRoE~SKp9_Km!(Pl+!AaQnkWv>?*y}?a1tGCQF>K&OUs)7h)NMgl*IpxXyCQTP z>0t4glZ}%4*E9@KLNspR#;$(Xz~Cs@@Q}Q1j&Q=#C@`Xk zatep*VSaBaIS;1bqhp~LLK<_C5Ih322Pj)W8ju%QyQYu7f3MofwP37BZ8Q`j=Iv&4 zK*cca`aL#k9)JH{`P%bloQ7fZ)tk-rfbw1ndWDN*r`6iq+}hcF?Y-17Wl%>&=M-2F z6B4u|*)NF#67|NiVx(=-a;qg{mp8d`jl`sd6v7yV6w4kg0ymvI4-6}>r{ujEl)G2C zJmbL}9?pUYh@-KjukF@c4`r*^l1O^{Sh1$@998ax$}yz=j&Tr zo7=4ylE_z#1}06T7WpLW3~5hTd8V*x;1mkkKpyeBp(bAk7HP+~5WmhiOQi&<8@W49 z9`QN(G`qUkuB}FEO-mAueU%Tj1L2uEsG~STM{(4cBwFWWdw`?+DB`JRM;+%#>;PF) zdA9=2fJf?-i{w8r*DNA&ri@T`j0W^d5{C+hMaa_`cydV8-3mng5giPL74{{MSL509 z6pV`=Qji@UUL3spbasApdhucZ{ZYqFHj>F%k}wXRR4C4fv1<-Li4gmBN0I1?ATAd@ z4$)C`^%tzfcM!o@)F9DS;|eDn4#uuwfK(3J9hV?)eXI56P0KfjE#szhYo3G$k+1u8p>CJ!#$1#lr8IVNnR1~BjY(j<=#7RPN zsKd@|sJ5ifA-EGrh@kJ77uSwKnfwpVq8oqk9ZSH^vI`Sr9>gMLA5Pw*SARR4= zpb?HIJKNe)_XHM+gmzQdp7Q(dtBh{jhHjmySvfnB?ZzZg$ltQf?bSt@h%-$|UWhgq z)@gA9>dp97!76@7lVbsSo1hyn^PB<2xZUhns z<)z!-w*cDXTixQEd-z{Z_6-=h`&ZU>GgB)ExeFz%n6jMJz!N$mNr_!MoBCQmiKIzZ z0XJR^6R=q)=?q7mAkY=FuCx76I8yZGjYSANnnWgqvwqes2$w%fV5s8baIsXYLT3^buS>H zsy|@u?VUGmg+jRsGa_h`Be)O;`e7I%H>8L90dFIs4$!8o*OcOavmZ#zvIv^?d0VF= zl`Bzh1vrU?Ai-K2rO{=?t|L9cqZ=yF0SnX=TU)Q?_fE$lyUMS*kXMc)k+2|@0=?di zTJNIBbYSfS9VJvG`hH{X!-`LxoPInwIy<}A|MSs@bCb8LV|Dt5=Gf&8n@WKAkwv z#s*u)Y!PQ_yHlld1s3b5$#f%YwbOUsY#Q5D>M5%{QJfJ$@{;% z$D=sYu!w3X$GBw|tqRLU9}ag~8>q8o4l5?pToD8NaOGr#odjT9-iwzeJi zKB1rI*>aFqgY0ks2_g5B9ab;a{ZJ`f%wy;L6>pY^|fes1(^*VotPHaz?l)NL>1?!};(fa`fb!CWM1 zPe_Sk#3Cvfc=^cFu+Nf_ue6%_h8F}p@BaggRO?0{46$SeW0q#dkt>Q3)=mXyMClQ6 z$eCpy;aKbLxH+OfPwMv+0NKPG1!5MT!sro2LP&FjPzHdhQ!0B`mnb88O9>pm3wTCS6Vi$>0xIj~6Hdhf=ePIqhA*zc0X7 z$DQ8`-}B4>pIN^Tw%Kc@#EVGqtbd6dB{@LfiAf5sM-h0yn=dvHzow!$R9DqbHZthek2>}y>Tx8ty zoF&`xcfOMn$j6vOXG7W-XxrcUZbROe2*}QD&uf(IX-mmMUtR-f?)aQ0;+gfa>xVS#_R+5qcn zz(%&W8fHM{5QT$ZQZAI5S8fHRYwKF4g_p^S-wlsEraF z8;wbkJ;GHc1P4DsuShu7P7@&YV|19wt=26Dhp<$^Fz0*T%a5gn@aQ#d*_4mPx@3lw12%(Pbe^WKn> zE0sA~3+Trt&s5&66ygeb-Z?X%Ia)^G!SYW77-;f4|8{!x?r8t)2-NC->PR?50>i-; zw1_`BMweu)3^wq~XGM!+7YFhWc_vDtW=jsoagk*!FQcYTq0QIT(#uxW3#AlKBemnZ zm=Dz^HuGvU0Q@}k=XU0UqERXcSEKPEOTz&8g_Kv6Z;ufOluL+J!_&ynSS_t}<24L( zR6c~6^ObVaGFcBNR>)6e46Dz2S=MWINyZ!Y@+;>*Nv$#t?Q&#^>W(D?9GM9F z`mv50n{s7g(wE&4j%c575Wdt!c9OyP*`hOmoE;sU9-YH7du#Zm8o-mQwkJX}X+12s z`_dlz*ODGkqapWEBcuZCO*$U&+qH>#ujz#jG1uOjNMCDewJK)y@?~3#ns$|%nMXPO zwe818$4XAYAi^PR9Pw?94RiGc!@Z69mT9<*kzVnA$0bb* zyBHKl(hnqzG|2THTE^bbZ=ScM^eANp8G28O+rX#^ajd*~<;>)Ae7+BHcVD2Cmu%(9 z$j=?kn{yTnoe+M4x4Y&F&pRbJ&@y*rEwcio$V=g@s}Kq*rE2$%pn3*D@-$T)_gNUS zYaqE=QP(&s?ySP;Qwrz|E^juRbGi6CXv}N!`tr(gq4LRO<+2dmZ$*-l>RJ`v*KVsB ztL-dv*X`8qx}%l&YC}!DayTQ&6-j*WI8P=eylZhC4!l0WQY^_%EoBN&%Z&0&{>(45 zYaCwc*HLqbn%$6fji@P?U^8bvZXSF(JOB9pLO zJ`x2BX0{AVpM~i6mlNNg^B0ok3EHDEcvwZojiIM3>NHZ%93-wl{b(ErG<S-uktaPT4q7?5md@ zuygZJ!zdjPm-T`QSoBO-_^^Uw17W0Mu7MvI<>n0x2@n=af9vRyIa4==l!NyV>NFb0 zxvdeiK)GIMV;cs8NubxQwwuDBzLebw`J5Ap;nv1WSEl4QM*jipad$7+-rU}Nv(v)C z7U^vTuljHHdaqyMe$d~3CClz>{QC7yv#^bwKoTE5o*$k0;zq2$+j-M?xBI5-ro4_m z#e)P)-kSD5NZGpO-^j|~VENDg`M>_Z|M&kkUQE$IN#9uw$30F0qGz3~?MMOzt@4ix`lQX!*_nq1=$n(Mv@E zdz&uu&WxEHCSqJSq0)x+AxH!Y7}4$@+V5KJciB=gtX==cc==hev}XZlXZW-AjBA&|dMo+$ z&R&0Sdv9m&O}D%EI(Yr2|GM9OwYwQ~w{~A`?d|Tq?srM6zd5nits&xt;@t#Y4{2{` zUm}15kH(|opmKtOjx0ZkXkIOlsRL5;Q_~@Q@$T<1f!3y-JNJPE z%!b^0{yF-oEaxS{oU0x(leZVFUMfN` z0=RpslZoo?v_a1Z18Pi%*XjFnmzWE%_D?hp1h!Gz^IAT7`SO6p&%M8v3^v*3($P zL#Q6RB8iqB%)3yzD!?Y70p%5YYp)J%rZLbKm!0cu2O@QP^!30(mKbFD1?f`d7fO7)pUr(=Df&$(F+d zkU59p6YYJoG%Q;et~=t__4=#A^MwD=*N$cN1|PvY@*Ju`aB!W^mD>l4ltLY3!R+B^ z<~`v!?)YdSdKI2#-i>I^GkHa`?586AJoD4nMyx5BkUj4cFPQUkSGk{`ubX%E4KXA} zO3b@xzfcDo^f@sY_tA+l)#5;zB$uH{QelX*nKYH@2rd^r^)$=(y#1UZhnu6ZJcn~< z!-+!T=BUo<)ai^mP6yoE|WAHG067Rw_IKA4L}M<3ecMv#ar|MxTkrFf^Q zCZaIqwCecr*lnTe>Y1v`2E>EQgYR}$`n&BQAyO(+^wk&EOETv9CwsEHqVJmxGo$6S z5!L?7dij8TPtQ&a2~C`#vLq>dK^|4|%959}B$$I@K?w;c54t9&P(%Cu;^2Y?Bob0Y zO?cbJ^=zmH&fi@sB0Qo^_dAWKC?q2?sZMfz4H*}0wDyNT$bbCd4{nrFm3(OJ4}XyV zFhBh=x~UH+i%IlLa9J3CnP6RPnjb5$I42%hDmV>Db0VEhoo+wY~S|t2!C1 z|4l#yrXinnsrjruVDHMJbIu+w{E5Rzy>N$Z>4ckrtL6yDZq0}V#5{ZllOhY;Kiz;7 zf?0H$a9YOh5>Vj0I2o%An1QN0Yq}j_t~iMt!0i!iG?+VYp6A*6&gPbrQYhHx=UBUY<2cqWaIE5T!is8xzT`sx^;K;G(3YPbyZ%d{4A6=nqtbchzfwA>N=F@Y zutx)HBM1E&j>aXf!E(5yk9)*gm0hnr-)bk6XlC8WRj`2ETXA*B+Cwe(lI?%b%oo~m zPethGN;CpArBVNt`+?2ra>CpAA zZ=;S)Ij4Qm2RqI`v!)4cu(DPOW$+(e(_3FhmC6AnS7f(r@M=UM z<$^oUBhmyuJ1QVes+=OgSVm}442@@OcFLxaX>A-curd{1lJQ$;^LfMm^XHBYI|M?N ztD)>DXG?uNZQPSH%!c!-;2pUl;oHNb??3$+dMGtk-l7vb$2*i;bm%ek0#255DWD1ZgFtDY{V28uYj? zrJ0S)S3vo2Y0ZeW@F<&Z7QO}qP8E4BBG=%-@OX1maYqAY<0<_ou41sY; zDtJ82IjP4{mauEe91mv=y4p3f%bj;kMYfPyJ>9}P67_IA|7HfBk;Bz>RkHQp)L}Mi zw3#4{z=OHu2!}KR4=hbq#Vxm}v!`9I>bIF7O~5`d0r7{<>k#P{6`vFhU2lgl)cSlK z1SQiSSx!fzvc;j)EF_`KK4l!yh>mb*d&pwFbsdjr@OJ7HW97@L=|QCYVt z38ftMlEyI!d>d&n<)oj6D!!(2=LeN1Ob90gys(TNBpM)2MmQ3*XTYS^x2akLs?l^hZY1E zX)wqQm^2XJZ|*_&v-~=SN@c@@R0kz4yoXp7w=84VRK%g2HmI%#?@hFmR4&fx!t;6r<$g%>iPLEC z0}V;J-XXxMq%SV;#AL`_D|lU6P7$(O5LK)>(Rltz505q{vw1Bvt4C38QRjz+cMW&ke(Mc-pzKTF(`+I(>C90>%yotoaDC3= zZaE&p+AiBceH8`}`gv^Swq(W`w#zX+K^l2N)F+G_6wZ_^e_1~88pI38QcvV!qd%ci zMw*!pF)nFx$xLes1eT!{l9sXvb(wxrmXGC=i^Jn&lzz-*VKJaQKg+B^&6Sg0IjJ8a z_ieKidQ9bnKqp0ILC1~5l}~@XVW$;PKKb*4NPC#Fu<)ECO-Z(n@ptEI;TO5$bLOPK~QlR+hlfbjk>yC3HZeLn5XL zXL?XAp{XV)Fm044YL;LN4+c_tewt-rMNLMU`by4P>diwoIFlV8K2;^BQg80w{a%xi zCgtQu#>L6;VXgNy$`8#vu#w#D8Am6_hfc)xr(KrF&Z<_Ju|`j-TwsW??a)EU4LRhUSoFzdV54iZsh0&Agi?Pny++sVEDR1`@ka zF+Nbya%+-iKMdKmO3SEq0@n!@d8I(1XO-bfDG~Bo(MMVq4}{V?j(TA_*Neeh^!(6f zhkSu_2d-bO&BU*Q3&4xQr&g9gnxmTqNuxVhktSc3VdYf#oMZFc*4!u?4%bpoaT7Ow z>?2pUEsr#FY@XYi8)ZeBrS2M??Qgo7v~1Tv_6Vg6DsLXkr(uFbpy;Oha)E$Yk@+flWde%2hYC=v;t;sWZpZ4|P{MG@%CO?&RIPML{vi#llpFDRng5C3N{wDW_L|42zn-jQff?kSMP z4Hy!1esF?*mGw~w4G{VMIIv*J(M=q(ge0@>o_W$Z9U#*K9N=%c7(aEF{TXTLuPwN4Y?( zuQF*0Oe1}nQN0oLTxU(;uJ6sC-lCTO>PfsvLrWly#O)agLD4ctWGCiDFSn2;jc!XHvyO6svM6cvqnZyyT(e~Q>s)uxs;5tp>gR5Ad1Pf#(gYD# znP}$|15DPZp3P!wJF;o>X=IXu>L-LxEdJx7q{-0bV;!buc5vZbNQY2M1m(emb+~l> zj-x=LMJE3Bm!*@YPH^G!V8W}CFLw?mTtyn2t-%lJh{_sqTI~H69h`i!c^#0d2pY~O zw>74eTd+yZ7h0?)X>{(Z65p>S(Z+kkY169aDFny_an>t#B(odOk1?Frl}XNLd4oY!Xng!zq(n$1-r_-i_G=(UfQ?566zSrafXg+dwx5Rr*jxgO5~ z+KM>KBu(BieVT}NX9=zNQ0h@rY>5(@OPc8-+ATVBpFXcdw9>Lf3C$(VbP;X3g!ZJi z#+0%|F`%3@Wg^-v32j9j^bn*e6VYZ$Xe-*>pBOM*M5`g8t%$Qs($I*CgY3^K$IbM! zM)u=6(LPPWEY)qJk~9;?&8)L#MI7`%q?tHwW}Y=G+C22GF~q5H)~txLFlpk1G6=>T zV$MI{8fnvE(7z68Z-`EGV+5_?WhdvXN3qcUR^SQsB(e&ZlqEcUQqN-Eo643&LUw2Q*~FWtJ{_RvCRV{1kHQx|`oMHN z_40LM34tO)0+V?~M}5+fdDM86JC#*6fiFpfXe4)XugB6zJUBUTQRlbc=M3$X+cj~3 z1vwK57GzNOMWHYd~N7M-#%q|xA$LKCos*5)732;Y2)@D-*Z z#Kp+9aY%Cog}q~NWnI)Q9NV_dPCB-2+qP}ncE`4D+eybAI~{d+?s?w#R(<#1cmA9@ zvuaiCwbnj+uQBGBW8xN^&dz49@Ldt*A)3+*qsdn-b);PTRhcifNRYnt?L0hRsEXjN zjl>8jXp6MQ|IB9@`Fe$gw|2aKMGF}_=05EW(qKoCpdK5~HnTs6q|Ql5JSu5nOVB1G zX}7O55$!Kg_9>aKu;e4Z<8(e(%-}tfp(m9mt(gLiJ*E{A)|p(YjAOG*k1wQ)$5Jrm z4Chb<G0W6}o~4v>Eq^GGY^yr9C>OS`&2pEgA4(Z7l_U<0RG{M(G~Fy0u|C3b zyPOoGjrP0F9p*<`lf0&~vR#*W{(@y7FqtRl7x-xmJ{4F%l<)uP=HpcQy(~yjNTApI z;dQ^VkZ-fRid9N2ZAxLqlAzhTB%V@k>9B|o+LHhjsazKlI3_7Gj7PFBcbiM8MkVwYCs568&$Jb04lT+JZfCb-}fG*>} zGE#7nOeH5IYd7TTUCXb5vho)R43WtfyyO2CU(NMi?j_Gk6=j@TgCTZf3O6JFoXVYK zr&((x#lZHOMGb2vAL?)?)Yj<|Z{VP;*cYnP7yCFTk?SIX<-tkWqwG-rc(nifW=m3i zy@XlSP~Frs9=#`3pO&ySTKT+G75z{-C4SAUSi;b2%e2D8jjoj?rzgqovMFZ+ZpMtr z)MK5Mr>EGz!(AbyXwUozS7)F=%6m>t$fxvL{54N$xngLy-g-7aZ}V0+cPB*nh+$H) z=e=<(MZQT{MGICb{K}|oMInWDh(fysY`qm`17l$b7bjsY=DR)nCU64g4!gbgj`SSC zHN-EBmf-Y<_#++=KuzJ7e}eUuErv3fNgjtr0BKi>KBU$`OFg%QcoHHJ`g8E%sUweS zumrZR>H=(?%r0&*SSD72oCyZ0v=;F?Q35I zK{4$lk6k5Vc!^-RB|0*rCI7;JWW^LOTQVeZ&rCx-Lo}x})>l0Nq%0JxAukX@`{wE6 z3*6S>w97Vug=#{P+Hu;YK2HcwA%%XM{A0Srq5EF0wJ3hxC4RPM`^*icNvzD>ZSq?q z;^{zq_#VL+YzmF>+gaMenPrSC3l&Pq5&cd~f6z#ZfB#%n}ra zbO~n?^SHD2f{a&&;IwaPy`6{Lp-0J4CI0qQx8liampEaaoq#}`OD8@@*fa@o1F_Ll7R@V|@z1R|@4%&&l{@ zUVM6a@?Z`^N=e!6xJDqHj4*xDQ<1&pNJ1i+<401BHrIa1*^;(( z3FWyxw?I#usPrDDTQIi=k>CrB%^a%cW7WuyL&^YB@=Hr-n!a znP0V{;YC2S2iu2rFTzP-O&oUSStTmbs%m7A|C)Of`@)*yQL)k>&CehIS@}0@+Qnlo zkK3NQc}t;U;&RC7ivzth`)9?C8OLu-d#ag~Yj$>*jT0zFWa3sjhb~u=G`M9oOTSq} z9V|Cn^}ps@rB(C#nfR@&ev8$cE{Z)Cc*f-ryE>Q^43TUh;S^O>aFhK0DaC|nmx$eI zAZmh%ThuK9|2+#``+Vsr=aLST5EQ2oEzLtSEOFF!Y4CNYrGvWZbmHaVqDuy)MWu>K zES{EP?14N>5AaiT+NHoczf)Axo7eK+saauGo2?@)kG&<;`4me3| zQPm&HJiD}tu+hPzvK!MMi#pzCG$2P}$u3aGaxuj81_BZcZIK9z0>p&U8e_>y$&33A zC`Qw>zgcWGV>Tb9={3tGO1+%{7UZ1^C zRuwuvMBfsX-DP*bS@h%(vOVHMgnv@;l-F7Z zCRF*#`w^=0Rrg|f44XTn4ZW&PzDuly?lRT3S}f=@!~XzVCb(-WUt!*ScvII*- z7nD8t=V?Gw&6hN-Q%jq2rmTCYEM;cgvgxa=r%@38R#ctlN0qGHaKCso0; z{!7TC+KzI4QInR|XX}f2(6tYau+|Gp`5cH4+`}h&2QWBH0z^ zBRw^wXbI=I4|98MaAxDAjHZ*g>kdDDJ+fe%L2SRPFwf|^L9w?A6jali#cu8*ncw$( zU6s1M?gD5{vwf_yzo1KVk>DJ!GqwhX0idyD$p-~K+D)_HJwR-!@XJ;4A7}PW#?rvl zpx{+q^eOTwtu!H#^VQc3rxSj0b+SOHlH0Ulx%B-%KL zVc{Y%)ISw_Z_qZTO1p+SN@g`g~L0NVyThx!S6Ri*->mT!>CR1so!4_!L}p9VU=er=-Qi+z6w zA2oY9e;0n|Z4tCkyPv5itM~JSj2O1ynK>Ch4a1fkV21vxqMc{_=1jUhufFk#_flGF*~ zAW0lTyGiQgSJnT&LgydJaUlhS$hJ(g^TJG-!S6SuCJ6sHX*Z5i|KRqo{5y_gRPv$W z;u~*fS&!&3`TB;NyWY$oaaG*Lx42wg{K%P*K{g2TUq)}IzTY)>94ORCtgBX}xCeWi zb$;S#NS;YM%M80J%{8LYzH8>9%y^c%gkV)9@^v~Y|0B53!M6}H9~&KFrp0!m4jE%F z4*k_AYZu16mc1}6#EQ6!A@x8^d!s)so(8k<5n%VDMLFaTg}Tlv*~rBq%pr=&1)Pug zaML`(u(goci5xN#>Zs{*2^R#V1hVU}|AOz^UvTu&ufLQ>ZfXCI^hSi7$qDCjP7x@+ zIby>LOEIPyca|SPaX3paJHhf59k>7e`|$hi`*1?g5QrZPKi!@>1WEl(&V5{xj;c%a z4pnXYj=if@U_tGi={W7pP{H3U|F0}ZzFw*sv`2_Zu4`6;OXiS9O&^Ntm%e8l8(ok{ zKHt+=oOhDvg5-yPBSDcsmjpRpS%?!m9&s}pLXf@`s8IOL4{E#2NoBNRb2B_#w2%E# zy-&56IdaLzs$)DZIK02NqA3wOhlp3@i&EX48$oTuUo1r7KPR$C0gnCK4kssoy8OBP z-SkfYiulUF4QXkX2!5UYJdLdqcfID8y;`z=XZ&E(w5YdeSr}}#+lqZ7f>*)Eu#N@| zV2iz3VO=CeKD;&38^7(?P=7}?bW7a9mQ3vet~7_FRf4H2QSu)#!|;aQR3QTeVxE|- zeQQK&WqgBo?vZlO?)LWHmVevp`<#Vs4Wq3#>6H5l+0?cu%iQ#rqY6|d0X1TLc!b%V ztNl0LN8rbrg)zW!U|Vk&KwRo4{}H%;Dlx|Qql{p9tHmO6TKu;JFE8(JdhJprx>rD+ zub)mf(3Z2^1O9zL6R7B}`2wJfZ2@w=iSMIYlU-3a_WfN#C7q>?L0{ROV#mrL!(84f zu#!mm%=~aMaS%HpI+Ah5av-PRS75P3M^aE?P7Et)Yc@}(_v@<@lRuxu*vX4GW&@;Q zkOU+SwZJ(AzfQh4G*``U{nRaP0ChKg!{7V6er+khYppFQ0b@b>(hS-N;Y4%7`Lg#E0HUpLB}Q6$AroBsDV_E~a; z$?n70DzI+nxgK6meFD9}`Gs>rxT@ND=+5RS^Z#QbNzC7e7l0fiAesj~c?IGJl3<>6 z#N-V#!v!KNpNr}L5RIjJ>?(i8*~0gS?^>AD(wh$L5IODQLP&aS-qYA|9ZQlVF6QLi z6T6^}jKsJr7+mUIFez}$Tr3KUQ9Px&SZcI6`^^;;xQpA)#H40JelE+R(~VbGKOTmK zw{mj4%0gaUht3`XP*{59EI;#z` z?bAw=i^xq@u@psgbOW4U0%!k3V0>iOgXFXUJUMj5zZNuV+O`46%KgtDh8_t_06RZ8 z;QH#3%gU@AOR$mQ2`s)1sILO9Z?5a+0noHp=Xp-Qz{+WnRY%_|OE!jsb>IlS%4xHF z48PQG0+A`ev^wxMUsU&(UDIb3yC-t*syyubt=>4XL-g(5IAy(%Sp5Nac8>CsfF567 z-~aAVbN!Fv_D}q-p^i^{Hr5&tM4$$Lf!9+{l6U*cGm85X4eeLhQ&VrZjbR|GlolSn zqw3lHITu)%i)utBIw}4l5z-Pn(MJK$e^`hcyvDg+r&;&wj**Qb8L3AOJ?bG6va_6u z!Z(7IyFJau?+!YHN)$Kcz;w^DG7Z<9R1VbU2LeY?$S=#fPJPEnNh?0Jv4HHVokXv4w``6ro7=LGF z)TnX<`fno+6{`2|=_ZqcQniT~W%ngPKm))v+jOLc+v{rN{gOQu(W02xV=D2IF=ezn z+P~e=g_(4EE!bAXrAm);35Oy#+{pDI#lW2rJ)L^S&e@STsm^7%;l1=tf*3S`OUj_Ghn|7lo@KG6S>yU z2+l333M0CwG*bRj`YVbZ(=IF=!}?IWnS_4`RsHJf;OSo>;2EHlz;pS_2HKrPbBTus zl5eDk4%0_5I?W`?sbK;wy30u~Xl@KXK~hpRCFjI;eLhelI=!JyZJdWzSV3J4BbMNx z>lv(~^(?ydIljnI!c5UsZ!R~wxw@mFE$yI`wX}R}%J5VcRGZ~*NYcLH)S;Qgdzf79 zR5A41Kc=eLrH;^4T;YxKgHn%9j*kDvM7F%zx)Cz-3^wyl)o}qOn1f@qxLik;(6BtFoHKee2ctGW9F^OB2c5i( z>mAi*=uoRo^@Cwk?Fd+G=c0wrwFC}o)%@Q)t$uBKEi}k=YALc1anDtU4mHN1cQ6>NX0#G`vJQFc{j z9GNxi>?YsY%D`vZ(9oaXVY;a~(-Bn1FCG8#EDj`Jy>gXz6!Pu!hAqI{}Uk1ph|2IXtCgKoL zcp-lo(v-KgBT7p`Ve^A<%ycINM7(vtxn^?5mt{=3o)O-rG^V+q&gWm+xJw#9T>CPnHs?*BzY;0x zNVsB`{7;nNpD*1QyxTM+esF@2{B|D(FZQ|hf7f|k#ZV_#pDK#3&o_f-LFkiVPx7G? zI~*hL&YFIth(PZE;Z}Ek*YlP1PtH%m4H!udL0M%>*pn%R~IqUWNy{p zx?q1!JEJuZsd=Km&Y|ElTxUKY8j0>YAXAmBt`93pyZxSss$nLCJ+sC_2V88VIi;t0 z_8y<_w;Tz!y?A(X#6ApoYCIGYm1}i(^tr>3CBI3GST_7x7WEWe<`^PLH0MXo7PNO- z54txHF~y|zy+Nnu@F|^osh0S`?ebw7maGCshE+wg-zhuHkz$VwZ$DRQLXgUF$%=(W z;0^OY+S7kvy)k3CZ)D;=Jf-aP) z8GEq~zqN)K>sX(jw}KacX`$tnTZXCu8tR+SGq+xisy0cW9MP!qOI(y%S>qfGHliD% zsu1^xpCE-HByq?jag4y`@E|d;R@AZO(IsoLqA!pa(fY0Wr;^u> zWL^}anTf~+!RLk=0;)t47^Bhxmh~v)5U7biW_;fNlI`wEX1kl7_jW>yR_Z*OW+Y-v zpn+t6&ftz|eb4%rK0W4iHw-OYJ8Eh3`!o{CxZ_!5Q-M9ZCtTJ8rn(szMDv>!`aoeN_I@X)9uS)rhD#TR(fzDg@oe!t z2(H#8zDT8)VG8P4xyNoE;&l-pCKv`Lf#k_<;$Zmek`SR>E)0`P>BG+-M!RWM@b^T_ z)u?vei~z;Tg1L<1nuor^Mydv43NR$=$W$uQ34m zvDyV@eOq-bLNT9}T1&QJF2EY3fMZsyAyDCuu^3QDL4rnY7luUo<4-JNO$Qo+dyXcT zHI?A3?3#H}g#gbh9R+rTzISsCSM^mP-XZ}=Te}zVf zMHWI*?!*blV$T05IyC?<#OL&2ge7LxbBYgRIr2T60&i(ZNk}59e(tv@7%>vz8vm%7 zhDq+SuAVU-7`+*)*-(kF5$N>bFLMExs}Z}38f40g)J{0a-OHA{3e09EEqe`|>wOM-j?;^Ap%+#00G9|v+#8_CJ^N?0jc zBL>d2gln3VIk3UAHJH&{W-iXt_*I|L5?>IO(OO0G5qkDKUD649fA&{j3s*= z?E7qD4ES`t+XMgZ2}^JF9%`LpT1rV5oozRZNi{@GAza5`ZD=?KKf3=5xS0epR%}CN0<4BL31`ea^gCwX|_TCSk=Grd$V0 z>l4hP>e!Y^xZI~T&~1sMDSa1$bEc9dTjy~n+sva%w{NwJ5cye)WKx@=R|6fUh<+`L4=1#QJGl>{=lHodpTd9EnAI4&NC9_sbE?k(T(rgb@qq!PgS zpnfsro8l9`3jT0TL1A*-un9_KXaYXHzPEHGPs^L31~|<=B3!Js9(&zO{iua(vr5fG zw_1g%t8c%}2@qVv(y59IBP_+Vp4)cF_qyd>GZ+4jM{)(%I`xG)Cw$KVVz-%3^PdZq zX2B9v9N3I@(;|w6$sGxO;Arle=u_g93yqSgJP%^8@W{~EK=7tuHtMe!H8`Uc5#f(%DM5y)&k$ryr?@r;e-m<0n5JMBvS z@NuD^;^ujb);`c+5o87*cTZ(7t;)ZYW1P8ho%JPK)vpGS@+UabeQ?D^ZZ05$a-gE+ zQOFr22u_ZzN-P)%(B4v0hyfaV! zgJi-EVh+mId+DW10)Q5k%z^FQ-946l0p}F6!uK~Gmzz*rPBja?E>oj7X9Z|fnnPO@ zwi60#pn*bCIiD0>o|UQCimNG3rKpKN;ms8YPKq}i9^x%ey*{wVwu`De7=b*}{*&Aw zBK)8?mbg)usO$^vf5feJQAqh21f$ZE-U2s))lU}`np9S;ZmolpJ{Hzv(7cpCn1B9E zjgz1%qb&8hv!RM0YgKdl`dqq6EmsDcqKFug&0C|o<)RIWPN!lxH11an1;HRvZg+4v z+mD$_mwm?e6YDno@CI*xadX_YXB4OHJNIY)V0slvqzHK-1<4vkjEDN$NUcXCcUlU) zD9Pm^K*{hP?%smTQJnQSg;&z-NC9UevCAx)u^2en@-t2wL`5Gt@-L4a9f(+7>b0!H zK~h4cloOj1U7QMN|M*5Juh}*0-4A2it(N7tQivZ1C97ZaU}p_l24-C($x5)AzNF

>qCZ+vzysy82e&L8N)bLdrOfA{{o5wv z%jPKgyI%6UHMvTK5mybS#Mg2us<=lnO&U=;Io+_MI*^!Kg6Mo~ugq(Rpsi)?*(OW( zq8XEtF*Euc$g#hDg!xhk4*y_Eqorok>NaW1(`Ii9%Gv+c6XX`c(eFPUPop5!gq=c7 zpv}Y0P(P(4_}Dv73m?rSJpI%;i4dHa3WBNonjQxp{Rsi_5DqeBZI0_jY`Or`u)w{~ z`-ji-S!_;|c@~TFK%L*e#lIA7eO)bq9TTHeTpo)Ej7tgn5Ya_VqQX7UPEY>tZzbIOL-U6HxMV-@)lz*SZ$iyKVC^UFv7ghP1KHuojD8FQNUlKYMxP)9lh zD*ahI075}<<-2K$swlYyvfE^K_KuZMc|dVJ6WndubuZMDRf#Ftr4Ao1_C`5$cj=wF zBF$X-_Xo@BL!VvKsA## z)Xq9|vGU5OwWb``rEQVmf3m^T_| z(sN@bN&}OPgs;gjdYbuG;#8VAt2tW6a|lITkhx(H2BNyqGh5mwNunQEO{bEvda4!8 zB8=COd{-BS##A>Q&#>2n*2%>_4~m%MYNqhEw^utLs$`vbZaA%brmsj+q4G5K_X1(VDF8;zk)Iq0)V>LR(e&*ua6kGMt%X z1^R%VsRd0OpWP;tq@{IlL#A+pX18_IXq*8? z(uTL)Q|Lx`Ty{ebIP>6?C_;#)2mBDXH)}L9VRrs9Sz~CW-q6BFbCQA0P_Ax6aB)1&MPCgQl=@o2VvlIcaro z>n4rw98^v`&b5ZA9a-?>6k?VZ9sUjMFx0g=g)tq_#-ZKrVD{d~@!or?vCgLZv9)A& zdGERAPbY7R&6A3~+lJWc5ijo8`O*Tx@<&L0QD@8p)~&2)6AB)=4)dH6+|!*iwd9H; zHX;AwQdWYRGepcq+GUF|!PEdsW_@gUkc)ah|JT&J76yTBQDqmI-Iq9YeRF8qpm9Li zQV~LFbpclRBA$uGGOaHukGbyeTdZ)~J^R);#$&B~8zzj3vEoogcE|L(Oe3)_iUbc) zXXGhqCCWxsNi7V&2_aQvckR&d$ob!|GUE+xZt%Md2$=Afe?->x-3DF2E#zUQ@tN^U zdqi5eNGLhB(X`TPeN$nsn)_U}1KcpqSb6m{ZfKVSeP z*7ened^=iNT0Vc@2~U4r0{S&)%*vp8Tkw*?kJFwg+Y#vVL|~AANn>6UN}g8zowN2u z+_nDBp3?uA>#Sol%2R7dNX9IpWuyOYtgA@FSmCCX9=N^mSo7z5Or(3q3ad}l(v+S((3fD z=Q{L)J?k-}?)#E-NU;zf_(b6+><*~$U}&(df0|9b^+q8Klw2O;po|El-`?{>ZzvCW zecdkqapxpjEn^qk!0Ix8A$#hEUoyF&nDFp$+My9GaAgU%E5@T+KKyfUhZ8wEtdGf@=CWZZxYEX_;Okp^r64yfiO=JlfFyG5?AXA$^y#RmuD~=?uei zn3d{FooSc|7Zx4qR=w%z%zd}#=h&UlgRrCNsj6eKMuk^%=H0SAt@EbM3qi{i9PMe` zZan4t!}54KBK$!K%Vyc3UczJhINQ}f;1^tUJ!^HAfuaDBf!}6epjn_0UHLFFEPh*l zqEr{MO;fKAvW#MOlY-?E+wJ;|2RHbav|r`;t})@}5$cqm+KXmMS6R3c`p z`mV0eI79q8|He1|=@pSRSaLsB;26u};E z7ecEZ@4K`A_ee0S5p5>-A-H0SvkJT?$JI^U%QTI{jiaey>bMszFMO zOHf)Xvy(IW7s^9n^rRt^NvAqnBt)dizr;_)RDW_Yayl9$Wa+30%hHMBppK<_RpCWc z<0_grMpCXKS5XgU63ja5an}4ECCk%GX-vuWVH-}J+?8}%VBgR!Ep*UE8K^ufea%SI z;We&peDuL`GaTI>hgS!w0=p=^qJk7-m%2-&6NvsP373+?G=$^!DuOfFtCy=Z?`uKl z#XeP>#q1Zr+|ATKd7YK=<-}NAHWu|zruwS z4cAlGmnGYyrmW*`CGO848r02%NU~X-Fp>9zO0Ah?ACFCv&88%yPcPv$>4Fn21 zws#C30FgA|pNU;JJ*)?O{hmCK{G@b`vkTPkKeJ}~XSkj6A?~&3*#nDDT39ze{|c3* z;>oMG{FrOr?x1n0(8XD<{Gl$=)s`}O{uf)G`3lVx9RVpkY6AfZ;;N}JejZt&ch<3# zXZ_vGNlA6+xVfbwZ_ZwGS-0N>G#9L1Ct*ZkEb7hA+b0y$^*kLxV99}Tpx`goIHmoH zcUcAVoW#JEOXQtp8}CpY@p){sAzDw1Kndk&|FjqIS0V> zYx=%p=5gug-#cdr{|(G%ck_J%YfE!@}_I=dT0G{m{5Bo&rX`6vEg~E(ePd|+x zHFJ47nu&f--Lvnhww?vqIz#7UA2%0bo#ON(L}l5fK$vQ>F&mG?eP;}>D;hFzBieKCyd;4>(qNgZ z&w;-Cr3o4Wax7t4ShN`F5D`4o{YT^lrg;e2sE!1rO{-C|r_9iw7>i-P-$5}{pPIpU zZ@YmM^8Xs%eh{#o1kM(I(%D!Lx;x*o#*@A>z8buL^1K+l>-$~wJ&n=47ee3fwfDaP$ zzGIJw0E$DHV6!7{=A|YK(&3~L*P;c=wTB?FqqDO|sFzEB<(QoI_B1i9tv! z#k<5J!QN3~6!2|WE454pq@xGsPw(0HuqbA?ynj9U0_713EJ5;?bPDs4V&R;^3X}Ll zN_i2am(+G{l6s!N{Fc`A+;q8evmOspJ>n`Da(S>WSleLe*w9>2zs;NDXCK~=P9@8x z@bW+JI3!R?Yc28OLGHf<{Sl2B?UpeCjqRzil{1XgzmX}OgTJl?#gV;C< z4=VxHEv&RO*ooOVuSY9dd(hwQsgPQ-V&X1QAn$I#wJ1Weq>Ti+Qva?;yKdD1LXbZ{ zg)IF^MUJ>266!$roLpu?IAkCL^f*@MbMLcn9F`0t#Sl(B9v_P(W~1L2nh0b-xQ;+`X!^03f#C;QY4Sx6m0p zCB1`q`L-}_k~Bukx<8?npJSfPa|d>(|Et|afiYe?x_!$n$j%1WTR&_S$GvNc(4oiO zWyekK?p+L8Lq8vN;^kr^!e<`6k4;?RM1MS-N4D}ObJ|R}j^##nbG?40e1Czsu>r~@ zL!cs|9xr!rKTUo9wa^LS@h=Y*Bu1DQ5hY#28=IR_aQBP_t3%3WlvVYMIG!>kO)9yZ zKs0z^dvuDmVfPHzi67YL(c7A0|qf6!2GSqWT#z*A79M2Q8e6f$bjng|JRMtMFZ=KN zmi)olcQrtidbsbgLj8m*ciFsJ*4;___ONv~ex_Ww|5aL;-sYTO!wT(Y!!*P^tC4zs zJ;-w;tJ_!OHe)qC0G}pZdqAE(w!QboQz`HaSdQ59gMe6cEZp2fjg<~Lc~z;ryCzn7 zquXC%xc*&OD>#n=zdC|?iI(PqMlv6BV7T%lO%PZeNg=e`#QTf)yn*^xyJyW5=HDR; zr(U9zQC9n1))lx%pgo;Xh>hHdDyT5wfsEI&-Zjc8Wz3lZ%Jyk|ejss7Fl{2IB1f_;L_r=GA4>)<{4{`3*^yEod#cYDr%!aPx!24>2 rkJl<8Zz;*f0`$wA^no#IlA30^n!jQ*0Adgj03g1Y*BL|w66F5?Wt|9} diff --git a/assets/datadog/datadog-2.4.200.tgz b/assets/datadog/datadog-2.4.200.tgz deleted file mode 100755 index 7240ccb53a7c03f03f13627975ee0b31b5425646..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 47754 zcmV)lK%c)KiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0POwycH6eLD2%Va^%U50yOZ=-lJDu#X?u<;tEqo+Y;DWw+8u4T z0+En}nj%;Lw5^rqH_mH(FYrCsd6IA7MuH?rQNG1pTO6Z}MFJBOz{JGF#Ju>BL!Zn# z{W+w(y@ZS4Zx8@JBph-~Le^~n;6V-pGHZK~^8mFm>3E28JjKZGf(TL` zBI+zgQGg&rtq?9y7ig+#zzF|@D8nS|g6rJ|jH2Xc^L4Y~Bj!;Yarxp{)d9U33VCBr z1e`hN5$kq3H#awJ4RiiS+arqx_Cy`?U4Lr@_!_nGVuo+qA>tjpn00)A9FQ3qzuvih zeb|n|S>p;VZwU2Sx6uL%5@Jp$4rh%PfPv_%{Bwag#a?3pamXPK5tXIU0^*oEbr#jH{NF4GGLtNm&wxAe`&Q&}?G(;RRtM&}@ zc|4KTM2p8{mW+a|)wnhzz1Kcy@9pd~obzwi|1}I^#2$wMRIdNs-NU2(z1;fW-#OaZ ztpBHYwzj}An!-5XK#>5L5}I3!TU%g+Q1Wt)f(7u27cWq#SO?$)1PIa)EC@wiQ6X8G z#AA6X&k=P;0PHkGt^XZC3Kw!AonIqLv5!CtFfJA-XaOQw1q?*d)Yxj+ zb-Ms;fo9VNJ&l84E%1DfWF_!N34t;XN8e0v!xh`nR@6AR- z&w*g_DQYmnZ_(0;lq{yu!c0u?lEfBa3{SunT7n6h5~>DC(h8t)$l9thMbqxRm>mFH z4WM!Cf^Uv{m%ZcjH{;&$Wc+sU^LGtLR|dD331}naQN*2-D=WQc2q0Y+=)yO1?9Bn= zgd&!75QmH-=nDe#D1x#)1R=TsBt*KSCsV)>-&P|fu|XVBz~L2QAfm`aJ_3f>I7cGkSkvHba%K%-YK)l^)X2(d= z@R{KJr34{(7X)#L|A>*Pp*9On01N_h1DHo5QFTrjX8?vi=<9O*Ir6R;K#<`;57gyc z?=^BkOppOBs+m_l;Vp&)l3Wh_6$%-+nInn-R6pgEiOP{c<6sAPb4a1b#gyD&K3Dq< z5$FlbC=$K%(!t#VUx8C{gQy1?0s-Qp<~9i9#YFxgu$eETxoDV#!Ln^Cy_3tBL&{Y< zP*=_tK%s9wE0BQDe9=BxM35@N64=r>Kuj#BH*W{qVhEUIH*$!PueuMJD7us%Lc)`e zBowuD&&*!o1tj*{GeTwol3PW(C$vyF!y%GlMTep(qGBO-#4vTPcPEI$-A+V_STL*| z5XGKYTTegR((~K?;bd@nJZg*i)D&*flv=I*)Aysx!NvHj_im71qnJAh543=7wD}fH)%Qg%@5`W7c zWsfVF4*C8#roqZCm2T!%_rzK%=^jH=FidAJwYV-{a`aAZ$pgLHx4?vu0Ku?;_{mfY0!j!~<0!zin1IvL zd%Gp0x@14=sA@_5g7IY1Q0U6b39eb|LZ6sSpHM zk6pr<7`_0jRegn)U3v1*q|OT4u9hVM1Pd6+-IYuw;%eH#8SxQN(8a1XEJCznmSDd9 zRN4T7!?#l+YGcw7@*E63)KW48ykV`(D_t{NNy#DN-B|po%Y5_p{r7{5v%%$HG(I~& z9*j?W-w#f|v(6ruy*Ca?H6s3_jaT(hQKS>C0m|T3;#ACQ9nfu<^+4*Jf^5pz%w0ab{=(V%k zC_oFzDDwS2)kS4hv2}3{y}9@c$+fPy-nRG^a>-_xUi6Yd0FML#@`Q*vS*q<)9p@x; z-9(~}0dPWMF4_|NPbFv4WjcCrxg5-2e$yk=0?lv4v1RwW?l(X6PTvp4yWcf)-}aJk zd*9`RcAv}yPiKBPH%^OqB%I<|OkpYo)MKmG29rS3{PdClw7}em31;t_QnFAdRg3bh z!|k>>%z$Gu6FUz(PUHjwUGY6v_zEpdUx;8)XS)vlx&l%%3mB77`(9&s-eh+c6{F72=&OslaHd23tvkttp|cq`_9E zLHYk&r>rf{?t0A7NVfA631WG!T-o)MT%{u5eTZ+tFcq3T$7TwTw34^Azw0baj<8Sn@NyjDVRl> z9vy-zoHbdZZ$h9^@Y5U~nAP(IT z74#J>!4y+;0|O!V6Fx`u21^k@>4G#%l!C1|f#{RG=b=dKHj-7saH%FtNzO!!Mku(s z94^e{$99%t%>h&lU==F(sjpZd%unVu1s*`kd>M^OT{5 zn8CFck?M6i=`u_Dtdv?xR?Eo-fmT#k0^t04sB83J&;KoXlg zt~dk?c_j3+Xl2@z%9f*@f>veqxm^}g>_G6WNS`M(uT?@MOEn`bFRLMk2BhYaOX&}K z9A86@vbUyEualjXH7IWa8TQ8V?{UoF4B51}6_8mg1>ItZ$C0)Aif8-my3?CiUqR>v z!M#|HQl)2mD@j3YTn6XJwrcWF{`VFLaLfH5Di|Dq2xDH2?K{pED6Z0 z6A_=;cTV~iE|DN;9LmMh8=fRXbRu@Nn8i|+BNo|0?6*j;QYq`-z@@yt(jySgBnF>z zgx`x^$pLgJ<6yK{xs*kjnkyMbiw9iD2_Y*Opf`M%2tYWTZ3`Jpp6R~c-8;JLhN*$I z1d+7(9JPelQhUkPJyISykCal9(@g16kCR6aaHbNYf6voYVef{~;wes0a-7wCuX%=o z(c)O(Am0U=Rql_VVV#6gKR;1CPxT8vQFda2a-sab)XNpzwkO2w9;KgK=^rHw1iwdB5tS{q@hZI)ov)uI^7Zm09* zm!cLcxUMW`!>%LLS#4U!P$j?#!P64t0(_mKlNx#}%(6022XU_xLB?+U;$7;3#Gx|h z(Py2QAu26_C}Jdt*E-(KD2(PfoON(GrI2wNdpxG7qw(x)S+*|ry>dZNG*Y%>qWbAM z?2bccM$J0W;c(?xUZ@6GW>OQILZ#Yd%8bRdH;30qY826Qiaficg}yj77|M`rNXZ1P zq)fYPP3p9&JTP%8$gL>FruJz-8ifq=M}k7z5%P>(V5GI#=r$q@fheM6Dm#yEqiaZ& zp1KO5q{%MW$)lr??UOJR66aOrfLP`h#r6uiWCTLQ0~}rn_N1Y+c%o{`<>>q1tamBx zW9T9=Mb|*YFR}Pi@|-4nZvwEz2?z@i>Sl^NEvfP zQLqFs1ki8IiI-FnQ-PHpy?j)R6(GP|EG~SF12i)VSH;7W>R%Gu4Gsb@p$J}q4}zO` zJOJnxdEo#4pZ^!Mylfk-7U)cH*qJ~!|6re26nDcv3M&N=FUNs6fQRYX0 zin>0g$m4`Ai>L_L`k)fvi9Fv0hx4mldrEU^r(1oI6P!CN>Oa3xC; zMiHb7LX*x^i~-YQ0E@Nq>(D~LlxOsv!V@!3e;kytxlM(dRUXf;cyHy4W(azY2UQ9vl754>ZDk+GW*%v-i&-6f_s zUL~8bVEP#kfYRMLBhXx)AD@GkEt2F4~^NHn2`XsFzrCeo}K&oK*;1$I`ggHKQ#vqoTgPZIuS+=6Xne$*&xWBEp2oS>~#gZ`G>6 ziICU37P+P$6Zgzc#w3-Y&Y9W?SZLLuvMlU&bnZ?{kmO{rlL3qh9tmVWmhlf z$hKAzl|UqGWfZdstS&g2o)JEzh&lQv$|*mUHO%+)MTJqzQgoh{u84reX-O7wuK9<)frt){(emZ3(4| zNU0sUWR;<1Yy!Ewf8}6*&vqn%t$+4f|7=)O1VKa*n@hJ1rRL!`2q|2Zr9jrC+4#$t zgMemV#xPKz*_CdNxn&w)53;gzNlpMH(`++I{cV7!;5)DjuyzzFq69cm03`##A^5Qe z7Q|1S9t@~1*v;WMfnGV|GP<+u^c^SG?I0rlOZEy}eBbLAY!n6PJm-=gW-Ipm#K>M1 z2LCP%4rLP*X}@t>2$7}A4kA)d)>E#PdH<+F!?TbGg22jXuh&XwjogRf&W+@h9RI2?3-N%qgVH zM9TOhMig5I53 zmAPty)Tq&bG5(;sPbb3yy!1xA0+_y-J~-IF<85YEoXcKmTGuPi+f8*$@u0R|pCAxH zCOB7sIig}pU9M84#{xY8WBp4B5UjJ6nV6R9LjDdkYm4D8FcV^FhV`sw&8~V`_KZUb zqc?olInEjKD`?V@L0{e~--nkdyxulcvuyP&?*30H59K9btsCe2-3Kq0?2n*$Cu@jZ;+vRURo<~GR@4PAz8U=I<>2D1 zcRD^9e)qz0KfJ%cbCh|leAWF_gh(qu#stWp&);8+`#+wK24~}8Z#4SH`Ni>fFY>~# z7S*iPlsgscO)ASvO+C5tknuwg@B(v|O0y<>kQq8t*bIUf#a*zsv$HS*ix%>HyLWi> z4$F56V!iUY+doVw=1VVtj8(hbpXpF6azW^7eNjzr-BJUt_1rFnL#9UJhpqLYX3&h^ zYtdtIByCO!EsvPcOU@Fd^1YNY=g5zhgu#&Zvl0#HrE+1D|B7>Ky3RU~F+2;!!L%iS zb+#l(jdMN7f>2wt82hLrDz_NQ86(@nAW0?5`KMDHV!nK^0aB)n30N5i;9H>9Z6ObA9QVVy}6MfMe_9 zV4BN0MQlz2zYBKd`zgdhOp*2eD9_rVkJp{K4B5P3DUj7uC^^2}a?RmOz;3=@hF6=z`pfsp+KoH+8up^AhmK$-gKkXWkN(G8(j0fD|!Ix4A>b<&nQ zTLyn)AfSJ$Nl~Yk3x&{og8(onsyAl-7Vvfy(-|^DC*Qme6W=d=)n4Xqy_QW_&XF4W zN${3zNP`zlYq%ON_i9UU6HS7qY&53?)b37ah)dO6iFm!W1-{3juU+3r>dK|-wZVIa zrg0z-p#8HG5UTfLqE$Sd#7l31XLGHh42g`wlNd*}*K)4|CtOG8QP5=YBlemXx=O*86_Ql#-yv;UiK1hb()}(B;&EKsY~ubvIoO39_;hfGQo`dep9{17jbqiNE?l)yy*X|8C$4d8C?nCvf@GD@GHmn*oc|a|fnoVC*3oYFpm`6;U1;i}y<1sD>xw5XSYG+Jq`5L70q+W%ef`qUd< zZmG&W=6JYm><|`E0M>h;n7UaEDGa$l%tu1Brb}}yFJ79oB1Bs$F4EKM-|{v9#Wk|N z3Bc#N^p`t1XeQ1!f*_m4Ft^~fvv}g)t*VTq{xTq8-rX~uq}MBK4en`UP+?o3qF}ym z{l2)h?x)1BDdOJTZPX-f5ni|VcH6rJOH*=2xQrTg31^j>((jk%1hXxXH0WuaHx4!1 zXv?W?i{4_U^pV+c2_9KQkmCssFkhwzR|C%kV35)3Gj>k~w+PV%=1fUGizq-G1xvuL zaHPZ^*=DvX7Q&d2Hn-JEy@jIQwk`XqNIgP$(-90)^C%(mNaZj?3m9_j8Dz6jNHSw7 zB`vqB-^TvqdD(x|GZ;8FrutQ;0e?~3fW!@<{Xmuhk<>D%NVTO>RdHm8X*In<^22Na zE{t|msO_HAJ2wuBO=u)mO?u(}vM}w?(SCAqAlQ`g?)6#jBGpiY+s8E<)wfSV#wo-) zWLf>esen@)rSifLI9#K0j2?d6>I_!CN^xAaT%%)@MKlgjSBB`lh{K*iwitX_J?ciw z1Yb^GtJrrY_Hy!CX{}`F<>Z|Xz08XCiN^b&`sOs55v|Qr#&K5Vl&RZ%I{98^WdS27 zMT7KwU2MCjV+&h_Z5ElnRRh)nqn}6P-toJWGwb)oV08ZeqCc=+4KFWx$&0hWWu}h! z{r$yx@3`L^UFvry!~Xd6y#F@ei=2j_ya&mVc^PH;V9xux9Yss;V5EQhOmbi2bm2W}~Y;z7BEKAikEQ5Gcdp~ycHqkWi-A*UXGPjHR zIObh0Y$Ws0%CT%%0Wfqim^v_)n408xgFH zlLW=fG~m371g>kg>Ps|GdXWZ7FVjH9g&HWoRLj$OjZ4a^>8*c3`K;#GbyHeB!S)5| zbD!a&d;DYUF1nSx3VyT8sDGb$m#H}$YwtF@W!uHhPMzJRy1M)#=jxGZ)edV^NvRt$ zeOxlFH4)E{NNb5iMY3>&RQs0{jJOx6cro3=7MVnt0}s4Ksxx9f*2ZISk4)@?%|`cm zIY_<9c!n%Q(0)Is0C=oH5^WX2s6OM-d1OPFB*5Umlnu;^UOln-%U|1sum9iMgwNqQ zv@zgY%Yg4u>}(Tbpcf1bQ!lns1KV$g=f_qaqVKxk#V;S5S7_Pns#H7QHMflcu6UzD zmNq~A_97oqAV4(fi93WrYH^*KEaejzi#)#RP}i7}K14KggEuz50K~Bw0tvO(Adw@S=!p-RLU>}6Y_#w?upG=W1#^DtTmDjdT z@^0p?FfZ1Qmrr;pz`xBTgO^GR#!;9F)NJ;49S~5z*ZtMhxw^bO8Ys4qb2#3TL!cy2 zEtY}+&7hYUxhcPIO&Vr|S)oByx~jcoB&=ZglVy^#R&v|pac}r;JUHupe>yk@D7?Og z)C48j282rUV6CXaMf)3-8gfwxU7hoqPoiT-i*ZQ8vAmEUbCb@e4B_A5H3Z&_k~mTk z+Hg2)198p(B-F0KgrP*1)F$2&WZK_OAo?iM`3H!d^~o55W|P{(fXMNIJT(nXk;~Tn z1{}4eHcEZ`eQ`UE85%3B$Lc&gmd9U5KeM2|`?ds@5roH@V9Y5ilZf>q4nq~RU>(c& zLP}n!z2kiBNmD7Ahd&NOLovC$w${ZnyjJ)&&GNGG+t{;>-j?$4S`CVJpj9c;WKX5&bfig=Uwgi_N?};NmWr0x0SzK5*X6i0n@UU=l9x1d*uThik@XdU$`p^ z(Vp4~qIBF0GR>{OVob)pdxp+YwEQFibPn~kNZkNBhsAr4JH%ZnGOkq$Bt3<;A66-> zpcSR?1`R6lztpSod@KIc3Yt%KK`s5*g|ie|;nZK|Fsf8#y#!98h0 z$H$D*VoqECQbsDZ`t}5-D#fgf-OqP^&mQ+40)g!Lc-xd$s*hsdGsn@~Su}%e7PD~0 z8CWob&kD1NraH&QAW{qr=_(zwPe7e!a8%`sirq_1|`O5BB$V{|0s*41&qpBl&ZRl3qZun4O=s5labBm}*=%144jla5@4#R9#lJZgd| zx@jzM7;_;7F4Hhk4Cw^s8hVl!)j&emQm)|?!9^;^38@7}Q9e|+DBDqG1^3aTRA+!h zM}H=;VxI#-AHHXUN148=644~Uco);VPR#QsIW`B?{1ZVWY zi;o}cV)X*t%&|8IIP`+pmxdfyXbC)Jr}zR!xOIh=FKp!G?T|vStw#X`Oj@zrfe6IN zXdt04ekAZdeQIny=p(^_>@&EyIKNQYAbjkn`xVHd-p*A^z&#*#4Htb$n z%pwqn90zjVXNW5b)>EO=0&A=r=OL1ZCvj#M%Sh~R5KJjbFBCb&FaVHOP`s!eM~%jL zD7VcS7OM{V$5~fJGklk1hp&Z5%!xBG>Li<}adfnyX=q(?m@9DC?dC`htUkn~F# zH7F{Q%_Dz1XIYoX`jWGU6c9`U+wj^u)RsRf$Zwv_O!>6m5eE z;q!)4%Yhq25m+EPlQI7^l#d^i785I&wmI}QK^uJf)KV=ahNat$Nu0@MEcPUY8V<$o z7W0_uFo1yS9ilOm|BA8JUK)O^=pLy=CNjvSjFu_Wj*Hd;EOqjJERMkq6(Ez&P#c_t zCV>w_+ty&9kW-x{g~KZZ#26zVg(c)?Nl2Lhh?Z%QWfeU~Outn4#SABzA}G+jc`=jC(K?MUA+?i7s>0z6FE=L2)$I zE-QP9h@xvu;-vXTrum85)(_hv^Z()A?$PG_{}j*1kDaf;HC}Y3%p=$&Uqtgi8eSxwz<-PJgpfj_~>wChLYnR^*xID`%tWVkyqSO-n5yJpav5IjgF>g2iffRIEo{Kg_FBq604~h|FWRbD7mHnM! z6lnV(sj@cWAZFm@L|LC5pN&LW8T2?p-m7+_7y3nu{Zvz*45su*PzM=bZK^PoIo3m& zFi&jkTAWkm^^uZkT2e65W0Calg-l9>L7;nGIz_3>X%WAf74tEf8B?aTK&`10$Jk^^ zO7y$m)~5~&&txPNl&oGP!8P-CZ3H8VLp}w~FInqL*33au?XE+w)$2^tu{E(`*%=lB znVMWpajKMbw5gb2S*lsu9ecFZ-#_Wr{*=av&_kg4KboL9Zr)*CULYRRPzTdg9a8R4 zsvjn6vGz#P$0}CQ8yI1wf;r33>=%L%&om`zm5lpbm1jn2%~~qsKfxcdI7&TPccZsx zxw6OBq{1k=Ldzz2Sv3l;)*1$f{_BZ`A){853D#XhkrT3tm2$`@^;XbHE0cw#$Qjmd zuzcO?5tA-mQA9~ZvD}{`Y*yoxP;~*{8=km^O5S*<F=B18 z<>|`pH<+7t1sDxH=5s>vKc(`fef71pb-UheW(TIS>;!RWDy%yegeg{6?7HHBgstfF z?!j7}&f4@5mhGnKN!wkdoVgQ9k;lP@N^QAO+=+w!2hkHt7Ww8|u-o1}T(MB{5Cx=F zV{^FH*pyO#RcDIZ>%qZ(eOgHD5P%Ln444ebRn9z>?&zHMDOS6^nXa+cpt%FpaCo0G(Q1E9ezT}E}cH>sLX6G8x4vj;t;%bZDl%7UP5xv2oPi{2n z|N3kD*9b@GR|Rs6!Wj-xy&=xHaz~KQD)Bn8Q+1cCZf1cv8^b1ZdXIqz5 z-j%L(Ju1jF-N3tI^VhzVxm~nzg+sq91OaV;)>t481<`gJ#u!rXwQX^Xq#+DUs~SoJ zsLfOdGn=De(Ps0GJS%iT^W(?N!Qj)UR{Ey=c<||yid7GzD7Q6gpUWDT9%T?rhVyRm z{@ci+`l7U0R|QM)Ta#tBwjRCJ0ItoHq@&P_qI4jV>f+$vO${KsskvUg3m;qFGzNGr zbJdunBP))9%2M_~8@wI{Wv-n;yM~m}1{UL$kdndEB-xPZ>X8>yG`hmk<>}}rMDcW) zSY*nW16@!~xw3!>Bl8Z2co8pT5WciE^HsfGcOxj{|5;DF^hWwFyFoSo-+jHa|2oV6 z_jZq7?{E13Q#`Bqf1bT3f|2d^RJI9Z97oG}f5cKwpE^)EIQ<%oMG@|X_dhD{Pd$1q zON~mWVcB--{U}C?{0tXCW$ncI^G|?7U&!tU8jx{)lO0+>?#)lF>6U%G8`YQ!8nQ)+ z;t4X1+@qO0?U|X{&~kiF@KGh=MMqy>k8wC9vW<0AqHGTL4v$#8Fcec^(WYAT?UD%+ z`kQvxR9%e%@G>{^IZ&@ay9$S7&jr9xqXWGfkp&XCF30_kA8SF=^6{rn>qtJTpC3OO zQ@7@-H6&Vc1Ts)Ht?|ej&^>AA9`%m8c*{z@CUQ6Qoa{x@Dy}oF&^;X6#MqowABn zs2`gtq`sCD$mY#$&}@0l-%?IWXUq;f-vV9)S`-x3DWF55G+$lD`7Bdk4N&4No<5fA znE;hj)|gVM2asc4b%(9!+}UYrr#GOEm)FpuI$x)FZya*9J= z&88T&mgsrg?|>FxMhHxSOhgS{eAQ<27lQp0%3p#1348)Xd*BNVO1uftL(P6sRhO2l zzu#HSsgI@YsqgJIi%uQ$ zD+3j@eem!94mgRuxvPjB;Zqbux5(3)W0f&}^@6J2gNmz5X00iblMMMNooF%yBX1Ia zpk&d_yaxI%@-13kplSYFrMQ{9aBgR*TRm53Db;nYE3|ar`u6?zgNw7l72Br8MACKQ(oYurh!@4(4 zNgk3itWMA0j86wY4eBD60IZLi)!N`cFE4uI{`uJtCvV2Xi}RmOjt3WR3do#cnr?7E z4tl4TKaPjz7ne>LhlhuUcGayU;8f;ll!MwoeLuP!T#S2f24|P!lu*Z`!NpG}edU>6 zGF-0c}pj|;=PGypl$hN>pxggLuQ~_O? zi7TCCATJ?5iOKlg;IenzyA*_YdOGM|o}4?zwhNjv$X%9x2DcGm2=q_;K*r`Q>wkZI z@&4>=a8cFyri>r562gz?BL{W6rd}H4Ij3EIQ9^}4J7(>O_$R|m*Dj>r1c*bG3j;wO zQ&iHy_oKo1`25Z2vUfRh_pLB?R_)=%d4Dh(ttO93D5vLdMt81kg+^Yxu9y%v3%L8F zM96E0#7AP$m3SQHbfnknQlZWXQWVZfaO=v7Ze3lac(_{H)=DQFPDy5PSUgd~Vr!)` zC2HS_=a`ozT)XeeJC#jlRV4+G4&ksGTz;o42=_H8Arr>Meafgj)HpY-)S97PpUg6t ztfseIWUG2@WFvl+&|N+hQ(bb-M5%JZ&g4^HP0C5W_3YxWugJB*)}{rv?v&-#TaL*p zr6rRvUdBDCe+Di;0pEMf49G$+lAw`whB677S$iy#8jiut@r^Ao2xW?>8w5zGB^eST z8K4|d5FsjqTd3$|*97~<$UO)!!z4_%WtkU<<6hD?o0q6aJ;%~#ail^F;&7&;)~eTo zTja$YlQ7Gm<;BG)b8BL8kK+AF`rPY^Lp_{CBp|cpTOnpA zpwhdKXl`+54&>do;^4m%9D?R{vx=H@1G+AA^aj!e zp(z56=mYm@-!xE$K&=7Lj_no#UC`97`sQP^et+tLGn$!*;%gkB8S-7$yP1`nlvKT& z6UNU}W-V9Mn4urj5^0s;$+6p*%_OolHHRn1nyl0W*&di(P;RPf&l5eX_x~IX_esb&g;?5{ z8`q%ZKw4HbBPt}kkVGhCb3EnR*?%J(JRjj8X3_(o1(>`&@9JZhjt<@}(^hor%vfZ( ztT#+DMX}WYm2*rcnPfib08Ry19CCPt8vjG?D{`k1#bh4{t+6i=S`1c`i%6cqLTqFb z2LlNZif1?kKH@svd5X%KyJMyyo#!&iNz}hMIakIrGAXM}hccvOf%qK74DdN6@oWwP z;=w=wNYPkpU$=3Pv3gWzWlr-Bh$!(8V?YNZXxww#-BT^T*Exkhu*e(p4}c*VEk`Cl zmG&?)wVh1)x219Ecogf%N8o=*v{ZH}85BVq>gxSibDaBb%Nkcj@-3O2FpXa-qh+cL zsn|1uqQb}$bQ(Dcw?0Zax!6X@B~aZ%o>JXxs4QO;F|OirMi}`jhk$rTRcQ24zu(wO z>FgNOpX3Y=gLsBRZP1u}J{k5+7IFD*n24Z>1JZg@tM2&^0lNLkN}i{s;+~%qGJpB4 zVaazYvF^K=aVbhQj2Y$yA^Zn1%!;*XgfpU_&dF;eFt?zVD`XOO(@efZGnO)-B~9pD z#l}}T5Dk$N3VtUs4PoGemtsu@WH!U$>{VmSWbq(W#W4>7(t-C>j1U#Aey;Lziv|Q; z%B<^i1m2t+15O%S@<)I}#J~gz2JjLFjOft%Iw7ZyjxI`VgAdsreh`QhhgD`pgW*gN zrAqm?5R~!F0*5V$TD*K=P z!@ZpRf3&;5(f>WkbC;l^#o)=#t6&*-ujJxNz`36lP~vK}5&j=u_*WeMJc573s9~na z885=35;@^OIgpk6fT^N?g2~YV3cW1OCVWI55QU-N3!*tZix*&jucCJLvPT7e)PH{N zmG(TJa{jMU@jt{4uuA{)I&c58dvv(7;r~za)MeyV1_&EQ{%je!xinA=U0cFP57DeK z=em}g$)rhzjk1u@N$+=d4lTPFSx$VB?;=V#@kr1Gm;IsTX3$tS3|;LgqpOT(9)fmr z;VVD8?adnIG;0{?Y?kC>EXgu4sVus~biwOFCX(ypta#`zFcSmY zCn2XK2tLQEPmpMN2^O2>zghlu<0e1O@;x}%mk^cf<50f)dPhbEcInZI@_#m5;{x8_ z4s50W*G?h+`|j>W{(q8ZwQskRkM@l__gy(@;vl|}`k%zG>*1rZs!3m`x_$e!vB!NL zkAwebgdCam_?~;gO8&oBi2uHSxXJ(eBu|z8M`gTzv@M`WXPfQd>9+%GeV1+qMXFeL zKPZE+*%ChUQ-}ZK+5I+vRs6r;|FO4wxW9@2@FY(a|JSrJ)-T606zJ?ZlX|N8|K7pw z-eEre!{N?G{(q9E&i(I`By8GT1Apd(O*-FWX{M%fI!W>~RRzk+6?HH;E1IGBLE*Tb(%dkF5HVA9O%=S`MXOSmqe_1I!e=~!3epD2fl2tSxgp#nANoBqxJ zXnSOl61#Z>F7)K=61Gr51H$jO1#jHLE=ZgGK}z;qCaB9cpgiTpk|c-O_TF(BbBjKl~?)76m=T3 zc8u!>kTEUd=xT*e&eS{QV46kLR^wC5n0A*WY-O-&MaZq4xvrS6dcAyna=lb0u(MjI zpSi9KQJ1&9c*>mgYgP6`X7UheTfZMLW&9tQ&vp5`P{AG3-Q_FSn(p%KQ*KG5JPVag zb*s`(*=6&2rv!>On9s|$E}4}IxRRtP%k>$`XIp8>d39w$DcOT_uWIC+$}hQMvZ*?G zAf5+~aj$ub8PZv8-l;ElPbXK~rnYqb9KSmmjZV(b ztUvBIV9#J$S0QG9%=5sGvGj zZ(09LGPwSagZ|sfj9rf481ANOEV8<32Cw1?8l%vU2o5=u*+$03rL83Ymx6wJGP)d` z-52Z~hCO@Qv&x5rgO?P|(Cs_Oy*X(9*UMjE>z}{L|L?T^{_C%;-#+ea?|=PCzxeId z|N8aU_N%W}7kl+ZvkIM8MSP|Z2cY>gi7EJCmHYrO3;*x``G2?=DeSkw2?vXqaWFx^ zC%nZ_1gQ+wES)+TxS1o008~E#&qW6lWTQ#%yPWib>in4{Kpj^ynpp@Z8fAhd>feSXpZ zaWJ~P=v|&)j0gWYJUzcyGxuyR0(SXLe|6r`wA8~TfK)IaHuIxVSglU^xJhIBSZPev z9OUztu9&i#Nk-SYkj$pH^h?J@d~N%yI$8sRRad$ty6l!Hx5liw?9JR1y0WCZp9#v( zFE47zRF_Tk{j-iboD?328fwwPBXj`Ita+}nhU+iil?i978oNiD%OZe#9Db=jipu{`V=K z%5CTpYcZ;B$CYa-XFx_2A31~YL1XVy2B zd`o`U(AAAD*aB}85>@j6bhCma#Z)8r=)}s~$2wO&Bz7%zUDZMc6R-tN0D9trsgvB}$3oPby6mslI8e{2RMafbLNqC`azrQ#&6J$72Q~y-viT`XCd$el*DI4lL*l;;XDdWT8 z7>ni&}tekoill!e)iSu;x^9$Rf=q4Bnp{ z%Q2my5K%!C&~PYla$Gv`N&S*V)U+CN%w;u6n*9X(DS_R2IX82v?H2Z%P71ANEssil zMMJ&2QJ^kh{A9`rPjy-U@KJ!0ADR&F-FQds(Rm!yz*Z6ZI+lh7ER*sS&9Gc0nJnKq zl%=H}4re!LGAHCpQIfVyNVypJMXu9rJ%HP0jJA{BY$pTyTV5o{2>{@irn<;x^1}l( zFp)(It^7_VOjRSH{JYRx0TPTN=0I2MztcEiNI7E}uV4K$b^3QUVeiekK&zX~`~Q-{ z|C1)(&o%yNY4}sCmQ5CZu*t&zS6YzS1Sb!q!CCjH^Ax;)6Y^=ZY94CUbalEvv1he} zcsvuwt%uy)+zmX_4XpNZ-NBqP)kgH6H~3a?dsjxakw zwS95`(m*Z0E4*=wUXo=KW%=bA_u0CxySedMIV<+q+WyVwZ$_8B%h9nN^Q6MVIScQe zIE5rUB_0eeDV$ERSBc))`PumNyx%(=UtaWn_~E3#2Cn&b?uj;`c!tAc#I;F6724+) zCvQ&9#>a!pjPrCItnfD_5yIm1OrX;4x9X+@2<+EMiTifBMUFM;EU*GJU zS9WerG9kL&xktV^g#pvf&e?4xAB`p*J@C?O7_zcF_Byr>R=6~=KMvHlSFdt(l}ADc zs_CDfUG`4S1{Vo6_fCs@UTw^h-LS7nycZNt2BM%kf%l80>*D?P>yd@~`_W+h!^vrp zAZsD{p5buz0}fCjSe1hTCy+9(;YDPNq4Er693CF(zz^$gQZYj#;$0#Blk{k;+@wb5 z{kMa4Hh(4|4Z$1l%b=KruAH+Cc#dUaL93agcMtmYI8U zEjjltQCNJowue=t65uetZRY8X#v#WGq*j=Zsk40<&mA;7;#}2ff|ov~;AL{!N!P1) zh3Gl$Q#?u*Y!kF4-}C|m!^&}RFXh^k?Cem@(JaHf9+%OpA!aC1-sX|2BYzlTvK-mh zqXI*YcC>D7xnfm^o99sES0+miL1bLuWoA`wQEc<$cFRV_Z(;88PaA6W*3Em>#E zI;vFlO2<=h4-vA^IkEX6>h2$jcy45A9A>HqWEK%Wf_z>w*#Vh#v0?vre$RcPQzN0m;M%`0$n3jhzmZ=ZG&`&}~+wI?pEvSRAior;_U@gNi8-cnY_ z0&*3skib@km@3sAx}!~LE#~SlQ{}2-cf_fKXK$iVb^oLDecbyVXvO{i;oeRm|J(k~ zCjaM?Jns9S%*{?Sj}N{dQ};l+7>Fd9{9aIKh$SJBWs?1?>*VIX5Seu?(N`uHG9hm97e^r-l3 zPeuQIo~rX-VM_1V#)|Xb-rnIs{`|Llv^oDh$>To%*)yL#{@Gui)9H^PFP14UNyyPH z*JjNyf)gBIj?*B<(3eN7(a$59qUTJUr^F8v0p9!`US9Onud~5rTJ&VtAD^E0-^!zu zb!2m>XVGGUd>{Fp2@W&-Qy$^W8Lkemm5n8bs(T(w?2YG+r;?QdZgz94E#Ky=RfxB1 z9$an6<>%INnb}8^cs6y(A42rFLNr7{M;5y8PWw<2z=K|xEQlWm$kqJ-PdeGJRe}fg z93WywJL#8_(CZs9;c=d-{hw3lp$G5+Sh4>f9PI4p<3GOM+uQ8_Pw}|-e{1Hm+rRbU zIqm*;)cxAsd>)$LJVwt%?<>(-rS)CQO9DoVjB$OXuS34DMT-uX29vO7RHwwdzy7~U<<~0^9j27z}!etk$+XU_ob{;m@tuXf394quwA^+Q3 zFY)K;;Bx%q`RKCPpD9LxZ}mm~)^{&5Dr;M8V<*Ep z5eBj;r$0W6MAIMt71K+9Ofs#Nr;=Vff%NJL=5WSxbavT$GpcM%*7+0sPH+gCpt)Xy zA@Pw)3e#hk#l|fnKRZ7jjAd5-(YQCtq4h#;@&7+Y!a6OysDW5S{Cao|&yVkdRuO(p zta@n-mO7~Q&d$y+rFZVy__S)_cCS&%gn=&~obkKC<;6+Anp>B_zSmf-LQoIc zdI;uV-)jU*1C6(XkP_IMIr<@vwLKV+NC) zBBUCurS!0UOOvKV8y8B5T}OALv57-`+wF85+L`)_nF5NLL93~H(fEWBj*voVJq(h- zbHD!D1kFy(c_#s?}8qOtNypY2U;!vX{q?}{D1cj4~qW3 zha36tNuDbCFF6nWwIsmkM#~?4^{ya=^hvaAoroh}>jHT(WeBu>Ak;&3Y#Bhm+qp!G z=uYB>u4}?IZG^?ull2DiR)3BIUryKy6mq(hAvRhO+Z9sb4}=b&H*cNGd=%g#_;>Kd zxcx&M1oGZQh;gkm!oe5+>lOG2&@JX*7kmOwVu`8laW>pPjwp{=c#Rev-%D|4U}x?Elh4S1eLxZ>tVE`p}m>AeNNP zd+BCfd&_SBs)Dh(8>$S#DJm4>Sn*{fPB54vPwan!)#&uW`ABayuHfAEaaW&X?8WTXH}zKb+qgBl}2h zz!fhMTzE0$d1MiRWEydO6qHtdZZO8&JhhR7ka}T6|R&row#Iz4P*in z)WT?;_;hXznrSq?jH*ghZl*Y;@$5=El8aAQh-vq6ji7>6O_YQUtPFei{BGQy*HcIS zyRQalh5Wa3SiJvxy~+RfG*7ksm(c({CM(JW#;nPAijgr3oTs$ns>qk?@|3?UBdJ*b z50LpwJ=N=f_h9!ZZ~uRIxWCE&^(2oVU@L{k9C=r*>r4`0w@;ZR-c%hSV1(bI<=_@G zj>DNUuy>s(WU*pCNfx0<*PAExxG68OxOUs=7D^>*xuZPnL_29P(x_X+C7vMDi_hPWuS@%})+y1%}$=J#sPsB@~usdSZF{uis3x?R+@-gAu_)>}16*|=CKs6xQ3a+il((Ne?$ zhH?jlv}YqT7uMhEO0exoC1zEf90Gk3GEO0uq^&Bq^3xzKT3RCnb-P?7^J82ZgxK^-1C}nMfMGELF6mBu5oN% zrOjkwBULt5ZyR-Lmg^vr3)24psI1u0OEJk_ZPZ63dzIeJqqjz8G*!!a`=2#sy2B{d zj6AX$30?jUD2Uyx&Sbs3=e5+U^3G)L!bEr0>4?@Rni($7mshy-QcwM>uOdjNNl)&A z>2C9#*Dk6jxnok}FF1^NbS%LZbkz`7cUURF>*&&r#BHf!vvf%2=NQEd$ z_l~1<@2)stJ^+1Wmwv^)KnV+28-*e(twx}lm6qEOWD-r)Nk)~|9~FAWNq}fpe{z@g zh^ABI@h&(cBX5rUI6%or$oL~6@loysOIT7wTi9#B$!isRh0rb-{1L-d^pWeo)v?NP zvdg)2ZH4CGbSn0bWretEia4cIrc{_c&m(cj6CtzM13H18IUs)eRAV)z$!r}qvJzUc zZCyC4gCjl~Wz?aXqEiHdm2-dXd`;Zg4!tUbq&j~xxP3;ryIk*z}bPFQ7~0Y2ukrEhJ4Atl$? zM-0H26CZKpapapozHD1MHK+4q2gPIC21X=j7%+q~J#3>}xQGHIVZa~&ERG^V1$?6P zybT2b^hDd3dE^?=r7Zq7X;KymFyqKpqnMM4KrPTmF*SYTNcE_?tau_Kj?y#j)uB;Q z#yp@mdS< z?deaz$%s?Y-9G`Rcrl8nQ+x}Wt=|{7%}fl_F9H{#uC%-(aN&2~s#*ykL-uBt ze}~sFRl)*z1E~zE3SO$v38vn6-vR;Ym8|{y;&vP}G*0S`HC<=igR<)^+o1Fb0BQ!y z8~w)BrmU(be;nWi&bMj@X)l_Fe(nwViJzkUH;-To-Eu@j7_=5DYEw%dejdsGbN}%0 zC@=pV?(J^mzo&Q{3T9U<0QX1xfbA@x$w%*?v>IBzumXG`Lj+t*peH$*Es18tH;GI7 zRqH0Tq^g>^AOXtAsvD8>;YChOP@45K&}_}FP`iF;TyugbvLHzajjVvShR#+h_q8;WyGnP35*|n!1Ky+gD$UA!=q_NoCQm#LH_$C;EjD(&QgAr2f5u z+?zLAt=7E>`+FSvIGk6-*dhm$rG-UW)-Vm>Dn|5J+Pnz|bR6nW{t%vi8k z1`m+SU3GJmQS>IQ%W)Ci4O$WLTjE5>JQyIVORxxf`W&Ti#h9@ z_Q8I0>i$dY2lf4a^ugBQmG9L2NT1#O8Q5{y)us_l{y^7)j?|x_FI{=nFYT$@k~R`d zCyQJ}BoyUk8XNi6Iy0N2a&mUoXJ!j0@JmyS1Z_ujl!4|kAK(i%2M<6JHR|9dYNd+($GKYj0y7v2vQ!^T7 zJvQ~vIf4P7|Fc=_LLFfGIO?dK@AX@CEhl;qimqO(_%QBn%7tZsTW?r|JnLsf$?ekq z%prFyg*+Dj7^3x(;%VnLT z-{kO|YkfnT&xbajw<_+lJjL^$%A0tfc+dG~#rbdVVD~5=|6^~H|Nm*8EzldDfVXL8 zOIMUGR}>Gip2`@Y_`ZqJ@r;{wU9Y=VqT#t3oSQ>{N^CkJCEsA6i z7QF~Lh2B+N%=@N7ioqnBjwNENVN9awu_&2V)_8C)8vhZa7>$(;cwKZZ`@{bb)lQY= zcpfYvi}4i>g1X?&&)>bpK>(~c98&i@_Cq$7s>0Qfbd}??(MVKCB*h1co?Rx=-J2by z0k}6j=vncgmI>_jI};!jFZ!qnw5i3xp43Y>yP!GhzZ;Hw{mb#-;^OSQxorxvCG%hq zux1zhk~-&F-uF#8@0ri?HS|0b@q+}C^_sE5Tk6fn5%qYG|1!a$Uw9Wy3$N%^{*?!# z8RCw&%<*>aV_J9_5btU{L!9FUa(oP3FIn-Wx`!yfj+Wyo4$zpwa8|5E5iHd4Hhgbq2#p= zvE}$gVd#^E>jPqLq|}GvWUEi^?x_#%I?^f2^&w`k$Tnt(GiMV*h$|T@@rgvPHnKPE^ZNrF4m>q7Eu$ct$>+$SsYgJ)*&d}P|Q)&diR@Mpb3jd z$=>Pd`9GT3QgkNHieVh2LES#3CF&e36&XGZ9$C;IGrxp168h-2*#*1X`7bhtnE0~u zdjIvo?$>(G@u{?X9$73<$VKgJk97Pu(W{T2GGEZG z^`((-;UlZ4v;A zJt}&HbkZg(v@*(#aW`a~Pz~(3jz$_pWmG1|Kvu!|806D%!GMupW9)^Bn z3xsGU?SH|`h@vUJMLxK}d=CEYRU4d#!4i;A))Xj#2vHE=5Vafa#&monn3R=j=&TLh&8@yvzw^# zReJ)j8eg^fB5Hi~|8H!8pCH8~X5i#_z#8p{lHZZX8*S_(*iq#u`Mt3P&i`>XxEM)T z`5;~D({mF)%=+*D*gJbOI6Z&UUic5)M)msN+uhsC<$v7WJ9xdZ|9FyT3mhv70Nxyi zGZc_nqp`IG`sNqF420wcz-x#D8KH~MDT!xu@CI`*$4qSSoi~{O7*7C)Gqw#Pimv5q z5kJ8dia3A_P&7ppg&vad_uBjIgWX2sEARup1(>lIDMny^n*lq6~NOM5#9{{AO z-wOr?I;aD9r>y==ls*bxE@H;P1c8Ht{a0yQJEE=k(yIvg#EZp|LvbRpPR$kyDEcEt zj5F}>K(a z)c)I|21QmYUyD|HzMm8)Q*eCz>$rb@cG){Q8(jQ4{&;fMKYf2Z*dF|+{P)wZ-OGmd-p?H=`fG37+n+RFNqVVNv`KFFq5!^G($-cAew?YaDieT3S+Kl zrDP%2ju?Qi4-WR*jjzD5UNAu3&S*BrPt*A*%z+Ry zL_GpNggCH(O9~d_TV-mZf@h|cjtoY_bly!ytZWd3cu_Y4Uc19?1H0?|uw4Jr7! z_wE!-0^(gIaXXca4qo0s24FxD^p|SwL#E~}GXp7G+EYXx1ms4U>Im9C7rcUT8M++| zZli!uMCIAUb^(?1B-+U2fk`3no8=?R5XP`t;9^X*4lYjC6K(<(eI7MhodoE_XQs))uCFk%j~PpwH|d)QF|viLGBwC&Tk0trLT#{fpXeTU6bVq2l!e=m=)6`*f*BHWH;@h+%qdPt*+%ZrqXsu z*#z+$ghDMc2#Eh5d+)N{NRA{5_S(M!BXw0gQgn)XMsPanT&1L}RA+=jEh(zHZd4u- zq=O_A;$z#bC_ zjMj08x}=9=4gwEG9tk6&*hI3plkO5u)iGw=j>WVJ2MI{UdghuYB=p&MWFO&)EZsRe zx;i+#(qg{mCF+|N`8y>PQf=2h1@b&)BTNIN4uZ8rqLw=;JydiHDJZ9)%ZrNQoN8T} zoQ7uagO-P>9XVuN7=n#MB>-E~PA_0<@@CjxLni!rp&mdUVL?;`=c`|15>djhUay(m zpWL=GTp*0th=?JH^}ei-?sg3EXE^Zn@~ArUw^RNVMx+rb&seknxV!<|+fLq%Q*pt% zo5KC*@Bp2Ee{iUY%5D)Ame{6(s~AN5cy^F(;ao>{c=<|MJ88X{o)ds!5PVrQHjBzI zOkkz%Pu@ zAqO1d8-kSQui<3O_bSlB0%HCtHTR7y_9`y>BCBk$El3~)mycx#6-`snjkKqH zXXMlL>XLMwXtdU}B+)of`A|C$o~eU6iZgT+M-54&bxuhSaC9FBJl5=}V;zYdAZsk| zR=^qXNS$(l{0HWmMMTz=5$cZ7fZj;rP+_qMc{&46_KCV%fv7*CgP}--eaYk1c*%JR z#zhAy$c~P#4&Q&exI8|;Iz9Ms+_965q;i%djKwDvic@0jn!`^bB>B3dNOVIGmx~_z z=s39f3s&Mgh~O+}kl?0qgCh>`-ULkD-QDHl4=WL*qeT%k z!eOzqtu1v=V1bBeH-_ygzwhp)blWy`>rBkb*^z8FB#}b?R?cm1*7hf41;7j`d~ z@<Y9VJvm`hH{X!-`Lxoqs$$zPPwL`1A4UrODgXNp$*#=Gf*9n@WKAkp;R| zavYK1Ca3hsY9!JgcCtOF+l-XoQ3yr|**412i=)gY<9!2_f@SGOS*#2fk9cn8(nW+Q*gsDAXR7bmnH2A)~@I2>CR)PFTjd zk~>D8I=|Em?HimiTjv#aStXMTdR>BpIJ9ovO6j?w5Gj<<8WDBPl#;Ic-EJFm;>*p) zA`}O}bG4Ex#kH(XaBrA~&{cW~NkeuUs2fiPIP_AT02`UFuVhE*DlmtIUNrjJtVhpw z$Em#Z_O%5|cGHm;mXA8kUk7!}qxAHXb|_Io3HEc!Klf|%kb2t1_vdP4oZS z+TGf1?d1KxTD!X||F6d=iT{`5eAfT^`K8gb-QM1s+wkyLP`AC3yBC9E0Gv!#;~fuF`7i8=mL!tp5)%Qmq?-FvOA>j9Hu-M{X!aSUVM55T!@N zK4%I0@W)zr$ITJ_xv1Y$0HhPM6o_ej3Zq995h2YHmcuu>kjGB5*yAe~{b2O2G>}tO z3=wx(ENo0z{%pYX_1rg1N?34iKC^xwY_qpai5G$3Y5x*AN^*d{Ba;+dk0S7ZH(zZaeoIAfsIID=#xJA0 z4ib2PXkXG01w`FTqBubR{^38Hkl7OyHR|x-a&aWLe@WBCvDk>)pW!wL(umIj+xi3| zV-0|l78+>RaV`kSBKzMz{HG1qL^Rv*!;G4*~fvE&Fx z1PM%i7Ad@Bn(w=N-)%q+<c{9Pm0J_H80^DR1;d={IImxyGC|s}UrYHe_5}_I zi+MT>`p)h}=j+j|ii#n?B(LSZWN(Vift9XHY$G~U>&I|(XdG;4Qx_<}ZkcJV^yj@H zB{wQ_v=-1$OrEK%TPeg9a-2(MK(n-rz=P$V1~Aa%cmD1C`2F$0#WASW|J0FihzN#* zEtnww>;zqtu`<}eFP{}HPHY^=KjfJxiJC4s9EN$8t-OqyI)yf0S4%HlRj-s%JPy>3 z?_xewo7l{&(E#wX(4)UQ2sIk=l9>(O`tIM34lWOlKK}XY;Oyk;r{ll<2_tHmK4h`)0l$#)it_C-0)cV~N!0K(Ff>+6Yu$Ja z!yJ_lVd{LPoU}~V!@>&riHu?OC0>^Gnq8CeMsoR;^DmOCOMG^luHj@kvPgBuq5%#} zgnj*3M~zLnvM}k(?g$68PdEr)>LOcYFmAf&3?LWBhv&zau*}{WeyIj<`m9I}_<^O|4eNtX{uvYf&>ORygS1s zO^akPD2}8bNEm65>pirLy`SAY?@H-W$_!HUp5?cJQ4``&dGpGd$>sR+0OIbxLNPDd z%Eidf9nG6F77U#bzQEgUbA{ua6YOc3yRw#90aE0paMo1_1(i~@eMe9|gCKbxtB(83 z_t`CwT&<{E9OQRa?(``IbPAU@8_v31{2esrHFzriCq=a`ZuET-XCs>Ll>8Yhm0cx31p30xu zg?5YmYyCQE22r!?v#t>}B=ltrBe>Y0PY6{sJL1A#otXb-14 zL*k*AiYH`AYASY;!#9K0OGxVk_a#XS+a0l-4l0F~@u&cQHU>MkIz?8!ug%lHVBp2du~4eQ$end-Ls1 z3wv9nx8?2i-|qL`?BTxG-`+g5oHs0^PExReN zqfg-=0+Y9<{SQ*MZn<}|GB{ZN^MC%Y|L_0(zl|4DFi_HWTElXW(~>1p5mWRAF=vlC zW`mU}1JfbyvWIYlmhEUV?wWX z)DIm*Q^TU1hxUHX+?Fs${n+=_AGD9C$O&w`quu5VGfhSkEbYOC6~N=cK=~QsFpQYoamp9bBR ziX8SfZRA}TGdWDexNbtFjl_o_63AmjyMJiEYqj5HOU1Bu-8PFffqn^GlXXFdT+ZslPfi~UN8+Ws#Rb`*y&(;gBT?*^1 z{3M`RwLq#4h|Nz;i}3lozr~F60-0`=6S*6WFpdUVn|5j4 z2O=;V^2GDc(ody1FA?UP^(Y(%iFlZLM5!UUy+oCU@i6PyejvGDSKjEtNOC`Ud%^0Z zA_OCVyQeytsP0Z1^o%f|#W%U9%XRGgjm&Qi{oAX= z(^$Yms2;l^k(M6JyHL3*z$T#NMv>Rj<}YRMrBso4nK;g;2i1kGG{P+roC^LhULVCYfk*yUVl}1F8CjP?O0ZC@DaQt&!8Fv2iy5vxqYxeDbzt0 zOdpP>-V>JNj*AweSMF)%d_=RJ$t#+rKjrD?n4i8jVok_|>^Prz&YYLI%KiLu-Mp)B zh#@gjV%A0bl{(m<&%$8bMQ6rTi#=tMT!tn|g&|I7(p07+xLowq(=69<4l;%uZjQ$C z9L}8$D+-C7qguO7S!vxn_R~(~wJR4ii#%nG*3OULkVz)uHSH1KNpqTvN-SRd#Z#*I}^?A{y=Ck&IotH&toIPH-g~Ld_aEEPag`0q@<_L#&&478tJbVX}BJ=D& z?SK@5CFnHaw2a-wqriD_G*%lh1yy&}v^&CFaS}Oz-6Pm&Ft^@3&$9Kc%`GRTP;kI6 zv68*JMBs{qLk*SD5#REwWMjxr4no-m5%WnKzFopde3W$2Z;xu5)2L;^hp$O$i*I zj%@GxHtHlP=d>@H{GsDC&|&%}r&u?Auw(r*Z5q)AD{B=|2LI7Do%MB8sT@#pMS9By zuSVokF1YnPB97p*r2^8V$|wSiWrRlg(0ImXr)(Oj*2XdeD^uY$8NY)zpEr_!{@h8z z4uMc*YbZO)*-{@*8xQ0Rvthj|cu#JK|L*Ac`%iy{9!ias_vkE{;~eE49a&GdSEam2 zEU8sCLmTJ5u~1pC`7ltCG46q$HQrZu6E7zGWV{j$QDwor+auuq8^TC-^{=>a=5y#O1l1= zI?P6mHU-iMJeWz2ut+2DAfd^s*ySE|_O;7Z{Wb;CcJNI-2bZ4>^IY$baKnLkF=@=2XI}1&U(76R@}$WoB{;>SDgE6eqOYj=Tm)Jf@KPl) z^APPLi}>*T>6s`u)xAbZu`?`sTN}XXEc?X_dO-z2FJEN523{Z*A?p)~UpyN!l$C{b zXr6Z!N3(X2=+I~&@HIgkUi!@l`cp3plLi9(%{=HqnqS9IsVunNvp#PYCXKOK&nBVi z@F{E{@4sEfsTiY|>P>)e9*DG6$iWTdk#0QLfM`b>kPTr&1v`{N1QoQ0eMs_&Sik?2 zIH0_8p8oK0b}^tl4r1Lwbx`8mdx%xB%QALNMI6dWgX((l-b6b|W#XJJJg+BE9)>iZ zI1L6rP@k0RZBo*t9%3nxlv6hgkVpA-##&QwCp$PhSr#I`zB2c{CN-svX60uoLz9O| z@`&3cIhbo6Pq56bdA3OtvS@~DksS1sj+DTR!p45Ysh&L@oP9uNEPB3_x<{Qit*yPq zc1gpq^7nUdx&%LZP9cmZkZiA-$t zXH?2aGu0u+CQT-pX-$D3VQ9Ier7S>Qrk|8$WBFv_@K_n8pK@7P3@FdfGHpW9F7+iZm%Q#m2fSzcMtvEy)M(;sgn)AA@U{=6X49;YlUJZDH#lC7hB&@$3kPjPFK z!D>=Ti*Hxku<)))UewMssHNW29w$0~6y_)#iy=JN_nxu?;PkSvHb6gso^eo{G$rqp z(Mv9{pgr|~GZxH*Mj1aP{pFOhxV;9Rx?Rj9KHsA=OKQ&Ms969rS_-b+-Yh##JdROJHa^WrWKjI-tQ3 z5tD>7J*bw@R1@TxHp&wwS&#Lo*L-BzJqk(b>t76>RU04N+kW3Bq zHE3({)T7re`HTiH|^%ON$ z5VKR}5fk&wic%)~LL(f8&-P-ouozGl)NDFKvq*DL9zbqInq`n?)=iTo&1%C`l!ZwH ziCw4|AF61%HA!>e`|MVwWz;%>+lY#+QXto}%5bHW2wAP@6D^AeLg}3ZJwKl5#o#@9 zd6Z;_e1&uewqI?MiC+a5fER_&tt^2w$9D^oMt86xO|~q<%Bk=%8E2g-8DMf-()js*{*@``zB$0>IL(BDYo=oQ;#$yy9P9y zN$%cfOOUiIeb>Bab*`Khy9OTFthS6QOW!s1NK>_IfHu#XAZc0r%9&=}%-gsfE z#;B0bXH}Nry=jw%lU|RF!WyJG2t$92aDcGa7_uJHEhUju-aM8~!vu*!xjcsiqJpC^ zqBqnhgQxs_{T_9E*2DgganZD~G074(g*4}kO;*_4qYF)nh%wtZAkUi&NuF~tMggC8 zA#sUMM048WuOtmT@UP_?a5+?-0FWu_E@YgbQ0^FT1t53f4UUR*(r*AL_zVV2Bx$N? zKg~x8LH$(3zs(20*CUpD)R`r=qiQqxtT|*sAR;`$1=Moe$YqZU0@4%QXfOjJd>ULg zd!|RkNW#LC0Hfg$H|443}8JwLmqyg8Q)UH033!m8nI|PX%2MFhlaY_s0SX;v@CVkDAIiV_~9oyF%n9KG#@{HK-bjw zS0u@mg-OGr-ca5+uwc>gUFfrjMAPn`S<+Y?AkzaJ;LrRLx@er|tk*{E_cb|R4Jm7B zsq6?|H(wC&fM(tkzEVyri{=zayf$VFgyJW@8k#C9lNs}7p1{*Bi;_k#pF}fl85s0E z zynw4rw6lo;ChJo#$zq#yl%&n4fk_IgpAbH?_>YT{CPkNvb(osz!G$v+9egbjlm`>m z;nMXxjvR>=nfTXVmQI>F!G+6%39m}F%pFX)iZn^K2G^$}Drwr{6 z&~QGxtudk8gH39-&|)=7qjO)C5GO|(Q*lL{OnE@k=v^}+qkQJUd-MT5t~So3@)*0O zK%63JRvV{SmQEU<-jINBem24PBhC86GcRgPTePyKsTZ$8gxWyD0@Q@Sevnlb+$wf= zcXtbIChr>T(J8d4B2ChEMVm6xNc4;+)24znxhR|yt~YbvYq9|}pE$c);=LwAnu*t& zdvs<(p|0*Xm1T+dnha?sUT-GfYo68Cm{9Ifr?t5`dO*^YTyLh`YgWWTk3yP~>&?`A z&5AaPG+UdSALzWk0W<8HlsGl+H7nvQlQiH=SwlWsKti)K4Lo^rEm1V{XAJhdsbUxLRq31P)eFo_470dZABdP2&5@hKTnm=RMVy666GoIl zFlHZfeu`_PO@~4MI;6cJI@662w1$_RoUQ@bpPNi}`@32ir;q zJv8rXIKujo%?O8*IAO$YOopyRg_fr5bkQexEJfk{O^=PbG*HoL5?U(IT$PFybb96m zP>3TuB7#KjJg9o?vgqUV5(Ly4^dclZ+8-yWY*`>=cL_f$ym{)=0eWd-6^!x7f90Z6 zrsJuXuakrjC?Lc$nOAhwCmoqbjYqjvSydDGngoajawqqCEDpq@lk*;Re*1mK&`z0M z6M9&X3lU*K26bO_8iuACBd%LZtav2!+4y;LGF|S`IrDuQ3_d9|0b6Ko{sE2f-KPNG zVCq9$j7%GgG&hjpX~xW)8O^iq!P+o}A}rFB8htCt&X-yiJ!=$VKgbb+O5z4r6410#vnj~V6*=;q2mCY}jS1#(+aMy@$G-yc}|gT|vI z;0^YE7`XTRNc+6*0zJFbUVV|GeOkxUDH%=f1uFHink^=faZ~kjQ{uzkToS7GC!n-eiGJE*_pw zUk7`Ng1;)IRdo{>0K-zVCU~`0MbTvPGn@IGd>*(Uyba`Bt`QX}#l%}R7cAI2IL$|c ziUYDrBc3)WdzO;qC=e;*xJ@KbVB!0T5~OmaLiw3DD-nX9nnjG!~ZUQlS!%k-elkSYD-jk zd52U{S1Iigi_w#~Nrm4OseDoBihiJ+6iwF07vFeW+Y#4wC}L#H;*7sCYOJ~lGirdN z=dr-V-I42;!CNMzXwUfYt;Rs1z-(5L$20$0{5?l@y0ni>d%-}5x9X^sqYu)3(lsKM z=cRTmL89JPMHNaZn1D>IAdpBoz^~ZMl?WN7l343r#fU8ma(%&K8krfZTz2+(`BypT zAnG+dnsW#)kjv`hr6b|iJ=N#Y5={uqFpeq8X}2L!0ZMhNG#li`BqQJ;GJuUF?YLxu z#Zx?%mLh0H*E5Uw(9q)`wG*u-HFDGo;vk|(fOm+~d5#BdZb}3qS`+PL<0d9J)7%rc zj>Dv&Wy+|eamf6b&}MkCll9K$Wc``Zeo8Av>NK@m&S4Ej5YQ%Z`7WEaxIpz%zTncf znZY8co+weMnbBWrn;S?c6t9Fm{eOeGf5}sT)(jyW_gT3mKHXyFkx3aXhUBAcc9pP! ze#C*M$neyLoHGNW1yj6q$somTGY$1r(aiE_AN4pekd#VYwm+2i)yI4A-@(mE))hQc zx$k+3+sQ|I+<|P_Vw}yA-;*V`%=R*@gmLxFa56Mo7|)1|5@jx|5Y2 z2xjaJYZ1lvcIH*QOMO-=O0G*U=zTVH>uC$%2_9)sf$6X)moH<(Tki@UC6X34$i&~+O*UDX69=AY{CbTS@n(!Si zSiVkDt=cM@&dSNTf}Y9bvvv^m9fd$;-k~JN4o9;r)8m!K8%>1xmepq>T!25Q{!82FQ|9EnW3c$Em_4%-qa+>^=Yfkj{S!g}F(6-G{(+$8=bb7NP{77MrT zmW)Sl%{mbDTz?ZkCo4_gu_440!1l7Ls!j5aic78`1a_815k)i6xFV;hlZ3tKBFUMR z&nGd(s^P^Ti;MDTdja86tUTApT3d+Mb0~6+IqJ+fgB^blf>7t0>I=>q@#ZJfx!hI8 z7ZG(uEGK=&@=&=i8`rwxMXK{Suuy9M<#5h@yOssk%6|ZWEHT0p-1R!p;>FR zn^!xjoj}yV7O+wW+zWMCpczv@ZRucC(S@@Gy^>W{d>iHS0~F$;og;N7gQ*EBu2DAq z?vTuxVeRpuA)iVxGDMsiN3t{zPPP20wnc@jI~f_?NuwhV_<;tSn-Z1)WiWc0gt2k0 zYzgv5ehE*x=9pz?2y1$Am!*N6=G=5vM+a(d+fvGdNyN_a3GSXB(yFQHtd_-e31Na_ zvo)4hg=5L{`MOyh3A(uD<<4UbMAF8#@#1Vxb+*`80gsiVuV2v^N|8!G&!aNlz)08C7_#Qg{jW^S;;Ull3VtM zIL;!i%4@XssN_!jMyG)D6!FRTJ?QMKc{!hZWE}#UZ-0&ea}d%*+!R1`6aL4G&OFZT1Hp7T}?D)_P-~5DAp8N_8QNbJV(aA z2%onLXE8)F^G{F|R1DxOh-=^Uz5#>5%*vrp(yk^fx8& zthv`yY_W5?1?2qcN3V}3Ym{vkouxL5WZ5w1=Zf2#%T%d;E2eHLKH32JI2LB%Yoa`l zbml7yF=$G3(Y-RX0E#&|g>`mpRh`NSy}4nU3H8NA#Lk9pD_q44lW2*JbcxLQ5t}4~ zk|Qhe_a_djBUd|MUDsp|Z4IKKdk^P%hdrOFu8<0*`^IQOX)V5YAvlj@;)(U1*hH_( za*L=Ur%>H#liB>Dd$smr(J;Z=+1tvbe5MKC!yEX8Mf(chLH!xXL6wn8N|~ZSsfc1* z`<}`<=GeqXWF0h~HYNBu23|Wp?l{zobawNIQ6yHgdiVK|)tyiToPIr^aqcEG5y4gNjU%&WNikC78ag zJ_VVV+0Q)I)XKEfwLZztJEE6ihm23!55h(w6x8dAG>nPMKHTT{!yi1zA^u5g4%nYr zh#w2vnO0v$xq!tz)R*Z#-{7Ic#6QMxbKsJL_+GLErmmpF(GvEnucIRa2vo4OJTcVS zcz@5T`RwVL`t)D3vv;(=`a)ROW5FvSKZcM5Hg?=|n4LQ1%XCULX#`N($DkRhjk&yeQ6_{NKIB`lF8W;}2 z!2S87+WQ)p>Jk1JO1!uZVjbcXhLzxANCiwSXB)s!7F2xeQ$6CE3_iVlX`p+>6_Wa5BP(zDIh9_XO}#GgSO6>)1Lty=fOvDppBxZj{8!K-1gLOz-zgrsz( zIj*@f7HxTVh%pP|iQyT-ni*$XyB@Z}_)N&Ow3_ix+{YNCos!OM-+52ijpo!~?0R>P zmxuQniI|@HrKq%8UwgY=wqW)LMZ$2VC?Pj-H&Ps>2KT-Lv@=U|Wjx%;oa;L6PQ^{_ zt4N73iYwG*ZS;{=r8I5-B9>RDufBs`gln<-b_qA8A7f~^d$#V!tUF0^qMXnwAChuD zD=w(w1J1pKxRZ9tyIfHznCvr7-dsYf;aZ*lL%U%Ob~;DZ=3WXGg}O_4qM`s7p>NdQ?XdY7WzlL@8CXZlL4jM zMg7yzwG=?MfWX?)2gj3CfM<)mF|X z2SQ)OirCVNZex2)ldQreo;EHdP)IPo`t&_+>OCq26#MyCTsaD5(XX@EX#UCnA0sCl zuE^+@vy?x{!7rePo0FH*oMh_(`b1czdKRR3gHAsx8TgZCYk4JbFoX&eFyDNK`9`}= z3WEi-zANQz7NR1V2)EmC2W}hMWy*J77RN09wX?b5V15Lw$(hReO!)x*6kq7O zA}UT7!L6}Zpte=wuGU<0P)qb{kNwjyF03tD5(1y$wqRe6$QAcFprb(rT;piOv?U%Z z^#syVv z9V+tZYH8_d>S_ZXUs>2z(c6-X0Io{K3tL7^GE?4niV>B#6>xA6kjAzx*FV^wfzR6( z4nW5n``T+@yh?BBr=Y!SkuO2I%6H={?IzKqLi-|6!M3XuIsk3TyZGR%yu54!5-)0a?kfdS6C`ppGVH%~$zI=5Jx22F_QE(cv^NJRQ2-YqSVDqh7>gi^ zz|(d)(2A6rh`fw>{+d{6p@|fHAh4UK6nEUWRh^rX`SYtzMVzuP7?K3_#0Ls4|Cv(o z?*KkwxM%PhrdYrG+xiH$0e^A6XxsxqdR%UN--fidKDp0T?fKBfdU%+&2@CEJcWWOa zSpKF-%p@^Bf5EDAV;P8cV9>>)f`-kz;q|_={k1&(->6^5Ux1IikTS6%=bMwRuCGbZgyd^aQ8XelbH z$`kPO|M>cMe}4Ztv}71Jqxk#Z2F|6_uB3f4Oqbs8`?Y+v;WR@uf3~XukKOmNx|FVM zkHD()_Fe3>4-0N8b@u63eT?57e0=Zm>4S&-@GvT+GoK%K2jO|;?5N!GUCCyqZDh(r!`U>*dHzs^=4IG zGp`6;#!{UmLoch>29XtMO<$_+9x&V?G-Y}m=pKWruj=?ngoI3X5%q8tnp9Wn5KgBn z`k1=*snsh8j?#S*)>je7@u8vI$h`A0NJ3=~06E)qb-BO#`WAHVfRfaPNpzagRp%*d z63TdRJR}nKcXY)qM_9JNa6UV!2LH2f`Jg9e*_5&Zv}S7(Muq$x;#FG{C+dDE9}D&x^lr=j^IzlVXCG0Kz3*vPgII z_sc(r1|rE-kSigFDjg0%%u*Z({T2u0$A?UX9EM6?nHDEHyC*x7Q@c?nVM z){jJ3GfCrke!N^6Xm0ip3O3=kO+KJLURG7{sQ9zHa0=3JJSFF;(ETPQ>L-C_UP(GG zV+ekdc3=hqk|lFPHn1dFuz(|Zn=xo7Hu~oD3SGgU+Bu17Y{5rq5DMc1kr|y&kO@oJ zUXe{&4i#FIYbaKw4xjnf?h?QAvFQ!IaZw{=S)MN=H)~oRl1~}EmVBekQ1S;||? z7~IRHYW`<(^PdTvmgQl|l<`_gKvH8u2*`ve3}mv7m#QE2dX0|#%vLx4E;8OFskWwF zk8x+>gJlVYqFbP@Z4CpODQG7Z*23T3l;dpm7(3r;THf9CD!Bfh^k0mPb&f5elYYg;SQd2ul=f!vhy;Qipk`0_LK} z#dhy9;IFiB!6Og4ey7UKqqoPSZ#36f`JM4}2^Y0S74N;Mf^C6HEV|bmc}7L*ez8`~ z^(ZoXNvJHlf*tBtOX6D8|C;@kx9JD`9UF`|V};VFW4(8wxCJ8*PZE3KQQt_lvHqK} zWS2qEx2)2uWASHV5Ys(S%MBA*gJw2qN*W~1Ib*^?iV{7w2QK@a|Ns6UZAr-5w{%JB zG@`TQKvr^r`<9`Z3D8)QPrn4>Sy9OD}b241ZI(4=ZvB2MjWtCG^u|EZN3(eVF znJa5GejN@4`sV}sghur0QBUC(i?3uG+yis}=Nh@=^D@pkcp0br*30#S1(s_tjdd+l z)npY46e=GX#zS#nGYfW1UOn#OG^}#)@^USIHWSUjaqq2DujpJt7rvZZ% zNk-HPjV(6uA4Ct@5*b10R}xuNuM^II3U!}D*z6?}a}os?&8%bqtNq~K70iqN@|)-ACsH)yhs_X7+N~zo z>xl@XQFvabQ~;bNQfyS=^dF91#iL5dz(;817y5!eyBkui{NpX`MN!UD>*W*aicY&k zgW;FYQ6u`SNwn*VkmDk3l^i;s+JL zynjdwZ7R5(Q0I)m2p_vyUB$~h#VGp8Z;4=Md%Kogbd!jb`3?8`=>qfyggEf96%R7C z#t*Twpo+F$C(C)8aW(fFpuR{rbgz56xZ!634K}8&-S*t+*agnowvEL%UWu`4lu|E% z{?6@u7u8z%S>4_wzQcI`X70%@vS)w({f=~ zv3IK_)oZ4x#@*VN`H1p@*o^nU~ z(e7|RfW$4cmfS+FqNMN`kpg_)s1jc4ybgazapLcRywTO%w{;!keQAL&rjX_boIqdNJ%Fgn7qhA6!eR-zJ^|Ry9J5+%JFDZj#lI{=mBT*;% zLy3kQyTur!&a7s7YP%98E{u|Mpn~Bv)9(o`{ETAnCTYeqzAUr3RiDiH)&%ksJFx0o~~ zEN8>Phm1In+V|nuIA27{gN1I`Vn0Y=CkfRhK8@U3x~n zaU+sYB(+eG-A5wA+a=qhe;c9BXXI_1LYLhWA_c<6%CA*A%MZtD=zbv#Sa9kvR$_r6 zx>pEgdeLN{M5-Q>RgJo5#3JUS!(^1FFj^COHSbWOMhv3j7LdYC{<9&S(}fS?nZm_m zFXFPQtdFg=+pfqZi}4#H5)rO+=UFkWqVE2HOEB@L;iW%9Qm-Q@HH7`*Av2L8Nrp-T z_|QJ{V`%XuJRoU-CHD9|o}D7XFFi;|5QOy9{pxo2s!s4&Xi(6e1@lz?c6)gtge@HB zC`I(|5!+TfYm*9m5XwgFG4+D9r)RXtVSums37VW#5z3F>_*a^ibISZ0S#2Zihs&Em zk5qFh@b}%_k65SnK!c^AU;E@=IzMv&I-vs`Xu}Z6WP}(&Fk%ZNRPiSrB{iN<)o<1Fx&$l z>u5o>FSwau3m;{-_ChX}7x=^IgN{?#B&o#^zMN#{W}Dd{1T}_SdtI`?ubk=F-m<`O z5lr~F^zl6=xvZ{Jbjr_F*r&<8Gx%?dzsC4}%!j{)lHtttD+x(NH~`whJsI$LDt#ix zss}kr+S>aUVKqh}MuUjoGY4A*or4-(Wt~g?GASEuWAo=>a~JO1gxyXL%!c3CPF%Dr zO4K4gNGT0WMR0<=ERuQ$vIRmPv{1G5{j6oKu<&wn@cPGLv8%q1GVQ8GtRyDVD&YXM z{u($_<1cBFXTk?gR$)Z0TDmxo<5qk`!hFJ&MQY_whw0h#bV!Hk-EYrcBr25?7)y3r z+h4JZGiKNF@p8Qz6%^ZTJJCHvu@;lfy4q_GlyMH4!L*8hlQ;d8wK>k@OMGc;W8K09 zYyQ)1=b!oZ<7q8lfZtY1>P98`85g+8NmOvNkEqt*3` zkXP47mlha5LPY>Cy_=XX3Gc{D!Rq5Y6F@Vbj=2%340li9q#0$-K*+&eTm4@uk&+qiq|M zL9T1|B5&*S%huNC{mSE)|A~EDUrUedbEnUA02GuOhJABuOGnF^l|6f_PFhXd)mF~) zbX-^0r-!4ZttE(c=KraC8=X4;+1EVTR|$&AbvNEaKl}RHK#{d_<2zwNB;KF(72BJ| zX$_qTZ7oOuOTNrG;2Q(R-noX)OM&cuHuNHmGlI3q@6k}Lfo4!o)lpzq+c@x(3p)If z(L!;j84oXPEN_?Rz^wQ@DFET}-JGSxXcTWe|AqJ$@j=BwBxo~oY#y3UkR~wY8u||s zg^ov?NGmp@=2OH2Ml)#crnFuNTk1|-|KrnuxAC@Z9*bUUgnj#IIvt-hFG7p0Gx{!626;@c2vo3hQC|O_9osK$4jgr`|!%Z!SNu z={vty^2;hxH_7wC}x~Nu7N?Z5n@Ns*scsRn~+P|#W?3o7WiDIZ3$-Duw*v7dWK1ipLUTiW;jsfa9&{r$e> zoSdO@23*3DJ;+rkjP|h)cqp#ZjESO)`+~dXJlP?{D?ChT4}PrkM&??h+NdNo=P3v& z(zSORIwet^SvBYq`*lKYp+N@D;$1VT)p+51`>xkEZaTxh0G}SvLv&U{Dc+Gww!AIM z$KAzmTk>qW6TSnD9V!4Lh`;JS`@{{t;Dzk#panL=LloD$9;Sy&V4}bm83gv+eu?8j z7cM|DubAf3IZS>N5b_A|V7txc@pB$7V?~N>RDSi*8z}iGaUBtXNQE`menzA=&P^vk zQC46Mdo-J8pFG)}gkqknUqyqGeQ2!sgtX5W4^?1G#h zK{C{#YQ;!qnokJ`Mzh5)7Bke(a6aD81TUhcr+UV^zoigDgWS@6W-!lZ5m9ikkW~Xz zn7g*VvYn#CwN2mArE3nWn+2%B5&u!O^s&yo(I#VQGe{As4J_rxpOwE^USJ)2!OwLG zJx<1-5lZ;B(4IOr*8JcgkscoX(jE)!8 zy;QA(v2i>sJjal>`R*M0lMd<{=?Z$k`tJl?e$@85_gdwM@VW{vqDnxq$GgUx0_hmjD@v?mZOH6Jn0ZwmDjp9505AYlsHoqmYPr%atIgxV>%{8-GV&( zum{AailpV8{MRy$(>r>Iz$JHF@m8|0OkdJ3vjMsyNE@~1H>VbBA{0~Tdz-?=QHELVhA$NbM zk9XauMTN|8TQtk5x%?UW2=xo!t3(~gl+k+OZ{VSqkj7B!vJzqn90l) z&1l|PqO6Cu4EnJY?NiHCibGj%(L0T3^m9(=ac-T^^8neGekBX%S1P&Y)6JyHI%e;pm}>;1o(a7# zTj?^5u!%!|RisvnY`uCGaK`1!7M>NLd8)k$PLT(!naa7^+I;QX(#ZkFtGd{($W$U; zjCvpk?Ksg1CBk`Ay}Th=nL6s|lQ>Oulm@1y+s$MsW}~8NF*LN^RjoLdIsZJaMjp>L zJlQY0<{LjQ%|S4J60v=+e*JurcoSFr+e`<+GyqP3Qa6WR6*rl>u)K60#bbZP5kJqkM_J?eY74s#Kv;$)l=etkIoxDZFLwguSb=bZvbml|t3$x5i5aTde-6 zoPpa4$Lu;iX3yUG4BB8aq`GhxRjX`1Ei}1x{q3wypaF}M<}Xz|{Wfj4OEpbH7M>1t zvIJScgoE?Xdlsd6227Y?p4a0riYrrPCp1X$DU8HLL$_TTUMYCIV@({yaiPj{Yh^fe z(MdI)5=JpfyNlv3@x4rUTzXRkZH=-_gdv-T(_Qo_UGs|}TxEvHqAjIM(MGsRD35)( z=paXItMdW|d(c3%-wnq8wWK=KW`!1*82IUpc1C~Ka`;mXFYI+-9?Ztb77eLlQbZpp z-m#v1liSFU3Z`M7%;dPYNB91)S=P8T0{AnQ(QCV3)P1*4w08Wwp1&H43El6>wv4O0 zV&JQEB&g)0rtY_AOwSnFNLp)xv_6Fi+y5L%1umkQ?%8O;tNo*x`s=4`B6Mj?!|jjz zS|V4H*4deXfRwj-Im{7CQLS}jd#01wLccC^g-^q@Ama919H&g+$nuwl0q`<#^i?M@!4R^ zZ-$vzZb1>yhM;ThW9f~=GxXKe)76vo0$klOSo0?+Sw%D$f1b+H*iNwP17q7uJG5BT zBlcs;zzIk)tl^TjxcU0>Ip*^8rMUkoIjhsdYGr?}-KgP`uGZ2RU)yruWJ|B8_wHA` zUoTbPx0h&Wa6mBkhcr-#mxDKTL|keYnw)dS3T!wrxo$^y)c~z`L9#40ujn-*sux9F zmg{a_Fvk(2vTL>={_J$VUfPq-)EI``&n8*lxq*caUrdv}_tP52Y%cChst_KBd zi)M`-IA_*L=F?BFp)_Re(iJA&{O_J_?%ub1T(962>E8s!>=s)ENR9-`hu#KWSn0y9 zLS+B6*5aM-U+&(553Alde}fZ;lZ0$xwS1AO@3PL9AhmyT2-*q6lNrd*m~ndvlKxvP z0L|XTUJIGT!(I!~!BEBnC3m{e___kQ$Z@53zS6k8a>2zuuXxJQGP!cmJP#&l93!LZ z(?hHp{T9Nk!t2$eP(~lyXs-NsoWDSFqglW1U<~sTUR0h#ZUuLzni-W8ibSh=^-&{Y* z1-qLZkTTZS*ELUFG8Y+rkTYJc4GnQ#-_^f3Z6BL4rOxWAjpd8TL=xfsEQG6BGE1H3 zzFj?H2&nQS4TSv$_UQl9-W4ts06?pVuVQ5!j=Nb%-lzEFg5*-JOdOY)kQXXvCfWS+RlmlPut=~B;(Vvu$ovxwaIX1wZO@?9r zRc+8xEc(IT^lBvyEeMAHL1+6YNXwy@;nka;al(AXT$1@Vz#_AHs4)!ymbCq8Vqm@V zKgRCq+XrV?47R=_)DZ{PU0r=*0R3ZB4uNZbw4eFQr->8ndtyj;z22hbOAw}UmCA4x zDIb}ZY6&GC!`{q{BqP|BUz#_r5K1t;l_8&f!RE$Q&20Y4{BgA~glziobn!_4bnw_02plsaMg5_$RMk7=8 zy{0_g98PJagaAr+=`NjgI7Eiym;z=B6=}UZMUO%9pMtpjR?9%Szxm$G(QH}aPmwhG5`UF?%ZfGijGR>EmQtOy=z z^E2h5i*DDog{f-|B49u@7fZ(1_s(_LoK2I`@8ciIiBejnQbE;aO$eH{pw}ho#0eHN zCF5nA2+clEw_XlzPIfLzir29v`X}~e$<7g8y8^^Nl7mb`tJlIw_C7u(YvrN}o8wY#jdud*XE#?- z9E?&Ksx}QYZ2hmovy}EhGI*G9kq}!L$e^e69f`DXONDbz6@1&CpLmOEOdXd1RfaKp z&3WBcm+x5+wK}PP6^0_#e7(Gbk6cev5Dl!_QuP(J5e@*YXVvoyX%ScD-y4#xHZsL1xnfh-*X=qS)g*Am0t;N> zR!tiLzO+7k`EU5tsDG77Ql|{`*^cV%fdMSGeyL|Vjt(aaVhfb(RAn7vbxSLBACQ|( zTk_O8jg`+a`MgxO$M7p;N4&<}vi&N3wo_i=^Fm$pQ;;l6LE?cXPa@H=beh~dX;4oE zEraMR`sR%-QLK0qQ8v#5bga{R1TCHj=vkGZ5D_%u zJeWcE&7$Zkgnp9!>LO7NoCdJZqgx0sw*5HX{6cu3`Yx}-3!yUlm#qLIto$qC17#n4 zrnRL0W>=i(sNV#r8cZKj&WZz;A#a^N^S7K8V0cs9R}ksANt{AlTnFjRJHVcs;R(*6 z(i`>tNZ0HK2+tbn%O%J&q+=Ow{@huge)VsCe%7ga2NwOn3rpnd++$fSb0+$Ak-&{a z<|O8C-{aMF#x_d@0>~mqk;vPg&VQeI)yVX)_yO|>3Gw{6JS4X_P35+My6;`Oub+K8 z>;LVGCDmzGmb3ALgv9M2i4I#gk~);$nLX~^6TrEr5Cll$qX322kuwXDCd?UYQus{2 z*v!1g1>e$d%gu2c_uQBfyYM`mZLAyc<9;kp*^Oz|;aK#5S%IgTt#rVSaG@8hTD{kT_q^j z_cG0Yeh8`MPO*RJBBka@Y8Kj!h8Ws#Q}laK!gas%!8T^(e!JQ(lYFAYbZ=dV{?-Vs zom>flPYZAJ$9Y!j`|?&DcrcPXj;M8%Zs*3<=&e^wUY+#V&W?dPq{WIG!6$d?y*eiE{2T?Y}%Wbu24r z_l)oLmEk^a!XbK7_#jCnQXqL&Jd+sG;|Ls&h|0WBI~Mb_eRas>0Rzw1Ow++b67on{ z8te^y`QDr-{V2H2#=D0OZ3}L{V%pOZc2ae+I4D1;d(F2=8+i-6oId_|eEDTGE`agp zIa&yRyyyLn3tDFrcmCJaOU81`m4g8OO1P4)t+sJ!NC7gQE@ZdyQ7Vjm^S6&qyYiZJ z6xEHbqQ38uKgX|r76kO8#dCwRP5hSgSkFAzP?~A4eTaKX;x_zl)8flBIj=rkc|G z=zSGnP^lqBtfJC6s_!-)a>$}ZrB8EbgzFSSTIh3!g7Cpy=+`rW21d0aJJPZ$2fes- zA|G{;;Po6#ECy-hf8XTgCK#;5#oJel3Q?{ag7YrWMV|?Lv_q76GCz&M)6Z!v_%l6CgTN1wye!D>nfx_+QV9K#t%WtdQrr>^-Y)+_X4EO|$Txu%aeiY~doy`I;+)TZYj@-y2eEj~iQniUr<%aKe z8o{09WN|({#VSi4mP(qQye>Kcr;LF!Wi z0C#>^Bhlh9AH*|d*?Nnn4R>DYW|5;(PK#bTB@h{!uYgv(G~k};dNr}{O#-A6>LL4T zU|Q6uY{TiAn54knMLmyvQ&NJryGE63Xgw@Nr?np$r@eRy|7xvgBff24H2gY^1bGl^Z z!{owShGj|t^W0jS*D`(BL@BLwzk1&nqe6f%=K*8hTOnCA3R{#=`Flm2zY2w6@XkWQ zef2{U$D;*le!%Z{x-5p0t{5F=SX2!v!0Y7>0u zp1-qP~j zd#%B+fX1eeCcKjcUHFVTDe&zLDeVK%wEzGB diff --git a/assets/dynatrace-oneagent-operator/dynatrace-oneagent-operator-0.8.0.tgz b/assets/dynatrace-oneagent-operator/dynatrace-oneagent-operator-0.8.0.tgz deleted file mode 100644 index 7ac62dd83333139109f20ce77324577cd825f8ae..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 30364 zcmYg$b8sC_^l$7m)=e7Qjnmj_Y};yV+&GPIoW{0o+iYw#wsT*t-2@o9AJh@@QYM ziULSF83nLodr z?DS&4tMH6g45ParY|Ad^C3ESa89%*-t(N9Ax*r(*s$sOS*Egm`$z zACA7hHvAYl*r}kT3{ZSVn)u*QN#S4-Ch6thcGSu=PvAjBYsKY+&(DAaQ8pBYc&H&Z z-wY@SRJwSM3RP=qk=(prCQE=(L^V3tChJ~lXDDdioE)e4FiNy!6zf3i+ywO^(wIfh z(HrcELf|b7tTo5?fZ?*R@;z*wQCpsI+8rqgZv@HFDj+|cMgFpI_96fu)f##>Hxx-$ z`^$zoJ&*_*b`%;kmp_AVpqPw=BoMVTj~tYss9M25Pp_tcuMSww)ldQ~X1zm>-6`#K zbC$IH+~ zbBXa91f%o;`uMYaRCKf%+25>Ntzg*vU6XRTlZ`5QETyW#8$}|IgESG;CDY)f3lfSs zJiX|~1uS3U44(Uf0aL329Rrn%pKFXNnL$o~3WJlBJF+PqQ;Pl3OIe24 z43nTL425c231wII<`IaE-dRe@MwQ@&IZ$rGo0Wmvv%h5OTwm{k+>ne|&ZA~ZBqo*( zPn2n#&r=FZrOviXpGTHEhScjExafp#1MDTYV&IX@#n)%tSyjmkI>^l@nN{iRRi>iu zgH~s=!@jzKoPYp9&ZUQvmaqag613A)@heW?sSmJYrU^A+sLgP(&5m#n&G3Rcq2iNM z`N&IXX;@m&4`N`_+Y)>AdD|#VAPZpx4j?KyoDuv}ps_{C7s;b>L{A_g_F_-C9YX-+ zN%IgHX0FsK@W5E6a3Zm9-;F{tfqQdmCXZz&@K)o(GJ7HeB4yY}6!J(#jF!^SbLI-m zgjKAyI%#nEa`GHg$c4p>I(hMBNFX*^=rXaZIn&6$g}el+jqkKNkPy~|!%iHZi(LSS zk6JSbh8U&b>qsL~*pNe+bkh-|tvC%rMD%fjuQrhjH%wK?>9;8w=2}dQAsmajc`dc5 z8H~V26n;ZVf(B9=v(vm{M${w_2O16p6LX_Zoh!$5DHZIAH$1^TeK;QNauw9TaRWzD znGKzq!ne{QR0PJD6c}8AA!>SQS=zwD=5ll!Ey;-z$YJpXB#3CDA?GBeWQj!n90q2r zXq3@pRX|$VTrIWaPaorhKeAqCP?meJrBmZc9mcszea_~I+LAgU{EI))Sw!Y3Yqg06 zPq28fuv3jNbm0iv%s~hGJz%R_zonvYpDe=AYuoXfmUVE@6Q!IS{gfkh9IpO2fu6IJ zU`2)712E#)P1%^p=Qe<96de2xrhf)kYRk?V;zBt;i_!)*?ndabi_%4OhsMEuQ)rYt zmfMDe6J?51(uRUWgS}6c^A_GWGVc-q3@Sy3aaof^IE1K`nV}=)p`)q=!%d~{8(Z$k zO2_=-K=e*2u-Mxz9S^&u|D~Qf!Z1!N`5UfYd`+WwUdcERs*DPDo+@cF16B<-KT<68 z4@w&Q$WR)N)fm|i7?^Un1(iA*4kh4fU>-h`8BBbL&fyP^L3w(NV}hYN>VidRZ|twA zuX$kQXx!7K_>sFjV_pQdJD0#Oez8LCPL`JXl)tX44GSS}B~>T{=)?6Q*IT~R@_>u! zwjK(CusOWJvoB}52epD7^G5DIZt~+bbBnEhd!_&mMpfC<3_v}ioKm$rDJtyqishrA zY}88tEaO~*oi^z*u=qK^S+<-T92bRr3)Y|$`6M|2|GP~}@Y7t2I7Ce-J}KuClyxsl z4fty-Us*CPJiMC~UB~_$2@xEYjzF{mAaB%99<+Rg%z^eZGrx}nPJbsT)Rq^9T>E{_ zY+GAr94r?PGkyZa2F)=9-cQ`?d=8Lx7S)Rfw@4!1f=R(>w*iWu0pZf?pGxcyj`ZnY zID-b?B+!usDmPm@hI^ry>2h~zp1-BAY5{P2RTdS+L`rYIm@#i4_=EYQnYDaVDh|QG zG{}qtaM{))IB9S&gcR%;gZbYf{+$GP3l~|qD=Kpy~SAF1b$jq?iH~DxCdQykZ@X!V-L2|gg zt`3aW_oh(S4j`xUK_IJUn*izoj3DZy#iBA}KDO{cP&Dp`7t>?F-APX*o>s6O zmdCQyFG3Cxu<9P*HK3?)5dJj4HYxWLuMiwy`-*1C6IlV2m}gmuPJm}Ii+A0QJcjG#fyb+fAJhhINY4ce7PE zp`Q8WYPU*CAjtxdg_|tu1cH@$JOK6JWfz3jLb%}Cx1DP_niMr<8UP+P5;uH>s~b}g zSKr>>$(^e%ywY9E@_7d~5(|)H0?yV79FX5eVxLW5=V%Q1Nu>;94z$En&lW6ckvY9fIp^x}#0V;72UK$pv;gILW{MJZ zHqc|pJl(iBmc1yW)rFqtC;0f|S+QTpT^*bNF)=IZ6`|}GD6|+1Z9}Qg874I~(3`o_ z!nj@q?Gnw;e~U$8AV%g%Gb8~?akPXv1$U}KwOazBzJtFEl!dxq@0A&9FFOky2HR0h zoqXN?b~xk~_A!)7QDdQ+`1wAZm$(PwJD_t@=B-NcCn)N@m62#&Wdlkr167bmjR&su zZ{#t@JkUIESA#uJTVgGy+EZRFYTw(&n`Xf>1-s?b0ji0rfJ|^PCF}!unO5XOs1yut zxDS}OvPwV7Nf%mfxxEUR%_7Zj0gZ2%5caAwJO>byH7togZHw)`6UzOZ+5_uY6|T|; zk4$&GKGz%!nmK~64qBgc!5$S!|3L@bLj(3WzABs>?a=Fzl_@?nVApNB*raSt{5ID`s zm`)~b-?94zXRY9OvF}0+Mr_#l#h9n4#6Wxf<(MBGbl}K`QJ?xuI{eH7Ypy94-t*-# zjX})8Z!4YVM2mSGGn}hOShMjiAO`$5vIbgPS0{&~Kj;1Lla+RHjvJw0Yw#eFRN|Lq zv;73O4-o7;AW#`Kli^fA!z#oztPl4qzqTzfL8_S-@kK@0 zVuViy!RhfyApAwJP7%yQ z&p-Gtf}v1vth)gx*4plMf^9dpHQUP35WHc9o1GZ^M#6kC=A;ybkWaO_#SH(@>62_* z&cGE({W5?XSG~G_r$!eX?RV6Z!o9s^LbnQe0x?__6Kb!On=LZD z4AYQs_RR4g%#&3FP_1MnZ{lVY26ySQ7zp>Cz01(#Et;oG_I}_@pk_{tV|GqL;w6;$ z3O%7n+8d@&CRIqsw|<0Ma#Xo;`GKpNt|K8r9lYbYnjA(=MfI8dL#i~Xp>Ygigna4G z%(W9bNacOHLs?B;kIV*|qV(`1vV!B!J{2PaX+p2n{hy8)dsiX#p!JWqwaY%7i}l<^ zaq%vcWX(?jpi1b&nx9OVAJ^(^!sAI_`8jQLGE-^%C#c%m6cpy=vLt@onU_OB#Fg77^8!FotZ zDGoujUx((TjL6MM^d5|8!>*=Ftj;sE%;t9##8jrFX5Rsp5f%a$7>nJwvv9aLj5w7# zshF1I^1@6!A(fFLi(V0u=4Y|ZV4N-oajBXwPhsXL4bdjI;Prl?4gClQ6iV}G>OnG= z7=_YU+;~T2zmB+oEpEX_)c(n`s_#OAc|fqCukSzEll>pr1HavYA#Qt`C~wY4PH;S% zPK^o8JduxlKBQ7`@4&X6U^&qskI$UK#sB0i`Txq9{4Ln_9Ou?U4vlaU`Aw7QA3^LT z`%HDCcUyl5&GCV4MXx`fmjAbi|C7}#99^b4<`vj&|ArpiJ(hr##hPlqq0O}FBtuv|u*L-6oI$#=7InV`o*2-W3yycnsd0%W60$qm? zs}os-W{x;1W8NO#A#56?DYQlBl7vM{8aQp%7$Ri+OD(;~G$)z<+93)|jLqCWXXUW> z-?cF8sUV_YC&C?g{(#m_|HoO0Sc!Ft-xJ5;_VWs7oT&lDz!Ru@j>NKG!$?>7zrLxz z1~{?-tgQm0h37$v9X*P2UNARe;NQ0}jzM4=>Or5gfHK6g$p7bpg+{>v zB%d{|6GYxju#ij@bitWA$Z|4ROyY8Lx{@IF+RO?8!&O6Hu90+nAe->aBNUWk`R?-8 zlJIdu6I|~LCQw!;!%+_o)U!icHf4HJ4wZrIzvgVg)wOU6+or=b`m63S0*hv#?2uvb*XE|!s!1tAdZ^8?=IUetZHhMO*p9}O< zv|!l7p4|5*zOeuYhbxgA7TQnPp`P65CrgH@6fjRpm^{ggS5ombcn{RMF9ZVZ?FZi) z{xezccuC;To7)^+bkknt0!U&AIBbPehHr`N$+@)g-iNx*K4)dIs_{?HYDu@5Id35t zfzG4Jt$yZv#_^nBc3I??0CtA}yVuW==S8>|5)df(Gp9-==>6XvgKyq@V9Urqp?LEF zcnqBlVy{We2ZAqfiqZwZC#vr!xjXN_i#=E3kW_wdCFR0U7ie@+57OBElj}EV897nt ziEE|SjLWQ+Bu^0vH%RM0Y&!>XdbxzddZ`voD0@eyqf2@1NhZ=68Hl_&e%yk{b91>Q zuOvfObf}on*IO&KL@?H3SnTn`LN+PYaGsQ^hOmEnNR0C5t^v#x&=X2f z6UxyFp`=DH!x2F24~ivgOr+y;edyc$u2=!XTPV6T-^9{k`n@Lyx8F^?g>TCkN3;gH zS~x>oK<-h5%*w31kwa{nG-)00^-h_tjI0~JvqagrGw0x6hdG^%Kft!r7jg1A;1MdX z954;+zK~AY|JAnY$j_%^1=878F8r^XA@}`nSQj-K%=UV@*3`93DH}BglJ<3?@8Jm6 zm%L;_Y->WTjnbbkTaXxOgu<%F;2YGvfJD{c7ZRNknEwL*FO2@%YIDGL$kuv#cn}qD z@5Y4YZ=$uAdb;aiwgJOBj^ALP!$2f)7^@)g2u(?`=M6ZiaM9@V`2T%t0%BAoU`J2D zKQeF2PXi#bjpP>suHJj-#v=RP(f$SXUPu}oeBUE+-*fnB5I_!xj{h+;#W2pShL|iG z^=cLLNmDfFH3A-_g1ZW^&r&I*NoV_!hXL&6W?10Jhqbz~IF(U|Uul-jOB>AK>5XIn zD04I}H+4S(W%FoFMCgXBfWSl2T>Qo>)~}Feh_;xl1Wt7s|7D<>;BO0?@Q`7u>E(eZ zJUPW0XS5=Y^nC>7S;>nrFWI@56J%1!8j+Xk)UjeycTjY~>GnK)ZoHE+n^3bPSd=ls z&|k5yy^xjIVzM^c=w~Zq;m1{4G?oNev46Uh26*|#Yzog?1q(*x0VOz+IRN=UmG+^v zZF{mL$U4OPrI5*>jm!;Y>tEyod$b%=8o5oP&fgOuO+oV}%yEIkjMz4iie$wKh{9rQ zf#xUl;t%rDxxLZdi{cBN!Zza@)o;UJzl(?#*3+TOd?D+4AQk`ML>3-RYN7Uxr*p*h zM5%BynB2j!5ffmIU$gJ7!RBACPfX|f&xYk1H%r0gLVV@u6vB0x3}rvS!%_?aL2$?$Y7g!Fn5v2C%Evrb?2kz-!r)l zQ2In02lrjqP`7HbzE>a;6on$qkz69q>V2||WLaxT1||oEnR@~$=p=V)sKFg^Z{VQM zp8vxd!SCBc;4FgitQ^m4e_mwY6zR`;y@MGsa;x~uO}-`GnqAt0wBH*mt$M3dLxo5D zq?`bb5vV9)h^MD$+>%$gqIm2dM1$<%mNGvK4MP9^q=t(>k;hpJ)MNZaUIz>c6)|qs zwK8u7oLC!kDL{Xr)Tx1zu-aGYTz_Rn+`CDDvm3}A8qS#@Z`?-M9jZ;rbJ~Jkt^GV zG|jgTO-d3}J=4b65K!MudDJUq>*pXn=GPpx47MgU*k$?Jl~%Xu$mP8Vlw$L!VJ^JC zm6s>s>mR}8C8Z^xzf&NNE_`HUc@E!|Jg-3PjKKjJeq;4XDprBCGX0Fjp(^?{yR58Lj@Vq}Sq$Wf#rN#4?>#2}RcHk3sK ze?wZY>@Ke8JDbx0(rjV*dGIsbO;6;Q2sq~-BmCzML|y~zPkMa*F7zN#AVh!Sosrpx z5Y=Et1Bsr!lc`SvWMwm3KDY(R1U*03=_RThf*?zmG^ZdJ|5jK++PLlT3s*UCVJTJA zAmaU7APN61UrGMkQYckG@4)=+%gtmfH2xJ^tnu$wcHtU(IK0!~;3~c;YoKYEX#&g% zslFH_7Apl8pyJGX$mWI?VK2aJN<9>05kG)LrYU|ZQ-7XJbUKeZCE*6G3h(@ghAX7p z6QUE#D{D+DhnX8cfxCPmpVWR1!Hl04l$GbuhqXwP&Y&;K#jV2O2PB(7Ve5`;BbTCa zun{K-qed*dFL8aydR$GkKZmd2A?2Z`I&}WV zg(q?GU#GhVFGPN=!%?)P`X{EeC`cdJakJJP^ew|!J85D?%~Dbq40xn8bEK19i) z(AwxdSX293n4RY9O7tV2_!9v-I3>N$?i@XeN9I1>3SFOQ6XX}(MMyalVbOoFOA?de zN>B_`RZ9f_485YgkLN1&>;j+>O*jI1O(Hy1fW`1oW;5})Xrrg6yWg0J$SzF9u_=UO z$*fyW1mox<9_mrdLO5v5deAWMl~ltX^Hs4+JO^1a!r{@3x9x))h$5`%HwQ?Ca#}fp zL>%hO6~1Fli79JZnMjTAC!Xk_Nr!{?G^}fSe^(`H@@FsbgU$W9n~m)`5RBGUIcO_OD+ZM!hR*ip30K9 zhUE(2(vNCMuzq+hJhireZkw@oTassxdhnZ8r$FbE@hzUCRegj|4i}e4op4g3XyubN zHdsQpbucUiAP{u3<2~z3XRl)9>qqr&n>e3su#*MB3qr41L^CSFw6A?if7E>YFbwsC zC^FUhVxUeUe*$(ILo|5YeqQ`9nV?ybNCv2Hf`yCP+Ay*^@f9Ns$cfQfGwd!dwp@W&k!pDb_;oAU>~_ ztopd|A~%`}kUy+i)D>z;oRo|cdlnm79cd||e@_%R6s92q0_3P8G-8i1sC}1J+6PDN zFsMt@pSIOvQUizb69Cr1|9*QE!xj}NYZd1O zksmpLt1K{`AeA5;Su0q#;2s)_w8|J&Deou2r*vX3KpHq7{|`%z*fqup8U)C)(!}|w zV^P^A(p9QCP6X6q`9D?Bs*(vFEo>K6M3VjG zajEb?D*WvdU()D+fJ`+a#GIyE-6{$DN)UUjmQFxU9RF+uZPb#j(*%Y?G;=|(d1NdM z=G3xawVk#POQw1Qa7%P!jWl#FJZEs(NZK0X+Puz_^~HA@GH~_Rs_<$h)CNP~u!NS(6EgX7vy8EfXbndC$A z{pt8M`o+emaG<&3$lu>p8Qd3Ynd-iC)bo=sssFNGD5iUb?s~_L*Qq))!WtcnqF_)n zK@!A5<30Z}iD0n$tVAel_p!SKhlxSPc_}r8Y=(&Hq)0xrJ8LIQT5BG^i}Oo49_Z;T z4HqtKsu%1FV#F2_xvxh02D9>$R8_%=F}PT=NC`&TgjWlRchr-%1CTN&T+my=aIY@Q zR8g3O5~4#jM!VUrq@v>{^i5PIa=2zu2HiF}U$a?-SeE@rr8#mJ>R(Dh4pGPZE%TlmMpa@C-R`uCX_lJN2{KmOjs2BKu~OA(@Ourf2~`?ELMzc;zpe;#zhtGzmZ zJgvSqGh|DtRu2%iK@9}r$jZFK%Tf*4R zBP=EcQqG9hQrh`fz`a)X9&kJ7_q05W@?wSZ?81TtLL7eMKlUuV^Yk#URu=gULc601 zkA+buisz?P`{T0XFeYze6D>>C@dKs*Oc@y#l<&1J5mnaok!0RV%{hJ%u(Pxp zm~jh^iHo{x22&5hUi@>AfTj#-{@<856ar_rOV)++!k<^h!gNMM;wRb5bjLpv*p3$W zYbjFo@N%q?iDXXirN38@@>a=yODU`!f@+dB?ouY^S%&r$4#LDL2}Q9PFA7s(6q^?g zEEHLym06i(jB}Au=ATWFJny7N)Q(md{LUc?><{xY2$UpN`oSxgD#j!VZ!+o6A*q7C zi!%htbWrD#Nr?*+2{!EFkOXsPrfB+{x0yV-;tc^52$hgZhff21RrG@2(PZfQo_m(* zF1xP^6M~YV%xcLdk{^p{q@jk5Z*`cc zK&`%CI%v)78pnF2W3N4Mj}DLirH)Zcm0)FZhD!dLpru#Cn?$g&{KPJ})7EC2Yo*6) zBj(W1CQe1N&BmUhVtS*Ru@~CWxgDLLI)QJEB{gr2dN+TKUBEs^d3+-a2~lH=F+1H0!{lv2 zeZJzY`yF$z~Zr}~U zP_~Eh8(0ZNGO8wy;z$loTz!63W}!_ER&28&qqipcAZSq3>e z*ws)8g)V?1kY@T@v;LAN-rm1%kz(w(B2|9cLoH|r3^pAKxo>+h?0^hVO=B{$BmFm0 z$naqHAMsM;^c7IrJV5xz^kGSiDx?Ee(kKq$?@{9AH&@Z_A;t!gN^2Z@n{+kD;pEMk zapvV`E@2ywmU$R9{O;k5_q>iXH`FqpPlb&vBTkLS>@`~>weymWxdsuBKS|r3A%QW; z?@F7>qkW#-O1y|?qLy$1H)gK$&CL*@$PQMlp|BaUHUd6RfHr|cUQF=MpTAf|)slHrd%3vE zf*|+wwoSb3&O142d4kuAjW6ZGcsad!sAW^*c0}k`UrCwz{^j@T*}S}rc^63FS|1O8 zvOQHN_sS>Po2^mhF`$EDdhSWr>=5I4Ory%0!_38ZJ0nkB{HaIauQ4|q@VZ{w{j2(9 z2ci<@JbQ9stgh=A1XQhf^L}EXil3s8^^NId-mVE_jKbL>;Iv>Q5D6x`(@XS1aC(FC zJfTyT@T>5P4m;5#(Fk(HpzG^45JQj|7vVvi(xet)Q06GQeGnE6C|14uXyd((AjDU(=ND6!Ip|Ew| z^Ch2TCI~?jcFfv~>Qkp4;Z`<;PbIgI(*6$?(6kUoh3X68)3NQj0)pBcssZ=#1VpZk z0qvf2Sc#eW@`@%z#1rSQ@k*6k-`Gk-+z4^iY#KLzZ>xM}c$qELL>HWG>{5soVV$s* zBg%yFib^A1`%1a6r&ZQ#mFLX7vi#y$wDciTg_lr5bM~9=QAB#)Ahc4}v0mb@(P5%Y z888Jh5wM*y1@M${#>I5QB)P;-VzTNIIX`-TqridwbvGQ=V2C7@Lc?vLWy=4M7IVP< zss7%6n(mr#lTS~P6!%rhoTfeN4IeG}DVQ*Coc0Abz8Z1lvqVQ+%S&JavA6WNmi}0Q z+{yA&C%Lr5*ClvxidOk=4yJqxtJTb`ERemAZmxH9o^qNJQSvojbqI<($aH+F9KeO zbfL0vyN1=(dX^wCr6xRS-bMsQA49^Beo^kX6LqnYW1y9idi8RvU1pFE`76iljM9wt zr=Tn;cBRBDO@&@~5LTL%BHD%QcM3jkIUrbRm-ol-8O!SH5k~k`>Rs9A4K|~M&Rk9C zBic%@mD23%&+y-lwsye@FCr9XmOKM{og+k|6hBWIB8;p*=KJq@deOic{9w6XiZTxW zNX3+e%#>xmEm*1zVVVwKrf?;k5X-h**~Y`#|k*L#n> zKd&P(klCCm8CE)xjyI^poN#dfiA?x7K)`XqaPJHOG^-}K=?j630^YN6h%0ZK3m+d{ z>fQ738)JXmROgs!N!WP32ESbYN2IK(u$1C-utH-W3<%5f>2&ak!*~I2OiUOGPJ@GA zC{dbbZS;^*VjrK)koE1m`#hVkAXh5K{%FF;%hI3?Dq24JAY_jF=TvMwnJO_Yae{cD z#hRaHQX)|(Tx4Ef8>Ga+t008Uu=67X`ENQBMQ4K%q3&LYdHBFv^9yqQgdx1m0Cxrux-afsV)Q{u?&;Ol1)N2?@Jk zLoN@ui`^rsuPm(7nq(;~^_GXDaJ?XaS1Y!`TpFIuKPA|VcWD&iX(1oqPK|0?{J7&A z&f1ScTM%bj#jAB4j7hg*>V&1lw8#Xja`YVK=xs2&A2~%9+6(&~-f15E{4>2IDZ@>I zDk4n$O1vcRCL&^EB_iZnPXJ@?`wt9=kIf8Kpj{bk3vYkzw^}0SR%Gii6G(VB%90|o ztC_T^lprL5B!$CVWT#q?C1y-DD*0(T>4-m2;$#M=-QK z0KcgRVFNp5+^l!Sde43pdc;8NIJD2)K3cVx?7rbAZgjLEIl4`)c~87b`oN-3!8>B? zFX$4O)&!N##L~Y|Uv%Yw!ojixcD)AxAWW4K40Q1z0xftmxR^$R`I9b3krb{yQP`RZ zS@2M=Mz=u=wZ>i2uHi6(xEHC(6|DjDf}sdorDV9gx}D^+M0pf~cAPLFTwkz|T@wpU zPQEcIUj4B6?~ut51#TLxefw3+?2pbmwrvz5k5H}4%G*C3(@i1lU?l#GUFu=Gc&%vh zTxk4gmcHJuXQBCosCwmA0Pko5a&|(m$ENT~GgenmA&#Y4lXZ0vSss7AhW~Kw$26LcorLtX?i58Q%F1g10m=9%kszHQ1r9e04)XT!Cjms^e{niEF z7TOIQWFlZ&GA?Y$6nEH%Iw8T1_+%!*O668YB#zbvRtgd7zNd3AsFnQyMLInqIg#yG zWf{NVYesy%3PGs_3Pzj=Ag6Uc^FTd?hSIGrG7GMj{4YvX``=xddYUZg?u;xtU1iB; z&+zXTtkuE(FF}GSc@=tj%P~f<$5Xf;piJBp{F^*kQ;s27l2Vk}UT5{`oY~TFxY2}0 zmG7vwc2Z-gQK;VoBIUhZH)}UVVlJ4bPvt~4#}*N7YP@H@-=wYoAij{Tr8MLtD;ko@ zPj?MBtV|5%tgCba!4(rl{zPrGn!()RT2eX0o^hVC$V@sXiu`I(SfE?NrD1LMLfum8 zLglTT>$&ZZK1Gza;q6jfF1&T*u>2z(LLb@=UR2^Bwk9khf_Yt&K}#-n8*`Jheht{k za4|(fZaa~w2s1eZkmX&@h0U zy2is?C;Z6$Cd4|N%59Il(e=~)T=*h2dss!&GbAxaHoeEZA%X?k&a`ZHp^(*k5WPzU z9f8rxK=cmIuRt;@5(SD&BdR=#J7@##_#<&x(p|0~52t$h@C`k~_~+BNw}4nun!*tr z*|uJPL*Ju%9fX5M)A_OF-nzy?t63MBnK;icoRzNGm|GlY62pgzHL@54b3)dnH6 zA}aEfPg-vs{shrfo$;)sZx#TtiKAWaD&3g&H#+%6G9(LJ{Q?;XQdM8DuqKU)(C6^7 zOe}s--K(O%rTV#=fM(KP)nxVQv;NI!l?%CP8x?%vh2>vqO!1n(@EquhC0dh*2!8y` zv{&UfLQNu-Zf8Hmr2e^PRwbki6|on>@x~(@IOs&_0IB0ph#S?5gB_PF1nSf5jpTkQ z=%XjZA}HEV5?cLrO@g@ID-575+tJ6?Y~R9?u8OFXiry1zTns;s)XF$SK#yLvcba6D zlRK?}I)dJlsGqh0MkWDUaj_%wqfXA%56&SwiV>cj#crwvZ%}cM{orgt`L_6U5veB9 zgOWS66sUdn=C$-1uEW7aMM@MK%)||Hg9e@A15y>!uJJ8n0h?QTBd~Qn5ML}CZo&;j zvv?TmP($EQDv-lnw-<`jQZ!izBLMo;PR?IbAmldPnoq2qxA;%`;V)vmTxFlZu?&B-(#hWsEA(s zGzcm&vxs5FCPVO{Uj=bnH$~5}-ax)tF^aF@ybbLsO3_Jn@E){^RF|sa0@G%f@E;sZ zL5rA!-&rbc0Uehw4Oy{*rN_Wd*Bg|HYwvMdTNiTMJLr2)JC#Hqyn!x>%AF;Uz<~IC zHZ%G>#SMi}ReofeasIfBPJS2;cGXgRrrCGA4|}JbuaO1a+Er<^TI3`#r1&$P*a!BM zyukT1E07CZNi)JzHLNxQCu6|_g@zZV_|^Bz1|W{Wziu1P9a)0hoOsWfEs^LnIu(N~ zyRsjunZK9ChHu3>QkGkP0;`*Hu}#x?`jr07S=?Gd`J z>-tdHG>qL7la-i%f<@OzGdHqbjcCiTNXPYYAusgpJ@@oT+5 zbg7&`jYY1fHQI2ydz)@j`45D{!@ZKFQ>&_kz+j#qB5M>(ekn3(@@paUUOh12JM>IqD>$b(VnnP1%x)eu);LgWqTv zHY-L~F83(vsbZkUwDlQemGA7Uvl>rrvl*i*Ak9AK1^)KmrCT1sPQ!=WE{_goyD?lP z8gZ@@E>d|BJOmRSOx|?d@y{K(?l>9L!D9GGiV6q9qk}UK_+t(O^0dEJu(7pQTol~A zvmizy(#dQ+3DHo)U4gBWZ;kvfOBH?@Sb4dP6A0u7l8PeU8+!5uk@{D>-(rfOuMkKn z?jhz6#GLe?@1SRx2s#A?r0dXRP~xE$0G1?!TNcBone0CmveG^ZyCvA;F`JWdEaJC$mO6%#CBf4 zmgn=bvHo}^*Fzv5E$^G)Ir$v>DxLjsXRlmhcQY~X!uRR?)Lwwx)9$$1&W<*@3qM|U`NYU0)f@ie-gh`RFU)=* z=fqW9@`5+Y?r+EP62vVDmwaSL{NQs)zR%%Slm2R79j%THnqN9Sbiv|d6lmHT;LQ6b zPNd&*)?e^2q2eQe-Ja=bXZEpfsrlKe&+7R08Y9o()6K_NzZvpF&Pwt((7Spr1X@DD5jYkO|*l{}W`0E)HcL>JZZmieSB1_a6r^Qv9U=fC+ zK#RMYWW?cM%Kd7`8}$>wX)orDDQ__DZfaoiYWPoS^rY!o{Z`vgw)&VL9yki z-2p$|@b?Oc-PtyMcT}pBygwTD?;@>(t2k$h(OAyVi1*xCIv)Obv1h%A(kc@+Nu{|w z<#x@WaBrm(h-y*9_WVw%`Lo3krd3m+%X&P%uyp#NI#FEJ#lo@gW4m~wvt=v0 zdb#)4wErV7rTtM~?V=hb()Z~Dw0Tp9l+R^zkLTiliN8u6T`M`*=yTFN8*O8Y?c%Ch zdC@Jhc@)cVhA)E>QLnqez9mSg!FG{)tc-O<&uF#O4Skbi^OYIpiHoW3*)C!TbUrfYAm0`2#YS(r&b+xY1*8N)LnMuT` zLM%y3PR3UgCc*0~n~>gU%(L$sl2RiUR*2lXm9`+qx(i`jlRjY7T}L<9_4WmEMWy0L znPWuI9~FDzQ8b3>QbmC|W-QdNod(>HZa$m7ca4O?_KUkdOJgl-?&xR8XWUHcLXVe; zElVDTCIRgTes?>a0FL`Pr{?O??YAmrto7kPUlt`}KAU|+;9ba-e}85-@s!C)UQAOg zXIS>IWMj^+Dl8UT9)*ScMzmct`8<{K_^R)T`_$3MoIeo8ybf#$;Sb8 zqNXg$=*+QBGKBBm#a5yFb$Dlp>}4?W(%r4*45I9Pg@+cNs#QwD%w)vwNk&fndkJYtoSb( ztuNe7jyy52Z8cBOnE_l@Zc|PxtcNytFr%##c9+*Xh`0xw+50#fp!`GM0()wgDZkS(_g8MP zhVH@)u1O5rQcqXjeOtqMVvm`WPIpU&?ZaU3l|r_zW~W~|(q)-v(2>EIu|>t1xygY#03;Lx=6frRBYn zO1XM0&3$ruj18YpUb$!j4$j5i)RrpT7R%z0n;*#0^A%IJZWn-2(B7*w@@t-y&UXrD zc@FM!`W|nnvB4e;Y|J_Z-4%py{$6I1et%QCjDN#xGduEPZ^AO^|9*%}WN1dqX?^I3 z&2ep9Y!c!+dvRYD6Q4ajS9fY=&dX^#7eLcjew(ZLzn}{wwp2ujSFt`zH3QX%$9XOie(C z;ncjFn=;><+f3H?lP)_!vIL`8cZlXKmXf%f6|mc)V{6+4`ak0K;;!&={^;klopTUu zJz_9A^LM8rynJ?j9WzK-xAQQ3CnvmU`Fc#f?CYuc0hC&1_NHI7swQc!wQpT*kL7uJ zk50y~?Tn+=Xe^3C*K-Wxn_gZPw@LAzi5BU3+Ds<8e4cZEZ}8C|VR@rnQBm*NX;4<2 zk_)gC$j=4%bZBe1@2qTO$~D!Xq(A9wmNR^1fBgrJ>3452Nk4cgvlXAUV=z&BNASzZ zeu%pLnN8bn#T_ESa>O*wKURn?|EhNJyqCSSUOrQIr;wBOOt6+0H>C}9dY||k{FMow zIn2f!TgXaQn)1kxSDy%c!J_Y*mX_*JM)>?)Cyzy(XRp0m=nvO*Q~S8`Rg12{xAR%1 z<%mz3O{>d#2CR~&?VhAGbAkJpz&F7)kV4Md;@R;c{(98Q>*CZmuQZO!wJNRkBjC!l z#WX`-2glm7Uv`_c6Mf~~pLpUcMt#kd?wu)z7DtvdJ52_nRN_zn+QaU4^3)&g5>#CL5un18YlLSkZ+#;)S7(RrMl0XC2tf=+gTX`EFX2;+2`sPJLf%JPxpU^ zpaoli#~bdrnHvSMa+tgAi#yWR=(b4w?8x zJ+p54)}`-X-)-caV#08@UpfS)Jx}>BCpzm4V;;V(Rx77_oQA|+dlu_^;A}&6)2Y!| zm4D)v&CBC*QmI;U`^BKUm9puodgY5oimzSsitS{o*2t+_GnglPYE&`HuE*8J`C?fl zm`g&?x7+cxe?=UB zN88eW&3SjrC*a-VCjL&>^6Tfd(&1`&0dx18m$lVi47{t~nn0#{fWuE&aCrE-f?p%J zx&E?E)rXknPp4EuUUS!r^>ZdNxY|pMoyp{LsAgI6Fl+0lXVuI6mK60Q_+XkTeB1Bj z{Xqy6wRMsy$L!Zweqa5%i1>s~!6HwP-7~`9xa=Fyk?gZpv(Zw2T=)Kq-fz%0azrt^ zN;a$X*?KulVVU3%zPqhYF#p_4v0vwXBfLhhR!ES&vs=Ni(PkxXa7N*EEJ+uzx`c6Mb#KD|E+J}%-Tvp?_t$!5hC zxj!Lzb>*?{_|XvX{P^`s;=?txz14ro_H=+E@WODAuz|R_qB~Z|_hpH~Z);}V}FHo;qRvWKhEhW`Rdh9A+-KD(+1ny216MOVk_}}n-F`BlJ zoB8;C-dV<2Hs5up+OR5@Z^V4=@a9@Dmi1rlPmMdcySg9F6S>`9tGny3ip=4$p9Fi( zV@Vu!XI!UCS$wZ=&Yl>x0Bp)`UaBJnJxh9>^=Bug6BE+{7?=*k!Xz0u&SpvbNf(}d zly|!`%bVSO_W_n$9UgAvb6ZZ%Ro>zIpKpvc+W}V3gI#&(Fy! zCbnx-BZ_!LB>o>Y8FlIcxS`8A)_5vep9eQ$c!o77yj%}KFPo-d=ghWSFZuUA{grUw zM4Y7#@wUp{L0|BbV%2tSB`J4dJM-VYO9n;BRj}XfY}_(?MScpnQqFw4@8Ys~ z#WfqOhECL^F7_ho?a`5bNN5EkE3i|b=MzBe{S)E=l|E^;;;kn zEPZ;uq4%u^KiF9D`X}bRw|4!M_tpC&-wJ8BYGPS**x`BX+A#xcS^A@y_o~00_2KP_ z!_Gc$$;<6AccY=EyzX$_|Dx5QOWtPLA?+(ptFQkewiEHl_YSUVQrA z#l`8zwmd#F{QSO+#}@7{Q$~HW_`}-uYj4|rGWF-(%M3kYyUcoO-r{9Fg&va!_U8Mg z^f0xXcBpGLId@q>H(Q^fm8q6X&!-PN+Vzz$)@;cj7ws!6w|+-GxcIYnotIB0zgX2_ z$NnLX_YQyl)AJGYZhvsQYIc6)2W8WU!Kq&|mVR9=>yNR=e|*wf zGcRtQIVR%D+y&{kebtc|^Hpxxv~SA7x4cj@r=tGndG_tr_BZ{wVd}@7H}4+bDdayY zV%SdNWW|s}i?bGNh&9v0+r+7!-ce9AY)GZz@CRA8Z@y07IF2aqXt#|v|MX$MZgn9U zJ9Nb98=2Gn>U)0k=Fw+EiB)4m!k@Oy(QjDRru~L}3vU13c02JAwW@dMsm0%uUpWqc z>Dd1GLTzHiZF+skYF#HHyOSwv`S3H9H@i_FY9h6^3w+@x?7B=9e1z0SGDBI zu`RXB-Vi#4WZYIBORTdU-mot(BHh|0J(94zq}aUB{^v3J%pZ!F&0_JQrWVVnPZBRucj<`aY^ z$Ji4P{XZF*L2R~%ZN6W*P57!a@#Txe#P!*W-8S1IuOJRW5(8@xq}J95=syX zqUhDKa3T^lKH$i=D}GRh5yYMs3G{}DA@XnTy_op&B|_-f;g&ZZzi#ty|F<30TTT!e z+ad`|rLsq8Bw_h&d+*Rlf|ypM470rQ&iQ9wy%RMD6vMg_z27D>riUHg&!;dUmPj2z zSV|X7AP6vgU?lOf_1&9^2mTY9@#LC;A^8MBgb~C8uMty{lZbrtQB|Mf9xDi;Q%@qP z))o^+5c;?7UV|eLR^pQSpCHhjT zKoHYcu0VjV*M%JGp(gaIM1n{j#@{@?dF01MH)n)ogvb@9>DE5qVe^|ur-Tti zry1KjqWMJF%1A;BXIf-FLF`Fn!xxPYd55Va!26-=r{jMJB5Cu+yFNaka8`)jKi@)i zwLEGKAreJ|$KZc9Po%@fES~&gq~+0HLKpQ)ZBsHGjW9+WAvhPh9yR=WsPWXTZ?|c; z=!O5xw@^F8NkMDu-%4UaryGbb?HBLFpGxxBYyIMF4R zNNE$g=)I?I#;?K>xJ(ckSC-!N z3NdBY&Rh!-KYQYqmvrI`jb1^l={dmi>ClSf?+hm%c$t{ko`}2kJOQ2wC9-dQA|#(M z_HUE1RFUy~ps~6H078^3LpTVV3=T z){T~4-HDY1F<>POf8Yh;om=8IkLZ)w_M?P01kryo@mlY}#OQUz#P%6CFP!t$L!~{w zMwlLX-(Cd~`QtOCmg9F9qGk1Sc883Q_l6Yhe5B{NNy%-9&g!z#Rd-GZnYL&0d}8?r ziNsXRf>7c~USYX&%23ma7YX8{&jt~zja4g)1+;wDCgz41(}{$^XMx?eanK)ry`XfJm zyW)qJ9k0|D^bFg);MOhSm&dBZ%{>+mA!4pfqu)O6_*Vy_46m*x1dns3sJ zh|c!T3*NeU`3UR(UHRV|ij0pdqirG6$>X)J4Eec~ShWXQBUY?$XGvISzwmzB%a$1> z9fwrase84HnfEHOXz%BaRf$9&%|mtVAK3pD{Yj_2&xU5yXWcY;zNO2veSSJt9FkF= zb=#voL$?aIMmQecV*f0wyTz7OqoMzE;r_bz4-`zSPu+8LL$;;k&tv-9Kbs%2twLN* zW5^RV!?v+K&P7@-BL(97H=bDF_+;7VFLom?Z|Y!PK3kcUkxBM@YeV+EFJ@c9&H2Qt zm2pGNGxv^j{Lqcq^!|#oFL$vMGs+gu{LcJr=;6qWUPw8O+ZVxQZGK?qNz3L1kO{B#cguQ)4(MrD z5GIAAy!^svk#{LLNp1AEwE_}j<7z5T`AJIZf=^DRwP{@|B8e_dlc zv+UFK-|i(ZuRFSI>9YOXQ_R!>b>D+~-}_?!`7?dKdxyXL;lU5=)|L0{>U(9+UG1J( zN-uq`PsN)xp_aP5A4~_&Bv0Kj^3X2L+fO7=r$TF1K6$EUvuZp2+%d&yd(UD}xb+iCcMH7asr&-_L0h97_P27A}}j*D2`eSB$;?+^WQ==ANSy3zrc zkM^lLv^?>bxN4>-AxlLDlBZdlE}t3pZOMZdp7-VcArBeBZpBdFW|%P2GYgZklaV&fPru z%qQj-5>I9;GQKIh#dep%zW!1g(vSzgaNUuOSr;9L;yNd#+2%&CBqA*{>+kGTThq^$ zGih%d!kYf?I(1r`4BO6+W)C}bUtPL&MQF7{c;vP=kF~$+2MisCFdX8kX;$TOLYwFHd--e~5lL8UCe$zMW?#SS^QS|Bt!y&! zZ0Mp#*DlE((bxX)#V=B;)8D*3ZQ0USZM%#&0&DuYE+V$64mMbCnh}lZBlq`&AnmZC(y-S8+BrH$BY-N-<-7UwZi&^ ziEVZ}I`p$WU7h~O&R&+0^UQm{sVPtV;fF|KWytC`3+C2E7%o()yGAYwsr)u&bFKN^ z*w9CkY-bM_KXS46$$5?q_Y96P9{KTDas3iRFYX`ZU_$%b%I+az+eX@Vj~;iX&0(8) z?b_s5GwScaGx+>V z_mjP+S&Ps1B(}{M5aIZ-SGD6hb=Uv?_Tj5UxFc;Bapd{0etE95-O`h=E}IyVQQs!4 z!{!$i8Dpm~)9c&+@LcFS&!j(EwJ=F#>;A^34)*unI(#gB99n}Z7u7?VkYkDmAE&1d z>vi$e?CvwM8FJk0V}ps>^e#U<7it`|ysrJoL4+zK(%xwhp$dz%Z;pw2HzlMC`WbGX z*7mKCZuYT*h(2c)?_c0}p{{)*@!+ukOs;RA61sZlyBeV7I(zMi76}CO4$Bee+|_I=b7(J`)oD+N`MS%+t(Fn^@bD@x&Cx z#ARqR#qH=x%p%528ai$GEw(dngs;D8Nc^Fl6~MOaT)~IG?QK_i!Wwn{T*dCm-*?Oy zRo}rp?SX!(u#EcDHFzy|EF_){?QHKfgm~rp)phMhUfw*X?&ZwR_Fp3RbopT9L#b^a zO0%6kylmI$=bpLMs=R*2P}_eySq8+$Zoene{#7>%Q=%!yR*#5BYHzXJ7~wD;IrHe7 zvwB>P%qUqBa-Dg3=cfsUV{2E-bCD@+y4W*Fgs`znVr=@y(YE_uf2VDJed?P;l4)&MmZ$t0*u>t-4CvX1sMdj1Pcz8>M zJ$p;s`#miK`d;i{ULJ`XR}p=zYTJEFH@3~MUlP*U4y(;~*Jr(tyV^)3SqEEQO%8X| z&9CWid!7k9tegvMOC}M&?p||w+h@j$pWM-@){)IlT4im&wvd3g_Ot!4B;?ov{nRZr zefS4&u;;T2p8LP>^)J;Gr*xdr&62h=G~B%T^P0K|#MUpn+E*-aOtMCt`^i>QxA3d` zy3~wcs>s-zd_p*4jry)`*UX1&j~x8&ovGg~STlsEt_kh@Z^;%oFMZ56OLy$p^TAVv z#JuXe-pD&@Jrp0Qu++7m{;A3`uQvVU&o$FyRzJC?7h#PU^XvhlgJbJ1;)r$soRhEC z)=aBgaNwfqIpr$tgo<%gzot&IwaOsIG8y2iTz&PuXX9gbL-Nr zYr{L;b}98r`XkBK^giwHw9ky6I=*|Yc~X6w7vJ5mk!&~Z4QmY(b0WP>=ey?KXwM*f zS8N+ZloHkEJHx>I?g{7X*z3%rw}gac)PHQV)4MxnOdRpXq6LosJ+Q_6e0Q{2u0!N! zSwYC6uRFZ^=KV>(9=ND5kAC2|qmRL`MP=(fk+_4%Bh`d8;=iREUNTt5Iu7aZbar02 zPw~M|Cac=^{A-Ni+rdBneACPm3)&Ud51c>@=(^Pu?)aiMs>>DQaPA8b?l_{@+<)h( zHD3YSmfrT>wNZPt5rma(2M*SmKR?i6k0~Rhv%QoUe4Rr-;W34I)!TRX{vq$+uD(_2 zOXkEKFC=t`{8=OVA3b~{yP~iCv+u&FZWiVRtNEV#Hkq|wIBL^>41H{YurKWJieA;` z$}Q%72d+D@?vXh}mxFCG>c3gLYW#1ebw4fC+%kJ9p31(P@2OA!d2QPr#|-P3}3ir&me+Kf2y#yI3#8R5pG`oT-560Q$p6i+4Jtc_CD)oj(vD~ zbr?8Nw`;EXcC*6j_`kO!l6JlGbjScMEF;}E;eAb{<34R_NbF##n?Q`@HilShfbHf!OZHVRA(DSnSnjP~H)}!Cnl-t{ zcXc}Yc7R5Z5XGIDx+tW_sJBb4 zH8HlE&xNj!|N2b&Z%2NvjS8D~`2X4a7C1SoGT#mm9tpeb0|c*+l*3iXlIf{uKPH)k zPFFLjQ0LV2bajS~E1|o(rlzVNHFi}`brtGF0a?A*i|$XaxatC{dtp`3pNPn!5`yAh z(W@Z4@(@FOv93U(1W34K=Kj7@-90_Y3?xD@-knx5eNLUncfRv||Nr-$uCD&-j@|1X zAYQrq4D->i<-Q*I-oH-2uxT;a6|ne)ZqKaKqm3oPOb(PMv-{%|#ym+R8}fj#GBLe)kt6pMBlT#XDD> z!$1AD3!PP$-}pav-}U6jlpnwM!I_=@{;T6J-g;>OJ$`=a3Hw_&k4LWDU;_VN7Qg-8 zhfca_{KvB^ryuyM$j(&{-IusL^59L8Q>UMnes<>ey{A0)qrF3suf{ZI?Y6&N9r5@6 z;0fjIXTBp12w(c-JNGP`-2YEEd66?`KAVpOyLbKXRp)*EdprJqcvh<~d*g3U-@exv z`_NyXNWJ*p`^O_6+;&3Z@?RXRK7IfBE4S}G@8%PrdgYG9SVZ&>T-UDXyEnP~&vw6V z$J^tV{pHMm%|(8Qx8YF>hwR5(<>~F@; zAbXpaN+(~q|3vMq?Q6e%cI5s4I{T3|p=4KXpl^9+EHe1U?;M!kt!!O>;r#4|I`WB{;s{5%cXG`^&hXAz4xh|w=a9o z<73;tKfdbgt6$7UuH5k92kxIfKLR_;?p_r;aGL$X=P!+2|Ap6Y|GTpyyA^Z%gLpbK za`Mi;9aDSm_}IgdQ_s2o8vE<{n@)P;f$w>@9=OXhAK3NuN`L=#&wlPB?y`qIbIw;T z*DotRzWcA1J-&YTt$QB1(?0WsZ>;*iPksE$X$9|l-45e-d$&FJxf>$?eanii-x$5@ ztC6ogaq!VS#*cTs;oyJV@udSl_`&Swcbz?Re&kQC?LTMDDdQ`tKi_cR;X5C`JihA< z2cCb^!S8SQ-kV?e&8|O(78fi(c-!)oC*HdJybqnuD<64g_SWH_{$S=OSM9p)!Cy}A zT(z8fUx`lSemHvi^*`PD++Fs;^1e^*f7iZ!tBh6ee&NxbtCnBL><^~@=Vg=k?s(yZ zzxl}z>IeDDpSW?)w_5wAhwi-dwmqL4J8k)eOys-x;phMD_SY@DXlmcUi`mFutUmeX z@BPzB*M2bm(*xP+@GQ)8f9Zz81-ma^LK)rhjwBm(RWHxuM$lUB2()fzzhXjQqpuQ=YnX^*L)!#pmsK z^Ufz8`{af@V*B0{x#z)I?XG98`|=&byKes3qlNoc-T2JjJ%K(FIsY@~eC5k$;I~{W zY+v@7TV}pE`J?M@`{_q!|9Ncr^6k<`uXySouitj&7X<1wdsl1iowqSR+4#*BH_lwO zVMQeSu`8yYyLC z{`BOF-zS_RY9Iaf^jYut-P!-=t!q|HpBWileagy5zni-A`D_0A<{jc=t=aPq{QTap z?3@Oo_~HpGBIQ+&{Cvlg%RaX9iJ5zV8dpSqd-j!Ep1V7^;;A#1zjyQ+BF2MvQCEKA zr1+(!`{*ZTE?6;r`!ktk+gG1;<;?1|kM@7bB1{f9db+z^Re{;@0X9{u5Ug;O6n z@viZUit^gW_TKou&&*8TGW)JKzj*OQZ(JTZ|JF78jK4T}<<93$xM9tce>t=J{p-(| z{ndT?s%P)|;mYYdU$`L>x&NbAefopxAMStb>{IU9AU}Wg+YhYY`|Gj$UOab8aQCif zZ%HqU{KqBdoc!PJe*Bu-&;Gz8UwHe!Z+rUeEzfV*_nTd-pZVvR&mYi|(`%AH8(tO} zz2NklpS`#9^$m_aev0y-Wp|T>98k?o1^ zroZ&;GauUauBSe*_PQ6hO+UNiyqPDTFs}K@r#_LKeB$6IPT95XI{z1+zUSd5KfUdZ zKfCzq)d!#6aqg8fpZoQ@&x}N<(`L7AUl#fBzrFt*rB4ihJQ9gSqzo2s*?8Ie{?PZ# z{r~iOsrx@W4{D4$Q?KYA(3koBzqr60^80^GoQ*L{_kX??uXS$`m9$zI$xzOeL5<`$ z%2Jx@>mL{xsPFUkz2KD-5FY-J4@3vH17+W47RFfy|Pe4CYekQkgI)^ zXO`WGp}rWCoNV<`6S`?kxI=wxA_2wroz_ErOqA)P9M`YvLw%*9RxuiOvtI7k?5f=u zq#8!)d{z+FP@R8PukBmEuB?wc1MAlrl-nrQopHNS8|ou(t3_8opN?S9M5#MiS_Ho?S^g|btQaIURxR9 z*yB~(8=Nv7vsBgB9zI*KTJ0_;nV4G*!}oP>g}+EIy3K~Z;I^uxU=Iv4FdjBKHxqub zH~b1FDB7G_+$h4mo^Wf`?go}kXR=!K2Pv~&HS2nRscLJLwbZy>cl#YP&<81opKP@& z#)~zx>JL(z^y-xEnp$x!)wApL8VdfudM!mp3YRuWF;R9c7!UbzrT${oH0pztYfr8X z^)N^=Gz~L&6Q-;8lLrb9Qgz#F6rqXTDEGtLK`Q)e+FHuhTW)6i#>= z(AKX5afo{)L+{`_PS7>`a1C{B!fp)p)y#6as`t%pCv*X4?%B?vzV3GRt$#bV-MQza zQzf4QrqUblST_IzuU|LN@qhti{kqAbJ3*C)`Vhs%IVzE)WJ+LS(O8m-C8G)c$Q-n0 zx_W~={cos`p%-`1xyb~Ui6+P#j6kLoqC88*xv0P&A^|D#Q9enfcG#RB6 z6ic&FA$h0}P-YlF1QwdHuN@RH0z@}V@>pPju!IGFgjn#-rrz)Y2?o};W9lRGc<$JE zJQ3$@Rd;Qv@ixO<+ZE|$`JN$e#m8dN1WPe-Hp<72m9O)0CYppvxM-Xslk!nEK{0V5 z%5#SbLCQij8K;<7A{yggJ74FL4EQ?F90OnHmVEt>(ASTM_rou99~lU+#~1B03`YrE zG{#VAcpv2`fr&B+ieZE(NAbxh8>bj14$c{pFoX#0w*p5Av1l^ZexD$8o~9UqjV5AL zf<*Dap0PNUNJJ9=IPqwb3GQwM6asWlB#C$lJ}NNORtkiTfjkK= z8V|dLMLz5n1H?!OQ6WJFPYO_o$BEGK_O*B%`tgZqk|RxH0D`c37=#ZC?eXPyNl1X4 zP-3IWLrW|OAa~{qi)m7%Ns&(y!FbRy%aiwzA~m=x#mI9`VT&Eav#8%K${ z@dSV_{pw>bLnoF%_jm=}xg(aB2G=xsw&Q5~!RasE_J|-@;Eyi|7WmH53(pbojB&^8 z;DyW(k0uf@9hZy>1fauWcXm>U&0Tx-!>`_>pgH~#*g5_Y*g5_Y*g5_Ygf9OGu{r*M z_Z|KbVmOC@=vFtO*ozA^NSt+X*ZtZpH4-aa5~KoDYp5i)A(5Mk3a(f9g9y0;{1R1PY8}@ z{^|aZ(Gk%G7e6*9_B~R(>;YXEISWbfg=2O$2M|HUl2Mj~jxi=06R21`%ES&4 zfLx^kcH;bNdn^}=MTIqqV{j@bEM@A)t<%0lrtTG8Z6Z9C3!kCu99cphKQ_@I5ohjH zt}D_4J|6ydBFG}JQGtjfB;ZXajbVE}Ga?1@asS{%LmwaND;M43AQ@u7nKCYD)v9Yt zMMsbEYeqI)-kK`mz+hmy1rb<$>HhOwmGRkbVQXV#vl9g|v z`bJ(dH`-grs`cWgY;PS~9NWTWYe_POB&H0kW_(G^w~#3rTgQZnLakMm$2LzCShud# zl1!!VxGoUmX*wnur7?$JS$s>R>T4;i^xZ5UQk5M$HU0QIo?BJ-bX&o$yR|y zL4}jmN)xG-00jjXsf8vIvn?!UU8G7)6ck!WEx5?aH<5@KDZSB>)k0HIvkVHLO{Ix~ zOiM}AyliDTMXUs}iUgP+i5Xv3^G&Q~SS%J?tQt)eWEn->?8vIbh3yNptfD}+3N0KM zTq#Y{$meOK=36-JwQ!F2k(KpPE@fnc0wY_JkF5ePi&B7cdE zLjiKIm35E>dPsRlObLY`<-m1CL@XAOgVbyjgWO`?QN%2)pGRumK>@5s60oW{NX@Xa zmE{!?(IpXN*EketE{67?@AO8rsIE8JrX27!iJO>Ef|ggfWYm_1w@#LZy`*F!8mn2* zi75?dlTwBDu~=wgF)N@T<6tqv$yO>*#5`9LGmLCi0vzN6S4H!DN{(lc zl?`ytYspq2z-ob!)jaG&fGk6hRjsM01wj$>t|DfdNX__IMJ}=mO{C^|6d*$y_FODV zO+`%wiYhtS=RK^Z1jKr-lI9sj%rHvMqcP~(DtM@d0_5`?Qd0~zJ&=J$md2u-$6=r6 zu$ZDrd!P4_s0FZxWIi!3AWL$vs5Oz5;!uz^q+!I%7UHmlXjx1-V0%~v9T+Z3^9)i` zur?p3c^0V}htqURw(G&Xq}iT%4oyB#RK%g2*TQL@M{0q_!=8&Qqlv9lfUT^H0`QBhfYbu4hxm*lYAs@q zIgk%A*rx-W<~gt{kQJMJ3+x5wXcqZ=3k8yoe2*bIvm~aJrorxMWEBEg%zEIb*wXlt zh-ld|0xV`ZS(F5@3q`H8r1VA+1)3*Y5{tw<^l2$Mo>NqV#wO@S0vUZQf_)pFY$1l& zikOAH^b|4As@(v=tUueO)O9T^OeV5`!%X)?tPC1af&HKB-0^iy=M{`9pjP*P=>IEEaqP{5ixYx)6le6#6*9 zCLdddqojEn2S(e!vmVNMjBMpw*vc}p2tI>oY#Dw@1YFAVNJS0`P!n4jRuS{yCxA;n zQd2xK$^NvECDAC4XyUtp#sKah3-oLFifTAm%mPla;78cf1mt@(77dVFZO0{HBVleoPSYef( z`j9J(CbBddTNMX^T@#-LU-mrN%6p26XjzqL*~+#s;G39fVimO%b*qDdY!itY4uM@+ z1eaMw-Qvh<8xyU3OBUOhs3H#LgLYVzd@M>X0=)zUMoD`N>_5SEVpkPbQ7gVI8W0b( z2<~?<(W*LaJY*C#>xOuk5fJSysxRG?rbf(yr4MJ~Bbzo(l!pytYpv>(MB0=Bu*Cw6 zAr=s6Q&lqz0{y6YPsw>cf-$YUk7@|^p2tCo#y;J_4i=kU8#_{hlA}A=0s8A;M}SPa zgB>gy^V-;v^|4RWD9y9jGFT;@GD>NJLxB4XP80qBtQC|DYGKfO0KA`Z6u=8B<%6v$ zYNZK01l)jB)RHZYR)E(g)Hzx!Fd>eq;q~Ax>5^v}{#cike|naglY` zdu`U6(zvbl5o2hmk0QS{(3sLw&ZMrnqY!Vu{5i@Yq4FX@a9HoPBiE8$EgxZ2-M)>q zJxdtkA9~0G@p3G@i!L#D;L;N*^T}?m*}h7H@ZEf#Zr`99j|zS3yAMb1MCgY$<9KM+ zJ+fY;mB5fz?K{Q0(f+(3zZ2s#iQXVT(Ia_cDa1ccLVOHx735hYRvctyAcScl2n&N$ z6Uq>30sUby&tY)gG`M;ms07@wg@cL@a4uUJ7Q!7_G-#kbMa&Y|h7eCt4F-3hQ>}Q| z_gW~&`-&Hlwi^Lis>zq5$!VT5vE>mzei4gbO~T4U(XQp&f@UEyxBE z4{Jjf;z)WRY9IqpvJ>hy1N6$bbxQ-Kpq%F`YO0Avi9uGu2}30WA-QmLlv^OSrKkl6 zRXnf_WMw>M40(_qDzI)b(^SMPk05OXnzA%MT&uxA2q}x8CkUSm2SOc1MS+q_8HE7S zsx0Wh1)9d96hK-8`wjL(!XH>ukPUSNX|YeYAneAX#NisGK&e)kN~a(Mf%MivR;sC} zh*8u`JEcgqh-@TG$plK8j6o})Lm%XjV2uH`GA&t!G&svBAS;B$#3l_0WmrWtJmR}z zwuwbUz-j@~JOPOX4vnE6`=fng%c=w+8A-#zCqkVRd=!R2kd8xG$;*&>TT%|l!LWrd~DK!Y-v8Wq(D|PoPROX(7$XcsK`XWQEvHc$`5}F-{gU0tx*^se@U*qE;A0LZy6|UZ}_kaX%$sD+4yd z$yN$dlB4toNx>;vJEv$}O;0IXE zws0W99x_Noo|5*!-g#tI$o{~d;6NjsMEuUmvq~-un-Sm>?0EotoArrr5x;@-Ax|(* zQByt^H5Xf?ji9JmawLR+qb=f#K^VFg{6dg#VimX%+CwU;(MZfV$mBiXG9^bt3eiLm zX2UoO){i=hszJ!hAPekNYGPI6aCmGG;&OOo65_L1@Iy=ne9`>SXCV|fTG-lRg_utK zjt34`REhW?vJ4(s8Hc2cz=M!(`aJlkfK5+8Bo&pI5WBz+QUZw~LjQ*Js1+WWW!pz& z1`lZv$brf6LWW?F0;y_fFJK!1q)Xv`NUHb)3ptw0*;E98h#5>QZaI_Wf4Gu%9% z2xH6(j%`};YUU8_GKq+Ff_XNcoR>yW>1xw)^@URaq1%m#_2vM* z-wolHa)1SL0F4_JO2hf2RNK-ljBR$d<`}auh8tVC%~Rzup`t953s_FLUU4$ehA*99hi>VY`hY3V`DgIkqLoy=tXNI0O6+Vu-Xy<6*uD*f(Jp73fRl>4F(zf`00jnFiz1FXvWi&QYUe{Wv_fJyY=TZmTn%vy zPmX!hpm(S^p26OVWhXpl36DmVVFY8h zK%XQ=B(_j!;xMM-NPWg@;Q%#JD6=I)>|^qLIF1owJ&}#@EMI~?Iht0|JO_F#0k4ob zHaehNS%XV1v&iIGSwu9%ZjkpN z6XeQ!vbEKcRbrohSC2~{UGt6Pge1QzHmr2GCKi1?5F3JBwfAfh?`g}_! zm;?H(I>Zi03|khFRSEHn9PdLOmI-C;l*!SxB!E9Gs@GQ%gLFBXPb_it5=Sp_^b$ue zar6>LFLCto$k773#L-I}y~NQ=9KFQROB}t#(Z>--4;bs$0l}{SLqEvx_k6w7^B>7? zc3 zcz<8UbSLx%HQuaN9k-}esBt?iQMI|Qc7rNT*2tyedE)$eH*4nAINR^36W zuR9`ChdOW*mQd69)^{tqvfR0~9i<4%) zQSH&i+=pnX5sAu=%7<&?uqKpQ*Q(7jDB-e!;-q;QMZU~dbSZa2r}TPx{-P&bchVUg z7|7r)(x`$_2CI@7t(sGMwCnj%&91>vb9!-HP~Qrw`<1Xk%560Dqfpg64LG{i(8>B$ zyQ0?@)qo3E57$A#ZZ@a|T2lQ~!ERDou}&F!9WYC$+zHcZUp4ELKfkA5pE4VEy{6aQ z`C2;GE1xVDoyC_vQY_|zZC(7+jPQ zRZ?(DJ_2xYCTwq8u|3*0jf~Tyo&XR3c^wD_COb123{hcyb& zB2{d^n3}Z94xo-!babjn)pf7)U}i9r z;#ASB!Z^pqU0!V^)}0Z%YHEHjw&*UUh5jbu92H()KwaHy1U$O>1@%O!Ol{H)FLYe! z{Pz7c7nu#mUA=~?*$o}oy+h=cW=U_t)Iur^pasd}iHoi`A-LrtCVwxQn|=?PbL^a4l@mMO4qMRw=EahwQ3Tn%!vV&ZJ!@ z5!n{A;Wmra4ll#J?f03w+c0&9vdOoyft0CYwF-ozX}Uwo^TAdN%^*Z&xD+bm59lt7 z?ayK))UotqL_&vh4>(cJKAH|ywzZ1hm`_H%NPS#ey;CtK(|W^APv}~u7j`P0UsOCZN;ffnMtV1yz>Cmo6ht2ci$pHZ2j%59l z4PCF1=?9K`vz%<$tzH%s^>MQf{7x<$uFZ~M5HEynx-m47d`QKP4SUKg zhiDrP0O)X>MUHL*(7K#XIlUHGE_Wh?bgI`87qGfix$Jb72+J*Zy0m+A2%<|wT}8D` za!yes&1=uwJ1Nmyl#<57w9s^@y6sYq9-bU@U{tS_^fJspuWOqp3FbN>36^xK>FDLf zHlo(7x@Og^>#zAcs(2BpHM%jsszbf%68(k`3dcRT>h-C45pFjU?KXDiB@suo z3;Ke?yzGt~)jk}Dx~$t}J*QW7&9xgnO2u|rr<`^@ELyYcZo{sURfYBByl0$(0TxPs zI~t~N&kSTF0=Z@of(6kp8DqX)JJ{KQn~(m|>E1bQ*=G-JuWfNREt~ zj{ZllKG&}5;VcUnW6#CI^tZU`w8J~UBA}%DDM#0TkA%T3nsv9oSTFa_$#Ohp3xDX3 eF_&ITucg=0Yw2~Aum2YS0RR88#}k79P67bm77pA1 diff --git a/assets/dynatrace-oneagent-operator/dynatrace-oneagent-operator-0.8.000.tgz b/assets/dynatrace-oneagent-operator/dynatrace-oneagent-operator-0.8.000.tgz deleted file mode 100755 index 6911e8d552af99f59282472255b8d9a060d88a4b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 30369 zcmYg%Wl&sAv@P!L3?AIwf(`EOkN|-Y++7EE5ANhdo@)o3IWW21Ii4;`b9yD%R)g_K*dLx-<(&E>#H`ujghvnfV!TZfU3T| z?H9+dK02CCVhWb_4lrk8sQ&n}_p4GxNR3hZL?4O5;8elg27_(saJtsdt@{LQt6#I( z*3Tl=Rk5+~%Yv2|PwuOzKX_9|Q8R(CW!Q-%boTH#v2cr-BFS|T(8BhhIV*eV$0H0k<^!V^z*ZW+?x5dyPCd>or$AMbNq>`fm8hJFfiYf5-+`{S)n0zj}^c?Sl zo*5NNMofJ8>g4Zl`vJEgGdndiGbI-%12{NTQ93w;PknLHg;|^F9lRISQFAfw=L|}g z;=y1|f*a!T&xV7+WKQC%(Y8^LEG&vKUjU4t>M$d=+6*YT!odp{6u2Zs&|#-x*aX=W zChL|_$Ip9@KnTW5gRc+}ZTLQd{!~R&?+_S`*a?j>ZOO~}qR5TZ1&bnmD_#WV&jUy> zZQy4L!_kxsvDPeEg2~|#N8nRti>FCU)YH(=#A3I==po7K+BK{!EIMi=x`4$(Jq^Ho z-V5yLwZ>L&-|VbCs$z}sNDG4+ypIP>nMI+7Xv9L(5Ms#%)6^KJT7r6|N`g9BR(@~VaytyB%={a@0&sx;NWIdaZ~A{Zm@u6kCMDAAm&Cp z_`sd+a1p+2_Ir{Z=?DwxGs%nyJu_2wKDSMWH3CnddupLznpv%om3&>~56S4m5PcL~ zxlAO5lH_teZy)9{v2Vg0Y7lwOS2G%vV(uqXH88`7sTjO<$QvVFS-I~lbiSi>p8C}( z9*q69=?_Z+_!uz>hZs~t)o>{6_;Y@=pU@C634yI3t~8L&xvS)E|wA2aAka zErb&)9+hq)iw!70LasKz=StEI`hsY-LxXcefUU#~fHSBHmV?#6m}x|!RZWgV3PDqv z*>xyl6wyq>V@+{slFx^vuw*%>&EU*@MKluzo(Q3|0?lxL5R%ht#BmV)v#-*S zbk&%}wq`cjs>J)g70f~^5OeAZlq7)oG0AAS#lk2G1AWA2rE%fOF%RjRFbk zV1oFxc7*_-6BEp!Km(qjG`UL22N|v;xL;SL6HOLem-0372q^n;SgnJ{59y2HDn80J zJhenbQUKeT8RKOn)pVc{Qa)!%oM94v^NogfI+BuNb|hL55wTI7!AF4AddIVLY#FhrF{s8s>gQ;EeT3g;SE1Hu$tLaash+ijdzTv z^lcKZ8g6#5NXi~*B5T)t0`12h4g(yVZm3O_0Y9K}z`0@IMYauko71Gj1(WH>h5T1;lPviUg8A9_|R4*Q>IDR z51t!S5afd92ri#ACD8!Apre;tc2|Rf&o*4$yKV15eVH+FHDNy@GLU>3Ss;;1hoZ!r~7Ze3r#Q7pq9VR$H82<&G^8b&Sd}~8qk_omzJ!AV14CSLkWb6 z#&H<SDMa1B$woztzr#<(d;^sE zyik!TV3aobhzF}af-3m7pr}>RlF)uV=KL248jcZY=nM4nCzKnV1F;%XOx*HGe%}=t z-b5=znP|Y>k=IOc@jgDn_yY-Qjx0q}Q79MP)}`yJ@| zs6U$6Ak-e;YtcG}j877(y#sgxmC+&Zf{e-#Zu_ZUp~iC{q2G$1FxhPX?5AF+Ld8mY z$95I}Rx(=VQ%B~%a|Np2sU+l$5%vH2}of%{~5Ly5;;a5GRU=qOXKLhuibFJUhx69T@mrzh4K9 z36RQ;bgW|<#MdoLi3~~M1Ejr|SX%=*AZzHnHT5)hhJVL;W;yyBl9+V)Cwt20XF(*| zC$M0Ys^^F5CrV`Gcu)F(P4LCqE_Uhd5pME~!4jp1@v?;HATeu{_~Q<&@RKdwFd*Bg zKwQMeb-PoR$h$!zu`u)x(&gP3?V8zMRU6G;V694AFp$Hza#p%7I=z=<%uE-M4@W-? z*4Y2x#}cDUreHDvX{{83{|5A=AF_}i9?-aOcgHDmi=DH!@2NLp&$Y1vMjMQ>_YE!) z_ytfLA$cG*kB}{}HxKCxV%j1Ir6bMqfeZa*RvyUn3Z8;*FK~Bg^=@LGAPW_VM!_D3 z6dtsT4kWR=HQJjV@bs7_l43kr);OoTHC7U>@Pp2w9W|F5Hi=Z%b<$vCO z0+oD)7L-B1%Sn&(K__0C`qDs*VHXIvy=giJM5{3MMn9p~C|Pw3T~JE2!%c$_J0j?k z6z!xQsi^11!Z3)Qk-_g7#8|TQ9-e6Q|JOxFq3e$#Hhfnc`VF{hJVcGLUep*bUaklk zgK$_ogrgO~-Y+$|Qqp9q5V&#Oc*!}szHQ4nj)-4CG{7r~U?YHvAt5K^W3)|-@ETen zFNX3r6s=Xq4(af_qjKiW8@sTQB3D12e2v-0`dU9%(=nJW7YPIB1-FBrZekcm%Y%r0 z&yUgiw2utg>F1?c?udp%-2t#!u1;oyk}4x?V}Q@OIl=c%=R0z#4t1mWNz&v%!1RmuBdNY}f$=l<#VU?7@#zsaOBGj`E{ zCcq0pFbXx5YMM)Oqnipb;ZQW_l3fm*F68UPw zJftC&wpwrA%GL5yduz{xR)u`%s8ky{W_JIGWbsj`8_!lnsHt3j^8#5+Hi?%H#*i5= z#Xfni1M6c?|E~%%dJXDcECB^9WJdwEdg%o6KZnTXSW>3F(PAk`4oWG|_S~O`#?YkZ zmrHm?Rqpb!nx7}8a7A^A${->?Cp@V9_zGwdto7PJdMuF*hH8E9y#_JRmC?P2{d=B$ z<*bAv-u45f{j(d8e2vmS*Qz_d{5|y|pamw-*a$iyV3W+KS&)vP*bIoVRUXHb&K{ZU zXP?BV7Aw9r4wcy5J&5X#6;e|Y42Fhu=<8o}*iRhn^x_As8kRPsDwIY_+9|_x8Lj{Q zC8?#%opg9D+=k#Q5JFe0X+HJ!-h2?V`ZlQ)@m1wAV_BS5tpV@#pYOEY4GyNeyQXGf z(XfcjSLPH-SR3$uB2mE^Bp%n5pvI#&-fqm1&U`^a$i%a(NKr8wL_deivd`wgGti{K zf5+=j9#%@wf9*)1i?1K`cL2rK2eiY2dFPEfj;27z1rWP)v>;noPuuc@mbCdf%RUP* z@#AW8O7EwErm>l3%m}LGG(G_`ZyC9i`N!Yp4ElQH*d$dSq4X8+eh)1xM|y?6=ge~n z$>(W_fwwsYR}BvzQ7s9}-5G=EKdLx3pVCF*pYbijk~g-LS430UBo;9dVZ_}=L%K^! zD$HR%Km1Z3-z_`*V0N`z8*(;LY=4|)Y(2X^E2lTEJne&N7iKeHLp0ZwGlfP5Xaq2A zq!67BYe;kV1TlpVY6T!D*;u3Tga~<=$Kn~^yN6h(G$4Pwgy$HFG%uIN)S}B}t%ph1 zZv2Jc;@vB&{<_-<;(Y|U;rA<*F~3n2%nU#|#ox<{aT&rRC-|M8(|JF$;!~3T@w8!qUNX&!q*P8Ti z5D;Xn_nRro=8w06qdX`-jW^WqH1)rl3hifv-pACXTW6exIQ6fXqC+zJ?N0QU@^%~@ z#&DD_2kbRcQV>Yv2_`POyn4P+94a>`!6J`7D>jAo*)A6osBm=oACQicGI-a`fsvG1 z)4pAS*t7-oVg7?%KEoh7I(npC38ONm5ICR)%!3~qOkk!6!xxYkp=pflKMbg~r-F3s zFUH)B7NyZ}{kt%J*V+MFgO8X5miw_^sOc&~r2^sQHzl$s5Mv9#cyH=40%bvoFxgvB z$S5jg;}EJCE%^+pNu_?qZia#=pEK%q`a=o+$vYi=OCLCbex6#*%ZBD(zDYfxgZOaq=a3a;KolkU`8-@axvtu* z26C$nuxkflX*8q2>Kc&p=hZh5rq!@CnXSlLsjzTv1;Bq!I7lZk-_n!BdO+mS7M8!i zXXW!UHBGwxxJu|!g@6>J2=6Ld9$c#e&pbLBJ-W=8H@Y_r(EwWs<73VN-C=#RM|ET^ z!o4ttGFe{x1xe%i_<(ZMHlr2mn-yg}-Zy8@uM)h|udQ29Ri6;SpHO`Ko!;C2`LNW% z{~!1CV?*`3EU|jiLxR#5QYF>u!plmdiHggP*l9;e4W<_I8_qbzb9PnYfTV?1ez3ue z3(j_zwuRR#M(|ty(ZDjgNkIeD~bnY;XBkgBDnK9qsLU`BG)cnu(S&_wC@YgQbXn6g>&|&n{() zbqWt3&e&d&a2d}%vH_bL)<#7m|KcFJ0os@)X;^yU%&j`h67bFLiloryaa!b!lb?g$ z8fuem#|$6-GLiCyK4(dr z0nM9q7~g#^jwIR%)iv}13DQ4W_45V0PWyj0{(T$!ovM$3>oA`T z)8I!_$jvVHYgDn${Z|McB(t^~46-Moy{C7ozaej-F7mzJPeF6un@|(b85Vj4Xy}cE0@PRrYJ72d%V-W0JPTdx zDL#`*(_sElnaFSi(o)LxdQtym{_kyRky+L^h50uD02jr-g-4avD2T`@J%10u$DxKG zMzJ;;KDVP7S615Y^Qj$GB|*#wqExLoA`$~ExERT2tT|j@dLskucUIJ z{Ub0xNrmB~gExq%m(tk`LqMB2QdZ@gL@zC$IPY>=E5fIfVab6@-opVKV@u7Ow!nm` z_}KkI&bs;*Jltq>ICNHrTH)6}31=XB;i#%HM45wFn!b~a5?wVRodUH zlX+UG`z2k(fv9qd_G%GfVa28eNN50PVq(*1|Ip~TE`YvyT~)^t21uW6W0}|p z5JY#Tm2V=a*RhVZAF06~kcOwF!9`L&6ybT18xj}rV-^qR)xO&p-e5n?0Cvy>ODe5o18nBcQK!zo2j;U#*j0HhcaxFua1a0eevO z7-h^2=wB9kCMfbgwD5%r18N)MhxofcJ4w^166bY0A7*kN>bjN{VToYCY;6!hER~ir(WKmwgkZ3qd;G=+(}<1|;yr zbdCnZkEgAFQn8(a*D8^8V{1Hubp}mayHq=Apeg)0 z<+p4h$la#zW$Em{Er4q8ru4o-@pnTXH{UVTet+Q$aVpe^{{`Kz{UFD>OXEjQRIP@6 zYN(MIGZR1CZ(#h^eR#^@irsIahV(b&9n^Wc*F+~AXig@<&41OT6e{^dRSI2-cWi4 z0N?V~OxCkZvrThni{A!~U+Av}O+W>Lk%1Do>P&!+#NT60PSQP5IAY74#J&mENOE}_ znoLZDsX=R?(ucS2JOtTF%2i4@b#abc`JBIU!_}E!kIzcxW#)9vBBD#Hw9ss4jeeGB zGBW_1JYIT(o`AHwlBn}Z*5}u?uyFcvh`7lAQ7}WOZVunP7D^_|7qmsC|IuTlCgB;f^}f`1_7c#8=9U>HAJE zfjBdKGd(qBZ{7+vzu^mP1cmaJag8DFiypsDAU{@My6C9r@d8DS@t+;0{$Ag=4`;jQ z*#D>-qt{Zo+6hyxk$*w!M&)w@yG&a5OS>1qLY%TlC;nhHMSYjSjz*dtnq^<{TJDy- zinC@|qkNmKRLuAS5R&D8#MXaEkixbJjajOJ3^ctEWzt4OF%nw)QUmWWY#>3o`IMBq zzi`3gax&a-dn75Iu@~2sAqJe|Ksg0Bsk>)tNo;;gYtE0dE-~^i#XjEuaPHOxgvNt2 z%fVt8SJ%e=~=5e3h=div`>Ty-`NKk>sgeIK*}#Pe8U<9H~{ z&o`1I^S|>Mf&*R5rh~ii>foep5x3yY@VzVwn!l|mFYFBMQ)2iZytjA@9sZ15$rRR{ zC(c6wb5PwVWQ~sz`&+uVvte&k8M#}Q(0KLuSo9}QtI{#@l_D%E@-ii(nn2}@G*W6N zlTmD%q?Wea33Y?k4ZaxA`}^#OD;&1BSgB26$qJqsHDWv^>u>T>#bB1m0R=SQ_QPVy z?T(!*HOo zOOI4p2?GCHKT4mJF3)%EUFbOW%}4&Hf|u`{R`c}{N(!o3qfxqgCfo)?`Xq#*y7XVO z%o~-s-XAaDJNLVa3FfMzBc#cbtU6$iH#EYs@KU3f1d9q*o&BDO1*u!pk?%!Kuck?P z!shmEV}-qA;@Qj4D#*rT!H)J0K7Pn^KfjU$7c3aC2t$aLv7N|=S{qEjgsC{E3si;x zh-}iD3d8nj{wDPtF-Od!WtY!X7uD=p^K7iQ6&0!WzzEMW*M;nlS*Oomv2Y=!kkcMS z;9X00dT<1F8{$V2;O66P&65bD>d4B5XZ-yT8+#(j5?*X-@mM-wtw08oZb2aQC~dYG zf+kir+l@l0RVtibjyq^A!>5bJuL}UIHeNU`f3p}+j(_Ls0@WTG8pYvEz`AU6goK4` zz9^My)|=A8Qt!hH9c(y)-Gna)a{0JC;R*(xJI3L1ijWKGWQ-hei%eKk;A@aS!*5nO zAnl;=q@`c3y+Tr;Kz3a$o@nykSRKtYZb7-m1Qx;hz8ZSSs)AK_{M_-tAvsKDT_$Gg zB+EcAoOO?YW1pxRzYZZX9D9po4~w`>)C;X9A(h17WxM%xRrSMW%VX++6xC+!!FOH7 ze(h`PrVvmTlPW0_0o>ogQn@YIaTv5w<{1UoQkc&bu4dV8ylUFat_X!zHgz5Dc}n@L zNdPCFl=4|xCZvT%bFBcNw&l$FCrWfa1`{*PdIMax2Q&64!R8$#vf$8V^rC?p0@>PJ zkA|wxNMp=eYjnBMkiV9IMKfwrhwP3j-d1x#%vHP^Y1(mGtQe1G^y7)PZb_%fH(IMU9T$UOT5!#viuI%u*%bm^gGNuhC(%{5<0 zG5OGXx};3Y=9`t2MuC;ODRJOBbow&gdwkl|RO=U|JcK4aW?xIz{USaK4$E;Sah36D z(&5>rt4(m@J}sWQiUNN8<}am6Zd4o%xIgw1g67PswYf4HVH*yQBAV3GeHdP}SJWsY zpI}nsR?)Ore3*oM2AsW&wQ5v%gFBqbH^)3bd0lLcR~+3TksIVt)Y*wRH95`&`DK~SO2`#BSf4>M@}-_el-Mgxc2N&#`5 z0rgKS&HO9NLSrO$9~+u+P9J;oko~0J$Uiex3Wc|u+~G@e{p1oBfOXNK-jOjs!-Fa? z|M4=O%Pp|eUc7r{}92n1<;6(+cp4En()KEr7#oOd)7 zx{O>c8Xw9)$uiz#Y5$Ig6)8Ngf@hepG~+(-M>8Lb0tHDu$g9Ga0)Kae(p|c7C7_yx zvY-_PvwQvSTJB zO}rdEvSJ;qNgie;Gj#KzL&)jb$=`P7ZIz`=vnG15g;|pu+`?g+C&z-h2c<+xh0{|B zyRgY~#Uf_5P!q!vaUJ!5WVH<>r>Z5Ew!Aa&Y61&IG-Ec6Sb{~e{a_2RAY?iwZWp7G z!tzhHOhY_$m17;u+S@S0wC#6E*m;a8HS^)-N2 z(8t=X=>B!BsVGHwt}#oc+$;$qi85xBj`8P765-akWC0htyhScfOm*&$_^Pgy4FoX% z07S6o7%DTxR^@mNI)di;J$zht32;HKDdj&%NOzPMQL-jpav{;-05QHK*DJC_He|=f zk7*Ljk44z!p*QHGj{qv7ZahLI2Qp!qGK8_T7-Z9I7Ea6XanCc@As|9|>1>Q6W6!fD z@|1Z{1a*usL1G63vQHRW&)9lA*q)i1R54O}+ZlHR613F9U=$l+fCVXvjacBGSFsxJ zsR%ruEj}wlZcJgJYcDIDM1tiZ;eV73~F1>dXyU)rKj3V=>o%aa_Wp_Hl8 zZscA01~QqCKN^&GiCc|0fQSG^e=NL4qzbO@$emL5KK)h*q34%Io6Q&-1z9(l%>Jnl@z0u7+Wyx-G$(<<32E| z!DksA(@iKQ&?~s>2!93E*9-**e^?l4O4AL#OT1wo{S|QvONkZ*{O4L2o4!*hS6CC| zZWZVE^Ep3N3*5OA*DB{)Ta?BBo@#X-c*Zgj zg<<{l1Y*W;cX~O2q3_a(7L4vD`&p97Zqxg4jWIngK4n`nm{@O|zoB@Fb9{TD@pa;w zC$=2MF{r_Kw}+##ssf0O>!PW*v|Y`}u?*vt%RSiffw zr}Msk39>WAVsyJSLS2(tkt_d<*9Awj@}P`eJemG4inlG(*3LkVU@9k5{LsqPABOYi zx#w(7!|4*Bmam6|H2xl4DF}(G8_XM?j*lid3rwBD!ON{3Vs5}B2)1vG&~PEc9o^Qp zsn9~e&?sRfjS)06jGv9sG@5!gyGeow^HGzH=K(tgqynf7LlMlsF=_m1B*ZWi)(ECo ze3`Po`N{b;VS6xlxksivd9Vylo8%s%@XH2OCY#v4W5p%55pQ&zpt!++rOMU#190ZM zP>}Z3k?WuMe?aN6zE9%W`wA)@h+?A(B2oko29&-(5?rFoga$bv=@y!*RH|LuN&3N} za`0vQ4TRWW%%rb$Rt(^9cz*`Q7*FxPGT&p}s$J+)2a?HU^ z&$XKj?q~HFk%SD+CkR`Vvu;vuy8ccBeJpi@Ob0EZk`g#V3|C0bh(>p((FN4^=OPS9 zxW46K(Sre#y%+u=;j6cj-nW1N#2|0elFA7d#IeJXY_nhmzI`99!-`0T6W63YF@9lv zh-xsJGiIr!w}Tp9RnHh&`rMzcuigci@SNe(q}eRCCl5)67(1z^9hw68m$A8pDYOqk zXx}l;W`9~U%@-?jWrrCI%GxJZ=h=-!MX^o+iXkZc)D-T=5V(I3sW zUI$hN!}#{(VD*O@a`F|4Nja-|q#l=Hbv=t$I};%qJ`x?c)p03Ku*ccXXP|1?u(YL? zT$ngttQyw~Iy|p~2Hj}iF+o9vwK%-8H|E)|sG)Zlbp%5Axp%85H!TP7=!1kX?5!nNBLQ|&}m*){d>18Y!%#`KxL#@Hf!(+D_ zL`wGK8V@ghYiW%UrSZNz8@Cg*iE*oTFf#GLF`pPJ6t+l`9}jzp;;|^{i=6DDQ1q97 z4WrlnrSAe3r2GCsMuh)F0WWWdAkg-23B~FR3h~dk!`))2g|HOVi?CrRJc|zegS`sW{MGRV z0+K}$=*-Mye_!)PyBEiQQq$r~pt(kDX|P~q|9xoTrpTK>?vrb(TD$m<8cmY?pUvUs z844-Se((;iB7$}Kx|gi*sHSxi2_TnDL#F-`zVI8H6*hHq))j>A(Bown9fLXmhRJl1 z159YRHly&j!;)g$LX}L|ZJmemDMTIdPqw!tpRpC;Vcf_R`xt4~_s=sQa_Tl)>@Jzf zIW2}s=|@A~xOaKcW88R$zhVEX(7~y22s1L<3Ajh1J1t2L-4`;BaHrn25>`mpj*oMe zV2}AJr+cO9-bbcgG%3@?U>Mq2T|lHveemqw>94m({sRMlh(tAnO+sjnkq7*kB*6~5?aSC6bhvCMi31DY7>x2nM(v6&RXfep($7v$F zlfE$#Icvzf8Ue1};#TaL-zoL64ptWqGAlD(RwKEYfh3|_R93^kjrasTpGy^+DR_gh zw@)-ZMCL_I@uN3OOP{d!hKMX@N1=4FjBI5oFba@|Eo?xXRN5t}y*~&ZqS2EIj;D|J z`dJNUaB|6eDY*@!Ntc}dljShDbUCTNl>mjWGW92tNSFVj_S9_`f9%3PTdP3< z2iIqLU;3jPKcsP9Mj6#m*Rk4!O;6N3I2v63yn!+~NXB|SIpCrnwLis@*n9d(S?Ic9 zpoG-Xd;%$YNCDwv(9Z`vjI~%OEk!32S$IuyD0$}=DXRYxrn`g4?6b0wi=1B00h)p< zz;H$j;#G>Y=1!Hy8zsJYt1>Zqd^d0o*YO81w8;F<=YPtTg!uYS!Z)4 z;%fyM`)3c<`*vS(oN&0RAPzUy2BP1-^jP7MjvfTRkw-Jo7ZBV;@#s6JQUjsm%4|_0 z(o;dH(FVfIB_r8myCn^%%&cj_wtsLSB&CpO)=5PZOCKpM;+$n07}nycnd%x!HEKVw z@K()ARx_dH*I2L0Ijr4}M;V+)7NlKcgtqG_dd?g6vz((gU!rlTs^5hPwKu_IFqmxm z`!A^RzScqHimYXGjek5-*BX}#uQQfQ<(Dv5Ddv|qc5?gZ+|yL@3h%1#Yw;61C--LS z5tOf5@wJTn>9Q5Q9)>;&8{m%v7;VhPl2Mj`v3G2+j@sXN1mMs9<39!sz%#$xcD}iiaNtT;7P3`bMass6?N1c&>GUZ z_rN~;nYM;vq#L~PLetzf@hCI!skSK90+S`E^_3x=ybWcgk=SV(0Sy{ss%Bpa& z(<|Xjn#ZiKVi$> z^D%8Mk?1){?Mlrv5N!XLMTWhX=ODOemf7pQ!T?lE%e;*>cMn2%ya*bN{GpXeyyC3B zCE|#qfx+4V^Zj2~$yn~eXDmh^a94s`-ijDNVf&|$;Iz>a&(!2NeyI(g(h_ncX z1oux2Jv7{aZDzTpEgam3Qoi_YMf=$$XZY1U)#7=-N{d07C~W1@-mlcG%%P(&3h;L3 zjc6rbFy+3(Y`TQe9FAH z)6I>-j16;tA`Gtx48bn~QA0{azH@wmt598h!lw^nQd4M2ghx;ym){{O+?TU$Lir>K zF?ggU^+(M0{w@KiZRSqa{HXT$y$%JM+=z)$8k~Z*A?s3hDi%B+GvYhQBrc;I;GG{; zW|#o;GjpA2_^kOy>KluhIJF7gX)RHv0%??;WHM7%)Rc+r6lJ4bOc19a!Q~15rkTrz zRU-p)S447%H*rUz}Zcc|qJktXjy*+6K3!@o&#sj$ZzPkF(4 z{h{cJv)3GM&7;B>hxoWGy6qbxD9e$oTE!C52c_?-Wog9A%#&-=g2Fa z9dX(DU6q5t8TGjj3ha`#*T1^Tn@;m3R*#QDeJMwjiKiPe8Y<$N1sIzJB!G#-4E&v5 z+-t^zXeR6{yef3($8a=acoJ80EZI?{4Ar@%^tJ|)vqqSsisf#zn?%SP$wDVN3o+3l z^jEVeA&?1W$ql&_e5Uwl24O2_+gRsIqoi<+-#kVV=4p(QH}$*XWCpXL+KQ1!K9EOiX>Qg7eZDEhZ-VEpv&} zUv5LAH};j;39CuA-N9tcbs3XUPALXsoH?FrWD}f&Axy-{0}(HEWpd&+BqMY#w)6jN zM;`Sv9(K$u$S8(@`t$xJn_}15_l6xr>woK=``TZM|j6r|8sHub*u6x(M6y1nHSw0Vr*uFjw@)OR^WRjgNRH2ERAmT5+u;VXomBPeRp>-S+=bHzp z1V?}QS2rfagbz)dbYUY#*I`M!)PC!ioFeZRnZ|ceL#8|=G{$MNqC-INhJj2gPR$v- z5oa$nvCx)u{}l&JLsOD6lT!8qpl;?;|K1Apn6VEI6HZEx!qfFDa%XALP(Gvrq2cYc zC_C+AoSe7_E_p6DbotaD*P`CgY4UyAkR@@%!q1|mXpC8OlE~?JTJ2F0gpst6n?Bq8 zsrV-lLXwol`=O=M6*?NKO_ge=EllgZ4K0SqD-%ZZ!;PN1G^l;o|W#XQp#3qr)7*Ri)SoUsu zjHuse7O7nz59jN@=Ucb@4@<+fkH?_BpZc`sQ5n9=wIvik0*-c`UJ}$NB_>PzTY2eH z4ESptCHq;eL@?L;|2=k`mRsx(@Z3*aMZ9in*j)b6eAxZ_!>a1Y zkFak)R#F1zgs=N%T^2mM?*6euJ9+sc9(dZ`j%qdauYA3_uAv7Q-WyFDuF@p96c?FZ z>aWcmCKh-3r`iC>qMMz(Wtf4Qy<$Ocx07oFF5^bWCZ5uZ(5C3bi(_2;*obHw$7voq zBkd|v)OW!Zs=kMz-?Wzn(3Y;FuTRH}tK#I3oW(5xe;;lBT<2_F=Bc~4NwjTjwC;k> z8^UDq7LF4qxz!j|PoIZ>B+`hVd|{lMMCMpPD_fEf5iiITST?%0fBM(_wngK3-)x+i zCpeeI8HU%Y=@%yKh5h$=!g)6@izbYJ=b_u?G3LD2JnFWq3(>7!^mE>ZM63PZzt2*< zeeH7Vlz~@=QMZ1E6*-+ z3UUECPSczyvd1J#DfE{=$(v%LqG=c*N&#T|HPy&TE}Q&atK2X}Y-h;-+cp)Q6;qE)OP3`FD| zLj9+9@X+;(rm?5_f~N?kDE5Ve;FrdoxTksibDr6mpQj%98tqGyg6iF{^Kuk@`g#5} z4#-V?je&Dow-%S;KE?s}^mi4pGlJMtHImX)6jrA(PraJ}{w9aGbD+cgkyAIZI~OBf z>+z*w?Dwv(^B1D#bv}2`JIpkB=Q0ky-y9V>vKr;s4+;X^muADQT>6zyKYX-b23NcW zyWAPC_7g+Gel`8_?5Q?Yfa3F>OJ{I!VZXF;>}Ws+W!)C-m7%p6vX!dP{?IN^d%%Q2 zzu9>%s^#Z1HzGAsTO-I|6>@sSj)~`@th;dla}(>Ac$hY-j~~m|Lm3zp9ZvhUUv(yH z+`A`dbCg#X$U8`$#?}k+^cJ9^%?+ssyqJXhzO!m#{aE3!S*RX+SmU#*M8q9>Sd_p!WU&APQ+ zhq5Rw_Q|N&i_B^gbB~FiY@So*n1F76XH!~f-+MYwXaxBFeYwR$FoJU2O&F(#VSKPH z;W?4GaOelmH6JcEzGQcyw7n78$#h6dv>)u%IANHOr>N&1IqKhcVI_5$p2oOY*h{B} zkr0yJI{czYGY0G1w5#FZzJ6XOy-pMBN>Ydm4O|k*U%ggUz~HtB-i`0NTR7mX(@b>S zyvwA4(PL)E0>;2G$^5L#mwctsLJoSi>Dy>O2;!-miUzT z7ASBN9DHj`xiP;fBN zBlEFc*I^eJQjn!Aqi0r=Gg#!^K{w$Ixm<)m8$t z2Yy?8FLpftMUkLG!{KzD1*lihQ`Uam(P;_|o=SR*Rcr3jkcl zHo5hCJ?k~O_hzbmwC%N@Ufca6*=G0m zLWLOt;L>>c4}zCJC{Mn%&wI3QZV7p}f7mVNKk4pjy3COOHecbmLe}P!w11T@J^OhE z+-g`L)M@_wFWR{O^g&VnJ-J!5_8J_{`UL8V6*8~G zCDvRSkMNw^sEIXWMR(IsFO%`;Ds%h-GQPJRwzHf0b=-d3dE;nxYRfQHS2H5q?`F4I zL43K)y$FCTKRmTRFR*>qCvI&qy$3uO06SLD-*QW=cS5x`dh@5T=8rza| zua<1aCC*PRMCS*gc71Sd7gqYs+X?Cw1!tC>lb-iOoXxX=t1gb_lacrHRNi0Diz}q! z51ziDuSVq5oko41o;HYv9e=hqmo@G}`FZ=TW7pn6we;KZ{RGL4-{$Ah?F1@^VTo?5 zTS#-FE4%J3x;WYGe9z7BA}v~VQ+tl3C34{8WT(#aSdve}LR}Y_yQJYgI3^kdzs`F( z%Xs!y1iVcbb&F&simMqcwAH7R^?fWz`VxQiN%K7`RQ{D*NZ`CM?5%qu7rDHNjxH#o zcv{XSBpL3n6G#lY@kohsl_4WXuggHs8QQk0QAMC4^5>VYKz9&!Gw}IXJguk)Y&EtiH?t|=Ikol5Vd%tYGv5?a3SvTst{924bz(~jS ztHMYS#2bus*Xv^HhqJxx42k9K&5V1}>~&ZS5v0t&`9eaDyZP-tv?iK%(ZfR8w9{YS z^!allCs(9AhTrR{lXw=P7GGAS8t46o_QQ5*Zawg zj&1C3myf#qi*aX6vJSonS)sg2l&cU998B&i6Q|U?;xly&nb*fato$PcMWJEA*cmtOz)_)t` z9wJrTfV?~2li{-y>uJ77>mej$(vN`Db~UFUV!HF+Wws#S+=m0x7h4CNjbqHnrEJdg zfUmz^)GyXtAJ!wMOrf-$NAXjgdtmt*rORsdJZEg~D{$)equ+$I-Q<0{ac9NrSOBXZ z<#8fvHJ;}k zSF3-e@8VxCvSwG_Ht_{Lr}KP8GwcM}E5v`j%p!-Mc4M1*PZzzm=f4(yU|aJ)6kHvP zh58BNHwX4xT*Mwqyij?COT0F>?(h!xwNs%|;M<+%dz%G(u^DO7uE3(G5y5Y5`W-IT zD=6=dfhmY>Lf(ABzS9mV2ymeCbA*-!J8eQt=GFBpV^8&a)5S&MmfvK1xKF=ypPWAY z&M*}NAHMbkFsgr>rnk+Ypvs;3_S$ls_}1V!9R8V~f(6yiWGp|K^tH>#ewbWpET-!2 zZ#?nGf*;}{t4$BB1THHsw z;_`&`*~G{b=yG{Ie(?ZlyHz=id-{b;)gL$=QbvQXn<3~S`eZyg#M+&Z(A9IchEKD7 z0DDtpNFy&NthSOstinU}X1{(;rULak==IZQ#5<>8T&ngGy6B(2dU}nFP+#k|D0^D* z!tXn~8G9L`k&f-}`j-$CsSDzMhT=ZRiO?};D#D29FYhkf{ z1f5RF1O#$}WM}v5(}%4J##+=r_U}&QUh4HiY;9FvciX849Znwtr`HoB*wuSe`VNKV zC&M)pvLv9sBAR(7ncjg(`;Xyw(m7M4(=`;4$`LIh_>mq~fBsJZ(KRm0&N`&twf&Us z=O_2?{UqhgxBD(Gn^#=3!D{G4P3mGVqTUYO{o2&}sG*gq?`0Vm5H*+oWBWMD)>U`? zk@V*lKY0FsJuVJA@Xpew=No$8dhmmd6|a9{&U|qMTZ@p$F3bS zz?P*ynt8AK+gTspo;d96^On5a9&G&)d0=n8UrG;CyJ?5IR+Dp=6?C)p8CscYx%7Pcu%lgH`C`qM406%FvU2Np z)PsvZYu9=CWb%tu9ag?}a@ID}k5fJ-khv>ggQ?MZ<?hpg6hBCi$UD6{7%S(#Q3+<1-e>r6N z%R8s0eQ;)lRONk>Rrd^scJnLVVRc+r}N4)o|!~WJQ=GD97+r}kK*pabF5cr%t!lsMiQ2`8)wdcVM@Dj;<~iSFA;lZJ@dxmt!*FJo*TCL zzc<3O&xNka3?Yc=OwHY)LkME`n6nDvi?5U05;OiqHU04XlOn`SaOU#0nz`Hkr~8hd)VgtmD_}`Iul>MNK9Oxz4+bvgo4l5I-&zX z%rItb9hy6sAS|H-p&*K0Eej_iQR4%Se7oWYWf(#1d67VGh!`UO=H82mFJB^rjva1! z5?Dekd?5IXfFl4@-+VFaO%3&S|b2(kRKw>_~nkqyr$R`siRs`{7M9-*seMr~9O z#50DMUPT}2<5r?Cr3wTwedP)S_gy)N&>tex_&zThai$R zZ@lZ{0}5w_*!}Y@R9DNR)(|35M0gDTXY)ilY|P@xFGgA({Uvl!uhcdr)6ocH#1VpX zq3cn@uZJ2>-THQ$c8gy4&wLBDL!1<}#{R7&CUm-i`0}2zFGF`HmlFRmo!;}yTmPE2 zA2k9{BbLj1JBAZoVu_SCp^M&o>Sp{Z3}G0pl#$&mkKSC;QJF=|+ul2LJF%R|nAxpk zh}8O5-HFQtk#S||O|KABX6?+i5b?7oZh1*3&d}%;#G0N1ET0aoIR4IX;(?cmiS3EF zTh9~VnNTA8)+a*p31j~@8A}xzAIF7^8S`1^Y3&eN!w6#0ln`TAg6Kby_%?!=#>GB& z%QKD8TBNe}~8!te)PAl|tpZu5vfiETehXhRVFCljyr9!!j0 zM@(#=ar44CUp-XX<7O+hUly= zD_wQxgpg@_CeJ69e~?H_)hq}lp5zslJEsgat$2|jKKg7BvD#R*vRFXNXKi9`h%udb zXnN1k9?ujKMb;84nuK8?1*7-gG4s>7&AT7%6}ruS(+9>A+fEEkB=Y;)4s7d}F?*Eb z#co7u+meYB=A}RK)3+;rc-iqvZ9&hl%?obb5`KBCI^5i2@em^B$~5}z+@4Voxo0pHU{@<1Vy`jkXxH8%nGMzkL`^u1?ONmu`pfzH} z`gWFth4u^Yx4mqcQPOcpRh_z5yO?>e5{veJ?pT#b^wB(2*ZzV1U(ug*+WTy1Mt#;z zljmEyJlp4|W5ppE^;x$)+B0;kaBGC);Vt&hvbtMrSv4B^KNs$=YyUvO#QM}dM>k|! zI{rMSul=+6A=@g%=CET1(tXdg2#5{BFIL8m&h)wUWIQw!JJ29hd;mq&M&xRh3%;<%b)3|*R zT-N3XcAhl7dT6kMpsH(LXy3V_e&L+QQcgh2)E`u~l|P;=zBF_1kU8<2W({6_VAdM- zoTEMG&3m`3XXt>Qb_HQlILgZ}eE0RJihA9ZsMpSI%dGs(p?dZGWxA?=9jkoh!T(Mr z7VGQVCoWmCB+K#H!a1g&Z~N+&b(t?#@1F9=ZMH4{ay)#CdEaMk()-4?yP(L5d9RAf zpZUs{8}Isfi@|azrOTKE+ryCr`{hsb%tL=&c>ctr57pK@vL|lnXY0S%wPWb|R}ann zHGTE~$H^<7SwCLj*gvF3II{RI$L>{epVmcfB!0Vd^UL4dQ9rPU9frSs{M*}K+`Xgx z_BY?sROJtTx%1aGwlm8f@xc9v;_Mbn~=eu|K%O4*6 zz;0c6&#t~#_T1I(nWgm7=lWE_aM-1d>A#(ZFIb}@H}=e5)Nc6kH*c_ao$t7a)!oOJ z_W1tLFNaRwUaBh{aQSGTszb{Yf2lh(^Gwg9FTGbZx30LGeasj4ZT$4R{-)EKGrfcX zeeKygf^I)04=uc{wod139h1~ubGlw1W*Jm%{=6r#wj$%3vRiC-DeUVnr6CP@@C(-+*_d_FaVV~HQkrdU z^hzSqGPC~9PPH}tY&nzmwjr$P|E^P~waKvU{Al*DL-*CCTUUfuJA_AWYx7w9yFUJT zfNfs-e~oR=f3&3C&12PLhuL-z2$DkWjm!J5J@R2qkN;g>clgYv)5($ce)Apo*R8z% z`kj5A{dU>8>LEn6`HI5wKJonx+x8B!M*O&F@!|2CONnYn(yd|nj=G4uFOR(YlXkU^ zRZn-geS6C0+Cv?Q+Ngq9V&P!oy2_ik)=AwK4`2KuwL1OH+tZdUebu(hcq6c;pX+kMw0d0q zf_@IYu6U-^@xs#&y}M-T;?Gikb&NZ{e5|FqrYBLI-hX1kqu(Zl*Vfz{27Urv?6pxR zHh0W;vHHzP%U&z2Uzpftx1&Qp+tbzQkL>Ja89C3q_nVsX#2qL9jOQ#RL{-;E7@B*}L6aPcD-d!L-=*l^F_7~_#2j}_N1LGU;NKDW6xdLXFF`BR}>%WO1v52 z7Kh3G1?nAsO{;!a8hzQIRor3NyXF{SVKDzVl4_qg4x&RJQJKZ0cZt@2$hf(#N4S zm~v4)lnFVec<^z0>aboHPtEQ=6PqE&%|14ms7>$k!*ij=LCfpfj~qm(LL%**1`(>T zNc-lPsCQFBx}cxo=4ox;3h8DaJBa9WX7T<7ju-0MClU`1`_JV1_9>yOcTVo+I5m4q zZ+o`7>zJL-4=hd%|7D(odjbmE4;?!9-3@lji)IAzCv9>=I@>ot_N=43ee5$K;jhh# zy3Rb!%(RKMEg4TtQA}KhHdEY=p2RF-%%q{yhTmd4^G5jkn})<6+F1c?%gz;i_}kug zl_#uG=g(E_p8S2sj8XL+%+ns|rwYrcPhEr8a>qjA+0f4RPD6-Su3uf(e&prNbLw8s z>}>xfa!;2JMn06<_MtS}*~80roqq0_Tdm6LXAHIdx07W+Z0z=XBJE#wvoIx^a%}a8 zc%=3g%Z(8ZCuzB#MM<;aYZB_Y?Dmv?@eP&l@BwLBM@(x!_&gG2}$t0cyze;jSQ z@AY@u=GUjbNhFyzuloj|Y4|y=I{l+5#IvD@F%=&kKI!|8o4@GP(Xswb_Ww5Yejgjq z-+%JvUtd%{O^k=PMA);p#J%6sGNA9p4(8>NxN#NH$Evp7w{&CM{Q4y!o$avNe0P1; z`?#x(M3Qx|<<;bHN8S9I{>n4#JQhrHFXQWy01&k_@#=By~!tpBi5+z>UPb1xc11w@7|gE-GVhki0Ycq&i|Hd zf%DSGe6w`Njy)edRY=UMzUz&=qt-+5kqS#)`{|#mEc0s9PySppJ!bWjdwLPph%wI| zAUZg<&>SQZlg+Q|9}n@H%MucAX@ZH0r0 zgP+*%)%{wRUOcxh-MTis(`}bhucSYcY)$Xe{!aVM_^IQ&*P18Qw|Vj14I9aJ)84Sw zFfk|6+jPEb?v3^gvUkO{K}0E0ZN4)M%Ft%+Gg6o8>x0ewG!4Ec&{`yKml~^y`6(3iId(jyw7o3|myT-V=#Ch&)nFSR?*h zy5S{*Wvt_n4o_$2h5HmA{A9AKZO^~P7``3+>Pyo%!I;r!m>ejlQF?rE8|ZBbZfd&cmEYxWEx$n>WQYl}l-HW1PJ?D^XjMxq5P&xD!jV z>f01noIPKE^mOmpVVj?+n?RgT{yzC~ZIpgz$Be`dmbwYVNN!_@wFcO3?z3cH!UmdaaK)ZJ`ClFJ**{_TIT2XU;bzS=tM|Lhs4W0f; zR{~MonW>9HdW?Fz)LIi`yZKz``uMNUr2ls0=i2{g?_1#HsLFghKzJnVvJVivK2i=> zAxoyGp8c3)5;|SYq(Yrj)6>-%IYAFWe$?1iJ=ImH69r`TUN5>oz2d41tnP(X zL4P75i%JNJdquB;?8-w7@x{6Vi4q{;l9~JaPIdS6Br}i*!FYFC$@DpO9^d)S_x=Ch zce=WI)$+?8|LTt2>mDFpx%&+B(XZvc9{JwCPQS2i{{@j>e)EQ4c;>PHa^;2(f9dG-vI$zg->i_x|7s+D46QFwKj>K3* z^bcIuuIRfrx%|&|zi!9dAez$kqzg)NFstq6Bdpg8Lcl{=>Z}`w9Cq1+h zpn2+>JHEAZw!Z9d#?K&oo0m!_U%3B7?X2xg%gt%to%<@ZksUpFTeVJIn4~6+3X6{le!jja~nR z*Khy3vm(0{bNqvNIx}+e&b}Q}d+zwy!;w?Zx&Ipb>-n2bdgFobdAA<8%QGL?_4G=A z|8>uP?j!E9hdy)8S1#8tD?Yyaua-T&e)p|=9=X##^M!A$`oB+o{L5(t?|a=2<9BgABL98Miml%mz3i)zuRU?_(LKhGcfH}@f86n<13&n|?B{o#J#&8KPp<7hXU!?& zE2%%kS8x^(q9Yfi=I?RfLfCm#FchC5>W-W0j#!CCFDXRiD59mBhB{@J62`&Qlf%-%hL zJ`y?qGv|Ee%V*%XTq|r}_L*B|zBu`#>u&q$M`r(dZ29u-(nqg&>L0J)cIFoZ>NI;- zYwex4F+bV(%@sG!T(x0EB>S-|rk=Zd_3~eCzxVa}GuN#cJGgTC%*aPiy!Nx%=Vqp# z^k%fFy}!Nv$_*|L3i1R!pB68C`wK%16JOy7T#K z{`%$};$yAZ^A7y{-mmPO2BP@l2`eJyRge69$CJxGw(^OYdw?2OM1Fhrm0O;>JGkPh zGnT)1^co_@gLhF^e&VF~rKS7mCuS~KF@5_pnPuBopLONT>Z`8*##0ZUb@~S$s{C^L zYY*;uV&?wo`~Gz3K=6s_@^zQ>(Prs`^wDHQFPdxJIo`bE=pHzMR{vS<$>fQT(ZGZgW z@O$2R#>_Jpy?J@$feThVRr}>-mlx?z(y6tN{nmb3+w-g8gR{3i`6ut$nVtQII}h9t ziCq4%EAJlt;dO;mA35=^@r#P`+Q;_Z_`c7~Ox`m4t~bAU@kMW39y$NkHT#UeIC78$+Z^qZf&;@K5f-1wHSe*FD=_sILc@~!Vb8o%`ojy-;g@}fEQ z3vSm1zxlhF$@k2bTEDnq`u??%<&o?6%lBOR?cy(9fA!m^XKt(heBi}BPwp6)-Sy@F zb>JRr2DeUq_nDFHiSMSr^z1Vq+V-xeKCt$>7q?A6yW_l>C!a8``N^j~k(_+u;3rPm zwe33p7oWc8;U_=6?TtUX`0CXMpWboql{26F^}ElEM5xndw{2e*`S8EJ{~e`I41YWl ziA1Cf7H`>j+57&`_ssqO^m?iLKRXXP@*8C-P4)E;42*H$^-Z|$+KAh%_B02+#_IN(ef3==K8<-YYR*1^cFTD9&BEzq5%X&RdMg-r%q zRkL1Ms3DU~CI`sXKFTx8?!-`Ej7d(m`lt!rG$!1kJ~oknV*5_(p*|+c^ihuMSM{O3 zQckP_m6zk5o-KY)qk+;>N ztDjFtg*9|kSlzdNT|?Jgsx{Qd$GJYrAL?U-WLGYRr{|=K(S6joS*;HB)$O_t0yXT4 zKGb(^XegbE{&LZoAm5-F>fntJH;uXyJ}9rP3~=o6s_hLT3_5tyrygmy=A)t%l+Iy0^k#q!-<0Ltk)P z)lskqh8Y+S8=ad8zt|go1rro)PAzT};a*R;wQ6?*%ce6~E&79$S+AOPy}wkowaQv* z+^)O*jv45K6vI!p+7;u)npyP+sZDxyN_S1IxR&bKb$Sg2|6je9A|r)M8>E;hyB3Ux z{J2tov1%IiLCUo!*M@o+q!^lp8N3P8)%(cS~Fd}L7x6M)W^_^JLueG0?R}bWDZ6kQwmX@rQ%#v;17|26!|Eh zq++pXjM{pbwqB`Fi=hU~M};*p{?!MKUI^sq|BRrq5KJ5&m~a>wo;yxnYx~x_4bw36 z#=25tF$kar);H{G)o!{+1OO~e0DxtW698ZZj$(K|8fPe(V(3IPAy6zGivmy`8x&w@ zK1y>GODCd2j7*x0(g}*C*{F~_R0t?D3?Kpv&Dhrt3K#*R8zy-yus~SCf)SE)k$F6KY&@Qb^R}wHw$yl=;jZn9^s;=<5VzuEv1o#&m^d5dW5>$Z`8X3z z!X#WY&XGy^D4U>|xDe&JLxmt^A)1U+Oe_(N@voh)b4dn#oo9}LuX9Vj{zvHRN5uQ# zm${D&1lZ$?_8Eqw1TGq5s5HEfa+JVCnFPf!LX@NUWR#6l3=;?E3`rP5g!Ws3ql8#A z8Ed~!5IRp&jKD?{F)Bf#cwo<1oJu632>_gUG|7Z{Mtjgil1wZ_IUX9tg-{9sx+juE zyaXQ=7-}m8!p1~DJP!T%L^R2frZE6P zSUn8FhlTd|a=RoXKu##J(d3~e76gzx^M%DUDbl3KCy8J@=$PfndrqJPKFV<6idZhn zC#V<`O)%|IY38t^5M{`m?Z%|o+dC0udYjKL#u-Siy1m0+IOL6^MBR7-K$m{?F_)neOQ3tag6`ZA%S(f6nmpTawEf`pmu`DR5G?S= z7X%A@=jes!2zbW0V|MUDW{5`<37C#cMg;=UVX-?qDa7Wkz53x-?@`bk{|M|H{|M|H z{|M|H{|G{te}vc^|G@hW{|K=j{t;q5{38f+{L>zk@DG`+!#_ld4*!67bNnN)^Z2Jz zn}6E#b@&I0UH$>VI{X9g z=kbrg&Ep>!wTFK?#Ww$R8h81pQ_&`zPV@Q24*#?p&+$*EqD?rR=7$v9{L^WCEci#D zfq;(1Cj@c+Kl>*H$20$Qf5_;FXoHI%n-lvUDPHz~E{vRoB=~Zij)Lm5!k3e#1Rtkrjy37J)aqo0{OUqaH64)5A~Ic zZgG$dG2l!Y7qn{CwWXq?$M`iPn=rf8-^iE7T1_pW&Elp}S`+OlnJaT;U*M20OldW3 z3Rx)+rISIqrkT>F3AZ#X1WJ9vDUJz^k=$mxylK=^%*0fgD|2#P3*=hT-|8n?idqq5 zE^H^68`-UwYz~TJ$>vB-YROi{l!mL7k=$lfxTIRus)?3lZsbRDlBaDlOleakDOnpm zJuMk!wpu9<8%fE^w@`f}FPR(dtz*@CaZ|RpjxCOD;j*)-VCkm`v*J??oRLdr%nouqKsl(dq!;GWUu~!(w)sft0PpfSSwqCNC-I|jw z*lc3HpgIX{_#(QP-dHP+wVaWhWMMH+V=K!_=0;c-MrxjwEkr9~ft5w%qckrlqUPga zOX3ocfTCJM5QqHcC% zRpP?-1zJ{7AX|kN4h*i8rfKB!G*a^|oc3Bc$NR|2`Y4w&vO$57Ey>4LftN)oKsmmJ zgH)iTJr<`uAB(7oMdYCXIoQfN$O1j2JS3)sLXdLcx*{SLi^xH0wuwP*G4Cj17S_)r zHSeGR)*}g6)f}W|SlP<*iiqfv2(oJ&3N#l(d(d}!BU)6~n`~1K_?pB`OejIiD_k;a zOT$|yOT%7LG7*i{Ea=3PhO^x3nBinA6)0k!D~TCKwkiP*@`0>o zec3`D7PEB0r+p>IGswyYIOnxws}Nwdz{qMI_8~x)A;_xMRMdi?h{PQ%cid z_cXE!fh=Y{@KbDQd`U#KY#9L-vz#nS0@#J3R$5Yeqlf~{lP!rwVjlXmlpN0~szGBD zbR&U`J{G~g4NtZZLu^IN!d`lcnCEfM1HCpCRTGq>vt1gAMiZ+A4hMM$5#KMgVBIBx z39!Es%taHMRy6^1i(!8Q!^dfllP!tCmIUjtLVNd$CBztKYf+8YD7Nr(4c^_MOuzMQjN2xM@4iLe<0*?vi z!d|6XvM4ba{6?&>N>6>r6-ERZA?@V2lGKYtV%u>B^QBSf&!zYJqGrl z;5xCZ3ah9UUlt9B2U-O8JD6xyoi-jaikfvpJj@7)_7>HbZc0-lX2H^jGx3p48z;)c zhOxC)bxI;_N&(nnfyNLEh_tDy83uuV)V!zUJRiZBR^CT71bffpAVp)J?qCOtO|Oj| zDM8869qa)8b+98qCf&gf7L9pr?8y4qr)iYtS!@}sl1>?=G{GUjeFmoqe*o4BN(Qws z=sf`5&o~O;g_ZKb))ckU1RerzKq_j!QZXmeE2M_@Uv;R>lVzOJqN?0=5t* zs~K9hDlJ9Lu&TJoy6e3*>rH9g*7}GsG}K3t-x_F4=_zMY*W6Kvw_pAo<&aQ$ksvs% z_u7$b$*z`^K2NuAP>n~0 zzV+RQBX=V7Lz{6tH0vH&FVae2NUQdp;@xO}UXb63@tH(#ke}$0Jh2qwA15I`2Dl3H zED|dYvN90Dv=D@aL8=L52(^Izu$bpCxNaI;Jr7g@ZrH*>#RoW-tqcp{jw~89(4Hb@ z32Z}%r>F*lJJ6|CJnVZdl;eFxl^6u?)fA)$91gMohfQQvAiRY45Mls5(Iv40^bR36 zEd%6Qc?c622***H4j`OUL<2%wmcY0LvJm*86-YY>)Mq)Q8Vm_@RG?Rh$FOd&0jmPk z$jYMT6WSIHUKTTa2-{ho(2>bQXdJ?hihxo)ERG&kn24;3Cj+Fa5(}XW_W1w>l|UIo z0M#u;)qI?WlqwTo2m>JW7EueU8mz&WtqO!GAREwqfYdy|BS5}@EF%DTF8DO74Kqk-NKw|JP@*vE{YKBlGvVg`? z5SlaC0+~|~y7Aa5(6R`rj}~At!xDQ4Ago24k_Ma6SPY?jpfyo|cttHZ7^q9k`xwFn zAJPU%P{PoT!(R5Q0E@>mV!DR8+($YNnl1q*_Ea5~gGVB~8Yl70{s%a!9bo09%=stU?-`WfYJV z!eU~R281%KA{rj?T`}9lq9I_l0BN3p!~%!LP>=o5KCxw0f{=`);ouXYP6|E>Lm)`U zA*|$ONWCqog;{UT_I#Syo+3&tGC@Y-^9;(t+A}^jX+gF$A6rr&s~JxrepFyUKiDK8 zGmRmo3LuR&c#?WU7;mLOhaAfB3|2Ls97l)}hak-b9a@@))jX_MKvtG+`&J9m3?!y} znb^D$C?fbKIR+4rT7htpLzW~U2)}$jz+t-9LTQ3|EmVW_4mB0gV6d8T2$raY0Ern_ zf%U5?4}s1h#jp^M185InBBZpCW@J2^gEX>2Y$rU=1PE{|&9{)Kc}fnj z#h_785s2=r43DgWOZ-3t{G&-qiL3&_3h)C+^AM@8csPJ`)qoU^1KmQ}rKnN>sY}Qc znE>_>S*aFQM=kIJtY%v{kYEoPBqC2qdtmQ8vMOYMU{7$M5l$k0XXRNX7lzFU@Co)j zfW6K7#J7mwK>Cm;n5U>IAB&ocEz(9%)GRp?Lcq}$@x>qvT?>98$TzVH+z9O<71d}Y zW*lVl9&nkGqalT8A_%i#oCWJg9Yxh3LweK-kIb^|BQk@BGzjFtkZgDgZYN zZ69b6&dZS$2DqYyMA#Qdy){G1pnzbYmFF=@l_8ZYuvi5=tN z>A3pBDS*)J#>9GafZp$h@Jl(s0y%)jjS8jVd{U}yX%@ydJ6m&%Ss25Ot=#6R@|aLj z7Rm)ICtR;M8EC^7SzA@w)HZFdYU~!jT+5qX+a1r(j=S#eg`o`+N1HX z;bP$6bgF#>ns4Hq=gBI>R|J1pSqJ8|^ zQpHRFoE)wT0XIR;0`muC4rrSu`3dwFWUJ~Zz$t(uXBA7~&8jKL7B^gSP$o>vk9 zTM#+cSMn&pL8=)ZQIIhM9FX<26xC>#vrWKBMco*aGIW3fgRDgnM;%#3tZcROp&D|r z33yr|F&s8QCnTc`le59537}?4|3`Bz+0-s8o3Y=_hwh*~S;sA)9J zas`*9WLOQRWaHMLNm75&syv0)ZVReg}E*=2nNMOBL>y*fzs zA-it6cEhY2x!FJrnBdV?BoR;!L%)GE}t9hRutTvxk66(?)tQgL#!YHFce zcD?HNGz$kGFE*?0Al26$5vs!6Rtby3=Rxr@D^!Q!6<`ONsLy_DLvZt{HSKvV5m90I4-Df1=amZ*dXOL zn)*?wYMurhU2EuM{ix*i@g{z0_pkOx})B-K3eyU(MDXmzi480DRrBm*N>9nt! zb;_ULQ?E~%4ZB{`>+XCl9qW}(7K_f}OCKo~b4R%Lk!sN$w;MI8=ukx}r#GfdO+T)+ zu`s5Tr;2q=FE0!(%7`i{I3*texHuEGx2@P7ZJS2M>Ctg+!uF`nWlHOv=5STNMB|R% z6TksKo6}$JFYG*Bju)$r-c@JGwyS!v-mAVNQ^cW&(w-_x()*tEhL4cwib914 z2vu8KWXbBp+*NA4Vb>^cLT`XUQAVR!T5PHI{PFuc>!nPGdS|ofM@@U6i!K8%5n;Tn z-5s@_sL&+L@j$YV`&|s6>&05HHoNPc|6~pdn$4HIGs0`O0_tsVBlJ1cLqH3! zscbq>LuSpB$2aw2Pmk?ll4) zUHyW3qEx0f>4q0NE_8nTewvHShU2bYL)Gkt4(#3`@=CL$H|n~pJH*Ru%^A?_x~5OM z&VUp0fzw~tUC(Y*%(^j9t~>pccDcWOZQxu|=nt#sM1IYE@W_>~*P%j!D78oZ8B$A` zP<^=8$0qbT6?QDIp^Eh~WsXy12rxdg?zqKjRWDO^onYL>U8VN2;u^RXHs~U%XI86} z*3d(C)hW$xG<0Xuu9Jvti`j6S#cGF_Vcz!pOxsAnHdhbr4zMQ_X}qh6#wuC3mwn3HL} z;ie~atY&K*~#H`y@lhUxn0YSD4;yk z*Q3McdGX``fN)2${>g@}*U0n($GurjHtbd}3yS)>pIL;zRw*hEfPN$q+3oMsA5kflE>xc_jU8-DmI!lD* zmOEYAJvs!@C8DmP+9o-tD3a#2=k1-8=q*Y~<6&B8I#k_uDMt@a4mvQZ*GhUB=AYNK z&65Okosa}eI@NUa@?slNYgS#eYS#7Fd@sDB>5l5fvY*p6yI$_yk+Gr)D<;)cv+kNz zssSw*fX~pbVbQKxBV+{QwmbFW04S0SLKVk>u*1N4j+n^SaWw5LrYW=T9tVzHY#8%w zw_!9P2AYqUU8-12VGdO+mrbZDR;gll3~$2JCMZL9smY?_=;f|8A2u-6PmNS{NE!69 z=~6|9DimwgE@qT;$EEbvq~0*~x~4}d2p*uUxq2B|)ruqwEu@f4Tm($K*hYop9$fYM z)Vv6{8;N!sJM)r=BiaRh!C_u@M~-SAjzeA6?XsTJtGedejUJ_9yR1`AyB-#;*>$&J zSIMfvdUD<~PQd^RrN12wQ@CdaG7^DYGYG+g=$DK!U#}hPY}jD}(){CBHPNkecm@#G zcNg+9aaTvNJ-z1j0IfQ1qp7*ghE73x3ju=z`YP*=+0e^>^one>Pnddj**$eCgMQ2~ zNjf@>LeuWhhj%1L#!W~6qgS76SM_j~1&p!h;$iw*Ty@&vonH}9QvH;p>%T|B;1ucg=0Yw5N0I?C7o3jhHB|F}0D1prP00IvrHqW}N^ diff --git a/assets/falcon-sensor/falcon-sensor-0.9.300+up0.9.3.tgz b/assets/falcon-sensor/falcon-sensor-0.9.300+up0.9.3.tgz deleted file mode 100644 index e62cd70aa13d1d0f79a786ece40fcd61dc2102bf..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 6460 zcmV-C8N=ouiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKBlbK5rZa9{IN?8$eNIA>9I>^MEm_2zMHx6L$7Jh9uGPSS}X zaz&vA0Tuuyt8t!rKE(40f1l(x_(KwuD9d(y>D`U_!j>suvAY2FA9mp}VTs^0C(4SB$D)OEqS{G_K7$gRSvLNC_6PbwBG>a~9J`*xk!>AwPAN4&2Q6G+v-b8)4sF9EQpfD*V)$^zix!_a_ zNqH9afiN?TJd4b@noy3?LSCM(Q^88ZOgNCqglbH5Db1*u6Uv5=k&&dxV#3BkrvGP= zE#M)3OGXF>woTNURLA#7iBcwLQK)$6_;(%CB0Vo~2&5<&P3)SDrme-Wz5Um+aLeM4 z-dF!APh0*^2`f?Ew*puv|DP|(|GlR>`w#N}b37Yxgkw@N4Q}pXEM$AH#?c0xO{fB@ zfWXfOKfLT4IZm|36vmXHX>f!IBNAasBqbw;%1GZ4LP3L19so&GYF-kifRPb0WxsGAn}%hP5{;)?5{=n>2yX;q zlxIKM*QSXT{thdNg-}LV&uckp2&#moX;PGood`yg`4A4+jLcR2`VT9RU;~ zJy@Qf4fsyXfC-+NDV-6j?Rxerrx2-~bEQQAnIs7s=<^6bqs%F{u)a0#Pf${k4q<0I zirj=)-dO*&<$t|92d`eA9iPVf zQs0A&SttLW?LA$P|IhaJcOT^c=XlO0gkRWQX*LSwN)x*%t!U`5o2_iNZsMP!=pac@ zsY-hK7B49;FM;qB4uv;0jm%a;LMmpQ36d%xy0-h=3XB&l$-zV@tp;vg_JfWRBZq$pfn2CaskMcP-e7U$jlW+bkH}BuJMLul(EWbB8e1AS*}>^Y6!6^eA!z9GS(=g z*6LYc{{aWQ)Dm-Kb2DkV;DAyJ34*uiwPr?=&=k3OH;=|bW~eoFGM%KU!=jV-m6gFn zLYP;4HNy)@T@$>-q_p19xp6D1;m^$?3Dl$QZFEoINfNj)w6kD9V%cNRK3~?|=kdR} zC$dWZzn>s0%%a!DC%Xb`V^=fj7=lj!)eF!I`nP`lo({PdP# z96cF){1|=s&^J4Sa)e&nJup3b&~Mt<-4nY|;wu9#{>izOp&bWT#zf}{?C;u-G(RoJ zV|od_eh)k>SsV`~5{*FW5v=V7zmKAlqeWsLP~|8 zM2;=z!5}%N$eexwMsup2da-is@n~-OarEl6vU!ckyBS9>#^6I&4u}^@-UfE>sCHs? zgisn^h!{7@An&nV!`{jOZdgpmHAfe%gLnh;8^p*0g2x@ zM!CKfo~@U+M6QsO>oN5HqWXVPy#-iq(3>x^?vJgd7tE>IEk5*Q=F`rrUnH)T^#<3@ zt!>*(>>@!Suiae)!PQ%et-wMu5So5hJkVL^R7UO{{#4dcyK5P3*#ATKJ| zJ^!J1BLGV>;g8nX_xr4}{}RE+G|NeG55eGd{{Qx~XN&gV{{HrZ{r5SZ*7@2_bU}GK zG>-e2W*!n@v^6PhI4-D2C9x=}0}> z$LphBqXfLv>o;#2HRAeAP*P1Y?3Va}=5Rq;`*nw84H{Ow`sU!};pkGYvroBzq zu#Lor53a=(ltqCOK7O<~`LSBW2GXwe#~-~|AD(-ER>}YRDCA!*|95tFcbDb=^M~`l z&+;r7XI!Kh`$IHmVK(Z46onepI^xJKkWwIp{~mh6H0)x1v+W#X z!nW6Ih&A1v?7v3lFG&3kC9oRT;H1Z?g-ar%LHb}0*l*y9Gpr4c*297y?7$-UjbCuds^m7W4?5n zL;0_mxE!sNDl1-U05@D4?GxXILpNL)9V@&oeeOK1cbnL|NupazqgzR&+e)Q-kW8O8 ze@m~b4eY*{Q9Ws+VGniUAZwz5WxqNJ@+n$lXz?@28N_e}obnX8hA&qLP5>0U#rqv%+rSpoDc1*z7!0X;#j6fjXRFVnCKzA z5~s-o(~@B&!9fjAf?ihJ&yr?Faw#_OUMyb!y)d?RIoBfK(0z@b8Co(gBM5cR2db@ zDW=u2X^mrp3>r&QtGJ#=Cv6PN`oZY+T(|@w7?o;15|@pzk(nC8+rfzPftqYVKiPsu zT9nBI22&yjjE=&L(m??F(JwU=M~kICSm_N`L9c#FWzYiLgG%MP1SlzWM7ti zMGwQt@Y|{v>SRTa@SAW9CbDbB2*2%^?G-&mp*zxY+dVemC!ZNsh_p^cwhI9-H7IwA zuVVNbi3G|ar}os5Xvhhl`{=VmClm<>ninL|0erz1G69v4Fcb2^?BGO5v#;4aZh8cL z`|zW3!a%!&np#TP<2jcUV77e>XY<0Rg>XzzDI#rxh%D`Cj}$_~xtT!^B)Wp|BfLZk9j zLA3%=YG5K$E|;fMTe;N3)U>P=pPt~n(J~T2iqf7uPoyZbiB)e*WROZaMY*Us!kv68 zWkD!|KHq`cI0a`|8+ww==a+WQ`x+oDYU1U2%f5CH?+HXV?rA& zUZFO!y|uqBb}x>W-n}?E^zRvn`Nl)bbRq z$OzsOo<~(k<3i$?UK(S^c_>^|S#S*-uv-Fe9W|18hO^-2Cw^wz!m<#Cl_KAX*!!n>PQG11!q+L|s= z;VXinC}klO_Kn2Rb%D-EB1tBwU`h!PD7j1XRH%)km@rYM{S=uoj4_QgCKE20$Y>Rr zDI`vjYn#BX=LOmVC89M+E)@LF|NH;mUj!znM|TwNQ|RsBXp_`eXjeV z$P1#$h%&0@QFJzGv(4rIO^AXKA_tAir;_>%a__>9h4E(0;K2|nH4GY+K5`g6frFg< zE;t-BqBKpywpG0M@$vVko2KROrNqt#2j8D=Lf`v~udHimByIErz7-;4txm^0qa5M! zx8ENdpl=9ICMeMVmL*Fw`+<%eD6Ujk}^l`V*P`s z+imZpKNhlYLy{ZDy|rOIfAFB1MfWcoV$+t&G=z4s!K@_bRjb(W5mWe%Xn0*9Kb_FA z4r*hn!g$z=_x~E%TFL@>iaepHqG%_EH!duofWYOK`|tPnI!Z81yC3|#kk0xQr)SCP zk{usPFsS?Y4U%;MPHYDH8pp;=a4WhBOEjy0%hnUAiH*y;SWf3iJ|NLi8#8hPER-WP zV#%#0o0DyEFcWF8RWz*v?{<>hKHiC4*WLIMXkA@{sU@|wU=758w^QV)kg=bX?s1~% zO!$y65KyJ%@3^eWXiN{s4;y8g5tmNsI~YMVv>csR>4{qlq*myvie2Zv;dyhSX=X$j ziANGm6JNv|%ucIR)}1>fRXRP#SqR7)cnRTV9i_$=8_jLSE6?D(&!Kh72mQVS)2{)X z*CjaZ(i&UxLwIT@<7ZL&Wl=B2#agOySeN928%>xj7fJ)87s%#yq=eWAlObuL>PPsh zCGMO_5Yp+6st`;rNT&4_RE>yP-*(fc`*XlcSHva8FcC9b9Bs_&W@C6t&BR%BEBr0P z&Q@&I$6V-eAJ_YJv)X-C(ZSMI^F_h6TIwjLwnN*>?Dj_Q!lbT)+Ugv~V`H6xAP5Py zYz2RA4BrS@F>4FxxNdC2qdo{)Nz-GlQ5KS_N)>$>KfQMR5yFTVb_l)(2SaoXmgDS^knouKT3Y0ljswz|Wv($)% zT7-M~-(V}o8aYTzkWPb8VqL12=9D+#SU1bo^I9b^Tr}C(M~$qsu}dRKXpXm8C${*d z6%kz=XbY%zR}J`RxRtqe)V>{E_Yry08CVaataUh^@Fpm3#6%dY}eu7P{49ej6;F z4XCXECsB{>$?cpUyKVxx`N&s{zP201h&9@gFcmG&{TNX-7BzbTm#^2=ggT(W(_9VT1oDx)a<=d zO5~c&t;efH9R0i?e+W~}Mze_$#2fq8glYyE&0FV(wd*;&znNNZ8U9go`i*x3AVp0m zQ&70sQQm=gd)NIL>@>4gH>`8)OD9U{ckEfq)z|K797dIP;S!6OuZB;mo+E}(5J_@0 z!l+e@3%*R3%DS2?J z&-xZOdTs&6path)KJ3WlkCc@ zJc>bZvB8?5I&U<%8CsfTOD(UgUajh8{kj&`uDc0;DcQ@bq5kj=w#Y}fZ%cmWl2WXXyf%18Z2D!?`t)1JOq4nY8jaHUNtC7u} zy{=kn@URLly*Pr$hcAvcZ#Iwt^Gfh)o*(-NSK8hEDvDZI86mi83)m!zDvicpXXk8} zA9-oln-}o|cTGto&40#_yu8#+s(Q6s3yv#F(ST z26V8z`=|=R6?$i~;kA+NJY{GP|e9SZ$)Y#;hIZJR5 zy!MAyb0aVZhew-G&;l9dSf|x(xqA#L&!QuozAhAKB)Px4j?7&x+1^_`|9`f- z_fY@;S)TUomay}5ckkK$^DqB)c6@qv+TY%O*mVEhPkaCWR-&?}n)iAI^qT#@|7>UR z{^=3#f-&Bo8CT&V zYvVjxjygPwd%n2ZxpqPRuPbvk76#8eeiqcqIwMLyWqy1D6TJTzJ|^-kKY;so$I|oX5)o-ka*(m`qsiX zOEd$b;9alZPiXqpyWWSgq^ZaIm{st$?* zPNcY;!;vdoj^P?YNuj?oRJ`kfko6l|$?~qZG^0(0iz9d>1Vh4?Rsju&Fi7n!w*lQ8)^08ov#c{9}1# zEOM%2Y54Ft1_*yTQ;KVuaw4QQ3^}dtpz!718$tjr#}82G?&ifln#njw3i${Byv z`!&4L!u}(K>X_Ql>^r^d!I&8hu*Al#x9-^CrO4iH`8yL{itOuhJVsf+d9B9z+bzsX zBlz9_7Wl{$Zv5|{*z?>svXy?1jrJH=1UK)8Hb02p44+Dn z|DOe2hM=a5{@&c5EhN~3Mog=JbP&U-%fk|!&0&P~k*BYC1&)~d{3A7^I+?%-^~|PG zPZ0D>wD!pm-ukhw{6KeD_Km3gI-u-R9&N#+zWMR~k&9$L+FCXqZ^MaIINh8z z*BOt?|E;2HF?n4PrWqZ+IEsxzt9yg(?M`{_K(J8}r1j4;+Q+yJZa1R&kM`sqo`>h* Wd3bL3{BHmN0RR7OWgy7_bN~SLH?=VU diff --git a/assets/falcon-sensor/falcon-sensor-0.9.300.tgz b/assets/falcon-sensor/falcon-sensor-0.9.300.tgz deleted file mode 100755 index 6506a9f7dfc0038f408c7d98384bd286947002bb..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 6457 zcmV-98OG)xiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKBlbK5rZa9{IN?8$c%J7-aL?4&)-<>qm1x6L$7Jh9uGPSS}X zaz&vA0Tuuyt8t!rKE(40f1l(x_(KwuD9d(y>D`U_!j>suvAY2FA9mp}VTs^vQ1^o%7qJj@$ z`XnMnQUAFU|1I8&QdEhgg|@E_;5%eFBxV_d7La1W#Jmd~x8M~}t_6Hwj!<&cs32jb z(kN9NO@zT^qIIE$gF#|IC<`J^L>|$^j8}at$t=#Oo|L0fp-cqV$hB!V2!OE#&3tIu)!m%!C7(OsK|0m(q-iIiYL_85v26EGBF$Wcq&= z*#aKow`7EHVB18kNp*aWlqh9_7KMt3j(^uNEzhd_#g(ZsIVXxdr~J3G-Iy`TQm zp0@m-5>}$RZw0VU{(rf*DF64L?Cd|t|IhJkz!8o~$uzjRhp~|Dy&6Xwa5kX|r~(2% zAN=sLZ{#@98dDfkhNi(0CX7ggDUp@(7vhmZnKjGIk;uP3A*5U^6mT_3KkiBx*ObL-F+#rKBl3 zzS)65lMH4Pp%79(;naQY7~Lq=*aFcc8$!>{lf5U&gOtA)n*`tK*wegzy%jGm`#W_e?5{2sW7U^>5giYA@q6?z_?^=>2(B9i1c82 zem3AcF#{%eW~OvTsJ83bube`pcFvU+1!R&WXrRv{0F5%I+`{_SygxxnMLLAtohWh> zVvQr3nqS2KD*UgB`&F1<+VnOb#z>6fG#}kcFrRW%ie&hniOl>tqIOBxek8N@m)R~- zySDk5Q1;&9`Mz)n1@Cc+a{k`pRY)&eRg~r>q~tP zGG?9pf4cun8pwiVl(lm8ztt zZ}F1y@)8J7;ZS%})5vTkB&1@-nINeGqHDX)t-yG}k{nEg(rVz=Wk2XBF_QRONhPLc z;6&sFLyb<-IrM8u)F_g;R$+Ftq?iIJwaAI431LnHn4TojblN67DU}wvbqNk?(a+}F zKp?3Iq`zb8T?)ucrLF3dsE})*JZuRPGpe+l1F_7bBZe@RA`i8hr^CvlI65VUL^u-3 z1xllEEf;`H31vpxh0I)GLZKU#@Ry9cI65Bg0TyL)06N_=I&#XmW>GPL91%9!XpfoFU6Bh63C@t9sh zuipa?3wdfjMi$3Ii9{oidIW2`!EYsDHaul4FpGU0{SzH*+g_Uy3?&Lin2=H-D3N2! zc`!(hDKe*DfYF?4r(Uca+Z@d;KaO6VRyMCOdAH)|#Tb0($^r30$=ks09o0^(ju1-Y z3lZZ+8RR{-YuH;EzzvJ(xaR1hbzE_7<@Yz?I#V^AKU)fh&u>1h4URQ09FX{pW0dP# z;n{k5OXLbkxgJCBFRK3+)mwn&2EF+r>;BkUdcmBU-Qq(}W4_73bCJY6e?sL`0QnhY%NL-_CkC{I|K zt|BgW!>?+kkYS>QeCdaXgB9e7KB!$&^BpOQxCwd2R1E4E;D-+#U9RA_QfORY!ZMVc zaFSu#AI%-0YBimroYG{mzhmO5NB)LvT%@(%iHHlAuI88%25~nP)|BB1wrL2rT-VB8 z6#UB5Op-*D+(yz%h3m<)y$)QbSF2=JyIGt#6c*IS<_h8)X&7&U^C(>h<rphsJRq z)9eRQL^*1b5>1Bn$G`*?lS zYm|VOdi~~2qefhx2}-I-hTRfB&>SvEYrpQ0tU<$ySKl1GJbeA?@a*OL*C%K14__R) zZk1W)Lmo7Bz>Rc~gl7nUzQFl5{Mp9hjosDm(X^&xYlCdMmRqpNU0>)WH0^D&`taQQvr7KgMU-`1jBgrePQBn{DS96Slox zL#*lUWdAiXe?jVZD1p_u1}CMi`9fCF9q?ZQc^4vDf84|jQ3WOj;mT8U$mc{Slb69l zz0*>?%VNFpYFapLc1O52TP83&7FgWwZz!M(q?8Ost{|cbO-qSKy8uO*o9Lj&i z#N}wER9W#-1GwSZXrK5t9J=Ac=vd)x>2v34z1zgzO%mN&8r@1F-Bv2ygJk-&`CEEb zZD9AsjOs}n4ST2)2U!yhEc?|-kWbMXLyMnD&LD;>;FPDxHGH)~Z~|z-P`3BUh6^P( z-`MmE0TVLCcJ2wtl3N7~fYTR)=#zYU{l{if% zn3fDH2_{lJZHYPaj8KyWfI!3qAL#ElLZC zHgO1)06ifZW)tK!9I78F$VJI@l{n-=QuZL&QeDH}hKsKh%tXmj__b6TN`*jm4N4L{ zL21U|4i%fO0x6Z2?0F3EgBi%YUP6wj8V+%9rh=6@0&-PKn_ELP9K1Mkr^={MPBE>H zO=}z*WYAceTE+D|I%#8A)(=Ln=fWij!KhU8k+^Jxjm*>#-VR2T57cBE`pGst(xOZz zFqjfKV008_lnw&WkAA74I9e?A!Afti3VQWZDuWi_Cg+6c$*^-o-!@rVBW>7ADNX^+ zy+y6%_HC0VWn@Kn8%?s7w5+#vl|8irc9US$>fX(#ijowkQ8!=0Z>rW)BKxxBD|#4C zhTm4bP$w&Tgx`c?Fp*s|M)+;VY_I4k3f+;G+wQReKl#kCLZo#nvRw#xsX@6@d=O z69(EH)YMYS9?!X?0JH65IGYzfErer&N)c%jL}Y1Cd!!H=Hg~q-7VtMEUrbXp$Thpb zbS)&EQid6(!52+#N}bpe2t)%NtWK!1a$0#dei*@*vLOw|g%kx!Hn*r#$2{}pBh`ZL za~kX!umF7k2zTth#cG+`mY&ykUnNf4BKukp zt7P~xi>yU-L}i_|3v0#k+L5o({MQY!pxva2sicC{D4tOS!!&Kf+QCtLsb`osIn-8)C$xD8H0?8k&BU0o^69fqn4*=MMm(R z@HE;0j+t|RHw%eldTERu=3B`8oD*AwF?K01AWY6aN__|%o34o{6I zr=mEcdSHJ#^rLw6yBye`)r(0sFh8n4)szn!KqHb|l!bNiRP;Djvm$yNkH|&zIM%uO zEF{gM$Nx8K?AsSd$0~{oDSpL7M=?#23|w<5evRU(N<@l-{{;Ed-v4io4~~8~j`Q?h z$5?azv-joB?qdD#-p)h*|7UqNu21rhqPOndFPl}0`D`{@3h!=J#YArdXluGeg|7&P zqLhVD*f$bK*9AHwi6ohzf+;0HpyV#iQ=vAFV!}k3_ETiWFvc{}m`u1}BBNDgrjR&A zu5ALlo)>5fl!(?Oxlr&w|L^~Mlix_VoUoZqspl!=Wip9!Au*1kjnJt&^ttYbA}@$0 zBg&|rN731&%{G_+Hz5i}h#WL3pGxX8$h`|Y7RH+~g9k&T)G%mN`p9AQ7!GpsyWnul zh|)9(+g9=3&ExM+w@l05ONpHg4!%F#g1+|`Us>1CNZRNzd@Dr8TAhx0MmfUfx8ENd zpl=9ICMexJw_PwhL2M4i*bfp_yK4h>MVmL*Fw`+<%eD6Ujk}^l`V*P_BJ8kcz zKNhlYLy{ZDy|rOIfAFB1MfWcoV#}7wG=z4s!K@_bRjb(W5mWe%Xn0*9Kb_FA4r*hn z!g$z^pZztmwUh<&6nR2XMbT~yZ(LYF0fEb}p1psz-%)~L+Wp|?g>=@hI6X^Nm+bgZ zfA7&#d11F@&SpC+L)0WV4)nT5le10 z*_>>PgPBN!t)giac(;?}_VI4)y6(l7KAKgAhkkQRqQ(V4bPhsO*13PNIa5g zn)o8#V0K!ivhLg=snY2=&O$)ez)J`>>nJt0*l2DmUU>%ReGaWtKIr!yn0^i5ye`3M zm)6*lAHq{R89$5CFN=CHF4j_w!@49F+-SmNxlkGyy+AgvBPGN}m<&k^RX@U4Epg{e zf{;#kRE1!2K{BncplU?S`nFp(-Jb(qx*{$yhKZQj;%H-DHyguKY9`L2Tj6gRcD7=x zZgQc+eO&L?t!npGMF&e;%@+mNYN?}~+74|iv)dcJ3zNDIYP)kBkBxN(f*>T+vK9Qf zF?=Ir#jI_hB-SjT&Ma`U)?hNSwIPOpC0eVkVAZMJ52_rGX+n*VDNyEAsj5uf&r%~6Y7y?` ze}kQTuju-ACj}XJ9>yvew~v!keJDl?U}qIdvVw3tv1+6_ngas6vyG zS&c@BoBmam=_(pGl{TVYmRvdL4YRkPRQ3##!<&;Ij4V1j{B`tn(S`amyl;Bt_`= zs|68&h2>bax4z+>jqLXO#@TCcikfJ7(DJb0R zDDObLz3cuAcAD9$8`e4Yr4yy}JNB&Q>T7p34x>uDaEV3CSHmY&&k;i?h$J~0Vbm(d z1z)C1WnIk_T-y`4OM(MgRIPCoUBO8O7`mS;IBG6bThZnQ&sBY`&<)x~SHu3AXMKws zJ+}a3(1P8mxNp@vc9>pNI z*kH|2oi`fX3@uHvrIuG#uU2)leq9S|^47OCxKhJ)Xt{fdZoscaw3;lRkXt_Q$Lt}S z6l->nyPI$Q2q9YTVx~Ky<0jHgIwj}*3RwC(E9N4Mk~vs)yU?~URNzO zcvuCOUL3*Z;ftfKn+;^Zyb`>c=S?5sO1ryXMNtbYBLr7%0h>forP287?40fLBd;`D zV5*!6D699|)}3evXT2>j3=}2rP>@d5guq-LNTrY)W&8<)ENNNW{uAT>?eiZ}6n%*# z&GA0ZfY#N2K6$#oc>cTh^vj3ypU?4ho&QA9Esk;EZFtR-OAEWci#xihQpoz=qf?b} z<-Rt)ITIx9dq-V$4xv13FmV zeN=_u3cWK~a!qrDW&Qy&vDawD~v-CvHK|d?K8E(mvsBoqNVrxX9W# zkCvkjkK&#$u6C|nkpJt-T#bdnGmoDIwX)9079b9T-Q6yK7ZHyP?j|Hcz=A?d)K=;g%vH=g&tZ|bp*gpef`nWudtHRa95?z_|V=73GDVb%oxPKv@&VAJ?*pyVIRD`SyU z9ZSQ9&oMyw)0t9S%aju#wPDD~y)mSC9x$X3Qr`#;e)C$5^S9fWmqzfr z|1I!~d2Y`ze~=+$bwL9pD9tLaQQmX}uAS)M*6E9Hzx(kdsP=Y;T6vBswYLQBs8r=BbL9yq#Z)7X|HjVZeSOmB3hc-Wm-wdBhkpG_r zU522hjQ-x-pDiTVgGNlNe{>MTsmsF>oXuf`^^vEqcm!HXmEFT2*KUm-66OJcTbQY!QFzpyGw9)cXxL`@0{ej@4X-Q*S)Mo zuPM5A*HlmUu6@qTKokyx4hH%G(16hyN-BRgmXu?c_26PNVp0EWqQYjWt-{5wpsvm? zr(t7dXlvr3s$|C}X=?Kg>@)*59batel8X3efWLo^zi>6|?pJfyds%DIC@R1F6k)s9uCy2rM`=~F%FSi*6QBVXBU`Ubo&_xxa@leDn zE;Q8ESk_p4Ms3*fB!3?~1dO_>EzG&_DZG`^%0cEBicD2$E+qD)qD<_hqvNPZk)wtt z7Es>Xk;YKJHFh+2P$+N2TUe&9Pk(N&rim@Gvq@b?6$-7E3vNtq`Ccz+RJubuwn`;h zMNbFKE-E%3rxd8X*cBTaT3BT$NzO>?LX(4Iq)jf2TCB-plH=itCaRZU&ri97FO|dP zS{`ORHPb3i{=>z{!%elDTD`ANbVf`}J}3K`T79lNQ|@Zt-G@FP7h*~!wFvjLn1wN( zBDRE#6i-xzO^J$ISyf~-lnzE(DvX9W;xMc@KSV#=(LJ#Bt6D-YI$a>OFzwWISYnT3 z*eoeMyySogJk^+QK*5;gap|D_C zEou*3F-fV`X`v7yA3Uue&N+yoG^lZd$T894vGK9tVKmyZ4M>Pc11vc)Y#(JaENH~oLu?fNTp}NgG|N=R zz@=p8_Nr`=%jHM65T;JZDRO(&xX=j5pA5y&ZcSK&wRv)xXRS?PT&#=frw}8O%n@8@ z)=I{`ul#sS10-XUNou|)QZHxaeFbOe`Z8YiOWe39BGHZmV9Ohik7@cL{L7SPAo))* znowsIHHV0?U*jZ#qM=&*IFBa{V1wAA{DqPlK7@2 zry9;)jr+%aO8_LpA@b)%BruXUKarg5GC=0KCej zs-2ACLVgUBtD=oH8dd#1^*O|UI!AO{2~$$K8&^m~6Ya`h)Y*jE!k-x9gc~KA8V_!m zt{@m8R)xX_Iimy9bPbNcT~#I46J1JnFRqAXEgzc?cgoVuKU!Q>3=2_gglZ~%Y6Cx!w-n)t%A;tziWcmV&XVeeWZuhiiY$|toxJKPNqixJpkrnyMi`$| zlKx^zBr8+*IXa6(?2A(!dJGF`s=J9qf@rWA>b9KWbgj_a52&hV3N7mP7a`(6pWdzM;Mm_{<^mT4O6teHOF00$PcX zW#%8z%V3>Y*@t0YF|)3A`1~Ff9$%yrkV8*?=HW;OxSzsj z{(R;U7nD-J5N*wMOe-HluHB5<=hYmGbx}iT+#^cL`sz?-^lzj2Mz7 zWLyloNsgZtShSx}`>`vzL7{7h_(Fw7>#?75NTsA&?5-R-yY*5B|DHdv3M;OG_4N5u z>lAnh7j6(Q77%QmW`CMxtUfKrmTUMOJX7%mRAl@Z8Uy+AG|NGX{)IArt!t z7SfDb+y08$n0>eEpX(X zvF==Mq4V?xL$9fY&n(YQbf(u<2$4&M?*Kp0RL-y_6V;Sqoo;a|Ke&i!md3@)W~dcZ zYoz$+KZB0N!!=pd6qFvhH7=1k&?7@qqbPN<j+l^BN#ur5T_&9|;1GE1P(Tq3-n zZ3t*J%v_HTWst_IM0mFrQA`cbnd-|JO-o7Bz11Y9xP2#$Cbyz3hJS?uq{MymH`H2l z)vk?tUqG+@HJ(ZuQ?7>sHwDlxSm20X_QS=+6$IcRIUM^fgUR<*Tbf{uX}d=tjZg06 zD67J)xR)QQk#A4Kso)wi(W5(wa@fnukuJsOef3ddq3DY@0HHoRaM27bpuO4Kx41Fe7*neM|qcg!E2uK2({d^blOFA0r)wY*|hiav;n9X)(n>?r$|lEz5hR6!IoTF%Th^je45{U;_HsigWHPettg07wsxDPF`VDLmCG@Zz zEHY6gDziM$qFTs%zx1EmUWN3u z@)3P-CrnSapvMf4jG^qkBWO(;%q!8VvND5LH|4jAl~i*kqa1GePEnlrX6U0-A(EXx zB5p}~IR!{F-aE6OHS_=co?G19Z1To2wYm!V43q_j)^9fYbhLW-^JCvxB!|B~cTkyr zftDGmtI?i6xE9An?N}p#Lhp$jtaz*gBra-Vzth9+bQU(oUlQGoF+{)u3kHc=1E8Au zRc$dROsFP9}N;zTjPSCbkB^f~@teRD#0|g!W#PRN zjJnXa$k!ix@tg!xv)&lClHi;CvRUa_fNNCF4R_I?QYq?}Gh&KRQFixV^UjbH?50Ab zQnQI%_nIBmp+BP$)~qp{Yy&EtKj6^{uh56~*6Y*^?)O$<4}28CnE zw+{}6iA!rBe>;H+rzGq})Y@0JWpcvCRfMtYRmCs;gsxwuGWNb}y60?ra%Q2oX!urL zRJiuuV_N)`#$iu*W4)drPu2Sw@T`fW#PN(mTnDhDIRW4qzPWju#J>Tyh0hin$o%!- z1?G+Y69&Htz%8Qu;RO34zP$!;b749?496quPwqu204yX`0yxMwUw=Bp9O`x}{Bk77 zEvEeu34JZeV!FhiTH~G84wX(rmMw)h#1;TJ{|fe(uwt&mWy2?oFaijinZMK?wI-x;|yD= zn*K8G$Uai@<8%%>4;#1DQ#eV3NT9pjgc)9kwPM*}LPh}g0hPi`MNZY)@8?rO(o{+~ z$a3LevtgRq=|SJHW`33oObJD~GHmP^sQWakh6sjJo^fs2wAgqF^HfcvLL9QP5_-I= zL)2~&^LIqtk7Kcs(2{Uz+(Ip}WEQ`<1X)wCMGsQUTbEn{*?y2SQ{jpV26s=;Cx7XR zy0E@D&h@p7DlR2wV8@=-4_uoG|$S-{fwl zX!}K`{xt6w;i}fQnXxj+4eg;XX%m%w{ndT{YQKR5GNNnLrmqT}ZA1b1t*3 zN>FR*p^l8vW`%+6)yV7Hzcix%OytN)sUKS&bTic6LyM0p6F}=_iordj`b)T~?kk_j zQ1woA(4yda2Bmd2W`cJz?X%y-)kb;6H{F5B z_qyxjtsvOThP06+JZ@T+Qpk%0nk87Yrj&vyhiAMqWc-~>vdqZZxSjdxAzqUCC0>1V zUIq)kW~Vil3qVFx&k z19qG#DQcjKm@|xnmjG#e=YCSG-LHPUCZxxIf`wR9^cK4X_;JTkQ!<)pLL8xsIoSp& ziIq-Bu}{`12#&N!rKrhhKD_!HD~->RMo2Cq|Af&YaN!-OLCy#i?*2;c^PN53nhSe4lt%A&NZ-14rDP%_{z~Qb?GAx$txDuB%HG|PpP9zM%ffj%pxh$z7K0S=Gp144b-{0}!dzHo z2kb^y^-!3R9Nd1u=lWJ-Yvz3jixIP8uMDT5pF<2yH8g^)zoVb_(3-?0LoL2vYMaLr2c86Gh0!{$$5xL}^W&k}~6-Dd>erF$ViF)!S|4 zC>}9(s>)D72Kc266a|Zxgp8-QwchWgWg>P&il2z7E;Lb#6*lUAmIuhms->J^TYZxNWOOM@Xj}4a?Gj zKAWg04>^p6afpkjBxasSEju?w(u)W;D^|Qo@c{z|)`(kJausX5q~U%1FRLxh&wgXy)kR>_g!{GM!m&COG`%^V+hWyZD~FI3LmaOU<}Os z)UWsTw+=HsDF!@L7c`mq0`+@k5BA}gL3N?8ABBvH7lUdqgnusM&ylIhp^T!Rg*-*X z{9X)eCuW;_lewm=Q86*c~res|Y|%}4NYd+Lz2ZuV}> zviVR;_?M{)gsoFKp1Scoe&M*PrPPrNVrcMli>OEjOB2~LZluMTrhEn}qKIgCsjw$) z#0|NMEMgA-2W#k5>o5o$Q)fAsNO)`G@gn1S#5no_O)7)e&35SUs%UhLd#oeTm0`$c z)IT$VA`GGRazn+=S?Bb=gPYieHEEn)tlehPEf&apxFQyYiCOt#lR4PIUd+x`hI?)N z`T_ytdgQVvCCLr6kpXkW*U?2ZUs|h6ki{B(T7L5+^ocwuOIKh^sd$s~Z==XK(B?=l zW^pm~+e5@S_H~^>l^7-GMB?iG>DLOagM-Ma)J71zdJnVk^Aph7HJh-QlZgDnu&Q?Y z`?rphySB;iSr){~$e_^*_k2E1MnyXV`_-x#WOTpFwk6~8ay1cTlt&$? zIh?9~PJEjA5OO6Xk+s8$^#RGb?>w zV;YCbUBuEa74Pz$c%Xj#%EB4rxVlF)H&(5v-Tlpz;yt%i(WVqq4F@c|rt`KV@txL5 ztEn<5MnPz;)nYp~@y(N$4RmvWr^q~dQ9eqqoqlnF~yP)ldtEx%9eHn=uaACa-!Ln(a} zKWgn-x`>?CZ!V>u?xOC|`0%0??_}c_gjW|pYObVSg@CDOtwGYzYZCDVilEz;e!clt zzp$jvvL)A9-}>x}ou!m>m{HAb8h0ky zQf+vC{YGihmP5fS+>09?GS*A0i5n$pTP z#vppG*U%{CcJ<5+{U(&@dXy>~GJ~t_FwNjWn*chIU!nWUR6Ow^9DQ6V7psd&qBL^$ zr!Vk4Y9+f}+5Tv8r)a_9J5o`U%6nyUF{9}=XY@SPm960ha)gCUnj>HY_qU@ClT|M` zA8$UQi;-&HBMc2UlLhugQoZ`DO+L;=R4l+R9427|lU2MVRds6t2s+U!ew8n{KZo~OpD5d0Wq&3s%sVXbq6YudmjR%Xs@^ z>x5Dy9=2>BDfvy4YNc&4B@8uJ3|Iehe0=>ZCP{s(dhL&=FNvGisfyI_oFHUQIBt0_ zv|2@cod(nH#uu%VI>xMObiuK+V*p_SxEQmuNRL&s%4N7}GS}?NP@(9^y1Jay_Ud;7 z&Wf5-nyOFpH{d0$OS=$ftG&(yD=Ws-2v(P{=t>Dqf&x|Xzu56a_6UqIF1*yKbjlE) z^GR{Z4{pSCgXTz(82VFlrDpW!zK3U%l!bc3W_n!?{h%h(H4)qX-O*hV#-{$_`$?m_ z72ll6BcCG@GnxBDMH* zwr6_lb1hlMv@Gc;uF2>q-T|VKVtQ(1A~r7x-yScA8|4LpV(v;y22+1rOOMgxI(Ag8 zpW=MQcPT(&d?i4)&)z674q+7y)E*Hv$M8>JCm$}cTr{4l!k&ag!GqdW#T>!m{zN~D zszGw>vD8I&Z^SaCqFMhd5nRZKoSO3OOC04KX$<)kxkR+XtYOghqwOg@Z3+Sk184sI zLzx)v&{w(Wknwr`;M%}){!0p{QvGNY@m3lk!{IO#i8Jq~6ghq1cOh|&EpQW4@xZxi zikg5r<;vDTOewojd`rW0{B#7oFJ!?mHzNh>Bkx!e^WZ1Yb|BcMU)VPaQ8rHIaq@%A z&%r!)EnZk6R4DeKf0CW2Doa-_^$Tr4uiN9b6h`?8D_^jY-X3Z?x~djb6-86!o$REE zd7*XvryeKveenb+iu{>o&9I_i{X&GP^Hi54q|?`AaPTlI@nAS+;@vH5VaVY1*l&weiA>}5(CVC-GemaufDMgZk~9(f ziX}ULE#R^+XP+4G9Z@C99AoY96c#bwOC2M-ws8I~iSYAaR!Iw=U9Ep(Q%Bl2>MH&u zQ=G5nx6>1g0TJ}5be3Q}sTSCxW==>sdx!42)@XX(k_07{I5QP&->9mF>1%nlp7vbo zC+}8RsM0#%?RsG9@12)Z2e8d5r!ftv1FJ0_8sv<|)$0L2OncTvzbXXANyg-Fej0X2 zg{ncwzQC_s zATD7~WA_jsie2k!K)q6-G|Cc|_NnP^zQV}{*J^7e0b%ccaAckA8abop*qFNkemlB| z&U8QC@sDE%Pu?==z>;W=O|)!Q!`8ilk`W&jHv16p=C0cCAP#Mir`uMWm1nC!^+qZW@j;$Lgnx{*02I^re>7jN^c|Mc)t4I7P*QYdwE zsCT9)44F!U@0pO{w9A9FYZ`g)XR62rKt|cf`>&NwAmWKX_O4f|aSDZBZc&>&YaZ2A zcOPvJ*o(6drzCrArcPjRxaoaur5?ra=IV=I8eJ$M=&+=*`k@&cZ%C@j_n4oqvsLbN zW~^RUEqvLxGIRVYo)gw0Qu0BV?e$T$M}NgaQ5nVKfU_jbBFfXIx&pbQh>U^?H#nb* zXTJ8$Trg)#d9#d?tl;TfL8*{Co4i2OjJ>K{sor~?jsEyOlnp)5lzd+`)TJ1IwLa;~ z6U6jDJq{FiD-sDKgY1Usqdi6Mj^JU5k$nMQUOtqZZPR5yt_TFouOI@9b~fn@fhLvQZ%ITeBEF+|bD2EG8Pi)Js^#r8x2gRm?HUJ(ilvY_DX>D+X@6^4w4&fHwr0qt0@@4^E)?iaIKDH)R&V^ld<@(_ z4a^pz2{^$V;H!}KXkBt(9Kf(;z_3lBupkQxt_u`)6Brg8=n1e3;PcY z3cCsln=cJ!3knOy(G0l>3=6`A0^NaOVL4n7LTQ#Uy7Ha7IKVelNkJ{7H`=9K7bq^m ziWqoDC@jc=g1ZF8eFUXz2hjoh2uc^|YyuDJ{ZG1o!JxPsf76xmxBHteFzzELT_7$L z=njlK%nr#KFPl+=aRL(tO9v+WkE4JI1D)d- z{_@$sg#Uqo3HyT*j;9Cj`kU}3keJee34?HqK-S}oLfSOJl}2J$ULuqmQsNt$^^z-Y zTYIEq6Yc+iYB`3yWT7@9Sy=VJEiO6C%KHWVetY$|*j&eSE{fD2LIjP)a2XgvQcr0b zJ24@<#4Ry?zVUfOG0EF$<_|GBo1bPkDyk8gbE3_#{gEOF3AX*C4U)7N*j3X>9ucK; z1%v574^s6iZ3^2`4^piTD`kHn2HLcrNd&M5sdg1bi{OxpVx{Dn{l9QjeA&0Fg)oL)8O!| zgF?m{x~*x&t!anlDazUK3yZVH)FY>Up=Q%)=Rrv4OMCYdMZ<=WA!on_82?ySpIeme zJ9W%&8l_fD>0ZQCE~gtXp|vT%*kZ=WVxIfTtVYbd0{s(*0`7*n&Na7O+{1%vmh-z_|mY=%5Eq22HzaF9Q-S2vfogq})vNw{!f)ifKZ2ZfK)ta4D*Zn&u+m=^fGWKPg!|u0-!??y&jGCTAe=6k-L?HXqq|C}HZ&dh z)-H)4C$L2&PWQKmlchnH=Z6SHLze%#{0SZ%hKe}74GPry+e382{xx4eY(WMB83_o2 z{I@}YHV^>Zpn-oGi2=O(?*{!lCUAp-aEyY$4QhwgZD~6}`fsoyioYX(kb<1RswWGq zdflP0APWi(SsqyRV5opq?_XF00La+{9@P7<>VfRKH5e)-d6|95m(!^-XhWgN5P-C$ zg|%{Z1rlAVof|PKgvTC!D>pAb*X}lNra&d|4mBd^;{uzes1Zq$ea|O|d zK>->6*OxpJ4Z(MiHX#P+LhKqOj0?VlKMg<)3LqVv3BTW2h$>eJ4kOHW0X$$X{kj0a z@+zx;;IfdIW}h_5m#xy&iSjPgE>MB z0(CF2g(ar)2bv(=+ZYZJjfMuY;L!a+x>pdSdv_tD(F8%d7w9~M3F`eP7C<%-3=|84 ze|2vX*zRB5>*xq82-3YE9F{*w_u@IG=F-%F4}ca|Ah1&YTUwxt4XTviuz+ik5@Z1@ zC8%%^g9^vLbqOpS|I>9D#j!Ojqb$uRVUn#kt7el|W1o)JB@f1v00U~lPa&&-CXfT@ z+?2pvjUYhQcZezw2P^_Pz&``b6=D&{0U+n4zrFuB;2#*s0bo2J4xmBv&j4{impmi* zB9H?>xNV3kAP2YxWB{M$CHDU-w^d31Noh2Y3EUU-t771jp|Bte3eF$2F9d=60{ovK z2dYq@el~#z_5MeN{?p+=HFyY8gA}r0&VN-XcQd45Ay9<^aiKtWpc+KtK7#&_2mvaG z|0@lE3g7H32W+hu5~M#MpbiUw3f~#1@c$zsD*ZstH9*OdmG)2J{{sURK2S#h6}}OL zAO~m{Wu@stI0F?v2-gdA2P*vRv_(9DLo!gHw z4N&%X^mMuB`R@9w#IYope)a&WN! z^!TLB3$ zEQ-;k-3fKxfynpZO3iG8l8%=fCZS9*eIh!ILwnVClsDN9{x@}dDm1Ho#8X6(1G_&M z%w1)8s5PBjji_<*b9cQH-gss$h*GltL+sRSz6Hx*EN4Y0HRkzuEF+OQUtW@pe5Owl zrjx&UIPleWM+B2c8Xt^r>b|L#20Dp$sk_Y$@V0W(n)dfsxj-k)>$#k>+%a|tp@1G)uG<5^2G9Q!tE@7I zh0)y~^mu`2ZmxjZw-!^HC`eM20CXdm#RduU*r22j(tjp^cSUi_y6^0_#5gb+Nb_O& zBSsrdQ}$#0w|zO0$fMuF{wNSUY`8iT8b`V7K-oSZT>_`yT0K&vY_3tK1akqZ>?x z=me9;_c4|-+sMfS*Run&@AT?wq+SZm*wE~SO$P$=<=2_i;lSs_en=$gDHX8BqPPU$ zfzj4PJtVd%*0>X+kuDxny-BL>T)xB5h~RfapQVVWII{}|uG}nrR#vuzGY;2tP?gJe zp|qG9X2LLI{8?|mTp9J^G!K5F=B3SFVuamiC0tfUndCuTjVu7|f@hynIegg)kMO zk`G1DC@uEm=a0~0T9P@q9X`UKyE5~ckwkO!&S+lV1@T4&q65^!R9k`*dRH&h49?YoBXfcBuFJv*h&yu_F$H6P|sW_pc zu0+WkjTsVmwku5Ik)ouT>I$4_(_yjRC;bWHlUCrle& z3wlhiyNP`X4m$!J1=bLc_bEkLRQhv{RuYMYxSBoDn%G!^Iko0{h0J8)D z?prqnfw%L#(n`zM0WYMsOyA2pL=84GLf&$hq#*dToz`}T*Y~H)45#5lI*#`XxBLb> zZ@axyw}(((*0-P)cE(nxs2v{jPOq~z0|e1ezImoIdwAnR6Ten{<$VDFx6$VzswpBo zyeKU|#%k)t(LlQQLezt=@${_^U}F6_P=gd{t?p6-%5qPt@acS_a_r zGF_+KMEMr5xg9f3%$I4k?+r&Z@?R~X$xHh>j5WtB_|7!lzrr>GI!;m-h&rw32KCd% zJ?^Fg?mh31QXV$yPDFkZY`DD^OPd@8(sAqa+AQ?`y4Om9_j8;&qpD0P4&`_?ZlnRk z-b?*{x%qRSHqKA%IMB6nbAN2dvwQF4>$pp_)98EEQE45Tij6tt9w00!EK9g@>Wn%sQ;e{{~u(_f`c;s!I+3D(ge)n#@vau_Wn8D(u_Okc!^(d)P ztUFxd3fa{sS?N)v$O-#iJ+J#Kxw=S&kdMm}N(62ssJBn+u^?ExT7m#g#KORq9!+dwC z1n@t`XKpkgdGfwouar|YjHbV-pY3ZM^(4KU_B;`lx4s3-bbNm3s~~E-e1lpr@R|%o zYQIZ@LK2N!b$-c-`lNqTNtc;QMd&?eo_U_Z?!9Z*X}|h$5UslkA#f*Oh|p(`p>S#**EPA=PU0K&^F$uV!Pz{tqTZqSx}4 zjgH@|elvew)@a-Lojpu?z9$h>Z>+Q2udo`wv4p0y-UAMQNL*MxE0AB;>eaj$H01Bq z<84^lE$;>a$N z^2;xOSy*FvXKCF3>9=|j^(_fdF4AOtA#mJ zs=-L~{N^Kb?o-E7W7T-OOvF%hlu^i5o`M?+I971#HF)i`)4QJE+Glo?7X!FEEq^pG zYxN#UV><-boOQdv0p z)xJ~JpZT5Gyem!+dA$A{(;#%44Un)+Uw4(;;BZ~B>x&{ZxVoXcTo_wHa~q`UaC&ZW z>b;TAsPpJ29PoaCGo9FIt5kUT`b=TqVRvsXzebJk{o{4;JgK|{;M$Ww)p0+E#9y-E zEw^xo1=v3~(080Axfp$%D1*2C!;z;i;Ic-dv+iARcGkx-Xi4oifp&)$1+c#k6){+R zO;CxALiD!l5sRDW&(>=_xVVXWe_wsuow0+lE5MPfVWcEI~IgHkNV5oSSGfrB6m_5;8efai^!Q-al z$91a_4fnw%#k&xSDhE{n|wZ^=miFYmlqLR zU*G5U&Zn7&K=ZnvfSW-Tqr!&UA3O% zr^M+Ky&W!OT<8(#`MwVV+TIeZf2Ejg05YPJzZ~SUVYT_)yHIs{A3fks2=G27y{`dq zj)rE}9QS#KABf&1TQHsaRjHgS}K0PUG4@eu2{ogmd zI++~+E|&MqruMibZo2rQbxxvs*vpRwuYu+M^QNI-Sc>yfpz|L${f0NQ5iz-v%O}? zra|N-(!;M{@Veb$Fs(k}vppqa#(y_&YsVwfKT>b`ZM~mrT#g}d~JPsy=J8I zVZ+;Yo9NA2pL?(Cppu}?llnOmYsGioZP`msVB?~IY0OUGTq5fGd3 zeXJ7jaer?1OC#a0-JR&<-}7*)%y-kXzYjfFe;g(;c&SWHZ6`xqGdK9T;qEu`41cd( zchP&ZTzNXVora|2_Hxwueh|okE5D}rGTcnGE8utNG|~B5sFURFwX-?=TdR=Q@#S@c z?`}kZ7hrL}eYf<{jOpmS^`I#`e*wYZ>FagcQ-nF-?ZAr>kNIJI>&K!o zx3|m82ic3$WvAnZPac~&90Dxv-9M2ioieP~0n;dS3w)g;EiW9emu*}cx*l_GL_8ML zfVbOVSnJwK@8{kl4t*-3_s6-3LN~zFLSXB??!A@YgQtKtd53k#}OWq z{PQ_~6mQ4&xj=MGWyihm?piyQ#SLW#oAtR)lFwE2C?S*YQ;tmKi}1zvVub|1{oWCv z#qe;?=QqZJ-`4QQdtU4Jh0O4>q0N=wkJmdYgmE*7X$gAse&QP^O?rNHl)iUkcb(kM zojR2s9bVm*FYNDI8v-p^_c=c!*H4yYb6(1BDxa?2LJRX-efe*fM%dZcHZnV28gJg8 z5(2CYHqIh2(im~uj*_VqIv=ku{GQea3km%I;hlVEDZ1M+J?Dc2v-n(>4ej@9dmW`M z8&=x2HGn@00`2ehy{||D?dSc2uX-EE3!M#C*QsvS_ZyCfA7Fi+;04+rW5aLx)<*=c z#s{64-uAJWHk?kAZm=qvcN5;NAGmxgeskVuo<5?0i6vudEWSa#Q^5ZkP^TZ@3@pPmPGRV0&jb@D8Sk( zbsge)!(DPKjVc#y=@ZQEcI~Z2nZ3BdwAna!IYZ}sCe%v&$h~H*Bvk_vmh>2hHnCVO zbscXvHRv@ukuX`S9GL2v%GeO-$#V>U0>2};=-+C=NhkaM8HIaB+@aH&MtH+tQjJQ0 zujuk(1w-Y|zz|$$1~(b~*0S2cRl?9?J!Nr%3wP{nk`PvF$>Mc3sXO^P+{(? zNf{UgukQC;(2}nBg@JI|7Gjc4_L}j<*hbM74(gDA{bq2S|8BJSI}3#tzEv2334GAl7t(dYu1hkp%pCoFA6Qs65A5tnEi>3z$#5czew}Q?DJ!ERI`MrRc#`g~K)cP4{?p4u#)^J&^Kex}C&h)if*#QeWwYrYxIopW zvc4>}u|F~+($^%B@_~-E;a1N_UX+U=g{)i9UEll5j3v}(^(C4>j$wqU11=-v^4jfm z4|AJH0%X(y&hWnIHm!l4qiqvw1-3N!r&pBuGd|leA#~67b(+ O07korE5MQ=!Tt|Jk5JtJ diff --git a/assets/federatorai/federatorai-4.5.100.tgz b/assets/federatorai/federatorai-4.5.100.tgz deleted file mode 100755 index 30652719d6daa1a3d7d818a2e86972285c89c328..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 17200 zcmbt+WmFtb^d;^PoB%XIPc>zG0Vz`(TZpqPL?6Pz8!6Y>~|@7GN{BFhN1A}N}As%OW2 zMPbJ3jSR%pOa$;HXo680Xwy892t&ko@>NpE(mxhUkWs`%aEMW*mvD*9t0Nv7vrfiQ zq}wi*bK?qhS&NftQ75}gQbrl6>&mfzRokN=sEjpIXMA0LZy&KZ#L7*FE>IL+{xh3* zS5%v2uDI#nm)sEH;tv<+E9U0SYAG>oheld;Nz zhoMA@v9CVBgzge56!CRsZZ8fGC1CS$SHXs%QO{V0B+ z#c*P9e2H>UVk13K(EIt8I7%t%mE2S^mT(kIM9V!n)p@Cy;SdFV)_U>z%#q)_GnJyU zpRC`PXIEAb5)edGr01K3=gpBx)3%kS<`0^@OkXMSlM`q+Y|e)#tC)NrhP%@|^k5Dd z=WiRu0XKkQ}4Wxs$i}AVSG|R2~;D z?jqT;6BpS4BpHa8zMUa~5Pb%Qh>K|hg{tz1pMiBhu6LCQrHxft(SfftRTdWj?^ln; zPxL2J^BA8?ni*0_jNb|j(IJZ@!UqZ%ek2BQ1j5x(?f8Ws4J#=LiO?;$l94KNVkc_K zq2g1N$Sjfa`ZA8Tsul+?YhEL@T<`d748=qm0(#Q%8P`i71SQk&W>C)arsn zlUc#kWD7%5k?#>E2Ntws=Hl$v!!dN>C=(QC;TK`F;Z|0e?_2?xqVe%{DkefAQh1v2 z6jrI^_0(E6>WzUF0jOs;qP~4zVu^F{JPfy*w=r*+Zv;F>=v4*jEr($m(`;FjgQb|7LyPU0SltNy| z7+`R98V1>wa%*O)o?LL3Ko;k!`El$45+=~lc! zKkhf@*SIIv0ffa1VlO0wj?Mm+=0DS9y;v=grt!ZMQKgVh zWQ$aTBn(b7MSJ&!Gl@bumJNXbGEQn#iJe#njj-&@ zN3vVY$&O3n)K>DTA-tVFcUtt8UMlFU-mph{bY7f%Q>LV&|1-;NqoAa!T$23sDROoe zxwyI3Yd!-3yY6a`F+5R2yj?jyDso|}t}LuxcdvLl|3ZM3I1R@Y}&x&r}Do+3V+LSIy! zMlj)nX364$h~t^u>(<)q;^c8p#5$)p_*Gdtx~jTLObs;^WrrfF?Euaal80wckqVX> zP5DJtRV7_5i}a4LsCDh=-mBiY?l5~i;k7}|;=L?i=+{D|+B>{(p9_7xjJ$57W_wCo zx~NIdMHLby(XHHN?Jwi2vzr5y)T@DbnW;t13FoSCMT7wuCP;c zl(hJpEzy}eT%W$iqQ?0xSkJ=AH}Wo2@5?bru!}t)#0$C$EFj>vo6ug?a!lhMZqADl zY9V zd_LH0Z)v5t>*mNwdJ3o7QA(HM@anQ|7~ zm8se{s%YN^vZmN^DOJgl8wh3^A}A=7#rpO?TE9Q}V3e2~Gnzqx%G*;vAFXX#OkJ$# z$}~ne0#6{RSwTG-23F;=Or93 zNB+?)V@H*=n9B<|dFXF7o;to_Wp5>U-H^9Eb?7C4lDl2C4;h~|W-5ahAA4N{nCK*m zYLgZth$YCFsy-EA-1mvHNV-5D&Qrw8OCv4daj5QCS83s-Mf}t;iBc3qM&5hXmWi7) zq6$^ds_DF4ow6JVdczJAugt+Ws`aN-J`|Gs!WfzNu{=T@mo^So9m8~CZs12b0%aWh zU}?QYc~tEu;uLW;TrUnoI;c8UgBmRSPG~u4t#L={mL_)-Q(cL48C4aAE#3{-Asg2$ z4LaVeLIU0y-Eg8o)}1UziDhE#EA^CWb;An8?)E*+B{HKh6hiT0q98ruhD%AOLgSsp z@O?woCdra-RutqbwPC+k6D1SaP;J7Tex;*ab@%QuU(>OKQ7R+cHV8bUFc{O;M0$0W zUO9}(pcu|6-C`$;^XzV)9H9y5nhv7Rd0uj%k{SOxZ6%UHic0o`B@w}iBw1{^QZ2Tl z;d#jup0&BqHqCohHwW>J1tZp{5!!l%O21Z%poLQljD+($S9+N*EG(0_%2Jhf2Hy+i zrI}Cld<4VGhj5aHy)@(qvo{Oglh^Fxz<#NW-iNH;&R(FFR)<+N*Jd+=)x>q^;TTO? zz?YAkQhN5p&=UGQt=@r@9rI4@^8UR%_D@bdR%Rnh%_D6p!*6T_uJw&=zihA;(0_iX zC@#THiXxRLzLG`63B?*&P}05T*O(x0U-NYW6{PDXD_0O0nisIVpqY7VMV! z66~~?+#RVy+n5itR`@?uk>CG$b4&J?>1%giM?qLkM;O)m-4KCMQl*+uhm9OL_eT6% z(k1rrXL$H8qq-v+OHtj;I`43~@^sh=s%8WAg955>H3=@G{7OQtc&lZS1-yM;Y@K$S zASx)5w;o!J4Kzs`ID}mxf{b*T1%E90=;&NvY;aWP!qiSv{_LRP`kB!8LX_f5ZxyP7 z+D1A03R7Pu`@)agtLw_bEN4+?5sEMNG0`F0Q}Lew-a5{RKxI(b_z`d~gsWouLPFH9 zA6(^Gc<@uDp9r6!)EtuP(^%&rJKR&620yhud2`pflyPd&E*$+D`LrQ4j_HHVdKr#w zLQ<|c)&nb6;>jU7O&!a;2eiy||HZbZhlof_;K6I1W=a*D(bK(V+!6JPDSNgk@RALn z7#aO*U^Bk<$zL_U%;l}78{-#{C2ptIZt9Re8zYJir(J9wdK&q41?WO3^d1$5R1Iiv z!C(oTP{pbR`pZ#R07EN+`OD*wIy)qS1T?%9d1DF{iae5jV#iI3SZ6X?u(yy5jHatLj|#CNu+c17yKi1k^y# zl-SjF=e%FK_=v03WQfv zhKD0Q%V?t8p29{_5f7khAE?+dJHIDTLa-lD`%r;~tyil$0oXI$cd{$P+c0_~YjfhB#LJE-?YOr4g0yc?C#Pm!fMihb*CC>~sla*gjT^)a7fsp&4c7@XL2Z^tpMTG+6(zNT)$> zB*0InEm68ryH_2*OFwSpj?qME!CgCd+~h7^hw+t2K0p`V|R z{uguRJ6UhJuaspY*A|il+VCVd!j-hClVd-Guu$14WH3*thvzMMU4yiDs^&E`CU0Tg zwIh#3XI5f@cbeWFy-G`8DZAd!!X&5cT_^b)N%A5O_K7*7QVuq@XKQ2$t7DmxM_a|r z8cQB?Q085GRFt{+^?Xg5xlXbatDk&Vq@U_*S+U}vZ_`#aTQi|oc0G~NaP(wvogS;f zMjU}Q$uTsan~uXlZfPmQR5HBqY!HliknI_!rM?Rtyda@2U;SLE6D-a{nI`I>k6Ch( zDnHf`Sh}TN(Yw^Kf6X?jcRvgKQNVH?Z$q1@ctNDG{X>gDZJEAeCau^AJFp1$6kjHW zD3)>H`R0OM8@Z`;uU~Bj=p75RbG7BW5sIE8kX-~8%V)v80Efgg?@9Deg}?qp>8%oC z?DX<5gz7v$__H4pGdfQ9)7wU-+9koflrAaf&!IXspE?z0nUV((1QTvh zPT%*PDP_P$C^homp))Ydh<|q(Ne-^5*UF?eTgC0c77|=7A?@36^K*QeKNJ({dAdoXCXtwC+1ieb+n@Pu5X#II5 z$OBlEY>yXnxV5~ih_JI_XMKRLt$MnyPq^O=Rz1)b)-wmtRckvy4NQff=Kh{+8LCI0r!EkGslToGAGtXMMPU>lvlw;j;mGkwiAB!7@lr z$Z#FJpIQ%0$5K<6(xUj%$A|DABAtqHEyepnxTTg(N_TmZgO5BY5>Rqz6jV6kaYMs< zrylv8oIbdYs1Vb#dM8jJmWdlbXbu!yH*erHj!`K4Ee4Yn3|4hXp>qfjOoe?WdJ$6e zW8dgesW1k%keIN!-umC?Jm>0aqLh-9z{w>o3*H?iwh9)0E*W^a7Iu+Y8!nrnHJ2DF z7}UbTQI#aJJ@;a-wi?B!Fcsg;7j__eD4{hM-~G;;)wSpwn9P-V-c!<5WGmv$PaWm- z;pcgepOtU^?Q2gNA~(?9#)Lop;{mJGqRP->)CG7Sf=?6ueI+Yi)JrR z;`kU2XMXrf=aS8plRuaZHvSa+RKwaBe?r5kW3Boo&Si8ayXvM(RK!7PKKRRtrk3l` zS7twliq~`$N|kjWHRwj1{#T8aIJ)ZmVj}HKsrxVOcBiG`U(YOGy5m?Qs0fxb^;9S{ z47{#uZ5%1}lj+nf2oilC@UozBWg--pFb;~AV_oA8i?^!dushHr3RHRfLg)?jxTusIW4Vp-JW74mEgCtTX` z5Y>yY5^$bbN)vL{=9*BQSV+6eR*kWJdFe0C+p866VA{u6O`14iKK}rfV1*;e()pe^ zAF@3XGR`ob^&G0MdZ3XnYj%Ycd6Eg;6q_MQgE!%xb22@*;q=!4_9%uJmTIRIKOO(O zuNX>572K2rp5iVmA!!+TwN3_`Nr`wJ4ULw&E=98!(Uv)TXFiz|Ke%+==q(~$cgPrH zC~u*Yutix0DS6B#IcA>==v>&bEHA~N)n*a!PP)m+MdV7tKbt^b|Ey|U3@bo`Hk5YP zV6U8YRK{8+$SJ_ThBJ5&m6M#qxWvU?ZV+s&Z@@j*(Ok?}gk|}@V$+mt+VN#K^b_V! z-t?Kxj?KkN`ZCk+`F2JlEAyjzbW@)_NtVeF&Pb&ga5^0BzaA-N6nF)d(*~yH6S4HL zsHp9wmHKKWl@^AltRCbxI< zFyaZwhSk}q^x9Utidl`P@6M;uG17Kbf1FX$Pq8RFL9#vg8>1b#>j_*3&ZWup^eYzD%(z$4Wfg8Uw3Lwj}SWP9> zB=aD!D5b1xrsGLMnQUa7Bb~)gvKkHuN#hPfv{_*Us>(o`;o-gF7PD z=bWw46eGtIyo$Gf*Zo+=scAGX_H~znatUlwOD^g6bgd_fQRlNn#9_L05MlP^@sst? zuYX_Kl&$F^CWzO`%hJEQKJ}zbEOBTwiET2ff#UkQ#GhPlWHOkb{=qWd1v}DEI)Vpn z-waIyeQ?otb^r_Aw8fcs`|(H=Pu{ZDnuk)E>v6Bx!HLDU(g>Apx9*~^>IbY*xX#Ge zW*Zezc-LRt;q^@Dd#wvR#L?BC*WFSr#On!~aBB2x2K-$(B5V_K>7Wgi?~^tbXEjZk zkRR0RI>M`N456KuHNDQ|nv~sYPi}>8@b#(q=pQu5iBjG3OjE|n-o=99V^>L==^Es=1Z*YIt*^OuC8@$A^?vFpQ z?oGZ~>^t=);}5|kbc_&{f8YYI@aSM0;JZ3UF$Tll@KH5na3zp4=@MvFsn`pMWx>z_e!C<2 zzce{4TEOL*IX!gQ%x8TWtlM^Rv5|!;4;idxTX=(909REREsLwwGN1>J8|W@qcy>Zx zBl}Sn&3~srE%x_e3yxioi!BVp>ab>KD_QbK*43?1bmRQC`w=v%ooGje13s>MN@W?W z4=;c|g(Ny22b!$`ikG169go?na5WxlbqY4>FMMMPC+8=7nh8V4$P28(9RdQ*AK1_Q ze*Jv)lZZn|77(jGt zhJyAo)(UeRRZI(VLJFIG!6FlrV&y+ST>bcA4O_ombd%@&cH@mTa$DDt4W1y6p632R z%O~0(*JA;h)i;y&rCylCM7;lk`RHsmQG#55NT+Mbo*<%l5mBwGa&Ax##k#E0;zy#P zRUul%S!<&RFLOzjg2H?K$9XIwT1HD`U9J6FMt2>)W656&*8FdSJ58>%&5uf{adV1W zOwJlBgNwIDKj#85_t|G2LyeQ+2=aYlF_N+Qc;-FaZ>RXf#k#7RxP5AK3s0NNpf)ExS1+1 z-V0>WCbd*j;^x*QV%mKgB#-fJ>deER3f2>IKba1O6>xUHj#Dvna9oG4>IR!z%Yf!; zZR`;0K6APvL~h=*6d;ex6Y7$MAk~+jCRfJSMM~{ zgG?MbY7E44ahNNUTlv|3cjDgR5dTqKPgcm}Hr9J7qn68Tt(-bO`GnBc86-YpLs3sw zi%ezxl+%7{#Xa`3H>7N+A;QkZB@}K{pdw;==IiOR?7R0SO6u#`E!w?bbT=nBv9)r> z>QQRhypGM!etpIbPht=FD9?^U*3bq&7tb=pr<-Tcq@>A%9VNQ*vl)aClIVwI@^NXX8yDoi7NP@H&r?@PrE&AHwP1WmuEY zsuqy9CbqnYkVWZqFelm`A{^ik%EPaDSugT%qBdQf%Y-<2@0ng=c>Yk(zEdVzg>_V# zPhxeJX*1y2#8I)0+qEH6=9HpRT6K7-p{dKpLdn=um-|j<>T_P7s}1_oQcu}@SGZ5t z*VJf?-sXWT0|ocaqz_8`O(xbn2?ZPV)gK!)iJ0}2In~3TW8G_zj%;E?t18` zIynwRsp2%!nROc>^SenwQwS?I!_N0+eL>yhQq|!#D770jrJjKl6M!uV$x%K$#>QlI z|CJsx=Dgi8jG-k!r?s}!9E=(yz(&wrijis){Rw8W;c~A5p3^sNWotVd%aq0ZAf9HM zuwrw(WRJBdz^OhiikLb;kAX$-W~!`MBv6u*y7%JuVF)U@kJ05KU1qMtqXRapZ>7tM z*0#&FF*iBkw%oXY!^B}kMh8>vS8Ox1?M$Oln*;0LXq%1L93l+Tqv#mr#IGuoRaXmb z_bl`)S|1;G&MjU2$dx75KmLZyBk=PnH;lDqrzs2TbpD_$(I_dXvVk$F z%m%K~^4EtUY45h=Y*>MOm_N{kl9{4@I$b%|+m9z0luR}na?n?fMr{P=_|6a*SU>PK z5o|j_U$o*7mN7smKyX8DsgZ$Om;fxW`9z7puqpxB8;%IJV38mclFacTsDV^{16MH;LSqKL@tkMt&?lu^R61prfE*#`eJZX%? zjf%l9_4w0)vIc5v?;{wvhY67h;eaGZ3!xwg1wI3VWi(`L2x^GTPFQdY@h>XKe1!&` zVglpeXjWU3m2go1PT6lCCP1~c=W8MZWN(>VE&*s{(3s^eaNx6Lg5dV#j-}k1C)*Rx z3R%@@rN$AahRA|&aY77GfZ&BZg2}}SQ1C;9LUvb%a4~`cTi>8^Rrj^wrbmQSz@AXk zBa1>{=jFe>xo{WbR;2&HdzzrPgP&I=5V0V#Mq$c71}HE=PM67;gK;}hxe1{+seuY) z4)VPmkc)emTj>GTP}PX7R9oqIIIdK1Q$4LK!z@q11KyQHvn=6g$>GBfgi*^N7_>1-O32Cr^5iZP~C`+R9oP< zA)vUM12A9<3ic5k*9V*~7vv_44>( zxfua=P~Zb*pfDHYx(PBE^lvGHZ5S8uQeFoyu6Xtr7L;`z)4xZt`Gx6o`jDQGQ8x`i?6upij9u+J3chG1+xu~WIbHKEZPzrOY zAESVAx&d~79EfGx%Va4DLRQbf;4-!UCKWupe`L{9noVeett?UyRyqwirE;iUc`LD|D{q9Id*MNpHbyoC?=i~`gOiv>znvb{)C=ZMC0+t`W5ZFrJUU*# zO|@*`Yy(@o4TxLu~<3Jz^~iqNUC-{RdJPYN>p1bd%_S znfEpaP5}pwX-WJ7LCl=mv>E-7#pkeTY(^ExA{9!(-FL$<0~leGK|fhUY%8p6ijCab zRCLW?O63e~kjoa5j9GCw=OV6Bk)~6vYE$Wcq@I88k3tWAdau(l)BN#M(l&EJaCelB zCSgQ}+Vq@8NSh7GfT?#m-D*rz6oe(@;9)}UW10?l+TuLh4E~><^;}^?Ak*2VDb$O* zYy$F&yCJZe+_To7YnbG0^KP81^qa*09tIcY{*o8;4u|R@Ix>y*pyX+4G z^yVH3E!Y!sbMKS{>}&(>rTWK6|G*$d+R6Ykk^$nCJeZLlsZt;|)r#1_I7i6tk$%td zM=I305Sn^=I0$>FPQ)va!v>58)|Pw#7v#oX3Tdr19_$qr71+Y23E)!CHto%LC5Huj z_Gb9JL4%wV7{R?T|0?}IFsRad{H^r#kez=k{l*?KnlY zgP{H~637MtKpV90FC!&GZ2x7XzhiV!F3fiFV2;1x>-WdM|+r#`j0vJh}395R< zpsKe$00Xw5U=d0{RWArs_5OtgRXwnCJuJBQU)2NKD~3S{G$oYIt+oqN8sBS4Ee8CH z*c&;@v=&3LCtAvb;S5g1kx%}JLLrpvvhcZQ+qsPj5S^>3cRUtY$;8|v6`P0m4ZWX> zh1|=b6bAUt{-7rXg0;yHen$KZ%%jj2 zP#5Zz@A(MdAN&7P-=t6-> z5zKlZwOI^Oek71!;Z|z{x=>&}xbasN{#AWoQ}6$SNeLXR`r+&_YOQ){6(D#Z_dvQA z)WZD05(b$d-CGILy~E*%U<(#W7_56q!MfK8Y8a6etb0MuCdlC4|8(zPFjy??fyF|R zEQHfv-OJMkLkiZtAY3@e9V8Y|c_tRHmjjH!i>nV*DgP}k@WlpKN>Jel!omVuNZ6#{ z!hsGh9RJoOs8asFuFIixhm((>`}WA|r>RcpI90T{ClL*(1F~dbz%7Iu)Dp-9aX?ZB z4Fn$xB*-cehFk)3z!``GdKDn}AkRP?0Cu(k_fr4kfPY{R2Lxn+IUo_SR{_ic2Gl7K zXCMv$;~XKEKpYVIQ$ZHn7UG}Wro;Frr4hj31ctL1Nh+2+9%;>;~khkl(M%EzQ zTr)8doo0I(Yf+1utT8`Xn{D%EN4WY*&4`L3lzJ2^G?EhbH`gkLU{|9ojY&0YO(Tl> znjb}ER@TuOF%nVZ2P@6BkdJC7y2i6|%<_?zM}|`s`<^Qp8p0-~*35ywcF#K_Y(sJ) zeweF>PZWrr)-D++#??TeNun(KMyG@ATQ)a-my*+>ksPoPs7bJsOM{;En~AedNu5?- zDkv{^ne*cPkWmv-HRz^tn^XeJ{?FPEO39UaCH6guIDxmPzo0Sq7F~xv1Zy6LYEarJ z5p}UM)a22IVE?<-Om%liW2K}#J)Zn?a;g`zes*;$*S-2xi+bBTwY~3jB|T93Z421B zEb94;>bbPOQ#S;RDPCgbY>wnKd?K( z$hhY^o#T(8skKV7ip_*4+RY7!JZA}PUZdAiCNzkuOY{$haj9F`gK8*jBP-8V(D|K2~yysJ# zQ_u0U{*Qp@99*OeVHClID@KjY@@DWaY;>g}*`Gftzb4kgqL*kH>tJ$lamd>u-F#?t z+DROJ!f-7aRiv!=QP<~=a*M5EUanPg+fo{gZ=!{aU-z4`Q;6nx5%)lS$4ZDjm26;Z zb3s{ZDijJ;zfQDA&G+F@KTt5TQ&6LNdb{+M{5j3X_ql3Ifogu7aEUNvax;+LC_tNw z!o=U%j*=>?{4_l0iF4eAFg_I`!B)xYRjvurYz1S{bV}ybJef$u^qyt#xp0xbh-LN9 zj+a?5A*%F;p~)6h=*YTRTt$co^GycGD7FsVZBgBUz1;OBzyhNKNSt@ZW3g{ zWs$f0S0Rh~y2RsVvo5CWvTFl4lw{2_u#4$Z3Iz%*r(>G{gqFhw!@|N@>|eMYJEiHOr*hNz zN&0l-x@gwhjrzClgM5a|T$D|&{|orZLp6A#v{ zzO_yVdrzo(JYe&)(R!LZOj*>k(PC=&BiVfRD)MS zC3D%yT)##QtN$U+;qwwimqw6WDMU1f)99j|7%CGq=w@})k1#yR9K-hYgo3hQK%Iwe z#gPItT-@21{Dmt{DiN?czcl@!%wCS2OU~NHB2|M#dS21CG>1SWd`2NGCAIxqlax`$ zF5Sc$wRrc!I*&hD}QZV1=JhbZxUdcGAMTr{EU6OIZdz1vgfP4C68 z%&&XN>vp<6+fnJR@GZW;9!~k^h5VFv-N(((Q$7BdYnrj#(wWrv{_;M1bp;vD(E>MC z_B!0B+3EKF=gzac0zw|os66gRBdS*Sp4)puZ%lw5>kW^y@9qm<@Alwpy5s#%V*H5! z9VIz_?tQ-(<=%$8-*x8rUEM`%%1`inc#YX1<8cl?cedO6wE3+H#4J8)<2v<&ymdx}*h=Cph21Abt$2g)l- zR^#ycxy+<65&CRDGREq<+HW>-WSj^1$@}wnKKD)8#J9X2>10R{!pQu@OA{ zE%|QwaJj^M&42FV9g(BaWq1i~T+wc|h5vQfI@a8(nHkgTh(t?Hy;}&?##O8U)tl@J zv**PW{E8j#OYShyoBh;kNzGmD>eSQ7jDOVT^WaN&HKmoHkKG@Eo((U(p0uO%M_J8c zx;Mx9y)LwugSMNRjO(eM*N{x#u~q>p)Up@KDFM^b{TsWtmHk-2Vhw=%BI(|r%g1hw zaPj=@Cvu$oug$xsjF>qRohHra@qKF0q^{fm-H)6zfabs6hV)$l+HXL>R_!WTj{dDH z=CXZ@^r@itT1j@-`Q?Ma2jI_^7Qxx;Uw;1Qk87vCi_Kjl{tSHP3n$HE@1EzF?IUfv zoaVTgd>@?~{2dmq5;E*sx1*TP0kI_W?(e2XF7BsA5`?5O`CP`Fr-%u(S%4$RRGoEl z+&3Su&*(3&$7T*6bZ!{P%;4%!vSR$Fb)d?vMSlSP5iVi_{w(WJ0@Ft`C6y z3B#8h)06?=)8SI`e%#_@NBQN!l)hPnqTur*-t53|o_VyLX`7 zu))jd1gP)_+(IT?Y6IF%yPsX`_jYbJ-WI$^iVpp|K3k6qJoP_gF}-RJ>2G%U8NOV6 z`6XZK{im6Ou={PFgXof<`?P6pp$G6gTC+wM*l|0O)zal>GeknA@9!#kLyQb;pYkX1 zI+?OxeJ7CZ`*fb1kZwNiRpB-^ej6tXtiOJZUD)*Nr_@iqF*L2QRnt#n_|S1-+}HJh2}2ht+b&aG$Fg6y$r1@VhFasbf^3hAk@EGnx*%CXVv~xQYLxocQ?BK zy{E^1q$}1uB^J66Np-Ogxcb5NRa^#4_Ug2pg>Mq6J z_a?ZjM!);=qpX=v-b49KjfccnV23fV!JzNqp!3n`wW|2;^xoqvdHsZWom(^GCIeNd z%=YDr{cn#D+gk@7zkhO@SAX2g+Q9kMRW}m%zi!;nbS#py+vA@Z}}jet(8g2ZOuYTr%_`Nlw@K4@#kRkGa$Sv>146 zv^LiZoXxh|w^b59`^i3IJmC4zX${{lGxbE5=XC}fv$8$U;m_AHTOFq{@3H&mLCtI- z$2Yd4h3b)}7aPyf&i#$~#8|&p!1o+Iz+^rB=5gEBB$iHg=fRME+MkmvF@4pZ+qa5r zEsn`0z@I7%P;m13$G5dXSX3o zl06q5mnTONH=)48^BP^_ancu1aT+LGCaLP$dTXfR+uxV%;ktVzPw+opy~&BYkXvUo z?=J8GZpRiPU-;O@0_@iw_cR5EKWk(Q`nF8KSNELuT~vML%3O8@PDk5+cH@mHweK%i5Gx6~jvaEoBXKzU=>NJiVNOh2NWx!P^E6o%%~ksJ z{pQO<=i%=SA(EQ`|3!(N*b2f)&oaOz7MbLl0MNeWa?^cjuxx$P=PJFJ;C!I@GUnwe zg^R@3bT^^qBClzp)5zH6V*K=yILC{gr|f|6m*!=s!=-twEQ+tcsmU?cr9xTT^CKa_ zz4!AD-UBec*=!OkR*!YJtmWRrd9aMR%hz*<`&xfJXkf8s&Y%D0KDqf|9pJl_?2H9G z`tmYc1~24)-uwIe46t+QxnW~&)B5!ZlFQf9Z&h0}2Us3e!y(kdR^1iazqWx zu`bEAi6?OElG$>GegZ!GB@^$Ccxy=W5=v1wf9g-E!OY^3ZnMj&-k7zv!;l z-K?0_!|%STk4v%<_hdHF`ex^`TRds6*Kt_4*vt%krL2iROKUm9PjlX4Bq1Vs`f{=9 z|2De{e7)UJ%<<{II^t;1@WI%uyPq67x$rz28k-V0Y@T?`irs))F}FHteGEw#mn@aZR6^8T3Q5D6q{{Ii7hTKZgXvHwr>ae;+_iuI-BWN zn;w(N7dE?J7l9uhKKEM^TI=&Xe1AQB=YR2(0(3czx3?$I`YmuXFKL$p>?rYj3Oyv5 z(Chs8(pyRSwd*1CQ|oPd9zBViA6w7ySr5?X(o`%|pWkpW?lRkby79R=%|5~MOSLV( z#aqx9>J8tGw5$@kQ_Y-**QlJy8tp&7@ltxOb|yAQHXje%H3S|WM_WQ-mYo*g0X?T0 zVkFGb*P(|K-8-Wd-7iZYu>hAPTrpo# zeD~+5(R?$mNfy+kOZS@M@HwViNIJ5Hjn`;qxas_SIb?{W} zSaK>AL0yWW%aFjezG<>i^! zzH-fHrdNJQpzU>MtOvO7O`hZR`o;{nzcqIXmyBs8cb8J#+giO}_HTKqKJlt>JTLEt z*9YE)EMndWz1}_(lHa)di>+O)oP=9%R`EETZoi|r#bJKE-H~OQeehxi4)FC)b=_v@ zclu0S>rd*p-p6Y`SFc|V@ObS!iY5D*{lYpY`V&%P61qjg6hzj{J>3 z2HR&x#hCMv{)n8KEvW0m_m$4zIjwDe)$zx*QDs^+o*>Iw64a&P*tGbDJ&`~C2caOb zj8F!RmbEOLY(Sw$hKxWsLleU7wTNEWO9NjgFXPQETO;h4LdH1UmS)T%qKrye{#y4v zZj=JKOQ$jZPK2jfS+updy30)M)Hv;4=Ybs7;cmW4iB&{8Wr!V(PF8{ZAoiFUG26=^ z!Rc3X+BQ~=PqjB>@s2T9?xRt4B5kzTx$aBj?~yMg{yy9=vf-a-Pm&)&s;AOPo(t?+wj&e4e;94% zoABeIPcQTB*0E5iME^{S>;_Xch!Bx8k%oAReBuasy6gvQ-De{ohf0R*2yd#M9Av~) zvOs-8IO^Ow9f%2f9>5|f=kb7Hfs>DyBD`J1ga|)Ea^t*m<>{C*9jm6k?}68fH(rcgw^o>`w$p-e(gF#Aal}AXv|Jvvc*pp=;AVY}O5?Wo7iUpD zzY1!Y={aj$-0{BajeoaeE}U?#r77E4kNhfu#V+@V6VjwJM`!qz`B<~7eJ+N5m+>*g zj92{6cYhPrcq^hI?$zCLHkSwdp4;fwjt5gc)!?8JnyhYFxy->RRDSq*d0II=DUx5MN9&f#Ehv}_py4Sx1-G;QB%?iZ z>Sq%({1WK@^lsLf@qs3xH5FU)VntIuVl!|!OUBP^hyuP>lx z@X5*2)y7{}%S~L-_LB?Tc`x+yroaMRkmOB6f612GnHVl)zd<6PKr#8A=dOc zFZZ@QY%D!8hu#pbwXWPBxbyuhjrWqoY}A~>H#}X&gT_vT`O&w@kljwm?lxpcG|!T8 zOBgEx>>>_%hQj6t!k*l~yPSY87X=mI;y$-4DMms?NkIXtlYF(*FK;0o-<0_oOh4Xr zz(!osMeo1RQ^@Illy(?az>=XN5-QYL9g;!X!`rwCMdzX2`=%M69UZz%WQ_y&doIBp z?VXKXdW7{g=g04J4w0^?ScwPcvtfZJSQONqql)ahE9g(S;W+-Dti|ZIC!?t<=qS*% z_%Jz|(2^U6iO|np%I^joaNs`M>GHG4PAT;6q(vL?_=uC;y&*#AF>*tZUeinR*Wd~@ zkNyF-(mgKa8-sFzqe1s>KOvyEyIXX%--9LhPEqKBv{l`agb^3_hPPl0>m^|6+ts#E zj)))^xMb@1T}7OB<#s%C^LYH5-Iv{)Fj0~&s4GCuG)#||CEKs7hsKRA&-})IZ+7Gm zQ2Y1S;e@7?1sW@Zh8s{8cbGnsb%UdzO|8b*MOPvNdDy0AEg0m7}Rux!*p6t&CuUUo%JS zn_OvB)aO$Tjz*FqX^`I@&7n1#<1lTV!jB})PFM?4B|)6~elEHQ>s|5G8uag&g#kftkJmP9`o zlt#Nm9%A}5p>VPdS^#S}GK$u2wVbs7y;l*73e6?bodG)}MgEOtOlD47dUPa0KjLC( zJ)lR^9-d($)-~nX!$F56OREawrcLv%H%6bGIdW4Lxk&^`)$2=X@Vtc&etA&axMV@3 zrjvI6D9<(WT?IXNUR^+p!F0^7r8W|AQG3EBJ3|9;>PNbg>=z$F`fG&~2wcOMWAA1A9~nxlKV+jbN)PS@jD*fQ?0rkh*K9@)k08d`dnEMZyM9E2sA&v; ziVWcG56glUwS?lH+8?2m7v@++z{1QmwsOPH*T1cjH3-`M;TyBFy zu%^2xWp+V4;-I}jziSLCCTT+H(wWJ}_yu(Nkv#`}L!|KUpW&QtBx-3O(AwE^!0^XRhR^*FE4X)M zEVP^?4>O4@g6V|P0n3^_YlSvR1UDq|%wo|!yNQk)9`0?S{>63HzCArQAY@49(Vk!&a z8@+HVX_bnzl1=dX`ItI!S9YzhQ0PEx%9?tpWVL08Mo!pI^$nhrXZ7rx)O7i7eFv9I z)}HsS(OfICC%@(-7uX^g=FvfuVF`2d`};6yj#ku5OGYYHNPQK6#`CLat9gnYRYA{= zbTd-GLS0OQzYN3gO=D>M-H|_GO-!a@>)Y)-5iHXjflu+`wjNDk1}2*mn^S~ms zAe0NM5pJj3FF4reC^oPu4<+XwgsSlMxeU5HAPsHFq!3 zQE!+UzFk#$w7V=58mE)m>1}hd_NAF_y~|2|Q#*$ZhNp~q$egew5J!QAVa9g zQug|XO)u5(xmVmJ;Q@RkMQ4kXt!^w5E3@S@%yB;n4}%{A?b;0IzD|wp|7Peez@+`u z6341aM}2vr&awt7?}|XK&5uf4Dw%&|xOR^m31#Gq3Gz}HR*fA8m*m>K$w$*Ppp^bg z5=fKly?YXYeor?EeZWeIlsmCfzHk2l7I*$aQ5Kh^y*OjaNkfoU0sL1DC z_N3r&<->&%hMGNnAl5PyNz?cZc|}<>N^c+}bzVdVp$v;K!oIbcKJ*juyRUum{_V>= zV94+AV~|~L0Xu4uM}5ulxaQR$o%xYV$4~Bq;~MVS9@rQ(~)VFAh(?m5`4Vd%8F3o z!A5()%6GKjQ4gwP)!J$R5Q(5c88O3k`@`(;113pwe*eq>1>F6X+#rBiDK>S0MxGAY zENS)(64@OpkV@HY5g{1oAXR}R6!3Vxs{RbbR@7nfLhk=8W0`+$%3x(BuEv(<3;<=ZiU5x}t&8{JTW~xUW;D0f8 zfc^fxfyd=#$-J~?sIJ@!_z9mJ7{L}QbAVr+oLro(m`>k6&zBtkN!cx|YFqscJH07Z zJ|2&{l#G=s$?|3A%wqo1#L|m!_qQ_Ll!7vuq{Oc&l;wp>he26MXqpuhC}u`=sg4a* z>JC_6N>yjQ42*chQKUe011V!46rN9+&>K?5BezP_1yLCxqpne>RU2Pvzqb{2G=rIh zG|f3Ym-LuSkL~B?^!#ZzlPFWjEwO91vEB~s2-ehVpdm>ZoJJNGt^HUD6ehy533C==KJVpGppN%W`fra@_xcpgX{PH)@d3lFiqZCL(U+Qmgl6W-xy}auuvI0may1rG|Ao0pZ3X{N4NP(AMT<+4W&b^3V>Q?$Bw21`(yP;v4RKBM za%omj{99H{5~k!#U_a^FP1xhdieOd;W{jj@~pD)FK|nW zu)#Z8x!6wRBs?QD7jqPAajky3az#nz$;nDhH_WS5WWYfEUVgWbj#BJ5xXQ?e31d9nJe=cvE4`Q2#z4qjd5obFMY!@lBWHNr34VjO zy$xNuYvB~vy8!3k@!Ro*zBfa4_zRFw-D4}??UoGuvvdZw<(w|Sbx>d4=PMo%@z3## z8+%CI-eO9@2hk_EjV*7#4~XvP?@p#zXl?b>ekqAEl6p^gg8;S^@@%n zm6}A&O0L)SG}`fpna^}W9u8Z#Oq%`AJ%aVw4?*O&alO5_yXCth44LLNpRqv!#|rBazB|rG-M}w1HXEBwnTKmMc|{(&M}o%hs1}a_@`v;gqPV* z!rQ9do2rNoDZumdSKCKWkl)h(`2gWRTEzafwh8@3-r(NzcDxs(!u9C+>Dml?@>k7= zqt9=bwfD1Zk>O2+3_Z>oelG1QXD3y0L?A&0v7Fr^v#mhYlMKmHL)wT1IX^<+9jjhu z-AKfXU#Ktdzg1tqR)$xMZP(y*z+??*@Na7((X9FxVqN9efh2EcW{Mldy19KDTUH0z z6Z-uFLU;D5<|(MJ`kRlRNokOwr4AWCPWPwsD2g=~5#1so>* zzgdEOXo`HnH3_g&<+8j~^RPGnpqpsBR(Og&wshsC`+};Gc>B}l#=N%9pO0uuG6n@Z z2|03zm~QoPgV&HuButvo7!y7-aAr@ZT}`-TtvAb*=(7_#)1N!ktBtMUoN}@5r|zD< zS5W$~wnS3#`}sOr0-}YUptojD8iwkll_ zA)IcBRh6p1bkM9abW#tL=F|?>SZkFDT%Q><>g`1JaqqLryTzJgNkH0)v)aODlc6NL zeTJSYeD*SWJlQAtrX+;~Zyp(wH0xkGlNv1Q|Ja-s7Ywf7`?(Hj*e$T=d4QarPlIPP zW|iqH=gM&Uc;2@u5m1w7Z}>?N(UQ?U8yf0cy%6BGr`3w6Qc>VlZfIW&S5KP?g|(oW zGrAt*b(IzOvh{Q(`?;EKLM|3urQg-0mNN!<pM!BkyWSgmnd38jbqESlnlZOCo?RUzUAM2=<^B0rpI%vwQERc8=F6DsWBH`*EPn!asjW&Bikv(+Y&;>benVaQ*moV;j zYWY#!o+&rQ;by=$NU1V;ri&|pto@~RvD7TRSZC9gI2W-+`9y<&G;r@@=P8UOu%Nj1 zxNKHmmuvpmhmta-%o>@ovp&H;MS4R;Z5t9*O@S-e;hgbod19x^tx{Ji+{5U=c7>in z@v=5sM8LMQfnD}Vc}m&jt!&+|cFJG+`w~fGY?K*kRMl0KS#4EWLndFM^v^ECBeJ~5 z?ZZql8Wn%=CkCG1`(0mm{0__K*`^kHyP6dir*xm>-?8FvNcpoi>3!U}Qrn2+^EUMv zT>kJE6-ZmeG^@F5Q)aj9TAjm4BEuq!p2W z*cK%Sb5{xq+)H^dApdDm#&KVx&6-ov1uGpAw3lg+Jj| zc^NtqkWSa27E%9fJ@zZ##*-e5aM2Uc zaEX3Rw6~-y5ie5YS0Jp!SXjZ(z`i>e0&K}SK_yLq+4m2i`U7^&>w+m$CU0&9(LTbw zR@r{)J&koQgk2FsiTnuLKV}}0B958%X**u>mH50TImD47%Xntg2sm@g9@Msv+^WnG z^-q4Y~+a)Fp`@j*_mJV z)WpmD80{Iek90qI*fgJP>i@{?`-~%W&q}M^Z+4Sim?h+GEju(Awi>Ya<+Bl8h{r&# zlnA&TITczn-)&6dUK~ZwLOqA=y?CWR3VcCc#axjA_lg(l1O^uNiqGv(Ik;iBcA#!- zB3@jCHQe2WmPPB$FBdqcjokf~3jAEyD?GPD;oyeVDu}v~i&*);-NnR3Z2)W(-|-L0 zCISFp`yNNo(V+wBGoT|*_a8uhX99p%fGgT7$>8o{{Ertc1DM}CFlNI2lXouM-yl>Z zMo4PQ!;-qB-IbvDI&TcmF~d-C_tp+#1!vT!yDHUX-5kely?~arNMd_OpfvxoPXP>1;R3zYxLr2hHR_ zYVE8VLw#I?UzEzj9!;U|o&^u<9{w4;2ILq^ntYYgYc@S-1?>B^z&%c1jplfASaZzVVY|FsqAp@PtD)R;+bv0v%k zTFk#1-9kgWezacYPQO&yS4_0;fRS+kioQ}fIr-}ja4jl-z)P5;vBhe0Gtk|wtLz%m z)<2BJgg0|ynp87m>n8gbTTpsxN$aa;u@T@l){__RtF)n-VdVC8#Y_S$Ha)63zxN`S zZ%J)h>i^?I9e=Bnp+@nKF1EWA*>PxbgAxTQO-H?uCVr%wbyV8SP1o3D{_Ya!`Ie(= zXiD;jn4s{+JeYr~!|@Tui5{+o0Awu@0QQFe`DpGpp}QQ~-GK8w=o>y@|3_}j7CzLt z25R5ESrs>3DoAa7{E)CXrZhV99^_cA@W<{GByqLEE)(>lRTsuf)=xwMmvab&Kwf}{ z#sr`x^|h|jhk>-8-PQxDoepGQX()Tg%V}R@k+Oh6ax$qJhM+!U1Qmq6S2EsRH9i}W zB~EQr_U5zlDn(ai(1K#9DB3mxc`ibX065EdgXd2c<}x;V#=J{9dOF#EYDI~d^4v;z zwQJz-N5dW9>fYoL{Qq6XTmymA8OHp3y!wa^a3d9*dPo^>8d9I`SuQTaBF0nyx$U8s z1(gagh^DMhxMw0snb>v(2^)`SKNjToxHupJpUbtEvuQ)AR7LoxNZ8In@@P$-ucWNF3#P3`mc?Q znCOYkMMZggX1~dNu;dp$M2hJ3KW}<+F;72SQtRFnq1SwA#1OKT{-tlLG?6`)E<*>F zFEjv8@tO;$eAps!_dwPR=4%ssGCrUfQzqIM@O{sN#Cm{Vr+D`Cls;f#&6pN5eO5V5 zE$a$1y#0;MAhetID`=Dc7$J`5r|r%LQU|W;vc_n6tReXvvJrkUz_+W{ZPx7n=J z9ugvF!W4Z(p>p~-jPFg#DcAQu%{WH7cT=Kn8|UsOj}cJI>hcL>=+k&|e}8x%k07j_ z?HBTc&+oHQWWGgxJ=VJSsduq!{g?Nhb|#wCBAhID;L)&B&a?Bn${{1~G>&)PM>0Eu zT$`BEUiz4GCI*0V-ffSTYongcdBa=UJ@PP4-4Eb!5~7+lP-A0f(b2yr2Lz|Il%zAC)cv>i_v&5QU zYka5&p&gsTSf;xSOf+P>z|j06V7`1}I}InGA$?#|$q52} zHN~)whw)*BfV;p)otQfGlcodTkV=VhGqMy&{t<^BOjqNxpjypWtpGs{$A<9d74uaN z{*}LjcY_PqfwtWkm$aNNoL`%-oi|meyevI z2!Bsl7q^92I9B`1w)D-HHNRyr96Lla3Y05CJN&`b){-BW zS=xFwHkE25o%NF8CJWlDd+fCGn?!?ul(0Xy0|BE$RJWY_ZR^i41!%g+ZXd%na_Mg< z@cUaRUmid~sec8$!Pc)Aa8c?_t9;;n<$$-FUdbIjW}Vm5Kt{OQb##h#5zpZgT|L?0XHh7 zu0OEdfq#Xc0P)kSj;Ghz)c~*NxE8qL5c6_|cP)_>RsE8z+am!IzcSStxm0@D#vg5$u@LC!rjmhmGv z?!Q^`>IJq+WF^^Q^|bip?8ua}$hXlHkwp0T5H7z*;A&ipXVhW-sh*U6k*_h2Bx72z zs_$X*j%^Zn8xAKh4(!7${Q;2I+7sxC{(lH_2UtagGo3jyVCxxUZtVRSzPa7ih9OUG z@|Rbm>c#h{m2NSbXDxvI?KK!A#5@iRzzTO?OC^p4e6N@hzhYjSvB z0;%el_=E8Tu$mudt}s9`uehAXtP~T8fERYw$yp!LiYxeDz4?F5+` z14H{EzKw* z1KDEFvG9I}B(JZVne2T@IRhkksd##w9yiqXI2Rr_*+#x>U&4I%YBLiO z>d6-~32Koa>)b9?|JXv)OAzMBeV#wf@#_9@f@ow^k?y&wpY7zI2{H9)(9=^81cnDK zW1GuoWLv)c$qmWsL=~Ru;5DSZqKS z;Crnw*w0~k$KZe5$i5#nY^{6wbNNJONzISbZ0Qazw`XUE_xAGen9YmmBS&;c&ll0l zUpRpDySFb<_jiXO&)e8(>JbP&_Va17`g)v&F<0t(!g}j6$hzx0<`S-vN<>5v6@1Kc z_4Ndr2x|DhR4At&nQT*BWmXiex*f@AtJx8%)#&dd@h4<#NlC0x%zjW~5mX@BWqhST z7PesLx++KMav}-Z_JS^@szltYeyOjTTkgEOn>rWCd>*FJ!P{rO$xduhs_=XPEm8a}u zn~fil`}yPYnSuQ(lO#Kf&qV)MMH~uu!LoxJ_k5UFFqu`c&2X#~9+oQIvOsIB`qY~B8MSGzS9HP^AvXAV9BrrNHmld(;X9gaBoejG%(#$d%ZK`GUs8SYwv1}!Uh(xs zQMB+Qih0$feJAH8KD1XAL&5Pjd#Qm;NE zO#LuYLr1OC;EbFxD6y`_^L`gRn;^SruD5>N%M|P8rT5tbj-MQ%uLG~@zC-F1*;xir zlNPriSH8NL{lAUhsSM8Tj_lr|1w65d(iOS%S(<=?>=}kVtyoy#8C8`Dr`a2q3(N{_ zTIugmnk1|QN#s)Yl4dNzH$xisDHgm^MIw>ph=a^LOlqEatMESa=|r6YqetV6To}K1KMa^CazR4u+7+>Jd23M-ofelBo!IjP(zCCQ~ioTy{ ze3eS6EzZTRZp|QIbMQ^{#kd*96-@eFqvTkdU1EpGtY|pHT$TD!!4bXA(7pNo-OgWq zVS}kpN|7Pc#+3WCdsK<=kGk$Q>}V??FDSpO(-ekq?2)~`D{w63Qb2CRu)8BUs=n3s ztITv$b82Mp(1ks|y=tOA&AHKY$r_{au|D-(Ok(kLqX&I8#KA@#Fdaqz#jHHY%_YlZ zL|_>c!ZC1|F)F*HWhVaK$!86Czpvb_BbOu*B)jT~TOE8sStv?@&QQCgzD4n-SVrns z3JL=)F*eS;U;f2%tg8Hixt1~a1GABqE2Wr2@`j>hri;9#hkH7W1VWzB?P|h16{+w?zC51I) zB4@_yyQIIj%hX_AeSkSCydOQneUw9f5{Bl%H%lt-r2@&>o7K$n;~iEasaYog2x_q{UZ@n$8&Ez*#3Q;2(-Qccz%7staMH+>ZP1Ma!ZPKJG$1Cq{6DSJZs1U>m z#owhVQHjqmO%yxM&nWsO_CXw8Q*G5Yqn&$=toW9-aAM6L8`Mfs=>Yb@a+j(BMLa_e z0p}@(=WdDKDYawxGC}!{M*+Lr4CX4np+S$zo9#u3YXG3wW(<81}_?kw(sAsDvg0z5;_gj2VIxxPktwuWq!5%Ks%IDio= zZkYaLgp`UkMC;FGX4mu-(zANDDk2{IYY|hwDH@59C{#^N&T8w4(IhhG{u(pA~at$jI zC8;@Ju4_CFM9%O2!YI>5hM22Kr2H_8^Qs=G{_tkHz_E9DOH9_V*y#@EPgT)WWBYH< z(bOV8#-qEv)=jv-03ipC2pthtyGHU09hZiDpl?_2lxAzRU-opT z#F3a+1pbJ?NjIBlnp6ne}2Gcnl5(Qu0oSY0?^bdbytRC}GH|Xv1Xw*{17VQ^2 z$n$?~gV?t{p)J#xh@XN&cZz2)F+bj9x3+%qW;7Urhkcm&D#;(=v{+KE3k#(0DD#Ez zEKN8WT=5CUz`a6>bxDq0-~{`XJl!rW@9oG(Vtk+=n$zn*kgvRXDqg&f;*@-E1mHrX zW3Li~r52y4({=%pJM3>853{05YG>e)5g+N`&QjH{+nhb+5Hs*Dby3(kD4%yuI3mL& zD6z^1T45k1NDO7=p8%jGo-d;V?sN68J+`AWK*xHud{iBBR^aa4ZuuY;fd5i-UT6eJ za)1FYhh1Pt&A1O1_jRaQ*5|bBz!csT3f` za)(}@DyyN?opzY+HKaJLf~m~g+BQe13O%6IkjZBNR=5oKrmSoLXZ~95Nt&7A%?g|g z6cRGw431dDhOM=~Zd4&>fH_zEx))mw=nF)Wc^8n75OO^N)U_9%8a%8fIF`Mx>|~{+ zIu*sUHjbcWWg8I564OsVuN!n;<8sG#1wN;4zXmZ?X#pBcU(5mYuhcApA&J@11=+PJ z`hU&9m3R~s=fr&BuOi4f&v=bor&VA@9p>fK4p8c@03qEl-xL91;CZRD!|_J98+Kqr zfg{0d4V)YUgpZQvukh^|P+u@U11(PSdEc8!@Wc0AzYbeWnq7By8$npH03!AqA;7xQ z>wQ=A&LIV6D;v#-?j7(;GHe3gZroe=rsTI`LTc18R{;Ij6RV&{7~tNyy8-y58e{J^ zh`zS~Ha*~6O#y`?C>R5Mp&p%H;-^?1Vk2z@AdXKXU1Rgt2NrSmh&?EP{r#Kj!L|;Ev4APP5{M`f{aXy-_}@2sxAd{SWI11bhV30pB(u;8X$~U?Os~w-o;0 z?=SD*7_24vV_gDubR_1`6^@837Ak{QBysfei5%LT%`iU;|v0 zeR9_+e5pbkfXxa64++3_U9~-+C41frMw*2@x+Oe^?P*=0+7a4MpH7$;IBXmhDXwkjd+yXukhv zu6c!$Rln~!T(*p}4Y3(6_<4P%+;xq! z)mB_7LG@<{!RHHe5^r7FYAP%vRiB!#K6Tz*_Fzc^sm55tmA-&+xnB9Q^O>jhw}bB+ ziLAaDtJ`|k#XGDAk1oSZ-U?NmT|XTWUjIk`O+^&yWs9k1w710So-Sj7Y0(?ln7`80 zsAAxg4%VesYr+xLp~-Aad)jE5`sv>3?WeL`vj=$<_Mx1WWt>CY&(bq(KaB?n{!XZ7 zUF)&FDHIgOQZb^7$nvB+8Ckot6N);IIcalmD0D4qWu0DBSjr7Z1~>K5#k#%SLx^>| yS<#o{3a;rT9k^w=C&caH3&lh$&mMEsyB27xQd3y~s9#n10H#FP72FCu-2VehN>3pG diff --git a/assets/haproxy/haproxy-1.12.500+up1.12.5.tgz b/assets/haproxy/haproxy-1.12.500+up1.12.5.tgz deleted file mode 100644 index 19b41e1c2ed10ec46c419895c7506187f4a0612c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 12587 zcmV+`G1SfDc zVQyr3R8em|NM&qo0PKBhbK5ww=ziv}z)^N<;%rDg{FmMuh%;|IFSGC^?Jqs_6G;Ozx5A#M+e78gX8_fzxDcqqvNB$f!_8}DW{lmNdMN` zxUFL6zLEsPkZ{N`3E9vBz=a(8WahY#b00aFbX`O_o?_$;K?Ere5v?pnk&hrlb_fGB z1bS9kFv9;vlwlGM!FAt)QI!7KcMhEc%R|hiIN~zv1pJ8n0Jvf*f+?Zk$CHr&1AdAp zh=zzG2F}A7MT~({5^_p>A5m*gWRsjnY}oD2FrUX0$0b2mW5JO-@6M4Q*b*}9a*9wl zfQ%#By-GpbSb?^%E07WJhTZPX&5fhsIE2o+IGA-cTBjrk;t=!2nTJIOJ|6X=TPF%< z))iXZ5bCj^WrGB&of1VfnUdkV|9#PS`U9tD_r9|Nh(iu>h^VZJ0*L(~2!c8C<`evX z6FgiJSO6$Wzac0gi)Wu=!e;+Sy+PE?_+ns-HL9AdY!+AADh5%7~L zVdY1fk(jzjqFpl*6%@bDCPjbX9QJzuj3f2adg%4>S5FE5zlMH{*!>8A8vcLO@9h`( z|9*e}xaI%5NN&nU1^XWn?-gb=mJIo2?9C7t*#MvrPJA>3Q|L2f0RX2{ELh(VeEuT- zj5%R0^l>;d%X?V`00MaX4n;n8Asd20Pvzmz$dg$d(i!5XqxbJQ_VFK5G>s5-QOMy8 z4Z-)Krc1&pp6SL#7bMdh5vtLZ%v%)&nje9KgMIlYZ#f;-{b{@bP8pXap&O<`CoWc`2V?*%a zKgr*xBo#tN?pb)9`};MVAfIUrWX`{d9|!0Si9?<%sq&L7EKpG$jbh(V5I>(@5I&-a zp^(du6h(w#PUs>PGRwq=nl`f``0n#(;3!S@Bvm!QmoMKX?VeKPp^#(f>k*D1V?tD? z6cG*2Fyo@xG%IF^DsiW?bjzncWX#CKyhOVz9C}0W3PnCy1gdX7o+5YQisdAU=i_S> zBF09POf+St5c@Gjmvf5PocP`ls0k;Uz|en%e7G1RmxLZ0f}ZXPpASKIj-b!yf2b@( zG4axJeO*va!G7;RtvBY*k?7fvmzN`z5xXv8%xJr>D2xL{VxEB$sFT?&UGqM=M*a}s za7t7KD!7EJd#UJ`u^W*^JTyi=ayg;8R7AWJLnBQybF(d?m{80YlKdAEZl@#i^1;vdtN*YPNh|mxu6v)Qt4G9H@TsqTH=tTsF2{LvvK?B4oc9YiCWK3Jnrelh9 znc)kiiO12(<)UT$X6t3^%Y|_YIhrM!3r94-p`77AQ0SsjzWpPCC?`Im$s&+L!bwDY zGFyxz!8uMzD4^m@?!{q5@iq3*EE^Cl>|a9n3WeTq8%k7Jhw87TLm6rl_`WA|i|eu| z`|l#YufAu_%%u({T}_0EB7zMA??|m28iyzBJwtQ|jt&p^4>FVaGwmOhnQ3GaT7NllUD=c@;8FxRN@>6Dyo=<-jYYTgxL8#jyfCfk1iI4nV>VvK zu7I1N4n6c1rcE29WdF}m5c!ZJ*1dRpc{X9<|KOm%-|qi+ks6s; z!5lI$K`2Zl?KJlN1;8QW(D#w&Se8*(iU{DzEf4YlW<$^s8?%2a6H~SYaAZj*6BXdg zm*MBnfJgrF(j3l!1HOFeIMy#DrpAr}UnQg5<%{+1<;kfK^>aeCWEL%Io~-I4pDi!x zVP+N$y)R#qMyqIMY*fE|$&Hfw;<)0I0L%~voGcwG1CZ=4BOriR2(XwUQ7>i)Fc=_1 z;D9NiRx+CsF>2y%>8+a5xj_J<2zdZfG)%gLeqTD0oorLx0h$O@DEHv+S7`AZ{9T$f z!SF>Dgq-ptY76aH$+XX(B>axO6NeR3oC1TM^RKuIh(skVTKE=@meG&6?hpd0AJt52fO!us54giyE3za2Jy$geQrH{!@$Fj~t;6jGf zh%87fm=1`U7|bB{IZirh3J4TlV@g87aGsZWU!I>DOi+jdHRhOGa%|?=DJPMZcCdue zI+pb>LP0<%0_YY7k&l>!7e}I54{`)N;>H3c+1PUs$=MFBF~eL5$X=?9_@Ga!m$Gw!Wj}}Dq6KOs&yp>*{%;zG({AJZvDY<8E&q# zIUHpx(v}V)NMV3DqHMFaCO(-|w$(M}MBrJLbwB&8vi|>Zj{FEw=J04sM}e#L|9*eJ zSM>il92~Xhe>+K^KX;#5rzBcXJezYc==J|Qb-TDk?mQ$unPJ4h>({52^%}b_|L-~xn%OQy-^n1Lzw1$%Q*!~qt( zFo=8%Ll-GY#xv+r<(B}+MCc*_0+&P!q4gW30OVG73aHo)lvqj+4qugG-Ph-*XBXo$ zd*Jje>wV}e3I2PGDe}N%0bnFeK@%SVAKm~$0i02UJi&T#2yQ6mIGjBPj7<3rq{#9x z;}lO~o+D6#mD1hQ0#Y)7&dC^@k2~Py$@qNy-1_ z^zFr~^UL$M7h~}DU*P287x2^h#jEE4VLlgf={Az0iioXOu zT~KIp9-871fliqXI-*)9)m{^wP@m-qnV#ydqGWP<1O5b@#-R(2_T^6;jN|DP--3>v z0TcS8ouYaw_hA60ZK$p6?=keHmy;NE*$Kz`87b(pJQr<<4vCGh3*~Ny1jyVs%dSr` z@;xTi2}wUSUF1A}I$21vyt){RvV!DdIQAUtdLFXUL{s-$6ps9A(nR3g1=cb}D#$pj^UnnuYa-8*~QKjUeSF^E}6*^0MW)fcg zP8j!}(grRzN}YdpK<8uU4y)`ebj5BBhRPU}c^&}40K-|cE)?pfJL9A;pMUMZn9td- zogw)AYv&)y50NQ;s;nv2vai>TcFL5j$#9fxM%Eb$Z2^E~qxW|gie))N;ps_L9ovN+uzz%D zR0u_dj8IN_y;N+yv+9U)-QpO}Lgbx_3;{L7zWl#vO`s*JaGyDDVssEy9a-F@nJ99F z7Dkbuq=FQ)B;vY=35K7UTf{3#AyKlbW4 zyR)|pwCrP%>lGU5=pUU%K~hHnq`5NLlW4asJ2_FYUM^Bf zNX1#|y=uFN!2hHs$N%mAkFFw3zW=MNY(lNhbMfz3&a~=S?-`;@+L0qluCY>7NTPBI zv|uQ9RX%nxPwVnIT7Vmvv8!tg!KVswpLauZOn0+SjRrCgUA?ZzHwR7n)zM`#A+J-^QjhiY=H=W^xW8YM5V}iE3GSEbDfbo}nx`LD4>t zPGamYueISn*mKZP2Obj8=FD=Oa{ya|N#s4pE-JU(>+{F*xu|Yn!|gh_#=%gYOir}yYD`>(59$SLvBmac=;_`Ltx`(3U!Y)>l~G5g%FR5p?R5kg%#c@uVCRw4b>0W{)B# zt0P)%1~dl{$n#r=&AZaXR$p6N;?nA6EYvZlXHS&r3aQgc`Uj*EU%MZ zwp?;q#?puOHh>ZSfs#0q)Uy-+Si>9E))%n?C|%j@%;8-ArBwlz`jkj*RF}L)SuwF& z5x=hyooK)_#N~f|%+!w?q1;y>g>E?t<)rPXjFO8(1=@OOG%o31UFG#*X3FDy^f1U} z=ooFskq0@-sY;vh|CRE8fZP>Qt`4$H}U_ z-&iPa7r@A?iw$AOvi7D|EKRKkMiI-b7ini()#vf5KFZ;3net&oyQ$Sc%(AH(a$vTh zRgvUQq>R=Ay?i7bWz!!gk!g&WKkta|<8by~8U5vzN;4<90vW*D_aVH7*jHitWT2ZQ zDvAyq!`=C7W2S6vuH0qR68IXo+(py;gx)Hmcbj0VXGM^x(w~R39;1Ccp0y)3{bfi zI_rULG^VBKP#HoMfupK%sDx1(SvLz9Y20~Vm%rK7D1-$rmW1!Rmv}72Rz^m6uvN`v zVZ`#NLONr^s`Djt+814(^}T?qix#V@vBIoVqhQ;K*E3_jZQQweu}mB5E?J$++e_ES zR@z=UT~_#qS6OCq(=NHHD%bp_oL(Qb1$swJKiRd#*5v|G|h zbJA3V!A?>+w(JttVS;dqwTj5iIgfroytr6YyrCuy$XiThvZfTNtzSv8B)V-A2&!xm zMrFj^Cg3V67GXzCwq=EGR&UC5Z%d(j8}++Ts|d9i__qnne4RYRs`%jRPR=}x`lDPtoSmL6E3kKOT}nKljG6J>AkfpH=9khy)?3Val4`r?igBLr;M;JkSL^` zI_;_u#oR2r+&-CB0)K)~8z}pOru(P#os*)Tmpp$`!bBY;c2ta*ju9#0vN8xu3TZE~ zy;mEmGDMur&|2(=rkgg!tTfwZ@amv7-V>}ii87zn$ydBKAKclLn5DLAh+4*NJH#!+ zy(5tuo!%54JgOX+wW*lFYeGY#b!W-R(7NO^K&}Lsr`#InPv*N$S@~=I&{L7_cbtZ6 z%)sTOyUV;=>wvC`Vnz&^W%i^>B}IpZZ0lywK*t%K$LIan6nl?R}cba_t5Rc8n~ z5kGxY1^1}3X=Lx`=AGbZ`aJHkGuG_QS5+ft+IY+tDOMR>l9!HkFLJj_mY7)%D!Sj^ z)oAZ(?BuS-Y6IeuhmTEj;{}=?pEo=dc#~?KK9K+G`B$HHP*YLwk*(y~fa9V`#52e6!aW3`MMr zuKHY|G`3e5+A9q06^8Z-Lwkjxy~5C5VF2wFhV}}>J*AcYfAa`#;|a(b|Ns5Ne1X%fO@Dk^(oU>q7qAPy79!5<05e+UWa zkBE1oiy_*25k6io!o)*Kj?|?*d`WE-RUV=uzvLwsm4>KA^ zqDzz5o89dOXr2DoJM0zie+>Hl{Z{|mMQZPVwEExu-2WUA?^Vh?UMl9HG`pf=r|$T5 zuluG>S5dvy=N`X4x88inzgv-NR=Kw z=Ohx>fqpcH1$?0IlN;oXC=py!?plW6JCC?mh<5emnCCPOISx?r_jgI(APor3;EU{0EHa-a)PjJ%#ecDk`3JS`E~WTM{dF! zNWGKMxz17786ScBL7N^pt=|8|zQ0M}N1f{8KMoF$%kiI%+x_1zQoH|a_kZ_e|6dt@ zVpRah*2@2AcRN+FIo0Mv=^Vc?5?aaFImIva^e99CDc@v&XmaG@_!epmH(~$e^C2x(RwOt!#a`~6n_?>+1TY!Czx06p78MsLk#~ZgyYvW_Kkx+mzyL+azZk@*>4W-r58=0d14sCfs$% zoyTW=Y8TsGPVBX#QLm0dosm2r{Idy3%VDY$l7%_WSSCsF`|>X5ucK{AL%Q43Myuxn zLsDBk$pwNcWY*1xN*FnEBr@@QwDO6Hq6j@7HCKnsI@LOnooQi9!mQ-fht6vPy_e7z z^rfA>hB};4N9r;{SI*@veN1F2h)%O-2&(Fj}Uy#{63I@=h)ArE2J-iqv&K zsfqmuDl6EX%|LbMKmA_u{m*`H(4PP7B(?UR*8Z~v`;QSWG;caj4uXouJVo0%sF1ie!dGEO1Ry@UgXSxQ zdG$-5g~w6L4l~WbB;D>9PBWbx-ulVVj`?P2r_ge<=PH}OBw7+jt6vkX;{m&UEUhSr zxBp<8kif;$x3vY-iUT~6xKK+&$&G)Y&_$#C`@=`QMxFnQKHs)+s^9-_{s>&%`Onc| z`Toz~pxyuPBDL?owfp}q-~Vl}|69{su!D!+T06ow@eW+wFfV%+ZpEB#{50Gu7|oxD zTLI;9JQ24cf~&4N)PjB-PsMGH=I)-0tJnWFe*~mP|2ya%7304Q4i4J;-#ba|`A@6= zJ!t%w^;E(3ZH;e8H{6y|*FLq;KDE*8A%)z78s@_g?Mo3~y`{5FRjFS8-#iF(-Tl9V z<9^Zpd(U+~^zGx@(+5a>Gje{^_M^#AT3 zw(@@`sg?h&{QnEe|GS5WZq*Gf6%V{H_4dKy5gVYPj(%4GeAPojU%asFzcDaZX)ZMGl5su zGlvI}_3ZyyPr$z+#Uy6n{M8w=oQRU&kjpIxdkA(_IZA%}8u?YS{@ptb+)Bs~HD^+D_V|9L7OAQ^VMGtB4lL`GuN^MfOI-YshvT?%iy z0TlcGE@TXG)|K%NSW?fvK@*?Mh&|}{ZV&$3iNYD^==M5$mi6RGy4(0Eg$~XYba0x6 zoUp8u5a>oh7KuVA)zGY&9Qgx2ha6B6i%hOwGXhge0zhKUu!q2c#5A#42-c@nJto-^ z4yCTEKReBE6gwLEw{oeJKn2T^pfo+S$7QT;ojaEG3UP>qPU{gjmj0fSJGw9g6QQ=p zp=VpO8paMDhAljXx-g&EbGMc zuz&>pd{2NU`@!;v;}CqvoUZ{zQ$$hdqPxsAP7z9`TCP)ja`S;h6_f*ffOIB5vd!9? z_+(Pqo)I9~2|PiRCr`k+$ns)W6tFBQC8gpGCWLUtDU8IPDxF8=_COY9uj@e+kdPrR zH;LdwHtSSJhTU#XsoqQHam<9kmJ{ViDj5#~URI+fTz0V9g!&X-}1m}S}K zMDIKO!9Oh<2!LSV{P#a)hhL(pnA&1PKS47bDmY`r<0!u(wTVy=1%cmV>|PYEz^79y+ z`H*q!u5RImIWT~KkWc}?V%I$~5U@Kg^dwO=Ai+!T+%Nb-@KOin! zl-5SBCaO>x#pbbkp(0=X^8_nE3EUIUQ?pVnHHso)S#LvEP0KmFM(VS!hP>whdY)`t zlm(E1De--B!-kgi>C-2dgpByenk$S%3C{xtp8)A{%JLkIDJBv}TjIhD7;)r5js$$o zDHJiJd=X_W>yjiWX1QweOZ2bz1*Xq}g{`Ud%wQH3m?yBZ3Sc#_Q@A~Q_Uz*A<=L}m z&xW85qXBs8qZxD;^6x!mT3Uo0-X<0_CTJ%nQHH8CnTYxJ$+pGMPauL628biNq8F=C z2ftbXC~!u96Jn>-7Kljn;}HKIBZ-NmJB&H8XDCDza%3tNQl{`sp+&z$@eNv38x-dTB0gbEN*q^x-!c#39@qW`B)pG3!9?gMS=%c_Z1K7IPMw{k`& zw5lPcF)uRUI#UQ%Lx!g@zFv&qzB#)*`C&z|Q;IwkatwXuBy@ZcERvs&M*@hYjA#fX zW{3(TU%dI{{rK$N#mSqqhBYI|*bSlHi#NZFPR8S(-@bdLCd-L09}^P-#9yfSDFz?e ziNYoaKpf7x<$V$B zK9MZemd!;zs@OZRy+)+o-vX(ZEGPv)25fwx8!3zZ0A3-$Vybt?$re{{qoqRS5-Jo_ zBHb&&r}UIT03Igje=@GzI@N+$)7HG3D|9!&NPu!f1$=ykz}Zh@DUyHq=}fREia;RG zD<^`vh5ArVu*53B4j3!lL~Tx8(F6oO=3LAvYd8Yi%!px|LgWT_t>7;&@uZD5+d`1 zSZn$uu=AqBX^cAMsr<8;WODdEN!&hZ-YVvbo-Hv~4}Z(kPJoyTBLqCcSt0`s)5R59 z$Wkr|0+<$1Q79Rg&zDrs^DIIY7!eN`F{-Q&KaNgTG9nJy73|L^JlGKvPieJc_t%hFDWeA*BTL*Vq zq$biYL|aC&6|t#h(Ml;N=1Jid8|!>380>cxnFgB?B?01d6f^KP5<37wE4RZ@TFxfA zTvguQbGZu^EH6JT%pJm~JZ7In7jY;pd}5Li>M09>hM;yj%%w0AXp=}e2SC>)R1Os< zN^*!*#+)Xjbl7~9I<=1ry)c-87>4(fx_a)&UDGcoZ(hrj9?LpmfJ6~tiW{hb2w=F# z7)E$a)S6(=K@huhz;F=B*&9WaKzA+}3MYza2{$0uh*In!xyp>~RNAtf`^pbvA?O(- zd&+AfGz_`18d}z~VBt@sx79N>-NjEUBf&6rfzPxo08IIjieoDc)2bX1l<%G?Gt^;y zF-%5UtulVa`rLX5z7qrV-CckuqGt$F$)mSB()er8PD^+Op1LH6AVrCZE28LHih6Vl z#W*(8$qs-$1!^pUx*fd6NDx>oHe<{M`@1|HWv2{2Ay-6^%k}5lngd^qr_;-UKkWfO=|C>8HHZLNHe2aEb|r9YHmJDYOQHL6L^F;&-V>f zl22U^`G~KJlde>@aDi8763=EhoFzLZbF-8hwxHZMk!dy~nQ{q3a(~?Q5-8g+Cu){0 zVJ5%n!lrSUVl8zHJc+qP{AZy=_)0DJeI|{U=E=3H6GI6V@l5dVHDXEK`%ht_W`K$|Lq+V<9`UY z(4PPABBkf=R@n`}JWD2Y*4>l(&K!XoLVfQ$2Bt!^FfKKkfG`ej#L8SK3ryk`E1&HL zi6GC;(q%j-1_+(OP+#uT+LVv45d}ABB99~0E+pFkvCJ(v=CaiY(J7&Ufd3qjiI5d4 z#MI)sQnvKXQve03dSjHF8jB3W-XOMdDT-%8>4+$1D5Z{(xBSpOQfI-L7X(Tx*+?Cr zclUs_Z-v14rmR@nMN+Wqq*0|IC_6qSlUUQ7A|FftWS4jdOaz;hv~gp#k3!xIfhmGK zrieYyHwIXYITDRP&$FeDi*6%CdE(xsXctj3Mbar)pBxG)?0^$4Pe)ur(Q~=84qZYc zB7_Y~T9l4e%27<}-eSa(4teMr`6QD2&k2R0J6Aizm~j#y%D~N>Bu5JX2LbZ1lw+=o zl%3BwL7c{+t9%l~7)z~t4ylJiava81(lrec;oCBN9q?IkK zGr4LUIPT&f@X!pZP4}7-`S0TFfWTJEP-)<{+CFa*0j$pdw|88;|I-_^{=d6Pbp{1B z33Tv5$dN5?g$zOG?M0{M4PSp+vHnBiAtAmu<^Xl;zh8X+Wzai3ZsULNB-O3|3d7+A z@z97+_3T3K0kiLWz1|S?MgOy$zRKyh+~P5&%JrXI0p48n%Tz1>_m7J4Kl}T=cKz=n ztzQ2Rja{4WJ5{fL%;bTM<^xG2fV;ATdj0>n`2I(K|FB*EyGX0ofBwWARGjmN zM!!uPrj_eo`ATkV2dLHmd*%2a2W|Y1ouoSbUvq%V*JI^dt5p4#3;b15<@#5{E4Oyr z*aOtA|D#@U|KA(5`u|SSTKj)BFLGWV@={p(=t+{phJe#J$zdGwmQ_5?RK5OhIfanU zwzB#gtpEOTasPkVYvun=Qr-Hm@XSgt@YpwV%#n{7Pu#NF<^8p#%Jn}djBmyAuTtIm zAM{G^|Lh;N@_#3(R{u{XgF7!UL`m<*w1MM{odf9#@K0^Z%0kAM_3ft^I!| zX|46Y=?$T(OFR!vfNwliuKy(DcRJjgv4Hj0e}Ayw`v2@Cwd?=ePUiYgZ=h}20k~HG zFZ=%;wD!NnS{r~u=z5ln9wCaL)>+Sp3Pu1&xyAHs$ z^1oM%|9!kaXy5-FTW{ZQEmg1oc?7q0`M<&XKj;_z|Ben0+x`DeQsw!7IuR@Y zlKA2>IB0G+kjnf3hdO{b8-l*dg11@Lp_PSwJsrJ&&#|uq{*4fIQOMy8NpInb`^H;n ze$c4-!*A0Sp?dvq*8#Xz{vVd?|A+1U|J|hK=YJ24X`AjNRj>buMLU%Ly@UOt{6Flq z>whOHBHmbs#~l$LyNlcrfRwQhjbfYbF)dmDTfG2KYyT^r{||b{gVz6NC#lZ=SI>lT z*)Z6$hrdFqUjO=OBl*^oEnjuISNngz{t$>F$%DG`wO%W+FH8vW5ezK=W|YLy z5Ol`s6+kAcvpKo>$l^(Y=0`lu&L53@d0=67pz1MU$+*(4bo$PrbI{S5W`CBy`v5NC ztYa8Q)YFeLLw9s_U26%7Lhni`g2FhkK=Qg?auU-?wX#l{lM3vPIYy;?vv0<`kC%(c z9HPRP$^lt|zWEkuT{p~U=hB`eMy7l}^0{U&v^pvgl@Et3C%e%@v(`G@GauE8!t2DV9BU*Idar9%?t8q@&<>l)!a1rHrie1PNP?Zfd zMS)YJz&L@v7QSltU_7m3V3(}yGJh#QnqnY!CPA)XDb=+rnTzId>+qJUSK+IfL^ce@ zOD*Z^@y07JtJsq9Zp=GbmD5GXL@(|Aq*TG~gV9NhYvbmAp-DYSW7J{{sL3 N|NryS%*X)b0RY7%<0=3E diff --git a/assets/haproxy/haproxy-1.12.500.tgz b/assets/haproxy/haproxy-1.12.500.tgz deleted file mode 100755 index a4248f5cf7c1b2241c98651da05fa9c29fd6f4fd..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 12583 zcmX|o1yCJL7bO}jI0Ojp?h@P{?hXm=9^BpC-8I48A@Fc_4Nmaj5}d~@-@mmx)m2kd z)zx=y_sr=t=bj;rLBxUj?*Qnb7>#Ar*i2;Ex82Q6^nT=)elR=bkM|hnjw*@H&C4FQ zqsBmz#ZQ4lfU>vc=m0}Lkx=zTNQ@_&TZ-G+OMM8EDuH(W@;PppNGf%MrL)XMrlTn^ z2xzM*GpJh;;O9*Q&hNa3fO~|HJ@6g6H$q5B$R4EcZQC2tH+Q|`P}t_DF-~tmG!MSx z`Cj$AqmHVNjf%)wL7b-<%8@)mIE#;Ee?uCLMjuZ#z6{?BgdsK#l3xTD5p_!G|V(jRj39LI59TqE#F|k zAvi)F1_es;?-w|DIyeW7r0RJ%j!(U8)z$y7q=-12xdR3>-pA(GQ>CGRAxK2(%pXn^6%aXjxJP*n0E_V2 zJOM1pIX9|(Z_$GD_JZCt5uwIqWMrFV9W4By6h_d&ClsAx=3f{`#-jios*{q2GMiv{qa z)GF{sP=g;KGWcN8*YH`!ribSk3HGV`S)5^Eu&)paWyYcPIVyBnL*?Y6HpXxdYh~Ek zB2^$>Bj$BO7k;q1$S0F?!%U9v(1G9C_jq&j5FEp$8ZHxV6K9#ru0p4OWB5KQ-#pOE zh9xHXd@?wC^GBr}wfqd5b?dM@0__djO+1pTe5FD`(a?}C`Tc-BI8%lfnm}hlw|_$^ ziD{gP-6<0`$#GrubIJ~}=jD}vS1v_JRulE=V8TPTs|?4BZXf^IJCt%X6Jv>9QeuE} zvfYYjDw?2JZsRZ0=1m1U0VfAL>)Zu$#1_Uc@g(I>K_@v0WuyA-CVaBHPmiC&A{#KN zu@$rE2mKZ14st1YXnVfE+4M)zu>CV6CuJEPr7ju?FD&!vKLX9>Q6AqukuspDD*S5J zGsH_(uiq9>IgRUZq4K`pJ2;RrAFPeR=UlsBMBal+%Cy{pJ2B&tU-^|#nFi$jt1v8j0y+~UH=>T>bYymLrUo# zr{A24i6qzEEtP7*S|N-1?@F8hg9iJodcy?{_7A$H;l+d)*tv*3-0-`~B z=F$ib_0*YhV!}F~V?#@E?Klp!=}Wkramo}p#}&{vog2nqZ&e%Jp;S@@^C%xqf<0xN zlqJQtb1_Y5#4oA;86Q)43(pT^&ydI${|fo@(VRK-v)u>!wLpOJkEYn?YX_3>S7o&5 zM{O}D%D7~yWL63;I3)N+c5je)A9=>KD~>m2pK)+(p294YQ}kx38#lqia?{^T3Vn-5 zaqC^DX6Fto0`RK$>a(+Pu6Vpf)L}m+sw17{BRWo}RjLCZLpC0jVAY7YpXi8%Supu& zPsTA`9SgafH^s*ZU)49xk89$C1jJ6F1HA%jj1j|skbGt^h=WT81|T5{I5z+_?%4Vn1xuha1mG)82N*0xgeQw84Zj( z7UdxH?l9|x5A>^m3yy^Fexw`gmO*|TvHwKdveeWYuyb7B4v6p`x7=^%l}gcQu|<4T zz(B^96^Qc-fOZ_^{pYvOmu`-eP66ZTJP{%oxQgLAIDED}KA36`P4snsOalJ##{BV# zb0-P>iz|Y2Cy>>UKmHCSs-mF;DifLm-tnug2_p@|xKI{sbPM+cwu%)|IBzcWXgX+N zh`1<6wtP3j)bGs>RuG=;-@IIKAAhu;|C33#kC!up1SD65IZHAoo3`qC)N(@JJ2OiX zbUBexI>(SrK)A$e=v-3T!(01E1;sfCO)DQU4n@^9frz++3&ZqNW-*2U=HrJ^3|=F- z^0djH60zByy53bkUB6@W(utD<;-IFm6m4h3o6)Xocm&eG;EoGDzTkcnLBQDpN~ zg(ok2ja(BK(Be41wL}s%PhX_E)`VW(rj+A#iV}g#C@U#-KoTCF>714UE#jN|J^9$g zew&Y2bU!eoJ|7WBT*#(D*_#EmS(H(oiD0KqLuo03OF%jBNoz6dDTPhcgU=*&g==v%OXC>(_1LZpI)qEyLDX5u9=Xc{;}jsU%X zLF9-Xc-+^N3Qd2qT^Kd#<`*meMhq*0H9Qpl8=L^NY<6HR zwbXoT*as`3{;+Y5sDUiXW@m-Y6$sL9eL;5Rw0g<6K;D035prJ?8^*IX)xMQ=cBt4> z?%SC2-K%y!;eZSW1vkl0w{4V18$}j`Y_nl|sn*5KWz{eH$qfFQHZC+&-(s{Ul5tiqOiWWJSgRQ3TIr&u(O?=YPx$IE?Ow)6)vlW}vr zIV45}10x!$GfZrslIG9Q`?Q4+K_|2~h|2QZ6G=F?hS*NBX)lcPs!yeD9wt>-jU+P5 zud&alNt$+;6kCUO!gfi&=yyAwL4`YpOJqfBoyXefM~Stb!r~}mN*3t`u<3>8oZ6vD zuSPfj2ticCCyS?Budazwrb)ARi{r!eOgG=05w5BR0&*!u#8deM*XC7sY#`w6?aMpl zXW-9Hy%4Z2`~2GRGRaRp7reWg8zNQ*h*Yc(Q9B=zUypsH{9phUZmC}RElCa{i3Fjm z(hn+898Y7;8s>-WFPiWC>s41RED>?Le@md|wTHqZqtfG06dw7g(7^gTCx!y8e&;=N zQ~XXDS&n?M3qcu z%deLpL)oisQ-vf18Wbo>Yvk-l#K)@-7|1)Z6#GcaF(5|}`^cX&J|nYn2Qta@2!b+C ztXrZWtm@Q@{7;F=(5_0uJH8vxtjfbjdq>MNM;RhLegR1S!d?#-`@1) z4e|{0!QJ>FZ2$}{9yqXIn$aCw5~kFIVetcPqk4UVYK>IqO`6(otaK?#+2KmGaf88S>I2{VjLuD?#IF6 zDYvsY5s0qicC(mE{1x}v$Dz+m%A@}@JaDN~76`9scev2>9h+GLc8!RX%N{?uo_)-m zB|XPkQtv>AWwQs_n+GHmv3BPUmQN`0F3-q_WgK)^fm~(mLiOo91gJz0d%n8+MJHXd zS18FmSNx?odRiD0Pd->0(n-ao!W(Ef(m7Hugp}c6)Yxz`x0;h2?tFOZQSmcvfH~OG zAggPz7dKZGRJJx<$@Eo-%1QnDtq}9hFJ0`p>ul^w@)nxsN+GJaa3AO8H;(;NjLeI8)OFfkHEkRNHF|e;Tub%r*EP6|$E`5H?N`oE!Hq$8xl zR5V5r4^mg;hn5AZ;^|hH}aYf5w|$he2MN3N3vyR&zub@5FC zJ`I1nq)w$f=1l%A zPlzhvk;(o9LF&j~M1G*5GcB_mcen=wTw%6+{t1snJDfZ|7} zM(&TTs@539R|gyCSIdV0H(cu*NLgbeQVajg5ZIJ&q0+S5GLpkuI-ag$SWcBZYMg#H zxaha$)9)d{nu#MT=wd-{!a5N~39gUR%S;&|)<$isuvZDL%ui_>j>)!c;>iRKGuFI=5u(mG`gl zAbEl#UAVaoI`#@Zbug(kKksqm^HzOpPb9AB-|_F3Xh%1!HOTdgWfC?eo%`J5(NUYx zkA88-60rH?EWoMhPyY?XgB}=q*9lcRT6<~pR6Qbw*=10PlPqw;P>0T`PI6QdA;tn4 zu@Z?_3c=SGbou)WN>Npbq{C{?pz*DbM8) z?`b9Fr(7ZaR@O=+uynz*0ClntyuBH#zLAoWG~Wc^RiptmuiFxDcoc%x1Y}Rcg!uL# z=P!R2YkUn2d#a4T`n#2T){^Uv6E|^T^mc^cmOXz{xT{H}&#&MJOffW4@uF0~dr>!F zLE^*5`Rr+R_>5bcb|cbd?3!>BP!HY~U>F1T{QrM0%xA#LueHpC6ipv+gUSX=V3IZ- zVSl3exniA8_BZrciuA9n^V6-BGkcnTsRQdA2LqAr>QzCR=IY%0y>_4~im^Nyf*N@5 zCmG)HpCU>W3;65-TbSGL`%O2;^8{m>g_1KoM_}6}$P=}puK(Yd=oeWH9Ae(^uG^Ji zh1E5^j)`*WEAHx-}&(dHS?w(z)st&h^IResUhXm=Joma#<}RI+@0X5=^zB z5nzksO2PX!>UIz9aO35C-rM&zB#x}$XXqQ3qZa=(r1b3feb|o6B%OP$s&o#Y)AMWK z@KQ*k=F|e13p*AuVJTDwrFz)yDKDbAqW?#XE5Vuvwn;_FHHU#NL7_9V>oV-Rm4f_S z5l1KkjI`#S3Q`GInw+T*V|ogO|p2F^&9y!+A?YrYMQ&9JFBnI z>l!Ebe_97?cvCofa4~%2ma5pXE{Hu+JE2P2Z+2bHvKb%CZZ;EHZs zNc?(0T$_*bnBKZFIz^nf1G{IIH_2||l?mmUDlsHD*OszU zhte^7TZwFttMBjY<$ry$_jtAmo>87brlOmp#{0lc-y*9+j-53Q1^Pg4BaTX-lOBwA zfXUO`!=P|MR8qd7b}(2usmC9*kZ8jHc8c6dUA%etT|-`ww({)R-MXzb>9Di{F(j|l z*>07(dI0VZjxBCdjtdDS(9@}*+!LhuIk7Es+)R;PO&6SOBI~+NgQ2lX5j!5)rP!;f z!PFn0Z8w3uS-q9|cPm}|f#<}dNDI@3{mKD5^NHUpQuDfRB`?|!ogD+T#aCmxx(d{BhS zQ$)@7ij%&iZS2gqd0XS9lR6k_#yD-Dg}mpLoPXD6mq>o+&YNXMBsF!8D5(J+tX z%_?g7jjs5`KKiS5>(tJYnC&lG9VaYv;i{B6PkZ6^CVF;x`z4H)*md_v-EbdiiZA@# z^n#umd~CMr>>(?m;Zmp5$tgu{W0rw>NNma-+|vb<9(j#7E6+t`6q}d4s4JO46S5u| zUTw?J`nW@}_#6{wvT4I2w-CBLL@J_I}+3?Jm+j}EI3JZ*yGRA zr_Tr{k8ClBaY9STp)c8JODWZtpyRH+Wwj_Denu@3<%lm-eOAiPXOE9h8L|5OrCrKp zSe|A$s_y#NnEq#bVxhJ~t(O3XuCkAx%Hm@$_7T4M08NHh0MS2mgc{&TN$nI^eGd5E z2e{-lJp}`1C;S!BU&pVRFH48~+z|rCJ7F)E`)=Ndm{2aqVP|DK1!?yyIpOjmDRjYP zi}V@wLi?2QcDN6!sRf1fMWgAY2j?aV{Yu_3@PhDF#aaaH%Ea|;|At3FE_<70pPveT z)i=$-CuYBphLre|zYP?wh+MS%KX3sY6jpJYP7-E_FLY4+fDch)v- zfp!`j82QQPw7NbT7aMb~pKxC*?X$ASzHw*8YF8a#Oqn3-BVW?}V{U8S%E4OjUiWjt zaWve!sF%LsqJsjt{~RKB&K-XL8RQdJ)IB_FU}{yz-n@d}vugV>oI*=V+pkvT^E%_l zbKLNIWROo-QFs5Wfw5H`Tj2jL|K!ih0bnn;qqp zTiya{fNlM)0PnR~r23oH9qMUaKFhvpnFnt+F(R7y5D~0s00V256!TI757c}|;rq)V zG%6yQs6yWBF?o%yQcyzDe@tG(=CcQ(HbI0}i*6wwb=+>J@Gt!;e=WTg>0FZx0)sei zj78|B|Ep3$?w1i&@xtEer4W`o)|YQNLd|N)I$|8ul1Wo>yIj)Tj?Qs(x#T5DG@G`; zdP*zb%4Qr?M2}5!HqodCneTsn8j{PqEHVeSPyT@;JxMIM;w3U@8oqR`qt5a}>O6ik zZUFfId_uHE#Nn5ph>4*d@+_vRA z3f4`s(duYpsx)_0w?b`+mviJ5q%XACuMX2en%8#j+jsiQV87;Hxd33nw(ib7U;%se zE3790kb%8>$Vy(R7GQe^_VERT#$rl=gng=$w+QR~mtRjQjyXMuZBqz;(kq(0VDQK7 z#F*(9kUw3bFK-a*p^^tI@sve1dtW}c6s~QQV)-(1tdv?Q`p*0>L=i3aAFw6f0HoOM}g$3;n02VbyK=%nK zyx%Uq(^w8?FTk$!tH`aoOmmg{7wR!6U6X$0*#h_ZB@&gHuouym6Cv?aPJH~K9WIN@ zTA}BBBxVy-yOe7&%Ha5Gu`T^X>5qZoYT^4S3us_XCV+|HoCqq%R_j(){`+ zcNquYWZyigy&z;SQ~f7+(REi6jGpZ^e^Qd0Rh_e8rRdZba1WHPd=xzAsHwYV>tBQ5 zHoWy$Z8-Z+W64%#Q8^P7;%+Or^DS-@n5abovVUBo^*Ni} z56U`QwR>$nlPH3?q-T$A7xrANR}pB&kK0*iD=8n_67Rn6n~uw_8-O%OjP4CoV7D$%lZ473i>XG*xppqc+ZZ zj;Ai<99!v!R$FDKdG{rwV}7+DeTP}2=~iq%O%zC&d0u2`?aKXaD_vqh9L7)SCH!cK zot!?PK}&_=lG~t=y!&vVKW!+zo*eGlRu-o<10P=6>Ya=Nr#V`kgPz9byf0(6`($;1 zjVp=iEo@VZmgQFIMj^1!pC0;ktO7l61DX@!fEWOUQ~>(=3m_m{^XhN_bms%V<|a+Y*b@(#d2{(#iXss)#M;V$=s;P3RCVF{y*R_N$-bPbMJoJKt;yp&BgSAQu^$k~~Tjgs8AGMRt!L5^njpk-^ zC*hA28t%?vGrX}GV}Ee_wtc?FF%ULPvDg5^*dDKew;L%hX^-epu~x#GD#m=4xS76~Za{5ElPG&hnAq#Ws_8}nu65l3lk zav=v=f{*53%uZKBTQWE!Zn~16G3%#q_!~ow7(=5_3;)4aGfw?cATh^VBN*y2{G+9f zL?JhEh{@8uZSXfVy)@cmqKZ)ess7~zVM-hE_9R0XC7~pp*djYfwsVs`*Mgt#*Ih~x z@$J;CQqh6Mj3!TjY%^877MSMS2(0^y&No#I2cVCOJSe8j!4{<)7r~RlsVF@>nGg^y zijjJHh)D2`;|K8kdhGW!z`*t^W_#ytLCL@kq~OiJ3)q&l*$%LM0CanRbt9ndXNM62 zI=IC>)M1ynz0=s>o@pbRZ}ZW*U6Un=T!kZtxPBgVCgr{8x z*uNpl#JzdU3NQ=@5D=ZUJ%Bxu*KP~60H4`M*3*jM^Yzc$iQn6qf7JTfl)Sf95ON0s z_hbb5S_Varx4dOerCRqJ*bC#h^CbXb1X2unC|_~71N7hb!uQiiHE_uy=xPi7y+m?F zAsD>VJz{Ya&_p)tb^{z=l^+9}B31{0(*Ffryi~vg9euMBI$+aku4=^Hwyz}TrA^3} z>967;%f=4Bxb>R$3 z8SPv$ahW2^>I^y`tgi;k-YspnIxqoW5Mgv^0fd)`AqX&Md4y6D7+QwKRG0`7q|_Hj1`>mpIHQk786RVp&Bo9 zMr=wfb6UdGRa>H=Q=F~>P5FTVplI32-lr-~3qDM0FnNY9+C9curE}`*J@-wO83ZgK z;B|L6iS*0I%JlB}lJp!80=$Iu`P;s0?A|bMryYumLt zGI1{B@eUU%pYc~(^4YjxCaf@(%A&8Fd^ZTbXnciKpR)A2E#Q8p!UYcI8lwlnM_HRR zVN@$uc`Gzh63OXn2e@bdp>yZDaX3(;4?<3-7PI!YN|?~uuq!G7I0L=^@59rQefAqT=XDUF=`+auYy8n348?7oQ2&yuGB+koHVFuJN%x zZ?3cJNM||f$QT;w`6(Yt`997jo6;SbjtaGE=dPNwRA>b)#T)c2o(_j#H!;*32E{tjGqTF zO&Y9((2lqAwmxD|?_!E}hP zB&H9@>}cP2#F;zQo=O>YY9y}y>?dSWG=*+unB|2OhhiILU^U=nl*EV&SZtc9=D=3p zcKXcpMWhsr>`X?)ntHgQe3=Y_ehmple#AY!h=SZlkRoP1@tsZg6QIRa)+(FKWQ{pD zHU=Rln|JxFwi`3(=!EK3h{-yyiij43nyZxyggdCr2BnwvjH%>2N!T9YWHQv#kE|5flX%y# z@GN>GDbby&c5Ic3BFPV8=xo1cP>HcmXr>qz2XwQt`F&!tQ~Y81p{cxAFeptEs>&;` z|9rK{63>BkCSS;h2hI&2wO5^Vs<10D;F5k}o?`!sr=gHtOn^O#L*vJo#AKUtE3>~p z3}z{tDA62lw@w`Y;}VQ$5a)9ahQNy7Vduf#iO;@sDBFmf9w`|sD6(sY2Hhmu&ZqGW9q1L4a6=CB}bKd%6GIkBV|`= zj3NaFlCv`qnSWrpVk#c=IovOk;ox4lo*s9h&^TeKHr zl=SKAdeABlC4JWI8L6G#I)Qb6tDAz z5xR9lUFO#4={_>TatZ8!BE=lO8q7eE{kR>0Qx*43zIps2|M)NJ4Mb{y-)guO8RQZM zx|EcfVsPHWfNPj>LPq>w$u#_5{WLXw;fzc?$&*DRa}hehLM*L?jJ;60xaHJwrd5J_ zc`e+o<1+JQjLt)pSwpKG%Z=*LR@6B+#ogN{nQk*NdMFN~J(NwEuV)BX$k3nEy9Jb5 z+r0^yaTzjHiVCs*8XyV(DEkO=#U=)%I2|lkd>YJdJ>1kQ>VlSnNhM_1*<*y8_WvxO z^g5ty87!m<2jgYHhdIf-7~vdDtp)AgtMiw}#^ofMhU|*{$V7=;`P=>B{s;ZKMF|p{ z+)DZEOQ9aN0v|p74JvtQ%QuEg;LRp?@s+`WZktWF9@D3oe4SV0Qp4TA)jR&xux+Jd z! z@*T`+ECQ=cmfBhIbZ1$N-sZq)@v(N_o>K38OU%mNNYCC#Rdc^bC)dVgOsCOWos8k4 znuOvsRN62r>A|LyV-6ESdVhpOQ@rOl@h}Y&ve*!$;y{IkzzGy zaM6SAWGMwx43wJ^3d;~hDor3E+;^kVAN9#nD1PC{&J8&z<39s)MQq_yBs*)SI0?jj zWUa?`2HJ}@_}dpKxRdmZJwcjlQpsJyw)pU|&2@_Mp1zQ7PZV1J?Nj09Q#!A=QPQT~d^1=q4*%o3I) znjqM2SmCF49M<=7knLB-;*yK>MYcbm*X_6be>%%Z zuvF2A>Kme{5>Nw@!)*Pw#mjI$Xu-epV8cUXrnl&d;W}OVRCrY-(Ep!ohYhc+5d&>+&a z&eS@HEcAU)$SOiRjWOn!w@JHZTs~R`UFG2yUS7ZmVhVv0(!K95l(A9sA)TUoH|Av%ESY50Woo(H zepRzoyv^#R9Q5jOC`|S}@g9}-)z5YP(HMsEOFYGsXW$RhDtlJWkHvcUgPtgbCW5h4 zdHm#;z1j@X)o?!5COag~Cq+D-xB(p73ez3gN$On@6zYC$n~qCHYbFu7O~2ALg_8+&e6GU*cyX&-J%2TEX=5 zwqr876fvr!47h??PN}9 zQA(7Bet>y%dABHNm1C&K9LcTDe^G|UDL;u*b+%#R_~;Yzd-w-kKGF}$;>@B{eyOb+ z(1T1KyrlsKU5y!~Tj16v?0gR{%wA5Ti8Y>VUu}w1T6p2vW2%CQqD!e6 zQoA6r6O!c2!8E@sQd}ek50kYjzZShTdxcL7rab?Ck?nqp%!LRoPWXl1Ifm)5Y#<%% z7nfurW+)=K(E+vi4i+_c;XOE~&k?mZvKXdJEf;*HB*;mY^J=r@yY)TK)ds{xwq_Hx zBpxcm`(93Hc04Ist@YFUl}H1B%Zu=RypjjfoS)`inLm-!K{e{Z`m)C}um;S{UVmS7%2i^B9P({4^Ih~RRc=wsB zJaa3&A=}Q#$lm$^Qs1&4s}!WUP# zO-R&Cv}de-@Vvb?Rv>qG4-T1sCT%_qptVl91xE~bE9R7q-;oYslQwmby!eO!tYd)K zW&QRV;E}xi4anKTsO%iPorQZGejh?v+`nv~n*c>80P=tkvJ6<#R_FuU?i?!t-mvx) zXuU1Z0jq!mxCJ<;IamoeJ%6eBp?MmhYZ2Iax4q5!7Z`~+hk)}+HSvDwI&6deD-D2k zH>lb)pxfm2au4GF@^+~-pWc_~1(1Hc*L~Uku6Fw8#lCFmG(g}z z&M8pd4v_x4U%!1H?$^81`o-V&eMTKtpxga{0F4a*{kaC>Kx;kp2EMz8e3(zZ18XAe ze0wsC1?EJA`M>}7MeGl0+v?f=_I?w$h~H0d0z&QrW?7#BVq&7^m-odRzXe<=bfBoN zhs+&kH@=glJwc@PA z#3UXPzGp1X(okx{!d%hzog>X=5QjS$(Hcmd=bOke@q;cbvyU;2eM?1DAzyKwD0#Awc$EwW1>2s@cL=$Mi6(Z@oaQ*7z2XfT@mN z%fz$%5L00Rxg^cl4Y(k^XnP9~kp0_^&P=EWV%Sc>uhb5@Lut=46t!`^eK(q?&wx?I zj)XveO9JX5eZtBsw;Q0Y{=hwf$fBvxPsUfgYX*DR$Oom_nxQgPv7|w>1XbElS>@A* z`-hYc*IWVtTsH?nVXHxvBcarLa$WO(1tO-!q%E@{U*9fZ+e4e;jfqs1MaDmF z&MmpsP}3oIGyXtC-s^=KJM|uuRiIrO=eJg3s24cIPrI4wA-EJaV4-k{L^fnVFhhDi z)Gc+}WGl#%_esXjx`B)yWp~e>luKv`6E)_ZNuf`DJ9VA$)nJVPrtZXvBeByI6Y-stX><<8=jU5MaFpm{r#T^;0_(N7-}CH G>i+07kfMCHLf(L?YfW=*c2Pe3@1YJmQcL?t88bZhd!6Enp!QI_$cV2$~ z@45KqYA(8~x@x+nyUsZ@F&Kmh|2+UJ!n@B3np_qNssbv$!u;mEx?Gl8{B{Of!UF2L zx&o?tj`p9OEq%2$T*MTt9Gwu30|Pyl1TN2Ef7L_sr?Uq-68$a=)h9Rw6SnRR)ZYxg z5uQIN$wi~rBd||4L!6Ay+I={lSPx@R&?s^ob$6$8exD}!i=DXp)ZC{rb0c&L_v-Wl zn|I@{8zJ0jt8)J62Iuy67VO_;asz?&tgpMkR{nIYtbBt>y4<;R!PnPa&jn|fL|I~3 zcaWMPH>b;bUaqDJy>2R~#GwNL`?T8@A<`l@0qimu)P=@0nY3?^dhi%CqewqFaih_h z;W)>>C8ck!qRdGI5Vk@Gq&=ZNuF2cr+b*%Q?pMK2u?$jHRE0FOv5A}+^jROngM>sf z{ua>8a5s>mxO$SSlexyn+p&|rmNpxYt$H7(aNn?$OTeu>n5SM`7a|o5IvS^qHG=Y- zVWLgOaglWY%u#_ABDkXRb@!5M) zS^SHlsMq_?L8|)Q5%Doix+|2dO{0{r*WgF`Ye%@h@|K?FqPU_^nYg)hi0D;%>7t9s zP@1_PAY_!{ag?EaWu_XDv~u;HNk!A79@HB`b+y-&%wJs*_Z3Lks!%ghOSvx`s=H_} z7-d0+1Zuuz!m8hKF^|K)SM=Pcb+LH+i|rNq^v|d8Jc7gi5Z=SMg3%r!^J^b!CV>_B zX^=9|p7fj(uXLHf{Dz)&5ijtWVOTVd+0x*-&~8T9N{U!6ORnh5?|~*D^7hsnnr~#r zEdyIMn~-Gb#+%BN)=hAyGu(KbP?E+{)ghN=**Qnv*~ISSx5|*_>!Cw`ib3L@z%lze z^U>%RWn8xn86Mu28_T~ev&y=$8$H7E&-=6}G$?=M9Y-SeSL$)37<#oPy;AtFC+rlS zAMkS3#w&zuy6K1y-+l{qr)SCD+jb+{Na;t-!dP_wE<-t!bF;r;k}O18M3NZlNqx{5 zwvB1N{+u(_*wcrS!e!;kZP9JRhaIjk@!c_b{Twy)i#SsL03uCMUWn0Hc*O@~%IJUj zB3Pt_k|uR7m{t16ceiMMe$Qk>NzblsZgsqxYv|*(zn{p98IZD~i-cc^2A+%m{%DWm9qh43UK&NfJXNz<8$ zB|M&1vvbevjL2>Kcgti1Nn&1MOL)%(BL~{ zuO(85;uN8$-G=1mWh=7VBoJb*u7AOl#ci}}vt{i-{!EyuS{UCl0v>g$ z08$N-fJ5EqzF^B>!Yh<;mOsHc_&p85b_2{PuS2XnE>HCa@s{@%AfZAPHtfWll501! z7%tLgoRF>6S({4?b3dvh6JttLbnvVYw;Sow%Q!bn#tD{+&n4;!o@A<65AoS@-wVGM@->B=T@%|APYviAgd>SRNHtmu7iD8#&y zZ$@$)`K{O|!e#6wa$$<*u5u77Vuf%xl){mpw(3PZGnn`S$%!%)$$=Im?R z<=c!FL%2{AjcJ$>-e;OCozDd5=RMS^_D}UH$4%tbgN1MV)jj><11O8R3tp*iAsD~m zPDvgVRLH9f#HZJ*Eb#prn7HES(qg{&VblW@D5Zs`^mA*dbl*qK!dK02?qMGv5g$DN z1WoC69TB5Malb(V&jb8VTUvu|@2v^Ga+S;{t0j(*%g2@_Cuez-E>pjHEkwY}{xLKR zB;D&Q5x=ge7R+~B|GCB;mMFpgduJbgBuq3BMKiuD+zkPr|L`C4VNS#V7bCZxkfgEv zc*&8{!MJAcpn;XtW+gMDjZ~)|j2mNl0{6MR!=4@~1ev`d{hddJ(nt*De8)3;|1?U# z+x@c7Ojkecg|+D>)LC}h#Tzd-)dfHF?h0eX#dydjVc(9kZ*v5UsZqpxkiVtznB?Ut zuVfHm*>UG7<|AaFDEUiE`rSA{o} zduyqMkvtOTi1LaUMy(l4O-l$^5{NfiuaXasS(Rq(<@G|}6lSDZX|blQlnl$CB>r^7h7p}YX3m9(*0|7DsgQjD+Q~v+ah*n4N|yygFToI>ADwzh zz#V!7?7v!iyl;H!6D}LhNjgv|kgNwLmXG}q;p}B}xdiL`JEInZzKQ{n!YC|p$Y#+| zRE!Jxh&-lwMJhgG=YIQ*?33L2A|HUkq*Q@k4??ZN$g)iQcqWF_?Y|K+wDfkLQ$tY( z#ckD?qUX|v>d6Z%SYv2o1G2_SXI;{yJ_&{SN~KWM6lfDKf6Uli$tWLWwkdw&v;LAe zCrW!9xV#c6imj-;kcNGZ8wN|?d?Zh3IW}!#Nk-p(7QW=>fmYvvjFAPJn#2z?%baL} zuRIkk$9W_la}d4a<@P;iB_|T(%8Sd#)yqjhzk>Wjf<*kTcK44ruPsAOAd-Xi6DBz( zIlsjz3g-bic^gnMjrxR%sH{Yv%4I2Tl(~*JbysrYP;(DP!R$k*y%~c8lP1F}H&Ina zy6ow9W``{)2r(ELDdm~5Z;~TPYbQ5dMfVi-l&tJwIROd`ddc~v5{Z8!HmS-AQn!&Z z6G=bXBw_nC88By<@P42CB*UOSVWp?fGm};fNi?%NF8*eGlOj{>$wNo;agc*N<+3>Y zn_tcNXN|t_nj>|RG$aLhyQ%wlx(r$qYDY%OS1RV``@I&epNtLDq(>{F6Rb@O! zTl8vRkICS6$|Y}35O#0oQO2qXgC&x11QyHj1hm0X3|)5>rfO4Bo{;7=Pva0(NTd2u zyx`+2kSn!P{*^P;^yQ|t(o);Mjmt6vBvRw`SvJkKo~%}$pIqv6!p5hQ{zcA1cza

R%gqPC2iQ}CrXt{ppdpn9Et|l{>&j;BJ+Mpb-vkB2e@htV%ea1RC;cW-C&~0wdlk+>xKD@DXyX`jxRdGSNS%?0ce) zn9lORcXszz9@Rq$O6ZM|&@khl-Alwo5uYfe#zI`h_%fVWY({N8Ix;nws=jKDKiqTY zUkx(c{^7Hw2Uf?M%AlmxC5_XHgU|alP=zv%xqnUvtvOc9|b9RHM zCR;^CtcVxjRh<8)O>xH{6t9eI#(%OZGw-_dvUr&MZCNTTHi>EkS!_ zTvK|KfH%esbj1_Xy=g)L&jra+IT2~R=Eqm|lr1W3T2xiQFwg65X4ye{;w7c$FYvks z#XN#QDjf&|wip!d=*|rQE)LEU5o}EoIB$RgPH$TuA-aH%AZ(2dj4oU2_*DF;duhjV zoER@4LGAE(6&}96z%;bXlABb;Bv<-+WXqTZo&lC%#_1^&BHsnDvI1iR zK+7&?fHPz3Gh_$w*#OcoXu{E1eqLZQXRj|GeLPHutmQzC?DT`YN~)T4#nSlp9k|w$ z$Cs-i#2VmtpQXxvViR23P(oKRc>3X*8Cd2aXlXdqSwDgh?HB=0=gj4|z}eZ!Yc#B9 z$PKWfX8!;l1q5B;kPT>?J3_|5lT+HJb19jZm(yPXZT-7Cy<^8pbmmu_EhGS}jfBRM{U5NM^qZKPzk=7&^WFc(-(%b1ZHU3i=gyLBv#8LM6h0 zInk>i^fUC_hO^dgX`ycgElmFjt!=s%a(TGOQqZ35bQ0dC;ym`&jW0T0cG$@8xo$Bc ziGF^6Hu{zM-%u)p##f}BVIq-i=Y)Ff)fy7xr&VOlXojUT4|m_G0!J|`o6}t(%jF_2 zkj>d#PSBlqs^@1O82v(;*UWVp*1uW^8;xGN1M$MHNfE8Kzi>O!Ud>@0MuQd_Q8O#e zoZXF6-KQHmzW6q;ywU0^vb}yy;Jy3GSX|=OWNXesJ~Y8bwz&iODDG#4Me|CTPGfI< z)9HetK^)n~j-NNTX6%u8Uf;&)8OZ2e_ar$VXZ>Ci7Er1bAz2?V-6Sj4w>1!NR0>g9 zS9>D{N7o-TGx5!KnAg=G4PCRdv8>Q@(dEAH>5=MJ@>%3>EHkHGXjsfXwmHD$=w}>_ zgc)zDEQrm^<*;aK9lydF31cC&3g)QOMIWyHrptcY65L(-U749Jf!hM9skYm2z{_ZZ zId14Gd9l!i*hg7JpN5}*imADU^p)E%abxy*RclrE-%y3$6TROIY&8&B<_;u$YdDMe z2Nf(}2C-I+r1N%?8MSR16twQSyY_6lOLd_sMh=%c~@mI&C3IUHRDRSf~I*;H0MU~cdE<2A-ao8vzWE$F3^kR?KV&$MWrSDrPK#5tLd-e}jO33|Tx}L%!Ad%ngL1_yH zi^Zh{+4{-9tRFN)>qFsEjl$t~=sPJF{P@iV-)G~C9I32Fr_ypoBx+XEX&z%%9TIYN zTc(TTSi=uaI!&N%#7ofW0Lv+p`O|Z>6@7fw80r(Q^7e!4YJT#%Ho%TsZv}b2e9`b9 zA_WZmn09B127^gD082{tC*WF`%N87DfVyj2t*HNpQz{5+^izs=Eq~fdMrDopKw_es|E$PF zKpTPNuAiB;iSy3jVb(aSJQacIMj}e<#^kY$hBqGqlS5cjbw!awDj{lqv)*4eBDvdu zcrw{xsBP4=dA;?0?UvfnkLLK+uABA;sb?pH^6%kZp$6(?6k~H*188M8ssAF&$4HLK zrbUuk)ENHR8Zsx(MU{Bb+vO@4{NJm7lI|jySgLw01{hp5^Z9rK2<^W%c$yH8 z+^l{@D{c*6SqANT)1AhWAwhpHwyO6fS`faYMWI@nTQ`oRRDA3V4styQ$-<$~5bu@jTN8 zI`lZXeF=GAyA4qIAy-|%=Re=T?!Ntj-NGVjOVWY%XF&1>-2R2mTuWWLRkL@FI#KGe zi@^ik@xra7sx(SsN47+}T1bV1U-t12hq0F6edshvF8Kq1wi;}|2|W4hJej(*&tC%n zXH5CUPXKup5wdtSdI@~VB;L;!6C(2B{kzvu&>C3ONEDzsrD}nL3>E)(DvI@iH9U*0 z#`8HnOq|(l%!k~F(o$ntp_U1_U-oE7zIwJePMp%&d=x<(wr^?DR zqLVc1asbg&&^fz8Wi|og;J8Xj*o@nl%4bz$SW;^`ovH!u25d>6MPJ#%M5yv7oJV`g7Mz$W$6&WuIuaY;{g>e{z^lfZZ$;PXSEy-BlWn8Aq4S!mc zvFRFp^tzEB`En)aoBAHf0_+soIlXYN$vyk{@ZG_>EoE*BFsnuFY$dN4hR>YcRNq1T zU~};1wAn+j0c-;87?iqW`Ljl30$WmtS6xRhm37~xj^}4_)o&f@6*b>$t4zVg*+k+8 zF#j!d|CM4PDu|)`o~KwZUy^ zBFbME>)1KYuhHn79I`(V&w10KSl2SXSLQFIIr?BsM&aRWIdt>w3&&*H4U#WM?r?4R zOqFL4E?uiLN%K#n`H}X$Y&0*a@w{BaVoie zp3eiQMc{fAqDSwTiLn(g$XHYjhpvBEy;q;p0j$ZI z?eyR&u;Kbm=cz{`wW(>4r}bwl`3X*CYw{zpA5>U@VTCrcINX$;EzR_C9MXtV+i`#o|< zXt`d|{Re>UxK~ybCs^>MoBNZa3&@+I`9=tByt)H#QAqqb2K4}b^ zH|vK^7qV;d_Be+eoyPA8$xBLDDhshEprG1Q{=ycDn(FNJCFjmW__h$SRKwSU&{V2R zJ{vC*kod{eMEZ;?yDH(?85SokQgo16n*SgxU3}be&})<0hL(3O4b!h+3=^q~?Z(?8@#CN`)svt8 z_&L%3L>W1XIzA2(w1Yi{Oa2Xc_;nU8)gJ8WPCQQdbA^8K_350|Um}f#nv$;~(*jNo=Sp9l3 zblR@9Z>9&|CbvJ%R`B%HFc7GpiKJtb^H(e;vFM{!kJ1nv9y>u9u@q<0`!|(1ZDX_= z3ozc|xa*=2if~;seCGSInU9jkTv-MafvZgQ)1P!`oOu zbnN8}Gp4>d?1<^94II_RWQd%>P|^yMa(}hIJ(#q~y9RurKj23uWR+ef#gl7n6c`RP znQw@Y%i1{9%HZtmW?_&T;zte9)c?EBZ&YhpkIS!q!+26LIB{GsSRJ!udyqM1`imRm zImW8+Ue*~c;IFZw+;XGcKgP!Rxnf!TewX_0L5)aq z5hd#VwtzPCl7qy&5OK6|<<*Zy>LSgts%UIR!}o?{Q(yA(=SD2$%uP28lJ13!Q#?*q z?6VgoKq-Ox{knbInzC5pce+u@Xts=D@PO;X(&@Yp z*laS zPr}NI1vM8*mhgQ;MV8-Ps#|1GilUtT17C4XOnxk%@DA7Og>sFrWR`5-LVMCSdCn0> zeT~#97o<;74mu*U)MU`;qs%%UYK1eNPB-s=O)iJ0nvl0W3VptgX89`gr+1(2ZBD`X zhvwPNUiDKg&IQT&%xq+}hHvS0?U!sk^=g(5j2`tdyUz(+363RV$KF2v=)UPEY&PQE z=soB7*}Hjub=k!|L_x`{J@>p=Z#$wlop`K-hFYS+lIe9G9)EQH7NM{9lJ*J>efu6~ zQRicm`U-*+o?zIpw!zdL7HRnmYgGC7N$1g{j$VX!Q@LuKysAQXIKJ9?|-`F zr&_atYh#7)?$Y%VXnXh#)r9l>5lJ7_3dGrrB1|NZ6WU&AyiBJse&dA2UbCL4=PpU{ zvGapMWr(?D;LHg1mL#*j(p+V_bqh|$l$*WlI4#2n2wIL<(8#cZDHv3ROM$0?sEQDi ziU>A1#lA?zNX%WQbxjk+p&>A%_c)vSp-h^)f0r5yRZzmF79mjLJ=H=}ha&RbvMN_t zMv5M32+!Hd(|M^S@}|FL34VuRSA=6{5pDr4OVD5?;X@jjx{0;6w~{HsKq~rDd-hE? zLVvDUk^E_qiDU0mE}nHJDxS32mgZ)~z$ZhOYABO7@^MimK>W41i6}jbLw9fBQA(9#D1o$EEaewnJn(~qd1)TTAlFd6NLbM`6M4|27u!mLtx^hglQ+j1V#T@ z5V7tj5tmHvyiIPpK){1tKRm$>AvtjEI}+as0Eat!0cSKVcaZkvtXptgGOvHbKS`*> z+1ia?7v16L1&MHA?u<)i|6Zp39oQT7`n1NhR1OX?yaB|IaTlNR4Hc{J0BPy@vM05h zr+il{qv@nCX8}02+d$0A_5S#@^$AQ-83j=2x?Z^RX~sx4KQ7-_Agh6{X%{_@v^#;D zYqlxpH#`zASk}JI4q);EDjO;aCIdG=S@bKQVZoxO0qK7t6dL$OH;`h|wFB}hg8(od zwuQjT(5a~fptl9N#l6EZghSG1TL6b&3hohpcYbmxp`kHjVI?c8rUq3j0Pje@93NPO z{{)b%w|~K}S6;wzUCrX>d=AVmKnn--(V6nEJ28k?pQv)Z(?p+PVQGm&5#>coQ(sDo zn{9sw4DbOW{D%O}9q}#T+zGTNpB4dN+l3|1yO#)3{!@kUdVtSvA*gWBN4mmA7$nTI z7zUnS!uBG;p(aN(^?g}{{?L5D&oenB=ik87w-*p^P3gt(eC{zUe=YrA1F~81Gh`oV zUOEKYQbwL2H@8oV(^W7CE5F1H{Os)g5D@Wn0?V&0(aF#-bb$bHZ3rNEgs||UmB2a! zo!z3JyimM;v(B^iA{_q!3NHl5WdL300X(_naPyK-EBKn&8}#Azzkykb z>!m9|cN+8IKWCWJ$uNipdbb?hv-*WK&WmNV(gpIbT zT8d`v=m7#T177wV(EbuCO&Yx+u8xfTAS-%=iNR@M#B`Zq$s-J+kKR21gMdHX080*M zFRgrS;{O&y`_d*Q5dOfy6oVKxvWc;ryM z`l$VxWbEb{(KSCwrXphXgNyJsr^T=Ta4Ta-N>>6%rb*%Ubhh$&*YYupyOeHyLDF`_ zHVa$BrX+u4y-6g0>S*nY$awd2oC@aCx3qeeRI%WngI$F9qY={w{{E|ygO-b1`qXzs z#_M*2n(_N2n%d!H`-eZr3GjA0-VI{(*=^IxyotH~S&@=IBI2ty-tgg;l4Eh_`eMN&BEr|3P!ze=>zq#vm6n z3HtdyC1qV@AlI@?R1YN+2|mVEu`T?vm?;oM#eSzq|DWb-KerHires4`?(#wz?-MH= zZHoF!G};mNKSeuyy`SSVLb`C8TKb7#ea0t%oGG^TgDH5gY=aekS@F SKz>m}0?1RgSP0>W2>%aaG&xiN diff --git a/assets/hpe-csi-driver/hpe-csi-driver-1.3.000.tgz b/assets/hpe-csi-driver/hpe-csi-driver-1.3.000.tgz deleted file mode 100755 index 68a3925decf1431f2c9096b1a6e269f3fa127cd0..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 9098 zcmV;5BX!&#iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKBvbK6GpX#U2h=%Vtgwem!e)a4Xwz4a7HiB)UMe3I?dmNz90 zfhIXC0E5g7D05@K&;Du-oCGhCqMSTUs$vQlbocc1H9glT#-=A|)8}-IymdMvT)Gny z2H$P2wA=0W@!_HVx7}`6|LwGo55MaiygWQOI6m5MAAZ;F9JcrOzk~J$X_#3OAqoGk zy*93D1K<%!0ycC#B4vOsWi1c6qyvh67h=L?guJ#I#{h}IW<)~l zLRqRD64Q^!1!Yke#vO;marS4&J#gEOkHX_Lmio~Nyv85|Pl+N77zY{&NrHezLy#kc z*S&K%y}p1m4P4jwXVOO=p+w<~m?l8VSae&hQH-v~!j_PXlOeV|7D+-QcLX4zng+xf?EuVR!MT9^pRBa!}ZX6ArJDl7z z?u)L|R5UwHxHe$&U#9^P!fC=OM)KXY(}WNGB$A2Kgsa!*Z=8_Olw1V_LqY?~+^ii< zAIJaOHq!wx{1+oSCL!{GIJF%jSi(KjKvMmH@5P))K~4c^VBl?TsBuK z_J2%*1jU9OzykZ*Vd5=78~#NQpiSXrL>cp%)O2FeaRmet-fbgFZs645JS;k_;v+;UF=L10qqljVoE_V;k4g_on0gf@qP-z6ln|LgYS){DH6R_bMRjms&8ZgJ%*@2&#su4-fj5{KU zWFe8%11da0TVWDN8WTB!n0R-pW!86T4+}4R!|N^#NFZ?6@u^U}x@10{vPd&E^3c9k zv=%z$^z}&(P7*o7NK#J&bTn4&w?`!YAdq*V(XfB^h!D#Es7JH=zoP$H=d>>0y+6Np z^$55t&~6h zX#D_V8g@aT)W%#+Vtf@Uws<4#!Vj&lUmaD;IsY7!$k!pb3MzpO^lu%fyN<2b1Rn=9 zLTFT-i29}h&AgWOI<6UUUMhg@M-zRhn(xNQIrR~~faFQ!!SR9qNyF=8Frc5I(aeEi zd)@pu`w3eQ(Okm7uBnQy=AJP0D(WpQ(cvq3PS-(qiSmybWJ~V;m3O(70)=)ZV8yR?lVQWv2hnA2vPiuQeiE6#pH) z+^_immq#yOKKuV|6l;71hGXQXER2;~Yy9I?$L$=tZDmVHO!_pSlA>^xE3~G>{e{ZZ zs(k(GG@DH|LaLNvp04n?ln_j9+TD-BrK~mX^ih(Ib4Me;tG+j%J0VKq6G^&RlFJj+ zO%q?r%c?gq^Dm+Sdl$WBNhG_LJq$w1bS$i>TtM+Gkwx?(+NF0mSxKm>brlr-s5;5_x3xE7k4)*k8 zrH`rMP+<}Ei0DGc0T39VCmC07074?Y(Hj+-3G)CHB{Ptw8e~5$P^wB$f-(<|DVzm) z>-5u&`KOFIO{xs>GZ!PUS>TU|gCxhl!9FHoYJbQU?uG zQcs(|6umWp=D~;wd5Q9#@w?1StKvr@&Fh^SP(M>H@F>=d|2YGVo#%~C64$$M?Ti5l7;SSDoW&vZfl3(YV@n zBO12BrFWThwZ??E0@_y`Zwcnzp%kq+NQN|uIr}_O&t3Jr+GWN3wlZFJ@LYKZU*PwI z$x5G_7)3`wQ~hP<2Q?*4pYjUXq57yt+`Kvec>bmyM?sF#sr4Fn{3nvU zBH(}xmx0QLwO`-;DCT^L(rXo#Fw_AU#pvn5&;l@p#cZ{3IAe>rqXurZX47!L877iQ zHphAvw66S#(!BOEM)ceBqD}lPF;Y%N{7LO;tF}+`W-Zm9m0K> z7oL44S%92Wa#~Hm!2mtkg-dq+8NEanP5B*8x)3oR-MoEDNh2nk9Eo4_UMyD78SldR zXDUkRu^jWYVudfdaL`_pge2lfybRhXMg|bWp(~{ z|FHc$|Fey<%KT4d=I4_6xYnFcHrqomR64%uWRDWf6{mSto7k}k)|k?<5KMX4WR3!{ z{b?MH^{+RFqnl-ywQw9#Avswt(Np{7bfS6Pw2yL`0m=-8Vn$O%1+Tt;advg_@%-xM z>in0R>vyOByy>01f4xNNC`cD8R6-4o*OJBEN+^h*bCJx8$HI^(UH#N(^=Z@+qsAUI znx6VU5248i&?=JLDlE>J{YJG?2h@$<)*q$Wj+z~y*RgNGh|l(hjekXv_Ig~iCp-2Z zKA&aC|L2FF&TlT?ot@uYp1eJ;Bm8I1!s)Kl%T=#%F#Sf^s?x^1=?eN|GcZuL%2isR z?8H=~r=~7{#jJa30Y(1LG-HO*3v_th`Xi)*S@rkTxvo zOA4}5UK08Fz+2gWH{D%R^ElmQGpiY=uTOe6AFj`@7BZxQY974a$@TTG@2<{PfH{lK zTHQ@Kk%Fn;rlgky*U@-(aeeaB8*8ji-(CLv?&|Hy0*Ec6;Z!a!Ot_*+#0lV*|z|Vz8%wDi5 zESs~1^&c}|G zj%z<&ZxR8e*DNHV7C>5NHb6m~G4ZhS4277?15kaNbzKsf0f|4)cPCM+u2!KLi-D*n z*jo1A`YxhT^0{fUgUtaAs$yLP$zoYLJs_fCKR}s8`W%7*9lHM!g=oVRk@U^y(^Y1s zT<63&i!-UyVeXBEH@(EC)&xBSMKO||#xl!Rt%7M&IoJiNJr_h#&o`Xxp0Dg{C97v@ z{W>Z2T1B1O|OueJpF9Q_rZ%D6BW*d8=Iy-j#&u*{ziaY;BfheS+gZm#zGR$0=pWx zINMlf1K7rUa|UCbb>3ig9lEy9Bl z*@N*G;49_tmQge2FY4oUgvm6)Z0V?#>cz4gr;jo^W_YllXynsqxM@e$w_rum{||c7 zy0copT^?A}ZwFk)MJwNFlj+lbdZE*Wtdr)n|1raWbO+DsF~EcU&9tT1j7y(q;qfb30++PN8;fop&$Jgd-aX|AZ*$|4jgCeZSkk{< zIR1!XbRF7!EV;CgelR^VoaLOZ+;m|7#2iS;n!$(-4M!hL-Fo^!Vp`Z(GRGYzLb5P@ zq|bz-dR|~7iIB&4m_>X2t^3R=-?F6JEJh&nTvffg@`wcKR_8}?xvRR3ZI98`aJ_3`nC}4A8=8I7 zPW|z$QeoG=5#?{q6xA!-DhZWkY=$ycdex~uVLjm-Bbm3s*--}U1&MrMQ7{2I*o6Rz zk6ess40;!ZGE!6kMhduZ`)WOFvxt8)S>z3dGfk4m824#Z#9b$}8r^bff;vZ9oYp7` z?;}aAZt;?PU!G9D=L@!J!*at?;|uLh@u%{IiZhmkXE(UE8+=L^wP|hj+XEIV)q;AADCyB6p=D=- zms&Try=cmqpvq#vS~EI-qyE}!12>qEw6^aFa*-<_DDL~;DCl?##_8Tm7*MApxC9JUqeBu2c)%D-|?asmT{U2K?h4E#&M`bz1tL#`=M*R$s zwKrL3TdL=6pDu3!F729Lv_rc1X=x>6VMksUzBE-!UbsKg0EPPtN@xt!&*Ij;#x8sT z8u@D2c=*j+`B5r!_1{EsYu^UDK>rUq?dtvCFWa5x`#-i)j5dC6dK$W~;6=dLT@piM z+-X4LT0d{pDRjeZXSG7o*wx1YMvsW3Bgj-xKcZYgUP*dJc2~Y>)@4 zFATh0X9vu%#y7c`nB$nTM5Nc~2_ORQ5h4Zwi-yQ;bs%6Hqdz;nzDUogvRARX&JLVp zx1K{|ghA+vQ7fgOY3`wIbm0y$Zh#oEB=BK`L9E)sF=S)Azg;OjkU+8_$`NvB2WSL? zL?&EciF*@0Px98;>*0jriK5K3qK^T)2XBPlovS0J8S%IR zUt_OJJ+<^yOYvYU633MdeWqD{vp?zT``T5!SH4RgUoc>;m0ty}0C$>VSQ^KHHlpE-_$|;dQre4|9`yyvYP*GAMHQ;|80~F`TydGZ|xwU4%kK_fePTq2nVVt7B}xv z!iH%aYsU`LApgPvL|tP|nT{exF{*m0!L-pt=Q)~qjwT*V#MbQpO#d&|J@qRui~RrL z%gX)louh-7&*T5Clr&-Nm6FBfwL~qGJ2ua>y=_3F0S$AAB#C^&{SD6l6jmv%H49XL z^DWK=71+7y8KJ4}OT)PW&KcACX@6D%7jtZ@$qLsd$o~qtdazLfC(#h$`@22(eyr5u zd*Qh$x7%yFb*&9clC`q(tJ1jb3g)tjoqv|e18XDzZ!0itNy-vRduy`v05I^ z6#gt;><-0qb~m*xRiA18QO5%3pJNgkq0N?e}H z<1&Y9`CH;{;g7=4r?%XiDHZ>Jb$)X8_S_BqP2!mE|2qf!2i5%l!NJk<`JY=UJMg-9 zu07+K@r(n;;h&iy*OnW+5#iEt-j5JI&8`01i;!>2-W+E0xASN2mR zu^OA9?=;~GJw?)oeiF%K53b*wU+=*wM)KXYvRhZL&)?|CCy}U!4*G_K2t8@SBsoIL zRU{OnC+Qf04F=SsB!HNBcdC&bV|O>N5kSvyna}RP^phLQ@EhAP@J=-(_d8rfmX=@(Rh*69;W;!5! zS8P{`=b(3TrAg?S!Tv)r9mIs+*n~j|j}le05Hm4jLXFKvtLAbdt%d`p+^k};)JhSk zL8Xo>z4UAKxZp$CK)-(7J8vrW)hexl8>vfo=#5QI!g0O;^wO`PQoaD3q3}4>cePdD zu23`}gINFRd}+=u^WLpgDuBK?Um&}UsD{KhY^V)Y;KC`1ppU>JrJHa|qXE0!gIgc_ z$x!`}oOq~y+!G$%YWChD=ZxRFdL`(9<#3%Z)vQnn>qV$VKM4XbK{33zH8*G}_!omq zCVLzOMpFHKsSN4uu3JNXv8u*8<2D~%`OLfnl1LU3NxhQnsYcW5)9Z`Y+a!=QCUOKl zW156p#;Sv{Qd=wQbBmQfq)T9w5!VRxid{v;2qS4N`E=u^+S+Io|14q6m-nWXvnLzI z>RiabsR63T!Vn|h*!FB#`pIh8goHtEK893|lD@uIu6SdJ$C`!1cw7B|^;;nkQkfA9 z!j^$mxO8mSj6(;Uh1MEy9>)yGJcy{2zXs&h=X$LyadzPwn zp<8uILH((<@YW6rZo7_i;`=%_)0qbqesoQPv%eL|Fp3ews)xWLsAO@QGXur5w7n%bICk6F0NPqa@l1cpGhb|OesV+7* zk&-}3LBxvvp+t?1k#p+%7#VG|4pdm?e~5>i_$lvCGu|iqIp)0I(~~H4Fwu|F2z0^{ zxF<$3vrm}nZJqdWp=UJNXK?xMJ#cI$N*7?D{6#-t_YvF{nsaMt)N>|zLa7W}F+6|i zf^jw~gsTHpZ&>uJN49W|^M(qe3uH{Fc2_CetYNd+s;Z<~QPU3u67G%6^Q!n*!MN5l zZ5p5?e26kbQ(#=$BSmECyN8Hq)8csb+13Be5Lzu_5iM(YLCT_{j%WHjtxb8wl-L=R zRdwYoF#-tz4XI6^(nya;_TcpD%qU63B$)ljzP41#)|8x2hTp2qNuZC2(W9S~vJmBn z`N}$gU?GC1^S)F$*^qIBm=jM=^c9DT+JrFm&?|-0V@fPfFbHqq^vwmBJKchb3)fZ? zk$9tA-ysnxhi{urffDX;@=ABfr@idwZ?{1BFiG9XZP8fWx?r5uJyl&o?iA7Jp^qx? zQkDcTl4?+=c=*WrG!bjwlfV7i16vn#p(Iw_4zskTM)ZiIW1G%zsLm3 zH(o09KO~Oz0-6vvI0v+7|Np`Mab^DJ@bKVy{pVK7g884-CVggUejz=zof)5}=IWoP zRP^8DzS;Vp9@o|MxWDc~utn>?ULIHV|7H8|`TUQq6uSa?`BJJ4T8l54k8lwUm>T#4 z%&ff_c6p8U^y&Dmai@=xr0bbZ^}+a8cJa_zb})WvZIc=CvFJSwQAiTTU5Jt(D6V?S z&ZcuKr?q9Pu7~Cvqv~tBblWUuGBmyJohyDQcBCt(I0?#V901|57_-Ba98f_i_02`| z`a2b#o%Aj~9$b4P46~)#F=sJyNsFs+N3ovFDJ}B#^ZB_h=!6*?=+4UKopn+KeQQRI zNhLZtUc7amN(?KjhwDf%B}u4XeO4hwxswkcF3!?4kX}JM^@*G)<_O7E$Xt%|G6x+ltpt;)--e>E$K_bIhj=6WfK84Ag4H@CmHm-*kyVy>e57%rWU3@t;dyq zFkOERrU<1PXfMnDwEB~E!To)_w5hFqO8Z1 zS3l^TT(#^M7Oh#%(B4 zPf?NP8FoF#e;N<#$*aeH+WTdL$gd+3uSkIUWYbjWiISy=xVFb(4Qw7e6K74vtZppQ zQD4Up@|O9y6d45-1ohD}cwru9)2?i5!BRxz8xhz5vNMww(NR++U6@jjwOLSd{*o@>g?BPlU}g;b(RDMq| z!5bfAWiJM>e{?*PKgJGQF13_pS(6_H-1Awoe{{SpVTqEkZ_KG}sDK#LonFSq(5Zb| zeT0rOy>>f?UItj$l#@ZytJ@LvS0gIGTY`HU*yZV4jW&r?w`L0my^%fwA*9ib#c>lO zzcHDx6k_Cs8j#&Rt9>6tflSZd(o49J__Otzr_jX$m0qTkGWRsAqtX+&=5$ufnV)zP zh_p*7YdSRskjkbA2xPMPL-dNC!y1N64o(*;PViQfn5PeD{>Hto! zI2I`NK7`HjAO$_Y?HMWC5`YY0Fww0C+G2Wkos&pVjAS{oHRmcxK2de-$pJ);#GYBU z{i?Gbi-f$P>_#EGk>LV0St`!k1dFuyoE8S{uRBLs*teGkdN&H+jp346%+3aI&|Zf# zC7|=!aB|A`=Y! zMXfimx7TW&05;kW#Pjs6#Y5G|lQ$nuj6kHPfGPzb`p}e?KEbR%ap7tfk2Kty{^Uk| z{UCYK5NI^KvFF3hWn2l}wsitaahr`V6bCHW`7M_T-8kj5hc6Xtw?pHJ6ejF00R1!}QpvD8j1cbwmzEdN)@|7Kg*+{tFn{`_u<`M;y% z>iJ)X$4AG{`QL4nti!ub6UKz={q)`H$u#L{kX>k8l;0=`wqs@WvT)XndShm8FiJuP z?0E`ya;7<5SwA$V4rG7ob8QTc!rW4o2y?ba5R^{%R8=$}JCE3?Y+|tixM-9bUVk`F zq5Tg(Atz@@pRoW*RAik#FK4Qq>mggI;pNTSg$5T+#!0tz=Pk+R>at}gAbB#~kaTB# zveZdGRpQfh)qJ`OYnp3lPv7RW$9erFsgIXBF=!F>Pp$IL<+(hU=c3F13jhHB|I+o7 Il>qbr0Nu>#u>b%7 diff --git a/assets/hpe-csi-driver/hpe-csi-driver-1.4.200+up1.4.2.tgz b/assets/hpe-csi-driver/hpe-csi-driver-1.4.200+up1.4.2.tgz deleted file mode 100644 index a18086952211c36095545db0dd18546fffd28607..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 12873 zcmV-PGPcbhiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMZ{bK5wQIKDsYujrEJYT~`<;a9Syx?Fv|wrAto#PQe8Wa=t6 zWkVz+VNC)Y0FiELM+6&oAt?jgC9LORF3E^se*h8Ul44%kjpG0# zfjbn1cmP?hYN3dH!CVkV2QWQop(slKdC)!X_FFy{9w(91Kb^vR9E9L0R)i7bK&X%? z2nZd6oM3o=eF0~;mvF9u>mGlPhnQ0=v1m=0MnK9)40^pugu5OKdqOgf#<=G(DiNWW zix%An5%A>O8u&u%l!3@kE4LiLQJLTg-A%udp`3-4+(*#P`!OT z?M8Imdcd@;^U3$2v#u%bF z2q0ns@n#wU6a?mp07AhN1mM@P zFjo()JqXws0zAb*I+Py3XcLcx5u-}Fw*of)pt=o!&=G63_V(Z>rg~7xnNde5mMlb) zctC_FNH2^7Ng^aC5FzhD&CKd9tzqGnZ)iP$5efv}Z}~(hT3s<8pE0V5NS=^y=5YY#Xc6CwEwB92GoTe8r4 z@`l!}q{{%>zr|?QC9K`rN&kQAmXrVK=ImX4`h0QQmEYw0V=R#W`tPj#KRG$<@8thB zTIKrRO>hulF1j*W*A!T={)hdOlid2hIX*nut^YRKzy8(xGfYW10D+}e=5iL{ccCJS zH^Bq=bMKEoTB=v;;#-8MuU#&WVrVcaS`$9=tiyf0FPv9x3(J?#zK<>g&G^o@X2*i2lTk|5R>eq9>Dh!ZMD z(Ebn6`47>~K{Mkn!*5l8XZX-rV6}a$m#r38FS6wr(KWZR4#{|IdHyc-&trBCyE+KYEjo|Gs_Gf3ws7+i0y; ztJCQy=Qh{e5UcZZBCVAudxd|4?iq^EkOV{$EV@cnT2a&ei2lJiv=7?*@CwEl;8jMv z{AauFT|ya$eP|#2rM(Y-{E>+uCqnSyFQQ9WZ+bA7^IJshxB+5AEYU$KL5*VAD)lUq z4}|&ywV-A_TOpRnM-mOvNU|qLH;FDQi$y(&n14w}>=XUSVk!qpPv927mZ$K>OaWlZ zf;hw<$OwBgFTfv}kM)s72d>piLSicQKQE#Q4lzf8Mb^@O{^xV=xtG)`<$v-Z33p+> zvJR-1{|9eRj&lD0VgICmyp#XiXywAcu4Q@yoTdDcgixWf_hQ&qRGrVGy{>>oQ6!YS zFUqeXx7tS{LLMH#zy6gq_Vv$7DkQ>AnZ?9IVgLs%0D%MSNygO^fDlP<@)1L`Nj zh5Uuc$$Rt4yyF?8BQl=To<-@gchWkRov6>GaDE39h#x4j*q`S|vvUBQxi;-YoK1-$ zinE&ODkQ#e8k0{as+x|*8=fup>plEMA2sC07)%ekC*6K-C~Xv#!M5T3<$$>hqM4VE zGt^TAXm>ORBH!m&h<87{Iz2zXxwyUEZx=gG-<@QC-7=3JxjgFNB}s@`EZ-gVMG4l5 z2Qlx+3CGA6?+)G+=TM*&rqev345wJ?WS*tW)|(>U3&>C{PfsxK0ZY+~f_O}5#M!r* z`n{`u&#$k0IOcFs?iu_Jzr{@E7{r)a+T<%NuEE)0((wt;p&hE1u92K9M!j^)AgN=H ztL~Qu8zvcHFg@%ZbPv|pEejwu+$x0~&~O9o_^FDYo>R?bxmi#Yi3yYP2^D}d#$bBX z?RO8?VClucc3ho~y%nzRwQ9(}Wlle-=5&q)`R5aIxrINN_I0vgjwzSm@OnT`Y~Jj+ zyG~~3sNaFoe8$Xzt;t}M2&ZYC=?Kd5&9Fuz7Fz;T8IwT?mtpEhj8OURhgWB}mv#f4c z^I<-G`rF-yi!T=+%ExflI7!q{o#3m_*pq zuJZygPNH-v9M0Gx>L@qARK*zTcfwdA$u_KMoZXupM(yCk2HDon?l~P;!9@5CkrW7F-$HbxItE240*?jFN_uE z(|R)I%MP=?`fUVHGaA6Etk%R(-;VKI!+8Ja?C6Ar&1fY@G^K;!Fp{%#!UyoLqAOao z!j-kE(aGQ$m7C<{=6EfL3fsKSE?)?*%t)^>&}-q@-y{n#N4c}K4&c!UdvX9*?BW~t zV(B^s4|p~J%6#0N&rj`L%4COQ-yXfq=l>m^9PaWzw$YZ!|Hx&2TrnT7mGhBi zdmtRD-Lq`6hhoho(>#_-?63o@kOGa|9&|fdRjIK+M2BB>5e%{ zM;lBJyZyCJs+R#v{XhO_Ub$)aC<>Kb<=HhR6x1Y}b zes_KP`Tf%!qgZNG8^&emEN}wt?5y3XQ|6N-+VZhh+r0R<6*uo;S$>O|?caa?>&4yG zr}K-utJ9AcW%K-rvv81m0Osz~4IUMrD8ZMh@=@%dUpDr;5`107nM#ZlXjE|i3tmV2 zG>f|&H0xzEL;!5?OJBFm!4>C??`KtXIhTfuq`J&);!xX%Fk%V zWskl#;B_yQ8tb~#b4VNBj1Bi%B92lQUa5_4Qca-b=cKAY)iloDpI+bne0y=TkRZ9C z>fl|U-roN5>E?V1m{oX|ikE~E37GP-4EhRO8II?dx2J#oVCCuAr>mbn-F!T~IxAht z0koCr(;#PX?MREjUaZYEMkW3xb1pn5Qxf1Y_A|DaX`Z87^2~*Ne*jzJh8Zrm@hiIW5Ym_Rpz;#dq6Svu@8cQoFEB^&dloq z1eS3GgbLzgbNx59CjoI>fD~~Sp)r!!havJF%%x$h&0+|VHz5>vOA)p2X)3n=N_@hx zr~ZY4yhvQ_pmm+Ge5^$Cg3)|DEq!^tgKaFmjuXyW0IA6dwSri27{2tWxtP@f$UjY& zE~dt%^6Tu2nD)wgIn!7SL`}i=vi~n%B0}SD9TR8lj7X4YYZoMoWTsjgCE+l@GN!uj z+K7z1{}7HvWSWSF=JjHi%HVB{Ew(r&TQuD75*sS>j+{kGw(AYRcrjzSR6MORyz4jA zVepBY8|6hzs$|_V*c6GpS~PfpXs89@%83n!-Rp(LT4D1_sj*IQzf=&^0xXjXwGv?= zdKKcKT*B2tbGtT?EaumbD9S>cdrsqh0;K ztu!6~H(~hOOaMAxw6)2dOB1GU5|3{=GghV5H3LW5lL_24D%Y=zOr!i zUvcEGF|-#T5*Egvk5h$-9d(Y$a;x-2Bcdo>q0FdGiQ}gkI9n*AbmFFm7a$=TE_g$d z;%V8uYItWpp~#N&TxW23D%y0;?qYJB;NJ+PSbqvWR)j|zSFS3-S4$D3ArLkm{K!+&5;TIE-&<+EmWdGUZI3SDVh8;UM! z^@S=L(nYG7|5F+b$#vf4Eryk~Q&FyL#sH`jh+E|T&5Yg?63KW4BnrB}vBs@40Mmg| zQTcpFx>=J;5XBgTj#zW%Sfgy#$`d%MP-gm+Z6SZGI8EoYb7_{eLoP{GTkh-0rG6^6 zUb@K73fPA7{+TSTr&BY|4V>rnO*iLJZPbriAl3i<9Em41>C1+ld%=zEg_ZHCP~0_3 zxoIcknJJK1xJAN9Z>a!g+f2>dNbvu3-zh zrJ<62#`2^mbA7u9H>NlTgt3q?#DInY2Fc)&@dtP$ast<1&ctiD{vuw(?V0FqRz)j* z<`e}!3@Y~9|DYg%*BL6pf8IMMu7;xQ~~$xTCFE-7SXSg zMBZpzDUv+KxKF4%b{W&^;hM!a%CxR~dgC(h6LGDcal(3VBj zH-;2Hi#UoHmo_6xU!i{*2h|y%UI8X@*XAu%Tbvr!3ie)IG<{8MnjA}PAE_nu)3$J0 zHvGEP)!PnkTRhr-p;4KqJKf&2Ex4^H&639dHvH!~{)MR(Vjk5onCCSip2mfDHQGye z;S1V#32V68Xh;GBPiQt|hFIHh$Uu7m$|r-*%P}6ZXuTBkA-i}l#(*eY!<`ASGa+^+ z#CL8&Y{fO*uFttuXL7q|anEzw^`g(>UK~DKJiA@Yr`tT{`#!vc5@UNQKfzWbey)Qy zH3f^p?u>2iGq&eE|N2ghFU|H(b;Oo%@`i=RUizJ8y&);1o#dO^sXWntH5M_=WK3am zZdkH>*T-=#ah#L5h8A#@{kwqx+QyIITo!nlM{o(;QgX1^5`XAe9j&GdQ z+-b(nxe7c@nA!kYyXa(EVzREBWVR$?ri$dEijnTCnY-yug|Y$s-cd7o)%}SCSakn} zCA3HCPq)-rdmnxWLVe}r9>X7hJojRkwA%e|Y@;=+|18}9M+g1meEpyP;jaGwR+`z3 zKbVz>rF!m5f(4HQ&p?#}=ZpAlVqp3FfUmAQVQij5*e$1cJSW5K%P7y40sd%*M9T`3-0D z*-ee$6^bSbGc$`J4%j1j6YM>7wH;Dn%iareOaayxrM<+i3dWZf_6HZm*N52JG$aW#b%+ zJ;FJ+bi~wKRoWNeB;QAh7*B#;k(PLW>Ho!4SdBQ7%wxd-KA&9|KJb)-Y0oL`bmwL6 zoEe{|KQ{arl>_}LK1G!QZ_g^k01j6BEL8?tlh02@Fa66?HtBug$EWH(^^~JZX1W{t z9Ls!&^*_h55Z1=OB#~~vdF#w6dY#>orY-)w!?MNyE33h;RUv#=HM#_eokjP5rd8U1 z)`#n8CvH6}aAExK%~3x7-#4ylW*G2y4+cpt0M8-DsR`ER%!o< zb-(&DZwu_d!;_PKF8+6N^!9jX|81is2S#4zuqd0M*E45F<~OZD+t6-9+k6xYQ6F)C zgXh0a?%!Iczz&?3coyuCbJHinh2=}kd1uUuw4P)=bB3$=RGm2$Dm@_kcQ~s9YwB=B z#~6Nicnv>H)wcLSc-@3rU1tvNJ7ffmYrFP`sr|(3e)`W53IuNNr`_R)2l(R;L(OU4 zD9Rgf`R;DFxq<5Z)A_oBz6g^V%nU6t#NqVSsEcIc2 zry+ewAtEG_coYXp8zq-|M7P!2+kktW~w}-|yg{dvMa~ zz(*#e+rw9GIT^-A{v(c)DofaJb>Iej3Z5WF=+JsA19qA}S{LY44GUF&#HHp}_p+m~A*>N^vR@OT8%q<#}tn(o5b}KRa5Hjr8O9*B2eNef5^szzx?Ww~MDHaMNo2 z4se~k4Y~F^z&REkCy_>R^`-%tf%QLIzjvxz-Ls`y4$$wd-yvY*4|s}$G88|su@+Q8 z7tRocAqGa(-h_KXN9_JJ-1~SKkJTTNBM+-T9ucSan!NXzbH?wxIum@v=5SlT=R;?i zQ7=Qy`f(6|F^b{U{b}%sW#SP|R_~e5_cF z@eolDo6hIv8K79Q5J}=?cu!55+@9TD_CCgeBoUGmxHh6mbhD#s^C~mfTz)gSWGaLR+1MdSD0(N?fx?}>O8$a>74$u@ln(8ZAs^wo}i) z>6AYM6 z31?KF!pu9T`oy56=hlUD_DBPU{5hW`3662{>? zeG!F}*OcUprNismxa-KVJGAd(4H>lEWweIilTbjF-SCnk40kr=s$tV5q zwtaA&rj)k-D@h{#@3sce`uvE|10XsBivHo&N^9-h@sBjT5Ad}e^CgpbR zxs%(lmC%%uV*{xRX z3%hVXM`Mos+`65|*jlIXRnIFRAu%D4`4&s!Ek5%^PrrCK#6sRh9C?y>Y8&Z7bazRp z=guib*V_{;#2pV!F_NN#sNccgq5zp98e(4!Pnk?Bn#LMUEm6*H&XsVGj~G+%$!LUi zNfEH;@RI43KqJB(L~XK9F`rA+bQ4MjF?Bf^ezXM%k|0o~h1yb>Pt}gHlbVm^08Z8`c~;zNSrkh)R)(83Ip(hvIX26dc`mdpf*jTW zLbZSL+RRTepQ5h0=kIIjp~#X^3Mm41dZ&S|q_2IU6g4a-%vakJ6w`pGqrgNdzmRc7 zK+SL{aGgiJhnf1(%NW;Ff(&`o{O{rH!zK8Ht9?D|!fk{-GMWKK-ekUyAQlO+?>ilV zB|PBSJG~3PzE1!A^&Su($BCG~cjdu-7mO0oYcA1)UUd)qSeapJhXSTjxp<0(PprAS z@Dt;JziGAUGQ%c>*Z;Nv42`nZpOW?OkRK9S+9gp~@4ne)*iG@frhSR`uXoqnPj9s@ zbbTQ3XB36RgES_p9pO)IzJ=M^gZ-RqJ**B6YF*ZUW2?*k5VZN4-+hf$jk#uI1Jw7ms#CGZ> z{AQ2od;4l@IB^-B-=W4f?61}^4F)|j{-Eqc8wt8Ki(>rfrok^I_dT^Wjj1zZF*hMA ztC4h#1?0&tTpMH890$=E5FuhLUc+xO7A9)McoM(8Grum08z{dM#}4wMNweIOpD0;@e?PH#1K#!v&n zM)FbV@4)o(9Tj*QA#Z|{_u;VHPj`U87`}eEJiEBMy;uif3u0eyPD_;Ti#<>I-dgVb z2St(2G79kq&wv)y|2Qh#|2jTCKG>cAY@;nW|5@(Pr)qOMfuil4_&hgNzn_-d{~q^E z>5rsnV8`SBx`|*5_W$wG;oHLf&y(H$-%7I?@XcGMH|Sk_#e58xbi|aa4^Y{AG3;!P zeenYa^HioY9ZkBi!KCvvmNZXmf)-eZj?vE~#6qGl8UT%hz|D9{t7CR^^$$(Py@E0} zrNQ#gZQlOCBtsjt-d|rRYA9kPc~cw(*@0RB!ebFm3zV56uzH>rSdx4^J+RrddvJlg zNqRu-nR6&x1h;2TbhK-7YobS^0FAp&Wl??^Bi$yOrBm}emT0$Khd`~BFrU8>6kQ^6>?eJ{`~B50Br@? zqOL=V*dS~X#lFSIM4EIAJu-)3>5&$q*0=Arb0f)_S|%a6@($bwX0>ba`n&QCh|rmc z>V4~3q{AmB^v%WX=QRD%plBlvX;;x0uasx2@lstflu81U%F#uh#GD98Jbhw}^!`pb zH*r@Dqaj_>qCm3B1ywD398q|jM^)J#`XnTICqGy%Es_Dv!ASGL^!el!3h~mTk>6<9 ztn(v%AVLQ|FaQ55kp?8O+KT2Rg!#BYRt;X_upIsZypqR=b2KYFrC2^P{;&+@$ty1a z`#2^|S?TAWFVB;Jb0wO!s60MKORexPzg)k7B~DHaOW<}i{YrjLR=8B~82Qv%I6_Cu zqgKW1<~srU736t1lGwj0DAaa4qet~WJx0x0r5M21Ut2~CVgF02L%;s|+-B8x)2i(M zq%1b}JEkmlXLWC2(f!|}<6Ql}!-JEP{?7j2Mr&Yk53xke&F*GacX`$Iaua;91)ep) zZ|1PiHS98Lyc_{@sdd7*yh6@xz>a>yC#_P`9Ri|0jPsW*3+R2; zy$m{VZeq2CH|n%`2~LYJbMezRdrO~}BdV{BSc{+>As6LJ)td}|7LAt~{p|X08yx(W zqG(A3)GM3DLLY@TLgLm|!yMU@s+5~IfW}AWH)8~6|ABgG6SGe*6*acV_%*CzH$J(7(LdDntp8qwA9v~U{IGRGEhS&X z`AwhR^2?#y%&mnAj(0zw~>%l$+&L2ScjU)gGvOkloR z3v5#t)jB(cu42HgJ$9jrU+Iuv^2T|H!y)E6)%uy1X}X$eZV+GF?4GV}b7wGUguu?S zd`Yd|{@Y9j=mPui;P~hupZ|G$xU2uSmG-Rm-^NY9YOAk0^Kt_w+%lHilb+J9V4WGP z8rx^ErcqWkP|+UC_t+g8Jw+>%|G6D^mx-C%Z*niA5fefC%~biVjLhXM{utwK(}$f%bJtyAG<&QaG1mSjY*$W(37jt#`r$2^#2g=vz=Z_3|8EUO0#U{1V{U1#c=z z(0N7Ic`&_PF*@wss#I6&-6F^-walG@Rs*f7t6~sFZ3+EqG_xJSSL+>WY#%4O?l7Pn z{TP*)=F>Hj!$S9}co}nqlQmhI4-LS#OvYsg~iXCWvyuy1vfJNMYP_2u*;wr{XR zgth_E{CP@o6Q20IINOn_H z90YP;8>3T)Kpxd1Iw>)4(jrjq8<@sn{!<7B_1uq!piQ_kL04j4!;(&~@W&^wIeIjP8nRTHj2T5Ex7Y*)IKQ&{k_J35W9%N8@9w|Vug>zYVWrA?lh zqN51(L?7_1V`dqm$W(I3ElMKSa|7nen57CL8yZcj**H6!Md&wE5omr(xQslxdj!P< zwoXpqIS(ARYgIxm+m{`1?SCWOmT>^;?f-*=H*fRb|2jI^+5g*VolXa~ z;Q%CDvvm)^v45(30MliG7hoq)>jtD_ZPyX7=EhtVnPhHH#wdU`qaB}!hjvzMJJQ%{ zGGeZ#RoXR*ZMYE4 zfMZRhm^$!mWj0f;htLrlfKv%0**j@5rCwSRh;h;L@e~I=6p@a`l$y#Fp}&`Y3FXHP zm^(i{p}mt*T+xS6UBgU&2_-25i>V(mVk)`j9gu+NQXcUzR2Fht2TL+tWSKI31>Kb6 z^t*6L;S7a1I70#(dKZ>$L)2Gf79B;^X7qQzfLB8Q%w_BO#xZxROLwt#&GHV`tbTJ= z8Ohb5;yRbJFpb4-r(XF6o~LS+e$hDbi)!a;cX$cl5=XVUYgz)Y!dYF>Jza(p%ebf| za7&!lmAz(I-g8cfTLP(^O`+6*g(@c&svKFUKe#Z`Z2_+*RnOAEnwDpe6U_Bjr81OA zsU-@Sm!HI!dfv`k4%%))g~7Hm?Nm#nh~rLL$+ocI_0p#T?q~C1 zEF5SRM8YuEUn?l@UVFQ#;@)|IcJuFh)-SRfp(qJ_NoH$#X0nD2F@`u`bS#!SG0Q-> z!J|binCqTf)vPcpC5px;Gl|lzpO}7DOy***-P;Iz-Le-eE|Hm~)&*qJ0;y^4QyH8e zZA^H?@?Yu%8(13>Q;^rxv>p;uQr;99)kn9>37PtBSY^YOF4F1sWm+>Qy~AkAPp`n> zWtLp&u*Rax54d3)w9*P{IG5_|uk2jhOrqMk)YXP%Q_QCXKlUCOe;{<+c_ebuF{~|m z+CA*;>Hn=fmzvw0#R;XCIiGq~Y8=s9X;O)$-<;ilyiE>&a_{EkOuF$abOKTSf{$OD zFVW35&AEzxF;@u8I{FP3=z8)Vqo#hKH(QBdrHK_qA~}f_Ps`6SS!rw5=uva%mq=+x z&@W1-3~Y`|H2^?DFptbX<5^UztCR^SOL(lDefjO^$^f%@SmF+MDh!U*!rPhpIL{Hj zUON7}ROW|i3-UkS9QJehe}{+t-S>aD)3%fUvHiGjUBI_K(pwwioyT^s-1LK|4DXug zT`VyFF%6Vu&*M-5N7KIBbcp8*YHmE{x3IusRa73V#>m%O%yn5d?6+D7q*?T%L>*T| z0050-@~v+D4V+aywuVmAgX1&V$-Qz?koJ?r1zikv{?!gfSBX{VEvDf%z%1>XMXw8I z+KP2PN2G8pO2MUZYv`J3w>%qmn9d32`fUy!b4N)6+55)EBSO{D3(H`|kd>2xWWMBr zf?%eA?u{i#~G)enKQDIp?aJ&iCWR?%JxY ziU04UgRgM=WAXiu+4+nSo-Qm=Eg@UU6Z!tjgK^CD-RTB!PeaLsJ1<-&+wiuz)=_CsLk50 zOTk(C-iJ%gij0%8dmly4YI^G1bo zcG`CA|1IABsIY>{U4V+4A0?>QcmW%@^|6{C(D2@eBbYPtcG-I${}wj)_hA?mPZ*cE zS5U$u<+ln}zgJLyF1P4z!D_b)8u&L*mQ(LmGg$p@LEY_wg$__Dywz_PtVfA8?-o?w zE?C7kgJu1*n!5#ciN95G^qLz6HFpdaoFrBqvM+Vhz@a&P9@H#J!`OGY8cI|4q*SOTPblxQqX7qirSrx9z}R zb;PeO)K?SZ+fLelE{w1!=|78~X}gsF?;z#BDj@qL3IEO9)dhLWx$NM1;<9__R}6yI z-j^0rZ z2_3tS9Z8~kd_*)xff6TNnhS2^_U!gje-KOnqcCJl>UwW5#2~Ofi|%3R_4L5zzkXM7 zqdQ8PfTYH-z}@E@dn^nwHDC2mokER>`4Ge(ub*(nH#iEAheJ%|os!Nh)|C+s`XI2! zsIRlHQvB=(Kt@PNto}y=HpN`MaM}B$ltUN?l0-;O6tVRGRi~I^u_o1c5zl%G9`v_B zy^n;FFb*MLV?x2D-$@nyv_Yr2YE6phF&on2WQ(+D#6_A4l(8r+q_`$E6s$WIZ;v^Y zQP+SPUg(Rv5PehRI5{{h+f5jG6A)NvN0y9Crl~Tm%w`HOeE9k5$8`ymAW~15lY_%8 zvdV8Uj`5w3BPB0JaCq{jl0HTbTPpRGWLc9Q&e-)NIXro@EoPyy{xlsMB@-3Od$e;m zGA2hKbJ%yFM6ZuWC=O&7E=Nu>?i`Z7n}D%?OZk&t1L|pDS7#sfurXE3`Wm7DBZ0x2 zAUehn5_)IHxQj5q(>`blk$Ry9q|+)m*18X9AhjJ!JPd>iiIHEuuXzGpEZEXb7AaLv zRSV^DB8i8Bn#GDZ^J7l}lIB1Kmn?`Ps${m@Y)XuD^m@*;1JqCVf7=H5|F*X^ZxqA` zB2Jj<`cIQM@65b(J2sv%VfE8hgKul1iv92W$(^3Ck2RZ`?Eg*9d4jnAh&aBppcgIo z0VsSnwA_nDGzmlO6XjJa18#`C2Q^6@wA>sG643Q?Pf^(x1Ed26Gd+7CJ*G2#IHE#V zfzDXAYNvB7`Aqd;I{QyO7q3mk_uavIBogwDusb!_oeURjlSX#lCP<{UXOS7SzCJif z&A!)(p?9aoyE9ZWad0+*qy9RS$pEb<%TXh9Zv(r=YBe3_GE5?HfIZ1JDlOHl6S#}S zMh2t)_O!(mQ=joBO7e<#Sg&Dx~w>fH~>^B7MuvQ9tzd}1ccu1IBd25dZOqk1TKb@^Z7#~mX6sX0T#bP_N z)M@?tZ1KNb{8vX0^vVBhjSoKO+JgL#!-J#T{jY=LH*a?F->tL&4RN5)#|Z0kM7;^- zT@Q0fMg;r%;;5vUw^GI!v^p?FoS<}?z!q2 zXh1gAr2YQ-LU%Z~7h#Q|F4~!i`$VWeu9%O{m^qO&nTE;y&rJtFv1B2V#M90>3WD_H zQU@Y>AJZ7`HS!)3Tns^mj0G4`mvkc(2wa%wdV?)BaUIX-dJ`1=Ec7L}WWpw{a`yi8 z8q^btLOh>IdW4sr(N)aEO+#U4Gw4&%L%4R8)#XY!#;^?)gyk5gm`4!FGoIk zI!8X5_iu`R^2+AW=XgwnG{U0FnU!d@OJe diff --git a/assets/hpe-csi-driver/hpe-csi-driver-1.4.200.tgz b/assets/hpe-csi-driver/hpe-csi-driver-1.4.200.tgz deleted file mode 100755 index 22acf87bb55940aedbbb6c3982cfbf6818315ea7..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 12871 zcmV-NGPunjiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMZ{bK5wQIKDsYujrEJYT~`<;a9Syx?Fv|wrAto#PQe8Wa=t6 zWkVz+VNC)Y0FiELM+6&#yyWwi3r79 zw1}q$OFDA&*c}r&iHEVkTy?`#>Q~iV=C5~r90hC^Vk$*1L_%WT^O+}lNC+&2>h0rc zH=^U#1D-uH?u$XIqi}9@;MRbd|8*81AzC3K30A5v4iO0~4O4VGKA!%6b~Y^lLuQU* ziXI-~5b;(i;RTDihc(n>qQYZ-*J7!bSCBi~dFrmoVZYycZr%lzm2vB=XiwTK!RC%Elv}ruwt*<+Jny%B7g`$@IR*?KXgWnhe%57 z!-xdB!#VZ>#4$_}CukU80g}NGL!<$A;4GXV)L+b&IP$2Mr%O^t7>WcaJj8RQg>S6m>;p!~P+56LL zIF025Q%O7xu%$=UdV7MRp9SUvXt(V@uaOW+|LC7ud%*FS2+3y{2;H3b%||6%{+B)9%=j{C>E_1{MO*S~syhA9aLAh6WRT+Sl=E>vXkCU^jU z?)~vcOZ949e2WnEwF{=44PYbvxAxPzE!(dHJ{}Q@p`AA()H`kH%zJ68qiZ4#R|;VF zi?Kdc®#Iq@<44wA>zgEvR|PZHk7Bc;CDojEW}ef_t=^NeF8F`#seQ5*y__$@|( zc4PrXk)A=f^$Rx8b$_YGP_q#*#2$(T2Ejt?IG1MLBZ328fHHOh5)x$uNd{6GNUw%7 zO_TGhTh&*Y2qMDXez$cw0_!3hAl9=J*3H$w5ebhZ2$aNv{tLt>2#EH zn`>@})%iJ*)=HGU!oNZH3`J;20wM_(U8O3msOf%0|6m;22km`$1!D~GDkEP0vt9Qt zp^U>mv=9E$-iJT_$V8A6A^7kY(Iu=mJ($b+Eh2W@0I?yK=pdD#Mlo!adKSqCLj8eS zP_v$`5KH7Ei3VvT*%PFjM3?*=tNGN$z|cWNQ9j-i;0KC01jFJ0teWWjH@RAA(GzYgEGy9`2iFr6@w-_ z$iC`es#=hNQU}L0&Vu>u^sfoR`ftpq#KWhaXC!nHP)8u!cgte?Z6dZ+i#TDN$eBLw zywVFMWzUby8YZx+9)c6ZNvM^0dp5bGcO-!sHX_f z?r07~zR$4`?|yi7dVYR$aeKSpE_R&0JIVgKWgb0pdDOv6k`S|4zB}rR608*uV&0Jx zj*&0k9lR;dp+G52r+GpdPO;RsaRSG+x;Rf3AQx!iwr<%)hv!Eyv6DH*oDgbAU!Stxx?;ftf z(u;xZxH=tsD_q@c)sTP7oPJWx=^P94&nM(^3x6=}>tw+kQ!c^b^?;t(yxDPgoy^Wr zzXPTDjF|;nlffntPSZNm5tQYdVU0#Cwgjj$CW8_#!_0Ct`jlWRyt8>z{TAm6%Ua@b0MJh2w-vk3Tg}h_Mm&}S!7E-KYm|RG3gRHn1@{Sc>7%R@F^<>PK z9cF#?+X$X!G=NoEt%;$&9pkx%@&3=*(FqHi(MpbJN(aGVBxmP@58z)#SF~t_D{EDw zlfg48H_6M*@mdfSwt1ahz7SrSkzQk<*TS>ENfuy^a%X8Bz@riNz3;Nlw*nPa*6$hV3Vz8Jt!e@zr($}#dLXc*vi zka+HM{ibbU{)Z;fdiMbr&WracCU>{c|E{O0n@#m(K##oz93Kb`&k?)voe z`=>ibvDBzGjLXnj-~`&)S-VrG%qK~-f-h6$qu4>eZ0vU>__~TSl^7||sNnn;ypHy1@Q7xa zla9rXg;}QsjzuDx^Dk#uxE_StwajWSJ<;0Uk=7>9v>dTvTTXhcdA4PgpV5rV9(`@V z>s}}|)^(@nkT$#-8}7A49HlP2QXAc*nn20VNmYTWX`H=3y}tYT_TpwCL2^UY!Mi@a zz5V6W&G`~AtMDupF9{_QFy&<#^cA==9M3OrPyhPC%G0w?S3iBa`FMJDR=Sb{Xe-mF zLC)aXkrsiySet8%O8iacTzF2VB*0_rXKXRkJV&?WnG5;;0KT?w|L6AZ^!(%HRr}XW z2NVSC@j3y1Av|PiUlc}pVsRZYUvzZGhJhrj%yT{WfMV=p9|QwAK@t$1nb!pfEaM0W z6~xEp`fqAa0^+y;DdH?bV3#SkKILMZN*B5L2$RBZp1_=ICm{R;(o zk+|AH>pElkSc&EZqxpDR`to`Q+gN%XC!DnaQj-&E1+n5VeCbnjF{=ZRf0`~`OpQzB z*Vz{_?UnU%rm+}^nu6_R|6jgDgvQ@GCeGLyks#03E=U&1Otmyh!eM}AOm*G05gB*? zAsmayG!YNY>%}gW!P^>JY;jDsXt>`cHdN*vIg6BR*BgNGV#ac*cv@w6*Ker9;1f4D z%8Qs($+~5*DH3_LXz&8jPz%D96B`b@*9(ia!seAyW1ZlBsUWBYSSA%}CBj1VD#Sy% zgsX+-c5NbA% &l!Z3;pxl>jm)$YMD#s8D;2XsT!8E&lHSA_<~6i^W#Q<*;>cfP zXfHq{EQ~)NrwS80>Kv2hR_TdGL{YjznNgh*$4@hGwopdt#7z$`KteQJ@P;JC)3SNh z@XmZfksar`&fxM?wCSAP#pJXb$G)(v{8)J)TSj}qc$w%|lTFF|MI5mX>zOH-`<%7Zb3@dA=qFmXG0Z=Cpx5)jQ8NDYYlJN>i6m)-Mjaz2`rURv-^7)Q* zvnH1yiZKWsvF6ONM%k>DCva4u%=9VSLjG8Bn$BtG(ky9*T#~A`+}D#!{ZwwfbdjGG zunpz?Gg(?sr)HcRIM3;uZqB3Hs2{aJs{i{r5>IH-mkm4jf*aclE8|n4xNDYj(@w@S zQy@XBf)E>Wq*umnz5Re9;#@YVQJ%4oEKGjV)r^Ub&~GG!^YrS~mDev_!xnT)LnZr+ z7OLhMY4@7#pg zifg)EpL46uEp69gdMW4mJIDEEvcDtBQw|UI>eRv5a#`aQvf~`jUTnBAx3KoUk z8Qa=tY|nZA^_>`Bn(d$Jh%Mpd4GWFE^gGRZLsCXN$v3rAd7}SnEMl6;n8N1Vuw?nJ zkKmjUU0eEbuaq;1-<0<(H}%8!t}X-GsG~)MA_CyU;vXJ(f0! z@NyZ`Pa1`pMA)c`mxGV}@TXcmQ?TIWpyoJqF9)fN^|^Vpz?2Z%z%{V-qb{pmscjm- zS=$zUGJA8QG0g4RtVU$#uC13Uq56`tYu{qupl51z#WT31OAO#vsNE>&Xg!Od&WX+{ z;bm_hu2w1`YR*|(tN&12|HG}avPKP%`uZRJ{>jNn{`>C-hbO!GAKPe-Z=BTJX~xdE z3Or4i+5lO*=ww=AvaXzDwj^SvisYh-k?yORyXj7avH|?wQ8Rhf{fPuvbpM7Wv`6Ys zx71mCAAScyedXjH!ykV<_hOf{+Wl{AqcyAlEZqM`2mRxG{hxk+SO0%2&Fsb>%u2)H z9lQz{dx#@wPY>GAzSY0C%Qke|l=rht(%#qQQTO2Uga{x4IQ}gr9Qz;{goxedu^VS{^3Zq!Y9P3d6!Cpg%C>mp3>eC`-V_WI`hO_zXrbh4z zMH7XYnZ*zX>=C>P_8z+04ymwm75EZ)omr{IK`-~i1}KVh1dgL*d$;chh)u4AObbl6&u!uQXFX0I|S49l~;cS3T?|Ps~t}RS3m?QAQtG zzwerHS?uaOG`-apz_bLYeUO29Rf?wbFsGwhYi#F;lMr)s6d|77)64T)5!8<9{*9UL zxpmmCt==l_KdUo55k0y6*FSudv;W?_efwr-|81k`gS)*wIJ>=0q8hNbx0j7`EcOWJ z+|m(KZ&hhufRlV5DPlYcdPQ2|{iXjGQ(-mYOfruJ1NeM)UHHIL4yHY)w9}oJxpQWG zp8nYIV^j|Gr}z|A2E0A15Cb?^?Xy%FXiYvp6}|K?PuZmRg&&`)`_xm8Dw*kS=yNRd zA=dvK%R*Qi|B^(y{pPJRr|5NdN1C?y^A5`v|F5hDzgC6tUDfCkBz6|v|Cv^4|5+cd zqn)_*tiXlwzc)wu_<#TCcxV4@qix9kb3OjGjleQs8?gj)fSiEx`4@k>41m{Z77VJL__1U9O76bE~{vb6TbSC)WMy z%e*bH{|--1`nmYu$m*OAd^@%wbVBL$7Dfj?8abgSMgFhPL@A7NS1l{szx~ zo!q~*PJtabFYzqcA?Kz~gbT};nDfq<6=^-mdgcsQ^Qk&>DpYzv_U~|32iDZ#h>kJ* z@bDUbn5u2@gYdcuwYtt6+;_+b7}s{~4^#Vz*ZuULBNPbS-cP&34-fFiABLLKyit@l z;PTzwZgT_G`KR-B1$_}B{kGuqRQJ?hg#Dt;tBY?DqJ~BF@uJr)dzd?3j1Wg5me%mD zTAz6@Ly@J{q;^HJ>ruKInYD2K;r#jBa=xnN^#9Gp>G{WtZs>1vjC%claCG=Kum6vZ zj(72&t+YLOe|@1f(GiQbuCX>j{tfO7Qr2 zs+55z$em>|LVf(LJCR|q4*{NHrICcj!m2G$7U+oaP$(U%rJ0XGe@S|%bS(8@ey1UQ zNg*O6l6VvcN*g7YdPKL?+S`L`jcG#DkQ}4Xovc;0@Zay?pnGuA>cB@P zq}#(+ZaEpoM*bs?lPXKtZ*|}XdkUqWhcT7$Yq`5}kz(ynD5fng#yazQ&jw2?BWSn5p>X^kjf>&SWcpoX( zJvF}eTdi{(VSRZ37=_0P@h0%~Ed5TkwFuzaP?=XRVDieHCHS3PnCybSI=j8zSLWXk zt07~7{nx;hL8J_t`3mS&v{>p7y+DX&df8^LLB!rf*>!n-fKRvjy%9#rtWqo6F${U7 zkHnJMtTKs7gzwD3TJp@DS2E7g_34d9;o5{tRvqamLj2B#Tr%S*RyB#(v2mRBXx3WQ zKbUPeVoGr;5=*@)0_AyYyV6VERzEvhk&X1@_tzI4wSD!L*1!$dCAW*GCUDbg{SI)Q zybZbbJHR;>9w(7TarLGFnSu2`TfcXzTivszS`N_ft=}PF;}3X>gEAC9u(1|YK^M*t zg&_t;)!u}ALPzZWHQf7n7?0H-k|PhRKOPaM_nN%-m~+POyE+qm#O82Yzvn||nNcr8 z&H8Z=fH8{U)%|Jkh-N~;zZ_jLdCjrFRH}bpDM5O_-z`Dk?W#xhiBQaO#eA$-jqwms z51Y>C<{6+^vJgq)Wq40bn%th=Ow@Dnv)>e-jLtP6=mJ zpTf*Lr~1U8rRUa#bM{CBhWt6KuLuMRBZUeH@Dt3ltEI2NTJtOXhU$-yP!h)BJmles zUBz2SX*3TDp-dC!m`O4~)N-CXaWX1nL^r6?ZME+2?^~L?l~^ikK}&PYMuJN-X%Kvp-iBGnST0jg*-Sb z3(3MezjZAWXyu$)cL$ESm~2RM>ENnEqSByj2Y-l%*porB#i(!*Fd&oJ7AEC(?d2YI zXl5pz5ri{m^BUa#{O2ns@t^-ZfP3fJyo$Jkn@@Kw(%AR#d!kogu%;w?V&L{GnXH^f5TMI3pOcxoHzLUeaYsOQcp zMc3OCEW{lTO)-+9gQ(xZ-=YASA{t^}4NsX&E1Jd{O)XK*ZqAi(kdGKs@X2U|bx9G! zTuJEcHQeX8%J7oul|UoH9Yk%iPcffM)N~U{1~GLx8Gj=}Dx%FrTMeW8SZE<(k?Wc% zJdz+#riI#4m`~M?vXh#R7mGyQ3@#nc6z6QuB5Mhp%gVNC(Kvd6BN^cr=!3`DZh|$ML^AP zC~%!ey@#3l(aRXuQ-Tb6)co(^?87DagsXi$>%wh>Ju;dBM&4w;k02HavF|$_fh9cP z**m=pzrIfY{Pi9XAIFK9zjx)qeHV-p(Q7WzgI;wH`&gM_YKH=*Qn`4FhEJ@yyYLg^ zfWK+A=`zD6gxCMJ01S@svY4`8HnM`$a2*K!Mz(RzlYQ7OJMr$J;(`?z_AuIp7Lbj-du#ax9)X_ zB4KtzDoV8aQvM#|v-yDL?nM`F6tGmpt{q^}3~K#xpLv=It@%z3_{8g<#{oWZZ-Rxi z+v41Pt8&Qwu07Szn{R@HNZB`%DKR!eAqfcLW?{aTklSO_!;y4mls!H$io|y6CH!WO z>3jQXYdCQko!_CxHtes~FbxJhGX9|KL>mdZHH%{W=%&FhCHFnGHI1n=V=*@&E31)o zjRoY%E?gU9*Bl4Y84w|2EMCKJF%~9j#CQ_H(Docwp8MAc=1Uu_2K2rHsJ#YHYMkVR zvv_Qj4aeg+Kzxqp1W}3u(S`qEv5C0^g26u+p`hk;8zAoil*WrGk=jY|6u;|bRKQ0p zco5(POjx6UDB?42(M`T2P`T~9pk>v@D0~m3vDaRsAwfV2!)I6a%2Ci?q z@KGr;A4^06qXW)9U46c}{Oix3FR%XA4gGcWKn|1%Iej1=rUI)yVNP!~cE(Tx!A9~? z>F>bw@*Nd;8X<3jllS4U+fR3Zz!<)MxIDYKy1iHjVGCkkZ%#{;?u$K7`QBRY{0Bvm z&N2$|2G4*N)&Dpu-2Xa0KJ4$#f40#Uoc}C$=u@@1oj}ocPJEu5s^3q`?SGH^ru0Wr zG_d1wf89i|1^fT_=Ra7|8J$)4EW|P(;M_IzG6OxOFCl8)d#5Ty%=^j$G-T1 zgLx{`nT{si*kICm8cUj|H9-rkL&xZ65@I1y7!82NLEvUQrPVRJx%!7D<6c1-o6=zU z=QeMDV3MH?TJNtf6g3nvlDsL7g6u#o0O7F+rv=JP5m-G>3oJ=Ko*vk2+C8{H-XuMs z_RKkyErQ##Cpy|Sxi!(FQGmu>Co>=W1CTt%DZEeA2v(hX#wboP`Z21MvgMD@P) zEYjf<6Z+=j_H&y4Xi&6~hP10_j91FD)p)5c8A>GqN#*DwPhw7lB%VGoMtXlIoSV3- zhS89&X;C0q<$|h~J&q_m&ZDYq4}B7nyptcSmKMo?=3u1xVETOW3Wa#-(a3MKY}Waa zJ`kY;pO^ptl}H1USZzgf62g33Agcy1aaaz20ba>t#5tN3o>D9y8Gl#?^W>EmfPEa3 zrmXby&zI*(z_}95T2vk%qor2(mtU@5z!E2?h9z)2ntmleCo5bkc#M2%EgYev#r@Ng|Po6)uCU1eQvYryJ=PSe^M43 z`yEpjyR*7Cu;~8p(Q&T+-{HZ@;oF`4zm3+w;vQm&nw#CttnTuv>*Xf+VhcQLfZxnv zpKI7<)_6Gr=2Gi~ae0ND+khSYhEH0hraKCVIUF|K^VV*912wgaQh_*$a4E8xJB=C5 zk|-8smffUV6i$`Y&nTJ^<2qZhXEPOzVh~;T;-=O$*-MNiNLtB__!#FeTNcp!ta}-B z;M~M&3vbkE^AemEVdmneZ}yfxFGo~g8?hEaIYKVVm8v%x{wx|VGy2)}-!?e-Ek)6i z2&h*!jfFl6ZG^%ZjdzaR7ucJ=?Z(w@owD}F_0Gq&HYg{!~jP-gcP2hQ7k;2M2mOlrclHbA?c1z142 zne~@U#L!2iSBD!Ie&q((Qs$tJx-75-%OWln#$Z9G6(SfOJvXCKA z#lRtozM8>*wK(KDCS?ASuMbj+Lb8@gIT4dAhB$VT9f`=T-F6IQ!96pF%L)S_H(1tL(r0 z=sSb#|3a&>|8n1+TPqDdeaxm~hKjZclnjyMlFQuxf0d z!J0-{)j&miEZ<{yX!I1VO#bI~++8MSZokRBj7C_P|Nl0h|8sPBvdjP3O3RlHT{r7K z74oG_Qzhy>Mw4xAoN~#L#N*ijt{BBj>4MC0im7y}9tK3nzgKinLOLTP%5XP$5vuRg zmUXF3>u(iu`b9>)RA`+FH*=1lki*{@vratDuEGtZtM1E8L9%6w7JWeom zFTXp1l60b7I86rgs)%egme6(IU^ufc=K2qP==HQnA$1ZqNNrKKR zy3T{?<%-c^?^dO{TJIJ?PN`+?6to&>Rb3T>FltNaSEHHj2)<$# z#5A9-ksKDfSH;Vi%al7F;#E4qXE@EpYX$quB0nub8oNqa#te?S;QD=kXw}ry*0Y|c%qT(Qs z1KSv#It22l7STzGd6O1_a^Ju-4)dQvFsSE#Gz4wJl?l2M^BR_PdL^fB)Q#!bnb-;; zdI2Yh`hnhIB+p4jF07hx1=3mzRAal+t(?Mwm)+56gk83n@x0BeZ(Y|!iYjgL%oH6( zpeOo(XB{)k5JjevLvB$Lxt<#^SH>(=5ZTaZQq9KM*(^f8nTkO3Tf$}J$=xF;Ca`sK z0?&EiuwAPXYT@Qv=Dyl<+g>lBEpPuD;kJweP;dVq9K3m(|Nhs}@y`C=PV00!unh+w z;hL>`0FM1r53%me3fm$~p9c#OefHgPfs>mdBdoo4=v>EOAL_D;!V%w3%R+ABP zHLcPn+Ju$;9S=Es{!Grl?~MCZW3ITwv7MYi+}YXa*c> zBE{5!XDhRray^8O*Z`bL7|GsAiz)Tel0b}$o{y(E=%I*oG^W&4t_c0T^h+o|Zou66 z@d@pnl;Vm$gz6e*`b#KD8CXpHh!IoCHSd4~M3?f2hoQ2N(>hp^=_1RN=_}}_9H-xf zOA2Qw#K9R7*wDMMY#XA!BD3fysy3s)`vtrb`e!a%&o_>_TV1+~t!tKdux9m}v&u-W z4i(qAoP}vDc02XTH}E`FtMrS;iCvYB4`bm# zs~{4FvHn^?dH34eO%?af3$&Ym-?M&^-3UcV;7c-F%QKTTY=|+$0i$EF)QMRJ!VMlR zV!>SZ+^S}USt(I8KAB0BZvDjcvtlwAd+pvv*z1 zZ%_Yk<+;?{<}6Mqz0CR4vr^-T-b#~7EdA!}{^M+4#Cuh=)U!fC-@)vyk+I)#_ zwrS2)^ozMdVAj!Zut3+7_ZT(x1HIWw1S?IfC=$s@taw^}j>$?}vqq1aL%&2yJA!^u zI%QyUT&e*85`uYT{u$4rT3w|~Kv}|L;_@b%L1 z-=#7?Ok0ru@#e6f%l|t(?C-w+yPdY3{EzL&ed_|g^^xA%5br#;d*!AdJY{&-MDJpO z`HyL!EPEb@3OJhf-KIl4Ur=-7F~5Zc7OSH2U^Pa*-eRuHvSGi~LLkkeA0_IzA_4$t zB$ID->u=z!>ajI+njRdV$xiN-lY+FLBrfP;sPnIOFuF>tLT@n*w*h8p-z<7vIMY_F z^Eo1gV^In&jax(4OuOaTu)}mtFxPK$=$Jc763E^+HXaeGj$T*>D~7C`3?%a<7Ze0D z{mmR|Ka97P7*o!)T_MO+0>Sw}U&L`|{@HFnB|?=|yg10z6vy(H$`W}>!eklwROqvM zgv{|BmO_92T4^RySp=-ea%nKEIr>$;MXCEx!Al!*G63c|@l`a_9rDM;o|QMmd=WIQ zjhw}#shV-GfGk)-w`;O&GPyZo&T-UF`XsSKXh%I;ctoM#Xd$ui;H&`3On(4AlDK@Z z8a9q5NGzJL$%<3kKF65l_YJGgMXt?fol6f!kYDtfJMa@CLCHB+<#fIuFLu{fZB6`t zCmno++aHVXe;gkj=KcS-hle}=e;e)T^1n*BW(z?8#~LlW{E>fL2n7_e&V>W=9oEYB zstE{`-dSJg;>XfgKQcEyO6i)kC2xGBDO-7Nl->I%a#qt@AIZHBcWKwT_0iuu`R2Q)>ediVmw)DI{h|q0|W{jSv~ps@3Yk5yonHEvzs7w1g^LZ()2z^tt;|0 zcS5Rfg*a@!+MSTaUzc!xt2wyqxD454%`g6HOcMDd#UC_Y4fwG)>x0=D~cMIxn7c6vuO5v@3yI?&^ta-Pf`gXx8 zz8Ng*pVizgs7w5u;3)I>X3b@n+7gbn%^^MT553NO@kb+g}15?hpX=y zl-)GQE&fXP43@lU(C|}w6^ZrJoOfDPHnH+3xDas3CeXSBsl02jUCa5;Z%C5>ZgNYvA-THw}s}Rer3d_NGA*PW?TDHEtTzi=0JUanXH)b#ELr_-;{k z0?muOchF!)jVsT-jN1ndXVmOUD0J$o_9~{$Kq5>(Rk3{`mH6Mb1Ao;K zzq(LgO^k0lY5%z}!lI=AEPkf#QvSb#l>e%L?2{z?H*;4Py)M?3p}JMF7x`+ucdr0psDoAFtD0Bs^XLE5k94+WlLPNaVLh&Uy5 z>^^oRiR$qY(HI3voN#F_xRKkl+e`gHFaeChkTI$2y}=NJ!1^q@ho#rk1DpT)UB!*= zC}{$c8p8s2pL6W7FvQe+)kAd(H6rFi5P!UW!WrM-C_o+#F_m{pInV89-vaeM z5=z22gn*3+1($v&RrJ#ao#v`FDWb=0NQ;v#(xMR;X(~|0qO_3Wn$%FR?pVA%=1@jm z18R7oFYZG0O_Af|;IM2rVdPCfV4)pZGBTN_%Cs_@DZudI=c^yrB~XG$Jz-7`4!6iE zzr{GlcRr4kycogZ$(u_07&&aI)KijWO?o(E*OTP%anJ|3YskX^VOImx(lNcwI9#`-PgPkIfgr-5CaebmFoR4wakhysiR25*As z7(+bZfG1AfNInxeMKi&Ur8{q%j-qyTP5F>~< zVXEstP2#*W^V03uc*ca)Pgf1Tt%)l3zw;+|dcr=|Y-+OqH#z4C;{GGz_|Ae}wA=@v z@Y&FEFBZ`x46#p?SFH@VA@Uy7Bz4eob2Lam*UvpgWm^o84j9bz?1A){&h+7k3S9*{ zW7(>m&avb()raZqKlNO^HWA-<2kVhY$UDOB)L?fqT(C_V*?F5Fk=C9?X3+Zj;3PHs zUMGg$of_}XP|3u>*$9sM>rf^Gw4N+Sjm*6b>>8`pbezjDiNFE&B-^O8RI^UtE)p9V zjQZQt7E?@p#+xX~D-sR^yett6{6(`ju(vmBld`LKKOoOzJjuv9{qXatVF;^1XF3w> zNixMfArbY5vo73J(MZF+8_w?3+bi*l{f7MbF4D;d^@Pg|w=LSq*vL)rCfIw}tbL&< zV8PbUT*iEBT88SQXnWB*%I zMD#wUG2UzBJtVjof(#i8FrqH$Mko-tFwgY{TWaDup3(ItDEe9GOK!=8Ow#MzQL;r6H<}>>mXuW l{<^Q{u-cA!Zt1pbyS8h)wrf@G{{;X5|NjLE*X{t40RV6>qGtdA diff --git a/assets/hpe-csi-driver/hpe-csi-driver-2.0.0.tgz b/assets/hpe-csi-driver/hpe-csi-driver-2.0.0.tgz deleted file mode 100644 index 4bc166da0a67644cbe514228083999600e26e668..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 14684 zcmV-iIitoOiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMYcciT9UI68mpQ`D7vPsg*?%dd2FZuYFlc6a+u;`rL>p5JV? z*M>+)!k8r304PV($#?%9JV=3W>S5WLHUH>#L=dPd6zYXSVH)C&!%4?wWQJMqbc&eh z&XMo^X>(7%-|rtE9;*NM`~B?y2S1TD<{?m^Xx}5FsD-dfcIIcN$_B&txYKC%2jh^86i-cL*V3B2azho4JIC9-4PFpg&)o!|BZhoTV@p;F^p-1O(7J1J{TwvC7sl$7Sb1ZnzOkNmFTK9PVK$**jt&W7b z)qxw`O{*i}Z{0^DoX}y=9sB?t7O8G7J5%GrLB7uA)1m`sPPlHzr3}@Ld zTZMDLX~Z0?I*f7F_|_oVp#5TyS$bNZdL6I&WaR%0c@gFtRsePK|8;*qEC2V8k6z^e zHl7_g!($YA0`$}?8IxuTOGdSJ;Nz5VARG|<{p9_-&X_W}7_kdu;^A&f_UCwrVVEIC z(8$9a1cecXP>Kx~NFXT8X~aNaKlG5myxVH+z$py`qaK{zT)_=yGvZ)CfeUAg^{HT! zBGD{I2pM%FNAQ+QxExAquz>jTFHm}-1rRdgV}=$#AkV{sq2qqPpZoER^ z4VMzhC=%31f;d39!%5GNJV8PvrVt|MUP5H#x7Ke0zN*>nhP z5{#+({u)mR7iP0^00tpTe#PcMJI+6`s7|p@ei((Hr79d!J zB@>(ZRGL{f1$%~*E^lO))+9@Yc07Uu0fP9LMk3+k6U}uX*=`T6G^Z-AKe#%%hF8b^ z&cSgXICf~@^4*rh!&BAMN8Qm7j@Q*Z#qys!Q|zPeKR69GAY-cK|KM={=qMxqkB$!a zU*!KboI)`AER%l4IqtyVb76@~xr=EEi2q=pppQ1wAa|GE$%Jp|)z0Q`~srCaF5 z+8$*|97T%4W`Lk)1C4m6{sshlGUIZwc9~-!gP6h9^S~t5J>y>eX)s_mI(0 zI@y?~xTbVz#o}S7xA?M`Cl#b*gH)Ict52!J*dQDs=N<kFF59B3qWpt0S2`S9K9q*CR9VUcH9kIaeG*7B z013*Zn`(3!#8NvBPH44<10FHs!%`+4XgvzI)uHr>1a@U_5yyZ(3(NxK!N{Y|eH?x% z)sMyVT{_QSD=eZ$vr=wGLB_DS06WS6VdQxb7Jp=L;ewH1QjSWceT{?2mpW4#A`fWJ z+k4se(7wbo%-ZlztOg%nA#$CFHJ-8d^V801Ii>l`|J{xeEPSo1&0slU5e**3vppwe|5$x@v@TSkpQq zI{$*j1I7Ui_LZ<39ILoBas*~sZeN3JWu`h3QclVy|MT6K|M`SE|2*mZSHJV--*0zc z{rP|X?Yo`-{C|G?W3azBIR5%w0qr-d=PaMQf%qtJFVnMegN0HWUJ?SP! zoEAj~7GhMtl^=|viTpz_B-JUj9}o-V|1o2R{~B6;2)wyLS<`}OcD>JZ z22;dgBxMHj1ZFw{ARAio$k0PVnqWzofUQo%Y}6{-)D|MWVp3PdwU#qtOXEOLXva#j z$fX|SK2`f6H8XM%zznlFc!*6f;9y1=4OBd4&up#evr6zz{Ob zmGMdg1IpE7*q{Yrzy?&!eN`3SO792N(Csv4V!Xy)5}$K{{ZhG10)ZzvJH#T_aX<4) zIvu`}%lTL6vw3xpkDsa*6OWFN(o9Ge)xEP(-oh^ z`eW4Of2hB+`+tMiFZ+MncuMF0c8a|aGu{>9x~V`l^S|HE?f)JhzT|&y=lSE0-k)Jc z{GrNp7!wammGIV=WO1f=2!HN<{o0bPTIZibsZOLGl3r+R|Et8HZp*amNK=;t7}_ys z#nB?=xk6{rN@X2&b;j|f?6CW*&OVSWKg=*=#KrIh1d9R(jt|tI#J`EgWAYi=okeFj zaMj-$&Qpe^wSbZ_#*ydE;r9r6DmxTV7%B|9t-oR2yJ|1w7!n(44>~B~7&!G)hM>ZG zOt9zbIGIO$V&Y`VZh2*F$Fs{D*;d*!JjBj!w{uy-*`LIn;v%=ek=Ps#fR1e%jIM8M&;zHNj4m#TX|@Ny#^DlTDMEl zvZ=2BHp#c}1sD!JONp z{g?dTtvsz(tJCSUT07atj_FxH$I@DgvRC+b=$@hwjfh92tJeMNBG1439{qzdXb;-E z@Cqgv;8jYz{Cm6VTM|$PyU-r|(B6fwUsJ~_Vj+0{1Md>rn++Cnev5z|HUMmd1sWt0 zR4az9QqKT+PXc!+Csfa8%f|w_NT6YIsKVi-8y~cg7K?lnQuiVl(+|OW8Uc~?Z z|M81B{~fcHbwIWJ-ya+w4ASy{zkk&4zsUb>JjKGl>PfYR_}qqvS-iInrLF7xHlk{g ztCte6C=9uj_j&o1=T`HIhseQ0_~VbXv9ErXQXv+0(kvzp;zJm;066y4Cc{vLC4D5E z={sqf^P!1hqA)BOG+sgGQwvi0c&T2h`q2-g-U2)IYYedZTjy+?IF6LimnD?waAewV zS#-aSMYnuHMkpgK(5O$=WoAzb#iugeSUMZ+s-$f zy**0*y5;qAkezM=m)ZJxd(h_vP|Nj!Sw~D6MlOFlIL_mcqZAHiSwd+pHq^=FDwu_k zY-Ku}^f-0yvEaSXizXxp8T~w$zjx*D*?G1PuURaWJr4H;evhcgFp4$CF?eL7|7D4lSquf#??7Qap45b`$!*gR=Zo=3V=|@R8VUC$x+-EaDBv<2xFIEh zc>CR})0>Oi^UJfV4;Pmoi}-Bpp&4aw?~~+$f;J&_J3bAFpsf0BhXew%8S>s9^b1|q zn3UNp#X|qm;bBK-878i#H5&z8@O4~Fn^488DGJEvVXwE!qFM~|?!!;F@6LZce^)$) zgQmLQv4g$hP^6gn=l%M zh2Hcdv0ZLJ$uLWJljRK9wC5LAe9o*`xgYTuteA<}Z;%!1dwyZXXU2*Pv>uK5(!;E; zejD|t7!6=mR%_xjY{z)6V7&izc67|bdbEQ5-NHezABwpuKKMu8E6!Wt(ppvEq~HvT zP4Z%Myt0cD+q}vyukEkMNUt!^EBiCQ3F={nG8^$7z~eD?#1Jm&`Dg4z!gdPo@qDO` zA$Aw|$+a6$(P0?5wjV@8tZHKn;ruhSOKM zNS)G^OG!%S9F20M%U6>(waS)qx%33qxLmQ;%YK|%bJbngO^f`Q!fnUx?K^IAM9fevWIjm7#I^ z^U2liFE{7cwFJowRn_0s$<58*K3tzI(PtT)rAor)+2UfJ>Y#HGjAs`&Cx3ZoMEmK7 z%O5{nzdyM=Eu6_Aw54&|fPI(L)wYs(cmDDA`oo8hw`Uji^HAOGvh>One`-XspUywt z{`%qFFYnK9KAwCmv3{D8ZS5!`$4;dD7#axtS!BXfjLe9KC)iCnDf)3N>ma)(k?RiO zQ~T!cH@7Ee?=LRfzoi-=&!Z1lap&jULHeec+$fK%a6{_yj%t|eU`fl-8f{5#E3^-b z0<@;D5}wG`BHd9H^RNq?f|w!!D46SRIdCkZ5Jea)C6Zv_ zbgb}kO;1fSLS&C6$tO!^sqlGK2idpD)J1`gf4EgvYZUZ~T3Kk+cOp?Rt<3+6r-%g6 z=Z=o+cgDoavbEhM4MpmDJ6+{oM1i_Ja7-rZ@|H{oJR0fG^G!-OODZhv|j8^R@PRdJiV=r#pgJwC-&rcN;>^2=qleY6@OU)hB%@i)9-SuOV0+HfqD|Lbgv7K-%B4vXY_ zrEISSuSC!n>#EA$?50h0g#PtC3e&wUA}sdDrpe0&?$d4HuKCpN|FRKs9(Disu>bln zTmSL({=vb^{_i#(wg0QPVQ*3!klCB8o7CLUTa-=qV_Vj^X2b8AdN?(x;ye_IDP`oJ zYI#{DpUT0pG6OqI_Q@hIt`vkq@)M&`$fcKVoO6cb`=a4fn`4Jz!Og1~W+V0U1gpC` zJi>)~)u5+@3YDGhLEBO0P2+BB-(Kj9NGNC@kxCx$eTGyp!=SYJhz} z!kJpbsQUsutpAEaca5PP4-r2%{$iXmNX)1UNS2$WM;Z}@$qc1NwXQ^eoPpDY(h3pR zEgTPV-f+Sjk`&L1@T%aQ1wx@2=c)29vQ#wL_}zMPnuTLNSXO?lJdo53Mbu7@mkRJU zS(MbRp-SS9XG#{(CKdtca!+p<9|I&5%n{ z)s%aEbg7@nt>-TC(*m}kyniA~>+#f#b%63Iebdc(R2%i9YNYzVo+I&yCVkPc3op2_ zy|6MoC5pRZDmU$9JTV1guu2HAAxC;;=+;{gC?wWd!3yOWaY6m~Cv}^Jy5DOvA)Loo zueQ8??ix0yTN*0aCoE5Yw9vOZaIMQcfgf=JBMkb+K?)C)-NOSBQ@Hx|l<&dSuY3<~ zPI-5;DmuR7IxaW$DEfI>9kXrcat%Gb)(F+wVm+VoSz7>)C&H}CX_}Rvo7^g1aLYu3 zn#c?(*;Gb6kN}*Bsk?a-99lb4+`W?Wjt1Tw$aoh#j9kq4l!TxT3lbUt;eZ3#xohTX zJ!w-%zfux8<4LJVawugk3GA_pm{twfEWS~sb?x07n|U9JYZb-~k9a;Ie^)cM#-W+V zt979%iLXwKN`B^17*Zxof}N^>@;DBvH9)ljjODIL@hZ1CRbMOEdsWf&HKA#;EwO!| zme5bzf@#_C>sDuPJFsnWYyX)>Wgc&Ld(*bywxTpk8vonypBM1wP|L+U%40B3YeGDZ z3vX+*=kCJiwC@tuaJkVC2L>L|Y)B2Uw&9TK?HMSa6gCpc#!ZN=xTf3nIk)OeZg(&4X?DAw^Q zmHMl(h-oHca*K1rlI5G;jmStJ#UmPFOQ$u210Igv}Axxm>_o zYb2~5QJaQ%xxDE|jm1nutQE%dfyZ3`E@w~IPIx|`S#I6)0V-vKZXPVqML{-j7;OF6 z%W4N}n}%`Lwn&=>95-}sczNq}qY=^VS-@KKXAZ#^DzoYWU%@{CK2B--e>Q2@!N1GI%ttvE|uKJm(FI!hj*8VhgHr*9?L)N%6aWw_yQzwrIULIU%x)}WEVW8>tELblyYXx>OZyX|FGYGovr`V z9~{4||7|?x#796yw$5)Cc^(!F9ryeF#5~#A*?|-NJE#|@H&?O#f}Ne6v_`9!B-R*O zrOlkiK^gnv6?N%KQD^ZDDNSCd|NxFj(zgp;T{8?+*%}`_(}vbFKFFpsKriGL%W7yP=C845N0G zfI)%VS&X^zVVvq$>Lu;odwOW((*t*^@YlpEg4-}LwK!fq%RdJ3xKe==&8++ zm*oCgmJ0awVmN6dxuKwuU!!Z8?K2GYtIQ|5CJ6jTXe7lXP(Z{%TRhb)p) zl8+>OTp)qRktdCxILnK7TPdJKxpR&%U|3pcg3K_`@t8OSc@RosO|UcwDJOz5f_bZ>=j;Gp{knkr zpu6AggF=;Icem9#!y#5#AV33nm=b3SpH7q8@NNwCt~8Zd`Mk!T+!})4nu$rz^Q+UF zt6d-*MpzCRaqR8^6;sS0v}ZugqJdJ?{{g4Hy{w>mN#zq1j|4lK>Cz1Zth5FA{cT(3H=wApTr5tkZOaLy>?BbxLPD3aDTK*g&hI}kA<3PvywG;rVQ_YNV zF8WMcey!FQxQai5?DGZAFn1VH*YxM!F7e2Y^tg+kT3~}G3&jGd2hGz=rtqTyTe5z=XQykV%&7( zH+3Vw+4RWSn}Sm#qexI63F4&Iom@cV=Je*G_dfCjk$!_#aTCnD%Z;45b9XUv!Al2u zo>U!DQERnZj(W++S#Qq%;KEn(H}X6P_1jl>`qucnJ-E9VUs7?!Fvo$A|Gtz;{%$u9 z!56TbE=JB|^4K59U!<$1^tvLf%I%TVpW;9m<=$YP+wJU6sgW1SK=B93FOM>Ea&LIS z2k+=a8A@IkPEi0O3^b5N0NjyaOeKX~Jc=gr55bUwq30bfnkUG zJ`P-M-syyRK=8?E(>e0Jg^4gBVj7LQ4)s%4wK}w8UDMMWd34nC5f{=_z@FdJef1Wu z-7buYht&)jjnAY>NwpEkbeuA;@3Bh+5Fr5_%l}O=;9y1=4ODn_(Ks>gG*}9^E}YSa zz@x}r^z{h=M}8|MxkCo~d3D-8tg5f-Qo0!{YR%-wZ5aj*ZU`}gjD z-N|ud;vr~r84f#(aD0*aCp7~e@rh8YXCVyai!Pt`T&itZsT(vw^m`3-VUce?l@?Mk>D!YjX#GT(g!m6t{gs~BB_rRDKM4n zJH0-WVoW?>9Dqy4W2_FSY62Sk`JQHS{bT$w;dY;D^?!)iLe?kZK~RVSdyV1GgbPWe zh0v{7f-dGtd>LT68srD!dD1YDiygC>TA#-vsjl|MQuCwoSaCXdAb4o=@)7&FD2ci|?)4jIn@BWJo; z-w^Sb*ms={#{%y0{H>A>pZ1bJf4c+3CQ+<_?rceQ*9EQK)SL@+uV&rBE|xBdlpKHq z!H7gFcx;=Z3qMi@__I>zHZyEOtp0ZkK+`Dg5lAic7P&qN3Y)~L^zCQ!Xm*qQu4rEn zBvh+w5zcG1&eiF1aOVN?i37=fWh!1aF6v@5*IGulKyYVVeYHP%2Pan-K-F0*5K>e# ztOSdLxoWG<9^RQKoR31TS3@F8lwy^hK4SC5fXKPWf!l>^*;yh|*ACAvI6wuLc984d zqT6Yh#Jg_I$h+WDNAalfbOSwl66HvogAdG^;`sW1IJ3Vhg=kmnx;?!%r`QXnVJ4`Q za%1EZk07S!?Nh;QI5co@C@h52n_F71m`1&r9nH32Z&$7yE4r(8o8{P=HgbxSkn#g% z_tL;M@#GslXFA;0G_o$$!Z`B0xi#g9t@a~jKJpgD9Ob||G%EX3(nXH5_)erevdHM(R4Yqj_fMa8gs$r$SN{C zMKfhau%#UdJw049)lx2J;!I}1j=>%tA01Q3OQ1bpHWoCQV}rs)^GUDcCECnQiGnm4+cLw(EI z%e?6&5pA=n5=>gHzhND12B}uY7`svosUe)C9SyXNE7@aAq#c`Zlw_j^r1fd?0p5eq z@E^t=j2TuGq#+KJ*C)SJ{HM4RuCBZAURnt*7KnIS!JdA&{CIuwmtQ_!T>jMc-F1{~ zrYlW_cf`Q~$5NsYu3ZN#jTdS40;gl~AdMqWw{k7};v_`Q6vyAgez)HRv)UA&zPmU* zzq~nL2Vm2M=3_&Y?#n*^xAbK8|4|sK#1kKHFbAOS{O`g3ac2Mj@bIwzvj4x0r)K|u zxlR8v31S5ytsQ?`gKl_h|Ea0^?L3+F?=V*%{g2B9bsXlddjPmD|Nme=fByIAW&LmE zF=^AypHyqm+uPK|a1o3toL-*+l(w$#JDr%FFL2yTYOtKD_}{e&|D7e#zeOH5w7|IJ zH26q-%mwnpAq0`<*@X;}x>(&zIg>D>ojJwu9r~2m36#HnnNE?&ex{uLn2TH|h*Qh?yV>9plGlg-l|vyGSP)LR>#x!QAsmqT-ncKx@UfkKeSY&XsaK>yG_j(j zDQ^r{!n5UY$tEdE#UW+spd&|MMz|o3a&?hf-!bRL{4V* zYKH&zx2tC`#qo}GLBAbEzk;9R87>q&T0XUEN9ZVd)GGO0*9lgiAjiR>!0u&Ep|;y8 zJ*xic&_M5l^C5itt);aPc7IKD=%?SF+N}C!o-+GCE{KWUjxLDVS=}3`vHuSa4i7Wu ze+Ng0uV3u{Z9EMu?hzKKx!K*!>MpLgT5N*XTi|H}{Cd&%nd-a98ZQPwpM;!JCN7b6 zK&+#_a7nAsbVnZ1+xxnC*4j;uEGBkQA`qt`E(A7p%q^u^V#OlOvg>4t!ikjnDMd4; zOl76@k~B5dq-&q$Q@SR7uB`w_Be@Zq;OzOk9C#m9D-8~u>40$Viz;ni08<@gHhk(R zXyN-}KxO;bA}9vP2Dw!A#>1b6lVwIfz4~c`gWm)wToM5J$)=%Do7s(k&`sm97Yb(+ zV7#YpGe)r1AIOh3fqin=yAcG7qv3Q6x(@MbKqN+3;pZJ|iBvW?4T~}Cq;PD|Bta}^ z0LBwMvnm`IYcOXFu5SyzM1w1yGW#!A;CqcgaGm`(IL_989rO=g>OXGfc_RBSUq5~` zw%?8ESJhuGvitG_XKg;PjXpjh72#SFpk2=b%z@m@`il|K^x-DQxsl;lY=A9g4yve2 zjV)LdaVaqdb2=>-!Eh+68}PkhK}7-;0#^B4nm{E3`zZXR2mj5$kZBl``PXd8h(ZwJ zxr{4J=yX5Cu$8V#cxLXlV<2fd#`@E`qty1x4q9pX%^u(K%YfU=?z4@WWg~tshTrmrpSftL zq1|VuB{BOv65PjCTnKLh*oMu%qS-1yU@==Ywy6zjm7Nl-V!*9EcCN5n;gG*(jdLIS zBg|Aj_Y+OiY&Fwd1HQJ|JzL%8PC?KJfEUa1IX%_(-)1sEYwW+l;lUuA|9QB7@M8aM z<9Sm1Z{wz4xz$&mdAR`-ZW+t%QFm!qu+B78jqNj7(2x|9&ALy7d?C}6iF$_y@v_!VxnM}($$SWx zG{8&gg4A}3I)ATTdW4I=mNbw;Iwd5EVApVwU=n$V6*Z|$>u=?9`guydlxUq2H**2H zO0Xnjf_bVUkaBDw3S7**d0LppiTt`=Iz$|Ec$nhAE?-~;N)kl7a1syZlo8ozEUpTC z!f0+jP$%Yz;JSVg2>^i=`bd0dlY?K-IkvmkwLpSSQfYq?OfOc97JIi!)zx~Z2r^17 zb*7-zK&z^{CWHp2s(Lw?>4xCS`SumG4^yn_siF-1XdrNqP1lGw3&oVtXre326fxJ7 zMxF~JoD^PBoI*r4scS@|z)klc*}#0&jmsin*HjEuli0q-0+FB%D9G-Iw9oWK;N3+d zAEUrng=H# z=5Dugk)N%OuR+iJs0rGHD`Rj4W)&=HwTgG$0z0N-Fflb=)C5jZ;CgC>kt`?W zxv&i35}=h9D2H~XQ#rW_FFK>s2)c!kPQ$pU>~>WVDJr$eQz%-BKp}dM=N*luk3wBG zA~PwmT+a-cDUp{bh;(Q)u1938Y#O59bxo(mDd8gWWX=)f6WBT#foHw2*sfLDYwqM* z>b%-h+g{J%S>FEF!fhD`pxXW)431xC@BcbDe6jzx^K?2L*oFfTbIsO00L%U<^8s{| z8ZW>gQ0WFFV{O+FFy_WW73pMdM?}bjHVry1;rH#d*tVpx(PTs)O)IsDHeqFd|9ED$ zKKRTMqg6AMP{FE6K>nHZ&Er~Wx>#nWPZFr2fu2@px*C#?=D@HbQWRMInc8}~CJ+h6 zbO=@@jCk!Nm797=-66_&&&4zB^-xGU3erGVuJGNR*y!NjZ@}F7{t@k+gyNDuBv4i8 zR0XZL#4rxrkP=-bIO~Au3d=ki`O-p83VR8vid+X&9YNQnUfnKS1aOLc?42TxHNA7w zwjt_EGV_k4YBT!V*QOQFKXur8v2gU+>cUlQT(hi$HLqTrWkzy&sJP1I%%M^5cB+|g z;CafY)GwOEeo-Z^W`!4YT;QlScTEfWD{)p=bWfL|#4;{wLB9n~>&jj;EblqT#4YHl zm`$P3frT2& zj*EBV3q5b^D+_Epp+ZAjns%zBQOIy7sYRTd@M`H((yuC6HzwFqDv0=gq^d+0H?KV1 zRC4Y-N4v#^kkylHM<@ycU#g}yai;04VNHw?_GmESOYNAYdbq~pIu^_{&&+CCm=zL5 z!IMIwaOuaUpAnOp*lYJD#7?*9!;(W}da6|cnWV&RlKWKD&-W%KJf_*p8^HwDMnsoX z*45HSL|<2+>%gk5+vS8z^)f88VGAee-1w=?t?O!4JI$%I--p={yiI?P%8KJ>?$ucGUk?#--vkXC9&C zFy~`qCCA~tm5_=p{pRfc{Y||2lle9yXOe|qq7#Vp7hJrj?+%`CnsX)nA|?Ttchncu zQ#SxOG|=?}o%u=xD@?4&6Uj=fcwByt$VyAILXYZAzgS9Jg1#=D(la?O0Ie-pUZ~BDQ;Jryo3Kcvna7B97VjNuVsfABS=< z>gStHhj_Z6=Eh@wwFMT-qVixgMz-E!rpdBlztut@&7vO#>bN8V0B9^QOA>|4qL=QgCV5 z8oFl6El-CXW($JZew#(d%vKUd=De}?h){X-!Z27qWMyR_>AQH4=grlvM}fI)aw{>W zjA^?t>+(l^1Dm;INJ>}JuFNW~4>C1{vG}8+M4o~$SxP?T+N>TSvwVl8z+Ze; zn2A&r0n4*o5)5k&ewlAk=suM2(uSN2fJIJx8O>CK>~^tZZlV-}w`EZY~k()aflZj2x|?=yGcM?}1WeXde;z8x?2Ozxe;#cpfkRtAJ~^5CpKS(W1j2+1I&HKpyH$I3U|#t!%G~fI#7y^>q$@ zEPeDNb>gFtuJN_=JyA7NGfgDGcBVT<#OBKwU2q88*2~tJilG7kf&x2IDB9C(>r2JHf#pbJ> z38}wb!uqXZfWUHe07sq6I`+xbE_?3dU&7}8HVlLO4&yTC3JQ3n_*B8_=L)L# znGoSk^zQI9pJa z_*)i7uQ*{)amJu#C$VgkeW{ZMHdUIRGiX|Bu=b=u2G-nH<(tFh=M0KY8e}GarE>;L zo-}B9m0n3={Ve01mX%E`-3rbHT+#`&HbF|y8q}a*^-*}*pnP)krw#IfyF#L-kth%a zxw8gV8-3Cs|552>HI*j~^8HkwGg#xKLAA)KTZ(n(4c0wz(BR&p@&uY^dG4SAMvW`a zK9AD}4KZqdpVad?gU|rAM&}S7=_JDQJ&VwQaHZ!Fp5cjvb@Xl7rDm0h`z5(Ii|m_< ztePdGkX0Al!Z#3OTr&Q*LiT@?{r~*^uSbKI_}@03t;GMf9r!Dc_*I4aDq?)wN&C-) z5$clu)9~r%CFTDcNck@d$UaKKe=~QrCT}^D9lS_fwm1FqLC}gkNy$~x1Tq(^oqCA) zO%5BDf2g8E*}dnhUr&nB*Tn_;!+$i?mGqyrd?7^H0Y99}^EN$8Ss~-G6WzY+{Vs`j7q0{cnS# zgBSaMJI^P@_J1Txr0q!io3eR(2yMb0PTG5mmmJS9BSO7=KrA4^#C~l_64~NC3L@l5 zal(W?;6`pvZ!Xk@U>s-wBT9v;_XZ;j9IL(P9u`hd4Xpp`b|p93qa+DPatzbC{hncm z`aTZytsb(GuK>{(L44hNM2xR-=phIDI1sl|I@3s1Mi}&gV}}N=%DzhAGZ%o25f@ng zk9c&3nf&0Q_dzNLKk@_#k(f$issGDH5yN~%XlZWBmFPGo1OQ0B#YQh{1_P59?zehO2w=NE)ycom& z(Qzq#v>Y~6>PgA6COxdNt4Xqdbi6HQ2_khh9UaGra_K!9+_j9!&_{3f4W#IG@fby( z=)%R=O2%FEq|PQ_tiF=|q|<6C#N!s3|v_5F;7AnlsG+)#(0rTX+87?QP+Wya++a2$fC$sT1cd%nO%e zV~h!{Mpq8LEkq^z-@4OVg|Leio9gWUP2xO7%zZ!%-BCUKRTb!zWh+-Y!-CCa8>+JZ zye0yTS9N;V7J1rStgC_yiJfuY0o?}D1ALRO3c2!*wDL` z_#+Q5O9b729rn8K?P0A`cGckcX1K=%3f$4W3)f{d zQvKeJ=C|_emH5TnAwRhdRq{bK;ZnnGi*_Q?aub{>cJ4Q8Uq}j=ZmTgD5!;%U3Dj1! zIdWDcNMlc$1mGa9bLEXa;!&;-v;BCw4q;q8yOmwlYZe3T+)$_W+mprrGVxy(Jy1LU z^EEDf&OCMbAFs3be+~|hU+O<@=kd@8duo4-&@MxPGsUdyU?#|zU{@U+6#-_ggfWJ# z4$KfEXyoA`5FbtORpfa|7MAL82>8j6me1o zKquc={dnR%pgB+ec`2oZ9>dzq$^xO*IPyF=y}5|bxhf1)M<&&z{qxniYH(%_!fHdE zw^N9_gv&oJsf$mk-jURqhB5wUx&fd_P#+26DCZn`Ub1tk0ujCUNsRXjIrlLvnjj-e zJ&XdIbYtXkoWpay!InZ?#WT9j6otQVb;vD7SjSaPe?GYa`6fUKa92iUX+)lq}6aAIG(-0lz|=KTzft10TO#03R;e`y{yaa4-?mAq@8A z59ssahvOv>j62;Nf(%ax7tCIS*XE~!iC8Sg-y<~dYRjY;)VN~^86K0*@M=oAkdyOi z7*ZyF+f_JhY)y3oWoH(wC2fGNu|6ai#zMX^JME`8S1PhZ9Bcy|e{o6!fk=Q^^1&6O zGvZ=a0(_`%axZ}1-0{99`0-8guTbEsyW@8^jso&LEEqcO_xlBCoanb8U$2Ra-PL1Z z@unJ!H=D!a%_CqT^~+D#G6l6(_|i-JJ{n;Ui)%{7 z8L_p-4HlV~m9nZgL#*eKQO|sn7g`^uIPMS_r2_P+9xBC`bTO8N+~MJ=x~%M@_8&5^ zXJ0R%C+bvY0{U@ZtB?3E^mzye>d!R%l7Yo|oropZ^;G0RR8)!yUi?v;hFcPv7ML diff --git a/assets/hpe-flexvolume-driver/hpe-flexvolume-driver-3.1.0.tgz b/assets/hpe-flexvolume-driver/hpe-flexvolume-driver-3.1.0.tgz deleted file mode 100644 index ce926107079b54c39318e912bfd8d216c478ac53..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 8833 zcmV-{B7WT;iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKBhbKAJG;C$w<=%x2=CbJeLIi4h|dva?%wlm|MB=*{wNtdi8(%{hy!z&_C=wKYa20;Kj3_f9UmpK0JK( z1N6Q|UJ-DrU=l(x=NRlu~BxQ*hcmN@hBxaK!BvQs0P}U8ROFE_)4Im|4 zCdeC$ag31&>?CB418AI89!cp3#%3=^rVs-BkBI}xTaTh1|& zqB|!-BJV~l6kQ?&N})~b*&3GgRUPpDs>%f%(Q~o-Ri4a}~jxmwvS6&DH z7-fmf)SH-Pk?EW8=7i>GD_}S$G&Vy}_NNo!;(yxidH`mW#FQ?`9C=Kku%?VHY+@i~zaBN)>d15d#UW5N*@gi|t#QGjGH zLP!<=i-0DQ!IEVhB+k>ANECtR?L~|)BcOA|{Gw$-<}|$EY(W+0K>nUg2Cy*vWA*Eq zsx<(`fl%?HoE6PpijFPaNz3A%w^w$|3I*HpxDXdcoVe}QzqPfxN;Ge;V8RBE2)S*r z_;6w0yDhGKY-=)Hbi&m0_EN&h9Ho+7BNEOqi3ZUB9|uAI`OBam^gSiG43{U-oF<+c z5+#6&zd4gEWbpu~2nF>7@&yg?f^j(j|7GuG&(Ghz(_nPN9kB>KZ_gqFp^{kOpfVQk zmnjb5W-L5Im=jmV`&NL59EqAoqvbAQ9WM0v`3eDpncMUpToWomV91il%xgW-oI!$w zMfohyQ&sT-nRoLeq4GUdUG@7tU(Xz}VB9nR3}E(BD7wc)s)e8%xSrB*T1+beBUIXo zQ3@~$Xn>H=`6xzU9KwZXN*WTG51zL-qDl0YWr@5XathZ|Jp}$BrG5t^waw#T;OY?q3ZU z3)2cPl=lEKnITKR9!`@PR)8s`)rC@0-l;@tB(8PDl(+3V)p)I~`gEz*^Y&skffyGU z*XMxYcR-Q|EZ+r}@5XHMMpYXCO~%ag_V(blS_5j~=Ni4M_5#Tyn-fVx635GdC!BBE zP|+M?0Fr0uc>sHRaD}o4LTIp&6>t@;TGu$6B#bM$GzJ%bV1TOyJSMSF1hOzp^Y(4o zDyg=sD7$L|r2;M_Ng~1{&odlB_m(ANIvMDZis_unv-69q0r;K1U%q?$OXXdPe0;%T z8ZHNL!onGHE9pHiT-1SzgrpZ7$Mj|ZzYu}18Q1UaC}4EVk_1D;wKdJvSG=J@jh;3~ zuCh^rasd6F5@12EdvK@=ah&K{ndl%9veP%%ak?N9b$Y&0D8;CbzsiVQ$r(-0#<VRf11>?Bp;Bx2iH~yH^PjAc@)C`;_A6&uIso6_WO6m@ z|Al(ieRux;^eT`y@&P*L2K`_EuIm3U`p^W{tTCs@$=00c^H$H`@iujYy@;S>k(Q}^!9Q>DDqn^bWuB~q2N zQhZMR)(*PBv*kKUR4V4?H_og;)%2lLmery;Fb-#BSU~W>I3HBW^96EFBZOPUev=TM zKhr5HX@c3ZH%)xUcx^!5^HxRkTli(2)vJIpzHEdwW0c? zcyLHEfgso%T?<6_eoQfr1So4)3j~amDlV0U{Nre;DRc7fN|jaWjYu(k8hB@8u#Qp# z#9Dd6dO7twD&d;Ou`-)8Wi%6IZ!6?2wp$Wf)uu-4a+=67`2Qw4|0etzG}G=bv##xTWi~p)td^4X zj;bNnLv81cDHW3u##;}!uH(0M&ZWKiZC&qh3mns!gb4nB_rd?u->KJsHT!ye9{6mM z|8^T;OegpE25<8J_J8ix<^N&-(f|8ho=&IZ&1e!0;8>6HTawoI>E1y92#1Rt*|J1iryG0;ZNM6e)}fVV zu|I%Ms;~cGGy#9#Z-7@8hP%7Z-w>+?k4PJ|hN5khGcJ@iK;~=fRCBxoZ4lftEpY7e zR9egW`V|iZ{FvZQ<$eEYImcJ>oR9lNpW!J6PHV)Os6`Z~` zafDU=w94g55F0sM=|O7)QI=?fQM%k(XMa&*b;8y?bL}HtFWH8Vg>ELN*CZp&UKIFzW`(2EH;2*R-PMF`fsS?ze{eQ~uGAa7_2du0?@pPJdN09^ z^Jr~EuyE!V=)1`O)q2k3)BJ3s|Lbkj4j+;5em1~H|6l*GrvLZ*FAg5{|L^fQ`hT1W ziTskqSg`=~xRXpy8K?i!k%GbOr3fhNw%P^_ffpUF;BIFv@GM4QwvS0lwd@uH_~cvm zW1IIs+wG-1KCLXF!w^u|5)0%b{dI!U-&Z11=zsNQwk}g^rwMYZ$RQ*q(yWv)CUm}C z3;W<_X{6-XJ=@y48MCdZenl9g`L$cqxWGiNw6~@q3w|H`)RNO{oKnBgB%;aWTgt>%j)D~5HqK5K<0Xz&E2|4<%TTH2Lyv|kpIt~A3Ur3{|;U}`v1Pmv$wamr(^C;Y|xGq zTM2u6dn;Usq^al@tmveOci*02Z>a@<*#WUp4d89S3EWv^hFlOja1lwCOBjw(l|N7^f z(+{U_oNqCAhSsTDvP>u6Nbz0+9MI&81dA680O>p)8z8$W?tNH+TDqU7(IY}ny6m!Fb z>qFqo3%yUCw^JV}(=oN~^b%|WvqJucm+J<+g`_S`n})x2VQhexFO%;o|F_ZqobQG! z?5GQ_*Z=y5&woCs>3;{$ALGBi&jVTkd|k$I+d~&ysD4^sxxy_B(1NM#uJ_GeicX>X zHJnY{R`Xkr*KV5JdRSG}?7=G4F8bT5`nAg7i(ahiVvVPq>Y7-?F)4?gu4rMtQN#SA zL`=sRF2fjIE|_w>k}Rz<#yuP44>(WdQpYBOWDujwkEsYcNk|M+l0-3beG~?{K8zE_ zNRliCHnw5z`W$mtS+W{XRe!>pa=`K@Wb-*u^ZXO|-4RW?LVLbCq58jMSvXyh09}rA zwm=^~7qE8Fa#AMbl~UseyW=(@C3dy4{`FK5?$amuFVKlL9Pr3bME~Em9Ul1n8E$Va zwDBqh)^0z+=g!H_2u%uox5wEzY1)p;)#>Gjv*YhDp`0_W>v%wp;MMW@#R^sfFq{9Y-FfrJuV?T6 zeE;{RI&CbeDB0{o$YGm0+CGh_Yr(CU;w9HyDaBbzCd8bT`h}Wfpp+#IT`5kYwl?PW z$2pT)HOY2uHpU4Fm*xm;OCMP(yY?{c{o9Ff(E{H6QeZ_#a~5S)y~3@eXkIVj*omF0 zp}5X@QmI8p9dlZH{b*Oq6o+!FE}gIB8!8T#W=YJ#SxW;vOS+ZM1yV9x+a;wXv~)*? z9dquE$myEet7R;YOmLHu*4UJegx#jSpi*!RPf_4GMpGg?_O!?v@GS*hSWIjIr=gGw z!_mw-?d+w^C9<^|ynB;toqcPFES7C+)%}u})>Do|^R_BV312CbS2h+%N7)_Q(XG20 zC+$=e*~nB|Q)*{|?~dbI4Y~>4?JBGpGM*)3DJ0ILHC&}$!ePF zEOeyB3fKIz`hAVRx5eA5o{*$uL}Mx`*7gcWq>MiQ>hD*79-X{Bd*^?4K9e|R*B3e1 zQxTGw)J{FGc#}6M4^1A+be$%#Ry$~iwoz5s1CIa9C^x6*q~Z%Xs=Nj z+p4WLeP~02uFS4Mbv2zeP|9Mh>d?B{jk?hmeQr`o!u*h$+fc)yG+3`TY*?Vx;%hXB z4IH{rooH1i)&R={|3=$_+wA`tXUR7^|Ji%d@2{NyeD-+%>vwt91et0NS@Ygr;Xd1D zLr+LflgWt%Qr<)7D1G@$!`REK>0G_gzJ$BG#*;8jZq4E%JO_?_XTVf0xpN9R@2dy7 zDmUP*R(MzTp}0=Z*Syd7>QN^fkt;#CWUwzwGT8F>9RDrWzrN`2A$NgpivR2%KCiF; ze((9?`u`r!HVbLbo(<2qwkMSZX09|W?qPmsE;Y2bpsC_!9~z3|kamH1d)^-44VkAg zLMHSMw6Y*W8RxsboiY4PS!;hP!T%p74Bp$@?x~amIKIeZh7s5Bvz6=h&ANk7>aKen60#a5- z!gOIv`Lt~ei9;OFx2DjLhynC>4j`!js>X{vEZoCUo(t&aS&jB+zG1c=?$LBf?T&G` zwRqYR$KyBWf1G?cfAh!N(<{B#c=Sf^^POH+iZ^YLRRrZ0kT(KsmH4Z`n*)Kj4+Sn3 zYzere@)j%Dw$>U@T-YmYQuCX`+P$ULK+{z~&5?{Xx6;FvlgH z18&g&`p;MFzkcuF=SThTdpxc<9VwAl26+B2HfoTp{+BNmF?x6Buj(y9xoI3w)}51t zOfc$|Q^R;%mjmlzpdzw~W=%_9B8moN6(v!f#ENUib|<9Q&aU44<7 z>1KIp+TC5J_}f-D{jQ}?0q}D;Q^scg0NnMnTA*`{bTXCx0Q}C+e#3Wjj<=KMw}R-G zA`3&r2%|!ES+9Pq8#riIPwq8+#Q()T?|g8d zP5!^nz&6BcjftM8{U|gyyDqU-Arn&vmpphX%E2rn4Zm#_p8~ zDF*r)c_;aWQ)eYL1~~U@epCIqdHr9W9-X{B4d&5TX=DBRKR9^a|GA$3M}2-=|KH)+ zyGOzmCo!A%ev0sEcMzX{+%=WhQ=N7~eG?kxJmpNDe?{kSu^Dzi$G(hWbIWddok~$j zp(iAfIL>0Fs>C!j93n6|j?4|bBo?`+(`1tP)OJw5+TD$vYe`P@G|+i5E;#C77eOTo z&+EV+sgNAW+@)xKb#OoE_knRx(wci6lL^5s7*QcP9c8+EAhI-NTw>&P;F2VvDtr*! zsER2jS5rEc@GR)}_SOIU@Z(`{V{W5Pn1m6Q_4h#_!l&b_vwXUH2P<5=rbepz;`##mpMEm25wGdD{nj3yJ+Sq#+#Fd6jrZAv{w zxXa&8-zWtx&7{c(B$RfTU|8Jfjg%{0GR08R1p*t7X-G*7DG6t4GI30qpptQ_hU)}V z)c4TwGYJ`KmEBOE1i;s@J7Z%`c&M z7>rFsW0$bGu%7bb8giT3&hu^oE^;_fdu{<-Vf<|#-H1U-{pHi1L?M*# zQC6{T;=XWnai)}&l+i>6UxheM@-mH!qgR!Mez6GJ1A$U~l}xRz0FE=xF_G~ShGuaL z^>i49i=k!?1uxqQ-`hNM7ueA%cCssl{>Wb{k)UR#C1C(ZVTeM&443-b%4+)>RC5r~ zS>2$-w%9*+3ti+d+psko{eKO@`A)Z6=!8h3CS8K%_aBGjaJUacz0W>;`f#*vO?;Ds zi%DZwE2Lksad9x!q(jWz=x|Nt6n?}TdAJXFBcJWV%~-s!V|kFkaNa|J5VSYvkF>zUqLbW zn1=EMW3q%>_(-TUp|>$hCh#Lo@_c+xVT5BP%*Tv}XmWE%GShNX=Ml>@(&?~Xk^mJf z);R)o)-WQb7-?}GC{}UMtKeee6{{Gx=tSCOM8`A)d5vTy0=UZgf`uc1CSjaK2*cS+ zq3FiKRQ-c9{TG=DOGG}yVav$g!tAAR|5h{H4Ry|ou*2%S zt)xR+ZQc4OZs9aBxkgPgIhLqdUrER&nbIGGPM4_2+i3Jc?x5U&qE3&2?l`vlA8z5} z6t#vYnNG0NMwUERU1;tC5RFOeHq!3aq?2<{t6V6b7iv%+?d-ATO8x4q@%UTlxPN)K zP+Yz2qE!(v-yW+*)VwqKL;%N-&F7dz#taDabV5TXH}cT%ex1iHq7oFdV=$&>oH1EY z&JrE}P^NWR$qEXR1)g_mV`8e{Goeb7e6;eAG0z(ghuSH3zf`ZQSx4PGt@Tuk)!c{r zEQxB~)0|3MU)EqUJj*O5#R*EZb#fc4s%g1sHWV~z&MtsN5m(xVl2%Sf3|F;cHNoqu zXeIEUudmEy4m!Lx@U#grtW5c#5*Nc_stuLZpZtpyM&p!eqmd?RWQz>7qnS(#UfGjTA);8pcE{no|>EStuAFw&<~Zq zXlLi%-X2`!_GZE)3hx-XBsyQQ>k*1@uGg>qX!JVk%W+bZ=Qhv!%(bc>OOfmJU5qP* zEM5k1g$PJ=vS%m%bA*!6SQupYnjCjtMZdGm#K2dqe$FD?hlJ%wD?2sOd%Zc#ON`(* zA{~F7Lj3&q6Yt3QF-OK4SuOW0==XHtXFclXGOitgyfjME8Cx-7*+DB=eCC`XVBsGKTaO_{GMDDE)9 zD>xei-lWKB!OK;f5ejPDWm;U8^WZSJ+1JYGuzG@S=m$Lt5-%pv?ih zsLYyA;w4-&K2y?8`&(ZGH^$dm%xdF{uFYY)51;3U)*fcP?GFn|^sC&59TG`mHi1GF zc$~V95qt}L*3|o3xXe%0>WvbPDND0BPsMMi!;aeax@FUNSyO?`S6eMx_3Bo;q|d5T z?AUB-6;sbq-1RCdlAjK%HssK%CsQ>=Rf9U)v!j+luC+Pu0;|DMR^JgZaB>`6?XKB$ z?R1JjXHBJ!SqJug&EAF17#u63F2B#`R2C`OhX%q>&8CT2%@a(FG$b(1<|F}*B+@H3 z(fLWWqkoFwOz*H|g^Ru*ZP@U!PEIJP;ZoLCsungKP~tYBEu)#`U%DosYL_-`jXDiG zX~rjI+efifMwi|p%ExVva>^p_EHN2mLn2TBRmSC9nE@#$q0Vn#Y+EX++BJ2Y3y zx!q79G|a<|>>AP9i1uMEtwvJpY8dm;j-%rEGhDvXL;q>N`1yGVgikVKrZUq;-i2YH zv-H~o8!lDyJ~q#=Y1%eZ|Bq)dvDVnr07HZODY_0>)O6i{*>@GIl6 zH7|`V`%0Oz#mp!OvHMoFnm?#LOsndlc2|yJcu{OIf3R~&PC3gahGAqTDf~*QyN0!+;X!c|O3W2ncb@mx*<>!P3W;Ry zZe^8~iol0~=XDxYFECctj@i>58APHA3ZH(Z^0#bcumi~zqu@J+6g(|w zT*{eRT7l>Non>YxJr>L)i)0yxtC)l{%~G?3%BA-8O^FrvihyGl&xEq<1r`~;El}MG zO_Z`h(U?+-1YEO)j02s|F``OVs-b0xzyLlXOo{$3wb{F8M$HbIHGcQXX*2{P;ge8U z2GbNHTm+PrdyE(<=4)JBMKQe#a5jb|%V4bZE0Qep z3BovB6C)jp3b+rcol1x?j5(sUloPXCqXv(0>mY@TOY8fx7P9L4r{nW??=R1O`Q!cB zyI;5QY}J$`*R53p^;8q#4Gl37SeV=zIpe(m!N&61ByZP+B1c#rr6inUUL6jCUWLPc zdUJMs`tIuVA^2JlPpe*ozaajrIsT8NX-BDbbNm`HfE(j~d-eFg=e?gF@BjWT&wb+m zyxpVz(#NR3HBoLc!W8=tEOib_b&7KOH_k-yn}uodn>g<$ zPWj0USy^iKQkSZP*Zc4FhMl8xk8nyBl<`27o!I@0+=Ezzf#jPKeuW_Ao~c6=#Tar< zv_g-1Z*2E9(ruEPvHLkki4 zZvX9k-7taA#yOWYar#eGsVDojhO`?wf+ue9*OMY(BM+V`yz%#N!w}(a@P18Fx}h=- zLEjQStAefdP7%Y_eG;stv<~pvnzD*OwWca)I!PGE2R8*c2j8+)-`e?L$zGrg;zYnq^x-DPAWm|CA7 z&@U5Pvt5ravQbP!i-D^4{K(?#p|Y#H*fXNU(N4TJHp)_C|YsZbu}V)Ba)>ke-Ii;*s8?Lpv1UBoaK5IIHJ?hI+Wh^Z_IJP3z^5$Z@pACI z{-S?Se{)b)s$)@q`LgMy)95wgOhK%_SSe8gnzKYsD_zUqJYRX^;GVFgiHnsqfA7%z z0fS$}ZEiW}CL5h*4E73__A%FipiP5ae9(WL-h@+IVYjxSGbxIju(t3vV8Tw z-xR+;(j;QnLf^ZrFE%uwYlLgWdmFm_)$Xjv=ka-b9-qf&%jf?E00960z3;Y|0JH!A Dnv8~v diff --git a/assets/hpe-flexvolume-driver/hpe-flexvolume-driver-3.1.000.tgz b/assets/hpe-flexvolume-driver/hpe-flexvolume-driver-3.1.000.tgz deleted file mode 100755 index e8b9a12d762d7b74fcde4a41b69efe297900286d..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 8836 zcmV-~B75B*iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKBhbKAJG;C$w<=%x2=CbJeL*&ZjWdva?%wlm|MB=*{w8o(Es*&z52iX{$cNj{{D-D{r$tA_j(6E^!h&^?7jE_ zdS9dQbx$TF;Xm{q-B!JG|DQZ0Nth&(vP29#fRIQMvq=yVDPs&M>xRfB9aD@3kPZ1mPkSq%=nB*i4lxxjDe?Mg)!j>bHXVZ#V9~B z7$KyJ|3yF($zZ`U4iaZ+OeBiH^L8S}7ZK2zVt&ygAu}3Ya5krkb0B|DCIgsj{?YLD zOw}5I;y|c)QO=64Uy6<`-AT*hp0`tW%nAkD^0*KeMx40q*1xs2x=b{0r(nVcj|jPK zu=sFc-@7d?eQawooOi<1^LA3g$qc2ET_X}+V-gLZ|3CJE{^84@AM`yXxD1yk(TpaZ z8WJUdioZFNEM)Njs0ao11oAlz@q%$V0RLt0WzWywz0+WH!yPdXJ#WV%1EG>w;Gi-V z?-wZ!;C3uLLzoj+#`{))ha8ETN2A3yVjV8@`1uL}gPGg(4%`qbL14&|$joa!(VRho zghlx*&{I|M0-1O7Bcbv=RbBP_JzvipGH2W~{|w;zrBHN_iBt3Gc>q)U^=0>a*wVnA(PbCzL~VMMRWiC>dYWn!h13 zoLVNaw2qura(auQQYSlB)4*%t0f6B#1L$T#BZapZYQ)UY<~Vljh;$A3t}5mLQ*{4o zz*v}8fT4TNF#HZk5`pEr;PTy=P2Q+#1E9&6dEU+ryjE*KE&N=gchz1XnPf8}X-MLDG4O=* zO&cnjV+=s@3_TBEX9uoO)<6giHnIY)qE+h}XOo0+C6~tF!Ve5^wSdPY7K%U?hH2iu zEn6kkb`@o}ZJ<=Zg(OKtc;tD8Bk10;WK1UmJyJ29QF(TLaWw$H)A!4FZ-1%0OOcN+ zSWLsk08UtVjoeCl&kN^updumZ1;;VH9l$R{;A_V9dpimk9kV3C&~R-{bM+N(sZgV* z&5^5Yl%O0yzo!IP(Ch9U=t3MPx>hDSNQCV44R)N)i9}s<0P{5LL_`w(DOB%{*(}W@ z=F)Ef{?Uy5izRUM@oKq$=W>b$VKW;IN4-7veJ8+gjNCW~K!z_y>O=AR_P)UhoTa~I*Bq>6~G9?xMnK32eh>{#JyU~D45N4><+I{Auoc8=@OQgI+W3BzlS(XmK_tzO* z&H8_#o^{`yzdyYSabFB1<^M0sPdxzxPxr@ANiR97~B* zC9M>nQ@^!?F7Rx*juMrMx%rJVD^N9k=#*u(Xbz0SSs4}(d@#-jRq}j}oYM&5PO;x4 zgu{LPlg_TP@tEF%-zkA%66xOt+hZeQNzukQi{l0SGb6EfX97u6-H*Wghz7bYFI5|= zPl^YJBohdN&Cs<#bnnL$<4AzAcC|pjNU7pdS;#+*7Me0A@2*r?rQV1X!{>o_HU{e` zH9)MDC#;uKzoQavXdElEIa5Y6QTDb%-eS8Up;e74vFW&=ZT_*KZ(gRgz(xZQixSd* z)two<+I);1JPW!QD8Z#6nyFmiT6w!Qf+?qo9E1OFqVsRUuR$~IZZqrJephCrGt6o! zS?{PCVm;J$-k4G`8DYHfaO*mLYv)|ro8Q*;4tKyYjY){$|92n!KmDzG{a3TEr{|H+ zI{9z65yo`#aBuKB|8M{2US0kl^q%~`-{t9aI^H!+q5&N1QGQF(`aazZB~ixNpkk() zNnu}U&(i?De5tZg{TlA?y}WvrXZ=H{7VbLQim{v@|5*r!(m4jcF@^p6dsEgLLjELX zBNF=q_;SCSzq9g2sJHf=eqWevzCkn>K^k&k=Xg;F?u;=8_XXq@j zDlla!2aW|(_Lo`tsXJ^w-xn0s60e=C;d}*2U4%>jKo#L|o+De9XzO%?FQE-sL(w|4 z(k%7|@JaRcAB-m8@A?h!%EEAe|M?qY)!-3ngVs>AjdI3?(gw(UZJlb4cc2Y|Tc!n$ zU7kv7SzW*4fq)+q+^W3qKQHI_68@F4n{=iMyuD{iovAk4JdXY! zXF?*sWHDAO06p#`lT*g&zjUNvaQ#vQlyzHegNDG14p(qDvle(3qcGdYB&Aw*ivfJ{ zE&H*}`=9OhQXZdHme64cC~S#2@{#^JLFw-*5h?V)dNW&>skPGtIaTBk5))}wN*EJ5 z+pL9M@Ut{ha_oU^ZQP96R#d+tjM4nsu4$ZOBA41*(U1kd3w~cVdHf zoY+d(+1Xj*LL^N^w_rslMZEjw40}T@0L%`Ejd~zy+73{pCfrP5ti#q!m6;MqZyXo^ z5y6>`>u+Jt=DUIO@;oSlSZ#Ao|J4&$THd1Vs*q|XAVA({ zE5aq=GLMEiif_n5*l(gDEZ(gUegMkYdx!Fd@oOjE1t3a94%-U5*OUwSk;>_Briv|C z9ylob-Ej`dW_x^qW?tWxrSa8K-qd{L}aok9S&1h;KOy&dU&pcA@&H1l? zzB&DH`o{TI#LYQ9$|K#X4kbfs9hWHv6$ndljm|U6!$6k;`kFzMgKEQ%SHOEvh+;#V zbHZabS=Ew`DXbUSz?ad`*fhmr^CZEM}rOAhCNN9nZ+N+Cz*|V_(zI##TNlO}c=~u*B^Nkwj z7bRjk#&8kF=yJi77%_#u`kmmvLzqH`Yzyj<{a6jXK7uu!p<*DcG7mO04sr;u z-yD57zg$^;Sr^JHUtFGlI6FDL{PXOh4&gOtv+4{I7;==q@%hr!_y#E0Q=BUp zP;>lGGwIGR-+z0Yos*{Rs9c?1emFb+4im~brPAl8TbeK7<^$siW=Fh`JWsk||zt&81SDrDQ_PS*c&BIR;8u($JOSBx-A8 zZhxFJsa2C~+h${&kZ@s+z_#>}rLt=e(>}bN2on(vh&6v=>wguHY#OJjZBCWXGNsSpmMKpbLwM4d65s za$z`{S*M-7w7En!R)e>1a;39x1(C&~ZLPXr^3r7yS zm*b?JiXt1CYAZ@@P4Mk;T&Y1fp}Sdy6+_0eL@b2FS+s(y)Jr%ldUa*RC~XP*?-Gnm z@R)^;v{>Sre^$S*@b|WOd({(?l#FOhCB@oa0g05+=U@H(>d&K-w`cGC&(3EO$L!`J z2YV_)5|i4g=Ou6Q8s(wMW0|hfBvxt%?azgLz}d;h1qezpA0zs8y`!e5qn|Ymi*+UD-vr|t2OO4 zDq|b9)us=vY0#C~HK?wpvjR$4tW_OaRl89)+Mv%(DoL0hQga(>IFtsf)rK_-v|4wk@%ESs_nc&}OTX2*8KjSR}8sy$@QdwYfZ zY?BQ=AvsMZCl*L~51pg*t>;y9#TAl{C*19(ej zX^fBwy#uW*$WX@lZf|D{e^b`lpGxrmhY5rCb~bw|qF*)?%x`RpRZ}pNn6` z5FQxv+72?0GDsQE&pf27_?Xq1ORn<%_+lw?LbqwJ6y1jKjkGU=gC9ozas-?(F1(ffR-mzCm88)OwhxdG(009z&gGVta=;LSsU ziv?Q(E~&i13bw7a1{4?e3Y*mY=CE>asWs4a8BlX1W6iDfc;)2j`R30${V!!gc5LQ_ zhw6Z9^uPY$lKt23^$(x)zwhz5;&h}$UK!x|zu2fjvie`XRK)20y}zut1m&i2Kv{Q2 z5;DQ4Gg>I#R#eY*Gs|x+dt0uqr(a@Zc>U71)isOs6JNgAYtN2~q$9P;Q;cVUn0EC= zYNngzrD^x~o#Jm>-SoSbJ_W$f;Y=C3_6OjupXCCb8>Ew|^atQ~e)b!_n{&LKG`|%@ zzZ6**B1RY$s>^EiW7WVxvwHHN0dxh_14hxU{;<(lc`E81mIoW!17+Ru>imO^3XH4* z<&!w22@dvyec$m)=JA*|R5V6R{ayddm;CZWzu)ugGCjXv{{G(o{Fhyjv5xy8rjPJYT-J_kuQEQr@}0Upfg;y@{a|8I>#69X7OV9=i<{o2jS7~GQ`rq3-?EhR_{|7H#Jgxul z^6Wey;fj-(&3ivZ__RHU&p&RPO6<8#JE6V_jdGrHCeOd3^S9UxJD_7fsu23``2+|y|?NqlNMC|~XF+Rn8kCwd;}ycic8b+C(| z5{2h=;Ez;Dj%4OiG`~8yAN2dcI4Eh&y^hI*;1-OikerS(-8~Rlnldgi@;Y!yl28@i z3vN}#6qBnd9ZT2``n_HC|33V95Zs#Es1qh(gk}9*5Qy;U`06Yl@^VtF?SCy%p5%ym zwmhZy8LiLWJu7HF0iJsuc*{7}x|Cm*9jh_c*JVo-(%j6=k_n^9M0FNJH33WpyX5Bdb{Yp)>z2LUn5BmFh#=NB=XM&9- z95sCX;|ebI#gqchlX#(Lc6A%!zrmT&v-O{vlZ;s$vm2ccMlWAAre^7dc~$kg6sq|p z^bUiuiD>K+HW$`YUR*po9l%8n2Wrn9fGdo@&7&JJNU6WPyH5MF>f2X)Dvc<5Lu$p8`5OV6n!EbWfS#7auTBYaYJ}w7X@<8_;3pfC1X}WOYbWv z1|QQUTctc3ZP@eoaJ4oR-H+|+r*@{Dvktd}G} z1&ei#K%F&=h$%)|TnCC(?DZ7)pdeY`d8alerV2h2swBxrD-Rj-yy0-DopKLL^}3vO)XmdcPqkRh zeW=fpsOCM*skHTF4JO00%wkfUphR0Ix3Q|4mWyUXL6hd}0!S2brEMr_<#fbwRV!8# zys3&-0{{8?%3S84!)pUin-IgwlpiW_F)XIqP+9%Szer&;PMJ0uX`)89$bexQ4viSq znR%2UsKi6DE>ohgQY%#z)t-X<5^or~i*{IoB7qVdvx zhoh4ZNAHeLPl8#rz2~GmirFZ)uN_FwA!1>s#=zV=>P*5K4GnH~+I_36lzL7T7%UB$ zZT%^A<=0PL`N#~DdfAM~5;d;{N;L*b!BXm}xf$Q;QsxBx zQ0a?ycJA!#z(sCvCQPF6j*&~E^A)=up$KPs{o0R4ud}`!CpCF)^Q_KXtLm{7xlZ53 zxKhaCMF3ZbfJ7&IcJe<*C<%>)L3XFfapzU^JIhQAe8uW#EW%w#SdO%^Qxm<{o5Q@s z2!12d@z*KD&woGhj*K63WUP_pa{EEQrwi`~{eA!k!L7n0VY0M@|0c5ZKYsdKSN)@1 zB){XL6q90$Cp77@6ceF{8|b4PK`x+js(dwNzN(+ z2kfFUYd(n=aKreul6KnP`XabBzSd$^8((y74%>bBJU_JdFzao9m{X!(h|8{B}BQsco-XHjS4x707(G)v{5q?zBt# ztUASx&8Ai{^&G`ruc9LP>9A@;4y}4JRZ~I0@G|p65vQ8 zy&B1CWCB91PY+axST07Amt>~`R$8sONEsdB;|I8 z=1MuY8!Ci`dAN~XBU&5LKCFe+NQzwzV?Nq(R2=^r7q9ftf7&g6ejWnhlgyZ@%(Rhr zVHoHv{r13yOO?Ej%`HTdd31N|SEx4Gr|$~c3~%iMf@b(=p0l-vjW z$~bJzOJmEvQl@M%GYUd%zg4Z~4{8t7vU;f9m17uQ6kE(6>|Byl&a#PN7@0{5zf|ft zCUiE`TPMtgr(dc3EgKo^Kyt+>_?96B z&&wH?a;BD6;CX*%nb}E?1vAMaS;pZiCgHVasaZnhLi_rr#EN@Gz%h%jg|h4g78$-R zP~8eml(Iq5m{N)aT(gCY1D(w-(}6vg-P$hCWc|K{~y2<>3;$k_iM*5Ci%@AqHS*Z8KToa{FNER@=Xc9LXdLL)FFyu z3^^xSqDQ^AHidouXE-l@3OY+;I;V2sSLj&QsCLY4)`YwjTN#DAQR$>cdxwB zJMUY$EnD`?+~m?Uv{eLiWyyLa+~!NLTVm*3^qr%a$J%X=VD2v|Lin_{Um#%Rg>gcp z$Y)dt%?-Ch*|`rqM>!9;D^Yd|ZHRQ*611m#vn7hgSK=V}y4X*z&c)lYSUbaQ8MB^m z<$?Rhe({G6fLor_SNiq^-Jfz#Uw5%|o8)HfZjP81|F`4ifvLvUBvI}oZW*ZZ)^vAi z7s`hHyn^Kwcl^|8Qhd;Vjl+hH+hMJ@Rs>z-2-OyIL|&Sg!U{xenT*>0^N?M9B^nH&7|tO(f1gQp5_`~%!DM7SHgUz3z> zsEk9mx-;}tVb8wD5jysz*KyIQsM$h^LwcbG@$ueoqRAk3L2q!LVmq7L4qYn7a$(?^?yg|ckrd6(MeTA7^i6W{{WiYPeJL~CrdY+!A=jqw-`F{Zb0RR6VyY(ah Gv;Y9{TY7Q; diff --git a/assets/instana-agent/instana-agent-1.0.2900+up1.0.29.tgz b/assets/instana-agent/instana-agent-1.0.2900+up1.0.29.tgz deleted file mode 100644 index 18f6d9d6e27701f932062e0d9a88493eca2ee67c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 10471 zcmVYltiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKD1cH1`A==|nW;K=>PaXyQ(e9Mg1>RQLOJyTB;Tg$TB>2$g* zh=e566u<(Y6gA0tmOM+I>@3_!@TQBS*zJt@Baum9-vDfE0DEs>!UZI-2}g*C*6A2B z;m_eD`qKuVy}iA?F<{0>lI!Via~j44EK^RTg6? zLXe{-ffLjLxnAYL7=Mo#$CPxywC%w-PXBDQ{dU6(5f2!Sg?e?N>w*(m7Yr!_-z5XY z2oi{UV=BRqg@}2l)tb#_zCq;&bkg#0AR*Y#mWl}^aD*m^h$iG53GVZQCQ6z!#6`31 z!wLM25;)@uhOE+z=!iD=_xAVvn2fv$#6&<$5aS)M3D5-Mr~`hX#2+xs2bla{hX@Y< zErVao$E?N-M-he-{}(txyt2*=k4C@!=HNh#BI0w31Y*@y{-KKWbcw9y5DqXTJ{J%T z5UZ>?*sn zz>olf-XmhDo705pf|5WE1O+e=V?+cFpg{6(Gm&g_z!8%g!1n;SNAnIKNfbGlCNxwM zP@D=1I1&c5`T|J^umAxhQXD7UH@o2C@^9BCy_@UX)0^Atb3hq5`JtyE${HP6$blcy z8Hp$iztbF1HPOLn7vQ1Bi3JEL;$&NZF`O#mCr||AOcDy31E<78gt&~3)K_oP$M<-w?UCL z6xZkiN(c&s!RJDhePSfBHW><=973MX?wD3k(WNYZ5OBa24GXZ2sc1x^B0dPMFDu);hLp=~P#$pBSWI#bxj2kXF7al#+s1UzEmM2)}!Ey%fGyYL)OA6*QpH5**i8H&>@uub1L6(5i9W za>N$nx$T`_FT)|B)bIj1pHUVr;pL>)`{C;PY$-1WS}iYUm%XLj+{r@A89KY{88qs3 z!sTehJT*-+-B|@I>$upRXA~&;1-*rnI6~UgLS(9cfC9}oCx7pCK!~PlGMrjfo6~rA za-Glt?~TsvMlf(DqO2SkBZl0u!cYhUkuB?c%D&@e`F(f$&H44^`OSIn?)v=fSf}15=)cjDn^8l@lfO^XE8>)iGwKN z0x`g7ga9AYBnkm0L6n3D(6nxh*aUOA0_F-u5qJj(mLShF&~%S5e`w=|p_n1Atfkb* z5o0LQRf3*E?X-<~N*N~B-pLmEiq{Ci5V7+J1%fJ+IrA#_^0f6kNN|FccXTbEZi=RIG%6&t{@DJRu#m97D@8sXRHp9-&4*2lF+uG=( zz{$Dw{QCOpx&wZs2?%kh)t=J-bG@}=whZ;`e2?ZnC_Z)IV8m$&Ce%8MvTW1SwQ_t1 z+y+t!WxoFE#gA9F*Tz^kD~j*V zf7~fmNjs9Q@~^AQ^SjHFH|INm3psnW3X}gyBoHG|;3iCna}S*;=QsZ+kcA*9&FU1eFNv zRyG|do7KocviT-GDFt211dQZ3(sCH;US&-Wg(-@ZkbH|MZ9K=yN~OQve4oN}`7D4n z)`YdI6n$1yo_8XoDbEE^J%8vJBb4PAH<+uPF3eEqgBy48VhNKgHI_TfaE)TcUP2Yn4+JE{|cLBuwldrb+IT0SZI}MpC>{ z1e&C_uIE{*M&_6(q9e_Utm$sXaXk+E7P>6hFJM%an-PFDOt zQcXcZN%>PR@fJRH>;JnkiekjLFXGR31zNKHKRnvoE3E&I4-TH!|Bv##d)Imirg+j( zigSn~B<3;tdLqRVj8O-?Y<>9P$x`0=+t?Zg#Ex2Ez`ZDRtM z;?TP7*91n&ja3eLGvoe%G;~#7NF0(E4hATI2}gj_338lIjpd6`6lz_l&WW8Pj~9cv zlE~R*PnMOsQBI;ezIQPM#z9sCF~3eYs(b$VOf z?_4i*npX}T@~2gobv-s;%$&HWf^r&v_b%;bFYIw=?RfBa>Yx%mwdeav0e-{$XsiUJ zwnG#}S3ZYXNqVKDuUY|?O8WXV$drAU{K`OAo*)53D4^7tsUNB8`FwfT zr;`aKuT^2qa<%o=k zSO}YgdA^1jaI%tI&iH)XQVL-a%SL1P4{RlFPRC6vSwDmT%2`!AJ=ldAZ-o#|DB(!( z78g*UVG^l$i{(l|BiV4{x~u4=4ZOIG>LmBn_S@$^b@snrNvT!;XNLnUi~rhdzbe@O zulD!a&-VXgJZ9FQtYW(<|Hk!VR|6;))OC+Z*a6zt%Cq{Tlb+hYdzZQkESPA3ntrog zg8JP6VAN5^OxMj??U$Q0eDEF+OhQBiIFxYYVy6SHV)$!oJ_!x>K96)Kur|(Rh7J3K~FpfVLeYVUGtIq|p z)ccSd2&xE1ddwK29-~Qgwt5?tV-(x)M+JE2Z&hTGt2J&R^3krm?1ns_udnB+5X;sG{YwUl> zae0k~l9RHD{t(HS_AL7yRkbNdC$R+$XMjFWC%@~bR{twQXaeI6B!gMD{%;>17X3et z51;)%9_6Xr#ywSy{|3f?pq*SxWiImA&qpY~fh2(ufX$d;%5b5qVcP~RTW1VPB7Hb( zvSO%wG=!(|qL>31h(w)-8GpR&Xx~Zkp@RS=7f8hu(?r-g$Cnp-MQ$B>MW zt~;gzFceW3qR{%VQZYtshB?Zh_%;j2h04bgQ_k@qQo)PHmKfp)aS&+PZ0ERY!a<(jgFz z1)d_Hj$f5WXh5ULxPQ8xYFGI^>Yk`FFU2UZy+Va)(kP-c<%49R>kGa8VhErL4>AaJ zr-cTjPC%4NjQ~Uhn`cg{ayh)~B#lyT(jk;^Oiv2vB+cJrXt2@U20H7ghET3QO*|r$ zp=JO%+6G%SA9l0%@;5^x^mf|f zVy<4urZeN;7ImWonkpt2Y|H<)Gixtz>6LRk7=M`3*-}Nxf;P@SP9l<3CZ!NX3itM$bd{g;Wp|<>I1ynr3LR?=JPROX+?0;w<+r%~RtvWwSEN z3P>NFmj^UTW`L8G=fj6i&1V5e;KPST5nk8H9avM-$xP@p46r$?vd1!z&tUcX{N(KX z`tJPo`RUEowMvYZs|B>-nnRz@{iAY9mYTd8=fAEl&zFMFv}X;}Quohk*Cix4$+FzA z$fZ=}a4aM&*RdDL{`~T+dv$TST;LUHMOPGf9?@#eTai9=Eo|SN|5%0NZ;Vblg%7|i zyS_tnvrk)m)}Qx^kMb|m$zk*DRMMX+kL^kK3Huf} ziDfI}iP}>K?bZRHLnl3?Np5V@Evx)~QAB4tlm;^th~^*}4zr>Oha(+6_>b@3sIBHP zf?+k+jpjcmZ{NKGA)bO4Hp1(uyp5eTHC7oFS7)_GXZ7T);%RFpX7#NL#ki9$iItUFNr*&!(cL&=?RqCgRsg>0Die`u zT`$TOnYEp`ZsD2HQ0k@DaqN^5f!>Nde=);T9HEijLv}t+X_QRR8@cY})e9`04%mHE za$GH_R`IK?#S*fhR`IK?HHECXxaJhH+S+{17t}0%b#X>?v;=3dM6Na-EUS$Nt!x$E z;({_bs_xMf7>qGNOYG{>eRSu5`PZ2?!cNra^d_Nxx5&s>DqDF{KuTh$y_|2yE{p(+I zUogP}!{`h}aNa`!B_Z#CgT1|6A%Q1|CL;Upd@XpXX0P+N2BhLKsqY(3XzxmjUuu2a zC_qyQ?j1;b{?Q^xL7Ws@GN1H+eJb-;1FS-0yOKsH>3@zw*={8*myXMBMXOeBlQk<+ zNSh8&-ZiVuX`SCat4lzg-$h$-7wpj|f_9%5nR3L<1P9)7ixvdMeWs4!{2DMYW`M8V?_Z z=H82TO}9Tje1q51L|_ZN&ZRL=E2)&qSZ5zG4gqm8h%g_c5Ksa#ag>!)s?yw}XM27? zS%`_&=^TeBfXoE3JeKBLWoRyIVpF^JFu}bPCN1q=(~_cJc+la3S>>R^8d(*)?|JJ< z?cK{Z@+w-*En014Ev)Vqt+%!of+(6^)n?a15N^?W`)er`Zt;3UY&n?4R@p*}Y$5O( z^K6-E7FZ9wJkW>kRIY1_)!1Q+I4v!>7l5ybJ$`l(ewwGw|06wP|MLF7d;72UOa33v z`QIMrS(xph(m6PFv#9ps__FR8&t7F4e(J`5F#vJ?8G2yJ_}@P~ZWrUf4qrWw|3`V2 z#DBThLoCfKmdjdRohoc+#|bMdq5&lDF*FMpn7tSOjGq8$OS5bCV>j;c0GBGdtmYx(ws%p1xN^ED>P+xqWG97ig5HjGS| zeO=KZ*CCA6-~US%CUx__@k4|r$>nD)0+!kThwY%P0x=Bk;Rtcx+tT-+n3Mn<@G*)aFpB6vM?_#U+64?n>W&+Ihi>*BlF-`% z1dVho>x)=fCpNtE|LmC1OG;EtNs=^RL4*nNJ^!qC*AtW>Zws8N0S&%C?ST+8?)f7u zTIyd-zUL2qV=eWseK8)j<`%m3$X zf$t&1G~wXl?3{bPv6np`hX}TGIYxi+w!qa7m*>|#9iKX+OkFzS>6gDx?UEn=*XJi^ zZ_fQmxKSL7$NxclubBU(eQ>b%9RKww&sKUnvuA#M`iS|bkC1%&_|r-E&8Lr?Mu{A; zKff3Y5%W%~HJi=SQ^SBxT05UUN@XEFeH>Eu>Ei?kjM}_tpFWB)6rVooEdu`OVv>aL)5j1+cq;!IeEKLD4Aff%j!`N;eN@*w$Tu*WbIkouAGKaHoC3@NjRl^hcLV>F z`3=^K!IBU(v&7QPjF#4p?|EBN-h$CEQD@lZh9i9e01QK3alNnh5Cl9JqcDloMvKZQ z2QbN9Y6Yek0totPlwDur>oTP7ui{uB?s?9A7H$8p{#(!lZNL2&|E;GlgHj2=4?vu+ z^@Gmo2KrK=^|Onv`ufVFzB(zA9OwgSMVGp8DTuJjfZzb%UjkfRT`X`EAtqV4yQBhj z?!b+DqwX{!2!$$AU1vi#ixgE+U4(8jR!PHF-KLGX4V*3t%{GZj+hA`vR@vP>?}nzw zb11t{-`uvO?wSf90SK$BrtNK6vYhNYlyG|koAHQHGnsRb^2?X%Ua6Na0iR(JjCTQL z8PpI9@bab3G@w>rFJJoLT;rNSeND8v?+g*HDTE@u0n4N)7*f{pyqDSCRo=_`o6bD% zZxtr2d(t%9=uHbVQ=w*`byIl5FGa?w;n;2Zi48tlpfZ`N_ViR?(mrdHR>ScYt=V|QQ4A~pC&TrLyf!k38VnzpW5Y6>H zwKJ$S1UHvrF*L%IzzE3UHHDE>AeDW=4Y?}4>{8kP?ZC4aZw;}z{m1t2EQ^RC^QU~e z5_@ae07Z26^NX$A*B#HhQgEcaY}a8@C=8}~H)KcT00QMWzx$w0AJZ_4dMUqEtd`%J z_>Jo$iXCu1dgSO*PCqIT$m7=`y%mZEVTMd9mms*Ao7*= z)|cH$&KXd9?IR9ehG|6dHmbXXz$Zw_9lEA?F5wb^U5s) zuy9bhAyb~7?qp9J!zltM-8Z}7;_`3TC%v2N+tZud>vO5GPJZZt2@O%2kZSVB53b!x7*ICCID zvsptc__tTQ8L<>DSt#Rbov**W>fNN@v+Go|YeN6+RbHs5L{#5Q`%f-EEwMj{7{M*U zb>>fEKea-nuGv&mVL@U>oE_69IdHjFDM%|sQc`ikMwMe=5wL?wU>3| zs}=DUde^A3_4))yeb7S){A7(O1!YG8olvH(hK4xe8)-euo-;l7%S8R?-b8!mm;>t~ zH0<4)M0JFwW=8n=?3A!&?73>R$lv?IDtrKgdqkvlqwDAuz>4gdWamwW!X}51r`raY z_Q8wWp3)T8S3m5ig$E|!JYh6OyCBvxRcgoRi)}5qL6o2}yp>p%X7Ac8E8prBSw1{G zs3PS{JPvzVOhp;_dzF7tmC#eapde17=m7}RIk08sz%Tif*b{J6fzf48z|q6GlkBN8 z;4jRV#a3i5OZ(E#5p|(hQ#@(cpoby^{gY@0=lrqRyRXoq8BsZHst4fus?^b@a@9Ub zxR7h-sni{65l3g_VPNa9W$fjajr}4~uQ3bW@}j4Y$57}b3awhr?#i|7P7zZ7r2FOx*ej&%>KE7xL#+2N z+-zWK4NE|{58}jxF3M?G{uNMG>V&lj zLBH)EJyGlBA}0GTQK!Z10~v>J@HcB91pTA-{u8m6?%|bGi+m|3^p?>rO3mmk!}Sn8 zm1@atMwZx932+|BQXbNivuAcybDguRn2K$}97lUz2O06efy7xY7reGq*Ya)Dd_Us;azV&PhoACX0{tveyc zh0b~71RqPgSz2F^b37swX^gIp5cGfg`6-MtM5YTCM2^jg$P_cG*_uLzl`BbMKdm0& zQ`wv~8K?T1sB;}N12Zmdo_<{qQ=&N3$%9b{9LJ3`D?xE{&?#e}W$r2=4cv{Q7Dpn9 z?;r{9^lkI4G3DY;`+-r?%6wQ_TLxBnx6!v8=TF$Ho8b)eID&KFPKU-l28HR_{R$!m z%2`>0aF6A`(4*KZ=NPEpJd5)A8cYs_^)}D;kB=Tn-&C+ywTY&8mn=`8vx(+xp5=3= zJi;zoO=gvxMN{VUVY_L1((n%-ZWHeO?{YDg3DQdM!Wz`6)s72nZNN2V3 zBH#|a#av)Ax~mYJpqa!L3hY8(ux57TLhb2R-)xv0DehLbm-Rf-a@S2Yr-`3V35wBN z(^Pk!v{xu+xomRDI)p{BtQ*=^f0ReDR~fKUFqE=RpO05rm%*oJuVSXlx~c4S1qKBL z39md;tU_2i+W(S|VsH8M{a#&^qrHhjB(y0cP%tJmq9crW=76V6U+o!H4XI{h+<0)h z#86f+X?6jZS_=;76#e{SEAvWdiZN=c<9@Ab>@nh%MODK*^9?$BBU818##2~DRe2gp?l%jvxC8ZhJ!&NQn#SkR3dK`W+SLh zkSOQdY)v$QQ$&Ch=v&)*kGnmgoNi9Ehg`|a+9Wf}`&V~7uc@7)9Y0erf$`5T>h7%E z*#(q&&2*UO+;>zjpJJ#zn(Cc7QWqb93HZrz$Nu?+^T&?$ERRd|w6QowIil>hsTWO{xc^5o;c zU>r9Yg5d;hG6rl}{O9p;DgN`|==eGQ>oK0y6`N`9{>CM?RIJWAH8~x|9q4uZSjt` z1-^kC2UY&5UNhZy?>NC^CI>_QRhX?KI-pVG)`YpaNI76C2IU?RbNjCoYmyi@A()6U zB0{PNwc%*MZF8WL0;^0vVjiOo;6jdj52OyHX=<5~zOKHZX~;Q&H!9f6#YYwREPTr| zd}G46++A+VzsX^ov1pci0VMmATo zKu%*F38xF~Ot9{&ygZE)^>6F%0(^F_*a9cv6p{di%g2N%sNkFylDg&@>W%3vEnl#( zD>n}tnV1&TO_?3&Gi$fyY%(W4rn5Vq4D6u4!^5&9Ec8l|s0#xeodH03=#3c zg@;^xX^Dx_*Ro>GJEp56HIhsQh=CW7186AUSzqriWk0IS2R6uqoiEj!XNg%%p&$FUzQQb>9q!nd^ETqlFTMnL&lJ ztJ!RfNP6a2W?P?2rp!NtZS4a8xoqb{g-bl=?+#n2m}FaDbgg^1qujr}x#`*gtOl)d z8W&VKjc>o)u5cQE6m6#Bg-bkZAMi!2X1?M+=u*zHT>aVYf5=d0LFlu~7$S+z=4tBM z^oxy??wf}ForjXXPC;!}Bn2<>vUG~KLoXIot=IVgWw}POt`gIb|7T75dAIdyaTdN8 z?56H5NC*~OB@57dEY|%yZ$wGqJw%bT{iDy-A|>zjg^W5y^1SM+>M9sD&Wwxs#pcfI zMa&+x_cy?5mW`s4&FqTSg@a>(*SimT$iyqxT^C#FQukZ$yR*yQQejk^XUh7LGfN};Q%UGcnPaYde6`$4CGx_$)}K)bDvgQFSP^@hu_6kg z4omp0wIni@CncNWcVuAfUV%9U)!y?kN~EQmvFJt@{70GDHJ^_IDoP;o{ou-yE9cueb`K+MO^Fvur!Vh~|8Q+w z<7B^#|JAnuH!lL^sJ|(W5M1hKC){aO!?-ZML$WD5+a3+b#`(Wds;b z))H|3jI{duBH_Bq0}^0k7%Bu@PTRUxM1x9Ax6xn*mFY+)SOgBo^jAh$WSrD}UOvp1 z1!Fvjt5uG;t2kbKuw4;`;i~ur5g4o4M~k92%7d&X<^^-b=&l_$n6EZ+9%5rxiSVgi dnVz5L=lOYlo}V?I{~rJV|Njz~E#m<4002?mRuTXJ diff --git a/assets/instana-agent/instana-agent-1.0.2900.tgz b/assets/instana-agent/instana-agent-1.0.2900.tgz deleted file mode 100755 index 2691693f550b1a9bfda8bc763f31d3fa05e40cec..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 10460 zcmV<2C?nS&iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKD1cH1`A==|nW;K=>PaXyQ(d`V}tR@XYN?U{O-*jkp|PN&ml zK_n!hrT`WIrKm~Hv*cOwWM|<?CtICy*fNp|L^VX75{G^e7*Ol_Tk=M`&D~iy_ate{si_mNkrX~Z~@t$ z_8yF@$lM>~frL;21*U{|JOBbHU_?iL0ELK6mRUVA-4~TJ0Ne4{Z9*pDk&qmvCH@pz>fZ zGp=CBD$R(FXmfvWf6tG}$eTb+1jGa}-tn3MO(2ds;8#lg0mFQN$^UhT@Bq*<_|<&O zYRqsHVL0)Bg%iXp>&)yCca=55NPf!76DY=z_(ROcH8c_Z&8zB0oF*(l zstIfhkFXdg1J!P(Y%5o%8PebmF>h-7Tif6B_y4-L=RNhf`%<2~{-44qL44B_z+(O1 z-rIlms-XW5+lNQb`u{PWEj91}=0J=QQ0)(9V;qc?wgLkL5{^Ou_4fhf2r#5aqOK_w z^b|5o6P|wI0CG+P39#E()UX8{bwC6K z;#Dx?B#OE;!oeKy7zNVQ<6t&c9RkRY3cRL21+M{TRXgA~n!!1jQi^Gqmr+bZ-!U@* zWJq>PtVaQGKM5*_7z{%_5HrSN8gh-)HCVyB4_*nCpb=sYD)(OKpWm zWRkYV767SLC`j2o~H$S&u7-lMdMPkJO(Lp5SUW^%u*eRJ#&fnKxbTp)49~l0mr$P%tX_GU%4D z*Y=NG)fhAScCPed3jF+{cYS2k~&}a#ctIO-llgrmj@fc{;xNbONi}Bp_&aRf> zkWgxPft=4M3zzV6-0S^#d3Cy!7Xz)9m(z>hQf_W#q2&ynUi1ta^*Z5lG-95bCYkQ6 zf|Ye#?9MX^l>CC;!buzf-GBtap2Lc6xkrecL-bxjMUEB*hxw zu0%Bz(s1z^iYdp!=pSh}$k!l-(r8t)(S#;MWG1jN4B-?J;8cDgMH`|)G8$nr0_u+` zifF7Tj1v}9j`)rT6#R~v0c`a$aXg8oNpl$^!pC?h@{_X|Bi+P7lyHFjfal=r|5LebxYUGG96zM8KPoZ|& z#yq7A6Kn5ei+sgvgkXr+S%d;X70R4>mHT=>GfRU2$iS$uvvi53DX{?a0}QV{|Hwa7 zW|6Wa_g@_yc^(_UKuft-YSyc7k58PHlxfrf0s%vEK_y3_`ej>9TC_Mo$3Y-_Y8_Yz zdbx7T0ZTa71yL7Z2r9Lc9(U(MK&a3fiiDuAVfB^VSb}x|OqZG?M5H~0LXdDdS|sFQ z5=FXOp-C*QRRy$isTk9+hk}G*F*oLCEzjLzQHO20UZf2Fj>1%9=Jy`$l)nY8&~FK5 zh=aatIp4CT6+~aM*O&TXhN4KX9;7b+JUArdH%@C6FS zghq6v+OMos@;IJ)*W^Fv$?yN!CgrV*%j>hAFW!m`;8=40^XlmEps@dUbl5(8-v4`y z=iR#|z(ept>WddrdH6r*J>YcfX{X|2IHoRj+A&*(dUn1;a~~9+I&d)Jv;-4sokdx;>FHWIz5{N9%zD=nhvp$f zaYX0JnzZT>lYmN7ULcSVfg?3{NagQrj^3fUnhO?^-_bh~V-!t55|0=R5qS3w_*eQ+ z&%cnBK70VpCPN8FO?^xN{_R;=Hk;|5sq8Y}eD&g|%bP1>teX|Z_h&!tl&Yj1$yWK- z<;B_U#qpc79l(X0y;_CI|2Pte5h(B!Me|+7@&wMEhO&mI;#9IOCmzMVm0LRL3>lpO zIE6TZ0~}#7*X1x7QZ~^`7fRAi&Zm=-JFIN2lh-%B>$9tcvTA}#1a>Q%4wTJmy7T6F#NfD!WHLaiAF#_o!4;kWf5M@YP9(< z?)cvM5Eutp4a6K5a4kHuFD^G05kt`UAKv^Q-Y7uRc-QG|b-#1H&}m*dbc`FS zY+BXCroZS?5gedsX)~*`jasH$nd{%i)f&8)W~w@&ZTxQoG;SOB7+XtDgCtK&8OWbj zUDWm1d@*z4q6*4s{N1~>o4v5doweh^->HL2^wgg3D+Txs^P{m6klGGW6kYioW+myB zj=pLISSso3(;!p!e)1~=U5)$WFa+O8`+I@}455HhXQqCns^|0NU7t=Sl)P4jHOtl3 zTSqou4OfOEO|dI3WBEv(T@5*PA(uvAerOeYP`R=uBG9B2Ez64XI$|Mg4(9n9X28ix zayjGkaZ4$LMJyYQ;oq~BxH%m+tz`WW0w`xy?et(5X1o;w_dd z1&w6Gjq9$Wmp1U?HmZ}{Q`>J3ed_Fgy^>O^{s)HxEQ|lzYkys^|G#b@?myfAkMWpU zgR+Y4ru-Y%i(L(%Tu|2?CSeC?Un|e*k4}1O|L$GtF0f#t0c!fqb_wct1AtLS9Wz}w zYqei)((u81Krjgr5#Uh5k&B%UxQyX%3Gy__g?ZG`8w#%qAdqxb?armsz>=cx!Qj;) zA^~_0eoLsxX_)dvZ<^5veQy1KuyYYKQJ#XTaopRKd85_(iS7(nG(y$7spPF%o*-P+=zdZdt&5x9$iDlFwz%7_W_sA1 zvYFX}C6SIlC6rv5)yvJ*YXi3l8g`Y?NMDQ*jKuhN`C^LLfOo*pjS&)!U%V!OG5$NF zNvvKDpa{l|Up$cQr>9_lr30RV3>YQ$MGoXHXhfK+|7QkR0S9_35K(TxHHaKrKE=mS z9N_>;J3f79;Cl!1-<>$FetshR*kx zh9%}?uMa2@j7AY+PE*rKOo_xNph!4!D{4~ZbPhMjaE|&Eq*e$LS`vrmS6mI3ATgut z4wI1?#x;o6>Om{(oQkgIr*81|#AN+W$1SW(l)EBaVeh3(VXQtE$Wre^ZXl>480j%% zh?39GjfA6IO=TfVrkaa%W6c)Q!u^4#o~53j&-JWe{|zt+<#@ig8Mtiy-+pzJxBvF{ zjt=*p?Z3x(*0uk>)t%wL+6?5$;8zp~WeM7S5BEr571FAXLDty+kmK?S4J9XK6a7At zG3{CQJF03^kWOL?8qNTHo=(2#r&j+fLudly4J3nEw*GG)9v1ySUhO^me>}=lxs7|G z8vhN9|3Evrmdae@v7e7negjDYBLJH*!<6AdS;MvsTDHy@ltlV))?~#{`Dh4F<3%wC zFc6744>SIF+0nj};zI`kN-mI!C#H$8vDm=49HvpW>4$tAH6)>OJR#I(@*pTcoI{3{ z`<^<{*bH-&LGf)Cj&qfdC8nI?L8O8gjV&?65#k`wvf0jY)r5mUwbQmq?E@Jy;3kNT zGPhdH6&Qet{-4jeKodY&h?oz0v91A=}Kpnp-kI;Zd zk#YZYJJqi8d(=HqWnPL=V0(oM)1*;EXUYf3MAsL3`}q(+6&_>|=uQg_NS%NvlNtet z2sY20RONDb*GU?s+@wP&;h3Hj&`FxV$IxJ-yA5>KQ4OJ7f0}qiC_~KvaS8(EA9Xj?e~MAjDj~kWFXCzb)!U z2Q*boF4&g;ZD-bA-qI`Qb};@hrL(1qk_By?*?!OF-WUDU*?;L4>u0zB+F$PC2R z?YE!pzsGngHG!NJoNZ0VIUoy@sftcBo;8_83FDZzQnT_@^{L(;%0WO*s}hFwP}1$Bt2v#Z;)*Jmf!msct= zTCNt*hHDOeKKGBxDOqarYMlSNyf|A5KGU8xP)prEr(Ktj;3Ug(!y=bbmBX=+uw2Jp zB>S_A)9&T@#d3jHq!nFJ;CV!=HE%`w(6z9AfA&)qj=wQF=@dQyv+VjF&CNb-@mYV~ zD?ZAE(|XuP={JzsQzw__(($ zvMiD-wN{o>a>X{w;BTPevXqo-5WB`e&ERj0SexH+9fD1^%e9EMcs512N|w0>(Ko%b zt91xg@HZx9n|X5`DVsc;Yf0JS*`Sn9FM4ar`S$dpx2C8ik`2(D&-uL))!$uTcW+;x z_pZ+_R-`$PWCK*!CI4LAy2+;kU6GGEwCizXsrtw9568Ec-4gaKa2(54#uK%t4%)2) zK!;9xNR!;yrdw9|{i2A@bSMpGC=ks-G8|?_6Ani@eDEJXyir@tV+6x$t{csNPTszI z2SPjrFKmR@QG35);ZsO4y#o%whYxQ+^Pm6h{O{RYEH24qA})t-)Ymh{C~K@TDlSiJ zjn3-HS;f=VOw8(A7m9HwT@ouRwUQ8t`nvimU*9)m0`U)4E=iEi!96aoxf* zqoLGGt>f4UB?7$_dH!OCr#M0*yNB$2oYE+npf_^e$*UJwIvue4sN}d>P_5!uTZ<)R zL9OCfTWbngb8*cnWVN;VoG++Z{OaP2=x7PfVu@UBJXls64_etOyu}4&a8%u+ComXe zf||HE+Fh7P1g)Ba7EW%vz5t3R0}ZHrZn~(^C>5VG3Rp4z>p;tpr^5D2-*Qg=DuKp1%}Znir~D5 z0!l*O0S9|~xk3U@5KTn(-T7MZQq5lHZw*MrV^ZHYoY3Bt6u;E^xKV(n65KnG_WYwo zkb*cVwq!o(|N2zsuLf9!#&#u*PSXDzg|gjBS}q-z-HKMN+$L*Qq>wfppuB5Vo6|bK zdsdf#I=_py;x5>uPsjnCOdtu1v^83TgwF@`ZHteKhD4(olwR=&p%}FH!Jq#OS}=}V z=H8a37B!~i8=Ky~*_7khKL- zPZNPH@H&^qJguZsDr22}#5e@R$sodfj6y&O$iz`rPN_+P?lRJg_K4YB257F%TtEwY8cYs|A{rdeP;@bWNfhFUA|L|4282@#6@I3w>(ztgMs+EvImFw`)z?10-O3J(saXF|JSJKUT5ts`mZ6_Wc#{toGk%pePoyXWQ&n#5v$ikbN{mZIbW5%Gh9bP_>4G2ir=xGl)&ugU}5{B7+# zOC$=vGjCF2q|w)9Xo%l-Ktrxb?5dd|7+#WSp51;_EDjoS?XY_JhFxx~Q-#m@x)>rl zTBl0hvR@ln<$_}olyz+QJjT^c^E$lg61K|MO!by*&E5nPOgg}>_b2de2fR8uIymym z?rTLCHI|TLuC8=cwOJCO4rpA-x5s4OP=1)NF-hLme^25#Qn|BXWWwz0iVnFBVXXfC zU$QW%oBxd;A~Z=ZAG8QqX8#|ykBa$!UL8Hp|Bv#loOZP)-&-#3d96A6ff3M~UQzr9 zj_p;R{P_3BD4OVas}15{jq0XX1e6h&YZ(SeSLz+|)w7>d*#H~J3U>^&r*w*?3q=~&hmv9eBV zc<2AwF`<`~sG5=_X~2RA6XbjTY45ftC_~;BI8g%{{BY6(A!gk3M_9DfznXl{ANRQ zL3^*5|D}DffA}2#^(fC)dONdceti0f`KOPNeERtFare!qkDNw{9I?N=7z+{ePOCMW z&C*lDfKFOFpFT=uAwGQ^QugWN1P6@Tyl9_3iZK+QKI$z3{^{fS^{0=Qv3yT;weZtN z7^i8__@|FU$OU4Ogz(eH5Jh+@{~F`bSpKgrauD-RA2SSt`KOOC5p<$9ERXXTLq3$Dn5Nw*E`5JFq(7B{ZAjYUNf8m%mIxBo}_mJ|D5>^){DWC5Hz#I z(#?#P){gIaTT~_m%A>wIDUuxM18GH^qcjdjp&Ch)^?`bC2@Nm+D@rmoEXIVG)dX0c9D~5DW0~rOq^< zR$nh)`ru6Cnn8U{w7KsL5w0nOBE132q$n6t*73ZT+1*v%%leznJnwImfeGd6CI`lM zB_v_V?WgtBebPJ`4soE`7JNr%Xo}dbly~|1>Hz|((~jg~+w=^|1qTDjwX1^4X;8Y$ zjzM$FJtVoC(p1ucO#ZIma~J4klJ2`)_Ej??7}}c{T*eH;Dmj8gKqpv~3fWur@>lbv zqaW(4v;<-kb*-08+OXu?Ar|48@0}E)O~^5Q3PT}2XGM0^*yySs5JyPmtrwA z!j!-W$l*1GkyId+eZdX6D!uGd+5hdpvlnj-vAO-n_U|l^Y}{O!5SsfU@n|fx`b!-P)^I^%@GcUvBR>63cn~+sicql=Jh-Ed#J{P`M#fo}TVx zPaDH20>|AqyWsrdZ&$~?>#LiS>zk`Hsj-fK?12dlQJUpOYNO-s8>RiN0y3k5+N*{n zF}s$s98nH25~`V}oC!gROHYcP_czSA*tJP*V75__-lT=JmoGl-Izpmgr;Uj z_;7Yg*fRE9HCp8FePIzOLGWAw$g7Th38P#NAzEK9R@ZI+d9^@=PX9v)PY@;M%dy)34p zjQqXIzo<&+sb5eKCsA|{gy|gEGIQYPd`j#III6(tvM1o^{@h9S)EV$+=F4I$vX`ZO z>F0<#SF9g*zDa^Xwi(QoHo@1aD7$kXj8drpCnw!wewW!4z-A* zGjcz$b=WfYa?8ekk*L?03uz@~OHy~Ws`kDbFB|E7-k1o)hA=?I3C*(iIFG}gTpiY- zeQz2}Wkh+=)5l{dbP|PDt!8)ST6U)hsejyk^91Y_(suO=?1drL`xkCDFtrB}$I)Eh zfQ&#)mrU62LI2%{$KtNYUKR@2FA#N-hUW)yVnP??G%WuLC@XcsT7;nA_K%*Z^>PuD zeV3?{V)lWI!#DWbH4uXSQG5T1*h}~DN~%S^loNW(=oY1B^p@dz2%k!|B-qMyQ;a)*;P!%HersVJvF;x9vcFU))2QW_yh03KS-B2Ga_5m%S|ua593 z*((J6_cNkO6GNJoX1%H5Nhbz33qgLxke}9F-qxGg--G_%lTGVRh;gBFUOU0Z(r%X4 z7vvm|$V3{Wt0M&cpMQA@qYRPhf(4Odb0RXujB2)~kYVLYQrJ(cNBC4WXHCYbz9#BS z$IQTtOPi-(*Ta-34t4Ti6avR_Bh5-s+#Gbu7-*ThN=O5Dqo~D^Na9;a!drdYd}~a( zxYd4Ol(aG*me!VmRo-p%Eywv2_UdLh#XOGS9Jte=agRY^dUn5ph=FoemLS|?`Oowy z_R2X1>Nn4#e7**gLt(wmv;9{`kECxZ*sIz^)4NNSr-y8!Ih$ws+$oQ+i&m3aC1=r; z`Mlq5nw~WL!^hiYs*B5WTk*#+QeHK%9DHZb@3k+By3WgZzmDjB8>9TGrdtHG+K|#VR&lIZ=mX7v6 z=cCwLK7GGe7v*Sgq7Vsf3JDa9361CoBc3_nDbrVbMpZ+q*%&t-oGvkx6-=64z@^rL z13E>&yx7XT5}IO+n(DY;s~UR@``&mkoT4d;Xsk?EIov}uNJb+}M%If?c^vS}sm`*) zAVc=zF`5WzM#x4E9e4^|3U26LIQHyd@SoveP>9qmC^nVITZP#OsuLv2`8Hbm)IsWT0p4H>O{(#|MV3pu671Nrrso77%zYJ49UqKR#5vz~>V!D8e z^7_0%T^nux{Pxd3$)VMWaZZ1*|n2JHUL&V(v>%^KQ#!Uz&VvLB8Dne~I8gSbj z=%m0Z(~p?Pr~|l=_FfMnO+wyO6 z7-uY+ zxn#=xec0A6@DF7>A1YkpIe&N9Ld7K8`n+r1!yV=R-Su_X4q!ECjnlZG%4vN2<#vVB z_@ihu6)#-kS^I!5Vm0#>_d%C(j^*mlZvR7uItxOdUB(bebT&^@*QQ@=9CzO|?C(63 z^mPhqvmz;Yk(Z@Yyd8S6plZF&2Pn%ml694shWtNk($BlCSBtaoyw z-ea-u-+3cS3hzFOr0pL)REw0n*B3JC6v^|dud1tH)HpLP<`{D1Vg0#gZB>V>5)u3adodJp_1Lc8gm zU402X#^#n;&||C@{^A}}>#M)4_n5nRzW`yFbUF+B!|6rOUo45mZvD%<#qH@uZ>cb< z%`;_v$(f~*{i!7Mxy&)wJ-%9Qr4o5zUFpv#1eM0bW~_+4%~%nIP=_V_)>;x7%af8# z@r4-^PIy2yx9$~Xi&tPyLACchj1p<-W-PkV1^-cIc8#ZgS)g^7NG}xZMm+spIb=J$ z)q*JP``%ABx!iz`DBSnU7xmgpd<;dUqn=PFrRJ;?6T8phD<@&qk*abtZl|f`Oo!S& zRX!^ybiLU4HV|-7@@x6bJ*v)^-j(3OGK)9*3eg1{-091EO01leGk#KO?RFzDT&P z@_+=`7={V~m(#Yc715wl(`_`EL1jA92^PT!5owvA(8=j)FS<;xm#8@Ht#8Ob|GAFP z1?_y#W_569ZJB?$Y)CAN%c$zb_2>A7178Jv0sWN`78xgXpO+8wWx*Kt;%b#6?kbKK zA8c2IVYn)OK?KHX_R*r~jq)I?iFv_XF}iDq4d$zjocq|=RU&+9SElFZ`FVbxpXXDc zVQyr3R8em|NM&qo0PKBxcjGp)Xa44=s8!FL*oi60k9Oy3CNt~UPOfivyZhLl&bgaA zn?Phq!k8o&0F+zlct86dJopqzQFcF)3Gs(5@lhxgfU3f;3efFW!j+r`lr2dTNSDRP ziDZ0qx*%K*S0oHRdu$nx$K&IpBmI9o9#{YG9~?gWZ2xF{eDv)2;Mw8vXXE|j{e!2U z!T8ZNcPNRFgnu@EbY0cP{Z0yrA|{EXED{q3z$20bY(DgelmQMY8+phjol*2B5ECvV zi8%;PGhOBJ^xC$1&-X51)u^*1SwhYQP6pWK1c>3iO3v5F0lH# z18@?@0rj-h;02wbxAFoUIt!+_UPu{>$!IjEa*<4j9t%gN5obh_QDd8^r&vv2zPq~{ zn#Yt_?qb(tk;F)jk~m<*7o&sm!TxBxKQfHD2jhdW8?ZTZufF@nopZ8s=NvH_#?jmf z35_J75ppqcT)>dfU;;5Gvm^+H0r3~)e`l3B07m-u{{FtRp*I9exQCkb1KYk#drx=X zc>HA&+kX7i)8pU1H0u8)2@(|V#Q<#7|Kq1s{eSrMxYz$5qda+1Qr4Mv<~XN9^3?Y;mZbog|CJaC+J)VOyzT`+d*(uhiBPdLU*P{|ab+J_vc zX#`eZZ`2-+B=ZRjjK&x^4w=mq<&`23F&|F~-xbN96Uxy)OE`_@*WLpCB%sm!Vji*V z^7&iz5^X&6JBH3R2Ixt~Z;*!~y#e4tNTjzoe;acYA~mFWap4vf`je}e=_&&+1`fayIi0O0Fe8CL2LK~74KV+Hi>q&`x-gJ|7~bMay`{M z92{5l|Fh$Rqh9}ijB>;5ya%};vep*Bf(TGjlIZUNPojyVv_UdOPX^#>XI;d^!>`}H zgW;8N;fI&$Rk**0IZE&`4%jNhND6QR7+7C_?IpOsAAD-5{BcT$`TyergBZCO%J^Zf z;D-5sus^QM|AX<<{eJ#`l=AM~=nLokZA>CxFLu>r1~${5Jq-alUySbWop}SCBl3JUBkoA8B}<%x3g04BVU?M!x>+XqHbo z5{W>vTGU!~1wSVw&}apaIM$6BI^UzAuAi5x4%ILLQ}jq85CjXch)`$|%qRxF0KyRh z8d7Oc0lA<8cBU&Wp0mqq^(>9%AY$}(w~>_Mwk$0=%S4mj%*2yE)A&Fq`2`}U^e5fO z$=7)&8N9E#iwb;tOv4GnQYrUu#%t;7)(pm+Msfy&KMVKIVo;%G>fL70G<`OM=?Z1S zBi*SnSAA4(2ep^2hsPE@tzXI+`ct~Fy0jgT3R^!nOz#$-PnSSVZ>0D0cO;pwKd3JL z3X)w*wZf?p^ytrGqGVlWvC4oZUKQh~)?$5mXz5`8y&w@1IcEVr3=Z0a{~YaC@SlVI zql3fV{(p?(xUO5m)A^KmLz2h^#-Ag)+|PKc8DM3PB{ z8^3#(4xNpj!tnmyefMsC$#8$~8vLERYScMA2@JkWV)`9tNvshK7Yd|@MF5*)hDlc* zTf{^dsAFnxdfJiDAAJnaew?G!{{t$_hnPr>*tn3ye)__lzWAQl8VN~cQsFM;W3Br4 zP^lI1Z&4m8YmbtNx-YNSvjdy(pW~;875#s> ze=zR#|Hmi~SN-3Zp-^i9pt}hGZ3F6YqmmV{L(fs4uW+WSOQ(Aa>kh!W(fY8AIwG0= z3q7eVmZ|(2`I35g;(08IWLCdjeA(}sm}aWBjt`@qI?VqZxO-qUaKrq6_H2K@>i-=a z_4ywkr4;8siDQvZ^|P$oA3Vi#ltay)j>8-vAX5yiVJ30h68ck5Xq0LK14Xa^V%XVg zuGl8R{r$iO0d>Xptt$GgA6X!$lFX~m*qN*!6ES)wv}OW>hGQKKd{JnEZNvjb)`?w? zIw3_EvD#(7y?Clrj-i#-Zy7E0swzQ==f`vXu&(LYJsrD9J(hNp=7{B)FnJVpLxM{l za5Zt(vXCucbALa2_YP>}}f@Qx|V8RU?G=m^D-zpqwq!vP;!CA#N{I>;Xj=wiXz~imLm+LIPE3%2 zFj)zumV}D-Ya$mD7;(nrXs8}8J;IUrucBZz0m&0==fXxkH*i5ZurTt-(BrZ@Cm8wV zdTTGbrRroD>-@R29|ZCx@{#(dGji6%Wm=MT+uHp`4l9f0wCE_vS`LaAClfdrkHgCK z5JR1`^K}2ol*=Pp{5zG|3OpnxYb` zX!K%!Ud~+c>I8}r)Y9|6f@J?q!T^4SNGX9x!dE$wHRW8XI!!msA0VZKL-T^IVeO@E zRT}FmCiNWD8PyF2)no$}RZB5Hu&C1lG0bn3``yA9FPV=M7$1$t&FodJZJVVv6Xzv~ zi|o}bJN3IwW2QjZ&csH>k4ucNb#>`N)y8a+YN@89gK@LKA3H4`xc={e|5Q!E)+o@% z{O`kY1^+oXJbc#UKOdu%@E<>HO=j4F+HgVV2JQ_*qvrt=)hvRbu1M>jq+}M)TRF%w6ug z>%lMwU`A+=a7?|)ZwU=D5vzBWp%om9%7Hc$Kh+82)d*Qra89G^c4%Y|FZcBaBb(xl z)2s87n{)f+AFt2SFKdyv`uL-uKAz8J8Z?JX7U3T;6!%F=2mN2`-fm+AHs*gE9aZCh z2mSt^k5e9~|KDT-;zL=0E{m$)zZtMiMAu^+mEO-NbW`^QDOGfSM(BDyI#IJ%$?j6J zHYmeBbW9*~T5Go`t#3|p+ZvzQq8e*tE)E7+*rZ~BN=9hi44K;jtJe@c9>?|KV&=2mNmrDv#I+x+(wTU`_vz50Co%|Bq5CTj|qu1=Zv4DeSuj z-*i!ua-}BZtC;+p{Cm&8PhC39|JoJ8k2Q{blZt4a|NDoB2T!Z(|7TD8{eK^)tmXfb znBrTBkv6;a&fjSwBnz*sX+1*?Wmet3%E2Ng^v+ojAa~~&4R4bvP7@mVsJE79M?fsc z!^7d&0h5SIS#(1~6q1DT1fnF!J)pV)SihJ}699iiZeRht{bR6mgN5!I8uq5!+ zTwfxWz|mv#i2jmM7G@V6f;KJXn7N*k5edwSVh>2XMSm)%o>Jwr0^?P?outcK({k1+N4}qZxA3aWl?B zO%WqMW;Bv!L#JLNmq?0a8d52;usldMgj21&VTv}h-XFq61g9j#;8eM4A6o26!opP| z-7NTO7F+(Hkyaj@DWrjQn3vZvdZkI?qo7<3WU0JgHfz#j%`+5gVuSVEEKtuEb25pV zO+s=)BPoDIP_Q2mGhYlVq?)P*s5=j(g^e@)Wr{+-ma$%BO|RxNr4=*3%FHH)%zd08 z-}+3JR^AIDL=JZ}2y8V<0i`#z_|yf}KG8rH%*hCXNGfJ#=Wiwn%z+d=zRcERy+2q@ zLW+UE*GP7nNT5>BTyMdcKp;lYy1pf4T1Ntl5EzG0O*ykMyOCmnouQUMPL2u)nUJ}x zQ@f+c-%(jTji%Uogt^`nBqWF=R7~6vUK~s2 zWFB)u#7?FKt!CP5Jh`X2nwoCf1C-uycMm)k#);lRuG%zR0hJm}(wdmFWZo_j3@oFm zsnngVZI*H~qd5$WkOry66G=6ov5u)Dvs4hBVRN9^j( z)x;KbzDWC!aC5d@c}&zzUd^7wuwm{(b>f{wfMG0Gg^^b1V~IS>T1bMRk!EV_gyElt zO6O5&M;?q}M-M$JKNou1xGdfs!b!SBXeyhTida^&twJ#>SPRjt{>EoEX}}_L807$U zeJRV^jG8nDT{mVAh!D)9%5-P_-%1iHL(Pb}xk23<1udX+=O(JPftqRMrWO^(Mv9>3 zxO)F{VKd#^TL+uReIvV#Y+4`C-swQt8lUXM1>^Vb0fAdw85g;Df~9)66IG7JxF{WP ziz`jY`qUlX@80vK++wY>QCHTCxb7>>qn3o$q}#|3%ua@YqV{b&zEkUJww2hgo}1Zs#;j##Mp~Sxnou= zdi87)hILh)DTayA3#^DmuC|vcPo=ty)Vs6EOZ~IXURrHuip{KjCslPXN|khw|6EwMFSzk9F^T8`fy)$WsY3A!!#8F?anC2I3OPS;A^MT zEZ~X6IrSh!K1Z_)z3b@jY*0+uda|UibRCPSOWlPf9U<=YT+PO*c6KW(_4bFmv`sr4 z-|8crKDDo54wCA9jo#O2D!s3fmfqLseU0AN=zWdfk+0E_sKHaVfOWn%I9C`(?LJ5tHv#2vy%3VT;5{N88n>56|G&WsVd-b!@+m-B|i{Y|X8z%iMpl_zAXks?h~3&u)jmtVw)9#0eU`p0#Vq{=5oTN(L)e_OU(gOp0sWuABP%e}!Y{9<*g%oor zRMwHG;)V)PV`oVM<$##9ExS}xoL2p{uJikDp_b>$_?l%N6)?EP)nIQ;j|?uNL078j zFQb=qM&|jjC|JQj-y3wD*mdsWHjdx}K)Fs2=jS4Bxthpd%$odT_kM++w(5&YGsXY z(L#Gf&lGcb(TAOMrQ5vr&I{u@i?Z~3B&nOx$k)GWMc7rnrfJRP5s-qL8E%)4s4g@3 zZh^eiQY!4JE;<6ilPFU4vdF@Eok%J*V@~j~Fo|*db*r`SpZ8M7R7XewOnt19&6#A8 zokZ$Nio|KTpx;%pG;8A!&h;cHGDn5(NfHF?u8a2RJgU3-25ym=_YpGKI?ev>J*U}M zpr_wSmVHN1uTQn_Q|$|>_WC8G`8Ma=H;);ei{CZp9=>0oo>46To9d!42_%j4fVD8J z1!nnZ5|u;+oo(9@K)gkDn&^6TKwD^yY{M)h2yAY>T30sr5!zT4eLoQXnLVj215I>r zVn-RvKn(|FvQn+q7IR&*zXp|AVj3Ws(~oe6;No z9YO}%q`7Sl7j#|!Jv8O9H2~1(JhqnZVE?~g>SGJI{~OJLd@!j0F;gGgfc!0^U9btn ze`EsSrXc-^tNYaNUuouU5Ll%22&t%D{4{;)GD(}{r?6p+? zP}%Jz(YL0!w?o={4@hxuq-dw*15(_ZN!rx+2c@_-Qq`&N4@+_1IOD5BsJXAwJoiSD zoAcjW^4yyd^49$KmOS@nadyssU(0iE8S;Jpd!_XG?}gImzjthGpa0(Hzi%pi{(GPQ z-sivf`R{%Hd!PSaQ~Lb(KL5SXe=n3i|9wMK`uz7k|Gm$D@AKdL{P&tiK1u$2350G; zf^UIi^Yc@-OoDHuImOLM@QrLYQf)Znr&A_;GxS=_kl!j3z6CU|IhFpAr_VznL;j(e z@XbSj^_lQ}CVZa>-)F-2nee9cnecrke4h#5XTtZH@N1>dgs)|{&xG$Y;rmSZy!4sy z<3v-89Am*3sIKL01({q=_^32)7}Uw3}M^M7_Evb+2DKdrIy*1b)p$Rm^}TpCH2 zao2D?0m;`?Mj5#*$~Q}Q&hpO#b6t%t4XrLv_sF_5IP;Xt63yXXY`W%GHI8&2&lzSj zxOwwj*A3o+@HM=lon7RjCZtv3_wzH1Ichs?ma0@hSX|aK z3Jn?<^ypq5ZdXl{&2-c1yNWhMNqWWoVW;)Ws*F3$Yt=LFO?el8=;mQP+|p5{#uk6@ zxUfpg7WTKea!str=Ffd=+@bZRGT#PcF`#og4RmCUCsFQf@8uhj@*ktpA;^Z`SfPKKL;3RcKVjS`(kyh-T_s(mudEM%(z<+Bv)(kR7J6NeTnx9-XhH47hOO|Ph6xTG zCOK@L=Nkr!8+A7_wN;ex=qw2VVO$#f#?Xe$T zA9;9PS-DpS7>yn@z<9Q`?_vfSZ7P6;R4Rq3O;fIc_JB(8aYmA$A=O4Quv0*97&Uu) z@vU0(QW>mrG-l6i*}kJD`-VjMukGt$>sq{}wid0!e{<8K&1gu*@v;&9Y&9O`S2H7$ zp;--B)`}%?M@%ZYWk6lyMFc_&(+Z$agO4#rHQ5y`G6ZhF5^(j+$!S$Q4NzvwByB=w zBn!}VQ@f~c7Fc*zgJlJH#lpEo6wm|JwKZdxMVVJoz1h&LHAb}SvY-NPa*n6~A|=t= zg(XXQRlQgX>S^Ze&#)CXPfMsLH}-HgLr?w<5|Jikw!oxWgyFC0r@yTOcrA6njoVz+Lz<-qa@u|9dk0$ zls#ii8knxjy(lD7od2AVUo3tgbqWP4QY%3Hs8PvN4&7953A$+q+ogMA?m>5U{NrBl9Ag7bV zP%KRI8RNJ_4m&>6(G;D^TYEB%D*p#L(}OI+xydoLQ!EV_NPX^!j!2DR$K(amFhrjc zi9ur^Zn`SuA=g)4NVq>fY8f)k-nnMA!#L4EV_6xR1$spjX6CRl5v=i-xC<#Xh0tZH z2-D%xK=og0tP$Wi*Yn8Ckq6A8jc#L&6U1pi*&8+dPU5%=5~{(^(*@zO6%brwu?|;s z*MeNmhSms4WKz-%WsQ(G=cRVN`L%w*23GA)+D--XCHk6}p5g1S6)I?QT9n42weDjp zVnT$x;Up6J)f*bt4&Zcd_(Y_q&%yv!P5Vu6%R=i_+Nqw#0^N8{t8XU7N64v#+@9~>MX z9()Gl583dvBtjDY+4#|QRU7v^DI}(;;sN4^RHwRfoKv0qO<6R&{YvAj%l#=zvhSE_ z{3aU{-HO=jGv!6|c>gwh&5|G}@Rl-UDHaHti~>b{qm33XX%$pEVWdfZJ9Dzg8FD+ zMKOU(7GbaVKXB=w|0|dOR9LF$v1cDO@L!?>w;pH;Z5=<~XBo(-UX@ z*X|HrMZroR_ia--AVv-Wjd17;&#r&GR;xni37oPpWD&eMy#}9h;SA?gj`Ux{zB8Qu z!bkdVdSNjisXysgv5ZDJp(*ihlNe?+K;e8b6nC-n#c)b)oiBzmjGZt3pYsIX5KdVl z;Nt9DIK!ATy>cE>AIZo($JxJ}CkB=^lwN&*d46^MTX$d@=l_d~)AP&g^Y>B5rujd9 zc2JrBPY=fX{rvwJ{NJNA z&i||Ple3rS!_a?x9h>l1Pi7we zG;y4te)?%j#KL)^ljrq@8jH%qfup~sR9#oUYhHz>+3eI&I;^AQW~-M?B!BwpC&#(b zN$X*#y3WL5OmO#k!&`aVZMFrJKt0p9S;$VyFG;_Rd<@VgSr|d45`#`6OJ6tba@{!L zb8M4LRHe~ z(KcX%{y!K$U0eS>JskJ?|6`OVB{i%3zg%xR&JRt-;h#Hc7Iuae@7gnbvZ?N)p!3LN z!y2{jq^hA<=Sd-r_eE+`hR$!;{1k1^#BoZNXW}?z!}IJ*r<>VnFglw|PSM^>wlg@U z>n2Xw4m4>5s8thNTAXrK@1vR~3v`n|T^ZJS*62oKlv$$5CR1ds%A}h;X>QK9_7~Rl zUI!l9++fa<$cLLZFYN%$Mz6lV2eC#AVa9@h-N6*q-+)H96DOUfKJ!E#*D36s7$u?< mfEroKG@2JL|E7#qU;5IQzVzkM<^Kl&0RR8Y)gWmAA^`xT_(p{Q diff --git a/assets/k8s-triliovault-operator/k8s-triliovault-operator-2.0.500.tgz b/assets/k8s-triliovault-operator/k8s-triliovault-operator-2.0.500.tgz deleted file mode 100755 index ac0b7892272e615305912fcc7e3c648719757914..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 9220 zcmV+fB>USRiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKDLciT3yZ+_-qF;Ce&v0IapY$xf}Zg-z+yS=_ioE+Ot&wagp zEkuqatVx0eKsjpS_qV?TfZs(@l$|*3miWPz_+>B{05gNn44~_;ge^JsDO-}*mo|%# z6Uq4SctN;yRwVEr-M5TJqtUa&L;Zg=8dd*~_xGPY8Xu}hp6`#JjvtN2&&K1?BN*Mg z<_;wmlJG~Pd)HNM+#jTnFl3TQ%0e-*09+!8&*qLxr1a6DZ0I7FbVkveKt#9s5K^+>p`h~+J&+6n5|TNBTwwKe3*ab< zeClec!Am+rcjfx%SPQ1OUPu{<$#6KQauH7*mjy%9h!Y~ou(3_lRjj5j-`w0d<}oFf zo5*%qC^3}7IPw|s#BhJKKOT<8L&KQ8KiVJJKASW9;=6C`IVUT7&JjZ=3g=cpXebE{ zk&B6C0|tcp6NosO#lG+O#9NU6omFN580jbX$75?lZwMB17d7cSwtboQp6FWzQO5&v1^-#R4RMIF=B#BrU=zOWLZrku=;wV_OK+G zPhem)|G=`yY^Er$6oHU=cvSeVNd6jAj^0VkX*j=h7wE-44d-X`kY$%o-=Q08XZpvzI7YgIm2pdZ+-Pcf9XGVo$x z0W6Wz*=hna;tR9@FeFnS^Y7QV`j)B-1L+Ir8dvHi^>*Q^%cZ_bj*Y#Vz(9RpFd>Z< z84N6KPhKyPbLyEZpL-JgiA$sYml#Aoktl}eudhxo9r;e)wT=z?f3)uZKYunJ_xk@K z$`woIJ;()-wYC5jM1Yc#L~jpx98N5y4dN-f(g#~R>mnj9e*OMEI2Xo+ch1wRaC-}L zl;C0HvsHkh6kz)>NPPXZm*Dnx@VTY(=P4cL|IZ8bBjm!7(cN6Z4fB70JgUt9{n67= zKmQ-3ynjFZ!a98ykCcvC`IsY-2qddTtyNd>YfOBN zRse}2-5AIE0S$Hiyi|3lh6$LWOJac_Sb#-@LW^KV(f0%pj^NXPN`nf>1r@L}U1{;0 zoL{PEX*dTFp}V_{q!hPhY0+6Gn)GHSp7fc<2Rg~m7dfTB=tfSy&O6EAea&4|;L~Lq zP7n!|a{p$$macBiV8m%CXE6Ayu>UFs6>6s5Z3a!#XET^CP{useof>h~NA-44d)az; zY|+#DrJSL^qzkL_qyti6>*t*GZt?ka3DopPdOv?hlKJ|B>f#5G>{6-~PK}_4e-#rY z>oSW~1~l=i7(cfb>&snB2m9~(v5?3)^YLzQ&?fxna9qKE_Q!`k{{Jw=vTeJBr}HUs z9TLk0;N0HY@87R4 z8E$WFgTHfIjXI0RzQLDCM8D%Kjx?fSLxHqY1h6?~m~`c_MMQ*wI;P1@S345=qlZ2w zALl6bf1e8TAtF*EHa5hOm%ebLFMcGphC&h?&$Fio75#rO9zE^#|3j3!tNw4yP^h&4 z(A@-pwgL6HQOODlVPe(fYKES|XnQ3tg!#mZ|&_`I5SLl zWmbQ(_)5NOVw$PiIzEkd>M;Lv;O>smzzy^N`SbC(>i_K@?DzBkAxd%nlPD7TR6ohO z{mxT7M>*8&={U>*d@@BpG0Y^2T0(#735`-sV4w&VK#XLznkz{Y;r4cr1Oau$$y-(Q zSwFHsP9>RFpGju2eoRE@n$VgF3>uDgH1K7i2}vXFD6&rMa?}Ya!iY6l_9qvQmC7-+ z()trd3%#m}U*h@xT;Hv0I(ARTE>e%B-K05Uc_vIAMct6#k_TK(oV6_E1hBci9ln1L zH1zOYdb3$z0~qA6$^dR}Ck2v{%!@)yYJF3P>=qt2*iIhyg%9v+%p{g6V7ROXrISRh zw=aG^J%3vlZ!T3Mm)ED^vP?9ma&h|I+2z&6e{UpHkX9|Bqmx%>mzQU+&wqaP{ngQx z`f&XE{M)nd8YypQzk^s3NyB-Tg5a`nM&~itF2e?v-X6U?JNX1mEs0OPZP_|MdUbmF z=IHqJld%BZZ# z%7 ze*nq;n*=_5fKVxcP{LO^ku~L9sX9$J%pV}7ghTT}Qp4Iy-KsR!RZQwRs57b?464Zn zEUK1beqd3j`NGL>mHRz`FJ3VZCono3jhfl3TH7{DYbMSs5*692S$67oo5oCma557c z8Glw{e66cX7pgX9lT=GJ9qx~s1%BUYamV$42mGgM3bsapHs*gHj4Jrg{=xoXkN-SG zDd9g}Ky?Ol;uuvR;3-OyfL62~Q5_Yn}`4em#BRU@n>joENurk+c_i9^rF z2^`PA{@P#w#t>%d-1nb#Wz*UX*it1j{=9A=mTEMgZOZKB*j^8YSpYLa{g`9wO@2$L zpNUw#vkVf!v9KIyGx1ZMFkX$2H3jE1x}FS;?BV5De=xEs-Z;KEJ-RwgzI^}YB>l1$ zd8>~<3hLqMY^FhTIA10j6yecUyxEo=Vyd2*P|0PdzF%1N{J21un!#*$eh;NElTT~ zlkB#}XSS%u8kviOK^8Wt7@(37S~o-H_Q~nX)2q`gan-R z7Io17W}$MAouHfYKla!3|LEYL&;NgrQrSwMrYoo(|43oqHTb5Bl9VeoAzw%2*ZALi z{(bJ!VgA>y5Pq(4---d9PB@>uK%Au?f3sZOj*nSB@xAU5<_iv>z%*jSV$IJ zB&PKQHI!L(`zi;En9w_CzK`6VW9VGRQ=G=s_fT&w&yIjtj+_H$WPwRUr7XOn0SZZi zXaZsE=N?eq0IXlkrU?MV^E98tf5T}gksmWZ4#H$*{9l)^&rPt+Q7n$Kh*#RR~ z?lu-r6e->{s!Qly7PW*)etO8Iay$w&^Y5)xbW*J2ve2|gIO^#lnKWy*12-InWE{`S zK2Z|aH}~wy%?i!ANx^FZ612KEL%HC08#-Q)j|P7xgNw~GktcB&UAEif}>(lELiM&YOXJlOW^3Tc}RcDC=0WT z4ndoia?D&$$&mPFMX?7Y^dKNB;Hc_=I4n?0PA7p^j3dx+#!Bbzq-x7$K@f*ju7+Cq z&}l3g7ef!1=nn;*+l0FdD$$iO$03QRtr-u^qzb&pS@%CFa9SDurs$#FD0elk^=U)N zYli<^yy}vY%EjsBRkmi)T~L;}mUjM{$OW$iMZ+0#({VG-0!=XkFiuGOZ(lg$Rs8pr)MJnB7RRz>cFOkdvbV0w!cG>(uTj@;6jgPopWe9$~IG z1qlfv4ipnNNaqVF_JBI*=6RbiwR`dA_lvKA8GZ={(TJ7M^zfzo+YCL<3-2(#GxH2ws@dQita3`u9jd4*r;2Kw&P~uZ}c)xqkn{th{ z&PH8XGvd0hG>=*mT9a-gKQKEPe2Ut)?f6cutJzkHr`B~TrFLFq4!!BvC&F})nkx$$ zb#A9*dUWZjlCF?+q%LF6oM>_uHhU%2a?a#gxCf{2s89y~grPWRQh#;eJ88z?%MGfc zz~Z)oZ94m|zEn*S;he0LIEw2o;lNqDBULS|aANFPsNAtcEPC~95{7kEohb&f&&&4RiM z?YDO(Iz!gfBl>V(b!CoRxx+LS0`1Ny$H*rxdf;iN(=6bL#5r{#Kt4ya3%%>; z?`%*^*?O|1uXG)YsY~63B^@E|^jyuxsdjcNEA{q=yR=O^9N+3AoIba&VGfe&eU0AN zXezz0k(S=q=zWde*XVtXKaj7{k*L8_wt#hhFgRBg$I*^W8Z9b8HXB-0J-~bqs5$VE zlW>kOw#TDU`^cIx9uPTEqx@jMgG`dy(D>x$@n9Dav6hF7Y@5;A%{{cKv+s6he6^JN zH_>t#L|p>E*Fp)6jZ08xu9Ulk03{Gvf;MS@dueROgh5PXuaROJ8}WdJ339E*j?@o9x9a~rWb?jQ{*RdU0?ANin^y}Du z9lNpg>)4uyd(6D|HCjsVYpj*t*XVtX-q+}Tjn>lp8Z{4pG|YT6xlQ7+*MYWH1h|o< z*4q*D?vPR+F|Q?~-hi4evwh~8UstGMO3fHWCPDHA2@F=d2fwipO{TM&W*S*#a)Deu zz9V*PGgbR6{o2xJ>GxUsNhxOOFNiSX(ip<#r2T?+Pzva8t^9tboP9M2lfk0*_2nIJ z+T|tTNc7&6ThpSw3qPPoJP$pHklSYHF__Wh=LRdIJ!yX<*^YViWhS=>T@<4$B?Vp0 zs^4G>v;O;(S@nA5RX*LNb3>1kb=$8o@)fWp@_c2IZF=mo2+_8O3UGWGk9YU`823*_z}!-m-?H zd>l3t7IPqCE3)RagpUbE!1jOy+;v=T3rxV4-~?;|P{6hz1#Amcz}D@p`B9(tQao#B zTWhp+53YMVhE?O}1SC>g;=MA>df?x7wWEY`pM#r~ox~mc&;M zh)LT@mTHRAs=wBCe%~zA@?05Tv&^Fc2G_V6?5*jM!C5%yN;Umu^peiVJRcVND;Vf| zgRT?1&RyKb5xfH^*XiN>T*NI`6Zwl7zLGAC*UnmO|YIgf*n7jfKb4tLi@GD%>2(ZyY@tnm}HFgc=UiaEUK!A`o; zZC-olg>julS$aK`)Xr$+>tD4Z?5bYVwC3^%NWskvx64OVml=GsKwfGo70IbCIs(Dt zFjV!jFoE?tkyL8NoZyqdB*yL6t=7JO-b)=*9U%oU^|4Ax&Lj(yNu;i%NSu}ndR-+; zvo<<#swY8_IVyBd65nSxU9?Z^p*beX4z* zYF|jT*Do2(w>js&dCcfs{H{6o@WTT2jA{YcR2K!YFKLtqtc79CH_Jzps3a=rY}<|i z;x4MwMAxGO+CppOB+Np5Kgq3E>&oUn!X#EjKMsU{lAKhQfhIaQv7?NouZDv%S*ccQ zi@C1ZUxUglF%6K+=@P@-2=9p9-A!ptvZL#m) zLNgBzH5zy=p3KB&9oRyYZf;FC9CV8?!W}{gK%3QxDcgh(9&GzWhmgTGX>Oat1zp#F zcTIV04FL2xkFBLU*#GaB`q%>Q|4wrt?+ofcWa?uZkiTWL3pRoH_e=oXlmywCW&?O% z56E|>S_jYZ&t_yk_>z(z*^ejQrx(!`D6dlgpi z20FC?@3oM62eS2``@P($&ZD#AgIyu??cwtdxddB4=P5A0f#S!2%{ytt&NHo>hUg5F ze+r0vOL)A?vK(rc=55fpSqX0-*&P-yu7)=?zbhnOTn}%GOm%|8*TL@Y(Uh&A@J^$( z3-a0p{=PS;x-oe@l=Q9%?8R~2ki}lhGg&g~K@`g*m3Qk*_FAfcs_gcX=v!0V+ac|} zJEXWbQcR}h9a7wzNhYc9cS><@q^eWj@0Q}eamH7NP;+0UdG3uQH|M{%oei|O!z(% zzR!g3GvQ6?GvWJ8_&yW9&xG$Y;nzx^317=@p9$Y*!uOf*dFeCZ%cakR?=#_BN}mb; zX)@s(Z)xS>YVZEiWf4{zQJOdU37v+lq09W$!tW)R-$4+P_&%l??`yoeek>$%I8Vp1 zq0BfOn>+e@)HBcdjpzp zw-2<4NQpe0!2jL(pD#byyZ_wT`Eg|b$4_7G{EwqQe6jn_-4E%PFL!r$c7A;E>bt8q zr$5o%4?l)+aBaSQ*!dApf9gnNclV!vS!3m$eH~AchbU3lG?X^uw&8jLlCPyZoWsA^bj`179O)iLK3gfrq3_{O)x#ALckATr zrS5&XKtFg}yC^U5^PkycuwXh}J*hMA>ok!)F|o;td_{uwoMASDtG6$7-QX?=U&9;P z*+njDLRuw$pPXRCQQK+5JS1;Dsl3&Ofl2E7$TRgU?|apNm&C||z*CyX0K znuTtuVzLhL$eyNtQCvlhL}|H zgaLJp7ZC{Iq!mD+1`i_)YqBd?Xb4W^=3n}))>*Q%Yq8H$~mF}h?GQc7nUsLRrO*msHd4r zeuk~Ed0KLvto8RSzOje18M^Wx5Q{V+vjry2A`E{|KmB7Jz-vzsF!j}|>XIN%^@Ewq zmGG~dWoRfdXkObfNQ0;A2aRuBAR&?yUkkb&AW7+6mQ+aDorcvepAZL1zg*Z1krpXjb0|ru`d!i#!BiJ!{!88caqePJv$3VF!& zl@}83pB=UgnP%@?v)W;tXrQsI49x<)q6sr|*q8{`_)FY{6q-WlGF61>aA~0WFE!Q( zaGdLTWah{nX3<8svBnAF)TivN8h%Gn)CCFE;OFszaM=n7uCZ8$E81&8E^9+;gd{R9 z>4vgK$eZ&@yWad#zmNo0lb^Jm3gk=lG%-EH*Iz4C(B!lzjYDhQ$5zCI2zkXxDDD=&$L|f^unrFh;_sP`9##LSGSP4)FGOw*Xpy5jl=W;QD(Y9nc60t2peP&{k zm$B=j5VN@MOb{Es*ZUhbJrvST#F8pcIj?n3(%PEuUnqm)QorSqjF+ZIS_Qd2(9_Z^ z$iWqlYcoM?7<@~7(Qxnk@H%8Sbvfdjwau0tO(i8h{jGMzZ6`shhMT5G>hE2kk3`_N zg!&CnoN=D?n3^)%HFZPW61}AQZPY+OLOMfHyV_}$x>}KM`BDpHp!sgl`djJoTp6}& z@XDn$q6N!w{!NR^HZ3(bl;@)~c0tt%$+*&A=1M+Wi0fh`(bG_a;qjV=-UJ3_@JD{k ziJyEesBrl4C(BSp?`_J5y7;IspQK!WC2Zq;ES250Q=e)mF^KdogyB-Hi}aau_6<%K zj9u&SZ}&PzqtWQu;i3LN8jY&|$NPt)N8>~F$n*X2)A6Ix{{FM^^G7iHlnqZyEF|HN zM)$6(+PFVRArVa#4-hY)I@Oiqoa)?f%0lP*D~+!%$5WJKY?*2NHX9Q^m?3do1YE5& z=&WYGQ6TT%Lpq{h&@|{A_3Qu~xV^R4N1a^)b*<#8m{>NrKE+TP9*nke$v1K6DYxu+ z{`J?H@}haXe;dALvF{gnOBqTi76_V*0!7tH%#o9!t#F$jJQ5M*)uj^)OLdyhHf8p5 zT)Yuv9`TG&Kj!#``P5xaK$+W2%<7$GkO_~4jv?VtW`Q}C)u?q6(eF5mqeMB|P^hZ( z4nRIcvWF9MVB}N0aeQ%lbak41`TosG`lS*}EmfDaOqnb}Jv6YQn7}y;vDf>bxOC9} zmC?SX^53lgN6!wQSM~q+u-E?&Qi}S2nQHgTM6cadjc-(!-BhJt*wjLz=x()J1s8h) zgKBkfdpod1gs!S4Vq9h#N`0BY;bEG%B?+ISe50@ahq)|D2{)gT#ZT7%jq~4GpdT2_ z^uBd$n*UD^$L0Ayes(ZE?C1YOl*jPKoL3~oU&NJ*~zJ}oQN~Ma(1YP zWN4n_>|fSn1IrppuYWi{y}10nJ1~v&|K-{7>G|d9$Eah|{2x8vugw3a<7dzM`Tr2* zF}(4Kiwov^$g`a*FR6>6K%g_YLGaL}=G^j#vnACVkb2Mj-=j3n|BKV3lUJus;N8ED zP595#XNT4Kf7tu~4^tk)i?4)Th`iZpPKBjyeKE$Wb3oKuJvl*YhVIJstD!siM%&Zj z1-fjBd0Tlb-*^;^qPr6tp(s0GY@~6Sk^DU{4ynCVLjH# z^Lj%~g380brN5?BZCk%p`Hp&ctC%aQ8*S zTY1})YzruXdZur)ke!xaoPHa6=wp&(VFZ~<3_6J{eciOnwxgKOu}v~r&B;5a$&Z!e zSOg-itJf#5CvfC>5HTV2Mut+WfQF?_QJ;Ix7fYl5CsAZ`Bwm2`wgDUT|NiLd+WPP5 z_-U{IAEG=isafU!<$BYyerz%hKkcMh*cn#5o1Ed3O?3|iorfkH)~IzWRSm^Dj|yqL zFH@W1SifWQQ?xx3%PLu(iDi`y&+{*>Zf2*!=xj1MMSC;Z&fu7?n^Kmg8_Zc8dT{mj zRWd-c(W~$8L8Q?_m@(gHH!wx@*Qeq2#7d{B$6S%ebqaeYhOsCGpoR%$8qSNCe^*AU aFMa7tU;1+I^8W(>0RR8Sdljt!A^`xdJy9|M diff --git a/assets/k8s-triliovault-operator/k8s-triliovault-operator-v2.0.200.tgz b/assets/k8s-triliovault-operator/k8s-triliovault-operator-v2.0.200.tgz deleted file mode 100755 index 89e8d7b126ecd9de12eb656496d503a2b5baab86..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 12362 zcmeIZLv$u#8?7CiZ_=@yj&0kv?WAMdwryJ-b!^*7$2L29PrmP9t@Drn;i*Bbeb;^_ zwVoQ(wQCn)Gz>b(e-0ou2#t}XGNXy49J{P17n?DQI-{uyo0YZ-7rTPGI=h^Pt+kQ8 zsi&%v1D~XstsTgvuZ{a=Ta%^0g~pWYvsR;yN*X@LmD0;WXWV9T^3ZtGwoC2e_M$Ku znNc=`CP+$gSx4_DJ?|?zVZn#xhMbQiEdUQ8AhX|)pzkStAUP)_q*f6i9Y35wI{w;! z25{ukFQ)o9Y%^odl+7a`yZ}-rOFaPx2L~DWxp?#N0%#mb9sHL7^bcj(7lr7YzL*uIE+1h|ywl6;6iInBm92hC+wT znX$eY_!;!PA^?2W=ZIIh`NxCo?Ci$MGN>bpXCHC$vU{RPkuWgFU#wi*ycu`|SS{Vf zp`BFyM9-6oZ8;-aZLE5E=*AVDXcgVblQ2~G!8Ck zMq~R8GO`4|GqL7?Z;g<{`iq+9HAV9LjoggLnHJ6w5H1uJ!@UW_WehmJSX^B7;qSzY zeFzjuk%%v#B31$A+4m3%IlQ30{A=2M+mU2JCEN?>y!{}Di;V9nKA_Aely?&^PO8632}N&4z}oI6+M7pXME$Qns}>N69^TJEf4TM>VHg>q2_dfqoY?2Z8e z5{?mM7|kNQerhB+fPH zyty+;CPC)GKM4JcKl39J zf8IaolsR*DoM-LM=~o8S+fAbQzZ4TPrh=LuttVQ846txd_CFNyE@omRc1^(bR@18x zmzh9WE{jDCQD_HlNivP(8;1rE`g8s=q6Bb;C5Vb<^_1!YK)ae-3GysX(yQnT;Zc~L zU*2L;2HJSFP4f`t-k5RoTI5Y2%kSXDkj@x7lNWoBl1(r9rd3q?RIaR03kQU$XC1<9 z&a50DOynza250^=I?IO;=CPP&CDw#B#ReO=Fhn15h;xktWk6=E@ z)oNz1AWDL3FJc$lhu_okXa!lD@7SsE>~e+d6fQpU&+ z4mIq4;v4u=FJ1e)a&}U%W(-skN5Et3D}|85C5SFgeZ7A9N^|FC4ZIFQ-+aDL(+!3r z=QZv-DJX46P!=|-6lM5KY5^|fx}hQG4vL6V4yM|)D%)Zb8N1#yea~#fgn`(9Q8ooI zHP3+}BvXV;Nngsq)FGj_{#ZW`2}^vKNK@s0`eBpee>|2;NOz;01k~2;IA~AiCyTk( zBL5B$%->F5%tv+$ACrLs(=doIdXGBL+*iH%0+nMx%JAg=uXiFd?|EP=ap=Ymkgar( zIUB*A?TQvS%>~@bUWQv;w)7@%_;b>LX|W4GRQyQOXNF6e9^=dr1||bk!u(f$nTn~6 z_H2fC9q>iTz+F;Dq z;zfDmjpGrCvfyomVh=k;Uq~#^saH{7QUySgh8?Lt47s85`>f6HYHl`vR$2S5sHJ6~ zMPe*-rzN|xp_=S^Bnw~a#QzX1SxQO|rC*b`kz(NZUM739`Cp@_9>1Dh<_ z?-zXN1P7hNDx=0J-fx3bS5D*^wAt7YSBFHK01gMukMpkEX%b|mXy5)^s9`NH z-iXvAwS5Hk@Z%WzT;M8X7mI!|x#jKnT^xbty|~44(ESKIfRIv!GfTE;;sHitLjm}2 zZ=Ock>Lnc_8cH%eHUNnd8&5cr*Uo5LSyTwAlA&uwoXUr_`|Z4|I=Q+zU)~_!|KVd( zJnpJ|PCQanSxH5lEoNq%WKTQ1PVC@neDY-W8ZYq&oYWj<>dow*ulm*c@0<5@yL+h+T6~NyT7QhrCsPK0 z-Uvxs0SQG#D+FrORGC0$8bm7{|E88k-XKclq@|tnG{Cr>l0R3rHDr#-1qUW3^S^Ny z3PqIv>U`bYog$d4IjF?j-ieqm!2XTRt{NHZRL>J3LzmUdH_*LY*nWn94LXGiix#J{ ze2*(SU>mW_Q9Xu)S8OH`eV1R^YCb5kaF{c{q9%i*b+lagH5emzH+(j{KE9m!dAFTy zaTbp_E0YU6Q{WD#ib=Pu&Xn!F%$d!?zRFt8@{~JSVYMMtJMl2d<2degBh(T&=xtxZ zmDa{v@h?`}Awer)`Fj6t4b11|!r2!fEKvpAE4!y=-SIHLJ6!VX9oFcMdcf72Jjw(? zTRFxL2Lf$Ylk%;HypkgbF`4NSYWYi2nvVqedkqrq{ zQRRZkj2g-3Fb(=wQuu;YFsyl0K7+8S8Tn0&krm4^!1w#7j>hizW$0&bd@!G+QtEi8 z>E?`dT^}3K^f{%r)&QlvP@l7AEKI}WUY)|zf{Mo3inDmE>J2eQtECihc0BlT&Y6;W zs=f}!o9>B8xT#RseoJMp*54dthGXT7zv`Jov0N1B@Taz80VM6GW zQ0_W$NI?om+~KtR!JcR{)gIMZ{-}5W`ynFDs!g6JlVq#vv+F;|qB3e2&;=Xi*HOH;fzruf zg-7tZO8k+LWkU@Y%jQFff=DE6^H;MK43@618FuP6$`K)CMvHn_Ak~&Xx+nzD!9RB& zIRzO1%?Wc07Y-dn%RBT*p176{I|@xjktd#u^Cvn;0{e=WeouQZvBeU}G81$dZPHuGbWVLNqDP=MDo7dI@vKT+4bstQwi9Lnmj8=(}G0sqoqLq{XV_Y|w zDp_-cWFpt2U=vf0wG=Xo?I2??6L0yiC=$H9pFP)qC*c{7iv-EkR90G|f9BWTAZw*TRf~u{II^d1_4@G~j|ZZ*MAx z$UB;I@K>t{W{=tC^s6j%FqTCYqZy8|s)=Efj%9L9mYf|0c&(d*QRC$cv=};OUN4?+w zHdD#F;1r+V*&>QsS7)c)=a9p*&~vtoHFYcwUAQV)b-94@n4`EaxT>*bqFYH(HxQu|C{A7bD!sz8o2qxd)=iiKsRZaIoD!n+KA6=qSC@$En-NCv|S`s zNrCDwRoVrfQzC%uIB^grfS3$z+2&1xgj^!Bg%u8MZCOu_nlJ%nic(tXS0TE}#Gyr4 zw=dQf546>kd0;_T@7ihA#vdvzm1`%ZCC)wwa&YvJ(Sa}%w`<&=F*ZOHhmjK^)C0I)o_4p#|YwtoZh-3 z!sC>cEZdv*`392{6r8xqp!TTSSC!C_9nJ88+m>`?FXlSbpzNcGQJIY6e9{o#8%^pI zK$AtO)7?8-7+^|u?(#u^lE3K7X`%e-{u~EWD#>f2nZr`)AGfDddDa9ymY!=|K3Dja zZ1mQ1q?)5Bm{Z(})3<-E6tm}nztKsxd_^DKG1!cTgPfAgKB%-@W*ln zm`??Rky!t8QZ<0Wx10-v!iRyvujuNOVaNr=rBP)FUV9l)*K7^2Dy4b4OqJEkX$wqavgu*0xU z=enQ>q`3I1w=o0MwX;=8g!Dz0`!&s)YN*Kvi%Zk(rV;AS`KzpJ`qnRKgp&}|= zd2TZQM7JhzE)Xz`Jo#IrkQubU@7=$g6pFim>*R19Ejoo%~&WqDp%F)uM)0* zkT0T~{C3PI|1m^wuF=_1S3!ODB$izcsf$^79`_SggzatQt|_u4c@*-|qcjfrz=~F> z@a_T|I6wZ6g^gJQsV;;Dqd9?YW!Q7BNvO+())s;!Q;TnFSin&~bFH5vG0n(eM?cKh zQwIC_Xz)*W&`SdY;eS=x$NI}ru!HejVAJ@fd>@Nu@txs8&FZYhY?ZlqvhWAM#j zeayZuer1h4I2oOTpt%N<#uDpRXe(DOhPPm~%zH&DlKBAc{<65Ee5vw(eVC$Ty zxMlC3L#@pQtC4;>^oQn`XU%L&=7sjb3djk*vLX$so-l7&5e3}jRT}D;R65aKfgwqD zRy5J5wq5QUBTf*@Mq_2U4jGAFNTTznOSaPIuq~z@8?2O1B{FK#&*kA6C4Vr;E94W| zbg7Pa8yKE0ee7ecTbb@adZefUmmQuY=t3h9YxP_hN@;H0Ym4jRg9=?=?`*StZJw|&%a*SHy;m~ z_n8_=gIVhsxyb#j(sc^^{g88wMYt7)FyX=}KFD@?>dtc=V^9wEqGH$1Y{9KQI}>zy zvoI|%ZL3(R6p%Jcb1}rZd{588#%{AR zy%N2Z-1|O8V>L)=@Vj#L2Tyow^M**DIVZ<7R73Xl{bmiar;)D2a~g=ER5yb3pBIfT zLwBJZsQq+m5;jDOm6@E8t;3ONz=N`XWW$N5l|PCCl^Pw3b!=grU@8%_MTk~%;(Fcb zp9?-2euHa~1RVb-RD1TIbfrn%b1CbdrQ!p_u)rltiKe``J=tb)P@yOFX=*qTw*!iN zFU8Jk`@JWu=66|)j*bV@#3-q2S=D0PA!-_WhIXewUY|MJ=*S!V{nEX!t#XE$EkH?q6=WSndI6Qv~$j<&Pd?TBh(vwa{uj8m{iBkM78vk=q1y zflHUWun+cIU~zyp=={!!Oal9WcSq1iR$v!4Qo)MHocSBa`=flpwK;HKzsDP;Q}%0l z+lx|^(is>=-HUc0SiDWrO@OTkGLUUnq>Fk7c{e}WXsF1|Jq>)ku%@p_Yz2maD>S3MWx?bBurG_{eSz)58tC5HZz%h zDzOstUyd>6R|Id)g@d4gj5?&CTxVOzP<^ ze+F&TpZ{E#WWV{3q1a3tMXX^wmWt&>&OMPp!*nQpX!hSJOgHksh9!eYov6gqw=PEL z0DNohZ|9BqQ2M`92pyq9o#>Ao-x;~ECQ$19#O zU1Lvu#}=^>)H4+~(B+>>o4(qn;aWYtuDHd$iUPBkz ze^szjmgo@$QdVj=B2R`-B?1J~HhJmBYZi~BwDUx!gh|`_Y7#y&ekv^PG(tMvST^rk z4!OUTN24*PFrO_mssG~C^BpudWq&wWbEsGLE^|gZN@AE|SSt`JSk`IYoLHIvQ}aOd z^ikg>XC)H1sxK&FeJQ)x*MZ`6CUPBX9i9C()oAYthj}KEZ92baqVObSgV?7VL->N8 zY!nO=kmpt`t^^{#527my=3{FN+J=hQAcUY!1)-JJ(rDE~sssRy(lnM;wt6!cHE%K4)#9j;#X6zd0wI~Z@!7a7d{{{ETt_=f@OBdV6pd0-=g6HPL{Ej zJ@RlNA?K_r6U_X*u*;&L0(72pGhkmFKDV*%qDtJI9t4&BxsHhX@_fy8yJbJt*<3{6 zj=y`p^6?+qRT`HC1xyQ5U7fS573>xj;%YRn?BHX)3$jn(Qtd<0dfxZ~$km%;*T}`z zwtcWj3r+F5Rw}B(c^NywZM|&(dbD{6&Y^7b*-(`_ZeZCCJ&xretM(?6lSYlCRfz$Q zc-WfY;4{*acmR4Z*NmT(B4?OIDETa}b%>3?&M$+V1jbub4)|JBFrth?RQ&o?n0X0S zG(Il!3{n~*ab17_EGqPHIs6FjA~(+oG3BDnB?}I#wVTjZ1K=XHL!D$i8*6OX|%v z>WR?49LMefJU8&NKUNTxgJ~}#w*na~a&G7hvMn`c%}c&SPaT{a4s3yXpIR(=N+IAu zWJs&t6m2}Q4fZ4n!b$y$2kIo&iyLec@+lAMHzzX2i?(+(C5Gt>>Y3{q*}A_YdjH;E z0y3$M`g_qoiT`>OdQSbCO~X4bkY1@$`~LpcqZZ-`80AA~E|(cH3x{ojTKDoUYu^J@ zchhUeN+9)M0LDv5j3%7OZ=PvtyB}meBVBhkREo{N^G+mIPC9aS0UEaX8WQStF`SfD zBwR$meH7`>#}f@QYa(DuFBnr>aos-Lsg4YwHwFuolF8#~qX(Np0)u2f}oA{IEJSW}Ivq z=U7|ZWs)+Rf3J1#N{H2mgL54esc?4vB4-K#IrMm1t8qjbpY^>xzn+UgK3*$DYZ%hH!k z?o#>_M+Akz?ecK?;Zo!CurOn(uFI@AS9opdXRVSOsCsltzcderq>zF*n+D?95CKn( z$!}GY39+jF*O)rS^nwTNnq zOk8zPxc+=8XK(pnh{2LO`Tk}3$(2cNjp>T=_XiR(gqBCdy9`Mq16mxiqAYJL_i_tc zT#!U2@wFpjsa?VYTcOY!-?aWLhVjEqKma{2WMCJL=Pt$hkm9b!=>pxwIaB9 z1^=;%13hQ-RAUS)V@D!IM7S*h2}M$7TUr@~TkY?>?`Mxkj^30p>;zq2DP&NE?0h=U zoeR{uB(xlA#STvS<#9=BJi2jLVL1AKW=`Y<*Mhwwu_t@%x#v|C!xpNN_8eO+re!s= zKW);#QXoC5gFRa}TmC8P)12ZwlQY>w+`KmvA#2u9()O^Y<}7%w^^labfP z6sRXxBFc}EHO`B{f%lS|hK6>&8;PZu*4nd~XySnMfB@+{(Em?TKbE9SPRZW0@^H}_ zZgSCxCj7QjF^c-d7v`q+p-`b|>%=J?f3{(4atdNrz&;LXgLd%}Xu& zBquhJMe#NGkjvmBaUuI0&aTll0A$6uC2Dd&`1E`@R4^GRRl5gAchA zxSlna2(33^b_v>=1g&?F{7=2}@c8J+3{g1rRLL}1-dnI`;_sKZaoiB^@tW6aju@S0 z^90y~^!|%Ew>xrz$o>l<$K5-wFX+%{0eEIL)&GhQzB7dL$^XFXH^KH7fV*nApB?$; zO}&5S=1=L!{(c81n9g4Rp;P@yEq`>yo6tTJtwZ~XeAqgA-PU*cJ>y?sjD61T)8+r( z1ncy{V5sE@YX2(OX7`s}MeR1%#UcJClK)bBtj6Z@P4nY=r`}W@n#Ln>cT|$TfeU`l zehZA6yJ{&70(+v%{qF#R`lUN1XR?aB3$f6}(j58n&L)X=^b?`UFkVlYa04=y>hP{t z${89oo>z(m=F7>=$p!`o>cKxgYv~%d1plG*Z?&2t@czf=Rt|w%QT;m}DMjE;FbV$- zP|}2;aa;<7pslO_Ii3p61n3F6A*Z!lHC#5-wHK@?75?hbtZzxmfTYtRA5qQ0&)p92 zb)(VnlI4hM;Jdxi5Wo8qx1u3iZMVYRs;{>D!y9paSwvm>6AM|3T0}icM|}d&dd83y zbTv;Ns!}zf1(tdN*L%)*sL`xJz$hV>SWW&jmn}Ov{7laff0WbXz$d-(2@{6{84e6j zFs8#oGO<5rO-5jXPgld41RQH+j#zAU$t75p$R**dJcGfKZ!V}~kgmDiw8S34cx@T4ITKY;ZZ2mhd4bX8due!Q8!1F=Zu`P) zDkvL71GX0VB7QNr69;YjM(`1{6Qs5o*>uvV!oQF_L#*4@jLR|d3E7)91lq;0H}L7b zaO?;=fFnIJ?+f~iAU$#%_hInecy5wxosWpE*~{M?9gF?W-^ASGcQ6d$Z)fBdS!!o{ z?ueYnzQ3wl2(z2cj9cDzFb}D%QehSzS(wgbb-j)eq8fSE`CQjZ0GCTK0ZA@s^5C`xWL6P zBrNSZ$Ea)P8Q`Og-rDkPk{l*`fu8)~$nJ{-OIn5iOWKx#CjMw4F5PAk*TN0IkONqq zLiLpst!Yhl#OuS1+wNwyj5W)1HD7z$P6Rl%sg+h9?btA_GZ>3S@~@H~+3Bi2gL zs<7+lE$lemo<&2wpG?AG=Bp7U`)0Tr4MnA~wZmy7Yd}GSG z#QMW+JXAyWJ>b|DPKMfqiH~#45g*MBh0y@-HRg>o?Jb^5i%ge+78IRFnaHYFp8k-AJrqsvaP0GE9>F=2z&%Vi{o+6?Lc3NJ+`Fd&fQd=_1E_5pb(r#7; zQe+3O-DVHET}6k4re_Z8Zlm1ftF(c*CDSCW2sOCstsY80w$UYGyH?f9Y}7l*;Ty59 z>t^)n91Gi?jWJxzyRsSV-+UC4RWBwjSXFSnTpYpiYx66n@6_TjQ3FauxiJ-+&`sD_ zT8z316Ivq6LlLCLU3vQrSQgj#^JW_vfJl*&CQ;fiqnTFc^=AhD^_z{Zo@KJtawHwB zWEP#)Wd`ehr`On2)`F}v>_s(>(dJV$omH^LRNr9uTJ%4`aJS+=U})lh`wfO2DgV&y z(s?W>;3}9JioU_{ZYwqHLhQPn<&#DaLYK(ZrpJ0`u8CE+-fye!j{Buu^QNH9j7^7z zWnbzOeFXA8^(mp*QoKTFhBZ^Z#<~^N()zk2P+Y#a^@_-y3toowb7P*(l2mSkNAUuT z*6ZQ_%Y_XFyZ<*AHq8GYF3d6e?hy_t2oDL}odw;Ebmz@@j*UM8-ecHzBlI!ymg}Qf zirxJ(&~W30ageW-6)vs1sHzSv< zADSXsfLXNPmD!q1^T-0u5(a*Oj^%_mtD7mERMWph+zU zk09KhET%ogQITMhICXC_|Ndbes*4naQz}!4*NLoy){&;(!0kF-POMieS zt=XWf;=26VO9f}o{a?HnZ{(av_J4RU zKodD{kJI#GWEGQhNb;`(3M}pg@5$B-Ru-GC<4r?P&5xwO;hCa&4S;Aw5*G&Idwv|M zhW9NUzwM=5a>6vEUOURR2Nk2iUV))0Ajy$D-mnhFF$In5-WN{>&(bEie=lp!5RNBI z`+#weszm^P0MqZ)(X?;B56=7HHo4Fx?SdiH0^=c7d#XoOiz|UM%2oEfU)oOMF;ig& zF^>+ri=bW!y|bMuQ!=i}r3fS`C; zziS~ACixmaT(MK*d4Z;;qNsd^qKb$>()%uLy5tZVx%hmRvYXZ+S!fmwCK`>mW6SwC zNba{-uH%Vm7J*2W{MMAA_5cznM+N0l6ya8P@-T)W6L!m0JxH%CCi?y?BSrp5F#L&# zB<}QjdJzIeoHuZ`@8Ca4hC0sI?t7a>X{6alCpIQb3&Q%x2-4M7BgE01Hx$|GQTw|# zn97Vn-)i;s4D+BKK8!h{S@RgdMPf8?hl>I5=Ywp$Hyf<^qb0Wfmx-I5Xe1=IFDI?y ztsdRtp3Xwb7P1yPv`l&z1S2gz}wqqybM!Vkivj(^WxZUmItO5R@KkImP zuLmZVj~b}10tXL@jXwP&ly!j`XXk!aM|*9P9_1OXXpKh1y7^k!7qr|~_{f8hhn_rV2X-VKrp|J>> zs{s4HJ{jwnY{>ZWOml0fSYedKh40OUw%FtG42a7Y)EnNHZ{wKxW3$j{HqHOSi*!`1r`_*c{f6!`eKJ!=5^C)~sA zgp7^KU_fP9G!`;M##i@jgW`vBjhnc9~nl&sAsDAt6 z;(z$R{#!iw2_!^*0}iH0-0sWl=^b6`G9a2`pSAuu?OqY$v|hEJ&C4|LzY6C@Dgpud zvvP6P5Bam;w2SgkQY)v3_6w zPOt%!^Q5m~j#tC-ddI(57X(x)^2&SJ@`cej;?IfrDuWNry3*+r1b`n8mM*1eutkz` zxsIWkW09DM21mZ_Ms$kI=UE-oyyadWNsp^S0V1|0T2q2$q)_rAX@2%^N1l!Yn7{2z zo6@d0$|mDe_BB~WSBJDc zVQyr3R8em|NM&qo0PMY6dm}fJAnKm853@Wk^LQSylxM2Sqohb(tJv#3O-rn@#wtlo zN_O{py&NzTBw-~JX#h!ymg{``)6a)nCh|rmDVD12Ci-iahy(%wAP@)yA_6X9+<^h~ z=f5JlcRGQTH|B8af3d;TY&M(6hlldtX0w_7w|RKd`l5B%JU%=*-ak1w{-W7BY&MU+ z0L@JzQI;acA^oEH&^=#$6;q5^Bw zuq$9sI1gESZ_nV?aLIHJPvID`J)ew;b3efxHNs$AQ=LdHjoK`O_otq?4W;z@pFuxD zY|{*2@%ld!DZBpnkDJ@|{~T%TlOgoQ(%%8Ul0cBXA2E(-!zV8E!OMstKmvab@CeLF zM8Vl*A238`hysrw7QEoV$1?o&R_@!i9-jK;(U`I8=ec)0AIRZL=i~>Zln-p|{1Rcj2Q8IN#*hgRA_Pf2y z&iigE^SaaT|8UhiD?$fBis%iwLqQ=zOEH?dOL4ln`mTEkYLZ^hA}WR-Fit2OBS7RX zvMa{Si(C%w&>T?oON1%%YC!BK0m%}doS1^X#Dt=1Ir5vpBj70T9PzPX5Ntm_g2wlX zb*kbGS^TXo-H@dPfr1Yozz%=`fSyMYV`7HIjH_B8-3UN|7ZM!sT|sId9*q!10S96* zti_<}R;3PWh z+rAo&7~*YkFabN@W`Y2b8A7;#Vd&50AHHu-7)DI+K0-Z2okG4S>w07gad4TJU>w~BKwb@jzOj=2*g zz}E#`*TIflDu7TWV(o$vp^~aKEFnz+I3zRFkkvy<9_Du66h{;_;z^3vfb1wG5l3Qd zfE4OZ^x_xl>OBBYM+((*!%35kh|#L=1UyK71V94WWC-G#utb_wENYoDgys z!xG}L$Y2fmS$0;BEZe&=$F;q0;=le@l8SNY3!uOnJph#W(GgkQDa3v}hz_90#UVxk z|BD_wflmAtdLC8{^cIv;Z5fzy&w$vUOOj+EbP*Uv-WX|W5NkB~@}FkT|1)ls&qLHU zRdy1o!{qG>q$5gkFun~v$Wh!dpHRdm#P{0ZC_O`FgOVd;W5eRg_c-v#eH(ZZ_Z_j) zT3-AWj>i;@p*ldt=*OQ&*yo5^M>6w)+y{uBl7K^(w^JyQ8KM+>h~=jTXyy?^aTJ__ zv5&v)7k)HT5i>-4B3|m;Q*nS(d9TFmn8N?5|8Pivil?V&q`Ew9Sk^wK(Penkw@0l)^QJKM21C+>~tV}5{zIw3;&18jWgo(AeW}!Y0 z#>;8j`u&o<0&GGe-xHf>d}J}3mi!SnwF?NJAbO9PD(XYKlZI`~5WT0EBlfgqA)!rS z0LP+JJD?v)kwb`!))(;huVO-WfsDw$zV41B%wL%%NbC>l%3t4GX1ka4F~2lB&h@4OAzL3?lS z&UIWib2wsrPq#Oa@)2yfY$k+#vE^e=&?*x3WPO*-I%xsEbR{;!+4c7!ngE22bnb!Un=^dN`*g+(1xObC5f zfsl?tzNT2i*bCq554XJwFpZcLRT<(9vxP9Jv9k){k@#K%naWzu6tanjW)AYB{a@d_ zrVW8qQ;8^W>W6y<)Si1B{QdC#!3q85y7^20s&)SN^IyKXzMh|7KV0-*&-O)!VHoxZ z;R*Ph7$v&M6usW|F64O=Mjl3ii{$K=*BZ`+OgR(NDo&#@Q-RE^OWpJ?7)BhxU=A3U z95xE@FA?(R08646%|)iYIOUoYSb_7i>jt>e8=2P4fDw_)S+tU1Py>Jtp<8V0;6LsRxW2o{Ip;HWMU5-{goyVdOQ8`rg%;<~b015p0 z!U-^i@^heuUyKQ%_*bPBlOrK#M6W-!g=E^v40Dxn&exq44S;E?UaRc@sdm4Pd|z=5 z)~@ZueXq-pP8j*V=6&^A%@D@v1i5!C#m@ENNY-kD`Y#cjH!z9S{H;BySd&9c5hD?G z4Q_&UB9@#F+%Rf``hIh2`ZPsTLg#HzZ#A3mvC8%F6lbfnngwifO8YE6Q^g$3!hlmPp z;=#Gv2)Z{HvFcK>$_V?Og3;%MqBG4U&)}T3L2JKR17Hdt{u&`VKP7>Xs8JvgJ(7(@ z+*Rr;Kv75$ldKH_j;BcK<8c5cBod4v@W2!Y5l0LNu?D>S_g7-mzDMG3=aqy;M&S15 zbQfUGkU!c5_Y>?+B&$Iq93W3@XaC-8wwuj{EZ;{;Lgv2$u?r6&lbqJHE?K-!$Q_76 zwT-F!h1;7`tz%Pn5N4}KLE|3Z;ShNkHV7T>iC=pcnDGG_4fwAE)5t)yFpy2uKr#kx zP*>Qkud(mh>)Te3nDD=r(shc^Nz`*knlW=e_t^pty|GNMYo`%47< z-?|T&ai+h@ZLAII@?V{YMk6GSl=Vx}cPGe;eDvEjMI%J5j7!peKyJj*%U0u9-c-G+ z*J^My!U5)Ug`af>Q`&2>RIe!}6!ZD1m~=5CL!`84!?_mftiFq>5=R_aqmaaQOcz>8 zU6*QAl~#>oCFfiseoyF~Vt>h^Y19JyLqSuuka&G@!pD4GUT6oLN!9^EL>XpWh|*w2 z{79d^)A#LhA^yEAA|NvSD{6ygWB(nl0pJb$^7p}hqbW18YV%9NQEWvZb-jFo<+v&- zYKmaM(gJBBwB8He14tybf+6w5cyLI$;&z&EpQ_bacj{nA<|9Es;>_toJWUi6PI~5q zWa^3%sY_E!t&rTD)@oV-EBdc=DW^)Ebbc*Q$CS5$IC+TAkd6_*wzGDCSQ;`*oOt07 z`Q{7_GpFj>jv7EQPCg074o7qfyv!ZjJ?0Z|O&AyK$s9h#mSUevee9xup&CU~!qE>D zbBTVatCb!_#QHcd6)b-79Z{g3E?T%@19K^IA^3xJb)hga_;=JTTpQHIX#pn+30+$a zh2)P)M^HeMA}PAuZz?hbQt~$6Lde)Xp`JccfgOG30aLMVQg`C$fm7IbDGZUhQUJec zmijXp4l=ei3jTxygbvKiS~mqu0vcd3Ei*9)t!es;*f>eV1$$uezQ-wc*+A?dZLp_* z#?{odkJzGhmKU%A^9FAE0z^sj)&al)kB@+(Y3M_aKt0XEHGPYXpbi?~!-qt5E6M#u zCs9Wla&I1#4vV9imD-ll8*2fs@}@!RjRZSYITXp^%og1NYHpP6fx5OudeJd;WK=u` z>4UiVWwa7jbBe9TQ}*LvAPNmEG(+O4&jT2SKUwD}=qgp{9YUd%P0<)Vw85fL)}ta7 z>Zzet^12ag&PPUDeSW5Ba0)|9>f4n|Lta)fxi?WqUbjMyJk3c(1<57u&>Wmz-1cv} zy}`M$7f@O%!Qqs$BUb63p9y9dD*)0AQ%N7ZaRPpgn?^ykLcL$Jcjwsap9~^avPm`H@WS0?`Rx9^eX$V;? zVl|txNLKpPBc75#%`B8lp>c_fBpT z*klYjx`*>p0ibGYYBj&ba_H6Rz*_5br6}(!?X9x3a2zA?;t`0LV9hWPtJjd0E$E;| za^g@D!{FWsF*^w(kEow$BEzwD`vE-|ih+2u-)!y4s&%_6P`50Df{n&1Q@mG*-EJ`W zDO)t&1YWo#;1CCh4jNw#pl@zDek;iz4CfrN-x^;HCM2T%d>}aQZ-NiYZ78W_c+>wmFs;Wffu?@H$PZv+Tc%@#*!g zEgslaOhNPz(l%hx^rhImUnXNLCLm&Pj0Oz3B=FckYOo%Y5~7X&_I17f;m4!tPp@9p zvUKQ5aaS*_b_}mA8akR5;_*Zrs-iFm2#cnR5P`GtOS~>N*H>rtT~Inu;u!xj{dHGR zr2Hc$*s{(T(P&VFm_)gBhL^9+lD-slW%Io#!|8dtvlLG)nJmT9tUaw3uD<>R$;I4B zng%?|{|@eO;QhC+>t_&6Nzg~!41P$wSKzD6PzYK`m|#+HX$P6YHv=G3D=V*=>VvCvc&>h1G%R3okWTE5SUm75~dN;3OnDZLias@0D|Qm)!L zfnFY$r+3Rf-+Tr=v(c&5Y=vIo?N8yIOhGw)JD$_GXBDdQ4uiF4t%JtN!rSs4a6{o} zgk5k!#$#zYihbW4zkQu2b*Cf*N5DgjC;H^8E>&iT&cQ*`Tv|88k)NwJ zbQ9K{`!%83tBN5GhJ;UyL6n+k`5gwHyjzq%c&)6BP?CeF_u z6%^_EktYx}_r5@0F2}Z`Km!yY&aai3!0Gu}PiatCLn%hn_FHnCq00f3cR)rVt8bGv zKp1f{g*@M&wz-t|o2e018dMwqLQ=$?>)9c=z`-4mmrg)m zE`ff^WLeZce$&`LIusE0TE{ksYl>%(qqu5M8OPxO^xmF2tv9XLDL74uM04+TJ(Yd3 z-)J2x==R{8CmhEODi4B-3t8eSiEZKP;yb%MFf9 zKmtc<#{)#@Lkt-61j!i8>e@}lTY2!?{mNX& zn;G(C2c2|d)@oru6M{Ya>z}u4!CQi}WYivHZ$RAcDk>$0IJ=b4lQ$kjp=kQP>lm9tTcHJVyZD zlfY_4*9`efhGka_#TN`uHFlA`O_{S?!YO*vAc)=@dU8UF&{R_5-j2zX#33EcGtHW@ z5wd~zK8_KwvjaN5Pwttz&Jr_6MrI!}SK(@1Lf|1!P#yB@>pnBALehvrC39)`rB@t@ zD-D2|qindY|7 zO{&kty4znMW7a4Va+Q$#YAL7AVKfHn8yF$TBZ}HW2xUO|QtY{+0jcI!*Q&}IuF+G$ zOB$D!htV=8&|x%oR8!KGWPBQf*7ip#+xwy$x(0p_O@avz*Q4vme@FkU(iGA=^Tme;zp>Qwv)4}G*NR-iJyg+f{&fD*z75%n9go_3nsH9kJ#lo`{KkTmb_ z8)Cd&GL;@kF>4hKOJi^iPJpie>&uW5PF&)@61(rezEnQ?uUPwEUkX+?5R3Q~i-GKE zwCfFU8BZT(AV30tNavDT1#U4;G!nuw7m_3)Tsu#h*aJAgigawVBM{@*u8yHW%rM7} z>yk+AaLS-IHUsS=o-zDXL-~RtFr+w;>Ii9)PVR#^k^ofj8U>b;W|6nSohv>6#6GGN z2Kpu+xYB8p5$*JrcxCpLB`O1<;D*}#GYM9sBbVHs*LJ}7vCEOfUfD6kyhF7VJ5Xsz zG5Fi_jNNK&r?wMM(zR+Q4qUJUIzj9f9iMAr(+DIjm!-rj*NW(!AY#wc@<<%6LD6+X zIzA}d?AQ!Skj+<6Zs1>OWrRBU>(#jnnAXF{_OX(##ZgIl3TQB_QOk&sW6Z@yB6g6N zY^5MM^vQ5<3Pr8GY2BPpl3Du`O-8WB(%~;B>Ujw>d8*POn;IfhmbVu0CC3 zCvnY#5uYgKk#cymqMzs}MpkSTah{UaM%)f+)G&BRvr=PxpuOEi7fK_OSGu9a(VTWpwm!=I9XPyEErUb_DxrsHLV6nSKd1IUp-mn(q; z;?y&Zsa7F%dVSjl`>z|C@>oc?%sOnmK2}-1&ighvXf)p>C1h5!aeSn*-iZpwZw?wq z78IGezkd`%RtDgrUh`08i8Hm2l&g~%H0_-vm@XNC5K=frVz`Xu>HP!+z=ggW`B3@ zD)lF}fH=eGURTtl;y5bSk<{Y)UC~?KdBjnCqAEolYS4x1cyWbCq z6d%T6q-%`B$j;D3&D6kqrh_(phvsVicTP{c{r-2|zn`DwN?gY#@n8h+kg<@LKIN(> zaj-cnAfc4Nq;;Mrm;{}Nf;EDxI6i~cCQDxg?S^64-V8&tv44l=iL1InEhJK;>}d^B z?CziW{!QfGA>Nil<_LD=j1cl1cHj)Exh! zaBy<;`gs53q^=3P^FtqKS?2uA(t&nlZE$+q1DG|yyLjT|I4SNN!nt67s&>+(LR&jd z%cuqLo;m894s1pdi+s);8zU!)dXT^>9wPbaOncGUq!pe}PmYt&l%2Zu+;C$Hbs#e(e!DeEo}q8nt^$dNz}rQ;~cUhS%8 zZ1yxfBl=?&U)Tw*5zAxJ@LfB;kwCJDu^ZY!62@-m#PP^3^_eE#Ze#9bZoI~B7)zLU zNN!9+JeD4v-(cx*B1TajZv>$YRh~RfG{$Z?Fd0ai+74!|L9^94ee-s3a(Mc-bv8IU zIzH-14k}M3?_n6?U>tjsnA531^6oX$Mh%L0Z~{EU@K|g)Ru-51sF!5K=DKYW&qhA=h6u*Ni{u-^Ld&m|;qSRAm&*^w;DRo;Ety zaV@l`MO>;bowrm$Gc1DPn4y`%F!^ppmlfXb^&UP8{h}TIOs-{ga~{ME-!Y$DGZy*DZDdKkr`+4qC^@ z1If_od>~q3F^c_Y7{`?syGC>99W_VZ$Z_B7A2^4og`C$%P1k9?Irh8*&vlQygShgk zk5M2uo6$ZR9gj{t=cF|nI)^9jYiD?JeC)jTjt^k#jW=wzPU31eD1fTk$^HnA4n`yA z1Rji>!=pDR&ammdaZZNK;eN9<9PS^$OlyfyBxEA#JoRbhArCX9Nl|naBI=@m!!e4# z$WWMAYxKx8jJT{ApfTYXa^#(*L1>{h`K}qL3Aq#lwoXmwo)8a|Qf~(oBCDa_vUC^4 zu1_fFh@mz8mD)UY_SHAjLITo2ojWwwd$<}{Le<2S6=;A91ZM~geHh#&{v=B6)X!k5 zx_y8}@#iC0VZ8VJH)zFBFE)a>rRGJ_g0B5_8~|Hqt8mx9 z#o7xQnb!I6p%%*|6Ue|&TJuCwX{@dd<6y=O@WTX24Ym@*dkA{-UCGp38ErsX6N*-x z5ux{xddkvJoBJgm*e;n)VW9o4`e62-Kg4oAe zKuZml_HeIVq6fYU0yx8Cs6sC0LdxZ<%DoHRqahela?cQL)Skpv%GUp2g8UFs*5Kij zpMqGt{#!@Q{gcf4KR#?8Y}fyDq{qj-ufPmX+v=JM`-sm&^z~E>i;Qda)!v5>HBqY8 zeF()tAbWW$A8TpUbU8;y3dqGDkn6!o%1ExzP!A4Cy@_EUqU4pi<@!yCNP!EE59FVC z+K)yf{2(K)7+@&yrs7KE~r}%9IwUH1Ix4Ablx2(f+#n+*)|XDtBcBLy7}F z0`-4o&cCvH2AXPj6>2N{J4Ja&d;U)4B3Q{_z@m3OT02O|LIW(u9^MOPxz#T7S1tac;MKuN#n z<`VKPqqkJts7g#e4WPb;aG`IjfqIufE**10z%i1JE>f2z9hOvZY-vQyiPjKHDN8z3 zE|ZsX@tUf2G37>6*o~yc#A+dH!MoC+<_vh3h-Q||Bjic_u$~MFWyd;{rKD1PDeIAC z%ki}Z5%srzgb@4&v`a3i|9c(O2kX#;#anH$IAce)tP5!?w#zb}nJ(7QdMZaBDIXtW z>FcGouv&07eN_fkb|bs)Gw|#Bk9s8_RW>GZPA35{5xJI4xh$1iFSXatEMY(Vo znGSHt&Gr+Z|;9T zp*a|aqM<5cVYN|B`O{Po1MSk4N4IsjZhsTUtH#}HNpCBR@@AXe+?eZaJd}Pf%atp3 zeBO#<{y)BMH4dHTF8J@Q#>w-N_S(%Qp*=swmao~+isij(KmtcV)P;2bblp^g$~#mD0>n7- zWYabE(1sN6k+%!(k&0+9hzADXg}!Kf0q)RT*2X-3B3E8d%POM3IEawJ*qDaZrZBW? zSyjjsD+d)E1c*vpbY=PW%gBB*P+oFs-&`~5@@*>Bh$$&8&yDDv?fOz(qlBAKz?U<5 z12i-8-j`JVrslVDjQ;Wt&3D0<>Y0_eypk&&@FfpL<{b{atC1If3juG&c>@^?1}@r3x3o{90ErFI44#8`94-Xn`nffy%L} zKYkErj}ax)zr(2y3QCsVHtETD>0y_H`m7%Jjn)PDS4F_S9EeuMVf0HXCq^Q&s7txS zzyeVD$*ZO{l|&o&GtDLhC!ms#i=2$JfV_Y=)T|F+G7hmcpA{UzJdjiK5gcjvY{3%6 z(vmI~HNjHwR2jBJ3;`E1>FTuTqE8OJp5FK*B*wea0*Wif>qwd5mJq~hM9|RlFCo4H znHGKnocsrqC*a}nAqw2gQSDP-OKsCLrLz0q1@=)Zx3Sdz<2YmgvESN1+P?q)EGeU3 zDs~VAc|}xl!A6MeI@QWMlVo4_*p@9^L_!~YMCT3h?SXGs|8GShw0PuuT3tI>_q(_D_zt{Qp@} zhAr#&5d*^GD7)G=wtOpCS|`3TE92y<+bJA$KRn zR>UlGN`n6&!y<{TfZ8^#6k+mHJ=3X5E38!!eb!pbF%s zY>nT*FA?FoX53T(O3fTj>a+^L&t!PBlB#i?QGIQ6fVNgLt>Mh;EXy>I&SDBk@LWWu z8J%QaqnR0U6^i)7hjvJb=R7`wFST8GCkzYqoax!fwUiHPE!$ZEd@_X@;3dzSn*`}N zr_c?EmwgJbu_xokyOactpVJVMSjsiI|0(rI@wmlh!EZnlL+db$HVS4rjMSr)SN)qo z=dyG0_y5`L4f@^Q_uby0dwF(!b$)r1Q7Y@`5vx2K-YE9k7SsGjJ-@OHrT157-HS4e zvWEC@>f3V7M@Ij!0GlF${0L1SY4nWb9N0gDaSy9(Yy z>_^ts((h5u{#;W<`QMjM{ZrzjH4Xtwuv>`E2Wf+GJp$t3mTyAFUM zey5(xR#9La@Zv@4EeV}l4~fV2d@>gM#|+V7{AG-|{>#VA{CO`9IyDm&M>De(2SrDk zE*zWndcC2uQ~YwVJ$yB@MauEZjiC6FJfsk3C3Zwfo;1Uae_8L0Isna5C3Q!W4AZDM zGC@0AK5ipMIq^qLKFf$5(i+`rR!kJ*DBv^VM^ohb5KqfLTiD03&=Rcm7OQeB;<3pm zML-D&l?-y?2!>|-DD@x{K%nCZN1lj5c4)w=kGNmN=nGBO= z;~$$DoQMyFB%Ud6D0U-AD6gHe_Cw-%n9)eyQ4J$+yb0<67756p z@tWafkjNF24|t(Xt{urlid!$@G^;iGskiQpr0Vh?Hv-@g2ObW_)dj(2_x~p+nfPD( zM~B<^f6tRLXTU`E%WHniq`>urz;6^4eP;3w@sU298+NjwLp1;_q4p{0vuOA;a=8|@ z3N5Wb6$Qb9@u?2=<@*hxkT$@8`d3F4#mgE zl#2gT<6F!61h0%=zOw~}6>$uGH8x^p0%3 zM^}M-wtV?m^p&zr#^=)3MOMzG>EucfY@2|LiY@&x_cD@+FM{LeCYPXse?=f0p(GFF zV879Phs`8p4!2b!JO3efh>HCGNlxI4`Tz0Z@nM$#9~>QS?LVI-$)GUuIUe(n2M&1U z$2>l^i})tJ1`A}%1j$0z!hErYei=}fwtWegyAmoMUI`HpUw;)!xE4C5oHaMCOuGx+ z;mZd!8x}NW0IGM5&&p|j&8|Erb-XU8j*?R?@j8hUYrL(c99wgE71mt`Cy+7XEg7b_ z`tA1y_brpL3Wf9LlP3J)sVMZolgXt~&|$ao@$RP8KxVhEP`hPYg35fY`b~Wp73Ahj z)of#MpW95d)!aY&opvf?dzZ2}E($xbu4)*NlnYNo;Py+zW z(UfKFEFEPdDXTPcRe*dCo=@6_ou-Rac9vbKLL+(Y?kRN}$(wdI7&ENNb9LI2+v>Q= zNDr0$nE!I8&!uRTOo$VktlDqs)rw}MtW1Fo>4I>KOZt&|-MMHO$8P9+q%kaQd-2%m z7dV|6M)!z1v6gG$U{)Q))r%hOY@8cBrXa`6Sc~`t-3N-z<&CYkA<;VlNo!qSI~@B z)rqGTWVV!4bLSKhc~~ipd}fJD6Y1re;v9@JueCJ1imIWUYBmQLO+!9E!?X<^s}wI8 zsf{6;%peTB)o)xXU2iO=HE;O2ky-ZYXFWnIfU-$aGvoGqpf(%VygCN}9AF`q#h%z% zJ{yH0q5Se~zlfBy8JIV8LPV#`8R3UAhArEfko({aa(J%&t*zeWeY6+XC>}%&Wf-yf zkUT8nyh|LNQ;iq;Iq!pnpTSE$TwvjeTLW`4A6+2~S1KYd4sRej-6tnw~}`Fhl`Mw4+8W9#!`P{bz0_u62;+1xU}BD||GzcqC4 zl`EC#-`A1xo55Hhm_mX;5M{C_dT&##*stC_^LNc~IRhDB%=vvC&Cu?;4NoXdFw5l!X_n zu6YC%w2wujX=tUqPW6s1QT>5cw2q5#tx$Odq{~!|V41pc;c(hI#3cw-%`T0$WkoKk z5Nhi)idmHLCMfLO>BZIU+2Fc&_5Jx-w>RiqpAWw4{=KMUZBXx={|fu_v%mfI`rY9D zx3}H-n*jAr7$^QO$9^;V`ES#o|HGf%)xnN@R`T8HHMpkO#laYKuFs_bE2fA6C~r** z@p*T3_3olO=v-f4oS$}X&aW;9r@ii3_wwevbI~uxD@7WGm$gZhvdg#U?*`YMn{O+C zDg<%%&9ds=u(;;w#cltl+Y^KR_WYvzbeYT!QC4lYxu#@Hl?$#+(ZmdT>f zXi42FtImu=ulxS$raSndcYf0yTzC5YAFg_5OFKrsv>PE|d`uBj8&sG?+FmrK zg#eZ?rWC5(%g#3!-4aZz$4N^l{oQE^tm9@LQr@PGPhdb;Ye{)@*QJMa&z^%GHqxh$M-vEAM5SZjav@R-UboZh_69ds-*qoP z-Plz@+8Vt)wkr)?(TZMW*aQ!H)?r&0;mr-1HE}qQ+I7^w!{PUc;!#c$WX9?Ivfn+u z?R5wJ@6N9W-*t0_!Q8RW7(pin#4}2dDk-V=23` z1QAP)qH?LwY2W82IQc|5gEww_=VgcqxV`SX^Q%HCT?(0^alt!wkMRrRi|U4y%&>rN~18$IvfT@N|CY4?3r(-F{!3Z3gFsBHV`7tyY(?aloHyD zCty`PzVBSzcKe$^L>6H&CRGtBBc*J|O7QP@FK>E(ADs0|*lvBodC1y(dnc_o$A^a} z$NO*g(P8uT2^_ulj+!U?aD)yI;L!UEIe2q;vcKQJ!5A^#U?|{p-oRwMD5O`P<;Hx82^~2d7t;r?PJQtG93a-SSsA7PcR8_i8j^h!?cFjO+u%?+Lv-B`o{E zz`~--4l9@4n;))v-wjT$`ZxW7*kMb%mhM@qk&K(W?$SZC*;?gTR+7EjFYKq z*4%Le4(S+i(R{>^*N~SW=|j36{0#h&568eGh{@G0>CGjfgzf} z874G+aq`vPx>}7g3P=yh%7;~5U9HgD-o?_R<=PmkCYG$f1+A#1XJ3XKOmdeXnKlLU z>0jOUPP>C%w|{kUdsF4~oZ~uuX`al8h3L<8s#REQFD zvp&GyEATQEoGk}I7d<~aHII6f3YNxJpjcO#QOvE3>AITny4X1#w}Hr^V#|*NZ{t?5x-Amz?s#ani41v0z=u%M2`3=C%IW@jQxH zp+K?F-s7U%>30WZm&*B=+GUWwyZxps9~u;(`q!P)itw!Gj}`!3@w)E$OuEwHR%`aK zFK}bG0Y2ULB$k0bru#|0k>~M1G2-D9{7;rlMm7Y&+Cd0XE@U$Hj`SiMi~p+Ee*hVc z{+x0d6B29AH6nIpx|WU`hld9lh(_eP34{lVMb)%)Ug>IF7Cvs`%MaEWGS ztYXXkJxZb&rOinZclTsLY3|qX_Nr*}%BS-Q6IvEoq6lNg{5==Z>gMt5c@f1(FLfkZ z*6SyGSXF_vQ75ZEgj-a}v}|@y_^5lqbMFC4TztX~P-$UR@ysjYg9^Jp9-Tgu``$m6 zZGTluhtg~8%(ZygcJ*!d;{8Bf#+S zmABU&SpeJXj?aQHH+xsZcd7_n+?-)>bQ0cxo!u-sb+#oRg)loZGx1k9K8t6vp^Oq$BI z!oe!ZNWD@L5D)eB!z@WLJ2xGx&U(2d^>$0u_BinoP2NILrL4@&wgyKd9Hi#Ok99OReF6obxFF>=cSVuVcOs~33B`^4hM`wj$Hsq@aLM$-2qDd zD?bAixWvQ37>o#&m(v0+8A!Tk2uzXL5dqGss+uL!Nw)FX<`|%e@C@X$c#q{Xs}hdZeR}af;v+zz~DSxU{-M z5EGuF+tRm;KYVDvX*OGGC_ZFB%iwfR27V9&&uqWijO&yHoD$zha;sZbCc9V1$m)`A z0<8$~WDAe4?{ZCCT7m8LLM`v#$w54LkA;z?OI|NaONH6a=&#^$N$mm+X42Q3LebPJ z>&>5QnMa{h@Jdkd$Q0s0=`Q}9iLU#>`dzbuWuOnFC)(i8aW*A{tAoS+{e6-xSkr_0 zZ)3uze)0u+-e7{DhbWM)e~z9`P@lpF2aeI#2hC=^Qu&B+hoTwuu?IP-|2aDaWw+rL z$nFgsgSxzOF0Q1ZX2-f1gu1oPS1x=Uugt7vO;Z-e{DF(8euy5)ytLKIo_d_*&t+8x zcW7Qv3qUIHWt zv@?6XzN9Spo6|$kch0W?_)^)D4xs1J<<;I2dJn0GJndn2-jNt^X;sl+TY zkF(|6FqXm;g)1?klI+wEitZ`qNKD`V+s;qm%f?r)z65(;w!n}gc(-hgqLBl0xr*b zUJ+L)n7&nW|AXfK z!B+qO94V{$Q4<|2_w%1(0*>|nqsaG{TpifghjG29-8yJ=t|6Z=`{Kc%8OjgYO9u47 zQ6TxW;Xvd4X;O@`@td~3s zk(+zu&$JV}gK^cH$J{F*xsm`lU_zLEuN~K!WMld`Qbh}X(;;`t?@zNY$7Wx%C{{ZI zKqDV5!90bO!o6LBmSn9l@{)eqwf~xcPLo_}t9G=TiUge5#D~zmLxGnyTCnK4U2xw} zTv~ZO#_omxH8mQ=qqO7_xf=i1QIZ^y%T~SwUc&#IM>+m~yx%Zj|;+c6>I{9 zF}aqNQ}nXtg>M1nZTjk0L6s!j2EWy8=DMIe8DNju7hm&#f9km|O6#ouka$xPU{2^p z)_?2h=peiP500DL_5U1c(fY5r{Ff99iT7SnOZAdAY@20hvcti+;S!37Sd7!Xn2}t^ z0E*?f5;kEYacLV!Zb;Bu9NEz7HS|0zq&(;=Xi4>j3~3RB5@b^1Apimb;uO2At6ej7 zuO01TD`cazJMV-9gsMi`wmTjUIHEJ?w?S)a#5rLt_D)sPap?(~ zYPTUhdGhu?Z5KF&+?~jqeIr;oi|l+^zVd}NxzYw@p#fwGjVzV9p2LRkDQO-4zp55s z3I9KC?l&|1|FCtuzvchWkv1j&*<8AuRjODo4Dm)%Uaus@!OvuYKH|j;e8tt7<>1bm zEZnfkDD)sleNG`qV{OXI=OJo?9`St~jBjOukH~L8TtP#&MoFp?Q;j^K830VD6|-mj zQWZ@xdwneJxGsqTzSN35Up(cDkbkG#dBW7|?I;(jBSpd{T*pE>Ul7A(Q7o8cFpBOJ z%c8%OTSKK#MJB)l>}{)7|wy-F=?(J5Lk;jM=LWWNp9JUsD`E z`Z9#?XWxIt(QfgDn&T3CT+(L9){UAOgCX6abz)0;qcMxn`Z*sZJgX<&JFi?ROUigC zqJ$N;G(B7x|1-unug!5r5&Aoa*~aK)P^!^a_$Ji1;8_SX{Zxv%AjZ#AjfRD_9jB)N zL^9mOo#+EfM*xU@TUB=cPB0Dwo`F?X~cQdBk4TW zZ0kgF!}Hab)}mC$Va>D~g6zgQ_$cG^>M73`Gj55%X~{906{uCU zp+cv!f>KP?dS^t>IsBWO*WUzFRnBbMfD<=?3ObZo4?w^iVDDQ^#;?lkKNpqh029K{ z5(Q7JH7tf~Z-&RP0^>uU{8`Fy$yr*~!d3(sJ@UBL)BVHslF{Z^%O2SVc570!<&CG% z_PvOwl!cr5eWe?K#+SasQNssZS`PGzIQFT?A8f5jN+R_Zt;b^N=Rq-sQkLJ&>Y z`^+CU>sap*=J*rk;Ikki-m(Gm+daM0r11GDq>3dR`71JB8Lv4xcLQXa=y{kc=X3uf zirwJ{-Q#=)xOlX$YrxXEXM9Cu$E>99o>!vSs*S9{V4l;ajk#J)c0~q1vC1o-P(L`R zWCZj_7E5Bh>yw!LsQE)*o)T(eB;wGd34k5PyyR}8*nigNMgCZnL5H=Tl*91Jar>$B zOW0VAJ&i`d0gP0@IxMllSHzV7JluZ!*|n}s_p0o8>0JkR5BJb5nN{k=k8hK;FyQV5 zf*Yf`s$$8Ga__r-jE-(TrxZLxoH?hz=5GMT{gHW6h3w3*ol48X=(=n6d;=U1Owrf` z4z5)X1VVn)SoPR9GRT5)`9&K3iMQTfR1vr-)c*%AVDhSF&`GFw1pG;0>4Mbyp z2bGVEpkkdPVsgbwTUsIw_ygW<=}Z;wr~LjukpX(Xrq{1~tMSrf?U0CO*u{kbzlI{$Lio|-ZzCBp~qH(AenZf+3 zt{iu7NAV8)Y0*$t=*e?mJk%8fMC9>GDzT59w+9&2|vx711 zmImUL?DBn1NxXWLj7w0qCIH#Xg*RoxCBptxx9#FE?EP${1oGF%v7ek6nfFQ1vnTH3#FH4#np z#a930?HJyecV>JBOB&!+%S9=ZDFAvj}9$Fsi z*zrtPhDGc9>!bhj`ds-|1GnqM+lGMJES`g#88ZLqA-bQ%?qT6}-91)W)|QT$q0g8O z#(*|3kf>52p|3c_TUB^gDN9>w3{dEkht9&i#tu@o>}BtyCDzl_@e)9Z*|f=<*M>>2 z8GMjs$qSb@MF7((Y8a-bpZKS1*f-x`S`hZSKsmIU;MF?;4ofS^{}9I zPZ<{&|LYUh!84rCH?bwfF}Sa^J|~CxZZp!8M#T-r7YpC1F2&HiTV!z;;l{r z8?&2RV@gFRlpblmiA!#V2Za#60Gt|rJEb};?!LekFLLU|SM#QebH~H+BQ&7x#s6DJ zHptgE%ro3Jqkr17ytQj?5v3Z0fh;dwQdd99g@-@=+T}5|L zVGm5={FrK{l-brbGhayCEaWb{4l}hB!3M5NbmiMtoQ`F=eVK>-VX1qXi9fOK@fFs6 zd!gJf|HFMZwrcEz`yS~(WgT`-&fXk4t^(0?O@|SiF8GxHCMlzs0Zh+&pOy9j}7WHOI@q z7j2bv&>wYmrorXl7>qQkBZ)`8p8I~1Q~>o~<#wCjMHe~L@=en4KU^B@NB@{UaFf6KB_m#3Ea9YcD@?Ag>?s#R26I=Qd7?WRy4L;SH{QLV77)AE8xPG(1U`tfb zBFq)hp)jXbV+cC#(%~jnI4>k%B2m zH^x)uW$SG5_CjUt>3yCwT;sW0%R`rrSyfAopM!tLr-ni*U!0wKJ>Cw;2{mo1y8$a3 z@8&w4z&0Ij;LYF_07!RcS_`~SQSQ&z#fN?5(REU1NYZn{fMT&c1%sXoJ*xisR*C5I zU6{->svQ?IKK;*y;qghKw~`A(&;h3yUN$asUo&R>a37z0cUY5=V*-Vy7MRs_ywPi@ zHV4E%-UqfKwZ89IO0Tu#!Ll3CdV&wgPO#5{Ti`>R;=~n6k>}PWsY2J`uNgmeO~l#6 zx)KxL?-8XVhCIh6D?(8rT;(2$Z=OG0Ma;1lQOz4urBC_!VQHaPm>9#9d`_7o6tArY zMogVrX08_hD=+ZL`ZQK$2h8j)8osUVaM7m#krJ9dfwx8>~*_8Aafav)WmuMXoR{aF$`amV#o$kWwU`ysAi*k!#8KtJ1r{1PjzxW%dsH6 zUSDkx(Er8*DJj3%D7vcTwdUa;F#0xl@_R5)x2>KHe@gWZzNvV)jyu>S2_x))Tq@Ef zyK&jh29G0ml34U$;up|j@Ewk}w#L-FkA=Nj+bBbbEK)9c(%i#8365~*6mw5XFw_Ob zK@~~U$8`xl!tgnlK>?0LasD)}{))}Z!TV}gky3pGm%V`=4T5IM=}m@GGOfR`NG^#_c1e zWvosbJT*kk{v$0D)6z2{Wto+{!aGPTQ9fib}RJUnI7k&aUE>dAIg>Ok-4-8gclwk8JHhsxd9PdnT zfS<}t%RY!`z@QHSL@=2f+JDtqf;WD{Q22RfUqGbnnwqbZCNghs%vk4JC;7@wV%fS3 ziTyUHfS7{uz;B13*rP~B_c<0AW9co7Jdh05l!QU?`%7i%Nb={yES55;L-InbhqC)) z8k`!e51!hW{HKsR>PBGHm^FdTAj*-dwdBTF>Rjz^1G)4vEbBzrZ}dNx?Q3)%n`~?4 z=c!)*W|sM=YP}Pyxr@oZ&7o|f-~;+$_i7lHcB4Kt%LdMLOCfp&2T3lI^$_35-^;vo z&NGHmXnO$F=!B}ov*IZs6qM$2Y6g5*8HHS==C+UmL?_3EY)@GhAn>YvSzMV&=WbGs z!fnq_{rHOPjvEO0#^B;=H|B7Uo@xSVPk}Da-*J4b0eqp8cIB6?#rrUW@pny`g`xJ& z4E=!)X3pVaN`BD|nc95D*?+l#Dw{m{DAm9zORS6)TZ<&%XLWNGbw^col0-ce3_I`% z%?!n$3$$n?I+@KQnz>`@a(xtN(EbX%*k!r^dV9^TzX$Tmj!W_TtjC~p-QD*SxDeMU zmF@|1;GjzN3=kO~mC1?@Yp_BykgZ|+xZr)5W2Ov=Ob>MTDf@;;R~_t>n=j!LK#FE{ z{$L#N7tZ6TY&#EU(C>7a-;z^aIv7&qWT%w-(EmJMgvih!4&Nq5I)@xSkK%Z6S9ff< zI`TMbjs=dQU0Qvg3ZH|HPJn-aD{}zAG7zXePnZa_gms^I6C^*GnUtWuV5E6b+cw;A z0h(L80|=cjFaGghyabhf0;y<$gl*4lC*NRVpb@|k?c4+T75^E;RwDfxe64ZAwNFxd z=`C;{q46BEJ{3r4c_2tgc;omaIFk$r`s@u;YSZnj*aVBFEOW!sQu6EiVaK9=0!*e* z3+s`801h6|0R{Qi#=ps)@40tK7U^ezseHYerm6Rzki%_!K-04GPeF>8GxV#B|00!s!@5a)< z*|m4ldmvqrgEo-T{448>>f~J? z{{W_53bNvrZT41froRO~HiH2b4U7!tAl$ftGw*=}dH8l;-(1hvkMCos`fY9J$rAqP zFaZc8ycA@&*1ZPmS#twVl=w-S0pLcmufV+k1z>OB?D~KED!>Bd98z@#kBkwthyI7= zD85}#*hTX&v-qjDDTvdDu^RYS<@-+*jMv3E(71<($Z^TKep&w>M^aU3Wy*{u4jLUD zs^JVK($?rf-HYn|xOZ&eg&g0|yw(!xVZ}=+hJ!F)VlTp7>~c~;@yF44=nF#c zK}&wmN8U#t9gXz${yA~<+hew!<)Z$_rChKbt>cZ3hl$*Q`&P4QdE4Ldf#tNB{XY(^ zF_RBYdr~`QgK&-4>-pYS^Mp zebEz|>=$yp{{tDylj_2?e-pc5@9$#7^R=G+9Ck z1)6KJ<_GC*+0AN{Mz?+Z{&0+OK>R$d;FFlpCf~@xXZ=KC7es zz^nhpSqh7vSiU3LrMU=GEM(%kJ!u`>Rsd;6&zd~rFy(fAh=KZ)L!lK;Rm2iDfO)-f9GuC zm70T9C{b99S!Q0gy|$q@?oN{LzO0G-h7A1cnywXT~zP?hSwZh%DggGr|!L9X?Q7)&5V` z&C;bd&m7fT6)~ApCCvC(Y=RlAZ&996A zeV{vLg+Q;cCn{KMYWCR3a>5bB8tL!M!~7-#yVxYG7NyWdF&xw$^2-hp4#c|HPlXjE zvjOa#UnLS;tfuT8eEWUEnRWkS^u7+s`*Z%VC3hHD#H-kc^BEO1 zK^2wFBJP+8P$mraI`!rQoKoMa8LG@9V*|rHLUrYtgsnaySl8xbn%dAjdSV1n~^h<&(aqhYdlTP5k z!oV|xSOFOxcUCN?zRK{q+Hq&A(R#Y&zFTLYKGqhZ3 z{Mo?1lM7o?pwydf@$vOXcmQa8^?jI7%njhw#mp7nYJaU1e2br z!UTTmkm>|7G2xT<&kyk62R2L|5g8FNZV61r#xiJ>7-_NSTn!Ip^|)V!9g~2~rAx|^1sXNkwcS3BF3 zdxQHV3Rw($0%akHY>VSn{+Zz+ex{KCz-$nv-w6!3NbmW;9E!j_e02q%Gw(qy#wQQ!rbSPl$&tio<`fZb3eprl2t~;G>7j9UjzVOxLmoOq=D{>*QD81{`O-D+w9F0-`i8R;(Ja`9IJAzaRf4=Cq}GjmGN^sDZg^c|hbe_G#RW zK9x5?Ea2O&7as7+dtML($jCyf+xSE4mw~!`&m?%ESLTVz~^jC@CWHUE9v^1zfb)E}c2F{cPHttztZ#2vQzt^L8g+euwSsufCvP6-|0OK1SY({ zD87FPo&^G9)K3f_dxd}>SYJ0lWgtL0TsUXtO}T(LwCg_o{FBzYNa{0)Ko2wtar~{mu0~Z3T~7`c)z=0ETHvQ zj}*)+Wf|RP;Ga%iVWXT@>zvjzR_U`3LF`{h;*&###3RzX}Q^LwCj(m~us zT-e~>)^yoYi#AY9*atW!L8M&fM!#?fOb8#i`#>rC;;6(yGy2gfGhwM194Xi80;Hi zkBo5N@FN7km|_ps8uY`z7;eAw^o%7B(0zvzjV|IK;^5#|Wa=Iv3FTcHOXE4kt3%#s zKS2VI;7Y6xKdi8MDbaZNjH7_Xei9s*J?yl}@p$S-nPzDcxa+w@<9OVb^|nY7ZtEcN z1?p1NQ0&TvYMg1%f?Y2#{=+s~cIZcx$1>I0_r%!dN~4)*7SXj9k%}t{D5|dUP{)<{ z*47*`wGBw(JCCE>kvj$(B(5B2r)Yf;98r_7dRnS+5o~DuxT@Cl?omH59>GUX;ggj} z63FXsJ`~#o=Lq^655=kEF08Xi2Sw!~7FTt8$tEx2Ajj4WXJe9YgcZqM!k?Ay6eL04 z?R!O`SWfR7^@Pba*trhz+!s`3BX_H{7>z z!x#WgNu|K0Hw1gS|9^`OXZbcQD3D%U%7i2nd^TobFjkc>RS%^5@)LOZ<*T{LwagfQ zvU99%m76P&SPRxw+sEUdFHYqDmPe6CNyh)Xpl^|-m5Q(Z5_bc#=xwglHSi@r(GB`+yWLl%aLltSTyXslFmU=ljw^eDIu9 zUHRI5i)kTyiaK1je4MoehjZMJH1mq%PhFR#2EUs{&o7W3R&0ZuE+6n_gc4AlEeCLH z-^<_52&c@m3fPM8H~mrYp;TrY;t8gk3{}P$lt<*;F|{5bUJ_I6R=i2Gy7s62r<%IF zP}@W9V`+W(I|0xBVVKRPg$FT6HYT$>q*7uSos0Z@=blI(k~I!(2{)bbo)P~5PjEnP z4*t_$uzRMBw&fR@#1xSEB`02d>n%}ryHrbuB)IF2vv?A1(wxZ`O3S% z!USQ9CL{NhIObeaA5GCibo`2-6O{-s>r7teD&!)zv!JUz_=dzcZik^qDO`sP%wL0< zI258zyyiL*uweftPLE?lVLp<$!my&nlzAGhPeb%HP8iPI3xn|EL7~*O;;mR(2!sWL z5ANI;qi}JczegnH$8HV$YrbYNgeB!75dGjBo$$ystB1>qi`ep+&Hm&V*@CAm*@9p} zau@(rpyh85h&6geFDW4e0(Kk|sXlgK@<>wO69^ewtl0j-GPXcDU4DNKmA&#t79QVv zCH7Dh=1XXTFH$67;v)*%&DmuWdMW=%u@?9G&CmS!mnA@F$F!3Z|)cs)}?KIiSr=-30H#WPj8q zk3+q{-T5{;JTIfpY;fWeHg>m|ulhJ2a!Bp4&^zD;g)Wj^cyX)D3b1r0R%{y?dJW7w zU#$W{A#>9ex)JFoH9!BD4pS^3yA2ZlWfjfb18@8=%TBqXbj`w19A}TS)*t2`Uf!8O z@D#K-*>cM(vO5@F2@HLauHZhCldf-ZN$OG}!seA>qUqO?VNwurg>i*6%}0TNE-a4p zuR?v6)!Ej7UDt-FL8P}dGbtPWXN=I9Oqt)LwpV_Zo!l=271Mc^qzB=d2BSfuMG=BH zI|=t)*H^*agg}|5{&kjf>!#_o)C!{yz44Z|sIH-4J@pS%RYZpmXBxcf>X9kzFuUQ&O z+-7k~O!lwn!wuJV{p4QzStnPOa=Nf8&d`)TMDJb}uko{EVm(9Wg9Q_lzGjNEur_xd zL4DKjEDJ^ceiA(`E|=Q5devOB`TZu(=9Wf7as{c+e5jybzXwa6Uo(V32BYw!_`<=YKtFEqlzv_DQA2+r^Kay{!aROmCV`H_m$xl59S=5Ts|>y-hn)P_vmiDTqJi42FmiJ{`}8f;?x!oE;;n=JH%cr{CkgGJkxf$p+vWkB-$oTYz7a_T^v9l| zo%VXerb7E!#%)!G#)g}whLZthOUA(Zg`E$Mjh%Kz{5QZobN1XR1^UDh+PN9ztPbd% zN9cweQ{PgzXYV8M!NE(Rt?t7t#`cPi2Mg;4n1=pAl&6yju2lrgn6r8LFacEL8@r_f zS7-uKfttZUtds}B7Qtbp`9*e2`_ffeUAIFDTMvU3=6$>o-*|WACj(hQ9-Fh*+qOR^ z*vXX;o>qjPFa&6hH)gj)L;~%`Jjq_MNyxRtQZkibqu>buGNZ3>)ruSc+b7NuNiGi! zLY}#+L)@I%Elob$2AMHWT|!=_2w>be*65rAo_Ve+)})Ms5E6 zL%6mB2D5XH=<>KyN3lhUZ3$TLBD{J84HcUbcigVw2nQxBU(hwfZD%cSG2K$Gp7z_0 zy#~bck+*q?OZsl{@HF!9BT*F{E!n)_^;!L77m{=Y@dw^U>YCJDDU90X=s@jcv|ur7 zjAFVb=~|xr#oFpjAj4CTcR z>lS$8^Cxc(Pn*qYMA6C8EcwD}FtD5X(V=-e5=&h8ue|ZeG=4Om^HXkhCsChqcHlrh zPt7jMFDN5HO_{|EH~G;#_zbb4`;U6zWc;L~rG;5QEWHJSs~Mte`i=K&G*Kv)a?Xs{ z)j=fZ^Wf>o+sF;oMmJBFr5neM(X72So7c!);W5r{_k1VwrOxDGvvbE4F2-TD6g{ncGo z#u?`7jP_-;bP9s)%6D zwU>W|(**600qu`U5tv8dNe_8#yKxt~<-Wok&jmYq_YNd*q(`P?GOUov`@W3OWcqRv zFj(3EE50bB?2V{l$>sq(P-#YpkH-q*g27=U!a=27$zVdr08HorgHYARtRJflZxu?X z;-`Uipbh4!KUdD>RZ1)BgkvdZ4dG&F=yV`s0-i}1@}Q$|Yp~$OxxI)*iy=HbIuU2D z5`h;Ve5XV7omP%FZMYyUi!TZ9d<-qIwdRi*F|vx*^P39^hJ9pVL$pa#n(*I^B+}V3 zs_iD4f4_gmuCt43Bk3T3@N&N$nuLgC0H2H&_LvxL{0TbI3Q0%%uH@dNgvm3gD~Elc zL>Rb0W3qW>nXK>%8a?!lC4uhHL;PhG(t&t3nS^HAUv~#%4MF%NOq3=T{%iK0pLeVn zg*2n?mq6z_+AVy*p6;$MU3ov&+zIA0;^#E@BVky#5M~n#9vAp1bE#j9#t_1)wM5X+ zF2S`Ac0aR0UfGetc9j-L-ItLjJpO)}8^=GpteMDuyL4@@^mnQ>+Lqb|t58p=3dzAafgU!-5 z$NR%G;JxS33%zlID43n7)L5~qxwBU?olBKuKUub@st?RG<(sW6ky^%b<}~ z+tNbVasr%4T0DrNh#EYoc5h9B1|LgOX4({B>aC!yq9VAG)b)b6W94QzLfKwzQ3s%i zI!JyxVq;ClIdY;PNPiY$pi@JNmybl!uMf;;UklaLM-R}z{YHm~0VSw|*=|m^I(w<`;JIxqrdhwzTKB07HSa#8}`wO3ARZ8 z5Fz&~mM~}xyBm_{TF2PMeINewU?*d}7s<{m@Rq&1x3M>Ss<-wp?o`Qd&J5fX`=3R% z;Fm_-(hyT;2ACD|Sahk&+PxQW&D&;Sy2I>L9uSt< znxp8*vg(6r?#g8Rf|FhHrYzeLiWuGt4q@ESykk+%ACpnf#}wromurN4SZSLG26XeS z6viCLyG}04lee1298zc{AHiQ=C0(+c*t`u|7b!(y$mi0;>S*SsKKA;0BlKtc>70WrpH2ZoxV2vSS=M0=j5Fhv3k~K5N`jziOS?q*eBZfLeIEdIK$^Q&E@IHai za^viv>tun}(ES9V${jG+vC2)(aF}_##0WxTw$w-BvX=f$OzkAXNbQvTSy^gJbGF_} zuKzpi@)k;sRF85hzg#I##9jB>pXu^~f-Y0rG~ts;#Od;#x#|j}J`jDxY91HGO4gzu zC&x?4vd7j%c|9p;o+~A3a&GW+%y`}ShZIhZs1)zW6?zfIYu0;+mqK80d0YcjV8kW# zBsSd+#%I6}b=L+BZ2nGhTBMT4Ka7|jq7@*tgCVGd?tcE&1w0GYOfMem3i}Jw&7J$5 z<~cv)#0Lw$B^S$w&u(uIsDQU4FE$<|NM+IoOK74U%cxgY)2<*cUYrCFZbNF(4 zM*?ge!pmNMErvYLu-Y`vcZS7*90|Cz7XRb*=XNH2za}y2@MNf7RExj(BlMCj7#j%} zVuPMbR$K|ef#ib_CUz*r1HrXCb`ri~u64ayA9zF+viX7-yoRpYkjDNj}Hn{a@C`3~%4 zvynTIEKg11BX#hLWL=OKf%tixslS!@%B7c-y6?;alx{^t2#zHS$5Y%)zYr_wCij9D z?)jYVj{LAPJo_i*X}gh_{z*lOO?1t6BV^#lIy}iL1Zzi=}UU59wDyFW44$ zIl9h*UP34)ggMB_z(Fg^HM5d~3F3{l>JmTLzaL^n(f5l=b0WHjbq%71-%p>>;km?X zp6v`LeL!wbGyU0jnlv#-s*TqwtyzVcHR$%tE|D-xk;O)}4kHn48m@DH1rt9~i^ILm zgp+d2V?1<=#ybzI087q9*~!y4P9g|?2xSfjHR~#rmjmE3g##dQa!Ze=a)yEi*mpM| zqDoV3EjT-{Z98NRN=nl-Jcduo6VjR%Tc=*}NsKY{A8RkQSvjdkj3U-oqJfFJ^e{QN zei&^syz2IRIzC~3(U+(*)h`e9TATz<8r-(MzwMkezUxX<7#Zb>2iDY_1R`$fUarK$ z{q-R8qkqfe7MKOF2KSR{Q^jrD4_a+;Aau>O;Yo}-G`n~82L`Y0tm#vAyN(!wz3k65 znIV0^aujj=P`(sQ+m?HIQkXV~zE;~}gQdY61o`wsOhkfk_zY^32uDpV!Kem_*)$m5 zJ4W(4f4q03;WkcJoGM_I!%jOKP{#O~k{3zGQt2(#a$6=Z z^4kbgC#}4wCCIxENaFsGWd%1)HFcY9k@7^C4a*dTHu8>)`?9*)a9yvSB_IcB0_LK9 zZ>>LKyE&UBxPD1^`39oPSwLI7v%JO|`#x#LFwi7c&3QQotBR^|5JwoEl*PXYlXnm1_S zjb%4{H{Cu@=NLZX3y*RycZ}Hhv!3iYTh73pqMM%V3&|Dto|UuRKzIEUpuOk2eaXxC z>1mHb@5*_bZ=G97U0bZCP{B>pQNVYfp~0DJpe+98ug_U_YoC0=tkjFFnhb1kuRx*z z-@&O`%6Po5bL&wFQr{H*=f!OKTUVp)%zW5vdHH!|LMgPV%%6e=3RTn9MO9BE2n%}5w;kSAN$M3cC=?OfcGzY=E25H!%}L9 zh#$yCRA7RUkev9aMBB!NXM)d_M}@3t$wAXt9q*>Ww{DcnVCdj8bWFuK5R!wAFC{4- zjTC#@&#^sXgw0KghKO&C-cA5YEJVsb5%7^N65Qt4e>Td9sPYvV1#21K{vvLjoogZc z`l7+>AWiWh%jqg03nBPEx((gXL?Sr-||vJQu@?GyJAq;@0jl8s$Q#XacC z>cmpTqc~#ZV&zV(e@|Va&{aoXcdnZ^vBh{M(!~@V09uJZckK@kp@|Rdk!R3ekk}pW zq`G*gn*}AQy@j)8wyL=^v3M3VA)^N}^fpU8yVhKulq*I3?n>Hongf;C2M(~2VQ`VD zrl;=xvrEX*!PnD|YyUz2FUeo0a-7&VlX^#xxVXT)LOGu99!1~M7ZDGj&*dwMANw6J8xB4}i1^FX zi3y1aKaN!L(b8-ySw@lQjv(@<)ILzwHU-0nR^Mlrp21ic-%2VA4r^P?sBKee7SBtN z@Kf(q?fQ<8k-gcH;xB=7MSTfaa)_xdpKzd|PaiUePbH8F_kw}o4|{$P#lr_ElN*1z zm>v1n2I=D}xHmj&Ke)F6p4`SzmPYL@h=EQNo?5x|B^1fryc6#>p%}QL;%XNrpWsPP z7EeUIgZiD~9mC*zjG40SKHI>WPG;AlyIAAesFW6Na}J4t^iPy^p-QL$3~=Kdwavw^ z1`oPa7-L^{cfkr0k8=7vYO;ZqAE0noqjBi#Gi-Wj>lyk6MC&)S%>_X2@Mny5%a8I| zfrloc=7Ix*UI+ACe&PS~aj|?J`uVG$T?qFi{VlHle&-r89`P0#%;idDzvz)OkT~S=DH%HO^l{nE8Oa z8(DjxJ@)#CBO24Y$he^;35B+Ms86DyUar0mm$63~%RYV-ut-WzYX9G(9cw*vUW(aS zhx34(l9NJMdqZ8D>))b9lIOa#-{N*jc=f(AThnqgP=r9PsnQ#j@nn^BGd7*X#vxys zfRF=_U$ZeHMqtR7mCCw)(M;#5Z>5b^anRf)ioH7^Y1yYlQ*bD_nC341~j!l806zw$(n zc2jZ+>fDql0ba%#3R2^>W=DqiBaYpGo@yHQsG5+%VS?FN!A_(O8&%ZOD@Muz|NOv_ zq+b^NSTv~%?yeCnAV?*ImQ4SaJG>Mlxt2BA09ztH?lgm-&w#cINn)~UYz0>lDrFX* zq~7K&|0n73(DTQVkdn3(d=}SJX%xv>1m<(V=Lq;?fxaJZqBEZf86}!ukiN?{m?)NN zVkw#)Y%wE3K!p)ch46Q(wytyBzi!_Hio`mmi9M9plg6_gIChvWn?uc1)AzXE?*<~; zyjX9}CBT_dc=4emwgjiP0;)E_Fault!$1I4`S-v?nLx#D|A|LzD0vfw)WFbN2eVWIrS;`GJoKw|b%z}BjrlD88sL*#njf;9IMPT_bxKKW2Qu2U8Fl3~NR}hmvnABW;ZWUI)4iA7XK&D$ zl$M#0KtoQdiJ~RETbdNoC%1zRkx%+1_2pvP&V)Ow^9u729x4rUm4#*$L?}d&18J*X z!5kE5XanS_-}~xcxdn^^Y&d|O?>1}+wcC0&acp~#(-lSciF8)DtED7q6?^2rb(^?d zM>_;lMLoa6)F~L3Ru2oyvH=?DUHwey{@2BPQRl^C(GaSwOa#pncbO>l&*-b1`Jz^u z@PkjD#oTIzFR4Z~bxCV7R%!OTP;&vov?pJwa zPq`U|#vda&u=Re;uJPu2H7;n;b-G#(1Jt;Z)_KMH;uT8SqJWds<3hFw9$O?@1^HK8 zX_RDr-xB!BYMlnx#c27aKfO?kWOa*l>U>6~(%l35phQ`dE4yD2tWI}tFN&0cy^?_e zJlxP2p3B)9<*M#)>Dn2LM}=J4mt_?!P@yy&W%lFPpEy%ATop7x5mYF=8Z6sz7X48K z#j2!J>k5=e!<^vFfxHAmp6J*P*PVCFXww|5S}Ws%RSOIfi71j|2za zgvH+o^EP~%>?PmUYoETNp`8gK70`8nB5CbDV=iZz9cr6l+xPa4PHxyR-s z%WY(Ztv8%<^Oa+wt%ZU<+F=Wo25q+oSP-MEq2djfCqNDkZ9d^hl)F>jNMiTjVXyZZ z%Z9LRik>aW)M@xUQBe8+@B1(7beTE>o1Tv=wLg~gkq57WQR_*3jVNhea4NDGW>rvn z27(p|L#*!&H(g1r=`;v?H8?`ND}(Hhp;EQoMzaEi)ollR15{|LN~WxmyrpkUOrvck zjJ;Vq_#Lh8{0-Mkr;{q6JA^-m;{TEJdXhvGbI)MDzl=mjF-4u8R6FG+9Jk4g4w2&{ zCAWI9j^QC&?;-DG89$@&S_eIKhhQ10*X;(#G;>c^r!YsfMUHW}HiyT2FlUs=ui#)> zExbNE-U<-B#ee2N{*`!rY=(nYF{NP?aJKNW3jL=jjQ5{% zOxlpQTT7;^yj(-s0&=bmziWah;B7piN++O=jGcvhy}Isf=oU+%}yHqT^- zns8)U`AX{prAc$!q|d=)NJXvQ^^o^~TwZ1r=1ws+8bgL4X#`3M>ug34 z_}Szgu+7H{-uvmohx_xSq)pH9Zz-h7;y?<@;;t)#PO~8XYagB0QPJds>TL8Z)YqU|&au{cv zy_Xr4ZAebbgJ0_1mT1qq*vKfU@~&4$*T;~n*e7#@UBb#-Man~GZK2C{?I&xpx@HP_ z+C7m6J!IWZnrXi__E=7At#Q4M#CUp$bT*ZQ4jCy1cRxiO%Vzq`Tzk@HxfZ>@w7u3< zlU@&WjB%6hXloHROd?ycodnwwB-84s;Qj;hu+5pQ&7h5&Chu0QJ|Z3*MsFEo6<+Vr zcQG+#Cz@83VhU%vgrj^d>*nbx&N&Zn57t7xU~kH}!rq?4wWqE`K_{C2AeJy@PEvC! z`8V^e9e4zwIUK)J^|lJ*NJT*}W=L!t@!IjR*5Vag!pW_QohDbkx90nq574!Qo@<4E zE>7R(la#%s2e6~F1EPJM z(lJl(KRXe=^7P_ zcrH#M&gGWgIKpXU13E6WHQ=kyeKZJajyCBTdk`cu?rn$T?IQ2eEH7N7<^2`g%BND~Vnw!gs4EZ$6MMQ%Ma&T~XmR@$5>7%0g1%ja_c<611LGXlNtLh?X@H zc@S@^>fqG9oUlV_*OHVQo|>rM%(D6-kh^7xo{*<$%VH`sMF;2Ar~eI()rbIXSMVd4 zD5DP06-~#Qt-kNYWz&P}h?+kWyXX+pLnQK&_+{=CP^-NB3Y1-!sN$7B8ASC!v9l=zrTTX^m<5Y z`d*ZxTyN3HtuJ6h+lJ6>1hK1xyII@?xtAIDRIrJ>JsxDxwW@&jup^(!`>+4XbY415u8c24ofYRSf5&$*O6!AbtLyU`!FTw^f6v!O(To6jiHt16$ZixkJiz9j>i4bb&hmaIu^!O zQ*n^GIMmbZW3b=unf28DT;!zhuGWp+Mmgb-#)1Drno8r~BJ@e&eIU_T1F7t)__*Lr zS%!`N3oWCKRGH%9?#)Cmjf>-v?v6F3=j!wj>I@h>A`#s@-PqS&^gPk(8i%iLEtWKC z2IY0x*!*WdWE$lOK~+P*M&n_edXaStLIUkhKfFBxD!-D3g8s zXszfzIFlK<$C>YX>bp_#uTw`oI%iLaDJN7Ryw?{dkXjsx!ivzO1Nq`Vrial}tKMhB zSmvVw<6a_mwK%#G)fm|gn)wiM6rnnQWNKqK*DOAUsVn*baLEdLy_kjk)V5r}A=%LiMUeEj&libxq_R`M0b;5qVE&ThfOC9Do>?`=i9wY7#SKn3^!+x4}|1v3U zlBp57mpX@V6G#5?-%kG6?0S@9pE?B7R8Co3?S7Q9o&<^4UkK^41C@WoSD?A;UTJ^q zE5qzPRj~!}+lx#3q=P7~xO*CH2v0iuF}HrPAwaBGGVT_lMrs1}ewVsV=Ds5T$4~%#yuN zC2CtNT28c0fY?^`Dh8OV{_B|=mWbapRxYL?6!un#clTBP*hS;k${U%|WeVTHvQ*_@ z*~zmseF`m;r*f_~r)5*AfKwPHAFq{DjD3Y4uW&6t%3i0>pw4JpjJ|##*P7Mp9?|Qr z=q9{}$6j$n*h_=n#!VH^@3AgtR^p_0UpVeBOqe$~{F?eeQC>}xaTc;)B0uIeXNz%- zkHKPqKNXg#qG>$04IE%G_#e97F*wq&UDu9nXJXs7ZQHh;iIa(K+qOBeZQHhX=3T4S z`gYa+esx#%kFM&je)@XO<2bK7b3g&9kBZ5smPgrw?!<}Z5n{_PRp;i@eRsxk*tMe`!^<1)Z+jPl!49n-pP+tyfo{YvY?MDHOt1FPvCdj9c2z(HbnD_j6X$H?Kv~ zwrRUFukS1fp(eTVB}xEk8L<0a3HCA(7od#tDjbGFd6s@-p!an=z={8gbd1Yvl69?} zD?|(qk>8T?k{aoV)tOxf~D74Zjp|MdYm8ips}{Jk|Uj^YoQHiPFpIlQ`&--%F~~{XfwqjT&wI*?oQ_Zb!C1m(bfJvoWt+|3}AI$Z` zgRGry)Gz=4TuPHD&B7kQaW!wuOE@~s?JK3uX9WW30fl7jlFGy_dLde!Z8qwJZD~>JU$zN`#n4Fhx!6LCMoaNoT*K7KN#juE7|U^qrCy z@6WR|)$q|oHHAI^+PyYnXqE&DUV!(eg`iA{Ig&29s#X(uRGI-b~&*Ky^Cf5cC& z^6lZ@2lKT~-}t;uIz=-lhE-Nq3An;`@h`}_={lXh^f%a%8w%{j+!F2B<0^jO&M5Wk z_RF4_;wtTuk{dx?i{BN1&T>)ws*6fs9M47LqR7}QSJA{RYtn0J zqT>wH%`Dr@4e9W|JJd;`qcg-q7X`j^$z&qOmKHQ`@CYb&qL{iWL|X_)Q-*b79Tfx# zk9+*!wZcPQ^W&p;=%vV)Wz~zlbJcBZxzA@zlyitC5Lpg3OX_HFbfd+VlG)4xW(p__ zZNCh11HNG4uKk!@2}W!LPnGKa^>$)u2mbW9v8b$U{9zX7qrLJ z`1p%L+>;r4iz>N>$_0b0(89?+}k6A49Myw zLZ=aiN>Y9$nQUG0h=I?xEn$0R*U6FF5Nbf?Wk@0ig^_rfzpb_GY7!M)HP2r2b4fF* zChAG;*`ur-FXV?mbKD0GSi;0FIb#}c?NnYiSpnX;xdIv%!&n0i{O7slf3(JEmaXZ3 z)UPo!XK`_t)8U{o8G*HKGH8L>s z>tnQZnGyeW>QKOX6;OZrcYliUefsYM^vK4)<^qSK)33T&qmXoCVG+X=$68W zo}#{(efVY224T_7NH_$x>}^R$@U9*R0>@zRzcssxearQKUSdlkEzVDg-cf3}ik@`ockPCp`@^NlFEl`)40G1`s~Glp4K;Gx^$p4e3EP^H#*p zFWG>Zzhd16Adu&&5D3Sd?9{&ZdFOAi0E%NggcRqVfa4_*YTQ-<=@(9W*sk%oKNG1( zj=$@bm+S#J!HaK#6~+$;A`n-ThQNlOp@EVX9L5TW@#hPerO6EHeXzdhUxguJ3UKh; z{B7@W&KHCqop$)d{~hw%3wVVT`&AcW_WH!-MTQL-U1xQ8e?Iq87|5e354=Fn<`M(j z6(0US3NoogFyN5f$|6YPNDU&4G^cri*NWAtXU*c3+sOPv4v_btBh@W!ek4*um}%M) z&D83p90FDy887jl8Ls(uEU>S?LU>09+--7-7^<_jON49q zh;u+W$DHV+M*-UKKoe6RvHSNNv9~GdnOHhSS>MibnY5L6s{E1|0_MqaVds!Ea>F*U+!2&bR*+ zhonXWFqg!?rI8SBI)@slif|Ls!#qHpvdkFJ_Q^V6z^?G`07G7>X~P+K#Je6Hxew!0 zK#SQj@9GznE;t4fi0;?ZFw^kLVi3ns^39Mng|fv^)T<}WDywe(V!azU@8^a|ezxvM z@R7Ix`z@KAftl|EnCA2?JL2^X@Uabp8k2>Cj&PbPut1yR!N~?;`P}gXUiQ~vZnUi& zh8=EU4ZC=Z&a?jNrH8}nW#<;m2y_^^#A7?*S|thEn&|%1SsdJ4QNa2P)Gn^U*6NJ8 zQ+0rnlD0#U(Q15%82y3)xEGML1o5jc4v!lS_hV=3HY5;XXfYt3^!w#jv18$v(KaqV z>tNE+RwfD3>7)py?^fnuy~X!shE$cm2u@rq@G#!Sn?YjtUZ9=O2DuN@D?+tV5LZ}& zl)e}_@gC`Jud~iJBLn1~PeOOT=&96gOO6Qv{KQlGG1#CjK4ucb{sRd6^Pd$DNOK_Y z5JX|5C-G%yj93?aAkCU}05MLc9$^h2O-T=ab9`Zv8^~WEw@5;`AX3_)Bk8<<*f3lz zaOp!|}+2z$WU{Rmdvc`C3%=07OGi-Qi@h1=I=_b)n%Wu)}^(k=c~$RRkrH|2da zIsn6u*EzZa9Zb-SDMa2X4@CQywo6~Nb4Jx&U>7tPeQYOqb90k;(by6q#s&xwyCd2p zMDCO(Uc`-3y%%T$zL!Thz*TK~9hlGWK`By$=M%!ofk96q^7Yo;8iNzC5u8}&9ly~w zkH;bJGqExAb-*hZQgYT&e=8&UhXa=>qng>j{w)%Q&9&g84akMyqrB2aahn1!M(*4w z4@ij`fbv^4Z#1!gjY#=vZiP(+2aKcc)*mFp(4i+GQ^2R(j|W%6(cSNcKnstz>AQQ_ zx6$+-Mgyb_?swTDYA!XHw-wCP3ywq4q%>A9zB|`U0qK%%{Fsd@NJly(6aGj?4|7it z_fwhuofScCNJo;XDZG>!^RT7^2bX4<#L|%3B=*ptv?;#7I}WQ((iK&e^gh`6Z8;>dW}WnYL%Rt4P{m_Z z7(l1K*rm>FYcZ%0a*TZak$nBoy9zxHpxyIVfXh?J!W{7F>9w&aVmkN=dy~grrS>y% zSRMhzhQoV)O>pY6%oGbD-XW_eQ0)!BP!B!62OU|Q^7bxYjjLXcudCeTi%#REK3_F;d_VbZiJfE%`{keeo&V zQtb2XhnPmAWu2Ok;jQ!}`=e47jzZ_kC?i3WheNQX9fW*;tX71zMW@k!h;XhfS?Ov4 zGA5qV7(`s-$GAu|h=o#5imB53jBjcR)9_Iw#RQV>leuGN1uNmi!rmsn?C=5kJ=@xt!TL&rd7gZ5I9w4YjEsb_g zGp6mWWrJ4)BQz0|-%At!&RB6(enks%3yBI%@o!Sw1dQ34q_kH$%~+~4%Y87(6H@~e zZo|B61cfO+j+O`_y$MPVn_yfTht(E$c%->=X88z)SlS?eBbt$mW`rVNv+Cyy`Xb+! zbtn)cV~@(TxfJuCNLIrFJ-FmjCF@{L1>KC)YU!C%!fR10cl`p9PU+A5%z(aN)yW#8 zi3(%uFj@tK+Tw*U%!M!~Qt*d~U%})UNs@?c(|~8InzvSfXG*By=@0k86e!AA^uD!J9|PzYH^pmKhJjRa?(c!Tu}dmFCx@y`XzJ z(%q!#=X4b0wi6K>pc!Ie3Puxc#`PS{!?1Y?Mq?OaDzCLt&&ox9KK^iLKfVW($Niv@ zPS9v{kem0kVJ_ZUdXc+s243aA9(2O8+xPEQ0t~P**9jg{FfSWI8NN6odfNN~?>|CjnO3ii-9iA#`$iSHAvruk-n+^d-OZWb7@mBE9! zYK+a?VwK1deU=-|CMWrABeOQYR5wQ7EXHj+8@1BIn)4>RvBdgeKY?QCh>Q`04v?F1 ziIanG%}d2X(uZ&)wuJWRHVhc)vGmkK0r8sLw3NE?rF$}0-7ci)ZGU*eeI{#qYaCJ9 zExR&#lJ-T*r-QaxCQj#54kQdhJsBQWtVnl;EEXPM%1wBm4vrviI{0LN7Sk6}D|$>e z$vWAn&j=DB;~)3zf$wOq!do{c9kJzusM8RMp`ne`pc^KSIOY&j-0F2&G(&{x3GTlj zx8$UrVbY2GhpR1lFR1$@Y@hmmt5i_DTszUIxG zb)1M|{r_C7jejnd!yjH53f53mDYSblogv5o6_F;^_dg7hzSoRBSQmIUSzQC(3PS+y5EHEnfm%7m82QuJ-ll*?YOv zkoAm6fB(Ox@yFz?-zLrvx+U9IkLz7(?Xz}n?f=hd99HGuG(O=zkX{a@_n)#J@&PJc zQ^xJz&P$&KT^9@;Mp? zqtXi&Itnk?*#qk3oRz@5Yj_>@pUgqu9UOcgpnsO#G1grlw?@9|at^q+6A!BHe!*<( zmWRN8XHE#d6SP}w^8j$|Y8d!O66)}}9iRAbr+C+A1Fq+BDF@_gAHXJ250-}me4^9+ zVtw@)i4w&AA|37TCYZjlk5mDLec(-4qgUYf>yIRJ30nZsfJpBJdlxN5!~3^mAzsQZ zQmP6t73?CXZJ03}oR6*(o%sUtjIw14VU% zsnLDB$40eOa-To}irq{hY#JNqZ=4!=5Hc6e02&#Bps0T%e`Wvty|;7m`;&ksC&MP2 z^BaVxgmNYMrS}5TKdAosHZvth{V7}&rIOMiOU}+n1s9)mr34nE$j2|SrXx}`!2~Cw zC@P9u?21#2vQbAtW3z8XeWQr_=)=t>(SQ69ng5QXigyH`%z>G4GhPK z!CtfAjrM>IC`YQ1F7}bnUmrRjfi3kEHeX-w*C3Z=OuMhJX{GNq+rI2VjV0=yZ`=wE zTNg@2)N|u$;(n%gAD^$+IbYJs1^uTW=sCXM&Ug3kAFNL1YLXh&F|I|4hgIpamDD9t z+0}+ce1VQ{OcdcPf1a!{B!7dsDCM-&Z<&hCxUC0tb9MbN)oQ7-hH(`$Ks`nwiY69$ z%VSQ0a!p$bkr#@QSaKAnQ@9k|7-Um~k6=b`-PwtkIUhn0Mc1<`#70G~$B4x4%lNsL zn!=j+ZhndF@;NpmC!yt^tc>K$yxxV$>CBMVm&MkID3|+FINk_B>ztOQa2SaR$EcuV z;Q*ej1vzjNSDygTqb?Mh(I|U;gj^G&t-7RHq&f#$6urtMFM^JsLx9}8j%P+Ng&(?G zbJ*1gnqiC-UWEgTy8LO3Wy@cfM=wiTZ;0YklDJ#lSaS4zGWnTK zeLeeEd0HTlCQUF93Y0u~E)Z1e9^iy4O#8pK>& zPLmsSI!m3b5y^6d_c|D$8j3 zj8A@zL5ipW&VqYU`csvi30i$;ZB^~l9n?D7k`3GNekL-Cv)ItH64i>StbmcAK@Lzd z@qGD8`yTKrQW3v;m{R!)dL*~o#m0%*r{=*7VR8NRZbrms_F>FW_b__>F<*Lf>6ghZ zNc^ikfKKRBW9RhHGdh>{1cOJ;Up92^tQqV>IkNV)mFrb|Yp~f;bKW%4h|lKl9n>4z zwhr^7N5Y>vl8$4}r{!HoV|Nn=E*pTRsW?-<_clNxIu-yp1`x9yZ0uYe;LT1cMG!m1dVVkx^y)BQh+J7=ZXO=668j!A~_+*PDY**`)L=m^TcT z^~7$W81Q)yRyGrd-Ssr_f>KH0xP3eAi}SS<&a9DCA(h({e^n@z(Nxh7+s$wPEy2KGgM!X z=17+oEE`N8XxpW3@M%k+{bpwg#ts@W>cM~T>HLZw8)fnbWpdZ5` zh<0rH{NF>!3-A6=$NbfAk-BoJ{kY6kH&d;r!UNQ z6$d6Y8+K30F!snrEN9^--`fEA?|kp2cG+&f2iVE`or5=LZkD7G6L(jS5F^$N2W!)I z{p3unDml+>mglVC*2V0&gX-aV<-z_1BORU_Cp~yy?WD*(y1QURn5zv>G2a`#0P$ix zfQ}%1XF1%7T;Qa1QU=L37n2i?jb9CU8+#15#aR7h8T@kPWOlnJ&Y(aKugM5!8p1=M zSyQ4PHB~${VB4Wlyq$;jPptE4tTx0BMtYp9G;_eiSQ;{a#MCp-rH46z`G^l~=Odoa zPfsWp&KKw5F>Xq6n;5D>jKkJ5I{RN z`OBv?Vj%aNClY8_>h<>?hq=0SFn<3N>}jVrCx_lt=ZKMZ$;1W_8D$X**wxNs2e#&T z*_n*!@`~)F!eR&-2Rkj{>5pQ+<7-2v(B`g2l(IkujnDGfPF46YPJCxZ=C&P+{IXPM za}owZS`8|4P( zL4fS!xM-|miGBJ6${o7kdi-&%Ji>VReraP}`f4Ixx+$U(I6NHfvOBOZQi}X0VU7DC zplqXfg5GNBPfs-Tb0l%C^>K~BqbB*_PV}5%;&M&<*QwgrWwq#=oXG9>a9L~f$e~^$ zk_+;@1iV>mVTlGBKn{yTlCQf*apAYQQ^u6ZGxoC!83~Hl#1~1e&6Z#)`06c7%J4<1 ziiO{hA)xcWVY29bSbqvkQOS5zZM>|baXOqk?h3KRT+V20{mk~_zMn(tkd*0Q(V-G~ z;THOJA%1X|Yz!d!YP0pOe(<;X?rH49<1oHy0AKrfB|E@YChiK2$)>Uz0KL>z?EXs2 z#vwQPq0>hv8nBbI#Vs<0td#x}pfm35n~hB>Ai5=eCM8IUbZUzY^sB0b?)4rmJ|oli zgWSVKJ3!D=eS-kUJ)k578>RNWc-5~NkxE|>%XSu+Q|+a+^;hVp3|x%PQ$V+b&e`5D zAO1Zd!YNFeK%B>fmpQH&8{&eOX)Uz|Pa)a5frbsI{8@aj+@CL?f4xIfO)q}p(Jle3 zPs~k0KNq8KuoT*1P6qyP{O-ea0}$I!2?Q!YcI$2Oz)!6#ln z-H?G>%ps{P%+(0?jfjpN_YY8{y+Lfj`BJZD8Ej*+?7La-) zyyHR3O!H&GOKxda9~UJAj}F2-xOo_|(=H(qB{3WkLvu_uM|&q4SF{_oM84iFRwq%N zlwymF#D`dVP?CV7f*yw~5pY5ABB*2Zhv}SqExYY=d^dxs@pPlo*xDG^iJ$f6_u~*J z8g7GfrUx&#w6WG0adK`!o6}zy7@TXo{ax;2k<>AX3THN(A_dA z*j<=nn|q&uL3*Us6wGU^!G_E;tkDgFDWTAi^P~;%er9!4`e?Gj?pkyJB7Cz$Db(Z9<}OIo9S&)m+bwfpr}^seTK<7V5+NUT3U( zd0m18bZr7Oe<5gfLC|!ho&Z~whciLH)II02|JuOuNOdG`+RwX_3S}2N34ncu@tz7l+^e{(35B zMms(P0cvBX8>qt}-^55+o76YWNe_u_p2_NfB?FLss_H?cnuoI>8Gk&T@I^S!RPdH+ zEtNO~v+CpN zg(>RUAIio_^Xc_jOE8<(49C`pV!PuYbk_laO)qa=1x8LS_SE966ZXX!`o-}9m;FrJ z6(|K?_Lyxq@B(^lAM|_DJiDd7-94@|hjc~Eo*4B)gcl4tc|j4ckRm=^k492?8lOI? zwmPX6ZXyF~Sa5IY!ForIaAzALzQtdJMV2@8T7WPQFY{#S)(?3S-zo}p^PAbf zfxfAefaphLNWdp0<8{L3m`$E(c=esd?UZDH@JB%UcglziXDsEOhWkj%{&@i2bbuC z40qGrL{ez|rPm2tgS55NrDuQ@Y-2je%6u#yZ$QmEjFJ$yf0D(H>X8}t!IcgT6Q?Hy z5J9TRI}dYkU}XJuoB6>Mrj7=bu6g;pD@C3a&Vo>Fl_C$Cmo@)yg74cc^t5a1^667D zDMTUf=EMEnwGmlwj*7}d-+a7F2c5Sz)GUrL1r zRKF)EA7`|0p2Saz(rsBjyq?CH;+fKG|$EhJ+s#*)y9Q3njk|p6ogrP?GpM# zA0e7z&2k_VsI5ZADkh8{r@Qx%)nKXvG838eIY`VSA3rGWSr$Xf2nu{YpEWB8hBx()Q^xU-r?3_X*_BhiuN%Kg_al`s+mN#VAqwJYa|=CCj& zibd#ah+w1k(W*QS%>IRbbDshoRwVGTxcynHFewvK5GGdNJ?p(Z{Dl3CV^jM-h<^5- z1RUCD^JcG!OdO-;v&6$wNFgDq@6@i(%Zj{o$N-~VUF~MW) zBEFMZ2ZcD+4bYC-W&=hZU+95*BAR^3cwiJmf6NAF#5;=FnYL{ znO_WW2`r9Gqvnv&;AthJ12kQLkp-@IsroTdReR>+9D@>R7|35gD}Z%MjIqm&zTL}k zv@KyBJq6$;yfZlPDBSQF?J6xiIR)@>;9ww;=f&cymv2L8e~A1RFFiEVhePTOcsJ2L zyl*9r6(3riXr;hd8}Rlg{}QT<&mifHqLvFz^Vz^hReM#lWs}OXQAPKQV>YZj{(B=r zI{*2;MDr<+JwW`KC%Y`5O-zElewxv|W4>55^(V4rA8%LoWfskBm8*Nxz;x}v@u9D< zmbaMAtz|^bFj~wE`*Gf1+v^`IO?;`^7iZ<>Ysbpn*Tk14!&m1wOS+hv-AuHe-^?=r ztlU2D4rf^4^9G)JjB_XxziqL5sR7vLfHU|cMfLnPMUFs=N^H5M%%IEBNLhvD`9eeU zlq2aOsOflOf*O5oCo?BqEx!bZrY|Apj4pE%y25HHc9X9V#)-(hCn9J^@%$Th^a5>t zY(Llhycm&Yg${8K+Voyom1|t*8dt-dXNlm^RehUs!=M3elc?-qDshixH_xM0MZ#n& zR6*1Kw2JJJ=)16tmDxr zr-LgUPagnMqZ_mn2hUrQ1Sd@yLVxGrkY|-2_2u^t&h2yHFfb>unBemZ&LdGqK zSsG2-K)p8b#AModdcrewDUgd~X6|aFO+@8KaUve<&7TjMY8?La3ydvSOMG?#wF zj2hfIyg+&P;o4Pk`a%N~|nx&mEi0q@0Sj`i>Mm0l(}NaO7#H zPJ;LP^3hMz04lCSI1%1AR|wuX-lcbGVz{MM+Shn{fLSwE`Rqo=DKGm)6cYJF{<1j! z)j8x#rL%-0)*BYvo%LLJjF4J?ys}TN%k9UNo_ijJv@vb&Xuaub@3-6Wkc$zmi{N%t zd(H+NEK5GscZbX8{rnNXN9)m_T_bG9Qpte_E@sYI6|6e(`-?3EllTownvR=Udkig+D;6Clve(41 zZ%5BLR^lj^*Snz;UZ@Nvr9?s>RkSK9Yue(Bd7Aj^O;b8z32>^=SJTdjqN=R^I;j@{ z-7oG>=?aIlX9)TXR33{l~v1yIUO{WAdK^QM4KuaI>?h@IiREc*Ok}24>Y<@5; znP+}``y#d$WQt6$`aO;pMTWRB486p(8QCD7WVVW_D@gLoRpCG_Utl~~w_G`hlqGt9 zI@pAATwmxl1SKi$=aQYwkfvL42&!s2+Zs>Z%~SPj{14st=d|m03*st>@@10D$L@Jg zTF@s0 zF^^L?1rn0*17YrsPd~I&v{vva!=96n7O15 zPrpz*eqnn5{%xdvj!CVG7S^9JAiG|^4%0;kFH|Blb>`GU)Je+&HaX8RvWgq(6y;Bm z#ytrF90s@ZQb_l;uV{tuf~7-5K`6kwzjD9)v+V+orh6@-L4>r*o|Dm_r$@q+Np@sp zLs}LbR0_0v5Dy$GL0sa-{sM7Yx{em+w|Czu(AK`Bp#5}x|wCw?>gAh`PkanEnJ)(=4 zVOg?O;u*9kMFGno`C^eTqbS8$@n3o>7GamUp0ExizVsE7uuJ6Y7Ghe?z0Sn8bnG(I zEBa{ZIj_GN6i(1Nnr1be*$0&S8;NaVQ_Ug;^!rD|y?!gsL+o4*EmMjWm`;B@c}%)- z-_b{^tQUYKQ{xw)DU+@lneulaK-uNU*Fs!Ekkpf%LJeW!>XZ^^xLqQF>dcg-QD-^A zFNu$_2CtwO_#|JTj)?~6igK0qW_k- zaw^`BJlX$--qJw@ouE!bS7I?I8)7%3#|T$12cay+TFLvc@f zC>&?2fV#mzsil6xrCzJ$FOM4nF!s`bw0=1V$Y8YT1LGsh{xntDKpHuXsPlD{JFv2M zEcqB(8NFoC-{lHv^fGkKt?ZOLY#H+rN0?hMq-CEyd{TN0#8%9#RB>$?^khrU*s=(g zOQVZU(o^H34yGUMllGM0{!ENBN$od$5ve5CLj7T|v3c|Cx{_i`6Y}Nk*gcDp-XV`F z{EQN+ivI>0U_NCEQcv0p&e!VHxr-m9fQhx9X|Cyin(k-83pvDj`=HIlG2jgdW+Bvp zrjA86EwAoXq|PO)HtrY&v<_t*m^t4DvobY(&+uf!D~d*NZv35wu7xGlx0L^T&0M8- zX_Lgj%3!l(Mstt3GPX%@i3#6oSJ;O3-C02}URyq^Zy|Fst*UXDc4$0Km*hSH8F{-#KYhvRKjVXu^c=)skqO>;68zLAx^=k2!K_l5qVqTL?utH zJ7qmU*X_h=-k9MO>#wvxFTVdNvl>EZ0;mBXi?o@JQEzE1BSc{aEnFV)w&^^WjGRhr zKaE9dM|X`I=SLxl|J6ZuB=Fv53`-U%wgmK`>XI6-n=8igMI+X%pp?H z@pdz3KlJSBDZ-kkOMDJTUQ>>kv-5n;4W%GSyczImQC60u^%W0vp>uk%bYd8X6M|q0 zIX+_|N(^T~**%e*trS^B;T>I$Dyxu22>ocLZ>zqZkW-RL`fy~d-yAk=tSm-Kdn6qt z?`BwVdp1I0hW6$@<4|G1#7_0zf*C)TzP$@8pr(XuK6x}rZ7N*U07IB}CsOq&mJ)9i zasdfj{DC<(zdGQ%sTZBW*-Rt@lEqR`qd%Sew1l-pUIXcS?Cx@lp7mM^1 zzXCt%41K~^aZ!OcE(uEUZ}SG9etlay@iZ@w}j&*eb;z@^*Gh{ z`AI<7{n)cHv6ZO9ScY!&%WRhrA&779MmsV3&d_A+e}UTB-gjU^re*?JF~FxrV6dMN zdqON$*Vx|Px5oRK@J#CISzgz}t`5C;GeR z$fDZByr{7zQ&(e*CAlTPWX1Z{+{*ww%tGpNcQ6R?>${42t`-^H)95g6NyV5XeN1WNF%u0n6Ga`C{gkuV~2^(M*g&B%WVU5qKkm2B%A2dnM%;d)i5wU~N;PnBnL-^vpEyv3~jX=!h`53xpujQ-lyKh|+)$mDywi&)mm;LxT|#NY5B( z&L0ObW!@m@t$-ww31cw1+n>TfriUt=3Q4#U#{*eCt3S0qc;1&&Eul={^ItfpTnORtLnhG@%N{Z^msa{BZ#XoTsq=~n6cWP(-iBst0+Pc!^Vv6 zv&;LhwN)LXB)?kAm2D~i7(yw$Nk826^Py-=J#|oAHehbXR0gQa^FA73dBkT&oYq>E zQ0P^gDD*^$OdKZMpL&@a0@C;A%Dcjob1*=si{X@Bt_3hAq$Fsp33|0)-hr7;tL?zN z&*I;96}*q48C1S6&0MNm6gxEM#WM=`qMgOPog@p9DIV<9eFj`{SbwyTUt|v7x|B})-kJv<1t@Q338pEayY^z|8w(_o@4=jDFUYu(hN^H>4g(b|FW-wsHV!S_${>%1NR$XU+x+K8Zq|d zVjlppug@XHZ{*X@_|k7%CH>lZV_HmzcaPOIR2WtI)|q(BYxxI|wK)^XL#kmnb$`7N>5|hd?(U{2J)Do)_?HWOY{)$l3QlK3Wf>n-aD0n#g~ui0 ztbT`U{~9pU_T1C1ti+vi!~ z6GbVWr+}Y6EolNGKa3sH7xwd!ia~O94I{xT1TV?8)~BHT#Dg)z)xOd8lAiOM0DFeO{Gfh5(Q%Cs7QWM%#FFUF=^v($CnljZ4>K>5sR+7jj_Cu zC$$lq2sL6=*t_HEFK~<9!}D{FWOKP(N1c3aNC>AQI%y^c^XSYnc7`zPOnI&CJB(8f z-PG3LoiOH6GR)Oa{9y$yb3W`!H_oc|YlC8=S*KNo+aL?JrHaR?xZg%AXdPGD%^sQ8 z6Pm{m6g>BAm|lOa6?rpfM!(n26oluzj&z4XEK}|A%GzmapqZC>Zwb^ zqfecR&b#EHPY!3RSv*%#^BmcVrv>y>Gpt?1|M-kRX@_*=GA88r>Ba`mDL>$GaaR{{Dyu8E6h=x~Se6t1%AZ^o(MACzc{>Ng0SiXCcJ5mi-kbPTy!u5Xe zJ|I4V1L~uVnY1RFl_<%(gN$NuJuK7GQ1ogY+EdAm{vtC2&EQr@uWW4VwMnyx{z}~W zi&Jy&hn3k{=9>o6LU%E?eT@AW_?T$yMFX0b)}M_RtMz%%E%wb*C$*|vT71iE3x77j zc)`A!pvA`Q01hg0$L#piUe2uc#%l{1hpM(QQf{BQCm!;JFQ(Us8j@&iBdi@NMLY6J zqc_FR4Fa{u{ESNTb}|C&pt{Rqt>f^UE8*=Miy*5jwMU3spsI^kDwzcuAh*6YY zB6!plI2`5_$k91Kd;MJZ@(=L@u(bI^V*yHYqPMcJzY;|Z&jT%_3*^wzU#52Bz7n<+ z0c0_JX#ljBhHcP5O6KyYKAPD-LI73vl4@z^HCIEy%|OaB1gb$NSq2v03WKNgGKBh| zk83>0)vr(BXHi8~QTyTrZEfcbbwh6w>87xWI-%76wAgCIApz)?d)$+eK@bhOl>y3L{lQO>hr+Aw zOqW8z!-#a0E(l1{O>$H~P!tfykL*E1P~=X}h7@dG*2UEk7^w=0T~Yiq?W7ujC*;KJ zdi=gr@37A$92p3`p%9GeL|>374nD0_&rXAZh>E(X!C;Z$ z;A@|jNp343sc1le@{45MZ-v5mpoj{vh;iOjRrRRSz^i`gCwpW)ZTDC`t{5{L zQq6!2K_Jl1==Qvix(|b!jb|V~hbvBYEN*Slc)qu*02M1-Fsz?GZ1-^K)YQi|l-V>Q z<l^YeH zWda{Csj#M@hE{6_MIMgc7>KkHG;*HNK4SnKMIrX8i?zOV-AWE%QPP(gQZgphW+H*6 z*vm_}VJh+s8Kmsb)*24E7TZ5@kQGN^A6P%>uQU0rXm3%l8;|@Rq@PgEl1+?g%0vb? zGAK!cI9pRHm88RoZ3j^YFLu!_sBW+7oJdqBT$2^7P{l>J*iKaI-M+}R+yCQhK*`98 zC0xJ|hQ)tWG15(}%LFr`j)6GkNzW$bmP`XMzPAgeL76N;n3%>Z^F&wwcJp)d1IL*qhKjC6R@K=V1#<6z=mS01&6Qu0R7hq#qDU>$Ut*jhHw)AV3DAHt zUBon1pm+Sa_Uo{3W0Kzh%O8C{4%nN?xHIJZMG8?3;ngbO<7rVmR@{EVazG6nW$)f#O-@ z2DYlo+D~ih#^l`x2v2fjr`9<$J$Q?O10!g z%?@43u9&8cQmHOZJ2HbSJ=Dx0cVM_wb+neeDI_6tY?Yvf{|HoRS?R1#Apr1}^T+oW+4# zIVC%azcp*kj%1%1bZF%c)DJr|pvsoAKr2+a2n#gC8|C0XXxALrlK>YAns%JN ze4}V_ma(U&&~>bgQ(}oMW3+rN-iy)ZwwWcJh>Rms2O?+Wc*E&tFO_Vp#>eL>pBQ_6 z{(NFD8nr3pRqpVAHsqxeS-b?~wSpLtVB*5TFz_eiffGT3yu!iA2}5Ylby^L;`k>jT zi3rUM#yDNlWTV7ED6>K z!UXZ4UZ@%KeM$+`82C3JNMM}8Y+%`#P2siL;WhRoo|8MPKZrjvGOR@^F{MdT(t~*U zMCPGSFb#o%3MdqmL871(8U;L4=AcqgfJ{L?I;}E|pa7+UT%-z$&?+cEte^n3f*jyK$$QDQ#93)KM%I#$l&;`kAIP6Izezu=d&qYPXZKlT5y_pa@2+e+g2d3*FJaOCVJ z>9Huux3oGZ-F1^R^{=^j?WBG7NwYFcLK16|U%-UC6|gX5{m=| z17I*S7|aY-O%b~`u753>`wK}CYpwmW*V-!xa;>tjRra;YzE;^kg=5Nh*VWi}*BU!o zYwVw?#$KyI+nOe`Zu`Dwo-_0*_2+%NPiy75QF+dd70PZOUn|g`y#l>9d#`n9{c){B zuXX6c%TM5)a%~;@yR{CD);jcOszW!MqP>KQ=DrgD?x(UhYvsAM<(VNhW^32(weD6?o5?u1hX2%e&CGD*1tq`tzfPJ) zkZ@{N*I5}+J>ObqW&BFBGOo3?wYGK(_s^`Rtvy<6Yin)o_O-Ru^J`Z`Nv;*cuU#=j zK_Sp_tsSnl!`ne~tsSnl!@t7iE32u8du#RZFQ6XY{>9L@r5&ynHh4aX!j`|ke{I)W zYi@sS&FynKhaL_FCE@~!zL!b5s)Oi+#3Z|2>Ul!b*b*`>jfwXQE^4M((Sr8GNI+a( z9uWA*$t5(@C*1A3pp*5JG$8C>PY&Pa=?0ceec94vUzM2^T$Tk$j?le|zJ1~|_5({S zZG8LPU^2*ket{WBPxbv?qRiyG@3wcy*Pz;e$r}7k+INRr3)gh{4yDB^{LcFR#4kgI zH>@|OZOOM!{e-xB?a#hwj{MmfvTN>8R}5M2QI_7HY-Ye7|9`)AGnw;S_v*K3<$X)b z-HDMWpKfbXqaZd9dw?tUhhNy(=Y{ocO~B#{>r0yN9qtXYAs>~8V!b6?ZwYS)&ChL1 zxZX6ZHw|~YX~?};eb=zJHvE4{yN31t;I8)v(3dYvF%_+`zvy9wt&rx&VXckcoHpta z*AFoml?OG%Tng)3YpV5l-kqlUc^zJSTOvHrN``~xFuEoa+5sm<6CUmjwud`A-)`*; zwzdo94h7tU!coax$)pwEck;=PT2|VgSW~s$o_zk>lbha%SVwK^jmY{;XMLt)eORCAe0sHaeWueE%}=fp zcNAE$fW<1bA#|BLBO%VjjqLm)fAJ% zJorV)iUMI~8q4xh3b@y-l)BwWrR;m9ve-Huy!hrveksgYDsrU21^mbjQjhEhRmxH| zX?4Ri;C@AMwV1n^c(EI&5c$js`ER>_q$ClFr~G4_5S9k~K^j-cuq*WVF&f(Ok`|F{ z<=#$-pz*HrjV1OTy!*f3y6^w_P{};!8ygTi^W(Qka6FIPDz;i?pBzttNZ9|V4ip9{ zM}XG5y5fq*%Hgm+q>Q|gpei-iTPNH7Vxo0Ju=mDe90a#cty^`}S`ZH_5^MPsu?4N( zrZw_vDf+e)x8J%CoNxZ?;YyS}Y@+PktSqAIeBmXj8vYm3{YtWJALd9g?1|L8x)HtT zZS819q|2##+0E69efJDDK&rMHNn@$EwT13*VCh}k_K#th{k?1bJ+yyp59}|NinL|@ zJ@n*Kd9U#n+OtJy3tO=P@7aLuR{=Zavz0^ta*8U~lKq-qxe-y}u2HJ9|5O ze?x;C!=T|w8OO=r2G?$@*tsv{F*82uY@p{PA_)%AG2uc}W}O~7$BB0!lB^dAc9BeiF}FFTPyF)2zB2w;-Lvmkms{Fz;onBh|dVhks^9~ zfF3--5jrI(AwpDpy4>4?hk|zr$udHWCw?^TAV}KaC&V)w6{T_rdDKB@DmU1TJybSp z67gSXkcPw|k@(sG46C&P%9B`zt5{FR9CPv#EM4`;|6C|o?1DvH z9*F}who#zMqDoJi(HPK?0F*?86Nc35Mlup05z=%dXs25{;*Uk)?s5abU`CyU2>S48 zgtDHO<{cgBQl*vklyH)Senc3$n2`u^iV_mibAo8#6&8yjw~W|^yPyf(ZXXwOmM4-C zRCAVk^3A3`YqY>wvbNE=1nCOSQZ@DUJXEuks;)0Lcuh>Hk?|}Z)FLagsAx4t^sQh+ z%cCL9(@z4-SbKDemGaYU)fE(7F{yT|o5-J_h;qaT2fn7dlxwA1=xjGP8c@zv*epxj ziiLs%vq#{W;jInQE=TMY=N0t`dUhGpgcoFxH5?K3h%Qsh%wJiBsur^nMjnNJszq#9LLMd| zjTqqznYXoGZ3vCb%6G}W3(02-9g?V&`g1JnAYJM6=wN>K_5+gempH=H`pLthOeo9L zPF@aBd)(}5wS%8S;F|KHfM<=wuv@$fnUNm`TWTzrhntig&BJUYNX81bqzovIqTQKV zmhAsYy45m9&0-Ept&Cc&D`kO_=kyi*2^aKdH4#%OQd$o|z8kA8o{~Ij9*bKQGRug< z+&UIKEoHOkn3D@UuVW)|%4Snpq<%MKfmvcplhvwaVs`7-)p>JB*03=cNG(u_t;%=8u<}e}r4?{J#W=Sj zKBZ=?ls<-Vj;O%uZEEgJ{&due?OMUD}K;~1q(pr#6<2QToP zB5FGg%uLmSS0#pK##sZeKX=L7|D}UXkI!&KnKQ>Xa|qCE{~zq_4vO~w-QAt- zwf+At9%--<)GQ}`1mvR@tRkq+2KtdE=nWJ=2a+V&CfW}IdVzlOr!ykRHj+*T?i@`L z8Uh{nUQ&+)f@5$YokKj=#ESR@!DnJ^3)aSHNHndpO>~-aU|tfX9-JNbCJBu=iM-B+ z6!lZVw}LssOmIx(M<^j)3O=n!dIqA?fMWOp5S)%a!T_v9PeXhOr`8toBedH=Xal{O z`Ak{d)p% zL9gW*@CYUNViWC#n`k&gJ@izwj|5*xWRJn2BJ=+nq1~|4$;6N7leEgHdA#Ha-cP1# zT9FoN4rkt}6Z%o_G@$NTPrEFP(AKQ7B))7}(pYmxXzL=wK?*a4Mh^*|G(zufz35_`RBa#%lpeR(8QqB1xo|h_K5&M+j`ljm)~xhU z9zYNEdI6m}0XZkZV~?DsQ|k+ibBy`yabM^?ee08@h@?sIc*c1=>i36RkDP%saE9Pt zVil*Szr%nzlFoY*KOm27-)MV=Kpb@Rd>nI}aG^eMKO~ZnQQ(I@7ZeX9=xBza`X*N` ze1b)z&mcC@#mskSXolmMM4%auc!CogvInZ|I5YTeF?r&_Tc8!1oLoltw;h z2qy%EY!k6f6mFu~Ch|7X#U`3N)-a28CICO~ZR<5dqVsI>B`F=gemZ`&|MHokS?KSN z2@OY<^A$v<9Fd9rPQ5+Ed^QrJiUnCXQAYnUO*kvIr>3PRh{OPMHJu;QghMRIV5?AX zn#68X`C*~FIv{SUqG?j{fR|uMETXGOG{+_o3PoAjaiH5cZ#=eoE16VNeKBeo!$?o% z>u$FIsh(?<(UC~Q=T0VHp=y<&6>r4w%0Qc!_%bJ#w&XAYA3mN(Zq-L%w$IAM_5Aho zCwameq3&=n=qd$Ldg`$eQib#t2pO44kt+6q&aT`Ef(%nN%KZ=oPg6cZ+j6I~fnMTE zKTJaurQs<_1n&?Ke8R;3$raMm6SJ(AVlYRib0sGu>Jho1LTgO;2z^@%T6#8`exMM0 zBo93%3Bp=4D8W94`XjVe7@#G_2O*qt`jlQo42N;xM^oF^ZTXo}Y6U=Q9|<5MP3!Q}W>i`w_5Q z@!IDkWDe3J2*3gM$Z)|ThW2DCB@TcKK{F%B1iozA&Xoc4hWBbH7k{v~?w^ADTo z){0J{fX#ji;M2~obBM+VXEX9HUCzODzm86Il-;~1dbY@hnA)$D(QD0M=6A|9=UD1sG zlHdzx>hoE8nlh5OAl$g)($G+-{y)S*$Lz=HY2dqkKb-ahI;CTt;E2Uo2=wvJU~uWg z(G;uzrj!3SbiQ>4y+J1wl1p##dWeMB4@T%u9L<qy)A8lod{b)IIab zf4hS3=E^2qe(Goy8nEsdZr{rW1G-z)$IiLNdFTuuIa@cwa~jvbGzVUr0W9$U-5c%= z3+w;UaC^93|99~ur`Q#;Sst7jxgN9lSx(gFeM2g00A+VN35f&W#cYIzosM)z423$) z6U@nUK0-${5UTLo*u$KN@`9TX#tsvD3MzzH3D31Q63e|5j{W|O;DF2ha|}Dj?ZIHs z=>+~cxki12Aod6cPf391$1-APg!aT2wS_S+x5di|_JcGbZ*+h#1QK_o$p;P>W6FFE zI$Ci7BgFA^gdnhAj4|X22z;@9JD9wp{4gPmL>zRw4Q1!RK`>W`ICF#}gp&l%g=PvZ z9;QJc)e`2&TIv@HQ^tk<8{#Mh7;?Id6SbHwh*?+l5;Dp7?wN5Eb$r_QsLT2svoqE= zdQ~r`UeE00`=Tp7z^E4|{yFBPmyoH?crxz;e9*b#4BHXB5WAjmek4o&Oy-v1uEU6% zCO)4(5nTTgrZY*SefE}-WQ2AeiH+HWskmwJv*Xc=D4^JTirMUx;>2SIRkMQQIH7Uk zV@~>Rngn`U0?Y~Hjq|dxfexvM_M?b$(Cb-e1I5&{UX0L(D=7HX&_2Ss^0=a~I`9$` zqlg8m1&26=ZH%in$Y5HhDHocq+)*f3`v)&5_VkIEuKmyv&}pLTBcDqE7e1fqEsd_P zeD)6xv&!h0NJG3qW*!p|<)Ay$B(wG*pF>-Qj;hH>$noAZ^*z#8Fj>E|v7y<^$Q;}m zY&v?mek)dAaq!ehml{cR2q&PFwlU?Jf&%j>>O(v@^BtjR>PMHA1$n@F*cGC@tIzf= zJPg|r+=!a(TMvPF?U73y#sP64+*fp1RD+224KM{;+l*X=9uJsWHW}CrZ9S-h-LVWi zAFetZNSbIN)4MaSPOg)0t@`mO-Zl zm$Aqrq8{lR&$jLaUY8K$1;F zoT-DlqH||mr_HoWnF@`H0ZV#{7h7T$Vwc6*H|@wl-pCq$B^57_B0Rx}MCX1&f%c4l z0-TSjkfT$AM3)eaI7OL;Cdig`NOYbpEu|(1Z3AmNijo>kywAFnsT1ljN2vzVfXTEF z^E`cYN^CS`V?NVoIw>QQRPHTt%4dkvGZL{)M7S#u{4t@S)D)CI$_Co^JYQ-{Ir#~K z5YPt0ypX<6$pk`0a8^Tp1DU9bGiMb&3M@ymo;t$NT-_W(z(+V{)116`VxSOEUu{{S zI@YTIB9!RYQ7|{>^&3b~v6Rw~SBjxIP0SE4#9MV~*mCRdB1L1g!Fh%8r-R`!oqmSF*1?WlU6j z&0*)Rt{~YPfV!OPmp*%%_c^Q^My1&z7!{8s*B(x-Dg#s5Kqo?TIWbh-x5i;C2JL$}9qQ|$MlYKc^~E5*U~){k!qnVXLwa8i9ZjYOo~ec=H1GsNzkfeJ zb7HyZH=fS~Q+!GSBF$QI%+*(&DNrpY-ArtvWYwc|yoM3dQf<*>a*F&=D7m0Sy?*m- zgx*l;qiBG^`h{u10i#N)W`Y8hhrT3%G*!4X?3X6qYAGg(8GacSseegvfEhX?b0;_9 z*+eTkHnV6}1jjrZzG+0bn6~Y`J+s6TA}Mo(%&TmP+KUnf^oUGI0y+(+h+Kj^4%9He z#Br_{4#@4QUchDsDv3J!gY+~2!IIUoMo2FY$Xr4^eHeB+uRw%}?U#{+K=qs8sp&`P zl=7LAQHMYQJXw_%KQeQ}vG^NK4dqtAAmjYb#E5;ApAkCR|8@NTj$gmZ&rXI-ah|jU zeJ+XPK0|Thhd7z%eV;PQR1)2fP>5rrQMfcZCkdD0-H&|be6f%_+5U|M?N{_b7xg25 zq_$ORGX-N(wffWiSpmbO>cI^xLnZW3|et< zbf2qjw-Db`0?G_v72^blgp-6-D43h}4hle7TBYT0qTFH6{0p(4^!jJt8i(1@z!^Hj zogH23u+H?J^NkT?oik(>O_P~zaxjpl%%Uw**4Qmo*cIii?MhL=X8v0nYNB9ft7g>F z7r{vsCueFo*by39^qbNOxSUAirb0d0kn(t$(ZExU1~P-6J@)oKsL#W=pZk{E_O9MJ zYv$YZP8a`jJ!QVmr}6w>t2wMMxc;%jFZn8MEb#x?+1VZB&;Pdu+mF`qKX>vB9rT=V z8F_a9!w2NZ#E*`#jialp`$9A%NDDln1Se?(8zZ6dNM|@6pef;6#P)ibMOZ*RB0>Za z=aqSTbtOI+MY^jsfJqtzkeL%XqD+q>vBQOMhwcXlJlg@co<`@Yi$0=L%*fsj>h(P0 zQjeg2A>z(xr?cgN8T)zOD6C@#^r7mxkEIS~4S+h4bm0BfmDuOx_dicx9ZQ3OeWD8E zsLc3sa9VWIsT(1%8-Dm8HcT3=LP#aLf|JZ2YfgnX&FL*k(A%RI57A~XXC@yM{geAdtlRLD}pQ#o6xFY z{@J_1d&q_&5V`8=<8anyavzq_J2)&LCqT26Py`oifgR(Rr()T9G7e3=Q$Mb{8V7eq z^^D$An2he35i?Vo8-Lrapm`4D&ftK9>ovz`1YtBG7bx_jloMurpmUB22Z#D_=p6fj zplQdr0RJydVX0nZ{=Lvkv9Ysg>VA&@oVzUt@}kY`-OtV5@w1~}4xUs@VCzXLnUS9$Fc>E>8X9LBAz`I$u0{xV0J_RypbJ=M?Y2bNxamhhLv2L*Npz>sDtf-ar2F4_LQgX9*}HQY3;|8`AS3RDft6TYiWQkI#_I?1#At;HZ9V zh&S15Yd$}WBJ&aaoOf@LLAKJ|0oEt&%i=TiK%EPyJptGnW8yw^ItLS! zNQokW7)cAmCg1s)SsH9`;FlqgSJ>7LZ6+S|h*&!X{n3o5E>l~e)sPE~LI1c1=#L(^ zpH&M_GZGR?PVi>9=H4!iV4V07pP=r4u-<>LZULHXcNsdX`#VQ}*2F?UjC5=elM0io zC`Fb6Gg-p~L#b|UckI!Ye=9c%^bsW_4utm7{bv_-$KBP}Q*pg(Utlal0qT*@hYY-` zqtkpbm1olI>ppxi#PvWK!7J6nhjs9jdYGq;0%UzXNojvm38aDmJ~bC#{b?!xl|3P$ z0a-pAXo376Zavy9$p5Y3+WvPpPu{wu(l_h%Wo;=6i#9pMu3oBFSDiCI@{G^^5e-Pk zcIkq`IOQ{%_9E%6#Z$?0g)Ls<+G8hEVxi;Dpx{Rs7SGRib!Q z+Ue;6Gm`imj;rhvI-pvO1MKL`9xZb`mOyMzWUrhA9q@(H zq|ezCg7yy&Wd5|=86A4p&5n$^?>q9u9Ntd}?{1}U?py-$nvi% zMOX@niBx7vIU~n8H5PDd7~Cp_-E`VmNz2{VX3~zB2bG(utP!j#<&Y6Y4J5P{4=X-x z`M(zCndfoOcvmly1Pk^5-J<@#yS={u>u#PE`G13=d3Dt(Bo$G-K>MJtRsJPaewq2s za^lj1ms^3#JGB^1gYv;Ns4|vD#klBD8u`--rBMeoStN}L&!`ThQP5(OC|N!-V8%X? zEEAD(dt2-Kcl9jG|5r%{v&jEzx1|3Mch~u!?&fLB|CeCttvTD5!Tx2p3i3}!)dCO` zQ1syg`knd_>TY(cO6K^#9omFGS`JzF&d7Wd-ILKVqsJgYE;YEUqkiOfbsye+_yE<= z)zy1t+cwZhK*CM=-!C{202S!W3=SXB)fIYdeu<){K&5{}VL)t$V5nH%p@u5D7ji_j z99322u|+|qX82Vd(3DBLd^4TyXRi>ND}|O7nQJAfEQSf^1Y{`(tsNtrBibDEb;`L2 zmv9lZeDQ9(Czb>+59;I(FDjmtlxd|HO3S`{aoOUErizq{~qE0b1wp1226K#SU z%0K!kOZumN)F;t7V$v0!5srE!otVYcVk8P{c*)Ty)tB+Caj{f*=J^Tg#W15vU4z8p zMKFeGRlKlyLaxy)g!rB{j#cP08&-9f@0AOi!F)gy^k9bB&t$G^bY*;T_hIQnngrd4 z4~-;AlK}PD8Tw5w9HDDR#N|De`U~w1%%>1v!fWf@PpG@^x+LZ!nP*nUPWFFiH0oMq zp2&E#-Wym{#ghL5*8{>IzkTy#?^|6@^-WD3pm}vA$UJ)?erIQzm0{jE_U(Z5tiBu{ zbamC&QP<+D-K2h>Z`ZudH$JphQC}|->z&jx6pW1TqpPcrh!GFnXCHs-X77LNj^6#> z=KF7oFVSz^43!+1-?|^C_svE@jp6r=(fISsIzVyYKXd!1zbvbHNN_5W<# zdSY;TOYH|1+JA<{_>Y~v?MG|<|1O>t?LS3!ygJ|S^?EnHxwwa}t}J^=udvjY+;`kt zV&8GEYTt2h@y6p`)y@MIo;`jY zyz*;&+VX#sCu{`+P&5DE+S=VM`u}bXhP!M2e;3ax_8%O_tZ(>qmgw|rwgTPCiET_= zm7P}QOt!Yx`lSTUblyw3al_o5y|4ytiD6qf7)+;X?qr4l3$Joc=ZwMo6BLoAlHFYP zXJfxg?6)Hnr9qGr8Ax8;q5Gx=!6G(<@f)7nsHCw?h!i&awXIqM zZU@k*@A(lf2TGUHeC8`;7>j12+^Va_veH^ete`N9QtQOCHY*?vJluJbiYw5@2&CZ$q}y@l>#O1;iA} znEP-mKM;!CWJ=kn-AgrN|2NEYphU%As39CVsO*;;*27_>IcOP3sEwNp_v6wo^-1wFnsw zTefFX0oJybWre&ob0=E)n5*7WS00u|+h^@yt$tWiJEGm1f=eE&RGjBmCATe34&>}x zTw&4pIoBFDM=iiQ3uv<&#dQ~19V6-&^Q717=!Jr9wq}(F(l^$LEWvhlR`G_eRF-er z;I>je(Os!43meoOyY9%^KwA!O&KdREidCtHcOi+}hR~o$r=#|J7F6}Ju38m8^`<}Y2k=*Td z4TnP&V^%(U)Yr{rCr|qBw`)SSF1O2o+c(}V2VWZvDvo4II{?FD^YpenUu|(-giwoZ zVwIh*abtL$9#pt2ISUt3&8t?s0VijZP)o4tB~Ymqb3n5 z@7-u*|Mp#M7VB$K(@t&C0C6eBp++-+q?bj8-IGGg+@(?C=W)UMRUFU!UZ|*cRp+3z zpqqOlZ4R=1cO&}PHYrs8#Hlm~B#im|sh^k|Ve_#8mHl1rJgV6o zP|<$-js0~QW<_9W4Q*ZTY-G{)z4at4u`h1k6IU^W;_}XZ7uT2~y_ax_lPGGvC>?pC z&)mzgrT?GK4!%P4=i>aI!@Z*a_i$?+|9LmhivHilH1sATq+l_xl=9HTnzI_p+;d11 zZfhJB>8g9^o@y72S5{$-4g@dt3hs*Jl9Nb=xSS793CG%V@j%w9c3aGP@+G+_R!ot) zkX!Ph!p5dhrq)xjv`^3#Z_Ep_26-MRxLgi?g*QsEq+tHmt?Riu`O6KUC@9(`6MIPn zE)oxQPBvMiW>h|F;H@iuvDmhU@%4ck)~(|69!BXVnn` zl12*R_K}(C!^8YTL zCFMVkyhg+CgWB7PZ2RrQqP}2)2@k9I;@2EkSaAkt51YNeUTTA#+lgt(DboVIq@I>= z@vL~ZJ+0a==Xbm$ce`wM@vhoJ%Cm%euPFadl83KqJP9ykjb{YKf@KfVwYVuh zE&2ay7eA-vKV(H&@-b0MEPondSQa z`~39^szA{!;}cm@UAADJclT39axl~;5K;#&8t?ZtcO0(y>6ia3!T*=P_(463`2V2d z{-5>z4|nt20RJzZw=E+8^gR(@y&SNvMrd=LfxbXt*_#urTOexhfLP@Qh_xF1l|C)` zzcgvCxC2MgNcCV4eTzPM&M!|CZiYU$c2erayWe<3Cbj^6X_{H8r<&e?+Hy zJ0x=Rc8r1uh2n?$PH<`4$;G;qft%9x4P-u!6~Gc4dHX>;!>`g1?F^d0*ul7kOUG+H zUX6ok*+EvGqbzQ4EnDvRY0dwoH`ZYj1u3=bb#)~!#`+ctfB0Zs`Y9xuKS8w}ctNrE0}gQHlB8=RSr);?iKI<+S=P$@Bi=QS@r(MoT0Gh zB(SI_Y7^uQ-v4-)uAJAgn|`+JwQ>C)J==f!@|hEQ*K4DB{cr8;Y;EP&|8Q?>YaRb} zC(j0YE+-rPM1l~(;^}n0K?f1zI0)oL{}<#mi|qEJDUu$Y=$)$j{(-vPOs@x;O#2Tz zosA9j=Ec9B9{sD+IXO9TX~bwiI`_~_H08?{5aWW$=&GV1R8$Cv)&vR)u{YGz6K{cD zQ7~s zhfe1sI>ZSM2`34vem_iw}#b}DVCQJ+si&5J0E+Cp2a1uSKg}G`G`(*ZvKC$p_RG+~qmp-4XhLx-sUn?g(|^a9$~XtR!f_Am1r>CVV>MEzoHAQWiTHC2v1&(D;`;!b8NA431R%oN0w zm%&(L1NW8^4?@X={#%LKM|AS;{q?co6$6vQ=FN*^mCi<~pw%$1hmCQct&!tG7!p2JRRy|X1 zOo28yU2~>%HoIE=dS55NGrHCSY_2ml6>&~^e)E+_pjGS#ZF0h2VHAPgFElqh{29I+mRYDW{|D8)fAN76R$AwPoo zWTG+%{206Bq0Wmf)+S_>Wuhmi1YysUy%Lq|o~xOcs1|duofJ^r_dH(+4IJpS+@Qac zMB^LE)NQ)_^+;T1P_6^;5gn=w(XxjD#iENipwU!X%d{!k|JTIQ^A1>NfTvLwK z>_Ic=mL;ymcJ#WMYVKarioNKe(2!g0if;g$`b4QG$g&!E@{mFrlF)_k5yS{i+!^Tf z*1E!xC!`YVr(l<6ed{kHVFQmCFRF*cdFXg@fOV^g@)?WEP%WLR8xa3nV6RQ%UrIma*G9111KBN6v; z!0K2ILnkRC$q5YQiT0bfxldad6+Cl2iTEZ@ zbTXYy&s|JC2fY#4XT>itcW3Hc(4HGrRnv~>)WjD`HA6Jz@Qp@9%^{YXdW1#W6F-to z*RL4|=0Gs;Tm?R(j3_Js37imgk@%dGNYDdD>PjP^R@m_n51r1(SS)E)p31*B#`yd0kpdv2h9Ppt;eLHj5nE)7Exc~TPi&`8Q)7_x@MekTLADMkcG zC?Q_zLNz);VH$8h4v5{RABnLlfD-eRCJBjnFoy_=IH55~f;kHPB!PZp3)AU5yToA* ztO7NH!{AEC8l#w0xL`AY)>Ghfx1Q#%%2oxkD|km}XhL1izGYcWxWR3NKK42Yy>lGr zy*U}ruZrxR%f@A)i+#b%qR1|9X;jZ?|--MzDaOA^ErW+2+?GE;59c5t}!Ixis^~v zLS%HcsB$sGoFROU{XncXy%21Kil}U$e>0x=(R9;f&->m8UR_xYAv#heI)DFrWfv-e zS=7hpaUP2HL!T~$V%g3d!DBDyNbn&)AudM`j-|bUCg_KRUNFH*WY^ywJS;RQ0gWUK z-JT!u@5S&V-*eD~9|Y#^0Z!$#prHrbZ6DW$>pNb>H!=QE(H zQ_Or9;grvy82sE%`K;7ZRuC`|?d5B{t-{Z$Wv*b#)jBMWL?xEM+%1(5%?S2L!l07) z_$2#QfE427OvwYF0ecC&#FwA}#6WISsOU50_hjINIQ||@d=hwyT>wp;0{=ZHpv-WJ zgs25^z_?Zv#4BKB07?9MDmmHTHM4_tV%Su7=nT91D-RgV1L8?a3NL>ZJ>Gvp5^jCA zMjddWkXJx6ojm3wa+A3b8V*zimlN{;3JCIm=|;Ma<8-apflngd@abnVx4)ccj5s$p zkOUOS3AiEge4gWwh6}$vkcf&Bf*^EiN)Sh%+9UIBpGyDVIH4ioGm^5t^rl`p^&>nB z^M4idKMo)5?5*=Z-^o)@zHl6ypIgrGk+aqDGC$7|Iy96a6mqP0WR_1b?9BWS{B(Sw z1}nMYbY@g21w!7jQQx95$EW>{?+WnxV}dW7sn2KWsaVZIt0xh6TpHS>X+e->1)vZM zy}pkbBRN7I2Xsn%?&FKV!y|d@U(Xkmkc5Xg!c&qgENnHfuxQF=Q_RT) zo-ZsLQICwtC2X~8kjOGR!=F9IF(i>dlW5oM+^$`bgt9;QJcZM1CE*~soN zg^#^B4T7FD%XYy~^c0LDC?78+kE6kOl!Y=lI$!{FIrIKLLz6TJ=IDO< zqmzdUMgW_8N~1uoqe$PE){#-T&lHbaP}Jg`3rfnv?#4o$B90py=wKoTc{A4msc(yY z<|)z9E5w5u_VmapM8?-&wk|i*M?_*F!yWXYSM^WV=IGArL1%1^0LD2c%IbeHfu` zS3$767HWEflW7_XGBu-r$rHSvOc~r_C&9cCTaBX^C{D=4zeHlgH1pk=wrnd<$~LFX zehzxe$RrJnrBZCi#UJ;37v$6g$oJADxUX;65}Ftb(y45gQMo%4mCkYEQ=zOyvYNn0 znjaY##01-6PPGXI!+Fsh3TOk7+UUBV!$AWNUdM8D9>O?^&b>W)VU6Fj%d9okXVFXD zNPdEaaww~pOd;P5zT0j;Cspn_vhI&Gk?RG{?J2^ZhcIX{V`=KKC-GTyZp~p`v&Xjk ziYTgB8xz2F4dvVd<_5_HnWJi|1E>Z^9pj_pXv}O!n-O~V9u~ufl>tF~2Fof_pK@3K z_X&4ZBDd_jas`9QGw-asuIx_tDqGOEJ!Fi>#FM?mF{0-rNqmne?|q#EMr?UcG*UrX(VQ zi6U(ENc#qBs;O+(S`E45N_|Ladt+s~b2jOE*=YX~QFy;V_wxSa@(@^8ao<(%vnC52 z&%0lMQ60u2=Yl1cWS%K(Y#<2D2{Bg;^Nh@4A^A}Orh);+9fM|HrKZaxX>OOvQP(^K zv8SBXrBsqKSP*nU1Z$6VW3-ctR#k%kih7cQR|&>)#;`%y34iphsA8?<@6FNf^{xj=(46L4_FVoqU-lXr|vJnDq~^tJSEpX!HQnUV;03H>mg;)1;7NU5*%<}ovx^3 zu#}gXhy01D?=wA|HVX23zl;MS)XPt)N5#%wZN+to>}9{GwrHu9V0pP7cylIjegc-n zbCS%V)jaK~Q%9enRLbm&8HvyZP0oDnQkcyo2s%%zzRbx6^APUyvl+U)&aeNC!9I6& z-v$_ObJzAU7W5J#k37m{WOA95kzR&Q^SqS;GIZ&srI$T#JSfhZEo!n|XAf{d-%Euteb$xK~^tFWlc`Yw%J5_9+?n}NOzZRo|+>j}Vp&D`wk`E4SCOTW8kWS&WO z8jF%N8KLeov4Q&d?9ykPWd&fnKSEvjKYL9k6XFWi{)!$eckGXc;0kHIctxLG5;x`K z!O+=50OLR$zcdQw54-ljS#cwI6+IWW(Qb%RMv~q%^*sW{sh-S-Bu2^XPptSFOP>P| zI2Apji|XI`Vo!aRq`DlK(ct}*#b!`RTo%(V!9EwE(byq0+QDQWnk2%Srpgzv{g!Gt*Mq7ARKO$8?wVQ za&k*6D3pPIXT`a|8T35Dq3e0e<>)( zG8hVhv7>6_%6BaN+kW-ERfiGqeCYPNRn@xPO|^AVhwZGq2>fVj!Am3UDfPgzH#`)} zM>Q3tL9mG;T51mbEs$?|grxhJJEK%PNg4ZvwFDi69!%pcL?g8S>#^tsjy#-rC{uF~ zdj9jXP4OB1Cwd)|=$K>o?4dmq8##1FVnCLf6Ls|g5-YcAN+hAGQliiZ{k!z;`_%@r z1ZSC%1V5YnNL1izt)JucRBEO)nZqWy#prM<*NujujbhUANVa#M$px1I_ZgT+f%oTD zjb-IfnxW+dUkG?ADksbm)B9B$vkmly1c9Z$YR^)v9fDk#fnwJcY=GcLj1%n1GC{c< zng~W!9mG{0qd85Lw`At6suKP%y^F4eqrv4*Xyb&Q7VSZt;Ba3JsN4}2$I?1423`DR z^|0o*lY(Sm+~#oQAn0uRI08w-FKCgV`RQZHBI93D)mAqa3*}m8OzEk27M|rpk?OsA zt`BiO=prj{6Uc4o8+LCPthxvIrlHQ6%L4;c|8bp5k-xdW9F(fdhAXcw77$myzPNmQ zv8AP>V~)94s>g&23Rmf*p2)K>LOi{Ura;OG;xinfA$q_FL8m037Y{W}+EvwFfMvkT z8n)s}st5x^WX5=`G-W2BUaocV$}!w-<}>MR1&A^i1ACD4YLyq&V*ii+X+Tf4i;GFlXsA_=?MuRD zhXOx)n^Q0aeLJW+D=Q_v0B0VV_@cAqrbR5ol#`xGy3x-_*4$!eESs{8%(mmk=?D!6 zne{G&v>YR}z4g*pFY_0RF0R$l_A4nzT$K;2t?)18(bAV+>ua~s-tO-9PWJK@jgBbg z)?Ni(tBaqq!jt@~j+v->;bM`d_-Q3pw{)(XB-I-w)J8HDdW3RqKR6VVk`N|TmfX>4 z-r$yHgEB^uN~D{~Ra<5I8|Hx3kBeq+lfWFkdoS@VW`^ zgTX+RWMb2@Z%kCLXe2vWOvK;W*g!9(J07#nYg`pkC6@Bx>*F^}2AsS-deLc^*Wdjx z^u0NwQQsU8^%5dF*4fzTn0H6;O5Vz^DPdGL$mC+V6dXHP$MS2?K|YJ^HVptR;{yCA z4@gTrX#q*QEf`Ri>q6dnp=rouY3<0ct^638JsFC}&kac0-U#_~8sm}B0-myr=-rf0 z%HZVY?5UrqHP8mEIU>)4dZNn}&a>?k?b3;WDN#PymIWNoDpEY#R#HMQjb`}8W9?d6 zSs*oULT;LoE6UEYd((Q^t(V<;+1={0>j+S=g?lO8n@di6We;dEC_SC6y3UCY9jf%x zgjC7o83{t|q019Ow0@Go_~L3B+SJbhf{J8ip5m)%3_7JVyM;aWJr zoG_nRo~8!IPwHE(M<^$kTnuT?)92s?3C@!9KELE+mj=>P!j#hOj!^#`C;h-btzb$O z0z2PILSsC|GIUH}`-VQz1`B0-b8dmNeo}ibNIkH?em7JG*c&nN8fYb> zZ5ALVm_v42uCk<7?>vf*P}vQbAedEtA|q;nrmhhU)`V8;Eloi{%l(WBF>kS-iAy-F zr2DNyvf6}XZET>Icz&ws%gj}VKJB>| z_-6!MS}q{35=IHWu#c)k9QhN%xYNmwr$d4x29;nked#+>oxvGGM|6Cag%P;TGQpSK z%9?7`8a?&tvzM>O&ySuxdvoyWx%!srT0fB>pji$Q3t+d@rVQR`Xj3=&_W0S+tNoYH zbZgMqj|mM&rhNtNXEGQ3GkdMsMmT3#tc>~sI;F|WBN)!PW|E+@{}|w@xqlbd0C1#U z;7^DFnXbaumKqzz>(AlLJ9Q%33#fYraZUMd z{qPitFUHpq^=fN2HE@B0o=}t$c@8KWA?msn`-4i!b&>d-^so@pD4PS0^LLc`F82-&^Ui2H%y$P%DZ3xPf$?_UKxbxW8~7Fj)pL@YSW z2};tSV7QlGd>R!|+t{c{f&xm6b)pW@dc3eb%>UX*NJu#u!?b7Wvv>#Y-%0_!jV8t3 zIp5+D!CtjZqe+8U);@9&`8-o?WZFBp>&^dDN@eMBl!3}u(0ptWg0^3G9yR&JvR1T) zRt2Xuh-+DbqyePP3?x>mmB7U{XEJpW!j^TYv2NMEa=RvjQ>12MlFWTL%-bgNf^;?wv&xmz(~o!;0H? zce$wI)^OW|7Awv2vk5A0-MLjFi(3P)4ln-J3NLOAY8_*Iw=u@8C+4pkXxw^;ZZ+Ci z%Z-s)VK4m9=k0=#D>a;j5y{BMp@T#GCynq0gZ)WDgM0?!mSMZqt(F3I>jHg?>b}&G ztm7uz{R*TTa&pa>~l}#chu(r%W6M{WIl9oCT1^zjKACOl; zA7LPm1bA+8=*yF-7Ryj>u(I8hScc|=#d@z>?HOcx>RzcH;9#`i7%AOQPxj&$l5pR}0f^%Llv7yq`P8Fz0i@QE5H>Y)VJqhfIuL7C zrUUo8z?ZDaB1=OU{c^ak@1!YM(akznXYm5%2gK(ylH_10EBiYp~l;HvFhX5|6P@`)MvUiL`|jFNToeoGg`3bpJDi%?(e8CYI$CfAU6HG(9?eg5WxA8rcF)UVbFjk=PZx6iyhV$#{k%%6fmKB=MD@NC44du7b7; zC=UnU4TeTL%A(ZedwXLDTR3bhBj|zkLmOKj3zB=dX*LINZm;23eR63Oi3JYsC?=JX z(mBLixW5%VRrH4L+$R?rl66a+)M6~be-EacSf+i1janhka^7M3)3u2@pNdJLBSYb7DaZcaewZ%u*6n?Gfq@ zcfD?>Q@FMuXW+EHEg#+Y`J0P3HgY{|3h1*h#%ZeA-t*N0h>Yv&&>6Ig*PfeF7(9`?jda-;kLjCyBp&1IKrR?}qh;jC>ek zWgucrC}Jz8pVBt=mfU^nHz8lOr%#KHu5^Du3%G53d~7ZFvvKrk(YIAxd|H5Ae0M+# zAZxdtyLIbnF(rRphn^OLbBnG#onpe|EKr0*95VN9Y~-$U{m~Cd=^k2V9;%>66#!}N zZ4e8vdp5?gKTeZigzhV&QbJtfpQ})Q$)TmSQVnfS7f_!wQ0g3OWPLzA$O;<~(ZGMt zX?oxOC?+uS#zHX+&hxIV2~D|4!Z=N68jmlqZ^cOJw^_vFZfK0@62V%O6A}~5t*YBI z81b^vy>i&)H#Oj$%qf6XxFF?KsTCq3VLJV2I)<>%zMf$72BuhrUdkb1Iut-p+=04} zly$Tn2WpNwsCc_sR`w~qh^+5I>cq(ir7?Q^7!7h?CNxolpS@H1YVMtw?Q@dA5mc-U z+U8S1F}7=Ygt>_y%kzc%A3mUa61rpVS-rXvEB1GKimb2V=hYROVTMi#iI7JxBCt4Q z&Lg`h^rKX$GWUy^reTQ14&uHZ5LDB!0DE6Wi#9ZgA-@bT*e%XKV z_Sq&%BXANSmtybe^I$G!MzE|oO%sTBW}7IMDH%b3EKRYVciX;lL|mG9w?cIZfXyyjz^$P+ya zzRD~rt66upqX)i29LU!o*|E&Y`7pEkM490~JG3U)ooOE}&!0?4BIG$v`HV!|cV%Bx z%LYjU)9Q$_)#_Q7W(3UazN;cMLOMz6xsT29vw(L3MM4~(poGBRaHtK2TBlPnwfD2# z7nrzN&&A%k&uDVLV+mGuoxRCxAfQqR>=qos5qel6H!|KP`d#cplo~7vRtz|#az~t6 zP)|hd6DK1ocSZzK0Mu?C=Jd@Ap_HByoR9=@dPY=U2RXRv0LLpFy+c|Km!~*TRA50R zk!M{cP^O6NWXMob&Ot#;vIQv};mxL~VGB8L3Pf|yOc1Id5# zOAUUmnQ z1@zw;A&r@*7{mA3-12~_mo{H;@mQV7p5vsSq>&EtE?5QBy2Gw3)Z@O39XH_?9M}l} z{})6IvGV>ztUkq783`sm=1;{ofhNkQG+VAu_7$z0W~wGQALggIVGbC1i_SeO@1u{PlmkCFv2tf=mFtq=sa?^|7q3U zm$#iOiBsS(`;xQDMI{-cXVq1Ap9y-E&PX)yNFv4`lH`bQ5m6jYanqUfV#Y3b8RxmH z^dF&hWb(p|oAj`%0KtRe=-u(S#yMfKcHg>C%KyTkGrTgU-Is zSV~xbZ+qK7RI;dg8l-d@AuYOcYC}S%YDI!+m$k};DmVq;D@4nAfj6*-S-KrX=1|0aOzdtb^}Bo2xvS>2&w#Vb4Xl&0E!a{ zEiInD>SA}&cNP;Dx&^8HOJ5Y>RM)-f-X;WlYyp(!wkAxb>Z*fM-H75uV z%KOPTpb%smKNaz0ZGsexf`Xz{eB+~14D8s1zUfKD9nx=tUof$H27w4% zD$tzD%_uuT|A|7%IOOdV2ost3^d#HAoM_+doLRxC$5+VmGPdHaHr=0S!F`hDo)UO9 z0i_8q0~NX>QJIv%Qj+a)!0kS_%dybur(-#J@7pjUvv_kGmK(!E5OXyiWo}ef7-jvEswkNako12& zylI>T>8_4(ql#O_B&%>XD*a}~-e7SDXu?YQTxL^NtH3G^H3M5$qFOOtVY9b_nwy1ykHH~H4cp*B(k*7gil1zJfVhMXZ2c^KR}Hy1#;(uja%V)v4x+w{ z8f!Ve$Sk zldc3#K_5{?4N&PkS{&}?!sT(VDQ_@t2fm{C;w9Y*;PMzRpsjimTmZPLkXeTi+~3eK zT~MA8Hk8mYjKmZBQ)box^>Qmu{H7NXNwS|Mf_Ew7V|8{?&)rN(kS2SQnTGYhXhpPi{awoAh}Ae?yhUrIIA?!BsN@snK_PN(OLlW^=2kk4Rg zlOLy5=&OD_gy_m50 z+_mLse4ZTHu>EOC@xAxOhOuo z_o|{tn4b`D9Hrr@SXV0k$Xiy3+D%sCRBBnZC@6b=$KBGE2`{pRZ1@)#vzm-K0lg?& zbp9o8Ex}ACa@a(tDOWLwC=fbkl9?}L$`Ei%&>xX@K>K10Lp?DLYwOTo#ySM^ZJCHl z7ho8l%kpIw+XMC`*_Otlt7`+(+Q77Q2i69r%7IxMnCc8nRb1F|&9EX5GH>}Ajg0nc z`^lqan5!DkyJM{o&A1#>Ev1P-aNQ)N2gyrm87QC7Q=!cmEkr9iKLpr4JEfOM-!uOu z9KXSMY5hv3>svy-S|HZ#vmTr2%KL3jGYXDzg2Nm!gj8tSBlJ#4knz^#<@>Lc`dWx| z!|t07mB(Wk#IbyvgSdjb)2X861(?}QHX*0O7d~S#bBCg&SzL5B5ca&>y)p&=bjVwi zyKip8#CBrDcmnK+!p24W=VDLn0zV==;UrO4E&|u&)TW5b9Jx zlle}n#Z3vGj)ke=5gR!UA%kWr_=CFOsT6pyky{3ZASCU&sQRvw32jvKij8(lbfet@ zt%p`zR@DHlMYYjlrEgTN^QKuDeK#EL3Ub^R^dKF+4JidA;l+b0_;^lz4|yq=M!1SA zV&G_OU&FeglPUQT`l-KfU%Uv`jBMknWBGM(!)YqF)Y1+j!&KnEBZ*9o0xQwf#9177 z&wX#E-s}Q?^Zu!?xyg;K=XN^Ee3)f*$r2eth_$-8@|9gI%SqvslFrGv`@gN9n|fTz zcn?Q7nEy$VzB|JS&jq4oSE#*u{pQ)R!!P;LZ43s3!QRde{682B3jYsxcei)`HryHP z?L6AsdbGXwx53tM_-N;EXmBe%E<7pYIQiS)+HDm(_k}zkKJ<`3L52JG)Otg`tEN)~)c^GsqKzlfT6v)w(GigFJVL+Rb z<;u}{d-UP~dx&sC1kOE_K&U|tbV%riuC6*NnTJ4I{1g>QcqxIMmAxChcXXcFt8TX4 zT5A3u7O*@xEZ`^;-K~PD&q)YK%2N=>WcCs7)Q_t!AmGlZ&eC#Ep)tB=MlGA!+&sLn zGVZjP3&EO4=zyaT&k@IGLdTtu3mr&p5@Oq6(ZQk4wxkc3vd|+H*Mu%qavGU4KV?Ez zTNHNR9!+-cwj9fg<>v8zC!5IQXGgyrJgJz=)~zqqbZ*}7f6&uyCq&ZASj@a1U)?WF zdWQ0-EpM!$3X@8yi(0SG!`Dy8ul8R)D-2gmy|$Depe~N%$93bD4c4X!`+QvPC@}V` zt8VQ|5_?0))GSKMwWASkg{SCkZ$gs`oOtM-?lyur=^`hUe|D;6UtQv$A|Kwk=|@3C z2>rT$^y=W%^HG-GM5YAOL5ctP$3I|+!jW4*8IfWVGNM50RiQTLAZ8ou8PPXb#uV~K zXRaL%YI_(ou&bS+tX}Xu+$~=n|5pXlWRFS zG(VxPv)xkH$>IC;YdpCt30vzuHpH9kb-O7NT-_X#mNI02(mATg8g4Rr$wW(VV~b30 zhvJ0BB;j+XevVR>sTlQL1+#Zdy`H>5pfpD|MC*vRQLAm9b^HATxXGmD>{!h|ybC%i zD1>$*)Ov0CFlDpn`Zkaj%CZgh4s>O^xf@fJZJ^6*%69(AW<|NGomCBe)->IQnp`!l zpQ)ByPZD39lH5EiUyY7jKcjb}BGO)IKKkEuo?XUpF|oSVN(X5G z%{U!ZuBXzFS8#`3Rsa%VI!~Y`WMemKH4e#Z9iZ_M@g$90w6_g^`r&apnfRBe+slB7 zRojyaaQ~am6G+=HQIbdsjCJ-mtkPSa&NIZN&rCD=P%vvUPW*^ZQ1?Gr?>|^K-wpZq zFRH*anX&dx zBDw9T#ClN~^+p5;$9DTL!1WlY@dp%UB=I?(7H~LLKEW-~$XP!E3lXtbh}?7)c?N;X>t?(kZdcP?qZ4$#6Ee zT0f+vdUr9bInzRmA*kGV9M`6TdUz$v83kXBWQAAO)S7-d`oU-p=|51ZAPY3MlvqnN`Qpc`CkhL^<%?7VWtwKZULB5Ed4w3(ycwR|?Yb4v+ z(zT?!xW<=CzICeat&;FH8oeGF=Px||oG3V_H#bsmWyxB~Z7%(#Qf<{P<5nql#RjiO zt!3B$&xvA7p41hzS}0RXrFG@LRQk;CMsAfdmu~8MG-)4=e@@g`eZW^il2rw3>9Vo# zmr9%!=7n3O(AC;&MW#oDr-}52u#zny9Q)cfKcNZA@}M=-kX0^&kRu{S!gG>5pWzEW>9Y@`AWWRqrbar}!P4w@f^XP7e zc;)6)KmBOxoP7(2?Ke2yG4+`8=4&(N70!RH$9-Fk`*3i#1HXEEazrZHTBI=)kBxO2 zA9eSbzW-4>F6AS6v}Jdp-s!t!Ujh{JCT9|<)kCv71sjUI1Rkm(gwTf%Mm|4ScuHvb z5t^o3eC#bkpUwx8_kXlVt$x^W7WHlIu8YZmTK5^|yYX*D6 z6KC&OSD!Q+N~;OWZIqXstQs3g!$g(0<=391dXP6fLH15+<@vFIw3;4U7hiIAYFsGm zC#S+0@S1Z|3-N}hMkl{mbyj5kRuiJO?@P`_If}i08uF3Z*PMYWU=@S^somYyPvL3r z|7mL$Jrxy^(118|95y?IHv4}LhQnbo|IhBu@X^};^Ddrzbc~GHax8{Y2s861;8EEa zmaji1r`WamSGFx0A^3(Qse-hHrQkq~u34r`uzXY zk32t`Hi&_R{C{`5!2kCi?XLa*@8tP%`2P=*&OSpiz|zy-i7V5l_K-yUIHw;2g3S#q zv|c$#>E$K@s_ciaL!dfhVIGl*z(`A*hC%NjR2H|_8IiSk_)?x#`9I`|4RO3!`(Moe zx3-G>e|NAoSo8n8cy59JKM*AzkTB-+>VlGZUgB6EXA9Q#utk+06B-^9HzEAt!;(lj zH!?$m{|rTi#0Jj%6G}N6Jw}c(lE@4K_s+(5GHX^vm$CiyxEjo zzJwU=uJg@rzd3XKUtw^stINuAS63tS5%Mn3|HWaT8~d2qdp=xs(MOc;b$&l!!>WK( zQ8mAFC?6cH<-{j=R^#rgnIRpJR8 zbJ&ukX66#i$#gDD>R%&EhBQ}e5D3VOr5X}z>Y9;?skd*Xc~aXWl)v6*0fq$_2G4Ji zIR&vW6;F_xt!t3fw;9ZZ{ghLkE5E2)vPx5XB=Xc7Nt}%Ypf2`Ibhx(!lY2cv-P$~W zh3ef-XwRqCxBC z96yBE_*#77yIA{_`J5)8zBQNScnWVxig6~5iR+dYHntY>!hb%lcfII zY0o|1+^!fBA&Ct|vIObJNpk=8&%y>k0wDO3WF=|E9}W1`ocr)m5*l9~&ZC!4CKfn@66 zafJ8!dyr?^1Yko1AwTp}9|tc;fbXw(s`e2&80eY6cSP`zP+e z9k|00qfxC19mBgVHLC6I*Fc@r?V@GeG|oU{bL4Z(x4yFL%`e3T*BqM?jC>UKE3RR6 zM{pQ<qfF$O%S$Wxr zjS65TOz?EdxB!JH%QuZUSfl z5^=5a@Ti873-FhaU{$ihg-$>|6b3}^Ie(X5>z5eP5(29*B=yWln+_Deb&QNLYGC?m zWfV1W`3tFp2b=YUpN!DQlAue| zH*M8T`Lm?{M}{Uu+AYu?E9l#)%z!TK&s0@gtq2Y&j>rzz^~DOQDj#A*PJQ$L|8 zFQ1>Ua8b?=)tIg9kw~qf?hAghN@Eb^LvgPilm@3@l|)wik004xTA=U={T}%tAZrMC z#(469gq|s_RA>dC5|wzAB}v6j*GkJs{ACWJX-A}Tail@}9gqg*%D1yF>o%2H^8D9h z5;SlD&Gvr-)BfY+_+WefZ{m5t^Is1}p&tBg%sr|@Stu4CZ`4AX(Z})xcb&(KB;Mc> zvtr$Lah6)b?EQE$FF5)2)|X*1T;V(NtVYiqT;&FV0`+FU~K{ zl<~{LQ~C=f;si)CcB(wOWN%Ny`$up@yz;~BuKIfx#{pT8FvWoyTtF0kozWDE^RWZ@ zQGUAYpdX`T?0X1%p2#YSz&mNi0J%ByzVO2lDr^)N_-=%bkB$zG9E7HnJDF~@Q8|s5 zQIvv9)ICkfLQLv5T0xs<+4KKqvNryI|KP-o|8lTB|2On>KmWUU_oy<{<@83CI`DoA zj2aZvl^&!Qwqr|v|S5lGGLaTMF`MUg`cxLg}k=Mdlx7_EVvW10dJrTkN1DrLK z%8$t(5MsJJkX`8yRlE`oBRwO0j-^O@b6g$mUggo&VJJ8+CSq!^f#qnHUU$XS2G?+i zF~S=$-jUEkNGN*SX@LBH>h07=0^V`}#k1u3FO+2cIl*4gWC+r9{tpgH@qZ2mTm8>Q zo=w?*R51tE^H&7VX=#a|g3j0DN@s2(#Esb~bn0`E8zwB%zd-tnR(5S^CLkvhIX5to zne0dCO%xJG^JJ1Hlk+r<#i0;O^?dvOl=S!jCyCN%5(Ojl_DuTFr8t?9^g`E6bsBiS zpkEU@zaS(jlwZ6X3qt2HA&J%%#jC9eCn%~-gf1^$O>t;W^Y(cBOFgTd|7)@TJUA?! z|A$BW``hz>6VICTf9pQd#qwJ16t@8R@&~s-s{L85S9ply*=Z5}L12-e+q_BT7_U5= zZ8cloT4i17HGO^|mVxr3^)gU_RE}b+sf)1p0}gOFDF#A+*E||!7%L!g1=s0I5U-cf zQNQZ;qu)(@FKIM|u5U>M7v`X*&C= z|2iI=Y~?>2c^**y(>AwO9lt2!Cx4lEZtcTNeY3*lW%s`jgHX~U0A&6CA08g=pOo@{ z9Bl7@8+pDa`L9TvDJeivFs+!-bwr>n8RYP1{SGZWOjHGNl;X3z`L+9& z=*=4*3-YDzw;&K(!F$0vA0pUFqc4kA+4N{>14O&WT0L5nxiDgHuGPDxV#-as5(9-s zu3w7|x^)f}Pka3zJFWZVj@>ay()Tb~L}4rSUz7fCaCm6y|Br^p+x%}Ed6u{TWb5Ij zSPq?|dlk#4Dwi7+&~<-x2o%}jO6sA8!>I+B6|F|K7M9jVYEaglTuuYtq(Q8khb;DR zO0KkYar(Q)IWR!1D|MXK#*%8pIv8tIBQ`FWXHEMtj=WkE4p!fOQcpej7A^;Xg&tww{i$WpeWbjSjsqckYS>71PxlPP_^H;-t_n1_kI7`>-? zDSA&!dbq0DSAwckN&F2(Pvs~{%TEZ&qM7+taGj`?GDJTM?aC0*L%SNXgPx=m_TH?$ zl)}fV;*gfdY2r^zUBi+ShD^Q5vNKgZ8l@(_9}Wh#x@EPmh}E+KVztsq4bEDmk)_S1 z3nA?rQk6mKLP!;~xkD|G%S9@Ln>IO2dC$n`O%JcvXrr+xmN*BLL@}PhSzpz1Q9?za zy52JC*y_$v2{YX z^$P#$0>qlqnyvw2JJkQm1H{TRX4w$1%1PT816Da!OJ$coXUlPB%jaetf32OV8h=`K zVJ&gCIS*P_Bj;MT!D=5iSgjT%SoM+DfGMEXs=HkF{7<5wW%QRe`F~9P-{J6Z8~=49 z&&JRHC_#@sGR0YtwmqLDVAv_Ug<*bW$z79&090_6&ZETtCmc;?-aO7KTt)%;D!Bs& zn8tV_ZZfKo6})DpM25IN!m%%?Dth;*$o%){H!b)kdiTg=;(fvk-H>EVM?iPpJ<2H2 zYC@Z=SN)~NWovoyRXwZF|1pp9+IS2!(*Gkf|Lf7waImHSn|Qwd`(GXHR>-ypIsENX z?a0}Q7HtZ6`j^0AUiAj)o6*`jepA4 zNLmca!UXAK_ZW=rtaAmkS&n^Z?LjH_;a^JaxqZa5BLCMa0AvIIXN&*1zrW@GHu5~+ z{ojoLs1<(T_>b#xxoB^={>>85_WM81=zNA#a*OX}c$=0=peFg>aA@BDjt+*~_>UWT zR@?u|ny3~3ncKXrKIV+Cvyxh-4GBK#WV1P`7juYckHaP|gTexKPk=#k1~f z+(#BA4SeBB8c`^tM5~=EY3kH8HJ#JB*>}HfC3An$XJz`|LJ8DJ{|`<5&++lm*8XoJ z&o@K=ZTg+B;TS0NCydlqXi%15G?gZE6-sAKQX2)3)HkVT?F!?uJsrNOXF2*`xXHIs z05#D6lf%;e|7du)&Hu2GXLu zP-ZUbMsMlh3r$cSH1>kpc&pG0YK4Z#3+196122>Tw2r&b9F0Ju%nuNmxn($HHN<(~ z-;gfRkYyY*wg>KH$52mOx4pb?J=D7;V>gMil=ON0&|WDlckV68j=ZJ8@}Q)1f`fE^ zU-ssN}aB8Y9{SP{&5SRc%Js0VZI7@7Jjp9|KX&NER_X|wZC6DdMJeH#Ns z)KTx+IFj;djx@1MH0@eEItSCPg;pI)`zsGZpdC|7dDT}!=;~Cj@nb9a)YrjT1*c`g zA5_&}1&?l-d8{>C@Q*9)>B_JKmD|{a39)5$QZQk!-dKVI*W-5Q)6@@V08j)8Uanqa zVBqRYn{{*xrR`r=WVM|9#}8)-p|qs~V1xW;|7cLk|9*I|_5aw&^KkNi?TRDTiz+8# z;J!<^02}Uu>;|Jn56?>}N%mN&rdzZ{BK@6eHdt|0vRN4BC;%f0e&tow^F9_O`^v>y z^?G+tFV2O~i@HByih3b8M)bp(p$O@j?l6@lfp!V5SFKR!m$j0D_Hk+3Imf-)I@{LK zuEyC-Fbc`fGN##^lKKg?zbyoSt%LK37K|mVq$~;85~6Y7r>}gPqTZgO;OT=OIAA#S z6Poh!Mfj*RRl?iEJk9~%!|D>%%*xddMu2ncrKhi4&JrR~_=J9s{1A{eu1I4%`9MO? zOlM?f#?*Fk>6WEzI<0hJWNV(-4XZN^#IUD9>(!W+4D9WU!Z&H@Wq+1C{{<0hjQqo& zCjI~Z@X*x%93OA}|2OhH-1#roh+zfQRzsxMu22%aQ44kO{H!7KYdmc7h&hpWwQOAO zE@~V>#iZ5OR7p_TFC)Pp3o7*piA)lexD=A9zAh*3tAeyYAtC)npXKO(?2X$7e`#U= ze{yWn|AV7#{`bv1>(T$mk@v!q;j=L>xIONei< zAF%#a>db9JqF1$ffGv46*pNPMWsSAu{_ha|v047JU$*}|I@|RiPcN>V_qwIxeGeG=nEkM?Aytzqm+6J$#+Q{6_aK7VN!qHNj{b z^36I0-6FoV1F<{`Ym4{Ry`h!Dz0K1!mX1Sal(i;9tlCg-TBJ2@sNXKIS}XNxWn48I z&ZV$wUpbGn()r&i`d5qiU;9U<{m044*8XE7&%@b&nBl+FvJV{nYb{si)^3yE^i`() z{^yn-9YcS?(`5g3a$w5;4);%n+x@?ZXSMw=tbx9^&|d<;-q zut?ZnzsiN8hh9?RUC9b;p}BAY6^ws=8C4;5ntOE|gdv3DGkPNc){S0uEt%l8_wjSD zaRF4W`+mhD0e{x3NrGd-iA1hVi-X3JeDm6I>g#E0HBhi97C6MSg6QoUWyCsEix#T^ z-umHeWbG4ty(B=h^iDMv%V)jIwDVP@VQNRr)+b}u8;k4FPRik#`shP8CP_$ALf=#G zJwGZmkF-8wtnLWKk(a+s11gHDB`5g()MrKaZg8@fWZ@pSCZ>BuBka1N>oE2v*qtP4 z4rfeoLX!7s^nrv+!GoGPxXLM)D~gA-`sMPK>KYy6bpAdrteiVmw|I9aeCd=&xR1E# z;k`Iu(YyEW*}3~(nVI}T@|!Z;37HWUJL@&2D2^xGdi(<+ai_-P$m5^i<2be>P!k-G z@A`FPGKm&(6p}Et;G<5@x>_xa8QvE?eD6o>*SKOs#ja6CKzyGRN*v|LAZlRyyslWg24-bZ=_&>wJ z*8Y1V&qLh*R7-DBil#Uv(=51B977*CShOA80$3>`aD#POEr1pCiawB}(i*6`gNtdC zvwvOu==@IB5IQYn-$g-Fj~M}GFG&`_8P-P*DR4|Cevr_6`w$@WOXNANu$Hc zHc04caj7fXT{?Dj4S<9c&XkG|(8&-X|=+2im_#cs)X9z`GeSrR;lz+!uQ!~GL?;11m3==;I< z1KV~i?wJrqnc=GdZkC1Ct(gaiRbGzL)`S4}TzTOqRy35MWuwyqgW5RHHORCG``jG0 znZs`k+FZ3t3b$S1sJqI*p2_bV;qvGfQqT5V90)>ryBqyug$(a+^~u9cvvNfw>B^yC z#pJKX6`;IYD=DleZlY`hA=65ABwAYCN&;1NX}HmQK*F24Gc3GOH$n5Bv*k=EW08=Q zgp5(MZFJ%5=BCse7bV@)Uy$cEHrEQuiX4Z}m$p0g0~QSI!P$=0z_iU^rmp#{TW=3P({Ea=G-tO*uuJ5R;+T&ZM^ zp_z@L3D#R)-UKtnevl>P?K~lL9tB=ApdXDICPbQn`*a70S4IsTV%KCVt!K}czhu?< z(~wU(!_P*I-y_iU=X^ZJvfl!4E&iBX!CpPI7t56}< zEmgA0AV01-vCl(f_K`bhsiZ!(%3X8T$RS-Jl}`nTB{5khfsdu?lC5`3+hbO0A<9ol zvhYJd@^1;AkPDLd;2l)Ou+&y4;8rH{sXD`RQ%n8m4=t&C>Wni*vK}obhgBj`UAr-5 zk5zMJp?D4aMuqmFRqnG@G9OhoRGsvweU-HhUfJS`Jz%={!cUq7C9))h^Lgbj{1RK8 zf3Pj{rs{U|5c+64bov(2nk6Mf`B~)*b+_IcxJ$Eq|_4I{TT+HP68ja0b zMY3xZ$2Jk9f`WAFUQ5h$*g}cx29VU@^rTU z>X!Nqo~HO;$EEyl2L~tH_+J}&9>V_1)DS&*^0#Ui#j3n-`Msud$~Uu9f5vQYMjyMz zVXLYBz;<%26)oEIy~-o9@wN-!EKSeyv3=0BdV9Q@6mkZ7+w5^0$R1~mc~jyzOY!zO zRZ4-pNCgEGn7_2qd zTMer1(!5nZ-S>Z|)Nk-K$$!f6-;a*=xA9*$^8B^)zda=RsL%RVP>!w%-&)mtpj>Yv z8=Ec7+oQ9ee*XKLN0wA?xm-U_?^d7uO{xnm+2G)()P%K754T6siJ-3*Z-&ZLaxKl& zmeB^5+bnDM>MVma!OJ#{-6k8YN@K@|_1n8=bwB?*rGA5_>HOb6HsgQpAMFpe=l>?2 zFYN!{(Qc={k&R`Nt7>maMajeFk9*kI0u5Q?Dtp*AVO*t=ce`A1ZK|&;O zg0_5exGoUakQc6UIGR(!ebpM1KiAXw{1=+F{+wVh0PR2$zi4L&(xm@6+CMb!|HGrL z{BI-A2JAoD#QtfYD9!>jUy4hfzm2dqV71V)hjq#0TGXrQ$P!FIP6KjoK*M$~Ewe*@h@zCFmpodeIp#_UR}Z=!M_#}1AZhkgw1kms z#zw@jR5ngPN$!ZYGBa5{t&~u9n4W5mtH#Uv?O3X>O{MmuoZr@fR!VLA?Q*@_M?TB) z|1DGh!qa5`b+kV;?SI*STmF9o&qK?9)C|C)MqxAZ5V?QXq3)=Q*!u0Mcx#{T`(HVW z*OLEte|Tui|GU-yZshq&0UtsiW;2+!E2EJZcuzs!`3SZ1!~ytR$U0p*xiQ) zAHTBF*L2QWMr8c8g{6-p?=_@ES&%T5@lNX{)0QfNmEK03uV2T@ujM7<(62N0PqWT` z8}z-2l(u|`$Abj6g=NsETp=#H#6Y`DP6m%1aYKxrv=*iPeax<6}` zS8#&XI-t8kE8}nEYFLw7bPZWh4X%vF8!y~>nhW%?+Is8TH{@FK>1_XX6XP|<{}>*h zl;Zzw<9}@E*?|4m4M|def`ij6jpzgiHBMt#6e-0!-xro)zY16vkyn8GA~vFB)25pk z=N3}jiQ|$?+nB8xwhZck^n_s?r;cUoIFll3b<45fRWL6|97OjE5~ilL$8s^#ve?5Z z5vn|Z!{4w|)pp0TEQ_K7`h+|(#aWP|-p|u%4}C&^WKk;mDbHfHF-7MP_!FO4@0FG| zOZAkd1D~=hybNsM-GhHQ`i?vPXR-(X z$`|w59{WfBq&MMS0ceaTAF>!t{eV#CiA!%|=ZQPUADky{x`>@8|IgV$zv9G?GK$V$ zyrd30AAcv4)Ny@};5}Y0iGFvSpa1^m<>l44#5y+Z|I3%BFJ8ZN7v2hO)bIb3ljEZU zbN>&v{y&>}cF;vW*^cwB`0?B0d78#_w6~{P3r2gpPZ37%&VnfO&>Ozd&!R<~rHoYk z7-gXc`@5(<2`5vih{U#eihPPN;*k?6IFAa8QM8CcKaCOwihp*|d5R`c5Rgeq(SoFj zKcQ%vL<=Fq$r9oTZi^zEqM3g~Lga@jNp5gJpCWRDgN$8ZAVef0cX7hKBI#4)`7{pj zJ>`)g3C)6(0--_^9J14XHX{jQ2X;!?xlW@6VeNW8kT9R3Xbfkx$B5^cfDN1LI6FJ& z?W_NMarvK)bA5d+%u$^05IakeAJP;D0ir28)s@j@WufkQm?n{zO;{t210)wVCK^Xk zO49_#Z2a2H74mW>4@DuX^gp@#EUz@$+tWO1cV!F!lu;QY^W9G*SQKrrUbu9=D-Q;= z03-N>cl;tD3Hc-Qsh<++IDJ&Kh=%ULe{gdD14%JDy*Q^xFgK#(Ff_8=GuCOxc^l

^E4p6X_r;6rQQhG8!D|>5#jB>{Eo(7aEZCypgGrSg!v>Whq4ZG> zpU=NYR#L83*c>imVBcx)etW#5{oX~CzzP5^lrPa3CwM_plCYmRg;hEx>Q3-7*gT?} zyfMf5FZATeTR(pCWP~7R5E}u}Zz|^b8it28#n<33p>%mIt4%04gY}L@v>M{`TEF$5DRY z@XHf>kLH-71@-_Wgi=T&P7B0(e=228h+{m765y90y_1X1=4A2#MOg|6Ec_XtS2W9f zkDzyRl8~x>>qQgo5Z-qOdpUr;UB~%_vNaG*QCbj(TR#X;NH{IxH!0S#F9=wU8T-sI z3dt>+M#%!FXiTPz?Mvt69@bPA&l2p3(fS2`uL^MW;e|gL9?Ixn@%xUWbD6AAMhTj*Z5mBcl7%5d2dh>2Rf+97 z#z1~}R%}E#UnU8TSsil6V6wsULxjU9os%Rlc{}$5qR>6cNCfZZG)fS`lex0AU6U{g z6t4AK+cjEblnpVWBxR#;%?^oc*Ktl^2IY!7atBY<>CD*P)K{v@*>71RnxbNjup%%*Mc{5Hpo+ADsGZ^kL5^Acm}o^OTijt9h{?p~sg~(M@)A%NE3@ddl9w zg5x91W3CnihA+%0MYmD%!9`bu&-**2WwzkkZU&G>rpkWU5!-MVW{IJi@Us)hb3)kl zo*{G}WeJJ`4@L&o_6~Y^hZk|6Y)>{VG+T)BXpV2#_Ad2`?>(Z99!%R)IEOrRU3}ad*PQpW0t_RMyc9dzS|HBoe1=nUi|?)9c`x}V zX`&0ia^;2_L=zkohS(!?vOk#1nno`u#~mpHS@cNe|AQZJ@C{udjMMj(Tw@BuqY#V# z5QHi=NW?kkJ8rlH=^ifvPI%^G`sLigrllDUIKztr8ZoMEUrDh4!wKPgpB>IA=_dqB z*4uR)gb>VrsndKIUDxG*@XGI5W$~$xvLxVPhP2Jkn%={)zjreP%iaQzXp8;-v)mp) zWyS;*DOW&>!8Y+98C&Y|%+qKl?-oDkuH^2xh&&{g8@ll^QhX~lb{t4FwzGJWL4z_1 zQ<+9`8Zf%SiBHmdHqQkQo(nf2AParUD&P1(huQHA1c~p!Bq5VjRkgYfOg=k11?zar z7*IM%{4qiE=$7r?oLNM12M0lPYpO@La4{jNgXrEeTup;(i0pyUWBk< zC#C%Onl&>MtI*a}kAN`|+{zrb98)%T37L|Fuw`eGT5Y5Sr+t>I?C}hX)7hK2EKM~A!%oqAVv{XO*_pivwAUDt8cvxiNCGAPA*WXs_x z%px!>j25W+ctQAKOxeQ0G$;FPFRCgSP5Y0KMiKmIkGD5MJ;n(2ECoaYQE}V16#%>S z-m}58K~Jb$7+C&bN)`ZXG3N<4Xe`{nW#->-1u#t|1t5MAKl zIwqhfNv~yF1%Jm!C`sEud=tUhjZ=kY0~d2`8?tMl)K)A6kLi$b5=5+Leu%s%V`LEY zCX|!7Gj+Z28&}RxAh-Z4x6OQUvDeDgQyfbd2J3^wzV(xwB8o%EaV}(S^a;HHg2XQc z>=zVu`tm`aP`_{anFLe5=(Lg!PEyF5iAu#8#`eG>e(QJryVtgcozR|Rol!Y8EF zF+rHVZ#CecC{oPVL;ykxn(a94YC=+DdT4+bM9!%IyjlZ`9WC|A3s~6sU~!FPix z6+VNNqcNTkv3kUuax!;n%=XluJ^dox^Mibf-NXG+H1mI(_v+-uhV-rb!e8Bq?~) zVl(xrKcnu_Hi)oiyrkSdF?%rbnb}{d&OMs?TGew>jx*TnXI?3u8bA^ z_#daQUsXU7`KKg^=BdIO{|MR@w&+2F_MyUMwx#l=rO255<*o0 z_J2Jey2llWO0NnA6!0j#EG$^mB}Md_oGA{_hK#huV$?GEy0P&Pj72IQ;{cx!( zAe|^Tz^kBzusObdcS*4K_ry=h&*6lW7Dk<|G%y+pB`mGzn(kQ^Rc#inw%yAGrW0sM z&RzNNt9Ey7+Z0sbiTuFi_<%u({6hg16Q$HsjNr=bjD@BB2*YzL+QWX@$0F5wgBSR!U$&IN?8kiWgHwhOd4)7tdgY*hM}fcat1j$@?=FLR#@XX{`R<(XZ#G6a7t*GfexSK1 zmh|Ju>*rE~JqfBWK<#lgC6F5Q+7vQWqFPFB(zv4Q=iAKXaSeV?Le!!QK!kQ&!aKjP zlW$ti)KQuy2_qNkoL?|P%sBe0n-aC=-++yf*M$QCICl0ID~ZOUD0=Kqr6~dNcI#2E zN}>UK+ovfbP3ITr?EJ+gm8qvCBiEwg>dw{ewB`*)?cx66B;v17o&un1nLL$pwCguf zNUl+opzE{1Ct=D5o4>ATIK7WyQ$vOTlYC43(@65$pBQMl?n;D+U7TiseBq&hX zsK*-WjZp700s|$k1n(hpnS)x^ElDzJWN7-8@)IJ$K0tf#TsH@%6qFjy#ixomeSzaX zk7}q$7TKgI807{NVg%3_k!_c!$`Rt>D*7$J<1oG~~iHEtVzD?So4;wZd->Nb>O9@ugiOhTCkS?!7+&z;O`(kqtb+sy#;2x>z?o!D7Uh!9096nVqKS5xxTbcuBtDWtzNjiXtnPq z5Zj8a0%)#RX}8d#0kLrFAs57d_{<&J0qM)O9$x*T)#svuv{yAyrt4*Jdc37tzG{gx^|MSfn{yKA?aOT_Vfbbn z8e#Wl8{0;+H*H@xaLQ@}6@0P^t`nPVz_u@^hvf~`me$CksbHJUGi>8vQm1vZ_f4=@ z(*YK zjbClMnu%YxHfxOiYMYd{e%)Hrt^Vp8FpU1XHDsFq6$W{=jatqBy0vT=0=8_p#t^U^ zl%cIPpw^=8?yC{g>YJ}lp_PlTdEm7WOKa4w-4#`B#WcdPfwSL1H3qWU1jh!@xPIF3 zslR;MfUfz%*wn;B-4|``8rMbJc;%PH!S|&zu;Q+015oCt$tAjsoV0H<~>Jn;A{bj#kMDZy!$5aWac zDumJmhcw0sZ;BFrqEav&qi#<8wU!uPXfy-?HQKk6kO}c`>RPH2PSmZ7VfdFZD_jw3D^@KaTW%m_Ws!pR(Awrr^H5!D-5 z(s^p6!Mk3`L78f45wBNpO;!o)jh#-A@WxLfehb;>3Tw6#b7;XHt1%x$tXxBBmjBj=cvs$-hdEV6sD$BiY zA+9vwR^NgRkj9Nyot6sE-x^qz?!N}aT=-cHt1JSwVbxjsY2VV{ybRPBo3v@B8ik;= zoFmRA|17sqAqAzSRBNjW5viU;?Yhd{R~}<)mJrr}T}?QcAG?;@yJfhm@9+XpNx)bJ z(ky1A^|_N8$X8cS;i}fE#ftS}l4glwWs6N@w1XV6atv!ki1n@1Ne`=9s}da6w^SoD ztZK+2F05}uN(!HWq_7ffwUDqLe6@VAs;MT?V10X4?!lEEdkA@;WYR7>%K9v9^u(#hkv29Ro1Z7vqg3Bd>yBm6$gjTrC?pWao5 zK=BMN55xm1_wu`RlLD@Ku$A*_Q|{50=4yn=je{@YK=2iS+|8}qm;l3} z+XB9=E4PI)u5x>>YsKoxy(ZX(khuj^&EYd&?}|F345QYT&%m-eE0MDF5k|jWoT6y_ zJDH@V8=Ryy1>27v6CYxQDoLtPln6OCS%m4+BJ?62M>o>nieCrJeexwev`tx7X#iJCZ`he>o+j@UnJ6Nc^s!^^~ zd>IgDmltQ&6F7=V$m9G)p~pu+=s08(tXHhMm5wOT>xY>^0w}DBr?u0o<0_{aZh^a8 zS@Hc~Sb;>tQUeTRnVcaiV_LD03O?nM^GDVprGy7;MQMVkQ-8umf9jB?5sG9^F2QNZ z=&#}@waOK05E1nlB7X;QxrCcWC4>M0ql>;rCOFYm1UN}B=PyD(j!7y+TM&9zR8Yw{ zuxK{!SR+HLDq+PKoK7Ync{W08Rw`#%_pRX*Fb8A^8Y)}JUByI*%tp9r1YB;EC>!X)W24ALsM4xS)Ejjbmci1f6q0^<7Y#nce-`x39JM{ygS(DdyUM(z*ukWmCying)n@vP>S8cZHYESE+Hg{BoUf)ka8tS`f9DL2a6Hsj(tAN$qCjqnE z9g?^yNfv$x4C>z!JRuh(@!_f-gsfK2(9*UtNYy4oKT~S1e39E%5Q@|?VYMj1IJ#t!dvZ`AJvpM*X+jud`D zQmH(+zLI?Ey5DEa)dzC_98|dPp5}l4cAZ;kKtd@sv)#3eevA@1c~3hfAhcw~`@fKV zfuqufemp-o9`HO2r$Q~`-;m(`DZ=O|de<0MFUKw$uUk#R^#eE^&aNCuRg1LAs; z=R)C$l8h8};G@6Z{`aS9CLP{0C7a$qc+L|b$EsHSol@zy$I6dgN6Gn+Czx7fLF%); z2I+br5v|DeVISJ!9~C+SSw8>^p728!=f4o@^RFX>Ll9ky*CzP=Zs7M@frmL;=PF=7 zE#slQ*7_l`dhT$GOFaX}WyHuh4n4&F5=s}<-OrS`;Vg|7802;VzsO62NuC?TWK*y6 z`FA0A;{t~nRHY=%VvZ79M>21qOchm7B-NVqxu9QQWFiQddS6r+6nUA=6X(e?<9o$E zMcv~gRAP-jepC{aeg2$tUX17|s5I8&yp_y*m?sU06VlJMkVYR|>pq8!L=uqP?AK5F zVpAniKw#1ZUfPE-pIz}CHaXjq?_`oB`rG6D&%Ircn1HO)|0fZd;BG^awXU$%f$iaF z>L8zLsd48?l+EVi{8Xag)t;M@u`v$FT|t$Aia&<5Vc|Vb4n;vI#}m(#WAI(?<|`Rg zd{9mdqn>01#gXS~DLE_pqjNU3y@_Hl+gQ3g3MH!Th}?<13pm}-yx8vU zQxtP@rmtc(E0#Ebaf%jXGRL7$7Y5xZ(uci$b@dcY{e-51I!U|Iaer|m_7wHgFGD#snZde#yurbgxeB@C=^aQi4x05tC*AR8mKuy8c=hM_@ zZ~J|Q;`11%^Sw0MO9Se%7pUK7%$EB41G(pv{5+flS#ER6;6LICMxJtm)FKnD)J5jT zU{59X>Wbf^W#cB9zAchVhATa;l|zVAkWq1Pb1>{g6n0enaAb?HvuU2F3IFA(5+RP3 zgxSLMO%{DEqG;s2n?KD9`$hg|rAaWbE6#RhM|;r%`ypH5EifsWiODM5!j$ImJ&MIG zPFZu2smP^)f*M}{Z}5VQ>?=%^H2PH6ubf@bE)R|aR|hgSt<9jah#ghq%Q*qDAp@4+glCbwQ2#_C+qb&5yR!gN3P6(nY z!&9hjIEfMAtYwIy*w($LIopP1LCAp_WHXsD#L@^@Ehml4Raf*#^qgChi&Mf+UFSja|4$;C_Hl@V z`+t%|MmbZi&BB%u2Gk9r$%iG{7z_r3}xIR2Nx z{&0A3_%CSi0R1gJ8BKBWFN2laGCTK;JRX=BlW^j*YgQj<-pCSQ&q0b$6;IY`m>HZ+ti%j;E8s{^8O0)5Gz}(GfYEIJvd@2<;E{ z2mQf8fB5X}@Y(3-WOVesI~WX(j)y1T|NkFmAAPG&r~S_ujV0P>+W-4Uho$|0c(mRB zn|Sp7?=Zfkh6E^^xW{(!6P~_xRmy-E)4;{Wqmr^t9>&gg<37OCwExAM@@m*S18Hj; zlF+pOPY%uV|M2j5f4l!T@!;71Rc`5OQ0+cS2BTFw|I6=x zMHtbr#v1nj@yXH9-2W&0+w*@T&yLK%t*YS4v+X*?nz$07H9;T*p$taG?ck3L-@AUa zH;EDw*%pt3P>N@a;sA|7sEC~~LTVrc#{v13Osx)LEO2WDIS049w^1WZ5!P&wMRIa5 zJ#cn%ftRjNp>v#gU`Coml%oGFoo=PE+kbJ>^+HKI&io+l`=PS~kUXDGBJk7{Ui{r@ z+>XGAczwWzQMH|17l=bfS4rZ7#5Tx-1&H3UzY>DN2((&$;HUR!mf-}4DIwH#7;FiZ z%~>wn17(Wi$bOE{&~b!9gq7p@_MZ)&4IG4u6_Z9Nw^fF9Gscq-w>a@Y`+`%SqrfKn zo-LT%?vqhLVca-E45n^MJVHIjS1N|oBlPjJ<8U!3_pae@lt|V^C&qX(0zBIUK5>xv zDg~UnE{OxW%5~MZa{}h=7=&3xIYj4C7I=yb^(hipC&Uoqz>T&TXf=&BTTupBZtCO8 z?u1badx6cj=#)=odQ&7F$P2&iVx{J$KvKsfPa*()Nv0$rp)~mf+oDC3NC`JpHF}_X zX8VDasOJ9|~mxUw8=3qcBQjDY340cG|^|wooG@kTe5z*)Up@D4dX( zoy7ookBwIDs36`sJ3CIv%gVB^%Uekb!tEYd^7A@y+`(~-lSP!Q6(}VWMq<_r^PW!9 zKo#}xAkj|lh~nZPo?};ULP)VMl4vSYxYH4O^yE<&7($njM`})HrnD5G%Cr$Q~C=f$p{@E9UUAx2uMi3$~u$n6X7Q zPx>}1KBFY*^QZw3W|@NLz8{5qj_SzI3IEPc;m#n;36^a)UmUt}m;(VS#hTx9q;GzX zz}q4mz{RlP=!YUS6zFecU1vwF&Da;Q09~he&(@`?1ovklXgRr) zTfS8DbVJIkBnp3z#>EQ{lSLF#qEsu~H;Z>Nk81H|9wq)i*?ASjk%x1qxuSs3yOQFK z)-ZVCCE&x9zguJ}7$)43@jQw?Xv=^Wp#ii_7&p6#+P(srpRQ8<*SFF~$2Varn~ zdxHbtYcsmi5z?I2{5uQ{PE$OYi$x+?0`w-&R>Jq6su2{+m$6AXyII-?#ni&u7j@X` z-!b?Swryp!A7NjRyQLJG>YW`Y{~=35^@{u7^7sG3Sn18rZ(m-y>0MgUM#KGocyM6e z|Br`9$J_h=CLRm7%I=wnf*!r_1e@cOn?&)W#!#)FUYzH4-=UXZKq$)Z`!msUKIJY_heD=l@AVBBScB+I_IIV-NBSRMIS%r7cbPa9FOvP z)Fn>Z^aGL!5c~9-|J-5bSQ|BS!x{WD{ z1IB`oJMi6(lPHbG*%WbI5$mGp^C=jKfaf|%+yb5lCp2e7#$bm+vqjOsSc_!kr<4R! z*3kGq5C15v(7^VOixL9DEvw)=!vU*6Cg7}^&yKrQ7PWlVLI2;+Nx(P>H;t{L;0F4? zf3kmK(EpRc@o-E3H}QP@xc3Cz_=^$9mDpu5y^qQB1sj&hoQ%+uz0aQ=R?2yK7fUIs zDzV~T7mg^`XWWe+R+FtB>K6rp4RX0A5iTE+X0ehvvjaIi!wEV*fIt1kRW_aacc|Ad zfRWIHzd5RB(xghZ!RYHf`Xj@EKlO>nF452l*ZDi)(4l1c3tOuiljpU01?73nUs=C?}{KB(ia>9 z@&em7qgWr0?sAJ78QchHm3^Y#<0;F%8!hoS|-EO6D{c1AEx z{4kxO-oMfQztNrn?YpowOtIvu{??YFxohk`ovr3qmr%c{nrXe5@ST8y2qDIh$mx0P z3zOys#$>k&v~V%i2ij<)C;sTQ0#Z4er#uca1RyB3l6nIZkySmyjoHBus$UdR?)u0N z8Fw-E8K=U}xzp1^S?-#R;`tyG{ zI6OEq&;OI{`M;URSi6d|7px=IJOsYsECoRrk2U+@83;3PhGUZAq4U8HyRAJUljR%H4Oz2{0Qbl6 z`r~^JNNzcyk*lsKW1;HR1O~amN4FcG0}kFJ=i^6pb_#*0TP+P`wfhLiKFH|l2)*m6 zg~gopepBRdFe&{S2`iV9jR6?D==PqX-Yrfi^WJX^#exD=VVetPE!bI6$t$efv=9JW z8XgNU<<>==RogCP&6d{5T}nc>Bq;-niC9Hd@CPQnV&57m8A2)y8YpGq&~O zEqsWzCQKL9L$Zu2L$;3+;xksIYR=x_ZjeeygQxfLR$Uh@stbELho98?>w6 zT4G?Yyl#}1#b$LxEE+}&F5EoBzI$vS)__*)A&I<|n^Ux>OP|ULj5VQSC~jMhhrROZ zD5=Wg)~KkJRz*Qt!L@5!lwQ425xAvotGxKi%_=H(+Ywi>2Gwe-qo6AEEl5aDqPmk+ z2eK+k4aNj(;RPDnSh)+P8N-qTTY|GPVpjW$dUm`XLo2}6Xf7c|`*xo-%m36MH+dUP z_8oq&%yrDz|{X7oowTOY~)c1Jmc;6 zZic2JS@jx|&iHII3aU^z*%b=l{A&?9J>R>ZKWoRq=84EAj-Xz!#NmVWN z=<3WT9dTt$%~>qD4&@asE<;Mol@*Qlkdn2d zh`E>V2A#gP-}3w+;Y~5H66(dzFW$d7ef?62(+6(xKPJ&a4c>>i1)$)}OYbjmIv?d5 z9d>4AQ&$(KXAjUG_Xa5qC_*@y@y*rUus{XVNBw?L>v@go0BefjAm~T4g+N_1g;_vL zuu}V92UKeN4UmmG{Ti5x+P)p4s&>8(uA+c%2e{C)*MKdQ>+OJ6>d<57)sqRKP78 z08MWlSWxe_16HBMt$|*lx?QfhPA#==#HM|%YsaQ)ZQWE8=(eC#ZD|ceRUz65u&MWK zZo^b|wrx(+Y1THQDKguEm-@;YxKc^k7NF2Y)w5C6-1+FOx z+ktP=1=h6Jq~dFdfL&o$*REY7*0Q;h;;^ozl6J6~t17JW4S4y7=gO@?D=iduC6G;A zKZ71e-t+GsOa6P;{HC;Clmae&S7}yO$^+BL=v4~F@XakkTb1gGTew!dh@*u*e;$=S zr+Ai2fY=j9i5geDUtF0k)SylL3H%!p5=t+UXiU_b#5_&ozmZhGT*Ppz*qaj^r1O93 zpUSWi@Y_XXC3+<#=r?-61Ubf)Id%8|C8e*Q~$p|+{S;{$WxZg>fyxHLsZojiKtn+=KsR1 zy$(&!U(;ToabB<~KyMbF*Fb30>%@tF;|FA>MwOE>gM``DBasfrF(mG?ID2`1ai+hx zIDb*RC60If=UkN7N9TD6z>)+z@ z0QA3P1KdRa5B81xF9-X>;nx3uBhLou|JE3I9ml}>41$+vy)X)92SkNg@X|NEwU`EP zkDpG@I_SR)Fj$oeq=EkL9}LRz-?se!W*#H|kG7?^cDjE)J6%IggluMgdZHIOa(ZHI zDw4oF((L+5H6PjR`s{(q$`UPJ(&(nG^d}Um-8Gt&A}pSSq-TkY%D#yC%Jpf|POmpl z)3_%`AdMzbFhXz7E}TN?R2^%z92`s*koiyYlP}MQVu7X?Hb#?YnN_rX6)oyHR>TG~ z^R8GLFV*Ym>q)oxUeh-1%29o3GWyLvYdrr&D8n)v&~*PB91czS-{Jn&|7Rml>!6W! zjDqC-w>P^l!6%h+BUzXOV_wZF1;4P5wr-YxrDu)wU*zBFPXCV&4odX@c&q>4$WzJu zyK*`!3;>F(t1eIT2-z6Sli@WlwY^Dx!JB059WS3|GdrIBlG&!Be)p`njBUnGbh#tE z$o(WN8~8PkT?FkOeU?#CG6)u^XlVsSnj&L-HZ8_n3;j=Np82$Iu>feI|NF-#|34gV ziMCT+3&@70?{08rbv!^H_0Z#oJ0$zH`dmMVs z4hqQ(ND6u!CuHj15s#;J{9n5+`Z)~lQ4~T=h7yWNf&xDzuH(MAdViHh32}DNS+rP0 zA^P>~3VD7)9e3uZd+;wu-*LzPO!nYk`C>lXWB22&h zamV7=B`0V?E(?^RWBQqx< zH$J&-SN2QyYx}f&mf!z*CgsL9>i7Tt(P8=g9}G{n`+pP9jzv0yej>pF!Og^Ro}hDf zg$M!)K56eP#qo@U>2Hs_Cg* z`uci|>D>7aE?_wnnzDui{}%1LFgp$AwW)>3N0T7 zm#5HdQ`q@5>UViM7JnGHpPWzV+Khg2T{|Xk=Y)sQKuWxfG(vF}1ZbK>izUbUj||_l zYcp4AT2_lT))MO!&+5>%V4dRG>geWhuWyF#_wG>(98|1}z$Eo!eGV7{s@&^)6=YSc z&!=yq^dcdYglRqQfVGV3)T*24O|}@51Vz(4SnQgx9=2(p7iL)7q-j+UKA|fDserH3 zBqP`CFIIhlA$U)4j{p$zaEcM0BoU?RsKk*+UG(z*T)ezIfBo{!+tXJH*5Cu&3Uk0( zwPS6n#n&}hyvmf|G6qfCk*a`u{cP}T&~CUjtQFhf%G#fh8cUYv4#u7*GkF&on!98D z@pIcH0$8ht+s$Kr2Bn3(5>`kY2SED-!cUbfjUdUkwc_I6Snm`1`<(HU35pUF zMl#zq3^Rix^SrfeU&XrPx;9PJ>nWdsHQ&8p2#>h^dsl=d)_i-n###}&w;1d5DcBY~ zMM6yf?=aSvKb)QwO1Dj5ZM7w>s9%M(4&w`8%{a^&8gf2`l|f00{#|13Q_&Mx;!@@; zrPJ-O?(o>KHtjpFb?8?ynfTLt!HdAjE<*-FJmD_Qt8lO1{nm+wRC=0Ppj54pQp}l- zi+l+hQWr_(+Jr90I*vTm^#=JNkU#cXdg*syuRfuVpIdbg6)VIVb==zRPv|8lbvb4e zUaNJJRakf5jn?Sq6rzDQhyeUGN&@)A0=t(hqLwI-W_WtQeO)`uDnzE}BiZ0@jJ8 zu)vS1NZNB}60-_I@s5P!VwzU+>5t3(3V61q5Lfaq1H9mrw2ZL#ip%2@Ld zRC1~+)ow7j zm9bXxX|&jlYLbpGxf^R!b6lHP*Jl9f)Q@hrU1XqLpNchP z4q3~}UI}Y^3X$sytSeHKEYpp(VqF^dTC7(X_tmhrBsaOP#@d!TWjVxG#kvE*hU@rO zK(LkEEG-DOn(*aI5^Q_6m#W=ZkxgdfyHQUbV--GWSZhgXRvGS{$)-6|q*+_B5?)BOTBeTh|TAf39_`o3adb z=tg%HM`N;~D#}-pnrKPNw*uB?8lqZ0q@3Ys6+UEXm9!ahp$tP9h|GPeTZssbm>zTi zgsvAkbQHxT!R-A5VQmHiP%i1G`KR1)VUANY!66zGlu_a#8ky+d`a!@xOYb7$q4B-i zq3%Wt7OeAIN_mC6$umyf&PkFJZBerju+n*y1s+3{&qKY0n9&eMmGDBjA|XsIGTiG* ztd&Rt*9P>T*eApx$kAT?>AphpzWsbdlEnAw)k(6DAv9A)Xi2Ply=(ONT6KKmv%PD< z`b!(*eu2ko|DDcp7|}iMn^+aqwf)oN|2y2@*X_TD$45t7`|piBMp!o-$NA5JJ3Mj+ zj#rp9kI-9K8OWyygV9SgMU!X|MvE&@jFJRQ9l{js*ZD^1`;pud3rtgz?A?+v^;5FPsI@=Y zB#1JPA(T7a{s8aM8T;VySE7wPszM)G4D!tm*-I&{iog4kG9-k^K@bpbjP>%RSM>Jj z^3>7)8}9PI@&Qm!|Bv>MhbH|$8SHQA|3)63hZN$mNIwcmN(v%@P>N?GbR%{+La~zY zRJG!F97eVQp18y0ajtgIYkcP~vIV04Kf!XyPsxI!ISD*z4CjX)xkD2?nG@GR{O1|_ zb>;t)jL`nk;PnqyP?IQ}WJyB8lpQfa5KS<+`=IfCO1SmOWS)f|C<6gp+%8OHhhG5H#E$Fs>hT4!N&_Y|;-on&`0)Cu$g_?9?0kvl&TXe&Dd( zeG2VRZkvK9X@&y}w1q#LL;WDSCCO7nZV0O%Wi#$hwGdsO$a~D3_h6R9lPl=v6+n8$ zx;8=sZM=%+idjHc#o$mK(rbKoCd;wqv(KSjl9=F>F$*NQ!2t{!y$>hSEo>Y_lMfV) zNqS32h}aAVV9=6~MU)bBcD#|CJ>)col{;e_jAyai zK`#MA#Uzhciz6?$oi4(&ppTzAVI2<$8fpRR# zoRbQghWyFG7z?++f{X7W#U^w`GFchU_;31EIX)2oy){{Rn zlH7Ap#k}SNQzW}ItSl?4+4iV5cy(2^F+xU=QTcWU1gcpqt#EQ9>=HmxpmtKLur)(6 z0VEd`5+fAO{P3=#Xd2KyorOR9$VcmH;llSpS;Km3{s>78(k}djo`s@rVkMFlgeT z6R^)W7~{96g#b*SMK7ArJ;uwEIE6ooQ+1Eq@Au=#>od4}j-K7W;2uAa`w{AWAoo4d z3wf}OQ19g*84f~R>$*$e2=#i7vxEMBK!JWtK*;H#vz$8z(j?!PFYti*RUG&!5HWVS8{Z=w z7B@C_86$iq*!4BW2@V1hJVgWK`IO&k__dNUFz2G)2<;!vor)V}!Z<>4fzL1AV#oX^ z8k74d^gtc@l>Dr&=GGPF1G-NQ|Z)S z5T2wPJ%(f$h^9D6;r*_ZSU}PKR1BM?uM2z!L;i|{Ge-0VRb7>%Dz%n}riV`vbXYhdC|2-~X0gg8zGz-$F5Q-upH>?o*$SB7R z8v{|17ZdV*E=-`Qz|#-WG|28;P7vcLqy$7ZukqcF38C|lokM82;OJanMusBvkJHz$ zAmWMT8%sc4PxkS#y@0U0?CY%Nh8z8Vo-3N14j)wan zZ^~btr({97`~z_V4cKnOf#}_34faUr6{UFHEc`tH{*dM?mwxTbVl9hd8 z4J`cdRB8<2gjwLbU&368h$c9ElomE5{vr!f9Fi!bE;^e>5hW-JL2idMSbXqd?dT9$ z*Z$2xsNw+KUTgjW*P1`k#fFh(lB8D(V98c1}hS-2TTo_>2;=}F%Haa0VMVKNi z*;?d>9^-)6Wj%<(nXuS`aCJUK9`Q2n7sGGkJLn27k@r!S-+H-8wxoD${Y6=-)MUgb zqim5rf|t)>Yd_+5ACi*9Ex2q!@5Om{0pZ4BK2I;sftUQ{yl`}OIn{$JG8G08tN;%I z0ei$lQHU_2*|^WndDqElWyFJiviczoqFIyy+3xpm$=FSzEG2y&?VJZp0h*J+o#~d0 zFWGmFU5@M(*p;EUz!?Vt`swZKS19nq4^(KrJwG86z7Wwbm#^}mLcg5L0VHECpqb(c zanUIl2#7N(ck#vv5!d;mn|p}!V7#o^joQKDRRpLpnKN3-mdFiBCHiodw>a^L*B6VOw+aXpruNe;c*<>3ILq~v zA@nw%L+B99-HngY+XR!T|G_{P&V>t{&UrgmY$9bB1;vo&nv{ed%~ujkc}zUHvVm~3 z-dm6_`rB<^^0mW(`~)!al_RBYAld_&S2ST44!&8&_u>ymA=#o}#iA@7q5VaJ&`tm% zo^FX$g1AtOU)UAzxB@OeCW^={3+xdcbW9S2IrI`>ex8ibp~?#8fkYAZe$QwMtM@TY zNsRW;(JmW~TiBJ{ry-hhx?T7-WZalnh|p&^CAavVB4~q4q!#$@J+JbW5zo0;?311 z!|{eKkA+V@%)F4QH_7_cV{^Jo_G#*K%g_PbxI#0mBEFo;-AtMMIl^}{fWHAt3 zKA<`O$F9c$^7~m5Pu%zEBzFI|7>ECI|99>S@?S2!nH2n*6e>do4@01g^}#WaIEa7BaAQhbkY@Qa!7l_7X1loKdRbjv-$ggo+ zpmIs338C{sJ(ET#A^n74j|0DY!N!q={FlH=EV9=C3C-}gv>@8ODaFjx!<`@MuLq8kodDgJ_$91)qM~{bS9%acUa2(E692?yY#WH1x%#uim z#KcR@w{X}Fp60%YWODVT+!$X-8&*|93-VybnevYo;cZ7r(3v=PrI?E!Cae}*4A~)~ zU8>D%vvEooSD6-aCNbEmq-jlJritD)P0-X<%JhQG9*<0=q=o>voQvi1Lw50s63p%o ztb({&0VZS-r}r=X1i-PczXCLQf-B)S`G>Or`-}W5y9{D~A?Q4BxX+;UIZ{PAv8;eW z6&!5o_Nnq%>$`teKwZxbR07|`9kijXjod;TaIpAywz!Ixcf$5Ex|Ek^l{M=2hPu6> z{;6)LoJ+Ga{Y{z|Ubj*8(w;}LsnNXXHVh){89bH+{%3I~pm$iZUnvAyOGFj6FrxIM3CHpmBasHx<7Nqxz z-PRY1n_L(FS6(XU9y>>`-1IJ8s*Q&D@9?)4|95||e{`^o|GSB&-Tc3wlOQGub<=o> zP|ywYe{gVQ&i`<@jsL%y=i|q{C+Nmsj3Au<)DH+dm!2=!uuSG;gr4ku{_L<)&da+P zL%1cLw}k7*h5L%@h;n^?91_&yiwN?o^iaR}h_fI?F3&9iu6*vVJkB^PnWq8y#Mtg| zf{qX1Pk(WhO{e}H>h%j?5S8ikXNRMA#&h80Do`}dg5Vypn;3Wkv>@nz@`HwVcj}YC#=s zDN1&EapH&R6!rd%_WzCc3~0RFF3YUyZ*BQ0^U5}hNRGhf z6y{be6kZCrlO8=%L>GUbo%Uay#W*wAda=wBWJH z*vgfA4F&-lW%Ui1*Wu-1JND5KJq|EUk%#Gg7xhst_6V3hj6 zOS!u_r7;+4q%{5c^EN9<#nX=e<3h!LAwBPu6r_RwJ3ib$GWfrP;qm^K|J%g#@uSK$ zaBAR+EhaAUd?%^JgdwH!T}>l}5d&-NYlA>O4t$!T z?@*7o+1q8UiBe_7Jl7Jd#Si_{JY$#T+^+``Io!D||Asx~0# zQ+}olIWVa|X+9#IX{113qNPx%K7>8f~7O3Zg&z| zlvh8|g94)6wepkC0UAQTM@+}NY|lH6M<5rJmo|&zFuh=(5zW9p{00`>6W0ynRUd)9 zZp0-b$9^%rLE1fK*~TTQ8*YYu^xw5e0#@szuz`d|y!e6))IN@Qx{pB!ZU!LpNeFa+ zA^I+^1g$HY1h=^_mNg7cqq>Z6Bfm)AvuwlD=Q>}-lpxY1Ovx`2rezyLrWorcvP92i zqe<#(uv5?256MbgDr%-I9DZ)j;?EXN4(c)Wh0kMRdsIxPq9umj-$6wtWkY5ch0xCn zy47rs!XVVNW2z*;TmBw}Wp0`Laft#c`+}cVqz=_ZqhTpI7D!mkD#V%87>R6xA8%j0r!b z{$;Tr^a#?=NlFCxby3R!#fACj8*~;l+W+T)*@icQ*6jbsv)L85{~u3hmv;Z(MQODE z_oAiB2Ov{k`E*hE3BYp(BKXgAup2Ev=H)JfPqzrucIia!( znc*uocRi(dYm&#b0=~8>*ge{9k`hOEImj&2;fxzxMwm_Z!A5A8l z{+|u6hF1S~QMC2H+spuvoQqJ|0UP8^;%tDq*xtquT2;}1I@th1t>%?YF6Lkj5}Q39 zBRW|0sN@TJ`In|V?71E+5qC02Qzi)|R;rF87_zZ{+q>xVEsgX)v4z^+|BnRx?|3?% zTK(TeIY9is2>lav)Y(2hpPqIfe{MzsGkn!STDhG-#a&!-R7WeKvPt4B_T%u{`QtV} zf`ijw;|(7bwqfEptj0B;9PJFXSwFAq@d0dSpT&mOmPSQS{}<`Mi~xYu`hPT>Oh!EZ zZ!)&{zfOvg{wLF+TL2(oYIpFhJK6I*h`iFshq*lrph&R;5Ma*qb)f+D2kkB50Que# zx~B~!U{0%jD4^hI%2|<=5;V(V6=rZqMXm?fF(`Q=e@2?GgstWa$%i8Yw(WymEc347 za+=`9Ldms)UUW+ZMn6-45{p?XLnUfq6063p1xO+yfRe#3gXCtg^OD?Xl)t5rFscO`5Z{Cdt`alj7(}lj7(}q=>RLyXi~hyMCFkSw>Kn z*IA@T^>`IAF&i}^rC6IJiJ|H50Z$p~$GpKsPxAGk+TXk&yHIL4HAu4&MpJ>%RO2&c zpH>Y(vksnF3(izPGjqCpT4s@|_=W1>JIje`1n?9EQ%#;CJ$0=PEUWgV8Lamv&@U2S zGt)+$Et|}kGF`T0wwN$2PBhcXiX`=>lAB14hc4T71Lsw0=oZnuYWykBv=u0?KD)he zy!vcf0P$)-c*}va7~Uh7X8ym;&Tkt0tB?PUW>fzB@91hevi`p=N;CXVg#)l&uS>F& zXsh%++ER)YQX%jnSxr8QDRo!wr`Pj+vgi9CP4D6*D56&Pz+3)b5@g`_2<22WeO;0~ z{5JGbvWC-7%B z;T4`2YK9r+8SptgEEV6%Z!?oxNQyx!Za^!MGZ&*-dZFP|R!~d;8u&1XR+O_DSH8!; z!JnGBoX>6pe&nL3|Iw}Krs*H+@Sl_Mh}Zv<;ne1T=%g6!|Iu{l7X67>T9w_p%0~Sv zC~Q2yW=A(Aihw8ACg_t`rcs=6?7VFjr@n`fCM-lwiW0?*sxYFAW9ZzB483uFi%?Ov zXSl9u113tQZgS0`{H z%lvPAT1kovsUoJBlu~Fe!Z)zEkGB~h>H7ufBUtnk_`AD76+{UH0!A|Y@|=Mr^1=!+ z0I5KblSgComG!f> z?hASsEeU}Z{OB6cqRpD38HXaO?uR-|IzHLM5OOPe^p|L-BqWFRxAArH(0^v8Q?i!; zw3?BY&MzM%*@KY%Pc8whn@Txrl2jg7kVqQ_I}m|1ohR`E&|?Ls+W)Yy@%$Rkfjf8t zUYI?-us`x{ZthINzN6(T#=y_((y|iI!Ckxr*Uof2tQkqYt(~gN-R5H?g7PaQ=JQBu z@u&x#=iT2SdLOgw2)j?VD~CnylZ{#@xP9h(*&nrULHoxqP2xX~3H%bHWz#@VP5fs( z8S(i)r^|01us%r4sT{jpsM8ESl?qTd3RTWJ_ zAYIp!o|l!Y=_erF#8C=d-}9e<3)!I?=^{AmDzqzZbqgEadC$M*O=_cxauT%BO1G|1 zZA^RCgZ59Ca+XxSF7_4OFn%lijCFLOT;ZS7;5$}F_@WQk*$=^Y&euj){v2drO{^4B z`4fC1w%B=Lu*`iBgna&tubsW1)jEjWHCV@V=v(1_M5ikC1_C?Uehoq(kHc1VBhFZ) zH)j|=7yC)O=in>c*_9kAzx3F^|69<8ODtU9?+Fhv)Wa>_c>_0>Ds3EgDVT4(Bn!MS z=UqAAq;A31oNJTNilkA;Ar`5AH42Z=^QoOM3EMkn;S%-CY&}AuLHdLv6^%Pe6$H@e zhSq`swY)U_*`>wRd2pa$-DQxV+`)AaEGU?D7&M>;)CLbusTleHpW-C=4)s{LiI=(8 z3@Fco)}8;H3i*GorkD2qk4}nN{vTxkpt7FKzsd&<$|{51n7$C~FU6dj$IB1JoU_q{ zbBZS99yv62f1o@I_uw(_X)$&Lp9}FL#^T#=q}M@oU+>zd=PlKOknoZOk$R*qNd$J4Y<#sRrvo!i}m*O3M@es55 zumg#=0u-MTzrvlpY$X2e{BLc_?r*l{g1^yRf=2qkxCdPC5NM75p9}^4KOK%HR{wWV zT-WWH=YWvg0Tm97qh1Lv(E%>mgj^5@tK62qka`~O)6%56z z$rYEAn_o{}v35zwi?@|mI+x$D{qxp~k^R^39{4){&v-iJ?7z#)p~Zi8Qo6DIPVP2% z>-afzw$Bc5q*_+ho_EEY5c^SeWxNK#W;e&15&Ur?7sw0K#F`(S79;)NFb#N}{+~_8 zy#Hr3wfVn0DJ{o;4wnYJVgsbJqi>uT+~x&8NlRhxB;h!sPz}4v>BG7jN}OqvXG{4b z@g5%opGI^`f2xzEf*vy?t8c)s#g-{9y_emOe;%pO&1aQCUi9*g8xE5WTFueWJME^I0 zeHNuo|4)Sd|LoH4|GO!B?Eh0FmAkH%dZ(7jiD=$s- ze?!=3QEK%6Ywn3)0eN-VC!vZ|&lFhi@8 z6`0|uzXHpfz48^9dFey0zzm~qS70t5eOoK=>)K&9+5a_!eHW$9|2rCwc>LFujsJF2 z4zu?=O}w{t{2mCr)$09`l{&r+G|WJ1K|p|DE=E59 z>X_~E4|BAAh{GP;Icx^7y~; z(Axi<6m$O{zX#x-pR5m%wp*+f(WV!$&bB|KCot!Ie!jp`@}qhKYX-@{A6P@tdIV3P zXzG8s3vf$3Z!-sAwf-NChL;mQ{x_W1`+qtq+WMc_j-gGVDy0j_?jdCM*iUIgmR4oA zud-pkDt7&5_!@a8DwnS9xr*7SS$->H-8%z}KVzp&_ z(Zmx3-zD`EZv(EKi!9j|x8<`{upM|Id?mEQN^;jS{4@X79Qp=(${fYxmz&~LUph{( z_Evypiypy`Gftr;_~QKhc`f{$c`HgDLTA1WLy0#Jx7ZXvGQ*y%m|OXYDxsgaE}ZY~ zGDvO)J1@!YA6dmPUiCw;1L2L(jbXg{4gSJNjT*rYcD>~?0cmBP`07(GS z2XDOz!EeDj$OJ*C!AVhNH$}DG5LOrEQc>MUzB}*vHjeyll7NW)JQO0Xy=T`iTU1FY z&~7eh`V#s79mf9Gk6V2AyeQ#IiS>NUF+iQV?q{ z6?o1P??bXm*_wO`2fngY3rV?B!3~F6)44n*#o|8~!XLsSCeY$e10_2($r0kwQm6%ybre~-eKYX>S~ zfi6@u3Ua*WsagC$l08ULL_k)8kRZuYifdtQ>5^2wmSi5~iT+Y{nB=2WR8|ZV?tj71 zV0sa(H`&X_Ah~va{OswBBF?Nqi^t{O;EhoHvtWug8W*>DuZwb$4a{A<1lP`VJXF7e z9uKKGDlzg?;BS*4d%2CH3_MfcBlm-;1uS71#mmACT2`i?w#dwTd<>!>qn7#nNsCOf zI0Om5eV`uh#Yz}3P2Gu+gR{xFHQWvMgGrr&wtOxmwf)0 z@nmA}|Lmmf5&vbJz!EF)sJTB&f3eN|c_62;!T?fc{#4n3I(a{ZRA(xXS_>KH>hsM> z`03=Et7_ID-<)=~x%!N9Mj7NJuR%#D%O6K)kK=O3$uh@D7>JqUqMo#-6LwZLJG%u`m4dUi z1+*sh=Ajl)A?;=x3#i?F9;h_g|8<%FYh>}iofO0Ke^mgWmQNW8D@&F3vM2ve_=r&j zeB~5Q{i$M3uP*W{ck&lAdj>=S=g!((#Z zuZo^M?RS!;O8@ua(iW_uI01X{sL}t!*=WY<|Iy{u)yV4qF3LM+?qzUWk~&%J;K6pj zJ%PwsY=dwaL@Q_G`Cq*iNc+8a&L2-f>ZIEZ+M+n=69_{G8Vz{G3Zm72Iq*Zzf*n9{ z3F^5QEqm{r2&^zN``Ic&fjkzoMn)tz5Xi52I&7-{9b?YJsF_?=MSD%1NguE&vX|JNDc zVQyr3R8em|NM&qo0PMY6dm}fJAnKm853@Wk^LQSylxM2Sqohbtmn!ypPty{stg%W` zlak%NUM~mC1W8!QL>fR!qUAc@{`B+VmWjNPNs6T^yNUkVB_e@900;yEfrx-h7HJi=m(ZPZIx7loF|7{)|x4&q$kB^(JuvYq>#Bp3vQLyk$nIyC@X$e~Xr4Ht6mqXs5>E}|TdG4eVfgp>z} z78aw(N01>WfHTwqx6ud*%BsN-e~&1`B{Ik_KZZ?`V4>6bGkjuO-_!jvy z;0iJXdWh%*p{;5!X*7hF*?Lwt%NwhLh3fp-*+VE_RqU`7JWiA2yRkq1Nt)~I1u zz@Bm*vd-R~!L8wv*&d$331WLbnGolGiaBb8!K9`-ky;wHyENX-X6;i?-9}P+{og@9 zLTu9vVDb7t6e+v@_YYg!_5U1c;*$~d#nRsazmh1Q?tl2?;=h2~vG0R`a4-@LFb;hmdBAZLO3>x_4*7GyqA(9h|ULy-eDJg z0~vO^5uXl_OA)`2Y|9%l`3vl*Mz{}LiXcZo=TA_8D0Y*APLQDEIAcm?&KUdX>zhHZ zf6;y4OJ!bl2ZJ9j`=>?dAV?9tCbuXkL})2SGj}OY*O%Y*EuE&A@B_vPg%bpb z+(mZ9n0b-Q!7Z8tihhYOMP3bv{Ujh+;*%3o(3hA{R4qq-6L;IM;RDzKFaXf=C}K>^u$XaG3#1zXDDXmp1HLOr&BNm{qA1`% z42HEBRNbo7VGZ#Pc=~iKBoXl69mhcdM-+?%E&xV+D%$c;z%le0@bRteJg-VkY5X@s zO?KOt<1s_L1KLxt1FokC5Sbx_3mAs}T>jzv_Jm=?1n(o%LsWitrx@KKz~+HVNq~Qq z(v@ILqN3)mVB{0`R#Glvf|@5vidn`Qjj&V57iC?K%peXf@)C@rn&`lGJCn8z`9 ziUjz&pzAu=kxK;-szj_^FeX$|wT306DF8?04mD);kdlYF-8aP%MU8lp;x!;UN=d|# z7+bjk8C3a{l4vpom@~N{VHd?qMhs~{gy8BX!mXI)cwd0N5Nv}9a7i%6lZeW4x>O&H zV+P<6mo-vCqpYe{oc!}dLeNcQc?;N)Ju~C1BrGsOKDh^wA`l?4lTrjd5Cy*A3A#SO zqFa*m;*kgOz}!$j#!&9mQ^APdG~YDAj%I|=-vtpvo}3RK2e%{W-ZBk``Ov-n0ga}F z+{Unkcq}qlLw=T>)g#OHuFY|6@0<9qzm=q790md?utpC6C4O{8R&NHe9}l7fC~|R# zQNaJA$4;OVe}$fhRRjG68gl_#gh$P8?m+Ge?Al>&&7t5&3;Hm*iWRF*-lowyUScGP>LNvm}+FY|x zp9kaRv~B%<$zB0AC6Vum%`-l-m`zLmh@094gijH@$4nLVq1{QtHtrC;rO-2@b<5#7h+eS$VKAdmD=Z&bSO}TVc00!k>X7k`eGl7r;igL zI}-1;cEe@|+Wavpsn;O5DUu>I_vW!%6hdnXy_3jUYy3C_!A}OyPF$Y1$omL&l4>$d@4q)xh z-rlY2xa`j1i19t$-cZU%u;H>hA?%ASAA5pUk*Fu@yX>y(x`?rpL>TS>UEfjl9VkmU zN`$S|7@YZnDx^RiQbCdS0Y^+(B>R=?D6{1Mx|wT72;;vZN<>$8W{5)%ayVF6)G@_` z(03UK=@{f|iZzVA@V)+U(?18Zh)GeEA>J@s2$LE+s}LTG?=_IAtmRB0n|SEXL4LIV z>zmiKA&_b+5e3ftaL<6+bB}_*AG~iL({HYtzYH#0XMaEY<(sRk`PtRO`QY{4zUVLv z!#*KA0iP42L>HN&*PH&iJa59t!zgf(oc;1zqq&eN@5Ho<(`d|8AT#SyH@yo+5eG1s z1I8tXjRO2jg#0FAo%r(@s{BOg6oXoqqg7Amu_#1T4pluf`rrZVVnRYV6TxFc|b?=G>z%*5_)pmeXyI)1V zueb*5)OO;&*X2hijC^17zIv@@2;*dm+*_7n=lXCYYjr^Vmk7=qn8a%S)}Bzd18~nxPq?^A4!Dn$7oE<@$JrvsGHnf;#)EPK>(I26ZfC zCoWCnYUsXh3W-6wB0hHK9nkgf;ha_NN2>s*!$Z@J9lIYp`Ht+^Jvlr|^<-fW)W%Qb@F2>YIbG2n!vQ_Uq$;hc3qYrk0oUd7hukiKi&oRQ|wM9t3hKNAWv*(|K4nNn$3nRKR`-C=Dz~53y&a^oYu51S-elk zEr>$3jj8*Eo9h#;V^en!W~)a*;~wAQ5P29j2%YSSUwh}6@gW%x`L9FM$WXK}lugt? zG6o$`SJ; zg8NJrvcT?`jid;6Eg&8mARoD$PLcq9~MM3s8) zmk9d5^&T+eOn;TzSO?VQzd8?%$4DG0>lb9;PLUV+=(j71#)w)O7o_)q+=!!>t;UhO zsd`nf)!=xH1I*_NKkE#pwAW&(UQtXa=JOLV>0(AkNNLYTb1l?aeHT+DjySSLA&Kpn zF0_=oF4d|kts2Kl&bdJRp3qyx{*p!0s0H?if~IOA@do0AkNLd3&<;42tOJCIGR(LT zrNJHXBYpZ#-?ztw`1i7ifXMK#r~{gf{dc$qfHxY*-|hWIQ)Xn<<`;yc*or{vdifN~ zaaB^(48ee<1=2)ly%)R(kVt9;L*j|?;E-~~?KIy$QLD4=)WMF-M}mOFnbU`OmMA8i z^vns#)D`I=FDenMr@(`aPogjW?XYBy7G-Q@I z@xl@E%^4bIPSv#?HGpEAd=g9?j_3?{nLD<7%%|XrFfQ1WIedyO#Xgt%*hK+DHHv10 zqaP^d68%tDD?N&c^>J1zSp4EUqCh=ev~a@)=2GNb@CWPaLSba^@2Xq44ycRM0!|bX zy0#h$$sd)DpnxVtQgpfBRAdOG?!?gpr*Pm>7$S3} z0DjXf^=C2~W^8K|{3!_t9h#Z7ZVH$LG{j+0!z1c1u7DqEHwJoJL)&gARO@q`M33jS-D3ZgOExH5L+$h@vb#06EqGRgF zsCW$02XXPsXeF%X6kCm_?8o6y6dGD+hQw2!hcFC(vd&S^RjSZighDHuq6vEFfJLLM zM@1^sQ$wxfbtBfCjg7YY>{QX<42G7}w=0*1ysTn!Z=#O8ZiO6qnv;qOl1tp8IXF4L z8C>`J!!u(qptMwi!zpD)tkOR_70fVJ0HhhFl0L*?y`kY;3r?O~RLI>?K^kID-kagT z)+=g#q`J^(pa+g<0DV0P2I$4*b+4m9djv6g!3yP$ukY|uweqd#5isELBbnRt;<1>5IN+oQdBQ9g2^IG z<}P(z0(L+Ty3?3QwBBBcriOwvZ7pWb?S0Lg^O^(Ac)K)N>e3dVF@q0cl9F>)EB9Gx z2w5y*HJh?XR{GQ8t+KRm93%1KF^HI8%`gzF*N~Pi z=%7Y&;!qO9@ZJb9I|(C?sGn#e!-;kK0X-Osfq1juZ0*Uab-OB1w=Bbgjm9cdyjO_b zZaDlYTQuGTUbrOS5C@138($5fZ*Dn$E6E>@<{Yu#8ea{kB%=O&C^+wLf)C4WD5+(5 z)6lS%q2eDJKvGa=>rHsb5Z6U20d>P@=n`77_;2ESc<0(3mGxp_T8~`CprFbokLG8A}ng6JWn9l)a5OR;&sOvYGDK*Zn#4HvF@>w5jekB76L zUcIVi>Clzpu3lK37+yy-bT})-9A z{{uAR5!g+1hp%=)-EiajE~tOms;eCF&&$TYzp7Ur7pjmDNS5>BwKwiOGnOn`YTg1j zw{2P$S@C9**=dz-LR7B4?#mJ1=XWa!RJlWR4%$s~Y26S< zey-ZkO;~sCSA=S>Duy^15k55rQEH;)cNlo`Zc+Y_SD%nyb1CmPQzNQ0s5btI68*in?HS> z7uPlzC<6u@NLR%M(BE<3NGC|^jDAi?ID+o2CFj>$`^SxDquFTHt%7G)cL(4c2e&|8 zIstvT1O_RSWl{U+O=JJ?KtR}Q9oZnRD87Rn#Z~*tI1UG(|MtXby=lEp!D&h)ntQM7 zsqEwZM(apH-%o#eBfh-OHEa)UUz)sbYH*bSt)?8z0GkISn9qpx?3BJ>gt4T3X{Ms7 zcNg4G5mk3A3XE81{2rk|^9D(vDdrIaf;6%0R#ukcm$HIki7Qhll1aR*>}ufD3>S> z6X!z;B+4-u(WYttr78O9B^#T>g=a!k*~#Byd9F zIRfyW1Xe4$X2@SMEW2VTzF>H&v5V|&%ADl_&d`$vLG<3xlM_;eW|9*3c1)%u4(Vu~ zY1WL5kPW=|ag2za9nkfCa?jLtmY6v*Hv5pd3RmkA0uOnD>X2t&_nBc8l13CNnM=bj zz2Zn5*Ul4bjGE<`cpBezrnmOm4!AL%bl-NtOwb|@z&8=YfmqG|26~AF2FHlThL8!w zjub*dAG?rsKr7X*HY*X0a!Pz3QQ1@O!reNc;iwM@N2akNa# zG`D?jQvFV>yZr?+W{n~tR|&bVmU8MGMH8UDfiZ$SqNpQ;PzIDQ#hxn~kZOK)t*Wfy z8hsVKq;X++7%g)G9YqsIH6>k1CMPjyZGWUf9(a+d zn{P~jEYixG6Bd$HLaY7AM=Mm+u8kLO2O0+)V16T03;mNOZNPRq_kk0os*p3f5V!V-VyR#`d zx>mD%u6L5dnY1j8;l~CEJC<-eMX?cmVzecsl^i5C9T7;qbpSE!As1>!VnHgs#g@hb zVh)uEq7OaF#6a&w2^c9N%^1HfBid96#UPQ{P#$Vaeh#3lYKvHSk(OXZ{gigo_=rC@bKv4~%> z7|5PRyWRj7@$_K^0wnNKGct z40G(dE{W6*rwnRiGtdFz8N*LClrJa(BZ>p5j*uql>nEZ3lcGyBtaEl^sLOJ5)=t z1C@ppgTFb;*sa!fYCG{HU8#2Bzy&*?8^mtW@wp~8jX=_JSxUTet%%+UBKABjkHp~` z6kRu@+MyQj&UY)yuX+4Z=A1mov9F>%(fCj@FwTuWk!CY)4 zVh4%IRtl0MpN#fqP}JI+MLx%liET9V#Og2*JJPm0_CGQLPFLG}oAXlQ^r}S`n34$O z>eDrL64yK!@u^ZCDTg;J`iYKWWW`1i=P7Az#OcRk+S^@Jj`IYu%YY}6 zyCz=F(8NX=6FP%j$UP&-q+{5MgbO|9+hYEow$Js&eU4d*;9@#;$usFRHyOM&qn=`E7024o))Ryf5&)J z8DeAU{Wpli8J=@Ltxn zQ>s;FQh#C#h<6y>>x!CG97n}ElKP!E%8I5F%n(b_ikQ@MC9e2*jNG~Fqg4L)N(s<& z_Xi=7;=?42bd5yTj0I?BAhz;;L>?3yBmd z`&xq(yZdLpe-pX4hAONBhUebxq*i9|l0nGH0ij4zw$4gOi&+z^nn@#S<^bNpa^8&IS8ZwUZ_l z+S+kiMlFE%%u(NTU^9wXSXzkX8}3$`nytlL0{Zjf0cM*=yNj-w=d zwX2%3+0*ch=#N=^VJEmoERRXUckTE_0?8sKZfFNdn7E-6$0NJYXPS7sjk%M#@tU|{ zEMeXvxiO9KM0#|7gQdfX7)5!!5rj5UdGa{Xn7HB4WFTp3JG^TRo2~B2o43Q`gOj(d z)8XOa(P39|PgqPqO0_fC%BEdC&V=zI@_kaEFR2P5kT_%|=tw>y0DJf>p{&LhTy0GVVdBtSbEqYpBEh%h9ghP(TkQ*_^uCW4IJTRt|nKj}qEFTh2meglm6|JOh$rqZZ3*wFUe-E?JhjVcvjQN;6PXgn} za6&v$>t=9TmyX`@ipU%{B#fKE=`J|wp6-I)OYD;55 zY~S$_=Q66DzS8l~E|BN*FE&w zape;qqd;yp<9#$f8XtSkacews4vyW|&gl5)$a(D@wPEXxH)^(y<7(F^fU4T@{uqwi zDMtIq_=5EYTr8z{_*7=#oVn4WoE9G@_yl#blz(D&1q;>I?>v z^mP>jK7|x{@r8)-k&X9Dtszy#fH=bW1bS>Y9q3ZCGi@vNzjlrGK*kjKU%Tem{J(Z} z-*2 z9Z)tN8R-TtA@tB&A@wl2Yr3EStyw4IyU&>B&zOFvE7M}5VC@3lBo8X$tT^YfU z;((7q{a=~$udJSdrrKSF+RFY;QK8(4GV~XiXv5YsC&q?Q@14u$Iv>}fbmlEhMLZ^DsmB@5)#SIaw-N-Xg z((k#sgnY~BEfqJa5|d8@sIMVh=-XDCqqKnu?}S^sT5zz zdSuyhd~HEQ{jDD%1iu08k_+npUI+EzIy7PNR$DC2*pV&kLfVS$qKs#zi#4>K%F##4 z$H!RudZ{g}7Mx9Al|hx=$gcYg{JQ?5UI|E*jY*u-NdQblu4Pj$ODmIQHBvBCFLEW` z1WLX4_y|hIA~~birpTW)*mO@)(xN(=)MTZ6i{=u!lT#rSmsi}ejL?v8 z?ted_IT(hbp(6#_elKZ!3)QW}DsInCopklzuPE zl`D39-il-XKfZ1?4xHvL`0uU8@$-`Q+RY`QJwL{n3$aW)%vT)uoQwSmW8cz8&bSS-Y&RDDx$q09vFZZ`l9g#xJ7eW8}s;yTzNe$tBC&MAVLOXV;WYQ z!O*T{RUtF198_=+AS!XumF3$nWBbWKdC94LbIqvBx2aSkrlhnyH==j8>q~Ww5^h2P zU*5?ZpgSY)eM#kSYJMxn=r3>4d>4GFo>_^@E4k7EU-D37-r~T!9Gg;(RRE6x`b8G2 z&tO=Ozr_HsF{Kr7wUbJIXwk4ODgs&E0!uXPpkLRAj9A^l8)7Kp+Y zs2r>M;|Fo}7*jI)JDmBTpk(Q7lb(#19(FmX-__&3(YgTtstDMZL(!@@jDAVw#7IOI zbt!ikSO6+NdDXP0l4#?8rrCtx1XS{Ik&|&2kQeZVn)Lxp#vzvGvw|a-2XbmYf@AHT zEm)#hTGGX$CRhrdDZ`eCA>cwLU7Z$P^vR*u(;J_J#CTU)Kyk%*9Vs*15`tKb2pW3+ zCB#=C)533nlmB4y1Ux!AK!KY%s(tEfscm|uRCfQnz&>i_HkR6d9A)f3_FMZ0+xP#U zC1vzW#SVfXuZSux*eJ1qt6V?lNuo3aMyT$9yH-tz2p#R{Rx|PSJ2jyFwxp$;O}jPa zDR&vdUm{dfPwg2`a;uoM;_86k9JOibJ+2P#*-&{k4sX$Xh`o9T)U5~KSLjH6*9NLq zlm&YYz{Y4)0GF^U-BH@}zhM1K+fpYnd2!6wRk^^D_1|i>+nM#he|U7bUH{LKGRx9T zdv@7rrIKEINkEZ;^;g+2$}x@A($O^+C|^@b-v;;%1UT?ez`=n)n1#qyi(0<~CBeyu zInGnjJEh9eYMpTkIhyDQd6Y=&cJ)%RsWO8PgNRO0@(92TKHLP_^Usg-6|d>rAZj2U z5RH*FW}qOnXcj#HOwUxx-xVaq4dXM{4yH~V{w^1YSO;dYIFEtVke>wnZr~ZEK;|%E zW<5sN@R_X)`MXF<`M=pAH9@Vj2`rQU4%$Z<{@*@qZtee`B~|4Ame^(Uo&xq?&WJX` z;|0Fb$T!EVtSB9dN#$Nxlm}=ckJE*472C4^{M57a@l)ygU*rI@VjIikzy1B}`fnW` zZSDV`C4Fw^zr63>CqDr)8=b1hzrubb2f)Oit=@@S0`l^9r6!E0q758?x(TVUG9>#z zX~E;tvvCDz#uYL?n2MumrK=_b@DyCj}r)d2CZsq-jFYwdVUT9v{uE z$ST9};&;u(s;z%_iribat^#n$`afuA{Xh5j54Zkb&yz~TvJ*MsMHZ;(5~DkD&ln-hx+gSm8GKCr7CC{6i z1nDHF&<%)}eG0I#C*#Julmv~R(-4wa$~C$FDfLM4xW#3`Z$J}6>mZ9Z3hr_ksYfX< z2iL>yMfd#g|FhR04to9Xd;MYW;`HkB?BY73RMycWR(UqOQS7xXrumI}eq|X-?=Me# z=VcgW4e{a3x8<6TjQ&9ZHbn&a5t?r2nl2*Nl@@4aR-B))LGR*pcyo2yz3vT$7neU2 z_rBmIwiKUSnr)i9>R-O^U4PrV84SDUz5ez4?nU?A60&_u$t?d)oNHv<@6f!D#`yv( z-=7sgka15+T(TS#cp<^ools^PVt%6(E16l#e(j|BSB7!qV8sk$9~2mwrCQPfiw)Pi z4BkTQN7mKS?@`YFTvJ8)-#|DPji9smO`Uc2$* z8u^??>YCq@gnt>gwCyp#AACtnTY-44$)EkWrDc=%g4<8c`pt+H4_y_GqV*3 zMMs)09Gmrey`i&H{Bp59d^NL0%JIvMp!kwJq!4E%c0@^@G{cR5S?`QG0NtfZ>W(HE zrcrTZf_Aoi+(wLY;*XkqmJvIoHM-TTm?*|k!0(73&5-LuJS+cfVIRjrOR&~ktje*7 z$0nZ?0VO0^@e2!JCTcsQ6;7X+8x{~sS` z;(zTQwzu*Bo+o9_fQjsv*Zh`Af$Ir@-zX~j%;X*7BYikG>|{ZQY5-V5?NiWa(dcL7 zaxH2VT3UfB3W5dWQ%%y&$gvv{Y5zzwZA_7Jp_7Ah?|Mubb z{QoRz<@@+m)RP;%t1q@XutIpHwDHBIQqfPy@;kd$d=Wxn* z&BCGL#F|T?YjTU?>r#{HaFJVh#cP$%V4STS5bo%g3^K@kYNq^*soMVUjhyh#{Ydsd zt%IZN`EUQQwcY=pC7G}o*<~bOEo>m}Uz1bJZmme}oJQzXVHnO>Q~JHsl-gwi!b{6F zyird--f`kXJgWjbWp}i!tT(#)-j2bcgq*8PG1+$3KJh8;joxU}CQQm#SWHcPC(%dH z`+;JPE(7^&`SP(CC}o?B&!w%4tegwe$(113HUSwGTl!({Wh4_{1jo-!EpXiv0gcPT-6A|IxwGL6-lw58GS&&u2+8D2#lL$2{bL z177(tkB{vlzDcja0@*S_ve30KU#y{D29%|3U&7_Cgo=k(LIlLuUxgB`g^np_%}p!Q z?m~C?@&V0;1x*=%>Rscra++VWE6+(Cugj^U-a%mKF*^PX>yJ(N7+cqDvewfAm4-M(~e=M=^~Y#Wml@uNM5^pO5H~CrkxGO3~TaSo%ZCm zI<7L(LuEhazuf6_DH0Ga_FH((lSv>A66K}Voqfb$>#pJ5KI!f?a zkNGWVrCLWD<`}h@S({SMrf^=|Y(?CqdBy?~7lovWT4ml=U70IjKYhu^!dR@yj6K^c zXhy5*#8V40TS}_AbBc&OtdvGRv&5x|^m0vc4n~>RS{hzO)lg0~n*)qyA)lXO+5wMM zikFPk#t=HH~QSjEPM5{9-$RL*(9l%ar-?`n~iH;odW<4un@~) zPwXt8jlz&ne(`otL`vEW%o{l&qBG`<@k1HImhDW*eQ*jnJk$QxR`2pY+KX!x52A)L zir9Qa9u{%lC63Oi#tZ$N_d(7h{3EaAq_Na?re3oKKi1i_z6W> zeQ!Do~d7zVb;ii1L^V zYK-HM3-*e)fGu0=E3{B8>O$U)ePOft5D$V0&qT{>H<*fkB0*J}o<=4xL;*{*qed(q zuwpO^xb1>~6sxn{G(r{FE=AD80b=Zmk`YR;fhp(VyX>LFoD}z_2>N{bYxX0dyaRGk z4#akVp?`{eI3FOF1Rm>vb~9BbL=?;SpVZe@`s-NvtY1$lVpHOK9kAbQZkb;Z-c^|2 z8oKw&l}hyQ>(pPM{H~&hUofkCNxiD0weBD;RzxpVgl9V;8C#wz%dsPLEoJYMwYs3H zX18dXRH0S6xrWXZRMh7#qNBp%PtxRq1=`%~w*`8`%39q8!@pOd^6D#QBiRcyjwMCP z!V6W`Jc0_^$D+|Rv{GKDdPkS2{=h0)$3?hSsJsHwWvWK7Ox?I}IBgx`5`?N|mqy#N zA{SK%we=arEXsHj6n5_9{PN~>c-6oB{_M2ZA9kdwMmq+i??U*hF9I| zZ!3T*1abP!vg+QbxaP_E&EUG%7lZxw?7a7MnamDRR&BSrqGXI^fW-LqaV-tWcUFs* z$)eC`N!==|&WuC9_x|#_H~gW0cHJ9Zbq9kVF8ilTJ4Vrra3l@18zEtQLJ?CNRG38C zUNokK0G2SO6so<8?l=K9;=&7jx6=)Uh&XJ~3~sKCwELV5vzD@3)pS678G?LM>q z6fS^j`)l4KY&}{y{pQoqLUqK~rH6FSo`W7X(x;C{69`g7rDNZ6AyN!puiNkShu4?i z^)5c$*i}K=8ofNWD-B)Iie6>d1P^-FVOtmB%?+6~aX66Lbu_re;rEE*aZVFt#_8;0 z&^x*5_lAS-&aQ^v_xfjVOXSYSNAOYwbY7+1!q=LYcPUf?>j}H7TyU8baWm)*PX^z| zQg&qtB939BPhY*s(*QUbD~3QU!R=})<;C2*17@o=N!9iWn6mw{$+pI?_FK?ug@;tt&a(! zl+b=W0juKiefRvPH`oLsvIvVYsftJ$DP=oWg8!g*aozv>@N`hZcI#8lL)O{bJ8r!> zIyg8!+JCc;4w|oz;rO+8*gW2cV|37lBkwPy{pR3!f4_l)31Ym#P{8TDfyv(C{=wlv zyS0hH-6!3XZ+pWZy8ZWS40Za3>>kqD33R7u)fpdjzdyTpHyCahmjS%P!Gx`aQt$fw zX$T zSoVQ|g+-SgRxWziKV0^|8=hPat_MT0!&`rFOH~TIE<)lD+p;2Botx zuus1LGr$nv1$>Iq&*6Z3?E3&pV;c}c#=!Nr-HXeZivh?a?PcI|0#LvriU6NNuE0i& zlbLGP+;IaA=>&1ne8iB~ke49oL%JUP4E(VVC%_|!$>=Uqc!vNC<^Ybz$mM_pfKM?4 zBQ%9~n9%ga$ya;pYBkCzAUz~2A69jBwL)+D=Sz>4Yh$RIShD^Ww4#=teHqf8<}N`p zZ3^ZyxV-6~^oIT3;PU+Dy2|M}$8`qMJgbiw@gsRIu#lkezWgdC^TI$Ob;Vy*_7dh` zkH`u|m+_Hjp`s*YTPpM#`0&9|xH=M7XRIBr98sYpQd`=h((Y>Pt|elNC0!AK2 zfr}RC`nor#XT6J)-teY>RuP4Apc}UTkTcc)rhBrfJJz+xFJ;=95A~?mDSF_D2GAd> z5GCejeTcnR;AJW}TMmLQdUkqZ9`z^{ERC%|v9215=fm#lX}>opIpu|uq+i8i!Mc!_8Ca;yEB&+U zc@(iifnuS($9bnD3yRe`ioC#ye%TU5!kY<5rhsC&V4?*U3&e8LV;X<=3I%q!x93cEiZoj#NM z-anRYe^pC|(rfI@wRqWf^=7 z{KIIKx7Qt60Nd-1&w?;FeBH5i=h?dRY~6Xb?mTh!)}6;5y{$XX#~ZSbda?3xUAcd^ z*EXQgM@CQngu*clpjbN(b1;Sr?)KjGyKlP}-7;zMiM=SNhkb_wmv1)DKZdD-xYN;u(+*=66+&U7J6v!V0%$M}5UloH) zn##4p!79l}y;2eo4-NFgEJ-mtHyx|adbuR^c1zXvIPnop-a=8Otjx`}2FGI@q~^us ztl7>-d;h80`(N?VY^{f&7r+12+CM(p&%Xb^-)wH*|9XxjXzWX^8dIU)zb=1ADJ~`0 zfC+7zemyLb4}*% z0Hywwp8*P7;^ANd#)QhtX#tmvrS?%fi+b{TD<*Oeo3|sW8JgnB6looygd@PmZO(8o z^ieS3Q*bC~>CYhfCbn3NJb)fTOpyly;<(VABJl^~goS5+*a(;$)khv6xJozAB(p4Uodk@ai5;jcxgOHr`NJk;#6u}vQAqJ0e zX?2GnCOk#ArEeL3_|SRNY_`-;e8_;7!Rek1yd4A2Y`@x!>x2ZH65mI1t6NqkyI04^ z>XL2(tqAdC3y-hwa!p)Vf$jA|E$`oPJ085p!pPDkua~8z!fa>sSMa!`c7X;n>1$4* zXlj-9=FhdvqtGdMB`A1g263Qt7k|z~*ZpAquGzpc(1+3!ZTROnn-ap+!QuY?KFJoW z=|TOsG37Hq`2sy}I7QGy6iC-UM^7iH&)|atC+O>TvstfHK4RRV=nneWgB;cWoSlNQ z+i(kH?;1`(U0yjCSJF_kV_ghF-CE}>7e0@Gw7wlCOA_8J>h!O>mvf}yYHta>htxx!_zQfgiU^W_7>>;+@mB(= zXlCT5l${#|%T?VNay&yM;`&?bb+Z_^z{`{@FH8}vUf7;Mh3$3gLHfA78I z5e+Y|eOJRz_m6%XTcIpR3_Y`v^rtkmlJ?9`=_%Jm?8UpGO|Y`GY*6@zo<)$eWv)04*5N1O)567@Up1I@BR)j| zmuEe%h$|FK-zrX}X|zPC>Zo}$94y2ygIo40p_=|52NNoU(&{>YJ1y4#H(SSt2O0f; zyV*L}>i?f3Wi>x)qGRQL{!>iAvHpJ?`Tmlt1N-_guJ^QC2aV1ZMt~Ej&noEZ>RjuI4;qlSxqFhBAxpyeIH8iNhARyentF$sY@uDucJG21n zCC@_S<{tSo?Zob2T=nKL_XsPa&mn@06e=S!;~Eq@Pahzb2s5B$wK%9qpzf0cSSx5p-`+;AM>#EV}L# z+&2`LR$h;>d*OdgjYjb(ExAOl#{YGcBuC`3l`nyp@c-svj{hIEj*qwe|2fj*g791g zn?PYqu4UyEy{viRTR?f6zWP;AB?))HZ#A2_F6d4M*kks^*Zkj~dajGoI_p0q-i!p8 z6S|T0-#R>OXV-uGu(e(P&yg0b|BB0hNwJW4?-jLFFKNTJS%xM%984N6p@@jZINOUE z$yE%XSdJ@U6E+eTwt?h^1ii(P4Xs{7&%;8>gT8{6RA0!D7C|UMCM6yMARr)4vCDee zHBUvBR2CQ@Ud+H(T%B1C z?ySke4V#QY4{|i%6mm4tro4O}q7LX2-^an^Mi%&p{077oG-PX(q$)Ah$P=0Yz;s$M zd&VzR(G;`S$I`Crk|^Lyt;qAmQ@#lKcgme7OugQYa-lj>By7TUETr=VF{Qm z=uWXL`b)VrRH~IEPKO0^VTg~C>PeW7W=`v(QYtvbOuch-B#+a+9a|f7V{f#vwXtp6 z&c?QF+u7LG#@g7nt(o6^zR&x|drr@p>FJ(xM%`Ui_gzT433ArrEi~XVf{ORm zfYPrL-ECkCnl5=`h$YfoT&U^PM|z^r zPPTgyMkqI7%`07`^VNp-9p8`VOH&WOw`;w-3y7ulBh0w5RetJZsS#?*DA9r%d3bfg zl&9m(OVpwi4CVc@N>Ut|F_doflJD-zbm0vLNhG_Nooz=;sx%2cN1N$K>7rump<=ky zMXUNXXyZmoCG50fk}&W6K7Jw)ao?3$JVc^y{=`%Ly(lTRH{EZ-3!2Ku447U|g=w-a zVg+A?UMjcHRvzRb!OrV%tW!knDLF4?zzL|-INF^2N>01AClH$IF~G@ryIjgvKF}zY zEJsKjVf4;bi)fl_s^Z~wlI9NlL64mvw-$CX+<@`?EB77!yQz@bHLJ4isMfIbgj3>` z4&OMf8QrAeA8rgs=a};sPsy#a_%wB1V7M}!-qo}J+t;kq1(yq8N6?nYeirnXkHV`F zC`q9QQw?Ni13P=C)DA%GQVgW(7aiCXJ|FZG)z+55&@Ql)&EEob(2oI%%;Ww&7o^QS z@u_ClLwc1FSBcUkV-)*OUkDDEyxA>IJQ&!0g|}JO{XWM-;_L-%XnpMfguSbQ-f61) zY^nZ(eagZQ+6TWad*yQ*ZSti#NAP2?>|Bb|hv{FAut&1U@GST5zSU^*niVSV`FZAc z9Y@Ve+yowC)f)CYvNK z{40&ijHKm!=Z&9yWc>oO_J^wTOb!ui$sV$1S?fG1a6KKdYywFDiHt{>XinPM9>N2* zfoXK@5NAiB#wpscFuj+MMtL*)p<2Dqg->)URA3#EdWd3BUE&`9IwV=0zSw$+ujdjz zaqt8j;X51`pXH6kgb>g85(Ya_`ZVNkX(=Hx4oueQw-wWz*ioiv6rqbP&P>z}%jy2O zRUhtlzm*&0uu!EX)vDKa_?Xw`Zz7}D@Y9}1n5~|ye|xs=Thg;ME^MqqY!ViwwuL)S z4(9W~pQ8Jy|5g^r@zZ$_XgGVmH3Qq1Xr)d{oJ0jUt} zy_|^chkYHB;XC|o>t%A~sc(H&+6qInJeM(se4!Re318ipViu;nHA2HR*9c z#amiC<5u*)UdKhJv|oH3oh*`hx?8FuRY+4H2_L-N`j#`291*_l_MhO&=u*IksDPV`+=z7Q3md7`}Y_WXTy5E=2XK9{dbR|c1 zc|;=^^kRTCL`iH|3U}-P-;2?ez+v{QWly1Hkd)$TevpFAOGQOy{4(_!Ha>~|YV}~e z%}aHAB?7nD)x-{)wC))6LY<+d8IZi>aFh+y&Pm7#7mFz;*GiJe%^<@l4k*vyhsf z^^dc4CssY)!a8p+)ca*M+;`){MvmC;5x&z_A?K9r&A}7OP)*lAuwv2#pYq-$q!rSE zY1vSWO+a4jlYQX#mbSY-kiCNJ?FPQgXO?{3jH1+y;l1W-xb-x7Et~B?hqty9V0Bom z2HDT}09KShB z?$VObL&MER_7l@Hdz2L~9RxB}Yce3clC?v#W`b=Q%o7;VPx~@fk^wCWMI+pwwW>M@a(K zSXCJzp1Hx0c9hOBODzO;+aGB{=?9Xb*2fJMlmJpc2`S7*l-E14``*>)eCt*wT+m}l zJ`4*r81NxUtWHr^3dCPXrPd>}1YFTDhgQ07El+}jfz;0{ORN104?9kb03Ziog|&3n z@XNnAqH4~<1$+z9E5$NQ+BL9NeFoUo^Pg_(JN0DX_mghbC7L`?-wd&Cf-(uQZcykLDffWH z>yK^=IkB6NAVOyi!IWAi4U#XLD0q19_8AUV`TiKPsH;&Wi^`|9Ql@SWIc)dq`G`55 z$jFobN!{D?4UXEQAZ*8LU+q^d;6+Q>-OfS;d39nd;C8_o`7r=*Y~Yu;35_!RiOu1^ z0eT5{&97_cV*CSL$p{~=2(#b<{^G-Aa0F3aYR_+NUcMhjkFqpTuDDTVti(Ie*dvvi zxPvtQE_lI~9M3yOtnYYKtu&2i<@!|qtE#a;R;~vPzh_Q)kbNh(_y{u+4_j^jpkV%VulMA2u()`TR0mMqocU1A9ORnx$e*U8_ z^{RG2s?==Ow_TiiVA?L2*4xdiWfvfyQtfAUD;Gqej9oD;;SkvN<7|3rip?iKk|-&s z0Op$Oi;Z<=mm;j@rN^&Ewqnr*KvLN?4ISXcS^y}1yc#;F0UC6zZLa$Z$Rwqk{D*|l z2&p1yeDt!S@Uz)%d#(KBoaUU?jC)naVF*S``=>V#@5s&i#-&R!`#m*8(^w&oR>fLK zAHs{pfX<;VY2K@${=n--iwQTM>?1!T=eUpqNl75py*XDF?+W3&PLgRZbCYbl^uR=1 z_O$VsT(Vu&Ohovn?XElJD>QXTTc>I;^|e7NLb*dC`XdTT)E^mV z_S5v!^nI&J12l!Y$M!%&pTb+p#7MXS|!W=@>S)}wd)p|l-pig z2R{u_G>;8Z+G!dVXWF+EJ#KlQ>6mD|5#c*$!M~ka=6-(XwFYIWhk{o|T~@#wcSgX_ zz<@fyJ5RM+e5X2+ac9phkX^3uT;`*s7$WuZ!y6~eBk(Lf{vr!!jgCgvl)=G+vRw_S^d z=pvEEf030Uhs{qVbH#%HtUljV@PM41_7XNJD{X+<0^sBt5X5L}d+)Q5%DT{U-WsMR zKh4e#5tkevB8(|SqiIScpw~KKC@7KZgE!wv(@ZiglZfikLWt}%balJk6SZ(qh>?)u z|BqEAi*_s+!Q!~~&Y29&4FZOF#)Yrd7QaMJp96KSf@^>$!d)FtK(DlvM6btY99qZy zqhS6+5$!_Bp z*d1R~Z5wY)UQJlx0pqDx=hM<`F2N^ffm*=&p|9m-AW&<8I00w@?>6}+NO>|lB~E+6 zME9b)ZLr}CG_!I85IbF7{N=%V2`K#pGSh=9BHI58?**BGZSZbgus$f>0qo>5FM+me zSKPbBCFh@lPB2<-h?*0?_{O{Z_&9Byui2&&K@uPn>Ax%NTiUjOeJR>4Xl%?Kd#G&L zrMJEkcq}7_#ZTZa%_I;tuJs<2JAn3XgL9jF5Tu-CI>s&K^B2Bjm<4K9@&MzP zoWB&*f&TvlwkLqINq~UQz6`}Soq_UA1cZ|kS85ujo-H_z9Q9q`uuksNWV0>+RDgC| z6|e?59bHNU$$+!y=V?#=%FFqgan5xHs*aPlg7#H2K+*l$F#!E4(DXo%@cIUH`u0hC zggpdmiEK3j6~+OqO-d7A(Gzx=KnVrZrMABsGQ( zs3L*$2~gShz(b8Uo~OboeDWvwM{m(8ZudHmL7eBVWnik2&{WsKFBNQuCI|f;;*)r^ z9)87yDLKte`1j(2R?a0LzByT~$!O3LJesN%9&1>RU@GD1z0!zbf?t18M#S3lq=wyE z=YwzY)Tq~tmZ-#V?}1sIg$Q=nbrV2W1G4gu)uTsAAskjx74;&Vkn(TJ44rC`sFoCq zqg$6M5pEQFPW)-ye%}DPWf)HRZVIW%JaN@VA3MhN_r|Jc*LUJ`tyrg-t6B0zNGPaOmdri&G9pR zS-2}T8rage1mshgxFzD>puRK3xh>PpEM*d{!=_$O(C;l=c&%ebS^?kZlD8{wg=A!` z_a;)@0AEpo8XbNa=SQKU3b4$7g$s$8VK({MO;-Y!(4P;9^?d`9`4-F+Nde+8kfks{ zArY*6qcsl}!UW3mmy#$OJM7Eq%Td<^IaI+3DXJrcAu}gC9`1B($qHCY?!ViGZ>|I& zH9;iS{pgw9#xMy=yUFYJEruu7hmxLGBuBol;(FKuW(y}X-*Ze8^Wc9qX6D~feBggR zC%+#gNL2L`6_F!OK;6AM5H}r;@gH8Z0ZNa#0eEEs;)NFej|uUIvxD197kBxmD9||! zXJvG%Azth`2#FqdMKvA6S7dmz0UpbzVZ$HLPU9a9~Bys;hX^no@lu8L2POHZd)st(Le$Tsz0}UkUe62XMckO91G}AnsIPaet6o{_)5` z;Ee_qbtzovOOYNj5OpMfc%2_O=X+rr;ikEddwE$nl_R|OcIV5K87&eKji^P_r2Wqy zIT!EmbN?2}WyJXC#7rxyZ|?vi$e~7BOc3}r(g8vxLx#t$yK6v>$?xWD2+%h8V%w&A z>#Z9w*jN+gchN6_x-2WoTue0cmIrE=8j&vkT+rXY4p<`TK?2% zqK?`#bSB4(EgS)XMSi&k#ptUaZ$jOo7#rls%l0ZmJlUbC6)o0Dv5?dikm>|O2xZaa z|3d;ZuLVkvbO)CJ=MJW0^k4*AR{_Qk3M-Xu; z2$#*j-TdBOUV5T0L@aFw*Pp$x%s&-^aylyY41dJXxIh&F*wsB5ogK)f zp)%++Aa!6mW$&uW$H;QyNFl7V_#xsqA6M!(x0pR?WUnsB7T+zW`Bsk>p=S#m3WcON z?xXiX)+y9klXwOXCJ3EFBcx_-ujLidK(1&v{hZ6faztm5H!rBC6nBgogjHLX=%2Z9#yn7;=1k%e6{zl6b! zaFImczu9B6g+Q3rVuv`s2aj=NNB6gvPGj?}a-4 zfaHYF16ZQE3LopeUyki0Eyl2$gn=&89uXawlS8Hw=h>zB5D5*c_!jVDMqk9ilZY+T z9RGZ(ErM%dnC2kkX`79Q0xL}Lr;zk}#gx2AEk_6`YTk<5BU#uvH}{z4rWP7@b65Aefu)#6lq ziT!~fN<6LDUzp#UMgIeYU?2!P9aJ_ct1H7!9j`bl85z=GO4GCg%$R1|Y3Ehl`AhpW z17QBd0Nb4J{GT^Iblz^X7H%?u8h@y08hm~jopy{pYY6{*aP$Wltzw<03+&e0QLB_u z2=+=gpE3DWm0n8t`Ful*c*W>y%dGDAiu_J#~CRo4+>BuCh#p{ z?F=hF^P_>A0_&sx-g%Fx{lMs{ziGBmX@weUDoieN6}8=IL`23Wb;>GrrPlGE48A^h z`XdQ8lOt`klR$#<;JpBhD30|}W55oNrTGrfz6Et-;}vx_74Rr`*wXvDZveVQ`vXM2 zK1TYmalS0RfV%J01bJZ%avRP6-;)3PJ^B44A9$k>`K25L`HBX-04w}~ zC4InTz)PQ|8$b+*_}J$^4+IcD-Q>G=_%8qfIA1q{7yiKi-e3_U9{`U?ZVdeebnaYC~9g-l0d;4(=eD3m> zccMcA{FNsLfn!x&SWvB2*`P%rIi(jEY;>v!)q`g})g9Z?Fbpv1+uEMp1QHRlp|-yG z&nCL}|6UgwC{O=CLzqm?(75dlRzFg|kQWy3`hkvWA^3iTR5&a%IrwqNz99t2 z3S>p5RE^hf7<7XMNjQK9`8#9p+cQf(B%ve3W`r`PBc7~NRA#`w$c}wrD2?I(c5E$v zK(B&o2{)cnA}KTZ_xsF8)!w1J`ysHL!GO?&qJFH}H6bO(a9ViNVW$4_1et7G5$+5S zjiN9f4C%nb-B!b>50MX3WWuaPFQ9#+VyO<^P|}d(KvbG3!3nc{LQC^e1q5s)--!>` zBRLmi+<`7+TSzz!X-@E)M$dxgKn1;5#-HgoKY-Z`^-=zDUWYBZwpg7 zOafzFV=eB|U(S^$g!-1NJq_*)<$IP=EkHreK)2ddG^OZXJ7?7u2|iJGzq`>=Tzf_J zZOL6&vRjY4+^IV{3sU|BJjVz}Xfy$r^b#Se5p5J)0;8&y@`fcp2!uV=oBLufk_`0z z?F=ohDgFk&Rm}=xje=W|X%+w_FFB92*=sIUAqPLIMv5$(Y#W7U!4B)1d>s!D&BZJb z64^p|d&d9)VpDYO=DyA%O~d8V+a@{skKXqt!mfWAfdS;m?NRJd*mOOUE)q7u_ZI(j##Tx# z_cb>+EaPR@{xmx)8<~%$wr4Y2?Y2MAx?@55a4+ue`h76@yZ%)2U{bw3RFmqXfIU>+ zVd$1fPwG0JmPIJRC7a%CsHa<>C*q#p6%aF9n$s^=03K&23>arRw7TSCfc_7~Bwa&tf zf40P?)9a4ZY~Cm>+*HXj{gWjf;juK$;PoQ1yl# zm`S`ZdmK1F%sTvm6p)|G$p|gfw(Ha>W`mNwX1}DH!eV|21#GsW1ICUT-K!dzANR}J zW~@KEov{Nw<6vX9H-0Y29m&;aURVz4-5V;hLL|L2T;glS2w1Un^?awda(9ik)~CNG zI93L`#Z2lW>ptyD#5!Ek@A60(FVV$uhecSLrTa_t1KDfnl;cd?nP?)b$tArqKcTtH zNjE*$-42)QSwip#|7Yqt3zzZfSHO2G7MxyC>%PBWQQrZ#YCOa#chkldhyo4KraOm74=W?~6E_EUoq^KWm7xE2 z`L|tQ`)RcxG$3NlIq3qYZALDo=i45G46n-|ujAe)^rBTvlHGaakt=I}d)kVqU_?l2 z)S3^PLqVJc?@Js%iyp(!ofAPfZyC|6xt~kORS=nm5w4}4vb_X(>g9uo&6}6p^3h7Q zEDrIs!=He~g~+zT(6^|3x0+Sc_dxsCq2K0ktUf~S`LZsJU#5(#2T~nnEVb2K<*V-> znS0k`m)+TQtSNTgukQ}G0%vU0xwP=D>Wt1f2v8;x@ZyxXGVr5PmMBJbhEo_pyI`uA z4NPi-eo~Vgbi%yR1uca~F|sv}xZE+q8u!C4X>^-xdMZCP#|@P@`IDk|>(B?Jp(cO* z0ngIfJKGhJ4$cM}pFeQ|2swJC4|DMemZnoEW|i zV%xDxO#a0!Mxh9yyyo8~j&MDw1?D+0c$+Fr$&vC8l&(*{5kvofEbB=Bv|Goo%!WnWo6>o_I zn?OI1onWE$6Ers=Y$JdZiVPpE3zOk8GBLGmeYF8w+M@k7cnuBEx493P0=@4}wSMX* zY|)UrNIL6${pM4S?aL;G@1$~&{jDs*dOS)Il0P2J6%q)P%f-FD&Sbtu{zjQ~BFOgP zKJ}2OP;a$qVlvh_l$0+ZE5#iF{k_Z6ddt=OA5!jH@if3FW?`pm>IUXRLdW8Ud7*gZ z(_XPHw%P+pl8^P0JbU)+mT&7+n=5v*zyH;jWK3M5g6IrJ{|Nl4edT8`1^mbQ zSa%Q99*MsP(%k}$odLzq<*UM3oufsunBG>=ahs;oGZ#GKK0_X}4cCR+HfItN3`E3$ zv?oGQ^weFHt6<^*ll`k)r0-C}u$;0I=%4`&1ME;z@M^mryYu-_HGPifk3FcpfYDdD zv6*vG>dstU6OAX_RKi_3Snn)i-7dh>z~5h8GvGJsHFBJ^%}~iA)#MqN6Fiwu(W+OP z$at9pxmSXJjz>LYEEp*hVG=7g#%#mEcTf^EK@ff%0bcS`g`d{Bq3Q#?i=6~804M@} z4+gxQ_{8!=`_cGJ zHhR8l%;4v9L{dn+i5l8Ly}A&p&-O6 zK(c){qY9lelFx+SuY=2^eJTfubk>CYK}S|e)WXy1(Blr7zd9)DmRae_%C{&8`^4N4 zHaKCWJg>Yyr1cNFmkPEB{eyKgkZd{niks{OVLO8b3Uf`h)o)JTjwUvan z=0_Ojxb@A4OYP|&Fh4q_^duh1Y7kL>tmLl-7v7-iasBz6H}rsoJpdb==WS3IN*AD*TF%AJTcqjeMP_I|jdw<~ZtAL{x5 z%r4HS+D`}8VW4i_hZTM=6Jy_W05+`dCXjev;h+u4!h5omGkO5CalaMHoKrm6-)aF#hFk7GDqFJ&SNW;_GxLZ_6CkU64{_&p!El~Oa%GEPP-&A zpZ$bMbAWh%nvKaH5tIijY~-eAG=GaoqJw@!hyH*win(c8C6ikfxo;`qA_wO(PR2Z9 zzNPy3j`wd3GJP90{rmY`kq?P;?*n$XlkcP})8A3RLzl|7+%KaNpO{}(WkSk6H%9>_ z(c^G?AWu##^*31;-iFr*bq{iqvrxl)0NbTYJMN_kF2X0xZE^qXe*dhEqcjIA1TO~= z6QKw0>xP}AHKy@EyGJVO@sT~^4(eUTNGVjT+Hii>&$RP_M5*}6xR3^x$y73>e@4Cy zyp!nO-!~sNw_Ob9>gr1!vLNjppp-vWnl|4O18@c@5OP`G?{|n9AqgIojc?ZAadV_n zDpm*@mlMB1PamW*+^JKn1cTM1ivHZ1v(`+R-Tx$(56C%duO9>AZ|HW(8;U0kFvFE3Rm`Dj_gYYE zVHzLaFU?74ctiLNF!><*#E-DOlD%&Z_6F{F1^|K+aQ+&rn?qXca)qThfH-L2ywh+A zxSKp))&Z*6_YH9X(RlSbK@$4G_0G5qXOVa-@5i?55PZXp~94Cz(rpQ z;es$>q`xx;2d+1nkOVn(A{-1eso+W&`!vHyuLn@j1V@=j*x7BYPxKJOXg+8 zQMJNLF=y;yltx1!Z6M&5tnMz3bGJrshQF>*q$ovx9q#=!HgN6KZ$B%pHx&N-35|&P zBLg10#1a&)HJsHa1?d7`@05qA*(epk{n^wF3=^6F#`{y7CszF48i2X-T24Am?u42o z9q#s9XHtbM2sS3jISLq*Q0rq6c8Ldk);LV-NP{xPXc2}~B^e(>m5G9Zpu`_J9gqFs zAFav>=8LHECCexj-zb(*pb7Pn95eh}@86c;!LhHv81B%h8>0}J!xPWe%oAYzl(QdiOxGfE9IWa&S^8pvLDma|}U z>?Sa{wu`=TNu56{v+6L9_yhL}?wuj)ZI4P~#Qq)1l6Mtr=iBeu(D{H)2=c)1C{(1) z(K&%l`FD`ac)@K#V|w(mb@D!e{+}PpA1i^#H>kZ~FB;DpO>Zkp8pWQjPshq8jkV!3j@9ijBiD~ibNm(9r9xE}PO|w72I8jL!&>9( zdi;2V`;98~mF~K{S=tdx}kz?Uk4xA}0EQsqiye8b%oS?Ns7@6$@0X zDIAHR6c`+el)b8vOp3~NO>ao)r2oW#$%KWB{P9X6x%$c?{BM;~%bi#t1DM&esK+G6 zH0@fg=}XR*YNI#Dnw|4egdZ3&P*UC{jcRr>?cEfvkfJl`RE@IJQ;_iWg&DV?R$H?6 z?g_c`b^I~x7U7kXlQbrPWu1PeJy8Es{r>zXHy53sVi<$vbpn^hUzn2PiV(F`yYlab zl+*{=BJ`{Usilx$p(?8v1hFdj3s;$WJrIs$$2F7S)C^Ya6wvagl+f}?#Hp@wlzJPj zB{r!EMB4$@Ar~cUiSo;`YMj=a%LD0YPix0%tYWo=esYA*f=2Hhac2*UYlKdz0`L zfERq!6|}=tWX-sYP%P1AIbxKO_cStSe~M{nrm47J99OUKq++3sb-XRVA?354sji{h zX3H8>Y5DpvD+sjB%jcY(>1XOAj29m(B(XLHT!I~bkS==0lHsBm{Pv5UN~aFk%61^y z2>TA)9Cpc=Ha)*imd*TUAS`FlaYkL>Rp<&h3?6){erIkk3Y#I0GrA=*myDU-(bI416v;4R1OqgVHHtF5L<94y?Brtv zR3;0$)G@ez#u7XOw1rT|zcgSqwGJ%;HVb42z`Rf@To#EfWCwQksHmkf@6DO}>ti`v zg~{Mcy?JJ0M>mjNUTLH#(|Qv+&P>c?*nv61V}Z`;AK-9!u}>u^Tx z?1^JGp#7`UfwkL3eP+!FFw5GnE0>?~Ylr}KL7>i;nE&J{CQ?n)X?@GnXMLe}^w+x5 zz)D<5J!K#380@+~6|)BgV(EOB9d7MLm=Wi@`_SoXY^y!zD--hvZx>?d@0nMbU41^U zv?(LO0jhsgWKmz`3)yGA+v968^SM>oRKjK^xB>a~;0uBMvBbB_6^cR5%_3Nai5t~i zo15SYx%vP(O6sZm$~TuV_~Im8uBxJg1s5tMrW_GHj!>LrGep<|*zBm4*uBkC zmRM6F)eE3?X4F@M5_f?dZ zAkO!myu!YP*k1c)eQ@92*|ZPgL1vHA*)IksM}m9Nm69`0KU3v8i&lMOq}{K;*DGYs zt~@UL$Lew-g4j#B=T#LOj)B=gPZKXHOAdA^o6|(oyR};M65ii4a%1=WSwFJc@y?Lv ze#XF9x^*ENM$}1?Z0)urr-1ExJMIsXAec>$`$Z~v)cdmTK0@1DjP@yI4&|R(Qpy~d4^oh1|rP|uY~(T`$HvW4^<6u9AFVz*cKURjeakNHhC{Sh zb|fKUr{!TTg5B^S2sS#5k!5o%QQGx_3IU6K{PA(6g8;qV3tdj!$0qqiPDPc&y}yl9 zYUP~8u(zXg)lQjt347JPl&A|#Lrd)XtRTAJHz_HWr@LwV3q#I|plIfh1xoDV3vGmlkFznu_%=p>p3=Eq3#xu>ERR=l_y7YMo5V zFVu0HOZhR|Y;Dr<4qy5e9di2|E?R_`6xctReObGVl)l}mL!rTQ74>XeHGa#n9_i>>wbfu-EhKngG1l5m6b^<0CVY6hZe30E zpG1F^i6gBfaB<}$oEgJ)<)wkYo4zvwik}^y3;1iZEsgovB9wL4;$cH#u(**x#Ki>F z-2_=JqC;@n#ZSXL|kkz040+#%Sg$_EqsO_Dd$-ZnHFOyec^^c8aQiTc^_^g|Q}<%d5T z?)Ja{SAZj19N~O^qMHmIf8ek;i91Ookf~Nq{j}EgEU>LT1lp;9)QnEo10!(DSyb3z z_si$jWlyDJ%)k5JTwdm@*KqD&9D*c5T!sao%5@N{#|>0?d!<)L#lkU{J>uoe+wP^EjtqYkL^{B+L?#@&SIcOYkYu zfBaHGL3M{R{HjH&bb)G6tRg(p+Sw+ATaaie#-YFb8I&}&;YXP(#IZ${ykhI<6NZk* z`&b`S%U7F`h2&``i9#@Ak}Fm~!-LpL!j3gP48)HLV*jD?fqH=K))CuMDk>v{ur*rSJs$ z4ec9z93-v?6G9+7pC!!h0P0|cRVFFau?OMnPR_Sy9Vh^D!QREN$}OM!)f_ruCf<~GV+c2ZJ(@k6ObmLuI?TR=C0`Gu3!-mEJcXSfEIbR zkR_>xfe^oR=&+pDm6Oah!yFijZScO>cQ;f-JaeX9(M19dkq2AqOy)Hyax)F(GH5ie1wUPs+c7OT*VCxDK3PCaFty&PaM0;c{~n8F+zt*Ix4AvXoO9fD(RL z5toSmsv~drm<)`K8x2TdGg1cA{eQ_+Q6j+sB`}AcUD59cM*v>vbW&wrfg8%jp#QudPO~0MTRau>I!j>H_2bM2u$hkIfIi3OijKj9+~SYksDzS zsLGhxZYzd^dZVROP9Fr*`gU=ylTQYpZ;dJ{o7N3sq)|ZRG z@^(APAeveFLL|K}7T10GXM6gHa(>gBJI!3#!84%yhp57^;IviRi1`5x&S?i z0N-YckD7Z6Fa%!u%bGu|-oNGj!<0F+vC%DrpGsj-?vt_(AuiId^%5NV#US`s0;&}& zL<*lCnfkdeSr|*+E}W9Q5VS?{C$mb5@*#StJ_eO1sr;vUJLCS&&oEro3M$ft1r%gQX|1Hk>jGHtPI z)N)6`0KS!97yV%`um(dP^dHr0pBLxV^L(9NE|u&HAvj$5VH2W_1y+X1QL1@i={5G# z$5TWn07aCoHH*|iXzLnBJ>8sWLGBvbBRsT*>P)c2CS{ee8uE$Y_v1wmyUGI^?Fl+_e~qp^CobSs#a54X-#e|*s6DPsy-2=aBZ9QYp^Cj z3JzbXcu{$-2#KE^j5A`edG_9w!yJKln3}Jj)1K>~D_eB{!U#A{;YixX2 zKo15_FYMLueX^6Y#JiIELB26c;u`07=Wex!hXn+6Jtr7RJeb6OQ#To2^KH}z_SOtJ zXM&h12WUX4>DRYuY;-w+XMW~z?$H$% zF9Bvd3v}zTqLbSUZCO)Pn7Jk+utW&2gZIo(AyXM!%xnQ{Bn+1o3y@@!+fDp`l1&%` z{DLEDsRn(I_SsT)!6WT|_XK5HbUj{`PuFcK4S7=JaR)#OYl-{6BC7kek_>7IrTC7X zUm5)9v!`RdH{vszRm>r6=3rO4s4H`*WF7ZG!XE)u+i~HD#j>)(vD1WC3CBbIgga3^ zpCC=;aDDk{xO1q0RR-F}{}&oBS^DK>Bw^GspU&wH0X@|qMNxkBpp!t>4jmCjx+9n5 z`u;S917As~ppQk^n&@Q-`0@jSet=p}&??mALo z?67-KSCXxmR$JabhzbjafN1vD!%zl=hF4R5LsRQ^6Pq#LdFZm7T$30fN-B|2X0(15 zwxhwYO&%8r%lXKTSzOwh{@;3)PB66v1_f3_LVg5@c<@UMJ47)r}RCe!MoPJ$tVrXB;LfNv(XZf4+|>MsndA=!e_+<>K?gnbC753mI?wt zA7+o=JRdHRKJO>*EM0Trx1D?5lCUF`5EVoegJ)SR=K+qpkWIS{i#u@QfhI@K;61xC zyG2{a{V`dmiDhS**CwYS(}!xc!G{_PA-zw1y?va)&1>-vFp!AHA5SsUG(q6n7~5>E zdx?cL@b=3y4@#rIQJ<_a@QCAo1s)t-Ut`REyBi~HzN2`NCWmSZ0l^COX2$jt?;i%IqaUkxTZQSxm*<#c( z>-_ZnN7%GIDAPA45n707#G6;e={F<>M$8IgR+lnWB3IArUAcC-v)j_Bex~)7*ng(k z+;7PG(bvglvRQD&uVPe?K*ylvZ10=z%Gxu*9hfg&u5eWUYE7b_``+%iX%>7x zKEO}wl>3zK%z zf?@fB9{4!Cnq~2j&cu+0or~`)Os{>uaK~}?lXlNhZdx1%}>EryD!3oXy)G?%vS$Df3H6ZKfUjijR*d9{<2>`(k#X)V5; z0WGlyxI&uk-8X_cN^w5OGg3cv?f%3Dr64FXhKvu42^z1-RMwEB1!?LC zpR;wB_tL5E4HzNSnM#O{EYB7lCYwPJ3*0gW{uAV?Phl)FMnRU*;3h|VGjw4xJd?Mq;F}Ur{&G z(hL*NAgX50<{!D)hg~nk&LDIxPIE)@rNjZ7jv?%nSp8jZVu?K-(q4Y4?z^SsLA$w>Suqoz&9SJF;kl(RmM=@OH9WBNiG_FcRKQ8kXa6ToDAFS2F z`7`vy+KyNvrhmQ%`KDeE>&~v^YJZ(|s(70y*V3j+RPuc)AT3ROkcu^Go(!BQ68eZO zJP`}(TgP1uLJb=)9>G!fYI!8)Oq6$45X;D`bwYr>+#&W8*7Xy3dqehbq-ZBgb!82u zp6}YKjAmmQ6pX&wdM7pPBK&zp3#kRWh#xiI4e5pbB)E)5+pu#~*S9SaTA*a&9?Y@Q z`c;V7FB|Exu{Fq0;%Y=DdNTzTwb1-yKXD3QrT#BUQChASG|OB$ZCGC@G<|PxLxELh zXdyc%wyjwS*9ryou*7?R8Pq{a%;{|D_=Hi9A{)>Tp~S( z$w?`WK?>0a%>jHvhq*0YrMl&)z9%|c7Ls)XUB^#ni|i|$@*Ic{dP$y8pmxA>NzLA; zjP+3U1pZ8mGE!O1-r7qI>q!NA8|BDVH_YAF@^i$7`bnDEKV6rIb-b17Hk;N*tOvaY zQj@$2sWP@h)eCeRA^eZ$epU&`n+5VEwq!(IF*#+EhXwLd7Dz64ImGKmXtsG5uFByD z{euO_bnVX~nOgAMP)_mti`BN|o!>A1t6l#rrzcC|sM;S!0I^0byg)7 zATgkt(^%*U@~HnNG0@c{7Jz#bFd2i#_g2qTXMf(Gzq$sSN)^DAGz# z7EQfe!&v*H=&YemSkv>j8s>6z{2-k?-$0pPGL@AIJS`o?Wb#Rew^Sy*@`Mu4w*>i$ z5yG$KcxAUq!-3kVch+_F(oT|Q*e=1oNy56Sg7H}RtmZ=Y;mPu6qY%1sF*_5gRGtyt zS&j0}+_Q64UeF{^H|a_hF_X$d9 zWg@^b|2%Z4!@ry~|IaGL&Eo>D=T$4##MnWn@nE_aXkS+poCB4a?2M`^-7>_ecn-<~ zv3j+37uCNWPHY&)(t4p{-ay1j4<{4}DX99X*MVon(w>6ZrGNjAsdo&oBy6*`W81cE zc5J6(+qOE~v2D9!+qP}n=ooLFnfYeE-}_hXI;!fr*E-j_NIgJ}+>#3!zZ2GL^PC=! zw5TDJW4hO#|2AUoi!>S5q$WRsIwDWF1uE?y>89!vR0?7o^5eYnkl zdg`sSA_(izJb&4$9jLc7@qujxeA+txU`I0%3_8t@CQ_$?~mOKQn8$9!yi; zju)ryiPCT?wwo}DY>3uD2e6aSFlTW^+Nj{_VQkVTjb}q0u$y^aB1@)mF{fpowLa-Y zaWouZPsS^H;u{_(DWa>;hLTs#UKiaR7AcxV19%1kchSAQ5$2dAbBhy#&!uOc&+NQD68^*mE%s0>)duTekt_#s`yV~77?{M zFk76JY_kCMd2!~AcH2=<)v5Gb+=>r}$4W+q3<~G}Y)gOM- zl&I{r?>24sXNdVnsB7ng(jO6O>&fu0EWdGkXC?Csy22KtKMPHV26``2K{zb{R7XX# zy$!WA1*O;Ut-5Cr?x>{e%(F1OHSgGG8JU6kkM)5Z)IQw zj_n?dx+dgVA+1ZUmZDwn064fI!4z&_I`Ri&WmN0~8eft+*7KkmJ;4!r zNoRjT?s`M+JzNHlPt^vgOw8GmuNmsqu17(fV@BmU$Qbtnfx7dB|NJrU_5-uqewkb?l7zNJ!}SmbJGJgV zLRRl{i9icvNPqw~B8a&M?p4H1+Wdn}0mvJO7YpxA-V*~KvATuG7u1UVoFUxj^L)qS z2hgYcvefGchx|BQpw?xPO+c?aFQMy@WBQ_$+||!>iS4VMQ0; zE~LR5X`>@{l8V62Nx6ZTa7<`#xPcf-#LVonbrI3o9GypvMtAk1&&MS6jsIZ0Mq8wP zOb1tWLCQ$OxO%62A-&G@#RK||*J>u}p*nN$`ETgi4W&Fzf>w|&TsW_Q#oj|ALGer3 z-Mqh20b4=G==!8i8@F*i`i|fY;e+ZT`OQ;8wnu=Ea~Kme8yNx}>#&{mg>l^W-ymq= z)PuCg$=^VQkOHj}mu|`TW3+J-I*b{!EL1I3iVXOz!fm(_PIqPIKc@PkGPZ|FBKEFG zF_|)WogDv<<5RU`7TIy8;8c7HSnv(djl(g7Efaa**R^75Ut(-Z(}*NS=X;=gf=CO` z`P-5Q##d1qpjF22FS9%Q3VioLHRa#YC6y5XPv6|o6*);fQkwxJ$L{GxOpow<;)VJ@W>7uY z?2j2VC`K&9fqc-vuR~t-)V+NpC!;Q`oouLj?nSY2xnG#{GsoS#W682u|B7$Abu@h2 z0W((_zxXz(tE{9t;yQ#Tb3n%f`y<%GI{uAcnMSAc7cGLkH`>ge;+p z9r#GpXPQST1W%?EIQiq6;qBAozG^L(>AP;_$lL2efW;UI4I`mrwV203dg$ArSDEKt zA`LQcArwWVum}q#kMwbnI*9ga%*g7?1S&Jyqd^(7%K5hN0?e+7#;KE)dVf`=Ts|@h->+E9>A%r4M-h`8&Z{eD`KoCP?fj6%FyaSD9ugbhX_G-~j z=$lW~q7jpVc{*$Mo^n1>KSeGgV=9(J1{!89O~@6jjSe~fL+sLFrf#oKh|NS6fpfL9 z-1AGMVaZS~M(Z%~LhBg(hj0r7e#Xgo6}z;tal;-IKb>r}*pfAg%r|FfYDk4c=Cj(G zL?``IR%NbjN>^1ii9R5I_GbuX47*PVVI=uN@#&)La-{)(pE6PhB|mX_M#u8vQjmr9 zr$m7`ryb!Vlxd7FZgpN^OA4#czo_mbhn8-JvT2bbCR!u0aRizsQTsW($@awaB>AoE zCGi;a6BYuJ1Fz%j0LtrkVtVwaUuZYy2&aqg%Aah6FZC7IFMSbv+^uEW!mXPN@tzgd zNA>o(o5zkC|L$JL<1g9%Q8>LbXFnOd&5(~gK6O^UnONEOGsST6=nT*MH;>A&Fo7 z60Na3m;l6*>atLHh_m!Cvce;{fY<;5z#M&6Q17G7W&au+DJ#IyYs<&M@j@VoC?@^r zN$@+w=MU&A1>UP3)ZERf>x&#GDyHt*$iYJ1l_-d3Q$A#&zU>tjo*N?KSn`jaLLn6l zJgl&~1lBlOgA6CjV^R2L)%wh1c@2pp5V^e=FAuelpSyo*F^WgA+K}{5zKs&UH_bZ9VMiKmvCm? z*Doqxat|buK5V38rxTXNB2SaWAzY+F4FKib9} zarGQq;K1o+Lcs0i`X!th=s0>s$a%`UMjo_1*&W(h65L!-$ngx)E~&}c>Vmynb%>Ul zzDu3iYI1}e^MVDu4@h2y!s&}A{Dna9u{(Vi5{NXs1W2Ix43ljI64 zR-CH=h*r%8kOU8FkEkYymb9m!1(7KEEi?|;9f}A6n2b)?Xa;{MCzhKfLA?y>4!vFm zKThG3@t7+1jkz)=h22YlU0j`QxGFRHvgA7X8I+I=aNNrt3(%p1JkY!nkSH(`xS%vB z(mrTTKa%yYd{uZ6i`N|dKirJ4uD|?j_XaW1tfFKumhXtJLyjPsylEa{FoBrm1$@VL zVS|aAu|=p_6+svV8M+MAI%m~9g!aILF~@gGUI&Xs;qxp77yx-t0yNh;XztUHC8(X7<$%=a0T}-^ zi$+t2*T~dL%-itkV88_WUj1PT93y5jDm7y2!$fc;0^`G82(0Ktn}LU?LmPeXQ4CP( z&_S0Svet5gMO)!)z3>DKeQIO%()&;0IEWs_ridH3D$21g`D6gf@#Fjx)WdXE|IdM= z4dqxmEtQ`pa{=CL;PA>ki%b?;hui@coFUcEr{k#VG($;s`zfhYH@*{m)m2bx%Qmk4 z!d>yqZ2omg-;35ZeOtL-8`}PoYCc2R>pA&RZ625EOjpip=5$7r@^`y!M6IWQij&IN zoaWKrQwL4e7y=sZb`tJ#veOV5#UqkdF3djog&hSHiDuo5ek1!xqA;ZsbU0w=zPRPi z92*Ik5Gt$!gV6$mu=@&qZjil;SD>pi=%QT6nVI$RXfj5`3J24Fy~^$9lJI;&N)1O3 zf?AMtWm&0~dfaQGf7IXtWUh(CSNHb+r2DXsMbJ)oJo~c65RfD0|M><5)pvr$Tt(gqt~fWzfUroyoFDYMhuWB} z+Y^w&=IdQK%?~b{--BwIHn5N)ag#dgksaCRQE*BUpZK_o8dP~PPOy^{RK~{YQ@cmi zNTl5#d7&Hr_a1a?dB)$nay_ATHL;<3TOd9|nD%_#)bah~zawE`SSYMBl>A}bmZtWO z>NSP_hN=v%%F@bfIx`_Q;%sh$P-gEzS~t3bAM(Q%omLANz&)RB7>C}+_T)~TcItgW z<)|!`5^P*DwK0gS z#-C-0bO;x%o&sC7_nFAd45EeNOhfZs>IFKan>W8rgOwypC1FyBGNGM(d_yQIx@yc~ zKO^25v8nP+eB&0K^gt`#8^b`0Oi2`ml*T>yKCTX0Xb@eAC;=#_Mm?QjUMsfkt!0y6 z3@a=NT=0(;(Y=Y%n&PT9^fn4DhSFei+a#R%xwPz`4Epgj7xsr>@+Z~?7=nfc`ABLr zB7AKzWF}LzTu$NmbZ+bIUlCD1T6p;=mPGoHU?YaHt5&3vK(pHC3+9r*woMoa3rmmc zjD-waXcUK0p*}*&UuBzMp5JW3lQ_XtSjp1JoHM}ZYg%{Kz~{>75gCsU!PICfxJ)I+--YF~JzL`e zUsb9i-;p6I-E+!uD9VYhS@_#*QW)L?TALivhZCXgS z{=LlGFo&!P*a$jh-|IW=L%fCnZp?E=gci=vL7ixko6o??3Sfa`pNuiXFbuQ#`q{My z@2Ms!eQk=3n@N-vns-DcR#?<7(v4u{w8+~vNZL3g4eRx>W_bw(Amp|0JS!JlvIngonNXFJ7&su zr{ChCx@%<95tQlv5#+J%+BxZzAJ<*BxJ;xrj{1p}!batcp>#pqO-h{|{c2t+7Lz|j zqwu73#&+N!C{ARj9}CIW6=q~KRIWTyc52x$ClVT=ig17T;qkyWp4PL99rfhrV0Z9R&bA6;UTUiPzS=BeXBmgs*&#ChIa zt-G#u4CR-j<_JTV!FaIN9fk&|iZyY(hcZk1-LUlFUJ}}7cMVYS(I2}HP}q2*#{!>? z!o|vd!o2Sjyc<2yQpe8{Mj=<(H+)9F_s8Eb65>`iUiA7w8440RH=myXliDNBuTD!H zwodC);2;sLv*#Cb^ogrO=y0}eJX1UDcy4Brn)B_-?FM}olWTf2R|+e=kJjhf zK0I(Ej<7M`s^sJ~9@}0+S#|HfvwDEe{hwZaXkUa$+yz#lhA|k}(=i48B7W}-<5z;* zO~L;gyp0u%#OCGa_xx}A!eIlclAu{O;Ou|+tJ)^Kcyex#g%E)6@3tGh;%cy;D)#Oaha^HJ|cFDkhHo2c& z1+?VtU3k$0~4pR=_NF1NA;m{}`qz zZaBU%&5(dZEqs5D5XFFE`~IB=e{xlKNUGYR-ue1I6nHAxI~2!K6h%}nppfnJ+wV!Z z;-9=l9@@g8sW3H;SJ^CD*R#`X5{UHtx;QIIaY}w%g0M6UH9a0R`D;kAV*uz#$6ap! zDB>h>J4(oZ#^en@+>ocQ4K$rm0$ZRb<{%5I<#_g(IYb1%HFUzP`4Jl}gf|d`BPjvx zYIUr{_;98X<447afg-;0pvgo1r~l^BCBkHYN?v;G`?|M*p~SxYzgQ1k5^h!4vt85V z3lSOkf-7Y9&SCpeU^GUa^$=>sl@UI01(UpPMXah-;&4Um>aboaXLtUfw!Co(^=79%>t33=fi~ev?dsNcPPZ##MpfJlA$_GoDXKa_UkoJxj*Sv* z#IUtDf8f{;2k21@nW4?V)?Zf$5*(NBVh5;MmHNidx9BRpJtaS?&SO%YX{)}O+1Q$JLnaS%;p41H6+JGgM=1Mxj8Ch=?hdgQ+l^EN&q-K2V9l9CSZh+E}5iw#o z3Ykqh<6?`!lCJz)Y##mR+;>{gMCWoxZo&x#PTvfvb&6uqr+%?&XG1K$c4!EDgbSk< zM2}WZ6-qN`qQnl0ex&NvjFvioK2(cPylS8M=#vh3`dgI8rvgxeUe|(Nms8o1K`)5@ zr~2Dxrb>oZC0cGtuWgt&?(a!O;>844v3~d$8T|^&jr%} z-_+$6j*$Zh!3j7^@uVAE|9d0QT_6$v<0@b!9u6P^Jk^rcucXbXDk-ej!h{XaF`lE~ z4Ntj>RBMwc)fV3Z!$T;bvtI}LaVfuklBto5C&A@#s$H{`b$t+@(d(Q8BTRro(S|*h zA{x_KM6RK;dlX9(`)_M|%+F?b#hmPORWctK%$w`vz5R>_Yjica$oNoIjbz%k++|XI zt8^b@R4xnT+U62(^7Cb7t_zUdql{m26-K)tl@v;4Ve+uZmlZ>s6GOcVK(f0X49%XxL*q>RXkIcd(k=-dBcf*F;DUcbzIc*1CEBK3sAdnRhc=?p{zihY?NxlHq$iMEX zC(dhFiS8b6?}C!wk;*oeLm^N)06wrC(7DYbxm&4<WeOU$nT1a_FMZEivck+9B-sS%n z5r=mQ2zJ-{zqzDr4r7+JW)4G$3AI}^j=;IE&N~*uHEtED3s@^;4yekm1vskfMHg() zlG0M4??1vIuo|iZDv3rd=6I7mL~{s(z>W9w*3z{5Omz0mO9JUSw4@eb6tZO&KM<0# z-PE1Qz>6bHAzUb91>Z+0uo=}6bn$1P@oj247|`p9{zjO*yE=LCmX=7JHS-Aa3pWtl zcC~Touq~|kX|W607JL4wjatdhzNwzwF(b3-^pOVYiwgxh=Cf&k&u2ggtbS&K!DBpn4nN5=tV0JtZEzMn+@BqKb3c&8I%cyt!)E>sX&ioI=gfgyYH8-IadWk>( z;Tn_wwZP#bp$Mia2^hiw;c46%MDo`an^*_tAB@~L-N$2O{V)Z2iS^3@AXX;tiOp$c zaGL@HH8k#n$?GO!_eYZOXBL{Xvq@xbbHuOz1!KV!JlJztSXM*!$c9MGmX_?&QJv{G z(GK4oJKlOD78pQ(z)Jlck& zj?Qw!4o1#;-ZS4qe&L|#PFp~qW<@sots6R!LN}Rj_lKIZ6oo-Mi?>2Vste#Vcd6MyapWHVM>N!Iz!17UaxUD#$|hqOOReEU-^gE zbKWnZ5D)Ul)Q-HTxnd!`kEHrQH za2SaBxZA4E=e#e+Q=N!QviGK@0w;q#N?xJkL6XK$r5Z@GJ`dXoxsd+u#Wa@gCS!GU zFzi%*nkblJB+WD5LKjGnKN#r{tTzgtv~cdE_s!lCQ*Xolw+`HYC-o8DS7Yq5bAF(ijMd4ea&86pKKgqi*2P$B1rUb(Xx*Ji{s#e2 zT~uo*PklAWw|vjYX(>kvom60)zCeF3od|)$)%-bpbKKYuw1cX_f!9IPgiz-yN(*>yxu69S9UbtLq~l2QUjHLF zHl%(-Linnd#Rj|wL+MeMI;-R1ekDq}xHa@{sLd-MpKBU{XCY96X&WMESR_lJ+7O&i z1)!b%Rrk>tD3?0|bBv!S)sbr?*k{v|yQ>>U?F-DXo8>afm35T{4rfTR*+s@HOiu$R zurNhnL!!)+Q}Bw)>H{vkMTPTm7jD+VfIkEdN`WKNNSqsFCp{ssgAkM?N1)X~m5)?l z1mBx_nH>{rF~d58Cfz=5e7yNL5F%>6&a*kI)EY1XKXyan&?}hVgp*f`x3)9yO8$01 z^mcN~>#^POh`_*CwEU+V{s1#;0Qrf%&~tnId|&L|H^YFiFJ7e<^A(FuLrKObu0+zx zw~6XEUtq6Ff4f>g50kwe9&EVwLPLN+xW6B%S zku^4c*V0;gLE$q7iC6l+BuPEu3~N;!o{kGD@GdHfw0kf+|IVGXLaDx~fOPgzzxrqF#~<FlVNz|7fm@dQORhBg_F}Ch?#QA=P%t#Z;!m8={pPujk!q-nl z#jlM$z0wWs45GLy!6^wd=;9{HzXzEMgO<5Frp2mY;0CHY+8)Gyx)CJ_wp zIxtoKZb+y8C|bpktAI*aZWluWZ4k}%_bR&(x)&qp`l2ymjf|gA4V~0#%>;k02+DCC zd7S9Z4gQlBcERk#QLC7Ix+D1fZC9K-Y3Q%bLK)(??f5u}nD}y!1OP+p9*Dj@Ifhi`9jzQa4ABkzX|+}QC;FQ*KA(c z30d6vO^n1a?bixQ+4kpdg)$ttT^<#4C#4b@K52apo}xxdLFRvlwhu7 zV<<{qLnB|fGbGY%MNb5y^h_xQrR5lMt@l53I?W8gXQT2y2g&6WvNn{HDWn2Zf4ucJ zf8}l~$f$&*sVKc)`JEEYY3J<2Bhd8+;^Rf0a=0iE;i#Sa)>2OD#CiK={XrBpS^oT2t{11H=VU2C z)W}Ec)*TDX8x$1s#VU-Qq-Zf`6fOTTZIxjQU!&dDB=M*uVkBzF8IseHCRabg8^S{Y zvN85KnSJ=;K>cUIhYn>5xkt*=hh&9fiFmvf6vx{x2_}?;33;ARTEk#c*jOUkNUuNx z`oOn1bff45aI*Gk?*`Tg zMk)5uGjKk#JKJOLqRoKO&bpGbGq3;`E+#TrSwg9Hy%F4Yrl?7e_g=cm+Y!Tl!k3sR zfsZ=3%1@0!oH_{V69n&PP)&8VSM*Fl8QUe-)pEp#mhF0WFaS?8HZ zPr^*2SC-f7>%E^p?d%01KeG4?Hxc|Zx2Pv-TIjU+1#g&#DR&`;c9|i6;moDfF)9pm zBdb6dZBgYG|Dp9Ovb1?!?B42TQu-nrCcR_gSZN9)v~3ZG8{IhJqx|)0v8GC%|lIs8xzKUY0r-475%#rVFC=vDLecP2Dbwl5;w~ z!~N_PI4!DAJ8$G{C{=dal06)39vx>}y-#KSF#t9%P^V_x^v4&(b|0?=;uo?Du{P7!-!Fs^S{Dh&WQ-)fK6oQe`}7j?4QebxOW1UK zN&2D7b7{P18B;E^yY}bHbDcZ%JDvgKY1iAiIQ@Waj%vQu$K%&}zTm)KdIYk+X6`~R zC(0?FGoh<5lX%fyPdA8PMBg-SSmU`g%sUQc`hi7r*91N1$GLC%RF#tie}fc@gP6)F zG%A!Sq^$R@v$dR_gZ}$j$DunGfXi_<;qP(C1yi7+!dt`u2@+s#1NnnIDtwK6=)1ws9Ntxsn<^4|aeQ#dr zi8?pMvhi)*uv&F=bv+h_w3>bC-guEy(jNZcTd}0IPDiEMdCL5Dg28hkqD86)IB0*qqV66>IaE+42jg z7w?I+&{IrS%}?}xY&oJ1gp3+9F09iesyU|S9?;1at77r`;SltgUS&$i8H-#o0+=af zbb;_kxJoK!R&^L!!zNx;DVQ4RVh7UoFHenDbcEd>&jK5tJK`p&icRVqccC@kEKgTM zseb87-^B|Tr|EBuA^8<=j1@1Q>%jhuK%leaK!3R)^zZcj^@iLNw3vD=iqtiKL$RP6 zCYU*@VhQ@|IAudg-O(r$LL8!pN#UUGLEV=Rl3j(-0o#;eIh|mC|7im4Wwn~tmhyiJ zMU|Ibd4&Z?_@Mxi$$%n?Gl5y42lqx96+$^67p;#FnqCr*ohFR4?n>S?jiFaR!Oh-@ zHBJE#UfHVzK%?vwI9)z#O|c~Syi?EDcQ4StSQ!LG%o%e!*qSU^sxAjf<_+k;EmD+^ zA;hHp!B_@UbIq%M60v+WQaYAmgi_P{A+N9+c_xGHnWs*7 zVoz^8v=ZITQ45{mBu;%?(mtjV(ep3>V;i8Cb`;bgj0@7T`1md83o9eXG-dY5Mp6zN7ed5(ab@X|Acwcb4lkkabvj zT}51gXL7?H7EK#vQa&ln?%Ty>Rrr&rAB!hQ!a{M|ykIuGwM!yr86|f({XL1L+D=Ny zs+in zW89ohDuW`OIfJL_Q77B?qkux1<+qLtIxKHdqDTFz)ZpIm(TU=e){tf)bt3JwMgpfM zi!s}c+uLyKGOI=<9ZK+j!bhqt*k1YsA@ZSFODA>`9=cv|8Kur~4SYx^IH1Zbo*B>( zDEPg1Qu-ew#mj={9PQ#tq5zxWx|5op3>Kc2cN3<0q^#DSi%Gw)U*e=$R$P2rdKLmq z3XFH800J6Ce9jy2)z+h!Vv5$XM}M4^p(qH^SPk?sC3e%LiEAZFF zHy5?Z@nI!;++fb6tJnUxtw7yW*6+V{Vo?4!LOi@g3|iBjOmbh;N-+vRSzyo8Y90j6NbrUhOw(Y>Q6 zn#Ut0kfmrM63BOm#@0_Cnk$vqjmWMjaTqFc31Ldw=BVp_2pL>xD@pM&>3Phc68#F* z5@wW=xOK$ua+zh#u=656RCjV;wz>(F4a#kMDIJ$VPikj&Zl$SBL%j5& z=P*v?V+{VLX+76pW2(b#)XuS4wvpn7!&6fJz;$O)j&A#Q*~MzC#|Zzt#=ZHT7~{0p z{z4`(k(Xhr(CnC+iS{AGIOHfc!e79V*V3IJ4PlWOmr~_>o@0R<&HPQHDR4&HkecR< z*uwnlmvoChEfG;FW9eeYa$DObPw_A4aHn2&uMQKL@hxHVM0Nyw zZsZk{Sxy>CaIFhms<)KV@NoAP`_jk>MkGADO>j6f(sD3N@tVi+5+p=b8wDt1>jbR|Og>0)Oh%^xS$lS6wNT^|w~k={D{i#NQX9-%0dJ zhDlK2{~<1v7#lnJ7>~F!X5)^q_TkB@KL>?m4VXwASb3P^TQeBwmRyLGF|F4}Rz2nB z$0ps)&&`fmt|;%WrFb$lfnwLNOLOcrUj|w`_HM3f8Mn0HK7W+5LS{Die44OpYNRT` zM_91AtSKlHIU7V@hZBzhA*ezYj%Mz;pGY@5@Pao=lsWWzMcJ7Js<%V|@o$&I{#tOz}jub$Z*n8t#xqnrMO#gC! zyFz}`pryvoW`#;~!R7w&b)BcPf*`WCJf6TZ?o3u~%fvJBD`2Or^&rc7BeG4fU}rKp zpZk6aYN-N}%%4?!1`KV|-pT>n!GU@xca!ylAjI|rDJp61+D!HdL?Oo^W#kD{8sW4; zYu$i)m~k2^S_S!s{#)e4;}A<#L_Au#z=!^0O1ZzJg&)$uHW?O_-G#Fi!ZqHEE#O^0 zWtk;oM)RCu=>UHrkOj+XA|y)Keh{m)>Gom&-^8X!lAOAD!cyH+CGZ(J_pn7>rK-bq;aHsDt2>EsRv#2jir87@7Ac9ffU zg$4J~gw|T_JbhTa6D|e#x2}eYbxk3n27IsK^8PHD@9x{+{CmYfhh}tZ&6^;Hn(481 z4Zo=r4pBA}gDbYaig!CI ztScX}BxhUuh-s7*czU1iP}z*XTkr0<4M<}`mgsLh83Sf~oKRzwR}XTXM9va#97=H+ zJF>AkF8^APr>Q5s{>3R`DTKvKt>rnn=eLrT%bnkoYg?+}H zZ*bLHO~qH5sz8+~bZ#h)Hc%1;|tj>I|yq_XZDGI)O_*}ik)|36pfV%}YMqmkG zO^!a%`}iopqkDo%+}E7hcW)W^0p*W-@r0OQ%+x(_>hr@@1X6UiM?emfj(Wi{^WW##iO5=l=D3dJF=T zg19riwUuAEUJcJaY^zUar;!v({PgC3py6F4*wgLHKvpas5yW)^JT6jJhfRqOoDx&( zozojX+C-jNi!T*XoRF!NvnYj&14&_7-qr!ENE_+4Twh$%Dprx^!KuYQI@7Z^5`Ck8?;Q!v|hkvxo|~&zpCoL|dqG$;PM)z`qjKiG>&?=~j3h z@odd@2rGx?q|!;|WwAk_EQjOscEO-Vp6_GO^lm{_$>I7;J|re}-MQ(DpPCbEXJ_4c z&aoaFF|MfLzcMJF8$Dll32l^U#B%Pp2c(~pJ&QTCxn=ZBlEHwD6Z2Ux1qI+v_tD%o z^W-yeLB9$YBMQ9e=v_*#NvdXYgas^SELOdBNw;c_qeEHDR81$RV~=L%n^n|>t?R^w zrfg~3@iXk58Mp`gmW!1MA+%6fLA1{lVKkWElK?7*XRa5Plf*0$?!^uEHsp zJ25FVN0uP=P+0xpEN@jLLy9m1i6^qW;oK%z18_7nMGaa-CNEe)n2>FCMIoVJ&wOE< z;M&`M+@Am=Jjm%=2_FkTc+*f8nzJ9u!G2-t(7Zl3v>5q zRgnI2LqA4v{s=lBHc&5{8eCp8Z$osCO}N`pgJG)18pswTA+gN~*WG?KVg{2Ic0EN3 zN4H52ogJ1fA<2(t;~R;!1$2@tocU9C2HJ{s5 zVfBv}>wxM(PN^MLEm#_XKfs@wyub#21HMld(*%rJuO1Q2KnvGE$@1(1 zGIiND*9gbw7#A-)%MC#R%>{K>AE*6HCde+mw|N_G*7nNo6sCO&ZtD=&M(N>eck`q9 z`$@2uKZz0csb^hdVAM`c02gbkx&nm9>b;&!!5%7RpqbI|5vG?qG8N!p9qIs+e|Jz5 z>`0GF#RV&TQHh&Ree-SGP!-SjU)mSPa=n|hmp*pLULWGeT_;2n-kwIr8!+DMGp@|1 zLeaBK!B>Y|K;L*mn+eh7iK(?ZlSbdJu#8!!$Q-JLOzI-LB9Z4O5jQRwZz6s}g+V=F zERu}RQ&|8q0M1s%!1#V`l}py$&H{1JN*$J6X#q^gJ|O?X%d{MA z@v2gkfz0j@^jGroepxTcaZ7uBSnIFUL6U!JCG)-i6n_ZJ;LkE7ysvd6PnK+=KL~b zNdfuOSMG>_B#>*g%OYa1;uQC_Zm5$&1T#cGgi}qo2a`qZ(A>96cW}pq%EP*Rja50j zRv*>!%@=?QrBhGFeH_zLtJcS%4hehJbfN7I^_s@fcwz4QC$t07cVMd`Y8P)NWCzcl ztCfTF!VQVXPYBM46Qy%ZD!(@K-bBNhvjx2S(}ahiQRv)IP|w51SjRb(!BIqshNvbU zBya;9V#xX9iH_Z9y`2AQShx=d=Uh@Z&Ea^KOhn(=24zjK;s?24o%HGE`hz)vYMQ3a z()uHRRO7Q%5pHzRZRl7!lsasinm8*_qQR(AVT#U4t6B{q^%J;t=D!nL**|9i@YKMYX;UpMzX z?6N5Z#OWp;)`t5b8u}ackbfeI30)mBhY;TGBb+mkajKmX><=XB7zqCh@(VP)G5La1 zdy-|Hl12#T1RnRt@-J5EUY#o^ZtZyp3?ak~f=a2wolTnoHE{_r`MWSRUYVQJ1~0pO z*HC8oF@bjQ2`FQK6OG*@1nZ`Te+%{I6Cn(n{cAjh16o%$pE}mcgl@PmST8FKc+@?> zaWw#%9$?e`ikfi7frN3a7GGnX;hhJjg-Db-0qfXFwdPj(`k^|UtB?X7H`1z5c)M(% znEVicJxn+CONns36mRgjw3qWVV0`_`wU7lpzAL-d#?a2&IiN8?QFf2<$w2IAP)Z_S z=MW7DbUi#W#ShHZ;S);;B+r+}%iZZk86&(3v4lCAUsq?BH&o(H!Al01%kZNK$U&2^ zMH4AYI<)$BWB(QxLM2?izg^bal$0O~xyTNp4TEh3PW>VggU8Pn0h}?b=Q!V>t585x z9nDl7OlG)oyt-Ah)@{pQwNJ_SqshN`-_pL67nH{K-wM1;vaVyM1GTX_89FxT!hl(8 zn_Q$PaldjmmvhuDjRF34yQ!EokVo0^RBjeg6xL2L1Xmj&Ku4I`yY=3R;kUN|(>QZ9 zjGC9~xR{V6IB@{emzJR9orM<#)SBKOPZx0F793$C8GQa3O=w@Zskznc8|{hV=o=(v z1O^8QbhF96C?yi=&Q_~VNd%)6gg!JC6~*5|L*N8}nGkeUL+oJm)ClwwNc-e~eTXzH zXc(nE+My@0cxf2AY8*O-cLOa$v1>2ON{iQO>ll&Am4>}?on1qy-ohp1xKNMjHCs~; zMB_*X(kofS_Vg-ZM^55TaDCxKUa355x?93VD}T*n*LA<|>LugExv(lhR4h`#R>41? z*OUkNgjw|V@|(2M>^EwE{rR!6nBMy{wVNQ=A6|osjT>LCo;8e2`o3kn zlgXYFeO!eKbuySmOdXKJ4?22z0b@#&q)D2TE~WI3tNm#UcpDhQ!>ZeZ^WY~vzbljG zC)!TK)h@5$8bArVdqo04veQYcGma^kHh$)_>AMdc-|`gw z09wVM&p!~`3Al!_tlsIMbslBKOecEf+j1^`GZSCj%~fk59&zG%Azn2Cu5=oZ!QXGj zr%TRh9`DJq57}ynt^X1agdHG6XdQ-;6X=HWE==>vJ7agcq{0>_j!#5h;Na@svOF?p1@bb){||mZfxkh81m`rgh4#Rv`vtUV zH1H}hQ;7hCVl?&igrxcNbMxuR!du7la|sZ+PH=UW&>MWFGp68`f>+xJuN16U@3G)4 zu;NH%a#65iA-Nz!doUT><~)&$S-~c<2hy%?Ie#50Vs^Q)s4EhfXu1nYEW7Q)p(J&`gL0T{wW> zEC}r+25R6sBPUv5BF$CejQ4abv?3Px4UJ`fkLf8Cq=d64W7o0F2oBId!^j+sH@<2LiS8~CS~DBSw5AnFmHkhf-*)hGSM;} zSf+Km`ZQh(Fg+5SH2AlFU3=r>IVCnYMZ_+X%|YP`DL=0;D}w?S-1Ut-Q9jIOdM712 z+v(O`bfWy<6Bs;#_ukO)7E+jZ-36I4)L3nvGZIxzMek>41VK24UIZKuK-0PfXme?x zegkqWmOiV}p_MyOKkUqaDqG3|tx)A6EYJ{dl!O1EU2|Yh0$eC)+Hv~wjiSX_#-5%+ z*Re8Ai6yd((ekx;FGic&W|nj!GLB3gh@6q*4X2yERI;%eAD^pyV(j(#^NGD^)TWSE zxx@e2ke5ni@e+{N3SvZpi3b}Jy{A{=UneAH_zvEi6Bkb* z7?(X0R^Yhi!9ofkv)2_sRseYwC*HFmN|6U2jhp=QkY zDJ4*2;NO5CfpH46fn{Shh1Y6_*VvPIPVTJ!ApXe6uokJrlqN|@58~w$nTI~XGz1DN zpioc-iGosS6!1)$gGxaGG6nhQw8}Js0+b4Jkt!%ctDpd}f&$bEa*%6=R(S|EOH>ib zf+92v^0*pEP%V%kTOeU@kT7{Gx0gjg7bL6UuqToD*?vkvFDL}QAQ$|CTmTGmMFuDU z!XOt6XQ?6s#UK|L135Sb(*ZIl2FaiVPzD8H8RP?IPzajAG~f)1z%$4N&|nIP26;dl z2%9b_0@R)#IX8|)P0bop7dK>_dwMc|+RP@W#7;Io3y5~8jNK8x2D1E2c}J_7}xHxfSM zO=NcOfSjaL3xwzyV>eI`eKR5Yd&Fws6Z%8p^xEU}O#D1hFkQiP1=AHwUja-vdP~9S zvdC_Q(-ltN0G#fc5%jFbIXy>=GH_k|)c?ocySBG&D~aRh?a`;ek+Ykm$D$-Vc3Pd2 z?z%~u`qx~%w$ncQq*)mzA&E6fumosZP5l4t{|AE$!K*0wl1s%GiA4f~0Wg>u3}yza zrifh|*S{9c{iURcwbuUGYwZ;TxmMZND*IYxU#sk&!ZGE$>uT&fYmFVPHTKU`W3Sbq zZB3I|w|!qT&l&oZ`tzRMr?v9js66M!3T3yCuNCOeUV&blz1KRl{wesBB^30GLv$bpYT6eZTt##+M?!4BW z*SfQOSMM@%ZRPpfwepPC%JXNcJlE>Yf21TO>Z;!_+30*gBG0~9-4y&}8uJ1*qUFrE zIL5Be=U?*Nyuz2aJ}*CfH9HyfKVst7o0#<`Ci}GB#N6Q~rc-FHdYM|;nigHQ@;Ti% zV_c&PX>N9m`r3To%umP12k3|-=hi)$>+5D#o7KW~GuekPIbq`<_u_W%lKHNDdD7y1 zjoTTeuk$so^EF;0U*nAPc$|CzPIx8cp z=UeNnj9+P1#br7A9m}Iw0y+~*pTSCUAG4X!EMa?uTTF{;t35d(f0|Fm8xrB!L zgu8tgbh3Vu288|V>A~AP-N2HmFI$@It1`2K%d!B;5xQ5=w@-Y=zHf=8jc>mjOa{5n zFEQijnZDmkl$m_@-S#8$HK_JqvIc*X_TAyu!ZlsKLus)J|7d-G;+LVq8`hiCw&dGq zenMQm_Ge!-NB-;#*)?~lD~7E1C`<28HZx#P{=eV4naugEd-Yqi^1h|z?!?HGPq#Ix zQ4pJlJ-`+F!!K;?^TPVJCSdV}^(D>s4)=!HkdMkkvECA{w}iKY=I6F0TyGlIn})mH zG~`~azH8WB8~(qfUBh~RaM$|-=*t(Tn2OfeU-YoTR!H;Xu+~OzP8;=z>xUSO%7YqW zE`{~2HPw1N?@m+wybdqEEfF4QCBs2;7+sSIZJ!gP2@iJ%+rvkXzTJ8>*xD|XI}mX9 z3r8h)B}b3&xgSkgYgwwxH^|fV2}r)cdNZTnfBu`9GGq9zgva8&%y97CdNcC{ZDy7` z0$G*2KPrAA-VgJ`(rkUntp5wyO0ADt)<-QXj{W+mWqs7LK5D5%@vpXlUGGlTyOU3T z)Uwj{#G0!0_T=;5p4{|C#5!tQZ$#E-I_onX>%;m?=hLgb>oc9UXnt~)xTC;|1uRyf z4WY~283}PFCbxFwYd)8&$-~JRj82#1X|@)-oP=?JxgTW;T{n;ls-~D6=D{yYRul*` z(^!_5Qoy}trPS?4DrMg*mBrTS;KesT@=IaHQjsGCF5pLQka}bS#EacHg~(@C$bZ}YBPEGYJmnwbgs?Q=57M|ohFzg2Pteegm$ZmvEBAIv1dVr{ zZ!EF*;NAcI)_woahf3x--`IfInIFGRf}?rlRaS+@(wQki>Ye77$NUY^k#1^!Ao7TvyrRdvI z+PGaUxAjOXB3(|^ z%Wke-?7L^M0aCTqNE%DMtu1ti155APwto!6?C%}x@1gx;dtiUDRHQBI@1ZA`%6pBs z(4H+qTiA*Xc-IDOw~`Hv_>o-?)qU*Q_-b5oL-r?y{YW?Et`eeJOU;NB{Ximj7UJX# z_0X0xeC)`??cEd%0o|8_pME%}zyJEDe0y$0^`p*J=Wpxh^Lhj`?%@ar^FK+_hq!k^ zj?O#`Zmf;LU@+Ky^a%bR3SU_Z-Z;MRqWgs@|YPPbvDoo5|IQ4=!kHkDYH%wo#VvErvVuuExHd9>ZLB1)=}oT zLCQEuUgJ>ka1g;G^i;k?>aCUcW`w$L8S&7BCdl(y9N;7wEtgM6x7w=P6};PoZDx^!`L@E9hr6jOfA-0^}wHbAoUM$fp7JLjWAh z5l7Nsg@k664Zta-0l|^oVJ%R_#%;{fQ$5FHe_}>QjYqdQAOf&eg^fB0HI5PU|CGX8 zPrWq?6}>vr#S7DC&)2}&df|6FoegA39hpu(H(%3$p5nmC6s!6PGewFMvp-P^5lR_B zI6~yoXJRDmwn1BiZEEe97lzf^0Od(6!&R)OBaS(F1(vRQ$gF8@wi_)W~=i4{DJWSyZ$dBl=dbq20X_q7R3UU|yB4Nzuz_J;r1S}@5KkJ&rB+6*)|IkA$#eRO{)7wqvzmyh6e+ETAm5GE7EehYHIK!u3Yld@VQw7@o|dxN z3(Uy{p4YLFIAyb`EK*~BYBx_ihRj54&D{-ua8|lg+s9|6g z6L6FKtL2HW~3IV#8%}yVOV*lvC;~-o?@I^5uZ{sR!Sd3 zIP%a-iaqoL4shfOqOr%tkERJ>^_Go&`MtEhg(AlY!f}jJCQwra(Sw(GP7?IkZj>Zo z4lJ^*;-YS23~T7uBDWnhZ-VNRthV9ai9iLVSo1ZA-5e^CB6wPUxHzR7xlk~;2 zCT6B;!K)HOGvlm**PpxO?f=rjrpISEqRg4&n>hq%w*L=ycLqiK|IW_#qqY72E*@#H z5!5UveFWsA7OWzu&IbCCCg>OnpnXY_Y!mGT0lh#!`O_H@WE)8*19y%l2@Qdcd#|WR z0>Lr3kj^2VYhp$Gg5Wc;wgqcrG$fkV*(N$oIWRAYQV-6Kdy|AloJ3w{LyG#T;9J2Q zVJ0{x@*|WGF9n}gBs~MsX+SZ20SHbis>fCK~EF}a6;mUo(41$iY_385*$qlbI==k20TIu zzSu-N;U*f+P!B!R>?6S!64@hgsL1^PMrbGObTaWH`XsF~Y923ng7=cCnpUKRn!}lQ z>V$sOI}NCN*3&KvBeXTEEQv2$mNeGf5!$-QaFD`Gq0vKvCyfw2{hheHC+d@)6xkXi zaTCHv##>+mJ&#x_s7B0+{0cx&h`Bq1VF#84u#VvSYaC|&YRtUK4zd)Rvj~3A3;k#> z_AN%re2=&|c}gRW{fH!mE+`6BrBri%h^OY8Py1?Roe!Mhj-$O!u{A3_ln2m5yD2lH;~Zl?d(szrPv81vDI#eSJehGGkNW-L)?;Vj44fhOmsrK=>F+RL zj->P6#1F_5+c(;tArJ>0Js(FLCtRox+z*K)WEA+J&jrN;2|Ai#sJ_Wn3!h-o=rf2- zbTRYY8JgiZCJ|@}vWWn5lE5g+X$Rq?7YlOb*&r5clyMw!iHRSf!ylh+Z*PBxq|YRx ziTt7|*T7GRkgMk)d6j<@l-xutb!P}O)Ej!D`qu2xPUxUtaNv6e3`!%PGlUa@Lbi$6 zCJHyvY!i8#=wcJi9c!4yIun4O^tSbyA<=m@`I3|l-aH$>-h1`j&@A-#$ApF>%lQf- zQx3_*ey83ZU_Kj(QN@BRoG7FJm?oSR+f&oh6GUQwxth)oXu=^DWUy7JH%(%^RVEoHrg@y_HO=slFJsjA5jw@^!acfK<=5 z%IHX>;d3XGuTZs0(26%=cx9l?D}0%gOIvc7fDa$dBe&`!Fx%&4;(GDs#nU`tjZk+u z7<82aDLwVr2&qE)3WSWzq(~L}Kxaqp1VM(W8s&Znf~P4Tp>4U-*+8%Gr5~mtiqi0u zB!YJc2tHwA|Ktkk>4{lZOEH+E)47t95%q{%P@y#@e1yKO1uZ=rO+QeGJ(7nWlLTR{ z8I)ijLH!ZhDh$vP$dz%DYXQ6Drha}N39a6$dt|s^5kq@2l@bTQg`k-c=;a6v43y&;LF6*_ zlX)gAgz8rUa4rOj&&BEumnO5JBr}^Rj+CI)XEM)x=F)SL%sWPpsiq7Wv{Cq`NmURH zc8g!lj0vtOwL6Vu(d+>hjI0M>hkLDfI)Ls87)4g97&cr2@xsqka$EUhGnxjT)B&Zn zLydse+liMeZ<^T96IwpawAEFZ{<-GZM-4jUr{2b`{N(rl?hGfK^`{A*;0X7hil5gv z11#A84|X4K7xw?VySqE<{r_D&IQCUA%?OIHtK6?b0We!zAKv1UlM%bOnp8} zPg6z`7la#kTpAh*)&GZB=$QRDJq>)f?}yWVK&N!f6CAM^3xPg^S&V!HGr}^orJ`J?_xGW!%j!KBZfkq<_YFxIv=4! z8VFVRZR}xAM0vqY2xA8cJp~m)tb`X@8;Rv!3deqbMsUF8{yB!7$0s>!b-}Wc3DL+UEBM}FkZbR8Qa1hMZA0P*iGPkc=_O?9GoH-*03UR&IKy@XFT}1VoFB@PKa;s-xa%pjSuaND!xa>KW@sPbTzOnkSRHtYiBZIY)Ph5t z!ZyZL8)Pu8)07KMSMDg3tNnwQ6npwaOxJ$s2QS3^pCTT)!2o zuQ+(>q)UyYI)oEYO52!nO+kTq6!jqo~$hZaS!RgF263d{|g3DOs5mAry zq!q`fQNOd%5pSefh9+j^9MeFhDp|Enmqsp$dB)rTT3>KBp&5BSZkhm6&3?*h6K(8G zAcS>(vnWU)z-mR``x{s_18Cuh`#t?eAg2G$xQaYwH~VpysN?h+F9WvR0?zjNYVR(W zvejJWLfpu?Wk@<#2j%cpvZ`0qBbJmnB-r~k@i}=DxeACh;Aq=Gd3kRXY`7aJ=YBEj zbg&otk(4L!r+jgM8M~l~2W~Jln#Srk4Cz}LB!UA@k_dBxm^&k08jxfY5ohY4uISuZ z*J(5DQl>(qV!)D~;>DJjh1g}W_Dwr-kTO z*_hAtnNG^cB$azhobnms^o&Go6A|tT1b<9uC^ZG;kFtUGJkOWfQciw?AOy6*FfXL< zGctit5uDYK-#{j+;>=k^j{?h)tf!7JG*>r=5bzO>*)%6Fo){)AKTUjh);mp4PXi(a z3?wX9-!(=qoD9n^qV3E|tS2K&22kQLVkJ1*1VEFiSr3W{#tA+5#lF{%ru~gPppNxZ zOE~KlY+RM_vh5s0`O2;=-Gt1C$M z2B0qI`lZjF<$Vt8hEZv@2u8&t$+d@5tIEJsHqeRCTuuzt_s?pwY`_MSU@dFPI!tt}r$C)sWuTLr0V8zGteT2@O2K(C^>R&zx8;`i63p zMR3fs;hRQ;i)q{5-8D-rA(Apj$h^vysJ$p*Ko7};B%sr9ipV9%<3J7bD;(!~;egz( z>IH0OppvMgKS)ml5G+|OYlQUjfXpSt(}!WF^9n?m*nSyF2volbo|=AyPAQ)`8FdI0 zz>`&J@gp-g9E-o<)KG2(3^LB|OpMq^`5B?Zy0lkMMF(0)Y^bWuO@M`~N8Hd8Pr zRjW^(;Rkfe^mjV7OfU!;L077+zH|%&QjAi`W>d`i1UpL{%(?F>%-k7q&&Cs)j8m|2 zWrwT*oysC1^`u7wqk;541;FD-o2`sgDcZ;3OnK(uh(_~}rj_n`iYty2Dwr4orzZ1K za?w{pH+z#z9hm!<&-M<`Udm@A;=YS*_ZkIRDn~+{n9v}g7h)5k2!Te(nx%|R6hTP} znP5KvQvrAl`SLIq07$1e562FtVSs!=S#T~YwR+K6@m22xiaizYu)t_6wo2nP&V7*t zH5R?0Fm>2RQ~VakY&)VuTFyu+Au9 zbWLB4yYw{{&xU~36VR4}B5L$E@&k~K|B2o~NiFvTJR$}3j1$`t^h)?J{(KTAU zR_Z0j9Zfl=1^x45Pf^x6NlqyvbPPp6v%tC6>YPS-was`KppYV4HBdP zx0oQ$$ef`QF>oiKG@NL=Kpka@ekzX)wf%N!08UAYMkoF>6#9W2Arq$o1~g~_XjGE4 zN_*yk9t*ERr<8nchGib%d(S5GA-9mg% z2`DpwRg4oH5>66UpJ178UX_c10iE@WM^Do4H((9jnYaC`r183+AA3f5g4(d$r zIo}vT);U9F(KMOaCIYUHwVK2Fg6khS{F1NI#sdGJM~`*}`Sbs+!S?Pt{^w4fp@Uu!E+fzGfB1kL znfTE$wsCZIbzg{v1ZjaMl;9+dU}GdS9_b9n12iREi`ZT-vj_{QheU`V;=DF*udc)g zqeyqP1~5s305WqTN0jMNBzCwE?$G_If z+UaaLV8(utHwx?60ez@??qjKgSp%R>BprBvbtU#W`Tftc*GJM|V4tYMI4U!~9Gn)N zbm~S3?1mpchz*lQs}NF&uHYo|$C^{&O>=rn67=@)Vvhrw@NQ{l;4r$UF(r`v1HFFp?D_cM&EfHrdk<{7Y(T%P2JD&pL4h6Kwh+&z5BV@J9>Wj%l^}f32fc!vMlfZ2R*ZaHEMdX zib?k4tNRagi}hZH=BSRL^{f?~n{MNG(M8phU082AYN;?FG4?{FgM2bW(YeRZIgbEPNW6KY*;qe)gnf)*~0UXtj4e=&>ZO!MW z*3)k5X{rC)M$V<%SfKxJ?F@Dc`u}iiXYK!gC(nlu{cq5@AC4d|%ES+d;POvGF)Z$k zjLI}uG3X!n0R7RE_Ooi?X+}aq z$qC*J*WBBs5sVW*;uF;U57zq+)-6Dj?Jh%Sb${pR&ze{Wh>?yBVp3sp6{W~hU?yvr zU?|nC?T$U#@^9rvfj**y#DUOWy8rB=?zp@9dMd7W?F)=$C_p{(`H+Fvb#$69rt(ah zecgu-hPWOmBY35H_^=M1QV;XAQGl$kCn@c3DuGlGz^CTot3NH}zp^JJG$6}|11*sM z!>z|V1^K@Z)_*N1pN7KcoTa*e+dA7^i$j z6aP;*U~|sC1vl99VMp)IMwt)2jGd3;QT28?+Yl;$3!LzpqKbc-vPu+>N;^GWU`7(3 z!*P{eLI+fTE?!8L4z-gUe0(FW>vMF)JLH0g8pgrL2H zeVIQkcSeWab+aR*?)#2BF^Bh4!n>QO3q~FB2i(H;KI6{@3H0v09;Ix&l-=U%-jv

2}wVAXd=0WAADr*F*N;zaiQ3DCB#lwnETmG+wdFFZC zGv3vUB*8-cf2XMb?`*H{|GJxJMgHHQXkJ})3Q0v2FVH^dYn6XVm0xDQvz)l};N@1J z@=h&A)1Z7X4XTW#Q86w$lt%uvLTS_iO%_R`!ZWG^X%w{BBubW#44AP`B+Epk+}_su z{#`xG^8Zzm!7TFs+9~P(!<}{hr@MLD^8Y1RdTY-1Ww3wQt%Cg1QMCZX1QdPvfPSZb zgu0vEs**YWZ-+LakCsE$y)!c3ME7KL%;*V7kV_3N>!=_3UEPOwA3i`ebanM!*|rTd z5|D6H{`U(G1V9BkGlRoNbajQEm|vo(DNyO(P#6%~As8ywcc`I??u8r?Ek{*Vd2CUT zsTqD%2Q+2UF5gV2``Igm=1QSuMdn&bDvM#lIRRP9L2Jhd=ZH4Pe4TPG!X;b;EnmFb z?ujMA%Y!=k!;6Y1C1qMEh7zrT#*@1M?}wm+;zp_Y>;wxh{$MNamT9v6KDZ8I8JDnWr)yt#=HI zs#x-0;Cev#lefn|_P*8iRNvIp0h(7=g3PlQ;&*nYSsCVyW8V%)&+5zZL04CO9d#|f z+D+>B`F73QeB(oF74`KZvEE57L&3=SKDxU4h#2wEefIIUZub7S?&#hBZNC4e_!9lr z%}~jK`K|kLdf#jm)EIu>7@aR5nc(iLtA55qAf|dDwbx0;FKfHfQvc7!ttSSjx72=M zq5WrAjQ@DFyFFOz|9A1MX#Xj)wpK3x2;!%pOf=*>}Ok~VgyeX+w_3ZKM;FVwF)0Y36 zJYg#sfSURL*4EBW(f@aAFxXx5|GRirvH##WW_`n_vqYy~vlZx8PHbc1s_e8XXR@`m z)-NS+rt@CPjT`3f?4>nmOAOn>!C*R7b0;$dSa_9lI%f>tpP+~|mF(uSKO6g1V!s`s zC=G&~$UySy4&6632o|v+lqaGkM`Xd6l;%F4@;8ICm;}Bp*#QyKWFU-1lS|sk5=o=0t5J&z98X~k3$59SE?PjzQc~MQi*z9E2)*kvaHh*8 zIjXi+b>CY6s&3rM51n;|RrXj}D_b>LsBRLoRu`|tLnV!ELZqnPFc^k5oj;DgPD zfb1D7UJ@mr!g5;JlaJ_+lyXw^GN_@tN;m11$SzA=`!x_=HZIqoyxP2qeXD^_NOuN@ zg_PH}D@9hAXPH(+R}S3@GVz-g5`P8t!*5hJZdzBcPqOPowVhhBszu0f*s?v73b3}d zEGy)#nLE+S$6WQ6y7I6z+CFOsYxTpD+7a#66kPIHrQ$rlD!FZOav*2l;tGq#&$-sP zIcfpcSwNfJD6YH6>KIYKm?ynnM=um?vo)(ckiM}_WC^ybvx+x#rLug}2Dg>+iS9~W zS=gZN*mXzN2HJ9PbIz#OR;)@rybDQ;*89!n_M6$u+!f=6k(8#YLQ92f!0R)w73#$a z<Yrclj)1LN7jNWUg+t>7}f|59;wh*gHD<_08e4&#n*V5+3_|lTT)4Z}(px z9q+w-IX-y#_Qn3|qxQXYwZ?FZ9kr9s+dV8TwNl4rcI8|K;)X#udUbqoTZFmVX%Wr7dn7uqn1dA>g(pRlP7)m+chCum)m8)?HliwgRhMS6-P3q9f0And3sx(ueLZZLa4nXYS?L(*I9q z2VWujb8-I9;cn6Yd$_fZ|Gb-LMgQ+&8hVovQm~lUN_l8v%~=g)?m3_dw>6H6bk#j{ zPqhoiE32?Z2ZEP+1$RYq$w?$bT+WB5gk$ZwxG!r}yDert`I1}|E2cF!aMLjLy%A3+$<5}@+ zds?+$&hL0h?snPi;$5|clxGR`UQzy^BoANJcp6~F8qWxd1@_)BY^KEYjAu04%zXM#nZ?3v=0iJjFGt2e;_xbA;RDq&d z#wW6*x@^Hb@9w9JC6@&7@^{XgsbAMWP4 z0sdb+Z(BwH=zAi*dO2WSjnL*g1AT$QvNtDKw?Ne10kO&r5NkF1D}7q>e`(TOaR;!7 z|8H#%i~b*j$Lsu0ck)~-|F`tM`kKu%GX2q;82^zHlV>jrtEsuI`y)EteMBNRZ^tNz zP$+(&?*x~&om{L-8MrB3-$3T$SOF}-k+&DbGyFOY(W5~V7&{oZaOrrh$E$HLEj!4{ zbCksmu4T&|Kdt${^v1dk|G(|QR#E>SZtbk^|Gbmun*3izc7DYIpp@`Tu7f70x=f^_mnsU0EQP*>g2wtvulh#tV{c4a}GG+jzWQ>iT1bR}08k@d{a%2?k* z;SV3IOFxA~^Czgb11~A|e!u~aT#|HcBrDp18dcKROqvBuW0QYZ3Ad_Rl^kuVcLavH zLmW-@c}v~b>U4SwATGQF!DtQ(N3SU%pe#u)IY}ZM>>sGESTCBex9c@ro@GUwS4Wx0 z?SjgyLcTdpri5Ej;*v!^z>(Lmie6I>ydcFQ63SA|N{UpmhYzjT6#Y^lTvs8d8x`|` zw&tA+Ox0`M>o4~#r~j!t|Cdw)7wCV3o!#R7Ut7D|>;3X?UOjh0?|N-Cum7z_kG8h*>wmbrHC)Gk-O00oUdYKt zKan6ruy{J1Z_s|kI1U1N(fFxHYV%OtHL-*k1Pe*!kF7^eirMz4BJg&PQ~jbMv3n_4Rcco{|L7 z3F!80;nGN$z&{yaPCLb zrs4UBPClTn;4Uu+?~c$1)QvHpbw{WRmz&K94me~!7aO~-+_9l6)b%5u`#5+;0z5w= zE{#0a9iiR9ChDrY-Lkja;_U?cL7I@`Swh&123~iBh68kUg4B%LX=DoBIwbPj?RV?y z1h6Tj&M(eTe#Q%F_G_@|nh1jK2t9hdB}PQL`ODu|m1F?e6cf>&6rn>7dt_y*ZG1kW zlR}2rwiIY#!|}Abmd1wTse>Mzyh<5Irv!cf1noEjXK?bcjLnX-?X0jqEo`!kx;0}X z3aFr|W|-(?fAX60gM=^=l_q`>Hnz#4qV7jqsHn1F464V**a4RtpBy%V#1~-$W}Ax{ zNr*wrXNX+Jlo8Kh^X*_IHk!l6vbCP%u+f`^oJ)2+Omy<0dd)0_jocoU;Cw_+Q^ski zwoi*;UJsi>w11i3NOwl2BkC7p1ED~xuBmeDd48re7I!jJ`4IZgWu_peybQ(~8@RWW zco0e^^xsOy)49yZ2(woWoUJ$T!HMM5E=bXgO= z&=363=PZxSb!N)W2Up4cUQ>@~s+rIP#ncn(y+4gWu9wPR3mYrNTlGvGn*wccy5>yj zY<9K!^`1_EXLPLv*j#69D&m~-{N^nqR+1|fLy9T#OuTw8yq414ITXQRE&(OS1~q`AFMJ}<*_LQ1DyaB z3uR`RvAHR1tWc^G1N|T?phB}ySifDo=9;R=Je{XvNTP)>V(BUJeAvA5SruVxY`WcR z=r{HyV^wl$FMxwUPO_`Yq*yfz3pj-#wBRWtSqGb;QibWT3K%=R&mT6PyjbLNtysH+e+U7>g(Ac*>l*?a>sLEF} zoGivhRWYgk*^OgUJy{=7b^)H4EI)+(Up>s5!X`^@dSXMja-Jq+LK5KEe1^GRJag|lZ~Y#h&&yk|JTIT^9W2^bTvLwK>_Ic=mL;ym zcJ#WMYVKarioNK8(2!g0if;g$`b4QG$g&!E@{mFrlF)_k5yS{i+!^Tf*1E!xC!`YV zr(l<6ed{kHVF zQmCFRF*cdFXg@fOV^g@)?WEP%WLR8xa3nV6RQ%UrIY+OK4}=ork%;>^V0A2qp_7!6 zpy zSAowcBMJ*Z0w)ArBtGXP67+zPy3z=!6?QztL#K0d%^P|;lg^4t?<{}{Y2=G7wFdx1 z0jU`fFUKduo*Ss&Q>(#q&>l*NOT&;vo|FVWG?FqHhO8m6-^qY&iV?vPN{E-bP>oJd zmfX3f>VKnoyUsZ&_9oZg3l+kG&2;?;OW@Z%)SZt0KGS zvT<4HVqfsGD6-32S{H~$h;f|oGVrV~gp#ID$PP_56uX zJf~w3o9=@iChTD_3{MhT;o;#?mpQhZ2ZR~gmiHx@YZV{juMxg7z|9wLbgFq0SOT0RN|GSOkumc4HpK-wtYyk)&Qc1y6!-nKo z>IpiQJMtsDouhBQtK+9E)F2|@3(_*2gMqC zmdwRNo1(>(sfJ9DUu`|1+2rd$_+o8&F@gE=`je@1N@?&tlDxa``3$J)6f@sNIOQ`a z20!;wJ}b496$DH~d-)n~tMIdGnJbubwGN6SQHdomcS|KiGlD&mFsLLxKFz)rAcZ(N zQ}O_4z+M8c@Fi#fF_7C7D*8B^ z@d{WOKoY;6Nlx~6&Fo;E7&g@%I>WC1$^!=TfOwLU!pmPpkN2LEgj=7jQ3qTo<%Imd0)jkXx{_G3OUw0GRr3zc4mGEemcHTgO%KHIx{Mi z0wM3%sBh7j?c`0#JyBUf;)zksKk9 z13INW_jG6H^mNDFezfbv(Xkmkc5Xg!c&qgENnHfuxQF=Q_RT)o-ZsLQICwt zC2X~8kjOGR!=F9IF(oM44%fvIM@Z2Wb#U8!a1kHnKZR;bSjOgPf2(Uc}jHj3h|(Z zJw0*?k@5AHt;@~yA(2?fcsJY4e}tkm2s*O;T&tN;4R&d&IXTZc>C{*k2trqeA38s< zb_r zWSWM8OwH(D@&xZCQwF!#NifG^t8w@e#R-}Cmq=`wX1+VqmTd(}+2*v_&p~e)nWTZS zREq7m_~U->f}ENF`Cgg?_w@~1LK9;_I+e{bDtBk1(m76iDwMTIRulM0^CRPem|#21 zsWzctI4_z*0c{{s8(kN4IB4L(n^=y{Ll{TVxwnTet?_$)nYE_+EPAOM$xpCQ4rTR{ zDdfAsciZjfq{=-<*8Pzta=pO0Jw@2_5C$z~EKNQ3BtDPMtvRe~_Q-Z$5k(biV*() za|_2C1xyx~O~JT}4M=4v$unJ?idAI7*>k-zc6rcpBv4M#>o><}N+KedD8g2cv~RGc zn#y*q)sQ=`)Q6O|H&&)QXOpg%jrK1Qh4%_{FYiw-4}o5Oc*a&&V7Wk{=adDi~ngF=+NxYPvj<=60DJb$=<@JHW@D%M*5-W=^-?+Ot%LebQZE^CVN zfc3B|x_)1D>iz<(G8QJ!Q*zxCtmvgYW>I{y9#R%v08Ef7!2$Qx>54iAOL>`j$e)<{ zKGVZ#qad&M%QzrHz5JAVRP5~4R$Q0JUiOP>i~mN5ZGiDMcWobI zK`$Zl$fI0FCYMPW>1F6N&s!-VLziA!dfD^FgW{~&q9)sQ_5df=;{mfeV_oXFp?pE= zr(H>JyKj~&mJXB!0NOw$zpWUgx2-I1l+|Sk4ni{QEAqvbB{zP`Ss6}fsS5s;f!NsB z+9En6lg!jrxC)E9tnbpuB{7FTvKi>h(1u=2y`BKv*UZhnp5G=Sxb(YwM&_Ahr?DtW zlM(7Z7aORL&o6z(SylkH`yxF70IrbMi`Vq|C2>k0>dAaaVwBAO#EP%6^f~Z=Q_&;3sQ#TV z_RMEV3jFGa)SD7+VohX;r0paMb|7SwyhO3@8L-UY8kbueRf!VuD#Vv>BXf)kC&GY_ z3bepwzxho>oT-DljML<->$F3kV|K>O;l9ulq{oDzNz&7PFg?>!)}sxS^Y9-DB#U>R zEs(TQb%Et4rW;}Fav&rjAbCAd21ad~MR9#kTcu>ynrfK=!r@lAAv-)HC%3eMLK*0H zR-6l*LC+%``YtkF5k%vYQTRdv&&EyNoesmC=?cY5eFR%PB-r~k@i}=Dxy$ubUa;R% zFIfh#85$XCqihLkEZ`76zcqA<^y1{FFPnAcX|oBzMOrXvd1M6CDVflO=pYuYzn#)F z@{}mH!k4rb+q!qK&q4{M+}3U6inX?2aD2NAT;~6o6QSbw2yMOamx6L6gP{-@JE}&m ze8lUDyfo6DQV%S9!$YxrR8vtJ1e++L zrRKoj0{Ny#NV<=?GfK6Sl(An}OVB~+!8G1NG(vm79*JJy$is<;GBpRG7e7DW6ra(5 zqBk*#jyQJD9@;apkwa%B24tx@QCA-zv2v@XL=vhhB?^tuzf14FUu_^uaF!WK@UzK} zL6Vzy;rp{+d#)82rT_odzNDD5ahxP6uYiq0|Y-}oM2Cu3CiWrL@=uAAg=Nl z&1tH1wz{!cDAzh;N>9DB@GKvSRPWVueTefx7g>Ru zKyE|duzSN`)jhyB4Ry|39vGndkLz5D{LTI4pj2HpTzPe|fVlGY#pTY1 zJtACCxJoDWRGx(q;^}2H1yW8BpWz4%(E~;ZIwb+Uc&KU8uB!F|ECXKFuoYKQMHm<& zGsa`3DKi1}a;=M3j^TDQpGjvcK$N){*o(}GB{_FOG}19$XdH{F_sX=Q4|d)p9!ZEN z6xq3vB)R?kj9@PiTDeJ8Be|}?9GF|y%bf8@Rny9H_4*A81}tQoT_^Z6s5nM=00!{R1&631LEI$sL{M4Q^RBC}R|< zM7o(=wNJ##IqjVksZIIXY%C;NYIL38S(>CKt=4;Ml=BmS2Mo@>y)RX#i*$7vMj6Kw9ca3rN~+ z!GN+{7xK;vO+zM2Ye$A{<;T$M$xu9gZa~uZM#!Jj7>|S&@RVgl@1}fG1}8UX&-_HK zfi_^x5qTceQ(dlbo^79KmrevsiSog=EZ}%nk>c65k`j7pG{Y|*YuD1s0;zcua?^}l zQFfNyo7T&2z3kS@?pBvwM}UGY+$-tcTyokgdq9gp>FI3MbxwTfK&781q)H~wNDyid zU7ir4^(&RFx}s6(QK`-lPXnSd{M2|179AjSUCP^9mUBe3H=ubqVA*0boJbcpIAM7y#&Y1>`8>>gUT=v%o8*TMnjg!#>giEI*dI;K3mbQlW zlrHW^Q~j>Lp#k@FsiGAcER^ldxdqPpN$t5H^}quA-B1}|Z^XoFpp}faS%8>e4%unB z%92{W^C&t(WjA1gU{?8wjHm^gx<)iu6I!jeGz9@I_cJQQyv2SdF5$3}?zaxfY7>&R zv4LLU`Kj^`0ma64=-0HEMQ&9DX_Y9YGJCS|7u`VrOH<`8GgleIDG#6c>nba^)1u2ej-6Yvm7KAz;3Bc8NAcbrf%}>(euOCd#|4B)}XN;6B>?8 z`wH66WG?t;_FA)zaL%$=8TAEpN|TpIFr0JEBtd8YF~C!E|1PWn;7Gl|pAdKMW-QzK z2EN2S9Q$YzU2@RMgL6z~(PA7Iw&`-z52WanLUy-a?T$40%C85DB0I54e*qHqw zvli&)SssckR73eCLVh*1k{qKxWGYAC`ySu2b7Hvb=`{nL8aunNPJFuSO{qp&?$QG>)y+U)ff~&Yi2Jtn{Y%} z5xPaA3PzkQ@gI*&td(UVmM`pd9V+5V-ZpB^EqlVb0jZ}E^|uiB>3 zq(LleAK8z5o~br6?H%0p=Km?Bvh+C0K; z08(cL606io;NqGynYsvJ%R1Cpw`^azU6W50uB)1X8Ykng68?h{89D<;q) zslL&mwxE; zcEQM%8qUIqWaQ(}!6E*WM)-ok{v@G6J_B*fu-)obO98uefxbm`U+PHKag%NTT01SS zoff}Fr^R*DZ-p_dMQGz^9vF>x8pbvWd{=TXRgs>UE!qzZxhnf$Ecq<1Qv z;D!q$r5ozWUi?B5?z=buQM{LO3Tr-}dbBQp)H)Kvre-c|hQk~LXm zX$YfV4)*k&GzBZVS?B63UZDJd_4I3HmVIFn>We)C%Pa5eiS}M1u3Pm_-Uy4P zhX+p)T!&2~TfoW7kHk6>yJDBZ34=5l&u~Op?~jxuzA_XEAX>~-&~^dk;o!T$&}c_l zl)8LxZwz4zhizp9J+OXgW6Kjkat}An<^ay^H5{u?E{!6wz`-5Gq*78khj zu9~zjCJlDYoHraa+udECHn%!$&T-<;B$%y$)8bIJwT*RcWBuxEtQ7{)FVgSAUd^AG zmFbgY;}hf2t7320vUMySeW`Na78Us$GIQi4@t1Gl_-^psu-=f74@0aBM63x#Y~}P* z+Q#0JyHEWln?bdU*Zapog zLq3!7c>T?E4onwux52y!OVIv|M`0qJQ@7o{61V-Li zD2Bm#-nBKMDK|+NrwL8t@dfs+7)kv$i+J1#jWJy!Sc`H(VuHCK)y%V#2P7*kRij_gzd@3l$b}f%E zH}PY6zHtA;2Xs$Dcg#JjS65=i{!UMk^;P`5xN4biuJtP_LW28(!{$Js!ITLj_eArY`VM2u2(eE z(FCiyo)7QV8?u0mCz=OJlD0#_tHGAbRgOG#@dpyn3&by|L>jVWSl!loT0%m4t}h9N z>8W59tmKV{%GALB%x=vnYpW>Hzqy0aZU z@Ezhnz6QyTWlqkAnbjxC4FB1oHNoyo`)GOoWI_@l&vD9UB;vj+`=VMlNE(<{N0hBr z&$=`tU}pDS6`>K*Nm9>!Y>uA=yb~xA;`jt51pbCYZ7|e2or*;0TV;!xFiX@ix)#VjrT^U`eoIz#)}8;?#nAB5I#F8Bw`2 zB9H>0cJnZ&$1jCadP;CY62$2lQF$HY;Hm>0uW1(igeb(KJwBC?Yq zLrFOY1u@AMxIFou5*fyu75~p{=pe7_1@_V6;SIAyRJ}=`!06egj;Z6Cjk6k5HZBc`xCMH z6kBB^nDm%G725=wD4)`7xjx-fw2}iUeZA1rJxE3#8Irc3BcXmw^fCuWR|mbO9Mpk4 zg0;28{6&yaX_~;9YQoKJ+bJYYnk1OjwVN~aOhqARC1BxFi1M`%0_3CCk=Qbk9`66yozpARb(5cyTqRkrK#xB%K3AB(hf zUL|(!jvhVQ&Ow&v4P$LQe^-N-kge~l`cXg?l~7f4F^(~xHQ`&F&-_&OwGcM|%pbDE zxN$~`y+mW^(RhriJ7v6a#%`RBQ--Hx%%qFhm{X2}k68(MkTO>O6=O#D_;k(*vx=z1 zjbpXP9+M=YNg0wZ#uFT|(C3TFX>c)i&j@E@FQIWvyv1-ARZv}${VsM!jEFm7V?IkL z=K=A?(jTsjr!HCdeZp#*n6NRNdeyew0MQ2m8cz~JDnHyD64xJq;zUAAi>I%;*q!v9 z#l(efK`Q^!7ezSLb#J=23Bev)0HwLD36rV1>Y!9NqBzl5iLtQ|D|sHM1;800aWfyv z-2UD-a8avY`k-YI8`dZ&9@~sXOufeTW9qHmvf0WV*_&3AUPIl1Cbf$4e)1R;f^6fb zBA%>Gkb+TAP?U;qd{nb5QPd6-O{jncK+7l283Ny+ld9yuCnNMms7|WcY#TkpTsuO8 zHA85=CqgkiX#y#>i6(J|3RzypR=m}w`x7m=PqN%o0ldhEbahJ`05>~+fGQ_-~Hd{{XZW*_^;9EH}9Vh|Lb25#DDdQ{Jr7m z-qsE5hjgE7wnQy9F5267)q$ykwIbz}_fIRMu_Oi{yQ{ZwtD!(G)7$Ouy@bG*mYR>t zY|3gCSf!z6VCza$E5<8q_Eu1Hvk>qxI3%gT`zWSiY<&csTL*oYzjDk|X1!G1tI`Pxvr#cWvdlZ_7$m(YQ&pQZ1rAs5Hk_4!=xjHuW_)R$3XEyuT9j7Bn$ zMt;g1jHFXR2F9viDx_e=Gt5YJ5%6!ax>x;O`)!W3kxwb8#<;7$}_@-5;}&F zcw&Fb%o?CxZsm#J^dcfj_OnFrE@gbI&Q9vNn<)v>M6oUcQ8_ur1%oK2az@i6n2$xB z>}7st;kD^qg@Ljy(eM87yt` zV)LQ;ocr<=yEEcde0W8|JmrTwXB>Jan>wx7)>XYip5BW`S&z->rb+qEy5rq>*^9Dtd(Z3Gv2J z8lH-ErQ(mgWre8SWF=0emQ{;_vgdc)EnS)LB3sCYe}OTp$(R$+i?T)MU-H%x%w!^m zO>~-a6@!QZp<^bQ`9h`)0k;JG5orgsFUBy`6XUS94*g}ULonZ#iKuh|hVi*9UuLmA zU|*7LX)LncXs@=PJX(gis`0!# z)(X*#%Q4kbng|5fO+tE*yp)!K@(Dc^+Kkacw4(DvfZelGdWrNs^IyX88;qCMuVlKu zCDf}0V%M3jk>e0DXr_Wcs0*G-fd?D8Wl#u0(yoiD?<$$lMm4Y4XtzW++AYv}XvJk!4bWOt z8!cA)M%6lRnw8Oa!{Lq~$2~z0(&5{XQa}=3Jg9h&itQ$I+ zk{_X;`g``pi(t*jHl8|`Uk5jwrgBRy?I1Et1^zpf$mA%n5=~8<#c}uC_h#zNF5oxs zpZc1c+}L_TpCswK zGo0{TAX;{X+UqyR&yO5_$(L?pFc=JWA3cKq2ZKT3|KZNg_M^WIw;w+q3?J|A4hMf5 zYz>FIJAXriTj_D(Ng2n<-v-xitJt|O`mdfhj5PSXn|KI5a9~<#?D?3)HbMG+s^x$EfY9SEuG2*~AO(76EZ;rLM?M^nzE3DJZBZAz9aN9XO~%LnWs z!U+*L_fP_%1~t$jp&Poo>ZoKM0&VeAR3wpS{tTEvzVkvEOv`if_V6V-otub1J|j#h zAYq6jkLiqbAQae)1c5}&pJ-=KhPtm+Zr5(z9P)V#NI>YZn8?>}o;@EQyg596a_<40 z+3^5P2}ix2Q3_GrJfI#$zcU&MUFJ#mgTrFtIsz(tH+b*pJhNBbY`eA8{68#Uxqnc= zQ6{=u1yi4s5RjCoAdboGBi^YWS6x8Bol%{o<(@)gbkB@hHnX{Tcxh$aX)zaqHIL9f zM{nOa+La{shLEXQ zl$2{nBiss4(c9jHCKovI&^_I41aZ&X*br~B z*R_*l&rL3WiZvkxjtRJOFD0<%|W_QrLW z%E|pqHJAp%`0DhS1@rRNXfq9SdN(>v0|K|F*|cD(OXxT4*6=6Sa&l;XLS1LOrLL31 z_v_bqa#s?z)_ZJ-H`(iUQzW>$IVLS-$o`~rRFO5@Wb~4Wmf*$~ncfb?35`j@=T7|` zr7Tl1>bnYN@0fZ$d4oV{j%ntyl~bW~6X?L?^c+VVll zW-s(@AT5+-8|oeC%64-%rYhS&m)Df-{FBX!a#cI48v3khx(zkCYFa;2ExDc~zB(nj zc~-s}9l3r+??y$gZ~yi*;>iy*Uv5n;?RF8)>x|c0Uf7IDX{b)jyP@Pdn z6^Rr#(YeojKI&BG^!y@@soS6bj%OqgI|YZw!E$XhpZ{)c4|g6H&VRQCJG<-i-@AA| zeCU6J&i!x%(FqejAcA>33B|CuGcrQo^kIGUzv(=`jNxKpb*+^S(g2!qI;vbxr6I52 z4!x`ZB*Ju_LQTlVZq#ZVk~ca)<0Ilp8o6k98~*geqjWOyFHyIb0TZjXCl%oSH=U=D zwqK$okrWu~>~C15w>+I^h)bWDX7r(8)?}Rc5uc#$f3V(vux`E^^6y_%gCDgg5$gW4 zi@M|P>Rn1BdC{YN9aW~uX9+i(J3_;dMh?W*$s7D-t2mBFwGuL8?VUt&+fj-2qB81@ z2oR3#_F;hQF;L?VD9lLWb385JaHM>KTcVM(egqaGVy_UnLFzS>&yAka-z#fXbkIy)Q0D5~#W30`XNys^i{Hs0);3r_h9xcfmWNQCh_@I$Rq{>-uBxs2 zF|+*-Zf>|T!HkVQBesuo^hb&VDXMWCgAU?!ekD@uLwPQQzYuB6B)DcYBz7KiX)yCi z;K_hfNRuJ0st`Z=Kxr__xCXxLF>xO@t1;R3R%;rTT}*#8%9k!vTcDLHBet;m$35uQ z=t+A8(8AMff+du^_F-_%ySkl~U43O_e2U zNvpZ^XGmv_gwmvrU56lRY4Vy4UXNOZhSY<65j`Cu|2grzk^Fn0a87S-q~6MswUpaj`b(wSs$IsdQtXNiUXNPKuK%AC#g;s& zD`>S)rj|J2v0zlYA_yB*?{n^XPtqp5TD zEgZJr;CRQ>W6GPa&6rm>|Fs_XZ8h%0!QBr0>g~x9sc37F#!x&q)@gjy-DCRxNA0+j zkL1yo-GzFm?~*+UP{^B{Nu*W}&FU0vDDo0`sD=Itcuxk6nwI{6^>s6UUIT(Y#M$=RuKp{$>r3TMD;&P^@E z8=e}S{9@Hvk@Z_mh}ym{ITz(9_WEhaM`mAh2C9Hn4F0EfcUwP&r@jBDty%O`R764p z;>>Z_>=4@Q|2Y^AhsFFqJCBBgwg2Z`Jo)Gt8L{P945bie=1;(*vN0@Qe@srXYxA#c zTQoxO4X1oY6aPG|5HEm{Ak)B1{U)F zo$Uhu-+laO?f-u#&zHmhe~@(c8Hxdxp8if;nKreDB;rRo{TL8zZeXGH%0WsmHxW=} zKYSem)e#HxkW2(dTG})WdIzDhxV_GZti{8Z@~q1LAx~_G6crL1 zIP*^^k;bK<^e2J?{-S#THXL( zceC6$rio7zpUc z?lY1%b;<9tg+hta{N>>uym>a>Kd6E!HYlUQ2PA!(l{KdL6m~G>0#Nw?Zu?Ogh+^vH zTE|KLny&w!y?_61+tw1r@%eT5SK!K>Nt}sj$rACTvJB%SQ>7kgE6 zC2m-LK;D#A6^AIY#Jdo$r*cD>u_PC4hcf(aAZ4gF?A?$g^(pC#cv{cDd(209cXWL6 z?7-3Irt2CxO=i^Ae6c{DSF8o=N~ohNV@$~}m#=KC-IB2@Q}y(-B&ZxiD+~n_ZEQLE#szf1{#|qpJTrDm0fRsDK5C?*py)8qp)9b4XZnX!^k67;+9=t zqrPoCEi@2~cf#6xld#)3i^7!LrRsG@`_O!qHUO=JRT>2(F|W)2VR9p?t54AVK1K#ew{+$r`%2Hk2?~nll zLTp!wi)`Vzb0pwEVN5iwteE2A7~s*nJ3cBHezb ziaxSm#)3ZDMXijT|w1X6+v6$zpvq0lK#iuxZU0FUz+Lv;N)az(Eo$u z{rxTd-^A0M{#V%>z3^$0#f*plA@gR1g`as9(IdzRLVi)M{}q$-1-|qY-k@hdE+d*|4T8FYN$bz{O91rwEsOm-unM-=2?FKtL}Z4Xo_`C&~5m? z`mkCG4|rh~{0a$2Nh(rHNvm^->i6p<>Q@R^a!xhzZ~TDFh&Mu09Dq+b4ua_RLVkEj zCpZ9bMTvy`k@*SnUL;Yh%D5ySdiv^>V<_SJ=uxhxdL-Xibs70rDc{dua23oWi6ZfS ziYREg3(t9+&M!c1&lTT-o?0~Bdf8>o+vX8X#igVe9rp6#{DuDF{NhX*zbrhZzfdAh zfFxt5%A-s6_B6bI1V_XxKg{l`zh`kAkOc`-9H_wsMA6q7O`$j+JCGmcr^^odF-pe1 zhp^{~tfC0KlV%K%n=|hVKOCXLMsb1fM(FtH=-|jfXiB-0=|&rs(|8$0DY!)4)08a4 zq;8`Xw0V|2|8FL1{# zmHtr0E8#HGGs5RsinKS!)zR)%9&H_lg7ab`rUn~Wj%Mj~S6ppy4Tl&bybEiN!Fhe>;+ARAWi50;Gh)$Xa8iY|Jlg1Df^Eq=D>RX zir_gdEfG}E`FdRG%x#3YF&l+WeGYQNgk|~{NPp4Ft}V?3o~E%l6k@5KZ{MGi9v|Q&Q5sF6V1(YDNguitCo_^>=$ffc1J4)qYeMH2gd~OX zi+5u|=sYGQ(Ym5|wKd@cMYW00<;ANh4$W!a9*=*iXSMTxE%u)Who$rX@Mw6jJ^wfH ztV#d3?jv0+uhmX*3y?2=a0{f`pVfMWhd7>{7U3TR7Wui&n^cbR%Cp&4v*oQ-)|Fn< z=NDobC@)$s0~JW+D7Koq2zx)^0Ed%eAoO?5qfv&j0uonnoxTL|dKn${t8PE~-Ng5j zMpNkemPBx24yr2F7rbAI!LyiUcjM_$qn{pcA&fi&ynNG)omsc*D*rQZkxiYXgtC+2 zRCD_?Uba~WB`A7Cq5HTt8jS$Mij@Uwe<}WVHU3Ye$!K5$o9w@i4ov&6Tr&_v(fUR(XTl)WE^>~;p2jYsSM`QMjC6Wh_*2wTSZ)4e`Jid_mOR= z$8D%brHyTl^Kl&z!o5I(k-+bEmz`Rbx>@4u96~(89w+RS-uhKFgb5yKjl!yy3ARU+R7f z0Hh|Yho=7jXn4HM|F)55dHYYc9$t#&&^fwSv3#m> zxj_M4_g9BNksYq29%?w8T7X&6YE)}sX>FtiW!=f;G~i7d#JYLNVh^X}N=p}~ziXTW z1H`&g$7yXWsYa}Wu|_pw)Tht2HsMDqN{BG?}gyRd{Oqb`_qE;nFI+MlcVm z!qZxBB|Xw=G)RjqWjjiTED$0QZEIDDw)SE0jQ`MtUYU2ChU|_3TR{M%rJu4tqE1lHftVJ4G+HATI(!L>88Kf?R zR6(0N)B?F&q(Zo9lf#tvjEvs&@Oq6l8jE6yb3jQH;~AXwRV^1KR0OK)Eu)UD9=$Uu z`u;kG?;DV3H`6RFoL9c0J3_rUf1yK!SYXRQTSlN<381TJTjyn#lKxkNSP7X`r2n;m zR*|_IRCg|Dn@+|>ynC&zo&MI=FN&^4X6tE09SW?5{B9N5wMVapj@9GWq|GQ)4pt1m zZ9D#DpJnBLT>`*1#eX^3FU5a3IXT(N|2FZgX8&)M0m_emh5)g3Lbvq_|LOw7n$nuC z0b)DU|H=cz$}?u!5U|Qg+ZY2@IaW($mp^CAac0ZsW*vX6ov9jsT6JM9ake=RT2~|I zTDQS!A2wL67A08qk=KAJpw_CpT=x7=qM&8;mp1u-O#R>C@L(JNbtBKl&;KYvk3BNQ zS&+6ppCn+|DZ7PXer3sBlZOCQaF))a#Q!H8O=jLa&MI6+0r@Jq0|uDJcp`2xs*x4E zW~D@ixIV(MFQ_Vd_o&GH_vkk*_$GSy$YkPu!VBGyWK2guciuh9DA8&{o2*y;rN(7z zdGS>}tI+>3kMi1h3^daJBQyW&(a~VIrT?3FzW)1P9qm@gwg@@=?NaY3Ai{A_Ig3{7 zgFFao2GOC}_;)f%;oz`_-dG|?hDE#IZV3^31kPY0|d8 zjP0y*1+!U>eQ51LDfZ!CO6|FQ#Iqv**D3&H1OI1>|F}Qg@_!q79`OEe#(&fbKXClV z^|)NLH(dW_326KMA7^wv!zsDN_cFXqOC?Z~{BJlk?|(-JgKhlBjXbOEe`QV7ivP@Q z-c}!T#@AU%Ez^bssJJan0aPHyrAeq;x`;Iy=UXUe1S?!9Xt?58_ciV#i;@Pua3zf> zlu@G9&XqKEYMPqP>D=tQ-?oyuKk2hF{coWJYNY>%rvB&n_;73gw~^N%K>HdE- zJlN)c*vPZI{>Mi9TZexr)=yRZhrGnsNAaz}7R<0cwjkOyA+*a;vn>uZ9RfP2_%9U^ zUIkDN2w$@ns22Ny)>D%2Nn2|(H?3*tTEU_({eRJ#&cjRhF>T%7j>hzbnt~H zC=VKYL2bNM=moVxL*#{W(T;%^$^cr&U1*L*pi$-rh|JtF9I_hXJn(NwmuSc`jv3nn zcd}!sr>)yw-nSm=-IB4JL|IDuJbq}e6qY;pmSjiX(qMT|(mBCFI=?S_b6dj^h<0nL z*&-3dwsEWo<~*zq<~-DcId_aq{guxJ>rdyIsHn8rd8mmLp`X5ufgaT)Fx6C}& znl1RpmG*RHSc1xJY{G=tvN|c4uvc#^!GY^>yYp%4hcf^uf&?#DuQ4!i^`*@^x`opA zuPd@zPX6PEvxHFE(gCnR{5$i>j6ESe#C0u|F_d#}p z(V~avrIaLltW?u2+9HwuPBj~>xGLE!409BK5e2{Us_Ju6Ww>?Rn6`h7igxcR00>IY6c|;4w5>`@{1Z)Y>IPlX~K21??Pf_sn!4DiTocak(dHEuIRGKQ` zZDJnhfbU^-iE3u$>IWmhx%JZ1S1xA>ktlpZzej!u$QoCqF`j%Np=YKuGBaapySQ}A zQZ}7dx-haePwa-(nFeCm)1dWgOiKp#c1GcwwDht+%bov%2sK9j;ZKwPe}8yr>VJ-p zw*LPcc^>Zk7i+|@f@-TF(rZ^JiQcG%I(UB8koh$pHhILH$h%rLE_W9-j-X=F>T9Yb zsO*=K;Ex5BdW1wKiAr1w$y8sL6Zcg?+Mke+exuKF^gs5-ZG*qGu>U_fHtGMt(Ki44 zW}fxv|KrGe;nO6G87Kck=FOBW?*_r=JcD89by2SW)spiCzWXJ_H`otY|0;Fnwjt50 z+C0FPJQ{3BAGfl`T5|t)i2m3t|Jg6we;yrf{eL#{EWiK%4B;I&Lpkb$I~qizYi!5% z)xWCHj#hQUl2IL((KwpH6SXLO=P&dZ+wg}E7yb|eYHqztzSOhi`F}H6AOF9(`{%Xh@=3-(g!0 zRa-2adK(@irRhg|GSk*DcBKijC6}pgBUYckvVbZ|y)V zkHXsGy>)MBrEqWaG>xU>kQrsI$q=hH)SDJ*jT`E>3#`^ky;>Pp&4zO+tlC%3&OmASRsBR@>3YOz-Q5Vmbfg^5fPS{fYobw<+s@4%-SG*d@KQAQ%jGK-D>-_-D#$DFnyb+Nb>)8<4omzW`)^DC zH}HH5^ncmVUk`H(JXF9h-rCm}>#On5_$K+@?Zcn$^k1I4?F|4L=>O5-z8U}b;P`k; z|2Oh1FaI}ae_vJDF5>jwESM+r{rQF@iO_i8|w1basN3Bg`N^H8f@ z>pCL&_~U>iDeW0N&*Lyk<y5?rXeZ_HOnvkr8gS2rU4a2)shqZe(JNLdp9`QOR{i}TNBg0q7io8&~+Gl6YNfsG>0=LI3daVH2Ofo zrQku$99-p;%N4~#TK#hQN_CBnaXNn=7go+4t6RLg6TWoHBiu(^^zdFBu;|_U_w3w# zugpw-A^A-i?u5*Uik)(IXD{SZcU$@ZD@YLV`_J;?6 zUm$IxMw=DZ6);-BT{2d*z4jWzMAs~lXC~8U?G>Lutz>m4UP+_F$~H*oX>qA5+Fd$! zbPa%#jlE?#*}|{a2Vl2Xw1lW$G4^&z&R;cWaCtos{q!u4iCt9jwf8kE(gvlxEG-Mu z7Kz(HG?xWmk|4rf#ko=Ngv*5S7TpjLywxu?t+$HzT~ogy{C8u`j?usy;k6D9&f|J> zPmjLmC(rjtI@#m!OT})aX|wVA_j4BA|^N(#4K z;i$XHz@EwP9O3fl7E;glTO0^NdAl3^V}%UwZ}rK;O|x=EB*l7^ z8y6+r)L)S2Ha6D^%8DF^&zH74^#dC`{?)b)OSr{2om(I@ML*CX-jXqElSTn?1Am<0 z#3z&=9*QtPlz5+)sD+b@4yxeLT5_WDFFyvj@>FO;gYEM_#*`Q$Q?(z`dj!tM@&H?F z+ctZfQ&H{gm&w+#Qi=$fS)m2PVCG#=5-jM+6RZgqY&%cI^<1fBj-i>2p$XPoUfu*V z#eR?_GoT-h8YV=Vf%|j^h*w4p9b(sHE3IeGmcL}x`O}bHZTd7&E6kn- zXC0HL0j!_9T5d643tyfy?3xy2l>@3GA4nCP>Qo@r2aJp_)X18C-MnT~H6{}Do)-6@C${;_kIkC?} zWcHCeXQ`w|*2p1UA(c-Bh$S&uCV`Ko>XNN@OWR{sY9Y!`NwV-mK=N-1o{$TY z_~0E>#jw;?DBxBm^Qk(+b5l$G=npNad+LlcMY0|(Cx=xcQC+(+Wsg;JWubTt{6>ZL zp;hj)RWct{HdLMTsC|{S4PM#eialVu_`*+`1tqd1g!6gjFZ>c)oqw<`^QP){^bq=J zJ9PRM(V8VCMEO{&2)SV^SnPG1(cH3}WIcB=7xnaoS6s~G_Zp4OT1B#J6~{Iaq=JHU z>RwCMc4@YD187&VqxFl0TOjIK@pn0qa*N+zV9Bh1Ft?^#5At-j|LT_d4W6d>U&p2V zZwCj*+xTA_c^<<4%hV7(c=ESu7saZ)Z~48ZbILcfQ-8*6Z$=-x#$l_e{=jx}tracW z^u5X>vhlVH-z-hf^09r;wR(HJniO&ddfV)A8^|7KjCoVyI7{*NIpe-MzNPc|-!1hU zJWcT*27^-k&*S}V{GW|H4|)FEGr)Zf3E=GXc|B*)I?}$iG`u!4zE$O08*K9{Y@dp! zGyU(D`VF22`ad{1Fzyw_L8Dr+2GQ{wCFhmTYkFQ)q-;X64jO&;;Nu6pB%0W z#5LrFs~nEzlyG0Q#^lfSbUy!uX01Ob*bCYjf;8!Wj`k1D`~UE8EC1WbvjO{$HnD%& zCyKKG&6nbm=Wipd4OlI->|tH4kkf#i8&ERCy@^87Jq=i0A4)oX)Gi&^ zpmjR1CbgS2Sm?KXJS|KA*J%HDI4tM?J~-Oy|2OiimHw|r(U;8nSyTPX(Crp^KJ7)< zOP%fMJ&l%IW%jJA(|CcQOXl;esopk~r#Z^qvUoPuUaH}>vilS}i>$dF9#V#hK|dCP!tK#FLhz0$`RJn&II4!LTi&%MFmVs%4b& zpDHW$u`(r)jp?siG@>Xa=_QXAX^y#4!qtOr$C1}BJV=^76)j=pnz0cvER~HDP?9^M zt;|eTPb(#q9j2$6u%wvtJcn6r)j{h+{J}Jfj+s6Oc(6a&i zuN#u2{saf7SsKv^4r-jnuqaZBcfKzy!+sU8E+Vf0_eE?(%ce~?G0rWdxD&@EnYJ-o zGi({u0qF_DI8GhQ)^R39)asUF!K+|ikT{6$7bHwgYmen(re(2*QzBG(0EfR}r>gCa zXIU0S1@sAdWQwyOMZKS=(;oVS{>Y+K^i!V2YGaDdA@CYmGoCE=4hXyy_ z^uyUxl#l?Y{tW?nf$|=Qp0k5OG6M!5J?0uJ;-OnVoumJ?>mm^GMj_N>D501nDDXq# zI_`_B_g86@5N8LSMTLhkmo1Vac6$I2mf;P9e4cCWDow8FXpp7_K*BYZ^FF- z&=^lXWHFlh0in(lm)^$C6L*Y1I8WSk5j#)*pRU^%po@I6 z9p_!~z$KZ%?%rjP`b)B8=Xh1ySaqH+-X?MT)Q_rU{PO__diUy!M(_#m_(ehz@<--V zKPA+0`lx6T4c&wP;N<=Xl45jvaZZt7ZbZjnXk@!*tkaJ3Hp<70z2!pzQ24Zg5FVIT zbiKImix=0Uy20;**DxxIS53!T)?&0+utmWKlPWug4Jt!I>7yJzpMR08q+G4AIb6iR zzSG|Q_IOA8y^AP;6#!f)U!pNi@PecyVLx#St8`4%o#17#c|?Yno5qx`<%mnZff%`rs_>;Xs! zrI1FP7Kru!RLYzX$9NJYz%N01Cl{T~$>alyvJ?*<*eh{FLa9YG~QmkcP5U?CG_L*T6l3O&5k_ArDm`oYl zm(IyOtf?%XCD;?A^$Yx9)q(8B3Aq7Qh_`wp6Pr1XxOk%P-2uX$$7mF5BZ8>-tX00% zQIs&k3x6^^l+nN9_Z>&)GFhRF5;S4kG@7C$3qytuR;%)>65Dl*f&B2S*obhxOcETk zI^>SQWP|622!~NRCrMuNcJ2p6p?j2(2;R+Ulpum9b7g6}CSejNTCYqZEH8)8IB z%0}Uu9TL~B?Tt_jgLmY{9qP3?Pk6mHn_Iw&5Qn6{^I4teOh_|T66@7hJ@A&L@@Bo=#FT{4sw?Pylazm2)f|#N) zp}r@mWo+)Nr-=FsKfsA39@DR#ECK%CL}45#E4-&?=)Uh+@UL>GSL$_+P&CO9Yz zu}A1+e=wIdjb2cWJ5mO+=#k9-2S4E88@fUmr|&Dd#uSD}Ar}832vuy5h;z<&+;9of zJzfNy@XW>Z%ejM1OEVmBh8G7kVpQ9{l3@Rb6T5l$=z`gc}OfbbmL>B_*QD{IFM*;XYnM124xhcGL7UkV042MpQQI} zo(mp47j8m87W$M`zVU$$v*Q^E65oMILMExIYIPl$e0FvU*724xpmdV>V}j<-LJI%bml6m?;wCpdJx2w}laO8N0MYi1@^p{=VP z0b?S#l{suVrflvKG9?LN%g!XV+DHpd`z%-4;~8c%Yu56jNe0;pfX=g?zDo$`0N!(e z9Zw()3**<04tWS`)mcvt+MPOJMEl~CGg7Cwb zvW0_bPWIVeR8=sV_8%dQBKXlBZ*PQpj1lTt3Wx-v;D8Oh8eRUdy%${*I4O zlD2{PCW5mYrwYvmF6P=cWY<8ctyl;i(;?v`h*;135P4C?$ROxVC?|1e>U!ZfuAHAh zZ~<0soB85mua&E(IF>F9)(44w>nAxy6o-)GT*%t!6M6vziC+rXFDUBt<%2$~IPXx<+uUsL0jEz@AUvMCnCBC<#*&cJ5`ufW8HC z%U&QFWHW?Q#?MaX>g7nB8Qk86cnrP?Q}`Z9h|*JuF$rx!_5?2hJR4+0{(kWNLCN@^aj49^k$E&4g#Q9c3_;jiAIF7NUwy8if4Gh79OL#c3VM&R@3Yay{sQ+`ioH&Sp_0}d=s$PK$rsIspL zEJ2(wCJf4qgd_nu4x7EwL~%@hOrixJH@P;TPtg=%VQ?r}0l2s;d}^Z^@us; zWbV|M?WsR|`bE0u2l*7gEnTsu>|zN0a+#LMSfG6q$ zk~z+Me0W`x^f5lZL{{{y{u&|HMnq(r&lz-1rC})G_EiN~;UY>TOTyF*1}&S?lIOh| zSg}|0up>1fAvb#^F!mLeoqcm_ctPee7(h`O-tzqHTu4A-62fHjTf5dGYsnNZ|3b+$ z3-}F4eqsyp-6W%Fv_M$MN8nO<`u8hz`s#<6ztuJ?c;L+It}B+!G)6in-d`5$*5R4^CP$S#Mum87unnKTco2s(`3^i!hMv zx140gZfQ+0ZVglF&qC0fSQmlfb&f-CU`C8Olg{N z0H=ORis&^tQx^IqVpL@oT}_pM8WrP`*GC)x;whslxW_vC;Zj#XI#F(bS3wJ5bA0{o zl3?%eiJy|6!wD%Zj5=FsU^Em;SX$9F-LovJ+ALaayO#@0C(x3dyYk^z?e5yPDX72` z`GLvFCv?5XiZ-@H{ePBMUPU8dru_+B@BhtjhO1aMw}pQtR7u<%`V+d&LQ2Z~c4O|Q zw(W^3NEq9-Y)<%VvPQ15vF9g1Q9**$rqMJKlVx8CS`;(rh%SF%T)t=FdbmKMib58r zz99GpB!!&@R`7Kjpw+2YVQgYD@u&Bkf-8Lx>?s!qZ~)3h>*MEZ^vP&SjZ=3GmWk9) zh=;;#F(yfA+$GLsYFjop)o5cz85vY!djb(B*yHTAVn)D-3+uolk9=2of;7a+6K7m0 zgkDvreoj1+5RcKx`?{uVDSXV;R3eeGQf`W3o%x#FI?4iDCvZMluL+%B5RzzfCe*2* zT_$vnVnPx`LNAVdF;DE%3T@LOWPOROl)!?>>l3aR&q)jpXKyy(n>Bo`R&!q-?5>#J+ z+T&_UAT{W`Q%_4qu0_MuovYhv%^Qr`!~Mfa#9yI21whp@c`D^-*KeYbT%#yK*JpuG!jum- ze_hdVdLP54h718F`Ih*nk>s~OG0<||l?V~LIL!e0!b1Vc*RYyVk2TaAq26T#21;BB z-b3ax2eqtQl4R7#(DW^zG)liWvvPn@e$_*yQ zM4Y@_Tq3R_4W7@e<(jr6CvFz02W%5|*EC`ic>nG%7QS~+bG22swuKpegLxY z4zVv=!LOH&w~0P!$c1ZKEK8i*2bXMWh2I>IF5q1txZIHULD=&k~?*hWnt#V+DTA{C(YZPNs?e%I*m zwK+Edx14g*(63IA&C2pbBz3(R=eJ>fA>Ze>?F0#wt)x-PMDeQBLsRbMV!y>NNaYTr#DwiR0i&|I(5ZlOg3 zV&T?9E{Ol|nLD%t(wA*Ly!u6}&qW1kuWF!7*URAacuTc_^AJh~Z7l<>r`jcS?Ic?R z%i4ZJ(%UHcpe;om7Kq*G9COD2u4W8*Ek&VTu~MOX=Px>fzc_!<47y2|S8B$l%+nxt z5{Vw&{m3ofXhpi8yuK zRT*cUk!fXXcKN44RILI~ArG@cHAJ9xoa<$vR=7Y_g^bV+6v(KQ6n;M(45~n_S)AI~ z#zToytqmLERQpi186{J&X@^uP*{mfIb+TNeS@Xa(E2`RxX@p|~XTO7L3}m$ljt!u3{j}jzfBCclUGs&psfmZW zFWTBQu8X$u$}fw9?@MQ3#a+<`ruwF+0$kMuCK=<2$g*F3(Y*ZO^i023ikqPszC_iz zmG`!)0axxJI;^nlxh9?WO4m&Op{Q%ST-L#2Vs0CPffnEh2&D-QX^a!z6eavb zrC>Tn-JJMqEit~(Xb1vov~MRN6XM_0wNxdXs9T$55d}3fC3b)|h0KbK`1T;}AP|*) z;7`fqeiD%0ZwCDH&`*mTM_e-Cr>YE@5qg}3lR3g{*-+mjsyDEt^VCR#cfFE>GS$)| zUa#PqtPHLxn(e+`Ja@Ut3LSp;gssaiFQay>szUl9#*whB{-~asYYg4)sRJ8Sl@<}6g~q< zVI|mVAz?lEYWZMQQ%$15`u3{agDX4s5b{9Dq=^JhFe$J6g%9^e`4;7Gg=tR-t_XaZ z(J~{`Nu^~yF3LNklgDulAl0hcTr8Rsf)OZ2_?wjVtv zKEw)Dl2oB65pry@2-BxU=tVq^Zlu2zzYduDmgZ=?`)gn@SS0oOsc_5QYYuuyqbqg<)@G9b<_FV3tda1@h} z$N7swkB@-RamXfEuUK^}9Z{gy4>N-VP*@XBYo}MoRZcV90(ZHx;`_m{0*QvD1{laP zIYU&&v|=F@e99%~kE}yV2@lwc(gaVZ{)CJE)FDkH6v>=ig42@GU&T*ql`GUBBI+?j z{tn`D2{(;O2mt~{7k!URaH6XSaFSroUxa=flT?VdAoQ-NpptQ5(QMqYMut{Z!iq6C zolHRTY=qXVRL-*QTf-+{4#*HRRJM@2iir@Jjd0TlxZEgFHtNTZYT#uJzD)m!KHEB5 za^|b=uvxrAr%Nr_I^GDsx$~uV>IXoxCa>?jTC_vQ?T&#;r)%LhcUXg8-&xgop}wy+ zn~3JF+HBR;p4LHa?x+gAzMq0L)OXQ1_?mkspxQcC0js%B0%o~8Bym%cEc_4{)W0Qo zLM}++!&N;By$bg5BJz+@4b50R6hlSU_`yKCqKFh34Ax`rSc`*Q6)XsV@^V0WheuvP zeU-Q^fYIX@Bu>Z#1M_B+07HT{Gj@y0Tyuz^_-_G_8wfPRlZlny^OR5J*fO0Flu4wT zAhyNOu<@|7m1G(y(I9DC)F|26{aat>=>GN~i_*4oV`CRsqDuy!blv zCqNtT_0$cN-v)o$J5`wmj=gY)E&KMol|yK5Ky7$tJ@o_0z=XvvEAe!T|UpPRp;f~hd9Z0w1>_{lXKD5O@ zDs%?2egGCc;fE~Fe<9T8Uq=XsAi5T>P4N5O!0)#L4|BH8Rlt5)#zT3n^+RO!+~F3N zdIpZmh>>v|dWiiclrE~fpDA&}SsE=c$n64tk(UOOJU58Rre5ds??Udz1r9T)N=cf< z93{4nWZpoTDypDJsx|3zLBGJrL=Z6bzNj!L@-mwz&XZ-v_lkXry2nST#2S74s3a)+ z{5j{m7|~NuX{^V2E1CB&PZ|&>q@QacjXt>6eGVCkBp|ujub=eArb?oKz@!Vjv=3uG zyW%@+a<(Vm$s|eix5xRPd%GYp0a>U2Pa-nG-G(A-U16;Q+r!b+K|a+|tksxf6L8b|9f`Zn5H=Px&M5G~2~7ocl6Vt@A@9V$t9YXr`$=)Wb1Cs-LU)1u-1>Ab z(jlf~l0tsmurRt{W1wgF$fJbl31(SuCuwf3A?l=onu4v*r>W20_WKOQ=P^#_dugzfV{>xJ(LL4m#vxVuKEc#kR(a3o> zf0`Hei~P?@lVD(1obAev_M!#$L$<5JXdkr%>B)5+lM{%Me4c zt$R;%whhaIkOMQwW5Xrv`vx?HWiv zGQ1*0Qa$j9r4g`NP8yl3uIQ2IIkzSkr-Yxn&V%ItpF}k6;}8e;|0Icwa;99Hg)Jit zs2fC+4@MX{LAp*!e#?Qu+$@J*>WPf;gbo~9v(c$s4 z?}r{f9!#gh{pr{nA5Mqk>142fc=Y}BaC~xfL=GoTZmm8-`-A;Ke{j$rK6^WSHaa>P z9ewW(27{yH;mP;^|A*N}-|Ew8|1(Boi8h+{|NhZoY5yM_Z}%s zv0eOxr*B=AG9bn@aB=adq^y&Nv9sN{5AZbYfAOZg8urdW+S-OBH0}SBL-YJUJUlws z?*C0ZIQD;)Tl!|`;5g2I4&CqFBgZS!^^VZF;Jz)9bs@DhKY@X(CU4u0Kxj++Y0nA`1wOrYT(7WHl%< zeD?jIsKwZP68v|Pk(o=fyySwta4JcykpD7NyN{B=Xw}aD^7~&AMl`IkhW&qhax^se z|H*KB{%_>jkr}vE6fy;&Bj4@r+R% zpfLy)u@go}4TRu0Ait8S)j^B}Zml5a;CA;mYJ@4mnhml@P7bCA&Q31y()B5HjuQ{e zNRxX_t71fVa;lq4jSCZAwiw1^TZ;ijra4|LCLzcSFU{VBjm$kfLD zw=}|M0Q&%~A1D3|+Yt$w`7}-L*$n}{Tx3BYWVa*q?l(uFNvs=!4;blUYrZPjtHL5h zSwieXp-kWl521M!Mu{vX*455VyBN|IYGeeGW}q$`Mr#s<6B4tt7$EPl(aIea#5-qa z$0>PPS@v~#D@j4P-2+R0UI&glIF50$h?2DerDVcL%z9zo(@7erqW&Eu+Q}VJTpYx6 z?CMPjDfUGYO+^ZKIzo@0Jn8~N=#mu}BlO6NCLc&5ze#v=pL@c;Bns^j4nzp_-Vws93R*&XQ%9?4`h-xpN9jO zL;;_jO8yc3P=tm8{f(^a?5MRF`yv*g>lE+Vx>S|m{wxG7CwFqomujAFNO_e+;qTG7 zc;R8Ph(bz~YK8k|@lNJZE#Azd#Q!HduYx%8aPBl$6cBn>QoPX`1~0q>e3@24BLqt&H{~>FwK#BER;YEGoY8!2xT8C`n!CJQTJ&n3AXH zBCac9T@-yj1tSsgTqlWJ!1LgQ=8VV~>`-X7C>j`Rk*xfbl3>aj8sF#PAB7bf*#2=* zLO{4>6?|tnU=_#&oK^GLakt8%md`rq|NA)!7$@PTu~ih@K>zno_D>A@e=<1Q-_rk0 zJRd*qJwZ4AVgzy}c3DjCWAc2#hGjA*BlKkN^Jj;Za$erWQi`fdthm>OBg*v|cjJfE zWUGhzML}SLT&_uk%ZH>{tYpsYKn~Avf{qX1Pk(WhO{e}H>h%j?B=q2Kj_R2-sgi9l z`g)K4$Z+6Ked4i8G<3ps{!Tb_D4()6ScfPYlL^i!K{Q%uM;&y1>XX3Zrv$L|^3LT` z^mxo|;$OVEVr9X!JSLM}*Eyde=}-Vbgz!ryrR37PBFKjH1;>EAz_!gO7iWna9DkY* zto)b{t}Ihopw;LHw1D&-^knqB{RAs`=7YkaXn`;bT(!5I5sVW*OsA;#Z?yk!v}Zv3 zE^G}`EV-(`wWVn88oN(ttNGO>)NiV0S}!JiC!iogh%qE`dLH}2q`84H*{uRCTuk+W zHX7-PKYFczRF38;kAn;W2#T$w-oQj;RgZ9EcJPDh7lo9&KJr7xU5tIksqk~IH5C)g z7w@Ps@TL2gG9LZLQkFq97Ci5WQra?Ft?Bqs>Zfp0iVK@i4c&32#U4)a$U#Cn%+)hE zjtz-5H-%_(@!@wKuBRcv!liS*N};xT)J^ zsCqSlL2mHT?FQ(8gZIe!_)(pmLLll^OG8=hKEkmNGI}~f?|N!sF=xHs6geDBO20jF=7L!Zc2-pK3M)4)1i+St#{x{bbx~*4whLLa zrFC+bl8`M)%E00{rZ!Xx5Gy02oP0}TQ@~giom{})az*6jS8cdTj&H$3e)Yqd4W%kb zt74cd5*p{J@PVn>);YLU@#?yb*0F^Ytx3y;qSRQm@mlqaZM}F4A7ZTu(*^aAEThVh zt!-gd^cCGgyP+#8tlYG&p0c#xYUvtaR>lfqXtx{-R(90}?drFd7}zVX8>MBjSsf9J zhS7oxH_x!|9vg@?pw)UvB5&p96z%EKr?LWLP3Rbk+m_>Due>@+sDr%)wQIJ+} z?b;TlS8r4VZfV;pFTQfKii+KK#8s?8wc6?^s0w`x64H~X?qt=0tcp^DF~M4Rfrd6# z?t*E?u;jp&;H-?8)&8QM9k0jG3a~YrOGwea-Dl16KQ+ir-bR!C$NtH_F8@0i9t;k* z^1n?y4=eu@5v{gjz@^22Q9v%q6at_LQdlz)4nk!S?2;|hjN9gnoW206yCy6PS2MTo zXy@`*BhDLm)BGZp{Yn#y~d<7KHH3f zDilt3g#tMLT7*u|_wMJ<+HtUXBC?4isMqcc>NTDvJi%3+EzQ5HXY0&RHKwjh^VSZi7x&y3Y!fYqH+3XD}Z zHA`DYwaV5YM66hkGWJ^TC8{hK<$Zxe*}A5A=xr7`%0!e5b2OhTeLZp%N={k)$^EW0 z>s}q2D5EX|#e=J+VqQu|Tp3ey7E7)}c}0uMkkWExMWa2WWbG(o?&Z5dr?2g|Jby@d zQw*$xdhzp%_is*Lzf|J%fm{5KNwiRd_aSZpC^+-d`wN`TNBKsFomtt`)y3)A1GLAz zK}rLP5Kd-%b9FZ?P{H(3zhBgPUSm4InqoKz`q6A5P}fXh7SIx`)c)52mD+v-WTQ^M z2BxC6Z-=O=ov(wdDB#-xF7)g*U<>7XJD`<1^qMv*wdL)aER^CkZ4|2Rc0ik!hHY82 zP*m4IRJGIX0M{#_YnrOpEw^i2Q6bl~r09)Xf;H5`b+8Q;aLWcj(_04?)Vu9~RcLW* zpjW7Fmus$5ORXERXOGs=FqNHco6~ffwasXX z%y!_VzOn|cR8qDDD0Gpv5QPG=B}i4zSO->BEVc!$=?`mxYf8d);G1-THSIO2_*x=h zSD4kcYuAXiY_6m@tZS*H9jxZ63afkrUjE^^a%<2^3x!_Jd66=HcR7WG11Xq?MZilRm?pcoG73~zc6dBL(}uuv=?Zc7iKGM@odWjW)`-sGq~&o(&RYtGcHtS;*nF zAEs-e|1>UTKvQW<6a63VoAiHhbhwTGyOBrG860{o&VVi!VOwX=8Y?iiW0rFW)lFg_ z6%GQAbW>RL?vcrs`Ggk|RrkxA;5&{V&-7H_`uteIx(N z!TxZt_5a_^gL3@0E&son$H@PqZRxF@?w`+2*N_t-n^~Wp=tYj4o>-fTBruOOyS`G*M>e}Y zd!VwiM2nX+x@jx@359BRjV7fCizgxJSt6sdFJiuOeVVk>>&??N?#U5Iqe&Eu(A%>M zr%*ao$67512a^S4{*(OV%k!aFpy`E;(d1cX6>VQdi+YX~vBAu|E0)Gf^?Lex(k;H% zv`xEmR9~8mezVUS&wmlhu*?QD-TwxMLsR~DINbXGY~*PjG_sCSki7r)X7?rdq*87q z3v*!1t68Ps7xvNC&GN7GtdahU{9E1W|M9^=iT)pL_5T}rDw%&*PG^MyK#_ITx=o)wp|&G?BfcZ3(YpM+%tzvi)vpxvX- zGAc?2!2%U6t)NI#WQ@qmP4xfpu%!P#JlyL4H}ZS|`fsxX*d7C4<``Jcnm{unSY^_-_5@%0S)Ts8 zY<>H)FiJ>68x8b-a5OaYzZ@PPZRP(Pd3MkRPE(Tbw4QuAd5ZsW<_BPk9^=UeJR{U~ zcF^0oPrYmGoCE=y1<{z_;Qes+6eT3UseePjOHX-^L(kbkA(;V5L675vO#M6J z@wATrYu80ThrvCHLa515LNQ5D;D^L@+!t5xuhJ+X&JH?@7K`F`j(LV#s|*ohL56jh!d%7=Lh{xalHxp8P*& z2mOi@KguXNfANw!?7q*)mgD*!!F#-168-)y5{l*b|IdGa^YZelO&d-7e|TWV|2sH5 z+TQ;+^58g5*wGD_!Kt5xY`4xMr;k#c_k^!`X)**5<*Fs*5eLX z%cxGRx{2Ooi!n)1G|hv>t_ka5oA!BOhP6$aRt4b`x+0JY_&QB8a?So?)fX6o_XPI{ z03i>j7~x40QL2tg9C_45FaOWQ%ggiEFWpkp=Tlf2l%(k2CFVXAJ%J@IWzJGM-45#xj}2?nzVlj# zeif66KfM>c2%PLPWFW*7?$W#p_xjy$ooGmO->)e0%aoawm8m!KhakyNft=yI&% z$WvW!kRJm1W3Q!`eh2pI6Z-hMRrgS_Lab58t=;~FUUE{GV>aQnS~ppRb@$z9jc#6n zHIICL{sJ=puZ?n=_Rl(g=Md)`U!ywF`A+aQ42ve zU`QzSXJIS0!-jR}2Q7&RV6BF!Yv!KbL>`g66B}>Xm4Gj>OG`f8ccYBq*X}NJDkJ_; zlBRw*TMzEtu~s7WwctbEDslbRIo9uf>xQ+SHlpF8*>o#lomdL%u4A2_Vyz?#7D0ss zfb#hL>@ooH$J_49?pU`#nDaH4i~0r>bIIWG(25<$AFe zDGX{jRTXQQ6k%1ISH!wVlF(+XmBb5QbgY#W40ZrI)=FN7713S^>)fWjTK1%1T_lZI zd5Nrqbyd!YYb(~3St+`AVkNBeEEKKAx=3vCWyiXfew46Y6a82jYbBpXi`}Ru>G+bn zu{JfwwTX3o29Qqu=yuyh2HHiQk2VBb$sO`V2{xqqs2B99SVQKJwXE!wu(qcVxvs#v zB1OqE-B>HurE#ytdWCUc4Qoqslj~}%ZK+e1Lwr@NI}mKRj(-INTglDRf?%r&U%n*4 zwr6{(+Km<2WH!DV_2e;D;gg27mXv0d;a&-AYLQu2V=V>OYgpPVV$IXvw7Y`k33a~k z6-;%zsuu+V)@sh4)i7TXYc*|8)4Dd&0e!J`-H`m}TF1I6%TR}IbXRdSCL5}vd=;sQ zmZW?uU~Q%$s^vq<8ID%rLzY%an;{pV(!ZnR**I=`iqSIC<@ zvw-LL7n| z?bV;|D!~K2T{(E?QbhNeq-pFHwb;EI-{~Wl(BX{6E<9wqj;JUZrq)PAfjXE0q5G# z1jl&dr}t0M?cATtC3vosqXaJkLMix-IS8du%uphCK4qMfdRQoec-QeKtTWPJJ;Apw zH(JjqNx;-0Ou>GgZ-l-d$t|(KG$qO2Eg4fkC3}oo`;$FBD*YguMenCs5V-Va=6oRc zw^8DOvkb58^pzm0P9I4F^ab{dH0OOp7T6C)$PcH{e~)qaPwY>EDDxOXxzp_r@E)D9 z4-S7N+Q_3S^pV9N-|UdRl+vpByDuq2LWmp$0pZ42FJF2^Z=Wtt9sR%IF8?bZ0QL0$ zX#aR<(*Kje{+9l4eVuvFXD+y0kD}KjeWEcm5(~&se&~@qG{KWOaUH~ep0Qt7{y)hG?H>(Z|6m0* ziNZ;iBqU7P5fcQ_1cSQ|8sDdcTc1qkS@?l6u<+MK6a@n6-*lLG0j8$Wl(Fb>KqyK` znk6Ce(2bATx#x#7u#HQ6LeT^Vfr|!cL2yV>7;znw3n1V8{PyJtS|`(~Kk-R8xktAI zrT7Cu!~Fr{`a$QA`zpvL{g9)H9{X^jhEd8+y|F)=kp$)k4%^+Q&<^FcDR`1*IIuul z__I0G529O=JVoS&u=-Ip`q*ttKBQ(&)t7xv61$0#m z4%H#O#&>7399us79NHy`2~HWaK$06Az@X9la3bBp#z8dsK+%|_w}ga<&2Rt)EeTmf zDM2?rxn&KpIzOD1mCHm&)Wk@=#kVHuoJjmy}G!D}Ukqr^bS*rZ9CkgCB7 z$!Dclg`yY_!Xsi$_?$v2jC?UF5YeA|Vla@JfRu;BF;g8V$CAuBsi0}dpDc{Aa0@KB z_`VdX0VJvcsA&>tg<^$ThR23`>W7{obP~0V?eKO^fWqc>J0KH`7K z0qx@nq@iGJRIjRQJRy2-ua^fJrFvHQ;!_$(BF`H{eW5~o17`}{0Q!Oo_S1kC1r4w} z61G;wg_GIImnGXootGu6B$p)sXk3>2ZI&f~s#%siL5N6|b$(I5SWCd#FIG#{)fQ_B z;PQ+0uen^==bvMtp)kBRAXu^XM)X8UwkZ!>Ze2YRTp60g8Dk9xgN1yvAPcx*4Uhlk z^LNtBS+6v-RXXH#IP(>GL`|&E4^)!ekOa}moOl_Js1ON*CLTHg`+S2jetTL7!1P)4 zq6yt&ygZ3h_@g*g_qhFjKaRXUgS+SG+5HRd@dLRZq232_-xIx%2ipksUjC8c;M2=H zpQf~@bFjUF$7JhvIwg~IgnDnHE8Zva=^`Ohk|;0UL@)2iBumNTp?i#?Fu33C>BD4Y zE(=eDR^yRTlJsYp?~y&$@jhpf*pP^}R6i8CAOP|OYfLzBtaIph01pMS{8O~9y9AC< zuje>B=>G>4=*I+voE|#MxpN>*@_qRN513!Yfu8~qW0$+}J;GseV`G;w!e@eAUt^r$ zARxh0G(etD`K^XuD=7nWF6xcY{^8uIxKSpIBNP|-{NgQk%zvUWxsO5*)S*wg-YB{a zX_^qcKqN_`gmI7Z^3EDw;JZr>@q#3m9LxwE@z&vT3t%{vPW=VpNxIQvNQQxEijx%H z?@EaU6zxyNuvz-Lz;`g@uShs!L~l^lRXM6s>nS!d2+;GvWMj^nl?}T8S83ux6!Pg} zgocNrp@^m^Aro*057_n5EXebA>Zf11eyvw z{SZxq?9Sx`F^)n?KxFe8-~E^nIuF@7goX=_&IM*kMD64l|W5z)m!kRJ?|qj7=nxMb*PxDWEC{MC6%7L?0B5I4|( z?KT{U-d)yUkAz;KsuLqey)nf&Nqrm?;~}{iwnY3X3L{zMeO`nuk_B7x6kJYy;<>2b z52HR`q_C7-QLC>3=4;juXMBi78QB{-Ht>xR4B$O}di(YwM~}EcvjRnX<-nO z+X`Nn5WH@M27eWy0XxL;B>iiM4cNnl0d_4u>>gmF6M|EODZ-MiMSkcp4v1aWgD9K{ zi!BIO=TqbnFXMhO{5HOWuHX`RA7%Nimz!iuipSPpl%+~dMtm~L7U?5+`5d zaS))N-oAc?0zdpfh34Dy6Efio5&d%cDi133%efptGUfuBDV`7)oq~aYIHPhGZ=4Wu zoiDn%hd2+$%bMM&9V}i&fEtrIqor(#+>nGq@U**oe(9%a;>T?H{Brq9R8ofamW*HC zr6dV)U<{6oJR@$PKnc;DV2>pH8UR+(ybWd;fGwL!viQv6U&5%crTnAh90_b z{opH$SQ z03%;HQtAexJ&<`t6L#U?n`L}2{$Lc6EecjF%F+?qUo;5q1R&z+mPjRt3&r?_UGa`9 z;PPXlh}^Qk9??O^Bte)%F9GJ~$p{^)tY98U6k+f8jHa-9AJde?Xb&Cjvf;ReUCDhK zqA91_g>OT~jd_I#eTGwVi|;9dHn>D;f$!e)>hBqw6J)R;EMh4k)OZoyhG3%Phcm&X zp_Y#$@6ZOH=r7_V8nX`fNjQ^+j6S6qp?kx@@Q5*HtOGCJTwO98Z`kr!_~gUP3#mF@ zFWy|`o+tN(?tm%)UdYeN@mO8k_s9e%6g^G_d!5Jog4ovM%n#B&8(&^f@}Ik`LH??u z$y3i00VLSUN%LT_k`EBZ)CA5w&h1h3I01tzhU~7Ji!~S%xFBeO@7av&89E+$A^nd> z>|9`f(d6bo9D1j<++90N&CO(9WojkXk131%@j{Ixo~SX@nBe zPYCun@T(Vmyj*k+rx-LXxH)&-w| z#c#Wh!zk>FYQ)n8Voj|BK0t|$kC#h|d?OUNR+;joqBFIedjD++D?6x|}wl)&vAL<9-GRlNYm+2jM4 zFH1=j9U|JL+PpR!r-X5pX(4A4 zgRM%M)+A<{=v~tUO>L!2FWBty$W%&d2!PAESS~+g7q2M6?Eb(ih^rM~LKbm)|H4lI z9Q*n!K$9o95`L3^I18}9$iK47Aodr6&hv)*3`(CPRg@FU3K&$u!Io~HDv!0k`)38z z_1r)u@J-x78`|2)Ewlj#i+^W}t7v&AY%ilrd3jb@qi%1g+Z*bi>W0d>G&|GZqDzLzvcD>U0~!U2tv=MP{=?UVlfU7Qz#nv zAwj912Km{V%Y!$h)p#~|HmJYzi#b}8R-+198?{Dt-LFQk@z)dvwBp|R>^%VUE|$eA zynBiL6)@M!{n~-9hxrw-H^KYXH)UacTk^B@aO>16ReEj9@$xMxwzsU}Uw~Cqh{B(o zQ?%cSgsmK3Y&-y)ykdg&t(w{!2AYHuQk>nQx|REEh-ReQ?Uir3-}e3UYf>A@q3*0W zs;tJB4lCunyo)h}TjF_3xPDx?uegpV z*XPF}K|Q{RAiqiv^^1=<3sU6r+!El*=l;s$jI)w?8jw$n?G7jC_yGR&7gyPI>ffPW zzW@eNnLdAZIC^J12Tra6Mbj(@?h(6*f!7hjaSVvN&ff`#4&_tU2I~YxV=}=RC5T1~ zg8nBzXn1$0J_$VTEh%#pfWXM7=&=aP^y1AGE6Z*KG$xZ>*Eye}gr^?iKytqn?(_ri z{4_TjDV#7E@&enck!3~n(eJ#Z?ou z6u4?{J0ln;ewa>C@84+u-)PT(#@p?(%&Pv@mY*`OY_o{u2y9MaZpA|3rGQJRo?j@` ztL%+B*!*vixdVLyr3ao6)ccPf>b>uE+f6OEQ_e+;?U6(a9-EAT#rzVnz#j;rSt3G}Niz(Nh)hO`BKMckXwyAR6OCB~sSmuAyPH!QgP}%B)1NE6xI`QV4%2)!uOFH+Y%%F`Gzu*SYN2;}3yrz!dl^>~}TUDjHD!RPir zaqQ|+flA6|ZnJ2w0b&TEw0@9aKhWuS&Yg$3moDZ@%rO?y_S?H zRaVS%EwNhs&_B&Hc3IB-N~t9x!6NAmCbD|pU6+~tn?mVMJ zA@qC1biB*iV8K0c-7sGD5!mZSTq1Jp7t%WOh*q{k))C&E_Z!LQOlSN&>v) z?@?IhmdPKND3G!*_-RGzP+c?{mXc$EgvCrQF5U*xuSW-9B-(}EH!?a#wIXqFm$He7 zgQ;7@r4viVmqt*O^*LNcs~mI01f`=&3`MJ)XsAw6oq^7n@Kfqv7W+YuApM-AM1Wrx zwH#1fn18-OXF;R=e;$}^cq3@d{(n51U2*&W@pO7+_y1j#M*Dv+TB>{iGUb&|7loey zJZB(+|4awF(E?;%?lSm<+qLO0P%T=FoPtSjv>~<5iT0fnD!Y&wzG8FNQ<^EV`iu)h z?px4co`q!2WckR$M)>*|t#;5TV&EfGd-S|iaW3j%=TGOK+c*Qt{iI+v^;5<>E;M2O zNVXxi*Yw_l5)r=#=2%ST0%e7h%9;GU4?9Y z^=B;bF?)6vZ8|1Qb_;{QeHpQxkG z_VM}jwEOsTGZL8Ls}9o2?F1_B;*z5}S`n2^5@)d=hu6*@xA_qqoCX_j_^7ZA6USjS zuKDC>XQ<8kd0meWU_1LPHng@hDth|ANdIL70Ib&kqv2#S;_-izk;VUYQjGLJnGW3o z00~pOgKyo*p65a2l}0|y?O^~#iXDIebEdBg1*ku0ZxIK`_m0p#Z6E=2TJ1vt1xHiP zilmgFSr)4>gF`BEJ;07Z$rJfA(tIUsHD5?R92u}}AM9e8cNLe@1TPj!t`+p6TPiU6 znF5qp%u*RDQ45n;HFhmP5)lEE40ahLH-nv*t zzR9S`vt4V_oUJuU&eoa~M^Bm*M^7R}l&#rKUn1Z2%Y4l;g0j5MB0Z|dtB8r&s1Yf} z+9XK~O@9w~%1}S%4K8|;uLsrs<^|b>Qp2f1nvF1;3WTN_pDFvaY5OlH}pHp_h_1oPJ_%pNMo> zyl7!X_OMY|CVk!eT`0|vUp2DF8!*^c#@Z1sGLfno-Mlbop^KWW|7HM?I{e4*N;v;< zIkfSgPRb$TKkWiQxVVqfbhQwW6NiA*MJ(C_fk+@AN~ev80FmN9&IA3?sEZBpALpXk zY|$x3`k$l;*EIv`^#5df$?5;;cx3l~ofPx)AG{Hu3RSY{>Qy!anNmTt>f`kHC=)(! zNf06yNOGP)62+7-(e+>A1-WlV2r8c|k^@iWbmRG@3%Ps+NRSGz@Vrnn%rMV@&*5RI z_*Qhe5QWoXxoMJ^l^;)Xe34b{p^`7d`!t zZcR5$|5%6roQy}j{+|pdHvdB>#c2PJrbD;rPsGxy?ABE_>Q_Nw;{i51x+zfvJh?VO zpTsha;*4YGZL>J_J%lu2A#zfbC~j1R5oH`h=VoN+jq_WCin2Y!bxj*EQ8FD54-&@sQ*)92*`g06DQP(tvT2Iiv(}u9A&k1>(f*VJ!uOvknES9v(sfSCC|G zWPVV!TYJwX9#PVK?L8ORL6(Sg=E4=b5YT?FF+r`qMyLu-3_WBN+1w0lHr%<3?z{kR)_&el`2UDGDgDS)_(=w z5+qVlumtWCsv#AGBhg$8gm(V;w+95s-AUxYaOiaDE~C^}rD?MJ_s?jl_?-Ehego4QkwB(3T9EoG*Frzt`Qj_ozXQI5?%;2M*|hc^Y|1NY zI8uf596n7s$Wp@C^e;N-*C15!fiv$B{@gmlTZG=c^ES1d5k?si8W14{?_~!Bw3->U z`jWm~WV)wHC7RZB)=*{Pa58k?`IpS5*g(7R|!2(;iw*MJsn z))dV+6j60Q)M3)`$sUG~ThXJxL^~xRIjp~puZxHNGc%o%y#%1ujI?xq`5?(2gzSHE z31Hn+%2|`7^0&8un}v<%*LV)x!4vSp?CFL5k#}=*XA<@u zEmtuHeqNWBm3R*B;w89trsHAFNa}6vR9)^iA0rWzUm-D{M^cMNJ?K2|{tnUmm}N)U zeX?CSEOMW0)H=cKGvCYpsC^6CKYnQv|9MQ{ml!RZ27+qhKjX=W&;L2SoZ0-JofPx< z&#z=Q93c)=%tRXyI!r*Q=wNxopcwjgBSaFiT||lswk8pyqVemF95tU1Z#I-9c9o*9 zT8k}}6S$)oQ^BzNSX06JATg(M>~f(_Gx$_0K;0-*IqQs5iq!W%9Y85W?4wXkmH=<< zZju*H^qVswZ{y2_)Cvvzx%L1ElT-BrZ7* zr>4F3p6_w}IY{nt?RpmY?+`?*?5UFW|G)>op?bPhH(ug}AqazXT~B&mR<5R>fOHc_ zDR6zye*!LKhi;^c;H<0AuDI1LY;@;6|C%?cjVj7X&_*lWxoxj_J_1!u^O&Rq71{cC`H(gg_pLt?EXcu}E*uFnlidlXlO+SGcn) zIZ}SY3SkghGS#2}dd#ca$m!pwSJj1p{h%Y5KEEi>veC zK*74pAVIl<>mXQAFzYaAKn2Mx+9gWZ_E5bUqToSVnX55=6b(S&n~CgdJDG=TM!c1i;5!@RmK5D1ShGuL;LZ+ zXF(WzM>=~B5+6hvmF37K+xL623+Ux`FaEPM`f!)x9e(i;v-z+CiMIk2pAx^qoxN-% z{_XtlZOZO%w&sGr(OiN?`oFjbT<;KQjsBku1^quA4yRWCcTrr|?V0C*klO(j4vnK; z2`K z{5`}A#dR(nF9^y8=!fPd{ogPRc%A;AO~$qx;9~W`=yEgZwUJ=N}c|n2>buprQQE` zQ})>Z*ZzK@cu%Y450pjx$mmWjQ0E?C&b>gKXA0i5pv_lan&|(Au+O5@=>OUDijV(~ zM_2a#k4{Pp_)q!X|5Wgv7Up?KmG7uhRW?U;wu$EK9>r;h-h7j&&Cbx8$3bZtf;06% znN3$=lx1163d42(C@V3^5^Y!Fu2y1Z2GA?9xDLyzny$bMtxi^8hNJ!pEN}M8S77F) z54i#}jJjQcxqS3(t-!BqhuLKR*AVtylsfLYW@1oS`|LJrj_;LVfv=sk6Fz%Z% z=&LrIjbYxEdE>3A(3Ppc44yfx`!?LB8Av|OdyeDh|Gswq7Dqr2A}za>jD|*2drCDl znp8S%Xtd5iG)6)rw_-PoLFL&Gd*Whi*K8gjux@Fqg=B0Z)AAPXaSmLb7`ZnLYMX+K{DH+3l-r*sqFRzZrgCrU*E4 zA6oIt=B7X*%h-ZhlAmtTU9+X)8XW~czrUfNHCA`^8~#gf!19HjbOiOC!jgY&a>muh z+kbML_U~8Ip4IAG&XD0=Rd8D(s`XR1?!IJUWz7vHigvNuGQMcy34-sE`iZvz*Um+j zY>V6S*(%r$yb!(;+F>QRYZ?BTe`^kXgFR)A;_=H(ajGvJCs=zcz_LY;;Kv!K&=P!c ze*U}`e$KoVB@dx9--e;Yn}=I$iXWL_PgcyW{6v+|Ph1zycXt^iH-nv*Rb zA=rWNM(D;cUi}7tVWdWlUWKnSdojbBfIj#qF5;>8zS$B(1O zVC6mrA-KVJ>7xgOc<}}J86G-h-IWBSQxs0^=UdNz0uRA=?z;X9*F`_OKK$KHgYQ7> zEr9^bkXtdNGWbv1=<7U=L#YVpS9cS~p+W+_d2<0^hd+QM0O^Cb-h|+{U>#(FAk^Tb zsIr@)+HMG|i*l)`?jzrw_k0^i{x(TK#C{$M5!c?c>z6I6q!eg37c_l|{QnAL|Leys zzI$Gj@Fnuy1+3yONgYup8JXt7ATAFtkzdtgSQI2xWj85^HJ1uJXNmVAS*2`EK7|8c zS*nGkT&duOL#^pt9+P76p9|p+VG$E(aVPTYXi4I)jsv0{ohtyoh`I}YiFQ;EjD|F! zT^w%L;0~IGlGi5dB(6m9Tf_Qulfky zeDHm=^`*v(evW6$1xfWHG5u{U__dcN{@)`1XS?UWXX8sg|I2tXw)cN_Quc`dGEQKL z6?oL#pQXRp=Keg8(^z2uDKmenY(Sm7pF*lL6-cdxjC1w*<|O=d^37E>YmjeFJKJ1+ zMmeJla+24eB$VZkqqE0xx#MJ+<0K5k%yH7Zai&@0#MMHeDdvomZg>@0I}sGOm`A$H zs498qQI=7gxUE+1dhHlX~+|3#gEGvyBDR z?miDxn(Y6&%>OmC_}@;7;rYKR08q=PjD(e?N_*Lpe5F{f9T|4Vxy zPVdN}uurS<1=!<;XSo&};IN@cSAEn_th?Vq!;)T0#|%|*_E(qxOM8;o{9ne!!2a(f z|JTUk|2rv%iT|AL**|-Xpz~t{2R-#iT&U*>$x@~N`*3Ls zR#BXQy?E5<|KV&jWA*>&^6GMI^?w)Toiq0`xGhPYEOzi>OUO#p=ZGkptuC}+>4gIcTNOW7@7UA zn*=-t&tQqykbn8NzVmw&zBqA&T0)VW4M?0Yh(N#B|M>9v0j-(uoZEQ4jw9zEw-3%T zNYY+^6=VbSe=L5lzxbXE(EsxXPpbj^U;byhiv}g3h39|WZk)#;1ZnSmKmE4pz3(r) zuf6yEY`y8d|G(Zl=O11Y#M{*Q^zoOp*WV=Z7vN{Tey{}I0M|?6FXy=MRDJ&m_~$lA sz#2qZbI=!6>b`&YZ`S@Fj_vthTWqn#mcy3+4*&rF|AL!QQveJQ0D60tt^fc4 diff --git a/assets/logos/cloudcasa.png b/assets/logos/cloudcasa.png deleted file mode 100755 index 7a6660f2ac1efdf42b5033982140dd597734802e..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 21688 zcmcF~`6JZd_y6U6_GOf^ zFO>*k3dz3j%zU5TpTFVTFDCBXd+xdCo^u}OJnjP{gUhVU{LBCVueuMxf z2K2{TVBZeeb3?;)byCiydI^5PNxRJo3oNSER9GEVyw-^$c+AoKsHe+mql7XZLJaQ*d3cfWxR>TsE0LHR4GL9X7a_kHiU z%760}40|mEIjx$AuJ_zOSsXwN*qQ70R69pX0XP6an=GT0H65&BuozIIIVus@a~fyh zbrt)gsyTdgkb1k>wPoYO zl`#o!YM8-%T&mcNPdE*rW7jC3GnGQtt&1;@l@`Z+^~9uG8V2HV=b^f(sqkAAOp}Qr zbL)`CKy1^2B+q$7S+}~(tg~EvgB1cSop=(mo7uMLt7Y#9ZQObJJrP@g%WX# z$T-VZj)UcT##Xc}N96KxCt0`TXt+qYdDmb_mn?h1kmGoe&6PO z=!oRIYIxEHR-q$0c;SV1Qx^*lI>M*`8C!|mKepJwE#HbyMzp}+cbo%6LTWyLKq??S)OF^cp&l`IW!X}5d`BBN&?A$myiBiz%z@3E zXLws#Y!G|FhT_@cnLaB4R+!k4EuTp(< zC3t5cSN)}9pD3tJ*qDsZ6Cu|?s1UaxVu<)sWjoU|2R%Y+7+nG&Gquv@H-^-S5qR^5 zXW}}!(3NJ|HOBrjP#w7KgMUlFSOh+00Ns6_#`*92bsPYEVBWJS9+PNIkpS<(26SRL zY6H4R8x|K^7Ym3W0MI9~#K_2pCnaJNJT8TC;mO?K`rZs{3~B&&%(PQnTgmi%cmUmD zXm-F!=zqV~q8JLk4b+>{>EA;ii(tSbT6bI zKQcCYJuVSI*Ot5j-EG)WEl>*0d_vC&Akg;xVFUjkBWF#VRd1M7J7YPvtUjUA5ZtR^ zIL%NKOR3Uh>0rC-stf;g1wf$n#L`%J+5Ea93>jl#%ObW8-ux92x>{8F0;q$4aXc*NBas;bj z9FW9nXO0TS#7ey**Vwt>Imy}Qn}&RA`Fi>Zve(|?h4CtTa_duC?h^;8yCY19Y~OM={8`2z+} zSx#nV!Wke){n%Lj7wq8|QF79Ffz&>+Hn{Q?Z|H;)C?Q-9IxiUHJctRPlTWt)0NDWL?H68XS9xJVB6Ocy5ZY>B+0MH3#=sAFVoux&K6H>kCV3CAxAEDG3PQR3OKp35JYIej#tE|f)xtt43}D>9nyZffwxH%1mr z0tm=O5__IzO?tk1w)8i5`b`2xQk4t!*47Nd8NeX#+gG>5$t4{#%pLGVMVs-8K5}l> zM$Aj?0_te4VfVzAgmn2iR+5p}2o*+5Yndm(18dYD8%!HNz0}a6Jred$?aYeD)#%#B zZF7&fwGO2$PN{#Lp{W%CT>hPVzuaHI6ZM|RUo382KN>c_#0w&dTLr47xnOvAMUmWG z6x?SD<=%Kg2^*{r5T_9-nU~|7y=?2JV_QF7AbDm> zPju(k`!w#bo1&nJE+Mkb_d@YNxZlod%h=iLyEadf=#)b23{BtsI*|z1M!~!i;K!Nu zIWYtvXf_e2bPcl-e8%^+kwmP*nukXTty%RlW8XrMP3^K{9R8H}D^n z&VznwbZ@fz3Af3AspF`>BZy)WqP=b#8gE4z*7?NRdry8T7wI`<<4;(y z)F!ZDDb4Da6VT}UZHXtDLTnrTc3T*HqKlleS8STTxjBDJpwD>xEl_byLNIW5vjuy_}@GV8B;gtEk656py#-oBg3=#j${9~fEXi?nZQXtaYWE)KV zTJZJs1*ohumn~>9amQ&rId}WHG9O1o+V2PtYcbqz^#d3Ol*ny)9#O|8RKhHM?)%A} zS-7PO79zdtijXxPmkgh}BcTbCo;TSB{O=~xV--q9j?o@~r&)bDBa)2&`6U4vIpvi) zSOhqQOxbsiG4rinhQ6ISMYq0bs&SFRc;(_jz~(@r8Huj5{tem$Q%u68o6}c4v0Iu% zPRXkfmfqz+;yaPVLM|3e%#N(6pXGjo65lxEOD)PX!IE+bY_A)td>4T|!@#C7gClN< zK;zUG8;b2qN3p370zL2hIOn&HZdRQ3Ih$!1)Y{+j$>u~SaACKVeHbEiMJ8< zY3w54hcO)vFkhHh6iM4lCk9~?7McgHL#996uh0{V#>YPXUq-L%mFC(P@N)p_Tr17k zvCm`XuP{vbxl$YThF3c;;5DNJO=xua-F>NASCNtz3vAcb4>6y<2w^KkKcoUMDZGjJ z`Q*Oby+<%U1*n$2J^kG?oA-3JdcE&==gKq>L-8l`OZ|BPQ6WhW?8LMQeYfabrI{Y9 zrkt$V-@ng@8aRep#;DDXi3xqzm$<46xKyi3Kt{zBd5JZ88dSk$hN$QgVo736Hk{o*BNXvu zoo{!zr9oq%GjlqWVn0Rz%=ccp3}JPUSfw1Z2;wWu`sBS#L&K1jkcm+?%m0d~*b+G) zF!M~cvDfVGWf!$E!UM9fA$*-R4Va!RCcb}N9|n_N?^#UUwVLsfve6uFGb9}>W25Pl z0yxj{G}5{zhlZ$19^o(M*Vi`k$Hh12wO9iduy!r9;paJd3YhdT-#JW^!yB2(J|m{R zXnNlyM0S@!E0jkpq+)L1EA93tQ&0<-;n)kv`j`JuwyBYuh9{t~2DO0VSIZj24z5EU z>|@?^#Foe2zgAKK)%WUrVxZ4?%KDLuOlLgad`*Z@lJ&YF9fRgG&f8gyzoS0IH9Unu z1=Xz%o#2a+#6I52w*Ms>370ypcXt^_t%|OU@2^{Cr!O3->=~-LUpLOv`)2?g&U52G z4wlF3a9E_xk-JW}vY~O65377w?(6n~fKdtDnlxf;ARxWu#>{C9oFpc~SJ#Z86S z2Jb3`dj)Du5P%sG0J~Rf8jDW!Gjuq!C}+54*VO) z7Q?|r$ck!w7TEJyT1(S8~x38h}6DBal)=iUnGx3_AvG^e;DFuvwosTC%D z!+hY!xT_L>3U{DSSux^!{yMiVx%a76L#6jgt{o1fW>up0aX{Y#zqS>NPXd@Fck@kJ zuYk;@D8V8@ z9OO3IgU24*5-vc}Nq}Z>Re^X6k_0$s+TXk*a~Vz97hi9gQ1U9{fm3I;iUT!8%DlT# zH$I0me-5`AzYDpdvrSudAAlO?WlnL^+u#XGm~@8o0oh3RqX9|Gzd&qn8=8u8?RbRI zT9JMs@OJRhX4cw$xHF8$S#pE;1xcZ~QQ}o>vIKgLqjDz`EUWWusKmW50xmE#MQkKq(a z@C{UKfWp5%_jQIVQ%r7|JYMtZIuB_tn0Kz{)S}6t6tJL6d=TmGgC_*Dg%G#iHjMAn z0*Bi+avAOA@gBbt5iM-OTM1jC1H|@+mH&9;c-NtHwi`uyUluktg^qpwC<<^K-dj93 z>eF@h_a7yTiqEIDA^g8ZvnJb)OA|sKs#5h?7dC$7b{&oji4!9~wk}9O?&dg99+E39 zARZ1tbbDOYp;Tyg=%$7?dCu@c@l^37{yDK~-@a#lT{XF^T=Y}1FqQ(-pTZL^U^pfe zf0~Fv`mgC=vI1Cjv-;8g7US(?Fk&UJacw%5k+d#HdOn|9vxQoa4uV&HsXv` zFwJq8emNGNZ&<+0gzz;HJub@O?N+~@=H5#?#j=+7WHb2n zSiUMJ=r~9Rkz|OzQ_J+KF3CBLy5v7j#YHXyj}GwJtGd5t>g9jrN)N!yvZ;UP6==f4 zWTZa@MS}nn;@D&x*&0xYblLLDfX zqWi>$sQ5Ila{b81X`yM&Y%z1v#Phx}uN-;#+Vl7o}MV zPd37M@eCNFAlSs?SSOe-zNKe3{hIG`fXMaO7k^=`xHpdJTnhefVUe`4U!_Cd;*U-U zK2>8dh+VW?e}+^!@CO_neXyFXJ|>Z$%}uqa5EPOa9oq=0OZVO)kIAi;yJ_|pSFKR} zde&}dv;lZ<68lgdVwGLTdCi{=@C1R4InX>>Mbqh_~ zb|2D!tjNYw{%PWIImybc!r*Id!bcq6H+p&8(hMFHG=zfR|6IQ>j3jN*$*(v1T?z_} z=<`>$TcrM;Aw*Fc?Y4{l@p%8DlaCmtYDCku@5}z)mCm)gEs101Nr)V9Rwf*?uB8sM zJ6EzOC4dT?O1+0qWOSG4lV7kk(TW$$Exg4$rEVlCgo&$hwIbdR@-vq?ZMCY=B2*lA!}Oz|YT=nJdA<0_q;b_j z`EYUEO6`z$u=|OSNB&E*<+jjeaZ;;3L9>3bIp?#~MtSQ5`Ov9FdjMCpDIYO)zCmp@ zzro>i2C|*~K9(`%Y0`O!%5!tG_gQ|naV!f<2Jli5^hcze+Tg>#cKfHx-OQ8Q zA_|Yj0OSu8qOam|PnqR5!>JgY*ph}cuUYm>9rg&O8pDnFPm!f^H|Czo922` zSg79qgRQv>hH%SFX~D^pZTmBy12>g~hC}zz?6~rW_3+gGWNC$&foh+SYe;;+{$t09 z(h+|*Y_XP$;02@vaIFA8D6;OKzHfPt?Yxtlq5D>n6tU_nl;@klJq zd8x8&qoECMK6^%V{ipVbt!Ynt{jcbpz^U6}5tPYHg8(_RI(Lk&Y8|Cdn2R6|a3Ezc z!7)=F&(?PU?YZ}4GM5{_X23+%{(u4$b7Y2PYeM)c_P$$YuS#hPmGP|lXC-W_r}bNs zBeF)rDpAn$A{z&y!I_!*t;9-KFuyAmc`i3jHG7+}mKWJ*py~z?_|X`5#Vo@$6|PFAhOg=RjZ<}j*R?wz zd=rpBuCez?fYc|}bqt>3>FauA>1Cjw2#n(Ue-kp`E7%5)ZszUQNbTbdx10_tzX-T% zvNV=o!&0VAs2N=RqDR&i6q2f3ulE#k%Gz{Q>@^KIH1qRlI#bxk5sv?X+}qE9*5*ck zkBI9&nDn#T1J{-Y98DDPxH4}ci{#nLfyODh$ne9(Bg%=O-`Y7o0-CPCz~89GShbuE zHKSR1@B;T$+28ydboQw9(sy7=h7OhSSczlNmgd1~q#&r|<`w@v znWD;~Jb2EmiFjeE%((TiDpBp!X@tcHnMzOW0z*TKAs?=D(|TFwdug#C3t4S;3cE1#A=lTa?=nh>!)^W~)^>PqXYWZ%T&7y~ajpcnIHVADSA$N8 zWcl%3*RjpNm@lU5olLFgFC=mPbLrjfm*T>yGHtvOW4ML9D)b=j)Mg=MAsbg zrA%o^&DHTS;ggu%oDMnW>3@QqpmvL}jNP9cuIJaP@? zxC(tSUd%^WI{2wuvw!obtSG{W9AmF5t^3Gl7Q*@Oda|0

nV+<`GS=M@~vYPP<&# zR)7Ti+P$nN=s+Z{N?>;TamM}^^9!Wg;bA43QBdB25g;Q!Pe^tXqt($5Q zIi$Pz)dxKz{j?zh17UNN*t0UYY&f8gWaTe~jfGrUr>4!=6gi-=|NFZQw_@Ttpo8w zrX*{tMaDs#jDk`Wv%%r%x0JI4DEjhzZu;VO^E;jz@3mNQbR+@Bmm#ws+F+KaNA~s= z!N-D)vc~q%uf~f@j2bH6tHFxe(yPge;Qe%Vbg|0O#x<7W=EZjcIhd_h9vh9*E-pc7 z37CHcEveU*rk;k!B(wf|Q{&@dEaaMmVQSRX?0ytq5~jchybGo+hs+Ktf|!umAScK) z^XT58Zn$+*LsEFV>q1J3dW6^wsRyv~XKlh}m_M5q@b*iF>~5yC zxqu{Cps~Co75o~l1`tO4!~V`NXXX%sFG#o#Oz3s8ui~(uy*u%1ls-LqB#?#X66-a1b2ruse_NFZ@2#;kTGc{7+2SgOl=d_S zuF`uNzA@vHBg&vnIG%IwV2E#Us^RBT7LY6v^N(2iJ8geb5?uLd!@ZX=$LOF-HrK#t zpK;?KFZVJ5Afsd5okc{yM4*LMtFVz14_C!4sYhyD!-F&8yG(0n=(A6g{<0@~$As|c z+a-W`va-I7XrQ%N&448=Y6xL?->isiMKOphE!|9qb6M)p%LLPWQWPO0UmA^IKKU*Y z?%nOV4EYCX(A|~;`GUu4v`GUE(#_RhpaHIe)DyA5I>fD5<9_n-kzz zX5G=)9+DELfqf~zSq z!hO$XAhN1VmqO`+X~239?AE8i)qCSS4l+8-c=NuI&w*w|AM%qHltsW#{JH=a#EFD% z=WL#n=Ax-Q*!k+H3)B;lOZMOdR@14t4QsbeJc6Niq$ofM5{ywYH{J2bs0QJrnBBE# zSgZ2NVCAU|^$uZECM{saUbxPEjHradiF$r04%h|Pt3${Yihy53@WQPbQ zf#@qe298ep1<;#hnnVXP) z+!Ns7@2Nj$ISQ;0_@`?q9+V!Tl~AYqHpAc!G}1QWiz2636!L_pjT79Eh)MGkfz7 z9l}4?Phtp#9k47%%VC>S%Ay)iVDoJqzye*EuhDPurMpc39BoDn_vx?Z)SDTAA_~%V z2p;Ra480h7|Lb;~me6L6CC$IWtZqn~ti4WE%Kr;+B+~O1_&cAtwP?wM zQPzGS0(hG<6$NhVASPKb#~z5whU+$4qdyEf^2&jS7OiQ%nb?cKi=R9;%PWaMo(jfp zMF_y(`0sS|vf(w^@8>iS*#q+3psNMg0hE|mu8&5q0(MHVn=d2ebCbl3Q6YOndbkwF4R> z&+(kVa{;B>Ji?%9DVDG!1U$6sx}$XHp-|v0Kl3|Jklu>}2d8*E3$Ll_iHWIsdgdjZ zKxITk%20dikzlPWEu)*%CPS}c0H%ZqCT%2w4Hm|9h8M2(g2- zFS=x8h6QkN0$GxPXpmnHsQ7R)%m{65e?g}b1pp)ExAlo)ku9h{^37D)wBTj9?ZrUK z^nRjd{Xgq}y?E$8L+y{)my*ulO^$*)x#1dP9zzLf8f;-2+epI5>irG%b*X(aPgkvI5~dOkS?t zD`vrz97;pJ{*lSMf6W1q%vir0Va9W?2{H@$G2}nmfd|{l;RY;Wi4l=51IiX#TM3wd zp{qN2Ln(H2_kn{FekNnrUh|d)aP29*f&t|ANS06zlc(>RK2ERqWfij{oMu2C{%djW z@l68Q|AMD30@T@-V+-(FHl1|p39JIu;tLHViM&n*3zCrh4aJH2R^XH*T`%UJTIO*O zCIb0~8?Ci343{4jBR}X&WN0v(&5Bq5p$R?un;_${AEe;b_=>UGO6DAzRrVzT|L`d`; zbh{9a4c~Zj^45?b(2GNrFKIU`3@Wmd;()$%T3HZ1!Q4*nGE`_Tp*goH@O2JAE~QI? zaox}WT z3ZDI^FxE~iEKJLC){RDdDNpYf3GCI{N7V3Rv`gcbVm256-`_=>#{>;k#8EGkYzo~h zI&%92Y~=ZZrRN%EtJmk_l(AOa4(juuJn%q;PiLaz_Vf5(0efDRA!c z>4SFF7vFD;E)wTr%p^e3AwHltu68WUm*N1$qQ0q#3v`tO8kbA&TVi(Brt!G%A$h4t z!Ku>#$@K^skJ^LL>L~F!*3L`>WB~!B$j#=3TMXJ#yz+tpOJ+s@k{<(!8585?vya+e z|K%JPVPO5Gv)wplmJ?OOohYK4Pj7Vp5OL^84kabAV^GwAa_0Lm2&8Gy_qlv{SY zePmHx#s8)*;jM3j;3!*O3UUTA((wN$4f35~f3e993^{?%dJQuCQ8e18z}VY=mMg)T zQ4;{dwiOhVXQjZny2B-4G9Xysh$V{?0Fr7{FRmyDR=|`*zju{J^`vq#mgP^d4v-AY z$^ZvmyB?0cZ3z&Z7J>#wcyAZh!kq*L64gEp$-g44cYq*)*bZny82mc#sEGEi=DGy3 z-K>s~Dxjs=O+n|guk;WTM{xikOfB?F`WvdhhVMEu&UIpYt7HjTCjsG1fLjb)uHftz z0UMWA2Ei+b0ABL_2j8~2^^hpwRHq@@0t5g$-ir)wad@%|#RZAuKw7;+@Bl#K02TDn zzA~O*iLv7$01B^u2)@c5v5kZGRAG|3Z!*8_6D-H-V%Z@az}r;6sD9?*54IUm^lVO@ zGDd6|^x60E&wGBA{tLZ2mxutO-4p0u1^I@A6;;bf@Ac z43aQjXsRc59jam};j7;d#pAA~3TMGquhc-GeE6oj7;+ZSCWNBR;UJ?g`T&4Xe`@Z6 zx3kcO?Ex(az=@hw+RWcYt-_&%5d#4E72~IgXOE%hm2j{+$zr|;ME_&-U*f^G@#OPp zt2i_mCBXp%KWxHeX&u@dCP31ufQ%L@Yix@dWX#}=_SXRyJjjLxfYa_o!7MSfjhSss zvfjP8r~`-qfFphAWf_cD0^-O-__@CJS{L2bjk!)~@CYiXeKK&c4apqSetp8<&*4}! zBJ?U?B&Cgb@Sy6OGQiH!valXz;Y6Z!2+xx@SJIFpT}%LP-$n&X5^@4U;M-!T*)e?g z?(9I7qK%-czyU}p{Jt2S$>>xRnjl>O06X}AH#w|;v10==fOle~3*`_H-CHEW#Zl?L zo`?`H04_Wet`g`};_sX0tIx^~FGlWpaV&ERDMy4nFP)JfP)CP#`P z!U+F~LSyJzB%ab3I`{kdJTq#0Y-1bxwit>cxu#_8OIxtmkC;;G9Dt*Q; z2DCvRHZssdeHTJ24IV?yyQSp8y}l(spfd@GS9>o9kb-1}uk;1!;J^o;ap$3JVE$CH0z*ZN5nSt*#1r)x%y9fI^qnC8GqB5DZ`7R2M zo1Z}+)KQZl$_)>uCITj5Bricp zv=MELof+zSxkAFzzX2HDvDJl_`cR?p1wlNnnm;oh=13X?X*dPi-lPA4E|x>$gJUnVUL{kS$7 zZs{S(sPb=Ps)qVjTs|H}N*gsD6@R@&&jkQ_6FokTRv=ub;9(BcsqAU$RJS!0d)>9D8lN9}+QM z{+h^&M_2&hU-S8Iqm>L;1-Cm9r*E;5``iCx$JkxPpO#g51C=pzUYFHY_DY7@Vhtj&Yj8Fw$P_J3D^ptW9bfs;E9R zRR2^G5)gsvH67aOCRU=*HO;o8kmaIhp^7%2;cX#VO1L#hFpFgUUwa_;-&H+AxYX`>JW20=`AC;Nq@RR5I&2*U6Hdgk zy}qOitfB@b&DQzBgh3nNLmZjO_m?Bzd1J{a$uXr{V?=y_>N%F2tB-~`nXn%nnwN1iUu??gV;|a(8wyz(zzo6kkCLiu@ig6`zlnKB_9M8}!WPXj-mO~c9t~mjc z*p~VIo}yjP6cpYFWP==?iGb?Ykbv<022uC7r+~vv8o!EyX%&77`Hzh6!uTUmUKred zJkaS0W?X_~g%17Df@-cg1ClXl`7G(2!x0RV;P*-{9rD(AE{zlDa56-4v6QXYAFgOt zK?e{P_V(vb-l9dUCO->2xm=J4L~1}3#TaYNu4Lq%ZSA7=BNtX6Xp@>XSV~;QQ_fwC z0a~@lrQ9Va?X2+#`nR(vw?DOV$*``=|9vv@Rbuq4N-mxg>6Im1!6P>S6k|-1{o7bj zfQ$-h65F8@Ri=sN!YB{-rbNheLrLq0)Qt;ISz|G0gEdSJW z5EmXnA(>RQLcpM{9aFyd?nIUp#N;6sjA4E*pffP6gyy!4=v#^qTIL&K zBiTIx)?OrPp-}kw(IBdYrv+t5m$19{KkH+f^jt7^Kl^Prp6Qo~9>IQCC8CYUL~!e$ zdTX_hrvMjO0M2uH9`D@e^<^$j3xinfH-nQdo)yye>h%y0RI$2^E(hE-#?(g77V?d zRE`+_Y770_7X_xvfD^|HWK5uMju;3}y39#OPNm4F?WrjZ9Ltac*QlJxwL->?Y#9{M zs50$@ruA=+9NePx$)wZeLpi^(3O{!@yn|^>ggeK=se{iaS?RQN2;WGBiLmU|ZvbxZ zhoDSZpQl8Ln&K76?O@!QGZ5sYeepC}$eRifS}^Ve;@GKb9Rf#uKMsld;O$B_<^DIU zAH~n76A!c=$3|5(t9ct&%`swQA_|(;41C`;e9$Fa^(C48+?F8vctwLSEJ62Eip^uq zHB#J{JKXZ%)2EN!F0U*wC40lyx3XtTjDR0|^tR4*;9_UJnB_gh0p z(e1FJ#Ve1c&75V=_i(HF@mTZ}s>_cFn#T#T{d<>458Q@$uDSL;aEt0pMofO}3SF&Z zB8;w$)0>VTRA&fr)m1(gj=S>BY;}LN$^Vi)1#Ms6XIvHsqVz{!bW#>a&Hh<9G)fcOc`#?%6eGFSWiaX1I=@7I{GCp)3B7G!} z8CS|+_p;18Y8}!53DQL=Bgj-^y&oe^6$W1Q#`C1arJ>)zD5G7uatEH%c;M|sb@$4e z3au-6s@X*#HVJ9U8$H+5tO1jb9?K}ilqBjviff&EsmP&}z&eV?{Pz8n3~e%Zg>7_F zB+XaSW!I0oo(SmdpIl}KC9~GIGzX`Mm@i+YQ;`LJRr)V%)aCZhY7(BpahdJmA*zH* zxf+f9?oL-4vWhls9&n0122!%1-kZhDQ%0s>mCYUXyA%VZIXZgOE zeVKv9y&?MV$Z%B9J*LdjvFm=?Cng;`*Ep{rded*h=XWtiTATlz3Yw>OzBf4+ zLc1X7XC+BPkpPJ#vqCu|Qfz(kn9(=EZ;e-Q;c@RD52KlvZ;dv3 z8HVgZyt`_zCUn#DSjrWMU)6h_k9%*wc-2rnM|7g9mbE4c=s$!IsJ;UaQfsWe>XxbS z3+EcNy;x6-7Dn+*8PLX06vY$7;p3-HY*{`Z*lv-jU792R4e>pPv1_H@i)`$Rm&um> zV&l}vfGycL=vU=~lVm&@eilS&TKt*py>gB51NYmKpx9`kZ zl!;s!p^%Vm_CDGX;^gPNOV1pZPzGLce(hxI17Cw@HECnbN%APv>8ZFUBVhlw483I*ur)cn%y^Lf!VC6UJi$$+^vWwM4iUPmVb*tQ*bYENgX z{DYqZWr!`LR<7-2<*%AO(kEzzBp&A~(Or_Dv(sfDM1Bri=)tdxPL9-khMN9ks!0aJ6+e*2|Ip0+D-acl*M4Bxju zM1S#_(!NmWt&F&E4&Wu85c&Jg5Wzhk?sJr+=qPO&O6(0{_bwa=79(;uaS&AO@4fXVs8xn`xA69~#O`n|W;rO6 zFc-k@6i;{S%OeIv{i(;U4_CaQ>x&sOMi&}BkhOLh-MbN5vr9xRobC=*{pW z&I%4!9)7S5T9)EBq}%$W8ZVcxc+RQXtRLQN5J<)RT)*I1SR&5=*%bnvUG%pTVBWKb zz5I{Q=SUxLgo>DcW;2EIarT~G3aB?YujD~-kAY2S<$jUo@x_p zF$m|$fG4@1Yr4nKcT6XtY^JrwPWvVoh-NLlr0Q{>l$Gz6DGKiQSXtlrq5&DnV9b{d zc2YD)%`rcV@pczB58NmZZ=hciaz*oM<+{Ajw%zYNs&xzgr(Qgb;;80hobnDtxy;wK zWsRU64gDpQC7VH?Pz@OT{CP(XZS6c$Jgo5Ty_L#L2&}(#(h{26a!_CUi*XBm@H@h4 zyT0~udvgO_YRJ84L#93gRH0^^1-CwXUat$}M==r53HrS>(*6tue;2dMhY7V^ss_Y8 zvw95CzhG{(GK-R)iU+?3K}qi{XjqE~Sxw^5a2k1x?NC~^9zi{G{+cjaDTPU#Sjqxt zF9BnI6{PV%Ud|YFAWOl0vl%O z^a;Z0$FK>Ruv?a@f>C9`w^kWp-t;>LHdVVProVPIbVT8%|ZA4!ih7Z0@K;Fg2)eSqW$LyAO?odCcb(>;=@ZIdoVkI4H@z{xgpUHM( z4}>P3%7LX71!xX;!Ox9}$^=Ma5`ZeJ8d!O7RP{2({2I0weJ`OysL8I&Qf{5ZgPPCJ z2S?pn&%ooXvMkYhWIR$ox7_*7Hz$7bL$SA~l>*fv^# zG803nhc2Mt2rXgx2+*H4f_&2t=ih^W>Ofca@whay0P)08A2FQ!q9q*$wCqsET`3HvuZFmRZ;2YJgU04c-Fh|QB2P(pIUaaih%vE=%`ddYZhwui59&= zw~zwW(ovc4!HeNXRD%Y07FIp--pQ-)HcRa3KPGlPKBw*wnrbzxGq>Uo(H?Vosejo& z{@76938mak8AjbYM>;0K^;<0_q{puvz836&q+t?d$@C+^WA;#c7o3~9b>wS^zj5jn zHAQfL|C34oh6EiTEc@!8T3R+no4R?EnAUx2%QPMH@6p}-Ve`BL#v)4wayaKRCMM7V zr3Z}s)F<&{m&fMsw_L!MRZ#SlfH4(u(WLrZkC}Wo(hNT$HnKU&T zCff*6<=He#_rBADf75nHX-=CVGcEF+IcENL6qX?6{?*}2%=7Py<901>hNUfR((W^= z?+wwYmmJI(_EvLcspk7zi|@#B)_;VGdv7@mKX~k%+Jimo;U+<>Uz9A(nqT)P%jafu z+0Cw6L_WT<7UHqpW?)_cHfGM%i%h|-XKQIbpOWRjy%;zo4yHEy-XoK_CqG{bp@_ zcjt`naKodlg>+^0mb!mu!64!hTFcWD5@g+Ni=?BO?hfVa0k_fu%FcoYYuhsQ`zZf{ z4`|ikDycq0m_G^rp6+coJM^p#e&6SmGy;d%L!F&)uH{Xoe0GmlKds)J$v~d(9LMg- zXvl+L{!8G!T+VZ}a{j1{6I6DhXZ?-?&*~DW=ssFy!7x9|ol=?jlcVtfAtK^$0?+M2 z7d)BfnIZ+M%nOvfa(n%V$1ed%R|}GG&(efWB_gFfTf6VOnSd0o+oAVSrk7m%B}Jet zbNsoAE+UwKIS=tmfeT{cIgKk@F{XSVvJ$C3%*@N2Zw#%BDv_^YmfCMObuhetn}YOO z44++ajDh>iASn0F`f9O8!+F7pwNS`sWQMO3IxOVL# zY{CyZrH>7IE4Px|E`|RqbXT?BR+iGxTe@Y?&b?f;FTdUG+cc$L#=ZP-Up6y-P-<4E zzifmWB0Bgvp2BVqyj^tgu*AjaBOh`<-PF7>h)5q?zO^nGf8DM{$Kp&m&F5SFX!hKd zvYqkblV906koM){n!As=6%KQ7E2E8*k1wLJy(@S-5TjrTVcj1beO7lu2fB2}Anf;g z3*-A51o$Tg9(s$*))PRT=u8><&U+opA+dDE3bN1loK;{`J$Hdp zm<$(6VR}6-mJQ0#qx24}kqO0}1Z#T|rzLDOKEF^$0A3tuHYYcbBMKf569XTqqz?Ly z0PEH&eop{ZzYGaWNhVC|73j+bereO$1Oyc>1Nd~SvI~FdPMJfwJfdkBmy9pxR+kw= zQe_t=+^jE_grbzv*V+V8JUMG(^WwLCbO|Z2UMF4=eM_$NzXTxn4Xhtc|Lol%CT@X1 zlnhAD&fVo{+!}h5NRJMd0~MPJ2M%Mj1K+&#Kg6&dL$C~Ex0ne6(ay%7Av{H% zI^mkfP?N<-96kFrBjZHJ#*=#pYBO~N+he1{K#o|Ylw@VDWf>|4M89w7Zw#~}bMp$xC2G8gGWkQvv& zW$1m@QC>WBpldrPo12x!m;{!e+bEUe0k`#REi-lajOyzDtL54sp-TV%Ime+nxx`po zDw@WOYm62e(8W}Ry zf(=*`Di|R$cXk>%xue3{SKv?NW$D~R88*V&z}L;W#cAy(lky-b`*>VwL$Lb!;lqg& zI@ai@Eh<+8c0@Z0`+PN&OA*%1_U<@{lfno&cbxJf$&P=Z8KZUGdawK9@!M(p5XlI@ zBrrU`hl+hF?6+i1>@0NH|Di;vw99B}>9IRkk1S2GZ@r-4Q6KGhiXB!gc6 zO)&V#ep(cv1;4VvXTskfB8XX&$%&E&Gk#o+p=Wl5$OeWCD)^Jw@-Kz-wxAF&ZB#Ly z=8H&Y>HUH+8=+(v@X6!rS%sYPQAT&g%YZ$D6JEXt9*({V`qUp% zfDq`aRQ7o%5>a`yc)udnI5i+MULUn8M;L-I@g`z_X?%S1gsrkia$JP|`_nHx1z&(erj_=B`=f=y8|iok@_z$EvbkM8AV!9>>2yb&!?kNMwRP& z?9N*D%({mOTv?hyK8|{gM@>L4DrV7S)$(Th0ov5tt*vH4O?ucFDLf_4zze5XCbL9v1`n zz;y+t{$z7N*!`mWx}Jz>b1=<7_|g&;+(L{mdIM30#fh>`+&acbCUf_ol1c}^5myaQ zVx|(6jpXVsY|D9oUdz;5PKy}4_K(2_o2PwuGsNAS4;=BqludP%64XF#LK_bJwY))A z3y#}68gnH2tnj(Q?pCMQR$lD1O7D~(FGO;g&id^r#3@VYA(I5*fHY92@?2)?R64^NWjK<-u zEwc>vO(40V1^>18U5AI@0J7Y_w<MD%Sd9Bm7~Bh=3Vn0Rld|Pwbyq&TgvQd>jELqFi<1xy5 zxOzEZBsq~|5aQto^f2~}H1*7h+LB(`ZDdGmqwKJo^a40Kvn|bMf|E6BQ)5rFZUJPw zTKk~%Q~7SCA334(XSG73IN^`)jrUa@3NECwyX2m^1&Alxl2i~#+eUchqLYq%3OKH~ z|L@CYBUn${+?K}vv*`u$+g$z9HjZ&r9Xi42;=!N0)_U?zPcSQOWXl1^#=CzGQ*5JT^QMkd;P)iot0k zh#f|kblqiCqBLfU%VgiZ4maCczXhHi+@&~hBJ3@HEya)KZ7P10oSGrZljVFR)h?*y z)&lJeyU|t_6)N5+X9Wtvwp7wYgv{y$2qQhYtkB~oINg3>lmGEK6lG(_TOb}Pn5wJl`SWGbl4r7R_H17?r z4C3h6^cPuoabuXmb42lIgf|3gy(GA<&qMo$p~l&MhNZF2q(?7WUBq?fVEKGb9w6$) z_TL1R={Ol3qVf0V1ff0|DwkW%sr1?9?IUDk%4L1siQ8dN@dx$X<>P?6oVfQkCJym* zeNU2x`-|&~NXnoW7j^UN$+)3nHbJ-mPQXT-y9J3tPV#DTQ~1s5*x!Owsicop@OUq2 zaec{p(u!HG;~O?#*H#C_+AANwPwZ?j^j^ip#CJx|f2Ilm?dez5QI(Z;e=~8h;>D0( zf<1Q4eRBT!s*-zjRn8OAhTVRwres51Etm+%NN*ItA}-bWpuzVPuWvD2Fre+(o-u1# zAmq42E!EV`pDvwJtiOH>-@l3jO4Gg>s8?C*PwD8{ahp8gL&e{XBPa6G-*zXPNUTKk zv4NoRBNUk1JOE-#{W;q9${U+OoqP*1kbvnPK~Qy~GRDgRm~H~AB_Pbnh+BO>8?Xr( z8tMDg#46`dXg9`_8?tI6Dt8Fm+>p%Le7sSuV@~bMYLkS%%F(Qp=tWW8I?mMj3^taZ z&N^`e-7>BNQcX~q*M^-lek;#nu%nN;FA8Wik!jnph1{UvykCg@UJFJbA%?6d>>550 zPI3GbXtrQHi#l4Qx_Xvk_4)6I-T9oYc@t;*2pFbohe%Vsmptf{!0417Y+v%-)Dby3 zBoE**GAHGh#_b$9M#Gm458ms379mwRSydB774|e;luT0G`bZFuj!;y=5nxd~-q|Rm zd(p?M8&Rtt1In<)^Q3Av%%qawt<|L_ z{xa(Nb6_$nW|g(IfSYeb7!F_Lqov@KI?U13b;Za55_0d1ED7$i6^f>}GS0bY^dH=^ z)5TZ#9a%EzFWpLuibe;h(t`vjFcDWfQy})$a2h_u!#i2L)2N>tVPJ?>IY&uW&+Px7 z#m&0Ai^Q4l9W0@P+a4wzP?@{u#{utwk-HBf?Um+vWm&08M8SQu(IOjZJV%yoKT;+c zOitbCSTQs|7WN^i3SGS4K2UWpV4eia+Ta!GeM2!i@js)`YT!(TH0RO_$0?-4S}wQI zImvZ|$~GXQ>3{xE+ia_FI&II=SeT}t2j6|3*niP3snjH|KfigWLy)(TVqs`X#P(EbGF}l;_!Tk$#mC8T2+u~ zX`(2gcahnU`t?y*P59mTu8+%{smk)s`c;@Q9bquna%NWZmw@n$6%sl!o}yvAIs3WL zJpii>;6JjWkmf4WWrj!t5sxiqJ1jSQ@GOz7@|Vhp`5$FDuNGCHEJx(SzUb$2QniT$ zTY4T>74!Wa%~{s{yhMP2h(@3{p0hT;MHf4l!0Fv-OK<&o3`D!LQ`jY_Qw(g@^{IA`pP*iy zW~Az=JBx3s%5y=I(>Q(rD553ct27f0V+IRq>cs!~xIPi*F8J8UM!uQ{a#{8J*gzwT zr|$<~fV#$i+(6HsU{_cy>&O-DAwakhxuqmiRaVNn!fHK`{Uap{&QC4=d0cD>K}Bof z9eb~QWa%$z0zE7!w;>v6S z`!^bi0=ya7F%!sR<;e4)3Y>Hz6;Qf%>y}Q%l}hEm1oa0_PN(TiYC%x&S~wmrYgh$r z5j-Fo^E4&R&+BufPuM|jxvRpxFa^1If)AA=OQD~@c&W=FYI9{bfH!@M6k-V*9RZ#e zysx8(*BzF7K`E!d?VVOrI30rW;&9PV=Zrg(WT>_{UrfnMM~6-Ccoq7Sw&8u@A+p`Y{1*Dxi|8>3-#? zi&;7gWG%f__r6U0)4d9XNNZI(Oiw9;sf>7jPFy@Ls>`VQrdb&Qj98t-y`h67r~wTg zCVd~VpH=a6x#<;o<(h3Wd@)woyOCV0bFTd`LVi8Afefpgxv%f!{~&qw$)IrnJX;W$ zdRIXu78N-^ZbQI8fkYW`*sL{ubnjyQsXS@#^Z@mI3w1{)pyMFls%Ar<{hag!WjX-W zwS%%t+fb<$jePFqW2vYpJ}j(Z>IE35aWuLR9K1oi(Q*@*_;<0Ir8RY@qxp^Wob7Vi zAd(#BFzK2^lInN4k+Q3-mQBCKKtMYXO0AMSC;`LK7(TYG6Q&4Ch{i6Q6M}Ktve>{! zE(K)j5KgdsuL`>nc(^ZCYo1;OM5Efuy^i{!Xfi{PjsVTNSVNfD zall`2QCn}xGkjhYdsh~Kan`+d1F`8FFG3gVm0(bjnrH;ykqN$ltqU>3CMB7gNxe&R zl888#1$bl&scCG_ZZ+=LN&`YFB}jpf|7C%R+KZuT^~nR(GjI7bUqBEE#Wr+}zj!C& z4%S)v9Ax$u&VPQ6o?Z68Cg*$hxO{KqnNJ+^!T{liiRGz-4obRI=>PABADfcM8$*nd V`uAGI+V|3qZ1&kR@~qfV{|Ae7K7#-N diff --git a/assets/neuvector/neuvector-1.8.0.tgz b/assets/neuvector/neuvector-1.8.0.tgz deleted file mode 100644 index eaec866c23c2c86d15ec200f6f9f64838921bfb6..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 12279 zcmVDc zVQyr3R8em|NM&qo0PMYcbK5wwI68mxQ}k7KZsrlnlI_HE^xN5cJho@XXA;L{d$MQi z)TtOEAqi`e-~yl=ZIb)he}xwbJ|+1TClRMABa=X*0W=zoMn4jq&2bGZ+j8FLrm;{|AFX_5Xvt;odjH-Qi$+us7V@-Tr1U+}R%Nd;^2KMx^PcJ4EIP?AuA1fdBZc>n+zj_|Mye!T&q|dDpwbi)+e4KJt9vILH_g3-2l$;~e*= zfBSjZAMW%A{@|$>Ba#S263kQ$93v8qfM;n+nfT8#asYaS#yB8?iy3CvtB%>+wleJh z)E{_j&wsK0=P1fBzYhk`z5a)Tz3rXq`rqBz+pPbGc%Hx^o}erepyyw$rGgB-CvY(% z90&&l|JZ-^(w|TkBO!1I6B1!r;1CB9Vi@L#5j2i42SH(sAw`_y5J(~@h#3Zf<1|77 z^SGt>I;wJc;t~7P4Q_KMdvtRSn!dT z^3=jJtA9TTXqJc(gu0iWCl@rMQG}V~cTeDWqH8>Z;tO1pD1w9v*$t9#fuab99so{c z2g4BvmSGQo3x))qE+i-bu}JX<&S(^oWcp_sB7xO==DyKI0b=y-JY!Qlf?@II&jig8 ziDV-q71`EX+|#TM9dh?rZb73#iOAj3IfdeD;i>M!TWHAQTTU81b&5*g?h^cWoU|34|TZ! zr6?dm%@g`}#_+Es!sj!@aBEv!5tSVv04_`0Kh35X)%&+A;FJ8M7)26HBKpx ziu%zc7GtVd1PixC%?<@4aq#A@SS8Tpp6?;L%JMS`X{{IqD0WXiCeyoTyC%Ed@x z^Xkv@3%N)+7SDi8Y(>ehOf^0FNX$mi+v>?Wl!1^uEudKx%F4Yhl#<>v7-s@vGMx!X zFb<)|@U^5XUm!NcqUWrK+VU`+GR^np{?8IDc^#o!DWif0G%|ulK9tR+%dL)JORvg^ zw^Jv>oMtS*?lO%?OoTz~iCh9{HiF&3AkN>!I9AMLd+$HCUlH?~;eTbA*D4MhD{lWZ zP!%-|#3*f@un-AU&=AfdL=qx`$yCW3BlwVigMPoC{}F{KU8x`?VbE64EyqzDtyFHo zS1BeX#IAB4P9~HE^}WWvUwNllx)E52Z7g2U$Z#7ow?5#>1P5XSC-gj+;V_Hr+PuON zG!3!OXoM^DsoB&gr#eqFs@lk!*LOFt24LH`;$&{N03H=`L1{CE6B^=E%7l6qQ561y zB9sJ}9iO)Ew6a@juPTUA%QXEl7N{~Qs-Q1H`(p#!CyBr;LD2|$60P2C;rKioCz2!e zP?~b{SI=8zQ*btf>iBo=19!5|-rHuBKbex`U0z!K)oKUQkJxaA7rdp0uO$VyxBh^ZSWBSuFIE_QlL`zj_YNDrB zimKC86IC_Sl^$SOOLMEOIbvHZOSbffKBvKzJad;3c9E?j+K6Ns!76f1h+XaQk=MY6 zS(XSAV@(nY)2kh>PPa-~7CJu-@?$DQgqiG*SP`V|JfD%+z$kz=La2;g7d8PSbR`&! zQ1y?ghr*a}PH1wC$1_T=l&Gdi{~*ewpmlsIfrrlL>hh`rt)&LuUw{PgI_TFyF_WQ?=-mi?t zKr_Kfh?TA{(A4-${gJEY;m@;|K={a$=it%S*8BIZz@<%ac@{wnHZB{Xdo|VvhHH7#)=*tx*+W|OveR%Zt^!3@r z&wu$&3MGMvV2TC!>N10;D8L|lb*8U4`X~9@j~~IO@J~(?$q|0;z3=lB2mO>X!T)FQ zzx~8u@UfTQTon6}Z(jM=c$|^%Eh5LK6*MFeej{Xvz_G%E3nVh$M`0-E0jqcBkB>ds zG7e@mzcKlX!DIB7d}K;fR*Z1YpOy{r!OK6-FOJUYoxAZE2e#=I$F|(V0-w=OySqCr z-FxYr>XsAH#nA|k1;l6p0$pK1Fu~UllOz*H1ux0jg$c)}My;NUGyPo5`8yK9OjXgd z=aT+YcL@1BSaBGy+Xm>V=K-7_oxM3eXdu9q8)$)En?FsB?wQ%L2uYYEZKBBnJ7>m{ zFlQ&~=ci`8kK}3E|KHAVlw!vFBE6HVz-9aYV5fTj_x$;b&HdklJn!Fc{Qz?kkAP#L zuJk0I`Z<=v63p-je%MmWX6py<=v^ws1j%OP0tY(LTfMRy@k}`%LOdY}hF)=dCrkIh zFTSh$#=bTSypV0kesCD$0A(Blr!j^s;T~P0c(5L$`hKx%*x!e*m zdEQspb_}j8RUTk6$;Z=v%*WK0X)UnQpv&FQ{_z*pfzi*a&#QxHJ{B5EX{#u3ExlbE z!IY6iOrZBI_rK-63N+pBI+WJ-yF`J`)XF7ej5Or5s_8YfqDw_+jHAveR^@uF9dgH8 z|2C#4@IfhFu?M}ky|sG!saezJd4Q*B|Ic+2zR@~Z8SRF~LCfs_Uc7i--v76U z+uPfl{r@4Jip|{>Nx~7F>*@AlERemqtr(v9d>;5ULNVo(ls{?}{yor4&l+b)o~24# z5^P|8eO(XiURsB43(PPh0!=F=OqXOKxi2fts62YxyHNSZ2;^zOs(jfLi&OP>dr-VD z?i?--PR%<#G);q{RdbG-qpI$6PK6vts>kL=FiqXjF3f!Vl!kXW|4r-PoR`(z?_HP! zE?NJ(d&5CR{(td&FxagBhj^3-M}u7{!MRGnLcjJM$MGDq0~)7N@a-vU)@^^#gYS4Y z=7PZx{2}xYP>RMRB7$Jv|D!N~?f*uE`T70#h1f`gosKpWDim7ZH#Ywtw{4wFGy)$# zmW+;3CT5h8f2-@<0-ZjgTk~N_@zaFWPdCM?f(09+pkGGi>L*@BqEg9z(rOOP#*NDD zj7Ht8d`yy%BvT)y=_h8*EQ_$Ri$*E=jnOPsc=-B`u(+*K@0707)4V&>KXQ|A_1*3` z^3OSDV^eRc?tOiT2-iQZkqBn$m%bA9Jm2@d4V|>oiEQ|B5K85^Te=je5s|v~EzMS) zs8ks)7)J4GWaA8Gt-;m_s<$imS~I*nf1!UlyK$+6^L{l{H)Oqp{aM-UanN>+oO1k( zfqXYb%~3=`BuFwfqGrh^OOsHXiOv$Mam_&KJX{7Ue}*{14ZL)Bt?9nmLwmbr`+QK< z|8DF*9_VRb|8~_oHWPQMi>;n3(v)`z@A#d-iTo)`jj=!t!u(-Qt(}~xY)ti8@FZ)q zRya~S!jdy-_PYigljIDeaB+?UnuL4=F9xNcRh>M}7OQZ#s-aqpL@;~l49ybTH4pM3 zGXR{Kl225EwH%st<6bhvb_5m3$wcl(i=vT~hWm*i`?U`MDZ>-Y7!D6JMv|!sl|qu~ z@id|N>!Wu#$ck7_`tji!lj%$-k7(z;ZqKxJfmu8%eKccmUK(fjQDc7eE@fEhBzV1q zuVc7qO@8&USBoP!P8vSzKyY=K%BW`9Jm^Qzlty&A_(LMmD@SjbQ7)9jf~r&DKh>CS zcJ_?Zekt0UgH`qT&<3V-x~(_X&QgKiE z0!`uL$6l%3VpCbUxwU}1(|O|-o9Rf~EfsMpDte6-5wfvK4`?FrJ5gTVDI;?d;b|#o zhki=d32qC`3nwqGCE*!VGzGgY*sm#y_r{;$`^CvW!; z56>zXDRy49+;`@oL*i*~Z2$1h(b>iE`O#r(lfN=r+t)z5&>3x0<2N0y!}$HCG(0}- zMC6y_lZQpYkUnLNEPo!kXng;MIfpOyqEup=Fc1%Pbzf!AAKb8Hb zihvX!w^Bxf#unrUe@>%YK@X;kW>vvi!`Gi~(*hQOQLr{Qpg#F}y>_-y{j-GwlPz&|LJeak_!j4pFMs6`_lk#SV_mUXj&WNzvHRKx#R&y>qXBM3T1N!DA<`zc z;9VeHTPRKt#NQYS@M&2R*vZe240C~)IHeH@79-e?uF=AVl+{$zB-&S*cE`!b*}_U4 zO)=wy3!I2Is+ofbk;?8G$X6$o!-PEBm)foIu=O^`yiB=mH_l)4R91i&6{-_jgnC{P zk}Y2a)V3)$vs%e}6e*TP!mf?Ef#3Swytb*4wRh;WX~CE(@>`1(zv8}Chb{}R2Df9g zuYr|iofvV;fv>W^*IFr6THf3;aAx0a8I5LAXxJ1xX|1%o`dvF;Cm6oqTN7U0P5mVs zU0^Sh$}pR5lNvTXH$>R7yDS$xRdMoBw471jba(ZecL_J3ZTVdn1L|t3677ggU@G7{ zk~9uXHAlerFpw2}-!CcOQ?=XVig>Kc(SeUi}wUePy+KI4-N*3)W`!v@uEci@=@D z!%)TkPW01_(W1UsYl0>Be>NQ7efodwJbzJ*|FpNa_k45z_YhA*{Ktknz$UF^Jql#U zE#dI4t_c$?t|_}B$+TvFb*wS!xtF^$R zxMFPI-fTxjWI8A!#Kb@6=pw%A;^nV|z1FFo6XWk43mcY7}Sh)OGjlDua8nv7SJdYRqbbz z#beAyFdUSETrR(b-z>h(;`^KzU;7%XYBD-km8qj6204qU-1kQpS8a*>rxJJE)(mu+ z{P*H{P5#?`v9bSrkf$|*Mng17R|BRJ#`QIMtR@29l?15UY;`haD$)KiV54zQr?~xMX5_BPI;?ic>lf>OS75QiadG!JVo9Y zPI(g?`gxwMuYdqc{cWbhiOO}e4)Jx+&7F{<&6D_5(4y+>*F=oA!}mgs71F7YV}%s& zRc>4&|J^R|t9h2ie;n5Gzwhlm-^71^kY_df|64_gEu|>_eE3J6HDm-QG{MaQV~0N# zH}g(9x{HHTYm%i$q-UV{B1nBzsaJzDya}A)N^t%>Y=e`94xBYY&@Mk4*vPikyQEvt z&l(bWm)6K2_=PBq8lnuhPewBlH^w(^BEHg0tWPmF7549gls;DxyJN09$IhAgeBOt4 z-t|~bY=YBDjO+WIRPVs!uLpa#Ho%;Q$;O7xxusU_R0L*^yMszw7w@IT>R1S@g=eO zoTH4Ps5TDz;*%uPEJCdMRVBTqD!acGAHp`O`Rgr-25bhYswOZ0U}NIzfK5Zs-bj`l z`naG>4Yhi6Ula}|dw86CbjuaHe|r38=e+b<2_PwE5@PB0HLd#KHJ6hQc2fJhk4k6S zn#H z9R=?WqAo~PT(6FT%jguA(CW%KQAVaDLDAbgfVQM>ouAt~JgGUXz^&L++Dahz&tArO zhUTPwg)VJkLLz~0UY*Hpn3MSu9yg{m!l)_2#SQ1sSP*S?oAR^SZ8p12>DlZyt3$h= z-6mx;cvPI~c08iyVYYJR8;+m8>aVxiJxbb3DyCseSC`=0&5D+DhvjT&DHB?i1+Bn< zR$kr9na|3gR$@FWLR*RHEN400EMf&*R%A9yA+4|y8a^`ouZ%EU34Y_71>!A*QF`ep zF0{qfSEXVzH|}4Orp<(a?o_xnlxfhrH4Tm`;;P>o3Kd#7)6PZ(w^6}u4n>==S<7$cal(yDJjSmZL?I%vZrz4^GdGbA@NNiF?dzEs)Lrt+Kkk_G4t^)r+(W2d{U+Z@&<8SbC&y(R>JTgauxMlW*wlcFg^e zk=>``>D7Vw!ddy37!J6}{|_e<$^y*%5aF069N#AS=koX;dwbj4wfG;~I~)JMhj=Rf ze|G9W%j}ibyj3Qx#CDVAc(R zUKx~ICFrccvP!I#({nzijF9rs{hc=T$NrrCUaS`>rjJt$FD zhkVyM6iYjIqe5v{9$cKge0zR$_U7p9ZRMnWN1B88_0+4yHZt#X9<}KjUhSXk|8{it z_Wb;1Gh#hDne=Ln)jGf8iQQuL3DTf9HT}4Apf_QBp9#=mMSY&dYl%9qUhDz2d25_d zZ$zTE&n3J{J74(C_vZO#$@%Y2lK-xd|82LP|95+H|Nk)0`+EN0>KU*muv9YtK2*5e zTc-ZK#^dbPxksyG@P*`%XxW9<&pKMI*^+X!T5RQfqumv6l5DgMV^}lOXcf-==lIoy zG+meVgB|I8f4aBqzMJ*6Szn)UeXWtkw`Jj!GWh<~p1}80Z`pVHbjg2rlKgkM{5Krd z>pU>668ksIDtgkt_rJ3hd5?q!^qL#<<@#jDP z+Mh1|e<#U5SK$BKwfsMO+rv%%_Xl}axc|L*kbnxexz&l_%g)&7_R@w4=upkbVi85* zFDODufZ6dWeCOQO)u8oWI)!^CMr0X4D>{{Ss>9h3P2r~^Y=SXv$u|^OH|?BzKe^FD z-~H3X|5KhmVE(tk&Twx~%m23XV#EI*;;Hcel&3YGuVX4zG(xA!Hd9&c>uau+JZDp$ zR=KuOMg%lY`_>PjkD_#j`d8T)vjhvQl)Wg5=rs;c8J&;_YhO=z`oq&l;-1yureH5W z&nOkYk_a2ORG6TM%kQd3r?%b^4^U(zYy-e_**!36Ez9{o&fo4IzB)cpf1Mm%IDg4+ zrx$1Y2S@79Ex^-gC^9VPcVIG$zRi z2F4cY-3VShf4=kF6gxgWC|7e_n^>0Y^FO%_M9H!UkKpNSv)Mu17LRX=qol zszItD3o?$KS|=zcwB{kZ;gqc7%KzESjCJx~&!b;aXm{@)+Gl?wz&)y`QU03;4=Mi* zcZPNOZ@7{F9^`2_WIFbLRTBW`lO&R*T7pygh6|jCH%hKJh!BZ88MA!Q=HF zqX4BSAY$PdFWaOS?TEOQ>V~yBfZ=cCOApBMz)utZm%@e-5$&Ts3q{vEd&_PgMT#~G@O~U1A3T z*IRj+mO(vM2U2(FZtO(55|BslNLrmR{X8~DQiJ8FW%#u(<{i0~-lna)b~ddy-0E<8 zV;u7()adsHpE$x*$I8_~MCwsU3jEFw_D@cZ&fXrrKKSG4?CqatE&i%4!`RlqGAGDx zF2BSxvDpc+sxoPk|8%5D<_C->|D@ylw*PuD9MHuwJz^E50AGySW|e|L549ZT_| zEZQ|lfu_{9vJhwr>CI^JUv%6l{#p9|+(LlxV1`3=Z(ZRtcE)T0_yGUPs4y-3la4P+ zqL`cAw=ASVgP;Zt!Wz^Cw(_95>}*N*s~D{z;X$XA2kS|CEeyG1fpkcGu#(ib5}=ld znKzRD>Qz^+)+7Z&qa@fy3AdL9VYx&IH<1br##JfEPEVT@1RasemSS<+Hk*PI-WZuq zBswLJ57guT>`eSE8IV^`KNZV7sYlgs}DTN!7nlR?HJ z@UQ0J|2LfOUmW}n{_oJ+cNMLpUoc{r!CzFXJyk%(^-YAY{9m1nxm!k2K>|ONF< z?(RSSlhdRJeh5$B_vFsd8@=z@eMS=Wp@G*RZItsD2&5>(Hr%iUaC0h zKYsfU|J&IAHoW-u_tCenM&F))`|r!Ay^r#F3QuQ3qZ+|= zeBfJc;=@*MKF!%SYHm1Wco}V_>drTtX%k=_b3Uy zCy?N&_7D9oRbeo2sNKE(pYQwdI*ArQ6ID~91Sw_^kp%a>{^9xCb3qyQp1=W(W17I5 zgL4Q8<6eJC#FqM3qwn>{|7Kh2U;AP<-ID*aLRCsblMwv)XBKyB?|1e=lSqQE`PzWzxSi(>u)6C0!8v%hmsI3h!jj9 zr6CXwEK3rSOg-OPZvdkahD(zxQQNUx0-7Td$+O`z2xd6Ag7ISHd6$=$0ZllKu=f`* z;v`J508?9mDnXJ}JnvXpnMf7}42z5{0ODD}C7rT)LBKSOs$ z%rd%d-W%GBr{b%jUpl@S@`VoxP0mcgKhIuvl~se&IH)?KB={3(9tS!5#}io43}$GK zl@X84LWwLDfjO%v>Jy3#)D{9$xwR0XEp#A176VPxWSAz~CfwjwJ`aKK=OVr;>1%@< z({8=GLo&ur(iHV=kL6r|?>hy5E)53wei?_KopwjHcGdX_iZh07PQL*^Z97ugcV*39 zZ`9KOdiqf0CvLa(96foWGClu-1C(*B#`fUs5WYK5d3?cA2^{8`e7}d329cbL03|TS z245V)7*8aF$eD=c7%8J+7KmqnAi>x0G+^OVm=&Cda7!3{xR8^}!b0Uv^n^c^ke(J5 zu5fCIW`@<)evMcN0gY26h@zH7A5PUF2RIh0QJbLMsFa>cQAj!IJ(HYE5~>}70!`Im z-_rv{lL?t-n%Q}tM0G-=h+ZqokT6xYR<0@37M8Cihm5hnj02sh&kmol$H;2b>j!PY*zM~2KWD+F>K&d zh!;M?(>{_f1J)<>|NM2#{zfJ>R4C|MRzC-B#;ecg!RYy5Fz_w~nidENq*LP-2Vk%{ zpz;j4AK+45i3-&ziWQEpk6zhZ4aJ9Lsf0wTNcD1|XfDm7$VA<8E2KP?Wr|rpr6E|) zTF~cgEsv)>HI8_a%&qpbH0tG5F5#Y6xT(Uox}nD@O>iQ(1ZDbqjzAyIa6sc2Cm{~4LS?%z+Zt5cs@>{T8moQp!>f!7!0!kb z`m1bN@k7TH6JBDuYvMQ+ixOrIRW6-(W$ly#n5f>GO zaa>VBE#U0$|E>3F_sbw(NM9R=S*sE4*kSjVc=Q-!?32?Fp(j z#TLjZv9U)au!DlA&W_G6VE^Fx2o&gT0_!%&alYlK!wGlbrtH{=agKGwmMp9628h59LVIPKi$;AFrL`Ar| z@+T9b7kR_vH$=)`r*%p7idyBK6mbcns|6F;ew`Ll9G6;1m2^;QVS+=G__ZG+mCoN; z6tA*K5PL!Z{oS4{N~@zUDKj4~b@+6T0@oypa)y~__XjFw1w8H$gccuxBtevg7*1%Y zLS8-tH%5@+946{(A6llUv3s{(Rx6E5+xqH2>6WW)6}0YV*_HYr=Q8Xf8&%*obYnq` z7pg?wGoA^|Zbvttl5CpC<XN3KUmYqJ<4)G%>GGT99lD z?UHwyr-|-ZWVsr_JrB30%+_nl)aX77+hS#ajpxi9 z;ys=+n-bj1wqHufbOH$tF~~!UrWI34aT6c#WP$@Rf)jdftX41oI%a>nyuyo-s_8Qt z;R>;9-YnbD;*9}r^o=N#hjKKLj8$)T>gebox;}yD<9J*0u0+;sq8mr+l#@+cmM~f0 zmhUDSQ>p~5kz_2md!(33UNAEVM%8NDSAt2TbPGTe`2FJI)I`}(+X_aZBrf^-ym6>p zX-V>Q3%7LQlpA28@2Q=es1I;y<(f;YXe3IlTx{)WgoI=YKv}~kW$uQou9k4PGFm5LaH|52+ zXE7KKGRANsl(kN@DC~hQw=U}l-GO|3b1vazSSd}qT(Qo07K^js={YwjX4{UPWFI2p zzM3b+HHp64qlvy$R3=T$lijZ)SJwZY)OEj(MqFZg@$%d^96?|A8Dao^>7*%mjPpx% zt_?A8w1DqkV)0b=Th&&3Zib?0;WE~>Wh6Utw>|;XozEICoaPuzvGR>mhv$O2dU5J? zi%h0e3)JRY#4=LOtzoC5PZh8Gyc2406jRM>FV7Mhjw9LS00!`b{4a-6@xUnGp1c#7 zB`5+@i068y+!~-dXKjATioaICEtxn|ss*%}xE7dlChIfT>X>h5&H}mTnX3k9XzWPC z)n}s@vaBrG3&SxL*j$_gm;X~@z`^m>!6A@D;HfzcCs^_kdCpRU#jQz)nBfH=h9S-P zOiPa%aB3R2jP2rWd5rFBzDt^}>kSevb2kc8Ob$t|Z&Frop-c7Wnm238ClhPl zVeI2rmI$H+siJya18KlojE*O6>GHvXaENGtBDaK@HPwUCRe;-_qP+9d=^Z2VX8mHs zrASZ-%jk+y!QkE?Zo5vu+v(7xK?Em$j-e6_>NsLApM`O^YHS?rd>Eb+VA;md}3 zOofOrQ;^ya&(DJUe?JGeLb)p?Q1w2QD&9fo^m5=c5*NKeVN5tDG_lrG_RO7s0P`ik z<8@EMl2WRMSF-kzmZ$@XmNi~U!hG*%p*AqbF3%|KCj*F9sQJ1fdeJ*{hf#z%>*3KIAt^@9D81IRTAQe%q2TO%6u@wN>h;dN-nT| z0l;aLDPZb2TnG>;qjKqOX=@^FYMmBM%QZO9q69N--M!GlpHh(0cuW%OGo(-4(L(Q> zFVO-s*mK&M5QeW&6!mS#fa8P{rSuJvKpKkEg}QG;uI=r+-M5ml2er z=SQCRBm9z)D1>w-8EVUTDy;ttCs!olkVe_mCwlyI0p1q%euVveUpMM4*|C)2xv~K? z4MZ3ygDkOb4LCH%E5||B?5oZQp&DqjUvuwAMS>LyE8%bQf^R z$XW--=P<@eFpCkp;-8u`ZJvjCiv3?5yOn--ad)X7)YHBH4~IKD!)pGA!S?gb{{Ik9 zKIL(FAbAc%E+kvF0k%ePtcsl# z#ilx$j!Q_@ny)%-v?3r2ngXjeEzq>ov{oRt^nV4XlO;oQp_*F_ zwW>Et_Yk?4e{yHfqDVtnf{|NDcE2XOdRj52|%iBxWn4-)5H4 zg1aeRL%hv`qZR8{r3!1I+-iW-g0n4OL%P*isTJ#^a*egn?z$mp!Q2$D6L`xVLMz_q zr3!1K-F6w(g0?AMr|yn>t9J5!a|C~uDlJ9-iFG0A*a4ayi`)*`_)yU`C+#5o2my=H&<-)O=>5aQiYT9R?>jw6US(vZP;7v7*-$m zb&VX_2me*|n!Gv@#`?Q!GMX;NyJulN`-r9N^VsR|?NB$Xsz80KPC*q*jFqvgtk@f1 z=NMX)kbM8KhUL0;87udqjKdn8X}4^@Dc!GW_TIh-T;bss>!8In{y~<4(}kO_h88pY zyIK$pIIh1Yx=r>UY*{q)Wv!L*#A<<7*e0w6Y^ihBu(feIR=1JOJBX7kuCIC*fYT}K zhhFIv08O1d(0&<9^&-Eh%iol8*|$w~tLxpe#r2su<+V)1uQ-HP8f!b`7k4!irsZ4A zL&=$Ky@`0dZf>13q1(LkMRB94aGbJNV+_mOwp)7MRPD}*aT#0qO0I7=&*s@Yo9D*Q R{|x{D|NqWScpLzJ0RVe2C076d diff --git a/assets/nutanix-csi-storage/nutanix-csi-storage-2.3.100+up2.3.1.tgz b/assets/nutanix-csi-storage/nutanix-csi-storage-2.3.100+up2.3.1.tgz deleted file mode 100644 index 1120ab649b1fdd73568df61f992fc88ddc5a8d40..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 11372 zcmV-yER)k8iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKDHciT47=>E*V0$1sNv0IChyQg1n z43Ut8&m_PCplr3y{oC)si%*b}{7Sbg?4Cv@!NCBS8O#g@7?KJ|@NGBXxXT4)aEf{- zGsuL$fN}JvM=AY&zkj&Dum0`#`_+H@uMQ6Xw7cIw+<$dAc(r%R{hJg>2o+FZO8C$NAbf6w3bLc{}x6QLd*gC9{8gFuoZm{0~V z;Q~exCR1>sp@WmrIru=MG)CZ*;W=X7jLOz$LL_|H>rJtkrDH#!anB&so1rN7a3EW- zwcs2I$oRn5)l-gGK#4#^s4vsr;qKwVw}%IR<41#j|G(x(``$HL+)x(sq1Uy@cwI0u z9qk&VxYq^W<4FB$-kn5{%Rf&L5pPCb7rY;*M5NwzI!4)Oy!`7C*!6e!{QgTXhL{M5 z31X@-J-Q;j6?Eb?5B0n>u>JlwX`+X?KL0NMpTj6c{P6_968;|?3|>|FfA6rr;s56- zFTg39z%&v-&${9@2T}Om3-E4+Ilvr1@UP>aUUw&y#ZU+of(edPg;NwnkRdRK48w7R zI1m(!5lA5CCS zqkISmCCKv>Of_>r37v9t!HiOl)ZpCUV5SBeY-zEzqlDHDI9(7J<3Rnj4Gb9s3RYpP z0)|w}bM>uiYN$relSEp5yccG8 zAd@1JhG+-OP46bEcj1D_AD;Q3D4*>RzQ`7uONMz2&LR{eA}VMdM-jaNrf+&UB;C=8 zT?G`$sC8fl88Vb6xnTkdg9a!A)d7-|TcAbHOC%m=B)p`Uh#}bR`|^Lgo+lSAy&S+W z#>A5hCs(L!dFbt@p2tzZkhsvxh9I|H{h+0%XSbLuvK;A}h93=5YWe^K1l<4)O3wwM zqDUJ0Uk$;~hHTOf&nO?w5DGX#Y>op|>*c^RlYTd&1u>5;O$26YhD@Jl3Es zeMR&56!U971pBgGH5J8HB^~@odEV5XdUOfJYzXwEN%AYOL+x{kG-7&W6vn(-K7aPSqAH#+I>#Ym;0CHiDWVIt=qunnfdP^Y_;0nP;9q1&JY3Kh> zGZZC=abF}4Fa?(B|9c063je=4*xlXm|8tbze(QY=<~SazMP064Vv(SuSPn}tLqqU& z@AGF**7DA76RFBbHA|_{bfSJM6W#Yry{=r8F=-GWT6A>tno8;OwZlmY1mJ(r#;2_L zW{wz>I^Uht8b|;R_tZ}ukJ8Bm--1pz2Zl(fersG$l+FQQ*2W}_q6PRRg^_Y*0GK4I z7rysTq@k<&Lbf4$#K9N^Fy#nv8YA$Jbc`550&(5<2}V)KrFsb>9AlyNVWpREjTdTM zPA^8XuGF4*f`V<|JD&jKCec6wt;ulXz9WbPqLA< zFSF6Lbs8(IH2hK(w10f1x-vXkeTEBoW}~8^l-7$J*V5Cq5lk2+VgfpU=G{N@P6e87 zcO9B*`dy;M!X!&JGCmqP!D^xn)#zFg9HVH($yQ%<8oO2;dHvfsn!p`kD2e0(-1(*h zI-ffC=d+51y&~pCb;3cY#_E@EDh7LbLIaNTmo#pgjV~=}f1jm&{g+SmEIq^69jQ|*-AZ1uAPAC!RR-9161%sFfUfSB@ zrkbC@(6YoKHVk!PNnRd|B6{;9<>C}G?Z3N>(kUj!W0<`@zdW&WB71g$#0_QF)vA~0 zr?sk=lnGv}c**b_M`()9cmN})cOM8g+>iFN_Q=m(8hy;926rX&DeVDRGFbqj+)N$nmIN$XLe!lQ5zH7={dSe)QGW z@#*Q?v(aeVQBhJ*ghbY`TyeVz6tknRwoc!ke>i*l>FwDMpGI#^{_*MZ_}z~s7>LZP z80m2^4VK;ky$L)7J=1ZY)8N|qxvSv@SaZmF5gzwUKYDr!d2d}Ks2!nyy#M>zr;9hI zXP+*Pe>!ua@;#&Ru<`y(6uxuG-XV#B_JNA!d~p zV)>DVuEyK>b!pPuVHB&@$i9V(fMU9mu3GL%lBskhF4JX+PMBA$au;M{O0orWsN*;) z%mf_Vgh-fBOvKSwTPLIQPiGgWmv7E5-nlqOb{L08Uu`M6I6rmO$*JsUU4mSR&x$y@ z86+k6cG&AJ=Q-1hXQSxes^Ss=7133xnMI~>3d9Tw z0LemsuEJ2#1Yp8(i1ao`wkQF}Pz_STXac8Dpb(5fl-s>dg`evRlrN8Ku=ZNt6Lv z0hSG>G*5@%yKnp7I^oR_jKu8M%DaS7K?52M!Ml?p*+qDc2;%&b(J?AFITIrJ0f{O- zC#FB{W)yC&cP1e26h&|`LIEWqAA;R}sgA%gqN&JU@0DdTVwi^6%R%Yo1mY-V=-rGV zKBG}s{Mhn9nMTnijc~9Sg5&50F8GSv*~WgLjd$J3m&H;cDHX2Wr3zPB zv#Lu~Y4ob-!)#xThG=9oVW}M(R0~h@CgjJ0{tLzt@WCA*SOpk@Z|!$>`=sz^sVzYx zq*rL3H&u9e@0RSWI5gfC6+-f%nyfNyIfb9q+ddh1i?YI^ogJr2{7|;2Vd0$g`?SBl z-q?oc8>V;U>i9OT5$oW*)(AOeZ)oP2*D7suHs2d$&rl?*vz484mp7dpHU%JoX0}_;e4>f z5?N{1R+%$ZhfW3MB1DWGRlI7IDQ%n3CBEIJsaP@*O$J}Lx@TSUIj-vvZ1qvD?1pT0 zXEr$S|FAB{dvNxbb4RY~c34>$=+Z*n8`snGx}F~DSaMF{#GC@b3kYz*%o0l3uu-+fh!|Jd7{|9O^DvH!oV+5ab$OzJGN{}QVgn9~mhN(g!HQ0T+(mH`rCcEPmPX~#08KiE*fPUoYNMhtP9vOq=lb@V}NZeGn18>`1tBsx2w z6Jf6Yy@4W_sX8lwOk~HoKtveXxDxOk(9tt0e}yPQ`d6BS=2`L(9D)eqcx6OPqYrAU zr+06wO|H{tR@&BMe7}@Jw zc5+3~T>%OuK2R2d#RV(9m2VS zbG%^FW*d)b9NQf}Z8+`@_Vy1RsA$|XHucf9jSQDBsbQ?RI7vL0$>#Nz?yRqmf!@9K zo)+1@qU_WM-(r_EU)tzX%27>OPbfg0L7R^zMeEG5g5=B%e(#TH;kTC+?0+o}p6>i# z|KQbO)&Aex+wA{8OR1m#D_+;7@4)-~xoO>0mx4LZ16yeMonu-nScTOsuoqwqIXc`2 zhy+w>HR}GeE>4E}hg#g#g=a&1;h7KAcW3_89|9E2DCiQ<+3ow^?)iQHyWQb;`}=+K zO}wyQb-;>%!lei1=F$8U2NG?dl6e+%`_ofINV1hC|pYLdpM}p z&j0)&$9}W2g#Qovud4U|9PS@(&i_73sq=sFQbNoAHl(L;iEZn}0bV)mrF>JZZosRz z?6`{&7=5W@{r8poighWvSN!Yjsve08=3N7}8|cd&JF-)q0uy@0;Fk68GRSW))d-o2 z`bI+IA+;9*%lB%Nr95Co^F|BI?ovUz4xr`6niHDRq>^+TVLp2pUQLkhiC931U^I#l z>mqe2)x)rB1-A-{&U-5hSUBF>PwSUj7O}6qZ0W;<>nPO1*ZNjWkYB7*V72U$%#6j= z-Xeef;U{}}rr{ICziIsX!%yZC&EI|lzob;4A}sX^l$JJqK3)S;H;3^&e1U0~s|}_( zRX(Yjecs@Zs@zMWTNs(TS~fYZ8Zew}VQOLEX=Z*f)3>v{W3~#hH!G9w>R^`YS8}{D zC6)0n%$=NyI?-e|`aaFNpe{~baaE9Y|IOC~eKouqh6&df$d=jHTuW8Le}0y7zYP%wU3{ti5GRQ~)z--U zb_~972*f5l;R}Z+{7(1nf7ekHPqxeDlowC5;pG;SkGS8}D*RRn8Ym3&QwU;x8pIw3 zSx+EWNG+h0g_soaP{dOrG6hW&Rh6nUYPRI<3RyE8`LQ}KPegb38lEplflEoR)}NI~ z@Jp*e|IuZA{a;-Lvz7s{ME~F2?N`r#?+rHjAD^e(_ptW;Edb{s?T!Op=bp#2-KgE; zSay@}Y&(wK^iBJb?B=gPI$xTIH|5^NCI9^y ziefw^ls(R+>r3N*b`NU#KL?xr|7R&Lz$Fv{F`{yH>PZJTGep2R#gSBcZAMF;r2yq= zqQY(gpP?uM(}<3>FveuM0~m^+z;mQdbQYdN5~}!QeY+djN*J2pTbn!ce{K8V4T%}@pN>9_1XcMHPiP!d0zRCKK!_Rl{3#Ya^m|L^Z_?tgxs@}fDLb|C|| z=e>9V&ZU|WrrNgi-pvrm0~2iC)^j2dn@CM>>tuAkT>&_ute8nFLUSa);u#Lbl&SWa zPPi$k%`XVlWeDR)r%}qCrgl?KwZe@;D-}7ZK&s6|-}C+{C7XtbP2we4y$)rk^d+DK z#AzgO5+QY!8VDc(FbELm>LetGF)DmYLI5L9!3@rIUfMAtXo3Zx6Ah=E&=4>LLsj>N zVSx-dUypSxB`hQY5GrthJnwu07BmG(1l1`_?Xv)o0AzEtmQG{p^oz0V(S*?$?E1Iz zvw?rB<*mBIQ{{u&QE*jC-w9@1*aMz1Bq@v{ebV#f?I}p~bthnk7;4M0p5Knq6AYnV z47ot8r@{745D}F30v7t7cWJVrQGxW8quk~}R!GhV{=o0=IL?`Z8B}T0$W+f@4As~c zvplPAR}x3bA*iH_^1*QwnLexGl9sI^4Xy`?pqnyW)tV1}q&Jd&cL3Hi0~s<|q9y)n z&~kKzq&r!Q&uAKj${4^TMQSR!PGMbaq>A@=VY3c{E1ehXDo>j&fm{ieqAMSqPgMHd zj3_QYob)a~tLB4tuqU@p8o;l4u8$Q5(9O1CCQjHXg} zqj^7nZUmIR)W|*uTVRX?1eg@Xl}^il==Z^P{$UVFg~ilgR@s_tis|1XDKDD8ePzBq zzXZqnk_Pb485StgGwXH1>kmI=kTv3R#+7^l^H7CkX|Fp_*+t|id_T%kRjbU#APWP~ zAn`~J>v1Y5IQjATQvRADB8(jLy5&^lQZBuC0WKL*xkxw`h|4J|^kvuI-2;>XX?nBr zD@lry@MwrQh*K_dajDU;snqi{>s!?crX*U(K~j3D&Yh=#j1eMW4kH|@JBTR(QtrGN zfmdqm-;YxwQn352-{0>I`hI_Z2aHpZ@dRXn9O^()9zaCrvPY0F)PXXcX=NeVj*6LN z56lI_I3)zI^U@ObVd6bXMZEDD^ zE2&XWmdSvMS(e*!u7hqo@2==jxy*#KEv478oFX1DoG5FkSnevdbTh>Y-d(q~EP1^~ z#XIjVUvOOIE?d5sTn+VNt}Q&NSXB~3f;(`fyh>L>R{<80tj5hf)73%Wl~N&db7)HIbh4$q6*(LEX*vzLc+{#2`_A5%Vt|&RDV!B4siv&D zw{3YrBVGv~FB7h%S1a-J3;k7>bR|oo8la9SZxRGzk*JZ7)MxT}<%%(v(sv8piv1mM zJK@^^++E#H_*KTUKT=*B1B2-IBSlPzNm_!IE`cSgy&T9T6tkxJ7qd*NOMpuIxw}&T z<^b{-%&V4p&VDZ!NGoEWlNFqL)LpJ$U7N-kH7%$g#e!t&k{WOJeNk|M=>E=AA<_9sSE!|1&kL z+&R*WWI!6paCB>nc~NDbql`m7DPqvIG*2AePPj#*F4T{V8m=o)eiSGpSgS0QJ;LA= z$6bM4)&Jx2|G^~bG6cgIJ&q4>ng4&c8vnU_aIky0@&7$XIWBnl)EZMz=Xcw zCB)j; zk2jJ}urVd?aE!QsaWVuXjiM~Z#ZBrB zjFIOw4@0aoR$Veo1Y#!=3^DO~|9kZ2LLcKYr;G~0dZ+mVeVCIAhRL+{UFrCqK5>-0 z5{BSZ>Ul9Hh=ZFMQVuFuJtnCmlC9MP#Ej8&s=ZLI1C?6sG`{OGGR~P$Zxmy}!I-8b ztb7VEw-xT3>WFAK=)w60{H<$TsT63sYaUEU8YZ;h5CO8&DM@>$||B9I&(i z2_^Ztx6s}i#%O|=%B5Y12+L$-AtI_YjxXgv>pId3P#h>Z%E&ep0xZ^6d13cxj+g)p1$0XAuNh=+6YZ(+&2qjbC5s4*w56aoDPy<*49PY? zN(#`7PZRt^nH=B=9TqqI@^kZXoDwV+`UE{5r-Cxx3(*`!J&vc{q8q&@rMW_!Xg7Hr zzQ~C8WdYNQFtFoXI*-wM!3WZIvNdA@05{eK4MY||GC zFoPtF%wBS7ARH9s?wJ!uwO}<0BDq*e1fls%6IL#7tPAMv+2~z%f})P17C-rCJeNdL za$qu1y~JE^wo8aMw}jqZiEwrLc{+~e^fUBJiqtL)^}&f!79}I;u!hhF=LDR<7)2+L zqbHX`a)fzT4(W19R6PoAsJfu^)z^+jV3m0*EVXL#uF;~aXD)_`-Y2Y(m|Z|iO%=dM zi#}U|v%^W~`6QL#u^OzZ0wf*b@hi0lC=Xz}oP_FkI6C-3!;vqmrD3=zXrzVs3rizrTUow!>fmB#b>_yd`|CTc6vp$q z%9|y{YV3l`@)8u>%y3}BSTpR$D57M_i|92u7S_b|Et>dbO;oM=Tt>FdLNXsH3nFRxjKtYEKQ~eRhRvp3gd-t9nA$aX~H}fOa=z*#laGyb3z4&DS8V=oLLDd2GLh zW|#jO%m8w9Rn4!D>Do;1>jM^QxW{gw>I57tpvI6$8PWT87RMiuxKt;@q}IH(4FVWN zCL$Nsc~tkPc{UoyQm>h*R6a&?qz8^R{w(Ky+SW))^#hAwc3?gZL+&-XfCtEYZiE=nmuH~Gkre`jKEmmOJ=-)%4Ai`D1c=yUQH*`o!`+2 zNDZZQ*s6J;?XqBk!s`StJ5xY)29pF4|4C)1+X8k{*YV}KwR&wo&18wSNh+-Ww|hGpTbF;r19ia?Z`sP_YH5l-e{ zyE;T4BO-PHPo?~mnmd;>q3(apC7z8~r@^=o&Mih|=T*Rwt(AC}$?D|#-xt$wYpkL@@$UcZ<4A%*Y$Q;wzLA!(N}+G zs%cH%$`RChKEu-~Vh+j&M%`5Rpl$=oWZwy`9=5@Gz*Sg7_~*gL25igYqz>lZf`L}R zF_+`BZMcjth=8|19g?LS5p{6Zjjg%0fYTU(8x%!dtJmMah3vnbE*;dBKqkumA1Bmz zZ%*F~HCB>@rbMDbr~nfz<(NKIS(FCmmP4h4{Ra7e_lT@S(`7hVy)~ch%7Kg*8 zDj2?y+he6}5yzrm?^e-q-P*14W&0rwxa?Gb62W_Pj@TTdo8Ap&*O*MZk`TL^5_nIo zAH5gqpL_K}-zB$FS4!*DQ}#z?pX{yO9qY+kbya#fvayksFDoipQF=OgB!;0DxsWWL zoNVPlrcC0qu=mn+AqnMgeZfkwSbOAByaJQHKR|#_NebGn`GYa@BXh z^zG$|a;LcT|3=S38@3NZHM6x}V=hM7h2uGzRtL0kZ01V2`do?ZPMb_a+5uP+o{fx9 zN%K*!~MFN^MH-TrR3zYF^Pq53~~|L&xU zi0<1^W9bw`d5A?`5M#96`KW4G-qSmFfR1%6o_QIjtmHDXld@BvRlORmVb8^gb2wc= z7cdn|J8b$IBD=9BXEP;2>gyVD=d#(<8HsyFi9Wb^^X_bDu~R#5V+0~PouaVbZIEp| zSldj}wYASUA{?um6AMCheWg}7glTP^LYb#aj;yPy`?ru=1S^5k}E5ZiE1Uv zyjnpXERB?^51Au!s#WyYM19@U)FS#7KA!~rlyWOh>yo|(@m`X@BIz3(RE?5S_?vK>dSUS`uTXNHEv2*3wHJ>W)>BSr6LFF-wBJEWoPSz??5S}PKh!;sd;~+!x zN}pABX*>k|l~t1V-LJNtFWk1})wDuGIcAcYuIXQ>Pn|HB>JAS{^l^oe_VOs z`Hv+xKj^aL{KsH$uvMguMXJWy=q`*D%*ziao@4QA?7+NrpMKQ?2PQH=yW9&}yH;ZJ zG`dztEjvJq_`CMsTl@0Jr*O(d;W~Zu7-u)$RrX3UL;!%*J-fU ztx2*uf3i7$vN?aEJJ5Fii#B~y7De#a%INiiAw&a=7YNco7@Ww z>EOY-tF_XoZe*v$1)Dp?!C9P$dPJmIB2BO&j3RoI-Aixh-dE9$TeldJ=`R?P?ID2R z290NwUKiB8`o0qZNH%I3c`QNRH8&1cH;x-9&>e+Tiz~WM@>akgNEr+kzRGcCfLOsu zNwiSc?iYGc0-I?(t%nTs8Z}4E+-R8Xvl!jGtdMeplhC30*3e&RL2fsP+vQ37x7E2d z;>EeK(mEIg+q&VHL4CI}JEXDd2G(kDXOJ7hKm_nq#llZgxdiI-tjZ*6>r4&e0$G{{ zqb$sO$-qLDSSqAQAyWexBgqNINXy2@&MT>s?n?8xxPES7ANh5lg&diM+S?LPhyom< z!rcUDQA>X4V2T@vl?TG6>B)Mg_dBdLIEGxObyKWu63@7U`54ky3~ZteH_?WhXv0mk z;U78L5R%24+EMCmOORFm*2yuO=tZ!JUi{C9UQD16h>;=qzgz$P&0TlLBi_FInWXWx{_Ae*XLR;)MIhVTfBUL} z$ZfX}$07|B%DS343sH7viZR_;m z|9g&-&9&zEIb;})qb&HXkOK#fk>por4qnaEb(O_<dlqG@@e| zfssy!uU;1M&hr13uy!QlU5c{}@>q&=Bk&bbt|k~RVcwEX_(^-9b(H30@oV)^XOJ%U zOY0}f*ZEq#1~CoMz56uM`ngok)uj>E$6%82(kLt?qQ+Xkl-i7nUWHMXbW?R)Cq(=U z82AIfzus)t^M95*?n>oc>^354T<&v+P+~@gCU%|F4|nW!R`Qpmefh6R0p0oN9H&V6 z+Y6g?<#}Jw6x=`}mUdbt1iSf!Cqs*aPIfAJ{qC+x)aLP|^moUr3|=X}YiZbYX6Z8% zLQ)*Bg5{EFKTQJXGD33J^D6@p2u$wlxygNP5)3~@_p790^U;<%`rbUeZx?OeUklvO zv+1SIe48K^V=g)QIl5^x?3U-#JS=vzRB`2wW~sf6WgK!)^#OH z?Q}VptHRQBJK=I2Lbqan*&;N_fM!1bT8E#ehtWJfm7G-LUiGxtMN9F{Ikju_zWyS{ zWC*me9K+io_}0<=i!>f1CgqjlWgWZ=gW0`VIFm%GqyP0^^{zX#s=jz9LJ!@DtzqF0JDVwq>o3bhO^8W(>0RR8It8@hb6afH!Dc zVQyr3R8em|NM&qo0PKDJciT3y=>E*V0#Dh!vAY%}eOdvEsl|1{ivwL2XC2@M~o z`R*PLk};J%8Wd^+F;8K@$a!j?nicicz3R5ly&2 zlu3o7h_Wdpz~h=4Oin1V0U!Ry`EufBf$>TmLJZ#ew7`Qd?gO%^v?gmUEd9Wq`Y zUD}TJEmG3!qi<;hKkd8Y2uuCvF=6W6rPoIv$0<{(cb$$&HX1Mg;}GroyZip|r59t$ z6sC*_Xv~bRN^cdPcUM@4ec4Q|15t{Z||Qe~$73 zosbDmBZbVY1Ftm@h3~yUA7)e{DiKEib@apA{)CGdD@8&yp%GL#Awh%%L31o99!EqX z#nG6c1WQRmM494f!Bc@0iIWH`B7M($q2&sWi6TPkzuuB54i+fpA@N>#FA$xe$UKrn zX@E+k1l&j36F`NDxi*1ch9)401vZx})Vp2m%5a2yF#C_H7^iK+ASpBtG(LUcpb3~Awl5*%FPDM4d0;ewz&f6u@5Ob142 zf+IAOKi}u?hr% zmgn#-G&O>e^E6S|zfHG81Mu7GbI;3(umk5463~zsd`sBe&?wTVXi^9b9Pfo49xSwo zzqtl4QgsBQzM^VIYknNip4o!D_;#L75 z8CVBqSP)BTnj0plFldMiR2?8axdmGEyhP)1%EAjynHr(pp|Ahj^*p_3ndJb7F=d`+ zIK4t;%fsLx^*l)eLDacfHWa(-?pC^Hv~t0HNb zp9X@Z4c(+0p38hRL#*&65px=lS}*rJJL$*Vu85;-wkPt#A|WGmJCU9j&0_=F(N{E& zPpG_>BXpqKg{dgEs_Ec+F7u}L;n4+Fvk@|rrpd3s4zB)4Xf+_>sN2~HtYX$l#_g29HC!-MU(|m8WPlN(gDnhr0e#O zkAC~j^NOl?BKVw!M4%fCi&DfFu;>GDnc#rv2K@KNQt;2Sr@#I7&%-Z&w9?K0pJyaW zh>*TY9$*SA)BpEh?N#{y&B5!}8~%Te^6RgIuh5*vBUse++NBl=IgItN1T!*1Uk!fy z&C|8K)7wO=GFr_7HJVT0cQDa?&(`bfMVYb|0b)c)Kd%W&pKlyaS|A|*lQBMZ&3AJm zgx2})wAR1^^m-qDrSWAtnb2F*>*v4-3*mQz>oMpY2xo0f(kNP>pHm!xGXvoyfnNCD ze-Z;7>MPxb?vX@e65v!4Bza8GKhiM~j3^>a-zStrq15UnifBxg(T71V-x@DqTu#m} zbzQAJ$%F*kzIQf3)=gr71V)pQ*2@9UsLJ%&RNG8gn_C)ri|tCotm~JDnohEjbuY8g zb#+=RtTg;u6?A|68M-n$Tz!TMcxIzwpp@2&9M{s*wGm7NWom+Yf06ya$X*4SX?Go( zYx})Ki-k$nY-D{jdV*o1E!CJ>5gwCh#mR;*daYe6j=cHZI-1ZO5+sTA0^Iv+5A{Cx z?$2ix3wuS(i|RxJp<1h7zo{7Pzqtv6K!rD?FdFZ}&gI*Bz=U8bi z<30H~rGkXcU`Ht7;TfCockBnAGV3(>(j)c9EZzJMUZOzuWe_|-04(AE-Tl2+RsP?7 z{bs}e&r$4}OMcFlT`p0NCxpovov4G}Z@*aqa7ltxP_;PbOp#l4%$ZaIQ>J8TYfsv0 zeg?zHk_NG1sf%jz@^BRKoA0?)CsY{!-9?m6DYG8K?Dg5jv6B=P}ABFW-6ZxIs zX);0{LJB;V?^AXpkJ!SS>KCR~A}H4*IPwI+;X4*B-gB+jlUh?k z1O6z97}eX7#Gl+nhZkJ>}pm z(i8*x$@c=mcu4v{LkUodQ}#Bh-Wp{k`ESPh-YdWo`TyqC-a%FV>qi^;{|w~?I_Akj z(CJK}z2WXR*-p?I3t+p4+~PQi2udZMk`cO2$0SgZ-P}R_3Ho<6qw@2FM&v&{uix+6 z<>CaBn6pcwN~;4-64|^MG;%b`eaEAA=dsf!C5cF&IEXxiVyuGMTWv^7^8o4ATN`pj zZ$B>Jr%P0V(+vqBhY%G^;IT=6S&L7!Zemiv=;NbzhJv)yuKSDj-B- zn6aNzywFSV_17|xbda@Q{c<$l_4oW?0RR@$LW`!=UcWy-eATNz)o^hb3L@p%PgLRFdZiN2v@$aXf&)=P# zem+0?;j{^rZv~G>l^4i3Cf}1u{f&KRw>1+I_?iqfBNeKe9ci$-YEy3zGu`cnR8(4s z^+yIejCbSLrAhCGQLI`c`wlKbz;q>DwcL{=Q|U@vX37$sFt1qUE-c2JWeeuW#Bo%Z z2{mvNVPV24Q-^=vI=(#ne0qLz@$T&WLlfud4%6`P&s#tjXD3Z{awI~oj@^PKI)v(a|7<%`E}Sz(n*e+FjClW<;a9*901Pss$ zuxv23c{)Phd_DZS5#Eg8NX>q!yh{XEJmAp?eK;Nx)esM`(9gs-tL3c&f73`(>F-1m$7&a3 zobf0ue(ZR_^;H{|hlNTcY2M>JTB&{1@Q7ji}J>|#IE#kiD*;5$oW*)(ADq-p#OHVEp@Ryu)yX`6nXvZDW| z;I3QW4Yb7n^ZMXb)&IY@`+9T!=UK{=`F}1IR%DV!>v@0*boL-e5cpiqR{$$W643x_ zePt~VQai+ZI+EG}F83#uo#|+a%c%Ja)afxQ)Yodus}-?vr6XS z>!GZ@n;*Vv1d)WPwTwj5;EFb08-|VK zAc&;DtVjyB?r1*r_g5f;^02Qpn-Rew5q;oE%Gsfd4%p0L(;P~M6FK8btvHW``lI>Y z5=&&ISzBe!pbnoZE>%c`IIMWpDpT4up-X(bZBwyiBH9eTes#~f=5t)vA=v4oT-goT z>CS9%;QwJ=j`!f~FXxV2)$OpdFfgTqx;L(;=XE_j)Unh!i5th#<2#l}oT$YK6(jU( zQT43N!k0GIo}jE~|BErce+1xC`+xUME&gM;Isfx4rDFeoU9Ih)XFYWNN*Zcp~X zc24p1pIO@P=`yI?4dMb0ipzL z^&%?a=M7fD4C<@^GSMBEiZEqm<4VAHP|wV${w*XCF~6lrXrCny!6Aq+jaNp*Hu|8p z24?rR+T;rTDaXw>PFmrTe`EpJ_dUC z)_Xc+`--yD9DIwLr1{cDpHhw*%6dWp+8DI?Xi~J!94ko9+~D{Ah!%c#S;77{^5E&t z{|#Tgd0n;t_jfn@|IbqD=l_b=b(uTxe*3L$-GocQ8qWheX!)IEMk`o_)g7=GXpAL! zeSioHxYlam{y4`E8WGGJ#`nc<<)Exx`o#Vgaw6534RX; z)w=m#KIGVMR+jMptKpmK{Xee{_BZE$pQY6Kzj!I3V}BRYQ@F&o^Wp%n9QIPasn#^$ z)mv`3ixF9UsptInmHUcKDY{qu>+Gr?jSH213$`Da%N={VQ@sKcdd1+D_3tvsZ!a|n z*^1^yLhB)Q7Xs_|u*p&$u%dZm1ZID!AYBL0a$~I#8fa2UI*zEEJq)ilNcTi6;7kb~ zMMU%oTuSvY>^i}%f@0&nl?5ys-n&ohms%FFue|K&!$g`W)WX;1R!o#%tW#jM?2^ok z#bIwzzWwxryFAnK3GiYhg9WW64Sz^t!rdc!&L*8lO0SW3_Qck4`%vqmT#D?LhQ}Tq`NwprTUc~ zZ^~I^{0noZr=m_Y*^RzWvo65JsVlAuy6!*unqaPmhhdmVbAfD`eeJchu9s{gO}s#* zj(%8Sz2@nwT`&A3vuImcXEN1KdcG;ANmnHUJwp`{a()ytwOYFacz2ScK{KuPDoBN-irQB~rq=7EJ)P6`Ki9XfV z$o+N$L%hf0^o@m3XSxi3SepjdPTP0|qFw9ROh|Osb zcNkT8{r$l4`%@9?UsxxYKbN`+-Q8<=z8nQECB0gI zRwBVKtpfc^m-Y33xC&-117L~%zq>oEp8ww88}4rO|K}+8J*<6y3!w3kcCP_m@1DoA zn^C*RvFtYC*>xPd?VIi++3jDU)+0X+-;CyakPj^Xbge7=8qaR_s)#h)rSqkUcvJ3O zn&iJfBT-DJjEl#)bbV?3&+e;g{?ENPoBjW1DKF3kR*DD)xjN0HqnjCFXq?hWE4?nG zrOZ-*$~1wnTO?;BiqJITVGym7N zkKVCpfjEONHA*NU0!46DoPTop`BHJnpLopUm^1Y0_!5OwNY9^AHGqE&`kp`jMGW9y z_h2?1=zrXwa?S=hpfL`v(*$xKN$)FP-Xz{v{up0-U->Fdys!SB_X2&wg7Q?Nvy)Tl z`HA3K1^0X!5V1pl9ZMmgBT|L;$aPJTG`7%&9FxMQEJQex9L@0DIq7-){sblFx)U@bf^_9r&u_;V zC_%^|#!?Y6FklDAgefiufe3xiyRg~NxFY7tQR(s^1CsMSf6pK8G@LULU@E0aVO?ybiuZWovJRswlNakMPn)fQTq%)~D<7Rr zApLGe6c?Y42N$36yu3GDTssON)xH_pYZ&d22Pve30N!_V4ENAJDUM#on#bugMXs zsTAHA-p`*~0c9>Va?jBg8WV*PWkqpi((=FdhiE(hFo?9mV(Txf>`XRb`u9Z3i}r8d z*l*7+(2=>M0sZHUDiWEQ_4?@TrynxN25~*(AYaftgpe%bbw`k0M32I^mszT6$ZU+V zFaQIRUg}{zN)<=P-ydD*-)4jrWg2t#um(Gcz+<_u}M z^X?M8fwBKMPMJ#4?$`eCV6ZpzhX*@ooT`i`un6=}2b%H_VJ4S7!Eyly%1ow}g=Rah zW|}>yRDzCEx5~g`2{>n>z^tMlxa&+I*NE83nKws^R><2Q%s36me`utjmme8z z>u2g-4UD55UY9yo5V{Thv|knRT@9zwg#|`WneZs$H-IB34w{9`x*fR6`f(oR<8qr? za_ehqG?QgBpi+_Lww#-w8_&BdI#ez);p|H3wJs+_27)GF4He5>rIu-?Si!sNca|lu z*Qj{s-Q^2TQ@P8QFQHdMvzQwTPb*fH#E|F?U4d8W3IXIota%Om9XbjWoog+p%Joj$ zH1T71cJVVHvmnI=d>cU8bnaDvMI@_nb64FED~aMeA=jhfu5!r7GtMP3MDB>K3~q~Y zMs}=_-vJAD2ia)4ZQYoDe+5mIj;mZ%hsEwKqEA$)6i3B1=kCg8#osl68e*9XIA7>y zARgLzMm4Mq#-4%UPRTTp)SV%eOf}bR2;1NMvbYd?O3AfSR6}+)Mv?pzvfoA7$ zmcw*n@gOyT^KiO4=(|!XWN8mg8J$kIl((X1BR@@NAQz8XRbk(``%)~>GBm&$NC}#9 z>fW~F1%r4ce7sD!j$WO_&oA_cE}2S>L=8X_QQjs9)FOeA(9~!1dF6_+)Y5m0+^T~e zbUTsT2;E)XPUKa_v)^-B8v~2zx0gUnL}*&VjxLcSs{I_u1y-}R`B$?{s%wCt{oGx_ z&m2G=gL&04&zbNziwH8GAPc~NDqf0JpIBJEi<5nA$G9dxFGqRy@*;RvR)F6s? zWK|%bJI}jJNI)kGL~t-G*a~JQU@`9ZB~j>_EDm7}`*A1x^`|R@#T1lyFfNKJ#FbX( zoGp$KHuHTmqY7R1CuTW>?ZGSG^G?lGKn?5r+6oCETM}c3|Hp^_?7IfZbogIB{AX)8 zxpQb3$%3?!;qcZK`=ZJ|hZ%=_24XO^3{M>1PNYMlF4PaL8g43Zc^H5ZY*ZF59$|2b z;|^d~_5U>a|8SD@1;JrV9>)i`%>TbzjsM(zb?|0??r-k@dzMl=b%zs5ZWV#! zda@-Icq$c--`l{u6EcBISUD?&iPR496hermguxLW*kU9CTF8RXhyI@b%3l9N`#906 z1_{eYenzO*;DFAnXmTE8S1J{b$qkY;iUxbHhdmD&1)FmAfyP8C948~h(kRMeT$)L} zg)#D+=3z)p#;OZJnIhs?gJCva?|)yuJ2%I;>?xx{u--}jz#Qh3N>DbfeOEfZXHFdD zu7nXf(RyA?8IkB_M!-RZtH&fwM6$DbkeUgePK_6;=|H7XJFV|}OssPzG#kZKNi^mu z3oD-@DqTgt*vmTlUA=WQ<=1Ab0P|={3V=eB0B33<58LL;Mk^WOY(Gni;5K8a{?S(B zEw#zNk|-58Y9SjFI7Hbrjj(8};~}%dBIe{HyJq}`eM?Cc$~-H+47l!|HP-cmbX*93 zg}ZC5&r=fuG|3afjxNqV?Oz5n5@+#FC4y<_6c`e8LWwMT#Y|Q>l(LYBXrWaEJEr+5 zJ!AI4?g=*!iNf`9Mdmm7s&@P_|JwUfBB3vZgvv!zrtgH{uW?>oyMG01ng~Wn~))k%UPwW+atJ5WA;V zPI3wJHbIzW{V+DBEbJc5iBL$8fKM6yC4($oqCE)TEaz(iS;TN;ECsVk8RG>KM7M!b zR)A)Gn&<~E^Z-xzsJP*mpPP^4lu@-XC+O)oRb0qHNaiFONILBo-RJ`?%>i*{+~jfi zA|u|H1xzc#z>Rb1$a32Zl&hg|ZAn-fu_aP*U3plZja)XOOS5^CjXMx#?>*7RW)J46 zXO3w1{QPlDFq0K@v1-EA_E5vos3o(7qydid-6+lqEL{TW>`Tkm8n0`TC_h8Ups}Rs z637+NXlgneu=h6eeKCb3VQE~>^I(s)7ay6yTS{!^R)AI_GyZHU^GzG)|Fbw}o4#0~ z8D?Q*_mWEk(LhnnJ!`}f7OYl5q!%lVAhw?w!ph~1a{;|Sz5I}!ps1s0#83X2%q5YQ z9F$FdwBP{!RNS8~Z>QQh@)di)mzIL<%tIS(rsfEeACX2qAxfmyApRht=ZUHSdRRE(c z`fLf#4qy4`!;DB$6gND$NpNx!!M0jO>wB zn5`-9$_j-S0|36RJ*#9fr|Bloj%>iK3g$shi#RvY; z=E*9p2xly$f!5^_o#@rPU|PdxT40auZmHsWDTkOMXKWSi?)T+pj2s?w9udr1F#~Xy z^p^(I-e+2YjiiVZh}eKYDyI--_%bwJD0knD#itD1AfyLu3X4SpQIg<9S`> z&5~lZcA?4gQXJjPXkf!wGwjDC;%q95=(RZ(*2MKanfPo?RGs=$fX0&?S?FSKx>d!L8r6%8pIX7qGv3R?RU`J z@?V1)U`ckYe9$YUIUzD8XhI>P&I#sRpxsTHF%W#KNe-$&8vE&8XSgjN09R zO-^UDy5qT1&99H?+Dz}80~Rpc<7S|60uC2Y6GWwgnSDEl<99?|z{xPJHE(UB07sFH z$i;OYH9cydjn=U=Yi8$I+GRE0=7d%92F|t>>}S9<~sg(hQfoRH|O+nj8J>l8w(a?7_O%0J4SURwa>U(SVHMn+;EW z96M$cWl39C9Ef7&reQGe-5`L{Yp$ekLfg`Xw%-bLQLz1u$TcS=@ik%a#Z!((gDbu` zNHz1ilMmRvEbWHXzhHT<(2JUN-HBwac4b!E?Cu(x%k1!)1zxGl|SLF;-6-1}|lH%Cu3;j%i4Rxt|3`Xl(8!vtB?jSz#GPxXi_?=|raUI|c!* zp_C3=wGXsg7Hm*>o#1t63aHL-k`U%UsqAdFfE%gn=;F*-y{?~jveepgD$o1Atksui z6Vr^aqk>UFi5cq5n1*OvfeCGt(3%cqkwgg(ZHI55qgwpxbqZUPI-=KbwUp-B9K~NXRsUAk+jZG83P8_X{hg_% zHGL~b(CGPsPNzgPP(HHiCftL%jkwT#XS{mYhUNiRVGZFQ_kL=@wmeR7F!vVi83mk5 zJwDr(%jAM7e2d_aESH4A!P#bP?X3lp#{}JwDC#@C{su2}|J`(%psoZ9RrdchLjCaW z`8ThkMk$%3Diy?kxh}U>9W|~rIBcqd z;S0GvR_YdOSoG`NDmtz^yH&nyKjeYboeD^zQmO&@7j$O4FD{)<-Xjf^Qk!~pEa&Mqp>sy4eLVzD-?{^V{>LWn_h6$_t5nH z#WA>3n)Lrx&q5cr4?;Dwwck>yF0%{Ab2Oa}=;GMym2&mDQrVq0nTE83s3trY83E*I zQ3R@hh;g$E2$610_K3YOsH}8g^pVk9#4zKM1e}G^z;pR0vDA7FW$N`oUCnvN;OiY1 z4H0Xl<_d0U`s-ihU(T=W5S97I;LD0_)@O@q@xJ@bn_+*r+aK4BR45K^;tEm(Hiz#Or*rq6?6ex zv9!Zxt|4+8YkD?QrnJ6p5N}*I+d89h&nVGH=kGq8jvRKd^EM_Z;?pS!>)l4##)GrX zG+jIUOcEw3+?-ets_QGYszI36hDmh`QZt`7SQZDXNwasz{+g(-dzv~#Kj8CO@z1Gr;!ucl9Rh0oRHrwylDlS(TS-2^tDdyU9vXr+}#+i0=|cpVyD4b|20Y*9tpacrkh zAHn^RW*SR}+H_0JG+XRkd3Nom;5|Km2Od-z<0vv-CDzDVMGB%5(1T==b}Ji@Z|9FL%_F9a#%Vl4!E)F|`(5RMj9`V*SC>1 z7oU#HF*Wr-iBgn}U6HD>Hl_=g0Q2J0vDdKpwRT|Mxlh09fdd;EU|jA6t=%ZGc^X}( zqm~_@Mf{ug-#h#A$ft11MA3Bm<}uE0e5mY|Hbs@#2;)3BtP*BX9J=+6ZkQp1;EnDu zjdgIgB+zw`!%lwF(T#gfdr>+yV7#jLyTjY<2)6ZX&v6xn(n*ou$$=Ai(RR{g$q|$8 zvn4AZDmgD+AoAqrN{nkWl|;PEI0-^*tT9oza-~EPUe&TP_D~`BfxAey9In%1tvi!s zbN*y={$z9h#B`wR{K?DG0TggBnP4iod=UqV2+d)Ethgz%wX!r;EMTP>&@jeA8GO>ip5 z10n7{57fj>5wVTHEf_QKrNi2*1vfVWtxv^0L%kc+wiV;P8@_BA_9dI-sD4RL<(Nnd z^?k{B?w2heHJuvix^&HzWtw_}Pt=Gub6 zSa-En8a0jVbhu!1r#L!|6IG9hv`eH7R>V=nZ?b#o-Q4>S-MDp2F`NEOG20#?jBdzy z#`$$Y-K+0AF+_BuwvopYOdEd|>v#VZSQw*p8Gfgis z4^6D>cwteMHWdr(oY>QGxyMOb4KA&yc~-Nq`D{XzCN^&c4uVwRVBtfKGYiBCM$V!I zT)SWBK?!W8@pK+CFl*GD2z#Spw$Ea9@3KNFEl$dW<~u`wr3Ja$9PXAU-QQN{){2+L zjg`*9DA?95#|-MbmDwSURX4C!gFD005(Z&NrVtB1N%azF&a;9^)YX|9#07CQjV`k= z?xAs0*cz1w1- zTIqT1pu0y1xhv|dfm8EmBuXY}Wb#Tv(p_yH7uU}%>Jz^Xw2&jSP&Jim@ZE=t)1T<}-H$Adugza~TR)Q1pH>92z5Ta8R}i`F z7vfm7fx<=KFlQmk&Q8%L+;3AJR+{4fKn%kE*J5dG-zsHE{--y)2M5*sZ*TVAY~uf( zqhxb!IDU==#p5UoekAo9BJj5t zHtEXqzThdk!AvdfG$aJO`AjDxhl5FWs(JnHu1eJQ@uc*3&#MexDZguJ*i2^WQyW53 z9It}ql4(C}0_P$kde-wR0|^Rj?(4bDeQgsAKSlSeq~h|?mOA>;KD=)iUEW^@+|sk{ zrOAAo5D`BXmVuWM`SirudXw0d6UvOvQMBU|Aq81(EC zuD2}Yl$Xs+`dA&VCVnpUHWQZa?L+z0VO_ZrDv!&_qkwGBa-S5KNl!BfCa-l}iGrQ3 z#^tK8G~G_5UWdr7I#{*{O){XF&%f5;r|Drdk54ow)wma)7Q5&uzHv_78hv2Ch$$N( zV=Tw`c7(oe=>B;ckBQLo3V7KB@8V!~Zx+rZ5p?w5{;l5i1}*t}E>&%QT{`=tB7;4g zxQ&9@$+cDoZRufEZ>V?Y0;^f6JEylGG(mNJ+4B%Y-Sg&U-%jTE1aW`dCHf2*brC$Dj00030|B7dDdjJ#x03u#jn*aa+ diff --git a/assets/openebs/openebs-1.12.300+up1.12.3.tgz b/assets/openebs/openebs-1.12.300+up1.12.3.tgz deleted file mode 100644 index 72b9eb370b2b0d826b044855707f5e36475196ce..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 12561 zcmV+sG49SEiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMYMciT9UH$JcVDR7kC?M|;HS-vHsvpwgp*iPEhj_tqgWS)L< zdToe=B#cRd1AuarPQLqda3jGxB`bE)Bfdyv5-9voC;){*6+j{sqA}|q&LHKz1q}SZ zto_;E-rhdg+mruqZ*S-S9}EWje;Mp;AMCw2*m<%0;xF5SorArdzku!aLn%Hnx-fyl!LFbqKC)rIPvL!Uiuo)a#|%-IgdByu=aQiBhVG;f zDZeN5t{*_g5$#8m{1dsH^-Z4;#QHAr2{o^};#F6^>P6wyxkHP4LOnKgy1?~G>~%xP z@f>xT!tQjz*eC9t^*6pcygG5Zz`O|{HdPZ;Pyn$%1b3LiuosXy{QuJGIRGg3-iZ%s z;)p_y&|NQrp@$Y_8FUJjV6f+8TZxgFx=0ppIH$NKS!K9kQqMCjxVydm-*KdVI!`Uk zn`i0AwC)`GF=Ah50%#cjUkr9$KbPQcF-8=(V5pu=!!od9u@fo7v^3~`NP^1SXz-A=&Jwef>2y*0!=|}z=0#0M( z01&b0I22`jLok6pLyp4`onse`T$jWl9~Se-5zuk;w570gteHfQavk8qG4dr>#QZ^t z4QAsd2$Ktd>&vpfLkBS$oZ z{sp0Y2=)*559Dhcmb_*Wq>4orsE%Z`C?g~uxK}a zI{i6Jl#Gt!M3l_2kf?T|V6>CFm#k}LZ7CK{(SSa2p}%A;t>j&mf8Mf&g3prYSw{CI zm8X(n7Q%?l2tSWRIi!>YddTq=gNiIMG`eZRPMR>!lpMcn$mN8n6_ev=N}-3Yxab^H zF```}HRwJSheI!DBUb`i*Td|t8^91w3;kxh_d?az9tfinaZ=wE!x;V~${1|F*nP1# zc)7E;t=_Bo2z2D16YO)T_oqYaIXlAa?)anY#~ykuzbC*=n)fL52rYh8nbcP{1f9dv z^LIzDe!Je%<59<=A-Y3>0uChw@r}tD$s%iB`h-MV6K{Kq(e16ihvt0>1NFlTy6Q*Z z=`UkX%iS1dYI%jAJ41|{`MRZitU(~^dRw(%5S^<^G8%e<=?IThPk{$|I7Ey!(by{^ zF;Ijj5c@Gj*E5RPjQF0YoO6%HGeYj#un&3xW?~TOHfSljAfqI8UPJ5`x%yzHtTY4> z#?O#66C}FjKk*z6OX@4$x0sN29RRZWOUcyKaU7RvF^vfE%g1Y(q$|GHjrxT6Z>Iro zBGC<|0k5IMA)TUHDwy$U9fdjZ;{Y{bQK{vxx?zUP}EWWE}dw?kr9uWF4#G z0}_fg01l_QveI$6p!%baLYc3bogElLf5EZK%DSpqcP)etI}`e=)MUMwYTb9j5e4@% z?9KoLkNL!6GG723pu^Gik(LYD+VEVM;HD41h(uLO{|aezX#s|HBu;}97F!+zf*F0=QndQUo87RUb^rCYHc zkJhvm&@le*>=*Wb_jfk?zmN0$@kjqBFvr0VFvO)%pD!Zxb0FB_&d?D2)c^9u5viQx zkCEtSLd3-oW5!!odJZ@`U0001Lf{i)x=7mr-Sn#*oqNjRKny{k_g-y2iInGaL@D+V z_$+kQ&;iSm1f6b5427Qjt?(V1Ny3ydiNz%IuNeAr16zzG5_!-02U65! zdM?TkwGgwP3&nK8NPxhv@fgt%al}-8Cm8u2lQv)<2bd#IOcZ>E8Te6~m5O+!qPK=bquLt~DwW(^s%c=Es#94Vo7?KQ)(OC8X>bsFSLeSwpmWn%y+7sqyWUz8 z3Id5kF8V;sP<0)$TXAPq;+jp?(;A;hD0GQG{zzo(M{T7n>ju5&RrF*H@*+|fTe zt%#J!!BY?BD?G*d-}Ph05v9aOYjOu@nE!VVcJlN8!C-$g|3Au;>xFa-UDNlze95db zVeiWqhsM70mVyy}LrEO5A^6bwsq=egO$0u4 z0yF+C{B-(t;e{_mrY$Q6HhDDufdEJ0ZA&;A65 z(8r$;m0z?`TC`=lfoOkWNRg1nKlLm0B7*fFuH1MJV5D)mRHX-GYOz&v={|S4cg06j5dKDW+v!iBTn2{1kE3pf(Gn_{sg}EzpT0 zPydR{M-Takqatt^VF5N2!yc=I>Bfwcz`T-550+Mn3^I_1R)$CeNw5_VrPhK14xk&> zY6(!tFE>_t52iv0^>Anp{YAFO!Lqz{l2$RiNb8;QLi4BCC}uN}qA6ya)}xq1AA8cY zsP`+?NTs(oq)Y`duSrmbKW)0Y3ZzXKlJHW4dUts$DfI)yDRxWf|DGt4kE=)4>VIP# zdN`auR1Ivh|8F1ci3 z!s4+EPY{ZyqI8v6oz@d8TZL<0B-&+>7s=Mm(+p0V=c_*@3sX~~wkD*_XiD^pE zHJgJ}dt|fm|1D_M5xl z4lRaOt@V2&FyaHqevlRh%h4(!!nA{GDIxQ*oS0}@t2Zf8?`8d7O8S|(n^L(u7O^$~abGr~CA>W>N0 zZhi^kxpZJI2dciUg3orEwt;EcOx&HbV5>-GT&=;EFS#m2kk861Aik^uKlRrx2Vard z_UN`?wy$EEv)k=%)WAR8Q`G+wE3242*Rlgtum24O`}>9cpWVIPjsEu-Prd$UD`hZ> zSi00dl2USo`0AS3_o|Y$(8cmelK4<-u+`9d#z8hl(ZcH&>9FmZukKATbMDZN^Xqt%wk&0V5Pt!e1jdxr(raHksVlpyE2j=L55_%RXJOLr$nj%KtmLL#jDM&F9sme$g#$8>EF0YPnUZ0#E z-yEG>=Gj+VPh@M?v6m3lykPhf%JSk0e?mWw7aXzYi6dGHzN+G7sIN}`Z=uyIVQU~Q zVJnBYEN-g}!#EftD&S}Mp21!V{qX$V*>!8|22BCH{+WWjpu|N?ySYlc-Gor3ONj1; zS=Qkdfx*7i!k{ZncUEUrM_U;CPc)?{0wm^9%x!7BBEYDF8Ec`GZ0Y2$a{lNBo+$l) zOo8lqO2)@?6e7khC>bNWbE1#w9IPH`X9~US%dRRU_pTFqLC1Pm8f2Q|w-uS%D@mW7 zk#do#HKZ~rZ6Z33QZ%nMu^NG~42J3nL_#%CNvlgS;JsJK!{V{Z(IPEH&^r(PMQ)<% zT4uKjG&BzTna|ziyei@bdQ+>i8X{497-Ptg7=$V)+Hw3sJzCQsZc105tIMw)G;8~> z_KnG_fVoz3jUnCc11s9mD;rm|iaFXO5%-FgHVc~MOced)nc@nNtqXqSLq*1PncSuATDTahk-iriwXnEU#Xr zG*%O~NB8_8GCh5Q4EXY;pBuPx<)2gK&b=PNt`Y0%imWc<&%moivVT#&6J>N<8i#;{ z0Q$a+O*HWv#6v70b~2Iih4*s9!^d}0eULMpiss-1kkDVKC=i)-3oy7yN=_-sLxE(N znTa-pT*l3KI)qUbA&-#aGs0AUDRePI2^srj0yDuqOTMDsw3pCGOH!e3a<=Sdj;<0P zrj*1{=V#;MCwFu^2}Kj{sEA5P|07u{TJ>+s5zCyakd#nCV+e9YN(9a(n2JEQ7%^s% z-(cWZ=ll$C=m}lqWr=j&&~=la(Q~+8kM$yX`z_GOsdMmgQZxTyro}T4-`qQ%#9UuFB#Rt##Szi#GXG zS*{l16|C^4f@PNY%(uKXesybg(ULFi>(FP!CsR%s_YkG|&-0&ma<6v&_Fn_rTw@!w zZGN3!9G@M(y1FSdHiK$=EvT{Cg4Tv-8_4MB?a9^E$@$sMKaOAha(@2n&Fj(0>ATD0 zn~U?)lf&Q2aAn)lv`FTpvs|;R%?#Jt5LaS~`+-**Y3xG^&__{}km?NC zQRvPH1-Jiu3x=u&(%o;NUA)x7NoZbNFJW$Ty1;FQ+->itTSKQnW(HX?JD3pPC-*Ag z`V*oAm~%cv6*9yn5ra{13xyn0WUPj&IYc3xqy}`Gi5wd+55KCXQj z>}m_Z2LGS!o&5RlJA=L5?alh{F`k^Zl|PsHkrsmbIA>ebzDw_*@_N)RBaH7!i>&Kd zB^Da^QJ0HraYOosJdUaw4HR69>QX*HI#!bq@RdB3R`*D%tKZUVqk@c=Et1L;! zXyCmhR0mH(LXjtibreK=Veh<~G%Swf0kWQb-$w?35tr@Wes2d5>0e`k$S=||HM0s# zRzv#qyTNvEu=BDf{vE#De!1PL;L^KS$2W)PXRlA*tcguJMCs|dl-8__P5l`OP(L2W zA&>jLyLgQH3V9i$l9h21p_O=p$wiH$$Bf+@|4m}XS1q3j{W;`fZ zFzQz1_NuomgtSwj_BDO5ioCiyzI=ajcziQDlwLIEI8au4rj_(C61*cGfVNDv@{X%0 za(&e-4#VZW=+)@z_~v4C{fm*0GWbeVY<5`0%%-d8ODcASgvmarc14>J#=G*{#e0@I z8zy2`;*VuvJU$z}Iz7G_osCX^yFNL*st_qX<|e0FTZ(B>vdUOcPq#1|m@7k?=>Kwj zdU1StbMkidropSMe$G;dZkEne_NV;(RD$T_?CN@SdU||$bN$;z878R(v+fM}fjy`^ zu@l%jEKd)%<*Z`3%3VuyYZ0@}Rz)h(Zk5m7(r)!|=eL}(sbFdujHCvi{YlUWdUiZPAUT z?*W#+Y#Y@!_wr4?TC;<1&Wcy8)zY@RR9wrJLb{urhg#W2U+naDUP}AuZl!TFwfSW%SgGaD z*sfANPF^Swu4=`4#8}UNTU*`R(Ql)hi}NGN>|(>Nsg9Xa*58^Itdof?{D+svqwC|F zqvO}3cc<4kSJ&s4qc_PIh?%-nPer7fn|;!Yhzw2pv|@ERvw9H`;ME~_YWeyzDaB!X0S z4YO&XqrugQl-ZV2cV%1mrW8vwM%}cOEiruROTd#0OiTkLsR~1@^OtqQmvUA{TKzBxL%%%6&9$9B&MY&OwfV>)+DwjgklP>!Iyqs4&B=~Z`Z~| zb8mYC%rr@BsPE5D-@QFvE780zXfGg82ClAN} z=i>bGdL5(NV*r0*UzTTeZb4%5x2AExQ0OrLLlQ0m5;G7pIJMWq>c%RO{0$*fAAyna z9IE5MI-QX+)k!GcT%4S}xj8wzKE8ZEI;~UElFRsiGTpGIf@;>1&)d-<}L zbK5D&xAE8c6F<%VKMxN7YmEOJ9PAg)e>vFP|Me(OZrFJI(7*3JX z2Si?TYIETdO%Me`AO;*Z?Dwab&*E{`TF9z}cV86QK8k6$7%hR%6TQQ|* ztLi(NHN;d>e}8`Z>+x^P7w}$6+plO*UX1qSy1X8pE?WV(fER>v=;!OO#sjF@o3qD1^5*L09TFudwAI2gCqVP8tnJbIKS0H z{5H{j-~ZEW|6?JH*o^QliG*yC<*k4X_P@Q|LEiqiv$wrD|Lakn++biD``onk;}`)8 zGWK1X0?TUA%Hq?QaUF)gLeu7~e~)LxTiMX~4O#!nn+z0efYs@~%AwTt#eQ4%zyzZp zAsYN4cEN&lr$kHbgpKK+)NW|dffUu#*bmEqq^5?0QbWU2S`r_|xb;~S*T%QUwk?(c z-`E(}Wn(PkZndp3N&U2D##LnbF^!EI!<9v0dBat18eZ0NmCybyo33(LS1?@_)P^#6r|*T=ahQ@1vIx?fe_YPY$Y zB)@q7t>|3KNc2YO`u>!z)wT=s*}n^=OJV(Pm98dB`D)vT^<>)a;T5Q?vXNLzWMw4F zZ7Eh~-|Q=Xm8W+9FZ6=dcm2|*;r`cyot;7c{LkHk&Hb;B@)U1FF5CL+cDrA5`_GoM z?{eoaSAp6sn!2=0Yy_1MtKI&yTXy63|A3vpLi<&;hWWIND6B3H-@w*heW%u{-m>N< zTWrg$ONH<2GA2<3J^VmrnM0m?)#pLfH(cp5@2)G#SuCLpXZx|n_+VAIhH8cNQ9SxO z)9V>UY({*qEy;YoN+X_;w||VT4}W>QlPFEGk8oC^De5WCpS0`+m!s?R%PJdzSdw%- z%yiH&gOF~ut%^Lojdy4D-h(%r3 zj~Pdl5+6Na-EW?T_5b!k{{D}_!Hd1k`u|ZL-Sc7Sr7MgvbbD&`mwgwp=s2|rsI~v0 zl9Ws0ql|?>W`HrD5sE*lQ-|+fszuFU)sq5Pw2EizZ-oTUX{=81)+a z{}_iJ4yO+p2AcZ+i~YTV{cn4J)BhjiS-tC2x5HO|ov4ng647Ki?i>N(Y(J{=bGf-+mhU|6s72>;Hqj zz3rV%|9^~UJ^f!!lZ*a*Fh(4j9)BTMIdU3R=CucP_*T-s!nj}zrxC?-?4v32hUTDX z==!k_Yy#vR!U&GBk2zNQ!%s?EkUk~Wiy2}34DowH?-B~)-G#Y*s0#ud z4#BoIr+*xRgZ=&8eVy#&;xL=-Zfx2*Vn79V=2(I{@;6%*Z&U= zc6K-8|6@FP_r1)5)2sp-<^Z#pZ8;UxENZ`lncz=0VwwJb{*SZc%d4+bMpOSEHm-Mz$l_*E?s=O;4UC@=yX9uAxG#gf}w{NgFT0$IY##liJrP9n`f2B^#9A_ z(b3!EUf_L&GV1&P&WnS=cCP>L>}>A;f1Kx8ax2&`$Pd7wm@ggYgMRt@k2Pm5>i?h1 z%MU~FllU8`%`kIK91zp-gwWt8>x@kgF%St|g2`(aVd$lvhWHcmz}P45T|#0)C^$m% z^N3}W+Fm`Z2OLw6q>Lc;Igb1k3<{?>lrcV#8;6z1kEc_0X&QnI`->hJNkADe-uVQ28pS3HGk1_l4@%F%3EJWRl;xqevQY7hKM5u^d=tY0)*v_ zvN%*^w*U#d5k&zOHKM>nbL5iupk4-YXs4dp#{qDDecKt#MPo0D5f)reiFFRIaV zoM+F#NysVjVpn=^IWp8vYJy-)2xpwah*>ucC--E_5^X>_dnf7|zz|LmRp|cz7`t~e98B`XBW^4WuL|vNB$mveae5na zv2h2z!R~)2K(GKFNO2V+%9L|a4_qO21L+5=$Tu8Je<0r_!Lq=F z>LPR#4NE4JJiefaqJPDhVUC#Nbc?)`MPI%e9csb!oG!puhgT=y;=PH=G#+qq=ppJa zq!(Q{p-|N~rbw1G@;v)`MLCeBu8ofK3QYt%v@>8Ksk+-}OY|5JBITV2Jr$Vxp@L}2 z8^aboKx5KZ^qvbcvJvP|4*6IGF2_pp3ra-?-_LARU6 zJ)2T;Ge`~5R6z8~O)e~JivqX7qN`KiE>-+B0dc5_nG>GnpP{S$8EZiJ40OBD_tjrI zw+$sJ=1^ac4bA9epOnm{2da-5XZjXTomjk%AcX8Zww zOXDb1lm3>|xRzvwAGf)^)vAo2!J)FoM8pHeKS}Srrv6JA9P)bhHb5kfd^AKw#?L~4 z^^_|T8wi!O!R^W9jPMKPR9p+k!jX=3l{l{SZF%=I?9Rm4e}^cbXo?x93o-l&jm^f< z>9lGUjiay^Ql2@HkI}`6w1_qIu%+cA#UVLUEgvU=(U;pm`J9|O-4D{ei;6my;JAj< z(!>VGHJrA>@)_I?dV`(bb_6=?-Y56GNC>Ii2 zKH5OBAs@b+Er%hOvmQ#bHcDBvRX#vAJ{OHQ(xpxfN&UVr|Qq7d5 z=i90?(yPYPtK?Lv+JS6oIc+{z?-u0bv<(zXPRmXXyj=l@6yCg?Hep#>P8*MOz6F*1 zI82W=ZNrb0a>@MC=4k2LV!v&|@^F4M&o2oElc%KPF5PcKFK8Omf!$xkECP-&y8~~P z)wC-8lKn;CXc*H$PCnW|vE(BSl-Bm%+X@8Lqd6!U(VI|w2DjV27p(*%#i7?MQDL69 z=^n{_2SUXf8_{G5BbF-+Kx(c-^Aa4H8DAAqv!b+cF#M@zWqXA`A!G7lDF!jJj~6^| zj1dyL{bKjU-r(iVUISP1IHXTXiy4mDoZtkEbG*q+QB!G_*?*hfhefHSxB$7~S6LduZOLFi=0dpsRia zp8hiSZWA~WC1Ye-=L$i0h8WLJbVec5pMlJzhS;OGWzDmkVpwu`R;?k%K1ZUC_6lN> zJrk$d5Yq-q=|pEv1i7t8(9Q(YgktH5?w@!LTg>@3C;pD-u#tAk2~k3`Njt?+JM-uH z(S&7bl~CenSjXiiI*FmuXqw>IU239}IP@OXm2w9t8XN>&v5b?WggjVeoF26zVd<=g zK4c6O6_Dn3ahY7N5aQQLi7g+lC{!77t7)h5Axr3r66#DJc^nl|l9!JrEKAErisS7x z;FUb7;)haCr7J}?WQtI z1MQR_J`UrL-I!y)VmK?{sF`8%{Aj|mG(RQ?@|dDGkSDrWnF^FD$|^mWiVPBxacIcn zSWXkm;COR!{R%SVy?b|Zlm(UGcyn>Bx8y`3Fh!w0vq-EkQ{8ZB9EB6R8n%$_Q^&;Q zD-RPJFY;Vjerrx2V`8qC#^JO~XmeY00pc?hGjRM-o={(F8VkBer>dLhDsg0mwq$Fr z7R&Nm$RYF>9J_TwYPSnR^27>xqN7~yzaeDmBQP>_5*$lz?I$=Q98OO{j_AB(ljJiv z((Xb(&PYtzb1+8y9-%M+78!H~$If1*S*HX?RuxkYN+qmG_+hj#LFG`V6j#EL$KM$I>Z}*uJ^x$)yIza(ZFI5pcI@yNI`7tQ`EzQFeM= ziJ3lj&Nh(kwzUWqaAeMn%lF$~$UPtvjzS@v5uy`918FVGVM=fuw8!BXKO3=ZPJPfU z@7LRImmv=B(Bfz5aQ0y<`T6@TfOIMyKLxZ~+hOmv=Qtx@Myhf=NB&|9K=9k>?Wr>E zsaq4Yu|RplDR(yQU!C!XGw$5V`P&2cGwf$vE~PWw3{u_$uL%X{BMc%RZPmLH8jr#5 z#CXyzVBnWK5dIDP^wTwte)?$$j04peE*~r+zyE0c@%+i6XOb<+D3V9f259{; zAWiZA2mAT>kKLX9gH8O$V?57N_ua(PUxstkMRQaKbEMw*kaOtHkhi5`4!Ww3*T;5< zKP^A)On^s zfKMbuc94sfBgzD!cPhw6M&NiN^$b$)9#R>p!vM_0|4ea+>^K}ofGdyNEs?{lNWQV?;N#w?`%+B)PX<|N^ zl7C79aJ4IcD}ho=e%AYH^Me`x7=n)Ivqr^921}8XbxchEP}0br_*?CYf7=O;-SRvvxUN?Mhi+p>)EPwLYtae?mWBz6@I za?6nzCrf2r=Zlza+>PbpuC3D98k5uEyH#_LmCW+)10@nd|wYNU24C! z>@N*)3obqtY_0Ivtz+@8FImPVXh}ZXSz9505UUG7m*I62)J8|53Z|F1Db+E&%<*VR zrk9aesYVZKjLM3v(g9YkQroUk=3LjRnI6zNN@=WCtM#h9wq2I{C>{TIEEIeP1g^6=OD~u20Wh-c_ z@G^ATm9ad?JRcn*((l)k=-1c3qX{^=t+FHq?*|v&bsnPPaTW|Zds;BLO zP}`8wqhaYr)UFEaXgf`+T~*fKV0KN`)=rIe%6mlAHj(9Iv1&uDxxW>uwy)|}Yr?PA z>)O?}a?8BZkYP6B>l#%6Ljsw0hJm36#2A+DueYe{+XPXX?IeLFjX8KS1f8-f=*{Jy zIgQbO{g-WS`dJ!$I&InTpmsOybDUw>a&7w+s-9mNl>5NjcDWz&4(&fUg?eOpVNM}Y zZpfTyr*(YWX}_H#$qQ5kXo_MG+qEz1<+Vk z=~kYpXgd$_^;Tax@wcjcr192NT~w)9@9Yr*jV4!pqyV&C9+T4q6fg^~PMuFnp-J1; z7OSz?wX=!@SBP^QP8&_KxwxNv|4n0eYV9F9CddNNVEnL=ip(Z@s2W{*NsG0HECXeQ z(B+z-W?5UBry7iqtsIt;aH~?5m4|UD`DHT_`<@lRRF68PC4&}i=!u z|N7Uz+D%hpyU!HWP#^oy_@(M|5zjo22j@&1D$2^Rs0nREffOnM|*o6>o2#pXK2kq3F<9JZJV1xTIy nXU}q@qDc zVQyr3R8em|NM&qo0PMYMciT9UH$JcVDR7kC?M|;HS-vHsvpwgp*iPEhj_tqgWS)L< zdToe=B#cRd1AuarPQLqda3jGxB`bE)Bfdyv5-9voC;){*6+j{sqA}|q&LHKz1q}SZ zto_;E-rhdg+mruqZ*S-S9}Kql{xaBovA4T>u)njt|CjB-&cW{XU%>YIp%kB(aY+BN z{ou0lmHSQ}7>0yHj!DRd4gfCX&?nQL3pw{u50k!&D900wydj7nWT+d$ z01bhbDhEdRJ)#Vga0uoD2S!oy=b$&(>1{h6VlKrIm+uZq$RQ39#h;J|t~jA^iok@> z^b2!lM3gY&JR0`<_xJZbU6?@OU{}x)AK9?qr|`Zv#e5czV}__pLXJY-b4k#5LwC}L zl;0D2*AF1$i1s5&{)t@9`le3^VttqRgql}f@v19d^`da<+@Zxip&lDLUEum8_PQbD zc#gVEVRyP<>=XCS`Ws&zUY$5yVBQ1}o2m&aD1g`>f;&uM*bB%U{(oup8~_x1@5F~R zaYP|U=&l#R&_j!|3_68MFxYdlt;9%7T_lS)oKswrtTNm%sppv%+}+-Go?3=C&+3n9 z-8uAQ#J~LB@~=aL5T*keC9Fg2;y)v7Y15 zF?7Xr^9)=?$Q9EI1NSq;XNZE!SEEBfksg!)n~~V}1Vxu3$dMUV?(gJEx$#GV&Wxl54Ii0Q!=YHghLWe@HE4- zj$m5H5%P(tgth>&kjL=?@EHQ<5ekoAT?ttg6EOlF8pl(BLnYvtgaC#fU_`V$pE=I} zpFs|UpifaKDko)I(sD^m83JSiXdH$(oF>%WL~H3eb4U{?7m&{c+%aV62-6|x^ye^9 zGCGbEQ8LFuqS}dq(N6AOvaXf2rC2;g1Ny{;{*tw{l6O`9dCM9KK1-fw8Qqsuo=S#U z2qQKl{5%rnkWv=tA;(t?Dze1T=%xufX~H~Ha{R6#mlL8^Opc=|g&w-%qH|2eh<1t8 zp!-xD4!xj_TnT7h53{>&07Ez}^qcM83sqlxAdE`HNqtugWB8LOW3c^V_r>1e<<8!= zdavdq(2;*mu+OF5pAN0(>!I+6B2DryzMPUx3~Hpn)fLT)DJJ{svm);zl=RC zcVm>Pz4Ad27##SZPkK7bgnANXy^&1BRo<)1s>?(5HZ$7W3P2)S#+KIjFQi9w{>prz=7jFQxO4Y6P3>VuiG(hx)#KSRJ#F>od&##L^qfQ zyoL^kbc$-JV8*9)6z0T_1Jr~?rK(5c%#a_cSu9V)$6@@j8*}WlipFpz2=bVsH)1i8 z5o9wMy}7u41sU?*y*oL|>AfZi02YDfN?(ap?QHvpA8Eb*zdHNGR3- zIGpCnO2_4b>W@AOWxi&1c3=qo1;;Kc>#AnmwGcY&Oz5vtll5Y%b>9g`6x`3SI|C3z zLZ?M@6mk$EXK&Won1sHU$B0z2I`5yIUmsuf_(#6B zGMeoF2L=28-tO*;js52_o@;9{JcA635eflTgB9|6K+d-Sa|RfPJZ546t(Un&=Rd$* zJVq|}!4z>25s!gx2>$p3^e&ZMrFRAc#3JY-@a2o+ye1TQix39bg}%Q~HW_=t{9caz zYzr(%3|trjgr!YLsZRic5Z#-7fkPiM1_*UxvG@+<0$dJa+McBi?7$W25L2rkPniI8 zc|FH@#}K%+Yr))GX%#?7Qu8t6f^x!=1gi}Lu^t!!27|~)&c*vfz#`;=n2EaGn$@|` z54sxNZMGJefhnG&5R8#e?uQ-6>2|x$9S*%AxImO)#!<)>cMg4sgZ$1)fH?FZmwJgZ z?t3U8VlM5vGQ9vKJ~FG=GkX^x15YSIu8SCZOFW~wcflos-ajbj=sa|h)M=8P1CfBD zf5nIy3sX|m5bVE^)p0JQOn{JZB+V&X2`^*OKyqiqSlUA5O38qc)SIM=2JSJRiB@rP z@*-_D(#R-uyu@ZWgLBo0in7udIiZ$(E13)kMYio{3y9S(2ZG|258XQed9pQP83|ny z1hLQ-0ij@y(Y+Et;>H0A)vg*Kp^rmk2n_pukGRahnc}ehvg%+!-2zpZZ_EI3ksE{4o;! zOo+G`V$68!O3wjDr|XLGR|tG!Oc!Z8pqqY`qjOI=9Ec$Z^xmt@Cz0}ejwr<*0-uGh z8oJ?W6}of;{bEyiHU;GFatkov+~i|l}IZFE-~Of z?>Q$Ep!XOQ5p5D?if!s0=HMRtzR;gDmc4kAaMOHDIBL>VCTPWS zpQV)kL&6{a+`d&UoCzlsm5j=eV$Hl=8el|m$S0ulpRD_ztdpar%3Vgzs(xqW&uUoF zUG&zFXjFRxLZym);aEN zqVkJ2N{hBkHxTVF3@H-Q_@{n_UPQ3|!<8HF0gN;*m#Xxj^G`BXDJTi$Z?HnO8HXHA zV&9CW;B+*kmJ~!>RM|DOrfhXJPl<@YN7p5(0YNc4I~mnVrx)V zcxgK*{nFe7I-TB9?ir60;|i$16%ik~8`8q{Wi6hFEDyahUOA})UkwFIX(8>^LAPKetqSRVYzyWl_S}g$z z`Q^q+@4-|Ep&kzHp})u$IarprPSPrd7iqmyUTFRl8^vrUQZ&Vk(|Qzh=wnZs7WICm z8maX5hLouw<~0e*@TW~zSAnz%LlRzUQ132JC8d6VIK^%W{ofNs@^SUZTK#W~Ll1}3 zhpK^1_W$jJot*ynV(;K!qyIg|^R@K9S4wpL)M_B{(IuJ)jAp2+;gSPDQAu8gCoCSz z@C2cFDoR(G)oDGkvQ@a|MWS66d68`0Jk8*=dA|BnGX4kMf=ArLW`L&k|MrVPVf^3U z+l>E@@#Mz;&v0rO%Z22tq=t+c0}^9-DDxo>Ms*_;5SDC1Ack|?q> z?GY&LquK{DzoDteN=f%Ej8>aRx}g_z6}InVN>Lu7I)) zAv92%=h9*;$%r=BE~TQX0R#+1P&w2yPH{M8+E*_-0;zI_;Is1Y6UcSZX1}=$?$Bar z)mpzd0wX?v><4LKupF%tB1}7|mJ%`_%ZZ7mwR)2h^`c?- z*g=@$qvm;6rOg#WnCzHI!{ic`*GxBeuhMZjt!3gxJOrKoRv&SB@t^Sx0?dF#t zo=XSja-izlD)?-tX&ac9&BWa~3$}`6#?=~p`I4(b1o^DI0^-Xm@Kb;7a_|+IZI5mX zX8S6pIlJBNMh*PaJw^R5v9gNUb1geS_4?mnu)kl}|JmK$-ROUh@zm>owo(S8h^0&Y zBPk_Uh_9}heXlB63tcRqB#95T23rlSXB-5?5??#%DQjX9KO(8|MI=V+OXB-DoW4`` zMh5_9A{u0>0CIPBYH@W5zP8|22`da)UA`p@;_)+3mIBiXPHEe;Y#&Sg(Jqh`1X{M9 zoXT|z%HIW(%ks7vDWY}^ilwTi(WR-%SJMFtolmO}I<~;7n|#$vgOkCRFF7SarT|~Q z49nhM!)Zp>;QwnH_Lp=gE}S)mgezk>_U%aW$=6Y=>n5 z%lyjl@WP7oE-*6<0=MxoTxunE zcJx-P_fn5#<6Ndg@;Q-7j?6r7QG-m-$CQKt3V9OK@1*Qh0(Lffdwg{;lT8N&-xPX%}mc+=us&dSG;MqI~j@tYXqb ziWN9NI=&ILSW5*&ukVQ^tLVFVi52}qMTVA$bNaC-R|b}FJdz^se3rbwXw41B6+f4{nx`gOnm}MPa z5g6=CEeyKSbZ2!|b+m=C|3p)YB0ypu#oU(0D*}u>&cW)DcBatFzU-<(a_>5!7j&$5r9q}Sep`{Ly^{3V87UW; zT0<(6(k7zgC`I#H6RQyz%V4OUKqOQHm9)AP1KxXuJS-lo94*pP1ikanU*smLu4Q(s zKttoOpZVNP&Z{DBpf|NDt05A#hcSi>i9x7>q8-OC)T1>G;-+->9DIuE^>#{tUcYB>NZTJ5ff*rEv&I2%zuF z*hCY*K|I6~VkZ+BUwAJ!JbZj7)dxAlsb~&P015qtiUN^Yw*Z5Sq~w&6JQPTVnVD!q z$YtD&r$ZQ35%LHrJ|j%!mqHgal#sDcCNLA+v*au4O?wHAv?LYkCTGiT=IAQ%VM<9H zb$&K3esV{*lTbAAj*6&+^goiNqE-L49I?!)3P}kSG=?BYq(tCsf~g2(ixFcM`3(ks zb0{i?R>T6eY-aE68mrBF5JzZ;IX1LxMBZ)e`m0r zwg2u6b~f?fkMrbugZ74OX#-9qWkn-!UcSmK!f6_f?dfg6<&bJDj*S_Xv=66;$yn)4 z)0vM7I4d3%QXixrG+L(HPw`u76>*Mb_GEog0cwt~I+QmyPoP_4Z^%CYbrwiO>$ldmSx;1nPWM+^Rvx5ooeR8h?u0J74 zfH~(wR3SrL5-}JBw@}D2MaF8VnnM)ANoqj1xman5EVD&cSR;kBv033&*Dbu_h;eYM z+NA4(&j04B-utO@3w{QJOvWZNW->!9W6G>EW|k2w7&O1_rP05|Q@j3?=i}Ok!LGId zZ1Dft-pQZ;zBAa{+1&r}C{Iq?%Ad>pNDD!IoU<)z-=%j@c|B^E5ytnVMb>q!5(^Fd zsLRE*xFLN*9!FJ;1`4i4btxYp9ji$Q_)4Bit9vBX)o~C#{|;YnzufLraOvHvK0}haL#v0s8{g8GI!wHaje0X46&lB^A3u!ek#*yQ0kq<6Zgf;yp{94HK~| z@yD_-9-oa~ogUwe&PJ!dU7s9YRfv=xbCXl8Eyc7bS!FD!r(2i}%#|Tc^nW=%y*R$S zIe9yJ)8JKBKWC{!H%n(K`%`{?DnWE|c6B{EJw3j>x&G~<43pG?S$Br~z#ded*a>VM zmZt~Xa#k^1<*uckX}5Z~^IOi?R4_G_7@BfeOAJj-W~M?nTa)Wt zE!|SHQ{9?(wcV9^GHtgz3RG6vZ>c4+GLq$XV5+l!r=Ajj&ZpM?Cltc;mbsN<0qgC5 zJKKZpy!~(c;KkYlYH8bDDz0Tqq1@MXS?jEeQB`#l7O0C*OA*LSJ^RMgmIlBQ z(^lT{@~C#LOyN&%(<(QSK7c`Mu#c{RL#=G1FLru6FQt8Sx6(M8+WayWtkm*nY*(os zCodETSG8h2Vyx%Ct*!3u=(o|$#rctBcClgCRL4vy>u*g9*2%;c{=>`T(e?4o(edli zyVL8NtLyX2(VJup#7tePry^3#%|7WxM24n)TCuvES-pq|@!Q3&wuMx0$1A&gy3`u^ zti&pplz1qLywSm(7w6}vz(cNVbaM~7F}=#edricstZZ^rmsONGzt&tI5gCZ++BRE42c@)K})hZsPUi5R|Rs10r} zFcwKMP$M}3l!p8*!~O=db297esHMjCRs~#-F5etq-yEG>=1;}5W4mXB@k|WWGaVD0 zSYa8QE3+X2YzC=1agU2mKSul>A!TV*@oz9=j3pD@oGMOGj3C)YNiR&3CVW{WW}xI^ z3xgFYh(CLDV5#CCOu98qWNXK7g> z>>iQ_`hUHK$#HN^t@HPj_ajC6!L4Gd`gc5s=4!kP!DgSp?45nf^5|O`fildhZ-9T| zIqVg$2(E63)APg8>Bak-U(T5RK*tm{u!{VN- zXdnAFD5Ld=cH)Ez&W+=#eI=pLcx+{eh-Q+vAwn*%B%7iTsZ%udzMD&8F}9G2xvw)R zC0*dx>PQA@Jqv0=l54jqWq&w4KfAs>mz$Lj-a(bUrp#!NerU0KDq&q7U!0yCj=o7u zEzSUu#4T%IE%D6E{oo3#nNI7dkx%tq85M+)bq0wf&9T}&Ascr^wRZGz?JEilZWH~b8&uo zy^hiCF@Qg@FUzw!w;(b3ThlmTDD)VBAqf`&i5Z9)oZ9PQbz_xC{)UjLkHE-y4%KmB zoz6&^>Le6zE>6zg+?s-+WEf%b6cJWP$wZrbPoNm<+D_>!auw`DtB|kEMc>1uD*wv{35d0_7R)S zlmy@{TtIoWoVEevPa`?JJWBoEl4JMUm?I7^kLua!QcnxliK3g~_375UqG(4^T{apEb@y?oirx$TtX z+xYAJiJxZwp9hEkHOBu94)zP@zwB@B|9X@sH*7q9=->Aq@|TZT%EoQ25D55{0{}O% ze{1pxYL59^G1l+T8soQ?*uJK)zD-2mCZcZ>(f4l=(I?$mjNeYtaVG0$DI_Uz9TI4_ z?9Hzv0#0*Pdss{emB-2pa(e$<&4zt-^Di(rapycLLc&cH)E4Mufpj&9PGT`gHr-U? zJzQ*eyO)Q9g6Nid1KI2=Z~C?_+@eak?LQUDgu|(#m)b}e(mrV+;d))GW6Cbx10t_E zwYhMKCWwL|5CaYy_WM)JXYsh_k|5bf%-=5F7lU|zuwUJAjY;|43t(a1@RrMXs z8e%G`zdt|y_4v2t3wST3?N_uYFGhQEU0#n)m#qL?zzae-^z(IC;{jA{&!74_$4@={ zM5k540JGZLtxc>&7+@~akG``_N~AaDQM*?qA&|Lakn++biD``onk;}`)8GWK1X z0?TUA%Hq?QaUF)gLeu7~e~)LxTiMX~4O#!nn+z0efYs@~%AwTt#eQ4%zyzZpAsYN4 zcEN&lr$kHbgpKK+)NW|dffUu#*bmEqq^5?0QbWU2S`r_|xb;~S*T%QUwk?(c-`E(} zWn(PkZndp3N&U2D##LnbF^!EI!<9v0dBat18eZ0NmCybyo33(LS1?@_)P^#6r|*T=ahQ@1vIx?fe_YPY$YB)@q7 zt>|3KNc2YO`u>!z)wT=s*}n^=OJV(Pm98dB`D)vT^<>)a;T5Q?vXNLzWMw4FZ7Eh~ z-|Q=Xm8W+9FZ6=dcm2|*;r`cyot;7c{LkI}&Hb;B@)U1FF5CL+cDrA5`_GoM?{eoa zSAp6sn!2=0Yy_1MtKI&yTXy63|A3vpLi<&;hWWIND6B3H-@w*heW%u{-m>NU zY({*qEy;YoN+X_;w||VT4}W>QlPFEGk8oC^De5WCpS0`+m!s?R%PJdzSdw%-%yiH&gOF~ut%^Lojdy4D-h(%r3j~Pdl z5+6Na-EW?T_5b!k{{D}_!HeC^`u|ZL-Sc7Sr7MgvbbD&`mwgwp=s2|rsI~v0l9Ws0 zql|?>W`HrD5sE*lQ-|+fszuFU)sq5Pw2EizZ-oTUX{=81)+a{}_iJ z4yO+p2AcZ+i~YU4{cq>R{-*yw#QO<_yUHxbEKA<<2AX8uDl`8_>3+UF#*_{+rTu>mbH4pF^#8$NH`o6Md%G`o zHvRuGp7r#9IZZD5^T8N#XnOpGT;<4VRGHTv)Ztr6`wHWNF`Pye&#{lD$Qzo2qM`4T z`wR2_n7L5d1F{K_cL*am#y;j)=?_0CZ9)2!STAOT@iWBl3B5}wh<6v}_Mt8aa5x0p z+MNDz2oCo5clUL&lZ(S_wv(geZyJXq_KqQKiWe%+5d3f{-j2e>57JhDio^J0_4hc6 zd=#LNLtkr2RY@mIjh^M-zXhdc^R#}7d8uzMes`{H-9-`o05zb>1*>AaGT?kX*eup}2XT`gzMG_kLiQwOK7bSqs%2`4V` zhv53~qOg10n(vLgthh9hDaX5!asB~kBt)Cp;;Em?@n2uBwvMGh)B1n!MPC0uI2i11 z#{b87^6q1r4U4qGL7h&k7o`(1n^1#?9?p;D+LMS*w^Ye&h zliFTAtOp!ZkEDzs_BoFH6buTdIFvCykQ;}U$d9K}b!i%c4Eu{77)eJH5`qYFv5YeD zd$GDr&AO}2Lq47(3XT>b46qAMi3|OU_YyLn5r%{k<6~F5KM45ugx>iCdK$$&RJXN2 zS9G8|0u#UpMk4X+CAZzPt?pmBN|aHPg+A^Pm-Q?whxof6qK~})uOxeK z#smMkz9W)D?90BxI91GMJ;!;S#Ga8LqG*OfhUX|-%`FuUr@X`@!hay&CBd@5gz6%6 z6Aeoylsvwmh@yYRm|>2X<8+I>lSN;?8XaoE^qelhSBF<8;NrcB$}}Euap)oHFQgY; zIH6G0H>OCIHS#?BdPO;qrml^S^9oG_JG3)kA*s6CXiM}M5F+KB2R#*-`k{ho${WKL zJwRj9SM;6>GO`n@LVS!u-gBJW+uJc@GiPQ9%Cbz{X%khEUH7njWpbo-Z9%u2#yy)- zax+K`(NsY6%1tgTYl{N6!J?~E-!4`BH34y`iJ23g<)5Le{TXXO_zZNr(D&6}I=2la zDdtdLj}6V}WS^AGr3b2y8E5(yPn}r2jv$2r;)pVHfp9V#%*<%QX9%bFx2l7edyexN zT$s$D{`m}!5OXPx3`UI^7S_y^D%Emf*OC)6&ES z$2FX`!txp14tj%~-gXO)72n zIZcvxD<<6{j;h(VD5p(WmX=e4qjt8<%4q?^I^@*gu>9!C=ec(b+0J&-I#SJ)rRUqK zGt#TZ)2rlEsoH^TX*q2^Snn3(Z98sow%sCV7e*Dq(V-LNS zpKjBhqSMMU(J3r!Y`Iyr8Ro1fKpf z_HGk65hY_}TIUKucZL|xPjp5h)1QINq=wj|w`I+$_Y_Ivq?L}Q9JYJ`O$=B zX_ZjoXjsSPCOV0s(rB9C*j;L(lQ{Gq)s=DwC>k6DU9pUlql7$IWSkzgB4O#QhdyKs z6cv!>c5#_puMpzbN{KBWt|(L)ajR*k@*zv;iW2HfA9)-VQj(XCCM-+KM~dU^G~ksy zsp5xHPo*nGGe5e)G$_%uDshzXq=p}*P*&uJ3c9F~kRm^>WtK|Xd46EVrxjXf1&&e) zDd$HumKFJ-EPgc-Qsjra&$dcJ3j9zdluAeqjz$x121^N)rTJl>M%7|LC+(&(O9Snc zA3hG_kKLGKzhXEm;Ha5l^89GRvNS&?2=bVsH;^Z~SeXixD#|K7n2HP%l5uFr<5*4; z%iwr(as3K1NT;fs=PGezg|=jCt`^Jk zTgV~w7aY5FLTa}QL-NE5d7`6S?!O^q>LV~RbP^m(ZtW*HA{f;P{2rk&0Tvl_2FK1`rCFy0M^+V64oW4gN%FyqSUN)0R{y({r!4ryX? z5(=T*iaNr1nfeT_i7ZB*%A$8vgM!x3<|X}gHGV5}Vc%u#lFU5S}K zcFs1C?Y6ZD6>wzEjm!7jU&uWm6OKY5oDrfELIY_n%VA1z9JI&b7(W}aY)*a9EbrIb zZkHhr?$F|A>2UU8EBX2REr4_?9X|!MTiappw&yq_Uq-5OJV*Xw3qbJO=W!zp(*?O&bohcoWn%K6&^_cQEgTrQbM4y@O5s$74LtQup1&(_e;j)J1bt2Xmy}_>gnx&XBjIVh*~hkJra`h(9eq z?M#42icg-p!lb)2CxBA~xpH*2aF{R)YbMwNEOuuAGH~=tdMntUWE_K!?-0m^GO!0m zK+Fi^j~D&01(aDBhtr|c1xJv>lq)U*(4~Yid4MR}0v?3{Ql7DTRxBJ~VX?;cVaslx!w#Q#iji0n8VMu01i+bxm9tmKKJgt|4= zYQ8i~r=qtdNLg_)0<6^p0Ebe_CQ=Y_n8qxm{@Oa^C*~yKu_)A9b&?6-7^$0mh?0Lw z0&uk}e=C7fOMce-YV(5`|K(*@GJs>T&ZEENQ$PL>4hFmV_}|^VgU$J$kMbn#F2)OU zHulhHEOHs<0P|;Z-jtU{2n<0-^jV|gB!i{M$vP&ce<(Y)2^277)m;-~LVN^62LLuB z_ctsa8&EfRG6ZtP?Eo-UNA`76@AH$S3@eX5YbC8p&TUyn`6u=1l(;~5bP~IY2D#-( zjFY9Zu5-t_KSSNvC12?JTRBbjYfxUpX%47b;Fe*#o*@l}!)eajS-!6amM*nlTlSX* zxCIxV3bs~w?AEdP*Ox5g60{_r?X0bkKZw-@pv&;O32LJwQ3caW+?47VUgmhTB-6`C ztW={1HAZDcR_OpMSE+5+D08lB)l3iQ9Hlf?tJQj1>OuXd&{R#eO8l=Xnxx>rRo5P8 zM{nCeE;?`3A}g|0?s&K2YD+{}Cbq_x-Oz93VD_qzDi)qE$HK%ppcTf4@v;@PRd|^? z15_|kB&cJXz4r}{)hcMofuM{;J=O>HcUj!Z{ktvL{4RP0d($oGIwq^V!d$6xYk5gl zR}*SehX=8}p$@CG#j3SQcWE12MQ;19)-=}YdTp&_(QI4AuheMy+O4Cv!sBWhQLb+nx()vhY*Z!o(iYip;*I^{hgYMaP%vRJjD*4*EURNGhet2NvipF zTe)RkX~-}e@pX+VfFXfQJHx=x17ZwI_t#t0^=*PE&32MNlg1o88G=q(74+uv&z#2S zzy8ZMH~lOPKApB~cu>2W_Bqb5Y`M1m3RTaq49b1rZM)nLd588NoI*XayfCMbC^uwI zw9~pif=XJV(^E;51HEm|Q_k;F*=1mid?I988nWjJI%BaD1xT$}XBsbnssd=Ns&p&Q zRJ5Ik_2pYm3!b z?AlpHf-A&14yTPK*<9RDzW=7NJGJ%@9TQ{$XfS@*NJVB7JyeY@y`;rjLzaQELg;c$ zP_wKp%~K6V$W{(ZNw`%h%gV#Jl>D+8iG9xsV5&!*(vm@oHu91U1bMf`QX2?|BnaZr zY_!Sz6}t$A_KLd*rNy+{NGP7qo^6-?gZ+aV$vxH?Ww9Br$JFX>Hv-l&n7d%%a1L9{gaV|_{j+De kQBuBD#8dBVZl2Avc{b1HseArk00030|272m=>Sv#0CSCndH?_b diff --git a/assets/openebs/openebs-2.11.0.tgz b/assets/openebs/openebs-2.11.0.tgz deleted file mode 100644 index 5a4157f7e6c190a25c6637a9db3418de21544c4e..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 164406 zcmV*3Kz6?$iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0POwwcH6kJD2(sF^%VHYeNH-kt;ti;IyZYAM^>l3+k<|VlfHfW z?rTFNB%w_b+yp5{8P>Y%dxrhz_jKn;zJ-YdNpR3$C+ThWS{<1L3WY+UP$*Oth>tup zp`F1T24Q;%UFR=bf4bdn_vqk&|J&_$v;Xexy?F7L-a)Uscd+;3@SyjXZg1~s|KKm6 zyM0vhPeel){H42bTiMQiBMqw;weUUANVi` zJro#=*_iqcT(&&uqCU9vkvDujHkJ&KgCIq+q~yN_^zl0sP)xi&SnM^R@5g`cwR^pG zw_zh6c{cJajA*~n0v7RX9P$zt4N1^O9-KJHZU7)a^S2EE0^}2lLlP|eV2T~o?{wN7 zi}5?{h%zZ)f8Yho!D25fK=C3eNDi@}<1bo%Ko*$w1?7=6l&NUPR3qK&!fnYy`R0;u zRn2H6Q{d%@wLII+f!DrOfY(c=z<-$1LhQ9~72x%fHlkL5eF1(zybxj!1^5H9!8jxV zoFOnJLGpz*=7hC24@1A->D=GnwYg0(+&*6dlKArTu4I{bo_w)fvlwa9R{pp5r+gZMcAtrf7SNAS>p~Z?@3?_mUl>G zw>%i)1!_@&d!q#=4zcdEzwvl5K5evsdUF>|P&}KS{q<>Tis_37h=_E1|PW) zJAH761L(C~vVi}YbUYq}JN6+d><2JJ=&tQU&qhmA1zAEA=p8iD6Q7bOu*8g3G!^vZ zL{xNAr572Y@TJA)H~*y9f5u4LZ=+)U@9n+V%dP*tr}h6)p6sexCCAkqRr6fVRZKb_ zu~Ey$^sePX56<{H7Ejk+`>5TG!B;PO#m(4D54zZDnPFt*L#sp=C~kw7ZV?{^FeCvj zfosqUiovqNG1L;E#mihV>~tNC?my~uFI@eL0jKN4fV=G%Oee!LM8iIybGUbS)bF9m zbh`g?&pw#gFMD?P=moN@BMTl_=;gtIW&hZl!tP}M<&TH^d+^2H{^7Lu(mp&ove0zT z?soSZGvqPqFlDp3*WK&2x-VM2qw8L`e|XgI9<>km4u0G_*y|qrSMy2qZ{<<)e*v8c z(TCXpmdpSB!=o368Tr58>+U_t|HpWCzzLed$O(bq0ImuvDbUyf*KZdTv~Sq=;kSik@?ZJmOUfC&OVq!ifzdm#Z!5(OYcuJ6DQ(RQN|OrXWK zn>%3aBa3Y>DY&1baE=0S_4;@K0wnc9K<6ZKYzEN^5EBh-Q^|kzK^R1+0f0~aq1Y+( z!4x_aH5wEJ3v8id%Oa5%_VabPKx{Oy3ukB)InEea0Saj!{Qh^27f>>jmuUHsv=4d= z6B2~nGynj4AELm6&WHqI9~>SX9`V=MGrXog3}=mcXK(MVtZ1%Ty8ebDQ6yKel-MJ^xUy*F6CQ)p(Y9hz$O z-rz=~VT*|^_qYS%P4O(nBTdF6%?6vqIN(FE1QDCGlO+h}NLg{%gk}m60ydgNGk`rI z1u*eA%_w1<9?ly(Ae_SxFli7kk_1-Ak$~jWwr%fPRLcje;TLTRwA@0D_@4{~KPw z3u2?=m}@oj#TR0Ct)G8>hTj3FQ?}HAd+3FXX$AeoZUguW0NFAYZ+Mn~+lm->dVr#^ zu>)>}qMJ9@$#vzHlT3oeAp@8N*G|x2^B|&()vbtz#ATd5#j{9^x@b4@Z5SdD&Iv{7 z?~NT0c{U0ZQmLKJEx1F=b|Z^!ooS#IS9<+6rU09ze8#4ysjyalNr|7O(Vu@FP!IZa zPQpvM(=>5~R7)JeGkGpiFj`5$W>PTAC!A`kiUzxi*4v}DiQZX?8)`T%9CeR4h*5Ry%G{ ztI;l7vOL>W6Mc=0U>DQ7**EK1yf*vxD!e8YkxzKf|t z@dwsMulr*E#X;}o-hrG_Vp9m3{Ld+NLVo^{Y*jAl38r_$_m&gc=qLU?MjQa5e`RYP zWjO41P-u1LgobptGa)2wY5?CM&n7_*5)v@PR|aKpcKP5d^QaRRPu$FQVu$RK3 zse_GCv(cjC5aRFhUsJm)e$YVv2%sx|*ltVwaBcZzB7c0an?krvP>NDx1g$wY0g8=x z&AGLWh268=KmS_(FDy06)R$uEq0H+=;v>C=(`JX`|aD)lZ?eV zR+KatKRKNGdM!3E$D`A+I5o(?P;<@%B&j4+FKF8VqD<@Rw)ubkAA7w+_U$c2mt&?l zt^hr*!vLH!rFAfe-VB|fQ0{l?!!lKGHX2r7CnP=fXb2rglI@|U8!A!*__4bjbDv3K zEXLa<9u7%>y;;%d=8rkhd!Gbh$=137J?Jb$Y#CWf9ZW3&_Q0G(0p(U~TVV{RAqv3# z99we$fzNu37RU>Mhmfs~z$o&~hkM}Z(8 z@tkD>T?sUbLdHTASkPk>g0_w9q*8#UpjF#}LhAq*bQ&6AfDpixLk6w5Aph|RvQbv|L6Cevjk)c6RQr5mWIafxYOkFVxq3b(Yae>q8V8W1D zZobFiJS~X?$&*8E>O#lij?I8f`4pcFObD}=A($!kgYOQ9xJ;QQVx=NW=pyCB6UP3ls zKyu9R^{gPdao>?Vo%LSYS$B1@sBdLf7e4ESJ$`HQUY8ZpQMg$8^TH!8y0+eYoo0t} z8?m+Klby)}t$Az|H(&FtMV1wm;NI#ma9LkM2wm21wPCe9R5G9__zkkbVjEn*Xq8oc zHe*gke2e0ikgscF78^gu()Cd)!_vL-B60d}C3aG2INnw_Qs7q9*u?QwdO?^GB$n#N z&Prhx+G^R)FOzGmg36-EQ2crpzMFx6!e00rb#ASymmFQoBBs-8 z`AIv#=5OLNZ27(F7+V&reUhC5YdFkS->c8FQ;>2;+Df`+PqowV)q8%XJ+-^LtDa;F z-9{c}r!dN%XQw{Cwb5e4YGryYYPv88Q(q+$X4cW|FymUHU2-FPCypyd#NGl{+5yMf z@;q(g-vK!*FMpLb^ry&gr^lqq+|P^Y7XQ_N>1KafsL1lqKWoPSY(ptND?I|>gvxtJ z^QwhT()@HzIl$_M%c8YsgAH%h*0n5jFO6uOooulU_c8Xh)rQoycDV)S(nr|(szsk+ z;4i+Sb-$Erw!R5=lr?)}v1o9#Hj2MG5;Ns^5HFHu-vb3O=YF7DZ@EK*CT5Lpl(A$f zaqRxuR+GjK_%NlKBq>y}tE814QLFvlj*6{t{HkV}-s9Rct6&~|n9{B78W~<|>=#As zb7KcM3wIj~p+`b%zqi8>3dgUCA@m+^$`H=N-5NtMyw+d{5wqT~90a|{PkeQxyU{tk zLx8fu;9+bEB_0O~kY|g5f#6x^SzA{5i39+>7XzK3E(XaW0n^jO5DHpD&sK$48SKe2 zjT8wQ*=|p8$d*9vtYw8xLv?5yA@GW%add9y;_`YpZinx~EkGAfRsN5o?m;I0`(S_X z#Z&zEV?5VdoaY=;FhR%zSoi@UyA8O`0dPnG4Ph8jFj=Yy&VJ)NAXyU3PzZctQ_%9j z$B&?WB|@az7tlr2hZX{#KQ|g|x=3{nI?hsPWqK^=J8o^IyIe?G&;tnbm~f%K0SG*F zuaY(m97ri3K_j9F5DzI)C|zGv_9I}ia)^q}k1e8GWqa*L<1IztR__J1Zh62fLL8cd zDHpOaNn%`eG!SirV?eneXpG(s0QHe2J)vTUHh#n_vAa$80#h)<3*>#wZ*=V#{ zt;QYp>^>NwfMOaVFBH@nI1sz(d}+Ogi$Z9_5ccD&OEz*zYeAfr#mh5<*hi{0dy&fZ zqNCRU09qEJ^qknr;lBm05VU^{aELBF3#B|krN~ML^~k3B;P4IaPGiJ*g6*<|h~158 z8Lx^;Pa4D+F*jM~w`>aKXxx40sG*l`~)t7h(_vWT7yJB+&R< z@T5xuq=z-{0;ai#fI%EP(7FRK%q^3cbS&b!k%z-2+aoV9x)%&ctjI;4$f^g3=U@*h z0R0YkvegrcwZCX4lf3-D5!yU$hyIpQfmG#xJnUuje;n@ZJ>~y+l;`8e&JSRL-9C2_ zo?-`uOCP;*8Ck43>VqFTpFcNPsmAcV&*m9pajp_cc`L)7Ww{oUzl`DIycn!(6SR`A zTspT!!Z9X-K>MB0a#_jC1quReBk+msK|Ko`?em}59Y@nCeh-?h1Q=7w*l&T~KrIrg z4W<+?nZo7p1eQ#eaLn6{Uy*>$%ZIED)(f`!S&%I!l(-1|68pxB{!TG+Y|4FHxxYKI z*+RkH$G?{u6HYG1tSl2;OyE9mH%_NOrV9~3WVQn;O3#edqsvgsnTys$ylb8CoFJWou?0P|AK!tUtQ7QdxV06uX; z57WDv|Dy?-H_i3uQ+B?~)H+N-Ad%R{MidqIA)SinqKIA7#oAKiV+ENm@$qBKW8cfu zA=5NyKQDsEdyr+34CJQ#(X0i;zz1Jin6L5V*MGS^R>#|0NC{T4{_h`kdztnBh!uZY z{~zJW%tAHj(xAndeFywJJUa(d9MBNh$l(j()$8NIt_bSDArmJe@0a)t2;a0NIlLTv zhroC=-~w^=5bDCjd6Sl;YP;3}{6i9~=)+4bE%J${;3Bzs4_YE=# zB#?_Y+rOv|5l^I0LjjudqDYd_Lqd6w^irr(!iuncul&I94G;~Jy{+$%CEHxkwpfAL z*7Y2FBw)*MdjNen!43{FqU~Rjw7+dpB(o|s+3@Nc$q5Xtd1uj+JI}w7iD6^;@nf9I z%_xGw=g&%Zw4^MNb-5v+Uu+)$Ad`(8faV-IZkx_K3|zAh`~bBCZStSxhnC=rW*_jE zG_ov&Y@UXRFSimh^!jkY&8m>7s?&r$o6v4Z2Qg-A@2}Hu6I7GTkIwLgN=nO0a||Dj%P21Wl@Ueo$6Y zpmJJM06k&g<#Q4`4!C%1#VEf9@9+6OA`BxN=44F>orDOYjd8fX|=XA3y4{ z%z&!SAA(0*7kYMId({G+3HCa4o_g1^Qh)wc`-?qlD5b(Lip|4sT|L_-t=#6eq12V1HC?PcvhN4@Agp0sbJAo4c1H?Ws~227-02h=bNs9M)N*xiDax--4oY z4;`0P*;{jZh$=8g0S>ts)JsUUkrfIeM%p!djPe`s1_=FiR)d(gojP{6-PXAm}) zNgSd6g(3lh$2N;!p6wGX{}6}EF7zc{{7|^L3qbP^G7%*L;_=^Ljc(HrhG-f&3JV(| zmw5cIHK3_K{t=N7a(LW|7eH@@G5{S+LssCP>BF^vV{aB9O2we?8NyT;$0s(7LP9O5 z2)jT*h%M6>pV&60LBuaAnMC$X_F7)RV=>{3XC7}!9JFkTv^=1Z2V@+F_^e69J@B(5 zJ^hJndWCG6a%W0fU_S@`L+w1BJ%|AiTWs3 z{5;~&#|&AItBHkZ3I`4KiW|N74K``aKo&IvX;BUjAO}_(36QHV?nl}f z3L$}wJzezY$-;%Dd354YQM5?Wo9`xF`&;Wq|+pFQgNe>VFgL+1Q(Hss>j1e{_$s_rJV2I6QjN z{~qIcDE;rXV4Xj;8b};;g{BNgC8|oO)Bqr_B(Fjf8cq1!VNCH9kkXdSa$qG^pE{6jHaysUxz*)A)B&y@N z??aW>f}e(jM0zsg58^a~Ri`rcjvw#H(8a7no0OFt?m6_=JcsaXw3_t)!yT4v1{T!(}EsbV{9alK}Vuc44p-!ypf^l6!X4_=f}pkq5*b za659KL?cx5W05b&R1GC)sY^emByffEBtNm|V0cPF5yvTPxPT%bin~H+7+`NkWunZq z1QPA^!6%VilVL8KRwm#UxI@dn*6Y~PD`><%fb<7$VbJo(#XzWx12qCtAI-otvpAbg zg4NsU@Y2MTt=e;8P|z6rQh|1AXfos=RM1h}6-Wy!U1TJ2ihNQXe@yWqocZtej4vJU!5 z5VaZkg35Y~b?UsOZWoi9tyb$vLHtIay#5zkS@{jm+c*I#*Z+D4z5Q(b$I*W8DgNV8 zo^t(9SIVI8(`2iE!ntIO!u2(?Z&f9$p^IgU#8>@kB2}W+Rt}09EP4g=-27t@&BXpQJWjYf#HTigMSOwOw0kqGKGJn&YFXKU%r~ z1Av;N2T~q6Y+~_v6;&e}JehPN7giY~!GI{I8t@5tS>KtQXT-L=fKo~4HT8Ihe*vS@ z6Sk#@w|G2AOa_QCeV@nMs7Z7`M`Am0adIAmIUb$Hp2V2OSLJ1W*tN7Ex?CzNmgMHp zYb4zoou0@pN$Mr$tr7>MR+((e$u(_U(|VM_K_;VR36G_;FHijbI^)IzgBeYGz_b>x z4z@u>JzYwkjPaP z^?MiRdD*mc381wpZAultDOyIDl^E)CQj?R)p(;1Ak}z-sf3sPX`0=LJnK+Iy@5Gp{ zl@6Ww-(E9uXzX<}hH?d-A}b1TxEv5KMDIg=zWM=PUv$eXiG$DqAlVE(s*lQ z=tb@X1q}TZ-BY-iqCU8MdvRSGcZE$3`HU3W0i%HMSOz}D;#dW~V_?$@({xxP0=+}N z*Mb%|&})-b-@8U6d1TzBjMl$c3p6%)$#>QMq8G36unA(Q&>4h{Eo2!hB9aT3VulXwj+oIWMpsxxSX zbF3JyzRYElUAASKOYr$~CnLc#?Oz5WdU-q3wPdmucVzvUy8~V?uej zuw}*`(FB|zN8a(q>hq}-(ZqzL--4((a3}tX+Ou{HBWX!wcHwG63uqp(e4U#GB=VcD zlt(jnU}?q>RfvxO%2E2CoTO}2|GFBm)D4bt3k5LxAOpm}a5}(*1=7u!ccrPC>A1Rb zJ$9W~zHGhH_MQ#`znRBy{uhUfw6a%>u6Y_*;s14b)Xl_y?e+HdpU(dt<*APUFF6B@ zIc3d5z$|~6P6YGUH-ImF253g9Y`jKKE zc#-4OK36pLY>g8^Gl4+76)FB+>x^){v%IwiRSZ$VtkO=^%8uHKS8oMqJ*B}|yRPE! zu!#Vw+f}z>CymDUWS6uU*D7odeDi0uW!VynC(atjlZvROBg)h_bxc_>l*U7ties33 z-Lj*Yy#gcX>Sstv&Fon#KmCFZB@UT|goZW>g6!wTtG&#ty}$l@Pq$*~=REqrU5i*3|@O>EQ0AV9OofdN48SyNQp6PbWL_N+Mx z!0rFJ1%1&2?(4pk{>@?=%`-#D4ef145xPx*yKVn)tKj6o%puKJ2UFrWmn@sctMta6=sjM9!pSeT43K0## ztr(M*1)BdS)AjZb&0Fva^imb8to!luyo!at%*Jm5n6vYL9UJA+{U6W$u3xyZ-UhJ3 z|Fd`SBDeoL=sm@MKFX6>qD8iUZNMLABWS+M=iBoRHTR=*8=-s;YgFCFE-^R2kGfsl ziW}-zMig_wfn-K`Pez?>fR8$!n`TQNMtu{sh(*K z#=9eV6+o}s?(My7v;X&Bc3*az1yp+bdU!Lqy!h$#&6da{<8{A0m6D#B$kdq=7j>dZ zD;!(9A)5NLR%?t;WNvcc+8l&GCRco2k1|s4>B}O0eq_8$g|>YB`Y>G`YQQ z=GO=FEP8!B9^QC)N*Js0<y#w;{ukFVj6nTS%%oso%-{fWgGOvMc(#wAq$lwCLt7@b~>uaD2phF3S&zl}^d@ht&u&5`5kLgj3D zd@{Vc8J-OX*Qb{ka$r(HFM{SBd95dK_zj8x$tx7wnh%FAWYVRy(3d=46yUJp*qQEk zG#O`$l|D0J*%;r9-kzP^jE94(;kB7pTY%@+1K*W2!?2f`^>-8Pq4`xhv2MdexUtb~ z9SdXTHqu)Sm~LOpL*WL-Z0(u`#?75~GgiTzP0(Nw%;0LU2v*qxb8~1*uD_*ljrPGZ zwSK)bz;ZBk59M-D);Sd{1+q3KtDO@TSN|7ra4NO`G99=DeY}zPPnG?5uY1@%%GiIq zM@LWoKacWcrc*N5kK_TQ+WRKWy*l=)*XcP^W&JHLy$yqJGNMnG-VH3h=`kuD?$w8U zyz1vx`t)4YOlzvUj(yfAK{~`N9*q%^!ZqI{uhhn# z$m-1s)-?GVjG0+m+oM`CQ;mOdE2h~fz5#)@U=iN}g=$&DU+lH_UUG~0exW%$vGS&D zmWi!bSt}DYmfxr8t!uY@#31;8S?lci@o&dBqstRc?EJuPsgJ2vwm+I0TBlQ;`3G0S zbHr~CRK|9GcYz9}=beo+m1<3? z^!@7gTptE}YN%r>nI=Qt$(I_bW*9`Msa+eKZ&8`?lU8<__-yilYsUBYssV^g}YCBfbC_W1&|ef5kyVyz0v+#>(*)4O|~zy%}ELoSa@| zlLG5WFXn`XshG+gnJghT?^3uB_DBTi90nrcaL6Y81cmoVrk4^?zA$CwB~v+^A{ttc zc@=|#;$i29HoQqp(_!DD)1~t%)7^4%ni6J|P?3#~8mq5?lzd7sLJFQ9Uc6%zgAOGz zPS~^gg*6R5$1?Y`OMRoOWcmaVFts_Qehd^6c z+2zWxDviDt36vsM`2hTZ7cjHT-jjr1zK z@!)j0`T1)ZA`=<6aZsE;g=gcVUxu!<9yU%P2^i%j(F|a3N&;70ya+v8SB3~1rf@Ef zs9=D=40%W-5tj#g7KxZ_AyW`Up2uXKY9+BXl%$L+Y*Ls2`|Af`Mer-=WoupMns0g`OGaNW4cIfRNq~my*(dp6f%df`9h_+qgvCr6>84)flw;DeT|JUg9>UtZ}?J*Gl!rn_eWsYEM@z<7d zK#^xt06pR@T@q0cQ8?50!{WkDR{RYiGY5fV)D0%GaUAHWquXu`0TKL??4VTyPGTFwWPEf_64L(ctPN@pO#y zk=8Ls46Z7?*{r~p%ylZ@rYO0&dr>E%fl$Kv&EYOw!t~wptdKN!Yj3L@h!T6rmOO{d z0IOVvl3MHe3Ki6^>zb2PU&lMhTzmDlSMvul)cbQg0#*C}Y#jbs8UJ~7_#&78=kV~! z|K~BD%)EL0(9dr@>daX!UyKE-kVIpa9FON;W|$ve-aT}>G$#qL84+g<$tERK7WRFz&9Qxfny zHyAj1hAtF>j*T1?A`qZ|M2Lno<5l62P=#3Sf@T^Kb)il(wi?6-Z({H^XWRYO)u5MS zU86^kPCoO{*Y#p&UD7cBW@89zg%9SLF+Sxzz8?I1!zaS=Pd}YroL>J{(r1do5PLJ3 zDOzs2(oof!`2(WGq=H$H+!?}Z0%OCD`^m@3lg9Tv-bbsF*Z>dYkU3%V{1@^6E* z4X+UTyUVj*hQF=ez&kFaenCrfGtvq0>iYO>)egWV9FZV|PPPwQ%wAVFdELY0uG>5v z+&ZDD>3z?w4y;CKYNqzr9GRNg;H?pv`T#+x>&ByQ9*Vkg6zZk{sGG)~t{-;#^+cRj z+kdGCeL5#$i};K}WOXZWh5h&NsF#iZ+}l5Tvj0BHlVNE!*q3UoAIAusc4{yv@&cWp!SS7iM)4;jeWfQ!pLNK*RpW}ocAFy41 z0cx}pSC-$h-MFm1)$Pdjpgo#hS)l_GG`@^|*@Q@9iaIhHqQ0c1c{9Ro&*Ho_x;?h- z*@XC$4SHKPXcKjdZP9V*FKdQghnFAI82x0S(jcsEp~`3ttD2~?)xTyNRR-5JY*aZt zVM~UpQn&@TD6gy*ZpB|9hiR1qL3M?P)(kguF{lad@pZ#5?tEaxv=20#YgYH7A0{Nj(&1ksO7RyV7D&uTX<55H3%E1#Os~fW~+Y_DzU)z zn^lRcbinmaam&HfJxa|%S?4^r6v*0`tah?nT>a~eBPu=r^=xzb8SeLN*L3vTYPBBn_*dt%Z}Q|f(}B_>y0Wq>90VGGl^*}71n2mf6=4eazUc?auxfXK2=QSy4?3ITj$bKbyZ`Wx%N7?w?b`u9)|uK z6sC1+pBn=@LIwSh{>0M=zdU?-xPsEG_hU=?auLV^>oFrVwDHO$V6~Q8ra+9zR*8^- zT1bbK6;@5iUxg?9W97$H%|1c~SJl*)$cn2Oe6EhKFRzM>JZziQvN64j1zz6HH#i#} zU%VaN{O$7fqo=ib-0P*7D0{yPzM~vE=)Wp#nDq%yWetAg6!L7|QCV5tMI{Ad<|e8V zQN7;&xe!9#4XX}don3QL{jYPs`t)q~$?yMt>bEQ>q9FZG&mxLaHTj7fL#tK0Ghc%st(^Z8?Ah3xZ6XG$=KqVsgRK2;?cjX&62meu_WFi z@yg#B&;E58V-zyR`M-rVUwZ-PRoX8eeo z68JJIOkEpI_*&e)hFnmFQ$N59?4TL4`zlj9bR2R&QtyYw~T|r@!xmqr=1fLs{%}G)PxFJ&FGg zBJY^KrAV6Mnaa}#&#u_pV{iG4+v?A-7rih39{Ik5T;zq&ky=tw(J2+u)BOEwP->o@ z+D~5o%Qa_Pm%rAK|9ic?tp3+K=swB+$9Pt~|25X%1rJq9iFYg!J##W$e|9|iztN$Mzb@!j-|6@E^@3+*3Q|$sO)&RAct+^DG zY-+!OmEcb%vDEy({PkjZHGY^js^)($tN-t&{ zQQ$LOg7SMup=T#vfA|Bk!NeifT?}GM0&s#Bmp)Aw)vvjsZO~Bth}&=@C&a#!AcMRa z_IQX44As>`z7x%6;?_U}DR!1^aLi*zhzEQavTc-#^^3%Hg4$(;HgfO+1>j`qK^I%# zj9Abaz2hi{b3zeQVjOHqj|ztVJqhj{0&R)KJrvg!L5oKs*_htRZaO5gl?@Tt{E9(m z*>1$$l=us8eG!2Py(Rc1nxMc#A)-JY;(-=Gm|v-kJppzX5U=G2$i=Kj0kF{mImAZ+ zaG)O&AAIj(58p)-^t>H+7l#x%QxM;*E^b=>Bcf~s35TBy4e`K|M1ewKmv>2pnyTTD zdSH4yY((+Q;}qfiL*x3Q6UKkKN;!$6X1`o^Qnjn}E z64Ee$KGm+;jxUPmE&iU6P_Tc$)47XZwJ~`fHy=@Tm+tRu_9U}qjvTj5=g)x;tvl9N z7kY4p0)gHCKf=}>kEY^uv56IN!>hpdHxhAT1W|Gwcz$qu?cVt6eEZWwr9PICohu(*sf5g?>^U!sk%S%#2h#fw6Xc!1$ z({`irQyjWQTt7f_2B_dXfolb%rX2GITmqOMU1H~OgE8e@q(PjqW}fy9}%WF zM6}Upi>jZ%#{_0=Mq6B}?C~)ciF8ktczv6zTj=&yw+-B}h0F zv|7+{6ybPn9hJD5fxKfLDha3Oj1EO)E~X)sSK-RS?6nUA=%Nq>RNcZIuPAdRk-|B` z$tB1l1$Dd8_yk6(GAMsOffGcn0Q)@bw)*)LXYsC4w($wHYCiQ#@&~L?p5t+=ot55} z_D>v~3VCxCd*v6GzYT+^6l97Xx0&AE*=_Q|QoIh;Tfz z(G3L^KQRWD%Qh>lP$+~AZcnEdBpiu2>r!+yJQ8_Xh{sr7Ie9nqe9S zOC~~@)~DmqY}OhTiAU}{#aub&kK@rPx2jdlu$B2E!Glw#m_JTkrE}Lo5g-X`;<4l3GwQJGrrUZ!sRx~;&&JY%x+r3#mo z=ZopqI3pg(e9>_znlLNR7h__nJcMFCHB)9IJ~dwIaVy~t)9F%Dx16xKTX3(*C+&uk zS_tt=Y^!HaJaKsWYL;Dj;^go!&mMi^)Imj?I2!PlXl-#@7mwWR$xfUqTvnbqIXuj> zN1r%391OE(<%yHSgRLGT7|yeJyq51dIk=x0`$HL`hzA&#Qw@*K0tT^7kT+ALY!%SM zG>eNTuz7@5p1}8LGAHD&TrJb)3$$I#9T?;-*oEa+oG%KGQnf5SU+SQu&6l`%t3W%; z<58rR<>yNkE-TL$g-5AcmYy#;9JVoE6dsz>rdbhrOOfu`$xU&^L|IueOXyLemX*yH zGcqgBm!gXyiq@BLoOZ2Lu&+E{s#9g&g3NrWgNim^Ou0aB*T92MqU?OB!e!<8Qkhd; zDIx}X43cEUb?A{mHmtXGa@*hLbG&=Y>Jy3^x!Ve!wumtx!OQEzuOtB-bRg@Qk+A$s} zjZidEViMBup!h?HX=;o=AZ4?r2@Y(n$`(ppaLGR_>K?PN^cyPzG8kz^y zDG?Gd$r`u$v$g=!sddyFd0TM;C^jLkS zC_IRc0oxEH;`9^Xe|OFq&3uBrP?17n!BaY3js@=u>=}>jc2H<_nC3)xI}<`mjk*Pd zd51ik1d1XtLV3b0ctNwheIvriJ_+3h2Q`B0~)`J=laVI(^uP9@sOmh=P0SmC}PDrF<^v8n$-BxR~*%7?(UA9UCn= z4k7+7|24I{;s*`nj{v&jhwZk+57(AoCi2Gz`!>eX56A?mK^r4z%@GZ=3W`#s3YHZnY zslsLDtqsSc!Y-0gP&f{Sr&Tc?`zt9Z91rOnFc!XCc|#(D%NBPoOnHXuNt_s5pe3sg z97rk1D~{FUVo|=YBE%`>5}iLR)~Gl=D~6r$2XCRpS|~GVX7MQCk}Q8z;j%J+BzT<9 z+^~=)Mf4Ec3hoD2O^=p4a}63>Asz;rl+eS7%9`{L5pyLRlBdTtuTls*OAk!LS%LOi zfQOMo%=9S6WleerOMVH5#qw;7bg^K}|mFb~pt*fyS=jS23 zN(JnM9uD@R_pKX26U(DOwrYLiHAcHU~guc(-~I{7lm^a zQ80YZZ)z#EfV(XuOO>esg?Oarw82%Q6qnUqn>^?&Lu{4JVSQXE;@Ox04WTgIydh-9 z=9PjIk;OH1O#_6a;>Nz?_gfk>)#b7R{Ew^>ER?p$;Ae zuB#<@#Cdx&cr+(C^q`A*7>gA;g;q5K9$}F}Qiw+gXITWWx?_t+X4!l}3S8`oT_GFF zyO&g5g;k84^3_GqnkRnjS`^N0t3^==?$GiTcUu2_H~#teTL6O@4?tmTbgMi4-?kf# zV~1zV2=M|r%UuA$Z^!3n;(S3|ek9Fw1C{wH&#as+V=DV;*sBcWEi$7_6mMUNvA#T%r8lZ<5 zAZ~D8X?!w7O39(Bf&8zZ#_`;L8o;d#peC5BsDJkE{E7P8rM|WRR#IQBdGXN=4^Zdl zDYYEY|$>xZUEmTT*#*J@3wyJEqXkZ22otJU2tX?!l=3Jvx(n<8x-i5Rbets!kR4fEOko!R z>N6?^XcA$E8({~KQs~(M1OfJD!t^0+7wtw1jF+A@4~QqT=(ByP%^H^t!Ue>R$dSDS zABczaBsY?e0?Gir6-jn@1|FN0p2NVthXK#jLjg?X|CwPA>3Mi40jx8~Ht=DZ^H@`- zUWjHw5(~vWVZB`jO3RDGkky6&V2^XzlrtjslAI-J0Z##pLK4%MHL4w4vb{S-;$mzf z_&*>n81M7nf}zBzF@3m|Ldk!AF+NY=vfO6sfBuxq|K3q=Kb!w=|KREV-^Y34acA;k z0RzmWR9{&N`B7B^s6XR;^LCQmqYs*F&MMPlEG$_~+Eh6``+Q=nBp(W_xNCMoh=ZWl z0D#WP{SA#K3aJ}B?E|jGH2|22D?6G==7`g{4XuvMwVZS%lX8G(`HcJ1G^8(R$|8Cf z73Nx)JC2VNWuKec{kh`8d;UW9U#qFQUxMW|oMjLdhkz#BuIETIy{9u3@b~42CC8CJ zX-D`K=;orG3dmXz&)~nXSd?Qll5M71VRj5|RR22~25V2K8a8rcO zibOYoSgS`H4Mt%{)|mincd72wFvS_x8m0{-c@r<@G9rr;w@j(j=q(n!aaxA8yanQy|q!&VAk#80}WcXciSDmTK&|$ z*h>eJJH@X&h|=4A8)GLy)$7Xk2TbqD*2bx_Pg$q>(jn6P^w%AzEzh?+)cRe0upxY~ zSy!*Og>J=#h79GbTsEi-F~l&F@f6Ur0h3{g4|0vZp2rv^)lOs7xG@J$`=Dv+f_|{} z@Bglwo5ZnQvo0An8h155!xYI@8`}rydUj`EjyBira?i4%n`C6U#CB7wHXI;woJDvWs(&Q@BfkHiMF3toh5YzCLrL$!NsLIy0 z#Y$ZC-f2yOF$zQM%_>c@nUo)y`KzVvD7A;kbRZf66~+%8Q&w3e4k^YixujX!LzzvW5;?Y(yQCcJ1QyQ@q+@P4K;U=Vu5^Gf zAg&vE>Y$C+FE~X|u-80AFg8=~AR&K0V|rW;j}DJYICm&3@@7+kbBWbm9|SCUFnc@j zk3atSqdqhS+kL93ivH-AMy}MKQ}5CGlWM9_r6AOmrZV!!PeQR0AWZ{@N&J!=#Hw1N z5oxTZsY!`|ObtXfVyiB~Dnbf+#9O)~qC89rQy#UY9ZF{-x~lucZ)(Whp%77~0Ev4) z^i}RSZeMHSOP_2$J$0UVOUMH|#Llq8Z-Lsz&7b0_^8eaD$ohXB?mgZA{5VhQUeCP- z^!@lxv5#uR_qSlgodhi6*;vRS$vhV)=bGdaH-G988bFIp>z7FTb1wX3VT)?VxPJl$4^(EB`j zUu6XW&O2c<62>YjG=eZnFbaL(at#l%TpuZ7+*~!J-~3wHax;bPVdj$`V>4+gGdTX*}3AX0-va7s~rW(cNpGyQcycmuQ9hx^f@uhz_C#rhkdT-NsT} z*1n^~WFIE2X_+@aiceNnzLQ4-hQoBM3eUe+z6SK=zi;^70{F(0Qmzqby6<4;>JUzG zukrAoD3ZP~Bqa1Mc8B&*iC+)qj2zben7CGRe|Y5e+oPtJ!fub%%*!99y>2gtz5(9< zvz{mHbaXplE!+J+w768@CBNmh+lzPgb&UGWX@}3^j?bI`r}a-jR{vSQi}(C%C5c=6 z7W1SR9jWU#JN2gk0s{O`92Xz|`8ntKr(MZY&m|UPHACBYH4MM&VQEYaa-j1w0lOf# z!zZ4B&LW%$0*-ENriQ6PpgQspt+;?(BD-qZvMjq;byGsxxWVDsb)|;o=yZae8ye%v zn=2xF?DDzf(8dopjPNF1(Wmujup6yDKE*R6j4ZOZ(=a(`GqVQ&OMcrNvfpxPR|36o)M8DUEFOV!9u~3sK}(C+a|ct#;`rmV2f-E zJ1sGp51{v50wmprBNbWt7*ODbLsQUAO&C5MG-N9c(+u$*9`nD&5IBK{?mhgo4ogX= zdi08jw{1C$Zo2L>46N$r+Fle5T`bJoY|;EBXJCBskvaxe1iqh>XwV&xv?<7C2!B5| z%dSyAI5n0jp0R$yXx{YH1#tHjPo zwTec`yTI7@b*_<(4$BT{eG0)BgZ#%}QN?nOBg8v~79JTD5Ta35EW`x_{)MJF6BY;O zWrQi(-GlLHquSt~($W0mg{Kx+O1=@EP_3o99U?&O9CwRPNxaGQV%HD3Ynk%KehBJJ zYvODCW$!RPLlbQ=zP>QmK_-)We~`+le1BN5g3epM*((Av*X$6$-fyG#@oR9$!DHhC z`);9;0Y9YwG)`cI6SLz5Y(!W*{@5bu{nmoGd%KoF*oDZqNihj`&840>0Dt_Vya7M= z)#r-X?r?4??hk0l-PvfA`RWD7J$Kkludh$E`6h4%?zs$QCh)#i;78t=D!V=Pzn}5v z#kt4kX=kGOh;>~#O{62)DEI@5UV4&OzIvWC*70Y@!W1L`MxOWDDQMUTNQ5=XmNc%l z266`XEfu3oK&-LRPC|cC9>Zz_RSg0QczheU)A|moH90=PcUgY4Lc7^N^3OucX2i}x&mhi@j{B4q5 zqM+o_BD(nu>0S3rS`6fj(zG)UJg~xn2VKv0at9nil2GTz1sT>0=&ge8EhvjG|LwnL zC_jhJM4201N$59iN^p&zel9%ghN*9Nnd2<8HqP2Viq_fjD$Sj;Px-n4-#xyt)u>-Z ze{H`(nGlRV_H9}w&0K7q0?=e@5LGq z4=*ubE1j~2U;N`d!_m@*Ml4fm*L;T$h4TN2RM*9a0voJT+Oist^nY?m29F~fBHS)s z5KGie>VfRCiUPOgn#9QQkUrN^4x%SU+)U&pFFq2Bn-Zt|qFYzdP_UI(zK@Fh|3 z7fvN)rlO< z#MxTz;DMulF}mluK^UgHxb}t8*!+i`BLvnobVb0{HAap(NlD9?;f3gu_bX0I>1 zcGL_6h5R#s(#s^5hyWTtVv;C}yH4tkbU8&j{`X@{Nu;3rK-loeAJDNGH;S z_kPhCtoj=8)9U|W?7BJE1MUId|A(>5qdc6(wOx1{H#4n2E<^A?_5I#7EXE#q;Xe=` zzTa04E_crm5=pgT8cLN5EP-4wBg@Q7@jZ}s(DB4<@Pc2z32jB9DOWYWjk2Q30gHQn zQ@D&PJVWh;m{LcP)Ra{+ybnD<9~me|FG)C{&4AyHl+nw-ajE(*VmI}J*nusBkU!93 zDuGfusUU~GxJ4(J#7rQ*(rb@l%l5t8L&qe=FwsmfRNf^#b!~BG|2o?x4je5CW!CBS zj3`E#0FBZ?CR(t>yhq;n)zE-!HNS5qEA_-wQbMcz+6~`~hduBXXR;lj7Ql&uYl00) zNR>cvkm21-9XA7-f!Kc4pxwja$9v?`y`N??Xs%j@oP}w>12R{x==;>KGWM3L-Htzk%FN8 zgM_#<5mWT=x$UnHI<}xGc>)R6NEN_p15AnegfeG_5vB-Rdd!rj$#1!b>Eff1sfOX> zBt*>r=vM+#Ud%CoY8T#z3&v^sQI_0LMBn@I*`EKyY4YIFP?PG5g zO2R6aN^75??&uhI_AY(fR%674e~!cxviQL1?tl*`7Jn)?%EuL4xp8h5^ne+=D9^br zG2Mr|AAhr!0(s~P2mfiT$V zwp%mVLE|2PGVEvhnS!leNN`@W$<|R=p6P1D#&N1Y)THZV+QLp1lin@~Hgt3VB(LLwgL4Ti#u=0$qJaDU#yoDcO z4Ier5B^QTz!Bnp9KT)L(anB9gNsYyRu=d-#KE-I0_yL_sq8giq*?HN$u&e#>Ye~fq z|Hsl3t(A2TLBo22DPvK^UCiF@EZ7X^E{T7szIn>uCH0X&I~NgByKb#f2TV z+rmkn*_wcp!QfYLZ^wsr5)ieKDvQ=4FY7t<1`w*vSB0<8^M3qXN#%Gc{ErvDZ{|Eqt^!OXSCcT3q}$#@+t(xnVHQ-)EGt0FAE(c8JKn;aryX-U^#3CbUg^51 zY(Gp`Yh}KmL|XVqK{bJ3Rrku1_XU<)FKTgiD-8uzS$>M`l^Tpp{OHKK%rvV2#kOI4 zo(*xlUmJsBDut&{;^n3$C=#S_*M0pYIqe!GB72WN*`-Y3>9a#7pY(;ELV#rS&vWE zI%jbwld5g7sO<_aJ>soWo-eNOuRJp%>Bep^zkWv@X97JeU?fS1ZYrpK{2v;2Sops* zEV6P~s8lr7B9)OC?P)mz><$oAn)$Uf?oGR;PTTsH7>a8gA9CO~%`Cp4!Dc}$k{tk9 z?oTv2vKVum;ihDP!!5b3#h=UDZ*g)PyDL)P~(RJ69{yDXjA;V3|6LEkZZic;ydk>tp&CUiTZ@2tS#Q>t)H z|1j3dPmvh*jW$=_gu(`aQnXTc;Bq&gK=2|)bfwdnsW-!16e)$J&PTmitu_WbP}r~K zXU9Uf(hX0;<%RYZ!Ha!Yl532%>C7fjFB4_|1Fcdwo`f8z(!%W$=u+4Re3r=|f>exM zYu-g(2+u5gkkid(7}koMlzY(8Je?S@bi%SFD^HWj{Hrz2fqk@@XCbnUa#d@D_T5i4 zd?awv<S~o+oPc<@eyh-KIIEtE z6-UWg*WU~_!M#cLZ`%L2jDsw$Wkorm)I_fLO9}P;^>A&a7hRi;3dZn$1{U1 zPzQeSdYx`GmM(F;)vo>*P1T(ee86xg7s%2AGQi#gNYudgQW zpE%4g0(qnWW*Favd`@boAfUe}{kc?<*ur*^a*M!pp#YycTs&!zdhdGig`ev*!2qoL+)V_|41E)!7IXfUhY$Z~npGCUYbO zqxH8sTFgH7ynKz`YGxwDW-fYU8CvQT^Lh|1xcCrFM2Ir7^LTn~Q|(An1e1&a)WE*i zcS?G#DSI`k(e=S-{`!N~;RD^;%@BC#$iWToR1Ri0xWv-lD+NQ-@7$DWz;YK--TtQo zfYJwWqF?LbcO4&87hOs$ynKf&-55vpNkZp{PxV?@Bb!3cc>!vg zEbf2Y&s2muO*T0)RWO>w`sunkHr$7|^hgDBH5&T31anDQ(d4ZuL9aTWrBX@V)llu@ zSgNd3+w7|j9)$`=+Y3$&0*(5Lf>oL7jghiUc^^Psp8OI{{rh$_NSmUkaLt-dACLXP zp&i-oM}+jaEfZOT%E3GT4VCT9hgJ?VQXbn?F~M_B}W%xZYsEnKEnKOjrC*&0rL2Wjgd}E!tB$=)RGF&N8 zo26yI$4$<6|IgZeN*f}z26i_B$SN{=a_T%q40PuY04-*6`R?Phr9Y#{I7m;d^lE)m zCj*yjRgTB_6Pg1UK46j~cJ;|mk0}$*`sik5 zGB2!fW!5ciEAN*Ee>g*b4CPFp#+1xGqPXOF5OH8o^9 zs+!aWCU!sia|phTkVvxtQ4tt>%@8^4UVdGGc-(|mcgoLO#ay=Rc`rYHi^1!6{Na_K(A~AJN~cdo7c%&(mYW0NX+0Vs zOBbDg)e`z~*>Vuj*=_&AhymE}8wb2n#wTz4n$F}K;0?wWDDS|D<@V}BC-T@S5 z2m?!ZJ!ZWTxPPc8cryc4u-g~Fu9n4O`B|31^b}06?AWmffC|;;un1V3^^|ikcp5q{ z<{Xt>8Rx!&vo^?C2?aHS`dCK(F6m*h_gY2d`{AN!W#W@Cr{c4BE5!D@_FAd-g%m(= zP(BGDq*r5f05`r8II!z5K8DyHq~;<}PLt&oZ;60#uhbvN?#KeI1a(axxT*-5Z9yd( zJ0KEe6#bf=>PIKwR<%WIAXV~)-WqY?HkeuK$|`R;G0(}kML0L?X)*CqCw^Td7;d>4 z`2%gdwN)V~Ig@HZoVMNA%Q25~oS|TAhI1swSkUz+3;go!OG{L#f}DW14+qTeu6*W9 zJySZ&rI`J#W#kL{V`(pMDV-JTTq4tSXGt49w}9sRP(ki10OTUT>~mzhZ(Hd38-TI( zMezk-!uMK%5T(Cs!TajNEG4`Sfhiq{c`Z}4WsiAc)KhBxlHnNlRzgZ3qVK7|i%FpR z4phPvTZyg42}sbn2TDi5*3Y}m0rl|95mCh&vX(G)%-e^3ls-#r_S=n3p~>2nzCiWq zOHtKXgR22u)^7Ep{9`~nen9`XZcDQZXLrra4|CeU@1^?|rM(@yrya`x-oG6S&j64W zyjLbN!m95dI81ccxXpj+$BdFFLADIm%TdgfWe2N+{t>Vntj-9Ahu0o=HrphQv@CL+ zP3BR9T>8`n9i|}DK9CmWZSDw;o;2Vb408L{X!#qvQ!Q?Q!NCB*fu3F=9O2+=!W8F4 zx1I9-`^YYh>+DGNJ0&X-)QmbS@h~O0PuTfO>Tc^`B43^}j)oq#^Jcz?>@zY^C_bV< z#GMMMdc$S8u;oO{CtrkL%t$)x?420T!nP-Q_W37Ky)>^=tCZlh>Dbc6K9-1{Ay-rd%TzfeBHPIs2@UC6la_w2GOaL#{smd?}qkxkk zqvh}36~DWJ4^u!u>`C7>K;9|t4fS8^e&#s-6{VofL(nux6M6+a7<2=V6{32FYS(9M zzAuokF@eQMARpVX5D)t37M1#iVWF|?xB|z#Uzx|CQPsnhK5uZ7aef6s$Ne>im}BQe!oiq>1p&RTKL~_EcIs~^hjkQDY&jP# zF*W9x?_-OJV#16eYUl05ijS)$HN*TyK~;(P&6Y!N!U8$K1Hw$|1SZZ5jj@_}2ki>4 z1vvTwG7Rqb8DzK?3)C^C#WekpDVZNUMcJ>rvcl1wVFDY7@vxoE6OoF=dA79`^5Urx zse05Bg^lMp83=@<=a8Jegw%h)aT_|l4cenK{EM9)7no3Ejfqd9)o5adO}!>)ruc2h z%iYZt;NtJ+;_d%gLOI?msn6VzBZ4qZom8c&T0xTa@N^&Ckr&T|v~osjk&i?q|3!aX zxp-#SqOSD<{m$`eP&iR}vA1N7hu3p*S4k6V<+PN-ol~wS9$2~e+8Wb0bvE>Ld%oq= z$0cT@0V0}~<8~fKsVNx2p}euKJZh13%u(2CVZm{*w`=XGm$hF2_Um*C@wKLiE4)*6 z)g8sJPRqFR)fk=lcf-ZssA$2()&)yMb{5POAZ?h;Cs_$Fpl{UYLh6qh;x(7GDx4x#@r(e}dR9Z8?b3t* zw};a=Umui|6y524*PBtf5g(idHSV#%$|s(8M6;-68C6NV@_?#W$8ik;WALM-7SF)w zyY>o1-wbf&=JLE#c&+lCCgFuY{oPr{2%yK`dGGYJJh(Ad*|^yklI?Y?szYm{V(X_@ zZ|%db^c^5y9Xdx}9U=!`)jbNX&d=AK<7d=x4SQVhxhTp_JtALS;KPQv0pHB?X_Cu^$@u$gzMBwxFGgc*%XT)YO#}ZFCuB?jszex96M{64od)DA))n;d| z+%6X$Gm6FH7%t7{?kaA#_xs6D9#{O!EcNOdm0K&n7S5BFTw)Gh@0j(?lX?OS}mwtZp^Rep4 zM5RbW+D;|lajj+^A-BdpoS*6|~Wy1>$Lm2HxkIaJS~NZPpf(pD+kbF1~x> zM)HXl6m6+VO}vp&2n!f1mHt)48RlJX7ZCs;FW?ThIs00qE+%Hl zcvu?y<%o&7zV-}%(iIyRH%*e9_^0^Fa+#kL*G1lA{! zzpu{DSerWY&QLO=U2CM>roPuQj1jnBL7-nTyc{PW(`|7d8Bn1RnIGss$W+`Si<&;G z#=?3;!*B*xX9Pw?Q6VEo0&2H(sBbIV6J(c{C zFZ(m=f6wMPP97xc6bsO!=A<=gk(?14$d2~?#}U3efxwaJryIaxl7=P<7(V2dyg^n< ziN~B=jRkVT5uxmf`X%`ddXw4RkEWnxZM1n0fclr49j62JU{3yC|0fN@rA!kVr4-X< z0+yT{)2#-c>MMI4o3-gRCvOwfs0!gh;!3E7!*kA^-Y*x&J3`6*p~ORp2woR*J2WpR zU|rqKmtv|K%bqskMl&T{>fCz6V&6J7Jum&bnSwRN9oEU;Q!$^#qL)t-1i;G)wv#qE zB+rhc{8DJVlH&Ka6qGFD# zQ|?SQ-m}v<>90)bKzfQ-6pyTb9=+fUQxopZRs>3vY4_b<7k?cR34}K%>X#ixJ>UI> zHjzGm7hvOy$9VbC3tr%lcy7wpGXT%`dtY}B;O5&B@J1QWnc)yfqdz)@E?<&rF+Od0 z#Y<zyyKFyj4PDw9}!O3W~hqt!C|7I5oE0l3%>`9P2#egH7#)Xs9%P%9t9D&H8*h)GRq z$+6IH=dsDt-v!s5ZEFx)<(7wc+e$US(lr>9Ba>S8aEg+RIf`*Gd$+&wOfPiTD$0vS ziMV>`C35*GDChHi#fMONCs^pH9^R5kKvhdcF;h-+`gz~A##B&_ZEKvOiV{2?KmICi zGWA&itB%_Rz&yT`G#X5hyaLV}O^w0hPz|IGBcOMy@b@+4+zlqO+o0j97wS%-uaQxtf+1*R`SvZ-PbX*T; z#-R7N0l&}vW2wc0nm3Ed>kQ!QAStN^aPl1@VFHMczh^xPA~G~_xVZv&evrsXPLIxb zs5u#RXv?l8Cenu4c!e*3aV0v)CP^j6^odXtnAK}zzgp;tMj)s3uZHuKMUVQ{kB4|oR-!=Nd0ft9(pm` zWmy(N)c}!kk?;*^*@;5HUt}bsr?{A{8^Y!Lt)^xexPQCithM5}Z!27O1l}h`RW1+- zA936Gn+9ZBXgK|dfb?2<7dWhLFhuhzNyGyAjfI=sF5e*yDY{&b?w)t)mYp<<#9Bh32jYonnzn?XLFRF4 z@&~e`iO(4u-F>uj$uU)_rk1R^D)VO2ro|C^lB#YWA3$pvQL&3!k!z0_RrZY3SbQe1 zSBsiejyC3yRF1NHl&KIili5zn63+nyuEezKeHeeiXH%~T3p0cC{NIM*K7p&V?d^=$ z?lq}!jf>dRuy$f=`y1Ql_8m4pib1yd%cD+Sz4mRk_LSEG>OZF%MEw&)wdjc{M2_N| z*vxLAJ6ORuX^G?)uqTJT6%FJ!C8rFc$>%7OFvFb>e~}*df1y9domT{*w-Fz=O!NY< zT*@EVNEql}bJ%3-wA5ZiOMLvSWU}j8>d-nu)%u@Ji9h*<6#}+C09v(XF3qLXy8E?P zYU>eZ=Ru6*%vbihq-E%^0PX$=4l2;>J{!oFZ647k;pF@*(oiN{d#+-qu~xaKPeFle zDV0{*4_`q6M0(t=^_q6ayoU3)fHPlkI_gKWP$`+v)sH||#!)aTjv~GKLlEkJGe6%6 z55VgQ&m%COk^>3WS&;UP&hD9vk~E96(a%!<4#ymUEa|Ak}TPqtxS9$p?(hZ$n4}LMy{F|)x!hEuM{xbQgTm% zIuPf`)hTE^r#5T@&D|#yvjN2=j)G`9!04~G?5}Y#M)>=y8TUWctuOp}q$HfRD@czO z`eGM}gc#lKeQRf~;+43yl#C-q$PsIBJwbgCmPgxfT$^V@85w9RTX*nf75!t*oFTg* zWe#{V_CV>deW+^I(EFgFAPJqWS%9*jbl+A44JX(a7C>x|jSfUqaL`BR#5VD0hTeLf?x`zd9B@p$ zFtP$?wG+l7TxqMn-+#{(!V3npwXy7CO}L=i77k^DA57f7;*&3p)v{+j!=_Bb5sQslX*;bqI~=gm8P9hDI6p1x$8geqbzt?wC9CSD~Lo@#mPPs%~Y31 zPhmHNDO&inXM1BqA*3bzSCzX}5GzFjFr0=1RG8f!u| zt#fX%Bo#D2q;>Hali=aBoV!BEQfyf!HPT{L`C&|90ZDXzxCvt0CskT2PG}k$LyDGB z>)SWN`V^Ri54t*cB{V{q)=!xXp(d2G0mS+4TIB@V2tr=#PpDhCH9qid-~;#|#!-;S zD13V4jO)JJyaN=t5E3=dJ)Ay&UiXajuTj^|`j+r>9nm*LfyjWo21@GW`35j*6)=x% zi!cI?r_?(m$qQ=`%U-*{sQD&V%$0VyC=F~ug(7EG;-_CuQOc>q1%Bcs`E8o%kk4&@ z%yLRo7( z{NY&r$y_oOKjccjnKi36KAyX;4eTY`jr-VRQq&TTd`fW0{QSJjo_6;qPVl>#=)Uq* z%z34?iGJC-ApBImg2Oe!Ov0TYTC-i~ej{F-h#!WpeGWiMqCOk;PuiyEG^iRM(b5p01n zjn-h}IRw8*9oRq&0P3WNhVlefv^vWDLM9arN0kxjM+GHM zL2OvM-+&8yVVP>2f5*WOY>z_GYuAxBmKpeXY-5I$_rS6Ju>`y=v*#CScmCWwSeMk| z!FP#jXIHXEdcw~uH-0_7xLw_9V~|PIYK@T<|Cjeg7(xD_22S=?-4mq)wTrB&yRpdt zsxKITPK*lGe2UiPfPqPj4dRJOXSO7qMfjm8Z++Q}>WEYfSM!^?yVca=#wX3xmCOHy z*vBms*zLpQ5qss&^pSh&CjxD!Oj?xn+^&A*lJOGB2xJ=*Diyy?RBek82+fie=$@+h zdtPza^t@PJE2hO2SRhP9`O1syU@uZhJbxY*MuI?|2O@N(g9o0&*XNmnIeZ{+2|?4_ z;is${H*A0J!_Upq)#>2MbPRI%Q{2p;%1HADhVo{T*+RIIP;~B9;V6t*t7Gw64Hf{Ly32Y4+fUIdo zw#!`s7s9^}+LwJesvDaWMS^?FwpaaQ2Rqf&oCEy;A{LfV zdiq}BO!8I)uknkg7me*q$(}70Bk!de?Y`KcA+Bytk*Obri?-3NUu7tRsB?ea^IIFl z61G=>>E3BvIx=om*%)MmVbR29R-heZ)O(sD%R%d-=0yOh88tv{ak9H^M-` zcd;7a517*gTom$Neb0RD4~l1~Qc6`(Pw+31Md_gZ^G54|g>NC`3S|^DBKn0yfukq# z?dcuh-4%i8NU42Tdm3E_UAr8wq;HX-q${gJmgx=ye<6qugp`qeFaiEMh^GE&-nq5xE-;#xX)5<4&UIEH(`>|%f~R8zTX%%o_7 zyu?RR&%GkAbUI9cp>NV{9BoH8e*Sz0q(nCZi^gu^^SW1i-js^@%B-4X{51k?%1HG4 zGaIelGLI`PJZImfFrie_Ki|EQ-+4An+wmKb+j+NO(W;D!8NDn%@U=c7a5cUV28t9p zsWJHwEiFh4`pJ8&I2zp?oi;DQ(&iTCL7|&zh$qv>cqEBT>kND|3p6(?xBKnA;K^cf zc%G2+Z6KC0)a<=hSICSHjUucFa)8E>lkO_K-YEcxL6Dc zUOallEGi@>H2Q4-gVI}ZWW_&(yQeE{twPFN?TS%eG|Ev_^^dG!^sE+}J(=Pl zL|AXU0t7`~JdP#d4}A0REVP4?lpubU3rLQvpM(G!nGkC(Mtp+OvqXJ&k!JPzj|Yil z*U(j6WGOea&)Hry;REj21)lDky7TdHLu9SJ2N8?OmecZ1!%;pER0O=ZS1j!<~ zQ;A8*BV)dK60Q`zNSmS8XCv+BDC~R}7G5T3Fo$^!p7WKLu8-nI(qW@OEI-8}^YVDp z;?tRvPF5pVEX_+VP-%n7W55I@D^_t$EmY|uUZc_gv-bgcm2QMGSZ$*_WuM|OK(93a zG>04=_3Yl!GrW$HM zO=bkEm|$B>?KFK{bSdOor5*ywx)m=3S_2X#$$w}aDNIg-oTYc@iTCeF;weYiEN2hQ zg1(^y_@9;WW(@BJ_v|h=YMOraG(|@7p?_HzZ|PdnjPuZHoz*Jdc5M* zy5VkEtcmNcH#tcsbB-JxI$G^Qe9~8d#Q4jzYmQ-^@h*xhwfP)|A8EA0`YxUaF5QPX z`dz5n@nnWCV;r}2##nGQ(vll`wlmTsel|m7ebjKkzvQ`V+ut~v;l(FWabFqwnk@%~z@?Dx7CUP9< z*uKM6JwqbGn>-Je=$Q#b!pL>UUYYQBVzwdls=y?JKJgxYb(r*dj9%JnKmah`Tc2)Y zsZW3N0)IK^p=Qt`_I9GI)&lr=yu^rQIY;{Rd+O)z~5vP_8D??1Ldmq2=vb3=}V2`5z)uihPo6K zYN|&Y_M;miVN@(RSi(|Cr4n4&kiQG9-keAi@yMNLqwrk|r0zz|!5wp)pD26S6E{mq z+tbe7&k*sZu0&7%70s-doZ7~*x{fQ>7pReKtRIBO<8c$tOS6RnQ;Ffjabq}vBop2H zXU~PIueFR3bBl^KlOCa&(Ti3F!$`X}Pe>%aaL>WX>d1&;f z-5TJm@u<4$wIkDU+D52LC$r$~ul0smim5Lbt`CfQ2Mwf9;QX_cJ#1Tcd)Pznctq5o zx|NYtS*zO-VxwEkZQ-BWvq>)zu9lz+b`%t4)cW2FwwHuoXxY2bQ-X2EW^(IKzeEJx zk`Pp2RCMdNojr);GJvVB@if;;(B((73g~$WW@(;$X{x;U-+*1#4hB**rAH#HLO~1K zBNdyb)?PxhjGTh*c$VdJq9MgM$-Z>I`KRr>@x6_lhz^X@Y)5Eg&~bp9`>U!#sSg5ae<61^A1HiBgQ7KW47zCWWaZzA2}rVMJ3 z8YBVB)e6-d{2%{9_e#7uV{-h9Rej1*=&tK%bF6esOerNb&Jnb=G02!sZG-LgTd9X3 zR8c`ix07T}``bvfqd+l={xX_(-QI0nh&eMDMpTTZbXxsdmh+7}VS^B9S|_F3g3S$jcXwNk~Q}fWq{vz;te>O_{Ci+?jFY* zy<-~;5Z)Mi*rK?f>0HKWzQrzGbKQGY6EhS`-cI?WNT562q+lq^(~X9Osa+|ysvpP% z=;WM;sYs!X7#;naWZl>$urf3vtCp9Z6`#DCV+TonD}gJ$uJsX(pX}xI@(^Y-043RI zOUR(oQ6~DT-bhOQeWJz~bco_tCS01rJz{s7F3C!SaXtabxZ**p-?6{$93rYDf;>?p zw`x;{D$S%;8%C8iFFng&k7AzFgk_Th+B?b3`d2)JW?@;J5qm^%I!&b%miGQsSe2wdN z{WM!pQ*E?kUSau#Srx4MF{CCjQicA(IFa4``z$%dT7jR7-pz^n}gjN{3;o=r}H8s$H7U$r8}X)Dubdc9?n=+=dUg) zLFu>!dh)lKJsGVLfT-OxY$le(JwUeaYoV09fwOgVyc$`x1lc_6)H!z3i59tBR3tVD zjqaj4hjxZ*?y6z>w}M4=k}M=PunbE>rarI=SekiMH7}-%Qpy|A?}Nx|(FmjTREO>^ zNM006^Aoci-YlFJcau^(jdZ@Q)k`T6j%seJ38>6eB8w+u)rpIf!7w0 zlW)i5-h{YM`);+?0H&3Gb=XCOn*R7Zov0|fSafsl)P=PfYCZ%GzWzOQpKsIsIhX$P zBT}Cp6VNM6As+GBIHaar1yH+1zblFL2>TQ3#(Zuou`_M`NXg~;d~~F|*?dWj$v_fr zU>&=*lD#;hzZ?O9O*quk0We&oSEz9lG$c5QR$oF!^CxaOCc94e8_R}<+SMj#RsMct zP&hS96)3`4Ix;NHwuPvsDD-KnptSv^7$+9s=}ZPM5BD)~ZynhdlPh1pB<+8$^AB#_ z^6i=$Ssfr(*PJjtpV2JuI4|^^R-J1{*fBD%c<0Lpy8S)ZAlY8%9@%L2MKBCSaqnAh zA=$2U7+ET1agI~%cnGYfzl6b zXmD|brxfc~vQil1*uOVuKl;f%yMrF$*gY}ad4<^q{XJY`>pj}B_>|ZwG~lD+{>B1# z7x#SSGQF+04hAUm>$>^v;Fy)>6GetsJo12+-u<7NKq+B%{MU%!S8+bd!D)-o5vo-O8?pf~3yk+@r=6H^)pyoz=6 zH_;g9?l&STHBENqic$QiJ@nFRPUME^JC(lQe9DWN%Q41yD)aE;yReP=4ANP{E3Vbi zEBi73=(DEgl8((t5JGB0Mqe1SB|gETqOWA{oHW`Bpr#w>ItrE=%4i^!4feW*v5e8` z+erQHz7u%{nZU#ZoZrm)2!dB{v0Ap+*bdEVK7?L!5SPZWQ+00&O*Bg6$*M zuo4%%$Jlm5%~56MV(8IBXD-L_1L;piWpgh4&QZ(Ib}xaFvcpNd}*bo{mALxKdu}rJ^Sq2z9BVmZ3T2vwlbFLfV#VtlLdpQ;@AQ zhh`h!;MN<9AyUcMV1fihla|YLrXr)}Z1&qx@DL1Yw*zyQa~58Vb_5o*{dMmHMZokCecN=8+gw97+oX71kVy#u*oV>6}V|*HRh4i3ES`MXvW)4F9tI$G#9d z>B>Ud`kxn5kUiEJO)yjXd(@5?)`XYx`xaK`&fkMgoO%eVu3S4IDnGU&`MveGAqavz zFYSRspc7}-ff8pFO(of>E5k)#XZ&IK`Rh=b(mBOyC~W;Zyu_@H(1mG@3?a~M#nrky zKGR-Y3P($a=+?h1zmlqalZ~ zI9RlNUn`C{Pxr9oL5_;u*x=5*2zj<+QU!;kLq?|us!2M*q8m#L9Go;6P6iy91{jqr z7n1-OnI{&P^fx@+FEUASheW^l6u;QyzNoamTS(}OELl1zKhB%JckLzf84 zHl=`ve6{km?wM)=_RY>u9zGb+iOREa{w5r;$t+&VxK7Ir*;>OgZd_Jp6zY%v*xVrC1nxB?5Zzy>X-AV!>y1gVq^jRkoqL||qcp=z;V%OFaW?@p- zjkr_OiBM=uT%(DbX)zJNC9nQY%r1_bW<|y?2R)xN}CJWbTuORLn#{>p8R_HWO zZ~%>MsbFcF;D8v{Ou^AG!2vVSMj@hAf&*~Bfx^Hh3DNSDn|sEzMA)?%La3!(bQ^?F zuz0Zb!EH4?@cPznr_sSKEe=Fg6gO+yvAIEvXD-~(VAm=sUN=s369Y@76ffY&_670H z38I9SKtqDtshomtr+NyyMgb2NL@jYJs`wXwV1of&RVA>cv8@G+$|_!n zQB4K9)m6L@W7-Ks?cJaj0y|b=@vruPwgE;Z7XRsqZWv%xWAQ?aYZYLr$l`_SYZBnB z%HoA+uh_C<@&DMMg*XK?SnB^)Dz%_nsn&vauh@d(PG(RWiWY5MVG+@#`*$tczpIJa z9j_5nhTpSrai#Zfyy*TID>uff^dUJ?f<^!O-Zyb}?AiFWXs zGigp+r|`TYB_i*WtWMo$Ph|mss13Kr8kf{jSoSk>itOMHfn>qYVh1nkm9c%APH8UG zVa{;*w(u=kxSCS@7Ivg&F1G*4j+DyX6+3X3pA1?teN+xqEo|5AQkVx2uh-d@<_j~H z<`9u8nNIDx)tA4ezs_SU?En4Ug<{%IDv|I+SR)hTbi;3t6dZ9}7;?9>gSve(*to;* z?JFD(t|%6q0A4$36NTN>M2As0ETS1QCs zh97AQsS0F}Rf49X6r_Ob0V?k#FgOV$r3p*d4{V~#pbk^9ri2;W<1;=i=!TyvjDD$c zUWxFcf{{|?O*ZQRr??3}Pn;F;HQt0w(f7p_*^m-UU1>oWqB*}w)lF+In9i4Vt6ZPg znMS+D68PoxiFs~3HV=n%?6Y|oWd_VYo4Nny-)kEJ6V8~1*h;Qd8utteL?}MAd!5|# zGhG`O3{9^3xMECfS9!+zxLrtNecZ7=ZX`xyeO&YTsP%C@$%XAoA#wF!)!Q8=3bzPK zl)NB8TX20-Wc7+54MwWl9&>`ff~vPV>=Lt3>f{{}F~Z+ecYriE%i0ML=XQvebg`U> z27Rnvt#E0ZoKb>AT`OXGA{nnAT;w4XOEH@G%C>R4B=*8GkC%?3G`F%#ssK=6cB&*0 zqH|fegy~OR1u)(5OfGw%y|Rw_)m-nsNIJpTH>$B!O7?9~6g_vq2_qp|+)$9TTT z`oEGYZ?N?5O92u7+^PC2f3g?+RhS6Y)35bg8gM)Hew&|exYX}+BP@vJc+HkYCF4m! zNfL}qGTCnFPWf}M%>unMF{8k8~C(0d`mYSSQu2_ zZc;tb8)7L5+8Wef4D@Dda!Ts5l;c#3rbWu63Bfgcwom`Dw{)k>(`_AhtG4S_va=$=nfx|jG5E27I171dmHujQVAy5=cvO;AVNo-D3g`;I zFG*Ey!D<*lUF7xnEH zv@hy6(Xz-=eQ^TcA7bZ`-(8eR+>jS#0?9lxg6R73x+uZknn;VZ!UA^Dv402^C2B5G z^K;nuz|uKp5xMEcR(CRYnyprokXvq3x|^+5it#S{&FHU|jdp~Ygu+V#VI^(#n*K_< z^XJG2E0LDUJY@VC1vm^0Y>+xR6t@YQH=9?@b&lhR`5mb4D z<{!hn(6RoAU+l&oiH6Jev$0uy^c8T!Mjz!^6YzD^uFK9b?YwXkZGP+xSXy`9t+rr! z;~44lXucwCVtqT0+%cP(N0@eu3vo2^j7FZ($n!~!JmMVtY&>t;2RhQks#W+#6zcKir&5a?&t*l0o{8CjS#B>nlTi4PLfKNu7XMy<$_c|gQ9$ZC`jQdp!F@5 zjTF&JYOpzaaQr*eG|F=h1_QaeK-ei!(vXah<48rV<5S0HCW-cph?dFfj(Q?rr6j7} zlu+1Va_x0ATRd2!MOcC}bBzZr2mQqoDbfxu7Q0C=PA|^T|EX~%${BM>acb6RD&`PJ z`YpDUZ}VF6U_q>LhCN(fwq8b1ZcAUyPEYGvqxyE?#88Sc#-*Eu<9jeyir7^&|~C z7~+$&^QhBtc8<=@)r}-hie!R}lpAUZBlHl3`0~6cL$+-(kUXFKeGXN!(pRVFXkC;Q zLtmdfJl<`1TOzd|0i21{LGjAqqB2xAy_u`t_$~rc;v5TK9rJ_wjT29Yl-tT zZgZ>FKvAD-BEU(}{Sn(T2ehoz2aqT63M03sp8k zmh6Z!G$Z`wk}yySbx3+MN~dt_otN9p%su9pr*vEB=93sH|Q zBJv5(%VHLvU)Q7(UI9CwiB$_{G~H-Y;J;7~`DSwBBmGls;aI&PiWQMH5IZV+x1LaiWB3KimZ^TXSkfR7St0|aF;NshFv4VYB ze;@z|Ym)XWG}zCt2crVX3zjW_3{|x2($^ zN?h?Jt+?h0$6X4G?!1+>CW6gxeQNt{&fUrRZMoy|TpwLo(`p;X3lyl$B`4+_U{DLs zn3P%LT%JSTEQM`a7Fo*KU!6g6DNgL%cr;Y}h7A=LvXWhY{*l#7O)w&mqMrrnG@yp$ z3-n@xG9`9}AF6%;ji)%NMM=>x8)CI}P=<*Gsx0 zC74|pIRJ+-sQe{K3RabMQVGC9HRQNEfyxzb7%R;Y7Su7(eR$A4g|94N=Vqlyh}L4N zoHt0ouGU2n`WSqF7RLb2o{HojvGz46Xo#u+4%adSk*L?vIy=a0jOGb3FD#pX$%~A; z_?us%?{RzUTP9=mzQ7rs_XXfQ);BoeSbq>_(fX6#Z0oOL7j8-^x#9X0;3h~rdG%at zm+A45w%xH%#aO6fEL1TTsu&AZjD;%3LKQcba1a&$FIwfTNM7xf3E+?azjyNWNvHn9 z$-M`UPR98EkMT?HtEg;lJYq|h7 zQ3)juK&uKfWW5`-?g?9Wn|7O-w%hBSUYtQ2+q9qD<`TtR(dlD+`mM#Mdv3#ijQSX* zetS{so{g|as(VD0ezbbb@!d6Y-LG0vmM|K$=bv4iUYwof^Fp_P#3t9Qo@N-qtZww)FJ9q=Eak;iR{E};qA#I}j&uIzgG7#$z%Z2$C!OUmO#lua6?qi(IpMr&2dd_p1Yx(mH!p+`Bz{<@IQ@9Vhaw?)8{oo@RqL zRFnw1X$UtVMr&NTx-18mA=Hb{p6L^_K@t9GJ{!ohj2T>ZY2@$g2H?6C9{+_egITJq zs>|Hd*H1^e2&R)23kpUHR>MZlYnLr7II(#=(R_DdCm54c3S*SGqbAPjkoVPn#TpL| z(fc`=PtV`%Itie#7i&jAu4O7e86R{usE~h!796rUF@M`RnVgVReg;gLyQ+KC1l-lw zE!gXt><#I(Wi*o}B>QvXPxA(z=cWnSpuy0%p!q`H{;{m;LVN|Rs>LchcOh^rRp`)7 z!L4{KgY$zoCl5_8ECt0*t67B`pVf@3i8nX3P-7%(87}dYaq5OiXTE+(Agx>eZe*2cF4pRx;z75!6|V9_Ez`GkvOV*6*8qNtw(iMf@~Mrg zU(gd}|4)j1P8T~@0rJ}a?;SrnzW;T{{(t=F-o4TO|1q8~*!C}|^2Y7{rvTP%^B2GS z?EMlktF3>6l1<{a^e1ZY8!ivjDb+KyO3+ktZ~5X)R12~t5x24~K0>Xam#v7-&$MKa zpf`8nAVD&{`a#A8tt$yNt->t>fQ4UL(M47j%w1(X^(BXrWRMlEeGVw2mt2)!XT_Ea zEr*D05@^h;zZ&ZmeHQ+pv0l+9_XOQUy`ptJ%P3oVw(MNI(PSg@nd*~U6{vA7w=7sy z*Vv3j&pHu(4!Tv^KH11?jn3hVKn$TYd}v(d^!zwmG(2M#3h&-qgG(CtOGANIO>rfx z&GxzsgNtVi1*@x$6-H}0dzCmAx$d5d2$6Y8&Ys-iZrs5>+@DdUgB{v8M^(_$v2*H< zjH#k!Zn=we?fsRRA=_AX%_U>JBy&;nX-UlNIGtliN`g)s*ryq$wm5albg3B5w=JbD z{G{d#46$JU2qzX)T z87#RJ!teG2RFr%L^1=X-%lhET_MP^SetYt>6XW)JA)2S;Jvz~uyXzu7n4(ue9oxLZ z@8PH|3uXDtT+EtNF8*@4R|s!FjXmj4J**bwQx!5DT{V`S*Ib;kG{{Bab8L%e5|2fe z?J|x}7#9>ZIky|DJvq~h<(*t}nSP)1=frAAgVCxlkbw)zCL^UaR|JoJDt@yA?*S-JYG(_ zkR~3bAwdwI_*>K9;eW9luP>HG<#3TD#cGCSiMS~ew~7i^5ixf`*xVl6J3+H;MVJA$9cW@eZMiJng`5ynK!oq$vqYPGgjB)F zStcFJ9Z`AZ9*{Dh`w+2$pMs`{72jpt)Y+Fu0+Q6A6r%^G4DB&cooh7@B3|#KA7F8& z=t;gs>*C5))K)zw!amllYE__nC;u+NaFC!hxYy3#r(ZoGMISZk=;}a364#9#BQ)?R z2^BlyK#51BIEacKkbTLo=XH@43wyi~iV95$#W-|U$8!rgf=%_dMCJU6Vk>Ksm_`g? zs;WiJB-0A#sl0;B&DfDmCB=&4;AY3Y32-j(Yevj35zZDxNvq{b|CKOQ)|TQ=%~Q!lrpW$Ml$WIR1h%#PV=v_U_9DI2Qq*n%Rh7IaNnLpB@TLE1VmitLOFT@hm2%l0Qm7`8l$jqOPnCiXKNHbu|gL(+c}iqu$7)20b6h*4sg zD7d0jhh6mZ1}xf6m7Z|NJlLJJbFX5`G^414g z5p_^JuST3PKl|hiRL#_7(ecxFD6CY-pb=y*qVA$OE8I;klts1zmvV)#>v~)k54*0< zi?q3_=Z&rF5XuO&vMJI#zTK7MQV$D@p=ACR*kMWf6l#-SBukRk8O;}Gi@eZ(eg^!~ zdzJL&%C8e9z=2sV%j95ui_{N%qP}?|;m*kmQ2+&3h~bJd85XWqACdR!#xe|u0kE^J zVPrc*v%2Df>I!dBvMdTlr0YwJx}gQQtOGE)mItW`rIx-8)I_QA1}KEG_PpTTNAHl* zANU|(!=k(wZWRkjq!npN{Zz!#xIAsuOwJeKzAy$xN5@{9p zAbkLN3O>Gkf%e6sx{S{nsIZW8RHS(y)|D$uoXSi8AtcWFNBhIPCm&2SSo73)<&Q0WgtL-4UPG<#9*F*czR4gk|a2H8p0CmkfOi9uOvNh&o3~D z^wcoXkR(k>iq@o@2tqECviVZ3GaVM2o zN+`(gnn!trprJEAmNBzNJIowGv+pWdK5H0P{Fj|Y=mHW}#f%0okM>i{cHSgFG{p+QiQjLTAR;5KaRsSs@zPi5l4=#p$j7#q%I z;ba9`h^xa^STO8MvIUSb0&Wn5U5Hpbm&7CEx}MfnalDlU6!z?rxNSe~N4T2#J*&0~ zuh$t^KZ{|Df#S3z*Q56Hn#-ce!Ym82!@69O?Hwk_igSo1U5iKp$triD7V*4+unC2x zxN*<&L-f3;`2Rc$DWa~2)9}-Ru;)buFh1($iRHNF)(IfMIC7!n`mN2b#|#E#(7Hur zj7q|A`u}~;8C0H=djzI?fviAtRS#53a(XFegTb+x@AJfF#Wu4RiBOq6#aEj>x7 zYAetMKb^uE>HWXhq6JNZ7VLYksc}C;T05P4Qgg#DsH%T~El& zWPc`u?}v#d#X+A1jaa_VhOGvOaX<3QZ_w@yDT(hxcJRLUWl({OY6cBAAwpt2K<~i;S3XR2-8rPl z5G}NSNw)ikEsi({BnNSp?;pzOuMWdjlISpTKhL&kAK>iwh5OwE_8m^k;7^($qMbCx z=5xa}E{reDPtjA>^6Euj-b8nmH3u*F?o;xp{wxS0FkTB(WMs2tiUzvLXR%|6OGd3E6C#M-=331Ia5o(U7#2 zBpM``_ka{s22Yz}Bs+_>OgB$MuZPk_WS|YvqaqyD=|%28Wt~H=AjAlRy-YAO-6u+; z9}N=Li!(!GuMImV7O64$)>qA-|7gb}bRC)-Iv>O_rEm+$*~D|OXK>t1L}lo$>}nhf zY2e8jA_GlK^djCL#9xJ}Z?G9sd}f#%#ipAyAGL68yJN>VdZ-Rc3Bk|{1oJ~0$Q&i+CodJ^aeAov-n{zXO7TD*ORb&M|&Z30>;VV;>km&%a88viiARC%g z5oeks0ReQhVsa_}B1?*uqB6dUYSdn~7&J3s5|~T3Z<}XuOmVUtc-$}qHdmx%aDN;M z2Pn=m@S`woD-hmgdh?F3r%i67Fv!6Tc9&o987CZm1uJeEWMO>?L)iT`L^&Zvh@BQ6 z?y`fhfFv!eapIP*uYvgl#H_wp6NK0jd!oddAV_hLv>5Y^asU2tcR{8RU|>PD2-9qT zBf#9C$8oUB?Y7))JGt71dMI{vu|>Mqw9717z>IXQMR@0%XONaYPzAgVcUpuiO*+Sh zSiwAQG}AFQ0OU}o$Zqbl!LGBQ+YIKugX{3xF0&o&h`YJU!frC*^cuJjAs3l&cTua8~VXdXJy^4i2j8Ij45m(_3>&-I7D< zR-I9Cj;JB7`3NUe+p!c4`T7p1fhS%*K*x8!iT4QJEMJDLV??}6ug2)`QWSh_u@ zQoKVcCfh+g1Dr{wlPC(d-;va}s6+y_JCUr;q4*`R*j>Dip(w~*=h2Ngg$7W1yiXy1 z&2H3D5CII=?_cWfi%vjo2XFi>NOR#rF1#wOBhu zO!GDo2QYGTS+KF_Q7A*jidIm7FsPXtRq75AtyFmqkX7Z;gFHBq=}6wMGn&vU3*BT! zQfyHzNqI$uBNgX}uGT_nf+M7hv4PYPx}(2?kI`i_eaPIPe|0X z+z|9jO+18bL}Wa?ADFM7Gpvf7dM(GD22AiaA~~LA1gvl=W#Ye$>}v9UU6hrV8*x!0 z!R|N0#YsdqVb~Ejl=Vh&$X;FGMtv}R33BVrUTeOA3n^wRPb+jXH>58aUcu=^r7a4x z#C0fsUDBeY)%G;QjQOiBv{UW7-?b9%O}*MuU%Q24GsCkv%E-JDs`Mes3ymF0_%L9C z0>B=XA!7gFa6Kh!cT=LyWdD!;pgHFNL==MJ92h#hIjerDM<`Z8=#|Oli-K?H*$b4w zT?6qR*81UtrYP%JaP+^!{sUsG2hx0JI)s#Lr&*j=E|O(R6!%kd9aNAg@?2KdY}m#} z;CAIemFgDtDSfkz8kGI{R}eo(4QkY&zHkyAHKniw|k`d^Z*jwA{KmC<%m!PCU5qHjcS&wt9e)?zi2WuSv_1!{_* z06VphXJYwi&kUM5}NCQz)cgJYnIti5{s$sAi6-%q|R`OIA2*5WiYHPdS9F4 zaY2$IPX`v`>VDm;M@dRrgx9T@Lkdpkz@oddz?nQN#a!`G&2+*%&yZKl1{jEn1f_%K zCTloIn0UV3D$(jtmSoS13Ncb0s-kT2c*-r0;S_?o%!`t2NQv&I1;B*NnS&|%Z&DUO z-Z@!_#Ei&d7RnY^$v!}sp<{GcB;?T5ilh`*B-t!==R22tP} zh!1G7e-Sb;koRlRq_D<_3eI2@5s`5oLAWZw(iEKk&gmJWl0dgnc}j2SL=O;Z-5z@{ z5YLaEa{V1ks(i1@E}#M_&e~1cYUdV$xwzH3tKFNeRU>>&O3?334)gRS8d>8TBhuJ5cn zVaVWTMZ3_TL+}vD00L2siq>I}xTzXTI^cGDEGA2u^;)~K9Ix53s1C(=sp?(eYq%Dw z9)4QXc}xxEm&WVXm29_3^sON{0uCYR6RxXvgHY)0TJm$O4>U_~#(zIbiz{ctt#zYh zLwspTa0>rn?24>=M^o`{-@3WZk~{cn((UJL{$#FpJd?E#<``%qd%bl3sF>Pb#E_!X zv#-%6ywK(3q7zYNR#HC_pcL2c%-Pb7^AN3zbuA8nawzEL<*|KE$9|h1yWeJ9lg*u) zX%@NIvi@#3ja>dF-lqy;6N;Xa3e$|qPMgrN(aIExxvLGg-rT?)o?%v1&!KgBvr>kOv5EbDsi3j(+LOQvSo(k0gm&l66Xwt+X3+wx~S5iWQS6y zMc(QF}#SIS4Fx^wlx=`~a7wt~@^ zsD>)6)ltRQYst|_#d$+TbS>;JvSVjt|K+EG(Rie`H?0?iNSI0+m||00P^;IA5_d8- z-1i!;tKzlzBCzIXbM&Nn+1h1Hbdr=^A1G6(*laF*TrOlLP;BOkR!e?&b6&KX%f{aq)t$^d?w7kwTE>d~S zJAp0rigE3DUnRA1QE15}I@Fiw=E8tO%F-E-Q6x!S+Qp>c{q7dq970=5!5`e3rH^| z%A#J&Z_M9iwFHwn8mixUW5v!WtA4Qm{-bJMr1+@?Gr_8tMOhilc!H9Rh(TdA2cK;J zTRu8V3Vts+0d={~=FvQN&>-h6%0`m@_WDLb$?L8iFZ zpHgMS6lJeNrB+kB-6-v{w?TAno$(IGUrL;*tUhVT-6WM$)_w1^K5Y{KAOT-qvQu=y zZ`hKl@(D?iZ%A2z2(ie)^dew06$=Da+PWey6y(ftrh;&|X0pOtR1!W4s&fOLst9EX zLS4{G9k!%ct?Has+aowPbXHeI$&OO8A=we5iwQ21C9OzO)g?K?YdQhcbKy-|rC;eC zxMLAvdV&v-zGnwG>C0kxMvIqbp;dv0m(MOe)*4K$Wq}RWU`Uy7{}*1g7XLZ|sY=z5#rt*@Q1_+!mP3v-@)2 zJ0|&>W51xmY^n>jw$Cp(ctOwWcuK9=HC16WQSN?WYdPyyvSY(EhPQ(EcE1g`fDbf( z_nQr%hyMlrHAY|gR=ul}7mEc=a3+9=6gQeTwT7KxdQG4I24qvQheI|XN*|cZ@g<&D z>KphZ(T68l;(P(l?}Qj&pc&|lkQ`l=w5o`+gdHmot&Hk4Oq7sThH`nygB~wxi^}-6 z1{t@nMMWL()x3{>fCZVNC;1kwiz|^Cd?NTrvtCt!?w$O*1Ev7M!GUkyzEs(@DA}wkzU*Kf@begN?I*f`mY441bHHVepkMrW(={ELX7FlZV>EFb5xtRi+qG#{HPto`S zn+rH?YDR&`E`|ug6uzN;T2fr}LU)3;-v8}cTDK#}pF(j9s)v7+llEM`Y{i!AOD(^e z1EO9*mvc=#*YcdISvfs)gWaGahbus~ui&LUs6fK94Q(uVvitAcZ4mD5`5?=$5viLsdRF!og zO;y4Ld$@Jh*C-Y*M@odXEdWoevUKaI2tc&Vd;?MgrTh`<$#3|+rv@aHMUl~C7Ky42X^+qrLO+h>gYeV6>&Xd zTaoTFwiStf#iq6?lel}rqfpm( zA6$Ds_)y1ppVuwE7yK|c$c^=Yzxn>}yYzmKZQ35!_uVcocmex*zI%JRd!a@M2>pKU zAx}|culHC>@E~W*Z8%~EJ7I>{xOZ{B+=}C6fYT*j;~b#oL_1Mnf|1&8lmkV&MIu24 zohO4_BE#JwgIpnTZjh)Nkj--~7sw9Qs^PAWShvTpQm@7&TrQ8c6Jr2GtGi=I2gVLd zJk)V<8%~RxcUVL?D`IOUH&2A4Vj#qjlR~>42Eg<40bo{;;RE?YEKzG9Ku7rX6bt^7}TW}xTn(H9iZ6MqMQ7{L%47gx6!vV4y4}7M7p{ECd#+&_3 zT|K-AA(MYsTMt5vGWYjP`9ZMPHT6eQaGWJM&b)v7wZ~(+gkPsaxH};Kdfmap3TUXO z-B6Ju*a$4X30QOku+OTPt$KED{B=ux>prWVbrB~v+^cRR%}-03vHj=<5ob&mP2 z57YsD=&YUQ{Jxq{54z9!cm-Yv^yc2ZFSqKx?Z7;uCwI92OXv)H`*2^U2e-G=cBmX; zxWo1kb{FJMJ9pJ?dS^R^zLAdF0s4&WqtZ6j_QkiL>EsgE|Y;>#>N!r0q&bxGRR@ZxwM-S-W+;nJ;B(lNXniU57NH2 zYXb;>|A&*4uOB_^^nbW_{OEY>|L`%MFS!4ME}eSA{U2T$rAn<0Amj_a4iGJiw5ZChxAFeWh% zV^}kdia_u+i^lDYuR>FCUA3aqeW*ku!Ind!j|p5wEetNqZc!l|o-DfkDqpth>ly>9 z(>d*(to9D+E}mlSRQ2$>$tEKb$#$0!TWcD%HXm6K>HfK8( zvM`@)?4KaQd8`N0qKWJ2y>%lqHNR zuhH4Lu6`}-X6~K?NevuWcsb5qK!93S;8YlN!TO?3lCbJP7IsE231T^3v!%8DE&o=u zZr9hvkah4j)Mzcme>ZPlubqacmBuiu$S^yPx;R3Ho@CRBS8?ACkqpA@@GielP07uE z2#R6IrdgJibJ3RHEeD!WWOJ9U{?pTTqB{ThmADRee$yf6RXgIYbhmx2yzPUvi!nOO zT>kTpRwr&Tb(sse!ssp-tTf{nzU1E)6VACzzUKFNvuTHDK{q0~_Lmyxl?d!BnA7$w zMR!B3#ub(xnY9jLV~7zlMd&R%k&Cwbz|jB6j8?pK}Ast)^g zfJ6bdtQoMHpDbM;&y%&XH``jWXxXXBEO3SF{B8WghnHa=^uSHN(-u zzP?dCg0Y=GpMS3%9^W}|O=7w#HYAUvrUB+Evaib6ZMh!0!4&wE=nW`~YrE9~E2<7} zT|lNh=U;*5uUfLDbPj7(35d2kw+SI1!mZfIru-8c+0@9UZiG#F_>(?_x;Qs21A8QW z3!FEdzIhqXk{mxsSAkR`Jqqxf){COOV=75c2~}JXuGfnar?F;HTvx?w@kM}Hp3Tvd z=4ER$Sz*DECU(jcDz@F@<8l@xTya;lT5@p^=UcSGdCfJnimY8`1$#zZN|>FZI#np) zEoI%6%P(`*2)e=|j!vSEz_w;p8iaKYtuvf!FoXEN#p2P!R@yigbR&1Vv2K(kDe{D7 zR9b3Fx>yiCvnzWgQb8wT^1zU!=TWVIx`COktz@9}tN<0E-Ji-qJF9P0U);sCkdn1D zOi1dCF*H2wePk@NI#5?j0@gh23~o!7G)qg8ix^2w{d_eQ`Ez*-%!HDuv`j1Du#$5;$Q7+6dtN?F7pRC8SvHdRWt0uk`~s)t|yEJ+?$&*f|mk!9zn zP4!5w?gFbsm?8cP&ba!pMFetiT;{DM$)@YH&wT zY$Z0>JPARkk+xc;Pn<;v9Cj{EED9@fVOuxx#F@0Bj9L--lU~D?J)U9`9Z%tO{ah`# zvTBOlBfcJxcPu@uZi7?AoE*MZ%Z#LdRhNjMri?-qQdgMrxw$=LU?d|cD$0hJxV%+C z?0x1trvVS6SxL#fkujC942}ftsC3Q%=UX(#G^F}1a5F4?P?iA=%sVxb45v`E_mUZ!rJ+!Gnhn+VzD(2QeyLiO; zBceySy2M`O&$uWbU4-ha_o*m>2s}-|6(Mxqy4~WLgEh$WN<<&3$U?Q@{!_u~Qk<6D z2HCEzC0}+MWupib`H3`Q0ld@Fhwe11Sw*Z=U_X2E1Md-(Dui<}g)>0fn6GgZ6R)$P zH-j7VSD-NJD275uR`RdKO5%>>Sz zozoR@038K9&`lh{k%a%XNZ21Ka9gng{b+$(5Ky_s?y&0gX7*k4uJRsqQ%!W4J7G<* zdG5T}(iL8i^ODTz`ye`J&AaW@uFDLq#or}90G9vV?n->sD%dPeH_o7bZ(dYLnmr7A z*`>5;txLjBEX(YKr9Lz;-EBo);YHkXyuyq2T8PqkV9KiS0(_9K3cZQ;D%m(!&FFVo z6Aj)DTfC%@9l9ESryCr3UHotTs`s|w5Sw5eE6(F(FPVMedSyAZM=J7h80W}qq{b_HRP z%DSK%lG{VJ)FUG{{AVzfOzqtdsk#Yk5vHr)#$0qh_$-V|BY*r?r3)%Attm*G>i!6Al*)h4a#)Gc+?Cl2#ib0dWCo-jK9lfjLK5+6@Gz z`8c>YFfDZTdZQ)X;c1_eAmmzv1KI5XBG(RN4}`LNFQF)eb_r&;g|nLxF~MN=s2;d6 z0qrp%?GiIjm~DKZZDgoz)WshNZNIhP_9nc&ZdN8XxIJoS-T?Qw5ck(@)Pf=I!-CwS zX5kNXzqL^J+X{A%2zQTKmSD)cKj{5)J&nHLcRMRpwAt=ULe^*oE%?`@wh#5sWkZc-<<3qcM+6mCMe%%Yw{)l1PlgZ?BDm&ti|CYt*RZ+cbgn;|w zzwbXh{`$CE|KsH3;TZq@F`myY_8a1lCwRRsiw#Mqtwz|7(Y_H4x~yl@q*xifvL^|n zM|=iljpIJh?%(^5{fOxDHr=zSJ^_+N$c5=fo4a1Kgq{m`#f4dpvxz=$ z|JVya?_dYNH8JSzUn9fN{XN8xr2|%1G-?WyG9+^Er42?J?n(lT5GkXzDFpRF+f5y+7RW9ml(-4c-<*mNXwhb(ReThx zu-z?6Xs3#10JpVdwfYeL%tsv9XQdS%}V?0~e*!G-gF};S!LoeRP`z zA#DhHUT#z9#VaG>&FZrO+J=*G(e4bSh}-sC%nV+2wyLv38D=^FU-ggZzU14LO&^?n zGt4&zPT{#5{WgJBg+6xOH`ObgiAiV9jB;h9n4g70ui5ade0AeFG7K&P20`c{tp)9Z^@ zoE-_=NQ%}aEud;}4T`l&rIC3uUP_x4b)H%=^Y7hGM@ZkLMz01w*9px*TWYh%3SW|3 zk)hFyN!j@O-J>n79F1GNHkjlkG)Y>O4d(haPAXFJQywLX}w%UPUp>jJdYp`)}&7@vMZ))hOF+*9i9 zTK!>PbyNoQQc5z@?!0{#a6uM9CxfJ(rd8tAl7QgfTmV8Y)>YU!<#fZ)=xSA0U{c2O zN^`a%pEkH#5D6LZo#J(rhuZmdr!S-_hn?HLaZ1Wk&@?m)W7!)2uhJ*PnsHr(A8sa! z{|j|SnpJgWG|?eI`i!kIQ)>qdUo)wCI$l~32C;!kZQy*})SPPHIv1D#(x zHn4LI#%nz|ZRw7gYtWZY~Eoaiyyyt5`HI=whUPfNPtw-T5T zIy^+P1aXr171n}z*!e(c?afud6)eHL=5)a|rlPLUm728?8QCC$Xw&hdGoSYAbmA(- zVj6H15@PMn=4i#Q-D=4N%-p`oa3rOtL@c!d52VNz2v~b)=exospC@Jt<3pjUG%E?% z%rVUX&Vu9w%nY2RaN%W&o~_o^R!MSHtUAP#nSEs8;Pg+y+T3snv}RI^-)ik;Mye~m(9ue|z#f88WK_(&&d}Z2R#NqEK{NkESyFg zY?oo_#!|1>Fmh93ds?CN&{`so6j=Yw;O9Ifv!Pr~%7Bxn^yx4@+XM}h|1CMU zFQgxbBcFzL5|@~onDq&rOE9mHTT{~rJfN%e4ovCBE6(;Qf-SkKj*mRx^6pGmeo1!s zU!TS~M*z|IS4Q?OU#e^o8==)WhTy>@97J-b%DCZf`m6mj-ErMPqSKqjQ~Qhhk1gfh z9@GDVZScdIw9YW81LMm|QSTSUKmc8OD}`Vt?%Tl}+321954*ieSulnKvVvmuJ;0T{ zO1+2aO#hOvN!xA`%7&raFl+EfC$*Z9j?nU%`AQHKI6DYtP&V-2Nxz5AW$wR+12tm7 z8HFz!UA3Yq!a{)iORfJaBiHNVR;PU&CE)IX@cP>o25|QgB!KUu2zVXr@Bewl|MhIP zb|&{r7LmVe`eM2GbtSCRe!MZ4Gyo6p^UPm6-cx{yq_Hj8AQ{!Mr7FLkkZsI4mIYsU z>71ifNE#R7XCHKws+>vMIyw=juxRAJ%8nSSa_sUNy>BnL6daLaUP|Pcd}WieB`g~B zApW0$5yf&Q)pK^?;*qi<|MG8=6IHLxa zpa-cUs-iKheH#rZg%g<;fg*eURy}(jGA`Lrwm#n6;&rY`L2*uEWHN0yf}%Kd+MB8t zeubIV60FXg&I)A;O4$fqle{*QRl$`6@;D~Gk@_v|ulom*!toXX`<2<)H-E0?vO_Ox z`&*nek6{kk$k5f_cw&l&_!!$zgXf<9xu-R!|MJ_%#)CyvI$rvoRGIe3^E`J5%Qjyy z9D;=ojr0$bHtABzbC|*}oT2xvb2)D+S`Ea`EQS^4LKLB&v_XNdd&$sC-uN%4`RfoH z1b%;4!6B;)BoFBS*hpzJv_?~KvIOEd&(c7(nQDY@k;(ebIb7Serv5rHGcbOG zcDH`Hne_1Q1q%ChqAjKIin_b^`Ua0=Z<3WJL8Cs4KH-7Qre?O@(>?(10Lvw8X>O7)I z8vnHlDEtx#%)LGYzW?wi;B9-kHCh2Y++NHB9+YzCUr=wqpgI6hGlZnYn`ht1H^F#< zC}zEol8El4{CNyL_fn-@A?GV=Fg;c!38YX6FnR4d$WeBc`#=5|6tlzOKP`pl%vLGE zlxSRbS zikL#EGznFNynR^ViabN%;daVT4?4g!V1rmw0ZJVkk-omYh`JH0M`KQwu|X)L?wYBsuj&Vx24Tf^xOF z1V6Y<6F*Nd2!kwGS0%5XGtDmvc)}T4x!1~q)vNX~i$yWJ&YHApqEg>hf5B|_ZQL|R zF{k{B+LDU`LletvNF${2Tq)O_W!S&Y{WsSEl7En(1KSd@-Zi#6o zJM5_+P-ZW3A>Z%>PS0=i_*aCt0#ZV+4VcostL1VJ>~*3=$%W74RM? z?1rohE;1i-l%G+`bFhiQF9o#}P)6~^dXhiYR7wM>(e@%1c5N>|c#}%rvD?wzNfXYA zPTL=M#0~8`%eIe??Vq2xV!>KWE*0#!SarckT5uY|mNLhYA;JW-^tP}()K!Ayx&e|> z+@K#DFo9CLa!9&GVyCw)jr{{NB!AZ&Q*jh%@KQvwzk#xV70SRtxX&CLk2O$_NkwQn z{iYXWwLtGL|0LCbk|}tRaRAS!zmbpp8CirU@gvExFBgRkd144kLFND!|dq7NotfTA= z=~6zU^%F-e2``PO=K#A)ud}``8fe&?CxA^%P;1+W&bgb8P-MXY8*eVY0NydX5qb6>L> zTc=^@O*jo9Yeh{jaqEI&b&AW)7_w3RCC^v5Q0fuwVRazLU3RhFJ+kLMXE-z&SGp#) zCh|Vy`n<&#d5c zo^nPZH=wa~9l{q8{E5p1?CJx{0lk)sdcBa>bhqXqtZ5`&T@%G4z)5j%uA?>&Wx zHT3OX;axRG>~dgFIas_ELH(hG0)v(HDY_slQ#^MskYS zYtrleEid0LcL0*x#RgHB#rCtHl^9Jr@cwz6zP>Vj5_)}|FKMvDGdeOS*@*^u@oP`B zHln4grsp-RYGT;Z!9G(@2JR_npwUhBjSd**dK%TOP8c}W+Y%-;jNI$@7T@a=V+&&B zct^)V!a^C(8eTJLP7P_cn-b5cfO}a1gmy@AC*d(<{?S4|rK2j`>T( z@S%>58G+6-IeA3m5s-%YKO_vc#xn?nBF60vn!Mg(@$>%AGXDu@Fl_X8@7p*UxyuCX z2CJV({5JOgy979Wh1i$Izr9{Qu3q#;`H$^Tcy@4eANhBreD{vN^zd_?E%^)hvHtT1 zaK>o?e4QJ@R&2gzy%)n454th@zjI7!!IpsKYcOpR1wNiZ_!yJ}|05m7Z-7fb9z|}w z<{dAHn}lng;N%_muR}^`Zx2YCb;9xhU^oQyZ{s<@Q?ApWWDAGq&Gpv zgZtBO$QU;ccj={j`$FA`T#)sO4cXtK+7o~*M7@bt{j6r}F#&=60R3A1Y|1d6x0BHj zFG;@DZ|LCcyttC9#D1!%0H*{hdm977en2*Vgvg75&^3mO=#aQwcj$#=i~xO%O0n$j zB>-&*8V63tv?2Mq6qNh!$a4}<2QFk%wWjUOKDMFYEd304*XD4-AgKP`G^!9 z5oni89wk33YZG41z5ta+HpI#)`06Dc2rUk$7of>LjMfNau+b0n|9%UdDW%+02uXPpJT#4(2BP<(ClCN`E>5= zMQ<2O+P!!^o?A&P!K%9TmV%-|Ci~!=#FnwBkrIm9FfN2l$9Q(h)FQC#GK$gzSU#s8 z*}-67GBHtWZF;NiTk>I{9>OygLX2ek!peSgYe>emhd;R)8&MWQa|gFQ8)u^Yuey=A z%u&e(-#;j<`5RLSwsM^+8-5DqBilN90#5DM?-sFSyG z2y?v_9>g>7Tq3(A=jB?Wh6SSuwYUL;5=HASMZpXoJc|Cq(JK8j@G>rp-0>|ILV3E4 z^JlNo#V5*2d5S(flv2XJ#T}u*g=h+M)5(s3KFv$#`s9fBmt$!MvUj45%E2DdsMQ2f z#CgR$=_bx4@Q2=>$VeP=^{G4zx!s#PUvBpP65j|NJ)lb=0>u~KjOeBPqA~jVCiI#} zbC&n?>ck9g)Y#a{SS*0LN0WNaQwSJKNtL#8+wkp!HQ@Cv=;d5uXrt8JtM2^UBm^eQ zH9yeq5mFRO>CqmBWuF8>62hc-v8*Bx6?){<>Lboc2?Al`lrS@aaeQyH-c@Q6@K$xzR|PfsH07S_$6FfY=yUH z!y(P}W}t6bl3a3fNzs9Ld+_AK75g3h-uELXorqv|xOo+5kQgUTm)~{oqkrl>yf1HT zA51O0caz?T`tv`-2%irHgbli}%l$vkVKp5G#K}0=L;}01_sa3dXm+|D#y@qNS|O== zp&b*C4dkE^7S86AJysyCiCBv{IVphk;fm3Zf%uaCCZ>}mza6h&^7Peij~IIvZwm3`v||%cGBoS-ZJpGBZ*H9B$trAu4MH1h1crm2 z8{JXX4M_!lMN<~Q9=WZb$x0z59cBfPjETW`owSt^=gnWL*rzW15um`nd~$dH;K`0n z1NxVkr*JeZXWuiEzUz`2PZ%uguuJqoIKyCIB>(AtBOiCAXKT|!hqVJ)a8mP?lAbpB zut+R5B-aQ;Y65IVv?k$XU4KIv4C~jl7zV)qG;@Dx_jrj-Y8B~MPWxlmgABACo^%K0 zGaoBOv!$8#=jgp_1KA1tb*RDAr~)a9ZL#$!S*jZEe%z9Myj>b9A%uk(v}AE6)G1#c z>TkTHEh!I;MXH0M7iA+=!TgZmEFSnrHkUjc%{r+|Fc(*elu-Ps8@I0fdp_k6IH!MD zu_auzDo?Q4kFUEvm(2x^J@(=@kcw{&uQjmb#E|M!eziIVDz;&lCDNmn4_TvD zhU4!G{MkUDZJUJF1MZjJmZe<2-#7l^frMGz-MrY(iwag3{5aSCJPdAburIycUlt!1 zA3G+zX&5F{m3JlSg~-GS>Rrgaal5NQbs|TBY}%F-4s&l1db8p~GN7zV#*F7;rw3@kv8XO){>=9m{DK;N-Qi8q;K@NJa*&Uv%Ee>I@+!n-%+1P93x7eJ4;xGy&j?8W_hUreg)D$hT>P~L-N36z?TKo#{k4rLs+KxVeG9~-!= z!qih{qoip7!TQ*ML1h12ya(Mi@gX2XUSwHbtmZ-+do(7(kkc<<#hDc|`iOe|+#%Ud zl7Kh`Ax_+lk_==c?CXLAcg&R_)dDm0yTl-luW4#74i%@^Wa$g_<}1Sep)els?|Qk_ z0T=1A`s0ND-0!l6o5c25c8m!2@dg{g6ih;&Bj5mQWb5XWA%U-drTkPOTG+t{akedT zdQ8jFWhxae15zx?yeYX*j?HG&LS!BT?vClMfW9Gjnkm=eBv??}ALIk3`VCOZNx-@L zS}9py1ZXux3~ph)-!sP$XV+!bN=Sb~U;L96!J=|1@>&Aa(?wbS2s0oym^_hvGjUWA zC#+}N)M_o#*Zl5$jGg&o#jT7psV#kTp{HaFO&%UI^c}W`jNOkZ2Kn-34q17x<> zf^HgKKQFm78L4!;iStx8lxgsXhZ3wGjX7vDU$UMDH(!_5>WGL;D|y-ETy{B$1%Hur zb}IYcp9x}{z63sDsJi!6I4@Ke<_r7KV?v-474Uas(S!tkQIh-EOk8Q9o7U)c%g;iy znz76s0@ewR5n(?WPAt;mwMZ?R_X^bj>p9}hx(91Ok;^=@mLjTJa`#^MdnI1E3Q3W8 zNAez!bGhQT+9o&9399$IzNf1NJZQ3(Bq5DfXZPbg0=yXvy6DaU`n)@O7XX5T@i)M= zTag6-neGl3&)wyDeM%!g(nM34<^8^xvb?CUcT14monm>YLwllk4Qr391o&_y!4EI5 zK;@c#LEJs(i(XHrtt*N~g!e0@ELqO;gxxa(rTg^L2}mwbJYGCL25K{fG?fHBIK(m- zZrOb|DnsFzZw>1{ZcHBt2;Q+l@lVM)$ds}*q%}V7S=nc4lkR1DffHXLoaLvoU0V5+ z2a-h}6V+Zu`q*i(1sDyK8yJj6czFHO)|fc$2@A=pXTMVALheSm1-D?RekP^IBN+~X zRIax0_AsKI>cIA^RP(~BmO#fSE4Jt^79CG0Ci&89;Bb!0yj;(r_JrEk)#r@HIa`6D zOPN7HngC#$?Ivdiuw}vU67>wQV92Tc`iU>0rq%s;&kB^WqQKwfJO(8t!2?BylRC#h z-fUg%ik=gad_*{D+Uh+*rP4Xd1`{Yu{t6rfdYbLn0Vs%j~zH%?|BV$?B| z+NWy+)8}%0T`<_N+#BNDgWe(L+12)}2WDDjlYab}@`_$#i=D_oX394Y)6k58V{7I2 zK#+7dLI@yY1jm*WS1cFN8 z(Tb&gQHOcPVE$K#sMCapm!DS^?^;9uVOR)VZKrIi#wkT_9wFu*d{tX%B$g4nEMpsc0PQAFPwqw%f{!wGPgm$%d7x1YDCLjzbf zEjyG|@%DtWTd~n&TGHCi!q3x&bje@~eNLn)tvRC3LFrESPit~6L8ydICp4HMOrnDU zlb{~nKKDw|`}z<-YnsEw_|lAALmb$NM~3lhll;26bo;Ayk)%k6xG#i>{_pRH2X|*;j_(tYYJM(T z1&+&nnDIp99GD{Sv}?hK%sL~=*~A8H4w(N27Xh@@UgYaA38|JcQJw_$Ht>a7oFox~ z0vtD7n>I=UULV(&4Q$sqnJD*M$Vyh%L=m{QOb3)u#x<+@$tT^aQ0u-3@|3Hn99rIu z<`Z0!Rh&|i(W`VZ7Ugm=BB^hO-ki+aG=ghHW)ln?-AE`eUuy1St;~$T*-7CJ^d|jP zTEw}LPrj<}J;uivr$x6q9QT7YPnj%{WsE!OugW{~{Qf=Y#&OnyN80Oxru?Lw-%e(@ zv6Nem8{qsA+<;NXo&~B20dfpN5FK|$Nq8l~=XCJ4-In;lVH3m5r z8tgC%7r&an9q&RYfQ>>v7QL;GRJcsv7(={?y1Cdsx;X!~d9%GrO?y=7NI}E+w+I30 zy-{UsUq%esCXK$ZFpA!kZ;~kYnCR6=ObHImmp7e!rh9*H!AY=+B`N*cLHmvLWd{u% z@m@qmZaan+u$qSC)qsM78)T=k&S9KY#9XXg8sT6Qs!3${a!YgS4vJMpq$9(cXFUf- zGD4($89J7AZ7q)m_~(c{u}%WK4|YsKk^}TdC3%WOlCXScBVCKqX1Z>jPWuR>GSnv5 zX_%;`C(=;Fpa%{Hu4@jkA<7N8IcrzFR=EtS<$GY4rvYoS3KCH;mK{@-J4I4vfCP5B z?!<4_Q|=5a9`T6FVaj}5A~FJPwELscmhk8EYG)CO^{~?gJ{2Y*IRC* z^t-?b=N^*+0Z;yhQK3=WXRzkp@-+)} zSU5ooqtxg<1M^IHaQ^Qf(9$m8&e*;66j0yW*aG04Q8{q1FQ4-2*3bS$*lpP@Pk6C_uS`fp|J934 zuDzKUm-RSBI@jv&h(J7R?YY$S09|{0R0cP~(9>@FWbdpz?_9UE`}x_--oF4$gS(IJfjEZ!FR!mL9|ZXP+j{^4 z6N@yq9U2bcY#acinm3erlICxh$h1cKZmzK%0rDV6DaSMRZhhfax?B4 z2zqB^je%|e6}2(H&4k5wYyIny zHGq!Eu(i@!DHU>)c?OxtbCpqq*5KG^GyvPtrF2UILYDcg7|mCcT@%TpA^NhgJkzNc z5)6H;hiY5gX%8uMNncQv6%~Mr5Z6QoYgX=m`qPb(4a?B84Lv)KW?-u7_+_fjdEAQ7 z$Oy?_VgStbi{i?RGWh|Jg2UT;1Z}7N^(QLz7n_HMr^e64=g(eFuAjF50^%3?yJa}Q z<8A*K@#5d7A#DlKvBn55+=9$m~U=P=cXmN05xr3=|${q;e2 zFc&75a>A$q@R%giXZ2L(x$!3xqRM;->Nk`QteY*>p&Hq4rgNj_`@@ajhqNhEKXi-9 z4ysUNig9!s_}L801DLn-e_6|wJ5lr@q`{Kxra*YHnPC*Yw@jFYb_7I{Yl$T)4Q2a~!c-a9(B;5qJVY zjCxk7C1R(jnoF?DW)_t`(&41@W1KiNg>y=hL6cTMSMQ>^6&yh-qSCT^t2%_!nJ|A- zc6|SvOa~DzFP@s%=3JDA!@CW6z)m1->tvYDitMjh3H9zGKlMnDKYjY+0yEleCMUO+ z%@ka`_r&2}F34%eM;KBz4NL+uG{_bm<6Elfak^@$+S^5Ub++Bh7sfgflbokAIU%F> zpQQFtHM=Iw9=v9VvNXto>F_ zS}i5>;E{meREeM@KG1J1r{En^#tAE`cP;G0-gwc#c~jE_DjH>U%^db_fP=~ZOg5Pp z!@x@Je!5Z3@<()Ynn)MNYBM#RFQH-xA4OzT`k=_Kx@V;O^h8$j>arP(T;Rw$QJ~3` zZr0sWsoPZyl^gRn=wfJa@k&1+i`+-R{2YwP^J_#6`PxdAhj14fe=wVI-+hadUYYGd zsh8f2SDnt!HRaA*qaw4CMB6DNv>lK8n9PL^b*WIxE_+kTFVck;+0%j>VFoHp&TCEIHyl+PBf2+ZbE}z}tJ<-6^ji6`ufs+?6IE-c zb*N^?n}xYM5oOQjOXqv{>jN%TfL71Prre}Cs&*2z-KXD4j|z@r*n4{GwD34kB~Ic@ z-4SzC;$){9SG*+mXxr+@q>N$&Gu5Pe`AO!_#Y8Knusn&n)rcaaOt z{Q|1gMLux2g+{FQzE0LL)lB@aOf}B4Lze}FO3J%P@$A$5wCZ2rJkpp_Iy3VX&z)I}@ zg&iG1ep_vSTfTIAIUN8Z!`)lo{gd_xXw&x3-oo4Uc9ik=>{fR3e`J`%&doF&7-5`y zf?bDdmkF?6hjR7u@~k83{tFgNt0N+kvKKD+{s}G=XTf4IBw*E_j<@{rV=R^>*n@u^NAmT~>2M-kKl`W6=tNitt?P%eG9>E+M z0bzna-e&^k7EHCz+mZ~G7W$e4)*kUYQe?~O0oEC<$ zkpitCBQg%5w*}~MsD*0l=v?7pNxafM*UCrh+rvVH_ReeUaKkm^E!B}nI&;2_ZP@puFy`u$OQp(9ladIT@l>z3Dph$P|B&)&5 z2#3VI@F1q)m{i0d^nb-Lz+9~hIXY@?1Ih__^UKZ4O1y4?JPKFa>GnW#r=%EnT^0r- zIEwcZ*<{9mMw=kV#QRh~@_UVv=@p!kG)TzbfJQ4b%=%x3DvY1X@x<6Ov;{jjvGs9g z9k}+K>>5jWGtHUASaFg>Tkt69z^KUX&2mWN+d*hd1^978SdX;D$kg-VVt2^`l7HuY zKYg6C3QKU3^&=l2_ETz2QQSm~+i*+|YkGFpXHi~+;1gbJqP8ywTV|7f+A>JR{FTlu zl6Hi3V!*e3+CXaAH%&xxY)vyjH^5}%nQ9g1NFPLq@X2UW*lq=DP?1JSH$jASi}_7e z7Qh7@YykKyiSsk%Fs*?OaXOq%3>LMj`(uNGUeMM?g0yqVM+<2t>;-JHGK6W_*NqSZ z)#mvgyeI`0!Xhp_6^pum#7xLeSLX3pzraW9q+@{JRY%KK?(Fw+&aV$8s)5vE5%Ozx-L8%_8Vw1cGZs0|9QXCgaI&bJb zIEovILa4nfplX%B!0@agsO}*17pXVe2Jxskk7Nji2L%y|FZT6{q`cDH zYZDqfDOi+Xe)PEVfHZ~BBeFf1hP`riqc%2elSs`t5VdjeK}BUk$McK&uqrF>Xx!o2 zI~i8j{`v!YX$n6H3}G&rINDgc=zVpJC{K`RRYM@Mk%IVqt0jxr6~uyBIwCm2j0&Rg(cex@ld9puoXGiQze+op(ps2sNz`!Z=Pw-N`R%gYv&_g!-a_EWHRf- zOU}%R-PY>J-jW+U+4z{Y$V|T#%>We}mFOt!kA4#9Qp!U6*?VKWWUtG7i3|MIgeK|f z9F%@L$U}+A+-nhZwydPEDY+L^>xM90f>l`cNC$@Rv8j^i;n#K;{rXfKtZ|k=K3|4< zYM_~EWgHPrAVUF~f8c@D1ZRZlNJnzHtqUF5X(*VGLe2_*M?WkR1Ye4=8dH%oU3hVt zecTSg*!E!nc?Z(Tb~;SHO2;ECFw8$)A`+7|(G}&jnxx%W3*qE50j-dKlgtH~Q$p%= zb~UvW5zTmbx`Eno*HZ-|R{x)A&id5k#{`^ku_S!B-Ab`TtN?IrU?lu(tF8kvZK z$V{t$09Cvg*cPi!f)nPCw}mKQxBb#V3u%$hUEdL^JSw%X)vFlyk4hZEQAr`IX;lak zQIM3{Os+(uUQs#90Z$HxQU1;oDt8~!&TNI%?B|_}2cyJC*m_nP|DZ_trI_IH?gjTE z!K$aQsbhuCiEUMlj9+VG%{u1e-^f;v$?`c@XEOezqDk^%i~tWSRergf;(+eRJ02bk zoq)Phc}|FkOwv7zSu`om1X{`_-9k`;Wi0x7_$_U0g#s>rlO}pq#wP^(QRA>79ge?4ScBxsh2=2C_G9<>aEhLPKgB&!{ z!jXWVygjJ@$Rwx;{3mi#a1p+xS}ot&`PY)3V;DSRF_m)UB}Cy7E`Ts(%{0QR6GmAj z>lI{7xpkLNhS2I~ANVmG)3cZdh_PTonsf4{}yB_CB(7M zm-qE0dTLBC;1#OZ|1bju&=UqfDiT%SgM4Lr?|g@tQtpecJzo)HX8zvw8k1uUe@X9L zZN&R&I;qkY69|qoFi#CgNnz7+T{i<0jp{M;2|3jPm#f;es?K9Uv~<~`JDW0yGS~7n zoEf1GR4881sOj{D5E1ONoG<*&+quaUuwZ!;DHr+s)0MsDJOm0s{M*o%28OlIiBUQk zUc?bBdcTz5mjfcv2Nkb$qD1l?SO)p3)8urOpet^1rBen!D5<)HPZC-do=Yd*3cT7Aa{ zKc>h!$7yatwP&iDZZMv4F!ox|p8|ucR9TNB8IfrptufZAvG$Ob zW}Q>c6Ch$J=E}*!ZY~agVjqW*mbrv_{rz1C1`l{n*B>1aN)PKZO&iWi$Ft`SP^ z%_lpX$~Icu+4spZPz}~~1lyaM%K08>txZgWLd9y}iJ0+lW|L@)xf9*EMl;sxIl@78l#pmCOS7MtP(>bUtI;n*BN5U2k}eI1tJz z7aOoLK3CBBW7RyM*)05D6pi7#%#rmPYCBd%zfZ!b788LZq~X!TYh&38v5?giV{sfVb}(e^;1ce^(%qpcWapzgK8t%4=bQ`kbD*4e2v*W@>z3$3-gz+jQ8S?w3b z6}^hJ2i5!3m3nFlXz2_AYK*l%p(1>qUC9?QI6>>EG}&e$*LnT398jw<^F7UXPt(4J zv$xa9MJoMS84D?ftU2I9+u{&eVh4P~<-FwQd{T#Su~@KBZq0uX{M6AOzSO@xYwvSe z;Y4g=NsIm9g+O!uWC&?-4k`G$aFJ*ILAD%`!mv>~y#l(j%V$XyQ~H1$8yL<+xzSel zR4+xxj)SI>nA=WWM(HEaG^P1Fsk}Qsz}{Oo)WXHvXk?m-f*TKJ90Y_s+;>{ISkJB0 z1KHT5Deej(Rl4IMoorv_Qwt=5EPHkb>-IO_B_m?4@*u_Mp6oF-l_bR4@4-@Uo}DBK z^qzWaM?81Lu5xRur5$(Nth*aU2;7hlA0e(k8%jR#3dPXTd9bigU91^T=7~wkxFNBy zLPfq#PDhJ#n0NN?1kNkJ*QiwggsDqh(Ar*&y!qx zZyo=gO`qPykI66r`|n0XfJevEOSR6|Xl`o@JI4;-@i=VqAqmmt;@OuKw)V)NHS=bC zJSyTt0quE4+X4c(S<^rqs{#-@+_Mpn1MQ+!ehl2qEXg9BsK>t z`P!TV9%MXgs2XwTI#(|d3uv_xtBN^(HDkF#Tb7^@tqRU$9j*Ky?WX4=i*S%dA~L-! z@eScfQ~=i-Sh2`Z7a_~QtR_tFre}P^$3GEOPY*CIv4w6(4H33sn|8l0sZpy^kx$fc89v!b{WY+7f- zwdTX$#IfMyei(Fc;d`)=OmZHC_>U}*^jrlIdl&jiV(y)y-CK)goz<1EhiA(U#!x($1D)6R5@N7nyrYwyTq;-=p=P`^ zvC`7b=Yt@0C~^e93gpH!ggtS9fKVMfvbbv}ChRk%tj!&NPZM`K68&V3hzk-@9nl97Ye1k?~^#KzZp?t-8Fg?wo>Gf0K6z@fL z!AEj~%H|+q!=U8%jckUXGCEyXdwYEr6a@Y`v?5L~*bddEc@|lGC8zWU0W75cVGJav zl)a`C9~6^<6mvK##evDwF-ji<0c`p>(>kia({8CBo*egzspBAufxJVXxu3#u*X0=< zLB(9n69+y4yaJC_P8-~Bp)0YD^^t6$~c%j-#Y{5RTNizQ>ejRtCUJ=xNn`cJH6A8Zk9 zkhvL5=v^E8!ksIXX#jZpmI5LCr~k>?WhLVlZMx!Fkj_~=}H7@xdrWzdiQ`s)5M zdg1GOxQe=)?4Ai04YY!~Ywv7rY~9%KT-)$740039|Z zO7(#1p~060i6Fqq_x8id@E5@LWZ3KHS8X(se$j4kbS|~;Z6tOz$rF4#x}CnrVRZ{! zgn|#Zbdc==q6C|E6b?ZubG>0Y);&4WsnZHnMj6Q?y>{oO340Eh#^^|7aN)_Gf#Aj` zEhDO{CYPH|ANp#g4B_73t!{8e?M+IP6+@KfRC7O-XCBxsY9h8-pG3Qc%|a%@bJLf*2{JN-j6W4 zmrRTAu&=`?f`5cCKpnDxo^OFtBLk5gB)c!xLocKZqV#==Ko1T5-=Ls8qtqFJOkP*x zBNkX8bF9ynWK({E^&&N5ku_F#Rt;O_sl%Vkzi=?!tGmbOG0Mc z=HmYV?3kQfBcDENIcuj6n3`BU;a!VVJ`YQz%mQF@K(U1LVdm)|erB28bTerUwN_rTZYMI~ORSzFE zMu#eQ0G3HLp-<=(KCK3>-+cE%l=9hyduN`EnTifhzp{*&x?X*y*$GMw#LA?gUV{ko zYU1HKh-9;8qk)L|k#x{?Nl?`?;nLijtGb|Lydvz5Ru3xe7$`q$2e#ba zJ1#N|H;#9q>T0lmdHdnWqic z;-u9IpY{8Xmx!zuXvzvU-Wi(14!t!c?Y}#yQBZi$fdNg`^ZSaRst8WOE#)Y?4VD?t z63;B*1*vkAG3S-^x6=9a?wD;!jB3Bsv{=|Hj(j$}H!rtD)l1Mkp**ojNDc>6%EO!;EX%Ya_0NyJD-1eGTo*e>H<+oICtC|(}! z*i1roM$&g}ML1A3PfDMf%^x>z2;G*Hz}U=P`z^8MmEoRy7=9xBgUhV3Q#~!xBp3=e zI;dPYddWzurs_KmhWEbvUDD}}qbS~)tRGQ?x+F=`$OISAMBG*Tzf9p~bxYQozMr{! zvJB@f#2a1pLceN*t`o@oa7M^>%otaiq}90(7vorY8%2`ElVEW zAB%RS2X*~YFx(}0?4b+knXWSxgJGNlsEMZg3~AWqPcv%H9&VrF%;bqH>KoaoXX<;L z6sz$YM8jBB9P)Vv8=Ci!KDy5WCWYAlhig2`ez$A@2>91))B(CZdU{&`d=t)G5csUiT$KjQs<{0 zxIdXDf8reuthNTP%2)TBtW70yl}>07$a@8#oe>D)5+H`D{{0J}^zZig zi?t_+Rxs$x-@?B&9$@uy^t}!^am<;`g;bc&3WY?nWGw-f!en~;e^EwmdSZxT zL3w3v09hgs)f1+c$Seex9lTppYzkS>`%et93=)D)5rpXuS2=|ALWLSK6gk0|;h0-1 zVCWxTWr2{N`Pr&$k)IWX3R}6)j(G#9-L4O4IHAvq9~%qaG@2w)JL$k~#)qTS;eN3A z8I~(x$lHH^3xsaX%6r`jz#`%JPg%ICaN;z0`Iq>7s4e(ixS9-%T*DJx>|l=Zn|(I# zxq4Vd{&j9=*++fn`7!nNMFBstnXxST=?NQ$g<4aFeMy&{VgQfrc`}Qb@r}J2a3tM( z{kTxjWre?s4se;~y$RQDe3532*)g5jR$|3JOc&?)FWGadqtCtuLMTTm!VXWb)2QoG zvV7_xz^d`GV)bkq1HMcfQ>rvu0c6V1?svj zxf4w-EA?I|Zy{Q7WA^l%bt9XXjMNfXo9kOjWU7C7m&~!pYve7GQ|{Rnd6hD44x()1 zPOB$~Wg?~)?GzlAW>X~d6R6&KUC=4#R>tLsKfJG`|0+^-cjF&gNgKd9w+eHrwl!Qa78hJmw<0?_t* zU)&6M4SrC@BdfN&lQ{Hocre5SZ1T|df9%0zg2VrbAkbGdWCi8p^5rqApr@5x({p4d88@2ebx zh-&LbvTwWqj0w>i*OgoX36Qv*x^HmD{52-nt-YkjQV3PP!z*T;vJB~-RlfX@a>gu; zZ}D&ApNR75<2{ z%zgY%eLesbT;mrGCIW$K@w~uW35^{5c*-&FpzNNV`SIQ?#3bKEWj6d@?BDLwdtGD} z!dvt-pyFHUZ@Rtnc{I%<~8$)PuU2o)(?8&eN!m+%oB#<1_HJ1&9F~&o%>mEf+R?< z?xU-%x)T1bBYpUH#9R~SnqB%=nuFQa0r)nye*X7Ak{X|u8Ner1+&&4l{I~}OoRl^d z1imxJ3$1sRwqM8TWSTIVvqS?QQu&s;53QR{L!l4ji$!vSfdf`sl{bce8-skMbo%im zG8c>%>yx6x)_8{}alKkqd%X6~m&lAFtA2E37ODi2s|^=!RcvCTO5W8pbL&}_2mw|+ zlPvg&)9GcLT)q7*U+b>N?vp|d(@23-2put}lH3^fE z2$L5tl@!WBy+*wVvhQFG$}M0r_3v4(BtxpxBA^(E-Ht7pi9hp+WqCe zaAZ6fv(m=JyZg<3w)4n9sO0%8*x`GNBQtDt6q9mrFSXD}uudV7;L>q|q!T>ic=%gY z&k36TMLtD>TacnYboA^G%gx^+A0qsg{a{~hIKeKnZC6L3*=jVVU!}a0G)cJ??Go*Rnk84yGU}n~&9?uG zt#=Hvr3< z*MIEn%-mMy7>bAt8Xh~kPPjMkw8-NzouGI~bLPL)aPFq)31$#>GF#d9U!Y+pn*0g> z%5Ujp-jE($IDl61A;7*)*=Sb9X_)k++iln_&y!cVTJBYJSTBH-lD(Xkm&_hyG4=q1 zOpx(ei>trMpO21h)dxoC{7WIh{}oJ?UZ!){azbuKUh|jW$Km~9Zv^lyK2p$Pmh#I^ zzlX2Qp5FVKX$fR|Z0+uCW1&Hsy-`zy9}fkYb$QvVZ5|HPPQ)eBX6Wv+&Thz|`a#6!}R)?d1NR zgo-12Z}-(&B6IqD+&x;mdr+J{9vso1$OSvwzEMK=6I;;)aC35dKLH9-_ty3<^y%bd zs8+M5FlCg;bREiT-N19i5X5AO2_lC5UZzZsY#qkb9Qj+j$Db=NxEU939-9`%1@;>+txymRgy!ubMzzunnq z!n2rILz^!X7FID|`#Sb3be0L^>BW+Vh<$Q}o>kpZah=D$uji=ocU1jVeD8fd;5fmk z%iRC7Taxx8EOm-b@^iG%`}2~`OF!oK!A-yN3Fuxr{OXs6G)4=DeO9v@(rSFj?_4J` z=|{)8Xe9E%Us-Z>kKg=+S{von!+l!LiFTH~f7r{d*FM~WxLa{qNA%}ZZeY@|#`z`Y zSiLiz-+?!LGl$&4;D)ad@owGi6*$}VYydy*Y?=TN|ILn;gJ`jZ(EX)`R!;@*@f1}K1Mo!<}X{->|WI` zJLwZ7q5Xa@v3ZrX{s;kWD7#!=&rX7_Hb}K&Z^=3`bit*~T!wXo# zp7fL&Do3+H$Uc2fKpFpzPlJay;6FAtG!mIWz=yDd|MhtHd3!&C8|5Dz-f{~PKSC`x z%3$I!*A(bI&L;HiP6JoBTYu9bh5UPPG@JaJA6k(ft03UtW^W$7oh{KYdDSq%^|jIO zFW~bmKOLtNh!aAF3WkFe`g-G}?&->J?A#)iHmkz}pH z0qYQ~+~M-7_m<;tghrYFsexSXB&n=oL`|e{(DdM`Ft%b};Dl4=zx$4^tbH_!oF8?T zd&Hx;ijw{NQ{1uz0HykGJ-Ozxp>9;7SRe?@9|JU@{K(%FavBozlxYrI+5}xpq9DLD z)9q@^z{yBN*La^tZ_^LH7BCHVnc)5ojSMFEssqGPuqgFy&QG|I?!?{qsxHEi!$%gh zGn)XBY-+#Te%Ei9lgvobRz#jF^-Zxr`&(po1($@%5kO(i=uh2s7sv|gp9)ajD%2Sz zBAGyEe-)s)=F~`u5BOw4(m^Aqcpw5qRTs6(7Y#I;T;p7?J36`TP9Jqq@uiUtFSU&_)(hJP~YD zSzn{>o@3FEwVPX#A8yCR3R@P_@A~E=W+ZFnkKJM}wdp~P2McVLK_*%G)cjhqCiXkg zvmv0y9snP;>OWvf*R#{K^b)A;qdPX6AN;z5`{k9?FDag-ZTU-23-@AQiprC@2xTqd zG-8TE(_@S`z_cf#eyng6tLM74I+nl{ZILBD<@X#ElF#rDW5DYk-=A$kLKQxh5nCPZ z7PJA&2-oZfoAga>741(cJ$n5C_7=`;^PR0zbJF*Wpe)1lkV>0ofAJB_S;l;29GHltc+335w(fZ$n&(%Eeg<0O zTQ+`NAx@9l1Qx#i+Fm+qe_mYOR-S$cjvQ|MG^HvGKh#6~;f`)@Z7TlRpGsY6< zv5NPr5cjyvbe3AqUP8$v>Y3q2G7k>!NEa%$EKp-NqoS_h{RjzW5>&LE};%oRd9g6@xkUgrY}{DBey4BTp1$NcjO$KWny1$oT|WMS=6!=7e4<;Yk}Z^olb5F5H?wg5v{^-49|49)xMpdwCJ2S@fPLtv*SA$8q=K@{&e$>(SFht`t~Y)tvR93PTKFu?$H?W z;~hV^e^KMxJJ!)00`80+IBM-ZxMdd}K-`0{^=E$z;6~*-F(t{F!J-j1u8-B7h};9e zYotA_wmoV}P&!f17H%tY@)%;D@Jc<2No-h>!(F_D+)nR)S~!FcJ**SQ!niPtGyuDnZ*M9i2yE#AeEPGYG zrl~6DJmtB&EgHI{bCTRV*~aG?=;fyMbMW!1StML?n+Oc|Mj3Wv zPHyyizBza}+d0}Q<>c0cp`(9;`6w@B3FzYqZma>XRL$Y|kimL?&+3f9>BHw&;qgH3 z(Luav2~Zm}L|AmA^sdNOs{8#c0DE?!)B4?8wEkROCq4df)9Y7W{P2t`>kkY?&on-+ za9ZWElYP_V&J`9m@U`&UxrAG*XNx*)^_YJ+n4#1HD&=JraNd0SyMl+uRnhh-SOmZh ztpicQqF}HZz_o%!c?}x(VPJ-ODaSL?bA6YO0~ zFZg0d_%#H}amoMuWWhf&%K_r)&Ys@=++Q39Kg4?LXUaLd0oK{IelG7$*Ni!EzKE4G zO+WN<2r)aEkHSCM@1;9GGp+#sEOBxh+jPjzlrn$-Bf`eHQR^bUKko?v+;si*uK{9$` zP;fmKZiFV4GODp4fdn=HQDCJRcof`PscAXI1y)w@yT(0&0F?i+xCzEhv!a2&#X-lA+ zh%?izcD6Payzs{pPMQksuAeN>`at9&iMtEM%blDp5NJvm@(@AF=j8X4BiP#7UZ!^U zxNzYB6fTO_XV(D~3T9js=SVpr8BpiQZ8G5YtId49nib)D{&#{~ugu-V*b7W?KF!N( zk_T!1??-+jJqar;lT(a7c5f~mS%=n+|4CS;^g9T zR2SCZ@BC*B2bT0TK2Qo3_p~A_lGY+ zEQmH2$0SXZ@4=L?Hb{O!9CNHphKrD0xx|UCWjWK4irKsqP#KoBlgHXR@vTA(`fA7Y zaHwi6N5;#4adK=03e6O6w7k>R!{OoM$dOo<&Ug45xm}oP>EGjvr(IMBfr7j`=~QLi z^5&TgKEo$s22NW~%WN3frPyQy>jDfQte|$4eylC?$`~Hr`r9+{R*pQSX7JJ+JQ@}| zpNY>``%;VeCgmQ84~hGbnAtP!D!+O+u+wYVDdQvNRsE#-@9!_sVBzy8LIWwD8%;*U zQ;asht^Y}K58`{gKSmYR?(~!x{syE;1iYPT^72>qKOS=C+Md2*uv#W);SK9Z^InwW zW3{%mgC75&)z0;jJE7FN6Kdw_2$IcUDw#3m&r; zSNfMEyty8g;C}IU*1HNx?o0zOWBx_)}dxQrYC%o9>vm4w%$siCPZFCx6uhweBg zmk}1k6;uhry2t-M@d8(|p0QAgsZSy7pOYF`q}C9}0%cyfLA_HM_2p;3Y3wegF&`d% zto(>kJk+*jA0BP*K~VHBt>d}093YtdxJge#J0sqXf)Fw)-9FP!lvB9GG2!pUgR(!r z)nh3v6YQQ8f$8TOdFEeSbkM}~-2SZGj?xCSa5&{dw>x(B2$3+ELXXM*?W?gBde53J z^UkQEA2Gm1Vm4tHiFqGKPxT8KhEBi=szjH=O8q+inoiGDIp;7TP8b|_sQqks_-U~C)wW!| zqYCt$mh(tA=?NWdWcq%6_E`-(+n&A^uNBbW&Sw+oEXvvcd{zt}8#1w+y!<5H{qPNE z?tgFfD7I}ed%Sj+QPnOBk)+@~UgLF+&9Yk0rLfWhpfR&WCt9U}s%g|!Mv<55gb5sv z*e!}9IEXml_bC(h5#-coNJO+iBFdmm7pd%I;q@?rNJPVB5{!9swe1?dN>zWJVbZR` z0a|xo3K1pJ)IVA{at@V^o0g?gH5v3hYkNP&mi{j)PQS|$(GkQzUNKGes%Iw3ARQ`*bXSZ@wm~{1lsKcUpkQIN+ zWG*>xt-sd6yA3FZ)j@_bPNa;KeO598+cMlz^rq#1Im}C4My|}uidV4XEoENxL^Y*+ zN?;mIj}+4#98h#zzF&E^uAbfAJFvo4oa6T;oqpLe>GRAB+DIL9gAd zD6}bGJW(!gZr6`O-?8HqS#7*u4i0T=4R>o{rMxDsFIN)(7OqMQ%X&4E+=E;YU3$pe zvEIf_M>}0)N3HHyUbzp2DzR#y7B9YN^`^p5>1cwJlDV#Y8ikhbOj)CqI##Ne_%GDS z<96&x2PP;$wjFzv^;7aYAlJS@J^{B>08&o<8l`T|nfhYjwb->pK@1g zR3~O2DYz=)HcQ%ADzRgUWGzzz2r2Z3c#N++nB|)iB@&~mdvI6~Y}xHG%X|;w`S6HD zegE*cnVL5eUHx?Bn4OuSBH8|Xug?0#Vy>P6lOn3Ik1ic$T+Q!t#Afe&y;Bh@FhNDi zuZgQAS2NEpQIcU0VEuHZ*(xeTgD9J-UK0<^ED9@bpk0d%_If1ZSurc^jkg(bv8oz@ zg1w{KcBAZ@7c6IIi?x=@%o=kzNqt$!WuUgLpropLy&0pPU6(VqR-!xQ_=)fK)*2S9YMwE>X#-c8pYc_>qH6$krw2uP@a(Z3`CirlZzBGU~m}%HFy=w=HtIYFvUdUIc9)HS zMAT^2m}2kx^zF@qGq|D~Y~s}nEjcaG7MA~5X#v6;A2ts&i0V+}sJDn=77#mOp`UpFne`_f;wPoI?6psW*vaX{l%{d#(up@KFp2K5oi$Q|VB@W7T zOuNmXiF10*tZ_OS0MxVxJ{mgu^=%FAFIs!d+xvcof?d^Vz#M)U-$Tluyq7;$dykI&3iT9gp{fhbOCYDU{(p zn!W&7^t1}c@%TrYi^|Y%)|ew4Y*|xaIjNk8>b4O>M}L`VBmLsyV^1m|q*7heYagAI3<96|}J3 zZ&rZD)u-rxWlhx6X~C&EJhglNR@slWNhQEd)DaO6$Kh|>a$xqONq<%lC&QW*w5RY( zQentW-vYIs`pEo9y3={j{Nee&>pEKwD{?E^@JMheJ!%n48aU2Xu5n^Soj?N6@H0dn z)j=~ZsM2HQiZtfp#q4(>?r9Pb{t@Zr2Kz5^M$)*S8w=TK5KqrDPFSwXnU}LyjP%=M z%sDgq`-qD-B$DYsjKXnbJ=*WfT1fE_jUn2@5$|P+)EfLpAG0lz#|_yp#5C&i_fcs8 zF(i@v(IEqtB=BOM)52^85XjPD9pVW8JQv~G@*S?Bgh3a~rII=#|1)c*Qzb0==O16n z@#W11V=?Z+X~3nsqbeK!kBXqx^qIM}QmXt=BoV34t1 zgk*`W)ai*169!LhF3+tiQ{)gf2PcG_k94^W8KoRjnVd}KIj1&>eEHUWSK^n(?m*Mo zYIb02_|TJUP84}j7OhyGUUaVF&($GU`2-(u03mDN|4V&4b-o<^gB|M-0Vt1+v_Y#g zl%uOV0gBaUO+_Kft3=TnfTBxu)K?I1CV}1ai3Jx*R$t-r7@>gcpzJ~o?bbj`*evF_ zP;Df`=YiNW-t$x^WmsZqf!Tnna8FHrlW+Yij_1xs5~R{RIiOW26(-4kjl4I%C4)FN zjtr^kwhN&KjeI7UIF`$MUyqKJKuYw@82lR!9;GB!N%+hAKHR;b(V1o?`oU33rco}? z)*PvH+R=cgTt;>)fl0GnL|4s0stu-@$w{0K+7djDO8XL`7Acto0YeJJ59gmLWjj&3)uEBfSd0@9^4~BHAms?z z#C))#DeS>=#gsd?KvExth#*9#I82E`LP}V0WwSG-^}zWY))pX?#T@G_X5CytEl(dP zS*-ppw0CU8Wh*=D5F1l8=+tCl{91(RfxaEcmRz!{*2HG9U@#W6bRdHMlf{7-?T$(v zQ_e8VY_Q-nl21y)`MCK(#0kN-se*G@Z^xuKD}L;Tw1T$xRZ&32&P+=eHE9{S;j_kv&MH=oW$4>Bq7BS(Q^pvU`j=0yUP@Y zycl*%h!Q-Z_LD3mfN1)XABju|R7yawjf2HVh>JFeLsho$A_e~&E9EO)q@eAufn;qU zQ3R$W={cUW33!Y%V%%j2^A}Z%(?8FK2mNTPaAjmV9B5#P*)>S=!j>q)|m++i$3;?^Xthg{j{+~caQxULQC6Gk8t8^N|A9b%-uHp`x4-*S1 zzLi2TTqj<#Inlo)k#~K$0Sy&vx-bm&q(9FEVo&$pTLr%^5Dt1qgZ&88$aTp4jF5BY z-N)`q;3!a=OP5_gqd?EiIAfBt=7Mt<%yF{nR6b7*QI9Bh#73fSnUni-CS+NK_zRU} zA3VqC)pbZY5#2QM2cY&y0erf$W(3plEV7)1x@b9dTWs7cF{nvHhPJatZ%Hd=wh%pz zgIwoujYZJ1yc$m(l+u4WI(7jCUHcQatc3_%1RRM^5E55^zF!?+ADI?Zj8I zCu1S4)NgAoYfpGuY1TN}TWQYlHaAtaBtI?J>m5DhP+ZV11uQbqRXu*{myyu@Hd{

zi_EDh5Y$O%#(+INS=HGA*~Cl@Z-YXo*u&$mB+xmOzoUN2o!_RHA2j?2=jgJB%es?dkn% z?K@rZ5S(^8Ezq8JtV7?!NfvyO?NVe@IhS#EZzJ+|2fo&^InB1BnINH>So+&IR7=mr ziH!C9ch*Mu{5V|lgqi^2O!Sa73`Yu$DR2hOFxb)|RJ2(l(s~?`aE*7$qXIxlgr_ihAd>2ouyo*h z6PuzB6tt9^=W1w(nM|QzE^BLT?dqMWl(FsZtI|)SU7U4!S6!U9xZ1B7^Dl}qU3t}s zg-mL7QL&71WooB>Y|*V&IN%ZS!pWiZ;z$qcMxmsqgKBh0!~C)d^bgudpFr%v`?}@5 z(Go<|R;018l{L%i7}~{hE%|WV4pESu-VA7M&Ks{9+JZ_k`B$WrMx}!Ils<7cx1St( z%C(?bfPS*$i~|5{(KXuT!P}M|r`|Pb&U=QGPv z21cxDaz{FAuU%;Nb*M#mUg0xpt%Mw91FX46b~3UN9VSa8xyKc%+g0}JYUSNYi*OZ` zce7LxJSsX=0WI-=qU7u>!b&T_bu?>2uN_x(RC_`r77R!G$ISxOQ&Z|aXNzvNf$arF zPu1S5fYfJiby-5(v^rHEeM?)NrIJJhO$wU)sV7DB>`rIFs(~6xxoIj^)qu|D3AT}E zVDR!o?x_lo=1Hn6rGya+E2+Ua(8wjv2#p3*y_;}qf-M9`TK!Wh(zb8> zJ9+L%ISax(9+%s}iJ&rXfO}Ta-P=x~NKd}8C4-d`pQ?hP5Z%6FJhwINFnFYLgzF+- zP>uFW8qo43eL-B)VNo{xjI@mF+D1vEgv67DQho`KD+b`n}}& zS6Co~q{WnKzcPhJp~^Ym`r>=+?=0EpT7bm2lR$prGaP9FnZ*rGpLaIwIi*6B+H1?A zjG4Sx&Bm#zRQ%>Dr8*Xq&*7x~sc*a{8Z?b&A^K)~+Sq5Q6er|q3k387I6n58mbRx{ z<~UmOd{N04m#F1J1bq`5wrS$4<8X+=Z}ElfpsZfk2IL~#Q(#Eo4vQJslugcwQ2}0@ zt`D}8D$G&W2f_er@T1cko@g6N@Mo^nDc&d-2JMPJ&6Tso;g(hg7jcYs(jrZ)8->Qp zR;WvVzulz%Ad-V&Fl2&L{$mzT6XV2@BPc_`q;9awHiMGM0~u4=fF~cH`aAGeM+=|J z0i`mSzKkw$QP1pA_eEm|#jVy>`A-M|KqPbMg$%SGM6PVJXpk3^?2q;A;hYm2h0aQ# zKqX*%Q)}=qWU06sq$Lw$1+hVD7&nw98O&T=kjk_GqhyaqHu|>A>haUojU5BSOjRK1 zH=f9WW_U4o&{;oxRyb}>lCjYzlc`(pG?g)}0-sDSZd$%8934#Ln?%1QnzW#mv9Ka| zJujKFhA`6ab9OgNSX*%laZ4X7oU#W3nQ9U|LYI=Zv20oM>O;P_u3_pORnj2c2u(@ z=C#(KDr~V#M0HCn>m}ole8E|+)p7iOroT1G$m+6U^xXIrHiN35liobbOvvi+{u8Rh z=_J+Z0_X0PE`v*4`{jF@;yO*3lmGWwnHio#Q*^5(qA{L>Du4g~xLD#jEWK8eR4*f| zV+3A=Rk#eQX8a$w@pXXKCBO_Y>b%6DJ1ouiR+k^)A2KNkA50!MKc_9ZUGG;?Kv#m0 z1e#{PB4vTuP`9g54KYfSwkW6tQ;A>~51r0zlF*6(l{VW;NuBs$Jsaj?a>W;imixTZ zbB(;8{tnMb%s|HhhPTifcuYYDb!c?wuC|)BvZ=jj+VWxq^otjPJpHlxewb2IvU7f|5*$5A--8-r|j`QS?rS-G#-n0h%p6qY8` z*7o};hA5Nox>yS%MV5rVnWMO>DcWyu(b&>0Zx8BE+?AEt}q>Ip3*3twJh?y%oTLib~|d1)%tkBg0xy1!MO$&~~en zW6!CK^1EXc5}H+1fz5f>)8W6NK`s_p)Q%2T+hApQ347r6-7C&ADlUtIqXr$kc3-LzjAdxumNOgDrQl}Wp< zJ&yk^BFmUn7Lnf6&$$4m6!E=e4%v4AbUp|AWdeccd=C&Rem~X7!h@GC&!7e(OWK8p_eLbYKa7tm#2_|{?=Ex; z2qhU9W|E5ATcH@1lZ&x3?CuxQQIu%AX!X#w(N%%M1h$` zduossR@!vWphD4~c;(OxY*ROC{->EODRS$o{e_DErB1RD9C5g$KEJwJC*;VPmdy@aL@ zHLw%NiB6R{5Y{vBd~*O;kKrX3ivv-57T0DNIzw4blN6l<_`x1&M)BE6N$p~J5|4Z= z)AMllVUYC*E)>CW0^U*M9Vqo7OajfD(lH(?1|)Dg^kjlCVc%E?*HJe+RH(o}hQ}-2 zX$9hl9W>S7R|3R!vf&TrKASNeMiJW_4b-3p)phXGK2`P9YT}FRJi@SxIwW|FRIg=n z7Rhl!(t<=leQi6(PwVn(1;kxW)}e*2ke{y5PfPZC8B>b#SoDr@u1&(^8S*?Up4d1? zreZOkqhNe(l1T8PjY0&JPITB`C6{8OaM#)2u~f3)En>(Qb*;bavV0MWusV zgP~!oc$rPZCS@!N{&eA;TF9#W;PN`TO_Slxv9ExBnn_I$jHvuuk?hZTcb(JneNvne zV)N#o!PF$X2kwgM#N9gWQB9~#9@obrKAQL0({IA`;FwAUg(f1KoF=xya{#dUUyM^WY*+>V25%|6oLtjX zss2&<-_KI_UjBcPCw630|37q-Isx{N3S3C_KX`LE zG4SbDq0upH;eIN?BX}D@O5`Lirs0V1eMBty`A{^zLs<07pBn1fXTKnolvi@}5}@?8 z1?VDDH#GP5a<06)nuX47B-#9M{@R$8W7UE8lOAe!>AajNBL^238=Ow65tw+e+?Ml2 zXAMO93PH(z7Idohj|LbAr{>?kFA=Bm{;y;46&RH%vy1S{UB(mwH8a(cvYaVh5z!w` zYB{1U@|r$;G3k-rV-FRzWWZs z4qSTOAriu4E41w=cWP=yeR@V=ej@yHl2Ktc4}C6S5fjQkc5V1t^a<|#Z}|1&pbJKN zR0n}cV7|OS>O*kU&|jXt=w9x4l6zW_E8^FomG=XWso|ZQwL&PXpr(qh8W?p?Kw4z{ zI;b<)Sor~tIaR7D2E{29@LMq)@K2~^dEJJrjoaa8=W0ou=a~xubDM_b>70K>J6x>yc$i ze_oCTRYW6u(*{S=Ac7)HS+6F|Q_sQ~ZOEEt*DSQxP7^&FCM+R1^&|}e{yW3b-+4{e zZ04RyqzvkoJ3LcJsfK22cddI8X>0ba{H}!{X#L|sBk9TL5?4%JUZSgvn~OZCqkZtr zWOVNG*0>JfR+j6w35xp+g`0MwjVO+S>ZGHqp|ssw(}a{`<#-)MtEFnWwAN~ARTd$u z@tZY)Sr*`$5|=MY4nMvNIdNl{n5nagA!Et>Mt`mq4pudfT=mbJ^~#%P_KP)Y^rTfy zm*I+wET`6U(2DqqULL?Y5na+lsBCHjYUryhnK8W(m-g1F8fMI3^vixHNYzB6&J`0U zz|>@q_hLV3jQCJW`7N!UFoo2pgjN+~S4@fZNUDlgy65}o3Z@gQ@Sfi{tDv8zM1kWIA1j}tpD$N-^_V-I$$Lz zXKB|g^rc$ZMCEf8c7=Z0})e^%;c_91{m=8>dyjz z`7tsAzIxEe(yqgj7GTyJnm!C48YAveW!vQN= z>T-Nzz4JdRq0)lu<Q30fbC;np;|$x4&=qKO!3v+?+q2ZDL>50iW|#Er*9$WU*IQe%^Ebi=lU_OeBf| zhW#TfVIwry6LGk?98!Qlfh`WNJHkalcP3?7Yz)5w{~hwPCUF~WQv)`->6xtx7*N-r zT*1@^(8j2PSOS?6tZCHoVmhbSMS}q0eoVf}Gk|vaJj0WN|1aZ8F8q?+k+bYfzEeNU zxaT(P=3_fot8O)FmCZ~R4I?M9vXt2~+#+6u=u~+lhq@VX&@|-k-_QQTfsno7zd&os zqEXx%$2RQ`g-;bjhqq;iJufAG7OloJkdkNc&O`6}K*bF!u@H7KeHTV5iUMaqw5Zo7 zZ32JQ|0V{`_5c$Rp*y;7ScN;ECngZW7$ObKnCM#)mnLR4nk3;UEj2i9suZh&6*cGW zZFA^md7loiMyH4Le8UoiCZ~Ia6y8d&PEwM;G;WK=GZ?A85Ztf>v?`0rsjTOn*N5hQg)q=}Q_v#GC(s(Fb|Rx>8OMBOt+%1NfYZW%MZ#;kx3hk$8&}dB(1j-V7!l)G}4?8u0YqcWrQD--9tWT>=jn*Am@Jv;&PLUpdZj!q_9T0-}a zpTA4@tPUdaaFP_7hl*o<(gB7!*(D@1T9b8;8NaYGwf6!SH&HMt7#J-}bT&CN& zJ{dF!*ci24+C(ldYD>2ljtvWJGkvgD&Ot-mPL6mgc;?HnT2DraN?s_a@mh$@bQCGd z`gV1VG*-z?)A98xc#FpC3!W$K2Sb9(bQS&5oiB45<+#6_GiB<&uUVoxj#N{NeGc$$B^!yrTAfu6SURF zf*B8&OrwZ1=6s8&yPu0xe>MgN^^>!&zAT>_xw*N$oE?nZ-dtbXe(#8X$mj5FeN1d0 zbZvc&e9UC?Y=2B#Z#Rg0$$tmB-q>e0k?k=?f7f@o>JRmO$-y9$aa}_~g(iB3NfH_v z>-j(vhb?VOpu`pgk4&!2Tij-VtTWzAM(N@j5%LT68Y9}>RXYpiTLdTP?!jA{So}=O$@$&!)m&LJwaSI$bt9ZEytx0rJiH1gokr8PW zUFau*r%A#za07KeQpEUCeBSCnIxRfTpQ_LAkVP5>jYiMOQ@?@2?{2eYK#iX>2+r$U zW)R+;>soMe2TCs>sRc@J#+l<7-*UoE+jsH^ph{koOBFc`#wRi+COo!(3ZE61gP3p2 zq0Fb<{X>U(lSdeCdsBrDt87>w&}$v^a)ikuyQ}Nw8q&hg&iZ~m<#};YTu!aZGJP=i z`2*Gn9HAxX?Cu&N_Z2J3h~U^Czar_+#-h%Ce2uOZD{#N7u73}Irxhvjo;08nc+2w} z`94khgq>@!7T7_KH-2odoD=QHXcU8NR?nGH!Ms~0R{86 zkz6nY%307z)*JWuLsH-%gK`#`OM1}C`#c`~t~ir!n8Pud<+og>h;f847sMhcp#bX6 zmP}DTB2{WN$_~U~o&h*ml7gIySZu9zev`rOMZ!a*ilOc%62k|>%`hyxHVC5ui$BuT z?P^piJ?H^M^`j8Pzg+Q&Y<-@zfLE;x(cL^pFf^>i_FacdxmgSU=vw(slF15_S+_PI z!{Rp$naVAc)D+1&$2X7MQr{_06Vg2%Qn~Bd*5IITm00R{zh4^NP+$d9Zy^Gek2Is& zb4BQaD$LBXB8=iYo|A1tG(z+OSj1wMKa&EZeMGKQ!WHZ+N(J;5vlsp3EH5g!(Q*dDs!FN<;rhPDTeVOy7=_;js^G3v zisS|1UV5y@`6SgtFl-Hq!p2P1o-B>>Ts22-0nyKoHy?0Io8liyS0I-IPY-U9qL)kK z{v|C%9%M(TG)VbNNN17fqEwtOp0=Pa)j-@AC5fT0ljH)y8t9-fS;YdQu3UhD{9Epp zM^#wkViYrwn)>6kku6;&y|`nWa1tp@^U*zi>3YiuQxRkC^>}n3Gx8-&w8w0Sjgz+e z3~m7z@b(McBRf`!El3uSxpVu zKy{|@(Yk?{^DlA-5$eTu&oud3n;nU+zCm$8;rN$s(ty_g*y}q zj>o*sn+d=80p1*ob*IDs5>5+j!)Xzf>H8aFG!f={&QaGT}m7 zwM7adxcwUWgVsGIJU~I$F}LX+B#*Bx;1X?J_a0PJz#7X;)srwIWCc37QW z!&yTFt;tF_ltRJ4MCu?gO2Cjz5)5RKh=qVwN@0?S9XI(OmvW~69zZ%ZU?c@Vs+#Ny zLgG8`3U(w0K+>k{RAV$q|9Vc~p`!+)c`{ipYtW+pJE=P%%4%%e6Pmft%AMsAH;XU`vlBq{W)d-O@?QW8c^8LRQ9W>){L2WV;8zG`M)RbD{%F$E_zBs*wQPTxQ0s&Vc zQ%hj#5!^QPqu!eIBTaO?If6+YCkTVNr+OlJr+R~VrwAhX=CpMb=hWDuLu8%f^}fAY z&w*k0Z9)<8^Vtj^qv~_*H;*odm8AfxROW2KiOymnaNJ-!`J|^qRW228K(a`)z0h*f zdUaQ+&rwZjYoQdTxZvuNZe~JKJX{L}*Clid;RtOwhgTr&gyRju4z`D_yaQ!9T3R*9 z0(y~FW?67T7vd9MILjQDp={&#**X2TNSA14X-X>U(=V6&?|r$(VK`vscibqN4mpLD z#<(Sue_e{l7<IO1RX8>#9+z(lN%JtID$wajIcID1t35P%&Vimx zoH38#iB2L8)GG^`fkz&0MH9=E5stDc^@2EoFc@DaJevWx8bLAZRubf&h*)bK*rUnCaVowQ}c8)PEgwPH=xoQD|O$J`vMJDFjOUS@BiN zLP>56B(~OWRg*EWr+Z2_N!F$|68Jj&TPVhyh+SjR8#Y=09F8F=ZC|02brYaDNrc+t zRE*+(1Ynz5YV-Hck!935xBsy-P&0x8;Rzo|(2$KRnHIO7`@#=3kl8j(?WAf+5A*Sq zt!K+y^Jtxt5HKtyAEql>zJc!~RsV}NNnu{q`tsD8cJlj=lZP?;eqNIg3RY$>r^F1P z!b_Wr#mNvSXNc>GZh5M60D?{TF3d%j%5?o&_;5#d#ID+aQ*CtRL(*~i&eFZNm(0B} zjJBhXNuG)0?oEN+vrLe%+bV1F&468;!8 zyXJ5>nF&56b`O4@?FZTIl$hrt=JP!%++jCAOO<;Fk7;kXPLxp1*iLFWljE$FOZ5$~ zg$EvjZkdZ78P`9Y?P*_s^<<|X+XAhA7Hqty>oEA1(KO#NwS>|LC_w{N^r3(Yqi-Pr zmD*51l_rF*(vSdad7KYfc=H=3d-{-oZ#RZ4y8i~=m-Gz~><`(^ETsR8`hMekk4DNs zpW6)+L;8OM!G|o~pFKmJko)fqV@Lo^)jiX6Wj63kp$s!*8hHea`lZO@j=cqh_KN9J zK%PP9q^Ya*XO@nToS*U)zdQr+$^W8zdl}RDp0$oTl;YyRBD>~)LvtlUURmzso;9ym z)=J92VzVp`zdW?!BBS{YI|09Zbrxb?SxEWcJ?o!i^8Y=+?S@_azdPPGpV(U}%q-Mv ziF`GY#%!Kk&5lZgBoz<}Jt`DZb8bctaoAd*ANMnxq*SO%wQWSkO*&PgEI!ZR{iUn? z&&|pRo>ip&?$~0l$nnO16Ps2OE_u}tI1dx@gg17Fj@Y;QR_=Ch4##Tt>k<9d^l-c4mqv& zIRBH`2zGx9eNH7fC@4#gRm-Vc4dC4_i5@S)LU^!t^$1LJ#=i^s%Rb~Mvc6=Fl+R1= zB!xW`!J|)(I^J3)h;$PitA2Wj{=vQ7xd?rM*0!|hu{PNEhv7q~*1#EUk+?5Pm$|CE zoETKrrx2ede>9jUvrX_5fwn8eivEQ=$BU(#W@#QAXz_PPK`@li-RiQ%8Js4hgRGcL zPt{r@5M1n2Nzi{ECXV9}M$Zs$_MVTs1~b*<1T`x8>iB13%Npv1vE1)o`(w6g5PkTL zM{^CA157)}Zb&wMp&P&$_Ex)T8J~mq3>=h>oIAZ|%3nevNh7mcby}Zwl6xNK14pI7 z&2cH(!l2X8G_ZiuAAXC?wRRZFfNV~g%_ zl6=WX1ZXVXpHw@?W-#@1Bg#FJGYZu*Z8PZHpiSQ=#6jWrkXwpm3B6j&^|z#YrI+Kf z&j`65s#B`d^~~H~Pk$$tyyNZz#2wmO_R~}ZgX_(yHfwamiCa*BwQ}GYKZ=708UY+V zg&=%AH9_zJU|F6m)UCW@Ta(>Y3(Oj4@SD5w^k{M#o&H&Q*;GHM)@*+mkBv@KWm^$b zfL?Pv>Oo6hMF@9Kkh6&9ObAdjnBn7>kh5({Z%NojDF1i%CW4IoY%*B9RxoJgB8wow z^`O4r-kjL>nr3-J&$_)-N=*B`yMYH=6BCJkLq%DAN!!>}UQ)GaQQ;oJgS_ds1Yg-Y zqBD2f3VH`ObWz(bBD&tb-^GxpQVyWQ|m4s~!~dK)bU~@K=Nw zLaV0`=7PkGige{MJc}3(7<`j{Gle~62BK4Sq@^ zsa%h}1Y-WF!~hz_OR0C&l~DD{bPRLmlpz`FEjUfvAo<=Gs)qdU$s4elX8ux7w<5lq zn#ZDcOkz~j-(bG}YCS5DEQwXRB?$Z$s0JuUUKy?^{-BR;!;G~=q;n~$;OeGIbf8}G zt%H%Z)aCTQH0B6h>#^#Tp4`F_P{bwqvGkb ztpIzOl5^{?+C;-9_zY5r0a@kqO1J#v@f{Eyl7#?w+eDZYN^X1 z!}r54xCXOVHQWwyWEpJ}iz~PCijJWEu>W(-*&KXhRR zN#6GIIp2&%7B;mswV(;7!Z4aa?9jaCVCbw`O4arTHl#u*-T`<+fvrj*`P{$uj0Gt*V#us~ke9F0-k^k4%1%dsh6f^K#;#W{!0k6F~Tn;BmUq*9i+JCJG* z_cIW@lwz<2@H+I-{FS~!50uH``G#gTf=+uAjwign_#SMzr@C?AdSL}9i$r2g-zXo}q1AT~ymv#p2AW2>_8FCX zW!?G`AggA5#`@^U+K1_kh6jYYpv6W?Y^`h3f`WdtocUn1fG-ZgsEXY-SnW7bAe5HlcL23a&fgRF$P zcyX*ER%o2GnE>ksBdORPCD8b;&5cD7bf$!3GXIA_F6O_8&A%U&-y8%5yFe^_uJTPq z9seDotq%1c0CN2%p{DOstwP{G>kmQVw@UwhaeTMAY~t~E&_8L+JS?!ZcM8n?Pqaj5 zp#ftRiR*=cT5Sry_1YXgQ38@ov|r`=hHzhf;AJ3D9x-Cht9=Sw&R@v-@1ouT2FFVu z(${Z!^P7NAfww+Jmh|t*DBVieh!#F23z=4+!(({Me1CvSfVQyCQfpY?*!pPl{Q<2h z-a($b!jFiQVTkZh{q%Nf@_8*n=;(p@A6$}YFOp(+?c@5MwSFlY9z8JOd3Wkz1(e#ZCk2x{4 z%J#Hg-}?>p=qh9s3n&t=2+S-*FPLl$U+HXS7ghqEve{Z5Lv?>0ritYU45XQNct$vi zuC(R}{nIF;lWE~rg{AT#I_Cpe7r75-S$!@p8+J$ijNw*hVxc-`Iv4vK$+e2ZInO*s z+?FomYTntYpLkipA!2LN6{!rK%$3Ji9Ox(xfJ~LvHrrP zvTdmybpB@7Lxni2wK4)$gO#c1ym(DrFnQpFyK(KT&MWabB$GF$v> z)@&?{3{as-%$wq60I9XB@IS>$AB1kG*-P{Noo&EnELCeRL(}{(0xg+HO|j~IEI08D zRdeF|hWe4VwifmP{qQFEV%X=L?T~gJKj+NECJ3F}PHxk^URLgJ(Sl}Grh5piMe7m# zajU{;<95hsPkQvaMvq-ZZ0&2pPSx@3xv!t(xf#5=OMqdPfz8oluGO`iAHUZ;d+KA4 zRkY24L9nOVZ_=+^-bFQPFJ=9*+_Hs&Esmw;Z)HL0GF_$BJGOdF?b7Gg47<6w1Ccp| zjq(BMhNTA{Mtgtl6UatI_f>>t$iWI{vVMmejXmO{EpnuJn7#Jn2KeP(fQs&y*B4a} zM#BZ2u}@uB++9oCV6*V8PNCEl^(E4ub)A1IQ9qI4mVA`*TIm$J*e(SWWKSu#Q}ffJ z6%Wf5NN;#cEyG9`4Tf}8ymrC>O^4HSA&hRNJ_0FePjIrLoMr+Rd^q0;sYFasV~Ovj zF_e;q%E__%6I_N3q4qvbrvoW!_1Xj`9SO5GC44Jdn8|T(Gpe&E#E%)p#ff>*LjZ6Dky%izl*6RO5 z0loi)GFGoF58D5x{yM7PDDZy>q3atOzL}ubhSMtx>A$Q%!1cca1{Tr(2M>;$i%UfS z1;OqWmCm<;Q*&O4aF*n+Uq9wC2*;O4o}&0;QZFzKMYGxy3^ zki$vIy<|Xr*Pcvyionq&rP(qk?AxGcjjxu{+01W`4w07>eM9}yq~evY`ZdCAJ6$n^ zg_*F=;!iF?7!J9Qpck#f-$NTK|KJO{Ywi7F4o7zFlp_6gDCdX22Z>WXGe+~`-04}4 zyz*nbQuA+pSU|e&ON&m=0cDx6KU$lSnxdKTM)H#gkBMO1h&aEa-^pI=)HN|Kd>$l~ z0m4TU@6WwIbow0=5p%^zaXqcsOy*@CX5@jkwCZQvLQBZUqR8=cT5Qt&`_0?``a*_m zlqW1f?a}2=TW8_5@e)C1`N0Oc(_LP*?a18SlaNVb4n~J)95kR;SASK^V&B8mEmCKD zuU$aTr2@23W4CI$*>A>a7||8sJt)|M0XyR%!*b5GS=)I{QZ6Kun5D2JF{Sa5+|2dB z-l1t%jTPC7O&`^pkd3;p+d^pzY1b zmyLt^)h{OczH89d8yc-;y#HT@frDZ;zZ{>D?OETk zf~>+BSA&$8lP!x~oj~FZ=@(h&f`PsweN30j>S)U|zmOdqB&X%N`e6p81Dd`bEd4bgd<#%Hg zMFz}dGwJjcZjWxZ+`INKfMg9=IOJl$&e-T9Z3HkII{^-kzX=>UZc>7a5>z_q*rAPH*76~V8t2hw`> z!-cyP>;vXt#4pB;Bm;`2=O|fcx$bQHPxSOWI(t>4_Cx_cyA~XKLNw+Q1-=_erQavx zeM{{gC7(35gH;GO=;q8*rzsoV7tK}*$o zV=z=Ke4h21VTW21!hP~5&6j&SbLQ=|p6Yyf%WH9{9{7W=Bl1#kKe)Mv6)4w+Soy*AzkEMXOYmsKe2)sz32Vpevf(vjtA zm*BU6scq_lbUBE5U8S!5B=PR~ur zQYN1Lhu?cf9UZN=s7{Ae(~l;jj9gD_t!4W$c&a;*LFeh~FFt`qDkR0Jn9MYpx1JiT=aIVFvGBhPV77g{+C!(Hpl^eT0|X;GKl+!c2RpCfcIOi<6C*k;dZh z2MP#%(}{B0B~IbJ^!GB%0E;yBtblq{W+|-@12{5^rijxLn$U3!9 zSQ;U+2waX9GPfPu7?c+Frfrl$KA~xbn!Bt&N`$B|E}(o1a3v$jO7~ zU>Y}aIV9x5;*{*n8uA~e%E_S6`oafR zY>5S?4!QP-{e(Ypi!$*3-s^>=3@!eKXeq5@fu57{Hq>M@%hJZ+7zGnEuf?p2-bi1f z$~g?1J~J54TG;c+eBl;C9jH4q5C!cZx`!oIR-;=nk53j`b_~SSBMbJ{Hwzxbprbv9 z>{p z^ni}dK@q?&oP1tc{1M+bH2wWbv<}~@GqKp$Cgu)gin3UmW9Sv@0-Y3l+A56_soY@gNfxBivHjvapc>1>$% zUuiuzEb7M~uH>;~eP;wxu<4PJe$&ecXrV62g}QeT9NlEaC8#_l&I1x>v4sEV61*bM z4O7J1y}y<|e+Io`_+BUz0+l|FJD$*2$CfU22>o#T>3%#Xb9W%2xgC{qieX``%H*3` z@n{rlUl}v$9SDdAwKtIq&P0}CkL<7iO-Pu5|AB5*9^|fok5{5+S`$GlOYm%V8P3XN zYb6Y+679%L)MN8&Se;DzUb93>J<*xjO;gP?cm{GJuH8f5NvodpJFgxfE$Az$@4&ueQF-oxJei66-GtvDIjOwvnE=A3p)xPeZ%LTdQJ`;;*AZZTnCt!|1pw_88eYs`NYVe{r+o$E(~*SF_gTaz>-m z(#azeN!}n>#(LK_rWU)Zv&F0$^|GR4f*^+#;X>$C9rfYvEZMVSV{+2Yz`s%Q2qPgi zLy}YF<*Sattby zZdchdLJf0^uUxeXv)tcVk^b8HPHkulF@2=BVl-s^%VFE_pv=_tf0 z%c51;>Ebq&3L5-sik$izq2Z>`)cLxuK$;1a;Xn5RqIK)n(l9MPBP5sSa2X_^)KC16 z5-Vit$XrvV3`0UJN6WyJ@;4rC##448e0P0zJbd@~Y#4a3Hj4R(7wFGy_%ue77F1Fs zH@Dw{u1Uea!x`wT&AMhr6)PKLE_}^A7~xeF!^)zbq^+v&sq6sa9@d23^5zY<DDCb0-1sbm2dm z?B=mJ!&QwWPYA)o8Nh3G{G3n3l$f@xpB8C#7Fb%8mx*Dnl^fPmDn7;gpbV7-_xos? zA7fk?-p%?ba&}^AGA~6WjLkM1tUWH7x1KgDQ{HONz|dn=|C9a2Gli@Tf@`E+PA0iw z2I;_0N$VeHi#_yHT)TAIICX?1`&m7j<;R1R+!pU)b2r3bjlG-B{LJWG&GL1PGt-Jz zpyo!PWnPq9eEp7{5kROT;}k~4=>{V9xO&2kJg$cpS%ItwHL4hwRHvRR9?kum#K*%k7Ys$`>V^17W^S&PAO;23obebDgdKHDck3NR}R&CLv;scYx~lxA!th z9;KN~TA#+h#EvN_)gdenJrNBU41Syvd+0$rIpY-@m`=CWarQHAOVnaWY$G)-1_G;7 za8^9c=lTKH_R%ShQc4<&Q+eOgTzR_2CR=e2tbk%aTWhO`g?e{APP0puSwvTaxGXQqIivZbf(n?*g37;;YX6`t zSfVMjcNUmgy9{D2P$}-G`XzMX1}^9kP3D;ax0rw_OF+;fcXtj<+D`2F*h~`CfghGL z%ne~Xb=ftd3k`D5s8{Cst=q$gTduV=`2hx7GTCw8_9FFo^>HMe&m#Id9JQ4MF&b{v zFgLCtiixl*;Y8(#);-;%iI@glNfnl){1C6E5Fx;FX|2<2L7)A+SMvSp*2{O5bL%2S z=H2mi-4y9*a2Y$Nv%icji!ds`b0dUnGvME~zcWXyx zIp9|Q<(0gLbQ2U1_m7B_8f1y#0G;L8Q(8-I|3L1>HIKZ*5V&Gp=WQWjI7C6noV ztA1BkSHoZ5+{6f2Xc2h_SK;girODgf0K;ezuc}l|C#v`(tMr{&Zy96cS>dQ?5b?IL zWngPd#)L5snx?nQ*u7by114_b4t3f`gGDwpd)S~m#VoY3rbnh#A%Zbb!(&T)LN7Mb zJyEl1+%G=_dqLsXr}hj!6-a;BI*XIx%lWnrrXucH-rBB^#yZK3FOv@k$vV*LR?;?( z?i?n5w3@(5SfdO#SZmX-C`{Glb%%@NSNhP(4GG0-grVJc%(|s7#C-Wob)3&h!hi1i zJ(#tL0iW}c9)PMTr0#u&=ki#gW6+UIw_nNS&`s;bmWuh;yb1XNnWn+OuZM{p-{I`sk zdjR+^IYpj;O7^=kS5At~>x7l+MnoXO{%!F~?a_XenVP(l<&*%G0^nQV73;m!VI5>Il4+WdJa2`TJ9B(W zAkRPl=MXEBs;S{fY1-{P`kDNi`mkUmFe)5QD`ANhzr;=fgHOe-R4(dB)g7&;UlZaM zB3MS`Z3*(&*^SKImi*T!6ihMnA~f2vnA4vl@F&rP0`LddU`Gh=^lXrYU_M@`*jbNmDI8iaE2=yy%~O!v8N<%&s_HDYklj%Z~-$$;?qw>K4a>{;|r zGZMD2vH){ilegjjB%8#~^TvN=Lpiw;Co!lJP(9RZ!fEaF06#CGRGPx3jsaDfR7?Tc znvVGt0|wpvI)GCdPOyA~O9C|H-LnGcvqT-p$mcZwcQ?-zNY)=hK7Sp273yV+&=R=s zD$B}@!+CgyZtp=bA_BT16=~Cy7DXqDn z9F|~BT3Y-xAFe$lb6DuPnIz?i5>%vNJlWIEhjuT*=xvaF80h~K4e4pr*lGheg#hlW!FG$3*Z{@#{w&xJwsFA%UhA?WL9`?wp)bcpTo3Ja* zrA7W|UPx_#aTq5ieHe=XVwfc7P>Mn!K5|w=OctyMk3ELC2`_JqTm-q%JKVI-dQ@!} z9sVlxyP5dr_TwX#;O+j_^;N)Y@FdeT^@>NF3lH2;8du1vOkt)1bs4RbcviwN{EH~U zZhQ%-^?~>4a8#s_G24Ab*_R3Z_(;Z3La}lNsuxacjOD&6PX*73LA~b@Kr0HvR@nH3)Ui1~ZSTv)wKnvzuOH8p2xvpj4+ zzY4oo*O2UO<|mv;I=Afxxu+~yCGbGB*YN#@wRStC!yqNn=mnMdv|;%D3Z8z(@qzOO zaPJh4m>X3OMl%~bXX!3lq~|h|CyTWX8CPr4^gB8hc`zE>;kBT%7O=rW5kiIDjk95R zX}3`!DvNG#6;8eC+A4161gMD!XMk!dM|;pA=J+{YB3>O9i$O(m#?MtNd-Coe)~msi z;ll){z@F?3-tG^;WZfzr%e-uwn2lqV9!PYpvNw}5wF7k{;8Im6vfA4^i2vr4T`LEQ zB}${9V>6)p<9;%NcQRl>^5fySIwtvE`h&#bU$H!}?cMA*G0?mF-OKS8&^MYiV?+jW zZ9Rd9&?t&03l(727&8I06B{|ICwY;*eKy<(UCi{$>zcbELhVf{eiZcWQIp-9A?!yo zJ15}n#hLx*5Ns!V_S9AxRQkZm(D5(6Bc7t-k15jTsmuppEFt6R*U*IFJJWxZI>Xf*A&%B76p##E@-X$^}~mK9QZ@}^>OvDXmimQ=s3v964|Z1RPWPBGqwkPaz6^mB&$9Z2XNm83<)h@VF+!Af_BCc~<@*${#YdNi>$iZNZQ5 z_zw@Lz9nDYtoe(`R;D?iWI^!x6#kMbUO|h3CsC){1^H-~!e2Qus8wgKtZ!I}J;Lu= z4>aEv%>2+)2LpdTwm85Jp?_dJ)re%$FTVO&;tu{kPAl)ILs5CNoY z{1|x5XdEV}CQ=q;S+K+GuheXVAlTueIYmHhU2xp1?K+lML?fWL7^8U(6 zQFrM67~*)gw}cpqgu2DI|42;$PIAG`nf2*E>2IHI`Lknc;ODb9a-_#pdqmejDz1b> zhU?(946#`1`mbC|wtcU0tyvu1<(wORk8?PcMLL6wYLGeJ2qeAt!<6#{m{vyp+5@=< zADH<|SHfNuwFjO~Uc`cJl9jXD0WkLe;AYjzQFEuRs@g6^S~W{W`Zx_8nQQD8vCi6P z6?Rsi$45mP%DNpVgBhBSo&gZi`OD=tyO1##vKI%GY;Mv=*H|MF&(crsj(KZq66m;} zz0g~YjIb%aJZg%8kI8PGAhHW{xW`efMZM#-;D6s+i z+S;C9tb>37cV3aePivVVV(aswqu(&sJZ!vP<4soI>%%a|M}TRXQpeL)C=3uKQf|mD z>7-!cCaNn_w!8u2Ebm-T0_?(V)CIp-!3AcF;0_=HyuvvkVq2sndmconK^AU(*zUul zH<{%RkaBO~&{E=7#gg19yto)t7TQnv)7yw#QZp^^IV#c}`|My8DI|WvqVI_y9B!=7 z;*}G-+iEckrfXkqi4dn4#wx&@fY^`ftj`?Tv>9m+vcYfZomX0U{1T?YBhQ%2W~QE2 z$@Hw?kyn=+9S%+A@~#+`LaebPQ5Mk7Y)OIo78UQrP4EigVL-$AXO&pk5dGj>ny00I zxIGlMZ^34o8%w}@?VUwf*0BF02Q)u$(4xlCtro*{cQNp5em6(I>qd~iVP;pOx8 zzPoyTU)1~;@N)O@88dVrle}7~ppAzf?w#8`6f8tR@U<`NAe3!b$sX@V$T~d}q z%T`AG{;Si;gnilF3lL7PLNi8(I)_}dJ&`;iXfnVNuLlm>!$2!(;Z~s{QiOPn*3`zg zz6o?8{R+4_zE1DL<7j#~*-U5p>x#q}#0o;W;>g4z(BJo|d|Yi?As^{oy8WX$Mm2Yl>qgBODBZ7jw=l(DIAH!6_v9s-&i;US8;X5s_;)2p2aItrJ&O;VP1as z55De~@*NrVvp@Rg3K5|6i0h#|!iC0UU@IsKb|w>E{NcMZ{zsK4?3;z*@4h4RJl@_f zSNF-!5lqPW!1sfPvuGI zejU9|%#Zx7PPZwICm|??yQaW0K375Fn*awl5lex*9UdRI1624jj9)TfHFYc7IMwS; z(NW?x+^U^ zSYAyALI17SM@>L`y`q{a!>aOSIiYMkntFI3(!R_wXbgp^;P5vC!?PUn977BHC<@$5) z2#yaF?PWSs$^xOzF&1G4&0c@G>OQolyoRPY7k7kl&KvL1Ylkudp8*6Vflf}zF(shU zKIVx2+BdfC?1B0Uga#|3s8%UDbZAbMOfO+#2-b@rETA-Y33XCJ+&^O0=&=w(e5omm zmA|_~C~9H$V)KPD5#!F5>IFB1aDKG~UL5U@QoP|_;Y`yCz|ksX?ng6MTA4abCDDn% zx9i!fr45%I*bj*aTrgR-?essN>Xg?2)5~6(du@jRf*0%T365uLcAG7`OGd0dC${h( z;e?ACaod#%`MQ%FDV>esA6N*#2OQeO!L}@b&u8mRMIX<9lLx-Oc??XR`GfP^tbfv^ zD+Q0$lE{Dtx$a!dHl21sBI`|hYD^`Ec1X1!GThZ4{0_r6&;j0sCTwLyK0`o)-I4;8 zhQ*oEe_@f7EDrb5^Hd$h7Ah08vV7Fyvm05o zb&zbOcH>@w<5jof#B%(7C;#myLGKXA`38J(o(BT|eiciCe*)16IgCu#%2_i5y4^IO_(ElW)_@*ojVKyF< zgl_uKgI}&=#TPD(VtsM(3-rxp@Ag3i{O*qC(bTUVE~$4fAGkmHWP(M%!Y@8rln)ZY zANE>ao|xOcLBeTgt$+De00m%069P>Wp@T5I?9~ap3*Vl9pu&FDlyZGS%NTotHqQa6 z67tZmfQ0}43E-Up%c)nOCOU)~XvXrZ4dkEcrdDjG)7}l=lzyH$wll!~2_6;6;kJG$-%8f?MQHRt z68)f}AJrp0Tf}B>g$&$g;o4P(^Jz%;k_*;yfx2<4{3!Kf=Po%Cl>>`ZsPizvfzH%b z34qK)VjcHJ5~O8JX#BY?jK?aN{cz)@_DAZI z^8-jORjvvCTj5VSpMQdVo}u?jai2+z&Yj@*{?+{fT{!B7q!>Ml-ny4NKLLW?dB4 z@R;H^O7_X8)u{Nh##peim_eiA#OYaJX9WC9{1cYw5@kbn?0MHrn%^)>V)J?a?h6gM z-{j+zN)Zb9TTz8rPgky}e@YTAXwm}qQBMjlG?xyc&_4CJi`C~ek}2x6Fl@}CQg{z3 zIx@nvQ-!m4{h8ZIGMkzh9>>K(w#;GG+4IZRC)faT2hrr0G@OzMNfhzMUo&%#5=aH+cW$Q_JiVy;8E3=KCuAy%uj&)KJYE(*o5}09C%c1lm(h)d`b&T@&rjF zkaKh4^x(ugq*)x1yoQypErwMb0o=7h`-~);1jH*OD85(~xj4j9E>U>VR!d%%&zp@9 zoFx7I7qsQZ|9wVC35GdxzHPEZ)29Iez`y=1U#mNdmLVUf$tlzHKzZ@@>iM&)fF3^u z0)W$ZZJc2eKc)dI6MU}fjwlgV%={}bguMCv-UTpQ+5TaHij;G_N(;C4WaXwMXIruzt){82 zY?rc{WXEPof8rb}YJj&^OBv1$k0RmN#LVULAH9Y`P**OL@*h&r;x@3qc4ZLh%=>@r z{XB_N0cNbYafE^&RQJ-6SVw#Nq7Ulsj3tf|#nbW+q5Mdmgi+7?VEVB8LnUv_Fy{~2inElQ z{A8b)KBdGb;(_ek-dv@cRYaOCjachCAlKY>wc?-AJKia~w);2dML(jmK6`Q`^Nxm* z{II=ZasAJpos6&xbJ2o6Y_P$dLrowCl82M^Emk6PGuFiw0=KXr$dx+vHpTOo0wj91 z(lhkIRL@Lz!~%E*6b9~ge4I=6yQDAfw#NiksKa!(=$Qs3B0%zNe<+cHCs!%-HL^)Bahdn}7%0J&q?1+V6O+<+! zpj|tP=z`{Sr{wxOn8yWB{Kth*0LIZ9mL-*mssk|@)NY$iTRq19p0eOISLD0yj7P}Etp@F0Gz z)ap%JPn1@PalL;!%a8cYG>rdu!ZwFt{xGq_Zv+C@nplb6?}%D6sC%)8u@}iX)DMsx zd2uGr32M+p6Q3R`L9?uclP^&m&;-H5EhOklas`z;3u~6a@%9biW|&!QPO#;u&gz5M z$M5deNxgsE4lKE#WSw~kT>*x0v1PQ95g#`6xuuNrTSGAny#m6JQ~g~v?9h&XhQY$O z+&EID23q@-=cbGj^K^u380TZBw8dOR6`ZXIpUl{K5$~)8QPOWGABXkO1X}+zYQIus zNltOGtsFTt+UYZaug-c?<1ok%(&-K(u-p=!&Lp)*rT=z`jhYR1C0I*`WG$#eSN-{R zWRPY2=^Q&&7y*9AaipJB5P+I#Ev~}fe=vZjFjwuGaR+Us;FKcZkdXVYNR#aEZnS-v%tp#CroYDyF{L4~4j|MBQCjhi{CC+}Z(w+r z>Rq(P`K{wFOpJ`7R)5>M$HXt!wn7GdKpNs3q5(>*!f@NR^!N=pXX^WlcD75G9x#K- zB({(!GifO?I>dGftHl6;Bcl>%0CRes6|vt^f{u~BKNINgMznrQEsHD1jCd}QeT0t< zM^vbnZ56WG#^u0E2`+Z?T@XakYCyOwV|3R35h~i$a{x)!i;;kh$!YNHNcFnSSlKh7 zT;k379KSgE=OTKdT`3A)Uje_XG%sOPXu<~rVJ4euTI|t#cth=NgfIL%-Ezb&W@ES8aspLRw;U6b;)LB(ohJV2PxJd@b9sX zab#4znMr>d_uNwYJ$hd{>nZ3caoANPk5L#81%ko({6*|f2enw6-N_pIZ?%#3WmDs( zv1-xn<(%g&0i`h6C@}Y&m=#^(Vm}G;LS8#LdY1=Eph0KNXwg3Acs&e!n=l$~+u1@l zR8>J*gH=1^iI zT*brDv#2ms_wujUB{v(fr}@fN9~0%sd!6MQ%v`hz@EAowbWRb(liYf%sBO2(5&^>A z`9>9j8n`gjY}8CXz2=yx?4bi?fo;2CQmnfPuYiJpM%&>N7FgmYny3?cmAgfL2_E`9 zkA4x!Foz=-gT^SM>}p8Sx!$c4m*1#Sw2V|lO?AVfbd2TLQokz`9MojTqHJSXTKkEw`Su@Vty|Ed3kG~~i%rI$@(QYk5mt9 zBogG8;!uU1m2KR?&F$G_{aX84;tV0U0xl_r(+cCN*J1#V=lxlLn~U2dUw_JJc-m$@ zmD38Jg|ZA|x8w?4mDuGMe;zm5xW_sP8scg}&^flEF8tjs)xn6J<-P~dti32?ew366 z(hJFYAU;jpJzN(=PMN#?Lz>+DYu0SmD~U$8*%1U+UxEK4+ih zhxrpA@W}c#mrZ!dBS%B7Y?yWj!cPHh(9h2WlhPzZn=js3{|1p&NiEplGhc7F>TZIer>+L55XR)ZQ4K1e0x@ zGpT7n(%6h2gmZ_}Al7Zh$t!SJ5A8zv)5{_vE8qC6Ul~eKZf>zO5rYU@zH*MY~eyO4iXh8E{TOxIAMRwiso*;%f^xfJ`ipuw6| zw}0@`Ys~uHOamL^5{kKj$s|U+O5l}|_Fqy^hP0v70iEy<=jzmHnw0M{Z4kbTa!sAT z5Wo+p%5m(wcEo1xere_;9d!H_Bs*?0YYX&Itip5(z~UWcM1(oDXQmatygE^tyaJVm z$lgz(B+X@UV3$EeN3v-R7UWUy8er~wN!b*t>Xaa(0;@R=*C^ufdyy#n+!r2c1%6!~ z=uSnwpG^O4@Q&6$jKyW{y%(Fsv!G*Pim)u7{MQXaMh0q5tWCz#LK~3Q-cNb6JFxrw zloz?H(lvoJx5x?B5AV!I$lzR0JVu^Yw2D+;mE{-4Mq`CC z{~yG8-i&g;$;}kXePIz#R2&h78MJX~NiJSfk~UR&hb;RazN*gWA6%>XsgJt>+EVT5 zzZn%~sBRK22n@b=;hUipcl^5Jcns`Aua?$8K zgU6WmP0HS+^C1xJLe0OA#7$ zA$&nB2+3wj6{s7KjAAXX2jZx9` zeewE5YApQ-e0NX~AT>BNd^gd_q2Ljs9r=9NKRXhw*cx)tth_4+HBRisS>!kFuyp3p z_n)byNGCVE&qk{>0Gm}M(34(T+M?~mSasPeC{NfUdz?*v&G8q)JB$;#$=3@GnCJ)V zHBs7t1i#1sLv9;{@uvjGry{eENP<1`)avlJ?}uh@B2m~!4)6S+ta{)O~H=@ZUzhg-c6l+HuJo%jOGwL!h3 zOhRnvir4F8DVwc|#IXVyPXolp;z|o?mx^U2tvRcF@_?ebo&x2-j#P+W6P0wtY=DMw z*q~<5g81klNsK+*_w%G$E^1s1@{lLl<{`Ej29itLEyiC#D+jMzh^9}K*iO%R4hK0I zsn7cXWCWiJX((J7Z{E7)|KaH#gClFWaAC)`ZQGjIw(UtKnb@{%XJXs7ZQHidC(nDn z?^Jd5kFM(4U0u6-*IxHp*Gj2>L_rrQ?m8JREB@t5uNuoX5_*ndg~(B5j=%*lOzw%5 zIZL}#n%V1S7|!u8#ir^u165EI`Pxk2T&9~^DYVa{aW(aj_^s4PSJM@v)8IDav{^6( zRs-eLaqlp08>jEdlg%&z-!JXGadY)S=&+!5$~XVPg}RhET`l!N{kDk`l~<{9t^7?{ zfb`ayhE*x{-2=Eh`zeRsti=Id7Lvvr8CaedVey(xoyzty=0;*o+Azi2uPA8JS<7gK z7nHxJj-hIpo=oXzYY%{svsql@dDXPh(lPtw- z^eEowGMJEpCxtQ`?jttwuoB~nGm<<-KmG0nZn4nn!HZQGZVC-UO^%y`Vp{9B$}VLA zt6d_0QB<#IMwH}!@23**6@`el*KC$!9w*zk5&a<^skZ?}9qvQo)w>cd`cwEQU*3c< zQB2Y_{1XhZD~>;#o*s-ue`=~5lBn~6z3C86$~CZ|nmMB>H(*s59Y(K>i}=xvB!l|( zLh;Sc(CwGU*H~JwPhwlFBQjg1&jUI-0Sl0ZB_F;w|6QDqK74Bd-(*E}c2yJaQ3G+m zp;hOh{QkPDoVy2=cT(pscb&+VB?v82e9+<0;eO$Aoml1RB#rz`z7v*aWu39gs(fpI z!YDMujg_F(=U9NRX~M!cv-P;cPDFud$v*rSjHyQMA3-eIkN2=a8{scI;5eY`#L3Pr zT9z&4_n#yXwHci(QxsB{<4m{ zOB<6Yw&9R>PYFCSQ1L+Ba^t*AOHj0!wP`}h2a8}-fgx>v3Zxi*fSPAwT(d}0XiXfv zjb5yr<{hy~&QSltavkztwBCpiqi68kV<4};sh|tv5k`uUWRX?GyBRtVs_hT+2O3oV z8dHU&Dev9`>Elmu?Ygo6*#`@~;@U(1imGc0v>Sh2C4ivrkqk4#wAF|n2eWhWyZHs&0b6H3Y1T+d zP2_?`cjhQ;WD)#C9ZWEP-9rP~WqF;v_ z*jV^jlJ5c74Z{4Ua7A=9=APdZb(e*=TjIO#xWlf=`l7*aHqZ@8Jv%Vn67c^V*yV^= zl9_aUAu5VFqZ01T`QG#M$y9fhHJ^>Mlh$udDReX!qoG_3z_;c0@^NqjMsTe2$@Aq+@Xa0jHT1`e8jtjxdKU4N0f5Ih>F;2JjTx_<-4bfcfT^guZ z>&X-}9BO9Q1TBY<>otMn9jb=b-bbHv%s*{;o={xJfJTyF!UVPl1Hvnyf;P_33JIQU z)xr%iYp`gNs3fR%pFq!Er5F!{_x|LfN4gaT)R0)>*>RRM?Nu%#76SUVMB5gX3T3lZ z^aZ3rM)6PFPsf?~%^3EmYZtiNjiB2h%+e%k{Gt9>3#y zd`1zZF|}2oZB{dK%pCpAcND7nH9XZMo7-m4>}u)e|C=wPdXF7HR9$p`Z@J7oyq@$q-lNSNRh0Ajt2yTw>MVLz2>`s>W8@zhuP>HJAB zxLnLzF*2xgwmr9SlPiuMe>ZVOAcr8kQ-HS|4dO+^Ac_+1!pGIWV@2bYT0A8mGZC|JAB;7dgE>mjSMPd#?yyfK1I{+!=q4{@Uo`2));#b$$B|1p`I5 z_uKdscz!0pJP_dX=IH$CE2?wIB*2svT1W-BS9?I(#*2IMh{+5e)ICeY+h^*t#vb1K z!G|Wgjgh=Z%C7i46*-A+UtG1bM4%|pR1QOhK7Ra6$_V`5oGlUYf$siLXIJEP7-1bM z9Tt#)4sHCJ)E?DqAW(;`0i;frfgSs^fSEAq*8nj&p)pFBzXN-D`8WP3e`ycMif|cS z{T1yOH7Wt7hm=*CQFD2B(58Q9^~U(oXNvInjzVoYZ@N&BPg`yB24)itK5p(Y^^E@W zs2pgHnRm~gG<0brPn`FQpz}Wv5Q2>F!4TkJZGo~Q_yaI@@N?h#4L~zvooD$9l)4J5+EID{gStx7E&fTxet^E@2o+sL`*`PkCvND~(f2QkkeKkiOZ zFqbYpfM`#6KrUpiji#zRNA(ge?WJkAfu;e;9{=i z>J&MgGSp3hwwUKr(m1H6g3?kVKRGi}wC7@$oYaa})>Q1HW84bE+g?J>V4@-^y=le& zPDxRnjZaE#e+HJSe0h9#nw-&!5dSlQ)a2$QEx*|;XES%SeJCZOzfZ#phnxRiSTX{R zdhfUZg&oyX2<;FdA*LRmargkv%k@>{61WpU?V1eF36F&3mU==up>G`jr@;bPFE?Vj zAMaOa=u*bv?P)d#&h;aki;5Aywz9a!?i{VX6G5og_-W2#fyVhM9s#1;N#h*4+os6+ zarcA$N_eK{-W;Q|BY(@Z-mXz{XPdD=WpZm9NUW#i&L(W^@+wj)HX!dD#^d>%moPNn zPr~)PfWLjv3H_E zGdp~2q@s0lK0T!nBKiS1WtO-T8npYmuWY^i%!{o?20J!qtcHQr!vOvKxIQdJxA;L9F8h(9QnNS( zZAR@u1^=+5)s~#Zc79Z-N%CL!M-c_djM-6;sl87I(pjLyTz7rO?nUVK9c&>kTc188 zqFK6T^a!@&g45&tn1TXig2eZ1RPwEb8xSU8Hw8*C zr)`9UhKI71d}=|>65>v~RGHW7d4`y_TC~IwXzTNyPLBYOfY$^^;E{PzsO`b^>C0_Z zy&!`?Z8-rNHN}wYl*dQGp8rCW#F<_L0RcQ>mcm^vwa%6Lo;?6DQyMfMg;3FBwJ@^) z=BM;$;kLV}ei<6_^CmYoUc2irqXm?JBbMNbYn?i3jGCDkqV_-pg_+}_j~-Z3)!_m( zx}tr2BT;fCqq{j?5~4vAEby}qD?Zf><09SVf&*c_Ga#6o8tTyo!O&9_TK*v7eA2e z8jWdB(H%4HH3zqerG6xKZ6UPSWz*VN2Ab}lM3|rl!)Do;A~ zk%ajuXT;g)dWp%0p9lND9K60CsiuyqZSL_-( zx1@`!kB3Ve6io_8-Ten$* z%V56p`cK+VJ*by}X5)udidk46I&Y%>i&a@CQ%O--ACqCaYdT#=9IMQ``np3wRygIz zz{2KE|6iF|P&<&mwB0E_b$y`)BF6G&fqD&SSz**rYw3k6igc#^XS>14A?d1lIlZ zpY{BGpXFfb{PT|=)D>6{Pi9aLMF)(2%bYRRD;@AoP7vepR~*VdH24sx$lO1_IRoUc z^LaZ{+3K%I3#7!;F!yl6Lj2D`Eut<<3QM-y0j`)+I%Hlw96VWN3-lm5K+z+YT%ezZ z5Ic!1)l9)HAX4mTc{Ng zYAW0j)-3FSkMD<{Bu#Lss0=3@72^$-7%HNH+~KBE?t@-_!XO&M+#op<1pzMyW0NJ! zDNBHcaoMsd0y#C_-7lZ3KI~ zgk0@%TXb$VIkl3CQKBl1P2H9Zrp^O%P(iDvsA%VvS;hVg_$0zZ(;WM;-Om9bt`cwP z{Vx*|ppIAj00N$Xoh6QH`lth6-!B@cfk~Q2Lr4pm6Vt72N9tMZoCOdAVb5h=zOH|( z()*Dno^+IP)Vwuc4UH{i69NZd(le8N4a;n+^UFV#CGx9W|8x^vls}5oKzlE_{9K2r zrx{a=qIcZ(B~tzUY-t1RW0(^5_F{%P`kvx&<3VdeXnM>F|A1e3SPTu1&zP@cg(b6? zkwz}LjBFV0_X2>?W7pL&6wM4UXp_q+JKO>+$VwMNFUnU7%VE$nJPayHsm$#Rz!#6H z%!7Ip#`numcw=N0W^ab%&7jHRu#V%A_ZLr(+@@2nM=i^g>nLF=w|qORM-N0`KR;OL zk~R_L2A3)=qc5)~(BsfI=M~a4hLBFlUztw&KX+GYP{ z+9E!idF?VEL8;NH*ER1D(6tGk$3Q2iU1bxTscz4oE0Fvi1fxeSaM()BI(Xl2&J~*8 zB$hD*l_M3Fx@1KoykLcbLc)4Fl&M=Gll9pUg&D)=`c+VfMz`{t?UwJ}_nmTNE0=Uo zR%|`+p=dWYGe}{JIS-G^pr4nkoCg)>U1V5=Ql-gj`z-;}35oEm=*5w}7%M9pNBPZ4 z03TG^{!prrxmriM2J0Pc_l@|rMl;sw)~P!4n?}CS6~8{FI1m4kJpkgVk2cj%pA!xx zm+el1G=*tW6!F>xmrR=JvQ|m+D1Ro3E+Xvb81uvzZ$AF95AbV!we|cK;v9G&`p8}c z#g7opCH8|_VaONrlHvuC6j8bjM78!k&!gejr^rW+a^T;0({In$Wfe9OqtdwoarM&$RnY_3sUSX9KGdlg}9|}F{g`OaQRf#A8eV6 zUS&4{a-HqciNbzYms)Jf;R05Cish9&*%f!#iZ3uInqeTBhpB;qHa!OX(TU&#w-Z9n z_?e4B4Pzs>G*Q(T;w1}OR~9jm`%!rg<=~dv=;c%}{`kTArs1FMFv=zwZXlz|ExQKN z$!NwfcEvm^-UFj2>j+r6ecYy{gDNnP3`I(p>RlAOuI zVBLKCSc$(yTydL2F}%Ns#*Jfs)-9!&@5XsDc#Zyy#gu7@LhAh0Dz`)a6)2A$ zRz<}87wfV!zCS>SZyFtfnq^&TFIa&DRtk+IIpX>X*n-K7A&eYSYfZM1sHDD7@p2GN z?VB(6n?xn~4_!kPRrKn1=sYvJ#+Q0|=X9A;vrzoYTpT%(+ak;Om7uN^IlJ!o+`Qt> z*kId0n%X8Y08Va<)!ZKW1j#$C4+9MC$+DxcpVj~e=hTd-!H=W_Vtx3}T_`sw6f-o3jJBN|K^V~5hg%Ziq1%hEt zmE^PpnSJ_Q2<}RU|KK>*Ikl=v>zgtvZ?*9wVQLoPJ59` zXNpMO*(iTHv;5%g{NkLv%0hk(c=hejVKhK{09;!4xYYxEqE2FM0MX393Hzb&nnhk! zEuj%|Gbj6^Pg~SD_Db{1*kD}ECJ=40`A2UVwSs!8K9|RHxCvBpAYJ}+z7?di4vaE1 zTMplOvsnB5?_tB0(adH&d?7d2t_2RI7(h@5r@?H&aN7m05eq_D$!-N!+T7_+vmSk++z^t2zEC{w!1tjXhm2?o!)3%?XunMel88a*6cd~$?x=EC>ShUA&NLEFkIWJ*(v1mv{qWY&u&oM#hq4y={S>svqM zDQR0}lLm=7u!X|M7bp{DK(=86nC9l@Dbdf@P5+_XBbSs$=b+j)0o`l~13Qv*qNSn* zauXMug}x{sv+Y?p_s!CpI$yF#c#W<$F zbl2eFlJPQb9^KKpHKRboD|%apx$cuzgtIixf@2)}IrA<6aImud{OkSokn**{=&J=N z0TsykdEr3)>n=4q`sr!L7jXOVcD9G0(Z8 z^m}9LNCiu+DWq^xKqYj3U|`BE}G6knkMtFT!Oe*ZB<{G;V`XUI>+hB=Khm zw9@jo#qRv(ZJf2qH~551HQKa07DMp@9PDg#w&Ulpc#(}t;M)LBXmSnfn0yc%^Sz0G zcKw32K#A`WQ+aXY0!q;vB(Q{cx^*xo6B*ax>d9}!k1CylJ$cL%?cxVqe*c)2@Qn+z z?_lT9ETZ!%((9T)lydFK{-x2H2#B}PP8&8;olQ{Qf~XML>Ei`w?xRtDb9eeL5(ivE zA|H$>!Ps7JNm+M0W18U+FlP(1-T2SGgg}K1jKMdS^Y~FvN)Y=ug3n@-{zD8%ljY75 z9-wMmBa=T#W+H>mCzJ4putPy>b=$*4YXM(0Be*Mu=CK)@E$Eh^pu=Xa6KHEnF*dC; zQ?puUtgj`B_QE36nXFm2jqqXz$8q%=dQ~GUn-Q4E;>S>~ob<1=Jp7A_6Pf<1R?CzI z=So)W(~n;dS^wsD)GgJ*gBsqv6SSKtq)BPP;6YcC?mc>g8mz!$^iAbK^h(q{ZH zZEpGO64O6jJiecpTa$qrxM2j@?VPehqm6Z_=GB?Y9L!;^Ih=3YL#A4>LnlaDH<~Y& zM2)Q?DFX`hk54`o^<>HNO^#g(6g@ZTO<~5>6XqR2lMUb(9jX|;*m%~81Gs)H$uk3P zmY=6pK3gQ*9W1?F>2OBgXYhY}ZmiYwVl>Q}PG((y;cyCnta_ zhruvL?cJ!C$|GD3dZ)1oDD9Wp;{SHhnl1|XoV#zL*QaE z8V*z*pk*}Vb;I5@xsU;fbX<%0OScQqVU&I|X!%*Rm-`AZ;T607{@d0fV9a}k%wPPg z#>F$RFLI@$L+5&8r6we4uIIXYoxrAxpwo+a)B9<>Kmfi4aDLUfPSCl!=6*G|qBH6J zw$ft*PrdP^|JlgCSuak9#z|?fetl_uWxb(Ob9J@#P_?x^ZQ!{f!2NUayZ(N>FG&To zJcMc|#=bRb0>tt5m)13FzYTge8L9x79W^=2KcC8q$GHaim(DcEh_*->R+zlc*2nF( zI6GxpYAs`5*kLp90$RDq?iGDo-&&!uKcRL)N~w1jS9Cz>Z0+4|VM!&zp z{&0{fP2w>jKfPhh3ZvM4C7`$prNuaUIeh8A%_uGAjEet(ET`aw;!8v{K|ySe zL;`T$1Z%MN7J{gOyC$=M-jy*tO05eIwO-OmE3mq?3MG6p=i3Z#xS%(w{If!Fg4TJ7gpXnA-Mu7axo>Eh{VLiF zp475|1;mnz3zE?(@!sM`M);FvuOPi4SXld16bneB7;-B8HuFIVTz9{Hdc{jmW_`^} zj59@oQ5mB5(a=+BP>|psD4{O zZjO`QTGL1tB_%V$fVAaK0WNv+a~%Mm9tbfWmnO+CF8 z_p?UMD0L<5R}4{e4BI2RD_s#NRBJ0i#9A-*VLzfCh2y>>)+ZGiUDlfvTK*vVvf^%u zC6RlyFnQ$2OCRD_#hIV~xG{lTIA**R&asEFYG%mlhH6Ij=;tjE->t~(fIHyV(XBTL z4pjOCS4p_)6uC9ZR2qssgd>Y2)vS41eGu=&Dcpolv>`u*l#6f}u7anjr2{~ zc8J8c6AiZD3A+6OvBqn&cNJ&E;Vu?DDx-2jmv<3)!VDLX6&$~Pk`TT!y zE&0&?J}y^t&`iuj1nW*Cpld2rsas}{l9mb!m5}kyBSiaAVMhWEl z$C}kr)Oe?hWFf8a->CB31k9A#FnP!s^CW9lDzX&T(V~Whg8Qx z{Cce^Z-6}y^m0CyT5z*v^xqOEHsNmzP4(PJ(jd+1gRl~2xe@e-IkIjVb-duuLe-*_ z%oOKZ06B#@xdW~I6#FAyDyyJi3WhsVnkfWCu5L#YRR;xTrmU$VOy6(eSaSJHk%0^+ z8IcdmCU41)*gX4;E35~&LG<#<=y6qDV!L5nLxW-rH8jE80h*7zjrxo{n#3K!8V@^1OB;C35!t0WQ5%^%kxK!xW(hpn)W_eoE` z8`^Axc5s0}VnK9zs!UchYy{_M7brfAh=nOAT;sPT!+>DqjD*p60`{qpt9}f?`$&ZT zP~d%kn~$Gc;PTg*T)QrA^8Ov zxXxmjRJ(zPI}p)I-D_-gH3|Goctl)hG?dT8Unx(lfkdcC_zDf16g;1Rl5S6M_EC%T z$SaB~tqRM8_CO+>e+&9(2W=;u@LTC_DNhKW(pi&$&xv} z!K9Mnerh@4$v7rgVhm(kiJ{4gx-@cO);qAw39~0FvZ?(@r9_VF%{86UI8SGIvYs&mA82VP zz1DQfvv*-Z5>(oD-*k6>+pJI(i|#;{La7nU5#6CW-j{IdWw&4MccB12!WZs*9jhVT z<1XiZNn%wwN5}$ETH;PIo1jK54RX1~Lfv;?EqiHh1czA7V9d!pb!r>Ftc2Vx$Gz6> zUN(5p?>_@~+*+w5hk*y(RIqQn#>X~X7-Z1?S8)Co1@gSa1+8K`Lbu<*^D?)FqSjVY zRbVXG!Jm1>Kb}L;#3F_TI~ec`(HGF^%XTB-Pjj3cbWp;^6RWPHZK^nv{3jEB!gTEB zcf2diZ0(lWvEJ6rrWYFo#wM}pEF=w|#-VJVvYpvqEJLcLva1-Wzn@jYvYRx4F7t0P zp-v1u6IG0tvydsu>4H7LLl!LI!cY(X8Bk!5X)lBJ@_#9d^tt!(xXivOAqg?6U!{wi_Faux~xC`j?$vJOF`l6+_904#_uK zfA48H1k49ItWEzMgtlAT)?n4^D2N4;-U!hLB3Eh>Ln@9sQ~iavjufsAve_;J+ zD~A^Em_~{5#zza&1(}o`48@K(N`?OEVVGL<8m9_kucXq+hG-BKEel8oF$}m7+sg7+ zB5fDY1WJz9XSuSBSVJJ3^cqoL&~}hexb#tj$kd;59#bxgtj;kJa`Ac-GuZGy#%9aP zFj-xT9-LuIq}dVR;JJ8zi(On-6vfMGN4NB9nl+^*4zH^dZ9f(j|1K?0J{nM5hXf}u zH%VIyt&wb@NDW@mqr$-cUURFAPh1!{7-;#5EJ%#(0W9{s)~*N$@GkI}nJHqOIN#f# zg|NUL?)dIQGyL^Ka1_BGRiUhIDNNPRWo~KOW`&NQBn@~Yd8GM zU6X~661>882S>KpSbCX0N2HDNEGh9mXl={A@k@YvAJCQC?6ZEpsCag;F%bEcc;G4_ zAb^yB^H9a@GhNui6pjj-D6u!jJd-(>sGWr3+pv6i7l#)7q#(mpyRM)pCQ#_#E@H4e;=3++kFv?m4jV1U;zTumq`*nuXK20v@+E zLtZsN*vTcx(Zlmz{b*zR(HokaB@P(07}OdRFkmrU$6<71V?ItiZ*~ZC^s)dR+QIbt zq*u(a6ci#JzOAlyZZ7t(-*$k{(?iXeMStvWNXWd4H#~D?Ac(;rDOlss&ZU%Yioo&I zfL=JRw4-q4K#`8V%KASL#^~1yPmqIuJR*d8xV~P$zr+A`fXmxXkLh(Xf4Ug~L5Fj> zdr+L_gze1rkfEg8(E8!6t>cv%x<|vD(Q)Z&(%9T`#X5nKurmNs)Nm#Kc7>O1c!wZX>Iv+~r8t3!3TIEYby~Io$IE#7! z#x=AZyJyLMqFN3kp6d``v{#hfNwk-M!3!I<^x4^g=`kjI9;bidOZulV1wp#sGvsHM zf^1n8X&kdaRM$o9uV#HUd-FgpXS_X?p(L|ZODPn)rHrrHS?HwzwGQTAth;Pa%%J)y@3x0MiJCi%br>y@nLIhu4shsrHHH z3V4bJtM2+dx zTd)D!0(l5J`evCjA&2L^KGo;`9p*a}XR;q@~hIYuta+It@Pn)ZBxi3akoZlQTUF0Zc|E}W3aNn(n zsT0t(gfKAGqJn1rx+_b_&yi-crPpu1&F?arM_?QZVDLb9K8egAN??_~6D}(3h>iUc z*gNw$UU&m2<@B%rXEr$em<`#kzc)Zrl!u;W_EgjxAnHsA z0L*m4ldlBm#wC{xgQzG=rKzEtMOX*FU=afHyS#B0{0U!?c2c~2o`b79O902N7o@!{$!1Mo+izy-;ILRI!!MV61kF6{uKHE&(LQ}zM9_$fO;7`Ffo zMt$@vfJ<|;OU{3{<5lnpj{e3^;Q|_+88;efRZAK4RnwWY95KQMI4_7>#uajf-`3V( zbf^ZAW6pc5*~JG`cfO&;6WA_uB2RQMtGRRK%1jE>|>uY4$y(hOf>~dT7Co;I2<90!j9`=WQKU@Ql?^tJc@N-TJNcH#YU!0;O z(g0Ke@aVt5yZ33CFI3@OX)?TKMiG>tlZa|hX7;w_4t%NhcEqhA9!FPafYc|%EfDNtv+WVPNyjfvR+1>!y6+ko+@LS)SWf_zNRwKHi6TurYFv3+S9`-fuosqDgq3`J5rlGa3mi7S0VY;+`+>d|$(zOD@VGXIjA0jCMH4^SWM#DHt zIvS`rHfS<@u@4azX?U5Z7;$4&qgSf=P1Y?lEC>rszCQ=lW)k(K`TQ`ar-I0gHYqW# z(P;V;myrlSd}!+}7Ctm9s4q*DSfxxrY7!;P=G2#}vE4&AUE_Q?9(xI>wfYd3-Y zW{LS7d#W?N`%(z|b6yM=RKMoFC(iWSKv)QFRai!Ghg6*)^u$!1O#A6;&15@~_(+5c z)aL*MtfIa0!wKcMxp}w_Q%D_cG-Ga<*N66{9(z()4{Q$Wt_l6Oeo8IBLp>o05wgQu z{@_ks`2POwT7m?y`goeyqI{bv;I-2F&Wy0rNO^h_;O}|S!*F;u(;Eu8rz8!HC4LX* zQiU(&G}hA^-;ON%WiD`SeZ{5oOq9kFIwOv&WyZXBTX-TmR*GxLzCGme9MjNb^fmH3 zOkZgGgLt@z?>Fz1ARV^(1&?%fh>+71bK+R+FCCEUpC`6QpUpLt+B!tPvM0jaBmV$F z`){BtX}_NX5RX>2^}wUxv>$M?z^sOtU7;`FP`8k*sj8vjo;3wILntNPv*j_@z+bAP zitxffljr^j4XY3OEtx92Hm5{?w8#wawTQBnq_eQ___q~3A>*lq@FwbW1OVh2wP`V$ zH*b#jxl3(v-xKxA%cG%mCvj$5DA*52cEVqNn+dT}f;Lq;#v9FYw}eli+ZCH4hs_Lf z$Zh0`%9QvdE$naMs$;_W#10#A*-#gP58OLCv*7_lMlO?wqZ)nPnU3LzSx`9W5WQtGxKh5(3n->M4 ztEnXM70DB8xVICdJ1Cy z83NMBDp5Mt5^)I!C7qFd_i7|w-EbF8LPQl;NGV{}NDm^vGGmgMR(8;uE`Z#lXCyAZ zFG|d0!tM=rq@Z0lUiX6g`joELQeCJu*IJ^()+MYJFlsfC7dlJ31}6(~%_5tA}^qR}$XiX!PSzj6t`2a0jGzH8={9igk+r3CDPu zI-`ZMDD)?yejgRexB3@LL#IE&mWP^BA5?KF_7|knoJ@XXQh{wn@ob~Ypn%%mQj#Jb z(vtIYFV5(Ev$CsCm%Krd5;WFcz=#F5^Zu)yO>3u!;?vLukDB3cX2YYh;bJm3&uwz_ zv~sE`*6bY5j-4bh>n#KA+^%D~mSAdTb1@3-DiRk=4tC6AIr`*z0^BN-v}W}LPUx}C zuM}sr;{`9In7eUwqw4hY4YRe%&jh$c3uE)ju`AQHR{fA|vXea1MK)~4Wl7RW)~PM# zhhm}bQDCz~s>_PrZly3_XC+ze(qvD|kf##rrUSo_OZY=Qhfx76b8Vp*NKM|4QEcur z(6QWj;({|aBU4cob9uP8@86^3Pw@?j-B?Rej^<7^H#xhDLn>+78ABqg^(WxYhK#xB zqXJccT<%aQceWiTn~+Ww8VjdhYJ`GBb z&ApU@p$U7^U~r75Ylfoo7BDt;V^^j%Rpzo$a(7Q6R4E{gZ2A9028^h1oOrKoq^2hV z)x$_jJ`y!tF?x)fPro~Eg*C8z^>l~O@k(~d|3n7f|A`FZ|A`D4|A`Fex-PqM|4(E{ zY5h-R2taYblNY$-dDnAcnvurG@e|W~4T<0ZfyLesBJyK5i;33uXvxfe+9ReBKZMd| zQw$@mDFYwOC&>%**CfZ#sw{$`lP?h>l8e>ZC#hvpNl7|W4j0qzqk?IaJS%;QYdqXt z+9qc2RB_KdOtEnOCJ4kpcXwpKt+P1PnbN&Tl{VFOsG`_Om>|L6_Q|uH9c0$Nj|9JF zPUWVX+!Se5(XHbK3xogKDW*$9-7ztuk-tfE23gQGMPQ~;m@R^-DyW_L7v2{F;f8@! zbmdXw>P)R(z3=V8X4PsSv#kNAFwcf~8%0))+S(3gON7)oSoMptxloL_-RvP;E+@Gh z!RAS`G5ugE@A}WOrww6gf6<_SO5sqy9?`-76B#}!d=35+8H_MTYr|kW{u3Dv=Qsba z$gm1N{vnuoHs?U7sCl@s#$!1&ca>rYq=awZ2+q)Q$dZcCvVUn}Y=lL#bQ5kKH_HQ; zq?bHwoW7QhD5~8czHSKY024i4uW1pR6T>aSQubXNB!oGIgaa z2rRVr9w!#L40p-2o2)txGF<(7(2zb}!))R`Q8kH3AJ*cs7EEL(Rt3a<-KvcmTh4HJ z9SMf`V)i?`@>q4dH*h>=sDQE2n!~d|L0Fs&9+>g756TYhS zjQdWqi-x(?ROf@(=#ge@Ya;-q0QNa3TcJnoDIQy+Ci4 z>TS7%T4M1RePQ zPw!*jA4)mwRsNhY`gxpl(**pKXw%jl|MM7pdPV&~k0IEMc)mNN8wpfm+#eRgCJQX{ z`8rz*SoiY?i5NB!DmP=yemI6oGvI2T+ohNiAwv_mix{(D0OMSL0jfcQGaj9SI}%8$u-wI~zvv-q82Cx&PE!Z=)VqFnJ`lu&ANA`0mJ z6IFDHGouEXF+G!~qX*uR2hHZI- zg*?cJ(@&@j@iggT4)e8P22l*&t$V8lgCZN|?wPX!Wk2hPrJ$51mZjwe?F6>t(sqAJG*R z*H@PJ&5X$R^V*q6RE5oud;SsIc_gZY52Qu)U_v5xipj8jPNXn&d;y23_LgR%Kg2 zHa+Dyz1j2@X&yeKTn1nTD1*=H3`Lt9wW77y%e?WWQT8cC@Ms?FDneCRT*ycCgCw zb9|YsiBGVUao$v8?XBenD4Qr_S;z(CI}zUh7=~F=UX?hyrGnGMk%I5JpaRr*WIQR!FK;7Ptu?`cD<&y1TEZ68 zeJF$y3%#hB%+)vwc#wNPyTSIUHYjpyK+R%9$fA^g7>38VxvarKg<|VO#q=MBL3OM$ z(fJz1`LL<{`Rm5}d?sh<`ag!@An{?KJ8`=Z{=c8x&KAup;JVYJ?(6;R`vq&Jtq*J5 zxRd$Fv{$nf%y!Zd%Gz^KfjjL~zVA$g#Xsi>v@HW6Efd1DFbnjumLDPZDV~)rR9Ou| zUj-b*M=6WBtok6%U_*`6-3?+>uAfWRL6n|K%U15g*r%7q=8C*G6qs zs_zSawUSp+JPMlE+PdmThw5HG4j_DP`X`Oo+4c)su}$BS~Sf%uBla#F}N?Ty8$Oj9s!3BiS4l$5ML`w z?N)fG=jHz!GgLf>{mBSt9nJdWC<6W;!C-+W(u03N2&WUUUS@$40gRw})8aN~SZn!(m8eD=&lhH4FY0Nvg3T=1DU=lUak`1}i+1=3flFoLxf#Ootm z{j0%+Z4tbuw%8Y{Ys?;3*^DKjXyqM|TdFplxDKibz7Yi384{+-D-pdS?Da&q)+2(g zTGw$BqiTP+UZ&<0E-gcX=TLt@)^)L*sxAm+FgWo`VSuzA+JKiwb*Dd*QeMrXHzHjH zf3)4MRkH?9g*1Op9G^GwkwOgpFy?d468vAtAIQ}&XqmG5Lbc!Jbo%`PCeT4#j$r?X zs(TEMEb96No@8R%oY;0IwylY6+sVYXZQHi3iEZ0S-^}y8_ttx>&WEl#UESZ#*?X`5 z`mNAsCc#2N^vXTKi=prZ*g!4ZhCw+Z-5z)9gr7_by{*$`QQ2|mc{^lMHerx&mV9ork8eg;n&!}dZoQ74U(QX1`H;W6!xT70B!j_ZQXa*p4F>-M*@ zmWC$bkLfF4HtC8CEn+<2pWh8|F+em%QiQ3D1>g;3TKF|GVRe2*V(zH>cS6(t`%G55;F&V4IN1ZJIt1yWOGX&alX z9P~6Qu2G4TX+}u<7Gb_(LV~7?2n@++EB1b&vgsYU(N`>Jxo_CBNWYiA3=c0(&+1g2cg6LUJGR2cDMP;YGt*@mX7mCJ>+xD4C=2k}+ku za;tQ6;dpZj>qX^#$Q+C^;N1%4nKAdm4+2Qi0+RIMy#`!(ATr3GRc6XLWyerF6yzC! z4XOFV$otR|3*j5B9Nz-NEK-=XTuEl9!F{#>XqE-?ap(*G9f2D(^lE<|O2}WzmEF`f z+B_mUYgZ~9C4v-N`83d^^^DoVV#ZtJpyWoPI16g_Gq841TnJ(K!YE^yRAF4$zDF|* zXcgij6UC|~bx~;RsPBRfHifY#lY{Huv1em&GJ_@UUfT*ioAjbIiix7!DFaPsV%tg8 zD-a`|>I)!HQFY+Y$)DBOuj%8(QTAF{y-p9!8NgMy%j-LY znppB5fkApd^;=+Y0__#~78qtARosEpjt>O{)0RLX<0wY zXcSG$uTWH}s3`dlbdOZPL2%mdjM(B*3zmHJHKTV%_0tZ9cXMPD`WF`&yDnSnW~^+{{=~ zEp2EEqe?OrhLJ_BR7<<$pTB_p|NI5GZ-3#h=gd0e=RN@hk<#%_j+TA3*IjR%3OC@W(=59bDwD z#XDUXnF%{&dAo6a!@MU0|1x)B0@%%rJhC_nTC~j1QltdYZXG8)orOVS&l0imL3t+y z#~lX=vZw?UJ^;DQfPjmhe5saM6$}2XJin;$+Uw}l5Cy9&Q zoi$?LGb&U|prr4!@~H~}P!cA;B`iAyyq7-o;GV-DDHVbu!f z<`j6sKZ`Ct%kkppvGGj>!vlbBGzFl4R#5x^Jip`ykZVv-)XbE%+Lc z=&wLMA#8`x;`4jzMcY9Z3C8W_CbK;@r#c4ziVihq-@kr+;pUdOa9*qC;P{3+lrB@F zsne+J+R$sx1AyQMCz)vBIz*T3~^6MxeSm6KVI8hmNNvD|c!qe=Q+*zS>*dSXIM zF~tYiiTeJ&U?UWf5>UmZT$|!7eZ?3t_*3N?@6TGjBMZ#It4zvylD7Vv(%8OS_bj%vqbrtnClD@)00pr zzy1PHO3vfIo-WDNB%?f;DHHsUyHFssNh1QHVENUHItsDrPVo~pcX^(u1VW+WlECx$ zy+?~D-9?bq)5GD$Zah%S)7buIceSM8b0DJYQ&Rut>@0#Qgu2Pw!NaZD)yF|~^)LQu zqL8+;B*W7-!4;k_PuB|{xh;J(@5N^)KdNp@4)x5<*}W;+infRYB`qPltkz>n4K8Ce z!uAt=v}`Q_MhU@oPtOU#RSsVEGc~tyLSQhls1IW1rAfkvA25oH?~1`de#)2pa%;!> z#~a#HeT}Y)@nJ)8OIv&`;C+*d8Dm_ z<7+AVeG5QT)*Hal8}Y%{+@g!V&)2o#-Ts~CSQxinqe~4q%kbq>^Md-1xiBVWwXXU_ zf!T6O1Fa5^km}`>9$hd9z*}h2{S1sAU8nA-Rv%;G4@#0Ty8vVgFQh(?9#7v-V|1pP z#*y<4a0a@vNsveLyrfL2r}oodGJ*Jhey0kMdm~AI?B6|Iyf!!(vOKNIj0?^w(0QsX zb;GPeEK%Fh3L7h|H$Rj}yJ?w;q%aIvsdW8^Tv#37^*R?C-xkAE;l<+*^ub*jKb1oN zCKqas-X_1vg(cvb`er_dGSEa#ywUFU1h`Q@$X{i?3IIWORwuZ?`gjVxJ6s(d0V(8a z?Fa*>9(H<9k7Qrfb-)b#GdwRY7fOu^4$KFi&UN=1)sgS&miKKVfN!{=Sv0zzC5%V9 z*+3tcJ@Sq@G(WKfD#{)GC$f@(ggu{`_t-Jb-fW69)-glMu8R8FUElVNXv8Y2e& z4vxfoj%4R>|7eCQLoSm8$DI&0EC*|c2`fLWjB&aoDP87!N~BLu|15!H%`_0**^D@S zRM0urSn!6rSDqyMWEFk8;Hi3j31+B!YFbQ=iG7cC=1jM2&jvqr+057>9g3{L1JuUo847B zc%1f*l5W&#|3fYa?aWcRI}UlZs_h*?^K=Wm{kw&Uv&Y2kJ6a!*ll5?KPXX;lVH7~@xoDo*X_ z9#vhh^H4?iTNToX&T{OSaTvSHp%xz>8t+@$b=c&JB)aaX2E(QZ+axfD*8mmgyxCOL zYu4us0yvCJ6CTOu^!MF4yFT~G2$@xj7U-DoA=70ngj88SBr$M)ahBV)Vc>s%aXtKX z)~=?F;NNFkpE?c1fJ4QBr1z>+)PjZu@6fB<{spmty|120fzn7ZN_EMhU;UwyKL_>_ z^!xckNg1FYyUu+|S%xIrD#b?r)Sm!BKiAOxBNt?}fJRbADyM-O8bcj27?#U7d{kaZ z$z{62O#R39ioeN)_?V%((L}Zr z8thc#^nXH(%UX%|kkcqBqY6_~nx`}*t5-hYE@*PtA7|)O0?CNQ)5wPMZ^Jjs`796KS$&Ss<@A%g@Oe`2_QeQdFRif$4Z{x(u2N+h#cI^azBd~=IuDLDP`6CPxf}WN z5<7LBTh@*mZqKqYESVfg>{E-TZF)K23uA2&hnn7GhzVf@47TALC%1U_M!NDN*N*WF zSQye|J9x<0@sQHKc;DVa2ryQ{c2qx>lwv#sJ9g05HFkP3f?te~q#jZ*ORtO%3VbXI z7daG)-53iC;iz_om%MwBCzt2Vs2rNm((0d%UYw!vDCDijl}Iq{s~D^FRzqE_`eLZ_ z`IQ#nRm9YC=G*1Q*+Y$Jx1zE@1iMafDwu9^(WLS6m59jHGe0Mn6~4d8yW)0*)~bo7 zM(8AW14L4_2Ml3kKtVzH!<+%kYC91P1Uc|zKI2KD;*owrPx|EkvDSoNkGKw~@!nke zeY}Sk87La^3F`rFm!nz_N$fDhS&<0EzHURQJBlb`=Np4F%gB<8Mk^#~;lHJy=ZBX& zVf87aMWIk!Ju6i{w0f=RbgHRrDWMD<4`z`;!7S*(|0U7I9U4OOclWr&Vx&MZflzQ7;_(OHI3M-%Pb(Q|<%1@& zALhqx*bi)L8x4U0SLU(!t-+t65o_(TYOHf^5kWfygY9tR0UsHCK5`cbmX|RoI~_^#JUeS zr(+0>KO9RGBx&7@yjSH6AtArsVgmh;P6ETLH3}t(>&``Fykf0Z&Rp;FDBv^)*VQ)~ zkr~Y#VLBy%&jy*-c_h$b#|!Fyr}RwP>;wTzE=zjp?mGshGb`X#n6fpqlxkqdW+8r9 z^XUXjF%(B0H{5DN*=2Bo;&&X<+hg!+zHgz;=B`IHhQkAje35-NVPhPGLyZZZK&& z;``PtMu;rSDFy@urlUXPTYXru!b)|(4t&WT#Xiq(F}YU$4yxST5gDx zT=Xn%wj*uBV+VLTZF&bHwCst!MArf=sqX{jD;=@1B!Xxw#yTrp>n$(=VOO{>jW+rd z)0KK5Mbn2%PtvvB%_OcOI)q`Yu!j#Rm%2qZQvVLx($tCqLB>0rIMi}J)!Vq6c44Sgz;oCobURh+(VF&0T zmYl5=A*RR(1}YfZt8ubqO`8fh>B5p33&Z)$s%=e%Or8Wb6 zDOD6hDeVrB=@HHPE|4@YV%?u%6m3b$%?DH;TUd?#?YZbciMrptt8P#fZs z2Q1nTiIDiYK==bp2jQlLLZwL*Th2hnbs1z$vQOV8G+zd#4z|QXLt&vC(nA-x=+yG^ zsmE>}S&>Chncx!GM{87X(M2@;-FlW|$U$OSBy z3So1=V55HRy(lyc_#=lJX5pwAc@PF~7!8R+s4`W13q)>TVjE#Hu8}eGTtMb{ykH%Q zlJe`b*SE^2QeHR7l+R+|Ngz3*to8W2?2fBMbQN4=OH3%)Z%1K*qUDD@Y0{z{rI?hE zH#y2NyrHUn$OkhE=}hX7NT$$(KKO4$`NfjUc<350bFOY-kRL*gTf+q${jX_TJy1FHt2BuDn-1ZG%aruN zTRpDL1SWq5Oh68AEiWmFXAC3glacfa-7}g$BvlJECwUhv8f=zi;q)8ix5!I- zcxA2Mr)yuQ23*ndL7!qVdp&}K%&1*5YyBTEmu>+>ZOhZ&IKQ{Gz!LiZ6+gioqYEno z<9Asg@3@$DXrQkdW$aVTnn?tpzf0J9jpd*$Hxee3&zh^pT~lfrvv8!G@I^1qAjmhM zi?E6VL^_-YUXvU@NM{opCjaKoYQ|XE#_m(x=RbK2_735FcYHSROl*e3g}??98<`GJ zKvJ5KQMe|$<|d;LP&^Z|yvdA6 zuMO|HLSe@1&(LpLzVeyq z#2z!Q>Oy9O;rCp-Ch+4#x&X}}?cF;Ph47~gw^&Viv(6thiYpk`maUahQs*eEolgOB4{(HTyI`vs9{@JcsCc;JXZXP5JG)Z+m{8({j<{^E&ay zhxc;pwQq~lau(BLWmQ?@`}H1@Gb4x4^MccoGjMtU4QST}Ov3jxg4WmFwh&k#w%0LB zX{;kCaZ6fV2uv-Kk=pnc(*eJD5XN+&@I8<(NU)i+Fx!DL6Mo5?=FYH$3)Oc$GT%N< z1-N5JyYR*b)erp0QXo(z=D_PsL->#^ZG~cG?8XN3N%#?;?l56Tp)+csDu~ECY-# zcn}JB09fjxniYJI@>iI}2D-*e=yA9ThwieITx0npLSD`u*c)7w#xg7R2ry_=*cl@6 zWu$IsF~21$>sVwJTIgFOG4PNU);nXnwmo=*h=eY$KSnBu|NS1t25Je%?aVG*Av}^3 zUnnMDw4$5iwXDH?RR_iXP3S3VzB@u-H@h$cuB=V2$`UXOCnq#iA+29GCa^c+pwaj) zDz<3e6q!9&O(2m3A}J>{i(f)+?+{E+ZYymr-F+y#%&fgsF#e-9lm1v}*ymVP6Dn~8 zZH4B7Ph1e1`N6=;ih<9PkJ3Q}kzTROk8$Yxed(BPkmh2bj>&-bwQ`KTUwKzo#+L z=1Y&I3Tk2l0bSa+XL8iYPS}=9V3)oWPWpOuuPZGAX2_Zwflsc4SUSPlyw`bP?f^En z7>|JU4tgElLx5)@dCIcuNWOg~V8cO&`?u;AMU`(Lya^NK1WzH#HtCwCaAqPyAq*#) zo*R|hxhG>@VQCEaGDkXtvgKp@=J~m$ko$I%ms(?ilg@WsO5^!EFZJ!=N#n7nJ8jP5 zxtPa)uOU@j1>MKvZ8C*VQp(AifR>#L2KKatI6U)p`FdRPjTw{@5Z4~V04qlS z(ys-Uny9l(D3Q_b_N0* z|F1J3f1u73Z9~uOd=>|P6BTWYw&3_w$!Z|wv*aJ+!UIP*t5AQG-3fbc<50Fi{@v8F0&`4EOQHRafm8cUwRPkq2^l`)1fvi+};f6^xr zXH;i5Y-9{$7u=~WSxr(IFs-081){3<16!&L|9f6d@K9zQL-sQE_<#w@BExy0Npj_O z14E?%D$}IJ7ITRoEtSSR%&)k*zh#N8V|{jQwuUB16h`Fbs9T(Rm5YyNQC_)fkvHc3 ziHq{Vju52qFuxZ4{*(KfOM*>7nkQD{vo}2m_#~W`V3#Dsp~imkgBRb(_x*MZ_Qmoe z3C5X{+neCVepoVP5{XQV9yFg?1-BgY+7l~e+M;wE!+{A-+nW~`=M4$arYn`GNzKzC@{WeGaTO3r%+?zZ8!M!fzT!t3T%yBNk&DJZsy z^-iY*4vRtX*D0Yf4YHPo{egX9IpsCrSSZg_*$OL!RrH7J?;^sKVK}ug(c4V z(*|L~gb47Y9kzINtibPH9415tj#!Ft!xbGY({5!5u{l6il18W(fZPbX-gMhv#!8B< zPYCtlYZFP{^I_DGHs9**xbvdh4uB{|Xe@!k1yTJ=Za%`QSsyZ)1x7)*fU3kP$qUkQywq~m!zL9tD8NWXkkd;3bDPPZ0d(QcwoW|`Vb}8b_vz!DjX&H3g z4@Uz?BaB5TF+$YLT9#Yw+9P#hF(HPB1Def6i6Ci9g`~f{QHYSl_3gV9NM-2+`Lhrc zu%TE3O6Y5g_sGMXSl|JP;Cj=&`2vF6QSpspUvCzc6WYGlNZSn-LgHitCM9kX-5z8y(MY>``9W9LLHN*} zC0mEeH@p`J@fr3sYJ-H(0Sn1|bHO)Y=Nd?vrp4u1T#FnIWKyG}21^5fd+!552hLMg zEO4Ju)Ic2!(5~XIxz`1{hxC%Ax1L_*=Oz}wP!$s+*s|8>OI zj=+EVg-NYsgb_w?oBX=#^mH{1Q(WGasl1qX*nRDj9*jSA3ciCR{#e%l=78rm z(*warpC(sk3y(izkg*wB#`*sPVOhW^f5C2X6c%6ERB-kn88DvxfV%uiM2{{Bxc1cn zdMntAav~Y|h5=CRPUFUIz6)vyxUyd8Zf5ont};9q0T_o|TP34?_PU8diSUe$?6@#@ z!a!2Ogqm6r7(aOC3f*?_7gd`qD!c`bfcFg1Z`MhW&Zi}Ud# zc-XEXH2Rm2feVgV<6~8~wMY?TlKZ5>OB{>Y07kjN%vP?LlxnVAZ6vV`VMK4|A9Eb; z?`Wm`t$N%e^YluZ#mM?@Tf$lGDrhn!j_L8{+fHa&#vQz=90K+fbPn&5<0Ff|4yv_f zzcgL6*i&FmZSNTlRPuTqmy@_19|P>!)__BFGL$N2rNzEZDuHa~q&0<|JNaqzn_IW5 zWKByyZ&1N&5d_wmay85G3EjzPiWJLC()m-9<jZL967Pr<^v9kC!_@IA z%T*hR8SuXoUwu1&dH5za9`pU|4VF|<@=HlVH*_-7bRK$Sh;gYwou61d%<{{mAJlNY zY>H|O|9Ve2pKZb1?mZd)TT>V=pj?R+vWQ`u%6D0jGn5?+IA`V zEgTPehi+}y?y6u?Q(}P1W5-9d9kg!LgwM8!c0vxm&-;f@ z_FCcpF_4q*2=>jSM4+w$i6FkFz!fDY5@!F49UL!G+-Cs2Jt{<#!}qaZ@p}gyqVGt;FY3AciCheZat0b=;$Q+v(n1nr0cE8dciZe zMuY9+MQZ*)odr5b)I#zgB==orHIQf`-NGu4%f0xManYZkm)r6e#AvAOPM?wrH+{WH zi37+e>hk9iXT+H7W!)Bq=+zY$=fK38WI1GW;jpYrDdLuGAOGQ$Eg~UN)$sYh&i=_> z&61s;-ES*cRgI^x(c;zPARDYtcTre(vG7C`)kyUqCrNLfMF?rR`Y$Fo_&3kb2N z0CeeB2luk&em+z&0+}yJm@Ht4j#@}3&ZZrG-$Ads%|SWu6!3b%zGUK-`xc~bqC^^Q zyJfKqnpRV({VfoRd^iZ4<@$1HFg$B$XV<^&!S&idU0u79lN7n)BZYpkVBO}wdyF)j z+Uhuu+iG7?uV=FJRbJ!aX5u})_r)nh!{v~3kI@EZMbcwv< z&@(~&9A4BJp=x4}yg51KDb`63-&dyJvlK6$Hm2qyZpvh|$wDK#ps3A1Xf;C*zS!IN z3lYLyU(P`~pD8(2Pas@o=~0Xe)mYlfbL3*GKg~K-wuY%=>g>|gO{Ge;p;N1lXJK6~ zgsHKeQlY`)Oa1&{+d=2=)ek8d+x?}xhR*yu#e^ zMBO*jXU*M2e4Qamsi5+i!IH;D#c%EGSuUi0Mtw;Hv4HK8(EY)S%lpII!@S+J=ikxSeBLi#6AF*7CkJ~ct-jq5EIfe6M&vwvaihf275oN0#RD(W z(vT5P+ie1!3%u(tz~hHmPjFqDlJfdK_dI6Lo|X{R6Y-(W-BHM6d0gdMnqB22^iWu0 z#pAI)=}H2$xtK8op(7WX2MrgKuk$2={Tk^ zFO)5>>`+Y%PKu7l8$(kxpK+l?6 ztRB9pM=_PRwj=CU1?M$P_tfUE6+d-JOeSHLW&^jpV4a7f@mIIj-jH}zM#j{2N^0Du zT$hjjMo$R-^2yfVO$6`Jd4zpm@_v}+909FF(1^wat)DuKGp`8)&kZ{9sxszJO2QBi z#6Dk~2*EC=rKPp-Ybv~X%jUAd%9IrYL4_HPHs|uWAK-$9r<;cN?LNu50DSH_U4NwD zM)ndgxn6+>%|6=qznPT@TRVfU#W`nGDRB(J60}~`K9u6i*L8Gj}$6l6^mnx!$_PbA=xAmff#DNhh48`{d z!YXm1B^Q5EqD&IkA;rKYTXBvr!mTS|#y;jn4~mwW1Cm`p~kbg32JC zh_YH9uYNIxfkGW^LJg-nOHaP&-y%U_(kU--@)n zRn5!NeQ0PC16oaqU(GC3DjxdK>3?c8BaKc6*P?Q|^I^~M~DHATi|Ci7d4Nt(R{(FU} zOy_QYPKrXf12-~N?4qdyNwht!Ec@ZGY-7ANMALg;Aqv)ToBlor~<_^tM z6kA(d`Whu*GMiv zMZA_E>~pR3cqkZ1hv`O3vjiu*?r`1g*1x^<%H0vVx867Yuya*NaZy_pRdmBzbZo2n ze6OvvNe#eKt-y!45|<9TRtpu;l$30e<5hyh<;D-qw-a!@woWiH-#n zw;!`w2P!f@CwYWEq^&vpDgy8J z-`IAMW9@A0xzE2Mtj zj)H9iS-O_O5aDy+Y0+mgiTk)y0nZL6rT<3gAg32*qqz^wSrlprt%?x#*4}RE;?xnY z4Xv`s_D)2QMZPkP zgr0rc-{L*{+cevK4G*|ZP(K%J0jcH<7}j>pKWL;s(;_OFCP^L{od-BwKzm@7{T`aqPng(}UKwC*ruBKXqv%O!of%CvOoeG9R0HUx}6D9Jt z{VjbQKJu-1)ad+r1^gOs5S1pYP8(e8$|oMi`*ra1bdMA=Szey3fZJ8&Rbgl!@Nh1hi^BT`EG&kgJ7;Dv+r60(HyltSy@Vt#VS8dsmJS%itVK1ig81QXdpyaso{!7o2)Euo2y(XH>0mhD>#OH&-V)*lMq=M(Gcmyzaq6mRjIW0l@frwR zn_a&6p0)tgHn|I(Xlsnw zPqFU4o?MmVtyYsauYzM&+b%bm^Q_C1sgep6Rm#TK?ZxzEd3ZCdl9IqiB+`ZqPmM6g zExahs+dQ|XlkZEYM>T_W7SzeUx=47a1*FZ`ro^&m^7GPaeluUuO4$w*bsP%$-Cb@) z``uq|!AJkGeRct*31ikf`Z$%eo`ej)M_W?>>fT(BBb2=H#VO)=D&Ye+5*19g;+zJ4 z3kr;rd{mXvG?E~n^M7BN@xkBpt!dso26F@|prEMY2G{@fS1#720V zg{(1ruxCn+ITF%h8R&#bN+z6eJa;E|#53oboAF?9bZ^H5GPKNSG?sPq&=(E6N`M|a5q ziA6z-8pg!VXSbRcGKAe{%?jy4sdW99r_mRe|Aqm7->CE!bG%bnM43^=gCjPS+ZPL6 z7_s3o(U?I=ZkWP=d2W)!7%8$D9+=)paE^0C#P$YGfJbfuG!WTT-2nud5PKp5?g+>t z8by$}u>0Vo-2vtd`>yb8(T4?vv<7Xcx&<-J6x#-?4xwHy!5-fs-aR@(C$4T13(h*A z@-zf=ghI|JU=TKBuo9Fzd=e5&!d9fF2CPoYeG0I4qSJ;NEk0`F9Mif(#p~=eZCPd@ z#b5zS^gYX&ix86yHSpwr-5CBaOlRD@8C2REuE z{FSr0y@o_+;ql%lvC@jL>CiZ47)o-uBcHek-hfF_= zZsrm9ey~z*X{OsJRAxPaZf7Zsoui~}i!&c`RtPee& zb30XE*WwsdIKlcuBioQucz1lh!Dj&>4+pt&&vqE_VJ3SRbHCiFdIICWQJ_^_-pCD? z&~QsZk=vVuWbR4;GYurT$a8N!Z^_~X+n?UO!H11`xVwS(4a;YW5hJ!r0P&BJ3&4*F zRF{Wb%|7PnUL@*y23nONB+ryBx-UQ84W({=^mc{iKr2-13Pl9hH;r*SO`Q&^us!Kp zw(*)hVBXR3R1$CF6&LqGXy2H2Y-OwAv|7B7(`S$$yupuA$c9$@<%+3{>r@P-ay@BB zemuoi;ZK>Edc?cPB^o=hRs?0lx{x0Vw5}FlofTy%wR8%Z3{`MZZYs-d$5sC+tNrZv z6gWUS0zy&GPisZd`+jG;(yw@TooUyWC2$jh9y#GB#db3bP6x)m8>aJ{Kg|`r<~r7`WFWbTa2aH@6+j-`6m&CeEl3Ko@}|}?La}q| zDZu~x&YbAbQV-)uqMp{V+~~M}nK(=FZ+-EZIy%$0HYM~6qq?5-TyZIBcdT7L>BgjE ztGbTmQF6_YxJ99zeyro}-6?Lf)Rd^}wn?|(S4i&KS-yU4F=0Kt2-?*}Tg$>P+$sr^ zvx0o;)RGxev0`F!nROry&2Mq5Xi$;k0h68^*?VL%S)zo|>4|JDq~;fMq%~U_^hUPf za*}YdB^%ZwO~csBTFqQ`L)rIF$JHIR)lC;uZLI37?=>er1f`o_Q+pJ;*iU9JH;OoD zE=Fo6TF8u=W0az^)bsb(lcJu`n$n)>R_rX_np>Kif2TMcYG;eAFa;xQ4o z!8_Qw zJAeR`1SL#q%z$0=3(r#tWyEQXrn-5bO5o}-}!(!w#@WBmCro_|x7~~AzEP*?Cx$IIz zk+KUCLsjMRac&Z0gSW(cQW)38f+zBIhz0`^Mp!Zs^y?QCvg;BN`cUjcQO-b$8EK$( zP_0lQ-pP|!V&-eDz5LSF1nd}1^@CJYNasnlS=F)#bhXf1)cu~E4Su9egm)IU<|0Im zkR%zZw$h(s9>muPY9fqABF=~*O|>p-gy!AO5>>_vTBK;^1CjkDiWYYZ<#admfa!No zo2?@lI>*wU?2lTdA+NxqtJG_Z6z;^AYG-n}o@gJohcK;|1LYB8NT0#kn`0MI=wY<&7UgNUC=lf!FuZ#b2>vV4W+x2b4_4n_L3^jn; z{r%zUEkwJsE86i~)Q5A6yGS(O189BIV~Z`#sF#BjpKi)<+Jxd^slk{#VYZzMWSbRw z-1(y?MFx-rRp6-qH-{%1QeRr+T?ek|_I#hNv>|Tg~EeO{# zK!slIGB9r`d~N9NoxBJCFLfF1+%JO#2y`=+CZA5wm(=v0fK$m|;QfqR?G(JM(U_J~ ze>Lx$mc3}pUYVF*HG{>dT4eVasf+)l2Iku)NnUzTRY6!}CsV=UVV~vSS#6dsxTBtN zK>G83CW0Ltm;wK^orn*h1*6jg=HL`;v9m4rxf6qvO#}rd6K+vDlLN~YJ)}G`6Bf79 z5<=iHikVJx;$W>#u6*AJzXI> zP^N~V$eyF7-jop}qRiHxVnj$$H%Pnk0ahW#4Gz>;woUmWq)gixtUyVH@6St$cTirs zjB;o$*uaBMN`?8HA`?*#sQD+QVW){$V;xf^b-A*%c&>&z@(R;)N33aH9C8t!t4d|C zhn1NRH8shO8D7g#{r{otpQ0RV!?sboY}O>J71Uw3f~LY~T< z?H9;Vt_lB=xVy)k`fhyh%Ku*TZlC#n{F$eD?qBrr$@bX`2e-VQ3%T?~^?H==B5*y4 zsv>qzy0h`X4+Go|w87hN2C%6JiAr8G3PnOV@QN91M0>ypFR;^LRa(RPgAzJ$?>7ORSnh3L1QX@79YmwNUF=Hk35WOgtkx z)vnr5#~Nz|NBpshEyfytUu&>!nX%^oJbdw9VC*r^7wgv`FUl<~U*#1XP)DNIs`%ic%*F;<#vigsZ>5t2&grg|6aA8jKRq zep(Eo>?p*KS@0#uYzpoZeGygB*sO6o0tEb<`XDLMpzmkr7c3Ch#Nl&#Vn^&Dc>7N_ zN#`Lf(&U|<+r7*NMH-tJk*6q&GQ#K6>$7#PhJgN)rpb3b1()tTM$_2W{oU~W?@#mV z_bu12TnSIV_%w)Fo(@iA83E`n>7*!M);g18#;cB(ECeycd8}}=m~O+Q@P9Y2SGkaU zHrQ@8_EL!2t#(c5jaXboK*jiih+;f!&f&$PgExl5EoMh`Db(-;G}>Cz>-DSK#FJPP z*LgL(2?sVOXjR$`llQ+vz@UDR#O*=g$+q=?qUo>+gzjJ1V0v)ecyOIb<% z(n?LB8zsYIbg~_@RckTC`me3{gfN*S^@OYq`ue%X8Dk+C*@HrvtD`-2~tb-8F;JgSv^^Uf_JZfrd$pzpK(YMxfkIM;_={hgx zYgWW$*6R-RZ6&nRO3)2N%G#0{XvagrL<+mVU+& zh+Hp~P}!yW>=x>7R|45vP{Z+ogS{*=oL9g!VaR@K1f52hc+h3n6fZQpyme}-F3+E8 zabJe+YjNw!lzwj%soZaouFqvL7)fc*f03#$k;4maJ>_CDxas@pH-7VOY;EXn_!I1F zZuonx`m?V1JAx+Ilx={KO#+xfs8c$t1;v~ZjUX#7h$$TfeWAE@dcQPZLL}39I4J|Y zk*Yk48<3_HYt71kLRjDNCfILNFehLRxE8yF-hng7xk0$w;%rHPab6jPTW zV7jv4gs^e@Wv>j?_@d~^s2z#_2#T3D(G|6(6mneC(>HS!&!O381j=bc@3IA=}W%m^-Th z<@ZNhvM%NBZ8USB?$2GeOVY-IFn77`lwb5bZ=hX6la6nT)-i$%GQy#ynpu0o-oW<( z??Q(}{a~8cLw&_~OSCv#Xa{#bQl$ zgdzS33ZW%q!h5D`620CzID@38KT|i6sH$zm1AZ&J@_H>aT^Ci6eJGs}YhzHX$z3N! zhNC@15xHD&kkbf-g@a+3y(AnPLB}XQX4cT4k6u3mDwIw&I;h|4gk<2t`aXRRLUG&gT!j{YPMVFXHzXU zf^e4qYUZk8<~nT?0l$dM^O%RFgb6G$Ed?gEx%PK2M00ms36}&-Xluu2MHD+8`gh02 zHP|z0tPE2WNu>13V2R@C`vbkG5kjb`M`UVX?lN>LP(ygb>r6l%{OPxI5d6)e-mv!2 zCMJ`RBO7fq+KnI}LtrNc*%TE7w)m{aVj<9@oSgSkXj zODT>hlRSSJ8O*>OF_2wk24+4=s@D!pp!}ob7RrZ$HV7j@sOJ?d>c*CWlZ~<$#QEfD*C)ifL{vB-j>p{nxd^3v)E^<&R2E z|vHb7f14}N!I42T;XL)skRF}wjlewNor5awr+;) zXb8jOpKOPjBSE+p7T9v$ol;9I60E@|@<^I8GCUhd&jmMrKxy+$(~DzAw{lZ<#@LP` z4Vs4cG$HUY+rtm2QI1obx0-kknz=*#sODgqzcNSGCXWfca79jSFWZoy{~dDoVGHf} zPWJM3|I)3wYa61hY3eW6`2DjT@EOsudje>Cww13u@k_5=6r6&haQk|DcGcF;y+tO-Q3NTeC18kbOn`Ni|v)p>uk`yNTi*u%!89t2nFiEVV+?0c#DrR)tLsRZw0rOz_^4^bQ|)lg1$QHb{bmTM@N z?v&BqSa4F7X~W4xWI--%ee6~1ycX#M=J`Tb_y z*W;4E%Z*U)f0i-ltpDf84#oJgzw>EV*ZZc1&trw4%NlXJ8S;8P*!}$f zY(yC7H8=GQ;kPFJ*Ly>z|KS4u_vhrSvwgWV_}dQBsDWXa_}Gj2uqX4rrrP;^J~QPhgyO1F*(=oqN|zbh8&LU5L^&HMB%A*UI;BH z!^!;FT&iYRUg>qZA}{he>qObRdl!Nt&PIG_jN2zGb?**u2Tfd>Kkm^^#q_$@Ry8>I zh4ar}qv`FhO2&+XcuPkK#2ED&)3!K}yS#oFC{vM~;8cI}u%%8l0LBxddHC!H#o-Qm z+^4T9dpi*dq-k>Ja(iKw^&=d{5ktHRkyYU;#UJ6~%%XJysg!((-O9Gs3Mi4d(27aQ zX)uyp7C_Bunwfn(T<~~KTDtb@qjtsAE^8aJ#A%~BX>l`GnVlYmEa6Y_vAAsCnnGX2 zVO+;#zRI%ZH*Cu0Dx~J7u(!piX7!V0#kRO=pQ&1CEJq$y_V@pL(}>V*p8rB z!p42amKv_QJLf){I078M%-exmJ*t*I?Y#_gSV@G<_ttG+(>Jd2b)5*^FmM3b=BVT} zXZuYcp5d<1=sh#rH80n2E&O&`&8(KMEZSUH>O7mKpCK`Fa?X)Z=EO($vvqhca4{Oj z-|k68rrOvev(CB&5iiQk_N?xA%6L=0dcv?YgWmD}gWKQ>lzxL<6Gt95DWX8?>0-~U zj%Y4u;*gb+GV(~5IAR7dy<@q0v&_{b3g$Qo#BacPOPN-*2(Mg#0)yGgkZ zH_VErBDFy&tt~G&!imVTn0C%}Y_yJ_2c4aW^~zjG7yzNaL50ZjJA@oB60U+AZwC`p zD@95Y1|oyh74f{tlc`w;$I5?OVXFXX zQ6x3mcqz<{2(0GRS0r-^yx5SUt#K?dqYZHFY@%RzGFhpFu6mMYV8o&^7^u9@hy*M# z&hEq>0hoPTRkoxw2>t*TVkTg=U=3xnU26|K@--b9r-^^q;l!P4&j`}{OkK2LgdlSy5t`xfFD9jJ_|dx z9Q@Ot=u0*J!oW$aH;BoS$y*NQ)gl^mAw0*dwcmR51~^x*XN;s~)4R&*pEu+0p*g$u zMh%U$g*v-F<08~&d;FCu*{Y<+9$*pw=Z8@$d~z`KSLOFK@*&=p`>VfbiMEsHOK|64 znk#JZ(mFc3%IHT2p0aDC?F;Fn6Z@&t#kt9##61_AiG{w5h6)OWQG*%WVI)$lFf(a> zKdVo&*U*MIr<8EDE`6_EWEAkNrQp>2q4WJVPONhqf?G7TLuAjHhJhBBX+H81*(^O{ zkb@Dg38o6kppK-1DNlGfaR)J3;&xL3SH^GQZ6Ktn=lc|EBQ;8CM=FkN=M{u@>+sFm z(}d0>t~W>a#AcqW>rH%j;Pa=)AR zjg88Y?+xEqo9AKfuN`Avvy0xfoZ#f5m-h4S2e+&!n_F0D(z^6y#KOhTS=}I%GZcLWb7qIgUrJz`lg5PN;VhI|9gjou z+o5*id+js`pB=|U!UkRk@>Cr;a?DuaqaCc?eIh3vFy8`$Z1dAiN7x4Oj59Df5UNN< z_-Evv%=y{qRkTt6_#2(KOEe+qCHEw8)7XeN71;qM8RM*mUWFm;x%+~NQuo`G(EA4Q zq`jB~T!wx}!J}m}Rb)-0=XTN^oby-}8&~><5Rb(WTewP=O6H4|9Hnnfh0(X#ERU;R zV1UNAewW8C%HwKN|Xfg96dbr5nh}Zwup0DDHW*_h@DAJGRh6Z7DI5tRUz=yX5juTl){)M zK^W$cg4D=!HaxNNWU~>F{uUXcNc!M&;QkQsf%cPTN}a~WZ-ac%h#`=2<=L<|W$tak z|1t`@E-=R#DY8_5=i6Bs6E(8In7o*M_R49*=LMSLzq0q+S2@T+iNu;~%OZ*}74S}k zch!(8nd5l*#-5&*YC{}p((a9VI|A=t zuUClPf87tf6?ZQSe|k3C)|i>A@Dvr#cM&c#0|_I^?vZy0Y=cmfv{=xv2sjLrq)8v$ zfxuWJxfb zlb~hWMK#jWK5gtgp(2%fh=^}l(kci{0A$oPc(W;Mh*Ori%xZSBgK#ZgA*{8%hr%#C zUkBlyf__2QBZ*0w`hOkR4~;lm!^!T$RYq8P`0$w0;Nb$UrSR&SfFmWb?kWSEUfwP{ z3)R27Hh+=iLyI&m1_OjKV+PpsLT%4U-ei_J zyWi%Q`0ZT219a6>2fw==7cBjFO@j3csS^b(V|PeF1BH?rVS)`gyE0`Vj)mM%c%B79 zngW;hB-405EMer8lH;$%7-2H}Q`eTR{ix#yT3s5PFA1WZ*BzH}P$Mt70Bokg&cKsE zu5Qmj7TEQ6HeP1q>f&!~Mn4#_Nzlf$yvhExad4?&sYZxG9gyFG6VgddoKVUG!(L7M z{ohaDU7hd3KHj6_8?g07^uXO^q(EKBJp054`FtdqvWDGY0PV*>(gWtP@adlqF@V~) zlfT+r*6Kr1Q2e!MZ=OsPV`-gTca*`sgzQ=4I?icP%$k z8z(Uxm}+wxu??iv5kS$^K1 zYZ#w@rnwD26R;h=Hay!KwI{#p8ynx9e80S7j^{P7ep_`>AI+!AQEyA`60bfXO}DwF z;!Qu2)Lr`o+ub4GHX_NTV8v`=eLmsd%^bG>rA?;t|GMD3<`h~nOI4ax1J)fp6DwMy zDZ-<-%!PoL#72+vol2k10`1`h_ zK0Jy1O-g#-CI({1=~`C~mn!#ne-%=1@AAAjAapPEL74IO#a_aDLjTe4r=c2|D zm<;xI$@MK}BBRKIdKsw~fxa`!MH$f;p<2y}oT!J2S0t?1bP}58bc2ea%ER4_WZHj7 zLj09>oE4Ke|1L!&b^>OMW$~;17HBOopB83A{?59-5)YW0{zc3m;31A~`MGTlCal-@ z3URaZT`#bZ#)*+qcHs_V0{)dGxx_UK(j!o~_HBa?@7q^9eQLias0XYgTA?h_@SyWu zQUHxX*DQ1iS}i_Q0NVVkXDnt(^ut(wHAsxxyoSpx+RV{>t=QZJTJ}D1Uc=3)qtsl? zSjs|BXY9g1gRQ{iMLdP*oVx3eV}(`F0{cuk#{D934~346)@aj#qLCMc+546??H-bN<}&EOCROanPulbueL$a8h1FQ zxV@?&bPYLb6Za)HHczdRiciKR1t0i@)zRc}tR^ zC@Z;w>1MyLeZLzLzrC;58k@hanR24O?Gul1N8aJ(X*|25i(L~JWBC2u$R{~Ft{|-1 zSjtI8=9It8j6=*b!jNVq-y8#?a|cXa}{sM zp>(xb2EM(Eu~t=f-y=BIclY`#&8qM2r|&(JXY!}-E%P0L+Kq4b=bYNlUcy658XdlF zh5r1e6adR5EJWVE!W5@04-E2l+f` z3!F$i5BDfJ%K5~uWXaaFE(;VbA;a}05VDZ9RXhOPOI%KMnS37A;b`j}v7al)u+!9D z^xpNvYSFvmkSgeEq95?QpZ!Gpu@0b~M_}@m56~rU_85>3Pa}IpJQ7|FYbFyZ-UT6p zWnIE$A+c0R-0W{>uWk$nl!y=3&SgpJ4oioNG=_;fO?bGuITi7)P0XlvhQif$DyL~M zV$-53T?+0RuCI#iHmh$YynM7DcDf0P{b-2V(Iy_sYpo94BI^GJ;9ezDPHk)dQ*gS_;(3~krlJx zBuUXx01K1lq#m-zthTZK>VK4v-yZ9fo8YUfgQ}!8zz!yn2!&OIh7Wq5vY0Sx`>woB z;5ytL1HX9KoxUAj>;G3D$b@I>FRiHx-vd-~@x4pJ#wV z0wAf#_W*as+B@Rp1vjEz8c}s3Vv z;OW2}ty1k31|b^%$n*vVA(Y17D^~Whh{nlszOXPR9_^pP%j(7gJ zh1*dr!bOzp^G15ZKm0joyf_*9iTa6Ne>dvmVC%I!gZF+-y(N)8GIHwC45l`$Z2f=& z(vS{1XUkr(@a$DIGY&5YrFD5$ut#ii3R%RVW|BDthhE)0<<6+%ziN;yc;%9+_EQO@ zk5`5cp&qp$=+l^?5NA)!sXUlhRYb?@Myi2FGSC{Eq9;2f$hkfb^KLQK!d6G$@y3+e zEBoe73H&^o9|4_t70Jdwl~p~-FeRW-Iyh$v9sY+0A>rb-6 zR<$PI!=|5Ndf)J{Q5%fHfFJGRER1TAFg9SSgJ``D%TRu(V@Y|q%NZAPPNe$1!}Ybj z`*X&%#d)IA2If&k%GSWw)`78fn&v4C!7ZRLr6Z&$w`U5jNioRA6^+$e z7|jOJ;$9o-&tVXVZetw*q3Zg(FP5o|+O3i#iuQNeqxR0E;xYy_QmJ5c#tR70jNno>68JnDr{xE)jf@O>wt#^BsQ@k6-#%AN17I%}!$j(5$ zY1lywNwmkGp^%RYyy5_HPPn<)e?Ai+1F!~^#;oRC9pJ_qlJb1>BkfN_Hi$klerff;{TU3Ai@)+%MO+06Rjm;uQ*e;v7E}ZT8JWcz| zCoA*IhUpRF&277GKkJRd2LW=V_=*ZD(daGbw>5v5>y}hF!T;pwt1I>oft=b)f%tnD z&P`kzmKE1d8=>O+eUuTRN%#PSO2xpXLalHdJI`vf0_GwS*GamYW$+ZCF%%&4ynX(% z1OzkQEMK%^Lk|WSip~d9%s2GZAB2Olha`F92lxC^XfE3lYea%kQioQDqu^9|ofd z^#G+8)QY~G#qsDSm3O63u8nBWL@Do}DtS0A$N3S8!RylDQTU>NTfVv5cs~yJ3pFWS z8qMwF31%`BEo;jW`1$?)ojg8ncV{c$^tOEFbpGMk_VV%Y3$*!o+g+aX8a9_;&xUI#9GeMyXofiX{9JEu52`Ol zM;qO1_5Hgz`FRC;y6W5}#Hiya!F)-7wJ2ysm1=yZS{YLe`?tA zTS$G(ZZ`U3P4(WpUEa_o+-h17p_5_d_$TS=rTfRtx+ZUU{JTKeCvt-%`^&|O&QVu=MUx%#;w%a8cs_B>EP682VsAC&72!w7d8*>7b3(X(}Qu^ z1d$g5TzC|WzTO0Q^e>v4n7-O?L(&?cDM@Z-1bc-XeoOW+RB3)wval4q3iXz!&n$Dm zeC@7PJ}btfZRLw9O}uqA8u=8Xc1yZngyqo2?`DK!+RXAhWbxEv=GJ074chmDQ1Q{3 zLQmpG4*LTP;J*_sJC3Gcs=x3haoTHf6oHYSQh$by!yZ1)x*|Y;76#)3Z!^!UFTm12B<4^O6hpMQQc<;23fpqNv`nlzwG zj5sDM`H9Dv^2#_4Od=&p*vDu<8a#@rn-1k8{-K#Mw1j-3+Moepz;IN~uGE*r8sGEr z=gdlCynAthC134L#0C^YChP-+?dnC5hkcuHc{mk&>h%8~2)%Rrs_{B%q+Ae#8B4O4 zv;6oL?^qUsJIRr-ky=QdIM!bJ;O!u74TOXJ5K>!CpQR8h@{2DyJ2Bn*9?jYd^?$1n zth<&t$~E_K=K~Jd7(Yb_hc&f!sf;ak;!M*J{@=?rJzjCn;WMm2i=UhMh0N!FgBm)z zY^o$Qj}hAWa=*y`3CW~D^46UHjyP}m${x3F)fpa^zhe~5L%+54?GafC7J>!f^3}vz ztLrXZ%`%}ih+5fF`)3z(orX#UN~pb>R(prfG~3BK_@d%Uk)y^Ro+_!=YM$-nqgss3 z_OIPi-&#!9C_(BE7P7Lt>;l^)N+ye9lDMC&!}V=TW#SNE=QLric$j$1%SE8X>t2Vp zE|^=u@WK%mw0OCTgE^fF`x$Z*2j8blqg3D4nV{E;)b976)>gy$LDp=t6WWal)3iiD z@J(EhZ>g5=1A};A7Fa`di_*w=jhHgC)Yot0EpI?fW7pmtM8FK zuqrOy_?vHn^Z8eZ*{?z+#M)8(K+-J>s&EYwWNLDCjC3{jD zhCAVmOCIPeYHd+^p(|_|2T_$8+y`NS5`4}owDNQhRK}V*>Ngg%q=CDrbamGvh%A5+ zSNtofO)12ikYD5FufCLVv1+hhF7Yy`@#x9=y6NZLbc@rj_;g&dn5kIY!}1o`6k`&N zo1AOGAB(TQNbYJP@D`)Mv{Lo8NbYpBp_NBoPlZj;dC$I5pTPAAAL6!&bn{`Kd~XzU zBHegrH1d3LO-Xu#@TP*&kn+;ebzpg|JnJgT$PHW_g8%hhQ1h;k>^!TOf`9h20n8&k_#gj{KFz<*xO; zpdCS-4P+EZ@>~0n-^ZL|-|0x9W6ck{jt`kN%DKwg?PlxY^BNqx6j(+K$%?=Z?!5XR z(Ejr*53GPomi1M*#3=A_G@%Vfh(SC3ZpG&>#^HmH3#0;`lbZ({ot^J=oavsGW$PpZVy{kDp(!D)dh0coKO->n@Qx15WoDa(~t%VpO6q^jl9&A9P_!sgbb z88&)J&SS1`Gyj~={s-XEZM&qg3l@@oY$RVZC7&d>s>sDe9Xca7-EfT(Wq6du1caVY z!Uq8;hqaxgS0N$x(kByIr>k(&?k0EtadKZpaEhjhOOsL`HJ>{r<>NAcBfF(lUhe%x zT!AV@{U4wGMyqJLY$azOFQU;khJ~B-pO1ENfx4qcNm~pv>2$F;g7@mSOmI2OXa2x3 z#EBctG|+6qh|2%^>^w7%kB?CI<;F%~Uj;$el^dN`8h(F1*w~4*OVhe+YcA?ura{Tbm-z+I`1&V|IEooPXv1 z?bUz(@!5^r*VkNl0kvKPL7n*+XYnxZgFnq^&kaPKG_PcIL_qLhwhZ&bXF4HK_z7!f7L`hI0;eGKW2{D&LrJSGz77`*_3mMx}M|#c)&;= zxXL-7gf0c255*8+g1jAyW--DU}`vng%*1BMT%qbNnvo128Y|ShUl;&e`m!lRK zaH|j-iEP;)iNk2JV%dmG=0Hz{fZ~Xg*w;hea*~&Y(EogPe)&3u#`e+yeAPbvS$*#( z{G@fS-AS*+aj+TkjKQ~ay*>}n8E~Hy@WQsjr3`fR2*_j_=|DT>;q~odL+0V6tj(WF zN8222$@tITqwnUJsVh+6#i)v=$|qzu4L3A$}&Fqqs_^tf7;OO zk*BrbO~L{|D}>Bo$&4fUn+L5z0Wmjt#iBps!E6K-JK4Po?_sVn*Mcco7htUt`8=Sk z3p3gQhl2rAlAH%FdwYwy%8p|bD$GOBuE1+p7-|eK>@dZX$uPG#Rb+%3x7=lbWj>|~ z4Yky6s>pKiqWk^m$pID}6rK4Nz=RAlEXtgRtg@z4Rs&RC0%w9_oZt~mdBUd$f0V^Y zbJP#e9**!oKzrU7Jg*B%p$J~$4U+TSa3r8?Tvw>e&!lGO2WXe!#wMJ4|Ch#;s3I4! zj6T9}oU~Y0UMEF^-fHkXGP2AE|1$uYf*RS}TeI@3J#0;=nYCjW&rA|;EYJ6@i##D) zISC}z7w33jN{!Lg}NNfl-P`t`j$2k5fiS=-+GOpaEN65(Q6&_k%&rTGFA#;rA^P|RTj-DzD$tflOWEc!z>|PW}9#(gK zp*e}m&QdT{-4m$M*D%<IzgrL$-xr+jgowU* z2Cx@fp9pTV1wp{}S0)+sSYWa8Yf4k1CZS|T64Y$i5~of42efBL_qa5ak^bM9S`g1n z?raVmtxP|2!y$1SdjGLwm_Yv%t7+B{vytwIDl7N@#?(^ZT?6cHbsmJ0m1Aha9OBsO zAMP&aHhkB9Z`O&T8tve!5W7gH`wskWRGwe9OfFmETTd2~~guCL*l z48I+`StV)wo#`holQ@=#?>WEFISiWo396Zl-~YdZYV|r?>poCX5&s}Q8lChH_y%+E zmDvj!c4+4i2x}IpealXImjx27%+FTNqb!Nt30+B8e>FfsI+YLJenhiW6XB25e{HJK zF#iA3YI8KD-4th?$%UhahgmhOv^-#m0VWw?7@m1J z-{P&DJGp>~T>8BT9rG|HHE{t%)FM>p87Lz&^TR z_j}-mHd^4mp7NH*xA{nBNw}Hl1T5W^TjU*fik2Q4k7>+5Sz3)n5_y)bu%E?R6| zAcB`fow=xI#$%o~nfxl$=FmU{qKuM?&wg}vIY%5QBAM(Ue@oT*2up_(WW+mZcOdDa z!v|zB^w=H{^1s7s2mQ`WYLlA@e_v-2nbeO)h!JmYcDTmJ6$4+Ot_ALtBfn?2!Y=bA z^mihhm|xmoM8vH0L)DwCjIpJ2m(DGetqq>@o5OAoBkA1#@xx$HL1~wMRLcIxvme4o z5ZF$>qZin^S{faS^MGe-O78y|PMW!BrutO^d1RACTt<`H71_9QnYjqCjC;+)x} z_N>8ZGf*FxZPqEQ5))JsTOytDt6_2xP!QbR0?=)X%NC-9HKMhU<$>rtE2=Y4RG;#oFo%+Yt9&WE5>&jEPY#Dv)xHXUe-*H%VrZmcD{aZNiDKv-4#Vc8gP$Y$5j~E6V;E)APYcvt%alz}4&#ys6t*<(Oh% z5{IJ=#MlT4&gHt{Qgj{V=LhRSFvC(gndR9|VQ|-Q3PObe?(Zz@XQus8_<2pWPwMLQ z_HHo#dS*(5=Bq3Z;#uxk=&-&}{+o{Lv~ZY6D+-@3QX&;)r(>lB&g|FghW1oi%!_Gx zR0Vqy`!f)E4j>$<&-ifOL)Riq^GmBV)*F)JAZ*rl{+7lr&-Vf?-YPBRzAe!9e%QMrU0);Hh zypi=EBIQ`W0c*?N(0zA8!A#mc@e*RtClK8O*o9;W`wSFEj+~)g zRi+Vcv-qg)?c6~96m^#;bGb5&^uXQBx?UBW&BGFPFBSl!?w6}wZZ>*6?CudIeE5G3 zZ%eMWszAXk#Nso;DmhtKmb<|v;@72D&z7MSbzMQ`j#PJndRKY8kQ(E5nWO5}Z68_Z zOYTKZvK9tup*pW4vY;Ipy+fN;!`` z3;vBtlVuuxWe}KakJYdt{JuQ8(yH8Fbo0}RQ>o`hW$O<=H5{ICT9`TN1X_s;F zPLhO)!-9owNezJ5u8esVV)*V-U!sBS$Y&d^SMC+h16Jst$^+o-rH0d&hM+Qn9A>4s z(^*wt7H-kGOiXAm_VY74+?EdYCTiv^*@=x9gG?YdwVI}Y)xAUfiP~dE_u%E2W&p6+ zBK(!bDlQ%ZBm2?W1x2Y1JWfoi+){G;0CZtWmqPQW9Dh&_acO&L`x3xZygq`mkAyp> zhEA5|r1?EjycA>-g`2rOn`$g@6UX^qQ}}kob4T1Nw?0eS@yAWOyOsOF4fwj-I6>S= zR-s#P1BS=p_QbHmRCdh_%nQG$j0rYlQwuQ;9=9n_{wOSud&ZV9;7cFhk3!fj= zhhY&uo1r~~X65pY4N+lj@n7Ee`a4_g+Ws4xUF(kDAOAY1{XK6+7pi-0w@wLnY;A4r z^gj2e|E8Od5}qt?sbxuU+^uXKp>uuBqK+;9j2E#KI!V^{n&@Di(MjuQfTXL6#i{&k z=LZ{GAtiqjXDv}8NR?FqK;&q^A>m_UpU6b-VO?H*#8@~s5D5X7w)qsnqz-`Q7{W9n z)8hwBK|V{@aYDP&`Orap)WAyqK1|ch_n@ovg(Z&u@JWe=N2p3Qc3iB~zrw4|DvG0)%xf+PE5N){=9DA+c8xOAd+SQ>5x z0rJMS?#E{zB>sDM>o@Pt!MQ5^{lHjet&Zx*^T+&Q8fM|79G^)yR^RrjD2@@zJG|(eeX<~Gc4ck5FC~l zJ#INWB%ukocMEv)$S+Y}?uqI#sz_=6l!nR}3TdLGg_VtrAN>701kFL<{tm6bX)&fK zKRW)+Y>1F-T>f(K@bx%4x6&q#JTYu74sXr>r1Vt(8cEyA#Y>z zOYe{zMdx$XSrRH7t*Dj94kaB>4aY~aO@vx-AQW57HA0Eg#Mw{z^d;Gjx3qHEAzl za{3)_K*m}>jnhbj=xa-%FHrpxk^4VT`$w;v-UaLOcRJ5b?aKG42Yb|Fw)llkx5gLu zQ4}_>xd=hRKeWfc!5p=^mbXBYKfw|z2hk5jJbp9IVh`1$RvE@)ZqAjgL+T01lz@UU zXH~qd&-o=wLU@BEEKYeozT=+8K%Hh2_}#)k2gF0|(o*aWc$D~tH+-uJk>cyko{ipd5#HWZgB#X+S_u#s~Dca z_fHH@B9ltQSZ!pEl48vUT;o~U81%k6-aZa8>143^L$UnV)pn<}07gkmKaL@n(gZQ9dv`4ge!cw7sJ zu#n4N_uVdDsq3+h1Qnk8!rF}QGDv+m389gb8ErHX-i2`o#Ba2g^eAVagbtdDeD5%@ z{WV%p9xF=R>mF`s5hU`F>SQ7J zHwbOuth(QgC&~4FuQ{Gp!oUn}bk6-c8hnVvg8r-1k%T1tEr=K%J6?(sLUkoewsHmn>t6PF zmzyXPMiy~r9E+EZ4OhxTFdog$8I4Jik_;n84uq8Y@Bd`Z6!u{$V<+p$1}y(=zKve< z<8g7h;ol2t5viG3pByNL2EH4E@DM^w}M86(NQ$GEdtFPae) z+)}-`g*$#CIZ;@ zNZP~A0o6g3Oa1jZFVK)T0eO3?0cgxN$Au9H(fhial|3>^>rBMm$UWBg;ST#lsxaDz zw3e4BZ$%Al8Xu=otZ7VP29avuyRUjIU7l;&PIl6d5-?RFwdR=(4F6>;q0{LV7|^Ai>4=s(&6lFRYOyRqAx% zQ1hLeC0KIG$Ql-W&*4?8k76*zhHlv7`d3X|5mU=9T6K+|v0V;|8nvQ;dpr{wUenVU zS=)#94qNX+PPN6&77#o?LfRkGRQ@IPppK>*XRb<8cXfXnO4?elJ8s+kL#?+38aP*+ zvTCkBZ`_r>10LF+0V1_>%N1-aivDoFfLbGxF_d(35;2st@&5fPWm)v|fB{_%&$C5U zq*aS2^CU?!%*NYh4E*EASX>WGMY!~t;8X*E%q;L%PcjF^|5MmG25Hi4i@I%0 z+qP}nwr$(SOxw0?8#8U&w%yZyZ-4vjxM$xJC*uBjDl03iepFOcL}sq_ER00UurvF1 z4H@M<(u!TpthLgC>UoYMnOV+n^|@G$8etp5MQ6BFdSg-5ToI7vB~#Kk+ywaDYK zfAq%IREn1Sn!GQPy&Zyk9!wP1kMp~o=iENsJOIIg zlF^o7;LdI_GK_tz4)n$HYzzg9hp5TOq~ucV?FM5t5MgWNtDdUrmn3V_`5PPvi%>cw zBYJ4K7Gmf^tP~2m%Mrp5E5aY_zq*q+TX6;>z64uRID>iNB-n@@aJVufr!XCPvyS7Q z?1%dkbtbX=AALVWg|W0ht;RLUC-NI-ceDCrY}lcz44reILDi@%18KgKrXn?9V$Q~4 zh5BA+Dp=S3GF}0;f4xk;>J9|>r<;PJO-h`4MD!$B(m;=nXQQFLoQP?()T0bWHXpcJ zhAcJ(fkEGMI{AN^J6Z{ci^dfrX?}68{Jlv2OQ-p!u+QX!BVz0G`DL?kFK~Cp20-cE zpJvDldk0K}e+76r_yI1Iax*K-j@jaN8TILbpO{qIp<2GyA|f1j6s&we)@u3zpXLI(W<1=_@AAUH>i-F3tKkz(c8`XR$eE#v zL!(4MrEsU)sTuSrFs0O$3-$A%Kc8)D#Cc4idDZMMdo6K_qQASCqi@^g+XE7uX ze!PP%LMNu~xCXb(i#zX&%k|PX`x(e`ePkX-G*FK$?7qO#X z-jk7JVG;I|X-FiO?+5!LPoQ`uLSLza9y2Uo8oY?r!YLz~U^tV_kJ9ae1z(0XhIZ@$ z1xs~y&QDq(7g4!GK=)!85RBozK|}f6X1S8T;W3#ewH`#X7gMevA{7Tq&P1kx?{xXb zxGENDiK9B*yX5&w3@N;{DP#~k`51R_qE~*py){~J{fT35=xvy(Ue`Bh1Fy*g_$e^F z=k-F+m#me*2f}5u+*?d+P@}23*OUW9*nr~L*r-0jSFH8P( zBQM&_o-aF~isT6(Qa21})0`1ElJU7$inKh&!a`JH6N%pl_6%SAY;-l7{DZQr3|7tW zE>7deO(IdOYzBM{{(K&jagQ7)6lGjY3+!$7n15FQhZg{*MNa=g1%3aWtC1u%8M!i& z_bYFuX}=>;AA=6s1-+yyDD(&8kqtp~DEVn|#$hcT(ytAC%Q9c))cSb2W55qN#Bp0` zVbn!vJjhD%L}iEs58=sL?G9Mz5^-$RwwU8XmdV>EI`+lF<`b|Uyfje9P8w% zU_b^L))4fq@p5u=3-q?HHlo5oBS@ZuL@A?ZkxBAawUr?Y$T-G^T|Fxy{hU8>9nA<3 zVdhWXi%(4U%Z&P)>uEp`%tA7&s6d?35K$?@twII+(4H$N=OILV4AGpc2#&jMhJP8x zcQ)e}e(!*Wz*_b9L|CUrKYO)$^>Fx0WI1%1-IfmbD{p9`PiNakPa(}%=(~hLwq->( zstEh}j!Q~4(`1}hX3{&87pMqN9Rn`w@7dmQ%Z#OW#H1Sax;rcN?wR1Z(B~3#I3A5? z=;{09b`+=juRCREQTSuU60cNc0hgA|=FP@p>39XLNWF?C_m<+F<@`>an^>;UAfmj+ z6F`;*H&%GVUs9zZ4B1HSif1WBs&>`|4eK^0uZzIm@1UuFMLykLogKYytklKL2;k@B zbqnyfAv#6%?*zI#-QT@Do?c#!ot5Az;x8z?|K6jfU9i3WzagMCHF?VDY%@$h<|L?s zYIaCX&b$uMyjSE!<+uHLxq8}pfw=X*9wsAa`Lmr{-llRA87pUIAr=o7LNw~)1n{%* zyT4A3#*8MwSl61NzBO@!f0T9(;?1^5oPe;}0zS+a*fU$v6l2r03Z`XKwBvY=o{nON zVGQlSoJECcKX$O)@4Ztaox|B4G%z#6TGu@!&v2e;seOvp)~S|%nd=ZMMmX76b%Tlr z4I@tED@CR07%L+dcm2rVE?&B2B7RG4PdD<%*f$ck9NM$7ancCzz5sx`RC_{NCVT~) zi1B@$Tu(PWefCLs71siw22FJ1&++iTjp$nMb&V^lto4TdzNRq&eKw(g=bknOeOa47 zT6Zriuu}CnQ1=vW_K8j2`PaABUeWp2L^>Gi79d^wdfEHjbkWc6+#vDQLw0JtAymG; zO9sGq^?WK*X-lKP3))Z>dgp0Xr(k3oa$hv(S#Vd<`E{NJwj2h1eb)*|L8`drM@AWz zb7cR#%aWry^yd}$dOaB0_#NQO%hUc*0zy)3vOn`#pW4YOH6}Kk_=XkgOYPO{>x(X? zNxQEBiZ*Fl9|KX#@RcP#DmP+jNo;X_cV!?Nup3yCy^jh}l>;bw+43`Qnj1%$9)vP$ zq<(yDvaO+>aAp6D^Qemz$nE9h4hKC5$wM2O2Wf24l&*#n+|V1junsQUKNti}A{`0_ zO`2*exo%;Ph1V!m&yPx2miA&r|0*|MizMZ1$z!@YF;C2Ea2uan(eWe z)A$Px$BY#WORTCjaarh;Q@4efmtYL!Nddb({zw{F>8U zKe?=q#4@SmK^&GH|H`(1y1vDHyOdc`qlk+};vPkm_znrJg8O{KZ5@^?s8r@Fk@?+M|JoD`;#qv&_#yr_LZkLU6z0I+{F ztqu4tD+R&*TT6T%)7fr(PP|P8xkyR=ci=EevLOIM0qQSqN=){N)SxoaKMyFB8WmSo zkUtn>myY1{o`JGu8ur13jQxRMvKh{vlpK9VQ8=&sWi=rpod2Cpk_keV9FH1C2<9z; zLBPPAifjRjH?Es?gUFyLsB-Ozk_o@p_w8uK`OHMv>w6n=Wkv1#MU9UQkGkY~Cd%3&pF(L4YBe-6em<9Za>) zfG~e3XtMAe177b2=CVu}V6HcYLEd*JPG+p1`?fH4ZmJ)?W$g#H`NV*{=}!;yLq_-7 zFW0BcH`3$7-=*?h5=9XsW%2LhMYf!S1EFwgRDTHvzLI^r+L}(T+KU(|@blza$H#*Y z4*8VhN|KBytL_S_Pp-Xqbf)ua32l(P!I%oxSP8uNqr%ONwWiwJXnU}J zUZx@fkGJ{ofJ}db6X9DXj#N)N9hmVgCwJ3A7INwp=7H(|zJx3a{pC=EI`Z{6@*RIM znn*XoCD<3ws9ce2Ed^`)I>y^^I(|@r;3%7&Pk7{WWGg592L8c(?cKbAyR#P#QP2~nrZb^JvqeInpgVAn6$!701=1>%PI z>EZ?{SEdBr>=Z$$;rlN~1$%Oe@c*nUt|Jvy%8*k{Lv=_w;>N#TyQp^G9afRMo(|2B ziky%dos#0SjCAz&K5I>CN#Y8Tj|N0L{z#{==Iea|OO0HhWWkyQBC#7TgdTbI6oTrc z?q!33Ow=Ake3_9@vTQGDbPB2|&qP~zhw4#Ui#sB9%x2*tGrgA^fcYmzvvQ#w&1ETj z91jLi+QFcJ`5%&T*#Ac|zVwHHHo1BhcJ%wLP)!7a|4aHkFn*9MHVf_7CI!V)NHkJY zJjKp}+^-8G8E8q{qD-!z883_-oNbS*$HCgR5)W1{sRG{tU#o`kU$*a7K92U2_ER*h ziO}*{dMIUoNyq4W(Nd*RM@ekxp(x$`#*-D}+^+d>KRefk>=P2?Mx8AhdZ@9oSou?G zk`Kb%yHpwd(U^oe(H`S|oWFY)Y=(!Z7BX9E^a{lU>>Sj6ZKRdK7BOD=qfL&~<<5NO zzq``aPef>{jvI2c%<>GcMuE$VRVtoa*Y}z$^8S-ZSjE2hY2Y zervlyBr!{+{!w&eF(cn^45U4efbc#lL7-awbTEHt6Pdm(2Floz;-MVfHt0Xyt5Ytk zoT+%+tbmN9`sMQg`j_0F+P%Rap03c#CduP8b0MNixF23;;^});eARW&2(QqdAZIwx zZ6NQ;+vh2$>aEvnjhAS}L$b4;s8;`i)LZ86c~$Ep=rd@>?FNskm5(mu7x?#R zr~a|zaEEKp87mZZhz>Jt+x*+P&2{sJ&{J#5WqZ~FFT7Vw@n6nu`OVU5e>u;>6?DbY z+AqMjFEH<5IEF9auR+lKHjfU@)M{dnySm3sN%uT=*~GBAR%6}v+w1a=hzy}Wz~n$w zUZ^Jl0b%xmU{bdeqm8r<{nBQ12vDrpf<=A4voE(1=^hA8YeJe5V!1mTa5j(!d<>mi z+`^wWFE?_26mZ)>Hftk7!yMLlyd?OE&aI|(x;ReB-3pa!4j|5xU(B1ck{xO-sL85+ zWg8*Rm6bQf9-S9brAj{wL@uADN*+UH<5SqFS~vNd_U~%rP2w4~j$+SeI~GTN#*Wt?1oRme`hO zv^p<271xVsyjQ<%P;Ztu;4hwaA`(Aax)+VCJ5(n)E~>@>Y>OB?Ixs77(=*-Gb~;V1;hu=x z9H~#I?4|)d}i6daU0c`rTzH<%(91g6=Y!LMD_KvK= zVM(&jT{QJEm3T-l^KijQ3n_3;WCP0(X2sx8-=pqff+Q9w79?)L_3ohcuz&~Wt>~nC z6k0*{UMojQ=ROL~f{-j=G%w(lv>}MZ_w{wSOLmhQXx*S&Gh4jdIUH2cAn@&u;?RHALd~MI(xM zp=&f~|KO$_ru#fru*RLL%P2>WL2JM$X4&-M`2d4}FC*2f*qCmTPuov^Gw21ETLNW! z&_Qm|_`~XeWUz(iR37i;lcmp*>JqK3#XsC1=5eK}hBss(^H)n|-i%gF=OR(x746oL zkUYAr7XBkU^5^T_+{Oq+%S!R|HDTZQ)z-$uT{I+>=(uVtdsbV{(z9&ynhF~;`aAJ) z==z#^4cPtWQZ885@%my?Vp9tpBwa>Auu8CQGkHi)fiHGttd%etiEyM8)}_1*e|54h z6S&6b8{|1P)+#6Sp3_yY5p625qfV?!*e#ySm8PL4GI1YG^X=SnJd3cH)GM^gu?U9( z3Kf0&c!Y68HmtwevbwfOd<+RiJu>)|B0PvGnbtg;(&VBH%-)ir8}_}1DAMF1|J|Rm zq?-s`df0)7Cy^gZAJwBJ^N7IBkBSekp_QfsE~$rM#)vVF5XRu6FK5i3wXD%Mkg;%{ zQT=y|28?_kwHTylIf+PzU{3X9X-4yQJ?6us8^KCz+#-Y-vxPWq|XhB_(OI4gn zM}hSkF9WTghmL;kmF8j|$0QLhL8w`@*42j=`zoZwB;212%{iS2)%|(5M1ZEz*$q@hSbG@Q!kpc zzm{FtLH>pI%(+!_I@Tk6hzk&ByVFrbnbDLls>O60DyI?GV>*vi(unRfUPS9luGQ?Z zs*LoEV)Fcz6k6k)+H3nJ($;DnEBC^Z00Jp}ljL!8W28dscfp%-e6-?T6wovien;T* z_sJYM|LbK2F)r_l?IysdyX!CMaDe?m#9bcK9RbHxpC=F$&N(8mQAPn_JXwbTj4J!z z45$2cdrwm3T+E9Q$0}(rmU`t39<$crnFMS{_5cx6BvWMagNNT%bk^} zm3F-xsSGA+Vb)%HG?J)h&Dz^&oW4rd{zO}$>1D13K2sq``4_dM+G8Km$$Ce7kCpGK zo8$&=QFIo+E6pLt`BR{;56A9XdBc85SqwooF4xl76t)i{pP&N!wZ8=c{{r990xmO= zixfQuuhwpU>S1n!Y-GoE;d!B6QrhZ|vCBx(0EDUO=yDaj+{jkS?>re@4gDr8!Fq4+ zd%18GIt5j|@mW#^OYv61x(xoE`_d}2?f&W*`wE_e)X3KNn$>H6?Ps8@shK0%T6A#P zd0>m3HE+Y8r?*F;Y4}*Ts;!g+&+6M9b^>pVegwy`6_TCku2$5e%lhXj&Cc7Gt8U|3 zsfjYVW})aEy7QaHDRHYiq z{d=GJP4lisC99!+hn?51>rC3I^M`c~^74A|CCe$=P>{$&k5=G%HW6Swy~Ps`GM(Lh zd?2B&o7~F^W!k8a0D>?)&|n=%DOX zBS)P}=cOpNwk>0i%E!;6P_+ZjYa$>;wc*k37gXfRSUiK3Hudi%zU(G2$vUYxiAsn< z9YSn#VvVa#2M$lVL%T_#C8lI<`rcqP9rY3Uwi$Jx-F7JslQ&sSZ8$@v6vOKX{*e|r zhR+O2%i0J9G0RK)eo=LfCw|i(%@>E!MTJ4RJ+PThRU~YrItCW*^}sCYYO$62BcU52 z6G`IXoN>wEdNr$bmp}AUJsjnE1^AtpTQ73(f#FN zJ~`e-&Mo$`9%mUJVHUs%7PT_J$H64YmPrjZ4=2UTkl*8JmYMgI z%Hr7Pr5lvWP`^Z<`D)`u__h7*^%tD{?Nl0`F`fH>d; z4O@sx)-e*NQgf=U6CZAEzti34Z!?U}eI{HM)XwZlUbN;MdDA(+B?t~nR%8$=o7(8Y zVnkbZm>wpYt^LV>O>?z-+trMSuSQez`n}-tc7D6W-)bIiM=y&aK0Mv71xPoaFfi++ z4AW}NH=fQmW2U(mZaDkAn0#v8Amg1H_?*|(HJIvPYIGrP*J$H8;j#7M(SXf1LT?w1 z{QebwD(W-34XlxwG94N7Gojc77u661fB3!NeVnZO0R!{5im+J$$b8J!=Md|bs7}go z7%pz|IP)bAHiq#Hl1ybX3(Jd)KZhu4jPwd*H*7q@y@bWAziK+Br`~PuDtC*}&$Eht zZ)A*v_bpdms@`r`V$c69CnEaJv;X5Y=eeeg`}2-3R23)-!QCXtTo+_S05Z19?C7{| zf0cwU-~Z7}km)&!yG-UfnEliMhZ6R00O3x;gqp9C`Y4?>DSu}kS~{z-&)I>#F02_vicK)?nx}nRl=St z?N3#gu`e%vG6|N|dl@@3$j0^5JO6aq*tQP5HQ{VnFKB5_OhlQ?w1yI8t^C87U4n>w zVe3@M1nZC72vO{wTaCX0kf4w_8JVX?f46|A<>zEA5j<2qiEq4N ztng9Y=*SO0jS+bKq*`Vo>zPiE^E0jq(Hs`7)PQXv$ZgbSbpV??tl~v}_6nk)TzyCP zZNdR`(0sCk7Eq^n#1G&qY26`anL%8wZj~^tOGHz8KrsWmPDZ2=wy{-7XLu?TkovDK zRiYyB^0keoG8$N6i=9JUW~VRk*q_oY*1rO0)^7oM35uM!Ex)x}&1Z0;yBY+jTPa^o z^?N}Ca`crYOOhGN>s_j`t@xX`?t7rMrY-84W6Uu9Cn;ydEy>t1;r={LZGV0Gje#4W zPx#$i7S#k$dM{#d?e`EB!4t=tXfF2Xqnn%T|F~emmDuUVtIGZjjwr5|PE+~>as4<~ zh6=a#m%DHMWwo+qTwBHju|YiA=1=>-;D3R+g2M-kA5@EUiv16yxvAm=SD;*D{u4VS zvuuU(BPQ#m5@cp6>%12ihXzYinwp|9#jZdQEK*K{mQN~=;1-IY`R0ft_| zp5Tax)ZEXES5=OsGWh!9%U;oE74m zJs}q+f=?Wi7|8_ITJhk3tW2o1sOVEF zDu71fT{zY?%}-=ONX013iFws==pq*8@a;*a#XH-1x(;q?*!B_E1z2M#H;=NnPbFzt zRsK#KLG>fr6nbK;yD?(SIg}i>6j?MNlcvHKbMqroV z&Di(p>>PabA2!d|s@J>IY%I(%j)tT5lx4S{fk+RD>T{zrEgr%ILZ9^56Xskm>PsPi;)i<%-_3taFw>Ow z7x`Pp)#0`%T&v0KN%jIYQGG^HzNn%&P2c2r?%5(@8hRCn!a0oO0t zg;b0Np_+d?R80$N#CquI;#g7*u$N=m)9Gg6nc9Fp)6uZJ99zX%TX`5I9^m1f7R_wP z|FUzLu&|)P#H6%FTl;pVB>AKGNTxmo@Cg^Yy@_g<;lE`Qn}EjdVPmLn{HBuiBuTBg za?)hv^ZC}+Z5kQKlNDej{@z2Mih-%nQl`wUgI>W#7$NN&Icp7~e9=2Vu5y@|mH$I} zye#TqjpJr(49m+5f;Ah{d7k0l2KM#vxcBEw0XDT}@_v$xN?rVJY!!T>d#sS)mMZJ| zN2j*gbd}C$ryakn)}YEUL66=$WI#LRF7FiC5hKs$YklH;W{v1{xp{>MEoNzkQ$Ia* zxWy+DHFoZrmiRQ54pH?SE2PZ4C5mF0Y@)E$Nc9^CRg5(O8CF6964u(s-2@>?9a?@* zjvetn@eM6~qeo{fxLhn$&-x=WA5fo8W)zab>-&I8tz|9?+4C46;MO4Eg>~&~Aq4UU zU(Vkb@Dmci78c;!_gQwOa2+RL>mcBHd(9B=`EYhObMyLK=257bdti`<-)$n$N1!$K z{G9hC5tST=f|z0I>QO=7Udfwoc*Fi;q$*cerr@vxHB-w z{s3!=!0qP8rSFxxGO_IYt0xu&fgHW8cR1fcs^UCA^;%ziB5p98CG-fHcID-L!{hu5 z>7qoI=2FTFNiT9`v>e31b;;$1r)eYAUU5}cpTPJJ@!L>WNIgukLhu`|R)Oe0Ppd~^S>hP@Ww8YJ2JmVC-)%*)bvfUsZoZWGffWnK zuI(k+4W#mTv}pn%xgap~gfh@}V-Fz11w}J^F#CmamS6|&0S>wA9VpZ?=$jWlAeWD; zQmuA8oePP(?0?{VTs{+iR{|ko*;*T8kv*V zO92bf0t`=AbMOMF`F-!v^Kt+UCyn#)yao)BPWVXI8xJHvd-V&=IJ zaH5{8;|2%>9hE$-JNu&Ai0jS6dHM{j^hC)eU=g(Ii}S*{e-mud<0ts&xO!=D__@W; zu@@Z(ZBcEJa*ji|@4g=&H{c|^ zY!`46k^V#=ziVMw_9kiVd*EI&$Y+Oq3eZ6%SwDiP#a4RMd8$8bbk61o0T`a*s{nKb zS3eBFzR$kDk3V}X8nJsvhk2uY9Cpl@RtLoM+nE?#VOMt(DbrS(*y{JiaK z$hT>6+h{)!c|27H)xZk1WWv8W{1vn4EO#l}-XPd0l2~OLD43fR3Nsqmux=m)?omjg z8e(*M8fs-pgsSWYZgzLa59yXn>A-@y)xz+r4inF$tqAl0!XoCgKu0mH%VcO#w(z1Ts6z-2cdN+-#U7ye!@Wn=LbuJp|&tJrVmU zu_}YzX1QwkU1?6nId$wXyZADgf{tS+qMBD!e}%Rr-dL<@Gsn7`VAfBtr-_D6Z{T=r zlxoJcD$H&XpE9FCMsj;ZIhIOm^4V-irf56_u94=eiWU!&AXQ76QzR{M_Q-E7RecqPrdG#G1#5njxwS~l{r~R@1ig{rv&v6pf-I|TX)H)pjOT`p( zsH`4e6VQQ6yu;uG%8=yutlGY5xnJ3~Nxy!=majvVcScJEXh1igYe>XH_cS{)G=;A< z@i6gRnK;T)94uOX_TWeM#-FoSdZ(iJv*hE;E~Iygl)RXm;jNzUlA9 zAbXvoWi}H|ms97Pbgfo}LtAuCpsNZDW#8|IP_XRg9c%c4130|ecwX;5%c`RN#%ptJ zOAU%?>C{Cgu4hrH<1Tf!TuV&%XDh@vIvI1+Xz4_yK|6^M2pUFS6{CMUZw196Tf`kQ zmthsiXhE&!@6otkg=e3|D~??>z2I~R84?g~O!gUu^~iL^xvS^Zva zoL$2%Yg!^~=PQI_!6pIL<2zY*2Q4jPQYZWza3%xC&1Hi>2M+_0p*n8&$fVk55>V{W z%45HRVd8;kj}pBe9=UZRW5^&zM2Ow7Eh?BuRj!#5cOL7noA)h$Zlp+|P?j8j;^OjV zBNH&HOx7M(%GgVkfjp&?7(DI<|Ee(y%E(p6LNi~`nGj9@S34s^0JF@H`Ca~_gN9`~ zav|HyW|FgB*GzHKvFQ!18w^9XW=tAuih;?ejy_Q=9WpY=;Ai`R_#qb|q9sHxsH7ec z7tP0#QFw6KKs%v%>Rs_a=$grESRbe2~0?xMbqG=XgG;j+{yGC6L=EUT7`#r(RIu);_<+4f@Gs_H6!nd9k zrzHO7RcE0^lc!2-g@Yh3dhe$CDY9`n@-b$fF)_WiUfOb&Clz3Hfw8LLK)(m;Q6NHQ zIkUEYDpODc>!McQT=^pUHz@4x9%uv2Bv@ObcRL>@@L}gcQSeeo!Utsl;`{NPdh3;yAp)67GV5 zECZCn&Kw&HdF}EBJnWCFz~yyNJ%rmvYMuYq);q~7Z1F)x;>xUxr2WC;3BrNRsF6I zE~I-ZnV?fDhmb(;o!HA(XDvHs^N&y?lLXZ zd3{N?z|YO(Jlt(eM}UZu5{1r~@+OVWr+Q)oN2kkPyhNiieU zT1tCuigYH(yd}dDX5VtJw5fKD>m$P$RtA>oH1@u;>=~>dcIJ)AScjg@`e;xSVVNof z=yEX@yKVQ&2=qDDS`ckT*h-hd&?jYL@I{lJ2=oN10sZVQz!3-`MM;bcM-X~))X|%8 zul;_V=<#n2;?Ud|n*>LgxiwuLo*SIYhG);N3YbXH$qd%{Iirx5_u;#q zi}~kQBb^D53GqZmIHI&gU{?v)+%~i+;G`rZ(7ldurTGDxjXo)8xHUScs|6I`XA9_R z14s4C1}EnT?MnUiEW{B^#vxd;gg71@k(x_SpdZqWXG5BzMF0za*&+{bi@PYWrDQ_@ zxkZLKo%JJ`EU&A;eGHyuIcUW_JUXvYuN;ZO5~r?ffOMMCrn~m|wTGQA>sb5ak`?SO z@Hgd0K*q;YCnV6@9Y7(MZ`knXO*yZ8{aE}h<0kj)#O(4Rv53oTM{Q$)5 z114av?e~HDBM7o9bATNCLSuoFN%Q|8l7Y|C=NVsx24cW=<&c0-EKP-&RoX)h#G~9; zE8@IaQJUTT5ab2>fe8EvHz0=(^2>7T*K*ANA5VF|mhq;_{ua`ubWPulE$fG5+Rg z^D6Kdpe88BsQ(2I1`>fd1iEBAo}+MjZwg<(vK#AZOdl~41=zq%{T`dy}Hy_q@ADl z{OiL`RnTUB-SHXk2Ou)9YXmY!&YXWu(5wa214+MA1tJ@3$l)+_f7&U~I@rGjEGXlu z6iq3>Pn5!&fvZbiTwC?i%6JwnAdoc#01StBtY=6t{Liz)8kNdLo1&J;8I_5B^J6BK;@Cje6-?>pnPftPg?^~H*j5x5C2 z?ke!~3+w)u@zf?H&v={wboN>*Bay|hQ)pRS2_kIM+s|bt6e^4d>6vn#UTMp)&(_~? z>?|wd6`In^)!V~1;tOsXuzXpjR%j86m4NX@)oa=?1X1Nq^6o3kT?|5o+b{4VEm$Gv z0}3W~1t!?ta%9+6g|EAr058pp(NvQ1r!4Rme}DEPC_6WW&{lCvn}35n7s@VXcKLtc z?c#rQK-u9bNQbtrQwZyjG_wio+~7B}8PiVW5f3vP(~=A~K8r@1{pv$9!D329GKo<5 zqbVL;BA||Bvi3$6-SFY9C_QN;C#*T1zRJyi7cs+e_u&Bq1Ox!6>X5wvS)%~`ADPey A4FCWD diff --git a/assets/portshift-operator/portshift-operator-0.1.0.tgz b/assets/portshift-operator/portshift-operator-0.1.0.tgz deleted file mode 100644 index 2058c3dd9350ae1ea6addf0008f1ce7c8ea278b6..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 3391 zcmV-F4Z!jriwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PGxVbK5pDpZP2HCPR5LeoKHGQov`IX6ntr&s$w1_a zL=6HA0LoDu-*3MGz?UTI;YZ|YtNmb0B(T_B>@F6Ig)$+vO6W*;MTU}SA$unYk=mb- zl)ZQw2!bFu+~2qVgCLmw-w%!sUi9~a!~LVf-J`vu7eW6ZI6Qg*!4r+Y6mq4Bd=Wf) ztXbxMCqOtCnrJGx8h8L9(S(WE4~f2QaTy z9?9r?l!^*IfN|d=Syq1y{Jy{EMW{kaGi{%J@c=GLED$o0M_o=d9U~|Vb4m3CGDh@B z$P}mo!hyudHAAK97D}+(;DeEn5DKmd`Ej3%uu6-Yq;DTKxZ*upHGBE&wb1f3P3y&-(wp-C*ng zHv#3W8|P0`5~KM5ATbll_@BuD;!qkV7vUJ0$Wr9GOZiBW?r!kvhv0|a^(*zE@(`x8 zCUND|&G#&4>_RXaP6lv3dL#6OM1@>?U>uu7?ZzZwh)Vs0lL2%(_KAC2KdF?Ja-|7l zC|%E#a1x`T>=(%f#?dRm(4TQ|js7PrR~qGcWD!6296Tqq*uTcqtgNVd9};94O6BY9 zF|J^R{qLH0)AoO~e|WI9|4qQ{ZSSRb_9-Jg0-d0Z0zi!H=g@8hyqCSZJMZ?k3lWYe zN9fG!jBmPipj$U2In&^~t;8FH(|_-l71Q$V7^S2U!WYmo=OG;K*^e~6%10ym2|C>x z8S=<}_AIF<5{X72)fl6ku?c+43A0hEiR&yAzV|CS?6$o&V;F`M3^63RLQo<__$eQv z%tWekQ0xiWMrAeQ)o+I6ICnomobjw->HFDv1eZ5B3IOZrUJnEq-x8T@_y32x9? z3B_UYFP+3(=Ze;;r}ri>la%WbbiPsDZ&YUnn;Z8&D!1tKlqxpn*ced}BAfZO^IRy6 zYsJVA*?MzrJ9HLu))c(^Tx_S{i&?xG2@yJf>p|6? zc4cA*x1qSb15?^6;T@s~~dnzCPhM~6E8`q~G z>o^QWZZ}bnl=^e4;1-?{miqq)GbScxU;U_T(5n64{_afve>d0-_P73j6VUYkB+FFo z>QAf5-@16)z-;ym*(SWEAyEV9+YA=Nut=Z*q(q0w&kYVA!eiO8K-mz!0XBvGVKRJ# z9M_iRN_pB0Um;VM?Q5=UZx-vBrC!v>8s%u+Wy)ECOL9WTP*m(#D_-q8zs`Na-Q8eu zJ56G^yX!P?hayc0j|PoL-8HDWXyiwi&{d~VXNE;SZVp)s;@9JMCqI68bNu@3>f-q1 zY^n`_&GY|DigYmZ0$diP2xnT~T@alND%JEW%Woy);_ay=;_HszI`rF%v&-XmZ!Z^) z->NOo?UXkNOV|JTeEZkf{{=^Tv+IBV=;Kf5b`=Lyr|{>c5-f`cDoy$G z!~-*@Pi+po#gL|Yx$)YLr`E(a-*wHM-BSB^=WmZb30{@|>GyYM&wuuUZT@E?FjJOO zW*E%8uNC%posRtRtzAzt6HjF1V~$=amBx|v?JY?Bm{W-nbdF7ML8E!oEi9_)2UJzv zI%_ol0>i_7yc46ZzJQmHF*mUfffGW+6QqvvInmNE9-v_c4ysWY0QPhrx|0F{U6Nk|M~~JN89}GMqmdnh}I~% z0xiJJI@~14VVF}EQ657^!fO(v^1U5+mrw;N&#c;jN{}&#nHajnC*|??#)w>(qP}lE&W4|9Ly`o=7Tk1?Q({%JVZRe#20EK8=v{TyrUY^Zc<2MTEWIgUe{K z|I4%E)7NKy8a>q*tL%Swceeg-f4{%A|Bb*-)GWrW5VZ`X6QY4c zkwm3Xxid8Ned9>b7Gf4ZpqZFWJt{McT zB0>g~Pfba|pOJKl#1*(k7&0PfHAgTS(z+iY*H*YNrYa|lDpwKp+!pZXh8F)H%1D_% zPj&-rh5z3>nyvroADAuS*8gt+rt5zwe$vR5_19JD=MXii>OXU(MS5Ad)KeT$PK_0> zbtI@}Z)DBof?D!QrQdj4J)pf(AcRrQP)~mP^7~DR;#xl*c(E za=~$@3PpwksPbKrd6o~W^~aH^G|{;l!0nv}EGigL@{Bg6Cs8WVTt;E#mhPtBM-Q5OoLl=ed7=dy` z*egW#R3USh{i@}La1gen)wg*@LzPNI&LXpbkI`-jLJ@NtK{#y6-N8YyX=$^&&?q@! zu7ty;79b@PkZABi&Knqt+pO?fNCe79!mMiLUM8lx)bmiJY0jyh*!_&8!(0og+^xr+ zqH&kVFrg-F$R+kjM!S|=?t+^%+NtKbAv$+xq_n-pT|Tsmx=6l8No}lE^m6pqVlz9u$Pyzh-i#_IOlLeQe-DY;ReKOM5($)b}I!uTQOHRbRw!AH>=Oqu(PWS!zrzg zP}zevW7GE5+yd{j*y5o5R_aWpQafE$U`6e1GQ*6!0!MkXk-H2#gRxa^Fn5)9O*-5V z@XO`T>kU&LHO^M8%}ZjY!4!2XXV-b!h4X9gNF{mbGm56%>V%7!6F!Ue2r1LfX>}`|KX;e@pyl&EA^b69s@P;=lc1 z?{FsmI}8rD_y0En)npI6ol*nbrWmI7u*&Pgm`G|ip@Z`N=ecR;LHV`P$SFJP{GzbB zFj_l}nZblC9M}X1gf_|q!Ld_Di32cbPUp~+BshB-3c-+Y6L=-!=7Y+IC4V32XaFO^ z6xOk1r%ZUlNtJD|_*BP*ZVll$L#!pRux7Xl*$R<#?(_2rowk6lGoPV#WZF=(<1KVO zh2WNUU&WXv@f=6)rycG|>pK!Zg4A~f8A~Xw%cJKAZvN=RJ;}bv83Tv*5#%?pG|bGE z^(?cqg@r&(qq9GaG0o1~nIW#x1jkxZ9Ao6dzq#eRu4dh6hv#;Xq zNt4sgQckN{qjfoT9X7zJD~@|Orv*2!gzP3iUmyL-?plrhFX*E{8flU4J5Dc zVQyr3R8em|NM&qo0PGxVbK5pDpZP2HCPR5LeoKHGQov`IX6ntr&s$w1_a zL=6HA0LoDu-*3MGz?UTI;YZ|YtNmb0B(T_B>@F6Ig)$+vO6W*;MTU}SA$unYk=mb- zl)ZQw2!bFu+~2qVgCLmw-w%$CUi9~l_V@M<4|apY7eW6ZINW^!!4r+Y6mq4Bd=Wf) ztXbxMCqOtCnrJGx8h8L9(S(WE4~f2QaTy z9?9r?l!^*IfN|d=Syq1y{Jy{EMW{kaGi{%J@c=GLED$o0M_o=d9U~|Vb4m3CGDh@B z$P}mo!hyudHAAK97D}+(;DeEn5DKmd`Ej3xdFVZuQ;5Bca9rj|t0BJ>ded!v6>R!TzlO-|P3c z{(lot&bo2_G$k>b4*(J~p^X2T3?L4radHukk%=rtuDg_vBgzMqv2!#=c6}5Ur1EQwFkzrNz`sk5{9VMPdFJsr(>VExAl`sSt(bV zFox3gObI738p?i=Y+xL{5)Azr2iNF-!g8fio<|n(bI-wZLW})tOwG!Qs`nv5mZ4O> z&K~0mR@ncpc{gqUNBakdTl?Px+}`$HdS{<9!XwZL+9&|T$bJs(M!}SuCdLof%1X7JL${Cx$$DA-5rJA_TGU0o_qQh?6YcqynNWl<8k}CuyQiPxK zAxe%Km1BKGkwprKL|`r4;$MfPh%}Xx zpnFC&+)&0~h>$BorvhS$FQ{Ed%BK0Wr0J*jUpvo* z(zsTP43Vuj*S14vA!kj&yU)dT3ci@dn~@Nq^S2IkK6D;pWg<-lcjT(I$aPH}K9Xhr zb!As3c5oYt+gqSKWO=mAhxl-J=OxHeUnM;&gq0l&QQ4mJW7}APhi?37jc6E=li_i- zD{aSB?SBlaxh`MeV=i=s)`+wfiwjqx?r<_q(-q1w4X66sDfycIf9d)kx-dx!hC|9D z%Hs#^3RdQSg1zbWf46@WZ1X=Gfo57p4oT>fTqi=(&o(pSU%zsC-}kO5j|NZ#&XpnNQ|t$_%(gA{ah20BeQJlXv{%z(m~IJ5 zs?FwSkv+OSk$v3mM~sbJ;>b`=GWu^R@@$DfJ%BlRR^ltHu1lhna!=*M-!RlRd*k{P zWF3d0$n7TTky3wd72Luz!czYqVaCM7?5iJ@4O+GT+uuEy@&7^p=wR#rHvvumPqIwa zuKu)|{H=?(4a{cGkZrq|A11>` z$Z>61u9TqsySq*UcPP@7@MzF@)Lny`i$;EQ30-v>b!J%P;ER8x&BX`X;*PTbqar8D#5aNpwg5- zPdqSl`qbvYTMTKcmm9C`cxp{-^Ig~6*)6qycmDS1li*ePpMHOL_WWn}Xq*4p2+Wk_ zloi!HBX(B-;0c@-+E-!&D+R$ZcX08LtusfxAsBYj_kqfz{>icgWcKq zFW3vV{(lp&!2eHWn78SlKdygkv41~7meQCDiBB`eD*Hc}-T(Cub`Q7t-;KZyToA2M zas^s|n{~KJki#&iETTMyjD*)DM&)}u@GhYWRGwM20hJ(Q5Hm4!iBHPo?~M_;I_-?; zr16~a$lC#qu{{WbZ!?J_`UxYrp*n%TeCNYk&L$wZ?P*AY3?(qi(f9n*s}EONNc47~ zC{B2Pas?5U%JXBYd-ks*-}8r`WzYUCA0%AB`o{O0*%6^aOZzXzAm zV*i(C$EUB){4{#1F;?0C?(S^;-~N8Ewf~L4PUDuv+j1@UE?hC&e{7aL)R3$He!KAY zL(!<4tKN6UiNvU($V@m>H(z8P+N&16=UE@}BeE211x>l}D4y;4zX!AV!$6DulPv2> zBvFb_7YonDdL^a=R8%LTL!Do~Lw9Hk5 zpj1T2fbyv+DflyzE|Itb*9b#Kw|3eum z^XJKKfUWTVdq=bNKmCJ)-R=F4jlgvM55-R!xw8JcD*YUyCRP1suCz!m3zvF|Bg(0< z;#J>SS#hOScUR9 zXGAVI?o^@3Z~#@lD>BdWVYU7^GLbsPmJ(IU(5RJ|8r@J=l)Jmz0B-1_FdidN zjtF~&$et=>?y_IC+z<}JmbCgd&uFMpiO5-G7Vt6J4M8YkZX*bXO}RTb2sSNkb{85Y zC(M;_*wg}~WC9WmUdVX^LvfoGUJHpp`AC>mt=!ARRF`@liZsnR)f2m)k#v}AA(gxJ z*i$s_5*a4cgblgG9?59elFMCilSVt$JU2w=4vmzy*SO1vR#6wp*C?rtwTfPj{#uOY zk&(pZ+10x$v~i+#Qmvb+TEIp)l#fulmLn-riv@X<32Nen1R-S9gbpenrc}H0AXM7O z-iH(WI|26cQWg=7kq_q_PDqOEgecsAc#SAk*T`V{54)#GOM*&23sm0>ug z^${w2&}MAf-kMwBeHL3BwBJgdsZ?sGs|u{By-jAAaaZ6dZ#Ht5VP`P5$_?hO(ymE| z8v=g0{CT}$%A>~FsbV#KnR&Ax)7P!gkoiP_6}Ra!`Ux?!K)WBqT5|E$?tvwNZda7FyL zAM72@#D9mu!S??DMxdJPfwxm?fZG(q)E-uOT^JKd%_ekE-v2x|?K~*IRvI~FXPsXZ zRu@KVr!g~_kc9)A0D;g(nIJfJ$|!LF2F>Xlnvw)(PeUOX5^e&oMBIE(`LN{g104-u zM3}-lmh6-XPdKTv4Hlp3xX`U39A}8N1Qyl|S0P&=lFog8KB3bV@O9=hw2n+0YIeMZ zuBQ;(((bDm(Wowz627dd0#&_06v29}1I zxw4*RcDAq(sA+Wer!l74c{?-2HJad9ONwKRT=+M)e0RJ#)~a>7H0;HE9=m}YX>;~f zygg}h+F8nJRco{^r>?^WICaHw59hSt=5?GFLCizEXBl$kl0DdUy3rr!INRA>+j*|4 zi=DINwx4!cWzi>Pcq-X_Ot{glT~pU8!(E}iCv^xPRmqgEqrl}*=cnsWDc zVQyr3R8em|NM&qo0PKBhbK5r7aKA2p#aa2?d7ExT$+qltG)ZS&J8eB_6OZlmnVn2V zhR7oc6$r2ZXh-Y#`R&gDASsZdE>2u$cPo5IL=wQc05~@Q$C2P#3f3lLvg~C?(RQ3?0p5@heTpo$&@DY ztL|sRsuTAgQV8cl6HNtI{Qw{$nlLdABce6Kkcv)(QqvK|xDP3jnxky2CXpdg*ybd` zJ}51bBnq_(NJ@W2si@$6xZVv&nwF3I;kRKoh*3q7rrN$bcGD4#%yfj2kdP2g#*~lY z!uENAT9vha%7$=)DHF2_~FcNr=)YJ42#q)Mj+pQ8MZzgz}C=B{CVI>ZmxPX%wb>987U`BV?@lLEC3S z8&n*bf1^oY8f!v1N?QvPLRla5L?lFoW5TE8A2rMY99LZ(TP1LBDyuih@iD!wCUb%; zX-8(QtB#h41(lRX*^p?;$DL}=*Tsf%+F!w!p1#}inWZZKuL;XgJ+uN? zC;tx?en2W$r~ODyjlGpa~hH(GwC=p{N#e<_r6p)BwZBjf`J%GGs;vjR;d1 z0FacL766%KbEzINk;UPH_yo{mio6fcNv0?6!4him{4S6~5}DqxfTCrF!Bh?_FALDf zBRRAB>T;H%>cjK-8_?zzXaSi*xS1e_NTL;~Kwye9O@=Q*c8WgCRQjXc@_3lD;+kdj9tO z=c2QpPmaz!bi_4{QJUH$PAESsI_$&qOrZo4MIz%mhdCk2z`Ujm$Bu3X?kOlFGMWJ4 zF~q2}6thK|RSD)5&ie3NVI)x-Hd!7S?8s1DV*&I#JM#!j`taO*w7&~Fgd7u2|7C3% zQ*jzcW_S;|914l0WxRBDtl zHUr9)CX8Vm2ES58HQe4p_^UG$JUL5J8fKEg-CajTla3W5#$q(4WIVUft$+|*Q=TCx z)L9yS`6ckDF3Z;cV1g_~sY0E8wkfz~{qJ>qb^Gsd|KMP|{vV^<-gdr$Ynt@Ua)c3O zXe^i)iD64L!9IM`xw{KYt>EQ{)aXW|Yb(ZxjTr@by*9)+q8y=BnOUJ}(Sr88jM z7jSxQx+|oLsrlv_rKB;!M`Mcd2oCq{Pnuk0qY?c8t@gY#)qDZ28N->h9n~X>ELK1yIx7KVBh>VSD)@Rh zvm7~jePQYvn@^<}Jqd%;5##|9*GX=`DaSnbj_T56%ap-W0kO#E*sfu)saa(*9hE#S zK9+nf>MX6W5#yPf_w@fP5&ajNkFAGi$q&~{ct57;X)(1ee^6Pb|K~>A=SPFq=>NlRuUpgq&$`dH@&89Det4dwsp?$s22;x8 zz86>z64WFnn)J(1^zAKB9a{HRXaeBu&Gr7rm~#N>>0AWJ#zd9V-S` zwaevX*>DlE^=x?LpjWlQ(l&N80^{~@R&8~WM>g*60;BQs2pOXhQGM7A094`h+l~{W zqsh-6Umk!npF(1>+;gnFQ8tBD5PT36KW!WemYPyCY~+wcVIHBIgUJI;M=omg`o1%^ zfMd;vm7V6cj^BoRcxaRfG!+c$Q>lp5Rq>n$ z@PgZ0(BhvYVGV6Q0_8Ds4ZC}=0Hrc1OhJC#MDtH?E-ovC*qHneQY8J#Yj9r3IgaY@ z^DmA?N)w%_FctCXSp&2kwZm0g%$L!xjAvbVRT1JYWxE6`dU#acr}k_v8q(Rc|C zbvf2<4x8Bxk9FYecEvzxN%?rQ+2P{ouW;5lLq1uqxH83=F%{^gL2D)A=6OT@tn9~f zsktMGzh_ip46P#$7so%jEhL}{iZ6d{9O;c1@7TD6g8MSBVH(MJkc-B~Wp{hqfcShb z%t-2c$lFEuh3s63gb|=kYx>ps_XmUHH?My<{jsrKMLKtkFb|D1Uo9R=jFxlWR9X1i z&{G^O6*S&bG~CMfi9Ge?D~e6n>r`2T?rzXw4)^M!bnjj_HCcm>zn?V6r?Sh`ptUNk zO2zeU&G>OT>r4A5+w#YjW&XdJhix}8KRW=hF8+UTxaj})w(j~J#w?e3^n+9Cw+X}Ah2h2 z2KG>skJ!5NIx9fshkmLou!n92>HKhy5A5O3`K&;%ddjE?%PG#FieS?@Ayah@aUH-{ zIIDtkM~SLnRvs~00l~HLyPunJUs~SR%QF3M18Wa-4s>1of3J5~KmT*Mzdir+C}mAN zwa{07=(DcVwz~tH?+zG~!1454FsyLWvYupmB4jRN!s)lR-|O8WYO=^^m69d|?Q4hS zb~siKhs>C}FF{iJqZC=H`tYvRdI~N4pplz_QRazcTBwLH%E$IGO;ziC;0K4{T`Lu_ zt?Zq5Gmpha5V}V@yhi)8RK!KUDDAggaoXRMk0mOF4$!r+3=NPmYV(y*W&gh+I+~at zP92+HSsLfR(&A%`3^lgiFA%ywgVU_dF!PSz*AJI8MyKp#uR`rO6RhEsbGpSrA1P_ zvPZM1&b7mOd9@&T8-W@HuwF#2!sNl_=Y53c;-uY*&3`ko=?j!K(qS$umrBY%WGFq2 zz1@X)gtE;4SMh_n|7-7m?sa<$_kRxew*LQPlua#?>N&wh?NzgykFAzE&$ZM^sim6C zlQ^otEoIi9Or`_Waxnn33alqWOj~_00y@8twfMd5w01kSr?Fan7~)7sY};=xiY|Dd zB9USrN|_s%2NuUpi!_bIwHNKl#kfN-*9>t~9dG+BWtk+*jjub#NBKBoMA}zd>HhCg zmdSs6=;(nqfY;sseAYdv@Bi-a?QZ4&W0cB<~!i^;fS{wW^SHSf$j8j@(5rS|Tt3cd-|O&WX? z4#_n5Ce%q9eDlA-4*W_a6`6w5lb0$8Qz?vd9E3DR(sA{q`0YQ@kg2Z!^Or{_zq|~S z_(5T;S^o#U-hMs*+y3r0|Iee8ou<5MF4<3TIYD?g|NQ>z=FDnOiZo<-A_=E0)v|KX2Jz;+lOMGI=_IRLO6A4EVwXG zkjKa)iX|B9I2nniCkXZkR1o|?rP5D<#O`AIoH9__^zLOkG6K>XB0+F-kuP0+Sk{9q0uf8)CL(%M<9y>vRH7(#@RU`*UtW*Y((FsigFj#9bWhP^3~ zBtbKJm3#t_XBwcgyv~v5CJTa(a8@*e=JF9v=1B#Y)Y+hXEOTRRP&fDp?bQX=*4U`r zryGmbRsHhURh`VLIclrBX?8zuT`ikYS54fyDleTae9rqb^QgEoU!1@ijc7y(%aP0v z3a&wGKkSCxW*|$^n%`?%;MQ5j7`P})dHl?wbC2>7u1-g^Q~ zA-p~Rx#U!VP2q>-DSk6{jQy}oqqhEfu zUKZ#H(e_q19Z_@=%ga8Q3$Vg0hzN&adD1zCn+atY(5f}(k`R3+`8f_=5>!jcmp0M= z&{FmPNSd}Kk~qPK^a0oH|Mhkk^1tps+wT88O4;#}y#~R%`NQ1XyScfk>D$f|V`vbF zi6(%2OgW;op&~}~NXR4v&y6E-?AExKR@SLsBe5B?_Z1aT?#z|qIyuZ!6GkFQGEO6_ z8m&X*JCvrEOpAnQ8WF~3P-Y*56NBJ!k)9qz;;vhvw_Lxqr;WW$b2glpWt)PMa}q5RRN5d9IgrhI&%iPRVyDm3Y!zZnfa+&EE}2#G+s;kXN`k)g{v`a;%kj}mRsL6Qwmle(b@Bhhh5WC*{k`s1{y#=}$LKJRu&DPz{%hcF zFuj21<@Ki`CAXJiIp%7>gqUXOU>Zm8B2SR*y)L?OA2f}os0WOWP}2nA1$=wh>vjW) z9B=&Bhuz+{-EJ@v@`lLRhKXLdOfCg}daMS>BX?Wy1rStw2Z!xQt9gy7UQ#1PnNY1U zUh+MQ(?M$GBJv0aHpwHrfZgDoB}csvR&fPhz-{2z@q8Lb-v#atn?iYw(!6vR)!g%U z!Cml$&CBZgx6YkC)iZm*zW}gi{r9>H=f8S~-R=J0qm**Q`@xP2Vnu#1R|RdjCX$*( zSf;zO>NSAkG0(DOp1r^1(t4|~jNN)V+5r(V_y1-Vd8nKv%Q)|fh zLC_|gmIhllM$Gn*!`|_>XjaVgdSt_&>#f$pOkW;(ZFC%#1Y%pk0y#M`?ieP#kz+VL zvG)O7K&f1K#r*c*xyr3&WaY8i3SleLWi=38i|aPi+8pK$%cV_~-|{D+G?sDCwH)ys z%Cl30PK7)5<-b^cC4Y3D;A+*-uLvVI^P?J7ZlG{saC4ILqe2E!k$J12tNy7Dc zVQyr3R8em|NM&qo0PH<$bK5qy{kr@WXXU$do8E|$ZQ1E)lFqtz+IrF^9^2`iolHiC z$Ri0A2(SQXN9*|h_B#Mb3Z$rq6W7_@3Lg@Y1aKYz&I`bCB)FD>waFN{?i^2u)ZvUI z?5hVX-EOyg*z4K zr6rO?p;iG&>8~gi6}%7Ey8%hl@^L@>HtYs5sz}mQ+gHbKI>M2ejxZ7u62i%t@-bZ4 zJ}*$Kver-85Kb^fG6-P9U!jzALDb8+$j8#8q`%Gwq ziX-!HGzm;&O(;icYhgkt>w}(%gs5;#_>}y;hB<)as;gtG1nx~`^#(aUrq|VEPLL(- z$gFkM(GszslJY1U5>5HIQ|7_z;v8}4?y!Iz%4+wwrAD*vwu%TPVE0$3;i51!TK ze{XNEyOsZsQFh=2M7;AIX;d1@O&mRX&!*a-x+Nq4|%=gjzhm3*?YQrZ+60XqjO!mBY%*0yOeS&aA$= zoTaGx@O=ITw0Q+uK&B9GCdeU@XhkXznBq*6p@pnaUegF6m6S&`CCm~ka?NmJaE+-l z?J}w+7+VzpVg!1E^Lmi+7$w|HXfy$iH}mck+)&0~hz>qlMzWZsZw{SFf_a6rK0H?#Nz{f-mPZCVG8ETX0R7I+Ji?MbJU1Wh?}82?$Ar^=T3g0coW_wE zpFTW?qZ9ZDznosecfrn1u(M-k^@xr$X}WM)6D0ngq0-7?%xFTjGBqWR-1O>qI@4^3 zlA}gtES^|Is$*Ev9%nShP9%~v)7YNd1qN98)Q8)n9^aH?HBmcX5-MyOpKj`(g_Wz@lOS8tTv2B*}5Rrq*q6n25WsJ>$a-|7l z7>B{HR8bALw-Em7%mh!)l9Yy-WN>%aQPHGh#fY&OjVT$=Ep#g&1lN>j2nuzUhF^XO z{He>b^*@*(OHry&r=M*Ku37(k-Co`PJKXObZrA@~l-t|RH*igpzFCeiq701%^CB^9 zi6+>GZ#s8(fvFX|{E!;mXmoAG7_l*uT6J_ zR53N*T%(jUM)+t4U~Gh%o=^o}4`-GmC$BF| zU1Rg96r(3$a5{oKK;k;d4LIeP=iX6WnrxXecq$+k`5fCd3^p~ZOs1ofr^UyTuSK1u z6*gi#Q}dqw%M#IlvH93~c$WNdy@cnES*~%3Yvt{|5j0k(9zpAGs{J?Bs`cjJ-eH=J*zI*|`u|z?@L;R|AEWr;d6K58bG;i(DUbVJU_D4s zlbC4IFGJC{w?KKsvUr6a3gPZ904LX!3)YY{4Xa-Cy6!4n0Zfo3p_+887+lpZmy>0~ zMab5(;gN%0)dox3*v$xx+rwG4)kPlJxVsCC#?K>Uj7CKDVK)F!h0||4PKb^sKYM(6 z0M2|0iN$iyvGPXQ6jnj-K~Vg(aVS`7O3kp5LlT8~gl-Nd4>TRQsL|{D&e#HuH6K=X zn%g>l8}8wuQ6`kzh}4ggM0kdhiueK}!DH2j!){)$jOTgWZr^{U6~#qqq2;;i_Ek8K z+QQvkf8nzxW4OC()q6Vg!nO--<}qD^!(SE#Xex(`<73LTU|E8{7+!i*&*`4Z;Xx$$ z$omA4nCfRlPx{d6h*Wo`D2FJ8YE`O9B=H;0W_cj@FXhlwFsM(ZB2rhya~{A8Zf`-0 ze~^SVwD|~>$H+D8?!f|-%A_y_`E?V`KfSrQtPo;j@;^wC^eeByc_HUGs=v>_I2I{Q zbf&^o#HVKs(Bd>1*qJnN+kb;hvPI~9Xcf_QZ{6k-KUCLI7_rPW51EJvYpnzniP6CL zmrY<^z5V{>`RkXLFE3VhVSWvX!X?Pw-j)tXYt^nmYjqTB4HZc$xcNonB{p`(WVzzX6lca%pqB=%m57_?4f(UOAIqiYjwJq` zQHe3MjyPN#|KzrifGQ}y{IzkUH)6bF;}Qz)%e;nZB;!FY8XK40?QH|%^Sv-5sqZ0g z7vUGOb0rc+fHtk^SLfd!436Kt{^9h;# y+%dvDG}3&vcqlPi&UsU1;cG)rakNy> zcuUc6E8i#b)R(U)Hes(*WevK!L5DfqtBcaTd)?Gz4LbgQ(j1@4E>nZns~YF#6j=KjMd7j zYPvnd@fpv|b91Q1$xy}Mom~waRyZco6ZTDs&k0z0KURm6_h(l zR0Xs0h|vlNu8rUQ+>HCu^1fb{>3*D`=y~FzXpToWF`JYEAYvQSezVbt# zb)B}|9oT$#z?cM%r{{uUg_D-`B-0Zia}g6xzqS2d?+#IuMMkTXG$CkTJ1n=uv3fXU z#@u}glF}cg$WqmZcdgb_XyFHq+zgB|PbAYqMTAj4wvTD5TJHltI1KMvsfcZ5@4TCN zEH;ABJ=);~|0^q};5fsDE_zJ9sQ z*Xj3^$CQshPtt9+V*hLlP%zAc)Wuv`F*E^yCp_;x1}Yo=hLPKDYD1%HgHMZ(Z!)%K z0&co;9B#*MW943&qG68Cp|m3zw1pikF2p00 zW&Xd4AI$w)4wbXg8rA|sM)nuN;Q3Y-( zv;Jf<9iWzr0iac2JrQEs>Vpx``Gu^-?`@~G+o?T`)#}3#M?zxTesfWD!2=bE6#G!h z+_*fjICfg3X(X<_XiqN29fG-Lh@Ine~q$C{@X)G z53~Wi?*8Yq?m>P3cYk+pEB_y(R5m2Hf!$A*-c7rnEYrn+PQb?67-@Sn0{|1Dlj#vSud@u;qOXWr3}MAIy_cVAWTO{i|t;G1wrrolI% zPSW6;{|k2DS0bs%6r7&CR6&?ZVVvV2q%o3?t0%>8|Bi-Cb^V{eJUaR1WthYd3S-Us zKj`)L>-pdIcenX}9;NIwR(n#UAiHaYxov0 zmgQ}Nw$0)Pa}fC(*R_|{&SLGQ(;>wWB8&uM;>I%D5U7ArrB!j1%GEaPO^GB4n$fG| z6M#I^0F~u+jyyM65PXEQq7gKgk8m1^S1-k+IA#g+Nu1lDLoBT86~WPVU^4O;tQ zH|#b8S&G*DUfTk<&N9ZpMOn(@XAYfvl#g(AI(jYinMBpZp#`++msb|hvVxPkC6<~c zBt~Epsa+iZ)Hyl(#c)cxR0JclbWFXgzb|z2+8AK2e0`q#B2P9#E5AK;RYwcq?fK6o zrwVKeKP*oP#4*z5=TdI1y3BR84lV04UHSdFsqUwPlOm}gc>eO@(z<3s!rRj&XjyKp z;gg4!f4r(;$UlP18)3b`|Bh>0E>Ty0aPN+Hh`YJRn-ZlBs3JreTc|iF3!_ zX|N!;NHLX`(!S_3bP<09ERmd=NN7#lwm-t)|^X1^qJ)6ICx1=EhS&tME^re)&C=D z+LlP-1Rv4|T(|$%+g-^2x_`Lc|9h0O<0X3yf_L+Wxwm(7b5ql|ohQc7AP^Hx0Qs15 zL}^1sjOdY&NeG@BN8;G6aWAc`Q@=)HGiL8ADxln%E5&tkn5QO;M3Q8jMpiXihsbv* zO)r@i3DGnnjLo3TJ_siU!Q&#Kx0h$ZKr<+L*}V!SN_l?gfohN$SMaVO9qv!raG5*Y ziA7}Pv-O4wAv4K_9hV5#xPPht`mI9wqfH_DBWg|g_(Bt@F*a66IME5)i3E=@)dSW$ z82o-S8hp5MqAn2?Dp*77EiRv_b^j;80PG ze*np5gvtR@XT`{2-0^-_x$v8c2iJSO0UHjVghAjT{q96WQ+UW(Ynx%tj9Knk`LALk0=*E4}G@7CwFgij_6NDG=?P0Im4J2~B@n0Wy zd*61u!AQs(B4ZmSdf_s;6!__}8X%9{ZNV2nQ0*NYwj-_PHKuw=jTB`X&ikQxI1hL;eA*z?${n>n@!C>K#1W?*BbXDM!2??6@FSnV7vYHp%4rS z4*=9e+zeDUEa(}~(L7^+ezd7|Twda}-Po*AUYq=4z?|NC;M5)uD5-8Ob0u4OJ)axP z{-lD##Gc1;%^YD~wx66I8+6c!y(Z%t+BO`z21nQFB^hswRN0~ti+MP;hKwHsZNh13 zuytd^Y!5l?9dCYowlZB-1JSj(ZZoaTVcxJ@+En>1e-cV#8TVYv5#OOaJ2mK3 zxKm&Li`7^1N9PHyRt^1%Fmf|Ls!`(G3T{H`?KQD ztp>SV9Wc|%L)<*pkS!w7Yxur2AYGM>sfd?PqQ*X!{^=VJ>sq@i1%A+a4H27%ua^^1 l?PEgDc zVQyr3R8em|NM&qo0PMYccjGpaI68mxQ{d;$Oh4A5BtJVk)AL)$b`sz8!`F7tY;JFk z4Uv$9F-b54C|i@xcfSW!013Wi$?Z7V9dqWSEfSAHp-`wQR2AexhJ4yToY74A3mQj% zdiZBB7!3AycHrN^U{L>exU;qMr{T_EZ)bmRYkz0(r@?S*cd+*-GWZQ(X*{`9H2c%w zi~Fh%?tjQblSC-0xJcy4BP5`TMq=s*RH=yhT=WB$DL&yW9Fde}Dq&e`v5ZBGO4dtg z%ti#M%A+a&JIf>&$%xE{9!=BY=WyU}`vWgzGRSzU;N3aYBJV`PmB_ zOnJimgsCv0Jt-rof0OnCktmj^ex62xhO)mk7=GO!Z1vA)V$Pz=y}=;8_0wePU9-iF z$U-^tdL%|@c{25SL~3xkT6jG|BaJwC8#9&h!0Qo}iF_O}ITONs%JQVAc+9+*@C=oyQEOiTeo9^sy$TIU zk!Jw|q}aKoX=-LZh(sR3^gZiKrZiGzKbO$4Ej{IGmXD!Om{Bfd-?Th0Xwm=L-x>`5 zBTwNk@AqDlkNFt>Kc`X7StC?eO4rGzVzC!q-Pm?a825ObDgJY;{@gC2PvAsL%;sj|h0 zgd(_Rna>5hO@-7*SXhSC$GwOUMW@9!rr|qJS->X?LJ45yG>@WF5%FLFUk#R}2J-nq zbVC>NIpGs5tJ~7Jdmd56qiC4^=f zT@W!T2YJqdj4A0O67UC!bE(Lfk(eeqG!bNsDi-RQRx<`XU#2u*esw&ueL#xJYuOJ( zGU3x)k3@v9Tf>Ig*TcX;_0o*bsbW1loBe`((h^i8SVDSc>xma%@&vhIB+bN}hYXsd zMAC$j&=Q77nDoiXge*i(W^~R-EHXxZ&Y1-9jEIZ`LT}-T+$1T8TN-g7kUi6cVwUZ> zS$BFRLlZoi2tvmqSA;7dYG@ROMM#k5BeFLb#PBO-F%bLiaO)lS2#I*iDGd@wx4p=tl0Xql+ktYiKI)oCy>2g?kZjo+ab=8lCD!M9ol_p^S=rRT z&+}}`G=auEIb$@`%Sa@l)EsUha?_q(El7ccs71;~g_tA2X6tsTYkBBxGqM7Em@7p`Ij`%tz#xU(K?O#7zx_dUpzDEX*TD za;XtdClj7%a?0`u=J^>py92wh7*kd9C7{hdm6A^rU{Q$(S^t@Bx<`|+M-#<+_Kio1 zei7%o!a?N?u2!D0@F>?x#yNt`lj+Gc5yk7{TNdP?MVVUI);Wtu7y8I#iLe&yF|wiuD>h-ntgoHB$6vq6u@NmBWMa>S_ePB%*9aBt_XZiM`@P9mP< zx9g2_%oOz>X|OGQJ=BQ130<>{Qp?vg=ji-;m3Ytew!IuYZt3 zX3V_R+>K=({LtX&6>{qSkj1Y=m_I!&87NXPKcaQse~E;7_K%h_X~u=-@P`qV61ZsN z&B*iEIGrFbJ%(L^uy0PkEo4tenmsUV(`+UqGNF-VTJ*D;qvd<=aaUJ@1R~2=pd!tU z6$=mz*LwCMV$?_ILcfN7(@ab=8k>g93_wSk6(&MyjX%*0MSn@b4_ef_#y?N2-q0;!_e@cg%^g7uS+kYE zihjq7mN5Y&EJI<{Cl@m&8A@vcHsvlkY?F+0RnWh>Vf0$>Zd6`(30bBwN7T|Xff=DI zZW%FZScp-jAho^o8f31j)K!z0-`vgeOwbD58a^r~$)0n*<`lZJ?m^ z&0qq4bKv=gz7qUVbm6s=PQA8N84(GXMOYWqh(YM6+R_WhJw;73{Ml zh;pe|1_BYGx_1ef)(eG4`U{&gEyPVS5u;>ft04V4{L_5!bz7eK0epdMYCymuJZGjb5lX%euom{Fe`Bnu)y zXVWVfh1_s4mC-~-MiJAJQw9SAyN?w#4?&uVY3g!D6sEL*_RQc)(Wx{okfmxAviW8t0ve5yMWE&GAkSErhG5qf7Akp9VInPztK=`5xLG23AYEpM z{F3G&S8v6%-VfEf8OYXpkUzYZZ*ulrZqtnhM?Ts{7F9j9R|!T9}xffkuwuqN5kY zi&Gh2RJ)PIdWFs^bx6DMuYRVn9_D4QYGVETl zI0fT#|NV!H<8xo#s)y_2j`RP)?qEL=_k* zxg;{>C=lnVUObEjGa!D=A+au7Oti#K$%Nf#ZXuFTZi1XIXCjaE?#fUCp9!g? z-XAsk2=FD#T(P%hutD*4eir&xqsAu$}(cWOt zf7O5We|60R`6l90dER?LCV2*mFa>emLOy1N*6II|m-b3eWBp&wSd?lGsM3cz3ch3g z?+Cl$ghLG<9nQ1>LHxg?^MNk;!JNyI&st7N0ACHVLbz^;X7WQ zY2;GFDK*>7qsTzpg;`ysid{Y_kZC^_2(@K83#^3kNR};q1<;S)tUjp@oCPAV75@ye zgp~_eD{t2ZFwJE!viE1XQELtRU5CuN{;rUpGp~BFSUWA1IJbsSuvA3HEb5+L zD74Wz8W-94w{fl`pS40C(SVVS|JWcKmmBwAP4&fYbRR;^$tb#9bPl0;652|v)nYy# zu|h#DVgK?=L18a=5=42}wg&u{UCjafb^53^ykY*>SgDatA~?d~o5PaSTAq!aV_`j1 zw5Wwbm!^?xYk=29J5gC_sDee^hJ|_>i7}1Hiy4(aumyQhEY0fokO%4|*{HVp(m_nG zR-@W|bGg-Pp}{?Clt*ll7Sx?Fm1l{Ix{7HQ{baz-+l8Uhid7}FI!v|{KvJi~h{wKl zH_+dEa9Xlt*4rnlmCO-+OX`XWjYm|uD}Ra zo=9_cQXbUsWV)REeX~?H?mPC%G`nX}b+TA>`1cvIF7{sQOwcp2HrhLe-mvL@F%lXr zwy%)UN|m~ib133iB)Hkh&Ozd59MgvY>Xl(^uaKherQHAN;Y^Qa^0p^JJQEFN9npJTy zW$IF7mlMjPOFp^e$)z< zt^c=;ml_g>n$e|6OyEeY){NeE_@vneIDtk|m>C9_zd{@^hgG#Yo6s1`GLh-pYLVJVXd;wIVJUW{6EX*J_1-Y`4ZYJY0N@ag|~yX|K3{a)AL(B4f_uqElQqTKU^@t zUGZPT-Mat(?#}j;{pV4h79GN#pcis*<3sg4yC?@+Um5WQ#f=JpZ29^%?x{l>r87G8 zu6YuU%JXh7W{QSX(NPf<^vf^Al4hIEhvGBJ4kNEcP_SZ!Pd*c#gjyQg(UoM%z{@zr zvuivxW^)#ez*B@tb;e{W5{ZXAQqgJYeAgrPEkp?$xJQLy?>*}3N zsfgK@eop0x3M_STSuHF3cWFGd83p%PM+3}zA5X#YpY+BXJad26rWTW z@vA`qHBX01B|N0Nel0Jdlq(qh-o*a&G@b_kHwQRynE60Ez#aU5Yq(cG|Jxf3cAohE zV>~qzMK-2^wZHxPt6|WGND^lvVig7tg=wy4BIEz6arpIl`F&YAIPBvQJx%#{naERz zQ*Ue-AEJs&k^W*r1@K44(ufBzhCn1L6H&yn^0RgMC|u|yd!kmQ>;EyH+WK!E@1lP2TQP!0 zgwegZ03jh8=hG3{a155s;S@(?P?~%$y#*mi_t#%HJW_WGS<(t-L17seA#xOWahbxK zitTirMjRHiHZX@Yn6ZnCw=Ot=es`%*ejAzYkT(uF35Pjr6A+?0js5@`@&=+eUFXF%fMw{Us_Yx%AmD3 zcwg}JZtesd8|d`gODC*rW#C$y`%=_h@R*6bfjNb**G62Wxi6GVy7&J_JOAAoH1fag z?hK#y|3`U#gH8PlcX1~qeMCN^`ps@GuU|_Oy9iz@PO!fg^S{73%4w*-8Slp|TGGOr$HdE+X$=EKpVb(D0^zT5Op`F;36qy5b;78#bj;!~kJGLK?K~9d ztd@k~3u(=)fm)*#vcn>FNS6jwm-yJvO|UlfNHz+}Xl=v9Sd+#WE7?81bT!q}hxnD& zD?=^5RF_r-8Z)BerCC+=GMz&Ly8F$Bq+4$v60C~$ak(B7)$+B$*@E@KNf|x(kfe;N zWGJHw^tw+=T@pEleb)kBBL~cH0dJ#|`T#EHP{Nf1>tkvHS`Mv_{ zh!Q{2IO;4^-56>Hzt9(oe1i{c1k{YU8B9^MTURZ*o4ki-s5GfF5emp7`PKpJ zfdK1jYIz7td&1WCl&Ti_W*pA^EI$stYmW32RS@#1bM?B|sLgzlY7!lMid>G64KL$8 zVS=%EqU*tls#6$CKr9NRyoSux9}Z8+j(_W>Tr~q9}n39FSYbc~>~{G8OcjWA!y$_eHZ!6|cvKsp&+vAUBW-4eMzV zg>)lIR8vRkQZ|oeIa_v$Y<1mcf-|;P!fsYTDRJq)j7?2 z5g)rVyT**pY1WVU*qPP#iA1xr8D<*{S)Q!hZFLmmW@l@^-%bpWFlbz_wVn+(2YF#^o9EanNI{=19@=IqSm93PQg zuONuxN}Uxbs+cCsjM$36&RE<^;Doiznbhs;c8K3irP4!BP@a~7|yt*6>lkqy~ zNF-BvYOos&s5~nU-jA8EeL-Gz%kLugqkJsoZ>Wk`Of$de@^8 z_O;3$b$E7SnZ*rcNYa|U@AO>`x3Yjp{icjNPC`m*!Qw8;9cR~72(P@tp&+>7z-0m*Mwk=U?qHjzan+^uGyji9^OH7dVF^B z;plDviyh_5U|hDd7?54Jf!g=hy{A5+!-K=`k1sDS-v03hRX884H?Fhe(+_7Cf554# z_%EzCrlSvsKOCQ3p6h=uE>90GzW*Z)tmy=?-sld`PX4Gvt9enZHm+wEAC5kZ$ahR( z`d!S}gFr*JTt>tH+hl<6E)PGveS3U(@!{<9`2Er8hm-dge<)luJU1Q<9Tz9>jz4_- zgJQ#YW2{N@-ya|TaCvxqc5(9U$>G7p@gHhzbuXCp#`eSO^UL=ij*c(iAG}*(T#z5H zWkB#A#SWRW0E97<=)2k9>4&3->&_ax@Opq{-JPEv9R3D~z+>>nP^| z4rq$rALKx0-4mFG;jm;O&P`(uirg#5o5q^<+AG)v-IJiEp>sWhXv4*#cJWvVMDtFv zN(4e%%?+<<(R6LeO`JHNTQM;cQoU#DMr79&VJ=LhwXB(F#BX^f)jznJeUDX~22M|o zs`l;GtgPLWZ?9A=XTG@FaOt$$dMnw2TXSsQ+eCd&gY>d2qGkUHSBDLgbi*iJz5T3| z$nLaC7s)YecClqf)@3Hub#VIt_#JLFJFg&_EVrx^63~>6dBhcOUX&PSBCWsEs6Tl7 zw(_>qRIQ&ZPY&dJk(>#k${TBH-#<#0jmV(YDyu7gTiEH_nt%(@PAw3}GN5>;TLYS< z25%t1HXC;h$6Z$LHdA#h!ZZ_O=GTp0=E@oKxmW+(X_2mXqIpn%EJR%e$M*GyhP8X$ z)+0Xd<0_F|gV5i;xSw3s6)kK(m)WXqH^{$vnpLunGC65=b0RD7jR)ixOKEZia(r6d z_Nkn$kR~f;<8;#8VeGJxD9(R8KRWsD@|)9dFHg@td~;mG&m6D5uXoa5xsATz=2ySC z_O+{fUEmVRwsuS^LekO}*9A-7371?Ou=Y0Bfy`Wn+XYr4)`F>{wbcN!m+p4Ka`FG& z2}M^EO8_u2`qyl+NxqufG`mgtk0tXiz_eto8!&OYEg(XPxk;_QaW`ms?ec_4J-_4H za$vWmLSY{hcQPWM2waA@u}L<1O#j!tmn;%f**E9y8|0@-8(IwHG&*7tT@=Ff(B&u* zpR+$0NZo>hA+1EHJH%f*laC-*bP!?7Mjf(wYp)@jFWsn{ti7f2G!sE<>-xibGR7BS z`AM+)5)!HVci1kQ?j5bw+gwDJI*HU<3E8|aXK_23)<1OKl&Du)X$k5#oaadW@<|VGkJe8M4h;;P|^_MHmE>rDGl&PRMsRO@0J>8vNXC>6? z<&`efOeB4iiV0il;F*o|Iz8my_gn#bVukFPi>z9E6f$G$v$J9noeNQM4m(1m+6s1R z6D>n*IEeR_?J{@zMYn8Sy$*!j*;WUF(Wzf+6(2IZlc~{FjR~+gRf{8@ReOqA$n$ta z-ofR^%{ChQ-BN(vZL`0JERCcxA(#>XRJ8k<{uXAr%+LXIR^*Z;8 zrA@f|#l!hqKRi$Ebur7ksJ#MHjS01yLm%4NyHe>6KZrXvtMYo}`n&F9hYny?-z|Ep zbNVlJi*L)-);W307`wfW`)TkC^-grJN5b{W)hg6HMvF4OfsAcP^8S12U%(54)Wf zxGYL68{lY(VPF?(i(-Xrir2jpYWWy4RFH)As8J{Rj`-~UKxxA&TWXW;d zlb^$a>STorRa{53EKqfB37HHsp5lqhXCp8`U}u_%IS(1eoW?xiaUNS90lDvOER(so z5uKZr(2~2kk)C`gApgzzA)FI^FQhu+845+GQ9kANoT&JGa(ZZOk;S{JA4u`K^zJBM ziA>2#{qCcw>gTZVV{kvS(503U`Sg>0|1ptt!p;{mP!WDGVP^+nv(7|f`fINUY0r}b zd5|o;DPDM>3t7LK5gB;P&)@7$aFmI((N}q<*X&KQw>-&jox{jRfgliZdYTD{y&HKw z^8D3vPv&VF0aekcyrQ92H&J@iY=} zx}t=06U;IuVDDF1jTdz1ptuK9_~R_3|Dlgr|A*fny#Ma_?T7FDIDGIvmaqS%g2IFuh`7&^z6@y6Gag+S%Lq>lQ=Kx^kGNEQxSg-O z%aZWKMs=5$z>$^iA9YhJ(^|nvE>h5I;m$2xZmVcGU2z_%(wiOL}JPV zFuvF=1Tx;-P)RWTF(k9G8IX;U2H`IbFH3;C=HeZnW{`C&&?F0l{0i|L(Xo65=^i9k zB3obs%^@Fzp+hxJ!f#7D8n!v^uUeckRmM!wssL&>Ku7?TXkxIDFq@F3EKjwJNkkN~ z%q|+~y&~s_hlY--snU2-nyknRIJ+YUrzf4JxMGd$`&)yq!LBmDLx0$qUu<{y^_R8V zq#M)j>ke|P&W*{MT@Xz%K}vKH&b~j~U(z=62tsAqOWCAks?09{CYVi76TsSPd(y;C zd4%45q;W`ruB@d6GjsskyJMYOiivn~4GZM#_~7W>u^+pQ?0&&Q9&}I0P8V#kv5gT* zVv#Wth&avIj3tuKSv>*(mV(V&rJ+eh==QRGXDqFdWnPdHKvk*8fAAo+DClDqhjZgkn@pe{}5&h?H6c=e40U~x~b*@A?5aYZ*~0Rw01LR{x@C47mdtr365xDunsNQn zSz}+ogm$}GeTQIWi*8 zPJYf=#+gghU83DFAjj$@=SU?jW7z9#0amOAUJIkuT)aqwD0kW232&~k&F(I3Rz^Io zwWzn0t_E9X4WcpXj;J_oTGr5u=qMAZE5O5vre1Nz%Lmp>apO~o(;a{7-pgj-f4$Q| zEIa*;~N;1g|!RPdu4q zRH`fwG+%W)y7v+S_&d=uv}E!8dvOCmrqhguum?v}Dl6|lx98L-$~i4`ZJ*z2l?tRR zsyLi|E{N9bGQB0MOoVyBLeNljGsCYPsD@p;XIq;fN0mE28T!LLx2>*CaTUaE`P&_c z>lDscYj&%v*{&_^KrJtNs742O;SYd!Csjx^oCJv6s1a10^GS=ab2AqAG|w0@?+S5Cj1saWw%s| z-q(}r9C$j{`AXB>kfTqMAY)WAa#i5h z&)Cm7lS*CzlAI3_kGX!W1SX9^s|_mlc;gBvXu1pBa-K`;N5W|Am$sZKSF?N!W*igW zVO)%ZNaSG;eOP3F9Eq{X3EhWwE^%|H1lhR0$>r4@^DVG6JbSxeTE2F^KnVftbuq81 zK5$s2>V!!xg3>5pA=P>^O|*`XY4Nvktog_L#x_YT5)PLK;3W(pmuW;7xYHSd@EsO$z}>k&alHQ8->q{OjrXfmV_hniDC3S} z_)7hK5K$f@cQL7Y&V;)jwmV=uMYf~Y6?pcTSy7_kwuLe2O6yUs)bT~b-DxvQm@0B6 z<}A`evvB&Wh{J35H>mf=zB&E2*!yT0Iy(4v=h!T|Bu$uYOgg)(-a{QfzylP(5yr~Z zDn!~if|j+o?RW9SGd5?L(q*>%q26AsL&nj3q89puNUob*q!KzU8;pT#dM&i!)dL2>8Jlvc zwC+t_93P%-lK(fS3*!6!ORyA*nYUG|o=A4aCS_yGsI0MsNFn+?m#{Ep%7U`3WwchLh%3##5|@!I4zlKGZD_#K4n zm%h8^pG%U^SPz*eL}Ve$KqZ3fTga!e-q+HM28stv)=qV2EQ)%#%$r7n6|6zxC5 zR(pX+<}3j!ed!l0ymntMNKtwQ3e#xC_T?ALI~&uW*z^c^`Dos+7oF4!9G40Wt94f$ z+jS9)Gs%;nFkU$mUza`11xqZEa9Rt@>l#CK(u_&iWq)s9h=0e&`2QRopPzj9{`st-F=p2Jk;P{{HsX{@zQ2 z7d=GZcw@zkCWeDn0Ffl(*NmK>za>u2f2p~88s*a|3<3&nLP_si8U+Gvl)6v@Tbo*s z%cBtP!J`SCvd|z9P8r#45ap83S+wxUk0SR1nh?p*kjIQa(Wi-)83=Zj=21k9eXSb@ z=!nzTh5Ng&ceh{qo_Anw_Pe1Aw7(@3jS#U55fWNTr6D|^E$~<~vWzT@A6_|CJ~ z4;WEA)lFC$DQE&{1X?XTwqm^dqBK}~SWCm$o0MjdXW)W!4lX$MDAzmV)0rZPxY;B~ z8x&42k?sL$MWt3O6(`Ysk?|={EWvCI_Fun#>6Lee>83PdR-?C_-R8HptI0S_p}SIqhzSrmAM~1=LR%tPa1U*8zqG)aEuLF z_XH-S(p3)^yS3+eS2eHcgvRX33?eLB@jdTHkrTU0!22a+3RLKFmAlvw3Hf9sILmF3 z_hRuDD#7g>#7e3nDkZ0hpD@+G;n%zmQDm}z8c{V7S=>+QRFlo_-roN3_0D$x<&zBd z@Aeq^4^8mDQ6G23e+-9p`ER&8eDeQ(l*gXMK$Pg1B>~I4UiH+*%h;T=o8@JG?{Pdm z_j}CxM^jAi;2-C|fev_A{)e6Ydi>Yc&i+&Wmq&Tp^*`4K>EIvdhfnMxxXwAprz zUV<7Q#teKjU+6{NUx_qisVf$dyGoe8|uD#m415IPp>C( zm1^-!>#4oo&pFE$RfvwLqMv@M`Z-=e<wL@t z71Kd~*dj8xGTGP4_S@>oH#?X(CLCuv@>JADkc!HIsF4 z4i#+(%ZO}+liiT+ZuRyibgQ?sH`(irhkHA{-SO-Fui5LpN%(rVA544O+k3;U;m&Y( zh~{yR5JjgWGVovT`okU`)p~@a?tLF_X1XP0gwysdPf$gac8%A99yDD8elrFq9*bJQ zROS4qR1Lur05$}N^k-lmNTi}sM0!09VkNJiR@&OHFgBFvsjx7tlO9enJ{J%X`OL+ zGTkI96Ztq|awdd=7lo6*t~U`GOC%4ZZCCrdTjbL?ot#Q~HVVtJPbG zk&S>K5gLZFc|NYO_o;eN+6qdFjrI*TYlFZezNHoMw6G7y^%%n&V&Ei*48}K~%sC~r zbTz;son{P<{3KUQdR~wG;ClLg{U2!M`i3b=4o*)bF(;A+9l&-ie@64GcOeRX3@$7c zlUm^)2aNhEUfA5oSDW^bks;LG2h1R4LYYt2erRKMODxeeHBq&2JPhc1*0=ttxb+$M zK_Wn$XL;i6EngAXUGy#s2LxsGD5*|{e&rhrEEm?!jk}3CTyVT(b?GZ-H*>ae@E1zj z!KiI=CF%$`(>4xf-~9OD<5};A;~#t9ADpW9mia3fXT+uP4E~t# zE(*)-r+&yHW<)fXoE&q06P2b;SsZZTK=@IzO37X?&9i9*=~^5WajHLqJ691CV+#P8 z;^{?V4s)aunNh1suV}1_!S}kpvjBAmA~6RYQUtuTJC{ofP1q4saQesPedtQP*e|*+ z07~KDNaI^pz0LINlx8$$N>8 z(JdoDE0y*>lU}cPXPbAIx!<#1%Np7%^t!S-!&O_Gu8(6)WBx*DuTWd_xoGKl8MKze zHL86E7fB1GEoO}ixQgx#t&s|V+us4O1FfRduEH*~icSkKzx?@3t}vrTXV)cw` z=)`0b09lGYU=IS|$>hCIr|8wQIyxOqvR>)43#ko^d64Hbxk`9+H<3EfHX}v+AkDAb zHV;of+GB2pPPAhN&ZU@4lwx*=dqKN57{n`r+XZb5S3q19ZQ_*>4-fEXaU1?O&Pw+1UCw;kFlW*yu>~8O^h+KqrOl@A@_DY}0$po^w zZdwc4U%)JR_RYbe;~{@PXmz{m&~2H7xTDr*g4dyxr{K?J5zbF+{)jT5|F?y0N%@LJGTVm_8bUW3*KfnL?yeD9?8;rClmUCIKHt98X2Y}Yx$$io$-Xh&z zYb`D^cNQ7=#yN*1PxlpcYa*?^OuUPe7SJveZCa%o4X0gT)q$*s+u@o!Zx^)12HYjp zd^y0M$<_AG>$Rks8njJep(ZCh9BS_)gSmM{I#!tp->d}SIT1NdY?h(J9%QGux@#c! zSY^xZsxr8J&sc~DgBU+&((D*mOkxE*Wip{^JR#o+F^w2G{BXVux9je_PI9;|8SI=X zLJMOo*zlAfCfm<~usPUy&=U5_$+To@z;6Bul+FgU>+ZbG_|Zn2KQ6by-uwAXuHI|C z>_?H4IEUaFjN2?ux38V%U1&{?w?mWSt)iD5Rr9|U!7CIpSiAruW_P|t({j&dkHch( zB>6x8w%A z#VZ0$1To|&lT}A!IK>^%LK44jYtl;4o{Frr^L!?dMfT6q0SJ#4SAOon6A}@kTx*ln z`Ur+Y2@Y;slG~CO=gS#xXM)>%;I;|v5|i^C#^$c^bjaqVG_HZbf%K@U)Z|Ueplvld zcNv?zz`O%nnkNkX;RE2d)&AUNdA8ns>p^@EYx6Q_8}{c`%k%v}y`QzY3GEUk?Q<(g zj@~9o%Cc3Bxu40^*6w=N=9QqeicdSVRlRL>fbXH{EQ7XTf9}RDDs5{Z)4tRZ`%<*N>+HhT8)5dB`TIdM$>ys z=J(in9cWSiXtr4^V&gWez+>hon@}4rBFPve7lsJ{?=c=Jykek$c3qvpVp&W7h1dyzhQ001Ue?cKjiai zf`6Z9U1+^?@V8zNMuS=DHsZ!~qJz>kTfBi&hfkZupFdp@noTi$TnXa=WL$f$eDbZx zY=)i9H5{V;8y%KcaEsb(OI-M7L$BG<4I85?{C{so0%PMxEYC#BHcSs)K2;I;`zVN@ z-XzrZQ=d^~9n_7#j`2FTvWMe$6VQZ=S($$j!)j|jQ2}1aaZgP3CZysG-98}4Gs*_K z+RTsE`{$F>%ug?zADE`l$*^P706X#4Wq!)KZ>TM7P(dRpN~OqY)cQJ#o1~fJwdSXY zi?_|M9K2w47pahvk0VwjA&>z}XvW26;k>RPLT!_9$G@@kt|}*Tw3<&;vHtGu8ddr} zt>)KMRJ*r(Q&|-i-TEaee(~meAzfPn=nAKrXJt$R+nfohfIN-6S$V-itw+oH@9ME; zy|{o|1_}#C**urV5YVyRe^E`SDq^W)VJy(Q%b;7(Ir;axg;|GnQOTm-VOsJxc_LapefBJ36Z>X3BC zSm?|eD`>TEt|EIULOxkI$<@r2Sxpz}%6GW*jGDYOG>TYQKbKJg7g%db&yOvr->isM z)kR%s&qgFd_ZXYMr+NIuIAn~Ob86-Ay2yLY7UT`i-xU#A*ZQc+n0io*CR+SCEtI?> zi7)7)5Cl|)Z<@&kG40BsmMdI+>n%T0-~rc3sc4SO?eOL#z+7XF?`B*oG0kW!&1)db z2c~kpH$c+PyC}(Q4mP;8xEP=iQJW`zn*_5i#Xzc1wA3wLSYZ{Sv`vyLj)~AMjoAr8 zOOc(XmMOe5n)NrC4}2Zd+e-t+h-?i8gXa6olx3G`CNwxBvNIS|qpmj#Y&ycdmeHF` z%@(}RJU6d&z--6mwGL+6)iSN7Da?`x(>|kfRupGa86b;#Z9z!5*0KAO1m_t4xuRK=FMLUwnOYD=Y!Bq%3B;)dfuml zw7jATk0#g5Ol4e1Y+|ax&i>y1_TF~?rD0NvO|AVE1X5aD$8lb>xEUe7;AHGJ6%sFJ zC<6a&d}8-QKmhflmpx(W0Rp!@t8@VzZg@wnVI-xgk5W6c!1IGZ0~{K z@uM|c6yU(lUOoA(nJHL2W}$T=i&qe6YX{J9+dAg0P8TEcxd&tkDu_9F<}s+saJ~<9 zJSYp zG{qQ_sEZ#c3}aS$jP~3t4e`*7z=|~q7UVzA`;Y{zmDEtxq~QXRYXTE%WYq)4JZ2M- ztz}hMbu)fO4orf5vqel3@_qlOMwwU-=#DZ92U;stQBMuwK;};OOr=iq zWgKn|{T1?_YAT6DQaZ#qsXCpUp-SpEf9qHurBvOXBy%j(%-Cz=H5YZqf?Q*{;|^FqV(d5<^}N&a zjFj7WXA@qnb@d}}r?*)vh^4-hWH31q% zT{#8CWWMEDsJZbEqRs=BL3sqU_=CZ@$(y{Wa)h7o@aj{n=xpQDL1UqYb8i_HD zKzaZ~UOF4;u3nu?&mDAC`((-^G>~rapJIH8i}HCnh0n<|12Nv*$3nxxJwj$85!oeP zI$NlVg*r&pY($>-O%3+E_;zWqSoW>iLB^)+c0`_+3-B@(AprCod67AZhPq)UQjegT zVR+MX5DY&3^t@zM&woMEc(b8_+xS&Cgl{foSnXcXX~E+PRbk|$Q}L`ARU|QR2;JCF zVJTcSdbo0KNs(~%F-$pL;~~I6l339`tr%#{8p~9 z@@$?bc5#I5R=XBgz@m1~8K0Te;?jF}y*E#}At3}L@P?Ckb19dh^vY@lt+}|vp*XuY z6bC2va8C#xxfhksgx&Ol*efMd$dF!&r*?BJ3lVeMxn948Wu~Q79E(@V^ZMtg_WQkU zz9@|@4Hj1TbqXuEFH&W%_b7nr8cS!*3RGP%TdnupX7B!1WMpb=428$I<@z=i5u zKMGtcWQk2oCOqIY@`~I&rWvjHwPx@!{k%ldv_xW0EH(=w8fW6hp14;MMq9UmkWb)# zBjq_sL#l~8YS+ z?WPPjEn6}^|7$m7#)$3w-g&)NeQcayn)b9DAG6;f|Lb75Tg(5pJsfU7<$rsO=UFY% z<%rEcq_SWFg{uvkFU_UD2}hqd*ds!gsAvJHBJheObZLS-_K~0=hzDtr5X~q5unN)A zo;R^IV5JgGSw*V2O%l^v9`k=OYtMj-0MP4ZP9qLieL>zOPLqJ4C8O>%#3kf$!~6Rr zpC+57t|kK-u}uNR1UmbYvJ8apBw*NhE~&jkSqrXd#wC*^WHC)b>?P6ylvEC)?B(UA ze@K?+BC3)AZ_cH;QQ0T3?;KY~?!6*M7{oZwBdvczS#D(hn9G_VZ|wV$C({V0WDFjH@7g8~?q!5n8hiK4c;QI76<{F07)@!QG3LF3Xu}8<@mgxZ+TcyP zJ^?u{)XaND&h;c$l(@1>8e~FB8;5Dqn(0}?``-TEBr@+6K_`)#_7*cOB_5uflj<#C za1AP)^HA4pUbKhczdt#@*d(WiC*`fF7=AR?{bX8efw4N4KgdU`vFg2LG)wRZohtIF z+_l=XJN}Q^w4R;^d(8eH@ILsLI7XF+>*KEb9|qgQ+Wx<@J=lHP{~zONwZGop-ahey ze~-tke+ahH5`({Z$d!-J9qWH@IIQ3Qu)V$gwEiFEDJFj8Jwq4Mss!ov$edsqPM_Kx&*~B2wfym4e{DM$>C?XQJ;Sn^WVqVpwYE|2(TBK}5 z#zI7lCLSSjCT=ceKDOhy+y$Aur!m7q2)a~-;ns|{QM?rz^!#+ez&wz50&qd6YxI9Xr{1#`zp^SJ z)O}uDV%XSdkiw7Ff6YzVTzaD7X>XBz1?|imUISw5rCbnPbpRzaEufkRkqV$z|D^Q1 z3G+Yft&OIX4KbMs$R;F`5JDy_U(AIXf2LG=s{guceiHCgfviMIK$s_$ z5SXO9(Sw7}Hj6_y{!fbv-(Osuk~34m84s3NG8rZ0^5H<2Yr}s21;8g_CCCXl0QAZQ zp|=E0F(1#~qBj?&wo8N=O?iKFF4>Yz^Sv;GfjbvoR8}0tUSHlds^43ad3x^i7+t2_ zQ|y8IxXb>xwO_ygX?L)<^`!ql#`Em|^v68ugFl|ff|(#2buaJ@54>Bf*CpWz+4$-| zH@r}Igg})ZBO8Q#^4D9P=cyBr(Av$9^EfMmS r{stUSB#iuZqij(3o3JNt^YlDDPtViyh0p&V00960V5UK@09pY6_%u!@ diff --git a/assets/sysdig/sysdig-1.9.200.tgz b/assets/sysdig/sysdig-1.9.200.tgz deleted file mode 100755 index 9280f09d01afd4bc60a74b9dc6ad65e34195a735..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 17705 zcmV)HK)t^oiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMYMcic9zD7ruMSK!E*@#Co3-Fn&SHJ-B-NlA3$hpr@NcCL4p zgeKA57?A`6fRcLR{P(+11(4vY^|0b(pAlzPtS0d&6bgl^LRCR6Rm|tZy#I~4U}-&t(p3J( z=(GE34(@-*L$ge1s=3J2Bp@WBnkHf%MpWyBgLJ+~`181)`tD^rDa?V0U6Phw9{u( z#*`M)REbzjyJ}zwTcD~)lS?W^$R&+AlU)_5{Z`e9s7!kpWSL@`ET=66!7mVeEYf@yfh>DbD8afb{OiCWJAI+dAK|qLPbFQ>pPDm`G3noJ@ z;B79HLBi58q#^D_glIZ1w=o0XNzNiZTM|kDD@R3=9EpTSOZaNBtPGG(catl+R8I+? zVOi6b!QIn@YNqtlb;1(Gh+;6hr-!q5LLW({Sf-ysYm&`ytD6jm7sZsxjA^FKJ{*e( zIpAPk@R$vueKmZNOE$=hB;nb7fbRlA@)E`g@jJ0IV0LAiBuk>)&@w`$q)Q@Z)gVt; zB$-wrA_0Gpv{0H%8A)kYKogN88U8rFsvKgNjW+Wnp z-5NH`p&14aYLH8QNi`d|*&LSSlUJZ3!4fjCTTi+?#^OJ)B^G%{Qx*i0m75O`V4@eI zm@i2Ao@9*0EGASkqKfH1S)}S(TLy6;kUcSkVwdfSU3X?BLlZok z2|}l$(1dFsYG@ROMM#tv6S6ZJrSL0dDG>Yic;hV(2uXO#Yb7^E&7$M&&7HSA2;`JT zh$$@#Mixvm!ZK%^NqJ&sW!?NfDde0P0!?{# z%xG+uk;r0YINVYcwmq|2kOB$O%bZQfF%J6!bZ>_AgdALJNeRm?xfGe<*W{8)j#Q)< zR3lrTGLlne7L67pW_co(P&OB_nIx87PROsn*=3uEs|E_q?i4LpTqKMX${?Q3W;`?G zB#Q**`3X6`0lTmmb6xQzpv@swiqA7(QJIL@@QG`BK(ly2GtCF?O+d%}rJU|p zeZ64I38{~m%4p%0Aw<{>dO{Af+6R;)Cbf5_QJTg(TQ_wh)aP}Q@T|DL+c>98)9?!o zwxh3y8gW0N8p^?Gcb~YCMEMDM(6#P$XMY1=qQs*E)0j?OQ=%7MO$wsLBOW@40-7R z>=J~1bM$Q~dwSCBu4S8cGntSXO%yYtpVJ&2-+PC?Opi zkI;pA4gKa)%q2~2Lv{wBBf|MCtKBN$ z>BMa`M!YsJ%Fe|M`d&RmQ~4hYmRVK@4R`}d1@J*L{{_blN9Y9uX#*v!b#k@fuq2+i zmkL_YLL||G@~q@iX1u1ExZQ&h^)B$wL#H?NOV|Tj6lHTy5JT4NB(SpI>9S)?011;Q ztcK)t!4yMjO~9tyCx@+*X`xH{*H?^QnB9%4i#{RCHs*<1MkcT$^u;YJMvY4`suH9& zw_btFRhPP&GFkA1d|OfV`)qI|SxR`OG))p(ii!p>+_Om}65Iw#N?$M6^h_A8VaQ^} zSrV(DEPUdvit^?6Lh0IzBO&31Qi=WNM<)4fxrb)M$jC}|X=~VLNt6^yGYJ9_p{92Q zm^KTAC*}*gWJZXaNs*#t<*Fe4di>LV2u)jo{Q-P|tgQtBlGDU)=13f;+bNs6eEn_ z;9D(OHjJ_Mz}8mbLZ`{|fDrp(&%XB<))TTDU(zgMaXF(Q+0B+jfX-%CFv!hLREoLf zVp`HnB~}qLl9Pmif!)UmntLG4q%`+ABMMVSKzm|wrRiK*qBnm|a3h)&(<0NwddzY? ziP`0PA|jehvSnoC?x>KgPeX9)3JX=dr!jG&1kax z7n7z-l#;7)@RdB+G+}jWY8yehozBgW$1vcP7K9F^`&Mdqi`{qf&yDRC`*bR6lYK(@ z?KZm|k2bapKgIPFb6m27HkVd&9R$c$ck_I2!J-S*&@_x*VpxV{zBJEC1m#-72--dl zu4$SlxGvy@g5P1joRCigYpMWVXq(|F>^#r}Kv32sBr=i_dAr<$&f)8`s^D{H`7lq+ zX4v90#gf@N?jTvjYK6>WK8JH!%-ORw&6HlSBwbr4R3WE}30lo}aA zg@G0clhwiKfUwz&MS4Qs39Eyn%m;cMa7!r?)==)SwLkO0l4bXrr8yX%hwt8>9-M^w zT0dMLH=O^EwnwAJ`OntIX#9Bo^Ch0sk}4!xzIB|HstaRj(7S zbP&7~WL8K}gei#g4)Q50wa)O*ytHriwATOGf+e}(fI5Guqu?9X|I5+VPGkLVk4HO? z>;FqUzy3OWK`wbZ0gHeU#q=^~uTz7TXu&4r#qhV^0#nMYNSejv@tw0hMc_IX*m46S zT*UkaLl{}M>zrjIcA2gBB(yf%H9K`1h15ryL)kuqN}fZ?Kj z1guA(U!biE>=Vzd@oE3vi75+4wwy)J!{Bg6tY;K9Qd-XdYxs^=XBveva4N$#izKno z_F>i(sbiPVN@Ti^B|=@9-U7G6c%rJ7z5?hcuWvu89-Jj2u$Ax_v4oXNSZimVsUm_s&H;CpF81yVZRNwI`$Ka?v}4_DN_bvDS-)c*F_?jfDN{uO)>& z<5`pxan~9MpZ7Hf@HgqB(eRr6W9?Rr^b)~74&NS@EN^F&N(LY^(C`hhLUvvO(HzsEe%&&gW7&F3Cs28|l^?%T_)SqlyB zvQ-|jMLJM-%yc0$A9Xd;Ec(fSowpA|l@+T_Xib=0DS)I&i3v|b=WbxW58$+9#jJNv zR417u05#Vm;^EFN@KvRI@!nh)4QdHtEW^&CO|)UzNyl_*I==-Yy!AxdvyAp2OyETSp`51+;Zgp{%OsHDl^}R)jd**KGliuA{ z=_G8LYE}6}ekp{mZ48~QpbJhsm@exuo!ITPi8#O<2|g$zYhJKA4(3ds33)c7JUQdD zGoGC}^Yj{dW;i=plR^M`)-Kp`jja7GUFK9T!V9+i`x;rZ#mxuUg%bHoyrqQNqqJxcrskfIX~g)LDndn3O`A+Ik_yRTjK^e|j(}eLW2x z@SGirrA#S0Xa9?w3PI8$TENk(Ou=Fok~W>K!dfZOUa%!H+R1C8^MpKeLYKb;{-R8U zHDd7aoP-9~9$i&!)RyOr*ew~#mwc#>7vlaRzy0>>uf)Jwfq;!Z{fl~9V%Vr`mzrz;HLPm@pjYye|u~5 z(f;#Ao(>(touHR;aO*?;Ji9ChTVECN1;wojfNc5V74E5Hn&b;Q4lZ~WPpb3oAZ41y zRMSZr74++`#F1u~&WGYN$_|sDLr`#HMMypop2bEQ+cK3@&cMq!$FplZHD;GAnSiGV zQ~H>xTx1Fld6cH}%K2_U+{ZnU<_XiR_2EQQiIE0ZY`PHQ0_&QcP3wfYmVU|Agp5b_ z*R+sIPsn&1y{!|@GL7CCuDn%BJtt4+N8grp;I-2)snc(xS|?7dpog5^IY}euXNO|z^MW; zT9~bsQ<`cvE0Xf%!vI@op(2{_Y~BYmP^!o@O>z;t@@}FZ1c<5q*x7v~MfOiItq@WE zc#yu?wPu;JPX3=WXFQurrWEU+#k;}#C<6RxpH=(+lxH!|=ASJF+~oiBaVIG6x#Rx-4U)v4PzV3q#jgWoQ+f+o)M)#T+w;MQV#pcNx6n z>?<()a2&P0{+;{(03DbIG|vaZw$uKzFdG}eE^wY_Q5xpX$0 zJ?DLVFPlx9wC=a&v0pO;khIBHGoG+@@|8{GLng1us*!;Q0MsGB{RYnV=C`X{byYvz z`M*n;S+V}>(I1~71>B_nzub7)T>qQnmyhfJOFWJB-#*?&{owav1g!|8dvgIoVm2-2 z6SC$REZf5=kI0}j`BZreLXhrnzpVwN=@hb}70iOdBo{Gq6nJr#!<(Az^e&BfEauL@ z?9ph!PEX(X;6&!#nbygjAgZ@?Pnaajh1CAw@XZ}j)NbaU@L+PE6Z2n)C&Bvo_DsR+ zGc;k}l8idryC-mw~F;U&v1_NTB`X*UA$6f_S+c@?z!jW<9Bau z1kLh*s%F8)YUMK`q~~%BF-pD1?%p{&!5B=4ho7{WQePE>626{c9+$I1CO4k(evrwE z7VdaVyo#ANFi`eckMSoE{+gyVixZwPb!Jm1OnOVFERBma?<>&FLxIj3Nfy zBPw6oRn;uhJ0zgH-)%^y_3k0Ts^}h{j^%l^0VnE(Ha zJomK!(L7hfQeP4aR8D@cWg^$dwZx)CkvsiRCO zm&dZ2EjL9jJwby^O`nBgif{;6p4-%i&GDJC;d-6o#bDL~Y)iUwZb0$24MV~P<9foww936kNyH}45aB0o&?Bj9^ z%Ql93dP)5%3r+JnfJukCahnF)48CD80?ad+@(fV_ourXHJF_{*CuBP)38K7G=N1%I zP7`KE>_lL1EN(4u!dd2QYI>g@aawc9FL}b|W~C)~_d|VNeU667c)fHais>S^+0bK_ zEn(Rq16nH0(uy{+d~ArEmPT5>)TI7 z*JNoGzv*O;^~$%|S*r$bwUZN&1>R@LvVrI>z=cEJId$5 zxN2vyAp33ujqja%Pjf_jyL;asoSmM&`ST5`bUwJ-xQ-8w-XEX-38$*&zi_uP?Z4mq z;o$h}#Qbx5cC>r?{hw)IZ6}Dkjc)Jw@XtE5h8M-{#`Wa%{r>w2`HpE!zl#}r5NODj z%V_+6+6?gR+1~p%Zw~fO-yfeHyxTu|fB5e7Plbz?=f)R9$LZnQgZCf)q}Z_D7KSrWefJ#`eRjle2g4_YcnA?Y_OmxFA1X$AI8HiXAFv z5eQ>8(RaJQqxbs{*PSzV;q?Hkx;r`A-TNK-gxG-gE^zS8hwuJObONrBt7+r$Ea?Bz zr~mxtOZk6|ceXZ~_djoMZ9MvaeUYd8pt`)|ws zTF|y=`nKdYPQ1^Zm{1HQ}2Mwn}G*xhH-+X9UyYJe1!ly%A zC8}=_=G$lYQ>dn*h3ywg-nQ))`L|EAD%MdYC#`Qz38Cmn;!;HMHmLYvkuz8%7M|G}&hfU6#W1*ykt-zhr+h zkopA$OIn%GH;BJ(Ccl7O(L;nC8+FVsJ9~}U<;sn^&DuK}&!vbuTQ?u>CS!aSmLCPH z&mobfe~0U`?cUK@y~{;prISdrm6%-))gtXC)8>cXn-a}Rt1Lmomh&8GUY>|*Xh*r* zc46<=yt$9Af|lN&`FV+JGEePg86sW3LjCzIW|!&iCCYR(m^FdFJ3ZZ;UguV*HOnhs z>V?RLHWd@L)Wb7d>2(IkzwfyM%)|;cuoqc%_9&EOcV}niBzhO3;vDvbNOcwL)h0TI z*m4jbtlDL6^o#D;x&}Q6xv{Mt1fx^G(JJ0cypyTbRf7qzG}p_0F6%v|EapWzA#dUG z<8~XZ{ca_|{*LtskDJ4*HnoP1Ih4slkLg&7lwN>|LvLgCE2Vn^ko^a`RpPu|p3qx8E%Wx99Yq z>lWXYtF3qPRxx&W9rw+g-IeUJy*IjT212bmSg4onkFWis&t$*k(>njR1paWR|F_8h zIDXl>|8@MB|NV zrPumPeInDHEtW<8Ena{0bbRrrYyE=_K0+IOBr>HX<=JQW1KpJWakRPFi2ojsHb#%@ z|4Td__y4Gg&rLSbgar~2? zy^`uwjSJOWM~o~`cW#N9iX_kRMCFqe7$C4Sm*SGg3}a4Hp7FFu9gl$A_b!&nUfhVz z%~}}A-QGw~-j|U7?)(tWiM|&~?{kSl(NR*&xjQE+KOY|LIa_4;uI>j?zOKAGs#ij4 zRjc2BG*$l`mwpWXXBPX^G9e#-cJDuAiq6={Qbjt!4>s&*EIK29PwPR2!WWk`c5177jpC42@ z!oRB+{BQeo?EgSaUsC?x8I7Cr|LEmo{`W8P+#+#ckBR_f@&{bmS9jmNzpw7yJ#}-~ zFX4WPTna5Bkxam$vDnAU=5)RQPA(QMeh7o>#4mds;bWskmf>UFQjp zxF#<|b|hK)!X6KW(9MfhCejy1i!udV473OE$aY2lS?}sSv}kZ=BJhV)8&h#+hN)O?7zUnSZ z!ZR1uU0ni4awb!*(CFia_No_)21#Z#tL9@P96k3^&scE3DduFxud$hL`87$zoJU}M zaa#yvyt$%^VESW7X5%s-TO$p^Umjjo0Qb$sTRxYNbt^I?3xxav@tn}9dI9Mk6xTv7 zv4QrGcjMTj8ZY6uBOL?VCGM|AoU&D>Ow+mmYBxYg0F)VGaFH)iUQ=ATMqY*+qrSo3W`4)vxHZ4n?)dA^Yqw1| zw%u1fD*6nsS1)=p&q$;rQi>wvk5=s;XY9CKc0FegQDStb>{W)>hY(A$H0W z^zI|ALke_dtt^)cUH!m|rlAjb#0`)?1z)Nf?_GZylwe?qqUU`wrSj8Kva z$w(y9T(Skr6u)H62mn|LE^n2ACKs{a%jS)}D9piT>SJ0x7hGoMAQKwjn$>n<^-3Z# zLeqF>i~QAKuDHfadP6(o4ylmp5Odf0af%|dm#m(!8a`I-T`ST2wb`=jSjJj)-IdB{ zf&8Ne0_HcwG<0y|F%em^tcF+{8m)UC!~WDYmQ}pJrByqoW_L#-W)5v4Gu6sgN1ubC zK05q*#o7gPfA6`2S&*hgAGZWn$`y&3W|3w-S*~J6G{X^u;*v?pV+M+sUFKH{9xWgx zBw5ht!sGe@A;$-Ac25uX&oJTB-?&kN_>438cQRwt@H4Z-LHe3f#bP3ICaD(EXJ&o8 z>=sCV)r;glK4cnQbvdX{6Q*;sBLZGSD*-s%lMA*aaZz5;jafj!L}eB>-WmZbx-_~} z(A}HCeI35+9daLgyG5fry}M%{H$%xZHk&*%x^DyvxaPWLcN>;naw#(4e3w*m^U+&l zpTUH-`&oUDU}fcL5X#)FSmEgK$Qz3htj#RO%Z#QxB2yY&7?mE5j%*S`$&hL7zdIqn z6ijmF6Lp_xcL2z7ddUe=Nyiv=dRu@MYk)VxXgwD%(jdxRZg;|)Yh1J2E1OjbPa7?o zEv2u)j#-0fjHV+hPMeW6%p%&CBKHM&IMFmK&U*R4nkjF5s&Kj$Zrpp>jKZ(CdWdB! z+_?9`8HHbO_N<((aHDVOU>a=l?)~Y(NvN-3KP+rl8M`uFeK>vtn4jU*#_)+}Gf9<} zMP&G@-_gC75WwGyma!v?r{9Y!05YFT8p9r(P^F!`|J0pRqbTRK(6@blYg8(bvZ&^8 z_PHcRvy)~^)>6bp#A47;Of%!JJ*dWgyJuIMAV*a@KN*MP9lx!%t>zGnNjv|YoLpyB;a5eqX@mqMm2JpQ}YFKk01BW{Qy^}o$o4o_R8ol87$)t zk+hX>Vx5$6mFuL8+Jn6^Tbd1{+$buQqyo5ix#GGyKG=PGupg$d0nPX|fXc3^5x)&h zEi5tH$vAIZaT01eSLaT3w{dKk=@`iAd@xWcT0{w%p%FCV&uHUZz$O> z1yfp`1CqQC2~W9stpz5HL8}ca_ITq8C}^e&+;W~O=SRY58dkQPIoFF~3T7M|-(g*h zqeK+(0DV~0aGHpz%?Uk(cFu5fs0G>hzRA_q9hVzmX?XJHWo7x=`V1umu-C`D>iWQ5 zovJgYj0j4Th{e?C$uu)Mf;8f9=~(lRcL&EOU}f}L9rd(&8(>Gh4CCw1YPFAFyjp<) z>XIn~Nt-@|az;_J(FmEMTzqRN`gXyWtDq>)Zw&pSdDf7KSAD0a`o1vQIx;?C$p)ZA zrA5rhxxJw89I{z^O>XxzX(h9IJ%3QvZOh7lhTw_PhU276OCAARoU(urT4-VL7r|W( zP8nM#smM579)OoH#9ZYGUE)q>1;V#j!~=Kh{>1U>>u|ftT@2pObAxrIS*EQ!j^!)O z_fbN5irmGf>Nytvdf4oN?FiY9Sy$lMV`oK+lG~QXq;sQ3`BKMc4R@={C}FFpg}7vi z5t@b9UrijobAO{|f9#v1Z_B-p#<8b^Z}yJOp-a(>xyF>YyP7@J^8?&P0UTkhU9Cct zizDb*i<@B|PdsLqOlnhRBOE&(j0YvSSJVkwGNr*RZM6+U-ilDS3d^0-za*prVim$E zNyHVCBp0!t>50rGjlk&71zrO|F9ip|81BoM8~Fr)F%@T&Cn%!W78v=Z;L%00G&qB> zmC}3%he#r8MBMu}0Lc;xs*lJF>406zDmk*qVA;5!CcoM~K*NQ43GzR00n}B$A|47ZkY?^1@CKt?qFx39ahCk2ZE4qc=huUOiwDEZLkZZFFz) z>|pPBo&3KAU6L>ipM#}PTxE%%aodZwj=yn#&ka$w$W422$YbrSd2Uey-~CQp>!W@i zUP`R{Zx4_dVM8{AWb{11FWFm2+kd_GXV}mj;RTt(NTKa)cO-tf9k>dI{sW$m$eD75P|#N-j6T(H|gOKM(yi z|5TBTre?@IBSOYZf=UF}w~&uhv#;fnMw&-VHBNOGEJ;JP7{USMnJIc!79BppRtJ&D zE?EXt`aCRIc;miYkfO{Cl%~;|?JF#ox17?b-1G=|`54}B7M(H*99J3*t4&uO*L4|; zGb^&FG+ucV-;_P<1xqYba9Rt@>jFb{a>*3zvVXKM#J}TX{eSikP7c3&_j@@1-0c6i zIocRC{eMPV+mHS~U*hTV|Ji4X&r#m`Arn^_IaI1(iu^x?vYF(~g5S6PK*+Se6Eq0| zBgW1JP4Gm=yQ&TZ1S}8j&f&0Eqv+++_0PH#D-8?`^#Sw@w{kD!{WknEC-M~rBm znXx)x! zP!~W*h2wJ(os&Yt(L+df6IIfLf7*rDQ8Lu*s@#u(cLN%ACyl0vi;}_=IMxPjdIA$t z<*J8^-P!Yk^M==SMpJff2N74TghB9=D2Q7n;QbOa4JvfC%6)8zjC`~boa460d$D*2 zmEd*`VkOlHRf^Lr%$Oct@e4kLC^9uXN~oR*nGSP0H)ONDv-5KNYHM@&{80w`cYCb- zhbH*nsgIlDKgQ#x{5RenJ^Futk;k3IK$Pf|Wf7CXpnhr-NOsBD)#@^T^f(@$`#pC3 zqbX*v`;U{~K?l4k|HIbHX8hO2*2~BIFJI*8*8hATq}_jay)xy#zI! z!rl@~6i<0V!3<_Zc`%JZkb=EF4g@kI=2^S)G9+MMBuh~Q8AGQwcUO1KgOF%(!Lrgm z-vsbr@5G)Vxt1qEaDIM1rD_q-D@9l&$zWhUitKfv28=2_7@NKZwSETJ&tM=5og4AY z=&6IjF9nm!Iz;UH^whFUT(hH80~EBgz<$8StP>} zsUc12zeGl_l+ihA^$TTG*Oa|B^XGpsn%0$&@#{4h-&*Y>ODRuYufcfN5Qp!~v@AtI z9ML%S!RdTI?Y@0es_Ll6Ef|={jgAcT;zl3TJ@THJWah^g#6d_^?&`B{r~lK5Mcg(aDuedOzwhnsOUmi zCS)U?ZO3$bW3V%$8-uN#+0I}(-q{*#PhY+Kn!VbY#jm!9(R{GExij7vZ;iLdXdVv; z(R4l`qwv*sI3D0pZ9quw-}m8XrdvTqIBnnZ3{^zs)_5c6!O%6}S28&9ST+KtYUe+d zY6zA9upxM)zX0<Q(%yvF3)vwGqTQ@|h4BB;ocm#(+W!BC*nhXS zw>KZ{zkk%z+W)P=p=nY8lhJdGO(-%x<18k*wIiUN#o1I~-KIQ}!kR^tbH?G>e4S`1 zifO{sLI@2nN+*9)Zzd$m6pvKsmUr37f+{j)EF;r`Cz^m5kP|U0O(a@~q!Vngm%&k& zeLH*(owfG9R7&(8cUlSfY7uqiW%J7|``(==@W0>$C8KM1VM# zMds}-UlG_{%q|ND1Xc7XsZWM^62q&4^R{vD7s|T9Xl!y7 z>IgW~whm@r|MdRD@!*Gpp9bF_93ObV*EYM|nIR2IX6(u=SdqnQ9X4lsLZBD}>uDKL zP}*1XoKb1d#T%1liZ%|YgTIp(FHU*>;>Co#;R;-N95Fb{{5gy>;mUdjf5>OPNY83DRg z>EII?340>_oN)nH(Y>LyQUP%L8vyp8)pXuh*oRirc?ss{KcC1sX0+(-x&pAermY8^m}~+d z%h3nyK>$3Qy%YKfy?SnsPEV6;R{G>a>H=dPF*(02?;2y}5Hshk(_SNcQ_XOPWx-C5B7 z3TDaUZ+7=Q5Bd8+YuddF-BwA6dun|mcpXZ03jS1;;rztqkEjCre_v?3(x#nvLEG?X z`26Sdp+$FvdYc%M!JP{*RUN*d_k@<*mfKor`|fWD^)d&zaW89J?tl*DF}i*jv9$6R zz7w>yn2*(vH=uPvpy$mt-+8Hh`27}CAGBp0YMJ1}`X?3Ftv$5?Z53(Ipxbti6Npp4 z2RfV3{`%XkNdf8ByYa5G=BF~02%_sT4MvBQdoO4qoAe!a2Y}Yz$$i)*-Xh&z7%eWb zcNSUrrUi#2Pxlpc8zQZ{OuUbime8&eZ91hI1E*VH^?}?Cx8pnRynWD?8*rag^Z5XO zBIlc1ukIw(G@xw@3k^Bp;ZS=Y8O+Zs(zD8J_+~8t&x^?MVzVqA4j?JH}!>7{vHFn`XztViPOiDU%IV;~Du*hm`Tllfh1yCbTrh zf(=g#Vzd1$3A+S44_d-rc$t=L4cN_JfYRB5_O3f`JASm)=1;3_u=jpGk@I&(FZ)Rp zBrPC#2IDr%)9nkdc^_Jv<89BTc&q7U`}O>9W$+4x3>MG8h}oZS(Y8Er+2b(TBDv@8 zP|t+WuK9`V#xY0e%FGPwB<7MuI$635xp6Jn@TqF1l;H^@=dr{@GE15!=l9xqYjH-M z#-z?GV!%YBPV<~enYOnTf8RF zBoIT6GFg2zmQ&mSEhO>lwQDN*Xsn;6Mh{R%-L6RnT^tocoN; zePG^zEyEMW;rIb?+i8F9vphR*zPmwu4{P%(Xj}H@PRsNCK)s)}xee_KCGAruNS@xN zNY3PKjk%x5`NsC$tj)KA)+s*S(AM>~+XH+LO=lIfE&FpnZc%Bw17a<-ceLc+0@_NY zT#4H|0}LAa#@1b|&24BKqHayT?E==7za5I|(B5?~(;{KAZT<4wG+fIohN&W|E@=sz}oO-jew} zc3ux!)IZv7Hj22o%{uUy`N<{JhKoofgXF?60pLBx6OC64l+fN)=k@L(4$Fj1b!a`h zbr%(DVM7M3GNu~02!hjbhQ2efg`mTn%lB78`|;*b$6pA#zQ7(T9r^#HQ2J?A0$R!Em& zXZ;QiQU8q&%eQcgTJK6+_ielLsCEwO)?deZojcjX^Sg;?My9OFKZs$q4WFn8FXXrvokmniY0$p9^ zN9Xd+tR}zfEc{>Du&8NiQ$fj@PmKz07i@NN zuy=fLdiHMjEzWi`y6oiO_{W3e`lm8*?8C{yal2+2K8De8wQm?bhQV?$L#GRtt)p~= znU)O`M^LRO*Nh>%DSWF&!Ck>y=~A*>gy}LCDdkzHleiJ13EHO}8T5wdT6)MZRFC`L0Q{v4G`UYW!f zbWsQbs=_zzQJS6TfwWS(j2ERVZ5N7SEip3Q^iN$rZ;$=#IwR1fiwK zO;g7d-WbjLyUYi^PU-cT1!F=sMx#;t{aMcBSuTYEXF|3{qk7c!dWlU>xHmF-o2j{i z_nGJRl@6HgxVqNCZo5XNH8h1;5@FgG^pcgunbH=>vR+pZ60UXZ{xHLN1`*F`M2&ze zS{nxvkSYJqLg|w3EG<1l3xbgvxqhk$=}H#5EXbp(e{lymd?Z-$o6ED8M`QXv$|#XGwp_LK8&>?h?dk1K=V<8EGE z(S%2ncg##>T}WJFs?pZVotK+Co5SapNoh8B_E!){X?Y#TNyFl1h4_+_vFltYyquv7 z{CDxGWvuA}{9G@YqzOiu4tQ1#aGgwThC0;-eLIosHoEM!&VW1A@m- z&TLVF13P>DiIgoRCigAWKj|?7=fnK~;wHeW(*a zk;sgYyj`O2D13NUm3i)XJu$KiHuX%gWVTM+4eVYKSP3kdg>zcW*|Rmn1Pyhst&{Qd z;69rU&GWOU9H1{g<6z6KAt3LPCKECql`nIuHIvzdJaK>4F9f008t}#ti8M8$zuk+1 z>U}oz$C@rL80ZKvOQnut_j7yG>^g~yG)FzmO%{e})Pe%7c^TueA)z1FgkDmffH}%g zj3tSt_<_POW~Iky&-Ka>56uXy*pOgB{tJTlS;RU?4OLAVFCn=mFtJuvJz&gJHWTtr zR)yPc#!twuO|Wmbh&jvbnND>z;eh7(07<0U6NBKST>8wY()Q57C~*d1=65;LQtpNv zip0yI2s@&bLJo2%GG>%>gACZ`UCKa8(6Wd2dLLfA2o(J5+_WOMN%)KrBf&8l2Ek!U z=RC7^|eh|wT^kUx;}r1>fi zw}Ji|dCv`%BqFOEV!TwHUQTih8V~1O2VarM-C8_s)B9H>9J*xZG|v%X8?cI~gJ7sc zBEx*?y|DwYzs#ss=FQ)G)<-2(cPGi53caxQ+VqZ#x@SS&VY%ZD*gRtFITsCrqw0*5 zyLe|CUTt*v*cUE3R9e^_n@50fDFs*VUe3&~2nk57%@^v?l(p{#OsNk2%h(M8T1H(v z1;u2()mf;$@eiWTBPOA|1Jz3ME(>$jVR`9Tb=De^-K@OWtCrk3vKfNCH9b$nlqMiO z03y%4jda_rPG;r~x@vr~SC!5QoWdvr$bwVJuSbTSu9q48+IVsoLx`I(`o^pzW@0Jt=S0BTa<24S7h$#pG-fd<`%6O|vo+r4-k>0Er@lP=g?WHdt?ago18mrFc zdFB>J+-SxT?1R?wQuI~>ZhdrNU} zVh{I(;88v>1-nsuR(JBu(=Oq=x9H0&_n()Cgy=s&eV=b=f8BQ!5YmmNb3t~jMbAS3 zNa?cr)02Bq`OMhWAWDNuGKCE3m3Znl$Epyqx1F2yTUus1TE(#hl{{~LP8z@8x#r8# z=+fX|g7;+*GR`BpX}3?Qh61chB!edhZvpI{qLWNYHuH*LA-lRGzM zxoOps_4&VZLw1bV&L5rE>$Z=J6U_60k>gYL2jqVpjkg>5-!{kNjmP|NU*dVvh;-R! zm+x~`GJ(?72F;iD(%+1u&l~I!G0Swagj5lD#S*$SK_2@=&=|ynyiAA|l7BdbXl2jq z*cz}>g{G`BRopsB=`~OJznHUUz(oM)bphuD82fWc6Ao8>LEa@!vxuQ3qvx$Pg4 z<@t!JCBVDn%HF6P64-YRY9kL`kbMkdyetx_x$S+278X1fQFCf}5K}EcgTCg#Ao32kl zjtjjAUXT+r$u%Xe>XJrMDCOcXZCW!kYk1$=k8L6gUJ!H=X=raLGg9K-;R&hV0tVNh z!Z{E1&E{o$2>!dnlhbu_w0BtDnu_5^Q`3($S__QTv;09mT7%W#4Wlx{BXp|C$7X486n9_+FEf5eC2U*Z{69`*5+vIasU4kPpAF$`uh5j7yNrX zcKt)Jm5~_2SfL*WGY0$ zXciEn7UJqm6;n5kGd`Q3V{<^rT#6!}khQ&16oqD#>B_5Pt*zBKo1wvhJ*&piuKBrj z*6cTbT@~py#I#2Ihgh5r9)VzeE40bRInE@GGkmLeuBP zCx*4P7AgGX{MY=H&6OuAp7xg6SJ2M97PKICUdkoG)dx^P(*dfD5UBy`^iN7p+A#ma z-P&kNxe$|ufNVk{s{mwKk+z`urtHvBA!b3SrP^KV8WoyUOS9*iGcQr9*2;G*nGFz> zwXWf+maltPPZcW4Vojr78!<-7H9a@;{gx37m1m-2S*-BhcrDh6$daXXLZB8| zE)9hiw;w$u8X)?=3INz5)G95b0@%jjwUg29eX5u%ki@kiu)bowK4f=7KY zH>69mH)&N#(`s4LR!p|n?oGfy$)&hnuG-R}K)BF4KQe#aG(Q>msX$gDEg;O3DhNz6 z-I&3_XP3pHAOA;Xh3`*KkI1pD;Ee}MteA`na`kYat2@Jf@)^Kq;#QCoZ~z!o3&Ly( zhGIS(zd>&x2MLH^Z{ub2{-^EH&iGOP{}RuW|23TQYzY2%0gD!btTnyB*8=cvabA~%XJqZG|6B`V z5fB1Z28^r`^3}5`RSbOizA8&UpO8-j!+0<&!Qr)_2=QE%GKL7y#|8^(R8~|DY0Cr=u`Tzg` diff --git a/assets/universal-crossplane/universal-crossplane-1.2.200100+up1.2.2-up.1.tgz b/assets/universal-crossplane/universal-crossplane-1.2.200100+up1.2.2-up.1.tgz deleted file mode 100644 index 8c7575ed537c9ae37eaa11aaa40afac5ebd730b4..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 11603 zcmV-ZEv(WXiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMZ%a^tr0AfB&>PtiX)smbJL(vq(^s*_WHkH_a^DjwT^+mlUd zHZ_4rNWw8mZ~)M@lFZgV$JSQu*L|*if_;Q7Tu6c!iIQx~o)h82j78kK8|X%((G8?A zxxtL1(DfPRJPA>Zw~oe$32%a;@Qa5?-EOzLzq_mc?{>S@|F?U+-7k8(-TmEz{q2L@ z?ibzO-p+pa3+O&b?=30i0hwj9Fu`fXKNsabpzWKDrpzm(4CX%4b(&b%sNXI5yRrCZ&TC@*`%P z(6|pbJqIO8{@d*k6#{#p2 z5suvvLxF@jAY3pqNM+kVhgMS_yb-eYFb%^A_%uq8AcGLYEfHf#6D}A=kyT+6Xo6!0 zfYX%ucoTe-AX$M9!KZPIeL><82%6LJD5PlsL&|_*6uN>$7y`t{1BzGxH-wV`35l3& zIshmRAVMS-h{QO6!6a)XgHwz#V8jXL0&dYnH9MeU3?vT74GB^dN-Ux@CSn2+js}=< z({Mo;F5w%bBn)JOgh9e+kot-|K8*#VAt-FQ2QQp4mE$@VBH{h5t<(TSs6%`?R9OZ? zx88_|aXLsjX0jO^3(u!fR%NSEUhVJu_^)`d?eC$kzk`O~;@}|Y{dI4zhqnFQ;9z%W z@YkK4!C$um>hrA#2Lx?}bVR)*9y!-|a!Xmj`;H5~q_g7!iH8hv!BStO3_C7x%x;K} zx#I##l92d{WgHg*B+vkHS;j~HSpGjq{c9|;R&))=1)9j(6h)2;BVT?&zv;%&t!g(U z12jMx6#Qf8xWEFL#dosOR(FUeh@oI0o4ZyYu4P$#&7FMsnZgQ3h=hF!4*mZu(gT#4 z^-b)1&I|^;sj^$Q`=4o|ezH*1RhQLa6!Y6#G`jffCP3N z5}^^6S_H!h4P<`d|L+)Xe8HhDLov3Bn`uJ8WMlfhd0AhD$W_^I2Mi*(*R%M z5c`6%KK%a45j4ciXe{zK8V-qEsnicA#3;b*Se93^O0X0=h>dhvCt>u41ei%E6Xai` z5$1h(|BK`JG#-*ss#~sSE8Nc0FucS*!$K)bE(FxS#%!Dp9ES~%{}#n)q#M`dGW`Sa zYmyv}MhuUTz`;?Na)H?e4Q2DDh)r#PNHrzNoss1g;>33V8ZiXOaRjK544_IhfHK(< zMkpg%;!u-p+RR>7R_IN%0MZA-z3k{hA@X{2ZYz{zj;L}K2DJ%wCy z<5$RZ@#^r%ngpw$Q>Dul5ekLL7|H%9iZskPmMUzJHQ+>8FybqOs#zOwLb#CHF1`~C z0gi77qp_UqaDy0;rImWgu>cY)g|(0!P)H)r*?{Ap4&R=i96KAjvE!nxACXjlHUNO5 zC<(E5jVIr!rLCvF9-f|EeSdu6{c!xV{=DsMz{T<9yOS%G?;8C`*Zy#gC+ahRD%^*T zZmUx&Y#ROW!|~5erMEjy2Brkhn&gTN?@1XcgN)>0|4wAG=eVZR#s(aYBvpP?s*2+n zy;e>)l#q89Cw=H-y9$&Luh4rXE1O-`_mm5{=;>eeGIA4ho{1oU1ha^6tpnqL2=!6W zYaHuELCa0kifih-YG_}znz9`u zl8m^w*s;ct3fCbS>C6BR($QNg)qyNKTV3Qrh$PwP06HUsDsMq=?H3kAVF4iJ{CGvF z;DVtf!7QI91MA~FNZci^U1imH42V*&)U3YcZxOr3A_#f_LH8t-41dfsr3Cy=n z&#sOyJ#i=Q(?`qxueWzlwf`P;4|dl3zg47H6G#~KF%C#P+Jp&B0Wl27_i>V0A$=Mp z;Y6D=1!fUfra+&@0Z}^&sflE3ZAg3^bIh&9G+zoh9g17Tuxko=V-bap^MC&5|AwnE zimz4gL&|`}Tp%U+8f~}#;r#x)3uFkC!PodBcv`yWUD_+RS1j7lxgq$r^K!8|a-r|M zgioKG|NFoG$A5>PX$n4yA*Q#P79qiA;OjkI&1(A}j&ppcR3l|nMN&uk{dWod!ca&c zzJxT<2Et51(W)O30{LV3TgmjQl&!zRAMjtDG=cOk$w79tLgI3zxG1wb{QmoFcq*C> zeEI~gs>u`N>*^QUjPIT1Uu7XRTsY)-QLNQ?&4IP+%91XP!^v}|KpaS1ia(#4_rGYD z{~yLUOfch~NR~GRw#fhP!R~%l{vYh`uI2wK((k`-eFHZn>Z>i~kc3!F68v2x$>NW3 zAHLc8^vQ8#G3SUz5se{40~~TkWyr}K;30`IboBQQxSu{bV;n{vA8+|%#6(|m28sPJ z4KQ@nrw(|U7mDxPSgcM=GhW6lWC)%0M6xm;-S6AHmO=fPJN}MWoZe!Pab8J&ZelfJD7gy_K?Bjk- z^i+VHKK?EIZ*P8<76xtnzrVjz=Kt;Oz3%>+|5uUb=Ko?U+jGLz^V2oct&^#Gc9|ku z&PF%q8O;jdLTQIRMXbDPXt3at(3Tl>K9LG6jd3jc<-Xe3xD~cCSI>sAQNAq$>w}K} zBK&VuTt-8@(Ai+y{%^Zi<^P@C?t1^Xl4N_;umSQtl!`HB>TWi~Fekq3W3OyU5?0(ND6mWEhWu9)~@ zj00sGC$cOVPPBF0Y|GM^d`xjTQCn9cAfT9o7$X6L38b9FBh})&H?M&XL9(Q)Pdp&k z?>%+ohZ3UBQVjgAJ{z*FeCB&zkC*b*#vre2b)=iQ!E8`ukFe+{xQ_HTB*e^RX{`Kz z82*?NhB@3K;g1zwA>qQZQd=%MMDQE})u3`#k*G={$+6YMK=B0pkVs;GOfj1P;Siw! z%We7n@Gm1KA?;*86at;K4e}|{lJb8*;()}X`IdoJ{cm@>BL8;}cGvQMC24v2|4L7R zCtC(+h%fNa9Qc{z?Wq_z0QCiIA$WN@_!ssw#}D0@*%2Q4K26Ob*FqG4LP*xPaGCY! zamRlV{iNoFQczxA2xJEcLTwPv2&|pP{GzE=iKp#e|3fWSAST&9Sjp zJ~Q^radA=tMq}mFjj#EZk~3l}<(Q3965uU@B3BA`?hYw)4PjiQDZ^cX{c%iu6uR_A z=HXj?jFj~{%v_y%J39v!dCWe)kzQ5jzM^20+h5iIL-7d1mvUI|HsMQskO2Mf=4jR} z*eI)4f~^8<`L|CC=k5&atihVIf`vvOI@SS)T~b5p6&?`q=~I7pS%F6I=~Kt*LwPM& zza>yowu;I(>%^pzGi?Q|HIVz3B*aZw*w9Sn6i2%RH8thu8>>o|2)Q{M;#SU*j5bGq z=$5-t(MF}u(gbJ%#2z8-VB+PzC3QGDuB&o8^K@h8IbtJwayRuTr$D_kImu<^TEn&8 za)!w~X=cyC!sn*kOl2!-cPZ%4C<>b!&8u0$y0<;seE!*|MfAUg4Sy!J+5dV6y{i4c z+g+dktt2hD|9cjOKidce?>n7eDh4Qc-@!LH7Tn}$(-XY!_zWX~JDbo+Rmg(;D^bR$ zP3QzT!~&}-b97*qhH4MDS!>F`b-%VoSTuq9%XD*MdY8C9%6`}mm~N5|LgKqVW@bIB z77$_f{ciLz%zrMm;1zA-SP&7aI0nZO`~TiD^>a##%KwE7e%;bIZLKLjQxM7SF```@2%rMSCST9-z(QJWNaa4MuS9X)&uS* z0K_E0eK`g z_R=jZqjQRYHvaGJ?^pSMXM64cxstTta-JC&T9}}1)qZNM*C|Vj@V{}d=dL#QM<{t1 z{eQ1||C`kR*Y@9)q(=TfQses;B~2orVZxXRac|8&>#1n@M=PS^Yr#l#&hU`jLFcAZ zK4$d<8oksD^xf!VI8QxUu2xwYL+7cj3YM!s^;j;GTKM1kxO^yZ>;Avy|JU2zS@Zu& zlCeL@sa~>0efs1$DuN0!XA~1qWioZ%Yx};%yomKRFKMxqDP_LoB@T;w^%_bSaas{h}1Z+pG}UrCxT{!0Z%9p5EL z#R=%B>MVFb#dCV~*r;-3Sb&Ep4FyXFZ~z!))VlfH%k)Y=Euffe&QLEq&Nv5nx>ZwFn?$bn)(TlpN6}aYt_8)SzgG-S8soZk(b)d?HsNOzG2)+|IR@Rf^V7k(ypK?K??4w$e^!++z zAUfZ4=EI=yUbSkEuu%VpgzG{eR|6j_jQ|Nib? z)&9G^zqjW9m86G=|9tK&UXLTSTtTvry0zBe(pHpO0p{8B3HmZ&bu4bdQ-5b+p2*aS z8=txDxgLmCbC{7SVKl;Gj8i4+6C}oc*fLE_D@5hEb-wL>+wDv#!hMF4V(&F2?5i45 zI|qH|m=bnqZG|+omkx@C8y-Qh2Bu!I>?G8PUTa)$4LiB%J8F#ZG(nseNG)NTcBJNv zKux*9V7T-_0x?$_dKZ{y3rr85bG5{Rkl*N{Y z`~2*+y2SqS{P5_wG_}=J68~T{D$jU;A;Do_l>UaCbF~6yORU!vuAX&%a(wvu_~OIy z$??(Eo3qn;_vN7b^4mQnp<~V7YdqP6FI9DW7B@c}Qk8ba#RAuOVxLQS`dq3Ko^61X z<#mU(HO&s%%WKgvjqqD#<|~g$B)@3_Zs`Z{?A|nRMo_zUzHZSHAk&N1mvrmZ9xu7^ zOOstHw_M;@{HS_33K1#I2VZ`uFZMH<%x|-{=Vp|M$!o&wmb1r$rZubcE26r1V`y5n zyvR)9RUwi6BvetT@=(<8RUR$XYPi9qy6X5pdZ+d{Y5x5`8zA2`j|;i#{U{vd%AIT7I#@FgwA=qG{@**@{dN53YEp%DtXJ&J zPE@kO%1$e1O{?c=TX^hKBZgw3-hJXczaTrN0>_(S$>acy1?0xKaP12$LOyW_d^yALv&)ijH9u%keiY(}^VNbUQ zbKS7PU%l_f3?5(3M__6TOC8MFxjN&*T)oYFaBm|e3ub$pF1mFHS=`Ar|J-r8v-tuR9S;S*gT;pDH zwIV}xFy6Fg@@tYDX4M0W+I+QsbTy$^8N9^==`$K`8QOPDr=bO%KDm0CN7-Q|mq8}O;8RP>DXb@rzw{}7iR1*O* z#jFbPRKBSqVsB42b@$7UZ3Qa>>$vzPQBs961e}crMIm!)(U@ev79W{m8ip1kgOr2< zNNiUVlcYLP7IG0Ypj04R(B%u>XDq}wp%lZ%H|wrol_L4~d(YgXi`QI|hcd~`f`WQF z5q`ROT^rRV$FkahPID`pJu{zX?P$!l!UJAyjz5nL5W=>kJ<=Rt8h=#q`LYtUpE+HhW zc-0aj>vT4kJrYZmFqVSGrExe}HD5I>fKSb2&t*+++>I}|jeX`^r=eXn+m(B5n)+GL zgE~`^%d%1e;c85{vjOU)SnUHMr6v;Y(;LiGLG29$D3)YrG+{*DSzNRSw__Y@b%4Yp zKx&oO$mkg5$K|dC&;I4i*MS5B9MW4TSvnBIkWW6fx6SU1R>COI!3TOXsP&%!268Jb zi&^7QicwJHAp!^omd3H95s3@WgTpX{hz8hu0)~wFQZ|;XT8SweDh&|FE*&y;~Y|oBmwmy~k6i=OWT{+liDqgAhN4?PO7FNgF0BvX{&>jXceQ9rI=O z(Wce{(&2O3c^9+gN%r9N?w^f#c(OUV#7@rCT40WTPJ6#%lB{YMSoa31{Q2PiA4~fG zEc6s?+x;KA-Rk>~``zvJ`_C&$3&(%V|48ifkK|iNzb(N3%f9|R$NP^5)%PEF_Im61 z-<6~Xc>npiU;kSXak;C$e&tpmlR9m}Vi!~wqBgfF$iX1jGaHD!Bon;O;C{LvQk zB~lCjXYco`*DjZR01rKO`7lhx6&hNYA(3t=iNG`i8Ae_Htl%@u6|{; z{`{I29*1@lO)pC;jU@4|(*b5N7FcbDlqogFvFMxDEtb>0=aC6v3m94C=E*E@%7vB# z>!}BSQT|`@3Ah&i-`=U+|FyHbvyT5>NivHgW$-orm@jN**gc=dg3<6?ZRCr%H|WTn zZ|CJ=b#OpL=jG$xCuYm0292cQNovF1wYR8^LBJfdRQC0i!|0t`Hja+w73Lz)I9xK)ix&yr#| z7UmscL$Yb$sHnU`#*v^6ygASusoX|n)Ta%|UgRqv#eq82!XHz@Z~#Nfz(--o?L))~ z9G<`N;F3lde#loC)1)5~919L1xyB%;nlC~~IR>H*1k|}U2AT@McgPpv#CR0oI7ldw zH3d~&n)W0FBXWadKx~vo+P($)!u%%iJ6Wb7WnYPhOz~b=Mr4}3)u8(BR08&z{wABU&_EW!}& zm1cHV)lkH&BU=#POAfDks2UDRpVv?+03TzhRKty@K99-&_m%(i>;v27fBpWi_5IJQ zNuSyNZ%%>ofZM=Fk|;F@mwP0#0nvG`eO!rDf2>XCibkXiZdu|_8K8NGXra3~A9n#* zR{qbW_?y%s|9AHes_*~qZEtti@_!ZSN#wus9A;QK3P+S-u&&es5<{AB!7z$!FXEDi zu^6KmZt;sinLKpt=osDLP2hABZn1XMp(z7;8<(r9_$cMpEym@JZ?SR!^FHH1nq_Qv z8}KfZ0gDE{%wrKN+@5ARKDC0;778;DDCKaN2LZ>#hH`>cs>Hk{VxvG>a=rxXA?c+3a7trSav%6b; z|9^jbcYXf9l2mbyYh2gVK+o_4mJ^_Pp=xhd*Dn0|T8sh>YmdI^{47BqQ|x3AsJ7<> z0ser&{w|Jv`~K8t#-@*!7UKVfUVSK13;*x$?pF8zJKJmf?`qPM+kcmRPvYTBy!H1T zdh; zZsucD%9A<$t*z$eImW*Do^nwkc%{TSWdiicd9 zd=^0ioR_b?g|GovXRpt`j?x=6eA$QBgzNVmr0k~*F%nLIli0_FB|W?2B*X$MOM@{z zs12^Op=>pB7Ahlzo~~ea^h%Q^`pHl+#td&7^GbxSmBk)&bfA;+Gx zVWW=%5@XKKWzoK!1uzyO`6m{YuK?U1V>t@nUtOJFRx{1JL$cw?Z?()~a7sDKB7(x# zI7E|6?9({leb_6P5hTJi71Od4%m@vp9&z!&zkl(G)yD>Ry}E4W(OA{`BiiKv{k7hAvC9|a+Mr8H_qa4(g(p(+|p5# zv~KJv_gt-wpULIKObkTmqfnz0x!*U9E!_Z*XU)A^EY3vjMltui)KJ=Ta5X<|^HTvEIXt zwmWQ@tS0)Vc({COoXvESKUl=leVoT0f@06o!}{?& zh?n$~Tfjxm8kEWr*L{x5r-=sbaR!;KsLKA$%IdmjC#iWKdtZ*13@WXN<{< zs(@|hzjgor_5Ba4N>6_NQ@wO%_2)k2lb*%STy`}CmR-=b%_(|YDG(cBQL_U!SpYS{ zV<8g$4E?{CyaKA#|D#up|J?0$*ZaSfq-V$fb6z_2aAM$3V(6KY7UF*q@_GEds;QO# zyS4jYdV6dBUrBmS{6EEytjR>ZB(Ilz#s1ukZ&C~Y-;F+o%U=7Ir#AlI+pF?__h5bh z(`wQZ_rED8k;?UN@>}bzZ?e#|OW%I78d&DeH`VqWSH3mFP}cLCVOjjbw;D`OJ=hIt z9{yj_?K4kp=RZ5$s{Y^G-CN)Pypr?~u9%iUm`@eg3^wP6d@d0FpaImgR7 z)!-TUT|T(yW!9V$hWW94-RV;1xA|OJWvVWhvpl=3YR!&ajXqZm9#^WN=?+)98^JU$ zF>TkeJq{{fV&Bf^C03av3akhVMttt!SbKR@y!12xrqE0fy5Dw79aY@;>YlB+`{{R< zBaT`)nw?BDuh+)nWiQeuL|5SRX!mm;m&X=|$IJ7>qet_4)F+-G|Ewn6=P2fJ^}dBvu<7S8&BrkI zO5Ao1^VCE1sA&QIU*hEto!a<+yI1A^?Va`c&uY>G9K}4875xV#gyTP=%e-gr&l@u>FwaNud86m8&R9ELCo=|Ed) zNj%yFhC?LC4OY=K)^`*K&IZJIq+Ra6P8c4NI~?d6`Tpaj2WN3O0UE2C5+q14gOJ47 zbG+A=A1(!D*x7(18bvgQACE2}AdEZSh=?uquLj@o2EVZ_^>6lJJlc}~WIy>$yj3(b zK>l@_sIxEbeB<%k#QDY>pljzFPeh6H&3|(?;77y=O*y=Ieasy%Vf0_v7mh~)jJ9++ zM*sCW3baQ4M@ix`jDiSzQE>l0+RlHv`}!^J$d9y4A!J zFE_zQiHby^!~DJHcqFA}hBq9AGz~0(qRv7=^AN5rzQq@qi*0zzyMKKtduW zN=`zAh&IZr*aOqN!B~tjV8jXL0&dYnwKqHU7!6YWfORRZn|qG4Atj}aZwXz;`I)9FU?K~{RO6w_!-S@+dD5uB^4Q0< z_B`hwGz_VJ^qvcxa2R0qo6ga!xfxFu)`je*B^sQD*mIno2XAy}dr{=%jpO`9B6CZ^ zFpocp&@~30GAtW3&()8yUCX+kZ-9r?l$2y7af&^7GgKc`gX*?hE7}Zb3}cO)X{Flw zrfvWg)oy1d2Mu zssVohAM2vdwg)G4q=Ij1GeI|&CZM{6kd85&R?Cq zJAM7(@aX95-RYI-<1c4yQ#K#!j#4f$MRDHU`@{1$I!t#4mZpy_j)k1K+yrjF>^}gU z;OYSA@4h@dfAit$?1$r11Nx2!M=ELv5M1JL=zdSRy1v+Om2!)#L11`J&tW74^2hMy z(b?(M#o5V+^OM8VV|8Fuhtc%9>t&HlYJ%v?80f%=5ECesFnptw7|B(DIQ%+2*!ovU z;{Y@GwKT%N0@ttHKlQ4$P7jqD^}mlP=IYkVrH_0{X}12?+d0^;#DDkpclOuz-<70% zsQb=FWwk7YNINdvAV#DDlzZeh$c@Y})KVsU>#nbFfN=n{VJJbI-%=Jh00HJcBTA*{ z!<7|m~3LllqR*?CT;M=@Txmn1xhJqwB zO6Q0UC=D@+ZDg~_!N>IW15XDT!+jvbnYaU3h0UZXFby#ZFgp(Qa;%K72F!+>64ISx zh+O^V95dGefE7%rc?QO&RcIA!XLD4*g;Tk{kDUbdS-m zIIh_UHDy&M^Ibyu?BO+y>OcP=Y9Qs)dYQ_?Kun1Q-_3tlME)7a9#QZA~J+-gX@*`=COcQ+PS{GcEr z@uvMnYNpx@X?;{rb>xtk=b)!9kqXS_rP0cAp>r693#^87k14+<$zlF>l>PqGw9##; zQJ%wRiBPX;)1gs1lzpoCt*Qr{!`aGnt`Fp9$gAwF3NJgmb1WsHo>ju`gm8sfb~R3Z z{%0F0m6g2!)B_!91uu>RA^>st`S9(@i(I%5FxRiCNJ8Pe1T%tTAA3$si>R-{8CeY0 zyu3b@XwZP})ci)AOG5qmA#SZx30>a@fjwn-iLd6iFI})W4q+FK1rD+(zK$~GB z600ma1TiLDd-v;e4gFP4s7SY^I_6-`UvvmfX1FbHtEVX6h49^bOFAWiViR*J@icZ* zDQ9I@$R;S0m>cRekj_vm!YJk@G(aD*46r(THy3P0$&hDv2Ali0QjUjdsM-wh4Gw7{ zm%1qgSP0wX#-EC6mRH78T|7$l)yLGzQib3_mTq zQL|G8AfkcZSjwJfZd0n_PFGmg^doD3UZO4|&@3_66yash->LbHyJa;Q9%5UZ4V9i_ z>e7W-L)3U>eL?G~`SVP(%>1cuepqC_RcdC~yrNWa!BCRS+!+q6Vl!}SD>e^`Hbe_y zSgKgD|2Llh+~_d435r5bM9W?JV5JuSpS|wxZuR_U?_mA@&q`8^B7Am(86yGiL&vua zU5@=Aj#D?os{0KKGpFO|s9yb&jtSuHTYE^$fk)0>H0r}wUmabXU0&)F?yJLpe)W|D zkXTW?Z-%E-oHNXEEF34M0nV;;=)>=y96>{D9_UlQ(NMi*I8i^GvMs_0UKPKpva_9# zgg8_6`|$o3$0@OUJ-aFN+J%7n*O-mdf#X;k%f4bvNxEF{Pv2@1#Mnn_2JH2= z-x9OK!F+bv?Y;fC#Bn(GQw0Kz1-=vI9$6Y6@^>7wKJ4%9?QCbC%(a}^Hx!2S_MDL$ z65x8mft>7wJ0OT8qKI|#vk{iE5Cd*d1 zDmqoVToIvAn2c4707WKl*=QhH1CG%(WM(yMBj0=DJHZg(_=YeVE0b2X%Bl@G$0C3J zv``4Gt4W*Ev!NS1F53DLF|HrX;3!H$>|Nu@cWRmIsjr8pXII}JUwA(p z|Exc6I~#CueEII=O66w(%)0i6YdkUUSg68%=;*dOrNXAs4?i6L+*EqI<78k;@T^I$ z*zlf|kuoSZM*bU-$)4kyP8%CW_0-Y(j+0&8t8eRlcX85(PUa?t65Fv&var>3qVit!o1rD^VqU^b@H;|b&Y9nXP9RyrQDDzylgsOM9a%)=9`)a=9~3Xs^Iy` zIb-cC-TAD9zQvR^wgjW`_RS{3D5~}zK(8@!IaGT49H7_VW-&M%{`2_sYB?kp08`GB zl2V^d7h5-<2aUVLwX4{eygEC(y1cqLJU>6acyxpYL}_1Yn&0xbh+SimgviHJh7^FH zNa`7f7pHwdEbgOQ-X|#P_y1=68b7>w{r5hjA>R7i#o38=I{f?R7}l^(>$Fbmv`#JQ R{{;X5|Nm!o3myPw0RR?YIg$VX diff --git a/assets/universal-crossplane/universal-crossplane-1.2.200100.tgz b/assets/universal-crossplane/universal-crossplane-1.2.200100.tgz deleted file mode 100755 index e0f4ceb701bcf5a4c29e6511338c0e73f81eff94..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 11597 zcmV-TEwa)diwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKDJa^p7gVE$b`MgQcaCX+L1$)8!(X6rm2?`A3<+h==nNzJ7u z5D7_GlLQ9wq?&o_+!Q*zPcOeMx)UUq%pa{ zjHA%?8Ra|)QH-~a#)t`Tf}-$?he+LSx4XZ)tN!nHyVd`B%wH_0trH6-gf|eBv434o{xkGu}A2ZkC`At zf`dLJh=~}p#$o}Hb7$hlD8hYsmkekc2kVD2-L2=(>FEGXdXcR!uK1i~{|U%cQzheP5M6atO~W(gx4 zyCa4I33EWWU}TWWwt)_r&pu>fueCj$}^G1+tg zP#i#nNGuSEaR7r!)=CDa7-PVQ6U+tNqKRsDK*bnH9FQ9lq$reFL}^UK1R@*_Fyp4- zf-qddH%Lhs$OZ|6gwY`N6?uFb3r0gw*m4hEIAbcubu2`}`&(P70f~LD2i_-d+!F`@6xx?#|$^ zJ3E8FZUxlmTM-Tj+6w82dPzKTuJPoSvViv;7ko))#|07(8RCMazDOB%T;Q195Fc~L z1(YNq@fFKBE(A!R0phZZkNmOxe~|juSY)l}8jcGzk+ms`92Z8u{DOYdjiX!DZb$}b zfHElf$Ix+s1u~28WTma{5Kj<8!9X^5tv+1KviO=i`S3G^6^;-I`w|@bpDoe@l$rHS z?0e1(2E3`VTes^xwfI`6d!|Nyx`0TS48NQ6dMY7q=4loLVO zqz~4#@@*YJppjh1r6_R#k~9p@X-ND@AKna4sW@kt<5)OOOapw0L+lI6`tbWFN6-*6 zqp`@}XgDNtrBXkf5TgLIV_9CwD#23hAU4uvorKXF5@05wOpt$#Mws{E{V$H=(|AZm zscyNRt#CU}!|)RO3=5?!xe!qQ8nbaaa2z&3{#z8Ik#1a*%k&SxuSs$^8ZkUV0tZK7 z$^~W@G?dMoA~v-FBGr^6cSe?1h!fudXv7d8#}S}LGJq=40Lo-b7@>@a$x(5?SA-)q>U+KIw?rZJF~xj#+3mgkx5RNc_EQCd zT=nlnxkr}9hx{GKtPlHpdpq0Nr++e-Wp04KlU6Nz~r_7rl-jb9U zs-baJv7&;O8+W6Rp=>%|ILk|Cw&#(>bXB!xcDYRYzuNHXHyV#gXoDqM$T zq%#9NNJnp}R0p!`Y;}Q|uCi)821F@XYF6L!w}@S1k%Y*{Q^pa1ph&6}hZm=PKrHT~Tiz!q>i7S4 zcyx63?)2)zo7aEuGaBNpzg?W29Dg`He0%)&^*-*;ni}_i0!K-R1m;_(XIICUp12eD z>7!-;*V{YTt?d5}y8GMf{og9ms|h5G`WOc!9&N&erhpg*ys?Nv$N9hi>;J&j7{%AB_aS9K zVlI%9e2uo-|8Rc)-32lP%HV7K5j-v3^Dga`+bb4r=-d!|+j+TI9l6kVUc#qO&j0)0 z|MP#q&ol)e#SqimOpB0UGw}7Eu4c9U563yaQ>u|Nsv@bQ{QkRyeqksi5MM%?XaixU zplH<(34#1E{Hl`F2$cu&HG=p%l{8!9444? zPbABm0$b#N_h5IwD*q4mcGmKL73ufix4wZJ67|)Va!5ifCJFv7l4SA6xDVfKefs1$ zvY2y3qlm^3q5%%MqcY@V4)Bn~7&`iU2i#AeoG}g~kB_(fF=C=GIfKN0mQe_i z%?rhMZY)+OrWr3|7BU1+pGY6(XMQpdC5d;P4ls+cz+5gg`3Z&O#9Ea<;A2V!F7seR zD|!PRxPwW*#L}1g45(6HlO{8_O(jkhJGZfGy*ak2BEJ|~)QhWiGWK!5CVDDBP9Ogk z{rd%YG|`Ya8xs$4Pg#TW<5Hcn(& zGMs4ZxY?GaG5MI{aH6)ZL_k0>2Qfwh1`|j*iASo%cW+(;9fD*@SD$!5uHSp=$PXn% zouwG~U41rWTlviQydE#*tBpZk*Xl?&bA#ES$R1(QQE(mUZAgfj%hFi+|1kV9B@A=8 zMZzB|yh6f-Wu>-Ubco%g+Eb^Frej~lA&V5C}Cbz$=0fyochA-u?-fhB{`XB-N-_6miTd+}9uLN5K z*z#|m7S7!n)>(r!X9Ww5K6I=D4!fj=)GIt7;M1r6?6Lxl;M1p$)raz0uzpLRq-+(H zZ`O%PC1=_SSZg5nElG%*vaq3<$|;U^32JJ}&o@?;ED>^ZHpH!*B^hmw{?ILVqoR#U zpQQ=V1c*IC+QG!jeM{_T+BrQBHw+XL6Fu%C&}Tz2yv(dD6_D zgN4scxtYpV)b3KypHUPxH=0+ogmrIww)y+uXk{;KL1-u zT5$jOEDV3P5enXSI=@s5Q1HHkZ*VNQ$p_8hR1^HK^j8B`;32=x7 zR#oQcz$^{b9&WSNl!5DhZH=&K0`-^a=EU?aaeb8iupKbnBprmrcYVyvdR8qU!tDFq z=wq1wTx!89+QzXUB2;klopl$3mN`QYPJ7u@7B(LcGmmouXBhfj-Lvjb5n@;(d)e~s+ zQZLYVqmSV{^<=qPWn~PVr?x6suKv_xxlC%|f9vD&p}?*C|C;|_Z+m;q|0_wx{v@Y* z$rknLljEoeD#)BsOhA>%)OoM%`xf&e*4MnG#Zsn}`I477Ebi57C|$&HNyvUk2e@1a zB}iR?NHF(gZc+HDDg3`0yJYB)4x z5=^740^*QzeGh65tyWVSU^cO-Sw9IQu^2+-BsKrlx=m?hL zj`3iD_rEx<>pH6-ecxQ$HwCiiIWnrJ5@ESd6G=upQf_JbJCz_d6T(*V8gxN>5II)h znhV;0$k7fiLH4I|%hA_?Di@-9`zRs!PT*KsPl|)-N{@cZ1&y+gYDv=f>y&}$eAAf^ zgTi~&sy)I&{T~vp|G3SepM~9=9opwZ^MG9@OldH6=hvg!*Gi|d-S&=(UQE9UuQyf1 zx3m#$&WTXax0!w}_>{7M#1)T)>cq&*Z5nvRFZYG;whHT0FGTC~Bxx!AZ$T%pw*B8h zE&hLZXMO&=n)K-LpU+(le5^RqMn|%#Ze(qQo5O2tISD>L|1TT;*~yL(mp@Am%g zn*Udl9wPqpxwCjZj?{7m$v*1VT7yelQECO4XU`|-%Y@ajxCKxBorQTKQ!8$K=C9ZmE+d=w)<_jGo=Xk8A^)1*OaiYYDn!I^qpf$ z*rBx*($ro$C>m~f1i>1Zdd0GnP$PP+alJL{`v@Kw>U4Z42_J zPi}?G^T#bVyvtDwS}Yov8s{3v)Aep z`^)pgqvO)lR!>R%gVCrw;{k>Qhk;T08*ftCvq%f()|Y1Q%~Glf@$ zMD~+VMWM<=QNLGtv{b9%29x%Ft#_x2GUdmpYQ5TZmg+Qn+R9RUi^r~N-Q}fQ`g-b} z+T*18_y25weAhfKTFXRl;!vEX*J5~R$y`9~)|Hn$wT>QTZ-goW! z^*nj~soV#e+ArO%+j8_i<;;J<)A-t ztTUx*&xLf=!<+qee@7004Y(R(xOjDVls^?2p$Uu_iiLXjiSzt|?3fA|qZ@PeHP+9B zHq6lFakDTQkT`g#rp*cU+^#dv$rEFxcjVlE{cm>$Xj%Vz-Cnn{{_pRv-+x<8dgS$g zVJCslK@E6xkAX4~=5`;bkZvBIfqU#6*6H6NEh+yOat3LU|9kt}wf$dje|IhaSCJN$ z|MzziSyseX>pc(m5sP3C=t@$@b?sO3XnrM4#C|qTCd>JlG+@;1Sn^mW^%4Nvcg6N} zc;I98vKz(1XX|n&Y&dx8(eu5Iw%a>codZQ>Sn3WGQ`Q1Km8A5j4~q+~nQGrn5sb5H zH#ibZcjT}eUDm0?_DQn$vEMaGhxRjxN14)(JDWdqSCM&8oZ>68pu2`W-5$(!!v=r# zz8f=md^sP1sVyvZbZ@t|jPJm-`u7HAF`t6Qnr$#V$=%pX?*Fnkl5K15)Sck${oi(X zzjpuQL2rBQ|G$#7g7g2yZGb3@CsO>?4Oiz<*<-BG6)KiWsEzH z=QO>>W530t%l+aM&+v?}*i?u4oBE{wmzjM>DHrC%KX+DGwtPHH<;+sTC70M8BHXam(%&A3VlKonIWQJ)NT8Io%5(*%(T}@1q z>O@({Ma+OwfowsSFLgh!I>Ed;5 zRGS>jY6CjWt!(zpe44eRL9<;*C4A;9hlF+IOGeh|qH9IAQaBsStQGSL{n_l2!;U7v zF^1bQ@yFIO0r*bgJxGPpkz{!(7^C+7o7b8-X}OkbPbDE5_F@ZdVxGB#kg(!aONgw~ z*RbC^b zW0W74yB0kAmor}n5)5!iZ=q!AKnz1Z`PAMvyE9q|qd*5A=*^(ke*zfDt*|U+jYla) zL6L_DARJg4$C5@QE<6to!w@1GVDAYSGUiL!Sh8v*rfjG*KpeYt*j)Y@GjTrPdXu$c zX0G*aY0z!@bB*^NPobWRNYia6QtAvs{1~>AMXe=mn5@WNGSf8jGz)gjm)S>~S_?>r z&uQmf%$6tFgV(!%HsayQ=I9bTIa6zaIr=&6{fbGls$F2+8>sTHo9PQ?PCK zf9!Uv??3K$d+Ya~SCSTv|Cs-g*ykU~w~l^Wfd7|${dtb}9}lYUKkn>x*YUqANe}S; z^K-xcw<6+lSAG4;t#Zt$e(O7yPdAAJe76Z-YK6^q>uzew_Tn}*s;l{aLdoTbxIRu+DmQP^9o%3%4+@jH7z_2 z?IxODmR1@`;$5c$%wjCC+6*aEYK&viH?3PNr+d#M6T%iSvdGPoS>TilEeF<95B{S3 zzvL5eE&RW|Q@j6bXLoxY|GkoA7Dvk9Yy2@^*vzndK8*#V;knw#7jbXUkvrec%f;&8 zfQZh^$GuO?mQ4*BNyC%WhP`WVQ5%DRIcBNs>nn#V#W`ywSKYNCOGu&Mn%B#8k=*7p z!s5}bK2@@~B$Demjgg?$z1bttDCL;(D((dscpBw03FL<~4N7pU8kL?U#c(XlJHm!! z)4)+td4-H4K^u5;pgB^xjmW4^8<4%oS3rsbb*hCwri9@DhLnMi!jRjCh!Z$Gf8)U= zjWGO>uP~-bKO{I7971x9K~6PagphI!L>&mIb8QSX6@c%MFT#oOD8O-$P$Fvzs=74o zNeD*d2FHNdD2=pz3-pEgP2hL3Ohd}P5)YZ;y|9ePG<&N-_1&oi>`fV`fA=eUA2cny z{%1!lStQ^reV}Fi@5#K1{cmq)9sjqI^d#&5s^bY8PBs=<6lmG84|L55Uw#)ze{a@?*pI4JUv;E(k z0_6d>fsZ6nY7j2>NMr+|^IZG55~==Jo6Z%DNEzI+#Gf)i^A6EMcXK}O0k=_cG_?WjXj2J|*AS5@&*%B@?B%N^fh$BFWpBRJv-HqcKQxBGy?WF8;i6$q1iM6a$$zEmOn zOytXwVYrVWTFi%MBTW=MD>v)RofgyowX}0pDOb>I9J|`bY344V&Hrb2xBCA7{`SuL z{C_2>;vCnwuBm~Z;Rh@yK=VS?-mI=&`17?G1sc{Kebf0_f?*DhT*Y@Alq$jukF8iLu!qG7dA_04 zL!--}-P1nI@!CT5(SpUg$Zr+4A0}ve9H8AiS-T3k$&b;uN7XkMro6f^rIRU_@@E9JvdrD~|6sKAR=-R`g2TX^|1{*B zt5;?+!Rl4UYt}OjHbXZ*)=+y7VY*bQy@(){oKk+msGvR#`*3x1Zsjz-_|W()f(AG* zUwaE-1Fp_qpM4#rH)!~>53dQ=?>k7@PZ?q)oB$`Wj|)qBcE?GG1y+^@V|q{0cw?putoz(CSf{K4w{zYeFA(x4WfGp6|H}AhjAOLSE}`J~ZwH#8Q@mBGE*O zClode9}zgJO`U5jDcvv*nn`rdpTq#L(EfkXz#o%Z_WwKkJH2ZBUw3;Q|GSd(Wd6S! z@LzF$;flEgI=_3RX;!*g2QA*<&Q3$}V;5%wZk1obyPwXbDx%F*x(8#uhZ}8o*eaRs zfy6_~B7GXS=xN zi<~tml_ReE9G6cM4cg-jGFwrV{hOKJ*#J)Uy=hrRWd%@o4#K%P)H~9$h3feMK8j_> z#pQ(h-ZHh}T8Vtn+RCEcSeaa_2i=DabY6vX5plh2`^tMtUHo~H22W+wcYJ|r^B>Wlr ze=m6jRIC3-uNwck+dWwC|5lQo9skdH>D0rCfj^0%XG&U#|3%2>@%O5xR{rnS?tkg+ zuK9l@={fQL6hE>i6ZMk3Uh)7#^e@VB` zJhh$w>~yR8e{XkpegE@H(nGjnS^{A{Ra`UJoE!4RTrcZQKeXp%y@%x-FY8o;XW)1F z;GUORb4nQI$MSWjOPSy1b7_^Sx?Ilk?6RsgJ9ahtTs3%HsfMOIT;*;A)4asAUB~t~ zsCbEeJD-xZ9tkko(&ZTa*XJnE z8u=e3iOVnwBJ4%M{rhM;|LN}USNZ>7e|`V|O40_r)9w|`7khpE?x*vYj?-QS2#5Ek z*bDy4*J|tB-^v__JVIXr9S(_4PzX2{m?eyG?2Z@;Fa(4PMh2;p40H(Zi{^`_N;h}C z^x%zn!PRAB6BVsAyidXKR_3$o`Ivjws_ z!XRNZNc98OrMPbHInIWZls3L4bRFksnyP?_EDTePhbj*fnzH6eqXNrgAJ^LRoPW?T zr25f&E^xwOfYon0N3-T;JXu&5vYVD@a2jIIae5xS(V^`{k&`!$^B0NCEeXRs{v<-z z7wdlg9#T_Ml99wI_TbG>eNYXm+itCBGoUeyHFBnvYU`W2H5BW} zIGOw2fG&r_hT}E$)nh%X<>}LKE1*8#@JY02`~iHd zi#ppLoY0X9zNyUw-B_A{>JmaaA~Cpb!l+zazhfx&$C!cZ8dK7DU%oqkb@uM`^@qcw zqqBFXSEi4@oUu*We5gB0xx^I3d3Wy*&)?`U-5FS#KDIa(a^i9mxc##K0C0k<1E9bA z^6>o4hpV$6j!zBfJ02XVs3AabiNm4$J>}~9V#8I+Ev^QE;W<5rkr2oq!Ar&kwe zCm+sF4o{EOfl(bs)9bF6MKY-gqAz2h10zCApj5)}jZ$JHR{`Si>-1pjUm=YH%;4A3 z2>%LPzjFW7tJXR_RBF`!KBkzfTQ8SB@+qa+`d@G7V80Uo-P_;UTibtElJcSMI~$eN zvJ@iixNw6QkqS`mk=r0QGQ&_yne45*zP#S>ON!nEQ+ z&?+ZiJE;;zC?jHW6e7+~v&+p4rJ6I#ggQ56z?X%TS-(2;ixEg}+~d(bM!({?W+T*; zRhi6p3FWhg*EEtpb~26MwQ(VSc7&3NXzAvv@}!)%h>XZffg)x4I>IdYlUm&Hx#&vj*~&7WDzj6J^7 zmzgp|cp+rw(OaDr_s7i9HA@ydLYEIqVSX}Xgf{4VM_7|y{ zYBQwuQ9ad>Lt>tTp1MRTFq@Y~E6at>VHhs38qPhY{F)?(`P)(U`%lwGx1~mT4xc4L zy{1ivM(I%Ysphw;9&iq4E6=$;keeZ|vbQR{?Cj35l!SU#3A+=*6=vDhIQjXXZKPCI z_5x53bfgu$I1Y#a#Np?|wD~|aq=5JArTQJrFeRYGE-lY z-!OzSQ;lAd5m;4(H$#YUK+*^ZhqpMQOx+0;Lxk=~ltz$pS^AcyVE_YdhK)$9vgi=R zm~idgug^8~S2>{~-InT@gE@cEAvBrcw!E#LqI?&^ckeCflmv=R%&ElF*iEIJm0cm5 zpiE+JsMA0?L#+s-n48c5eZ(@r>g?TIuoWdkp4}O2?%zr|9;TscGr%`Eq={VWrVwBu zY?B**Dymst8BcZbDAiXVpJT=e7dRF_Ds+xQL?UxpnKDu#eN0y&gqEmktuS*zk-HH6nP!>!Q{Vis$b75R%&>Vyso;X4B$>H099YF>;MP`b9u#ee7Q(Ppv10#k zJpZ}TVQ>=^g`S9(yY#_IE&e}y-QC^l`On_|`u(4kq!>l`>;^MN0^Em=ZyCBA`#~J1 zZiZF&8y03x$I(%}`XwC`z}vU>kd_0FoV{q&hp)amx;VSM)F<3mhyVQQD+eI4qIlm7 zPpLR(nB!PDPD}%wUFpz=-#J0S^irt0_M z{V$GFV)uG>Q|Pq|0rjsj8>a)uu{M@{#h8+Gx!|9^)wFDO_ESVv%R^s_C@Ecg~OsqutX!W`~3M z?6TW?`)`TkaO|fF1R4u`C(1ptG(P0-IA(p=-`m^S&OVuIIkRsl4C(DTBR3?(BYez# zq@S@UVGS^dI4^PjozCXV3emMSFf8KUB z;Ntl5-N}{8&jOfr?GM*@V&1V(h5OLaZFNe8O`{)vIR3e*^mfO|z?9%wlU%XkJt-q) zP;QL;HzJcg$2FZcHjL`2qxT&rySi83*8A?_qz|3UO$;TrW1D1U>%}R#0P0`$GPxIk zp5ldhw-4sAW%KIfWy9+l)85W7&s0jeAys(UbiRm|m(k2OH4n@;>!(z~^ObYP+F82u zSqXiMDQj#AM&s?9O@vWY?LB~AW8`wE^!7PGufNS=a5((u@#)oaNGt%RoF^rvKASGK zZaxnhcZq9Pu`zjdc6N1nb#Zupethxh2n~qRzSK0oLIql_g4 diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/.helmignore b/charts/ambassador/ambassador/6.7.1100+up6.7.11/.helmignore deleted file mode 100644 index a0482efdf..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ -OWNERS diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/CHANGELOG.md b/charts/ambassador/ambassador/6.7.1100+up6.7.11/CHANGELOG.md deleted file mode 100644 index 199e56fee..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/CHANGELOG.md +++ /dev/null @@ -1,528 +0,0 @@ -# Change Log - -This file documents all notable changes to Ambassador Helm Chart. The release -numbering uses [semantic versioning](http://semver.org). - -## Next Release - -(no changes yet) - -## v6.7.11 - -- Update Ambassador API Gateway chart image to version v1.13.8: [CHANGELOG](https://github.com/emissary-ingress/emissary/blob/master/CHANGELOG.md) -- Update Ambassador Edge Stack chart image to version v1.13.8: [CHANGELOG](https://github.com/emissary-ingress/emissary/blob/master/CHANGELOG.md) -- Bugfix: remove duplicate label key in ambassador-agent deployment - -## v6.7.10 - -- Update Ambassador API Gateway chart image to version v1.13.7: [CHANGELOG](https://github.com/emissary-ingress/emissary/blob/master/CHANGELOG.md) -- Update Ambassador Edge Stack chart image to version v1.13.7: [CHANGELOG](https://github.com/emissary-ingress/emissary/blob/master/CHANGELOG.md) - -## v6.7.9 - -- Update Ambassador chart image to version 1.13.6: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - - -## v6.7.8 - -- Update Ambassador chart image to version 1.13.5: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - - -## v6.7.7 - -- Bugfix: ambassador-injector and telepresence-proxy now use the correct default image repository - -## v6.7.6 - -- Update Ambassador chart image to version 1.13.4: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) -- Change: unless image.repository or image.fullImageOverride is explicitly set, the ambassador image used will be templated on .Values.enableAES. If AES is enabled, the chart will use docker.io/datawire/aes, otherwise will use docker.io/datawire/ambassador. - -## v6.7.5 - -- Update Ambassador chart image to version v1.13.3: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - -## v6.7.4 - -- Feature: The [Ambassador Module](https://www.getambassador.io/docs/edge-stack/latest/topics/running/ambassador/) can now be configured and managed by Helm - -## v6.7.3 - -- Update Ambassador chart image to version v1.13.2: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - -## v6.7.2 - -- Bugfix: Don't change the Role name when running in singleNamespace mode. - -## v6.7.1 - -- Update Ambassador chart image to version v1.13.1: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - -## v6.7.0 - -- Update Ambassador to version 1.13.0: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) -- Feature: Ambassador Agent now available for API Gateway (https://app.getambassador.io) -- Feature: Add support for [pod toplology spread constraints](https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/) via the `topologySpreadConstraints` helm value to the Ambassador deployment. (thanks, [@lawliet89](https://github.com/lawliet89)!) -- BugFix: Add missing `ambassador_id` for resolvers. -- Change: Ambassador ClusterRoles are now aggregated under the label `rbac.getambassador.io/role-group`. The aggregated role has the same name as the previous role name (so no need to update ClusterRoleBindings). - -## v6.6.4 - -- Update Ambassador to version 1.12.4: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - -## v6.6.3 - -- Update Ambassador to version 1.12.3: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - -## v6.6.2 - -- Update Ambassador to version 1.12.2: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - -## v6.6.1 - -- Fix metadata field in ConsulRevoler -- Make resolvers available to OSS - -## v6.6.0 - -- Update Ambassador to version 1.12.1: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) -- Feature: Apply Ambassador Agent deployment by default to enable Service Catalog reporting (https://app.getambassador.io) - -## v6.5.22 - -- Bugfix: Disable the cloud agent by default. The agent will be enabled in 6.6.0. -- Bugfix: Adds a check to prevent the cloud agent from being installed if AES version is less than 1.12.0 - -## v6.5.21 - -- Update Ambassador to version 1.12.0: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) -- Feature: Add support for the ambassador-agent, reporting to Service Catalog (https://app.getambassador.io) -- Feature: All services are automatically instrumented with discovery annotations. - -## v6.5.20 - -- Update Ambassador to version v1.11.2: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - -## v6.5.19 - -- Make all `livenessProbe` and `readinessProbe` configurations available to the values file - -## v6.5.18 - -- Update Ambassador to version v1.11.1: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - -## v6.5.17 - -- Update Ambassador to version v1.11.0: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) -- Bugfix: Fix Mapping definition to correctly support labels in use. - -## v6.5.16 - -- Bugfix: Ambassador CRD cleanup will now execute as expected. - -## v6.5.15 - -- Bugfix: Ambassador RBAC now includes permissions for IngressClasses. - -## v6.5.14 - -- Update for Ambassador v1.10.0 - -## v6.5.13 - -- Update for Ambassador v1.9.1 - -## v6.5.12 - -- Feature: Add ability to configure `terminationGracePeriodSeconds` for the Ambassador container -- Update for Ambassador v1.9.0 - -## v6.5.11 - -- Feature: add affinity and tolerations support for redis pods - -## v6.5.10 - -- Update Ambassador to version 1.8.1: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - -## v6.5.9 - -- Update Ambassador to version 1.8.0: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) -- Bugfix: The RBAC for AES now grants permission to "patch" Events.v1.core. Previously it granted "create" but not "patch". - -## v6.5.8 - -- Update Ambassador to version 1.7.4: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - -## v6.5.7 - -- Update Ambassador to version 1.7.3: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) -- The BusyBox image image used by `test-ready` is now configurable (thanks, [Alan Silva](https://github.com/OmegaVVeapon)!) - -## v6.5.6 - -- Update Ambassador to version 1.7.2: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) -- Feature: Allow overriding the namespace for the release using the values file: [ambassador-chart/#122](https://github.com/datawire/ambassador-chart/pull/122) - -## v6.5.5 - -- Allow hyphens in service annotations: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - -## v6.5.4 - -- Upgrade Ambassador to version 1.7.1: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - -## v6.5.3 - -- Upgrade Ambassador to version 1.7.0: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - -## v6.5.2 - -- Feature: Add support for DaemonSet/Deployment labels: [ambassador-chart/#114](https://github.com/datawire/ambassador-chart/pull/114) -- Upgrade Ambassador to version 1.6.2: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - -## v6.5.1 - -- Upgrade Ambassador to version 1.6.1: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - -## v6.5.0 - -- Upgrade Ambassador to version 1.6.0: [CHANGELOG}](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - -## v6.4.10 - -- Feature: Allow specifying annotations for the license-key-secret: [ambassador-chart/#106](https://github.com/datawire/ambassador-chart/issues/106) -- Feature: Annotation for keeping the AES secret on removal: [ambassador-chart/#110](https://github.com/datawire/ambassador-chart/issues/110) -- Fix: do not mount the secret if we do not want a secret: [ambassador-chart/#103](https://github.com/datawire/ambassador-chart/issues/103) -- Internal CI refactorings. - -## v6.4.9 - -- BugFix: Cannot specify podSecurityPolicies: [ambassador-chart/#97](https://github.com/datawire/ambassador-chart/issues/97) - -## v6.4.8 - -- Upgrade Ambassador to version 1.5.5: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - -## v6.4.7 - -- BugFix: Registry service is now using the proper `app.kubernetes.io/name` -- BugFix: Restore ability to set `REDIS` env vars in `env` instead of `redisEnv` -- Feature: Add `envRaw` to support supplying raw yaml for environment variables. Deprecates `redisEnv`. - -## v6.4.6 - -- Upgrade Ambassador to version 1.5.4: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) -- Added support setting external IPs for the ambassador service (thanks, [Jason Smith](https://github.com/jasons42)!) - -## v6.4.5 - -- Upgrade Ambassador to version 1.5.3: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - -## v6.4.4 - -- Feature flag for enabling or disabling the [`Project` registry](https://www.getambassador.io/docs/edge-stack/latest/topics/using/projects/) -- redisEnv for setting environment variables to control how Ambassador interacts with redis. See [redis environment](https://www.getambassador.io/docs/edge-stack/latest/topics/running/environment/#redis) - -## v6.4.3 - -- Upgrade Ambassador to version 1.5.2: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - -## v6.4.2 - -- Upgrade Ambassador to version 1.5.1: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - -## v6.4.1 - -- BugFix: The `PodSecurityPolicy` should not be created by default since it is a cluster-wide resource that should only be created once. - -If you would like to use the default `PodSecurityPolicy`, make sure to unset `security.podSecurityPolicy` it in all other releases. - -## v6.4.0 - -- Upgrade Ambassador to version 1.5.0: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) -- AuthService and RateLimitService are now installed in the same namespace as Ambassador. -- Changes RBAC permissions to better support single-namespace installations and detecting getambassador.io CRDs. -- Add option to install Service Preview components (traffic-manager, traffic-agent). -- Add option to install ambassador-injector, alongside Service Preview. -- Add additional security policy configurations. - - `securityContext` has been deprecated in favor of `security` which allows you to set container and pod security contexts as well as a default `PodSecurityPolicy`. - -## v6.3.6 - -- Switch from Quay.io to DockerHub - -## v6.3.5 - -- Upgrade Ambassador to version 1.4.3: [CHANGELOG}](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - -## v6.3.4 - -- Minor bug fixes - -## v6.3.3 - -- Add extra labels to ServiceMonitor: [CHANGELOG}](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - -## v6.3.2 - -- Upgrade Ambassador to version 1.4.2: [CHANGELOG}](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - -## v6.3.1 - -- Upgrade Ambassador to version 1.4.1: [CHANGELOG}](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - -## v6.3.0 - -- Adds: Option to create a ServiceMonitor for scraping via Prometheus Operator - -## v6.2.5 - -- Upgrade Ambassador to version 1.4.0: [CHANGELOG}](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - -## v6.2.4 - -- Fix typing so that Helm3 doesn't complain (thanks, [Fabrice Rabaute](https://github.com/jfrabaute)!) - -## v6.2.3 - -- Upgrade Ambassador to version 1.3.2. -- Use explicit types for things like ports, so that things like `helm .. --set service.ports[0].port=80` will be integers instead of ending up as strings - -## v6.2.2 - -- Upgrade Ambassador to version 1.3.1. -- Remove unnecessary `version` field from CRDs. -- Add static label to AES resources, to better support `edgectl install` - -## v6.2.1 - -- Upgrade Ambassador to version 1.3.0. - -## v6.2.0 - -- Add option to not create DevPortal routes - -## v6.1.5 - -- Upgrade Ambassador to version 1.2.2. - -## v6.1.4 - -- Upgrade from Ambassador 1.2.0 to 1.2.1. - -## v6.1.3 - -- Upgrade from Ambassador 1.1.1 to 1.2.0. - -## v6.1.2 - -- Upgrade from Ambassador 1.1.0 to 1.1.1. - -## v6.1.1 - -Minor Improvements: - -- Adds: Option to override the name of the RBAC resources - -## v6.1.0 - -Minor improvements including: - -- Adds: Option to set `restartPolicy` -- Adds: Option to give the AES license key secret a custom name -- Fixes: Assumption that the AES will be installed only from the `datawire/aes` repository. The `enableAES` flag now configures whether the AES is installed. -- Clarification on how to install OSS - -## v6.0.0 - -Introduces Ambassador Edge Stack being installed by default. - -### Breaking changes - -Ambassador Pro support has been removed in 6.0.0. Please upgrade to the Ambassador Edge Stack. - -## v5.0.0 - -### Breaking changes - -**Note** If upgrading an existing helm 2 installation no action is needed, previously installed CRDs will not be modified. - -- Helm 3 support for CRDs was added. Specifically, the CRD templates were moved to non-templated files in the `/crds` directory, and to keep Helm 2 support they are globbed from there by `/templates/crds.yaml`. However, because Helm 3 CRDs are not templated, the labels for new installations have necessarily changed - -## v4.0.0 - -### Breaking Changes - -- Introduces the performance tuned and certified build of open source Ambassador, Ambassador core -- The license key is now stored and read from a Kubernetes secret by default -- Added `.Values.pro.licenseKey.secret.enabled` `.Values.pro.licenseKey.secret.create` fields to allow multiple releases in the same namespace to use the same license key secret. - -### Minor Changes - -- Introduces the ability to configure resource limits for both Ambassador Pro and it's redis instance -- Introduces the ability to configure additional `AuthService` options (see [AuthService documentation](https://www.getambassador.io/reference/services/auth-service/)) -- The ambassador-pro-auth `AuthService` and ambassador-pro-ratelimit `RateLimitService` and now created as CRDs when `.Values.crds.enabled: true` -- Fixed misnamed selector for redis instance that failed in an edge case -- Exposes annotations for redis deployment and service - -## v3.0.0 - -### Breaking Changes - -- The default annotation has been removed. The service port will be set dynamically to 8080 or 8443 for http and https respectively. -- `service.http`, `service.https`, and `additionalTCPPort` has been replaced with `service.ports`. -- `rbac.namespaced` has been removed. Use `scope.singleNamespace` instead. - -### Minor Changes - -- Ambassador Pro will pick up when `AMBASSADOR_ID` is set in `.Values.env` [[#15025]](https://github.com/helm/charts/issues/15025). -- `{{release name}}-admins` has been renamed to `{{release name}}-admin` to match YAML install templates -- RBAC configuration has been updated to allow for CRD use when `scope.singleNamespace: true`. [[ambassador/#1576]](https://github.com/datawire/ambassador/issues/1576) -- RBAC configuration now allows for multiple Ambassadors to use CRDs. Set `crds.enabled` in releases that expect CRDs [[ambassador/#1679]](https://github.com/datawire/ambassador/issues/1679) - -## v2.6.0 - -### Minor Changes - -- Add ambassador CRDs! -- Update ambassador to 0.70.0 - -## v2.5.1 - -### Minor Changes - -- Update ambassador to 0.61.1 - -## v2.5.0 - -### Minor Changes - -- Add support for autoscaling using HPA, see `autoscaling` values. - -## v2.4.1 - -### Minor Changes - -- Update ambassador to 0.61.0 - -## v2.4.0 - -### Minor Changes - -- Allow configuring `hostNetwork` and `dnsPolicy` - -## v2.3.1 - -### Minor Changes - -- Adds HOST_IP environment variable - -## v2.3.0 - -### Minor Changes - -- Adds support for init containers using `initContainers` and pod labels `podLabels` - -## v2.2.5 - -### Minor Changes - -- Update ambassador to 0.60.3 - -## v2.2.4 - -### Minor Changes - -- Add support for Ambassador PRO [see readme](https://github.com/helm/charts/blob/master/stable/ambassador/README.md#ambassador-pro) - -## v2.2.3 - -### Minor Changes - -- Update ambassador to 0.60.2 - -## v2.2.2 - -### Minor Changes - -- Update ambassador to 0.60.1 - -## v2.2.1 - -### Minor Changes - -- Fix RBAC for ambassador 0.60.0 - -## v2.2.0 - -### Minor Changes - -- Update ambassador to 0.60.0 - -## v2.1.0 - -### Minor Changes - -- Added `scope.singleNamespace` for configuring ambassador to run in single namespace - -## v2.0.2 - -### Minor Changes - -- Update ambassador to 0.53.1 - -## v2.0.1 - -### Minor Changes - -- Update ambassador to 0.52.0 - -## v2.0.0 - -### Major Changes - -- Removed `ambassador.id` and `namespace.single` in favor of setting environment variables. - -## v1.1.5 - -### Minor Changes - -- Update ambassador to 0.50.3 - -## v1.1.4 - -### Minor Changes - -- support targetPort specification - -## v1.1.3 - -### Minor Changes - -- Update ambassador to 0.50.2 - -## v1.1.2 - -### Minor Changes - -- Add additional chart maintainer - -## v1.1.1 - -### Minor Changes - -- Default replicas -> 3 - -## v1.1.0 - -### Minor Changes - -- Allow RBAC to be namespaced (`rbac.namespaced`) - -## v1.0.0 - -### Major Changes - -- First release of Ambassador Helm Chart in helm/charts -- For migration see [Migrating from datawire/ambassador chart](https://github.com/helm/charts/tree/master/stable/ambassador#migrating-from-datawireambassador-chart-chart-version-0400-or-0500) diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/CONTRIBUTING.md b/charts/ambassador/ambassador/6.7.1100+up6.7.11/CONTRIBUTING.md deleted file mode 100644 index 443250b7a..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/CONTRIBUTING.md +++ /dev/null @@ -1,23 +0,0 @@ -# Contributing to the Ambassador Helm Chart - -This Helm chart is used to install The Ambassador Edge Stack (AES) and is -maintained by Datawire. - -## Developing - -All work on the helm chart should be done in a separate branch off `master` and -contributed with a Pull Request targeting `master`. - -**Note**: All updates to the chart require you update the `version` in -`Chart.yaml`. - -## Testing - -The `ci/` directory contains scripts that will be run on PRs to `master`. - -- `ci/run_tests.sh` will run the tests of the chart. - -## Releasing - -Releasing a new chart is done by pushing a tag to `master`. Travis will then -run the tests and push the chart to `https://getambassador.io/helm`. diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/Chart.yaml b/charts/ambassador/ambassador/6.7.1100+up6.7.11/Chart.yaml deleted file mode 100644 index 8f0b7a0d2..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/Chart.yaml +++ /dev/null @@ -1,28 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: Ambassador Edge Stack - catalog.cattle.io/release-name: ambassador -apiVersion: v1 -appVersion: 1.13.8 -description: A Helm chart for Datawire Ambassador -home: https://www.getambassador.io/ -icon: https://www.getambassador.io/images/logo.png -keywords: -- api gateway -- ambassador -- datawire -- envoy -maintainers: -- email: markus@maga.se - name: flydiverny -- email: flynn@datawire.io - name: kflynn -- email: nkrause@datawire.io - name: nbkrause -- email: lukeshu@datawire.io - name: lukeshu -name: ambassador -sources: -- https://github.com/datawire/ambassador -- https://github.com/prometheus/statsd_exporter -version: 6.7.1100+up6.7.11 diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/Makefile b/charts/ambassador/ambassador/6.7.1100+up6.7.11/Makefile deleted file mode 100644 index 3271ecc11..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/Makefile +++ /dev/null @@ -1,37 +0,0 @@ -HELM_TEST_IMAGE = quay.io/helmpack/chart-testing:v3.0.0-rc.1 -K3D_CLUSTER_NAME = helm-chart-test-cluster -CHART_DIR := $(patsubst %/,%,$(dir $(abspath $(lastword $(MAKEFILE_LIST))))) -CHART_KUBECONFIG := /tmp/kubeconfig/k3dconfig -CT_EXEC = docker run --rm -v $(CHART_KUBECONFIG):/root/.kube/config -v $(CHART_DIR):/charts --network host $(HELM_TEST_IMAGE) ct -K3D_EXEC := KUBECONFIG=$(CHART_KUBECONFIG) k3d - -test-chart: lint-chart preflight-chart-test chart-create-cluster - $(CT_EXEC) install --config /charts/ct.yaml && \ - $(MAKE) chart-delete-cluster -.PHONY: test-chart - -lint-chart: preflight-kubeconfig - $(CT_EXEC) lint --config /charts/ct.yaml -.PHONY: lint-chart - -preflight-chart-test: preflight-kubeconfig - # check if k3d is installed - @if ! command -v k3d 2> /dev/null ; then \ - printf 'k3d not installed, plz do that'; \ - false; \ - fi -.PHONY: preflight-chart-test - -preflight-kubeconfig: - mkdir -p `dirname $(CHART_KUBECONFIG)` - touch $(CHART_KUBECONFIG) -.PHONY: preflight-kubeconfig - -chart-create-cluster: preflight-kubeconfig - $(MAKE) chart-delete-cluster || true - $(K3D_EXEC) cluster create $(K3D_CLUSTER_NAME) --k3s-server-arg "--no-deploy=traefik" -.PHONY: chart-create-cluster - -chart-delete-cluster: - $(K3D_EXEC) cluster delete $(K3D_CLUSTER_NAME) -.PHONY: chart-delete-cluster diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/README.md b/charts/ambassador/ambassador/6.7.1100+up6.7.11/README.md deleted file mode 100644 index 01ea965bc..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/README.md +++ /dev/null @@ -1,478 +0,0 @@ -# Ambassador - -The Ambassador Edge Stack is a self-service, comprehensive edge stack that is Kubernetes-native and built on [Envoy Proxy](https://www.envoyproxy.io/). - -## TL;DR; - -```console -$ helm repo add datawire https://getambassador.io -$ helm install ambassador datawire/ambassador -``` - -## Introduction - -This chart bootstraps an [Ambassador](https://www.getambassador.io) deployment on -a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -## Prerequisites - -- Kubernetes 1.11+ - -## Add this Helm repository to your Helm client - -```console -helm repo add datawire https://getambassador.io -``` - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```console -$ kubectl create namespace ambassador -$ helm install my-release datawire/ambassador -n ambassador -``` - -The command deploys Ambassador Edge Stack in the ambassador namespace on the Kubernetes cluster in the default configuration. - -It is recommended to use the ambassador namespace for easy upgrades. - -The [configuration](#configuration) section lists the parameters that can be configured during installation. - -### Ambassador Edge Stack Installation - -This chart defaults to installing The Ambassador Edge Stack with all of its configuration objects. - -- A Redis instance -- `AuthService` resource for enabling authentication -- `RateLimitService` resource for enabling rate limiting -- `Mapping`s for internal request routing - -If installing alongside another deployment of Ambassador, some of these resources can cause configuration errors since only one `AuthService` or `RateLimitService` can be configured at a time. - -If you already have one of these resources configured in your cluster, please see the [configuration](#configuration) section below for information on how to disable them in the chart. - -### Ambassador OSS Installation - -This chart can still be used to install Ambassador OSS. - -To install OSS, change the `image` to use the OSS image and set `enableAES: false` to skip the install of any AES resources. - -## Uninstalling the Chart - -To uninstall/delete the `my-release` deployment: - -```console -$ helm uninstall my-release -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Changelog - -Notable chart changes are listed in the [CHANGELOG](./CHANGELOG.md) - -## Configuration - -The following tables lists the configurable parameters of the Ambassador chart and their default values. - -| Parameter | Description | Default | -|----------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------| -| `nameOverride` | Override the generated chart name. Defaults to .Chart.Name. | | -| `fullnameOverride` | Override the generated release name. Defaults to .Release.Name. | | -| `namespaceOverride` | Override the generated release namespace. Defaults to .Release.Namespace. | | -| `adminService.create` | If `true`, create a service for Ambassador's admin UI | `true` | -| `adminService.nodePort` | If explicit NodePort for admin service is required | `true` | -| `adminService.type` | Ambassador's admin service type to be used | `ClusterIP` | -| `adminService.annotations` | Annotations to apply to Ambassador admin service | `{}` | -| `adminService.loadBalancerIP` | IP address to assign (if cloud provider supports it) | `""` | -| `adminService.loadBalancerSourceRanges` | Passed to cloud provider load balancer if created (e.g: AWS ELB) | None | -| `ambassadorConfig` | Config thats mounted to `/ambassador/ambassador-config` | `""` | -| `crds.enabled` | If `true`, enables CRD resources for the installation. | `true` | -| `crds.create` | If `true`, Creates CRD resources | `true` | -| `crds.keep` | If `true`, if the ambassador CRDs should be kept when the chart is deleted | `true` | -| `daemonSet` | If `true`, Create a DaemonSet. By default Deployment controller will be created | `false` | -| `test.enabled` | If `true`, Create test Pod to verify the Ambassador service works correctly (Only created on `helm test`) | `true` | -| `test.image` | Image to use for the test Pod | `busybox` | -| `hostNetwork` | If `true`, uses the host network, useful for on-premise setups | `false` | -| `dnsPolicy` | Dns policy, when hostNetwork set to ClusterFirstWithHostNet | `ClusterFirst` | -| `env` | Any additional environment variables for ambassador pods | `{}` | -| `envRaw` | Additional environment variables in raw YAML format | `{}` | -| `image.pullPolicy` | Ambassador image pull policy | `IfNotPresent` | -| `image.repository` | Ambassador image | `docker.io/datawire/aes` | -| `image.tag` | Ambassador image tag | `1.13.8` | -| `imagePullSecrets` | Image pull secrets | `[]` | -| `namespace.name` | Set the `AMBASSADOR_NAMESPACE` environment variable | `metadata.namespace` | -| `scope.singleNamespace` | Set the `AMBASSADOR_SINGLE_NAMESPACE` environment variable and create namespaced RBAC if `rbac.enabled: true` | `false` | -| `podAnnotations` | Additional annotations for ambassador pods | `{}` | -| `deploymentAnnotations` | Additional annotations for ambassador DaemonSet/Deployment | `{}` | -| `podLabels` | Additional labels for ambassador pods | | -| `deploymentLabels` | Additional labels for ambassador DaemonSet/Deployment | | -| `affinity` | Affinity for ambassador pods | `{}` | -| `topologySpreadConstraints` | Topology Spread Constraints for Ambassador pods. Stable since 1.19. | `[]` | -| `nodeSelector` | NodeSelector for ambassador pods | `{}` | -| `priorityClassName` | The name of the priorityClass for the ambassador DaemonSet/Deployment | `""` | -| `rbac.create` | If `true`, create and use RBAC resources | `true` | -| `rbac.podSecurityPolicies` | pod security polices to bind to | | -| `rbac.nameOverride` | Overrides the default name of the RBAC resources | `` | -| `replicaCount` | Number of Ambassador replicas | `3` | -| `resources` | CPU/memory resource requests/limits | `{ "limits":{"cpu":"1000m","memory":"600Mi"},"requests":{"cpu":"200m","memory":"300Mi"}}` | -| `securityContext` | Set security context for pod | `{ "runAsUser": "8888" }` | -| `security.podSecurityContext` | Set the security context for the Ambassador pod | `{ "runAsUser": "8888" }` | -| `security.containerSecurityContext` | Set the security context for the Ambassador container | `{ "allowPrivilegeEscalation": false }` | -| `security.podSecurityPolicy` | Create a PodSecurityPolicy to be used for the pod. | `{}` | -| `restartPolicy` | Set the `restartPolicy` for pods | `` | -| `terminationGracePeriodSeconds` | Set the `terminationGracePeriodSeconds` for the pod. Defaults to 30 if unset. | `` | -| `initContainers` | Containers used to initialize context for pods | `[]` | -| `sidecarContainers` | Containers that share the pod context | `[]` | -| `livenessProbe.initialDelaySeconds` | Initial delay (s) for Ambassador pod's liveness probe | `30` | -| `livenessProbe.periodSeconds` | Probe period (s) for Ambassador pod's liveness probe | `3` | -| `livenessProbe.failureThreshold` | Failure threshold for Ambassador pod's liveness probe | `3` | -| `readinessProbe.initialDelaySeconds` | Initial delay (s) for Ambassador pod's readiness probe | `30` | -| `readinessProbe.periodSeconds` | Probe period (s) for Ambassador pod's readiness probe | `3` | -| `readinessProbe.failureThreshold` | Failure threshold for Ambassador pod's readiness probe | `3` | -| `service.annotations` | Annotations to apply to Ambassador service | `""` | -| `service.externalTrafficPolicy` | Sets the external traffic policy for the service | `""` | -| `service.nameOverride` | Sets the name of the service | `ambassador.fullname` | -| `service.ports` | List of ports Ambassador is listening on | `[{"name": "http","port": 80,"targetPort": 8080},{"name": "https","port": 443,"targetPort": 8443}]` | -| `service.loadBalancerIP` | IP address to assign (if cloud provider supports it) | `""` | -| `service.loadBalancerSourceRanges` | Passed to cloud provider load balancer if created (e.g: AWS ELB) | None | -| `service.sessionAffinity` | Sets the session affinity policy for the service | `""` | -| `service.sessionAffinityConfig` | Sets the session affinity config for the service | `""` | -| `service.type` | Service type to be used | `LoadBalancer` | -| `service.externalIPs` | External IPs to route to the ambassador service | `[]` | -| `serviceAccount.create` | If `true`, create a new service account | `true` | -| `serviceAccount.name` | Service account to be used | `ambassador` | -| `volumeMounts` | Volume mounts for the ambassador service | `[]` | -| `volumes` | Volumes for the ambassador service | `[]` | -| `enableAES` | Create the [AES configuration objects](#ambassador-edge-stack-installation) | `true` | -| `createDevPortalMappings` | Expose the dev portal on `/docs/` and `/documentation/` | `true` | -| `licenseKey.value` | Ambassador Edge Stack license. Empty will install in evaluation mode. | `` | -| `licenseKey.createSecret` | Set to `false` if installing mutltiple Ambassdor Edge Stacks in a namespace. | `true` | -| `licenseKey.secretName` | Name of the secret to store Ambassador license key in. | `` | -| `licenseKey.annotations` | Annotations to attach to the license-key-secret. | {} | -| `redisURL` | URL of redis instance not created by the release | `""` | -| `redisEnv` | (**DEPRECATED:** Use `envRaw`) Set env vars that control how Ambassador interacts with redis. | `""` | -| `redis.create` | Create a basic redis instance with default configurations | `true` | -| `redis.annotations` | Annotations for the redis service and deployment | `""` | -| `redis.resources` | Resource requests for the redis instance | `""` | -| `redis.nodeSelector` | NodeSelector for redis pods | `{}` | -| `redis.affinity` | Affinity for redis pods | `{}` | -| `redis.tolerations` | Tolerations for redis pods | `{}` | -| `authService.create` | Create the `AuthService` CRD for Ambassador Edge Stack | `true` | -| `authService.optional_configurations` | Config options for the `AuthService` CRD | `""` | -| `rateLimit.create` | Create the `RateLimit` CRD for Ambassador Edge Stack | `true` | -| `registry.create` | Create the `Project` registry. | `false` | -| `autoscaling.enabled` | If true, creates Horizontal Pod Autoscaler | `false` | -| `autoscaling.minReplicas` | If autoscaling enabled, this field sets minimum replica count | `2` | -| `autoscaling.maxReplicas` | If autoscaling enabled, this field sets maximum replica count | `5` | -| `autoscaling.metrics` | If autoscaling enabled, configure hpa metrics | | -| `podDisruptionBudget` | Pod disruption budget rules | `{}` | -| `resolvers.endpoint.create` | Create a KubernetesEndpointResolver | `false` | -| `resolvers.endpoint.name` | If creating a KubernetesEndpointResolver, the resolver name | `endpoint` | -| `resolvers.consul.create` | Create a ConsulResolver | `false` | -| `resolvers.consul.name` | If creating a ConsulResolver, the resolver name | `consul-dc1` | -| `resolvers.consul.spec` | If creating a ConsulResolver, additional configuration | `{}` | -| `module` | Configure and manage the Ambassador Module from the Chart | `{}` | -| `prometheusExporter.enabled` | DEPRECATED: Prometheus exporter side-car enabled | `false` | -| `prometheusExporter.pullPolicy` | DEPRECATED: Image pull policy | `IfNotPresent` | -| `prometheusExporter.repository` | DEPRECATED: Prometheus exporter image | `prom/statsd-exporter` | -| `prometheusExporter.tag` | DEPRECATED: Prometheus exporter image | `v0.8.1` | -| `prometheusExporter.resources` | DEPRECATED: CPU/memory resource requests/limits | `{}` | -| `metrics.serviceMonitor.enabled` | Create ServiceMonitor object (`adminService.create` should be to `true`) | `false` | -| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped | `30s` | -| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `30s` | -| `metrics.serviceMonitor.selector` | Label Selector for Prometheus to find ServiceMonitors | `{ prometheus: kube-prometheus }` | -| `servicePreview.enabled` | If true, install Service Preview components: traffic-manager & traffic-agent (`enableAES` needs to also be to `true`) | `false` | -| `servicePreview.trafficManager.image.repository` | Ambassador Traffic-manager image | Same value as `image.repository` | -| `servicePreview.trafficManager.image.tag` | Ambassador Traffic-manager image tag | Same value as `image.tag` | -| `servicePreview.trafficManager.serviceAccountName` | Traffic-manager Service Account to be used | `traffic-manager` | -| `servicePreview.trafficAgent.image.repository` | Ambassador Traffic-agent image | Same value as `image.repository` | -| `servicePreview.trafficAgent.image.tag` | Ambassador Traffic-agent image tag | Same value as `image.tag` | -| `servicePreview.trafficAgent.injector.enabled` | If true, install the ambassador-injector | `true` | -| `servicePreview.trafficAgent.injector.crtPEM` | TLS certificate for the Common Name of ..svc | Auto-generated, valid for 365 days | -| `servicePreview.trafficAgent.injector.keyPEM` | TLS private key for the Common Name of ..svc | Auto-generated, valid for 365 days | -| `servicePreview.trafficAgent.port` | Traffic-agent listening port number when injected with ambassador-injector | `9900` | -| `servicePreview.trafficAgent.serviceAccountName` | Label Selector for Prometheus to find ServiceMonitors | `traffic-agent` | -| `servicePreview.trafficAgent.singleNamespace` | If `true`, installs the traffic-agent ServiceAccount and Role in the current installation namespace; Otherwise uses a global ClusterRole applied to every ServiceAccount | `true` | -| `agent.enabled` | If `true`, installs the ambassador-agent Deployment, ServiceAccount and ClusterRole in the ambassador namespace | `true` | -| `agent.cloudConnectionToken` | API token for reporting snapshots to the [Service Catalog](https://app.getambassador.io/cloud/catalog/); If empty, agent will not report snapshots | `""` | -| `agent.rpcAddress` | Address of the ambassador Service Catalog rpc server. | `https://app.getambassador.io/` | -| `agent.image.repository` | Image repository for the ambassador-agent deployment. Defaults to value of `image.repository` | Same value as `image.repository` | -| `agent.image.tag` | Image tag for the ambassador-agent deployment. Defaults to value of `image.tag` | Same value as `image.tag` | - -**NOTE:** Make sure the configured `service.http.targetPort` and `service.https.targetPort` ports match your [Ambassador Module's](https://www.getambassador.io/reference/modules/#the-ambassador-module) `service_port` and `redirect_cleartext_from` configurations. - -### The Ambasssador Edge Stack - -The Ambassador Edge Stack provides a comprehensive, self-service edge stack in -the Kubernetes cluster with a decentralized deployment model and a declarative -paradigm. - -By default, this chart will install the latest image of The Ambassador Edge -Stack which will replace your existing deployment of Ambassador with no changes -to functionality. - -### CRDs - -This helm chart includes the creation of the core CRDs Ambassador uses for -configuration. - -The `crds` flags (Helm 2 only) let you configure how a release manages crds. -- `crds.create` Can only be set on your first/master Ambassador release. -- `crds.enabled` Should be set on all releases using Ambassador CRDs -- `crds.keep` Configures if the CRDs are deleted when the master release is - purged. This value is only checked for the master release and can be set to - any value on secondary releases. - -### Security - -Ambassador takes security very seriously. For this reason, the YAML installation will default with a couple of basic security policies in place. - -The `security` field of the `values.yaml` file configures these default policies and replaces the `securityContext` field used earlier. - -The defaults will configure the pod to run as a non-root user and prohibit privilege escalation and outline a `PodSecurityPolicy` to ensure these conditions are met. - - - -```yaml -security: - # Security Context for all containers in the pod. - # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#podsecuritycontext-v1-core - podSecurityContext: - runAsUser: 8888 - # Security Context for the Ambassador container specifically - # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#securitycontext-v1-core - containerSecurityContext: - allowPrivilegeEscalation: false - # A basic PodSecurityPolicy to ensure Ambassador is running with appropriate security permissions - # https://kubernetes.io/docs/concepts/policy/pod-security-policy/ - # - # A set of reasonable defaults is outlined below. This is not created by default as it should only - # be created by a one Release. If you want to use the PodSecurityPolicy in the chart, create it in - # the "master" Release and then leave it unset in all others. Set the `rbac.podSecurityPolicies` - # in all non-"master" Releases. - podSecurityPolicy: {} - # # Add AppArmor and Seccomp annotations - # # https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor - # annotations: - # spec: - # seLinux: - # rule: RunAsAny - # supplementalGroups: - # rule: 'MustRunAs' - # ranges: - # # Forbid adding the root group. - # - min: 1 - # max: 65535 - # fsGroup: - # rule: 'MustRunAs' - # ranges: - # # Forbid adding the root group. - # - min: 1 - # max: 65535 - # privileged: false - # allowPrivilegeEscalation: false - # runAsUser: - # rule: MustRunAsNonRoot -``` - -### Annotations - -Ambassador is configured using Kubernetes Custom Resource Definitions (CRDs). If you are unable to use CRDs, Ambassador can also be configured using annotations on services. The `service.annotations` section of the values file contains commented out examples of [Ambassador Module](https://www.getambassador.io/reference/core/ambassador) and a global [TLSContext](https://www.getambassador.io/reference/core/tls) configurations which are typically created in the Ambassador service. - -If you intend to use `service.annotations`, remember to include the `getambassador.io/config` annotation key as above. - -### Prometheus Metrics - -Using the Prometheus Exporter has been deprecated and is no longer recommended. You can now use `metrics.serviceMonitor.enabled` to create a `ServiceMonitor` from the chart if the [Prometheus Operator](https://github.com/coreos/prometheus-operator) has been installed on your cluster. - -Please see Ambassador's [monitoring with Prometheus](https://www.getambassador.io/user-guide/monitoring/) docs for more information on using the `/metrics` endpoint for metrics collection. - -### Specifying Values - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```console -$ helm install --wait my-release \ - --set adminService.type=NodePort \ - datawire/ambassador -``` - -Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, - -```console -$ helm install --wait my-release -f values.yaml datawire/ambassador -``` - ---- - -# Upgrading - -## To 6.0.0 - -Introduces Ambassador Edge Stack being installed by default. - -### Breaking changes - -Ambassador Pro support has been removed in 6.0.0. Please [upgrade to the Ambassador Edge Stack](https://www.getambassador.io/user-guide/helm). - -## To 5.0.0 - -### Breaking changes - -**Note** If upgrading an existing helm 2 installation no action is needed, previously installed CRDs will not be modified. - -- Helm 3 support for CRDs was added. Specifically, the CRD templates were moved to non-templated files in the `/crds` directory, and to keep Helm 2 support they are globbed from there by `/templates/crds.yaml`. However, because Helm 3 CRDs are not templated, the labels for new installations have necessarily changed - -## To 4.0.0 - -The 4.0.0 chart contains a number of changes to the way Ambassador Pro is installed. - -- Introduces the performance tuned and certified build of open source Ambassador, Ambassador core -- The license key is now stored and read from a Kubernetes secret by default -- Added `.Values.pro.licenseKey.secret.enabled` `.Values.pro.licenseKey.secret.create` fields to allow multiple releases in the same namespace to use the same license key secret. -- Introduces the ability to configure resource limits for both Ambassador Pro and it's redis instance -- Introduces the ability to configure additional `AuthService` options (see [AuthService documentation](https://www.getambassador.io/reference/services/auth-service/)) -- The ambassador-pro-auth `AuthService` and ambassador-pro-ratelimit `RateLimitService` and now created as CRDs when `.Values.crds.enabled: true` -- Fixed misnamed selector for redis instance that failed in an edge case -- Exposes annotations for redis deployment and service - -### Breaking changes - -The value of `.Values.pro.image.tag` has been shortened to assume `amb-sidecar` (and `amb-core` for Ambassador core) -`values.yaml` -```diff -<3.0.0> - image: - repository: quay.io/datawire/ambassador_pro -- tag: amb-sidecar-0.6.0 - -<4.0.0+> - image: - repository: quay.io/datawire/ambassador_pro -+ tag: 0.7.0 -``` - -Method for creating a Kubernetes secret to hold the license key has been changed - -`values.yaml` -```diff -<3.0.0> -- secret: false -<4.0.0> -+ secret: -+ enabled: true -+ create: true -``` - -## To 3.0.0 - -### Service Ports - -The way ports are assigned has been changed for a more dynamic method. - -Now, instead of setting the port assignments for only the http and https, any port can be open on the load balancer using a list like you would in a standard Kubernetes YAML manifest. - -`pre-3.0.0` -```yaml -service: - http: - enabled: true - port: 80 - targetPort: 8080 - https: - enabled: true - port: 443 - targetPort: 8443 -``` - -`3.0.0` -```yaml -service: - ports: - - name: http - port: 80 - targetPort: 8080 - - name: https - port: 443 - targetPort: 8443 -``` - -This change has also replaced the `.additionalTCPPorts` configuration. Additional TCP ports can be created the same as the http and https ports above. - -### Annotations and `service_port` - -The below Ambassador `Module` annotation is no longer being applied by default. - -```yaml -getambassador.io/config: | - --- - apiVersion: ambassador/v1 - kind: Module - name: ambassador - config: - service_port: 8080 -``` -This was causing confusion with the `service_port` being hard-coded when enabling TLS termination in Ambassador. - -Ambassador has been listening on port 8080 for HTTP and 8443 for HTTPS by default since version `0.60.0` (chart version 2.2.0). - -### RBAC and CRDs - -A `ClusterRole` and `ClusterRoleBinding` named `{{release name}}-crd` will be created to watch for the Ambassador Custom Resource Definitions. This will be created regardless of the value of `scope.singleNamespace` since CRDs are created the cluster scope. - -`rbac.namespaced` has been removed. For namespaced RBAC, set `scope.singleNamespace: true` and `rbac.enabled: true`. - -`crds.enabled` will indicate that you are using CRDs and will create the rbac resources regardless of the value of `crds.create`. This allows for multiple deployments to use the CRDs. - -## To 2.0.0 - -### Ambassador ID - -ambassador.id has been removed in favor of setting it via an environment variable in `env`. `AMBASSADOR_ID` defaults to `default` if not set in the environment. This is mainly used for [running multiple Ambassadors](https://www.getambassador.io/reference/running#ambassador_id) in the same cluster. - -| Parameter | Env variables | -| --------------- | --------------- | -| `ambassador.id` | `AMBASSADOR_ID` | - -## Migrating from `datawire/ambassador` chart (chart version 0.40.0 or 0.50.0) - -Chart now runs ambassador as non-root by default, so you might need to update your ambassador module config to match this. - -### Timings - -Timings values have been removed in favor of setting the env variables using `env´ - -| Parameter | Env variables | -| ----------------- | -------------------------- | -| `timing.restart` | `AMBASSADOR_RESTART_TIME` | -| `timing.drain` | `AMBASSADOR_DRAIN_TIME` | -| `timing.shutdown` | `AMBASSADOR_SHUTDOWN_TIME` | - -### Single namespace - -| Parameter | Env variables | -| ------------------ | ----------------------------- | -| `namespace.single` | `AMBASSADOR_SINGLE_NAMESPACE` | - -### Renamed values - -Service ports values have changed names and target ports have new defaults. - -| Previous parameter | New parameter | New default value | -| --------------------------- | -------------------------- | ----------------- | -| `service.enableHttp` | `service.http.enabled` | | -| `service.httpPort` | `service.http.port` | | -| `service.httpNodePort` | `service.http.nodePort` | | -| `service.targetPorts.http` | `service.http.targetPort` | `8080` | -| `service.enableHttps` | `service.https.enabled` | | -| `service.httpsPort` | `service.https.port` | | -| `service.httpsNodePort` | `service.https.nodePort` | | -| `service.targetPorts.https` | `service.https.targetPort` | `8443` | - -### Exporter sidecar - -Pre version `0.50.0` ambassador was using socat and required a sidecar to export statsd metrics. In `0.50.0` ambassador no longer uses socat and doesn't need a sidecar anymore to export its statsd metrics. Statsd metrics are disabled by default and can be enabled by setting environment `STATSD_ENABLED`, this will (in 0.50) send metrics to a service named `statsd-sink`, if you want to send it to another service or namespace it can be changed by setting `STATSD_HOST` - -If you are using prometheus the chart allows you to enable a sidecar which can export to prometheus see the `prometheusExporter` values. diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/RELEASE.tpl b/charts/ambassador/ambassador/6.7.1100+up6.7.11/RELEASE.tpl deleted file mode 100644 index d00d6b2f2..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/RELEASE.tpl +++ /dev/null @@ -1,8 +0,0 @@ -## :tada: Ambassador Chart $CHART_VERSION :tada: - -Upgrade Ambassador - https://www.getambassador.io/reference/upgrading#helm.html -View changelog - https://github.com/datawire/ambassador/blob/master/charts/ambassador/CHANGELOG.md - ---- - - diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/RELEASE_TITLE.tpl b/charts/ambassador/ambassador/6.7.1100+up6.7.11/RELEASE_TITLE.tpl deleted file mode 100644 index 7aab5973c..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/RELEASE_TITLE.tpl +++ /dev/null @@ -1 +0,0 @@ -Ambassador Chart $CHART_VERSION diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/app-readme.md b/charts/ambassador/ambassador/6.7.1100+up6.7.11/app-readme.md deleted file mode 100644 index d2ef7356e..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/app-readme.md +++ /dev/null @@ -1,13 +0,0 @@ -# Ambassador Edge Stack and Emissary Ingress Chart - -[Ambassador Edge Stack](https://www.getambassador.io/products/edge-stack/) and its open source CNCF counterpart [Emissary-Ingress](https://www.getambassador.io/products/api-gateway/) are Kubernetes native, high-performance Ingress controllers designed with GitOps workflows and developer experience in mind. The Edge Stack allows users to manage [Authentication](https://www.getambassador.io/docs/edge-stack/latest/topics/using/filters/), [Rate Limits](https://www.getambassador.io/docs/edge-stack/latest/topics/using/rate-limits/rate-limits/), [TLS](https://www.getambassador.io/docs/edge-stack/latest/topics/running/tls/) and more with easy-to-use resources for [managing your APIs](https://www.getambassador.io/docs/edge-stack/latest/topics/using/intro-mappings/). - -## Service Catalog - -The default installation of Ambassador Edge Stack includes the deployment needed to get started with [Service Catalog](https://www.getambassador.io/products/service-catalog/) and the [Developer Control Plane](https://www.getambassador.io/developer-control-plane/). Simply generate your [Cloud Token](https://www.getambassador.io/docs/cloud/latest/service-catalog/quick-start/#1-connect-your-cluster-to-ambassador-cloud) and add it in the Service Catalog section as you're setting up the chart. - -## More Info - -Visit the [Quick Start](https://www.getambassador.io/docs/edge-stack/latest/tutorials/getting-started/) page for more instructions, or check out our [documentation](https://www.getambassador.io/docs/edge-stack). For any questions, or to join the community, visit our [Slack](https://a8r.io/slack) and say hi! - -* Ambassador recommends a Kubernetes version of 1.16 or higher. diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/ci/01-psp-values.yaml b/charts/ambassador/ambassador/6.7.1100+up6.7.11/ci/01-psp-values.yaml deleted file mode 100644 index 27152824e..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/ci/01-psp-values.yaml +++ /dev/null @@ -1,40 +0,0 @@ -security: - # Security Context for all containers in the pod. - # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#podsecuritycontext-v1-core - podSecurityContext: - runAsUser: 8888 - # Security Context for the Ambassador container specifically - # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#securitycontext-v1-core - containerSecurityContext: - allowPrivilegeEscalation: false - # A basic PodSecurityPolicy to ensure Ambassador is running with appropriate security permissions - # https://kubernetes.io/docs/concepts/policy/pod-security-policy/ - # - # A set of reasonable defaults is outlined below. This is not created by default as it should only - # be created by a one Release. If you want to use the PodSecurityPolicy in the chart, create it in - # the "master" Release and then leave it unset in all others. Set the `rbac.podSecurityPolicies` - # in all non-"master" Releases. - podSecurityPolicy: - # Add AppArmor and Seccomp annotations - # https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor - annotations: - seccomp.security.alpha.kubernetes.io/defaultProfileName: runtime/default - spec: - seLinux: - rule: RunAsAny - supplementalGroups: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - privileged: false - allowPrivilegeEscalation: false - runAsUser: - rule: MustRunAsNonRoot diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/ci/02-oss-values.yaml b/charts/ambassador/ambassador/6.7.1100+up6.7.11/ci/02-oss-values.yaml deleted file mode 100644 index 4fb9ff60c..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/ci/02-oss-values.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# install the Ambassador API Gateway -image: - pullPolicy: IfNotPresent - -enableAES: false - -deploymentStrategy: - type: Recreate diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/ci/05-auth-disabled-values.yaml b/charts/ambassador/ambassador/6.7.1100+up6.7.11/ci/05-auth-disabled-values.yaml deleted file mode 100644 index 769f8eb55..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/ci/05-auth-disabled-values.yaml +++ /dev/null @@ -1,8 +0,0 @@ -service: - type: NodePort - -authService: - create: false - -deploymentStrategy: - type: Recreate diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/ci/06-hpa-values.yaml b/charts/ambassador/ambassador/6.7.1100+up6.7.11/ci/06-hpa-values.yaml deleted file mode 100644 index 56509eb8b..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/ci/06-hpa-values.yaml +++ /dev/null @@ -1,8 +0,0 @@ -deploymentStrategy: - type: Recreate - -service: - type: NodePort - -autoscaling: - enabled: true diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/ci/08-single-namespace-values.yaml b/charts/ambassador/ambassador/6.7.1100+up6.7.11/ci/08-single-namespace-values.yaml deleted file mode 100644 index 591785bde..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/ci/08-single-namespace-values.yaml +++ /dev/null @@ -1,8 +0,0 @@ -service: - type: NodePort - -deploymentStrategy: - type: Recreate - -scope: - singleNamespace: true diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/ci/09-redis-false-values.yaml b/charts/ambassador/ambassador/6.7.1100+up6.7.11/ci/09-redis-false-values.yaml deleted file mode 100644 index e545210d5..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/ci/09-redis-false-values.yaml +++ /dev/null @@ -1,9 +0,0 @@ -service: - type: NodePort - -redis: - enabled: false - # Annotations for Ambassador Pro's redis instance. - -deploymentStrategy: - type: Recreate diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/ci/12-daemonset-values.yaml b/charts/ambassador/ambassador/6.7.1100+up6.7.11/ci/12-daemonset-values.yaml deleted file mode 100644 index 9a581d94b..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/ci/12-daemonset-values.yaml +++ /dev/null @@ -1,7 +0,0 @@ -service: - type: NodePort - -deploymentStrategy: - type: RollingUpdate - -daemonSet: true diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/ci/13-rl-disabled-values.yaml b/charts/ambassador/ambassador/6.7.1100+up6.7.11/ci/13-rl-disabled-values.yaml deleted file mode 100644 index a1dfe0434..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/ci/13-rl-disabled-values.yaml +++ /dev/null @@ -1,8 +0,0 @@ -service: - type: NodePort - -rateLimit: - create: false - -deploymentStrategy: - type: Recreate diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/ci/14-deployment-labels.yaml b/charts/ambassador/ambassador/6.7.1100+up6.7.11/ci/14-deployment-labels.yaml deleted file mode 100644 index 33ebe5b74..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/ci/14-deployment-labels.yaml +++ /dev/null @@ -1,3 +0,0 @@ -deploymentLabels: - label: foo - label2: bar diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/ci/15-test-resolvers.yaml b/charts/ambassador/ambassador/6.7.1100+up6.7.11/ci/15-test-resolvers.yaml deleted file mode 100644 index 0601ce9c4..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/ci/15-test-resolvers.yaml +++ /dev/null @@ -1,11 +0,0 @@ -resolvers: - endpoint: - create: true - name: endpoint-foo - - consul: - create: true - name: consul-foo - spec: - address: ${HOST_IP} - datacenter: dc1 \ No newline at end of file diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/ci/16-test-module.yaml b/charts/ambassador/ambassador/6.7.1100+up6.7.11/ci/16-test-module.yaml deleted file mode 100644 index d80bf9508..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/ci/16-test-module.yaml +++ /dev/null @@ -1,9 +0,0 @@ -module: - lua_scripts: | - function envoy_on_response(response_handle) - response_handle:headers():add("Lua-Scripts-Enabled", "Processed") - end - - ip_allow: - - peer: 127.0.0.1 - - remote: 99.99.0.0/16 \ No newline at end of file diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/ci/17-svc-preview.yaml b/charts/ambassador/ambassador/6.7.1100+up6.7.11/ci/17-svc-preview.yaml deleted file mode 100644 index a141bcdda..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/ci/17-svc-preview.yaml +++ /dev/null @@ -1,5 +0,0 @@ -servicePreview: - enabled: true -trafficAgent: - injector: - enabled: true diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/ci/check_updated_changelog.sh b/charts/ambassador/ambassador/6.7.1100+up6.7.11/ci/check_updated_changelog.sh deleted file mode 100644 index 1840c1799..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/ci/check_updated_changelog.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/bash - -set -e - -CURR_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" -[ -d "$CURR_DIR" ] || { echo "FATAL: no current dir (maybe running in zsh?)"; exit 1; } -TOP_DIR=$CURR_DIR/.. - -# shellcheck source=common.sh -source "$CURR_DIR/common.sh" - -echo ${TOP_DIR} -chart_version=$(get_chart_version ${TOP_DIR}) - -if ! grep "## v${chart_version}" ${TOP_DIR}/CHANGELOG.md > /dev/null 2>&1 ; then - echo "Current chart version does not appear in the changelog." - echo "Please run ambassador.git/charts/ambassador/ci/update_chart_changelog.sh and commit." - exit 1 -fi - -echo "Changelog looks good!" diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/ci/tests/manifests/backend.yaml b/charts/ambassador/ambassador/6.7.1100+up6.7.11/ci/tests/manifests/backend.yaml deleted file mode 100644 index b2d9205df..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/ci/tests/manifests/backend.yaml +++ /dev/null @@ -1,47 +0,0 @@ ---- -apiVersion: getambassador.io/v1 -kind: Mapping -metadata: - name: quote-backend -spec: - prefix: /backend/ - service: quote ---- -apiVersion: v1 -kind: Service -metadata: - name: quote -spec: - ports: - - name: http - port: 80 - targetPort: 8080 - selector: - app: quote ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: quote -spec: - replicas: 1 - selector: - matchLabels: - app: quote - strategy: - type: RollingUpdate - template: - metadata: - labels: - app: quote - spec: - containers: - - name: backend - image: datawire/quote:0.4.0 - ports: - - name: http - containerPort: 8080 - resources: - limits: - cpu: "0.1" - memory: 100Mi diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/ci/tests/manifests/ci-default-values.yaml b/charts/ambassador/ambassador/6.7.1100+up6.7.11/ci/tests/manifests/ci-default-values.yaml deleted file mode 100644 index 0a1ec852e..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/ci/tests/manifests/ci-default-values.yaml +++ /dev/null @@ -1,9 +0,0 @@ -#env: -# AMBASSADOR_SINGLE_NAMESPACE: true -# AMBASSADOR_NO_KUBEWATCH: no_kubewatch - -deploymentStrategy: - type: Recreate - -service: - type: NodePort diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/ci/tests/manifests/helm-init.yaml b/charts/ambassador/ambassador/6.7.1100+up6.7.11/ci/tests/manifests/helm-init.yaml deleted file mode 100644 index 1fcf47dca..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/ci/tests/manifests/helm-init.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: tiller - namespace: kube-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: tiller -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-admin -subjects: - - kind: ServiceAccount - name: tiller - namespace: kube-system diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/ci/tests/manifests/helm2-values.yaml b/charts/ambassador/ambassador/6.7.1100+up6.7.11/ci/tests/manifests/helm2-values.yaml deleted file mode 100644 index d9c0c83c3..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/ci/tests/manifests/helm2-values.yaml +++ /dev/null @@ -1,6 +0,0 @@ -service: - type: NodePort - -crds: - create: false - diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/ci/tests/manifests/tls.yaml b/charts/ambassador/ambassador/6.7.1100+up6.7.11/ci/tests/manifests/tls.yaml deleted file mode 100644 index bc25cf664..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/ci/tests/manifests/tls.yaml +++ /dev/null @@ -1,18 +0,0 @@ ---- -apiVersion: v1 -data: - tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNzRENDQVpnQ0NRRHVzSjFYNE54NjJEQU5CZ2txaGtpRzl3MEJBUXNGQURBYU1SZ3dGZ1lEVlFRRERBOWgKYldKaGMzTmhaRzl5TFdObGNuUXdIaGNOTVRreE1qRXpNakV3TXpBNVdoY05NakF4TWpFeU1qRXdNekE1V2pBYQpNUmd3RmdZRFZRUUREQTloYldKaGMzTmhaRzl5TFdObGNuUXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCCkR3QXdnZ0VLQW9JQkFRQzJjcms1OTk0dklURnZpUGNJRjJpd3R0dVdpajFTeUZNSzVpbERieFByMmJCL3RmbDYKcmRwVUFlWkkrMTVDR2VHbi80ZitwRlFXODdwZ2ZvbDhlL3lCSTUvWStpdVIrQUY1bzhQV2h4aHBJdVk3RXdVbgpyT3ZJajcxaUZWa1Q4akRYZW9RWWdKalQ1MWh4SisyelVLZ3VtZDB6L05USEwrQndFbHZ4Z1ZuWlhUdlhsVGFiClBoWloyK3dZdDQvSnozN3lBMHJwNURKeTg5SStQNmVRSmNseUVyWmsvRUNuRFBxTlhDK1VyclVySXBsNkRScHUKdGZWOE9KM3BJZWc2YjBWQi9TQnRPNzFhMThkaXFPclFVREU5MEFOSWJsYWp0ODN5M0FIc29SNytpVGI0QXFvVwpiNG5LcVV1bEQ2QU0xVUg0TzR0SExIM05SemVOL1E1ZUtVb0ZBZ01CQUFFd0RRWUpLb1pJaHZjTkFRRUxCUUFECmdnRUJBQ045b050OVJXT2JOTTBmajg1cm9GUG1zRE1UWElFOU5SNmpDMjV1SGtpY0lnamtGd043NTFkTnQxT0YKZWZLSkFzTDlSWmZUNmVmMUMxOFlnWE1xbTF5Yis0Q1VWWU9RZW96MlgweEdyT1lLZUhPM0hqamNqcXZ1cUxTeApTQ2duVlM1NkhqZU15MzJBNnIxcUhBL1FsYkkraGJFbHN0MVNwYnFSOG95dE9oUzZpNFNWbWxacWxBRkx5WFRRCjZ6Nm5wc25lTmdXMXhkdDN2UkpleXVFWEFZL0Z0eUxmZnkxdk5uODhhTkg2Y2Z2eWJjaHNkaWlRNnVXTnowVGMKeVVodGZUYWFRVjA1d21KZEJ3ZmJndXF0UjFxbXdyNCtzcjA0MEhoQ0pSVmlRUUdHa2VWSVU5ZHFPY0ZkZk5FTQo5NmczU01YWGRrcVhBYzFFb2hZdEthMWwvNTA9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K - tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBdG5LNU9mZmVMeUV4YjRqM0NCZG9zTGJibG9vOVVzaFRDdVlwUTI4VDY5bXdmN1g1CmVxM2FWQUhtU1B0ZVFobmhwLytIL3FSVUZ2TzZZSDZKZkh2OGdTT2YyUG9ya2ZnQmVhUEQxb2NZYVNMbU94TUYKSjZ6cnlJKzlZaFZaRS9JdzEzcUVHSUNZMCtkWWNTZnRzMUNvTHBuZE0velV4eS9nY0JKYjhZRloyVjA3MTVVMgptejRXV2R2c0dMZVB5YzkrOGdOSzZlUXljdlBTUGorbmtDWEpjaEsyWlB4QXB3ejZqVnd2bEs2MUt5S1plZzBhCmJyWDFmRGlkNlNIb09tOUZRZjBnYlR1OVd0ZkhZcWpxMEZBeFBkQURTRzVXbzdmTjh0d0I3S0VlL29rMitBS3EKRm0rSnlxbExwUStnRE5WQitEdUxSeXg5elVjM2pmME9YaWxLQlFJREFRQUJBb0lCQUVOQy9qaDV3Z2E4QlA2cQpqdkFEdVV2VXpoV3N0empxczNyRUtaZzd2aXRvSU9La1V1cEFaOG9xdlJ4UTE0b2xBb1V0OXBRUlB4TUxIYjN2ClNINkZNeXprMWt4bXhtTlUvQzQ5Q3Jqdkt6ZXZieE4rU3BzNjY5NFA1L0RlRCs0RGpyQVI4ZHNhcGIwUmdCQ1AKZU5sdnRlRWdSbVdoSTB5ZndPMXdSMGM4dWNRaE5GcjNNd0lMQ1FES0Zpa2NDSi9GV0FmNXc4ZGFnYnBYTXAxawo3ci9ya1BFcVh6NnRxam04eWZZWlRoaGIwUE5LcSsxOGdkaCtLeTZPL1RnTVZ2d1BLVkIrZUhoQmJZY2R6VGYxCmxia3pVeUFhZmR3VlBTTnhVOWhzSzBqNExWZG83YlVkajZySHNXTlBWcm1Ib1VsUnNjcno2aDhPZlQ0bU9WTi8KRmhtcEhvRUNnWUVBNlVENVlWMUJrWEg4S21WRjhiVGVGVGlTY1IvRGI4TVlRY3NLNzQrNEg5aEFmbjR3d3ZWeQpidi9kL2NsOWZHY0xXN0w1QWM1WWRxNlNWZGFHRVZpVzVOTy8xV0wwN3JjaG8xZTRaSzlPemJiUllNWW51cWRHCmF5eGhoUks0R25ubzZXMTlMWWc1d1F3TUJvUzNSbFVxUWN3UU1ESiszMVc4emwrazdpODk0dVVDZ1lFQXlEMXIKZHVMSGRMcG9UWEd2ZjZIVk9HQ1pWczQvSXg1M1B1WnRXY1FkYkc5MDZNWHRwdldWdDN1ek8rVVd2WGJIWHBSMQpjZWVrUHRucTI4a1BFT2oyd3NoVFRQQ05OT0dUWE01SzREbTVjNjVaeWY0WVJjQ0NZNEpSSUNqWHExeE9uc21nCk8ydTZiYlVQWE9veXFmVllWK0wwK25zcHNLOUNCd0ZaMjJqMXVLRUNnWUVBbzcyZTBzQ2FaTFcxcFRWT3NteWIKY2g0eWZ3TWpPUE9sdFpvSlpUNW9yTUlzRkNBVnJ1YUtuRzAxc3hDYzdKV1JuWiszdVpMVyt3bDFaSmlocU0rZApyYWtRQTRYaUZ5bXJqWFRvMXBWU0pvcnQxSmVHRUR1WTdXZE1WaFJiOVFvYmZMSUZxODd6YkJjKzRkeU1vK3pwCkt5TkxRZXBRc2dzSDdYK3EwaUdMdWhrQ2dZQUlYQWdRZm9jMUtGTVNhSnliQjNhUFUva1MxcWxzSGVsOGhzSXAKN1RZTlFObnduZEsrRmFLYWRsK1ZNSXN5ZmJMMUQ5MlhVOFJYbTJGaXE1SWxjcFJhcldKTTQvNEJKeW12eGl6NgpEMjdlbFhqS0pnRjlaL3dKaTNjM2tIendlbm9OeHYwWmZmWGFmcVNWakhGeEJ2MFpMakJzQkpoSStBZ1pvc1ROCmxDUXVBUUtCZ1FESHVxNUVseU1RS2NZWm5tRlN6T2ZYWXNJYm8rZEJJTlEyNnB0OFdacGMydnpsNkNrQXV3TWwKQU9jRllrbjBXSnVJRXRubnhPT3Rwcnh0VGRIWGIvOWZWY090Unp2TitvVjN2OVNEalZjWTRESWp3MXlpMkt1Vwp6MmV1N1lCNExlbG13TFlHMEJUMWp0ejJJREUxYW85MzgybEpWV2J4Y1dsdHArWTFCRWhkdmc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= -kind: Secret -metadata: - name: self-signed-cert -type: kubernetes.io/tls ---- -apiVersion: getambassador.io/v1 -kind: TLSContext -metadata: - name: tls -spec: - hosts: ["*"] - secret: self-signed-cert - diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/ci/update_chart_changelog.sh b/charts/ambassador/ambassador/6.7.1100+up6.7.11/ci/update_chart_changelog.sh deleted file mode 100644 index ee7bfeaa8..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/ci/update_chart_changelog.sh +++ /dev/null @@ -1,53 +0,0 @@ -#!/bin/bash - -set -e - -CURR_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" -[ -d "$CURR_DIR" ] || { echo "FATAL: no current dir (maybe running in zsh?)"; exit 1; } -TOP_DIR=$CURR_DIR/.. - -# shellcheck source=common.sh -source "$CURR_DIR/common.sh" - -chart_version=$(get_chart_version ${TOP_DIR}) - -new_changelog=${TOP_DIR}/CHANGELOG.new.md -rm ${new_changelog} || true -while IFS= read -r line ; do - echo -e "${line}" - echo -e "${line}" >> ${new_changelog} - if [[ "${line}" =~ "## Next Release" ]] ; then - echo "" >> ${new_changelog} - echo "(no changes yet)" >> ${new_changelog} - echo "" >> ${new_changelog} - echo "## v${chart_version}" >> ${new_changelog} - fi - -done < ${TOP_DIR}/CHANGELOG.md - -mv ${new_changelog} ${TOP_DIR}/CHANGELOG.md -if [[ -n "${DONT_COMMIT_DIFF}" ]] ; then - echo "DONT_COMMIT_DIFF is set, not committing" - exit 0 -fi - -if git diff --exit-code -- ${TOP_DIR}/CHANGELOG.md > /dev/null 2>&1 ; then - echo "No changes to changelog, exiting" - exit 0 -fi - -branch_name="$(git symbolic-ref HEAD 2>/dev/null)" || -branch_name="detached" - -if [[ "${branch_name}" == "refs/heads/master" ]] ; then - echo "Not committing local changes to branch because branch is master" - exit 1 -elif [[ "${branch_name}" == "detached" ]] ; then - echo "Not committing local changes because you're in a detached head state" - echo "please create a branch then rerun this script" - exit 1 -fi -branch_name=${branch_name##refs/heads/} -git add ${TOP_DIR}/CHANGELOG.md -git commit -m "Committing changelog for chart v${chart_version}" -git push -u origin ${branch_name} diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/crds/filter.yaml b/charts/ambassador/ambassador/6.7.1100+up6.7.11/crds/filter.yaml deleted file mode 100644 index bf0403820..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/crds/filter.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/hook: crd-install - labels: - app.kubernetes.io/name: ambassador - product: aes - name: filters.getambassador.io -spec: - group: getambassador.io - names: - categories: - - ambassador-crds - kind: Filter - plural: filters - shortNames: - - fil - singular: filter - scope: Namespaced - versions: - - name: v1beta2 - served: true - storage: false - - name: v2 - served: true - storage: true diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/crds/filterpolicy.yaml b/charts/ambassador/ambassador/6.7.1100+up6.7.11/crds/filterpolicy.yaml deleted file mode 100644 index 88e3781da..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/crds/filterpolicy.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/hook: crd-install - labels: - app.kubernetes.io/name: ambassador - product: aes - name: filterpolicies.getambassador.io -spec: - group: getambassador.io - names: - categories: - - ambassador-crds - kind: FilterPolicy - plural: filterpolicies - shortNames: - - fp - singular: filterpolicy - scope: Namespaced - versions: - - name: v1beta2 - served: true - storage: false - - name: v2 - served: true - storage: true diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/crds/getambassador.io_authservices.yaml b/charts/ambassador/ambassador/6.7.1100+up6.7.11/crds/getambassador.io_authservices.yaml deleted file mode 100644 index 1c97d063f..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/crds/getambassador.io_authservices.yaml +++ /dev/null @@ -1,115 +0,0 @@ -# GENERATED FILE: edits made by hand will not be preserved. ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - helm.sh/hook: crd-install - labels: - app.kubernetes.io/name: ambassador - product: aes - name: authservices.getambassador.io -spec: - group: getambassador.io - names: - categories: - - ambassador-crds - kind: AuthService - listKind: AuthServiceList - plural: authservices - singular: authservice - scope: Namespaced - validation: - openAPIV3Schema: - description: AuthService is the Schema for the authservices API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: AuthServiceSpec defines the desired state of AuthService - properties: - add_auth_headers: - additionalProperties: - description: BoolOrString is a type that can hold a Boolean or a string. - oneOf: - - type: string - - type: boolean - type: object - add_linkerd_headers: - type: boolean - allow_request_body: - type: boolean - allowed_authorization_headers: - items: - type: string - type: array - allowed_request_headers: - items: - type: string - type: array - ambassador_id: - description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\"" - items: - type: string - oneOf: - - type: string - - type: array - auth_service: - type: string - failure_mode_allow: - type: boolean - include_body: - properties: - allow_partial: - type: boolean - max_bytes: - description: These aren't pointer types because they are required. - type: integer - required: - - allow_partial - - max_bytes - type: object - path_prefix: - type: string - proto: - enum: - - http - - grpc - type: string - protocol_version: - enum: - - v2 - - v3 - type: string - status_on_error: - description: Why isn't this just an int?? - properties: - code: - type: integer - type: object - timeout_ms: - type: integer - tls: - description: BoolOrString is a type that can hold a Boolean or a string. - oneOf: - - type: string - - type: boolean - required: - - auth_service - type: object - type: object - version: null - versions: - - name: v2 - served: true - storage: true - - name: v1 - served: true - storage: false diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/crds/getambassador.io_consulresolvers.yaml b/charts/ambassador/ambassador/6.7.1100+up6.7.11/crds/getambassador.io_consulresolvers.yaml deleted file mode 100644 index 0f659d5d3..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/crds/getambassador.io_consulresolvers.yaml +++ /dev/null @@ -1,58 +0,0 @@ -# GENERATED FILE: edits made by hand will not be preserved. ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - helm.sh/hook: crd-install - labels: - app.kubernetes.io/name: ambassador - product: aes - name: consulresolvers.getambassador.io -spec: - group: getambassador.io - names: - categories: - - ambassador-crds - kind: ConsulResolver - listKind: ConsulResolverList - plural: consulresolvers - singular: consulresolver - scope: Namespaced - validation: - openAPIV3Schema: - description: ConsulResolver is the Schema for the ConsulResolver API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ConsulResolver tells Ambassador to use Consul to resolve services. In addition to the AmbassadorID, it needs information about which Consul server and DC to use. - properties: - address: - type: string - ambassador_id: - description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\"" - items: - type: string - oneOf: - - type: string - - type: array - datacenter: - type: string - type: object - type: object - version: null - versions: - - name: v2 - served: true - storage: true - - name: v1 - served: true - storage: false diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/crds/getambassador.io_devportals.yaml b/charts/ambassador/ambassador/6.7.1100+up6.7.11/crds/getambassador.io_devportals.yaml deleted file mode 100644 index 291d2a66e..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/crds/getambassador.io_devportals.yaml +++ /dev/null @@ -1,109 +0,0 @@ -# GENERATED FILE: edits made by hand will not be preserved. ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - helm.sh/hook: crd-install - labels: - app.kubernetes.io/name: ambassador - product: aes - name: devportals.getambassador.io -spec: - group: getambassador.io - names: - categories: - - ambassador-crds - kind: DevPortal - listKind: DevPortalList - plural: devportals - singular: devportal - scope: Namespaced - validation: - openAPIV3Schema: - description: "DevPortal is the Schema for the DevPortals API \n DevPortal resources specify the `what` and `how` is shown in a DevPortal: \n * `what` is in a DevPortal can be controlled with - a `selector`, that can be used for filtering `Mappings`. - a `docs` listing of (services, url) * `how` is a pointer to some `contents` (a checkout of a Git repository with go-templates/markdown/css). \n Multiple `DevPortal`s can exist in the cluster, and the Dev Portal server will show them at different endpoints. A `DevPortal` resource with a special name, `ambassador`, will be used for configuring the default Dev Portal (served at `/docs/` by default)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: DevPortalSpec defines the desired state of DevPortal - properties: - ambassador_id: - description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\"" - items: - type: string - oneOf: - - type: string - - type: array - content: - description: Content specifies where the content shown in the DevPortal come from - properties: - branch: - type: string - dir: - type: string - url: - type: string - type: object - default: - description: Default must be true when this is the default DevPortal - type: boolean - docs: - description: Docs is a static docs definition - items: - description: 'DevPortalDocsSpec is a static documentation definition: instead of using a Selector for finding documentation for services, users can provide a static list of : tuples. These services will be shown in the Dev Portal with the documentation obtained from this URL.' - properties: - service: - description: Service is the service being documented - type: string - url: - description: URL is the URL used for obtaining docs - type: string - type: object - type: array - naming_scheme: - description: Describes how to display "services" in the DevPortal. Default namespace.name - enum: - - namespace.name - - name.prefix - type: string - search: - description: DevPortalSearchSpec allows configuration over search functionality for the DevPortal - properties: - enabled: - type: boolean - type: - description: 'Type of search. "title-only" does a fuzzy search over openapi and page titles "all-content" will fuzzy search over all openapi and page content. "title-only" is the default. warning: using all-content may incur a larger memory footprint' - enum: - - title-only - - all-content - type: string - type: object - selector: - description: Selector is used for choosing what is shown in the DevPortal - properties: - matchLabels: - additionalProperties: - type: string - description: MatchLabels specifies the list of labels that must be present in Mappings for being present in this DevPortal. - type: object - matchNamespaces: - description: MatchNamespaces is a list of namespaces that will be included in this DevPortal. - items: - type: string - type: array - type: object - type: object - type: object - version: null - versions: - - name: v2 - served: true - storage: true diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/crds/getambassador.io_hosts.yaml b/charts/ambassador/ambassador/6.7.1100+up6.7.11/crds/getambassador.io_hosts.yaml deleted file mode 100644 index ccc7abd92..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/crds/getambassador.io_hosts.yaml +++ /dev/null @@ -1,246 +0,0 @@ -# GENERATED FILE: edits made by hand will not be preserved. ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - helm.sh/hook: crd-install - labels: - app.kubernetes.io/name: ambassador - product: aes - name: hosts.getambassador.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.hostname - name: Hostname - type: string - - JSONPath: .status.state - name: State - type: string - - JSONPath: .status.phaseCompleted - name: Phase Completed - type: string - - JSONPath: .status.phasePending - name: Phase Pending - type: string - - JSONPath: .metadata.creationTimestamp - name: Age - type: date - group: getambassador.io - names: - categories: - - ambassador-crds - kind: Host - listKind: HostList - plural: hosts - singular: host - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: Host is the Schema for the hosts API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: HostSpec defines the desired state of Host - properties: - acmeProvider: - description: Specifies whether/who to talk ACME with to automatically manage the $tlsSecret. - properties: - authority: - description: Specifies who to talk ACME with to get certs. Defaults to Let's Encrypt; if "none" (case-insensitive), do not try to do ACME for this Host. - type: string - email: - type: string - privateKeySecret: - description: "Specifies the Kubernetes Secret to use to store the private key of the ACME account (essentially, where to store the auto-generated password for the auto-created ACME account). You should not normally need to set this--the default value is based on a combination of the ACME authority being registered wit and the email address associated with the account. \n Note that this is a native-Kubernetes-style core.v1.LocalObjectReference, not an Ambassador-style `{name}.{namespace}` string. Because we're opinionated, it does not support referencing a Secret in another namespace (because most native Kubernetes resources don't support that), but if we ever abandon that opinion and decide to support non-local references it, it would be by adding a `namespace:` field by changing it from a core.v1.LocalObjectReference to a core.v1.SecretReference, not by adopting the `{name}.{namespace}` notation." - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - registration: - description: This is normally set automatically - type: string - type: object - ambassador_id: - description: Common to all Ambassador objects (and optional). - items: - type: string - oneOf: - - type: string - - type: array - ambassadorId: - description: A compatibility alias for "ambassador_id"; because Host used to be specified with protobuf, and jsonpb allowed either "ambassador_id" or "ambassadorId", and even though we didn't tell people about "ambassadorId" it's what the web policy console generated because of jsonpb. So Hosts with 'ambassadorId' exist in the wild. - items: - type: string - oneOf: - - type: string - - type: array - hostname: - description: Hostname by which the Ambassador can be reached. - type: string - previewUrl: - description: Configuration for the Preview URL feature of Service Preview. Defaults to preview URLs not enabled. - properties: - enabled: - description: Is the Preview URL feature enabled? - type: boolean - type: - description: What type of Preview URL is allowed? - enum: - - Path - type: string - type: object - requestPolicy: - description: Request policy definition. - properties: - insecure: - properties: - action: - enum: - - Redirect - - Reject - - Route - type: string - additionalPort: - type: integer - type: object - type: object - selector: - description: Selector by which we can find further configuration. Defaults to hostname=$hostname - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - tls: - description: TLS configuration. It is not valid to specify both `tlsContext` and `tls`. - properties: - alpn_protocols: - type: string - ca_secret: - type: string - cacert_chain_file: - type: string - cert_chain_file: - type: string - cert_required: - type: boolean - cipher_suites: - items: - type: string - type: array - ecdh_curves: - items: - type: string - type: array - max_tls_version: - type: string - min_tls_version: - type: string - private_key_file: - type: string - redirect_cleartext_from: - type: integer - sni: - type: string - type: object - tlsContext: - description: "Name of the TLSContext the Host resource is linked with. It is not valid to specify both `tlsContext` and `tls`. \n Note that this is a native-Kubernetes-style core.v1.LocalObjectReference, not an Ambassador-style `{name}.{namespace}` string. Because we're opinionated, it does not support referencing a Secret in another namespace (because most native Kubernetes resources don't support that), but if we ever abandon that opinion and decide to support non-local references it, it would be by adding a `namespace:` field by changing it from a core.v1.LocalObjectReference to a core.v1.SecretReference, not by adopting the `{name}.{namespace}` notation." - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - tlsSecret: - description: "Name of the Kubernetes secret into which to save generated certificates. If ACME is enabled (see $acmeProvider), then the default is $hostname; otherwise the default is \"\". If the value is \"\", then we do not do TLS for this Host. \n Note that this is a native-Kubernetes-style core.v1.LocalObjectReference, not an Ambassador-style `{name}.{namespace}` string. Because we're opinionated, it does not support referencing a Secret in another namespace (because most native Kubernetes resources don't support that), but if we ever abandon that opinion and decide to support non-local references it, it would be by adding a `namespace:` field by changing it from a core.v1.LocalObjectReference to a core.v1.SecretReference, not by adopting the `{name}.{namespace}` notation." - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - type: object - status: - description: HostStatus defines the observed state of Host - properties: - errorBackoff: - type: string - errorReason: - description: errorReason, errorTimestamp, and errorBackoff are valid when state==Error. - type: string - errorTimestamp: - format: date-time - type: string - phaseCompleted: - description: phaseCompleted and phasePending are valid when state==Pending or state==Error. - enum: - - NA - - DefaultsFilled - - ACMEUserPrivateKeyCreated - - ACMEUserRegistered - - ACMECertificateChallenge - type: string - phasePending: - description: phaseCompleted and phasePending are valid when state==Pending or state==Error. - enum: - - NA - - DefaultsFilled - - ACMEUserPrivateKeyCreated - - ACMEUserRegistered - - ACMECertificateChallenge - type: string - state: - description: The first value listed in the Enum marker becomes the "zero" value, and it would be great if "Pending" could be the default value; but it's Important that the "zero" value be able to be shown as empty/omitted from display, and we really do want `kubectl get hosts` to say "Pending" in the "STATE" column, and not leave the column empty. - enum: - - Initial - - Pending - - Ready - - Error - type: string - tlsCertificateSource: - enum: - - Unknown - - None - - Other - - ACME - type: string - type: object - type: object - version: null - versions: - - name: v2 - served: true - storage: true diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/crds/getambassador.io_kubernetesendpointresolvers.yaml b/charts/ambassador/ambassador/6.7.1100+up6.7.11/crds/getambassador.io_kubernetesendpointresolvers.yaml deleted file mode 100644 index 88b73d2d8..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/crds/getambassador.io_kubernetesendpointresolvers.yaml +++ /dev/null @@ -1,54 +0,0 @@ -# GENERATED FILE: edits made by hand will not be preserved. ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - helm.sh/hook: crd-install - labels: - app.kubernetes.io/name: ambassador - product: aes - name: kubernetesendpointresolvers.getambassador.io -spec: - group: getambassador.io - names: - categories: - - ambassador-crds - kind: KubernetesEndpointResolver - listKind: KubernetesEndpointResolverList - plural: kubernetesendpointresolvers - singular: kubernetesendpointresolver - scope: Namespaced - validation: - openAPIV3Schema: - description: KubernetesEndpointResolver is the Schema for the kubernetesendpointresolver API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: KubernetesEndpointResolver tells Ambassador to use Kubernetes Endpoints resources to resolve services. It actually has no spec other than the AmbassadorID. - properties: - ambassador_id: - description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\"" - items: - type: string - oneOf: - - type: string - - type: array - type: object - type: object - version: null - versions: - - name: v2 - served: true - storage: true - - name: v1 - served: true - storage: false diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/crds/getambassador.io_kubernetesserviceresolvers.yaml b/charts/ambassador/ambassador/6.7.1100+up6.7.11/crds/getambassador.io_kubernetesserviceresolvers.yaml deleted file mode 100644 index 98b5d302e..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/crds/getambassador.io_kubernetesserviceresolvers.yaml +++ /dev/null @@ -1,54 +0,0 @@ -# GENERATED FILE: edits made by hand will not be preserved. ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - helm.sh/hook: crd-install - labels: - app.kubernetes.io/name: ambassador - product: aes - name: kubernetesserviceresolvers.getambassador.io -spec: - group: getambassador.io - names: - categories: - - ambassador-crds - kind: KubernetesServiceResolver - listKind: KubernetesServiceResolverList - plural: kubernetesserviceresolvers - singular: kubernetesserviceresolver - scope: Namespaced - validation: - openAPIV3Schema: - description: KubernetesServiceResolver is the Schema for the kubernetesserviceresolver API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: KubernetesServiceResolver tells Ambassador to use Kubernetes Service resources to resolve services. It actually has no spec other than the AmbassadorID. - properties: - ambassador_id: - description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\"" - items: - type: string - oneOf: - - type: string - - type: array - type: object - type: object - version: null - versions: - - name: v2 - served: true - storage: true - - name: v1 - served: true - storage: false diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/crds/getambassador.io_logservices.yaml b/charts/ambassador/ambassador/6.7.1100+up6.7.11/crds/getambassador.io_logservices.yaml deleted file mode 100644 index a726defe5..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/crds/getambassador.io_logservices.yaml +++ /dev/null @@ -1,83 +0,0 @@ -# GENERATED FILE: edits made by hand will not be preserved. ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - helm.sh/hook: crd-install - labels: - app.kubernetes.io/name: ambassador - product: aes - name: logservices.getambassador.io -spec: - group: getambassador.io - names: - categories: - - ambassador-crds - kind: LogService - listKind: LogServiceList - plural: logservices - singular: logservice - scope: Namespaced - validation: - openAPIV3Schema: - description: LogService is the Schema for the logservices API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: LogServiceSpec defines the desired state of LogService - properties: - ambassador_id: - description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\"" - items: - type: string - oneOf: - - type: string - - type: array - driver: - enum: - - tcp - - http - type: string - driver_config: - properties: - additional_log_headers: - items: - properties: - during_request: - type: boolean - during_response: - type: boolean - during_trailer: - type: boolean - header_name: - type: string - type: object - type: array - type: object - flush_interval_byte_size: - type: integer - flush_interval_time: - type: integer - grpc: - type: boolean - service: - type: string - type: object - type: object - version: null - versions: - - name: v2 - served: true - storage: true - - name: v1 - served: true - storage: false diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/crds/getambassador.io_mappings.yaml b/charts/ambassador/ambassador/6.7.1100+up6.7.11/crds/getambassador.io_mappings.yaml deleted file mode 100644 index c61eefb5f..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/crds/getambassador.io_mappings.yaml +++ /dev/null @@ -1,431 +0,0 @@ -# GENERATED FILE: edits made by hand will not be preserved. ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - helm.sh/hook: crd-install - labels: - app.kubernetes.io/name: ambassador - product: aes - name: mappings.getambassador.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.host - name: Source Host - type: string - - JSONPath: .spec.prefix - name: Source Prefix - type: string - - JSONPath: .spec.service - name: Dest Service - type: string - - JSONPath: .status.state - name: State - type: string - - JSONPath: .status.reason - name: Reason - type: string - group: getambassador.io - names: - categories: - - ambassador-crds - kind: Mapping - listKind: MappingList - plural: mappings - singular: mapping - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: Mapping is the Schema for the mappings API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: MappingSpec defines the desired state of Mapping - properties: - add_linkerd_headers: - type: boolean - add_request_headers: - additionalProperties: - oneOf: - - type: string - - type: boolean - - type: object - type: object - add_response_headers: - additionalProperties: - oneOf: - - type: string - - type: boolean - - type: object - type: object - allow_upgrade: - description: "A case-insensitive list of the non-HTTP protocols to allow \"upgrading\" to from HTTP via the \"Connection: upgrade\" mechanism[1]. After the upgrade, Ambassador does not interpret the traffic, and behaves similarly to how it does for TCPMappings. \n [1]: https://tools.ietf.org/html/rfc7230#section-6.7 \n For example, if your upstream service supports WebSockets, you would write \n allow_upgrade: - websocket \n Or if your upstream service supports upgrading from HTTP to SPDY (as the Kubernetes apiserver does for `kubectl exec` functionality), you would write \n allow_upgrade: - spdy/3.1" - items: - type: string - type: array - ambassador_id: - description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\"" - items: - type: string - oneOf: - - type: string - - type: array - auth_context_extensions: - additionalProperties: - type: string - type: object - auto_host_rewrite: - type: boolean - bypass_auth: - type: boolean - bypass_error_response_overrides: - description: If true, bypasses any `error_response_overrides` set on the Ambassador module. - type: boolean - case_sensitive: - type: boolean - circuit_breakers: - items: - properties: - max_connections: - type: integer - max_pending_requests: - type: integer - max_requests: - type: integer - max_retries: - type: integer - priority: - enum: - - default - - high - type: string - type: object - type: array - cluster_idle_timeout_ms: - type: integer - cluster_max_connection_lifetime_ms: - type: integer - cluster_tag: - type: string - connect_timeout_ms: - type: integer - cors: - properties: - credentials: - type: boolean - exposed_headers: - description: StringOrStringList is just what it says on the tin, but note that it will always marshal as a list of strings right now. - items: - type: string - oneOf: - - type: string - - type: array - headers: - description: StringOrStringList is just what it says on the tin, but note that it will always marshal as a list of strings right now. - items: - type: string - oneOf: - - type: string - - type: array - max_age: - type: string - methods: - description: StringOrStringList is just what it says on the tin, but note that it will always marshal as a list of strings right now. - items: - type: string - oneOf: - - type: string - - type: array - origins: - description: StringOrStringList is just what it says on the tin, but note that it will always marshal as a list of strings right now. - items: - type: string - oneOf: - - type: string - - type: array - type: object - docs: - description: DocsInfo provides some extra information about the docs for the Mapping (used by the Dev Portal) - properties: - display_name: - type: string - ignored: - type: boolean - path: - type: string - url: - type: string - type: object - enable_ipv4: - type: boolean - enable_ipv6: - type: boolean - envoy_override: - description: UntypedDict is relatively opaque as a Go type, but it preserves its contents in a roundtrippable way. - type: object - error_response_overrides: - description: Error response overrides for this Mapping. Replaces all of the `error_response_overrides` set on the Ambassador module, if any. - items: - description: A response rewrite for an HTTP error response - properties: - body: - description: The new response body - properties: - content_type: - description: The content type to set on the error response body when using text_format or text_format_source. Defaults to 'text/plain'. - type: string - json_format: - additionalProperties: - type: string - description: 'A JSON response with content-type: application/json. The values can contain format text like in text_format.' - type: object - text_format: - description: A format string representing a text response body. Content-Type can be set using the `content_type` field below. - type: string - text_format_source: - description: A format string sourced from a file on the Ambassador container. Useful for larger response bodies that should not be placed inline in configuration. - properties: - filename: - description: The name of a file on the Ambassador pod that contains a format text string. - type: string - type: object - type: object - on_status_code: - description: The status code to match on -- not a pointer because it's required. - maximum: 599 - minimum: 400 - type: integer - required: - - body - - on_status_code - type: object - minItems: 1 - type: array - grpc: - type: boolean - headers: - additionalProperties: - description: BoolOrString is a type that can hold a Boolean or a string. - oneOf: - - type: string - - type: boolean - type: object - host: - type: string - host_redirect: - type: boolean - host_regex: - type: boolean - host_rewrite: - type: string - idle_timeout_ms: - type: integer - keepalive: - properties: - idle_time: - type: integer - interval: - type: integer - probes: - type: integer - type: object - labels: - additionalProperties: - description: A MappingLabelGroupsArray is an array of MappingLabelGroups. I know, complex. - items: - additionalProperties: - description: 'A MappingLabelsArray is the value in the MappingLabelGroup: an array of label specifiers.' - items: - description: A MappingLabelSpecifier (finally!) defines a single label. There are multiple kinds of label, so this is more complex than we'd like it to be. See the remarks about schema on custom types in `./common.go`. - type: array - description: 'A MappingLabelGroup is a single element of a MappingLabelGroupsArray: a second map, where the key is a human-readable name that identifies the group.' - type: object - type: array - description: A DomainMap is the overall Mapping.spec.Labels type. It maps domains (kind of like namespaces for Mapping labels) to arrays of label groups. - type: object - load_balancer: - properties: - cookie: - properties: - name: - type: string - path: - type: string - ttl: - type: string - required: - - name - type: object - header: - type: string - policy: - enum: - - round_robin - - ring_hash - - maglev - - least_request - type: string - source_ip: - type: boolean - required: - - policy - type: object - method: - type: string - method_regex: - type: boolean - modules: - items: - description: UntypedDict is relatively opaque as a Go type, but it preserves its contents in a roundtrippable way. - type: object - type: array - outlier_detection: - type: string - path_redirect: - description: Path replacement to use when generating an HTTP redirect. Used with `host_redirect`. - type: string - precedence: - type: integer - prefix: - type: string - prefix_exact: - type: boolean - prefix_redirect: - description: Prefix rewrite to use when generating an HTTP redirect. Used with `host_redirect`. - type: string - prefix_regex: - type: boolean - priority: - type: string - query_parameters: - additionalProperties: - description: BoolOrString is a type that can hold a Boolean or a string. - oneOf: - - type: string - - type: boolean - type: object - redirect_response_code: - description: The response code to use when generating an HTTP redirect. Defaults to 301. Used with `host_redirect`. - enum: - - 301 - - 302 - - 303 - - 307 - - 308 - type: integer - regex_headers: - additionalProperties: - description: BoolOrString is a type that can hold a Boolean or a string. - oneOf: - - type: string - - type: boolean - type: object - regex_query_parameters: - additionalProperties: - description: BoolOrString is a type that can hold a Boolean or a string. - oneOf: - - type: string - - type: boolean - type: object - regex_redirect: - additionalProperties: - description: BoolOrString is a type that can hold a Boolean or a string. - oneOf: - - type: string - - type: boolean - description: Prefix regex rewrite to use when generating an HTTP redirect. Used with `host_redirect`. - type: object - regex_rewrite: - additionalProperties: - description: BoolOrString is a type that can hold a Boolean or a string. - oneOf: - - type: string - - type: boolean - type: object - remove_request_headers: - description: StringOrStringList is just what it says on the tin, but note that it will always marshal as a list of strings right now. - items: - type: string - oneOf: - - type: string - - type: array - remove_response_headers: - description: StringOrStringList is just what it says on the tin, but note that it will always marshal as a list of strings right now. - items: - type: string - oneOf: - - type: string - - type: array - resolver: - type: string - retry_policy: - properties: - num_retries: - type: integer - per_try_timeout: - type: string - retry_on: - enum: - - 5xx - - gateway-error - - connect-failure - - retriable-4xx - - refused-stream - - retriable-status-codes - type: string - type: object - rewrite: - type: string - service: - type: string - shadow: - type: boolean - timeout_ms: - description: The timeout for requests that use this Mapping. Overrides `cluster_request_timeout_ms` set on the Ambassador Module, if it exists. - type: integer - tls: - description: BoolOrString is a type that can hold a Boolean or a string. - oneOf: - - type: string - - type: boolean - use_websocket: - description: 'use_websocket is deprecated, and is equivlaent to setting `allow_upgrade: ["websocket"]`' - type: boolean - weight: - type: integer - required: - - prefix - - service - type: object - status: - description: MappingStatus defines the observed state of Mapping - properties: - reason: - type: string - state: - enum: - - "" - - Inactive - - Running - type: string - type: object - type: object - version: null - versions: - - name: v2 - served: true - storage: true - - name: v1 - served: true - storage: false diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/crds/getambassador.io_modules.yaml b/charts/ambassador/ambassador/6.7.1100+up6.7.11/crds/getambassador.io_modules.yaml deleted file mode 100644 index f60fa89c6..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/crds/getambassador.io_modules.yaml +++ /dev/null @@ -1,56 +0,0 @@ -# GENERATED FILE: edits made by hand will not be preserved. ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - helm.sh/hook: crd-install - labels: - app.kubernetes.io/name: ambassador - product: aes - name: modules.getambassador.io -spec: - group: getambassador.io - names: - categories: - - ambassador-crds - kind: Module - listKind: ModuleList - plural: modules - singular: module - scope: Namespaced - validation: - openAPIV3Schema: - description: "A Module defines system-wide configuration. The type of module is controlled by the .metadata.name; valid names are \"ambassador\" or \"tls\". \n https://www.getambassador.io/docs/edge-stack/latest/topics/running/ambassador/#the-ambassador-module https://www.getambassador.io/docs/edge-stack/latest/topics/running/tls/#tls-module-deprecated" - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - ambassador_id: - description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\"" - items: - type: string - oneOf: - - type: string - - type: array - config: - description: UntypedDict is relatively opaque as a Go type, but it preserves its contents in a roundtrippable way. - type: object - type: object - type: object - version: null - versions: - - name: v2 - served: true - storage: true - - name: v1 - served: true - storage: false diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/crds/getambassador.io_ratelimitservices.yaml b/charts/ambassador/ambassador/6.7.1100+up6.7.11/crds/getambassador.io_ratelimitservices.yaml deleted file mode 100644 index 97562444f..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/crds/getambassador.io_ratelimitservices.yaml +++ /dev/null @@ -1,72 +0,0 @@ -# GENERATED FILE: edits made by hand will not be preserved. ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - helm.sh/hook: crd-install - labels: - app.kubernetes.io/name: ambassador - product: aes - name: ratelimitservices.getambassador.io -spec: - group: getambassador.io - names: - categories: - - ambassador-crds - kind: RateLimitService - listKind: RateLimitServiceList - plural: ratelimitservices - singular: ratelimitservice - scope: Namespaced - validation: - openAPIV3Schema: - description: RateLimitService is the Schema for the ratelimitservices API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: RateLimitServiceSpec defines the desired state of RateLimitService - properties: - ambassador_id: - description: Common to all Ambassador objects. - items: - type: string - oneOf: - - type: string - - type: array - domain: - type: string - protocol_version: - enum: - - v2 - - v3 - type: string - service: - type: string - timeout_ms: - type: integer - tls: - description: BoolOrString is a type that can hold a Boolean or a string. - oneOf: - - type: string - - type: boolean - required: - - service - type: object - type: object - version: null - versions: - - name: v2 - served: true - storage: true - - name: v1 - served: true - storage: false diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/crds/getambassador.io_tcpmappings.yaml b/charts/ambassador/ambassador/6.7.1100+up6.7.11/crds/getambassador.io_tcpmappings.yaml deleted file mode 100644 index f4c295245..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/crds/getambassador.io_tcpmappings.yaml +++ /dev/null @@ -1,102 +0,0 @@ -# GENERATED FILE: edits made by hand will not be preserved. ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - helm.sh/hook: crd-install - labels: - app.kubernetes.io/name: ambassador - product: aes - name: tcpmappings.getambassador.io -spec: - group: getambassador.io - names: - categories: - - ambassador-crds - kind: TCPMapping - listKind: TCPMappingList - plural: tcpmappings - singular: tcpmapping - scope: Namespaced - validation: - openAPIV3Schema: - description: TCPMapping is the Schema for the tcpmappings API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: TCPMappingSpec defines the desired state of TCPMapping - properties: - address: - type: string - ambassador_id: - description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\"" - items: - type: string - oneOf: - - type: string - - type: array - circuit_breakers: - items: - properties: - max_connections: - type: integer - max_pending_requests: - type: integer - max_requests: - type: integer - max_retries: - type: integer - priority: - enum: - - default - - high - type: string - type: object - type: array - cluster_tag: - type: string - enable_ipv4: - type: boolean - enable_ipv6: - type: boolean - host: - type: string - idle_timeout_ms: - description: 'FIXME(lukeshu): Surely this should be an ''int''?' - type: string - port: - description: Port isn't a pointer because it's required. - type: integer - resolver: - type: string - service: - type: string - tls: - description: BoolOrString is a type that can hold a Boolean or a string. - oneOf: - - type: string - - type: boolean - weight: - type: integer - required: - - port - - service - type: object - type: object - version: null - versions: - - name: v2 - served: true - storage: true - - name: v1 - served: true - storage: false diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/crds/getambassador.io_tlscontexts.yaml b/charts/ambassador/ambassador/6.7.1100+up6.7.11/crds/getambassador.io_tlscontexts.yaml deleted file mode 100644 index c7ff23605..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/crds/getambassador.io_tlscontexts.yaml +++ /dev/null @@ -1,100 +0,0 @@ -# GENERATED FILE: edits made by hand will not be preserved. ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - helm.sh/hook: crd-install - labels: - app.kubernetes.io/name: ambassador - product: aes - name: tlscontexts.getambassador.io -spec: - group: getambassador.io - names: - categories: - - ambassador-crds - kind: TLSContext - listKind: TLSContextList - plural: tlscontexts - singular: tlscontext - scope: Namespaced - validation: - openAPIV3Schema: - description: TLSContext is the Schema for the tlscontexts API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: TLSContextSpec defines the desired state of TLSContext - properties: - alpn_protocols: - type: string - ambassador_id: - description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\"" - items: - type: string - oneOf: - - type: string - - type: array - ca_secret: - type: string - cacert_chain_file: - type: string - cert_chain_file: - type: string - cert_required: - type: boolean - cipher_suites: - items: - type: string - type: array - ecdh_curves: - items: - type: string - type: array - hosts: - items: - type: string - type: array - max_tls_version: - enum: - - v1.0 - - v1.1 - - v1.2 - - v1.3 - type: string - min_tls_version: - enum: - - v1.0 - - v1.1 - - v1.2 - - v1.3 - type: string - private_key_file: - type: string - redirect_cleartext_from: - type: integer - secret: - type: string - secret_namespacing: - type: boolean - sni: - type: string - type: object - type: object - version: null - versions: - - name: v2 - served: true - storage: true - - name: v1 - served: true - storage: false diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/crds/getambassador.io_tracingservices.yaml b/charts/ambassador/ambassador/6.7.1100+up6.7.11/crds/getambassador.io_tracingservices.yaml deleted file mode 100644 index a106a22a5..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/crds/getambassador.io_tracingservices.yaml +++ /dev/null @@ -1,101 +0,0 @@ -# GENERATED FILE: edits made by hand will not be preserved. ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - helm.sh/hook: crd-install - labels: - app.kubernetes.io/name: ambassador - product: aes - name: tracingservices.getambassador.io -spec: - group: getambassador.io - names: - categories: - - ambassador-crds - kind: TracingService - listKind: TracingServiceList - plural: tracingservices - singular: tracingservice - scope: Namespaced - validation: - openAPIV3Schema: - description: TracingService is the Schema for the tracingservices API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: TracingServiceSpec defines the desired state of TracingService - properties: - ambassador_id: - description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\"" - items: - type: string - oneOf: - - type: string - - type: array - config: - properties: - access_token_file: - type: string - collector_cluster: - type: string - collector_endpoint: - type: string - collector_endpoint_version: - enum: - - HTTP_JSON_V1 - - HTTP_JSON - - HTTP_PROTO - type: string - collector_hostname: - type: string - service_name: - type: string - shared_span_context: - type: boolean - trace_id_128bit: - type: boolean - type: object - driver: - enum: - - lightstep - - zipkin - - datadog - type: string - sampling: - properties: - client: - type: integer - overall: - type: integer - random: - type: integer - type: object - service: - type: string - tag_headers: - items: - type: string - type: array - required: - - driver - - service - type: object - type: object - version: null - versions: - - name: v2 - served: true - storage: true - - name: v1 - served: true - storage: false diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/crds/project.yaml b/charts/ambassador/ambassador/6.7.1100+up6.7.11/crds/project.yaml deleted file mode 100644 index ac3a22e27..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/crds/project.yaml +++ /dev/null @@ -1,34 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/hook: crd-install - labels: - app.kubernetes.io/name: ambassador - product: aes - name: projects.getambassador.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.prefix - name: Prefix - type: string - - JSONPath: .spec.githubRepo - name: Repo - type: string - - JSONPath: .metadata.creationTimestamp - name: Age - type: date - group: getambassador.io - names: - categories: - - ambassador-crds - kind: Project - plural: projects - singular: project - scope: Namespaced - subresources: - status: {} - versions: - - name: v2 - served: true - storage: true diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/crds/projectcontroller.yaml b/charts/ambassador/ambassador/6.7.1100+up6.7.11/crds/projectcontroller.yaml deleted file mode 100644 index 93bf4ea65..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/crds/projectcontroller.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/hook: crd-install - labels: - app.kubernetes.io/name: ambassador - product: aes - name: projectcontrollers.getambassador.io -spec: - group: getambassador.io - names: - categories: - - ambassador-crds - kind: ProjectController - plural: projectcontrollers - singular: projectcontroller - scope: Namespaced - subresources: - status: {} - versions: - - name: v2 - served: true - storage: true diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/crds/projectrevision.yaml b/charts/ambassador/ambassador/6.7.1100+up6.7.11/crds/projectrevision.yaml deleted file mode 100644 index 6457bef4a..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/crds/projectrevision.yaml +++ /dev/null @@ -1,40 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/hook: crd-install - labels: - app.kubernetes.io/name: ambassador - product: aes - name: projectrevisions.getambassador.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.project.name - name: Project - type: string - - JSONPath: .spec.ref - name: Ref - type: string - - JSONPath: .spec.rev - name: Rev - type: string - - JSONPath: .status.phase - name: Status - type: string - - JSONPath: .metadata.creationTimestamp - name: Age - type: date - group: getambassador.io - names: - categories: - - ambassador-crds - kind: ProjectRevision - plural: projectrevisions - singular: projectrevision - scope: Namespaced - subresources: - status: {} - versions: - - name: v2 - served: true - storage: true diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/crds/ratelimit.yaml b/charts/ambassador/ambassador/6.7.1100+up6.7.11/crds/ratelimit.yaml deleted file mode 100644 index 30b85101c..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/crds/ratelimit.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/hook: crd-install - labels: - app.kubernetes.io/name: ambassador - product: aes - name: ratelimits.getambassador.io -spec: - group: getambassador.io - names: - categories: - - ambassador-crds - kind: RateLimit - plural: ratelimits - shortNames: - - rl - singular: ratelimit - scope: Namespaced - versions: - - name: v1beta1 - served: true - storage: false - - name: v2 - served: true - storage: true diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/ct.yaml b/charts/ambassador/ambassador/6.7.1100+up6.7.11/ct.yaml deleted file mode 100644 index ee4f605c8..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/ct.yaml +++ /dev/null @@ -1,37 +0,0 @@ -# See https://github.com/helm/chart-testing - -# note: all the values files in ci/*-values.yaml will -# be tested automatically. For each configuration, -# all the tests in templates/tests/*.yaml -# will be checked. - -################################################ -# github -################################################ - -remote: origin - -################################################ -# chart -################################################ - -charts: - - /charts/ -chart-dirs: - - /charts/ -chart-repos: - - datawire=https://getambassador.io - -helm-extra-args: --timeout 600s - -# namespace: ambassador -# release-label: release - -################################################ -# checks and validations -################################################ - -validate-maintainers: false -validate-chart-schema: true -validate-yaml: true -# check-version-increment: true diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/questions.yml b/charts/ambassador/ambassador/6.7.1100+up6.7.11/questions.yml deleted file mode 100644 index bf13b9471..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/questions.yml +++ /dev/null @@ -1,84 +0,0 @@ -questions: -### CRD Management -- variable: crds.enabled - label: Create CRDs - description: "Should Ambassador Edge Stack create and manage its CRD's?" - type: boolean - required: false - default: "true" - group: "CRD Management" -- variable: crds.keep - label: Keep CRDs - description: "Should Ambassador Edge Stack keep CRD's when the chart is uninstalled?" - type: boolean - required: false - default: "true" - group: "CRD Management" - show_if: "crds.enabled=true" - -### Deployment Management -- variable: daemonSet - label: Deploy as Daemonset - description: "Deploy Ambassador Edge Stack as a Daemonset? (Recommended: false)" - type: boolean - required: false - default: "true" - group: "Deployment Settings" -- variable: replicaCount - label: Replica Count - description: "How many replicas should Ambassador Edge Stack run? (Recommended: 3)" - type: int - required: false - default: "3" - group: "Deployment Settings" - min: 1 - max: 999 - show_if: "daemonSet=false" - -### Service Settings -- variable: service.type - label: Service Type - description: "Set the type of service, LoadBalancer (recommended), NodePort, or ClusterIP" - type: enum - required: false - default: "LoadBalancer" - group: "Service Settings" - options: - - "LoadBalancer" - - "ClusterIP" - - "NodePort" - -### Licensing -- variable: licenseKey.createSecret - label: "Create License Key Secret" - description: "Creates the license key secret using the License Key Data." - type: boolean - required: false - default: "true" - group: "License Settings" -- variable: licenseKey.value - label: "License Key Data" - description: "Specifies the license key to apply." - type: secret - required: false - default: "" - group: "License Settings" - show_if: "licenseKey.createSecret=true" - -### Service Catalog -- variable: agent.enabled - label: "Enable Service Catalog" - description: "Enables the Service Catalog agent for use at https://app.getambassador.io." - type: boolean - required: false - default: "true" - group: "Service Catalog" -- variable: agent.cloudConnectionToken - label: "Cloud Connection Token" - description: "Specifies the Token used to register a Cluster with the Service Catalog." - type: secret - required: false - default: "" - group: "Service Catalog" - show_if: "agent.enabled=true" - \ No newline at end of file diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/NOTES.txt b/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/NOTES.txt deleted file mode 100644 index 359073a3f..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/NOTES.txt +++ /dev/null @@ -1,60 +0,0 @@ -------------------------------------------------------------------------------- -{{- if .Values.enableAES }} -Congratulations! You have successfully installed The Ambassador Edge Stack! - -{{- if empty .Values.licenseKey.value }} -------------------------------------------------------------------------------- -NOTE: You are currently running The Ambassador Edge Stack in EVALUATION MODE. - -Request a free community license key at https://SERVICE_IP/edge_stack_admin/#dashboard -to unlock all the features of The Ambassador Edge Stack and update the value of -licenseKey.value in your values.yaml file. -{{- end }} - -{{- if or .Values.authService.create .Values.rateLimit.create }} -------------------------------------------------------------------------------- -WARNING: - -With your installation of the Ambassador Edge Stack, you have created a: -{{ if .Values.authService.create }} -- AuthService named {{include "ambassador.fullname" .}}-auth -{{ end }} {{ if .Values.rateLimit.create }} -- RateLimitService named {{include "ambassador.fullname" .}}-ratelimit -{{ end }} -in the {{ include "ambassador.namespace" . }} namespace. - -Please ensure there is not another of these resources configured in your cluster. -If there is, please either remove the old resource or run - -helm upgrade {{ .Release.Name }} -n {{ .Release.Namespace }} --set authService.create=false --set RateLimit.create=false - -{{- end }} -{{- else }} - Congratulations! You've successfully installed Ambassador! - -------------------------------------------------------------------------------- -To get the IP address of Ambassador, run the following commands: - -{{- if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "ambassador.namespace" .}} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "ambassador.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "ambassador.namespace" .}} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} -NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w --namespace {{ include "ambassador.namespace" .}} {{ include "ambassador.fullname" . }}' - - On GKE/Azure: - export SERVICE_IP=$(kubectl get svc --namespace {{ include "ambassador.namespace" .}} {{ include "ambassador.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - - On AWS: - export SERVICE_IP=$(kubectl get svc --namespace {{ include "ambassador.namespace" .}} {{ include "ambassador.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].hostname}') - - echo http://$SERVICE_IP:{{ .Values.service.port }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "ambassador.namespace" .}} -l "app={{ include "ambassador.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:80 -{{- end }} -{{- end }} - -For help, visit our Slack at http://a8r.io/Slack or view the documentation online at https://www.getambassador.io. diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/_helpers.tpl b/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/_helpers.tpl deleted file mode 100644 index 58a1eb455..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/_helpers.tpl +++ /dev/null @@ -1,117 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "ambassador.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "ambassador.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{- define "ambassador.imagetag" -}} -{{- if .Values.image.fullImageOverride }} - {{- .Values.image.fullImageOverride }} -{{- else }} - {{- if hasKey .Values.image "tag" -}} - {{- .Values.image.tag }} - {{- else if .Values.enableAES }} - {{- .Values.image.aesTag }} - {{- else }} - {{- .Values.image.ossTag }} - {{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Set the image that should be used for ambassador. -Use fullImageOverride if present, -Then if the image repository is explicitly set, use "repository:image" -Otherwise, check if AES is enabled -Use AES image if AES is enabled, ambassador image if not -*/}} -{{- define "ambassador.image" -}} -{{- if .Values.image.fullImageOverride }} - {{- .Values.image.fullImageOverride }} -{{- else }} - {{- $repoName := "" }} - {{- $imageTag := "" }} - {{- if hasKey .Values.image "repository" -}} - {{- $repoName = .Values.image.repository }} - {{- else if .Values.enableAES }} - {{- $repoName = .Values.image.aesRepository }} - {{- else }} - {{- $repoName = .Values.image.ossRepository }} - {{- end -}} - {{- if hasKey .Values.image "tag" -}} - {{- $imageTag = .Values.image.tag }} - {{- else if .Values.enableAES }} - {{- $imageTag = .Values.image.aesTag }} - {{- else }} - {{- $imageTag = .Values.image.ossTag }} - {{- end -}} - {{- printf "%s:%s" $repoName $imageTag -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart namespace based on override value. -*/}} -{{- define "ambassador.namespace" -}} -{{- if .Values.namespaceOverride -}} -{{- .Values.namespaceOverride -}} -{{- else -}} -{{- .Release.Namespace -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "ambassador.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "ambassador.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "ambassador.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the RBAC to use -*/}} -{{- define "ambassador.rbacName" -}} -{{ default (include "ambassador.fullname" .) .Values.rbac.nameOverride }} -{{- end -}} - -{{/* -Define the http port of the Ambassador service -*/}} -{{- define "ambassador.servicePort" -}} -{{- range .Values.service.ports -}} -{{- if (eq .name "http") -}} -{{ default .port }} -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/admin-service.yaml b/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/admin-service.yaml deleted file mode 100644 index 34db11f29..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/admin-service.yaml +++ /dev/null @@ -1,64 +0,0 @@ -{{- if .Values.adminService.create -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "ambassador.fullname" . }}-admin - namespace: {{ include "ambassador.namespace" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - # Hard-coded label for Prometheus Operator ServiceMonitor - service: ambassador-admin - product: aes - annotations: - a8r.io/owner: "Ambassador Labs" - a8r.io/repository: github.com/datawire/ambassador - a8r.io/description: "The Ambassador Edge Stack admin service for internal use and health checks." - a8r.io/documentation: https://www.getambassador.io/docs/edge-stack/latest/ - a8r.io/chat: http://a8r.io/Slack - a8r.io/bugs: https://github.com/datawire/ambassador/issues - a8r.io/support: https://www.getambassador.io/about-us/support/ - a8r.io/dependencies: "None" - {{- with .Values.adminService.annotations }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.adminService.type }} - ports: - - port: {{ .Values.adminService.port }} - targetPort: admin - protocol: TCP - name: ambassador-admin - {{- if (and (eq .Values.adminService.type "NodePort") (not (empty .Values.adminService.nodePort))) }} - nodePort: {{ int .Values.adminService.nodePort }} - {{- end }} - - port: {{ .Values.adminService.snapshotPort }} - targetPort: {{ .Values.adminService.snapshotPort }} - protocol: TCP - name: ambassador-snapshot - selector: - {{- if .Values.service.selector }} - {{ toYaml .Values.service.selector | nindent 6 }} - {{- else }} - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- end }} - {{- if eq .Values.adminService.type "LoadBalancer" }} - {{- if not (empty .Values.adminService.loadBalancerIP) }} - loadBalancerIP: {{ .Values.adminService.loadBalancerIP | quote }} - {{- end }} - {{- if not (empty .Values.adminService.loadBalancerSourceRanges) }} - loadBalancerSourceRanges: - {{- toYaml .Values.adminService.loadBalancerSourceRanges | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/aes-authservice.yaml b/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/aes-authservice.yaml deleted file mode 100644 index b4c61bb0e..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/aes-authservice.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{ if and .Values.authService.create .Values.enableAES }} ---- -apiVersion: getambassador.io/v2 -kind: AuthService -metadata: - name: {{ include "ambassador.fullname" . }}-{{ .Values.authService.deploymentExtraName | default "auth" }} - namespace: {{ include "ambassador.namespace" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - app.kubernetes.io/component: {{ include "ambassador.name" . }}-auth - {{- end }} - product: aes -spec: - proto: grpc - {{- if .Values.env }} - {{- if hasKey .Values.env "AMBASSADOR_ID" }} - ambassador_id: {{ .Values.env.AMBASSADOR_ID | quote }} - {{- end }} - {{- end }} - auth_service: 127.0.0.1:8500 - {{- if .Values.authService.optional_configurations }} - {{- toYaml .Values.authService.optional_configurations | nindent 2}} - {{- end }} -{{ end }} diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/aes-injector.yaml b/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/aes-injector.yaml deleted file mode 100644 index 03bd3bd95..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/aes-injector.yaml +++ /dev/null @@ -1,161 +0,0 @@ -{{- if and .Values.enableAES .Values.servicePreview.enabled .Values.servicePreview.trafficAgent.injector.enabled }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "ambassador.fullname" . }}-injector - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-injector - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-injector - app.kubernetes.io/instance: {{ .Release.Name }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-injector - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes - spec: - containers: - - name: webhook - {{- if .Values.servicePreview.trafficAgent.image.repository }} - image: "{{ .Values.servicePreview.trafficAgent.image.repository }}:{{ .Values.servicePreview.trafficAgent.image.tag | default .Values.image.tag }}" - {{- else }} - image: {{ include "ambassador.image" . }} - {{- end }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - command: [ "aes-injector" ] - env: - - name: AGENT_MANAGER_NAMESPACE - value: "{{ include "ambassador.namespace" . }}" - - name: TRAFFIC_AGENT_IMAGE - value: "{{ .Values.servicePreview.trafficAgent.image.repository | default .Values.image.repository }}:{{ .Values.servicePreview.trafficAgent.image.tag | default .Values.image.tag }}" - - name: TRAFFIC_AGENT_AGENT_LISTEN_PORT - value: "{{ .Values.servicePreview.trafficAgent.port }}" - {{- if .Values.servicePreview.trafficAgent.singleNamespace }} - - name: TRAFFIC_AGENT_SERVICE_ACCOUNT_NAME - value: "{{ .Values.servicePreview.trafficAgent.serviceAccountName }}" - {{- end }} - ports: - - containerPort: 8443 - name: https - livenessProbe: - httpGet: - path: /healthz - port: https - scheme: HTTPS - volumeMounts: - - mountPath: /var/run/secrets/tls - name: tls - readOnly: true - volumes: - - name: tls - secret: - secretName: {{ include "ambassador.fullname" . }}-injector-tls ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ include "ambassador.fullname" . }}-injector - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-injector - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - annotations: - a8r.io/owner: "Ambassador Labs" - a8r.io/repository: github.com/datawire/ambassador - a8r.io/description: "The Ambassador Edge Stack Service Preview Traffic Agent Sidecar injector." - a8r.io/documentation: https://www.getambassador.io/docs/edge-stack/latest/ - a8r.io/chat: http://a8r.io/Slack - a8r.io/bugs: https://github.com/datawire/ambassador/issues - a8r.io/support: https://www.getambassador.io/about-us/support/ - a8r.io/dependencies: "None" -spec: - type: ClusterIP - selector: - app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-injector - app.kubernetes.io/instance: {{ .Release.Name }} - ports: - - name: {{ include "ambassador.fullname" . }}-injector - port: 443 - targetPort: https ---- -kind: Secret -apiVersion: v1 -metadata: - name: {{ include "ambassador.fullname" . }}-injector-tls - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-injector-tls - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes -type: Opaque -data: - {{ $ca := genCA (printf "%s-injector.%s.svc" (include "ambassador.fullname" .) (include "ambassador.namespace" .)) 365 -}} - crt.pem: {{ ternary (b64enc $ca.Cert) (b64enc (trim .Values.servicePreview.trafficAgent.injector.crtPEM)) (empty .Values.servicePreview.trafficAgent.injector.crtPEM) }} - key.pem: {{ ternary (b64enc $ca.Key) (b64enc (trim .Values.servicePreview.trafficAgent.injector.keyPEM)) (empty .Values.servicePreview.trafficAgent.injector.keyPEM) }} ---- -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: MutatingWebhookConfiguration -metadata: - name: {{ include "ambassador.fullname" . }}-injector-webhook-config - labels: - app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-injector-webhook-config - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes -webhooks: -- name: {{ include "ambassador.fullname" . }}-injector.getambassador.io - clientConfig: - service: - name: {{ include "ambassador.fullname" . }}-injector - namespace: {{ include "ambassador.namespace" . }} - path: "/traffic-agent" - caBundle: {{ ternary (b64enc $ca.Cert) (b64enc (trim .Values.servicePreview.trafficAgent.injector.crtPEM)) (empty .Values.servicePreview.trafficAgent.injector.crtPEM) }} - failurePolicy: Ignore - rules: - - operations: ["CREATE"] - apiGroups: [""] - apiVersions: ["v1"] - resources: ["pods"] -{{- end }} diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/aes-internal.yaml b/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/aes-internal.yaml deleted file mode 100644 index b210d0b20..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/aes-internal.yaml +++ /dev/null @@ -1,129 +0,0 @@ -{{ if and .Values.createDevPortalMappings .Values.enableAES }} ---- -# Configure DevPortal -apiVersion: getambassador.io/v2 -kind: Mapping -metadata: - # This Mapping name is referenced by convention, it's important to leave as-is. - name: {{ include "ambassador.fullname" . }}-devportal - namespace: {{ include "ambassador.namespace" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - app.kubernetes.io/component: {{ include "ambassador.name" . }}-devportal - {{- end }} - product: aes -spec: - {{- if .Values.env }} - {{- if hasKey .Values.env "AMBASSADOR_ID" }} - ambassador_id: {{ .Values.env.AMBASSADOR_ID | quote }} - {{- end }} - {{- end }} - prefix: {{ .Values.devportal.docsPrefix }} - rewrite: "/docs/" - service: "127.0.0.1:8500" ---- -apiVersion: getambassador.io/v2 -kind: Mapping -metadata: - name: {{ include "ambassador.fullname" . }}-devportal-assets - namespace: {{ include "ambassador.namespace" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - app.kubernetes.io/component: {{ include "ambassador.name" . }}-devportal-assets - {{- end }} - product: aes -spec: - {{- if .Values.env }} - {{- if hasKey .Values.env "AMBASSADOR_ID" }} - ambassador_id: {{ .Values.env.AMBASSADOR_ID | quote }} - {{- end }} - {{- end }} - prefix: /documentation/(assets|styles)/(.*)(.css) - prefix_regex: true - regex_rewrite: - pattern: /documentation/(.*) - substitution: /docs/\1 - service: "127.0.0.1:8500" - add_response_headers: - cache-control: - value: "public, max-age=3600, immutable" - append: false ---- -apiVersion: getambassador.io/v2 -kind: Mapping -metadata: - # This Mapping name is what the demo uses. Sigh. - name: {{ include "ambassador.fullname" . }}-devportal-demo - namespace: {{ include "ambassador.namespace" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - app.kubernetes.io/component: {{ include "ambassador.name" . }}-devportal-demo - {{- end }} - product: aes -spec: - {{- if .Values.env }} - {{- if hasKey .Values.env "AMBASSADOR_ID" }} - ambassador_id: {{ .Values.env.AMBASSADOR_ID | quote }} - {{- end }} - {{- end }} - prefix: /docs/ - rewrite: "/docs/" - service: "127.0.0.1:8500" ---- -apiVersion: getambassador.io/v2 -kind: Mapping -metadata: - # This Mapping name is referenced by convention, it's important to leave as-is. - name: {{ include "ambassador.fullname" . }}-devportal-api - namespace: {{ include "ambassador.namespace" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - app.kubernetes.io/component: {{ include "ambassador.name" . }}-devportal-api - {{- end }} - product: aes -spec: - {{- if .Values.env }} - {{- if hasKey .Values.env "AMBASSADOR_ID" }} - ambassador_id: {{ .Values.env.AMBASSADOR_ID | quote }} - {{- end }} - {{- end }} - prefix: /openapi/ - rewrite: "" - service: "127.0.0.1:8500" -{{ end }} diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/aes-ratelimit.yaml b/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/aes-ratelimit.yaml deleted file mode 100644 index fdb2ddbcd..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/aes-ratelimit.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{ if and .Values.rateLimit.create .Values.enableAES }} ---- -apiVersion: getambassador.io/v2 -kind: RateLimitService -metadata: - name: {{ include "ambassador.fullname" . }}-{{ .Values.rateLimit.deploymentExtraName | default "ratelimit" }} - namespace: {{ include "ambassador.namespace" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - app.kubernetes.io/component: {{ include "ambassador.name" . }}-ratelimit - {{- end }} - product: aes -spec: - {{- if .Values.env }} - {{- if hasKey .Values.env "AMBASSADOR_ID" }} - ambassador_id: {{ .Values.env.AMBASSADOR_ID | quote }} - {{- end }} - {{- end }} - service: 127.0.0.1:8500 -{{ end }} diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/aes-redis.yaml b/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/aes-redis.yaml deleted file mode 100644 index e0bbe1931..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/aes-redis.yaml +++ /dev/null @@ -1,106 +0,0 @@ -{{ if and .Values.redis.create .Values.enableAES }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ include "ambassador.fullname" . }}-redis - namespace: {{ include "ambassador.namespace" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-redis - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- else }} - product: aes - {{- end }} - annotations: - a8r.io/owner: "Ambassador Labs" - a8r.io/repository: github.com/datawire/ambassador - a8r.io/description: "The Ambassador Edge Stack Redis store for auth and rate limiting, among other things." - a8r.io/documentation: https://www.getambassador.io/docs/edge-stack/latest/ - a8r.io/chat: http://a8r.io/Slack - a8r.io/bugs: https://github.com/datawire/ambassador/issues - a8r.io/support: https://www.getambassador.io/about-us/support/ - a8r.io/dependencies: "None" - {{- with .Values.redis.annotations.service }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - type: ClusterIP - ports: - - port: 6379 - targetPort: 6379 - selector: - {{- if .Values.redis.serviceSelector }} - {{ toYaml .Values.redis.serviceSelector | nindent 4 }} - {{- else }} - app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-redis - app.kubernetes.io/instance: {{ .Release.Name }} - {{- end }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "ambassador.fullname" . }}-redis - namespace: {{ include "ambassador.namespace" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-redis - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes - annotations: - {{- toYaml .Values.redis.annotations.deployment | nindent 4}} -spec: - replicas: 1 - selector: - matchLabels: - {{- if .Values.redis.serviceSelector }} - {{ toYaml .Values.redis.serviceSelector | nindent 6 }} - {{- else }} - app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-redis - app.kubernetes.io/instance: {{ .Release.Name }} - {{- end }} - template: - metadata: - labels: - {{- if .Values.redis.serviceSelector }} - {{ toYaml .Values.redis.serviceSelector | nindent 8 }} - {{- else }} - app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-redis - app.kubernetes.io/instance: {{ .Release.Name }} - {{- end }} - spec: - containers: - - name: redis - image: "{{ .Values.redis.image.repository }}:{{ .Values.redis.image.tag }}" - imagePullPolicy: {{ .Values.redis.image.pullPolicy }} - resources: - {{- toYaml .Values.redis.resources | nindent 10 }} - restartPolicy: Always - {{- with .Values.redis.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.redis.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.redis.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} -{{ end }} diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/aes-secret.yaml b/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/aes-secret.yaml deleted file mode 100644 index 9829d93fe..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/aes-secret.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if and .Values.licenseKey.createSecret .Values.enableAES }} -apiVersion: v1 -kind: Secret -metadata: - {{- if ne .Values.deploymentTool "getambassador.io" }} - annotations: - helm.sh/resource-policy: keep - {{- end }} - {{- if .Values.licenseKey.annotations }} - {{- toYaml .Values.licenseKey.annotations | nindent 4 }} - {{- end }} - {{- if .Values.licenseKey.secretName }} - name: {{ .Values.licenseKey.secretName }} - {{- else }} - name: {{ include "ambassador.fullname" . }}-edge-stack - {{- end }} - namespace: {{ include "ambassador.namespace" . }} -type: Opaque -data: - license-key: {{- if .Values.licenseKey.value }} {{ .Values.licenseKey.value | b64enc }} {{- else }} "" {{- end }} -{{- end }} diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/ambassador-agent.yaml b/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/ambassador-agent.yaml deleted file mode 100644 index 0d70f4c8b..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/ambassador-agent.yaml +++ /dev/null @@ -1,371 +0,0 @@ -{{- if .Values.agent.enabled }} -{{- $allowAgent := false -}} - - {{- /* This next bit is ugly. */ -}} - {{- /* Case 1: "fullImageOverride" means don't bother checking the tag. */ -}} - {{- /* Case 2: Otherwise, if it's not a semver-style version number, */ -}} - {{- /* assume we have a power user and turn the agent on. */ -}} - {{- /* Case 3: Otherwise, if Edge Stack, we need at least 1.12.0. */ -}} - {{- /* Case 4: Otherwise, it's OSS and we need at 1.13.0. */ -}} - -{{- if .Values.image.fullImageOverride }} - {{- /* Case 1 */ -}} - {{- $allowAgent = true }} -{{- else if not (regexMatch "^\\d+\\.\\d+\\.\\d+$" (include "ambassador.imagetag" . )) }} - {{- /* Case 2 above: power user */ -}} - {{- $allowAgent = true }} -{{- else if and .Values.enableAES (ne (semver "1.12.0" | (semver (include "ambassador.imagetag" . )).Compare) -1) }} - {{- /* Case 3 above: Edge Stack 1.12.0+ */ -}} - {{- $allowAgent = true }} -{{- else if ne (semver "1.13.0" | (semver (include "ambassador.imagetag" . )).Compare) -1 }} - {{- /* Case 4 above: OSS 1.13.0+ */ -}} - {{- $allowAgent = true }} -{{- end }} - -{{- if $allowAgent }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "ambassador.fullname" . }}-agent - namespace: {{ include "ambassador.namespace" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes -{{- if .Values.docker.useImagePullSecret }} -imagePullSecrets: -- name: {{ .Values.docker.imagePullSecretName }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: RoleBinding -metadata: - name: {{ include "ambassador.fullname" . }}-agent-config - namespace: {{ include "ambassador.namespace" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "ambassador.fullname" . }}-agent-config -subjects: -- kind: ServiceAccount - name: {{ include "ambassador.fullname" . }}-agent - namespace: {{ include "ambassador.namespace" . }} ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: Role -metadata: - name: {{ include "ambassador.fullname" . }}-agent-config - namespace: {{ include "ambassador.namespace" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes -rules: -- apiGroups: [""] - resources: [ "configmaps" ] - verbs: [ "get", "list", "watch" ] ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding -metadata: - name: {{ include "ambassador.fullname" . }}-agent - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "ambassador.fullname" . }}-agent -subjects: -- kind: ServiceAccount - name: {{ include "ambassador.fullname" . }}-agent - namespace: {{ include "ambassador.namespace" . }} ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - name: {{ include "ambassador.fullname" . }}-agent - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes -aggregationRule: - clusterRoleSelectors: - - matchLabels: - rbac.getambassador.io/role-group: {{ include "ambassador.rbacName" . }}-agent -rules: [] ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - name: {{ include "ambassador.fullname" . }}-agent-pods - labels: - rbac.getambassador.io/role-group: {{ include "ambassador.rbacName" . }}-agent - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes -rules: -- apiGroups: [""] - resources: [ "pods"] - verbs: [ "get", "list", "watch" ] ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - name: {{ include "ambassador.fullname" . }}-agent-deployments - labels: - rbac.getambassador.io/role-group: {{ include "ambassador.rbacName" . }}-agent - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes -rules: -- apiGroups: ["apps", "extensions"] - resources: [ "deployments" ] - verbs: [ "get", "list", "watch" ] ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - name: {{ include "ambassador.fullname" . }}-agent-endpoints - labels: - rbac.getambassador.io/role-group: {{ include "ambassador.rbacName" . }}-agent - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes -rules: -- apiGroups: [""] - resources: [ "endpoints" ] - verbs: [ "get", "list", "watch" ] ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - name: {{ include "ambassador.fullname" . }}-agent-configmaps - labels: - rbac.getambassador.io/role-group: {{ include "ambassador.rbacName" . }}-agent - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes -rules: -- apiGroups: [""] - resources: [ "configmaps" ] - verbs: [ "get", "list", "watch" ] ---- -{{- if .Values.agent.createArgoRBAC }} -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - name: {{ include "ambassador.fullname" . }}-agent-rollouts - labels: - rbac.getambassador.io/role-group: {{ include "ambassador.rbacName" . }}-agent - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes -rules: -- apiGroups: ["argoproj.io"] - resources: [ "rollouts" ] - verbs: [ "get", "list", "watch" ] ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - name: {{ include "ambassador.fullname" . }}-agent-applications - labels: - rbac.getambassador.io/role-group: {{ include "ambassador.rbacName" . }}-agent - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes -rules: -- apiGroups: ["argoproj.io"] - resources: [ "applications" ] - verbs: [ "get", "list", "watch" ] -{{- end }} -{{ if ne .Values.agent.cloudConnectToken "" }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "ambassador.fullname" . }}-agent-cloud-token - namespace: {{ include "ambassador.namespace" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent-cloud-token - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes -data: - CLOUD_CONNECT_TOKEN: {{ .Values.agent.cloudConnectToken }} -{{ end }} - ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "ambassador.fullname" . }}-agent - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-agent - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes - {{- end }} -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-agent - app.kubernetes.io/instance: {{ .Release.Name }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-agent - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - product: aes - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - spec: - serviceAccountName: {{ include "ambassador.fullname" . }}-agent - containers: - - name: agent - image: {{ include "ambassador.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - command: [ "agent" ] - env: - - name: AGENT_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: AGENT_CONFIG_RESOURCE_NAME - value: {{ include "ambassador.fullname" . }}-agent-cloud-token - - name: RPC_CONNECTION_ADDRESS - value: {{ .Values.agent.rpcAddress }} - - name: AES_SNAPSHOT_URL - value: "http://{{ include "ambassador.fullname" . }}-admin.{{ include "ambassador.namespace" . }}:{{ .Values.adminService.snapshotPort }}/snapshot-external" -{{- end }} -{{- end }} diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/config.yaml b/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/config.yaml deleted file mode 100644 index b2c2d64bc..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/config.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.ambassadorConfig }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: '{{ include "ambassador.fullname" . }}-file-config' - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} -data: - ambassadorConfig: |- - {{- .Values.ambassadorConfig | nindent 4 }} -{{- end }} diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/crd-delete.yaml b/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/crd-delete.yaml deleted file mode 100644 index 0099dedf8..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/crd-delete.yaml +++ /dev/null @@ -1,123 +0,0 @@ -{{- if and .Values.crds.enabled (not .Values.crds.keep)}} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "ambassador.serviceAccountName" . }}-crd-delete - namespace: {{ include "ambassador.namespace" . }} - annotations: - "helm.sh/hook": post-delete - "helm.sh/hook-delete-policy": hook-succeeded - "helm.sh/hook-weight": "1" - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - name: {{ include "ambassador.rbacName" . }}-crd-delete - namespace: {{ include "ambassador.namespace" . }} - annotations: - "helm.sh/hook": post-delete - "helm.sh/hook-delete-policy": hook-succeeded - "helm.sh/hook-weight": "1" - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes -rules: - - apiGroups: [ "apiextensions.k8s.io" ] - resources: [ "customresourcedefinitions" ] - verbs: ["get", "list", "watch", "delete"] ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding -metadata: - name: {{ include "ambassador.rbacName" . }}-crd-delete - namespace: {{ include "ambassador.namespace" . }} - annotations: - "helm.sh/hook": post-delete - "helm.sh/hook-delete-policy": hook-succeeded - "helm.sh/hook-weight": "1" - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "ambassador.rbacName" . }}-crd-delete -subjects: - - name: {{ include "ambassador.serviceAccountName" . }}-crd-delete - namespace: {{ include "ambassador.namespace" . }} - kind: ServiceAccount ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ include "ambassador.fullname" . }}-crd-cleanup - namespace: {{ include "ambassador.namespace" . }} - annotations: - "helm.sh/hook": post-delete - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - "helm.sh/hook-weight": "3" - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} -spec: - template: - metadata: - name: {{ include "ambassador.fullname" . }}-crd-cleanup - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - spec: - {{- if .Values.rbac.create }} - serviceAccountName: {{ include "ambassador.serviceAccountName" . }}-crd-delete - {{- end }} - containers: - - name: kubectl - image: "buoyantio/kubectl" - args: - - delete - - crds - - -l app.kubernetes.io/name=ambassador - restartPolicy: OnFailure -{{- end }} diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/crds.yaml b/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/crds.yaml deleted file mode 100644 index 3b3bf16d5..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/crds.yaml +++ /dev/null @@ -1,6 +0,0 @@ -{{- if .Values.crds.create }} -{{- range $path, $bytes := .Files.Glob "crds/*.yaml" }} -{{ $.Files.Get $path }} ---- -{{- end }} -{{- end }} diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/deployment.yaml b/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/deployment.yaml deleted file mode 100644 index 762cf2d9c..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/deployment.yaml +++ /dev/null @@ -1,282 +0,0 @@ -apiVersion: apps/v1 -{{- if .Values.daemonSet }} -kind: DaemonSet -{{- else }} -kind: Deployment -{{- end }} -metadata: - {{- if .Values.deploymentNameOverride }} - name: {{ .Values.deploymentNameOverride }} - {{- else }} - name: {{ include "ambassador.fullname" . }} - {{- end }} - namespace: {{ include "ambassador.namespace" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes - {{- if .Values.deploymentLabels }} - {{- toYaml .Values.deploymentLabels | nindent 4 }} - {{- end }} - {{- if .Values.deploymentAnnotations }} - annotations: - {{- toYaml .Values.deploymentAnnotations | nindent 4 }} - {{- end }} -spec: -{{- if and (not .Values.autoscaling.enabled) (not .Values.daemonSet) }} - replicas: {{ .Values.replicaCount }} -{{- end }} - selector: - matchLabels: - {{- if .Values.service.selector }} - {{ toYaml .Values.service.selector | nindent 6 }} - {{- else }} - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- end }} - {{- if .Values.daemonSet }} - updateStrategy: - {{- else }} - strategy: - {{- end }} - {{- toYaml .Values.deploymentStrategy | nindent 4}} - template: - metadata: - labels: - {{- if .Values.service.selector }} - {{ toYaml .Values.service.selector | nindent 8 }} - {{- end }} - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - app.kubernetes.io/instance: {{ .Release.Name }} - product: aes - {{- end }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- if .Values.podLabels }} - {{- toYaml .Values.podLabels | nindent 8 }} - {{- end }} - annotations: - {{- if ne .Values.deploymentTool "getambassador.io" }} - checksum/config: {{ include (print $.Template.BasePath "/config.yaml") . | sha256sum }} - {{- end }} - {{- if .Values.podAnnotations }} - {{- toYaml .Values.podAnnotations | nindent 8 }} - {{- end }} - spec: - {{- if .Values.terminationGracePeriodSeconds }} - terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} - {{- end }} - {{- /* Check if .Values.securityContext is set for backwards compatibility */ -}} - {{- if .Values.securityContext -}} - {{- with .Values.securityContext }} - securityContext: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- else -}} - {{- with .Values.security.podSecurityContext }} - securityContext: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- end -}} - {{- if .Values.restartPolicy }} - restartPolicy: {{ .Values.restartPolicy }} - {{- end }} - serviceAccountName: {{ include "ambassador.serviceAccountName" . }} - {{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName | quote }} - {{- end }} - volumes: - - name: ambassador-pod-info - downwardAPI: - items: - - fieldRef: - fieldPath: metadata.labels - path: labels - {{- if .Values.prometheusExporter.enabled }} - - name: stats-exporter-mapping-config - configMap: - name: {{ include "ambassador.fullname" . }}-exporter-config - items: - - key: exporterConfiguration - path: mapping-config.yaml - {{- end }} - {{- if .Values.ambassadorConfig }} - - name: ambassador-config - configMap: - name: {{ include "ambassador.fullname" . }}-file-config - items: - - key: ambassadorConfig - path: ambassador-config.yaml - {{- end }} - {{- if and .Values.licenseKey.createSecret .Values.enableAES }} - - name: {{ include "ambassador.fullname" . }}-edge-stack-secrets - secret: - {{- if .Values.licenseKey.secretName }} - secretName: {{ .Values.licenseKey.secretName }} - {{- else }} - secretName: {{ include "ambassador.fullname" . }}-edge-stack - {{- end }} - {{- end }} - {{- with .Values.volumes }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.initContainers }} - initContainers: - {{- toYaml . | nindent 8 }} - {{- end }} - containers: - {{- if .Values.prometheusExporter.enabled }} - - name: prometheus-exporter - image: "{{ .Values.prometheusExporter.repository }}:{{ .Values.prometheusExporter.tag }}" - imagePullPolicy: {{ .Values.prometheusExporter.pullPolicy }} - ports: - - name: metrics - containerPort: 9102 - - name: listener - containerPort: 8125 - args: - - --statsd.listen-udp=:8125 - - --web.listen-address=:9102 - - --statsd.mapping-config=/statsd-exporter/mapping-config.yaml - volumeMounts: - - name: stats-exporter-mapping-config - mountPath: /statsd-exporter/ - readOnly: true - resources: - {{- toYaml .Values.prometheusExporter.resources | nindent 12 }} - {{- end }} - - name: {{ if .Values.containerNameOverride }}{{ .Values.containerNameOverride }}{{ else }}{{ .Chart.Name }}{{ end }} - image: {{ include "ambassador.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - ports: - {{- range .Values.service.ports }} - - name: {{ .name }} - containerPort: {{ int .targetPort }} - {{- if .protocol }} - protocol: {{ .protocol }} - {{- end }} - {{- if .hostPort }} - hostPort: {{ .hostPort }} - {{- end }} - {{- end}} - - name: admin - containerPort: {{ .Values.adminService.port }} - env: - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - {{- if and (or .Values.redis.create .Values.redisURL) (.Values.enableAES) }} - - name: REDIS_URL - {{- if .Values.redisURL }} - value: {{ .Values.redisURL }} - {{- else }} - value: {{ include "ambassador.fullname" . }}-redis:6379 - {{- end }} - {{- end }} - {{- if and .Values.licenseKey.secretName .Values.enableAES}} - - name: AMBASSADOR_AES_SECRET_NAME - value: {{ .Values.licenseKey.secretName }} - {{- end }} - {{- if .Values.prometheusExporter.enabled }} - - name: STATSD_ENABLED - value: "true" - - name: STATSD_HOST - value: "localhost" - {{- end }} - {{- if .Values.scope.singleNamespace }} - - name: AMBASSADOR_SINGLE_NAMESPACE - value: "YES" - {{- end }} - - name: AMBASSADOR_NAMESPACE - {{- if .Values.namespace }} - value: {{ .Values.namespace.name | quote }} - {{ else }} - valueFrom: - fieldRef: - fieldPath: metadata.namespace - {{- end -}} - {{- if .Values.redisEnv }} - {{ toYaml .Values.redisEnv | nindent 12 }} - {{- end }} - {{- if .Values.env }} - {{- range $key,$value := .Values.env }} - - name: {{ $key | upper | quote}} - value: {{ $value | quote}} - {{- end }} - {{- end }} - {{- if .Values.envRaw }} - {{- with .Values.envRaw }} - {{- toYaml . | nindent 12 }} - {{- end }} - {{- end }} - {{- with .Values.security.containerSecurityContext }} - securityContext: - {{- toYaml . | nindent 12 }} - {{- end }} - livenessProbe: - httpGet: - path: /ambassador/v0/check_alive - port: admin - {{- toYaml .Values.livenessProbe | nindent 12 }} - readinessProbe: - httpGet: - path: /ambassador/v0/check_ready - port: admin - {{- toYaml .Values.readinessProbe | nindent 12 }} - volumeMounts: - - name: ambassador-pod-info - mountPath: /tmp/ambassador-pod-info - readOnly: true - {{- if .Values.ambassadorConfig }} - - name: ambassador-config - mountPath: /ambassador/ambassador-config/ambassador-config.yaml - subPath: ambassador-config.yaml - {{- end }} - {{- if and .Values.licenseKey.createSecret .Values.enableAES }} - - name: {{ include "ambassador.fullname" . }}-edge-stack-secrets - mountPath: /.config/ambassador - readOnly: true - {{- end }} - {{- with .Values.volumeMounts }} - {{- toYaml . | nindent 12 }} - {{- end }} - resources: - {{- toYaml .Values.resources | nindent 12 }} - {{- with .Values.sidecarContainers }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.topologySpreadConstraints }} - topologySpreadConstraints: - {{- toYaml . | nindent 8 }} - {{- end }} - imagePullSecrets: - {{- toYaml .Values.imagePullSecrets | nindent 8 }} - dnsPolicy: {{ .Values.dnsPolicy }} - hostNetwork: {{ .Values.hostNetwork }} diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/exporter-config.yaml b/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/exporter-config.yaml deleted file mode 100644 index 69b817f9d..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/exporter-config.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.prometheusExporter.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: '{{ include "ambassador.fullname" . }}-exporter-config' - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} -data: - exporterConfiguration: -{{- if .Values.prometheusExporter.configuration }} | - {{- .Values.prometheusExporter.configuration | nindent 4 }} -{{- else }} '' -{{- end }} -{{- end }} diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/hpa.yaml b/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/hpa.yaml deleted file mode 100644 index 18cbbdbf6..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/hpa.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if and .Values.autoscaling.enabled (not .Values.daemonSet) }} -apiVersion: autoscaling/v2beta2 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "ambassador.fullname" . }} - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ include "ambassador.fullname" . }} - minReplicas: {{ .Values.autoscaling.minReplicas }} - maxReplicas: {{ .Values.autoscaling.maxReplicas }} - metrics: - {{- toYaml .Values.autoscaling.metrics | nindent 4 }} -{{- end }} diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/module.yaml b/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/module.yaml deleted file mode 100644 index 6d481fef0..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/module.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- if .Values.module }} -apiVersion: getambassador.io/v2 -kind: Module -metadata: - name: ambassador - namespace: {{ include "ambassador.namespace" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - app.kubernetes.io/component: {{ include "ambassador.name" . }}-ratelimit - {{- end }} - product: aes -spec: - {{- if .Values.env }} - {{- if hasKey .Values.env "AMBASSADOR_ID" }} - ambassador_id: {{ .Values.env.AMBASSADOR_ID | quote }} - {{- end }} - {{- end }} - config: - {{- toYaml .Values.module | nindent 4 }} -{{- end }} diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/namespace.yaml b/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/namespace.yaml deleted file mode 100644 index 4535c74f2..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/namespace.yaml +++ /dev/null @@ -1,8 +0,0 @@ -{{- if .Values.createNamespace }} -apiVersion: v1 -kind: Namespace -metadata: - labels: - product: aes - name: {{ include "ambassador.namespace" . }} -{{- end }} diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/oss-migration-test-service.yaml b/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/oss-migration-test-service.yaml deleted file mode 100644 index 17f3c288d..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/oss-migration-test-service.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- if .Values.enableTestService }} -apiVersion: v1 -kind: Service -metadata: - name: test-aes - namespace: {{ include "ambassador.namespace" . }} - labels: - product: aes -spec: - type: LoadBalancer - externalTrafficPolicy: Local - ports: - {{- range .Values.service.ports }} - - name: {{ .name }} - port: {{ int .port }} - {{- if .targetPort }} - targetPort: {{ int .targetPort }} - {{- end }} - {{- if .nodePort }} - nodePort: {{ int .nodePort }} - {{- end }} - {{- if .protocol }} - protocol: {{ .protocol }} - {{- end }} - {{- end}} - selector: - {{- if .Values.service.selector }} - {{ toYaml .Values.service.selector | nindent 6 }} - {{- else }} - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- end }} -{{- end }} diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/pdb.yaml b/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/pdb.yaml deleted file mode 100644 index 4044fda60..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/pdb.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.podDisruptionBudget }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ include "ambassador.fullname" . }} - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} -{{ toYaml .Values.podDisruptionBudget | indent 2 }} -{{- end }} diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/podsecuritypolicy.yaml b/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/podsecuritypolicy.yaml deleted file mode 100644 index 3da289039..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/podsecuritypolicy.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{ if .Values.security.podSecurityPolicy }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ include "ambassador.fullname" . }} - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- with .Values.security.podSecurityPolicy.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- with .Values.security.podSecurityPolicy.spec }} -spec: - {{- toYaml . | nindent 2}} -{{- end }} -{{ end }} \ No newline at end of file diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/projects-rbac.yaml b/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/projects-rbac.yaml deleted file mode 100644 index ed1087f4b..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/projects-rbac.yaml +++ /dev/null @@ -1,75 +0,0 @@ -{{- if and .Values.rbac.create .Values.registry.create -}} -apiVersion: rbac.authorization.k8s.io/v1beta1 -{{- if .Values.scope.singleNamespace }} -kind: Role -{{- else }} -kind: ClusterRole -{{- end }} -metadata: - name: {{ include "ambassador.rbacName" . }}-projects - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes -rules: -- apiGroups: [""] - resources: [ "secrets", "services" ] - verbs: [ "get", "list", "create", "patch", "delete", "watch" ] -- apiGroups: ["apps"] - resources: [ "deployments" ] - verbs: [ "get", "list", "create", "patch", "delete", "watch" ] -- apiGroups: ["batch"] - resources: [ "jobs" ] - verbs: [ "get", "list", "create", "patch", "delete", "watch" ] -- apiGroups: [""] - resources: [ "pods" ] - verbs: [ "get", "list", "watch" ] -- apiGroups: [""] - resources: [ "pods/log" ] - verbs: [ "get" ] ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -{{- if .Values.scope.singleNamespace }} -kind: RoleBinding -{{- else }} -kind: ClusterRoleBinding -{{- end }} -metadata: - name: {{ include "ambassador.rbacName" . }}-projects - {{- if .Values.scope.singleNamespace }} - namespace: {{ include "ambassador.namespace" . }} - {{- end }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes -roleRef: - apiGroup: rbac.authorization.k8s.io - {{- if .Values.scope.singleNamespace }} - kind: Role - {{- else }} - kind: ClusterRole - {{- end }} - name: {{ include "ambassador.rbacName" . }}-projects -subjects: - - name: {{ include "ambassador.serviceAccountName" . }} - namespace: {{ include "ambassador.namespace" . }} - kind: ServiceAccount -{{- end }} diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/projects.yaml b/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/projects.yaml deleted file mode 100644 index 21b021a9a..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/projects.yaml +++ /dev/null @@ -1,412 +0,0 @@ -{{- if .Values.registry.create }} -###################################################################### -# In-cluster Registry for Projects - -# This mapping will make every host function as a docker -# registry. It's not ideal to take over the "v2" mapping, but there -# are a number of constraints that make this the least worst option -# explored so far. These constraints are: -# -# - We need a registry where docker push/pull and similar (e.g. crictl -# push/pull) can work with no special client configuration since we -# don't control the clients and we can't expect our users to -# reconfigure their clusters to use a special push/pull -# configuration. -# -# - GKE's push/pull implementation (I think it's docker) and crictl -# push/pull (used by default in k3s clusters) have different default -# behaviors with respect to localhost registries. The docker -# implementation is very permissive, it will try both cleartext and -# TLS and it does not verify the TLS connection, so self-signed -# registries work fine. The crictl implementation is moving in this -# direction, but the version used in k3s (based on rancher's fork of -# containerd at v1.3.3) is not there yet. It only tries cleartext by -# default. -# -# - We want to minimize the requirements for users to have the -# access/understanding to create special DNS configurations -# (e.g. wildcard or a separate dns name for the registry). -# -# - You can configure the docker registry to have a prefix, -# e.g. //v2/..., however without special -# configuration to override the defaults, clients can't push/pull -# from a registry served at a prefix. If your image is named -# /, the client will look for /v2/... endpoints. -# -# Given all the prior constraints we are left with creating this -# mapping for all hosts. If this is a problem there are a few -# alternatives we could consider. We can provide a way to limit this -# mapping to only one host so they can have distinct hosts for their -# site and their registry. We could also look into creating a -# daemonset that binds to localhost and proxies cleartext to -# TLS. Based on what I know of GKE and k3s its a good guess that this -# would accommodate both of them, but possibly not other clusters with -# different configurations. -# -# Another reason to lean towards an externally accessible registry is -# that there are likely some people that would want this as a feature -# so they can docker push/pull images from other systems into/out of -# the builtin registry. While it's true that security minded people -# might not like having this registry externally accessible, it's also -# quite likely those people would want to run their own fancy registry -# that scans/audits images, etc. The focus for RtC is really a smooth -# out of the box experience that functions end-to-end without -# requiring you to build your own platform. For more security minded -# people we should expect to eventually be able to configure an -# external registry and/or turn off the builtin one. ---- -apiVersion: getambassador.io/v2 -kind: Mapping -metadata: - name: {{ include "ambassador.fullname" . }}-registry - namespace: {{ include "ambassador.namespace" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }}-registry - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes -spec: - prefix: /v2/ - rewrite: /v2/ - {{- if .Values.registry.resourceNameOverride }} - service: https://{{ .Values.registry.resourceNameOverride }} - {{- else }} - service: https://{{ include "ambassador.fullname" . }}-registry - {{- end }} - timeout_ms: 300000 ---- -apiVersion: v1 -kind: Service -metadata: - {{- if .Values.registry.resourceNameOverride }} - name: {{ .Values.registry.resourceNameOverride }} - {{- else }} - name: {{ include "ambassador.fullname" . }}-registry - {{- end }} - namespace: {{ include "ambassador.namespace" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }}-registry - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes - annotations: - a8r.io/owner: "Ambassador Labs" - a8r.io/repository: github.com/datawire/ambassador - a8r.io/description: "The Ambassador Edge internal image registry." - a8r.io/documentation: https://www.getambassador.io/docs/edge-stack/latest/ - a8r.io/chat: http://a8r.io/Slack - a8r.io/bugs: https://github.com/datawire/ambassador/issues - a8r.io/support: https://www.getambassador.io/about-us/support/ - a8r.io/dependencies: "None" -spec: - type: ClusterIP - selector: - {{- if .Values.registry.serviceSelectors }} - {{ toYaml .Values.registry.serviceSelector | nindent 4 }} - {{- else }} - app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-registry - app.kubernetes.io/instance: {{ .Release.Name }} - {{- end }} - ports: - - port: 443 - targetPort: 5000 - -# The registry deployment. The deployment includes a persistent volume -# mount for storing images, a config-map mount for customizing the -# registry configuration, and a secret mounted for tls. ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - {{- if .Values.registry.resourceNameOverride }} - name: {{ .Values.registry.resourceNameOverride }} - {{- else }} - name: {{ include "ambassador.fullname" . }}-registry - {{- end }} - namespace: {{ include "ambassador.namespace" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes - app: registry -spec: - replicas: 1 - strategy: - rollingUpdate: - maxSurge: 0 - selector: - matchLabels: - {{- if .Values.registry.serviceSelectors }} - {{ toYaml .Values.registry.serviceSelector | nindent 6 }} - {{- else }} - app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-registry - app.kubernetes.io/instance: {{ .Release.Name }} - {{- end }} - template: - metadata: - annotations: - foo: "5" - labels: - {{- if .Values.registry.serviceSelectors }} - {{ toYaml .Values.registry.serviceSelector | nindent 8 }} - {{- else }} - app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-registry - app.kubernetes.io/instance: {{ .Release.Name }} - {{- end }} - spec: - containers: - - name: registry - image: registry:2 - ports: - - containerPort: 5000 - volumeMounts: - - mountPath: /var/lib/registry - name: registry-data - - name: registry-config - mountPath: /etc/docker/registry - - name: registry-tls - mountPath: /etc/tls - volumes: - - name: registry-config - configMap: - # Provide the name of the ConfigMap containing the files you want - # to add to the container - {{- if .Values.registry.resourceNameOverride }} - name: {{ .Values.registry.resourceNameOverride }}-config - {{- else }} - name: {{ include "ambassador.fullname" . }}-registry-config - {{- end }} - - name: registry-data - persistentVolumeClaim: - {{- if .Values.registry.resourceNameOverride }} - claimName: {{ .Values.registry.resourceNameOverride }}-data - {{- else }} - claimName: {{ include "ambassador.fullname" . }}-registry-data - {{- end }} - - name: registry-tls - secret: - {{- if .Values.registry.resourceNameOverride }} - secretName: {{ .Values.registry.resourceNameOverride }}-tls - {{- else }} - secretName: {{ include "ambassador.fullname" . }}-registry-tls - {{- end }} - -# The configuration file for our registry. ---- -apiVersion: v1 -kind: ConfigMap -metadata: - {{- if .Values.registry.resourceNameOverride }} - name: {{ .Values.registry.resourceNameOverride }}-config - {{- else }} - name: {{ include "ambassador.fullname" . }}-registry-config - {{- end }} - namespace: {{ include "ambassador.namespace" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }}-registry - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes -data: - config.yml: | - version: 0.1 - log: - fields: - service: registry - storage: - cache: - blobdescriptor: inmemory - filesystem: - rootdirectory: /var/lib/registry - http: - addr: :5000 - headers: - X-Content-Type-Options: [nosniff] - tls: - certificate: /etc/tls/tls.crt - key: /etc/tls/tls.key - health: - storagedriver: - enabled: true - interval: 10s - threshold: 3 - -# The persistent volume for our registry. ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - {{- if .Values.registry.resourceNameOverride }} - name: {{ .Values.registry.resourceNameOverride }}-data - {{- else }} - name: {{ include "ambassador.fullname" . }}-registry-data - {{- end }} - namespace: {{ include "ambassador.namespace" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }}-registry - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 10Gi - -# The self-signed tls secret for our registry. We should look into -# generating this on install with a job. ---- -apiVersion: v1 -kind: Secret -metadata: - {{- if .Values.registry.resourceNameOverride }} - name: {{ .Values.registry.resourceNameOverride }}-tls - {{- else }} - name: {{ include "ambassador.fullname" . }}-registry-tls - {{- end }} - namespace: {{ include "ambassador.namespace" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }}-registry - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes -type: kubernetes.io/tls -data: - tls.crt: | - LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVEekNDQXZlZ0F3SUJBZ0lVSVZrWlJGSkVJ - VCtOTlJiMFJ0TkxwZFp5TTVnd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2daWXhDekFKQmdOVkJBWVRB - bFZUTVJZd0ZBWURWUVFJREExTllYTnpZV05vZFhObGRIUnpNUk13RVFZRApWUVFIREFwVGIyMWxj - blpwYkd4bE1SRXdEd1lEVlFRS0RBaEVZWFJoZDJseVpURVVNQklHQTFVRUN3d0xSVzVuCmFXNWxa - WEpwYm1jeEVUQVBCZ05WQkFNTUNISmxaMmx6ZEhKNU1SNHdIQVlKS29aSWh2Y05BUWtCRmc5a1pY - WkEKWkdGMFlYZHBjbVV1YVc4d0hoY05NakF3TVRNd01qRXdNVFV5V2hjTk1qRXdNVEk1TWpFd01U - VXlXakNCbGpFTApNQWtHQTFVRUJoTUNWVk14RmpBVUJnTlZCQWdNRFUxaGMzTmhZMmgxYzJWMGRI - TXhFekFSQmdOVkJBY01DbE52CmJXVnlkbWxzYkdVeEVUQVBCZ05WQkFvTUNFUmhkR0YzYVhKbE1S - UXdFZ1lEVlFRTERBdEZibWRwYm1WbGNtbHUKWnpFUk1BOEdBMVVFQXd3SWNtVm5hWE4wY25reEhq - QWNCZ2txaGtpRzl3MEJDUUVXRDJSbGRrQmtZWFJoZDJseQpaUzVwYnpDQ0FTSXdEUVlKS29aSWh2 - Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTFRtZ21wb2szVVdCVkhqCjFqb2R5eG9LZFJad09Y - WnhiZ25ITXlMa2xxLzUydGdmTEJmVlU1TzB2aE5iVm5vcEVSRWdWV0pTd3dlN0dOS0EKSjlaWWxC - Qlc1Q1U5Q3FNalU2TTVOdTdiVWRQblNyNGRFSFlWcmhEakJYcVpDUElEaFhZS2ZZYWh0YlB4cis1 - egpueS9qQktKU2JwM3RWU3d5SEhsY3JJNHdOU2R1Q2x5UFplOFR0Q2hGQUxhcU5rWUMvclNGK0w0 - SWcwZmY1N0duClpFVmsyZDJja09Xbkp6akRXMGhYL3FUcXhUKzZwV2tUQThWQ0FVS2FabEY5VkRK - c20rOW1XM2dBWmZ5NWdFWloKajcvaktqNTd5R1BUR2xWQXhra2J2WlJJVWQ5LzVkVmE3V1RCYnlR - dkxvOEkyWWQ3S1h6Y3BjcElpS2hRREdPQQpHbGVoa2JVQ0F3RUFBYU5UTUZFd0hRWURWUjBPQkJZ - RUZGTDV5NnNIb09tV0FRWVVGano4VHNETGFnUTdNQjhHCkExVWRJd1FZTUJhQUZGTDV5NnNIb09t - V0FRWVVGano4VHNETGFnUTdNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHcKRFFZSktvWklodmNOQVFF - TEJRQURnZ0VCQUFZdHlnNDNDTEJsbVlvY0NkSjVpSlF0NTR0anFGU2hIMzdFd3h4WQp1QVExRHRW - a0Q3QngzUURZZ1cxeU1QYzFTRDhYenFUcWxjQUlOQTZwdVB0SlNPcC8wUUVqVFJSMkFSZFF5VURI - ClZOZEZzcHp5MGRnbllqOXY2ckl4akdOazVHZXI3cUp4TURaUUY0dC82NHZLYWNyOHZOQ3dnSmI5 - WEZaMTBjNlEKdVNSNVVVN1pMTWJPeWd4a0hPQStMMXp3S2pSaXZUb2ZMbExPOURQNUJwMk9hOGgr - TmZhVkJ4ZHFUS2l0UzFaOApnUnZhOTFuRHZwTjl5aHBiNFJVN2FoWW9tWGF4VE5ZVEJxVE1uZWhE - aWhPQjdBS2Z0VVErdjJWZ2VlM1FxaGJ4CjRUSlJpTTUxR2VIWEtoVWw5ZXBxRnBlYllIa1BnU1ln - bU1OUy9aT3JSWmFxajVRPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== - tls.key: | - LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2QUlCQURBTkJna3Foa2lHOXcwQkFRRUZB - QVNDQktZd2dnU2lBZ0VBQW9JQkFRQzA1b0pxYUpOMUZnVlIKNDlZNkhjc2FDblVXY0RsMmNXNEp4 - ek1pNUphditkcllIeXdYMVZPVHRMNFRXMVo2S1JFUklGVmlVc01IdXhqUwpnQ2ZXV0pRUVZ1UWxQ - UXFqSTFPak9UYnUyMUhUNTBxK0hSQjJGYTRRNHdWNm1RanlBNFYyQ24yR29iV3o4YS91CmM1OHY0 - d1NpVW02ZDdWVXNNaHg1WEt5T01EVW5iZ3BjajJYdkU3UW9SUUMycWpaR0F2NjBoZmkrQ0lOSDMr - ZXgKcDJSRlpObmRuSkRscHljNHcxdElWLzZrNnNVL3VxVnBFd1BGUWdGQ21tWlJmVlF5Ykp2dlps - dDRBR1g4dVlCRwpXWSsvNHlvK2U4aGoweHBWUU1aSkc3MlVTRkhmZitYVld1MWt3VzhrTHk2UENO - bUhleWw4M0tYS1NJaW9VQXhqCmdCcFhvWkcxQWdNQkFBRUNnZ0VBWUxiMGRxdGVXclRoTnp6V0pk - QVQ2K0kzWXoyd214QmR3a0NMcUZZSjhoOWsKenpNclFicTlxalJ4Z3F2TWVoZEdscDl3eHRaMGlz - ZU9wOHY0Z0hKdkJxVk42RkxRUXhQNS9VUHppSlFkRld1TQozRU54cjVBN3RhK0tHRmVGSHM2Zkpk - TEo5WmF6TEhkRWxmbWUyOTFGZHZzWFJMdkVVNUtmQW90M2ZiVnNWWjFxCnRucVIzY0dET3JVQ00v - ZzJKZmVBYk5wSUJjTnlCV0diOGRQbm5SaHZRNW5YN1ozUnJiNTlhQnhOcldCSkFkbnEKOUtkS3BR - UmU4cjBiRGJ0WVZQamxXRldpOVluWVQ0WHpQOG9TU0t5a3R4TWZraEM2dlVKb0gwNHFOSmRkWjVM - WAozWjRKUm14RnlUZU1rUG0xa2dnSVVRZGJhRWp1WG0rOThOeXVkZitKcVFLQmdRRGx6SS9XMzZM - am1pRE9MSDVUCnFhZTFnazNMV2lTY3hwZzRhazEyenhLSlkrWUJiNnc4UG5EVmlvY2tPa0lsSERh - V0xzQ2VpRkJsM2lPSDlUWWcKQm9iY3JVZVNUbWdOaUNqSlpIWVhIUlY1TEN2bGE0UkhhcXNMWG43 - elptTE5GVW9YRlhaTkoyQzlqUEp5TStyQQpqOWJLWlFvQTF2NC9qOUdMTXN3eEJZem1pd0tCZ1FE - SmhxNDhrYmV0MlRTRFhyMUxuY3FMVU9wak1hQmNyOEJKCnpDNlBwK3F0ck01QVE1RnkwaHRoV2Zn - bDkzZU5vMWRQT2pCRDZ6amIyd2dNSHhBR2w1V0pIN005enFBSWJSaW0KbDFNcmsrUkprbUVGeUls - cU95TG9jNlg0V1pPN1BwejZPQkdWTExGOFlBR09UcldaRzZwUStDeVJWN3hHUS9PWAo4QlN5UVVh - d3Z3S0JnRWFXWG55dmQxYVlpb2txUzZlaFRuM0h4K08yRGRjR2ZjMmVnYXNFRW5xWGNCaHkyQ0l0 - ClAvV29OcmpmR0dCVDJVU3FtY3BZcnZHTG1iaHlqeXlwTkpYbXVEeHR6ektRNTQ1dFNJVHpEeHlJ - Zi9kWjNta2QKaityUEhRbmhJbXBDcHQ2T1hpZDIrQlZoalR1ZFRQZlhkeS8yZDJzb256S2hGOG05 - VWRHaEZkWGZBb0dBRkZ0QwpabVBoeGZIVzJCNU55TUdib0E4QVhoeTVNaU9lck5XdkxsdXIzUGRE - cmtJbEF4QXVLOXRHc2E4WnFIa0RiTUZYCjlzUmY3ZlZtRHJOa2p3WG8yUDBXd2Z1Sk50Q3VXTVdZ - WlNKL1FOOUVaYTBvRkU3ODY3WWk0YjlLcVBOZUwvaFIKN2x1aFlncmduVnRlQktWQ3d3TU9uVy9i - V00yc1lZQ2kxbzY1Y1VrQ2dZQUR4SUJmOGZUOURDS0NaZ1FvQXNDYwpvSzcvdzdDYk1hOEp5TjZa - ZDRiSlIrSzRzUEtQekd2M3dEandxRzFTRkN6UU1FR01mOWt6TWFYb09XdzNaN2NCCklIZTJDUXFF - N2NZdW1LYjFkOTFueU1qMVdQVC9CWEJKZzB3aUNMV0RjakdQR0xNWTJyeGsvMWwzL2xjKy9WVkcK - NjRZZUh1YlllOE9Iemp5UEZGSnJZdz09Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K - -###################################################################### -# Project Controller -# -# Comment this out if you want to disable the micro CI/CD functionality: ---- -apiVersion: getambassador.io/v2 -kind: ProjectController -metadata: - {{- if .Values.registry.projectControllerName }} - name: {{ .Values.registry.projectControllerName }} - {{- else }} - name: {{ include "ambassador.fullname" . }}-projectcontroller - {{- end }} - namespace: {{ include "ambassador.namespace" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }}-projectcontroller - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - projects.getambassador.io/ambassador_id: {{ if hasKey .Values.env "AMBASSADOR_ID" }}{{ .Values.env.AMBASSADOR_ID | quote }}{{ else }}default{{ end }} - product: aes -{{- end }} diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/rbac.yaml b/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/rbac.yaml deleted file mode 100644 index 1077c248d..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/rbac.yaml +++ /dev/null @@ -1,200 +0,0 @@ -{{- if .Values.rbac.create -}} ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - name: {{ include "ambassador.rbacName" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes -aggregationRule: - clusterRoleSelectors: - - matchLabels: - rbac.getambassador.io/role-group: {{ include "ambassador.rbacName" . }} -rules: [] ---- -# CRDs are cluster scoped resources, so they need to be in a cluster role, -# even if ambassador is running in single namespace mode -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - name: {{ include "ambassador.rbacName" . }}-crd - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes - rbac.getambassador.io/role-group: {{ include "ambassador.rbacName" . }} -rules: - - apiGroups: [ "apiextensions.k8s.io" ] - resources: [ "customresourcedefinitions" ] - verbs: ["get", "list", "watch", "delete"] ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -{{- if .Values.scope.singleNamespace }} -kind: Role -metadata: - name: {{ include "ambassador.rbacName" . }} - namespace: {{ include "ambassador.namespace" . }} -{{- else }} -kind: ClusterRole -metadata: - name: {{ include "ambassador.rbacName" . }}-watch -{{- end }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes - rbac.getambassador.io/role-group: {{ include "ambassador.rbacName" . }} -rules: - - apiGroups: [""] - resources: - - namespaces - - services - - secrets - - endpoints - verbs: ["get", "list", "watch"] - - - apiGroups: [ "getambassador.io" ] - resources: [ "*" ] - verbs: ["get", "list", "watch", "update", "patch", "create", "delete" ] - - - apiGroups: [ "getambassador.io" ] - resources: [ "mappings/status" ] - verbs: ["update"] - - - apiGroups: [ "networking.internal.knative.dev" ] - resources: [ "clusteringresses", "ingresses" ] - verbs: ["get", "list", "watch"] - - - apiGroups: [ "networking.x-k8s.io" ] - resources: [ "*" ] - verbs: ["get", "list", "watch"] - - - apiGroups: [ "networking.internal.knative.dev" ] - resources: [ "ingresses/status", "clusteringresses/status" ] - verbs: ["update"] - - - apiGroups: [ "extensions", "networking.k8s.io" ] - resources: [ "ingresses", "ingressclasses" ] - verbs: ["get", "list", "watch"] - - - apiGroups: [ "extensions", "networking.k8s.io" ] - resources: [ "ingresses/status" ] - verbs: ["update"] - - {{- if .Values.enableAES }} - - - apiGroups: [""] - resources: [ "secrets" ] - verbs: ["get", "list", "watch", "create", "update"] - - - apiGroups: [""] - resources: [ "events" ] - verbs: ["get", "list", "watch", "create", "patch"] - - - apiGroups: ["coordination.k8s.io"] - resources: [ "leases" ] - verbs: ["get", "create", "update"] - - - apiGroups: [""] - resources: [ "endpoints" ] - verbs: ["get", "list", "watch", "create", "update"] - {{- end }} - - {{- if or .Values.rbac.podSecurityPolicies .Values.security.podSecurityPolicy }} - - - apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - {{- if .Values.rbac.podSecurityPolicies }} - {{- toYaml .Values.rbac.podSecurityPolicies | nindent 6 }} - {{- end }} - {{- if .Values.security.podSecurityPolicy }} - - {{ include "ambassador.fullname" . }} - {{- end }} - {{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding -metadata: - name: {{ include "ambassador.rbacName" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "ambassador.rbacName" . }} -subjects: - - name: {{ include "ambassador.serviceAccountName" . }} - namespace: {{ include "ambassador.namespace" . }} - kind: ServiceAccount ---- -{{- if .Values.scope.singleNamespace }} -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: RoleBinding -metadata: - name: {{ include "ambassador.rbacName" . }} - namespace: {{ include "ambassador.namespace" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "ambassador.rbacName" . }} -subjects: - - name: {{ include "ambassador.serviceAccountName" . }} - namespace: {{ include "ambassador.namespace" . }} - kind: ServiceAccount -{{- end }} -{{- end -}} diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/resolvers.yaml b/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/resolvers.yaml deleted file mode 100644 index 43aa5ace2..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/resolvers.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{- if .Values.resolvers.endpoint.create }} ---- -apiVersion: getambassador.io/v2 -kind: KubernetesEndpointResolver -metadata: - name: {{ .Values.resolvers.endpoint.name }} - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} -{{- if hasKey .Values.env "AMBASSADOR_ID" }} -spec: - ambassador_id: {{ .Values.env.AMBASSADOR_ID | quote }} -{{- end }} -{{- end }} -{{- if .Values.resolvers.consul.create }} ---- -apiVersion: getambassador.io/v2 -kind: ConsulResolver -metadata: - name: {{ .Values.resolvers.consul.name }} - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} -spec: - {{- if hasKey .Values.env "AMBASSADOR_ID" }} - ambassador_id: {{ .Values.env.AMBASSADOR_ID | quote }} - {{- end }} - {{- toYaml .Values.resolvers.consul.spec | nindent 2 }} -{{- end }} diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/service.yaml b/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/service.yaml deleted file mode 100644 index a541c2234..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/service.yaml +++ /dev/null @@ -1,81 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - {{- if .Values.service.nameOverride }} - name: {{ .Values.service.nameOverride }} - {{- else }} - name: {{ include "ambassador.fullname" . }} - {{- end }} - namespace: {{ include "ambassador.namespace" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - app.kubernetes.io/component: ambassador-service - product: aes - annotations: - a8r.io/owner: "Ambassador Labs" - a8r.io/repository: github.com/datawire/ambassador - a8r.io/description: "The Ambassador Edge Stack goes beyond traditional API Gateways and Ingress Controllers with the advanced edge features needed to support developer self-service and full-cycle development." - a8r.io/documentation: https://www.getambassador.io/docs/edge-stack/latest/ - a8r.io/chat: http://a8r.io/Slack - a8r.io/bugs: https://github.com/datawire/ambassador/issues - a8r.io/support: https://www.getambassador.io/about-us/support/ - a8r.io/dependencies: {{ include "ambassador.fullname" . }}-redis.{{ include "ambassador.namespace" . }} -{{- if .Values.service.annotations }} - {{- range $key, $value := .Values.service.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -{{- end }} -spec: - type: {{ .Values.service.type }} - {{- if .Values.service.loadBalancerIP }} - loadBalancerIP: "{{ .Values.service.loadBalancerIP }}" - {{- end }} - {{- if .Values.service.externalTrafficPolicy }} - externalTrafficPolicy: "{{ .Values.service.externalTrafficPolicy }}" - {{- end }} - {{- if .Values.service.sessionAffinity }} - sessionAffinity: {{ .Values.service.sessionAffinity }} - {{- end }} - {{- if .Values.service.sessionAffinityConfig }} - sessionAffinityConfig: - {{- toYaml .Values.service.sessionAffinityConfig | nindent 4 }} - {{- end }} - ports: - {{- range .Values.service.ports }} - - name: {{ .name }} - port: {{ int .port }} - {{- if .targetPort }} - targetPort: {{ int .targetPort }} - {{- end }} - {{- if .nodePort }} - nodePort: {{ int .nodePort }} - {{- end }} - {{- if .protocol }} - protocol: {{ .protocol }} - {{- end }} - {{- end}} - selector: - {{- if .Values.service.selector }} - {{ toYaml .Values.service.selector | nindent 6 }} - {{- else }} - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- end }} - {{- with .Values.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: - {{- toYaml . | nindent 4 }} - {{- end }} - {{- if .Values.service.externalIPs }} - externalIPs: - {{- toYaml .Values.service.externalIPs | nindent 4 }} - {{- end }} diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/serviceaccount.yaml b/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/serviceaccount.yaml deleted file mode 100644 index 90c8ef085..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/serviceaccount.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "ambassador.serviceAccountName" . }} - namespace: {{ include "ambassador.namespace" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes -{{- if .Values.docker.useImagePullSecret }} -imagePullSecrets: -- name: {{ .Values.docker.imagePullSecretName }} -{{- end }} -{{- end -}} diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/servicemonitor.yaml b/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/servicemonitor.yaml deleted file mode 100644 index b2c8122a1..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/servicemonitor.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{- if and .Values.adminService.create .Values.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "ambassador.fullname" . }} - namespace: {{ include "ambassador.namespace" . }} - labels: - app: {{ include "ambassador.name" . }} - {{- if .Values.metrics.serviceMonitor.selector }} - {{- toYaml .Values.metrics.serviceMonitor.selector | nindent 4 }} - {{- end }} -spec: - endpoints: - - port: ambassador-admin - path: /metrics - {{- with .Values.metrics.serviceMonitor.interval }} - interval: {{ . }} - {{- end }} - {{- with .Values.metrics.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ . }} - {{- end }} - namespaceSelector: - matchNames: - - {{ include "ambassador.namespace" . }} - selector: - matchLabels: - service: ambassador-admin -{{- end }} diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/tests/test-ready.yaml b/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/tests/test-ready.yaml deleted file mode 100644 index ec96235f7..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/tests/test-ready.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if and (.Values.test.enabled) (not .Values.daemonSet) }} -apiVersion: v1 -kind: Pod -metadata: - name: "{{ include "ambassador.fullname" . }}-test-ready" - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - annotations: - "helm.sh/hook": test-success -spec: - containers: - - name: wget - image: {{ .Values.test.image | default "busybox" }} - command: ['wget'] - args: ['{{ include "ambassador.fullname" . }}:{{ include "ambassador.servicePort" . }}/ambassador/v0/check_ready'] - restartPolicy: Never -{{- end }} diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/traffic-agent-rbac.yaml b/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/traffic-agent-rbac.yaml deleted file mode 100644 index 783c0aed6..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/traffic-agent-rbac.yaml +++ /dev/null @@ -1,135 +0,0 @@ -{{- if and .Values.enableAES .Values.servicePreview.enabled }} -{{- if .Values.servicePreview.trafficAgent.singleNamespace }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }} - namespace: {{ include "ambassador.namespace" . }} - annotations: - # Required because Helm creates secrets before ServiceAccount, but service-account-token depends on an existing SA. - "helm.sh/hook": "pre-install" - labels: - app.kubernetes.io/name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes ---- -## Create a service-account-token for traffic-agent with a matching name. -## Since the ambassador-injector will use this token name, it must be deterministic and not auto-generated. -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }} - namespace: {{ include "ambassador.namespace" . }} - annotations: - kubernetes.io/service-account.name: traffic-agent -type: kubernetes.io/service-account-token ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: Role -metadata: - name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }} - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes -rules: - - apiGroups: [""] - resources: [ "namespaces", "services", "secrets" ] - verbs: ["get", "list", "watch"] - - apiGroups: [ "getambassador.io" ] - resources: [ "*" ] - verbs: ["get", "list", "watch", "update"] ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: RoleBinding -metadata: - name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }} - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "ambassador.rbacName" . }} -subjects: - - name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }} - namespace: {{ include "ambassador.namespace" . }} - kind: ServiceAccount -{{- else }} -## If we install Service Preview cluster-wide, this means we can't use the 'traffic-agent' ServiceAccount -## as it does not exist in every namespace. We must instead grant new Roles to all ServiceAccounts (cluster-wide). ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }} - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes -rules: - - apiGroups: [""] - resources: [ "namespaces", "services", "secrets" ] - verbs: ["get", "list", "watch"] - - apiGroups: [ "getambassador.io" ] - resources: [ "*" ] - verbs: ["get", "list", "watch", "update"] ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding -metadata: - name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }} - labels: - app.kubernetes.io/name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }} -subjects: - - name: system:serviceaccounts - kind: Group - apiGroup: rbac.authorization.k8s.io -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/traffic-manager.yaml b/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/traffic-manager.yaml deleted file mode 100644 index 922bc5df4..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/templates/traffic-manager.yaml +++ /dev/null @@ -1,190 +0,0 @@ -{{- if and .Values.enableAES .Values.servicePreview.enabled }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Values.servicePreview.trafficManager.serviceAccountName }} - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ .Values.servicePreview.trafficManager.serviceAccountName }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -{{- if .Values.scope.singleNamespace }} -kind: Role -{{- else }} -kind: ClusterRole -{{- end }} -metadata: - name: {{ .Values.servicePreview.trafficManager.serviceAccountName }} - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ .Values.servicePreview.trafficManager.serviceAccountName }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes -rules: - - apiGroups: [""] - resources: ["namespaces", "services", "pods", "secrets"] - verbs: ["get", "list", "watch"] ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -{{- if .Values.scope.singleNamespace }} -kind: RoleBinding -{{- else }} -kind: ClusterRoleBinding -{{- end }} -metadata: - name: {{ .Values.servicePreview.trafficManager.serviceAccountName }} - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ .Values.servicePreview.trafficManager.serviceAccountName }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes -roleRef: - apiGroup: rbac.authorization.k8s.io - {{- if .Values.scope.singleNamespace }} - kind: Role - {{- else }} - kind: ClusterRole - {{- end }} - name: {{ .Values.servicePreview.trafficManager.serviceAccountName }} -subjects: - - kind: ServiceAccount - name: {{ .Values.servicePreview.trafficManager.serviceAccountName }} - namespace: {{ include "ambassador.namespace" . }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: telepresence-proxy - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: telepresence-proxy - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: telepresence-proxy - app.kubernetes.io/instance: {{ .Release.Name }} - template: - metadata: - labels: - app.kubernetes.io/name: telepresence-proxy - app.kubernetes.io/instance: {{ .Release.Name }} - spec: - containers: - - name: telepresence-proxy - {{- if .Values.servicePreview.trafficManager.image.repository }} - image: "{{ .Values.servicePreview.trafficManager.image.repository }}:{{ .Values.servicePreview.trafficManager.image.tag | default .Values.image.tag }}" - {{- else }} - image: {{ include "ambassador.image" . }} - {{- end }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - command: [ "traffic-manager" ] - env: - {{- if .Values.scope.singleNamespace }} - - name: AMBASSADOR_SINGLE_NAMESPACE - value: "true" - {{- end }} - - name: AMBASSADOR_NAMESPACE - {{- if .Values.namespace }} - value: {{ .Values.namespace.name | quote }} - {{ else }} - valueFrom: - fieldRef: - fieldPath: metadata.namespace - {{- end -}} - {{- if or .Values.redis.create .Values.redisURL }} - - name: REDIS_URL - {{- if .Values.redisURL }} - value: {{ .Values.redisURL }} - {{- else }} - value: {{ include "ambassador.fullname" . }}-redis:6379 - {{- end }} - {{- end }} - ports: - - name: sshd - containerPort: 8022 - volumeMounts: - - mountPath: /tmp/ambassador-pod-info - name: pod-info - restartPolicy: Always - terminationGracePeriodSeconds: 0 - volumes: - - downwardAPI: - items: - - fieldRef: - fieldPath: metadata.labels - path: labels - name: pod-info - serviceAccountName: {{ .Values.servicePreview.trafficManager.serviceAccountName }} ---- -apiVersion: v1 -kind: Service -metadata: - name: telepresence-proxy - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: telepresence-proxy - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - annotations: - a8r.io/owner: "Ambassador Labs" - a8r.io/repository: github.com/datawire/ambassador - a8r.io/description: "The Ambassador Edge Stack Service Preview Telepresence Proxy." - a8r.io/documentation: https://www.getambassador.io/docs/edge-stack/latest/ - a8r.io/chat: http://a8r.io/Slack - a8r.io/bugs: https://github.com/datawire/ambassador/issues - a8r.io/support: https://www.getambassador.io/about-us/support/ - a8r.io/dependencies: "None" -spec: - type: ClusterIP - clusterIP: None - selector: - app.kubernetes.io/name: telepresence-proxy - app.kubernetes.io/instance: {{ .Release.Name }} - ports: - - name: sshd - protocol: TCP - port: 8022 - - name: api - protocol: TCP - port: 8081 -{{- end }} diff --git a/charts/ambassador/ambassador/6.7.1100+up6.7.11/values.yaml b/charts/ambassador/ambassador/6.7.1100+up6.7.11/values.yaml deleted file mode 100644 index 17ebb9ab0..000000000 --- a/charts/ambassador/ambassador/6.7.1100+up6.7.11/values.yaml +++ /dev/null @@ -1,521 +0,0 @@ -# Default values for ambassador. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -# Manually set metadata for the Release. -# -# Defaults to .Chart.Name -nameOverride: '' -# Defaults to .Release.Name-.Chart.Name unless .Release.Name contains "ambassador" -fullnameOverride: '' -# Defaults to .Release.Namespace -namespaceOverride: '' - -replicaCount: 3 -daemonSet: false - -# This will enable the test-ready Pod (https://github.com/datawire/ambassador-chart/blob/master/templates/tests/test-ready.yaml). -# It will spawn a busybox container to call Ambassador's check_ready endpoint to validate it is working correctly. -test: - enabled: true - image: busybox - -# Enable autoscaling using HorizontalPodAutoscaler -# daemonSet: true, autoscaling will be disabled -autoscaling: - enabled: false - minReplicas: 2 - maxReplicas: 5 - metrics: - - type: Resource - resource: - name: cpu - target: - type: Utilization - averageUtilization: 60 - - type: Resource - resource: - name: memory - target: - type: Utilization - averageUtilization: 60 - -podDisruptionBudget: {} - -# namespace: - # name: default - -# Additional container environment variable -# Uncomment or add additional environment variables for the container here. -env: {} - # Exposing statistics via StatsD - # STATSD_ENABLED: true - # STATSD_HOST: statsd-sink - # sets the minimum number of seconds between Envoy restarts - # AMBASSADOR_RESTART_TIME: 15 - # sets the number of seconds that the Envoy will wait for open connections to drain on a restart - # AMBASSADOR_DRAIN_TIME: 5 - # sets the number of seconds that Ambassador will wait for the old Envoy to clean up and exit on a restart - # AMBASSADOR_SHUTDOWN_TIME: 10 - # labels Ambassador with an ID to allow for configuring multiple Ambassadors in a cluster - # AMBASSADOR_ID: default - -# Additional container environment variable in raw YAML format -# Uncomment or add additional environment variables for the container here. -envRaw: {} -# - name: REDIS_PASSWORD -# value: password -# valueFrom: -# secretKeyRef: -# name: redis-password -# key: password -# - name: POD_IP -# valueFrom: -# fieldRef: -# fieldPath: status.podIP - -imagePullSecrets: [] - -security: - # Security Context for all containers in the pod. - # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#podsecuritycontext-v1-core - podSecurityContext: - runAsUser: 8888 - # Security Context for the Ambassador container specifically - # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#securitycontext-v1-core - containerSecurityContext: - allowPrivilegeEscalation: false - # A basic PodSecurityPolicy to ensure Ambassador is running with appropriate security permissions - # https://kubernetes.io/docs/concepts/policy/pod-security-policy/ - # - # A set of reasonable defaults is outlined below. This is not created by default as it should only - # be created by a one Release. If you want to use the PodSecurityPolicy in the chart, create it in - # the "master" Release and then leave it unset in all others. Set the `rbac.podSecurityPolicies` - # in all non-"master" Releases. - podSecurityPolicy: {} - # # Add AppArmor and Seccomp annotations - # # https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor - # annotations: - # spec: - # seLinux: - # rule: RunAsAny - # supplementalGroups: - # rule: 'MustRunAs' - # ranges: - # # Forbid adding the root group. - # - min: 1 - # max: 65535 - # fsGroup: - # rule: 'MustRunAs' - # ranges: - # # Forbid adding the root group. - # - min: 1 - # max: 65535 - # privileged: false - # allowPrivilegeEscalation: false - # runAsUser: - # rule: MustRunAsNonRoot - -image: - ossTag: 1.13.8 - aesTag: 1.13.8 - pullPolicy: IfNotPresent - ossRepository: docker.io/datawire/ambassador - aesRepository: docker.io/datawire/aes -dnsPolicy: ClusterFirst -hostNetwork: false - -service: - type: LoadBalancer - - # Note that target http ports need to match your ambassador configurations service_port - # https://www.getambassador.io/reference/modules/#the-ambassador-module - ports: - - name: http - port: 80 - targetPort: 8080 - # protocol: TCP - # nodePort: 30080 - # hostPort: 80 - - name: https - port: 443 - targetPort: 8443 - # protocol: TCP - # nodePort: 30443 - # hostPort: 443 - # TCPMapping_Port - # port: 2222 - # targetPort: 2222 - # protocol: TCP - # nodePort: 30222 - - externalTrafficPolicy: - - sessionAffinity: - - sessionAffinityConfig: - - externalIPs: [] - - annotations: {} - - ############################################################################# - ## Ambassador should be configured using CRD definition. If you want - ## to use annotations, the following is an example of annotating the - ## Ambassador service with global configuration manifest. - ## - ## See https://www.getambassador.io/reference/core/ambassador and - ## https://www.getambassador.io/reference/core/tls for more info - ############################################################################# - # - # getambassador.io/config: | - # --- - # apiVersion: ambassador/v1 - # kind: TLSContext - # name: ambassador - # secret: ambassador-certs - # hosts: ["*"] - # --- - # apiVersion: ambassador/v1 - # kind: Module - # name: ambassador - # config: - # admin_port: 8001 - # diag_port: 8877 - # diagnostics: - # enabled: true - # enable_grpc_http11_bridge: false - # enable_grpc_web: false - # enable_http10: false - # enable_ipv4: true - # enable_ipv6: false - # liveness_probe: - # enabled: true - # lua_scripts: - # readiness_probe: - # enabled: true - # server_name: envoy - # service_port: 8080 - # use_proxy_proto: false - # use_remote_address: true - # xff_num_trusted_hops: 0 - # x_forwarded_proto_redirect: false - # load_balancer: - # policy: round_robin - # circuit_breakers: - # max_connections: 2048 - # retry_policy: - # retry_on: "5xx" - # cors: - - # Manually set the name of the generated Service - nameOverride: - -adminService: - create: true - type: ClusterIP - port: 8877 - snapshotPort: 8005 - # NodePort used if type is NodePort - # nodePort: 38877 - annotations: {} - -rbac: - # Specifies whether RBAC resources should be created - create: true - # List of Pod Security Policies to use on the container. - # If security.podSecurityPolicy is set, it will be appended to the list - podSecurityPolicies: [] - # Name of the RBAC resources defaults to the name of the release. - # Set nameOverride when installing Ambassador with cluster-wide scope in - # different namespaces with the same release name to avoid conflicts. - nameOverride: - -scope: - # tells Ambassador to only use resources in the namespace or namespace set by namespace.name - singleNamespace: false - -serviceAccount: - # Specifies whether a service account should be created - create: true - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: - -deploymentStrategy: - type: RollingUpdate - -restartPolicy: - -terminationGracePeriodSeconds: - -initContainers: [] - -sidecarContainers: [] - -livenessProbe: - initialDelaySeconds: 30 - periodSeconds: 3 - failureThreshold: 3 - -readinessProbe: - initialDelaySeconds: 30 - periodSeconds: 3 - failureThreshold: 3 - - -volumes: [] - -volumeMounts: [] - -podLabels: {} - -podAnnotations: {} - # prometheus.io/scrape: "true" - # prometheus.io/port: "9102" - -deploymentLabels: {} - -deploymentAnnotations: {} - # configmap.reloader.stakater.com/auto: "true" - -resources: - # Recommended resource requests and limits for Ambassador - limits: - cpu: 1000m - memory: 600Mi - requests: - cpu: 200m - memory: 300Mi - -priorityClassName: '' - -nodeSelector: {} - -tolerations: [] - -affinity: {} - -topologySpreadConstraints: [] - -ambassadorConfig: '' - -crds: - enabled: true - create: true - keep: true - -# Prometheus Operator ServiceMonitor configuration -# See documentation: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor -metrics: - serviceMonitor: - enabled: false - # interval: 30s - # scrapeTimeout: 30s - # selector: {} - -################################################################################ -## Ambassador Edge Stack Configuration ## -################################################################################ - -# The Ambassador Edge Stack is free for limited use without a license key. -# Go to https://{ambassador-host}/edge_stack/admin/#dashboard to register -# for a community license key. - -enableAES: true - -# Set createSecret: false is installing multiple releases of The Ambassador -# Edge Stack in the same namespace. -licenseKey: - value: - createSecret: true - secretName: - # Annotations to attach to the license-key-secret. - annotations: {} - -# The DevPortal is exposed at /docs/ endpoint in the AES container. -# Setting this to true will automatically create routes for the DevPortal. -createDevPortalMappings: true -devportal: - docsPrefix: /documentation/ - -# The Ambassador Edge Stack uses a redis instance for managing authentication, -# rate limiting, and sharing minor configuration details between pods for -# centralized management. These values configure the redis instance that ships -# by default with The Ambassador Edge Stack. -# -# URL of your redis instance. Defaults to redis instance created below. -redisURL: - -# Ambassador ships with a basic redis instance. Configure the deployment with the options below. -redis: - create: true - image: - repository: redis - tag: 5.0.1 - pullPolicy: IfNotPresent - # Annotations for Ambassador Pro's redis instance. - annotations: - deployment: {} - service: {} - resources: {} - # If you want to specify resources, uncomment the following - # lines and remove the curly braces after 'resources:'. - # These are placeholder values and must be tuned. - # limits: - # cpu: 100m - # memory: 256Mi - # requests: - # cpu: 50m - # memory: 128Mi - nodeSelector: {} - affinity: {} - tolerations: {} - - -# Configures the AuthService that ships with the Ambassador Edge Stack. -# Setting authService.create: false will not install the AES AuthService and -# allow you to define your own. -# -# Typically when using the AES, you will want to keep this set to true and use -# the External Filter to communicate with a custom authentication service. -# https://www.getambassador.io/reference/filter-reference/#filter-type-external -authService: - deploymentExtraName: auth - create: true - # Set additional configuration options. See https://www.getambassador.io/reference/services/auth-service for more information - optional_configurations: {} - # include_body: - # max_bytes: 4096 - # allow_partial: true - # status_on_error: - # code: 403 - # failure_mode_allow: false - # retry_policy: - # retry_on: "5xx" - # num_retries: 2 - # add_linkerd_headers: true - # timeout_ms: 30000 - - -# Configures the RateLimitService in the Ambassador Edge Stack. -# Keep this enabled to configure RateLimits in AES. -rateLimit: - create: true - deploymentExtraName: ratelimit - -# Projects are a beta feature of Ambassador that allow developers to stage and -# deploy code with nothing more than a Github repository. -# See: https://www.getambassador.io/docs/edge-stack/latest/topics/using/projects/ -registry: - create: false - -# Resolvers are used to configure the discovery service strategy for Ambasador Edge Stack. -# See: https://www.getambassador.io/docs/edge-stack/latest/topics/running/resolvers/ -resolvers: - endpoint: - create: false - name: endpoint - consul: - create: false - name: consul-dc1 - spec: {} - # Configuration for a Consul Resolver - # address: consul-server.default.svc.cluster.local:8500 - # datacenter: dc1 - -# Create and manage an Ambassador Module from the Helm Chart. See: -# https://www.getambassador.io/docs/edge-stack/latest/topics/running/ambassador -# for more info on the available options. -# -# Note: The Module can only be named ambassador. There can only be one Module -# installed per-namespace. -module: {} - -################################################################################ -## DEPRECATED configuration objects ## -################################################################################ - -# DEPRECATED: Ambassador now exposes the /metrics endpoint in Envoy. -# DEPRECATED: See https://www.getambassador.io/user-guide/monitoring#deployment for more information on how to use the /metrics endpoint -# -# DEPRECATED: Enabling the prometheus exporter creates a sidecar and configures ambassador to use it -prometheusExporter: - enabled: false - repository: prom/statsd-exporter - tag: v0.8.1 - pullPolicy: IfNotPresent - resources: {} - # If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 256Mi - # requests: - # cpu: 50m - # memory: 128Mi - # You can configure the statsd exporter to modify the behavior of mappings and other features. - # See documentation: https://github.com/prometheus/statsd_exporter/tree/v0.8.1#metric-mapping-and-configuration - # Uncomment the following line if you wish to specify a custom configuration: - # configuration: | - # --- - # mappings: - # - match: 'envoy.cluster.*.upstream_cx_connect_ms' - # name: "envoy_cluster_upstream_cx_connect_time" - # timer_type: 'histogram' - # labels: - # cluster_name: "$1" - -# DEPRECATED: Use security.podSecurityContext -# securityContext: -# runAsUser: 8888 - - -# Configures Service Preview that ships with the Ambassador Edge Stack and edgectl. -# Setting servicePreview.enabled: true will install the Traffic Agent Service Account, Traffic Manager with RBAC, and ambassador-injector -servicePreview: - enabled: false - trafficManager: - image: - # Leave blank to use image.repository and image.tag - repository: - tag: - serviceAccountName: traffic-manager - trafficAgent: - image: - # Leave blank to use image.repository and image.tag - repository: - tag: - singleNamespace: true - serviceAccountName: traffic-agent - port: 9900 - - # Configure the ambassador-injector webhook for Service Preview Traffic Agent automatic sidecar injection. - injector: - enabled: true - - # If no injector.crtPEM and injector.keyPEM are provided, a self-signed certificate will be issued - # for the Common Name (CN) of `..svc`, which is the cluster-internal DNS name - # for the service. - crtPEM: '' - keyPEM: '' - -# Configure the ambassador agent -agent: - enabled: true - # this will be empty when it first gets applied, then the user will edit the agent to - # make it start reporting - cloudConnectToken: '' - rpcAddress: https://app.getambassador.io/ - createArgoRBAC: true - image: - # Leave blank to use image.repository and image.tag - tag: - repository: - -deploymentTool: '' - -# configure docker to pull from private registry -docker: {} -createNamespace: false -enableTestService: false diff --git a/charts/ambassador/ambassador/6.7.1100/.helmignore b/charts/ambassador/ambassador/6.7.1100/.helmignore deleted file mode 100755 index a0482efdf..000000000 --- a/charts/ambassador/ambassador/6.7.1100/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ -OWNERS diff --git a/charts/ambassador/ambassador/6.7.1100/CHANGELOG.md b/charts/ambassador/ambassador/6.7.1100/CHANGELOG.md deleted file mode 100755 index 199e56fee..000000000 --- a/charts/ambassador/ambassador/6.7.1100/CHANGELOG.md +++ /dev/null @@ -1,528 +0,0 @@ -# Change Log - -This file documents all notable changes to Ambassador Helm Chart. The release -numbering uses [semantic versioning](http://semver.org). - -## Next Release - -(no changes yet) - -## v6.7.11 - -- Update Ambassador API Gateway chart image to version v1.13.8: [CHANGELOG](https://github.com/emissary-ingress/emissary/blob/master/CHANGELOG.md) -- Update Ambassador Edge Stack chart image to version v1.13.8: [CHANGELOG](https://github.com/emissary-ingress/emissary/blob/master/CHANGELOG.md) -- Bugfix: remove duplicate label key in ambassador-agent deployment - -## v6.7.10 - -- Update Ambassador API Gateway chart image to version v1.13.7: [CHANGELOG](https://github.com/emissary-ingress/emissary/blob/master/CHANGELOG.md) -- Update Ambassador Edge Stack chart image to version v1.13.7: [CHANGELOG](https://github.com/emissary-ingress/emissary/blob/master/CHANGELOG.md) - -## v6.7.9 - -- Update Ambassador chart image to version 1.13.6: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - - -## v6.7.8 - -- Update Ambassador chart image to version 1.13.5: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - - -## v6.7.7 - -- Bugfix: ambassador-injector and telepresence-proxy now use the correct default image repository - -## v6.7.6 - -- Update Ambassador chart image to version 1.13.4: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) -- Change: unless image.repository or image.fullImageOverride is explicitly set, the ambassador image used will be templated on .Values.enableAES. If AES is enabled, the chart will use docker.io/datawire/aes, otherwise will use docker.io/datawire/ambassador. - -## v6.7.5 - -- Update Ambassador chart image to version v1.13.3: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - -## v6.7.4 - -- Feature: The [Ambassador Module](https://www.getambassador.io/docs/edge-stack/latest/topics/running/ambassador/) can now be configured and managed by Helm - -## v6.7.3 - -- Update Ambassador chart image to version v1.13.2: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - -## v6.7.2 - -- Bugfix: Don't change the Role name when running in singleNamespace mode. - -## v6.7.1 - -- Update Ambassador chart image to version v1.13.1: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - -## v6.7.0 - -- Update Ambassador to version 1.13.0: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) -- Feature: Ambassador Agent now available for API Gateway (https://app.getambassador.io) -- Feature: Add support for [pod toplology spread constraints](https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/) via the `topologySpreadConstraints` helm value to the Ambassador deployment. (thanks, [@lawliet89](https://github.com/lawliet89)!) -- BugFix: Add missing `ambassador_id` for resolvers. -- Change: Ambassador ClusterRoles are now aggregated under the label `rbac.getambassador.io/role-group`. The aggregated role has the same name as the previous role name (so no need to update ClusterRoleBindings). - -## v6.6.4 - -- Update Ambassador to version 1.12.4: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - -## v6.6.3 - -- Update Ambassador to version 1.12.3: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - -## v6.6.2 - -- Update Ambassador to version 1.12.2: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - -## v6.6.1 - -- Fix metadata field in ConsulRevoler -- Make resolvers available to OSS - -## v6.6.0 - -- Update Ambassador to version 1.12.1: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) -- Feature: Apply Ambassador Agent deployment by default to enable Service Catalog reporting (https://app.getambassador.io) - -## v6.5.22 - -- Bugfix: Disable the cloud agent by default. The agent will be enabled in 6.6.0. -- Bugfix: Adds a check to prevent the cloud agent from being installed if AES version is less than 1.12.0 - -## v6.5.21 - -- Update Ambassador to version 1.12.0: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) -- Feature: Add support for the ambassador-agent, reporting to Service Catalog (https://app.getambassador.io) -- Feature: All services are automatically instrumented with discovery annotations. - -## v6.5.20 - -- Update Ambassador to version v1.11.2: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - -## v6.5.19 - -- Make all `livenessProbe` and `readinessProbe` configurations available to the values file - -## v6.5.18 - -- Update Ambassador to version v1.11.1: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - -## v6.5.17 - -- Update Ambassador to version v1.11.0: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) -- Bugfix: Fix Mapping definition to correctly support labels in use. - -## v6.5.16 - -- Bugfix: Ambassador CRD cleanup will now execute as expected. - -## v6.5.15 - -- Bugfix: Ambassador RBAC now includes permissions for IngressClasses. - -## v6.5.14 - -- Update for Ambassador v1.10.0 - -## v6.5.13 - -- Update for Ambassador v1.9.1 - -## v6.5.12 - -- Feature: Add ability to configure `terminationGracePeriodSeconds` for the Ambassador container -- Update for Ambassador v1.9.0 - -## v6.5.11 - -- Feature: add affinity and tolerations support for redis pods - -## v6.5.10 - -- Update Ambassador to version 1.8.1: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - -## v6.5.9 - -- Update Ambassador to version 1.8.0: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) -- Bugfix: The RBAC for AES now grants permission to "patch" Events.v1.core. Previously it granted "create" but not "patch". - -## v6.5.8 - -- Update Ambassador to version 1.7.4: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - -## v6.5.7 - -- Update Ambassador to version 1.7.3: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) -- The BusyBox image image used by `test-ready` is now configurable (thanks, [Alan Silva](https://github.com/OmegaVVeapon)!) - -## v6.5.6 - -- Update Ambassador to version 1.7.2: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) -- Feature: Allow overriding the namespace for the release using the values file: [ambassador-chart/#122](https://github.com/datawire/ambassador-chart/pull/122) - -## v6.5.5 - -- Allow hyphens in service annotations: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - -## v6.5.4 - -- Upgrade Ambassador to version 1.7.1: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - -## v6.5.3 - -- Upgrade Ambassador to version 1.7.0: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - -## v6.5.2 - -- Feature: Add support for DaemonSet/Deployment labels: [ambassador-chart/#114](https://github.com/datawire/ambassador-chart/pull/114) -- Upgrade Ambassador to version 1.6.2: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - -## v6.5.1 - -- Upgrade Ambassador to version 1.6.1: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - -## v6.5.0 - -- Upgrade Ambassador to version 1.6.0: [CHANGELOG}](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - -## v6.4.10 - -- Feature: Allow specifying annotations for the license-key-secret: [ambassador-chart/#106](https://github.com/datawire/ambassador-chart/issues/106) -- Feature: Annotation for keeping the AES secret on removal: [ambassador-chart/#110](https://github.com/datawire/ambassador-chart/issues/110) -- Fix: do not mount the secret if we do not want a secret: [ambassador-chart/#103](https://github.com/datawire/ambassador-chart/issues/103) -- Internal CI refactorings. - -## v6.4.9 - -- BugFix: Cannot specify podSecurityPolicies: [ambassador-chart/#97](https://github.com/datawire/ambassador-chart/issues/97) - -## v6.4.8 - -- Upgrade Ambassador to version 1.5.5: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - -## v6.4.7 - -- BugFix: Registry service is now using the proper `app.kubernetes.io/name` -- BugFix: Restore ability to set `REDIS` env vars in `env` instead of `redisEnv` -- Feature: Add `envRaw` to support supplying raw yaml for environment variables. Deprecates `redisEnv`. - -## v6.4.6 - -- Upgrade Ambassador to version 1.5.4: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) -- Added support setting external IPs for the ambassador service (thanks, [Jason Smith](https://github.com/jasons42)!) - -## v6.4.5 - -- Upgrade Ambassador to version 1.5.3: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - -## v6.4.4 - -- Feature flag for enabling or disabling the [`Project` registry](https://www.getambassador.io/docs/edge-stack/latest/topics/using/projects/) -- redisEnv for setting environment variables to control how Ambassador interacts with redis. See [redis environment](https://www.getambassador.io/docs/edge-stack/latest/topics/running/environment/#redis) - -## v6.4.3 - -- Upgrade Ambassador to version 1.5.2: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - -## v6.4.2 - -- Upgrade Ambassador to version 1.5.1: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - -## v6.4.1 - -- BugFix: The `PodSecurityPolicy` should not be created by default since it is a cluster-wide resource that should only be created once. - -If you would like to use the default `PodSecurityPolicy`, make sure to unset `security.podSecurityPolicy` it in all other releases. - -## v6.4.0 - -- Upgrade Ambassador to version 1.5.0: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) -- AuthService and RateLimitService are now installed in the same namespace as Ambassador. -- Changes RBAC permissions to better support single-namespace installations and detecting getambassador.io CRDs. -- Add option to install Service Preview components (traffic-manager, traffic-agent). -- Add option to install ambassador-injector, alongside Service Preview. -- Add additional security policy configurations. - - `securityContext` has been deprecated in favor of `security` which allows you to set container and pod security contexts as well as a default `PodSecurityPolicy`. - -## v6.3.6 - -- Switch from Quay.io to DockerHub - -## v6.3.5 - -- Upgrade Ambassador to version 1.4.3: [CHANGELOG}](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - -## v6.3.4 - -- Minor bug fixes - -## v6.3.3 - -- Add extra labels to ServiceMonitor: [CHANGELOG}](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - -## v6.3.2 - -- Upgrade Ambassador to version 1.4.2: [CHANGELOG}](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - -## v6.3.1 - -- Upgrade Ambassador to version 1.4.1: [CHANGELOG}](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - -## v6.3.0 - -- Adds: Option to create a ServiceMonitor for scraping via Prometheus Operator - -## v6.2.5 - -- Upgrade Ambassador to version 1.4.0: [CHANGELOG}](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) - -## v6.2.4 - -- Fix typing so that Helm3 doesn't complain (thanks, [Fabrice Rabaute](https://github.com/jfrabaute)!) - -## v6.2.3 - -- Upgrade Ambassador to version 1.3.2. -- Use explicit types for things like ports, so that things like `helm .. --set service.ports[0].port=80` will be integers instead of ending up as strings - -## v6.2.2 - -- Upgrade Ambassador to version 1.3.1. -- Remove unnecessary `version` field from CRDs. -- Add static label to AES resources, to better support `edgectl install` - -## v6.2.1 - -- Upgrade Ambassador to version 1.3.0. - -## v6.2.0 - -- Add option to not create DevPortal routes - -## v6.1.5 - -- Upgrade Ambassador to version 1.2.2. - -## v6.1.4 - -- Upgrade from Ambassador 1.2.0 to 1.2.1. - -## v6.1.3 - -- Upgrade from Ambassador 1.1.1 to 1.2.0. - -## v6.1.2 - -- Upgrade from Ambassador 1.1.0 to 1.1.1. - -## v6.1.1 - -Minor Improvements: - -- Adds: Option to override the name of the RBAC resources - -## v6.1.0 - -Minor improvements including: - -- Adds: Option to set `restartPolicy` -- Adds: Option to give the AES license key secret a custom name -- Fixes: Assumption that the AES will be installed only from the `datawire/aes` repository. The `enableAES` flag now configures whether the AES is installed. -- Clarification on how to install OSS - -## v6.0.0 - -Introduces Ambassador Edge Stack being installed by default. - -### Breaking changes - -Ambassador Pro support has been removed in 6.0.0. Please upgrade to the Ambassador Edge Stack. - -## v5.0.0 - -### Breaking changes - -**Note** If upgrading an existing helm 2 installation no action is needed, previously installed CRDs will not be modified. - -- Helm 3 support for CRDs was added. Specifically, the CRD templates were moved to non-templated files in the `/crds` directory, and to keep Helm 2 support they are globbed from there by `/templates/crds.yaml`. However, because Helm 3 CRDs are not templated, the labels for new installations have necessarily changed - -## v4.0.0 - -### Breaking Changes - -- Introduces the performance tuned and certified build of open source Ambassador, Ambassador core -- The license key is now stored and read from a Kubernetes secret by default -- Added `.Values.pro.licenseKey.secret.enabled` `.Values.pro.licenseKey.secret.create` fields to allow multiple releases in the same namespace to use the same license key secret. - -### Minor Changes - -- Introduces the ability to configure resource limits for both Ambassador Pro and it's redis instance -- Introduces the ability to configure additional `AuthService` options (see [AuthService documentation](https://www.getambassador.io/reference/services/auth-service/)) -- The ambassador-pro-auth `AuthService` and ambassador-pro-ratelimit `RateLimitService` and now created as CRDs when `.Values.crds.enabled: true` -- Fixed misnamed selector for redis instance that failed in an edge case -- Exposes annotations for redis deployment and service - -## v3.0.0 - -### Breaking Changes - -- The default annotation has been removed. The service port will be set dynamically to 8080 or 8443 for http and https respectively. -- `service.http`, `service.https`, and `additionalTCPPort` has been replaced with `service.ports`. -- `rbac.namespaced` has been removed. Use `scope.singleNamespace` instead. - -### Minor Changes - -- Ambassador Pro will pick up when `AMBASSADOR_ID` is set in `.Values.env` [[#15025]](https://github.com/helm/charts/issues/15025). -- `{{release name}}-admins` has been renamed to `{{release name}}-admin` to match YAML install templates -- RBAC configuration has been updated to allow for CRD use when `scope.singleNamespace: true`. [[ambassador/#1576]](https://github.com/datawire/ambassador/issues/1576) -- RBAC configuration now allows for multiple Ambassadors to use CRDs. Set `crds.enabled` in releases that expect CRDs [[ambassador/#1679]](https://github.com/datawire/ambassador/issues/1679) - -## v2.6.0 - -### Minor Changes - -- Add ambassador CRDs! -- Update ambassador to 0.70.0 - -## v2.5.1 - -### Minor Changes - -- Update ambassador to 0.61.1 - -## v2.5.0 - -### Minor Changes - -- Add support for autoscaling using HPA, see `autoscaling` values. - -## v2.4.1 - -### Minor Changes - -- Update ambassador to 0.61.0 - -## v2.4.0 - -### Minor Changes - -- Allow configuring `hostNetwork` and `dnsPolicy` - -## v2.3.1 - -### Minor Changes - -- Adds HOST_IP environment variable - -## v2.3.0 - -### Minor Changes - -- Adds support for init containers using `initContainers` and pod labels `podLabels` - -## v2.2.5 - -### Minor Changes - -- Update ambassador to 0.60.3 - -## v2.2.4 - -### Minor Changes - -- Add support for Ambassador PRO [see readme](https://github.com/helm/charts/blob/master/stable/ambassador/README.md#ambassador-pro) - -## v2.2.3 - -### Minor Changes - -- Update ambassador to 0.60.2 - -## v2.2.2 - -### Minor Changes - -- Update ambassador to 0.60.1 - -## v2.2.1 - -### Minor Changes - -- Fix RBAC for ambassador 0.60.0 - -## v2.2.0 - -### Minor Changes - -- Update ambassador to 0.60.0 - -## v2.1.0 - -### Minor Changes - -- Added `scope.singleNamespace` for configuring ambassador to run in single namespace - -## v2.0.2 - -### Minor Changes - -- Update ambassador to 0.53.1 - -## v2.0.1 - -### Minor Changes - -- Update ambassador to 0.52.0 - -## v2.0.0 - -### Major Changes - -- Removed `ambassador.id` and `namespace.single` in favor of setting environment variables. - -## v1.1.5 - -### Minor Changes - -- Update ambassador to 0.50.3 - -## v1.1.4 - -### Minor Changes - -- support targetPort specification - -## v1.1.3 - -### Minor Changes - -- Update ambassador to 0.50.2 - -## v1.1.2 - -### Minor Changes - -- Add additional chart maintainer - -## v1.1.1 - -### Minor Changes - -- Default replicas -> 3 - -## v1.1.0 - -### Minor Changes - -- Allow RBAC to be namespaced (`rbac.namespaced`) - -## v1.0.0 - -### Major Changes - -- First release of Ambassador Helm Chart in helm/charts -- For migration see [Migrating from datawire/ambassador chart](https://github.com/helm/charts/tree/master/stable/ambassador#migrating-from-datawireambassador-chart-chart-version-0400-or-0500) diff --git a/charts/ambassador/ambassador/6.7.1100/CONTRIBUTING.md b/charts/ambassador/ambassador/6.7.1100/CONTRIBUTING.md deleted file mode 100755 index 443250b7a..000000000 --- a/charts/ambassador/ambassador/6.7.1100/CONTRIBUTING.md +++ /dev/null @@ -1,23 +0,0 @@ -# Contributing to the Ambassador Helm Chart - -This Helm chart is used to install The Ambassador Edge Stack (AES) and is -maintained by Datawire. - -## Developing - -All work on the helm chart should be done in a separate branch off `master` and -contributed with a Pull Request targeting `master`. - -**Note**: All updates to the chart require you update the `version` in -`Chart.yaml`. - -## Testing - -The `ci/` directory contains scripts that will be run on PRs to `master`. - -- `ci/run_tests.sh` will run the tests of the chart. - -## Releasing - -Releasing a new chart is done by pushing a tag to `master`. Travis will then -run the tests and push the chart to `https://getambassador.io/helm`. diff --git a/charts/ambassador/ambassador/6.7.1100/Chart.yaml b/charts/ambassador/ambassador/6.7.1100/Chart.yaml deleted file mode 100755 index a1cc4f3db..000000000 --- a/charts/ambassador/ambassador/6.7.1100/Chart.yaml +++ /dev/null @@ -1,28 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: Ambassador Edge Stack - catalog.cattle.io/release-name: ambassador -apiVersion: v1 -appVersion: 1.13.8 -description: A Helm chart for Datawire Ambassador -home: https://www.getambassador.io/ -icon: https://www.getambassador.io/images/logo.png -keywords: -- api gateway -- ambassador -- datawire -- envoy -maintainers: -- email: markus@maga.se - name: flydiverny -- email: flynn@datawire.io - name: kflynn -- email: nkrause@datawire.io - name: nbkrause -- email: lukeshu@datawire.io - name: lukeshu -name: ambassador -sources: -- https://github.com/datawire/ambassador -- https://github.com/prometheus/statsd_exporter -version: 6.7.1100 diff --git a/charts/ambassador/ambassador/6.7.1100/Makefile b/charts/ambassador/ambassador/6.7.1100/Makefile deleted file mode 100755 index 3271ecc11..000000000 --- a/charts/ambassador/ambassador/6.7.1100/Makefile +++ /dev/null @@ -1,37 +0,0 @@ -HELM_TEST_IMAGE = quay.io/helmpack/chart-testing:v3.0.0-rc.1 -K3D_CLUSTER_NAME = helm-chart-test-cluster -CHART_DIR := $(patsubst %/,%,$(dir $(abspath $(lastword $(MAKEFILE_LIST))))) -CHART_KUBECONFIG := /tmp/kubeconfig/k3dconfig -CT_EXEC = docker run --rm -v $(CHART_KUBECONFIG):/root/.kube/config -v $(CHART_DIR):/charts --network host $(HELM_TEST_IMAGE) ct -K3D_EXEC := KUBECONFIG=$(CHART_KUBECONFIG) k3d - -test-chart: lint-chart preflight-chart-test chart-create-cluster - $(CT_EXEC) install --config /charts/ct.yaml && \ - $(MAKE) chart-delete-cluster -.PHONY: test-chart - -lint-chart: preflight-kubeconfig - $(CT_EXEC) lint --config /charts/ct.yaml -.PHONY: lint-chart - -preflight-chart-test: preflight-kubeconfig - # check if k3d is installed - @if ! command -v k3d 2> /dev/null ; then \ - printf 'k3d not installed, plz do that'; \ - false; \ - fi -.PHONY: preflight-chart-test - -preflight-kubeconfig: - mkdir -p `dirname $(CHART_KUBECONFIG)` - touch $(CHART_KUBECONFIG) -.PHONY: preflight-kubeconfig - -chart-create-cluster: preflight-kubeconfig - $(MAKE) chart-delete-cluster || true - $(K3D_EXEC) cluster create $(K3D_CLUSTER_NAME) --k3s-server-arg "--no-deploy=traefik" -.PHONY: chart-create-cluster - -chart-delete-cluster: - $(K3D_EXEC) cluster delete $(K3D_CLUSTER_NAME) -.PHONY: chart-delete-cluster diff --git a/charts/ambassador/ambassador/6.7.1100/README.md b/charts/ambassador/ambassador/6.7.1100/README.md deleted file mode 100755 index 01ea965bc..000000000 --- a/charts/ambassador/ambassador/6.7.1100/README.md +++ /dev/null @@ -1,478 +0,0 @@ -# Ambassador - -The Ambassador Edge Stack is a self-service, comprehensive edge stack that is Kubernetes-native and built on [Envoy Proxy](https://www.envoyproxy.io/). - -## TL;DR; - -```console -$ helm repo add datawire https://getambassador.io -$ helm install ambassador datawire/ambassador -``` - -## Introduction - -This chart bootstraps an [Ambassador](https://www.getambassador.io) deployment on -a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -## Prerequisites - -- Kubernetes 1.11+ - -## Add this Helm repository to your Helm client - -```console -helm repo add datawire https://getambassador.io -``` - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```console -$ kubectl create namespace ambassador -$ helm install my-release datawire/ambassador -n ambassador -``` - -The command deploys Ambassador Edge Stack in the ambassador namespace on the Kubernetes cluster in the default configuration. - -It is recommended to use the ambassador namespace for easy upgrades. - -The [configuration](#configuration) section lists the parameters that can be configured during installation. - -### Ambassador Edge Stack Installation - -This chart defaults to installing The Ambassador Edge Stack with all of its configuration objects. - -- A Redis instance -- `AuthService` resource for enabling authentication -- `RateLimitService` resource for enabling rate limiting -- `Mapping`s for internal request routing - -If installing alongside another deployment of Ambassador, some of these resources can cause configuration errors since only one `AuthService` or `RateLimitService` can be configured at a time. - -If you already have one of these resources configured in your cluster, please see the [configuration](#configuration) section below for information on how to disable them in the chart. - -### Ambassador OSS Installation - -This chart can still be used to install Ambassador OSS. - -To install OSS, change the `image` to use the OSS image and set `enableAES: false` to skip the install of any AES resources. - -## Uninstalling the Chart - -To uninstall/delete the `my-release` deployment: - -```console -$ helm uninstall my-release -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Changelog - -Notable chart changes are listed in the [CHANGELOG](./CHANGELOG.md) - -## Configuration - -The following tables lists the configurable parameters of the Ambassador chart and their default values. - -| Parameter | Description | Default | -|----------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------| -| `nameOverride` | Override the generated chart name. Defaults to .Chart.Name. | | -| `fullnameOverride` | Override the generated release name. Defaults to .Release.Name. | | -| `namespaceOverride` | Override the generated release namespace. Defaults to .Release.Namespace. | | -| `adminService.create` | If `true`, create a service for Ambassador's admin UI | `true` | -| `adminService.nodePort` | If explicit NodePort for admin service is required | `true` | -| `adminService.type` | Ambassador's admin service type to be used | `ClusterIP` | -| `adminService.annotations` | Annotations to apply to Ambassador admin service | `{}` | -| `adminService.loadBalancerIP` | IP address to assign (if cloud provider supports it) | `""` | -| `adminService.loadBalancerSourceRanges` | Passed to cloud provider load balancer if created (e.g: AWS ELB) | None | -| `ambassadorConfig` | Config thats mounted to `/ambassador/ambassador-config` | `""` | -| `crds.enabled` | If `true`, enables CRD resources for the installation. | `true` | -| `crds.create` | If `true`, Creates CRD resources | `true` | -| `crds.keep` | If `true`, if the ambassador CRDs should be kept when the chart is deleted | `true` | -| `daemonSet` | If `true`, Create a DaemonSet. By default Deployment controller will be created | `false` | -| `test.enabled` | If `true`, Create test Pod to verify the Ambassador service works correctly (Only created on `helm test`) | `true` | -| `test.image` | Image to use for the test Pod | `busybox` | -| `hostNetwork` | If `true`, uses the host network, useful for on-premise setups | `false` | -| `dnsPolicy` | Dns policy, when hostNetwork set to ClusterFirstWithHostNet | `ClusterFirst` | -| `env` | Any additional environment variables for ambassador pods | `{}` | -| `envRaw` | Additional environment variables in raw YAML format | `{}` | -| `image.pullPolicy` | Ambassador image pull policy | `IfNotPresent` | -| `image.repository` | Ambassador image | `docker.io/datawire/aes` | -| `image.tag` | Ambassador image tag | `1.13.8` | -| `imagePullSecrets` | Image pull secrets | `[]` | -| `namespace.name` | Set the `AMBASSADOR_NAMESPACE` environment variable | `metadata.namespace` | -| `scope.singleNamespace` | Set the `AMBASSADOR_SINGLE_NAMESPACE` environment variable and create namespaced RBAC if `rbac.enabled: true` | `false` | -| `podAnnotations` | Additional annotations for ambassador pods | `{}` | -| `deploymentAnnotations` | Additional annotations for ambassador DaemonSet/Deployment | `{}` | -| `podLabels` | Additional labels for ambassador pods | | -| `deploymentLabels` | Additional labels for ambassador DaemonSet/Deployment | | -| `affinity` | Affinity for ambassador pods | `{}` | -| `topologySpreadConstraints` | Topology Spread Constraints for Ambassador pods. Stable since 1.19. | `[]` | -| `nodeSelector` | NodeSelector for ambassador pods | `{}` | -| `priorityClassName` | The name of the priorityClass for the ambassador DaemonSet/Deployment | `""` | -| `rbac.create` | If `true`, create and use RBAC resources | `true` | -| `rbac.podSecurityPolicies` | pod security polices to bind to | | -| `rbac.nameOverride` | Overrides the default name of the RBAC resources | `` | -| `replicaCount` | Number of Ambassador replicas | `3` | -| `resources` | CPU/memory resource requests/limits | `{ "limits":{"cpu":"1000m","memory":"600Mi"},"requests":{"cpu":"200m","memory":"300Mi"}}` | -| `securityContext` | Set security context for pod | `{ "runAsUser": "8888" }` | -| `security.podSecurityContext` | Set the security context for the Ambassador pod | `{ "runAsUser": "8888" }` | -| `security.containerSecurityContext` | Set the security context for the Ambassador container | `{ "allowPrivilegeEscalation": false }` | -| `security.podSecurityPolicy` | Create a PodSecurityPolicy to be used for the pod. | `{}` | -| `restartPolicy` | Set the `restartPolicy` for pods | `` | -| `terminationGracePeriodSeconds` | Set the `terminationGracePeriodSeconds` for the pod. Defaults to 30 if unset. | `` | -| `initContainers` | Containers used to initialize context for pods | `[]` | -| `sidecarContainers` | Containers that share the pod context | `[]` | -| `livenessProbe.initialDelaySeconds` | Initial delay (s) for Ambassador pod's liveness probe | `30` | -| `livenessProbe.periodSeconds` | Probe period (s) for Ambassador pod's liveness probe | `3` | -| `livenessProbe.failureThreshold` | Failure threshold for Ambassador pod's liveness probe | `3` | -| `readinessProbe.initialDelaySeconds` | Initial delay (s) for Ambassador pod's readiness probe | `30` | -| `readinessProbe.periodSeconds` | Probe period (s) for Ambassador pod's readiness probe | `3` | -| `readinessProbe.failureThreshold` | Failure threshold for Ambassador pod's readiness probe | `3` | -| `service.annotations` | Annotations to apply to Ambassador service | `""` | -| `service.externalTrafficPolicy` | Sets the external traffic policy for the service | `""` | -| `service.nameOverride` | Sets the name of the service | `ambassador.fullname` | -| `service.ports` | List of ports Ambassador is listening on | `[{"name": "http","port": 80,"targetPort": 8080},{"name": "https","port": 443,"targetPort": 8443}]` | -| `service.loadBalancerIP` | IP address to assign (if cloud provider supports it) | `""` | -| `service.loadBalancerSourceRanges` | Passed to cloud provider load balancer if created (e.g: AWS ELB) | None | -| `service.sessionAffinity` | Sets the session affinity policy for the service | `""` | -| `service.sessionAffinityConfig` | Sets the session affinity config for the service | `""` | -| `service.type` | Service type to be used | `LoadBalancer` | -| `service.externalIPs` | External IPs to route to the ambassador service | `[]` | -| `serviceAccount.create` | If `true`, create a new service account | `true` | -| `serviceAccount.name` | Service account to be used | `ambassador` | -| `volumeMounts` | Volume mounts for the ambassador service | `[]` | -| `volumes` | Volumes for the ambassador service | `[]` | -| `enableAES` | Create the [AES configuration objects](#ambassador-edge-stack-installation) | `true` | -| `createDevPortalMappings` | Expose the dev portal on `/docs/` and `/documentation/` | `true` | -| `licenseKey.value` | Ambassador Edge Stack license. Empty will install in evaluation mode. | `` | -| `licenseKey.createSecret` | Set to `false` if installing mutltiple Ambassdor Edge Stacks in a namespace. | `true` | -| `licenseKey.secretName` | Name of the secret to store Ambassador license key in. | `` | -| `licenseKey.annotations` | Annotations to attach to the license-key-secret. | {} | -| `redisURL` | URL of redis instance not created by the release | `""` | -| `redisEnv` | (**DEPRECATED:** Use `envRaw`) Set env vars that control how Ambassador interacts with redis. | `""` | -| `redis.create` | Create a basic redis instance with default configurations | `true` | -| `redis.annotations` | Annotations for the redis service and deployment | `""` | -| `redis.resources` | Resource requests for the redis instance | `""` | -| `redis.nodeSelector` | NodeSelector for redis pods | `{}` | -| `redis.affinity` | Affinity for redis pods | `{}` | -| `redis.tolerations` | Tolerations for redis pods | `{}` | -| `authService.create` | Create the `AuthService` CRD for Ambassador Edge Stack | `true` | -| `authService.optional_configurations` | Config options for the `AuthService` CRD | `""` | -| `rateLimit.create` | Create the `RateLimit` CRD for Ambassador Edge Stack | `true` | -| `registry.create` | Create the `Project` registry. | `false` | -| `autoscaling.enabled` | If true, creates Horizontal Pod Autoscaler | `false` | -| `autoscaling.minReplicas` | If autoscaling enabled, this field sets minimum replica count | `2` | -| `autoscaling.maxReplicas` | If autoscaling enabled, this field sets maximum replica count | `5` | -| `autoscaling.metrics` | If autoscaling enabled, configure hpa metrics | | -| `podDisruptionBudget` | Pod disruption budget rules | `{}` | -| `resolvers.endpoint.create` | Create a KubernetesEndpointResolver | `false` | -| `resolvers.endpoint.name` | If creating a KubernetesEndpointResolver, the resolver name | `endpoint` | -| `resolvers.consul.create` | Create a ConsulResolver | `false` | -| `resolvers.consul.name` | If creating a ConsulResolver, the resolver name | `consul-dc1` | -| `resolvers.consul.spec` | If creating a ConsulResolver, additional configuration | `{}` | -| `module` | Configure and manage the Ambassador Module from the Chart | `{}` | -| `prometheusExporter.enabled` | DEPRECATED: Prometheus exporter side-car enabled | `false` | -| `prometheusExporter.pullPolicy` | DEPRECATED: Image pull policy | `IfNotPresent` | -| `prometheusExporter.repository` | DEPRECATED: Prometheus exporter image | `prom/statsd-exporter` | -| `prometheusExporter.tag` | DEPRECATED: Prometheus exporter image | `v0.8.1` | -| `prometheusExporter.resources` | DEPRECATED: CPU/memory resource requests/limits | `{}` | -| `metrics.serviceMonitor.enabled` | Create ServiceMonitor object (`adminService.create` should be to `true`) | `false` | -| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped | `30s` | -| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `30s` | -| `metrics.serviceMonitor.selector` | Label Selector for Prometheus to find ServiceMonitors | `{ prometheus: kube-prometheus }` | -| `servicePreview.enabled` | If true, install Service Preview components: traffic-manager & traffic-agent (`enableAES` needs to also be to `true`) | `false` | -| `servicePreview.trafficManager.image.repository` | Ambassador Traffic-manager image | Same value as `image.repository` | -| `servicePreview.trafficManager.image.tag` | Ambassador Traffic-manager image tag | Same value as `image.tag` | -| `servicePreview.trafficManager.serviceAccountName` | Traffic-manager Service Account to be used | `traffic-manager` | -| `servicePreview.trafficAgent.image.repository` | Ambassador Traffic-agent image | Same value as `image.repository` | -| `servicePreview.trafficAgent.image.tag` | Ambassador Traffic-agent image tag | Same value as `image.tag` | -| `servicePreview.trafficAgent.injector.enabled` | If true, install the ambassador-injector | `true` | -| `servicePreview.trafficAgent.injector.crtPEM` | TLS certificate for the Common Name of ..svc | Auto-generated, valid for 365 days | -| `servicePreview.trafficAgent.injector.keyPEM` | TLS private key for the Common Name of ..svc | Auto-generated, valid for 365 days | -| `servicePreview.trafficAgent.port` | Traffic-agent listening port number when injected with ambassador-injector | `9900` | -| `servicePreview.trafficAgent.serviceAccountName` | Label Selector for Prometheus to find ServiceMonitors | `traffic-agent` | -| `servicePreview.trafficAgent.singleNamespace` | If `true`, installs the traffic-agent ServiceAccount and Role in the current installation namespace; Otherwise uses a global ClusterRole applied to every ServiceAccount | `true` | -| `agent.enabled` | If `true`, installs the ambassador-agent Deployment, ServiceAccount and ClusterRole in the ambassador namespace | `true` | -| `agent.cloudConnectionToken` | API token for reporting snapshots to the [Service Catalog](https://app.getambassador.io/cloud/catalog/); If empty, agent will not report snapshots | `""` | -| `agent.rpcAddress` | Address of the ambassador Service Catalog rpc server. | `https://app.getambassador.io/` | -| `agent.image.repository` | Image repository for the ambassador-agent deployment. Defaults to value of `image.repository` | Same value as `image.repository` | -| `agent.image.tag` | Image tag for the ambassador-agent deployment. Defaults to value of `image.tag` | Same value as `image.tag` | - -**NOTE:** Make sure the configured `service.http.targetPort` and `service.https.targetPort` ports match your [Ambassador Module's](https://www.getambassador.io/reference/modules/#the-ambassador-module) `service_port` and `redirect_cleartext_from` configurations. - -### The Ambasssador Edge Stack - -The Ambassador Edge Stack provides a comprehensive, self-service edge stack in -the Kubernetes cluster with a decentralized deployment model and a declarative -paradigm. - -By default, this chart will install the latest image of The Ambassador Edge -Stack which will replace your existing deployment of Ambassador with no changes -to functionality. - -### CRDs - -This helm chart includes the creation of the core CRDs Ambassador uses for -configuration. - -The `crds` flags (Helm 2 only) let you configure how a release manages crds. -- `crds.create` Can only be set on your first/master Ambassador release. -- `crds.enabled` Should be set on all releases using Ambassador CRDs -- `crds.keep` Configures if the CRDs are deleted when the master release is - purged. This value is only checked for the master release and can be set to - any value on secondary releases. - -### Security - -Ambassador takes security very seriously. For this reason, the YAML installation will default with a couple of basic security policies in place. - -The `security` field of the `values.yaml` file configures these default policies and replaces the `securityContext` field used earlier. - -The defaults will configure the pod to run as a non-root user and prohibit privilege escalation and outline a `PodSecurityPolicy` to ensure these conditions are met. - - - -```yaml -security: - # Security Context for all containers in the pod. - # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#podsecuritycontext-v1-core - podSecurityContext: - runAsUser: 8888 - # Security Context for the Ambassador container specifically - # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#securitycontext-v1-core - containerSecurityContext: - allowPrivilegeEscalation: false - # A basic PodSecurityPolicy to ensure Ambassador is running with appropriate security permissions - # https://kubernetes.io/docs/concepts/policy/pod-security-policy/ - # - # A set of reasonable defaults is outlined below. This is not created by default as it should only - # be created by a one Release. If you want to use the PodSecurityPolicy in the chart, create it in - # the "master" Release and then leave it unset in all others. Set the `rbac.podSecurityPolicies` - # in all non-"master" Releases. - podSecurityPolicy: {} - # # Add AppArmor and Seccomp annotations - # # https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor - # annotations: - # spec: - # seLinux: - # rule: RunAsAny - # supplementalGroups: - # rule: 'MustRunAs' - # ranges: - # # Forbid adding the root group. - # - min: 1 - # max: 65535 - # fsGroup: - # rule: 'MustRunAs' - # ranges: - # # Forbid adding the root group. - # - min: 1 - # max: 65535 - # privileged: false - # allowPrivilegeEscalation: false - # runAsUser: - # rule: MustRunAsNonRoot -``` - -### Annotations - -Ambassador is configured using Kubernetes Custom Resource Definitions (CRDs). If you are unable to use CRDs, Ambassador can also be configured using annotations on services. The `service.annotations` section of the values file contains commented out examples of [Ambassador Module](https://www.getambassador.io/reference/core/ambassador) and a global [TLSContext](https://www.getambassador.io/reference/core/tls) configurations which are typically created in the Ambassador service. - -If you intend to use `service.annotations`, remember to include the `getambassador.io/config` annotation key as above. - -### Prometheus Metrics - -Using the Prometheus Exporter has been deprecated and is no longer recommended. You can now use `metrics.serviceMonitor.enabled` to create a `ServiceMonitor` from the chart if the [Prometheus Operator](https://github.com/coreos/prometheus-operator) has been installed on your cluster. - -Please see Ambassador's [monitoring with Prometheus](https://www.getambassador.io/user-guide/monitoring/) docs for more information on using the `/metrics` endpoint for metrics collection. - -### Specifying Values - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```console -$ helm install --wait my-release \ - --set adminService.type=NodePort \ - datawire/ambassador -``` - -Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, - -```console -$ helm install --wait my-release -f values.yaml datawire/ambassador -``` - ---- - -# Upgrading - -## To 6.0.0 - -Introduces Ambassador Edge Stack being installed by default. - -### Breaking changes - -Ambassador Pro support has been removed in 6.0.0. Please [upgrade to the Ambassador Edge Stack](https://www.getambassador.io/user-guide/helm). - -## To 5.0.0 - -### Breaking changes - -**Note** If upgrading an existing helm 2 installation no action is needed, previously installed CRDs will not be modified. - -- Helm 3 support for CRDs was added. Specifically, the CRD templates were moved to non-templated files in the `/crds` directory, and to keep Helm 2 support they are globbed from there by `/templates/crds.yaml`. However, because Helm 3 CRDs are not templated, the labels for new installations have necessarily changed - -## To 4.0.0 - -The 4.0.0 chart contains a number of changes to the way Ambassador Pro is installed. - -- Introduces the performance tuned and certified build of open source Ambassador, Ambassador core -- The license key is now stored and read from a Kubernetes secret by default -- Added `.Values.pro.licenseKey.secret.enabled` `.Values.pro.licenseKey.secret.create` fields to allow multiple releases in the same namespace to use the same license key secret. -- Introduces the ability to configure resource limits for both Ambassador Pro and it's redis instance -- Introduces the ability to configure additional `AuthService` options (see [AuthService documentation](https://www.getambassador.io/reference/services/auth-service/)) -- The ambassador-pro-auth `AuthService` and ambassador-pro-ratelimit `RateLimitService` and now created as CRDs when `.Values.crds.enabled: true` -- Fixed misnamed selector for redis instance that failed in an edge case -- Exposes annotations for redis deployment and service - -### Breaking changes - -The value of `.Values.pro.image.tag` has been shortened to assume `amb-sidecar` (and `amb-core` for Ambassador core) -`values.yaml` -```diff -<3.0.0> - image: - repository: quay.io/datawire/ambassador_pro -- tag: amb-sidecar-0.6.0 - -<4.0.0+> - image: - repository: quay.io/datawire/ambassador_pro -+ tag: 0.7.0 -``` - -Method for creating a Kubernetes secret to hold the license key has been changed - -`values.yaml` -```diff -<3.0.0> -- secret: false -<4.0.0> -+ secret: -+ enabled: true -+ create: true -``` - -## To 3.0.0 - -### Service Ports - -The way ports are assigned has been changed for a more dynamic method. - -Now, instead of setting the port assignments for only the http and https, any port can be open on the load balancer using a list like you would in a standard Kubernetes YAML manifest. - -`pre-3.0.0` -```yaml -service: - http: - enabled: true - port: 80 - targetPort: 8080 - https: - enabled: true - port: 443 - targetPort: 8443 -``` - -`3.0.0` -```yaml -service: - ports: - - name: http - port: 80 - targetPort: 8080 - - name: https - port: 443 - targetPort: 8443 -``` - -This change has also replaced the `.additionalTCPPorts` configuration. Additional TCP ports can be created the same as the http and https ports above. - -### Annotations and `service_port` - -The below Ambassador `Module` annotation is no longer being applied by default. - -```yaml -getambassador.io/config: | - --- - apiVersion: ambassador/v1 - kind: Module - name: ambassador - config: - service_port: 8080 -``` -This was causing confusion with the `service_port` being hard-coded when enabling TLS termination in Ambassador. - -Ambassador has been listening on port 8080 for HTTP and 8443 for HTTPS by default since version `0.60.0` (chart version 2.2.0). - -### RBAC and CRDs - -A `ClusterRole` and `ClusterRoleBinding` named `{{release name}}-crd` will be created to watch for the Ambassador Custom Resource Definitions. This will be created regardless of the value of `scope.singleNamespace` since CRDs are created the cluster scope. - -`rbac.namespaced` has been removed. For namespaced RBAC, set `scope.singleNamespace: true` and `rbac.enabled: true`. - -`crds.enabled` will indicate that you are using CRDs and will create the rbac resources regardless of the value of `crds.create`. This allows for multiple deployments to use the CRDs. - -## To 2.0.0 - -### Ambassador ID - -ambassador.id has been removed in favor of setting it via an environment variable in `env`. `AMBASSADOR_ID` defaults to `default` if not set in the environment. This is mainly used for [running multiple Ambassadors](https://www.getambassador.io/reference/running#ambassador_id) in the same cluster. - -| Parameter | Env variables | -| --------------- | --------------- | -| `ambassador.id` | `AMBASSADOR_ID` | - -## Migrating from `datawire/ambassador` chart (chart version 0.40.0 or 0.50.0) - -Chart now runs ambassador as non-root by default, so you might need to update your ambassador module config to match this. - -### Timings - -Timings values have been removed in favor of setting the env variables using `env´ - -| Parameter | Env variables | -| ----------------- | -------------------------- | -| `timing.restart` | `AMBASSADOR_RESTART_TIME` | -| `timing.drain` | `AMBASSADOR_DRAIN_TIME` | -| `timing.shutdown` | `AMBASSADOR_SHUTDOWN_TIME` | - -### Single namespace - -| Parameter | Env variables | -| ------------------ | ----------------------------- | -| `namespace.single` | `AMBASSADOR_SINGLE_NAMESPACE` | - -### Renamed values - -Service ports values have changed names and target ports have new defaults. - -| Previous parameter | New parameter | New default value | -| --------------------------- | -------------------------- | ----------------- | -| `service.enableHttp` | `service.http.enabled` | | -| `service.httpPort` | `service.http.port` | | -| `service.httpNodePort` | `service.http.nodePort` | | -| `service.targetPorts.http` | `service.http.targetPort` | `8080` | -| `service.enableHttps` | `service.https.enabled` | | -| `service.httpsPort` | `service.https.port` | | -| `service.httpsNodePort` | `service.https.nodePort` | | -| `service.targetPorts.https` | `service.https.targetPort` | `8443` | - -### Exporter sidecar - -Pre version `0.50.0` ambassador was using socat and required a sidecar to export statsd metrics. In `0.50.0` ambassador no longer uses socat and doesn't need a sidecar anymore to export its statsd metrics. Statsd metrics are disabled by default and can be enabled by setting environment `STATSD_ENABLED`, this will (in 0.50) send metrics to a service named `statsd-sink`, if you want to send it to another service or namespace it can be changed by setting `STATSD_HOST` - -If you are using prometheus the chart allows you to enable a sidecar which can export to prometheus see the `prometheusExporter` values. diff --git a/charts/ambassador/ambassador/6.7.1100/RELEASE.tpl b/charts/ambassador/ambassador/6.7.1100/RELEASE.tpl deleted file mode 100755 index d00d6b2f2..000000000 --- a/charts/ambassador/ambassador/6.7.1100/RELEASE.tpl +++ /dev/null @@ -1,8 +0,0 @@ -## :tada: Ambassador Chart $CHART_VERSION :tada: - -Upgrade Ambassador - https://www.getambassador.io/reference/upgrading#helm.html -View changelog - https://github.com/datawire/ambassador/blob/master/charts/ambassador/CHANGELOG.md - ---- - - diff --git a/charts/ambassador/ambassador/6.7.1100/RELEASE_TITLE.tpl b/charts/ambassador/ambassador/6.7.1100/RELEASE_TITLE.tpl deleted file mode 100755 index 7aab5973c..000000000 --- a/charts/ambassador/ambassador/6.7.1100/RELEASE_TITLE.tpl +++ /dev/null @@ -1 +0,0 @@ -Ambassador Chart $CHART_VERSION diff --git a/charts/ambassador/ambassador/6.7.1100/app-readme.md b/charts/ambassador/ambassador/6.7.1100/app-readme.md deleted file mode 100755 index d2ef7356e..000000000 --- a/charts/ambassador/ambassador/6.7.1100/app-readme.md +++ /dev/null @@ -1,13 +0,0 @@ -# Ambassador Edge Stack and Emissary Ingress Chart - -[Ambassador Edge Stack](https://www.getambassador.io/products/edge-stack/) and its open source CNCF counterpart [Emissary-Ingress](https://www.getambassador.io/products/api-gateway/) are Kubernetes native, high-performance Ingress controllers designed with GitOps workflows and developer experience in mind. The Edge Stack allows users to manage [Authentication](https://www.getambassador.io/docs/edge-stack/latest/topics/using/filters/), [Rate Limits](https://www.getambassador.io/docs/edge-stack/latest/topics/using/rate-limits/rate-limits/), [TLS](https://www.getambassador.io/docs/edge-stack/latest/topics/running/tls/) and more with easy-to-use resources for [managing your APIs](https://www.getambassador.io/docs/edge-stack/latest/topics/using/intro-mappings/). - -## Service Catalog - -The default installation of Ambassador Edge Stack includes the deployment needed to get started with [Service Catalog](https://www.getambassador.io/products/service-catalog/) and the [Developer Control Plane](https://www.getambassador.io/developer-control-plane/). Simply generate your [Cloud Token](https://www.getambassador.io/docs/cloud/latest/service-catalog/quick-start/#1-connect-your-cluster-to-ambassador-cloud) and add it in the Service Catalog section as you're setting up the chart. - -## More Info - -Visit the [Quick Start](https://www.getambassador.io/docs/edge-stack/latest/tutorials/getting-started/) page for more instructions, or check out our [documentation](https://www.getambassador.io/docs/edge-stack). For any questions, or to join the community, visit our [Slack](https://a8r.io/slack) and say hi! - -* Ambassador recommends a Kubernetes version of 1.16 or higher. diff --git a/charts/ambassador/ambassador/6.7.1100/ci/01-psp-values.yaml b/charts/ambassador/ambassador/6.7.1100/ci/01-psp-values.yaml deleted file mode 100755 index 27152824e..000000000 --- a/charts/ambassador/ambassador/6.7.1100/ci/01-psp-values.yaml +++ /dev/null @@ -1,40 +0,0 @@ -security: - # Security Context for all containers in the pod. - # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#podsecuritycontext-v1-core - podSecurityContext: - runAsUser: 8888 - # Security Context for the Ambassador container specifically - # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#securitycontext-v1-core - containerSecurityContext: - allowPrivilegeEscalation: false - # A basic PodSecurityPolicy to ensure Ambassador is running with appropriate security permissions - # https://kubernetes.io/docs/concepts/policy/pod-security-policy/ - # - # A set of reasonable defaults is outlined below. This is not created by default as it should only - # be created by a one Release. If you want to use the PodSecurityPolicy in the chart, create it in - # the "master" Release and then leave it unset in all others. Set the `rbac.podSecurityPolicies` - # in all non-"master" Releases. - podSecurityPolicy: - # Add AppArmor and Seccomp annotations - # https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor - annotations: - seccomp.security.alpha.kubernetes.io/defaultProfileName: runtime/default - spec: - seLinux: - rule: RunAsAny - supplementalGroups: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - privileged: false - allowPrivilegeEscalation: false - runAsUser: - rule: MustRunAsNonRoot diff --git a/charts/ambassador/ambassador/6.7.1100/ci/02-oss-values.yaml b/charts/ambassador/ambassador/6.7.1100/ci/02-oss-values.yaml deleted file mode 100755 index 4fb9ff60c..000000000 --- a/charts/ambassador/ambassador/6.7.1100/ci/02-oss-values.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# install the Ambassador API Gateway -image: - pullPolicy: IfNotPresent - -enableAES: false - -deploymentStrategy: - type: Recreate diff --git a/charts/ambassador/ambassador/6.7.1100/ci/05-auth-disabled-values.yaml b/charts/ambassador/ambassador/6.7.1100/ci/05-auth-disabled-values.yaml deleted file mode 100755 index 769f8eb55..000000000 --- a/charts/ambassador/ambassador/6.7.1100/ci/05-auth-disabled-values.yaml +++ /dev/null @@ -1,8 +0,0 @@ -service: - type: NodePort - -authService: - create: false - -deploymentStrategy: - type: Recreate diff --git a/charts/ambassador/ambassador/6.7.1100/ci/06-hpa-values.yaml b/charts/ambassador/ambassador/6.7.1100/ci/06-hpa-values.yaml deleted file mode 100755 index 56509eb8b..000000000 --- a/charts/ambassador/ambassador/6.7.1100/ci/06-hpa-values.yaml +++ /dev/null @@ -1,8 +0,0 @@ -deploymentStrategy: - type: Recreate - -service: - type: NodePort - -autoscaling: - enabled: true diff --git a/charts/ambassador/ambassador/6.7.1100/ci/08-single-namespace-values.yaml b/charts/ambassador/ambassador/6.7.1100/ci/08-single-namespace-values.yaml deleted file mode 100755 index 591785bde..000000000 --- a/charts/ambassador/ambassador/6.7.1100/ci/08-single-namespace-values.yaml +++ /dev/null @@ -1,8 +0,0 @@ -service: - type: NodePort - -deploymentStrategy: - type: Recreate - -scope: - singleNamespace: true diff --git a/charts/ambassador/ambassador/6.7.1100/ci/09-redis-false-values.yaml b/charts/ambassador/ambassador/6.7.1100/ci/09-redis-false-values.yaml deleted file mode 100755 index e545210d5..000000000 --- a/charts/ambassador/ambassador/6.7.1100/ci/09-redis-false-values.yaml +++ /dev/null @@ -1,9 +0,0 @@ -service: - type: NodePort - -redis: - enabled: false - # Annotations for Ambassador Pro's redis instance. - -deploymentStrategy: - type: Recreate diff --git a/charts/ambassador/ambassador/6.7.1100/ci/12-daemonset-values.yaml b/charts/ambassador/ambassador/6.7.1100/ci/12-daemonset-values.yaml deleted file mode 100755 index 9a581d94b..000000000 --- a/charts/ambassador/ambassador/6.7.1100/ci/12-daemonset-values.yaml +++ /dev/null @@ -1,7 +0,0 @@ -service: - type: NodePort - -deploymentStrategy: - type: RollingUpdate - -daemonSet: true diff --git a/charts/ambassador/ambassador/6.7.1100/ci/13-rl-disabled-values.yaml b/charts/ambassador/ambassador/6.7.1100/ci/13-rl-disabled-values.yaml deleted file mode 100755 index a1dfe0434..000000000 --- a/charts/ambassador/ambassador/6.7.1100/ci/13-rl-disabled-values.yaml +++ /dev/null @@ -1,8 +0,0 @@ -service: - type: NodePort - -rateLimit: - create: false - -deploymentStrategy: - type: Recreate diff --git a/charts/ambassador/ambassador/6.7.1100/ci/14-deployment-labels.yaml b/charts/ambassador/ambassador/6.7.1100/ci/14-deployment-labels.yaml deleted file mode 100755 index 33ebe5b74..000000000 --- a/charts/ambassador/ambassador/6.7.1100/ci/14-deployment-labels.yaml +++ /dev/null @@ -1,3 +0,0 @@ -deploymentLabels: - label: foo - label2: bar diff --git a/charts/ambassador/ambassador/6.7.1100/ci/15-test-resolvers.yaml b/charts/ambassador/ambassador/6.7.1100/ci/15-test-resolvers.yaml deleted file mode 100755 index 0601ce9c4..000000000 --- a/charts/ambassador/ambassador/6.7.1100/ci/15-test-resolvers.yaml +++ /dev/null @@ -1,11 +0,0 @@ -resolvers: - endpoint: - create: true - name: endpoint-foo - - consul: - create: true - name: consul-foo - spec: - address: ${HOST_IP} - datacenter: dc1 \ No newline at end of file diff --git a/charts/ambassador/ambassador/6.7.1100/ci/16-test-module.yaml b/charts/ambassador/ambassador/6.7.1100/ci/16-test-module.yaml deleted file mode 100755 index d80bf9508..000000000 --- a/charts/ambassador/ambassador/6.7.1100/ci/16-test-module.yaml +++ /dev/null @@ -1,9 +0,0 @@ -module: - lua_scripts: | - function envoy_on_response(response_handle) - response_handle:headers():add("Lua-Scripts-Enabled", "Processed") - end - - ip_allow: - - peer: 127.0.0.1 - - remote: 99.99.0.0/16 \ No newline at end of file diff --git a/charts/ambassador/ambassador/6.7.1100/ci/17-svc-preview.yaml b/charts/ambassador/ambassador/6.7.1100/ci/17-svc-preview.yaml deleted file mode 100755 index a141bcdda..000000000 --- a/charts/ambassador/ambassador/6.7.1100/ci/17-svc-preview.yaml +++ /dev/null @@ -1,5 +0,0 @@ -servicePreview: - enabled: true -trafficAgent: - injector: - enabled: true diff --git a/charts/ambassador/ambassador/6.7.1100/ci/check_updated_changelog.sh b/charts/ambassador/ambassador/6.7.1100/ci/check_updated_changelog.sh deleted file mode 100755 index 1840c1799..000000000 --- a/charts/ambassador/ambassador/6.7.1100/ci/check_updated_changelog.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/bash - -set -e - -CURR_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" -[ -d "$CURR_DIR" ] || { echo "FATAL: no current dir (maybe running in zsh?)"; exit 1; } -TOP_DIR=$CURR_DIR/.. - -# shellcheck source=common.sh -source "$CURR_DIR/common.sh" - -echo ${TOP_DIR} -chart_version=$(get_chart_version ${TOP_DIR}) - -if ! grep "## v${chart_version}" ${TOP_DIR}/CHANGELOG.md > /dev/null 2>&1 ; then - echo "Current chart version does not appear in the changelog." - echo "Please run ambassador.git/charts/ambassador/ci/update_chart_changelog.sh and commit." - exit 1 -fi - -echo "Changelog looks good!" diff --git a/charts/ambassador/ambassador/6.7.1100/ci/tests/manifests/backend.yaml b/charts/ambassador/ambassador/6.7.1100/ci/tests/manifests/backend.yaml deleted file mode 100755 index b2d9205df..000000000 --- a/charts/ambassador/ambassador/6.7.1100/ci/tests/manifests/backend.yaml +++ /dev/null @@ -1,47 +0,0 @@ ---- -apiVersion: getambassador.io/v1 -kind: Mapping -metadata: - name: quote-backend -spec: - prefix: /backend/ - service: quote ---- -apiVersion: v1 -kind: Service -metadata: - name: quote -spec: - ports: - - name: http - port: 80 - targetPort: 8080 - selector: - app: quote ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: quote -spec: - replicas: 1 - selector: - matchLabels: - app: quote - strategy: - type: RollingUpdate - template: - metadata: - labels: - app: quote - spec: - containers: - - name: backend - image: datawire/quote:0.4.0 - ports: - - name: http - containerPort: 8080 - resources: - limits: - cpu: "0.1" - memory: 100Mi diff --git a/charts/ambassador/ambassador/6.7.1100/ci/tests/manifests/ci-default-values.yaml b/charts/ambassador/ambassador/6.7.1100/ci/tests/manifests/ci-default-values.yaml deleted file mode 100755 index 0a1ec852e..000000000 --- a/charts/ambassador/ambassador/6.7.1100/ci/tests/manifests/ci-default-values.yaml +++ /dev/null @@ -1,9 +0,0 @@ -#env: -# AMBASSADOR_SINGLE_NAMESPACE: true -# AMBASSADOR_NO_KUBEWATCH: no_kubewatch - -deploymentStrategy: - type: Recreate - -service: - type: NodePort diff --git a/charts/ambassador/ambassador/6.7.1100/ci/tests/manifests/helm-init.yaml b/charts/ambassador/ambassador/6.7.1100/ci/tests/manifests/helm-init.yaml deleted file mode 100755 index 1fcf47dca..000000000 --- a/charts/ambassador/ambassador/6.7.1100/ci/tests/manifests/helm-init.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: tiller - namespace: kube-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: tiller -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-admin -subjects: - - kind: ServiceAccount - name: tiller - namespace: kube-system diff --git a/charts/ambassador/ambassador/6.7.1100/ci/tests/manifests/helm2-values.yaml b/charts/ambassador/ambassador/6.7.1100/ci/tests/manifests/helm2-values.yaml deleted file mode 100755 index d9c0c83c3..000000000 --- a/charts/ambassador/ambassador/6.7.1100/ci/tests/manifests/helm2-values.yaml +++ /dev/null @@ -1,6 +0,0 @@ -service: - type: NodePort - -crds: - create: false - diff --git a/charts/ambassador/ambassador/6.7.1100/ci/tests/manifests/tls.yaml b/charts/ambassador/ambassador/6.7.1100/ci/tests/manifests/tls.yaml deleted file mode 100755 index bc25cf664..000000000 --- a/charts/ambassador/ambassador/6.7.1100/ci/tests/manifests/tls.yaml +++ /dev/null @@ -1,18 +0,0 @@ ---- -apiVersion: v1 -data: - tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNzRENDQVpnQ0NRRHVzSjFYNE54NjJEQU5CZ2txaGtpRzl3MEJBUXNGQURBYU1SZ3dGZ1lEVlFRRERBOWgKYldKaGMzTmhaRzl5TFdObGNuUXdIaGNOTVRreE1qRXpNakV3TXpBNVdoY05NakF4TWpFeU1qRXdNekE1V2pBYQpNUmd3RmdZRFZRUUREQTloYldKaGMzTmhaRzl5TFdObGNuUXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCCkR3QXdnZ0VLQW9JQkFRQzJjcms1OTk0dklURnZpUGNJRjJpd3R0dVdpajFTeUZNSzVpbERieFByMmJCL3RmbDYKcmRwVUFlWkkrMTVDR2VHbi80ZitwRlFXODdwZ2ZvbDhlL3lCSTUvWStpdVIrQUY1bzhQV2h4aHBJdVk3RXdVbgpyT3ZJajcxaUZWa1Q4akRYZW9RWWdKalQ1MWh4SisyelVLZ3VtZDB6L05USEwrQndFbHZ4Z1ZuWlhUdlhsVGFiClBoWloyK3dZdDQvSnozN3lBMHJwNURKeTg5SStQNmVRSmNseUVyWmsvRUNuRFBxTlhDK1VyclVySXBsNkRScHUKdGZWOE9KM3BJZWc2YjBWQi9TQnRPNzFhMThkaXFPclFVREU5MEFOSWJsYWp0ODN5M0FIc29SNytpVGI0QXFvVwpiNG5LcVV1bEQ2QU0xVUg0TzR0SExIM05SemVOL1E1ZUtVb0ZBZ01CQUFFd0RRWUpLb1pJaHZjTkFRRUxCUUFECmdnRUJBQ045b050OVJXT2JOTTBmajg1cm9GUG1zRE1UWElFOU5SNmpDMjV1SGtpY0lnamtGd043NTFkTnQxT0YKZWZLSkFzTDlSWmZUNmVmMUMxOFlnWE1xbTF5Yis0Q1VWWU9RZW96MlgweEdyT1lLZUhPM0hqamNqcXZ1cUxTeApTQ2duVlM1NkhqZU15MzJBNnIxcUhBL1FsYkkraGJFbHN0MVNwYnFSOG95dE9oUzZpNFNWbWxacWxBRkx5WFRRCjZ6Nm5wc25lTmdXMXhkdDN2UkpleXVFWEFZL0Z0eUxmZnkxdk5uODhhTkg2Y2Z2eWJjaHNkaWlRNnVXTnowVGMKeVVodGZUYWFRVjA1d21KZEJ3ZmJndXF0UjFxbXdyNCtzcjA0MEhoQ0pSVmlRUUdHa2VWSVU5ZHFPY0ZkZk5FTQo5NmczU01YWGRrcVhBYzFFb2hZdEthMWwvNTA9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K - tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBdG5LNU9mZmVMeUV4YjRqM0NCZG9zTGJibG9vOVVzaFRDdVlwUTI4VDY5bXdmN1g1CmVxM2FWQUhtU1B0ZVFobmhwLytIL3FSVUZ2TzZZSDZKZkh2OGdTT2YyUG9ya2ZnQmVhUEQxb2NZYVNMbU94TUYKSjZ6cnlJKzlZaFZaRS9JdzEzcUVHSUNZMCtkWWNTZnRzMUNvTHBuZE0velV4eS9nY0JKYjhZRloyVjA3MTVVMgptejRXV2R2c0dMZVB5YzkrOGdOSzZlUXljdlBTUGorbmtDWEpjaEsyWlB4QXB3ejZqVnd2bEs2MUt5S1plZzBhCmJyWDFmRGlkNlNIb09tOUZRZjBnYlR1OVd0ZkhZcWpxMEZBeFBkQURTRzVXbzdmTjh0d0I3S0VlL29rMitBS3EKRm0rSnlxbExwUStnRE5WQitEdUxSeXg5elVjM2pmME9YaWxLQlFJREFRQUJBb0lCQUVOQy9qaDV3Z2E4QlA2cQpqdkFEdVV2VXpoV3N0empxczNyRUtaZzd2aXRvSU9La1V1cEFaOG9xdlJ4UTE0b2xBb1V0OXBRUlB4TUxIYjN2ClNINkZNeXprMWt4bXhtTlUvQzQ5Q3Jqdkt6ZXZieE4rU3BzNjY5NFA1L0RlRCs0RGpyQVI4ZHNhcGIwUmdCQ1AKZU5sdnRlRWdSbVdoSTB5ZndPMXdSMGM4dWNRaE5GcjNNd0lMQ1FES0Zpa2NDSi9GV0FmNXc4ZGFnYnBYTXAxawo3ci9ya1BFcVh6NnRxam04eWZZWlRoaGIwUE5LcSsxOGdkaCtLeTZPL1RnTVZ2d1BLVkIrZUhoQmJZY2R6VGYxCmxia3pVeUFhZmR3VlBTTnhVOWhzSzBqNExWZG83YlVkajZySHNXTlBWcm1Ib1VsUnNjcno2aDhPZlQ0bU9WTi8KRmhtcEhvRUNnWUVBNlVENVlWMUJrWEg4S21WRjhiVGVGVGlTY1IvRGI4TVlRY3NLNzQrNEg5aEFmbjR3d3ZWeQpidi9kL2NsOWZHY0xXN0w1QWM1WWRxNlNWZGFHRVZpVzVOTy8xV0wwN3JjaG8xZTRaSzlPemJiUllNWW51cWRHCmF5eGhoUks0R25ubzZXMTlMWWc1d1F3TUJvUzNSbFVxUWN3UU1ESiszMVc4emwrazdpODk0dVVDZ1lFQXlEMXIKZHVMSGRMcG9UWEd2ZjZIVk9HQ1pWczQvSXg1M1B1WnRXY1FkYkc5MDZNWHRwdldWdDN1ek8rVVd2WGJIWHBSMQpjZWVrUHRucTI4a1BFT2oyd3NoVFRQQ05OT0dUWE01SzREbTVjNjVaeWY0WVJjQ0NZNEpSSUNqWHExeE9uc21nCk8ydTZiYlVQWE9veXFmVllWK0wwK25zcHNLOUNCd0ZaMjJqMXVLRUNnWUVBbzcyZTBzQ2FaTFcxcFRWT3NteWIKY2g0eWZ3TWpPUE9sdFpvSlpUNW9yTUlzRkNBVnJ1YUtuRzAxc3hDYzdKV1JuWiszdVpMVyt3bDFaSmlocU0rZApyYWtRQTRYaUZ5bXJqWFRvMXBWU0pvcnQxSmVHRUR1WTdXZE1WaFJiOVFvYmZMSUZxODd6YkJjKzRkeU1vK3pwCkt5TkxRZXBRc2dzSDdYK3EwaUdMdWhrQ2dZQUlYQWdRZm9jMUtGTVNhSnliQjNhUFUva1MxcWxzSGVsOGhzSXAKN1RZTlFObnduZEsrRmFLYWRsK1ZNSXN5ZmJMMUQ5MlhVOFJYbTJGaXE1SWxjcFJhcldKTTQvNEJKeW12eGl6NgpEMjdlbFhqS0pnRjlaL3dKaTNjM2tIendlbm9OeHYwWmZmWGFmcVNWakhGeEJ2MFpMakJzQkpoSStBZ1pvc1ROCmxDUXVBUUtCZ1FESHVxNUVseU1RS2NZWm5tRlN6T2ZYWXNJYm8rZEJJTlEyNnB0OFdacGMydnpsNkNrQXV3TWwKQU9jRllrbjBXSnVJRXRubnhPT3Rwcnh0VGRIWGIvOWZWY090Unp2TitvVjN2OVNEalZjWTRESWp3MXlpMkt1Vwp6MmV1N1lCNExlbG13TFlHMEJUMWp0ejJJREUxYW85MzgybEpWV2J4Y1dsdHArWTFCRWhkdmc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= -kind: Secret -metadata: - name: self-signed-cert -type: kubernetes.io/tls ---- -apiVersion: getambassador.io/v1 -kind: TLSContext -metadata: - name: tls -spec: - hosts: ["*"] - secret: self-signed-cert - diff --git a/charts/ambassador/ambassador/6.7.1100/ci/update_chart_changelog.sh b/charts/ambassador/ambassador/6.7.1100/ci/update_chart_changelog.sh deleted file mode 100755 index ee7bfeaa8..000000000 --- a/charts/ambassador/ambassador/6.7.1100/ci/update_chart_changelog.sh +++ /dev/null @@ -1,53 +0,0 @@ -#!/bin/bash - -set -e - -CURR_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" -[ -d "$CURR_DIR" ] || { echo "FATAL: no current dir (maybe running in zsh?)"; exit 1; } -TOP_DIR=$CURR_DIR/.. - -# shellcheck source=common.sh -source "$CURR_DIR/common.sh" - -chart_version=$(get_chart_version ${TOP_DIR}) - -new_changelog=${TOP_DIR}/CHANGELOG.new.md -rm ${new_changelog} || true -while IFS= read -r line ; do - echo -e "${line}" - echo -e "${line}" >> ${new_changelog} - if [[ "${line}" =~ "## Next Release" ]] ; then - echo "" >> ${new_changelog} - echo "(no changes yet)" >> ${new_changelog} - echo "" >> ${new_changelog} - echo "## v${chart_version}" >> ${new_changelog} - fi - -done < ${TOP_DIR}/CHANGELOG.md - -mv ${new_changelog} ${TOP_DIR}/CHANGELOG.md -if [[ -n "${DONT_COMMIT_DIFF}" ]] ; then - echo "DONT_COMMIT_DIFF is set, not committing" - exit 0 -fi - -if git diff --exit-code -- ${TOP_DIR}/CHANGELOG.md > /dev/null 2>&1 ; then - echo "No changes to changelog, exiting" - exit 0 -fi - -branch_name="$(git symbolic-ref HEAD 2>/dev/null)" || -branch_name="detached" - -if [[ "${branch_name}" == "refs/heads/master" ]] ; then - echo "Not committing local changes to branch because branch is master" - exit 1 -elif [[ "${branch_name}" == "detached" ]] ; then - echo "Not committing local changes because you're in a detached head state" - echo "please create a branch then rerun this script" - exit 1 -fi -branch_name=${branch_name##refs/heads/} -git add ${TOP_DIR}/CHANGELOG.md -git commit -m "Committing changelog for chart v${chart_version}" -git push -u origin ${branch_name} diff --git a/charts/ambassador/ambassador/6.7.1100/crds/filter.yaml b/charts/ambassador/ambassador/6.7.1100/crds/filter.yaml deleted file mode 100755 index bf0403820..000000000 --- a/charts/ambassador/ambassador/6.7.1100/crds/filter.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/hook: crd-install - labels: - app.kubernetes.io/name: ambassador - product: aes - name: filters.getambassador.io -spec: - group: getambassador.io - names: - categories: - - ambassador-crds - kind: Filter - plural: filters - shortNames: - - fil - singular: filter - scope: Namespaced - versions: - - name: v1beta2 - served: true - storage: false - - name: v2 - served: true - storage: true diff --git a/charts/ambassador/ambassador/6.7.1100/crds/filterpolicy.yaml b/charts/ambassador/ambassador/6.7.1100/crds/filterpolicy.yaml deleted file mode 100755 index 88e3781da..000000000 --- a/charts/ambassador/ambassador/6.7.1100/crds/filterpolicy.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/hook: crd-install - labels: - app.kubernetes.io/name: ambassador - product: aes - name: filterpolicies.getambassador.io -spec: - group: getambassador.io - names: - categories: - - ambassador-crds - kind: FilterPolicy - plural: filterpolicies - shortNames: - - fp - singular: filterpolicy - scope: Namespaced - versions: - - name: v1beta2 - served: true - storage: false - - name: v2 - served: true - storage: true diff --git a/charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_authservices.yaml b/charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_authservices.yaml deleted file mode 100755 index 1c97d063f..000000000 --- a/charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_authservices.yaml +++ /dev/null @@ -1,115 +0,0 @@ -# GENERATED FILE: edits made by hand will not be preserved. ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - helm.sh/hook: crd-install - labels: - app.kubernetes.io/name: ambassador - product: aes - name: authservices.getambassador.io -spec: - group: getambassador.io - names: - categories: - - ambassador-crds - kind: AuthService - listKind: AuthServiceList - plural: authservices - singular: authservice - scope: Namespaced - validation: - openAPIV3Schema: - description: AuthService is the Schema for the authservices API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: AuthServiceSpec defines the desired state of AuthService - properties: - add_auth_headers: - additionalProperties: - description: BoolOrString is a type that can hold a Boolean or a string. - oneOf: - - type: string - - type: boolean - type: object - add_linkerd_headers: - type: boolean - allow_request_body: - type: boolean - allowed_authorization_headers: - items: - type: string - type: array - allowed_request_headers: - items: - type: string - type: array - ambassador_id: - description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\"" - items: - type: string - oneOf: - - type: string - - type: array - auth_service: - type: string - failure_mode_allow: - type: boolean - include_body: - properties: - allow_partial: - type: boolean - max_bytes: - description: These aren't pointer types because they are required. - type: integer - required: - - allow_partial - - max_bytes - type: object - path_prefix: - type: string - proto: - enum: - - http - - grpc - type: string - protocol_version: - enum: - - v2 - - v3 - type: string - status_on_error: - description: Why isn't this just an int?? - properties: - code: - type: integer - type: object - timeout_ms: - type: integer - tls: - description: BoolOrString is a type that can hold a Boolean or a string. - oneOf: - - type: string - - type: boolean - required: - - auth_service - type: object - type: object - version: null - versions: - - name: v2 - served: true - storage: true - - name: v1 - served: true - storage: false diff --git a/charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_consulresolvers.yaml b/charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_consulresolvers.yaml deleted file mode 100755 index 0f659d5d3..000000000 --- a/charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_consulresolvers.yaml +++ /dev/null @@ -1,58 +0,0 @@ -# GENERATED FILE: edits made by hand will not be preserved. ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - helm.sh/hook: crd-install - labels: - app.kubernetes.io/name: ambassador - product: aes - name: consulresolvers.getambassador.io -spec: - group: getambassador.io - names: - categories: - - ambassador-crds - kind: ConsulResolver - listKind: ConsulResolverList - plural: consulresolvers - singular: consulresolver - scope: Namespaced - validation: - openAPIV3Schema: - description: ConsulResolver is the Schema for the ConsulResolver API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ConsulResolver tells Ambassador to use Consul to resolve services. In addition to the AmbassadorID, it needs information about which Consul server and DC to use. - properties: - address: - type: string - ambassador_id: - description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\"" - items: - type: string - oneOf: - - type: string - - type: array - datacenter: - type: string - type: object - type: object - version: null - versions: - - name: v2 - served: true - storage: true - - name: v1 - served: true - storage: false diff --git a/charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_devportals.yaml b/charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_devportals.yaml deleted file mode 100755 index 291d2a66e..000000000 --- a/charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_devportals.yaml +++ /dev/null @@ -1,109 +0,0 @@ -# GENERATED FILE: edits made by hand will not be preserved. ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - helm.sh/hook: crd-install - labels: - app.kubernetes.io/name: ambassador - product: aes - name: devportals.getambassador.io -spec: - group: getambassador.io - names: - categories: - - ambassador-crds - kind: DevPortal - listKind: DevPortalList - plural: devportals - singular: devportal - scope: Namespaced - validation: - openAPIV3Schema: - description: "DevPortal is the Schema for the DevPortals API \n DevPortal resources specify the `what` and `how` is shown in a DevPortal: \n * `what` is in a DevPortal can be controlled with - a `selector`, that can be used for filtering `Mappings`. - a `docs` listing of (services, url) * `how` is a pointer to some `contents` (a checkout of a Git repository with go-templates/markdown/css). \n Multiple `DevPortal`s can exist in the cluster, and the Dev Portal server will show them at different endpoints. A `DevPortal` resource with a special name, `ambassador`, will be used for configuring the default Dev Portal (served at `/docs/` by default)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: DevPortalSpec defines the desired state of DevPortal - properties: - ambassador_id: - description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\"" - items: - type: string - oneOf: - - type: string - - type: array - content: - description: Content specifies where the content shown in the DevPortal come from - properties: - branch: - type: string - dir: - type: string - url: - type: string - type: object - default: - description: Default must be true when this is the default DevPortal - type: boolean - docs: - description: Docs is a static docs definition - items: - description: 'DevPortalDocsSpec is a static documentation definition: instead of using a Selector for finding documentation for services, users can provide a static list of : tuples. These services will be shown in the Dev Portal with the documentation obtained from this URL.' - properties: - service: - description: Service is the service being documented - type: string - url: - description: URL is the URL used for obtaining docs - type: string - type: object - type: array - naming_scheme: - description: Describes how to display "services" in the DevPortal. Default namespace.name - enum: - - namespace.name - - name.prefix - type: string - search: - description: DevPortalSearchSpec allows configuration over search functionality for the DevPortal - properties: - enabled: - type: boolean - type: - description: 'Type of search. "title-only" does a fuzzy search over openapi and page titles "all-content" will fuzzy search over all openapi and page content. "title-only" is the default. warning: using all-content may incur a larger memory footprint' - enum: - - title-only - - all-content - type: string - type: object - selector: - description: Selector is used for choosing what is shown in the DevPortal - properties: - matchLabels: - additionalProperties: - type: string - description: MatchLabels specifies the list of labels that must be present in Mappings for being present in this DevPortal. - type: object - matchNamespaces: - description: MatchNamespaces is a list of namespaces that will be included in this DevPortal. - items: - type: string - type: array - type: object - type: object - type: object - version: null - versions: - - name: v2 - served: true - storage: true diff --git a/charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_hosts.yaml b/charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_hosts.yaml deleted file mode 100755 index ccc7abd92..000000000 --- a/charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_hosts.yaml +++ /dev/null @@ -1,246 +0,0 @@ -# GENERATED FILE: edits made by hand will not be preserved. ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - helm.sh/hook: crd-install - labels: - app.kubernetes.io/name: ambassador - product: aes - name: hosts.getambassador.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.hostname - name: Hostname - type: string - - JSONPath: .status.state - name: State - type: string - - JSONPath: .status.phaseCompleted - name: Phase Completed - type: string - - JSONPath: .status.phasePending - name: Phase Pending - type: string - - JSONPath: .metadata.creationTimestamp - name: Age - type: date - group: getambassador.io - names: - categories: - - ambassador-crds - kind: Host - listKind: HostList - plural: hosts - singular: host - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: Host is the Schema for the hosts API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: HostSpec defines the desired state of Host - properties: - acmeProvider: - description: Specifies whether/who to talk ACME with to automatically manage the $tlsSecret. - properties: - authority: - description: Specifies who to talk ACME with to get certs. Defaults to Let's Encrypt; if "none" (case-insensitive), do not try to do ACME for this Host. - type: string - email: - type: string - privateKeySecret: - description: "Specifies the Kubernetes Secret to use to store the private key of the ACME account (essentially, where to store the auto-generated password for the auto-created ACME account). You should not normally need to set this--the default value is based on a combination of the ACME authority being registered wit and the email address associated with the account. \n Note that this is a native-Kubernetes-style core.v1.LocalObjectReference, not an Ambassador-style `{name}.{namespace}` string. Because we're opinionated, it does not support referencing a Secret in another namespace (because most native Kubernetes resources don't support that), but if we ever abandon that opinion and decide to support non-local references it, it would be by adding a `namespace:` field by changing it from a core.v1.LocalObjectReference to a core.v1.SecretReference, not by adopting the `{name}.{namespace}` notation." - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - registration: - description: This is normally set automatically - type: string - type: object - ambassador_id: - description: Common to all Ambassador objects (and optional). - items: - type: string - oneOf: - - type: string - - type: array - ambassadorId: - description: A compatibility alias for "ambassador_id"; because Host used to be specified with protobuf, and jsonpb allowed either "ambassador_id" or "ambassadorId", and even though we didn't tell people about "ambassadorId" it's what the web policy console generated because of jsonpb. So Hosts with 'ambassadorId' exist in the wild. - items: - type: string - oneOf: - - type: string - - type: array - hostname: - description: Hostname by which the Ambassador can be reached. - type: string - previewUrl: - description: Configuration for the Preview URL feature of Service Preview. Defaults to preview URLs not enabled. - properties: - enabled: - description: Is the Preview URL feature enabled? - type: boolean - type: - description: What type of Preview URL is allowed? - enum: - - Path - type: string - type: object - requestPolicy: - description: Request policy definition. - properties: - insecure: - properties: - action: - enum: - - Redirect - - Reject - - Route - type: string - additionalPort: - type: integer - type: object - type: object - selector: - description: Selector by which we can find further configuration. Defaults to hostname=$hostname - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - tls: - description: TLS configuration. It is not valid to specify both `tlsContext` and `tls`. - properties: - alpn_protocols: - type: string - ca_secret: - type: string - cacert_chain_file: - type: string - cert_chain_file: - type: string - cert_required: - type: boolean - cipher_suites: - items: - type: string - type: array - ecdh_curves: - items: - type: string - type: array - max_tls_version: - type: string - min_tls_version: - type: string - private_key_file: - type: string - redirect_cleartext_from: - type: integer - sni: - type: string - type: object - tlsContext: - description: "Name of the TLSContext the Host resource is linked with. It is not valid to specify both `tlsContext` and `tls`. \n Note that this is a native-Kubernetes-style core.v1.LocalObjectReference, not an Ambassador-style `{name}.{namespace}` string. Because we're opinionated, it does not support referencing a Secret in another namespace (because most native Kubernetes resources don't support that), but if we ever abandon that opinion and decide to support non-local references it, it would be by adding a `namespace:` field by changing it from a core.v1.LocalObjectReference to a core.v1.SecretReference, not by adopting the `{name}.{namespace}` notation." - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - tlsSecret: - description: "Name of the Kubernetes secret into which to save generated certificates. If ACME is enabled (see $acmeProvider), then the default is $hostname; otherwise the default is \"\". If the value is \"\", then we do not do TLS for this Host. \n Note that this is a native-Kubernetes-style core.v1.LocalObjectReference, not an Ambassador-style `{name}.{namespace}` string. Because we're opinionated, it does not support referencing a Secret in another namespace (because most native Kubernetes resources don't support that), but if we ever abandon that opinion and decide to support non-local references it, it would be by adding a `namespace:` field by changing it from a core.v1.LocalObjectReference to a core.v1.SecretReference, not by adopting the `{name}.{namespace}` notation." - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - type: object - status: - description: HostStatus defines the observed state of Host - properties: - errorBackoff: - type: string - errorReason: - description: errorReason, errorTimestamp, and errorBackoff are valid when state==Error. - type: string - errorTimestamp: - format: date-time - type: string - phaseCompleted: - description: phaseCompleted and phasePending are valid when state==Pending or state==Error. - enum: - - NA - - DefaultsFilled - - ACMEUserPrivateKeyCreated - - ACMEUserRegistered - - ACMECertificateChallenge - type: string - phasePending: - description: phaseCompleted and phasePending are valid when state==Pending or state==Error. - enum: - - NA - - DefaultsFilled - - ACMEUserPrivateKeyCreated - - ACMEUserRegistered - - ACMECertificateChallenge - type: string - state: - description: The first value listed in the Enum marker becomes the "zero" value, and it would be great if "Pending" could be the default value; but it's Important that the "zero" value be able to be shown as empty/omitted from display, and we really do want `kubectl get hosts` to say "Pending" in the "STATE" column, and not leave the column empty. - enum: - - Initial - - Pending - - Ready - - Error - type: string - tlsCertificateSource: - enum: - - Unknown - - None - - Other - - ACME - type: string - type: object - type: object - version: null - versions: - - name: v2 - served: true - storage: true diff --git a/charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_kubernetesendpointresolvers.yaml b/charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_kubernetesendpointresolvers.yaml deleted file mode 100755 index 88b73d2d8..000000000 --- a/charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_kubernetesendpointresolvers.yaml +++ /dev/null @@ -1,54 +0,0 @@ -# GENERATED FILE: edits made by hand will not be preserved. ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - helm.sh/hook: crd-install - labels: - app.kubernetes.io/name: ambassador - product: aes - name: kubernetesendpointresolvers.getambassador.io -spec: - group: getambassador.io - names: - categories: - - ambassador-crds - kind: KubernetesEndpointResolver - listKind: KubernetesEndpointResolverList - plural: kubernetesendpointresolvers - singular: kubernetesendpointresolver - scope: Namespaced - validation: - openAPIV3Schema: - description: KubernetesEndpointResolver is the Schema for the kubernetesendpointresolver API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: KubernetesEndpointResolver tells Ambassador to use Kubernetes Endpoints resources to resolve services. It actually has no spec other than the AmbassadorID. - properties: - ambassador_id: - description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\"" - items: - type: string - oneOf: - - type: string - - type: array - type: object - type: object - version: null - versions: - - name: v2 - served: true - storage: true - - name: v1 - served: true - storage: false diff --git a/charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_kubernetesserviceresolvers.yaml b/charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_kubernetesserviceresolvers.yaml deleted file mode 100755 index 98b5d302e..000000000 --- a/charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_kubernetesserviceresolvers.yaml +++ /dev/null @@ -1,54 +0,0 @@ -# GENERATED FILE: edits made by hand will not be preserved. ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - helm.sh/hook: crd-install - labels: - app.kubernetes.io/name: ambassador - product: aes - name: kubernetesserviceresolvers.getambassador.io -spec: - group: getambassador.io - names: - categories: - - ambassador-crds - kind: KubernetesServiceResolver - listKind: KubernetesServiceResolverList - plural: kubernetesserviceresolvers - singular: kubernetesserviceresolver - scope: Namespaced - validation: - openAPIV3Schema: - description: KubernetesServiceResolver is the Schema for the kubernetesserviceresolver API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: KubernetesServiceResolver tells Ambassador to use Kubernetes Service resources to resolve services. It actually has no spec other than the AmbassadorID. - properties: - ambassador_id: - description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\"" - items: - type: string - oneOf: - - type: string - - type: array - type: object - type: object - version: null - versions: - - name: v2 - served: true - storage: true - - name: v1 - served: true - storage: false diff --git a/charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_logservices.yaml b/charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_logservices.yaml deleted file mode 100755 index a726defe5..000000000 --- a/charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_logservices.yaml +++ /dev/null @@ -1,83 +0,0 @@ -# GENERATED FILE: edits made by hand will not be preserved. ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - helm.sh/hook: crd-install - labels: - app.kubernetes.io/name: ambassador - product: aes - name: logservices.getambassador.io -spec: - group: getambassador.io - names: - categories: - - ambassador-crds - kind: LogService - listKind: LogServiceList - plural: logservices - singular: logservice - scope: Namespaced - validation: - openAPIV3Schema: - description: LogService is the Schema for the logservices API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: LogServiceSpec defines the desired state of LogService - properties: - ambassador_id: - description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\"" - items: - type: string - oneOf: - - type: string - - type: array - driver: - enum: - - tcp - - http - type: string - driver_config: - properties: - additional_log_headers: - items: - properties: - during_request: - type: boolean - during_response: - type: boolean - during_trailer: - type: boolean - header_name: - type: string - type: object - type: array - type: object - flush_interval_byte_size: - type: integer - flush_interval_time: - type: integer - grpc: - type: boolean - service: - type: string - type: object - type: object - version: null - versions: - - name: v2 - served: true - storage: true - - name: v1 - served: true - storage: false diff --git a/charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_mappings.yaml b/charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_mappings.yaml deleted file mode 100755 index c61eefb5f..000000000 --- a/charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_mappings.yaml +++ /dev/null @@ -1,431 +0,0 @@ -# GENERATED FILE: edits made by hand will not be preserved. ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - helm.sh/hook: crd-install - labels: - app.kubernetes.io/name: ambassador - product: aes - name: mappings.getambassador.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.host - name: Source Host - type: string - - JSONPath: .spec.prefix - name: Source Prefix - type: string - - JSONPath: .spec.service - name: Dest Service - type: string - - JSONPath: .status.state - name: State - type: string - - JSONPath: .status.reason - name: Reason - type: string - group: getambassador.io - names: - categories: - - ambassador-crds - kind: Mapping - listKind: MappingList - plural: mappings - singular: mapping - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: Mapping is the Schema for the mappings API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: MappingSpec defines the desired state of Mapping - properties: - add_linkerd_headers: - type: boolean - add_request_headers: - additionalProperties: - oneOf: - - type: string - - type: boolean - - type: object - type: object - add_response_headers: - additionalProperties: - oneOf: - - type: string - - type: boolean - - type: object - type: object - allow_upgrade: - description: "A case-insensitive list of the non-HTTP protocols to allow \"upgrading\" to from HTTP via the \"Connection: upgrade\" mechanism[1]. After the upgrade, Ambassador does not interpret the traffic, and behaves similarly to how it does for TCPMappings. \n [1]: https://tools.ietf.org/html/rfc7230#section-6.7 \n For example, if your upstream service supports WebSockets, you would write \n allow_upgrade: - websocket \n Or if your upstream service supports upgrading from HTTP to SPDY (as the Kubernetes apiserver does for `kubectl exec` functionality), you would write \n allow_upgrade: - spdy/3.1" - items: - type: string - type: array - ambassador_id: - description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\"" - items: - type: string - oneOf: - - type: string - - type: array - auth_context_extensions: - additionalProperties: - type: string - type: object - auto_host_rewrite: - type: boolean - bypass_auth: - type: boolean - bypass_error_response_overrides: - description: If true, bypasses any `error_response_overrides` set on the Ambassador module. - type: boolean - case_sensitive: - type: boolean - circuit_breakers: - items: - properties: - max_connections: - type: integer - max_pending_requests: - type: integer - max_requests: - type: integer - max_retries: - type: integer - priority: - enum: - - default - - high - type: string - type: object - type: array - cluster_idle_timeout_ms: - type: integer - cluster_max_connection_lifetime_ms: - type: integer - cluster_tag: - type: string - connect_timeout_ms: - type: integer - cors: - properties: - credentials: - type: boolean - exposed_headers: - description: StringOrStringList is just what it says on the tin, but note that it will always marshal as a list of strings right now. - items: - type: string - oneOf: - - type: string - - type: array - headers: - description: StringOrStringList is just what it says on the tin, but note that it will always marshal as a list of strings right now. - items: - type: string - oneOf: - - type: string - - type: array - max_age: - type: string - methods: - description: StringOrStringList is just what it says on the tin, but note that it will always marshal as a list of strings right now. - items: - type: string - oneOf: - - type: string - - type: array - origins: - description: StringOrStringList is just what it says on the tin, but note that it will always marshal as a list of strings right now. - items: - type: string - oneOf: - - type: string - - type: array - type: object - docs: - description: DocsInfo provides some extra information about the docs for the Mapping (used by the Dev Portal) - properties: - display_name: - type: string - ignored: - type: boolean - path: - type: string - url: - type: string - type: object - enable_ipv4: - type: boolean - enable_ipv6: - type: boolean - envoy_override: - description: UntypedDict is relatively opaque as a Go type, but it preserves its contents in a roundtrippable way. - type: object - error_response_overrides: - description: Error response overrides for this Mapping. Replaces all of the `error_response_overrides` set on the Ambassador module, if any. - items: - description: A response rewrite for an HTTP error response - properties: - body: - description: The new response body - properties: - content_type: - description: The content type to set on the error response body when using text_format or text_format_source. Defaults to 'text/plain'. - type: string - json_format: - additionalProperties: - type: string - description: 'A JSON response with content-type: application/json. The values can contain format text like in text_format.' - type: object - text_format: - description: A format string representing a text response body. Content-Type can be set using the `content_type` field below. - type: string - text_format_source: - description: A format string sourced from a file on the Ambassador container. Useful for larger response bodies that should not be placed inline in configuration. - properties: - filename: - description: The name of a file on the Ambassador pod that contains a format text string. - type: string - type: object - type: object - on_status_code: - description: The status code to match on -- not a pointer because it's required. - maximum: 599 - minimum: 400 - type: integer - required: - - body - - on_status_code - type: object - minItems: 1 - type: array - grpc: - type: boolean - headers: - additionalProperties: - description: BoolOrString is a type that can hold a Boolean or a string. - oneOf: - - type: string - - type: boolean - type: object - host: - type: string - host_redirect: - type: boolean - host_regex: - type: boolean - host_rewrite: - type: string - idle_timeout_ms: - type: integer - keepalive: - properties: - idle_time: - type: integer - interval: - type: integer - probes: - type: integer - type: object - labels: - additionalProperties: - description: A MappingLabelGroupsArray is an array of MappingLabelGroups. I know, complex. - items: - additionalProperties: - description: 'A MappingLabelsArray is the value in the MappingLabelGroup: an array of label specifiers.' - items: - description: A MappingLabelSpecifier (finally!) defines a single label. There are multiple kinds of label, so this is more complex than we'd like it to be. See the remarks about schema on custom types in `./common.go`. - type: array - description: 'A MappingLabelGroup is a single element of a MappingLabelGroupsArray: a second map, where the key is a human-readable name that identifies the group.' - type: object - type: array - description: A DomainMap is the overall Mapping.spec.Labels type. It maps domains (kind of like namespaces for Mapping labels) to arrays of label groups. - type: object - load_balancer: - properties: - cookie: - properties: - name: - type: string - path: - type: string - ttl: - type: string - required: - - name - type: object - header: - type: string - policy: - enum: - - round_robin - - ring_hash - - maglev - - least_request - type: string - source_ip: - type: boolean - required: - - policy - type: object - method: - type: string - method_regex: - type: boolean - modules: - items: - description: UntypedDict is relatively opaque as a Go type, but it preserves its contents in a roundtrippable way. - type: object - type: array - outlier_detection: - type: string - path_redirect: - description: Path replacement to use when generating an HTTP redirect. Used with `host_redirect`. - type: string - precedence: - type: integer - prefix: - type: string - prefix_exact: - type: boolean - prefix_redirect: - description: Prefix rewrite to use when generating an HTTP redirect. Used with `host_redirect`. - type: string - prefix_regex: - type: boolean - priority: - type: string - query_parameters: - additionalProperties: - description: BoolOrString is a type that can hold a Boolean or a string. - oneOf: - - type: string - - type: boolean - type: object - redirect_response_code: - description: The response code to use when generating an HTTP redirect. Defaults to 301. Used with `host_redirect`. - enum: - - 301 - - 302 - - 303 - - 307 - - 308 - type: integer - regex_headers: - additionalProperties: - description: BoolOrString is a type that can hold a Boolean or a string. - oneOf: - - type: string - - type: boolean - type: object - regex_query_parameters: - additionalProperties: - description: BoolOrString is a type that can hold a Boolean or a string. - oneOf: - - type: string - - type: boolean - type: object - regex_redirect: - additionalProperties: - description: BoolOrString is a type that can hold a Boolean or a string. - oneOf: - - type: string - - type: boolean - description: Prefix regex rewrite to use when generating an HTTP redirect. Used with `host_redirect`. - type: object - regex_rewrite: - additionalProperties: - description: BoolOrString is a type that can hold a Boolean or a string. - oneOf: - - type: string - - type: boolean - type: object - remove_request_headers: - description: StringOrStringList is just what it says on the tin, but note that it will always marshal as a list of strings right now. - items: - type: string - oneOf: - - type: string - - type: array - remove_response_headers: - description: StringOrStringList is just what it says on the tin, but note that it will always marshal as a list of strings right now. - items: - type: string - oneOf: - - type: string - - type: array - resolver: - type: string - retry_policy: - properties: - num_retries: - type: integer - per_try_timeout: - type: string - retry_on: - enum: - - 5xx - - gateway-error - - connect-failure - - retriable-4xx - - refused-stream - - retriable-status-codes - type: string - type: object - rewrite: - type: string - service: - type: string - shadow: - type: boolean - timeout_ms: - description: The timeout for requests that use this Mapping. Overrides `cluster_request_timeout_ms` set on the Ambassador Module, if it exists. - type: integer - tls: - description: BoolOrString is a type that can hold a Boolean or a string. - oneOf: - - type: string - - type: boolean - use_websocket: - description: 'use_websocket is deprecated, and is equivlaent to setting `allow_upgrade: ["websocket"]`' - type: boolean - weight: - type: integer - required: - - prefix - - service - type: object - status: - description: MappingStatus defines the observed state of Mapping - properties: - reason: - type: string - state: - enum: - - "" - - Inactive - - Running - type: string - type: object - type: object - version: null - versions: - - name: v2 - served: true - storage: true - - name: v1 - served: true - storage: false diff --git a/charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_modules.yaml b/charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_modules.yaml deleted file mode 100755 index f60fa89c6..000000000 --- a/charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_modules.yaml +++ /dev/null @@ -1,56 +0,0 @@ -# GENERATED FILE: edits made by hand will not be preserved. ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - helm.sh/hook: crd-install - labels: - app.kubernetes.io/name: ambassador - product: aes - name: modules.getambassador.io -spec: - group: getambassador.io - names: - categories: - - ambassador-crds - kind: Module - listKind: ModuleList - plural: modules - singular: module - scope: Namespaced - validation: - openAPIV3Schema: - description: "A Module defines system-wide configuration. The type of module is controlled by the .metadata.name; valid names are \"ambassador\" or \"tls\". \n https://www.getambassador.io/docs/edge-stack/latest/topics/running/ambassador/#the-ambassador-module https://www.getambassador.io/docs/edge-stack/latest/topics/running/tls/#tls-module-deprecated" - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - ambassador_id: - description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\"" - items: - type: string - oneOf: - - type: string - - type: array - config: - description: UntypedDict is relatively opaque as a Go type, but it preserves its contents in a roundtrippable way. - type: object - type: object - type: object - version: null - versions: - - name: v2 - served: true - storage: true - - name: v1 - served: true - storage: false diff --git a/charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_ratelimitservices.yaml b/charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_ratelimitservices.yaml deleted file mode 100755 index 97562444f..000000000 --- a/charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_ratelimitservices.yaml +++ /dev/null @@ -1,72 +0,0 @@ -# GENERATED FILE: edits made by hand will not be preserved. ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - helm.sh/hook: crd-install - labels: - app.kubernetes.io/name: ambassador - product: aes - name: ratelimitservices.getambassador.io -spec: - group: getambassador.io - names: - categories: - - ambassador-crds - kind: RateLimitService - listKind: RateLimitServiceList - plural: ratelimitservices - singular: ratelimitservice - scope: Namespaced - validation: - openAPIV3Schema: - description: RateLimitService is the Schema for the ratelimitservices API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: RateLimitServiceSpec defines the desired state of RateLimitService - properties: - ambassador_id: - description: Common to all Ambassador objects. - items: - type: string - oneOf: - - type: string - - type: array - domain: - type: string - protocol_version: - enum: - - v2 - - v3 - type: string - service: - type: string - timeout_ms: - type: integer - tls: - description: BoolOrString is a type that can hold a Boolean or a string. - oneOf: - - type: string - - type: boolean - required: - - service - type: object - type: object - version: null - versions: - - name: v2 - served: true - storage: true - - name: v1 - served: true - storage: false diff --git a/charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_tcpmappings.yaml b/charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_tcpmappings.yaml deleted file mode 100755 index f4c295245..000000000 --- a/charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_tcpmappings.yaml +++ /dev/null @@ -1,102 +0,0 @@ -# GENERATED FILE: edits made by hand will not be preserved. ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - helm.sh/hook: crd-install - labels: - app.kubernetes.io/name: ambassador - product: aes - name: tcpmappings.getambassador.io -spec: - group: getambassador.io - names: - categories: - - ambassador-crds - kind: TCPMapping - listKind: TCPMappingList - plural: tcpmappings - singular: tcpmapping - scope: Namespaced - validation: - openAPIV3Schema: - description: TCPMapping is the Schema for the tcpmappings API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: TCPMappingSpec defines the desired state of TCPMapping - properties: - address: - type: string - ambassador_id: - description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\"" - items: - type: string - oneOf: - - type: string - - type: array - circuit_breakers: - items: - properties: - max_connections: - type: integer - max_pending_requests: - type: integer - max_requests: - type: integer - max_retries: - type: integer - priority: - enum: - - default - - high - type: string - type: object - type: array - cluster_tag: - type: string - enable_ipv4: - type: boolean - enable_ipv6: - type: boolean - host: - type: string - idle_timeout_ms: - description: 'FIXME(lukeshu): Surely this should be an ''int''?' - type: string - port: - description: Port isn't a pointer because it's required. - type: integer - resolver: - type: string - service: - type: string - tls: - description: BoolOrString is a type that can hold a Boolean or a string. - oneOf: - - type: string - - type: boolean - weight: - type: integer - required: - - port - - service - type: object - type: object - version: null - versions: - - name: v2 - served: true - storage: true - - name: v1 - served: true - storage: false diff --git a/charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_tlscontexts.yaml b/charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_tlscontexts.yaml deleted file mode 100755 index c7ff23605..000000000 --- a/charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_tlscontexts.yaml +++ /dev/null @@ -1,100 +0,0 @@ -# GENERATED FILE: edits made by hand will not be preserved. ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - helm.sh/hook: crd-install - labels: - app.kubernetes.io/name: ambassador - product: aes - name: tlscontexts.getambassador.io -spec: - group: getambassador.io - names: - categories: - - ambassador-crds - kind: TLSContext - listKind: TLSContextList - plural: tlscontexts - singular: tlscontext - scope: Namespaced - validation: - openAPIV3Schema: - description: TLSContext is the Schema for the tlscontexts API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: TLSContextSpec defines the desired state of TLSContext - properties: - alpn_protocols: - type: string - ambassador_id: - description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\"" - items: - type: string - oneOf: - - type: string - - type: array - ca_secret: - type: string - cacert_chain_file: - type: string - cert_chain_file: - type: string - cert_required: - type: boolean - cipher_suites: - items: - type: string - type: array - ecdh_curves: - items: - type: string - type: array - hosts: - items: - type: string - type: array - max_tls_version: - enum: - - v1.0 - - v1.1 - - v1.2 - - v1.3 - type: string - min_tls_version: - enum: - - v1.0 - - v1.1 - - v1.2 - - v1.3 - type: string - private_key_file: - type: string - redirect_cleartext_from: - type: integer - secret: - type: string - secret_namespacing: - type: boolean - sni: - type: string - type: object - type: object - version: null - versions: - - name: v2 - served: true - storage: true - - name: v1 - served: true - storage: false diff --git a/charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_tracingservices.yaml b/charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_tracingservices.yaml deleted file mode 100755 index a106a22a5..000000000 --- a/charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_tracingservices.yaml +++ /dev/null @@ -1,101 +0,0 @@ -# GENERATED FILE: edits made by hand will not be preserved. ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - helm.sh/hook: crd-install - labels: - app.kubernetes.io/name: ambassador - product: aes - name: tracingservices.getambassador.io -spec: - group: getambassador.io - names: - categories: - - ambassador-crds - kind: TracingService - listKind: TracingServiceList - plural: tracingservices - singular: tracingservice - scope: Namespaced - validation: - openAPIV3Schema: - description: TracingService is the Schema for the tracingservices API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: TracingServiceSpec defines the desired state of TracingService - properties: - ambassador_id: - description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\"" - items: - type: string - oneOf: - - type: string - - type: array - config: - properties: - access_token_file: - type: string - collector_cluster: - type: string - collector_endpoint: - type: string - collector_endpoint_version: - enum: - - HTTP_JSON_V1 - - HTTP_JSON - - HTTP_PROTO - type: string - collector_hostname: - type: string - service_name: - type: string - shared_span_context: - type: boolean - trace_id_128bit: - type: boolean - type: object - driver: - enum: - - lightstep - - zipkin - - datadog - type: string - sampling: - properties: - client: - type: integer - overall: - type: integer - random: - type: integer - type: object - service: - type: string - tag_headers: - items: - type: string - type: array - required: - - driver - - service - type: object - type: object - version: null - versions: - - name: v2 - served: true - storage: true - - name: v1 - served: true - storage: false diff --git a/charts/ambassador/ambassador/6.7.1100/crds/project.yaml b/charts/ambassador/ambassador/6.7.1100/crds/project.yaml deleted file mode 100755 index ac3a22e27..000000000 --- a/charts/ambassador/ambassador/6.7.1100/crds/project.yaml +++ /dev/null @@ -1,34 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/hook: crd-install - labels: - app.kubernetes.io/name: ambassador - product: aes - name: projects.getambassador.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.prefix - name: Prefix - type: string - - JSONPath: .spec.githubRepo - name: Repo - type: string - - JSONPath: .metadata.creationTimestamp - name: Age - type: date - group: getambassador.io - names: - categories: - - ambassador-crds - kind: Project - plural: projects - singular: project - scope: Namespaced - subresources: - status: {} - versions: - - name: v2 - served: true - storage: true diff --git a/charts/ambassador/ambassador/6.7.1100/crds/projectcontroller.yaml b/charts/ambassador/ambassador/6.7.1100/crds/projectcontroller.yaml deleted file mode 100755 index 93bf4ea65..000000000 --- a/charts/ambassador/ambassador/6.7.1100/crds/projectcontroller.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/hook: crd-install - labels: - app.kubernetes.io/name: ambassador - product: aes - name: projectcontrollers.getambassador.io -spec: - group: getambassador.io - names: - categories: - - ambassador-crds - kind: ProjectController - plural: projectcontrollers - singular: projectcontroller - scope: Namespaced - subresources: - status: {} - versions: - - name: v2 - served: true - storage: true diff --git a/charts/ambassador/ambassador/6.7.1100/crds/projectrevision.yaml b/charts/ambassador/ambassador/6.7.1100/crds/projectrevision.yaml deleted file mode 100755 index 6457bef4a..000000000 --- a/charts/ambassador/ambassador/6.7.1100/crds/projectrevision.yaml +++ /dev/null @@ -1,40 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/hook: crd-install - labels: - app.kubernetes.io/name: ambassador - product: aes - name: projectrevisions.getambassador.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.project.name - name: Project - type: string - - JSONPath: .spec.ref - name: Ref - type: string - - JSONPath: .spec.rev - name: Rev - type: string - - JSONPath: .status.phase - name: Status - type: string - - JSONPath: .metadata.creationTimestamp - name: Age - type: date - group: getambassador.io - names: - categories: - - ambassador-crds - kind: ProjectRevision - plural: projectrevisions - singular: projectrevision - scope: Namespaced - subresources: - status: {} - versions: - - name: v2 - served: true - storage: true diff --git a/charts/ambassador/ambassador/6.7.1100/crds/ratelimit.yaml b/charts/ambassador/ambassador/6.7.1100/crds/ratelimit.yaml deleted file mode 100755 index 30b85101c..000000000 --- a/charts/ambassador/ambassador/6.7.1100/crds/ratelimit.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/hook: crd-install - labels: - app.kubernetes.io/name: ambassador - product: aes - name: ratelimits.getambassador.io -spec: - group: getambassador.io - names: - categories: - - ambassador-crds - kind: RateLimit - plural: ratelimits - shortNames: - - rl - singular: ratelimit - scope: Namespaced - versions: - - name: v1beta1 - served: true - storage: false - - name: v2 - served: true - storage: true diff --git a/charts/ambassador/ambassador/6.7.1100/ct.yaml b/charts/ambassador/ambassador/6.7.1100/ct.yaml deleted file mode 100755 index ee4f605c8..000000000 --- a/charts/ambassador/ambassador/6.7.1100/ct.yaml +++ /dev/null @@ -1,37 +0,0 @@ -# See https://github.com/helm/chart-testing - -# note: all the values files in ci/*-values.yaml will -# be tested automatically. For each configuration, -# all the tests in templates/tests/*.yaml -# will be checked. - -################################################ -# github -################################################ - -remote: origin - -################################################ -# chart -################################################ - -charts: - - /charts/ -chart-dirs: - - /charts/ -chart-repos: - - datawire=https://getambassador.io - -helm-extra-args: --timeout 600s - -# namespace: ambassador -# release-label: release - -################################################ -# checks and validations -################################################ - -validate-maintainers: false -validate-chart-schema: true -validate-yaml: true -# check-version-increment: true diff --git a/charts/ambassador/ambassador/6.7.1100/questions.yml b/charts/ambassador/ambassador/6.7.1100/questions.yml deleted file mode 100755 index bf13b9471..000000000 --- a/charts/ambassador/ambassador/6.7.1100/questions.yml +++ /dev/null @@ -1,84 +0,0 @@ -questions: -### CRD Management -- variable: crds.enabled - label: Create CRDs - description: "Should Ambassador Edge Stack create and manage its CRD's?" - type: boolean - required: false - default: "true" - group: "CRD Management" -- variable: crds.keep - label: Keep CRDs - description: "Should Ambassador Edge Stack keep CRD's when the chart is uninstalled?" - type: boolean - required: false - default: "true" - group: "CRD Management" - show_if: "crds.enabled=true" - -### Deployment Management -- variable: daemonSet - label: Deploy as Daemonset - description: "Deploy Ambassador Edge Stack as a Daemonset? (Recommended: false)" - type: boolean - required: false - default: "true" - group: "Deployment Settings" -- variable: replicaCount - label: Replica Count - description: "How many replicas should Ambassador Edge Stack run? (Recommended: 3)" - type: int - required: false - default: "3" - group: "Deployment Settings" - min: 1 - max: 999 - show_if: "daemonSet=false" - -### Service Settings -- variable: service.type - label: Service Type - description: "Set the type of service, LoadBalancer (recommended), NodePort, or ClusterIP" - type: enum - required: false - default: "LoadBalancer" - group: "Service Settings" - options: - - "LoadBalancer" - - "ClusterIP" - - "NodePort" - -### Licensing -- variable: licenseKey.createSecret - label: "Create License Key Secret" - description: "Creates the license key secret using the License Key Data." - type: boolean - required: false - default: "true" - group: "License Settings" -- variable: licenseKey.value - label: "License Key Data" - description: "Specifies the license key to apply." - type: secret - required: false - default: "" - group: "License Settings" - show_if: "licenseKey.createSecret=true" - -### Service Catalog -- variable: agent.enabled - label: "Enable Service Catalog" - description: "Enables the Service Catalog agent for use at https://app.getambassador.io." - type: boolean - required: false - default: "true" - group: "Service Catalog" -- variable: agent.cloudConnectionToken - label: "Cloud Connection Token" - description: "Specifies the Token used to register a Cluster with the Service Catalog." - type: secret - required: false - default: "" - group: "Service Catalog" - show_if: "agent.enabled=true" - \ No newline at end of file diff --git a/charts/ambassador/ambassador/6.7.1100/templates/NOTES.txt b/charts/ambassador/ambassador/6.7.1100/templates/NOTES.txt deleted file mode 100755 index 359073a3f..000000000 --- a/charts/ambassador/ambassador/6.7.1100/templates/NOTES.txt +++ /dev/null @@ -1,60 +0,0 @@ -------------------------------------------------------------------------------- -{{- if .Values.enableAES }} -Congratulations! You have successfully installed The Ambassador Edge Stack! - -{{- if empty .Values.licenseKey.value }} -------------------------------------------------------------------------------- -NOTE: You are currently running The Ambassador Edge Stack in EVALUATION MODE. - -Request a free community license key at https://SERVICE_IP/edge_stack_admin/#dashboard -to unlock all the features of The Ambassador Edge Stack and update the value of -licenseKey.value in your values.yaml file. -{{- end }} - -{{- if or .Values.authService.create .Values.rateLimit.create }} -------------------------------------------------------------------------------- -WARNING: - -With your installation of the Ambassador Edge Stack, you have created a: -{{ if .Values.authService.create }} -- AuthService named {{include "ambassador.fullname" .}}-auth -{{ end }} {{ if .Values.rateLimit.create }} -- RateLimitService named {{include "ambassador.fullname" .}}-ratelimit -{{ end }} -in the {{ include "ambassador.namespace" . }} namespace. - -Please ensure there is not another of these resources configured in your cluster. -If there is, please either remove the old resource or run - -helm upgrade {{ .Release.Name }} -n {{ .Release.Namespace }} --set authService.create=false --set RateLimit.create=false - -{{- end }} -{{- else }} - Congratulations! You've successfully installed Ambassador! - -------------------------------------------------------------------------------- -To get the IP address of Ambassador, run the following commands: - -{{- if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "ambassador.namespace" .}} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "ambassador.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "ambassador.namespace" .}} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} -NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w --namespace {{ include "ambassador.namespace" .}} {{ include "ambassador.fullname" . }}' - - On GKE/Azure: - export SERVICE_IP=$(kubectl get svc --namespace {{ include "ambassador.namespace" .}} {{ include "ambassador.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - - On AWS: - export SERVICE_IP=$(kubectl get svc --namespace {{ include "ambassador.namespace" .}} {{ include "ambassador.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].hostname}') - - echo http://$SERVICE_IP:{{ .Values.service.port }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "ambassador.namespace" .}} -l "app={{ include "ambassador.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:80 -{{- end }} -{{- end }} - -For help, visit our Slack at http://a8r.io/Slack or view the documentation online at https://www.getambassador.io. diff --git a/charts/ambassador/ambassador/6.7.1100/templates/_helpers.tpl b/charts/ambassador/ambassador/6.7.1100/templates/_helpers.tpl deleted file mode 100755 index 58a1eb455..000000000 --- a/charts/ambassador/ambassador/6.7.1100/templates/_helpers.tpl +++ /dev/null @@ -1,117 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "ambassador.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "ambassador.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{- define "ambassador.imagetag" -}} -{{- if .Values.image.fullImageOverride }} - {{- .Values.image.fullImageOverride }} -{{- else }} - {{- if hasKey .Values.image "tag" -}} - {{- .Values.image.tag }} - {{- else if .Values.enableAES }} - {{- .Values.image.aesTag }} - {{- else }} - {{- .Values.image.ossTag }} - {{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Set the image that should be used for ambassador. -Use fullImageOverride if present, -Then if the image repository is explicitly set, use "repository:image" -Otherwise, check if AES is enabled -Use AES image if AES is enabled, ambassador image if not -*/}} -{{- define "ambassador.image" -}} -{{- if .Values.image.fullImageOverride }} - {{- .Values.image.fullImageOverride }} -{{- else }} - {{- $repoName := "" }} - {{- $imageTag := "" }} - {{- if hasKey .Values.image "repository" -}} - {{- $repoName = .Values.image.repository }} - {{- else if .Values.enableAES }} - {{- $repoName = .Values.image.aesRepository }} - {{- else }} - {{- $repoName = .Values.image.ossRepository }} - {{- end -}} - {{- if hasKey .Values.image "tag" -}} - {{- $imageTag = .Values.image.tag }} - {{- else if .Values.enableAES }} - {{- $imageTag = .Values.image.aesTag }} - {{- else }} - {{- $imageTag = .Values.image.ossTag }} - {{- end -}} - {{- printf "%s:%s" $repoName $imageTag -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart namespace based on override value. -*/}} -{{- define "ambassador.namespace" -}} -{{- if .Values.namespaceOverride -}} -{{- .Values.namespaceOverride -}} -{{- else -}} -{{- .Release.Namespace -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "ambassador.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "ambassador.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "ambassador.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the RBAC to use -*/}} -{{- define "ambassador.rbacName" -}} -{{ default (include "ambassador.fullname" .) .Values.rbac.nameOverride }} -{{- end -}} - -{{/* -Define the http port of the Ambassador service -*/}} -{{- define "ambassador.servicePort" -}} -{{- range .Values.service.ports -}} -{{- if (eq .name "http") -}} -{{ default .port }} -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/charts/ambassador/ambassador/6.7.1100/templates/admin-service.yaml b/charts/ambassador/ambassador/6.7.1100/templates/admin-service.yaml deleted file mode 100755 index 34db11f29..000000000 --- a/charts/ambassador/ambassador/6.7.1100/templates/admin-service.yaml +++ /dev/null @@ -1,64 +0,0 @@ -{{- if .Values.adminService.create -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "ambassador.fullname" . }}-admin - namespace: {{ include "ambassador.namespace" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - # Hard-coded label for Prometheus Operator ServiceMonitor - service: ambassador-admin - product: aes - annotations: - a8r.io/owner: "Ambassador Labs" - a8r.io/repository: github.com/datawire/ambassador - a8r.io/description: "The Ambassador Edge Stack admin service for internal use and health checks." - a8r.io/documentation: https://www.getambassador.io/docs/edge-stack/latest/ - a8r.io/chat: http://a8r.io/Slack - a8r.io/bugs: https://github.com/datawire/ambassador/issues - a8r.io/support: https://www.getambassador.io/about-us/support/ - a8r.io/dependencies: "None" - {{- with .Values.adminService.annotations }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.adminService.type }} - ports: - - port: {{ .Values.adminService.port }} - targetPort: admin - protocol: TCP - name: ambassador-admin - {{- if (and (eq .Values.adminService.type "NodePort") (not (empty .Values.adminService.nodePort))) }} - nodePort: {{ int .Values.adminService.nodePort }} - {{- end }} - - port: {{ .Values.adminService.snapshotPort }} - targetPort: {{ .Values.adminService.snapshotPort }} - protocol: TCP - name: ambassador-snapshot - selector: - {{- if .Values.service.selector }} - {{ toYaml .Values.service.selector | nindent 6 }} - {{- else }} - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- end }} - {{- if eq .Values.adminService.type "LoadBalancer" }} - {{- if not (empty .Values.adminService.loadBalancerIP) }} - loadBalancerIP: {{ .Values.adminService.loadBalancerIP | quote }} - {{- end }} - {{- if not (empty .Values.adminService.loadBalancerSourceRanges) }} - loadBalancerSourceRanges: - {{- toYaml .Values.adminService.loadBalancerSourceRanges | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} diff --git a/charts/ambassador/ambassador/6.7.1100/templates/aes-authservice.yaml b/charts/ambassador/ambassador/6.7.1100/templates/aes-authservice.yaml deleted file mode 100755 index b4c61bb0e..000000000 --- a/charts/ambassador/ambassador/6.7.1100/templates/aes-authservice.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{ if and .Values.authService.create .Values.enableAES }} ---- -apiVersion: getambassador.io/v2 -kind: AuthService -metadata: - name: {{ include "ambassador.fullname" . }}-{{ .Values.authService.deploymentExtraName | default "auth" }} - namespace: {{ include "ambassador.namespace" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - app.kubernetes.io/component: {{ include "ambassador.name" . }}-auth - {{- end }} - product: aes -spec: - proto: grpc - {{- if .Values.env }} - {{- if hasKey .Values.env "AMBASSADOR_ID" }} - ambassador_id: {{ .Values.env.AMBASSADOR_ID | quote }} - {{- end }} - {{- end }} - auth_service: 127.0.0.1:8500 - {{- if .Values.authService.optional_configurations }} - {{- toYaml .Values.authService.optional_configurations | nindent 2}} - {{- end }} -{{ end }} diff --git a/charts/ambassador/ambassador/6.7.1100/templates/aes-injector.yaml b/charts/ambassador/ambassador/6.7.1100/templates/aes-injector.yaml deleted file mode 100755 index 03bd3bd95..000000000 --- a/charts/ambassador/ambassador/6.7.1100/templates/aes-injector.yaml +++ /dev/null @@ -1,161 +0,0 @@ -{{- if and .Values.enableAES .Values.servicePreview.enabled .Values.servicePreview.trafficAgent.injector.enabled }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "ambassador.fullname" . }}-injector - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-injector - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-injector - app.kubernetes.io/instance: {{ .Release.Name }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-injector - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes - spec: - containers: - - name: webhook - {{- if .Values.servicePreview.trafficAgent.image.repository }} - image: "{{ .Values.servicePreview.trafficAgent.image.repository }}:{{ .Values.servicePreview.trafficAgent.image.tag | default .Values.image.tag }}" - {{- else }} - image: {{ include "ambassador.image" . }} - {{- end }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - command: [ "aes-injector" ] - env: - - name: AGENT_MANAGER_NAMESPACE - value: "{{ include "ambassador.namespace" . }}" - - name: TRAFFIC_AGENT_IMAGE - value: "{{ .Values.servicePreview.trafficAgent.image.repository | default .Values.image.repository }}:{{ .Values.servicePreview.trafficAgent.image.tag | default .Values.image.tag }}" - - name: TRAFFIC_AGENT_AGENT_LISTEN_PORT - value: "{{ .Values.servicePreview.trafficAgent.port }}" - {{- if .Values.servicePreview.trafficAgent.singleNamespace }} - - name: TRAFFIC_AGENT_SERVICE_ACCOUNT_NAME - value: "{{ .Values.servicePreview.trafficAgent.serviceAccountName }}" - {{- end }} - ports: - - containerPort: 8443 - name: https - livenessProbe: - httpGet: - path: /healthz - port: https - scheme: HTTPS - volumeMounts: - - mountPath: /var/run/secrets/tls - name: tls - readOnly: true - volumes: - - name: tls - secret: - secretName: {{ include "ambassador.fullname" . }}-injector-tls ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ include "ambassador.fullname" . }}-injector - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-injector - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - annotations: - a8r.io/owner: "Ambassador Labs" - a8r.io/repository: github.com/datawire/ambassador - a8r.io/description: "The Ambassador Edge Stack Service Preview Traffic Agent Sidecar injector." - a8r.io/documentation: https://www.getambassador.io/docs/edge-stack/latest/ - a8r.io/chat: http://a8r.io/Slack - a8r.io/bugs: https://github.com/datawire/ambassador/issues - a8r.io/support: https://www.getambassador.io/about-us/support/ - a8r.io/dependencies: "None" -spec: - type: ClusterIP - selector: - app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-injector - app.kubernetes.io/instance: {{ .Release.Name }} - ports: - - name: {{ include "ambassador.fullname" . }}-injector - port: 443 - targetPort: https ---- -kind: Secret -apiVersion: v1 -metadata: - name: {{ include "ambassador.fullname" . }}-injector-tls - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-injector-tls - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes -type: Opaque -data: - {{ $ca := genCA (printf "%s-injector.%s.svc" (include "ambassador.fullname" .) (include "ambassador.namespace" .)) 365 -}} - crt.pem: {{ ternary (b64enc $ca.Cert) (b64enc (trim .Values.servicePreview.trafficAgent.injector.crtPEM)) (empty .Values.servicePreview.trafficAgent.injector.crtPEM) }} - key.pem: {{ ternary (b64enc $ca.Key) (b64enc (trim .Values.servicePreview.trafficAgent.injector.keyPEM)) (empty .Values.servicePreview.trafficAgent.injector.keyPEM) }} ---- -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: MutatingWebhookConfiguration -metadata: - name: {{ include "ambassador.fullname" . }}-injector-webhook-config - labels: - app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-injector-webhook-config - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes -webhooks: -- name: {{ include "ambassador.fullname" . }}-injector.getambassador.io - clientConfig: - service: - name: {{ include "ambassador.fullname" . }}-injector - namespace: {{ include "ambassador.namespace" . }} - path: "/traffic-agent" - caBundle: {{ ternary (b64enc $ca.Cert) (b64enc (trim .Values.servicePreview.trafficAgent.injector.crtPEM)) (empty .Values.servicePreview.trafficAgent.injector.crtPEM) }} - failurePolicy: Ignore - rules: - - operations: ["CREATE"] - apiGroups: [""] - apiVersions: ["v1"] - resources: ["pods"] -{{- end }} diff --git a/charts/ambassador/ambassador/6.7.1100/templates/aes-internal.yaml b/charts/ambassador/ambassador/6.7.1100/templates/aes-internal.yaml deleted file mode 100755 index b210d0b20..000000000 --- a/charts/ambassador/ambassador/6.7.1100/templates/aes-internal.yaml +++ /dev/null @@ -1,129 +0,0 @@ -{{ if and .Values.createDevPortalMappings .Values.enableAES }} ---- -# Configure DevPortal -apiVersion: getambassador.io/v2 -kind: Mapping -metadata: - # This Mapping name is referenced by convention, it's important to leave as-is. - name: {{ include "ambassador.fullname" . }}-devportal - namespace: {{ include "ambassador.namespace" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - app.kubernetes.io/component: {{ include "ambassador.name" . }}-devportal - {{- end }} - product: aes -spec: - {{- if .Values.env }} - {{- if hasKey .Values.env "AMBASSADOR_ID" }} - ambassador_id: {{ .Values.env.AMBASSADOR_ID | quote }} - {{- end }} - {{- end }} - prefix: {{ .Values.devportal.docsPrefix }} - rewrite: "/docs/" - service: "127.0.0.1:8500" ---- -apiVersion: getambassador.io/v2 -kind: Mapping -metadata: - name: {{ include "ambassador.fullname" . }}-devportal-assets - namespace: {{ include "ambassador.namespace" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - app.kubernetes.io/component: {{ include "ambassador.name" . }}-devportal-assets - {{- end }} - product: aes -spec: - {{- if .Values.env }} - {{- if hasKey .Values.env "AMBASSADOR_ID" }} - ambassador_id: {{ .Values.env.AMBASSADOR_ID | quote }} - {{- end }} - {{- end }} - prefix: /documentation/(assets|styles)/(.*)(.css) - prefix_regex: true - regex_rewrite: - pattern: /documentation/(.*) - substitution: /docs/\1 - service: "127.0.0.1:8500" - add_response_headers: - cache-control: - value: "public, max-age=3600, immutable" - append: false ---- -apiVersion: getambassador.io/v2 -kind: Mapping -metadata: - # This Mapping name is what the demo uses. Sigh. - name: {{ include "ambassador.fullname" . }}-devportal-demo - namespace: {{ include "ambassador.namespace" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - app.kubernetes.io/component: {{ include "ambassador.name" . }}-devportal-demo - {{- end }} - product: aes -spec: - {{- if .Values.env }} - {{- if hasKey .Values.env "AMBASSADOR_ID" }} - ambassador_id: {{ .Values.env.AMBASSADOR_ID | quote }} - {{- end }} - {{- end }} - prefix: /docs/ - rewrite: "/docs/" - service: "127.0.0.1:8500" ---- -apiVersion: getambassador.io/v2 -kind: Mapping -metadata: - # This Mapping name is referenced by convention, it's important to leave as-is. - name: {{ include "ambassador.fullname" . }}-devportal-api - namespace: {{ include "ambassador.namespace" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - app.kubernetes.io/component: {{ include "ambassador.name" . }}-devportal-api - {{- end }} - product: aes -spec: - {{- if .Values.env }} - {{- if hasKey .Values.env "AMBASSADOR_ID" }} - ambassador_id: {{ .Values.env.AMBASSADOR_ID | quote }} - {{- end }} - {{- end }} - prefix: /openapi/ - rewrite: "" - service: "127.0.0.1:8500" -{{ end }} diff --git a/charts/ambassador/ambassador/6.7.1100/templates/aes-ratelimit.yaml b/charts/ambassador/ambassador/6.7.1100/templates/aes-ratelimit.yaml deleted file mode 100755 index fdb2ddbcd..000000000 --- a/charts/ambassador/ambassador/6.7.1100/templates/aes-ratelimit.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{ if and .Values.rateLimit.create .Values.enableAES }} ---- -apiVersion: getambassador.io/v2 -kind: RateLimitService -metadata: - name: {{ include "ambassador.fullname" . }}-{{ .Values.rateLimit.deploymentExtraName | default "ratelimit" }} - namespace: {{ include "ambassador.namespace" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - app.kubernetes.io/component: {{ include "ambassador.name" . }}-ratelimit - {{- end }} - product: aes -spec: - {{- if .Values.env }} - {{- if hasKey .Values.env "AMBASSADOR_ID" }} - ambassador_id: {{ .Values.env.AMBASSADOR_ID | quote }} - {{- end }} - {{- end }} - service: 127.0.0.1:8500 -{{ end }} diff --git a/charts/ambassador/ambassador/6.7.1100/templates/aes-redis.yaml b/charts/ambassador/ambassador/6.7.1100/templates/aes-redis.yaml deleted file mode 100755 index e0bbe1931..000000000 --- a/charts/ambassador/ambassador/6.7.1100/templates/aes-redis.yaml +++ /dev/null @@ -1,106 +0,0 @@ -{{ if and .Values.redis.create .Values.enableAES }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ include "ambassador.fullname" . }}-redis - namespace: {{ include "ambassador.namespace" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-redis - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- else }} - product: aes - {{- end }} - annotations: - a8r.io/owner: "Ambassador Labs" - a8r.io/repository: github.com/datawire/ambassador - a8r.io/description: "The Ambassador Edge Stack Redis store for auth and rate limiting, among other things." - a8r.io/documentation: https://www.getambassador.io/docs/edge-stack/latest/ - a8r.io/chat: http://a8r.io/Slack - a8r.io/bugs: https://github.com/datawire/ambassador/issues - a8r.io/support: https://www.getambassador.io/about-us/support/ - a8r.io/dependencies: "None" - {{- with .Values.redis.annotations.service }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - type: ClusterIP - ports: - - port: 6379 - targetPort: 6379 - selector: - {{- if .Values.redis.serviceSelector }} - {{ toYaml .Values.redis.serviceSelector | nindent 4 }} - {{- else }} - app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-redis - app.kubernetes.io/instance: {{ .Release.Name }} - {{- end }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "ambassador.fullname" . }}-redis - namespace: {{ include "ambassador.namespace" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-redis - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes - annotations: - {{- toYaml .Values.redis.annotations.deployment | nindent 4}} -spec: - replicas: 1 - selector: - matchLabels: - {{- if .Values.redis.serviceSelector }} - {{ toYaml .Values.redis.serviceSelector | nindent 6 }} - {{- else }} - app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-redis - app.kubernetes.io/instance: {{ .Release.Name }} - {{- end }} - template: - metadata: - labels: - {{- if .Values.redis.serviceSelector }} - {{ toYaml .Values.redis.serviceSelector | nindent 8 }} - {{- else }} - app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-redis - app.kubernetes.io/instance: {{ .Release.Name }} - {{- end }} - spec: - containers: - - name: redis - image: "{{ .Values.redis.image.repository }}:{{ .Values.redis.image.tag }}" - imagePullPolicy: {{ .Values.redis.image.pullPolicy }} - resources: - {{- toYaml .Values.redis.resources | nindent 10 }} - restartPolicy: Always - {{- with .Values.redis.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.redis.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.redis.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} -{{ end }} diff --git a/charts/ambassador/ambassador/6.7.1100/templates/aes-secret.yaml b/charts/ambassador/ambassador/6.7.1100/templates/aes-secret.yaml deleted file mode 100755 index 9829d93fe..000000000 --- a/charts/ambassador/ambassador/6.7.1100/templates/aes-secret.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if and .Values.licenseKey.createSecret .Values.enableAES }} -apiVersion: v1 -kind: Secret -metadata: - {{- if ne .Values.deploymentTool "getambassador.io" }} - annotations: - helm.sh/resource-policy: keep - {{- end }} - {{- if .Values.licenseKey.annotations }} - {{- toYaml .Values.licenseKey.annotations | nindent 4 }} - {{- end }} - {{- if .Values.licenseKey.secretName }} - name: {{ .Values.licenseKey.secretName }} - {{- else }} - name: {{ include "ambassador.fullname" . }}-edge-stack - {{- end }} - namespace: {{ include "ambassador.namespace" . }} -type: Opaque -data: - license-key: {{- if .Values.licenseKey.value }} {{ .Values.licenseKey.value | b64enc }} {{- else }} "" {{- end }} -{{- end }} diff --git a/charts/ambassador/ambassador/6.7.1100/templates/ambassador-agent.yaml b/charts/ambassador/ambassador/6.7.1100/templates/ambassador-agent.yaml deleted file mode 100755 index 0d70f4c8b..000000000 --- a/charts/ambassador/ambassador/6.7.1100/templates/ambassador-agent.yaml +++ /dev/null @@ -1,371 +0,0 @@ -{{- if .Values.agent.enabled }} -{{- $allowAgent := false -}} - - {{- /* This next bit is ugly. */ -}} - {{- /* Case 1: "fullImageOverride" means don't bother checking the tag. */ -}} - {{- /* Case 2: Otherwise, if it's not a semver-style version number, */ -}} - {{- /* assume we have a power user and turn the agent on. */ -}} - {{- /* Case 3: Otherwise, if Edge Stack, we need at least 1.12.0. */ -}} - {{- /* Case 4: Otherwise, it's OSS and we need at 1.13.0. */ -}} - -{{- if .Values.image.fullImageOverride }} - {{- /* Case 1 */ -}} - {{- $allowAgent = true }} -{{- else if not (regexMatch "^\\d+\\.\\d+\\.\\d+$" (include "ambassador.imagetag" . )) }} - {{- /* Case 2 above: power user */ -}} - {{- $allowAgent = true }} -{{- else if and .Values.enableAES (ne (semver "1.12.0" | (semver (include "ambassador.imagetag" . )).Compare) -1) }} - {{- /* Case 3 above: Edge Stack 1.12.0+ */ -}} - {{- $allowAgent = true }} -{{- else if ne (semver "1.13.0" | (semver (include "ambassador.imagetag" . )).Compare) -1 }} - {{- /* Case 4 above: OSS 1.13.0+ */ -}} - {{- $allowAgent = true }} -{{- end }} - -{{- if $allowAgent }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "ambassador.fullname" . }}-agent - namespace: {{ include "ambassador.namespace" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes -{{- if .Values.docker.useImagePullSecret }} -imagePullSecrets: -- name: {{ .Values.docker.imagePullSecretName }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: RoleBinding -metadata: - name: {{ include "ambassador.fullname" . }}-agent-config - namespace: {{ include "ambassador.namespace" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "ambassador.fullname" . }}-agent-config -subjects: -- kind: ServiceAccount - name: {{ include "ambassador.fullname" . }}-agent - namespace: {{ include "ambassador.namespace" . }} ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: Role -metadata: - name: {{ include "ambassador.fullname" . }}-agent-config - namespace: {{ include "ambassador.namespace" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes -rules: -- apiGroups: [""] - resources: [ "configmaps" ] - verbs: [ "get", "list", "watch" ] ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding -metadata: - name: {{ include "ambassador.fullname" . }}-agent - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "ambassador.fullname" . }}-agent -subjects: -- kind: ServiceAccount - name: {{ include "ambassador.fullname" . }}-agent - namespace: {{ include "ambassador.namespace" . }} ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - name: {{ include "ambassador.fullname" . }}-agent - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes -aggregationRule: - clusterRoleSelectors: - - matchLabels: - rbac.getambassador.io/role-group: {{ include "ambassador.rbacName" . }}-agent -rules: [] ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - name: {{ include "ambassador.fullname" . }}-agent-pods - labels: - rbac.getambassador.io/role-group: {{ include "ambassador.rbacName" . }}-agent - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes -rules: -- apiGroups: [""] - resources: [ "pods"] - verbs: [ "get", "list", "watch" ] ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - name: {{ include "ambassador.fullname" . }}-agent-deployments - labels: - rbac.getambassador.io/role-group: {{ include "ambassador.rbacName" . }}-agent - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes -rules: -- apiGroups: ["apps", "extensions"] - resources: [ "deployments" ] - verbs: [ "get", "list", "watch" ] ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - name: {{ include "ambassador.fullname" . }}-agent-endpoints - labels: - rbac.getambassador.io/role-group: {{ include "ambassador.rbacName" . }}-agent - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes -rules: -- apiGroups: [""] - resources: [ "endpoints" ] - verbs: [ "get", "list", "watch" ] ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - name: {{ include "ambassador.fullname" . }}-agent-configmaps - labels: - rbac.getambassador.io/role-group: {{ include "ambassador.rbacName" . }}-agent - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes -rules: -- apiGroups: [""] - resources: [ "configmaps" ] - verbs: [ "get", "list", "watch" ] ---- -{{- if .Values.agent.createArgoRBAC }} -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - name: {{ include "ambassador.fullname" . }}-agent-rollouts - labels: - rbac.getambassador.io/role-group: {{ include "ambassador.rbacName" . }}-agent - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes -rules: -- apiGroups: ["argoproj.io"] - resources: [ "rollouts" ] - verbs: [ "get", "list", "watch" ] ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - name: {{ include "ambassador.fullname" . }}-agent-applications - labels: - rbac.getambassador.io/role-group: {{ include "ambassador.rbacName" . }}-agent - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes -rules: -- apiGroups: ["argoproj.io"] - resources: [ "applications" ] - verbs: [ "get", "list", "watch" ] -{{- end }} -{{ if ne .Values.agent.cloudConnectToken "" }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "ambassador.fullname" . }}-agent-cloud-token - namespace: {{ include "ambassador.namespace" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent-cloud-token - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes -data: - CLOUD_CONNECT_TOKEN: {{ .Values.agent.cloudConnectToken }} -{{ end }} - ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "ambassador.fullname" . }}-agent - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-agent - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes - {{- end }} -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-agent - app.kubernetes.io/instance: {{ .Release.Name }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-agent - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - product: aes - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - spec: - serviceAccountName: {{ include "ambassador.fullname" . }}-agent - containers: - - name: agent - image: {{ include "ambassador.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - command: [ "agent" ] - env: - - name: AGENT_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: AGENT_CONFIG_RESOURCE_NAME - value: {{ include "ambassador.fullname" . }}-agent-cloud-token - - name: RPC_CONNECTION_ADDRESS - value: {{ .Values.agent.rpcAddress }} - - name: AES_SNAPSHOT_URL - value: "http://{{ include "ambassador.fullname" . }}-admin.{{ include "ambassador.namespace" . }}:{{ .Values.adminService.snapshotPort }}/snapshot-external" -{{- end }} -{{- end }} diff --git a/charts/ambassador/ambassador/6.7.1100/templates/config.yaml b/charts/ambassador/ambassador/6.7.1100/templates/config.yaml deleted file mode 100755 index b2c2d64bc..000000000 --- a/charts/ambassador/ambassador/6.7.1100/templates/config.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.ambassadorConfig }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: '{{ include "ambassador.fullname" . }}-file-config' - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} -data: - ambassadorConfig: |- - {{- .Values.ambassadorConfig | nindent 4 }} -{{- end }} diff --git a/charts/ambassador/ambassador/6.7.1100/templates/crd-delete.yaml b/charts/ambassador/ambassador/6.7.1100/templates/crd-delete.yaml deleted file mode 100755 index 0099dedf8..000000000 --- a/charts/ambassador/ambassador/6.7.1100/templates/crd-delete.yaml +++ /dev/null @@ -1,123 +0,0 @@ -{{- if and .Values.crds.enabled (not .Values.crds.keep)}} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "ambassador.serviceAccountName" . }}-crd-delete - namespace: {{ include "ambassador.namespace" . }} - annotations: - "helm.sh/hook": post-delete - "helm.sh/hook-delete-policy": hook-succeeded - "helm.sh/hook-weight": "1" - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - name: {{ include "ambassador.rbacName" . }}-crd-delete - namespace: {{ include "ambassador.namespace" . }} - annotations: - "helm.sh/hook": post-delete - "helm.sh/hook-delete-policy": hook-succeeded - "helm.sh/hook-weight": "1" - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes -rules: - - apiGroups: [ "apiextensions.k8s.io" ] - resources: [ "customresourcedefinitions" ] - verbs: ["get", "list", "watch", "delete"] ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding -metadata: - name: {{ include "ambassador.rbacName" . }}-crd-delete - namespace: {{ include "ambassador.namespace" . }} - annotations: - "helm.sh/hook": post-delete - "helm.sh/hook-delete-policy": hook-succeeded - "helm.sh/hook-weight": "1" - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "ambassador.rbacName" . }}-crd-delete -subjects: - - name: {{ include "ambassador.serviceAccountName" . }}-crd-delete - namespace: {{ include "ambassador.namespace" . }} - kind: ServiceAccount ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ include "ambassador.fullname" . }}-crd-cleanup - namespace: {{ include "ambassador.namespace" . }} - annotations: - "helm.sh/hook": post-delete - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - "helm.sh/hook-weight": "3" - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} -spec: - template: - metadata: - name: {{ include "ambassador.fullname" . }}-crd-cleanup - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - spec: - {{- if .Values.rbac.create }} - serviceAccountName: {{ include "ambassador.serviceAccountName" . }}-crd-delete - {{- end }} - containers: - - name: kubectl - image: "buoyantio/kubectl" - args: - - delete - - crds - - -l app.kubernetes.io/name=ambassador - restartPolicy: OnFailure -{{- end }} diff --git a/charts/ambassador/ambassador/6.7.1100/templates/crds.yaml b/charts/ambassador/ambassador/6.7.1100/templates/crds.yaml deleted file mode 100755 index 3b3bf16d5..000000000 --- a/charts/ambassador/ambassador/6.7.1100/templates/crds.yaml +++ /dev/null @@ -1,6 +0,0 @@ -{{- if .Values.crds.create }} -{{- range $path, $bytes := .Files.Glob "crds/*.yaml" }} -{{ $.Files.Get $path }} ---- -{{- end }} -{{- end }} diff --git a/charts/ambassador/ambassador/6.7.1100/templates/deployment.yaml b/charts/ambassador/ambassador/6.7.1100/templates/deployment.yaml deleted file mode 100755 index 762cf2d9c..000000000 --- a/charts/ambassador/ambassador/6.7.1100/templates/deployment.yaml +++ /dev/null @@ -1,282 +0,0 @@ -apiVersion: apps/v1 -{{- if .Values.daemonSet }} -kind: DaemonSet -{{- else }} -kind: Deployment -{{- end }} -metadata: - {{- if .Values.deploymentNameOverride }} - name: {{ .Values.deploymentNameOverride }} - {{- else }} - name: {{ include "ambassador.fullname" . }} - {{- end }} - namespace: {{ include "ambassador.namespace" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes - {{- if .Values.deploymentLabels }} - {{- toYaml .Values.deploymentLabels | nindent 4 }} - {{- end }} - {{- if .Values.deploymentAnnotations }} - annotations: - {{- toYaml .Values.deploymentAnnotations | nindent 4 }} - {{- end }} -spec: -{{- if and (not .Values.autoscaling.enabled) (not .Values.daemonSet) }} - replicas: {{ .Values.replicaCount }} -{{- end }} - selector: - matchLabels: - {{- if .Values.service.selector }} - {{ toYaml .Values.service.selector | nindent 6 }} - {{- else }} - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- end }} - {{- if .Values.daemonSet }} - updateStrategy: - {{- else }} - strategy: - {{- end }} - {{- toYaml .Values.deploymentStrategy | nindent 4}} - template: - metadata: - labels: - {{- if .Values.service.selector }} - {{ toYaml .Values.service.selector | nindent 8 }} - {{- end }} - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - app.kubernetes.io/instance: {{ .Release.Name }} - product: aes - {{- end }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- if .Values.podLabels }} - {{- toYaml .Values.podLabels | nindent 8 }} - {{- end }} - annotations: - {{- if ne .Values.deploymentTool "getambassador.io" }} - checksum/config: {{ include (print $.Template.BasePath "/config.yaml") . | sha256sum }} - {{- end }} - {{- if .Values.podAnnotations }} - {{- toYaml .Values.podAnnotations | nindent 8 }} - {{- end }} - spec: - {{- if .Values.terminationGracePeriodSeconds }} - terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} - {{- end }} - {{- /* Check if .Values.securityContext is set for backwards compatibility */ -}} - {{- if .Values.securityContext -}} - {{- with .Values.securityContext }} - securityContext: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- else -}} - {{- with .Values.security.podSecurityContext }} - securityContext: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- end -}} - {{- if .Values.restartPolicy }} - restartPolicy: {{ .Values.restartPolicy }} - {{- end }} - serviceAccountName: {{ include "ambassador.serviceAccountName" . }} - {{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName | quote }} - {{- end }} - volumes: - - name: ambassador-pod-info - downwardAPI: - items: - - fieldRef: - fieldPath: metadata.labels - path: labels - {{- if .Values.prometheusExporter.enabled }} - - name: stats-exporter-mapping-config - configMap: - name: {{ include "ambassador.fullname" . }}-exporter-config - items: - - key: exporterConfiguration - path: mapping-config.yaml - {{- end }} - {{- if .Values.ambassadorConfig }} - - name: ambassador-config - configMap: - name: {{ include "ambassador.fullname" . }}-file-config - items: - - key: ambassadorConfig - path: ambassador-config.yaml - {{- end }} - {{- if and .Values.licenseKey.createSecret .Values.enableAES }} - - name: {{ include "ambassador.fullname" . }}-edge-stack-secrets - secret: - {{- if .Values.licenseKey.secretName }} - secretName: {{ .Values.licenseKey.secretName }} - {{- else }} - secretName: {{ include "ambassador.fullname" . }}-edge-stack - {{- end }} - {{- end }} - {{- with .Values.volumes }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.initContainers }} - initContainers: - {{- toYaml . | nindent 8 }} - {{- end }} - containers: - {{- if .Values.prometheusExporter.enabled }} - - name: prometheus-exporter - image: "{{ .Values.prometheusExporter.repository }}:{{ .Values.prometheusExporter.tag }}" - imagePullPolicy: {{ .Values.prometheusExporter.pullPolicy }} - ports: - - name: metrics - containerPort: 9102 - - name: listener - containerPort: 8125 - args: - - --statsd.listen-udp=:8125 - - --web.listen-address=:9102 - - --statsd.mapping-config=/statsd-exporter/mapping-config.yaml - volumeMounts: - - name: stats-exporter-mapping-config - mountPath: /statsd-exporter/ - readOnly: true - resources: - {{- toYaml .Values.prometheusExporter.resources | nindent 12 }} - {{- end }} - - name: {{ if .Values.containerNameOverride }}{{ .Values.containerNameOverride }}{{ else }}{{ .Chart.Name }}{{ end }} - image: {{ include "ambassador.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - ports: - {{- range .Values.service.ports }} - - name: {{ .name }} - containerPort: {{ int .targetPort }} - {{- if .protocol }} - protocol: {{ .protocol }} - {{- end }} - {{- if .hostPort }} - hostPort: {{ .hostPort }} - {{- end }} - {{- end}} - - name: admin - containerPort: {{ .Values.adminService.port }} - env: - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - {{- if and (or .Values.redis.create .Values.redisURL) (.Values.enableAES) }} - - name: REDIS_URL - {{- if .Values.redisURL }} - value: {{ .Values.redisURL }} - {{- else }} - value: {{ include "ambassador.fullname" . }}-redis:6379 - {{- end }} - {{- end }} - {{- if and .Values.licenseKey.secretName .Values.enableAES}} - - name: AMBASSADOR_AES_SECRET_NAME - value: {{ .Values.licenseKey.secretName }} - {{- end }} - {{- if .Values.prometheusExporter.enabled }} - - name: STATSD_ENABLED - value: "true" - - name: STATSD_HOST - value: "localhost" - {{- end }} - {{- if .Values.scope.singleNamespace }} - - name: AMBASSADOR_SINGLE_NAMESPACE - value: "YES" - {{- end }} - - name: AMBASSADOR_NAMESPACE - {{- if .Values.namespace }} - value: {{ .Values.namespace.name | quote }} - {{ else }} - valueFrom: - fieldRef: - fieldPath: metadata.namespace - {{- end -}} - {{- if .Values.redisEnv }} - {{ toYaml .Values.redisEnv | nindent 12 }} - {{- end }} - {{- if .Values.env }} - {{- range $key,$value := .Values.env }} - - name: {{ $key | upper | quote}} - value: {{ $value | quote}} - {{- end }} - {{- end }} - {{- if .Values.envRaw }} - {{- with .Values.envRaw }} - {{- toYaml . | nindent 12 }} - {{- end }} - {{- end }} - {{- with .Values.security.containerSecurityContext }} - securityContext: - {{- toYaml . | nindent 12 }} - {{- end }} - livenessProbe: - httpGet: - path: /ambassador/v0/check_alive - port: admin - {{- toYaml .Values.livenessProbe | nindent 12 }} - readinessProbe: - httpGet: - path: /ambassador/v0/check_ready - port: admin - {{- toYaml .Values.readinessProbe | nindent 12 }} - volumeMounts: - - name: ambassador-pod-info - mountPath: /tmp/ambassador-pod-info - readOnly: true - {{- if .Values.ambassadorConfig }} - - name: ambassador-config - mountPath: /ambassador/ambassador-config/ambassador-config.yaml - subPath: ambassador-config.yaml - {{- end }} - {{- if and .Values.licenseKey.createSecret .Values.enableAES }} - - name: {{ include "ambassador.fullname" . }}-edge-stack-secrets - mountPath: /.config/ambassador - readOnly: true - {{- end }} - {{- with .Values.volumeMounts }} - {{- toYaml . | nindent 12 }} - {{- end }} - resources: - {{- toYaml .Values.resources | nindent 12 }} - {{- with .Values.sidecarContainers }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.topologySpreadConstraints }} - topologySpreadConstraints: - {{- toYaml . | nindent 8 }} - {{- end }} - imagePullSecrets: - {{- toYaml .Values.imagePullSecrets | nindent 8 }} - dnsPolicy: {{ .Values.dnsPolicy }} - hostNetwork: {{ .Values.hostNetwork }} diff --git a/charts/ambassador/ambassador/6.7.1100/templates/exporter-config.yaml b/charts/ambassador/ambassador/6.7.1100/templates/exporter-config.yaml deleted file mode 100755 index 69b817f9d..000000000 --- a/charts/ambassador/ambassador/6.7.1100/templates/exporter-config.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.prometheusExporter.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: '{{ include "ambassador.fullname" . }}-exporter-config' - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} -data: - exporterConfiguration: -{{- if .Values.prometheusExporter.configuration }} | - {{- .Values.prometheusExporter.configuration | nindent 4 }} -{{- else }} '' -{{- end }} -{{- end }} diff --git a/charts/ambassador/ambassador/6.7.1100/templates/hpa.yaml b/charts/ambassador/ambassador/6.7.1100/templates/hpa.yaml deleted file mode 100755 index 18cbbdbf6..000000000 --- a/charts/ambassador/ambassador/6.7.1100/templates/hpa.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if and .Values.autoscaling.enabled (not .Values.daemonSet) }} -apiVersion: autoscaling/v2beta2 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "ambassador.fullname" . }} - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ include "ambassador.fullname" . }} - minReplicas: {{ .Values.autoscaling.minReplicas }} - maxReplicas: {{ .Values.autoscaling.maxReplicas }} - metrics: - {{- toYaml .Values.autoscaling.metrics | nindent 4 }} -{{- end }} diff --git a/charts/ambassador/ambassador/6.7.1100/templates/module.yaml b/charts/ambassador/ambassador/6.7.1100/templates/module.yaml deleted file mode 100755 index 6d481fef0..000000000 --- a/charts/ambassador/ambassador/6.7.1100/templates/module.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- if .Values.module }} -apiVersion: getambassador.io/v2 -kind: Module -metadata: - name: ambassador - namespace: {{ include "ambassador.namespace" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - app.kubernetes.io/component: {{ include "ambassador.name" . }}-ratelimit - {{- end }} - product: aes -spec: - {{- if .Values.env }} - {{- if hasKey .Values.env "AMBASSADOR_ID" }} - ambassador_id: {{ .Values.env.AMBASSADOR_ID | quote }} - {{- end }} - {{- end }} - config: - {{- toYaml .Values.module | nindent 4 }} -{{- end }} diff --git a/charts/ambassador/ambassador/6.7.1100/templates/namespace.yaml b/charts/ambassador/ambassador/6.7.1100/templates/namespace.yaml deleted file mode 100755 index 4535c74f2..000000000 --- a/charts/ambassador/ambassador/6.7.1100/templates/namespace.yaml +++ /dev/null @@ -1,8 +0,0 @@ -{{- if .Values.createNamespace }} -apiVersion: v1 -kind: Namespace -metadata: - labels: - product: aes - name: {{ include "ambassador.namespace" . }} -{{- end }} diff --git a/charts/ambassador/ambassador/6.7.1100/templates/oss-migration-test-service.yaml b/charts/ambassador/ambassador/6.7.1100/templates/oss-migration-test-service.yaml deleted file mode 100755 index 17f3c288d..000000000 --- a/charts/ambassador/ambassador/6.7.1100/templates/oss-migration-test-service.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- if .Values.enableTestService }} -apiVersion: v1 -kind: Service -metadata: - name: test-aes - namespace: {{ include "ambassador.namespace" . }} - labels: - product: aes -spec: - type: LoadBalancer - externalTrafficPolicy: Local - ports: - {{- range .Values.service.ports }} - - name: {{ .name }} - port: {{ int .port }} - {{- if .targetPort }} - targetPort: {{ int .targetPort }} - {{- end }} - {{- if .nodePort }} - nodePort: {{ int .nodePort }} - {{- end }} - {{- if .protocol }} - protocol: {{ .protocol }} - {{- end }} - {{- end}} - selector: - {{- if .Values.service.selector }} - {{ toYaml .Values.service.selector | nindent 6 }} - {{- else }} - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- end }} -{{- end }} diff --git a/charts/ambassador/ambassador/6.7.1100/templates/pdb.yaml b/charts/ambassador/ambassador/6.7.1100/templates/pdb.yaml deleted file mode 100755 index 4044fda60..000000000 --- a/charts/ambassador/ambassador/6.7.1100/templates/pdb.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.podDisruptionBudget }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ include "ambassador.fullname" . }} - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} -{{ toYaml .Values.podDisruptionBudget | indent 2 }} -{{- end }} diff --git a/charts/ambassador/ambassador/6.7.1100/templates/podsecuritypolicy.yaml b/charts/ambassador/ambassador/6.7.1100/templates/podsecuritypolicy.yaml deleted file mode 100755 index 3da289039..000000000 --- a/charts/ambassador/ambassador/6.7.1100/templates/podsecuritypolicy.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{ if .Values.security.podSecurityPolicy }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ include "ambassador.fullname" . }} - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- with .Values.security.podSecurityPolicy.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- with .Values.security.podSecurityPolicy.spec }} -spec: - {{- toYaml . | nindent 2}} -{{- end }} -{{ end }} \ No newline at end of file diff --git a/charts/ambassador/ambassador/6.7.1100/templates/projects-rbac.yaml b/charts/ambassador/ambassador/6.7.1100/templates/projects-rbac.yaml deleted file mode 100755 index ed1087f4b..000000000 --- a/charts/ambassador/ambassador/6.7.1100/templates/projects-rbac.yaml +++ /dev/null @@ -1,75 +0,0 @@ -{{- if and .Values.rbac.create .Values.registry.create -}} -apiVersion: rbac.authorization.k8s.io/v1beta1 -{{- if .Values.scope.singleNamespace }} -kind: Role -{{- else }} -kind: ClusterRole -{{- end }} -metadata: - name: {{ include "ambassador.rbacName" . }}-projects - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes -rules: -- apiGroups: [""] - resources: [ "secrets", "services" ] - verbs: [ "get", "list", "create", "patch", "delete", "watch" ] -- apiGroups: ["apps"] - resources: [ "deployments" ] - verbs: [ "get", "list", "create", "patch", "delete", "watch" ] -- apiGroups: ["batch"] - resources: [ "jobs" ] - verbs: [ "get", "list", "create", "patch", "delete", "watch" ] -- apiGroups: [""] - resources: [ "pods" ] - verbs: [ "get", "list", "watch" ] -- apiGroups: [""] - resources: [ "pods/log" ] - verbs: [ "get" ] ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -{{- if .Values.scope.singleNamespace }} -kind: RoleBinding -{{- else }} -kind: ClusterRoleBinding -{{- end }} -metadata: - name: {{ include "ambassador.rbacName" . }}-projects - {{- if .Values.scope.singleNamespace }} - namespace: {{ include "ambassador.namespace" . }} - {{- end }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes -roleRef: - apiGroup: rbac.authorization.k8s.io - {{- if .Values.scope.singleNamespace }} - kind: Role - {{- else }} - kind: ClusterRole - {{- end }} - name: {{ include "ambassador.rbacName" . }}-projects -subjects: - - name: {{ include "ambassador.serviceAccountName" . }} - namespace: {{ include "ambassador.namespace" . }} - kind: ServiceAccount -{{- end }} diff --git a/charts/ambassador/ambassador/6.7.1100/templates/projects.yaml b/charts/ambassador/ambassador/6.7.1100/templates/projects.yaml deleted file mode 100755 index 21b021a9a..000000000 --- a/charts/ambassador/ambassador/6.7.1100/templates/projects.yaml +++ /dev/null @@ -1,412 +0,0 @@ -{{- if .Values.registry.create }} -###################################################################### -# In-cluster Registry for Projects - -# This mapping will make every host function as a docker -# registry. It's not ideal to take over the "v2" mapping, but there -# are a number of constraints that make this the least worst option -# explored so far. These constraints are: -# -# - We need a registry where docker push/pull and similar (e.g. crictl -# push/pull) can work with no special client configuration since we -# don't control the clients and we can't expect our users to -# reconfigure their clusters to use a special push/pull -# configuration. -# -# - GKE's push/pull implementation (I think it's docker) and crictl -# push/pull (used by default in k3s clusters) have different default -# behaviors with respect to localhost registries. The docker -# implementation is very permissive, it will try both cleartext and -# TLS and it does not verify the TLS connection, so self-signed -# registries work fine. The crictl implementation is moving in this -# direction, but the version used in k3s (based on rancher's fork of -# containerd at v1.3.3) is not there yet. It only tries cleartext by -# default. -# -# - We want to minimize the requirements for users to have the -# access/understanding to create special DNS configurations -# (e.g. wildcard or a separate dns name for the registry). -# -# - You can configure the docker registry to have a prefix, -# e.g. //v2/..., however without special -# configuration to override the defaults, clients can't push/pull -# from a registry served at a prefix. If your image is named -# /, the client will look for /v2/... endpoints. -# -# Given all the prior constraints we are left with creating this -# mapping for all hosts. If this is a problem there are a few -# alternatives we could consider. We can provide a way to limit this -# mapping to only one host so they can have distinct hosts for their -# site and their registry. We could also look into creating a -# daemonset that binds to localhost and proxies cleartext to -# TLS. Based on what I know of GKE and k3s its a good guess that this -# would accommodate both of them, but possibly not other clusters with -# different configurations. -# -# Another reason to lean towards an externally accessible registry is -# that there are likely some people that would want this as a feature -# so they can docker push/pull images from other systems into/out of -# the builtin registry. While it's true that security minded people -# might not like having this registry externally accessible, it's also -# quite likely those people would want to run their own fancy registry -# that scans/audits images, etc. The focus for RtC is really a smooth -# out of the box experience that functions end-to-end without -# requiring you to build your own platform. For more security minded -# people we should expect to eventually be able to configure an -# external registry and/or turn off the builtin one. ---- -apiVersion: getambassador.io/v2 -kind: Mapping -metadata: - name: {{ include "ambassador.fullname" . }}-registry - namespace: {{ include "ambassador.namespace" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }}-registry - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes -spec: - prefix: /v2/ - rewrite: /v2/ - {{- if .Values.registry.resourceNameOverride }} - service: https://{{ .Values.registry.resourceNameOverride }} - {{- else }} - service: https://{{ include "ambassador.fullname" . }}-registry - {{- end }} - timeout_ms: 300000 ---- -apiVersion: v1 -kind: Service -metadata: - {{- if .Values.registry.resourceNameOverride }} - name: {{ .Values.registry.resourceNameOverride }} - {{- else }} - name: {{ include "ambassador.fullname" . }}-registry - {{- end }} - namespace: {{ include "ambassador.namespace" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }}-registry - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes - annotations: - a8r.io/owner: "Ambassador Labs" - a8r.io/repository: github.com/datawire/ambassador - a8r.io/description: "The Ambassador Edge internal image registry." - a8r.io/documentation: https://www.getambassador.io/docs/edge-stack/latest/ - a8r.io/chat: http://a8r.io/Slack - a8r.io/bugs: https://github.com/datawire/ambassador/issues - a8r.io/support: https://www.getambassador.io/about-us/support/ - a8r.io/dependencies: "None" -spec: - type: ClusterIP - selector: - {{- if .Values.registry.serviceSelectors }} - {{ toYaml .Values.registry.serviceSelector | nindent 4 }} - {{- else }} - app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-registry - app.kubernetes.io/instance: {{ .Release.Name }} - {{- end }} - ports: - - port: 443 - targetPort: 5000 - -# The registry deployment. The deployment includes a persistent volume -# mount for storing images, a config-map mount for customizing the -# registry configuration, and a secret mounted for tls. ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - {{- if .Values.registry.resourceNameOverride }} - name: {{ .Values.registry.resourceNameOverride }} - {{- else }} - name: {{ include "ambassador.fullname" . }}-registry - {{- end }} - namespace: {{ include "ambassador.namespace" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes - app: registry -spec: - replicas: 1 - strategy: - rollingUpdate: - maxSurge: 0 - selector: - matchLabels: - {{- if .Values.registry.serviceSelectors }} - {{ toYaml .Values.registry.serviceSelector | nindent 6 }} - {{- else }} - app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-registry - app.kubernetes.io/instance: {{ .Release.Name }} - {{- end }} - template: - metadata: - annotations: - foo: "5" - labels: - {{- if .Values.registry.serviceSelectors }} - {{ toYaml .Values.registry.serviceSelector | nindent 8 }} - {{- else }} - app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-registry - app.kubernetes.io/instance: {{ .Release.Name }} - {{- end }} - spec: - containers: - - name: registry - image: registry:2 - ports: - - containerPort: 5000 - volumeMounts: - - mountPath: /var/lib/registry - name: registry-data - - name: registry-config - mountPath: /etc/docker/registry - - name: registry-tls - mountPath: /etc/tls - volumes: - - name: registry-config - configMap: - # Provide the name of the ConfigMap containing the files you want - # to add to the container - {{- if .Values.registry.resourceNameOverride }} - name: {{ .Values.registry.resourceNameOverride }}-config - {{- else }} - name: {{ include "ambassador.fullname" . }}-registry-config - {{- end }} - - name: registry-data - persistentVolumeClaim: - {{- if .Values.registry.resourceNameOverride }} - claimName: {{ .Values.registry.resourceNameOverride }}-data - {{- else }} - claimName: {{ include "ambassador.fullname" . }}-registry-data - {{- end }} - - name: registry-tls - secret: - {{- if .Values.registry.resourceNameOverride }} - secretName: {{ .Values.registry.resourceNameOverride }}-tls - {{- else }} - secretName: {{ include "ambassador.fullname" . }}-registry-tls - {{- end }} - -# The configuration file for our registry. ---- -apiVersion: v1 -kind: ConfigMap -metadata: - {{- if .Values.registry.resourceNameOverride }} - name: {{ .Values.registry.resourceNameOverride }}-config - {{- else }} - name: {{ include "ambassador.fullname" . }}-registry-config - {{- end }} - namespace: {{ include "ambassador.namespace" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }}-registry - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes -data: - config.yml: | - version: 0.1 - log: - fields: - service: registry - storage: - cache: - blobdescriptor: inmemory - filesystem: - rootdirectory: /var/lib/registry - http: - addr: :5000 - headers: - X-Content-Type-Options: [nosniff] - tls: - certificate: /etc/tls/tls.crt - key: /etc/tls/tls.key - health: - storagedriver: - enabled: true - interval: 10s - threshold: 3 - -# The persistent volume for our registry. ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - {{- if .Values.registry.resourceNameOverride }} - name: {{ .Values.registry.resourceNameOverride }}-data - {{- else }} - name: {{ include "ambassador.fullname" . }}-registry-data - {{- end }} - namespace: {{ include "ambassador.namespace" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }}-registry - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 10Gi - -# The self-signed tls secret for our registry. We should look into -# generating this on install with a job. ---- -apiVersion: v1 -kind: Secret -metadata: - {{- if .Values.registry.resourceNameOverride }} - name: {{ .Values.registry.resourceNameOverride }}-tls - {{- else }} - name: {{ include "ambassador.fullname" . }}-registry-tls - {{- end }} - namespace: {{ include "ambassador.namespace" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }}-registry - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes -type: kubernetes.io/tls -data: - tls.crt: | - LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVEekNDQXZlZ0F3SUJBZ0lVSVZrWlJGSkVJ - VCtOTlJiMFJ0TkxwZFp5TTVnd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2daWXhDekFKQmdOVkJBWVRB - bFZUTVJZd0ZBWURWUVFJREExTllYTnpZV05vZFhObGRIUnpNUk13RVFZRApWUVFIREFwVGIyMWxj - blpwYkd4bE1SRXdEd1lEVlFRS0RBaEVZWFJoZDJseVpURVVNQklHQTFVRUN3d0xSVzVuCmFXNWxa - WEpwYm1jeEVUQVBCZ05WQkFNTUNISmxaMmx6ZEhKNU1SNHdIQVlKS29aSWh2Y05BUWtCRmc5a1pY - WkEKWkdGMFlYZHBjbVV1YVc4d0hoY05NakF3TVRNd01qRXdNVFV5V2hjTk1qRXdNVEk1TWpFd01U - VXlXakNCbGpFTApNQWtHQTFVRUJoTUNWVk14RmpBVUJnTlZCQWdNRFUxaGMzTmhZMmgxYzJWMGRI - TXhFekFSQmdOVkJBY01DbE52CmJXVnlkbWxzYkdVeEVUQVBCZ05WQkFvTUNFUmhkR0YzYVhKbE1S - UXdFZ1lEVlFRTERBdEZibWRwYm1WbGNtbHUKWnpFUk1BOEdBMVVFQXd3SWNtVm5hWE4wY25reEhq - QWNCZ2txaGtpRzl3MEJDUUVXRDJSbGRrQmtZWFJoZDJseQpaUzVwYnpDQ0FTSXdEUVlKS29aSWh2 - Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTFRtZ21wb2szVVdCVkhqCjFqb2R5eG9LZFJad09Y - WnhiZ25ITXlMa2xxLzUydGdmTEJmVlU1TzB2aE5iVm5vcEVSRWdWV0pTd3dlN0dOS0EKSjlaWWxC - Qlc1Q1U5Q3FNalU2TTVOdTdiVWRQblNyNGRFSFlWcmhEakJYcVpDUElEaFhZS2ZZYWh0YlB4cis1 - egpueS9qQktKU2JwM3RWU3d5SEhsY3JJNHdOU2R1Q2x5UFplOFR0Q2hGQUxhcU5rWUMvclNGK0w0 - SWcwZmY1N0duClpFVmsyZDJja09Xbkp6akRXMGhYL3FUcXhUKzZwV2tUQThWQ0FVS2FabEY5VkRK - c20rOW1XM2dBWmZ5NWdFWloKajcvaktqNTd5R1BUR2xWQXhra2J2WlJJVWQ5LzVkVmE3V1RCYnlR - dkxvOEkyWWQ3S1h6Y3BjcElpS2hRREdPQQpHbGVoa2JVQ0F3RUFBYU5UTUZFd0hRWURWUjBPQkJZ - RUZGTDV5NnNIb09tV0FRWVVGano4VHNETGFnUTdNQjhHCkExVWRJd1FZTUJhQUZGTDV5NnNIb09t - V0FRWVVGano4VHNETGFnUTdNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHcKRFFZSktvWklodmNOQVFF - TEJRQURnZ0VCQUFZdHlnNDNDTEJsbVlvY0NkSjVpSlF0NTR0anFGU2hIMzdFd3h4WQp1QVExRHRW - a0Q3QngzUURZZ1cxeU1QYzFTRDhYenFUcWxjQUlOQTZwdVB0SlNPcC8wUUVqVFJSMkFSZFF5VURI - ClZOZEZzcHp5MGRnbllqOXY2ckl4akdOazVHZXI3cUp4TURaUUY0dC82NHZLYWNyOHZOQ3dnSmI5 - WEZaMTBjNlEKdVNSNVVVN1pMTWJPeWd4a0hPQStMMXp3S2pSaXZUb2ZMbExPOURQNUJwMk9hOGgr - TmZhVkJ4ZHFUS2l0UzFaOApnUnZhOTFuRHZwTjl5aHBiNFJVN2FoWW9tWGF4VE5ZVEJxVE1uZWhE - aWhPQjdBS2Z0VVErdjJWZ2VlM1FxaGJ4CjRUSlJpTTUxR2VIWEtoVWw5ZXBxRnBlYllIa1BnU1ln - bU1OUy9aT3JSWmFxajVRPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== - tls.key: | - LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2QUlCQURBTkJna3Foa2lHOXcwQkFRRUZB - QVNDQktZd2dnU2lBZ0VBQW9JQkFRQzA1b0pxYUpOMUZnVlIKNDlZNkhjc2FDblVXY0RsMmNXNEp4 - ek1pNUphditkcllIeXdYMVZPVHRMNFRXMVo2S1JFUklGVmlVc01IdXhqUwpnQ2ZXV0pRUVZ1UWxQ - UXFqSTFPak9UYnUyMUhUNTBxK0hSQjJGYTRRNHdWNm1RanlBNFYyQ24yR29iV3o4YS91CmM1OHY0 - d1NpVW02ZDdWVXNNaHg1WEt5T01EVW5iZ3BjajJYdkU3UW9SUUMycWpaR0F2NjBoZmkrQ0lOSDMr - ZXgKcDJSRlpObmRuSkRscHljNHcxdElWLzZrNnNVL3VxVnBFd1BGUWdGQ21tWlJmVlF5Ykp2dlps - dDRBR1g4dVlCRwpXWSsvNHlvK2U4aGoweHBWUU1aSkc3MlVTRkhmZitYVld1MWt3VzhrTHk2UENO - bUhleWw4M0tYS1NJaW9VQXhqCmdCcFhvWkcxQWdNQkFBRUNnZ0VBWUxiMGRxdGVXclRoTnp6V0pk - QVQ2K0kzWXoyd214QmR3a0NMcUZZSjhoOWsKenpNclFicTlxalJ4Z3F2TWVoZEdscDl3eHRaMGlz - ZU9wOHY0Z0hKdkJxVk42RkxRUXhQNS9VUHppSlFkRld1TQozRU54cjVBN3RhK0tHRmVGSHM2Zkpk - TEo5WmF6TEhkRWxmbWUyOTFGZHZzWFJMdkVVNUtmQW90M2ZiVnNWWjFxCnRucVIzY0dET3JVQ00v - ZzJKZmVBYk5wSUJjTnlCV0diOGRQbm5SaHZRNW5YN1ozUnJiNTlhQnhOcldCSkFkbnEKOUtkS3BR - UmU4cjBiRGJ0WVZQamxXRldpOVluWVQ0WHpQOG9TU0t5a3R4TWZraEM2dlVKb0gwNHFOSmRkWjVM - WAozWjRKUm14RnlUZU1rUG0xa2dnSVVRZGJhRWp1WG0rOThOeXVkZitKcVFLQmdRRGx6SS9XMzZM - am1pRE9MSDVUCnFhZTFnazNMV2lTY3hwZzRhazEyenhLSlkrWUJiNnc4UG5EVmlvY2tPa0lsSERh - V0xzQ2VpRkJsM2lPSDlUWWcKQm9iY3JVZVNUbWdOaUNqSlpIWVhIUlY1TEN2bGE0UkhhcXNMWG43 - elptTE5GVW9YRlhaTkoyQzlqUEp5TStyQQpqOWJLWlFvQTF2NC9qOUdMTXN3eEJZem1pd0tCZ1FE - SmhxNDhrYmV0MlRTRFhyMUxuY3FMVU9wak1hQmNyOEJKCnpDNlBwK3F0ck01QVE1RnkwaHRoV2Zn - bDkzZU5vMWRQT2pCRDZ6amIyd2dNSHhBR2w1V0pIN005enFBSWJSaW0KbDFNcmsrUkprbUVGeUls - cU95TG9jNlg0V1pPN1BwejZPQkdWTExGOFlBR09UcldaRzZwUStDeVJWN3hHUS9PWAo4QlN5UVVh - d3Z3S0JnRWFXWG55dmQxYVlpb2txUzZlaFRuM0h4K08yRGRjR2ZjMmVnYXNFRW5xWGNCaHkyQ0l0 - ClAvV29OcmpmR0dCVDJVU3FtY3BZcnZHTG1iaHlqeXlwTkpYbXVEeHR6ektRNTQ1dFNJVHpEeHlJ - Zi9kWjNta2QKaityUEhRbmhJbXBDcHQ2T1hpZDIrQlZoalR1ZFRQZlhkeS8yZDJzb256S2hGOG05 - VWRHaEZkWGZBb0dBRkZ0QwpabVBoeGZIVzJCNU55TUdib0E4QVhoeTVNaU9lck5XdkxsdXIzUGRE - cmtJbEF4QXVLOXRHc2E4WnFIa0RiTUZYCjlzUmY3ZlZtRHJOa2p3WG8yUDBXd2Z1Sk50Q3VXTVdZ - WlNKL1FOOUVaYTBvRkU3ODY3WWk0YjlLcVBOZUwvaFIKN2x1aFlncmduVnRlQktWQ3d3TU9uVy9i - V00yc1lZQ2kxbzY1Y1VrQ2dZQUR4SUJmOGZUOURDS0NaZ1FvQXNDYwpvSzcvdzdDYk1hOEp5TjZa - ZDRiSlIrSzRzUEtQekd2M3dEandxRzFTRkN6UU1FR01mOWt6TWFYb09XdzNaN2NCCklIZTJDUXFF - N2NZdW1LYjFkOTFueU1qMVdQVC9CWEJKZzB3aUNMV0RjakdQR0xNWTJyeGsvMWwzL2xjKy9WVkcK - NjRZZUh1YlllOE9Iemp5UEZGSnJZdz09Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K - -###################################################################### -# Project Controller -# -# Comment this out if you want to disable the micro CI/CD functionality: ---- -apiVersion: getambassador.io/v2 -kind: ProjectController -metadata: - {{- if .Values.registry.projectControllerName }} - name: {{ .Values.registry.projectControllerName }} - {{- else }} - name: {{ include "ambassador.fullname" . }}-projectcontroller - {{- end }} - namespace: {{ include "ambassador.namespace" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }}-projectcontroller - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - projects.getambassador.io/ambassador_id: {{ if hasKey .Values.env "AMBASSADOR_ID" }}{{ .Values.env.AMBASSADOR_ID | quote }}{{ else }}default{{ end }} - product: aes -{{- end }} diff --git a/charts/ambassador/ambassador/6.7.1100/templates/rbac.yaml b/charts/ambassador/ambassador/6.7.1100/templates/rbac.yaml deleted file mode 100755 index 1077c248d..000000000 --- a/charts/ambassador/ambassador/6.7.1100/templates/rbac.yaml +++ /dev/null @@ -1,200 +0,0 @@ -{{- if .Values.rbac.create -}} ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - name: {{ include "ambassador.rbacName" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes -aggregationRule: - clusterRoleSelectors: - - matchLabels: - rbac.getambassador.io/role-group: {{ include "ambassador.rbacName" . }} -rules: [] ---- -# CRDs are cluster scoped resources, so they need to be in a cluster role, -# even if ambassador is running in single namespace mode -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - name: {{ include "ambassador.rbacName" . }}-crd - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes - rbac.getambassador.io/role-group: {{ include "ambassador.rbacName" . }} -rules: - - apiGroups: [ "apiextensions.k8s.io" ] - resources: [ "customresourcedefinitions" ] - verbs: ["get", "list", "watch", "delete"] ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -{{- if .Values.scope.singleNamespace }} -kind: Role -metadata: - name: {{ include "ambassador.rbacName" . }} - namespace: {{ include "ambassador.namespace" . }} -{{- else }} -kind: ClusterRole -metadata: - name: {{ include "ambassador.rbacName" . }}-watch -{{- end }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes - rbac.getambassador.io/role-group: {{ include "ambassador.rbacName" . }} -rules: - - apiGroups: [""] - resources: - - namespaces - - services - - secrets - - endpoints - verbs: ["get", "list", "watch"] - - - apiGroups: [ "getambassador.io" ] - resources: [ "*" ] - verbs: ["get", "list", "watch", "update", "patch", "create", "delete" ] - - - apiGroups: [ "getambassador.io" ] - resources: [ "mappings/status" ] - verbs: ["update"] - - - apiGroups: [ "networking.internal.knative.dev" ] - resources: [ "clusteringresses", "ingresses" ] - verbs: ["get", "list", "watch"] - - - apiGroups: [ "networking.x-k8s.io" ] - resources: [ "*" ] - verbs: ["get", "list", "watch"] - - - apiGroups: [ "networking.internal.knative.dev" ] - resources: [ "ingresses/status", "clusteringresses/status" ] - verbs: ["update"] - - - apiGroups: [ "extensions", "networking.k8s.io" ] - resources: [ "ingresses", "ingressclasses" ] - verbs: ["get", "list", "watch"] - - - apiGroups: [ "extensions", "networking.k8s.io" ] - resources: [ "ingresses/status" ] - verbs: ["update"] - - {{- if .Values.enableAES }} - - - apiGroups: [""] - resources: [ "secrets" ] - verbs: ["get", "list", "watch", "create", "update"] - - - apiGroups: [""] - resources: [ "events" ] - verbs: ["get", "list", "watch", "create", "patch"] - - - apiGroups: ["coordination.k8s.io"] - resources: [ "leases" ] - verbs: ["get", "create", "update"] - - - apiGroups: [""] - resources: [ "endpoints" ] - verbs: ["get", "list", "watch", "create", "update"] - {{- end }} - - {{- if or .Values.rbac.podSecurityPolicies .Values.security.podSecurityPolicy }} - - - apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - {{- if .Values.rbac.podSecurityPolicies }} - {{- toYaml .Values.rbac.podSecurityPolicies | nindent 6 }} - {{- end }} - {{- if .Values.security.podSecurityPolicy }} - - {{ include "ambassador.fullname" . }} - {{- end }} - {{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding -metadata: - name: {{ include "ambassador.rbacName" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "ambassador.rbacName" . }} -subjects: - - name: {{ include "ambassador.serviceAccountName" . }} - namespace: {{ include "ambassador.namespace" . }} - kind: ServiceAccount ---- -{{- if .Values.scope.singleNamespace }} -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: RoleBinding -metadata: - name: {{ include "ambassador.rbacName" . }} - namespace: {{ include "ambassador.namespace" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "ambassador.rbacName" . }} -subjects: - - name: {{ include "ambassador.serviceAccountName" . }} - namespace: {{ include "ambassador.namespace" . }} - kind: ServiceAccount -{{- end }} -{{- end -}} diff --git a/charts/ambassador/ambassador/6.7.1100/templates/resolvers.yaml b/charts/ambassador/ambassador/6.7.1100/templates/resolvers.yaml deleted file mode 100755 index 43aa5ace2..000000000 --- a/charts/ambassador/ambassador/6.7.1100/templates/resolvers.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{- if .Values.resolvers.endpoint.create }} ---- -apiVersion: getambassador.io/v2 -kind: KubernetesEndpointResolver -metadata: - name: {{ .Values.resolvers.endpoint.name }} - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} -{{- if hasKey .Values.env "AMBASSADOR_ID" }} -spec: - ambassador_id: {{ .Values.env.AMBASSADOR_ID | quote }} -{{- end }} -{{- end }} -{{- if .Values.resolvers.consul.create }} ---- -apiVersion: getambassador.io/v2 -kind: ConsulResolver -metadata: - name: {{ .Values.resolvers.consul.name }} - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} -spec: - {{- if hasKey .Values.env "AMBASSADOR_ID" }} - ambassador_id: {{ .Values.env.AMBASSADOR_ID | quote }} - {{- end }} - {{- toYaml .Values.resolvers.consul.spec | nindent 2 }} -{{- end }} diff --git a/charts/ambassador/ambassador/6.7.1100/templates/service.yaml b/charts/ambassador/ambassador/6.7.1100/templates/service.yaml deleted file mode 100755 index a541c2234..000000000 --- a/charts/ambassador/ambassador/6.7.1100/templates/service.yaml +++ /dev/null @@ -1,81 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - {{- if .Values.service.nameOverride }} - name: {{ .Values.service.nameOverride }} - {{- else }} - name: {{ include "ambassador.fullname" . }} - {{- end }} - namespace: {{ include "ambassador.namespace" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - app.kubernetes.io/component: ambassador-service - product: aes - annotations: - a8r.io/owner: "Ambassador Labs" - a8r.io/repository: github.com/datawire/ambassador - a8r.io/description: "The Ambassador Edge Stack goes beyond traditional API Gateways and Ingress Controllers with the advanced edge features needed to support developer self-service and full-cycle development." - a8r.io/documentation: https://www.getambassador.io/docs/edge-stack/latest/ - a8r.io/chat: http://a8r.io/Slack - a8r.io/bugs: https://github.com/datawire/ambassador/issues - a8r.io/support: https://www.getambassador.io/about-us/support/ - a8r.io/dependencies: {{ include "ambassador.fullname" . }}-redis.{{ include "ambassador.namespace" . }} -{{- if .Values.service.annotations }} - {{- range $key, $value := .Values.service.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -{{- end }} -spec: - type: {{ .Values.service.type }} - {{- if .Values.service.loadBalancerIP }} - loadBalancerIP: "{{ .Values.service.loadBalancerIP }}" - {{- end }} - {{- if .Values.service.externalTrafficPolicy }} - externalTrafficPolicy: "{{ .Values.service.externalTrafficPolicy }}" - {{- end }} - {{- if .Values.service.sessionAffinity }} - sessionAffinity: {{ .Values.service.sessionAffinity }} - {{- end }} - {{- if .Values.service.sessionAffinityConfig }} - sessionAffinityConfig: - {{- toYaml .Values.service.sessionAffinityConfig | nindent 4 }} - {{- end }} - ports: - {{- range .Values.service.ports }} - - name: {{ .name }} - port: {{ int .port }} - {{- if .targetPort }} - targetPort: {{ int .targetPort }} - {{- end }} - {{- if .nodePort }} - nodePort: {{ int .nodePort }} - {{- end }} - {{- if .protocol }} - protocol: {{ .protocol }} - {{- end }} - {{- end}} - selector: - {{- if .Values.service.selector }} - {{ toYaml .Values.service.selector | nindent 6 }} - {{- else }} - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- end }} - {{- with .Values.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: - {{- toYaml . | nindent 4 }} - {{- end }} - {{- if .Values.service.externalIPs }} - externalIPs: - {{- toYaml .Values.service.externalIPs | nindent 4 }} - {{- end }} diff --git a/charts/ambassador/ambassador/6.7.1100/templates/serviceaccount.yaml b/charts/ambassador/ambassador/6.7.1100/templates/serviceaccount.yaml deleted file mode 100755 index 90c8ef085..000000000 --- a/charts/ambassador/ambassador/6.7.1100/templates/serviceaccount.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "ambassador.serviceAccountName" . }} - namespace: {{ include "ambassador.namespace" . }} - labels: - {{- if ne .Values.deploymentTool "getambassador.io" }} - app.kubernetes.io/name: {{ include "ambassador.name" . }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - {{- end }} - product: aes -{{- if .Values.docker.useImagePullSecret }} -imagePullSecrets: -- name: {{ .Values.docker.imagePullSecretName }} -{{- end }} -{{- end -}} diff --git a/charts/ambassador/ambassador/6.7.1100/templates/servicemonitor.yaml b/charts/ambassador/ambassador/6.7.1100/templates/servicemonitor.yaml deleted file mode 100755 index b2c8122a1..000000000 --- a/charts/ambassador/ambassador/6.7.1100/templates/servicemonitor.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{- if and .Values.adminService.create .Values.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "ambassador.fullname" . }} - namespace: {{ include "ambassador.namespace" . }} - labels: - app: {{ include "ambassador.name" . }} - {{- if .Values.metrics.serviceMonitor.selector }} - {{- toYaml .Values.metrics.serviceMonitor.selector | nindent 4 }} - {{- end }} -spec: - endpoints: - - port: ambassador-admin - path: /metrics - {{- with .Values.metrics.serviceMonitor.interval }} - interval: {{ . }} - {{- end }} - {{- with .Values.metrics.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ . }} - {{- end }} - namespaceSelector: - matchNames: - - {{ include "ambassador.namespace" . }} - selector: - matchLabels: - service: ambassador-admin -{{- end }} diff --git a/charts/ambassador/ambassador/6.7.1100/templates/tests/test-ready.yaml b/charts/ambassador/ambassador/6.7.1100/templates/tests/test-ready.yaml deleted file mode 100755 index ec96235f7..000000000 --- a/charts/ambassador/ambassador/6.7.1100/templates/tests/test-ready.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if and (.Values.test.enabled) (not .Values.daemonSet) }} -apiVersion: v1 -kind: Pod -metadata: - name: "{{ include "ambassador.fullname" . }}-test-ready" - labels: - app.kubernetes.io/name: {{ include "ambassador.name" . }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - annotations: - "helm.sh/hook": test-success -spec: - containers: - - name: wget - image: {{ .Values.test.image | default "busybox" }} - command: ['wget'] - args: ['{{ include "ambassador.fullname" . }}:{{ include "ambassador.servicePort" . }}/ambassador/v0/check_ready'] - restartPolicy: Never -{{- end }} diff --git a/charts/ambassador/ambassador/6.7.1100/templates/traffic-agent-rbac.yaml b/charts/ambassador/ambassador/6.7.1100/templates/traffic-agent-rbac.yaml deleted file mode 100755 index 783c0aed6..000000000 --- a/charts/ambassador/ambassador/6.7.1100/templates/traffic-agent-rbac.yaml +++ /dev/null @@ -1,135 +0,0 @@ -{{- if and .Values.enableAES .Values.servicePreview.enabled }} -{{- if .Values.servicePreview.trafficAgent.singleNamespace }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }} - namespace: {{ include "ambassador.namespace" . }} - annotations: - # Required because Helm creates secrets before ServiceAccount, but service-account-token depends on an existing SA. - "helm.sh/hook": "pre-install" - labels: - app.kubernetes.io/name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes ---- -## Create a service-account-token for traffic-agent with a matching name. -## Since the ambassador-injector will use this token name, it must be deterministic and not auto-generated. -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }} - namespace: {{ include "ambassador.namespace" . }} - annotations: - kubernetes.io/service-account.name: traffic-agent -type: kubernetes.io/service-account-token ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: Role -metadata: - name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }} - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes -rules: - - apiGroups: [""] - resources: [ "namespaces", "services", "secrets" ] - verbs: ["get", "list", "watch"] - - apiGroups: [ "getambassador.io" ] - resources: [ "*" ] - verbs: ["get", "list", "watch", "update"] ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: RoleBinding -metadata: - name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }} - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "ambassador.rbacName" . }} -subjects: - - name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }} - namespace: {{ include "ambassador.namespace" . }} - kind: ServiceAccount -{{- else }} -## If we install Service Preview cluster-wide, this means we can't use the 'traffic-agent' ServiceAccount -## as it does not exist in every namespace. We must instead grant new Roles to all ServiceAccounts (cluster-wide). ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }} - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes -rules: - - apiGroups: [""] - resources: [ "namespaces", "services", "secrets" ] - verbs: ["get", "list", "watch"] - - apiGroups: [ "getambassador.io" ] - resources: [ "*" ] - verbs: ["get", "list", "watch", "update"] ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding -metadata: - name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }} - labels: - app.kubernetes.io/name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }} -subjects: - - name: system:serviceaccounts - kind: Group - apiGroup: rbac.authorization.k8s.io -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/ambassador/ambassador/6.7.1100/templates/traffic-manager.yaml b/charts/ambassador/ambassador/6.7.1100/templates/traffic-manager.yaml deleted file mode 100755 index 922bc5df4..000000000 --- a/charts/ambassador/ambassador/6.7.1100/templates/traffic-manager.yaml +++ /dev/null @@ -1,190 +0,0 @@ -{{- if and .Values.enableAES .Values.servicePreview.enabled }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Values.servicePreview.trafficManager.serviceAccountName }} - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ .Values.servicePreview.trafficManager.serviceAccountName }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -{{- if .Values.scope.singleNamespace }} -kind: Role -{{- else }} -kind: ClusterRole -{{- end }} -metadata: - name: {{ .Values.servicePreview.trafficManager.serviceAccountName }} - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ .Values.servicePreview.trafficManager.serviceAccountName }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes -rules: - - apiGroups: [""] - resources: ["namespaces", "services", "pods", "secrets"] - verbs: ["get", "list", "watch"] ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -{{- if .Values.scope.singleNamespace }} -kind: RoleBinding -{{- else }} -kind: ClusterRoleBinding -{{- end }} -metadata: - name: {{ .Values.servicePreview.trafficManager.serviceAccountName }} - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: {{ .Values.servicePreview.trafficManager.serviceAccountName }} - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes -roleRef: - apiGroup: rbac.authorization.k8s.io - {{- if .Values.scope.singleNamespace }} - kind: Role - {{- else }} - kind: ClusterRole - {{- end }} - name: {{ .Values.servicePreview.trafficManager.serviceAccountName }} -subjects: - - kind: ServiceAccount - name: {{ .Values.servicePreview.trafficManager.serviceAccountName }} - namespace: {{ include "ambassador.namespace" . }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: telepresence-proxy - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: telepresence-proxy - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - product: aes -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: telepresence-proxy - app.kubernetes.io/instance: {{ .Release.Name }} - template: - metadata: - labels: - app.kubernetes.io/name: telepresence-proxy - app.kubernetes.io/instance: {{ .Release.Name }} - spec: - containers: - - name: telepresence-proxy - {{- if .Values.servicePreview.trafficManager.image.repository }} - image: "{{ .Values.servicePreview.trafficManager.image.repository }}:{{ .Values.servicePreview.trafficManager.image.tag | default .Values.image.tag }}" - {{- else }} - image: {{ include "ambassador.image" . }} - {{- end }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - command: [ "traffic-manager" ] - env: - {{- if .Values.scope.singleNamespace }} - - name: AMBASSADOR_SINGLE_NAMESPACE - value: "true" - {{- end }} - - name: AMBASSADOR_NAMESPACE - {{- if .Values.namespace }} - value: {{ .Values.namespace.name | quote }} - {{ else }} - valueFrom: - fieldRef: - fieldPath: metadata.namespace - {{- end -}} - {{- if or .Values.redis.create .Values.redisURL }} - - name: REDIS_URL - {{- if .Values.redisURL }} - value: {{ .Values.redisURL }} - {{- else }} - value: {{ include "ambassador.fullname" . }}-redis:6379 - {{- end }} - {{- end }} - ports: - - name: sshd - containerPort: 8022 - volumeMounts: - - mountPath: /tmp/ambassador-pod-info - name: pod-info - restartPolicy: Always - terminationGracePeriodSeconds: 0 - volumes: - - downwardAPI: - items: - - fieldRef: - fieldPath: metadata.labels - path: labels - name: pod-info - serviceAccountName: {{ .Values.servicePreview.trafficManager.serviceAccountName }} ---- -apiVersion: v1 -kind: Service -metadata: - name: telepresence-proxy - namespace: {{ include "ambassador.namespace" . }} - labels: - app.kubernetes.io/name: telepresence-proxy - app.kubernetes.io/part-of: {{ .Release.Name }} - helm.sh/chart: {{ include "ambassador.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.deploymentTool }} - app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} - {{- else }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- end }} - annotations: - a8r.io/owner: "Ambassador Labs" - a8r.io/repository: github.com/datawire/ambassador - a8r.io/description: "The Ambassador Edge Stack Service Preview Telepresence Proxy." - a8r.io/documentation: https://www.getambassador.io/docs/edge-stack/latest/ - a8r.io/chat: http://a8r.io/Slack - a8r.io/bugs: https://github.com/datawire/ambassador/issues - a8r.io/support: https://www.getambassador.io/about-us/support/ - a8r.io/dependencies: "None" -spec: - type: ClusterIP - clusterIP: None - selector: - app.kubernetes.io/name: telepresence-proxy - app.kubernetes.io/instance: {{ .Release.Name }} - ports: - - name: sshd - protocol: TCP - port: 8022 - - name: api - protocol: TCP - port: 8081 -{{- end }} diff --git a/charts/ambassador/ambassador/6.7.1100/values.yaml b/charts/ambassador/ambassador/6.7.1100/values.yaml deleted file mode 100755 index 17ebb9ab0..000000000 --- a/charts/ambassador/ambassador/6.7.1100/values.yaml +++ /dev/null @@ -1,521 +0,0 @@ -# Default values for ambassador. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -# Manually set metadata for the Release. -# -# Defaults to .Chart.Name -nameOverride: '' -# Defaults to .Release.Name-.Chart.Name unless .Release.Name contains "ambassador" -fullnameOverride: '' -# Defaults to .Release.Namespace -namespaceOverride: '' - -replicaCount: 3 -daemonSet: false - -# This will enable the test-ready Pod (https://github.com/datawire/ambassador-chart/blob/master/templates/tests/test-ready.yaml). -# It will spawn a busybox container to call Ambassador's check_ready endpoint to validate it is working correctly. -test: - enabled: true - image: busybox - -# Enable autoscaling using HorizontalPodAutoscaler -# daemonSet: true, autoscaling will be disabled -autoscaling: - enabled: false - minReplicas: 2 - maxReplicas: 5 - metrics: - - type: Resource - resource: - name: cpu - target: - type: Utilization - averageUtilization: 60 - - type: Resource - resource: - name: memory - target: - type: Utilization - averageUtilization: 60 - -podDisruptionBudget: {} - -# namespace: - # name: default - -# Additional container environment variable -# Uncomment or add additional environment variables for the container here. -env: {} - # Exposing statistics via StatsD - # STATSD_ENABLED: true - # STATSD_HOST: statsd-sink - # sets the minimum number of seconds between Envoy restarts - # AMBASSADOR_RESTART_TIME: 15 - # sets the number of seconds that the Envoy will wait for open connections to drain on a restart - # AMBASSADOR_DRAIN_TIME: 5 - # sets the number of seconds that Ambassador will wait for the old Envoy to clean up and exit on a restart - # AMBASSADOR_SHUTDOWN_TIME: 10 - # labels Ambassador with an ID to allow for configuring multiple Ambassadors in a cluster - # AMBASSADOR_ID: default - -# Additional container environment variable in raw YAML format -# Uncomment or add additional environment variables for the container here. -envRaw: {} -# - name: REDIS_PASSWORD -# value: password -# valueFrom: -# secretKeyRef: -# name: redis-password -# key: password -# - name: POD_IP -# valueFrom: -# fieldRef: -# fieldPath: status.podIP - -imagePullSecrets: [] - -security: - # Security Context for all containers in the pod. - # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#podsecuritycontext-v1-core - podSecurityContext: - runAsUser: 8888 - # Security Context for the Ambassador container specifically - # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#securitycontext-v1-core - containerSecurityContext: - allowPrivilegeEscalation: false - # A basic PodSecurityPolicy to ensure Ambassador is running with appropriate security permissions - # https://kubernetes.io/docs/concepts/policy/pod-security-policy/ - # - # A set of reasonable defaults is outlined below. This is not created by default as it should only - # be created by a one Release. If you want to use the PodSecurityPolicy in the chart, create it in - # the "master" Release and then leave it unset in all others. Set the `rbac.podSecurityPolicies` - # in all non-"master" Releases. - podSecurityPolicy: {} - # # Add AppArmor and Seccomp annotations - # # https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor - # annotations: - # spec: - # seLinux: - # rule: RunAsAny - # supplementalGroups: - # rule: 'MustRunAs' - # ranges: - # # Forbid adding the root group. - # - min: 1 - # max: 65535 - # fsGroup: - # rule: 'MustRunAs' - # ranges: - # # Forbid adding the root group. - # - min: 1 - # max: 65535 - # privileged: false - # allowPrivilegeEscalation: false - # runAsUser: - # rule: MustRunAsNonRoot - -image: - ossTag: 1.13.8 - aesTag: 1.13.8 - pullPolicy: IfNotPresent - ossRepository: docker.io/datawire/ambassador - aesRepository: docker.io/datawire/aes -dnsPolicy: ClusterFirst -hostNetwork: false - -service: - type: LoadBalancer - - # Note that target http ports need to match your ambassador configurations service_port - # https://www.getambassador.io/reference/modules/#the-ambassador-module - ports: - - name: http - port: 80 - targetPort: 8080 - # protocol: TCP - # nodePort: 30080 - # hostPort: 80 - - name: https - port: 443 - targetPort: 8443 - # protocol: TCP - # nodePort: 30443 - # hostPort: 443 - # TCPMapping_Port - # port: 2222 - # targetPort: 2222 - # protocol: TCP - # nodePort: 30222 - - externalTrafficPolicy: - - sessionAffinity: - - sessionAffinityConfig: - - externalIPs: [] - - annotations: {} - - ############################################################################# - ## Ambassador should be configured using CRD definition. If you want - ## to use annotations, the following is an example of annotating the - ## Ambassador service with global configuration manifest. - ## - ## See https://www.getambassador.io/reference/core/ambassador and - ## https://www.getambassador.io/reference/core/tls for more info - ############################################################################# - # - # getambassador.io/config: | - # --- - # apiVersion: ambassador/v1 - # kind: TLSContext - # name: ambassador - # secret: ambassador-certs - # hosts: ["*"] - # --- - # apiVersion: ambassador/v1 - # kind: Module - # name: ambassador - # config: - # admin_port: 8001 - # diag_port: 8877 - # diagnostics: - # enabled: true - # enable_grpc_http11_bridge: false - # enable_grpc_web: false - # enable_http10: false - # enable_ipv4: true - # enable_ipv6: false - # liveness_probe: - # enabled: true - # lua_scripts: - # readiness_probe: - # enabled: true - # server_name: envoy - # service_port: 8080 - # use_proxy_proto: false - # use_remote_address: true - # xff_num_trusted_hops: 0 - # x_forwarded_proto_redirect: false - # load_balancer: - # policy: round_robin - # circuit_breakers: - # max_connections: 2048 - # retry_policy: - # retry_on: "5xx" - # cors: - - # Manually set the name of the generated Service - nameOverride: - -adminService: - create: true - type: ClusterIP - port: 8877 - snapshotPort: 8005 - # NodePort used if type is NodePort - # nodePort: 38877 - annotations: {} - -rbac: - # Specifies whether RBAC resources should be created - create: true - # List of Pod Security Policies to use on the container. - # If security.podSecurityPolicy is set, it will be appended to the list - podSecurityPolicies: [] - # Name of the RBAC resources defaults to the name of the release. - # Set nameOverride when installing Ambassador with cluster-wide scope in - # different namespaces with the same release name to avoid conflicts. - nameOverride: - -scope: - # tells Ambassador to only use resources in the namespace or namespace set by namespace.name - singleNamespace: false - -serviceAccount: - # Specifies whether a service account should be created - create: true - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: - -deploymentStrategy: - type: RollingUpdate - -restartPolicy: - -terminationGracePeriodSeconds: - -initContainers: [] - -sidecarContainers: [] - -livenessProbe: - initialDelaySeconds: 30 - periodSeconds: 3 - failureThreshold: 3 - -readinessProbe: - initialDelaySeconds: 30 - periodSeconds: 3 - failureThreshold: 3 - - -volumes: [] - -volumeMounts: [] - -podLabels: {} - -podAnnotations: {} - # prometheus.io/scrape: "true" - # prometheus.io/port: "9102" - -deploymentLabels: {} - -deploymentAnnotations: {} - # configmap.reloader.stakater.com/auto: "true" - -resources: - # Recommended resource requests and limits for Ambassador - limits: - cpu: 1000m - memory: 600Mi - requests: - cpu: 200m - memory: 300Mi - -priorityClassName: '' - -nodeSelector: {} - -tolerations: [] - -affinity: {} - -topologySpreadConstraints: [] - -ambassadorConfig: '' - -crds: - enabled: true - create: true - keep: true - -# Prometheus Operator ServiceMonitor configuration -# See documentation: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor -metrics: - serviceMonitor: - enabled: false - # interval: 30s - # scrapeTimeout: 30s - # selector: {} - -################################################################################ -## Ambassador Edge Stack Configuration ## -################################################################################ - -# The Ambassador Edge Stack is free for limited use without a license key. -# Go to https://{ambassador-host}/edge_stack/admin/#dashboard to register -# for a community license key. - -enableAES: true - -# Set createSecret: false is installing multiple releases of The Ambassador -# Edge Stack in the same namespace. -licenseKey: - value: - createSecret: true - secretName: - # Annotations to attach to the license-key-secret. - annotations: {} - -# The DevPortal is exposed at /docs/ endpoint in the AES container. -# Setting this to true will automatically create routes for the DevPortal. -createDevPortalMappings: true -devportal: - docsPrefix: /documentation/ - -# The Ambassador Edge Stack uses a redis instance for managing authentication, -# rate limiting, and sharing minor configuration details between pods for -# centralized management. These values configure the redis instance that ships -# by default with The Ambassador Edge Stack. -# -# URL of your redis instance. Defaults to redis instance created below. -redisURL: - -# Ambassador ships with a basic redis instance. Configure the deployment with the options below. -redis: - create: true - image: - repository: redis - tag: 5.0.1 - pullPolicy: IfNotPresent - # Annotations for Ambassador Pro's redis instance. - annotations: - deployment: {} - service: {} - resources: {} - # If you want to specify resources, uncomment the following - # lines and remove the curly braces after 'resources:'. - # These are placeholder values and must be tuned. - # limits: - # cpu: 100m - # memory: 256Mi - # requests: - # cpu: 50m - # memory: 128Mi - nodeSelector: {} - affinity: {} - tolerations: {} - - -# Configures the AuthService that ships with the Ambassador Edge Stack. -# Setting authService.create: false will not install the AES AuthService and -# allow you to define your own. -# -# Typically when using the AES, you will want to keep this set to true and use -# the External Filter to communicate with a custom authentication service. -# https://www.getambassador.io/reference/filter-reference/#filter-type-external -authService: - deploymentExtraName: auth - create: true - # Set additional configuration options. See https://www.getambassador.io/reference/services/auth-service for more information - optional_configurations: {} - # include_body: - # max_bytes: 4096 - # allow_partial: true - # status_on_error: - # code: 403 - # failure_mode_allow: false - # retry_policy: - # retry_on: "5xx" - # num_retries: 2 - # add_linkerd_headers: true - # timeout_ms: 30000 - - -# Configures the RateLimitService in the Ambassador Edge Stack. -# Keep this enabled to configure RateLimits in AES. -rateLimit: - create: true - deploymentExtraName: ratelimit - -# Projects are a beta feature of Ambassador that allow developers to stage and -# deploy code with nothing more than a Github repository. -# See: https://www.getambassador.io/docs/edge-stack/latest/topics/using/projects/ -registry: - create: false - -# Resolvers are used to configure the discovery service strategy for Ambasador Edge Stack. -# See: https://www.getambassador.io/docs/edge-stack/latest/topics/running/resolvers/ -resolvers: - endpoint: - create: false - name: endpoint - consul: - create: false - name: consul-dc1 - spec: {} - # Configuration for a Consul Resolver - # address: consul-server.default.svc.cluster.local:8500 - # datacenter: dc1 - -# Create and manage an Ambassador Module from the Helm Chart. See: -# https://www.getambassador.io/docs/edge-stack/latest/topics/running/ambassador -# for more info on the available options. -# -# Note: The Module can only be named ambassador. There can only be one Module -# installed per-namespace. -module: {} - -################################################################################ -## DEPRECATED configuration objects ## -################################################################################ - -# DEPRECATED: Ambassador now exposes the /metrics endpoint in Envoy. -# DEPRECATED: See https://www.getambassador.io/user-guide/monitoring#deployment for more information on how to use the /metrics endpoint -# -# DEPRECATED: Enabling the prometheus exporter creates a sidecar and configures ambassador to use it -prometheusExporter: - enabled: false - repository: prom/statsd-exporter - tag: v0.8.1 - pullPolicy: IfNotPresent - resources: {} - # If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 256Mi - # requests: - # cpu: 50m - # memory: 128Mi - # You can configure the statsd exporter to modify the behavior of mappings and other features. - # See documentation: https://github.com/prometheus/statsd_exporter/tree/v0.8.1#metric-mapping-and-configuration - # Uncomment the following line if you wish to specify a custom configuration: - # configuration: | - # --- - # mappings: - # - match: 'envoy.cluster.*.upstream_cx_connect_ms' - # name: "envoy_cluster_upstream_cx_connect_time" - # timer_type: 'histogram' - # labels: - # cluster_name: "$1" - -# DEPRECATED: Use security.podSecurityContext -# securityContext: -# runAsUser: 8888 - - -# Configures Service Preview that ships with the Ambassador Edge Stack and edgectl. -# Setting servicePreview.enabled: true will install the Traffic Agent Service Account, Traffic Manager with RBAC, and ambassador-injector -servicePreview: - enabled: false - trafficManager: - image: - # Leave blank to use image.repository and image.tag - repository: - tag: - serviceAccountName: traffic-manager - trafficAgent: - image: - # Leave blank to use image.repository and image.tag - repository: - tag: - singleNamespace: true - serviceAccountName: traffic-agent - port: 9900 - - # Configure the ambassador-injector webhook for Service Preview Traffic Agent automatic sidecar injection. - injector: - enabled: true - - # If no injector.crtPEM and injector.keyPEM are provided, a self-signed certificate will be issued - # for the Common Name (CN) of `..svc`, which is the cluster-internal DNS name - # for the service. - crtPEM: '' - keyPEM: '' - -# Configure the ambassador agent -agent: - enabled: true - # this will be empty when it first gets applied, then the user will edit the agent to - # make it start reporting - cloudConnectToken: '' - rpcAddress: https://app.getambassador.io/ - createArgoRBAC: true - image: - # Leave blank to use image.repository and image.tag - tag: - repository: - -deploymentTool: '' - -# configure docker to pull from private registry -docker: {} -createNamespace: false -enableTestService: false diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/.helmignore b/charts/artifactory-ha/artifactory-ha/3.0.1400/.helmignore deleted file mode 100755 index c7eb1e274..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -OWNERS \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/CHANGELOG.md b/charts/artifactory-ha/artifactory-ha/3.0.1400/CHANGELOG.md deleted file mode 100755 index 788bf661c..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/CHANGELOG.md +++ /dev/null @@ -1,830 +0,0 @@ -# JFrog Artifactory-ha Chart Changelog -All changes to this chart will be documented in this file. - -## [3.0.14] - Jul 31, 2020 -* Update the README section on Nginx SSL termination to reflect the actual YAML structure. - -## [3.0.13] - Jul 30, 2020 -* Added condition to disable the migration scripts. - -## [3.0.12] - Jul 29, 2020 -* Document Artifactory node affinity. - -## [3.0.11] - Jul 28, 2020 -* Added maxConnections for persistent storage type aws-s3-v3. - -## [3.0.10] - Jul 28, 2020 -Bugfix / support for userPluginSecrets with Artifactory 7 - -## [3.0.9] - Jul 27, 2020 -* Add tpl to external database secrets. -* Modified `scheme` to `artifactory-ha.scheme` - -## [3.0.8] - Jul 23, 2020 -* Added condition to disable the migration init container. - -## [3.0.7] - Jul 21, 2020 -* Updated Artifactory-ha Chart to add node and primary labels to pods and service objects. - -## [3.0.6] - Jul 20, 2020 -* Support custom CA and certificates - -## [3.0.5] - Jul 13, 2020 -* Updated Artifactory version to 7.6.3 - https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.6.3 -* Fixed Mysql database jar path in `preStartCommand` in README - -## [3.0.4] - Jul 8, 2020 -* Move some postgresql values to where they should be according to the subchart - -## [3.0.3] - Jul 8, 2020 -* Set Artifactory access client connections to the same value as the access threads. - -## [3.0.2] - Jul 6, 2020 -* Updated Artifactory version to 7.6.2 -* **IMPORTANT** -* Added ChartCenter Helm repository in README - -## [3.0.1] - Jul 01, 2020 -* Add dedicated ingress object for Replicator service when enabled - -## [3.0.0] - Jun 30, 2020 -* Update postgresql tag version to `10.13.0-debian-10-r38` -* Update alpine tag version to `3.12` -* Update busybox tag version to `1.31.1` -* **IMPORTANT** -* If this is a new deployment or you already use an external database (`postgresql.enabled=false`), these changes **do not affect you**! -* If this is an upgrade and you are using the default PostgreSQL (`postgresql.enabled=true`), you need to pass postgresql.image.tag=9.6.18-debian-10-r7 and databaseUpgradeReady=true - -## [2.6.0] - Jun 29, 2020 -* Updated Artifactory version to 7.6.1 - https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.6.1 -* Add tpl for external database secrets - -## [2.5.8] - Jun 25, 2020 -* Stop loading the Nginx stream module because it is now a core module - -## [2.5.7] - Jun 18, 2020 -* Fixes bootstrap configMap issue on member node - -## [2.5.6] - Jun 11, 2020 -* Support list of custom secrets - -## [2.5.5] - Jun 11, 2020 -* NOTES.txt fixed incorrect information - -## [2.5.4] - Jun 12, 2020 -* Updated Artifactory version to 7.5.7 - https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.5.7 - -## [2.5.3] - Jun 8, 2020 -* Statically setting primary service type to ClusterIP. -* Prevents primary service from being exposed publicly when using LoadBalancer type on cloud providers. - -## [2.5.2] - Jun 8, 2020 -* Readme update - configuring Artifactory with oracledb - -## [2.5.1] - Jun 5, 2020 -* Fixes broken PDB issue upgrading from 6.x to 7.x - -## [2.5.0] - Jun 1, 2020 -* Updated Artifactory version to 7.5.5 - https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.5 -* Fixes bootstrap configMap permission issue -* Update postgresql tag version to `9.6.18-debian-10-r7` - -## [2.4.10] - May 27, 2020 -* Added Tomcat maxThreads & acceptCount - -## [2.4.9] - May 25, 2020 -* Fixed postgresql README `image` Parameters - -## [2.4.8] - May 24, 2020 -* Fixed typo in README regarding migration timeout - -## [2.4.7] - May 19, 2020 -* Added metadata maxOpenConnections - -## [2.4.6] - May 07, 2020 -* Fix `installerInfo` string format - -## [2.4.5] - Apr 27, 2020 -* Updated Artifactory version to 7.4.3 - -## [2.4.4] - Apr 27, 2020 -* Change customInitContainers order to run before the "migration-ha-artifactory" initContainer - -## [2.4.3] - Apr 24, 2020 -* Fix `artifactory.persistence.awsS3V3.useInstanceCredentials` incorrect conditional logic -* Bump postgresql tag version to `9.6.17-debian-10-r72` in values.yaml - -## [2.4.2] - Apr 16, 2020 -* Custom volume mounts in migration init container. - -## [2.4.1] - Apr 16, 2020 -* Fix broken support for gcpServiceAccount for googleStorage - -## [2.4.0] - Apr 14, 2020 -* Updated Artifactory version to 7.4.1 - -## [2.3.1] - April 13, 2020 -* Update README with helm v3 commands - -## [2.3.0] - April 10, 2020 -* Use dependency charts from `https://charts.bitnami.com/bitnami` -* Bump postgresql chart version to `8.7.3` in requirements.yaml -* Bump postgresql tag version to `9.6.17-debian-10-r21` in values.yaml - -## [2.2.11] - Apr 8, 2020 -* Added recommended ingress annotation to avoid 413 errors - -## [2.2.10] - Apr 8, 2020 -* Moved migration scripts under `files` directory -* Support preStartCommand in migration Init container as `artifactory.migration.preStartCommand` - -## [2.2.9] - Apr 01, 2020 -* Support masterKey and joinKey as secrets - -## [2.2.8] - Apr 01, 2020 -* Ensure that the join key is also copied when provided by an external secret -* Migration container in primary and node statefulset now respects custom versions and the specified node/primary resources - -## [2.2.7] - Apr 01, 2020 -* Added cache-layer in chain definition of Google Cloud Storage template -* Fix readme use to `-hex 32` instead of `-hex 16` - -## [2.2.6] - Mar 31, 2020 -* Change the way the artifactory `command:` is set so it will properly pass a SIGTERM to java - -## [2.2.5] - Mar 31, 2020 -* Removed duplicate `artifactory-license` volume from primary node - -## [2.2.4] - Mar 31, 2020 -* Restore `artifactory-license` volume for the primary node - -## [2.2.3] - Mar 29, 2020 -* Add Nginx log options: stderr as logfile and log level - -## [2.2.2] - Mar 30, 2020 -* Apply initContainers.resources to `copy-system-yaml`, `prepare-custom-persistent-volume`, and `migration-artifactory-ha` containers -* Use the same defaulting mechanism used for the artifactory version used elsewhere in the chart -* Removed duplicate `artifactory-license` volume that prevented using an external secret - -## [2.2.1] - Mar 29, 2020 -* Fix loggers sidecars configurations to support new file system layout and new log names - -## [2.2.0] - Mar 29, 2020 -* Fix broken admin user bootstrap configuration -* **Breaking change:** renamed `artifactory.accessAdmin` to `artifactory.admin` - -## [2.1.3] - Mar 24, 2020 -* Use `postgresqlExtendedConf` for setting custom PostgreSQL configuration (instead of `postgresqlConfiguration`) - -## [2.1.2] - Mar 21, 2020 -* Support for SSL offload in Nginx service(LoadBalancer) layer. Introduced `nginx.service.ssloffload` field with boolean type. - -## [2.1.1] - Mar 23, 2020 -* Moved installer info to values.yaml so it is fully customizable - -## [2.1.0] - Mar 23, 2020 -* Updated Artifactory version to 7.3.2 - -## [2.0.36] - Mar 20, 2020 -* Add support GCP credentials.json authentication - -## [2.0.35] - Mar 20, 2020 -* Add support for masterKey trim during 6.x to 7.x migration if 6.x masterKey is 32 hex (64 characters) - -## [2.0.34] - Mar 19, 2020 -* Add support for NFS directories `haBackupDir` and `haDataDir` - -## [2.0.33] - Mar 18, 2020 -* Increased Nginx proxy_buffers size - -## [2.0.32] - Mar 17, 2020 -* Changed all single quotes to double quotes in values files -* useInstanceCredentials variable was declared in S3 settings but not used in chart. Now it is being used. - -## [2.0.31] - Mar 17, 2020 -* Fix rendering of Service Account annotations - -## [2.0.30] - Mar 16, 2020 -* Add Unsupported message from 6.18 to 7.2.x (migration) - -## [2.0.29] - Mar 11, 2020 -* Upgrade Docs update - -## [2.0.28] - Mar 11, 2020 -* Unified charts public release - -## [2.0.27] - Mar 8, 2020 -* Add an optional wait for primary node to be ready with a proper test for http status - -## [2.0.23] - Mar 6, 2020 -* Fix path to `/artifactory_bootstrap` -* Add support for controlling the name of the ingress and allow to set more than one cname - -## [2.0.22] - Mar 4, 2020 -* Add support for disabling `consoleLog` in `system.yaml` file - -## [2.0.21] - Feb 28, 2020 -* Add support to process `valueFrom` for extraEnvironmentVariables - -## [2.0.20] - Feb 26, 2020 -* Store join key to secret - -## [2.0.19] - Feb 26, 2020 -* Updated Artifactory version to 7.2.1 - -## [2.0.12] - Feb 07, 2020 -* Remove protection flag `databaseUpgradeReady` which was added to check internal postgres upgrade - -## [2.0.0] - Feb 07, 2020 -* Updated Artifactory version to 7.0.0 - -## [1.4.10] - Feb 13, 2020 -* Add support for SSH authentication to Artifactory - -## [1.4.9] - Feb 10, 2020 -* Fix custom DB password indention - -## [1.4.8] - Feb 9, 2020 -* Add support for `tpl` in the `postStartCommand` - -## [1.4.7] - Feb 4, 2020 -* Support customisable Nginx kind - -## [1.4.6] - Feb 2, 2020 -* Add a comment stating that it is recommended to use an external PostgreSQL with a static password for production installations - -## [1.4.5] - Feb 2, 2020 -* Add support for primary or member node specific preStartCommand - -## [1.4.4] - Jan 30, 2020 -* Add the option to configure resources for the logger containers - -## [1.4.3] - Jan 26, 2020 -* Improve `database.user` and `database.password` logic in order to support more use cases and make the configuration less repetitive - -## [1.4.2] - Jan 22, 2020 -* Refined pod disruption budgets to separate nginx and Artifactory pods - -## [1.4.1] - Jan 19, 2020 -* Fix replicator port config in nginx replicator configmap - -## [1.4.0] - Jan 19, 2020 -* Updated Artifactory version to 6.17.0 - -## [1.3.8] - Jan 16, 2020 -* Added example for external nginx-ingress - -## [1.3.7] - Jan 07, 2020 -* Add support for customizable `mountOptions` of NFS PVs - -## [1.3.6] - Dec 30, 2019 -* Fix for nginx probes failing when launched with http disabled - -## [1.3.5] - Dec 24, 2019 -* Better support for custom `artifactory.internalPort` - -## [1.3.4] - Dec 23, 2019 -* Mark empty map values with `{}` - -## [1.3.3] - Dec 16, 2019 -* Another fix for toggling nginx service ports - -## [1.3.2] - Dec 12, 2019 -* Fix for toggling nginx service ports - -## [1.3.1] - Dec 10, 2019 -* Add support for toggling nginx service ports - -## [1.3.0] - Dec 1, 2019 -* Updated Artifactory version to 6.16.0 - -## [1.2.4] - Nov 28, 2019 -* Add support for using existing PriorityClass - -## [1.2.3] - Nov 27, 2019 -* Add support for PriorityClass - -## [1.2.2] - Nov 20, 2019 -* Update Artifactory logo - -## [1.2.1] - Nov 18, 2019 -* Add the option to provide service account annotations (in order to support stuff like https://docs.aws.amazon.com/eks/latest/userguide/specify-service-account-role.html) - -## [1.2.0] - Nov 18, 2019 -* Updated Artifactory version to 6.15.0 - -## [1.1.12] - Nov 17, 2019 -* Fix `README.md` format (broken table) - -## [1.1.11] - Nov 17, 2019 -* Update comment on Artifactory master key - -## [1.1.10] - Nov 17, 2019 -* Fix creation of double slash in nginx artifactory configuration - -## [1.1.9] - Nov 14, 2019 -* Set explicit `postgresql.postgresqlPassword=""` to avoid helm v3 error - -## [1.1.8] - Nov 12, 2019 -* Updated Artifactory version to 6.14.1 - -## [1.1.7] - Nov 11, 2019 -* Additional documentation for masterKey - -## [1.1.6] - Nov 10, 2019 -* Update PostgreSQL chart version to 7.0.1 -* Use formal PostgreSQL configuration format - -## [1.1.5] - Nov 8, 2019 -* Add support `artifactory.service.loadBalancerSourceRanges` for whitelisting when setting `artifactory.service.type=LoadBalancer` - -## [1.1.4] - Nov 6, 2019 -* Add support for any type of environment variable by using `extraEnvironmentVariables` as-is - -## [1.1.3] - Nov 6, 2019 -* Add nodeselector support for Postgresql - -## [1.1.2] - Nov 5, 2019 -* Add support for the aws-s3-v3 filestore, which adds support for pod IAM roles - -## [1.1.1] - Nov 4, 2019 -* When using `copyOnEveryStartup`, make sure that the target base directories are created before copying the files - -## [1.1.0] - Nov 3, 2019 -* Updated Artifactory version to 6.14.0 - -## [1.0.1] - Nov 3, 2019 -* Make sure the artifactory pod exits when one of the pre-start stages fail - -## [1.0.0] - Oct 27, 2019 -**IMPORTANT - BREAKING CHANGES!**
-**DOWNTIME MIGHT BE REQUIRED FOR AN UPGRADE!** -* If this is a new deployment or you already use an external database (`postgresql.enabled=false`), these changes **do not affect you**! -* If this is an upgrade and you are using the default PostgreSQL (`postgresql.enabled=true`), must use the upgrade instructions in [UPGRADE_NOTES.md](UPGRADE_NOTES.md)! -* PostgreSQL sub chart was upgraded to version `6.5.x`. This version is **not backward compatible** with the old version (`0.9.5`)! -* Note the following **PostgreSQL** Helm chart changes - * The chart configuration has changed! See [values.yaml](values.yaml) for the new keys used - * **PostgreSQL** is deployed as a StatefulSet - * See [PostgreSQL helm chart](https://hub.helm.sh/charts/stable/postgresql) for all available configurations - -## [0.17.3] - Oct 24, 2019 -* Change the preStartCommand to support templating - -## [0.17.2] - Oct 21, 2019 -* Add support for setting `artifactory.primary.labels` -* Add support for setting `artifactory.node.labels` -* Add support for setting `nginx.labels` - -## [0.17.1] - Oct 10, 2019 -* Updated Artifactory version to 6.13.1 - -## [0.17.0] - Oct 7, 2019 -* Updated Artifactory version to 6.13.0 - -## [0.16.7] - Sep 24, 2019 -* Option to skip wait-for-db init container with '--set waitForDatabase=false' - -## [0.16.6] - Sep 24, 2019 -* Add support for setting `nginx.service.labels` - -## [0.16.5] - Sep 23, 2019 -* Add support for setting `artifactory.customInitContainersBegin` - -## [0.16.4] - Sep 20, 2019 -* Add support for setting `initContainers.resources` - -## [0.16.3] - Sep 11, 2019 -* Updated Artifactory version to 6.12.2 - -## [0.16.2] - Sep 9, 2019 -* Updated Artifactory version to 6.12.1 - -## [0.16.1] - Aug 22, 2019 -* Fix the nginx server_name directive used with ingress.hosts - -## [0.16.0] - Aug 21, 2019 -* Updated Artifactory version to 6.12.0 - -## [0.15.15] - Aug 18, 2019 -* Fix existingSharedClaim permissions issue and example - -## [0.15.14] - Aug 14, 2019 -* Updated Artifactory version to 6.11.6 - -## [0.15.13] - Aug 11, 2019 -* Fix Ingress routing and add an example - -## [0.15.12] - Aug 6, 2019 -* Do not mount `access/etc/bootstrap.creds` unless user specifies a custom password or secret (Access already generates a random password if not provided one) -* If custom `bootstrap.creds` is provided (using keys or custom secret), prepare it with an init container so the temp file does not persist - -## [0.15.11] - Aug 5, 2019 -* Improve binarystore config - 1. Convert to a secret - 2. Move config to values.yaml - 3. Support an external secret - -## [0.15.10] - Aug 5, 2019 -* Don't create the nginx configmaps when nginx.enabled is false - -## [0.15.9] - Aug 1, 2019 -* Fix masterkey/masterKeySecretName not specified warning render logic in NOTES.txt - -## [0.15.8] - Jul 28, 2019 -* Simplify nginx setup and shorten initial wait for probes - -## [0.15.7] - Jul 25, 2019 -* Updated README about how to apply Artifactory licenses - -## [0.15.6] - Jul 22, 2019 -* Change Ingress API to be compatible with recent kubernetes versions - -## [0.15.5] - Jul 22, 2019 -* Updated Artifactory version to 6.11.3 - -## [0.15.4] - Jul 11, 2019 -* Add `artifactory.customVolumeMounts` support to member node statefulset template - -## [0.15.3] - Jul 11, 2019 -* Add ingress.hosts to the Nginx server_name directive when ingress is enabled to help with Docker repository sub domain configuration - -## [0.15.2] - Jul 3, 2019 -* Add the option for changing nginx config using values.yaml and remove outdated reverse proxy documentation - -## [0.15.1] - Jul 1, 2019 -* Updated Artifactory version to 6.11.1 - -## [0.15.0] - Jun 27, 2019 -* Updated Artifactory version to 6.11.0 and Restart Primary node when bootstrap.creds file has been modified in artifactory-ha - -## [0.14.4] - Jun 24, 2019 -* Add the option to provide an IP for the access-admin endpoints - -## [0.14.3] - Jun 24, 2019 -* Update chart maintainers - -## [0.14.2] - Jun 24, 2019 -* Change Nginx to point to the artifactory externalPort - -## [0.14.1] - Jun 23, 2019 -* Add values files for small, medium and large installations - -## [0.14.0] - Jun 20, 2019 -* Use ConfigMaps for nginx configuration and remove nginx postStart command - -## [0.13.10] - Jun 19, 2019 -* Updated Artifactory version to 6.10.4 - -## [0.13.9] - Jun 18, 2019 -* Add the option to provide additional ingress rules - -## [0.13.8] - Jun 14, 2019 -* Updated readme with improved external database setup example - -## [0.13.7] - Jun 6, 2019 -* Updated Artifactory version to 6.10.3 -* Updated installer-info template - -## [0.13.6] - Jun 6, 2019 -* Updated Google Cloud Storage API URL and https settings - -## [0.13.5] - Jun 5, 2019 -* Delete the db.properties file on Artifactory startup - -## [0.13.4] - Jun 3, 2019 -* Updated Artifactory version to 6.10.2 - -## [0.13.3] - May 21, 2019 -* Updated Artifactory version to 6.10.1 - -## [0.13.2] - May 19, 2019 -* Fix missing logger image tag - -## [0.13.1] - May 15, 2019 -* Support `artifactory.persistence.cacheProviderDir` for on-premise cluster - -## [0.13.0] - May 7, 2019 -* Updated Artifactory version to 6.10.0 - -## [0.12.23] - May 5, 2019 -* Add support for setting `artifactory.async.corePoolSize` - -## [0.12.22] - May 2, 2019 -* Remove unused property `artifactory.releasebundle.feature.enabled` - -## [0.12.21] - Apr 30, 2019 -* Add support for JMX monitoring - -## [0.12.20] - Apr29, 2019 -* Added support for headless services - -## [0.12.19] - Apr 28, 2019 -* Added support for `cacheProviderDir` - -## [0.12.18] - Apr 18, 2019 -* Changing API StatefulSet version to `v1` and permission fix for custom `artifactory.conf` for Nginx - -## [0.12.17] - Apr 16, 2019 -* Updated documentation for Reverse Proxy Configuration - -## [0.12.16] - Apr 12, 2019 -* Added support for `customVolumeMounts` - -## [0.12.15] - Aprl 12, 2019 -* Added support for `bucketExists` flag for googleStorage - -## [0.12.14] - Apr 11, 2019 -* Replace `curl` examples with `wget` due to the new base image - -## [0.12.13] - Aprl 07, 2019 -* Add support for providing the Artifactory license as a parameter - -## [0.12.12] - Apr 10, 2019 -* Updated Artifactory version to 6.9.1 - -## [0.12.11] - Aprl 04, 2019 -* Add support for templated extraEnvironmentVariables - -## [0.12.10] - Aprl 07, 2019 -* Change network policy API group - -## [0.12.9] - Aprl 04, 2019 -* Apply the existing PVC for members (in addition to primary) - -## [0.12.8] - Aprl 03, 2019 -* Bugfix for userPluginSecrets - -## [0.12.7] - Apr 4, 2019 -* Add information about upgrading Artifactory with auto-generated postgres password - -## [0.12.6] - Aprl 03, 2019 -* Added installer info - -## [0.12.5] - Aprl 03, 2019 -* Allow secret names for user plugins to contain template language - -## [0.12.4] - Apr 02, 2019 -* Fix issue #253 (use existing PVC for data and backup storage) - -## [0.12.3] - Apr 02, 2019 -* Allow NetworkPolicy configurations (defaults to allow all) - -## [0.12.2] - Aprl 01, 2019 -* Add support for user plugin secret - -## [0.12.1] - Mar 26, 2019 -* Add the option to copy a list of files to ARTIFACTORY_HOME on startup - -## [0.12.0] - Mar 26, 2019 -* Updated Artifactory version to 6.9.0 - -## [0.11.18] - Mar 25, 2019 -* Add CI tests for persistence, ingress support and nginx - -## [0.11.17] - Mar 22, 2019 -* Add the option to change the default access-admin password - -## [0.11.16] - Mar 22, 2019 -* Added support for `.Probe.path` to customise the paths used for health probes - -## [0.11.15] - Mar 21, 2019 -* Added support for `artifactory.customSidecarContainers` to create custom sidecar containers -* Added support for `artifactory.customVolumes` to create custom volumes - -## [0.11.14] - Mar 21, 2019 -* Make ingress path configurable - -## [0.11.13] - Mar 19, 2019 -* Move the copy of bootstrap config from postStart to preStart for Primary - -## [0.11.12] - Mar 19, 2019 -* Fix existingClaim example - -## [0.11.11] - Mar 18, 2019 -* Disable the option to use nginx PVC with more than one replica - -## [0.11.10] - Mar 15, 2019 -* Wait for nginx configuration file before using it - -## [0.11.9] - Mar 15, 2019 -* Revert securityContext changes since they were causing issues - -## [0.11.8] - Mar 15, 2019 -* Fix issue #247 (init container failing to run) - -## [0.11.7] - Mar 14, 2019 -* Updated Artifactory version to 6.8.7 - -## [0.11.6] - Mar 13, 2019 -* Move securityContext to container level - -## [0.11.5] - Mar 11, 2019 -* Add the option to use existing volume claims for Artifactory storage - -## [0.11.4] - Mar 11, 2019 -* Updated Artifactory version to 6.8.6 - -## [0.11.3] - Mar 5, 2019 -* Updated Artifactory version to 6.8.4 - -## [0.11.2] - Mar 4, 2019 -* Add support for catalina logs sidecars - -## [0.11.1] - Feb 27, 2019 -* Updated Artifactory version to 6.8.3 - -## [0.11.0] - Feb 25, 2019 -* Add nginx support for tail sidecars - -## [0.10.3] - Feb 21, 2019 -* Add s3AwsVersion option to awsS3 configuration for use with IAM roles - -## [0.10.2] - Feb 19, 2019 -* Updated Artifactory version to 6.8.2 - -## [0.10.1] - Feb 17, 2019 -* Updated Artifactory version to 6.8.1 -* Add example of `SERVER_XML_EXTRA_CONNECTOR` usage - -## [0.10.0] - Feb 15, 2019 -* Updated Artifactory version to 6.8.0 - -## [0.9.7] - Feb 13, 2019 -* Updated Artifactory version to 6.7.3 - -## [0.9.6] - Feb 7, 2019 -* Add support for tail sidecars to view logs from k8s api - -## [0.9.5] - Feb 6, 2019 -* Fix support for customizing statefulset `terminationGracePeriodSeconds` - -## [0.9.4] - Feb 5, 2019 -* Add support for customizing statefulset `terminationGracePeriodSeconds` - -## [0.9.3] - Feb 5, 2019 -* Remove the inactive server remove plugin - -## [0.9.2] - Feb 3, 2019 -* Updated Artifactory version to 6.7.2 - -## [0.9.1] - Jan 27, 2019 -* Fix support for Azure Blob Storage Binary provider - -## [0.9.0] - Jan 23, 2019 -* Updated Artifactory version to 6.7.0 - -## [0.8.10] - Jan 22, 2019 -* Added support for `artifactory.customInitContainers` to create custom init containers - -## [0.8.9] - Jan 18, 2019 -* Added support of values ingress.labels - -## [0.8.8] - Jan 16, 2019 -* Mount replicator.yaml (config) directly to /replicator_extra_conf - -## [0.8.7] - Jan 15, 2018 -* Add support for Azure Blob Storage Binary provider - -## [0.8.6] - Jan 13, 2019 -* Fix documentation about nginx group id - -## [0.8.5] - Jan 13, 2019 -* Updated Artifactory version to 6.6.5 - -## [0.8.4] - Jan 8, 2019 -* Make artifactory.replicator.publicUrl required when the replicator is enabled - -## [0.8.3] - Jan 1, 2019 -* Updated Artifactory version to 6.6.3 -* Add support for `artifactory.extraEnvironmentVariables` to pass more environment variables to Artifactory - -## [0.8.2] - Dec 28, 2018 -* Fix location `replicator.yaml` is copied to - -## [0.8.1] - Dec 27, 2018 -* Updated Artifactory version to 6.6.1 - -## [0.8.0] - Dec 20, 2018 -* Updated Artifactory version to 6.6.0 - -## [0.7.17] - Dec 17, 2018 -* Updated Artifactory version to 6.5.13 - -## [0.7.16] - Dec 12, 2018 -* Fix documentation about Artifactory license setup using secret - -## [0.7.15] - Dec 9, 2018 -* AWS S3 add `roleName` for using IAM role - -## [0.7.14] - Dec 6, 2018 -* AWS S3 `identity` and `credential` are now added only if have a value to allow using IAM role - -## [0.7.13] - Dec 5, 2018 -* Remove Distribution certificates creation. - -## [0.7.12] - Dec 2, 2018 -* Remove Java option "-Dartifactory.locking.provider.type=db". This is already the default setting. - -## [0.7.11] - Nov 30, 2018 -* Updated Artifactory version to 6.5.9 - -## [0.7.10] - Nov 29, 2018 -* Fixed the volumeMount for the replicator.yaml - -## [0.7.9] - Nov 29, 2018 -* Optionally include primary node into poddisruptionbudget - -## [0.7.8] - Nov 29, 2018 -* Updated postgresql version to 9.6.11 - -## [0.7.7] - Nov 27, 2018 -* Updated Artifactory version to 6.5.8 - -## [0.7.6] - Nov 18, 2018 -* Added support for configMap to use custom Reverse Proxy Configuration with Nginx - -## [0.7.5] - Nov 14, 2018 -* Updated Artifactory version to 6.5.3 - -## [0.7.4] - Nov 13, 2018 -* Allow pod anti-affinity settings to include primary node - -## [0.7.3] - Nov 12, 2018 -* Support artifactory.preStartCommand for running command before entrypoint starts - -## [0.7.2] - Nov 7, 2018 -* Support database.url parameter (DB_URL) - -## [0.7.1] - Oct 29, 2018 -* Change probes port to 8040 (so they will not be blocked when all tomcat threads on 8081 are exhausted) - -## [0.7.0] - Oct 28, 2018 -* Update postgresql chart to version 0.9.5 to be able and use `postgresConfig` options - -## [0.6.9] - Oct 23, 2018 -* Fix providing external secret for database credentials - -## [0.6.8] - Oct 22, 2018 -* Allow user to configure externalTrafficPolicy for Loadbalancer - -## [0.6.7] - Oct 22, 2018 -* Updated ingress annotation support (with examples) to support docker registry v2 - -## [0.6.6] - Oct 21, 2018 -* Updated Artifactory version to 6.5.2 - -## [0.6.5] - Oct 19, 2018 -* Allow providing pre-existing secret containing master key -* Allow arbitrary annotations on primary and member node pods -* Enforce size limits when using local storage with `emptyDir` -* Allow `soft` or `hard` specification of member node anti-affinity -* Allow providing pre-existing secrets containing external database credentials -* Fix `s3` binary store provider to properly use the `cache-fs` provider -* Allow arbitrary properties when using the `s3` binary store provider - -## [0.6.4] - Oct 18, 2018 -* Updated Artifactory version to 6.5.1 - -## [0.6.3] - Oct 17, 2018 -* Add Apache 2.0 license - -## [0.6.2] - Oct 14, 2018 -* Make S3 endpoint configurable (was hardcoded with `s3.amazonaws.com`) - -## [0.6.1] - Oct 11, 2018 -* Allows ingress default `backend` to be enabled or disabled (defaults to enabled) - -## [0.6.0] - Oct 11, 2018 -* Updated Artifactory version to 6.5.0 - -## [0.5.3] - Oct 9, 2018 -* Quote ingress hosts to support wildcard names - -## [0.5.2] - Oct 2, 2018 -* Add `helm repo add jfrog https://charts.jfrog.io` to README - -## [0.5.1] - Oct 2, 2018 -* Set Artifactory to 6.4.1 - -## [0.5.0] - Sep 27, 2018 -* Set Artifactory to 6.4.0 - -## [0.4.7] - Sep 26, 2018 -* Add ci/test-values.yaml - -## [0.4.6] - Sep 25, 2018 -* Add PodDisruptionBudget for member nodes, defaulting to minAvailable of 1 - -## [0.4.4] - Sep 2, 2018 -* Updated Artifactory version to 6.3.2 - -## [0.4.0] - Aug 22, 2018 -* Added support to run as non root -* Updated Artifactory version to 6.2.0 - -## [0.3.0] - Aug 22, 2018 -* Enabled RBAC Support -* Added support for PostStartCommand (To download Database JDBC connector) -* Increased postgresql max_connections -* Added support for `nginx.conf` ConfigMap -* Updated Artifactory version to 6.1.0 diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/Chart.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/Chart.yaml deleted file mode 100755 index 6422c9841..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/Chart.yaml +++ /dev/null @@ -1,29 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: artifactory-ha -apiVersion: v1 -appVersion: 7.6.3 -description: Universal Repository Manager supporting all major packaging formats, - build tools and CI servers. -home: https://www.jfrog.com/artifactory/ -icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory-ha/logo/artifactory-logo.png -keywords: -- artifactory -- jfrog -- devops -maintainers: -- email: amithk@jfrog.com - name: amithins -- email: daniele@jfrog.com - name: danielezer -- email: eldada@jfrog.com - name: eldada -- email: ramc@jfrog.com - name: chukka -- email: rimasm@jfrog.com - name: rimusz -name: artifactory-ha -sources: -- https://bintray.com/jfrog/product/JFrog-Artifactory-Pro/view -- https://github.com/jfrog/charts -version: 3.0.1400 diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/LICENSE b/charts/artifactory-ha/artifactory-ha/3.0.1400/LICENSE deleted file mode 100755 index 8dada3eda..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/LICENSE +++ /dev/null @@ -1,201 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "{}" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright {yyyy} {name of copyright owner} - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/README.md b/charts/artifactory-ha/artifactory-ha/3.0.1400/README.md deleted file mode 100755 index f9ad3619d..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/README.md +++ /dev/null @@ -1,1587 +0,0 @@ -# JFrog Artifactory High Availability Helm Chart - -## Prerequisites Details - -* Kubernetes 1.12+ -* Artifactory HA license - -## Chart Details -This chart will do the following: - -* Deploy Artifactory highly available cluster. 1 primary node and 2 member nodes. -* Deploy a PostgreSQL database **NOTE:** For production grade installations it is recommended to use an external PostgreSQL -* Deploy an Nginx server - -## Artifactory HA architecture -The Artifactory HA cluster in this chart is made up of -- A single primary node -- Two member nodes, which can be resized at will - -Load balancing is done to the member nodes only. -This leaves the primary node free to handle jobs and tasks and not be interrupted by inbound traffic. -> This can be controlled by the parameter `artifactory.service.pool`. - -## Installing the Chart - -### Add ChartCenter Helm repository - -Before installing JFrog helm charts, you need to add the [ChartCenter helm repository](https://chartcenter.io) to your helm client - -```bash -helm repo add center https://repo.chartcenter.io -helm repo update -``` - -**NOTE:** Passing masterKey is mandatory for fresh install of chart (7.x Appversion) - -### Create a unique Master Key -Artifactory HA cluster requires a unique master key. - -**For production grade installations it is strongly recommended to use a custom master key. If you initially use the default master key it will be very hard to change the master key at a later stage** - -You should generate a unique one and pass it to the template at install/upgrade time. -```bash -# Create a key -export MASTER_KEY=$(openssl rand -hex 32) -echo ${MASTER_KEY} -``` - -### Install Chart -To install the chart with the release name `artifactory-ha`: - -```bash -helm upgrade --install artifactory-ha --set artifactory.masterKey=${MASTER_KEY} --namespace artifactory-ha center/jfrog/artifactory-ha -``` - -### System Configuration -Artifactory uses a common system configuration file - `system.yaml`. See [official documentation](https://www.jfrog.com/confluence/display/JFROG/System+YAML+Configuration+File) on its usage. -In order to override the default `system.yaml` configuration, do the following: -```bash -artifactory: - systemYaml: | - -``` - -### Deploying Artifactory for small/medium/large instllations -In the chart directory, we have added three values files, one for each installation type - small/medium/large. These values files are recommendations for setting resources requests and limits for your installation. The values are derived from the following [documentation](https://www.jfrog.com/confluence/display/EP/Installing+on+Kubernetes#InstallingonKubernetes-Systemrequirements). You can find them in the corresponding chart directory - values-small.yaml, values-medium.yaml and values-large.yaml - -### Accessing Artifactory -**NOTE:** It might take a few minutes for Artifactory's public IP to become available, and the nodes to complete initial setup. -Follow the instructions outputted by the install command to get the Artifactory IP and URL to access it. - -### Updating Artifactory -Once you have a new chart version, you can update your deployment with -```bash -helm upgrade artifactory-ha --namespace artifactory-ha center/jfrog/artifactory-ha -``` - -If artifactory was installed without providing a value to postgresql.postgresqlPassword (a password was autogenerated), follow these instructions: -1. Get the current password by running: -```bash -POSTGRES_PASSWORD=$(kubectl get secret -n -postgresql -o jsonpath="{.data.postgresql-password}" | base64 --decode) -``` -2. Upgrade the release by passing the previously auto-generated secret: -```bash -helm upgrade --namespace artifactory-ha center/jfrog/artifactory-ha --set postgresql.postgresqlPassword=${POSTGRES_PASSWORD} -``` - -This will apply any configuration changes on your existing deployment. - -### Special Upgrade Notes -#### Artifactory upgrade from 6.x to 7.x (App Version) -Arifactory 6.x to 7.x upgrade requires a one time migration process. This is done automatically on pod startup if needed. -It's possible to configure the migration timeout with the following configuration in extreme cases. The provided default should be more than enough for completion of the migration. -```yaml -artifactory: - # Migration support from 6.x to 7.x - migration: - enabled: true - timeoutSeconds: 3600 -``` - -### Artifactory memory and CPU resources -The Artifactory HA Helm chart comes with support for configured resource requests and limits to all pods. By default, these settings are commented out. -It is **highly** recommended to set these so you have full control of the allocated resources and limits. - -See more information on [setting resources for your Artifactory based on planned usage](https://www.jfrog.com/confluence/display/RTF/System+Requirements#SystemRequirements-RecommendedHardware). - -```bash -# Example of setting resource requests and limits to all pods (including passing java memory settings to Artifactory) -helm upgrade --install artifactory-ha \ - --set artifactory.primary.resources.requests.cpu="500m" \ - --set artifactory.primary.resources.limits.cpu="2" \ - --set artifactory.primary.resources.requests.memory="1Gi" \ - --set artifactory.primary.resources.limits.memory="4Gi" \ - --set artifactory.primary.javaOpts.xms="1g" \ - --set artifactory.primary.javaOpts.xmx="4g" \ - --set artifactory.node.resources.requests.cpu="500m" \ - --set artifactory.node.resources.limits.cpu="2" \ - --set artifactory.node.resources.requests.memory="1Gi" \ - --set artifactory.node.resources.limits.memory="4Gi" \ - --set artifactory.node.javaOpts.xms="1g" \ - --set artifactory.node.javaOpts.xmx="4g" \ - --set initContainers.resources.requests.cpu="10m" \ - --set initContainers.resources.limits.cpu="250m" \ - --set initContainers.resources.requests.memory="64Mi" \ - --set initContainers.resources.limits.memory="128Mi" \ - --set postgresql.resources.requests.cpu="200m" \ - --set postgresql.resources.limits.cpu="1" \ - --set postgresql.resources.requests.memory="500Mi" \ - --set postgresql.resources.limits.memory="1Gi" \ - --set nginx.resources.requests.cpu="100m" \ - --set nginx.resources.limits.cpu="250m" \ - --set nginx.resources.requests.memory="250Mi" \ - --set nginx.resources.limits.memory="500Mi" \ - --namespace artifactory-ha center/jfrog/artifactory-ha -``` -> Artifactory java memory parameters can (and should) also be set to match the allocated resources with `artifactory.[primary|node].javaOpts.xms` and `artifactory.[primary|node].javaOpts.xmx`. - -Get more details on configuring Artifactory in the [official documentation](https://www.jfrog.com/confluence/). - -Although it is possible to set resources limits and requests this way, it is recommended to use the pre-built values files -for small, medium and large installation and change them according to your needs (if necessary), as described [here](#Deploying-Artifactory-for-small/medium/large-installations) - -### Deploying Artifactory for small/medium/large installations -In the chart directory, we have added three values files, one for each installation type - small/medium/large. These values files are recommendations for setting resources requests and limits for your installation. The values are derived from the following [documentation](https://www.jfrog.com/confluence/display/EP/Installing+on+Kubernetes#InstallingonKubernetes-Systemrequirements). You can find them in the corresponding chart directory - values-small.yaml, values-medium.yaml and values-large.yaml - -### Artifactory storage -Artifactory HA support a wide range of storage back ends. You can see more details on [Artifactory HA storage options](https://www.jfrog.com/confluence/display/RTF/HA+Installation+and+Setup#HAInstallationandSetup-SettingUpYourStorageConfiguration) - -In this chart, you set the type of storage you want with `artifactory.persistence.type` and pass the required configuration settings. -The default storage in this chart is the `file-system` replication, where the data is replicated to all nodes. - -> **IMPORTANT:** All storage configurations (except NFS) come with a default `artifactory.persistence.redundancy` parameter. -This is used to set how many replicas of a binary should be stored in the cluster's nodes. -Once this value is set on initial deployment, you can not update it using helm. -It is recommended to set this to a number greater than half of your cluster's size, and never scale your cluster down to a size smaller than this number. - -#### Existing volume claim - -###### Primary node -In order to use an existing volume claim for the Artifactory primary storage, you need to: -- Create a persistent volume claim by the name `volume--artifactory-ha-primary-0` e.g `volume-myrelease-artifactory-ha-primary-0` -- Pass a parameter to `helm install` and `helm upgrade` -```bash -... ---set artifactory.primary.persistence.existingClaim=true -``` - -###### Member nodes -In order to use an existing volume claim for the Artifactory member nodes storage, you need to: -- Create persistent volume claims according to the number of replicas defined at `artifactory.node.replicaCount` by the names `volume--artifactory-ha-member-`, e.g `volume-myrelease-artifactory-ha-member-0` and `volume-myrelease-artifactory-ha-primary-1`. -- Pass a parameter to `helm install` and `helm upgrade` -```bash -... ---set artifactory.node.persistence.existingClaim=true -``` - -#### Existing shared volume claim - -In order to use an existing claim (for data and backup) that is to be shared across all nodes, you need to: - -- Create PVCs with ReadWriteMany that match the naming conventions: -``` - {{ template "artifactory-ha.fullname" . }}-data-pvc- - {{ template "artifactory-ha.fullname" . }}-backup-pvc- -``` -An example that shows 2 existing claims to be used: -``` - myexample-artifactory-ha-data-pvc-0 - myexample-artifactory-ha-backup-pvc-0 - myexample-artifactory-ha-data-pvc-1 - myexample-artifactory-ha-backup-pvc-1 -``` -- Set the artifactory.persistence.fileSystem.existingSharedClaim.enabled in values.yaml to true: -``` --- set artifactory.persistence.fileSystem.existingSharedClaim.enabled=true --- set artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims=2 -``` - -#### NFS -To use an NFS server as your cluster's storage, you need to -- Setup an NFS server. Get its IP as `NFS_IP` -- Create a `data` and `backup` directories on the NFS exported directory with write permissions to all -- Pass NFS parameters to `helm install` and `helm upgrade` -```bash -... ---set artifactory.persistence.type=nfs \ ---set artifactory.persistence.nfs.ip=${NFS_IP} \ -... -``` - -#### Google Storage -To use a Google Storage bucket as the cluster's filestore. See [Google Storage Binary Provider](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore#ConfiguringtheFilestore-GoogleStorageBinaryProvider) -- Pass Google Storage parameters to `helm install` and `helm upgrade` -```bash -... ---set artifactory.persistence.type=google-storage \ ---set artifactory.persistence.googleStorage.identity=${GCP_ID} \ ---set artifactory.persistence.googleStorage.credential=${GCP_KEY} \ -... -``` -``` -In order to use a GCP service account, Artifactory needs a gcp.credentials.json file in the same directory asa binaraystore.xml file. -This can be generated by running: -```bash -gcloud iam service-accounts keys create --iam-account -``` -Which will produce the following, which can be saved to a file or copied into your `values.yaml`. -```bash -{ - "type": "service_account", - "project_id": "", - "private_key_id": "?????", - "private_key": "-----BEGIN PRIVATE KEY-----\n????????==\n-----END PRIVATE KEY-----\n", - "client_email": "???@j.iam.gserviceaccount.com", - "client_id": "???????", - "auth_uri": "https://accounts.google.com/o/oauth2/auth", - "token_uri": "https://oauth2.googleapis.com/token", - "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", - "client_x509_cert_url": "https://www.googleapis.com/robot/v1....." -} -``` - -One option is to create your own [Secret](https://kubernetes.io/docs/concepts/configuration/secret/) and pass it to your `helm install` in a custom `values.yaml` -```bash -# Create the Kubernetes secret from the file you created earlier. -# IMPORTANT: The file must be called "gcp.credentials.json" because this is used later as the secret key! -kubectl create secret generic artifactory-gcp-creds --from-file=./gcp.credentials.json -``` -Set this secret in your custom `values.yaml` -```bash -artifactory: - persistence: - googleStorage - gcpServiceAccount: - enabled: true - customSecretName: artifactory-gcp-creds -``` - -Another option is to put your generated config directly in your custom `values.yaml` and the a secret will be created from it -``` -artifactory: - persistence: - googleStorage - gcpServiceAccount: - enabled: true - config: | - { - "type": "service_account", - "project_id": "", - "private_key_id": "?????", - "private_key": "-----BEGIN PRIVATE KEY-----\n????????==\n-----END PRIVATE KEY-----\n", - "client_email": "???@j.iam.gserviceaccount.com", - "client_id": "???????", - "auth_uri": "https://accounts.google.com/o/oauth2/auth", - "token_uri": "https://oauth2.googleapis.com/token", - "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", - "client_x509_cert_url": "https://www.googleapis.com/robot/v1....." - } -``` - -#### AWS S3 -**NOTE** Keep in mind that when using the `aws-s3` persistence type, you will not be able to provide an IAM on the pod level. -In order to grant permissions to Artifactory using an IAM role, you will have to attach the IAM role to the machine(s) on which Artifactory is running. -This is due to the fact that the `aws-s3` template uses the `JetS3t` library to interact with AWS. If you want to grant an IAM role at the pod level, see the `AWS S3 Vs` section. - -To use an AWS S3 bucket as the cluster's filestore. See [S3 Binary Provider](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore#ConfiguringtheFilestore-S3BinaryProvider) -- Pass AWS S3 parameters to `helm install` and `helm upgrade` -```bash -... -# With explicit credentials: ---set artifactory.persistence.type=aws-s3 \ ---set artifactory.persistence.awsS3.endpoint=${AWS_S3_ENDPOINT} \ ---set artifactory.persistence.awsS3.region=${AWS_REGION} \ ---set artifactory.persistence.awsS3.identity=${AWS_ACCESS_KEY_ID} \ ---set artifactory.persistence.awsS3.credential=${AWS_SECRET_ACCESS_KEY} \ -... - -... -# With using existing IAM role ---set artifactory.persistence.type=aws-s3 \ ---set artifactory.persistence.awsS3.endpoint=${AWS_S3_ENDPOINT} \ ---set artifactory.persistence.awsS3.region=${AWS_REGION} \ ---set artifactory.persistence.awsS3.roleName=${AWS_ROLE_NAME} \ -... -``` -**NOTE:** Make sure S3 `endpoint` and `region` match. See [AWS documentation on endpoint](https://docs.aws.amazon.com/general/latest/gr/rande.html) - -#### AWS S3 V3 -To use an AWS S3 bucket as the cluster's filestore and access it with the official AWS SDK, See [S3 Official SDK Binary Provider](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore#ConfiguringtheFilestore-AmazonS3OfficialSDKTemplate). -This filestore template uses the official AWS SDK, unlike the `aws-s3` implementation that uses the `JetS3t` library. -Use this template if you want to attach an IAM role to the Artifactory pod directly (as opposed to attaching it to the machine/s that Artifactory will run on). - -**NOTE** This will have to be combined with a k8s mechanism for attaching IAM roles to pods, like [kube2iam](https://github.com/helm/charts/tree/master/stable/kube2iam) or anything similar. - -- Pass AWS S3 V3 parameters and the annotation pointing to the IAM role (when using an IAM role. this is kube2iam specific and may vary depending on the implementation) to `helm install` and `helm upgrade` - -```bash -# With explicit credentials: ---set artifactory.persistence.type=aws-s3-v3 \ ---set artifactory.persistence.awsS3V3.region=${AWS_REGION} \ ---set artifactory.persistence.awsS3V3.bucketName=${AWS_S3_BUCKET_NAME} \ ---set artifactory.persistence.awsS3V3.identity=${AWS_ACCESS_KEY_ID} \ ---set artifactory.persistence.awsS3V3.credential=${AWS_SECRET_ACCESS_KEY} \ -... -``` - -```bash -# With using existing IAM role ---set artifactory.persistence.type=aws-s3-v3 \ ---set artifactory.persistence.awsS3V3.region=${AWS_REGION} \ ---set artifactory.persistence.awsS3V3.bucketName=${AWS_S3_BUCKET_NAME} \ ---set artifactory.annotations.'iam\.amazonaws\.com/role'=${AWS_IAM_ROLE_ARN} -... -``` - -#### Microsoft Azure Blob Storage -To use Azure Blob Storage as the cluster's filestore. See [Azure Blob Storage Binary Provider](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore#ConfiguringtheFilestore-AzureBlobStorageClusterBinaryProvider) -- Pass Azure Blob Storage parameters to `helm install` and `helm upgrade` -```bash -... ---set artifactory.persistence.type=azure-blob \ ---set artifactory.persistence.azureBlob.accountName=${AZURE_ACCOUNT_NAME} \ ---set artifactory.persistence.azureBlob.accountKey=${AZURE_ACCOUNT_KEY} \ ---set artifactory.persistence.azureBlob.endpoint=${AZURE_ENDPOINT} \ ---set artifactory.persistence.azureBlob.containerName=${AZURE_CONTAINER_NAME} \ -... -``` - -#### Custom binarystore.xml -You have an option to provide a custom [binarystore.xml](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore).
-There are two options for this - -1. Editing directly in [values.yaml](values.yaml) -```yaml -artifactory: - persistence: - binarystoreXml: | - - - - - -``` - -2. Create your own [Secret](https://kubernetes.io/docs/concepts/configuration/secret/) and pass it to your `helm install` command -```yaml -# Prepare your custom Secret file (custom-binarystore.yaml) -kind: Secret -apiVersion: v1 -metadata: - name: custom-binarystore - labels: - app: artifactory - chart: artifactory -stringData: - binarystore.xml: |- - - - - -``` - -```bash -# Create a secret from the file -kubectl apply -n artifactory -f ./custom-binarystore.yaml - -# Pass it to your helm install command: -helm upgrade --install artifactory-ha --set artifactory.persistence.customBinarystoreXmlSecret=custom-binarystore --namespace artifactory-ha center/jfrog/artifactory-ha -``` - -### Create a unique Master Key - -Alternatively, you can create a secret containing the master key manually and pass it to the template at install/upgrade time. -```bash -# Create a key -export MASTER_KEY=$(openssl rand -hex 32) -echo ${MASTER_KEY} - -# Create a secret containing the key. The key in the secret must be named master-key -kubectl create secret generic my-secret --from-literal=master-key=${MASTER_KEY} - -# Pass the created secret to helm -helm upgrade --install artifactory-ha --set artifactory.masterKeySecretName=my-secret --namespace artifactory-ha center/jfrog/artifactory-ha -``` -**NOTE:** In either case, make sure to pass the same master key on all future calls to `helm install` and `helm upgrade`! In the first case, this means always passing `--set artifactory.masterKey=${MASTER_KEY}`. In the second, this means always passing `--set artifactory.masterKeySecretName=my-secret` and ensuring the contents of the secret remain unchanged. - -### Special Upgrade Notes -### MasterKey during 6.x to 7.x Migration (App version) - -**NOTE:** 6.x only supports masterKey with 16 hex (32 characters) and if you have set masterKey using `openssl rand -hex 32` (64 characters) in 6.x, only the first 32 characters are used and rest are ignored. Hence, during 6.x to 7.x migration, we trim first 32 characters and set masterkey, which implies 7.x still uses the trimmed masterkey of 6.x. Hence, `artifactory.masterKey` should not be passed during migration from 6.x to 7.x. - -### Create a unique Join Key -Artifactory requires a unique join key. By default the chart has one set in values.yaml (`artifactory.joinKey`). - -**This key is for demo purpose and should not be used in a production environment!** - -You should generate a unique key and pass it to the template at install/upgrade time. -```bash -# Create a key -export JOIN_KEY=$(openssl rand -hex 32) -echo ${JOIN_KEY} - -# Pass the created join key to helm -helm upgrade --install artifactory-ha --set artifactory.joinKey=${JOIN_KEY} --namespace artifactory-ha center/jfrog/artifactory-ha -``` - -Alternatively, you can create a secret containing the join key manually and pass it to the template at install/upgrade time. -```bash -# Create a key -export JOIN_KEY=$(openssl rand -hex 32) -echo ${JOIN_KEY} - -# Create a secret containing the key. The key in the secret must be named join-key -kubectl create secret generic my-secret --from-literal=join-key=${JOIN_KEY} - -# Pass the created secret to helm -helm upgrade --install artifactory-ha --set artifactory.joinKeySecretName=my-secret --namespace artifactory-ha center/jfrog/artifactory-ha -``` -**NOTE:** In either case, make sure to pass the same join key on all future calls to `helm install` and `helm upgrade`! This means always passing `--set artifactory.joinKey=${JOIN_KEY}`. In the second, this means always passing `--set artifactory.joinKeySecretName=my-secret` and ensuring the contents of the secret remain unchanged.. - -### Install Artifactory HA license -For activating Artifactory HA, you must install an appropriate license. There are three ways to manage the license. **Artifactory UI**, **REST API**, or a **Kubernetes Secret**. - -The easier and recommended way is the **Artifactory UI**. Using the **Kubernetes Secret** or **REST API** is for advanced users and is better suited for automation. - -**IMPORTANT:** You should use only one of the following methods. Switching between them while a cluster is running might disable your Artifactory HA cluster! - -##### Artifactory UI -Once primary cluster is running, open Artifactory UI and insert the license(s) in the UI. See [HA installation and setup](https://www.jfrog.com/confluence/display/RTF/HA+Installation+and+Setup) for more details. **Note that you should enter all licenses at once, with each license is separated by a newline.** If you add the licenses one at a time, you may get redirected to a node without a license and the UI won't load for that node. - -##### REST API -You can add licenses via REST API (https://www.jfrog.com/confluence/display/RTF/Artifactory+REST+API#ArtifactoryRESTAPI-InstallHAClusterLicenses). Note that the REST API expects "\n" for the newlines in the licenses. - -##### Kubernetes Secret -You can deploy the Artifactory license(s) as a [Kubernetes secret](https://kubernetes.io/docs/concepts/configuration/secret/). -Prepare a text file with the license(s) written in it. If writing multiple licenses (must be in the same file), it's important to put **two new lines between each license block**! -```bash -# Create the Kubernetes secret (assuming the local license file is 'art.lic') -kubectl create secret generic artifactory-cluster-license --from-file=./art.lic - -# Pass the license to helm -helm upgrade --install artifactory-ha --set artifactory.license.secret=artifactory-cluster-license,artifactory.license.dataKey=art.lic --namespace artifactory-ha center/jfrog/artifactory-ha -``` -**NOTE:** This method is relevant for initial deployment only! Once Artifactory is deployed, you should not keep passing these parameters as the license is already persisted into Artifactory's storage (they will be ignored). -Updating the license should be done via Artifactory UI or REST API. - -##### Create the secret as part of the helm release -values.yaml -```yaml -artifactory: - license: - licenseKey: |- - - - - - - - -``` - -```bash -helm upgrade --install artifactory-ha -f values.yaml --namespace artifactory-ha center/jfrog/artifactory-ha -``` -**NOTE:** This method is relevant for initial deployment only! Once Artifactory is deployed, you should not keep passing these parameters as the license is already persisted into Artifactory's storage (they will be ignored). -Updating the license should be done via Artifactory UI or REST API. -If you want to keep managing the artifactory license using the same method, you can use the copyOnEveryStartup example shown in the values.yaml file - - -### copyOnEveryStartup feature -Files stored in the `/artifactory-extra-conf` directory are only copied to the `ARTIFACTORY_HOME/etc` directory upon the first startup. -In some cases, you want your configuration files to be copied to the `ARTIFACTORY_HOME/etc` directory on every startup. -Two examples for that would be: - -1. the binarstore.xml file. If you use the default behaviour, your binarystore.xml configuration will only be copied on the first startup, -which means that changes you make over time to the `binaryStoreXml` configuration will not be applied. In order to make sure your changes are applied on every startup, do the following: -Create a values file with the following values: -```yaml -artifactory: - copyOnEveryStartup: - - source: /artifactory_bootstrap/binarystore.xml - target: etc/artifactory/ -``` - -Install the helm chart with the values file you created: -```bash -helm upgrade --install artifactory-ha --namespace artifactory-ha center/jfrog/artifactory-ha -f values.yaml -``` - -2. Any custom configuration file you have to configure artifactory, such as `logback.xml`: -Create a config map with your `logback.xml` configuration. - -Create a values file with the following values: -```yaml -artifactory: - ## Create a volume pointing to the config map with your configuration file - customVolumes: | - - name: logback-xml-configmap - configMap: - name: logback-xml-configmap - customVolumeMounts: | - - name: logback-xml-configmap - mountPath: /tmp/artifactory-logback/ - copyOnEveryStartup: - - source: /tmp/artifactory-logback/* - target: etc/ -``` - -Install the helm chart with the values file you created: -```bash -helm upgrade --install artifactory-ha --namespace artifactory-ha center/jfrog/artifactory-ha -f values.yaml -``` - -### Configure NetworkPolicy - -NetworkPolicy specifies what ingress and egress is allowed in this namespace. It is encouraged to be more specific whenever possible to increase security of the system. - -In the `networkpolicy` section of values.yaml you can specify a list of NetworkPolicy objects. - -For podSelector, ingress and egress, if nothing is provided then a default `- {}` is applied which is to allow everything. - -A full (but very wide open) example that results in 2 NetworkPolicy objects being created: -```yaml -networkpolicy: - # Allows all ingress and egress to/from artifactory primary and member pods. - - name: artifactory - podSelector: - matchLabels: - app: artifactory-ha - egress: - - {} - ingress: - - {} - # Allows connectivity from artifactory-ha pods to postgresql pods, but no traffic leaving postgresql pod. - - name: postgresql - podSelector: - matchLabels: - app: postgresql - ingress: - - from: - - podSelector: - matchLabels: - app: artifactory-ha -``` - -### Artifactory JMX Configuration -** You can see some information about the exposed MBeans here - https://www.jfrog.com/confluence/display/RTF/Artifactory+JMX+MBeans - -Enable JMX in your deployment: -```bash -helm upgrade --install artifactory \ - --set artifactory.primary.javaOpts.jmx.enabled=true \ - --set artifactory.node.javaOpts.jmx.enabled=true \ - --namespace artifactory-ha center/jfrog/artifactory-ha -``` -This will enable access to Artifactory with JMX on the default port (9010). -** You have the option to change the port by setting ```artifactory.primary.javaOpts.jmx.port``` and ```artifactory.node.javaOpts.jmx.port``` -to your choice of port - -In order to connect to Artifactory using JMX with jconsole (or any similar tool) installed on your computer, follow the following steps: -1. Enable JMX as described above and Change the Artifactory service to be of type LoadBalancer: -```bash -helm upgrade --install artifactory \ - --set artifactory.primary.javaOpts.jmx.enabled=true \ - --set artifactory.node.javaOpts.jmx.enabled=true \ - --set artifactory.service.type=LoadBalancer \ - --namespace artifactory-ha center/jfrog/artifactory-ha -``` -2. The default setting for java.rmi.server.hostname is the service name (this is also configurable with -```artifactory.primary.javaOpts.jmx.host``` and ```artifactory.node.javaOpts.jmx.host```), So in order to connect to Artifactory -with jconsole you should map the Artifactory kuberentes service IP to the service name using your hosts file as such: -``` - artifactory-ha--primary - -``` -3. Launch jconsole with the service address and port: -```bash -jconsole artifactory-ha--primary: -jconsole : -``` - -### Bootstrapping Artifactory admin password -You can bootstrap the `admin` user password as described in the [bootstrap Artifactory admin credentials](https://www.jfrog.com/confluence/display/JFROG/Users+and+Groups#UsersandGroups-RecreatingtheDefaultAdminUserrecreate) guide. - -1. Create `admin-creds-values.yaml` and provide the IP (By default 127.0.0.1) and password: -```yaml -artifactory: - admin: - ip: "" # Example: "*" to allow access from anywhere - username: "admin" - password: "" -``` - -2. Apply the `admin-creds-values.yaml` file: -```bash -helm upgrade --install artifactory --namespace artifactory-ha center/jfrog/artifactory-ha -f admin-creds-values.yaml -``` - -### Bootstrapping Artifactory configuration -**IMPORTANT:** Bootstrapping Artifactory needs license. Pass license as shown in above section. - -* User guide to [bootstrap Artifactory Global Configuration](https://www.jfrog.com/confluence/display/RTF/Configuration+Files#ConfigurationFiles-BootstrappingtheGlobalConfiguration) -* User guide to [bootstrap Artifactory Security Configuration](https://www.jfrog.com/confluence/display/RTF/Configuration+Files#ConfigurationFiles-BootstrappingtheSecurityConfiguration) - -1. Create `bootstrap-config.yaml` with artifactory.config.import.xml and security.import.xml as shown below: -```yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: my-release-bootstrap-config -data: - artifactory.config.import.xml: | - - security.import.xml: | - -``` - -2. Create configMap in Kubernetes: -```bash -kubectl apply -f bootstrap-config.yaml -``` -3. Pass the configMap to helm -```bash -helm upgrade --install artifactory-ha --set artifactory.license.secret=artifactory-cluster-license,artifactory.license.dataKey=art.lic,artifactory.configMapName=my-release-bootstrap-config --namespace artifactory-ha center/jfrog/artifactory-ha -``` - -### Use custom nginx.conf with Nginx - -Steps to create configMap with nginx.conf -* Create `nginx.conf` file. -```bash -kubectl create configmap nginx-config --from-file=nginx.conf -``` -* Pass configMap to helm install -```bash -helm upgrade --install artifactory-ha --set nginx.customConfigMap=nginx-config --namespace artifactory-ha center/jfrog/artifactory-ha -``` - -### Scaling your Artifactory cluster -A key feature in Artifactory HA is the ability to set an initial cluster size with `--set artifactory.node.replicaCount=${CLUSTER_SIZE}` and if needed, resize it. - -##### Before scaling -**IMPORTANT:** When scaling, you need to explicitly pass the database password if it's an auto generated one (this is the default with the enclosed PostgreSQL helm chart). - -Get the current database password -```bash -export DB_PASSWORD=$(kubectl get $(kubectl get secret -o name | grep postgresql) -o jsonpath="{.data.postgresql-password}" | base64 --decode) -``` -Use `--set postgresql.postgresqlPassword=${DB_PASSWORD}` with every scale action to prevent a miss configured cluster! - -##### Scale up -Let's assume you have a cluster with **2** member nodes, and you want to scale up to **3** member nodes (a total of 4 nodes). -```bash -# Scale to 4 nodes (1 primary and 3 member nodes) -helm upgrade --install artifactory-ha --set artifactory.node.replicaCount=3 --set postgresql.postgresqlPassword=${DB_PASSWORD} --namespace artifactory-ha center/jfrog/artifactory-ha -``` - -##### Scale down -Let's assume you have a cluster with **3** member nodes, and you want to scale down to **2** member node. - -```bash -# Scale down to 2 member nodes -helm upgrade --install artifactory-ha --set artifactory.node.replicaCount=2 --set postgresql.postgresqlPassword=${DB_PASSWORD} --namespace artifactory-ha center/jfrog/artifactory-ha -``` -- **NOTE:** Since Artifactory is running as a Kubernetes Stateful Set, the removal of the node will **not** remove the persistent volume. You need to explicitly remove it -```bash -# List PVCs -kubectl get pvc - -# Remove the PVC with highest ordinal! -# In this example, the highest node ordinal was 2, so need to remove its storage. -kubectl delete pvc volume-artifactory-node-2 -``` - -### Use an external Database - -**For production grade installations it is recommended to use an external PostgreSQL with a static password** - -#### PostgreSQL -There are cases where you will want to use external PostgreSQL with a different database name e.g. `my-artifactory-db`, then you need set a custom PostgreSQL connection URL, where `my-artifactory-db` is the database name. - -This can be done with the following parameters -```bash -... ---set postgresql.enabled=false \ ---set database.type=postgresql \ ---set database.driver=org.postgresql.Driver \ ---set database.url='jdbc:postgresql://${DB_HOST}:${DB_PORT}/my-artifactory-db' \ ---set database.user=${DB_USER} \ ---set database.password=${DB_PASSWORD} \ -... -``` -**NOTE:** You must set `postgresql.enabled=false` in order for the chart to use the `database.*` parameters. Without it, they will be ignored! - -#### Other DB type -There are cases where you will want to use a different database and not the enclosed **PostgreSQL**. -See more details on [configuring the database](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Database) -> The official Artifactory Docker images include the PostgreSQL database driver. -> For other database types, you will have to add the relevant database driver to Artifactory's tomcat/lib - -This can be done with the following parameters -```bash -# Make sure your Artifactory Docker image has the MySQL database driver in it -... ---set postgresql.enabled=false \ ---set artifactory.preStartCommand="mkdir -p /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib; cd /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib && wget -O /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib/mysql-connector-java-5.1.41.jar https://jcenter.bintray.com/mysql/mysql-connector-java/5.1.41/mysql-connector-java-5.1.41.jar" \ ---set database.type=mysql \ ---set database.driver=com.mysql.jdbc.Driver \ ---set database.url=${DB_URL} \ ---set database.user=${DB_USER} \ ---set database.password=${DB_PASSWORD} \ -... -``` -**NOTE:** You must set `postgresql.enabled=false` in order for the chart to use the `database.*` parameters. Without it, they will be ignored! -##### Configuring Artifactory with external Oracle database -To use artifactory with oracledb the required instant client library files, libaio has to be copied to tomcat lib. Also set LD_LIBRARY_PATH env variable. -1. Create a value file with the configuration -```yaml -postgresql: - enabled: false -database: - type: oracle - driver: oracle.jdbc.OracleDriver - url: - user: - password: -artifactory: - preStartCommand: "mkdir -p /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib; cd /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib && wget -O instantclient-basic-linux.x64-19.6.0.0.0dbru.zip https://download.oracle.com/otn_software/linux/instantclient/19600/instantclient-basic-linux.x64-19.6.0.0.0dbru.zip && unzip -jn instantclient-basic-linux.x64-19.6.0.0.0dbru.zip && wget -O libaio1_0.3.110-3_amd64.deb http://ftp.br.debian.org/debian/pool/main/liba/libaio/libaio1_0.3.110-3_amd64.deb && dpkg-deb -x libaio1_0.3.110-3_amd64.deb . && cp lib/x86_64-linux-gnu/* ." - extraEnvironmentVariables: - - name: LD_LIBRARY_PATH - value: /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib -``` -2. Install Artifactory with the values file you created: -```bash -helm upgrade --install artifactory center/jfrog/artifactory-ha --namespace artifactory -f values-oracle.yaml -``` -**NOTE:** If its an upgrade from 6.x to 7.x, add same `preStartCommand` under `artifactory.migration.preStartCommand` - -#### Using pre-existing Kubernetes Secret -If you store your database credentials in a pre-existing Kubernetes `Secret`, you can specify them via `database.secrets` instead of `database.user` and `database.password`: -```bash -# Create a secret containing the database credentials -kubectl create secret generic my-secret --from-literal=user=${DB_USER} --from-literal=password=${DB_PASSWORD} -... ---set postgresql.enabled=false \ ---set database.secrets.user.name=my-secret \ ---set database.secrets.user.key=user \ ---set database.secrets.password.name=my-secret \ ---set database.secrets.password.key=password \ -... -``` - -### Deleting Artifactory -To delete the Artifactory HA cluster - -On helm v2: -```bash -helm delete --purge artifactory-ha -``` - -On helm v3: -```bash -helm delete artifactory-ha --namespace artifactory-ha -``` - -This will completely delete your Artifactory HA cluster. -**NOTE:** Since Artifactory is running as Kubernetes Stateful Sets, the removal of the helm release will **not** remove the persistent volumes. You need to explicitly remove them -```bash -kubectl delete pvc -l release=artifactory-ha -``` -See more details in the official [Kubernetes Stateful Set removal page](https://kubernetes.io/docs/tasks/run-application/delete-stateful-set/) - -### Custom Docker registry for your images -If you need to pull your Docker images from a private registry (for example, when you have a custom image with a MySQL database driver), you need to create a -[Kubernetes Docker registry secret](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/) and pass it to helm -```bash -# Create a Docker registry secret called 'regsecret' -kubectl create secret docker-registry regsecret --docker-server=${DOCKER_REGISTRY} --docker-username=${DOCKER_USER} --docker-password=${DOCKER_PASS} --docker-email=${DOCKER_EMAIL} -``` -Once created, you pass it to `helm` -```bash -helm upgrade --install artifactory-ha --set imagePullSecrets=regsecret --namespace artifactory-ha center/jfrog/artifactory-ha -``` - -### Logger sidecars -This chart provides the option to add sidecars to tail various logs from Artifactory. See the available values in [values.yaml](values.yaml) - -Get list of containers in the pod -```bash -kubectl get pods -n -o jsonpath='{.spec.containers[*].name}' | tr ' ' '\n' -``` - -View specific log -```bash -kubectl logs -n -c -``` - - -### Custom init containers -There are cases where a special, unsupported init processes is needed like checking something on the file system or testing something before spinning up the main container. - -For this, there is a section for writing custom init containers before and after the predefined init containers in the [values.yaml](values.yaml) . By default it's commented out -```yaml -artifactory: - ## Add custom init containers executed before predefined init containers - customInitContainersBegin: | - ## Init containers template goes here ## - ## Add custom init containers executed after predefined init containers - customInitContainers: | - ## Init containers template goes here ## -``` - -### Custom sidecar containers -There are cases where an extra sidecar container is needed. For example monitoring agents or log collection. - -For this, there is a section for writing a custom sidecar container in the [values.yaml](values.yaml). By default it's commented out -```yaml -artifactory: - ## Add custom sidecar containers - customSidecarContainers: | - ## Sidecar containers template goes here ## -``` - -You can configure the sidecar to run as a custom user if needed by setting the following in the container template -```yaml - # Example of running container as root (id 0) - securityContext: - runAsUser: 0 - fsGroup: 0 -``` - -### Custom volumes -If you need to use a custom volume in a custom init or sidecar container, you can use this option. - -For this, there is a section for defining custom volumes in the [values.yaml](values.yaml). By default it's commented out -```yaml -artifactory: - ## Add custom volumes - customVolumes: | - ## Custom volume comes here ## -``` - -### Custom secrets -If you need to add a custom secret in a custom init or sidecar container, you can use this option. - -For this, there is a section for defining custom secrets in the [values.yaml](values.yaml). By default it's commented out -```yaml -artifactory: - # Add custom secrets - secret per file - customSecrets: - - name: custom-secret - key: custom-secret.yaml - data: > - secret data -``` - -To use a custom secret, need to define a custom volume. -```yaml -artifactory: - ## Add custom volumes - customVolumes: | - - name: custom-secret - secret: - secretName: custom-secret -``` - -To use a volume, need to define a volume mount as part of a custom init or sidecar container. -```yaml -artifactory: - customSidecarContainers: - - name: side-car-container - volumeMounts: - - name: custom-secret - mountPath: /opt/custom-secret.yaml - subPath: custom-secret.yaml - readOnly: true -``` - -### Add Artifactory User Plugin during installation -If you need to add [Artifactory User Plugin](https://github.com/jfrog/artifactory-user-plugins), you can use this option. - -Create a secret with [Artifactory User Plugin](https://github.com/jfrog/artifactory-user-plugins) by following command: -```bash -# Secret with single user plugin -kubectl create secret generic archive-old-artifacts --from-file=archiveOldArtifacts.groovy --namespace=artifactory-ha - -# Secret with single user plugin with configuration file -kubectl create secret generic webhook --from-file=webhook.groovy --from-file=webhook.config.json.sample --namespace=artifactory-ha -``` - -Add plugin secret names to `plugins.yaml` as following: -```yaml -artifactory: - userPluginSecrets: - - archive-old-artifacts - - webhook -``` - -You can now pass the created `plugins.yaml` file to helm install command to deploy Artifactory with user plugins as follows: -```bash -helm upgrade --install artifactory-ha -f plugins.yaml --namespace artifactory-ha center/jfrog/artifactory-ha -``` - -Alternatively, you may be in a situation in which you would like to create a secret in a Helm chart that depends on this chart. In this scenario, the name of the secret is likely dynamically generated via template functions, so passing a statically named secret isn't possible. In this case, the chart supports evaluating strings as templates via the [`tpl`](https://helm.sh/docs/charts_tips_and_tricks/#using-the-tpl-function) function - simply pass the raw string containing the templating language used to name your secret as a value instead by adding the following to your chart's `values.yaml` file: -```yaml -artifactory-ha: # Name of the artifactory-ha dependency - artifactory: - userPluginSecrets: - - '{{ template "my-chart.fullname" . }}' -``` -For additional information, please refer [here](https://www.jfrog.com/confluence/display/JFROG/User+Plugins). - -### Provide custom configMaps to Artifactory -If you want to mount a custom file to Artifactory, either an init shell script or a custom configuration file (such as `logback.xml`), you can use this option. - -Create a `configmaps.yaml` file with the following content: -```yaml -artifactory: - configMaps: | - logback.xml: | - - - - - %date [%-5level] \(%-20c{3}:%L\) %message%n - - - - - - - - - - - - - - - my-custom-post-start-hook.sh: | - echo "This is my custom post start hook" - - customVolumeMounts: | - - name: artifactory-configmaps - mountPath: /tmp/my-config-map - - postStartCommand: | - chmod +x /tmp/my-config-map/my-custom-post-start-hook.sh; - /tmp/my-config-map/my-custom-post-start-hook.sh; - - copyOnEveryStartup: - - source: /tmp/my-config-map/logback.xml - target: etc/ - -``` - -and use it with you helm install/upgrade: -```bash -helm upgrade --install artifactory-ha -f configmaps.yaml --namespace artifactory-ha center/jfrog/artifactory-ha -``` - -This will, in turn: -* create a configMap with the files you specified above -* create a volume pointing to the configMap with the name `artifactory-configmaps` -* Mount said configMap onto `/tmp/my-config-map` using a `customVolumeMounts` -* Set the shell script we mounted as the `postStartCommand` -* Copy the `logback.xml` file to its proper location in the `$ARTIFACTORY_HOME/etc` directory. - -### Establishing TLS and Adding certificates -In HTTPS, the communication protocol is encrypted using Transport Layer Security (TLS). By default, TLS between JFrog Platform nodes is disabled. -When TLS is enabled, JFrog Access acts as the Certificate Authority (CA) signs the TLS certificates used by all the different JFrog Platform nodes. - -To establish TLS between JFrog Platform nodes: -Enable TLS by changing the tls entry (under the security section) in the access.config.yaml file. For more info, Please refer [here](https://www.jfrog.com/confluence/display/JFROG/Managing+TLS+Certificates#ManagingTLSCertificates) - -To enable tls in charts, set `tls` to true under `access` in [values.yaml](values.yaml). By default it's false -```yaml -access: - accessConfig: - security: - tls: true -``` - -To add custom tls certificates, create a tls secret from the certificate files. - -```bash -kubectl create secret tls --cert=ca.crt --key=ca.private.key -``` - -For resetting access certificates , you can set `resetAccessCAKeys` to true under access section in [values.yaml](values.yaml) and perform an helm upgrade. -* Note : Once helm upgrade is done, set `resetAccessCAKeys` to false for subsequent upgrades (to avoid resetting access certificates on every helm upgrade) -```yaml -access: - accessConfig: - security: - tls: true - customCertificatesSecretName: - resetAccessCAKeys: true -``` - -### Artifactory filebeat -If you want to collect logs from your Artifactory installation and send them to a central log collection solution like ELK, you can use this option. - -Create a `filebeat.yaml` values file with the following content: -```yaml -filebeat: - enabled: true - logstashUrl: - resources: - requests: - memory: "100Mi" - cpu: "100m" - limits: - memory: "100Mi" - cpu: "100m" -``` - -You can optionally customize the `filebeat.yaml` to send output to a different location like so: -```yaml -filebeat: - enabled: true - filebeatYml: | - -``` - -and use it with you helm install/upgrade: -```bash -helm upgrade --install artifactory-ha -f filebeat.yaml --namespace artifactory-ha center/jfrog/artifactory -``` - -This will start sending your Artifactory logs to the log aggregator of your choice, based on your configuration in the `filebeatYml` - -### Install Artifactory HA with Nginx and Terminate SSL in Nginx Service(LoadBalancer). -To install the helm chart with performing SSL offload in the LoadBalancer layer of Nginx -For Ex: Using AWS ACM certificates to do SSL offload in the loadbalancer layer. -In order to do that, simply add the following to a `artifactory-ssl-values.yaml` file: -```yaml - nginx: - https: - enabled: false - service: - ssloffload: true - annotations: - service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:xx-xxxx:xxxxxxxx:certificate/xxxxxxxxxxxxx" - service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http" - service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https" -``` - -and use it with you helm install/upgrade: -```bash -helm upgrade --install artifactory -f artifactory-ssl-values.yaml --namespace artifactory center/jfrog/artifactory -``` - -### Ingress and TLS -To get Helm to create an ingress object with a hostname, add these below lines to `artifactory-ingress-values.yaml` file -```yaml - ingress: - enabled: true - hosts: - - artifactory.company.com - artifactory: - service: - type: NodePort - nginx - enabled: false -``` - -and use it with you helm install/upgrade: -```bash -helm upgrade --install artifactory -f artifactory-ingress-values.yaml--namespace artifactory center/jfrog/artifactory -``` - -If your cluster allows automatic creation/retrieval of TLS certificates (e.g. [cert-manager](https://github.com/jetstack/cert-manager)), please refer to the documentation for that mechanism. - -To manually configure TLS, first create/retrieve a key & certificate pair for the address(es) you wish to protect. Then create a TLS secret in the namespace: - -```bash -kubectl create secret tls artifactory-tls --cert=path/to/tls.cert --key=path/to/tls.key -``` - -Include the secret's name, along with the desired hostnames, in the Artifactory Ingress TLS section of your custom `values.yaml` file: - -```yaml - ingress: - ## If true, Artifactory Ingress will be created - ## - enabled: true - - ## Artifactory Ingress hostnames - ## Must be provided if Ingress is enabled - ## - hosts: - - artifactory.domain.com - annotations: - kubernetes.io/tls-acme: "true" - ## Artifactory Ingress TLS configuration - ## Secrets must be manually created in the namespace - ## - tls: - - secretName: artifactory-tls - hosts: - - artifactory.domain.com -``` - -### Ingress annotations - -This example specifically enables Artifactory to work as a Docker Registry using the Repository Path method. See [Artifactory as Docker Registry](https://www.jfrog.com/confluence/display/RTF/Getting+Started+with+Artifactory+as+a+Docker+Registry) documentation for more information about this setup. - -```yaml -ingress: - enabled: true - defaultBackend: - enabled: false - hosts: - - myhost.example.com - annotations: - ingress.kubernetes.io/force-ssl-redirect: "true" - ingress.kubernetes.io/proxy-body-size: "0" - ingress.kubernetes.io/proxy-read-timeout: "600" - ingress.kubernetes.io/proxy-send-timeout: "600" - kubernetes.io/ingress.class: nginx - nginx.ingress.kubernetes.io/configuration-snippet: | - rewrite ^/(v2)/token /artifactory/api/docker/null/v2/token; - rewrite ^/(v2)/([^\/]*)/(.*) /artifactory/api/docker/$2/$1/$3; - nginx.ingress.kubernetes.io/proxy-body-size: "0" - tls: - - hosts: - - "myhost.example.com" -``` - -### Ingress additional rules - -You have the option to add additional ingress rules to the Artifactory ingress. An example for this use case can be routing the /xray path to Xray. -In order to do that, simply add the following to a `artifactory-ha-values.yaml` file: -```yaml -ingress: - enabled: true - - defaultBackend: - enabled: false - - annotations: - kubernetes.io/ingress.class: nginx - nginx.ingress.kubernetes.io/configuration-snippet: | - rewrite "(?i)/xray(/|$)(.*)" /$2 break; - - additionalRules: | - - host: - http: - paths: - - path: / - backend: - serviceName: - servicePort: - - path: /xray - backend: - serviceName: - servicePort: - - path: /artifactory - backend: - serviceName: {{ template "artifactory.nginx.fullname" . }} - servicePort: {{ .Values.nginx.externalPortHttp }} -``` - -and running: -```bash -helm upgrade --install artifactory-ha --namespace artifactory-ha center/jfrog/artifactory-ha -f artifactory-ha-values.yaml -``` - -### Dedicated Ingress object for replicator service - -You have the option to add additional ingress object to the Replicator service. An example for this use case can be routing the /replicator/ path to Artifactory. -In order to do that, simply add the following to a `artifactory-values.yaml` file: - -```yaml -artifactory: - replicator: - enabled: true - ingress: - name: - hosts: - - myhost.example.com - annotations: - kubernetes.io/ingress.class: nginx - nginx.ingress.kubernetes.io/proxy-buffering: "off" - nginx.ingress.kubernetes.io/configuration-snippet: | - chunked_transfer_encoding on; - tls: - - hosts: - - "myhost.example.com" - secretName: -``` - -### Ingress behind another load balancer -If you are running a load balancer, that is used to offload the TLS, in front of Nginx Ingress Controller, or if you are setting **X-Forwarded-*** headers, you might want to enable **'use-forwarded-headers=true'** option. Otherwise nginx will be filling those headers with the request information it receives from the external load balancer. - -To enable it with `helm install` -```bash -helm upgrade --install nginx-ingress --namespace nginx-ingress stable/nginx-ingress --set-string controller.config.use-forwarded-headers=true -``` -or `helm upgrade` -```bash -helm upgrade nginx-ingress --set-string controller.config.use-forwarded-headers=true stable/nginx-ingress -``` -or create a values.yaml file with the following content: -```yaml -controller: - config: - use-forwarded-headers: "true" -``` -Then install nginx-ingress with the values file you created: -```bash -helm upgrade --install nginx-ingress --namespace nginx-ingress stable/nginx-ingress -f values.yaml -``` - -## Configuration -The following table lists the configurable parameters of the artifactory chart and their default values. - -| Parameter | Description | Default | -|------------------------------|-----------------------------------|-------------------------------------------------------| -| `imagePullSecrets` | Docker registry pull secret | | -| `serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | -| `serviceAccount.name` | The name of the ServiceAccount to create | Generated using the fullname template | -| `serviceAccount.annotations` | Artifactory service account annotations | `` | -| `rbac.create` | Specifies whether RBAC resources should be created | `true` | -| `rbac.role.rules` | Rules to create | `[]` | -| `logger.image.repository` | repository for logger image | `busybox` | -| `logger.image.tag` | tag for logger image | `1.30` | -| `artifactory.name` | Artifactory name | `artifactory` | -| `artifactory.image.pullPolicy` | Container pull policy | `IfNotPresent` | -| `artifactory.image.repository` | Container image | `docker.bintray.io/jfrog/artifactory-pro` | -| `artifactory.image.version` | Container image tag | `.Chart.AppVersion` | -| `artifactory.priorityClass.create` | Create a PriorityClass object | `false` | -| `artifactory.priorityClass.value` | Priority Class value | `1000000000` | -| `artifactory.priorityClass.name` | Priority Class name | `{{ template "artifactory-ha.fullname" . }}` | -| `artifactory.priorityClass.existingPriorityClass` | Use existing priority class | `` | -| `artifactory.loggers` | Artifactory loggers (see values.yaml for possible values) | `[]` | -| `artifactory.loggersResources.requests.memory` | Artifactory loggers initial memory request | | -| `artifactory.loggersResources.requests.cpu` | Artifactory loggers initial cpu request | | -| `artifactory.loggersResources.limits.memory` | Artifactory loggers memory limit | | -| `artifactory.loggersResources.limits.cpu` | Artifactory loggers cpu limit | | -| `artifactory.catalinaLoggers` | Artifactory Tomcat loggers (see values.yaml for possible values) | `[]` | -| `artifactory.catalinaLoggersResources.requests.memory` | Artifactory Tomcat loggers initial memory request | | -| `artifactory.catalinaLoggersResources.requests.cpu` | Artifactory Tomcat loggers initial cpu request | | -| `artifactory.catalinaLoggersResources.limits.memory` | Artifactory Tomcat loggers memory limit | | -| `artifactory.catalinaLoggersResources.limits.cpu` | Artifactory Tomcat loggers cpu limit | | -| `artifactory.customInitContainersBegin`| Custom init containers to run before existing init containers | | -| `artifactory.customInitContainers`| Custom init containers to run after existing init containers | | -| `artifactory.customSidecarContainers`| Custom sidecar containers | | -| `artifactory.customVolumes` | Custom volumes | | -| `artifactory.customVolumeMounts` | Custom Artifactory volumeMounts | | -| `artifactory.customPersistentPodVolumeClaim` | Custom PVC spec to create and attach a unique PVC for each pod on startup with the volumeClaimTemplates feature in StatefulSet | | -| `artifactory.customPersistentVolumeClaim` | Custom PVC spec to be mounted to the all artifactory containers using a volume | | -| `artifactory.customSecrets` | Custom secrets | | -| `artifactory.userPluginSecrets` | Array of secret names for Artifactory user plugins | | -| `artifactory.masterKey` | Artifactory master key. A 128-Bit key size (hexadecimal encoded) string (32 hex characters). Can be generated with `openssl rand -hex 32`. NOTE: This key can be generated only once and cannot be updated once created |``| -| `artifactory.masterKeySecretName` | Artifactory Master Key secret name | | -| `artifactory.joinKey` | Join Key to connect other services to Artifactory. Can be generated with `openssl rand -hex 32` | `` | -| `artifactory.joinKeySecretName` | Artifactory join Key secret name | | -| `artifactory.admin.ip` | Artifactory admin ip to be set upon startup, can use (*) for 0.0.0.0| `127.0.0.1` | -| `artifactory.admin.username` | Artifactory admin username to be set upon startup| `admin` | -| `artifactory.admin.password` | Artifactory admin password to be set upon startup| | -| `artifactory.admin.secret` | Artifactory admin secret name | | -| `artifactory.admin.dataKey` | Artifactory admin secret data key | | -| `artifactory.preStartCommand` | Command to run before entrypoint starts | | -| `artifactory.postStartCommand` | Command to run after container starts. Supports templating with `tpl` | | -| `artifactory.license.licenseKey` | Artifactory license key. Providing the license key as a parameter will cause a secret containing the license key to be created as part of the release. Use either this setting or the license.secret and license.dataKey. If you use both, the latter will be used. | | -| `artifactory.configMaps` | configMaps to be created as volume by the name `artifactory-configmaps`. In order to use these configMaps, you will need to add `customVolumeMounts` to point to the created volume and mount it onto a container | | -| `artifactory.license.secret` | Artifactory license secret name | | -| `artifactory.license.dataKey`| Artifactory license secret data key | | -| `artifactory.service.name` | Artifactory service name to be set in Nginx configuration | `artifactory` | -| `artifactory.service.type` | Artifactory service type | `ClusterIP` | -| `artifactory.service.clusterIP`| Specific cluster IP or `None` for headless services | `nil` | -| `artifactory.service.loadBalancerSourceRanges`| Artifactory service array of IP CIDR ranges to whitelist (only when service type is LoadBalancer) | | -| `artifactory.service.annotations` | Artifactory service annotations | `{}` | -| `artifactory.service.pool` | Artifactory instances to be in the load balancing pool. `members` or `all` | `members` | -| `artifactory.externalPort` | Artifactory service external port | `8082` | -| `artifactory.internalPort` | Artifactory service internal port (**DO NOT** use port lower than 1024) | `8082` | -| `artifactory.internalArtifactoryPort` | Artifactory service internal port (**DO NOT** use port lower than 1024) | `8081` | -| `artifactory.externalArtifactoryPort` | Artifactory service external port | `8081` | -| `artifactory.extraEnvironmentVariables` | Extra environment variables to pass to Artifactory. Supports evaluating strings as templates via the [`tpl`](https://helm.sh/docs/charts_tips_and_tricks/#using-the-tpl-function) function. See [documentation](https://www.jfrog.com/confluence/display/RTF/Installing+with+Docker#InstallingwithDocker-SupportedEnvironmentVariables) | | -| `artifactory.livenessProbe.enabled` | Enable liveness probe | `true` | -| `artifactory.livenessProbe.path` | liveness probe HTTP Get path | `/router/api/v1/system/health` | -| `artifactory.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 180 | -| `artifactory.livenessProbe.periodSeconds` | How often to perform the probe | 10 | -| `artifactory.livenessProbe.timeoutSeconds` | When the probe times out | 10 | -| `artifactory.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | 1 | -| `artifactory.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 10 | -| `artifactory.readinessProbe.enabled` | would you like a readinessProbe to be enabled | `true` | -| `artifactory.readinessProbe.path` | readiness probe HTTP Get path | `/router/api/v1/system/health` | -| `artifactory.readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | 60 | -| `artifactory.readinessProbe.periodSeconds` | How often to perform the probe | 10 | -| `artifactory.readinessProbe.timeoutSeconds` | When the probe times out | 10 | -| `artifactory.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | 1 | -| `artifactory.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 10 | -| `artifactory.copyOnEveryStartup` | List of files to copy on startup from source (which is absolute) to target (which is relative to ARTIFACTORY_HOME | | -| `artifactory.deleteDBPropertiesOnStartup` | Whether to delete the ARTIFACTORY_HOME/etc/db.properties file on startup. Disabling this will remove the ability for the db.properties to be updated with any DB-related environment variables change (e.g. DB_HOST, DB_URL) | `true` | -| `artifactory.database.maxOpenConnections` | Maximum amount of open connections from Artifactory to the DB | `80` | -| `artifactory.haDataDir.enabled` | Enable haDataDir for eventual storage in the HA cluster | `false` | -| `artifactory.haDataDir.path` | Path to the directory intended for use with NFS eventual configuration for HA | | -| `artifactory.haBackupDir.enabled` | Enable haBackupDir for eventual storage in the HA cluster | `false` | -| `artifactory.haBackupDir.path` | Path to the directory intended for use with NFS eventual configuration for HA | | -| `artifactory.haBackupDir.enabled` | Enable haBackupDir for eventual storage in the HA cluster | `false` | -| `artifactory.haBackupDir.path` | Path to the directory intended for use with NFS eventual configuration for HA | | -| `artifactory.migration.timeoutSeconds` | Artifactory migration Maximum Time out in seconds| `3600` | -| `artifactory.migration.enabled` | Artifactory migration enabled or disabled | `true` | -| `artifactory.persistence.mountPath` | Artifactory persistence volume mount path | `"/var/opt/jfrog/artifactory"` | -| `artifactory.persistence.enabled` | Artifactory persistence volume enabled | `true` | -| `artifactory.persistence.accessMode` | Artifactory persistence volume access mode | `ReadWriteOnce` | -| `artifactory.persistence.size` | Artifactory persistence or local volume size | `200Gi` | -| `artifactory.persistence.binarystore.enabled` | whether you want to mount the binarystore.xml file from a secret created by the chart. If `false` you will need need to get the binarystore.xml file into the file-system from either an `initContainer` or using a `preStartCommand` | `true` | -| `artifactory.persistence.binarystoreXml` | Artifactory binarystore.xml template | See `values.yaml` | -| `artifactory.persistence.customBinarystoreXmlSecret` | A custom Secret for binarystore.xml | `` | -| `artifactory.persistence.maxCacheSize` | Artifactory cache-fs provider maxCacheSize in bytes | `50000000000` | -| `artifactory.persistence.cacheProviderDir` | the root folder of binaries for the filestore cache. If the value specified starts with a forward slash ("/") it is considered the fully qualified path to the filestore folder. Otherwise, it is considered relative to the *baseDataDir*. | `cache` | -| `artifactory.persistence.type` | Artifactory HA storage type | `file-system` | -| `artifactory.persistence.redundancy` | Artifactory HA storage redundancy | `3` | -| `artifactory.persistence.nfs.ip` | NFS server IP | | -| `artifactory.persistence.nfs.haDataMount` | NFS data directory | `/data` | -| `artifactory.persistence.nfs.haBackupMount` | NFS backup directory | `/backup` | -| `artifactory.persistence.nfs.dataDir` | HA data directory | `/var/opt/jfrog/artifactory-ha` | -| `artifactory.persistence.nfs.backupDir` | HA backup directory | `/var/opt/jfrog/artifactory-backup` | -| `artifactory.persistence.nfs.capacity` | NFS PVC size | `200Gi` | -| `artifactory.persistence.nfs.mountOptions` | NFS mount options | `[]` | -| `artifactory.persistence.eventual.numberOfThreads` | Eventual number of threads | `10` | -| `artifactory.persistence.googleStorage.endpoint` | Google Storage API endpoint| `storage.googleapis.com` | -| `artifactory.persistence.googleStorage.httpsOnly` | Google Storage API has to be consumed https only| `false` | -| `artifactory.persistence.googleStorage.bucketName` | Google Storage bucket name | `artifactory-ha` | -| `artifactory.persistence.googleStorage.identity` | Google Storage service account id | | -| `artifactory.persistence.googleStorage.credential` | Google Storage service account key | | -| `artifactory.persistence.googleStorage.path` | Google Storage path in bucket | `artifactory-ha/filestore` | -| `artifactory.persistence.googleStorage.bucketExists`| Google Storage bucket exists therefore does not need to be created.| `false` | -| `artifactory.persistence.awsS3.bucketName` | AWS S3 bucket name | `artifactory-ha` | -| `artifactory.persistence.awsS3.endpoint` | AWS S3 bucket endpoint | See https://docs.aws.amazon.com/general/latest/gr/rande.html | -| `artifactory.persistence.awsS3.region` | AWS S3 bucket region | | -| `artifactory.persistence.awsS3.roleName` | AWS S3 IAM role name | | -| `artifactory.persistence.awsS3.identity` | AWS S3 AWS_ACCESS_KEY_ID | | -| `artifactory.persistence.awsS3.credential` | AWS S3 AWS_SECRET_ACCESS_KEY | | -| `artifactory.persistence.awsS3.properties` | AWS S3 additional properties | | -| `artifactory.persistence.awsS3.path` | AWS S3 path in bucket | `artifactory-ha/filestore` | -| `artifactory.persistence.awsS3.refreshCredentials` | AWS S3 renew credentials on expiration | `true` (When roleName is used, this parameter will be set to true) | -| `artifactory.persistence.awsS3.httpsOnly` | AWS S3 https access to the bucket only | `true` | -| `artifactory.persistence.awsS3.testConnection` | AWS S3 test connection on start up | `false` | -| `artifactory.persistence.awsS3.s3AwsVersion` | AWS S3 signature version | `AWS4-HMAC-SHA256` | -| `artifactory.persistence.awsS3V3.testConnection` | AWS S3 test connection on start up | `false` | -| `artifactory.persistence.awsS3V3.identity` | AWS S3 AWS_ACCESS_KEY_ID | | -| `artifactory.persistence.awsS3V3.credential` | AWS S3 AWS_SECRET_ACCESS_KEY | | -| `artifactory.persistence.awsS3V3.region` | AWS S3 bucket region | | -| `artifactory.persistence.awsS3V3.bucketName` | AWS S3 bucket name | `artifactory-aws` | -| `artifactory.persistence.awsS3V3.path` | AWS S3 path in bucket | `artifactory/filestore` | -| `artifactory.persistence.awsS3V3.endpoint` | AWS S3 bucket endpoint | See https://docs.aws.amazon.com/general/latest/gr/rande.html | -| `artifactory.persistence.awsS3V3.maxConnections` | AWS S3 bucket maxConnections | `50` | -| `artifactory.persistence.awsS3V3.kmsServerSideEncryptionKeyId` | AWS S3 encryption key ID or alias | | -| `artifactory.persistence.awsS3V3.kmsKeyRegion` | AWS S3 KMS Key region | | -| `artifactory.persistence.awsS3V3.kmsCryptoMode` | AWS S3 KMS encryption mode | See https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore#ConfiguringtheFilestore-AmazonS3OfficialSDKTemplate | -| `artifactory.persistence.awsS3V3.useInstanceCredentials` | AWS S3 Use default authentication mechanism | See https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore#ConfiguringtheFilestore-authentication | -| `artifactory.persistence.awsS3V3.usePresigning` | AWS S3 Use URL signing | `false` | -| `artifactory.persistence.awsS3V3.signatureExpirySeconds` | AWS S3 Validity period in seconds for signed URLs | `300` | -| `artifactory.persistence.awsS3V3.cloudFrontDomainName` | AWS CloudFront domain name | See https://www.jfrog.com/confluence/display/RTF/Direct+Cloud+Storage+Download#DirectCloudStorageDownload-UsingCloudFront(Optional)| -| `artifactory.persistence.awsS3V3.cloudFrontKeyPairId` | AWS CloudFront key pair ID | See https://www.jfrog.com/confluence/display/RTF/Direct+Cloud+Storage+Download#DirectCloudStorageDownload-UsingCloudFront(Optional)| -| `artifactory.persistence.awsS3V3.cloudFrontPrivateKey` | AWS CloudFront private key | See https://www.jfrog.com/confluence/display/RTF/Direct+Cloud+Storage+Download#DirectCloudStorageDownload-UsingCloudFront(Optional)| -| `artifactory.persistence.azureBlob.accountName` | Azure Blob Storage account name | `` | -| `artifactory.persistence.azureBlob.accountKey` | Azure Blob Storage account key | `` | -| `artifactory.persistence.azureBlob.endpoint` | Azure Blob Storage endpoint | `` | -| `artifactory.persistence.azureBlob.containerName` | Azure Blob Storage container name | `` | -| `artifactory.persistence.azureBlob.testConnection` | Azure Blob Storage test connection | `false` | -| `artifactory.persistence.fileSystem.existingSharedClaim` | Enable using an existing shared pvc | `false` | -| `artifactory.persistence.fileStorage.dataDir` | HA data directory | `/var/opt/jfrog/artifactory/artifactory-data` | -| `artifactory.persistence.fileStorage.backupDir` | HA backup directory | `/var/opt/jfrog/artifactory-backup` | -| `artifactory.javaOpts.other` | Artifactory additional java options (for all nodes) | | -| `artifactory.replicator.enabled` | Enable the Replicator service (relevant for Enterprise+ only) | `false` | -| `artifactory.ssh.enabled` | Enable Artifactory SSH access | | -| `artifactory.ssh.internalPort` | Artifactory SSH internal port | `1339` | -| `artifactory.ssh.externalPort` | Artifactory SSH external port | `1339` | -| `artifactory.primary.preStartCommand` | Artifactory primary node preStartCommand to be run after `artifactory.preStartCommand` | | -| `artifactory.primary.labels` | Artifactory primary node labels | `{}` | -| `artifactory.primary.resources.requests.memory` | Artifactory primary node initial memory request | | -| `artifactory.primary.resources.requests.cpu` | Artifactory primary node initial cpu request | | -| `artifactory.primary.resources.limits.memory` | Artifactory primary node memory limit | | -| `artifactory.primary.resources.limits.cpu` | Artifactory primary node cpu limit | | -| `artifactory.primary.javaOpts.xms` | Artifactory primary node java Xms size | | -| `artifactory.primary.javaOpts.xmx` | Artifactory primary node java Xms size | | -| `artifactory.primary.javaOpts.corePoolSize` | The number of async processes that can run in parallel in the primary node - https://jfrog.com/knowledge-base/how-do-i-tune-artifactory-for-heavy-loads/ | `16` | -| `artifactory.primary.javaOpts.jmx.enabled` | Enable JMX monitoring | `false` | -| `artifactory.primary.javaOpts.jmx.port` | JMX Port number | `9010` | -| `artifactory.primary.javaOpts.jmx.host` | JMX hostname (parsed as a helm template) | `{{ template "artifactory-ha.primary.name" $ }}` | -| `artifactory.primary.javaOpts.jmx.ssl` | Enable SSL | `false` | -| `artifactory.primary.javaOpts.jmx.authenticate` | Enable JMX authentication | `false` | -| `artifactory.primary.javaOpts.jmx.accessFile` | The path to the JMX access file, when JMX authentication is enabled | | -| `artifactory.primary.javaOpts.jmx.passwordFile` | The path to the JMX password file, when JMX authentication is enabled | | -| `artifactory.primary.javaOpts.other` | Artifactory primary node additional java options | | -| `artifactory.primary.persistence.existingClaim` | Whether to use an existing pvc for the primary node | `false` | -| `artifactory.node.preStartCommand` | Artifactory member node preStartCommand to be run after `artifactory.preStartCommand` | | -| `artifactory.node.labels` | Artifactory member node labels | `{}` | -| `artifactory.node.replicaCount` | Artifactory member node replica count | `2` | -| `artifactory.node.minAvailable` | Artifactory member node min available count | `1` | -| `artifactory.node.resources.requests.memory` | Artifactory member node initial memory request | | -| `artifactory.node.resources.requests.cpu` | Artifactory member node initial cpu request | | -| `artifactory.node.resources.limits.memory` | Artifactory member node memory limit | | -| `artifactory.node.resources.limits.cpu` | Artifactory member node cpu limit | | -| `artifactory.node.javaOpts.xms` | Artifactory member node java Xms size | | -| `artifactory.node.javaOpts.xmx` | Artifactory member node java Xms size | | -| `artifactory.node.javaOpts.corePoolSize` | The number of async processes that can run in parallel in the member nodes - https://jfrog.com/knowledge-base/how-do-i-tune-artifactory-for-heavy-loads/ | `16` | -| `artifactory.node.javaOpts.jmx.enabled` | Enable JMX monitoring | `false` | -| `artifactory.node.javaOpts.jmx.port` | JMX Port number | `9010` | -| `artifactory.node.javaOpts.jmx.host` | JMX hostname (parsed as a helm template) | `{{ template "artifactory-ha.fullname" $ }}` | -| `artifactory.node.javaOpts.jmx.ssl` | Enable SSL | `false` | -| `artifactory.node.javaOpts.jmx.authenticate` | Enable JMX authentication | `false` | -| `artifactory.node.javaOpts.jmx.accessFile` | The path to the JMX access file, when JMX authentication is enabled | | -| `artifactory.node.javaOpts.jmx.passwordFile` | The path to the JMX password file, when JMX authentication is enabled | | -| `artifactory.node.javaOpts.other` | Artifactory member node additional java options | | -| `artifactory.node.persistence.existingClaim` | Whether to use existing PVCs for the member nodes | `false` | -| `artifactory.terminationGracePeriodSeconds` | Termination grace period (seconds) | `30s` | -| `artifactory.node.waitForPrimaryStartup.enabled` | Whether to wait for the primary node to start before starting up the member nodes | `false` | -| `artifactory.node.waitForPrimaryStartup.time` | The amount of time to wait for the primary node to start before starting up the member nodes | `60` | -| `artifactory.tomcat.connector.maxThreads` | The max number of connections to Artifactory connector | `200` | -| `artifactory.tomcat.connector.extraConfig` | The max queue length for incoming connections to Artifactory connector | `'acceptCount="100"'` | -| `artifactory.systemYaml` | Artifactory system configuration (`system.yaml`) as described here - https://www.jfrog.com/confluence/display/JFROG/Artifactory+System+YAML | `see values.yaml` | -| `artifactory.primary.affinity` | Artifactory primary node affinity | `{}` | -| `artifactory.node.affinity` | Artifactory member node affinity | `{}` | -| `access.database.maxOpenConnections` | Maximum amount of open connections from Access to the DB | `80` | -| `access.tomcat.connector.maxThreads` | The max number of connections to Aceess connector | `50` | -| `access.tomcat.connector.extraConfig` | The max queue length for incoming connections to Access connector | `'acceptCount="100"'` | -| `initContainers.resources.requests.memory` | Init containers initial memory request | | -| `initContainers.resources.requests.cpu` | Init containers initial cpu request | | -| `initContainers.resources.limits.memory` | Init containers memory limit | | -| `initContainers.resources.limits.cpu` | Init containers cpu limit | | -| `ingress.enabled` | If true, Artifactory Ingress will be created | `false` | -| `ingress.annotations` | Artifactory Ingress annotations | `{}` | -| `ingress.labels` | Artifactory Ingress labels | `{}` | -| `ingress.hosts` | Artifactory Ingress hostnames | `[]` | -| `ingress.routerPath` | Router Ingress path | `/` | -| `ingress.artifactoryPath` | Artifactory Ingress path | `/artifactory` | -| `ingress.tls` | Artifactory Ingress TLS configuration (YAML) | `[]` | -| `ingress.defaultBackend.enabled` | If true, the default `backend` will be added using serviceName and servicePort | `true` | -| `ingress.annotations` | Ingress annotations, which are written out if annotations section exists in values. Everything inside of the annotations section will appear verbatim inside the resulting manifest. See `Ingress annotations` section below for examples of how to leverage the annotations, specifically for how to enable docker authentication. | | -| `ingress.additionalRules` | Ingress additional rules to be added to the Artifactory ingress. | `[]` | -| `metadata.database.maxOpenConnections` | Maximum amount of open connections from metadata to the DB | `80` | -| `nginx.enabled` | Deploy nginx server | `true` | -| `nginx.kind` | Nginx object kind, for example `DaemonSet`, `Deployment` or `StatefulSet` | `Deployment` | -| `nginx.name` | Nginx name | `nginx` | -| `nginx.replicaCount` | Nginx replica count | `1` | -| `nginx.uid` | Nginx User Id | `104` | -| `nginx.gid` | Nginx Group Id | `107` | -| `nginx.image.repository` | Container image | `docker.bintray.io/jfrog/nginx-artifactory-pro` | -| `nginx.image.version` | Container version | `.Chart.AppVersion` | -| `nginx.image.pullPolicy` | Container pull policy | `IfNotPresent` | -| `nginx.labels` | Nginx deployment labels | `{}` | -| `nginx.minAvailable` | Nginx node min available count | `0` | -| `nginx.loggers` | Nginx loggers (see values.yaml for possible values) | `[]` | -| `nginx.loggersResources.requests.memory` | Nginx logger initial memory request | | -| `nginx.loggersResources.requests.cpu` | Nginx logger initial cpu request | | -| `nginx.loggersResources.limits.memory` | Nginx logger memory limit | | -| `nginx.loggersResources.limits.cpu` | Nginx logger cpu limit | | -| `nginx.logs.stderr` | Send nginx logs to stderr | false | -| `nginx.logs.level` | Nginx log level: debug, info, notice, warn, error, crit, alert, or emerg | warn | -| `nginx.mainConf` | Content of the Artifactory nginx main nginx.conf config file | `see values.yaml` | -| `nginx.artifactoryConf` | Content of Artifactory nginx artifactory.conf config file | `see values.yaml` | -| `nginx.service.type` | Nginx service type | `LoadBalancer` | -| `nginx.service.clusterIP` | Specific cluster IP or `None` for headless services | `nil` | -| `nginx.service.loadBalancerSourceRanges`| Nginx service array of IP CIDR ranges to whitelist (only when service type is LoadBalancer) | | -| `nginx.service.labels` | Nginx service labels | `{}` | -| `nginx.service.annotations` | Nginx service annotations | `{}` | -| `nginx.service.ssloffload` | Nginx service SSL offload | false | -| `nginx.service.externalTrafficPolicy`| Nginx service desires to route external traffic to node-local or cluster-wide endpoints. | `Cluster` | -| `nginx.loadBalancerIP`| Provide Static IP to configure with Nginx | | -| `nginx.http.enabled` | Nginx http service enabled/disabled | true | -| `nginx.http.externalPort` | Nginx service external port | `80` | -| `nginx.http.internalPort` | Nginx service internal port | `80` | -| `nginx.https.enabled` | Nginx http service enabled/disabled | true | -| `nginx.https.externalPort` | Nginx service external port | `443` | -| `nginx.https.internalPort` | Nginx service internal port | `443` | -| `nginx.ssh.internalPort` | Nginx SSH internal port | `22` | -| `nginx.ssh.externalPort` | Nginx SSH external port | `22` | -| `nginx.externalPortHttp` | DEPRECATED: Nginx service external port | `80` | -| `nginx.internalPortHttp` | DEPRECATED: Nginx service internal port | `80` | -| `nginx.externalPortHttps` | DEPRECATED: Nginx service external port | `443` | -| `nginx.internalPortHttps` | DEPRECATED: Nginx service internal port | `443` | -| `nginx.livenessProbe.enabled` | would you like a liveness Probe to be enabled | `true` | -| `nginx.livenessProbe.path` | liveness probe HTTP Get path | `/router/api/v1/system/health` | -| `nginx.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 100 | -| `nginx.livenessProbe.periodSeconds` | How often to perform the probe | 10 | -| `nginx.livenessProbe.timeoutSeconds` | When the probe times out | 10 | -| `nginx.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | 1 | -| `nginx.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 10 | -| `nginx.readinessProbe.enabled` | would you like a readinessProbe to be enabled | `true` | -| `nginx.readinessProbe.path` | Readiness probe HTTP Get path | `/router/api/v1/system/health` | -| `nginx.readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | 60 | -| `nginx.readinessProbe.periodSeconds` | How often to perform the probe | 10 | -| `nginx.readinessProbe.timeoutSeconds` | When the probe times out | 10 | -| `nginx.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | 1 | -| `nginx.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 10 | -| `nginx.tlsSecretName` | SSL secret that will be used by the Nginx pod | | -| `nginx.customConfigMap` | Nginx CustomeConfigMap name for `nginx.conf` | ` ` | -| `nginx.customArtifactoryConfigMap`| Nginx CustomeConfigMap name for `artifactory-ha.conf` | ` ` | -| `nginx.resources.requests.memory` | Nginx initial memory request | `250Mi` | -| `nginx.resources.requests.cpu` | Nginx initial cpu request | `100m` | -| `nginx.resources.limits.memory` | Nginx memory limit | `250Mi` | -| `nginx.resources.limits.cpu` | Nginx cpu limit | `500m` | -| `nginx.persistence.mountPath` | Nginx persistence volume mount path | `"/var/opt/jfrog/nginx"` | -| `nginx.persistence.enabled` | Nginx persistence volume enabled. This is only available when the nginx.replicaCount is set to 1 | `false` | -| `nginx.persistence.accessMode` | Nginx persistence volume access mode | `ReadWriteOnce` | -| `nginx.persistence.size` | Nginx persistence volume size | `5Gi` | -| `waitForDatabase` | Wait for database (using wait-for-db init container) | `true` | -| `postgresql.enabled` | Use enclosed PostgreSQL as database | `true` | -| `postgresql.image.registry` | PostgreSQL image registry | `docker.bintray.io` | -| `postgresql.image.repository` | PostgreSQL image repository | `bitnami/postgresql` | -| `postgresql.image.tag` | PostgreSQL image tag | `9.6.18-debian-10-r7` | -| `postgresql.postgresqlDatabase` | PostgreSQL database name | `artifactory` | -| `postgresql.postgresqlUsername` | PostgreSQL database user | `artifactory` | -| `postgresql.postgresqlPassword` | PostgreSQL database password | | -| `postgresql.postgresqlExtendedConf.listenAddresses` | PostgreSQL listen address | `"'*'"` | -| `postgresql.postgresqlExtendedConf.maxConnections` | PostgreSQL max_connections parameter | `1500` | -| `postgresql.persistence.enabled` | PostgreSQL use persistent storage | `true` | -| `postgresql.persistence.size` | PostgreSQL persistent storage size | `50Gi` | -| `postgresql.service.port` | PostgreSQL database port | `5432` | -| `postgresql.resources.requests.memory` | PostgreSQL initial memory request | | -| `postgresql.resources.requests.cpu` | PostgreSQL initial cpu request | | -| `postgresql.resources.limits.memory` | PostgreSQL memory limit | | -| `postgresql.resources.limits.cpu` | PostgreSQL cpu limit | | -| `postgresql.master.nodeSelector` | PostgreSQL master node selector | `{}` | -| `postgresql.master.affinity` | PostgreSQL master node affinity | `{}` | -| `postgresql.master.tolerations` | PostgreSQL master node tolerations | `[]` | -| `postgresql.slave.nodeSelector` | PostgreSQL slave node selector | `{}` | -| `postgresql.slave.affinity` | PostgreSQL slave node affinity | `{}` | -| `postgresql.slave.tolerations` | PostgreSQL slave node tolerations | `[]` | -| `database.type` | External database type (`postgresql`, `mysql`, `oracle` or `mssql`) | | -| `database.driver` | External database driver e.g. `org.postgresql.Driver` | | -| `database.url` | External database connection URL | | -| `database.user` | External database username | | -| `database.password` | External database password | | -| `database.secrets.user.name` | External database username `Secret` name | | -| `database.secrets.user.key` | External database username `Secret` key | | -| `database.secrets.password.name` | External database password `Secret` name | | -| `database.secrets.password.key` | External database password `Secret` key | | -| `database.secrets.url.name ` | External database url `Secret` name | | -| `database.secrets.url.key` | External database url `Secret` key | | -| `networkpolicy.name` | Becomes part of the NetworkPolicy object name | `artifactory` | -| `networkpolicy.podselector` | Contains the YAML that specifies how to match pods. Usually using matchLabels. | | -| `networkpolicy.ingress` | YAML snippet containing to & from rules applied to incoming traffic | `- {}` (open to all inbound traffic) | -| `networkpolicy.egress` | YAML snippet containing to & from rules applied to outgoing traffic | `- {}` (open to all outbound traffic) | -| `filebeat.enabled` | Enable a filebeat container to send your logs to a log management solution like ELK | `false` | -| `filebeat.name` | filebeat container name | `artifactory-filebeat` | -| `filebeat.image.repository` | filebeat Docker image repository | `docker.elastic.co/beats/filebeat` | -| `filebeat.image.version` | filebeat Docker image version | `7.5.1` | -| `filebeat.logstashUrl` | The URL to the central Logstash service, if you have one | `logstash:5044` | -| `filebeat.livenessProbe.exec.command` | liveness probe exec command | see [values.yaml](stable/artifactory-ha/values.yaml) | -| `filebeat.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 10 | -| `filebeat.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 180 | -| `filebeat.livenessProbe.periodSeconds` | How often to perform the probe | 10 | -| `filebeat.readinessProbe.exec.command` | readiness probe exec command | see [values.yaml](stable/artifactory-ha/values.yaml) | -| `filebeat.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 10 | -| `filebeat.readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | 180 | -| `filebeat.readinessProbe.periodSeconds` | How often to perform the probe | 10 | -| `filebeat.resources.requests.memory` | Filebeat initial memory request | | -| `filebeat.resources.requests.cpu` | Filebeat initial cpu request | | -| `filebeat.resources.limits.memory` | Filebeat memory limit | | -| `filebeat.resources.limits.cpu` | Filebeat cpu limit | | -| `filebeat.filebeatYml` | Filebeat yaml configuration file | see [values.yaml](stable/artifactory-ha/values.yaml) | - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. - -## Useful links -- https://www.jfrog.com/confluence/display/EP/Getting+Started -- https://www.jfrog.com/confluence/display/RTF/Installing+Artifactory -- https://www.jfrog.com/confluence/ diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/ReverseProxyConfiguration.md b/charts/artifactory-ha/artifactory-ha/3.0.1400/ReverseProxyConfiguration.md deleted file mode 100755 index 851593236..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/ReverseProxyConfiguration.md +++ /dev/null @@ -1,140 +0,0 @@ -# JFrog Artifactory Reverse Proxy Settings using Nginx - -#### Reverse Proxy -* To use Artifactory as docker registry it's mandatory to use Reverse Proxy. -* Artifactory provides a Reverse Proxy Configuration Generator screen in which you can fill in a set of fields to generate -the required configuration snippet which you can then download and install directly in the corresponding directory of your reverse proxy server. -* To learn about configuring NGINX or Apache for reverse proxy refer to documentation provided on [JFrog wiki](https://www.jfrog.com/confluence/display/RTF/Configuring+a+Reverse+Proxy) -* By default Artifactory helm chart uses Nginx for reverse proxy and load balancing. - -**Note**: Nginx image distributed with Artifactory helm chart is custom image managed and maintained by JFrog. - -#### Features of Artifactory Nginx -* Provides default configuration with self signed SSL certificate generated on each helm install/upgrade. -* Persist configuration and SSL certificate in `/var/opt/jfrog/nginx` directory - -#### Changing the default Artifactory nginx conf -Use a values.yaml file for changing the value of nginx.mainConf or nginx.artifactoryConf -These configuration will be mounted to the nginx container using a configmap. -For example: -1. Create a values file `nginx-values.yaml` with the following values: -```yaml -nginx: - artifactoryConf: | - ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; - ssl_certificate {{ .Values.nginx.persistence.mountPath }}/ssl/tls.crt; - ssl_certificate_key {{ .Values.nginx.persistence.mountPath }}/ssl/tls.key; - ssl_session_cache shared:SSL:1m; - ssl_prefer_server_ciphers on; - ## server configuration - server { - listen {{ .Values.nginx.internalPortHttps }} ssl; - listen {{ .Values.nginx.internalPortHttp }} ; - ## Change to you DNS name you use to access Artifactory - server_name ~(?.+)\.{{ include "artifactory-ha.fullname" . }} {{ include "artifactory-ha.fullname" . }}; - - if ($http_x_forwarded_proto = '') { - set $http_x_forwarded_proto $scheme; - } - ## Application specific logs - ## access_log /var/log/nginx/artifactory-access.log timing; - ## error_log /var/log/nginx/artifactory-error.log; - rewrite ^/$ /artifactory/webapp/ redirect; - rewrite ^/artifactory/?(/webapp)?$ /artifactory/webapp/ redirect; - if ( $repo != "" ) { - rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/$repo/$1/$2 break; - } - rewrite ^/(v1|v2)/([^/]+)(.*)$ /artifactory/api/docker/$2/$1/$3; - rewrite ^/(v1|v2)/ /artifactory/api/docker/$1/; - chunked_transfer_encoding on; - client_max_body_size 0; - location /artifactory/ { - proxy_read_timeout 900; - proxy_pass_header Server; - proxy_cookie_path ~*^/.* /; - if ( $request_uri ~ ^/artifactory/(.*)$ ) { - proxy_pass http://{{ include "artifactory-ha.fullname" . }}:{{ .Values.artifactory.externalPort }}/artifactory/$1; - } - proxy_pass http://{{ include "artifactory-ha.fullname" . }}:{{ .Values.artifactory.externalPort }}/artifactory/; - proxy_set_header X-Artifactory-Override-Base-Url $http_x_forwarded_proto://$host:$server_port/artifactory; - proxy_set_header X-Forwarded-Port $server_port; - proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } - } -``` - -2. Install/upgrade artifactory: -```bash -helm upgrade --install artifactory-ha jfrog/artifactory-ha -f nginx-values.yaml -``` - - -#### Steps to use static configuration for reverse proxy in nginx. -1. Get Artifactory service name using this command `kubectl get svc -n $NAMESPACE` - -2. Create `artifactory.conf` file with nginx configuration. More [nginx configuration examples](https://github.com/jfrog/artifactory-docker-examples/tree/master/files/nginx/conf.d) - - Following is example `artifactory.conf` - - **Note**: - * Create file with name `artifactory.conf` as it's fixed in configMap key. - * Replace `artifactory-artifactory` with service name taken from step 1. - - ```bash - ## add ssl entries when https has been set in config - ssl_certificate /var/opt/jfrog/nginx/ssl/tls.crt; - ssl_certificate_key /var/opt/jfrog/nginx/ssl/tls.key; - ssl_session_cache shared:SSL:1m; - ssl_prefer_server_ciphers on; - ## server configuration - server { - listen 443 ssl; - listen 80; - ## Change to you DNS name you use to access Artifactory - server_name ~(?.+)\.artifactory-artifactory artifactory-artifactory; - - if ($http_x_forwarded_proto = '') { - set $http_x_forwarded_proto $scheme; - } - ## Application specific logs - ## access_log /var/log/nginx/artifactory-access.log timing; - ## error_log /var/log/nginx/artifactory-error.log; - rewrite ^/$ /artifactory/webapp/ redirect; - rewrite ^/artifactory/?(/webapp)?$ /artifactory/webapp/ redirect; - if ( $repo != "" ) { - rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/$repo/$1/$2 break; - } - rewrite ^/(v1|v2)/([^/]+)(.*)$ /artifactory/api/docker/$2/$1/$3; - rewrite ^/(v1|v2)/ /artifactory/api/docker/$1/; - chunked_transfer_encoding on; - client_max_body_size 0; - location /artifactory/ { - proxy_read_timeout 900; - proxy_pass_header Server; - proxy_cookie_path ~*^/.* /; - if ( $request_uri ~ ^/artifactory/(.*)$ ) { - proxy_pass http://artifactory-artifactory:8081/artifactory/$1 break; - } - proxy_pass http://artifactory-artifactory:8081/artifactory/; - proxy_set_header X-Artifactory-Override-Base-Url $http_x_forwarded_proto://$host:$server_port/artifactory; - proxy_set_header X-Forwarded-Port $server_port; - proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } - } - ``` - -3. Create configMap of `artifactory.conf` created with step above. - ```bash - kubectl create configmap art-nginx-conf --from-file=artifactory.conf - ``` -4. Deploy Artifactory using helm chart. - You can achieve this by providing the name of configMap created above to `nginx.customArtifactoryConfigMap` in [values.yaml](values.yaml) - - Following is command to set values at runtime: - ```bash - helm install --name artifactory-ha nginx.customArtifactoryConfigMap=art-nginx-conf jfrog/artifactory-ha - ``` \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/UPGRADE_NOTES.md b/charts/artifactory-ha/artifactory-ha/3.0.1400/UPGRADE_NOTES.md deleted file mode 100755 index 9c7f771be..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/UPGRADE_NOTES.md +++ /dev/null @@ -1,38 +0,0 @@ -# JFrog Artifactory Chart Upgrade Notes -This file describes special upgrade notes needed at specific versions - -## Upgrade from 1.X to 2.X (Chart Versions) - -* If this is a new deployment or you already use an external database (`postgresql.enabled=false`), these changes **do not affect you!** -* To upgrade from a version prior to 1.x, you first need to upgrade to latest version of 1.x as described in https://github.com/jfrog/charts/blob/master/stable/artifactory-ha/CHANGELOG.md. - -## Upgrade from 0.X to 1.X (Chart Versions) -**DOWNTIME IS REQUIRED FOR AN UPGRADE!** -* If this is a new deployment or you already use an external database (`postgresql.enabled=false`), these changes **do not affect you!** -* PostgreSQL sub chart was upgraded to version `6.5.x`. This version is not backward compatible with the old version (`0.9.5`)! -* Note the following **PostgreSQL** Helm chart changes - * The chart configuration has changed! See [values.yaml](values.yaml) for the new keys used - * **PostgreSQL** is deployed as a StatefulSet - * See [PostgreSQL helm chart](https://hub.helm.sh/charts/stable/postgresql) for all available configurations -* Upgrade - * Due to breaking changes in the **PostgreSQL** Helm chart, a migration of the database is needed from the old to the new database - * The recommended migration process is the [full system export and import](https://www.jfrog.com/confluence/display/RTF/Importing+and+Exporting) - * **NOTE:** To save time, export only metadata and configuration (check `Exclude Content` in the `System Import & Export`) since the Artifactory filestore is persisted - * Upgrade steps: - 1. Block user access to Artifactory (do not shutdown) - a. Scale down the cluster to primary node only (`node.replicaCount=0`) so the exported db and configuration will be kept on one known node (the primary) - b. If your Artifactory HA K8s service is set to member nodes only (`service.pool=members`) you will need to access the primary node directly (use `kubectl port-forward`) - 2. Perform `Export System` from the `Admin` -> `Import & Export` -> `System` -> `Export System` - a. Check `Exclude Content` to save export size (as Artifactory filestore will persist across upgrade) - b. Choose to save the export on the persisted Artifactory volume (`/var/opt/jfrog/artifactory/`) - c. Click `Export` (this can take some time) - 3. Run the `helm upgrade` with the new version. Old PostgreSQL will be removed and new one deployed - a. You must pass explicit "ready for upgrade flag" with `--set databaseUpgradeReady=yes`. Failing to provide this will block the upgrade! - 4. Once ready, open Artifactory UI (you might need to re-enter a valid license). Skip all onboarding wizard steps - a. **NOTE:** Don't worry you can't see the old config and files. It will all restore with the system import in the next step - 5. Perform `Import System` from the `Admin` -> `Import & Export` -> `System` -> `Import System` - a. Browse to where the export was saved Artifactory volume (`/var/opt/jfrog/artifactory/`) - b. Click `Import` (this can take some time) - 6. Restore access to Artifactory - a. Scale the cluster member nodes back to the original size - * Artifactory should now be ready to get back to normal operation diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/app-readme.md b/charts/artifactory-ha/artifactory-ha/3.0.1400/app-readme.md deleted file mode 100755 index a5aa5fd47..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/app-readme.md +++ /dev/null @@ -1,16 +0,0 @@ -# JFrog Artifactory High Availability Helm Chart - -Universal Repository Manager supporting all major packaging formats, build tools and CI servers. - -## Chart Details -This chart will do the following: - -* Deploy Artifactory highly available cluster. 1 primary node and 2 member nodes. -* Deploy a PostgreSQL database -* Deploy an Nginx server(optional) - -## Useful links -Blog: [Herd Trust Into Your Rancher Labs Multi-Cloud Strategy with Artifactory](https://jfrog.com/blog/herd-trust-into-your-rancher-labs-multi-cloud-strategy-with-artifactory/) - -## Activate Your Artifactory Instance -Don't have a license? Please send an email to [rancher-jfrog-licenses@jfrog.com](mailto:rancher-jfrog-licenses@jfrog.com) to get it. diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/.helmignore b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/.helmignore deleted file mode 100755 index f0c131944..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/Chart.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/Chart.yaml deleted file mode 100755 index a61a09ff7..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/Chart.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v1 -appVersion: 11.7.0 -description: Chart for PostgreSQL, an object-relational database management system - (ORDBMS) with an emphasis on extensibility and on standards-compliance. -home: https://www.postgresql.org/ -icon: https://bitnami.com/assets/stacks/postgresql/img/postgresql-stack-110x117.png -keywords: -- postgresql -- postgres -- database -- sql -- replication -- cluster -maintainers: -- email: containers@bitnami.com - name: Bitnami -- email: cedric@desaintmartin.fr - name: desaintmartin -name: postgresql -sources: -- https://github.com/bitnami/bitnami-docker-postgresql -version: 8.7.3 diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/README.md b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/README.md deleted file mode 100755 index c2b848af1..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/README.md +++ /dev/null @@ -1,576 +0,0 @@ -# PostgreSQL - -[PostgreSQL](https://www.postgresql.org/) is an object-relational database management system (ORDBMS) with an emphasis on extensibility and on standards-compliance. - -For HA, please see [this repo](https://github.com/bitnami/charts/tree/master/bitnami/postgresql-ha) - -## TL;DR; - -```console -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release bitnami/postgresql -``` - -## Introduction - -This chart bootstraps a [PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/). - -## Prerequisites - -- Kubernetes 1.12+ -- Helm 2.11+ or Helm 3.0-beta3+ -- PV provisioner support in the underlying infrastructure - -## Installing the Chart -To install the chart with the release name `my-release`: - -```console -$ helm install my-release bitnami/postgresql -``` - -The command deploys PostgreSQL on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `my-release` deployment: - -```console -$ helm delete my-release -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Parameters - -The following tables lists the configurable parameters of the PostgreSQL chart and their default values. - -| Parameter | Description | Default | -|-----------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------| -| `global.imageRegistry` | Global Docker Image registry | `nil` | -| `global.postgresql.postgresqlDatabase` | PostgreSQL database (overrides `postgresqlDatabase`) | `nil` | -| `global.postgresql.postgresqlUsername` | PostgreSQL username (overrides `postgresqlUsername`) | `nil` | -| `global.postgresql.existingSecret` | Name of existing secret to use for PostgreSQL passwords (overrides `existingSecret`) | `nil` | -| `global.postgresql.postgresqlPassword` | PostgreSQL admin password (overrides `postgresqlPassword`) | `nil` | -| `global.postgresql.servicePort` | PostgreSQL port (overrides `service.port`) | `nil` | -| `global.postgresql.replicationPassword` | Replication user password (overrides `replication.password`) | `nil` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | -| `global.storageClass` | Global storage class for dynamic provisioning | `nil` | -| `image.registry` | PostgreSQL Image registry | `docker.io` | -| `image.repository` | PostgreSQL Image name | `bitnami/postgresql` | -| `image.tag` | PostgreSQL Image tag | `{TAG_NAME}` | -| `image.pullPolicy` | PostgreSQL Image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Specify Image pull secrets | `nil` (does not add image pull secrets to deployed pods) | -| `image.debug` | Specify if debug values should be set | `false` | -| `nameOverride` | String to partially override postgresql.fullname template with a string (will prepend the release name) | `nil` | -| `fullnameOverride` | String to fully override postgresql.fullname template with a string | `nil` | -| `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work) | `false` | -| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | -| `volumePermissions.image.repository` | Init container volume-permissions image name | `bitnami/minideb` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag | `buster` | -| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `Always` | -| `volumePermissions.securityContext.runAsUser` | User ID for the init container (when facing issues in OpenShift or uid unknown, try value "auto") | `0` | -| `usePasswordFile` | Have the secrets mounted as a file instead of env vars | `false` | -| `ldap.enabled` | Enable LDAP support | `false` | -| `ldap.existingSecret` | Name of existing secret to use for LDAP passwords | `nil` | -| `ldap.url` | LDAP URL beginning in the form `ldap[s]://host[:port]/basedn[?[attribute][?[scope][?[filter]]]]` | `nil` | -| `ldap.server` | IP address or name of the LDAP server. | `nil` | -| `ldap.port` | Port number on the LDAP server to connect to | `nil` | -| `ldap.scheme` | Set to `ldaps` to use LDAPS. | `nil` | -| `ldap.tls` | Set to `1` to use TLS encryption | `nil` | -| `ldap.prefix` | String to prepend to the user name when forming the DN to bind | `nil` | -| `ldap.suffix` | String to append to the user name when forming the DN to bind | `nil` | -| `ldap.search_attr` | Attribute to match agains the user name in the search | `nil` | -| `ldap.search_filter` | The search filter to use when doing search+bind authentication | `nil` | -| `ldap.baseDN` | Root DN to begin the search for the user in | `nil` | -| `ldap.bindDN` | DN of user to bind to LDAP | `nil` | -| `ldap.bind_password` | Password for the user to bind to LDAP | `nil` | -| `replication.enabled` | Enable replication | `false` | -| `replication.user` | Replication user | `repl_user` | -| `replication.password` | Replication user password | `repl_password` | -| `replication.slaveReplicas` | Number of slaves replicas | `1` | -| `replication.synchronousCommit` | Set synchronous commit mode. Allowed values: `on`, `remote_apply`, `remote_write`, `local` and `off` | `off` | -| `replication.numSynchronousReplicas` | Number of replicas that will have synchronous replication. Note: Cannot be greater than `replication.slaveReplicas`. | `0` | -| `replication.applicationName` | Cluster application name. Useful for advanced replication settings | `my_application` | -| `existingSecret` | Name of existing secret to use for PostgreSQL passwords. The secret has to contain the keys `postgresql-postgres-password` which is the password for `postgresqlUsername` when it is different of `postgres`, `postgresql-password` which will override `postgresqlPassword`, `postgresql-replication-password` which will override `replication.password` and `postgresql-ldap-password` which will be sed to authenticate on LDAP. The value is evaluated as a template. | `nil` | -| `postgresqlPostgresPassword` | PostgreSQL admin password (used when `postgresqlUsername` is not `postgres`) | _random 10 character alphanumeric string_ | -| `postgresqlUsername` | PostgreSQL admin user | `postgres` | -| `postgresqlPassword` | PostgreSQL admin password | _random 10 character alphanumeric string_ | -| `postgresqlDatabase` | PostgreSQL database | `nil` | -| `postgresqlDataDir` | PostgreSQL data dir folder | `/bitnami/postgresql` (same value as persistence.mountPath) | -| `extraEnv` | Any extra environment variables you would like to pass on to the pod. The value is evaluated as a template. | `[]` | -| `extraEnvVarsCM` | Name of a Config Map containing extra environment variables you would like to pass on to the pod. The value is evaluated as a template. | `nil` | -| `postgresqlInitdbArgs` | PostgreSQL initdb extra arguments | `nil` | -| `postgresqlInitdbWalDir` | PostgreSQL location for transaction log | `nil` | -| `postgresqlConfiguration` | Runtime Config Parameters | `nil` | -| `postgresqlExtendedConf` | Extended Runtime Config Parameters (appended to main or default configuration) | `nil` | -| `pgHbaConfiguration` | Content of pg_hba.conf | `nil (do not create pg_hba.conf)` | -| `configurationConfigMap` | ConfigMap with the PostgreSQL configuration files (Note: Overrides `postgresqlConfiguration` and `pgHbaConfiguration`). The value is evaluated as a template. | `nil` | -| `extendedConfConfigMap` | ConfigMap with the extended PostgreSQL configuration files. The value is evaluated as a template. | `nil` | -| `initdbScripts` | Dictionary of initdb scripts | `nil` | -| `initdbUser` | PostgreSQL user to execute the .sql and sql.gz scripts | `nil` | -| `initdbPassword` | Password for the user specified in `initdbUser` | `nil` | -| `initdbScriptsConfigMap` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`). The value is evaluated as a template. | `nil` | -| `initdbScriptsSecret` | Secret with initdb scripts that contain sensitive information (Note: can be used with `initdbScriptsConfigMap` or `initdbScripts`). The value is evaluated as a template. | `nil` | -| `service.type` | Kubernetes Service type | `ClusterIP` | -| `service.port` | PostgreSQL port | `5432` | -| `service.nodePort` | Kubernetes Service nodePort | `nil` | -| `service.annotations` | Annotations for PostgreSQL service | `{}` (evaluated as a template) | -| `service.loadBalancerIP` | loadBalancerIP if service type is `LoadBalancer` | `nil` | -| `service.loadBalancerSourceRanges` | Address that are allowed when svc is LoadBalancer | `[]` (evaluated as a template) | -| `schedulerName` | Name of the k8s scheduler (other than default) | `nil` | -| `shmVolume.enabled` | Enable emptyDir volume for /dev/shm for master and slave(s) Pod(s) | `true` | -| `shmVolume.chmod.enabled` | Run at init chmod 777 of the /dev/shm (ignored if `volumePermissions.enabled` is `false`) | `true` | -| `persistence.enabled` | Enable persistence using PVC | `true` | -| `persistence.existingClaim` | Provide an existing `PersistentVolumeClaim`, the value is evaluated as a template. | `nil` | -| `persistence.mountPath` | Path to mount the volume at | `/bitnami/postgresql` | -| `persistence.subPath` | Subdirectory of the volume to mount at | `""` | -| `persistence.storageClass` | PVC Storage Class for PostgreSQL volume | `nil` | -| `persistence.accessModes` | PVC Access Mode for PostgreSQL volume | `[ReadWriteOnce]` | -| `persistence.size` | PVC Storage Request for PostgreSQL volume | `8Gi` | -| `persistence.annotations` | Annotations for the PVC | `{}` | -| `master.nodeSelector` | Node labels for pod assignment (postgresql master) | `{}` | -| `master.affinity` | Affinity labels for pod assignment (postgresql master) | `{}` | -| `master.tolerations` | Toleration labels for pod assignment (postgresql master) | `[]` | -| `master.anotations` | Map of annotations to add to the statefulset (postgresql master) | `{}` | -| `master.labels` | Map of labels to add to the statefulset (postgresql master) | `{}` | -| `master.podAnnotations` | Map of annotations to add to the pods (postgresql master) | `{}` | -| `master.podLabels` | Map of labels to add to the pods (postgresql master) | `{}` | -| `master.priorityClassName` | Priority Class to use for each pod (postgresql master) | `nil` | -| `master.extraInitContainers` | Additional init containers to add to the pods (postgresql master) | `[]` | -| `master.extraVolumeMounts` | Additional volume mounts to add to the pods (postgresql master) | `[]` | -| `master.extraVolumes` | Additional volumes to add to the pods (postgresql master) | `[]` | -| `master.sidecars` | Add additional containers to the pod | `[]` | -| `master.service.type` | Allows using a different service type for Master | `nil` | -| `master.service.nodePort` | Allows using a different nodePort for Master | `nil` | -| `master.service.clusterIP` | Allows using a different clusterIP for Master | `nil` | -| `slave.nodeSelector` | Node labels for pod assignment (postgresql slave) | `{}` | -| `slave.affinity` | Affinity labels for pod assignment (postgresql slave) | `{}` | -| `slave.tolerations` | Toleration labels for pod assignment (postgresql slave) | `[]` | -| `slave.anotations` | Map of annotations to add to the statefulsets (postgresql slave) | `{}` | -| `slave.labels` | Map of labels to add to the statefulsets (postgresql slave) | `{}` | -| `slave.podAnnotations` | Map of annotations to add to the pods (postgresql slave) | `{}` | -| `slave.podLabels` | Map of labels to add to the pods (postgresql slave) | `{}` | -| `slave.priorityClassName` | Priority Class to use for each pod (postgresql slave) | `nil` | -| `slave.extraInitContainers` | Additional init containers to add to the pods (postgresql slave) | `[]` | -| `slave.extraVolumeMounts` | Additional volume mounts to add to the pods (postgresql slave) | `[]` | -| `slave.extraVolumes` | Additional volumes to add to the pods (postgresql slave) | `[]` | -| `slave.sidecars` | Add additional containers to the pod | `[]` | -| `slave.service.type` | Allows using a different service type for Slave | `nil` | -| `slave.service.nodePort` | Allows using a different nodePort for Slave | `nil` | -| `slave.service.clusterIP` | Allows using a different clusterIP for Slave | `nil` | -| `terminationGracePeriodSeconds` | Seconds the pod needs to terminate gracefully | `nil` | -| `resources` | CPU/Memory resource requests/limits | Memory: `256Mi`, CPU: `250m` | -| `securityContext.enabled` | Enable security context | `true` | -| `securityContext.fsGroup` | Group ID for the container | `1001` | -| `securityContext.runAsUser` | User ID for the container | `1001` | -| `serviceAccount.enabled` | Enable service account (Note: Service Account will only be automatically created if `serviceAccount.name` is not set) | `false` | -| `serviceAcccount.name` | Name of existing service account | `nil` | -| `livenessProbe.enabled` | Would you like a livenessProbe to be enabled | `true` | -| `networkPolicy.enabled` | Enable NetworkPolicy | `false` | -| `networkPolicy.allowExternal` | Don't require client label for connections | `true` | -| `networkPolicy.explicitNamespacesSelector` | A Kubernetes LabelSelector to explicitly select namespaces from which ingress traffic could be allowed | `{}` | -| `livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 30 | -| `livenessProbe.periodSeconds` | How often to perform the probe | 10 | -| `livenessProbe.timeoutSeconds` | When the probe times out | 5 | -| `livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | -| `livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | -| `readinessProbe.enabled` | would you like a readinessProbe to be enabled | `true` | -| `readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | 5 | -| `readinessProbe.periodSeconds` | How often to perform the probe | 10 | -| `readinessProbe.timeoutSeconds` | When the probe times out | 5 | -| `readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | -| `readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | -| `metrics.enabled` | Start a prometheus exporter | `false` | -| `metrics.service.type` | Kubernetes Service type | `ClusterIP` | -| `service.clusterIP` | Static clusterIP or None for headless services | `nil` | -| `metrics.service.annotations` | Additional annotations for metrics exporter pod | `{ prometheus.io/scrape: "true", prometheus.io/port: "9187"}` | -| `metrics.service.loadBalancerIP` | loadBalancerIP if redis metrics service type is `LoadBalancer` | `nil` | -| `metrics.serviceMonitor.enabled` | Set this to `true` to create ServiceMonitor for Prometheus operator | `false` | -| `metrics.serviceMonitor.additionalLabels` | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus | `{}` | -| `metrics.serviceMonitor.namespace` | Optional namespace in which to create ServiceMonitor | `nil` | -| `metrics.serviceMonitor.interval` | Scrape interval. If not set, the Prometheus default scrape interval is used | `nil` | -| `metrics.serviceMonitor.scrapeTimeout` | Scrape timeout. If not set, the Prometheus default scrape timeout is used | `nil` | -| `metrics.prometheusRule.enabled` | Set this to true to create prometheusRules for Prometheus operator | `false` | -| `metrics.prometheusRule.additionalLabels` | Additional labels that can be used so prometheusRules will be discovered by Prometheus | `{}` | -| `metrics.prometheusRule.namespace` | namespace where prometheusRules resource should be created | the same namespace as postgresql | -| `metrics.prometheusRule.rules` | [rules](https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/) to be created, check values for an example. | `[]` | -| `metrics.image.registry` | PostgreSQL Image registry | `docker.io` | -| `metrics.image.repository` | PostgreSQL Image name | `bitnami/postgres-exporter` | -| `metrics.image.tag` | PostgreSQL Image tag | `{TAG_NAME}` | -| `metrics.image.pullPolicy` | PostgreSQL Image pull policy | `IfNotPresent` | -| `metrics.image.pullSecrets` | Specify Image pull secrets | `nil` (does not add image pull secrets to deployed pods) | -| `metrics.customMetrics` | Additional custom metrics | `nil` | -| `metrics.securityContext.enabled` | Enable security context for metrics | `false` | -| `metrics.securityContext.runAsUser` | User ID for the container for metrics | `1001` | -| `metrics.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 30 | -| `metrics.livenessProbe.periodSeconds` | How often to perform the probe | 10 | -| `metrics.livenessProbe.timeoutSeconds` | When the probe times out | 5 | -| `metrics.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | -| `metrics.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | -| `metrics.readinessProbe.enabled` | would you like a readinessProbe to be enabled | `true` | -| `metrics.readinessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 5 | -| `metrics.readinessProbe.periodSeconds` | How often to perform the probe | 10 | -| `metrics.readinessProbe.timeoutSeconds` | When the probe times out | 5 | -| `metrics.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | -| `metrics.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | -| `updateStrategy` | Update strategy policy | `{type: "RollingUpdate"}` | - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```console -$ helm install my-release \ - --set postgresqlPassword=secretpassword,postgresqlDatabase=my-database \ - bitnami/postgresql -``` - -The above command sets the PostgreSQL `postgres` account password to `secretpassword`. Additionally it creates a database named `my-database`. - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```console -$ helm install my-release -f values.yaml bitnami/postgresql -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -## Configuration and installation details - -### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) - -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. - -Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. - -### Production configuration and horizontal scaling - -This chart includes a `values-production.yaml` file where you can find some parameters oriented to production configuration in comparison to the regular `values.yaml`. You can use this file instead of the default one. - -- Enable replication: -```diff -- replication.enabled: false -+ replication.enabled: true -``` - -- Number of slaves replicas: -```diff -- replication.slaveReplicas: 1 -+ replication.slaveReplicas: 2 -``` - -- Set synchronous commit mode: -```diff -- replication.synchronousCommit: "off" -+ replication.synchronousCommit: "on" -``` - -- Number of replicas that will have synchronous replication: -```diff -- replication.numSynchronousReplicas: 0 -+ replication.numSynchronousReplicas: 1 -``` - -- Start a prometheus exporter: -```diff -- metrics.enabled: false -+ metrics.enabled: true -``` - -To horizontally scale this chart, you can use the `--replicas` flag to modify the number of nodes in your PostgreSQL deployment. Also you can use the `values-production.yaml` file or modify the parameters shown above. - -### Customizing Master and Slave services in a replicated configuration - -At the top level, there is a service object which defines the services for both master and slave. For deeper customization, there are service objects for both the master and slave types individually. This allows you to override the values in the top level service object so that the master and slave can be of different service types and with different clusterIPs / nodePorts. Also in the case you want the master and slave to be of type nodePort, you will need to set the nodePorts to different values to prevent a collision. The values that are deeper in the master.service or slave.service objects will take precedence over the top level service object. - -### Change PostgreSQL version - -To modify the PostgreSQL version used in this chart you can specify a [valid image tag](https://hub.docker.com/r/bitnami/postgresql/tags/) using the `image.tag` parameter. For example, `image.tag=12.0.0` - -### postgresql.conf / pg_hba.conf files as configMap - -This helm chart also supports to customize the whole configuration file. - -Add your custom file to "files/postgresql.conf" in your working directory. This file will be mounted as configMap to the containers and it will be used for configuring the PostgreSQL server. - -Alternatively, you can specify PostgreSQL configuration parameters using the `postgresqlConfiguration` parameter as a dict, using camelCase, e.g. {"sharedBuffers": "500MB"}. - -In addition to these options, you can also set an external ConfigMap with all the configuration files. This is done by setting the `configurationConfigMap` parameter. Note that this will override the two previous options. - -### Allow settings to be loaded from files other than the default `postgresql.conf` - -If you don't want to provide the whole PostgreSQL configuration file and only specify certain parameters, you can add your extended `.conf` files to "files/conf.d/" in your working directory. -Those files will be mounted as configMap to the containers adding/overwriting the default configuration using the `include_dir` directive that allows settings to be loaded from files other than the default `postgresql.conf`. - -Alternatively, you can also set an external ConfigMap with all the extra configuration files. This is done by setting the `extendedConfConfigMap` parameter. Note that this will override the previous option. - -### Initialize a fresh instance - -The [Bitnami PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) image allows you to use your custom scripts to initialize a fresh instance. In order to execute the scripts, they must be located inside the chart folder `files/docker-entrypoint-initdb.d` so they can be consumed as a ConfigMap. - -Alternatively, you can specify custom scripts using the `initdbScripts` parameter as dict. - -In addition to these options, you can also set an external ConfigMap with all the initialization scripts. This is done by setting the `initdbScriptsConfigMap` parameter. Note that this will override the two previous options. If your initialization scripts contain sensitive information such as credentials or passwords, you can use the `initdbScriptsSecret` parameter. - -The allowed extensions are `.sh`, `.sql` and `.sql.gz`. - -### Sidecars - -If you need additional containers to run within the same pod as PostgreSQL (e.g. an additional metrics or logging exporter), you can do so via the `sidecars` config parameter. Simply define your container according to the Kubernetes container spec. - -```yaml -# For the PostgreSQL master -master: - sidecars: - - name: your-image-name - image: your-image - imagePullPolicy: Always - ports: - - name: portname - containerPort: 1234 -# For the PostgreSQL replicas -slave: - sidecars: - - name: your-image-name - image: your-image - imagePullPolicy: Always - ports: - - name: portname - containerPort: 1234 -``` - -### Metrics - -The chart optionally can start a metrics exporter for [prometheus](https://prometheus.io). The metrics endpoint (port 9187) is not exposed and it is expected that the metrics are collected from inside the k8s cluster using something similar as the described in the [example Prometheus scrape configuration](https://github.com/prometheus/prometheus/blob/master/documentation/examples/prometheus-kubernetes.yml). - -The exporter allows to create custom metrics from additional SQL queries. See the Chart's `values.yaml` for an example and consult the [exporters documentation](https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file) for more details. - -### Use of global variables - -In more complex scenarios, we may have the following tree of dependencies - -``` - +--------------+ - | | - +------------+ Chart 1 +-----------+ - | | | | - | --------+------+ | - | | | - | | | - | | | - | | | - v v v -+-------+------+ +--------+------+ +--------+------+ -| | | | | | -| PostgreSQL | | Sub-chart 1 | | Sub-chart 2 | -| | | | | | -+--------------+ +---------------+ +---------------+ -``` - -The three charts below depend on the parent chart Chart 1. However, subcharts 1 and 2 may need to connect to PostgreSQL as well. In order to do so, subcharts 1 and 2 need to know the PostgreSQL credentials, so one option for deploying could be deploy Chart 1 with the following parameters: - -``` -postgresql.postgresqlPassword=testtest -subchart1.postgresql.postgresqlPassword=testtest -subchart2.postgresql.postgresqlPassword=testtest -postgresql.postgresqlDatabase=db1 -subchart1.postgresql.postgresqlDatabase=db1 -subchart2.postgresql.postgresqlDatabase=db1 -``` - -If the number of dependent sub-charts increases, installing the chart with parameters can become increasingly difficult. An alternative would be to set the credentials using global variables as follows: - -``` -global.postgresql.postgresqlPassword=testtest -global.postgresql.postgresqlDatabase=db1 -``` - -This way, the credentials will be available in all of the subcharts. - -## Persistence - -The [Bitnami PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) image stores the PostgreSQL data and configurations at the `/bitnami/postgresql` path of the container. - -Persistent Volume Claims are used to keep the data across deployments. This is known to work in GCE, AWS, and minikube. -See the [Parameters](#parameters) section to configure the PVC or to disable persistence. - -If you already have data in it, you will fail to sync to standby nodes for all commits, details can refer to [code](https://github.com/bitnami/bitnami-docker-postgresql/blob/8725fe1d7d30ebe8d9a16e9175d05f7ad9260c93/9.6/debian-9/rootfs/libpostgresql.sh#L518-L556). If you need to use those data, please covert them to sql and import after `helm install` finished. - -## NetworkPolicy - -To enable network policy for PostgreSQL, install [a networking plugin that implements the Kubernetes NetworkPolicy spec](https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy#before-you-begin), and set `networkPolicy.enabled` to `true`. - -For Kubernetes v1.5 & v1.6, you must also turn on NetworkPolicy by setting the DefaultDeny namespace annotation. Note: this will enforce policy for _all_ pods in the namespace: - -```console -$ kubectl annotate namespace default "net.beta.kubernetes.io/network-policy={\"ingress\":{\"isolation\":\"DefaultDeny\"}}" -``` - -With NetworkPolicy enabled, traffic will be limited to just port 5432. - -For more precise policy, set `networkPolicy.allowExternal=false`. This will only allow pods with the generated client label to connect to PostgreSQL. -This label will be displayed in the output of a successful install. - -## Differences between Bitnami PostgreSQL image and [Docker Official](https://hub.docker.com/_/postgres) image - -- The Docker Official PostgreSQL image does not support replication. If you pass any replication environment variable, this would be ignored. The only environment variables supported by the Docker Official image are POSTGRES_USER, POSTGRES_DB, POSTGRES_PASSWORD, POSTGRES_INITDB_ARGS, POSTGRES_INITDB_WALDIR and PGDATA. All the remaining environment variables are specific to the Bitnami PostgreSQL image. -- The Bitnami PostgreSQL image is non-root by default. This requires that you run the pod with `securityContext` and updates the permissions of the volume with an `initContainer`. A key benefit of this configuration is that the pod follows security best practices and is prepared to run on Kubernetes distributions with hard security constraints like OpenShift. -- For OpenShift, one may either define the runAsUser and fsGroup accordingly, or try this more dynamic option: volumePermissions.securityContext.runAsUser="auto",securityContext.enabled=false,shmVolume.chmod.enabled=false - -### Deploy chart using Docker Official PostgreSQL Image - -From chart version 4.0.0, it is possible to use this chart with the Docker Official PostgreSQL image. -Besides specifying the new Docker repository and tag, it is important to modify the PostgreSQL data directory and volume mount point. Basically, the PostgreSQL data dir cannot be the mount point directly, it has to be a subdirectory. - -``` -image.repository=postgres -image.tag=10.6 -postgresqlDataDir=/data/pgdata -persistence.mountPath=/data/ -``` - -## Upgrade - -It's necessary to specify the existing passwords while performing an upgrade to ensure the secrets are not updated with invalid randomly generated passwords. Remember to specify the existing values of the `postgresqlPassword` and `replication.password` parameters when upgrading the chart: - -```bash -$ helm upgrade my-release stable/postgresql \ - --set postgresqlPassword=[POSTGRESQL_PASSWORD] \ - --set replication.password=[REPLICATION_PASSWORD] -``` - -> Note: you need to substitute the placeholders _[POSTGRESQL_PASSWORD]_, and _[REPLICATION_PASSWORD]_ with the values obtained from instructions in the installation notes. - -## 8.0.0 - -Prefixes the port names with their protocols to comply with Istio conventions. - -If you depend on the port names in your setup, make sure to update them to reflect this change. - -## 7.1.0 - -Adds support for LDAP configuration. - -## 7.0.0 - -Helm performs a lookup for the object based on its group (apps), version (v1), and kind (Deployment). Also known as its GroupVersionKind, or GVK. Changing the GVK is considered a compatibility breaker from Kubernetes' point of view, so you cannot "upgrade" those objects to the new GVK in-place. Earlier versions of Helm 3 did not perform the lookup correctly which has since been fixed to match the spec. - -In https://github.com/helm/charts/pull/17281 the `apiVersion` of the statefulset resources was updated to `apps/v1` in tune with the api's deprecated, resulting in compatibility breakage. - -This major version bump signifies this change. - -## 6.5.7 - -In this version, the chart will use PostgreSQL with the Postgis extension included. The version used with Postgresql version 10, 11 and 12 is Postgis 2.5. It has been compiled with the following dependencies: - -- protobuf -- protobuf-c -- json-c -- geos -- proj - -## 5.0.0 - -In this version, the **chart is using PostgreSQL 11 instead of PostgreSQL 10**. You can find the main difference and notable changes in the following links: [https://www.postgresql.org/about/news/1894/](https://www.postgresql.org/about/news/1894/) and [https://www.postgresql.org/about/featurematrix/](https://www.postgresql.org/about/featurematrix/). - -For major releases of PostgreSQL, the internal data storage format is subject to change, thus complicating upgrades, you can see some errors like the following one in the logs: - -```console -Welcome to the Bitnami postgresql container -Subscribe to project updates by watching https://github.com/bitnami/bitnami-docker-postgresql -Submit issues and feature requests at https://github.com/bitnami/bitnami-docker-postgresql/issues -Send us your feedback at containers@bitnami.com - -INFO ==> ** Starting PostgreSQL setup ** -NFO ==> Validating settings in POSTGRESQL_* env vars.. -INFO ==> Initializing PostgreSQL database... -INFO ==> postgresql.conf file not detected. Generating it... -INFO ==> pg_hba.conf file not detected. Generating it... -INFO ==> Deploying PostgreSQL with persisted data... -INFO ==> Configuring replication parameters -INFO ==> Loading custom scripts... -INFO ==> Enabling remote connections -INFO ==> Stopping PostgreSQL... -INFO ==> ** PostgreSQL setup finished! ** - -INFO ==> ** Starting PostgreSQL ** - [1] FATAL: database files are incompatible with server - [1] DETAIL: The data directory was initialized by PostgreSQL version 10, which is not compatible with this version 11.3. -``` - -In this case, you should migrate the data from the old chart to the new one following an approach similar to that described in [this section](https://www.postgresql.org/docs/current/upgrading.html#UPGRADING-VIA-PGDUMPALL) from the official documentation. Basically, create a database dump in the old chart, move and restore it in the new one. - -### 4.0.0 - -This chart will use by default the Bitnami PostgreSQL container starting from version `10.7.0-r68`. This version moves the initialization logic from node.js to bash. This new version of the chart requires setting the `POSTGRES_PASSWORD` in the slaves as well, in order to properly configure the `pg_hba.conf` file. Users from previous versions of the chart are advised to upgrade immediately. - -IMPORTANT: If you do not want to upgrade the chart version then make sure you use the `10.7.0-r68` version of the container. Otherwise, you will get this error - -``` -The POSTGRESQL_PASSWORD environment variable is empty or not set. Set the environment variable ALLOW_EMPTY_PASSWORD=yes to allow the container to be started with blank passwords. This is recommended only for development -``` - -### 3.0.0 - -This releases make it possible to specify different nodeSelector, affinity and tolerations for master and slave pods. -It also fixes an issue with `postgresql.master.fullname` helper template not obeying fullnameOverride. - -#### Breaking changes - -- `affinty` has been renamed to `master.affinity` and `slave.affinity`. -- `tolerations` has been renamed to `master.tolerations` and `slave.tolerations`. -- `nodeSelector` has been renamed to `master.nodeSelector` and `slave.nodeSelector`. - -### 2.0.0 - -In order to upgrade from the `0.X.X` branch to `1.X.X`, you should follow the below steps: - - - Obtain the service name (`SERVICE_NAME`) and password (`OLD_PASSWORD`) of the existing postgresql chart. You can find the instructions to obtain the password in the NOTES.txt, the service name can be obtained by running - -```console -$ kubectl get svc -``` - -- Install (not upgrade) the new version - -```console -$ helm repo update -$ helm install my-release bitnami/postgresql -``` - -- Connect to the new pod (you can obtain the name by running `kubectl get pods`): - -```console -$ kubectl exec -it NAME bash -``` - -- Once logged in, create a dump file from the previous database using `pg_dump`, for that we should connect to the previous postgresql chart: - -```console -$ pg_dump -h SERVICE_NAME -U postgres DATABASE_NAME > /tmp/backup.sql -``` - -After run above command you should be prompted for a password, this password is the previous chart password (`OLD_PASSWORD`). -This operation could take some time depending on the database size. - -- Once you have the backup file, you can restore it with a command like the one below: - -```console -$ psql -U postgres DATABASE_NAME < /tmp/backup.sql -``` - -In this case, you are accessing to the local postgresql, so the password should be the new one (you can find it in NOTES.txt). - -If you want to restore the database and the database schema does not exist, it is necessary to first follow the steps described below. - -```console -$ psql -U postgres -postgres=# drop database DATABASE_NAME; -postgres=# create database DATABASE_NAME; -postgres=# create user USER_NAME; -postgres=# alter role USER_NAME with password 'BITNAMI_USER_PASSWORD'; -postgres=# grant all privileges on database DATABASE_NAME to USER_NAME; -postgres=# alter database DATABASE_NAME owner to USER_NAME; -``` diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/ci/default-values.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/ci/default-values.yaml deleted file mode 100755 index fc2ba605a..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/ci/default-values.yaml +++ /dev/null @@ -1 +0,0 @@ -# Leave this file empty to ensure that CI runs builds against the default configuration in values.yaml. diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/ci/shmvolume-disabled-values.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/ci/shmvolume-disabled-values.yaml deleted file mode 100755 index 347d3b40a..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/ci/shmvolume-disabled-values.yaml +++ /dev/null @@ -1,2 +0,0 @@ -shmVolume: - enabled: false diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/files/README.md b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/files/README.md deleted file mode 100755 index 1813a2fea..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/files/README.md +++ /dev/null @@ -1 +0,0 @@ -Copy here your postgresql.conf and/or pg_hba.conf files to use it as a config map. diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/files/conf.d/README.md b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/files/conf.d/README.md deleted file mode 100755 index 184c1875d..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/files/conf.d/README.md +++ /dev/null @@ -1,4 +0,0 @@ -If you don't want to provide the whole configuration file and only specify certain parameters, you can copy here your extended `.conf` files. -These files will be injected as a config maps and add/overwrite the default configuration using the `include_dir` directive that allows settings to be loaded from files other than the default `postgresql.conf`. - -More info in the [bitnami-docker-postgresql README](https://github.com/bitnami/bitnami-docker-postgresql#configuration-file). diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/files/docker-entrypoint-initdb.d/README.md b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/files/docker-entrypoint-initdb.d/README.md deleted file mode 100755 index cba38091e..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/files/docker-entrypoint-initdb.d/README.md +++ /dev/null @@ -1,3 +0,0 @@ -You can copy here your custom `.sh`, `.sql` or `.sql.gz` file so they are executed during the first boot of the image. - -More info in the [bitnami-docker-postgresql](https://github.com/bitnami/bitnami-docker-postgresql#initializing-a-new-instance) repository. \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/NOTES.txt b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/NOTES.txt deleted file mode 100755 index 3b5e6c60d..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/NOTES.txt +++ /dev/null @@ -1,60 +0,0 @@ -** Please be patient while the chart is being deployed ** - -PostgreSQL can be accessed via port {{ template "postgresql.port" . }} on the following DNS name from within your cluster: - - {{ template "postgresql.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local - Read/Write connection -{{- if .Values.replication.enabled }} - {{ template "postgresql.fullname" . }}-read.{{ .Release.Namespace }}.svc.cluster.local - Read only connection -{{- end }} - -{{- if and .Values.postgresqlPostgresPassword (not (eq .Values.postgresqlUsername "postgres")) }} - -To get the password for "postgres" run: - - export POSTGRES_ADMIN_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "postgresql.secretName" . }} -o jsonpath="{.data.postgresql-postgres-password}" | base64 --decode) -{{- end }} - -To get the password for "{{ template "postgresql.username" . }}" run: - - export POSTGRES_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "postgresql.secretName" . }} -o jsonpath="{.data.postgresql-password}" | base64 --decode) - -To connect to your database run the following command: - - kubectl run {{ template "postgresql.fullname" . }}-client --rm --tty -i --restart='Never' --namespace {{ .Release.Namespace }} --image {{ template "postgresql.image" . }} --env="PGPASSWORD=$POSTGRES_PASSWORD" {{- if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }} - --labels="{{ template "postgresql.fullname" . }}-client=true" {{- end }} --command -- psql --host {{ template "postgresql.fullname" . }} -U {{ .Values.postgresqlUsername }} -d {{- if .Values.postgresqlDatabase }} {{ .Values.postgresqlDatabase }}{{- else }} postgres{{- end }} -p {{ template "postgresql.port" . }} - -{{ if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }} -Note: Since NetworkPolicy is enabled, only pods with label {{ template "postgresql.fullname" . }}-client=true" will be able to connect to this PostgreSQL cluster. -{{- end }} - -To connect to your database from outside the cluster execute the following commands: - -{{- if contains "NodePort" .Values.service.type }} - - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "postgresql.fullname" . }}) - {{ if (include "postgresql.password" . ) }}PGPASSWORD="$POSTGRES_PASSWORD" {{ end }}psql --host $NODE_IP --port $NODE_PORT -U {{ .Values.postgresqlUsername }} -d {{- if .Values.postgresqlDatabase }} {{ .Values.postgresqlDatabase }}{{- else }} postgres{{- end }} - -{{- else if contains "LoadBalancer" .Values.service.type }} - - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "postgresql.fullname" . }}' - - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "postgresql.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - {{ if (include "postgresql.password" . ) }}PGPASSWORD="$POSTGRES_PASSWORD" {{ end }}psql --host $SERVICE_IP --port {{ template "postgresql.port" . }} -U {{ .Values.postgresqlUsername }} -d {{- if .Values.postgresqlDatabase }} {{ .Values.postgresqlDatabase }}{{- else }} postgres{{- end }} - -{{- else if contains "ClusterIP" .Values.service.type }} - - kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "postgresql.fullname" . }} {{ template "postgresql.port" . }}:{{ template "postgresql.port" . }} & - {{ if (include "postgresql.password" . ) }}PGPASSWORD="$POSTGRES_PASSWORD" {{ end }}psql --host 127.0.0.1 -U {{ .Values.postgresqlUsername }} -d {{- if .Values.postgresqlDatabase }} {{ .Values.postgresqlDatabase }}{{- else }} postgres{{- end }} -p {{ template "postgresql.port" . }} - -{{- end }} - -{{- include "postgresql.validateValues" . -}} - -{{- if and (contains "bitnami/" .Values.image.repository) (not (.Values.image.tag | toString | regexFind "-r\\d+$|sha256:")) }} - -WARNING: Rolling tag detected ({{ .Values.image.repository }}:{{ .Values.image.tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment. -+info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/ - -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/_helpers.tpl b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/_helpers.tpl deleted file mode 100755 index 708434856..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/_helpers.tpl +++ /dev/null @@ -1,420 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "postgresql.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "postgresql.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "postgresql.master.fullname" -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- $fullname := default (printf "%s-%s" .Release.Name $name) .Values.fullnameOverride -}} -{{- if .Values.replication.enabled -}} -{{- printf "%s-%s" $fullname "master" | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s" $fullname | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for networkpolicy. -*/}} -{{- define "postgresql.networkPolicy.apiVersion" -}} -{{- if semverCompare ">=1.4-0, <1.7-0" .Capabilities.KubeVersion.GitVersion -}} -"extensions/v1beta1" -{{- else if semverCompare "^1.7-0" .Capabilities.KubeVersion.GitVersion -}} -"networking.k8s.io/v1" -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "postgresql.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Return the proper PostgreSQL image name -*/}} -{{- define "postgresql.image" -}} -{{- $registryName := .Values.image.registry -}} -{{- $repositoryName := .Values.image.repository -}} -{{- $tag := .Values.image.tag | toString -}} -{{/* -Helm 2.11 supports the assignment of a value to a variable defined in a different scope, -but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic. -Also, we can't use a single if because lazy evaluation is not an option -*/}} -{{- if .Values.global }} - {{- if .Values.global.imageRegistry }} - {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}} - {{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} - {{- end -}} -{{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} -{{- end -}} -{{- end -}} - -{{/* -Return PostgreSQL postgres user password -*/}} -{{- define "postgresql.postgres.password" -}} -{{- if .Values.global.postgresql.postgresqlPostgresPassword }} - {{- .Values.global.postgresql.postgresqlPostgresPassword -}} -{{- else if .Values.postgresqlPostgresPassword -}} - {{- .Values.postgresqlPostgresPassword -}} -{{- else -}} - {{- randAlphaNum 10 -}} -{{- end -}} -{{- end -}} - -{{/* -Return PostgreSQL password -*/}} -{{- define "postgresql.password" -}} -{{- if .Values.global.postgresql.postgresqlPassword }} - {{- .Values.global.postgresql.postgresqlPassword -}} -{{- else if .Values.postgresqlPassword -}} - {{- .Values.postgresqlPassword -}} -{{- else -}} - {{- randAlphaNum 10 -}} -{{- end -}} -{{- end -}} - -{{/* -Return PostgreSQL replication password -*/}} -{{- define "postgresql.replication.password" -}} -{{- if .Values.global.postgresql.replicationPassword }} - {{- .Values.global.postgresql.replicationPassword -}} -{{- else if .Values.replication.password -}} - {{- .Values.replication.password -}} -{{- else -}} - {{- randAlphaNum 10 -}} -{{- end -}} -{{- end -}} - -{{/* -Return PostgreSQL username -*/}} -{{- define "postgresql.username" -}} -{{- if .Values.global.postgresql.postgresqlUsername }} - {{- .Values.global.postgresql.postgresqlUsername -}} -{{- else -}} - {{- .Values.postgresqlUsername -}} -{{- end -}} -{{- end -}} - - -{{/* -Return PostgreSQL replication username -*/}} -{{- define "postgresql.replication.username" -}} -{{- if .Values.global.postgresql.replicationUser }} - {{- .Values.global.postgresql.replicationUser -}} -{{- else -}} - {{- .Values.replication.user -}} -{{- end -}} -{{- end -}} - -{{/* -Return PostgreSQL port -*/}} -{{- define "postgresql.port" -}} -{{- if .Values.global.postgresql.servicePort }} - {{- .Values.global.postgresql.servicePort -}} -{{- else -}} - {{- .Values.service.port -}} -{{- end -}} -{{- end -}} - -{{/* -Return PostgreSQL created database -*/}} -{{- define "postgresql.database" -}} -{{- if .Values.global.postgresql.postgresqlDatabase }} - {{- .Values.global.postgresql.postgresqlDatabase -}} -{{- else if .Values.postgresqlDatabase -}} - {{- .Values.postgresqlDatabase -}} -{{- end -}} -{{- end -}} - -{{/* -Return the proper image name to change the volume permissions -*/}} -{{- define "postgresql.volumePermissions.image" -}} -{{- $registryName := .Values.volumePermissions.image.registry -}} -{{- $repositoryName := .Values.volumePermissions.image.repository -}} -{{- $tag := .Values.volumePermissions.image.tag | toString -}} -{{/* -Helm 2.11 supports the assignment of a value to a variable defined in a different scope, -but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic. -Also, we can't use a single if because lazy evaluation is not an option -*/}} -{{- if .Values.global }} - {{- if .Values.global.imageRegistry }} - {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}} - {{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} - {{- end -}} -{{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} -{{- end -}} -{{- end -}} - -{{/* -Return the proper PostgreSQL metrics image name -*/}} -{{- define "postgresql.metrics.image" -}} -{{- $registryName := default "docker.io" .Values.metrics.image.registry -}} -{{- $repositoryName := .Values.metrics.image.repository -}} -{{- $tag := default "latest" .Values.metrics.image.tag | toString -}} -{{/* -Helm 2.11 supports the assignment of a value to a variable defined in a different scope, -but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic. -Also, we can't use a single if because lazy evaluation is not an option -*/}} -{{- if .Values.global }} - {{- if .Values.global.imageRegistry }} - {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}} - {{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} - {{- end -}} -{{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} -{{- end -}} -{{- end -}} - -{{/* -Get the password secret. -*/}} -{{- define "postgresql.secretName" -}} -{{- if .Values.global.postgresql.existingSecret }} - {{- printf "%s" (tpl .Values.global.postgresql.existingSecret $) -}} -{{- else if .Values.existingSecret -}} - {{- printf "%s" (tpl .Values.existingSecret $) -}} -{{- else -}} - {{- printf "%s" (include "postgresql.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if a secret object should be created -*/}} -{{- define "postgresql.createSecret" -}} -{{- if .Values.global.postgresql.existingSecret }} -{{- else if .Values.existingSecret -}} -{{- else -}} - {{- true -}} -{{- end -}} -{{- end -}} - -{{/* -Get the configuration ConfigMap name. -*/}} -{{- define "postgresql.configurationCM" -}} -{{- if .Values.configurationConfigMap -}} -{{- printf "%s" (tpl .Values.configurationConfigMap $) -}} -{{- else -}} -{{- printf "%s-configuration" (include "postgresql.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Get the extended configuration ConfigMap name. -*/}} -{{- define "postgresql.extendedConfigurationCM" -}} -{{- if .Values.extendedConfConfigMap -}} -{{- printf "%s" (tpl .Values.extendedConfConfigMap $) -}} -{{- else -}} -{{- printf "%s-extended-configuration" (include "postgresql.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Get the initialization scripts ConfigMap name. -*/}} -{{- define "postgresql.initdbScriptsCM" -}} -{{- if .Values.initdbScriptsConfigMap -}} -{{- printf "%s" (tpl .Values.initdbScriptsConfigMap $) -}} -{{- else -}} -{{- printf "%s-init-scripts" (include "postgresql.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Get the initialization scripts Secret name. -*/}} -{{- define "postgresql.initdbScriptsSecret" -}} -{{- printf "%s" (tpl .Values.initdbScriptsSecret $) -}} -{{- end -}} - -{{/* -Get the metrics ConfigMap name. -*/}} -{{- define "postgresql.metricsCM" -}} -{{- printf "%s-metrics" (include "postgresql.fullname" .) -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "postgresql.imagePullSecrets" -}} -{{/* -Helm 2.11 supports the assignment of a value to a variable defined in a different scope, -but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic. -Also, we can not use a single if because lazy evaluation is not an option -*/}} -{{- if .Values.global }} -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- else if or .Values.image.pullSecrets .Values.metrics.image.pullSecrets .Values.volumePermissions.image.pullSecrets }} -imagePullSecrets: -{{- range .Values.image.pullSecrets }} - - name: {{ . }} -{{- end }} -{{- range .Values.metrics.image.pullSecrets }} - - name: {{ . }} -{{- end }} -{{- range .Values.volumePermissions.image.pullSecrets }} - - name: {{ . }} -{{- end }} -{{- end -}} -{{- else if or .Values.image.pullSecrets .Values.metrics.image.pullSecrets .Values.volumePermissions.image.pullSecrets }} -imagePullSecrets: -{{- range .Values.image.pullSecrets }} - - name: {{ . }} -{{- end }} -{{- range .Values.metrics.image.pullSecrets }} - - name: {{ . }} -{{- end }} -{{- range .Values.volumePermissions.image.pullSecrets }} - - name: {{ . }} -{{- end }} -{{- end -}} -{{- end -}} - -{{/* -Get the readiness probe command -*/}} -{{- define "postgresql.readinessProbeCommand" -}} -- | -{{- if (include "postgresql.database" .) }} - exec pg_isready -U {{ include "postgresql.username" . | quote }} -d {{ (include "postgresql.database" .) | quote }} -h 127.0.0.1 -p {{ template "postgresql.port" . }} -{{- else }} - exec pg_isready -U {{ include "postgresql.username" . | quote }} -h 127.0.0.1 -p {{ template "postgresql.port" . }} -{{- end }} -{{- if contains "bitnami/" .Values.image.repository }} - [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ] -{{- end -}} -{{- end -}} - -{{/* -Return the proper Storage Class -*/}} -{{- define "postgresql.storageClass" -}} -{{/* -Helm 2.11 supports the assignment of a value to a variable defined in a different scope, -but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic. -*/}} -{{- if .Values.global -}} - {{- if .Values.global.storageClass -}} - {{- if (eq "-" .Values.global.storageClass) -}} - {{- printf "storageClassName: \"\"" -}} - {{- else }} - {{- printf "storageClassName: %s" .Values.global.storageClass -}} - {{- end -}} - {{- else -}} - {{- if .Values.persistence.storageClass -}} - {{- if (eq "-" .Values.persistence.storageClass) -}} - {{- printf "storageClassName: \"\"" -}} - {{- else }} - {{- printf "storageClassName: %s" .Values.persistence.storageClass -}} - {{- end -}} - {{- end -}} - {{- end -}} -{{- else -}} - {{- if .Values.persistence.storageClass -}} - {{- if (eq "-" .Values.persistence.storageClass) -}} - {{- printf "storageClassName: \"\"" -}} - {{- else }} - {{- printf "storageClassName: %s" .Values.persistence.storageClass -}} - {{- end -}} - {{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Renders a value that contains template. -Usage: -{{ include "postgresql.tplValue" ( dict "value" .Values.path.to.the.Value "context" $) }} -*/}} -{{- define "postgresql.tplValue" -}} - {{- if typeIs "string" .value }} - {{- tpl .value .context }} - {{- else }} - {{- tpl (.value | toYaml) .context }} - {{- end }} -{{- end -}} - -{{/* -Return the appropriate apiVersion for statefulset. -*/}} -{{- define "postgresql.statefulset.apiVersion" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "apps/v1beta2" -}} -{{- else -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Compile all warnings into a single message, and call fail. -*/}} -{{- define "postgresql.validateValues" -}} -{{- $messages := list -}} -{{- $messages := append $messages (include "postgresql.validateValues.ldapConfigurationMethod" .) -}} -{{- $messages := without $messages "" -}} -{{- $message := join "\n" $messages -}} - -{{- if $message -}} -{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} -{{- end -}} -{{- end -}} - -{{/* -Validate values of Postgresql - If ldap.url is used then you don't need the other settings for ldap -*/}} -{{- define "postgresql.validateValues.ldapConfigurationMethod" -}} -{{- if and .Values.ldap.enabled (and (not (empty .Values.ldap.url)) (not (empty .Values.ldap.server))) }} -postgresql: ldap.url, ldap.server - You cannot set both `ldap.url` and `ldap.server` at the same time. - Please provide a unique way to configure LDAP. - More info at https://www.postgresql.org/docs/current/auth-ldap.html -{{- end -}} -{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/configmap.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/configmap.yaml deleted file mode 100755 index d2178c077..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/configmap.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{ if and (or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration) (not .Values.configurationConfigMap) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "postgresql.fullname" . }}-configuration - labels: - app: {{ template "postgresql.name" . }} - chart: {{ template "postgresql.chart" . }} - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} -data: -{{- if (.Files.Glob "files/postgresql.conf") }} -{{ (.Files.Glob "files/postgresql.conf").AsConfig | indent 2 }} -{{- else if .Values.postgresqlConfiguration }} - postgresql.conf: | -{{- range $key, $value := default dict .Values.postgresqlConfiguration }} - {{ $key | snakecase }}={{ $value }} -{{- end }} -{{- end }} -{{- if (.Files.Glob "files/pg_hba.conf") }} -{{ (.Files.Glob "files/pg_hba.conf").AsConfig | indent 2 }} -{{- else if .Values.pgHbaConfiguration }} - pg_hba.conf: | -{{ .Values.pgHbaConfiguration | indent 4 }} -{{- end }} -{{ end }} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/extended-config-configmap.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/extended-config-configmap.yaml deleted file mode 100755 index 8a4119578..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/extended-config-configmap.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if and (or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf) (not .Values.extendedConfConfigMap)}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "postgresql.fullname" . }}-extended-configuration - labels: - app: {{ template "postgresql.name" . }} - chart: {{ template "postgresql.chart" . }} - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} -data: -{{- with .Files.Glob "files/conf.d/*.conf" }} -{{ .AsConfig | indent 2 }} -{{- end }} -{{ with .Values.postgresqlExtendedConf }} - override.conf: | -{{- range $key, $value := . }} - {{ $key | snakecase }}={{ $value }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/initialization-configmap.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/initialization-configmap.yaml deleted file mode 100755 index 8eb5e0588..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/initialization-configmap.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if and (or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScripts) (not .Values.initdbScriptsConfigMap) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "postgresql.fullname" . }}-init-scripts - labels: - app: {{ template "postgresql.name" . }} - chart: {{ template "postgresql.chart" . }} - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} -{{- with .Files.Glob "files/docker-entrypoint-initdb.d/*.sql.gz" }} -binaryData: -{{- range $path, $bytes := . }} - {{ base $path }}: {{ $.Files.Get $path | b64enc | quote }} -{{- end }} -{{- end }} -data: -{{- with .Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql}" }} -{{ .AsConfig | indent 2 }} -{{- end }} -{{- with .Values.initdbScripts }} -{{ toYaml . | indent 2 }} -{{- end }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/metrics-configmap.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/metrics-configmap.yaml deleted file mode 100755 index 524aa2f6a..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/metrics-configmap.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if and .Values.metrics.enabled .Values.metrics.customMetrics }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "postgresql.metricsCM" . }} - labels: - app: {{ template "postgresql.name" . }} - chart: {{ template "postgresql.chart" . }} - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} -data: - custom-metrics.yaml: {{ toYaml .Values.metrics.customMetrics | quote }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/metrics-svc.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/metrics-svc.yaml deleted file mode 100755 index c610f09af..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/metrics-svc.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if .Values.metrics.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "postgresql.fullname" . }}-metrics - labels: - app: {{ template "postgresql.name" . }} - chart: {{ template "postgresql.chart" . }} - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} - annotations: -{{ toYaml .Values.metrics.service.annotations | indent 4 }} -spec: - type: {{ .Values.metrics.service.type }} - {{- if and (eq .Values.metrics.service.type "LoadBalancer") .Values.metrics.service.loadBalancerIP }} - loadBalancerIP: {{ .Values.metrics.service.loadBalancerIP }} - {{- end }} - ports: - - name: http-metrics - port: 9187 - targetPort: http-metrics - selector: - app: {{ template "postgresql.name" . }} - release: {{ .Release.Name }} - role: master -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/networkpolicy.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/networkpolicy.yaml deleted file mode 100755 index ea1fc9b3a..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/networkpolicy.yaml +++ /dev/null @@ -1,38 +0,0 @@ -{{- if .Values.networkPolicy.enabled }} -kind: NetworkPolicy -apiVersion: {{ template "postgresql.networkPolicy.apiVersion" . }} -metadata: - name: {{ template "postgresql.fullname" . }} - labels: - app: {{ template "postgresql.name" . }} - chart: {{ template "postgresql.chart" . }} - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} -spec: - podSelector: - matchLabels: - app: {{ template "postgresql.name" . }} - release: {{ .Release.Name | quote }} - ingress: - # Allow inbound connections - - ports: - - port: {{ template "postgresql.port" . }} - {{- if not .Values.networkPolicy.allowExternal }} - from: - - podSelector: - matchLabels: - {{ template "postgresql.fullname" . }}-client: "true" - {{- if .Values.networkPolicy.explicitNamespacesSelector }} - namespaceSelector: -{{ toYaml .Values.networkPolicy.explicitNamespacesSelector | indent 12 }} - {{- end }} - - podSelector: - matchLabels: - app: {{ template "postgresql.name" . }} - release: {{ .Release.Name | quote }} - role: slave - {{- end }} - # Allow prometheus scrapes - - ports: - - port: 9187 -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/prometheusrule.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/prometheusrule.yaml deleted file mode 100755 index 44f1242dd..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/prometheusrule.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ template "postgresql.fullname" . }} -{{- with .Values.metrics.prometheusRule.namespace }} - namespace: {{ . }} -{{- end }} - labels: - app: {{ template "postgresql.name" . }} - chart: {{ template "postgresql.chart" . }} - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} -{{- with .Values.metrics.prometheusRule.additionalLabels }} -{{ toYaml . | indent 4 }} -{{- end }} -spec: -{{- with .Values.metrics.prometheusRule.rules }} - groups: - - name: {{ template "postgresql.name" $ }} - rules: {{ tpl (toYaml .) $ | nindent 8 }} -{{- end }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/secrets.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/secrets.yaml deleted file mode 100755 index 094d18b49..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/secrets.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if (include "postgresql.createSecret" .) }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "postgresql.fullname" . }} - labels: - app: {{ template "postgresql.name" . }} - chart: {{ template "postgresql.chart" . }} - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} -type: Opaque -data: - {{- if and .Values.postgresqlPostgresPassword (not (eq .Values.postgresqlUsername "postgres")) }} - postgresql-postgres-password: {{ include "postgresql.postgres.password" . | b64enc | quote }} - {{- end }} - postgresql-password: {{ include "postgresql.password" . | b64enc | quote }} - {{- if .Values.replication.enabled }} - postgresql-replication-password: {{ include "postgresql.replication.password" . | b64enc | quote }} - {{- end }} - {{- if (and .Values.ldap.enabled .Values.ldap.bind_password)}} - postgresql-ldap-password: {{ .Values.ldap.bind_password | b64enc | quote }} - {{- end }} -{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/serviceaccount.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/serviceaccount.yaml deleted file mode 100755 index 27e5b516e..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/serviceaccount.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if and (.Values.serviceAccount.enabled) (not .Values.serviceAccount.name) }} -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app: {{ template "postgresql.name" . }} - chart: {{ template "postgresql.chart" . }} - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} - name: {{ template "postgresql.fullname" . }} -{{- end }} \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/servicemonitor.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/servicemonitor.yaml deleted file mode 100755 index f3a529a96..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/servicemonitor.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "postgresql.fullname" . }} - {{- if .Values.metrics.serviceMonitor.namespace }} - namespace: {{ .Values.metrics.serviceMonitor.namespace }} - {{- end }} - labels: - app: {{ template "postgresql.name" . }} - chart: {{ template "postgresql.chart" . }} - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} - {{- if .Values.metrics.serviceMonitor.additionalLabels }} -{{ toYaml .Values.metrics.serviceMonitor.additionalLabels | indent 4 }} - {{- end }} -spec: - endpoints: - - port: http-metrics - {{- if .Values.metrics.serviceMonitor.interval }} - interval: {{ .Values.metrics.serviceMonitor.interval }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} - {{- end }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} - selector: - matchLabels: - app: {{ template "postgresql.name" . }} - release: {{ .Release.Name }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/statefulset-slaves.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/statefulset-slaves.yaml deleted file mode 100755 index b6d607672..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/statefulset-slaves.yaml +++ /dev/null @@ -1,299 +0,0 @@ -{{- if .Values.replication.enabled }} -apiVersion: {{ template "postgresql.statefulset.apiVersion" . }} -kind: StatefulSet -metadata: - name: "{{ template "postgresql.fullname" . }}-slave" - labels: - app: {{ template "postgresql.name" . }} - chart: {{ template "postgresql.chart" . }} - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} -{{- with .Values.slave.labels }} -{{ toYaml . | indent 4 }} -{{- end }} -{{- with .Values.slave.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} -spec: - serviceName: {{ template "postgresql.fullname" . }}-headless - replicas: {{ .Values.replication.slaveReplicas }} - selector: - matchLabels: - app: {{ template "postgresql.name" . }} - release: {{ .Release.Name | quote }} - role: slave - template: - metadata: - name: {{ template "postgresql.fullname" . }} - labels: - app: {{ template "postgresql.name" . }} - chart: {{ template "postgresql.chart" . }} - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} - role: slave -{{- with .Values.slave.podLabels }} -{{ toYaml . | indent 8 }} -{{- end }} -{{- with .Values.slave.podAnnotations }} - annotations: -{{ toYaml . | indent 8 }} -{{- end }} - spec: - {{- if .Values.schedulerName }} - schedulerName: "{{ .Values.schedulerName }}" - {{- end }} -{{- include "postgresql.imagePullSecrets" . | indent 6 }} - {{- if .Values.slave.nodeSelector }} - nodeSelector: -{{ toYaml .Values.slave.nodeSelector | indent 8 }} - {{- end }} - {{- if .Values.slave.affinity }} - affinity: -{{ toYaml .Values.slave.affinity | indent 8 }} - {{- end }} - {{- if .Values.slave.tolerations }} - tolerations: -{{ toYaml .Values.slave.tolerations | indent 8 }} - {{- end }} - {{- if .Values.terminationGracePeriodSeconds }} - terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} - {{- end }} - {{- if .Values.securityContext.enabled }} - securityContext: - fsGroup: {{ .Values.securityContext.fsGroup }} - {{- end }} - {{- if .Values.serviceAccount.enabled }} - serviceAccountName: {{ default (include "postgresql.fullname" . ) .Values.serviceAccount.name}} - {{- end }} - {{- if or .Values.slave.extraInitContainers (and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled))) }} - initContainers: - {{- if and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled)) }} - - name: init-chmod-data - image: {{ template "postgresql.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- end }} - command: - - /bin/sh - - -cx - - | - {{ if .Values.persistence.enabled }} - mkdir -p {{ .Values.persistence.mountPath }}/conf {{ .Values.persistence.mountPath }}/data - chmod 700 {{ .Values.persistence.mountPath }}/conf {{ .Values.persistence.mountPath }}/data - find {{ .Values.persistence.mountPath }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | \ - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - xargs chown -R `id -u`:`id -G | cut -d " " -f2` - {{- else }} - xargs chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} - {{- end }} - {{- end }} - {{- if and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled }} - chmod -R 777 /dev/shm - {{- end }} - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - securityContext: - {{- else }} - securityContext: - runAsUser: {{ .Values.volumePermissions.securityContext.runAsUser }} - {{- end }} - volumeMounts: - {{ if .Values.persistence.enabled }} - - name: data - mountPath: {{ .Values.persistence.mountPath }} - subPath: {{ .Values.persistence.subPath }} - {{- end }} - {{- if .Values.shmVolume.enabled }} - - name: dshm - mountPath: /dev/shm - {{- end }} - {{- end }} - {{- if .Values.slave.extraInitContainers }} -{{ tpl .Values.slave.extraInitContainers . | indent 8 }} - {{- end }} - {{- end }} - {{- if .Values.slave.priorityClassName }} - priorityClassName: {{ .Values.slave.priorityClassName }} - {{- end }} - containers: - - name: {{ template "postgresql.fullname" . }} - image: {{ template "postgresql.image" . }} - imagePullPolicy: "{{ .Values.image.pullPolicy }}" - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- end }} - {{- if .Values.securityContext.enabled }} - securityContext: - runAsUser: {{ .Values.securityContext.runAsUser }} - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" .Values.image.debug | quote }} - - name: POSTGRESQL_VOLUME_DIR - value: "{{ .Values.persistence.mountPath }}" - - name: POSTGRESQL_PORT_NUMBER - value: "{{ template "postgresql.port" . }}" - {{- if .Values.persistence.mountPath }} - - name: PGDATA - value: {{ .Values.postgresqlDataDir | quote }} - {{- end }} - - name: POSTGRES_REPLICATION_MODE - value: "slave" - - name: POSTGRES_REPLICATION_USER - value: {{ include "postgresql.replication.username" . | quote }} - {{- if .Values.usePasswordFile }} - - name: POSTGRES_REPLICATION_PASSWORD_FILE - value: "/opt/bitnami/postgresql/secrets/postgresql-replication-password" - {{- else }} - - name: POSTGRES_REPLICATION_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "postgresql.secretName" . }} - key: postgresql-replication-password - {{- end }} - - name: POSTGRES_CLUSTER_APP_NAME - value: {{ .Values.replication.applicationName }} - - name: POSTGRES_MASTER_HOST - value: {{ template "postgresql.fullname" . }} - - name: POSTGRES_MASTER_PORT_NUMBER - value: {{ include "postgresql.port" . | quote }} - {{- if and .Values.postgresqlPostgresPassword (not (eq .Values.postgresqlUsername "postgres")) }} - {{- if .Values.usePasswordFile }} - - name: POSTGRES_POSTGRES_PASSWORD_FILE - value: "/opt/bitnami/postgresql/secrets/postgresql-postgres-password" - {{- else }} - - name: POSTGRES_POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "postgresql.secretName" . }} - key: postgresql-postgres-password - {{- end }} - {{- end }} - {{- if .Values.usePasswordFile }} - - name: POSTGRES_PASSWORD_FILE - value: "/opt/bitnami/postgresql/secrets/postgresql-password" - {{- else }} - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "postgresql.secretName" . }} - key: postgresql-password - {{- end }} - ports: - - name: tcp-postgresql - containerPort: {{ template "postgresql.port" . }} - {{- if .Values.livenessProbe.enabled }} - livenessProbe: - exec: - command: - - /bin/sh - - -c - {{- if (include "postgresql.database" .) }} - - exec pg_isready -U {{ include "postgresql.username" . | quote }} -d {{ (include "postgresql.database" .) | quote }} -h 127.0.0.1 -p {{ template "postgresql.port" . }} - {{- else }} - - exec pg_isready -U {{ include "postgresql.username" . | quote }} -h 127.0.0.1 -p {{ template "postgresql.port" . }} - {{- end }} - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.livenessProbe.failureThreshold }} - {{- end }} - {{- if .Values.readinessProbe.enabled }} - readinessProbe: - exec: - command: - - /bin/sh - - -c - - -e - {{- include "postgresql.readinessProbeCommand" . | nindent 16 }} - initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.readinessProbe.failureThreshold }} - {{- end }} - volumeMounts: - {{- if .Values.usePasswordFile }} - - name: postgresql-password - mountPath: /opt/bitnami/postgresql/secrets/ - {{- end }} - {{- if .Values.shmVolume.enabled }} - - name: dshm - mountPath: /dev/shm - {{- end }} - {{- if .Values.persistence.enabled }} - - name: data - mountPath: {{ .Values.persistence.mountPath }} - subPath: {{ .Values.persistence.subPath }} - {{ end }} - {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }} - - name: postgresql-extended-config - mountPath: /bitnami/postgresql/conf/conf.d/ - {{- end }} - {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap }} - - name: postgresql-config - mountPath: /bitnami/postgresql/conf - {{- end }} - {{- if .Values.slave.extraVolumeMounts }} - {{- toYaml .Values.slave.extraVolumeMounts | nindent 12 }} - {{- end }} -{{- if .Values.slave.sidecars }} -{{- include "postgresql.tplValue" ( dict "value" .Values.slave.sidecars "context" $ ) | nindent 8 }} -{{- end }} - volumes: - {{- if .Values.usePasswordFile }} - - name: postgresql-password - secret: - secretName: {{ template "postgresql.secretName" . }} - {{- end }} - {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap}} - - name: postgresql-config - configMap: - name: {{ template "postgresql.configurationCM" . }} - {{- end }} - {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }} - - name: postgresql-extended-config - configMap: - name: {{ template "postgresql.extendedConfigurationCM" . }} - {{- end }} - {{- if .Values.shmVolume.enabled }} - - name: dshm - emptyDir: - medium: Memory - sizeLimit: 1Gi - {{- end }} - {{- if not .Values.persistence.enabled }} - - name: data - emptyDir: {} - {{- end }} - {{- if .Values.slave.extraVolumes }} - {{- toYaml .Values.slave.extraVolumes | nindent 8 }} - {{- end }} - updateStrategy: - type: {{ .Values.updateStrategy.type }} - {{- if (eq "Recreate" .Values.updateStrategy.type) }} - rollingUpdate: null - {{- end }} -{{- if .Values.persistence.enabled }} - volumeClaimTemplates: - - metadata: - name: data - {{- with .Values.persistence.annotations }} - annotations: - {{- range $key, $value := . }} - {{ $key }}: {{ $value }} - {{- end }} - {{- end }} - spec: - accessModes: - {{- range .Values.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - {{ include "postgresql.storageClass" . }} -{{- end }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/statefulset.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/statefulset.yaml deleted file mode 100755 index 66eaa01d1..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/statefulset.yaml +++ /dev/null @@ -1,453 +0,0 @@ -apiVersion: {{ template "postgresql.statefulset.apiVersion" . }} -kind: StatefulSet -metadata: - name: {{ template "postgresql.master.fullname" . }} - labels: - app: {{ template "postgresql.name" . }} - chart: {{ template "postgresql.chart" . }} - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} - {{- with .Values.master.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- with .Values.master.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} -spec: - serviceName: {{ template "postgresql.fullname" . }}-headless - replicas: 1 - updateStrategy: - type: {{ .Values.updateStrategy.type }} - {{- if (eq "Recreate" .Values.updateStrategy.type) }} - rollingUpdate: null - {{- end }} - selector: - matchLabels: - app: {{ template "postgresql.name" . }} - release: {{ .Release.Name | quote }} - role: master - template: - metadata: - name: {{ template "postgresql.fullname" . }} - labels: - app: {{ template "postgresql.name" . }} - chart: {{ template "postgresql.chart" . }} - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} - role: master - {{- with .Values.master.podLabels }} - {{- toYaml . | indent 8 }} - {{- end }} - {{- with .Values.master.podAnnotations }} - annotations: {{- toYaml . | nindent 8 }} - {{- end }} - spec: - {{- if .Values.schedulerName }} - schedulerName: "{{ .Values.schedulerName }}" - {{- end }} -{{- include "postgresql.imagePullSecrets" . | indent 6 }} - {{- if .Values.master.nodeSelector }} - nodeSelector: {{- toYaml .Values.master.nodeSelector | nindent 8 }} - {{- end }} - {{- if .Values.master.affinity }} - affinity: {{- toYaml .Values.master.affinity | nindent 8 }} - {{- end }} - {{- if .Values.master.tolerations }} - tolerations: {{- toYaml .Values.master.tolerations | nindent 8 }} - {{- end }} - {{- if .Values.terminationGracePeriodSeconds }} - terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} - {{- end }} - {{- if .Values.securityContext.enabled }} - securityContext: - fsGroup: {{ .Values.securityContext.fsGroup }} - {{- end }} - {{- if .Values.serviceAccount.enabled }} - serviceAccountName: {{ default (include "postgresql.fullname" . ) .Values.serviceAccount.name }} - {{- end }} - {{- if or .Values.master.extraInitContainers (and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled))) }} - initContainers: - {{- if and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled)) }} - - name: init-chmod-data - image: {{ template "postgresql.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- end }} - command: - - /bin/sh - - -cx - - | - {{- if .Values.persistence.enabled }} - mkdir -p {{ .Values.persistence.mountPath }}/conf {{ .Values.persistence.mountPath }}/data - chmod 700 {{ .Values.persistence.mountPath }}/conf {{ .Values.persistence.mountPath }}/data - find {{ .Values.persistence.mountPath }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | \ - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - xargs chown -R `id -u`:`id -G | cut -d " " -f2` - {{- else }} - xargs chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} - {{- end }} - {{- end }} - {{- if and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled }} - chmod -R 777 /dev/shm - {{- end }} - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - securityContext: - {{- else }} - securityContext: - runAsUser: {{ .Values.volumePermissions.securityContext.runAsUser }} - {{- end }} - volumeMounts: - {{- if .Values.persistence.enabled }} - - name: data - mountPath: {{ .Values.persistence.mountPath }} - subPath: {{ .Values.persistence.subPath }} - {{- end }} - {{- if .Values.shmVolume.enabled }} - - name: dshm - mountPath: /dev/shm - {{- end }} - {{- end }} - {{- if .Values.master.extraInitContainers }} - {{- tpl .Values.master.extraInitContainers . | nindent 8 }} - {{- end }} - {{- end }} - {{- if .Values.master.priorityClassName }} - priorityClassName: {{ .Values.master.priorityClassName }} - {{- end }} - containers: - - name: {{ template "postgresql.fullname" . }} - image: {{ template "postgresql.image" . }} - imagePullPolicy: "{{ .Values.image.pullPolicy }}" - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- end }} - {{- if .Values.securityContext.enabled }} - securityContext: - runAsUser: {{ .Values.securityContext.runAsUser }} - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" .Values.image.debug | quote }} - - name: POSTGRESQL_PORT_NUMBER - value: "{{ template "postgresql.port" . }}" - - name: POSTGRESQL_VOLUME_DIR - value: "{{ .Values.persistence.mountPath }}" - {{- if .Values.postgresqlInitdbArgs }} - - name: POSTGRES_INITDB_ARGS - value: {{ .Values.postgresqlInitdbArgs | quote }} - {{- end }} - {{- if .Values.postgresqlInitdbWalDir }} - - name: POSTGRES_INITDB_WALDIR - value: {{ .Values.postgresqlInitdbWalDir | quote }} - {{- end }} - {{- if .Values.initdbUser }} - - name: POSTGRESQL_INITSCRIPTS_USERNAME - value: {{ .Values.initdbUser }} - {{- end }} - {{- if .Values.initdbPassword }} - - name: POSTGRESQL_INITSCRIPTS_PASSWORD - value: {{ .Values.initdbPassword }} - {{- end }} - {{- if .Values.persistence.mountPath }} - - name: PGDATA - value: {{ .Values.postgresqlDataDir | quote }} - {{- end }} - {{- if .Values.replication.enabled }} - - name: POSTGRES_REPLICATION_MODE - value: "master" - - name: POSTGRES_REPLICATION_USER - value: {{ include "postgresql.replication.username" . | quote }} - {{- if .Values.usePasswordFile }} - - name: POSTGRES_REPLICATION_PASSWORD_FILE - value: "/opt/bitnami/postgresql/secrets/postgresql-replication-password" - {{- else }} - - name: POSTGRES_REPLICATION_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "postgresql.secretName" . }} - key: postgresql-replication-password - {{- end }} - {{- if not (eq .Values.replication.synchronousCommit "off")}} - - name: POSTGRES_SYNCHRONOUS_COMMIT_MODE - value: {{ .Values.replication.synchronousCommit | quote }} - - name: POSTGRES_NUM_SYNCHRONOUS_REPLICAS - value: {{ .Values.replication.numSynchronousReplicas | quote }} - {{- end }} - - name: POSTGRES_CLUSTER_APP_NAME - value: {{ .Values.replication.applicationName }} - {{- end }} - {{- if and .Values.postgresqlPostgresPassword (not (eq .Values.postgresqlUsername "postgres")) }} - {{- if .Values.usePasswordFile }} - - name: POSTGRES_POSTGRES_PASSWORD_FILE - value: "/opt/bitnami/postgresql/secrets/postgresql-postgres-password" - {{- else }} - - name: POSTGRES_POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "postgresql.secretName" . }} - key: postgresql-postgres-password - {{- end }} - {{- end }} - - name: POSTGRES_USER - value: {{ include "postgresql.username" . | quote }} - {{- if .Values.usePasswordFile }} - - name: POSTGRES_PASSWORD_FILE - value: "/opt/bitnami/postgresql/secrets/postgresql-password" - {{- else }} - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "postgresql.secretName" . }} - key: postgresql-password - {{- end }} - {{- if (include "postgresql.database" .) }} - - name: POSTGRES_DB - value: {{ (include "postgresql.database" .) | quote }} - {{- end }} - {{- if .Values.extraEnv }} - {{- include "postgresql.tplValue" (dict "value" .Values.extraEnv "context" $) | nindent 12 }} - {{- end }} - - name: POSTGRESQL_ENABLE_LDAP - value: {{ ternary "yes" "no" .Values.ldap.enabled | quote }} - {{- if .Values.ldap.enabled }} - - name: POSTGRESQL_LDAP_SERVER - value: {{ .Values.ldap.server }} - - name: POSTGRESQL_LDAP_PORT - value: {{ .Values.ldap.port | quote }} - - name: POSTGRESQL_LDAP_SCHEME - value: {{ .Values.ldap.scheme }} - {{- if .Values.ldap.tls }} - - name: POSTGRESQL_LDAP_TLS - value: "1" - {{- end}} - - name: POSTGRESQL_LDAP_PREFIX - value: {{ .Values.ldap.prefix | quote }} - - name: POSTGRESQL_LDAP_SUFFIX - value: {{ .Values.ldap.suffix | quote}} - - name: POSTGRESQL_LDAP_BASE_DN - value: {{ .Values.ldap.baseDN }} - - name: POSTGRESQL_LDAP_BIND_DN - value: {{ .Values.ldap.bindDN }} - {{- if (not (empty .Values.ldap.bind_password)) }} - - name: POSTGRESQL_LDAP_BIND_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "postgresql.secretName" . }} - key: postgresql-ldap-password - {{- end}} - - name: POSTGRESQL_LDAP_SEARCH_ATTR - value: {{ .Values.ldap.search_attr }} - - name: POSTGRESQL_LDAP_SEARCH_FILTER - value: {{ .Values.ldap.search_filter }} - - name: POSTGRESQL_LDAP_URL - value: {{ .Values.ldap.url }} - {{- end}} - {{- if .Values.extraEnvVarsCM }} - envFrom: - - configMapRef: - name: {{ tpl .Values.extraEnvVarsCM . }} - {{- end }} - ports: - - name: tcp-postgresql - containerPort: {{ template "postgresql.port" . }} - {{- if .Values.livenessProbe.enabled }} - livenessProbe: - exec: - command: - - /bin/sh - - -c - {{- if (include "postgresql.database" .) }} - - exec pg_isready -U {{ include "postgresql.username" . | quote }} -d {{ (include "postgresql.database" .) | quote }} -h 127.0.0.1 -p {{ template "postgresql.port" . }} - {{- else }} - - exec pg_isready -U {{ include "postgresql.username" . | quote }} -h 127.0.0.1 -p {{ template "postgresql.port" . }} - {{- end }} - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.livenessProbe.failureThreshold }} - {{- end }} - {{- if .Values.readinessProbe.enabled }} - readinessProbe: - exec: - command: - - /bin/sh - - -c - - -e - {{- include "postgresql.readinessProbeCommand" . | nindent 16 }} - initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.readinessProbe.failureThreshold }} - {{- end }} - volumeMounts: - {{- if or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScriptsConfigMap .Values.initdbScripts }} - - name: custom-init-scripts - mountPath: /docker-entrypoint-initdb.d/ - {{- end }} - {{- if .Values.initdbScriptsSecret }} - - name: custom-init-scripts-secret - mountPath: /docker-entrypoint-initdb.d/secret - {{- end }} - {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }} - - name: postgresql-extended-config - mountPath: /bitnami/postgresql/conf/conf.d/ - {{- end }} - {{- if .Values.usePasswordFile }} - - name: postgresql-password - mountPath: /opt/bitnami/postgresql/secrets/ - {{- end }} - {{- if .Values.shmVolume.enabled }} - - name: dshm - mountPath: /dev/shm - {{- end }} - {{- if .Values.persistence.enabled }} - - name: data - mountPath: {{ .Values.persistence.mountPath }} - subPath: {{ .Values.persistence.subPath }} - {{- end }} - {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap }} - - name: postgresql-config - mountPath: /bitnami/postgresql/conf - {{- end }} - {{- if .Values.master.extraVolumeMounts }} - {{- toYaml .Values.master.extraVolumeMounts | nindent 12 }} - {{- end }} -{{- if .Values.master.sidecars }} -{{- include "postgresql.tplValue" ( dict "value" .Values.master.sidecars "context" $ ) | nindent 8 }} -{{- end }} -{{- if .Values.metrics.enabled }} - - name: metrics - image: {{ template "postgresql.metrics.image" . }} - imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} - {{- if .Values.metrics.securityContext.enabled }} - securityContext: - runAsUser: {{ .Values.metrics.securityContext.runAsUser }} - {{- end }} - env: - {{- $database := required "In order to enable metrics you need to specify a database (.Values.postgresqlDatabase or .Values.global.postgresql.postgresqlDatabase)" (include "postgresql.database" .) }} - - name: DATA_SOURCE_URI - value: {{ printf "127.0.0.1:%d/%s?sslmode=disable" (int (include "postgresql.port" .)) $database | quote }} - {{- if .Values.usePasswordFile }} - - name: DATA_SOURCE_PASS_FILE - value: "/opt/bitnami/postgresql/secrets/postgresql-password" - {{- else }} - - name: DATA_SOURCE_PASS - valueFrom: - secretKeyRef: - name: {{ template "postgresql.secretName" . }} - key: postgresql-password - {{- end }} - - name: DATA_SOURCE_USER - value: {{ template "postgresql.username" . }} - {{- if .Values.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: / - port: http-metrics - initialDelaySeconds: {{ .Values.metrics.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.metrics.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.metrics.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.metrics.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.metrics.livenessProbe.failureThreshold }} - {{- end }} - {{- if .Values.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: / - port: http-metrics - initialDelaySeconds: {{ .Values.metrics.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.metrics.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.metrics.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.metrics.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.metrics.readinessProbe.failureThreshold }} - {{- end }} - volumeMounts: - {{- if .Values.usePasswordFile }} - - name: postgresql-password - mountPath: /opt/bitnami/postgresql/secrets/ - {{- end }} - {{- if .Values.metrics.customMetrics }} - - name: custom-metrics - mountPath: /conf - readOnly: true - args: ["--extend.query-path", "/conf/custom-metrics.yaml"] - {{- end }} - ports: - - name: http-metrics - containerPort: 9187 - {{- if .Values.metrics.resources }} - resources: {{- toYaml .Values.metrics.resources | nindent 12 }} - {{- end }} -{{- end }} - volumes: - {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap}} - - name: postgresql-config - configMap: - name: {{ template "postgresql.configurationCM" . }} - {{- end }} - {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }} - - name: postgresql-extended-config - configMap: - name: {{ template "postgresql.extendedConfigurationCM" . }} - {{- end }} - {{- if .Values.usePasswordFile }} - - name: postgresql-password - secret: - secretName: {{ template "postgresql.secretName" . }} - {{- end }} - {{- if or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScriptsConfigMap .Values.initdbScripts }} - - name: custom-init-scripts - configMap: - name: {{ template "postgresql.initdbScriptsCM" . }} - {{- end }} - {{- if .Values.initdbScriptsSecret }} - - name: custom-init-scripts-secret - secret: - secretName: {{ template "postgresql.initdbScriptsSecret" . }} - {{- end }} - {{- if .Values.master.extraVolumes }} - {{- toYaml .Values.master.extraVolumes | nindent 8 }} - {{- end }} - {{- if and .Values.metrics.enabled .Values.metrics.customMetrics }} - - name: custom-metrics - configMap: - name: {{ template "postgresql.metricsCM" . }} - {{- end }} - {{- if .Values.shmVolume.enabled }} - - name: dshm - emptyDir: - medium: Memory - sizeLimit: 1Gi - {{- end }} -{{- if and .Values.persistence.enabled .Values.persistence.existingClaim }} - - name: data - persistentVolumeClaim: -{{- with .Values.persistence.existingClaim }} - claimName: {{ tpl . $ }} -{{- end }} -{{- else if not .Values.persistence.enabled }} - - name: data - emptyDir: {} -{{- else if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} - volumeClaimTemplates: - - metadata: - name: data - {{- with .Values.persistence.annotations }} - annotations: - {{- range $key, $value := . }} - {{ $key }}: {{ $value }} - {{- end }} - {{- end }} - spec: - accessModes: - {{- range .Values.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - {{ include "postgresql.storageClass" . }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/svc-headless.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/svc-headless.yaml deleted file mode 100755 index 5c71f468d..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/svc-headless.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "postgresql.fullname" . }}-headless - labels: - app: {{ template "postgresql.name" . }} - chart: {{ template "postgresql.chart" . }} - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} -spec: - type: ClusterIP - clusterIP: None - ports: - - name: tcp-postgresql - port: {{ template "postgresql.port" . }} - targetPort: tcp-postgresql - selector: - app: {{ template "postgresql.name" . }} - release: {{ .Release.Name | quote }} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/svc-read.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/svc-read.yaml deleted file mode 100755 index 92bdda80e..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/svc-read.yaml +++ /dev/null @@ -1,42 +0,0 @@ -{{- if .Values.replication.enabled }} -{{- $serviceAnnotations := coalesce .Values.slave.service.annotations .Values.service.annotations -}} -{{- $serviceType := coalesce .Values.slave.service.type .Values.service.type -}} -{{- $serviceLoadBalancerIP := coalesce .Values.slave.service.loadBalancerIP .Values.service.loadBalancerIP -}} -{{- $serviceLoadBalancerSourceRanges := coalesce .Values.slave.service.loadBalancerSourceRanges .Values.service.loadBalancerSourceRanges -}} -{{- $serviceClusterIP := coalesce .Values.slave.service.clusterIP .Values.service.clusterIP -}} -{{- $serviceNodePort := coalesce .Values.slave.service.nodePort .Values.service.nodePort -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "postgresql.fullname" . }}-read - labels: - app: {{ template "postgresql.name" . }} - chart: {{ template "postgresql.chart" . }} - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} - {{- if $serviceAnnotations }} - annotations: {{- include "postgresql.tplValue" (dict "value" $serviceAnnotations "context" $) | nindent 4 }} - {{- end }} -spec: - type: {{ $serviceType }} - {{- if and $serviceLoadBalancerIP (eq $serviceType "LoadBalancer") }} - loadBalancerIP: {{ $serviceLoadBalancerIP }} - {{- end }} - {{- if and (eq $serviceType "LoadBalancer") $serviceLoadBalancerSourceRanges }} - loadBalancerSourceRanges: {{- include "postgresql.tplValue" (dict "value" $serviceLoadBalancerSourceRanges "context" $) | nindent 4 }} - {{- end }} - {{- if and (eq $serviceType "ClusterIP") $serviceClusterIP }} - clusterIP: {{ $serviceClusterIP }} - {{- end }} - ports: - - name: tcp-postgresql - port: {{ template "postgresql.port" . }} - targetPort: tcp-postgresql - {{- if $serviceNodePort }} - nodePort: {{ $serviceNodePort }} - {{- end }} - selector: - app: {{ template "postgresql.name" . }} - release: {{ .Release.Name | quote }} - role: slave -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/svc.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/svc.yaml deleted file mode 100755 index 299e8d0b7..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/svc.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- $serviceAnnotations := coalesce .Values.master.service.annotations .Values.service.annotations -}} -{{- $serviceType := coalesce .Values.master.service.type .Values.service.type -}} -{{- $serviceLoadBalancerIP := coalesce .Values.master.service.loadBalancerIP .Values.service.loadBalancerIP -}} -{{- $serviceLoadBalancerSourceRanges := coalesce .Values.master.service.loadBalancerSourceRanges .Values.service.loadBalancerSourceRanges -}} -{{- $serviceClusterIP := coalesce .Values.master.service.clusterIP .Values.service.clusterIP -}} -{{- $serviceNodePort := coalesce .Values.master.service.nodePort .Values.service.nodePort -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "postgresql.fullname" . }} - labels: - app: {{ template "postgresql.name" . }} - chart: {{ template "postgresql.chart" . }} - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} - {{- if $serviceAnnotations }} - annotations: {{- include "postgresql.tplValue" (dict "value" $serviceAnnotations "context" $) | nindent 4 }} - {{- end }} -spec: - type: {{ $serviceType }} - {{- if and $serviceLoadBalancerIP (eq $serviceType "LoadBalancer") }} - loadBalancerIP: {{ $serviceLoadBalancerIP }} - {{- end }} - {{- if and (eq $serviceType "LoadBalancer") $serviceLoadBalancerSourceRanges }} - loadBalancerSourceRanges: {{- include "postgresql.tplValue" (dict "value" $serviceLoadBalancerSourceRanges "context" $) | nindent 4 }} - {{- end }} - {{- if and (eq $serviceType "ClusterIP") $serviceClusterIP }} - clusterIP: {{ $serviceClusterIP }} - {{- end }} - ports: - - name: tcp-postgresql - port: {{ template "postgresql.port" . }} - targetPort: tcp-postgresql - {{- if $serviceNodePort }} - nodePort: {{ $serviceNodePort }} - {{- end }} - selector: - app: {{ template "postgresql.name" . }} - release: {{ .Release.Name | quote }} - role: master diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/values-production.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/values-production.yaml deleted file mode 100755 index d34e326ee..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/values-production.yaml +++ /dev/null @@ -1,542 +0,0 @@ -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry and imagePullSecrets -## -global: - postgresql: {} -# imageRegistry: myRegistryName -# imagePullSecrets: -# - myRegistryKeySecretName -# storageClass: myStorageClass - -## Bitnami PostgreSQL image version -## ref: https://hub.docker.com/r/bitnami/postgresql/tags/ -## -image: - registry: docker.io - repository: bitnami/postgresql - tag: 11.7.0-debian-10-r65 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - - ## Set to true if you would like to see extra information on logs - ## It turns BASH and NAMI debugging in minideb - ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging - debug: false - -## String to partially override postgresql.fullname template (will maintain the release name) -## -# nameOverride: - -## String to fully override postgresql.fullname template -## -# fullnameOverride: - -## -## Init containers parameters: -## volumePermissions: Change the owner of the persist volume mountpoint to RunAsUser:fsGroup -## -volumePermissions: - enabled: false - image: - registry: docker.io - repository: bitnami/minideb - tag: buster - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: Always - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - ## Init container Security Context - ## Note: the chown of the data folder is done to securityContext.runAsUser - ## and not the below volumePermissions.securityContext.runAsUser - ## When runAsUser is set to special value "auto", init container will try to chwon the - ## data folder to autodetermined user&group, using commands: `id -u`:`id -G | cut -d" " -f2` - ## "auto" is especially useful for OpenShift which has scc with dynamic userids (and 0 is not allowed). - ## You may want to use this volumePermissions.securityContext.runAsUser="auto" in combination with - ## pod securityContext.enabled=false and shmVolume.chmod.enabled=false - ## - securityContext: - runAsUser: 0 - -## Use an alternate scheduler, e.g. "stork". -## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ -## -# schedulerName: - -## Pod Security Context -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ -## -securityContext: - enabled: true - fsGroup: 1001 - runAsUser: 1001 - -## Pod Service Account -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ -serviceAccount: - enabled: false - ## Name of an already existing service account. Setting this value disables the automatic service account creation. - # name: - -replication: - enabled: true - user: repl_user - password: repl_password - slaveReplicas: 2 - ## Set synchronous commit mode: on, off, remote_apply, remote_write and local - ## ref: https://www.postgresql.org/docs/9.6/runtime-config-wal.html#GUC-WAL-LEVEL - synchronousCommit: "on" - ## From the number of `slaveReplicas` defined above, set the number of those that will have synchronous replication - ## NOTE: It cannot be > slaveReplicas - numSynchronousReplicas: 1 - ## Replication Cluster application name. Useful for defining multiple replication policies - applicationName: my_application - -## PostgreSQL admin password (used when `postgresqlUsername` is not `postgres`) -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-user-on-first-run (see note!) -# postgresqlPostgresPassword: - -## PostgreSQL user (has superuser privileges if username is `postgres`) -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run -postgresqlUsername: postgres - -## PostgreSQL password -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run -## -# postgresqlPassword: - -## PostgreSQL password using existing secret -## existingSecret: secret - -## Mount PostgreSQL secret as a file instead of passing environment variable -# usePasswordFile: false - -## Create a database -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-on-first-run -## -# postgresqlDatabase: - -## PostgreSQL data dir -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md -## -postgresqlDataDir: /bitnami/postgresql/data - -## An array to add extra environment variables -## For example: -## extraEnv: -## - name: FOO -## value: "bar" -## -# extraEnv: -extraEnv: [] - -## Name of a ConfigMap containing extra env vars -## -# extraEnvVarsCM: - -## Specify extra initdb args -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md -## -# postgresqlInitdbArgs: - -## Specify a custom location for the PostgreSQL transaction log -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md -## -# postgresqlInitdbWalDir: - -## PostgreSQL configuration -## Specify runtime configuration parameters as a dict, using camelCase, e.g. -## {"sharedBuffers": "500MB"} -## Alternatively, you can put your postgresql.conf under the files/ directory -## ref: https://www.postgresql.org/docs/current/static/runtime-config.html -## -# postgresqlConfiguration: - -## PostgreSQL extended configuration -## As above, but _appended_ to the main configuration -## Alternatively, you can put your *.conf under the files/conf.d/ directory -## https://github.com/bitnami/bitnami-docker-postgresql#allow-settings-to-be-loaded-from-files-other-than-the-default-postgresqlconf -## -# postgresqlExtendedConf: - -## PostgreSQL client authentication configuration -## Specify content for pg_hba.conf -## Default: do not create pg_hba.conf -## Alternatively, you can put your pg_hba.conf under the files/ directory -# pgHbaConfiguration: |- -# local all all trust -# host all all localhost trust -# host mydatabase mysuser 192.168.0.0/24 md5 - -## ConfigMap with PostgreSQL configuration -## NOTE: This will override postgresqlConfiguration and pgHbaConfiguration -# configurationConfigMap: - -## ConfigMap with PostgreSQL extended configuration -# extendedConfConfigMap: - -## initdb scripts -## Specify dictionary of scripts to be run at first boot -## Alternatively, you can put your scripts under the files/docker-entrypoint-initdb.d directory -## -# initdbScripts: -# my_init_script.sh: | -# #!/bin/sh -# echo "Do something." - -## Specify the PostgreSQL username and password to execute the initdb scripts -# initdbUser: -# initdbPassword: - -## ConfigMap with scripts to be run at first boot -## NOTE: This will override initdbScripts -# initdbScriptsConfigMap: - -## Secret with scripts to be run at first boot (in case it contains sensitive information) -## NOTE: This can work along initdbScripts or initdbScriptsConfigMap -# initdbScriptsSecret: - -## Optional duration in seconds the pod needs to terminate gracefully. -## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods -## -# terminationGracePeriodSeconds: 30 - -## LDAP configuration -## -ldap: - enabled: false - url: "" - server: "" - port: "" - prefix: "" - suffix: "" - baseDN: "" - bindDN: "" - bind_password: - search_attr: "" - search_filter: "" - scheme: "" - tls: false - -## PostgreSQL service configuration -service: - ## PosgresSQL service type - type: ClusterIP - # clusterIP: None - port: 5432 - - ## Specify the nodePort value for the LoadBalancer and NodePort service types. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## - # nodePort: - - ## Provide any additional annotations which may be required. Evaluated as a template. - ## - annotations: {} - ## Set the LoadBalancer service type to internal only. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - # loadBalancerIP: - - ## Load Balancer sources. Evaluated as a template. - ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## - # loadBalancerSourceRanges: - # - 10.10.10.0/24 - -## Start master and slave(s) pod(s) without limitations on shm memory. -## By default docker and containerd (and possibly other container runtimes) -## limit `/dev/shm` to `64M` (see e.g. the -## [docker issue](https://github.com/docker-library/postgres/issues/416) and the -## [containerd issue](https://github.com/containerd/containerd/issues/3654), -## which could be not enough if PostgreSQL uses parallel workers heavily. -## -shmVolume: - ## Set `shmVolume.enabled` to `true` to mount a new tmpfs volume to remove - ## this limitation. - ## - enabled: true - ## Set to `true` to `chmod 777 /dev/shm` on a initContainer. - ## This option is ingored if `volumePermissions.enabled` is `false` - ## - chmod: - enabled: true - -## PostgreSQL data Persistent Volume Storage Class -## If defined, storageClassName: -## If set to "-", storageClassName: "", which disables dynamic provisioning -## If undefined (the default) or set to null, no storageClassName spec is -## set, choosing the default provisioner. (gp2 on AWS, standard on -## GKE, AWS & OpenStack) -## -persistence: - enabled: true - ## A manually managed Persistent Volume and Claim - ## If defined, PVC must be created manually before volume will be bound - ## The value is evaluated as a template, so, for example, the name can depend on .Release or .Chart - ## - # existingClaim: - - ## The path the volume will be mounted at, useful when using different - ## PostgreSQL images. - ## - mountPath: /bitnami/postgresql - - ## The subdirectory of the volume to mount to, useful in dev environments - ## and one PV for multiple services. - ## - subPath: "" - - # storageClass: "-" - accessModes: - - ReadWriteOnce - size: 8Gi - annotations: {} - -## updateStrategy for PostgreSQL StatefulSet and its slaves StatefulSets -## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies -updateStrategy: - type: RollingUpdate - -## -## PostgreSQL Master parameters -## -master: - ## Node, affinity, tolerations, and priorityclass settings for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature - ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption - nodeSelector: {} - affinity: {} - tolerations: [] - labels: {} - annotations: {} - podLabels: {} - podAnnotations: {} - priorityClassName: "" - ## Additional PostgreSQL Master Volume mounts - ## - extraVolumeMounts: [] - ## Additional PostgreSQL Master Volumes - ## - extraVolumes: [] - ## Add sidecars to the pod - ## - ## For example: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - sidecars: [] - - ## Override the service configuration for master - ## - service: {} - # type: - # nodePort: - # clusterIP: - -## -## PostgreSQL Slave parameters -## -slave: - ## Node, affinity, tolerations, and priorityclass settings for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature - ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption - nodeSelector: {} - affinity: {} - tolerations: [] - labels: {} - annotations: {} - podLabels: {} - podAnnotations: {} - priorityClassName: "" - ## Extra init containers - ## Example - ## - ## extraInitContainers: - ## - name: do-something - ## image: busybox - ## command: ['do', 'something'] - extraInitContainers: [] - ## Additional PostgreSQL Slave Volume mounts - ## - extraVolumeMounts: [] - ## Additional PostgreSQL Slave Volumes - ## - extraVolumes: [] - ## Add sidecars to the pod - ## - ## For example: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - sidecars: [] - - ## Override the service configuration for slave - ## - service: {} - # type: - # nodePort: - # clusterIP: - -## Configure resource requests and limits -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## -resources: - requests: - memory: 256Mi - cpu: 250m - -networkPolicy: - ## Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now. - ## - enabled: false - - ## The Policy model to apply. When set to false, only pods with the correct - ## client label will have network access to the port PostgreSQL is listening - ## on. When true, PostgreSQL will accept connections from any source - ## (with the correct destination port). - ## - allowExternal: true - - ## if explicitNamespacesSelector is missing or set to {}, only client Pods that are in the networkPolicy's namespace - ## and that match other criteria, the ones that have the good label, can reach the DB. - ## But sometimes, we want the DB to be accessible to clients from other namespaces, in this case, we can use this - ## LabelSelector to select these namespaces, note that the networkPolicy's namespace should also be explicitly added. - ## - ## Example: - ## explicitNamespacesSelector: - ## matchLabels: - ## role: frontend - ## matchExpressions: - ## - {key: role, operator: In, values: [frontend]} - explicitNamespacesSelector: {} - -## Configure extra options for liveness and readiness probes -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) -livenessProbe: - enabled: true - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - -readinessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - -## Configure metrics exporter -## -metrics: - enabled: true - # resources: {} - service: - type: ClusterIP - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "9187" - loadBalancerIP: - serviceMonitor: - enabled: false - additionalLabels: {} - # namespace: monitoring - # interval: 30s - # scrapeTimeout: 10s - ## Custom PrometheusRule to be defined - ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart - ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions - prometheusRule: - enabled: false - additionalLabels: {} - namespace: "" - ## These are just examples rules, please adapt them to your needs. - ## Make sure to constraint the rules to the current postgresql service. - ## rules: - ## - alert: HugeReplicationLag - ## expr: pg_replication_lag{service="{{ template "postgresql.fullname" . }}-metrics"} / 3600 > 1 - ## for: 1m - ## labels: - ## severity: critical - ## annotations: - ## description: replication for {{ template "postgresql.fullname" . }} PostgreSQL is lagging by {{ "{{ $value }}" }} hour(s). - ## summary: PostgreSQL replication is lagging by {{ "{{ $value }}" }} hour(s). - rules: [] - - image: - registry: docker.io - repository: bitnami/postgres-exporter - tag: 0.8.0-debian-10-r72 - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - ## Define additional custom metrics - ## ref: https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file - # customMetrics: - # pg_database: - # query: "SELECT d.datname AS name, CASE WHEN pg_catalog.has_database_privilege(d.datname, 'CONNECT') THEN pg_catalog.pg_database_size(d.datname) ELSE 0 END AS size FROM pg_catalog.pg_database d where datname not in ('template0', 'template1', 'postgres')" - # metrics: - # - name: - # usage: "LABEL" - # description: "Name of the database" - # - size_bytes: - # usage: "GAUGE" - # description: "Size of the database in bytes" - ## Pod Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - ## - securityContext: - enabled: false - runAsUser: 1001 - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) - ## Configure extra options for liveness and readiness probes - livenessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - - readinessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/values.schema.json b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/values.schema.json deleted file mode 100755 index ac2de6e94..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/values.schema.json +++ /dev/null @@ -1,103 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "type": "object", - "properties": { - "postgresqlUsername": { - "type": "string", - "title": "Admin user", - "form": true - }, - "postgresqlPassword": { - "type": "string", - "title": "Password", - "form": true - }, - "persistence": { - "type": "object", - "properties": { - "size": { - "type": "string", - "title": "Persistent Volume Size", - "form": true, - "render": "slider", - "sliderMin": 1, - "sliderMax": 100, - "sliderUnit": "Gi" - } - } - }, - "resources": { - "type": "object", - "title": "Required Resources", - "description": "Configure resource requests", - "form": true, - "properties": { - "requests": { - "type": "object", - "properties": { - "memory": { - "type": "string", - "form": true, - "render": "slider", - "title": "Memory Request", - "sliderMin": 10, - "sliderMax": 2048, - "sliderUnit": "Mi" - }, - "cpu": { - "type": "string", - "form": true, - "render": "slider", - "title": "CPU Request", - "sliderMin": 10, - "sliderMax": 2000, - "sliderUnit": "m" - } - } - } - } - }, - "replication": { - "type": "object", - "form": true, - "title": "Replication Details", - "properties": { - "enabled": { - "type": "boolean", - "title": "Enable Replication", - "form": true - }, - "slaveReplicas": { - "type": "integer", - "title": "Slave Replicas", - "form": true, - "hidden": { - "condition": false, - "value": "replication.enabled" - } - } - } - }, - "volumePermissions": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "form": true, - "title": "Enable Init Containers", - "description": "Change the owner of the persist volume mountpoint to RunAsUser:fsGroup" - } - } - }, - "metrics": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "title": "Configure metrics exporter", - "form": true - } - } - } - } -} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/values.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/values.yaml deleted file mode 100755 index e14709a5e..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/values.yaml +++ /dev/null @@ -1,548 +0,0 @@ -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry and imagePullSecrets -## -global: - postgresql: {} -# imageRegistry: myRegistryName -# imagePullSecrets: -# - myRegistryKeySecretName -# storageClass: myStorageClass - -## Bitnami PostgreSQL image version -## ref: https://hub.docker.com/r/bitnami/postgresql/tags/ -## -image: - registry: docker.io - repository: bitnami/postgresql - tag: 11.7.0-debian-10-r65 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - - ## Set to true if you would like to see extra information on logs - ## It turns BASH and NAMI debugging in minideb - ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging - debug: false - -## String to partially override postgresql.fullname template (will maintain the release name) -## -# nameOverride: - -## String to fully override postgresql.fullname template -## -# fullnameOverride: - -## -## Init containers parameters: -## volumePermissions: Change the owner of the persist volume mountpoint to RunAsUser:fsGroup -## -volumePermissions: - enabled: false - image: - registry: docker.io - repository: bitnami/minideb - tag: buster - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: Always - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - ## Init container Security Context - ## Note: the chown of the data folder is done to securityContext.runAsUser - ## and not the below volumePermissions.securityContext.runAsUser - ## When runAsUser is set to special value "auto", init container will try to chwon the - ## data folder to autodetermined user&group, using commands: `id -u`:`id -G | cut -d" " -f2` - ## "auto" is especially useful for OpenShift which has scc with dynamic userids (and 0 is not allowed). - ## You may want to use this volumePermissions.securityContext.runAsUser="auto" in combination with - ## pod securityContext.enabled=false and shmVolume.chmod.enabled=false - ## - securityContext: - runAsUser: 0 - -## Use an alternate scheduler, e.g. "stork". -## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ -## -# schedulerName: - - -## Pod Security Context -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ -## -securityContext: - enabled: true - fsGroup: 1001 - runAsUser: 1001 - -## Pod Service Account -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ -serviceAccount: - enabled: false - ## Name of an already existing service account. Setting this value disables the automatic service account creation. - # name: - -replication: - enabled: false - user: repl_user - password: repl_password - slaveReplicas: 1 - ## Set synchronous commit mode: on, off, remote_apply, remote_write and local - ## ref: https://www.postgresql.org/docs/9.6/runtime-config-wal.html#GUC-WAL-LEVEL - synchronousCommit: "off" - ## From the number of `slaveReplicas` defined above, set the number of those that will have synchronous replication - ## NOTE: It cannot be > slaveReplicas - numSynchronousReplicas: 0 - ## Replication Cluster application name. Useful for defining multiple replication policies - applicationName: my_application - -## PostgreSQL admin password (used when `postgresqlUsername` is not `postgres`) -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-user-on-first-run (see note!) -# postgresqlPostgresPassword: - -## PostgreSQL user (has superuser privileges if username is `postgres`) -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run -postgresqlUsername: postgres - -## PostgreSQL password -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run -## -# postgresqlPassword: - -## PostgreSQL password using existing secret -## existingSecret: secret - -## Mount PostgreSQL secret as a file instead of passing environment variable -# usePasswordFile: false - -## Create a database -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-on-first-run -## -# postgresqlDatabase: - -## PostgreSQL data dir -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md -## -postgresqlDataDir: /bitnami/postgresql/data - -## An array to add extra environment variables -## For example: -## extraEnv: -## - name: FOO -## value: "bar" -## -# extraEnv: -extraEnv: [] - -## Name of a ConfigMap containing extra env vars -## -# extraEnvVarsCM: - -## Specify extra initdb args -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md -## -# postgresqlInitdbArgs: - -## Specify a custom location for the PostgreSQL transaction log -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md -## -# postgresqlInitdbWalDir: - -## PostgreSQL configuration -## Specify runtime configuration parameters as a dict, using camelCase, e.g. -## {"sharedBuffers": "500MB"} -## Alternatively, you can put your postgresql.conf under the files/ directory -## ref: https://www.postgresql.org/docs/current/static/runtime-config.html -## -# postgresqlConfiguration: - -## PostgreSQL extended configuration -## As above, but _appended_ to the main configuration -## Alternatively, you can put your *.conf under the files/conf.d/ directory -## https://github.com/bitnami/bitnami-docker-postgresql#allow-settings-to-be-loaded-from-files-other-than-the-default-postgresqlconf -## -# postgresqlExtendedConf: - -## PostgreSQL client authentication configuration -## Specify content for pg_hba.conf -## Default: do not create pg_hba.conf -## Alternatively, you can put your pg_hba.conf under the files/ directory -# pgHbaConfiguration: |- -# local all all trust -# host all all localhost trust -# host mydatabase mysuser 192.168.0.0/24 md5 - -## ConfigMap with PostgreSQL configuration -## NOTE: This will override postgresqlConfiguration and pgHbaConfiguration -# configurationConfigMap: - -## ConfigMap with PostgreSQL extended configuration -# extendedConfConfigMap: - -## initdb scripts -## Specify dictionary of scripts to be run at first boot -## Alternatively, you can put your scripts under the files/docker-entrypoint-initdb.d directory -## -# initdbScripts: -# my_init_script.sh: | -# #!/bin/sh -# echo "Do something." - -## ConfigMap with scripts to be run at first boot -## NOTE: This will override initdbScripts -# initdbScriptsConfigMap: - -## Secret with scripts to be run at first boot (in case it contains sensitive information) -## NOTE: This can work along initdbScripts or initdbScriptsConfigMap -# initdbScriptsSecret: - -## Specify the PostgreSQL username and password to execute the initdb scripts -# initdbUser: -# initdbPassword: - -## Optional duration in seconds the pod needs to terminate gracefully. -## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods -## -# terminationGracePeriodSeconds: 30 - -## LDAP configuration -## -ldap: - enabled: false - url: "" - server: "" - port: "" - prefix: "" - suffix: "" - baseDN: "" - bindDN: "" - bind_password: - search_attr: "" - search_filter: "" - scheme: "" - tls: false - -## PostgreSQL service configuration -service: - ## PosgresSQL service type - type: ClusterIP - # clusterIP: None - port: 5432 - - ## Specify the nodePort value for the LoadBalancer and NodePort service types. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## - # nodePort: - - ## Provide any additional annotations which may be required. Evaluated as a template. - ## - annotations: {} - ## Set the LoadBalancer service type to internal only. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - # loadBalancerIP: - - ## Load Balancer sources. Evaluated as a template. - ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## - # loadBalancerSourceRanges: - # - 10.10.10.0/24 - -## Start master and slave(s) pod(s) without limitations on shm memory. -## By default docker and containerd (and possibly other container runtimes) -## limit `/dev/shm` to `64M` (see e.g. the -## [docker issue](https://github.com/docker-library/postgres/issues/416) and the -## [containerd issue](https://github.com/containerd/containerd/issues/3654), -## which could be not enough if PostgreSQL uses parallel workers heavily. -## -shmVolume: - ## Set `shmVolume.enabled` to `true` to mount a new tmpfs volume to remove - ## this limitation. - ## - enabled: true - ## Set to `true` to `chmod 777 /dev/shm` on a initContainer. - ## This option is ingored if `volumePermissions.enabled` is `false` - ## - chmod: - enabled: true - -## PostgreSQL data Persistent Volume Storage Class -## If defined, storageClassName: -## If set to "-", storageClassName: "", which disables dynamic provisioning -## If undefined (the default) or set to null, no storageClassName spec is -## set, choosing the default provisioner. (gp2 on AWS, standard on -## GKE, AWS & OpenStack) -## -persistence: - enabled: true - ## A manually managed Persistent Volume and Claim - ## If defined, PVC must be created manually before volume will be bound - ## The value is evaluated as a template, so, for example, the name can depend on .Release or .Chart - ## - # existingClaim: - - ## The path the volume will be mounted at, useful when using different - ## PostgreSQL images. - ## - mountPath: /bitnami/postgresql - - ## The subdirectory of the volume to mount to, useful in dev environments - ## and one PV for multiple services. - ## - subPath: "" - - # storageClass: "-" - accessModes: - - ReadWriteOnce - size: 8Gi - annotations: {} - -## updateStrategy for PostgreSQL StatefulSet and its slaves StatefulSets -## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies -updateStrategy: - type: RollingUpdate - -## -## PostgreSQL Master parameters -## -master: - ## Node, affinity, tolerations, and priorityclass settings for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature - ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption - nodeSelector: {} - affinity: {} - tolerations: [] - labels: {} - annotations: {} - podLabels: {} - podAnnotations: {} - priorityClassName: "" - ## Extra init containers - ## Example - ## - ## extraInitContainers: - ## - name: do-something - ## image: busybox - ## command: ['do', 'something'] - extraInitContainers: [] - - ## Additional PostgreSQL Master Volume mounts - ## - extraVolumeMounts: [] - ## Additional PostgreSQL Master Volumes - ## - extraVolumes: [] - ## Add sidecars to the pod - ## - ## For example: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - sidecars: [] - - ## Override the service configuration for master - ## - service: {} - # type: - # nodePort: - # clusterIP: - -## -## PostgreSQL Slave parameters -## -slave: - ## Node, affinity, tolerations, and priorityclass settings for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature - ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption - nodeSelector: {} - affinity: {} - tolerations: [] - labels: {} - annotations: {} - podLabels: {} - podAnnotations: {} - priorityClassName: "" - extraInitContainers: | - # - name: do-something - # image: busybox - # command: ['do', 'something'] - ## Additional PostgreSQL Slave Volume mounts - ## - extraVolumeMounts: [] - ## Additional PostgreSQL Slave Volumes - ## - extraVolumes: [] - ## Add sidecars to the pod - ## - ## For example: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - sidecars: [] - - ## Override the service configuration for slave - ## - service: {} - # type: - # nodePort: - # clusterIP: - -## Configure resource requests and limits -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## -resources: - requests: - memory: 256Mi - cpu: 250m - -networkPolicy: - ## Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now. - ## - enabled: false - - ## The Policy model to apply. When set to false, only pods with the correct - ## client label will have network access to the port PostgreSQL is listening - ## on. When true, PostgreSQL will accept connections from any source - ## (with the correct destination port). - ## - allowExternal: true - - ## if explicitNamespacesSelector is missing or set to {}, only client Pods that are in the networkPolicy's namespace - ## and that match other criteria, the ones that have the good label, can reach the DB. - ## But sometimes, we want the DB to be accessible to clients from other namespaces, in this case, we can use this - ## LabelSelector to select these namespaces, note that the networkPolicy's namespace should also be explicitly added. - ## - ## Example: - ## explicitNamespacesSelector: - ## matchLabels: - ## role: frontend - ## matchExpressions: - ## - {key: role, operator: In, values: [frontend]} - explicitNamespacesSelector: {} - -## Configure extra options for liveness and readiness probes -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) -livenessProbe: - enabled: true - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - -readinessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - -## Configure metrics exporter -## -metrics: - enabled: false - # resources: {} - service: - type: ClusterIP - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "9187" - loadBalancerIP: - serviceMonitor: - enabled: false - additionalLabels: {} - # namespace: monitoring - # interval: 30s - # scrapeTimeout: 10s - ## Custom PrometheusRule to be defined - ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart - ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions - prometheusRule: - enabled: false - additionalLabels: {} - namespace: "" - ## These are just examples rules, please adapt them to your needs. - ## Make sure to constraint the rules to the current postgresql service. - ## rules: - ## - alert: HugeReplicationLag - ## expr: pg_replication_lag{service="{{ template "postgresql.fullname" . }}-metrics"} / 3600 > 1 - ## for: 1m - ## labels: - ## severity: critical - ## annotations: - ## description: replication for {{ template "postgresql.fullname" . }} PostgreSQL is lagging by {{ "{{ $value }}" }} hour(s). - ## summary: PostgreSQL replication is lagging by {{ "{{ $value }}" }} hour(s). - rules: [] - - image: - registry: docker.io - repository: bitnami/postgres-exporter - tag: 0.8.0-debian-10-r72 - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - ## Define additional custom metrics - ## ref: https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file - # customMetrics: - # pg_database: - # query: "SELECT d.datname AS name, CASE WHEN pg_catalog.has_database_privilege(d.datname, 'CONNECT') THEN pg_catalog.pg_database_size(d.datname) ELSE 0 END AS size FROM pg_catalog.pg_database d where datname not in ('template0', 'template1', 'postgres')" - # metrics: - # - name: - # usage: "LABEL" - # description: "Name of the database" - # - size_bytes: - # usage: "GAUGE" - # description: "Size of the database in bytes" - ## Pod Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - ## - securityContext: - enabled: false - runAsUser: 1001 - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) - ## Configure extra options for liveness and readiness probes - livenessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - - readinessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/ci/access-tls-values.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/ci/access-tls-values.yaml deleted file mode 100755 index 2ba5a7af1..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/ci/access-tls-values.yaml +++ /dev/null @@ -1,9 +0,0 @@ -databaseUpgradeReady: true -artifactory: - masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF - -access: - accessConfig: - security: - tls: true - resetAccessCAKeys: true diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/ci/default-values.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/ci/default-values.yaml deleted file mode 100755 index 01310a3b7..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/ci/default-values.yaml +++ /dev/null @@ -1,6 +0,0 @@ -# Leave this file empty to ensure that CI runs builds against the default configuration in values.yaml. -databaseUpgradeReady: true -## This is an exception here because HA needs masterKey to connect with other node members and it is commented in values to support 6.x to 7.x Migration -## Please refer https://github.com/jfrog/charts/blob/master/stable/artifactory-ha/README.md#special-upgrade-notes-1 -artifactory: - masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/ci/migration-disabled-values.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/ci/migration-disabled-values.yaml deleted file mode 100755 index 148618353..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/ci/migration-disabled-values.yaml +++ /dev/null @@ -1,5 +0,0 @@ -databaseUpgradeReady: true -artifactory: - masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF - migration: - enabled: false diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/ci/test-values.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/ci/test-values.yaml deleted file mode 100755 index 0ee7cbdd2..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/ci/test-values.yaml +++ /dev/null @@ -1,14 +0,0 @@ -databaseUpgradeReady: true -artifactory: - masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF - persistence: - enabled: true - -postgresql: - image: - tag: 9.6.18-debian-10-r7 - postgresqlPassword: "password" - postgresqlExtendedConf: - maxConnections: "102" - persistence: - enabled: true diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/files/migrate.sh b/charts/artifactory-ha/artifactory-ha/3.0.1400/files/migrate.sh deleted file mode 100755 index e35bfdbb2..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/files/migrate.sh +++ /dev/null @@ -1,4339 +0,0 @@ -#!/bin/bash - -# Flags -FLAG_Y="y" -FLAG_N="n" -FLAGS_Y_N="$FLAG_Y $FLAG_N" -FLAG_NOT_APPLICABLE="_NA_" - -CURRENT_VERSION=$1 - -WRAPPER_SCRIPT_TYPE_RPMDEB="RPMDEB" -WRAPPER_SCRIPT_TYPE_DOCKER_COMPOSE="DOCKERCOMPOSE" - -SENSITIVE_KEY_VALUE="__sensitive_key_hidden___" - -# Shared system keys -SYS_KEY_SHARED_JFROGURL="shared.jfrogUrl" -SYS_KEY_SHARED_SECURITY_JOINKEY="shared.security.joinKey" -SYS_KEY_SHARED_SECURITY_MASTERKEY="shared.security.masterKey" - -SYS_KEY_SHARED_NODE_ID="shared.node.id" -SYS_KEY_SHARED_JAVAHOME="shared.javaHome" - -SYS_KEY_SHARED_DATABASE_TYPE="shared.database.type" -SYS_KEY_SHARED_DATABASE_TYPE_VALUE_POSTGRES="postgresql" -SYS_KEY_SHARED_DATABASE_DRIVER="shared.database.driver" -SYS_KEY_SHARED_DATABASE_URL="shared.database.url" -SYS_KEY_SHARED_DATABASE_USERNAME="shared.database.username" -SYS_KEY_SHARED_DATABASE_PASSWORD="shared.database.password" - -SYS_KEY_SHARED_ELASTICSEARCH_URL="shared.elasticsearch.url" -SYS_KEY_SHARED_ELASTICSEARCH_USERNAME="shared.elasticsearch.username" -SYS_KEY_SHARED_ELASTICSEARCH_PASSWORD="shared.elasticsearch.password" -SYS_KEY_SHARED_ELASTICSEARCH_CLUSTERSETUP="shared.elasticsearch.clusterSetup" -SYS_KEY_SHARED_ELASTICSEARCH_UNICASTFILE="shared.elasticsearch.unicastFile" -SYS_KEY_SHARED_ELASTICSEARCH_CLUSTERSETUP_VALUE="YES" - -# Define this in product specific script. Should contain the path to unitcast file -# File used by insight server to write cluster active nodes info. This will be read by elasticsearch -#SYS_KEY_SHARED_ELASTICSEARCH_UNICASTFILE_VALUE="" - -SYS_KEY_RABBITMQ_ACTIVE_NODE_NAME="shared.rabbitMq.active.node.name" -SYS_KEY_RABBITMQ_ACTIVE_NODE_IP="shared.rabbitMq.active.node.ip" - -# Filenames -FILE_NAME_SYSTEM_YAML="system.yaml" -FILE_NAME_JOIN_KEY="join.key" -FILE_NAME_MASTER_KEY="master.key" -FILE_NAME_INSTALLER_YAML="installer.yaml" - -# Global constants used in business logic -NODE_TYPE_STANDALONE="standalone" -NODE_TYPE_CLUSTER_NODE="node" -NODE_TYPE_DATABASE="database" - -# External(isable) databases -DATABASE_POSTGRES="POSTGRES" -DATABASE_ELASTICSEARCH="ELASTICSEARCH" -DATABASE_RABBITMQ="RABBITMQ" - -POSTGRES_LABEL="PostgreSQL" -ELASTICSEARCH_LABEL="Elasticsearch" -RABBITMQ_LABEL="Rabbitmq" - -ARTIFACTORY_LABEL="Artifactory" -JFMC_LABEL="Mission Control" -DISTRIBUTION_LABEL="Distribution" -XRAY_LABEL="Xray" - -POSTGRES_CONTAINER="postgres" -ELASTICSEARCH_CONTAINER="elasticsearch" -RABBITMQ_CONTAINER="rabbitmq" -REDIS_CONTAINER="redis" - -#Adding a small timeout before a read ensures it is positioned correctly in the screen -read_timeout=0.5 - -# Options related to data directory location -PROMPT_DATA_DIR_LOCATION="Installation Directory" -KEY_DATA_DIR_LOCATION="installer.data_dir" - -SYS_KEY_SHARED_NODE_HAENABLED="shared.node.haEnabled" -PROMPT_ADD_TO_CLUSTER="Are you adding an additional node to an existing product cluster?" -KEY_ADD_TO_CLUSTER="installer.ha" -VALID_VALUES_ADD_TO_CLUSTER="$FLAGS_Y_N" - -MESSAGE_POSTGRES_INSTALL="The installer can install a $POSTGRES_LABEL database, or you can connect to an existing compatible $POSTGRES_LABEL database\n(compatible databases: https://www.jfrog.com/confluence/display/JFROG/System+Requirements#SystemRequirements-RequirementsMatrix)" -PROMPT_POSTGRES_INSTALL="Do you want to install $POSTGRES_LABEL?" -KEY_POSTGRES_INSTALL="installer.install_postgresql" -VALID_VALUES_POSTGRES_INSTALL="$FLAGS_Y_N" - -# Postgres connection details -RPM_DEB_POSTGRES_HOME_DEFAULT="/var/opt/jfrog/postgres" -RPM_DEB_MESSAGE_STANDALONE_POSTGRES_DATA="$POSTGRES_LABEL home will have data and its configuration" -RPM_DEB_PROMPT_STANDALONE_POSTGRES_DATA="Type desired $POSTGRES_LABEL home location" -RPM_DEB_KEY_STANDALONE_POSTGRES_DATA="installer.postgresql.home" - -MESSAGE_DATABASE_URL="Provide the database connection details" -PROMPT_DATABASE_URL(){ - local databaseURlExample= - case "$PRODUCT_NAME" in - $ARTIFACTORY_LABEL) - databaseURlExample="jdbc:postgresql://:/artifactory" - ;; - $JFMC_LABEL) - databaseURlExample="postgresql://:/mission_control?sslmode=disable" - ;; - $DISTRIBUTION_LABEL) - databaseURlExample="jdbc:postgresql://:/distribution?sslmode=disable" - ;; - $XRAY_LABEL) - databaseURlExample="postgres://:/xraydb?sslmode=disable" - ;; - esac - if [ -z "$databaseURlExample" ]; then - echo -n "$POSTGRES_LABEL URL" # For consistency with username and password - return - fi - echo -n "$POSTGRES_LABEL url. Example: [$databaseURlExample]" -} -REGEX_DATABASE_URL(){ - local databaseURlExample= - case "$PRODUCT_NAME" in - $ARTIFACTORY_LABEL) - databaseURlExample="jdbc:postgresql://.*/artifactory.*" - ;; - $JFMC_LABEL) - databaseURlExample="postgresql://.*/mission_control.*" - ;; - $DISTRIBUTION_LABEL) - databaseURlExample="jdbc:postgresql://.*/distribution.*" - ;; - $XRAY_LABEL) - databaseURlExample="postgres://.*/xraydb.*" - ;; - esac - echo -n "^$databaseURlExample\$" -} -ERROR_MESSAGE_DATABASE_URL="Invalid $POSTGRES_LABEL URL" -KEY_DATABASE_URL="$SYS_KEY_SHARED_DATABASE_URL" -#NOTE: It is important to display the label. Since the message may be hidden if URL is known -PROMPT_DATABASE_USERNAME="$POSTGRES_LABEL username" -KEY_DATABASE_USERNAME="$SYS_KEY_SHARED_DATABASE_USERNAME" -#NOTE: It is important to display the label. Since the message may be hidden if URL is known -PROMPT_DATABASE_PASSWORD="$POSTGRES_LABEL password" -KEY_DATABASE_PASSWORD="$SYS_KEY_SHARED_DATABASE_PASSWORD" -IS_SENSITIVE_DATABASE_PASSWORD="$FLAG_Y" - -MESSAGE_STANDALONE_ELASTICSEARCH_INSTALL="The installer can install a $ELASTICSEARCH_LABEL database or you can connect to an existing compatible $ELASTICSEARCH_LABEL database" -PROMPT_STANDALONE_ELASTICSEARCH_INSTALL="Do you want to install $ELASTICSEARCH_LABEL?" -KEY_STANDALONE_ELASTICSEARCH_INSTALL="installer.install_elasticsearch" -VALID_VALUES_STANDALONE_ELASTICSEARCH_INSTALL="$FLAGS_Y_N" - -# Elasticsearch connection details -MESSAGE_ELASTICSEARCH_DETAILS="Provide the $ELASTICSEARCH_LABEL connection details" -PROMPT_ELASTICSEARCH_URL="$ELASTICSEARCH_LABEL URL" -KEY_ELASTICSEARCH_URL="$SYS_KEY_SHARED_ELASTICSEARCH_URL" - -PROMPT_ELASTICSEARCH_USERNAME="$ELASTICSEARCH_LABEL username" -KEY_ELASTICSEARCH_USERNAME="$SYS_KEY_SHARED_ELASTICSEARCH_USERNAME" - -PROMPT_ELASTICSEARCH_PASSWORD="$ELASTICSEARCH_LABEL password" -KEY_ELASTICSEARCH_PASSWORD="$SYS_KEY_SHARED_ELASTICSEARCH_PASSWORD" -IS_SENSITIVE_ELASTICSEARCH_PASSWORD="$FLAG_Y" - -# Cluster related questions -MESSAGE_CLUSTER_MASTER_KEY="Provide the cluster's master key. It can be found in the data directory of the first node under /etc/security/master.key" -PROMPT_CLUSTER_MASTER_KEY="Master Key" -KEY_CLUSTER_MASTER_KEY="$SYS_KEY_SHARED_SECURITY_MASTERKEY" -IS_SENSITIVE_CLUSTER_MASTER_KEY="$FLAG_Y" - -MESSAGE_JOIN_KEY="The Join key is the secret key used to establish trust between services in the JFrog Platform.\n(You can copy the Join Key from Admin > Security > Settings)" -PROMPT_JOIN_KEY="Join Key" -KEY_JOIN_KEY="$SYS_KEY_SHARED_SECURITY_JOINKEY" -IS_SENSITIVE_JOIN_KEY="$FLAG_Y" -REGEX_JOIN_KEY="^[a-zA-Z0-9]{16,}\$" -ERROR_MESSAGE_JOIN_KEY="Invalid Join Key" - -# Rabbitmq related cluster information -MESSAGE_RABBITMQ_ACTIVE_NODE_NAME="Provide an active ${RABBITMQ_LABEL} node name. Run the command [ hostname -s ] on any of the existing nodes in the product cluster to get this" -PROMPT_RABBITMQ_ACTIVE_NODE_NAME="${RABBITMQ_LABEL} active node name" -KEY_RABBITMQ_ACTIVE_NODE_NAME="$SYS_KEY_RABBITMQ_ACTIVE_NODE_NAME" - -# Rabbitmq related cluster information (necessary only for docker-compose) -PROMPT_RABBITMQ_ACTIVE_NODE_IP="${RABBITMQ_LABEL} active node ip" -KEY_RABBITMQ_ACTIVE_NODE_IP="$SYS_KEY_RABBITMQ_ACTIVE_NODE_IP" - -MESSAGE_JFROGURL(){ - echo -e "The JFrog URL allows ${PRODUCT_NAME} to connect to a JFrog Platform Instance.\n(You can copy the JFrog URL from Admin > Security > Settings)" -} -PROMPT_JFROGURL="JFrog URL" -KEY_JFROGURL="$SYS_KEY_SHARED_JFROGURL" -REGEX_JFROGURL="^https?://.*:{0,}[0-9]{0,4}\$" -ERROR_MESSAGE_JFROGURL="Invalid JFrog URL" - - -# Set this to FLAG_Y on upgrade -IS_UPGRADE="${FLAG_N}" - -# This belongs in JFMC but is the ONLY one that needs it so keeping it here for now. Can be made into a method and overridden if necessary -MESSAGE_MULTIPLE_PG_SCHEME="Please setup $POSTGRES_LABEL with schema as described in https://www.jfrog.com/confluence/display/JFROG/Installing+Mission+Control" - -_getMethodOutputOrVariableValue() { - unset EFFECTIVE_MESSAGE - local keyToSearch=$1 - local effectiveMessage= - local result="0" - # logSilly "Searching for method: [$keyToSearch]" - LC_ALL=C type "$keyToSearch" > /dev/null 2>&1 || result="$?" - if [[ "$result" == "0" ]]; then - # logSilly "Found method for [$keyToSearch]" - EFFECTIVE_MESSAGE="$($keyToSearch)" - return - fi - eval EFFECTIVE_MESSAGE=\${$keyToSearch} - if [ ! -z "$EFFECTIVE_MESSAGE" ]; then - return - fi - # logSilly "Didn't find method or variable for [$keyToSearch]" -} - - -# REF https://misc.flogisoft.com/bash/tip_colors_and_formatting -cClear="\e[0m" -cBlue="\e[38;5;69m" -cRedDull="\e[1;31m" -cYellow="\e[1;33m" -cRedBright="\e[38;5;197m" -cBold="\e[1m" - - -_loggerGetModeRaw() { - local MODE="$1" - case $MODE in - INFO) - printf "" - ;; - DEBUG) - printf "%s" "[${MODE}] " - ;; - WARN) - printf "${cRedDull}%s%s${cClear}" "[" "${MODE}" "] " - ;; - ERROR) - printf "${cRedBright}%s%s${cClear}" "[" "${MODE}" "] " - ;; - esac -} - - -_loggerGetMode() { - local MODE="$1" - case $MODE in - INFO) - printf "${cBlue}%s%-5s%s${cClear}" "[" "${MODE}" "]" - ;; - DEBUG) - printf "%-7s" "[${MODE}]" - ;; - WARN) - printf "${cRedDull}%s%-5s%s${cClear}" "[" "${MODE}" "]" - ;; - ERROR) - printf "${cRedBright}%s%-5s%s${cClear}" "[" "${MODE}" "]" - ;; - esac -} - -# Capitalises the first letter of the message -_loggerGetMessage() { - local originalMessage="$*" - local firstChar=$(echo "${originalMessage:0:1}" | awk '{ print toupper($0) }') - local resetOfMessage="${originalMessage:1}" - echo "$firstChar$resetOfMessage" -} - -# The spec also says content should be left-trimmed but this is not necessary in our case. We don't reach the limit. -_loggerGetStackTrace() { - printf "%s%-30s%s" "[" "$1:$2" "]" -} - -_loggerGetThread() { - printf "%s" "[main]" -} - -_loggerGetServiceType() { - printf "%s%-5s%s" "[" "shell" "]" -} - -#Trace ID is not applicable to scripts -_loggerGetTraceID() { - printf "%s" "[]" -} - -logRaw() { - echo "" - printf "$1" - echo "" -} - -logBold(){ - echo "" - printf "${cBold}$1${cClear}" - echo "" -} - -# The date binary works differently based on whether it is GNU/BSD -is_date_supported=0 -date --version > /dev/null 2>&1 || is_date_supported=1 -IS_GNU=$(echo $is_date_supported) - -_loggerGetTimestamp() { - if [ "${IS_GNU}" == "0" ]; then - echo -n $(date -u +%FT%T.%3NZ) - else - echo -n $(date -u +%FT%T.000Z) - fi -} - -# https://www.shellscript.sh/tips/spinner/ -_spin() -{ - spinner="/|\\-/|\\-" - while : - do - for i in `seq 0 7` - do - echo -n "${spinner:$i:1}" - echo -en "\010" - sleep 1 - done - done -} - -showSpinner() { - # Start the Spinner: - _spin & - # Make a note of its Process ID (PID): - SPIN_PID=$! - # Kill the spinner on any signal, including our own exit. - trap "kill -9 $SPIN_PID" `seq 0 15` &> /dev/null || return 0 -} - -stopSpinner() { - local occurrences=$(ps -ef | grep -wc "${SPIN_PID}") - let "occurrences+=0" - # validate that it is present (2 since this search itself will show up in the results) - if [ $occurrences -gt 1 ]; then - kill -9 $SPIN_PID &>/dev/null || return 0 - wait $SPIN_ID &>/dev/null - fi -} - -_getEffectiveMessage(){ - local MESSAGE="$1" - local MODE=${2-"INFO"} - - if [ -z "$CONTEXT" ]; then - CONTEXT=$(caller) - fi - - _EFFECTIVE_MESSAGE= - if [ -z "$LOG_BEHAVIOR_ADD_META" ]; then - _EFFECTIVE_MESSAGE="$(_loggerGetModeRaw $MODE)$(_loggerGetMessage $MESSAGE)" - else - local SERVICE_TYPE="script" - local TRACE_ID="" - local THREAD="main" - - local CONTEXT_LINE=$(echo "$CONTEXT" | awk '{print $1}') - local CONTEXT_FILE=$(echo "$CONTEXT" | awk -F"/" '{print $NF}') - - _EFFECTIVE_MESSAGE="$(_loggerGetTimestamp) $(_loggerGetServiceType) $(_loggerGetMode $MODE) $(_loggerGetTraceID) $(_loggerGetStackTrace $CONTEXT_FILE $CONTEXT_LINE) $(_loggerGetThread) - $(_loggerGetMessage $MESSAGE)" - fi - CONTEXT= -} - -# Important - don't call any log method from this method. Will become an infinite loop. Use echo to debug -_logToFile() { - local MODE=${1-"INFO"} - local targetFile="$LOG_BEHAVIOR_ADD_REDIRECTION" - # IF the file isn't passed, abort - if [ -z "$targetFile" ]; then - return - fi - # IF this is not being run in verbose mode and mode is debug or lower, abort - if [ "${VERBOSE_MODE}" != "$FLAG_Y" ] && [ "${VERBOSE_MODE}" != "true" ] && [ "${VERBOSE_MODE}" != "debug" ]; then - if [ "$MODE" == "DEBUG" ] || [ "$MODE" == "SILLY" ]; then - return - fi - fi - - # Create the file if it doesn't exist - if [ ! -f "${targetFile}" ]; then - return - # touch $targetFile > /dev/null 2>&1 || true - fi - # # Make it readable - # chmod 640 $targetFile > /dev/null 2>&1 || true - - # Log contents - printf "%s\n" "$_EFFECTIVE_MESSAGE" >> "$targetFile" || true -} - -logger() { - if [ "$LOG_BEHAVIOR_ADD_NEW_LINE" == "$FLAG_Y" ]; then - echo "" - fi - _getEffectiveMessage "$@" - local MODE=${2-"INFO"} - printf "%s\n" "$_EFFECTIVE_MESSAGE" - _logToFile "$MODE" -} - -logDebug(){ - VERBOSE_MODE=${VERBOSE_MODE-"false"} - CONTEXT=$(caller) - if [ "${VERBOSE_MODE}" == "$FLAG_Y" ] || [ "${VERBOSE_MODE}" == "true" ] || [ "${VERBOSE_MODE}" == "debug" ];then - logger "$1" "DEBUG" - else - logger "$1" "DEBUG" >&6 - fi - CONTEXT= -} - -logSilly(){ - VERBOSE_MODE=${VERBOSE_MODE-"false"} - CONTEXT=$(caller) - if [ "${VERBOSE_MODE}" == "silly" ];then - logger "$1" "DEBUG" - else - logger "$1" "DEBUG" >&6 - fi - CONTEXT= -} - -logError() { - CONTEXT=$(caller) - logger "$1" "ERROR" - CONTEXT= -} - -errorExit () { - CONTEXT=$(caller) - logger "$1" "ERROR" - CONTEXT= - exit 1 -} - -warn () { - CONTEXT=$(caller) - logger "$1" "WARN" - CONTEXT= -} - -note () { - CONTEXT=$(caller) - logger "$1" "NOTE" - CONTEXT= -} - -bannerStart() { - title=$1 - echo - echo -e "\033[1m${title}\033[0m" - echo -} - -bannerSection() { - title=$1 - echo - echo -e "******************************** ${title} ********************************" - echo -} - -bannerSubSection() { - title=$1 - echo - echo -e "************** ${title} *******************" - echo -} - -bannerMessge() { - title=$1 - echo - echo -e "********************************" - echo -e "${title}" - echo -e "********************************" - echo -} - -setRed () { - local input="$1" - echo -e \\033[31m${input}\\033[0m -} -setGreen () { - local input="$1" - echo -e \\033[32m${input}\\033[0m -} -setYellow () { - local input="$1" - echo -e \\033[33m${input}\\033[0m -} - -logger_addLinebreak () { - echo -e "---\n" -} - -bannerImportant() { - title=$1 - local bold="\033[1m" - local noColour="\033[0m" - echo - echo -e "${bold}######################################## IMPORTANT ########################################${noColour}" - echo -e "${bold}${title}${noColour}" - echo -e "${bold}###########################################################################################${noColour}" - echo -} - -bannerEnd() { - #TODO pass a title and calculate length dynamically so that start and end look alike - echo - echo "*****************************************************************************" - echo -} - -banner() { - title=$1 - content=$2 - bannerStart "${title}" - echo -e "$content" -} - -# The logic below helps us redirect content we'd normally hide to the log file. - # - # We have several commands which clutter the console with output and so use - # `cmd > /dev/null` - this redirects the command's output to null. - # - # However, the information we just hid maybe useful for support. Using the code pattern - # `cmd >&6` (instead of `cmd> >/dev/null` ), the command's output is hidden from the console - # but redirected to the installation log file - # - -#Default value of 6 is just null -exec 6>>/dev/null -redirectLogsToFile() { - echo "" - # local file=$1 - - # [ ! -z "${file}" ] || return 0 - - # local logDir=$(dirname "$file") - - # if [ ! -f "${file}" ]; then - # [ -d "${logDir}" ] || mkdir -p ${logDir} || \ - # ( echo "WARNING : Could not create parent directory (${logDir}) to redirect console log : ${file}" ; return 0 ) - # fi - - # #6 now points to the log file - # exec 6>>${file} - # #reference https://unix.stackexchange.com/questions/145651/using-exec-and-tee-to-redirect-logs-to-stdout-and-a-log-file-in-the-same-time - # exec 2>&1 > >(tee -a "${file}") -} - -# Check if a give key contains any sensitive string as part of it -# Based on the result, the caller can decide its value can be displayed or not -# Sample usage : isKeySensitive "${key}" && displayValue="******" || displayValue=${value} -isKeySensitive(){ - local key=$1 - local sensitiveKeys="password|secret|key|token" - - if [ -z "${key}" ]; then - return 1 - else - local lowercaseKey=$(echo "${key}" | tr '[:upper:]' '[:lower:]' 2>/dev/null) - [[ "${lowercaseKey}" =~ ${sensitiveKeys} ]] && return 0 || return 1 - fi -} - -getPrintableValueOfKey(){ - local displayValue= - local key="$1" - if [ -z "$key" ]; then - # This is actually an incorrect usage of this method but any logging will cause unexpected content in the caller - echo -n "" - return - fi - - local value="$2" - isKeySensitive "${key}" && displayValue="$SENSITIVE_KEY_VALUE" || displayValue="${value}" - echo -n $displayValue -} - -_createConsoleLog(){ - if [ -z "${JF_PRODUCT_HOME}" ]; then - return - fi - local targetFile="${JF_PRODUCT_HOME}/var/log/console.log" - mkdir -p "${JF_PRODUCT_HOME}/var/log" || true - if [ ! -f ${targetFile} ]; then - touch $targetFile > /dev/null 2>&1 || true - fi - chmod 640 $targetFile > /dev/null 2>&1 || true -} - -# Output from application's logs are piped to this method. It checks a configuration variable to determine if content should be logged to -# the common console.log file -redirectServiceLogsToFile() { - - local result="0" - # check if the function getSystemValue exists - LC_ALL=C type getSystemValue > /dev/null 2>&1 || result="$?" - if [[ "$result" != "0" ]]; then - warn "Couldn't find the systemYamlHelper. Skipping log redirection" - return 0 - fi - - getSystemValue "shared.consoleLog" "NOT_SET" - if [[ "${YAML_VALUE}" == "false" ]]; then - logger "Redirection is set to false. Skipping log redirection" - return 0; - fi - - if [ -z "${JF_PRODUCT_HOME}" ] || [ "${JF_PRODUCT_HOME}" == "" ]; then - warn "JF_PRODUCT_HOME is unavailable. Skipping log redirection" - return 0 - fi - - local targetFile="${JF_PRODUCT_HOME}/var/log/console.log" - - _createConsoleLog - - while read -r line; do - printf '%s\n' "${line}" >> $targetFile || return 0 # Don't want to log anything - might clutter the screen - done -} - -## Display environment variables starting with JF_ along with its value -## Value of sensitive keys will be displayed as "******" -## -## Sample Display : -## -## ======================== -## JF Environment variables -## ======================== -## -## JF_SHARED_NODE_ID : locahost -## JF_SHARED_JOINKEY : ****** -## -## -displayEnv() { - local JFEnv=$(printenv | grep ^JF_ 2>/dev/null) - local key= - local value= - - if [ -z "${JFEnv}" ]; then - return - fi - - cat << ENV_START_MESSAGE - -======================== -JF Environment variables -======================== -ENV_START_MESSAGE - - for entry in ${JFEnv}; do - key=$(echo "${entry}" | awk -F'=' '{print $1}') - value=$(echo "${entry}" | awk -F'=' '{print $2}') - - isKeySensitive "${key}" && value="******" || value=${value} - - printf "\n%-35s%s" "${key}" " : ${value}" - done - echo; -} - -_addLogRotateConfiguration() { - logDebug "Method ${FUNCNAME[0]}" - # mandatory inputs - local confFile="$1" - local logFile="$2" - - # Method available in _ioOperations.sh - LC_ALL=C type io_setYQPath > /dev/null 2>&1 || return 1 - - io_setYQPath - - # Method available in _systemYamlHelper.sh - LC_ALL=C type getSystemValue > /dev/null 2>&1 || return 1 - - local frequency="daily" - local archiveFolder="archived" - - local compressLogFiles= - getSystemValue "shared.logging.rotation.compress" "true" - if [[ "${YAML_VALUE}" == "true" ]]; then - compressLogFiles="compress" - fi - - getSystemValue "shared.logging.rotation.maxFiles" "10" - local noOfBackupFiles="${YAML_VALUE}" - - getSystemValue "shared.logging.rotation.maxSizeMb" "25" - local sizeOfFile="${YAML_VALUE}M" - - logDebug "Adding logrotate configuration for [$logFile] to [$confFile]" - - # Add configuration to file - local confContent=$(cat << LOGROTATECONF -$logFile { - $frequency - missingok - rotate $noOfBackupFiles - $compressLogFiles - notifempty - olddir $archiveFolder - dateext - extension .log - dateformat -%Y-%m-%d - size ${sizeOfFile} -} -LOGROTATECONF -) - echo "${confContent}" > ${confFile} || return 1 -} - -_operationIsBySameUser() { - local targetUser="$1" - local currentUserID=$(id -u) - local currentUserName=$(id -un) - - if [ $currentUserID == $targetUser ] || [ $currentUserName == $targetUser ]; then - echo -n "yes" - else - echo -n "no" - fi -} - -_addCronJobForLogrotate() { - logDebug "Method ${FUNCNAME[0]}" - - # Abort if logrotate is not available - [ "$(io_commandExists 'crontab')" != "yes" ] && warn "cron is not available" && return 1 - - # mandatory inputs - local productHome="$1" - local confFile="$2" - local cronJobOwner="$3" - - # We want to use our binary if possible. It may be more recent than the one in the OS - local logrotateBinary="$productHome/app/third-party/logrotate/logrotate" - - if [ ! -f "$logrotateBinary" ]; then - logrotateBinary="logrotate" - [ "$(io_commandExists 'logrotate')" != "yes" ] && warn "logrotate is not available" && return 1 - fi - local cmd="$logrotateBinary ${confFile} --state $productHome/var/etc/logrotate/logrotate-state" #--verbose - - id -u $cronJobOwner > /dev/null 2>&1 || { warn "User $cronJobOwner does not exist. Aborting logrotate configuration" && return 1; } - - # Remove the existing line - removeLogRotation "$productHome" "$cronJobOwner" || true - - # Run logrotate daily at 23:55 hours - local cronInterval="55 23 * * * $cmd" - - local standaloneMode=$(_operationIsBySameUser "$cronJobOwner") - - # If this is standalone mode, we cannot use -u - the user running this process may not have the necessary privileges - if [ "$standaloneMode" == "no" ]; then - (crontab -l -u $cronJobOwner 2>/dev/null; echo "$cronInterval") | crontab -u $cronJobOwner - - else - (crontab -l 2>/dev/null; echo "$cronInterval") | crontab - - fi -} - -## Configure logrotate for a product -## Failure conditions: -## If logrotation could not be setup for some reason -## Parameters: -## $1: The product name -## $2: The product home -## Depends on global: none -## Updates global: none -## Returns: NA - -configureLogRotation() { - logDebug "Method ${FUNCNAME[0]}" - - # mandatory inputs - local productName="$1" - if [ -z $productName ]; then - warn "Incorrect usage. A product name is necessary for configuring log rotation" && return 1 - fi - - local productHome="$2" - if [ -z $productHome ]; then - warn "Incorrect usage. A product home folder is necessary for configuring log rotation" && return 1 - fi - - local logFile="${productHome}/var/log/console.log" - if [[ $(uname) == "Darwin" ]]; then - logger "Log rotation for [$logFile] has not been configured. Please setup manually" - return 0 - fi - - local userID="$3" - if [ -z $userID ]; then - warn "Incorrect usage. A userID is necessary for configuring log rotation" && return 1 - fi - - local groupID=${4:-$userID} - local logConfigOwner=${5:-$userID} - - logDebug "Configuring log rotation as user [$userID], group [$groupID], effective cron User [$logConfigOwner]" - - local errorMessage="Could not configure logrotate. Please configure log rotation of the file: [$logFile] manually" - - local confFile="${productHome}/var/etc/logrotate/logrotate.conf" - - # TODO move to recursive method - createDir "${productHome}" "$userID" "$groupID" || { warn "${errorMessage}" && return 1; } - createDir "${productHome}/var" "$userID" "$groupID" || { warn "${errorMessage}" && return 1; } - createDir "${productHome}/var/log" "$userID" "$groupID" || { warn "${errorMessage}" && return 1; } - createDir "${productHome}/var/log/archived" "$userID" "$groupID" || { warn "${errorMessage}" && return 1; } - - # TODO move to recursive method - createDir "${productHome}/var/etc" "$userID" "$groupID" || { warn "${errorMessage}" && return 1; } - createDir "${productHome}/var/etc/logrotate" "$logConfigOwner" || { warn "${errorMessage}" && return 1; } - - # conf file should be owned by the user running the script - createFile "${confFile}" "${logConfigOwner}" || { warn "Could not create configuration file [$confFile]" return 1; } - - _addLogRotateConfiguration "${confFile}" "${logFile}" "$userID" "$groupID" || { warn "${errorMessage}" && return 1; } - _addCronJobForLogrotate "${productHome}" "${confFile}" "${logConfigOwner}" || { warn "${errorMessage}" && return 1; } -} - -_pauseExecution() { - if [ "${VERBOSE_MODE}" == "debug" ]; then - - local breakPoint="$1" - if [ ! -z "$breakPoint" ]; then - printf "${cBlue}Breakpoint${cClear} [$breakPoint] " - echo "" - fi - printf "${cBlue}Press enter once you are ready to continue${cClear}" - read -s choice - echo "" - fi -} - -# removeLogRotation "$productHome" "$cronJobOwner" || true -removeLogRotation() { - logDebug "Method ${FUNCNAME[0]}" - if [[ $(uname) == "Darwin" ]]; then - logDebug "Not implemented for Darwin." - return 0 - fi - local productHome="$1" - local cronJobOwner="$2" - local standaloneMode=$(_operationIsBySameUser "$cronJobOwner") - - local confFile="${productHome}/var/etc/logrotate/logrotate.conf" - - if [ "$standaloneMode" == "no" ]; then - crontab -l -u $cronJobOwner 2>/dev/null | grep -v "$confFile" | crontab -u $cronJobOwner - - else - crontab -l 2>/dev/null | grep -v "$confFile" | crontab - - fi -} - -# NOTE: This method does not check the configuration to see if redirection is necessary. -# This is intentional. If we don't redirect, tomcat logs might get redirected to a folder/file -# that does not exist, causing the service itself to not start -setupTomcatRedirection() { - logDebug "Method ${FUNCNAME[0]}" - local consoleLog="${JF_PRODUCT_HOME}/var/log/console.log" - _createConsoleLog - export CATALINA_OUT="${consoleLog}" -} - -setupScriptLogsRedirection() { - logDebug "Method ${FUNCNAME[0]}" - if [ -z "${JF_PRODUCT_HOME}" ]; then - logDebug "No JF_PRODUCT_HOME. Returning" - return - fi - # Create the console.log file if it is not already present - # _createConsoleLog || true - # # Ensure any logs (logger/logError/warn) also get redirected to the console.log - # # Using installer.log as a temparory fix. Please change this to console.log once INST-291 is fixed - export LOG_BEHAVIOR_ADD_REDIRECTION="${JF_PRODUCT_HOME}/var/log/console.log" - export LOG_BEHAVIOR_ADD_META="$FLAG_Y" -} - -# Returns Y if this method is run inside a container -isRunningInsideAContainer() { - if [ -f "/.dockerenv" ]; then - echo -n "$FLAG_Y" - else - echo -n "$FLAG_N" - fi -} - -POSTGRES_USER=999 -NGINX_USER=104 -NGINX_GROUP=107 -ES_USER=1000 -REDIS_USER=999 -MONGO_USER=999 -RABBITMQ_USER=999 -LOG_FILE_PERMISSION=640 -PID_FILE_PERMISSION=644 - -# Copy file -copyFile(){ - local source=$1 - local target=$2 - local mode=${3:-overwrite} - local enableVerbose=${4:-"${FLAG_N}"} - local verboseFlag="" - - if [ ! -z "${enableVerbose}" ] && [ "${enableVerbose}" == "${FLAG_Y}" ]; then - verboseFlag="-v" - fi - - if [[ ! ( $source && $target ) ]]; then - warn "Source and target is mandatory to copy file" - return 1 - fi - - if [[ -f "${target}" ]]; then - [[ "$mode" = "overwrite" ]] && ( cp ${verboseFlag} -f "$source" "$target" || errorExit "Unable to copy file, command : cp -f ${source} ${target}") || true - else - cp ${verboseFlag} -f "$source" "$target" || errorExit "Unable to copy file, command : cp -f ${source} ${target}" - fi -} - -# Copy files recursively from given source directory to destination directory -# This method wil copy but will NOT overwrite -# Destination will be created if its not available -copyFilesNoOverwrite(){ - local src=$1 - local dest=$2 - local enableVerboseCopy="${3:-${FLAG_Y}}" - - if [[ -z "${src}" || -z "${dest}" ]]; then - return - fi - - if [ -d "${src}" ] && [ "$(ls -A ${src})" ]; then - local relativeFilePath="" - local targetFilePath="" - - for file in $(find ${src} -type f 2>/dev/null) ; do - # Derive relative path and attach it to destination - # Example : - # src=/extra_config - # dest=/var/opt/jfrog/artifactory/etc - # file=/extra_config/config.xml - # relativeFilePath=config.xml - # targetFilePath=/var/opt/jfrog/artifactory/etc/config.xml - relativeFilePath=${file/${src}/} - targetFilePath=${dest}${relativeFilePath} - - createDir "$(dirname "$targetFilePath")" - copyFile "${file}" "${targetFilePath}" "no_overwrite" "${enableVerboseCopy}" - done - fi -} - -# TODO : WINDOWS ? -# Check the max open files and open processes set on the system -checkULimits () { - local minMaxOpenFiles=${1:-32000} - local minMaxOpenProcesses=${2:-1024} - local setValue=${3:-true} - local warningMsgForFiles=${4} - local warningMsgForProcesses=${5} - - logger "Checking open files and processes limits" - - local currentMaxOpenFiles=$(ulimit -n) - logger "Current max open files is $currentMaxOpenFiles" - if [ ${currentMaxOpenFiles} != "unlimited" ] && [ "$currentMaxOpenFiles" -lt "$minMaxOpenFiles" ]; then - if [ "${setValue}" ]; then - ulimit -n "${minMaxOpenFiles}" >/dev/null 2>&1 || warn "Max number of open files $currentMaxOpenFiles is low!" - [ -z "${warningMsgForFiles}" ] || warn "${warningMsgForFiles}" - else - errorExit "Max number of open files $currentMaxOpenFiles, is too low. Cannot run the application!" - fi - fi - - local currentMaxOpenProcesses=$(ulimit -u) - logger "Current max open processes is $currentMaxOpenProcesses" - if [ "$currentMaxOpenProcesses" != "unlimited" ] && [ "$currentMaxOpenProcesses" -lt "$minMaxOpenProcesses" ]; then - if [ "${setValue}" ]; then - ulimit -u "${minMaxOpenProcesses}" >/dev/null 2>&1 || warn "Max number of open files $currentMaxOpenFiles is low!" - [ -z "${warningMsgForProcesses}" ] || warn "${warningMsgForProcesses}" - else - errorExit "Max number of open files $currentMaxOpenProcesses, is too low. Cannot run the application!" - fi - fi -} - -createDirs() { - local appDataDir=$1 - local serviceName=$2 - local folders="backup bootstrap data etc logs work" - - [ -z "${appDataDir}" ] && errorExit "An application directory is mandatory to create its data structure" || true - [ -z "${serviceName}" ] && errorExit "A service name is mandatory to create service data structure" || true - - for folder in ${folders} - do - folder=${appDataDir}/${folder}/${serviceName} - if [ ! -d "${folder}" ]; then - logger "Creating folder : ${folder}" - mkdir -p "${folder}" || errorExit "Failed to create ${folder}" - fi - done -} - - -testReadWritePermissions () { - local dir_to_check=$1 - local error=false - - [ -d ${dir_to_check} ] || errorExit "'${dir_to_check}' is not a directory" - - local test_file=${dir_to_check}/test-permissions - - # Write file - if echo test > ${test_file} 1> /dev/null 2>&1; then - # Write succeeded. Testing read... - if cat ${test_file} > /dev/null; then - rm -f ${test_file} - else - error=true - fi - else - error=true - fi - - if [ ${error} == true ]; then - return 1 - else - return 0 - fi -} - -# Test directory has read/write permissions for current user -testDirectoryPermissions () { - local dir_to_check=$1 - local error=false - - [ -d ${dir_to_check} ] || errorExit "'${dir_to_check}' is not a directory" - - local u_id=$(id -u) - local id_str="id ${u_id}" - - logger "Testing directory ${dir_to_check} has read/write permissions for user ${id_str}" - - if ! testReadWritePermissions ${dir_to_check}; then - error=true - fi - - if [ "${error}" == true ]; then - local stat_data=$(stat -Lc "Directory: %n, permissions: %a, owner: %U, group: %G" ${dir_to_check}) - logger "###########################################################" - logger "${dir_to_check} DOES NOT have proper permissions for user ${id_str}" - logger "${stat_data}" - logger "Mounted directory must have read/write permissions for user ${id_str}" - logger "###########################################################" - errorExit "Directory ${dir_to_check} has bad permissions for user ${id_str}" - fi - logger "Permissions for ${dir_to_check} are good" -} - -# Utility method to create a directory path recursively with chown feature as -# Failure conditions: -## Exits if unable to create a directory -# Parameters: -## $1: Root directory from where the path can be created -## $2: List of recursive child directories seperated by space -## $3: user who should own the directory. Optional -## $4: group who should own the directory. Optional -# Depends on global: none -# Updates global: none -# Returns: NA -# -# Usage: -# createRecursiveDir "/opt/jfrog/product/var" "bootstrap tomcat lib" "user_name" "group_name" -createRecursiveDir(){ - local rootDir=$1 - local pathDirs=$2 - local user=$3 - local group=${4:-${user}} - local fullPath= - - [ ! -z "${rootDir}" ] || return 0 - - createDir "${rootDir}" "${user}" "${group}" - - [ ! -z "${pathDirs}" ] || return 0 - - fullPath=${rootDir} - - for dir in ${pathDirs}; do - fullPath=${fullPath}/${dir} - createDir "${fullPath}" "${user}" "${group}" - done -} - -# Utility method to create a directory -# Failure conditions: -## Exits if unable to create a directory -# Parameters: -## $1: directory to create -## $2: user who should own the directory. Optional -## $3: group who should own the directory. Optional -# Depends on global: none -# Updates global: none -# Returns: NA - -createDir(){ - local dirName="$1" - local printMessage=no - logSilly "Method ${FUNCNAME[0]} invoked with [$dirName]" - [ -z "${dirName}" ] && return - - logDebug "Attempting to create ${dirName}" - mkdir -p "${dirName}" || errorExit "Unable to create directory: [${dirName}]" - local userID="$2" - local groupID=${3:-$userID} - - # If UID/GID is passed, chown the folder - if [ ! -z "$userID" ] && [ ! -z "$groupID" ]; then - # Earlier, this line would have returned 1 if it failed. Now it just warns. - # This is intentional. Earlier, this line would NOT be reached if the folder already existed. - # Since it will always come to this line and the script may be running as a non-root user, this method will just warn if - # setting permissions fails (so as to not affect any existing flows) - io_setOwnershipNonRecursive "$dirName" "$userID" "$groupID" || warn "Could not set owner of [$dirName] to [$userID:$groupID]" - fi - # logging message to print created dir with user and group - local logMessage=${4:-$printMessage} - if [[ "${logMessage}" == "yes" ]]; then - logger "Successfully created directory [${dirName}]. Owner: [${userID}:${groupID}]" - fi -} - -removeSoftLinkAndCreateDir () { - local dirName="$1" - local userID="$2" - local groupID="$3" - local logMessage="$4" - removeSoftLink "${dirName}" - createDir "${dirName}" "${userID}" "${groupID}" "${logMessage}" -} - -# Utility method to remove a soft link -removeSoftLink () { - local dirName="$1" - if [[ -L "${dirName}" ]]; then - targetLink=$(readlink -f "${dirName}") - logger "Removing the symlink [${dirName}] pointing to [${targetLink}]" - rm -f "${dirName}" - fi -} - -# Check Directory exist in the path -checkDirExists () { - local directoryPath="$1" - - [[ -d "${directoryPath}" ]] && echo -n "true" || echo -n "false" -} - - -# Utility method to create a file -# Failure conditions: -# Parameters: -## $1: file to create -# Depends on global: none -# Updates global: none -# Returns: NA - -createFile(){ - local fileName="$1" - logSilly "Method ${FUNCNAME[0]} [$fileName]" - [ -f "${fileName}" ] && return 0 - touch "${fileName}" || return 1 - - local userID="$2" - local groupID=${3:-$userID} - - # If UID/GID is passed, chown the folder - if [ ! -z "$userID" ] && [ ! -z "$groupID" ]; then - io_setOwnership "$fileName" "$userID" "$groupID" || return 1 - fi -} - -# Check File exist in the filePath -# IMPORTANT- DON'T ADD LOGGING to this method -checkFileExists () { - local filePath="$1" - - [[ -f "${filePath}" ]] && echo -n "true" || echo -n "false" -} - -# Check for directories contains any (files or sub directories) -# IMPORTANT- DON'T ADD LOGGING to this method -checkDirContents () { - local directoryPath="$1" - if [[ "$(ls -1 "${directoryPath}" | wc -l)" -gt 0 ]]; then - echo -n "true" - else - echo -n "false" - fi -} - -# Check contents exist in directory -# IMPORTANT- DON'T ADD LOGGING to this method -checkContentExists () { - local source="$1" - - if [[ "$(checkDirContents "${source}")" != "true" ]]; then - echo -n "false" - else - echo -n "true" - fi -} - -# Resolve the variable -# IMPORTANT- DON'T ADD LOGGING to this method -evalVariable () { - local output="$1" - local input="$2" - - eval "${output}"=\${"${input}"} - eval echo \${"${output}"} -} - -# Usage: if [ "$(io_commandExists 'curl')" == "yes" ] -# IMPORTANT- DON'T ADD LOGGING to this method -io_commandExists() { - local commandToExecute="$1" - hash "${commandToExecute}" 2>/dev/null - local rt=$? - if [ "$rt" == 0 ]; then echo -n "yes"; else echo -n "no"; fi -} - -# Usage: if [ "$(io_curlExists)" != "yes" ] -# IMPORTANT- DON'T ADD LOGGING to this method -io_curlExists() { - io_commandExists "curl" -} - - -io_hasMatch() { - logSilly "Method ${FUNCNAME[0]}" - local result=0 - logDebug "Executing [echo \"$1\" | grep \"$2\" >/dev/null 2>&1]" - echo "$1" | grep "$2" >/dev/null 2>&1 || result=1 - return $result -} - -# Utility method to check if the string passed (usually a connection url) corresponds to this machine itself -# Failure conditions: None -# Parameters: -## $1: string to check against -# Depends on global: none -# Updates global: IS_LOCALHOST with value "yes/no" -# Returns: NA - -io_getIsLocalhost() { - logSilly "Method ${FUNCNAME[0]}" - IS_LOCALHOST="$FLAG_N" - local inputString="$1" - logDebug "Parsing [$inputString] to check if we are dealing with this machine itself" - - io_hasMatch "$inputString" "localhost" && { - logDebug "Found localhost. Returning [$FLAG_Y]" - IS_LOCALHOST="$FLAG_Y" && return; - } || logDebug "Did not find match for localhost" - - local hostIP=$(io_getPublicHostIP) - io_hasMatch "$inputString" "$hostIP" && { - logDebug "Found $hostIP. Returning [$FLAG_Y]" - IS_LOCALHOST="$FLAG_Y" && return; - } || logDebug "Did not find match for $hostIP" - - local hostID=$(io_getPublicHostID) - io_hasMatch "$inputString" "$hostID" && { - logDebug "Found $hostID. Returning [$FLAG_Y]" - IS_LOCALHOST="$FLAG_Y" && return; - } || logDebug "Did not find match for $hostID" - - local hostName=$(io_getPublicHostName) - io_hasMatch "$inputString" "$hostName" && { - logDebug "Found $hostName. Returning [$FLAG_Y]" - IS_LOCALHOST="$FLAG_Y" && return; - } || logDebug "Did not find match for $hostName" - -} - -# Usage: if [ "$(io_tarExists)" != "yes" ] -# IMPORTANT- DON'T ADD LOGGING to this method -io_tarExists() { - io_commandExists "tar" -} - -# IMPORTANT- DON'T ADD LOGGING to this method -io_getPublicHostIP() { - local OS_TYPE=$(uname) - local publicHostIP= - if [ "${OS_TYPE}" == "Darwin" ]; then - ipStatus=$(ifconfig en0 | grep "status" | awk '{print$2}') - if [ "${ipStatus}" == "active" ]; then - publicHostIP=$(ifconfig en0 | grep inet | grep -v inet6 | awk '{print $2}') - else - errorExit "Host IP could not be resolved!" - fi - elif [ "${OS_TYPE}" == "Linux" ]; then - publicHostIP=$(hostname -i 2>/dev/null || echo "127.0.0.1") - fi - publicHostIP=$(echo "${publicHostIP}" | awk '{print $1}') - echo -n "${publicHostIP}" -} - -# Will return the short host name (up to the first dot) -# IMPORTANT- DON'T ADD LOGGING to this method -io_getPublicHostName() { - echo -n "$(hostname -s)" -} - -# Will return the full host name (use this as much as possible) -# IMPORTANT- DON'T ADD LOGGING to this method -io_getPublicHostID() { - echo -n "$(hostname)" -} - -# Utility method to backup a file -# Failure conditions: NA -# Parameters: filePath -# Depends on global: none, -# Updates global: none -# Returns: NA -io_backupFile() { - logSilly "Method ${FUNCNAME[0]}" - fileName="$1" - if [ ! -f "${filePath}" ]; then - logDebug "No file: [${filePath}] to backup" - return - fi - dateTime=$(date +"%Y-%m-%d-%H-%M-%S") - targetFileName="${fileName}.backup.${dateTime}" - yes | \cp -f "$fileName" "${targetFileName}" - logger "File [${fileName}] backedup as [${targetFileName}]" -} - -# Reference https://stackoverflow.com/questions/4023830/how-to-compare-two-strings-in-dot-separated-version-format-in-bash/4025065#4025065 -is_number() { - case "$BASH_VERSION" in - 3.1.*) - PATTERN='\^\[0-9\]+\$' - ;; - *) - PATTERN='^[0-9]+$' - ;; - esac - - [[ "$1" =~ $PATTERN ]] -} - -io_compareVersions() { - if [[ $# != 2 ]] - then - echo "Usage: min_version current minimum" - return - fi - - A="${1%%.*}" - B="${2%%.*}" - - if [[ "$A" != "$1" && "$B" != "$2" && "$A" == "$B" ]] - then - io_compareVersions "${1#*.}" "${2#*.}" - else - if is_number "$A" && is_number "$B" - then - if [[ "$A" -eq "$B" ]]; then - echo "0" - elif [[ "$A" -gt "$B" ]]; then - echo "1" - elif [[ "$A" -lt "$B" ]]; then - echo "-1" - fi - fi - fi -} - -# Reference https://stackoverflow.com/questions/369758/how-to-trim-whitespace-from-a-bash-variable -# Strip all leading and trailing spaces -# IMPORTANT- DON'T ADD LOGGING to this method -io_trim() { - local var="$1" - # remove leading whitespace characters - var="${var#"${var%%[![:space:]]*}"}" - # remove trailing whitespace characters - var="${var%"${var##*[![:space:]]}"}" - echo -n "$var" -} - -# temporary function will be removing it ASAP -# search for string and replace text in file -replaceText_migration_hook () { - local regexString="$1" - local replaceText="$2" - local file="$3" - - if [[ "$(checkFileExists "${file}")" != "true" ]]; then - return - fi - if [[ $(uname) == "Darwin" ]]; then - sed -i '' -e "s/${regexString}/${replaceText}/" "${file}" || warn "Failed to replace the text in ${file}" - else - sed -i -e "s/${regexString}/${replaceText}/" "${file}" || warn "Failed to replace the text in ${file}" - fi -} - -# search for string and replace text in file -replaceText () { - local regexString="$1" - local replaceText="$2" - local file="$3" - - if [[ "$(checkFileExists "${file}")" != "true" ]]; then - return - fi - if [[ $(uname) == "Darwin" ]]; then - sed -i '' -e "s#${regexString}#${replaceText}#" "${file}" || warn "Failed to replace the text in ${file}" - else - sed -i -e "s#${regexString}#${replaceText}#" "${file}" || warn "Failed to replace the text in ${file}" - logDebug "Replaced [$regexString] with [$replaceText] in [$file]" - fi -} - -# search for string and prepend text in file -prependText () { - local regexString="$1" - local text="$2" - local file="$3" - - if [[ "$(checkFileExists "${file}")" != "true" ]]; then - return - fi - if [[ $(uname) == "Darwin" ]]; then - sed -i '' -e '/'"${regexString}"'/i\'$'\n\\'"${text}"''$'\n' "${file}" || warn "Failed to prepend the text in ${file}" - else - sed -i -e '/'"${regexString}"'/i\'$'\n\\'"${text}"''$'\n' "${file}" || warn "Failed to prepend the text in ${file}" - fi -} - -# add text to beginning of the file -addText () { - local text="$1" - local file="$2" - - if [[ "$(checkFileExists "${file}")" != "true" ]]; then - return - fi - if [[ $(uname) == "Darwin" ]]; then - sed -i '' -e '1s/^/'"${text}"'\'$'\n/' "${file}" || warn "Failed to add the text in ${file}" - else - sed -i -e '1s/^/'"${text}"'\'$'\n/' "${file}" || warn "Failed to add the text in ${file}" - fi -} - -io_replaceString () { - local value="$1" - local firstString="$2" - local secondString="$3" - local separator=${4:-"/"} - local updateValue= - if [[ $(uname) == "Darwin" ]]; then - updateValue=$(echo "${value}" | sed "s${separator}${firstString}${separator}${secondString}${separator}") - else - updateValue=$(echo "${value}" | sed "s${separator}${firstString}${separator}${secondString}${separator}") - fi - echo -n "${updateValue}" -} - -_findYQ() { - # logSilly "Method ${FUNCNAME[0]}" (Intentionally not logging. Does not add value) - local parentDir="$1" - if [ -z "$parentDir" ]; then - return - fi - logDebug "Executing command [find "${parentDir}" -name third-party -type d]" - local yq=$(find "${parentDir}" -name third-party -type d) - if [ -d "${yq}/yq" ]; then - export YQ_PATH="${yq}/yq" - fi -} - - -io_setYQPath() { - # logSilly "Method ${FUNCNAME[0]}" (Intentionally not logging. Does not add value) - if [ "$(io_commandExists 'yq')" == "yes" ]; then - return - fi - - if [ ! -z "${JF_PRODUCT_HOME}" ] && [ -d "${JF_PRODUCT_HOME}" ]; then - _findYQ "${JF_PRODUCT_HOME}" - fi - - if [ -z "${YQ_PATH}" ] && [ ! -z "${COMPOSE_HOME}" ] && [ -d "${COMPOSE_HOME}" ]; then - _findYQ "${COMPOSE_HOME}" - fi - # TODO We can remove this block after all the code is restructured. - if [ -z "${YQ_PATH}" ] && [ ! -z "${SCRIPT_HOME}" ] && [ -d "${SCRIPT_HOME}" ]; then - _findYQ "${SCRIPT_HOME}" - fi - -} - -io_getLinuxDistribution() { - LINUX_DISTRIBUTION= - - # Make sure running on Linux - [ $(uname -s) != "Linux" ] && return - - # Find out what Linux distribution we are on - - cat /etc/*-release | grep -i Red >/dev/null 2>&1 && LINUX_DISTRIBUTION=RedHat || true - - # OS 6.x - cat /etc/issue.net | grep Red >/dev/null 2>&1 && LINUX_DISTRIBUTION=RedHat || true - - # OS 7.x - cat /etc/*-release | grep -i centos >/dev/null 2>&1 && LINUX_DISTRIBUTION=CentOS && LINUX_DISTRIBUTION_VER="7" || true - - # OS 8.x - grep -q -i "release 8" /etc/redhat-release >/dev/null 2>&1 && LINUX_DISTRIBUTION_VER="8" || true - - # OS 7.x - grep -q -i "release 7" /etc/redhat-release >/dev/null 2>&1 && LINUX_DISTRIBUTION_VER="7" || true - - # OS 6.x - grep -q -i "release 6" /etc/redhat-release >/dev/null 2>&1 && LINUX_DISTRIBUTION_VER="6" || true - - cat /etc/*-release | grep -i Red | grep -i 'VERSION=7' >/dev/null 2>&1 && LINUX_DISTRIBUTION=RedHat && LINUX_DISTRIBUTION_VER="7" || true - - cat /etc/*-release | grep -i debian >/dev/null 2>&1 && LINUX_DISTRIBUTION=Debian || true - - cat /etc/*-release | grep -i ubuntu >/dev/null 2>&1 && LINUX_DISTRIBUTION=Ubuntu || true -} - -## Utility method to check ownership of folders/files -## Failure conditions: - ## If invoked with incorrect inputs - FATAL - ## If file is not owned by the user & group -## Parameters: - ## user - ## group - ## folder to chown -## Globals: none -## Returns: none -## NOTE: The method does NOTHING if the OS is Mac -io_checkOwner () { - logSilly "Method ${FUNCNAME[0]}" - local osType=$(uname) - - if [ "${osType}" != "Linux" ]; then - logDebug "Unsupported OS. Skipping check" - return 0 - fi - - local file_to_check=$1 - local user_id_to_check=$2 - - - if [ -z "$user_id_to_check" ] || [ -z "$file_to_check" ]; then - errorExit "Invalid invocation of method. Missing mandatory inputs" - fi - - local group_id_to_check=${3:-$user_id_to_check} - local check_user_name=${4:-"no"} - - logDebug "Checking permissions on [$file_to_check] for user [$user_id_to_check] & group [$group_id_to_check]" - - local stat= - - if [ "${check_user_name}" == "yes" ]; then - stat=( $(stat -Lc "%U %G" ${file_to_check}) ) - else - stat=( $(stat -Lc "%u %g" ${file_to_check}) ) - fi - - local user_id=${stat[0]} - local group_id=${stat[1]} - - if [[ "${user_id}" != "${user_id_to_check}" ]] || [[ "${group_id}" != "${group_id_to_check}" ]] ; then - logDebug "Ownership mismatch. [${file_to_check}] is not owned by [${user_id_to_check}:${group_id_to_check}]" - return 1 - else - return 0 - fi -} - -## Utility method to change ownership of a file/folder - NON recursive -## Failure conditions: - ## If invoked with incorrect inputs - FATAL - ## If chown operation fails - returns 1 -## Parameters: - ## user - ## group - ## file to chown -## Globals: none -## Returns: none -## NOTE: The method does NOTHING if the OS is Mac - -io_setOwnershipNonRecursive() { - - local osType=$(uname) - if [ "${osType}" != "Linux" ]; then - return - fi - - local targetFile=$1 - local user=$2 - - if [ -z "$user" ] || [ -z "$targetFile" ]; then - errorExit "Invalid invocation of method. Missing mandatory inputs" - fi - - local group=${3:-$user} - logDebug "Method ${FUNCNAME[0]}. Executing [chown ${user}:${group} ${targetFile}]" - chown ${user}:${group} ${targetFile} || return 1 -} - -## Utility method to change ownership of a file. -## IMPORTANT -## If being called on a folder, should ONLY be called for fresh folders or may cause performance issues -## Failure conditions: - ## If invoked with incorrect inputs - FATAL - ## If chown operation fails - returns 1 -## Parameters: - ## user - ## group - ## file to chown -## Globals: none -## Returns: none -## NOTE: The method does NOTHING if the OS is Mac - -io_setOwnership() { - - local osType=$(uname) - if [ "${osType}" != "Linux" ]; then - return - fi - - local targetFile=$1 - local user=$2 - - if [ -z "$user" ] || [ -z "$targetFile" ]; then - errorExit "Invalid invocation of method. Missing mandatory inputs" - fi - - local group=${3:-$user} - logDebug "Method ${FUNCNAME[0]}. Executing [chown -R ${user}:${group} ${targetFile}]" - chown -R ${user}:${group} ${targetFile} || return 1 -} - -## Utility method to create third party folder structure necessary for Postgres -## Failure conditions: -## If creation of directory or assigning permissions fails -## Parameters: none -## Globals: -## POSTGRESQL_DATA_ROOT -## Returns: none -## NOTE: The method does NOTHING if the folder already exists -io_createPostgresDir() { - logDebug "Method ${FUNCNAME[0]}" - [ -z "${POSTGRESQL_DATA_ROOT}" ] && return 0 - - logDebug "Property [${POSTGRESQL_DATA_ROOT}] exists. Proceeding" - - createDir "${POSTGRESQL_DATA_ROOT}/data" - io_setOwnership "${POSTGRESQL_DATA_ROOT}" "${POSTGRES_USER}" "${POSTGRES_USER}" || errorExit "Setting ownership of [${POSTGRESQL_DATA_ROOT}] to [${POSTGRES_USER}:${POSTGRES_USER}] failed" -} - -## Utility method to create third party folder structure necessary for Nginx -## Failure conditions: -## If creation of directory or assigning permissions fails -## Parameters: none -## Globals: -## NGINX_DATA_ROOT -## Returns: none -## NOTE: The method does NOTHING if the folder already exists -io_createNginxDir() { - logDebug "Method ${FUNCNAME[0]}" - [ -z "${NGINX_DATA_ROOT}" ] && return 0 - - logDebug "Property [${NGINX_DATA_ROOT}] exists. Proceeding" - - createDir "${NGINX_DATA_ROOT}" - io_setOwnership "${NGINX_DATA_ROOT}" "${NGINX_USER}" "${NGINX_GROUP}" || errorExit "Setting ownership of [${NGINX_DATA_ROOT}] to [${NGINX_USER}:${NGINX_GROUP}] failed" -} - -## Utility method to create third party folder structure necessary for ElasticSearch -## Failure conditions: -## If creation of directory or assigning permissions fails -## Parameters: none -## Globals: -## ELASTIC_DATA_ROOT -## Returns: none -## NOTE: The method does NOTHING if the folder already exists -io_createElasticSearchDir() { - logDebug "Method ${FUNCNAME[0]}" - [ -z "${ELASTIC_DATA_ROOT}" ] && return 0 - - logDebug "Property [${ELASTIC_DATA_ROOT}] exists. Proceeding" - - createDir "${ELASTIC_DATA_ROOT}/data" - io_setOwnership "${ELASTIC_DATA_ROOT}" "${ES_USER}" "${ES_USER}" || errorExit "Setting ownership of [${ELASTIC_DATA_ROOT}] to [${ES_USER}:${ES_USER}] failed" -} - -## Utility method to create third party folder structure necessary for Redis -## Failure conditions: -## If creation of directory or assigning permissions fails -## Parameters: none -## Globals: -## REDIS_DATA_ROOT -## Returns: none -## NOTE: The method does NOTHING if the folder already exists -io_createRedisDir() { - logDebug "Method ${FUNCNAME[0]}" - [ -z "${REDIS_DATA_ROOT}" ] && return 0 - - logDebug "Property [${REDIS_DATA_ROOT}] exists. Proceeding" - - createDir "${REDIS_DATA_ROOT}" - io_setOwnership "${REDIS_DATA_ROOT}" "${REDIS_USER}" "${REDIS_USER}" || errorExit "Setting ownership of [${REDIS_DATA_ROOT}] to [${REDIS_USER}:${REDIS_USER}] failed" -} - -## Utility method to create third party folder structure necessary for Mongo -## Failure conditions: -## If creation of directory or assigning permissions fails -## Parameters: none -## Globals: -## MONGODB_DATA_ROOT -## Returns: none -## NOTE: The method does NOTHING if the folder already exists -io_createMongoDir() { - logDebug "Method ${FUNCNAME[0]}" - [ -z "${MONGODB_DATA_ROOT}" ] && return 0 - - logDebug "Property [${MONGODB_DATA_ROOT}] exists. Proceeding" - - createDir "${MONGODB_DATA_ROOT}/logs" - createDir "${MONGODB_DATA_ROOT}/configdb" - createDir "${MONGODB_DATA_ROOT}/db" - io_setOwnership "${MONGODB_DATA_ROOT}" "${MONGO_USER}" "${MONGO_USER}" || errorExit "Setting ownership of [${MONGODB_DATA_ROOT}] to [${MONGO_USER}:${MONGO_USER}] failed" -} - -## Utility method to create third party folder structure necessary for RabbitMQ -## Failure conditions: -## If creation of directory or assigning permissions fails -## Parameters: none -## Globals: -## RABBITMQ_DATA_ROOT -## Returns: none -## NOTE: The method does NOTHING if the folder already exists -io_createRabbitMQDir() { - logDebug "Method ${FUNCNAME[0]}" - [ -z "${RABBITMQ_DATA_ROOT}" ] && return 0 - - logDebug "Property [${RABBITMQ_DATA_ROOT}] exists. Proceeding" - - createDir "${RABBITMQ_DATA_ROOT}" - io_setOwnership "${RABBITMQ_DATA_ROOT}" "${RABBITMQ_USER}" "${RABBITMQ_USER}" || errorExit "Setting ownership of [${RABBITMQ_DATA_ROOT}] to [${RABBITMQ_USER}:${RABBITMQ_USER}] failed" -} - -# Add or replace a property in provided properties file -addOrReplaceProperty() { - local propertyName=$1 - local propertyValue=$2 - local propertiesPath=$3 - local delimiter=${4:-"="} - - # Return if any of the inputs are empty - [[ -z "$propertyName" || "$propertyName" == "" ]] && return - [[ -z "$propertyValue" || "$propertyValue" == "" ]] && return - [[ -z "$propertiesPath" || "$propertiesPath" == "" ]] && return - - grep "^${propertyName}\s*${delimiter}.*$" ${propertiesPath} > /dev/null 2>&1 - [ $? -ne 0 ] && echo -e "\n${propertyName}${delimiter}${propertyValue}" >> ${propertiesPath} - sed -i -e "s|^${propertyName}\s*${delimiter}.*$|${propertyName}${delimiter}${propertyValue}|g;" ${propertiesPath} -} - -# Set property only if its not set -io_setPropertyNoOverride(){ - local propertyName=$1 - local propertyValue=$2 - local propertiesPath=$3 - - # Return if any of the inputs are empty - [[ -z "$propertyName" || "$propertyName" == "" ]] && return - [[ -z "$propertyValue" || "$propertyValue" == "" ]] && return - [[ -z "$propertiesPath" || "$propertiesPath" == "" ]] && return - - grep "^${propertyName}:" ${propertiesPath} > /dev/null 2>&1 - if [ $? -ne 0 ]; then - echo -e "${propertyName}: ${propertyValue}" >> ${propertiesPath} || warn "Setting property ${propertyName}: ${propertyValue} in [ ${propertiesPath} ] failed" - else - logger "Skipping update of property : ${propertyName}" >&6 - fi -} - -# Add a line to a file if it doesn't already exist -addLine() { - local line_to_add=$1 - local target_file=$2 - logger "Trying to add line $1 to $2" >&6 2>&1 - cat "$target_file" | grep -F "$line_to_add" -wq >&6 2>&1 - if [ $? != 0 ]; then - logger "Line does not exist and will be added" >&6 2>&1 - echo $line_to_add >> $target_file || errorExit "Could not update $target_file" - fi -} - -# Utility method to check if a value (first paramter) exists in an array (2nd parameter) -# 1st parameter "value to find" -# 2nd parameter "The array to search in. Please pass a string with each value separated by space" -# Example: containsElement "y" "y Y n N" -containsElement () { - local searchElement=$1 - local searchArray=($2) - local found=1 - for elementInIndex in "${searchArray[@]}";do - if [[ $elementInIndex == $searchElement ]]; then - found=0 - fi - done - return $found -} - -# Utility method to get user's choice -# 1st parameter "what to ask the user" -# 2nd parameter "what choices to accept, separated by spaces" -# 3rd parameter "what is the default choice (to use if the user simply presses Enter)" -# Example 'getUserChoice "Are you feeling lucky? Punk!" "y n Y N" "y"' -getUserChoice(){ - configureLogOutput - read_timeout=${read_timeout:-0.5} - local choice="na" - local text_to_display=$1 - local choices=$2 - local default_choice=$3 - users_choice= - - until containsElement "$choice" "$choices"; do - echo "";echo ""; - sleep $read_timeout #This ensures correct placement of the question. - read -p "$text_to_display :" choice - : ${choice:=$default_choice} - done - users_choice=$choice - echo -e "\n$text_to_display: $users_choice" >&6 - sleep $read_timeout #This ensures correct logging -} - -setFilePermission () { - local permission=$1 - local file=$2 - chmod "${permission}" "${file}" || warn "Setting permission ${permission} to file [ ${file} ] failed" -} - - -#setting required paths -setAppDir (){ - SCRIPT_DIR=$(dirname $0) - SCRIPT_HOME="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" - APP_DIR="`cd "${SCRIPT_HOME}";pwd`" -} - -ZIP_TYPE="zip" -COMPOSE_TYPE="compose" -HELM_TYPE="helm" -RPM_TYPE="rpm" -DEB_TYPE="debian" - -sourceScript () { - local file="$1" - - [ ! -z "${file}" ] || errorExit "target file is not passed to source a file" - - if [ ! -f "${file}" ]; then - errorExit "${file} file is not found" - else - source "${file}" || errorExit "Unable to source ${file}, please check if the user ${USER} has permissions to perform this action" - fi -} -# Source required helpers -initHelpers () { - local systemYamlHelper="${APP_DIR}/systemYamlHelper.sh" - local thirdPartyDir=$(find ${APP_DIR}/.. -name third-party -type d) - export YQ_PATH="${thirdPartyDir}/yq" - LIBXML2_PATH="${thirdPartyDir}/libxml2/bin/xmllint" - export LD_LIBRARY_PATH="${thirdPartyDir}/libxml2/lib" - sourceScript "${systemYamlHelper}" -} -# Check migration info yaml file available in the path -checkMigrationInfoYaml () { - - if [[ -f "${APP_DIR}/migrationHelmInfo.yaml" ]]; then - MIGRATION_SYSTEM_YAML_INFO="${APP_DIR}/migrationHelmInfo.yaml" - INSTALLER="${HELM_TYPE}" - elif [[ -f "${APP_DIR}/migrationZipInfo.yaml" ]]; then - MIGRATION_SYSTEM_YAML_INFO="${APP_DIR}/migrationZipInfo.yaml" - INSTALLER="${ZIP_TYPE}" - elif [[ -f "${APP_DIR}/migrationRpmInfo.yaml" ]]; then - MIGRATION_SYSTEM_YAML_INFO="${APP_DIR}/migrationRpmInfo.yaml" - INSTALLER="${RPM_TYPE}" - elif [[ -f "${APP_DIR}/migrationDebInfo.yaml" ]]; then - MIGRATION_SYSTEM_YAML_INFO="${APP_DIR}/migrationDebInfo.yaml" - INSTALLER="${DEB_TYPE}" - elif [[ -f "${APP_DIR}/migrationComposeInfo.yaml" ]]; then - MIGRATION_SYSTEM_YAML_INFO="${APP_DIR}/migrationComposeInfo.yaml" - INSTALLER="${COMPOSE_TYPE}" - else - errorExit "File migration Info yaml does not exist in [${APP_DIR}]" - fi -} - -retrieveYamlValue () { - local yamlPath="$1" - local value="$2" - local output="$3" - local message="$4" - - [[ -z "${yamlPath}" ]] && errorExit "yamlPath is mandatory to get value from ${MIGRATION_SYSTEM_YAML_INFO}" - - getYamlValue "${yamlPath}" "${MIGRATION_SYSTEM_YAML_INFO}" "false" - value="${YAML_VALUE}" - if [[ -z "${value}" ]]; then - if [[ "${output}" == "Warning" ]]; then - warn "Empty value for ${yamlPath} in [${MIGRATION_SYSTEM_YAML_INFO}]" - elif [[ "${output}" == "Skip" ]]; then - return - else - errorExit "${message}" - fi - fi -} - -checkEnv () { - - if [[ "${INSTALLER}" == "${ZIP_TYPE}" ]]; then - # check Environment JF_PRODUCT_HOME is set before migration - NEW_DATA_DIR="$(evalVariable "NEW_DATA_DIR" "JF_PRODUCT_HOME")" - if [[ -z "${NEW_DATA_DIR}" ]]; then - errorExit "Environment variable JF_PRODUCT_HOME is not set, this is required to perform Migration" - fi - # appending var directory to $JF_PRODUCT_HOME - NEW_DATA_DIR="${NEW_DATA_DIR}/var" - elif [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then - getCustomDataDir_hook - NEW_DATA_DIR="${OLD_DATA_DIR}" - if [[ -z "${NEW_DATA_DIR}" ]] && [[ -z "${OLD_DATA_DIR}" ]]; then - errorExit "Could not find ${PROMPT_DATA_DIR_LOCATION} to perform Migration" - fi - else - # check Environment JF_ROOT_DATA_DIR is set before migration - OLD_DATA_DIR="$(evalVariable "OLD_DATA_DIR" "JF_ROOT_DATA_DIR")" - # check Environment JF_ROOT_DATA_DIR is set before migration - NEW_DATA_DIR="$(evalVariable "NEW_DATA_DIR" "JF_ROOT_DATA_DIR")" - if [[ -z "${NEW_DATA_DIR}" ]] && [[ -z "${OLD_DATA_DIR}" ]]; then - errorExit "Could not find ${PROMPT_DATA_DIR_LOCATION} to perform Migration" - fi - # appending var directory to $JF_PRODUCT_HOME - NEW_DATA_DIR="${NEW_DATA_DIR}/var" - fi - -} - -getDataDir () { - - if [[ "${INSTALLER}" == "${ZIP_TYPE}" || "${INSTALLER}" == "${COMPOSE_TYPE}"|| "${INSTALLER}" == "${HELM_TYPE}" ]]; then - checkEnv - else - getCustomDataDir_hook - NEW_DATA_DIR="`cd "${APP_DIR}"/../../;pwd`" - NEW_DATA_DIR="${NEW_DATA_DIR}/var" - fi -} - -# Retrieve Product name from MIGRATION_SYSTEM_YAML_INFO -getProduct () { - retrieveYamlValue "migration.product" "${YAML_VALUE}" "Fail" "Empty value under ${yamlPath} in [${MIGRATION_SYSTEM_YAML_INFO}]" - PRODUCT="${YAML_VALUE}" - PRODUCT=$(echo "${PRODUCT}" | tr '[:upper:]' '[:lower:]' 2>/dev/null) - if [[ "${PRODUCT}" != "artifactory" && "${PRODUCT}" != "distribution" && "${PRODUCT}" != "xray" ]]; then - errorExit "migration.product in [${MIGRATION_SYSTEM_YAML_INFO}] is not correct, please set based on product as ARTIFACTORY or DISTRIBUTION" - fi - if [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then - JF_USER="${PRODUCT}" - fi -} -# Compare product version with minProductVersion and maxProductVersion -migrateCheckVersion () { - local productVersion="$1" - local minProductVersion="$2" - local maxProductVersion="$3" - local productVersion618="6.18.0" - local unSupportedProductVersions7=("7.2.0 7.2.1") - - if [[ "$(io_compareVersions "${productVersion}" "${maxProductVersion}")" -eq 0 || "$(io_compareVersions "${productVersion}" "${maxProductVersion}")" -eq 1 ]]; then - logger "Migration not necessary. ${PRODUCT} is already ${productVersion}" - exit 11 - elif [[ "$(io_compareVersions "${productVersion}" "${minProductVersion}")" -eq 0 || "$(io_compareVersions "${productVersion}" "${minProductVersion}")" -eq 1 ]]; then - if [[ ("$(io_compareVersions "${productVersion}" "${productVersion618}")" -eq 0 || "$(io_compareVersions "${productVersion}" "${productVersion618}")" -eq 1) && " ${unSupportedProductVersions7[@]} " =~ " ${CURRENT_VERSION} " ]]; then - touch /tmp/error; - errorExit "Current ${PRODUCT} version (${productVersion}) does not support migration to ${CURRENT_VERSION}" - else - bannerStart "Detected ${PRODUCT} ${productVersion}, initiating migration" - fi - else - logger "Current ${PRODUCT} ${productVersion} version is not supported for migration" - exit 1 - fi -} - -getProductVersion () { - local minProductVersion="$1" - local maxProductVersion="$2" - local newfilePath="$3" - local oldfilePath="$4" - local propertyInDocker="$5" - local property="$6" - local productVersion= - local status= - - if [[ "$INSTALLER" == "${COMPOSE_TYPE}" ]]; then - if [[ -f "${oldfilePath}" ]]; then - if [[ "${PRODUCT}" == "artifactory" ]]; then - productVersion="$(readKey "${property}" "${oldfilePath}")" - else - productVersion="$(cat "${oldfilePath}")" - fi - status="success" - elif [[ -f "${newfilePath}" ]]; then - productVersion="$(readKey "${propertyInDocker}" "${newfilePath}")" - status="fail" - else - logger "File [${oldfilePath}] or [${newfilePath}] not found to get current version." - exit 0 - fi - elif [[ "$INSTALLER" == "${HELM_TYPE}" ]]; then - if [[ -f "${oldfilePath}" ]]; then - if [[ "${PRODUCT}" == "artifactory" ]]; then - productVersion="$(readKey "${property}" "${oldfilePath}")" - else - productVersion="$(cat "${oldfilePath}")" - fi - status="success" - else - productVersion="${CURRENT_VERSION}" - [[ -z "${productVersion}" || "${productVersion}" == "" ]] && logger "${PRODUCT} CURRENT_VERSION is not set" && exit 0 - fi - else - if [[ -f "${newfilePath}" ]]; then - productVersion="$(readKey "${property}" "${newfilePath}")" - status="fail" - elif [[ -f "${oldfilePath}" ]]; then - productVersion="$(readKey "${property}" "${oldfilePath}")" - status="success" - else - if [[ "${INSTALLER}" == "${ZIP_TYPE}" ]]; then - logger "File [${newfilePath}] not found to get current version." - else - logger "File [${oldfilePath}] or [${newfilePath}] not found to get current version." - fi - exit 0 - fi - fi - if [[ -z "${productVersion}" || "${productVersion}" == "" ]]; then - [[ "${status}" == "success" ]] && logger "No version found in file [${oldfilePath}]." - [[ "${status}" == "fail" ]] && logger "No version found in file [${newfilePath}]." - exit 0 - fi - - migrateCheckVersion "${productVersion}" "${minProductVersion}" "${maxProductVersion}" -} - -readKey () { - local property="$1" - local file="$2" - local version= - - while IFS='=' read -r key value || [ -n "${key}" ]; - do - [[ ! "${key}" =~ \#.* && ! -z "${key}" && ! -z "${value}" ]] - key="$(io_trim "${key}")" - if [[ "${key}" == "${property}" ]]; then - version="${value}" && check=true && break - else - check=false - fi - done < "${file}" - if [[ "${check}" == "false" ]]; then - return - fi - echo "${version}" -} - -# create Log directory -createLogDir () { - if [[ "${INSTALLER}" == "${DEB_TYPE}" || "${INSTALLER}" == "${RPM_TYPE}" ]]; then - getUserAndGroupFromFile - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/log" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" - fi -} - -# Creating migration log file -creationMigrateLog () { - local LOG_FILE_NAME="migration.log" - createLogDir - local MIGRATION_LOG_FILE="${NEW_DATA_DIR}/log/${LOG_FILE_NAME}" - if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then - MIGRATION_LOG_FILE="${SCRIPT_HOME}/${LOG_FILE_NAME}" - fi - touch "${MIGRATION_LOG_FILE}" - setFilePermission "${LOG_FILE_PERMISSION}" "${MIGRATION_LOG_FILE}" - exec &> >(tee -a "${MIGRATION_LOG_FILE}") -} -# Set path where system.yaml should create -setSystemYamlPath () { - SYSTEM_YAML_PATH="${NEW_DATA_DIR}/etc/system.yaml" - if [[ "${INSTALLER}" != "${HELM_TYPE}" ]]; then - logger "system.yaml will be created in path [${SYSTEM_YAML_PATH}]" - fi -} -# Create directory -createDirectory () { - local directory="$1" - local output="$2" - local check=false - local message="Could not create directory ${directory}, please check if the user ${USER} has permissions to perform this action" - removeSoftLink "${directory}" - mkdir -p "${directory}" && check=true || check=false - if [[ "${check}" == "false" ]]; then - if [[ "${output}" == "Warning" ]]; then - warn "${message}" - else - errorExit "${message}" - fi - fi - setOwnershipBasedOnInstaller "${directory}" -} - -setOwnershipBasedOnInstaller () { - local directory="$1" - if [[ "${INSTALLER}" == "${DEB_TYPE}" || "${INSTALLER}" == "${RPM_TYPE}" ]]; then - getUserAndGroupFromFile - chown -R ${USER_TO_CHECK}:${GROUP_TO_CHECK} "${directory}" || warn "Setting ownership on $directory failed" - elif [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then - io_setOwnership "${directory}" "${JF_USER}" "${JF_USER}" - fi -} - -getUserAndGroup () { - local file="$1" - read uid gid <<<$(stat -c '%U %G' ${file}) - USER_TO_CHECK="${uid}" - GROUP_TO_CHECK="${gid}" -} - -# set ownership -getUserAndGroupFromFile () { - case $PRODUCT in - artifactory) - getUserAndGroup "/etc/opt/jfrog/artifactory/artifactory.properties" - ;; - distribution) - getUserAndGroup "${OLD_DATA_DIR}/etc/versions.properties" - ;; - xray) - getUserAndGroup "${OLD_DATA_DIR}/security/master.key" - ;; - esac -} - -# creating required directories -createRequiredDirs () { - bannerSubSection "CREATING REQUIRED DIRECTORIES" - if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/etc/security" "${JF_USER}" "${JF_USER}" "yes" - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/data" "${JF_USER}" "${JF_USER}" "yes" - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/log/archived" "${JF_USER}" "${JF_USER}" "yes" - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/work" "${JF_USER}" "${JF_USER}" "yes" - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/backup" "${JF_USER}" "${JF_USER}" "yes" - io_setOwnership "${NEW_DATA_DIR}" "${JF_USER}" "${JF_USER}" - if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" ]]; then - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/data/postgres" "${POSTGRES_USER}" "${POSTGRES_USER}" "yes" - fi - elif [[ "${INSTALLER}" == "${DEB_TYPE}" || "${INSTALLER}" == "${RPM_TYPE}" ]]; then - getUserAndGroupFromFile - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/etc" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" "yes" - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/etc/security" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" "yes" - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/data" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" "yes" - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/log/archived" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" "yes" - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/work" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" "yes" - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/backup" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" "yes" - fi -} - -# Check entry in map is format -checkMapEntry () { - local entry="$1" - - [[ "${entry}" != *"="* ]] && echo -n "false" || echo -n "true" -} -# Check value Empty and warn -warnIfEmpty () { - local filePath="$1" - local yamlPath="$2" - local check= - - if [[ -z "${filePath}" ]]; then - warn "Empty value in yamlpath [${yamlPath} in [${MIGRATION_SYSTEM_YAML_INFO}]" - check=false - else - check=true - fi - echo "${check}" -} - -logCopyStatus () { - local status="$1" - local logMessage="$2" - local warnMessage="$3" - - [[ "${status}" == "success" ]] && logger "${logMessage}" - [[ "${status}" == "fail" ]] && warn "${warnMessage}" -} -# copy contents from source to destination -copyCmd () { - local source="$1" - local target="$2" - local mode="$3" - local status= - - case $mode in - unique) - cp -up "${source}"/* "${target}"/ && status="success" || status="fail" - logCopyStatus "${status}" "Successfully copied directory contents from [${source}] to [${target}]" "Failed to copy directory contents from [${source}] to [${target}]" - ;; - specific) - cp -pf "${source}" "${target}"/ && status="success" || status="fail" - logCopyStatus "${status}" "Successfully copied file [${source}] to [${target}]" "Failed to copy file [${source}] to [${target}]" - ;; - patternFiles) - cp -pf "${source}"* "${target}"/ && status="success" || status="fail" - logCopyStatus "${status}" "Successfully copied files matching [${source}*] to [${target}]" "Failed to copy files matching [${source}*] to [${target}]" - ;; - full) - cp -prf "${source}"/* "${target}"/ && status="success" || status="fail" - logCopyStatus "${status}" "Successfully copied directory contents from [${source}] to [${target}]" "Failed to copy directory contents from [${source}] to [${target}]" - ;; - esac -} -# Check contents exist in source before copying -copyOnContentExist () { - local source="$1" - local target="$2" - local mode="$3" - - if [[ "$(checkContentExists "${source}")" == "true" ]]; then - copyCmd "${source}" "${target}" "${mode}" - else - logger "No contents to copy from [${source}]" - fi -} - -# move source to destination -moveCmd () { - local source="$1" - local target="$2" - local status= - - mv -f "${source}" "${target}" && status="success" || status="fail" - [[ "${status}" == "success" ]] && logger "Successfully moved directory [${source}] to [${target}]" - [[ "${status}" == "fail" ]] && warn "Failed to move directory [${source}] to [${target}]" -} - -# symlink target to source -symlinkCmd () { - local source="$1" - local target="$2" - local symlinkSubDir="$3" - local check=false - - if [[ "${symlinkSubDir}" == "subDir" ]]; then - ln -sf "${source}"/* "${target}" && check=true || check=false - else - ln -sf "${source}" "${target}" && check=true || check=false - fi - - [[ "${check}" == "true" ]] && logger "Successfully symlinked directory [${target}] to old [${source}]" - [[ "${check}" == "false" ]] && warn "Symlink operation failed" -} -# Check contents exist in source before symlinking -symlinkOnExist () { - local source="$1" - local target="$2" - local symlinkSubDir="$3" - - if [[ "$(checkContentExists "${source}")" == "true" ]]; then - if [[ "${symlinkSubDir}" == "subDir" ]]; then - symlinkCmd "${source}" "${target}" "subDir" - else - symlinkCmd "${source}" "${target}" - fi - else - logger "No contents to symlink from [${source}]" - fi -} - -prependDir () { - local absolutePath="$1" - local fullPath="$2" - local sourcePath= - - if [[ "${absolutePath}" = \/* ]]; then - sourcePath="${absolutePath}" - else - sourcePath="${fullPath}" - fi - echo "${sourcePath}" -} - -getFirstEntry (){ - local entry="$1" - - [[ -z "${entry}" ]] && return - echo "${entry}" | awk -F"=" '{print $1}' -} - -getSecondEntry () { - local entry="$1" - - [[ -z "${entry}" ]] && return - echo "${entry}" | awk -F"=" '{print $2}' -} -# To get absolutePath -pathResolver () { - local directoryPath="$1" - local dataDir= - - if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then - retrieveYamlValue "migration.oldDataDir" "oldDataDir" "Warning" - dataDir="${YAML_VALUE}" - cd "${dataDir}" - else - cd "${OLD_DATA_DIR}" - fi - absoluteDir="`cd "${directoryPath}";pwd`" - echo "${absoluteDir}" -} - -checkPathResolver () { - local value="$1" - - if [[ "${value}" == \/* ]]; then - value="${value}" - else - value="$(pathResolver "${value}")" - fi - echo "${value}" -} - -propertyMigrate () { - local entry="$1" - local filePath="$2" - local fileName="$3" - local check=false - - local yamlPath="$(getFirstEntry "${entry}")" - local property="$(getSecondEntry "${entry}")" - if [[ -z "${property}" ]]; then - warn "Property is empty in map [${entry}] in the file [${MIGRATION_SYSTEM_YAML_INFO}]" - return - fi - if [[ -z "${yamlPath}" ]]; then - warn "yamlPath is empty for [${property}] in [${MIGRATION_SYSTEM_YAML_INFO}]" - return - fi - while IFS='=' read -r key value || [ -n "${key}" ]; - do - [[ ! "${key}" =~ \#.* && ! -z "${key}" && ! -z "${value}" ]] - key="$(io_trim "${key}")" - if [[ "${key}" == "${property}" ]]; then - if [[ "${PRODUCT}" == "artifactory" ]]; then - value="$(migrateResolveDerbyPath "${key}" "${value}")" - value="$(migrateResolveHaDirPath "${key}" "${value}")" - value="$(updatePostgresUrlString_Hook "${yamlPath}" "${value}")" - fi - if [[ "${key}" == "context.url" ]]; then - local ip=$(echo "${value}" | awk -F/ '{print $3}' | sed 's/:.*//') - setSystemValue "shared.node.ip" "${ip}" "${SYSTEM_YAML_PATH}" - logger "Setting [shared.node.ip] with [${ip}] in system.yaml" - fi - setSystemValue "${yamlPath}" "${value}" "${SYSTEM_YAML_PATH}" && logger "Setting [${yamlPath}] with value of the property [${property}] in system.yaml" && check=true && break || check=false - fi - done < "${NEW_DATA_DIR}/${filePath}/${fileName}" - [[ "${check}" == "false" ]] && logger "Property [${property}] not found in file [${fileName}]" -} - -setHaEnabled_hook () { - echo "" -} - -migratePropertiesFiles () { - local fileList= - local filePath= - local fileName= - local map= - - retrieveYamlValue "migration.propertyFiles.files" "fileList" "Skip" - fileList="${YAML_VALUE}" - if [[ -z "${fileList}" ]]; then - return - fi - bannerSection "PROCESSING MIGRATION OF PROPERTY FILES" - for file in ${fileList}; - do - bannerSubSection "Processing Migration of $file" - retrieveYamlValue "migration.propertyFiles.$file.filePath" "filePath" "Warning" - filePath="${YAML_VALUE}" - retrieveYamlValue "migration.propertyFiles.$file.fileName" "fileName" "Warning" - fileName="${YAML_VALUE}" - [[ -z "${filePath}" && -z "${fileName}" ]] && continue - if [[ "$(checkFileExists "${NEW_DATA_DIR}/${filePath}/${fileName}")" == "true" ]]; then - logger "File [${fileName}] found in path [${NEW_DATA_DIR}/${filePath}]" - # setting haEnabled with true only if ha-node.properties is present - setHaEnabled_hook "${filePath}" - retrieveYamlValue "migration.propertyFiles.$file.map" "map" "Warning" - map="${YAML_VALUE}" - [[ -z "${map}" ]] && continue - for entry in $map; - do - if [[ "$(checkMapEntry "${entry}")" == "true" ]]; then - propertyMigrate "${entry}" "${filePath}" "${fileName}" - else - warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e yamlPath=property" - fi - done - else - logger "File [${fileName}] was not found in path [${NEW_DATA_DIR}/${filePath}] to migrate" - fi - done -} - -createTargetDir () { - local mountDir="$1" - local target="$2" - - logger "Target directory not found [${mountDir}/${target}], creating it" - createDirectoryRecursive "${mountDir}" "${target}" "Warning" -} - -createDirectoryRecursive () { - local mountDir="$1" - local target="$2" - local output="$3" - local check=false - local message="Could not create directory ${directory}, please check if the user ${USER} has permissions to perform this action" - removeSoftLink "${mountDir}/${target}" - local directory=$(echo "${target}" | tr '/' ' ' ) - local targetDir="${mountDir}" - for dir in ${directory}; - do - targetDir="${targetDir}/${dir}" - mkdir -p "${targetDir}" && check=true || check=false - setOwnershipBasedOnInstaller "${targetDir}" - done - if [[ "${check}" == "false" ]]; then - if [[ "${output}" == "Warning" ]]; then - warn "${message}" - else - errorExit "${message}" - fi - fi -} - -copyOperation () { - local source="$1" - local target="$2" - local mode="$3" - local check=false - local targetDataDir= - local targetLink= - local date= - - # prepend OLD_DATA_DIR only if source is relative path - source="$(prependDir "${source}" "${OLD_DATA_DIR}/${source}")" - if [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then - targetDataDir="${NEW_DATA_DIR}" - else - targetDataDir="`cd "${NEW_DATA_DIR}"/../;pwd`" - fi - copyLogMessage "${mode}" - #remove source if it is a symlink - if [[ -L "${source}" ]]; then - targetLink=$(readlink -f "${source}") - logger "Removing the symlink [${source}] pointing to [${targetLink}]" - rm -f "${source}" - source=${targetLink} - fi - if [[ "$(checkDirExists "${source}")" != "true" ]]; then - logger "Source [${source}] directory not found in path" - return - fi - if [[ "$(checkDirContents "${source}")" != "true" ]]; then - logger "No contents to copy from [${source}]" - return - fi - if [[ "$(checkDirExists "${targetDataDir}/${target}")" != "true" ]]; then - createTargetDir "${targetDataDir}" "${target}" - fi - copyOnContentExist "${source}" "${targetDataDir}/${target}" "${mode}" -} - -copySpecificFiles () { - local source="$1" - local target="$2" - local mode="$3" - - # prepend OLD_DATA_DIR only if source is relative path - source="$(prependDir "${source}" "${OLD_DATA_DIR}/${source}")" - if [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then - targetDataDir="${NEW_DATA_DIR}" - else - targetDataDir="`cd "${NEW_DATA_DIR}"/../;pwd`" - fi - copyLogMessage "${mode}" - if [[ "$(checkFileExists "${source}")" != "true" ]]; then - logger "Source file [${source}] does not exist in path" - return - fi - if [[ "$(checkDirExists "${targetDataDir}/${target}")" != "true" ]]; then - createTargetDir "${targetDataDir}" "${target}" - fi - copyCmd "${source}" "${targetDataDir}/${target}" "${mode}" -} - -copyPatternMatchingFiles () { - local source="$1" - local target="$2" - local mode="$3" - local sourcePath="${4}" - - # prepend OLD_DATA_DIR only if source is relative path - sourcePath="$(prependDir "${sourcePath}" "${OLD_DATA_DIR}/${sourcePath}")" - if [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then - targetDataDir="${NEW_DATA_DIR}" - else - targetDataDir="`cd "${NEW_DATA_DIR}"/../;pwd`" - fi - copyLogMessage "${mode}" - if [[ "$(checkDirExists "${sourcePath}")" != "true" ]]; then - logger "Source [${sourcePath}] directory not found in path" - return - fi - if ls "${sourcePath}/${source}"* 1> /dev/null 2>&1; then - if [[ "$(checkDirExists "${targetDataDir}/${target}")" != "true" ]]; then - createTargetDir "${targetDataDir}" "${target}" - fi - copyCmd "${sourcePath}/${source}" "${targetDataDir}/${target}" "${mode}" - else - logger "Source file [${sourcePath}/${source}*] does not exist in path" - fi -} - -copyLogMessage () { - local mode="$1" - case $mode in - specific) - logger "Copy file [${source}] to target [${targetDataDir}/${target}]" - ;; - patternFiles) - logger "Copy files matching [${sourcePath}/${source}*] to target [${targetDataDir}/${target}]" - ;; - full) - logger "Copy directory contents from source [${source}] to target [${targetDataDir}/${target}]" - ;; - unique) - logger "Copy directory contents from source [${source}] to target [${targetDataDir}/${target}]" - ;; - esac -} - -copyBannerMessages () { - local mode="$1" - local textMode="$2" - case $mode in - specific) - bannerSection "COPY ${textMode} FILES" - ;; - patternFiles) - bannerSection "COPY MATCHING ${textMode}" - ;; - full) - bannerSection "COPY ${textMode} DIRECTORIES CONTENTS" - ;; - unique) - bannerSection "COPY ${textMode} DIRECTORIES CONTENTS" - ;; - esac -} - -invokeCopyFunctions () { - local mode="$1" - local source="$2" - local target="$3" - - case $mode in - specific) - copySpecificFiles "${source}" "${target}" "${mode}" - ;; - patternFiles) - retrieveYamlValue "migration.${copyFormat}.sourcePath" "map" "Warning" - local sourcePath="${YAML_VALUE}" - copyPatternMatchingFiles "${source}" "${target}" "${mode}" "${sourcePath}" - ;; - full) - copyOperation "${source}" "${target}" "${mode}" - ;; - unique) - copyOperation "${source}" "${target}" "${mode}" - ;; - esac -} -# Copies contents from source directory and target directory -copyDataDirectories () { - local copyFormat="$1" - local mode="$2" - local map= - local source= - local target= - local textMode= - local targetDataDir= - local copyFormatValue= - - retrieveYamlValue "migration.${copyFormat}" "${copyFormat}" "Skip" - copyFormatValue="${YAML_VALUE}" - if [[ -z "${copyFormatValue}" ]]; then - return - fi - textMode=$(echo "${mode}" | tr '[:lower:]' '[:upper:]' 2>/dev/null) - copyBannerMessages "${mode}" "${textMode}" - retrieveYamlValue "migration.${copyFormat}.map" "map" "Warning" - map="${YAML_VALUE}" - if [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then - targetDataDir="${NEW_DATA_DIR}" - else - targetDataDir="`cd "${NEW_DATA_DIR}"/../;pwd`" - fi - for entry in $map; - do - if [[ "$(checkMapEntry "${entry}")" == "true" ]]; then - source="$(getSecondEntry "${entry}")" - target="$(getFirstEntry "${entry}")" - [[ -z "${source}" ]] && warn "source value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue - [[ -z "${target}" ]] && warn "target value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue - invokeCopyFunctions "${mode}" "${source}" "${target}" - else - warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e target=source" - fi - echo ""; - done -} - -invokeMoveFunctions () { - local source="$1" - local target="$2" - local sourceDataDir= - local targetBasename= - # prepend OLD_DATA_DIR only if source is relative path - sourceDataDir=$(prependDir "${source}" "${OLD_DATA_DIR}/${source}") - targetBasename=$(dirname "${target}") - logger "Moving directory source [${sourceDataDir}] to target [${NEW_DATA_DIR}/${target}]" - if [[ "$(checkDirExists "${sourceDataDir}")" != "true" ]]; then - logger "Directory [${sourceDataDir}] not found in path to move" - return - fi - if [[ "$(checkDirExists "${NEW_DATA_DIR}/${targetBasename}")" != "true" ]]; then - createTargetDir "${NEW_DATA_DIR}" "${targetBasename}" - moveCmd "${sourceDataDir}" "${NEW_DATA_DIR}/${target}" - else - moveCmd "${sourceDataDir}" "${NEW_DATA_DIR}/tempDir" - moveCmd "${NEW_DATA_DIR}/tempDir" "${NEW_DATA_DIR}/${target}" - fi -} - -# Move source directory and target directory -moveDirectories () { - local moveDataDirectories= - local map= - local source= - local target= - - retrieveYamlValue "migration.moveDirectories" "moveDirectories" "Skip" - moveDirectories="${YAML_VALUE}" - if [[ -z "${moveDirectories}" ]]; then - return - fi - bannerSection "MOVE DIRECTORIES" - retrieveYamlValue "migration.moveDirectories.map" "map" "Warning" - map="${YAML_VALUE}" - for entry in $map; - do - if [[ "$(checkMapEntry "${entry}")" == "true" ]]; then - source="$(getSecondEntry "${entry}")" - target="$(getFirstEntry "${entry}")" - [[ -z "${source}" ]] && warn "source value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue - [[ -z "${target}" ]] && warn "target value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue - invokeMoveFunctions "${source}" "${target}" - else - warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e target=source" - fi - echo ""; - done -} - -# Trim masterKey if its generated using hex 32 -trimMasterKey () { - local masterKeyDir=/opt/jfrog/artifactory/var/etc/security - local oldMasterKey=$(<${masterKeyDir}/master.key) - local oldMasterKey_Length=$(echo ${#oldMasterKey}) - local newMasterKey= - if [[ ${oldMasterKey_Length} -gt 32 ]]; then - bannerSection "TRIM MASTERKEY" - newMasterKey=$(echo ${oldMasterKey:0:32}) - cp ${masterKeyDir}/master.key ${masterKeyDir}/backup_master.key - logger "Original masterKey is backed up : ${masterKeyDir}/backup_master.key" - rm -rf ${masterKeyDir}/master.key - echo ${newMasterKey} > ${masterKeyDir}/master.key - logger "masterKey is trimmed : ${masterKeyDir}/master.key" - fi -} - -copyDirectories () { - - copyDataDirectories "copyFiles" "full" - copyDataDirectories "copyUniqueFiles" "unique" - copyDataDirectories "copySpecificFiles" "specific" - copyDataDirectories "copyPatternMatchingFiles" "patternFiles" -} - -symlinkDir () { - local source="$1" - local target="$2" - local targetDir= - local basename= - local targetParentDir= - - targetDir="$(dirname "${target}")" - if [[ "${targetDir}" == "${source}" ]]; then - # symlink the sub directories - createDirectory "${NEW_DATA_DIR}/${target}" "Warning" - if [[ "$(checkDirExists "${NEW_DATA_DIR}/${target}")" == "true" ]]; then - symlinkOnExist "${OLD_DATA_DIR}/${source}" "${NEW_DATA_DIR}/${target}" "subDir" - basename="$(basename "${target}")" - cd "${NEW_DATA_DIR}/${target}" && rm -f "${basename}" - fi - else - targetParentDir="$(dirname "${NEW_DATA_DIR}/${target}")" - createDirectory "${targetParentDir}" "Warning" - if [[ "$(checkDirExists "${targetParentDir}")" == "true" ]]; then - symlinkOnExist "${OLD_DATA_DIR}/${source}" "${NEW_DATA_DIR}/${target}" - fi - fi -} - -symlinkOperation () { - local source="$1" - local target="$2" - local check=false - local targetLink= - local date= - - # Check if source is a link and do symlink - if [[ -L "${OLD_DATA_DIR}/${source}" ]]; then - targetLink=$(readlink -f "${OLD_DATA_DIR}/${source}") - symlinkOnExist "${targetLink}" "${NEW_DATA_DIR}/${target}" - else - # check if source is directory and do symlink - if [[ "$(checkDirExists "${OLD_DATA_DIR}/${source}")" != "true" ]]; then - logger "Source [${source}] directory not found in path to symlink" - return - fi - if [[ "$(checkDirContents "${OLD_DATA_DIR}/${source}")" != "true" ]]; then - logger "No contents found in [${OLD_DATA_DIR}/${source}] to symlink" - return - fi - if [[ "$(checkDirExists "${NEW_DATA_DIR}/${target}")" != "true" ]]; then - logger "Target directory [${NEW_DATA_DIR}/${target}] does not exist to create symlink, creating it" - symlinkDir "${source}" "${target}" - else - rm -rf "${NEW_DATA_DIR}/${target}" && check=true || check=false - [[ "${check}" == "false" ]] && warn "Failed to remove contents in [${NEW_DATA_DIR}/${target}/]" - symlinkDir "${source}" "${target}" - fi - fi -} -# Creates a symlink path - Source directory to which the symbolic link should point. -symlinkDirectories () { - local linkFiles= - local map= - local source= - local target= - - retrieveYamlValue "migration.linkFiles" "linkFiles" "Skip" - linkFiles="${YAML_VALUE}" - if [[ -z "${linkFiles}" ]]; then - return - fi - bannerSection "SYMLINK DIRECTORIES" - retrieveYamlValue "migration.linkFiles.map" "map" "Warning" - map="${YAML_VALUE}" - for entry in $map; - do - if [[ "$(checkMapEntry "${entry}")" == "true" ]]; then - source="$(getSecondEntry "${entry}")" - target="$(getFirstEntry "${entry}")" - logger "Symlink directory [${NEW_DATA_DIR}/${target}] to old [${OLD_DATA_DIR}/${source}]" - [[ -z "${source}" ]] && warn "source value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue - [[ -z "${target}" ]] && warn "target value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue - symlinkOperation "${source}" "${target}" - else - warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e target=source" - fi - echo ""; - done -} - -updateConnectionString () { - local yamlPath="$1" - local value="$2" - local mongoPath="shared.mongo.url" - local rabbitmqPath="shared.rabbitMq.url" - local postgresPath="shared.database.url" - local redisPath="shared.redis.connectionString" - local mongoConnectionString="mongo.connectionString" - local sourceKey= - local hostIp=$(io_getPublicHostIP) - local hostKey= - - if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then - # Replace @postgres:,@mongodb:,@rabbitmq:,@redis: to @{hostIp}: (Compose Installer) - hostKey="@${hostIp}:" - case $yamlPath in - ${postgresPath}) - sourceKey="@postgres:" - value=$(io_replaceString "${value}" "${sourceKey}" "${hostKey}") - ;; - ${mongoPath}) - sourceKey="@mongodb:" - value=$(io_replaceString "${value}" "${sourceKey}" "${hostKey}") - ;; - ${rabbitmqPath}) - sourceKey="@rabbitmq:" - value=$(io_replaceString "${value}" "${sourceKey}" "${hostKey}") - ;; - ${redisPath}) - sourceKey="@redis:" - value=$(io_replaceString "${value}" "${sourceKey}" "${hostKey}") - ;; - ${mongoConnectionString}) - sourceKey="@mongodb:" - value=$(io_replaceString "${value}" "${sourceKey}" "${hostKey}") - ;; - esac - fi - echo -n "${value}" -} - -yamlMigrate () { - local entry="$1" - local sourceFile="$2" - local value= - local yamlPath= - local key= - yamlPath="$(getFirstEntry "${entry}")" - key="$(getSecondEntry "${entry}")" - if [[ -z "${key}" ]]; then - warn "key is empty in map [${entry}] in the file [${MIGRATION_SYSTEM_YAML_INFO}]" - return - fi - if [[ -z "${yamlPath}" ]]; then - warn "yamlPath is empty for [${key}] in [${MIGRATION_SYSTEM_YAML_INFO}]" - return - fi - getYamlValue "${key}" "${sourceFile}" "false" - value="${YAML_VALUE}" - if [[ ! -z "${value}" ]]; then - value=$(updateConnectionString "${yamlPath}" "${value}") - fi - if [[ "${PRODUCT}" == "artifactory" ]]; then - replicatorProfiling - fi - if [[ -z "${value}" ]]; then - logger "No value for [${key}] in [${sourceFile}]" - else - setSystemValue "${yamlPath}" "${value}" "${SYSTEM_YAML_PATH}" - logger "Setting [${yamlPath}] with value of the key [${key}] in system.yaml" - fi -} - -migrateYamlFile () { - local files= - local filePath= - local fileName= - local sourceFile= - local map= - retrieveYamlValue "migration.yaml.files" "files" "Skip" - files="${YAML_VALUE}" - if [[ -z "${files}" ]]; then - return - fi - bannerSection "MIGRATION OF YAML FILES" - for file in $files; - do - bannerSubSection "Processing Migration of $file" - retrieveYamlValue "migration.yaml.$file.filePath" "filePath" "Warning" - filePath="${YAML_VALUE}" - retrieveYamlValue "migration.yaml.$file.fileName" "fileName" "Warning" - fileName="${YAML_VALUE}" - [[ -z "${filePath}" && -z "${fileName}" ]] && continue - sourceFile="${NEW_DATA_DIR}/${filePath}/${fileName}" - if [[ "$(checkFileExists "${sourceFile}")" == "true" ]]; then - logger "File [${fileName}] found in path [${NEW_DATA_DIR}/${filePath}]" - retrieveYamlValue "migration.yaml.$file.map" "map" "Warning" - map="${YAML_VALUE}" - [[ -z "${map}" ]] && continue - for entry in $map; - do - if [[ "$(checkMapEntry "${entry}")" == "true" ]]; then - yamlMigrate "${entry}" "${sourceFile}" - else - warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e yamlPath=key" - fi - done - else - logger "File [${fileName}] is not found in path [${NEW_DATA_DIR}/${filePath}] to migrate" - fi - done -} -# updates the key and value in system.yaml -updateYamlKeyValue () { - local entry="$1" - local value= - local yamlPath= - local key= - - yamlPath="$(getFirstEntry "${entry}")" - value="$(getSecondEntry "${entry}")" - if [[ -z "${value}" ]]; then - warn "value is empty in map [${entry}] in the file [${MIGRATION_SYSTEM_YAML_INFO}]" - return - fi - if [[ -z "${yamlPath}" ]]; then - warn "yamlPath is empty for [${key}] in [${MIGRATION_SYSTEM_YAML_INFO}]" - return - fi - setSystemValue "${yamlPath}" "${value}" "${SYSTEM_YAML_PATH}" - logger "Setting [${yamlPath}] with value [${value}] in system.yaml" -} - -updateSystemYamlFile () { - local updateYaml= - local map= - - retrieveYamlValue "migration.updateSystemYaml" "updateYaml" "Skip" - updateSystemYaml="${YAML_VALUE}" - if [[ -z "${updateSystemYaml}" ]]; then - return - fi - bannerSection "UPDATE SYSTEM YAML FILE WITH KEY AND VALUES" - retrieveYamlValue "migration.updateSystemYaml.map" "map" "Warning" - map="${YAML_VALUE}" - if [[ -z "${map}" ]]; then - return - fi - for entry in $map; - do - if [[ "$(checkMapEntry "${entry}")" == "true" ]]; then - updateYamlKeyValue "${entry}" - else - warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e yamlPath=key" - fi - done -} - -backupFiles_hook () { - logSilly "Method ${FUNCNAME[0]}" -} - -backupDirectory () { - local backupDir="$1" - local dir="$2" - local targetDir="$3" - local effectiveUser= - local effectiveGroup= - - if [[ "${dir}" = \/* ]]; then - dir=$(echo "${dir/\//}") - fi - - if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then - effectiveUser="${JF_USER}" - effectiveGroup="${JF_USER}" - elif [[ "${INSTALLER}" == "${DEB_TYPE}" || "${INSTALLER}" == "${RPM_TYPE}" ]]; then - effectiveUser="${USER_TO_CHECK}" - effectiveGroup="${GROUP_TO_CHECK}" - fi - - removeSoftLinkAndCreateDir "${backupDir}" "${effectiveUser}" "${effectiveGroup}" "yes" - local backupDirectory="${backupDir}/${PRODUCT}" - removeSoftLinkAndCreateDir "${backupDirectory}" "${effectiveUser}" "${effectiveGroup}" "yes" - removeSoftLinkAndCreateDir "${backupDirectory}/${dir}" "${effectiveUser}" "${effectiveGroup}" "yes" - local outputCheckDirExists="$(checkDirExists "${backupDirectory}/${dir}")" - if [[ "${outputCheckDirExists}" == "true" ]]; then - copyOnContentExist "${targetDir}" "${backupDirectory}/${dir}" "full" - fi -} - -removeOldDirectory () { - local backupDir="$1" - local entry="$2" - local check=false - - # prepend OLD_DATA_DIR only if entry is relative path - local targetDir="$(prependDir "${entry}" "${OLD_DATA_DIR}/${entry}")" - local outputCheckDirExists="$(checkDirExists "${targetDir}")" - if [[ "${outputCheckDirExists}" != "true" ]]; then - logger "No [${targetDir}] directory found to delete" - echo ""; - return - fi - backupDirectory "${backupDir}" "${entry}" "${targetDir}" - rm -rf "${targetDir}" && check=true || check=false - [[ "${check}" == "true" ]] && logger "Successfully removed directory [${targetDir}]" - [[ "${check}" == "false" ]] && warn "Failed to remove directory [${targetDir}]" - echo ""; -} - -cleanUpOldDataDirectories () { - local cleanUpOldDataDir= - local map= - local entry= - - retrieveYamlValue "migration.cleanUpOldDataDir" "cleanUpOldDataDir" "Skip" - cleanUpOldDataDir="${YAML_VALUE}" - if [[ -z "${cleanUpOldDataDir}" ]]; then - return - fi - bannerSection "CLEAN UP OLD DATA DIRECTORIES" - retrieveYamlValue "migration.cleanUpOldDataDir.map" "map" "Warning" - map="${YAML_VALUE}" - [[ -z "${map}" ]] && continue - date="$(date +%Y%m%d%H%M)" - backupDir="${NEW_DATA_DIR}/backup/backup-${date}" - bannerImportant "****** Old data configurations are backedup in [${backupDir}] directory ******" - backupFiles_hook "${backupDir}/${PRODUCT}" - for entry in $map; - do - removeOldDirectory "${backupDir}" "${entry}" - done -} - -backupFiles () { - local backupDir="$1" - local dir="$2" - local targetDir="$3" - local fileName="$4" - local effectiveUser= - local effectiveGroup= - - if [[ "${dir}" = \/* ]]; then - dir=$(echo "${dir/\//}") - fi - - if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then - effectiveUser="${JF_USER}" - effectiveGroup="${JF_USER}" - elif [[ "${INSTALLER}" == "${DEB_TYPE}" || "${INSTALLER}" == "${RPM_TYPE}" ]]; then - effectiveUser="${USER_TO_CHECK}" - effectiveGroup="${GROUP_TO_CHECK}" - fi - - removeSoftLinkAndCreateDir "${backupDir}" "${effectiveUser}" "${effectiveGroup}" "yes" - local backupDirectory="${backupDir}/${PRODUCT}" - removeSoftLinkAndCreateDir "${backupDirectory}" "${effectiveUser}" "${effectiveGroup}" "yes" - removeSoftLinkAndCreateDir "${backupDirectory}/${dir}" "${effectiveUser}" "${effectiveGroup}" "yes" - local outputCheckDirExists="$(checkDirExists "${backupDirectory}/${dir}")" - if [[ "${outputCheckDirExists}" == "true" ]]; then - copyCmd "${targetDir}/${fileName}" "${backupDirectory}/${dir}" "specific" - fi -} - -removeOldFiles () { - local backupDir="$1" - local directoryName="$2" - local fileName="$3" - local check=false - - # prepend OLD_DATA_DIR only if entry is relative path - local targetDir="$(prependDir "${directoryName}" "${OLD_DATA_DIR}/${directoryName}")" - local outputCheckFileExists="$(checkFileExists "${targetDir}/${fileName}")" - if [[ "${outputCheckFileExists}" != "true" ]]; then - logger "No [${targetDir}/${fileName}] file found to delete" - return - fi - backupFiles "${backupDir}" "${directoryName}" "${targetDir}" "${fileName}" - rm -f "${targetDir}/${fileName}" && check=true || check=false - [[ "${check}" == "true" ]] && logger "Successfully removed file [${targetDir}/${fileName}]" - [[ "${check}" == "false" ]] && warn "Failed to remove file [${targetDir}/${fileName}]" - echo ""; -} - -cleanUpOldFiles () { - local cleanUpFiles= - local map= - local entry= - - retrieveYamlValue "migration.cleanUpOldFiles" "cleanUpOldFiles" "Skip" - cleanUpOldFiles="${YAML_VALUE}" - if [[ -z "${cleanUpOldFiles}" ]]; then - return - fi - bannerSection "CLEAN UP OLD FILES" - retrieveYamlValue "migration.cleanUpOldFiles.map" "map" "Warning" - map="${YAML_VALUE}" - [[ -z "${map}" ]] && continue - date="$(date +%Y%m%d%H%M)" - backupDir="${NEW_DATA_DIR}/backup/backup-${date}" - bannerImportant "****** Old files are backedup in [${backupDir}] directory ******" - for entry in $map; - do - local outputCheckMapEntry="$(checkMapEntry "${entry}")" - if [[ "${outputCheckMapEntry}" != "true" ]]; then - warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e directoryName=fileName" - fi - local fileName="$(getSecondEntry "${entry}")" - local directoryName="$(getFirstEntry "${entry}")" - [[ -z "${fileName}" ]] && warn "File name value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue - [[ -z "${directoryName}" ]] && warn "Directory name value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue - removeOldFiles "${backupDir}" "${directoryName}" "${fileName}" - echo ""; - done -} - -startMigration () { - bannerSection "STARTING MIGRATION" -} - -endMigration () { - bannerSection "MIGRATION COMPLETED SUCCESSFULLY" -} - -initialize () { - setAppDir - _pauseExecution "setAppDir" - initHelpers - _pauseExecution "initHelpers" - checkMigrationInfoYaml - _pauseExecution "checkMigrationInfoYaml" - getProduct - _pauseExecution "getProduct" - getDataDir - _pauseExecution "getDataDir" -} - -main () { - case $PRODUCT in - artifactory) - migrateArtifactory - ;; - distribution) - migrateDistribution - ;; - xray) - migrationXray - ;; - esac - exit 0 -} - -# Ensures meta data is logged -LOG_BEHAVIOR_ADD_META="$FLAG_Y" - - -migrateResolveDerbyPath () { - local key="$1" - local value="$2" - - if [[ "${key}" == "url" && "${value}" == *"db.home"* ]]; then - if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" ]]; then - derbyPath="/opt/jfrog/artifactory/var/data/artifactory/derby" - value=$(echo "${value}" | sed "s|{db.home}|$derbyPath|") - else - derbyPath="${NEW_DATA_DIR}/data/artifactory/derby" - value=$(echo "${value}" | sed "s|{db.home}|$derbyPath|") - fi - fi - echo "${value}" -} - -migrateResolveHaDirPath () { - local key="$1" - local value="$2" - - if [[ "${INSTALLER}" == "${RPM_TYPE}" || "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" || "${INSTALLER}" == "${DEB_TYPE}" ]]; then - if [[ "${key}" == "artifactory.ha.data.dir" || "${key}" == "artifactory.ha.backup.dir" ]]; then - value=$(checkPathResolver "${value}") - fi - fi - echo "${value}" -} -updatePostgresUrlString_Hook () { - local yamlPath="$1" - local value="$2" - local hostIp=$(io_getPublicHostIP) - local sourceKey="//postgresql:" - if [[ "${yamlPath}" == "shared.database.url" ]]; then - value=$(io_replaceString "${value}" "${sourceKey}" "//${hostIp}:" "#") - fi - echo "${value}" -} -# Check Artifactory product version -checkArtifactoryVersion () { - local minProductVersion="6.0.0" - local maxProductVersion="7.0.0" - local propertyInDocker="ARTIFACTORY_VERSION" - local property="artifactory.version" - - if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" ]]; then - local newfilePath="${APP_DIR}/../.env" - local oldfilePath="${OLD_DATA_DIR}/etc/artifactory.properties" - elif [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then - local oldfilePath="${OLD_DATA_DIR}/etc/artifactory.properties" - elif [[ "${INSTALLER}" == "${ZIP_TYPE}" ]]; then - local newfilePath="${NEW_DATA_DIR}/etc/artifactory/artifactory.properties" - local oldfilePath="${OLD_DATA_DIR}/etc/artifactory.properties" - else - local newfilePath="${NEW_DATA_DIR}/etc/artifactory/artifactory.properties" - local oldfilePath="/etc/opt/jfrog/artifactory/artifactory.properties" - fi - - getProductVersion "${minProductVersion}" "${maxProductVersion}" "${newfilePath}" "${oldfilePath}" "${propertyInDocker}" "${property}" -} - -getCustomDataDir_hook () { - retrieveYamlValue "migration.oldDataDir" "oldDataDir" "Fail" - OLD_DATA_DIR="${YAML_VALUE}" -} - -# Get protocol value of connector -getXmlConnectorProtocol () { - local i="$1" - local filePath="$2" - local fileName="$3" - local protocolValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@protocol' ${filePath}/${fileName} 2>/dev/null |awk -F"=" '{print $2}' | tr -d '"') - echo -e "${protocolValue}" -} - -# Get all attributes of connector -getXmlConnectorAttributes () { - local i="$1" - local filePath="$2" - local fileName="$3" - local connectorAttributes=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@*' ${filePath}/${fileName} 2>/dev/null) - # strip leading and trailing spaces - connectorAttributes=$(io_trim "${connectorAttributes}") - echo "${connectorAttributes}" -} - -# Get port value of connector -getXmlConnectorPort () { - local i="$1" - local filePath="$2" - local fileName="$3" - local portValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@port' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') - echo -e "${portValue}" -} - -# Get maxThreads value of connector -getXmlConnectorMaxThreads () { - local i="$1" - local filePath="$2" - local fileName="$3" - local maxThreadValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@maxThreads' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') - echo -e "${maxThreadValue}" -} -# Get sendReasonPhrase value of connector -getXmlConnectorSendReasonPhrase () { - local i="$1" - local filePath="$2" - local fileName="$3" - local sendReasonPhraseValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@sendReasonPhrase' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') - echo -e "${sendReasonPhraseValue}" -} -# Get relaxedPathChars value of connector -getXmlConnectorRelaxedPathChars () { - local i="$1" - local filePath="$2" - local fileName="$3" - local relaxedPathCharsValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@relaxedPathChars' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') - # strip leading and trailing spaces - relaxedPathCharsValue=$(io_trim "${relaxedPathCharsValue}") - echo -e "${relaxedPathCharsValue}" -} -# Get relaxedQueryChars value of connector -getXmlConnectorRelaxedQueryChars () { - local i="$1" - local filePath="$2" - local fileName="$3" - local relaxedQueryCharsValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@relaxedQueryChars' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') - # strip leading and trailing spaces - relaxedQueryCharsValue=$(io_trim "${relaxedQueryCharsValue}") - echo -e "${relaxedQueryCharsValue}" -} - -# Updating system.yaml with Connector port -setConnectorPort () { - local yamlPath="$1" - local valuePort="$2" - local portYamlPath= - if [[ -z "${yamlPath}" ]]; then - return - fi - if [[ -z "${valuePort}" ]]; then - warn "port value is empty, could not migrate to system.yaml" - return - fi - ## Getting port yaml path from migration info yaml - retrieveYamlValue "${yamlPath}" portYamlPath "Warning" - portYamlPath="${YAML_VALUE}" - if [[ -z "${portYamlPath}" ]]; then - return - fi - setSystemValue "${portYamlPath}" "${valuePort}" "${SYSTEM_YAML_PATH}" - logger "Setting [${portYamlPath}] with value [${valuePort}] in system.yaml" -} - -# Updating system.yaml with Connector maxThreads -setConnectorMaxThread () { - local yamlPath="$1" - local threadValue="$2" - local maxThreadYamlPath= - if [[ -z "${yamlPath}" ]]; then - return - fi - if [[ -z "${threadValue}" ]]; then - return - fi - ## Getting max Threads yaml path from migration info yaml - retrieveYamlValue "${yamlPath}" maxThreadYamlPath "Warning" - maxThreadYamlPath="${YAML_VALUE}" - if [[ -z "${maxThreadYamlPath}" ]]; then - return - fi - setSystemValue "${maxThreadYamlPath}" "${threadValue}" "${SYSTEM_YAML_PATH}" - logger "Setting [${maxThreadYamlPath}] with value [${threadValue}] in system.yaml" -} - -# Updating system.yaml with Connector sendReasonPhrase -setConnectorSendReasonPhrase () { - local yamlPath="$1" - local sendReasonPhraseValue="$2" - local sendReasonPhraseYamlPath= - if [[ -z "${yamlPath}" ]]; then - return - fi - if [[ -z "${sendReasonPhraseValue}" ]]; then - return - fi - ## Getting sendReasonPhrase yaml path from migration info yaml - retrieveYamlValue "${yamlPath}" sendReasonPhraseYamlPath "Warning" - sendReasonPhraseYamlPath="${YAML_VALUE}" - if [[ -z "${sendReasonPhraseYamlPath}" ]]; then - return - fi - setSystemValue "${sendReasonPhraseYamlPath}" "${sendReasonPhraseValue}" "${SYSTEM_YAML_PATH}" - logger "Setting [${sendReasonPhraseYamlPath}] with value [${sendReasonPhraseValue}] in system.yaml" -} - -# Updating system.yaml with Connector relaxedPathChars -setConnectorRelaxedPathChars () { - local yamlPath="$1" - local relaxedPathCharsValue="$2" - local relaxedPathCharsYamlPath= - if [[ -z "${yamlPath}" ]]; then - return - fi - if [[ -z "${relaxedPathCharsValue}" ]]; then - return - fi - ## Getting relaxedPathChars yaml path from migration info yaml - retrieveYamlValue "${yamlPath}" relaxedPathCharsYamlPath "Warning" - relaxedPathCharsYamlPath="${YAML_VALUE}" - if [[ -z "${relaxedPathCharsYamlPath}" ]]; then - return - fi - setSystemValue "${relaxedPathCharsYamlPath}" "${relaxedPathCharsValue}" "${SYSTEM_YAML_PATH}" - logger "Setting [${relaxedPathCharsYamlPath}] with value [${relaxedPathCharsValue}] in system.yaml" -} - -# Updating system.yaml with Connector relaxedQueryChars -setConnectorRelaxedQueryChars () { - local yamlPath="$1" - local relaxedQueryCharsValue="$2" - local relaxedQueryCharsYamlPath= - if [[ -z "${yamlPath}" ]]; then - return - fi - if [[ -z "${relaxedQueryCharsValue}" ]]; then - return - fi - ## Getting relaxedQueryChars yaml path from migration info yaml - retrieveYamlValue "${yamlPath}" relaxedQueryCharsYamlPath "Warning" - relaxedQueryCharsYamlPath="${YAML_VALUE}" - if [[ -z "${relaxedQueryCharsYamlPath}" ]]; then - return - fi - setSystemValue "${relaxedQueryCharsYamlPath}" "${relaxedQueryCharsValue}" "${SYSTEM_YAML_PATH}" - logger "Setting [${relaxedQueryCharsYamlPath}] with value [${relaxedQueryCharsValue}] in system.yaml" -} - -# Updating system.yaml with Connectors configurations -setConnectorExtraConfig () { - local yamlPath="$1" - local connectorAttributes="$2" - local extraConfigPath= - if [[ -z "${yamlPath}" ]]; then - return - fi - if [[ -z "${connectorAttributes}" ]]; then - return - fi - ## Getting extraConfig yaml path from migration info yaml - retrieveYamlValue "${yamlPath}" extraConfig "Warning" - extraConfigPath="${YAML_VALUE}" - if [[ -z "${extraConfigPath}" ]]; then - return - fi - # strip leading and trailing spaces - connectorAttributes=$(io_trim "${connectorAttributes}") - setSystemValue "${extraConfigPath}" "${connectorAttributes}" "${SYSTEM_YAML_PATH}" - logger "Setting [${extraConfigPath}] with connector attributes in system.yaml" -} - -# Updating system.yaml with extra Connectors -setExtraConnector () { - local yamlPath="$1" - local extraConnector="$2" - local extraConnectorYamlPath= - if [[ -z "${yamlPath}" ]]; then - return - fi - if [[ -z "${extraConnector}" ]]; then - return - fi - ## Getting extraConnecotr yaml path from migration info yaml - retrieveYamlValue "${yamlPath}" extraConnectorYamlPath "Warning" - extraConnectorYamlPath="${YAML_VALUE}" - if [[ -z "${extraConnectorYamlPath}" ]]; then - return - fi - getYamlValue "${extraConnectorYamlPath}" "${SYSTEM_YAML_PATH}" "false" - local connectorExtra="${YAML_VALUE}" - if [[ -z "${connectorExtra}" ]]; then - setSystemValue "${extraConnectorYamlPath}" "${extraConnector}" "${SYSTEM_YAML_PATH}" - logger "Setting [${extraConnectorYamlPath}] with extra connectors in system.yaml" - else - setSystemValue "${extraConnectorYamlPath}" "\"${connectorExtra} ${extraConnector}\"" "${SYSTEM_YAML_PATH}" - logger "Setting [${extraConnectorYamlPath}] with extra connectors in system.yaml" - fi -} - -# Migrate extra connectors to system.yaml -migrateExtraConnectors () { - local filePath="$1" - local fileName="$2" - local connectorCount="$3" - local excludeDefaultPort="$4" - local i="$5" - local extraConfig= - local extraConnector= - if [[ "${excludeDefaultPort}" == "yes" ]]; then - for ((i = 1 ; i <= "${connectorCount}" ; i++)); - do - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - [[ "${portValue}" != "${DEFAULT_ACCESS_PORT}" && "${portValue}" != "${DEFAULT_RT_PORT}" ]] || continue - extraConnector=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']' ${filePath}/${fileName} 2>/dev/null) - setExtraConnector "${EXTRA_CONFIG_YAMLPATH}" "${extraConnector}" - done - else - extraConnector=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']' ${filePath}/${fileName} 2>/dev/null) - setExtraConnector "${EXTRA_CONFIG_YAMLPATH}" "${extraConnector}" - fi -} - -# Migrate connector configurations -migrateConnectorConfig () { - local i="$1" - local protocolType="$2" - local portValue="$3" - local connectorPortYamlPath="$4" - local connectorMaxThreadYamlPath="$5" - local connectorAttributesYamlPath="$6" - local filePath="$7" - local fileName="$8" - local connectorSendReasonPhraseYamlPath="$9" - local connectorRelaxedPathCharsYamlPath="${10}" - local connectorRelaxedQueryCharsYamlPath="${11}" - - # migrate port - setConnectorPort "${connectorPortYamlPath}" "${portValue}" - - # migrate maxThreads - local maxThreadValue=$(getXmlConnectorMaxThreads "$i" "${filePath}" "${fileName}") - setConnectorMaxThread "${connectorMaxThreadYamlPath}" "${maxThreadValue}" - - # migrate sendReasonPhrase - local sendReasonPhraseValue=$(getXmlConnectorSendReasonPhrase "$i" "${filePath}" "${fileName}") - setConnectorSendReasonPhrase "${connectorSendReasonPhraseYamlPath}" "${sendReasonPhraseValue}" - - # migrate relaxedPathChars - local relaxedPathCharsValue=$(getXmlConnectorRelaxedPathChars "$i" "${filePath}" "${fileName}") - setConnectorRelaxedPathChars "${connectorRelaxedPathCharsYamlPath}" "\"${relaxedPathCharsValue}\"" - # migrate relaxedQueryChars - local relaxedQueryCharsValue=$(getXmlConnectorRelaxedQueryChars "$i" "${filePath}" "${fileName}") - setConnectorRelaxedQueryChars "${connectorRelaxedQueryCharsYamlPath}" "\"${relaxedQueryCharsValue}\"" - - # migrate all attributes to extra config except port , maxThread , sendReasonPhrase ,relaxedPathChars and relaxedQueryChars - local connectorAttributes=$(getXmlConnectorAttributes "$i" "${filePath}" "${fileName}") - connectorAttributes=$(echo "${connectorAttributes}" | sed 's/port="'${portValue}'"//g' | sed 's/maxThreads="'${maxThreadValue}'"//g' | sed 's/sendReasonPhrase="'${sendReasonPhraseValue}'"//g' | sed 's/relaxedPathChars="\'${relaxedPathCharsValue}'\"//g' | sed 's/relaxedQueryChars="\'${relaxedQueryCharsValue}'\"//g') - # strip leading and trailing spaces - connectorAttributes=$(io_trim "${connectorAttributes}") - setConnectorExtraConfig "${connectorAttributesYamlPath}" "${connectorAttributes}" -} - -# Check for default port 8040 and 8081 in connectors and migrate -migrateConnectorPort () { - local filePath="$1" - local fileName="$2" - local connectorCount="$3" - local defaultPort="$4" - local connectorPortYamlPath="$5" - local connectorMaxThreadYamlPath="$6" - local connectorAttributesYamlPath="$7" - local connectorSendReasonPhraseYamlPath="$8" - local connectorRelaxedPathCharsYamlPath="$9" - local connectorRelaxedQueryCharsYamlPath="${10}" - local portYamlPath= - local maxThreadYamlPath= - local status= - for ((i = 1 ; i <= "${connectorCount}" ; i++)); - do - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - local protocolType=$(getXmlConnectorProtocol "$i" "${filePath}" "${fileName}") - [[ "${protocolType}" == *AJP* ]] && continue - [[ "${portValue}" != "${defaultPort}" ]] && continue - if [[ "${portValue}" == "${DEFAULT_RT_PORT}" ]]; then - RT_DEFAULTPORT_STATUS=success - else - AC_DEFAULTPORT_STATUS=success - fi - migrateConnectorConfig "${i}" "${protocolType}" "${portValue}" "${connectorPortYamlPath}" "${connectorMaxThreadYamlPath}" "${connectorAttributesYamlPath}" "${filePath}" "${fileName}" "${connectorSendReasonPhraseYamlPath}" "${connectorRelaxedPathCharsYamlPath}" "${connectorRelaxedQueryCharsYamlPath}" - done -} - -# migrate to extra, connector having default port and protocol is AJP -migrateDefaultPortIfAjp () { - local filePath="$1" - local fileName="$2" - local connectorCount="$3" - local defaultPort="$4" - - for ((i = 1 ; i <= "${connectorCount}" ; i++)); - do - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - local protocolType=$(getXmlConnectorProtocol "$i" "${filePath}" "${fileName}") - [[ "${protocolType}" != *AJP* ]] && continue - [[ "${portValue}" != "${defaultPort}" ]] && continue - migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "no" "${i}" - done - -} - -# Comparing max threads in connectors -compareMaxThreads () { - local firstConnectorMaxThread="$1" - local firstConnectorNode="$2" - local secondConnectorMaxThread="$3" - local secondConnectorNode="$4" - local filePath="$5" - local fileName="$6" - - # choose higher maxThreads connector as Artifactory. - if [[ "${firstConnectorMaxThread}" -gt ${secondConnectorMaxThread} || "${firstConnectorMaxThread}" -eq ${secondConnectorMaxThread} ]]; then - # maxThread is higher in firstConnector, - # Taking firstConnector as Artifactory and SecondConnector as Access - # maxThread is equal in both connector,considering firstConnector as Artifactory and SecondConnector as Access - local rtPortValue=$(getXmlConnectorPort "${firstConnectorNode}" "${filePath}" "${fileName}") - migrateConnectorConfig "${firstConnectorNode}" "${protocolType}" "${rtPortValue}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" - local acPortValue=$(getXmlConnectorPort "${secondConnectorNode}" "${filePath}" "${fileName}") - migrateConnectorConfig "${secondConnectorNode}" "${protocolType}" "${acPortValue}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${AC_SENDREASONPHRASE_YAMLPATH}" - else - # maxThread is higher in SecondConnector, - # Taking SecondConnector as Artifactory and firstConnector as Access - local rtPortValue=$(getXmlConnectorPort "${secondConnectorNode}" "${filePath}" "${fileName}") - migrateConnectorConfig "${secondConnectorNode}" "${protocolType}" "${rtPortValue}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" - local acPortValue=$(getXmlConnectorPort "${firstConnectorNode}" "${filePath}" "${fileName}") - migrateConnectorConfig "${firstConnectorNode}" "${protocolType}" "${acPortValue}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${AC_SENDREASONPHRASE_YAMLPATH}" - fi -} - -# Check max threads exist to compare -maxThreadsExistToCompare () { - local filePath="$1" - local fileName="$2" - local connectorCount="$3" - local firstConnectorMaxThread= - local secondConnectorMaxThread= - local firstConnectorNode= - local secondConnectorNode= - local status=success - local firstnode=fail - - for ((i = 1 ; i <= "${connectorCount}" ; i++)); - do - local protocolType=$(getXmlConnectorProtocol "$i" "${filePath}" "${fileName}") - if [[ ${protocolType} == *AJP* ]]; then - # Migrate Connectors - migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "no" "${i}" - continue - fi - # store maxthreads value of each connector - if [[ ${firstnode} == "fail" ]]; then - firstConnectorMaxThread=$(getXmlConnectorMaxThreads "${i}" "${filePath}" "${fileName}") - firstConnectorNode="${i}" - firstnode=success - else - secondConnectorMaxThread=$(getXmlConnectorMaxThreads "${i}" "${filePath}" "${fileName}") - secondConnectorNode="${i}" - fi - done - [[ -z "${firstConnectorMaxThread}" ]] && status=fail - [[ -z "${secondConnectorMaxThread}" ]] && status=fail - # maxThreads is set, now compare MaxThreads - if [[ "${status}" == "success" ]]; then - compareMaxThreads "${firstConnectorMaxThread}" "${firstConnectorNode}" "${secondConnectorMaxThread}" "${secondConnectorNode}" "${filePath}" "${fileName}" - else - # Assume first connector is RT, maxThreads is not set in both connectors - local rtPortValue=$(getXmlConnectorPort "${firstConnectorNode}" "${filePath}" "${fileName}") - migrateConnectorConfig "${firstConnectorNode}" "${protocolType}" "${rtPortValue}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" - local acPortValue=$(getXmlConnectorPort "${secondConnectorNode}" "${filePath}" "${fileName}") - migrateConnectorConfig "${secondConnectorNode}" "${protocolType}" "${acPortValue}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${AC_SENDREASONPHRASE_YAMLPATH}" - fi -} - -migrateExtraBasedOnNonAjpCount () { - local nonAjpCount="$1" - local filePath="$2" - local fileName="$3" - local connectorCount="$4" - local i="$5" - - local protocolType=$(getXmlConnectorProtocol "$i" "${filePath}" "${fileName}") - if [[ "${protocolType}" == *AJP* ]]; then - if [[ "${nonAjpCount}" -eq 1 ]]; then - # migrateExtraConnectors - migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "no" "${i}" - continue - else - # migrateExtraConnectors - migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "yes" - continue - fi - fi -} - -# find RT and AC Connector -findRtAndAcConnector () { - local filePath="$1" - local fileName="$2" - local connectorCount="$3" - local initialAjpCount=0 - local nonAjpCount=0 - - # get the count of non AJP - for ((i = 1 ; i <= "${connectorCount}" ; i++)); - do - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - local protocolType=$(getXmlConnectorProtocol "$i" "${filePath}" "${fileName}") - [[ "${protocolType}" != *AJP* ]] || continue - nonAjpCount=$((initialAjpCount+1)) - initialAjpCount="${nonAjpCount}" - done - if [[ "${nonAjpCount}" -eq 1 ]]; then - # Add the connector found as access and artifactory connectors - # Mark port as 8040 for access - for ((i = 1 ; i <= "${connectorCount}" ; i++)) - do - migrateExtraBasedOnNonAjpCount "${nonAjpCount}" "${filePath}" "${fileName}" "${connectorCount}" "$i" - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - migrateConnectorConfig "$i" "${protocolType}" "${portValue}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" - migrateConnectorConfig "$i" "${protocolType}" "${portValue}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${AC_SENDREASONPHRASE_YAMLPATH}" - setConnectorPort "${AC_PORT_YAMLPATH}" "${DEFAULT_ACCESS_PORT}" - done - elif [[ "${nonAjpCount}" -eq 2 ]]; then - # compare maxThreads in both connectors - maxThreadsExistToCompare "${filePath}" "${fileName}" "${connectorCount}" - elif [[ "${nonAjpCount}" -gt 2 ]]; then - # migrateExtraConnectors - migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "yes" - elif [[ "${nonAjpCount}" -eq 0 ]]; then - # setting with default port in system.yaml - setConnectorPort "${RT_PORT_YAMLPATH}" "${DEFAULT_RT_PORT}" - setConnectorPort "${AC_PORT_YAMLPATH}" "${DEFAULT_ACCESS_PORT}" - # migrateExtraConnectors - migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "yes" - fi -} - -# get the count of non AJP -getCountOfNonAjp () { - local port="$1" - local connectorCount="$2" - local filePath=$3 - local fileName=$4 - local initialNonAjpCount=0 - - for ((i = 1 ; i <= "${connectorCount}" ; i++)); - do - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - local protocolType=$(getXmlConnectorProtocol "$i" "${filePath}" "${fileName}") - [[ "${portValue}" != "${port}" ]] || continue - [[ "${protocolType}" != *AJP* ]] || continue - local nonAjpCount=$((initialNonAjpCount+1)) - initialNonAjpCount="${nonAjpCount}" - done - echo -e "${nonAjpCount}" -} - -# Find for access connector -findAcConnector () { - local filePath="$1" - local fileName="$2" - local connectorCount="$3" - - # get the count of non AJP - local nonAjpCount=$(getCountOfNonAjp "${DEFAULT_RT_PORT}" "${connectorCount}" "${filePath}" "${fileName}") - if [[ "${nonAjpCount}" -eq 1 ]]; then - # Add the connector found as access connector and mark port as that of connector - for ((i = 1 ; i <= "${connectorCount}" ; i++)) - do - migrateExtraBasedOnNonAjpCount "${nonAjpCount}" "${filePath}" "${fileName}" "${connectorCount}" "$i" - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - if [[ "${portValue}" != "${DEFAULT_RT_PORT}" ]]; then - migrateConnectorConfig "$i" "${protocolType}" "${portValue}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${AC_SENDREASONPHRASE_YAMLPATH}" - fi - done - elif [[ "${nonAjpCount}" -gt 1 ]]; then - # Take RT properties into access with 8040 - for ((i = 1 ; i <= "${connectorCount}" ; i++)) - do - migrateExtraBasedOnNonAjpCount "${nonAjpCount}" "${filePath}" "${fileName}" "${connectorCount}" "$i" - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - if [[ "${portValue}" == "${DEFAULT_RT_PORT}" ]]; then - migrateConnectorConfig "$i" "${protocolType}" "${portValue}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${AC_SENDREASONPHRASE_YAMLPATH}" - setConnectorPort "${AC_PORT_YAMLPATH}" "${DEFAULT_ACCESS_PORT}" - fi - done - elif [[ "${nonAjpCount}" -eq 0 ]]; then - # Add RT connector details as access connector and mark port as 8040 - migrateConnectorPort "${filePath}" "${fileName}" "${connectorCount}" "${DEFAULT_RT_PORT}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${AC_SENDREASONPHRASE_YAMLPATH}" - setConnectorPort "${AC_PORT_YAMLPATH}" "${DEFAULT_ACCESS_PORT}" - # migrateExtraConnectors - migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "yes" - fi -} - -# Find for artifactory connector -findRtConnector () { - local filePath="$1" - local fileName="$2" - local connectorCount="$3" - - # get the count of non AJP - local nonAjpCount=$(getCountOfNonAjp "${DEFAULT_ACCESS_PORT}" "${connectorCount}" "${filePath}" "${fileName}") - if [[ "${nonAjpCount}" -eq 1 ]]; then - # Add the connector found as RT connector - for ((i = 1 ; i <= "${connectorCount}" ; i++)) - do - migrateExtraBasedOnNonAjpCount "${nonAjpCount}" "${filePath}" "${fileName}" "${connectorCount}" "$i" - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - if [[ "${portValue}" != "${DEFAULT_ACCESS_PORT}" ]]; then - migrateConnectorConfig "$i" "${protocolType}" "${portValue}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" - fi - done - elif [[ "${nonAjpCount}" -gt 1 ]]; then - # Take access properties into artifactory with 8081 - for ((i = 1 ; i <= "${connectorCount}" ; i++)) - do - migrateExtraBasedOnNonAjpCount "${nonAjpCount}" "${filePath}" "${fileName}" "${connectorCount}" "$i" - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - if [[ "${portValue}" == "${DEFAULT_ACCESS_PORT}" ]]; then - migrateConnectorConfig "$i" "${protocolType}" "${portValue}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" - setConnectorPort "${RT_PORT_YAMLPATH}" "${DEFAULT_RT_PORT}" - fi - done - elif [[ "${nonAjpCount}" -eq 0 ]]; then - # Add access connector details as RT connector and mark as ${DEFAULT_RT_PORT} - migrateConnectorPort "${filePath}" "${fileName}" "${connectorCount}" "${DEFAULT_ACCESS_PORT}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" - setConnectorPort "${RT_PORT_YAMLPATH}" "${DEFAULT_RT_PORT}" - # migrateExtraConnectors - migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "yes" - fi -} - -checkForTlsConnector () { - local filePath="$1" - local fileName="$2" - local connectorCount="$3" - for ((i = 1 ; i <= "${connectorCount}" ; i++)) - do - local sslProtocolValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@sslProtocol' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') - if [[ "${sslProtocolValue}" == "TLS" ]]; then - bannerImportant "NOTE: Ignoring TLS connector during migration, modify the system yaml to enable TLS. Original server.xml is saved in path [${filePath}/${fileName}]" - TLS_CONNECTOR_EXISTS=${FLAG_Y} - continue - fi - done -} - -# set custom tomcat server Listeners to system.yaml -setListenerConnector () { - local filePath="$1" - local fileName="$2" - local listenerCount="$3" - for ((i = 1 ; i <= "${listenerCount}" ; i++)) - do - local listenerConnector=$($LIBXML2_PATH --xpath '//Server/Listener['$i']' ${filePath}/${fileName} 2>/dev/null) - local listenerClassName=$($LIBXML2_PATH --xpath '//Server/Listener['$i']/@className' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') - if [[ "${listenerClassName}" == *Apr* ]]; then - setExtraConnector "${EXTRA_LISTENER_CONFIG_YAMLPATH}" "${listenerConnector}" - fi - done -} -# add custom tomcat server Listeners -addTomcatServerListeners () { - local filePath="$1" - local fileName="$2" - local listenerCount="$3" - if [[ "${listenerCount}" == "0" ]]; then - logger "No listener connectors found in the [${filePath}/${fileName}],skipping migration of listener connectors" - else - setListenerConnector "${filePath}" "${fileName}" "${listenerCount}" - setSystemValue "${RT_TOMCAT_HTTPSCONNECTOR_ENABLED}" "true" "${SYSTEM_YAML_PATH}" - logger "Setting [${RT_TOMCAT_HTTPSCONNECTOR_ENABLED}] with value [true] in system.yaml" - fi -} - -# server.xml migration operations -xmlMigrateOperation () { - local filePath="$1" - local fileName="$2" - local connectorCount="$3" - local listenerCount="$4" - RT_DEFAULTPORT_STATUS=fail - AC_DEFAULTPORT_STATUS=fail - TLS_CONNECTOR_EXISTS=${FLAG_N} - - # Check for connector with TLS , if found ignore migrating it - checkForTlsConnector "${filePath}" "${fileName}" "${connectorCount}" - if [[ "${TLS_CONNECTOR_EXISTS}" == "${FLAG_Y}" ]]; then - return - fi - addTomcatServerListeners "${filePath}" "${fileName}" "${listenerCount}" - # Migrate RT default port from connectors - migrateConnectorPort "${filePath}" "${fileName}" "${connectorCount}" "${DEFAULT_RT_PORT}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" - # Migrate to extra if RT default ports are AJP - migrateDefaultPortIfAjp "${filePath}" "${fileName}" "${connectorCount}" "${DEFAULT_RT_PORT}" - # Migrate AC default port from connectors - migrateConnectorPort "${filePath}" "${fileName}" "${connectorCount}" "${DEFAULT_ACCESS_PORT}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${AC_SENDREASONPHRASE_YAMLPATH}" - # Migrate to extra if access default ports are AJP - migrateDefaultPortIfAjp "${filePath}" "${fileName}" "${connectorCount}" "${DEFAULT_ACCESS_PORT}" - - if [[ "${AC_DEFAULTPORT_STATUS}" == "success" && "${RT_DEFAULTPORT_STATUS}" == "success" ]]; then - # RT and AC default port found - logger "Artifactory 8081 and Access 8040 default port are found" - migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "yes" - elif [[ "${AC_DEFAULTPORT_STATUS}" == "success" && "${RT_DEFAULTPORT_STATUS}" == "fail" ]]; then - # Only AC default port found,find RT connector - logger "Found Access default 8040 port" - findRtConnector "${filePath}" "${fileName}" "${connectorCount}" - elif [[ "${AC_DEFAULTPORT_STATUS}" == "fail" && "${RT_DEFAULTPORT_STATUS}" == "success" ]]; then - # Only RT default port found,find AC connector - logger "Found Artifactory default 8081 port" - findAcConnector "${filePath}" "${fileName}" "${connectorCount}" - elif [[ "${AC_DEFAULTPORT_STATUS}" == "fail" && "${RT_DEFAULTPORT_STATUS}" == "fail" ]]; then - # RT and AC default port not found, find connector - logger "Artifactory 8081 and Access 8040 default port are not found" - findRtAndAcConnector "${filePath}" "${fileName}" "${connectorCount}" - fi -} - -# get count of connectors -getXmlConnectorCount () { - local filePath="$1" - local fileName="$2" - local count=$($LIBXML2_PATH --xpath 'count(/Server/Service/Connector)' ${filePath}/${fileName}) - echo -e "${count}" -} - -# get count of listener connectors -getTomcatServerListenersCount () { - local filePath="$1" - local fileName="$2" - local count=$($LIBXML2_PATH --xpath 'count(/Server/Listener)' ${filePath}/${fileName}) - echo -e "${count}" -} - -# Migrate server.xml configuration to system.yaml -migrateXmlFile () { - local xmlFiles= - local fileName= - local filePath= - local sourceFilePath= - DEFAULT_ACCESS_PORT="8040" - DEFAULT_RT_PORT="8081" - AC_PORT_YAMLPATH="migration.xmlFiles.serverXml.access.port" - AC_MAXTHREADS_YAMLPATH="migration.xmlFiles.serverXml.access.maxThreads" - AC_SENDREASONPHRASE_YAMLPATH="migration.xmlFiles.serverXml.access.sendReasonPhrase" - AC_EXTRACONFIG_YAMLPATH="migration.xmlFiles.serverXml.access.extraConfig" - RT_PORT_YAMLPATH="migration.xmlFiles.serverXml.artifactory.port" - RT_MAXTHREADS_YAMLPATH="migration.xmlFiles.serverXml.artifactory.maxThreads" - RT_SENDREASONPHRASE_YAMLPATH='migration.xmlFiles.serverXml.artifactory.sendReasonPhrase' - RT_RELAXEDPATHCHARS_YAMLPATH='migration.xmlFiles.serverXml.artifactory.relaxedPathChars' - RT_RELAXEDQUERYCHARS_YAMLPATH='migration.xmlFiles.serverXml.artifactory.relaxedQueryChars' - RT_EXTRACONFIG_YAMLPATH="migration.xmlFiles.serverXml.artifactory.extraConfig" - ROUTER_PORT_YAMLPATH="migration.xmlFiles.serverXml.router.port" - EXTRA_CONFIG_YAMLPATH="migration.xmlFiles.serverXml.extra.config" - EXTRA_LISTENER_CONFIG_YAMLPATH="migration.xmlFiles.serverXml.extra.listener" - RT_TOMCAT_HTTPSCONNECTOR_ENABLED="artifactory.tomcat.httpsConnector.enabled" - - retrieveYamlValue "migration.xmlFiles" "xmlFiles" "Skip" - xmlFiles="${YAML_VALUE}" - if [[ -z "${xmlFiles}" ]]; then - return - fi - bannerSection "PROCESSING MIGRATION OF XML FILES" - retrieveYamlValue "migration.xmlFiles.serverXml.fileName" "fileName" "Warning" - fileName="${YAML_VALUE}" - if [[ -z "${fileName}" ]]; then - return - fi - bannerSubSection "Processing Migration of $fileName" - retrieveYamlValue "migration.xmlFiles.serverXml.filePath" "filePath" "Warning" - filePath="${YAML_VALUE}" - if [[ -z "${filePath}" ]]; then - return - fi - # prepend NEW_DATA_DIR only if filePath is relative path - sourceFilePath=$(prependDir "${filePath}" "${NEW_DATA_DIR}/${filePath}") - if [[ "$(checkFileExists "${sourceFilePath}/${fileName}")" == "true" ]]; then - logger "File [${fileName}] is found in path [${sourceFilePath}]" - local connectorCount=$(getXmlConnectorCount "${sourceFilePath}" "${fileName}") - if [[ "${connectorCount}" == "0" ]]; then - logger "No connectors found in the [${filePath}/${fileName}],skipping migration of xml configuration" - return - fi - local listenerCount=$(getTomcatServerListenersCount "${sourceFilePath}" "${fileName}") - xmlMigrateOperation "${sourceFilePath}" "${fileName}" "${connectorCount}" "${listenerCount}" - else - logger "File [${fileName}] is not found in path [${sourceFilePath}] to migrate" - fi -} - -compareArtifactoryUser () { - local property="$1" - local oldPropertyValue="$2" - local newPropertyValue="$3" - local yamlPath="$4" - local sourceFile="$5" - - if [[ "${oldPropertyValue}" != "${newPropertyValue}" ]]; then - setSystemValue "${yamlPath}" "${oldPropertyValue}" "${SYSTEM_YAML_PATH}" - logger "Setting [${yamlPath}] with value of the property [${property}] in system.yaml" - else - logger "No change in property [${property}] value in [${sourceFile}] to migrate" - fi -} - -migrateReplicator () { - local property="$1" - local oldPropertyValue="$2" - local yamlPath="$3" - - setSystemValue "${yamlPath}" "${oldPropertyValue}" "${SYSTEM_YAML_PATH}" - logger "Setting [${yamlPath}] with value of the property [${property}] in system.yaml" -} - -compareJavaOptions () { - local property="$1" - local oldPropertyValue="$2" - local newPropertyValue="$3" - local yamlPath="$4" - local sourceFile="$5" - local oldJavaOption= - local newJavaOption= - local extraJavaOption= - local check=false - local success=true - local status=true - - oldJavaOption=$(echo "${oldPropertyValue}" | awk 'BEGIN{FS=OFS="\""}{for(i=2;i?{ZA$HxqETC|*rM91T19KmqNu$$X|1YRlo%n3 zS`n+nc3z*~_xy3L^Y8id#FfkCeV+S%@Acg4xkVZ1J*K8)r38UM)S4Qqh9D5w3xgb8WhxZ$y7!lHJ>wj;~wuKHH9WHeEq3jp9ZuE;pLqRwC$gNJ!(mo7B+{+cd}K+&8Pi!_0FjO5@8*ZzD}2r^##exEvognS+-{g{^6tp z?)N?|i<14ZoBG#7@~T5-j~XwSWPM+(3%fg{vsbgSZ!4kOZ9uu&gXi#;nuC`CiY{Sw zV%j!!B^&4HNe(ZP6RMff`7Jr6{@hs0t$fM^OOyG@-73;sCR;V8KQWOo;(z`#;7uN0{C(}fj z5@n%ouSwo25b(_DLVkPxNgzV7HK<<9ra*J8%b2H2?j*W-SA4d-@b|EozhM3J*N`8F zvthBl;e6p4nBymM**1$N){S1%@1+h=syyr@LJ8L_ENqes3Pk((nf;{e&%eUEIZczi zon7kPeF;>CV|2s$T|HjBz;1^>_h3;DI*uid;cNp#N0Qi^b?uMtu#!|D&bSesUd0A2 zN{2{Q2fM3X-Jkcy+AYdfVo{bzHGVT)(mSa7xXT|HQ4WERCViYA-sxNeUajfA`>7|b znNg7W@L^0+35VsKqyacqE^{9_rksZ`!VyLNsCa^+ODjnJ7-&Ji^fZRR+Qyp75u{V2 z&5j12eP5i#%3Sk1a0((z(9|N*cA(qfC$K;3oegg^ntf?qvvM0tmVH8i9>~89)S6+j zaY(#ErYd(rRU5NR4cjKsBlW88`b63V53^=Wbu5PTbOtX-m+D{S8-#D63i0bx=!T2lZ;~EkuE`n^ zhA28GWj_#TN!w zF@{uiw}r|Q<;}Rt1`b;zMDX*2gbnpbu7cqd8MnU|mbO!+GSq6U?*Q|TSi{*SBbku# zVC{ZAF=i4IBl#VF>MBP6YyRC?zu{#s$BMrG-Z=T$nXo?oQvX}Ibi{MnxZOcb zp)Tr}T}o+blPrnnl&xvJtt=gU@Y7UDvf5+78*Ovgo`Sr842uwqVQ7p}ih*_Y=TRlj zAZ2dDd_b@u#siV8w2{??>ZJti?drZ-s%*v4BO9z9q7#A(l?HZFFQ&_tphkV%ckz7ue_fp9I zvvBT2imY?!DVU3NzH50lH1E+?!h8}c79V>5s2mnAUsmeMh4DWqjTERRJ9f<~tZ3uw zcfB)>!K@PXy%LsM;&HCE8b=1>Ug8U=u}mi8|Mt6j_Ux<4?u_AXR;hAt@cVMPM1_F; z8Aj=X6hy~lcZhe8@>A)@l!(xX>gx0_`GV0aEkk;`AA1V3t^PP=6iEyAdn>@Tsr3pQ zv@h75U0Ux(Q0@pKF6&muEFCW4iff^>EiG^mbE>6sEwEoT#M48&1acXBXTLl^$osZ##d`E6CGQha8#$QZp`Oe0h9+a_0Lzxrc<3G4)xYNd;Y-GDfWl^8q5tBLe&sKReV;NS;-bvmh z?rRCPTH}a?R-tE3qsuA!*%5kDOKvDSXO{+6-}XuRxJ#FwbIVf7Lbodc>Hq@VD9G;& z()T{S)f-u|g_(Gvj%@ul;IyH{$x%NGAJkC)$uV@_^1v?BYem9kAYNB|p#8g0fS^I{ zp}O6jir+J9JH~{Kskf9X2UiG%t`O$t&q?;h#Dlhr8hDlOlz^rnonEVZyUu~9zoCVi zjRw%6N>&)@nK@Ug5AUE8Jdfn51}t}OUt~ksck3|Y4cPambR>#%_~0Z zm3J!hyiYUt2fxr$HX^Vd0--b!o&IBZJ4YJ_>UxiA{T7#B4X;y2QXxmK`5ZX2ktLu2 zLckVdrl~mtD~gazwWUGl7$O9S32UYG{SHJs=s@n0*va-+LT#NdCz@@@pUG1yww9!i zd6+PFKKIRTAs^r-@i`Ev!iDZJ*=ECXq-$$m#MoBd^Q1lMadKud`woe)rZmZ8KR!-! z-KO`G|KWA0haH-jd~yHP`!2%nzZ^2E!bp2sb)M2IO3cPgGjo;`^|xiKns2}>CKu1T zF`_!c?Jt`QCewU<$2#oHhv)RAS2>tHhz{RF@50#6zE7Obs~u;O#qjQ3Eo3-+6Eh6=};!U2!uJ`%#i#MyF$_-tb=7v-(;-CXij`(+0CdR{nKqTGQA;WE+hvbzYVmx3dTK4WIqgJHBF}~!dl@H}C zSYW{kC~=;4{MdI9B@F8CAnXnwVpncN){qeN1D@j+$Wo}|x;sR<%|8HHS3-Y9yVZ}C z#ATr_MIs!F6Eg$sQ`cjK`slZm)6mxsv^m>$=7;u&XEs}`#!f6HXX7n?yx;v%#ZbGX z;pK7|I3C&v4gCcPY<=p$)DwItnny)?bR)xLY-pRJmJo^Cv>S@*d`(b`#$2fObA< z)dzn2iLaR)(eaA@*~1cmgTfD|P!AK{zKrg=-Orkm~Ko9}b0&UvrB- z3@WK=O*@C8Ysgm~hYw)JYp2{SLkhneH(X=Tws-e?p8h3_=qzz2E#bgH8Ig$Yn;F0a zb$4)aCw+ofsrnh7GQ4T4zsn_2s}DBXv0Lxt6%)HG#x|&*x)MTz&U2(cj7#d%a~4n*N;-`IFKLEfjkgN!@r4LJD+mDz-4rekj( zlEhc&G<9j!71MCuH|1Au(3GfT@dU?JS`gYFmsZxdVRizFh_53s5@JJWRqsN8h_m`@ zeqlU)WSXpa+ZL}c7u;sC@>nLjxrX(WQ)9{ew>4{@Ak$-VbM2(I_At#7H1PPHl-w2E zv(e}9ZQ_}Yr(PU8>l39)R?`^MC`_kRMfmskTIpYuh%SYyTJ)YR5zHeG5xd{6%l<=Y{uz}Yo)P;Y#h8@53cIO<2FMBa2IN< zX#j&cqrW=qc)u-B{+lRSPVJI0T2&%@A2Mr45KZcXnQl+|l$}r`E;~_X*6&%Zv(dBq zXDegDSHPdHfIpb*_q_@M757;reU(q~|Ctg=+0JH95J?)@+1vZ_)%1d7wMf|_GSLm5 z3H4T2?0q)Do%9L-tQBhe>Y^^<7^a&w&+5bM^)-h@;BeBry2fGf=b!iY@#}m@248`I zV*71NtBtP&mZ<-M)h&Bhg7u0NmAD9?RT_q$h;F>)-Og`z>+XF@By%?Lfuxl~=I+yf zIzA5z+zem@r0KZEe}Hp@hY?LInSJm@@d?aIMt z9!iJr>7}B1_pSj}CO_ytyKm4nPpwm;(kwWKYs<6K^tkr(b!+u%`mc%eh429YWjc$; zY`a@!zCA&BOapKo$hZqTZM%L;r2U2go(6IG-N1A^zxp&8$13m-x_-nIzA%|Lw~KFk zwrC8US+sT_BN4iR{HXG6o@5zpI2CdNPL4!&w%3+p>6 z`n7qjg+9oJ6mt1?8HZHp`;F{>>!qbBdQ{)1f$a9#7pLX0kOs&Qp161M{ zzq66q{kQEDvQnNUvH0Mn4NI9xduYs$S`0-n3pod#Kr&xn_mup+*t%fx9!%3H16sRf zCJDSEwCBt;+iM-YV7*-(l>8Sc`ih)>R?ao^c$Tz%V{uAk=W2CKK;Nt?a1w6*iUv2Z zzY-m6pTdl=ZQ!keB_|t|p810hp;S$Ro+S~~K|^DLEr2?7b&0goO%l-q;f*)^4xQOo zzw2i7Rz_ng-vu1V&4rQ25DO(il7lQScF^bVy9djpIU+#`hihkH@mZ1Q8m+C``-TA14)|81jCN-VGdR^zKz57*U8`+E zQFBqe>_yIN>z!=LTA3kC5F+adzpgewPLes3=Todedy{p2&8D-kYsy=3D;(nMg-foI zXGzjfqLCdzkS-cfSC*+wLmjn0M^z9?qV$_6EB`-5767v&8&0Hrf1;D5jLHlyu+tFd zRn6%b^j-=mNS)-yi&pf(dX!f1TfTwz1cANG!HT=MXQQMIXbujrurA=R)8m@!A%O8z z-}Sx38{~Ny;cV2h2Vi-Kte`-O9esaay%UB60haehEQ>-+><=*RO1zJ2}gty zD=<_IK1p8Ii^h~{v;%q{e<8|LWak5sge2d4<`;5>wM^@ISq%MNke}#|+Lmd3;}zO$ z0BwL-P0{bTUW(@#UHW9LfhxnK?{tb^HkQYQrR27@&i*NQ{xiHfh@pfJV4rhX6GcQM zXhmzq(W;w}_40g=0Y9vT{epaMv$#meqIcq_G#k6gX!B%{x0glPGMA2FXAE#|Aprce z6GJvARBMYj_WI1VWWVIrq8@kS0vmvUduDOXsC%zZvpbmxrFMjSdxqD9w@Y8qLJ*`v zMjBaAJA#0r=oQ|*2bSc6RAztP`ndjUK!?0YO_uC6}4S;7R+NclF4 z634K%mw~jU$x>8cY}HRlaW)=7`Rx#WcbgtfHZ#QGwugHF?m2H(@$AcK_XIFklAHY@ zsw{v2IHrxA?sI_g6h6o7RaJ5(SvLUqK;Y!zYL`8+ACyfInFE@x_Bd%ZzuyLk<0qNM z%De_q$CHUu_K%z>Da{fC+}UYxOly0VbL$*JhwHn!4iU#IsK3gl3zF4XvhrvtViKYL zy0{K}+Fy3gkL>WR zDyTse349IB-md_lD>D+cOgE6vzB92ni~s{(9YAQlRgEateY|SVezW!Qf7oij=(suE z#}T8zpPIbK|7sQ23vmDPPp=@Ypf>xn6K9wbH%a=Tiy5O-PiS|BREaI;W^bg|O>;u;4eS>Tl$0*n7H@O_DX$5JdtNfF>OH-VNw@ z&Ut-9xDW{H{(uw_c+y8uN+nqEU{N>z3C~U7g#|pCHl%|zFWn+rF|L+Zw9nQ>Jx2Zx z7f~uLd~;kKbdy32cw_%g04hdo>aU){M9a;DUhyCqHZuI(!B8_{cth9~)Du) z9CsgPyTqio&khhxwtPL3!A=Fkhyc`F3w%ref^JVDWRF4wQ_72b-3@r^!YdRJgdp;p zRmhZ{|521l-x>7uRjp(0K&4D=JwQMSQy@N-uK z0{WZEJ05NxF4D<}W(5qWMO?tF3VHucfo`Ot_T8&>Ssgw!+iQjUCgskwfDgeh$?5}D z)J;jhXv}8~a^TE7fa?@8)_`}YH>DMupnmb(2Z@38?*odNNM`u0$R2r8s9bgkL`zwU{_kt#qO?iUeU1+jJChByj}fr2jZV~+y_*68;EYC)BIJ! zqxCBPZSV^4A`K#KIb*)Qamy*87_emTxe)p5%awK!nB(`K8RpAN2RPlCmbUd?b1>`Nf$eopTuQ7)S2g=7J)DUku;Y)r zP`x^}Wfr++@sg@l8BJEPXhe z2)4vAsy)(1U6cO^BZ`i^qUSw8PojN1y*s3}=_|3i|* z9!5<5&o7aK=8H-W@BWO%m%-a}Y_Dg(KIM!9qyj|XM9tqDYx$_R$|(zczF`4?XL%(_ zL-Hs~

sCPb@d4#iMxTw1P!CIbM}-ztF`V#Th=K!tjm{;>cl*pcKEIR!oQjpu;>s zhj)RNF2|Y3_cl#5rC*!*XCyC+VJDEDf>cKZzKZm-nk`%nP z$sb!*L1bht!RcS-6b<-YlAiqMn1w1y$`X`Qa%Lx!*%`0cp{s?2LjZT;mY8~oO1ugw zgI_HUUSfX%qz}X_0UDu;IsS%vrEJ=n;n`;%^C>L8fVbi$9K`0QRlLa- zx@v&%NKIl?Wql0@f70NY+VARF@Uv%@` zf05e>>_@f(MELC}-mIw_Z|<-0PIgh0Q@dY<59kVF)_e1cq^6gV?8GUiJF^7g7E`H)~GXO-rm8ok=wCA z-U(e}dL{LyZle^*2eDRktn&Xmc#jMa_;O)7riHKw(*`H|bN6^K3;cUCb7Wd@Wn4yR z#Y9CUnY=U^cC@>U56FW=v$E8ihSZ3-q#bnu9yfrvnf|@bNt0xW5+?POLUI$&PZ*5C zl>Qjr;74pzx6!s2~;RZ}Ej^}&Tm-a|2eH^(qS8L+L*Y|B(A>(z8C($g|lRD2(&bV0ezKnettBuV(U90JTnE(Fq6ZG^(Q3mnB z!#WB&uRG_fCs26fMp`Vzg5`4{;@ww2Wzg^vt|a!TTL8!`HIDZ+`MZMuHSt7e>KRs zx$zo?_>7XgnQtT<=IEPzpq?j{&0F{ah;?jxT#94#m+V*>kkV^TFQG<|&M5BF)ZLCZrheNuS}hZbgx5v! zPCQ)1-$QL%Y;jI2)mJqk;81j(az`z7q3t*QfnxNLc658FrmcQ)W1Xs>*6^0Fau8Mm zA@?ydh_u)Ke}!9l!OwQt6k-ucObo4AoC;9SjXl9DQr6anr-f@D1d?#X-ubUEomAF$ zl0Om+CxfH}s)4tyCrmS0uS(hIpw^;@b~agY&k{1s@$qO)#|OT<@1%eP*~yuqkuAIw zoZ>_@pDqJ5eJZ6Yt>XM7=QYtIA!J;|Pn+-hb^e$27+IR*FmJuZcMPzGqP5)@Uu&)A zMEyp_f|LI-9Nw>u2YZ84ES83kO9KNR+YyB5GOqdqTlg+zrRyiYdtmtXIzN*ourQQg zJAp~o_TmERQCaNIv+AH7Yqs9Ql+`ae=o16y=VHW6SA=;I7oWR_I*2m#51K!pOh*@j`8tT zBP4+%crJ`A^!76Zg6zk$%ufTnj#*yMZ*#SJ^k)wn-mc~eAluQq_3v)u5~}b{j4jhu zj|Wg}P1nx)%9BA+(v96zdl^YZg~I!$@zW$u5+y4w;-^6{b&j9s^W*>Ir+mwcfd*4S z0?@Wp=u$Ra_d{HARyEVC&`2CPJZ`pZZ5wzEh$~(%CXASIB5%%bu9IYr%f| zW+oIXn@MYBS(F$AT20;U1*FE*8kVLoqYZ6_9%{@#gL4tVCrfbDaal?e?RJ*`cjwO= z@Mf5((=gCMAh86~k&vdB`YHp-x$93V3yY0G-oKR)MZF_$(wqj)Gqwop_QpQEZ9&4i ziq&#JVJET3?X!6^eR&Yhdp`Z<;pw-$Jc4MVX4(GF&&~BW#ZPZ~!m@sTLG}FJKo?e@ zGCBDGwlQL#YcQV~c;btlluL&Gj1grQ^XOEoK27PZEA}V}h_1Ik48Z=7OYR_9b?L%H z%v4)1lUy~Mub0kITs(kTb3}7G^4NNa`sVm~9y<&<^mF-^n`JL21xKcZkjOT~6;8xU%8wdR8-ko=*;fr5YgD>q81YU?UF&4FgVI8l#l|`wB3E) zY_+$I+T{LdyS-yw`BX_}!pMf>)JB7uqeu>Dc6IGQmK{7x6vWAy&X*4 zNmr(;JzW-jyC?VSAhHejfW4yy9!Xw zVWiQ88TJdb3H@5}S>*E!YVcAwDLre^|R_=5_o%xG-I5 zJjUZm21o3T3QiwF80&(fmp1P7wnW;xfq8g}jDsV(5fqB(f;bPzX=y3rl*y=oGpMDjb@RD^4ytoVlrU@p@nE@4%@ zs~6L+X7`VI#AO*?M2W>ZnWb^x|H-z%25L<^;q4muN0x9Ssu~Sf$X~8p~ zZB}VA{!=D0T2S47fj*&M&!tNBt}-z9Gb?n=hZQY>c0}h<&iyF~Q`8-|r6qi9?CB8Q zJCi$UbxfaKXI=$8re96CgFYb6Gak@lvs++F5CTX_yTwt6Z%#%#B9-`tbtcCr zo4vzX7FgFd+650o5-!?u7*1*Y;IDq=Ax_ZyK(;01k*lEl-samx~JdR5?x2kd)D zz|jU1`P09&xP`Jeojs+Nyz(K?uCH}-oW>bpw6#9!6< z&HsKCV)^!iolU8gE)}&QpZ7XIpD6((HvoNX7ffNMe)hqb1n*7Q*Emnq5()7!Htn3h zUYaz_098-Nuc9-CaP6pX-Iq9Dtbm4+!l-cz^bktd{~4{c%$@ez9Ir@PD+Ev4ojx*)^P4*=5u0Bb z!o2*=H6OZMUC8|f7p3pgz`?%(SOY%*|ex#JHQd{MJxA67~-h<-;4Ml;G9+ZtB>XoanmQc$`V z;IS6C+Kz%f+5XdzJU7v3??+P~lE9h9aF&gz><%ld_wMQbG*|(wfc2y=u}%51UYq+s|?bjX3dEUD~^tgv}gjk~lS~EkbKn@Ia(Gt<7O)p{fn`?i;=!gG)t@RBS z!knz7$J*0&p7t_9PrZ)f^=s0`9qaVc#w0L8S?+MjmlGmzF=_Z9~C?ByYI8q~iORbkkWwiAf3H`Btx{hPq8qmXJewl)`B=5xfkvk&-5-zzDJUZoN| zetSJd=#Nmiutv;O#JQ+5*<+WG$>k(4f@n43(lxhqy8{iOORxrRSrdu2LbUhI@VVWI zh-YmSve$p~aHh27Qr27JMfI|%=(V?5*2aj2xXpozBk^{0=w!A_+HXIhsCI}fMD}%m z7`qOmakvuFHbHIy(&}5Bn}t@Z0U{PpgxpEc9+oe>y%&4H|KdJnk>B;hk(ZZhyeof= zF(ETTPkADMszkz7v)M6yk&LZva&TVDE!ITvWV*8P3DyQ70=_i9f6!{`=b|K-AT%CX zra}J#7*)L`vp{F_e1{SHqOM)#1&sp99L+`2O_4kGeQ)2-cs(p&xjG98aTlE41SnlT zs3B(NkS1{7)9!(%OciC5K)K23ICVz0#qnRZV5Ukz?xd?B!K4kq=eb95kaS$H9S=7` zny+~;7J9-YhwEufU)frh%xs$+{Bw^5Mr@;0xC*#+D?-%7t0xY{m&9N!=yenrMw&hy zsAvq6+_^RUspOP_!cQiZ|H$DJ>0V z8=dd(f4I}6Cj=5 zP1I*_?dAvN%Q?&zp>HOQqkiN7_a5A$FLnusjSlm-gHoq2P!CZQ@Ix)2e_) zyDet7p7W@@E0(koM37UEMgIokE$Dy4$yvbhxX+ui?D)m0CDPoBxObP7&tP`c=dKt> zDrsFe=jJ{$88F6OQeN1?bOw*i2$%QF*1|~BG6g-hqkXD+mkYQCpXQC$f+ow*2@S;- z{Wcd~rj=gujEO)og1nI!MDUinF!J~QjV0zP3Ut+y3v{QT3nCllIo8_ScV<&N*E=~` zCzow9ZrsBV_>Ygf6)+#wR}c37^z?JqS~{*K%~{FJvIToc&UWoWug%g2%T!^Cq43P! zu#sS0qM2fnYK40H&}$kwyZ5z(6=DrC-UObwBwdPY9Lsf0E|x(iu^lbW>q+sZu1j3W zpT^LH$Er2J^^WRiGjyv|&dBslA({IxGyaS^t5c0`jM{yGj6^^=DnRUg;&WN=(@bCX zinDn;vIk!yBz%>WkV|)MUHmPlY_9tMe^gZq63lT#??66>1R?O39?r;jI)UrTrXCLt zZ>jD9mlQQ!B&dh{|Du0XusjSa(}Vz*r0UO<>4L6vORTTQOF5CByt&KG%`Nc_@C3l; zF5o!dy?ghA7#O0tapOiB3~> /etc/hosts" -{{- end }} -{{- if .Values.artifactory.node.javaOpts.jmx.enabled }} -sudo sh -c "echo \"${MEMBER_SERVICE_IP} {{ template "artifactory-ha.fullname" . }}\" >> /etc/hosts" -{{- end }} - -3. Launch jconsole: -{{- if .Values.artifactory.primary.javaOpts.jmx.enabled }} -jconsole {{ template "artifactory-ha.primary.name" . }}:{{ .Values.artifactory.primary.javaOpts.jmx.port }} -{{- end }} -{{- if .Values.artifactory.node.javaOpts.jmx.enabled }} -jconsole {{ template "artifactory-ha.fullname" . }}:{{ .Values.artifactory.node.javaOpts.jmx.port }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/_helpers.tpl b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/_helpers.tpl deleted file mode 100755 index 8f9dc060c..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/_helpers.tpl +++ /dev/null @@ -1,127 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "artifactory-ha.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -The primary node name -*/}} -{{- define "artifactory-ha.primary.name" -}} -{{- if .Values.nameOverride -}} -{{- printf "%s-primary" .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := .Release.Name | trunc 29 -}} -{{- printf "%s-%s-primary" $name .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} - -{{/* -The member node name -*/}} -{{- define "artifactory-ha.node.name" -}} -{{- if .Values.nameOverride -}} -{{- printf "%s-member" .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := .Release.Name | trunc 29 -}} -{{- printf "%s-%s-member" $name .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} - -{{/* -Expand the name nginx service. -*/}} -{{- define "artifactory-ha.nginx.name" -}} -{{- default .Values.nginx.name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "artifactory-ha.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create a default fully qualified Replicator app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "artifactory-ha.replicator.fullname" -}} -{{- if .Values.artifactory.replicator.ingress.name -}} -{{- .Values.artifactory.replicator.ingress.name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-replication" .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "artifactory-ha.nginx.fullname" -}} -{{- if .Values.nginx.fullnameOverride -}} -{{- .Values.nginx.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nginx.name -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "artifactory-ha.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} -{{ default (include "artifactory-ha.fullname" .) .Values.serviceAccount.name }} -{{- else -}} -{{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "artifactory-ha.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Generate SSL certificates -*/}} -{{- define "artifactory-ha.gen-certs" -}} -{{- $altNames := list ( printf "%s.%s" (include "artifactory-ha.name" .) .Release.Namespace ) ( printf "%s.%s.svc" (include "artifactory-ha.name" .) .Release.Namespace ) -}} -{{- $ca := genCA "artifactory-ca" 365 -}} -{{- $cert := genSignedCert ( include "artifactory-ha.name" . ) nil $altNames 365 $ca -}} -tls.crt: {{ $cert.Cert | b64enc }} -tls.key: {{ $cert.Key | b64enc }} -{{- end -}} - -{{/* -Scheme (http/https) based on Access TLS enabled/disabled -*/}} -{{- define "artifactory-ha.scheme" -}} -{{- if .Values.access.accessConfig.security.tls -}} -{{- printf "%s" "https" -}} -{{- else -}} -{{- printf "%s" "http" -}} -{{- end -}} -{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/admin-bootstrap-creds.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/admin-bootstrap-creds.yaml deleted file mode 100755 index b344e86b6..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/admin-bootstrap-creds.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if not (and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey) }} -{{- if .Values.artifactory.admin.password }} -kind: Secret -apiVersion: v1 -metadata: - name: {{ template "artifactory-ha.fullname" . }}-bootstrap-creds - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - bootstrap.creds: {{ (printf "%s@%s=%s" .Values.artifactory.admin.username .Values.artifactory.admin.ip .Values.artifactory.admin.password) | b64enc }} -{{- end }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-access-config.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-access-config.yaml deleted file mode 100755 index 6552d45dc..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-access-config.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if .Values.access.accessConfig }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "artifactory-ha.fullname" . }}-access-config - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -type: Opaque -stringData: - access.config.import.yml: | -{{ tpl (toYaml .Values.access.accessConfig) . | indent 4 }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-binarystore-secret.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-binarystore-secret.yaml deleted file mode 100755 index 2e7cac758..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-binarystore-secret.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if not .Values.artifactory.persistence.customBinarystoreXmlSecret }} -kind: Secret -apiVersion: v1 -metadata: - name: {{ template "artifactory-ha.fullname" . }}-binarystore - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -stringData: - binarystore.xml: |- -{{ tpl .Values.artifactory.persistence.binarystoreXml . | indent 4 }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-configmaps.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-configmaps.yaml deleted file mode 100755 index 1385bc578..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-configmaps.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{ if .Values.artifactory.configMaps }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "artifactory-ha.fullname" . }}-configmaps - labels: - app: {{ template "artifactory-ha.fullname" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: -{{ tpl .Values.artifactory.configMaps . | indent 2 }} -{{ end -}} \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-custom-secrets.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-custom-secrets.yaml deleted file mode 100755 index c22188a64..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-custom-secrets.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.artifactory.customSecrets }} -{{- range .Values.artifactory.customSecrets }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ .name }} - labels: - app: "{{ template "artifactory-ha.name" $ }}" - chart: "{{ template "artifactory-ha.chart" $ }}" - component: "{{ $.Values.artifactory.name }}" - heritage: {{ $.Release.Service | quote }} - release: {{ $.Release.Name | quote }} -type: Opaque -stringData: - {{ .key }}: | -{{ .data | indent 4 -}} -{{- end -}} -{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-database-secrets.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-database-secrets.yaml deleted file mode 100755 index 9ff71855f..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-database-secrets.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if and (not .Values.database.secrets) (not .Values.postgresql.enabled) }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "artifactory-ha.fullname" . }}-database-creds - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -type: Opaque -data: - {{- with .Values.database.url }} - db-url: {{ tpl . $ | b64enc | quote }} - {{- end }} - {{- with .Values.database.user }} - db-user: {{ tpl . $ | b64enc | quote }} - {{- end }} - {{- with .Values.database.password }} - db-password: {{ tpl . $ | b64enc | quote }} - {{- end }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-gcp-credentials-secret.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-gcp-credentials-secret.yaml deleted file mode 100755 index c6a2682c8..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-gcp-credentials-secret.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if not .Values.artifactory.persistence.googleStorage.gcpServiceAccount.customSecretName }} -{{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} -kind: Secret -apiVersion: v1 -metadata: - name: {{ template "artifactory-ha.fullname" . }}-gcpcreds - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -stringData: - gcp.credentials.json: |- -{{ tpl .Values.artifactory.persistence.googleStorage.gcpServiceAccount.config . | indent 4 }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-installer-info.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-installer-info.yaml deleted file mode 100755 index e58ec41b3..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-installer-info.yaml +++ /dev/null @@ -1,12 +0,0 @@ -kind: ConfigMap -apiVersion: v1 -metadata: - name: {{ template "artifactory-ha.fullname" . }}-installer-info - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - installer-info.json: | - {{ tpl .Values.installerInfo . }} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-license-secret.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-license-secret.yaml deleted file mode 100755 index 3f629c6e4..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-license-secret.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- with .Values.artifactory.license.licenseKey }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "artifactory-ha.fullname" $ }}-license - labels: - app: {{ template "artifactory-ha.name" $ }} - chart: {{ template "artifactory-ha.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} -type: Opaque -data: - artifactory.lic: {{ . | b64enc | quote }} -{{- end }} \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-migration-scripts.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-migration-scripts.yaml deleted file mode 100755 index fe40f980f..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-migration-scripts.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.artifactory.migration.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "artifactory-ha.fullname" . }}-migration-scripts - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - migrate.sh: | -{{ .Files.Get "files/migrate.sh" | indent 4 }} - migrationHelmInfo.yaml: | -{{ .Files.Get "files/migrationHelmInfo.yaml" | indent 4 }} - migrationStatus.sh: | -{{ .Files.Get "files/migrationStatus.sh" | indent 4 }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-networkpolicy.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-networkpolicy.yaml deleted file mode 100755 index 371dc9a5f..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-networkpolicy.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{- range .Values.networkpolicy }} -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ template "artifactory-ha.fullname" $ }}-{{ .name }}-networkpolicy - labels: - app: {{ template "artifactory-ha.name" $ }} - chart: {{ template "artifactory-ha.chart" $ }} - release: {{ $.Release.Name }} - heritage: {{ $.Release.Service }} -spec: -{{- if .podSelector }} - podSelector: -{{ .podSelector | toYaml | trimSuffix "\n" | indent 4 -}} -{{ else }} - podSelector: {} -{{- end }} - policyTypes: - {{- if .ingress }} - - Ingress - {{- end }} - {{- if .egress }} - - Egress - {{- end }} -{{- if .ingress }} - ingress: -{{ .ingress | toYaml | trimSuffix "\n" | indent 2 -}} -{{- end }} -{{- if .egress }} - egress: -{{ .egress | toYaml | trimSuffix "\n" | indent 2 -}} -{{- end }} ---- -{{- end -}} \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-nfs-pvc.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-nfs-pvc.yaml deleted file mode 100755 index 6ed7d82f6..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-nfs-pvc.yaml +++ /dev/null @@ -1,101 +0,0 @@ -{{- if eq .Values.artifactory.persistence.type "nfs" }} -### Artifactory HA data -apiVersion: v1 -kind: PersistentVolume -metadata: - name: {{ template "artifactory-ha.fullname" . }}-data-pv - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - id: {{ template "artifactory-ha.name" . }}-data-pv - type: nfs-volume -spec: - {{- if .Values.artifactory.persistence.nfs.mountOptions }} - mountOptions: -{{ toYaml .Values.artifactory.persistence.nfs.mountOptions | indent 4 }} - {{- end }} - capacity: - storage: {{ .Values.artifactory.persistence.nfs.capacity }} - accessModes: - - ReadWriteOnce - persistentVolumeReclaimPolicy: Retain - nfs: - server: {{ .Values.artifactory.persistence.nfs.ip }} - path: "{{ .Values.artifactory.persistence.nfs.haDataMount }}" - readOnly: false ---- -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ template "artifactory-ha.fullname" . }}-data-pvc - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - type: nfs-volume -spec: - accessModes: - - ReadWriteOnce - storageClassName: "" - resources: - requests: - storage: {{ .Values.artifactory.persistence.nfs.capacity }} - selector: - matchLabels: - id: {{ template "artifactory-ha.name" . }}-data-pv - app: {{ template "artifactory-ha.name" . }} - release: {{ .Release.Name }} ---- -### Artifactory HA backup -apiVersion: v1 -kind: PersistentVolume -metadata: - name: {{ template "artifactory-ha.fullname" . }}-backup-pv - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - id: {{ template "artifactory-ha.name" . }}-backup-pv - type: nfs-volume -spec: - {{- if .Values.artifactory.persistence.nfs.mountOptions }} - mountOptions: -{{ toYaml .Values.artifactory.persistence.nfs.mountOptions | indent 4 }} - {{- end }} - capacity: - storage: {{ .Values.artifactory.persistence.nfs.capacity }} - accessModes: - - ReadWriteOnce - persistentVolumeReclaimPolicy: Retain - nfs: - server: {{ .Values.artifactory.persistence.nfs.ip }} - path: "{{ .Values.artifactory.persistence.nfs.haBackupMount }}" - readOnly: false ---- -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ template "artifactory-ha.fullname" . }}-backup-pvc - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - type: nfs-volume -spec: - accessModes: - - ReadWriteOnce - storageClassName: "" - resources: - requests: - storage: {{ .Values.artifactory.persistence.nfs.capacity }} - selector: - matchLabels: - id: {{ template "artifactory-ha.name" . }}-backup-pv - app: {{ template "artifactory-ha.name" . }} - release: {{ .Release.Name }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-node-pdb.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-node-pdb.yaml deleted file mode 100755 index d588e0a85..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-node-pdb.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ template "artifactory-ha.fullname" . }}-node - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - component: {{ .Values.artifactory.name }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - matchLabels: - component: {{ .Values.artifactory.name }} - app: {{ template "artifactory-ha.name" . }} - {{- if eq .Values.artifactory.service.pool "members" }} - role: {{ template "artifactory-ha.node.name" . }} - {{- end }} - release: {{ .Release.Name }} - minAvailable: {{ .Values.artifactory.node.minAvailable }} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-node-statefulset.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-node-statefulset.yaml deleted file mode 100755 index af5ce966d..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-node-statefulset.yaml +++ /dev/null @@ -1,711 +0,0 @@ -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ template "artifactory-ha.node.name" . }} - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - component: {{ .Values.artifactory.name }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -{{- with .Values.artifactory.node.labels }} -{{ toYaml . | indent 4 }} -{{- end }} -spec: - serviceName: {{ template "artifactory-ha.node.name" . }} - replicas: {{ .Values.artifactory.node.replicaCount }} - updateStrategy: - type: RollingUpdate - selector: - matchLabels: - app: {{ template "artifactory-ha.name" . }} - role: {{ template "artifactory-ha.node.name" . }} - release: {{ .Release.Name }} - template: - metadata: - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - role: {{ template "artifactory-ha.node.name" . }} - heritage: {{ .Release.Service }} - component: {{ .Values.artifactory.name }} - release: {{ .Release.Name }} - {{- with .Values.artifactory.node.labels }} -{{ toYaml . | indent 8 }} - {{- end }} - annotations: - checksum/binarystore: {{ include (print $.Template.BasePath "/artifactory-binarystore-secret.yaml") . | sha256sum }} - checksum/systemyaml: {{ include (print $.Template.BasePath "/artifactory-system-yaml.yaml") . | sha256sum }} - {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} - checksum/gcpcredentials: {{ include (print $.Template.BasePath "/artifactory-gcp-credentials-secret.yaml") . | sha256sum }} - {{- end }} - {{- range $key, $value := .Values.artifactory.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} - spec: - {{- if .Values.artifactory.priorityClass.existingPriorityClass }} - priorityClassName: {{ .Values.artifactory.priorityClass.existingPriorityClass }} - {{- else -}} - {{- if .Values.artifactory.priorityClass.create }} - priorityClassName: {{ default (include "artifactory-ha.fullname" .) .Values.artifactory.priorityClass.name }} - {{- end }} - {{- end }} - serviceAccountName: {{ template "artifactory-ha.serviceAccountName" . }} - terminationGracePeriodSeconds: {{ .Values.artifactory.terminationGracePeriodSeconds }} - {{- if .Values.imagePullSecrets }} - imagePullSecrets: - - name: {{ .Values.imagePullSecrets }} - {{- end }} - securityContext: - runAsUser: {{ .Values.artifactory.uid }} - fsGroup: {{ .Values.artifactory.uid }} - initContainers: - {{- if .Values.artifactory.customInitContainersBegin }} -{{ tpl .Values.artifactory.customInitContainersBegin . | indent 6 }} - {{- end }} - {{- if .Values.artifactory.persistence.enabled }} - {{- if eq .Values.artifactory.persistence.type "file-system" }} - {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} - - name: "create-artifactory-data-dir" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} - command: - - 'sh' - - '-c' - - > - mkdir -p {{ tpl .Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir . }}; - resources: -{{ toYaml .Values.initContainers.resources | indent 10 }} - volumeMounts: - - mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} - name: volume - {{- end }} - {{- end }} - {{- if .Values.artifactory.deleteDBPropertiesOnStartup }} - - name: "delete-db-properties" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} - command: - - 'sh' - - '-c' - - 'rm -fv {{ .Values.artifactory.persistence.mountPath }}/etc/db.properties' - resources: -{{ toYaml .Values.initContainers.resources | indent 10 }} - volumeMounts: - - mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} - name: volume - {{- end }} - {{- end }} - {{- if and .Values.artifactory.node.waitForPrimaryStartup.enabled }} - - name: "wait-for-primary" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} - command: - - 'sh' - - '-c' - - > - echo "Waiting for primary node to be ready..."; - {{- if and .Values.artifactory.node.waitForPrimaryStartup.enabled .Values.artifactory.node.waitForPrimaryStartup.time }} - echo "Sleeping to allow time for primary node to come up"; - sleep {{ .Values.artifactory.node.waitForPrimaryStartup.time }}; - {{- else }} - while [ "$(wget --spider --no-check-certificate -S -T 3 {{ include "artifactory-ha.scheme" . }}://{{ template "artifactory-ha.primary.name" . }}:{{ .Values.artifactory.externalPort }}/ 2>&1 | grep '^ HTTP/' | awk '{print $2}')" != "200" ]; - do echo "Primary not ready. Waiting..."; sleep 3; - done; - echo "Primary node ready!"; - {{- end }} - resources: -{{ toYaml .Values.initContainers.resources | indent 10 }} - {{- end }} - - name: 'copy-system-yaml' - image: '{{ .Values.initContainerImage }}' - command: - - '/bin/sh' - - '-c' - - > - echo "Copy system.yaml to {{ .Values.artifactory.persistence.mountPath }}/etc"; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/access/keys/trusted; - cp -fv /tmp/etc/system.yaml {{ .Values.artifactory.persistence.mountPath }}/etc/system.yaml; - echo "Remove {{ .Values.artifactory.persistence.mountPath }}/lost+found folder if exists"; - rm -rfv {{ .Values.artifactory.persistence.mountPath }}/lost+found; - echo "Removing join.key file"; - rm -fv {{ .Values.artifactory.persistence.mountPath }}/etc/security/join.key; - {{- if .Values.access.resetAccessCAKeys }} - echo "Resetting Access CA Keys - load from database"; - {{- end }} - {{- if .Values.access.customCertificatesSecretName }} - echo "Load custom certificates from database"; - {{- end }} - {{- if or .Values.artifactory.masterKey .Values.artifactory.masterKeySecretName }} - echo "Copy masterKey to {{ .Values.artifactory.persistence.mountPath }}/etc/security"; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/security; - echo -n ${ARTIFACTORY_MASTER_KEY} > {{ .Values.artifactory.persistence.mountPath }}/etc/security/master.key; - env: - - name: ARTIFACTORY_MASTER_KEY - valueFrom: - secretKeyRef: - name: "{{ .Values.artifactory.masterKeySecretName | default (include "artifactory-ha.fullname" .) }}" - key: master-key - {{- end }} - resources: -{{ toYaml .Values.initContainers.resources | indent 10 }} - volumeMounts: - - name: volume - mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} - - name: systemyaml - mountPath: "/tmp/etc/system.yaml" - subPath: system.yaml - {{- if .Values.artifactory.customPersistentPodVolumeClaim }} - - name: "prepare-custom-persistent-volume" - image: "{{ .Values.initContainerImage }}" - command: - - 'sh' - - '-c' - - > - chown -Rv {{ .Values.artifactory.uid }}:{{ .Values.artifactory.uid }} {{ .Values.artifactory.customPersistentPodVolumeClaim.mountPath }} - securityContext: - runAsUser: 0 - resources: -{{ toYaml .Values.initContainers.resources | indent 10 }} - volumeMounts: - - name: {{ .Values.artifactory.customPersistentPodVolumeClaim.name }} - mountPath: {{ .Values.artifactory.customPersistentPodVolumeClaim.mountPath }} - {{- end }} - {{- if .Values.waitForDatabase }} - {{- if or .Values.postgresql.enabled }} - - name: "wait-for-db" - image: "{{ .Values.initContainerImage }}" - command: - - 'sh' - - '-c' - - > - until nc -z -w 2 {{ .Release.Name }}-postgresql {{ .Values.postgresql.service.port }} && echo database ok; do - sleep 2; - done; - resources: -{{ toYaml .Values.initContainers.resources | indent 10 }} - {{- end }} - {{- end }} - {{- if .Values.artifactory.customInitContainers }} -{{ tpl .Values.artifactory.customInitContainers . | indent 6 }} - {{- end }} -{{- if .Values.artifactory.migration.enabled }} - - name: 'migration-artifactory-ha' - image: '{{ .Values.artifactory.image.repository }}:{{ default .Chart.AppVersion .Values.artifactory.image.version }}' - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} - securityContext: - allowPrivilegeEscalation: false - command: - - '/bin/bash' - - '-c' - - > - {{- if .Values.artifactory.migration.preStartCommand }} - echo "Running custom preStartCommand command"; - {{ tpl .Values.artifactory.migration.preStartCommand . }}; - {{- end }} - scriptsPath="/opt/jfrog/artifactory/app/bin"; - mkdir -p $scriptsPath; - echo "Copy migration scripts and Run migration"; - cp -fv /tmp/migrate.sh $scriptsPath/migrate.sh; - cp -fv /tmp/migrationHelmInfo.yaml $scriptsPath/migrationHelmInfo.yaml; - cp -fv /tmp/migrationStatus.sh $scriptsPath/migrationStatus.sh; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/log; - bash $scriptsPath/migrationStatus.sh {{ default .Chart.AppVersion .Values.artifactory.image.version }} {{ .Values.artifactory.migration.timeoutSeconds }} > >(tee {{ .Values.artifactory.persistence.mountPath }}/log/helm-migration.log) 2>&1; - resources: -{{ toYaml .Values.artifactory.node.resources | indent 10 }} - env: - {{- if or .Values.database.secrets.user .Values.database.user }} - - name: JF_SHARED_DATABASE_USERNAME - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.user }} - name: {{ tpl .Values.database.secrets.user.name . }} - key: {{ tpl .Values.database.secrets.user.key . }} - {{- else if .Values.database.user }} - name: {{ template "artifactory-ha.fullname" . }}-database-creds - key: db-user - {{- end }} - {{- end }} - {{ if or .Values.database.secrets.password .Values.database.password .Values.postgresql.enabled }} - - name: JF_SHARED_DATABASE_PASSWORD - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.password }} - name: {{ tpl .Values.database.secrets.password.name . }} - key: {{ tpl .Values.database.secrets.password.key . }} - {{- else if .Values.database.password }} - name: {{ template "artifactory-ha.fullname" . }}-database-creds - key: db-password - {{- else if .Values.postgresql.enabled }} - name: {{ .Release.Name }}-postgresql - key: postgresql-password - {{- end }} - {{- end }} - {{- if or .Values.database.secrets.url .Values.database.url }} - - name: JF_SHARED_DATABASE_URL - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.url }} - name: {{ tpl .Values.database.secrets.url.name . }} - key: {{ tpl .Values.database.secrets.url.key . }} - {{- else if .Values.database.url }} - name: {{ template "artifactory-ha.fullname" . }}-database-creds - key: db-url - {{- end }} - {{- end }} - - name: JF_SHARED_NODE_PRIMARY - value: "false" - - name: JF_SHARED_NODE_HAENABLED - value: "true" -{{- with .Values.artifactory.extraEnvironmentVariables }} -{{ tpl (toYaml .) $ | indent 8 }} -{{- end }} - volumeMounts: - - name: migration-scripts - mountPath: "/tmp/migrate.sh" - subPath: migrate.sh - - name: migration-scripts - mountPath: "/tmp/migrationHelmInfo.yaml" - subPath: migrationHelmInfo.yaml - - name: migration-scripts - mountPath: "/tmp/migrationStatus.sh" - subPath: migrationStatus.sh - - name: volume - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - {{- if eq .Values.artifactory.persistence.type "file-system" }} - {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} - {{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }} - - name: artifactory-ha-data-{{ $sharedClaimNumber }} - mountPath: "{{ tpl $.Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir $ }}/filestore{{ $sharedClaimNumber }}" - {{- end }} - - name: artifactory-ha-backup - mountPath: "{{ $.Values.artifactory.persistence.fileSystem.existingSharedClaim.backupDir }}" - {{- end }} - {{- end }} - {{- if .Values.artifactory.customVolumeMounts }} -{{ tpl .Values.artifactory.customVolumeMounts . | indent 8 }} - {{- end }} - {{- if eq .Values.artifactory.persistence.type "nfs" }} - - name: artifactory-ha-data - mountPath: "{{ .Values.artifactory.persistence.nfs.dataDir }}" - - name: artifactory-ha-backup - mountPath: "{{ .Values.artifactory.persistence.nfs.backupDir }}" - {{- else }} - {{- if .Values.artifactory.binarystore.enabled }} - - name: binarystore-xml - mountPath: "/artifactory_bootstrap/binarystore.xml" - subPath: binarystore.xml - {{- end }} - {{- end }} - {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} - - name: gcpcreds-json - mountPath: "/artifactory_bootstrap/gcp.credentials.json" - subPath: gcp.credentials.json - {{- end }} -{{- end }} - containers: - - name: {{ .Values.artifactory.name }} - image: '{{ .Values.artifactory.image.repository }}:{{ default .Chart.AppVersion .Values.artifactory.image.version }}' - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} - securityContext: - allowPrivilegeEscalation: false - command: - - '/bin/bash' - - '-c' - - > - set -e; - {{- if .Values.artifactory.preStartCommand }} - echo "Running custom preStartCommand command"; - {{ tpl .Values.artifactory.preStartCommand . }}; - {{- end }} - {{- with .Values.artifactory.node.preStartCommand }} - echo "Running member node specific custom preStartCommand command"; - {{ tpl . $ }}; - {{- end }} - exec /entrypoint-artifactory.sh - lifecycle: - postStart: - exec: - command: - - '/bin/bash' - - '-c' - - > - echo; - {{- with .Values.artifactory.postStartCommand }} - {{ tpl . $ }} - {{- end }} - env: - {{- if or .Values.database.secrets.user .Values.database.user }} - - name: JF_SHARED_DATABASE_USERNAME - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.user }} - name: {{ tpl .Values.database.secrets.user.name . }} - key: {{ tpl .Values.database.secrets.user.key . }} - {{- else if .Values.database.user }} - name: {{ template "artifactory-ha.fullname" . }}-database-creds - key: db-user - {{- end }} - {{- end }} - {{ if or .Values.database.secrets.password .Values.database.password .Values.postgresql.enabled }} - - name: JF_SHARED_DATABASE_PASSWORD - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.password }} - name: {{ tpl .Values.database.secrets.password.name . }} - key: {{ tpl .Values.database.secrets.password.key . }} - {{- else if .Values.database.password }} - name: {{ template "artifactory-ha.fullname" . }}-database-creds - key: db-password - {{- else if .Values.postgresql.enabled }} - name: {{ .Release.Name }}-postgresql - key: postgresql-password - {{- end }} - {{- end }} - {{- if or .Values.database.secrets.url .Values.database.url }} - - name: JF_SHARED_DATABASE_URL - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.url }} - name: {{ tpl .Values.database.secrets.url.name . }} - key: {{ tpl .Values.database.secrets.url.key . }} - {{- else if .Values.database.url }} - name: {{ template "artifactory-ha.fullname" . }}-database-creds - key: db-url - {{- end }} - {{- end }} - - name: JF_SHARED_NODE_PRIMARY - value: "false" - - name: JF_SHARED_NODE_HAENABLED - value: "true" -{{- with .Values.artifactory.extraEnvironmentVariables }} -{{ tpl (toYaml .) $ | indent 8 }} -{{- end }} - ports: - - containerPort: {{ .Values.artifactory.internalPort }} - - containerPort: {{ .Values.artifactory.internalArtifactoryPort }} - {{- if .Values.artifactory.node.javaOpts.jmx.enabled }} - - containerPort: {{ .Values.artifactory.node.javaOpts.jmx.port }} - {{- end }} - {{- if .Values.artifactory.ssh.enabled }} - - containerPort: {{ .Values.artifactory.ssh.internalPort }} - {{- end }} - volumeMounts: - {{- if .Values.artifactory.customPersistentVolumeClaim }} - - name: {{ .Values.artifactory.customPersistentVolumeClaim.name }} - mountPath: {{ .Values.artifactory.customPersistentVolumeClaim.mountPath }} - {{- end }} - {{- if .Values.artifactory.customPersistentPodVolumeClaim }} - - name: {{ .Values.artifactory.customPersistentPodVolumeClaim.name }} - mountPath: {{ .Values.artifactory.customPersistentPodVolumeClaim.mountPath }} - {{- end }} - - name: volume - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - {{- if eq .Values.artifactory.persistence.type "file-system" }} - {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} - {{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }} - - name: artifactory-ha-data-{{ $sharedClaimNumber }} - mountPath: "{{ tpl $.Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir $ }}/filestore{{ $sharedClaimNumber }}" - {{- end }} - - name: artifactory-ha-backup - mountPath: "{{ $.Values.artifactory.persistence.fileSystem.existingSharedClaim.backupDir }}" - {{- end }} - {{- end }} - {{- if eq .Values.artifactory.persistence.type "nfs" }} - - name: artifactory-ha-data - mountPath: "{{ .Values.artifactory.persistence.nfs.dataDir }}" - - name: artifactory-ha-backup - mountPath: "{{ .Values.artifactory.persistence.nfs.backupDir }}" - {{- else }} - {{- if .Values.artifactory.binarystore.enabled }} - - name: binarystore-xml - mountPath: "/artifactory_bootstrap/binarystore.xml" - subPath: binarystore.xml - {{- end }} - {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} - - name: gcpcreds-json - mountPath: "/artifactory_bootstrap/gcp.credentials.json" - subPath: gcp.credentials.json - {{- end }} - {{- if .Values.artifactory.configMapName }} - - name: bootstrap-config - mountPath: "/bootstrap/" - {{- end }} - {{- if or .Values.artifactory.license.secret .Values.artifactory.license.licenseKey }} - - name: artifactory-license - mountPath: "/artifactory_bootstrap/artifactory.cluster.license" - {{- if .Values.artifactory.license.secret }} - subPath: {{ .Values.artifactory.license.dataKey }} - {{- else if .Values.artifactory.license.licenseKey }} - subPath: artifactory.lic - {{- end }} - {{- end }} - {{- end }} - - name: installer-info - mountPath: "/artifactory_bootstrap/info/installer-info.json" - subPath: installer-info.json - {{- if .Values.artifactory.customVolumeMounts }} -{{ tpl .Values.artifactory.customVolumeMounts . | indent 8 }} - {{- end }} - resources: -{{ toYaml .Values.artifactory.node.resources | indent 10 }} - {{- if .Values.artifactory.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: {{ .Values.artifactory.readinessProbe.path }} - scheme: {{ include "artifactory-ha.scheme" . | upper }} - port: {{ .Values.artifactory.internalPort }} - initialDelaySeconds: {{ .Values.artifactory.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.artifactory.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.artifactory.readinessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.artifactory.readinessProbe.failureThreshold }} - successThreshold: {{ .Values.artifactory.readinessProbe.successThreshold }} - {{- end }} - {{- if .Values.artifactory.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: {{ .Values.artifactory.livenessProbe.path }} - scheme: {{ include "artifactory-ha.scheme" . | upper }} - port: {{ .Values.artifactory.internalPort }} - initialDelaySeconds: {{ .Values.artifactory.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.artifactory.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.artifactory.livenessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.artifactory.livenessProbe.failureThreshold }} - successThreshold: {{ .Values.artifactory.livenessProbe.successThreshold }} - {{- end }} - {{- $image := .Values.logger.image.repository }} - {{- $tag := .Values.logger.image.tag }} - {{- $mountPath := .Values.artifactory.persistence.mountPath }} - {{- range .Values.artifactory.loggers }} - - name: {{ . | replace "_" "-" | replace "." "-" }} - image: '{{ $image }}:{{ $tag }}' - command: - - 'sh' - - '-c' - - 'sh /scripts/tail-log.sh {{ $mountPath }}/log {{ . }}' - volumeMounts: - - name: volume - mountPath: {{ $mountPath }} - - name: tail-logger-script - mountPath: /scripts/tail-log.sh - subPath: tail-log.sh - resources: -{{ toYaml $.Values.artifactory.loggersResources | indent 10 }} - {{- end }} - {{ if .Values.artifactory.catalinaLoggers }} - {{- range .Values.artifactory.catalinaLoggers }} - - name: {{ . | replace "_" "-" | replace "." "-" }} - image: '{{ $image }}:{{ $tag }}' - command: - - 'sh' - - '-c' - - 'sh /scripts/tail-log.sh {{ $mountPath }}/log/tomcat {{ . }}' - volumeMounts: - - name: volume - mountPath: {{ $mountPath }} - - name: tail-logger-script - mountPath: /scripts/tail-log.sh - subPath: tail-log.sh - resources: -{{ toYaml $.Values.artifactory.catalinaLoggersResources | indent 10 }} - {{- end }} - {{- end }} - {{- if .Values.filebeat.enabled }} - - name: {{ .Values.filebeat.name }} - image: "{{ .Values.filebeat.image.repository }}:{{ .Values.filebeat.image.version }}" - imagePullPolicy: {{ .Values.filebeat.image.pullPolicy }} - args: - - "-e" - - "-E" - - "http.enabled=true" - securityContext: - runAsUser: 0 - volumeMounts: - - name: filebeat-config - mountPath: /usr/share/filebeat/filebeat.yml - readOnly: true - subPath: filebeat.yml - - name: volume - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - livenessProbe: -{{ toYaml .Values.filebeat.livenessProbe | indent 10 }} - readinessProbe: -{{ toYaml .Values.filebeat.readinessProbe | indent 10 }} - resources: -{{ toYaml .Values.filebeat.resources | indent 10 }} - terminationGracePeriodSeconds: {{ .Values.terminationGracePeriod }} - {{- end }} - {{- if .Values.artifactory.customSidecarContainers }} -{{ tpl .Values.artifactory.customSidecarContainers . | indent 6 }} - {{- end }} - {{- with .Values.artifactory.node.nodeSelector }} - nodeSelector: -{{ toYaml . | indent 8 }} - {{- end }} - {{- if .Values.artifactory.node.affinity }} - {{- with .Values.artifactory.node.affinity }} - affinity: -{{ toYaml . | indent 8 }} - {{- end }} - {{- else if eq .Values.artifactory.node.podAntiAffinity.type "soft" }} - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 - podAffinityTerm: - topologyKey: {{ .Values.artifactory.node.podAntiAffinity.topologyKey }} - labelSelector: - matchLabels: - app: {{ template "artifactory-ha.name" . }} - release: {{ .Release.Name }} - {{- if eq .Values.artifactory.service.pool "members" }} - role: {{ template "artifactory-ha.node.name" . }} - {{- end }} - {{- else if eq .Values.artifactory.node.podAntiAffinity.type "hard" }} - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: {{ .Values.artifactory.node.podAntiAffinity.topologyKey }} - labelSelector: - matchLabels: - app: {{ template "artifactory-ha.name" . }} - release: {{ .Release.Name }} - {{- if eq .Values.artifactory.service.pool "members" }} - role: {{ template "artifactory-ha.node.name" . }} - {{- end }} - {{- end }} - {{- with .Values.artifactory.node.tolerations }} - tolerations: -{{ toYaml . | indent 8 }} - {{- end }} - volumes: - {{- if .Values.artifactory.binarystore.enabled }} - - name: binarystore-xml - secret: - {{- if .Values.artifactory.persistence.customBinarystoreXmlSecret }} - secretName: {{ .Values.artifactory.persistence.customBinarystoreXmlSecret }} - {{- else }} - secretName: {{ template "artifactory-ha.fullname" . }}-binarystore - {{- end }} - {{- end }} - {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} - - name: gcpcreds-json - secret: - {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.customSecretName }} - secretName: {{ .Values.artifactory.persistence.googleStorage.gcpServiceAccount.customSecretName }} - {{- else }} - secretName: {{ template "artifactory-ha.fullname" . }}-gcpcreds - {{- end }} - {{- end }} - {{- if or .Values.artifactory.license.secret .Values.artifactory.license.licenseKey }} - - name: artifactory-license - secret: - {{- if .Values.artifactory.license.secret }} - secretName: {{ .Values.artifactory.license.secret }} - {{- else if .Values.artifactory.license.licenseKey }} - secretName: {{ template "artifactory-ha.fullname" . }}-license - {{- end }} - {{- end }} -{{- if .Values.artifactory.migration.enabled }} - - name: migration-scripts - configMap: - name: {{ template "artifactory-ha.fullname" . }}-migration-scripts -{{- end }} - - name: installer-info - configMap: - name: {{ template "artifactory-ha.fullname" . }}-installer-info - {{- if .Values.artifactory.configMapName }} - - name: bootstrap-config - configMap: - name: {{ .Values.artifactory.configMapName }} - {{- end}} - {{- if or .Values.artifactory.loggers .Values.artifactory.catalinaLoggers }} - - name: tail-logger-script - configMap: - name: {{ template "artifactory-ha.fullname" . }}-logger - {{- end }} - {{- if .Values.artifactory.configMaps }} - - name: artifactory-configmaps - configMap: - name: {{ template "artifactory-ha.fullname" . }}-configmaps - {{- end }} - {{- if eq .Values.artifactory.persistence.type "file-system" }} - {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} - {{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }} - - name: artifactory-ha-data-{{ $sharedClaimNumber }} - persistentVolumeClaim: - claimName: {{ template "artifactory-ha.fullname" $ }}-data-pvc-{{ $sharedClaimNumber }} - {{- end }} - - name: artifactory-ha-backup - persistentVolumeClaim: - claimName: {{ template "artifactory-ha.fullname" $ }}-backup-pvc - {{- end }} - {{- end }} - {{- if eq .Values.artifactory.persistence.type "nfs" }} - - name: artifactory-ha-data - persistentVolumeClaim: - claimName: {{ template "artifactory-ha.fullname" . }}-data-pvc - - name: artifactory-ha-backup - persistentVolumeClaim: - claimName: {{ template "artifactory-ha.fullname" . }}-backup-pvc - {{- end }} - - name: systemyaml - secret: - secretName: {{ template "artifactory-ha.primary.name" . }}-system-yaml - {{- if .Values.artifactory.customPersistentVolumeClaim }} - - name: {{ .Values.artifactory.customPersistentVolumeClaim.name }} - persistentVolumeClaim: - claimName: {{ .Values.artifactory.customPersistentVolumeClaim.name }} - {{- end }} - {{- if .Values.filebeat.enabled }} - - name: filebeat-config - configMap: - name: {{ template "artifactory-ha.fullname" . }}-filebeat-config - {{- end }} - {{- if .Values.artifactory.customVolumes }} -{{ tpl .Values.artifactory.customVolumes . | indent 6 }} - {{- end }} - {{- if not .Values.artifactory.persistence.enabled }} - - name: volume - emptyDir: - sizeLimit: {{ .Values.artifactory.persistence.size }} - {{- end }} - volumeClaimTemplates: - {{- if .Values.artifactory.persistence.enabled }} - - metadata: - name: volume - {{- if not .Values.artifactory.node.persistence.existingClaim }} - spec: - {{- if .Values.artifactory.persistence.storageClassName }} - {{- if (eq "-" .Values.artifactory.persistence.storageClassName) }} - storageClassName: "" - {{- else }} - storageClassName: "{{ .Values.artifactory.persistence.storageClassName }}" - {{- end }} - {{- end }} - accessModes: [ "{{ .Values.artifactory.persistence.accessMode }}" ] - resources: - requests: - storage: {{ .Values.artifactory.persistence.size }} - {{- end }} - {{- end }} - {{- if .Values.artifactory.customPersistentPodVolumeClaim }} - - metadata: - name: {{ .Values.artifactory.customPersistentPodVolumeClaim.name }} - spec: - {{- if .Values.artifactory.customPersistentPodVolumeClaim.storageClassName }} - {{- if (eq "-" .Values.artifactory.customPersistentPodVolumeClaim.storageClassName) }} - storageClassName: "" - {{- else }} - storageClassName: "{{ .Values.artifactory.customPersistentPodVolumeClaim.storageClassName }}" - {{- end }} - {{- end }} - accessModes: - {{- range .Values.artifactory.customPersistentPodVolumeClaim.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.artifactory.customPersistentPodVolumeClaim.size }} - {{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-primary-statefulset.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-primary-statefulset.yaml deleted file mode 100755 index 9de929da2..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-primary-statefulset.yaml +++ /dev/null @@ -1,835 +0,0 @@ -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ template "artifactory-ha.primary.name" . }} - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - component: {{ .Values.artifactory.name }} - version: {{ default .Chart.AppVersion .Values.artifactory.image.version }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -{{- with .Values.artifactory.primary.labels }} -{{ toYaml . | indent 4 }} -{{- end }} -{{- if and .Release.IsUpgrade .Values.postgresql.enabled }} - databaseUpgradeReady: {{ required "\n\n*********\nIMPORTANT: UPGRADE STOPPED to prevent data loss!\nReview CHANGELOG.md (https://github.com/jfrog/charts/blob/master/stable/artifactory/CHANGELOG.md), pass postgresql.image.tag=9.6.18-debian-10-r7 and databaseUpgradeReady=true if you are upgrading from chart version which has postgresql version 9.6.x." .Values.databaseUpgradeReady | quote }} -{{- end }} -spec: - serviceName: {{ template "artifactory-ha.primary.name" . }} - replicas: 1 - updateStrategy: - type: RollingUpdate - selector: - matchLabels: - app: {{ template "artifactory-ha.name" . }} - role: {{ template "artifactory-ha.primary.name" . }} - release: {{ .Release.Name }} - template: - metadata: - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - role: {{ template "artifactory-ha.primary.name" . }} - component: {{ .Values.artifactory.name }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - {{- with .Values.artifactory.primary.labels }} -{{ toYaml . | indent 8 }} - {{- end }} - annotations: - checksum/binarystore: {{ include (print $.Template.BasePath "/artifactory-binarystore-secret.yaml") . | sha256sum }} - checksum/systemyaml: {{ include (print $.Template.BasePath "/artifactory-system-yaml.yaml") . | sha256sum }} - {{- if .Values.access.accessConfig }} - checksum/access-config: {{ include (print $.Template.BasePath "/artifactory-access-config.yaml") . | sha256sum }} - {{- end }} - {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} - checksum/gcpcredentials: {{ include (print $.Template.BasePath "/artifactory-gcp-credentials-secret.yaml") . | sha256sum }} - {{- end }} - {{- if not (and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey) }} - checksum/admin-creds: {{ include (print $.Template.BasePath "/admin-bootstrap-creds.yaml") . | sha256sum }} - {{- end }} - {{- range $key, $value := .Values.artifactory.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} - spec: - {{- if .Values.artifactory.priorityClass.existingPriorityClass }} - priorityClassName: {{ .Values.artifactory.priorityClass.existingPriorityClass }} - {{- else -}} - {{- if .Values.artifactory.priorityClass.create }} - priorityClassName: {{ default (include "artifactory-ha.fullname" .) .Values.artifactory.priorityClass.name }} - {{- end }} - {{- end }} - serviceAccountName: {{ template "artifactory-ha.serviceAccountName" . }} - terminationGracePeriodSeconds: {{ .Values.artifactory.terminationGracePeriodSeconds }} - {{- if .Values.imagePullSecrets }} - imagePullSecrets: - - name: {{ .Values.imagePullSecrets }} - {{- end }} - securityContext: - runAsUser: {{ .Values.artifactory.uid }} - fsGroup: {{ .Values.artifactory.uid }} - initContainers: - {{- if .Values.artifactory.customInitContainersBegin }} -{{ tpl .Values.artifactory.customInitContainersBegin . | indent 6 }} - {{- end }} - {{- if .Values.artifactory.persistence.enabled }} - {{- if eq .Values.artifactory.persistence.type "file-system" }} - {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} - - name: "create-artifactory-data-dir" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} - resources: -{{ toYaml .Values.initContainers.resources | indent 10 }} - command: - - 'sh' - - '-c' - - > - mkdir -p {{ tpl .Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir . }}; - volumeMounts: - - mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} - name: volume - {{- end }} - {{- end }} - {{- if .Values.artifactory.deleteDBPropertiesOnStartup }} - - name: "delete-db-properties" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} - resources: -{{ toYaml .Values.initContainers.resources | indent 10 }} - command: - - 'sh' - - '-c' - - 'rm -fv {{ .Values.artifactory.persistence.mountPath }}/etc/db.properties' - volumeMounts: - - mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} - name: volume - {{- end }} - - name: "remove-lost-found" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} - resources: -{{ toYaml .Values.initContainers.resources | indent 10 }} - command: - - 'sh' - - '-c' - - > - rm -rfv {{ .Values.artifactory.persistence.mountPath }}/lost+found; - rm -rfv {{ tpl .Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir . }}/lost+found; - rm -rfv {{ .Values.artifactory.persistence.fileSystem.existingSharedClaim.backupDir }}/lost+found; - volumeMounts: - - name: volume - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - {{- if eq .Values.artifactory.persistence.type "file-system" }} - {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} - {{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }} - - name: artifactory-ha-data-{{ $sharedClaimNumber }} - mountPath: "{{ tpl $.Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir $ }}/filestore{{ $sharedClaimNumber }}" - {{- end }} - - name: artifactory-ha-backup - mountPath: "{{ $.Values.artifactory.persistence.fileSystem.existingSharedClaim.backupDir }}" - {{- end }} - {{- end }} - {{- if or (and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey) .Values.artifactory.admin.password }} - - name: "access-bootstrap-creds" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} - resources: -{{ toYaml .Values.initContainers.resources | indent 10 }} - command: - - 'sh' - - '-c' - - > - echo "Preparing {{ .Values.artifactory.persistence.mountPath }}/etc/access/bootstrap.creds"; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/access; - cp -Lrf /tmp/access/bootstrap.creds {{ .Values.artifactory.persistence.mountPath }}/etc/access/bootstrap.creds; - chmod 600 {{ .Values.artifactory.persistence.mountPath }}/etc/access/bootstrap.creds; - volumeMounts: - - name: volume - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - - name: access-bootstrap-creds - mountPath: "/tmp/access/bootstrap.creds" - {{- if and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey }} - subPath: {{ .Values.artifactory.admin.dataKey }} - {{- else }} - subPath: bootstrap.creds - {{- end }} - {{- end }} - {{- end }} - - name: 'copy-system-yaml' - image: '{{ .Values.initContainerImage }}' - resources: -{{ toYaml .Values.initContainers.resources | indent 10 }} - command: - - '/bin/sh' - - '-c' - - > - echo "Copy system.yaml to {{ .Values.artifactory.persistence.mountPath }}/etc"; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/access/keys/trusted; - cp -fv /tmp/etc/system.yaml {{ .Values.artifactory.persistence.mountPath }}/etc/system.yaml; - echo "Remove {{ .Values.artifactory.persistence.mountPath }}/lost+found folder if exists"; - rm -rfv {{ .Values.artifactory.persistence.mountPath }}/lost+found; - {{- if .Values.access.accessConfig }} - echo "Copy access.config.latest.yml to {{ .Values.artifactory.persistence.mountPath }}/etc"; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/access; - cp -fv /tmp/etc/access.config.import.yml {{ .Values.artifactory.persistence.mountPath }}/etc/access/access.config.import.yml; - {{- end }} - {{- if .Values.access.resetAccessCAKeys }} - echo "Resetting Access CA Keys"; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys; - touch {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys/reset_ca_keys; - {{- end }} - {{- if .Values.access.customCertificatesSecretName }} - echo "Copying custom certificates to {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys"; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys; - cp -fv /tmp/etc/tls.crt {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys/ca.crt; - cp -fv /tmp/etc/tls.key {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys/ca.private.key; - {{- end }} - {{- if or .Values.artifactory.joinKey .Values.artifactory.joinKeySecretName }} - echo "Copy joinKey to {{ .Values.artifactory.persistence.mountPath }}/bootstrap/access/etc/security"; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/bootstrap/access/etc/security; - echo -n ${ARTIFACTORY_JOIN_KEY} > {{ .Values.artifactory.persistence.mountPath }}/bootstrap/access/etc/security/join.key; - {{- end }} - {{- if or .Values.artifactory.masterKey .Values.artifactory.masterKeySecretName }} - echo "Copy masterKey to {{ .Values.artifactory.persistence.mountPath }}/etc/security"; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/security; - echo -n ${ARTIFACTORY_MASTER_KEY} > {{ .Values.artifactory.persistence.mountPath }}/etc/security/master.key; - {{- end }} - env: - {{- if or .Values.artifactory.joinKey .Values.artifactory.joinKeySecretName}} - - name: ARTIFACTORY_JOIN_KEY - valueFrom: - secretKeyRef: - name: "{{ .Values.artifactory.joinKeySecretName | default (include "artifactory-ha.fullname" .) }}" - key: join-key - {{- end }} - {{- if or .Values.artifactory.masterKey .Values.artifactory.masterKeySecretName }} - - name: ARTIFACTORY_MASTER_KEY - valueFrom: - secretKeyRef: - name: "{{ .Values.artifactory.masterKeySecretName | default (include "artifactory-ha.fullname" .) }}" - key: master-key - {{- end }} - volumeMounts: - - name: volume - mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} - - name: systemyaml - mountPath: "/tmp/etc/system.yaml" - subPath: system.yaml - {{- if .Values.access.accessConfig }} - - name: access-config - mountPath: "/tmp/etc/access.config.import.yml" - subPath: access.config.import.yml - {{- end }} - {{- if .Values.access.customCertificatesSecretName }} - - name: access-certs - mountPath: "/tmp/etc/tls.crt" - subPath: tls.crt - - name: access-certs - mountPath: "/tmp/etc/tls.key" - subPath: tls.key - {{- end }} - {{- if .Values.artifactory.customPersistentPodVolumeClaim }} - - name: "prepare-custom-persistent-volume" - image: "{{ .Values.initContainerImage }}" - resources: -{{ toYaml .Values.initContainers.resources | indent 10 }} - command: - - 'sh' - - '-c' - - > - chown -Rv {{ .Values.artifactory.uid }}:{{ .Values.artifactory.uid }} {{ .Values.artifactory.customPersistentPodVolumeClaim.mountPath }} - securityContext: - runAsUser: 0 - resources: -{{ toYaml .Values.initContainers.resources | indent 10 }} - volumeMounts: - - name: {{ .Values.artifactory.customPersistentPodVolumeClaim.name }} - mountPath: {{ .Values.artifactory.customPersistentPodVolumeClaim.mountPath }} - {{- end }} - {{- if .Values.waitForDatabase }} - {{- if or .Values.postgresql.enabled }} - - name: "wait-for-db" - image: "{{ .Values.initContainerImage }}" - command: - - 'sh' - - '-c' - - > - until nc -z -w 2 {{ .Release.Name }}-postgresql {{ .Values.postgresql.service.port }} && echo database ok; do - sleep 2; - done; - resources: -{{ toYaml .Values.initContainers.resources | indent 10 }} - {{- end }} - {{- end }} - {{- if .Values.artifactory.customInitContainers }} -{{ tpl .Values.artifactory.customInitContainers . | indent 6 }} - {{- end }} -{{- if .Values.artifactory.migration.enabled }} - - name: 'migration-artifactory-ha' - image: '{{ .Values.artifactory.image.repository }}:{{ default .Chart.AppVersion .Values.artifactory.image.version }}' - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} - resources: -{{ toYaml .Values.artifactory.primary.resources | indent 10 }} - securityContext: - allowPrivilegeEscalation: false - command: - - '/bin/bash' - - '-c' - - > - {{- if .Values.artifactory.migration.preStartCommand }} - echo "Running custom preStartCommand command"; - {{ tpl .Values.artifactory.migration.preStartCommand . }}; - {{- end }} - scriptsPath="/opt/jfrog/artifactory/app/bin"; - mkdir -p $scriptsPath; - echo "Copy migration scripts and Run migration"; - cp -fv /tmp/migrate.sh $scriptsPath/migrate.sh; - cp -fv /tmp/migrationHelmInfo.yaml $scriptsPath/migrationHelmInfo.yaml; - cp -fv /tmp/migrationStatus.sh $scriptsPath/migrationStatus.sh; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/log; - bash $scriptsPath/migrationStatus.sh {{ default .Chart.AppVersion .Values.artifactory.image.version }} {{ .Values.artifactory.migration.timeoutSeconds }} > >(tee {{ .Values.artifactory.persistence.mountPath }}/log/helm-migration.log) 2>&1; - env: - {{- if or .Values.database.secrets.user .Values.database.user }} - - name: JF_SHARED_DATABASE_USERNAME - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.user }} - name: {{ tpl .Values.database.secrets.user.name . }} - key: {{ tpl .Values.database.secrets.user.key . }} - {{- else if .Values.database.user }} - name: {{ template "artifactory-ha.fullname" . }}-database-creds - key: db-user - {{- end }} - {{- end }} - {{ if or .Values.database.secrets.password .Values.database.password .Values.postgresql.enabled }} - - name: JF_SHARED_DATABASE_PASSWORD - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.password }} - name: {{ tpl .Values.database.secrets.password.name . }} - key: {{ tpl .Values.database.secrets.password.key . }} - {{- else if .Values.database.password }} - name: {{ template "artifactory-ha.fullname" . }}-database-creds - key: db-password - {{- else if .Values.postgresql.enabled }} - name: {{ .Release.Name }}-postgresql - key: postgresql-password - {{- end }} - {{- end }} - {{- if or .Values.database.secrets.url .Values.database.url }} - - name: JF_SHARED_DATABASE_URL - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.url }} - name: {{ tpl .Values.database.secrets.url.name . }} - key: {{ tpl .Values.database.secrets.url.key . }} - {{- else if .Values.database.url }} - name: {{ template "artifactory-ha.fullname" . }}-database-creds - key: db-url - {{- end }} - {{- end }} - - name: JF_SHARED_NODE_PRIMARY - value: "true" - - name: JF_SHARED_NODE_HAENABLED - value: "true" -{{- with .Values.artifactory.extraEnvironmentVariables }} -{{ tpl (toYaml .) $ | indent 8 }} -{{- end }} - volumeMounts: - - name: migration-scripts - mountPath: "/tmp/migrate.sh" - subPath: migrate.sh - - name: migration-scripts - mountPath: "/tmp/migrationHelmInfo.yaml" - subPath: migrationHelmInfo.yaml - - name: migration-scripts - mountPath: "/tmp/migrationStatus.sh" - subPath: migrationStatus.sh - - name: volume - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - {{- if eq .Values.artifactory.persistence.type "file-system" }} - {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} - {{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }} - - name: artifactory-ha-data-{{ $sharedClaimNumber }} - mountPath: "{{ tpl $.Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir $ }}/filestore{{ $sharedClaimNumber }}" - {{- end }} - - name: artifactory-ha-backup - mountPath: "{{ $.Values.artifactory.persistence.fileSystem.existingSharedClaim.backupDir }}" - {{- end }} - {{- end }} - {{- if .Values.artifactory.customVolumeMounts }} -{{ tpl .Values.artifactory.customVolumeMounts . | indent 8 }} - {{- end }} - {{- if eq .Values.artifactory.persistence.type "nfs" }} - - name: artifactory-ha-data - mountPath: "{{ .Values.artifactory.persistence.nfs.dataDir }}" - - name: artifactory-ha-backup - mountPath: "{{ .Values.artifactory.persistence.nfs.backupDir }}" - {{- else }} - {{- if .Values.artifactory.binarystore.enabled }} - - name: binarystore-xml - mountPath: "/artifactory_bootstrap/binarystore.xml" - subPath: binarystore.xml - {{- end }} - {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} - - name: gcpcreds-json - mountPath: "/artifactory_bootstrap/gcp.credentials.json" - subPath: gcp.credentials.json - {{- end }} - {{- end }} -{{- end }} - containers: - - name: {{ .Values.artifactory.name }} - image: '{{ .Values.artifactory.image.repository }}:{{ default .Chart.AppVersion .Values.artifactory.image.version }}' - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} - securityContext: - allowPrivilegeEscalation: false - command: - - '/bin/bash' - - '-c' - - > - set -e; - if [ -d /artifactory_extra_conf ] && [ -d /artifactory_bootstrap ]; then - echo "Copying bootstrap config from /artifactory_extra_conf to /artifactory_bootstrap"; - cp -Lrfv /artifactory_extra_conf/ /artifactory_bootstrap/; - fi; - {{- if .Values.artifactory.configMapName }} - echo "Copying bootstrap configs"; - cp -Lrf /bootstrap/* /artifactory_bootstrap/; - {{- end }} - {{- if .Values.artifactory.userPluginSecrets }} - echo "Copying plugins"; - cp -Lrf /tmp/plugin/*/* /artifactory_bootstrap/plugins; - {{- end }} - {{- range .Values.artifactory.copyOnEveryStartup }} - {{- $targetPath := printf "%s/%s" $.Values.artifactory.persistence.mountPath .target }} - {{- $baseDirectory := regexFind ".*/" $targetPath }} - mkdir -p {{ $baseDirectory }}; - cp -Lrf {{ .source }} {{ $.Values.artifactory.persistence.mountPath }}/{{ .target }}; - {{- end }} - {{- with .Values.artifactory.preStartCommand }} - echo "Running custom preStartCommand command"; - {{ tpl . $ }}; - {{- end }} - {{- with .Values.artifactory.primary.preStartCommand }} - echo "Running primary specific custom preStartCommand command"; - {{ tpl . $ }}; - {{- end }} - exec /entrypoint-artifactory.sh - lifecycle: - postStart: - exec: - command: - - '/bin/bash' - - '-c' - - > - echo; - {{- with .Values.artifactory.postStartCommand }} - {{ tpl . $ }} - {{- end }} - env: - {{- if or .Values.database.secrets.user .Values.database.user }} - - name: JF_SHARED_DATABASE_USERNAME - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.user }} - name: {{ tpl .Values.database.secrets.user.name . }} - key: {{ tpl .Values.database.secrets.user.key . }} - {{- else if .Values.database.user }} - name: {{ template "artifactory-ha.fullname" . }}-database-creds - key: db-user - {{- end }} - {{- end }} - {{ if or .Values.database.secrets.password .Values.database.password .Values.postgresql.enabled }} - - name: JF_SHARED_DATABASE_PASSWORD - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.password }} - name: {{ tpl .Values.database.secrets.password.name . }} - key: {{ tpl .Values.database.secrets.password.key . }} - {{- else if .Values.database.password }} - name: {{ template "artifactory-ha.fullname" . }}-database-creds - key: db-password - {{- else if .Values.postgresql.enabled }} - name: {{ .Release.Name }}-postgresql - key: postgresql-password - {{- end }} - {{- end }} - {{- if or .Values.database.secrets.url .Values.database.url }} - - name: JF_SHARED_DATABASE_URL - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.url }} - name: {{ tpl .Values.database.secrets.url.name . }} - key: {{ tpl .Values.database.secrets.url.key . }} - {{- else if .Values.database.url }} - name: {{ template "artifactory-ha.fullname" . }}-database-creds - key: db-url - {{- end }} - {{- end }} - - name: JF_SHARED_NODE_PRIMARY - value: "true" - - name: JF_SHARED_NODE_HAENABLED - value: "true" -{{- with .Values.artifactory.extraEnvironmentVariables }} -{{ tpl (toYaml .) $ | indent 8 }} -{{- end }} - ports: - - containerPort: {{ .Values.artifactory.internalPort }} - - containerPort: {{ .Values.artifactory.internalArtifactoryPort }} - {{- if .Values.artifactory.primary.javaOpts.jmx.enabled }} - - containerPort: {{ .Values.artifactory.primary.javaOpts.jmx.port }} - {{- end }} - {{- if .Values.artifactory.ssh.enabled }} - - containerPort: {{ .Values.artifactory.ssh.internalPort }} - {{- end }} - volumeMounts: - {{- if .Values.artifactory.customPersistentVolumeClaim }} - - name: {{ .Values.artifactory.customPersistentVolumeClaim.name }} - mountPath: {{ .Values.artifactory.customPersistentVolumeClaim.mountPath }} - {{- end }} - {{- if .Values.artifactory.customPersistentPodVolumeClaim }} - - name: {{ .Values.artifactory.customPersistentPodVolumeClaim.name }} - mountPath: {{ .Values.artifactory.customPersistentPodVolumeClaim.mountPath }} - {{- end }} - {{- if .Values.artifactory.userPluginSecrets }} - - name: bootstrap-plugins - mountPath: "/artifactory_bootstrap/plugins/" - {{- range .Values.artifactory.userPluginSecrets }} - - name: {{ tpl . $ }} - mountPath: "/tmp/plugin/{{ tpl . $ }}" - {{- end }} - {{- end }} - - name: volume - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - {{- if eq .Values.artifactory.persistence.type "file-system" }} - {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} - {{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }} - - name: artifactory-ha-data-{{ $sharedClaimNumber }} - mountPath: "{{ tpl $.Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir $ }}/filestore{{ $sharedClaimNumber }}" - {{- end }} - - name: artifactory-ha-backup - mountPath: "{{ $.Values.artifactory.persistence.fileSystem.existingSharedClaim.backupDir }}" - {{- end }} - {{- end }} - {{- if eq .Values.artifactory.persistence.type "nfs" }} - - name: artifactory-ha-data - mountPath: "{{ .Values.artifactory.persistence.nfs.dataDir }}" - - name: artifactory-ha-backup - mountPath: "{{ .Values.artifactory.persistence.nfs.backupDir }}" - {{- else }} - {{- if .Values.artifactory.binarystore.enabled }} - - name: binarystore-xml - mountPath: "/artifactory_bootstrap/binarystore.xml" - subPath: binarystore.xml - {{- end }} - {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} - - name: gcpcreds-json - mountPath: "/artifactory_bootstrap/gcp.credentials.json" - subPath: gcp.credentials.json - {{- end }} - {{- end }} - {{- if .Values.artifactory.configMapName }} - - name: bootstrap-config - mountPath: "/bootstrap/" - {{- end }} - {{- if or .Values.artifactory.license.secret .Values.artifactory.license.licenseKey }} - - name: artifactory-license - mountPath: "/artifactory_bootstrap/artifactory.cluster.license" - {{- if .Values.artifactory.license.secret }} - subPath: {{ .Values.artifactory.license.dataKey }} - {{- else if .Values.artifactory.license.licenseKey }} - subPath: artifactory.lic - {{- end }} - {{- end }} - - name: installer-info - mountPath: "/artifactory_bootstrap/info/installer-info.json" - subPath: installer-info.json - {{- if .Values.artifactory.customVolumeMounts }} -{{ tpl .Values.artifactory.customVolumeMounts . | indent 8 }} - {{- end }} - resources: -{{ toYaml .Values.artifactory.primary.resources | indent 10 }} - {{- if .Values.artifactory.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: {{ .Values.artifactory.readinessProbe.path }} - scheme: {{ include "artifactory-ha.scheme" . | upper }} - port: {{ .Values.artifactory.internalPort }} - initialDelaySeconds: {{ .Values.artifactory.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.artifactory.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.artifactory.readinessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.artifactory.readinessProbe.failureThreshold }} - successThreshold: {{ .Values.artifactory.readinessProbe.successThreshold }} - {{- end }} - {{- if .Values.artifactory.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: {{ .Values.artifactory.livenessProbe.path }} - scheme: {{ include "artifactory-ha.scheme" . | upper }} - port: {{ .Values.artifactory.internalPort }} - initialDelaySeconds: {{ .Values.artifactory.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.artifactory.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.artifactory.livenessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.artifactory.livenessProbe.failureThreshold }} - successThreshold: {{ .Values.artifactory.livenessProbe.successThreshold }} - {{- end }} - {{- $image := .Values.logger.image.repository }} - {{- $tag := .Values.logger.image.tag }} - {{- $mountPath := .Values.artifactory.persistence.mountPath }} - {{- range .Values.artifactory.loggers }} - - name: {{ . | replace "_" "-" | replace "." "-" }} - image: '{{ $image }}:{{ $tag }}' - command: - - 'sh' - - '-c' - - 'sh /scripts/tail-log.sh {{ $mountPath }}/log {{ . }}' - volumeMounts: - - name: volume - mountPath: {{ $mountPath }} - - name: tail-logger-script - mountPath: /scripts/tail-log.sh - subPath: tail-log.sh - resources: -{{ toYaml $.Values.artifactory.loggersResources | indent 10 }} - {{- end }} - {{ if .Values.artifactory.catalinaLoggers }} - {{- range .Values.artifactory.catalinaLoggers }} - - name: {{ . | replace "_" "-" | replace "." "-" }} - image: '{{ $image }}:{{ $tag }}' - command: - - 'sh' - - '-c' - - 'sh /scripts/tail-log.sh {{ $mountPath }}/log/tomcat {{ . }}' - volumeMounts: - - name: volume - mountPath: {{ $mountPath }} - - name: tail-logger-script - mountPath: /scripts/tail-log.sh - subPath: tail-log.sh - resources: -{{ toYaml $.Values.artifactory.catalinaLoggersResources | indent 10 }} - {{- end }} - {{- end }} - {{- if .Values.filebeat.enabled }} - - name: {{ .Values.filebeat.name }} - image: "{{ .Values.filebeat.image.repository }}:{{ .Values.filebeat.image.version }}" - imagePullPolicy: {{ .Values.filebeat.image.pullPolicy }} - args: - - "-e" - - "-E" - - "http.enabled=true" - securityContext: - runAsUser: 0 - volumeMounts: - - name: filebeat-config - mountPath: /usr/share/filebeat/filebeat.yml - readOnly: true - subPath: filebeat.yml - - name: volume - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - livenessProbe: -{{ toYaml .Values.filebeat.livenessProbe | indent 10 }} - readinessProbe: -{{ toYaml .Values.filebeat.readinessProbe | indent 10 }} - resources: -{{ toYaml .Values.filebeat.resources | indent 10 }} - terminationGracePeriodSeconds: {{ .Values.terminationGracePeriod }} - {{- end }} - {{- if .Values.artifactory.customSidecarContainers }} -{{ tpl .Values.artifactory.customSidecarContainers . | indent 6 }} - {{- end }} - {{- with .Values.artifactory.primary.nodeSelector }} - nodeSelector: -{{ toYaml . | indent 8 }} - {{- end }} - {{- if .Values.artifactory.primary.affinity }} - {{- with .Values.artifactory.primary.affinity }} - affinity: -{{ toYaml . | indent 8 }} - {{- end }} - {{- else if eq .Values.artifactory.primary.podAntiAffinity.type "soft" }} - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 - podAffinityTerm: - topologyKey: {{ .Values.artifactory.primary.podAntiAffinity.topologyKey }} - labelSelector: - matchLabels: - app: {{ template "artifactory-ha.name" . }} - release: {{ .Release.Name }} - {{- else if eq .Values.artifactory.primary.podAntiAffinity.type "hard" }} - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: {{ .Values.artifactory.primary.podAntiAffinity.topologyKey }} - labelSelector: - matchLabels: - app: {{ template "artifactory-ha.name" . }} - release: {{ .Release.Name }} - {{- end }} - {{- with .Values.artifactory.primary.tolerations }} - tolerations: -{{ toYaml . | indent 8 }} - {{- end }} - volumes: - {{- if .Values.artifactory.binarystore.enabled }} - - name: binarystore-xml - secret: - {{- if .Values.artifactory.persistence.customBinarystoreXmlSecret }} - secretName: {{ .Values.artifactory.persistence.customBinarystoreXmlSecret }} - {{- else }} - secretName: {{ template "artifactory-ha.fullname" . }}-binarystore - {{- end }} - {{- end }} - {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} - - name: gcpcreds-json - secret: - {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.customSecretName }} - secretName: {{ .Values.artifactory.persistence.googleStorage.gcpServiceAccount.customSecretName }} - {{- else }} - secretName: {{ template "artifactory-ha.fullname" . }}-gcpcreds - {{- end }} - {{- end }} - {{- if or .Values.artifactory.license.secret .Values.artifactory.license.licenseKey }} - - name: artifactory-license - secret: - {{- if .Values.artifactory.license.secret }} - secretName: {{ .Values.artifactory.license.secret }} - {{- else if .Values.artifactory.license.licenseKey }} - secretName: {{ template "artifactory-ha.fullname" . }}-license - {{- end }} - {{- end }} -{{- if .Values.artifactory.migration.enabled }} - - name: migration-scripts - configMap: - name: {{ template "artifactory-ha.fullname" . }}-migration-scripts -{{- end }} - - name: installer-info - configMap: - name: {{ template "artifactory-ha.fullname" . }}-installer-info - {{- if .Values.artifactory.userPluginSecrets }} - - name: bootstrap-plugins - emptyDir: {} - {{- range .Values.artifactory.userPluginSecrets }} - - name: {{ tpl . $ }} - secret: - secretName: {{ tpl . $ }} - {{- end }} - {{- end }} - {{- if .Values.artifactory.configMapName }} - - name: bootstrap-config - configMap: - name: {{ .Values.artifactory.configMapName }} - {{- end}} - {{- if or .Values.artifactory.loggers .Values.artifactory.catalinaLoggers }} - - name: tail-logger-script - configMap: - name: {{ template "artifactory-ha.fullname" . }}-logger - {{- end }} - {{- if .Values.artifactory.configMaps }} - - name: artifactory-configmaps - configMap: - name: {{ template "artifactory-ha.fullname" . }}-configmaps - {{- end }} - {{- if or (and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey) .Values.artifactory.admin.password }} - - name: access-bootstrap-creds - secret: - {{- if and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey }} - secretName: {{ .Values.artifactory.admin.secret }} - {{- else }} - secretName: {{ template "artifactory-ha.fullname" . }}-bootstrap-creds - {{- end }} - {{- end }} - {{- if eq .Values.artifactory.persistence.type "file-system" }} - {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} - {{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }} - - name: artifactory-ha-data-{{ $sharedClaimNumber }} - persistentVolumeClaim: - claimName: {{ template "artifactory-ha.fullname" $ }}-data-pvc-{{ $sharedClaimNumber }} - {{- end }} - - name: artifactory-ha-backup - persistentVolumeClaim: - claimName: {{ template "artifactory-ha.fullname" $ }}-backup-pvc - {{- end }} - {{- end }} - {{- if eq .Values.artifactory.persistence.type "nfs" }} - - name: artifactory-ha-data - persistentVolumeClaim: - claimName: {{ template "artifactory-ha.fullname" . }}-data-pvc - - name: artifactory-ha-backup - persistentVolumeClaim: - claimName: {{ template "artifactory-ha.fullname" . }}-backup-pvc - {{- end }} - - name: systemyaml - secret: - secretName: {{ template "artifactory-ha.primary.name" . }}-system-yaml - {{- if .Values.access.accessConfig }} - - name: access-config - secret: - secretName: {{ template "artifactory-ha.fullname" . }}-access-config - {{- end }} - {{- if .Values.access.customCertificatesSecretName }} - - name: access-certs - secret: - secretName: {{ .Values.access.customCertificatesSecretName }} - {{- end }} - {{- if .Values.artifactory.customPersistentVolumeClaim }} - - name: {{ .Values.artifactory.customPersistentVolumeClaim.name }} - persistentVolumeClaim: - claimName: {{ .Values.artifactory.customPersistentVolumeClaim.name }} - {{- end }} - {{- if .Values.filebeat.enabled }} - - name: filebeat-config - configMap: - name: {{ template "artifactory-ha.fullname" . }}-filebeat-config - {{- end }} - {{- if .Values.artifactory.customVolumes }} -{{ tpl .Values.artifactory.customVolumes . | indent 6 }} - {{- end }} - {{- if not .Values.artifactory.persistence.enabled }} - - name: volume - emptyDir: - sizeLimit: {{ .Values.artifactory.persistence.size }} - {{- end }} - volumeClaimTemplates: - {{- if .Values.artifactory.persistence.enabled }} - - metadata: - name: volume - {{- if not .Values.artifactory.primary.persistence.existingClaim }} - spec: - {{- if .Values.artifactory.persistence.storageClassName }} - {{- if (eq "-" .Values.artifactory.persistence.storageClassName) }} - storageClassName: "" - {{- else }} - storageClassName: "{{ .Values.artifactory.persistence.storageClassName }}" - {{- end }} - {{- end }} - accessModes: [ "{{ .Values.artifactory.persistence.accessMode }}" ] - resources: - requests: - storage: {{ .Values.artifactory.persistence.size }} - {{- end }} - {{- end }} - {{- if .Values.artifactory.customPersistentPodVolumeClaim }} - - metadata: - name: {{ .Values.artifactory.customPersistentPodVolumeClaim.name }} - spec: - {{- if .Values.artifactory.customPersistentPodVolumeClaim.storageClassName }} - {{- if (eq "-" .Values.artifactory.customPersistentPodVolumeClaim.storageClassName) }} - storageClassName: "" - {{- else }} - storageClassName: "{{ .Values.artifactory.customPersistentPodVolumeClaim.storageClassName }}" - {{- end }} - {{- end }} - accessModes: - {{- range .Values.artifactory.customPersistentPodVolumeClaim.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.artifactory.customPersistentPodVolumeClaim.size }} - {{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-priority-class.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-priority-class.yaml deleted file mode 100755 index 417ec5c06..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-priority-class.yaml +++ /dev/null @@ -1,9 +0,0 @@ -{{- if .Values.artifactory.priorityClass.create }} -apiVersion: scheduling.k8s.io/v1 -kind: PriorityClass -metadata: - name: {{ default (include "artifactory-ha.fullname" .) .Values.artifactory.priorityClass.name }} -value: {{ .Values.artifactory.priorityClass.value }} -globalDefault: false -description: "Artifactory priority class" -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-role.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-role.yaml deleted file mode 100755 index c86bffddd..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-role.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.rbac.create }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - component: {{ .Values.artifactory.name }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - name: {{ template "artifactory-ha.fullname" . }} -rules: -{{ toYaml .Values.rbac.role.rules }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-rolebinding.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-rolebinding.yaml deleted file mode 100755 index 4412870b1..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-rolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.rbac.create }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - component: {{ .Values.artifactory.name }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - name: {{ template "artifactory-ha.fullname" . }} -subjects: -- kind: ServiceAccount - name: {{ template "artifactory-ha.serviceAccountName" . }} -roleRef: - kind: Role - apiGroup: rbac.authorization.k8s.io - name: {{ template "artifactory-ha.fullname" . }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-secrets.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-secrets.yaml deleted file mode 100755 index 260e516b9..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-secrets.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "artifactory-ha.fullname" . }} - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -type: Opaque -data: -{{- if and .Values.artifactory.masterKey (not .Values.artifactory.masterKeySecretName) }} - master-key: {{ .Values.artifactory.masterKey | b64enc | quote }} -{{- end }} -{{- if and .Values.artifactory.joinKey (not .Values.artifactory.joinKeySecretName) }} - join-key: {{ .Values.artifactory.joinKey | b64enc | quote }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-service.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-service.yaml deleted file mode 100755 index 68b467ea5..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-service.yaml +++ /dev/null @@ -1,107 +0,0 @@ -# Service for all Artifactory cluster nodes. -apiVersion: v1 -kind: Service -metadata: - name: {{ template "artifactory-ha.fullname" . }} - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - component: {{ .Values.artifactory.name }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - {{- with .Values.artifactory.node.labels }} -{{ toYaml .| indent 4 }} - {{- end }} -{{- if .Values.artifactory.service.annotations }} - annotations: -{{ toYaml .Values.artifactory.service.annotations | indent 4 }} -{{- end }} -spec: - type: {{ .Values.artifactory.service.type }} - {{- if and (eq .Values.artifactory.service.type "ClusterIP") .Values.artifactory.service.clusterIP }} - clusterIP: {{ .Values.artifactory.service.clusterIP }} - {{- end }} - {{- if .Values.artifactory.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml .Values.artifactory.service.loadBalancerSourceRanges | indent 4 }} - {{- end }} - ports: - - port: {{ .Values.artifactory.externalPort }} - targetPort: {{ .Values.artifactory.internalPort }} - protocol: TCP - name: router - {{- if .Values.artifactory.ssh.enabled }} - - port: {{ .Values.artifactory.ssh.externalPort }} - targetPort: {{ .Values.artifactory.ssh.internalPort }} - protocol: TCP - name: ssh - {{- end }} - - port: {{ .Values.artifactory.externalArtifactoryPort }} - targetPort: {{ .Values.artifactory.internalArtifactoryPort }} - protocol: TCP - name: artifactory - {{- with .Values.artifactory.node.javaOpts.jmx }} - {{- if .enabled }} - - port: {{ .port }} - targetPort: {{ .port }} - protocol: TCP - name: jmx - {{- end }} - {{- end }} - selector: -{{- if eq .Values.artifactory.service.pool "members" }} - role: {{ template "artifactory-ha.node.name" . }} -{{- end }} - app: {{ template "artifactory-ha.name" . }} - component: "{{ .Values.artifactory.name }}" - release: {{ .Release.Name }} ---- -# Internal service for Artifactory primary node only! -# Used by member nodes to check readiness of primary node before starting up -apiVersion: v1 -kind: Service -metadata: - name: {{ template "artifactory-ha.primary.name" . }} - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - component: {{ .Values.artifactory.name }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - {{- with .Values.artifactory.primary.labels }} -{{ toYaml . | indent 4 }} - {{- end }} -spec: - # Statically setting service type to ClusterIP since this is an internal only service - type: ClusterIP - {{- if and (eq .Values.artifactory.service.type "ClusterIP") .Values.artifactory.service.clusterIP }} - clusterIP: {{ .Values.artifactory.service.clusterIP }} - {{- end }} - ports: - - port: {{ .Values.artifactory.externalPort }} - targetPort: {{ .Values.artifactory.internalPort }} - protocol: TCP - name: router - - port: {{ .Values.artifactory.externalArtifactoryPort }} - targetPort: {{ .Values.artifactory.internalArtifactoryPort }} - protocol: TCP - name: artifactory - {{- if .Values.artifactory.ssh.enabled }} - - port: {{ .Values.artifactory.ssh.externalPort }} - targetPort: {{ .Values.artifactory.ssh.internalPort }} - protocol: TCP - name: ssh - {{- end }} - {{- with .Values.artifactory.primary.javaOpts.jmx }} - {{- if .enabled }} - - port: {{ .port }} - targetPort: {{ .port }} - protocol: TCP - name: jmx - {{- end }} - {{- end }} - selector: - role: {{ template "artifactory-ha.primary.name" . }} - app: {{ template "artifactory-ha.name" . }} - component: "{{ .Values.artifactory.name }}" - release: {{ .Release.Name }} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-serviceaccount.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-serviceaccount.yaml deleted file mode 100755 index 6983c1d12..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: -{{- with .Values.serviceAccount.annotations }} - annotations: -{{ tpl (toYaml .) $ | indent 4 }} -{{- end }} - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - component: {{ .Values.artifactory.name }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - name: {{ template "artifactory-ha.serviceAccountName" . }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-storage-pvc.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-storage-pvc.yaml deleted file mode 100755 index e0bfa6b11..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-storage-pvc.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{ if .Values.artifactory.customPersistentVolumeClaim }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ .Values.artifactory.customPersistentVolumeClaim.name }} - labels: - app: {{ template "artifactory-ha.name" . }} - version: "{{ .Values.artifactory.version }}" - chart: {{ template "artifactory-ha.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - accessModes: - {{- range .Values.artifactory.customPersistentVolumeClaim.accessModes }} - - {{ . | quote }} - {{- end }} - {{- if .Values.artifactory.customPersistentVolumeClaim.storageClassName }} - {{- if (eq "-" .Values.artifactory.customPersistentVolumeClaim.storageClassName) }} - storageClassName: "" - {{- else }} - storageClassName: "{{ .Values.artifactory.customPersistentVolumeClaim.storageClassName }}" - {{- end }} - {{- end }} - resources: - requests: - storage: {{ .Values.artifactory.customPersistentVolumeClaim.size | quote }} -{{ end -}} \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-system-yaml.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-system-yaml.yaml deleted file mode 100755 index cf8ffbac8..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-system-yaml.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "artifactory-ha.primary.name" . }}-system-yaml - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - component: {{ .Values.artifactory.name }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -type: Opaque -stringData: - system.yaml: | -{{ tpl .Values.artifactory.systemYaml . | indent 4 }} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/filebeat-configmap.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/filebeat-configmap.yaml deleted file mode 100755 index d2db2a067..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/filebeat-configmap.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if .Values.filebeat.enabled }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "artifactory-ha.name" . }}-filebeat-config - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version }} - heritage: {{ .Release.Service | quote }} - release: {{ .Release.Name | quote }} -data: - filebeat.yml: | -{{ tpl .Values.filebeat.filebeatYml . | indent 4 }} -{{- end -}} \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/ingress.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/ingress.yaml deleted file mode 100755 index 262647f9c..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/ingress.yaml +++ /dev/null @@ -1,102 +0,0 @@ -{{- if .Values.ingress.enabled -}} -{{- $serviceName := include "artifactory-ha.fullname" . -}} -{{- $servicePort := .Values.artifactory.externalPort -}} -{{- $artifactoryServicePort := .Values.artifactory.externalArtifactoryPort -}} -{{- $ingressName := default ( include "artifactory-ha.fullname" . ) .Values.ingress.name -}} -{{- if semverCompare ">=v1.14.0" .Capabilities.KubeVersion.GitVersion }} -apiVersion: networking.k8s.io/v1beta1 -{{- else }} -apiVersion: extensions/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: {{ $ingressName }} - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -{{- if .Values.ingress.labels }} -{{ .Values.ingress.labels | toYaml | trimSuffix "\n"| indent 4 -}} -{{- end}} -{{- if .Values.ingress.annotations }} - annotations: -{{ .Values.ingress.annotations | toYaml | trimSuffix "\n" | indent 4 -}} -{{- end }} -spec: - {{- if .Values.ingress.defaultBackend.enabled }} - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end }} - rules: -{{- if .Values.ingress.hosts }} - {{- range $host := .Values.ingress.hosts }} - - host: {{ $host | quote }} - http: - paths: - - path: {{ $.Values.ingress.routerPath }} - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - - path: {{ $.Values.ingress.artifactoryPath }} - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $artifactoryServicePort }} - {{- end -}} -{{- end -}} - {{- with .Values.ingress.additionalRules }} -{{ tpl . $ | indent 2 }} - {{- end }} - {{- if .Values.ingress.tls }} - tls: -{{ toYaml .Values.ingress.tls | indent 4 }} - {{- end -}} -{{- if .Values.artifactory.replicator.enabled }} ---- -{{- $replicationIngressName := default ( include "artifactory-ha.replicator.fullname" . ) .Values.artifactory.replicator.ingress.name -}} -{{- if semverCompare ">=v1.14.0" .Capabilities.KubeVersion.GitVersion }} -apiVersion: networking.k8s.io/v1beta1 -{{- else }} -apiVersion: extensions/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: {{ $replicationIngressName }} - labels: - app: "{{ template "artifactory-ha.name" $ }}" - chart: "{{ template "artifactory-ha.chart" $ }}" - release: {{ $.Release.Name | quote }} - heritage: {{ $.Release.Service | quote }} - {{- if .Values.artifactory.replicator.ingress.annotations }} - annotations: -{{ .Values.artifactory.replicator.ingress.annotations | toYaml | trimSuffix "\n" | indent 4 -}} - {{- end }} -spec: - {{- if .Values.ingress.defaultBackend.enabled }} - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end }} - rules: -{{- if .Values.artifactory.replicator.ingress.hosts }} - {{- range $host := .Values.artifactory.replicator.ingress.hosts }} - - host: {{ $host | quote }} - http: - paths: - - path: /replicator/ - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - - path: /artifactory/api/replication/replicate/file/streaming - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end -}} -{{- end -}} - {{- if .Values.artifactory.replicator.ingress.tls }} - tls: -{{ toYaml .Values.artifactory.replicator.ingress.tls | indent 4 }} - {{- end -}} -{{- end -}} -{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/logger-configmap.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/logger-configmap.yaml deleted file mode 100755 index 87fe8999e..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/logger-configmap.yaml +++ /dev/null @@ -1,63 +0,0 @@ -{{- if or .Values.artifactory.loggers .Values.artifactory.catalinaLoggers }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "artifactory-ha.fullname" . }}-logger - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - tail-log.sh: | - #!/bin/sh - - LOG_DIR=$1 - LOG_NAME=$2 - PID= - - # Wait for log dir to appear - while [ ! -d ${LOG_DIR} ]; do - sleep 1 - done - - cd ${LOG_DIR} - - LOG_PREFIX=$(echo ${LOG_NAME} | sed 's/.log$//g') - - # Find the log to tail - LOG_FILE=$(ls -1t ./${LOG_PREFIX}*.log 2>/dev/null | head -1) - - # Wait for the log file - while [ -z "${LOG_FILE}" ]; do - sleep 1 - LOG_FILE=$(ls -1t ./${LOG_PREFIX}*.log 2>/dev/null | head -1) - done - - echo "Log file ${LOG_FILE} is ready!" - - # Get inode number - INODE_ID=$(ls -i ${LOG_FILE}) - - # echo "Tailing ${LOG_FILE}" - tail -F ${LOG_FILE} & - PID=$! - - # Loop forever to see if a new log was created - while true; do - # Check inode number - NEW_INODE_ID=$(ls -i ${LOG_FILE}) - - # If inode number changed, this means log was rotated and need to start a new tail - if [ "${INODE_ID}" != "${NEW_INODE_ID}" ]; then - kill -9 ${PID} 2>/dev/null - INODE_ID="${NEW_INODE_ID}" - - # Start a new tail - tail -F ${LOG_FILE} & - PID=$! - fi - sleep 1 - done - -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/nginx-artifactory-conf.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/nginx-artifactory-conf.yaml deleted file mode 100755 index eb1f0e698..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/nginx-artifactory-conf.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if and (not .Values.nginx.customArtifactoryConfigMap) .Values.nginx.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "artifactory-ha.fullname" . }}-nginx-artifactory-conf - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - artifactory.conf: | -{{ tpl .Values.nginx.artifactoryConf . | indent 4 }} -{{- end }} \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/nginx-certificate-secret.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/nginx-certificate-secret.yaml deleted file mode 100755 index 2c1430a18..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/nginx-certificate-secret.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if and (not .Values.nginx.tlsSecretName) .Values.nginx.enabled }} -apiVersion: v1 -kind: Secret -type: kubernetes.io/tls -metadata: - name: {{ template "artifactory-ha.fullname" . }}-nginx-certificate - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: -{{ ( include "artifactory-ha.gen-certs" . ) | indent 2 }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/nginx-conf.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/nginx-conf.yaml deleted file mode 100755 index 5f424d52a..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/nginx-conf.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if and (not .Values.nginx.customConfigMap) .Values.nginx.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "artifactory-ha.fullname" . }}-nginx-conf - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - nginx.conf: | -{{ tpl .Values.nginx.mainConf . | indent 4 }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/nginx-deployment.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/nginx-deployment.yaml deleted file mode 100755 index 4327e7479..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/nginx-deployment.yaml +++ /dev/null @@ -1,192 +0,0 @@ -{{- if .Values.nginx.enabled -}} -{{- $serviceName := include "artifactory-ha.fullname" . -}} -{{- $servicePort := .Values.artifactory.externalPort -}} -apiVersion: apps/v1 -kind: {{ .Values.nginx.kind }} -metadata: - name: {{ template "artifactory-ha.nginx.fullname" . }} - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - component: {{ .Values.nginx.name }} -{{- if .Values.nginx.labels }} -{{ toYaml .Values.nginx.labels | indent 4 }} -{{- end }} -spec: -{{- if ne .Values.nginx.kind "DaemonSet" }} - replicas: {{ .Values.nginx.replicaCount }} -{{- end }} - selector: - matchLabels: - app: {{ template "artifactory-ha.name" . }} - release: {{ .Release.Name }} - component: {{ .Values.nginx.name }} - template: - metadata: - annotations: - checksum/nginx-conf: {{ include (print $.Template.BasePath "/nginx-conf.yaml") . | sha256sum }} - checksum/nginx-artifactory-conf: {{ include (print $.Template.BasePath "/nginx-artifactory-conf.yaml") . | sha256sum }} - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - component: {{ .Values.nginx.name }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - serviceAccountName: {{ template "artifactory-ha.serviceAccountName" . }} - {{- if .Values.imagePullSecrets }} - imagePullSecrets: - - name: {{ .Values.imagePullSecrets }} - {{- end }} - initContainers: - - name: "setup" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: {{ .Values.nginx.image.pullPolicy }} - command: - - '/bin/sh' - - '-c' - - > - rm -rfv {{ .Values.nginx.persistence.mountPath }}/lost+found; - mkdir -p {{ .Values.nginx.persistence.mountPath }}/logs; - volumeMounts: - - mountPath: {{ .Values.nginx.persistence.mountPath | quote }} - name: nginx-volume - securityContext: - runAsUser: {{ .Values.nginx.uid }} - fsGroup: {{ .Values.nginx.gid }} - containers: - - name: {{ .Values.nginx.name }} - image: '{{ .Values.nginx.image.repository }}:{{ default .Chart.AppVersion .Values.nginx.image.version }}' - imagePullPolicy: {{ .Values.nginx.image.pullPolicy }} - command: - - 'nginx' - - '-g' - - 'daemon off;' - ports: - # DEPRECATION NOTE: The following is to maintain support for values pre 1.3.1 and - # will be cleaned up in a later version - {{- if .Values.nginx.http }} - {{- if .Values.nginx.http.enabled }} - - containerPort: {{ .Values.nginx.http.internalPort }} - {{- end }} - {{- else }} # DEPRECATED - - containerPort: {{ .Values.nginx.internalPortHttp }} - {{- end }} - {{- if .Values.nginx.https }} - {{- if .Values.nginx.https.enabled }} - - containerPort: {{ .Values.nginx.https.internalPort }} - {{- end }} - {{- else }} # DEPRECATED - - containerPort: {{ .Values.nginx.internalPortHttps }} - {{- end }} - {{- if .Values.artifactory.ssh.enabled }} - - containerPort: {{ .Values.nginx.ssh.internalPort }} - {{- end }} - volumeMounts: - - name: nginx-conf - mountPath: /etc/nginx/nginx.conf - subPath: nginx.conf - - name: nginx-artifactory-conf - mountPath: "{{ .Values.nginx.persistence.mountPath }}/conf.d/" - - name: nginx-volume - mountPath: {{ .Values.nginx.persistence.mountPath | quote }} - - name: ssl-certificates - mountPath: "{{ .Values.nginx.persistence.mountPath }}/ssl" - resources: -{{ toYaml .Values.nginx.resources | indent 10 }} - {{- if .Values.nginx.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: {{ .Values.nginx.readinessProbe.path }} - {{- if .Values.nginx.http.enabled }} - port: {{ .Values.nginx.http.internalPort }} - scheme: HTTP - {{- else }} - port: {{ .Values.nginx.https.internalPort }} - scheme: HTTPS - {{- end }} - initialDelaySeconds: {{ .Values.nginx.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.nginx.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.nginx.readinessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.nginx.readinessProbe.failureThreshold }} - successThreshold: {{ .Values.nginx.readinessProbe.successThreshold }} - {{- end }} - {{- if .Values.nginx.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: {{ .Values.nginx.livenessProbe.path }} - {{- if .Values.nginx.http.enabled }} - port: {{ .Values.nginx.http.internalPort }} - scheme: HTTP - {{- else }} - port: {{ .Values.nginx.https.internalPort }} - scheme: HTTPS - {{- end }} - initialDelaySeconds: {{ .Values.nginx.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.nginx.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.nginx.livenessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.nginx.livenessProbe.failureThreshold }} - successThreshold: {{ .Values.nginx.livenessProbe.successThreshold }} - {{- end }} - {{- $image := .Values.logger.image.repository }} - {{- $tag := .Values.logger.image.tag }} - {{- $mountPath := .Values.nginx.persistence.mountPath }} - {{- range .Values.nginx.loggers }} - - name: {{ . | replace "_" "-" | replace "." "-" }} - image: '{{ $image }}:{{ $tag }}' - command: - - tail - args: - - '-F' - - '{{ $mountPath }}/logs/{{ . }}' - volumeMounts: - - name: nginx-volume - mountPath: {{ $mountPath }} - resources: -{{ toYaml $.Values.nginx.loggersResources | indent 10 }} - {{- end }} - {{- with .Values.nginx.nodeSelector }} - nodeSelector: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.nginx.affinity }} - affinity: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.nginx.tolerations }} - tolerations: -{{ toYaml . | indent 8 }} - {{- end }} - volumes: - - name: nginx-conf - configMap: - {{- if .Values.nginx.customConfigMap }} - name: {{ .Values.nginx.customConfigMap }} - {{- else }} - name: {{ template "artifactory-ha.fullname" . }}-nginx-conf - {{- end }} - - name: nginx-artifactory-conf - configMap: - {{- if .Values.nginx.customArtifactoryConfigMap }} - name: {{ .Values.nginx.customArtifactoryConfigMap }} - {{- else }} - name: {{ template "artifactory-ha.fullname" . }}-nginx-artifactory-conf - {{- end }} - - - name: nginx-volume - {{- if .Values.nginx.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ .Values.nginx.persistence.existingClaim | default (include "artifactory-ha.nginx.fullname" .) }} - {{- else }} - emptyDir: {} - {{- end }} - - name: ssl-certificates - secret: - {{- if .Values.nginx.tlsSecretName }} - secretName: {{ .Values.nginx.tlsSecretName }} - {{- else }} - secretName: {{ template "artifactory-ha.fullname" . }}-nginx-certificate - {{- end }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/nginx-pdb.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/nginx-pdb.yaml deleted file mode 100755 index 8310377a6..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/nginx-pdb.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.nginx.enabled -}} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ template "artifactory-ha.nginx.fullname" . }} - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - component: {{ .Values.nginx.name }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - matchLabels: - component: {{ .Values.nginx.name }} - app: {{ template "artifactory-ha.name" . }} - release: {{ .Release.Name }} - minAvailable: {{ .Values.nginx.minAvailable }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/nginx-pvc.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/nginx-pvc.yaml deleted file mode 100755 index 68a89cea0..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/nginx-pvc.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if and .Values.nginx.persistence.enabled (.Values.nginx.enabled) (eq (int .Values.nginx.replicaCount) 1) }} -{{- if (not .Values.nginx.persistence.existingClaim) }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ template "artifactory-ha.nginx.fullname" . }} - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - accessModes: - - {{ .Values.nginx.persistence.accessMode | quote }} - resources: - requests: - storage: {{ .Values.nginx.persistence.size | quote }} -{{- if .Values.nginx.persistence.storageClass }} -{{- if (eq "-" .Values.nginx.persistence.storageClass) }} - storageClassName: "" -{{- else }} - storageClassName: "{{ .Values.nginx.persistence.storageClass }}" -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/nginx-service.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/nginx-service.yaml deleted file mode 100755 index d0e10e248..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/nginx-service.yaml +++ /dev/null @@ -1,79 +0,0 @@ -{{- if .Values.nginx.enabled -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "artifactory-ha.nginx.fullname" . }} - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - component: {{ .Values.nginx.name }} - {{- if .Values.nginx.service.labels }} -{{ toYaml .Values.nginx.service.labels | indent 4 }} - {{- end }} -{{- if .Values.nginx.service.annotations }} - annotations: -{{ toYaml .Values.nginx.service.annotations | indent 4 }} -{{- end }} -spec: - type: {{ .Values.nginx.service.type }} - {{- if and (eq .Values.nginx.service.type "ClusterIP") .Values.nginx.service.clusterIP }} - clusterIP: {{ .Values.nginx.service.clusterIP }} - {{- end }} -{{- if eq .Values.nginx.service.type "LoadBalancer" }} - {{ if .Values.nginx.service.loadBalancerIP -}} - loadBalancerIP: {{ .Values.nginx.service.loadBalancerIP }} - {{ end -}} - {{- if .Values.nginx.service.externalTrafficPolicy }} - externalTrafficPolicy: {{ .Values.nginx.service.externalTrafficPolicy }} - {{- end }} -{{- end }} -{{- if .Values.nginx.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml .Values.nginx.service.loadBalancerSourceRanges | indent 4 }} -{{- end }} - ports: - # DEPRECATION NOTE: The following is to maintain support for values pre 1.3.0 and - # will be cleaned up in a later verion - {{- if .Values.nginx.http }} - {{- if .Values.nginx.http.enabled }} - - port: {{ .Values.nginx.http.externalPort }} - targetPort: {{ .Values.nginx.http.internalPort }} - protocol: TCP - name: http - {{- end }} - {{- else }} # DEPRECATED - - port: {{ .Values.nginx.externalPortHttp }} - targetPort: {{ .Values.nginx.internalPortHttp }} - protocol: TCP - name: http - {{- end }} - {{- if .Values.nginx.https }} - {{- if or .Values.nginx.https.enabled .Values.nginx.service.ssloffload }} - - port: {{ .Values.nginx.https.externalPort }} - {{- if .Values.nginx.service.ssloffload }} - targetPort: {{ .Values.nginx.http.internalPort }} - {{- else }} - targetPort: {{ .Values.nginx.https.internalPort}} - {{- end }} - protocol: TCP - name: https - {{- end }} - {{- else }} # DEPRECATED - - port: {{ .Values.nginx.externalPortHttps }} - targetPort: {{ .Values.nginx.internalPortHttps }} - protocol: TCP - name: https - {{- end }} - {{- if .Values.artifactory.ssh.enabled }} - - port: {{ .Values.nginx.ssh.externalPort }} - targetPort: {{ .Values.nginx.ssh.internalPort }} - protocol: TCP - name: ssh - {{- end }} - selector: - app: {{ template "artifactory-ha.name" . }} - component: {{ .Values.nginx.name }} - release: {{ .Release.Name }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/values-large.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/values-large.yaml deleted file mode 100755 index ec05d2add..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/values-large.yaml +++ /dev/null @@ -1,24 +0,0 @@ -artifactory: - primary: - resources: - requests: - memory: "6Gi" - cpu: "4" - limits: - memory: "10Gi" - cpu: "8" - javaOpts: - xms: "6g" - xmx: "8g" - node: - replicaCount: 3 - resources: - requests: - memory: "6Gi" - cpu: "4" - limits: - memory: "10Gi" - cpu: "8" - javaOpts: - xms: "6g" - xmx: "8g" diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/values-medium.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/values-medium.yaml deleted file mode 100755 index 33879c00b..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/values-medium.yaml +++ /dev/null @@ -1,24 +0,0 @@ -artifactory: - primary: - resources: - requests: - memory: "4Gi" - cpu: "2" - limits: - memory: "8Gi" - cpu: "6" - javaOpts: - xms: "4g" - xmx: "6g" - node: - replicaCount: 2 - resources: - requests: - memory: "4Gi" - cpu: "2" - limits: - memory: "8Gi" - cpu: "6" - javaOpts: - xms: "4g" - xmx: "6g" diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/values-small.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/values-small.yaml deleted file mode 100755 index 4babf97cb..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/values-small.yaml +++ /dev/null @@ -1,24 +0,0 @@ -artifactory: - primary: - resources: - requests: - memory: "4Gi" - cpu: "2" - limits: - memory: "6Gi" - cpu: "4" - javaOpts: - xms: "4g" - xmx: "4g" - node: - replicaCount: 1 - resources: - requests: - memory: "4Gi" - cpu: "2" - limits: - memory: "6Gi" - cpu: "4" - javaOpts: - xms: "4g" - xmx: "4g" diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/values.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/values.yaml deleted file mode 100755 index f0ff3a1c5..000000000 --- a/charts/artifactory-ha/artifactory-ha/3.0.1400/values.yaml +++ /dev/null @@ -1,1551 +0,0 @@ -# Default values for artifactory-ha. -# This is a YAML-formatted file. -# Beware when changing values here. You should know what you are doing! -# Access the values with {{ .Values.key.subkey }} - -# Common -initContainerImage: docker.bintray.io/alpine:3.12 - -installer: - type: - platform: - -installerInfo: '{"productId": "Helm_artifactory-ha/{{ .Chart.Version }}", "features": [ { "featureId": "Platform/{{ default "kubernetes" .Values.installer.platform }}"}]}' - -# For supporting pulling from private registries -imagePullSecrets: - -## Role Based Access Control -## Ref: https://kubernetes.io/docs/admin/authorization/rbac/ -rbac: - create: true - role: - ## Rules to create. It follows the role specification - rules: - - apiGroups: - - '' - resources: - - services - - endpoints - - pods - verbs: - - get - - watch - - list - -## Service Account -## Ref: https://kubernetes.io/docs/admin/service-accounts-admin/ -## -serviceAccount: - create: true - ## The name of the ServiceAccount to use. - ## If not set and create is true, a name is generated using the fullname template - name: - annotations: {} - -ingress: - enabled: false - defaultBackend: - enabled: true - # Used to create an Ingress record. - hosts: [] - routerPath: / - artifactoryPath: /artifactory/ - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - # nginx.ingress.kubernetes.io/proxy-body-size: "0" - labels: {} - # traffic-type: external - # traffic-type: internal - tls: [] - # Secrets must be manually created in the namespace. - # - secretName: chart-example-tls - # hosts: - # - artifactory.domain.example - - # Additional ingress rules - additionalRules: [] - - -networkpolicy: - # Allows all ingress and egress - - name: artifactory - podSelector: - matchLabels: - app: artifactory-ha - egress: - - {} - ingress: - - {} - # Uncomment to allow only artifactory pods to communicate with postgresql (if postgresql.enabled is true) - # - name: postgresql - # podSelector: - # matchLabels: - # app: postgresql - # ingress: - # - from: - # - podSelector: - # matchLabels: - # app: artifactory-ha - - -## Database configurations -## Use the wait-for-db init container. Set to false to skip -waitForDatabase: true - -## Configuration values for the postgresql dependency -## ref: https://github.com/bitnami/charts/blob/master/bitnami/postgresql/README.md -## -postgresql: - enabled: true - image: - registry: docker.bintray.io - repository: bitnami/postgresql - tag: 10.13.0-debian-10-r38 - postgresqlUsername: artifactory - postgresqlPassword: "" - postgresqlDatabase: artifactory - postgresqlExtendedConf: - listenAddresses: "'*'" - maxConnections: "1500" - persistence: - enabled: true - size: 50Gi - service: - port: 5432 - master: - nodeSelector: {} - affinity: {} - tolerations: [] - slave: - nodeSelector: {} - affinity: {} - tolerations: [] - resources: {} - # requests: - # memory: "512Mi" - # cpu: "100m" - # limits: - # memory: "1Gi" - # cpu: "500m" - -## If NOT using the PostgreSQL in this chart (postgresql.enabled=false), -## you MUST specify custom database details here or Artifactory will NOT start -database: - type: - driver: - ## If you set the url, leave host and port empty - url: - ## If you would like this chart to create the secret containing the db - ## password, use these values - user: - password: - ## If you have existing Kubernetes secrets containing db credentials, use - ## these values - secrets: {} - # user: - # name: "rds-artifactory" - # key: "db-user" - # password: - # name: "rds-artifactory" - # key: "db-password" - # url: - # name: "rds-artifactory" - # key: "db-url" - -logger: - image: - repository: docker.bintray.io/busybox - tag: 1.31.1 - -# Artifactory -artifactory: - name: artifactory-ha - # Note that by default we use appVersion to get image tag/version - image: - repository: docker.bintray.io/jfrog/artifactory-pro - # version: - pullPolicy: IfNotPresent - - # Create a priority class for the Artifactory pods or use an existing one - # NOTE - Maximum allowed value of a user defined priority is 1000000000 - priorityClass: - create: false - value: 1000000000 - ## Override default name - # name: - ## Use an existing priority class - # existingPriorityClass: - - # Delete the db.properties file in ARTIFACTORY_HOME/etc/db.properties - deleteDBPropertiesOnStartup: true - database: - maxOpenConnections: 80 - tomcat: - connector: - maxThreads: 200 - extraConfig: 'acceptCount="100"' - - # This directory is intended for use with NFS eventual configuration for HA - haDataDir: - enabled: false - path: - haBackupDir: - enabled: false - path: - - # Files to copy to ARTIFACTORY_HOME/ on each Artifactory startup - copyOnEveryStartup: - # # Absolute path - # - source: /artifactory_bootstrap/binarystore.xml - # # Relative to ARTIFACTORY_HOME/ - # target: etc/artifactory/ - # # Absolute path - # - source: /artifactory_bootstrap/artifactory.lic - # # Relative to ARTIFACTORY_HOME/ - # target: etc/artifactory/ - - # Sidecar containers for tailing Artifactory logs - loggers: [] - # - access-audit.log - # - access-request.log - # - access-security-audit.log - # - access-service.log - # - artifactory-access.log - # - artifactory-event.log - # - artifactory-import-export.log - # - artifactory-request.log - # - artifactory-service.log - # - frontend-request.log - # - frontend-service.log - # - metadata-request.log - # - metadata-service.log - # - router-request.log - # - router-service.log - # - router-traefik.log - # - derby.log - - # Loggers containers resources - loggersResources: {} - # requests: - # memory: "10Mi" - # cpu: "10m" - # limits: - # memory: "100Mi" - # cpu: "50m" - - # Sidecar containers for tailing Tomcat (catalina) logs - catalinaLoggers: [] - # - tomcat-catalina.log - # - tomcat-localhost.log - - # Tomcat (catalina) loggers resources - catalinaLoggersResources: {} - # requests: - # memory: "10Mi" - # cpu: "10m" - # limits: - # memory: "100Mi" - # cpu: "50m" - - # Migration support from 6.x to 7.x - migration: - enabled: true - timeoutSeconds: 3600 - ## Extra pre-start command in migration Init Container to install JDBC driver for MySql/MariaDb/Oracle - # preStartCommand: "mkdir -p /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib; cd /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib && wget -O /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib/mysql-connector-java-5.1.41.jar https://jcenter.bintray.com/mysql/mysql-connector-java/5.1.41/mysql-connector-java-5.1.41.jar" - - - ## Add custom init containers execution before predefined init containers - customInitContainersBegin: | - # - name: "custom-setup" - # image: "{{ .Values.initContainerImage }}" - # imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" - # command: - # - 'sh' - # - '-c' - # - 'touch {{ .Values.artifactory.persistence.mountPath }}/example-custom-setup' - # volumeMounts: - # - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - # name: volume - ## Add custom init containers - - ## Add custom init containers execution after predefined init containers - customInitContainers: | - # - name: "custom-setup" - # image: "{{ .Values.initContainerImage }}" - # imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" - # command: - # - 'sh' - # - '-c' - # - 'touch {{ .Values.artifactory.persistence.mountPath }}/example-custom-setup' - # volumeMounts: - # - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - # name: volume - - ## Add custom sidecar containers - # - The provided example uses a custom volume (customVolumes) - # - The provided example shows running container as root (id 0) - customSidecarContainers: | - # - name: "sidecar-list-etc" - # image: "{{ .Values.initContainerImage }}" - # imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" - # securityContext: - # runAsUser: 0 - # fsGroup: 0 - # command: - # - 'sh' - # - '-c' - # - 'sh /scripts/script.sh' - # volumeMounts: - # - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - # name: volume - # - mountPath: "/scripts/script.sh" - # name: custom-script - # subPath: script.sh - # resources: - # requests: - # memory: "32Mi" - # cpu: "50m" - # limits: - # memory: "128Mi" - # cpu: "100m" - - ## Add custom volumes - customVolumes: | - # - name: custom-script - # configMap: - # name: custom-script - - ## Add custom volumesMounts - customVolumeMounts: | - # - name: custom-script - # mountPath: "/scripts/script.sh" - # subPath: script.sh - # - name: posthook-start - # mountPath: "/scripts/posthoook-start.sh" - # subPath: posthoook-start.sh - # - name: prehook-start - # mountPath: "/scripts/prehook-start.sh" - # subPath: prehook-start.sh - - # Add custom persistent volume mounts - Available for the pod - customPersistentPodVolumeClaim: {} - # name: - # mountPath: - # accessModes: - # - "-" - # size: - # storageClassName: - - # Add custom persistent volume mounts - Available to the entire namespace - customPersistentVolumeClaim: {} - # name: - # mountPath: - # accessModes: - # - "-" - # size: - # storageClassName: - - ## Artifactory HA requires a unique master key. Each Artifactory node must have the same master key! - ## You can generate one with the command: "openssl rand -hex 32" - ## Pass it to helm with '--set artifactory.masterKey=${MASTER_KEY}' - ## Alternatively, you can use a pre-existing secret with a key called master-key by specifying masterKeySecretName - ## IMPORTANT: You should NOT use the example masterKey for a production deployment! - ## IMPORTANT: This is a mandatory for fresh Install of 7.x (App version) - # masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF - # masterKeySecretName: - - ## Join Key to connect to other services to Artifactory. - ## IMPORTANT: Setting this value overrides the existing joinKey - ## IMPORTANT: You should NOT use the example joinKey for a production deployment! - # joinKey: EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE - ## Alternatively, you can use a pre-existing secret with a key called join-key by specifying joinKeySecretName - # joinKeySecretName: - - # Add custom secrets - secret per file - customSecrets: - # - name: custom-secret - # key: custom-secret.yaml - # data: > - # custom_secret_config: - # parameter1: value1 - # parameter2: value2 - # - name: custom-secret2 - # key: custom-secret2.config - # data: | - # here the custom secret 2 config - - ## If false, all service console logs will not redirect to a common console.log - consoleLog: false - - binarystore: - enabled: true - - ## admin allows to set the password for the default admin user. - ## See: https://www.jfrog.com/confluence/display/JFROG/Users+and+Groups#UsersandGroups-RecreatingtheDefaultAdminUserrecreate - admin: - ip: "127.0.0.1" - username: "admin" - password: - secret: - dataKey: - - ## Artifactory license. - license: - ## licenseKey is the license key in plain text. Use either this or the license.secret setting - licenseKey: - ## If artifactory.license.secret is passed, it will be mounted as - ## ARTIFACTORY_HOME/etc/artifactory.lic and loaded at run time. - secret: - ## The dataKey should be the name of the secret data key created. - dataKey: - - ## Create configMap with artifactory.config.import.xml and security.import.xml and pass name of configMap in following parameter - configMapName: - - # Add any list of configmaps to Artifactory - configMaps: | - # posthook-start.sh: |- - # echo "This is a post start script" - # posthook-end.sh: |- - # echo "This is a post end script" - - ## List of secrets for Artifactory user plugins. - ## One Secret per plugin's files. - userPluginSecrets: - # - archive-old-artifacts - # - build-cleanup - # - webhook - # - '{{ template "my-chart.fullname" . }}' - - ## Extra pre-start command to install JDBC driver for MySql/MariaDb/Oracle - # preStartCommand: "mkdir -p /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib; cd /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib && wget -O /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib/mysql-connector-java-5.1.41.jar https://jcenter.bintray.com/mysql/mysql-connector-java/5.1.41/mysql-connector-java-5.1.41.jar" - ## Extra post-start command to run extra commands after container starts - # postStartCommand: - - ## Extra environment variables that can be used to tune Artifactory to your needs. - ## Uncomment and set value as needed - extraEnvironmentVariables: - # - name: SERVER_XML_ARTIFACTORY_PORT - # value: "8081" - # - name: SERVER_XML_ARTIFACTORY_MAX_THREADS - # value: "200" - # - name: SERVER_XML_ACCESS_MAX_THREADS - # value: "50" - # - name: SERVER_XML_ARTIFACTORY_EXTRA_CONFIG - # value: "" - # - name: SERVER_XML_ACCESS_EXTRA_CONFIG - # value: "" - # - name: SERVER_XML_EXTRA_CONNECTOR - # value: "" - # - name: DB_POOL_MAX_ACTIVE - # value: "100" - # - name: DB_POOL_MAX_IDLE - # value: "10" - # - name: MY_SECRET_ENV_VAR - # valueFrom: - # secretKeyRef: - # name: my-secret-name - # key: my-secret-key - - # TODO: Fix javaOpts for member nodes (currently uses primary settings for all nodes) - systemYaml: | - shared: - logging: - consoleLog: - enabled: {{ .Values.artifactory.consoleLog }} - extraJavaOpts: > - -Dartifactory.access.client.max.connections={{ .Values.access.tomcat.connector.maxThreads }} - {{- with .Values.artifactory.primary.javaOpts }} - -Dartifactory.async.corePoolSize={{ .corePoolSize }} - {{- if .xms }} - -Xms{{ .xms }} - {{- end }} - {{- if .xmx }} - -Xmx{{ .xmx }} - {{- end }} - {{- if .jmx.enabled }} - -Dcom.sun.management.jmxremote - -Dcom.sun.management.jmxremote.port={{ .jmx.port }} - -Dcom.sun.management.jmxremote.rmi.port={{ .jmx.port }} - -Dcom.sun.management.jmxremote.ssl={{ .jmx.ssl }} - {{- if .jmx.host }} - -Djava.rmi.server.hostname={{ tpl .jmx.host $ }} - {{- else }} - -Djava.rmi.server.hostname={{ template "artifactory-ha.fullname" $ }} - {{- end }} - {{- if .jmx.authenticate }} - -Dcom.sun.management.jmxremote.authenticate=true - -Dcom.sun.management.jmxremote.access.file={{ .jmx.accessFile }} - -Dcom.sun.management.jmxremote.password.file={{ .jmx.passwordFile }} - {{- else }} - -Dcom.sun.management.jmxremote.authenticate=false - {{- end }} - {{- end }} - {{- if .other }} - {{ .other }} - {{- end }} - {{- end }} - database: - {{- if .Values.postgresql.enabled }} - type: postgresql - url: "jdbc:postgresql://{{ .Release.Name }}-postgresql:{{ .Values.postgresql.service.port }}/{{ .Values.postgresql.postgresqlDatabase }}" - host: "" - driver: org.postgresql.Driver - username: "{{ .Values.postgresql.postgresqlUsername }}" - {{ else }} - type: "{{ .Values.database.type }}" - driver: "{{ .Values.database.driver }}" - {{- end }} - artifactory: - {{- if or .Values.artifactory.haDataDir.enabled .Values.artifactory.haBackupDir.enabled }} - node: - {{- if .Values.artifactory.haDataDir.path }} - haDataDir: {{ .Values.artifactory.haDataDir.path }} - {{- end }} - {{- if .Values.artifactory.haBackupDir.path }} - haBackupDir: {{ .Values.artifactory.haBackupDir.path }} - {{- end }} - {{- end }} - database: - maxOpenConnections: {{ .Values.artifactory.database.maxOpenConnections }} - tomcat: - connector: - maxThreads: {{ .Values.artifactory.tomcat.connector.maxThreads }} - extraConfig: {{ .Values.artifactory.tomcat.connector.extraConfig }} - access: - database: - maxOpenConnections: {{ .Values.access.database.maxOpenConnections }} - tomcat: - connector: - maxThreads: {{ .Values.access.tomcat.connector.maxThreads }} - extraConfig: {{ .Values.access.tomcat.connector.extraConfig }} - {{- if .Values.access.database.enabled }} - type: "{{ .Values.access.database.type }}" - url: "{{ .Values.access.database.url }}" - driver: "{{ .Values.access.database.driver }}" - username: "{{ .Values.access.database.user }}" - password: "{{ .Values.access.database.password }}" - {{- end }} - metadata: - database: - maxOpenConnections: {{ .Values.metadata.database.maxOpenConnections }} - {{- if .Values.artifactory.replicator.enabled }} - replicator: - enabled: true - {{- end }} - - ## IMPORTANT: If overriding artifactory.internalPort: - ## DO NOT use port lower than 1024 as Artifactory runs as non-root and cannot bind to ports lower than 1024! - externalPort: 8082 - internalPort: 8082 - externalArtifactoryPort: 8081 - internalArtifactoryPort: 8081 - uid: 1030 - terminationGracePeriodSeconds: 30 - ## The following settings are to configure the frequency of the liveness and readiness probes - livenessProbe: - enabled: true - path: /router/api/v1/system/health - initialDelaySeconds: 180 - failureThreshold: 10 - timeoutSeconds: 10 - periodSeconds: 10 - successThreshold: 1 - - readinessProbe: - enabled: true - path: /router/api/v1/system/health - initialDelaySeconds: 90 - failureThreshold: 10 - timeoutSeconds: 10 - periodSeconds: 10 - successThreshold: 1 - - persistence: - enabled: true - local: false - redundancy: 3 - mountPath: "/var/opt/jfrog/artifactory" - accessMode: ReadWriteOnce - size: 200Gi - - ## Use a custom Secret to be mounted as your binarystore.xml - ## NOTE: This will ignore all settings below that make up binarystore.xml - customBinarystoreXmlSecret: - - maxCacheSize: 50000000000 - cacheProviderDir: cache - eventual: - numberOfThreads: 10 - ## artifactory data Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - # storageClassName: "-" - - ## Set the persistence storage type. This will apply the matching binarystore.xml to Artifactory config - ## Supported types are: - ## file-system (default) - ## nfs - ## google-storage - ## aws-s3 - ## aws-s3-v3 - ## azure-blob - type: file-system - - ## Use binarystoreXml to provide a custom binarystore.xml - ## This can be a template or hardcoded. - binarystoreXml: | - {{- if eq .Values.artifactory.persistence.type "file-system" }} - - {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} - - - - - - {{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) -}} - - {{- end }} - - - - - - {{ .Values.artifactory.persistence.maxCacheSize }} - {{ .Values.artifactory.persistence.cacheProviderDir }} - - - // Specify the read and write strategy and redundancy for the sharding binary provider - - roundRobin - percentageFreeSpace - 2 - - - {{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) -}} - //For each sub-provider (mount), specify the filestore location - - filestore{{ $sharedClaimNumber }} - - {{- end }} - - {{- else }} - - - - - crossNetworkStrategy - crossNetworkStrategy - {{ .Values.artifactory.persistence.redundancy }} - 2 - 2 - - - - - - - - - {{ .Values.artifactory.persistence.maxCacheSize }} - {{ .Values.artifactory.persistence.cacheProviderDir }} - - - - - shard-fs-1 - local - - - - - 30 - tester-remote1 - 10000 - remote - - - - {{- end }} - {{- end }} - {{- if eq .Values.artifactory.persistence.type "google-storage" }} - - - - - - crossNetworkStrategy - crossNetworkStrategy - {{ .Values.artifactory.persistence.redundancy }} - 2 - - - - - - - - - - - - - - {{ .Values.artifactory.persistence.maxCacheSize }} - {{ .Values.artifactory.persistence.cacheProviderDir }} - - - - local - - - - 30 - 10000 - remote - - - - {{ .Values.artifactory.persistence.mountPath }}/data/filestore - /tmp - - - - google-cloud-storage - {{ .Values.artifactory.persistence.googleStorage.endpoint }} - {{ .Values.artifactory.persistence.googleStorage.httpsOnly }} - {{ .Values.artifactory.persistence.googleStorage.bucketName }} - {{ .Values.artifactory.persistence.googleStorage.identity }} - {{ .Values.artifactory.persistence.googleStorage.credential }} - {{ .Values.artifactory.persistence.googleStorage.path }} - {{ .Values.artifactory.persistence.googleStorage.bucketExists }} - - - {{- end }} - {{- if eq .Values.artifactory.persistence.type "aws-s3-v3" }} - - - - - - - - - - - - - - - - - crossNetworkStrategy - crossNetworkStrategy - {{ .Values.artifactory.persistence.redundancy }} - - - - - remote - - - - local - - - - - {{ .Values.artifactory.persistence.maxCacheSize }} - {{ .Values.artifactory.persistence.cacheProviderDir }} - - - {{- with .Values.artifactory.persistence.awsS3V3 }} - - {{ .testConnection }} - {{- if .identity }} - {{ .identity }} - {{- end }} - {{- if .credential }} - {{ .credential }} - {{- end }} - {{ .region }} - {{ .bucketName }} - {{ .path }} - {{ .endpoint }} - {{- with .maxConnections }} - {{ . }} - {{- end }} - {{- with .kmsServerSideEncryptionKeyId }} - {{ . }} - {{- end }} - {{- with .kmsKeyRegion }} - {{ . }} - {{- end }} - {{- with .kmsCryptoMode }} - {{ . }} - {{- end }} - {{- if .useInstanceCredentials }} - true - {{- else }} - false - {{- end }} - {{ .usePresigning }} - {{ .signatureExpirySeconds }} - {{- with .cloudFrontDomainName }} - {{ . }} - {{- end }} - {{- with .cloudFrontKeyPairId }} - {{ .cloudFrontKeyPairId }} - {{- end }} - {{- with .cloudFrontPrivateKey }} - {{ . }} - {{- end }} - - {{- end }} - - {{- end }} - - {{- if eq .Values.artifactory.persistence.type "aws-s3" }} - - - - - - - - - - - - - - - - - - {{ .Values.artifactory.persistence.maxCacheSize }} - {{ .Values.artifactory.persistence.cacheProviderDir }} - - - - local - - - - 30 - 10000 - remote - - - - crossNetworkStrategy - crossNetworkStrategy - {{ .Values.artifactory.persistence.redundancy }} - - - - - {{ .Values.artifactory.persistence.awsS3.endpoint }} - {{- if .Values.artifactory.persistence.awsS3.roleName }} - {{ .Values.artifactory.persistence.awsS3.roleName }} - true - {{- else }} - {{ .Values.artifactory.persistence.awsS3.refreshCredentials }} - {{- end }} - {{ .Values.artifactory.persistence.awsS3.s3AwsVersion }} - {{ .Values.artifactory.persistence.awsS3.testConnection }} - {{ .Values.artifactory.persistence.awsS3.httpsOnly }} - {{ .Values.artifactory.persistence.awsS3.region }} - {{ .Values.artifactory.persistence.awsS3.bucketName }} - {{- if .Values.artifactory.persistence.awsS3.identity }} - {{ .Values.artifactory.persistence.awsS3.identity }} - {{- end }} - {{- if .Values.artifactory.persistence.awsS3.credential }} - {{ .Values.artifactory.persistence.awsS3.credential }} - {{- end }} - {{ .Values.artifactory.persistence.awsS3.path }} - {{- range $key, $value := .Values.artifactory.persistence.awsS3.properties }} - - {{- end }} - - - {{- end }} - {{- if eq .Values.artifactory.persistence.type "azure-blob" }} - - - - - - - - - - - - - - - - - - {{ .Values.artifactory.persistence.maxCacheSize }} - {{ .Values.artifactory.persistence.cacheProviderDir }} - - - - - crossNetworkStrategy - crossNetworkStrategy - 2 - 1 - - - - - remote - - - - local - - - - - {{ .Values.artifactory.persistence.azureBlob.accountName }} - {{ .Values.artifactory.persistence.azureBlob.accountKey }} - {{ .Values.artifactory.persistence.azureBlob.endpoint }} - {{ .Values.artifactory.persistence.azureBlob.containerName }} - {{ .Values.artifactory.persistence.azureBlob.testConnection }} - - - {{- end }} - - ## For artifactory.persistence.type file-system - fileSystem: - ## You may also use existing shared claims for the data and backup storage. This allows storage (NAS for example) to be used for Data and Backup dirs which are safe to share across multiple artifactory nodes. - ## You may specify numberOfExistingClaims to indicate how many of these existing shared claims to mount. (Default = 1) - ## Create PVCs with ReadWriteMany that match the naming convetions: - ## {{ template "artifactory-ha.fullname" . }}-data-pvc- - ## {{ template "artifactory-ha.fullname" . }}-backup-pvc - ## Example (using numberOfExistingClaims: 2) - ## myexample-data-pvc-0 - ## myexample-data-pvc-1 - ## myexample-backup-pvc - ## Note: While you need two PVC fronting two PVs, multiple PVs can be attached to the same storage in many cases allowing you to share an underlying drive. - - ## Need to have the following set - existingSharedClaim: - enabled: false - numberOfExistingClaims: 1 - ## Should be a child directory of {{ .Values.artifactory.persistence.mountPath }} - dataDir: "{{ .Values.artifactory.persistence.mountPath }}/artifactory-data" - backupDir: "/var/opt/jfrog/artifactory-backup" - - - ## For artifactory.persistence.type nfs - ## If using NFS as the shared storage, you must have a running NFS server that is accessible by your Kubernetes - ## cluster nodes. - ## Need to have the following set - nfs: - # Must pass actual IP of NFS server with '--set For artifactory.persistence.nfs.ip=${NFS_IP}' - ip: - haDataMount: "/data" - haBackupMount: "/backup" - dataDir: "/var/opt/jfrog/artifactory-ha" - backupDir: "/var/opt/jfrog/artifactory-backup" - capacity: 200Gi - mountOptions: [] - ## For artifactory.persistence.type google-storage - googleStorage: - ## When using GCP buckets as your binary store (Available with enterprise license only) - gcpServiceAccount: - enabled: false - ## Use either an existing secret prepared in advance or put the config (replace the content) in the values - ## ref: https://github.com/jfrog/charts/blob/master/stable/artifactory-ha/README.md#google-storage - # customSecretName: - # config: | - # { - # "type": "service_account", - # "project_id": "", - # "private_key_id": "?????", - # "private_key": "-----BEGIN PRIVATE KEY-----\n????????==\n-----END PRIVATE KEY-----\n", - # "client_email": "???@j.iam.gserviceaccount.com", - # "client_id": "???????", - # "auth_uri": "https://accounts.google.com/o/oauth2/auth", - # "token_uri": "https://oauth2.googleapis.com/token", - # "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", - # "client_x509_cert_url": "https://www.googleapis.com/robot/v1....." - # } - endpoint: storage.googleapis.com - httpsOnly: false - # Set a unique bucket name - bucketName: "artifactory-ha-gcp" - identity: - credential: - path: "artifactory-ha/filestore" - bucketExists: false - - ## For artifactory.persistence.type aws-s3-v3 - awsS3V3: - testConnection: false - identity: - credential: - region: - bucketName: artifactory-aws - path: artifactory/filestore - endpoint: - maxConnections: 50 - kmsServerSideEncryptionKeyId: - kmsKeyRegion: - kmsCryptoMode: - useInstanceCredentials: true - usePresigning: false - signatureExpirySeconds: 300 - cloudFrontDomainName: - cloudFrontKeyPairId: - cloudFrontPrivateKey: - - ## For artifactory.persistence.type aws-s3 - ## IMPORTANT: Make sure S3 `endpoint` and `region` match! See https://docs.aws.amazon.com/general/latest/gr/rande.html - awsS3: - # Set a unique bucket name - bucketName: "artifactory-ha-aws" - endpoint: - region: - roleName: - identity: - credential: - path: "artifactory-ha/filestore" - refreshCredentials: true - httpsOnly: true - testConnection: false - s3AwsVersion: "AWS4-HMAC-SHA256" - - ## Additional properties to set on the s3 provider - properties: {} - # httpclient.max-connections: 100 - ## For artifactory.persistence.type azure-blob - azureBlob: - accountName: - accountKey: - endpoint: - containerName: - testConnection: false - service: - name: artifactory - type: ClusterIP - ## For supporting whitelist on the Artifactory service (useful if setting service.type=LoadBalancer) - ## Set this to a list of IP CIDR ranges - ## Example: loadBalancerSourceRanges: ['10.10.10.5/32', '10.11.10.5/32'] - ## or pass from helm command line - ## Example: helm install ... --set nginx.service.loadBalancerSourceRanges='{10.10.10.5/32,10.11.10.5/32}' - loadBalancerSourceRanges: [] - annotations: {} - ## Which nodes in the cluster should be in the external load balancer pool (have external traffic routed to them) - ## Supported pool values - ## members - ## all - pool: members - - ## The following Java options are passed to the java process running Artifactory. - ## This will be passed to all cluster members. Primary and member nodes. - javaOpts: {} - # other: "" - - ## The following setting are to configure a dedicated Ingress object for Replicator service - replicator: - enabled: false - ingress: - name: - hosts: [] - annotations: {} - # kubernetes.io/ingress.class: nginx - # nginx.ingress.kubernetes.io/proxy-buffering: "off" - # nginx.ingress.kubernetes.io/configuration-snippet: | - # chunked_transfer_encoding on; - tls: [] - # Secrets must be manually created in the namespace. - # - hosts: - # - artifactory.domain.example - # secretName: chart-example-tls-secret - - ssh: - enabled: false - internalPort: 1339 - externalPort: 1339 - - annotations: {} - - ## Type specific configurations. - ## There is a difference between the primary and the member nodes. - ## Customising their resources and java parameters is done here. - primary: - name: artifactory-ha-primary - # preStartCommand specific to the primary node, to be run after artifactory.preStartCommand - # preStartCommand: - labels: {} - persistence: - ## Set existingClaim to true or false - ## If true, you must prepare a PVC with the name e.g `volume-myrelease-artifactory-ha-primary-0` - existingClaim: false - ## Resources for the primary node - resources: {} - # requests: - # memory: "1Gi" - # cpu: "500m" - # limits: - # memory: "2Gi" - # cpu: "1" - ## The following Java options are passed to the java process running Artifactory primary node. - ## You should set them according to the resources set above - javaOpts: - # xms: "1g" - # xmx: "2g" - corePoolSize: 16 - jmx: - enabled: false - port: 9010 - host: - ssl: false - # When authenticate is true, accessFile and passwordFile are required - authenticate: false - accessFile: - passwordFile: - # other: "" - nodeSelector: {} - - tolerations: [] - - affinity: {} - ## Only used if "affinity" is empty - podAntiAffinity: - ## Valid values are "soft" or "hard"; any other value indicates no anti-affinity - type: "" - topologyKey: "kubernetes.io/hostname" - - node: - name: artifactory-ha-member - # preStartCommand specific to the member node, to be run after artifactory.preStartCommand - # preStartCommand: - labels: {} - persistence: - ## Set existingClaim to true or false - ## If true, you must prepare a PVC with the name e.g `volume-myrelease-artifactory-ha-member-0` - existingClaim: false - replicaCount: 2 - minAvailable: 1 - ## Resources for the member nodes - resources: {} - # requests: - # memory: "1Gi" - # cpu: "500m" - # limits: - # memory: "2Gi" - # cpu: "1" - ## The following Java options are passed to the java process running Artifactory member nodes. - ## You should set them according to the resources set above - javaOpts: - # xms: "1g" - # xmx: "2g" - corePoolSize: 16 - jmx: - enabled: false - port: 9010 - host: - ssl: false - # When authenticate is true, accessFile and passwordFile are required - authenticate: false - accessFile: - passwordFile: - # other: "" - # xms: "1g" - # xmx: "2g" - # other: "" - nodeSelector: {} - - ## Wait for Artifactory primary - waitForPrimaryStartup: - enabled: true - - ## Setting time will override the built in test and will just wait the set time - time: - - tolerations: [] - - ## Complete specification of the "affinity" of the member nodes; if this is non-empty, - ## "podAntiAffinity" values are not used. - affinity: {} - - ## Only used if "affinity" is empty - podAntiAffinity: - ## Valid values are "soft" or "hard"; any other value indicates no anti-affinity - type: "" - topologyKey: "kubernetes.io/hostname" - -access: - ## Enable TLS by changing the tls entry (under the security section) in the access.config.yaml file. - ## ref: https://www.jfrog.com/confluence/display/JFROG/Managing+TLS+Certificates#ManagingTLSCertificates - ## When security.tls is set to true, JFrog Access will act as the Certificate Authority (CA) and sign the TLS certificates used by all the different JFrog Platform nodes. - ## This ensures that the node to node communication is done over TLS. - accessConfig: - security: - tls: false - - ## You can use a pre-existing secret by specifying customCertificatesSecretName - ## Example : Create a tls secret using `kubectl create secret tls --cert=ca.crt --key=ca.private.key` - # customCertificatesSecretName: - - ## When resetAccessCAKeys is true, Access will regenerate the CA certificate and matching private key - # resetAccessCAKeys: false - database: - maxOpenConnections: 80 - tomcat: - connector: - maxThreads: 50 - extraConfig: 'acceptCount="100"' - -metadata: - database: - maxOpenConnections: 80 - -# Init containers -initContainers: - resources: {} -# requests: -# memory: "64Mi" -# cpu: "10m" -# limits: -# memory: "128Mi" -# cpu: "250m" - - -# Nginx -nginx: - enabled: true - kind: Deployment - name: nginx - labels: {} - replicaCount: 1 - minAvailable: 0 - uid: 104 - gid: 107 - # Note that by default we use appVersion to get image tag/version - image: - repository: docker.bintray.io/jfrog/nginx-artifactory-pro - # version: - pullPolicy: IfNotPresent - - - # Sidecar containers for tailing Nginx logs - loggers: [] - # - access.log - # - error.log - - # Loggers containers resources - loggersResources: {} - # requests: - # memory: "64Mi" - # cpu: "25m" - # limits: - # memory: "128Mi" - # cpu: "50m" - - # Logs options - logs: - stderr: false - level: warn - - mainConf: | - # Main Nginx configuration file - worker_processes 4; - - {{ if .Values.nginx.logs.stderr }} - error_log stderr {{ .Values.nginx.logs.level }}; - {{- else -}} - error_log {{ .Values.nginx.persistence.mountPath }}/logs/error.log {{ .Values.nginx.logs.level }}; - {{- end }} - pid /tmp/nginx.pid; - - {{- if .Values.artifactory.ssh.enabled }} - ## SSH Server Configuration - stream { - server { - listen {{ .Values.nginx.ssh.internalPort }}; - proxy_pass {{ include "artifactory-ha.fullname" . }}:{{ .Values.artifactory.ssh.externalPort }}; - } - } - {{- end }} - - events { - worker_connections 1024; - } - http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - variables_hash_max_size 1024; - variables_hash_bucket_size 64; - server_names_hash_max_size 4096; - server_names_hash_bucket_size 128; - types_hash_max_size 2048; - types_hash_bucket_size 64; - proxy_read_timeout 2400s; - client_header_timeout 2400s; - client_body_timeout 2400s; - proxy_connect_timeout 75s; - proxy_send_timeout 2400s; - proxy_buffer_size 128k; - proxy_buffers 40 128k; - proxy_busy_buffers_size 128k; - proxy_temp_file_write_size 250m; - proxy_http_version 1.1; - client_body_buffer_size 128k; - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - log_format timing 'ip = $remote_addr ' - 'user = \"$remote_user\" ' - 'local_time = \"$time_local\" ' - 'host = $host ' - 'request = \"$request\" ' - 'status = $status ' - 'bytes = $body_bytes_sent ' - 'upstream = \"$upstream_addr\" ' - 'upstream_time = $upstream_response_time ' - 'request_time = $request_time ' - 'referer = \"$http_referer\" ' - 'UA = \"$http_user_agent\"'; - access_log {{ .Values.nginx.persistence.mountPath }}/logs/access.log timing; - sendfile on; - #tcp_nopush on; - keepalive_timeout 65; - #gzip on; - include /etc/nginx/conf.d/*.conf; - } - - artifactoryConf: | - {{- if .Values.nginx.https.enabled }} - ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; - ssl_certificate {{ .Values.nginx.persistence.mountPath }}/ssl/tls.crt; - ssl_certificate_key {{ .Values.nginx.persistence.mountPath }}/ssl/tls.key; - ssl_session_cache shared:SSL:1m; - ssl_prefer_server_ciphers on; - {{- end }} - ## server configuration - server { - {{- if .Values.nginx.internalPortHttps }} - listen {{ .Values.nginx.internalPortHttps }} ssl; - {{- else -}} - {{- if .Values.nginx.https.enabled }} - listen {{ .Values.nginx.https.internalPort }} ssl; - {{- end }} - {{- end }} - {{- if .Values.nginx.internalPortHttp }} - listen {{ .Values.nginx.internalPortHttp }}; - {{- else -}} - {{- if .Values.nginx.http.enabled }} - listen {{ .Values.nginx.http.internalPort }}; - {{- end }} - {{- end }} - server_name ~(?.+)\.{{ include "artifactory-ha.fullname" . }} {{ include "artifactory-ha.fullname" . }} - {{- range .Values.ingress.hosts -}} - {{- if contains "." . -}} - {{ "" | indent 0 }} ~(?.+)\.{{ . }} - {{- end -}} - {{- end -}}; - if ($http_x_forwarded_proto = '') { - set $http_x_forwarded_proto $scheme; - } - ## Application specific logs - ## access_log /var/log/nginx/artifactory-access.log timing; - ## error_log /var/log/nginx/artifactory-error.log; - rewrite ^/artifactory/?$ / redirect; - if ( $repo != "" ) { - rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/$repo/$1/$2 break; - } - chunked_transfer_encoding on; - client_max_body_size 0; - - location / { - proxy_read_timeout 900; - proxy_pass_header Server; - proxy_cookie_path ~*^/.* /; - proxy_pass {{ include "artifactory-ha.scheme" . }}://{{ include "artifactory-ha.fullname" . }}:{{ .Values.artifactory.externalPort }}/; - {{- if .Values.nginx.service.ssloffload}} - proxy_set_header X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host; - {{- else }} - proxy_set_header X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host:$server_port; - proxy_set_header X-Forwarded-Port $server_port; - {{- end }} - proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - location /artifactory/ { - if ( $request_uri ~ ^/artifactory/(.*)$ ) { - proxy_pass {{ include "artifactory-ha.scheme" . }}://{{ include "artifactory-ha.fullname" . }}:{{ .Values.artifactory.externalArtifactoryPort }}/artifactory/$1; - } - proxy_pass {{ include "artifactory-ha.scheme" . }}://{{ include "artifactory-ha.fullname" . }}:{{ .Values.artifactory.externalArtifactoryPort }}/artifactory/; - } - } - } - - service: - ## For minikube, set this to NodePort, elsewhere use LoadBalancer - type: LoadBalancer - ssloffload: false - ## For supporting whitelist on the Nginx LoadBalancer service - ## Set this to a list of IP CIDR ranges - ## Example: loadBalancerSourceRanges: ['10.10.10.5/32', '10.11.10.5/32'] - ## or pass from helm command line - ## Example: helm install ... --set nginx.service.loadBalancerSourceRanges='{10.10.10.5/32,10.11.10.5/32}' - loadBalancerSourceRanges: [] - ## Provide static ip address - loadBalancerIP: - ## There are two available options: “Cluster” (default) and “Local”. - externalTrafficPolicy: Cluster - labels: {} - # label-key: label-value - http: - enabled: true - externalPort: 80 - internalPort: 80 - https: - enabled: true - externalPort: 443 - internalPort: 443 - # DEPRECATED: The following will be replaced by L1065-L1076 in a future release - # externalPortHttp: 80 - # internalPortHttp: 80 - # externalPortHttps: 443 - # internalPortHttps: 443 - - ssh: - internalPort: 1339 - externalPort: 1339 - - ## The following settings are to configure the frequency of the liveness and readiness probes - livenessProbe: - enabled: true - path: /router/api/v1/system/health - initialDelaySeconds: 180 - failureThreshold: 10 - timeoutSeconds: 10 - periodSeconds: 10 - successThreshold: 1 - - readinessProbe: - enabled: true - path: /router/api/v1/system/health - initialDelaySeconds: 120 - failureThreshold: 10 - timeoutSeconds: 10 - periodSeconds: 10 - successThreshold: 1 - ## The SSL secret that will be used by the Nginx pod - # tlsSecretName: chart-example-tls - ## Custom ConfigMap for nginx.conf - customConfigMap: - ## Custom ConfigMap for artifactory.conf - customArtifactoryConfigMap: - persistence: - mountPath: "/var/opt/jfrog/nginx" - enabled: false - ## A manually managed Persistent Volume and Claim - ## Requires persistence.enabled: true - ## If defined, PVC must be created manually before volume will be bound - # existingClaim: - - accessMode: ReadWriteOnce - size: 5Gi - ## nginx data Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - # storageClassName: "-" - resources: {} - # requests: - # memory: "250Mi" - # cpu: "100m" - # limits: - # memory: "250Mi" - # cpu: "500m" - - nodeSelector: {} - - tolerations: [] - - affinity: {} - -# Filebeat Sidecar container -## The provided filebeat configuration is for Artifactory logs. It assumes you have a logstash installed and configured properly. -filebeat: - enabled: false - name: artifactory-filebeat - image: - repository: "docker.elastic.co/beats/filebeat" - version: 7.5.1 - logstashUrl: "logstash:5044" - - terminationGracePeriod: 10 - - livenessProbe: - exec: - command: - - sh - - -c - - | - #!/usr/bin/env bash -e - curl --fail 127.0.0.1:5066 - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 5 - - readinessProbe: - exec: - command: - - sh - - -c - - | - #!/usr/bin/env bash -e - filebeat test output - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 5 - - resources: {} -# requests: -# memory: "100Mi" -# cpu: "100m" -# limits: -# memory: "100Mi" -# cpu: "100m" - - filebeatYml: | - logging.level: info - path.data: {{ .Values.artifactory.persistence.mountPath }}/log/filebeat - name: artifactory-filebeat - queue.spool: ~ - filebeat.inputs: - - type: log - enabled: true - close_eof: ${CLOSE:false} - paths: - - {{ .Values.artifactory.persistence.mountPath }}/log/*.log - fields: - service: "jfrt" - log_type: "artifactory" - output: - logstash: - hosts: ["{{ .Values.filebeat.logstashUrl }}"] diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/.helmignore b/charts/artifactory-ha/artifactory-ha/4.13.0/.helmignore deleted file mode 100644 index c7eb1e274..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -OWNERS \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/CHANGELOG.md b/charts/artifactory-ha/artifactory-ha/4.13.0/CHANGELOG.md deleted file mode 100644 index 8d287d283..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/CHANGELOG.md +++ /dev/null @@ -1,1048 +0,0 @@ -# JFrog Artifactory-ha Chart Changelog -All changes to this chart will be documented in this file. - -## [4.13.0] - April 5, 2021 -* **IMPORTANT** -* Added `charts.jfrog.io` as default JFrog Helm repository -* Updated Artifactory version to 7.17.5 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.17.5) - -## [4.12.2] - Mar 31, 2021 -* Updated Artifactory version to 7.17.4 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.17.4) - -## [4.12.1] - Mar 30, 2021 -* Updated Artifactory version to 7.17.3 -* Add `timeoutSeconds` to all exec probes - Please refer [here](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes) - -## [4.12.0] - Mar 24, 2021 -* Updated Artifactory version to 7.17.2 -* Optimized startupProbe time - -## [4.11.0] - Mar 18, 2021 -* Add support to startupProbe - -## [4.10.0] - Mar 15, 2021 -* Updated Artifactory version to 7.16.3 - -## [4.9.5] - Mar 09, 2021 -* Added HSTS header to nginx conf - -## [4.9.4] - Mar 9, 2021 -* Removed bintray URL references in the chart - -## [4.9.3] - Mar 04, 2021 -* Updated Artifactory version to 7.15.4 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.15.4) - -## [4.9.2] - Mar 04, 2021 -* Fixed creation of nginx-certificate-secret when Nginx is disabled - -## [4.9.1] - Feb 19, 2021 -* Update busybox tag version to `1.32.1` - -## [4.9.0] - Feb 18, 2021 -* Updated Artifactory version to 7.15.3 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.15.3) -* Add option to specify update strategy for Artifactory statefulset - -## [4.8.1] - Feb 11, 2021 -* Exposed "multiPartLimit" and "multipartElementSize" for the Azure Blob Storage Binary Provider - -## [4.8.0] - Feb 08, 2021 -* Updated Artifactory version to 7.12.8 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.12.8) -* Support for custom certificates using secrets -* **Important:** Switched docker images download from `docker.bintray.io` to `releases-docker.jfrog.io` -* Update alpine tag version to `3.13.1` - -## [4.7.9] - Feb 3, 2021 -* Fix copyOnEveryStartup for HA cluster license - -## [4.7.8] - Jan 25, 2021 -* Add support for hostAliases - -## [4.7.7] - Jan 11, 2021 -* Fix failures when using creds file for configurating google storage - -## [4.7.6] - Jan 11, 2021 -* Updated Artifactory version to 7.12.6 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.12.6) - -## [4.7.5] - Jan 07, 2021 -* Added support for optional tracker dedicated ingress `.Values.artifactory.replicator.trackerIngress.enabled` (defaults to false) - -## [4.7.4] - Jan 04, 2021 -* Fixed gid support for statefulset - -## [4.7.3] - Dec 31, 2020 -* Added gid support for statefulset -* Add setSecurityContext flag to allow securityContext block to be removed from artifactory statefulset - -## [4.7.2] - Dec 29, 2020 -* **Important:** Removed `.Values.metrics` and `.Values.fluentd` (Fluentd and Prometheus integrations) -* Add support for creating additional kubernetes resources - [refer here](https://github.com/jfrog/log-analytics-prometheus/blob/master/artifactory-ha-values.yaml) -* Updated Artifactory version to 7.12.5 - -## [4.7.1] - Dec 21, 2020 -* Updated Artifactory version to 7.12.3 - -## [4.7.0] - Dec 18, 2020 -* Updated Artifactory version to 7.12.2 -* Added `.Values.artifactory.openMetrics.enabled` - -## [4.6.1] - Dec 11, 2020 -* Added configurable `.Values.global.versions.artifactory` in values.yaml - -## [4.6.0] - Dec 10, 2020 -* Update postgresql tag version to `12.5.0-debian-10-r25` -* Fixed `artifactory.persistence.googleStorage.endpoint` from `storage.googleapis.com` to `commondatastorage.googleapis.com` -* Updated chart maintainers email - -## [4.5.5] - Dec 4, 2020 -* **Important:** Renamed `.Values.systemYaml` to `.Values.systemYamlOverride` - -## [4.5.4] - Dec 1, 2020 -* Improve error message returned when attempting helm upgrade command - -## [4.5.3] - Nov 30, 2020 -* Updated Artifactory version to 7.11.5 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.11) - -# [4.5.2] - Nov 23, 2020 -* Updated Artifactory version to 7.11.2 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.11) -* Updated port namings on services and pods to allow for istio protocol discovery -* Change semverCompare checks to support hosted Kubernetes -* Add flag to disable creation of ServiceMonitor when enabling prometheus metrics -* Prevent the PostHook command to be executed if the user did not specify a command in the values file -* Fix issue with tls file generation when nginx.https.enabled is false - -## [4.5.1] - Nov 19, 2020 -* Updated Artifactory version to 7.11.2 -* Bugfix - access.config.import.xml override Access Federation configurations - -## [4.5.0] - Nov 17, 2020 -* Updated Artifactory version to 7.11.1 -* Update alpine tag version to `3.12.1` - -## [4.4.6] - Nov 10, 2020 -* Pass system.yaml via external secret for advanced usecases -* Added support for custom ingress -* Bugfix - stateful set not picking up changes to database secrets - -## [4.4.5] - Nov 9, 2020 -* Updated Artifactory version to 7.10.6 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.10.6) - -## [4.4.4] - Nov 2, 2020 -* Add enablePathStyleAccess property for aws-s3-v3 binary provider template - -## [4.4.3] - Nov 2, 2020 -* Updated Artifactory version to 7.10.5 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.10.5) - -## [4.4.2] - Oct 22, 2020 -* Chown bug fix where Linux capability cannot chown all files causing log line warnings -* Fix Frontend timeout linting issue - -## [4.4.1] - Oct 20, 2020 -* Add flag to disable prepare-custom-persistent-volume init container - -## [4.4.0] - Oct 19, 2020 -* Updated Artifactory version to 7.10.2 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.10.2) - -## [4.3.4] - Oct 19, 2020 -* Add support to specify priorityClassName for nginx deployment - -## [4.3.3] - Oct 15, 2020 -* Fixed issue with node PodDisruptionBudget which also getting applied on the primary -* Fix mandatory masterKey check issue when upgrading from 6.x to 7.x - -## [4.3.2] - Oct 14, 2020 -* Add support to allow more than 1 Primary in Artifactory-ha STS - -## [4.3.1] - Oct 9, 2020 -* Add global support for customInitContainersBegin - -## [4.3.0] - Oct 07, 2020 -* Updated Artifactory version to 7.9.1 -* **Breaking change:** Fix `storageClass` to correct `storageClassName` in values.yaml - -## [4.2.0] - Oct 5, 2020 -* Expose Prometheus metrics via a ServiceMonitor -* Parse log files for metric data with Fluentd - -## [4.1.0] - Sep 30, 2020 -* Updated Artifactory version to 7.9.0 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.9) - -## [4.0.12] - Sep 25, 2020 -* Update to use linux capability CAP_CHOWN instead of root base init container to avoid any use of root containers to pass Redhat security requirements - -## [4.0.11] - Sep 28, 2020 -* Setting chart coordinates in migitation yaml - -## [4.0.10] - Sep 25, 2020 -* Update filebeat version to `7.9.2` - -## [4.0.9] - Sep 24, 2020 -* Fixed broken issue - when setting `waitForDatabase:false` container startup still waits for DB - -## [4.0.8] - Sep 22, 2020 -* Updated readme - -## [4.0.7] - Sep 22, 2020 -* Fix lint issue in migitation yaml - -## [4.0.6] - Sep 22, 2020 -* Fix broken migitation yaml - -## [4.0.5] - Sep 21, 2020 -* Added mitigation yaml for Artifactory - [More info](https://github.com/jfrog/chartcenter/blob/master/docs/securitymitigationspec.md) - -## [4.0.4] - Sep 17, 2020 -* Added configurable session(UI) timeout in frontend microservice - -## [4.0.3] - Sep 17, 2020 -* Fix small typo in README and added proper required text to be shown while postgres upgrades - -## [4.0.2] - Sep 14, 2020 -* Updated Artifactory version to 7.7.8 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.7.8) - -## [4.0.1] - Sep 8, 2020 -* Added support for artifactory pro license (single node) installation. - -## [4.0.0] - Sep 2, 2020 -* **Breaking change:** Changed `imagePullSecrets` value from string to list -* **Breaking change:** Added `image.registry` and changed `image.version` to `image.tag` for docker images -* Added support for global values -* Updated maintainers in chart.yaml -* Update postgresql tag version to `12.3.0-debian-10-r71` -* Update postgresqlsub chart version to `9.3.4` - [9.x Upgrade Notes](https://github.com/bitnami/charts/tree/master/bitnami/postgresql#900) -* **IMPORTANT** -* If this is a new deployment or you already use an external database (`postgresql.enabled=false`), these changes **do not affect you**! -* If this is an upgrade and you are using the default PostgreSQL (`postgresql.enabled=true`), you need to pass previous 9.x/10.x's postgresql.image.tag and databaseUpgradeReady=true. - -## [3.1.0] - Aug 13, 2020 -* Updated Artifactory version to 7.7.3 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.7) - -## [3.0.15] - Aug 10, 2020 -* Added enableSignedUrlRedirect for persistent storage type aws-s3-v3. - -## [3.0.14] - Jul 31, 2020 -* Update the README section on Nginx SSL termination to reflect the actual YAML structure. - -## [3.0.13] - Jul 30, 2020 -* Added condition to disable the migration scripts. - -## [3.0.12] - Jul 29, 2020 -* Document Artifactory node affinity. - -## [3.0.11] - Jul 28, 2020 -* Added maxConnections for persistent storage type aws-s3-v3. - -## [3.0.10] - Jul 28, 2020 -Bugfix / support for userPluginSecrets with Artifactory 7 - -## [3.0.9] - Jul 27, 2020 -* Add tpl to external database secrets. -* Modified `scheme` to `artifactory-ha.scheme` - -## [3.0.8] - Jul 23, 2020 -* Added condition to disable the migration init container. - -## [3.0.7] - Jul 21, 2020 -* Updated Artifactory-ha Chart to add node and primary labels to pods and service objects. - -## [3.0.6] - Jul 20, 2020 -* Support custom CA and certificates - -## [3.0.5] - Jul 13, 2020 -* Updated Artifactory version to 7.6.3 - https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.6.3 -* Fixed Mysql database jar path in `preStartCommand` in README - -## [3.0.4] - Jul 8, 2020 -* Move some postgresql values to where they should be according to the subchart - -## [3.0.3] - Jul 8, 2020 -* Set Artifactory access client connections to the same value as the access threads. - -## [3.0.2] - Jul 6, 2020 -* Updated Artifactory version to 7.6.2 -* **IMPORTANT** -* Added ChartCenter Helm repository in README - -## [3.0.1] - Jul 01, 2020 -* Add dedicated ingress object for Replicator service when enabled - -## [3.0.0] - Jun 30, 2020 -* Update postgresql tag version to `10.13.0-debian-10-r38` -* Update alpine tag version to `3.12` -* Update busybox tag version to `1.31.1` -* **IMPORTANT** -* If this is a new deployment or you already use an external database (`postgresql.enabled=false`), these changes **do not affect you**! -* If this is an upgrade and you are using the default PostgreSQL (`postgresql.enabled=true`), you need to pass postgresql.image.tag=9.6.18-debian-10-r7 and databaseUpgradeReady=true - -## [2.6.0] - Jun 29, 2020 -* Updated Artifactory version to 7.6.1 - https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.6.1 -* Add tpl for external database secrets - -## [2.5.8] - Jun 25, 2020 -* Stop loading the Nginx stream module because it is now a core module - -## [2.5.7] - Jun 18, 2020 -* Fixes bootstrap configMap issue on member node - -## [2.5.6] - Jun 11, 2020 -* Support list of custom secrets - -## [2.5.5] - Jun 11, 2020 -* NOTES.txt fixed incorrect information - -## [2.5.4] - Jun 12, 2020 -* Updated Artifactory version to 7.5.7 - https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.5.7 - -## [2.5.3] - Jun 8, 2020 -* Statically setting primary service type to ClusterIP. -* Prevents primary service from being exposed publicly when using LoadBalancer type on cloud providers. - -## [2.5.2] - Jun 8, 2020 -* Readme update - configuring Artifactory with oracledb - -## [2.5.1] - Jun 5, 2020 -* Fixes broken PDB issue upgrading from 6.x to 7.x - -## [2.5.0] - Jun 1, 2020 -* Updated Artifactory version to 7.5.5 - https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.5 -* Fixes bootstrap configMap permission issue -* Update postgresql tag version to `9.6.18-debian-10-r7` - -## [2.4.10] - May 27, 2020 -* Added Tomcat maxThreads & acceptCount - -## [2.4.9] - May 25, 2020 -* Fixed postgresql README `image` Parameters - -## [2.4.8] - May 24, 2020 -* Fixed typo in README regarding migration timeout - -## [2.4.7] - May 19, 2020 -* Added metadata maxOpenConnections - -## [2.4.6] - May 07, 2020 -* Fix `installerInfo` string format - -## [2.4.5] - Apr 27, 2020 -* Updated Artifactory version to 7.4.3 - -## [2.4.4] - Apr 27, 2020 -* Change customInitContainers order to run before the "migration-ha-artifactory" initContainer - -## [2.4.3] - Apr 24, 2020 -* Fix `artifactory.persistence.awsS3V3.useInstanceCredentials` incorrect conditional logic -* Bump postgresql tag version to `9.6.17-debian-10-r72` in values.yaml - -## [2.4.2] - Apr 16, 2020 -* Custom volume mounts in migration init container. - -## [2.4.1] - Apr 16, 2020 -* Fix broken support for gcpServiceAccount for googleStorage - -## [2.4.0] - Apr 14, 2020 -* Updated Artifactory version to 7.4.1 - -## [2.3.1] - April 13, 2020 -* Update README with helm v3 commands - -## [2.3.0] - April 10, 2020 -* Use dependency charts from `https://charts.bitnami.com/bitnami` -* Bump postgresql chart version to `8.7.3` in requirements.yaml -* Bump postgresql tag version to `9.6.17-debian-10-r21` in values.yaml - -## [2.2.11] - Apr 8, 2020 -* Added recommended ingress annotation to avoid 413 errors - -## [2.2.10] - Apr 8, 2020 -* Moved migration scripts under `files` directory -* Support preStartCommand in migration Init container as `artifactory.migration.preStartCommand` - -## [2.2.9] - Apr 01, 2020 -* Support masterKey and joinKey as secrets - -## [2.2.8] - Apr 01, 2020 -* Ensure that the join key is also copied when provided by an external secret -* Migration container in primary and node statefulset now respects custom versions and the specified node/primary resources - -## [2.2.7] - Apr 01, 2020 -* Added cache-layer in chain definition of Google Cloud Storage template -* Fix readme use to `-hex 32` instead of `-hex 16` - -## [2.2.6] - Mar 31, 2020 -* Change the way the artifactory `command:` is set so it will properly pass a SIGTERM to java - -## [2.2.5] - Mar 31, 2020 -* Removed duplicate `artifactory-license` volume from primary node - -## [2.2.4] - Mar 31, 2020 -* Restore `artifactory-license` volume for the primary node - -## [2.2.3] - Mar 29, 2020 -* Add Nginx log options: stderr as logfile and log level - -## [2.2.2] - Mar 30, 2020 -* Apply initContainers.resources to `copy-system-yaml`, `prepare-custom-persistent-volume`, and `migration-artifactory-ha` containers -* Use the same defaulting mechanism used for the artifactory version used elsewhere in the chart -* Removed duplicate `artifactory-license` volume that prevented using an external secret - -## [2.2.1] - Mar 29, 2020 -* Fix loggers sidecars configurations to support new file system layout and new log names - -## [2.2.0] - Mar 29, 2020 -* Fix broken admin user bootstrap configuration -* **Breaking change:** renamed `artifactory.accessAdmin` to `artifactory.admin` - -## [2.1.3] - Mar 24, 2020 -* Use `postgresqlExtendedConf` for setting custom PostgreSQL configuration (instead of `postgresqlConfiguration`) - -## [2.1.2] - Mar 21, 2020 -* Support for SSL offload in Nginx service(LoadBalancer) layer. Introduced `nginx.service.ssloffload` field with boolean type. - -## [2.1.1] - Mar 23, 2020 -* Moved installer info to values.yaml so it is fully customizable - -## [2.1.0] - Mar 23, 2020 -* Updated Artifactory version to 7.3.2 - -## [2.0.36] - Mar 20, 2020 -* Add support GCP credentials.json authentication - -## [2.0.35] - Mar 20, 2020 -* Add support for masterKey trim during 6.x to 7.x migration if 6.x masterKey is 32 hex (64 characters) - -## [2.0.34] - Mar 19, 2020 -* Add support for NFS directories `haBackupDir` and `haDataDir` - -## [2.0.33] - Mar 18, 2020 -* Increased Nginx proxy_buffers size - -## [2.0.32] - Mar 17, 2020 -* Changed all single quotes to double quotes in values files -* useInstanceCredentials variable was declared in S3 settings but not used in chart. Now it is being used. - -## [2.0.31] - Mar 17, 2020 -* Fix rendering of Service Account annotations - -## [2.0.30] - Mar 16, 2020 -* Add Unsupported message from 6.18 to 7.2.x (migration) - -## [2.0.29] - Mar 11, 2020 -* Upgrade Docs update - -## [2.0.28] - Mar 11, 2020 -* Unified charts public release - -## [2.0.27] - Mar 8, 2020 -* Add an optional wait for primary node to be ready with a proper test for http status - -## [2.0.23] - Mar 6, 2020 -* Fix path to `/artifactory_bootstrap` -* Add support for controlling the name of the ingress and allow to set more than one cname - -## [2.0.22] - Mar 4, 2020 -* Add support for disabling `consoleLog` in `system.yaml` file - -## [2.0.21] - Feb 28, 2020 -* Add support to process `valueFrom` for extraEnvironmentVariables - -## [2.0.20] - Feb 26, 2020 -* Store join key to secret - -## [2.0.19] - Feb 26, 2020 -* Updated Artifactory version to 7.2.1 - -## [2.0.12] - Feb 07, 2020 -* Remove protection flag `databaseUpgradeReady` which was added to check internal postgres upgrade - -## [2.0.0] - Feb 07, 2020 -* Updated Artifactory version to 7.0.0 - -## [1.4.10] - Feb 13, 2020 -* Add support for SSH authentication to Artifactory - -## [1.4.9] - Feb 10, 2020 -* Fix custom DB password indention - -## [1.4.8] - Feb 9, 2020 -* Add support for `tpl` in the `postStartCommand` - -## [1.4.7] - Feb 4, 2020 -* Support customisable Nginx kind - -## [1.4.6] - Feb 2, 2020 -* Add a comment stating that it is recommended to use an external PostgreSQL with a static password for production installations - -## [1.4.5] - Feb 2, 2020 -* Add support for primary or member node specific preStartCommand - -## [1.4.4] - Jan 30, 2020 -* Add the option to configure resources for the logger containers - -## [1.4.3] - Jan 26, 2020 -* Improve `database.user` and `database.password` logic in order to support more use cases and make the configuration less repetitive - -## [1.4.2] - Jan 22, 2020 -* Refined pod disruption budgets to separate nginx and Artifactory pods - -## [1.4.1] - Jan 19, 2020 -* Fix replicator port config in nginx replicator configmap - -## [1.4.0] - Jan 19, 2020 -* Updated Artifactory version to 6.17.0 - -## [1.3.8] - Jan 16, 2020 -* Added example for external nginx-ingress - -## [1.3.7] - Jan 07, 2020 -* Add support for customizable `mountOptions` of NFS PVs - -## [1.3.6] - Dec 30, 2019 -* Fix for nginx probes failing when launched with http disabled - -## [1.3.5] - Dec 24, 2019 -* Better support for custom `artifactory.internalPort` - -## [1.3.4] - Dec 23, 2019 -* Mark empty map values with `{}` - -## [1.3.3] - Dec 16, 2019 -* Another fix for toggling nginx service ports - -## [1.3.2] - Dec 12, 2019 -* Fix for toggling nginx service ports - -## [1.3.1] - Dec 10, 2019 -* Add support for toggling nginx service ports - -## [1.3.0] - Dec 1, 2019 -* Updated Artifactory version to 6.16.0 - -## [1.2.4] - Nov 28, 2019 -* Add support for using existing PriorityClass - -## [1.2.3] - Nov 27, 2019 -* Add support for PriorityClass - -## [1.2.2] - Nov 20, 2019 -* Update Artifactory logo - -## [1.2.1] - Nov 18, 2019 -* Add the option to provide service account annotations (in order to support stuff like https://docs.aws.amazon.com/eks/latest/userguide/specify-service-account-role.html) - -## [1.2.0] - Nov 18, 2019 -* Updated Artifactory version to 6.15.0 - -## [1.1.12] - Nov 17, 2019 -* Fix `README.md` format (broken table) - -## [1.1.11] - Nov 17, 2019 -* Update comment on Artifactory master key - -## [1.1.10] - Nov 17, 2019 -* Fix creation of double slash in nginx artifactory configuration - -## [1.1.9] - Nov 14, 2019 -* Set explicit `postgresql.postgresqlPassword=""` to avoid helm v3 error - -## [1.1.8] - Nov 12, 2019 -* Updated Artifactory version to 6.14.1 - -## [1.1.7] - Nov 11, 2019 -* Additional documentation for masterKey - -## [1.1.6] - Nov 10, 2019 -* Update PostgreSQL chart version to 7.0.1 -* Use formal PostgreSQL configuration format - -## [1.1.5] - Nov 8, 2019 -* Add support `artifactory.service.loadBalancerSourceRanges` for whitelisting when setting `artifactory.service.type=LoadBalancer` - -## [1.1.4] - Nov 6, 2019 -* Add support for any type of environment variable by using `extraEnvironmentVariables` as-is - -## [1.1.3] - Nov 6, 2019 -* Add nodeselector support for Postgresql - -## [1.1.2] - Nov 5, 2019 -* Add support for the aws-s3-v3 filestore, which adds support for pod IAM roles - -## [1.1.1] - Nov 4, 2019 -* When using `copyOnEveryStartup`, make sure that the target base directories are created before copying the files - -## [1.1.0] - Nov 3, 2019 -* Updated Artifactory version to 6.14.0 - -## [1.0.1] - Nov 3, 2019 -* Make sure the artifactory pod exits when one of the pre-start stages fail - -## [1.0.0] - Oct 27, 2019 -**IMPORTANT - BREAKING CHANGES!**
-**DOWNTIME MIGHT BE REQUIRED FOR AN UPGRADE!** -* If this is a new deployment or you already use an external database (`postgresql.enabled=false`), these changes **do not affect you**! -* If this is an upgrade and you are using the default PostgreSQL (`postgresql.enabled=true`), must use the upgrade instructions in [UPGRADE_NOTES.md](UPGRADE_NOTES.md)! -* PostgreSQL sub chart was upgraded to version `6.5.x`. This version is **not backward compatible** with the old version (`0.9.5`)! -* Note the following **PostgreSQL** Helm chart changes - * The chart configuration has changed! See [values.yaml](values.yaml) for the new keys used - * **PostgreSQL** is deployed as a StatefulSet - * See [PostgreSQL helm chart](https://hub.helm.sh/charts/stable/postgresql) for all available configurations - -## [0.17.3] - Oct 24, 2019 -* Change the preStartCommand to support templating - -## [0.17.2] - Oct 21, 2019 -* Add support for setting `artifactory.primary.labels` -* Add support for setting `artifactory.node.labels` -* Add support for setting `nginx.labels` - -## [0.17.1] - Oct 10, 2019 -* Updated Artifactory version to 6.13.1 - -## [0.17.0] - Oct 7, 2019 -* Updated Artifactory version to 6.13.0 - -## [0.16.7] - Sep 24, 2019 -* Option to skip wait-for-db init container with '--set waitForDatabase=false' - -## [0.16.6] - Sep 24, 2019 -* Add support for setting `nginx.service.labels` - -## [0.16.5] - Sep 23, 2019 -* Add support for setting `artifactory.customInitContainersBegin` - -## [0.16.4] - Sep 20, 2019 -* Add support for setting `initContainers.resources` - -## [0.16.3] - Sep 11, 2019 -* Updated Artifactory version to 6.12.2 - -## [0.16.2] - Sep 9, 2019 -* Updated Artifactory version to 6.12.1 - -## [0.16.1] - Aug 22, 2019 -* Fix the nginx server_name directive used with ingress.hosts - -## [0.16.0] - Aug 21, 2019 -* Updated Artifactory version to 6.12.0 - -## [0.15.15] - Aug 18, 2019 -* Fix existingSharedClaim permissions issue and example - -## [0.15.14] - Aug 14, 2019 -* Updated Artifactory version to 6.11.6 - -## [0.15.13] - Aug 11, 2019 -* Fix Ingress routing and add an example - -## [0.15.12] - Aug 6, 2019 -* Do not mount `access/etc/bootstrap.creds` unless user specifies a custom password or secret (Access already generates a random password if not provided one) -* If custom `bootstrap.creds` is provided (using keys or custom secret), prepare it with an init container so the temp file does not persist - -## [0.15.11] - Aug 5, 2019 -* Improve binarystore config - 1. Convert to a secret - 2. Move config to values.yaml - 3. Support an external secret - -## [0.15.10] - Aug 5, 2019 -* Don't create the nginx configmaps when nginx.enabled is false - -## [0.15.9] - Aug 1, 2019 -* Fix masterkey/masterKeySecretName not specified warning render logic in NOTES.txt - -## [0.15.8] - Jul 28, 2019 -* Simplify nginx setup and shorten initial wait for probes - -## [0.15.7] - Jul 25, 2019 -* Updated README about how to apply Artifactory licenses - -## [0.15.6] - Jul 22, 2019 -* Change Ingress API to be compatible with recent kubernetes versions - -## [0.15.5] - Jul 22, 2019 -* Updated Artifactory version to 6.11.3 - -## [0.15.4] - Jul 11, 2019 -* Add `artifactory.customVolumeMounts` support to member node statefulset template - -## [0.15.3] - Jul 11, 2019 -* Add ingress.hosts to the Nginx server_name directive when ingress is enabled to help with Docker repository sub domain configuration - -## [0.15.2] - Jul 3, 2019 -* Add the option for changing nginx config using values.yaml and remove outdated reverse proxy documentation - -## [0.15.1] - Jul 1, 2019 -* Updated Artifactory version to 6.11.1 - -## [0.15.0] - Jun 27, 2019 -* Updated Artifactory version to 6.11.0 and Restart Primary node when bootstrap.creds file has been modified in artifactory-ha - -## [0.14.4] - Jun 24, 2019 -* Add the option to provide an IP for the access-admin endpoints - -## [0.14.3] - Jun 24, 2019 -* Update chart maintainers - -## [0.14.2] - Jun 24, 2019 -* Change Nginx to point to the artifactory externalPort - -## [0.14.1] - Jun 23, 2019 -* Add values files for small, medium and large installations - -## [0.14.0] - Jun 20, 2019 -* Use ConfigMaps for nginx configuration and remove nginx postStart command - -## [0.13.10] - Jun 19, 2019 -* Updated Artifactory version to 6.10.4 - -## [0.13.9] - Jun 18, 2019 -* Add the option to provide additional ingress rules - -## [0.13.8] - Jun 14, 2019 -* Updated readme with improved external database setup example - -## [0.13.7] - Jun 6, 2019 -* Updated Artifactory version to 6.10.3 -* Updated installer-info template - -## [0.13.6] - Jun 6, 2019 -* Updated Google Cloud Storage API URL and https settings - -## [0.13.5] - Jun 5, 2019 -* Delete the db.properties file on Artifactory startup - -## [0.13.4] - Jun 3, 2019 -* Updated Artifactory version to 6.10.2 - -## [0.13.3] - May 21, 2019 -* Updated Artifactory version to 6.10.1 - -## [0.13.2] - May 19, 2019 -* Fix missing logger image tag - -## [0.13.1] - May 15, 2019 -* Support `artifactory.persistence.cacheProviderDir` for on-premise cluster - -## [0.13.0] - May 7, 2019 -* Updated Artifactory version to 6.10.0 - -## [0.12.23] - May 5, 2019 -* Add support for setting `artifactory.async.corePoolSize` - -## [0.12.22] - May 2, 2019 -* Remove unused property `artifactory.releasebundle.feature.enabled` - -## [0.12.21] - Apr 30, 2019 -* Add support for JMX monitoring - -## [0.12.20] - Apr29, 2019 -* Added support for headless services - -## [0.12.19] - Apr 28, 2019 -* Added support for `cacheProviderDir` - -## [0.12.18] - Apr 18, 2019 -* Changing API StatefulSet version to `v1` and permission fix for custom `artifactory.conf` for Nginx - -## [0.12.17] - Apr 16, 2019 -* Updated documentation for Reverse Proxy Configuration - -## [0.12.16] - Apr 12, 2019 -* Added support for `customVolumeMounts` - -## [0.12.15] - Aprl 12, 2019 -* Added support for `bucketExists` flag for googleStorage - -## [0.12.14] - Apr 11, 2019 -* Replace `curl` examples with `wget` due to the new base image - -## [0.12.13] - Aprl 07, 2019 -* Add support for providing the Artifactory license as a parameter - -## [0.12.12] - Apr 10, 2019 -* Updated Artifactory version to 6.9.1 - -## [0.12.11] - Aprl 04, 2019 -* Add support for templated extraEnvironmentVariables - -## [0.12.10] - Aprl 07, 2019 -* Change network policy API group - -## [0.12.9] - Aprl 04, 2019 -* Apply the existing PVC for members (in addition to primary) - -## [0.12.8] - Aprl 03, 2019 -* Bugfix for userPluginSecrets - -## [0.12.7] - Apr 4, 2019 -* Add information about upgrading Artifactory with auto-generated postgres password - -## [0.12.6] - Aprl 03, 2019 -* Added installer info - -## [0.12.5] - Aprl 03, 2019 -* Allow secret names for user plugins to contain template language - -## [0.12.4] - Apr 02, 2019 -* Fix issue #253 (use existing PVC for data and backup storage) - -## [0.12.3] - Apr 02, 2019 -* Allow NetworkPolicy configurations (defaults to allow all) - -## [0.12.2] - Aprl 01, 2019 -* Add support for user plugin secret - -## [0.12.1] - Mar 26, 2019 -* Add the option to copy a list of files to ARTIFACTORY_HOME on startup - -## [0.12.0] - Mar 26, 2019 -* Updated Artifactory version to 6.9.0 - -## [0.11.18] - Mar 25, 2019 -* Add CI tests for persistence, ingress support and nginx - -## [0.11.17] - Mar 22, 2019 -* Add the option to change the default access-admin password - -## [0.11.16] - Mar 22, 2019 -* Added support for `.Probe.path` to customise the paths used for health probes - -## [0.11.15] - Mar 21, 2019 -* Added support for `artifactory.customSidecarContainers` to create custom sidecar containers -* Added support for `artifactory.customVolumes` to create custom volumes - -## [0.11.14] - Mar 21, 2019 -* Make ingress path configurable - -## [0.11.13] - Mar 19, 2019 -* Move the copy of bootstrap config from postStart to preStart for Primary - -## [0.11.12] - Mar 19, 2019 -* Fix existingClaim example - -## [0.11.11] - Mar 18, 2019 -* Disable the option to use nginx PVC with more than one replica - -## [0.11.10] - Mar 15, 2019 -* Wait for nginx configuration file before using it - -## [0.11.9] - Mar 15, 2019 -* Revert securityContext changes since they were causing issues - -## [0.11.8] - Mar 15, 2019 -* Fix issue #247 (init container failing to run) - -## [0.11.7] - Mar 14, 2019 -* Updated Artifactory version to 6.8.7 - -## [0.11.6] - Mar 13, 2019 -* Move securityContext to container level - -## [0.11.5] - Mar 11, 2019 -* Add the option to use existing volume claims for Artifactory storage - -## [0.11.4] - Mar 11, 2019 -* Updated Artifactory version to 6.8.6 - -## [0.11.3] - Mar 5, 2019 -* Updated Artifactory version to 6.8.4 - -## [0.11.2] - Mar 4, 2019 -* Add support for catalina logs sidecars - -## [0.11.1] - Feb 27, 2019 -* Updated Artifactory version to 6.8.3 - -## [0.11.0] - Feb 25, 2019 -* Add nginx support for tail sidecars - -## [0.10.3] - Feb 21, 2019 -* Add s3AwsVersion option to awsS3 configuration for use with IAM roles - -## [0.10.2] - Feb 19, 2019 -* Updated Artifactory version to 6.8.2 - -## [0.10.1] - Feb 17, 2019 -* Updated Artifactory version to 6.8.1 -* Add example of `SERVER_XML_EXTRA_CONNECTOR` usage - -## [0.10.0] - Feb 15, 2019 -* Updated Artifactory version to 6.8.0 - -## [0.9.7] - Feb 13, 2019 -* Updated Artifactory version to 6.7.3 - -## [0.9.6] - Feb 7, 2019 -* Add support for tail sidecars to view logs from k8s api - -## [0.9.5] - Feb 6, 2019 -* Fix support for customizing statefulset `terminationGracePeriodSeconds` - -## [0.9.4] - Feb 5, 2019 -* Add support for customizing statefulset `terminationGracePeriodSeconds` - -## [0.9.3] - Feb 5, 2019 -* Remove the inactive server remove plugin - -## [0.9.2] - Feb 3, 2019 -* Updated Artifactory version to 6.7.2 - -## [0.9.1] - Jan 27, 2019 -* Fix support for Azure Blob Storage Binary provider - -## [0.9.0] - Jan 23, 2019 -* Updated Artifactory version to 6.7.0 - -## [0.8.10] - Jan 22, 2019 -* Added support for `artifactory.customInitContainers` to create custom init containers - -## [0.8.9] - Jan 18, 2019 -* Added support of values ingress.labels - -## [0.8.8] - Jan 16, 2019 -* Mount replicator.yaml (config) directly to /replicator_extra_conf - -## [0.8.7] - Jan 15, 2018 -* Add support for Azure Blob Storage Binary provider - -## [0.8.6] - Jan 13, 2019 -* Fix documentation about nginx group id - -## [0.8.5] - Jan 13, 2019 -* Updated Artifactory version to 6.6.5 - -## [0.8.4] - Jan 8, 2019 -* Make artifactory.replicator.publicUrl required when the replicator is enabled - -## [0.8.3] - Jan 1, 2019 -* Updated Artifactory version to 6.6.3 -* Add support for `artifactory.extraEnvironmentVariables` to pass more environment variables to Artifactory - -## [0.8.2] - Dec 28, 2018 -* Fix location `replicator.yaml` is copied to - -## [0.8.1] - Dec 27, 2018 -* Updated Artifactory version to 6.6.1 - -## [0.8.0] - Dec 20, 2018 -* Updated Artifactory version to 6.6.0 - -## [0.7.17] - Dec 17, 2018 -* Updated Artifactory version to 6.5.13 - -## [0.7.16] - Dec 12, 2018 -* Fix documentation about Artifactory license setup using secret - -## [0.7.15] - Dec 9, 2018 -* AWS S3 add `roleName` for using IAM role - -## [0.7.14] - Dec 6, 2018 -* AWS S3 `identity` and `credential` are now added only if have a value to allow using IAM role - -## [0.7.13] - Dec 5, 2018 -* Remove Distribution certificates creation. - -## [0.7.12] - Dec 2, 2018 -* Remove Java option "-Dartifactory.locking.provider.type=db". This is already the default setting. - -## [0.7.11] - Nov 30, 2018 -* Updated Artifactory version to 6.5.9 - -## [0.7.10] - Nov 29, 2018 -* Fixed the volumeMount for the replicator.yaml - -## [0.7.9] - Nov 29, 2018 -* Optionally include primary node into poddisruptionbudget - -## [0.7.8] - Nov 29, 2018 -* Updated postgresql version to 9.6.11 - -## [0.7.7] - Nov 27, 2018 -* Updated Artifactory version to 6.5.8 - -## [0.7.6] - Nov 18, 2018 -* Added support for configMap to use custom Reverse Proxy Configuration with Nginx - -## [0.7.5] - Nov 14, 2018 -* Updated Artifactory version to 6.5.3 - -## [0.7.4] - Nov 13, 2018 -* Allow pod anti-affinity settings to include primary node - -## [0.7.3] - Nov 12, 2018 -* Support artifactory.preStartCommand for running command before entrypoint starts - -## [0.7.2] - Nov 7, 2018 -* Support database.url parameter (DB_URL) - -## [0.7.1] - Oct 29, 2018 -* Change probes port to 8040 (so they will not be blocked when all tomcat threads on 8081 are exhausted) - -## [0.7.0] - Oct 28, 2018 -* Update postgresql chart to version 0.9.5 to be able and use `postgresConfig` options - -## [0.6.9] - Oct 23, 2018 -* Fix providing external secret for database credentials - -## [0.6.8] - Oct 22, 2018 -* Allow user to configure externalTrafficPolicy for Loadbalancer - -## [0.6.7] - Oct 22, 2018 -* Updated ingress annotation support (with examples) to support docker registry v2 - -## [0.6.6] - Oct 21, 2018 -* Updated Artifactory version to 6.5.2 - -## [0.6.5] - Oct 19, 2018 -* Allow providing pre-existing secret containing master key -* Allow arbitrary annotations on primary and member node pods -* Enforce size limits when using local storage with `emptyDir` -* Allow `soft` or `hard` specification of member node anti-affinity -* Allow providing pre-existing secrets containing external database credentials -* Fix `s3` binary store provider to properly use the `cache-fs` provider -* Allow arbitrary properties when using the `s3` binary store provider - -## [0.6.4] - Oct 18, 2018 -* Updated Artifactory version to 6.5.1 - -## [0.6.3] - Oct 17, 2018 -* Add Apache 2.0 license - -## [0.6.2] - Oct 14, 2018 -* Make S3 endpoint configurable (was hardcoded with `s3.amazonaws.com`) - -## [0.6.1] - Oct 11, 2018 -* Allows ingress default `backend` to be enabled or disabled (defaults to enabled) - -## [0.6.0] - Oct 11, 2018 -* Updated Artifactory version to 6.5.0 - -## [0.5.3] - Oct 9, 2018 -* Quote ingress hosts to support wildcard names - -## [0.5.2] - Oct 2, 2018 -* Add `helm repo add jfrog https://charts.jfrog.io` to README - -## [0.5.1] - Oct 2, 2018 -* Set Artifactory to 6.4.1 - -## [0.5.0] - Sep 27, 2018 -* Set Artifactory to 6.4.0 - -## [0.4.7] - Sep 26, 2018 -* Add ci/test-values.yaml - -## [0.4.6] - Sep 25, 2018 -* Add PodDisruptionBudget for member nodes, defaulting to minAvailable of 1 - -## [0.4.4] - Sep 2, 2018 -* Updated Artifactory version to 6.3.2 - -## [0.4.0] - Aug 22, 2018 -* Added support to run as non root -* Updated Artifactory version to 6.2.0 - -## [0.3.0] - Aug 22, 2018 -* Enabled RBAC Support -* Added support for PostStartCommand (To download Database JDBC connector) -* Increased postgresql max_connections -* Added support for `nginx.conf` ConfigMap -* Updated Artifactory version to 6.1.0 diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/Chart.yaml b/charts/artifactory-ha/artifactory-ha/4.13.0/Chart.yaml deleted file mode 100644 index 2b6ab9261..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/Chart.yaml +++ /dev/null @@ -1,20 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: artifactory-ha -apiVersion: v1 -appVersion: 7.17.5 -description: Universal Repository Manager supporting all major packaging formats, - build tools and CI servers. -home: https://www.jfrog.com/artifactory/ -icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory-ha/logo/artifactory-logo.png -keywords: -- artifactory -- jfrog -- devops -maintainers: -- email: installers@jfrog.com - name: Chart Maintainers at JFrog -name: artifactory-ha -sources: -- https://github.com/jfrog/charts -version: 4.13.0 diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/LICENSE b/charts/artifactory-ha/artifactory-ha/4.13.0/LICENSE deleted file mode 100644 index 8dada3eda..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/LICENSE +++ /dev/null @@ -1,201 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "{}" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright {yyyy} {name of copyright owner} - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/README.md b/charts/artifactory-ha/artifactory-ha/4.13.0/README.md deleted file mode 100644 index 4cbe9ff29..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/README.md +++ /dev/null @@ -1,1267 +0,0 @@ -# JFrog Artifactory High Availability Helm Chart - -**Heads up: Our Helm Chart docs are moving to our main documentation site. For Artifactory installers, see [Installing Artifactory](https://www.jfrog.com/confluence/display/JFROG/Installing+Artifactory).** - -## Prerequisites Details - -* Kubernetes 1.12+ -* Artifactory HA license - -## Chart Details -This chart will do the following: - -* Deploy Artifactory highly available cluster. 1 primary node and 2 member nodes. -* Deploy a PostgreSQL database **NOTE:** For production grade installations it is recommended to use an external PostgreSQL -* Deploy an Nginx server - -## Artifactory HA architecture -The Artifactory HA cluster in this chart is made up of -- A single primary node -- Two member nodes, which can be resized at will - -Load balancing is done to the member nodes only. -This leaves the primary node free to handle jobs and tasks and not be interrupted by inbound traffic. -This can be controlled by the parameter `artifactory.service.pool`. -**NOTE:** - Using artifactory pro license (which supports single node only), set `artifactory.node.replicaCount=0` in values.yaml. - To scale from single node to multiple nodes(>1), use Enterprise(+) license and then do an helm upgrade (Each node need a seperate license). - -## Installing the Chart - -### Add JFrog Helm repository - -Before installing JFrog helm charts, you need to add the [JFrog helm repository](https://charts.jfrog.io) to your helm client - -```bash -helm repo add jfrog https://charts.jfrog.io -helm repo update -``` - -**NOTE:** Passing masterKey is mandatory for fresh install of chart (7.x Appversion) - -### Create a unique Master Key -Artifactory HA cluster requires a unique master key. - -**For production grade installations it is strongly recommended to use a custom master key. If you initially use the default master key it will be very hard to change the master key at a later stage** - -You should generate a unique one and pass it to the template at install/upgrade time. -```bash -# Create a key -export MASTER_KEY=$(openssl rand -hex 32) -echo ${MASTER_KEY} -``` - -### Install Chart -To install the chart with the release name `artifactory-ha`: - -```bash -helm upgrade --install artifactory-ha --set artifactory.masterKey=${MASTER_KEY} --namespace artifactory-ha jfrog/artifactory-ha -``` - -### System Configuration -Artifactory uses a common system configuration file - `system.yaml`. See [official documentation](https://www.jfrog.com/confluence/display/JFROG/System+YAML+Configuration+File) on its usage. -In order to override the default `system.yaml` configuration, do the following: -```bash -artifactory: - systemYaml: | - -``` - -### Deploying Artifactory for small/medium/large installations -In the chart directory, we have added three values files, one for each installation type - small/medium/large. These values files are recommendations for setting resources requests and limits for your installation. The values are derived from the following [documentation](https://www.jfrog.com/confluence/display/EP/Installing+on+Kubernetes#InstallingonKubernetes-Systemrequirements). You can find them in the corresponding chart directory - values-small.yaml, values-medium.yaml and values-large.yaml - -### Accessing Artifactory -**NOTE:** It might take a few minutes for Artifactory's public IP to become available, and the nodes to complete initial setup. -Follow the instructions outputted by the install command to get the Artifactory IP and URL to access it. - -### Updating Artifactory -Once you have a new chart version, you can update your deployment with -```bash -helm upgrade artifactory-ha --namespace artifactory-ha jfrog/artifactory-ha -``` - -If artifactory was installed without providing a value to postgresql.postgresqlPassword (a password was autogenerated), follow these instructions: -1. Get the current password by running: -```bash -POSTGRES_PASSWORD=$(kubectl get secret -n -postgresql -o jsonpath="{.data.postgresql-password}" | base64 --decode) -``` -2. Upgrade the release by passing the previously auto-generated secret: -```bash -helm upgrade --namespace artifactory-ha jfrog/artifactory-ha --set postgresql.postgresqlPassword=${POSTGRES_PASSWORD} -``` - -This will apply any configuration changes on your existing deployment. - -### Special Upgrade Notes -#### Artifactory upgrade from 6.x to 7.x (App Version) -Arifactory 6.x to 7.x upgrade requires a one time migration process. This is done automatically on pod startup if needed. -It's possible to configure the migration timeout with the following configuration in extreme cases. The provided default should be more than enough for completion of the migration. -```yaml -artifactory: - # Migration support from 6.x to 7.x - migration: - enabled: true - timeoutSeconds: 3600 -``` -* Note: If you are upgrading from 1.x to 4.x and above chart versions, please delete the existing statefulset of postgresql before upgrading the chart due to breaking changes in postgresql subchart. -```bash -kubectl delete statefulsets -postgresql -``` - -### Artifactory memory and CPU resources -The Artifactory HA Helm chart comes with support for configured resource requests and limits to all pods. By default, these settings are commented out. -It is **highly** recommended to set these so you have full control of the allocated resources and limits. - -See more information on [setting resources for your Artifactory based on planned usage](https://www.jfrog.com/confluence/display/RTF/System+Requirements#SystemRequirements-RecommendedHardware). - -```bash -# Example of setting resource requests and limits to all pods (including passing java memory settings to Artifactory) -helm upgrade --install artifactory-ha \ - --set artifactory.primary.resources.requests.cpu="500m" \ - --set artifactory.primary.resources.limits.cpu="2" \ - --set artifactory.primary.resources.requests.memory="1Gi" \ - --set artifactory.primary.resources.limits.memory="4Gi" \ - --set artifactory.primary.javaOpts.xms="1g" \ - --set artifactory.primary.javaOpts.xmx="4g" \ - --set artifactory.node.resources.requests.cpu="500m" \ - --set artifactory.node.resources.limits.cpu="2" \ - --set artifactory.node.resources.requests.memory="1Gi" \ - --set artifactory.node.resources.limits.memory="4Gi" \ - --set artifactory.node.javaOpts.xms="1g" \ - --set artifactory.node.javaOpts.xmx="4g" \ - --set initContainers.resources.requests.cpu="10m" \ - --set initContainers.resources.limits.cpu="250m" \ - --set initContainers.resources.requests.memory="64Mi" \ - --set initContainers.resources.limits.memory="128Mi" \ - --set postgresql.resources.requests.cpu="200m" \ - --set postgresql.resources.limits.cpu="1" \ - --set postgresql.resources.requests.memory="500Mi" \ - --set postgresql.resources.limits.memory="1Gi" \ - --set nginx.resources.requests.cpu="100m" \ - --set nginx.resources.limits.cpu="250m" \ - --set nginx.resources.requests.memory="250Mi" \ - --set nginx.resources.limits.memory="500Mi" \ - --namespace artifactory-ha jfrog/artifactory-ha -``` -> Artifactory java memory parameters can (and should) also be set to match the allocated resources with `artifactory.[primary|node].javaOpts.xms` and `artifactory.[primary|node].javaOpts.xmx`. - -Get more details on configuring Artifactory in the [official documentation](https://www.jfrog.com/confluence/). - -Although it is possible to set resources limits and requests this way, it is recommended to use the pre-built values files -for small, medium and large installation and change them according to your needs (if necessary), as described [here](#Deploying-Artifactory-for-small/medium/large-installations) - -### Deploying Artifactory for small/medium/large installations -In the chart directory, we have added three values files, one for each installation type - small/medium/large. These values files are recommendations for setting resources requests and limits for your installation. The values are derived from the following [documentation](https://www.jfrog.com/confluence/display/EP/Installing+on+Kubernetes#InstallingonKubernetes-Systemrequirements). You can find them in the corresponding chart directory - values-small.yaml, values-medium.yaml and values-large.yaml - -### Artifactory storage -Artifactory HA support a wide range of storage back ends. You can see more details on [Artifactory HA storage options](https://www.jfrog.com/confluence/display/RTF/HA+Installation+and+Setup#HAInstallationandSetup-SettingUpYourStorageConfiguration) - -In this chart, you set the type of storage you want with `artifactory.persistence.type` and pass the required configuration settings. -The default storage in this chart is the `file-system` replication, where the data is replicated to all nodes. - -> **IMPORTANT:** All storage configurations (except NFS) come with a default `artifactory.persistence.redundancy` parameter. -This is used to set how many replicas of a binary should be stored in the cluster's nodes. -Once this value is set on initial deployment, you can not update it using helm. -It is recommended to set this to a number greater than half of your cluster's size, and never scale your cluster down to a size smaller than this number. - -#### Existing volume claim - -###### Primary node -In order to use an existing volume claim for the Artifactory primary storage, you need to: -- Create a persistent volume claim by the name `volume--artifactory-ha-primary-0` e.g `volume-myrelease-artifactory-ha-primary-0` -- Pass a parameter to `helm install` and `helm upgrade` -```bash -... ---set artifactory.primary.persistence.existingClaim=true -``` - -###### Member nodes -In order to use an existing volume claim for the Artifactory member nodes storage, you need to: -- Create persistent volume claims according to the number of replicas defined at `artifactory.node.replicaCount` by the names `volume--artifactory-ha-member-`, e.g `volume-myrelease-artifactory-ha-member-0` and `volume-myrelease-artifactory-ha-primary-1`. -- Pass a parameter to `helm install` and `helm upgrade` -```bash -... ---set artifactory.node.persistence.existingClaim=true -``` - -#### Existing shared volume claim - -In order to use an existing claim (for data and backup) that is to be shared across all nodes, you need to: - -- Create PVCs with ReadWriteMany that match the naming conventions: -``` - {{ template "artifactory-ha.fullname" . }}-data-pvc- - {{ template "artifactory-ha.fullname" . }}-backup-pvc- -``` -An example that shows 2 existing claims to be used: -``` - myexample-artifactory-ha-data-pvc-0 - myexample-artifactory-ha-backup-pvc-0 - myexample-artifactory-ha-data-pvc-1 - myexample-artifactory-ha-backup-pvc-1 -``` -- Set the artifactory.persistence.fileSystem.existingSharedClaim.enabled in values.yaml to true: -``` --- set artifactory.persistence.fileSystem.existingSharedClaim.enabled=true --- set artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims=2 -``` - -#### NFS -To use an NFS server as your cluster's storage, you need to -- Setup an NFS server. Get its IP as `NFS_IP` -- Create a `data` and `backup` directories on the NFS exported directory with write permissions to all -- Pass NFS parameters to `helm install` and `helm upgrade` -```bash -... ---set artifactory.persistence.type=nfs \ ---set artifactory.persistence.nfs.ip=${NFS_IP} \ -... -``` - -#### Google Storage -To use a Google Storage bucket as the cluster's filestore. See [Google Storage Binary Provider](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore#ConfiguringtheFilestore-GoogleStorageBinaryProvider) -- Pass Google Storage parameters to `helm install` and `helm upgrade` -```bash -... ---set artifactory.persistence.type=google-storage \ ---set artifactory.persistence.googleStorage.identity=${GCP_ID} \ ---set artifactory.persistence.googleStorage.credential=${GCP_KEY} \ -... -``` -``` -In order to use a GCP service account, Artifactory needs a gcp.credentials.json file in the same directory asa binaraystore.xml file. -This can be generated by running: -```bash -gcloud iam service-accounts keys create --iam-account -``` -Which will produce the following, which can be saved to a file or copied into your `values.yaml`. -```bash -{ - "type": "service_account", - "project_id": "", - "private_key_id": "?????", - "private_key": "-----BEGIN PRIVATE KEY-----\n????????==\n-----END PRIVATE KEY-----\n", - "client_email": "???@j.iam.gserviceaccount.com", - "client_id": "???????", - "auth_uri": "https://accounts.google.com/o/oauth2/auth", - "token_uri": "https://oauth2.googleapis.com/token", - "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", - "client_x509_cert_url": "https://www.googleapis.com/robot/v1....." -} -``` - -One option is to create your own [Secret](https://kubernetes.io/docs/concepts/configuration/secret/) and pass it to your `helm install` in a custom `values.yaml` -```bash -# Create the Kubernetes secret from the file you created earlier. -# IMPORTANT: The file must be called "gcp.credentials.json" because this is used later as the secret key! -kubectl create secret generic artifactory-gcp-creds --from-file=./gcp.credentials.json -``` -Set this secret in your custom `values.yaml` -```bash -artifactory: - persistence: - googleStorage - gcpServiceAccount: - enabled: true - customSecretName: artifactory-gcp-creds -``` - -Another option is to put your generated config directly in your custom `values.yaml` and the a secret will be created from it -``` -artifactory: - persistence: - googleStorage - gcpServiceAccount: - enabled: true - config: | - { - "type": "service_account", - "project_id": "", - "private_key_id": "?????", - "private_key": "-----BEGIN PRIVATE KEY-----\n????????==\n-----END PRIVATE KEY-----\n", - "client_email": "???@j.iam.gserviceaccount.com", - "client_id": "???????", - "auth_uri": "https://accounts.google.com/o/oauth2/auth", - "token_uri": "https://oauth2.googleapis.com/token", - "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", - "client_x509_cert_url": "https://www.googleapis.com/robot/v1....." - } -``` - -#### AWS S3 -**NOTE** Keep in mind that when using the `aws-s3` persistence type, you will not be able to provide an IAM on the pod level. -In order to grant permissions to Artifactory using an IAM role, you will have to attach the IAM role to the machine(s) on which Artifactory is running. -This is due to the fact that the `aws-s3` template uses the `JetS3t` library to interact with AWS. If you want to grant an IAM role at the pod level, see the `AWS S3 Vs` section. - -To use an AWS S3 bucket as the cluster's filestore. See [S3 Binary Provider](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore#ConfiguringtheFilestore-S3BinaryProvider) -- Pass AWS S3 parameters to `helm install` and `helm upgrade` -```bash -... -# With explicit credentials: ---set artifactory.persistence.type=aws-s3 \ ---set artifactory.persistence.awsS3.endpoint=${AWS_S3_ENDPOINT} \ ---set artifactory.persistence.awsS3.region=${AWS_REGION} \ ---set artifactory.persistence.awsS3.identity=${AWS_ACCESS_KEY_ID} \ ---set artifactory.persistence.awsS3.credential=${AWS_SECRET_ACCESS_KEY} \ -... - -... -# With using existing IAM role ---set artifactory.persistence.type=aws-s3 \ ---set artifactory.persistence.awsS3.endpoint=${AWS_S3_ENDPOINT} \ ---set artifactory.persistence.awsS3.region=${AWS_REGION} \ ---set artifactory.persistence.awsS3.roleName=${AWS_ROLE_NAME} \ -... -``` -**NOTE:** Make sure S3 `endpoint` and `region` match. See [AWS documentation on endpoint](https://docs.aws.amazon.com/general/latest/gr/rande.html) - -#### AWS S3 V3 -To use an AWS S3 bucket as the cluster's filestore and access it with the official AWS SDK, See [S3 Official SDK Binary Provider](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore#ConfiguringtheFilestore-AmazonS3OfficialSDKTemplate). -This filestore template uses the official AWS SDK, unlike the `aws-s3` implementation that uses the `JetS3t` library. -Use this template if you want to attach an IAM role to the Artifactory pod directly (as opposed to attaching it to the machine/s that Artifactory will run on). - -**NOTE** This will have to be combined with a k8s mechanism for attaching IAM roles to pods, like [kube2iam](https://github.com/helm/charts/tree/master/stable/kube2iam) or anything similar. - -- Pass AWS S3 V3 parameters and the annotation pointing to the IAM role (when using an IAM role. this is kube2iam specific and may vary depending on the implementation) to `helm install` and `helm upgrade` - -```bash -# With explicit credentials: ---set artifactory.persistence.type=aws-s3-v3 \ ---set artifactory.persistence.awsS3V3.region=${AWS_REGION} \ ---set artifactory.persistence.awsS3V3.bucketName=${AWS_S3_BUCKET_NAME} \ ---set artifactory.persistence.awsS3V3.identity=${AWS_ACCESS_KEY_ID} \ ---set artifactory.persistence.awsS3V3.credential=${AWS_SECRET_ACCESS_KEY} \ -... -``` - -```bash -# With using existing IAM role ---set artifactory.persistence.type=aws-s3-v3 \ ---set artifactory.persistence.awsS3V3.region=${AWS_REGION} \ ---set artifactory.persistence.awsS3V3.bucketName=${AWS_S3_BUCKET_NAME} \ ---set artifactory.annotations.'iam\.amazonaws\.com/role'=${AWS_IAM_ROLE_ARN} -... -``` - -To enable [Direct Cloud Storage Download](https://www.jfrog.com/confluence/display/JFROG/Direct+Cloud+Storage+Download#DirectCloudStorageDownload-1.ConfiguretheArtifactoryFilestore) -```bash -... ---set artifactory.persistence.awsS3V3.enableSignedUrlRedirect=true \ -... -``` - -#### Microsoft Azure Blob Storage -To use Azure Blob Storage as the cluster's filestore. See [Azure Blob Storage Binary Provider](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore#ConfiguringtheFilestore-AzureBlobStorageClusterBinaryProvider) -- Pass Azure Blob Storage parameters to `helm install` and `helm upgrade` -```bash -... ---set artifactory.persistence.type=azure-blob \ ---set artifactory.persistence.azureBlob.accountName=${AZURE_ACCOUNT_NAME} \ ---set artifactory.persistence.azureBlob.accountKey=${AZURE_ACCOUNT_KEY} \ ---set artifactory.persistence.azureBlob.endpoint=${AZURE_ENDPOINT} \ ---set artifactory.persistence.azureBlob.containerName=${AZURE_CONTAINER_NAME} \ -... -``` - -#### Custom binarystore.xml -You have an option to provide a custom [binarystore.xml](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore).
-There are two options for this - -1. Editing directly in [values.yaml](values.yaml) -```yaml -artifactory: - persistence: - binarystoreXml: | - - - - - -``` - -2. Create your own [Secret](https://kubernetes.io/docs/concepts/configuration/secret/) and pass it to your `helm install` command -```yaml -# Prepare your custom Secret file (custom-binarystore.yaml) -kind: Secret -apiVersion: v1 -metadata: - name: custom-binarystore - labels: - app: artifactory - chart: artifactory -stringData: - binarystore.xml: |- - - - - -``` - -```bash -# Create a secret from the file -kubectl apply -n artifactory -f ./custom-binarystore.yaml - -# Pass it to your helm install command: -helm upgrade --install artifactory-ha --set artifactory.persistence.customBinarystoreXmlSecret=custom-binarystore --namespace artifactory-ha jfrog/artifactory-ha -``` - -### Create a unique Master Key - -Alternatively, you can create a secret containing the master key manually and pass it to the template at install/upgrade time. -```bash -# Create a key -export MASTER_KEY=$(openssl rand -hex 32) -echo ${MASTER_KEY} - -# Create a secret containing the key. The key in the secret must be named master-key -kubectl create secret generic my-secret --from-literal=master-key=${MASTER_KEY} - -# Pass the created secret to helm -helm upgrade --install artifactory-ha --set artifactory.masterKeySecretName=my-secret --namespace artifactory-ha jfrog/artifactory-ha -``` -**NOTE:** In either case, make sure to pass the same master key on all future calls to `helm install` and `helm upgrade`! In the first case, this means always passing `--set artifactory.masterKey=${MASTER_KEY}`. In the second, this means always passing `--set artifactory.masterKeySecretName=my-secret` and ensuring the contents of the secret remain unchanged. - -### Special Upgrade Notes -### MasterKey during 6.x to 7.x Migration (App version) - -**NOTE:** 6.x only supports masterKey with 16 hex (32 characters) and if you have set masterKey using `openssl rand -hex 32` (64 characters) in 6.x, only the first 32 characters are used and rest are ignored. Hence, during 6.x to 7.x migration, we trim first 32 characters and set masterkey, which implies 7.x still uses the trimmed masterkey of 6.x. Hence, `artifactory.masterKey` should not be passed during migration from 6.x to 7.x. - -### Create a unique Join Key -Artifactory requires a unique join key. By default the chart has one set in values.yaml (`artifactory.joinKey`). - -**This key is for demo purpose and should not be used in a production environment!** - -You should generate a unique key and pass it to the template at install/upgrade time. -```bash -# Create a key -export JOIN_KEY=$(openssl rand -hex 32) -echo ${JOIN_KEY} - -# Pass the created join key to helm -helm upgrade --install artifactory-ha --set artifactory.joinKey=${JOIN_KEY} --namespace artifactory-ha jfrog/artifactory-ha -``` - -Alternatively, you can create a secret containing the join key manually and pass it to the template at install/upgrade time. -```bash -# Create a key -export JOIN_KEY=$(openssl rand -hex 32) -echo ${JOIN_KEY} - -# Create a secret containing the key. The key in the secret must be named join-key -kubectl create secret generic my-secret --from-literal=join-key=${JOIN_KEY} - -# Pass the created secret to helm -helm upgrade --install artifactory-ha --set artifactory.joinKeySecretName=my-secret --namespace artifactory-ha jfrog/artifactory-ha -``` -**NOTE:** In either case, make sure to pass the same join key on all future calls to `helm install` and `helm upgrade`! This means always passing `--set artifactory.joinKey=${JOIN_KEY}`. In the second, this means always passing `--set artifactory.joinKeySecretName=my-secret` and ensuring the contents of the secret remain unchanged.. - -### Install Artifactory HA license -For activating Artifactory HA, you must install an appropriate license. There are three ways to manage the license. **Artifactory UI**, **REST API**, or a **Kubernetes Secret**. - -The easier and recommended way is the **Artifactory UI**. Using the **Kubernetes Secret** or **REST API** is for advanced users and is better suited for automation. - -**IMPORTANT:** You should use only one of the following methods. Switching between them while a cluster is running might disable your Artifactory HA cluster! - -##### Artifactory UI -Once primary cluster is running, open Artifactory UI and insert the license(s) in the UI. See [HA installation and setup](https://www.jfrog.com/confluence/display/RTF/HA+Installation+and+Setup) for more details. **Note that you should enter all licenses at once, with each license is separated by a newline.** If you add the licenses one at a time, you may get redirected to a node without a license and the UI won't load for that node. - -##### REST API -You can add licenses via REST API (https://www.jfrog.com/confluence/display/RTF/Artifactory+REST+API#ArtifactoryRESTAPI-InstallHAClusterLicenses). Note that the REST API expects "\n" for the newlines in the licenses. - -##### Kubernetes Secret -You can deploy the Artifactory license(s) as a [Kubernetes secret](https://kubernetes.io/docs/concepts/configuration/secret/). -Prepare a text file with the license(s) written in it. If writing multiple licenses (must be in the same file), it's important to put **two new lines between each license block**! -```bash -# Create the Kubernetes secret (assuming the local license file is 'art.lic') -kubectl create secret generic artifactory-cluster-license --from-file=./art.lic - -# Pass the license to helm -helm upgrade --install artifactory-ha --set artifactory.license.secret=artifactory-cluster-license,artifactory.license.dataKey=art.lic --namespace artifactory-ha jfrog/artifactory-ha -``` -**NOTE:** This method is relevant for initial deployment only! Once Artifactory is deployed, you should not keep passing these parameters as the license is already persisted into Artifactory's storage (they will be ignored). -Updating the license should be done via Artifactory UI or REST API. - -##### Create the secret as part of the helm release -values.yaml -```yaml -artifactory: - license: - licenseKey: |- - - - - - - - -``` - -```bash -helm upgrade --install artifactory-ha -f values.yaml --namespace artifactory-ha jfrog/artifactory-ha -``` -**NOTE:** This method is relevant for initial deployment only! Once Artifactory is deployed, you should not keep passing these parameters as the license is already persisted into Artifactory's storage (they will be ignored). -Updating the license should be done via Artifactory UI or REST API. -If you want to keep managing the artifactory license using the same method, you can use the copyOnEveryStartup example shown in the values.yaml file - - -### copyOnEveryStartup feature -Files stored in the `/artifactory-extra-conf` directory are only copied to the `ARTIFACTORY_HOME/etc` directory upon the first startup. -In some cases, you want your configuration files to be copied to the `ARTIFACTORY_HOME/etc` directory on every startup. -Two examples for that would be: - -1. the binarstore.xml file. If you use the default behaviour, your binarystore.xml configuration will only be copied on the first startup, -which means that changes you make over time to the `binaryStoreXml` configuration will not be applied. In order to make sure your changes are applied on every startup, do the following: -Create a values file with the following values: -```yaml -artifactory: - copyOnEveryStartup: - - source: /artifactory_bootstrap/binarystore.xml - target: etc/artifactory/ -``` - -Install the helm chart with the values file you created: -```bash -helm upgrade --install artifactory-ha --namespace artifactory-ha jfrog/artifactory-ha -f values.yaml -``` - -2. Any custom configuration file you have to configure artifactory, such as `logback.xml`: -Create a config map with your `logback.xml` configuration. - -Create a values file with the following values: -```yaml -artifactory: - ## Create a volume pointing to the config map with your configuration file - customVolumes: | - - name: logback-xml-configmap - configMap: - name: logback-xml-configmap - customVolumeMounts: | - - name: logback-xml-configmap - mountPath: /tmp/artifactory-logback/ - copyOnEveryStartup: - - source: /tmp/artifactory-logback/* - target: etc/ -``` - -Install the helm chart with the values file you created: -```bash -helm upgrade --install artifactory-ha --namespace artifactory-ha jfrog/artifactory-ha -f values.yaml -``` - -### Configure NetworkPolicy - -NetworkPolicy specifies what ingress and egress is allowed in this namespace. It is encouraged to be more specific whenever possible to increase security of the system. - -In the `networkpolicy` section of values.yaml you can specify a list of NetworkPolicy objects. - -For podSelector, ingress and egress, if nothing is provided then a default `- {}` is applied which is to allow everything. - -A full (but very wide open) example that results in 2 NetworkPolicy objects being created: -```yaml -networkpolicy: - # Allows all ingress and egress to/from artifactory primary and member pods. - - name: artifactory - podSelector: - matchLabels: - app: artifactory-ha - egress: - - {} - ingress: - - {} - # Allows connectivity from artifactory-ha pods to postgresql pods, but no traffic leaving postgresql pod. - - name: postgresql - podSelector: - matchLabels: - app: postgresql - ingress: - - from: - - podSelector: - matchLabels: - app: artifactory-ha -``` - -### Artifactory JMX Configuration -** You can see some information about the exposed MBeans here - https://www.jfrog.com/confluence/display/RTF/Artifactory+JMX+MBeans - -Enable JMX in your deployment: -```bash -helm upgrade --install artifactory \ - --set artifactory.primary.javaOpts.jmx.enabled=true \ - --set artifactory.node.javaOpts.jmx.enabled=true \ - --namespace artifactory-ha jfrog/artifactory-ha -``` -This will enable access to Artifactory with JMX on the default port (9010). -** You have the option to change the port by setting ```artifactory.primary.javaOpts.jmx.port``` and ```artifactory.node.javaOpts.jmx.port``` -to your choice of port - -In order to connect to Artifactory using JMX with jconsole (or any similar tool) installed on your computer, follow the following steps: -1. Enable JMX as described above and Change the Artifactory service to be of type LoadBalancer: -```bash -helm upgrade --install artifactory \ - --set artifactory.primary.javaOpts.jmx.enabled=true \ - --set artifactory.node.javaOpts.jmx.enabled=true \ - --set artifactory.service.type=LoadBalancer \ - --namespace artifactory-ha jfrog/artifactory-ha -``` -2. The default setting for java.rmi.server.hostname is the service name (this is also configurable with -```artifactory.primary.javaOpts.jmx.host``` and ```artifactory.node.javaOpts.jmx.host```), So in order to connect to Artifactory -with jconsole you should map the Artifactory kuberentes service IP to the service name using your hosts file as such: -``` - artifactory-ha--primary - -``` -3. Launch jconsole with the service address and port: -```bash -jconsole artifactory-ha--primary: -jconsole : -``` - -### Bootstrapping Artifactory admin password -You can bootstrap the `admin` user password as described in the [bootstrap Artifactory admin credentials](https://www.jfrog.com/confluence/display/JFROG/Users+and+Groups#UsersandGroups-RecreatingtheDefaultAdminUserrecreate) guide. - -1. Create `admin-creds-values.yaml` and provide the IP (By default 127.0.0.1) and password: -```yaml -artifactory: - admin: - ip: "" # Example: "*" to allow access from anywhere - username: "admin" - password: "" -``` - -2. Apply the `admin-creds-values.yaml` file: -```bash -helm upgrade --install artifactory --namespace artifactory-ha jfrog/artifactory-ha -f admin-creds-values.yaml -``` - -### Bootstrapping Artifactory configuration -**IMPORTANT:** Bootstrapping Artifactory needs license. Pass license as shown in above section. - -* User guide to [bootstrap Artifactory Global Configuration](https://www.jfrog.com/confluence/display/RTF/Configuration+Files#ConfigurationFiles-BootstrappingtheGlobalConfiguration) -* User guide to [bootstrap Artifactory Security Configuration](https://www.jfrog.com/confluence/display/RTF/Configuration+Files#ConfigurationFiles-BootstrappingtheSecurityConfiguration) - -1. Create `bootstrap-config.yaml` with artifactory.config.import.xml and security.import.xml as shown below: -```yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: my-release-bootstrap-config -data: - artifactory.config.import.xml: | - - security.import.xml: | - -``` - -2. Create configMap in Kubernetes: -```bash -kubectl apply -f bootstrap-config.yaml -``` -3. Pass the configMap to helm -```bash -helm upgrade --install artifactory-ha --set artifactory.license.secret=artifactory-cluster-license,artifactory.license.dataKey=art.lic,artifactory.configMapName=my-release-bootstrap-config --namespace artifactory-ha jfrog/artifactory-ha -``` - -### Use custom nginx.conf with Nginx - -Steps to create configMap with nginx.conf -* Create `nginx.conf` file. -```bash -kubectl create configmap nginx-config --from-file=nginx.conf -``` -* Pass configMap to helm install -```bash -helm upgrade --install artifactory-ha --set nginx.customConfigMap=nginx-config --namespace artifactory-ha jfrog/artifactory-ha -``` - -### Scaling your Artifactory cluster -A key feature in Artifactory HA is the ability to set an initial cluster size with `--set artifactory.node.replicaCount=${CLUSTER_SIZE}` and if needed, resize it. - -##### Before scaling -**IMPORTANT:** When scaling, you need to explicitly pass the database password if it's an auto generated one (this is the default with the enclosed PostgreSQL helm chart). - -Get the current database password -```bash -export DB_PASSWORD=$(kubectl get $(kubectl get secret -o name | grep postgresql) -o jsonpath="{.data.postgresql-password}" | base64 --decode) -``` -Use `--set postgresql.postgresqlPassword=${DB_PASSWORD}` with every scale action to prevent a miss configured cluster! - -##### Scale up -Let's assume you have a cluster with **2** member nodes, and you want to scale up to **3** member nodes (a total of 4 nodes). -```bash -# Scale to 4 nodes (1 primary and 3 member nodes) -helm upgrade --install artifactory-ha --set artifactory.node.replicaCount=3 --set postgresql.postgresqlPassword=${DB_PASSWORD} --namespace artifactory-ha jfrog/artifactory-ha -``` - -##### Scale down -Let's assume you have a cluster with **3** member nodes, and you want to scale down to **2** member node. - -```bash -# Scale down to 2 member nodes -helm upgrade --install artifactory-ha --set artifactory.node.replicaCount=2 --set postgresql.postgresqlPassword=${DB_PASSWORD} --namespace artifactory-ha jfrog/artifactory-ha -``` -- **NOTE:** Since Artifactory is running as a Kubernetes Stateful Set, the removal of the node will **not** remove the persistent volume. You need to explicitly remove it -```bash -# List PVCs -kubectl get pvc - -# Remove the PVC with highest ordinal! -# In this example, the highest node ordinal was 2, so need to remove its storage. -kubectl delete pvc volume-artifactory-node-2 -``` - -### Use an external Database - -**For production grade installations it is recommended to use an external PostgreSQL with a static password** - -#### PostgreSQL -There are cases where you will want to use external PostgreSQL with a different database name e.g. `my-artifactory-db`, then you need set a custom PostgreSQL connection URL, where `my-artifactory-db` is the database name. - -This can be done with the following parameters -```bash -... ---set postgresql.enabled=false \ ---set database.type=postgresql \ ---set database.driver=org.postgresql.Driver \ ---set database.url='jdbc:postgresql://${DB_HOST}:${DB_PORT}/my-artifactory-db' \ ---set database.user=${DB_USER} \ ---set database.password=${DB_PASSWORD} \ -... -``` -**NOTE:** You must set `postgresql.enabled=false` in order for the chart to use the `database.*` parameters. Without it, they will be ignored! - -#### Other DB type -There are cases where you will want to use a different database and not the enclosed **PostgreSQL**. -See more details on [configuring the database](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Database) -> The official Artifactory Docker images include the PostgreSQL database driver. -> For other database types, you will have to add the relevant database driver to Artifactory's tomcat/lib - -This can be done with the following parameters -```bash -# Make sure your Artifactory Docker image has the MySQL database driver in it -... ---set postgresql.enabled=false \ ---set artifactory.preStartCommand="mkdir -p /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib; cd /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib && wget -O /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib/mysql-connector-java-5.1.41.jar https://jcenter.bintray.com/mysql/mysql-connector-java/5.1.41/mysql-connector-java-5.1.41.jar" \ ---set database.type=mysql \ ---set database.driver=com.mysql.jdbc.Driver \ ---set database.url=${DB_URL} \ ---set database.user=${DB_USER} \ ---set database.password=${DB_PASSWORD} \ -... -``` -**NOTE:** You must set `postgresql.enabled=false` in order for the chart to use the `database.*` parameters. Without it, they will be ignored! -##### Configuring Artifactory with external Oracle database -To use artifactory with oracledb the required instant client library files, libaio has to be copied to tomcat lib. Also set LD_LIBRARY_PATH env variable. -1. Create a value file with the configuration -```yaml -postgresql: - enabled: false -database: - type: oracle - driver: oracle.jdbc.OracleDriver - url: - user: - password: -artifactory: - preStartCommand: "mkdir -p /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib; cd /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib && wget -O instantclient-basic-linux.x64-19.6.0.0.0dbru.zip https://download.oracle.com/otn_software/linux/instantclient/19600/instantclient-basic-linux.x64-19.6.0.0.0dbru.zip && unzip -jn instantclient-basic-linux.x64-19.6.0.0.0dbru.zip && wget -O libaio1_0.3.110-3_amd64.deb http://ftp.br.debian.org/debian/pool/main/liba/libaio/libaio1_0.3.110-3_amd64.deb && dpkg-deb -x libaio1_0.3.110-3_amd64.deb . && cp lib/x86_64-linux-gnu/* ." - extraEnvironmentVariables: - - name: LD_LIBRARY_PATH - value: /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib -``` -2. Install Artifactory with the values file you created: -```bash -helm upgrade --install artifactory jfrog/artifactory-ha --namespace artifactory -f values-oracle.yaml -``` -**NOTE:** If its an upgrade from 6.x to 7.x, add same `preStartCommand` under `artifactory.migration.preStartCommand` - -#### Using pre-existing Kubernetes Secret -If you store your database credentials in a pre-existing Kubernetes `Secret`, you can specify them via `database.secrets` instead of `database.user` and `database.password`: -```bash -# Create a secret containing the database credentials -kubectl create secret generic my-secret --from-literal=user=${DB_USER} --from-literal=password=${DB_PASSWORD} -... ---set postgresql.enabled=false \ ---set database.secrets.user.name=my-secret \ ---set database.secrets.user.key=user \ ---set database.secrets.password.name=my-secret \ ---set database.secrets.password.key=password \ -... -``` - -### Deleting Artifactory -To delete the Artifactory HA cluster - -On helm v2: -```bash -helm delete --purge artifactory-ha -``` - -On helm v3: -```bash -helm delete artifactory-ha --namespace artifactory-ha -``` - -This will completely delete your Artifactory HA cluster. -**NOTE:** Since Artifactory is running as Kubernetes Stateful Sets, the removal of the helm release will **not** remove the persistent volumes. You need to explicitly remove them -```bash -kubectl delete pvc -l release=artifactory-ha -``` -See more details in the official [Kubernetes Stateful Set removal page](https://kubernetes.io/docs/tasks/run-application/delete-stateful-set/) - -### Custom Docker registry for your images -If you need to pull your Docker images from a private registry (for example, when you have a custom image with a MySQL database driver), you need to create a -[Kubernetes Docker registry secret](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/) and pass it to helm -```bash -# Create a Docker registry secret called 'regsecret' -kubectl create secret docker-registry regsecret --docker-server=${DOCKER_REGISTRY} --docker-username=${DOCKER_USER} --docker-password=${DOCKER_PASS} --docker-email=${DOCKER_EMAIL} -``` -Once created, you pass it to `helm` -```bash -helm upgrade --install artifactory-ha --set imagePullSecrets=regsecret --namespace artifactory-ha jfrog/artifactory-ha -``` - -### Logger sidecars -This chart provides the option to add sidecars to tail various logs from Artifactory. See the available values in [values.yaml](values.yaml) - -Get list of containers in the pod -```bash -kubectl get pods -n -o jsonpath='{.spec.containers[*].name}' | tr ' ' '\n' -``` - -View specific log -```bash -kubectl logs -n -c -``` - - -### Custom init containers -There are cases where a special, unsupported init processes is needed like checking something on the file system or testing something before spinning up the main container. - -For this, there is a section for writing custom init containers before and after the predefined init containers in the [values.yaml](values.yaml) . By default it's commented out -```yaml -artifactory: - ## Add custom init containers executed before predefined init containers - customInitContainersBegin: | - ## Init containers template goes here ## - ## Add custom init containers executed after predefined init containers - customInitContainers: | - ## Init containers template goes here ## -``` - -### Custom sidecar containers -There are cases where an extra sidecar container is needed. For example monitoring agents or log collection. - -For this, there is a section for writing a custom sidecar container in the [values.yaml](values.yaml). By default it's commented out -```yaml -artifactory: - ## Add custom sidecar containers - customSidecarContainers: | - ## Sidecar containers template goes here ## -``` - -You can configure the sidecar to run as a custom user if needed by setting the following in the container template -```yaml - # Example of running container as root (id 0) - securityContext: - runAsUser: 0 - fsGroup: 0 -``` - -### Custom volumes -If you need to use a custom volume in a custom init or sidecar container, you can use this option. - -For this, there is a section for defining custom volumes in the [values.yaml](values.yaml). By default it's commented out -```yaml -artifactory: - ## Add custom volumes - customVolumes: | - ## Custom volume comes here ## -``` - -### Custom secrets -If you need to add a custom secret in a custom init or sidecar container, you can use this option. - -For this, there is a section for defining custom secrets in the [values.yaml](values.yaml). By default it's commented out -```yaml -artifactory: - # Add custom secrets - secret per file - customSecrets: - - name: custom-secret - key: custom-secret.yaml - data: > - secret data -``` - -To use a custom secret, need to define a custom volume. -```yaml -artifactory: - ## Add custom volumes - customVolumes: | - - name: custom-secret - secret: - secretName: custom-secret -``` - -To use a volume, need to define a volume mount as part of a custom init or sidecar container. -```yaml -artifactory: - customSidecarContainers: - - name: side-car-container - volumeMounts: - - name: custom-secret - mountPath: /opt/custom-secret.yaml - subPath: custom-secret.yaml - readOnly: true -``` - -### Add Artifactory User Plugin during installation -If you need to add [Artifactory User Plugin](https://github.com/jfrog/artifactory-user-plugins), you can use this option. - -Create a secret with [Artifactory User Plugin](https://github.com/jfrog/artifactory-user-plugins) by following command: -```bash -# Secret with single user plugin -kubectl create secret generic archive-old-artifacts --from-file=archiveOldArtifacts.groovy --namespace=artifactory-ha - -# Secret with single user plugin with configuration file -kubectl create secret generic webhook --from-file=webhook.groovy --from-file=webhook.config.json.sample --namespace=artifactory-ha -``` - -Add plugin secret names to `plugins.yaml` as following: -```yaml -artifactory: - userPluginSecrets: - - archive-old-artifacts - - webhook -``` - -You can now pass the created `plugins.yaml` file to helm install command to deploy Artifactory with user plugins as follows: -```bash -helm upgrade --install artifactory-ha -f plugins.yaml --namespace artifactory-ha jfrog/artifactory-ha -``` - -Alternatively, you may be in a situation in which you would like to create a secret in a Helm chart that depends on this chart. In this scenario, the name of the secret is likely dynamically generated via template functions, so passing a statically named secret isn't possible. In this case, the chart supports evaluating strings as templates via the [`tpl`](https://helm.sh/docs/charts_tips_and_tricks/#using-the-tpl-function) function - simply pass the raw string containing the templating language used to name your secret as a value instead by adding the following to your chart's `values.yaml` file: -```yaml -artifactory-ha: # Name of the artifactory-ha dependency - artifactory: - userPluginSecrets: - - '{{ template "my-chart.fullname" . }}' -``` -For additional information, please refer [here](https://www.jfrog.com/confluence/display/JFROG/User+Plugins). - -### Provide custom configMaps to Artifactory -If you want to mount a custom file to Artifactory, either an init shell script or a custom configuration file (such as `logback.xml`), you can use this option. - -Create a `configmaps.yaml` file with the following content: -```yaml -artifactory: - configMaps: | - logback.xml: | - - - - - %date [%-5level] \(%-20c{3}:%L\) %message%n - - - - - - - - - - - - - - - my-custom-post-start-hook.sh: | - echo "This is my custom post start hook" - - customVolumeMounts: | - - name: artifactory-configmaps - mountPath: /tmp/my-config-map - - postStartCommand: | - chmod +x /tmp/my-config-map/my-custom-post-start-hook.sh; - /tmp/my-config-map/my-custom-post-start-hook.sh; - - copyOnEveryStartup: - - source: /tmp/my-config-map/logback.xml - target: etc/ - -``` - -and use it with you helm install/upgrade: -```bash -helm upgrade --install artifactory-ha -f configmaps.yaml --namespace artifactory-ha jfrog/artifactory-ha -``` - -This will, in turn: -* create a configMap with the files you specified above -* create a volume pointing to the configMap with the name `artifactory-configmaps` -* Mount said configMap onto `/tmp/my-config-map` using a `customVolumeMounts` -* Set the shell script we mounted as the `postStartCommand` -* Copy the `logback.xml` file to its proper location in the `$ARTIFACTORY_HOME/etc` directory. - -### Establishing TLS and Adding certificates -In HTTPS, the communication protocol is encrypted using Transport Layer Security (TLS). By default, TLS between JFrog Platform nodes is disabled. -When TLS is enabled, JFrog Access acts as the Certificate Authority (CA) signs the TLS certificates used by all the different JFrog Platform nodes. - -To establish TLS between JFrog Platform nodes: -Enable TLS by changing the tls entry (under the security section) in the access.config.yaml file. For more info, Please refer [here](https://www.jfrog.com/confluence/display/JFROG/Managing+TLS+Certificates#ManagingTLSCertificates) - -To enable tls in charts, set `tls` to true under `access` in [values.yaml](values.yaml). By default it's false -```yaml -access: - accessConfig: - security: - tls: true -``` - -To add custom tls certificates, create a tls secret from the certificate files. - -```bash -kubectl create secret tls --cert=ca.crt --key=ca.private.key -``` - -For resetting access certificates , you can set `resetAccessCAKeys` to true under access section in [values.yaml](values.yaml) and perform an helm upgrade. -* Note : Once helm upgrade is done, set `resetAccessCAKeys` to false for subsequent upgrades (to avoid resetting access certificates on every helm upgrade) -```yaml -access: - accessConfig: - security: - tls: true - customCertificatesSecretName: - resetAccessCAKeys: true -``` - -### Artifactory filebeat -If you want to collect logs from your Artifactory installation and send them to a central log collection solution like ELK, you can use this option. - -Create a `filebeat.yaml` values file with the following content: -```yaml -filebeat: - enabled: true - logstashUrl: - resources: - requests: - memory: "100Mi" - cpu: "100m" - limits: - memory: "100Mi" - cpu: "100m" -``` - -You can optionally customize the `filebeat.yaml` to send output to a different location like so: -```yaml -filebeat: - enabled: true - filebeatYml: | - -``` - -and use it with you helm install/upgrade: -```bash -helm upgrade --install artifactory-ha -f filebeat.yaml --namespace artifactory-ha jfrog/artifactory -``` - -This will start sending your Artifactory logs to the log aggregator of your choice, based on your configuration in the `filebeatYml` - -### Install Artifactory HA with Nginx and Terminate SSL in Nginx Service(LoadBalancer). -To install the helm chart with performing SSL offload in the LoadBalancer layer of Nginx -For Ex: Using AWS ACM certificates to do SSL offload in the loadbalancer layer. -In order to do that, simply add the following to a `artifactory-ssl-values.yaml` file: -```yaml - nginx: - https: - enabled: false - service: - ssloffload: true - annotations: - service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:xx-xxxx:xxxxxxxx:certificate/xxxxxxxxxxxxx" - service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http" - service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https" -``` - -and use it with you helm install/upgrade: -```bash -helm upgrade --install artifactory -f artifactory-ssl-values.yaml --namespace artifactory jfrog/artifactory -``` - -### Ingress and TLS -To get Helm to create an ingress object with a hostname, add these below lines to `artifactory-ingress-values.yaml` file -```yaml - ingress: - enabled: true - hosts: - - artifactory.company.com - artifactory: - service: - type: NodePort - nginx - enabled: false -``` - -and use it with you helm install/upgrade: -```bash -helm upgrade --install artifactory -f artifactory-ingress-values.yaml--namespace artifactory jfrog/artifactory -``` - -If your cluster allows automatic creation/retrieval of TLS certificates (e.g. [cert-manager](https://github.com/jetstack/cert-manager)), please refer to the documentation for that mechanism. - -To manually configure TLS, first create/retrieve a key & certificate pair for the address(es) you wish to protect. Then create a TLS secret in the namespace: - -```bash -kubectl create secret tls artifactory-tls --cert=path/to/tls.cert --key=path/to/tls.key -``` - -Include the secret's name, along with the desired hostnames, in the Artifactory Ingress TLS section of your custom `values.yaml` file: - -```yaml - ingress: - ## If true, Artifactory Ingress will be created - ## - enabled: true - - ## Artifactory Ingress hostnames - ## Must be provided if Ingress is enabled - ## - hosts: - - artifactory.domain.com - annotations: - kubernetes.io/tls-acme: "true" - ## Artifactory Ingress TLS configuration - ## Secrets must be manually created in the namespace - ## - tls: - - secretName: artifactory-tls - hosts: - - artifactory.domain.com -``` - -### Ingress annotations - -This example specifically enables Artifactory to work as a Docker Registry using the Repository Path method. See [Artifactory as Docker Registry](https://www.jfrog.com/confluence/display/RTF/Getting+Started+with+Artifactory+as+a+Docker+Registry) documentation for more information about this setup. - -```yaml -ingress: - enabled: true - defaultBackend: - enabled: false - hosts: - - myhost.example.com - annotations: - ingress.kubernetes.io/force-ssl-redirect: "true" - ingress.kubernetes.io/proxy-body-size: "0" - ingress.kubernetes.io/proxy-read-timeout: "600" - ingress.kubernetes.io/proxy-send-timeout: "600" - kubernetes.io/ingress.class: nginx - nginx.ingress.kubernetes.io/configuration-snippet: | - rewrite ^/(v2)/token /artifactory/api/docker/null/v2/token; - rewrite ^/(v2)/([^\/]*)/(.*) /artifactory/api/docker/$2/$1/$3; - nginx.ingress.kubernetes.io/proxy-body-size: "0" - tls: - - hosts: - - "myhost.example.com" -``` - -### Ingress additional rules - -You have the option to add additional ingress rules to the Artifactory ingress. An example for this use case can be routing the /xray path to Xray. -In order to do that, simply add the following to a `artifactory-ha-values.yaml` file: -```yaml -ingress: - enabled: true - - defaultBackend: - enabled: false - - annotations: - kubernetes.io/ingress.class: nginx - nginx.ingress.kubernetes.io/configuration-snippet: | - rewrite "(?i)/xray(/|$)(.*)" /$2 break; - - additionalRules: | - - host: - http: - paths: - - path: / - backend: - serviceName: - servicePort: - - path: /xray - backend: - serviceName: - servicePort: - - path: /artifactory - backend: - serviceName: {{ template "artifactory.nginx.fullname" . }} - servicePort: {{ .Values.nginx.externalPortHttp }} -``` - -and running: -```bash -helm upgrade --install artifactory-ha --namespace artifactory-ha jfrog/artifactory-ha -f artifactory-ha-values.yaml -``` - -### Dedicated Ingress object for replicator service - -You have the option to add additional ingress object to the Replicator service. An example for this use case can be routing the /replicator/ path to Artifactory. -In order to do that, simply add the following to a `artifactory-values.yaml` file: - -```yaml -artifactory: - replicator: - enabled: true - ingress: - name: - hosts: - - myhost.example.com - annotations: - kubernetes.io/ingress.class: nginx - nginx.ingress.kubernetes.io/proxy-buffering: "off" - nginx.ingress.kubernetes.io/configuration-snippet: | - chunked_transfer_encoding on; - tls: - - hosts: - - "myhost.example.com" - secretName: -``` - -### Ingress behind another load balancer -If you are running a load balancer, that is used to offload the TLS, in front of Nginx Ingress Controller, or if you are setting **X-Forwarded-*** headers, you might want to enable **'use-forwarded-headers=true'** option. Otherwise nginx will be filling those headers with the request information it receives from the external load balancer. - -To enable it with `helm install` -```bash -helm upgrade --install nginx-ingress --namespace nginx-ingress center/kubernetes-ingress-nginx/ingress-nginx --set-string controller.config.use-forwarded-headers=true -``` -or `helm upgrade` -```bash -helm upgrade nginx-ingress --set-string controller.config.use-forwarded-headers=true center/kubernetes-ingress-nginx/ingress-nginx -``` -or create a values.yaml file with the following content: -```yaml -controller: - config: - use-forwarded-headers: "true" -``` -Then install nginx-ingress with the values file you created: -```bash -helm upgrade --install nginx-ingress --namespace nginx-ingress center/kubernetes-ingress-nginx/ingress-nginx -f values.yaml -``` - -### Log Analytics - -#### FluentD, Prometheus and Grafana - -To configure Prometheus and Grafana to gather metrics from Artifactory through the use of FluentD, please refer to the log analytics repo: - -https://github.com/jfrog/log-analytics-prometheus - -That repo contains a file `artifactory-ha-values.yaml` that can be used to deploy Prometheus, Service Monitor, and Grafana with this chart. - - -## Useful links -- https://www.jfrog.com/confluence/display/EP/Getting+Started -- https://www.jfrog.com/confluence/display/RTF/Installing+Artifactory -- https://www.jfrog.com/confluence/ diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/ReverseProxyConfiguration.md b/charts/artifactory-ha/artifactory-ha/4.13.0/ReverseProxyConfiguration.md deleted file mode 100644 index 851593236..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/ReverseProxyConfiguration.md +++ /dev/null @@ -1,140 +0,0 @@ -# JFrog Artifactory Reverse Proxy Settings using Nginx - -#### Reverse Proxy -* To use Artifactory as docker registry it's mandatory to use Reverse Proxy. -* Artifactory provides a Reverse Proxy Configuration Generator screen in which you can fill in a set of fields to generate -the required configuration snippet which you can then download and install directly in the corresponding directory of your reverse proxy server. -* To learn about configuring NGINX or Apache for reverse proxy refer to documentation provided on [JFrog wiki](https://www.jfrog.com/confluence/display/RTF/Configuring+a+Reverse+Proxy) -* By default Artifactory helm chart uses Nginx for reverse proxy and load balancing. - -**Note**: Nginx image distributed with Artifactory helm chart is custom image managed and maintained by JFrog. - -#### Features of Artifactory Nginx -* Provides default configuration with self signed SSL certificate generated on each helm install/upgrade. -* Persist configuration and SSL certificate in `/var/opt/jfrog/nginx` directory - -#### Changing the default Artifactory nginx conf -Use a values.yaml file for changing the value of nginx.mainConf or nginx.artifactoryConf -These configuration will be mounted to the nginx container using a configmap. -For example: -1. Create a values file `nginx-values.yaml` with the following values: -```yaml -nginx: - artifactoryConf: | - ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; - ssl_certificate {{ .Values.nginx.persistence.mountPath }}/ssl/tls.crt; - ssl_certificate_key {{ .Values.nginx.persistence.mountPath }}/ssl/tls.key; - ssl_session_cache shared:SSL:1m; - ssl_prefer_server_ciphers on; - ## server configuration - server { - listen {{ .Values.nginx.internalPortHttps }} ssl; - listen {{ .Values.nginx.internalPortHttp }} ; - ## Change to you DNS name you use to access Artifactory - server_name ~(?.+)\.{{ include "artifactory-ha.fullname" . }} {{ include "artifactory-ha.fullname" . }}; - - if ($http_x_forwarded_proto = '') { - set $http_x_forwarded_proto $scheme; - } - ## Application specific logs - ## access_log /var/log/nginx/artifactory-access.log timing; - ## error_log /var/log/nginx/artifactory-error.log; - rewrite ^/$ /artifactory/webapp/ redirect; - rewrite ^/artifactory/?(/webapp)?$ /artifactory/webapp/ redirect; - if ( $repo != "" ) { - rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/$repo/$1/$2 break; - } - rewrite ^/(v1|v2)/([^/]+)(.*)$ /artifactory/api/docker/$2/$1/$3; - rewrite ^/(v1|v2)/ /artifactory/api/docker/$1/; - chunked_transfer_encoding on; - client_max_body_size 0; - location /artifactory/ { - proxy_read_timeout 900; - proxy_pass_header Server; - proxy_cookie_path ~*^/.* /; - if ( $request_uri ~ ^/artifactory/(.*)$ ) { - proxy_pass http://{{ include "artifactory-ha.fullname" . }}:{{ .Values.artifactory.externalPort }}/artifactory/$1; - } - proxy_pass http://{{ include "artifactory-ha.fullname" . }}:{{ .Values.artifactory.externalPort }}/artifactory/; - proxy_set_header X-Artifactory-Override-Base-Url $http_x_forwarded_proto://$host:$server_port/artifactory; - proxy_set_header X-Forwarded-Port $server_port; - proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } - } -``` - -2. Install/upgrade artifactory: -```bash -helm upgrade --install artifactory-ha jfrog/artifactory-ha -f nginx-values.yaml -``` - - -#### Steps to use static configuration for reverse proxy in nginx. -1. Get Artifactory service name using this command `kubectl get svc -n $NAMESPACE` - -2. Create `artifactory.conf` file with nginx configuration. More [nginx configuration examples](https://github.com/jfrog/artifactory-docker-examples/tree/master/files/nginx/conf.d) - - Following is example `artifactory.conf` - - **Note**: - * Create file with name `artifactory.conf` as it's fixed in configMap key. - * Replace `artifactory-artifactory` with service name taken from step 1. - - ```bash - ## add ssl entries when https has been set in config - ssl_certificate /var/opt/jfrog/nginx/ssl/tls.crt; - ssl_certificate_key /var/opt/jfrog/nginx/ssl/tls.key; - ssl_session_cache shared:SSL:1m; - ssl_prefer_server_ciphers on; - ## server configuration - server { - listen 443 ssl; - listen 80; - ## Change to you DNS name you use to access Artifactory - server_name ~(?.+)\.artifactory-artifactory artifactory-artifactory; - - if ($http_x_forwarded_proto = '') { - set $http_x_forwarded_proto $scheme; - } - ## Application specific logs - ## access_log /var/log/nginx/artifactory-access.log timing; - ## error_log /var/log/nginx/artifactory-error.log; - rewrite ^/$ /artifactory/webapp/ redirect; - rewrite ^/artifactory/?(/webapp)?$ /artifactory/webapp/ redirect; - if ( $repo != "" ) { - rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/$repo/$1/$2 break; - } - rewrite ^/(v1|v2)/([^/]+)(.*)$ /artifactory/api/docker/$2/$1/$3; - rewrite ^/(v1|v2)/ /artifactory/api/docker/$1/; - chunked_transfer_encoding on; - client_max_body_size 0; - location /artifactory/ { - proxy_read_timeout 900; - proxy_pass_header Server; - proxy_cookie_path ~*^/.* /; - if ( $request_uri ~ ^/artifactory/(.*)$ ) { - proxy_pass http://artifactory-artifactory:8081/artifactory/$1 break; - } - proxy_pass http://artifactory-artifactory:8081/artifactory/; - proxy_set_header X-Artifactory-Override-Base-Url $http_x_forwarded_proto://$host:$server_port/artifactory; - proxy_set_header X-Forwarded-Port $server_port; - proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } - } - ``` - -3. Create configMap of `artifactory.conf` created with step above. - ```bash - kubectl create configmap art-nginx-conf --from-file=artifactory.conf - ``` -4. Deploy Artifactory using helm chart. - You can achieve this by providing the name of configMap created above to `nginx.customArtifactoryConfigMap` in [values.yaml](values.yaml) - - Following is command to set values at runtime: - ```bash - helm install --name artifactory-ha nginx.customArtifactoryConfigMap=art-nginx-conf jfrog/artifactory-ha - ``` \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/UPGRADE_NOTES.md b/charts/artifactory-ha/artifactory-ha/4.13.0/UPGRADE_NOTES.md deleted file mode 100644 index b3326dccc..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/UPGRADE_NOTES.md +++ /dev/null @@ -1,42 +0,0 @@ -# JFrog Artifactory Chart Upgrade Notes -This file describes special upgrade notes needed at specific versions - -## Upgrade from 1.X to 2.X and above (Chart Versions) - -* If this is a new deployment or you already use an external database (`postgresql.enabled=false`), these changes **do not affect you!** -* To upgrade from a version prior to 1.x, you first need to upgrade to latest version of 1.x as described in https://github.com/jfrog/charts/blob/master/stable/artifactory-ha/CHANGELOG.md. -* Note: If you are upgrading from 1.x to 4.x and above chart versions, please delete the existing statefulset of postgresql before upgrading the chart due to breaking changes in postgresql subchart. -```bash -kubectl delete statefulsets -postgresql -``` - -## Upgrade from 0.X to 1.X (Chart Versions) -**DOWNTIME IS REQUIRED FOR AN UPGRADE!** -* If this is a new deployment or you already use an external database (`postgresql.enabled=false`), these changes **do not affect you!** -* PostgreSQL sub chart was upgraded to version `6.5.x`. This version is not backward compatible with the old version (`0.9.5`)! -* Note the following **PostgreSQL** Helm chart changes - * The chart configuration has changed! See [values.yaml](values.yaml) for the new keys used - * **PostgreSQL** is deployed as a StatefulSet - * See [PostgreSQL helm chart](https://hub.helm.sh/charts/stable/postgresql) for all available configurations -* Upgrade - * Due to breaking changes in the **PostgreSQL** Helm chart, a migration of the database is needed from the old to the new database - * The recommended migration process is the [full system export and import](https://www.jfrog.com/confluence/display/RTF/Importing+and+Exporting) - * **NOTE:** To save time, export only metadata and configuration (check `Exclude Content` in the `System Import & Export`) since the Artifactory filestore is persisted - * Upgrade steps: - 1. Block user access to Artifactory (do not shutdown) - a. Scale down the cluster to primary node only (`node.replicaCount=0`) so the exported db and configuration will be kept on one known node (the primary) - b. If your Artifactory HA K8s service is set to member nodes only (`service.pool=members`) you will need to access the primary node directly (use `kubectl port-forward`) - 2. Perform `Export System` from the `Admin` -> `Import & Export` -> `System` -> `Export System` - a. Check `Exclude Content` to save export size (as Artifactory filestore will persist across upgrade) - b. Choose to save the export on the persisted Artifactory volume (`/var/opt/jfrog/artifactory/`) - c. Click `Export` (this can take some time) - 3. Run the `helm upgrade` with the new version. Old PostgreSQL will be removed and new one deployed - a. You must pass explicit "ready for upgrade flag" with `--set databaseUpgradeReady=yes`. Failing to provide this will block the upgrade! - 4. Once ready, open Artifactory UI (you might need to re-enter a valid license). Skip all onboarding wizard steps - a. **NOTE:** Don't worry you can't see the old config and files. It will all restore with the system import in the next step - 5. Perform `Import System` from the `Admin` -> `Import & Export` -> `System` -> `Import System` - a. Browse to where the export was saved Artifactory volume (`/var/opt/jfrog/artifactory/`) - b. Click `Import` (this can take some time) - 6. Restore access to Artifactory - a. Scale the cluster member nodes back to the original size - * Artifactory should now be ready to get back to normal operation diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/app-readme.md b/charts/artifactory-ha/artifactory-ha/4.13.0/app-readme.md deleted file mode 100644 index a5aa5fd47..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/app-readme.md +++ /dev/null @@ -1,16 +0,0 @@ -# JFrog Artifactory High Availability Helm Chart - -Universal Repository Manager supporting all major packaging formats, build tools and CI servers. - -## Chart Details -This chart will do the following: - -* Deploy Artifactory highly available cluster. 1 primary node and 2 member nodes. -* Deploy a PostgreSQL database -* Deploy an Nginx server(optional) - -## Useful links -Blog: [Herd Trust Into Your Rancher Labs Multi-Cloud Strategy with Artifactory](https://jfrog.com/blog/herd-trust-into-your-rancher-labs-multi-cloud-strategy-with-artifactory/) - -## Activate Your Artifactory Instance -Don't have a license? Please send an email to [rancher-jfrog-licenses@jfrog.com](mailto:rancher-jfrog-licenses@jfrog.com) to get it. diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/.helmignore b/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/.helmignore deleted file mode 100644 index f0c131944..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/Chart.yaml b/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/Chart.yaml deleted file mode 100644 index 9bed0aa83..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/Chart.yaml +++ /dev/null @@ -1,24 +0,0 @@ -annotations: - category: Database -apiVersion: v1 -appVersion: 11.9.0 -description: Chart for PostgreSQL, an object-relational database management system - (ORDBMS) with an emphasis on extensibility and on standards-compliance. -home: https://www.postgresql.org/ -icon: https://bitnami.com/assets/stacks/postgresql/img/postgresql-stack-110x117.png -keywords: -- postgresql -- postgres -- database -- sql -- replication -- cluster -maintainers: -- email: containers@bitnami.com - name: Bitnami -- email: cedric@desaintmartin.fr - name: desaintmartin -name: postgresql -sources: -- https://github.com/bitnami/bitnami-docker-postgresql -version: 9.3.4 diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/README.md b/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/README.md deleted file mode 100644 index 319291bc6..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/README.md +++ /dev/null @@ -1,680 +0,0 @@ -# PostgreSQL - -[PostgreSQL](https://www.postgresql.org/) is an object-relational database management system (ORDBMS) with an emphasis on extensibility and on standards-compliance. - -For HA, please see [this repo](https://github.com/bitnami/charts/tree/master/bitnami/postgresql-ha) - -## TL;DR - -```console -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release bitnami/postgresql -``` - -## Introduction - -This chart bootstraps a [PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/). - -## Prerequisites - -- Kubernetes 1.12+ -- Helm 2.12+ or Helm 3.0-beta3+ -- PV provisioner support in the underlying infrastructure - -## Installing the Chart -To install the chart with the release name `my-release`: - -```console -$ helm install my-release bitnami/postgresql -``` - -The command deploys PostgreSQL on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `my-release` deployment: - -```console -$ helm delete my-release -``` - -The command removes all the Kubernetes components but PVC's associated with the chart and deletes the release. - -To delete the PVC's associated with `my-release`: - -```console -$ kubectl delete pvc -l release=my-release -``` - -> **Note**: Deleting the PVC's will delete postgresql data as well. Please be cautious before doing it. - -## Parameters - -The following tables lists the configurable parameters of the PostgreSQL chart and their default values. - -| Parameter | Description | Default | -|-----------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------| -| `global.imageRegistry` | Global Docker Image registry | `nil` | -| `global.postgresql.postgresqlDatabase` | PostgreSQL database (overrides `postgresqlDatabase`) | `nil` | -| `global.postgresql.postgresqlUsername` | PostgreSQL username (overrides `postgresqlUsername`) | `nil` | -| `global.postgresql.existingSecret` | Name of existing secret to use for PostgreSQL passwords (overrides `existingSecret`) | `nil` | -| `global.postgresql.postgresqlPassword` | PostgreSQL admin password (overrides `postgresqlPassword`) | `nil` | -| `global.postgresql.servicePort` | PostgreSQL port (overrides `service.port`) | `nil` | -| `global.postgresql.replicationPassword` | Replication user password (overrides `replication.password`) | `nil` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | -| `global.storageClass` | Global storage class for dynamic provisioning | `nil` | -| `image.registry` | PostgreSQL Image registry | `docker.io` | -| `image.repository` | PostgreSQL Image name | `bitnami/postgresql` | -| `image.tag` | PostgreSQL Image tag | `{TAG_NAME}` | -| `image.pullPolicy` | PostgreSQL Image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Specify Image pull secrets | `nil` (does not add image pull secrets to deployed pods) | -| `image.debug` | Specify if debug values should be set | `false` | -| `nameOverride` | String to partially override postgresql.fullname template with a string (will prepend the release name) | `nil` | -| `fullnameOverride` | String to fully override postgresql.fullname template with a string | `nil` | -| `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work) | `false` | -| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | -| `volumePermissions.image.repository` | Init container volume-permissions image name | `bitnami/minideb` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag | `buster` | -| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `Always` | -| `volumePermissions.securityContext.runAsUser` | User ID for the init container (when facing issues in OpenShift or uid unknown, try value "auto") | `0` | -| `usePasswordFile` | Have the secrets mounted as a file instead of env vars | `false` | -| `ldap.enabled` | Enable LDAP support | `false` | -| `ldap.existingSecret` | Name of existing secret to use for LDAP passwords | `nil` | -| `ldap.url` | LDAP URL beginning in the form `ldap[s]://host[:port]/basedn[?[attribute][?[scope][?[filter]]]]` | `nil` | -| `ldap.server` | IP address or name of the LDAP server. | `nil` | -| `ldap.port` | Port number on the LDAP server to connect to | `nil` | -| `ldap.scheme` | Set to `ldaps` to use LDAPS. | `nil` | -| `ldap.tls` | Set to `1` to use TLS encryption | `nil` | -| `ldap.prefix` | String to prepend to the user name when forming the DN to bind | `nil` | -| `ldap.suffix` | String to append to the user name when forming the DN to bind | `nil` | -| `ldap.search_attr` | Attribute to match agains the user name in the search | `nil` | -| `ldap.search_filter` | The search filter to use when doing search+bind authentication | `nil` | -| `ldap.baseDN` | Root DN to begin the search for the user in | `nil` | -| `ldap.bindDN` | DN of user to bind to LDAP | `nil` | -| `ldap.bind_password` | Password for the user to bind to LDAP | `nil` | -| `replication.enabled` | Enable replication | `false` | -| `replication.user` | Replication user | `repl_user` | -| `replication.password` | Replication user password | `repl_password` | -| `replication.slaveReplicas` | Number of slaves replicas | `1` | -| `replication.synchronousCommit` | Set synchronous commit mode. Allowed values: `on`, `remote_apply`, `remote_write`, `local` and `off` | `off` | -| `replication.numSynchronousReplicas` | Number of replicas that will have synchronous replication. Note: Cannot be greater than `replication.slaveReplicas`. | `0` | -| `replication.applicationName` | Cluster application name. Useful for advanced replication settings | `my_application` | -| `existingSecret` | Name of existing secret to use for PostgreSQL passwords. The secret has to contain the keys `postgresql-postgres-password` which is the password for `postgresqlUsername` when it is different of `postgres`, `postgresql-password` which will override `postgresqlPassword`, `postgresql-replication-password` which will override `replication.password` and `postgresql-ldap-password` which will be sed to authenticate on LDAP. The value is evaluated as a template. | `nil` | -| `postgresqlPostgresPassword` | PostgreSQL admin password (used when `postgresqlUsername` is not `postgres`, in which case`postgres` is the admin username). | _random 10 character alphanumeric string_ | -| `postgresqlUsername` | PostgreSQL user (creates a non-admin user when `postgresqlUsername` is not `postgres`) | `postgres` | -| `postgresqlPassword` | PostgreSQL user password | _random 10 character alphanumeric string_ | -| `postgresqlDatabase` | PostgreSQL database | `nil` | -| `postgresqlDataDir` | PostgreSQL data dir folder | `/bitnami/postgresql` (same value as persistence.mountPath) | -| `extraEnv` | Any extra environment variables you would like to pass on to the pod. The value is evaluated as a template. | `[]` | -| `extraEnvVarsCM` | Name of a Config Map containing extra environment variables you would like to pass on to the pod. The value is evaluated as a template. | `nil` | -| `postgresqlInitdbArgs` | PostgreSQL initdb extra arguments | `nil` | -| `postgresqlInitdbWalDir` | PostgreSQL location for transaction log | `nil` | -| `postgresqlConfiguration` | Runtime Config Parameters | `nil` | -| `postgresqlExtendedConf` | Extended Runtime Config Parameters (appended to main or default configuration) | `nil` | -| `pgHbaConfiguration` | Content of pg_hba.conf | `nil (do not create pg_hba.conf)` | -| `configurationConfigMap` | ConfigMap with the PostgreSQL configuration files (Note: Overrides `postgresqlConfiguration` and `pgHbaConfiguration`). The value is evaluated as a template. | `nil` | -| `extendedConfConfigMap` | ConfigMap with the extended PostgreSQL configuration files. The value is evaluated as a template. | `nil` | -| `initdbScripts` | Dictionary of initdb scripts | `nil` | -| `initdbUser` | PostgreSQL user to execute the .sql and sql.gz scripts | `nil` | -| `initdbPassword` | Password for the user specified in `initdbUser` | `nil` | -| `initdbScriptsConfigMap` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`). The value is evaluated as a template. | `nil` | -| `initdbScriptsSecret` | Secret with initdb scripts that contain sensitive information (Note: can be used with `initdbScriptsConfigMap` or `initdbScripts`). The value is evaluated as a template. | `nil` | -| `service.type` | Kubernetes Service type | `ClusterIP` | -| `service.port` | PostgreSQL port | `5432` | -| `service.nodePort` | Kubernetes Service nodePort | `nil` | -| `service.annotations` | Annotations for PostgreSQL service | `{}` (evaluated as a template) | -| `service.loadBalancerIP` | loadBalancerIP if service type is `LoadBalancer` | `nil` | -| `service.loadBalancerSourceRanges` | Address that are allowed when svc is LoadBalancer | `[]` (evaluated as a template) | -| `schedulerName` | Name of the k8s scheduler (other than default) | `nil` | -| `shmVolume.enabled` | Enable emptyDir volume for /dev/shm for master and slave(s) Pod(s) | `true` | -| `shmVolume.chmod.enabled` | Run at init chmod 777 of the /dev/shm (ignored if `volumePermissions.enabled` is `false`) | `true` | -| `persistence.enabled` | Enable persistence using PVC | `true` | -| `persistence.existingClaim` | Provide an existing `PersistentVolumeClaim`, the value is evaluated as a template. | `nil` | -| `persistence.mountPath` | Path to mount the volume at | `/bitnami/postgresql` | -| `persistence.subPath` | Subdirectory of the volume to mount at | `""` | -| `persistence.storageClass` | PVC Storage Class for PostgreSQL volume | `nil` | -| `persistence.accessModes` | PVC Access Mode for PostgreSQL volume | `[ReadWriteOnce]` | -| `persistence.size` | PVC Storage Request for PostgreSQL volume | `8Gi` | -| `persistence.annotations` | Annotations for the PVC | `{}` | -| `commonAnnotations` | Annotations to be added to all deployed resources (rendered as a template) | `{}` | -| `master.nodeSelector` | Node labels for pod assignment (postgresql master) | `{}` | -| `master.affinity` | Affinity labels for pod assignment (postgresql master) | `{}` | -| `master.tolerations` | Toleration labels for pod assignment (postgresql master) | `[]` | -| `master.anotations` | Map of annotations to add to the statefulset (postgresql master) | `{}` | -| `master.labels` | Map of labels to add to the statefulset (postgresql master) | `{}` | -| `master.podAnnotations` | Map of annotations to add to the pods (postgresql master) | `{}` | -| `master.podLabels` | Map of labels to add to the pods (postgresql master) | `{}` | -| `master.priorityClassName` | Priority Class to use for each pod (postgresql master) | `nil` | -| `master.extraInitContainers` | Additional init containers to add to the pods (postgresql master) | `[]` | -| `master.extraVolumeMounts` | Additional volume mounts to add to the pods (postgresql master) | `[]` | -| `master.extraVolumes` | Additional volumes to add to the pods (postgresql master) | `[]` | -| `master.sidecars` | Add additional containers to the pod | `[]` | -| `master.service.type` | Allows using a different service type for Master | `nil` | -| `master.service.nodePort` | Allows using a different nodePort for Master | `nil` | -| `master.service.clusterIP` | Allows using a different clusterIP for Master | `nil` | -| `slave.nodeSelector` | Node labels for pod assignment (postgresql slave) | `{}` | -| `slave.affinity` | Affinity labels for pod assignment (postgresql slave) | `{}` | -| `slave.tolerations` | Toleration labels for pod assignment (postgresql slave) | `[]` | -| `slave.anotations` | Map of annotations to add to the statefulsets (postgresql slave) | `{}` | -| `slave.labels` | Map of labels to add to the statefulsets (postgresql slave) | `{}` | -| `slave.podAnnotations` | Map of annotations to add to the pods (postgresql slave) | `{}` | -| `slave.podLabels` | Map of labels to add to the pods (postgresql slave) | `{}` | -| `slave.priorityClassName` | Priority Class to use for each pod (postgresql slave) | `nil` | -| `slave.extraInitContainers` | Additional init containers to add to the pods (postgresql slave) | `[]` | -| `slave.extraVolumeMounts` | Additional volume mounts to add to the pods (postgresql slave) | `[]` | -| `slave.extraVolumes` | Additional volumes to add to the pods (postgresql slave) | `[]` | -| `slave.sidecars` | Add additional containers to the pod | `[]` | -| `slave.service.type` | Allows using a different service type for Slave | `nil` | -| `slave.service.nodePort` | Allows using a different nodePort for Slave | `nil` | -| `slave.service.clusterIP` | Allows using a different clusterIP for Slave | `nil` | -| `slave.persistence.enabled` | Whether to enable slave replicas persistence | `true` | -| `terminationGracePeriodSeconds` | Seconds the pod needs to terminate gracefully | `nil` | -| `resources` | CPU/Memory resource requests/limits | Memory: `256Mi`, CPU: `250m` | -| `securityContext.enabled` | Enable security context | `true` | -| `securityContext.fsGroup` | Group ID for the container | `1001` | -| `securityContext.runAsUser` | User ID for the container | `1001` | -| `serviceAccount.enabled` | Enable service account (Note: Service Account will only be automatically created if `serviceAccount.name` is not set) | `false` | -| `serviceAccount.name` | Name of existing service account | `nil` | -| `livenessProbe.enabled` | Would you like a livenessProbe to be enabled | `true` | -| `networkPolicy.enabled` | Enable NetworkPolicy | `false` | -| `networkPolicy.allowExternal` | Don't require client label for connections | `true` | -| `networkPolicy.explicitNamespacesSelector` | A Kubernetes LabelSelector to explicitly select namespaces from which ingress traffic could be allowed | `{}` | -| `livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 30 | -| `livenessProbe.periodSeconds` | How often to perform the probe | 10 | -| `livenessProbe.timeoutSeconds` | When the probe times out | 5 | -| `livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | -| `livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | -| `readinessProbe.enabled` | would you like a readinessProbe to be enabled | `true` | -| `readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | 5 | -| `readinessProbe.periodSeconds` | How often to perform the probe | 10 | -| `readinessProbe.timeoutSeconds` | When the probe times out | 5 | -| `readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | -| `readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | -| `tls.enabled` | Enable TLS traffic support | `false` | -| `tls.preferServerCiphers` | Whether to use the server's TLS cipher preferences rather than the client's | `true` | -| `tls.certificatesSecret` | Name of an existing secret that contains the certificates | `nil` | -| `tls.certFilename` | Certificate filename | `""` | -| `tls.certKeyFilename` | Certificate key filename | `""` | -| `tls.certCAFilename` | CA Certificate filename. If provided, PostgreSQL will authenticate TLS/SSL clients by requesting them a certificate. |`nil` | -| `tls.crlFilename` | File containing a Certificate Revocation List |`nil` | -| `metrics.enabled` | Start a prometheus exporter | `false` | -| `metrics.service.type` | Kubernetes Service type | `ClusterIP` | -| `service.clusterIP` | Static clusterIP or None for headless services | `nil` | -| `metrics.service.annotations` | Additional annotations for metrics exporter pod | `{ prometheus.io/scrape: "true", prometheus.io/port: "9187"}` | -| `metrics.service.loadBalancerIP` | loadBalancerIP if redis metrics service type is `LoadBalancer` | `nil` | -| `metrics.serviceMonitor.enabled` | Set this to `true` to create ServiceMonitor for Prometheus operator | `false` | -| `metrics.serviceMonitor.additionalLabels` | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus | `{}` | -| `metrics.serviceMonitor.namespace` | Optional namespace in which to create ServiceMonitor | `nil` | -| `metrics.serviceMonitor.interval` | Scrape interval. If not set, the Prometheus default scrape interval is used | `nil` | -| `metrics.serviceMonitor.scrapeTimeout` | Scrape timeout. If not set, the Prometheus default scrape timeout is used | `nil` | -| `metrics.prometheusRule.enabled` | Set this to true to create prometheusRules for Prometheus operator | `false` | -| `metrics.prometheusRule.additionalLabels` | Additional labels that can be used so prometheusRules will be discovered by Prometheus | `{}` | -| `metrics.prometheusRule.namespace` | namespace where prometheusRules resource should be created | the same namespace as postgresql | -| `metrics.prometheusRule.rules` | [rules](https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/) to be created, check values for an example. | `[]` | -| `metrics.image.registry` | PostgreSQL Exporter Image registry | `docker.io` | -| `metrics.image.repository` | PostgreSQL Exporter Image name | `bitnami/postgres-exporter` | -| `metrics.image.tag` | PostgreSQL Exporter Image tag | `{TAG_NAME}` | -| `metrics.image.pullPolicy` | PostgreSQL Exporter Image pull policy | `IfNotPresent` | -| `metrics.image.pullSecrets` | Specify Image pull secrets | `nil` (does not add image pull secrets to deployed pods) | -| `metrics.customMetrics` | Additional custom metrics | `nil` | -| `metrics.extraEnvVars` | Extra environment variables to add to exporter | `{}` (evaluated as a template) | -| `metrics.securityContext.enabled` | Enable security context for metrics | `false` | -| `metrics.securityContext.runAsUser` | User ID for the container for metrics | `1001` | -| `metrics.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 30 | -| `metrics.livenessProbe.periodSeconds` | How often to perform the probe | 10 | -| `metrics.livenessProbe.timeoutSeconds` | When the probe times out | 5 | -| `metrics.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | -| `metrics.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | -| `metrics.readinessProbe.enabled` | would you like a readinessProbe to be enabled | `true` | -| `metrics.readinessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 5 | -| `metrics.readinessProbe.periodSeconds` | How often to perform the probe | 10 | -| `metrics.readinessProbe.timeoutSeconds` | When the probe times out | 5 | -| `metrics.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | -| `metrics.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | -| `updateStrategy` | Update strategy policy | `{type: "RollingUpdate"}` | -| `psp.create` | Create Pod Security Policy | `false` | -| `rbac.create` | Create Role and RoleBinding (required for PSP to work) | `false` | - - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```console -$ helm install my-release \ - --set postgresqlPassword=secretpassword,postgresqlDatabase=my-database \ - bitnami/postgresql -``` - -The above command sets the PostgreSQL `postgres` account password to `secretpassword`. Additionally it creates a database named `my-database`. - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```console -$ helm install my-release -f values.yaml bitnami/postgresql -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -## Configuration and installation details - -### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) - -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. - -Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. - -### Production configuration and horizontal scaling - -This chart includes a `values-production.yaml` file where you can find some parameters oriented to production configuration in comparison to the regular `values.yaml`. You can use this file instead of the default one. - -- Enable replication: -```diff -- replication.enabled: false -+ replication.enabled: true -``` - -- Number of slaves replicas: -```diff -- replication.slaveReplicas: 1 -+ replication.slaveReplicas: 2 -``` - -- Set synchronous commit mode: -```diff -- replication.synchronousCommit: "off" -+ replication.synchronousCommit: "on" -``` - -- Number of replicas that will have synchronous replication: -```diff -- replication.numSynchronousReplicas: 0 -+ replication.numSynchronousReplicas: 1 -``` - -- Start a prometheus exporter: -```diff -- metrics.enabled: false -+ metrics.enabled: true -``` - -To horizontally scale this chart, you can use the `--replicas` flag to modify the number of nodes in your PostgreSQL deployment. Also you can use the `values-production.yaml` file or modify the parameters shown above. - -### Customizing Master and Slave services in a replicated configuration - -At the top level, there is a service object which defines the services for both master and slave. For deeper customization, there are service objects for both the master and slave types individually. This allows you to override the values in the top level service object so that the master and slave can be of different service types and with different clusterIPs / nodePorts. Also in the case you want the master and slave to be of type nodePort, you will need to set the nodePorts to different values to prevent a collision. The values that are deeper in the master.service or slave.service objects will take precedence over the top level service object. - -### Change PostgreSQL version - -To modify the PostgreSQL version used in this chart you can specify a [valid image tag](https://hub.docker.com/r/bitnami/postgresql/tags/) using the `image.tag` parameter. For example, `image.tag=X.Y.Z`. This approach is also applicable to other images like exporters. - -### postgresql.conf / pg_hba.conf files as configMap - -This helm chart also supports to customize the whole configuration file. - -Add your custom file to "files/postgresql.conf" in your working directory. This file will be mounted as configMap to the containers and it will be used for configuring the PostgreSQL server. - -Alternatively, you can specify PostgreSQL configuration parameters using the `postgresqlConfiguration` parameter as a dict, using camelCase, e.g. {"sharedBuffers": "500MB"}. - -In addition to these options, you can also set an external ConfigMap with all the configuration files. This is done by setting the `configurationConfigMap` parameter. Note that this will override the two previous options. - -### Allow settings to be loaded from files other than the default `postgresql.conf` - -If you don't want to provide the whole PostgreSQL configuration file and only specify certain parameters, you can add your extended `.conf` files to "files/conf.d/" in your working directory. -Those files will be mounted as configMap to the containers adding/overwriting the default configuration using the `include_dir` directive that allows settings to be loaded from files other than the default `postgresql.conf`. - -Alternatively, you can also set an external ConfigMap with all the extra configuration files. This is done by setting the `extendedConfConfigMap` parameter. Note that this will override the previous option. - -### Initialize a fresh instance - -The [Bitnami PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) image allows you to use your custom scripts to initialize a fresh instance. In order to execute the scripts, they must be located inside the chart folder `files/docker-entrypoint-initdb.d` so they can be consumed as a ConfigMap. - -Alternatively, you can specify custom scripts using the `initdbScripts` parameter as dict. - -In addition to these options, you can also set an external ConfigMap with all the initialization scripts. This is done by setting the `initdbScriptsConfigMap` parameter. Note that this will override the two previous options. If your initialization scripts contain sensitive information such as credentials or passwords, you can use the `initdbScriptsSecret` parameter. - -The allowed extensions are `.sh`, `.sql` and `.sql.gz`. - -### Securing traffic using TLS - -TLS support can be enabled in the chart by specifying the `tls.` parameters while creating a release. The following parameters should be configured to properly enable the TLS support in the chart: - -- `tls.enabled`: Enable TLS support. Defaults to `false` -- `tls.certificatesSecret`: Name of an existing secret that contains the certificates. No defaults. -- `tls.certFilename`: Certificate filename. No defaults. -- `tls.certKeyFilename`: Certificate key filename. No defaults. - -For example: - -* First, create the secret with the cetificates files: - - ```console - kubectl create secret generic certificates-tls-secret --from-file=./cert.crt --from-file=./cert.key --from-file=./ca.crt - ``` - -* Then, use the following parameters: - - ```console - volumePermissions.enabled=true - tls.enabled=true - tls.certificatesSecret="certificates-tls-secret" - tls.certFilename="cert.crt" - tls.certKeyFilename="cert.key" - ``` - - > Note TLS and VolumePermissions: PostgreSQL requires certain permissions on sensitive files (such as certificate keys) to start up. Due to an on-going [issue](https://github.com/kubernetes/kubernetes/issues/57923) regarding kubernetes permissions and the use of `securityContext.runAsUser`, you must enable `volumePermissions` to ensure everything works as expected. - -### Sidecars - -If you need additional containers to run within the same pod as PostgreSQL (e.g. an additional metrics or logging exporter), you can do so via the `sidecars` config parameter. Simply define your container according to the Kubernetes container spec. - -```yaml -# For the PostgreSQL master -master: - sidecars: - - name: your-image-name - image: your-image - imagePullPolicy: Always - ports: - - name: portname - containerPort: 1234 -# For the PostgreSQL replicas -slave: - sidecars: - - name: your-image-name - image: your-image - imagePullPolicy: Always - ports: - - name: portname - containerPort: 1234 -``` - -### Metrics - -The chart optionally can start a metrics exporter for [prometheus](https://prometheus.io). The metrics endpoint (port 9187) is not exposed and it is expected that the metrics are collected from inside the k8s cluster using something similar as the described in the [example Prometheus scrape configuration](https://github.com/prometheus/prometheus/blob/master/documentation/examples/prometheus-kubernetes.yml). - -The exporter allows to create custom metrics from additional SQL queries. See the Chart's `values.yaml` for an example and consult the [exporters documentation](https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file) for more details. - -### Use of global variables - -In more complex scenarios, we may have the following tree of dependencies - -``` - +--------------+ - | | - +------------+ Chart 1 +-----------+ - | | | | - | --------+------+ | - | | | - | | | - | | | - | | | - v v v -+-------+------+ +--------+------+ +--------+------+ -| | | | | | -| PostgreSQL | | Sub-chart 1 | | Sub-chart 2 | -| | | | | | -+--------------+ +---------------+ +---------------+ -``` - -The three charts below depend on the parent chart Chart 1. However, subcharts 1 and 2 may need to connect to PostgreSQL as well. In order to do so, subcharts 1 and 2 need to know the PostgreSQL credentials, so one option for deploying could be deploy Chart 1 with the following parameters: - -``` -postgresql.postgresqlPassword=testtest -subchart1.postgresql.postgresqlPassword=testtest -subchart2.postgresql.postgresqlPassword=testtest -postgresql.postgresqlDatabase=db1 -subchart1.postgresql.postgresqlDatabase=db1 -subchart2.postgresql.postgresqlDatabase=db1 -``` - -If the number of dependent sub-charts increases, installing the chart with parameters can become increasingly difficult. An alternative would be to set the credentials using global variables as follows: - -``` -global.postgresql.postgresqlPassword=testtest -global.postgresql.postgresqlDatabase=db1 -``` - -This way, the credentials will be available in all of the subcharts. - -## Persistence - -The [Bitnami PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) image stores the PostgreSQL data and configurations at the `/bitnami/postgresql` path of the container. - -Persistent Volume Claims are used to keep the data across deployments. This is known to work in GCE, AWS, and minikube. -See the [Parameters](#parameters) section to configure the PVC or to disable persistence. - -If you already have data in it, you will fail to sync to standby nodes for all commits, details can refer to [code](https://github.com/bitnami/bitnami-docker-postgresql/blob/8725fe1d7d30ebe8d9a16e9175d05f7ad9260c93/9.6/debian-9/rootfs/libpostgresql.sh#L518-L556). If you need to use those data, please covert them to sql and import after `helm install` finished. - -## NetworkPolicy - -To enable network policy for PostgreSQL, install [a networking plugin that implements the Kubernetes NetworkPolicy spec](https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy#before-you-begin), and set `networkPolicy.enabled` to `true`. - -For Kubernetes v1.5 & v1.6, you must also turn on NetworkPolicy by setting the DefaultDeny namespace annotation. Note: this will enforce policy for _all_ pods in the namespace: - -```console -$ kubectl annotate namespace default "net.beta.kubernetes.io/network-policy={\"ingress\":{\"isolation\":\"DefaultDeny\"}}" -``` - -With NetworkPolicy enabled, traffic will be limited to just port 5432. - -For more precise policy, set `networkPolicy.allowExternal=false`. This will only allow pods with the generated client label to connect to PostgreSQL. -This label will be displayed in the output of a successful install. - -## Differences between Bitnami PostgreSQL image and [Docker Official](https://hub.docker.com/_/postgres) image - -- The Docker Official PostgreSQL image does not support replication. If you pass any replication environment variable, this would be ignored. The only environment variables supported by the Docker Official image are POSTGRES_USER, POSTGRES_DB, POSTGRES_PASSWORD, POSTGRES_INITDB_ARGS, POSTGRES_INITDB_WALDIR and PGDATA. All the remaining environment variables are specific to the Bitnami PostgreSQL image. -- The Bitnami PostgreSQL image is non-root by default. This requires that you run the pod with `securityContext` and updates the permissions of the volume with an `initContainer`. A key benefit of this configuration is that the pod follows security best practices and is prepared to run on Kubernetes distributions with hard security constraints like OpenShift. -- For OpenShift, one may either define the runAsUser and fsGroup accordingly, or try this more dynamic option: volumePermissions.securityContext.runAsUser="auto",securityContext.enabled=false,shmVolume.chmod.enabled=false - -### Deploy chart using Docker Official PostgreSQL Image - -From chart version 4.0.0, it is possible to use this chart with the Docker Official PostgreSQL image. -Besides specifying the new Docker repository and tag, it is important to modify the PostgreSQL data directory and volume mount point. Basically, the PostgreSQL data dir cannot be the mount point directly, it has to be a subdirectory. - -``` -image.repository=postgres -image.tag=10.6 -postgresqlDataDir=/data/pgdata -persistence.mountPath=/data/ -``` - -## Upgrade - -It's necessary to specify the existing passwords while performing an upgrade to ensure the secrets are not updated with invalid randomly generated passwords. Remember to specify the existing values of the `postgresqlPassword` and `replication.password` parameters when upgrading the chart: - -```bash -$ helm upgrade my-release stable/postgresql \ - --set postgresqlPassword=[POSTGRESQL_PASSWORD] \ - --set replication.password=[REPLICATION_PASSWORD] -``` - -> Note: you need to substitute the placeholders _[POSTGRESQL_PASSWORD]_, and _[REPLICATION_PASSWORD]_ with the values obtained from instructions in the installation notes. - -## 9.0.0 - -In this version the chart was adapted to follow the Helm label best practices, see [PR 3021](https://github.com/bitnami/charts/pull/3021). That means the backward compatibility is not guarantee when upgrading the chart to this major version. - -As a workaround, you can delete the existing statefulset (using the `--cascade=false` flag pods are not deleted) before upgrade the chart. For example, this can be a valid workflow: - -- Deploy an old version (8.X.X) -```console -$ helm install postgresql bitnami/postgresql --version 8.10.14 -``` - -- Old version is up and running -```console -$ helm ls -NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION -postgresql default 1 2020-08-04 13:39:54.783480286 +0000 UTC deployed postgresql-8.10.14 11.8.0 - -$ kubectl get pods -NAME READY STATUS RESTARTS AGE -postgresql-postgresql-0 1/1 Running 0 76s -``` - -- The upgrade to the latest one (9.X.X) is going to fail -```console -$ helm upgrade postgresql bitnami/postgresql -Error: UPGRADE FAILED: cannot patch "postgresql-postgresql" with kind StatefulSet: StatefulSet.apps "postgresql-postgresql" is invalid: spec: Forbidden: updates to statefulset spec for fields other than 'replicas', 'template', and 'updateStrategy' are forbidden -``` - -- Delete the statefulset -```console -$ kubectl delete statefulsets.apps --cascade=false postgresql-postgresql -statefulset.apps "postgresql-postgresql" deleted -``` - -- Now the upgrade works -```cosnole -$ helm upgrade postgresql bitnami/postgresql -$ helm ls -NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION -postgresql default 3 2020-08-04 13:42:08.020385884 +0000 UTC deployed postgresql-9.1.2 11.8.0 -``` - -- We can kill the existing pod and the new statefulset is going to create a new one: -```console -$ kubectl delete pod postgresql-postgresql-0 -pod "postgresql-postgresql-0" deleted - -$ kubectl get pods -NAME READY STATUS RESTARTS AGE -postgresql-postgresql-0 1/1 Running 0 19s -``` - -Please, note that without the `--cascade=false` both objects (statefulset and pod) are going to be removed and both objects will be deployed again with the `helm upgrade` command - -## 8.0.0 - -Prefixes the port names with their protocols to comply with Istio conventions. - -If you depend on the port names in your setup, make sure to update them to reflect this change. - -## 7.1.0 - -Adds support for LDAP configuration. - -## 7.0.0 - -Helm performs a lookup for the object based on its group (apps), version (v1), and kind (Deployment). Also known as its GroupVersionKind, or GVK. Changing the GVK is considered a compatibility breaker from Kubernetes' point of view, so you cannot "upgrade" those objects to the new GVK in-place. Earlier versions of Helm 3 did not perform the lookup correctly which has since been fixed to match the spec. - -In https://github.com/helm/charts/pull/17281 the `apiVersion` of the statefulset resources was updated to `apps/v1` in tune with the api's deprecated, resulting in compatibility breakage. - -This major version bump signifies this change. - -## 6.5.7 - -In this version, the chart will use PostgreSQL with the Postgis extension included. The version used with Postgresql version 10, 11 and 12 is Postgis 2.5. It has been compiled with the following dependencies: - -- protobuf -- protobuf-c -- json-c -- geos -- proj - -## 5.0.0 - -In this version, the **chart is using PostgreSQL 11 instead of PostgreSQL 10**. You can find the main difference and notable changes in the following links: [https://www.postgresql.org/about/news/1894/](https://www.postgresql.org/about/news/1894/) and [https://www.postgresql.org/about/featurematrix/](https://www.postgresql.org/about/featurematrix/). - -For major releases of PostgreSQL, the internal data storage format is subject to change, thus complicating upgrades, you can see some errors like the following one in the logs: - -```console -Welcome to the Bitnami postgresql container -Subscribe to project updates by watching https://github.com/bitnami/bitnami-docker-postgresql -Submit issues and feature requests at https://github.com/bitnami/bitnami-docker-postgresql/issues -Send us your feedback at containers@bitnami.com - -INFO ==> ** Starting PostgreSQL setup ** -NFO ==> Validating settings in POSTGRESQL_* env vars.. -INFO ==> Initializing PostgreSQL database... -INFO ==> postgresql.conf file not detected. Generating it... -INFO ==> pg_hba.conf file not detected. Generating it... -INFO ==> Deploying PostgreSQL with persisted data... -INFO ==> Configuring replication parameters -INFO ==> Loading custom scripts... -INFO ==> Enabling remote connections -INFO ==> Stopping PostgreSQL... -INFO ==> ** PostgreSQL setup finished! ** - -INFO ==> ** Starting PostgreSQL ** - [1] FATAL: database files are incompatible with server - [1] DETAIL: The data directory was initialized by PostgreSQL version 10, which is not compatible with this version 11.3. -``` - -In this case, you should migrate the data from the old chart to the new one following an approach similar to that described in [this section](https://www.postgresql.org/docs/current/upgrading.html#UPGRADING-VIA-PGDUMPALL) from the official documentation. Basically, create a database dump in the old chart, move and restore it in the new one. - -### 4.0.0 - -This chart will use by default the Bitnami PostgreSQL container starting from version `10.7.0-r68`. This version moves the initialization logic from node.js to bash. This new version of the chart requires setting the `POSTGRES_PASSWORD` in the slaves as well, in order to properly configure the `pg_hba.conf` file. Users from previous versions of the chart are advised to upgrade immediately. - -IMPORTANT: If you do not want to upgrade the chart version then make sure you use the `10.7.0-r68` version of the container. Otherwise, you will get this error - -``` -The POSTGRESQL_PASSWORD environment variable is empty or not set. Set the environment variable ALLOW_EMPTY_PASSWORD=yes to allow the container to be started with blank passwords. This is recommended only for development -``` - -### 3.0.0 - -This releases make it possible to specify different nodeSelector, affinity and tolerations for master and slave pods. -It also fixes an issue with `postgresql.master.fullname` helper template not obeying fullnameOverride. - -#### Breaking changes - -- `affinty` has been renamed to `master.affinity` and `slave.affinity`. -- `tolerations` has been renamed to `master.tolerations` and `slave.tolerations`. -- `nodeSelector` has been renamed to `master.nodeSelector` and `slave.nodeSelector`. - -### 2.0.0 - -In order to upgrade from the `0.X.X` branch to `1.X.X`, you should follow the below steps: - - - Obtain the service name (`SERVICE_NAME`) and password (`OLD_PASSWORD`) of the existing postgresql chart. You can find the instructions to obtain the password in the NOTES.txt, the service name can be obtained by running - -```console -$ kubectl get svc -``` - -- Install (not upgrade) the new version - -```console -$ helm repo update -$ helm install my-release bitnami/postgresql -``` - -- Connect to the new pod (you can obtain the name by running `kubectl get pods`): - -```console -$ kubectl exec -it NAME bash -``` - -- Once logged in, create a dump file from the previous database using `pg_dump`, for that we should connect to the previous postgresql chart: - -```console -$ pg_dump -h SERVICE_NAME -U postgres DATABASE_NAME > /tmp/backup.sql -``` - -After run above command you should be prompted for a password, this password is the previous chart password (`OLD_PASSWORD`). -This operation could take some time depending on the database size. - -- Once you have the backup file, you can restore it with a command like the one below: - -```console -$ psql -U postgres DATABASE_NAME < /tmp/backup.sql -``` - -In this case, you are accessing to the local postgresql, so the password should be the new one (you can find it in NOTES.txt). - -If you want to restore the database and the database schema does not exist, it is necessary to first follow the steps described below. - -```console -$ psql -U postgres -postgres=# drop database DATABASE_NAME; -postgres=# create database DATABASE_NAME; -postgres=# create user USER_NAME; -postgres=# alter role USER_NAME with password 'BITNAMI_USER_PASSWORD'; -postgres=# grant all privileges on database DATABASE_NAME to USER_NAME; -postgres=# alter database DATABASE_NAME owner to USER_NAME; -``` diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/charts/common/.helmignore b/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/charts/common/.helmignore deleted file mode 100644 index 50af03172..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/charts/common/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/charts/common/Chart.yaml b/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/charts/common/Chart.yaml deleted file mode 100644 index 0044c2232..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/charts/common/Chart.yaml +++ /dev/null @@ -1,21 +0,0 @@ -annotations: - category: Infrastructure -apiVersion: v1 -appVersion: 0.6.2 -description: A Library Helm Chart for grouping common logic between bitnami charts. - This chart is not deployable by itself. -home: http://www.bitnami.com/ -icon: https://bitnami.com/downloads/logos/bitnami-mark.png -keywords: -- common -- helper -- template -- function -- bitnami -maintainers: -- email: containers@bitnami.com - name: Bitnami -name: common -sources: -- https://github.com/bitnami/charts -version: 0.6.2 diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/charts/common/README.md b/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/charts/common/README.md deleted file mode 100644 index e04391a3f..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/charts/common/README.md +++ /dev/null @@ -1,274 +0,0 @@ -# Bitnami Common Library Chart - -A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between bitnami charts. - -## TL;DR - -```yaml -dependencies: - - name: common - version: 0.x.x - repository: https://charts.bitnami.com/bitnami -``` - -```bash -$ helm dependency update -``` - -```yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.names.fullname" . }} -data: - myvalue: "Hello World" -``` - -## Introduction - -This chart provides a common template helpers which can be used to develop new charts using [Helm](https://helm.sh) package manager. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This Helm chart has been tested on top of [Bitnami Kubernetes Production Runtime](https://kubeprod.io/) (BKPR). Deploy BKPR to get automated TLS certificates, logging and monitoring for your applications. - -## Prerequisites - -- Kubernetes 1.12+ -- Helm 2.12+ or Helm 3.0-beta3+ - -## Parameters - -The following table lists the helpers available in the library which are scoped in different sections. - -**Names** - -| Helper identifier | Description | Expected Input | -|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.names.name` | Expand the name of the chart or use `.Values.nameOverride` | `.` Chart context | -| `common.names.fullname` | Create a default fully qualified app name. | `.` Chart context | -| `common.names.chart` | Chart name plus version | `.` Chart context | - -**Images** - -| Helper identifier | Description | Expected Input | -|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.images.image` | Return the proper and full image name | `dict "imageRoot" .Values.path.to.the.image "global" $`, see [ImageRoot](#imageroot) for the structure. | -| `common.images.pullSecrets` | Return the proper Docker Image Registry Secret Names | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global` | - -**Labels** - -| Helper identifier | Description | Expected Input | -|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.labels.standard` | Return Kubernetes standard labels | `.` Chart context | -| `common.labels.matchLabels` | Return the proper Docker Image Registry Secret Names | `.` Chart context | - -**Storage** - -| Helper identifier | Description | Expected Input | -|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.storage.class` | Return the proper Storage Class | `dict "persistence" .Values.path.to.the.persistence "global" $`, see [Persistence](#persistence) for the structure. | - -**TplValues** - -| Helper identifier | Description | Expected Input | -|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.tplvalues.render` | Renders a value that contains template | `dict "value" .Values.path.to.the.Value "context" $`, value is the value should rendered as template, context frecuently is the chart context `$` or `.` | - -**Capabilities** - -| Helper identifier | Description | Expected Input | -|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.capabilities.deployment.apiVersion` | Return the appropriate apiVersion for deployment. | `.` Chart context | -| `common.capabilities.ingress.apiVersion` | Return the appropriate apiVersion for ingress. | `.` Chart context | - -**Validations** - -| Helper identifier | Description | Expected Input | -|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.validations.values.single.empty` | Validate a value must not be empty. | `dict "valueKey" "path.to.value" "secret" "secret.name" "field" "my-password" "context" $` secret and field are optional. In case they are given, the helper will generate a how to get instruction. See [ValidateValue](#validatevalue) | -| `common.validations.values.multiple.empty` | Validate a multiple values must not be empty. It returns a shared error for all the values. | `dict "required" (list $validateValueConf00 $validateValueConf01) "context" $`. See [ValidateValue](#validatevalue) | -| `common.validations.values.mariadb.passwords` | When a chart is using `bitnami/mariadb` as subchart you should use this to validate required password are not empty. It returns a shared error for all the values. | `dict "secret" "mariadb-secret" "context" $` | -| `common.validations.values.postgresql.passwords` | This helper will ensure required password are not empty. It returns a shared error for all the values. | `dict "secret" "postgresql-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use postgresql chart and the helper. | - -**Warnings** - -| Helper identifier | Description | Expected Input | -|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.warnings.rollingTag` | Warning about using rolling tag. | `ImageRoot` see [ImageRoot](#imageroot) for the structure. | - -**Errors** - -| Helper identifier | Description | Expected Input | -|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.errors.upgrade.passwords.empty` | It will ensure required passwords are given when we are upgrading a chart. If `validationErrors` is not empty it will throw an error and will stop the upgrade action. | `dict "validationErrors" (list $validationError00 $validationError01) "context" $` | - -**Utils** - -| Helper identifier | Description | Expected Input | -|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.utils.fieldToEnvVar` | Build environment variable name given a field. | `dict "field" "my-password"` | -| `common.utils.secret.getvalue` | Print instructions to get a secret value. | `dict "secret" "secret-name" "field" "secret-value-field" "context" $` | - -**Secrets** - -| Helper identifier | Description | Expected Input | -|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.secrets.name` | Generate the name of the secret. | `dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $` see [ExistingSecret](#existingsecret) for the structure. | -| `common.secrets.key` | Generate secret key. | `dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName"` see [ExistingSecret](#existingsecret) for the structure. | - -## Special input schemas - -### ImageRoot - -```yaml -registry: - type: string - description: Docker registry where the image is located - example: docker.io - -repository: - type: string - description: Repository and image name - example: bitnami/nginx - -tag: - type: string - description: image tag - example: 1.16.1-debian-10-r63 - -pullPolicy: - type: string - description: Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - -pullSecrets: - type: array - items: - type: string - description: Optionally specify an array of imagePullSecrets. - -debug: - type: boolean - description: Set to true if you would like to see extra information on logs - example: false - -## An instance would be: -# registry: docker.io -# repository: bitnami/nginx -# tag: 1.16.1-debian-10-r63 -# pullPolicy: IfNotPresent -# debug: false -``` - -### Persistence - -```yaml -enabled: - type: boolean - description: Whether enable persistence. - example: true - -storageClass: - type: string - description: Ghost data Persistent Volume Storage Class, If set to "-", storageClassName: "" which disables dynamic provisioning. - example: "-" - -accessMode: - type: string - description: Access mode for the Persistent Volume Storage. - example: ReadWriteOnce - -size: - type: string - description: Size the Persistent Volume Storage. - example: 8Gi - -path: - type: string - description: Path to be persisted. - example: /bitnami - -## An instance would be: -# enabled: true -# storageClass: "-" -# accessMode: ReadWriteOnce -# size: 8Gi -# path: /bitnami -``` - -### ExistingSecret -```yaml -name: - type: string - description: Name of the existing secret. - example: mySecret -keyMapping: - description: Mapping between the expected key name and the name of the key in the existing secret. - type: object - -## An instance would be: -# name: mySecret -# keyMapping: -# password: myPasswordKey -``` - -**Example of use** - -When we store sensitive data for a deployment in a secret, some times we want to give to users the possiblity of using theirs existing secrets. - -```yaml -# templates/secret.yaml ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.names.fullname" . }} - labels: - app: {{ include "common.names.fullname" . }} -type: Opaque -data: - password: {{ .Values.password | b64enc | quote }} - -# templates/dpl.yaml ---- -... - env: - - name: PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.secrets.name" (dict "existingSecret" .Values.existingSecret "context" $) }} - key: {{ include "common.secrets.key" (dict "existingSecret" .Values.existingSecret "key" "password") }} -... - -# values.yaml ---- -name: mySecret -keyMapping: - password: myPasswordKey -``` - -### ValidateValue - -**NOTES.txt** - -``` -{{- $validateValueConf00 := (dict "valueKey" "path.to.value00" "secret" "secretName" "field" "password-00") -}} -{{- $validateValueConf01 := (dict "valueKey" "path.to.value01" "secret" "secretName" "field" "password-01") -}} - -{{ include "common.validations.values.multiple.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} -``` - -If we force those values to be empty we will see some alerts - -```console -$ helm install test mychart --set path.to.value00="",path.to.value01="" - 'path.to.value00' must not be empty, please add '--set path.to.value00=$PASSWORD_00' to the command. To get the current value: - - export PASSWORD_00=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-00}" | base64 --decode) - - 'path.to.value01' must not be empty, please add '--set path.to.value01=$PASSWORD_01' to the command. To get the current value: - - export PASSWORD_01=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-01}" | base64 --decode) -``` - -## Notable changes - -N/A diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/charts/common/templates/_capabilities.tpl b/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/charts/common/templates/_capabilities.tpl deleted file mode 100644 index c0ea2c70c..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/charts/common/templates/_capabilities.tpl +++ /dev/null @@ -1,22 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Return the appropriate apiVersion for deployment. -*/}} -{{- define "common.capabilities.deployment.apiVersion" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for ingress. -*/}} -{{- define "common.capabilities.ingress.apiVersion" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1beta1" -}} -{{- end -}} -{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/charts/common/templates/_errors.tpl b/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/charts/common/templates/_errors.tpl deleted file mode 100644 index d6d3ec65a..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/charts/common/templates/_errors.tpl +++ /dev/null @@ -1,20 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Through error when upgrading using empty passwords values that must not be empty. - -Usage: -{{- $validationError00 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password00" "secret" "secretName" "field" "password-00") -}} -{{- $validationError01 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password01" "secret" "secretName" "field" "password-01") -}} -{{ include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $validationError00 $validationError01) "context" $) }} - -Required password params: - - validationErrors - String - Required. List of validation strings to be return, if it is empty it won't throw error. - - context - Context - Required. Parent context. -*/}} -{{- define "common.errors.upgrade.passwords.empty" -}} - {{- $validationErrors := join "" .validationErrors -}} - {{- if and $validationErrors .context.Release.IsUpgrade -}} - {{- $errorString := "\nPASSWORDS ERROR: you must provide your current passwords when upgrade the release%s" -}} - {{- printf $errorString $validationErrors | fail -}} - {{- end -}} -{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/charts/common/templates/_images.tpl b/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/charts/common/templates/_images.tpl deleted file mode 100644 index aafde9f3b..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/charts/common/templates/_images.tpl +++ /dev/null @@ -1,43 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Return the proper image name -{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" $) }} -*/}} -{{- define "common.images.image" -}} -{{- $registryName := .imageRoot.registry -}} -{{- $repositoryName := .imageRoot.repository -}} -{{- $tag := .imageRoot.tag | toString -}} -{{- if .global }} - {{- if .global.imageRegistry }} - {{- $registryName = .global.imageRegistry -}} - {{- end -}} -{{- end -}} -{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -{{ include "common.images.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global) }} -*/}} -{{- define "common.images.pullSecrets" -}} - {{- $pullSecrets := list }} - - {{- if .global }} - {{- range .global.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets . -}} - {{- end -}} - {{- end -}} - - {{- range .images -}} - {{- range .pullSecrets -}} - {{- $pullSecrets = append $pullSecrets . -}} - {{- end -}} - {{- end -}} - - {{- if (not (empty $pullSecrets)) }} -imagePullSecrets: - {{- range $pullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} -{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/charts/common/templates/_labels.tpl b/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/charts/common/templates/_labels.tpl deleted file mode 100644 index 252066c7e..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/charts/common/templates/_labels.tpl +++ /dev/null @@ -1,18 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Kubernetes standard labels -*/}} -{{- define "common.labels.standard" -}} -app.kubernetes.io/name: {{ include "common.names.name" . }} -helm.sh/chart: {{ include "common.names.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} - -{{/* -Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector -*/}} -{{- define "common.labels.matchLabels" -}} -app.kubernetes.io/name: {{ include "common.names.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/charts/common/templates/_names.tpl b/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/charts/common/templates/_names.tpl deleted file mode 100644 index adf2a74f4..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/charts/common/templates/_names.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "common.names.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "common.names.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "common.names.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/charts/common/templates/_secrets.tpl b/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/charts/common/templates/_secrets.tpl deleted file mode 100644 index d6165a294..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/charts/common/templates/_secrets.tpl +++ /dev/null @@ -1,49 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Generate secret name. - -Usage: -{{ include "common.secrets.name" (dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $) }} - -Params: - - existingSecret - ExistingSecret - Optional. The path to the existing secrets in the values.yaml given by the user - to be used istead of the default one. +info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret - - defaultNameSuffix - String - Optional. It is used only if we have several secrets in the same deployment. - - context - Dict - Required. The context for the template evaluation. -*/}} -{{- define "common.secrets.name" -}} -{{- $name := (include "common.names.fullname" .context) -}} - -{{- if .defaultNameSuffix -}} -{{- $name = cat $name .defaultNameSuffix -}} -{{- end -}} - -{{- with .existingSecret -}} -{{- $name = .name -}} -{{- end -}} - -{{- printf "%s" $name -}} -{{- end -}} - -{{/* -Generate secret key. - -Usage: -{{ include "common.secrets.key" (dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName") }} - -Params: - - existingSecret - ExistingSecret - Optional. The path to the existing secrets in the values.yaml given by the user - to be used istead of the default one. +info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret - - key - String - Required. Name of the key in the secret. -*/}} -{{- define "common.secrets.key" -}} -{{- $key := .key -}} - -{{- if .existingSecret -}} - {{- if .existingSecret.keyMapping -}} - {{- $key = index .existingSecret.keyMapping $.key -}} - {{- end -}} -{{- end -}} - -{{- printf "%s" $key -}} -{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/charts/common/templates/_storage.tpl b/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/charts/common/templates/_storage.tpl deleted file mode 100644 index 60e2a844f..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/charts/common/templates/_storage.tpl +++ /dev/null @@ -1,23 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Return the proper Storage Class -{{ include "common.storage.class" ( dict "persistence" .Values.path.to.the.persistence "global" $) }} -*/}} -{{- define "common.storage.class" -}} - -{{- $storageClass := .persistence.storageClass -}} -{{- if .global -}} - {{- if .global.storageClass -}} - {{- $storageClass = .global.storageClass -}} - {{- end -}} -{{- end -}} - -{{- if $storageClass -}} - {{- if (eq "-" $storageClass) -}} - {{- printf "storageClassName: \"\"" -}} - {{- else }} - {{- printf "storageClassName: %s" $storageClass -}} - {{- end -}} -{{- end -}} - -{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/charts/common/templates/_tplvalues.tpl b/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/charts/common/templates/_tplvalues.tpl deleted file mode 100644 index 2db166851..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/charts/common/templates/_tplvalues.tpl +++ /dev/null @@ -1,13 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Renders a value that contains template. -Usage: -{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $) }} -*/}} -{{- define "common.tplvalues.render" -}} - {{- if typeIs "string" .value }} - {{- tpl .value .context }} - {{- else }} - {{- tpl (.value | toYaml) .context }} - {{- end }} -{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/charts/common/templates/_utils.tpl b/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/charts/common/templates/_utils.tpl deleted file mode 100644 index 7d02f2ef6..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/charts/common/templates/_utils.tpl +++ /dev/null @@ -1,26 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Print instructions to get a secret value. -Usage: -{{ include "common.utils.secret.getvalue" (dict "secret" "secret-name" "field" "secret-value-field" "context" $) }} -*/}} -{{- define "common.utils.secret.getvalue" -}} -{{- $varname := include "common.utils.fieldToEnvVar" . -}} -export {{ $varname }}=$(kubectl get secret --namespace {{ .context.Release.Namespace }} {{ .secret }} -o jsonpath="{.data.{{ .field }}}" | base64 --decode) -{{- end -}} - -{{/* -Build env var name given a field -Usage: -{{ include "common.utils.fieldToEnvVar" dict "field" "my-password" }} -*/}} -{{- define "common.utils.fieldToEnvVar" -}} - {{- $fieldNameSplit := splitList "-" .field -}} - {{- $upperCaseFieldNameSplit := list -}} - - {{- range $fieldNameSplit -}} - {{- $upperCaseFieldNameSplit = append $upperCaseFieldNameSplit ( upper . ) -}} - {{- end -}} - - {{ join "_" $upperCaseFieldNameSplit }} -{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/charts/common/templates/_validations.tpl b/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/charts/common/templates/_validations.tpl deleted file mode 100644 index 62635b30e..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/charts/common/templates/_validations.tpl +++ /dev/null @@ -1,219 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Validate values must not be empty. - -Usage: -{{- $validateValueConf00 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-00") -}} -{{- $validateValueConf01 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-01") -}} -{{ include "common.validations.values.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} - -Validate value params: - - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" - - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" - - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" -*/}} -{{- define "common.validations.values.multiple.empty" -}} - {{- range .required -}} - {{- include "common.validations.values.single.empty" (dict "valueKey" .valueKey "secret" .secret "field" .field "context" $.context) -}} - {{- end -}} -{{- end -}} - - -{{/* -Validate a value must not be empty. - -Usage: -{{ include "common.validations.value.empty" (dict "valueKey" "mariadb.password" "secret" "secretName" "field" "my-password" "context" $) }} - -Validate value params: - - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" - - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" - - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" -*/}} -{{- define "common.validations.values.single.empty" -}} - {{- $valueKeyArray := splitList "." .valueKey -}} - {{- $value := "" -}} - {{- $latestObj := $.context.Values -}} - {{- range $valueKeyArray -}} - {{- if not $latestObj -}} - {{- printf "please review the entire path of '%s' exists in values" $.valueKey | fail -}} - {{- end -}} - - {{- $value = ( index $latestObj . ) -}} - {{- $latestObj = $value -}} - {{- end -}} - - {{- if not $value -}} - {{- $varname := "my-value" -}} - {{- $getCurrentValue := "" -}} - {{- if and .secret .field -}} - {{- $varname = include "common.utils.fieldToEnvVar" . -}} - {{- $getCurrentValue = printf " To get the current value:\n\n %s\n" (include "common.utils.secret.getvalue" .) -}} - {{- end -}} - - {{- printf "\n '%s' must not be empty, please add '--set %s=$%s' to the command.%s" .valueKey .valueKey $varname $getCurrentValue -}} - {{- end -}} -{{- end -}} - -{{/* -Validate a mariadb required password must not be empty. - -Usage: -{{ include "common.validations.values.mariadb.passwords" (dict "secret" "secretName" "context" $) }} - -Validate value params: - - secret - String - Required. Name of the secret where mysql values are stored, e.g: "mysql-passwords-secret" -*/}} -{{- define "common.validations.values.mariadb.passwords" -}} - {{- if and (not .context.Values.mariadb.existingSecret) .context.Values.mariadb.enabled -}} - {{- $requiredPasswords := list -}} - - {{- if .context.Values.mariadb.secret.requirePasswords -}} - {{- $requiredRootMariadbPassword := dict "valueKey" "mariadb.rootUser.password" "secret" .secretName "field" "mariadb-root-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRootMariadbPassword -}} - - {{- if not (empty .context.Values.mariadb.db.user) -}} - {{- $requiredMariadbPassword := dict "valueKey" "mariadb.db.password" "secret" .secretName "field" "mariadb-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredMariadbPassword -}} - {{- end -}} - - {{- if .context.Values.mariadb.replication.enabled -}} - {{- $requiredReplicationPassword := dict "valueKey" "mariadb.replication.password" "secret" .secretName "field" "mariadb-replication-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - {{- end -}} - {{- end -}} -{{- end -}} - -{{/* -Validate a postgresql required password must not be empty. - -Usage: -{{ include "common.validations.values.postgresql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where postgresql values are stored, e.g: "mysql-passwords-secret" - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.postgresql.passwords" -}} - {{- $existingSecret := include "common.postgresql.values.existingSecret" . -}} - {{- $enabled := include "common.postgresql.values.enabled" . -}} - {{- $valueKeyPostgresqlPassword := include "common.postgresql.values.key.postgressPassword" . -}} - {{- $enabledReplication := include "common.postgresql.values.enabled.replication" . -}} - {{- $valueKeyPostgresqlReplicationEnabled := include "common.postgresql.values.key.replicationPassword" . -}} - - {{- if and (not $existingSecret) $enabled -}} - {{- $requiredPasswords := list -}} - - {{- $requiredPostgresqlPassword := dict "valueKey" $valueKeyPostgresqlPassword "secret" .secret "field" "postgresql-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlPassword -}} - - {{- if $enabledReplication -}} - {{- $requiredPostgresqlReplicationPassword := dict "valueKey" $valueKeyPostgresqlReplicationEnabled "secret" .secret "field" "postgresql-replication-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlReplicationPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliar function to decide whether evaluate global values. - -Usage: -{{ include "common.postgresql.values.use.global" (dict "key" "key-of-global" "context" $) }} -Params: - - key - String - Required. Field to be evaluated within global, e.g: "existingSecret" -*/}} -{{- define "common.postgresql.values.use.global" -}} - {{- if .context.Values.global -}} - {{- if .context.Values.global.postgresql -}} - {{- index .context.Values.global.postgresql .key | quote -}} - {{- end -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliar function to get the right value for existingSecret. - -Usage: -{{ include "common.postgresql.values.existingSecret" (dict "context" $) }} -*/}} -{{- define "common.postgresql.values.existingSecret" -}} - {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "existingSecret" "context" .context) -}} - - {{- if .subchart -}} - {{- default (.context.Values.postgresql.existingSecret | quote) $globalValue -}} - {{- else -}} - {{- default (.context.Values.existingSecret | quote) $globalValue -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliar function to get the right value for enabled postgresql. - -Usage: -{{ include "common.postgresql.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.postgresql.values.enabled" -}} - {{- if .subchart -}} - {{- .context.Values.postgresql.enabled | quote -}} - {{- else -}} - true - {{- end -}} -{{- end -}} - -{{/* -Auxiliar function to get the right value for the key postgressPassword. - -Usage: -{{ include "common.postgresql.values.key.postgressPassword" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.postgresql.values.key.postgressPassword" -}} - {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "postgresqlUsername" "context" .context) -}} - - {{- if not $globalValue -}} - {{- if .subchart -}} - postgresql.postgresqlPassword - {{- else -}} - postgresqlPassword - {{- end -}} - {{- else -}} - global.postgresql.postgresqlPassword - {{- end -}} -{{- end -}} - -{{/* -Auxiliar function to get the right value for enabled.replication. - -Usage: -{{ include "common.postgresql.values.enabled.replication" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.postgresql.values.enabled.replication" -}} - {{- if .subchart -}} - {{- .context.Values.postgresql.replication.enabled | quote -}} - {{- else -}} - {{- .context.Values.replication.enabled | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliar function to get the right value for the key replication.password. - -Usage: -{{ include "common.postgresql.values.key.replicationPassword" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.postgresql.values.key.replicationPassword" -}} - {{- if .subchart -}} - postgresql.replication.password - {{- else -}} - replication.password - {{- end -}} -{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/charts/common/templates/_warnings.tpl b/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/charts/common/templates/_warnings.tpl deleted file mode 100644 index ae10fa41e..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/charts/common/templates/_warnings.tpl +++ /dev/null @@ -1,14 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Warning about using rolling tag. -Usage: -{{ include "common.warnings.rollingTag" .Values.path.to.the.imageRoot }} -*/}} -{{- define "common.warnings.rollingTag" -}} - -{{- if and (contains "bitnami/" .repository) (not (.tag | toString | regexFind "-r\\d+$|sha256:")) }} -WARNING: Rolling tag detected ({{ .repository }}:{{ .tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment. -+info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/ -{{- end }} - -{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/charts/common/values.yaml b/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/charts/common/values.yaml deleted file mode 100644 index 9ecdc93f5..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/charts/common/values.yaml +++ /dev/null @@ -1,3 +0,0 @@ -## bitnami/common -## It is required by CI/CD tools and processes. -exampleValue: common-chart diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/ci/commonAnnotations.yaml b/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/ci/commonAnnotations.yaml deleted file mode 100644 index f6977823c..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/ci/commonAnnotations.yaml +++ /dev/null @@ -1,3 +0,0 @@ -commonAnnotations: - helm.sh/hook: 'pre-install, pre-upgrade' - helm.sh/hook-weight: '-1' diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/ci/default-values.yaml b/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/ci/default-values.yaml deleted file mode 100644 index fc2ba605a..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/ci/default-values.yaml +++ /dev/null @@ -1 +0,0 @@ -# Leave this file empty to ensure that CI runs builds against the default configuration in values.yaml. diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/ci/shmvolume-disabled-values.yaml b/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/ci/shmvolume-disabled-values.yaml deleted file mode 100644 index 347d3b40a..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/ci/shmvolume-disabled-values.yaml +++ /dev/null @@ -1,2 +0,0 @@ -shmVolume: - enabled: false diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/files/README.md b/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/files/README.md deleted file mode 100644 index 1813a2fea..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/files/README.md +++ /dev/null @@ -1 +0,0 @@ -Copy here your postgresql.conf and/or pg_hba.conf files to use it as a config map. diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/files/conf.d/README.md b/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/files/conf.d/README.md deleted file mode 100644 index 184c1875d..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/files/conf.d/README.md +++ /dev/null @@ -1,4 +0,0 @@ -If you don't want to provide the whole configuration file and only specify certain parameters, you can copy here your extended `.conf` files. -These files will be injected as a config maps and add/overwrite the default configuration using the `include_dir` directive that allows settings to be loaded from files other than the default `postgresql.conf`. - -More info in the [bitnami-docker-postgresql README](https://github.com/bitnami/bitnami-docker-postgresql#configuration-file). diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/files/docker-entrypoint-initdb.d/README.md b/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/files/docker-entrypoint-initdb.d/README.md deleted file mode 100644 index cba38091e..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/files/docker-entrypoint-initdb.d/README.md +++ /dev/null @@ -1,3 +0,0 @@ -You can copy here your custom `.sh`, `.sql` or `.sql.gz` file so they are executed during the first boot of the image. - -More info in the [bitnami-docker-postgresql](https://github.com/bitnami/bitnami-docker-postgresql#initializing-a-new-instance) repository. \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/requirements.lock b/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/requirements.lock deleted file mode 100644 index 72e1642e2..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/requirements.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: common - repository: https://charts.bitnami.com/bitnami - version: 0.6.2 -digest: sha256:740783295d301fdd168fafdbaa760de27ab54b0ff36b513589a5a2515072b885 -generated: "2020-09-01T17:40:02.795096189Z" diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/requirements.yaml b/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/requirements.yaml deleted file mode 100644 index 2c28bfe14..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/requirements.yaml +++ /dev/null @@ -1,4 +0,0 @@ -dependencies: - - name: common - version: 0.x.x - repository: https://charts.bitnami.com/bitnami diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/NOTES.txt b/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/NOTES.txt deleted file mode 100644 index 596e969ce..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/NOTES.txt +++ /dev/null @@ -1,59 +0,0 @@ -** Please be patient while the chart is being deployed ** - -PostgreSQL can be accessed via port {{ template "postgresql.port" . }} on the following DNS name from within your cluster: - - {{ template "postgresql.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local - Read/Write connection -{{- if .Values.replication.enabled }} - {{ template "postgresql.fullname" . }}-read.{{ .Release.Namespace }}.svc.cluster.local - Read only connection -{{- end }} - -{{- if and (not (eq .Values.postgresqlUsername "postgres")) (or .Values.postgresqlPostgresPassword (include "postgresql.useExistingSecret" .)) }} - -To get the password for "postgres" run: - - export POSTGRES_ADMIN_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "postgresql.secretName" . }} -o jsonpath="{.data.postgresql-postgres-password}" | base64 --decode) -{{- end }} - -To get the password for "{{ template "postgresql.username" . }}" run: - - export POSTGRES_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "postgresql.secretName" . }} -o jsonpath="{.data.postgresql-password}" | base64 --decode) - -To connect to your database run the following command: - - kubectl run {{ template "postgresql.fullname" . }}-client --rm --tty -i --restart='Never' --namespace {{ .Release.Namespace }} --image {{ template "postgresql.image" . }} --env="PGPASSWORD=$POSTGRES_PASSWORD" {{- if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }} - --labels="{{ template "postgresql.fullname" . }}-client=true" {{- end }} --command -- psql --host {{ template "postgresql.fullname" . }} -U {{ .Values.postgresqlUsername }} -d {{- if .Values.postgresqlDatabase }} {{ .Values.postgresqlDatabase }}{{- else }} postgres{{- end }} -p {{ template "postgresql.port" . }} - -{{ if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }} -Note: Since NetworkPolicy is enabled, only pods with label {{ template "postgresql.fullname" . }}-client=true" will be able to connect to this PostgreSQL cluster. -{{- end }} - -To connect to your database from outside the cluster execute the following commands: - -{{- if contains "NodePort" .Values.service.type }} - - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "postgresql.fullname" . }}) - {{ if (include "postgresql.password" . ) }}PGPASSWORD="$POSTGRES_PASSWORD" {{ end }}psql --host $NODE_IP --port $NODE_PORT -U {{ .Values.postgresqlUsername }} -d {{- if .Values.postgresqlDatabase }} {{ .Values.postgresqlDatabase }}{{- else }} postgres{{- end }} - -{{- else if contains "LoadBalancer" .Values.service.type }} - - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "postgresql.fullname" . }}' - - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "postgresql.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - {{ if (include "postgresql.password" . ) }}PGPASSWORD="$POSTGRES_PASSWORD" {{ end }}psql --host $SERVICE_IP --port {{ template "postgresql.port" . }} -U {{ .Values.postgresqlUsername }} -d {{- if .Values.postgresqlDatabase }} {{ .Values.postgresqlDatabase }}{{- else }} postgres{{- end }} - -{{- else if contains "ClusterIP" .Values.service.type }} - - kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "postgresql.fullname" . }} {{ template "postgresql.port" . }}:{{ template "postgresql.port" . }} & - {{ if (include "postgresql.password" . ) }}PGPASSWORD="$POSTGRES_PASSWORD" {{ end }}psql --host 127.0.0.1 -U {{ .Values.postgresqlUsername }} -d {{- if .Values.postgresqlDatabase }} {{ .Values.postgresqlDatabase }}{{- else }} postgres{{- end }} -p {{ template "postgresql.port" . }} - -{{- end }} - -{{- include "postgresql.validateValues" . -}} - -{{- include "common.warnings.rollingTag" .Values.image -}} - -{{- $passwordValidationErrors := include "common.validations.values.postgresql.passwords" (dict "secret" (include "postgresql.fullname" .) "context" $) -}} - -{{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $passwordValidationErrors) "context" $) -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/_helpers.tpl b/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/_helpers.tpl deleted file mode 100644 index 68cd0dc0e..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/_helpers.tpl +++ /dev/null @@ -1,501 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "postgresql.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "postgresql.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "postgresql.master.fullname" -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- $fullname := default (printf "%s-%s" .Release.Name $name) .Values.fullnameOverride -}} -{{- if .Values.replication.enabled -}} -{{- printf "%s-%s" $fullname "master" | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s" $fullname | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for networkpolicy. -*/}} -{{- define "postgresql.networkPolicy.apiVersion" -}} -{{- if semverCompare ">=1.4-0, <1.7-0" .Capabilities.KubeVersion.GitVersion -}} -"extensions/v1beta1" -{{- else if semverCompare "^1.7-0" .Capabilities.KubeVersion.GitVersion -}} -"networking.k8s.io/v1" -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "postgresql.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Return the proper PostgreSQL image name -*/}} -{{- define "postgresql.image" -}} -{{- $registryName := .Values.image.registry -}} -{{- $repositoryName := .Values.image.repository -}} -{{- $tag := .Values.image.tag | toString -}} -{{/* -Helm 2.11 supports the assignment of a value to a variable defined in a different scope, -but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic. -Also, we can't use a single if because lazy evaluation is not an option -*/}} -{{- if .Values.global }} - {{- if .Values.global.imageRegistry }} - {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}} - {{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} - {{- end -}} -{{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} -{{- end -}} -{{- end -}} - -{{/* -Return PostgreSQL postgres user password -*/}} -{{- define "postgresql.postgres.password" -}} -{{- if .Values.global.postgresql.postgresqlPostgresPassword }} - {{- .Values.global.postgresql.postgresqlPostgresPassword -}} -{{- else if .Values.postgresqlPostgresPassword -}} - {{- .Values.postgresqlPostgresPassword -}} -{{- else -}} - {{- randAlphaNum 10 -}} -{{- end -}} -{{- end -}} - -{{/* -Return PostgreSQL password -*/}} -{{- define "postgresql.password" -}} -{{- if .Values.global.postgresql.postgresqlPassword }} - {{- .Values.global.postgresql.postgresqlPassword -}} -{{- else if .Values.postgresqlPassword -}} - {{- .Values.postgresqlPassword -}} -{{- else -}} - {{- randAlphaNum 10 -}} -{{- end -}} -{{- end -}} - -{{/* -Return PostgreSQL replication password -*/}} -{{- define "postgresql.replication.password" -}} -{{- if .Values.global.postgresql.replicationPassword }} - {{- .Values.global.postgresql.replicationPassword -}} -{{- else if .Values.replication.password -}} - {{- .Values.replication.password -}} -{{- else -}} - {{- randAlphaNum 10 -}} -{{- end -}} -{{- end -}} - -{{/* -Return PostgreSQL username -*/}} -{{- define "postgresql.username" -}} -{{- if .Values.global.postgresql.postgresqlUsername }} - {{- .Values.global.postgresql.postgresqlUsername -}} -{{- else -}} - {{- .Values.postgresqlUsername -}} -{{- end -}} -{{- end -}} - - -{{/* -Return PostgreSQL replication username -*/}} -{{- define "postgresql.replication.username" -}} -{{- if .Values.global.postgresql.replicationUser }} - {{- .Values.global.postgresql.replicationUser -}} -{{- else -}} - {{- .Values.replication.user -}} -{{- end -}} -{{- end -}} - -{{/* -Return PostgreSQL port -*/}} -{{- define "postgresql.port" -}} -{{- if .Values.global.postgresql.servicePort }} - {{- .Values.global.postgresql.servicePort -}} -{{- else -}} - {{- .Values.service.port -}} -{{- end -}} -{{- end -}} - -{{/* -Return PostgreSQL created database -*/}} -{{- define "postgresql.database" -}} -{{- if .Values.global.postgresql.postgresqlDatabase }} - {{- .Values.global.postgresql.postgresqlDatabase -}} -{{- else if .Values.postgresqlDatabase -}} - {{- .Values.postgresqlDatabase -}} -{{- end -}} -{{- end -}} - -{{/* -Return the proper image name to change the volume permissions -*/}} -{{- define "postgresql.volumePermissions.image" -}} -{{- $registryName := .Values.volumePermissions.image.registry -}} -{{- $repositoryName := .Values.volumePermissions.image.repository -}} -{{- $tag := .Values.volumePermissions.image.tag | toString -}} -{{/* -Helm 2.11 supports the assignment of a value to a variable defined in a different scope, -but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic. -Also, we can't use a single if because lazy evaluation is not an option -*/}} -{{- if .Values.global }} - {{- if .Values.global.imageRegistry }} - {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}} - {{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} - {{- end -}} -{{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} -{{- end -}} -{{- end -}} - -{{/* -Return the proper PostgreSQL metrics image name -*/}} -{{- define "postgresql.metrics.image" -}} -{{- $registryName := default "docker.io" .Values.metrics.image.registry -}} -{{- $repositoryName := .Values.metrics.image.repository -}} -{{- $tag := default "latest" .Values.metrics.image.tag | toString -}} -{{/* -Helm 2.11 supports the assignment of a value to a variable defined in a different scope, -but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic. -Also, we can't use a single if because lazy evaluation is not an option -*/}} -{{- if .Values.global }} - {{- if .Values.global.imageRegistry }} - {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}} - {{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} - {{- end -}} -{{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} -{{- end -}} -{{- end -}} - -{{/* -Get the password secret. -*/}} -{{- define "postgresql.secretName" -}} -{{- if .Values.global.postgresql.existingSecret }} - {{- printf "%s" (tpl .Values.global.postgresql.existingSecret $) -}} -{{- else if .Values.existingSecret -}} - {{- printf "%s" (tpl .Values.existingSecret $) -}} -{{- else -}} - {{- printf "%s" (include "postgresql.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if we should use an existingSecret. -*/}} -{{- define "postgresql.useExistingSecret" -}} -{{- if or .Values.global.postgresql.existingSecret .Values.existingSecret -}} - {{- true -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if a secret object should be created -*/}} -{{- define "postgresql.createSecret" -}} -{{- if not (include "postgresql.useExistingSecret" .) -}} - {{- true -}} -{{- end -}} -{{- end -}} - -{{/* -Get the configuration ConfigMap name. -*/}} -{{- define "postgresql.configurationCM" -}} -{{- if .Values.configurationConfigMap -}} -{{- printf "%s" (tpl .Values.configurationConfigMap $) -}} -{{- else -}} -{{- printf "%s-configuration" (include "postgresql.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Get the extended configuration ConfigMap name. -*/}} -{{- define "postgresql.extendedConfigurationCM" -}} -{{- if .Values.extendedConfConfigMap -}} -{{- printf "%s" (tpl .Values.extendedConfConfigMap $) -}} -{{- else -}} -{{- printf "%s-extended-configuration" (include "postgresql.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if a configmap should be mounted with PostgreSQL configuration -*/}} -{{- define "postgresql.mountConfigurationCM" -}} -{{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap }} - {{- true -}} -{{- end -}} -{{- end -}} - -{{/* -Get the initialization scripts ConfigMap name. -*/}} -{{- define "postgresql.initdbScriptsCM" -}} -{{- if .Values.initdbScriptsConfigMap -}} -{{- printf "%s" (tpl .Values.initdbScriptsConfigMap $) -}} -{{- else -}} -{{- printf "%s-init-scripts" (include "postgresql.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Get the initialization scripts Secret name. -*/}} -{{- define "postgresql.initdbScriptsSecret" -}} -{{- printf "%s" (tpl .Values.initdbScriptsSecret $) -}} -{{- end -}} - -{{/* -Get the metrics ConfigMap name. -*/}} -{{- define "postgresql.metricsCM" -}} -{{- printf "%s-metrics" (include "postgresql.fullname" .) -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "postgresql.imagePullSecrets" -}} -{{/* -Helm 2.11 supports the assignment of a value to a variable defined in a different scope, -but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic. -Also, we can not use a single if because lazy evaluation is not an option -*/}} -{{- if .Values.global }} -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- else if or .Values.image.pullSecrets .Values.metrics.image.pullSecrets .Values.volumePermissions.image.pullSecrets }} -imagePullSecrets: -{{- range .Values.image.pullSecrets }} - - name: {{ . }} -{{- end }} -{{- range .Values.metrics.image.pullSecrets }} - - name: {{ . }} -{{- end }} -{{- range .Values.volumePermissions.image.pullSecrets }} - - name: {{ . }} -{{- end }} -{{- end -}} -{{- else if or .Values.image.pullSecrets .Values.metrics.image.pullSecrets .Values.volumePermissions.image.pullSecrets }} -imagePullSecrets: -{{- range .Values.image.pullSecrets }} - - name: {{ . }} -{{- end }} -{{- range .Values.metrics.image.pullSecrets }} - - name: {{ . }} -{{- end }} -{{- range .Values.volumePermissions.image.pullSecrets }} - - name: {{ . }} -{{- end }} -{{- end -}} -{{- end -}} - -{{/* -Get the readiness probe command -*/}} -{{- define "postgresql.readinessProbeCommand" -}} -- | -{{- if (include "postgresql.database" .) }} - exec pg_isready -U {{ include "postgresql.username" . | quote }} -d "dbname={{ include "postgresql.database" . }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}{{- end }}" -h 127.0.0.1 -p {{ template "postgresql.port" . }} -{{- else }} - exec pg_isready -U {{ include "postgresql.username" . | quote }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} -d "sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}"{{- end }} -h 127.0.0.1 -p {{ template "postgresql.port" . }} -{{- end }} -{{- if contains "bitnami/" .Values.image.repository }} - [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ] -{{- end -}} -{{- end -}} - -{{/* -Return the proper Storage Class -*/}} -{{- define "postgresql.storageClass" -}} -{{/* -Helm 2.11 supports the assignment of a value to a variable defined in a different scope, -but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic. -*/}} -{{- if .Values.global -}} - {{- if .Values.global.storageClass -}} - {{- if (eq "-" .Values.global.storageClass) -}} - {{- printf "storageClassName: \"\"" -}} - {{- else }} - {{- printf "storageClassName: %s" .Values.global.storageClass -}} - {{- end -}} - {{- else -}} - {{- if .Values.persistence.storageClass -}} - {{- if (eq "-" .Values.persistence.storageClass) -}} - {{- printf "storageClassName: \"\"" -}} - {{- else }} - {{- printf "storageClassName: %s" .Values.persistence.storageClass -}} - {{- end -}} - {{- end -}} - {{- end -}} -{{- else -}} - {{- if .Values.persistence.storageClass -}} - {{- if (eq "-" .Values.persistence.storageClass) -}} - {{- printf "storageClassName: \"\"" -}} - {{- else }} - {{- printf "storageClassName: %s" .Values.persistence.storageClass -}} - {{- end -}} - {{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Renders a value that contains template. -Usage: -{{ include "postgresql.tplValue" ( dict "value" .Values.path.to.the.Value "context" $) }} -*/}} -{{- define "postgresql.tplValue" -}} - {{- if typeIs "string" .value }} - {{- tpl .value .context }} - {{- else }} - {{- tpl (.value | toYaml) .context }} - {{- end }} -{{- end -}} - -{{/* -Return the appropriate apiVersion for statefulset. -*/}} -{{- define "postgresql.statefulset.apiVersion" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "apps/v1beta2" -}} -{{- else -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Compile all warnings into a single message, and call fail. -*/}} -{{- define "postgresql.validateValues" -}} -{{- $messages := list -}} -{{- $messages := append $messages (include "postgresql.validateValues.ldapConfigurationMethod" .) -}} -{{- $messages := append $messages (include "postgresql.validateValues.psp" .) -}} -{{- $messages := append $messages (include "postgresql.validateValues.tls" .) -}} -{{- $messages := without $messages "" -}} -{{- $message := join "\n" $messages -}} - -{{- if $message -}} -{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} -{{- end -}} -{{- end -}} - -{{/* -Validate values of Postgresql - If ldap.url is used then you don't need the other settings for ldap -*/}} -{{- define "postgresql.validateValues.ldapConfigurationMethod" -}} -{{- if and .Values.ldap.enabled (and (not (empty .Values.ldap.url)) (not (empty .Values.ldap.server))) }} -postgresql: ldap.url, ldap.server - You cannot set both `ldap.url` and `ldap.server` at the same time. - Please provide a unique way to configure LDAP. - More info at https://www.postgresql.org/docs/current/auth-ldap.html -{{- end -}} -{{- end -}} - -{{/* -Validate values of Postgresql - If PSP is enabled RBAC should be enabled too -*/}} -{{- define "postgresql.validateValues.psp" -}} -{{- if and .Values.psp.create (not .Values.rbac.create) }} -postgresql: psp.create, rbac.create - RBAC should be enabled if PSP is enabled in order for PSP to work. - More info at https://kubernetes.io/docs/concepts/policy/pod-security-policy/#authorizing-policies -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for podsecuritypolicy. -*/}} -{{- define "podsecuritypolicy.apiVersion" -}} -{{- if semverCompare "<1.10-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} -{{- print "policy/v1beta1" -}} -{{- end -}} -{{- end -}} - -{{/* -Validate values of Postgresql TLS - When TLS is enabled, so must be VolumePermissions -*/}} -{{- define "postgresql.validateValues.tls" -}} -{{- if and .Values.tls.enabled (not .Values.volumePermissions.enabled) }} -postgresql: tls.enabled, volumePermissions.enabled - When TLS is enabled you must enable volumePermissions as well to ensure certificates files have - the right permissions. -{{- end -}} -{{- end -}} - -{{/* -Return the path to the cert file. -*/}} -{{- define "postgresql.tlsCert" -}} -{{- required "Certificate filename is required when TLS in enabled" .Values.tls.certFilename | printf "/opt/bitnami/postgresql/certs/%s" -}} -{{- end -}} - -{{/* -Return the path to the cert key file. -*/}} -{{- define "postgresql.tlsCertKey" -}} -{{- required "Certificate Key filename is required when TLS in enabled" .Values.tls.certKeyFilename | printf "/opt/bitnami/postgresql/certs/%s" -}} -{{- end -}} - -{{/* -Return the path to the CA cert file. -*/}} -{{- define "postgresql.tlsCACert" -}} -{{- printf "/opt/bitnami/postgresql/certs/%s" .Values.tls.certCAFilename -}} -{{- end -}} - -{{/* -Return the path to the CRL file. -*/}} -{{- define "postgresql.tlsCRL" -}} -{{- if .Values.tls.crlFilename -}} -{{- printf "/opt/bitnami/postgresql/certs/%s" .Values.tls.crlFilename -}} -{{- end -}} -{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/configmap.yaml b/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/configmap.yaml deleted file mode 100644 index b29ef6040..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/configmap.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{ if and (or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration) (not .Values.configurationConfigMap) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "postgresql.fullname" . }}-configuration - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: -{{- if (.Files.Glob "files/postgresql.conf") }} -{{ (.Files.Glob "files/postgresql.conf").AsConfig | indent 2 }} -{{- else if .Values.postgresqlConfiguration }} - postgresql.conf: | -{{- range $key, $value := default dict .Values.postgresqlConfiguration }} - {{ $key | snakecase }}={{ $value }} -{{- end }} -{{- end }} -{{- if (.Files.Glob "files/pg_hba.conf") }} -{{ (.Files.Glob "files/pg_hba.conf").AsConfig | indent 2 }} -{{- else if .Values.pgHbaConfiguration }} - pg_hba.conf: | -{{ .Values.pgHbaConfiguration | indent 4 }} -{{- end }} -{{ end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/extended-config-configmap.yaml b/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/extended-config-configmap.yaml deleted file mode 100644 index f21a97654..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/extended-config-configmap.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if and (or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf) (not .Values.extendedConfConfigMap)}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "postgresql.fullname" . }}-extended-configuration - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: -{{- with .Files.Glob "files/conf.d/*.conf" }} -{{ .AsConfig | indent 2 }} -{{- end }} -{{ with .Values.postgresqlExtendedConf }} - override.conf: | -{{- range $key, $value := . }} - {{ $key | snakecase }}={{ $value }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/initialization-configmap.yaml b/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/initialization-configmap.yaml deleted file mode 100644 index 6637867a3..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/initialization-configmap.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if and (or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScripts) (not .Values.initdbScriptsConfigMap) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "postgresql.fullname" . }}-init-scripts - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -{{- with .Files.Glob "files/docker-entrypoint-initdb.d/*.sql.gz" }} -binaryData: -{{- range $path, $bytes := . }} - {{ base $path }}: {{ $.Files.Get $path | b64enc | quote }} -{{- end }} -{{- end }} -data: -{{- with .Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql}" }} -{{ .AsConfig | indent 2 }} -{{- end }} -{{- with .Values.initdbScripts }} -{{ toYaml . | indent 2 }} -{{- end }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/metrics-configmap.yaml b/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/metrics-configmap.yaml deleted file mode 100644 index 6b7a3171e..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/metrics-configmap.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if and .Values.metrics.enabled .Values.metrics.customMetrics }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "postgresql.metricsCM" . }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: - custom-metrics.yaml: {{ toYaml .Values.metrics.customMetrics | quote }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/metrics-svc.yaml b/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/metrics-svc.yaml deleted file mode 100644 index b993c9971..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/metrics-svc.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if .Values.metrics.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "postgresql.fullname" . }}-metrics - labels: - {{- include "common.labels.standard" . | nindent 4 }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- toYaml .Values.metrics.service.annotations | nindent 4 }} -spec: - type: {{ .Values.metrics.service.type }} - {{- if and (eq .Values.metrics.service.type "LoadBalancer") .Values.metrics.service.loadBalancerIP }} - loadBalancerIP: {{ .Values.metrics.service.loadBalancerIP }} - {{- end }} - ports: - - name: http-metrics - port: 9187 - targetPort: http-metrics - selector: - {{- include "common.labels.matchLabels" . | nindent 4 }} - role: master -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/networkpolicy.yaml b/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/networkpolicy.yaml deleted file mode 100644 index 2a7b372fe..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/networkpolicy.yaml +++ /dev/null @@ -1,36 +0,0 @@ -{{- if .Values.networkPolicy.enabled }} -kind: NetworkPolicy -apiVersion: {{ template "postgresql.networkPolicy.apiVersion" . }} -metadata: - name: {{ template "postgresql.fullname" . }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - podSelector: - matchLabels: - {{- include "common.labels.matchLabels" . | nindent 6 }} - ingress: - # Allow inbound connections - - ports: - - port: {{ template "postgresql.port" . }} - {{- if not .Values.networkPolicy.allowExternal }} - from: - - podSelector: - matchLabels: - {{ template "postgresql.fullname" . }}-client: "true" - {{- if .Values.networkPolicy.explicitNamespacesSelector }} - namespaceSelector: -{{ toYaml .Values.networkPolicy.explicitNamespacesSelector | indent 12 }} - {{- end }} - - podSelector: - matchLabels: - {{- include "common.labels.matchLabels" . | nindent 14 }} - role: slave - {{- end }} - # Allow prometheus scrapes - - ports: - - port: 9187 -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/podsecuritypolicy.yaml b/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/podsecuritypolicy.yaml deleted file mode 100644 index da0b3ab11..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/podsecuritypolicy.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{- if .Values.psp.create }} -apiVersion: {{ include "podsecuritypolicy.apiVersion" . }} -kind: PodSecurityPolicy -metadata: - name: {{ template "postgresql.fullname" . }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - privileged: false - volumes: - - 'configMap' - - 'secret' - - 'persistentVolumeClaim' - - 'emptyDir' - - 'projected' - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'MustRunAsNonRoot' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - readOnlyRootFilesystem: false -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/prometheusrule.yaml b/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/prometheusrule.yaml deleted file mode 100644 index b0c41b1a4..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/prometheusrule.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ template "postgresql.fullname" . }} -{{- with .Values.metrics.prometheusRule.namespace }} - namespace: {{ . }} -{{- end }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- with .Values.metrics.prometheusRule.additionalLabels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: -{{- with .Values.metrics.prometheusRule.rules }} - groups: - - name: {{ template "postgresql.name" $ }} - rules: {{ tpl (toYaml .) $ | nindent 8 }} -{{- end }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/role.yaml b/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/role.yaml deleted file mode 100644 index 6d3cf50a4..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/role.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.rbac.create }} -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ template "postgresql.fullname" . }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -rules: - {{- if .Values.psp.create }} - - apiGroups: ["extensions"] - resources: ["podsecuritypolicies"] - verbs: ["use"] - resourceNames: - - {{ template "postgresql.fullname" . }} - {{- end }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/rolebinding.yaml b/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/rolebinding.yaml deleted file mode 100644 index f7837388d..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/rolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.rbac.create }} -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ template "postgresql.fullname" . }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -roleRef: - kind: Role - name: {{ template "postgresql.fullname" . }} - apiGroup: rbac.authorization.k8s.io -subjects: - - kind: ServiceAccount - name: {{ default (include "postgresql.fullname" . ) .Values.serviceAccount.name }} - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/secrets.yaml b/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/secrets.yaml deleted file mode 100644 index c93dbe0bd..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/secrets.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if (include "postgresql.createSecret" .) }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "postgresql.fullname" . }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: Opaque -data: - {{- if and .Values.postgresqlPostgresPassword (not (eq .Values.postgresqlUsername "postgres")) }} - postgresql-postgres-password: {{ include "postgresql.postgres.password" . | b64enc | quote }} - {{- end }} - postgresql-password: {{ include "postgresql.password" . | b64enc | quote }} - {{- if .Values.replication.enabled }} - postgresql-replication-password: {{ include "postgresql.replication.password" . | b64enc | quote }} - {{- end }} - {{- if (and .Values.ldap.enabled .Values.ldap.bind_password)}} - postgresql-ldap-password: {{ .Values.ldap.bind_password | b64enc | quote }} - {{- end }} -{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/serviceaccount.yaml b/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/serviceaccount.yaml deleted file mode 100644 index 17f7ff399..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/serviceaccount.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if and (.Values.serviceAccount.enabled) (not .Values.serviceAccount.name) }} -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - {{- include "common.labels.standard" . | nindent 4 }} - name: {{ template "postgresql.fullname" . }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/servicemonitor.yaml b/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/servicemonitor.yaml deleted file mode 100644 index d57b7fb48..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/servicemonitor.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "postgresql.fullname" . }} - {{- if .Values.metrics.serviceMonitor.namespace }} - namespace: {{ .Values.metrics.serviceMonitor.namespace }} - {{- end }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.metrics.serviceMonitor.additionalLabels }} - {{- toYaml .Values.metrics.serviceMonitor.additionalLabels | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - -spec: - endpoints: - - port: http-metrics - {{- if .Values.metrics.serviceMonitor.interval }} - interval: {{ .Values.metrics.serviceMonitor.interval }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} - {{- end }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} - selector: - matchLabels: - {{- include "common.labels.matchLabels" . | nindent 6 }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/statefulset-slaves.yaml b/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/statefulset-slaves.yaml deleted file mode 100644 index 54d24099f..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/statefulset-slaves.yaml +++ /dev/null @@ -1,345 +0,0 @@ -{{- if .Values.replication.enabled }} -apiVersion: {{ template "postgresql.statefulset.apiVersion" . }} -kind: StatefulSet -metadata: - name: "{{ template "postgresql.fullname" . }}-slave" - labels: - {{- include "common.labels.standard" . | nindent 4 }} -{{- with .Values.slave.labels }} -{{ toYaml . | indent 4 }} -{{- end }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- with .Values.slave.annotations }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - serviceName: {{ template "postgresql.fullname" . }}-headless - replicas: {{ .Values.replication.slaveReplicas }} - selector: - matchLabels: - {{- include "common.labels.matchLabels" . | nindent 6 }} - role: slave - template: - metadata: - name: {{ template "postgresql.fullname" . }} - labels: - {{- include "common.labels.standard" . | nindent 8 }} - role: slave -{{- with .Values.slave.podLabels }} -{{ toYaml . | indent 8 }} -{{- end }} -{{- with .Values.slave.podAnnotations }} - annotations: -{{ toYaml . | indent 8 }} -{{- end }} - spec: - {{- if .Values.schedulerName }} - schedulerName: "{{ .Values.schedulerName }}" - {{- end }} -{{- include "postgresql.imagePullSecrets" . | indent 6 }} - {{- if .Values.slave.nodeSelector }} - nodeSelector: -{{ toYaml .Values.slave.nodeSelector | indent 8 }} - {{- end }} - {{- if .Values.slave.affinity }} - affinity: -{{ toYaml .Values.slave.affinity | indent 8 }} - {{- end }} - {{- if .Values.slave.tolerations }} - tolerations: -{{ toYaml .Values.slave.tolerations | indent 8 }} - {{- end }} - {{- if .Values.terminationGracePeriodSeconds }} - terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} - {{- end }} - {{- if .Values.securityContext.enabled }} - securityContext: - fsGroup: {{ .Values.securityContext.fsGroup }} - {{- end }} - {{- if .Values.serviceAccount.enabled }} - serviceAccountName: {{ default (include "postgresql.fullname" . ) .Values.serviceAccount.name}} - {{- end }} - {{- if or .Values.slave.extraInitContainers (and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled))) }} - initContainers: - {{- if and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled) .Values.tls.enabled) }} - - name: init-chmod-data - image: {{ template "postgresql.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- end }} - command: - - /bin/sh - - -cx - - | - {{- if .Values.persistence.enabled }} - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - chown `id -u`:`id -G | cut -d " " -f2` {{ .Values.persistence.mountPath }} - {{- else }} - chown {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} {{ .Values.persistence.mountPath }} - {{- end }} - mkdir -p {{ .Values.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.persistence.mountPath }}/conf {{- end }} - chmod 700 {{ .Values.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.persistence.mountPath }}/conf {{- end }} - find {{ .Values.persistence.mountPath }} -mindepth 1 -maxdepth 1 {{- if not (include "postgresql.mountConfigurationCM" .) }} -not -name "conf" {{- end }} -not -name ".snapshot" -not -name "lost+found" | \ - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - xargs chown -R `id -u`:`id -G | cut -d " " -f2` - {{- else }} - xargs chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} - {{- end }} - {{- end }} - {{- if and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled }} - chmod -R 777 /dev/shm - {{- end }} - {{- if .Values.tls.enabled }} - cp /tmp/certs/* /opt/bitnami/postgresql/certs/ - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - chown -R `id -u`:`id -G | cut -d " " -f2` /opt/bitnami/postgresql/certs/ - {{- else }} - chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} /opt/bitnami/postgresql/certs/ - {{- end }} - chmod 600 {{ template "postgresql.tlsCertKey" . }} - {{- end }} - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - securityContext: - {{- else }} - securityContext: - runAsUser: {{ .Values.volumePermissions.securityContext.runAsUser }} - {{- end }} - volumeMounts: - {{ if .Values.persistence.enabled }} - - name: data - mountPath: {{ .Values.persistence.mountPath }} - subPath: {{ .Values.persistence.subPath }} - {{- end }} - {{- if .Values.shmVolume.enabled }} - - name: dshm - mountPath: /dev/shm - {{- end }} - {{- if .Values.tls.enabled }} - - name: raw-certificates - mountPath: /tmp/certs - - name: postgresql-certificates - mountPath: /opt/bitnami/postgresql/certs - {{- end }} - {{- end }} - {{- if .Values.slave.extraInitContainers }} -{{ tpl .Values.slave.extraInitContainers . | indent 8 }} - {{- end }} - {{- end }} - {{- if .Values.slave.priorityClassName }} - priorityClassName: {{ .Values.slave.priorityClassName }} - {{- end }} - containers: - - name: {{ template "postgresql.fullname" . }} - image: {{ template "postgresql.image" . }} - imagePullPolicy: "{{ .Values.image.pullPolicy }}" - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- end }} - {{- if .Values.securityContext.enabled }} - securityContext: - runAsUser: {{ .Values.securityContext.runAsUser }} - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" .Values.image.debug | quote }} - - name: POSTGRESQL_VOLUME_DIR - value: "{{ .Values.persistence.mountPath }}" - - name: POSTGRESQL_PORT_NUMBER - value: "{{ template "postgresql.port" . }}" - {{- if .Values.persistence.mountPath }} - - name: PGDATA - value: {{ .Values.postgresqlDataDir | quote }} - {{- end }} - - name: POSTGRES_REPLICATION_MODE - value: "slave" - - name: POSTGRES_REPLICATION_USER - value: {{ include "postgresql.replication.username" . | quote }} - {{- if .Values.usePasswordFile }} - - name: POSTGRES_REPLICATION_PASSWORD_FILE - value: "/opt/bitnami/postgresql/secrets/postgresql-replication-password" - {{- else }} - - name: POSTGRES_REPLICATION_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "postgresql.secretName" . }} - key: postgresql-replication-password - {{- end }} - - name: POSTGRES_CLUSTER_APP_NAME - value: {{ .Values.replication.applicationName }} - - name: POSTGRES_MASTER_HOST - value: {{ template "postgresql.fullname" . }} - - name: POSTGRES_MASTER_PORT_NUMBER - value: {{ include "postgresql.port" . | quote }} - {{- if and (not (eq .Values.postgresqlUsername "postgres")) (or .Values.postgresqlPostgresPassword (include "postgresql.useExistingSecret" .)) }} - {{- if .Values.usePasswordFile }} - - name: POSTGRES_POSTGRES_PASSWORD_FILE - value: "/opt/bitnami/postgresql/secrets/postgresql-postgres-password" - {{- else }} - - name: POSTGRES_POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "postgresql.secretName" . }} - key: postgresql-postgres-password - {{- end }} - {{- end }} - {{- if .Values.usePasswordFile }} - - name: POSTGRES_PASSWORD_FILE - value: "/opt/bitnami/postgresql/secrets/postgresql-password" - {{- else }} - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "postgresql.secretName" . }} - key: postgresql-password - {{- end }} - - name: POSTGRESQL_ENABLE_TLS - value: {{ ternary "yes" "no" .Values.tls.enabled | quote }} - {{- if .Values.tls.enabled }} - - name: POSTGRESQL_TLS_PREFER_SERVER_CIPHERS - value: {{ ternary "yes" "no" .Values.tls.preferServerCiphers | quote }} - - name: POSTGRESQL_TLS_CERT_FILE - value: {{ template "postgresql.tlsCert" . }} - - name: POSTGRESQL_TLS_KEY_FILE - value: {{ template "postgresql.tlsCertKey" . }} - {{- if .Values.tls.certCAFilename }} - - name: POSTGRESQL_TLS_CA_FILE - value: {{ template "postgresql.tlsCACert" . }} - {{- end }} - {{- if .Values.tls.crlFilename }} - - name: POSTGRESQL_TLS_CRL_FILE - value: {{ template "postgresql.tlsCRL" . }} - {{- end }} - {{- end }} - ports: - - name: tcp-postgresql - containerPort: {{ template "postgresql.port" . }} - {{- if .Values.livenessProbe.enabled }} - livenessProbe: - exec: - command: - - /bin/sh - - -c - {{- if (include "postgresql.database" .) }} - - exec pg_isready -U {{ include "postgresql.username" . | quote }} -d "dbname={{ include "postgresql.database" . }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}{{- end }}" -h 127.0.0.1 -p {{ template "postgresql.port" . }} - {{- else }} - - exec pg_isready -U {{ include "postgresql.username" . | quote }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} -d "sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}"{{- end }} -h 127.0.0.1 -p {{ template "postgresql.port" . }} - {{- end }} - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.livenessProbe.failureThreshold }} - {{- end }} - {{- if .Values.readinessProbe.enabled }} - readinessProbe: - exec: - command: - - /bin/sh - - -c - - -e - {{- include "postgresql.readinessProbeCommand" . | nindent 16 }} - initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.readinessProbe.failureThreshold }} - {{- end }} - volumeMounts: - {{- if .Values.usePasswordFile }} - - name: postgresql-password - mountPath: /opt/bitnami/postgresql/secrets/ - {{- end }} - {{- if .Values.shmVolume.enabled }} - - name: dshm - mountPath: /dev/shm - {{- end }} - {{- if .Values.persistence.enabled }} - - name: data - mountPath: {{ .Values.persistence.mountPath }} - subPath: {{ .Values.persistence.subPath }} - {{ end }} - {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }} - - name: postgresql-extended-config - mountPath: /bitnami/postgresql/conf/conf.d/ - {{- end }} - {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap }} - - name: postgresql-config - mountPath: /bitnami/postgresql/conf - {{- end }} - {{- if .Values.tls.enabled }} - - name: postgresql-certificates - mountPath: /opt/bitnami/postgresql/certs - readOnly: true - {{- end }} - {{- if .Values.slave.extraVolumeMounts }} - {{- toYaml .Values.slave.extraVolumeMounts | nindent 12 }} - {{- end }} -{{- if .Values.slave.sidecars }} -{{- include "postgresql.tplValue" ( dict "value" .Values.slave.sidecars "context" $ ) | nindent 8 }} -{{- end }} - volumes: - {{- if .Values.usePasswordFile }} - - name: postgresql-password - secret: - secretName: {{ template "postgresql.secretName" . }} - {{- end }} - {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap}} - - name: postgresql-config - configMap: - name: {{ template "postgresql.configurationCM" . }} - {{- end }} - {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }} - - name: postgresql-extended-config - configMap: - name: {{ template "postgresql.extendedConfigurationCM" . }} - {{- end }} - {{- if .Values.tls.enabled }} - - name: raw-certificates - secret: - secretName: {{ required "A secret containing TLS certificates is required when TLS is enabled" .Values.tls.certificatesSecret }} - - name: postgresql-certificates - emptyDir: {} - {{- end }} - {{- if .Values.shmVolume.enabled }} - - name: dshm - emptyDir: - medium: Memory - sizeLimit: 1Gi - {{- end }} - {{- if or (not .Values.persistence.enabled) (not .Values.slave.persistence.enabled) }} - - name: data - emptyDir: {} - {{- end }} - {{- if .Values.slave.extraVolumes }} - {{- toYaml .Values.slave.extraVolumes | nindent 8 }} - {{- end }} - updateStrategy: - type: {{ .Values.updateStrategy.type }} - {{- if (eq "Recreate" .Values.updateStrategy.type) }} - rollingUpdate: null - {{- end }} -{{- if and .Values.persistence.enabled .Values.slave.persistence.enabled }} - volumeClaimTemplates: - - metadata: - name: data - {{- with .Values.persistence.annotations }} - annotations: - {{- range $key, $value := . }} - {{ $key }}: {{ $value }} - {{- end }} - {{- end }} - spec: - accessModes: - {{- range .Values.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - {{ include "postgresql.storageClass" . }} -{{- end }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/statefulset.yaml b/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/statefulset.yaml deleted file mode 100644 index 0e6eefebb..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/statefulset.yaml +++ /dev/null @@ -1,514 +0,0 @@ -apiVersion: {{ template "postgresql.statefulset.apiVersion" . }} -kind: StatefulSet -metadata: - name: {{ template "postgresql.master.fullname" . }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- with .Values.master.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- with .Values.master.annotations }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - serviceName: {{ template "postgresql.fullname" . }}-headless - replicas: 1 - updateStrategy: - type: {{ .Values.updateStrategy.type }} - {{- if (eq "Recreate" .Values.updateStrategy.type) }} - rollingUpdate: null - {{- end }} - selector: - matchLabels: - {{- include "common.labels.matchLabels" . | nindent 6 }} - role: master - template: - metadata: - name: {{ template "postgresql.fullname" . }} - labels: - {{- include "common.labels.standard" . | nindent 8 }} - role: master - {{- with .Values.master.podLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.master.podAnnotations }} - annotations: {{- toYaml . | nindent 8 }} - {{- end }} - spec: - {{- if .Values.schedulerName }} - schedulerName: "{{ .Values.schedulerName }}" - {{- end }} -{{- include "postgresql.imagePullSecrets" . | indent 6 }} - {{- if .Values.master.nodeSelector }} - nodeSelector: {{- toYaml .Values.master.nodeSelector | nindent 8 }} - {{- end }} - {{- if .Values.master.affinity }} - affinity: {{- toYaml .Values.master.affinity | nindent 8 }} - {{- end }} - {{- if .Values.master.tolerations }} - tolerations: {{- toYaml .Values.master.tolerations | nindent 8 }} - {{- end }} - {{- if .Values.terminationGracePeriodSeconds }} - terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} - {{- end }} - {{- if .Values.securityContext.enabled }} - securityContext: - fsGroup: {{ .Values.securityContext.fsGroup }} - {{- end }} - {{- if .Values.serviceAccount.enabled }} - serviceAccountName: {{ default (include "postgresql.fullname" . ) .Values.serviceAccount.name }} - {{- end }} - {{- if or .Values.master.extraInitContainers (and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled))) }} - initContainers: - {{- if and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled) .Values.tls.enabled) }} - - name: init-chmod-data - image: {{ template "postgresql.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- end }} - command: - - /bin/sh - - -cx - - | - {{- if .Values.persistence.enabled }} - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - chown `id -u`:`id -G | cut -d " " -f2` {{ .Values.persistence.mountPath }} - {{- else }} - chown {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} {{ .Values.persistence.mountPath }} - {{- end }} - mkdir -p {{ .Values.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.persistence.mountPath }}/conf {{- end }} - chmod 700 {{ .Values.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.persistence.mountPath }}/conf {{- end }} - find {{ .Values.persistence.mountPath }} -mindepth 1 -maxdepth 1 {{- if not (include "postgresql.mountConfigurationCM" .) }} -not -name "conf" {{- end }} -not -name ".snapshot" -not -name "lost+found" | \ - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - xargs chown -R `id -u`:`id -G | cut -d " " -f2` - {{- else }} - xargs chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} - {{- end }} - {{- end }} - {{- if and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled }} - chmod -R 777 /dev/shm - {{- end }} - {{- if .Values.tls.enabled }} - cp /tmp/certs/* /opt/bitnami/postgresql/certs/ - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - chown -R `id -u`:`id -G | cut -d " " -f2` /opt/bitnami/postgresql/certs/ - {{- else }} - chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} /opt/bitnami/postgresql/certs/ - {{- end }} - chmod 600 {{ template "postgresql.tlsCertKey" . }} - {{- end }} - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - securityContext: - {{- else }} - securityContext: - runAsUser: {{ .Values.volumePermissions.securityContext.runAsUser }} - {{- end }} - volumeMounts: - {{- if .Values.persistence.enabled }} - - name: data - mountPath: {{ .Values.persistence.mountPath }} - subPath: {{ .Values.persistence.subPath }} - {{- end }} - {{- if .Values.shmVolume.enabled }} - - name: dshm - mountPath: /dev/shm - {{- end }} - {{- if .Values.tls.enabled }} - - name: raw-certificates - mountPath: /tmp/certs - - name: postgresql-certificates - mountPath: /opt/bitnami/postgresql/certs - {{- end }} - {{- end }} - {{- if .Values.master.extraInitContainers }} - {{- include "postgresql.tplValue" ( dict "value" .Values.master.extraInitContainers "context" $ ) | nindent 8 }} - {{- end }} - {{- end }} - {{- if .Values.master.priorityClassName }} - priorityClassName: {{ .Values.master.priorityClassName }} - {{- end }} - containers: - - name: {{ template "postgresql.fullname" . }} - image: {{ template "postgresql.image" . }} - imagePullPolicy: "{{ .Values.image.pullPolicy }}" - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- end }} - {{- if .Values.securityContext.enabled }} - securityContext: - runAsUser: {{ .Values.securityContext.runAsUser }} - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" .Values.image.debug | quote }} - - name: POSTGRESQL_PORT_NUMBER - value: "{{ template "postgresql.port" . }}" - - name: POSTGRESQL_VOLUME_DIR - value: "{{ .Values.persistence.mountPath }}" - {{- if .Values.postgresqlInitdbArgs }} - - name: POSTGRES_INITDB_ARGS - value: {{ .Values.postgresqlInitdbArgs | quote }} - {{- end }} - {{- if .Values.postgresqlInitdbWalDir }} - - name: POSTGRES_INITDB_WALDIR - value: {{ .Values.postgresqlInitdbWalDir | quote }} - {{- end }} - {{- if .Values.initdbUser }} - - name: POSTGRESQL_INITSCRIPTS_USERNAME - value: {{ .Values.initdbUser }} - {{- end }} - {{- if .Values.initdbPassword }} - - name: POSTGRESQL_INITSCRIPTS_PASSWORD - value: {{ .Values.initdbPassword }} - {{- end }} - {{- if .Values.persistence.mountPath }} - - name: PGDATA - value: {{ .Values.postgresqlDataDir | quote }} - {{- end }} - {{- if .Values.replication.enabled }} - - name: POSTGRES_REPLICATION_MODE - value: "master" - - name: POSTGRES_REPLICATION_USER - value: {{ include "postgresql.replication.username" . | quote }} - {{- if .Values.usePasswordFile }} - - name: POSTGRES_REPLICATION_PASSWORD_FILE - value: "/opt/bitnami/postgresql/secrets/postgresql-replication-password" - {{- else }} - - name: POSTGRES_REPLICATION_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "postgresql.secretName" . }} - key: postgresql-replication-password - {{- end }} - {{- if not (eq .Values.replication.synchronousCommit "off")}} - - name: POSTGRES_SYNCHRONOUS_COMMIT_MODE - value: {{ .Values.replication.synchronousCommit | quote }} - - name: POSTGRES_NUM_SYNCHRONOUS_REPLICAS - value: {{ .Values.replication.numSynchronousReplicas | quote }} - {{- end }} - - name: POSTGRES_CLUSTER_APP_NAME - value: {{ .Values.replication.applicationName }} - {{- end }} - {{- if and (not (eq .Values.postgresqlUsername "postgres")) (or .Values.postgresqlPostgresPassword (include "postgresql.useExistingSecret" .)) }} - {{- if .Values.usePasswordFile }} - - name: POSTGRES_POSTGRES_PASSWORD_FILE - value: "/opt/bitnami/postgresql/secrets/postgresql-postgres-password" - {{- else }} - - name: POSTGRES_POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "postgresql.secretName" . }} - key: postgresql-postgres-password - {{- end }} - {{- end }} - - name: POSTGRES_USER - value: {{ include "postgresql.username" . | quote }} - {{- if .Values.usePasswordFile }} - - name: POSTGRES_PASSWORD_FILE - value: "/opt/bitnami/postgresql/secrets/postgresql-password" - {{- else }} - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "postgresql.secretName" . }} - key: postgresql-password - {{- end }} - {{- if (include "postgresql.database" .) }} - - name: POSTGRES_DB - value: {{ (include "postgresql.database" .) | quote }} - {{- end }} - {{- if .Values.extraEnv }} - {{- include "postgresql.tplValue" (dict "value" .Values.extraEnv "context" $) | nindent 12 }} - {{- end }} - - name: POSTGRESQL_ENABLE_LDAP - value: {{ ternary "yes" "no" .Values.ldap.enabled | quote }} - {{- if .Values.ldap.enabled }} - - name: POSTGRESQL_LDAP_SERVER - value: {{ .Values.ldap.server }} - - name: POSTGRESQL_LDAP_PORT - value: {{ .Values.ldap.port | quote }} - - name: POSTGRESQL_LDAP_SCHEME - value: {{ .Values.ldap.scheme }} - {{- if .Values.ldap.tls }} - - name: POSTGRESQL_LDAP_TLS - value: "1" - {{- end}} - - name: POSTGRESQL_LDAP_PREFIX - value: {{ .Values.ldap.prefix | quote }} - - name: POSTGRESQL_LDAP_SUFFIX - value: {{ .Values.ldap.suffix | quote}} - - name: POSTGRESQL_LDAP_BASE_DN - value: {{ .Values.ldap.baseDN }} - - name: POSTGRESQL_LDAP_BIND_DN - value: {{ .Values.ldap.bindDN }} - {{- if (not (empty .Values.ldap.bind_password)) }} - - name: POSTGRESQL_LDAP_BIND_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "postgresql.secretName" . }} - key: postgresql-ldap-password - {{- end}} - - name: POSTGRESQL_LDAP_SEARCH_ATTR - value: {{ .Values.ldap.search_attr }} - - name: POSTGRESQL_LDAP_SEARCH_FILTER - value: {{ .Values.ldap.search_filter }} - - name: POSTGRESQL_LDAP_URL - value: {{ .Values.ldap.url }} - {{- end}} - - name: POSTGRESQL_ENABLE_TLS - value: {{ ternary "yes" "no" .Values.tls.enabled | quote }} - {{- if .Values.tls.enabled }} - - name: POSTGRESQL_TLS_PREFER_SERVER_CIPHERS - value: {{ ternary "yes" "no" .Values.tls.preferServerCiphers | quote }} - - name: POSTGRESQL_TLS_CERT_FILE - value: {{ template "postgresql.tlsCert" . }} - - name: POSTGRESQL_TLS_KEY_FILE - value: {{ template "postgresql.tlsCertKey" . }} - {{- if .Values.tls.certCAFilename }} - - name: POSTGRESQL_TLS_CA_FILE - value: {{ template "postgresql.tlsCACert" . }} - {{- end }} - {{- if .Values.tls.crlFilename }} - - name: POSTGRESQL_TLS_CRL_FILE - value: {{ template "postgresql.tlsCRL" . }} - {{- end }} - {{- end }} - {{- if .Values.extraEnvVarsCM }} - envFrom: - - configMapRef: - name: {{ tpl .Values.extraEnvVarsCM . }} - {{- end }} - ports: - - name: tcp-postgresql - containerPort: {{ template "postgresql.port" . }} - {{- if .Values.livenessProbe.enabled }} - livenessProbe: - exec: - command: - - /bin/sh - - -c - {{- if (include "postgresql.database" .) }} - - exec pg_isready -U {{ include "postgresql.username" . | quote }} -d "dbname={{ include "postgresql.database" . }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}{{- end }}" -h 127.0.0.1 -p {{ template "postgresql.port" . }} - {{- else }} - - exec pg_isready -U {{ include "postgresql.username" . | quote }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} -d "sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}"{{- end }} -h 127.0.0.1 -p {{ template "postgresql.port" . }} - {{- end }} - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.livenessProbe.failureThreshold }} - {{- end }} - {{- if .Values.readinessProbe.enabled }} - readinessProbe: - exec: - command: - - /bin/sh - - -c - - -e - {{- include "postgresql.readinessProbeCommand" . | nindent 16 }} - initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.readinessProbe.failureThreshold }} - {{- end }} - volumeMounts: - {{- if or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScriptsConfigMap .Values.initdbScripts }} - - name: custom-init-scripts - mountPath: /docker-entrypoint-initdb.d/ - {{- end }} - {{- if .Values.initdbScriptsSecret }} - - name: custom-init-scripts-secret - mountPath: /docker-entrypoint-initdb.d/secret - {{- end }} - {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }} - - name: postgresql-extended-config - mountPath: /bitnami/postgresql/conf/conf.d/ - {{- end }} - {{- if .Values.usePasswordFile }} - - name: postgresql-password - mountPath: /opt/bitnami/postgresql/secrets/ - {{- end }} - {{- if .Values.tls.enabled }} - - name: postgresql-certificates - mountPath: /opt/bitnami/postgresql/certs - readOnly: true - {{- end }} - {{- if .Values.shmVolume.enabled }} - - name: dshm - mountPath: /dev/shm - {{- end }} - {{- if .Values.persistence.enabled }} - - name: data - mountPath: {{ .Values.persistence.mountPath }} - subPath: {{ .Values.persistence.subPath }} - {{- end }} - {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap }} - - name: postgresql-config - mountPath: /bitnami/postgresql/conf - {{- end }} - {{- if .Values.master.extraVolumeMounts }} - {{- toYaml .Values.master.extraVolumeMounts | nindent 12 }} - {{- end }} -{{- if .Values.master.sidecars }} -{{- include "postgresql.tplValue" ( dict "value" .Values.master.sidecars "context" $ ) | nindent 8 }} -{{- end }} -{{- if .Values.metrics.enabled }} - - name: metrics - image: {{ template "postgresql.metrics.image" . }} - imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} - {{- if .Values.metrics.securityContext.enabled }} - securityContext: - runAsUser: {{ .Values.metrics.securityContext.runAsUser }} - {{- end }} - env: - {{- $database := required "In order to enable metrics you need to specify a database (.Values.postgresqlDatabase or .Values.global.postgresql.postgresqlDatabase)" (include "postgresql.database" .) }} - {{- $sslmode := ternary "require" "disable" .Values.tls.enabled }} - {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} - - name: DATA_SOURCE_NAME - value: {{ printf "host=127.0.0.1 port=%d user=%s sslmode=%s sslcert=%s sslkey=%s" (int (include "postgresql.port" .)) (include "postgresql.username" .) $sslmode (include "postgresql.tlsCert" .) (include "postgresql.tlsCertKey" .) }} - {{- else }} - - name: DATA_SOURCE_URI - value: {{ printf "127.0.0.1:%d/%s?sslmode=%s" (int (include "postgresql.port" .)) $database $sslmode }} - {{- end }} - {{- if .Values.usePasswordFile }} - - name: DATA_SOURCE_PASS_FILE - value: "/opt/bitnami/postgresql/secrets/postgresql-password" - {{- else }} - - name: DATA_SOURCE_PASS - valueFrom: - secretKeyRef: - name: {{ template "postgresql.secretName" . }} - key: postgresql-password - {{- end }} - - name: DATA_SOURCE_USER - value: {{ template "postgresql.username" . }} - {{- if .Values.metrics.extraEnvVars }} - {{- include "postgresql.tplValue" (dict "value" .Values.metrics.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: / - port: http-metrics - initialDelaySeconds: {{ .Values.metrics.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.metrics.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.metrics.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.metrics.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.metrics.livenessProbe.failureThreshold }} - {{- end }} - {{- if .Values.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: / - port: http-metrics - initialDelaySeconds: {{ .Values.metrics.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.metrics.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.metrics.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.metrics.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.metrics.readinessProbe.failureThreshold }} - {{- end }} - volumeMounts: - {{- if .Values.usePasswordFile }} - - name: postgresql-password - mountPath: /opt/bitnami/postgresql/secrets/ - {{- end }} - {{- if .Values.tls.enabled }} - - name: postgresql-certificates - mountPath: /opt/bitnami/postgresql/certs - readOnly: true - {{- end }} - {{- if .Values.metrics.customMetrics }} - - name: custom-metrics - mountPath: /conf - readOnly: true - args: ["--extend.query-path", "/conf/custom-metrics.yaml"] - {{- end }} - ports: - - name: http-metrics - containerPort: 9187 - {{- if .Values.metrics.resources }} - resources: {{- toYaml .Values.metrics.resources | nindent 12 }} - {{- end }} -{{- end }} - volumes: - {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap}} - - name: postgresql-config - configMap: - name: {{ template "postgresql.configurationCM" . }} - {{- end }} - {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }} - - name: postgresql-extended-config - configMap: - name: {{ template "postgresql.extendedConfigurationCM" . }} - {{- end }} - {{- if .Values.usePasswordFile }} - - name: postgresql-password - secret: - secretName: {{ template "postgresql.secretName" . }} - {{- end }} - {{- if or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScriptsConfigMap .Values.initdbScripts }} - - name: custom-init-scripts - configMap: - name: {{ template "postgresql.initdbScriptsCM" . }} - {{- end }} - {{- if .Values.initdbScriptsSecret }} - - name: custom-init-scripts-secret - secret: - secretName: {{ template "postgresql.initdbScriptsSecret" . }} - {{- end }} - {{- if .Values.tls.enabled }} - - name: raw-certificates - secret: - secretName: {{ required "A secret containing TLS certificates is required when TLS is enabled" .Values.tls.certificatesSecret }} - - name: postgresql-certificates - emptyDir: {} - {{- end }} - {{- if .Values.master.extraVolumes }} - {{- toYaml .Values.master.extraVolumes | nindent 8 }} - {{- end }} - {{- if and .Values.metrics.enabled .Values.metrics.customMetrics }} - - name: custom-metrics - configMap: - name: {{ template "postgresql.metricsCM" . }} - {{- end }} - {{- if .Values.shmVolume.enabled }} - - name: dshm - emptyDir: - medium: Memory - sizeLimit: 1Gi - {{- end }} -{{- if and .Values.persistence.enabled .Values.persistence.existingClaim }} - - name: data - persistentVolumeClaim: -{{- with .Values.persistence.existingClaim }} - claimName: {{ tpl . $ }} -{{- end }} -{{- else if not .Values.persistence.enabled }} - - name: data - emptyDir: {} -{{- else if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} - volumeClaimTemplates: - - metadata: - name: data - {{- with .Values.persistence.annotations }} - annotations: - {{- range $key, $value := . }} - {{ $key }}: {{ $value }} - {{- end }} - {{- end }} - spec: - accessModes: - {{- range .Values.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - {{ include "postgresql.storageClass" . }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/svc-headless.yaml b/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/svc-headless.yaml deleted file mode 100644 index 49131578a..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/svc-headless.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "postgresql.fullname" . }}-headless - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - type: ClusterIP - clusterIP: None - ports: - - name: tcp-postgresql - port: {{ template "postgresql.port" . }} - targetPort: tcp-postgresql - selector: - {{- include "common.labels.matchLabels" . | nindent 4 }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/svc-read.yaml b/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/svc-read.yaml deleted file mode 100644 index 885c7bb04..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/svc-read.yaml +++ /dev/null @@ -1,42 +0,0 @@ -{{- if .Values.replication.enabled }} -{{- $serviceAnnotations := coalesce .Values.slave.service.annotations .Values.service.annotations -}} -{{- $serviceType := coalesce .Values.slave.service.type .Values.service.type -}} -{{- $serviceLoadBalancerIP := coalesce .Values.slave.service.loadBalancerIP .Values.service.loadBalancerIP -}} -{{- $serviceLoadBalancerSourceRanges := coalesce .Values.slave.service.loadBalancerSourceRanges .Values.service.loadBalancerSourceRanges -}} -{{- $serviceClusterIP := coalesce .Values.slave.service.clusterIP .Values.service.clusterIP -}} -{{- $serviceNodePort := coalesce .Values.slave.service.nodePort .Values.service.nodePort -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "postgresql.fullname" . }}-read - labels: - {{- include "common.labels.standard" . | nindent 4 }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if $serviceAnnotations }} - {{- include "postgresql.tplValue" (dict "value" $serviceAnnotations "context" $) | nindent 4 }} - {{- end }} -spec: - type: {{ $serviceType }} - {{- if and $serviceLoadBalancerIP (eq $serviceType "LoadBalancer") }} - loadBalancerIP: {{ $serviceLoadBalancerIP }} - {{- end }} - {{- if and (eq $serviceType "LoadBalancer") $serviceLoadBalancerSourceRanges }} - loadBalancerSourceRanges: {{- include "postgresql.tplValue" (dict "value" $serviceLoadBalancerSourceRanges "context" $) | nindent 4 }} - {{- end }} - {{- if and (eq $serviceType "ClusterIP") $serviceClusterIP }} - clusterIP: {{ $serviceClusterIP }} - {{- end }} - ports: - - name: tcp-postgresql - port: {{ template "postgresql.port" . }} - targetPort: tcp-postgresql - {{- if $serviceNodePort }} - nodePort: {{ $serviceNodePort }} - {{- end }} - selector: - {{- include "common.labels.matchLabels" . | nindent 4 }} - role: slave -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/svc.yaml b/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/svc.yaml deleted file mode 100644 index e9fc50456..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/templates/svc.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- $serviceAnnotations := coalesce .Values.master.service.annotations .Values.service.annotations -}} -{{- $serviceType := coalesce .Values.master.service.type .Values.service.type -}} -{{- $serviceLoadBalancerIP := coalesce .Values.master.service.loadBalancerIP .Values.service.loadBalancerIP -}} -{{- $serviceLoadBalancerSourceRanges := coalesce .Values.master.service.loadBalancerSourceRanges .Values.service.loadBalancerSourceRanges -}} -{{- $serviceClusterIP := coalesce .Values.master.service.clusterIP .Values.service.clusterIP -}} -{{- $serviceNodePort := coalesce .Values.master.service.nodePort .Values.service.nodePort -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "postgresql.fullname" . }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if $serviceAnnotations }} - {{- include "postgresql.tplValue" (dict "value" $serviceAnnotations "context" $) | nindent 4 }} - {{- end }} -spec: - type: {{ $serviceType }} - {{- if and $serviceLoadBalancerIP (eq $serviceType "LoadBalancer") }} - loadBalancerIP: {{ $serviceLoadBalancerIP }} - {{- end }} - {{- if and (eq $serviceType "LoadBalancer") $serviceLoadBalancerSourceRanges }} - loadBalancerSourceRanges: {{- include "postgresql.tplValue" (dict "value" $serviceLoadBalancerSourceRanges "context" $) | nindent 4 }} - {{- end }} - {{- if and (eq $serviceType "ClusterIP") $serviceClusterIP }} - clusterIP: {{ $serviceClusterIP }} - {{- end }} - ports: - - name: tcp-postgresql - port: {{ template "postgresql.port" . }} - targetPort: tcp-postgresql - {{- if $serviceNodePort }} - nodePort: {{ $serviceNodePort }} - {{- end }} - selector: - {{- include "common.labels.matchLabels" . | nindent 4 }} - role: master diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/values-production.yaml b/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/values-production.yaml deleted file mode 100644 index c08014549..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/values-production.yaml +++ /dev/null @@ -1,594 +0,0 @@ -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry and imagePullSecrets -## -global: - postgresql: {} -# imageRegistry: myRegistryName -# imagePullSecrets: -# - myRegistryKeySecretName -# storageClass: myStorageClass - -## Bitnami PostgreSQL image version -## ref: https://hub.docker.com/r/bitnami/postgresql/tags/ -## -image: - registry: docker.io - repository: bitnami/postgresql - tag: 11.9.0-debian-10-r1 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - - ## Set to true if you would like to see extra information on logs - ## It turns BASH and NAMI debugging in minideb - ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging - debug: false - -## String to partially override postgresql.fullname template (will maintain the release name) -## -# nameOverride: - -## String to fully override postgresql.fullname template -## -# fullnameOverride: - -## -## Init containers parameters: -## volumePermissions: Change the owner of the persist volume mountpoint to RunAsUser:fsGroup -## -volumePermissions: - enabled: false - image: - registry: docker.io - repository: bitnami/minideb - tag: buster - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: Always - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - ## Init container Security Context - ## Note: the chown of the data folder is done to securityContext.runAsUser - ## and not the below volumePermissions.securityContext.runAsUser - ## When runAsUser is set to special value "auto", init container will try to chwon the - ## data folder to autodetermined user&group, using commands: `id -u`:`id -G | cut -d" " -f2` - ## "auto" is especially useful for OpenShift which has scc with dynamic userids (and 0 is not allowed). - ## You may want to use this volumePermissions.securityContext.runAsUser="auto" in combination with - ## pod securityContext.enabled=false and shmVolume.chmod.enabled=false - ## - securityContext: - runAsUser: 0 - -## Use an alternate scheduler, e.g. "stork". -## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ -## -# schedulerName: - -## Pod Security Context -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ -## -securityContext: - enabled: true - fsGroup: 1001 - runAsUser: 1001 - -## Pod Service Account -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ -serviceAccount: - enabled: false - ## Name of an already existing service account. Setting this value disables the automatic service account creation. - # name: - -## Pod Security Policy -## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ -psp: - create: false - -## Creates role for ServiceAccount -## Required for PSP -rbac: - create: false - -replication: - enabled: true - user: repl_user - password: repl_password - slaveReplicas: 2 - ## Set synchronous commit mode: on, off, remote_apply, remote_write and local - ## ref: https://www.postgresql.org/docs/9.6/runtime-config-wal.html#GUC-WAL-LEVEL - synchronousCommit: 'on' - ## From the number of `slaveReplicas` defined above, set the number of those that will have synchronous replication - ## NOTE: It cannot be > slaveReplicas - numSynchronousReplicas: 1 - ## Replication Cluster application name. Useful for defining multiple replication policies - applicationName: my_application - -## PostgreSQL admin password (used when `postgresqlUsername` is not `postgres`) -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-user-on-first-run (see note!) -# postgresqlPostgresPassword: - -## PostgreSQL user (has superuser privileges if username is `postgres`) -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run -postgresqlUsername: postgres - -## PostgreSQL password -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run -## -# postgresqlPassword: - -## PostgreSQL password using existing secret -## existingSecret: secret - -## Mount PostgreSQL secret as a file instead of passing environment variable -# usePasswordFile: false - -## Create a database -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-on-first-run -## -# postgresqlDatabase: - -## PostgreSQL data dir -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md -## -postgresqlDataDir: /bitnami/postgresql/data - -## An array to add extra environment variables -## For example: -## extraEnv: -## - name: FOO -## value: "bar" -## -# extraEnv: -extraEnv: [] - -## Name of a ConfigMap containing extra env vars -## -# extraEnvVarsCM: - -## Specify extra initdb args -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md -## -# postgresqlInitdbArgs: - -## Specify a custom location for the PostgreSQL transaction log -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md -## -# postgresqlInitdbWalDir: - -## PostgreSQL configuration -## Specify runtime configuration parameters as a dict, using camelCase, e.g. -## {"sharedBuffers": "500MB"} -## Alternatively, you can put your postgresql.conf under the files/ directory -## ref: https://www.postgresql.org/docs/current/static/runtime-config.html -## -# postgresqlConfiguration: - -## PostgreSQL extended configuration -## As above, but _appended_ to the main configuration -## Alternatively, you can put your *.conf under the files/conf.d/ directory -## https://github.com/bitnami/bitnami-docker-postgresql#allow-settings-to-be-loaded-from-files-other-than-the-default-postgresqlconf -## -# postgresqlExtendedConf: - -## PostgreSQL client authentication configuration -## Specify content for pg_hba.conf -## Default: do not create pg_hba.conf -## Alternatively, you can put your pg_hba.conf under the files/ directory -# pgHbaConfiguration: |- -# local all all trust -# host all all localhost trust -# host mydatabase mysuser 192.168.0.0/24 md5 - -## ConfigMap with PostgreSQL configuration -## NOTE: This will override postgresqlConfiguration and pgHbaConfiguration -# configurationConfigMap: - -## ConfigMap with PostgreSQL extended configuration -# extendedConfConfigMap: - -## initdb scripts -## Specify dictionary of scripts to be run at first boot -## Alternatively, you can put your scripts under the files/docker-entrypoint-initdb.d directory -## -# initdbScripts: -# my_init_script.sh: | -# #!/bin/sh -# echo "Do something." - -## Specify the PostgreSQL username and password to execute the initdb scripts -# initdbUser: -# initdbPassword: - -## ConfigMap with scripts to be run at first boot -## NOTE: This will override initdbScripts -# initdbScriptsConfigMap: - -## Secret with scripts to be run at first boot (in case it contains sensitive information) -## NOTE: This can work along initdbScripts or initdbScriptsConfigMap -# initdbScriptsSecret: - -## Optional duration in seconds the pod needs to terminate gracefully. -## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods -## -# terminationGracePeriodSeconds: 30 - -## LDAP configuration -## -ldap: - enabled: false - url: '' - server: '' - port: '' - prefix: '' - suffix: '' - baseDN: '' - bindDN: '' - bind_password: - search_attr: '' - search_filter: '' - scheme: '' - tls: false - -## PostgreSQL service configuration -service: - ## PosgresSQL service type - type: ClusterIP - # clusterIP: None - port: 5432 - - ## Specify the nodePort value for the LoadBalancer and NodePort service types. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## - # nodePort: - - ## Provide any additional annotations which may be required. Evaluated as a template. - ## - annotations: {} - ## Set the LoadBalancer service type to internal only. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - # loadBalancerIP: - ## Load Balancer sources. Evaluated as a template. - ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## - # loadBalancerSourceRanges: - # - 10.10.10.0/24 - -## Start master and slave(s) pod(s) without limitations on shm memory. -## By default docker and containerd (and possibly other container runtimes) -## limit `/dev/shm` to `64M` (see e.g. the -## [docker issue](https://github.com/docker-library/postgres/issues/416) and the -## [containerd issue](https://github.com/containerd/containerd/issues/3654), -## which could be not enough if PostgreSQL uses parallel workers heavily. -## -shmVolume: - ## Set `shmVolume.enabled` to `true` to mount a new tmpfs volume to remove - ## this limitation. - ## - enabled: true - ## Set to `true` to `chmod 777 /dev/shm` on a initContainer. - ## This option is ingored if `volumePermissions.enabled` is `false` - ## - chmod: - enabled: true - -## PostgreSQL data Persistent Volume Storage Class -## If defined, storageClassName: -## If set to "-", storageClassName: "", which disables dynamic provisioning -## If undefined (the default) or set to null, no storageClassName spec is -## set, choosing the default provisioner. (gp2 on AWS, standard on -## GKE, AWS & OpenStack) -## -persistence: - enabled: true - ## A manually managed Persistent Volume and Claim - ## If defined, PVC must be created manually before volume will be bound - ## The value is evaluated as a template, so, for example, the name can depend on .Release or .Chart - ## - # existingClaim: - - ## The path the volume will be mounted at, useful when using different - ## PostgreSQL images. - ## - mountPath: /bitnami/postgresql - - ## The subdirectory of the volume to mount to, useful in dev environments - ## and one PV for multiple services. - ## - subPath: '' - - # storageClass: "-" - accessModes: - - ReadWriteOnce - size: 8Gi - annotations: {} - -## updateStrategy for PostgreSQL StatefulSet and its slaves StatefulSets -## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies -updateStrategy: - type: RollingUpdate - -## -## PostgreSQL Master parameters -## -master: - ## Node, affinity, tolerations, and priorityclass settings for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature - ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption - nodeSelector: {} - affinity: {} - tolerations: [] - labels: {} - annotations: {} - podLabels: {} - podAnnotations: {} - priorityClassName: '' - ## Additional PostgreSQL Master Volume mounts - ## - extraVolumeMounts: [] - ## Additional PostgreSQL Master Volumes - ## - extraVolumes: [] - ## Add sidecars to the pod - ## - ## For example: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - sidecars: [] - - ## Override the service configuration for master - ## - service: {} - # type: - # nodePort: - # clusterIP: - -## -## PostgreSQL Slave parameters -## -slave: - ## Node, affinity, tolerations, and priorityclass settings for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature - ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption - nodeSelector: {} - affinity: {} - tolerations: [] - labels: {} - annotations: {} - podLabels: {} - podAnnotations: {} - priorityClassName: '' - ## Extra init containers - ## Example - ## - ## extraInitContainers: - ## - name: do-something - ## image: busybox - ## command: ['do', 'something'] - extraInitContainers: [] - ## Additional PostgreSQL Slave Volume mounts - ## - extraVolumeMounts: [] - ## Additional PostgreSQL Slave Volumes - ## - extraVolumes: [] - ## Add sidecars to the pod - ## - ## For example: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - sidecars: [] - - ## Override the service configuration for slave - ## - service: {} - # type: - # nodePort: - # clusterIP: - ## Whether to enable PostgreSQL slave replicas data Persistent - ## - persistence: - enabled: true - -## Configure resource requests and limits -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## -resources: - requests: - memory: 256Mi - cpu: 250m - -## Add annotations to all the deployed resources -## -commonAnnotations: {} - -networkPolicy: - ## Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now. - ## - enabled: false - - ## The Policy model to apply. When set to false, only pods with the correct - ## client label will have network access to the port PostgreSQL is listening - ## on. When true, PostgreSQL will accept connections from any source - ## (with the correct destination port). - ## - allowExternal: true - - ## if explicitNamespacesSelector is missing or set to {}, only client Pods that are in the networkPolicy's namespace - ## and that match other criteria, the ones that have the good label, can reach the DB. - ## But sometimes, we want the DB to be accessible to clients from other namespaces, in this case, we can use this - ## LabelSelector to select these namespaces, note that the networkPolicy's namespace should also be explicitly added. - ## - ## Example: - ## explicitNamespacesSelector: - ## matchLabels: - ## role: frontend - ## matchExpressions: - ## - {key: role, operator: In, values: [frontend]} - explicitNamespacesSelector: {} - -## Configure extra options for liveness and readiness probes -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) -livenessProbe: - enabled: true - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - -readinessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - -## -## TLS configuration -## -tls: - # Enable TLS traffic - enabled: false - # - # Whether to use the server's TLS cipher preferences rather than the client's. - preferServerCiphers: true - # - # Name of the Secret that contains the certificates - certificatesSecret: '' - # - # Certificate filename - certFilename: '' - # - # Certificate Key filename - certKeyFilename: '' - # - # CA Certificate filename - # If provided, PostgreSQL will authenticate TLS/SSL clients by requesting them a certificate - # ref: https://www.postgresql.org/docs/9.6/auth-methods.html - certCAFilename: - # - # File containing a Certificate Revocation List - crlFilename: - -## Configure metrics exporter -## -metrics: - enabled: true - # resources: {} - service: - type: ClusterIP - annotations: - prometheus.io/scrape: 'true' - prometheus.io/port: '9187' - loadBalancerIP: - serviceMonitor: - enabled: false - additionalLabels: {} - # namespace: monitoring - # interval: 30s - # scrapeTimeout: 10s - ## Custom PrometheusRule to be defined - ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart - ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions - prometheusRule: - enabled: false - additionalLabels: {} - namespace: '' - ## These are just examples rules, please adapt them to your needs. - ## Make sure to constraint the rules to the current postgresql service. - ## rules: - ## - alert: HugeReplicationLag - ## expr: pg_replication_lag{service="{{ template "postgresql.fullname" . }}-metrics"} / 3600 > 1 - ## for: 1m - ## labels: - ## severity: critical - ## annotations: - ## description: replication for {{ template "postgresql.fullname" . }} PostgreSQL is lagging by {{ "{{ $value }}" }} hour(s). - ## summary: PostgreSQL replication is lagging by {{ "{{ $value }}" }} hour(s). - rules: [] - - image: - registry: docker.io - repository: bitnami/postgres-exporter - tag: 0.8.0-debian-10-r188 - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - ## Define additional custom metrics - ## ref: https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file - # customMetrics: - # pg_database: - # query: "SELECT d.datname AS name, CASE WHEN pg_catalog.has_database_privilege(d.datname, 'CONNECT') THEN pg_catalog.pg_database_size(d.datname) ELSE 0 END AS size FROM pg_catalog.pg_database d where datname not in ('template0', 'template1', 'postgres')" - # metrics: - # - name: - # usage: "LABEL" - # description: "Name of the database" - # - size_bytes: - # usage: "GAUGE" - # description: "Size of the database in bytes" - ## An array to add extra env vars to configure postgres-exporter - ## see: https://github.com/wrouesnel/postgres_exporter#environment-variables - ## For example: - # extraEnvVars: - # - name: PG_EXPORTER_DISABLE_DEFAULT_METRICS - # value: "true" - extraEnvVars: {} - - ## Pod Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - ## - securityContext: - enabled: false - runAsUser: 1001 - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) - ## Configure extra options for liveness and readiness probes - livenessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - - readinessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/values.schema.json b/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/values.schema.json deleted file mode 100644 index 7b5e2efc3..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/values.schema.json +++ /dev/null @@ -1,103 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "type": "object", - "properties": { - "postgresqlUsername": { - "type": "string", - "title": "Admin user", - "form": true - }, - "postgresqlPassword": { - "type": "string", - "title": "Password", - "form": true - }, - "persistence": { - "type": "object", - "properties": { - "size": { - "type": "string", - "title": "Persistent Volume Size", - "form": true, - "render": "slider", - "sliderMin": 1, - "sliderMax": 100, - "sliderUnit": "Gi" - } - } - }, - "resources": { - "type": "object", - "title": "Required Resources", - "description": "Configure resource requests", - "form": true, - "properties": { - "requests": { - "type": "object", - "properties": { - "memory": { - "type": "string", - "form": true, - "render": "slider", - "title": "Memory Request", - "sliderMin": 10, - "sliderMax": 2048, - "sliderUnit": "Mi" - }, - "cpu": { - "type": "string", - "form": true, - "render": "slider", - "title": "CPU Request", - "sliderMin": 10, - "sliderMax": 2000, - "sliderUnit": "m" - } - } - } - } - }, - "replication": { - "type": "object", - "form": true, - "title": "Replication Details", - "properties": { - "enabled": { - "type": "boolean", - "title": "Enable Replication", - "form": true - }, - "slaveReplicas": { - "type": "integer", - "title": "Slave Replicas", - "form": true, - "hidden": { - "value": false, - "path": "replication/enabled" - } - } - } - }, - "volumePermissions": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "form": true, - "title": "Enable Init Containers", - "description": "Change the owner of the persist volume mountpoint to RunAsUser:fsGroup" - } - } - }, - "metrics": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "title": "Configure metrics exporter", - "form": true - } - } - } - } -} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/values.yaml b/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/values.yaml deleted file mode 100644 index f45c4183d..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/charts/postgresql/values.yaml +++ /dev/null @@ -1,600 +0,0 @@ -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry and imagePullSecrets -## -global: - postgresql: {} -# imageRegistry: myRegistryName -# imagePullSecrets: -# - myRegistryKeySecretName -# storageClass: myStorageClass - -## Bitnami PostgreSQL image version -## ref: https://hub.docker.com/r/bitnami/postgresql/tags/ -## -image: - registry: docker.io - repository: bitnami/postgresql - tag: 11.9.0-debian-10-r1 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - - ## Set to true if you would like to see extra information on logs - ## It turns BASH and NAMI debugging in minideb - ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging - debug: false - -## String to partially override postgresql.fullname template (will maintain the release name) -## -# nameOverride: - -## String to fully override postgresql.fullname template -## -# fullnameOverride: - -## -## Init containers parameters: -## volumePermissions: Change the owner of the persist volume mountpoint to RunAsUser:fsGroup -## -volumePermissions: - enabled: false - image: - registry: docker.io - repository: bitnami/minideb - tag: buster - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: Always - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - ## Init container Security Context - ## Note: the chown of the data folder is done to securityContext.runAsUser - ## and not the below volumePermissions.securityContext.runAsUser - ## When runAsUser is set to special value "auto", init container will try to chwon the - ## data folder to autodetermined user&group, using commands: `id -u`:`id -G | cut -d" " -f2` - ## "auto" is especially useful for OpenShift which has scc with dynamic userids (and 0 is not allowed). - ## You may want to use this volumePermissions.securityContext.runAsUser="auto" in combination with - ## pod securityContext.enabled=false and shmVolume.chmod.enabled=false - ## - securityContext: - runAsUser: 0 - -## Use an alternate scheduler, e.g. "stork". -## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ -## -# schedulerName: - -## Pod Security Context -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ -## -securityContext: - enabled: true - fsGroup: 1001 - runAsUser: 1001 - -## Pod Service Account -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ -serviceAccount: - enabled: false - ## Name of an already existing service account. Setting this value disables the automatic service account creation. - # name: - -## Pod Security Policy -## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ -psp: - create: false - -## Creates role for ServiceAccount -## Required for PSP -rbac: - create: false - -replication: - enabled: false - user: repl_user - password: repl_password - slaveReplicas: 1 - ## Set synchronous commit mode: on, off, remote_apply, remote_write and local - ## ref: https://www.postgresql.org/docs/9.6/runtime-config-wal.html#GUC-WAL-LEVEL - synchronousCommit: 'off' - ## From the number of `slaveReplicas` defined above, set the number of those that will have synchronous replication - ## NOTE: It cannot be > slaveReplicas - numSynchronousReplicas: 0 - ## Replication Cluster application name. Useful for defining multiple replication policies - applicationName: my_application - -## PostgreSQL admin password (used when `postgresqlUsername` is not `postgres`) -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-user-on-first-run (see note!) -# postgresqlPostgresPassword: - -## PostgreSQL user (has superuser privileges if username is `postgres`) -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run -postgresqlUsername: postgres - -## PostgreSQL password -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run -## -# postgresqlPassword: - -## PostgreSQL password using existing secret -## existingSecret: secret - -## Mount PostgreSQL secret as a file instead of passing environment variable -# usePasswordFile: false - -## Create a database -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-on-first-run -## -# postgresqlDatabase: - -## PostgreSQL data dir -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md -## -postgresqlDataDir: /bitnami/postgresql/data - -## An array to add extra environment variables -## For example: -## extraEnv: -## - name: FOO -## value: "bar" -## -# extraEnv: -extraEnv: [] - -## Name of a ConfigMap containing extra env vars -## -# extraEnvVarsCM: - -## Specify extra initdb args -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md -## -# postgresqlInitdbArgs: - -## Specify a custom location for the PostgreSQL transaction log -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md -## -# postgresqlInitdbWalDir: - -## PostgreSQL configuration -## Specify runtime configuration parameters as a dict, using camelCase, e.g. -## {"sharedBuffers": "500MB"} -## Alternatively, you can put your postgresql.conf under the files/ directory -## ref: https://www.postgresql.org/docs/current/static/runtime-config.html -## -# postgresqlConfiguration: - -## PostgreSQL extended configuration -## As above, but _appended_ to the main configuration -## Alternatively, you can put your *.conf under the files/conf.d/ directory -## https://github.com/bitnami/bitnami-docker-postgresql#allow-settings-to-be-loaded-from-files-other-than-the-default-postgresqlconf -## -# postgresqlExtendedConf: - -## PostgreSQL client authentication configuration -## Specify content for pg_hba.conf -## Default: do not create pg_hba.conf -## Alternatively, you can put your pg_hba.conf under the files/ directory -# pgHbaConfiguration: |- -# local all all trust -# host all all localhost trust -# host mydatabase mysuser 192.168.0.0/24 md5 - -## ConfigMap with PostgreSQL configuration -## NOTE: This will override postgresqlConfiguration and pgHbaConfiguration -# configurationConfigMap: - -## ConfigMap with PostgreSQL extended configuration -# extendedConfConfigMap: - -## initdb scripts -## Specify dictionary of scripts to be run at first boot -## Alternatively, you can put your scripts under the files/docker-entrypoint-initdb.d directory -## -# initdbScripts: -# my_init_script.sh: | -# #!/bin/sh -# echo "Do something." - -## ConfigMap with scripts to be run at first boot -## NOTE: This will override initdbScripts -# initdbScriptsConfigMap: - -## Secret with scripts to be run at first boot (in case it contains sensitive information) -## NOTE: This can work along initdbScripts or initdbScriptsConfigMap -# initdbScriptsSecret: - -## Specify the PostgreSQL username and password to execute the initdb scripts -# initdbUser: -# initdbPassword: - -## Optional duration in seconds the pod needs to terminate gracefully. -## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods -## -# terminationGracePeriodSeconds: 30 - -## LDAP configuration -## -ldap: - enabled: false - url: '' - server: '' - port: '' - prefix: '' - suffix: '' - baseDN: '' - bindDN: '' - bind_password: - search_attr: '' - search_filter: '' - scheme: '' - tls: false - -## PostgreSQL service configuration -service: - ## PosgresSQL service type - type: ClusterIP - # clusterIP: None - port: 5432 - - ## Specify the nodePort value for the LoadBalancer and NodePort service types. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## - # nodePort: - - ## Provide any additional annotations which may be required. Evaluated as a template. - ## - annotations: {} - ## Set the LoadBalancer service type to internal only. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - # loadBalancerIP: - ## Load Balancer sources. Evaluated as a template. - ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## - # loadBalancerSourceRanges: - # - 10.10.10.0/24 - -## Start master and slave(s) pod(s) without limitations on shm memory. -## By default docker and containerd (and possibly other container runtimes) -## limit `/dev/shm` to `64M` (see e.g. the -## [docker issue](https://github.com/docker-library/postgres/issues/416) and the -## [containerd issue](https://github.com/containerd/containerd/issues/3654), -## which could be not enough if PostgreSQL uses parallel workers heavily. -## -shmVolume: - ## Set `shmVolume.enabled` to `true` to mount a new tmpfs volume to remove - ## this limitation. - ## - enabled: true - ## Set to `true` to `chmod 777 /dev/shm` on a initContainer. - ## This option is ingored if `volumePermissions.enabled` is `false` - ## - chmod: - enabled: true - -## PostgreSQL data Persistent Volume Storage Class -## If defined, storageClassName: -## If set to "-", storageClassName: "", which disables dynamic provisioning -## If undefined (the default) or set to null, no storageClassName spec is -## set, choosing the default provisioner. (gp2 on AWS, standard on -## GKE, AWS & OpenStack) -## -persistence: - enabled: true - ## A manually managed Persistent Volume and Claim - ## If defined, PVC must be created manually before volume will be bound - ## The value is evaluated as a template, so, for example, the name can depend on .Release or .Chart - ## - # existingClaim: - - ## The path the volume will be mounted at, useful when using different - ## PostgreSQL images. - ## - mountPath: /bitnami/postgresql - - ## The subdirectory of the volume to mount to, useful in dev environments - ## and one PV for multiple services. - ## - subPath: '' - - # storageClass: "-" - accessModes: - - ReadWriteOnce - size: 8Gi - annotations: {} - -## updateStrategy for PostgreSQL StatefulSet and its slaves StatefulSets -## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies -updateStrategy: - type: RollingUpdate - -## -## PostgreSQL Master parameters -## -master: - ## Node, affinity, tolerations, and priorityclass settings for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature - ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption - nodeSelector: {} - affinity: {} - tolerations: [] - labels: {} - annotations: {} - podLabels: {} - podAnnotations: {} - priorityClassName: '' - ## Extra init containers - ## Example - ## - ## extraInitContainers: - ## - name: do-something - ## image: busybox - ## command: ['do', 'something'] - extraInitContainers: [] - - ## Additional PostgreSQL Master Volume mounts - ## - extraVolumeMounts: [] - ## Additional PostgreSQL Master Volumes - ## - extraVolumes: [] - ## Add sidecars to the pod - ## - ## For example: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - sidecars: [] - - ## Override the service configuration for master - ## - service: {} - # type: - # nodePort: - # clusterIP: - -## -## PostgreSQL Slave parameters -## -slave: - ## Node, affinity, tolerations, and priorityclass settings for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature - ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption - nodeSelector: {} - affinity: {} - tolerations: [] - labels: {} - annotations: {} - podLabels: {} - podAnnotations: {} - priorityClassName: '' - extraInitContainers: | - # - name: do-something - # image: busybox - # command: ['do', 'something'] - ## Additional PostgreSQL Slave Volume mounts - ## - extraVolumeMounts: [] - ## Additional PostgreSQL Slave Volumes - ## - extraVolumes: [] - ## Add sidecars to the pod - ## - ## For example: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - sidecars: [] - - ## Override the service configuration for slave - ## - service: {} - # type: - # nodePort: - # clusterIP: - ## Whether to enable PostgreSQL slave replicas data Persistent - ## - persistence: - enabled: true - -## Configure resource requests and limits -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## -resources: - requests: - memory: 256Mi - cpu: 250m - -## Add annotations to all the deployed resources -## -commonAnnotations: {} - -networkPolicy: - ## Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now. - ## - enabled: false - - ## The Policy model to apply. When set to false, only pods with the correct - ## client label will have network access to the port PostgreSQL is listening - ## on. When true, PostgreSQL will accept connections from any source - ## (with the correct destination port). - ## - allowExternal: true - - ## if explicitNamespacesSelector is missing or set to {}, only client Pods that are in the networkPolicy's namespace - ## and that match other criteria, the ones that have the good label, can reach the DB. - ## But sometimes, we want the DB to be accessible to clients from other namespaces, in this case, we can use this - ## LabelSelector to select these namespaces, note that the networkPolicy's namespace should also be explicitly added. - ## - ## Example: - ## explicitNamespacesSelector: - ## matchLabels: - ## role: frontend - ## matchExpressions: - ## - {key: role, operator: In, values: [frontend]} - explicitNamespacesSelector: {} - -## Configure extra options for liveness and readiness probes -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) -livenessProbe: - enabled: true - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - -readinessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - -## -## TLS configuration -## -tls: - # Enable TLS traffic - enabled: false - # - # Whether to use the server's TLS cipher preferences rather than the client's. - preferServerCiphers: true - # - # Name of the Secret that contains the certificates - certificatesSecret: '' - # - # Certificate filename - certFilename: '' - # - # Certificate Key filename - certKeyFilename: '' - # - # CA Certificate filename - # If provided, PostgreSQL will authenticate TLS/SSL clients by requesting them a certificate - # ref: https://www.postgresql.org/docs/9.6/auth-methods.html - certCAFilename: - # - # File containing a Certificate Revocation List - crlFilename: - -## Configure metrics exporter -## -metrics: - enabled: false - # resources: {} - service: - type: ClusterIP - annotations: - prometheus.io/scrape: 'true' - prometheus.io/port: '9187' - loadBalancerIP: - serviceMonitor: - enabled: false - additionalLabels: {} - # namespace: monitoring - # interval: 30s - # scrapeTimeout: 10s - ## Custom PrometheusRule to be defined - ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart - ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions - prometheusRule: - enabled: false - additionalLabels: {} - namespace: '' - ## These are just examples rules, please adapt them to your needs. - ## Make sure to constraint the rules to the current postgresql service. - ## rules: - ## - alert: HugeReplicationLag - ## expr: pg_replication_lag{service="{{ template "postgresql.fullname" . }}-metrics"} / 3600 > 1 - ## for: 1m - ## labels: - ## severity: critical - ## annotations: - ## description: replication for {{ template "postgresql.fullname" . }} PostgreSQL is lagging by {{ "{{ $value }}" }} hour(s). - ## summary: PostgreSQL replication is lagging by {{ "{{ $value }}" }} hour(s). - rules: [] - - image: - registry: docker.io - repository: bitnami/postgres-exporter - tag: 0.8.0-debian-10-r188 - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - ## Define additional custom metrics - ## ref: https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file - # customMetrics: - # pg_database: - # query: "SELECT d.datname AS name, CASE WHEN pg_catalog.has_database_privilege(d.datname, 'CONNECT') THEN pg_catalog.pg_database_size(d.datname) ELSE 0 END AS size_bytes FROM pg_catalog.pg_database d where datname not in ('template0', 'template1', 'postgres')" - # metrics: - # - name: - # usage: "LABEL" - # description: "Name of the database" - # - size_bytes: - # usage: "GAUGE" - # description: "Size of the database in bytes" - # - ## An array to add extra env vars to configure postgres-exporter - ## see: https://github.com/wrouesnel/postgres_exporter#environment-variables - ## For example: - # extraEnvVars: - # - name: PG_EXPORTER_DISABLE_DEFAULT_METRICS - # value: "true" - extraEnvVars: {} - - ## Pod Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - ## - securityContext: - enabled: false - runAsUser: 1001 - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) - ## Configure extra options for liveness and readiness probes - livenessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - - readinessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/ci/access-tls-values.yaml b/charts/artifactory-ha/artifactory-ha/4.13.0/ci/access-tls-values.yaml deleted file mode 100644 index b82db72d7..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/ci/access-tls-values.yaml +++ /dev/null @@ -1,11 +0,0 @@ -databaseUpgradeReady: true -artifactory: - masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF -# To Fix ct tool --reuse-values - PASSWORDS ERROR: you must provide your current passwords when upgrade the release -postgresql: - postgresqlPassword: password -access: - accessConfig: - security: - tls: true - resetAccessCAKeys: true diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/ci/default-values.yaml b/charts/artifactory-ha/artifactory-ha/4.13.0/ci/default-values.yaml deleted file mode 100644 index 1ebf93823..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/ci/default-values.yaml +++ /dev/null @@ -1,9 +0,0 @@ -# Leave this file empty to ensure that CI runs builds against the default configuration in values.yaml. -databaseUpgradeReady: true -## This is an exception here because HA needs masterKey to connect with other node members and it is commented in values to support 6.x to 7.x Migration -## Please refer https://github.com/jfrog/charts/blob/master/stable/artifactory-ha/README.md#special-upgrade-notes-1 -artifactory: - masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF -# To Fix ct tool --reuse-values - PASSWORDS ERROR: you must provide your current passwords when upgrade the release -postgresql: - postgresqlPassword: password diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/ci/global-values.yaml b/charts/artifactory-ha/artifactory-ha/4.13.0/ci/global-values.yaml deleted file mode 100644 index e6fb0c283..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/ci/global-values.yaml +++ /dev/null @@ -1,47 +0,0 @@ -databaseUpgradeReady: true -# To Fix ct tool --reuse-values - PASSWORDS ERROR: you must provide your current passwords when upgrade the release -postgresql: - postgresqlPassword: password -global: - versions: - artifactory: 7.12.8 - masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF - joinKey: EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE - customInitContainers: | - - name: "custom-setup" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" - command: - - 'sh' - - '-c' - - 'touch {{ .Values.artifactory.persistence.mountPath }}/example-custom-setup' - volumeMounts: - - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - name: volume - # Add custom volumes - customVolumes: | - - name: custom-script - emptyDir: - sizeLimit: 100Mi - # Add custom volumesMounts - customVolumeMounts: | - - name: custom-script - mountPath: "/scripts" - # Add custom sidecar containers - customSidecarContainers: | - - name: "sidecar-list-etc" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" - securityContext: - allowPrivilegeEscalation: false - command: ["sh","-c","echo 'Sidecar is running' >> /scripts/sidecar.txt; cat /scripts/sidecar.txt; while true; do sleep 30; done"] - volumeMounts: - - mountPath: "/scripts" - name: custom-script - resources: - requests: - memory: "32Mi" - cpu: "50m" - limits: - memory: "128Mi" - cpu: "100m" diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/ci/migration-disabled-values.yaml b/charts/artifactory-ha/artifactory-ha/4.13.0/ci/migration-disabled-values.yaml deleted file mode 100644 index 6c1e2587f..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/ci/migration-disabled-values.yaml +++ /dev/null @@ -1,8 +0,0 @@ -databaseUpgradeReady: true -# To Fix ct tool --reuse-values - PASSWORDS ERROR: you must provide your current passwords when upgrade the release -postgresql: - postgresqlPassword: password -artifactory: - masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF - migration: - enabled: false diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/ci/test-values.yaml b/charts/artifactory-ha/artifactory-ha/4.13.0/ci/test-values.yaml deleted file mode 100644 index efe3241d8..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/ci/test-values.yaml +++ /dev/null @@ -1,12 +0,0 @@ -databaseUpgradeReady: true -artifactory: - masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF - persistence: - enabled: true - -postgresql: - postgresqlPassword: "password" - postgresqlExtendedConf: - maxConnections: "102" - persistence: - enabled: true diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/files/migrate.sh b/charts/artifactory-ha/artifactory-ha/4.13.0/files/migrate.sh deleted file mode 100644 index e35bfdbb2..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/files/migrate.sh +++ /dev/null @@ -1,4339 +0,0 @@ -#!/bin/bash - -# Flags -FLAG_Y="y" -FLAG_N="n" -FLAGS_Y_N="$FLAG_Y $FLAG_N" -FLAG_NOT_APPLICABLE="_NA_" - -CURRENT_VERSION=$1 - -WRAPPER_SCRIPT_TYPE_RPMDEB="RPMDEB" -WRAPPER_SCRIPT_TYPE_DOCKER_COMPOSE="DOCKERCOMPOSE" - -SENSITIVE_KEY_VALUE="__sensitive_key_hidden___" - -# Shared system keys -SYS_KEY_SHARED_JFROGURL="shared.jfrogUrl" -SYS_KEY_SHARED_SECURITY_JOINKEY="shared.security.joinKey" -SYS_KEY_SHARED_SECURITY_MASTERKEY="shared.security.masterKey" - -SYS_KEY_SHARED_NODE_ID="shared.node.id" -SYS_KEY_SHARED_JAVAHOME="shared.javaHome" - -SYS_KEY_SHARED_DATABASE_TYPE="shared.database.type" -SYS_KEY_SHARED_DATABASE_TYPE_VALUE_POSTGRES="postgresql" -SYS_KEY_SHARED_DATABASE_DRIVER="shared.database.driver" -SYS_KEY_SHARED_DATABASE_URL="shared.database.url" -SYS_KEY_SHARED_DATABASE_USERNAME="shared.database.username" -SYS_KEY_SHARED_DATABASE_PASSWORD="shared.database.password" - -SYS_KEY_SHARED_ELASTICSEARCH_URL="shared.elasticsearch.url" -SYS_KEY_SHARED_ELASTICSEARCH_USERNAME="shared.elasticsearch.username" -SYS_KEY_SHARED_ELASTICSEARCH_PASSWORD="shared.elasticsearch.password" -SYS_KEY_SHARED_ELASTICSEARCH_CLUSTERSETUP="shared.elasticsearch.clusterSetup" -SYS_KEY_SHARED_ELASTICSEARCH_UNICASTFILE="shared.elasticsearch.unicastFile" -SYS_KEY_SHARED_ELASTICSEARCH_CLUSTERSETUP_VALUE="YES" - -# Define this in product specific script. Should contain the path to unitcast file -# File used by insight server to write cluster active nodes info. This will be read by elasticsearch -#SYS_KEY_SHARED_ELASTICSEARCH_UNICASTFILE_VALUE="" - -SYS_KEY_RABBITMQ_ACTIVE_NODE_NAME="shared.rabbitMq.active.node.name" -SYS_KEY_RABBITMQ_ACTIVE_NODE_IP="shared.rabbitMq.active.node.ip" - -# Filenames -FILE_NAME_SYSTEM_YAML="system.yaml" -FILE_NAME_JOIN_KEY="join.key" -FILE_NAME_MASTER_KEY="master.key" -FILE_NAME_INSTALLER_YAML="installer.yaml" - -# Global constants used in business logic -NODE_TYPE_STANDALONE="standalone" -NODE_TYPE_CLUSTER_NODE="node" -NODE_TYPE_DATABASE="database" - -# External(isable) databases -DATABASE_POSTGRES="POSTGRES" -DATABASE_ELASTICSEARCH="ELASTICSEARCH" -DATABASE_RABBITMQ="RABBITMQ" - -POSTGRES_LABEL="PostgreSQL" -ELASTICSEARCH_LABEL="Elasticsearch" -RABBITMQ_LABEL="Rabbitmq" - -ARTIFACTORY_LABEL="Artifactory" -JFMC_LABEL="Mission Control" -DISTRIBUTION_LABEL="Distribution" -XRAY_LABEL="Xray" - -POSTGRES_CONTAINER="postgres" -ELASTICSEARCH_CONTAINER="elasticsearch" -RABBITMQ_CONTAINER="rabbitmq" -REDIS_CONTAINER="redis" - -#Adding a small timeout before a read ensures it is positioned correctly in the screen -read_timeout=0.5 - -# Options related to data directory location -PROMPT_DATA_DIR_LOCATION="Installation Directory" -KEY_DATA_DIR_LOCATION="installer.data_dir" - -SYS_KEY_SHARED_NODE_HAENABLED="shared.node.haEnabled" -PROMPT_ADD_TO_CLUSTER="Are you adding an additional node to an existing product cluster?" -KEY_ADD_TO_CLUSTER="installer.ha" -VALID_VALUES_ADD_TO_CLUSTER="$FLAGS_Y_N" - -MESSAGE_POSTGRES_INSTALL="The installer can install a $POSTGRES_LABEL database, or you can connect to an existing compatible $POSTGRES_LABEL database\n(compatible databases: https://www.jfrog.com/confluence/display/JFROG/System+Requirements#SystemRequirements-RequirementsMatrix)" -PROMPT_POSTGRES_INSTALL="Do you want to install $POSTGRES_LABEL?" -KEY_POSTGRES_INSTALL="installer.install_postgresql" -VALID_VALUES_POSTGRES_INSTALL="$FLAGS_Y_N" - -# Postgres connection details -RPM_DEB_POSTGRES_HOME_DEFAULT="/var/opt/jfrog/postgres" -RPM_DEB_MESSAGE_STANDALONE_POSTGRES_DATA="$POSTGRES_LABEL home will have data and its configuration" -RPM_DEB_PROMPT_STANDALONE_POSTGRES_DATA="Type desired $POSTGRES_LABEL home location" -RPM_DEB_KEY_STANDALONE_POSTGRES_DATA="installer.postgresql.home" - -MESSAGE_DATABASE_URL="Provide the database connection details" -PROMPT_DATABASE_URL(){ - local databaseURlExample= - case "$PRODUCT_NAME" in - $ARTIFACTORY_LABEL) - databaseURlExample="jdbc:postgresql://:/artifactory" - ;; - $JFMC_LABEL) - databaseURlExample="postgresql://:/mission_control?sslmode=disable" - ;; - $DISTRIBUTION_LABEL) - databaseURlExample="jdbc:postgresql://:/distribution?sslmode=disable" - ;; - $XRAY_LABEL) - databaseURlExample="postgres://:/xraydb?sslmode=disable" - ;; - esac - if [ -z "$databaseURlExample" ]; then - echo -n "$POSTGRES_LABEL URL" # For consistency with username and password - return - fi - echo -n "$POSTGRES_LABEL url. Example: [$databaseURlExample]" -} -REGEX_DATABASE_URL(){ - local databaseURlExample= - case "$PRODUCT_NAME" in - $ARTIFACTORY_LABEL) - databaseURlExample="jdbc:postgresql://.*/artifactory.*" - ;; - $JFMC_LABEL) - databaseURlExample="postgresql://.*/mission_control.*" - ;; - $DISTRIBUTION_LABEL) - databaseURlExample="jdbc:postgresql://.*/distribution.*" - ;; - $XRAY_LABEL) - databaseURlExample="postgres://.*/xraydb.*" - ;; - esac - echo -n "^$databaseURlExample\$" -} -ERROR_MESSAGE_DATABASE_URL="Invalid $POSTGRES_LABEL URL" -KEY_DATABASE_URL="$SYS_KEY_SHARED_DATABASE_URL" -#NOTE: It is important to display the label. Since the message may be hidden if URL is known -PROMPT_DATABASE_USERNAME="$POSTGRES_LABEL username" -KEY_DATABASE_USERNAME="$SYS_KEY_SHARED_DATABASE_USERNAME" -#NOTE: It is important to display the label. Since the message may be hidden if URL is known -PROMPT_DATABASE_PASSWORD="$POSTGRES_LABEL password" -KEY_DATABASE_PASSWORD="$SYS_KEY_SHARED_DATABASE_PASSWORD" -IS_SENSITIVE_DATABASE_PASSWORD="$FLAG_Y" - -MESSAGE_STANDALONE_ELASTICSEARCH_INSTALL="The installer can install a $ELASTICSEARCH_LABEL database or you can connect to an existing compatible $ELASTICSEARCH_LABEL database" -PROMPT_STANDALONE_ELASTICSEARCH_INSTALL="Do you want to install $ELASTICSEARCH_LABEL?" -KEY_STANDALONE_ELASTICSEARCH_INSTALL="installer.install_elasticsearch" -VALID_VALUES_STANDALONE_ELASTICSEARCH_INSTALL="$FLAGS_Y_N" - -# Elasticsearch connection details -MESSAGE_ELASTICSEARCH_DETAILS="Provide the $ELASTICSEARCH_LABEL connection details" -PROMPT_ELASTICSEARCH_URL="$ELASTICSEARCH_LABEL URL" -KEY_ELASTICSEARCH_URL="$SYS_KEY_SHARED_ELASTICSEARCH_URL" - -PROMPT_ELASTICSEARCH_USERNAME="$ELASTICSEARCH_LABEL username" -KEY_ELASTICSEARCH_USERNAME="$SYS_KEY_SHARED_ELASTICSEARCH_USERNAME" - -PROMPT_ELASTICSEARCH_PASSWORD="$ELASTICSEARCH_LABEL password" -KEY_ELASTICSEARCH_PASSWORD="$SYS_KEY_SHARED_ELASTICSEARCH_PASSWORD" -IS_SENSITIVE_ELASTICSEARCH_PASSWORD="$FLAG_Y" - -# Cluster related questions -MESSAGE_CLUSTER_MASTER_KEY="Provide the cluster's master key. It can be found in the data directory of the first node under /etc/security/master.key" -PROMPT_CLUSTER_MASTER_KEY="Master Key" -KEY_CLUSTER_MASTER_KEY="$SYS_KEY_SHARED_SECURITY_MASTERKEY" -IS_SENSITIVE_CLUSTER_MASTER_KEY="$FLAG_Y" - -MESSAGE_JOIN_KEY="The Join key is the secret key used to establish trust between services in the JFrog Platform.\n(You can copy the Join Key from Admin > Security > Settings)" -PROMPT_JOIN_KEY="Join Key" -KEY_JOIN_KEY="$SYS_KEY_SHARED_SECURITY_JOINKEY" -IS_SENSITIVE_JOIN_KEY="$FLAG_Y" -REGEX_JOIN_KEY="^[a-zA-Z0-9]{16,}\$" -ERROR_MESSAGE_JOIN_KEY="Invalid Join Key" - -# Rabbitmq related cluster information -MESSAGE_RABBITMQ_ACTIVE_NODE_NAME="Provide an active ${RABBITMQ_LABEL} node name. Run the command [ hostname -s ] on any of the existing nodes in the product cluster to get this" -PROMPT_RABBITMQ_ACTIVE_NODE_NAME="${RABBITMQ_LABEL} active node name" -KEY_RABBITMQ_ACTIVE_NODE_NAME="$SYS_KEY_RABBITMQ_ACTIVE_NODE_NAME" - -# Rabbitmq related cluster information (necessary only for docker-compose) -PROMPT_RABBITMQ_ACTIVE_NODE_IP="${RABBITMQ_LABEL} active node ip" -KEY_RABBITMQ_ACTIVE_NODE_IP="$SYS_KEY_RABBITMQ_ACTIVE_NODE_IP" - -MESSAGE_JFROGURL(){ - echo -e "The JFrog URL allows ${PRODUCT_NAME} to connect to a JFrog Platform Instance.\n(You can copy the JFrog URL from Admin > Security > Settings)" -} -PROMPT_JFROGURL="JFrog URL" -KEY_JFROGURL="$SYS_KEY_SHARED_JFROGURL" -REGEX_JFROGURL="^https?://.*:{0,}[0-9]{0,4}\$" -ERROR_MESSAGE_JFROGURL="Invalid JFrog URL" - - -# Set this to FLAG_Y on upgrade -IS_UPGRADE="${FLAG_N}" - -# This belongs in JFMC but is the ONLY one that needs it so keeping it here for now. Can be made into a method and overridden if necessary -MESSAGE_MULTIPLE_PG_SCHEME="Please setup $POSTGRES_LABEL with schema as described in https://www.jfrog.com/confluence/display/JFROG/Installing+Mission+Control" - -_getMethodOutputOrVariableValue() { - unset EFFECTIVE_MESSAGE - local keyToSearch=$1 - local effectiveMessage= - local result="0" - # logSilly "Searching for method: [$keyToSearch]" - LC_ALL=C type "$keyToSearch" > /dev/null 2>&1 || result="$?" - if [[ "$result" == "0" ]]; then - # logSilly "Found method for [$keyToSearch]" - EFFECTIVE_MESSAGE="$($keyToSearch)" - return - fi - eval EFFECTIVE_MESSAGE=\${$keyToSearch} - if [ ! -z "$EFFECTIVE_MESSAGE" ]; then - return - fi - # logSilly "Didn't find method or variable for [$keyToSearch]" -} - - -# REF https://misc.flogisoft.com/bash/tip_colors_and_formatting -cClear="\e[0m" -cBlue="\e[38;5;69m" -cRedDull="\e[1;31m" -cYellow="\e[1;33m" -cRedBright="\e[38;5;197m" -cBold="\e[1m" - - -_loggerGetModeRaw() { - local MODE="$1" - case $MODE in - INFO) - printf "" - ;; - DEBUG) - printf "%s" "[${MODE}] " - ;; - WARN) - printf "${cRedDull}%s%s${cClear}" "[" "${MODE}" "] " - ;; - ERROR) - printf "${cRedBright}%s%s${cClear}" "[" "${MODE}" "] " - ;; - esac -} - - -_loggerGetMode() { - local MODE="$1" - case $MODE in - INFO) - printf "${cBlue}%s%-5s%s${cClear}" "[" "${MODE}" "]" - ;; - DEBUG) - printf "%-7s" "[${MODE}]" - ;; - WARN) - printf "${cRedDull}%s%-5s%s${cClear}" "[" "${MODE}" "]" - ;; - ERROR) - printf "${cRedBright}%s%-5s%s${cClear}" "[" "${MODE}" "]" - ;; - esac -} - -# Capitalises the first letter of the message -_loggerGetMessage() { - local originalMessage="$*" - local firstChar=$(echo "${originalMessage:0:1}" | awk '{ print toupper($0) }') - local resetOfMessage="${originalMessage:1}" - echo "$firstChar$resetOfMessage" -} - -# The spec also says content should be left-trimmed but this is not necessary in our case. We don't reach the limit. -_loggerGetStackTrace() { - printf "%s%-30s%s" "[" "$1:$2" "]" -} - -_loggerGetThread() { - printf "%s" "[main]" -} - -_loggerGetServiceType() { - printf "%s%-5s%s" "[" "shell" "]" -} - -#Trace ID is not applicable to scripts -_loggerGetTraceID() { - printf "%s" "[]" -} - -logRaw() { - echo "" - printf "$1" - echo "" -} - -logBold(){ - echo "" - printf "${cBold}$1${cClear}" - echo "" -} - -# The date binary works differently based on whether it is GNU/BSD -is_date_supported=0 -date --version > /dev/null 2>&1 || is_date_supported=1 -IS_GNU=$(echo $is_date_supported) - -_loggerGetTimestamp() { - if [ "${IS_GNU}" == "0" ]; then - echo -n $(date -u +%FT%T.%3NZ) - else - echo -n $(date -u +%FT%T.000Z) - fi -} - -# https://www.shellscript.sh/tips/spinner/ -_spin() -{ - spinner="/|\\-/|\\-" - while : - do - for i in `seq 0 7` - do - echo -n "${spinner:$i:1}" - echo -en "\010" - sleep 1 - done - done -} - -showSpinner() { - # Start the Spinner: - _spin & - # Make a note of its Process ID (PID): - SPIN_PID=$! - # Kill the spinner on any signal, including our own exit. - trap "kill -9 $SPIN_PID" `seq 0 15` &> /dev/null || return 0 -} - -stopSpinner() { - local occurrences=$(ps -ef | grep -wc "${SPIN_PID}") - let "occurrences+=0" - # validate that it is present (2 since this search itself will show up in the results) - if [ $occurrences -gt 1 ]; then - kill -9 $SPIN_PID &>/dev/null || return 0 - wait $SPIN_ID &>/dev/null - fi -} - -_getEffectiveMessage(){ - local MESSAGE="$1" - local MODE=${2-"INFO"} - - if [ -z "$CONTEXT" ]; then - CONTEXT=$(caller) - fi - - _EFFECTIVE_MESSAGE= - if [ -z "$LOG_BEHAVIOR_ADD_META" ]; then - _EFFECTIVE_MESSAGE="$(_loggerGetModeRaw $MODE)$(_loggerGetMessage $MESSAGE)" - else - local SERVICE_TYPE="script" - local TRACE_ID="" - local THREAD="main" - - local CONTEXT_LINE=$(echo "$CONTEXT" | awk '{print $1}') - local CONTEXT_FILE=$(echo "$CONTEXT" | awk -F"/" '{print $NF}') - - _EFFECTIVE_MESSAGE="$(_loggerGetTimestamp) $(_loggerGetServiceType) $(_loggerGetMode $MODE) $(_loggerGetTraceID) $(_loggerGetStackTrace $CONTEXT_FILE $CONTEXT_LINE) $(_loggerGetThread) - $(_loggerGetMessage $MESSAGE)" - fi - CONTEXT= -} - -# Important - don't call any log method from this method. Will become an infinite loop. Use echo to debug -_logToFile() { - local MODE=${1-"INFO"} - local targetFile="$LOG_BEHAVIOR_ADD_REDIRECTION" - # IF the file isn't passed, abort - if [ -z "$targetFile" ]; then - return - fi - # IF this is not being run in verbose mode and mode is debug or lower, abort - if [ "${VERBOSE_MODE}" != "$FLAG_Y" ] && [ "${VERBOSE_MODE}" != "true" ] && [ "${VERBOSE_MODE}" != "debug" ]; then - if [ "$MODE" == "DEBUG" ] || [ "$MODE" == "SILLY" ]; then - return - fi - fi - - # Create the file if it doesn't exist - if [ ! -f "${targetFile}" ]; then - return - # touch $targetFile > /dev/null 2>&1 || true - fi - # # Make it readable - # chmod 640 $targetFile > /dev/null 2>&1 || true - - # Log contents - printf "%s\n" "$_EFFECTIVE_MESSAGE" >> "$targetFile" || true -} - -logger() { - if [ "$LOG_BEHAVIOR_ADD_NEW_LINE" == "$FLAG_Y" ]; then - echo "" - fi - _getEffectiveMessage "$@" - local MODE=${2-"INFO"} - printf "%s\n" "$_EFFECTIVE_MESSAGE" - _logToFile "$MODE" -} - -logDebug(){ - VERBOSE_MODE=${VERBOSE_MODE-"false"} - CONTEXT=$(caller) - if [ "${VERBOSE_MODE}" == "$FLAG_Y" ] || [ "${VERBOSE_MODE}" == "true" ] || [ "${VERBOSE_MODE}" == "debug" ];then - logger "$1" "DEBUG" - else - logger "$1" "DEBUG" >&6 - fi - CONTEXT= -} - -logSilly(){ - VERBOSE_MODE=${VERBOSE_MODE-"false"} - CONTEXT=$(caller) - if [ "${VERBOSE_MODE}" == "silly" ];then - logger "$1" "DEBUG" - else - logger "$1" "DEBUG" >&6 - fi - CONTEXT= -} - -logError() { - CONTEXT=$(caller) - logger "$1" "ERROR" - CONTEXT= -} - -errorExit () { - CONTEXT=$(caller) - logger "$1" "ERROR" - CONTEXT= - exit 1 -} - -warn () { - CONTEXT=$(caller) - logger "$1" "WARN" - CONTEXT= -} - -note () { - CONTEXT=$(caller) - logger "$1" "NOTE" - CONTEXT= -} - -bannerStart() { - title=$1 - echo - echo -e "\033[1m${title}\033[0m" - echo -} - -bannerSection() { - title=$1 - echo - echo -e "******************************** ${title} ********************************" - echo -} - -bannerSubSection() { - title=$1 - echo - echo -e "************** ${title} *******************" - echo -} - -bannerMessge() { - title=$1 - echo - echo -e "********************************" - echo -e "${title}" - echo -e "********************************" - echo -} - -setRed () { - local input="$1" - echo -e \\033[31m${input}\\033[0m -} -setGreen () { - local input="$1" - echo -e \\033[32m${input}\\033[0m -} -setYellow () { - local input="$1" - echo -e \\033[33m${input}\\033[0m -} - -logger_addLinebreak () { - echo -e "---\n" -} - -bannerImportant() { - title=$1 - local bold="\033[1m" - local noColour="\033[0m" - echo - echo -e "${bold}######################################## IMPORTANT ########################################${noColour}" - echo -e "${bold}${title}${noColour}" - echo -e "${bold}###########################################################################################${noColour}" - echo -} - -bannerEnd() { - #TODO pass a title and calculate length dynamically so that start and end look alike - echo - echo "*****************************************************************************" - echo -} - -banner() { - title=$1 - content=$2 - bannerStart "${title}" - echo -e "$content" -} - -# The logic below helps us redirect content we'd normally hide to the log file. - # - # We have several commands which clutter the console with output and so use - # `cmd > /dev/null` - this redirects the command's output to null. - # - # However, the information we just hid maybe useful for support. Using the code pattern - # `cmd >&6` (instead of `cmd> >/dev/null` ), the command's output is hidden from the console - # but redirected to the installation log file - # - -#Default value of 6 is just null -exec 6>>/dev/null -redirectLogsToFile() { - echo "" - # local file=$1 - - # [ ! -z "${file}" ] || return 0 - - # local logDir=$(dirname "$file") - - # if [ ! -f "${file}" ]; then - # [ -d "${logDir}" ] || mkdir -p ${logDir} || \ - # ( echo "WARNING : Could not create parent directory (${logDir}) to redirect console log : ${file}" ; return 0 ) - # fi - - # #6 now points to the log file - # exec 6>>${file} - # #reference https://unix.stackexchange.com/questions/145651/using-exec-and-tee-to-redirect-logs-to-stdout-and-a-log-file-in-the-same-time - # exec 2>&1 > >(tee -a "${file}") -} - -# Check if a give key contains any sensitive string as part of it -# Based on the result, the caller can decide its value can be displayed or not -# Sample usage : isKeySensitive "${key}" && displayValue="******" || displayValue=${value} -isKeySensitive(){ - local key=$1 - local sensitiveKeys="password|secret|key|token" - - if [ -z "${key}" ]; then - return 1 - else - local lowercaseKey=$(echo "${key}" | tr '[:upper:]' '[:lower:]' 2>/dev/null) - [[ "${lowercaseKey}" =~ ${sensitiveKeys} ]] && return 0 || return 1 - fi -} - -getPrintableValueOfKey(){ - local displayValue= - local key="$1" - if [ -z "$key" ]; then - # This is actually an incorrect usage of this method but any logging will cause unexpected content in the caller - echo -n "" - return - fi - - local value="$2" - isKeySensitive "${key}" && displayValue="$SENSITIVE_KEY_VALUE" || displayValue="${value}" - echo -n $displayValue -} - -_createConsoleLog(){ - if [ -z "${JF_PRODUCT_HOME}" ]; then - return - fi - local targetFile="${JF_PRODUCT_HOME}/var/log/console.log" - mkdir -p "${JF_PRODUCT_HOME}/var/log" || true - if [ ! -f ${targetFile} ]; then - touch $targetFile > /dev/null 2>&1 || true - fi - chmod 640 $targetFile > /dev/null 2>&1 || true -} - -# Output from application's logs are piped to this method. It checks a configuration variable to determine if content should be logged to -# the common console.log file -redirectServiceLogsToFile() { - - local result="0" - # check if the function getSystemValue exists - LC_ALL=C type getSystemValue > /dev/null 2>&1 || result="$?" - if [[ "$result" != "0" ]]; then - warn "Couldn't find the systemYamlHelper. Skipping log redirection" - return 0 - fi - - getSystemValue "shared.consoleLog" "NOT_SET" - if [[ "${YAML_VALUE}" == "false" ]]; then - logger "Redirection is set to false. Skipping log redirection" - return 0; - fi - - if [ -z "${JF_PRODUCT_HOME}" ] || [ "${JF_PRODUCT_HOME}" == "" ]; then - warn "JF_PRODUCT_HOME is unavailable. Skipping log redirection" - return 0 - fi - - local targetFile="${JF_PRODUCT_HOME}/var/log/console.log" - - _createConsoleLog - - while read -r line; do - printf '%s\n' "${line}" >> $targetFile || return 0 # Don't want to log anything - might clutter the screen - done -} - -## Display environment variables starting with JF_ along with its value -## Value of sensitive keys will be displayed as "******" -## -## Sample Display : -## -## ======================== -## JF Environment variables -## ======================== -## -## JF_SHARED_NODE_ID : locahost -## JF_SHARED_JOINKEY : ****** -## -## -displayEnv() { - local JFEnv=$(printenv | grep ^JF_ 2>/dev/null) - local key= - local value= - - if [ -z "${JFEnv}" ]; then - return - fi - - cat << ENV_START_MESSAGE - -======================== -JF Environment variables -======================== -ENV_START_MESSAGE - - for entry in ${JFEnv}; do - key=$(echo "${entry}" | awk -F'=' '{print $1}') - value=$(echo "${entry}" | awk -F'=' '{print $2}') - - isKeySensitive "${key}" && value="******" || value=${value} - - printf "\n%-35s%s" "${key}" " : ${value}" - done - echo; -} - -_addLogRotateConfiguration() { - logDebug "Method ${FUNCNAME[0]}" - # mandatory inputs - local confFile="$1" - local logFile="$2" - - # Method available in _ioOperations.sh - LC_ALL=C type io_setYQPath > /dev/null 2>&1 || return 1 - - io_setYQPath - - # Method available in _systemYamlHelper.sh - LC_ALL=C type getSystemValue > /dev/null 2>&1 || return 1 - - local frequency="daily" - local archiveFolder="archived" - - local compressLogFiles= - getSystemValue "shared.logging.rotation.compress" "true" - if [[ "${YAML_VALUE}" == "true" ]]; then - compressLogFiles="compress" - fi - - getSystemValue "shared.logging.rotation.maxFiles" "10" - local noOfBackupFiles="${YAML_VALUE}" - - getSystemValue "shared.logging.rotation.maxSizeMb" "25" - local sizeOfFile="${YAML_VALUE}M" - - logDebug "Adding logrotate configuration for [$logFile] to [$confFile]" - - # Add configuration to file - local confContent=$(cat << LOGROTATECONF -$logFile { - $frequency - missingok - rotate $noOfBackupFiles - $compressLogFiles - notifempty - olddir $archiveFolder - dateext - extension .log - dateformat -%Y-%m-%d - size ${sizeOfFile} -} -LOGROTATECONF -) - echo "${confContent}" > ${confFile} || return 1 -} - -_operationIsBySameUser() { - local targetUser="$1" - local currentUserID=$(id -u) - local currentUserName=$(id -un) - - if [ $currentUserID == $targetUser ] || [ $currentUserName == $targetUser ]; then - echo -n "yes" - else - echo -n "no" - fi -} - -_addCronJobForLogrotate() { - logDebug "Method ${FUNCNAME[0]}" - - # Abort if logrotate is not available - [ "$(io_commandExists 'crontab')" != "yes" ] && warn "cron is not available" && return 1 - - # mandatory inputs - local productHome="$1" - local confFile="$2" - local cronJobOwner="$3" - - # We want to use our binary if possible. It may be more recent than the one in the OS - local logrotateBinary="$productHome/app/third-party/logrotate/logrotate" - - if [ ! -f "$logrotateBinary" ]; then - logrotateBinary="logrotate" - [ "$(io_commandExists 'logrotate')" != "yes" ] && warn "logrotate is not available" && return 1 - fi - local cmd="$logrotateBinary ${confFile} --state $productHome/var/etc/logrotate/logrotate-state" #--verbose - - id -u $cronJobOwner > /dev/null 2>&1 || { warn "User $cronJobOwner does not exist. Aborting logrotate configuration" && return 1; } - - # Remove the existing line - removeLogRotation "$productHome" "$cronJobOwner" || true - - # Run logrotate daily at 23:55 hours - local cronInterval="55 23 * * * $cmd" - - local standaloneMode=$(_operationIsBySameUser "$cronJobOwner") - - # If this is standalone mode, we cannot use -u - the user running this process may not have the necessary privileges - if [ "$standaloneMode" == "no" ]; then - (crontab -l -u $cronJobOwner 2>/dev/null; echo "$cronInterval") | crontab -u $cronJobOwner - - else - (crontab -l 2>/dev/null; echo "$cronInterval") | crontab - - fi -} - -## Configure logrotate for a product -## Failure conditions: -## If logrotation could not be setup for some reason -## Parameters: -## $1: The product name -## $2: The product home -## Depends on global: none -## Updates global: none -## Returns: NA - -configureLogRotation() { - logDebug "Method ${FUNCNAME[0]}" - - # mandatory inputs - local productName="$1" - if [ -z $productName ]; then - warn "Incorrect usage. A product name is necessary for configuring log rotation" && return 1 - fi - - local productHome="$2" - if [ -z $productHome ]; then - warn "Incorrect usage. A product home folder is necessary for configuring log rotation" && return 1 - fi - - local logFile="${productHome}/var/log/console.log" - if [[ $(uname) == "Darwin" ]]; then - logger "Log rotation for [$logFile] has not been configured. Please setup manually" - return 0 - fi - - local userID="$3" - if [ -z $userID ]; then - warn "Incorrect usage. A userID is necessary for configuring log rotation" && return 1 - fi - - local groupID=${4:-$userID} - local logConfigOwner=${5:-$userID} - - logDebug "Configuring log rotation as user [$userID], group [$groupID], effective cron User [$logConfigOwner]" - - local errorMessage="Could not configure logrotate. Please configure log rotation of the file: [$logFile] manually" - - local confFile="${productHome}/var/etc/logrotate/logrotate.conf" - - # TODO move to recursive method - createDir "${productHome}" "$userID" "$groupID" || { warn "${errorMessage}" && return 1; } - createDir "${productHome}/var" "$userID" "$groupID" || { warn "${errorMessage}" && return 1; } - createDir "${productHome}/var/log" "$userID" "$groupID" || { warn "${errorMessage}" && return 1; } - createDir "${productHome}/var/log/archived" "$userID" "$groupID" || { warn "${errorMessage}" && return 1; } - - # TODO move to recursive method - createDir "${productHome}/var/etc" "$userID" "$groupID" || { warn "${errorMessage}" && return 1; } - createDir "${productHome}/var/etc/logrotate" "$logConfigOwner" || { warn "${errorMessage}" && return 1; } - - # conf file should be owned by the user running the script - createFile "${confFile}" "${logConfigOwner}" || { warn "Could not create configuration file [$confFile]" return 1; } - - _addLogRotateConfiguration "${confFile}" "${logFile}" "$userID" "$groupID" || { warn "${errorMessage}" && return 1; } - _addCronJobForLogrotate "${productHome}" "${confFile}" "${logConfigOwner}" || { warn "${errorMessage}" && return 1; } -} - -_pauseExecution() { - if [ "${VERBOSE_MODE}" == "debug" ]; then - - local breakPoint="$1" - if [ ! -z "$breakPoint" ]; then - printf "${cBlue}Breakpoint${cClear} [$breakPoint] " - echo "" - fi - printf "${cBlue}Press enter once you are ready to continue${cClear}" - read -s choice - echo "" - fi -} - -# removeLogRotation "$productHome" "$cronJobOwner" || true -removeLogRotation() { - logDebug "Method ${FUNCNAME[0]}" - if [[ $(uname) == "Darwin" ]]; then - logDebug "Not implemented for Darwin." - return 0 - fi - local productHome="$1" - local cronJobOwner="$2" - local standaloneMode=$(_operationIsBySameUser "$cronJobOwner") - - local confFile="${productHome}/var/etc/logrotate/logrotate.conf" - - if [ "$standaloneMode" == "no" ]; then - crontab -l -u $cronJobOwner 2>/dev/null | grep -v "$confFile" | crontab -u $cronJobOwner - - else - crontab -l 2>/dev/null | grep -v "$confFile" | crontab - - fi -} - -# NOTE: This method does not check the configuration to see if redirection is necessary. -# This is intentional. If we don't redirect, tomcat logs might get redirected to a folder/file -# that does not exist, causing the service itself to not start -setupTomcatRedirection() { - logDebug "Method ${FUNCNAME[0]}" - local consoleLog="${JF_PRODUCT_HOME}/var/log/console.log" - _createConsoleLog - export CATALINA_OUT="${consoleLog}" -} - -setupScriptLogsRedirection() { - logDebug "Method ${FUNCNAME[0]}" - if [ -z "${JF_PRODUCT_HOME}" ]; then - logDebug "No JF_PRODUCT_HOME. Returning" - return - fi - # Create the console.log file if it is not already present - # _createConsoleLog || true - # # Ensure any logs (logger/logError/warn) also get redirected to the console.log - # # Using installer.log as a temparory fix. Please change this to console.log once INST-291 is fixed - export LOG_BEHAVIOR_ADD_REDIRECTION="${JF_PRODUCT_HOME}/var/log/console.log" - export LOG_BEHAVIOR_ADD_META="$FLAG_Y" -} - -# Returns Y if this method is run inside a container -isRunningInsideAContainer() { - if [ -f "/.dockerenv" ]; then - echo -n "$FLAG_Y" - else - echo -n "$FLAG_N" - fi -} - -POSTGRES_USER=999 -NGINX_USER=104 -NGINX_GROUP=107 -ES_USER=1000 -REDIS_USER=999 -MONGO_USER=999 -RABBITMQ_USER=999 -LOG_FILE_PERMISSION=640 -PID_FILE_PERMISSION=644 - -# Copy file -copyFile(){ - local source=$1 - local target=$2 - local mode=${3:-overwrite} - local enableVerbose=${4:-"${FLAG_N}"} - local verboseFlag="" - - if [ ! -z "${enableVerbose}" ] && [ "${enableVerbose}" == "${FLAG_Y}" ]; then - verboseFlag="-v" - fi - - if [[ ! ( $source && $target ) ]]; then - warn "Source and target is mandatory to copy file" - return 1 - fi - - if [[ -f "${target}" ]]; then - [[ "$mode" = "overwrite" ]] && ( cp ${verboseFlag} -f "$source" "$target" || errorExit "Unable to copy file, command : cp -f ${source} ${target}") || true - else - cp ${verboseFlag} -f "$source" "$target" || errorExit "Unable to copy file, command : cp -f ${source} ${target}" - fi -} - -# Copy files recursively from given source directory to destination directory -# This method wil copy but will NOT overwrite -# Destination will be created if its not available -copyFilesNoOverwrite(){ - local src=$1 - local dest=$2 - local enableVerboseCopy="${3:-${FLAG_Y}}" - - if [[ -z "${src}" || -z "${dest}" ]]; then - return - fi - - if [ -d "${src}" ] && [ "$(ls -A ${src})" ]; then - local relativeFilePath="" - local targetFilePath="" - - for file in $(find ${src} -type f 2>/dev/null) ; do - # Derive relative path and attach it to destination - # Example : - # src=/extra_config - # dest=/var/opt/jfrog/artifactory/etc - # file=/extra_config/config.xml - # relativeFilePath=config.xml - # targetFilePath=/var/opt/jfrog/artifactory/etc/config.xml - relativeFilePath=${file/${src}/} - targetFilePath=${dest}${relativeFilePath} - - createDir "$(dirname "$targetFilePath")" - copyFile "${file}" "${targetFilePath}" "no_overwrite" "${enableVerboseCopy}" - done - fi -} - -# TODO : WINDOWS ? -# Check the max open files and open processes set on the system -checkULimits () { - local minMaxOpenFiles=${1:-32000} - local minMaxOpenProcesses=${2:-1024} - local setValue=${3:-true} - local warningMsgForFiles=${4} - local warningMsgForProcesses=${5} - - logger "Checking open files and processes limits" - - local currentMaxOpenFiles=$(ulimit -n) - logger "Current max open files is $currentMaxOpenFiles" - if [ ${currentMaxOpenFiles} != "unlimited" ] && [ "$currentMaxOpenFiles" -lt "$minMaxOpenFiles" ]; then - if [ "${setValue}" ]; then - ulimit -n "${minMaxOpenFiles}" >/dev/null 2>&1 || warn "Max number of open files $currentMaxOpenFiles is low!" - [ -z "${warningMsgForFiles}" ] || warn "${warningMsgForFiles}" - else - errorExit "Max number of open files $currentMaxOpenFiles, is too low. Cannot run the application!" - fi - fi - - local currentMaxOpenProcesses=$(ulimit -u) - logger "Current max open processes is $currentMaxOpenProcesses" - if [ "$currentMaxOpenProcesses" != "unlimited" ] && [ "$currentMaxOpenProcesses" -lt "$minMaxOpenProcesses" ]; then - if [ "${setValue}" ]; then - ulimit -u "${minMaxOpenProcesses}" >/dev/null 2>&1 || warn "Max number of open files $currentMaxOpenFiles is low!" - [ -z "${warningMsgForProcesses}" ] || warn "${warningMsgForProcesses}" - else - errorExit "Max number of open files $currentMaxOpenProcesses, is too low. Cannot run the application!" - fi - fi -} - -createDirs() { - local appDataDir=$1 - local serviceName=$2 - local folders="backup bootstrap data etc logs work" - - [ -z "${appDataDir}" ] && errorExit "An application directory is mandatory to create its data structure" || true - [ -z "${serviceName}" ] && errorExit "A service name is mandatory to create service data structure" || true - - for folder in ${folders} - do - folder=${appDataDir}/${folder}/${serviceName} - if [ ! -d "${folder}" ]; then - logger "Creating folder : ${folder}" - mkdir -p "${folder}" || errorExit "Failed to create ${folder}" - fi - done -} - - -testReadWritePermissions () { - local dir_to_check=$1 - local error=false - - [ -d ${dir_to_check} ] || errorExit "'${dir_to_check}' is not a directory" - - local test_file=${dir_to_check}/test-permissions - - # Write file - if echo test > ${test_file} 1> /dev/null 2>&1; then - # Write succeeded. Testing read... - if cat ${test_file} > /dev/null; then - rm -f ${test_file} - else - error=true - fi - else - error=true - fi - - if [ ${error} == true ]; then - return 1 - else - return 0 - fi -} - -# Test directory has read/write permissions for current user -testDirectoryPermissions () { - local dir_to_check=$1 - local error=false - - [ -d ${dir_to_check} ] || errorExit "'${dir_to_check}' is not a directory" - - local u_id=$(id -u) - local id_str="id ${u_id}" - - logger "Testing directory ${dir_to_check} has read/write permissions for user ${id_str}" - - if ! testReadWritePermissions ${dir_to_check}; then - error=true - fi - - if [ "${error}" == true ]; then - local stat_data=$(stat -Lc "Directory: %n, permissions: %a, owner: %U, group: %G" ${dir_to_check}) - logger "###########################################################" - logger "${dir_to_check} DOES NOT have proper permissions for user ${id_str}" - logger "${stat_data}" - logger "Mounted directory must have read/write permissions for user ${id_str}" - logger "###########################################################" - errorExit "Directory ${dir_to_check} has bad permissions for user ${id_str}" - fi - logger "Permissions for ${dir_to_check} are good" -} - -# Utility method to create a directory path recursively with chown feature as -# Failure conditions: -## Exits if unable to create a directory -# Parameters: -## $1: Root directory from where the path can be created -## $2: List of recursive child directories seperated by space -## $3: user who should own the directory. Optional -## $4: group who should own the directory. Optional -# Depends on global: none -# Updates global: none -# Returns: NA -# -# Usage: -# createRecursiveDir "/opt/jfrog/product/var" "bootstrap tomcat lib" "user_name" "group_name" -createRecursiveDir(){ - local rootDir=$1 - local pathDirs=$2 - local user=$3 - local group=${4:-${user}} - local fullPath= - - [ ! -z "${rootDir}" ] || return 0 - - createDir "${rootDir}" "${user}" "${group}" - - [ ! -z "${pathDirs}" ] || return 0 - - fullPath=${rootDir} - - for dir in ${pathDirs}; do - fullPath=${fullPath}/${dir} - createDir "${fullPath}" "${user}" "${group}" - done -} - -# Utility method to create a directory -# Failure conditions: -## Exits if unable to create a directory -# Parameters: -## $1: directory to create -## $2: user who should own the directory. Optional -## $3: group who should own the directory. Optional -# Depends on global: none -# Updates global: none -# Returns: NA - -createDir(){ - local dirName="$1" - local printMessage=no - logSilly "Method ${FUNCNAME[0]} invoked with [$dirName]" - [ -z "${dirName}" ] && return - - logDebug "Attempting to create ${dirName}" - mkdir -p "${dirName}" || errorExit "Unable to create directory: [${dirName}]" - local userID="$2" - local groupID=${3:-$userID} - - # If UID/GID is passed, chown the folder - if [ ! -z "$userID" ] && [ ! -z "$groupID" ]; then - # Earlier, this line would have returned 1 if it failed. Now it just warns. - # This is intentional. Earlier, this line would NOT be reached if the folder already existed. - # Since it will always come to this line and the script may be running as a non-root user, this method will just warn if - # setting permissions fails (so as to not affect any existing flows) - io_setOwnershipNonRecursive "$dirName" "$userID" "$groupID" || warn "Could not set owner of [$dirName] to [$userID:$groupID]" - fi - # logging message to print created dir with user and group - local logMessage=${4:-$printMessage} - if [[ "${logMessage}" == "yes" ]]; then - logger "Successfully created directory [${dirName}]. Owner: [${userID}:${groupID}]" - fi -} - -removeSoftLinkAndCreateDir () { - local dirName="$1" - local userID="$2" - local groupID="$3" - local logMessage="$4" - removeSoftLink "${dirName}" - createDir "${dirName}" "${userID}" "${groupID}" "${logMessage}" -} - -# Utility method to remove a soft link -removeSoftLink () { - local dirName="$1" - if [[ -L "${dirName}" ]]; then - targetLink=$(readlink -f "${dirName}") - logger "Removing the symlink [${dirName}] pointing to [${targetLink}]" - rm -f "${dirName}" - fi -} - -# Check Directory exist in the path -checkDirExists () { - local directoryPath="$1" - - [[ -d "${directoryPath}" ]] && echo -n "true" || echo -n "false" -} - - -# Utility method to create a file -# Failure conditions: -# Parameters: -## $1: file to create -# Depends on global: none -# Updates global: none -# Returns: NA - -createFile(){ - local fileName="$1" - logSilly "Method ${FUNCNAME[0]} [$fileName]" - [ -f "${fileName}" ] && return 0 - touch "${fileName}" || return 1 - - local userID="$2" - local groupID=${3:-$userID} - - # If UID/GID is passed, chown the folder - if [ ! -z "$userID" ] && [ ! -z "$groupID" ]; then - io_setOwnership "$fileName" "$userID" "$groupID" || return 1 - fi -} - -# Check File exist in the filePath -# IMPORTANT- DON'T ADD LOGGING to this method -checkFileExists () { - local filePath="$1" - - [[ -f "${filePath}" ]] && echo -n "true" || echo -n "false" -} - -# Check for directories contains any (files or sub directories) -# IMPORTANT- DON'T ADD LOGGING to this method -checkDirContents () { - local directoryPath="$1" - if [[ "$(ls -1 "${directoryPath}" | wc -l)" -gt 0 ]]; then - echo -n "true" - else - echo -n "false" - fi -} - -# Check contents exist in directory -# IMPORTANT- DON'T ADD LOGGING to this method -checkContentExists () { - local source="$1" - - if [[ "$(checkDirContents "${source}")" != "true" ]]; then - echo -n "false" - else - echo -n "true" - fi -} - -# Resolve the variable -# IMPORTANT- DON'T ADD LOGGING to this method -evalVariable () { - local output="$1" - local input="$2" - - eval "${output}"=\${"${input}"} - eval echo \${"${output}"} -} - -# Usage: if [ "$(io_commandExists 'curl')" == "yes" ] -# IMPORTANT- DON'T ADD LOGGING to this method -io_commandExists() { - local commandToExecute="$1" - hash "${commandToExecute}" 2>/dev/null - local rt=$? - if [ "$rt" == 0 ]; then echo -n "yes"; else echo -n "no"; fi -} - -# Usage: if [ "$(io_curlExists)" != "yes" ] -# IMPORTANT- DON'T ADD LOGGING to this method -io_curlExists() { - io_commandExists "curl" -} - - -io_hasMatch() { - logSilly "Method ${FUNCNAME[0]}" - local result=0 - logDebug "Executing [echo \"$1\" | grep \"$2\" >/dev/null 2>&1]" - echo "$1" | grep "$2" >/dev/null 2>&1 || result=1 - return $result -} - -# Utility method to check if the string passed (usually a connection url) corresponds to this machine itself -# Failure conditions: None -# Parameters: -## $1: string to check against -# Depends on global: none -# Updates global: IS_LOCALHOST with value "yes/no" -# Returns: NA - -io_getIsLocalhost() { - logSilly "Method ${FUNCNAME[0]}" - IS_LOCALHOST="$FLAG_N" - local inputString="$1" - logDebug "Parsing [$inputString] to check if we are dealing with this machine itself" - - io_hasMatch "$inputString" "localhost" && { - logDebug "Found localhost. Returning [$FLAG_Y]" - IS_LOCALHOST="$FLAG_Y" && return; - } || logDebug "Did not find match for localhost" - - local hostIP=$(io_getPublicHostIP) - io_hasMatch "$inputString" "$hostIP" && { - logDebug "Found $hostIP. Returning [$FLAG_Y]" - IS_LOCALHOST="$FLAG_Y" && return; - } || logDebug "Did not find match for $hostIP" - - local hostID=$(io_getPublicHostID) - io_hasMatch "$inputString" "$hostID" && { - logDebug "Found $hostID. Returning [$FLAG_Y]" - IS_LOCALHOST="$FLAG_Y" && return; - } || logDebug "Did not find match for $hostID" - - local hostName=$(io_getPublicHostName) - io_hasMatch "$inputString" "$hostName" && { - logDebug "Found $hostName. Returning [$FLAG_Y]" - IS_LOCALHOST="$FLAG_Y" && return; - } || logDebug "Did not find match for $hostName" - -} - -# Usage: if [ "$(io_tarExists)" != "yes" ] -# IMPORTANT- DON'T ADD LOGGING to this method -io_tarExists() { - io_commandExists "tar" -} - -# IMPORTANT- DON'T ADD LOGGING to this method -io_getPublicHostIP() { - local OS_TYPE=$(uname) - local publicHostIP= - if [ "${OS_TYPE}" == "Darwin" ]; then - ipStatus=$(ifconfig en0 | grep "status" | awk '{print$2}') - if [ "${ipStatus}" == "active" ]; then - publicHostIP=$(ifconfig en0 | grep inet | grep -v inet6 | awk '{print $2}') - else - errorExit "Host IP could not be resolved!" - fi - elif [ "${OS_TYPE}" == "Linux" ]; then - publicHostIP=$(hostname -i 2>/dev/null || echo "127.0.0.1") - fi - publicHostIP=$(echo "${publicHostIP}" | awk '{print $1}') - echo -n "${publicHostIP}" -} - -# Will return the short host name (up to the first dot) -# IMPORTANT- DON'T ADD LOGGING to this method -io_getPublicHostName() { - echo -n "$(hostname -s)" -} - -# Will return the full host name (use this as much as possible) -# IMPORTANT- DON'T ADD LOGGING to this method -io_getPublicHostID() { - echo -n "$(hostname)" -} - -# Utility method to backup a file -# Failure conditions: NA -# Parameters: filePath -# Depends on global: none, -# Updates global: none -# Returns: NA -io_backupFile() { - logSilly "Method ${FUNCNAME[0]}" - fileName="$1" - if [ ! -f "${filePath}" ]; then - logDebug "No file: [${filePath}] to backup" - return - fi - dateTime=$(date +"%Y-%m-%d-%H-%M-%S") - targetFileName="${fileName}.backup.${dateTime}" - yes | \cp -f "$fileName" "${targetFileName}" - logger "File [${fileName}] backedup as [${targetFileName}]" -} - -# Reference https://stackoverflow.com/questions/4023830/how-to-compare-two-strings-in-dot-separated-version-format-in-bash/4025065#4025065 -is_number() { - case "$BASH_VERSION" in - 3.1.*) - PATTERN='\^\[0-9\]+\$' - ;; - *) - PATTERN='^[0-9]+$' - ;; - esac - - [[ "$1" =~ $PATTERN ]] -} - -io_compareVersions() { - if [[ $# != 2 ]] - then - echo "Usage: min_version current minimum" - return - fi - - A="${1%%.*}" - B="${2%%.*}" - - if [[ "$A" != "$1" && "$B" != "$2" && "$A" == "$B" ]] - then - io_compareVersions "${1#*.}" "${2#*.}" - else - if is_number "$A" && is_number "$B" - then - if [[ "$A" -eq "$B" ]]; then - echo "0" - elif [[ "$A" -gt "$B" ]]; then - echo "1" - elif [[ "$A" -lt "$B" ]]; then - echo "-1" - fi - fi - fi -} - -# Reference https://stackoverflow.com/questions/369758/how-to-trim-whitespace-from-a-bash-variable -# Strip all leading and trailing spaces -# IMPORTANT- DON'T ADD LOGGING to this method -io_trim() { - local var="$1" - # remove leading whitespace characters - var="${var#"${var%%[![:space:]]*}"}" - # remove trailing whitespace characters - var="${var%"${var##*[![:space:]]}"}" - echo -n "$var" -} - -# temporary function will be removing it ASAP -# search for string and replace text in file -replaceText_migration_hook () { - local regexString="$1" - local replaceText="$2" - local file="$3" - - if [[ "$(checkFileExists "${file}")" != "true" ]]; then - return - fi - if [[ $(uname) == "Darwin" ]]; then - sed -i '' -e "s/${regexString}/${replaceText}/" "${file}" || warn "Failed to replace the text in ${file}" - else - sed -i -e "s/${regexString}/${replaceText}/" "${file}" || warn "Failed to replace the text in ${file}" - fi -} - -# search for string and replace text in file -replaceText () { - local regexString="$1" - local replaceText="$2" - local file="$3" - - if [[ "$(checkFileExists "${file}")" != "true" ]]; then - return - fi - if [[ $(uname) == "Darwin" ]]; then - sed -i '' -e "s#${regexString}#${replaceText}#" "${file}" || warn "Failed to replace the text in ${file}" - else - sed -i -e "s#${regexString}#${replaceText}#" "${file}" || warn "Failed to replace the text in ${file}" - logDebug "Replaced [$regexString] with [$replaceText] in [$file]" - fi -} - -# search for string and prepend text in file -prependText () { - local regexString="$1" - local text="$2" - local file="$3" - - if [[ "$(checkFileExists "${file}")" != "true" ]]; then - return - fi - if [[ $(uname) == "Darwin" ]]; then - sed -i '' -e '/'"${regexString}"'/i\'$'\n\\'"${text}"''$'\n' "${file}" || warn "Failed to prepend the text in ${file}" - else - sed -i -e '/'"${regexString}"'/i\'$'\n\\'"${text}"''$'\n' "${file}" || warn "Failed to prepend the text in ${file}" - fi -} - -# add text to beginning of the file -addText () { - local text="$1" - local file="$2" - - if [[ "$(checkFileExists "${file}")" != "true" ]]; then - return - fi - if [[ $(uname) == "Darwin" ]]; then - sed -i '' -e '1s/^/'"${text}"'\'$'\n/' "${file}" || warn "Failed to add the text in ${file}" - else - sed -i -e '1s/^/'"${text}"'\'$'\n/' "${file}" || warn "Failed to add the text in ${file}" - fi -} - -io_replaceString () { - local value="$1" - local firstString="$2" - local secondString="$3" - local separator=${4:-"/"} - local updateValue= - if [[ $(uname) == "Darwin" ]]; then - updateValue=$(echo "${value}" | sed "s${separator}${firstString}${separator}${secondString}${separator}") - else - updateValue=$(echo "${value}" | sed "s${separator}${firstString}${separator}${secondString}${separator}") - fi - echo -n "${updateValue}" -} - -_findYQ() { - # logSilly "Method ${FUNCNAME[0]}" (Intentionally not logging. Does not add value) - local parentDir="$1" - if [ -z "$parentDir" ]; then - return - fi - logDebug "Executing command [find "${parentDir}" -name third-party -type d]" - local yq=$(find "${parentDir}" -name third-party -type d) - if [ -d "${yq}/yq" ]; then - export YQ_PATH="${yq}/yq" - fi -} - - -io_setYQPath() { - # logSilly "Method ${FUNCNAME[0]}" (Intentionally not logging. Does not add value) - if [ "$(io_commandExists 'yq')" == "yes" ]; then - return - fi - - if [ ! -z "${JF_PRODUCT_HOME}" ] && [ -d "${JF_PRODUCT_HOME}" ]; then - _findYQ "${JF_PRODUCT_HOME}" - fi - - if [ -z "${YQ_PATH}" ] && [ ! -z "${COMPOSE_HOME}" ] && [ -d "${COMPOSE_HOME}" ]; then - _findYQ "${COMPOSE_HOME}" - fi - # TODO We can remove this block after all the code is restructured. - if [ -z "${YQ_PATH}" ] && [ ! -z "${SCRIPT_HOME}" ] && [ -d "${SCRIPT_HOME}" ]; then - _findYQ "${SCRIPT_HOME}" - fi - -} - -io_getLinuxDistribution() { - LINUX_DISTRIBUTION= - - # Make sure running on Linux - [ $(uname -s) != "Linux" ] && return - - # Find out what Linux distribution we are on - - cat /etc/*-release | grep -i Red >/dev/null 2>&1 && LINUX_DISTRIBUTION=RedHat || true - - # OS 6.x - cat /etc/issue.net | grep Red >/dev/null 2>&1 && LINUX_DISTRIBUTION=RedHat || true - - # OS 7.x - cat /etc/*-release | grep -i centos >/dev/null 2>&1 && LINUX_DISTRIBUTION=CentOS && LINUX_DISTRIBUTION_VER="7" || true - - # OS 8.x - grep -q -i "release 8" /etc/redhat-release >/dev/null 2>&1 && LINUX_DISTRIBUTION_VER="8" || true - - # OS 7.x - grep -q -i "release 7" /etc/redhat-release >/dev/null 2>&1 && LINUX_DISTRIBUTION_VER="7" || true - - # OS 6.x - grep -q -i "release 6" /etc/redhat-release >/dev/null 2>&1 && LINUX_DISTRIBUTION_VER="6" || true - - cat /etc/*-release | grep -i Red | grep -i 'VERSION=7' >/dev/null 2>&1 && LINUX_DISTRIBUTION=RedHat && LINUX_DISTRIBUTION_VER="7" || true - - cat /etc/*-release | grep -i debian >/dev/null 2>&1 && LINUX_DISTRIBUTION=Debian || true - - cat /etc/*-release | grep -i ubuntu >/dev/null 2>&1 && LINUX_DISTRIBUTION=Ubuntu || true -} - -## Utility method to check ownership of folders/files -## Failure conditions: - ## If invoked with incorrect inputs - FATAL - ## If file is not owned by the user & group -## Parameters: - ## user - ## group - ## folder to chown -## Globals: none -## Returns: none -## NOTE: The method does NOTHING if the OS is Mac -io_checkOwner () { - logSilly "Method ${FUNCNAME[0]}" - local osType=$(uname) - - if [ "${osType}" != "Linux" ]; then - logDebug "Unsupported OS. Skipping check" - return 0 - fi - - local file_to_check=$1 - local user_id_to_check=$2 - - - if [ -z "$user_id_to_check" ] || [ -z "$file_to_check" ]; then - errorExit "Invalid invocation of method. Missing mandatory inputs" - fi - - local group_id_to_check=${3:-$user_id_to_check} - local check_user_name=${4:-"no"} - - logDebug "Checking permissions on [$file_to_check] for user [$user_id_to_check] & group [$group_id_to_check]" - - local stat= - - if [ "${check_user_name}" == "yes" ]; then - stat=( $(stat -Lc "%U %G" ${file_to_check}) ) - else - stat=( $(stat -Lc "%u %g" ${file_to_check}) ) - fi - - local user_id=${stat[0]} - local group_id=${stat[1]} - - if [[ "${user_id}" != "${user_id_to_check}" ]] || [[ "${group_id}" != "${group_id_to_check}" ]] ; then - logDebug "Ownership mismatch. [${file_to_check}] is not owned by [${user_id_to_check}:${group_id_to_check}]" - return 1 - else - return 0 - fi -} - -## Utility method to change ownership of a file/folder - NON recursive -## Failure conditions: - ## If invoked with incorrect inputs - FATAL - ## If chown operation fails - returns 1 -## Parameters: - ## user - ## group - ## file to chown -## Globals: none -## Returns: none -## NOTE: The method does NOTHING if the OS is Mac - -io_setOwnershipNonRecursive() { - - local osType=$(uname) - if [ "${osType}" != "Linux" ]; then - return - fi - - local targetFile=$1 - local user=$2 - - if [ -z "$user" ] || [ -z "$targetFile" ]; then - errorExit "Invalid invocation of method. Missing mandatory inputs" - fi - - local group=${3:-$user} - logDebug "Method ${FUNCNAME[0]}. Executing [chown ${user}:${group} ${targetFile}]" - chown ${user}:${group} ${targetFile} || return 1 -} - -## Utility method to change ownership of a file. -## IMPORTANT -## If being called on a folder, should ONLY be called for fresh folders or may cause performance issues -## Failure conditions: - ## If invoked with incorrect inputs - FATAL - ## If chown operation fails - returns 1 -## Parameters: - ## user - ## group - ## file to chown -## Globals: none -## Returns: none -## NOTE: The method does NOTHING if the OS is Mac - -io_setOwnership() { - - local osType=$(uname) - if [ "${osType}" != "Linux" ]; then - return - fi - - local targetFile=$1 - local user=$2 - - if [ -z "$user" ] || [ -z "$targetFile" ]; then - errorExit "Invalid invocation of method. Missing mandatory inputs" - fi - - local group=${3:-$user} - logDebug "Method ${FUNCNAME[0]}. Executing [chown -R ${user}:${group} ${targetFile}]" - chown -R ${user}:${group} ${targetFile} || return 1 -} - -## Utility method to create third party folder structure necessary for Postgres -## Failure conditions: -## If creation of directory or assigning permissions fails -## Parameters: none -## Globals: -## POSTGRESQL_DATA_ROOT -## Returns: none -## NOTE: The method does NOTHING if the folder already exists -io_createPostgresDir() { - logDebug "Method ${FUNCNAME[0]}" - [ -z "${POSTGRESQL_DATA_ROOT}" ] && return 0 - - logDebug "Property [${POSTGRESQL_DATA_ROOT}] exists. Proceeding" - - createDir "${POSTGRESQL_DATA_ROOT}/data" - io_setOwnership "${POSTGRESQL_DATA_ROOT}" "${POSTGRES_USER}" "${POSTGRES_USER}" || errorExit "Setting ownership of [${POSTGRESQL_DATA_ROOT}] to [${POSTGRES_USER}:${POSTGRES_USER}] failed" -} - -## Utility method to create third party folder structure necessary for Nginx -## Failure conditions: -## If creation of directory or assigning permissions fails -## Parameters: none -## Globals: -## NGINX_DATA_ROOT -## Returns: none -## NOTE: The method does NOTHING if the folder already exists -io_createNginxDir() { - logDebug "Method ${FUNCNAME[0]}" - [ -z "${NGINX_DATA_ROOT}" ] && return 0 - - logDebug "Property [${NGINX_DATA_ROOT}] exists. Proceeding" - - createDir "${NGINX_DATA_ROOT}" - io_setOwnership "${NGINX_DATA_ROOT}" "${NGINX_USER}" "${NGINX_GROUP}" || errorExit "Setting ownership of [${NGINX_DATA_ROOT}] to [${NGINX_USER}:${NGINX_GROUP}] failed" -} - -## Utility method to create third party folder structure necessary for ElasticSearch -## Failure conditions: -## If creation of directory or assigning permissions fails -## Parameters: none -## Globals: -## ELASTIC_DATA_ROOT -## Returns: none -## NOTE: The method does NOTHING if the folder already exists -io_createElasticSearchDir() { - logDebug "Method ${FUNCNAME[0]}" - [ -z "${ELASTIC_DATA_ROOT}" ] && return 0 - - logDebug "Property [${ELASTIC_DATA_ROOT}] exists. Proceeding" - - createDir "${ELASTIC_DATA_ROOT}/data" - io_setOwnership "${ELASTIC_DATA_ROOT}" "${ES_USER}" "${ES_USER}" || errorExit "Setting ownership of [${ELASTIC_DATA_ROOT}] to [${ES_USER}:${ES_USER}] failed" -} - -## Utility method to create third party folder structure necessary for Redis -## Failure conditions: -## If creation of directory or assigning permissions fails -## Parameters: none -## Globals: -## REDIS_DATA_ROOT -## Returns: none -## NOTE: The method does NOTHING if the folder already exists -io_createRedisDir() { - logDebug "Method ${FUNCNAME[0]}" - [ -z "${REDIS_DATA_ROOT}" ] && return 0 - - logDebug "Property [${REDIS_DATA_ROOT}] exists. Proceeding" - - createDir "${REDIS_DATA_ROOT}" - io_setOwnership "${REDIS_DATA_ROOT}" "${REDIS_USER}" "${REDIS_USER}" || errorExit "Setting ownership of [${REDIS_DATA_ROOT}] to [${REDIS_USER}:${REDIS_USER}] failed" -} - -## Utility method to create third party folder structure necessary for Mongo -## Failure conditions: -## If creation of directory or assigning permissions fails -## Parameters: none -## Globals: -## MONGODB_DATA_ROOT -## Returns: none -## NOTE: The method does NOTHING if the folder already exists -io_createMongoDir() { - logDebug "Method ${FUNCNAME[0]}" - [ -z "${MONGODB_DATA_ROOT}" ] && return 0 - - logDebug "Property [${MONGODB_DATA_ROOT}] exists. Proceeding" - - createDir "${MONGODB_DATA_ROOT}/logs" - createDir "${MONGODB_DATA_ROOT}/configdb" - createDir "${MONGODB_DATA_ROOT}/db" - io_setOwnership "${MONGODB_DATA_ROOT}" "${MONGO_USER}" "${MONGO_USER}" || errorExit "Setting ownership of [${MONGODB_DATA_ROOT}] to [${MONGO_USER}:${MONGO_USER}] failed" -} - -## Utility method to create third party folder structure necessary for RabbitMQ -## Failure conditions: -## If creation of directory or assigning permissions fails -## Parameters: none -## Globals: -## RABBITMQ_DATA_ROOT -## Returns: none -## NOTE: The method does NOTHING if the folder already exists -io_createRabbitMQDir() { - logDebug "Method ${FUNCNAME[0]}" - [ -z "${RABBITMQ_DATA_ROOT}" ] && return 0 - - logDebug "Property [${RABBITMQ_DATA_ROOT}] exists. Proceeding" - - createDir "${RABBITMQ_DATA_ROOT}" - io_setOwnership "${RABBITMQ_DATA_ROOT}" "${RABBITMQ_USER}" "${RABBITMQ_USER}" || errorExit "Setting ownership of [${RABBITMQ_DATA_ROOT}] to [${RABBITMQ_USER}:${RABBITMQ_USER}] failed" -} - -# Add or replace a property in provided properties file -addOrReplaceProperty() { - local propertyName=$1 - local propertyValue=$2 - local propertiesPath=$3 - local delimiter=${4:-"="} - - # Return if any of the inputs are empty - [[ -z "$propertyName" || "$propertyName" == "" ]] && return - [[ -z "$propertyValue" || "$propertyValue" == "" ]] && return - [[ -z "$propertiesPath" || "$propertiesPath" == "" ]] && return - - grep "^${propertyName}\s*${delimiter}.*$" ${propertiesPath} > /dev/null 2>&1 - [ $? -ne 0 ] && echo -e "\n${propertyName}${delimiter}${propertyValue}" >> ${propertiesPath} - sed -i -e "s|^${propertyName}\s*${delimiter}.*$|${propertyName}${delimiter}${propertyValue}|g;" ${propertiesPath} -} - -# Set property only if its not set -io_setPropertyNoOverride(){ - local propertyName=$1 - local propertyValue=$2 - local propertiesPath=$3 - - # Return if any of the inputs are empty - [[ -z "$propertyName" || "$propertyName" == "" ]] && return - [[ -z "$propertyValue" || "$propertyValue" == "" ]] && return - [[ -z "$propertiesPath" || "$propertiesPath" == "" ]] && return - - grep "^${propertyName}:" ${propertiesPath} > /dev/null 2>&1 - if [ $? -ne 0 ]; then - echo -e "${propertyName}: ${propertyValue}" >> ${propertiesPath} || warn "Setting property ${propertyName}: ${propertyValue} in [ ${propertiesPath} ] failed" - else - logger "Skipping update of property : ${propertyName}" >&6 - fi -} - -# Add a line to a file if it doesn't already exist -addLine() { - local line_to_add=$1 - local target_file=$2 - logger "Trying to add line $1 to $2" >&6 2>&1 - cat "$target_file" | grep -F "$line_to_add" -wq >&6 2>&1 - if [ $? != 0 ]; then - logger "Line does not exist and will be added" >&6 2>&1 - echo $line_to_add >> $target_file || errorExit "Could not update $target_file" - fi -} - -# Utility method to check if a value (first paramter) exists in an array (2nd parameter) -# 1st parameter "value to find" -# 2nd parameter "The array to search in. Please pass a string with each value separated by space" -# Example: containsElement "y" "y Y n N" -containsElement () { - local searchElement=$1 - local searchArray=($2) - local found=1 - for elementInIndex in "${searchArray[@]}";do - if [[ $elementInIndex == $searchElement ]]; then - found=0 - fi - done - return $found -} - -# Utility method to get user's choice -# 1st parameter "what to ask the user" -# 2nd parameter "what choices to accept, separated by spaces" -# 3rd parameter "what is the default choice (to use if the user simply presses Enter)" -# Example 'getUserChoice "Are you feeling lucky? Punk!" "y n Y N" "y"' -getUserChoice(){ - configureLogOutput - read_timeout=${read_timeout:-0.5} - local choice="na" - local text_to_display=$1 - local choices=$2 - local default_choice=$3 - users_choice= - - until containsElement "$choice" "$choices"; do - echo "";echo ""; - sleep $read_timeout #This ensures correct placement of the question. - read -p "$text_to_display :" choice - : ${choice:=$default_choice} - done - users_choice=$choice - echo -e "\n$text_to_display: $users_choice" >&6 - sleep $read_timeout #This ensures correct logging -} - -setFilePermission () { - local permission=$1 - local file=$2 - chmod "${permission}" "${file}" || warn "Setting permission ${permission} to file [ ${file} ] failed" -} - - -#setting required paths -setAppDir (){ - SCRIPT_DIR=$(dirname $0) - SCRIPT_HOME="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" - APP_DIR="`cd "${SCRIPT_HOME}";pwd`" -} - -ZIP_TYPE="zip" -COMPOSE_TYPE="compose" -HELM_TYPE="helm" -RPM_TYPE="rpm" -DEB_TYPE="debian" - -sourceScript () { - local file="$1" - - [ ! -z "${file}" ] || errorExit "target file is not passed to source a file" - - if [ ! -f "${file}" ]; then - errorExit "${file} file is not found" - else - source "${file}" || errorExit "Unable to source ${file}, please check if the user ${USER} has permissions to perform this action" - fi -} -# Source required helpers -initHelpers () { - local systemYamlHelper="${APP_DIR}/systemYamlHelper.sh" - local thirdPartyDir=$(find ${APP_DIR}/.. -name third-party -type d) - export YQ_PATH="${thirdPartyDir}/yq" - LIBXML2_PATH="${thirdPartyDir}/libxml2/bin/xmllint" - export LD_LIBRARY_PATH="${thirdPartyDir}/libxml2/lib" - sourceScript "${systemYamlHelper}" -} -# Check migration info yaml file available in the path -checkMigrationInfoYaml () { - - if [[ -f "${APP_DIR}/migrationHelmInfo.yaml" ]]; then - MIGRATION_SYSTEM_YAML_INFO="${APP_DIR}/migrationHelmInfo.yaml" - INSTALLER="${HELM_TYPE}" - elif [[ -f "${APP_DIR}/migrationZipInfo.yaml" ]]; then - MIGRATION_SYSTEM_YAML_INFO="${APP_DIR}/migrationZipInfo.yaml" - INSTALLER="${ZIP_TYPE}" - elif [[ -f "${APP_DIR}/migrationRpmInfo.yaml" ]]; then - MIGRATION_SYSTEM_YAML_INFO="${APP_DIR}/migrationRpmInfo.yaml" - INSTALLER="${RPM_TYPE}" - elif [[ -f "${APP_DIR}/migrationDebInfo.yaml" ]]; then - MIGRATION_SYSTEM_YAML_INFO="${APP_DIR}/migrationDebInfo.yaml" - INSTALLER="${DEB_TYPE}" - elif [[ -f "${APP_DIR}/migrationComposeInfo.yaml" ]]; then - MIGRATION_SYSTEM_YAML_INFO="${APP_DIR}/migrationComposeInfo.yaml" - INSTALLER="${COMPOSE_TYPE}" - else - errorExit "File migration Info yaml does not exist in [${APP_DIR}]" - fi -} - -retrieveYamlValue () { - local yamlPath="$1" - local value="$2" - local output="$3" - local message="$4" - - [[ -z "${yamlPath}" ]] && errorExit "yamlPath is mandatory to get value from ${MIGRATION_SYSTEM_YAML_INFO}" - - getYamlValue "${yamlPath}" "${MIGRATION_SYSTEM_YAML_INFO}" "false" - value="${YAML_VALUE}" - if [[ -z "${value}" ]]; then - if [[ "${output}" == "Warning" ]]; then - warn "Empty value for ${yamlPath} in [${MIGRATION_SYSTEM_YAML_INFO}]" - elif [[ "${output}" == "Skip" ]]; then - return - else - errorExit "${message}" - fi - fi -} - -checkEnv () { - - if [[ "${INSTALLER}" == "${ZIP_TYPE}" ]]; then - # check Environment JF_PRODUCT_HOME is set before migration - NEW_DATA_DIR="$(evalVariable "NEW_DATA_DIR" "JF_PRODUCT_HOME")" - if [[ -z "${NEW_DATA_DIR}" ]]; then - errorExit "Environment variable JF_PRODUCT_HOME is not set, this is required to perform Migration" - fi - # appending var directory to $JF_PRODUCT_HOME - NEW_DATA_DIR="${NEW_DATA_DIR}/var" - elif [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then - getCustomDataDir_hook - NEW_DATA_DIR="${OLD_DATA_DIR}" - if [[ -z "${NEW_DATA_DIR}" ]] && [[ -z "${OLD_DATA_DIR}" ]]; then - errorExit "Could not find ${PROMPT_DATA_DIR_LOCATION} to perform Migration" - fi - else - # check Environment JF_ROOT_DATA_DIR is set before migration - OLD_DATA_DIR="$(evalVariable "OLD_DATA_DIR" "JF_ROOT_DATA_DIR")" - # check Environment JF_ROOT_DATA_DIR is set before migration - NEW_DATA_DIR="$(evalVariable "NEW_DATA_DIR" "JF_ROOT_DATA_DIR")" - if [[ -z "${NEW_DATA_DIR}" ]] && [[ -z "${OLD_DATA_DIR}" ]]; then - errorExit "Could not find ${PROMPT_DATA_DIR_LOCATION} to perform Migration" - fi - # appending var directory to $JF_PRODUCT_HOME - NEW_DATA_DIR="${NEW_DATA_DIR}/var" - fi - -} - -getDataDir () { - - if [[ "${INSTALLER}" == "${ZIP_TYPE}" || "${INSTALLER}" == "${COMPOSE_TYPE}"|| "${INSTALLER}" == "${HELM_TYPE}" ]]; then - checkEnv - else - getCustomDataDir_hook - NEW_DATA_DIR="`cd "${APP_DIR}"/../../;pwd`" - NEW_DATA_DIR="${NEW_DATA_DIR}/var" - fi -} - -# Retrieve Product name from MIGRATION_SYSTEM_YAML_INFO -getProduct () { - retrieveYamlValue "migration.product" "${YAML_VALUE}" "Fail" "Empty value under ${yamlPath} in [${MIGRATION_SYSTEM_YAML_INFO}]" - PRODUCT="${YAML_VALUE}" - PRODUCT=$(echo "${PRODUCT}" | tr '[:upper:]' '[:lower:]' 2>/dev/null) - if [[ "${PRODUCT}" != "artifactory" && "${PRODUCT}" != "distribution" && "${PRODUCT}" != "xray" ]]; then - errorExit "migration.product in [${MIGRATION_SYSTEM_YAML_INFO}] is not correct, please set based on product as ARTIFACTORY or DISTRIBUTION" - fi - if [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then - JF_USER="${PRODUCT}" - fi -} -# Compare product version with minProductVersion and maxProductVersion -migrateCheckVersion () { - local productVersion="$1" - local minProductVersion="$2" - local maxProductVersion="$3" - local productVersion618="6.18.0" - local unSupportedProductVersions7=("7.2.0 7.2.1") - - if [[ "$(io_compareVersions "${productVersion}" "${maxProductVersion}")" -eq 0 || "$(io_compareVersions "${productVersion}" "${maxProductVersion}")" -eq 1 ]]; then - logger "Migration not necessary. ${PRODUCT} is already ${productVersion}" - exit 11 - elif [[ "$(io_compareVersions "${productVersion}" "${minProductVersion}")" -eq 0 || "$(io_compareVersions "${productVersion}" "${minProductVersion}")" -eq 1 ]]; then - if [[ ("$(io_compareVersions "${productVersion}" "${productVersion618}")" -eq 0 || "$(io_compareVersions "${productVersion}" "${productVersion618}")" -eq 1) && " ${unSupportedProductVersions7[@]} " =~ " ${CURRENT_VERSION} " ]]; then - touch /tmp/error; - errorExit "Current ${PRODUCT} version (${productVersion}) does not support migration to ${CURRENT_VERSION}" - else - bannerStart "Detected ${PRODUCT} ${productVersion}, initiating migration" - fi - else - logger "Current ${PRODUCT} ${productVersion} version is not supported for migration" - exit 1 - fi -} - -getProductVersion () { - local minProductVersion="$1" - local maxProductVersion="$2" - local newfilePath="$3" - local oldfilePath="$4" - local propertyInDocker="$5" - local property="$6" - local productVersion= - local status= - - if [[ "$INSTALLER" == "${COMPOSE_TYPE}" ]]; then - if [[ -f "${oldfilePath}" ]]; then - if [[ "${PRODUCT}" == "artifactory" ]]; then - productVersion="$(readKey "${property}" "${oldfilePath}")" - else - productVersion="$(cat "${oldfilePath}")" - fi - status="success" - elif [[ -f "${newfilePath}" ]]; then - productVersion="$(readKey "${propertyInDocker}" "${newfilePath}")" - status="fail" - else - logger "File [${oldfilePath}] or [${newfilePath}] not found to get current version." - exit 0 - fi - elif [[ "$INSTALLER" == "${HELM_TYPE}" ]]; then - if [[ -f "${oldfilePath}" ]]; then - if [[ "${PRODUCT}" == "artifactory" ]]; then - productVersion="$(readKey "${property}" "${oldfilePath}")" - else - productVersion="$(cat "${oldfilePath}")" - fi - status="success" - else - productVersion="${CURRENT_VERSION}" - [[ -z "${productVersion}" || "${productVersion}" == "" ]] && logger "${PRODUCT} CURRENT_VERSION is not set" && exit 0 - fi - else - if [[ -f "${newfilePath}" ]]; then - productVersion="$(readKey "${property}" "${newfilePath}")" - status="fail" - elif [[ -f "${oldfilePath}" ]]; then - productVersion="$(readKey "${property}" "${oldfilePath}")" - status="success" - else - if [[ "${INSTALLER}" == "${ZIP_TYPE}" ]]; then - logger "File [${newfilePath}] not found to get current version." - else - logger "File [${oldfilePath}] or [${newfilePath}] not found to get current version." - fi - exit 0 - fi - fi - if [[ -z "${productVersion}" || "${productVersion}" == "" ]]; then - [[ "${status}" == "success" ]] && logger "No version found in file [${oldfilePath}]." - [[ "${status}" == "fail" ]] && logger "No version found in file [${newfilePath}]." - exit 0 - fi - - migrateCheckVersion "${productVersion}" "${minProductVersion}" "${maxProductVersion}" -} - -readKey () { - local property="$1" - local file="$2" - local version= - - while IFS='=' read -r key value || [ -n "${key}" ]; - do - [[ ! "${key}" =~ \#.* && ! -z "${key}" && ! -z "${value}" ]] - key="$(io_trim "${key}")" - if [[ "${key}" == "${property}" ]]; then - version="${value}" && check=true && break - else - check=false - fi - done < "${file}" - if [[ "${check}" == "false" ]]; then - return - fi - echo "${version}" -} - -# create Log directory -createLogDir () { - if [[ "${INSTALLER}" == "${DEB_TYPE}" || "${INSTALLER}" == "${RPM_TYPE}" ]]; then - getUserAndGroupFromFile - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/log" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" - fi -} - -# Creating migration log file -creationMigrateLog () { - local LOG_FILE_NAME="migration.log" - createLogDir - local MIGRATION_LOG_FILE="${NEW_DATA_DIR}/log/${LOG_FILE_NAME}" - if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then - MIGRATION_LOG_FILE="${SCRIPT_HOME}/${LOG_FILE_NAME}" - fi - touch "${MIGRATION_LOG_FILE}" - setFilePermission "${LOG_FILE_PERMISSION}" "${MIGRATION_LOG_FILE}" - exec &> >(tee -a "${MIGRATION_LOG_FILE}") -} -# Set path where system.yaml should create -setSystemYamlPath () { - SYSTEM_YAML_PATH="${NEW_DATA_DIR}/etc/system.yaml" - if [[ "${INSTALLER}" != "${HELM_TYPE}" ]]; then - logger "system.yaml will be created in path [${SYSTEM_YAML_PATH}]" - fi -} -# Create directory -createDirectory () { - local directory="$1" - local output="$2" - local check=false - local message="Could not create directory ${directory}, please check if the user ${USER} has permissions to perform this action" - removeSoftLink "${directory}" - mkdir -p "${directory}" && check=true || check=false - if [[ "${check}" == "false" ]]; then - if [[ "${output}" == "Warning" ]]; then - warn "${message}" - else - errorExit "${message}" - fi - fi - setOwnershipBasedOnInstaller "${directory}" -} - -setOwnershipBasedOnInstaller () { - local directory="$1" - if [[ "${INSTALLER}" == "${DEB_TYPE}" || "${INSTALLER}" == "${RPM_TYPE}" ]]; then - getUserAndGroupFromFile - chown -R ${USER_TO_CHECK}:${GROUP_TO_CHECK} "${directory}" || warn "Setting ownership on $directory failed" - elif [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then - io_setOwnership "${directory}" "${JF_USER}" "${JF_USER}" - fi -} - -getUserAndGroup () { - local file="$1" - read uid gid <<<$(stat -c '%U %G' ${file}) - USER_TO_CHECK="${uid}" - GROUP_TO_CHECK="${gid}" -} - -# set ownership -getUserAndGroupFromFile () { - case $PRODUCT in - artifactory) - getUserAndGroup "/etc/opt/jfrog/artifactory/artifactory.properties" - ;; - distribution) - getUserAndGroup "${OLD_DATA_DIR}/etc/versions.properties" - ;; - xray) - getUserAndGroup "${OLD_DATA_DIR}/security/master.key" - ;; - esac -} - -# creating required directories -createRequiredDirs () { - bannerSubSection "CREATING REQUIRED DIRECTORIES" - if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/etc/security" "${JF_USER}" "${JF_USER}" "yes" - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/data" "${JF_USER}" "${JF_USER}" "yes" - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/log/archived" "${JF_USER}" "${JF_USER}" "yes" - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/work" "${JF_USER}" "${JF_USER}" "yes" - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/backup" "${JF_USER}" "${JF_USER}" "yes" - io_setOwnership "${NEW_DATA_DIR}" "${JF_USER}" "${JF_USER}" - if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" ]]; then - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/data/postgres" "${POSTGRES_USER}" "${POSTGRES_USER}" "yes" - fi - elif [[ "${INSTALLER}" == "${DEB_TYPE}" || "${INSTALLER}" == "${RPM_TYPE}" ]]; then - getUserAndGroupFromFile - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/etc" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" "yes" - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/etc/security" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" "yes" - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/data" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" "yes" - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/log/archived" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" "yes" - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/work" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" "yes" - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/backup" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" "yes" - fi -} - -# Check entry in map is format -checkMapEntry () { - local entry="$1" - - [[ "${entry}" != *"="* ]] && echo -n "false" || echo -n "true" -} -# Check value Empty and warn -warnIfEmpty () { - local filePath="$1" - local yamlPath="$2" - local check= - - if [[ -z "${filePath}" ]]; then - warn "Empty value in yamlpath [${yamlPath} in [${MIGRATION_SYSTEM_YAML_INFO}]" - check=false - else - check=true - fi - echo "${check}" -} - -logCopyStatus () { - local status="$1" - local logMessage="$2" - local warnMessage="$3" - - [[ "${status}" == "success" ]] && logger "${logMessage}" - [[ "${status}" == "fail" ]] && warn "${warnMessage}" -} -# copy contents from source to destination -copyCmd () { - local source="$1" - local target="$2" - local mode="$3" - local status= - - case $mode in - unique) - cp -up "${source}"/* "${target}"/ && status="success" || status="fail" - logCopyStatus "${status}" "Successfully copied directory contents from [${source}] to [${target}]" "Failed to copy directory contents from [${source}] to [${target}]" - ;; - specific) - cp -pf "${source}" "${target}"/ && status="success" || status="fail" - logCopyStatus "${status}" "Successfully copied file [${source}] to [${target}]" "Failed to copy file [${source}] to [${target}]" - ;; - patternFiles) - cp -pf "${source}"* "${target}"/ && status="success" || status="fail" - logCopyStatus "${status}" "Successfully copied files matching [${source}*] to [${target}]" "Failed to copy files matching [${source}*] to [${target}]" - ;; - full) - cp -prf "${source}"/* "${target}"/ && status="success" || status="fail" - logCopyStatus "${status}" "Successfully copied directory contents from [${source}] to [${target}]" "Failed to copy directory contents from [${source}] to [${target}]" - ;; - esac -} -# Check contents exist in source before copying -copyOnContentExist () { - local source="$1" - local target="$2" - local mode="$3" - - if [[ "$(checkContentExists "${source}")" == "true" ]]; then - copyCmd "${source}" "${target}" "${mode}" - else - logger "No contents to copy from [${source}]" - fi -} - -# move source to destination -moveCmd () { - local source="$1" - local target="$2" - local status= - - mv -f "${source}" "${target}" && status="success" || status="fail" - [[ "${status}" == "success" ]] && logger "Successfully moved directory [${source}] to [${target}]" - [[ "${status}" == "fail" ]] && warn "Failed to move directory [${source}] to [${target}]" -} - -# symlink target to source -symlinkCmd () { - local source="$1" - local target="$2" - local symlinkSubDir="$3" - local check=false - - if [[ "${symlinkSubDir}" == "subDir" ]]; then - ln -sf "${source}"/* "${target}" && check=true || check=false - else - ln -sf "${source}" "${target}" && check=true || check=false - fi - - [[ "${check}" == "true" ]] && logger "Successfully symlinked directory [${target}] to old [${source}]" - [[ "${check}" == "false" ]] && warn "Symlink operation failed" -} -# Check contents exist in source before symlinking -symlinkOnExist () { - local source="$1" - local target="$2" - local symlinkSubDir="$3" - - if [[ "$(checkContentExists "${source}")" == "true" ]]; then - if [[ "${symlinkSubDir}" == "subDir" ]]; then - symlinkCmd "${source}" "${target}" "subDir" - else - symlinkCmd "${source}" "${target}" - fi - else - logger "No contents to symlink from [${source}]" - fi -} - -prependDir () { - local absolutePath="$1" - local fullPath="$2" - local sourcePath= - - if [[ "${absolutePath}" = \/* ]]; then - sourcePath="${absolutePath}" - else - sourcePath="${fullPath}" - fi - echo "${sourcePath}" -} - -getFirstEntry (){ - local entry="$1" - - [[ -z "${entry}" ]] && return - echo "${entry}" | awk -F"=" '{print $1}' -} - -getSecondEntry () { - local entry="$1" - - [[ -z "${entry}" ]] && return - echo "${entry}" | awk -F"=" '{print $2}' -} -# To get absolutePath -pathResolver () { - local directoryPath="$1" - local dataDir= - - if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then - retrieveYamlValue "migration.oldDataDir" "oldDataDir" "Warning" - dataDir="${YAML_VALUE}" - cd "${dataDir}" - else - cd "${OLD_DATA_DIR}" - fi - absoluteDir="`cd "${directoryPath}";pwd`" - echo "${absoluteDir}" -} - -checkPathResolver () { - local value="$1" - - if [[ "${value}" == \/* ]]; then - value="${value}" - else - value="$(pathResolver "${value}")" - fi - echo "${value}" -} - -propertyMigrate () { - local entry="$1" - local filePath="$2" - local fileName="$3" - local check=false - - local yamlPath="$(getFirstEntry "${entry}")" - local property="$(getSecondEntry "${entry}")" - if [[ -z "${property}" ]]; then - warn "Property is empty in map [${entry}] in the file [${MIGRATION_SYSTEM_YAML_INFO}]" - return - fi - if [[ -z "${yamlPath}" ]]; then - warn "yamlPath is empty for [${property}] in [${MIGRATION_SYSTEM_YAML_INFO}]" - return - fi - while IFS='=' read -r key value || [ -n "${key}" ]; - do - [[ ! "${key}" =~ \#.* && ! -z "${key}" && ! -z "${value}" ]] - key="$(io_trim "${key}")" - if [[ "${key}" == "${property}" ]]; then - if [[ "${PRODUCT}" == "artifactory" ]]; then - value="$(migrateResolveDerbyPath "${key}" "${value}")" - value="$(migrateResolveHaDirPath "${key}" "${value}")" - value="$(updatePostgresUrlString_Hook "${yamlPath}" "${value}")" - fi - if [[ "${key}" == "context.url" ]]; then - local ip=$(echo "${value}" | awk -F/ '{print $3}' | sed 's/:.*//') - setSystemValue "shared.node.ip" "${ip}" "${SYSTEM_YAML_PATH}" - logger "Setting [shared.node.ip] with [${ip}] in system.yaml" - fi - setSystemValue "${yamlPath}" "${value}" "${SYSTEM_YAML_PATH}" && logger "Setting [${yamlPath}] with value of the property [${property}] in system.yaml" && check=true && break || check=false - fi - done < "${NEW_DATA_DIR}/${filePath}/${fileName}" - [[ "${check}" == "false" ]] && logger "Property [${property}] not found in file [${fileName}]" -} - -setHaEnabled_hook () { - echo "" -} - -migratePropertiesFiles () { - local fileList= - local filePath= - local fileName= - local map= - - retrieveYamlValue "migration.propertyFiles.files" "fileList" "Skip" - fileList="${YAML_VALUE}" - if [[ -z "${fileList}" ]]; then - return - fi - bannerSection "PROCESSING MIGRATION OF PROPERTY FILES" - for file in ${fileList}; - do - bannerSubSection "Processing Migration of $file" - retrieveYamlValue "migration.propertyFiles.$file.filePath" "filePath" "Warning" - filePath="${YAML_VALUE}" - retrieveYamlValue "migration.propertyFiles.$file.fileName" "fileName" "Warning" - fileName="${YAML_VALUE}" - [[ -z "${filePath}" && -z "${fileName}" ]] && continue - if [[ "$(checkFileExists "${NEW_DATA_DIR}/${filePath}/${fileName}")" == "true" ]]; then - logger "File [${fileName}] found in path [${NEW_DATA_DIR}/${filePath}]" - # setting haEnabled with true only if ha-node.properties is present - setHaEnabled_hook "${filePath}" - retrieveYamlValue "migration.propertyFiles.$file.map" "map" "Warning" - map="${YAML_VALUE}" - [[ -z "${map}" ]] && continue - for entry in $map; - do - if [[ "$(checkMapEntry "${entry}")" == "true" ]]; then - propertyMigrate "${entry}" "${filePath}" "${fileName}" - else - warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e yamlPath=property" - fi - done - else - logger "File [${fileName}] was not found in path [${NEW_DATA_DIR}/${filePath}] to migrate" - fi - done -} - -createTargetDir () { - local mountDir="$1" - local target="$2" - - logger "Target directory not found [${mountDir}/${target}], creating it" - createDirectoryRecursive "${mountDir}" "${target}" "Warning" -} - -createDirectoryRecursive () { - local mountDir="$1" - local target="$2" - local output="$3" - local check=false - local message="Could not create directory ${directory}, please check if the user ${USER} has permissions to perform this action" - removeSoftLink "${mountDir}/${target}" - local directory=$(echo "${target}" | tr '/' ' ' ) - local targetDir="${mountDir}" - for dir in ${directory}; - do - targetDir="${targetDir}/${dir}" - mkdir -p "${targetDir}" && check=true || check=false - setOwnershipBasedOnInstaller "${targetDir}" - done - if [[ "${check}" == "false" ]]; then - if [[ "${output}" == "Warning" ]]; then - warn "${message}" - else - errorExit "${message}" - fi - fi -} - -copyOperation () { - local source="$1" - local target="$2" - local mode="$3" - local check=false - local targetDataDir= - local targetLink= - local date= - - # prepend OLD_DATA_DIR only if source is relative path - source="$(prependDir "${source}" "${OLD_DATA_DIR}/${source}")" - if [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then - targetDataDir="${NEW_DATA_DIR}" - else - targetDataDir="`cd "${NEW_DATA_DIR}"/../;pwd`" - fi - copyLogMessage "${mode}" - #remove source if it is a symlink - if [[ -L "${source}" ]]; then - targetLink=$(readlink -f "${source}") - logger "Removing the symlink [${source}] pointing to [${targetLink}]" - rm -f "${source}" - source=${targetLink} - fi - if [[ "$(checkDirExists "${source}")" != "true" ]]; then - logger "Source [${source}] directory not found in path" - return - fi - if [[ "$(checkDirContents "${source}")" != "true" ]]; then - logger "No contents to copy from [${source}]" - return - fi - if [[ "$(checkDirExists "${targetDataDir}/${target}")" != "true" ]]; then - createTargetDir "${targetDataDir}" "${target}" - fi - copyOnContentExist "${source}" "${targetDataDir}/${target}" "${mode}" -} - -copySpecificFiles () { - local source="$1" - local target="$2" - local mode="$3" - - # prepend OLD_DATA_DIR only if source is relative path - source="$(prependDir "${source}" "${OLD_DATA_DIR}/${source}")" - if [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then - targetDataDir="${NEW_DATA_DIR}" - else - targetDataDir="`cd "${NEW_DATA_DIR}"/../;pwd`" - fi - copyLogMessage "${mode}" - if [[ "$(checkFileExists "${source}")" != "true" ]]; then - logger "Source file [${source}] does not exist in path" - return - fi - if [[ "$(checkDirExists "${targetDataDir}/${target}")" != "true" ]]; then - createTargetDir "${targetDataDir}" "${target}" - fi - copyCmd "${source}" "${targetDataDir}/${target}" "${mode}" -} - -copyPatternMatchingFiles () { - local source="$1" - local target="$2" - local mode="$3" - local sourcePath="${4}" - - # prepend OLD_DATA_DIR only if source is relative path - sourcePath="$(prependDir "${sourcePath}" "${OLD_DATA_DIR}/${sourcePath}")" - if [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then - targetDataDir="${NEW_DATA_DIR}" - else - targetDataDir="`cd "${NEW_DATA_DIR}"/../;pwd`" - fi - copyLogMessage "${mode}" - if [[ "$(checkDirExists "${sourcePath}")" != "true" ]]; then - logger "Source [${sourcePath}] directory not found in path" - return - fi - if ls "${sourcePath}/${source}"* 1> /dev/null 2>&1; then - if [[ "$(checkDirExists "${targetDataDir}/${target}")" != "true" ]]; then - createTargetDir "${targetDataDir}" "${target}" - fi - copyCmd "${sourcePath}/${source}" "${targetDataDir}/${target}" "${mode}" - else - logger "Source file [${sourcePath}/${source}*] does not exist in path" - fi -} - -copyLogMessage () { - local mode="$1" - case $mode in - specific) - logger "Copy file [${source}] to target [${targetDataDir}/${target}]" - ;; - patternFiles) - logger "Copy files matching [${sourcePath}/${source}*] to target [${targetDataDir}/${target}]" - ;; - full) - logger "Copy directory contents from source [${source}] to target [${targetDataDir}/${target}]" - ;; - unique) - logger "Copy directory contents from source [${source}] to target [${targetDataDir}/${target}]" - ;; - esac -} - -copyBannerMessages () { - local mode="$1" - local textMode="$2" - case $mode in - specific) - bannerSection "COPY ${textMode} FILES" - ;; - patternFiles) - bannerSection "COPY MATCHING ${textMode}" - ;; - full) - bannerSection "COPY ${textMode} DIRECTORIES CONTENTS" - ;; - unique) - bannerSection "COPY ${textMode} DIRECTORIES CONTENTS" - ;; - esac -} - -invokeCopyFunctions () { - local mode="$1" - local source="$2" - local target="$3" - - case $mode in - specific) - copySpecificFiles "${source}" "${target}" "${mode}" - ;; - patternFiles) - retrieveYamlValue "migration.${copyFormat}.sourcePath" "map" "Warning" - local sourcePath="${YAML_VALUE}" - copyPatternMatchingFiles "${source}" "${target}" "${mode}" "${sourcePath}" - ;; - full) - copyOperation "${source}" "${target}" "${mode}" - ;; - unique) - copyOperation "${source}" "${target}" "${mode}" - ;; - esac -} -# Copies contents from source directory and target directory -copyDataDirectories () { - local copyFormat="$1" - local mode="$2" - local map= - local source= - local target= - local textMode= - local targetDataDir= - local copyFormatValue= - - retrieveYamlValue "migration.${copyFormat}" "${copyFormat}" "Skip" - copyFormatValue="${YAML_VALUE}" - if [[ -z "${copyFormatValue}" ]]; then - return - fi - textMode=$(echo "${mode}" | tr '[:lower:]' '[:upper:]' 2>/dev/null) - copyBannerMessages "${mode}" "${textMode}" - retrieveYamlValue "migration.${copyFormat}.map" "map" "Warning" - map="${YAML_VALUE}" - if [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then - targetDataDir="${NEW_DATA_DIR}" - else - targetDataDir="`cd "${NEW_DATA_DIR}"/../;pwd`" - fi - for entry in $map; - do - if [[ "$(checkMapEntry "${entry}")" == "true" ]]; then - source="$(getSecondEntry "${entry}")" - target="$(getFirstEntry "${entry}")" - [[ -z "${source}" ]] && warn "source value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue - [[ -z "${target}" ]] && warn "target value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue - invokeCopyFunctions "${mode}" "${source}" "${target}" - else - warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e target=source" - fi - echo ""; - done -} - -invokeMoveFunctions () { - local source="$1" - local target="$2" - local sourceDataDir= - local targetBasename= - # prepend OLD_DATA_DIR only if source is relative path - sourceDataDir=$(prependDir "${source}" "${OLD_DATA_DIR}/${source}") - targetBasename=$(dirname "${target}") - logger "Moving directory source [${sourceDataDir}] to target [${NEW_DATA_DIR}/${target}]" - if [[ "$(checkDirExists "${sourceDataDir}")" != "true" ]]; then - logger "Directory [${sourceDataDir}] not found in path to move" - return - fi - if [[ "$(checkDirExists "${NEW_DATA_DIR}/${targetBasename}")" != "true" ]]; then - createTargetDir "${NEW_DATA_DIR}" "${targetBasename}" - moveCmd "${sourceDataDir}" "${NEW_DATA_DIR}/${target}" - else - moveCmd "${sourceDataDir}" "${NEW_DATA_DIR}/tempDir" - moveCmd "${NEW_DATA_DIR}/tempDir" "${NEW_DATA_DIR}/${target}" - fi -} - -# Move source directory and target directory -moveDirectories () { - local moveDataDirectories= - local map= - local source= - local target= - - retrieveYamlValue "migration.moveDirectories" "moveDirectories" "Skip" - moveDirectories="${YAML_VALUE}" - if [[ -z "${moveDirectories}" ]]; then - return - fi - bannerSection "MOVE DIRECTORIES" - retrieveYamlValue "migration.moveDirectories.map" "map" "Warning" - map="${YAML_VALUE}" - for entry in $map; - do - if [[ "$(checkMapEntry "${entry}")" == "true" ]]; then - source="$(getSecondEntry "${entry}")" - target="$(getFirstEntry "${entry}")" - [[ -z "${source}" ]] && warn "source value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue - [[ -z "${target}" ]] && warn "target value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue - invokeMoveFunctions "${source}" "${target}" - else - warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e target=source" - fi - echo ""; - done -} - -# Trim masterKey if its generated using hex 32 -trimMasterKey () { - local masterKeyDir=/opt/jfrog/artifactory/var/etc/security - local oldMasterKey=$(<${masterKeyDir}/master.key) - local oldMasterKey_Length=$(echo ${#oldMasterKey}) - local newMasterKey= - if [[ ${oldMasterKey_Length} -gt 32 ]]; then - bannerSection "TRIM MASTERKEY" - newMasterKey=$(echo ${oldMasterKey:0:32}) - cp ${masterKeyDir}/master.key ${masterKeyDir}/backup_master.key - logger "Original masterKey is backed up : ${masterKeyDir}/backup_master.key" - rm -rf ${masterKeyDir}/master.key - echo ${newMasterKey} > ${masterKeyDir}/master.key - logger "masterKey is trimmed : ${masterKeyDir}/master.key" - fi -} - -copyDirectories () { - - copyDataDirectories "copyFiles" "full" - copyDataDirectories "copyUniqueFiles" "unique" - copyDataDirectories "copySpecificFiles" "specific" - copyDataDirectories "copyPatternMatchingFiles" "patternFiles" -} - -symlinkDir () { - local source="$1" - local target="$2" - local targetDir= - local basename= - local targetParentDir= - - targetDir="$(dirname "${target}")" - if [[ "${targetDir}" == "${source}" ]]; then - # symlink the sub directories - createDirectory "${NEW_DATA_DIR}/${target}" "Warning" - if [[ "$(checkDirExists "${NEW_DATA_DIR}/${target}")" == "true" ]]; then - symlinkOnExist "${OLD_DATA_DIR}/${source}" "${NEW_DATA_DIR}/${target}" "subDir" - basename="$(basename "${target}")" - cd "${NEW_DATA_DIR}/${target}" && rm -f "${basename}" - fi - else - targetParentDir="$(dirname "${NEW_DATA_DIR}/${target}")" - createDirectory "${targetParentDir}" "Warning" - if [[ "$(checkDirExists "${targetParentDir}")" == "true" ]]; then - symlinkOnExist "${OLD_DATA_DIR}/${source}" "${NEW_DATA_DIR}/${target}" - fi - fi -} - -symlinkOperation () { - local source="$1" - local target="$2" - local check=false - local targetLink= - local date= - - # Check if source is a link and do symlink - if [[ -L "${OLD_DATA_DIR}/${source}" ]]; then - targetLink=$(readlink -f "${OLD_DATA_DIR}/${source}") - symlinkOnExist "${targetLink}" "${NEW_DATA_DIR}/${target}" - else - # check if source is directory and do symlink - if [[ "$(checkDirExists "${OLD_DATA_DIR}/${source}")" != "true" ]]; then - logger "Source [${source}] directory not found in path to symlink" - return - fi - if [[ "$(checkDirContents "${OLD_DATA_DIR}/${source}")" != "true" ]]; then - logger "No contents found in [${OLD_DATA_DIR}/${source}] to symlink" - return - fi - if [[ "$(checkDirExists "${NEW_DATA_DIR}/${target}")" != "true" ]]; then - logger "Target directory [${NEW_DATA_DIR}/${target}] does not exist to create symlink, creating it" - symlinkDir "${source}" "${target}" - else - rm -rf "${NEW_DATA_DIR}/${target}" && check=true || check=false - [[ "${check}" == "false" ]] && warn "Failed to remove contents in [${NEW_DATA_DIR}/${target}/]" - symlinkDir "${source}" "${target}" - fi - fi -} -# Creates a symlink path - Source directory to which the symbolic link should point. -symlinkDirectories () { - local linkFiles= - local map= - local source= - local target= - - retrieveYamlValue "migration.linkFiles" "linkFiles" "Skip" - linkFiles="${YAML_VALUE}" - if [[ -z "${linkFiles}" ]]; then - return - fi - bannerSection "SYMLINK DIRECTORIES" - retrieveYamlValue "migration.linkFiles.map" "map" "Warning" - map="${YAML_VALUE}" - for entry in $map; - do - if [[ "$(checkMapEntry "${entry}")" == "true" ]]; then - source="$(getSecondEntry "${entry}")" - target="$(getFirstEntry "${entry}")" - logger "Symlink directory [${NEW_DATA_DIR}/${target}] to old [${OLD_DATA_DIR}/${source}]" - [[ -z "${source}" ]] && warn "source value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue - [[ -z "${target}" ]] && warn "target value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue - symlinkOperation "${source}" "${target}" - else - warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e target=source" - fi - echo ""; - done -} - -updateConnectionString () { - local yamlPath="$1" - local value="$2" - local mongoPath="shared.mongo.url" - local rabbitmqPath="shared.rabbitMq.url" - local postgresPath="shared.database.url" - local redisPath="shared.redis.connectionString" - local mongoConnectionString="mongo.connectionString" - local sourceKey= - local hostIp=$(io_getPublicHostIP) - local hostKey= - - if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then - # Replace @postgres:,@mongodb:,@rabbitmq:,@redis: to @{hostIp}: (Compose Installer) - hostKey="@${hostIp}:" - case $yamlPath in - ${postgresPath}) - sourceKey="@postgres:" - value=$(io_replaceString "${value}" "${sourceKey}" "${hostKey}") - ;; - ${mongoPath}) - sourceKey="@mongodb:" - value=$(io_replaceString "${value}" "${sourceKey}" "${hostKey}") - ;; - ${rabbitmqPath}) - sourceKey="@rabbitmq:" - value=$(io_replaceString "${value}" "${sourceKey}" "${hostKey}") - ;; - ${redisPath}) - sourceKey="@redis:" - value=$(io_replaceString "${value}" "${sourceKey}" "${hostKey}") - ;; - ${mongoConnectionString}) - sourceKey="@mongodb:" - value=$(io_replaceString "${value}" "${sourceKey}" "${hostKey}") - ;; - esac - fi - echo -n "${value}" -} - -yamlMigrate () { - local entry="$1" - local sourceFile="$2" - local value= - local yamlPath= - local key= - yamlPath="$(getFirstEntry "${entry}")" - key="$(getSecondEntry "${entry}")" - if [[ -z "${key}" ]]; then - warn "key is empty in map [${entry}] in the file [${MIGRATION_SYSTEM_YAML_INFO}]" - return - fi - if [[ -z "${yamlPath}" ]]; then - warn "yamlPath is empty for [${key}] in [${MIGRATION_SYSTEM_YAML_INFO}]" - return - fi - getYamlValue "${key}" "${sourceFile}" "false" - value="${YAML_VALUE}" - if [[ ! -z "${value}" ]]; then - value=$(updateConnectionString "${yamlPath}" "${value}") - fi - if [[ "${PRODUCT}" == "artifactory" ]]; then - replicatorProfiling - fi - if [[ -z "${value}" ]]; then - logger "No value for [${key}] in [${sourceFile}]" - else - setSystemValue "${yamlPath}" "${value}" "${SYSTEM_YAML_PATH}" - logger "Setting [${yamlPath}] with value of the key [${key}] in system.yaml" - fi -} - -migrateYamlFile () { - local files= - local filePath= - local fileName= - local sourceFile= - local map= - retrieveYamlValue "migration.yaml.files" "files" "Skip" - files="${YAML_VALUE}" - if [[ -z "${files}" ]]; then - return - fi - bannerSection "MIGRATION OF YAML FILES" - for file in $files; - do - bannerSubSection "Processing Migration of $file" - retrieveYamlValue "migration.yaml.$file.filePath" "filePath" "Warning" - filePath="${YAML_VALUE}" - retrieveYamlValue "migration.yaml.$file.fileName" "fileName" "Warning" - fileName="${YAML_VALUE}" - [[ -z "${filePath}" && -z "${fileName}" ]] && continue - sourceFile="${NEW_DATA_DIR}/${filePath}/${fileName}" - if [[ "$(checkFileExists "${sourceFile}")" == "true" ]]; then - logger "File [${fileName}] found in path [${NEW_DATA_DIR}/${filePath}]" - retrieveYamlValue "migration.yaml.$file.map" "map" "Warning" - map="${YAML_VALUE}" - [[ -z "${map}" ]] && continue - for entry in $map; - do - if [[ "$(checkMapEntry "${entry}")" == "true" ]]; then - yamlMigrate "${entry}" "${sourceFile}" - else - warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e yamlPath=key" - fi - done - else - logger "File [${fileName}] is not found in path [${NEW_DATA_DIR}/${filePath}] to migrate" - fi - done -} -# updates the key and value in system.yaml -updateYamlKeyValue () { - local entry="$1" - local value= - local yamlPath= - local key= - - yamlPath="$(getFirstEntry "${entry}")" - value="$(getSecondEntry "${entry}")" - if [[ -z "${value}" ]]; then - warn "value is empty in map [${entry}] in the file [${MIGRATION_SYSTEM_YAML_INFO}]" - return - fi - if [[ -z "${yamlPath}" ]]; then - warn "yamlPath is empty for [${key}] in [${MIGRATION_SYSTEM_YAML_INFO}]" - return - fi - setSystemValue "${yamlPath}" "${value}" "${SYSTEM_YAML_PATH}" - logger "Setting [${yamlPath}] with value [${value}] in system.yaml" -} - -updateSystemYamlFile () { - local updateYaml= - local map= - - retrieveYamlValue "migration.updateSystemYaml" "updateYaml" "Skip" - updateSystemYaml="${YAML_VALUE}" - if [[ -z "${updateSystemYaml}" ]]; then - return - fi - bannerSection "UPDATE SYSTEM YAML FILE WITH KEY AND VALUES" - retrieveYamlValue "migration.updateSystemYaml.map" "map" "Warning" - map="${YAML_VALUE}" - if [[ -z "${map}" ]]; then - return - fi - for entry in $map; - do - if [[ "$(checkMapEntry "${entry}")" == "true" ]]; then - updateYamlKeyValue "${entry}" - else - warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e yamlPath=key" - fi - done -} - -backupFiles_hook () { - logSilly "Method ${FUNCNAME[0]}" -} - -backupDirectory () { - local backupDir="$1" - local dir="$2" - local targetDir="$3" - local effectiveUser= - local effectiveGroup= - - if [[ "${dir}" = \/* ]]; then - dir=$(echo "${dir/\//}") - fi - - if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then - effectiveUser="${JF_USER}" - effectiveGroup="${JF_USER}" - elif [[ "${INSTALLER}" == "${DEB_TYPE}" || "${INSTALLER}" == "${RPM_TYPE}" ]]; then - effectiveUser="${USER_TO_CHECK}" - effectiveGroup="${GROUP_TO_CHECK}" - fi - - removeSoftLinkAndCreateDir "${backupDir}" "${effectiveUser}" "${effectiveGroup}" "yes" - local backupDirectory="${backupDir}/${PRODUCT}" - removeSoftLinkAndCreateDir "${backupDirectory}" "${effectiveUser}" "${effectiveGroup}" "yes" - removeSoftLinkAndCreateDir "${backupDirectory}/${dir}" "${effectiveUser}" "${effectiveGroup}" "yes" - local outputCheckDirExists="$(checkDirExists "${backupDirectory}/${dir}")" - if [[ "${outputCheckDirExists}" == "true" ]]; then - copyOnContentExist "${targetDir}" "${backupDirectory}/${dir}" "full" - fi -} - -removeOldDirectory () { - local backupDir="$1" - local entry="$2" - local check=false - - # prepend OLD_DATA_DIR only if entry is relative path - local targetDir="$(prependDir "${entry}" "${OLD_DATA_DIR}/${entry}")" - local outputCheckDirExists="$(checkDirExists "${targetDir}")" - if [[ "${outputCheckDirExists}" != "true" ]]; then - logger "No [${targetDir}] directory found to delete" - echo ""; - return - fi - backupDirectory "${backupDir}" "${entry}" "${targetDir}" - rm -rf "${targetDir}" && check=true || check=false - [[ "${check}" == "true" ]] && logger "Successfully removed directory [${targetDir}]" - [[ "${check}" == "false" ]] && warn "Failed to remove directory [${targetDir}]" - echo ""; -} - -cleanUpOldDataDirectories () { - local cleanUpOldDataDir= - local map= - local entry= - - retrieveYamlValue "migration.cleanUpOldDataDir" "cleanUpOldDataDir" "Skip" - cleanUpOldDataDir="${YAML_VALUE}" - if [[ -z "${cleanUpOldDataDir}" ]]; then - return - fi - bannerSection "CLEAN UP OLD DATA DIRECTORIES" - retrieveYamlValue "migration.cleanUpOldDataDir.map" "map" "Warning" - map="${YAML_VALUE}" - [[ -z "${map}" ]] && continue - date="$(date +%Y%m%d%H%M)" - backupDir="${NEW_DATA_DIR}/backup/backup-${date}" - bannerImportant "****** Old data configurations are backedup in [${backupDir}] directory ******" - backupFiles_hook "${backupDir}/${PRODUCT}" - for entry in $map; - do - removeOldDirectory "${backupDir}" "${entry}" - done -} - -backupFiles () { - local backupDir="$1" - local dir="$2" - local targetDir="$3" - local fileName="$4" - local effectiveUser= - local effectiveGroup= - - if [[ "${dir}" = \/* ]]; then - dir=$(echo "${dir/\//}") - fi - - if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then - effectiveUser="${JF_USER}" - effectiveGroup="${JF_USER}" - elif [[ "${INSTALLER}" == "${DEB_TYPE}" || "${INSTALLER}" == "${RPM_TYPE}" ]]; then - effectiveUser="${USER_TO_CHECK}" - effectiveGroup="${GROUP_TO_CHECK}" - fi - - removeSoftLinkAndCreateDir "${backupDir}" "${effectiveUser}" "${effectiveGroup}" "yes" - local backupDirectory="${backupDir}/${PRODUCT}" - removeSoftLinkAndCreateDir "${backupDirectory}" "${effectiveUser}" "${effectiveGroup}" "yes" - removeSoftLinkAndCreateDir "${backupDirectory}/${dir}" "${effectiveUser}" "${effectiveGroup}" "yes" - local outputCheckDirExists="$(checkDirExists "${backupDirectory}/${dir}")" - if [[ "${outputCheckDirExists}" == "true" ]]; then - copyCmd "${targetDir}/${fileName}" "${backupDirectory}/${dir}" "specific" - fi -} - -removeOldFiles () { - local backupDir="$1" - local directoryName="$2" - local fileName="$3" - local check=false - - # prepend OLD_DATA_DIR only if entry is relative path - local targetDir="$(prependDir "${directoryName}" "${OLD_DATA_DIR}/${directoryName}")" - local outputCheckFileExists="$(checkFileExists "${targetDir}/${fileName}")" - if [[ "${outputCheckFileExists}" != "true" ]]; then - logger "No [${targetDir}/${fileName}] file found to delete" - return - fi - backupFiles "${backupDir}" "${directoryName}" "${targetDir}" "${fileName}" - rm -f "${targetDir}/${fileName}" && check=true || check=false - [[ "${check}" == "true" ]] && logger "Successfully removed file [${targetDir}/${fileName}]" - [[ "${check}" == "false" ]] && warn "Failed to remove file [${targetDir}/${fileName}]" - echo ""; -} - -cleanUpOldFiles () { - local cleanUpFiles= - local map= - local entry= - - retrieveYamlValue "migration.cleanUpOldFiles" "cleanUpOldFiles" "Skip" - cleanUpOldFiles="${YAML_VALUE}" - if [[ -z "${cleanUpOldFiles}" ]]; then - return - fi - bannerSection "CLEAN UP OLD FILES" - retrieveYamlValue "migration.cleanUpOldFiles.map" "map" "Warning" - map="${YAML_VALUE}" - [[ -z "${map}" ]] && continue - date="$(date +%Y%m%d%H%M)" - backupDir="${NEW_DATA_DIR}/backup/backup-${date}" - bannerImportant "****** Old files are backedup in [${backupDir}] directory ******" - for entry in $map; - do - local outputCheckMapEntry="$(checkMapEntry "${entry}")" - if [[ "${outputCheckMapEntry}" != "true" ]]; then - warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e directoryName=fileName" - fi - local fileName="$(getSecondEntry "${entry}")" - local directoryName="$(getFirstEntry "${entry}")" - [[ -z "${fileName}" ]] && warn "File name value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue - [[ -z "${directoryName}" ]] && warn "Directory name value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue - removeOldFiles "${backupDir}" "${directoryName}" "${fileName}" - echo ""; - done -} - -startMigration () { - bannerSection "STARTING MIGRATION" -} - -endMigration () { - bannerSection "MIGRATION COMPLETED SUCCESSFULLY" -} - -initialize () { - setAppDir - _pauseExecution "setAppDir" - initHelpers - _pauseExecution "initHelpers" - checkMigrationInfoYaml - _pauseExecution "checkMigrationInfoYaml" - getProduct - _pauseExecution "getProduct" - getDataDir - _pauseExecution "getDataDir" -} - -main () { - case $PRODUCT in - artifactory) - migrateArtifactory - ;; - distribution) - migrateDistribution - ;; - xray) - migrationXray - ;; - esac - exit 0 -} - -# Ensures meta data is logged -LOG_BEHAVIOR_ADD_META="$FLAG_Y" - - -migrateResolveDerbyPath () { - local key="$1" - local value="$2" - - if [[ "${key}" == "url" && "${value}" == *"db.home"* ]]; then - if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" ]]; then - derbyPath="/opt/jfrog/artifactory/var/data/artifactory/derby" - value=$(echo "${value}" | sed "s|{db.home}|$derbyPath|") - else - derbyPath="${NEW_DATA_DIR}/data/artifactory/derby" - value=$(echo "${value}" | sed "s|{db.home}|$derbyPath|") - fi - fi - echo "${value}" -} - -migrateResolveHaDirPath () { - local key="$1" - local value="$2" - - if [[ "${INSTALLER}" == "${RPM_TYPE}" || "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" || "${INSTALLER}" == "${DEB_TYPE}" ]]; then - if [[ "${key}" == "artifactory.ha.data.dir" || "${key}" == "artifactory.ha.backup.dir" ]]; then - value=$(checkPathResolver "${value}") - fi - fi - echo "${value}" -} -updatePostgresUrlString_Hook () { - local yamlPath="$1" - local value="$2" - local hostIp=$(io_getPublicHostIP) - local sourceKey="//postgresql:" - if [[ "${yamlPath}" == "shared.database.url" ]]; then - value=$(io_replaceString "${value}" "${sourceKey}" "//${hostIp}:" "#") - fi - echo "${value}" -} -# Check Artifactory product version -checkArtifactoryVersion () { - local minProductVersion="6.0.0" - local maxProductVersion="7.0.0" - local propertyInDocker="ARTIFACTORY_VERSION" - local property="artifactory.version" - - if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" ]]; then - local newfilePath="${APP_DIR}/../.env" - local oldfilePath="${OLD_DATA_DIR}/etc/artifactory.properties" - elif [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then - local oldfilePath="${OLD_DATA_DIR}/etc/artifactory.properties" - elif [[ "${INSTALLER}" == "${ZIP_TYPE}" ]]; then - local newfilePath="${NEW_DATA_DIR}/etc/artifactory/artifactory.properties" - local oldfilePath="${OLD_DATA_DIR}/etc/artifactory.properties" - else - local newfilePath="${NEW_DATA_DIR}/etc/artifactory/artifactory.properties" - local oldfilePath="/etc/opt/jfrog/artifactory/artifactory.properties" - fi - - getProductVersion "${minProductVersion}" "${maxProductVersion}" "${newfilePath}" "${oldfilePath}" "${propertyInDocker}" "${property}" -} - -getCustomDataDir_hook () { - retrieveYamlValue "migration.oldDataDir" "oldDataDir" "Fail" - OLD_DATA_DIR="${YAML_VALUE}" -} - -# Get protocol value of connector -getXmlConnectorProtocol () { - local i="$1" - local filePath="$2" - local fileName="$3" - local protocolValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@protocol' ${filePath}/${fileName} 2>/dev/null |awk -F"=" '{print $2}' | tr -d '"') - echo -e "${protocolValue}" -} - -# Get all attributes of connector -getXmlConnectorAttributes () { - local i="$1" - local filePath="$2" - local fileName="$3" - local connectorAttributes=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@*' ${filePath}/${fileName} 2>/dev/null) - # strip leading and trailing spaces - connectorAttributes=$(io_trim "${connectorAttributes}") - echo "${connectorAttributes}" -} - -# Get port value of connector -getXmlConnectorPort () { - local i="$1" - local filePath="$2" - local fileName="$3" - local portValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@port' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') - echo -e "${portValue}" -} - -# Get maxThreads value of connector -getXmlConnectorMaxThreads () { - local i="$1" - local filePath="$2" - local fileName="$3" - local maxThreadValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@maxThreads' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') - echo -e "${maxThreadValue}" -} -# Get sendReasonPhrase value of connector -getXmlConnectorSendReasonPhrase () { - local i="$1" - local filePath="$2" - local fileName="$3" - local sendReasonPhraseValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@sendReasonPhrase' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') - echo -e "${sendReasonPhraseValue}" -} -# Get relaxedPathChars value of connector -getXmlConnectorRelaxedPathChars () { - local i="$1" - local filePath="$2" - local fileName="$3" - local relaxedPathCharsValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@relaxedPathChars' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') - # strip leading and trailing spaces - relaxedPathCharsValue=$(io_trim "${relaxedPathCharsValue}") - echo -e "${relaxedPathCharsValue}" -} -# Get relaxedQueryChars value of connector -getXmlConnectorRelaxedQueryChars () { - local i="$1" - local filePath="$2" - local fileName="$3" - local relaxedQueryCharsValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@relaxedQueryChars' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') - # strip leading and trailing spaces - relaxedQueryCharsValue=$(io_trim "${relaxedQueryCharsValue}") - echo -e "${relaxedQueryCharsValue}" -} - -# Updating system.yaml with Connector port -setConnectorPort () { - local yamlPath="$1" - local valuePort="$2" - local portYamlPath= - if [[ -z "${yamlPath}" ]]; then - return - fi - if [[ -z "${valuePort}" ]]; then - warn "port value is empty, could not migrate to system.yaml" - return - fi - ## Getting port yaml path from migration info yaml - retrieveYamlValue "${yamlPath}" portYamlPath "Warning" - portYamlPath="${YAML_VALUE}" - if [[ -z "${portYamlPath}" ]]; then - return - fi - setSystemValue "${portYamlPath}" "${valuePort}" "${SYSTEM_YAML_PATH}" - logger "Setting [${portYamlPath}] with value [${valuePort}] in system.yaml" -} - -# Updating system.yaml with Connector maxThreads -setConnectorMaxThread () { - local yamlPath="$1" - local threadValue="$2" - local maxThreadYamlPath= - if [[ -z "${yamlPath}" ]]; then - return - fi - if [[ -z "${threadValue}" ]]; then - return - fi - ## Getting max Threads yaml path from migration info yaml - retrieveYamlValue "${yamlPath}" maxThreadYamlPath "Warning" - maxThreadYamlPath="${YAML_VALUE}" - if [[ -z "${maxThreadYamlPath}" ]]; then - return - fi - setSystemValue "${maxThreadYamlPath}" "${threadValue}" "${SYSTEM_YAML_PATH}" - logger "Setting [${maxThreadYamlPath}] with value [${threadValue}] in system.yaml" -} - -# Updating system.yaml with Connector sendReasonPhrase -setConnectorSendReasonPhrase () { - local yamlPath="$1" - local sendReasonPhraseValue="$2" - local sendReasonPhraseYamlPath= - if [[ -z "${yamlPath}" ]]; then - return - fi - if [[ -z "${sendReasonPhraseValue}" ]]; then - return - fi - ## Getting sendReasonPhrase yaml path from migration info yaml - retrieveYamlValue "${yamlPath}" sendReasonPhraseYamlPath "Warning" - sendReasonPhraseYamlPath="${YAML_VALUE}" - if [[ -z "${sendReasonPhraseYamlPath}" ]]; then - return - fi - setSystemValue "${sendReasonPhraseYamlPath}" "${sendReasonPhraseValue}" "${SYSTEM_YAML_PATH}" - logger "Setting [${sendReasonPhraseYamlPath}] with value [${sendReasonPhraseValue}] in system.yaml" -} - -# Updating system.yaml with Connector relaxedPathChars -setConnectorRelaxedPathChars () { - local yamlPath="$1" - local relaxedPathCharsValue="$2" - local relaxedPathCharsYamlPath= - if [[ -z "${yamlPath}" ]]; then - return - fi - if [[ -z "${relaxedPathCharsValue}" ]]; then - return - fi - ## Getting relaxedPathChars yaml path from migration info yaml - retrieveYamlValue "${yamlPath}" relaxedPathCharsYamlPath "Warning" - relaxedPathCharsYamlPath="${YAML_VALUE}" - if [[ -z "${relaxedPathCharsYamlPath}" ]]; then - return - fi - setSystemValue "${relaxedPathCharsYamlPath}" "${relaxedPathCharsValue}" "${SYSTEM_YAML_PATH}" - logger "Setting [${relaxedPathCharsYamlPath}] with value [${relaxedPathCharsValue}] in system.yaml" -} - -# Updating system.yaml with Connector relaxedQueryChars -setConnectorRelaxedQueryChars () { - local yamlPath="$1" - local relaxedQueryCharsValue="$2" - local relaxedQueryCharsYamlPath= - if [[ -z "${yamlPath}" ]]; then - return - fi - if [[ -z "${relaxedQueryCharsValue}" ]]; then - return - fi - ## Getting relaxedQueryChars yaml path from migration info yaml - retrieveYamlValue "${yamlPath}" relaxedQueryCharsYamlPath "Warning" - relaxedQueryCharsYamlPath="${YAML_VALUE}" - if [[ -z "${relaxedQueryCharsYamlPath}" ]]; then - return - fi - setSystemValue "${relaxedQueryCharsYamlPath}" "${relaxedQueryCharsValue}" "${SYSTEM_YAML_PATH}" - logger "Setting [${relaxedQueryCharsYamlPath}] with value [${relaxedQueryCharsValue}] in system.yaml" -} - -# Updating system.yaml with Connectors configurations -setConnectorExtraConfig () { - local yamlPath="$1" - local connectorAttributes="$2" - local extraConfigPath= - if [[ -z "${yamlPath}" ]]; then - return - fi - if [[ -z "${connectorAttributes}" ]]; then - return - fi - ## Getting extraConfig yaml path from migration info yaml - retrieveYamlValue "${yamlPath}" extraConfig "Warning" - extraConfigPath="${YAML_VALUE}" - if [[ -z "${extraConfigPath}" ]]; then - return - fi - # strip leading and trailing spaces - connectorAttributes=$(io_trim "${connectorAttributes}") - setSystemValue "${extraConfigPath}" "${connectorAttributes}" "${SYSTEM_YAML_PATH}" - logger "Setting [${extraConfigPath}] with connector attributes in system.yaml" -} - -# Updating system.yaml with extra Connectors -setExtraConnector () { - local yamlPath="$1" - local extraConnector="$2" - local extraConnectorYamlPath= - if [[ -z "${yamlPath}" ]]; then - return - fi - if [[ -z "${extraConnector}" ]]; then - return - fi - ## Getting extraConnecotr yaml path from migration info yaml - retrieveYamlValue "${yamlPath}" extraConnectorYamlPath "Warning" - extraConnectorYamlPath="${YAML_VALUE}" - if [[ -z "${extraConnectorYamlPath}" ]]; then - return - fi - getYamlValue "${extraConnectorYamlPath}" "${SYSTEM_YAML_PATH}" "false" - local connectorExtra="${YAML_VALUE}" - if [[ -z "${connectorExtra}" ]]; then - setSystemValue "${extraConnectorYamlPath}" "${extraConnector}" "${SYSTEM_YAML_PATH}" - logger "Setting [${extraConnectorYamlPath}] with extra connectors in system.yaml" - else - setSystemValue "${extraConnectorYamlPath}" "\"${connectorExtra} ${extraConnector}\"" "${SYSTEM_YAML_PATH}" - logger "Setting [${extraConnectorYamlPath}] with extra connectors in system.yaml" - fi -} - -# Migrate extra connectors to system.yaml -migrateExtraConnectors () { - local filePath="$1" - local fileName="$2" - local connectorCount="$3" - local excludeDefaultPort="$4" - local i="$5" - local extraConfig= - local extraConnector= - if [[ "${excludeDefaultPort}" == "yes" ]]; then - for ((i = 1 ; i <= "${connectorCount}" ; i++)); - do - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - [[ "${portValue}" != "${DEFAULT_ACCESS_PORT}" && "${portValue}" != "${DEFAULT_RT_PORT}" ]] || continue - extraConnector=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']' ${filePath}/${fileName} 2>/dev/null) - setExtraConnector "${EXTRA_CONFIG_YAMLPATH}" "${extraConnector}" - done - else - extraConnector=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']' ${filePath}/${fileName} 2>/dev/null) - setExtraConnector "${EXTRA_CONFIG_YAMLPATH}" "${extraConnector}" - fi -} - -# Migrate connector configurations -migrateConnectorConfig () { - local i="$1" - local protocolType="$2" - local portValue="$3" - local connectorPortYamlPath="$4" - local connectorMaxThreadYamlPath="$5" - local connectorAttributesYamlPath="$6" - local filePath="$7" - local fileName="$8" - local connectorSendReasonPhraseYamlPath="$9" - local connectorRelaxedPathCharsYamlPath="${10}" - local connectorRelaxedQueryCharsYamlPath="${11}" - - # migrate port - setConnectorPort "${connectorPortYamlPath}" "${portValue}" - - # migrate maxThreads - local maxThreadValue=$(getXmlConnectorMaxThreads "$i" "${filePath}" "${fileName}") - setConnectorMaxThread "${connectorMaxThreadYamlPath}" "${maxThreadValue}" - - # migrate sendReasonPhrase - local sendReasonPhraseValue=$(getXmlConnectorSendReasonPhrase "$i" "${filePath}" "${fileName}") - setConnectorSendReasonPhrase "${connectorSendReasonPhraseYamlPath}" "${sendReasonPhraseValue}" - - # migrate relaxedPathChars - local relaxedPathCharsValue=$(getXmlConnectorRelaxedPathChars "$i" "${filePath}" "${fileName}") - setConnectorRelaxedPathChars "${connectorRelaxedPathCharsYamlPath}" "\"${relaxedPathCharsValue}\"" - # migrate relaxedQueryChars - local relaxedQueryCharsValue=$(getXmlConnectorRelaxedQueryChars "$i" "${filePath}" "${fileName}") - setConnectorRelaxedQueryChars "${connectorRelaxedQueryCharsYamlPath}" "\"${relaxedQueryCharsValue}\"" - - # migrate all attributes to extra config except port , maxThread , sendReasonPhrase ,relaxedPathChars and relaxedQueryChars - local connectorAttributes=$(getXmlConnectorAttributes "$i" "${filePath}" "${fileName}") - connectorAttributes=$(echo "${connectorAttributes}" | sed 's/port="'${portValue}'"//g' | sed 's/maxThreads="'${maxThreadValue}'"//g' | sed 's/sendReasonPhrase="'${sendReasonPhraseValue}'"//g' | sed 's/relaxedPathChars="\'${relaxedPathCharsValue}'\"//g' | sed 's/relaxedQueryChars="\'${relaxedQueryCharsValue}'\"//g') - # strip leading and trailing spaces - connectorAttributes=$(io_trim "${connectorAttributes}") - setConnectorExtraConfig "${connectorAttributesYamlPath}" "${connectorAttributes}" -} - -# Check for default port 8040 and 8081 in connectors and migrate -migrateConnectorPort () { - local filePath="$1" - local fileName="$2" - local connectorCount="$3" - local defaultPort="$4" - local connectorPortYamlPath="$5" - local connectorMaxThreadYamlPath="$6" - local connectorAttributesYamlPath="$7" - local connectorSendReasonPhraseYamlPath="$8" - local connectorRelaxedPathCharsYamlPath="$9" - local connectorRelaxedQueryCharsYamlPath="${10}" - local portYamlPath= - local maxThreadYamlPath= - local status= - for ((i = 1 ; i <= "${connectorCount}" ; i++)); - do - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - local protocolType=$(getXmlConnectorProtocol "$i" "${filePath}" "${fileName}") - [[ "${protocolType}" == *AJP* ]] && continue - [[ "${portValue}" != "${defaultPort}" ]] && continue - if [[ "${portValue}" == "${DEFAULT_RT_PORT}" ]]; then - RT_DEFAULTPORT_STATUS=success - else - AC_DEFAULTPORT_STATUS=success - fi - migrateConnectorConfig "${i}" "${protocolType}" "${portValue}" "${connectorPortYamlPath}" "${connectorMaxThreadYamlPath}" "${connectorAttributesYamlPath}" "${filePath}" "${fileName}" "${connectorSendReasonPhraseYamlPath}" "${connectorRelaxedPathCharsYamlPath}" "${connectorRelaxedQueryCharsYamlPath}" - done -} - -# migrate to extra, connector having default port and protocol is AJP -migrateDefaultPortIfAjp () { - local filePath="$1" - local fileName="$2" - local connectorCount="$3" - local defaultPort="$4" - - for ((i = 1 ; i <= "${connectorCount}" ; i++)); - do - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - local protocolType=$(getXmlConnectorProtocol "$i" "${filePath}" "${fileName}") - [[ "${protocolType}" != *AJP* ]] && continue - [[ "${portValue}" != "${defaultPort}" ]] && continue - migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "no" "${i}" - done - -} - -# Comparing max threads in connectors -compareMaxThreads () { - local firstConnectorMaxThread="$1" - local firstConnectorNode="$2" - local secondConnectorMaxThread="$3" - local secondConnectorNode="$4" - local filePath="$5" - local fileName="$6" - - # choose higher maxThreads connector as Artifactory. - if [[ "${firstConnectorMaxThread}" -gt ${secondConnectorMaxThread} || "${firstConnectorMaxThread}" -eq ${secondConnectorMaxThread} ]]; then - # maxThread is higher in firstConnector, - # Taking firstConnector as Artifactory and SecondConnector as Access - # maxThread is equal in both connector,considering firstConnector as Artifactory and SecondConnector as Access - local rtPortValue=$(getXmlConnectorPort "${firstConnectorNode}" "${filePath}" "${fileName}") - migrateConnectorConfig "${firstConnectorNode}" "${protocolType}" "${rtPortValue}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" - local acPortValue=$(getXmlConnectorPort "${secondConnectorNode}" "${filePath}" "${fileName}") - migrateConnectorConfig "${secondConnectorNode}" "${protocolType}" "${acPortValue}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${AC_SENDREASONPHRASE_YAMLPATH}" - else - # maxThread is higher in SecondConnector, - # Taking SecondConnector as Artifactory and firstConnector as Access - local rtPortValue=$(getXmlConnectorPort "${secondConnectorNode}" "${filePath}" "${fileName}") - migrateConnectorConfig "${secondConnectorNode}" "${protocolType}" "${rtPortValue}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" - local acPortValue=$(getXmlConnectorPort "${firstConnectorNode}" "${filePath}" "${fileName}") - migrateConnectorConfig "${firstConnectorNode}" "${protocolType}" "${acPortValue}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${AC_SENDREASONPHRASE_YAMLPATH}" - fi -} - -# Check max threads exist to compare -maxThreadsExistToCompare () { - local filePath="$1" - local fileName="$2" - local connectorCount="$3" - local firstConnectorMaxThread= - local secondConnectorMaxThread= - local firstConnectorNode= - local secondConnectorNode= - local status=success - local firstnode=fail - - for ((i = 1 ; i <= "${connectorCount}" ; i++)); - do - local protocolType=$(getXmlConnectorProtocol "$i" "${filePath}" "${fileName}") - if [[ ${protocolType} == *AJP* ]]; then - # Migrate Connectors - migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "no" "${i}" - continue - fi - # store maxthreads value of each connector - if [[ ${firstnode} == "fail" ]]; then - firstConnectorMaxThread=$(getXmlConnectorMaxThreads "${i}" "${filePath}" "${fileName}") - firstConnectorNode="${i}" - firstnode=success - else - secondConnectorMaxThread=$(getXmlConnectorMaxThreads "${i}" "${filePath}" "${fileName}") - secondConnectorNode="${i}" - fi - done - [[ -z "${firstConnectorMaxThread}" ]] && status=fail - [[ -z "${secondConnectorMaxThread}" ]] && status=fail - # maxThreads is set, now compare MaxThreads - if [[ "${status}" == "success" ]]; then - compareMaxThreads "${firstConnectorMaxThread}" "${firstConnectorNode}" "${secondConnectorMaxThread}" "${secondConnectorNode}" "${filePath}" "${fileName}" - else - # Assume first connector is RT, maxThreads is not set in both connectors - local rtPortValue=$(getXmlConnectorPort "${firstConnectorNode}" "${filePath}" "${fileName}") - migrateConnectorConfig "${firstConnectorNode}" "${protocolType}" "${rtPortValue}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" - local acPortValue=$(getXmlConnectorPort "${secondConnectorNode}" "${filePath}" "${fileName}") - migrateConnectorConfig "${secondConnectorNode}" "${protocolType}" "${acPortValue}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${AC_SENDREASONPHRASE_YAMLPATH}" - fi -} - -migrateExtraBasedOnNonAjpCount () { - local nonAjpCount="$1" - local filePath="$2" - local fileName="$3" - local connectorCount="$4" - local i="$5" - - local protocolType=$(getXmlConnectorProtocol "$i" "${filePath}" "${fileName}") - if [[ "${protocolType}" == *AJP* ]]; then - if [[ "${nonAjpCount}" -eq 1 ]]; then - # migrateExtraConnectors - migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "no" "${i}" - continue - else - # migrateExtraConnectors - migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "yes" - continue - fi - fi -} - -# find RT and AC Connector -findRtAndAcConnector () { - local filePath="$1" - local fileName="$2" - local connectorCount="$3" - local initialAjpCount=0 - local nonAjpCount=0 - - # get the count of non AJP - for ((i = 1 ; i <= "${connectorCount}" ; i++)); - do - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - local protocolType=$(getXmlConnectorProtocol "$i" "${filePath}" "${fileName}") - [[ "${protocolType}" != *AJP* ]] || continue - nonAjpCount=$((initialAjpCount+1)) - initialAjpCount="${nonAjpCount}" - done - if [[ "${nonAjpCount}" -eq 1 ]]; then - # Add the connector found as access and artifactory connectors - # Mark port as 8040 for access - for ((i = 1 ; i <= "${connectorCount}" ; i++)) - do - migrateExtraBasedOnNonAjpCount "${nonAjpCount}" "${filePath}" "${fileName}" "${connectorCount}" "$i" - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - migrateConnectorConfig "$i" "${protocolType}" "${portValue}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" - migrateConnectorConfig "$i" "${protocolType}" "${portValue}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${AC_SENDREASONPHRASE_YAMLPATH}" - setConnectorPort "${AC_PORT_YAMLPATH}" "${DEFAULT_ACCESS_PORT}" - done - elif [[ "${nonAjpCount}" -eq 2 ]]; then - # compare maxThreads in both connectors - maxThreadsExistToCompare "${filePath}" "${fileName}" "${connectorCount}" - elif [[ "${nonAjpCount}" -gt 2 ]]; then - # migrateExtraConnectors - migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "yes" - elif [[ "${nonAjpCount}" -eq 0 ]]; then - # setting with default port in system.yaml - setConnectorPort "${RT_PORT_YAMLPATH}" "${DEFAULT_RT_PORT}" - setConnectorPort "${AC_PORT_YAMLPATH}" "${DEFAULT_ACCESS_PORT}" - # migrateExtraConnectors - migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "yes" - fi -} - -# get the count of non AJP -getCountOfNonAjp () { - local port="$1" - local connectorCount="$2" - local filePath=$3 - local fileName=$4 - local initialNonAjpCount=0 - - for ((i = 1 ; i <= "${connectorCount}" ; i++)); - do - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - local protocolType=$(getXmlConnectorProtocol "$i" "${filePath}" "${fileName}") - [[ "${portValue}" != "${port}" ]] || continue - [[ "${protocolType}" != *AJP* ]] || continue - local nonAjpCount=$((initialNonAjpCount+1)) - initialNonAjpCount="${nonAjpCount}" - done - echo -e "${nonAjpCount}" -} - -# Find for access connector -findAcConnector () { - local filePath="$1" - local fileName="$2" - local connectorCount="$3" - - # get the count of non AJP - local nonAjpCount=$(getCountOfNonAjp "${DEFAULT_RT_PORT}" "${connectorCount}" "${filePath}" "${fileName}") - if [[ "${nonAjpCount}" -eq 1 ]]; then - # Add the connector found as access connector and mark port as that of connector - for ((i = 1 ; i <= "${connectorCount}" ; i++)) - do - migrateExtraBasedOnNonAjpCount "${nonAjpCount}" "${filePath}" "${fileName}" "${connectorCount}" "$i" - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - if [[ "${portValue}" != "${DEFAULT_RT_PORT}" ]]; then - migrateConnectorConfig "$i" "${protocolType}" "${portValue}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${AC_SENDREASONPHRASE_YAMLPATH}" - fi - done - elif [[ "${nonAjpCount}" -gt 1 ]]; then - # Take RT properties into access with 8040 - for ((i = 1 ; i <= "${connectorCount}" ; i++)) - do - migrateExtraBasedOnNonAjpCount "${nonAjpCount}" "${filePath}" "${fileName}" "${connectorCount}" "$i" - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - if [[ "${portValue}" == "${DEFAULT_RT_PORT}" ]]; then - migrateConnectorConfig "$i" "${protocolType}" "${portValue}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${AC_SENDREASONPHRASE_YAMLPATH}" - setConnectorPort "${AC_PORT_YAMLPATH}" "${DEFAULT_ACCESS_PORT}" - fi - done - elif [[ "${nonAjpCount}" -eq 0 ]]; then - # Add RT connector details as access connector and mark port as 8040 - migrateConnectorPort "${filePath}" "${fileName}" "${connectorCount}" "${DEFAULT_RT_PORT}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${AC_SENDREASONPHRASE_YAMLPATH}" - setConnectorPort "${AC_PORT_YAMLPATH}" "${DEFAULT_ACCESS_PORT}" - # migrateExtraConnectors - migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "yes" - fi -} - -# Find for artifactory connector -findRtConnector () { - local filePath="$1" - local fileName="$2" - local connectorCount="$3" - - # get the count of non AJP - local nonAjpCount=$(getCountOfNonAjp "${DEFAULT_ACCESS_PORT}" "${connectorCount}" "${filePath}" "${fileName}") - if [[ "${nonAjpCount}" -eq 1 ]]; then - # Add the connector found as RT connector - for ((i = 1 ; i <= "${connectorCount}" ; i++)) - do - migrateExtraBasedOnNonAjpCount "${nonAjpCount}" "${filePath}" "${fileName}" "${connectorCount}" "$i" - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - if [[ "${portValue}" != "${DEFAULT_ACCESS_PORT}" ]]; then - migrateConnectorConfig "$i" "${protocolType}" "${portValue}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" - fi - done - elif [[ "${nonAjpCount}" -gt 1 ]]; then - # Take access properties into artifactory with 8081 - for ((i = 1 ; i <= "${connectorCount}" ; i++)) - do - migrateExtraBasedOnNonAjpCount "${nonAjpCount}" "${filePath}" "${fileName}" "${connectorCount}" "$i" - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - if [[ "${portValue}" == "${DEFAULT_ACCESS_PORT}" ]]; then - migrateConnectorConfig "$i" "${protocolType}" "${portValue}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" - setConnectorPort "${RT_PORT_YAMLPATH}" "${DEFAULT_RT_PORT}" - fi - done - elif [[ "${nonAjpCount}" -eq 0 ]]; then - # Add access connector details as RT connector and mark as ${DEFAULT_RT_PORT} - migrateConnectorPort "${filePath}" "${fileName}" "${connectorCount}" "${DEFAULT_ACCESS_PORT}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" - setConnectorPort "${RT_PORT_YAMLPATH}" "${DEFAULT_RT_PORT}" - # migrateExtraConnectors - migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "yes" - fi -} - -checkForTlsConnector () { - local filePath="$1" - local fileName="$2" - local connectorCount="$3" - for ((i = 1 ; i <= "${connectorCount}" ; i++)) - do - local sslProtocolValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@sslProtocol' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') - if [[ "${sslProtocolValue}" == "TLS" ]]; then - bannerImportant "NOTE: Ignoring TLS connector during migration, modify the system yaml to enable TLS. Original server.xml is saved in path [${filePath}/${fileName}]" - TLS_CONNECTOR_EXISTS=${FLAG_Y} - continue - fi - done -} - -# set custom tomcat server Listeners to system.yaml -setListenerConnector () { - local filePath="$1" - local fileName="$2" - local listenerCount="$3" - for ((i = 1 ; i <= "${listenerCount}" ; i++)) - do - local listenerConnector=$($LIBXML2_PATH --xpath '//Server/Listener['$i']' ${filePath}/${fileName} 2>/dev/null) - local listenerClassName=$($LIBXML2_PATH --xpath '//Server/Listener['$i']/@className' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') - if [[ "${listenerClassName}" == *Apr* ]]; then - setExtraConnector "${EXTRA_LISTENER_CONFIG_YAMLPATH}" "${listenerConnector}" - fi - done -} -# add custom tomcat server Listeners -addTomcatServerListeners () { - local filePath="$1" - local fileName="$2" - local listenerCount="$3" - if [[ "${listenerCount}" == "0" ]]; then - logger "No listener connectors found in the [${filePath}/${fileName}],skipping migration of listener connectors" - else - setListenerConnector "${filePath}" "${fileName}" "${listenerCount}" - setSystemValue "${RT_TOMCAT_HTTPSCONNECTOR_ENABLED}" "true" "${SYSTEM_YAML_PATH}" - logger "Setting [${RT_TOMCAT_HTTPSCONNECTOR_ENABLED}] with value [true] in system.yaml" - fi -} - -# server.xml migration operations -xmlMigrateOperation () { - local filePath="$1" - local fileName="$2" - local connectorCount="$3" - local listenerCount="$4" - RT_DEFAULTPORT_STATUS=fail - AC_DEFAULTPORT_STATUS=fail - TLS_CONNECTOR_EXISTS=${FLAG_N} - - # Check for connector with TLS , if found ignore migrating it - checkForTlsConnector "${filePath}" "${fileName}" "${connectorCount}" - if [[ "${TLS_CONNECTOR_EXISTS}" == "${FLAG_Y}" ]]; then - return - fi - addTomcatServerListeners "${filePath}" "${fileName}" "${listenerCount}" - # Migrate RT default port from connectors - migrateConnectorPort "${filePath}" "${fileName}" "${connectorCount}" "${DEFAULT_RT_PORT}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" - # Migrate to extra if RT default ports are AJP - migrateDefaultPortIfAjp "${filePath}" "${fileName}" "${connectorCount}" "${DEFAULT_RT_PORT}" - # Migrate AC default port from connectors - migrateConnectorPort "${filePath}" "${fileName}" "${connectorCount}" "${DEFAULT_ACCESS_PORT}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${AC_SENDREASONPHRASE_YAMLPATH}" - # Migrate to extra if access default ports are AJP - migrateDefaultPortIfAjp "${filePath}" "${fileName}" "${connectorCount}" "${DEFAULT_ACCESS_PORT}" - - if [[ "${AC_DEFAULTPORT_STATUS}" == "success" && "${RT_DEFAULTPORT_STATUS}" == "success" ]]; then - # RT and AC default port found - logger "Artifactory 8081 and Access 8040 default port are found" - migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "yes" - elif [[ "${AC_DEFAULTPORT_STATUS}" == "success" && "${RT_DEFAULTPORT_STATUS}" == "fail" ]]; then - # Only AC default port found,find RT connector - logger "Found Access default 8040 port" - findRtConnector "${filePath}" "${fileName}" "${connectorCount}" - elif [[ "${AC_DEFAULTPORT_STATUS}" == "fail" && "${RT_DEFAULTPORT_STATUS}" == "success" ]]; then - # Only RT default port found,find AC connector - logger "Found Artifactory default 8081 port" - findAcConnector "${filePath}" "${fileName}" "${connectorCount}" - elif [[ "${AC_DEFAULTPORT_STATUS}" == "fail" && "${RT_DEFAULTPORT_STATUS}" == "fail" ]]; then - # RT and AC default port not found, find connector - logger "Artifactory 8081 and Access 8040 default port are not found" - findRtAndAcConnector "${filePath}" "${fileName}" "${connectorCount}" - fi -} - -# get count of connectors -getXmlConnectorCount () { - local filePath="$1" - local fileName="$2" - local count=$($LIBXML2_PATH --xpath 'count(/Server/Service/Connector)' ${filePath}/${fileName}) - echo -e "${count}" -} - -# get count of listener connectors -getTomcatServerListenersCount () { - local filePath="$1" - local fileName="$2" - local count=$($LIBXML2_PATH --xpath 'count(/Server/Listener)' ${filePath}/${fileName}) - echo -e "${count}" -} - -# Migrate server.xml configuration to system.yaml -migrateXmlFile () { - local xmlFiles= - local fileName= - local filePath= - local sourceFilePath= - DEFAULT_ACCESS_PORT="8040" - DEFAULT_RT_PORT="8081" - AC_PORT_YAMLPATH="migration.xmlFiles.serverXml.access.port" - AC_MAXTHREADS_YAMLPATH="migration.xmlFiles.serverXml.access.maxThreads" - AC_SENDREASONPHRASE_YAMLPATH="migration.xmlFiles.serverXml.access.sendReasonPhrase" - AC_EXTRACONFIG_YAMLPATH="migration.xmlFiles.serverXml.access.extraConfig" - RT_PORT_YAMLPATH="migration.xmlFiles.serverXml.artifactory.port" - RT_MAXTHREADS_YAMLPATH="migration.xmlFiles.serverXml.artifactory.maxThreads" - RT_SENDREASONPHRASE_YAMLPATH='migration.xmlFiles.serverXml.artifactory.sendReasonPhrase' - RT_RELAXEDPATHCHARS_YAMLPATH='migration.xmlFiles.serverXml.artifactory.relaxedPathChars' - RT_RELAXEDQUERYCHARS_YAMLPATH='migration.xmlFiles.serverXml.artifactory.relaxedQueryChars' - RT_EXTRACONFIG_YAMLPATH="migration.xmlFiles.serverXml.artifactory.extraConfig" - ROUTER_PORT_YAMLPATH="migration.xmlFiles.serverXml.router.port" - EXTRA_CONFIG_YAMLPATH="migration.xmlFiles.serverXml.extra.config" - EXTRA_LISTENER_CONFIG_YAMLPATH="migration.xmlFiles.serverXml.extra.listener" - RT_TOMCAT_HTTPSCONNECTOR_ENABLED="artifactory.tomcat.httpsConnector.enabled" - - retrieveYamlValue "migration.xmlFiles" "xmlFiles" "Skip" - xmlFiles="${YAML_VALUE}" - if [[ -z "${xmlFiles}" ]]; then - return - fi - bannerSection "PROCESSING MIGRATION OF XML FILES" - retrieveYamlValue "migration.xmlFiles.serverXml.fileName" "fileName" "Warning" - fileName="${YAML_VALUE}" - if [[ -z "${fileName}" ]]; then - return - fi - bannerSubSection "Processing Migration of $fileName" - retrieveYamlValue "migration.xmlFiles.serverXml.filePath" "filePath" "Warning" - filePath="${YAML_VALUE}" - if [[ -z "${filePath}" ]]; then - return - fi - # prepend NEW_DATA_DIR only if filePath is relative path - sourceFilePath=$(prependDir "${filePath}" "${NEW_DATA_DIR}/${filePath}") - if [[ "$(checkFileExists "${sourceFilePath}/${fileName}")" == "true" ]]; then - logger "File [${fileName}] is found in path [${sourceFilePath}]" - local connectorCount=$(getXmlConnectorCount "${sourceFilePath}" "${fileName}") - if [[ "${connectorCount}" == "0" ]]; then - logger "No connectors found in the [${filePath}/${fileName}],skipping migration of xml configuration" - return - fi - local listenerCount=$(getTomcatServerListenersCount "${sourceFilePath}" "${fileName}") - xmlMigrateOperation "${sourceFilePath}" "${fileName}" "${connectorCount}" "${listenerCount}" - else - logger "File [${fileName}] is not found in path [${sourceFilePath}] to migrate" - fi -} - -compareArtifactoryUser () { - local property="$1" - local oldPropertyValue="$2" - local newPropertyValue="$3" - local yamlPath="$4" - local sourceFile="$5" - - if [[ "${oldPropertyValue}" != "${newPropertyValue}" ]]; then - setSystemValue "${yamlPath}" "${oldPropertyValue}" "${SYSTEM_YAML_PATH}" - logger "Setting [${yamlPath}] with value of the property [${property}] in system.yaml" - else - logger "No change in property [${property}] value in [${sourceFile}] to migrate" - fi -} - -migrateReplicator () { - local property="$1" - local oldPropertyValue="$2" - local yamlPath="$3" - - setSystemValue "${yamlPath}" "${oldPropertyValue}" "${SYSTEM_YAML_PATH}" - logger "Setting [${yamlPath}] with value of the property [${property}] in system.yaml" -} - -compareJavaOptions () { - local property="$1" - local oldPropertyValue="$2" - local newPropertyValue="$3" - local yamlPath="$4" - local sourceFile="$5" - local oldJavaOption= - local newJavaOption= - local extraJavaOption= - local check=false - local success=true - local status=true - - oldJavaOption=$(echo "${oldPropertyValue}" | awk 'BEGIN{FS=OFS="\""}{for(i=2;i?{ZA$HxqETC|*rM91T19KmqNu$$X|1YRlo%n3 zS`n+nc3z*~_xy3L^Y8id#FfkCeV+S%@Acg4xkVZ1J*K8)r38UM)S4Qqh9D5w3xgb8WhxZ$y7!lHJ>wj;~wuKHH9WHeEq3jp9ZuE;pLqRwC$gNJ!(mo7B+{+cd}K+&8Pi!_0FjO5@8*ZzD}2r^##exEvognS+-{g{^6tp z?)N?|i<14ZoBG#7@~T5-j~XwSWPM+(3%fg{vsbgSZ!4kOZ9uu&gXi#;nuC`CiY{Sw zV%j!!B^&4HNe(ZP6RMff`7Jr6{@hs0t$fM^OOyG@-73;sCR;V8KQWOo;(z`#;7uN0{C(}fj z5@n%ouSwo25b(_DLVkPxNgzV7HK<<9ra*J8%b2H2?j*W-SA4d-@b|EozhM3J*N`8F zvthBl;e6p4nBymM**1$N){S1%@1+h=syyr@LJ8L_ENqes3Pk((nf;{e&%eUEIZczi zon7kPeF;>CV|2s$T|HjBz;1^>_h3;DI*uid;cNp#N0Qi^b?uMtu#!|D&bSesUd0A2 zN{2{Q2fM3X-Jkcy+AYdfVo{bzHGVT)(mSa7xXT|HQ4WERCViYA-sxNeUajfA`>7|b znNg7W@L^0+35VsKqyacqE^{9_rksZ`!VyLNsCa^+ODjnJ7-&Ji^fZRR+Qyp75u{V2 z&5j12eP5i#%3Sk1a0((z(9|N*cA(qfC$K;3oegg^ntf?qvvM0tmVH8i9>~89)S6+j zaY(#ErYd(rRU5NR4cjKsBlW88`b63V53^=Wbu5PTbOtX-m+D{S8-#D63i0bx=!T2lZ;~EkuE`n^ zhA28GWj_#TN!w zF@{uiw}r|Q<;}Rt1`b;zMDX*2gbnpbu7cqd8MnU|mbO!+GSq6U?*Q|TSi{*SBbku# zVC{ZAF=i4IBl#VF>MBP6YyRC?zu{#s$BMrG-Z=T$nXo?oQvX}Ibi{MnxZOcb zp)Tr}T}o+blPrnnl&xvJtt=gU@Y7UDvf5+78*Ovgo`Sr842uwqVQ7p}ih*_Y=TRlj zAZ2dDd_b@u#siV8w2{??>ZJti?drZ-s%*v4BO9z9q7#A(l?HZFFQ&_tphkV%ckz7ue_fp9I zvvBT2imY?!DVU3NzH50lH1E+?!h8}c79V>5s2mnAUsmeMh4DWqjTERRJ9f<~tZ3uw zcfB)>!K@PXy%LsM;&HCE8b=1>Ug8U=u}mi8|Mt6j_Ux<4?u_AXR;hAt@cVMPM1_F; z8Aj=X6hy~lcZhe8@>A)@l!(xX>gx0_`GV0aEkk;`AA1V3t^PP=6iEyAdn>@Tsr3pQ zv@h75U0Ux(Q0@pKF6&muEFCW4iff^>EiG^mbE>6sEwEoT#M48&1acXBXTLl^$osZ##d`E6CGQha8#$QZp`Oe0h9+a_0Lzxrc<3G4)xYNd;Y-GDfWl^8q5tBLe&sKReV;NS;-bvmh z?rRCPTH}a?R-tE3qsuA!*%5kDOKvDSXO{+6-}XuRxJ#FwbIVf7Lbodc>Hq@VD9G;& z()T{S)f-u|g_(Gvj%@ul;IyH{$x%NGAJkC)$uV@_^1v?BYem9kAYNB|p#8g0fS^I{ zp}O6jir+J9JH~{Kskf9X2UiG%t`O$t&q?;h#Dlhr8hDlOlz^rnonEVZyUu~9zoCVi zjRw%6N>&)@nK@Ug5AUE8Jdfn51}t}OUt~ksck3|Y4cPambR>#%_~0Z zm3J!hyiYUt2fxr$HX^Vd0--b!o&IBZJ4YJ_>UxiA{T7#B4X;y2QXxmK`5ZX2ktLu2 zLckVdrl~mtD~gazwWUGl7$O9S32UYG{SHJs=s@n0*va-+LT#NdCz@@@pUG1yww9!i zd6+PFKKIRTAs^r-@i`Ev!iDZJ*=ECXq-$$m#MoBd^Q1lMadKud`woe)rZmZ8KR!-! z-KO`G|KWA0haH-jd~yHP`!2%nzZ^2E!bp2sb)M2IO3cPgGjo;`^|xiKns2}>CKu1T zF`_!c?Jt`QCewU<$2#oHhv)RAS2>tHhz{RF@50#6zE7Obs~u;O#qjQ3Eo3-+6Eh6=};!U2!uJ`%#i#MyF$_-tb=7v-(;-CXij`(+0CdR{nKqTGQA;WE+hvbzYVmx3dTK4WIqgJHBF}~!dl@H}C zSYW{kC~=;4{MdI9B@F8CAnXnwVpncN){qeN1D@j+$Wo}|x;sR<%|8HHS3-Y9yVZ}C z#ATr_MIs!F6Eg$sQ`cjK`slZm)6mxsv^m>$=7;u&XEs}`#!f6HXX7n?yx;v%#ZbGX z;pK7|I3C&v4gCcPY<=p$)DwItnny)?bR)xLY-pRJmJo^Cv>S@*d`(b`#$2fObA< z)dzn2iLaR)(eaA@*~1cmgTfD|P!AK{zKrg=-Orkm~Ko9}b0&UvrB- z3@WK=O*@C8Ysgm~hYw)JYp2{SLkhneH(X=Tws-e?p8h3_=qzz2E#bgH8Ig$Yn;F0a zb$4)aCw+ofsrnh7GQ4T4zsn_2s}DBXv0Lxt6%)HG#x|&*x)MTz&U2(cj7#d%a~4n*N;-`IFKLEfjkgN!@r4LJD+mDz-4rekj( zlEhc&G<9j!71MCuH|1Au(3GfT@dU?JS`gYFmsZxdVRizFh_53s5@JJWRqsN8h_m`@ zeqlU)WSXpa+ZL}c7u;sC@>nLjxrX(WQ)9{ew>4{@Ak$-VbM2(I_At#7H1PPHl-w2E zv(e}9ZQ_}Yr(PU8>l39)R?`^MC`_kRMfmskTIpYuh%SYyTJ)YR5zHeG5xd{6%l<=Y{uz}Yo)P;Y#h8@53cIO<2FMBa2IN< zX#j&cqrW=qc)u-B{+lRSPVJI0T2&%@A2Mr45KZcXnQl+|l$}r`E;~_X*6&%Zv(dBq zXDegDSHPdHfIpb*_q_@M757;reU(q~|Ctg=+0JH95J?)@+1vZ_)%1d7wMf|_GSLm5 z3H4T2?0q)Do%9L-tQBhe>Y^^<7^a&w&+5bM^)-h@;BeBry2fGf=b!iY@#}m@248`I zV*71NtBtP&mZ<-M)h&Bhg7u0NmAD9?RT_q$h;F>)-Og`z>+XF@By%?Lfuxl~=I+yf zIzA5z+zem@r0KZEe}Hp@hY?LInSJm@@d?aIMt z9!iJr>7}B1_pSj}CO_ytyKm4nPpwm;(kwWKYs<6K^tkr(b!+u%`mc%eh429YWjc$; zY`a@!zCA&BOapKo$hZqTZM%L;r2U2go(6IG-N1A^zxp&8$13m-x_-nIzA%|Lw~KFk zwrC8US+sT_BN4iR{HXG6o@5zpI2CdNPL4!&w%3+p>6 z`n7qjg+9oJ6mt1?8HZHp`;F{>>!qbBdQ{)1f$a9#7pLX0kOs&Qp161M{ zzq66q{kQEDvQnNUvH0Mn4NI9xduYs$S`0-n3pod#Kr&xn_mup+*t%fx9!%3H16sRf zCJDSEwCBt;+iM-YV7*-(l>8Sc`ih)>R?ao^c$Tz%V{uAk=W2CKK;Nt?a1w6*iUv2Z zzY-m6pTdl=ZQ!keB_|t|p810hp;S$Ro+S~~K|^DLEr2?7b&0goO%l-q;f*)^4xQOo zzw2i7Rz_ng-vu1V&4rQ25DO(il7lQScF^bVy9djpIU+#`hihkH@mZ1Q8m+C``-TA14)|81jCN-VGdR^zKz57*U8`+E zQFBqe>_yIN>z!=LTA3kC5F+adzpgewPLes3=Todedy{p2&8D-kYsy=3D;(nMg-foI zXGzjfqLCdzkS-cfSC*+wLmjn0M^z9?qV$_6EB`-5767v&8&0Hrf1;D5jLHlyu+tFd zRn6%b^j-=mNS)-yi&pf(dX!f1TfTwz1cANG!HT=MXQQMIXbujrurA=R)8m@!A%O8z z-}Sx38{~Ny;cV2h2Vi-Kte`-O9esaay%UB60haehEQ>-+><=*RO1zJ2}gty zD=<_IK1p8Ii^h~{v;%q{e<8|LWak5sge2d4<`;5>wM^@ISq%MNke}#|+Lmd3;}zO$ z0BwL-P0{bTUW(@#UHW9LfhxnK?{tb^HkQYQrR27@&i*NQ{xiHfh@pfJV4rhX6GcQM zXhmzq(W;w}_40g=0Y9vT{epaMv$#meqIcq_G#k6gX!B%{x0glPGMA2FXAE#|Aprce z6GJvARBMYj_WI1VWWVIrq8@kS0vmvUduDOXsC%zZvpbmxrFMjSdxqD9w@Y8qLJ*`v zMjBaAJA#0r=oQ|*2bSc6RAztP`ndjUK!?0YO_uC6}4S;7R+NclF4 z634K%mw~jU$x>8cY}HRlaW)=7`Rx#WcbgtfHZ#QGwugHF?m2H(@$AcK_XIFklAHY@ zsw{v2IHrxA?sI_g6h6o7RaJ5(SvLUqK;Y!zYL`8+ACyfInFE@x_Bd%ZzuyLk<0qNM z%De_q$CHUu_K%z>Da{fC+}UYxOly0VbL$*JhwHn!4iU#IsK3gl3zF4XvhrvtViKYL zy0{K}+Fy3gkL>WR zDyTse349IB-md_lD>D+cOgE6vzB92ni~s{(9YAQlRgEateY|SVezW!Qf7oij=(suE z#}T8zpPIbK|7sQ23vmDPPp=@Ypf>xn6K9wbH%a=Tiy5O-PiS|BREaI;W^bg|O>;u;4eS>Tl$0*n7H@O_DX$5JdtNfF>OH-VNw@ z&Ut-9xDW{H{(uw_c+y8uN+nqEU{N>z3C~U7g#|pCHl%|zFWn+rF|L+Zw9nQ>Jx2Zx z7f~uLd~;kKbdy32cw_%g04hdo>aU){M9a;DUhyCqHZuI(!B8_{cth9~)Du) z9CsgPyTqio&khhxwtPL3!A=Fkhyc`F3w%ref^JVDWRF4wQ_72b-3@r^!YdRJgdp;p zRmhZ{|521l-x>7uRjp(0K&4D=JwQMSQy@N-uK z0{WZEJ05NxF4D<}W(5qWMO?tF3VHucfo`Ot_T8&>Ssgw!+iQjUCgskwfDgeh$?5}D z)J;jhXv}8~a^TE7fa?@8)_`}YH>DMupnmb(2Z@38?*odNNM`u0$R2r8s9bgkL`zwU{_kt#qO?iUeU1+jJChByj}fr2jZV~+y_*68;EYC)BIJ! zqxCBPZSV^4A`K#KIb*)Qamy*87_emTxe)p5%awK!nB(`K8RpAN2RPlCmbUd?b1>`Nf$eopTuQ7)S2g=7J)DUku;Y)r zP`x^}Wfr++@sg@l8BJEPXhe z2)4vAsy)(1U6cO^BZ`i^qUSw8PojN1y*s3}=_|3i|* z9!5<5&o7aK=8H-W@BWO%m%-a}Y_Dg(KIM!9qyj|XM9tqDYx$_R$|(zczF`4?XL%(_ zL-Hs~

sCPb@d4#iMxTw1P!CIbM}-ztF`V#Th=K!tjm{;>cl*pcKEIR!oQjpu;>s zhj)RNF2|Y3_cl#5rC*!*XCyC+VJDEDf>cKZzKZm-nk`%nP z$sb!*L1bht!RcS-6b<-YlAiqMn1w1y$`X`Qa%Lx!*%`0cp{s?2LjZT;mY8~oO1ugw zgI_HUUSfX%qz}X_0UDu;IsS%vrEJ=n;n`;%^C>L8fVbi$9K`0QRlLa- zx@v&%NKIl?Wql0@f70NY+VARF@Uv%@` zf05e>>_@f(MELC}-mIw_Z|<-0PIgh0Q@dY<59kVF)_e1cq^6gV?8GUiJF^7g7E`H)~GXO-rm8ok=wCA z-U(e}dL{LyZle^*2eDRktn&Xmc#jMa_;O)7riHKw(*`H|bN6^K3;cUCb7Wd@Wn4yR z#Y9CUnY=U^cC@>U56FW=v$E8ihSZ3-q#bnu9yfrvnf|@bNt0xW5+?POLUI$&PZ*5C zl>Qjr;74pzx6!s2~;RZ}Ej^}&Tm-a|2eH^(qS8L+L*Y|B(A>(z8C($g|lRD2(&bV0ezKnettBuV(U90JTnE(Fq6ZG^(Q3mnB z!#WB&uRG_fCs26fMp`Vzg5`4{;@ww2Wzg^vt|a!TTL8!`HIDZ+`MZMuHSt7e>KRs zx$zo?_>7XgnQtT<=IEPzpq?j{&0F{ah;?jxT#94#m+V*>kkV^TFQG<|&M5BF)ZLCZrheNuS}hZbgx5v! zPCQ)1-$QL%Y;jI2)mJqk;81j(az`z7q3t*QfnxNLc658FrmcQ)W1Xs>*6^0Fau8Mm zA@?ydh_u)Ke}!9l!OwQt6k-ucObo4AoC;9SjXl9DQr6anr-f@D1d?#X-ubUEomAF$ zl0Om+CxfH}s)4tyCrmS0uS(hIpw^;@b~agY&k{1s@$qO)#|OT<@1%eP*~yuqkuAIw zoZ>_@pDqJ5eJZ6Yt>XM7=QYtIA!J;|Pn+-hb^e$27+IR*FmJuZcMPzGqP5)@Uu&)A zMEyp_f|LI-9Nw>u2YZ84ES83kO9KNR+YyB5GOqdqTlg+zrRyiYdtmtXIzN*ourQQg zJAp~o_TmERQCaNIv+AH7Yqs9Ql+`ae=o16y=VHW6SA=;I7oWR_I*2m#51K!pOh*@j`8tT zBP4+%crJ`A^!76Zg6zk$%ufTnj#*yMZ*#SJ^k)wn-mc~eAluQq_3v)u5~}b{j4jhu zj|Wg}P1nx)%9BA+(v96zdl^YZg~I!$@zW$u5+y4w;-^6{b&j9s^W*>Ir+mwcfd*4S z0?@Wp=u$Ra_d{HARyEVC&`2CPJZ`pZZ5wzEh$~(%CXASIB5%%bu9IYr%f| zW+oIXn@MYBS(F$AT20;U1*FE*8kVLoqYZ6_9%{@#gL4tVCrfbDaal?e?RJ*`cjwO= z@Mf5((=gCMAh86~k&vdB`YHp-x$93V3yY0G-oKR)MZF_$(wqj)Gqwop_QpQEZ9&4i ziq&#JVJET3?X!6^eR&Yhdp`Z<;pw-$Jc4MVX4(GF&&~BW#ZPZ~!m@sTLG}FJKo?e@ zGCBDGwlQL#YcQV~c;btlluL&Gj1grQ^XOEoK27PZEA}V}h_1Ik48Z=7OYR_9b?L%H z%v4)1lUy~Mub0kITs(kTb3}7G^4NNa`sVm~9y<&<^mF-^n`JL21xKcZkjOT~6;8xU%8wdR8-ko=*;fr5YgD>q81YU?UF&4FgVI8l#l|`wB3E) zY_+$I+T{LdyS-yw`BX_}!pMf>)JB7uqeu>Dc6IGQmK{7x6vWAy&X*4 zNmr(;JzW-jyC?VSAhHejfW4yy9!Xw zVWiQ88TJdb3H@5}S>*E!YVcAwDLre^|R_=5_o%xG-I5 zJjUZm21o3T3QiwF80&(fmp1P7wnW;xfq8g}jDsV(5fqB(f;bPzX=y3rl*y=oGpMDjb@RD^4ytoVlrU@p@nE@4%@ zs~6L+X7`VI#AO*?M2W>ZnWb^x|H-z%25L<^;q4muN0x9Ssu~Sf$X~8p~ zZB}VA{!=D0T2S47fj*&M&!tNBt}-z9Gb?n=hZQY>c0}h<&iyF~Q`8-|r6qi9?CB8Q zJCi$UbxfaKXI=$8re96CgFYb6Gak@lvs++F5CTX_yTwt6Z%#%#B9-`tbtcCr zo4vzX7FgFd+650o5-!?u7*1*Y;IDq=Ax_ZyK(;01k*lEl-samx~JdR5?x2kd)D zz|jU1`P09&xP`Jeojs+Nyz(K?uCH}-oW>bpw6#9!6< z&HsKCV)^!iolU8gE)}&QpZ7XIpD6((HvoNX7ffNMe)hqb1n*7Q*Emnq5()7!Htn3h zUYaz_098-Nuc9-CaP6pX-Iq9Dtbm4+!l-cz^bktd{~4{c%$@ez9Ir@PD+Ev4ojx*)^P4*=5u0Bb z!o2*=H6OZMUC8|f7p3pgz`?%(SOY%*|ex#JHQd{MJxA67~-h<-;4Ml;G9+ZtB>XoanmQc$`V z;IS6C+Kz%f+5XdzJU7v3??+P~lE9h9aF&gz><%ld_wMQbG*|(wfc2y=u}%51UYq+s|?bjX3dEUD~^tgv}gjk~lS~EkbKn@Ia(Gt<7O)p{fn`?i;=!gG)t@RBS z!knz7$J*0&p7t_9PrZ)f^=s0`9qaVc#w0L8S?+MjmlGmzF=_Z9~C?ByYI8q~iORbkkWwiAf3H`Btx{hPq8qmXJewl)`B=5xfkvk&-5-zzDJUZoN| zetSJd=#Nmiutv;O#JQ+5*<+WG$>k(4f@n43(lxhqy8{iOORxrRSrdu2LbUhI@VVWI zh-YmSve$p~aHh27Qr27JMfI|%=(V?5*2aj2xXpozBk^{0=w!A_+HXIhsCI}fMD}%m z7`qOmakvuFHbHIy(&}5Bn}t@Z0U{PpgxpEc9+oe>y%&4H|KdJnk>B;hk(ZZhyeof= zF(ETTPkADMszkz7v)M6yk&LZva&TVDE!ITvWV*8P3DyQ70=_i9f6!{`=b|K-AT%CX zra}J#7*)L`vp{F_e1{SHqOM)#1&sp99L+`2O_4kGeQ)2-cs(p&xjG98aTlE41SnlT zs3B(NkS1{7)9!(%OciC5K)K23ICVz0#qnRZV5Ukz?xd?B!K4kq=eb95kaS$H9S=7` zny+~;7J9-YhwEufU)frh%xs$+{Bw^5Mr@;0xC*#+D?-%7t0xY{m&9N!=yenrMw&hy zsAvq6+_^RUspOP_!cQiZ|H$DJ>0V z8=dd(f4I}6Cj=5 zP1I*_?dAvN%Q?&zp>HOQqkiN7_a5A$FLnusjSlm-gHoq2P!CZQ@Ix)2e_) zyDet7p7W@@E0(koM37UEMgIokE$Dy4$yvbhxX+ui?D)m0CDPoBxObP7&tP`c=dKt> zDrsFe=jJ{$88F6OQeN1?bOw*i2$%QF*1|~BG6g-hqkXD+mkYQCpXQC$f+ow*2@S;- z{Wcd~rj=gujEO)og1nI!MDUinF!J~QjV0zP3Ut+y3v{QT3nCllIo8_ScV<&N*E=~` zCzow9ZrsBV_>Ygf6)+#wR}c37^z?JqS~{*K%~{FJvIToc&UWoWug%g2%T!^Cq43P! zu#sS0qM2fnYK40H&}$kwyZ5z(6=DrC-UObwBwdPY9Lsf0E|x(iu^lbW>q+sZu1j3W zpT^LH$Er2J^^WRiGjyv|&dBslA({IxGyaS^t5c0`jM{yGj6^^=DnRUg;&WN=(@bCX zinDn;vIk!yBz%>WkV|)MUHmPlY_9tMe^gZq63lT#??66>1R?O39?r;jI)UrTrXCLt zZ>jD9mlQQ!B&dh{|Du0XusjSa(}Vz*r0UO<>4L6vORTTQOF5CByt&KG%`Nc_@C3l; zF5o!dy?ghA7#O0tapOiB3~= 3.1.0" - ## Description / note - description: This CVE needs to be fixed in the alpine base image of nginx container. - diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/templates/NOTES.txt b/charts/artifactory-ha/artifactory-ha/4.13.0/templates/NOTES.txt deleted file mode 100644 index 019ed74df..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/templates/NOTES.txt +++ /dev/null @@ -1,118 +0,0 @@ -Congratulations. You have just deployed JFrog Artifactory HA! - -{{- if .Values.artifactory.masterKey }} -{{- if and (not .Values.artifactory.masterKeySecretName) (eq .Values.artifactory.masterKey "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF") }} - - -***************************************** WARNING ****************************************** -* Your Artifactory master key is still set to the provided example: * -* artifactory.masterKey=FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF * -* * -* You should change this to your own generated key: * -* $ export MASTER_KEY=$(openssl rand -hex 32) * -* $ echo ${MASTER_KEY} * -* * -* Pass the created master key to helm with '--set artifactory.masterKey=${MASTER_KEY}' * -* * -* Alternatively, you can use a pre-existing secret with a key called master-key with * -* '--set artifactory.masterKeySecretName=${SECRET_NAME}' * -******************************************************************************************** -{{- end }} -{{- end }} - -{{- if .Values.artifactory.joinKey }} -{{- if eq .Values.artifactory.joinKey "EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE" }} - - -***************************************** WARNING ****************************************** -* Your Artifactory join key is still set to the provided example: * -* artifactory.joinKey=EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE * -* * -* You should change this to your own generated key: * -* $ export JOIN_KEY=$(openssl rand -hex 32) * -* $ echo ${JOIN_KEY} * -* * -* Pass the created master key to helm with '--set artifactory.joinKey=${JOIN_KEY}' * -* * -******************************************************************************************** -{{- end }} -{{- end }} - - -{{- if .Values.postgresql.enabled }} - -DATABASE: -To extract the database password, run the following -export DB_PASSWORD=$(kubectl get --namespace {{ .Release.Namespace }} $(kubectl get secret --namespace {{ .Release.Namespace }} -o name | grep postgresql) -o jsonpath="{.data.postgresql-password}" | base64 --decode) -echo ${DB_PASSWORD} -{{- end }} - -SETUP: -1. Get the Artifactory IP and URL - - {{- if contains "NodePort" .Values.nginx.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "artifactory-ha.nginx.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT/ - - {{- else if contains "LoadBalancer" .Values.nginx.service.type }} - NOTE: It may take a few minutes for the LoadBalancer public IP to be available! - - You can watch the status of the service by running 'kubectl get svc -w {{ template "artifactory-ha.nginx.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "artifactory-ha.nginx.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP/ - - {{- else if contains "ClusterIP" .Values.nginx.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "component={{ .Values.nginx.name }}" -o jsonpath="{.items[0].metadata.name}") - kubectl port-forward --namespace {{ .Release.Namespace }} $POD_NAME 8080:80 - echo http://127.0.0.1:8080 - - {{- end }} - -2. Open Artifactory in your browser - Default credential for Artifactory: - user: admin - password: password - - {{- if .Values.artifactory.license.secret }} - -3. Artifactory license(s) is deployed as a Kubernetes secret. This method is relevant for initial deployment only! - Updating the license should be done via Artifactory UI or REST API. If you want to keep managing the artifactory license using the same method, you can use artifactory.copyOnEveryStartup in values.yaml. - - {{- else }} - -3. Add HA licenses to activate Artifactory HA through the Artifactory UI - NOTE: Each Artifactory node requires a valid license. See https://www.jfrog.com/confluence/display/RTF/HA+Installation+and+Setup for more details. - - {{- end }} - -{{ if or .Values.artifactory.primary.javaOpts.jmx.enabled .Values.artifactory.node.javaOpts.jmx.enabled }} -JMX configuration: -{{- if not (contains "LoadBalancer" .Values.artifactory.service.type) }} -If you want to access JMX from you computer with jconsole, you should set ".Values.artifactory.service.type=LoadBalancer" !!! -{{ end }} - -1. Get the Artifactory service IP: -{{- if .Values.artifactory.primary.javaOpts.jmx.enabled }} -export PRIMARY_SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "artifactory-ha.primary.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') -{{- end }} -{{- if .Values.artifactory.node.javaOpts.jmx.enabled }} -export MEMBER_SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "artifactory-ha.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') -{{- end }} - -2. Map the service name to the service IP in /etc/hosts: -{{- if .Values.artifactory.primary.javaOpts.jmx.enabled }} -sudo sh -c "echo \"${PRIMARY_SERVICE_IP} {{ template "artifactory-ha.primary.name" . }}\" >> /etc/hosts" -{{- end }} -{{- if .Values.artifactory.node.javaOpts.jmx.enabled }} -sudo sh -c "echo \"${MEMBER_SERVICE_IP} {{ template "artifactory-ha.fullname" . }}\" >> /etc/hosts" -{{- end }} - -3. Launch jconsole: -{{- if .Values.artifactory.primary.javaOpts.jmx.enabled }} -jconsole {{ template "artifactory-ha.primary.name" . }}:{{ .Values.artifactory.primary.javaOpts.jmx.port }} -{{- end }} -{{- if .Values.artifactory.node.javaOpts.jmx.enabled }} -jconsole {{ template "artifactory-ha.fullname" . }}:{{ .Values.artifactory.node.javaOpts.jmx.port }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/templates/_helpers.tpl b/charts/artifactory-ha/artifactory-ha/4.13.0/templates/_helpers.tpl deleted file mode 100644 index f8417e945..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/templates/_helpers.tpl +++ /dev/null @@ -1,302 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "artifactory-ha.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -The primary node name -*/}} -{{- define "artifactory-ha.primary.name" -}} -{{- if .Values.nameOverride -}} -{{- printf "%s-primary" .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := .Release.Name | trunc 29 -}} -{{- printf "%s-%s-primary" $name .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} - -{{/* -The member node name -*/}} -{{- define "artifactory-ha.node.name" -}} -{{- if .Values.nameOverride -}} -{{- printf "%s-member" .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := .Release.Name | trunc 29 -}} -{{- printf "%s-%s-member" $name .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} - -{{/* -Expand the name nginx service. -*/}} -{{- define "artifactory-ha.nginx.name" -}} -{{- default .Values.nginx.name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "artifactory-ha.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create a default fully qualified Replicator app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "artifactory-ha.replicator.fullname" -}} -{{- if .Values.artifactory.replicator.ingress.name -}} -{{- .Values.artifactory.replicator.ingress.name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-replication" .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} - -{{/* -Create a default fully qualified replicator tracker ingress name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "artifactory-ha.replicator.tracker.fullname" -}} -{{- if .Values.artifactory.replicator.trackerIngress.name -}} -{{- .Values.artifactory.replicator.trackerIngress.name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-replication-tracker" .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "artifactory-ha.nginx.fullname" -}} -{{- if .Values.nginx.fullnameOverride -}} -{{- .Values.nginx.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nginx.name -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "artifactory-ha.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} -{{ default (include "artifactory-ha.fullname" .) .Values.serviceAccount.name }} -{{- else -}} -{{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "artifactory-ha.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Generate SSL certificates -*/}} -{{- define "artifactory-ha.gen-certs" -}} -{{- $altNames := list ( printf "%s.%s" (include "artifactory-ha.name" .) .Release.Namespace ) ( printf "%s.%s.svc" (include "artifactory-ha.name" .) .Release.Namespace ) -}} -{{- $ca := genCA "artifactory-ca" 365 -}} -{{- $cert := genSignedCert ( include "artifactory-ha.name" . ) nil $altNames 365 $ca -}} -tls.crt: {{ $cert.Cert | b64enc }} -tls.key: {{ $cert.Key | b64enc }} -{{- end -}} - -{{/* -Scheme (http/https) based on Access TLS enabled/disabled -*/}} -{{- define "artifactory-ha.scheme" -}} -{{- if .Values.access.accessConfig.security.tls -}} -{{- printf "%s" "https" -}} -{{- else -}} -{{- printf "%s" "http" -}} -{{- end -}} -{{- end -}} - -{{/* -Resolve joinKey value -*/}} -{{- define "artifactory-ha.joinKey" -}} -{{- if .Values.global.joinKey -}} -{{- .Values.global.joinKey -}} -{{- else if .Values.artifactory.joinKey -}} -{{- .Values.artifactory.joinKey -}} -{{- end -}} -{{- end -}} - -{{/* -Resolve masterKey value -*/}} -{{- define "artifactory-ha.masterKey" -}} -{{- if .Values.global.masterKey -}} -{{- .Values.global.masterKey -}} -{{- else if .Values.artifactory.masterKey -}} -{{- .Values.artifactory.masterKey -}} -{{- end -}} -{{- end -}} - -{{/* -Resolve joinKeySecretName value -*/}} -{{- define "artifactory-ha.joinKeySecretName" -}} -{{- if .Values.global.joinKeySecretName -}} -{{- .Values.global.joinKeySecretName -}} -{{- else if .Values.artifactory.joinKeySecretName -}} -{{- .Values.artifactory.joinKeySecretName -}} -{{- else -}} -{{ include "artifactory-ha.fullname" . }} -{{- end -}} -{{- end -}} - -{{/* -Resolve masterKeySecretName value -*/}} -{{- define "artifactory-ha.masterKeySecretName" -}} -{{- if .Values.global.masterKeySecretName -}} -{{- .Values.global.masterKeySecretName -}} -{{- else if .Values.artifactory.masterKeySecretName -}} -{{- .Values.artifactory.masterKeySecretName -}} -{{- else -}} -{{ include "artifactory-ha.fullname" . }} -{{- end -}} -{{- end -}} - -{{/* -Resolve imagePullSecrets value -*/}} -{{- define "artifactory-ha.imagePullSecrets" -}} -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- else if .Values.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end -}} -{{- end -}} - -{{/* -Resolve customInitContainersBegin value -*/}} -{{- define "artifactory-ha.customInitContainersBegin" -}} -{{- if .Values.global.customInitContainersBegin -}} -{{- .Values.global.customInitContainersBegin -}} -{{- else if .Values.artifactory.customInitContainersBegin -}} -{{- .Values.artifactory.customInitContainersBegin -}} -{{- end -}} -{{- end -}} - -{{/* -Resolve customInitContainers value -*/}} -{{- define "artifactory-ha.customInitContainers" -}} -{{- if .Values.global.customInitContainers -}} -{{- .Values.global.customInitContainers -}} -{{- else if .Values.artifactory.customInitContainers -}} -{{- .Values.artifactory.customInitContainers -}} -{{- end -}} -{{- end -}} - -{{/* -Resolve customVolumes value -*/}} -{{- define "artifactory-ha.customVolumes" -}} -{{- if .Values.global.customVolumes -}} -{{- .Values.global.customVolumes -}} -{{- else if .Values.artifactory.customVolumes -}} -{{- .Values.artifactory.customVolumes -}} -{{- end -}} -{{- end -}} - -{{/* -Resolve customVolumeMounts value -*/}} -{{- define "artifactory-ha.customVolumeMounts" -}} -{{- if .Values.global.customVolumeMounts -}} -{{- .Values.global.customVolumeMounts -}} -{{- else if .Values.artifactory.customVolumeMounts -}} -{{- .Values.artifactory.customVolumeMounts -}} -{{- end -}} -{{- end -}} - -{{/* -Resolve customSidecarContainers value -*/}} -{{- define "artifactory-ha.customSidecarContainers" -}} -{{- if .Values.global.customSidecarContainers -}} -{{- .Values.global.customSidecarContainers -}} -{{- else if .Values.artifactory.customSidecarContainers -}} -{{- .Values.artifactory.customSidecarContainers -}} -{{- end -}} -{{- end -}} - -{{/* -Return the proper artifactory chart image names -*/}} -{{- define "artifactory-ha.getImageInfoByValue" -}} -{{- $dot := index . 0 }} -{{- $indexReference := index . 1 }} -{{- $registryName := index $dot.Values $indexReference "image" "registry" -}} -{{- $repositoryName := index $dot.Values $indexReference "image" "repository" -}} -{{- $tag := default $dot.Chart.AppVersion (index $dot.Values $indexReference "image" "tag") | toString -}} -{{- if $dot.Values.global }} - {{- if and $dot.Values.global.versions.artifactory (or (eq $indexReference "artifactory") (eq $indexReference "nginx") ) }} - {{- $tag = $dot.Values.global.versions.artifactory | toString -}} - {{- end -}} - {{- if $dot.Values.global.imageRegistry }} - {{- printf "%s/%s:%s" $dot.Values.global.imageRegistry $repositoryName $tag -}} - {{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} - {{- end -}} -{{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} -{{- end -}} -{{- end -}} - -{{/* -Return the proper artifactory app version -*/}} -{{- define "artifactory-ha.app.version" -}} -{{- $image := split ":" ((include "artifactory-ha.getImageInfoByValue" (list . "artifactory")) | toString) -}} -{{- $tag := $image._1 -}} -{{- printf "%s" $tag -}} -{{- end -}} - -{{/* -Custom certificate copy command -*/}} -{{- define "artifactory-ha.copyCustomCerts" -}} -echo "Copy custom certificates to {{ .Values.artifactory.persistence.mountPath }}/etc/security/keys/trusted"; -mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/security/keys/trusted; -find /tmp/certs -type f -not -name "*.key" -exec cp -v {} {{ .Values.artifactory.persistence.mountPath }}/etc/security/keys/trusted \;; -find {{ .Values.artifactory.persistence.mountPath }}/etc/security/keys/trusted/ -type f -name "tls.crt" -exec mv -v {} {{ .Values.artifactory.persistence.mountPath }}/etc/security/keys/trusted/ca.crt \;; -{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/templates/additional-resources.yaml b/charts/artifactory-ha/artifactory-ha/4.13.0/templates/additional-resources.yaml deleted file mode 100644 index c4d06f08a..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/templates/additional-resources.yaml +++ /dev/null @@ -1,3 +0,0 @@ -{{ if .Values.additionalResources }} -{{ tpl .Values.additionalResources . }} -{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/templates/admin-bootstrap-creds.yaml b/charts/artifactory-ha/artifactory-ha/4.13.0/templates/admin-bootstrap-creds.yaml deleted file mode 100644 index b344e86b6..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/templates/admin-bootstrap-creds.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if not (and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey) }} -{{- if .Values.artifactory.admin.password }} -kind: Secret -apiVersion: v1 -metadata: - name: {{ template "artifactory-ha.fullname" . }}-bootstrap-creds - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - bootstrap.creds: {{ (printf "%s@%s=%s" .Values.artifactory.admin.username .Values.artifactory.admin.ip .Values.artifactory.admin.password) | b64enc }} -{{- end }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-access-config.yaml b/charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-access-config.yaml deleted file mode 100644 index 4eac505bc..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-access-config.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if .Values.access.accessConfig }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "artifactory-ha.fullname" . }}-access-config - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -type: Opaque -stringData: - access.config.patch.yml: | -{{ tpl (toYaml .Values.access.accessConfig) . | indent 4 }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-binarystore-secret.yaml b/charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-binarystore-secret.yaml deleted file mode 100644 index 2e7cac758..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-binarystore-secret.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if not .Values.artifactory.persistence.customBinarystoreXmlSecret }} -kind: Secret -apiVersion: v1 -metadata: - name: {{ template "artifactory-ha.fullname" . }}-binarystore - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -stringData: - binarystore.xml: |- -{{ tpl .Values.artifactory.persistence.binarystoreXml . | indent 4 }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-configmaps.yaml b/charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-configmaps.yaml deleted file mode 100644 index 1385bc578..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-configmaps.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{ if .Values.artifactory.configMaps }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "artifactory-ha.fullname" . }}-configmaps - labels: - app: {{ template "artifactory-ha.fullname" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: -{{ tpl .Values.artifactory.configMaps . | indent 2 }} -{{ end -}} \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-custom-secrets.yaml b/charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-custom-secrets.yaml deleted file mode 100644 index 67473fc58..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-custom-secrets.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.artifactory.customSecrets }} -{{- range .Values.artifactory.customSecrets }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "artifactory-ha.fullname" $ }}-{{ .name }} - labels: - app: "{{ template "artifactory-ha.name" $ }}" - chart: "{{ template "artifactory-ha.chart" $ }}" - component: "{{ $.Values.artifactory.name }}" - heritage: {{ $.Release.Service | quote }} - release: {{ $.Release.Name | quote }} -type: Opaque -stringData: - {{ .key }}: | -{{ .data | indent 4 -}} -{{- end -}} -{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-database-secrets.yaml b/charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-database-secrets.yaml deleted file mode 100644 index 9ff71855f..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-database-secrets.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if and (not .Values.database.secrets) (not .Values.postgresql.enabled) }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "artifactory-ha.fullname" . }}-database-creds - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -type: Opaque -data: - {{- with .Values.database.url }} - db-url: {{ tpl . $ | b64enc | quote }} - {{- end }} - {{- with .Values.database.user }} - db-user: {{ tpl . $ | b64enc | quote }} - {{- end }} - {{- with .Values.database.password }} - db-password: {{ tpl . $ | b64enc | quote }} - {{- end }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-gcp-credentials-secret.yaml b/charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-gcp-credentials-secret.yaml deleted file mode 100644 index c6a2682c8..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-gcp-credentials-secret.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if not .Values.artifactory.persistence.googleStorage.gcpServiceAccount.customSecretName }} -{{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} -kind: Secret -apiVersion: v1 -metadata: - name: {{ template "artifactory-ha.fullname" . }}-gcpcreds - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -stringData: - gcp.credentials.json: |- -{{ tpl .Values.artifactory.persistence.googleStorage.gcpServiceAccount.config . | indent 4 }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-installer-info.yaml b/charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-installer-info.yaml deleted file mode 100644 index e58ec41b3..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-installer-info.yaml +++ /dev/null @@ -1,12 +0,0 @@ -kind: ConfigMap -apiVersion: v1 -metadata: - name: {{ template "artifactory-ha.fullname" . }}-installer-info - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - installer-info.json: | - {{ tpl .Values.installerInfo . }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-license-secret.yaml b/charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-license-secret.yaml deleted file mode 100644 index 3f629c6e4..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-license-secret.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- with .Values.artifactory.license.licenseKey }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "artifactory-ha.fullname" $ }}-license - labels: - app: {{ template "artifactory-ha.name" $ }} - chart: {{ template "artifactory-ha.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} -type: Opaque -data: - artifactory.lic: {{ . | b64enc | quote }} -{{- end }} \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-migration-scripts.yaml b/charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-migration-scripts.yaml deleted file mode 100644 index fe40f980f..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-migration-scripts.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.artifactory.migration.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "artifactory-ha.fullname" . }}-migration-scripts - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - migrate.sh: | -{{ .Files.Get "files/migrate.sh" | indent 4 }} - migrationHelmInfo.yaml: | -{{ .Files.Get "files/migrationHelmInfo.yaml" | indent 4 }} - migrationStatus.sh: | -{{ .Files.Get "files/migrationStatus.sh" | indent 4 }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-networkpolicy.yaml b/charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-networkpolicy.yaml deleted file mode 100644 index 371dc9a5f..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-networkpolicy.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{- range .Values.networkpolicy }} -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ template "artifactory-ha.fullname" $ }}-{{ .name }}-networkpolicy - labels: - app: {{ template "artifactory-ha.name" $ }} - chart: {{ template "artifactory-ha.chart" $ }} - release: {{ $.Release.Name }} - heritage: {{ $.Release.Service }} -spec: -{{- if .podSelector }} - podSelector: -{{ .podSelector | toYaml | trimSuffix "\n" | indent 4 -}} -{{ else }} - podSelector: {} -{{- end }} - policyTypes: - {{- if .ingress }} - - Ingress - {{- end }} - {{- if .egress }} - - Egress - {{- end }} -{{- if .ingress }} - ingress: -{{ .ingress | toYaml | trimSuffix "\n" | indent 2 -}} -{{- end }} -{{- if .egress }} - egress: -{{ .egress | toYaml | trimSuffix "\n" | indent 2 -}} -{{- end }} ---- -{{- end -}} \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-nfs-pvc.yaml b/charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-nfs-pvc.yaml deleted file mode 100644 index 6ed7d82f6..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-nfs-pvc.yaml +++ /dev/null @@ -1,101 +0,0 @@ -{{- if eq .Values.artifactory.persistence.type "nfs" }} -### Artifactory HA data -apiVersion: v1 -kind: PersistentVolume -metadata: - name: {{ template "artifactory-ha.fullname" . }}-data-pv - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - id: {{ template "artifactory-ha.name" . }}-data-pv - type: nfs-volume -spec: - {{- if .Values.artifactory.persistence.nfs.mountOptions }} - mountOptions: -{{ toYaml .Values.artifactory.persistence.nfs.mountOptions | indent 4 }} - {{- end }} - capacity: - storage: {{ .Values.artifactory.persistence.nfs.capacity }} - accessModes: - - ReadWriteOnce - persistentVolumeReclaimPolicy: Retain - nfs: - server: {{ .Values.artifactory.persistence.nfs.ip }} - path: "{{ .Values.artifactory.persistence.nfs.haDataMount }}" - readOnly: false ---- -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ template "artifactory-ha.fullname" . }}-data-pvc - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - type: nfs-volume -spec: - accessModes: - - ReadWriteOnce - storageClassName: "" - resources: - requests: - storage: {{ .Values.artifactory.persistence.nfs.capacity }} - selector: - matchLabels: - id: {{ template "artifactory-ha.name" . }}-data-pv - app: {{ template "artifactory-ha.name" . }} - release: {{ .Release.Name }} ---- -### Artifactory HA backup -apiVersion: v1 -kind: PersistentVolume -metadata: - name: {{ template "artifactory-ha.fullname" . }}-backup-pv - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - id: {{ template "artifactory-ha.name" . }}-backup-pv - type: nfs-volume -spec: - {{- if .Values.artifactory.persistence.nfs.mountOptions }} - mountOptions: -{{ toYaml .Values.artifactory.persistence.nfs.mountOptions | indent 4 }} - {{- end }} - capacity: - storage: {{ .Values.artifactory.persistence.nfs.capacity }} - accessModes: - - ReadWriteOnce - persistentVolumeReclaimPolicy: Retain - nfs: - server: {{ .Values.artifactory.persistence.nfs.ip }} - path: "{{ .Values.artifactory.persistence.nfs.haBackupMount }}" - readOnly: false ---- -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ template "artifactory-ha.fullname" . }}-backup-pvc - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - type: nfs-volume -spec: - accessModes: - - ReadWriteOnce - storageClassName: "" - resources: - requests: - storage: {{ .Values.artifactory.persistence.nfs.capacity }} - selector: - matchLabels: - id: {{ template "artifactory-ha.name" . }}-backup-pv - app: {{ template "artifactory-ha.name" . }} - release: {{ .Release.Name }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-node-pdb.yaml b/charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-node-pdb.yaml deleted file mode 100644 index cb45027cf..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-node-pdb.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.artifactory.node.minAvailable -}} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ template "artifactory-ha.fullname" . }}-node - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - component: {{ .Values.artifactory.name }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - matchLabels: - component: {{ .Values.artifactory.name }} - app: {{ template "artifactory-ha.name" . }} - role: {{ template "artifactory-ha.node.name" . }} - release: {{ .Release.Name }} - minAvailable: {{ .Values.artifactory.node.minAvailable }} -{{- end }} \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-node-statefulset.yaml b/charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-node-statefulset.yaml deleted file mode 100644 index 18f5de1ff..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-node-statefulset.yaml +++ /dev/null @@ -1,777 +0,0 @@ -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ template "artifactory-ha.node.name" . }} - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - component: {{ .Values.artifactory.name }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -{{- with .Values.artifactory.node.labels }} -{{ toYaml . | indent 4 }} -{{- end }} -spec: - serviceName: {{ template "artifactory-ha.node.name" . }} - replicas: {{ .Values.artifactory.node.replicaCount }} - updateStrategy: {{- toYaml .Values.artifactory.node.updateStrategy | nindent 4}} - selector: - matchLabels: - app: {{ template "artifactory-ha.name" . }} - role: {{ template "artifactory-ha.node.name" . }} - release: {{ .Release.Name }} - template: - metadata: - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - role: {{ template "artifactory-ha.node.name" . }} - heritage: {{ .Release.Service }} - component: {{ .Values.artifactory.name }} - release: {{ .Release.Name }} - {{- with .Values.artifactory.node.labels }} -{{ toYaml . | indent 8 }} - {{- end }} - annotations: - checksum/database-secrets: {{ include (print $.Template.BasePath "/artifactory-database-secrets.yaml") . | sha256sum }} - checksum/binarystore: {{ include (print $.Template.BasePath "/artifactory-binarystore-secret.yaml") . | sha256sum }} - checksum/systemyaml: {{ include (print $.Template.BasePath "/artifactory-system-yaml.yaml") . | sha256sum }} - {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} - checksum/gcpcredentials: {{ include (print $.Template.BasePath "/artifactory-gcp-credentials-secret.yaml") . | sha256sum }} - {{- end }} - {{- range $key, $value := .Values.artifactory.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} - spec: - {{- if .Values.artifactory.priorityClass.existingPriorityClass }} - priorityClassName: {{ .Values.artifactory.priorityClass.existingPriorityClass }} - {{- else -}} - {{- if .Values.artifactory.priorityClass.create }} - priorityClassName: {{ default (include "artifactory-ha.fullname" .) .Values.artifactory.priorityClass.name }} - {{- end }} - {{- end }} - serviceAccountName: {{ template "artifactory-ha.serviceAccountName" . }} - terminationGracePeriodSeconds: {{ .Values.artifactory.terminationGracePeriodSeconds }} - {{- if or .Values.imagePullSecrets .Values.global.imagePullSecrets }} -{{- include "artifactory-ha.imagePullSecrets" . | indent 6 }} - {{- end }} - {{- if .Values.artifactory.setSecurityContext }} - securityContext: - runAsUser: {{ .Values.artifactory.uid }} - fsGroup: {{ .Values.artifactory.gid }} - {{- end }} - initContainers: - {{- if or .Values.artifactory.customInitContainersBegin .Values.global.customInitContainersBegin }} -{{ tpl (include "artifactory-ha.customInitContainersBegin" .) . | indent 6 }} - {{- end }} - {{- if .Values.artifactory.persistence.enabled }} - {{- if eq .Values.artifactory.persistence.type "file-system" }} - {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} - - name: "create-artifactory-data-dir" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} - command: - - 'sh' - - '-c' - - > - mkdir -p {{ tpl .Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir . }}; - resources: -{{ toYaml .Values.initContainers.resources | indent 10 }} - volumeMounts: - - mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} - name: volume - {{- end }} - {{- end }} - {{- if .Values.artifactory.deleteDBPropertiesOnStartup }} - - name: "delete-db-properties" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} - command: - - 'sh' - - '-c' - - 'rm -fv {{ .Values.artifactory.persistence.mountPath }}/etc/db.properties' - resources: -{{ toYaml .Values.initContainers.resources | indent 10 }} - volumeMounts: - - mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} - name: volume - {{- end }} - {{- end }} - {{- if and .Values.artifactory.node.waitForPrimaryStartup.enabled }} - - name: "wait-for-primary" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} - command: - - 'sh' - - '-c' - - > - echo "Waiting for primary node to be ready..."; - {{- if and .Values.artifactory.node.waitForPrimaryStartup.enabled .Values.artifactory.node.waitForPrimaryStartup.time }} - echo "Sleeping to allow time for primary node to come up"; - sleep {{ .Values.artifactory.node.waitForPrimaryStartup.time }}; - {{- else }} - while [ "$(wget --spider --no-check-certificate -S -T 3 {{ include "artifactory-ha.scheme" . }}://{{ template "artifactory-ha.primary.name" . }}:{{ .Values.artifactory.externalPort }}/ 2>&1 | grep '^ HTTP/' | awk '{print $2}')" != "200" ]; - do echo "Primary not ready. Waiting..."; sleep 3; - done; - echo "Primary node ready!"; - {{- end }} - resources: -{{ toYaml .Values.initContainers.resources | indent 10 }} - {{- end }} - - name: 'copy-system-yaml' - image: '{{ .Values.initContainerImage }}' - command: - - '/bin/sh' - - '-c' - - > - echo "Copy system.yaml to {{ .Values.artifactory.persistence.mountPath }}/etc"; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/access/keys/trusted; - {{- if .Values.systemYamlOverride.existingSecret }} - cp -fv /tmp/etc/{{ .Values.systemYamlOverride.dataKey }} {{ .Values.artifactory.persistence.mountPath }}/etc/system.yaml; - {{- else }} - cp -fv /tmp/etc/system.yaml {{ .Values.artifactory.persistence.mountPath }}/etc/system.yaml; - {{- end }} - echo "Remove {{ .Values.artifactory.persistence.mountPath }}/lost+found folder if exists"; - rm -rfv {{ .Values.artifactory.persistence.mountPath }}/lost+found; - echo "Removing join.key file"; - rm -fv {{ .Values.artifactory.persistence.mountPath }}/etc/security/join.key; - {{- if .Values.access.resetAccessCAKeys }} - echo "Resetting Access CA Keys - load from database"; - {{- end }} - {{- if .Values.access.customCertificatesSecretName }} - echo "Load custom certificates from database"; - {{- end }} - {{- if or .Values.artifactory.masterKey .Values.global.masterKey .Values.artifactory.masterKeySecretName .Values.global.masterKeySecretName }} - echo "Copy masterKey to {{ .Values.artifactory.persistence.mountPath }}/etc/security"; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/security; - echo -n ${ARTIFACTORY_MASTER_KEY} > {{ .Values.artifactory.persistence.mountPath }}/etc/security/master.key; - env: - - name: ARTIFACTORY_MASTER_KEY - valueFrom: - secretKeyRef: - name: {{ include "artifactory-ha.masterKeySecretName" . }} - key: master-key - {{- end }} - resources: -{{ toYaml .Values.initContainers.resources | indent 10 }} - volumeMounts: - - name: volume - mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} - {{- if or .Values.systemYamlOverride.existingSecret .Values.artifactory.systemYaml }} - - name: systemyaml - {{- if .Values.systemYamlOverride.existingSecret }} - mountPath: "/tmp/etc/{{.Values.systemYamlOverride.dataKey}}" - subPath: {{ .Values.systemYamlOverride.dataKey }} - {{- else if .Values.artifactory.systemYaml }} - mountPath: "/tmp/etc/system.yaml" - subPath: system.yaml - {{- end }} - {{- end }} - {{- if and .Values.artifactory.customPersistentPodVolumeClaim (not .Values.artifactory.customPersistentPodVolumeClaim.skipPrepareContainer) }} - - name: "prepare-custom-persistent-volume" - image: "{{ .Values.initContainerImage }}" - command: - - 'sh' - - '-c' - - > - chown -Rv {{ .Values.artifactory.uid }}:{{ .Values.artifactory.gid }} {{ .Values.artifactory.customPersistentPodVolumeClaim.mountPath }} - securityContext: - runAsUser: 0 - resources: -{{ toYaml .Values.initContainers.resources | indent 10 }} - volumeMounts: - - name: {{ .Values.artifactory.customPersistentPodVolumeClaim.name }} - mountPath: {{ .Values.artifactory.customPersistentPodVolumeClaim.mountPath }} - {{- end }} - {{- if or .Values.artifactory.customCertificates.enabled .Values.global.customCertificates.enabled }} - - name: copy-custom-certificates - image: "{{ .Values.initContainerImage }}" - resources: -{{ toYaml .Values.initContainers.resources | indent 10 }} - command: - - 'sh' - - '-c' - - > -{{ include "artifactory-ha.copyCustomCerts" . | indent 10 }} - volumeMounts: - - name: volume - mountPath: {{ .Values.artifactory.persistence.mountPath }} - - name: ca-certs - mountPath: "/tmp/certs" - {{- end }} - {{- if .Values.waitForDatabase }} - {{- if or .Values.postgresql.enabled }} - - name: "wait-for-db" - image: "{{ .Values.initContainerImage }}" - command: - - 'sh' - - '-c' - - > - until nc -z -w 2 {{ .Release.Name }}-postgresql {{ .Values.postgresql.service.port }} && echo database ok; do - sleep 2; - done; - resources: -{{ toYaml .Values.initContainers.resources | indent 10 }} - {{- end }} - {{- end }} - {{- if or .Values.artifactory.customInitContainers .Values.global.customInitContainers }} -{{ tpl (include "artifactory-ha.customInitContainers" .) . | indent 6 }} - {{- end }} -{{- if .Values.artifactory.migration.enabled }} - - name: 'migration-artifactory-ha' - image: {{ include "artifactory-ha.getImageInfoByValue" (list . "artifactory") }} - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} - securityContext: - allowPrivilegeEscalation: false - command: - - '/bin/bash' - - '-c' - - > - {{- if .Values.artifactory.migration.preStartCommand }} - echo "Running custom preStartCommand command"; - {{ tpl .Values.artifactory.migration.preStartCommand . }}; - {{- end }} - scriptsPath="/opt/jfrog/artifactory/app/bin"; - mkdir -p $scriptsPath; - echo "Copy migration scripts and Run migration"; - cp -fv /tmp/migrate.sh $scriptsPath/migrate.sh; - cp -fv /tmp/migrationHelmInfo.yaml $scriptsPath/migrationHelmInfo.yaml; - cp -fv /tmp/migrationStatus.sh $scriptsPath/migrationStatus.sh; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/log; - bash $scriptsPath/migrationStatus.sh {{ include "artifactory-ha.app.version" . }} {{ .Values.artifactory.migration.timeoutSeconds }} > >(tee {{ .Values.artifactory.persistence.mountPath }}/log/helm-migration.log) 2>&1; - resources: -{{ toYaml .Values.artifactory.node.resources | indent 10 }} - env: - {{- if and (not .Values.waitForDatabase) (not .Values.postgresql.enabled) }} - - name: SKIP_WAIT_FOR_EXTERNAL_DB - value: "true" - {{- end }} - {{- if or .Values.database.secrets.user .Values.database.user }} - - name: JF_SHARED_DATABASE_USERNAME - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.user }} - name: {{ tpl .Values.database.secrets.user.name . }} - key: {{ tpl .Values.database.secrets.user.key . }} - {{- else if .Values.database.user }} - name: {{ template "artifactory-ha.fullname" . }}-database-creds - key: db-user - {{- end }} - {{- end }} - {{ if or .Values.database.secrets.password .Values.database.password .Values.postgresql.enabled }} - - name: JF_SHARED_DATABASE_PASSWORD - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.password }} - name: {{ tpl .Values.database.secrets.password.name . }} - key: {{ tpl .Values.database.secrets.password.key . }} - {{- else if .Values.database.password }} - name: {{ template "artifactory-ha.fullname" . }}-database-creds - key: db-password - {{- else if .Values.postgresql.enabled }} - name: {{ .Release.Name }}-postgresql - key: postgresql-password - {{- end }} - {{- end }} - {{- if or .Values.database.secrets.url .Values.database.url }} - - name: JF_SHARED_DATABASE_URL - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.url }} - name: {{ tpl .Values.database.secrets.url.name . }} - key: {{ tpl .Values.database.secrets.url.key . }} - {{- else if .Values.database.url }} - name: {{ template "artifactory-ha.fullname" . }}-database-creds - key: db-url - {{- end }} - {{- end }} - - name: JF_SHARED_NODE_PRIMARY - value: "false" - - name: JF_SHARED_NODE_HAENABLED - value: "true" -{{- with .Values.artifactory.extraEnvironmentVariables }} -{{ tpl (toYaml .) $ | indent 8 }} -{{- end }} - volumeMounts: - - name: migration-scripts - mountPath: "/tmp/migrate.sh" - subPath: migrate.sh - - name: migration-scripts - mountPath: "/tmp/migrationHelmInfo.yaml" - subPath: migrationHelmInfo.yaml - - name: migration-scripts - mountPath: "/tmp/migrationStatus.sh" - subPath: migrationStatus.sh - - name: volume - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - {{- if eq .Values.artifactory.persistence.type "file-system" }} - {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} - {{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }} - - name: artifactory-ha-data-{{ $sharedClaimNumber }} - mountPath: "{{ tpl $.Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir $ }}/filestore{{ $sharedClaimNumber }}" - {{- end }} - - name: artifactory-ha-backup - mountPath: "{{ $.Values.artifactory.persistence.fileSystem.existingSharedClaim.backupDir }}" - {{- end }} - {{- end }} - {{- if or .Values.artifactory.customVolumeMounts .Values.global.customVolumeMounts }} -{{ tpl (include "artifactory-ha.customVolumeMounts" .) . | indent 8 }} - {{- end }} - {{- if eq .Values.artifactory.persistence.type "nfs" }} - - name: artifactory-ha-data - mountPath: "{{ .Values.artifactory.persistence.nfs.dataDir }}" - - name: artifactory-ha-backup - mountPath: "{{ .Values.artifactory.persistence.nfs.backupDir }}" - {{- else }} - {{- if .Values.artifactory.binarystore.enabled }} - - name: binarystore-xml - mountPath: "/artifactory_bootstrap/binarystore.xml" - subPath: binarystore.xml - {{- end }} - {{- end }} - {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} - - name: gcpcreds-json - mountPath: "/artifactory_bootstrap/gcp.credentials.json" - subPath: gcp.credentials.json - {{- end }} -{{- end }} - {{- if .Values.hostAliases }} - hostAliases: -{{ toYaml .Values.hostAliases | indent 6 }} - {{- end }} - containers: - - name: {{ .Values.artifactory.name }} - image: {{ include "artifactory-ha.getImageInfoByValue" (list . "artifactory") }} - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} - securityContext: - allowPrivilegeEscalation: false - command: - - '/bin/bash' - - '-c' - - > - set -e; - {{- range .Values.artifactory.copyOnEveryStartup }} - {{- $targetPath := printf "%s/%s" $.Values.artifactory.persistence.mountPath .target }} - {{- $baseDirectory := regexFind ".*/" $targetPath }} - mkdir -p {{ $baseDirectory }}; - cp -Lrf {{ .source }} {{ $.Values.artifactory.persistence.mountPath }}/{{ .target }}; - {{- end }} - {{- if .Values.artifactory.preStartCommand }} - echo "Running custom preStartCommand command"; - {{ tpl .Values.artifactory.preStartCommand . }}; - {{- end }} - {{- with .Values.artifactory.node.preStartCommand }} - echo "Running member node specific custom preStartCommand command"; - {{ tpl . $ }}; - {{- end }} - exec /entrypoint-artifactory.sh - {{- with .Values.artifactory.postStartCommand }} - lifecycle: - postStart: - exec: - command: - - '/bin/bash' - - '-c' - - > - echo "Running custom postStartCommand command"; - {{ tpl . $ }} - {{- end }} - env: - {{- if and (not .Values.waitForDatabase) (not .Values.postgresql.enabled) }} - - name: SKIP_WAIT_FOR_EXTERNAL_DB - value: "true" - {{- end }} - {{- if or .Values.database.secrets.user .Values.database.user }} - - name: JF_SHARED_DATABASE_USERNAME - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.user }} - name: {{ tpl .Values.database.secrets.user.name . }} - key: {{ tpl .Values.database.secrets.user.key . }} - {{- else if .Values.database.user }} - name: {{ template "artifactory-ha.fullname" . }}-database-creds - key: db-user - {{- end }} - {{- end }} - {{ if or .Values.database.secrets.password .Values.database.password .Values.postgresql.enabled }} - - name: JF_SHARED_DATABASE_PASSWORD - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.password }} - name: {{ tpl .Values.database.secrets.password.name . }} - key: {{ tpl .Values.database.secrets.password.key . }} - {{- else if .Values.database.password }} - name: {{ template "artifactory-ha.fullname" . }}-database-creds - key: db-password - {{- else if .Values.postgresql.enabled }} - name: {{ .Release.Name }}-postgresql - key: postgresql-password - {{- end }} - {{- end }} - {{- if or .Values.database.secrets.url .Values.database.url }} - - name: JF_SHARED_DATABASE_URL - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.url }} - name: {{ tpl .Values.database.secrets.url.name . }} - key: {{ tpl .Values.database.secrets.url.key . }} - {{- else if .Values.database.url }} - name: {{ template "artifactory-ha.fullname" . }}-database-creds - key: db-url - {{- end }} - {{- end }} - - name: JF_SHARED_NODE_PRIMARY - value: "false" - - name: JF_SHARED_NODE_HAENABLED - value: "true" -{{- with .Values.artifactory.extraEnvironmentVariables }} -{{ tpl (toYaml .) $ | indent 8 }} -{{- end }} - ports: - - containerPort: {{ .Values.artifactory.internalPort }} - name: http - - containerPort: {{ .Values.artifactory.internalArtifactoryPort }} - name: http-internal - {{- if .Values.artifactory.node.javaOpts.jmx.enabled }} - - containerPort: {{ .Values.artifactory.node.javaOpts.jmx.port }} - name: tcp-jmx - {{- end }} - {{- if .Values.artifactory.ssh.enabled }} - - containerPort: {{ .Values.artifactory.ssh.internalPort }} - name: tcp-ssh - {{- end }} - volumeMounts: - {{- if .Values.artifactory.customPersistentVolumeClaim }} - - name: {{ .Values.artifactory.customPersistentVolumeClaim.name }} - mountPath: {{ .Values.artifactory.customPersistentVolumeClaim.mountPath }} - {{- end }} - {{- if .Values.artifactory.customPersistentPodVolumeClaim }} - - name: {{ .Values.artifactory.customPersistentPodVolumeClaim.name }} - mountPath: {{ .Values.artifactory.customPersistentPodVolumeClaim.mountPath }} - {{- end }} - - name: volume - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - {{- if eq .Values.artifactory.persistence.type "file-system" }} - {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} - {{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }} - - name: artifactory-ha-data-{{ $sharedClaimNumber }} - mountPath: "{{ tpl $.Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir $ }}/filestore{{ $sharedClaimNumber }}" - {{- end }} - - name: artifactory-ha-backup - mountPath: "{{ $.Values.artifactory.persistence.fileSystem.existingSharedClaim.backupDir }}" - {{- end }} - {{- end }} - {{- if eq .Values.artifactory.persistence.type "nfs" }} - - name: artifactory-ha-data - mountPath: "{{ .Values.artifactory.persistence.nfs.dataDir }}" - - name: artifactory-ha-backup - mountPath: "{{ .Values.artifactory.persistence.nfs.backupDir }}" - {{- else }} - {{- if .Values.artifactory.binarystore.enabled }} - - name: binarystore-xml - mountPath: "/artifactory_bootstrap/binarystore.xml" - subPath: binarystore.xml - {{- end }} - {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} - - name: gcpcreds-json - mountPath: "/artifactory_bootstrap/gcp.credentials.json" - subPath: gcp.credentials.json - {{- end }} - {{- if .Values.artifactory.configMapName }} - - name: bootstrap-config - mountPath: "/bootstrap/" - {{- end }} - {{- if or .Values.artifactory.license.secret .Values.artifactory.license.licenseKey }} - - name: artifactory-license - mountPath: "/artifactory_bootstrap/artifactory.cluster.license" - {{- if .Values.artifactory.license.secret }} - subPath: {{ .Values.artifactory.license.dataKey }} - {{- else if .Values.artifactory.license.licenseKey }} - subPath: artifactory.lic - {{- end }} - {{- end }} - {{- end }} - - name: installer-info - mountPath: "/artifactory_bootstrap/info/installer-info.json" - subPath: installer-info.json - {{- if or .Values.artifactory.customVolumeMounts .Values.global.customVolumeMounts }} -{{ tpl (include "artifactory-ha.customVolumeMounts" .) . | indent 8 }} - {{- end }} - resources: -{{ toYaml .Values.artifactory.node.resources | indent 10 }} - {{- if .Values.artifactory.startupProbe.enabled }} - startupProbe: - httpGet: - path: {{ .Values.artifactory.startupProbe.path }} - scheme: {{ include "artifactory-ha.scheme" . | upper }} - port: {{ .Values.artifactory.internalPort }} - initialDelaySeconds: {{ .Values.artifactory.startupProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.artifactory.startupProbe.periodSeconds }} - failureThreshold: {{ .Values.artifactory.startupProbe.failureThreshold }} - timeoutSeconds: {{ .Values.artifactory.startupProbe.timeoutSeconds }} - {{- end }} - {{- if .Values.artifactory.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: {{ .Values.artifactory.readinessProbe.path }} - scheme: {{ include "artifactory-ha.scheme" . | upper }} - port: {{ .Values.artifactory.internalPort }} - initialDelaySeconds: {{ .Values.artifactory.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.artifactory.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.artifactory.readinessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.artifactory.readinessProbe.failureThreshold }} - successThreshold: {{ .Values.artifactory.readinessProbe.successThreshold }} - {{- end }} - {{- if .Values.artifactory.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: {{ .Values.artifactory.livenessProbe.path }} - scheme: {{ include "artifactory-ha.scheme" . | upper }} - port: {{ .Values.artifactory.internalPort }} - initialDelaySeconds: {{ .Values.artifactory.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.artifactory.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.artifactory.livenessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.artifactory.livenessProbe.failureThreshold }} - successThreshold: {{ .Values.artifactory.livenessProbe.successThreshold }} - {{- end }} - {{- $mountPath := .Values.artifactory.persistence.mountPath }} - {{- range .Values.artifactory.loggers }} - - name: {{ . | replace "_" "-" | replace "." "-" }} - image: {{ include "artifactory-ha.getImageInfoByValue" (list $ "logger") }} - command: - - 'sh' - - '-c' - - 'sh /scripts/tail-log.sh {{ $mountPath }}/log {{ . }}' - volumeMounts: - - name: volume - mountPath: {{ $mountPath }} - - name: tail-logger-script - mountPath: /scripts/tail-log.sh - subPath: tail-log.sh - resources: -{{ toYaml $.Values.artifactory.loggersResources | indent 10 }} - {{- end }} - {{ if .Values.artifactory.catalinaLoggers }} - {{- range .Values.artifactory.catalinaLoggers }} - - name: {{ . | replace "_" "-" | replace "." "-" }} - image: {{ include "artifactory-ha.getImageInfoByValue" (list $ "logger") }} - command: - - 'sh' - - '-c' - - 'sh /scripts/tail-log.sh {{ $mountPath }}/log/tomcat {{ . }}' - volumeMounts: - - name: volume - mountPath: {{ $mountPath }} - - name: tail-logger-script - mountPath: /scripts/tail-log.sh - subPath: tail-log.sh - resources: -{{ toYaml $.Values.artifactory.catalinaLoggersResources | indent 10 }} - {{- end }} - {{- end }} - {{- if .Values.filebeat.enabled }} - - name: {{ .Values.filebeat.name }} - image: "{{ .Values.filebeat.image.repository }}:{{ .Values.filebeat.image.version }}" - imagePullPolicy: {{ .Values.filebeat.image.pullPolicy }} - args: - - "-e" - - "-E" - - "http.enabled=true" - securityContext: - runAsUser: 0 - volumeMounts: - - name: filebeat-config - mountPath: /usr/share/filebeat/filebeat.yml - readOnly: true - subPath: filebeat.yml - - name: volume - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - livenessProbe: -{{ toYaml .Values.filebeat.livenessProbe | indent 10 }} - readinessProbe: -{{ toYaml .Values.filebeat.readinessProbe | indent 10 }} - resources: -{{ toYaml .Values.filebeat.resources | indent 10 }} - terminationGracePeriodSeconds: {{ .Values.terminationGracePeriod }} - {{- end }} - {{- if or .Values.artifactory.customSidecarContainers .Values.global.customSidecarContainers }} -{{ tpl (include "artifactory-ha.customSidecarContainers" .) . | indent 6 }} - {{- end }} - {{- with .Values.artifactory.node.nodeSelector }} - nodeSelector: -{{ toYaml . | indent 8 }} - {{- end }} - {{- if .Values.artifactory.node.affinity }} - {{- with .Values.artifactory.node.affinity }} - affinity: -{{ toYaml . | indent 8 }} - {{- end }} - {{- else if eq .Values.artifactory.node.podAntiAffinity.type "soft" }} - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 - podAffinityTerm: - topologyKey: {{ .Values.artifactory.node.podAntiAffinity.topologyKey }} - labelSelector: - matchLabels: - app: {{ template "artifactory-ha.name" . }} - release: {{ .Release.Name }} - {{- if eq .Values.artifactory.service.pool "members" }} - role: {{ template "artifactory-ha.node.name" . }} - {{- end }} - {{- else if eq .Values.artifactory.node.podAntiAffinity.type "hard" }} - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: {{ .Values.artifactory.node.podAntiAffinity.topologyKey }} - labelSelector: - matchLabels: - app: {{ template "artifactory-ha.name" . }} - release: {{ .Release.Name }} - {{- if eq .Values.artifactory.service.pool "members" }} - role: {{ template "artifactory-ha.node.name" . }} - {{- end }} - {{- end }} - {{- with .Values.artifactory.node.tolerations }} - tolerations: -{{ toYaml . | indent 8 }} - {{- end }} - volumes: - {{- if or .Values.artifactory.customCertificates.enabled .Values.global.customCertificates.enabled }} - - name: ca-certs - secret: - secretName: {{ default .Values.global.customCertificates.certificateSecretName .Values.artifactory.customCertificates.certificateSecretName }} - {{- end }} - {{- if .Values.artifactory.binarystore.enabled }} - - name: binarystore-xml - secret: - {{- if .Values.artifactory.persistence.customBinarystoreXmlSecret }} - secretName: {{ .Values.artifactory.persistence.customBinarystoreXmlSecret }} - {{- else }} - secretName: {{ template "artifactory-ha.fullname" . }}-binarystore - {{- end }} - {{- end }} - {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} - - name: gcpcreds-json - secret: - {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.customSecretName }} - secretName: {{ .Values.artifactory.persistence.googleStorage.gcpServiceAccount.customSecretName }} - {{- else }} - secretName: {{ template "artifactory-ha.fullname" . }}-gcpcreds - {{- end }} - {{- end }} - {{- if or .Values.artifactory.license.secret .Values.artifactory.license.licenseKey }} - - name: artifactory-license - secret: - {{- if .Values.artifactory.license.secret }} - secretName: {{ .Values.artifactory.license.secret }} - {{- else if .Values.artifactory.license.licenseKey }} - secretName: {{ template "artifactory-ha.fullname" . }}-license - {{- end }} - {{- end }} -{{- if .Values.artifactory.migration.enabled }} - - name: migration-scripts - configMap: - name: {{ template "artifactory-ha.fullname" . }}-migration-scripts -{{- end }} - - name: installer-info - configMap: - name: {{ template "artifactory-ha.fullname" . }}-installer-info - {{- if .Values.artifactory.configMapName }} - - name: bootstrap-config - configMap: - name: {{ .Values.artifactory.configMapName }} - {{- end}} - {{- if or .Values.artifactory.loggers .Values.artifactory.catalinaLoggers }} - - name: tail-logger-script - configMap: - name: {{ template "artifactory-ha.fullname" . }}-logger - {{- end }} - {{- if .Values.artifactory.configMaps }} - - name: artifactory-configmaps - configMap: - name: {{ template "artifactory-ha.fullname" . }}-configmaps - {{- end }} - {{- if eq .Values.artifactory.persistence.type "file-system" }} - {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} - {{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }} - - name: artifactory-ha-data-{{ $sharedClaimNumber }} - persistentVolumeClaim: - claimName: {{ template "artifactory-ha.fullname" $ }}-data-pvc-{{ $sharedClaimNumber }} - {{- end }} - - name: artifactory-ha-backup - persistentVolumeClaim: - claimName: {{ template "artifactory-ha.fullname" $ }}-backup-pvc - {{- end }} - {{- end }} - {{- if eq .Values.artifactory.persistence.type "nfs" }} - - name: artifactory-ha-data - persistentVolumeClaim: - claimName: {{ template "artifactory-ha.fullname" . }}-data-pvc - - name: artifactory-ha-backup - persistentVolumeClaim: - claimName: {{ template "artifactory-ha.fullname" . }}-backup-pvc - {{- end }} - {{- if or .Values.systemYamlOverride.existingSecret .Values.artifactory.systemYaml }} - - name: systemyaml - secret: - secretName: {{ default (printf "%s-%s" (include "artifactory-ha.primary.name" .) "system-yaml") .Values.systemYamlOverride.existingSecret }} - {{- end }} - {{- if .Values.artifactory.customPersistentVolumeClaim }} - - name: {{ .Values.artifactory.customPersistentVolumeClaim.name }} - persistentVolumeClaim: - claimName: {{ .Values.artifactory.customPersistentVolumeClaim.name }} - {{- end }} - {{- if .Values.filebeat.enabled }} - - name: filebeat-config - configMap: - name: {{ template "artifactory-ha.fullname" . }}-filebeat-config - {{- end }} - {{- if or .Values.artifactory.customVolumes .Values.global.customVolumes }} -{{ tpl (include "artifactory-ha.customVolumes" .) . | indent 6 }} - {{- end }} - {{- if not .Values.artifactory.persistence.enabled }} - - name: volume - emptyDir: - sizeLimit: {{ .Values.artifactory.persistence.size }} - {{- end }} - volumeClaimTemplates: - {{- if .Values.artifactory.persistence.enabled }} - - metadata: - name: volume - {{- if not .Values.artifactory.node.persistence.existingClaim }} - spec: - {{- if .Values.artifactory.persistence.storageClassName }} - {{- if (eq "-" .Values.artifactory.persistence.storageClassName) }} - storageClassName: "" - {{- else }} - storageClassName: "{{ .Values.artifactory.persistence.storageClassName }}" - {{- end }} - {{- end }} - accessModes: [ "{{ .Values.artifactory.persistence.accessMode }}" ] - resources: - requests: - storage: {{ .Values.artifactory.persistence.size }} - {{- end }} - {{- end }} - {{- if .Values.artifactory.customPersistentPodVolumeClaim }} - - metadata: - name: {{ .Values.artifactory.customPersistentPodVolumeClaim.name }} - spec: - {{- if .Values.artifactory.customPersistentPodVolumeClaim.storageClassName }} - {{- if (eq "-" .Values.artifactory.customPersistentPodVolumeClaim.storageClassName) }} - storageClassName: "" - {{- else }} - storageClassName: "{{ .Values.artifactory.customPersistentPodVolumeClaim.storageClassName }}" - {{- end }} - {{- end }} - accessModes: - {{- range .Values.artifactory.customPersistentPodVolumeClaim.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.artifactory.customPersistentPodVolumeClaim.size }} - {{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-primary-pdb.yaml b/charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-primary-pdb.yaml deleted file mode 100644 index cc4dfab65..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-primary-pdb.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.artifactory.primary.minAvailable -}} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ template "artifactory-ha.fullname" . }}-primary - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - component: {{ .Values.artifactory.name }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - matchLabels: - component: {{ .Values.artifactory.name }} - app: {{ template "artifactory-ha.name" . }} - role: {{ template "artifactory-ha.primary.name" . }} - release: {{ .Release.Name }} - minAvailable: {{ .Values.artifactory.primary.minAvailable }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-primary-statefulset.yaml b/charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-primary-statefulset.yaml deleted file mode 100644 index c86a8b1cb..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-primary-statefulset.yaml +++ /dev/null @@ -1,897 +0,0 @@ -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ template "artifactory-ha.primary.name" . }} - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - component: {{ .Values.artifactory.name }} - version: {{ include "artifactory-ha.app.version" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -{{- with .Values.artifactory.primary.labels }} -{{ toYaml . | indent 4 }} -{{- end }} -{{- if and .Release.IsUpgrade .Values.postgresql.enabled }} - databaseUpgradeReady: {{ required "\n\n*********\nIMPORTANT: UPGRADE STOPPED to prevent data loss!\nReview CHANGELOG.md (https://github.com/jfrog/charts/blob/master/stable/artifactory-ha/CHANGELOG.md) \nNote: This applies only when you are using bundled postgresql (postgresql.enabled=true) \nIf you are upgrading from a chart version (< 4.x) that has postgresql.image.tag of 9.x or 10.x, make sure to pass the current postgresql.image.tag and set databaseUpgradeReady=true \nOR \nIf you are upgrading from a chart version (>= 4.x), just set databaseUpgradeReady=true \n" .Values.databaseUpgradeReady | quote }} -{{- end }} -spec: - serviceName: {{ template "artifactory-ha.primary.name" . }} - replicas: {{ .Values.artifactory.primary.replicaCount }} - updateStrategy: {{- toYaml .Values.artifactory.primary.updateStrategy | nindent 4}} - selector: - matchLabels: - app: {{ template "artifactory-ha.name" . }} - role: {{ template "artifactory-ha.primary.name" . }} - release: {{ .Release.Name }} - template: - metadata: - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - role: {{ template "artifactory-ha.primary.name" . }} - component: {{ .Values.artifactory.name }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - {{- with .Values.artifactory.primary.labels }} -{{ toYaml . | indent 8 }} - {{- end }} - annotations: - checksum/database-secrets: {{ include (print $.Template.BasePath "/artifactory-database-secrets.yaml") . | sha256sum }} - checksum/binarystore: {{ include (print $.Template.BasePath "/artifactory-binarystore-secret.yaml") . | sha256sum }} - checksum/systemyaml: {{ include (print $.Template.BasePath "/artifactory-system-yaml.yaml") . | sha256sum }} - {{- if .Values.access.accessConfig }} - checksum/access-config: {{ include (print $.Template.BasePath "/artifactory-access-config.yaml") . | sha256sum }} - {{- end }} - {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} - checksum/gcpcredentials: {{ include (print $.Template.BasePath "/artifactory-gcp-credentials-secret.yaml") . | sha256sum }} - {{- end }} - {{- if not (and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey) }} - checksum/admin-creds: {{ include (print $.Template.BasePath "/admin-bootstrap-creds.yaml") . | sha256sum }} - {{- end }} - {{- range $key, $value := .Values.artifactory.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} - spec: - {{- if .Values.artifactory.priorityClass.existingPriorityClass }} - priorityClassName: {{ .Values.artifactory.priorityClass.existingPriorityClass }} - {{- else -}} - {{- if .Values.artifactory.priorityClass.create }} - priorityClassName: {{ default (include "artifactory-ha.fullname" .) .Values.artifactory.priorityClass.name }} - {{- end }} - {{- end }} - serviceAccountName: {{ template "artifactory-ha.serviceAccountName" . }} - terminationGracePeriodSeconds: {{ .Values.artifactory.terminationGracePeriodSeconds }} - {{- if or .Values.imagePullSecrets .Values.global.imagePullSecrets }} -{{- include "artifactory-ha.imagePullSecrets" . | indent 6 }} - {{- end }} - {{- if .Values.artifactory.setSecurityContext }} - securityContext: - runAsUser: {{ .Values.artifactory.uid }} - fsGroup: {{ .Values.artifactory.gid }} - {{- end }} - initContainers: - {{- if or .Values.artifactory.customInitContainersBegin .Values.global.customInitContainersBegin }} -{{ tpl (include "artifactory-ha.customInitContainersBegin" .) . | indent 6 }} - {{- end }} - {{- if .Values.artifactory.persistence.enabled }} - {{- if eq .Values.artifactory.persistence.type "file-system" }} - {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} - - name: "create-artifactory-data-dir" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} - resources: -{{ toYaml .Values.initContainers.resources | indent 10 }} - command: - - 'sh' - - '-c' - - > - mkdir -p {{ tpl .Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir . }}; - volumeMounts: - - mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} - name: volume - {{- end }} - {{- end }} - {{- if .Values.artifactory.deleteDBPropertiesOnStartup }} - - name: "delete-db-properties" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} - resources: -{{ toYaml .Values.initContainers.resources | indent 10 }} - command: - - 'sh' - - '-c' - - 'rm -fv {{ .Values.artifactory.persistence.mountPath }}/etc/db.properties' - volumeMounts: - - mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} - name: volume - {{- end }} - - name: "remove-lost-found" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} - resources: -{{ toYaml .Values.initContainers.resources | indent 10 }} - command: - - 'sh' - - '-c' - - > - rm -rfv {{ .Values.artifactory.persistence.mountPath }}/lost+found; - rm -rfv {{ tpl .Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir . }}/lost+found; - rm -rfv {{ .Values.artifactory.persistence.fileSystem.existingSharedClaim.backupDir }}/lost+found; - volumeMounts: - - name: volume - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - {{- if eq .Values.artifactory.persistence.type "file-system" }} - {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} - {{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }} - - name: artifactory-ha-data-{{ $sharedClaimNumber }} - mountPath: "{{ tpl $.Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir $ }}/filestore{{ $sharedClaimNumber }}" - {{- end }} - - name: artifactory-ha-backup - mountPath: "{{ $.Values.artifactory.persistence.fileSystem.existingSharedClaim.backupDir }}" - {{- end }} - {{- end }} - {{- if or (and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey) .Values.artifactory.admin.password }} - - name: "access-bootstrap-creds" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} - resources: -{{ toYaml .Values.initContainers.resources | indent 10 }} - command: - - 'sh' - - '-c' - - > - echo "Preparing {{ .Values.artifactory.persistence.mountPath }}/etc/access/bootstrap.creds"; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/access; - cp -Lrf /tmp/access/bootstrap.creds {{ .Values.artifactory.persistence.mountPath }}/etc/access/bootstrap.creds; - chmod 600 {{ .Values.artifactory.persistence.mountPath }}/etc/access/bootstrap.creds; - volumeMounts: - - name: volume - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - - name: access-bootstrap-creds - mountPath: "/tmp/access/bootstrap.creds" - {{- if and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey }} - subPath: {{ .Values.artifactory.admin.dataKey }} - {{- else }} - subPath: bootstrap.creds - {{- end }} - {{- end }} - {{- end }} - - name: 'copy-system-yaml' - image: '{{ .Values.initContainerImage }}' - resources: -{{ toYaml .Values.initContainers.resources | indent 10 }} - command: - - '/bin/sh' - - '-c' - - > - echo "Copy system.yaml to {{ .Values.artifactory.persistence.mountPath }}/etc"; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/access/keys/trusted; - {{- if .Values.systemYamlOverride.existingSecret }} - cp -fv /tmp/etc/{{ .Values.systemYamlOverride.dataKey }} {{ .Values.artifactory.persistence.mountPath }}/etc/system.yaml; - {{- else }} - cp -fv /tmp/etc/system.yaml {{ .Values.artifactory.persistence.mountPath }}/etc/system.yaml; - {{- end }} - echo "Remove {{ .Values.artifactory.persistence.mountPath }}/lost+found folder if exists"; - rm -rfv {{ .Values.artifactory.persistence.mountPath }}/lost+found; - {{- if .Values.access.accessConfig }} - echo "Copy access.config.patch.yml to {{ .Values.artifactory.persistence.mountPath }}/etc/access"; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/access; - cp -fv /tmp/etc/access.config.patch.yml {{ .Values.artifactory.persistence.mountPath }}/etc/access/access.config.patch.yml; - {{- end }} - {{- if .Values.access.resetAccessCAKeys }} - echo "Resetting Access CA Keys"; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys; - touch {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys/reset_ca_keys; - {{- end }} - {{- if .Values.access.customCertificatesSecretName }} - echo "Copying custom certificates to {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys"; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys; - cp -fv /tmp/etc/tls.crt {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys/ca.crt; - cp -fv /tmp/etc/tls.key {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys/ca.private.key; - {{- end }} - {{- if or .Values.artifactory.joinKey .Values.global.joinKey .Values.artifactory.joinKeySecretName .Values.global.joinKeySecretName }} - echo "Copy joinKey to {{ .Values.artifactory.persistence.mountPath }}/bootstrap/access/etc/security"; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/bootstrap/access/etc/security; - echo -n ${ARTIFACTORY_JOIN_KEY} > {{ .Values.artifactory.persistence.mountPath }}/bootstrap/access/etc/security/join.key; - {{- end }} - {{- if or .Values.artifactory.masterKey .Values.global.masterKey .Values.artifactory.masterKeySecretName .Values.global.masterKeySecretName }} - echo "Copy masterKey to {{ .Values.artifactory.persistence.mountPath }}/etc/security"; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/security; - echo -n ${ARTIFACTORY_MASTER_KEY} > {{ .Values.artifactory.persistence.mountPath }}/etc/security/master.key; - {{- end }} - env: - {{- if or .Values.artifactory.joinKey .Values.global.joinKey .Values.artifactory.joinKeySecretName .Values.global.joinKeySecretName }} - - name: ARTIFACTORY_JOIN_KEY - valueFrom: - secretKeyRef: - name: {{ include "artifactory-ha.joinKeySecretName" . }} - key: join-key - {{- end }} - {{- if or .Values.artifactory.masterKey .Values.global.masterKey .Values.artifactory.masterKeySecretName .Values.global.masterKeySecretName }} - - name: ARTIFACTORY_MASTER_KEY - valueFrom: - secretKeyRef: - name: {{ include "artifactory-ha.masterKeySecretName" . }} - key: master-key - {{- end }} - volumeMounts: - - name: volume - mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} - {{- if or .Values.systemYamlOverride.existingSecret .Values.artifactory.systemYaml }} - - name: systemyaml - {{- if .Values.systemYamlOverride.existingSecret }} - mountPath: "/tmp/etc/{{.Values.systemYamlOverride.dataKey}}" - subPath: {{ .Values.systemYamlOverride.dataKey }} - {{- else if .Values.artifactory.systemYaml }} - mountPath: "/tmp/etc/system.yaml" - subPath: system.yaml - {{- end }} - {{- end }} - {{- if .Values.access.accessConfig }} - - name: access-config - mountPath: "/tmp/etc/access.config.patch.yml" - subPath: access.config.patch.yml - {{- end }} - {{- if .Values.access.customCertificatesSecretName }} - - name: access-certs - mountPath: "/tmp/etc/tls.crt" - subPath: tls.crt - - name: access-certs - mountPath: "/tmp/etc/tls.key" - subPath: tls.key - {{- end }} - {{- if and .Values.artifactory.customPersistentPodVolumeClaim (not .Values.artifactory.customPersistentPodVolumeClaim.skipPrepareContainer) }} - - name: "prepare-custom-persistent-volume" - image: "{{ .Values.initContainerImage }}" - resources: -{{ toYaml .Values.initContainers.resources | indent 10 }} - command: - - 'sh' - - '-c' - - > - chown -Rv {{ .Values.artifactory.uid }}:{{ .Values.artifactory.gid }} {{ .Values.artifactory.customPersistentPodVolumeClaim.mountPath }} - securityContext: - capabilities: - add: - - CHOWN - resources: -{{ toYaml .Values.initContainers.resources | indent 10 }} - volumeMounts: - - name: {{ .Values.artifactory.customPersistentPodVolumeClaim.name }} - mountPath: {{ .Values.artifactory.customPersistentPodVolumeClaim.mountPath }} - {{- end }} - {{- if or .Values.artifactory.customCertificates.enabled .Values.global.customCertificates.enabled }} - - name: copy-custom-certificates - image: "{{ .Values.initContainerImage }}" - resources: -{{ toYaml .Values.initContainers.resources | indent 10 }} - command: - - 'sh' - - '-c' - - > -{{ include "artifactory-ha.copyCustomCerts" . | indent 10 }} - volumeMounts: - - name: volume - mountPath: {{ .Values.artifactory.persistence.mountPath }} - - name: ca-certs - mountPath: "/tmp/certs" - {{- end }} - {{- if .Values.waitForDatabase }} - {{- if or .Values.postgresql.enabled }} - - name: "wait-for-db" - image: "{{ .Values.initContainerImage }}" - command: - - 'sh' - - '-c' - - > - until nc -z -w 2 {{ .Release.Name }}-postgresql {{ .Values.postgresql.service.port }} && echo database ok; do - sleep 2; - done; - resources: -{{ toYaml .Values.initContainers.resources | indent 10 }} - {{- end }} - {{- end }} - {{- if or .Values.artifactory.customInitContainers .Values.global.customInitContainers }} -{{ tpl (include "artifactory-ha.customInitContainers" .) . | indent 6 }} - {{- end }} -{{- if .Values.artifactory.migration.enabled }} - - name: 'migration-artifactory-ha' - image: {{ include "artifactory-ha.getImageInfoByValue" (list . "artifactory") }} - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} - resources: -{{ toYaml .Values.artifactory.primary.resources | indent 10 }} - securityContext: - allowPrivilegeEscalation: false - command: - - '/bin/bash' - - '-c' - - > - {{- if .Values.artifactory.migration.preStartCommand }} - echo "Running custom preStartCommand command"; - {{ tpl .Values.artifactory.migration.preStartCommand . }}; - {{- end }} - scriptsPath="/opt/jfrog/artifactory/app/bin"; - mkdir -p $scriptsPath; - echo "Copy migration scripts and Run migration"; - cp -fv /tmp/migrate.sh $scriptsPath/migrate.sh; - cp -fv /tmp/migrationHelmInfo.yaml $scriptsPath/migrationHelmInfo.yaml; - cp -fv /tmp/migrationStatus.sh $scriptsPath/migrationStatus.sh; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/log; - bash $scriptsPath/migrationStatus.sh {{ include "artifactory-ha.app.version" . }} {{ .Values.artifactory.migration.timeoutSeconds }} > >(tee {{ .Values.artifactory.persistence.mountPath }}/log/helm-migration.log) 2>&1; - env: - {{- if and (not .Values.waitForDatabase) (not .Values.postgresql.enabled) }} - - name: SKIP_WAIT_FOR_EXTERNAL_DB - value: "true" - {{- end }} - {{- if or .Values.database.secrets.user .Values.database.user }} - - name: JF_SHARED_DATABASE_USERNAME - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.user }} - name: {{ tpl .Values.database.secrets.user.name . }} - key: {{ tpl .Values.database.secrets.user.key . }} - {{- else if .Values.database.user }} - name: {{ template "artifactory-ha.fullname" . }}-database-creds - key: db-user - {{- end }} - {{- end }} - {{ if or .Values.database.secrets.password .Values.database.password .Values.postgresql.enabled }} - - name: JF_SHARED_DATABASE_PASSWORD - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.password }} - name: {{ tpl .Values.database.secrets.password.name . }} - key: {{ tpl .Values.database.secrets.password.key . }} - {{- else if .Values.database.password }} - name: {{ template "artifactory-ha.fullname" . }}-database-creds - key: db-password - {{- else if .Values.postgresql.enabled }} - name: {{ .Release.Name }}-postgresql - key: postgresql-password - {{- end }} - {{- end }} - {{- if or .Values.database.secrets.url .Values.database.url }} - - name: JF_SHARED_DATABASE_URL - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.url }} - name: {{ tpl .Values.database.secrets.url.name . }} - key: {{ tpl .Values.database.secrets.url.key . }} - {{- else if .Values.database.url }} - name: {{ template "artifactory-ha.fullname" . }}-database-creds - key: db-url - {{- end }} - {{- end }} - - name: JF_SHARED_NODE_PRIMARY - value: "true" - - name: JF_SHARED_NODE_HAENABLED - value: "true" -{{- with .Values.artifactory.extraEnvironmentVariables }} -{{ tpl (toYaml .) $ | indent 8 }} -{{- end }} - volumeMounts: - - name: migration-scripts - mountPath: "/tmp/migrate.sh" - subPath: migrate.sh - - name: migration-scripts - mountPath: "/tmp/migrationHelmInfo.yaml" - subPath: migrationHelmInfo.yaml - - name: migration-scripts - mountPath: "/tmp/migrationStatus.sh" - subPath: migrationStatus.sh - - name: volume - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - {{- if eq .Values.artifactory.persistence.type "file-system" }} - {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} - {{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }} - - name: artifactory-ha-data-{{ $sharedClaimNumber }} - mountPath: "{{ tpl $.Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir $ }}/filestore{{ $sharedClaimNumber }}" - {{- end }} - - name: artifactory-ha-backup - mountPath: "{{ $.Values.artifactory.persistence.fileSystem.existingSharedClaim.backupDir }}" - {{- end }} - {{- end }} - {{- if or .Values.artifactory.customVolumeMounts .Values.global.customVolumeMounts }} -{{ tpl (include "artifactory-ha.customVolumeMounts" .) . | indent 8 }} - {{- end }} - {{- if eq .Values.artifactory.persistence.type "nfs" }} - - name: artifactory-ha-data - mountPath: "{{ .Values.artifactory.persistence.nfs.dataDir }}" - - name: artifactory-ha-backup - mountPath: "{{ .Values.artifactory.persistence.nfs.backupDir }}" - {{- else }} - {{- if .Values.artifactory.binarystore.enabled }} - - name: binarystore-xml - mountPath: "/artifactory_bootstrap/binarystore.xml" - subPath: binarystore.xml - {{- end }} - {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} - - name: gcpcreds-json - mountPath: "/artifactory_bootstrap/gcp.credentials.json" - subPath: gcp.credentials.json - {{- end }} - {{- end }} -{{- end }} - {{- if .Values.hostAliases }} - hostAliases: -{{ toYaml .Values.hostAliases | indent 6 }} - {{- end }} - containers: - - name: {{ .Values.artifactory.name }} - image: {{ include "artifactory-ha.getImageInfoByValue" (list . "artifactory") }} - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} - securityContext: - allowPrivilegeEscalation: false - command: - - '/bin/bash' - - '-c' - - > - set -e; - if [ -d /artifactory_extra_conf ] && [ -d /artifactory_bootstrap ]; then - echo "Copying bootstrap config from /artifactory_extra_conf to /artifactory_bootstrap"; - cp -Lrfv /artifactory_extra_conf/ /artifactory_bootstrap/; - fi; - {{- if .Values.artifactory.configMapName }} - echo "Copying bootstrap configs"; - cp -Lrf /bootstrap/* /artifactory_bootstrap/; - {{- end }} - {{- if .Values.artifactory.userPluginSecrets }} - echo "Copying plugins"; - cp -Lrf /tmp/plugin/*/* /artifactory_bootstrap/plugins; - {{- end }} - {{- range .Values.artifactory.copyOnEveryStartup }} - {{- $targetPath := printf "%s/%s" $.Values.artifactory.persistence.mountPath .target }} - {{- $baseDirectory := regexFind ".*/" $targetPath }} - mkdir -p {{ $baseDirectory }}; - cp -Lrf {{ .source }} {{ $.Values.artifactory.persistence.mountPath }}/{{ .target }}; - {{- end }} - {{- with .Values.artifactory.preStartCommand }} - echo "Running custom preStartCommand command"; - {{ tpl . $ }}; - {{- end }} - {{- with .Values.artifactory.primary.preStartCommand }} - echo "Running primary specific custom preStartCommand command"; - {{ tpl . $ }}; - {{- end }} - exec /entrypoint-artifactory.sh - {{- with .Values.artifactory.postStartCommand }} - lifecycle: - postStart: - exec: - command: - - '/bin/bash' - - '-c' - - > - echo "Running custom postStartCommand command"; - {{ tpl . $ }}; - {{- end }} - env: - {{- if and (not .Values.waitForDatabase) (not .Values.postgresql.enabled) }} - - name: SKIP_WAIT_FOR_EXTERNAL_DB - value: "true" - {{- end }} - {{- if or .Values.database.secrets.user .Values.database.user }} - - name: JF_SHARED_DATABASE_USERNAME - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.user }} - name: {{ tpl .Values.database.secrets.user.name . }} - key: {{ tpl .Values.database.secrets.user.key . }} - {{- else if .Values.database.user }} - name: {{ template "artifactory-ha.fullname" . }}-database-creds - key: db-user - {{- end }} - {{- end }} - {{ if or .Values.database.secrets.password .Values.database.password .Values.postgresql.enabled }} - - name: JF_SHARED_DATABASE_PASSWORD - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.password }} - name: {{ tpl .Values.database.secrets.password.name . }} - key: {{ tpl .Values.database.secrets.password.key . }} - {{- else if .Values.database.password }} - name: {{ template "artifactory-ha.fullname" . }}-database-creds - key: db-password - {{- else if .Values.postgresql.enabled }} - name: {{ .Release.Name }}-postgresql - key: postgresql-password - {{- end }} - {{- end }} - {{- if or .Values.database.secrets.url .Values.database.url }} - - name: JF_SHARED_DATABASE_URL - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.url }} - name: {{ tpl .Values.database.secrets.url.name . }} - key: {{ tpl .Values.database.secrets.url.key . }} - {{- else if .Values.database.url }} - name: {{ template "artifactory-ha.fullname" . }}-database-creds - key: db-url - {{- end }} - {{- end }} - - name: JF_SHARED_NODE_PRIMARY - value: "true" - - name: JF_SHARED_NODE_HAENABLED - value: "true" -{{- with .Values.artifactory.extraEnvironmentVariables }} -{{ tpl (toYaml .) $ | indent 8 }} -{{- end }} - ports: - - containerPort: {{ .Values.artifactory.internalPort }} - name: http - - containerPort: {{ .Values.artifactory.internalArtifactoryPort }} - name: http-internal - {{- if .Values.artifactory.primary.javaOpts.jmx.enabled }} - - containerPort: {{ .Values.artifactory.primary.javaOpts.jmx.port }} - name: tcp-jmx - {{- end }} - {{- if .Values.artifactory.ssh.enabled }} - - containerPort: {{ .Values.artifactory.ssh.internalPort }} - name: tcp-ssh - {{- end }} - volumeMounts: - {{- if .Values.artifactory.customPersistentVolumeClaim }} - - name: {{ .Values.artifactory.customPersistentVolumeClaim.name }} - mountPath: {{ .Values.artifactory.customPersistentVolumeClaim.mountPath }} - {{- end }} - {{- if .Values.artifactory.customPersistentPodVolumeClaim }} - - name: {{ .Values.artifactory.customPersistentPodVolumeClaim.name }} - mountPath: {{ .Values.artifactory.customPersistentPodVolumeClaim.mountPath }} - {{- end }} - {{- if .Values.artifactory.userPluginSecrets }} - - name: bootstrap-plugins - mountPath: "/artifactory_bootstrap/plugins/" - {{- range .Values.artifactory.userPluginSecrets }} - - name: {{ tpl . $ }} - mountPath: "/tmp/plugin/{{ tpl . $ }}" - {{- end }} - {{- end }} - - name: volume - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - {{- if eq .Values.artifactory.persistence.type "file-system" }} - {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} - {{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }} - - name: artifactory-ha-data-{{ $sharedClaimNumber }} - mountPath: "{{ tpl $.Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir $ }}/filestore{{ $sharedClaimNumber }}" - {{- end }} - - name: artifactory-ha-backup - mountPath: "{{ $.Values.artifactory.persistence.fileSystem.existingSharedClaim.backupDir }}" - {{- end }} - {{- end }} - {{- if eq .Values.artifactory.persistence.type "nfs" }} - - name: artifactory-ha-data - mountPath: "{{ .Values.artifactory.persistence.nfs.dataDir }}" - - name: artifactory-ha-backup - mountPath: "{{ .Values.artifactory.persistence.nfs.backupDir }}" - {{- else }} - {{- if .Values.artifactory.binarystore.enabled }} - - name: binarystore-xml - mountPath: "/artifactory_bootstrap/binarystore.xml" - subPath: binarystore.xml - {{- end }} - {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} - - name: gcpcreds-json - mountPath: "/artifactory_bootstrap/gcp.credentials.json" - subPath: gcp.credentials.json - {{- end }} - {{- end }} - {{- if .Values.artifactory.configMapName }} - - name: bootstrap-config - mountPath: "/bootstrap/" - {{- end }} - {{- if or .Values.artifactory.license.secret .Values.artifactory.license.licenseKey }} - - name: artifactory-license - mountPath: "/artifactory_bootstrap/artifactory.cluster.license" - {{- if .Values.artifactory.license.secret }} - subPath: {{ .Values.artifactory.license.dataKey }} - {{- else if .Values.artifactory.license.licenseKey }} - subPath: artifactory.lic - {{- end }} - {{- end }} - - name: installer-info - mountPath: "/artifactory_bootstrap/info/installer-info.json" - subPath: installer-info.json - {{- if or .Values.artifactory.customVolumeMounts .Values.global.customVolumeMounts }} -{{ tpl (include "artifactory-ha.customVolumeMounts" .) . | indent 8 }} - {{- end }} - resources: -{{ toYaml .Values.artifactory.primary.resources | indent 10 }} - {{- if .Values.artifactory.startupProbe.enabled }} - startupProbe: - httpGet: - path: {{ .Values.artifactory.startupProbe.path }} - scheme: {{ include "artifactory-ha.scheme" . | upper }} - port: {{ .Values.artifactory.internalPort }} - initialDelaySeconds: {{ .Values.artifactory.startupProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.artifactory.startupProbe.periodSeconds }} - failureThreshold: {{ .Values.artifactory.startupProbe.failureThreshold }} - timeoutSeconds: {{ .Values.artifactory.startupProbe.timeoutSeconds }} - {{- end }} - {{- if .Values.artifactory.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: {{ .Values.artifactory.readinessProbe.path }} - scheme: {{ include "artifactory-ha.scheme" . | upper }} - port: {{ .Values.artifactory.internalPort }} - initialDelaySeconds: {{ .Values.artifactory.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.artifactory.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.artifactory.readinessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.artifactory.readinessProbe.failureThreshold }} - successThreshold: {{ .Values.artifactory.readinessProbe.successThreshold }} - {{- end }} - {{- if .Values.artifactory.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: {{ .Values.artifactory.livenessProbe.path }} - scheme: {{ include "artifactory-ha.scheme" . | upper }} - port: {{ .Values.artifactory.internalPort }} - initialDelaySeconds: {{ .Values.artifactory.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.artifactory.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.artifactory.livenessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.artifactory.livenessProbe.failureThreshold }} - successThreshold: {{ .Values.artifactory.livenessProbe.successThreshold }} - {{- end }} - {{- $mountPath := .Values.artifactory.persistence.mountPath }} - {{- range .Values.artifactory.loggers }} - - name: {{ . | replace "_" "-" | replace "." "-" }} - image: {{ include "artifactory-ha.getImageInfoByValue" (list $ "logger") }} - command: - - 'sh' - - '-c' - - 'sh /scripts/tail-log.sh {{ $mountPath }}/log {{ . }}' - volumeMounts: - - name: volume - mountPath: {{ $mountPath }} - - name: tail-logger-script - mountPath: /scripts/tail-log.sh - subPath: tail-log.sh - resources: -{{ toYaml $.Values.artifactory.loggersResources | indent 10 }} - {{- end }} - {{ if .Values.artifactory.catalinaLoggers }} - {{- range .Values.artifactory.catalinaLoggers }} - - name: {{ . | replace "_" "-" | replace "." "-" }} - image: {{ include "artifactory-ha.getImageInfoByValue" (list $ "logger") }} - command: - - 'sh' - - '-c' - - 'sh /scripts/tail-log.sh {{ $mountPath }}/log/tomcat {{ . }}' - volumeMounts: - - name: volume - mountPath: {{ $mountPath }} - - name: tail-logger-script - mountPath: /scripts/tail-log.sh - subPath: tail-log.sh - resources: -{{ toYaml $.Values.artifactory.catalinaLoggersResources | indent 10 }} - {{- end }} - {{- end }} - {{- if .Values.filebeat.enabled }} - - name: {{ .Values.filebeat.name }} - image: "{{ .Values.filebeat.image.repository }}:{{ .Values.filebeat.image.version }}" - imagePullPolicy: {{ .Values.filebeat.image.pullPolicy }} - args: - - "-e" - - "-E" - - "http.enabled=true" - securityContext: - runAsUser: 0 - volumeMounts: - - name: filebeat-config - mountPath: /usr/share/filebeat/filebeat.yml - readOnly: true - subPath: filebeat.yml - - name: volume - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - livenessProbe: -{{ toYaml .Values.filebeat.livenessProbe | indent 10 }} - readinessProbe: -{{ toYaml .Values.filebeat.readinessProbe | indent 10 }} - resources: -{{ toYaml .Values.filebeat.resources | indent 10 }} - terminationGracePeriodSeconds: {{ .Values.terminationGracePeriod }} - {{- end }} - {{- if or .Values.artifactory.customSidecarContainers .Values.global.customSidecarContainers }} -{{ tpl (include "artifactory-ha.customSidecarContainers" .) . | indent 6 }} - {{- end }} - {{- with .Values.artifactory.primary.nodeSelector }} - nodeSelector: -{{ toYaml . | indent 8 }} - {{- end }} - {{- if .Values.artifactory.primary.affinity }} - {{- with .Values.artifactory.primary.affinity }} - affinity: -{{ toYaml . | indent 8 }} - {{- end }} - {{- else if eq .Values.artifactory.primary.podAntiAffinity.type "soft" }} - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 - podAffinityTerm: - topologyKey: {{ .Values.artifactory.primary.podAntiAffinity.topologyKey }} - labelSelector: - matchLabels: - app: {{ template "artifactory-ha.name" . }} - release: {{ .Release.Name }} - {{- else if eq .Values.artifactory.primary.podAntiAffinity.type "hard" }} - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: {{ .Values.artifactory.primary.podAntiAffinity.topologyKey }} - labelSelector: - matchLabels: - app: {{ template "artifactory-ha.name" . }} - release: {{ .Release.Name }} - {{- end }} - {{- with .Values.artifactory.primary.tolerations }} - tolerations: -{{ toYaml . | indent 8 }} - {{- end }} - volumes: - {{- if or .Values.artifactory.customCertificates.enabled .Values.global.customCertificates.enabled }} - - name: ca-certs - secret: - secretName: {{ default .Values.global.customCertificates.certificateSecretName .Values.artifactory.customCertificates.certificateSecretName }} - {{- end }} - {{- if .Values.artifactory.binarystore.enabled }} - - name: binarystore-xml - secret: - {{- if .Values.artifactory.persistence.customBinarystoreXmlSecret }} - secretName: {{ .Values.artifactory.persistence.customBinarystoreXmlSecret }} - {{- else }} - secretName: {{ template "artifactory-ha.fullname" . }}-binarystore - {{- end }} - {{- end }} - {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} - - name: gcpcreds-json - secret: - {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.customSecretName }} - secretName: {{ .Values.artifactory.persistence.googleStorage.gcpServiceAccount.customSecretName }} - {{- else }} - secretName: {{ template "artifactory-ha.fullname" . }}-gcpcreds - {{- end }} - {{- end }} - {{- if or .Values.artifactory.license.secret .Values.artifactory.license.licenseKey }} - - name: artifactory-license - secret: - {{- if .Values.artifactory.license.secret }} - secretName: {{ .Values.artifactory.license.secret }} - {{- else if .Values.artifactory.license.licenseKey }} - secretName: {{ template "artifactory-ha.fullname" . }}-license - {{- end }} - {{- end }} -{{- if .Values.artifactory.migration.enabled }} - - name: migration-scripts - configMap: - name: {{ template "artifactory-ha.fullname" . }}-migration-scripts -{{- end }} - - name: installer-info - configMap: - name: {{ template "artifactory-ha.fullname" . }}-installer-info - {{- if .Values.artifactory.userPluginSecrets }} - - name: bootstrap-plugins - emptyDir: {} - {{- range .Values.artifactory.userPluginSecrets }} - - name: {{ tpl . $ }} - secret: - secretName: {{ tpl . $ }} - {{- end }} - {{- end }} - {{- if .Values.artifactory.configMapName }} - - name: bootstrap-config - configMap: - name: {{ .Values.artifactory.configMapName }} - {{- end}} - {{- if or .Values.artifactory.loggers .Values.artifactory.catalinaLoggers }} - - name: tail-logger-script - configMap: - name: {{ template "artifactory-ha.fullname" . }}-logger - {{- end }} - {{- if .Values.artifactory.configMaps }} - - name: artifactory-configmaps - configMap: - name: {{ template "artifactory-ha.fullname" . }}-configmaps - {{- end }} - {{- if or (and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey) .Values.artifactory.admin.password }} - - name: access-bootstrap-creds - secret: - {{- if and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey }} - secretName: {{ .Values.artifactory.admin.secret }} - {{- else }} - secretName: {{ template "artifactory-ha.fullname" . }}-bootstrap-creds - {{- end }} - {{- end }} - {{- if eq .Values.artifactory.persistence.type "file-system" }} - {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} - {{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }} - - name: artifactory-ha-data-{{ $sharedClaimNumber }} - persistentVolumeClaim: - claimName: {{ template "artifactory-ha.fullname" $ }}-data-pvc-{{ $sharedClaimNumber }} - {{- end }} - - name: artifactory-ha-backup - persistentVolumeClaim: - claimName: {{ template "artifactory-ha.fullname" $ }}-backup-pvc - {{- end }} - {{- end }} - {{- if eq .Values.artifactory.persistence.type "nfs" }} - - name: artifactory-ha-data - persistentVolumeClaim: - claimName: {{ template "artifactory-ha.fullname" . }}-data-pvc - - name: artifactory-ha-backup - persistentVolumeClaim: - claimName: {{ template "artifactory-ha.fullname" . }}-backup-pvc - {{- end }} - {{- if or .Values.systemYamlOverride.existingSecret .Values.artifactory.systemYaml }} - - name: systemyaml - secret: - secretName: {{ default (printf "%s-%s" (include "artifactory-ha.primary.name" .) "system-yaml") .Values.systemYamlOverride.existingSecret }} - {{- end }} - {{- if .Values.access.accessConfig }} - - name: access-config - secret: - secretName: {{ template "artifactory-ha.fullname" . }}-access-config - {{- end }} - {{- if .Values.access.customCertificatesSecretName }} - - name: access-certs - secret: - secretName: {{ .Values.access.customCertificatesSecretName }} - {{- end }} - {{- if .Values.artifactory.customPersistentVolumeClaim }} - - name: {{ .Values.artifactory.customPersistentVolumeClaim.name }} - persistentVolumeClaim: - claimName: {{ .Values.artifactory.customPersistentVolumeClaim.name }} - {{- end }} - {{- if .Values.filebeat.enabled }} - - name: filebeat-config - configMap: - name: {{ template "artifactory-ha.fullname" . }}-filebeat-config - {{- end }} - {{- if or .Values.artifactory.customVolumes .Values.global.customVolumes }} -{{ tpl (include "artifactory-ha.customVolumes" .) . | indent 6 }} - {{- end }} - {{- if not .Values.artifactory.persistence.enabled }} - - name: volume - emptyDir: - sizeLimit: {{ .Values.artifactory.persistence.size }} - {{- end }} - volumeClaimTemplates: - {{- if .Values.artifactory.persistence.enabled }} - - metadata: - name: volume - {{- if not .Values.artifactory.primary.persistence.existingClaim }} - spec: - {{- if .Values.artifactory.persistence.storageClassName }} - {{- if (eq "-" .Values.artifactory.persistence.storageClassName) }} - storageClassName: "" - {{- else }} - storageClassName: "{{ .Values.artifactory.persistence.storageClassName }}" - {{- end }} - {{- end }} - accessModes: [ "{{ .Values.artifactory.persistence.accessMode }}" ] - resources: - requests: - storage: {{ .Values.artifactory.persistence.size }} - {{- end }} - {{- end }} - {{- if .Values.artifactory.customPersistentPodVolumeClaim }} - - metadata: - name: {{ .Values.artifactory.customPersistentPodVolumeClaim.name }} - spec: - {{- if .Values.artifactory.customPersistentPodVolumeClaim.storageClassName }} - {{- if (eq "-" .Values.artifactory.customPersistentPodVolumeClaim.storageClassName) }} - storageClassName: "" - {{- else }} - storageClassName: "{{ .Values.artifactory.customPersistentPodVolumeClaim.storageClassName }}" - {{- end }} - {{- end }} - accessModes: - {{- range .Values.artifactory.customPersistentPodVolumeClaim.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.artifactory.customPersistentPodVolumeClaim.size }} - {{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-priority-class.yaml b/charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-priority-class.yaml deleted file mode 100644 index 417ec5c06..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-priority-class.yaml +++ /dev/null @@ -1,9 +0,0 @@ -{{- if .Values.artifactory.priorityClass.create }} -apiVersion: scheduling.k8s.io/v1 -kind: PriorityClass -metadata: - name: {{ default (include "artifactory-ha.fullname" .) .Values.artifactory.priorityClass.name }} -value: {{ .Values.artifactory.priorityClass.value }} -globalDefault: false -description: "Artifactory priority class" -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-role.yaml b/charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-role.yaml deleted file mode 100644 index c86bffddd..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-role.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.rbac.create }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - component: {{ .Values.artifactory.name }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - name: {{ template "artifactory-ha.fullname" . }} -rules: -{{ toYaml .Values.rbac.role.rules }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-rolebinding.yaml b/charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-rolebinding.yaml deleted file mode 100644 index 4412870b1..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-rolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.rbac.create }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - component: {{ .Values.artifactory.name }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - name: {{ template "artifactory-ha.fullname" . }} -subjects: -- kind: ServiceAccount - name: {{ template "artifactory-ha.serviceAccountName" . }} -roleRef: - kind: Role - apiGroup: rbac.authorization.k8s.io - name: {{ template "artifactory-ha.fullname" . }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-secrets.yaml b/charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-secrets.yaml deleted file mode 100644 index 5870428ca..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-secrets.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "artifactory-ha.fullname" . }} - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -type: Opaque -data: - {{- if or .Values.artifactory.masterKey .Values.global.masterKey }} - {{- if not (or .Values.artifactory.masterKeySecretName .Values.global.masterKeySecretName) }} - master-key: {{ include "artifactory-ha.masterKey" . | b64enc | quote }} - {{- end }} - {{- end }} - {{- if or .Values.artifactory.joinKey .Values.global.joinKey }} - {{- if not (or .Values.artifactory.joinKeySecretName .Values.global.joinKeySecretName) }} - join-key: {{ include "artifactory-ha.joinKey" . | b64enc | quote }} - {{- end }} - {{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-service.yaml b/charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-service.yaml deleted file mode 100644 index baacb970f..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-service.yaml +++ /dev/null @@ -1,109 +0,0 @@ -# Service for all Artifactory cluster nodes. -apiVersion: v1 -kind: Service -metadata: - name: {{ template "artifactory-ha.fullname" . }} - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - component: {{ .Values.artifactory.name }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - {{- with .Values.artifactory.node.labels }} -{{ toYaml .| indent 4 }} - {{- end }} -{{- if .Values.artifactory.service.annotations }} - annotations: -{{ toYaml .Values.artifactory.service.annotations | indent 4 }} -{{- end }} -spec: - type: {{ .Values.artifactory.service.type }} - {{- if and (eq .Values.artifactory.service.type "ClusterIP") .Values.artifactory.service.clusterIP }} - clusterIP: {{ .Values.artifactory.service.clusterIP }} - {{- end }} - {{- if .Values.artifactory.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml .Values.artifactory.service.loadBalancerSourceRanges | indent 4 }} - {{- end }} - ports: - - port: {{ .Values.artifactory.externalPort }} - targetPort: {{ .Values.artifactory.internalPort }} - protocol: TCP - name: http-router - {{- if .Values.artifactory.ssh.enabled }} - - port: {{ .Values.artifactory.ssh.externalPort }} - targetPort: {{ .Values.artifactory.ssh.internalPort }} - protocol: TCP - name: tcp-ssh - {{- end }} - - port: {{ .Values.artifactory.externalArtifactoryPort }} - targetPort: {{ .Values.artifactory.internalArtifactoryPort }} - protocol: TCP - name: http-artifactory - {{- with .Values.artifactory.node.javaOpts.jmx }} - {{- if .enabled }} - - port: {{ .port }} - targetPort: {{ .port }} - protocol: TCP - name: tcp-jmx - {{- end }} - {{- end }} - selector: -{{- if eq (int .Values.artifactory.node.replicaCount) 0 }} - role: {{ template "artifactory-ha.primary.name" . }} -{{- else if eq .Values.artifactory.service.pool "members" }} - role: {{ template "artifactory-ha.node.name" . }} -{{- end }} - app: {{ template "artifactory-ha.name" . }} - component: "{{ .Values.artifactory.name }}" - release: {{ .Release.Name }} ---- -# Internal service for Artifactory primary node only! -# Used by member nodes to check readiness of primary node before starting up -apiVersion: v1 -kind: Service -metadata: - name: {{ template "artifactory-ha.primary.name" . }} - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - component: {{ .Values.artifactory.name }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - {{- with .Values.artifactory.primary.labels }} -{{ toYaml . | indent 4 }} - {{- end }} -spec: - # Statically setting service type to ClusterIP since this is an internal only service - type: ClusterIP - {{- if and (eq .Values.artifactory.service.type "ClusterIP") .Values.artifactory.service.clusterIP }} - clusterIP: {{ .Values.artifactory.service.clusterIP }} - {{- end }} - ports: - - port: {{ .Values.artifactory.externalPort }} - targetPort: {{ .Values.artifactory.internalPort }} - protocol: TCP - name: http-router - - port: {{ .Values.artifactory.externalArtifactoryPort }} - targetPort: {{ .Values.artifactory.internalArtifactoryPort }} - protocol: TCP - name: http-artifactory - {{- if .Values.artifactory.ssh.enabled }} - - port: {{ .Values.artifactory.ssh.externalPort }} - targetPort: {{ .Values.artifactory.ssh.internalPort }} - protocol: TCP - name: tcp-ssh - {{- end }} - {{- with .Values.artifactory.primary.javaOpts.jmx }} - {{- if .enabled }} - - port: {{ .port }} - targetPort: {{ .port }} - protocol: TCP - name: tcp-jmx - {{- end }} - {{- end }} - selector: - role: {{ template "artifactory-ha.primary.name" . }} - app: {{ template "artifactory-ha.name" . }} - component: "{{ .Values.artifactory.name }}" - release: {{ .Release.Name }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-serviceaccount.yaml b/charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-serviceaccount.yaml deleted file mode 100644 index 6983c1d12..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: -{{- with .Values.serviceAccount.annotations }} - annotations: -{{ tpl (toYaml .) $ | indent 4 }} -{{- end }} - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - component: {{ .Values.artifactory.name }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - name: {{ template "artifactory-ha.serviceAccountName" . }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-storage-pvc.yaml b/charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-storage-pvc.yaml deleted file mode 100644 index e0bfa6b11..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-storage-pvc.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{ if .Values.artifactory.customPersistentVolumeClaim }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ .Values.artifactory.customPersistentVolumeClaim.name }} - labels: - app: {{ template "artifactory-ha.name" . }} - version: "{{ .Values.artifactory.version }}" - chart: {{ template "artifactory-ha.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - accessModes: - {{- range .Values.artifactory.customPersistentVolumeClaim.accessModes }} - - {{ . | quote }} - {{- end }} - {{- if .Values.artifactory.customPersistentVolumeClaim.storageClassName }} - {{- if (eq "-" .Values.artifactory.customPersistentVolumeClaim.storageClassName) }} - storageClassName: "" - {{- else }} - storageClassName: "{{ .Values.artifactory.customPersistentVolumeClaim.storageClassName }}" - {{- end }} - {{- end }} - resources: - requests: - storage: {{ .Values.artifactory.customPersistentVolumeClaim.size | quote }} -{{ end -}} \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-system-yaml.yaml b/charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-system-yaml.yaml deleted file mode 100644 index aaa1be152..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/templates/artifactory-system-yaml.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if not .Values.systemYamlOverride.existingSecret }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "artifactory-ha.primary.name" . }}-system-yaml - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - component: {{ .Values.artifactory.name }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -type: Opaque -stringData: - system.yaml: | -{{ tpl .Values.artifactory.systemYaml . | indent 4 }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/templates/filebeat-configmap.yaml b/charts/artifactory-ha/artifactory-ha/4.13.0/templates/filebeat-configmap.yaml deleted file mode 100644 index d2db2a067..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/templates/filebeat-configmap.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if .Values.filebeat.enabled }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "artifactory-ha.name" . }}-filebeat-config - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version }} - heritage: {{ .Release.Service | quote }} - release: {{ .Release.Name | quote }} -data: - filebeat.yml: | -{{ tpl .Values.filebeat.filebeatYml . | indent 4 }} -{{- end -}} \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/templates/ingress.yaml b/charts/artifactory-ha/artifactory-ha/4.13.0/templates/ingress.yaml deleted file mode 100644 index 53f7c93ec..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/templates/ingress.yaml +++ /dev/null @@ -1,149 +0,0 @@ -{{- if .Values.ingress.enabled -}} -{{- $serviceName := include "artifactory-ha.fullname" . -}} -{{- $servicePort := .Values.artifactory.externalPort -}} -{{- $artifactoryServicePort := .Values.artifactory.externalArtifactoryPort -}} -{{- $ingressName := default ( include "artifactory-ha.fullname" . ) .Values.ingress.name -}} -{{- if semverCompare ">=v1.14.0-0" .Capabilities.KubeVersion.GitVersion }} -apiVersion: networking.k8s.io/v1beta1 -{{- else }} -apiVersion: extensions/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: {{ $ingressName }} - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -{{- if .Values.ingress.labels }} -{{ .Values.ingress.labels | toYaml | trimSuffix "\n"| indent 4 -}} -{{- end}} -{{- if .Values.ingress.annotations }} - annotations: -{{ .Values.ingress.annotations | toYaml | trimSuffix "\n" | indent 4 -}} -{{- end }} -spec: - {{- if .Values.ingress.defaultBackend.enabled }} - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end }} - rules: -{{- if .Values.ingress.hosts }} - {{- range $host := .Values.ingress.hosts }} - - host: {{ $host | quote }} - http: - paths: - - path: {{ $.Values.ingress.routerPath }} - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - - path: {{ $.Values.ingress.artifactoryPath }} - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $artifactoryServicePort }} - {{- end -}} -{{- end -}} - {{- with .Values.ingress.additionalRules }} -{{ tpl . $ | indent 2 }} - {{- end }} - {{- if .Values.ingress.tls }} - tls: -{{ toYaml .Values.ingress.tls | indent 4 }} - {{- end -}} -{{- if .Values.artifactory.replicator.enabled }} ---- -{{- $replicationIngressName := default ( include "artifactory-ha.replicator.fullname" . ) .Values.artifactory.replicator.ingress.name -}} -{{- if semverCompare ">=v1.14.0-0" .Capabilities.KubeVersion.GitVersion }} -apiVersion: networking.k8s.io/v1beta1 -{{- else }} -apiVersion: extensions/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: {{ $replicationIngressName }} - labels: - app: "{{ template "artifactory-ha.name" $ }}" - chart: "{{ template "artifactory-ha.chart" $ }}" - release: {{ $.Release.Name | quote }} - heritage: {{ $.Release.Service | quote }} - {{- if .Values.artifactory.replicator.ingress.annotations }} - annotations: -{{ .Values.artifactory.replicator.ingress.annotations | toYaml | trimSuffix "\n" | indent 4 -}} - {{- end }} -spec: - {{- if .Values.ingress.defaultBackend.enabled }} - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end }} - rules: -{{- if .Values.artifactory.replicator.ingress.hosts }} - {{- range $host := .Values.artifactory.replicator.ingress.hosts }} - - host: {{ $host | quote }} - http: - paths: - - path: /replicator/ - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - - path: /artifactory/api/replication/replicate/file/streaming - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end -}} -{{- end -}} - {{- if .Values.artifactory.replicator.ingress.tls }} - tls: -{{ toYaml .Values.artifactory.replicator.ingress.tls | indent 4 }} - {{- end -}} -{{- end -}} -{{- if and .Values.artifactory.replicator.enabled .Values.artifactory.replicator.trackerIngress.enabled }} ---- -{{- $replicatorTrackerIngressName := default ( include "artifactory-ha.replicator.tracker.fullname" . ) .Values.artifactory.replicator.trackerIngress.name -}} - {{- if semverCompare ">=v1.14.0-0" .Capabilities.KubeVersion.GitVersion }} -apiVersion: networking.k8s.io/v1beta1 - {{- else }} -apiVersion: extensions/v1beta1 - {{- end }} -kind: Ingress -metadata: - name: {{ $replicatorTrackerIngressName }} - labels: - app: "{{ template "artifactory-ha.name" $ }}" - chart: "{{ template "artifactory-ha.chart" $ }}" - release: {{ $.Release.Name | quote }} - heritage: {{ $.Release.Service | quote }} - {{- if .Values.artifactory.replicator.trackerIngress.annotations }} - annotations: -{{ .Values.artifactory.replicator.trackerIngress.annotations | toYaml | trimSuffix "\n" | indent 4 -}} - {{- end }} -spec: - {{- if .Values.ingress.defaultBackend.enabled }} - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end }} - rules: -{{- if .Values.artifactory.replicator.trackerIngress.hosts }} - {{- range $host := .Values.artifactory.replicator.trackerIngress.hosts }} - - host: {{ $host | quote }} - http: - paths: - - path: / - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end -}} -{{- end -}} - {{- if .Values.artifactory.replicator.trackerIngress.tls }} - tls: -{{ toYaml .Values.artifactory.replicator.trackerIngress.tls | indent 4 }} - {{- end -}} -{{- end -}} -{{- if .Values.customIngress }} ---- -{{ .Values.customIngress | toYaml | trimSuffix "\n" }} -{{- end -}} -{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/templates/logger-configmap.yaml b/charts/artifactory-ha/artifactory-ha/4.13.0/templates/logger-configmap.yaml deleted file mode 100644 index 87fe8999e..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/templates/logger-configmap.yaml +++ /dev/null @@ -1,63 +0,0 @@ -{{- if or .Values.artifactory.loggers .Values.artifactory.catalinaLoggers }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "artifactory-ha.fullname" . }}-logger - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - tail-log.sh: | - #!/bin/sh - - LOG_DIR=$1 - LOG_NAME=$2 - PID= - - # Wait for log dir to appear - while [ ! -d ${LOG_DIR} ]; do - sleep 1 - done - - cd ${LOG_DIR} - - LOG_PREFIX=$(echo ${LOG_NAME} | sed 's/.log$//g') - - # Find the log to tail - LOG_FILE=$(ls -1t ./${LOG_PREFIX}*.log 2>/dev/null | head -1) - - # Wait for the log file - while [ -z "${LOG_FILE}" ]; do - sleep 1 - LOG_FILE=$(ls -1t ./${LOG_PREFIX}*.log 2>/dev/null | head -1) - done - - echo "Log file ${LOG_FILE} is ready!" - - # Get inode number - INODE_ID=$(ls -i ${LOG_FILE}) - - # echo "Tailing ${LOG_FILE}" - tail -F ${LOG_FILE} & - PID=$! - - # Loop forever to see if a new log was created - while true; do - # Check inode number - NEW_INODE_ID=$(ls -i ${LOG_FILE}) - - # If inode number changed, this means log was rotated and need to start a new tail - if [ "${INODE_ID}" != "${NEW_INODE_ID}" ]; then - kill -9 ${PID} 2>/dev/null - INODE_ID="${NEW_INODE_ID}" - - # Start a new tail - tail -F ${LOG_FILE} & - PID=$! - fi - sleep 1 - done - -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/templates/nginx-artifactory-conf.yaml b/charts/artifactory-ha/artifactory-ha/4.13.0/templates/nginx-artifactory-conf.yaml deleted file mode 100644 index eb1f0e698..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/templates/nginx-artifactory-conf.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if and (not .Values.nginx.customArtifactoryConfigMap) .Values.nginx.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "artifactory-ha.fullname" . }}-nginx-artifactory-conf - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - artifactory.conf: | -{{ tpl .Values.nginx.artifactoryConf . | indent 4 }} -{{- end }} \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/templates/nginx-certificate-secret.yaml b/charts/artifactory-ha/artifactory-ha/4.13.0/templates/nginx-certificate-secret.yaml deleted file mode 100644 index 29c77ad5a..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/templates/nginx-certificate-secret.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if and (not .Values.nginx.tlsSecretName) .Values.nginx.enabled .Values.nginx.https.enabled }} -apiVersion: v1 -kind: Secret -type: kubernetes.io/tls -metadata: - name: {{ template "artifactory-ha.fullname" . }}-nginx-certificate - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: -{{ ( include "artifactory-ha.gen-certs" . ) | indent 2 }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/templates/nginx-conf.yaml b/charts/artifactory-ha/artifactory-ha/4.13.0/templates/nginx-conf.yaml deleted file mode 100644 index 5f424d52a..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/templates/nginx-conf.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if and (not .Values.nginx.customConfigMap) .Values.nginx.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "artifactory-ha.fullname" . }}-nginx-conf - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - nginx.conf: | -{{ tpl .Values.nginx.mainConf . | indent 4 }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/templates/nginx-deployment.yaml b/charts/artifactory-ha/artifactory-ha/4.13.0/templates/nginx-deployment.yaml deleted file mode 100644 index 0bc7ae48c..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/templates/nginx-deployment.yaml +++ /dev/null @@ -1,217 +0,0 @@ -{{- if .Values.nginx.enabled -}} -{{- $serviceName := include "artifactory-ha.fullname" . -}} -{{- $servicePort := .Values.artifactory.externalPort -}} -apiVersion: apps/v1 -kind: {{ .Values.nginx.kind }} -metadata: - name: {{ template "artifactory-ha.nginx.fullname" . }} - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - component: {{ .Values.nginx.name }} -{{- if .Values.nginx.labels }} -{{ toYaml .Values.nginx.labels | indent 4 }} -{{- end }} -spec: -{{- if ne .Values.nginx.kind "DaemonSet" }} - replicas: {{ .Values.nginx.replicaCount }} -{{- end }} - selector: - matchLabels: - app: {{ template "artifactory-ha.name" . }} - release: {{ .Release.Name }} - component: {{ .Values.nginx.name }} - template: - metadata: - annotations: - checksum/nginx-conf: {{ include (print $.Template.BasePath "/nginx-conf.yaml") . | sha256sum }} - checksum/nginx-artifactory-conf: {{ include (print $.Template.BasePath "/nginx-artifactory-conf.yaml") . | sha256sum }} - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - component: {{ .Values.nginx.name }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - serviceAccountName: {{ template "artifactory-ha.serviceAccountName" . }} - {{- if or .Values.imagePullSecrets .Values.global.imagePullSecrets }} -{{- include "artifactory-ha.imagePullSecrets" . | indent 6 }} - {{- end }} - {{- if .Values.nginx.priorityClassName }} - priorityClassName: {{ .Values.nginx.priorityClassName | quote }} - {{- end }} - initContainers: - - name: "setup" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: {{ .Values.nginx.image.pullPolicy }} - command: - - '/bin/sh' - - '-c' - - > - rm -rfv {{ .Values.nginx.persistence.mountPath }}/lost+found; - mkdir -p {{ .Values.nginx.persistence.mountPath }}/logs; - volumeMounts: - - mountPath: {{ .Values.nginx.persistence.mountPath | quote }} - name: nginx-volume - securityContext: - runAsUser: {{ .Values.nginx.uid }} - fsGroup: {{ .Values.nginx.gid }} - containers: - - name: {{ .Values.nginx.name }} - image: {{ include "artifactory-ha.getImageInfoByValue" (list . "nginx") }} - imagePullPolicy: {{ .Values.nginx.image.pullPolicy }} - command: - - 'nginx' - - '-g' - - 'daemon off;' - ports: - # DEPRECATION NOTE: The following is to maintain support for values pre 1.3.1 and - # will be cleaned up in a later version - {{- if .Values.nginx.http }} - {{- if .Values.nginx.http.enabled }} - - containerPort: {{ .Values.nginx.http.internalPort }} - name: http - {{- end }} - {{- else }} # DEPRECATED - - containerPort: {{ .Values.nginx.internalPortHttp }} - name: http-internal - {{- end }} - {{- if .Values.nginx.https }} - {{- if .Values.nginx.https.enabled }} - - containerPort: {{ .Values.nginx.https.internalPort }} - name: https - {{- end }} - {{- else }} # DEPRECATED - - containerPort: {{ .Values.nginx.internalPortHttps }} - name: https-internal - {{- end }} - {{- if .Values.artifactory.ssh.enabled }} - - containerPort: {{ .Values.nginx.ssh.internalPort }} - name: tcp-ssh - {{- end }} - volumeMounts: - - name: nginx-conf - mountPath: /etc/nginx/nginx.conf - subPath: nginx.conf - - name: nginx-artifactory-conf - mountPath: "{{ .Values.nginx.persistence.mountPath }}/conf.d/" - - name: nginx-volume - mountPath: {{ .Values.nginx.persistence.mountPath | quote }} - {{- if .Values.nginx.https.enabled }} - - name: ssl-certificates - mountPath: "{{ .Values.nginx.persistence.mountPath }}/ssl" - {{- end }} - resources: -{{ toYaml .Values.nginx.resources | indent 10 }} - {{- if .Values.nginx.startupProbe.enabled }} - startupProbe: - httpGet: - path: {{ .Values.nginx.startupProbe.path }} - {{- if .Values.nginx.http.enabled }} - port: {{ .Values.nginx.http.internalPort }} - scheme: HTTP - {{- else }} - port: {{ .Values.nginx.https.internalPort }} - scheme: HTTPS - {{- end }} - initialDelaySeconds: {{ .Values.nginx.startupProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.nginx.startupProbe.periodSeconds }} - failureThreshold: {{ .Values.nginx.startupProbe.failureThreshold }} - timeoutSeconds: {{ .Values.nginx.startupProbe.timeoutSeconds }} - {{- end }} - {{- if .Values.nginx.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: {{ .Values.nginx.readinessProbe.path }} - {{- if .Values.nginx.http.enabled }} - port: {{ .Values.nginx.http.internalPort }} - scheme: HTTP - {{- else }} - port: {{ .Values.nginx.https.internalPort }} - scheme: HTTPS - {{- end }} - initialDelaySeconds: {{ .Values.nginx.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.nginx.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.nginx.readinessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.nginx.readinessProbe.failureThreshold }} - successThreshold: {{ .Values.nginx.readinessProbe.successThreshold }} - {{- end }} - {{- if .Values.nginx.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: {{ .Values.nginx.livenessProbe.path }} - {{- if .Values.nginx.http.enabled }} - port: {{ .Values.nginx.http.internalPort }} - scheme: HTTP - {{- else }} - port: {{ .Values.nginx.https.internalPort }} - scheme: HTTPS - {{- end }} - initialDelaySeconds: {{ .Values.nginx.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.nginx.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.nginx.livenessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.nginx.livenessProbe.failureThreshold }} - successThreshold: {{ .Values.nginx.livenessProbe.successThreshold }} - {{- end }} - {{- $mountPath := .Values.nginx.persistence.mountPath }} - {{- range .Values.nginx.loggers }} - - name: {{ . | replace "_" "-" | replace "." "-" }} - image: {{ include "artifactory-ha.getImageInfoByValue" (list $ "logger") }} - command: - - tail - args: - - '-F' - - '{{ $mountPath }}/logs/{{ . }}' - volumeMounts: - - name: nginx-volume - mountPath: {{ $mountPath }} - resources: -{{ toYaml $.Values.nginx.loggersResources | indent 10 }} - {{- end }} - {{- with .Values.nginx.nodeSelector }} - nodeSelector: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.nginx.affinity }} - affinity: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.nginx.tolerations }} - tolerations: -{{ toYaml . | indent 8 }} - {{- end }} - volumes: - - name: nginx-conf - configMap: - {{- if .Values.nginx.customConfigMap }} - name: {{ .Values.nginx.customConfigMap }} - {{- else }} - name: {{ template "artifactory-ha.fullname" . }}-nginx-conf - {{- end }} - - name: nginx-artifactory-conf - configMap: - {{- if .Values.nginx.customArtifactoryConfigMap }} - name: {{ .Values.nginx.customArtifactoryConfigMap }} - {{- else }} - name: {{ template "artifactory-ha.fullname" . }}-nginx-artifactory-conf - {{- end }} - - - name: nginx-volume - {{- if .Values.nginx.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ .Values.nginx.persistence.existingClaim | default (include "artifactory-ha.nginx.fullname" .) }} - {{- else }} - emptyDir: {} - {{- end }} - {{- if .Values.nginx.https.enabled }} - - name: ssl-certificates - secret: - {{- if .Values.nginx.tlsSecretName }} - secretName: {{ .Values.nginx.tlsSecretName }} - {{- else }} - secretName: {{ template "artifactory-ha.fullname" . }}-nginx-certificate - {{- end }} - {{- end }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/templates/nginx-pdb.yaml b/charts/artifactory-ha/artifactory-ha/4.13.0/templates/nginx-pdb.yaml deleted file mode 100644 index 8310377a6..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/templates/nginx-pdb.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.nginx.enabled -}} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ template "artifactory-ha.nginx.fullname" . }} - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - component: {{ .Values.nginx.name }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - matchLabels: - component: {{ .Values.nginx.name }} - app: {{ template "artifactory-ha.name" . }} - release: {{ .Release.Name }} - minAvailable: {{ .Values.nginx.minAvailable }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/templates/nginx-pvc.yaml b/charts/artifactory-ha/artifactory-ha/4.13.0/templates/nginx-pvc.yaml deleted file mode 100644 index 0e573f383..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/templates/nginx-pvc.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if and .Values.nginx.persistence.enabled (.Values.nginx.enabled) (eq (int .Values.nginx.replicaCount) 1) }} -{{- if (not .Values.nginx.persistence.existingClaim) }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ template "artifactory-ha.nginx.fullname" . }} - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - accessModes: - - {{ .Values.nginx.persistence.accessMode | quote }} - resources: - requests: - storage: {{ .Values.nginx.persistence.size | quote }} -{{- if .Values.nginx.persistence.storageClassName }} -{{- if (eq "-" .Values.nginx.persistence.storageClassName) }} - storageClassName: "" -{{- else }} - storageClassName: "{{ .Values.nginx.persistence.storageClassName }}" -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/templates/nginx-service.yaml b/charts/artifactory-ha/artifactory-ha/4.13.0/templates/nginx-service.yaml deleted file mode 100644 index 594717cf9..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/templates/nginx-service.yaml +++ /dev/null @@ -1,79 +0,0 @@ -{{- if .Values.nginx.enabled -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "artifactory-ha.nginx.fullname" . }} - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - component: {{ .Values.nginx.name }} - {{- if .Values.nginx.service.labels }} -{{ toYaml .Values.nginx.service.labels | indent 4 }} - {{- end }} -{{- if .Values.nginx.service.annotations }} - annotations: -{{ toYaml .Values.nginx.service.annotations | indent 4 }} -{{- end }} -spec: - type: {{ .Values.nginx.service.type }} - {{- if and (eq .Values.nginx.service.type "ClusterIP") .Values.nginx.service.clusterIP }} - clusterIP: {{ .Values.nginx.service.clusterIP }} - {{- end }} -{{- if eq .Values.nginx.service.type "LoadBalancer" }} - {{ if .Values.nginx.service.loadBalancerIP -}} - loadBalancerIP: {{ .Values.nginx.service.loadBalancerIP }} - {{ end -}} - {{- if .Values.nginx.service.externalTrafficPolicy }} - externalTrafficPolicy: {{ .Values.nginx.service.externalTrafficPolicy }} - {{- end }} -{{- end }} -{{- if .Values.nginx.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml .Values.nginx.service.loadBalancerSourceRanges | indent 4 }} -{{- end }} - ports: - # DEPRECATION NOTE: The following is to maintain support for values pre 1.3.0 and - # will be cleaned up in a later verion - {{- if .Values.nginx.http }} - {{- if .Values.nginx.http.enabled }} - - port: {{ .Values.nginx.http.externalPort }} - targetPort: {{ .Values.nginx.http.internalPort }} - protocol: TCP - name: http - {{- end }} - {{- else }} # DEPRECATED - - port: {{ .Values.nginx.externalPortHttp }} - targetPort: {{ .Values.nginx.internalPortHttp }} - protocol: TCP - name: http - {{- end }} - {{- if .Values.nginx.https }} - {{- if or .Values.nginx.https.enabled .Values.nginx.service.ssloffload }} - - port: {{ .Values.nginx.https.externalPort }} - {{- if .Values.nginx.service.ssloffload }} - targetPort: {{ .Values.nginx.http.internalPort }} - {{- else }} - targetPort: {{ .Values.nginx.https.internalPort}} - {{- end }} - protocol: TCP - name: https - {{- end }} - {{- else }} # DEPRECATED - - port: {{ .Values.nginx.externalPortHttps }} - targetPort: {{ .Values.nginx.internalPortHttps }} - protocol: TCP - name: https - {{- end }} - {{- if .Values.artifactory.ssh.enabled }} - - port: {{ .Values.nginx.ssh.externalPort }} - targetPort: {{ .Values.nginx.ssh.internalPort }} - protocol: TCP - name: tcp-ssh - {{- end }} - selector: - app: {{ template "artifactory-ha.name" . }} - component: {{ .Values.nginx.name }} - release: {{ .Release.Name }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/values-large.yaml b/charts/artifactory-ha/artifactory-ha/4.13.0/values-large.yaml deleted file mode 100644 index ec05d2add..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/values-large.yaml +++ /dev/null @@ -1,24 +0,0 @@ -artifactory: - primary: - resources: - requests: - memory: "6Gi" - cpu: "4" - limits: - memory: "10Gi" - cpu: "8" - javaOpts: - xms: "6g" - xmx: "8g" - node: - replicaCount: 3 - resources: - requests: - memory: "6Gi" - cpu: "4" - limits: - memory: "10Gi" - cpu: "8" - javaOpts: - xms: "6g" - xmx: "8g" diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/values-medium.yaml b/charts/artifactory-ha/artifactory-ha/4.13.0/values-medium.yaml deleted file mode 100644 index 33879c00b..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/values-medium.yaml +++ /dev/null @@ -1,24 +0,0 @@ -artifactory: - primary: - resources: - requests: - memory: "4Gi" - cpu: "2" - limits: - memory: "8Gi" - cpu: "6" - javaOpts: - xms: "4g" - xmx: "6g" - node: - replicaCount: 2 - resources: - requests: - memory: "4Gi" - cpu: "2" - limits: - memory: "8Gi" - cpu: "6" - javaOpts: - xms: "4g" - xmx: "6g" diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/values-small.yaml b/charts/artifactory-ha/artifactory-ha/4.13.0/values-small.yaml deleted file mode 100644 index 4babf97cb..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/values-small.yaml +++ /dev/null @@ -1,24 +0,0 @@ -artifactory: - primary: - resources: - requests: - memory: "4Gi" - cpu: "2" - limits: - memory: "6Gi" - cpu: "4" - javaOpts: - xms: "4g" - xmx: "4g" - node: - replicaCount: 1 - resources: - requests: - memory: "4Gi" - cpu: "2" - limits: - memory: "6Gi" - cpu: "4" - javaOpts: - xms: "4g" - xmx: "4g" diff --git a/charts/artifactory-ha/artifactory-ha/4.13.0/values.yaml b/charts/artifactory-ha/artifactory-ha/4.13.0/values.yaml deleted file mode 100644 index f0b943cc4..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.0/values.yaml +++ /dev/null @@ -1,1710 +0,0 @@ -# Default values for artifactory-ha. -# This is a YAML-formatted file. -# Beware when changing values here. You should know what you are doing! -# Access the values with {{ .Values.key.subkey }} - -global: - # imageRegistry: releases-docker.jfrog.io - # imagePullSecrets: - # - myRegistryKeySecretName - ## Chart.AppVersion can be overidden using global.versions.artifactory or .Values.artifactory.image.tag - ## Note: Order of preference is 1) global.versions 2) .Values.artifactory.image.tag 3) Chart.AppVersion - ## This applies also for nginx images (.Values.nginx.image.tag) - versions: {} - # artifactory: - # joinKey: - # masterKey: - # joinKeySecretName: - # masterKeySecretName: - # customInitContainersBegin: | - - # customInitContainers: | - - # customVolumes: | - - # customVolumeMounts: | - - # customSidecarContainers: | - - ## certificates added to this secret will be copied to $JFROG_HOME/artifactory/var/etc/security/keys/trusted directory - customCertificates: - enabled: false - # certificateSecretName: - -initContainerImage: releases-docker.jfrog.io/alpine:3.13.1 - -installer: - type: - platform: - -installerInfo: '{"productId": "Helm_artifactory-ha/{{ .Chart.Version }}", "features": [ { "featureId": "Platform/{{ default "kubernetes" .Values.installer.platform }}"}]}' - -# For supporting pulling from private registries -# imagePullSecrets: -# - myRegistryKeySecretName - -## Artifactory systemYaml override -## This is for advanced usecases where users wants to provide their own systemYaml for configuring artifactory -## Refer: https://www.jfrog.com/confluence/display/JFROG/Artifactory+System+YAML -## Note: This will override existing (default) .Values.artifactory.systemYaml in values.yaml -## Alternatively, systemYaml can be overidden via customInitContainers using external sources like vaults, external repositories etc. Please refer customInitContainer section below for an example. -## Note: Order of preference is 1) customInitContainers 2) systemYamlOverride existingSecret 3) default systemYaml in values.yaml -systemYamlOverride: -## You can use a pre-existing secret by specifying existingSecret - existingSecret: -## The dataKey should be the name of the secret data key created. - dataKey: - -## Role Based Access Control -## Ref: https://kubernetes.io/docs/admin/authorization/rbac/ -rbac: - create: true - role: - ## Rules to create. It follows the role specification - rules: - - apiGroups: - - '' - resources: - - services - - endpoints - - pods - verbs: - - get - - watch - - list - -## Service Account -## Ref: https://kubernetes.io/docs/admin/service-accounts-admin/ -## -serviceAccount: - create: true - ## The name of the ServiceAccount to use. - ## If not set and create is true, a name is generated using the fullname template - name: - annotations: {} - -ingress: - enabled: false - defaultBackend: - enabled: true - # Used to create an Ingress record. - hosts: [] - routerPath: / - artifactoryPath: /artifactory/ - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - # nginx.ingress.kubernetes.io/proxy-body-size: "0" - labels: {} - # traffic-type: external - # traffic-type: internal - tls: [] - # Secrets must be manually created in the namespace. - # - secretName: chart-example-tls - # hosts: - # - artifactory.domain.example - - # Additional ingress rules - additionalRules: [] - -## Allows to add custom ingress -customIngress: | - -networkpolicy: - # Allows all ingress and egress - - name: artifactory - podSelector: - matchLabels: - app: artifactory-ha - egress: - - {} - ingress: - - {} - # Uncomment to allow only artifactory pods to communicate with postgresql (if postgresql.enabled is true) - # - name: postgresql - # podSelector: - # matchLabels: - # app: postgresql - # ingress: - # - from: - # - podSelector: - # matchLabels: - # app: artifactory-ha - - -## Database configurations -## Use the wait-for-db init container. Set to false to skip -waitForDatabase: true - -## Configuration values for the postgresql dependency -## ref: https://github.com/bitnami/charts/blob/master/bitnami/postgresql/README.md -## -postgresql: - enabled: true - image: - registry: releases-docker.jfrog.io - repository: bitnami/postgresql - tag: 12.5.0-debian-10-r25 - postgresqlUsername: artifactory - postgresqlPassword: "" - postgresqlDatabase: artifactory - postgresqlExtendedConf: - listenAddresses: "'*'" - maxConnections: "1500" - persistence: - enabled: true - size: 50Gi - service: - port: 5432 - master: - nodeSelector: {} - affinity: {} - tolerations: [] - slave: - nodeSelector: {} - affinity: {} - tolerations: [] - resources: {} - # requests: - # memory: "512Mi" - # cpu: "100m" - # limits: - # memory: "1Gi" - # cpu: "500m" - -## If NOT using the PostgreSQL in this chart (postgresql.enabled=false), -## you MUST specify custom database details here or Artifactory will NOT start -database: - type: - driver: - ## If you set the url, leave host and port empty - url: - ## If you would like this chart to create the secret containing the db - ## password, use these values - user: - password: - ## If you have existing Kubernetes secrets containing db credentials, use - ## these values - secrets: {} - # user: - # name: "rds-artifactory" - # key: "db-user" - # password: - # name: "rds-artifactory" - # key: "db-password" - # url: - # name: "rds-artifactory" - # key: "db-url" - -logger: - image: - registry: releases-docker.jfrog.io - repository: busybox - tag: 1.32.1 - -# Artifactory -artifactory: - name: artifactory-ha - # Note that by default we use appVersion to get image tag/version - image: - registry: releases-docker.jfrog.io - repository: jfrog/artifactory-pro - # tag: - pullPolicy: IfNotPresent - - # Create a priority class for the Artifactory pods or use an existing one - # NOTE - Maximum allowed value of a user defined priority is 1000000000 - priorityClass: - create: false - value: 1000000000 - ## Override default name - # name: - ## Use an existing priority class - # existingPriorityClass: - - # Delete the db.properties file in ARTIFACTORY_HOME/etc/db.properties - deleteDBPropertiesOnStartup: true - database: - maxOpenConnections: 80 - tomcat: - connector: - maxThreads: 200 - extraConfig: 'acceptCount="100"' - - # certificates added to this secret will be copied to $JFROG_HOME/artifactory/var/etc/security/keys/trusted directory - customCertificates: - enabled: false - # certificateSecretName: - - # Support for open metrics is only available for Artifactory 7.7.x (appVersions) and above. - # To enable set `.Values.artifactory.openMetrics.enabled` to `true` - # Refer - https://www.jfrog.com/confluence/display/JFROG/Open+Metrics - openMetrics: - enabled: false - - # This directory is intended for use with NFS eventual configuration for HA - haDataDir: - enabled: false - path: - haBackupDir: - enabled: false - path: - - # Files to copy to ARTIFACTORY_HOME/ on each Artifactory startup - copyOnEveryStartup: - # # Absolute path - # - source: /artifactory_bootstrap/binarystore.xml - # # Relative to ARTIFACTORY_HOME/ - # target: etc/artifactory/ - # # Absolute path - # - source: /artifactory_bootstrap/artifactory.cluster.license - # # Relative to ARTIFACTORY_HOME/ - # target: etc/artifactory/ - - # Sidecar containers for tailing Artifactory logs - loggers: [] - # - access-audit.log - # - access-request.log - # - access-security-audit.log - # - access-service.log - # - artifactory-access.log - # - artifactory-event.log - # - artifactory-import-export.log - # - artifactory-request.log - # - artifactory-service.log - # - frontend-request.log - # - frontend-service.log - # - metadata-request.log - # - metadata-service.log - # - router-request.log - # - router-service.log - # - router-traefik.log - # - derby.log - - # Loggers containers resources - loggersResources: {} - # requests: - # memory: "10Mi" - # cpu: "10m" - # limits: - # memory: "100Mi" - # cpu: "50m" - - # Sidecar containers for tailing Tomcat (catalina) logs - catalinaLoggers: [] - # - tomcat-catalina.log - # - tomcat-localhost.log - - # Tomcat (catalina) loggers resources - catalinaLoggersResources: {} - # requests: - # memory: "10Mi" - # cpu: "10m" - # limits: - # memory: "100Mi" - # cpu: "50m" - - # Migration support from 6.x to 7.x - migration: - enabled: true - timeoutSeconds: 3600 - ## Extra pre-start command in migration Init Container to install JDBC driver for MySql/MariaDb/Oracle - # preStartCommand: "mkdir -p /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib; cd /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib && wget -O /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib/mysql-connector-java-5.1.41.jar https://jcenter.bintray.com/mysql/mysql-connector-java/5.1.41/mysql-connector-java-5.1.41.jar" - - - ## Add custom init containers execution before predefined init containers - customInitContainersBegin: | - # - name: "custom-setup" - # image: "{{ .Values.initContainerImage }}" - # imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" - # command: - # - 'sh' - # - '-c' - # - 'touch {{ .Values.artifactory.persistence.mountPath }}/example-custom-setup' - # volumeMounts: - # - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - # name: volume - ## Add custom init containers - - ## Add custom init containers execution after predefined init containers - customInitContainers: | - # - name: "custom-systemyaml-setup" - # image: "{{ .Values.initContainerImage }}" - # imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" - # command: - # - 'sh' - # - '-c' - # - 'wget -O {{ .Values.artifactory.persistence.mountPath }}/etc/system.yaml https:///systemyaml' - # volumeMounts: - # - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - # name: volume - - ## Add custom sidecar containers - # - The provided example uses a custom volume (customVolumes) - # - The provided example shows running container as root (id 0) - customSidecarContainers: | - # - name: "sidecar-list-etc" - # image: "{{ .Values.initContainerImage }}" - # imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" - # securityContext: - # allowPrivilegeEscalation: false - # command: - # - 'sh' - # - '-c' - # - 'sh /scripts/script.sh' - # volumeMounts: - # - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - # name: volume - # - mountPath: "/scripts/script.sh" - # name: custom-script - # subPath: script.sh - # resources: - # requests: - # memory: "32Mi" - # cpu: "50m" - # limits: - # memory: "128Mi" - # cpu: "100m" - - ## Add custom volumes - customVolumes: | - # - name: custom-script - # configMap: - # name: custom-script - - ## Add custom volumesMounts - customVolumeMounts: | - # - name: custom-script - # mountPath: "/scripts/script.sh" - # subPath: script.sh - # - name: posthook-start - # mountPath: "/scripts/posthoook-start.sh" - # subPath: posthoook-start.sh - # - name: prehook-start - # mountPath: "/scripts/prehook-start.sh" - # subPath: prehook-start.sh - - # Add custom persistent volume mounts - Available for the pod - # If skipPrepareContainer is set to true , this will skip the prepare-custom-persistent-volume init container - customPersistentPodVolumeClaim: {} - # name: - # mountPath: - # accessModes: - # - "-" - # size: - # storageClassName: - # skipPrepareContainer: false - - # Add custom persistent volume mounts - Available to the entire namespace - customPersistentVolumeClaim: {} - # name: - # mountPath: - # accessModes: - # - "-" - # size: - # storageClassName: - - ## Artifactory HA requires a unique master key. Each Artifactory node must have the same master key! - ## You can generate one with the command: "openssl rand -hex 32" - ## Pass it to helm with '--set artifactory.masterKey=${MASTER_KEY}' - ## Alternatively, you can use a pre-existing secret with a key called master-key by specifying masterKeySecretName - ## IMPORTANT: You should NOT use the example masterKey for a production deployment! - ## IMPORTANT: This is a mandatory for fresh Install of 7.x (App version) - # masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF - # masterKeySecretName: - - ## Join Key to connect to other services to Artifactory. - ## IMPORTANT: Setting this value overrides the existing joinKey - ## IMPORTANT: You should NOT use the example joinKey for a production deployment! - # joinKey: EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE - ## Alternatively, you can use a pre-existing secret with a key called join-key by specifying joinKeySecretName - # joinKeySecretName: - - # Add custom secrets - secret per file - customSecrets: - # - name: custom-secret - # key: custom-secret.yaml - # data: > - # custom_secret_config: - # parameter1: value1 - # parameter2: value2 - # - name: custom-secret2 - # key: custom-secret2.config - # data: | - # here the custom secret 2 config - - ## If false, all service console logs will not redirect to a common console.log - consoleLog: false - - binarystore: - enabled: true - - ## admin allows to set the password for the default admin user. - ## See: https://www.jfrog.com/confluence/display/JFROG/Users+and+Groups#UsersandGroups-RecreatingtheDefaultAdminUserrecreate - admin: - ip: "127.0.0.1" - username: "admin" - password: - secret: - dataKey: - - ## Artifactory license. - license: - ## licenseKey is the license key in plain text. Use either this or the license.secret setting - licenseKey: - ## If artifactory.license.secret is passed, it will be mounted as - ## ARTIFACTORY_HOME/etc/artifactory.cluster.license and loaded at run time. - secret: - ## The dataKey should be the name of the secret data key created. - dataKey: - - ## Create configMap with artifactory.config.import.xml and security.import.xml and pass name of configMap in following parameter - configMapName: - - # Add any list of configmaps to Artifactory - configMaps: | - # posthook-start.sh: |- - # echo "This is a post start script" - # posthook-end.sh: |- - # echo "This is a post end script" - - ## List of secrets for Artifactory user plugins. - ## One Secret per plugin's files. - userPluginSecrets: - # - archive-old-artifacts - # - build-cleanup - # - webhook - # - '{{ template "my-chart.fullname" . }}' - - ## Extra pre-start command to install JDBC driver for MySql/MariaDb/Oracle - # preStartCommand: "mkdir -p /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib; cd /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib && wget -O /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib/mysql-connector-java-5.1.41.jar https://jcenter.bintray.com/mysql/mysql-connector-java/5.1.41/mysql-connector-java-5.1.41.jar" - ## Extra post-start command to run extra commands after container starts - # postStartCommand: - - ## Extra environment variables that can be used to tune Artifactory to your needs. - ## Uncomment and set value as needed - extraEnvironmentVariables: - # - name: SERVER_XML_ARTIFACTORY_PORT - # value: "8081" - # - name: SERVER_XML_ARTIFACTORY_MAX_THREADS - # value: "200" - # - name: SERVER_XML_ACCESS_MAX_THREADS - # value: "50" - # - name: SERVER_XML_ARTIFACTORY_EXTRA_CONFIG - # value: "" - # - name: SERVER_XML_ACCESS_EXTRA_CONFIG - # value: "" - # - name: SERVER_XML_EXTRA_CONNECTOR - # value: "" - # - name: DB_POOL_MAX_ACTIVE - # value: "100" - # - name: DB_POOL_MAX_IDLE - # value: "10" - # - name: MY_SECRET_ENV_VAR - # valueFrom: - # secretKeyRef: - # name: my-secret-name - # key: my-secret-key - - # TODO: Fix javaOpts for member nodes (currently uses primary settings for all nodes) - systemYaml: | - shared: - logging: - consoleLog: - enabled: {{ .Values.artifactory.consoleLog }} - extraJavaOpts: > - -Dartifactory.access.client.max.connections={{ .Values.access.tomcat.connector.maxThreads }} - {{- with .Values.artifactory.primary.javaOpts }} - -Dartifactory.async.corePoolSize={{ .corePoolSize }} - {{- if .xms }} - -Xms{{ .xms }} - {{- end }} - {{- if .xmx }} - -Xmx{{ .xmx }} - {{- end }} - {{- if .jmx.enabled }} - -Dcom.sun.management.jmxremote - -Dcom.sun.management.jmxremote.port={{ .jmx.port }} - -Dcom.sun.management.jmxremote.rmi.port={{ .jmx.port }} - -Dcom.sun.management.jmxremote.ssl={{ .jmx.ssl }} - {{- if .jmx.host }} - -Djava.rmi.server.hostname={{ tpl .jmx.host $ }} - {{- else }} - -Djava.rmi.server.hostname={{ template "artifactory-ha.fullname" $ }} - {{- end }} - {{- if .jmx.authenticate }} - -Dcom.sun.management.jmxremote.authenticate=true - -Dcom.sun.management.jmxremote.access.file={{ .jmx.accessFile }} - -Dcom.sun.management.jmxremote.password.file={{ .jmx.passwordFile }} - {{- else }} - -Dcom.sun.management.jmxremote.authenticate=false - {{- end }} - {{- end }} - {{- if .other }} - {{ .other }} - {{- end }} - {{- end }} - database: - {{- if .Values.postgresql.enabled }} - type: postgresql - url: "jdbc:postgresql://{{ .Release.Name }}-postgresql:{{ .Values.postgresql.service.port }}/{{ .Values.postgresql.postgresqlDatabase }}" - host: "" - driver: org.postgresql.Driver - username: "{{ .Values.postgresql.postgresqlUsername }}" - {{ else }} - type: "{{ .Values.database.type }}" - driver: "{{ .Values.database.driver }}" - {{- end }} - artifactory: - {{- if .Values.artifactory.openMetrics }} - metrics: - enabled: {{ .Values.artifactory.openMetrics.enabled }} - {{- end }} - {{- if or .Values.artifactory.haDataDir.enabled .Values.artifactory.haBackupDir.enabled }} - node: - {{- if .Values.artifactory.haDataDir.path }} - haDataDir: {{ .Values.artifactory.haDataDir.path }} - {{- end }} - {{- if .Values.artifactory.haBackupDir.path }} - haBackupDir: {{ .Values.artifactory.haBackupDir.path }} - {{- end }} - {{- end }} - database: - maxOpenConnections: {{ .Values.artifactory.database.maxOpenConnections }} - tomcat: - connector: - maxThreads: {{ .Values.artifactory.tomcat.connector.maxThreads }} - extraConfig: {{ .Values.artifactory.tomcat.connector.extraConfig }} - frontend: - session: - timeMinutes: {{ .Values.frontend.session.timeoutMinutes | quote }} - access: - database: - maxOpenConnections: {{ .Values.access.database.maxOpenConnections }} - tomcat: - connector: - maxThreads: {{ .Values.access.tomcat.connector.maxThreads }} - extraConfig: {{ .Values.access.tomcat.connector.extraConfig }} - {{- if .Values.access.database.enabled }} - type: "{{ .Values.access.database.type }}" - url: "{{ .Values.access.database.url }}" - driver: "{{ .Values.access.database.driver }}" - username: "{{ .Values.access.database.user }}" - password: "{{ .Values.access.database.password }}" - {{- end }} - metadata: - database: - maxOpenConnections: {{ .Values.metadata.database.maxOpenConnections }} - {{- if .Values.artifactory.replicator.enabled }} - replicator: - enabled: true - {{- end }} - - ## IMPORTANT: If overriding artifactory.internalPort: - ## DO NOT use port lower than 1024 as Artifactory runs as non-root and cannot bind to ports lower than 1024! - externalPort: 8082 - internalPort: 8082 - externalArtifactoryPort: 8081 - internalArtifactoryPort: 8081 - uid: 1030 - gid: 1030 - terminationGracePeriodSeconds: 30 - - ## By default, the Artifactory StatefulSet is created with a securityContext that sets the `runAsUser` and the `fsGroup` to the `artifactory.uid` value. - ## If you want to disable the securityContext for the Artifactory StatefulSet, set this tag to false - setSecurityContext: true - - ## The following settings are to configure the frequency of the liveness and readiness probes - livenessProbe: - enabled: true - path: /router/api/v1/system/health - initialDelaySeconds: 0 - failureThreshold: 10 - timeoutSeconds: 5 - periodSeconds: 10 - successThreshold: 1 - - readinessProbe: - enabled: true - path: /router/api/v1/system/health - initialDelaySeconds: 0 - failureThreshold: 10 - timeoutSeconds: 5 - periodSeconds: 10 - successThreshold: 1 - - startupProbe: - enabled: true - path: /router/api/v1/system/health - initialDelaySeconds: 30 - failureThreshold: 60 - periodSeconds: 5 - timeoutSeconds: 5 - - persistence: - enabled: true - local: false - redundancy: 3 - mountPath: "/var/opt/jfrog/artifactory" - accessMode: ReadWriteOnce - size: 200Gi - - ## Use a custom Secret to be mounted as your binarystore.xml - ## NOTE: This will ignore all settings below that make up binarystore.xml - customBinarystoreXmlSecret: - - maxCacheSize: 50000000000 - cacheProviderDir: cache - eventual: - numberOfThreads: 10 - ## artifactory data Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - # storageClassName: "-" - - ## Set the persistence storage type. This will apply the matching binarystore.xml to Artifactory config - ## Supported types are: - ## file-system (default) - ## nfs - ## google-storage - ## aws-s3 - ## aws-s3-v3 - ## azure-blob - type: file-system - - ## Use binarystoreXml to provide a custom binarystore.xml - ## This can be a template or hardcoded. - binarystoreXml: | - {{- if eq .Values.artifactory.persistence.type "file-system" }} - - {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} - - - - - - {{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) -}} - - {{- end }} - - - - - - {{ .Values.artifactory.persistence.maxCacheSize }} - {{ .Values.artifactory.persistence.cacheProviderDir }} - - - // Specify the read and write strategy and redundancy for the sharding binary provider - - roundRobin - percentageFreeSpace - 2 - - - {{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) -}} - //For each sub-provider (mount), specify the filestore location - - filestore{{ $sharedClaimNumber }} - - {{- end }} - - {{- else }} - - - - - crossNetworkStrategy - crossNetworkStrategy - {{ .Values.artifactory.persistence.redundancy }} - 2 - 2 - - - - - - - - - {{ .Values.artifactory.persistence.maxCacheSize }} - {{ .Values.artifactory.persistence.cacheProviderDir }} - - - - - shard-fs-1 - local - - - - - 30 - tester-remote1 - 10000 - remote - - - - {{- end }} - {{- end }} - {{- if eq .Values.artifactory.persistence.type "google-storage" }} - - - - - - crossNetworkStrategy - crossNetworkStrategy - {{ .Values.artifactory.persistence.redundancy }} - 2 - - - {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} - - {{- else }} - - {{- end }} - - - - - - - - - - - {{ .Values.artifactory.persistence.maxCacheSize }} - {{ .Values.artifactory.persistence.cacheProviderDir }} - - - - local - - - - 30 - 10000 - remote - - - - {{ .Values.artifactory.persistence.mountPath }}/data/filestore - /tmp - - - {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} - - false - {{- else }} - - {{ .Values.artifactory.persistence.googleStorage.identity }} - {{ .Values.artifactory.persistence.googleStorage.credential }} - {{- end }} - google-cloud-storage - {{ .Values.artifactory.persistence.googleStorage.endpoint }} - {{ .Values.artifactory.persistence.googleStorage.httpsOnly }} - {{ .Values.artifactory.persistence.googleStorage.bucketName }} - {{ .Values.artifactory.persistence.googleStorage.path }} - {{ .Values.artifactory.persistence.googleStorage.bucketExists }} - - - {{- end }} - {{- if eq .Values.artifactory.persistence.type "aws-s3-v3" }} - - - - - - - - - - - - - - - - - crossNetworkStrategy - crossNetworkStrategy - {{ .Values.artifactory.persistence.redundancy }} - - - - - remote - - - - local - - - - - {{ .Values.artifactory.persistence.maxCacheSize }} - {{ .Values.artifactory.persistence.cacheProviderDir }} - - - {{- with .Values.artifactory.persistence.awsS3V3 }} - - {{ .testConnection }} - {{- if .identity }} - {{ .identity }} - {{- end }} - {{- if .credential }} - {{ .credential }} - {{- end }} - {{ .region }} - {{ .bucketName }} - {{ .path }} - {{ .endpoint }} - {{- with .maxConnections }} - {{ . }} - {{- end }} - {{- with .kmsServerSideEncryptionKeyId }} - {{ . }} - {{- end }} - {{- with .kmsKeyRegion }} - {{ . }} - {{- end }} - {{- with .kmsCryptoMode }} - {{ . }} - {{- end }} - {{- if .useInstanceCredentials }} - true - {{- else }} - false - {{- end }} - {{ .usePresigning }} - {{ .signatureExpirySeconds }} - {{- with .cloudFrontDomainName }} - {{ . }} - {{- end }} - {{- with .cloudFrontKeyPairId }} - {{ .cloudFrontKeyPairId }} - {{- end }} - {{- with .cloudFrontPrivateKey }} - {{ . }} - {{- end }} - {{- with .enableSignedUrlRedirect }} - {{ . }} - {{- end }} - {{- with .enablePathStyleAccess }} - {{ . }} - {{- end }} - - {{- end }} - - {{- end }} - - {{- if eq .Values.artifactory.persistence.type "aws-s3" }} - - - - - - - - - - - - - - - - - - {{ .Values.artifactory.persistence.maxCacheSize }} - {{ .Values.artifactory.persistence.cacheProviderDir }} - - - - local - - - - 30 - 10000 - remote - - - - crossNetworkStrategy - crossNetworkStrategy - {{ .Values.artifactory.persistence.redundancy }} - - - - - {{ .Values.artifactory.persistence.awsS3.endpoint }} - {{- if .Values.artifactory.persistence.awsS3.roleName }} - {{ .Values.artifactory.persistence.awsS3.roleName }} - true - {{- else }} - {{ .Values.artifactory.persistence.awsS3.refreshCredentials }} - {{- end }} - {{ .Values.artifactory.persistence.awsS3.s3AwsVersion }} - {{ .Values.artifactory.persistence.awsS3.testConnection }} - {{ .Values.artifactory.persistence.awsS3.httpsOnly }} - {{ .Values.artifactory.persistence.awsS3.region }} - {{ .Values.artifactory.persistence.awsS3.bucketName }} - {{- if .Values.artifactory.persistence.awsS3.identity }} - {{ .Values.artifactory.persistence.awsS3.identity }} - {{- end }} - {{- if .Values.artifactory.persistence.awsS3.credential }} - {{ .Values.artifactory.persistence.awsS3.credential }} - {{- end }} - {{ .Values.artifactory.persistence.awsS3.path }} - {{- range $key, $value := .Values.artifactory.persistence.awsS3.properties }} - - {{- end }} - - - {{- end }} - {{- if eq .Values.artifactory.persistence.type "azure-blob" }} - - - - - - - - - - - - - - - - - - {{ .Values.artifactory.persistence.maxCacheSize }} - {{ .Values.artifactory.persistence.cacheProviderDir }} - - - - - crossNetworkStrategy - crossNetworkStrategy - 2 - 1 - - - - - remote - - - - local - - - - - {{ .Values.artifactory.persistence.azureBlob.accountName }} - {{ .Values.artifactory.persistence.azureBlob.accountKey }} - {{ .Values.artifactory.persistence.azureBlob.endpoint }} - {{ .Values.artifactory.persistence.azureBlob.containerName }} - {{ .Values.artifactory.persistence.azureBlob.multiPartLimit }} - {{ .Values.artifactory.persistence.azureBlob.multipartElementSize }} - {{ .Values.artifactory.persistence.azureBlob.testConnection }} - - - {{- end }} - - ## For artifactory.persistence.type file-system - fileSystem: - ## You may also use existing shared claims for the data and backup storage. This allows storage (NAS for example) to be used for Data and Backup dirs which are safe to share across multiple artifactory nodes. - ## You may specify numberOfExistingClaims to indicate how many of these existing shared claims to mount. (Default = 1) - ## Create PVCs with ReadWriteMany that match the naming convetions: - ## {{ template "artifactory-ha.fullname" . }}-data-pvc- - ## {{ template "artifactory-ha.fullname" . }}-backup-pvc - ## Example (using numberOfExistingClaims: 2) - ## myexample-data-pvc-0 - ## myexample-data-pvc-1 - ## myexample-backup-pvc - ## Note: While you need two PVC fronting two PVs, multiple PVs can be attached to the same storage in many cases allowing you to share an underlying drive. - - ## Need to have the following set - existingSharedClaim: - enabled: false - numberOfExistingClaims: 1 - ## Should be a child directory of {{ .Values.artifactory.persistence.mountPath }} - dataDir: "{{ .Values.artifactory.persistence.mountPath }}/artifactory-data" - backupDir: "/var/opt/jfrog/artifactory-backup" - - - ## For artifactory.persistence.type nfs - ## If using NFS as the shared storage, you must have a running NFS server that is accessible by your Kubernetes - ## cluster nodes. - ## Need to have the following set - nfs: - # Must pass actual IP of NFS server with '--set For artifactory.persistence.nfs.ip=${NFS_IP}' - ip: - haDataMount: "/data" - haBackupMount: "/backup" - dataDir: "/var/opt/jfrog/artifactory-ha" - backupDir: "/var/opt/jfrog/artifactory-backup" - capacity: 200Gi - mountOptions: [] - ## For artifactory.persistence.type google-storage - googleStorage: - ## When using GCP buckets as your binary store (Available with enterprise license only) - gcpServiceAccount: - enabled: false - ## Use either an existing secret prepared in advance or put the config (replace the content) in the values - ## ref: https://github.com/jfrog/charts/blob/master/stable/artifactory-ha/README.md#google-storage - # customSecretName: - # config: | - # { - # "type": "service_account", - # "project_id": "", - # "private_key_id": "?????", - # "private_key": "-----BEGIN PRIVATE KEY-----\n????????==\n-----END PRIVATE KEY-----\n", - # "client_email": "???@j.iam.gserviceaccount.com", - # "client_id": "???????", - # "auth_uri": "https://accounts.google.com/o/oauth2/auth", - # "token_uri": "https://oauth2.googleapis.com/token", - # "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", - # "client_x509_cert_url": "https://www.googleapis.com/robot/v1....." - # } - endpoint: commondatastorage.googleapis.com - httpsOnly: false - # Set a unique bucket name - bucketName: "artifactory-ha-gcp" - identity: - credential: - path: "artifactory-ha/filestore" - bucketExists: false - - ## For artifactory.persistence.type aws-s3-v3 - awsS3V3: - testConnection: false - identity: - credential: - region: - bucketName: artifactory-aws - path: artifactory/filestore - endpoint: - maxConnections: 50 - kmsServerSideEncryptionKeyId: - kmsKeyRegion: - kmsCryptoMode: - useInstanceCredentials: true - usePresigning: false - signatureExpirySeconds: 300 - cloudFrontDomainName: - cloudFrontKeyPairId: - cloudFrontPrivateKey: - enableSignedUrlRedirect: false - enablePathStyleAccess: false - - ## For artifactory.persistence.type aws-s3 - ## IMPORTANT: Make sure S3 `endpoint` and `region` match! See https://docs.aws.amazon.com/general/latest/gr/rande.html - awsS3: - # Set a unique bucket name - bucketName: "artifactory-ha-aws" - endpoint: - region: - roleName: - identity: - credential: - path: "artifactory-ha/filestore" - refreshCredentials: true - httpsOnly: true - testConnection: false - s3AwsVersion: "AWS4-HMAC-SHA256" - - ## Additional properties to set on the s3 provider - properties: {} - # httpclient.max-connections: 100 - ## For artifactory.persistence.type azure-blob - azureBlob: - accountName: - accountKey: - endpoint: - containerName: - multiPartLimit: 100000000 - multipartElementSize: 50000000 - testConnection: false - service: - name: artifactory - type: ClusterIP - ## For supporting whitelist on the Artifactory service (useful if setting service.type=LoadBalancer) - ## Set this to a list of IP CIDR ranges - ## Example: loadBalancerSourceRanges: ['10.10.10.5/32', '10.11.10.5/32'] - ## or pass from helm command line - ## Example: helm install ... --set nginx.service.loadBalancerSourceRanges='{10.10.10.5/32,10.11.10.5/32}' - loadBalancerSourceRanges: [] - annotations: {} - ## Which nodes in the cluster should be in the external load balancer pool (have external traffic routed to them) - ## Supported pool values - ## members - ## all - pool: members - - ## The following Java options are passed to the java process running Artifactory. - ## This will be passed to all cluster members. Primary and member nodes. - javaOpts: {} - # other: "" - - ## The following setting are to configure a dedicated Ingress object for Replicator service - replicator: - enabled: false - ingress: - name: - hosts: [] - annotations: {} - # kubernetes.io/ingress.class: nginx - # nginx.ingress.kubernetes.io/proxy-buffering: "off" - # nginx.ingress.kubernetes.io/configuration-snippet: | - # chunked_transfer_encoding on; - tls: [] - # Secrets must be manually created in the namespace. - # - hosts: - # - artifactory.domain.example - # secretName: chart-example-tls-secret - ## When replicator is enabled and want to use tracker feature, trackerIngress.enabled flag should be set to true - ## Please refer - https://www.jfrog.com/confluence/display/JFROG/JFrog+Peer-to-Peer+%28P2P%29+Downloads - trackerIngress: - enabled: false - name: - hosts: [] - annotations: {} - # kubernetes.io/ingress.class: nginx - # nginx.ingress.kubernetes.io/proxy-buffering: "off" - # nginx.ingress.kubernetes.io/configuration-snippet: | - # chunked_transfer_encoding on; - tls: [] - # Secrets must be manually created in the namespace. - # - hosts: - # - artifactory.domain.example - # secretName: chart-example-tls-secret - - ssh: - enabled: false - internalPort: 1339 - externalPort: 1339 - - annotations: {} - - ## Type specific configurations. - ## There is a difference between the primary and the member nodes. - ## Customising their resources and java parameters is done here. - primary: - name: artifactory-ha-primary - # preStartCommand specific to the primary node, to be run after artifactory.preStartCommand - # preStartCommand: - labels: {} - persistence: - ## Set existingClaim to true or false - ## If true, you must prepare a PVC with the name e.g `volume-myrelease-artifactory-ha-primary-0` - existingClaim: false - - replicaCount: 1 - # minAvailable: 1 - - updateStrategy: - type: RollingUpdate - - ## Resources for the primary node - resources: {} - # requests: - # memory: "1Gi" - # cpu: "500m" - # limits: - # memory: "2Gi" - # cpu: "1" - ## The following Java options are passed to the java process running Artifactory primary node. - ## You should set them according to the resources set above - javaOpts: - # xms: "1g" - # xmx: "2g" - corePoolSize: 16 - jmx: - enabled: false - port: 9010 - host: - ssl: false - # When authenticate is true, accessFile and passwordFile are required - authenticate: false - accessFile: - passwordFile: - # other: "" - nodeSelector: {} - - tolerations: [] - - affinity: {} - ## Only used if "affinity" is empty - podAntiAffinity: - ## Valid values are "soft" or "hard"; any other value indicates no anti-affinity - type: "" - topologyKey: "kubernetes.io/hostname" - - node: - name: artifactory-ha-member - # preStartCommand specific to the member node, to be run after artifactory.preStartCommand - # preStartCommand: - labels: {} - persistence: - ## Set existingClaim to true or false - ## If true, you must prepare a PVC with the name e.g `volume-myrelease-artifactory-ha-member-0` - existingClaim: false - replicaCount: 2 - updateStrategy: - type: RollingUpdate - minAvailable: 1 - ## Resources for the member nodes - resources: {} - # requests: - # memory: "1Gi" - # cpu: "500m" - # limits: - # memory: "2Gi" - # cpu: "1" - ## The following Java options are passed to the java process running Artifactory member nodes. - ## You should set them according to the resources set above - javaOpts: - # xms: "1g" - # xmx: "2g" - corePoolSize: 16 - jmx: - enabled: false - port: 9010 - host: - ssl: false - # When authenticate is true, accessFile and passwordFile are required - authenticate: false - accessFile: - passwordFile: - # other: "" - # xms: "1g" - # xmx: "2g" - # other: "" - nodeSelector: {} - - ## Wait for Artifactory primary - waitForPrimaryStartup: - enabled: true - - ## Setting time will override the built in test and will just wait the set time - time: - - tolerations: [] - - ## Complete specification of the "affinity" of the member nodes; if this is non-empty, - ## "podAntiAffinity" values are not used. - affinity: {} - - ## Only used if "affinity" is empty - podAntiAffinity: - ## Valid values are "soft" or "hard"; any other value indicates no anti-affinity - type: "" - topologyKey: "kubernetes.io/hostname" - -frontend: - ## Session settings - session: - ## Time in minutes after which the frontend token will need to be refreshed - timeoutMinutes: '30' - -access: - ## Enable TLS by changing the tls entry (under the security section) in the access.config.yaml file. - ## ref: https://www.jfrog.com/confluence/display/JFROG/Managing+TLS+Certificates#ManagingTLSCertificates - ## When security.tls is set to true, JFrog Access will act as the Certificate Authority (CA) and sign the TLS certificates used by all the different JFrog Platform nodes. - ## This ensures that the node to node communication is done over TLS. - accessConfig: - security: - tls: false - - ## You can use a pre-existing secret by specifying customCertificatesSecretName - ## Example : Create a tls secret using `kubectl create secret tls --cert=ca.crt --key=ca.private.key` - # customCertificatesSecretName: - - ## When resetAccessCAKeys is true, Access will regenerate the CA certificate and matching private key - # resetAccessCAKeys: false - database: - maxOpenConnections: 80 - tomcat: - connector: - maxThreads: 50 - extraConfig: 'acceptCount="100"' - -metadata: - database: - maxOpenConnections: 80 - -# Init containers -initContainers: - resources: {} -# requests: -# memory: "64Mi" -# cpu: "10m" -# limits: -# memory: "128Mi" -# cpu: "250m" - - -# Nginx -nginx: - enabled: true - kind: Deployment - name: nginx - labels: {} - replicaCount: 1 - minAvailable: 0 - uid: 104 - gid: 107 - # Note that by default we use appVersion to get image tag/version - image: - registry: releases-docker.jfrog.io - repository: jfrog/nginx-artifactory-pro - # tag: - pullPolicy: IfNotPresent - - # Priority Class name to be used in deployment if provided - priorityClassName: - - # Sidecar containers for tailing Nginx logs - loggers: [] - # - access.log - # - error.log - - # Loggers containers resources - loggersResources: {} - # requests: - # memory: "64Mi" - # cpu: "25m" - # limits: - # memory: "128Mi" - # cpu: "50m" - - # Logs options - logs: - stderr: false - level: warn - - mainConf: | - # Main Nginx configuration file - worker_processes 4; - - {{ if .Values.nginx.logs.stderr }} - error_log stderr {{ .Values.nginx.logs.level }}; - {{- else -}} - error_log {{ .Values.nginx.persistence.mountPath }}/logs/error.log {{ .Values.nginx.logs.level }}; - {{- end }} - pid /tmp/nginx.pid; - - {{- if .Values.artifactory.ssh.enabled }} - ## SSH Server Configuration - stream { - server { - listen {{ .Values.nginx.ssh.internalPort }}; - proxy_pass {{ include "artifactory-ha.fullname" . }}:{{ .Values.artifactory.ssh.externalPort }}; - } - } - {{- end }} - - events { - worker_connections 1024; - } - http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - variables_hash_max_size 1024; - variables_hash_bucket_size 64; - server_names_hash_max_size 4096; - server_names_hash_bucket_size 128; - types_hash_max_size 2048; - types_hash_bucket_size 64; - proxy_read_timeout 2400s; - client_header_timeout 2400s; - client_body_timeout 2400s; - proxy_connect_timeout 75s; - proxy_send_timeout 2400s; - proxy_buffer_size 128k; - proxy_buffers 40 128k; - proxy_busy_buffers_size 128k; - proxy_temp_file_write_size 250m; - proxy_http_version 1.1; - client_body_buffer_size 128k; - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - log_format timing 'ip = $remote_addr ' - 'user = \"$remote_user\" ' - 'local_time = \"$time_local\" ' - 'host = $host ' - 'request = \"$request\" ' - 'status = $status ' - 'bytes = $body_bytes_sent ' - 'upstream = \"$upstream_addr\" ' - 'upstream_time = $upstream_response_time ' - 'request_time = $request_time ' - 'referer = \"$http_referer\" ' - 'UA = \"$http_user_agent\"'; - access_log {{ .Values.nginx.persistence.mountPath }}/logs/access.log timing; - sendfile on; - #tcp_nopush on; - keepalive_timeout 65; - #gzip on; - include /etc/nginx/conf.d/*.conf; - } - - artifactoryConf: | - {{- if .Values.nginx.https.enabled }} - ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; - ssl_certificate {{ .Values.nginx.persistence.mountPath }}/ssl/tls.crt; - ssl_certificate_key {{ .Values.nginx.persistence.mountPath }}/ssl/tls.key; - ssl_session_cache shared:SSL:1m; - ssl_prefer_server_ciphers on; - {{- end }} - ## server configuration - server { - {{- if .Values.nginx.internalPortHttps }} - listen {{ .Values.nginx.internalPortHttps }} ssl; - {{- else -}} - {{- if .Values.nginx.https.enabled }} - listen {{ .Values.nginx.https.internalPort }} ssl; - {{- end }} - {{- end }} - {{- if .Values.nginx.internalPortHttp }} - listen {{ .Values.nginx.internalPortHttp }}; - {{- else -}} - {{- if .Values.nginx.http.enabled }} - listen {{ .Values.nginx.http.internalPort }}; - {{- end }} - {{- end }} - server_name ~(?.+)\.{{ include "artifactory-ha.fullname" . }} {{ include "artifactory-ha.fullname" . }} - {{- range .Values.ingress.hosts -}} - {{- if contains "." . -}} - {{ "" | indent 0 }} ~(?.+)\.{{ . }} - {{- end -}} - {{- end -}}; - if ($http_x_forwarded_proto = '') { - set $http_x_forwarded_proto $scheme; - } - ## Application specific logs - ## access_log /var/log/nginx/artifactory-access.log timing; - ## error_log /var/log/nginx/artifactory-error.log; - rewrite ^/artifactory/?$ / redirect; - if ( $repo != "" ) { - rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/$repo/$1/$2 break; - } - chunked_transfer_encoding on; - client_max_body_size 0; - - location / { - proxy_read_timeout 900; - proxy_pass_header Server; - proxy_cookie_path ~*^/.* /; - proxy_pass {{ include "artifactory-ha.scheme" . }}://{{ include "artifactory-ha.fullname" . }}:{{ .Values.artifactory.externalPort }}/; - {{- if .Values.nginx.service.ssloffload}} - proxy_set_header X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host; - {{- else }} - proxy_set_header X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host:$server_port; - proxy_set_header X-Forwarded-Port $server_port; - {{- end }} - proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - add_header Strict-Transport-Security always; - - location /artifactory/ { - if ( $request_uri ~ ^/artifactory/(.*)$ ) { - proxy_pass {{ include "artifactory-ha.scheme" . }}://{{ include "artifactory-ha.fullname" . }}:{{ .Values.artifactory.externalArtifactoryPort }}/artifactory/$1; - } - proxy_pass {{ include "artifactory-ha.scheme" . }}://{{ include "artifactory-ha.fullname" . }}:{{ .Values.artifactory.externalArtifactoryPort }}/artifactory/; - } - } - } - - service: - ## For minikube, set this to NodePort, elsewhere use LoadBalancer - type: LoadBalancer - ssloffload: false - ## For supporting whitelist on the Nginx LoadBalancer service - ## Set this to a list of IP CIDR ranges - ## Example: loadBalancerSourceRanges: ['10.10.10.5/32', '10.11.10.5/32'] - ## or pass from helm command line - ## Example: helm install ... --set nginx.service.loadBalancerSourceRanges='{10.10.10.5/32,10.11.10.5/32}' - loadBalancerSourceRanges: [] - ## Provide static ip address - loadBalancerIP: - ## There are two available options: “Cluster” (default) and “Local”. - externalTrafficPolicy: Cluster - labels: {} - # label-key: label-value - http: - enabled: true - externalPort: 80 - internalPort: 80 - https: - enabled: true - externalPort: 443 - internalPort: 443 - # DEPRECATED: The following will be replaced by L1065-L1076 in a future release - # externalPortHttp: 80 - # internalPortHttp: 80 - # externalPortHttps: 443 - # internalPortHttps: 443 - - ssh: - internalPort: 1339 - externalPort: 1339 - - ## The following settings are to configure the frequency of the liveness and readiness probes - livenessProbe: - enabled: true - path: /router/api/v1/system/health - initialDelaySeconds: 0 - failureThreshold: 10 - timeoutSeconds: 5 - periodSeconds: 10 - successThreshold: 1 - - readinessProbe: - enabled: true - path: /router/api/v1/system/health - initialDelaySeconds: 0 - failureThreshold: 10 - timeoutSeconds: 5 - periodSeconds: 10 - successThreshold: 1 - - startupProbe: - enabled: true - path: /router/api/v1/system/health - initialDelaySeconds: 30 - failureThreshold: 60 - periodSeconds: 5 - timeoutSeconds: 5 - - ## The SSL secret that will be used by the Nginx pod - # tlsSecretName: chart-example-tls - ## Custom ConfigMap for nginx.conf - customConfigMap: - ## Custom ConfigMap for artifactory.conf - customArtifactoryConfigMap: - persistence: - mountPath: "/var/opt/jfrog/nginx" - enabled: false - ## A manually managed Persistent Volume and Claim - ## Requires persistence.enabled: true - ## If defined, PVC must be created manually before volume will be bound - # existingClaim: - - accessMode: ReadWriteOnce - size: 5Gi - ## nginx data Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - # storageClassName: "-" - resources: {} - # requests: - # memory: "250Mi" - # cpu: "100m" - # limits: - # memory: "250Mi" - # cpu: "500m" - - nodeSelector: {} - - tolerations: [] - - affinity: {} - -# Filebeat Sidecar container -## The provided filebeat configuration is for Artifactory logs. It assumes you have a logstash installed and configured properly. -filebeat: - enabled: false - name: artifactory-filebeat - image: - repository: "docker.elastic.co/beats/filebeat" - version: 7.9.2 - logstashUrl: "logstash:5044" - - terminationGracePeriod: 10 - - livenessProbe: - exec: - command: - - sh - - -c - - | - #!/usr/bin/env bash -e - curl --fail 127.0.0.1:5066 - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 5 - - readinessProbe: - exec: - command: - - sh - - -c - - | - #!/usr/bin/env bash -e - filebeat test output - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 5 - - resources: {} -# requests: -# memory: "100Mi" -# cpu: "100m" -# limits: -# memory: "100Mi" -# cpu: "100m" - - filebeatYml: | - logging.level: info - path.data: {{ .Values.artifactory.persistence.mountPath }}/log/filebeat - name: artifactory-filebeat - queue.spool: ~ - filebeat.inputs: - - type: log - enabled: true - close_eof: ${CLOSE:false} - paths: - - {{ .Values.artifactory.persistence.mountPath }}/log/*.log - fields: - service: "jfrt" - log_type: "artifactory" - output: - logstash: - hosts: ["{{ .Values.filebeat.logstashUrl }}"] - -## Allows to add additional kubernetes resources -## Use --- as a separator between multiple resources -## For an example, refer - https://github.com/jfrog/log-analytics-prometheus/blob/master/artifactory-ha-values.yaml -additionalResources: | - -# Adding entries to a Pod's /etc/hosts file -# For an example, refer - https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases -hostAliases: [] -# - ip: "127.0.0.1" -# hostnames: -# - "foo.local" -# - "bar.local" -# - ip: "10.1.2.3" -# hostnames: -# - "foo.remote" -# - "bar.remote" diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/.helmignore b/charts/artifactory-ha/artifactory-ha/4.13.000/.helmignore deleted file mode 100755 index c7eb1e274..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -OWNERS \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/CHANGELOG.md b/charts/artifactory-ha/artifactory-ha/4.13.000/CHANGELOG.md deleted file mode 100755 index 8d287d283..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/CHANGELOG.md +++ /dev/null @@ -1,1048 +0,0 @@ -# JFrog Artifactory-ha Chart Changelog -All changes to this chart will be documented in this file. - -## [4.13.0] - April 5, 2021 -* **IMPORTANT** -* Added `charts.jfrog.io` as default JFrog Helm repository -* Updated Artifactory version to 7.17.5 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.17.5) - -## [4.12.2] - Mar 31, 2021 -* Updated Artifactory version to 7.17.4 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.17.4) - -## [4.12.1] - Mar 30, 2021 -* Updated Artifactory version to 7.17.3 -* Add `timeoutSeconds` to all exec probes - Please refer [here](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes) - -## [4.12.0] - Mar 24, 2021 -* Updated Artifactory version to 7.17.2 -* Optimized startupProbe time - -## [4.11.0] - Mar 18, 2021 -* Add support to startupProbe - -## [4.10.0] - Mar 15, 2021 -* Updated Artifactory version to 7.16.3 - -## [4.9.5] - Mar 09, 2021 -* Added HSTS header to nginx conf - -## [4.9.4] - Mar 9, 2021 -* Removed bintray URL references in the chart - -## [4.9.3] - Mar 04, 2021 -* Updated Artifactory version to 7.15.4 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.15.4) - -## [4.9.2] - Mar 04, 2021 -* Fixed creation of nginx-certificate-secret when Nginx is disabled - -## [4.9.1] - Feb 19, 2021 -* Update busybox tag version to `1.32.1` - -## [4.9.0] - Feb 18, 2021 -* Updated Artifactory version to 7.15.3 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.15.3) -* Add option to specify update strategy for Artifactory statefulset - -## [4.8.1] - Feb 11, 2021 -* Exposed "multiPartLimit" and "multipartElementSize" for the Azure Blob Storage Binary Provider - -## [4.8.0] - Feb 08, 2021 -* Updated Artifactory version to 7.12.8 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.12.8) -* Support for custom certificates using secrets -* **Important:** Switched docker images download from `docker.bintray.io` to `releases-docker.jfrog.io` -* Update alpine tag version to `3.13.1` - -## [4.7.9] - Feb 3, 2021 -* Fix copyOnEveryStartup for HA cluster license - -## [4.7.8] - Jan 25, 2021 -* Add support for hostAliases - -## [4.7.7] - Jan 11, 2021 -* Fix failures when using creds file for configurating google storage - -## [4.7.6] - Jan 11, 2021 -* Updated Artifactory version to 7.12.6 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.12.6) - -## [4.7.5] - Jan 07, 2021 -* Added support for optional tracker dedicated ingress `.Values.artifactory.replicator.trackerIngress.enabled` (defaults to false) - -## [4.7.4] - Jan 04, 2021 -* Fixed gid support for statefulset - -## [4.7.3] - Dec 31, 2020 -* Added gid support for statefulset -* Add setSecurityContext flag to allow securityContext block to be removed from artifactory statefulset - -## [4.7.2] - Dec 29, 2020 -* **Important:** Removed `.Values.metrics` and `.Values.fluentd` (Fluentd and Prometheus integrations) -* Add support for creating additional kubernetes resources - [refer here](https://github.com/jfrog/log-analytics-prometheus/blob/master/artifactory-ha-values.yaml) -* Updated Artifactory version to 7.12.5 - -## [4.7.1] - Dec 21, 2020 -* Updated Artifactory version to 7.12.3 - -## [4.7.0] - Dec 18, 2020 -* Updated Artifactory version to 7.12.2 -* Added `.Values.artifactory.openMetrics.enabled` - -## [4.6.1] - Dec 11, 2020 -* Added configurable `.Values.global.versions.artifactory` in values.yaml - -## [4.6.0] - Dec 10, 2020 -* Update postgresql tag version to `12.5.0-debian-10-r25` -* Fixed `artifactory.persistence.googleStorage.endpoint` from `storage.googleapis.com` to `commondatastorage.googleapis.com` -* Updated chart maintainers email - -## [4.5.5] - Dec 4, 2020 -* **Important:** Renamed `.Values.systemYaml` to `.Values.systemYamlOverride` - -## [4.5.4] - Dec 1, 2020 -* Improve error message returned when attempting helm upgrade command - -## [4.5.3] - Nov 30, 2020 -* Updated Artifactory version to 7.11.5 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.11) - -# [4.5.2] - Nov 23, 2020 -* Updated Artifactory version to 7.11.2 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.11) -* Updated port namings on services and pods to allow for istio protocol discovery -* Change semverCompare checks to support hosted Kubernetes -* Add flag to disable creation of ServiceMonitor when enabling prometheus metrics -* Prevent the PostHook command to be executed if the user did not specify a command in the values file -* Fix issue with tls file generation when nginx.https.enabled is false - -## [4.5.1] - Nov 19, 2020 -* Updated Artifactory version to 7.11.2 -* Bugfix - access.config.import.xml override Access Federation configurations - -## [4.5.0] - Nov 17, 2020 -* Updated Artifactory version to 7.11.1 -* Update alpine tag version to `3.12.1` - -## [4.4.6] - Nov 10, 2020 -* Pass system.yaml via external secret for advanced usecases -* Added support for custom ingress -* Bugfix - stateful set not picking up changes to database secrets - -## [4.4.5] - Nov 9, 2020 -* Updated Artifactory version to 7.10.6 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.10.6) - -## [4.4.4] - Nov 2, 2020 -* Add enablePathStyleAccess property for aws-s3-v3 binary provider template - -## [4.4.3] - Nov 2, 2020 -* Updated Artifactory version to 7.10.5 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.10.5) - -## [4.4.2] - Oct 22, 2020 -* Chown bug fix where Linux capability cannot chown all files causing log line warnings -* Fix Frontend timeout linting issue - -## [4.4.1] - Oct 20, 2020 -* Add flag to disable prepare-custom-persistent-volume init container - -## [4.4.0] - Oct 19, 2020 -* Updated Artifactory version to 7.10.2 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.10.2) - -## [4.3.4] - Oct 19, 2020 -* Add support to specify priorityClassName for nginx deployment - -## [4.3.3] - Oct 15, 2020 -* Fixed issue with node PodDisruptionBudget which also getting applied on the primary -* Fix mandatory masterKey check issue when upgrading from 6.x to 7.x - -## [4.3.2] - Oct 14, 2020 -* Add support to allow more than 1 Primary in Artifactory-ha STS - -## [4.3.1] - Oct 9, 2020 -* Add global support for customInitContainersBegin - -## [4.3.0] - Oct 07, 2020 -* Updated Artifactory version to 7.9.1 -* **Breaking change:** Fix `storageClass` to correct `storageClassName` in values.yaml - -## [4.2.0] - Oct 5, 2020 -* Expose Prometheus metrics via a ServiceMonitor -* Parse log files for metric data with Fluentd - -## [4.1.0] - Sep 30, 2020 -* Updated Artifactory version to 7.9.0 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.9) - -## [4.0.12] - Sep 25, 2020 -* Update to use linux capability CAP_CHOWN instead of root base init container to avoid any use of root containers to pass Redhat security requirements - -## [4.0.11] - Sep 28, 2020 -* Setting chart coordinates in migitation yaml - -## [4.0.10] - Sep 25, 2020 -* Update filebeat version to `7.9.2` - -## [4.0.9] - Sep 24, 2020 -* Fixed broken issue - when setting `waitForDatabase:false` container startup still waits for DB - -## [4.0.8] - Sep 22, 2020 -* Updated readme - -## [4.0.7] - Sep 22, 2020 -* Fix lint issue in migitation yaml - -## [4.0.6] - Sep 22, 2020 -* Fix broken migitation yaml - -## [4.0.5] - Sep 21, 2020 -* Added mitigation yaml for Artifactory - [More info](https://github.com/jfrog/chartcenter/blob/master/docs/securitymitigationspec.md) - -## [4.0.4] - Sep 17, 2020 -* Added configurable session(UI) timeout in frontend microservice - -## [4.0.3] - Sep 17, 2020 -* Fix small typo in README and added proper required text to be shown while postgres upgrades - -## [4.0.2] - Sep 14, 2020 -* Updated Artifactory version to 7.7.8 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.7.8) - -## [4.0.1] - Sep 8, 2020 -* Added support for artifactory pro license (single node) installation. - -## [4.0.0] - Sep 2, 2020 -* **Breaking change:** Changed `imagePullSecrets` value from string to list -* **Breaking change:** Added `image.registry` and changed `image.version` to `image.tag` for docker images -* Added support for global values -* Updated maintainers in chart.yaml -* Update postgresql tag version to `12.3.0-debian-10-r71` -* Update postgresqlsub chart version to `9.3.4` - [9.x Upgrade Notes](https://github.com/bitnami/charts/tree/master/bitnami/postgresql#900) -* **IMPORTANT** -* If this is a new deployment or you already use an external database (`postgresql.enabled=false`), these changes **do not affect you**! -* If this is an upgrade and you are using the default PostgreSQL (`postgresql.enabled=true`), you need to pass previous 9.x/10.x's postgresql.image.tag and databaseUpgradeReady=true. - -## [3.1.0] - Aug 13, 2020 -* Updated Artifactory version to 7.7.3 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.7) - -## [3.0.15] - Aug 10, 2020 -* Added enableSignedUrlRedirect for persistent storage type aws-s3-v3. - -## [3.0.14] - Jul 31, 2020 -* Update the README section on Nginx SSL termination to reflect the actual YAML structure. - -## [3.0.13] - Jul 30, 2020 -* Added condition to disable the migration scripts. - -## [3.0.12] - Jul 29, 2020 -* Document Artifactory node affinity. - -## [3.0.11] - Jul 28, 2020 -* Added maxConnections for persistent storage type aws-s3-v3. - -## [3.0.10] - Jul 28, 2020 -Bugfix / support for userPluginSecrets with Artifactory 7 - -## [3.0.9] - Jul 27, 2020 -* Add tpl to external database secrets. -* Modified `scheme` to `artifactory-ha.scheme` - -## [3.0.8] - Jul 23, 2020 -* Added condition to disable the migration init container. - -## [3.0.7] - Jul 21, 2020 -* Updated Artifactory-ha Chart to add node and primary labels to pods and service objects. - -## [3.0.6] - Jul 20, 2020 -* Support custom CA and certificates - -## [3.0.5] - Jul 13, 2020 -* Updated Artifactory version to 7.6.3 - https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.6.3 -* Fixed Mysql database jar path in `preStartCommand` in README - -## [3.0.4] - Jul 8, 2020 -* Move some postgresql values to where they should be according to the subchart - -## [3.0.3] - Jul 8, 2020 -* Set Artifactory access client connections to the same value as the access threads. - -## [3.0.2] - Jul 6, 2020 -* Updated Artifactory version to 7.6.2 -* **IMPORTANT** -* Added ChartCenter Helm repository in README - -## [3.0.1] - Jul 01, 2020 -* Add dedicated ingress object for Replicator service when enabled - -## [3.0.0] - Jun 30, 2020 -* Update postgresql tag version to `10.13.0-debian-10-r38` -* Update alpine tag version to `3.12` -* Update busybox tag version to `1.31.1` -* **IMPORTANT** -* If this is a new deployment or you already use an external database (`postgresql.enabled=false`), these changes **do not affect you**! -* If this is an upgrade and you are using the default PostgreSQL (`postgresql.enabled=true`), you need to pass postgresql.image.tag=9.6.18-debian-10-r7 and databaseUpgradeReady=true - -## [2.6.0] - Jun 29, 2020 -* Updated Artifactory version to 7.6.1 - https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.6.1 -* Add tpl for external database secrets - -## [2.5.8] - Jun 25, 2020 -* Stop loading the Nginx stream module because it is now a core module - -## [2.5.7] - Jun 18, 2020 -* Fixes bootstrap configMap issue on member node - -## [2.5.6] - Jun 11, 2020 -* Support list of custom secrets - -## [2.5.5] - Jun 11, 2020 -* NOTES.txt fixed incorrect information - -## [2.5.4] - Jun 12, 2020 -* Updated Artifactory version to 7.5.7 - https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.5.7 - -## [2.5.3] - Jun 8, 2020 -* Statically setting primary service type to ClusterIP. -* Prevents primary service from being exposed publicly when using LoadBalancer type on cloud providers. - -## [2.5.2] - Jun 8, 2020 -* Readme update - configuring Artifactory with oracledb - -## [2.5.1] - Jun 5, 2020 -* Fixes broken PDB issue upgrading from 6.x to 7.x - -## [2.5.0] - Jun 1, 2020 -* Updated Artifactory version to 7.5.5 - https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.5 -* Fixes bootstrap configMap permission issue -* Update postgresql tag version to `9.6.18-debian-10-r7` - -## [2.4.10] - May 27, 2020 -* Added Tomcat maxThreads & acceptCount - -## [2.4.9] - May 25, 2020 -* Fixed postgresql README `image` Parameters - -## [2.4.8] - May 24, 2020 -* Fixed typo in README regarding migration timeout - -## [2.4.7] - May 19, 2020 -* Added metadata maxOpenConnections - -## [2.4.6] - May 07, 2020 -* Fix `installerInfo` string format - -## [2.4.5] - Apr 27, 2020 -* Updated Artifactory version to 7.4.3 - -## [2.4.4] - Apr 27, 2020 -* Change customInitContainers order to run before the "migration-ha-artifactory" initContainer - -## [2.4.3] - Apr 24, 2020 -* Fix `artifactory.persistence.awsS3V3.useInstanceCredentials` incorrect conditional logic -* Bump postgresql tag version to `9.6.17-debian-10-r72` in values.yaml - -## [2.4.2] - Apr 16, 2020 -* Custom volume mounts in migration init container. - -## [2.4.1] - Apr 16, 2020 -* Fix broken support for gcpServiceAccount for googleStorage - -## [2.4.0] - Apr 14, 2020 -* Updated Artifactory version to 7.4.1 - -## [2.3.1] - April 13, 2020 -* Update README with helm v3 commands - -## [2.3.0] - April 10, 2020 -* Use dependency charts from `https://charts.bitnami.com/bitnami` -* Bump postgresql chart version to `8.7.3` in requirements.yaml -* Bump postgresql tag version to `9.6.17-debian-10-r21` in values.yaml - -## [2.2.11] - Apr 8, 2020 -* Added recommended ingress annotation to avoid 413 errors - -## [2.2.10] - Apr 8, 2020 -* Moved migration scripts under `files` directory -* Support preStartCommand in migration Init container as `artifactory.migration.preStartCommand` - -## [2.2.9] - Apr 01, 2020 -* Support masterKey and joinKey as secrets - -## [2.2.8] - Apr 01, 2020 -* Ensure that the join key is also copied when provided by an external secret -* Migration container in primary and node statefulset now respects custom versions and the specified node/primary resources - -## [2.2.7] - Apr 01, 2020 -* Added cache-layer in chain definition of Google Cloud Storage template -* Fix readme use to `-hex 32` instead of `-hex 16` - -## [2.2.6] - Mar 31, 2020 -* Change the way the artifactory `command:` is set so it will properly pass a SIGTERM to java - -## [2.2.5] - Mar 31, 2020 -* Removed duplicate `artifactory-license` volume from primary node - -## [2.2.4] - Mar 31, 2020 -* Restore `artifactory-license` volume for the primary node - -## [2.2.3] - Mar 29, 2020 -* Add Nginx log options: stderr as logfile and log level - -## [2.2.2] - Mar 30, 2020 -* Apply initContainers.resources to `copy-system-yaml`, `prepare-custom-persistent-volume`, and `migration-artifactory-ha` containers -* Use the same defaulting mechanism used for the artifactory version used elsewhere in the chart -* Removed duplicate `artifactory-license` volume that prevented using an external secret - -## [2.2.1] - Mar 29, 2020 -* Fix loggers sidecars configurations to support new file system layout and new log names - -## [2.2.0] - Mar 29, 2020 -* Fix broken admin user bootstrap configuration -* **Breaking change:** renamed `artifactory.accessAdmin` to `artifactory.admin` - -## [2.1.3] - Mar 24, 2020 -* Use `postgresqlExtendedConf` for setting custom PostgreSQL configuration (instead of `postgresqlConfiguration`) - -## [2.1.2] - Mar 21, 2020 -* Support for SSL offload in Nginx service(LoadBalancer) layer. Introduced `nginx.service.ssloffload` field with boolean type. - -## [2.1.1] - Mar 23, 2020 -* Moved installer info to values.yaml so it is fully customizable - -## [2.1.0] - Mar 23, 2020 -* Updated Artifactory version to 7.3.2 - -## [2.0.36] - Mar 20, 2020 -* Add support GCP credentials.json authentication - -## [2.0.35] - Mar 20, 2020 -* Add support for masterKey trim during 6.x to 7.x migration if 6.x masterKey is 32 hex (64 characters) - -## [2.0.34] - Mar 19, 2020 -* Add support for NFS directories `haBackupDir` and `haDataDir` - -## [2.0.33] - Mar 18, 2020 -* Increased Nginx proxy_buffers size - -## [2.0.32] - Mar 17, 2020 -* Changed all single quotes to double quotes in values files -* useInstanceCredentials variable was declared in S3 settings but not used in chart. Now it is being used. - -## [2.0.31] - Mar 17, 2020 -* Fix rendering of Service Account annotations - -## [2.0.30] - Mar 16, 2020 -* Add Unsupported message from 6.18 to 7.2.x (migration) - -## [2.0.29] - Mar 11, 2020 -* Upgrade Docs update - -## [2.0.28] - Mar 11, 2020 -* Unified charts public release - -## [2.0.27] - Mar 8, 2020 -* Add an optional wait for primary node to be ready with a proper test for http status - -## [2.0.23] - Mar 6, 2020 -* Fix path to `/artifactory_bootstrap` -* Add support for controlling the name of the ingress and allow to set more than one cname - -## [2.0.22] - Mar 4, 2020 -* Add support for disabling `consoleLog` in `system.yaml` file - -## [2.0.21] - Feb 28, 2020 -* Add support to process `valueFrom` for extraEnvironmentVariables - -## [2.0.20] - Feb 26, 2020 -* Store join key to secret - -## [2.0.19] - Feb 26, 2020 -* Updated Artifactory version to 7.2.1 - -## [2.0.12] - Feb 07, 2020 -* Remove protection flag `databaseUpgradeReady` which was added to check internal postgres upgrade - -## [2.0.0] - Feb 07, 2020 -* Updated Artifactory version to 7.0.0 - -## [1.4.10] - Feb 13, 2020 -* Add support for SSH authentication to Artifactory - -## [1.4.9] - Feb 10, 2020 -* Fix custom DB password indention - -## [1.4.8] - Feb 9, 2020 -* Add support for `tpl` in the `postStartCommand` - -## [1.4.7] - Feb 4, 2020 -* Support customisable Nginx kind - -## [1.4.6] - Feb 2, 2020 -* Add a comment stating that it is recommended to use an external PostgreSQL with a static password for production installations - -## [1.4.5] - Feb 2, 2020 -* Add support for primary or member node specific preStartCommand - -## [1.4.4] - Jan 30, 2020 -* Add the option to configure resources for the logger containers - -## [1.4.3] - Jan 26, 2020 -* Improve `database.user` and `database.password` logic in order to support more use cases and make the configuration less repetitive - -## [1.4.2] - Jan 22, 2020 -* Refined pod disruption budgets to separate nginx and Artifactory pods - -## [1.4.1] - Jan 19, 2020 -* Fix replicator port config in nginx replicator configmap - -## [1.4.0] - Jan 19, 2020 -* Updated Artifactory version to 6.17.0 - -## [1.3.8] - Jan 16, 2020 -* Added example for external nginx-ingress - -## [1.3.7] - Jan 07, 2020 -* Add support for customizable `mountOptions` of NFS PVs - -## [1.3.6] - Dec 30, 2019 -* Fix for nginx probes failing when launched with http disabled - -## [1.3.5] - Dec 24, 2019 -* Better support for custom `artifactory.internalPort` - -## [1.3.4] - Dec 23, 2019 -* Mark empty map values with `{}` - -## [1.3.3] - Dec 16, 2019 -* Another fix for toggling nginx service ports - -## [1.3.2] - Dec 12, 2019 -* Fix for toggling nginx service ports - -## [1.3.1] - Dec 10, 2019 -* Add support for toggling nginx service ports - -## [1.3.0] - Dec 1, 2019 -* Updated Artifactory version to 6.16.0 - -## [1.2.4] - Nov 28, 2019 -* Add support for using existing PriorityClass - -## [1.2.3] - Nov 27, 2019 -* Add support for PriorityClass - -## [1.2.2] - Nov 20, 2019 -* Update Artifactory logo - -## [1.2.1] - Nov 18, 2019 -* Add the option to provide service account annotations (in order to support stuff like https://docs.aws.amazon.com/eks/latest/userguide/specify-service-account-role.html) - -## [1.2.0] - Nov 18, 2019 -* Updated Artifactory version to 6.15.0 - -## [1.1.12] - Nov 17, 2019 -* Fix `README.md` format (broken table) - -## [1.1.11] - Nov 17, 2019 -* Update comment on Artifactory master key - -## [1.1.10] - Nov 17, 2019 -* Fix creation of double slash in nginx artifactory configuration - -## [1.1.9] - Nov 14, 2019 -* Set explicit `postgresql.postgresqlPassword=""` to avoid helm v3 error - -## [1.1.8] - Nov 12, 2019 -* Updated Artifactory version to 6.14.1 - -## [1.1.7] - Nov 11, 2019 -* Additional documentation for masterKey - -## [1.1.6] - Nov 10, 2019 -* Update PostgreSQL chart version to 7.0.1 -* Use formal PostgreSQL configuration format - -## [1.1.5] - Nov 8, 2019 -* Add support `artifactory.service.loadBalancerSourceRanges` for whitelisting when setting `artifactory.service.type=LoadBalancer` - -## [1.1.4] - Nov 6, 2019 -* Add support for any type of environment variable by using `extraEnvironmentVariables` as-is - -## [1.1.3] - Nov 6, 2019 -* Add nodeselector support for Postgresql - -## [1.1.2] - Nov 5, 2019 -* Add support for the aws-s3-v3 filestore, which adds support for pod IAM roles - -## [1.1.1] - Nov 4, 2019 -* When using `copyOnEveryStartup`, make sure that the target base directories are created before copying the files - -## [1.1.0] - Nov 3, 2019 -* Updated Artifactory version to 6.14.0 - -## [1.0.1] - Nov 3, 2019 -* Make sure the artifactory pod exits when one of the pre-start stages fail - -## [1.0.0] - Oct 27, 2019 -**IMPORTANT - BREAKING CHANGES!**
-**DOWNTIME MIGHT BE REQUIRED FOR AN UPGRADE!** -* If this is a new deployment or you already use an external database (`postgresql.enabled=false`), these changes **do not affect you**! -* If this is an upgrade and you are using the default PostgreSQL (`postgresql.enabled=true`), must use the upgrade instructions in [UPGRADE_NOTES.md](UPGRADE_NOTES.md)! -* PostgreSQL sub chart was upgraded to version `6.5.x`. This version is **not backward compatible** with the old version (`0.9.5`)! -* Note the following **PostgreSQL** Helm chart changes - * The chart configuration has changed! See [values.yaml](values.yaml) for the new keys used - * **PostgreSQL** is deployed as a StatefulSet - * See [PostgreSQL helm chart](https://hub.helm.sh/charts/stable/postgresql) for all available configurations - -## [0.17.3] - Oct 24, 2019 -* Change the preStartCommand to support templating - -## [0.17.2] - Oct 21, 2019 -* Add support for setting `artifactory.primary.labels` -* Add support for setting `artifactory.node.labels` -* Add support for setting `nginx.labels` - -## [0.17.1] - Oct 10, 2019 -* Updated Artifactory version to 6.13.1 - -## [0.17.0] - Oct 7, 2019 -* Updated Artifactory version to 6.13.0 - -## [0.16.7] - Sep 24, 2019 -* Option to skip wait-for-db init container with '--set waitForDatabase=false' - -## [0.16.6] - Sep 24, 2019 -* Add support for setting `nginx.service.labels` - -## [0.16.5] - Sep 23, 2019 -* Add support for setting `artifactory.customInitContainersBegin` - -## [0.16.4] - Sep 20, 2019 -* Add support for setting `initContainers.resources` - -## [0.16.3] - Sep 11, 2019 -* Updated Artifactory version to 6.12.2 - -## [0.16.2] - Sep 9, 2019 -* Updated Artifactory version to 6.12.1 - -## [0.16.1] - Aug 22, 2019 -* Fix the nginx server_name directive used with ingress.hosts - -## [0.16.0] - Aug 21, 2019 -* Updated Artifactory version to 6.12.0 - -## [0.15.15] - Aug 18, 2019 -* Fix existingSharedClaim permissions issue and example - -## [0.15.14] - Aug 14, 2019 -* Updated Artifactory version to 6.11.6 - -## [0.15.13] - Aug 11, 2019 -* Fix Ingress routing and add an example - -## [0.15.12] - Aug 6, 2019 -* Do not mount `access/etc/bootstrap.creds` unless user specifies a custom password or secret (Access already generates a random password if not provided one) -* If custom `bootstrap.creds` is provided (using keys or custom secret), prepare it with an init container so the temp file does not persist - -## [0.15.11] - Aug 5, 2019 -* Improve binarystore config - 1. Convert to a secret - 2. Move config to values.yaml - 3. Support an external secret - -## [0.15.10] - Aug 5, 2019 -* Don't create the nginx configmaps when nginx.enabled is false - -## [0.15.9] - Aug 1, 2019 -* Fix masterkey/masterKeySecretName not specified warning render logic in NOTES.txt - -## [0.15.8] - Jul 28, 2019 -* Simplify nginx setup and shorten initial wait for probes - -## [0.15.7] - Jul 25, 2019 -* Updated README about how to apply Artifactory licenses - -## [0.15.6] - Jul 22, 2019 -* Change Ingress API to be compatible with recent kubernetes versions - -## [0.15.5] - Jul 22, 2019 -* Updated Artifactory version to 6.11.3 - -## [0.15.4] - Jul 11, 2019 -* Add `artifactory.customVolumeMounts` support to member node statefulset template - -## [0.15.3] - Jul 11, 2019 -* Add ingress.hosts to the Nginx server_name directive when ingress is enabled to help with Docker repository sub domain configuration - -## [0.15.2] - Jul 3, 2019 -* Add the option for changing nginx config using values.yaml and remove outdated reverse proxy documentation - -## [0.15.1] - Jul 1, 2019 -* Updated Artifactory version to 6.11.1 - -## [0.15.0] - Jun 27, 2019 -* Updated Artifactory version to 6.11.0 and Restart Primary node when bootstrap.creds file has been modified in artifactory-ha - -## [0.14.4] - Jun 24, 2019 -* Add the option to provide an IP for the access-admin endpoints - -## [0.14.3] - Jun 24, 2019 -* Update chart maintainers - -## [0.14.2] - Jun 24, 2019 -* Change Nginx to point to the artifactory externalPort - -## [0.14.1] - Jun 23, 2019 -* Add values files for small, medium and large installations - -## [0.14.0] - Jun 20, 2019 -* Use ConfigMaps for nginx configuration and remove nginx postStart command - -## [0.13.10] - Jun 19, 2019 -* Updated Artifactory version to 6.10.4 - -## [0.13.9] - Jun 18, 2019 -* Add the option to provide additional ingress rules - -## [0.13.8] - Jun 14, 2019 -* Updated readme with improved external database setup example - -## [0.13.7] - Jun 6, 2019 -* Updated Artifactory version to 6.10.3 -* Updated installer-info template - -## [0.13.6] - Jun 6, 2019 -* Updated Google Cloud Storage API URL and https settings - -## [0.13.5] - Jun 5, 2019 -* Delete the db.properties file on Artifactory startup - -## [0.13.4] - Jun 3, 2019 -* Updated Artifactory version to 6.10.2 - -## [0.13.3] - May 21, 2019 -* Updated Artifactory version to 6.10.1 - -## [0.13.2] - May 19, 2019 -* Fix missing logger image tag - -## [0.13.1] - May 15, 2019 -* Support `artifactory.persistence.cacheProviderDir` for on-premise cluster - -## [0.13.0] - May 7, 2019 -* Updated Artifactory version to 6.10.0 - -## [0.12.23] - May 5, 2019 -* Add support for setting `artifactory.async.corePoolSize` - -## [0.12.22] - May 2, 2019 -* Remove unused property `artifactory.releasebundle.feature.enabled` - -## [0.12.21] - Apr 30, 2019 -* Add support for JMX monitoring - -## [0.12.20] - Apr29, 2019 -* Added support for headless services - -## [0.12.19] - Apr 28, 2019 -* Added support for `cacheProviderDir` - -## [0.12.18] - Apr 18, 2019 -* Changing API StatefulSet version to `v1` and permission fix for custom `artifactory.conf` for Nginx - -## [0.12.17] - Apr 16, 2019 -* Updated documentation for Reverse Proxy Configuration - -## [0.12.16] - Apr 12, 2019 -* Added support for `customVolumeMounts` - -## [0.12.15] - Aprl 12, 2019 -* Added support for `bucketExists` flag for googleStorage - -## [0.12.14] - Apr 11, 2019 -* Replace `curl` examples with `wget` due to the new base image - -## [0.12.13] - Aprl 07, 2019 -* Add support for providing the Artifactory license as a parameter - -## [0.12.12] - Apr 10, 2019 -* Updated Artifactory version to 6.9.1 - -## [0.12.11] - Aprl 04, 2019 -* Add support for templated extraEnvironmentVariables - -## [0.12.10] - Aprl 07, 2019 -* Change network policy API group - -## [0.12.9] - Aprl 04, 2019 -* Apply the existing PVC for members (in addition to primary) - -## [0.12.8] - Aprl 03, 2019 -* Bugfix for userPluginSecrets - -## [0.12.7] - Apr 4, 2019 -* Add information about upgrading Artifactory with auto-generated postgres password - -## [0.12.6] - Aprl 03, 2019 -* Added installer info - -## [0.12.5] - Aprl 03, 2019 -* Allow secret names for user plugins to contain template language - -## [0.12.4] - Apr 02, 2019 -* Fix issue #253 (use existing PVC for data and backup storage) - -## [0.12.3] - Apr 02, 2019 -* Allow NetworkPolicy configurations (defaults to allow all) - -## [0.12.2] - Aprl 01, 2019 -* Add support for user plugin secret - -## [0.12.1] - Mar 26, 2019 -* Add the option to copy a list of files to ARTIFACTORY_HOME on startup - -## [0.12.0] - Mar 26, 2019 -* Updated Artifactory version to 6.9.0 - -## [0.11.18] - Mar 25, 2019 -* Add CI tests for persistence, ingress support and nginx - -## [0.11.17] - Mar 22, 2019 -* Add the option to change the default access-admin password - -## [0.11.16] - Mar 22, 2019 -* Added support for `.Probe.path` to customise the paths used for health probes - -## [0.11.15] - Mar 21, 2019 -* Added support for `artifactory.customSidecarContainers` to create custom sidecar containers -* Added support for `artifactory.customVolumes` to create custom volumes - -## [0.11.14] - Mar 21, 2019 -* Make ingress path configurable - -## [0.11.13] - Mar 19, 2019 -* Move the copy of bootstrap config from postStart to preStart for Primary - -## [0.11.12] - Mar 19, 2019 -* Fix existingClaim example - -## [0.11.11] - Mar 18, 2019 -* Disable the option to use nginx PVC with more than one replica - -## [0.11.10] - Mar 15, 2019 -* Wait for nginx configuration file before using it - -## [0.11.9] - Mar 15, 2019 -* Revert securityContext changes since they were causing issues - -## [0.11.8] - Mar 15, 2019 -* Fix issue #247 (init container failing to run) - -## [0.11.7] - Mar 14, 2019 -* Updated Artifactory version to 6.8.7 - -## [0.11.6] - Mar 13, 2019 -* Move securityContext to container level - -## [0.11.5] - Mar 11, 2019 -* Add the option to use existing volume claims for Artifactory storage - -## [0.11.4] - Mar 11, 2019 -* Updated Artifactory version to 6.8.6 - -## [0.11.3] - Mar 5, 2019 -* Updated Artifactory version to 6.8.4 - -## [0.11.2] - Mar 4, 2019 -* Add support for catalina logs sidecars - -## [0.11.1] - Feb 27, 2019 -* Updated Artifactory version to 6.8.3 - -## [0.11.0] - Feb 25, 2019 -* Add nginx support for tail sidecars - -## [0.10.3] - Feb 21, 2019 -* Add s3AwsVersion option to awsS3 configuration for use with IAM roles - -## [0.10.2] - Feb 19, 2019 -* Updated Artifactory version to 6.8.2 - -## [0.10.1] - Feb 17, 2019 -* Updated Artifactory version to 6.8.1 -* Add example of `SERVER_XML_EXTRA_CONNECTOR` usage - -## [0.10.0] - Feb 15, 2019 -* Updated Artifactory version to 6.8.0 - -## [0.9.7] - Feb 13, 2019 -* Updated Artifactory version to 6.7.3 - -## [0.9.6] - Feb 7, 2019 -* Add support for tail sidecars to view logs from k8s api - -## [0.9.5] - Feb 6, 2019 -* Fix support for customizing statefulset `terminationGracePeriodSeconds` - -## [0.9.4] - Feb 5, 2019 -* Add support for customizing statefulset `terminationGracePeriodSeconds` - -## [0.9.3] - Feb 5, 2019 -* Remove the inactive server remove plugin - -## [0.9.2] - Feb 3, 2019 -* Updated Artifactory version to 6.7.2 - -## [0.9.1] - Jan 27, 2019 -* Fix support for Azure Blob Storage Binary provider - -## [0.9.0] - Jan 23, 2019 -* Updated Artifactory version to 6.7.0 - -## [0.8.10] - Jan 22, 2019 -* Added support for `artifactory.customInitContainers` to create custom init containers - -## [0.8.9] - Jan 18, 2019 -* Added support of values ingress.labels - -## [0.8.8] - Jan 16, 2019 -* Mount replicator.yaml (config) directly to /replicator_extra_conf - -## [0.8.7] - Jan 15, 2018 -* Add support for Azure Blob Storage Binary provider - -## [0.8.6] - Jan 13, 2019 -* Fix documentation about nginx group id - -## [0.8.5] - Jan 13, 2019 -* Updated Artifactory version to 6.6.5 - -## [0.8.4] - Jan 8, 2019 -* Make artifactory.replicator.publicUrl required when the replicator is enabled - -## [0.8.3] - Jan 1, 2019 -* Updated Artifactory version to 6.6.3 -* Add support for `artifactory.extraEnvironmentVariables` to pass more environment variables to Artifactory - -## [0.8.2] - Dec 28, 2018 -* Fix location `replicator.yaml` is copied to - -## [0.8.1] - Dec 27, 2018 -* Updated Artifactory version to 6.6.1 - -## [0.8.0] - Dec 20, 2018 -* Updated Artifactory version to 6.6.0 - -## [0.7.17] - Dec 17, 2018 -* Updated Artifactory version to 6.5.13 - -## [0.7.16] - Dec 12, 2018 -* Fix documentation about Artifactory license setup using secret - -## [0.7.15] - Dec 9, 2018 -* AWS S3 add `roleName` for using IAM role - -## [0.7.14] - Dec 6, 2018 -* AWS S3 `identity` and `credential` are now added only if have a value to allow using IAM role - -## [0.7.13] - Dec 5, 2018 -* Remove Distribution certificates creation. - -## [0.7.12] - Dec 2, 2018 -* Remove Java option "-Dartifactory.locking.provider.type=db". This is already the default setting. - -## [0.7.11] - Nov 30, 2018 -* Updated Artifactory version to 6.5.9 - -## [0.7.10] - Nov 29, 2018 -* Fixed the volumeMount for the replicator.yaml - -## [0.7.9] - Nov 29, 2018 -* Optionally include primary node into poddisruptionbudget - -## [0.7.8] - Nov 29, 2018 -* Updated postgresql version to 9.6.11 - -## [0.7.7] - Nov 27, 2018 -* Updated Artifactory version to 6.5.8 - -## [0.7.6] - Nov 18, 2018 -* Added support for configMap to use custom Reverse Proxy Configuration with Nginx - -## [0.7.5] - Nov 14, 2018 -* Updated Artifactory version to 6.5.3 - -## [0.7.4] - Nov 13, 2018 -* Allow pod anti-affinity settings to include primary node - -## [0.7.3] - Nov 12, 2018 -* Support artifactory.preStartCommand for running command before entrypoint starts - -## [0.7.2] - Nov 7, 2018 -* Support database.url parameter (DB_URL) - -## [0.7.1] - Oct 29, 2018 -* Change probes port to 8040 (so they will not be blocked when all tomcat threads on 8081 are exhausted) - -## [0.7.0] - Oct 28, 2018 -* Update postgresql chart to version 0.9.5 to be able and use `postgresConfig` options - -## [0.6.9] - Oct 23, 2018 -* Fix providing external secret for database credentials - -## [0.6.8] - Oct 22, 2018 -* Allow user to configure externalTrafficPolicy for Loadbalancer - -## [0.6.7] - Oct 22, 2018 -* Updated ingress annotation support (with examples) to support docker registry v2 - -## [0.6.6] - Oct 21, 2018 -* Updated Artifactory version to 6.5.2 - -## [0.6.5] - Oct 19, 2018 -* Allow providing pre-existing secret containing master key -* Allow arbitrary annotations on primary and member node pods -* Enforce size limits when using local storage with `emptyDir` -* Allow `soft` or `hard` specification of member node anti-affinity -* Allow providing pre-existing secrets containing external database credentials -* Fix `s3` binary store provider to properly use the `cache-fs` provider -* Allow arbitrary properties when using the `s3` binary store provider - -## [0.6.4] - Oct 18, 2018 -* Updated Artifactory version to 6.5.1 - -## [0.6.3] - Oct 17, 2018 -* Add Apache 2.0 license - -## [0.6.2] - Oct 14, 2018 -* Make S3 endpoint configurable (was hardcoded with `s3.amazonaws.com`) - -## [0.6.1] - Oct 11, 2018 -* Allows ingress default `backend` to be enabled or disabled (defaults to enabled) - -## [0.6.0] - Oct 11, 2018 -* Updated Artifactory version to 6.5.0 - -## [0.5.3] - Oct 9, 2018 -* Quote ingress hosts to support wildcard names - -## [0.5.2] - Oct 2, 2018 -* Add `helm repo add jfrog https://charts.jfrog.io` to README - -## [0.5.1] - Oct 2, 2018 -* Set Artifactory to 6.4.1 - -## [0.5.0] - Sep 27, 2018 -* Set Artifactory to 6.4.0 - -## [0.4.7] - Sep 26, 2018 -* Add ci/test-values.yaml - -## [0.4.6] - Sep 25, 2018 -* Add PodDisruptionBudget for member nodes, defaulting to minAvailable of 1 - -## [0.4.4] - Sep 2, 2018 -* Updated Artifactory version to 6.3.2 - -## [0.4.0] - Aug 22, 2018 -* Added support to run as non root -* Updated Artifactory version to 6.2.0 - -## [0.3.0] - Aug 22, 2018 -* Enabled RBAC Support -* Added support for PostStartCommand (To download Database JDBC connector) -* Increased postgresql max_connections -* Added support for `nginx.conf` ConfigMap -* Updated Artifactory version to 6.1.0 diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/Chart.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/Chart.yaml deleted file mode 100755 index c263ba2f5..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/Chart.yaml +++ /dev/null @@ -1,19 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: artifactory-ha -apiVersion: v1 -appVersion: 7.17.5 -description: Universal Repository Manager supporting all major packaging formats, build tools and CI servers. -home: https://www.jfrog.com/artifactory/ -icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory-ha/logo/artifactory-logo.png -keywords: -- artifactory -- jfrog -- devops -maintainers: -- email: installers@jfrog.com - name: Chart Maintainers at JFrog -name: artifactory-ha -sources: -- https://github.com/jfrog/charts -version: 4.13.000 diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/LICENSE b/charts/artifactory-ha/artifactory-ha/4.13.000/LICENSE deleted file mode 100755 index 8dada3eda..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/LICENSE +++ /dev/null @@ -1,201 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "{}" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright {yyyy} {name of copyright owner} - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/README.md b/charts/artifactory-ha/artifactory-ha/4.13.000/README.md deleted file mode 100755 index 4cbe9ff29..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/README.md +++ /dev/null @@ -1,1267 +0,0 @@ -# JFrog Artifactory High Availability Helm Chart - -**Heads up: Our Helm Chart docs are moving to our main documentation site. For Artifactory installers, see [Installing Artifactory](https://www.jfrog.com/confluence/display/JFROG/Installing+Artifactory).** - -## Prerequisites Details - -* Kubernetes 1.12+ -* Artifactory HA license - -## Chart Details -This chart will do the following: - -* Deploy Artifactory highly available cluster. 1 primary node and 2 member nodes. -* Deploy a PostgreSQL database **NOTE:** For production grade installations it is recommended to use an external PostgreSQL -* Deploy an Nginx server - -## Artifactory HA architecture -The Artifactory HA cluster in this chart is made up of -- A single primary node -- Two member nodes, which can be resized at will - -Load balancing is done to the member nodes only. -This leaves the primary node free to handle jobs and tasks and not be interrupted by inbound traffic. -This can be controlled by the parameter `artifactory.service.pool`. -**NOTE:** - Using artifactory pro license (which supports single node only), set `artifactory.node.replicaCount=0` in values.yaml. - To scale from single node to multiple nodes(>1), use Enterprise(+) license and then do an helm upgrade (Each node need a seperate license). - -## Installing the Chart - -### Add JFrog Helm repository - -Before installing JFrog helm charts, you need to add the [JFrog helm repository](https://charts.jfrog.io) to your helm client - -```bash -helm repo add jfrog https://charts.jfrog.io -helm repo update -``` - -**NOTE:** Passing masterKey is mandatory for fresh install of chart (7.x Appversion) - -### Create a unique Master Key -Artifactory HA cluster requires a unique master key. - -**For production grade installations it is strongly recommended to use a custom master key. If you initially use the default master key it will be very hard to change the master key at a later stage** - -You should generate a unique one and pass it to the template at install/upgrade time. -```bash -# Create a key -export MASTER_KEY=$(openssl rand -hex 32) -echo ${MASTER_KEY} -``` - -### Install Chart -To install the chart with the release name `artifactory-ha`: - -```bash -helm upgrade --install artifactory-ha --set artifactory.masterKey=${MASTER_KEY} --namespace artifactory-ha jfrog/artifactory-ha -``` - -### System Configuration -Artifactory uses a common system configuration file - `system.yaml`. See [official documentation](https://www.jfrog.com/confluence/display/JFROG/System+YAML+Configuration+File) on its usage. -In order to override the default `system.yaml` configuration, do the following: -```bash -artifactory: - systemYaml: | - -``` - -### Deploying Artifactory for small/medium/large installations -In the chart directory, we have added three values files, one for each installation type - small/medium/large. These values files are recommendations for setting resources requests and limits for your installation. The values are derived from the following [documentation](https://www.jfrog.com/confluence/display/EP/Installing+on+Kubernetes#InstallingonKubernetes-Systemrequirements). You can find them in the corresponding chart directory - values-small.yaml, values-medium.yaml and values-large.yaml - -### Accessing Artifactory -**NOTE:** It might take a few minutes for Artifactory's public IP to become available, and the nodes to complete initial setup. -Follow the instructions outputted by the install command to get the Artifactory IP and URL to access it. - -### Updating Artifactory -Once you have a new chart version, you can update your deployment with -```bash -helm upgrade artifactory-ha --namespace artifactory-ha jfrog/artifactory-ha -``` - -If artifactory was installed without providing a value to postgresql.postgresqlPassword (a password was autogenerated), follow these instructions: -1. Get the current password by running: -```bash -POSTGRES_PASSWORD=$(kubectl get secret -n -postgresql -o jsonpath="{.data.postgresql-password}" | base64 --decode) -``` -2. Upgrade the release by passing the previously auto-generated secret: -```bash -helm upgrade --namespace artifactory-ha jfrog/artifactory-ha --set postgresql.postgresqlPassword=${POSTGRES_PASSWORD} -``` - -This will apply any configuration changes on your existing deployment. - -### Special Upgrade Notes -#### Artifactory upgrade from 6.x to 7.x (App Version) -Arifactory 6.x to 7.x upgrade requires a one time migration process. This is done automatically on pod startup if needed. -It's possible to configure the migration timeout with the following configuration in extreme cases. The provided default should be more than enough for completion of the migration. -```yaml -artifactory: - # Migration support from 6.x to 7.x - migration: - enabled: true - timeoutSeconds: 3600 -``` -* Note: If you are upgrading from 1.x to 4.x and above chart versions, please delete the existing statefulset of postgresql before upgrading the chart due to breaking changes in postgresql subchart. -```bash -kubectl delete statefulsets -postgresql -``` - -### Artifactory memory and CPU resources -The Artifactory HA Helm chart comes with support for configured resource requests and limits to all pods. By default, these settings are commented out. -It is **highly** recommended to set these so you have full control of the allocated resources and limits. - -See more information on [setting resources for your Artifactory based on planned usage](https://www.jfrog.com/confluence/display/RTF/System+Requirements#SystemRequirements-RecommendedHardware). - -```bash -# Example of setting resource requests and limits to all pods (including passing java memory settings to Artifactory) -helm upgrade --install artifactory-ha \ - --set artifactory.primary.resources.requests.cpu="500m" \ - --set artifactory.primary.resources.limits.cpu="2" \ - --set artifactory.primary.resources.requests.memory="1Gi" \ - --set artifactory.primary.resources.limits.memory="4Gi" \ - --set artifactory.primary.javaOpts.xms="1g" \ - --set artifactory.primary.javaOpts.xmx="4g" \ - --set artifactory.node.resources.requests.cpu="500m" \ - --set artifactory.node.resources.limits.cpu="2" \ - --set artifactory.node.resources.requests.memory="1Gi" \ - --set artifactory.node.resources.limits.memory="4Gi" \ - --set artifactory.node.javaOpts.xms="1g" \ - --set artifactory.node.javaOpts.xmx="4g" \ - --set initContainers.resources.requests.cpu="10m" \ - --set initContainers.resources.limits.cpu="250m" \ - --set initContainers.resources.requests.memory="64Mi" \ - --set initContainers.resources.limits.memory="128Mi" \ - --set postgresql.resources.requests.cpu="200m" \ - --set postgresql.resources.limits.cpu="1" \ - --set postgresql.resources.requests.memory="500Mi" \ - --set postgresql.resources.limits.memory="1Gi" \ - --set nginx.resources.requests.cpu="100m" \ - --set nginx.resources.limits.cpu="250m" \ - --set nginx.resources.requests.memory="250Mi" \ - --set nginx.resources.limits.memory="500Mi" \ - --namespace artifactory-ha jfrog/artifactory-ha -``` -> Artifactory java memory parameters can (and should) also be set to match the allocated resources with `artifactory.[primary|node].javaOpts.xms` and `artifactory.[primary|node].javaOpts.xmx`. - -Get more details on configuring Artifactory in the [official documentation](https://www.jfrog.com/confluence/). - -Although it is possible to set resources limits and requests this way, it is recommended to use the pre-built values files -for small, medium and large installation and change them according to your needs (if necessary), as described [here](#Deploying-Artifactory-for-small/medium/large-installations) - -### Deploying Artifactory for small/medium/large installations -In the chart directory, we have added three values files, one for each installation type - small/medium/large. These values files are recommendations for setting resources requests and limits for your installation. The values are derived from the following [documentation](https://www.jfrog.com/confluence/display/EP/Installing+on+Kubernetes#InstallingonKubernetes-Systemrequirements). You can find them in the corresponding chart directory - values-small.yaml, values-medium.yaml and values-large.yaml - -### Artifactory storage -Artifactory HA support a wide range of storage back ends. You can see more details on [Artifactory HA storage options](https://www.jfrog.com/confluence/display/RTF/HA+Installation+and+Setup#HAInstallationandSetup-SettingUpYourStorageConfiguration) - -In this chart, you set the type of storage you want with `artifactory.persistence.type` and pass the required configuration settings. -The default storage in this chart is the `file-system` replication, where the data is replicated to all nodes. - -> **IMPORTANT:** All storage configurations (except NFS) come with a default `artifactory.persistence.redundancy` parameter. -This is used to set how many replicas of a binary should be stored in the cluster's nodes. -Once this value is set on initial deployment, you can not update it using helm. -It is recommended to set this to a number greater than half of your cluster's size, and never scale your cluster down to a size smaller than this number. - -#### Existing volume claim - -###### Primary node -In order to use an existing volume claim for the Artifactory primary storage, you need to: -- Create a persistent volume claim by the name `volume--artifactory-ha-primary-0` e.g `volume-myrelease-artifactory-ha-primary-0` -- Pass a parameter to `helm install` and `helm upgrade` -```bash -... ---set artifactory.primary.persistence.existingClaim=true -``` - -###### Member nodes -In order to use an existing volume claim for the Artifactory member nodes storage, you need to: -- Create persistent volume claims according to the number of replicas defined at `artifactory.node.replicaCount` by the names `volume--artifactory-ha-member-`, e.g `volume-myrelease-artifactory-ha-member-0` and `volume-myrelease-artifactory-ha-primary-1`. -- Pass a parameter to `helm install` and `helm upgrade` -```bash -... ---set artifactory.node.persistence.existingClaim=true -``` - -#### Existing shared volume claim - -In order to use an existing claim (for data and backup) that is to be shared across all nodes, you need to: - -- Create PVCs with ReadWriteMany that match the naming conventions: -``` - {{ template "artifactory-ha.fullname" . }}-data-pvc- - {{ template "artifactory-ha.fullname" . }}-backup-pvc- -``` -An example that shows 2 existing claims to be used: -``` - myexample-artifactory-ha-data-pvc-0 - myexample-artifactory-ha-backup-pvc-0 - myexample-artifactory-ha-data-pvc-1 - myexample-artifactory-ha-backup-pvc-1 -``` -- Set the artifactory.persistence.fileSystem.existingSharedClaim.enabled in values.yaml to true: -``` --- set artifactory.persistence.fileSystem.existingSharedClaim.enabled=true --- set artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims=2 -``` - -#### NFS -To use an NFS server as your cluster's storage, you need to -- Setup an NFS server. Get its IP as `NFS_IP` -- Create a `data` and `backup` directories on the NFS exported directory with write permissions to all -- Pass NFS parameters to `helm install` and `helm upgrade` -```bash -... ---set artifactory.persistence.type=nfs \ ---set artifactory.persistence.nfs.ip=${NFS_IP} \ -... -``` - -#### Google Storage -To use a Google Storage bucket as the cluster's filestore. See [Google Storage Binary Provider](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore#ConfiguringtheFilestore-GoogleStorageBinaryProvider) -- Pass Google Storage parameters to `helm install` and `helm upgrade` -```bash -... ---set artifactory.persistence.type=google-storage \ ---set artifactory.persistence.googleStorage.identity=${GCP_ID} \ ---set artifactory.persistence.googleStorage.credential=${GCP_KEY} \ -... -``` -``` -In order to use a GCP service account, Artifactory needs a gcp.credentials.json file in the same directory asa binaraystore.xml file. -This can be generated by running: -```bash -gcloud iam service-accounts keys create --iam-account -``` -Which will produce the following, which can be saved to a file or copied into your `values.yaml`. -```bash -{ - "type": "service_account", - "project_id": "", - "private_key_id": "?????", - "private_key": "-----BEGIN PRIVATE KEY-----\n????????==\n-----END PRIVATE KEY-----\n", - "client_email": "???@j.iam.gserviceaccount.com", - "client_id": "???????", - "auth_uri": "https://accounts.google.com/o/oauth2/auth", - "token_uri": "https://oauth2.googleapis.com/token", - "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", - "client_x509_cert_url": "https://www.googleapis.com/robot/v1....." -} -``` - -One option is to create your own [Secret](https://kubernetes.io/docs/concepts/configuration/secret/) and pass it to your `helm install` in a custom `values.yaml` -```bash -# Create the Kubernetes secret from the file you created earlier. -# IMPORTANT: The file must be called "gcp.credentials.json" because this is used later as the secret key! -kubectl create secret generic artifactory-gcp-creds --from-file=./gcp.credentials.json -``` -Set this secret in your custom `values.yaml` -```bash -artifactory: - persistence: - googleStorage - gcpServiceAccount: - enabled: true - customSecretName: artifactory-gcp-creds -``` - -Another option is to put your generated config directly in your custom `values.yaml` and the a secret will be created from it -``` -artifactory: - persistence: - googleStorage - gcpServiceAccount: - enabled: true - config: | - { - "type": "service_account", - "project_id": "", - "private_key_id": "?????", - "private_key": "-----BEGIN PRIVATE KEY-----\n????????==\n-----END PRIVATE KEY-----\n", - "client_email": "???@j.iam.gserviceaccount.com", - "client_id": "???????", - "auth_uri": "https://accounts.google.com/o/oauth2/auth", - "token_uri": "https://oauth2.googleapis.com/token", - "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", - "client_x509_cert_url": "https://www.googleapis.com/robot/v1....." - } -``` - -#### AWS S3 -**NOTE** Keep in mind that when using the `aws-s3` persistence type, you will not be able to provide an IAM on the pod level. -In order to grant permissions to Artifactory using an IAM role, you will have to attach the IAM role to the machine(s) on which Artifactory is running. -This is due to the fact that the `aws-s3` template uses the `JetS3t` library to interact with AWS. If you want to grant an IAM role at the pod level, see the `AWS S3 Vs` section. - -To use an AWS S3 bucket as the cluster's filestore. See [S3 Binary Provider](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore#ConfiguringtheFilestore-S3BinaryProvider) -- Pass AWS S3 parameters to `helm install` and `helm upgrade` -```bash -... -# With explicit credentials: ---set artifactory.persistence.type=aws-s3 \ ---set artifactory.persistence.awsS3.endpoint=${AWS_S3_ENDPOINT} \ ---set artifactory.persistence.awsS3.region=${AWS_REGION} \ ---set artifactory.persistence.awsS3.identity=${AWS_ACCESS_KEY_ID} \ ---set artifactory.persistence.awsS3.credential=${AWS_SECRET_ACCESS_KEY} \ -... - -... -# With using existing IAM role ---set artifactory.persistence.type=aws-s3 \ ---set artifactory.persistence.awsS3.endpoint=${AWS_S3_ENDPOINT} \ ---set artifactory.persistence.awsS3.region=${AWS_REGION} \ ---set artifactory.persistence.awsS3.roleName=${AWS_ROLE_NAME} \ -... -``` -**NOTE:** Make sure S3 `endpoint` and `region` match. See [AWS documentation on endpoint](https://docs.aws.amazon.com/general/latest/gr/rande.html) - -#### AWS S3 V3 -To use an AWS S3 bucket as the cluster's filestore and access it with the official AWS SDK, See [S3 Official SDK Binary Provider](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore#ConfiguringtheFilestore-AmazonS3OfficialSDKTemplate). -This filestore template uses the official AWS SDK, unlike the `aws-s3` implementation that uses the `JetS3t` library. -Use this template if you want to attach an IAM role to the Artifactory pod directly (as opposed to attaching it to the machine/s that Artifactory will run on). - -**NOTE** This will have to be combined with a k8s mechanism for attaching IAM roles to pods, like [kube2iam](https://github.com/helm/charts/tree/master/stable/kube2iam) or anything similar. - -- Pass AWS S3 V3 parameters and the annotation pointing to the IAM role (when using an IAM role. this is kube2iam specific and may vary depending on the implementation) to `helm install` and `helm upgrade` - -```bash -# With explicit credentials: ---set artifactory.persistence.type=aws-s3-v3 \ ---set artifactory.persistence.awsS3V3.region=${AWS_REGION} \ ---set artifactory.persistence.awsS3V3.bucketName=${AWS_S3_BUCKET_NAME} \ ---set artifactory.persistence.awsS3V3.identity=${AWS_ACCESS_KEY_ID} \ ---set artifactory.persistence.awsS3V3.credential=${AWS_SECRET_ACCESS_KEY} \ -... -``` - -```bash -# With using existing IAM role ---set artifactory.persistence.type=aws-s3-v3 \ ---set artifactory.persistence.awsS3V3.region=${AWS_REGION} \ ---set artifactory.persistence.awsS3V3.bucketName=${AWS_S3_BUCKET_NAME} \ ---set artifactory.annotations.'iam\.amazonaws\.com/role'=${AWS_IAM_ROLE_ARN} -... -``` - -To enable [Direct Cloud Storage Download](https://www.jfrog.com/confluence/display/JFROG/Direct+Cloud+Storage+Download#DirectCloudStorageDownload-1.ConfiguretheArtifactoryFilestore) -```bash -... ---set artifactory.persistence.awsS3V3.enableSignedUrlRedirect=true \ -... -``` - -#### Microsoft Azure Blob Storage -To use Azure Blob Storage as the cluster's filestore. See [Azure Blob Storage Binary Provider](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore#ConfiguringtheFilestore-AzureBlobStorageClusterBinaryProvider) -- Pass Azure Blob Storage parameters to `helm install` and `helm upgrade` -```bash -... ---set artifactory.persistence.type=azure-blob \ ---set artifactory.persistence.azureBlob.accountName=${AZURE_ACCOUNT_NAME} \ ---set artifactory.persistence.azureBlob.accountKey=${AZURE_ACCOUNT_KEY} \ ---set artifactory.persistence.azureBlob.endpoint=${AZURE_ENDPOINT} \ ---set artifactory.persistence.azureBlob.containerName=${AZURE_CONTAINER_NAME} \ -... -``` - -#### Custom binarystore.xml -You have an option to provide a custom [binarystore.xml](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore).
-There are two options for this - -1. Editing directly in [values.yaml](values.yaml) -```yaml -artifactory: - persistence: - binarystoreXml: | - - - - - -``` - -2. Create your own [Secret](https://kubernetes.io/docs/concepts/configuration/secret/) and pass it to your `helm install` command -```yaml -# Prepare your custom Secret file (custom-binarystore.yaml) -kind: Secret -apiVersion: v1 -metadata: - name: custom-binarystore - labels: - app: artifactory - chart: artifactory -stringData: - binarystore.xml: |- - - - - -``` - -```bash -# Create a secret from the file -kubectl apply -n artifactory -f ./custom-binarystore.yaml - -# Pass it to your helm install command: -helm upgrade --install artifactory-ha --set artifactory.persistence.customBinarystoreXmlSecret=custom-binarystore --namespace artifactory-ha jfrog/artifactory-ha -``` - -### Create a unique Master Key - -Alternatively, you can create a secret containing the master key manually and pass it to the template at install/upgrade time. -```bash -# Create a key -export MASTER_KEY=$(openssl rand -hex 32) -echo ${MASTER_KEY} - -# Create a secret containing the key. The key in the secret must be named master-key -kubectl create secret generic my-secret --from-literal=master-key=${MASTER_KEY} - -# Pass the created secret to helm -helm upgrade --install artifactory-ha --set artifactory.masterKeySecretName=my-secret --namespace artifactory-ha jfrog/artifactory-ha -``` -**NOTE:** In either case, make sure to pass the same master key on all future calls to `helm install` and `helm upgrade`! In the first case, this means always passing `--set artifactory.masterKey=${MASTER_KEY}`. In the second, this means always passing `--set artifactory.masterKeySecretName=my-secret` and ensuring the contents of the secret remain unchanged. - -### Special Upgrade Notes -### MasterKey during 6.x to 7.x Migration (App version) - -**NOTE:** 6.x only supports masterKey with 16 hex (32 characters) and if you have set masterKey using `openssl rand -hex 32` (64 characters) in 6.x, only the first 32 characters are used and rest are ignored. Hence, during 6.x to 7.x migration, we trim first 32 characters and set masterkey, which implies 7.x still uses the trimmed masterkey of 6.x. Hence, `artifactory.masterKey` should not be passed during migration from 6.x to 7.x. - -### Create a unique Join Key -Artifactory requires a unique join key. By default the chart has one set in values.yaml (`artifactory.joinKey`). - -**This key is for demo purpose and should not be used in a production environment!** - -You should generate a unique key and pass it to the template at install/upgrade time. -```bash -# Create a key -export JOIN_KEY=$(openssl rand -hex 32) -echo ${JOIN_KEY} - -# Pass the created join key to helm -helm upgrade --install artifactory-ha --set artifactory.joinKey=${JOIN_KEY} --namespace artifactory-ha jfrog/artifactory-ha -``` - -Alternatively, you can create a secret containing the join key manually and pass it to the template at install/upgrade time. -```bash -# Create a key -export JOIN_KEY=$(openssl rand -hex 32) -echo ${JOIN_KEY} - -# Create a secret containing the key. The key in the secret must be named join-key -kubectl create secret generic my-secret --from-literal=join-key=${JOIN_KEY} - -# Pass the created secret to helm -helm upgrade --install artifactory-ha --set artifactory.joinKeySecretName=my-secret --namespace artifactory-ha jfrog/artifactory-ha -``` -**NOTE:** In either case, make sure to pass the same join key on all future calls to `helm install` and `helm upgrade`! This means always passing `--set artifactory.joinKey=${JOIN_KEY}`. In the second, this means always passing `--set artifactory.joinKeySecretName=my-secret` and ensuring the contents of the secret remain unchanged.. - -### Install Artifactory HA license -For activating Artifactory HA, you must install an appropriate license. There are three ways to manage the license. **Artifactory UI**, **REST API**, or a **Kubernetes Secret**. - -The easier and recommended way is the **Artifactory UI**. Using the **Kubernetes Secret** or **REST API** is for advanced users and is better suited for automation. - -**IMPORTANT:** You should use only one of the following methods. Switching between them while a cluster is running might disable your Artifactory HA cluster! - -##### Artifactory UI -Once primary cluster is running, open Artifactory UI and insert the license(s) in the UI. See [HA installation and setup](https://www.jfrog.com/confluence/display/RTF/HA+Installation+and+Setup) for more details. **Note that you should enter all licenses at once, with each license is separated by a newline.** If you add the licenses one at a time, you may get redirected to a node without a license and the UI won't load for that node. - -##### REST API -You can add licenses via REST API (https://www.jfrog.com/confluence/display/RTF/Artifactory+REST+API#ArtifactoryRESTAPI-InstallHAClusterLicenses). Note that the REST API expects "\n" for the newlines in the licenses. - -##### Kubernetes Secret -You can deploy the Artifactory license(s) as a [Kubernetes secret](https://kubernetes.io/docs/concepts/configuration/secret/). -Prepare a text file with the license(s) written in it. If writing multiple licenses (must be in the same file), it's important to put **two new lines between each license block**! -```bash -# Create the Kubernetes secret (assuming the local license file is 'art.lic') -kubectl create secret generic artifactory-cluster-license --from-file=./art.lic - -# Pass the license to helm -helm upgrade --install artifactory-ha --set artifactory.license.secret=artifactory-cluster-license,artifactory.license.dataKey=art.lic --namespace artifactory-ha jfrog/artifactory-ha -``` -**NOTE:** This method is relevant for initial deployment only! Once Artifactory is deployed, you should not keep passing these parameters as the license is already persisted into Artifactory's storage (they will be ignored). -Updating the license should be done via Artifactory UI or REST API. - -##### Create the secret as part of the helm release -values.yaml -```yaml -artifactory: - license: - licenseKey: |- - - - - - - - -``` - -```bash -helm upgrade --install artifactory-ha -f values.yaml --namespace artifactory-ha jfrog/artifactory-ha -``` -**NOTE:** This method is relevant for initial deployment only! Once Artifactory is deployed, you should not keep passing these parameters as the license is already persisted into Artifactory's storage (they will be ignored). -Updating the license should be done via Artifactory UI or REST API. -If you want to keep managing the artifactory license using the same method, you can use the copyOnEveryStartup example shown in the values.yaml file - - -### copyOnEveryStartup feature -Files stored in the `/artifactory-extra-conf` directory are only copied to the `ARTIFACTORY_HOME/etc` directory upon the first startup. -In some cases, you want your configuration files to be copied to the `ARTIFACTORY_HOME/etc` directory on every startup. -Two examples for that would be: - -1. the binarstore.xml file. If you use the default behaviour, your binarystore.xml configuration will only be copied on the first startup, -which means that changes you make over time to the `binaryStoreXml` configuration will not be applied. In order to make sure your changes are applied on every startup, do the following: -Create a values file with the following values: -```yaml -artifactory: - copyOnEveryStartup: - - source: /artifactory_bootstrap/binarystore.xml - target: etc/artifactory/ -``` - -Install the helm chart with the values file you created: -```bash -helm upgrade --install artifactory-ha --namespace artifactory-ha jfrog/artifactory-ha -f values.yaml -``` - -2. Any custom configuration file you have to configure artifactory, such as `logback.xml`: -Create a config map with your `logback.xml` configuration. - -Create a values file with the following values: -```yaml -artifactory: - ## Create a volume pointing to the config map with your configuration file - customVolumes: | - - name: logback-xml-configmap - configMap: - name: logback-xml-configmap - customVolumeMounts: | - - name: logback-xml-configmap - mountPath: /tmp/artifactory-logback/ - copyOnEveryStartup: - - source: /tmp/artifactory-logback/* - target: etc/ -``` - -Install the helm chart with the values file you created: -```bash -helm upgrade --install artifactory-ha --namespace artifactory-ha jfrog/artifactory-ha -f values.yaml -``` - -### Configure NetworkPolicy - -NetworkPolicy specifies what ingress and egress is allowed in this namespace. It is encouraged to be more specific whenever possible to increase security of the system. - -In the `networkpolicy` section of values.yaml you can specify a list of NetworkPolicy objects. - -For podSelector, ingress and egress, if nothing is provided then a default `- {}` is applied which is to allow everything. - -A full (but very wide open) example that results in 2 NetworkPolicy objects being created: -```yaml -networkpolicy: - # Allows all ingress and egress to/from artifactory primary and member pods. - - name: artifactory - podSelector: - matchLabels: - app: artifactory-ha - egress: - - {} - ingress: - - {} - # Allows connectivity from artifactory-ha pods to postgresql pods, but no traffic leaving postgresql pod. - - name: postgresql - podSelector: - matchLabels: - app: postgresql - ingress: - - from: - - podSelector: - matchLabels: - app: artifactory-ha -``` - -### Artifactory JMX Configuration -** You can see some information about the exposed MBeans here - https://www.jfrog.com/confluence/display/RTF/Artifactory+JMX+MBeans - -Enable JMX in your deployment: -```bash -helm upgrade --install artifactory \ - --set artifactory.primary.javaOpts.jmx.enabled=true \ - --set artifactory.node.javaOpts.jmx.enabled=true \ - --namespace artifactory-ha jfrog/artifactory-ha -``` -This will enable access to Artifactory with JMX on the default port (9010). -** You have the option to change the port by setting ```artifactory.primary.javaOpts.jmx.port``` and ```artifactory.node.javaOpts.jmx.port``` -to your choice of port - -In order to connect to Artifactory using JMX with jconsole (or any similar tool) installed on your computer, follow the following steps: -1. Enable JMX as described above and Change the Artifactory service to be of type LoadBalancer: -```bash -helm upgrade --install artifactory \ - --set artifactory.primary.javaOpts.jmx.enabled=true \ - --set artifactory.node.javaOpts.jmx.enabled=true \ - --set artifactory.service.type=LoadBalancer \ - --namespace artifactory-ha jfrog/artifactory-ha -``` -2. The default setting for java.rmi.server.hostname is the service name (this is also configurable with -```artifactory.primary.javaOpts.jmx.host``` and ```artifactory.node.javaOpts.jmx.host```), So in order to connect to Artifactory -with jconsole you should map the Artifactory kuberentes service IP to the service name using your hosts file as such: -``` - artifactory-ha--primary - -``` -3. Launch jconsole with the service address and port: -```bash -jconsole artifactory-ha--primary: -jconsole : -``` - -### Bootstrapping Artifactory admin password -You can bootstrap the `admin` user password as described in the [bootstrap Artifactory admin credentials](https://www.jfrog.com/confluence/display/JFROG/Users+and+Groups#UsersandGroups-RecreatingtheDefaultAdminUserrecreate) guide. - -1. Create `admin-creds-values.yaml` and provide the IP (By default 127.0.0.1) and password: -```yaml -artifactory: - admin: - ip: "" # Example: "*" to allow access from anywhere - username: "admin" - password: "" -``` - -2. Apply the `admin-creds-values.yaml` file: -```bash -helm upgrade --install artifactory --namespace artifactory-ha jfrog/artifactory-ha -f admin-creds-values.yaml -``` - -### Bootstrapping Artifactory configuration -**IMPORTANT:** Bootstrapping Artifactory needs license. Pass license as shown in above section. - -* User guide to [bootstrap Artifactory Global Configuration](https://www.jfrog.com/confluence/display/RTF/Configuration+Files#ConfigurationFiles-BootstrappingtheGlobalConfiguration) -* User guide to [bootstrap Artifactory Security Configuration](https://www.jfrog.com/confluence/display/RTF/Configuration+Files#ConfigurationFiles-BootstrappingtheSecurityConfiguration) - -1. Create `bootstrap-config.yaml` with artifactory.config.import.xml and security.import.xml as shown below: -```yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: my-release-bootstrap-config -data: - artifactory.config.import.xml: | - - security.import.xml: | - -``` - -2. Create configMap in Kubernetes: -```bash -kubectl apply -f bootstrap-config.yaml -``` -3. Pass the configMap to helm -```bash -helm upgrade --install artifactory-ha --set artifactory.license.secret=artifactory-cluster-license,artifactory.license.dataKey=art.lic,artifactory.configMapName=my-release-bootstrap-config --namespace artifactory-ha jfrog/artifactory-ha -``` - -### Use custom nginx.conf with Nginx - -Steps to create configMap with nginx.conf -* Create `nginx.conf` file. -```bash -kubectl create configmap nginx-config --from-file=nginx.conf -``` -* Pass configMap to helm install -```bash -helm upgrade --install artifactory-ha --set nginx.customConfigMap=nginx-config --namespace artifactory-ha jfrog/artifactory-ha -``` - -### Scaling your Artifactory cluster -A key feature in Artifactory HA is the ability to set an initial cluster size with `--set artifactory.node.replicaCount=${CLUSTER_SIZE}` and if needed, resize it. - -##### Before scaling -**IMPORTANT:** When scaling, you need to explicitly pass the database password if it's an auto generated one (this is the default with the enclosed PostgreSQL helm chart). - -Get the current database password -```bash -export DB_PASSWORD=$(kubectl get $(kubectl get secret -o name | grep postgresql) -o jsonpath="{.data.postgresql-password}" | base64 --decode) -``` -Use `--set postgresql.postgresqlPassword=${DB_PASSWORD}` with every scale action to prevent a miss configured cluster! - -##### Scale up -Let's assume you have a cluster with **2** member nodes, and you want to scale up to **3** member nodes (a total of 4 nodes). -```bash -# Scale to 4 nodes (1 primary and 3 member nodes) -helm upgrade --install artifactory-ha --set artifactory.node.replicaCount=3 --set postgresql.postgresqlPassword=${DB_PASSWORD} --namespace artifactory-ha jfrog/artifactory-ha -``` - -##### Scale down -Let's assume you have a cluster with **3** member nodes, and you want to scale down to **2** member node. - -```bash -# Scale down to 2 member nodes -helm upgrade --install artifactory-ha --set artifactory.node.replicaCount=2 --set postgresql.postgresqlPassword=${DB_PASSWORD} --namespace artifactory-ha jfrog/artifactory-ha -``` -- **NOTE:** Since Artifactory is running as a Kubernetes Stateful Set, the removal of the node will **not** remove the persistent volume. You need to explicitly remove it -```bash -# List PVCs -kubectl get pvc - -# Remove the PVC with highest ordinal! -# In this example, the highest node ordinal was 2, so need to remove its storage. -kubectl delete pvc volume-artifactory-node-2 -``` - -### Use an external Database - -**For production grade installations it is recommended to use an external PostgreSQL with a static password** - -#### PostgreSQL -There are cases where you will want to use external PostgreSQL with a different database name e.g. `my-artifactory-db`, then you need set a custom PostgreSQL connection URL, where `my-artifactory-db` is the database name. - -This can be done with the following parameters -```bash -... ---set postgresql.enabled=false \ ---set database.type=postgresql \ ---set database.driver=org.postgresql.Driver \ ---set database.url='jdbc:postgresql://${DB_HOST}:${DB_PORT}/my-artifactory-db' \ ---set database.user=${DB_USER} \ ---set database.password=${DB_PASSWORD} \ -... -``` -**NOTE:** You must set `postgresql.enabled=false` in order for the chart to use the `database.*` parameters. Without it, they will be ignored! - -#### Other DB type -There are cases where you will want to use a different database and not the enclosed **PostgreSQL**. -See more details on [configuring the database](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Database) -> The official Artifactory Docker images include the PostgreSQL database driver. -> For other database types, you will have to add the relevant database driver to Artifactory's tomcat/lib - -This can be done with the following parameters -```bash -# Make sure your Artifactory Docker image has the MySQL database driver in it -... ---set postgresql.enabled=false \ ---set artifactory.preStartCommand="mkdir -p /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib; cd /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib && wget -O /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib/mysql-connector-java-5.1.41.jar https://jcenter.bintray.com/mysql/mysql-connector-java/5.1.41/mysql-connector-java-5.1.41.jar" \ ---set database.type=mysql \ ---set database.driver=com.mysql.jdbc.Driver \ ---set database.url=${DB_URL} \ ---set database.user=${DB_USER} \ ---set database.password=${DB_PASSWORD} \ -... -``` -**NOTE:** You must set `postgresql.enabled=false` in order for the chart to use the `database.*` parameters. Without it, they will be ignored! -##### Configuring Artifactory with external Oracle database -To use artifactory with oracledb the required instant client library files, libaio has to be copied to tomcat lib. Also set LD_LIBRARY_PATH env variable. -1. Create a value file with the configuration -```yaml -postgresql: - enabled: false -database: - type: oracle - driver: oracle.jdbc.OracleDriver - url: - user: - password: -artifactory: - preStartCommand: "mkdir -p /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib; cd /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib && wget -O instantclient-basic-linux.x64-19.6.0.0.0dbru.zip https://download.oracle.com/otn_software/linux/instantclient/19600/instantclient-basic-linux.x64-19.6.0.0.0dbru.zip && unzip -jn instantclient-basic-linux.x64-19.6.0.0.0dbru.zip && wget -O libaio1_0.3.110-3_amd64.deb http://ftp.br.debian.org/debian/pool/main/liba/libaio/libaio1_0.3.110-3_amd64.deb && dpkg-deb -x libaio1_0.3.110-3_amd64.deb . && cp lib/x86_64-linux-gnu/* ." - extraEnvironmentVariables: - - name: LD_LIBRARY_PATH - value: /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib -``` -2. Install Artifactory with the values file you created: -```bash -helm upgrade --install artifactory jfrog/artifactory-ha --namespace artifactory -f values-oracle.yaml -``` -**NOTE:** If its an upgrade from 6.x to 7.x, add same `preStartCommand` under `artifactory.migration.preStartCommand` - -#### Using pre-existing Kubernetes Secret -If you store your database credentials in a pre-existing Kubernetes `Secret`, you can specify them via `database.secrets` instead of `database.user` and `database.password`: -```bash -# Create a secret containing the database credentials -kubectl create secret generic my-secret --from-literal=user=${DB_USER} --from-literal=password=${DB_PASSWORD} -... ---set postgresql.enabled=false \ ---set database.secrets.user.name=my-secret \ ---set database.secrets.user.key=user \ ---set database.secrets.password.name=my-secret \ ---set database.secrets.password.key=password \ -... -``` - -### Deleting Artifactory -To delete the Artifactory HA cluster - -On helm v2: -```bash -helm delete --purge artifactory-ha -``` - -On helm v3: -```bash -helm delete artifactory-ha --namespace artifactory-ha -``` - -This will completely delete your Artifactory HA cluster. -**NOTE:** Since Artifactory is running as Kubernetes Stateful Sets, the removal of the helm release will **not** remove the persistent volumes. You need to explicitly remove them -```bash -kubectl delete pvc -l release=artifactory-ha -``` -See more details in the official [Kubernetes Stateful Set removal page](https://kubernetes.io/docs/tasks/run-application/delete-stateful-set/) - -### Custom Docker registry for your images -If you need to pull your Docker images from a private registry (for example, when you have a custom image with a MySQL database driver), you need to create a -[Kubernetes Docker registry secret](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/) and pass it to helm -```bash -# Create a Docker registry secret called 'regsecret' -kubectl create secret docker-registry regsecret --docker-server=${DOCKER_REGISTRY} --docker-username=${DOCKER_USER} --docker-password=${DOCKER_PASS} --docker-email=${DOCKER_EMAIL} -``` -Once created, you pass it to `helm` -```bash -helm upgrade --install artifactory-ha --set imagePullSecrets=regsecret --namespace artifactory-ha jfrog/artifactory-ha -``` - -### Logger sidecars -This chart provides the option to add sidecars to tail various logs from Artifactory. See the available values in [values.yaml](values.yaml) - -Get list of containers in the pod -```bash -kubectl get pods -n -o jsonpath='{.spec.containers[*].name}' | tr ' ' '\n' -``` - -View specific log -```bash -kubectl logs -n -c -``` - - -### Custom init containers -There are cases where a special, unsupported init processes is needed like checking something on the file system or testing something before spinning up the main container. - -For this, there is a section for writing custom init containers before and after the predefined init containers in the [values.yaml](values.yaml) . By default it's commented out -```yaml -artifactory: - ## Add custom init containers executed before predefined init containers - customInitContainersBegin: | - ## Init containers template goes here ## - ## Add custom init containers executed after predefined init containers - customInitContainers: | - ## Init containers template goes here ## -``` - -### Custom sidecar containers -There are cases where an extra sidecar container is needed. For example monitoring agents or log collection. - -For this, there is a section for writing a custom sidecar container in the [values.yaml](values.yaml). By default it's commented out -```yaml -artifactory: - ## Add custom sidecar containers - customSidecarContainers: | - ## Sidecar containers template goes here ## -``` - -You can configure the sidecar to run as a custom user if needed by setting the following in the container template -```yaml - # Example of running container as root (id 0) - securityContext: - runAsUser: 0 - fsGroup: 0 -``` - -### Custom volumes -If you need to use a custom volume in a custom init or sidecar container, you can use this option. - -For this, there is a section for defining custom volumes in the [values.yaml](values.yaml). By default it's commented out -```yaml -artifactory: - ## Add custom volumes - customVolumes: | - ## Custom volume comes here ## -``` - -### Custom secrets -If you need to add a custom secret in a custom init or sidecar container, you can use this option. - -For this, there is a section for defining custom secrets in the [values.yaml](values.yaml). By default it's commented out -```yaml -artifactory: - # Add custom secrets - secret per file - customSecrets: - - name: custom-secret - key: custom-secret.yaml - data: > - secret data -``` - -To use a custom secret, need to define a custom volume. -```yaml -artifactory: - ## Add custom volumes - customVolumes: | - - name: custom-secret - secret: - secretName: custom-secret -``` - -To use a volume, need to define a volume mount as part of a custom init or sidecar container. -```yaml -artifactory: - customSidecarContainers: - - name: side-car-container - volumeMounts: - - name: custom-secret - mountPath: /opt/custom-secret.yaml - subPath: custom-secret.yaml - readOnly: true -``` - -### Add Artifactory User Plugin during installation -If you need to add [Artifactory User Plugin](https://github.com/jfrog/artifactory-user-plugins), you can use this option. - -Create a secret with [Artifactory User Plugin](https://github.com/jfrog/artifactory-user-plugins) by following command: -```bash -# Secret with single user plugin -kubectl create secret generic archive-old-artifacts --from-file=archiveOldArtifacts.groovy --namespace=artifactory-ha - -# Secret with single user plugin with configuration file -kubectl create secret generic webhook --from-file=webhook.groovy --from-file=webhook.config.json.sample --namespace=artifactory-ha -``` - -Add plugin secret names to `plugins.yaml` as following: -```yaml -artifactory: - userPluginSecrets: - - archive-old-artifacts - - webhook -``` - -You can now pass the created `plugins.yaml` file to helm install command to deploy Artifactory with user plugins as follows: -```bash -helm upgrade --install artifactory-ha -f plugins.yaml --namespace artifactory-ha jfrog/artifactory-ha -``` - -Alternatively, you may be in a situation in which you would like to create a secret in a Helm chart that depends on this chart. In this scenario, the name of the secret is likely dynamically generated via template functions, so passing a statically named secret isn't possible. In this case, the chart supports evaluating strings as templates via the [`tpl`](https://helm.sh/docs/charts_tips_and_tricks/#using-the-tpl-function) function - simply pass the raw string containing the templating language used to name your secret as a value instead by adding the following to your chart's `values.yaml` file: -```yaml -artifactory-ha: # Name of the artifactory-ha dependency - artifactory: - userPluginSecrets: - - '{{ template "my-chart.fullname" . }}' -``` -For additional information, please refer [here](https://www.jfrog.com/confluence/display/JFROG/User+Plugins). - -### Provide custom configMaps to Artifactory -If you want to mount a custom file to Artifactory, either an init shell script or a custom configuration file (such as `logback.xml`), you can use this option. - -Create a `configmaps.yaml` file with the following content: -```yaml -artifactory: - configMaps: | - logback.xml: | - - - - - %date [%-5level] \(%-20c{3}:%L\) %message%n - - - - - - - - - - - - - - - my-custom-post-start-hook.sh: | - echo "This is my custom post start hook" - - customVolumeMounts: | - - name: artifactory-configmaps - mountPath: /tmp/my-config-map - - postStartCommand: | - chmod +x /tmp/my-config-map/my-custom-post-start-hook.sh; - /tmp/my-config-map/my-custom-post-start-hook.sh; - - copyOnEveryStartup: - - source: /tmp/my-config-map/logback.xml - target: etc/ - -``` - -and use it with you helm install/upgrade: -```bash -helm upgrade --install artifactory-ha -f configmaps.yaml --namespace artifactory-ha jfrog/artifactory-ha -``` - -This will, in turn: -* create a configMap with the files you specified above -* create a volume pointing to the configMap with the name `artifactory-configmaps` -* Mount said configMap onto `/tmp/my-config-map` using a `customVolumeMounts` -* Set the shell script we mounted as the `postStartCommand` -* Copy the `logback.xml` file to its proper location in the `$ARTIFACTORY_HOME/etc` directory. - -### Establishing TLS and Adding certificates -In HTTPS, the communication protocol is encrypted using Transport Layer Security (TLS). By default, TLS between JFrog Platform nodes is disabled. -When TLS is enabled, JFrog Access acts as the Certificate Authority (CA) signs the TLS certificates used by all the different JFrog Platform nodes. - -To establish TLS between JFrog Platform nodes: -Enable TLS by changing the tls entry (under the security section) in the access.config.yaml file. For more info, Please refer [here](https://www.jfrog.com/confluence/display/JFROG/Managing+TLS+Certificates#ManagingTLSCertificates) - -To enable tls in charts, set `tls` to true under `access` in [values.yaml](values.yaml). By default it's false -```yaml -access: - accessConfig: - security: - tls: true -``` - -To add custom tls certificates, create a tls secret from the certificate files. - -```bash -kubectl create secret tls --cert=ca.crt --key=ca.private.key -``` - -For resetting access certificates , you can set `resetAccessCAKeys` to true under access section in [values.yaml](values.yaml) and perform an helm upgrade. -* Note : Once helm upgrade is done, set `resetAccessCAKeys` to false for subsequent upgrades (to avoid resetting access certificates on every helm upgrade) -```yaml -access: - accessConfig: - security: - tls: true - customCertificatesSecretName: - resetAccessCAKeys: true -``` - -### Artifactory filebeat -If you want to collect logs from your Artifactory installation and send them to a central log collection solution like ELK, you can use this option. - -Create a `filebeat.yaml` values file with the following content: -```yaml -filebeat: - enabled: true - logstashUrl: - resources: - requests: - memory: "100Mi" - cpu: "100m" - limits: - memory: "100Mi" - cpu: "100m" -``` - -You can optionally customize the `filebeat.yaml` to send output to a different location like so: -```yaml -filebeat: - enabled: true - filebeatYml: | - -``` - -and use it with you helm install/upgrade: -```bash -helm upgrade --install artifactory-ha -f filebeat.yaml --namespace artifactory-ha jfrog/artifactory -``` - -This will start sending your Artifactory logs to the log aggregator of your choice, based on your configuration in the `filebeatYml` - -### Install Artifactory HA with Nginx and Terminate SSL in Nginx Service(LoadBalancer). -To install the helm chart with performing SSL offload in the LoadBalancer layer of Nginx -For Ex: Using AWS ACM certificates to do SSL offload in the loadbalancer layer. -In order to do that, simply add the following to a `artifactory-ssl-values.yaml` file: -```yaml - nginx: - https: - enabled: false - service: - ssloffload: true - annotations: - service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:xx-xxxx:xxxxxxxx:certificate/xxxxxxxxxxxxx" - service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http" - service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https" -``` - -and use it with you helm install/upgrade: -```bash -helm upgrade --install artifactory -f artifactory-ssl-values.yaml --namespace artifactory jfrog/artifactory -``` - -### Ingress and TLS -To get Helm to create an ingress object with a hostname, add these below lines to `artifactory-ingress-values.yaml` file -```yaml - ingress: - enabled: true - hosts: - - artifactory.company.com - artifactory: - service: - type: NodePort - nginx - enabled: false -``` - -and use it with you helm install/upgrade: -```bash -helm upgrade --install artifactory -f artifactory-ingress-values.yaml--namespace artifactory jfrog/artifactory -``` - -If your cluster allows automatic creation/retrieval of TLS certificates (e.g. [cert-manager](https://github.com/jetstack/cert-manager)), please refer to the documentation for that mechanism. - -To manually configure TLS, first create/retrieve a key & certificate pair for the address(es) you wish to protect. Then create a TLS secret in the namespace: - -```bash -kubectl create secret tls artifactory-tls --cert=path/to/tls.cert --key=path/to/tls.key -``` - -Include the secret's name, along with the desired hostnames, in the Artifactory Ingress TLS section of your custom `values.yaml` file: - -```yaml - ingress: - ## If true, Artifactory Ingress will be created - ## - enabled: true - - ## Artifactory Ingress hostnames - ## Must be provided if Ingress is enabled - ## - hosts: - - artifactory.domain.com - annotations: - kubernetes.io/tls-acme: "true" - ## Artifactory Ingress TLS configuration - ## Secrets must be manually created in the namespace - ## - tls: - - secretName: artifactory-tls - hosts: - - artifactory.domain.com -``` - -### Ingress annotations - -This example specifically enables Artifactory to work as a Docker Registry using the Repository Path method. See [Artifactory as Docker Registry](https://www.jfrog.com/confluence/display/RTF/Getting+Started+with+Artifactory+as+a+Docker+Registry) documentation for more information about this setup. - -```yaml -ingress: - enabled: true - defaultBackend: - enabled: false - hosts: - - myhost.example.com - annotations: - ingress.kubernetes.io/force-ssl-redirect: "true" - ingress.kubernetes.io/proxy-body-size: "0" - ingress.kubernetes.io/proxy-read-timeout: "600" - ingress.kubernetes.io/proxy-send-timeout: "600" - kubernetes.io/ingress.class: nginx - nginx.ingress.kubernetes.io/configuration-snippet: | - rewrite ^/(v2)/token /artifactory/api/docker/null/v2/token; - rewrite ^/(v2)/([^\/]*)/(.*) /artifactory/api/docker/$2/$1/$3; - nginx.ingress.kubernetes.io/proxy-body-size: "0" - tls: - - hosts: - - "myhost.example.com" -``` - -### Ingress additional rules - -You have the option to add additional ingress rules to the Artifactory ingress. An example for this use case can be routing the /xray path to Xray. -In order to do that, simply add the following to a `artifactory-ha-values.yaml` file: -```yaml -ingress: - enabled: true - - defaultBackend: - enabled: false - - annotations: - kubernetes.io/ingress.class: nginx - nginx.ingress.kubernetes.io/configuration-snippet: | - rewrite "(?i)/xray(/|$)(.*)" /$2 break; - - additionalRules: | - - host: - http: - paths: - - path: / - backend: - serviceName: - servicePort: - - path: /xray - backend: - serviceName: - servicePort: - - path: /artifactory - backend: - serviceName: {{ template "artifactory.nginx.fullname" . }} - servicePort: {{ .Values.nginx.externalPortHttp }} -``` - -and running: -```bash -helm upgrade --install artifactory-ha --namespace artifactory-ha jfrog/artifactory-ha -f artifactory-ha-values.yaml -``` - -### Dedicated Ingress object for replicator service - -You have the option to add additional ingress object to the Replicator service. An example for this use case can be routing the /replicator/ path to Artifactory. -In order to do that, simply add the following to a `artifactory-values.yaml` file: - -```yaml -artifactory: - replicator: - enabled: true - ingress: - name: - hosts: - - myhost.example.com - annotations: - kubernetes.io/ingress.class: nginx - nginx.ingress.kubernetes.io/proxy-buffering: "off" - nginx.ingress.kubernetes.io/configuration-snippet: | - chunked_transfer_encoding on; - tls: - - hosts: - - "myhost.example.com" - secretName: -``` - -### Ingress behind another load balancer -If you are running a load balancer, that is used to offload the TLS, in front of Nginx Ingress Controller, or if you are setting **X-Forwarded-*** headers, you might want to enable **'use-forwarded-headers=true'** option. Otherwise nginx will be filling those headers with the request information it receives from the external load balancer. - -To enable it with `helm install` -```bash -helm upgrade --install nginx-ingress --namespace nginx-ingress center/kubernetes-ingress-nginx/ingress-nginx --set-string controller.config.use-forwarded-headers=true -``` -or `helm upgrade` -```bash -helm upgrade nginx-ingress --set-string controller.config.use-forwarded-headers=true center/kubernetes-ingress-nginx/ingress-nginx -``` -or create a values.yaml file with the following content: -```yaml -controller: - config: - use-forwarded-headers: "true" -``` -Then install nginx-ingress with the values file you created: -```bash -helm upgrade --install nginx-ingress --namespace nginx-ingress center/kubernetes-ingress-nginx/ingress-nginx -f values.yaml -``` - -### Log Analytics - -#### FluentD, Prometheus and Grafana - -To configure Prometheus and Grafana to gather metrics from Artifactory through the use of FluentD, please refer to the log analytics repo: - -https://github.com/jfrog/log-analytics-prometheus - -That repo contains a file `artifactory-ha-values.yaml` that can be used to deploy Prometheus, Service Monitor, and Grafana with this chart. - - -## Useful links -- https://www.jfrog.com/confluence/display/EP/Getting+Started -- https://www.jfrog.com/confluence/display/RTF/Installing+Artifactory -- https://www.jfrog.com/confluence/ diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/ReverseProxyConfiguration.md b/charts/artifactory-ha/artifactory-ha/4.13.000/ReverseProxyConfiguration.md deleted file mode 100755 index 851593236..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/ReverseProxyConfiguration.md +++ /dev/null @@ -1,140 +0,0 @@ -# JFrog Artifactory Reverse Proxy Settings using Nginx - -#### Reverse Proxy -* To use Artifactory as docker registry it's mandatory to use Reverse Proxy. -* Artifactory provides a Reverse Proxy Configuration Generator screen in which you can fill in a set of fields to generate -the required configuration snippet which you can then download and install directly in the corresponding directory of your reverse proxy server. -* To learn about configuring NGINX or Apache for reverse proxy refer to documentation provided on [JFrog wiki](https://www.jfrog.com/confluence/display/RTF/Configuring+a+Reverse+Proxy) -* By default Artifactory helm chart uses Nginx for reverse proxy and load balancing. - -**Note**: Nginx image distributed with Artifactory helm chart is custom image managed and maintained by JFrog. - -#### Features of Artifactory Nginx -* Provides default configuration with self signed SSL certificate generated on each helm install/upgrade. -* Persist configuration and SSL certificate in `/var/opt/jfrog/nginx` directory - -#### Changing the default Artifactory nginx conf -Use a values.yaml file for changing the value of nginx.mainConf or nginx.artifactoryConf -These configuration will be mounted to the nginx container using a configmap. -For example: -1. Create a values file `nginx-values.yaml` with the following values: -```yaml -nginx: - artifactoryConf: | - ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; - ssl_certificate {{ .Values.nginx.persistence.mountPath }}/ssl/tls.crt; - ssl_certificate_key {{ .Values.nginx.persistence.mountPath }}/ssl/tls.key; - ssl_session_cache shared:SSL:1m; - ssl_prefer_server_ciphers on; - ## server configuration - server { - listen {{ .Values.nginx.internalPortHttps }} ssl; - listen {{ .Values.nginx.internalPortHttp }} ; - ## Change to you DNS name you use to access Artifactory - server_name ~(?.+)\.{{ include "artifactory-ha.fullname" . }} {{ include "artifactory-ha.fullname" . }}; - - if ($http_x_forwarded_proto = '') { - set $http_x_forwarded_proto $scheme; - } - ## Application specific logs - ## access_log /var/log/nginx/artifactory-access.log timing; - ## error_log /var/log/nginx/artifactory-error.log; - rewrite ^/$ /artifactory/webapp/ redirect; - rewrite ^/artifactory/?(/webapp)?$ /artifactory/webapp/ redirect; - if ( $repo != "" ) { - rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/$repo/$1/$2 break; - } - rewrite ^/(v1|v2)/([^/]+)(.*)$ /artifactory/api/docker/$2/$1/$3; - rewrite ^/(v1|v2)/ /artifactory/api/docker/$1/; - chunked_transfer_encoding on; - client_max_body_size 0; - location /artifactory/ { - proxy_read_timeout 900; - proxy_pass_header Server; - proxy_cookie_path ~*^/.* /; - if ( $request_uri ~ ^/artifactory/(.*)$ ) { - proxy_pass http://{{ include "artifactory-ha.fullname" . }}:{{ .Values.artifactory.externalPort }}/artifactory/$1; - } - proxy_pass http://{{ include "artifactory-ha.fullname" . }}:{{ .Values.artifactory.externalPort }}/artifactory/; - proxy_set_header X-Artifactory-Override-Base-Url $http_x_forwarded_proto://$host:$server_port/artifactory; - proxy_set_header X-Forwarded-Port $server_port; - proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } - } -``` - -2. Install/upgrade artifactory: -```bash -helm upgrade --install artifactory-ha jfrog/artifactory-ha -f nginx-values.yaml -``` - - -#### Steps to use static configuration for reverse proxy in nginx. -1. Get Artifactory service name using this command `kubectl get svc -n $NAMESPACE` - -2. Create `artifactory.conf` file with nginx configuration. More [nginx configuration examples](https://github.com/jfrog/artifactory-docker-examples/tree/master/files/nginx/conf.d) - - Following is example `artifactory.conf` - - **Note**: - * Create file with name `artifactory.conf` as it's fixed in configMap key. - * Replace `artifactory-artifactory` with service name taken from step 1. - - ```bash - ## add ssl entries when https has been set in config - ssl_certificate /var/opt/jfrog/nginx/ssl/tls.crt; - ssl_certificate_key /var/opt/jfrog/nginx/ssl/tls.key; - ssl_session_cache shared:SSL:1m; - ssl_prefer_server_ciphers on; - ## server configuration - server { - listen 443 ssl; - listen 80; - ## Change to you DNS name you use to access Artifactory - server_name ~(?.+)\.artifactory-artifactory artifactory-artifactory; - - if ($http_x_forwarded_proto = '') { - set $http_x_forwarded_proto $scheme; - } - ## Application specific logs - ## access_log /var/log/nginx/artifactory-access.log timing; - ## error_log /var/log/nginx/artifactory-error.log; - rewrite ^/$ /artifactory/webapp/ redirect; - rewrite ^/artifactory/?(/webapp)?$ /artifactory/webapp/ redirect; - if ( $repo != "" ) { - rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/$repo/$1/$2 break; - } - rewrite ^/(v1|v2)/([^/]+)(.*)$ /artifactory/api/docker/$2/$1/$3; - rewrite ^/(v1|v2)/ /artifactory/api/docker/$1/; - chunked_transfer_encoding on; - client_max_body_size 0; - location /artifactory/ { - proxy_read_timeout 900; - proxy_pass_header Server; - proxy_cookie_path ~*^/.* /; - if ( $request_uri ~ ^/artifactory/(.*)$ ) { - proxy_pass http://artifactory-artifactory:8081/artifactory/$1 break; - } - proxy_pass http://artifactory-artifactory:8081/artifactory/; - proxy_set_header X-Artifactory-Override-Base-Url $http_x_forwarded_proto://$host:$server_port/artifactory; - proxy_set_header X-Forwarded-Port $server_port; - proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } - } - ``` - -3. Create configMap of `artifactory.conf` created with step above. - ```bash - kubectl create configmap art-nginx-conf --from-file=artifactory.conf - ``` -4. Deploy Artifactory using helm chart. - You can achieve this by providing the name of configMap created above to `nginx.customArtifactoryConfigMap` in [values.yaml](values.yaml) - - Following is command to set values at runtime: - ```bash - helm install --name artifactory-ha nginx.customArtifactoryConfigMap=art-nginx-conf jfrog/artifactory-ha - ``` \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/UPGRADE_NOTES.md b/charts/artifactory-ha/artifactory-ha/4.13.000/UPGRADE_NOTES.md deleted file mode 100755 index b3326dccc..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/UPGRADE_NOTES.md +++ /dev/null @@ -1,42 +0,0 @@ -# JFrog Artifactory Chart Upgrade Notes -This file describes special upgrade notes needed at specific versions - -## Upgrade from 1.X to 2.X and above (Chart Versions) - -* If this is a new deployment or you already use an external database (`postgresql.enabled=false`), these changes **do not affect you!** -* To upgrade from a version prior to 1.x, you first need to upgrade to latest version of 1.x as described in https://github.com/jfrog/charts/blob/master/stable/artifactory-ha/CHANGELOG.md. -* Note: If you are upgrading from 1.x to 4.x and above chart versions, please delete the existing statefulset of postgresql before upgrading the chart due to breaking changes in postgresql subchart. -```bash -kubectl delete statefulsets -postgresql -``` - -## Upgrade from 0.X to 1.X (Chart Versions) -**DOWNTIME IS REQUIRED FOR AN UPGRADE!** -* If this is a new deployment or you already use an external database (`postgresql.enabled=false`), these changes **do not affect you!** -* PostgreSQL sub chart was upgraded to version `6.5.x`. This version is not backward compatible with the old version (`0.9.5`)! -* Note the following **PostgreSQL** Helm chart changes - * The chart configuration has changed! See [values.yaml](values.yaml) for the new keys used - * **PostgreSQL** is deployed as a StatefulSet - * See [PostgreSQL helm chart](https://hub.helm.sh/charts/stable/postgresql) for all available configurations -* Upgrade - * Due to breaking changes in the **PostgreSQL** Helm chart, a migration of the database is needed from the old to the new database - * The recommended migration process is the [full system export and import](https://www.jfrog.com/confluence/display/RTF/Importing+and+Exporting) - * **NOTE:** To save time, export only metadata and configuration (check `Exclude Content` in the `System Import & Export`) since the Artifactory filestore is persisted - * Upgrade steps: - 1. Block user access to Artifactory (do not shutdown) - a. Scale down the cluster to primary node only (`node.replicaCount=0`) so the exported db and configuration will be kept on one known node (the primary) - b. If your Artifactory HA K8s service is set to member nodes only (`service.pool=members`) you will need to access the primary node directly (use `kubectl port-forward`) - 2. Perform `Export System` from the `Admin` -> `Import & Export` -> `System` -> `Export System` - a. Check `Exclude Content` to save export size (as Artifactory filestore will persist across upgrade) - b. Choose to save the export on the persisted Artifactory volume (`/var/opt/jfrog/artifactory/`) - c. Click `Export` (this can take some time) - 3. Run the `helm upgrade` with the new version. Old PostgreSQL will be removed and new one deployed - a. You must pass explicit "ready for upgrade flag" with `--set databaseUpgradeReady=yes`. Failing to provide this will block the upgrade! - 4. Once ready, open Artifactory UI (you might need to re-enter a valid license). Skip all onboarding wizard steps - a. **NOTE:** Don't worry you can't see the old config and files. It will all restore with the system import in the next step - 5. Perform `Import System` from the `Admin` -> `Import & Export` -> `System` -> `Import System` - a. Browse to where the export was saved Artifactory volume (`/var/opt/jfrog/artifactory/`) - b. Click `Import` (this can take some time) - 6. Restore access to Artifactory - a. Scale the cluster member nodes back to the original size - * Artifactory should now be ready to get back to normal operation diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/app-readme.md b/charts/artifactory-ha/artifactory-ha/4.13.000/app-readme.md deleted file mode 100755 index a5aa5fd47..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/app-readme.md +++ /dev/null @@ -1,16 +0,0 @@ -# JFrog Artifactory High Availability Helm Chart - -Universal Repository Manager supporting all major packaging formats, build tools and CI servers. - -## Chart Details -This chart will do the following: - -* Deploy Artifactory highly available cluster. 1 primary node and 2 member nodes. -* Deploy a PostgreSQL database -* Deploy an Nginx server(optional) - -## Useful links -Blog: [Herd Trust Into Your Rancher Labs Multi-Cloud Strategy with Artifactory](https://jfrog.com/blog/herd-trust-into-your-rancher-labs-multi-cloud-strategy-with-artifactory/) - -## Activate Your Artifactory Instance -Don't have a license? Please send an email to [rancher-jfrog-licenses@jfrog.com](mailto:rancher-jfrog-licenses@jfrog.com) to get it. diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/.helmignore b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/.helmignore deleted file mode 100755 index f0c131944..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/Chart.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/Chart.yaml deleted file mode 100755 index 2f858e60e..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/Chart.yaml +++ /dev/null @@ -1,23 +0,0 @@ -annotations: - category: Database -apiVersion: v1 -appVersion: 11.9.0 -description: Chart for PostgreSQL, an object-relational database management system (ORDBMS) with an emphasis on extensibility and on standards-compliance. -home: https://www.postgresql.org/ -icon: https://bitnami.com/assets/stacks/postgresql/img/postgresql-stack-110x117.png -keywords: -- postgresql -- postgres -- database -- sql -- replication -- cluster -maintainers: -- email: containers@bitnami.com - name: Bitnami -- email: cedric@desaintmartin.fr - name: desaintmartin -name: postgresql -sources: -- https://github.com/bitnami/bitnami-docker-postgresql -version: 9.3.4 diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/README.md b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/README.md deleted file mode 100755 index 319291bc6..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/README.md +++ /dev/null @@ -1,680 +0,0 @@ -# PostgreSQL - -[PostgreSQL](https://www.postgresql.org/) is an object-relational database management system (ORDBMS) with an emphasis on extensibility and on standards-compliance. - -For HA, please see [this repo](https://github.com/bitnami/charts/tree/master/bitnami/postgresql-ha) - -## TL;DR - -```console -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release bitnami/postgresql -``` - -## Introduction - -This chart bootstraps a [PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/). - -## Prerequisites - -- Kubernetes 1.12+ -- Helm 2.12+ or Helm 3.0-beta3+ -- PV provisioner support in the underlying infrastructure - -## Installing the Chart -To install the chart with the release name `my-release`: - -```console -$ helm install my-release bitnami/postgresql -``` - -The command deploys PostgreSQL on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `my-release` deployment: - -```console -$ helm delete my-release -``` - -The command removes all the Kubernetes components but PVC's associated with the chart and deletes the release. - -To delete the PVC's associated with `my-release`: - -```console -$ kubectl delete pvc -l release=my-release -``` - -> **Note**: Deleting the PVC's will delete postgresql data as well. Please be cautious before doing it. - -## Parameters - -The following tables lists the configurable parameters of the PostgreSQL chart and their default values. - -| Parameter | Description | Default | -|-----------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------| -| `global.imageRegistry` | Global Docker Image registry | `nil` | -| `global.postgresql.postgresqlDatabase` | PostgreSQL database (overrides `postgresqlDatabase`) | `nil` | -| `global.postgresql.postgresqlUsername` | PostgreSQL username (overrides `postgresqlUsername`) | `nil` | -| `global.postgresql.existingSecret` | Name of existing secret to use for PostgreSQL passwords (overrides `existingSecret`) | `nil` | -| `global.postgresql.postgresqlPassword` | PostgreSQL admin password (overrides `postgresqlPassword`) | `nil` | -| `global.postgresql.servicePort` | PostgreSQL port (overrides `service.port`) | `nil` | -| `global.postgresql.replicationPassword` | Replication user password (overrides `replication.password`) | `nil` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | -| `global.storageClass` | Global storage class for dynamic provisioning | `nil` | -| `image.registry` | PostgreSQL Image registry | `docker.io` | -| `image.repository` | PostgreSQL Image name | `bitnami/postgresql` | -| `image.tag` | PostgreSQL Image tag | `{TAG_NAME}` | -| `image.pullPolicy` | PostgreSQL Image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Specify Image pull secrets | `nil` (does not add image pull secrets to deployed pods) | -| `image.debug` | Specify if debug values should be set | `false` | -| `nameOverride` | String to partially override postgresql.fullname template with a string (will prepend the release name) | `nil` | -| `fullnameOverride` | String to fully override postgresql.fullname template with a string | `nil` | -| `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work) | `false` | -| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | -| `volumePermissions.image.repository` | Init container volume-permissions image name | `bitnami/minideb` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag | `buster` | -| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `Always` | -| `volumePermissions.securityContext.runAsUser` | User ID for the init container (when facing issues in OpenShift or uid unknown, try value "auto") | `0` | -| `usePasswordFile` | Have the secrets mounted as a file instead of env vars | `false` | -| `ldap.enabled` | Enable LDAP support | `false` | -| `ldap.existingSecret` | Name of existing secret to use for LDAP passwords | `nil` | -| `ldap.url` | LDAP URL beginning in the form `ldap[s]://host[:port]/basedn[?[attribute][?[scope][?[filter]]]]` | `nil` | -| `ldap.server` | IP address or name of the LDAP server. | `nil` | -| `ldap.port` | Port number on the LDAP server to connect to | `nil` | -| `ldap.scheme` | Set to `ldaps` to use LDAPS. | `nil` | -| `ldap.tls` | Set to `1` to use TLS encryption | `nil` | -| `ldap.prefix` | String to prepend to the user name when forming the DN to bind | `nil` | -| `ldap.suffix` | String to append to the user name when forming the DN to bind | `nil` | -| `ldap.search_attr` | Attribute to match agains the user name in the search | `nil` | -| `ldap.search_filter` | The search filter to use when doing search+bind authentication | `nil` | -| `ldap.baseDN` | Root DN to begin the search for the user in | `nil` | -| `ldap.bindDN` | DN of user to bind to LDAP | `nil` | -| `ldap.bind_password` | Password for the user to bind to LDAP | `nil` | -| `replication.enabled` | Enable replication | `false` | -| `replication.user` | Replication user | `repl_user` | -| `replication.password` | Replication user password | `repl_password` | -| `replication.slaveReplicas` | Number of slaves replicas | `1` | -| `replication.synchronousCommit` | Set synchronous commit mode. Allowed values: `on`, `remote_apply`, `remote_write`, `local` and `off` | `off` | -| `replication.numSynchronousReplicas` | Number of replicas that will have synchronous replication. Note: Cannot be greater than `replication.slaveReplicas`. | `0` | -| `replication.applicationName` | Cluster application name. Useful for advanced replication settings | `my_application` | -| `existingSecret` | Name of existing secret to use for PostgreSQL passwords. The secret has to contain the keys `postgresql-postgres-password` which is the password for `postgresqlUsername` when it is different of `postgres`, `postgresql-password` which will override `postgresqlPassword`, `postgresql-replication-password` which will override `replication.password` and `postgresql-ldap-password` which will be sed to authenticate on LDAP. The value is evaluated as a template. | `nil` | -| `postgresqlPostgresPassword` | PostgreSQL admin password (used when `postgresqlUsername` is not `postgres`, in which case`postgres` is the admin username). | _random 10 character alphanumeric string_ | -| `postgresqlUsername` | PostgreSQL user (creates a non-admin user when `postgresqlUsername` is not `postgres`) | `postgres` | -| `postgresqlPassword` | PostgreSQL user password | _random 10 character alphanumeric string_ | -| `postgresqlDatabase` | PostgreSQL database | `nil` | -| `postgresqlDataDir` | PostgreSQL data dir folder | `/bitnami/postgresql` (same value as persistence.mountPath) | -| `extraEnv` | Any extra environment variables you would like to pass on to the pod. The value is evaluated as a template. | `[]` | -| `extraEnvVarsCM` | Name of a Config Map containing extra environment variables you would like to pass on to the pod. The value is evaluated as a template. | `nil` | -| `postgresqlInitdbArgs` | PostgreSQL initdb extra arguments | `nil` | -| `postgresqlInitdbWalDir` | PostgreSQL location for transaction log | `nil` | -| `postgresqlConfiguration` | Runtime Config Parameters | `nil` | -| `postgresqlExtendedConf` | Extended Runtime Config Parameters (appended to main or default configuration) | `nil` | -| `pgHbaConfiguration` | Content of pg_hba.conf | `nil (do not create pg_hba.conf)` | -| `configurationConfigMap` | ConfigMap with the PostgreSQL configuration files (Note: Overrides `postgresqlConfiguration` and `pgHbaConfiguration`). The value is evaluated as a template. | `nil` | -| `extendedConfConfigMap` | ConfigMap with the extended PostgreSQL configuration files. The value is evaluated as a template. | `nil` | -| `initdbScripts` | Dictionary of initdb scripts | `nil` | -| `initdbUser` | PostgreSQL user to execute the .sql and sql.gz scripts | `nil` | -| `initdbPassword` | Password for the user specified in `initdbUser` | `nil` | -| `initdbScriptsConfigMap` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`). The value is evaluated as a template. | `nil` | -| `initdbScriptsSecret` | Secret with initdb scripts that contain sensitive information (Note: can be used with `initdbScriptsConfigMap` or `initdbScripts`). The value is evaluated as a template. | `nil` | -| `service.type` | Kubernetes Service type | `ClusterIP` | -| `service.port` | PostgreSQL port | `5432` | -| `service.nodePort` | Kubernetes Service nodePort | `nil` | -| `service.annotations` | Annotations for PostgreSQL service | `{}` (evaluated as a template) | -| `service.loadBalancerIP` | loadBalancerIP if service type is `LoadBalancer` | `nil` | -| `service.loadBalancerSourceRanges` | Address that are allowed when svc is LoadBalancer | `[]` (evaluated as a template) | -| `schedulerName` | Name of the k8s scheduler (other than default) | `nil` | -| `shmVolume.enabled` | Enable emptyDir volume for /dev/shm for master and slave(s) Pod(s) | `true` | -| `shmVolume.chmod.enabled` | Run at init chmod 777 of the /dev/shm (ignored if `volumePermissions.enabled` is `false`) | `true` | -| `persistence.enabled` | Enable persistence using PVC | `true` | -| `persistence.existingClaim` | Provide an existing `PersistentVolumeClaim`, the value is evaluated as a template. | `nil` | -| `persistence.mountPath` | Path to mount the volume at | `/bitnami/postgresql` | -| `persistence.subPath` | Subdirectory of the volume to mount at | `""` | -| `persistence.storageClass` | PVC Storage Class for PostgreSQL volume | `nil` | -| `persistence.accessModes` | PVC Access Mode for PostgreSQL volume | `[ReadWriteOnce]` | -| `persistence.size` | PVC Storage Request for PostgreSQL volume | `8Gi` | -| `persistence.annotations` | Annotations for the PVC | `{}` | -| `commonAnnotations` | Annotations to be added to all deployed resources (rendered as a template) | `{}` | -| `master.nodeSelector` | Node labels for pod assignment (postgresql master) | `{}` | -| `master.affinity` | Affinity labels for pod assignment (postgresql master) | `{}` | -| `master.tolerations` | Toleration labels for pod assignment (postgresql master) | `[]` | -| `master.anotations` | Map of annotations to add to the statefulset (postgresql master) | `{}` | -| `master.labels` | Map of labels to add to the statefulset (postgresql master) | `{}` | -| `master.podAnnotations` | Map of annotations to add to the pods (postgresql master) | `{}` | -| `master.podLabels` | Map of labels to add to the pods (postgresql master) | `{}` | -| `master.priorityClassName` | Priority Class to use for each pod (postgresql master) | `nil` | -| `master.extraInitContainers` | Additional init containers to add to the pods (postgresql master) | `[]` | -| `master.extraVolumeMounts` | Additional volume mounts to add to the pods (postgresql master) | `[]` | -| `master.extraVolumes` | Additional volumes to add to the pods (postgresql master) | `[]` | -| `master.sidecars` | Add additional containers to the pod | `[]` | -| `master.service.type` | Allows using a different service type for Master | `nil` | -| `master.service.nodePort` | Allows using a different nodePort for Master | `nil` | -| `master.service.clusterIP` | Allows using a different clusterIP for Master | `nil` | -| `slave.nodeSelector` | Node labels for pod assignment (postgresql slave) | `{}` | -| `slave.affinity` | Affinity labels for pod assignment (postgresql slave) | `{}` | -| `slave.tolerations` | Toleration labels for pod assignment (postgresql slave) | `[]` | -| `slave.anotations` | Map of annotations to add to the statefulsets (postgresql slave) | `{}` | -| `slave.labels` | Map of labels to add to the statefulsets (postgresql slave) | `{}` | -| `slave.podAnnotations` | Map of annotations to add to the pods (postgresql slave) | `{}` | -| `slave.podLabels` | Map of labels to add to the pods (postgresql slave) | `{}` | -| `slave.priorityClassName` | Priority Class to use for each pod (postgresql slave) | `nil` | -| `slave.extraInitContainers` | Additional init containers to add to the pods (postgresql slave) | `[]` | -| `slave.extraVolumeMounts` | Additional volume mounts to add to the pods (postgresql slave) | `[]` | -| `slave.extraVolumes` | Additional volumes to add to the pods (postgresql slave) | `[]` | -| `slave.sidecars` | Add additional containers to the pod | `[]` | -| `slave.service.type` | Allows using a different service type for Slave | `nil` | -| `slave.service.nodePort` | Allows using a different nodePort for Slave | `nil` | -| `slave.service.clusterIP` | Allows using a different clusterIP for Slave | `nil` | -| `slave.persistence.enabled` | Whether to enable slave replicas persistence | `true` | -| `terminationGracePeriodSeconds` | Seconds the pod needs to terminate gracefully | `nil` | -| `resources` | CPU/Memory resource requests/limits | Memory: `256Mi`, CPU: `250m` | -| `securityContext.enabled` | Enable security context | `true` | -| `securityContext.fsGroup` | Group ID for the container | `1001` | -| `securityContext.runAsUser` | User ID for the container | `1001` | -| `serviceAccount.enabled` | Enable service account (Note: Service Account will only be automatically created if `serviceAccount.name` is not set) | `false` | -| `serviceAccount.name` | Name of existing service account | `nil` | -| `livenessProbe.enabled` | Would you like a livenessProbe to be enabled | `true` | -| `networkPolicy.enabled` | Enable NetworkPolicy | `false` | -| `networkPolicy.allowExternal` | Don't require client label for connections | `true` | -| `networkPolicy.explicitNamespacesSelector` | A Kubernetes LabelSelector to explicitly select namespaces from which ingress traffic could be allowed | `{}` | -| `livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 30 | -| `livenessProbe.periodSeconds` | How often to perform the probe | 10 | -| `livenessProbe.timeoutSeconds` | When the probe times out | 5 | -| `livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | -| `livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | -| `readinessProbe.enabled` | would you like a readinessProbe to be enabled | `true` | -| `readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | 5 | -| `readinessProbe.periodSeconds` | How often to perform the probe | 10 | -| `readinessProbe.timeoutSeconds` | When the probe times out | 5 | -| `readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | -| `readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | -| `tls.enabled` | Enable TLS traffic support | `false` | -| `tls.preferServerCiphers` | Whether to use the server's TLS cipher preferences rather than the client's | `true` | -| `tls.certificatesSecret` | Name of an existing secret that contains the certificates | `nil` | -| `tls.certFilename` | Certificate filename | `""` | -| `tls.certKeyFilename` | Certificate key filename | `""` | -| `tls.certCAFilename` | CA Certificate filename. If provided, PostgreSQL will authenticate TLS/SSL clients by requesting them a certificate. |`nil` | -| `tls.crlFilename` | File containing a Certificate Revocation List |`nil` | -| `metrics.enabled` | Start a prometheus exporter | `false` | -| `metrics.service.type` | Kubernetes Service type | `ClusterIP` | -| `service.clusterIP` | Static clusterIP or None for headless services | `nil` | -| `metrics.service.annotations` | Additional annotations for metrics exporter pod | `{ prometheus.io/scrape: "true", prometheus.io/port: "9187"}` | -| `metrics.service.loadBalancerIP` | loadBalancerIP if redis metrics service type is `LoadBalancer` | `nil` | -| `metrics.serviceMonitor.enabled` | Set this to `true` to create ServiceMonitor for Prometheus operator | `false` | -| `metrics.serviceMonitor.additionalLabels` | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus | `{}` | -| `metrics.serviceMonitor.namespace` | Optional namespace in which to create ServiceMonitor | `nil` | -| `metrics.serviceMonitor.interval` | Scrape interval. If not set, the Prometheus default scrape interval is used | `nil` | -| `metrics.serviceMonitor.scrapeTimeout` | Scrape timeout. If not set, the Prometheus default scrape timeout is used | `nil` | -| `metrics.prometheusRule.enabled` | Set this to true to create prometheusRules for Prometheus operator | `false` | -| `metrics.prometheusRule.additionalLabels` | Additional labels that can be used so prometheusRules will be discovered by Prometheus | `{}` | -| `metrics.prometheusRule.namespace` | namespace where prometheusRules resource should be created | the same namespace as postgresql | -| `metrics.prometheusRule.rules` | [rules](https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/) to be created, check values for an example. | `[]` | -| `metrics.image.registry` | PostgreSQL Exporter Image registry | `docker.io` | -| `metrics.image.repository` | PostgreSQL Exporter Image name | `bitnami/postgres-exporter` | -| `metrics.image.tag` | PostgreSQL Exporter Image tag | `{TAG_NAME}` | -| `metrics.image.pullPolicy` | PostgreSQL Exporter Image pull policy | `IfNotPresent` | -| `metrics.image.pullSecrets` | Specify Image pull secrets | `nil` (does not add image pull secrets to deployed pods) | -| `metrics.customMetrics` | Additional custom metrics | `nil` | -| `metrics.extraEnvVars` | Extra environment variables to add to exporter | `{}` (evaluated as a template) | -| `metrics.securityContext.enabled` | Enable security context for metrics | `false` | -| `metrics.securityContext.runAsUser` | User ID for the container for metrics | `1001` | -| `metrics.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 30 | -| `metrics.livenessProbe.periodSeconds` | How often to perform the probe | 10 | -| `metrics.livenessProbe.timeoutSeconds` | When the probe times out | 5 | -| `metrics.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | -| `metrics.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | -| `metrics.readinessProbe.enabled` | would you like a readinessProbe to be enabled | `true` | -| `metrics.readinessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 5 | -| `metrics.readinessProbe.periodSeconds` | How often to perform the probe | 10 | -| `metrics.readinessProbe.timeoutSeconds` | When the probe times out | 5 | -| `metrics.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | -| `metrics.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | -| `updateStrategy` | Update strategy policy | `{type: "RollingUpdate"}` | -| `psp.create` | Create Pod Security Policy | `false` | -| `rbac.create` | Create Role and RoleBinding (required for PSP to work) | `false` | - - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```console -$ helm install my-release \ - --set postgresqlPassword=secretpassword,postgresqlDatabase=my-database \ - bitnami/postgresql -``` - -The above command sets the PostgreSQL `postgres` account password to `secretpassword`. Additionally it creates a database named `my-database`. - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```console -$ helm install my-release -f values.yaml bitnami/postgresql -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -## Configuration and installation details - -### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) - -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. - -Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. - -### Production configuration and horizontal scaling - -This chart includes a `values-production.yaml` file where you can find some parameters oriented to production configuration in comparison to the regular `values.yaml`. You can use this file instead of the default one. - -- Enable replication: -```diff -- replication.enabled: false -+ replication.enabled: true -``` - -- Number of slaves replicas: -```diff -- replication.slaveReplicas: 1 -+ replication.slaveReplicas: 2 -``` - -- Set synchronous commit mode: -```diff -- replication.synchronousCommit: "off" -+ replication.synchronousCommit: "on" -``` - -- Number of replicas that will have synchronous replication: -```diff -- replication.numSynchronousReplicas: 0 -+ replication.numSynchronousReplicas: 1 -``` - -- Start a prometheus exporter: -```diff -- metrics.enabled: false -+ metrics.enabled: true -``` - -To horizontally scale this chart, you can use the `--replicas` flag to modify the number of nodes in your PostgreSQL deployment. Also you can use the `values-production.yaml` file or modify the parameters shown above. - -### Customizing Master and Slave services in a replicated configuration - -At the top level, there is a service object which defines the services for both master and slave. For deeper customization, there are service objects for both the master and slave types individually. This allows you to override the values in the top level service object so that the master and slave can be of different service types and with different clusterIPs / nodePorts. Also in the case you want the master and slave to be of type nodePort, you will need to set the nodePorts to different values to prevent a collision. The values that are deeper in the master.service or slave.service objects will take precedence over the top level service object. - -### Change PostgreSQL version - -To modify the PostgreSQL version used in this chart you can specify a [valid image tag](https://hub.docker.com/r/bitnami/postgresql/tags/) using the `image.tag` parameter. For example, `image.tag=X.Y.Z`. This approach is also applicable to other images like exporters. - -### postgresql.conf / pg_hba.conf files as configMap - -This helm chart also supports to customize the whole configuration file. - -Add your custom file to "files/postgresql.conf" in your working directory. This file will be mounted as configMap to the containers and it will be used for configuring the PostgreSQL server. - -Alternatively, you can specify PostgreSQL configuration parameters using the `postgresqlConfiguration` parameter as a dict, using camelCase, e.g. {"sharedBuffers": "500MB"}. - -In addition to these options, you can also set an external ConfigMap with all the configuration files. This is done by setting the `configurationConfigMap` parameter. Note that this will override the two previous options. - -### Allow settings to be loaded from files other than the default `postgresql.conf` - -If you don't want to provide the whole PostgreSQL configuration file and only specify certain parameters, you can add your extended `.conf` files to "files/conf.d/" in your working directory. -Those files will be mounted as configMap to the containers adding/overwriting the default configuration using the `include_dir` directive that allows settings to be loaded from files other than the default `postgresql.conf`. - -Alternatively, you can also set an external ConfigMap with all the extra configuration files. This is done by setting the `extendedConfConfigMap` parameter. Note that this will override the previous option. - -### Initialize a fresh instance - -The [Bitnami PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) image allows you to use your custom scripts to initialize a fresh instance. In order to execute the scripts, they must be located inside the chart folder `files/docker-entrypoint-initdb.d` so they can be consumed as a ConfigMap. - -Alternatively, you can specify custom scripts using the `initdbScripts` parameter as dict. - -In addition to these options, you can also set an external ConfigMap with all the initialization scripts. This is done by setting the `initdbScriptsConfigMap` parameter. Note that this will override the two previous options. If your initialization scripts contain sensitive information such as credentials or passwords, you can use the `initdbScriptsSecret` parameter. - -The allowed extensions are `.sh`, `.sql` and `.sql.gz`. - -### Securing traffic using TLS - -TLS support can be enabled in the chart by specifying the `tls.` parameters while creating a release. The following parameters should be configured to properly enable the TLS support in the chart: - -- `tls.enabled`: Enable TLS support. Defaults to `false` -- `tls.certificatesSecret`: Name of an existing secret that contains the certificates. No defaults. -- `tls.certFilename`: Certificate filename. No defaults. -- `tls.certKeyFilename`: Certificate key filename. No defaults. - -For example: - -* First, create the secret with the cetificates files: - - ```console - kubectl create secret generic certificates-tls-secret --from-file=./cert.crt --from-file=./cert.key --from-file=./ca.crt - ``` - -* Then, use the following parameters: - - ```console - volumePermissions.enabled=true - tls.enabled=true - tls.certificatesSecret="certificates-tls-secret" - tls.certFilename="cert.crt" - tls.certKeyFilename="cert.key" - ``` - - > Note TLS and VolumePermissions: PostgreSQL requires certain permissions on sensitive files (such as certificate keys) to start up. Due to an on-going [issue](https://github.com/kubernetes/kubernetes/issues/57923) regarding kubernetes permissions and the use of `securityContext.runAsUser`, you must enable `volumePermissions` to ensure everything works as expected. - -### Sidecars - -If you need additional containers to run within the same pod as PostgreSQL (e.g. an additional metrics or logging exporter), you can do so via the `sidecars` config parameter. Simply define your container according to the Kubernetes container spec. - -```yaml -# For the PostgreSQL master -master: - sidecars: - - name: your-image-name - image: your-image - imagePullPolicy: Always - ports: - - name: portname - containerPort: 1234 -# For the PostgreSQL replicas -slave: - sidecars: - - name: your-image-name - image: your-image - imagePullPolicy: Always - ports: - - name: portname - containerPort: 1234 -``` - -### Metrics - -The chart optionally can start a metrics exporter for [prometheus](https://prometheus.io). The metrics endpoint (port 9187) is not exposed and it is expected that the metrics are collected from inside the k8s cluster using something similar as the described in the [example Prometheus scrape configuration](https://github.com/prometheus/prometheus/blob/master/documentation/examples/prometheus-kubernetes.yml). - -The exporter allows to create custom metrics from additional SQL queries. See the Chart's `values.yaml` for an example and consult the [exporters documentation](https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file) for more details. - -### Use of global variables - -In more complex scenarios, we may have the following tree of dependencies - -``` - +--------------+ - | | - +------------+ Chart 1 +-----------+ - | | | | - | --------+------+ | - | | | - | | | - | | | - | | | - v v v -+-------+------+ +--------+------+ +--------+------+ -| | | | | | -| PostgreSQL | | Sub-chart 1 | | Sub-chart 2 | -| | | | | | -+--------------+ +---------------+ +---------------+ -``` - -The three charts below depend on the parent chart Chart 1. However, subcharts 1 and 2 may need to connect to PostgreSQL as well. In order to do so, subcharts 1 and 2 need to know the PostgreSQL credentials, so one option for deploying could be deploy Chart 1 with the following parameters: - -``` -postgresql.postgresqlPassword=testtest -subchart1.postgresql.postgresqlPassword=testtest -subchart2.postgresql.postgresqlPassword=testtest -postgresql.postgresqlDatabase=db1 -subchart1.postgresql.postgresqlDatabase=db1 -subchart2.postgresql.postgresqlDatabase=db1 -``` - -If the number of dependent sub-charts increases, installing the chart with parameters can become increasingly difficult. An alternative would be to set the credentials using global variables as follows: - -``` -global.postgresql.postgresqlPassword=testtest -global.postgresql.postgresqlDatabase=db1 -``` - -This way, the credentials will be available in all of the subcharts. - -## Persistence - -The [Bitnami PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) image stores the PostgreSQL data and configurations at the `/bitnami/postgresql` path of the container. - -Persistent Volume Claims are used to keep the data across deployments. This is known to work in GCE, AWS, and minikube. -See the [Parameters](#parameters) section to configure the PVC or to disable persistence. - -If you already have data in it, you will fail to sync to standby nodes for all commits, details can refer to [code](https://github.com/bitnami/bitnami-docker-postgresql/blob/8725fe1d7d30ebe8d9a16e9175d05f7ad9260c93/9.6/debian-9/rootfs/libpostgresql.sh#L518-L556). If you need to use those data, please covert them to sql and import after `helm install` finished. - -## NetworkPolicy - -To enable network policy for PostgreSQL, install [a networking plugin that implements the Kubernetes NetworkPolicy spec](https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy#before-you-begin), and set `networkPolicy.enabled` to `true`. - -For Kubernetes v1.5 & v1.6, you must also turn on NetworkPolicy by setting the DefaultDeny namespace annotation. Note: this will enforce policy for _all_ pods in the namespace: - -```console -$ kubectl annotate namespace default "net.beta.kubernetes.io/network-policy={\"ingress\":{\"isolation\":\"DefaultDeny\"}}" -``` - -With NetworkPolicy enabled, traffic will be limited to just port 5432. - -For more precise policy, set `networkPolicy.allowExternal=false`. This will only allow pods with the generated client label to connect to PostgreSQL. -This label will be displayed in the output of a successful install. - -## Differences between Bitnami PostgreSQL image and [Docker Official](https://hub.docker.com/_/postgres) image - -- The Docker Official PostgreSQL image does not support replication. If you pass any replication environment variable, this would be ignored. The only environment variables supported by the Docker Official image are POSTGRES_USER, POSTGRES_DB, POSTGRES_PASSWORD, POSTGRES_INITDB_ARGS, POSTGRES_INITDB_WALDIR and PGDATA. All the remaining environment variables are specific to the Bitnami PostgreSQL image. -- The Bitnami PostgreSQL image is non-root by default. This requires that you run the pod with `securityContext` and updates the permissions of the volume with an `initContainer`. A key benefit of this configuration is that the pod follows security best practices and is prepared to run on Kubernetes distributions with hard security constraints like OpenShift. -- For OpenShift, one may either define the runAsUser and fsGroup accordingly, or try this more dynamic option: volumePermissions.securityContext.runAsUser="auto",securityContext.enabled=false,shmVolume.chmod.enabled=false - -### Deploy chart using Docker Official PostgreSQL Image - -From chart version 4.0.0, it is possible to use this chart with the Docker Official PostgreSQL image. -Besides specifying the new Docker repository and tag, it is important to modify the PostgreSQL data directory and volume mount point. Basically, the PostgreSQL data dir cannot be the mount point directly, it has to be a subdirectory. - -``` -image.repository=postgres -image.tag=10.6 -postgresqlDataDir=/data/pgdata -persistence.mountPath=/data/ -``` - -## Upgrade - -It's necessary to specify the existing passwords while performing an upgrade to ensure the secrets are not updated with invalid randomly generated passwords. Remember to specify the existing values of the `postgresqlPassword` and `replication.password` parameters when upgrading the chart: - -```bash -$ helm upgrade my-release stable/postgresql \ - --set postgresqlPassword=[POSTGRESQL_PASSWORD] \ - --set replication.password=[REPLICATION_PASSWORD] -``` - -> Note: you need to substitute the placeholders _[POSTGRESQL_PASSWORD]_, and _[REPLICATION_PASSWORD]_ with the values obtained from instructions in the installation notes. - -## 9.0.0 - -In this version the chart was adapted to follow the Helm label best practices, see [PR 3021](https://github.com/bitnami/charts/pull/3021). That means the backward compatibility is not guarantee when upgrading the chart to this major version. - -As a workaround, you can delete the existing statefulset (using the `--cascade=false` flag pods are not deleted) before upgrade the chart. For example, this can be a valid workflow: - -- Deploy an old version (8.X.X) -```console -$ helm install postgresql bitnami/postgresql --version 8.10.14 -``` - -- Old version is up and running -```console -$ helm ls -NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION -postgresql default 1 2020-08-04 13:39:54.783480286 +0000 UTC deployed postgresql-8.10.14 11.8.0 - -$ kubectl get pods -NAME READY STATUS RESTARTS AGE -postgresql-postgresql-0 1/1 Running 0 76s -``` - -- The upgrade to the latest one (9.X.X) is going to fail -```console -$ helm upgrade postgresql bitnami/postgresql -Error: UPGRADE FAILED: cannot patch "postgresql-postgresql" with kind StatefulSet: StatefulSet.apps "postgresql-postgresql" is invalid: spec: Forbidden: updates to statefulset spec for fields other than 'replicas', 'template', and 'updateStrategy' are forbidden -``` - -- Delete the statefulset -```console -$ kubectl delete statefulsets.apps --cascade=false postgresql-postgresql -statefulset.apps "postgresql-postgresql" deleted -``` - -- Now the upgrade works -```cosnole -$ helm upgrade postgresql bitnami/postgresql -$ helm ls -NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION -postgresql default 3 2020-08-04 13:42:08.020385884 +0000 UTC deployed postgresql-9.1.2 11.8.0 -``` - -- We can kill the existing pod and the new statefulset is going to create a new one: -```console -$ kubectl delete pod postgresql-postgresql-0 -pod "postgresql-postgresql-0" deleted - -$ kubectl get pods -NAME READY STATUS RESTARTS AGE -postgresql-postgresql-0 1/1 Running 0 19s -``` - -Please, note that without the `--cascade=false` both objects (statefulset and pod) are going to be removed and both objects will be deployed again with the `helm upgrade` command - -## 8.0.0 - -Prefixes the port names with their protocols to comply with Istio conventions. - -If you depend on the port names in your setup, make sure to update them to reflect this change. - -## 7.1.0 - -Adds support for LDAP configuration. - -## 7.0.0 - -Helm performs a lookup for the object based on its group (apps), version (v1), and kind (Deployment). Also known as its GroupVersionKind, or GVK. Changing the GVK is considered a compatibility breaker from Kubernetes' point of view, so you cannot "upgrade" those objects to the new GVK in-place. Earlier versions of Helm 3 did not perform the lookup correctly which has since been fixed to match the spec. - -In https://github.com/helm/charts/pull/17281 the `apiVersion` of the statefulset resources was updated to `apps/v1` in tune with the api's deprecated, resulting in compatibility breakage. - -This major version bump signifies this change. - -## 6.5.7 - -In this version, the chart will use PostgreSQL with the Postgis extension included. The version used with Postgresql version 10, 11 and 12 is Postgis 2.5. It has been compiled with the following dependencies: - -- protobuf -- protobuf-c -- json-c -- geos -- proj - -## 5.0.0 - -In this version, the **chart is using PostgreSQL 11 instead of PostgreSQL 10**. You can find the main difference and notable changes in the following links: [https://www.postgresql.org/about/news/1894/](https://www.postgresql.org/about/news/1894/) and [https://www.postgresql.org/about/featurematrix/](https://www.postgresql.org/about/featurematrix/). - -For major releases of PostgreSQL, the internal data storage format is subject to change, thus complicating upgrades, you can see some errors like the following one in the logs: - -```console -Welcome to the Bitnami postgresql container -Subscribe to project updates by watching https://github.com/bitnami/bitnami-docker-postgresql -Submit issues and feature requests at https://github.com/bitnami/bitnami-docker-postgresql/issues -Send us your feedback at containers@bitnami.com - -INFO ==> ** Starting PostgreSQL setup ** -NFO ==> Validating settings in POSTGRESQL_* env vars.. -INFO ==> Initializing PostgreSQL database... -INFO ==> postgresql.conf file not detected. Generating it... -INFO ==> pg_hba.conf file not detected. Generating it... -INFO ==> Deploying PostgreSQL with persisted data... -INFO ==> Configuring replication parameters -INFO ==> Loading custom scripts... -INFO ==> Enabling remote connections -INFO ==> Stopping PostgreSQL... -INFO ==> ** PostgreSQL setup finished! ** - -INFO ==> ** Starting PostgreSQL ** - [1] FATAL: database files are incompatible with server - [1] DETAIL: The data directory was initialized by PostgreSQL version 10, which is not compatible with this version 11.3. -``` - -In this case, you should migrate the data from the old chart to the new one following an approach similar to that described in [this section](https://www.postgresql.org/docs/current/upgrading.html#UPGRADING-VIA-PGDUMPALL) from the official documentation. Basically, create a database dump in the old chart, move and restore it in the new one. - -### 4.0.0 - -This chart will use by default the Bitnami PostgreSQL container starting from version `10.7.0-r68`. This version moves the initialization logic from node.js to bash. This new version of the chart requires setting the `POSTGRES_PASSWORD` in the slaves as well, in order to properly configure the `pg_hba.conf` file. Users from previous versions of the chart are advised to upgrade immediately. - -IMPORTANT: If you do not want to upgrade the chart version then make sure you use the `10.7.0-r68` version of the container. Otherwise, you will get this error - -``` -The POSTGRESQL_PASSWORD environment variable is empty or not set. Set the environment variable ALLOW_EMPTY_PASSWORD=yes to allow the container to be started with blank passwords. This is recommended only for development -``` - -### 3.0.0 - -This releases make it possible to specify different nodeSelector, affinity and tolerations for master and slave pods. -It also fixes an issue with `postgresql.master.fullname` helper template not obeying fullnameOverride. - -#### Breaking changes - -- `affinty` has been renamed to `master.affinity` and `slave.affinity`. -- `tolerations` has been renamed to `master.tolerations` and `slave.tolerations`. -- `nodeSelector` has been renamed to `master.nodeSelector` and `slave.nodeSelector`. - -### 2.0.0 - -In order to upgrade from the `0.X.X` branch to `1.X.X`, you should follow the below steps: - - - Obtain the service name (`SERVICE_NAME`) and password (`OLD_PASSWORD`) of the existing postgresql chart. You can find the instructions to obtain the password in the NOTES.txt, the service name can be obtained by running - -```console -$ kubectl get svc -``` - -- Install (not upgrade) the new version - -```console -$ helm repo update -$ helm install my-release bitnami/postgresql -``` - -- Connect to the new pod (you can obtain the name by running `kubectl get pods`): - -```console -$ kubectl exec -it NAME bash -``` - -- Once logged in, create a dump file from the previous database using `pg_dump`, for that we should connect to the previous postgresql chart: - -```console -$ pg_dump -h SERVICE_NAME -U postgres DATABASE_NAME > /tmp/backup.sql -``` - -After run above command you should be prompted for a password, this password is the previous chart password (`OLD_PASSWORD`). -This operation could take some time depending on the database size. - -- Once you have the backup file, you can restore it with a command like the one below: - -```console -$ psql -U postgres DATABASE_NAME < /tmp/backup.sql -``` - -In this case, you are accessing to the local postgresql, so the password should be the new one (you can find it in NOTES.txt). - -If you want to restore the database and the database schema does not exist, it is necessary to first follow the steps described below. - -```console -$ psql -U postgres -postgres=# drop database DATABASE_NAME; -postgres=# create database DATABASE_NAME; -postgres=# create user USER_NAME; -postgres=# alter role USER_NAME with password 'BITNAMI_USER_PASSWORD'; -postgres=# grant all privileges on database DATABASE_NAME to USER_NAME; -postgres=# alter database DATABASE_NAME owner to USER_NAME; -``` diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/.helmignore b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/.helmignore deleted file mode 100755 index 50af03172..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/Chart.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/Chart.yaml deleted file mode 100755 index e6bac7873..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/Chart.yaml +++ /dev/null @@ -1,20 +0,0 @@ -annotations: - category: Infrastructure -apiVersion: v1 -appVersion: 0.6.2 -description: A Library Helm Chart for grouping common logic between bitnami charts. This chart is not deployable by itself. -home: http://www.bitnami.com/ -icon: https://bitnami.com/downloads/logos/bitnami-mark.png -keywords: -- common -- helper -- template -- function -- bitnami -maintainers: -- email: containers@bitnami.com - name: Bitnami -name: common -sources: -- https://github.com/bitnami/charts -version: 0.6.2 diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/README.md b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/README.md deleted file mode 100755 index e04391a3f..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/README.md +++ /dev/null @@ -1,274 +0,0 @@ -# Bitnami Common Library Chart - -A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between bitnami charts. - -## TL;DR - -```yaml -dependencies: - - name: common - version: 0.x.x - repository: https://charts.bitnami.com/bitnami -``` - -```bash -$ helm dependency update -``` - -```yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.names.fullname" . }} -data: - myvalue: "Hello World" -``` - -## Introduction - -This chart provides a common template helpers which can be used to develop new charts using [Helm](https://helm.sh) package manager. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This Helm chart has been tested on top of [Bitnami Kubernetes Production Runtime](https://kubeprod.io/) (BKPR). Deploy BKPR to get automated TLS certificates, logging and monitoring for your applications. - -## Prerequisites - -- Kubernetes 1.12+ -- Helm 2.12+ or Helm 3.0-beta3+ - -## Parameters - -The following table lists the helpers available in the library which are scoped in different sections. - -**Names** - -| Helper identifier | Description | Expected Input | -|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.names.name` | Expand the name of the chart or use `.Values.nameOverride` | `.` Chart context | -| `common.names.fullname` | Create a default fully qualified app name. | `.` Chart context | -| `common.names.chart` | Chart name plus version | `.` Chart context | - -**Images** - -| Helper identifier | Description | Expected Input | -|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.images.image` | Return the proper and full image name | `dict "imageRoot" .Values.path.to.the.image "global" $`, see [ImageRoot](#imageroot) for the structure. | -| `common.images.pullSecrets` | Return the proper Docker Image Registry Secret Names | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global` | - -**Labels** - -| Helper identifier | Description | Expected Input | -|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.labels.standard` | Return Kubernetes standard labels | `.` Chart context | -| `common.labels.matchLabels` | Return the proper Docker Image Registry Secret Names | `.` Chart context | - -**Storage** - -| Helper identifier | Description | Expected Input | -|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.storage.class` | Return the proper Storage Class | `dict "persistence" .Values.path.to.the.persistence "global" $`, see [Persistence](#persistence) for the structure. | - -**TplValues** - -| Helper identifier | Description | Expected Input | -|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.tplvalues.render` | Renders a value that contains template | `dict "value" .Values.path.to.the.Value "context" $`, value is the value should rendered as template, context frecuently is the chart context `$` or `.` | - -**Capabilities** - -| Helper identifier | Description | Expected Input | -|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.capabilities.deployment.apiVersion` | Return the appropriate apiVersion for deployment. | `.` Chart context | -| `common.capabilities.ingress.apiVersion` | Return the appropriate apiVersion for ingress. | `.` Chart context | - -**Validations** - -| Helper identifier | Description | Expected Input | -|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.validations.values.single.empty` | Validate a value must not be empty. | `dict "valueKey" "path.to.value" "secret" "secret.name" "field" "my-password" "context" $` secret and field are optional. In case they are given, the helper will generate a how to get instruction. See [ValidateValue](#validatevalue) | -| `common.validations.values.multiple.empty` | Validate a multiple values must not be empty. It returns a shared error for all the values. | `dict "required" (list $validateValueConf00 $validateValueConf01) "context" $`. See [ValidateValue](#validatevalue) | -| `common.validations.values.mariadb.passwords` | When a chart is using `bitnami/mariadb` as subchart you should use this to validate required password are not empty. It returns a shared error for all the values. | `dict "secret" "mariadb-secret" "context" $` | -| `common.validations.values.postgresql.passwords` | This helper will ensure required password are not empty. It returns a shared error for all the values. | `dict "secret" "postgresql-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use postgresql chart and the helper. | - -**Warnings** - -| Helper identifier | Description | Expected Input | -|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.warnings.rollingTag` | Warning about using rolling tag. | `ImageRoot` see [ImageRoot](#imageroot) for the structure. | - -**Errors** - -| Helper identifier | Description | Expected Input | -|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.errors.upgrade.passwords.empty` | It will ensure required passwords are given when we are upgrading a chart. If `validationErrors` is not empty it will throw an error and will stop the upgrade action. | `dict "validationErrors" (list $validationError00 $validationError01) "context" $` | - -**Utils** - -| Helper identifier | Description | Expected Input | -|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.utils.fieldToEnvVar` | Build environment variable name given a field. | `dict "field" "my-password"` | -| `common.utils.secret.getvalue` | Print instructions to get a secret value. | `dict "secret" "secret-name" "field" "secret-value-field" "context" $` | - -**Secrets** - -| Helper identifier | Description | Expected Input | -|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.secrets.name` | Generate the name of the secret. | `dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $` see [ExistingSecret](#existingsecret) for the structure. | -| `common.secrets.key` | Generate secret key. | `dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName"` see [ExistingSecret](#existingsecret) for the structure. | - -## Special input schemas - -### ImageRoot - -```yaml -registry: - type: string - description: Docker registry where the image is located - example: docker.io - -repository: - type: string - description: Repository and image name - example: bitnami/nginx - -tag: - type: string - description: image tag - example: 1.16.1-debian-10-r63 - -pullPolicy: - type: string - description: Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - -pullSecrets: - type: array - items: - type: string - description: Optionally specify an array of imagePullSecrets. - -debug: - type: boolean - description: Set to true if you would like to see extra information on logs - example: false - -## An instance would be: -# registry: docker.io -# repository: bitnami/nginx -# tag: 1.16.1-debian-10-r63 -# pullPolicy: IfNotPresent -# debug: false -``` - -### Persistence - -```yaml -enabled: - type: boolean - description: Whether enable persistence. - example: true - -storageClass: - type: string - description: Ghost data Persistent Volume Storage Class, If set to "-", storageClassName: "" which disables dynamic provisioning. - example: "-" - -accessMode: - type: string - description: Access mode for the Persistent Volume Storage. - example: ReadWriteOnce - -size: - type: string - description: Size the Persistent Volume Storage. - example: 8Gi - -path: - type: string - description: Path to be persisted. - example: /bitnami - -## An instance would be: -# enabled: true -# storageClass: "-" -# accessMode: ReadWriteOnce -# size: 8Gi -# path: /bitnami -``` - -### ExistingSecret -```yaml -name: - type: string - description: Name of the existing secret. - example: mySecret -keyMapping: - description: Mapping between the expected key name and the name of the key in the existing secret. - type: object - -## An instance would be: -# name: mySecret -# keyMapping: -# password: myPasswordKey -``` - -**Example of use** - -When we store sensitive data for a deployment in a secret, some times we want to give to users the possiblity of using theirs existing secrets. - -```yaml -# templates/secret.yaml ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.names.fullname" . }} - labels: - app: {{ include "common.names.fullname" . }} -type: Opaque -data: - password: {{ .Values.password | b64enc | quote }} - -# templates/dpl.yaml ---- -... - env: - - name: PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.secrets.name" (dict "existingSecret" .Values.existingSecret "context" $) }} - key: {{ include "common.secrets.key" (dict "existingSecret" .Values.existingSecret "key" "password") }} -... - -# values.yaml ---- -name: mySecret -keyMapping: - password: myPasswordKey -``` - -### ValidateValue - -**NOTES.txt** - -``` -{{- $validateValueConf00 := (dict "valueKey" "path.to.value00" "secret" "secretName" "field" "password-00") -}} -{{- $validateValueConf01 := (dict "valueKey" "path.to.value01" "secret" "secretName" "field" "password-01") -}} - -{{ include "common.validations.values.multiple.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} -``` - -If we force those values to be empty we will see some alerts - -```console -$ helm install test mychart --set path.to.value00="",path.to.value01="" - 'path.to.value00' must not be empty, please add '--set path.to.value00=$PASSWORD_00' to the command. To get the current value: - - export PASSWORD_00=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-00}" | base64 --decode) - - 'path.to.value01' must not be empty, please add '--set path.to.value01=$PASSWORD_01' to the command. To get the current value: - - export PASSWORD_01=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-01}" | base64 --decode) -``` - -## Notable changes - -N/A diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_capabilities.tpl b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_capabilities.tpl deleted file mode 100755 index c0ea2c70c..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_capabilities.tpl +++ /dev/null @@ -1,22 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Return the appropriate apiVersion for deployment. -*/}} -{{- define "common.capabilities.deployment.apiVersion" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for ingress. -*/}} -{{- define "common.capabilities.ingress.apiVersion" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1beta1" -}} -{{- end -}} -{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_errors.tpl b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_errors.tpl deleted file mode 100755 index d6d3ec65a..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_errors.tpl +++ /dev/null @@ -1,20 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Through error when upgrading using empty passwords values that must not be empty. - -Usage: -{{- $validationError00 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password00" "secret" "secretName" "field" "password-00") -}} -{{- $validationError01 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password01" "secret" "secretName" "field" "password-01") -}} -{{ include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $validationError00 $validationError01) "context" $) }} - -Required password params: - - validationErrors - String - Required. List of validation strings to be return, if it is empty it won't throw error. - - context - Context - Required. Parent context. -*/}} -{{- define "common.errors.upgrade.passwords.empty" -}} - {{- $validationErrors := join "" .validationErrors -}} - {{- if and $validationErrors .context.Release.IsUpgrade -}} - {{- $errorString := "\nPASSWORDS ERROR: you must provide your current passwords when upgrade the release%s" -}} - {{- printf $errorString $validationErrors | fail -}} - {{- end -}} -{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_images.tpl b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_images.tpl deleted file mode 100755 index aafde9f3b..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_images.tpl +++ /dev/null @@ -1,43 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Return the proper image name -{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" $) }} -*/}} -{{- define "common.images.image" -}} -{{- $registryName := .imageRoot.registry -}} -{{- $repositoryName := .imageRoot.repository -}} -{{- $tag := .imageRoot.tag | toString -}} -{{- if .global }} - {{- if .global.imageRegistry }} - {{- $registryName = .global.imageRegistry -}} - {{- end -}} -{{- end -}} -{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -{{ include "common.images.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global) }} -*/}} -{{- define "common.images.pullSecrets" -}} - {{- $pullSecrets := list }} - - {{- if .global }} - {{- range .global.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets . -}} - {{- end -}} - {{- end -}} - - {{- range .images -}} - {{- range .pullSecrets -}} - {{- $pullSecrets = append $pullSecrets . -}} - {{- end -}} - {{- end -}} - - {{- if (not (empty $pullSecrets)) }} -imagePullSecrets: - {{- range $pullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} -{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_labels.tpl b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_labels.tpl deleted file mode 100755 index 252066c7e..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_labels.tpl +++ /dev/null @@ -1,18 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Kubernetes standard labels -*/}} -{{- define "common.labels.standard" -}} -app.kubernetes.io/name: {{ include "common.names.name" . }} -helm.sh/chart: {{ include "common.names.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} - -{{/* -Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector -*/}} -{{- define "common.labels.matchLabels" -}} -app.kubernetes.io/name: {{ include "common.names.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_names.tpl b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_names.tpl deleted file mode 100755 index adf2a74f4..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_names.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "common.names.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "common.names.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "common.names.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_secrets.tpl b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_secrets.tpl deleted file mode 100755 index d6165a294..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_secrets.tpl +++ /dev/null @@ -1,49 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Generate secret name. - -Usage: -{{ include "common.secrets.name" (dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $) }} - -Params: - - existingSecret - ExistingSecret - Optional. The path to the existing secrets in the values.yaml given by the user - to be used istead of the default one. +info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret - - defaultNameSuffix - String - Optional. It is used only if we have several secrets in the same deployment. - - context - Dict - Required. The context for the template evaluation. -*/}} -{{- define "common.secrets.name" -}} -{{- $name := (include "common.names.fullname" .context) -}} - -{{- if .defaultNameSuffix -}} -{{- $name = cat $name .defaultNameSuffix -}} -{{- end -}} - -{{- with .existingSecret -}} -{{- $name = .name -}} -{{- end -}} - -{{- printf "%s" $name -}} -{{- end -}} - -{{/* -Generate secret key. - -Usage: -{{ include "common.secrets.key" (dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName") }} - -Params: - - existingSecret - ExistingSecret - Optional. The path to the existing secrets in the values.yaml given by the user - to be used istead of the default one. +info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret - - key - String - Required. Name of the key in the secret. -*/}} -{{- define "common.secrets.key" -}} -{{- $key := .key -}} - -{{- if .existingSecret -}} - {{- if .existingSecret.keyMapping -}} - {{- $key = index .existingSecret.keyMapping $.key -}} - {{- end -}} -{{- end -}} - -{{- printf "%s" $key -}} -{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_storage.tpl b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_storage.tpl deleted file mode 100755 index 60e2a844f..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_storage.tpl +++ /dev/null @@ -1,23 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Return the proper Storage Class -{{ include "common.storage.class" ( dict "persistence" .Values.path.to.the.persistence "global" $) }} -*/}} -{{- define "common.storage.class" -}} - -{{- $storageClass := .persistence.storageClass -}} -{{- if .global -}} - {{- if .global.storageClass -}} - {{- $storageClass = .global.storageClass -}} - {{- end -}} -{{- end -}} - -{{- if $storageClass -}} - {{- if (eq "-" $storageClass) -}} - {{- printf "storageClassName: \"\"" -}} - {{- else }} - {{- printf "storageClassName: %s" $storageClass -}} - {{- end -}} -{{- end -}} - -{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_tplvalues.tpl b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_tplvalues.tpl deleted file mode 100755 index 2db166851..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_tplvalues.tpl +++ /dev/null @@ -1,13 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Renders a value that contains template. -Usage: -{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $) }} -*/}} -{{- define "common.tplvalues.render" -}} - {{- if typeIs "string" .value }} - {{- tpl .value .context }} - {{- else }} - {{- tpl (.value | toYaml) .context }} - {{- end }} -{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_utils.tpl b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_utils.tpl deleted file mode 100755 index 7d02f2ef6..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_utils.tpl +++ /dev/null @@ -1,26 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Print instructions to get a secret value. -Usage: -{{ include "common.utils.secret.getvalue" (dict "secret" "secret-name" "field" "secret-value-field" "context" $) }} -*/}} -{{- define "common.utils.secret.getvalue" -}} -{{- $varname := include "common.utils.fieldToEnvVar" . -}} -export {{ $varname }}=$(kubectl get secret --namespace {{ .context.Release.Namespace }} {{ .secret }} -o jsonpath="{.data.{{ .field }}}" | base64 --decode) -{{- end -}} - -{{/* -Build env var name given a field -Usage: -{{ include "common.utils.fieldToEnvVar" dict "field" "my-password" }} -*/}} -{{- define "common.utils.fieldToEnvVar" -}} - {{- $fieldNameSplit := splitList "-" .field -}} - {{- $upperCaseFieldNameSplit := list -}} - - {{- range $fieldNameSplit -}} - {{- $upperCaseFieldNameSplit = append $upperCaseFieldNameSplit ( upper . ) -}} - {{- end -}} - - {{ join "_" $upperCaseFieldNameSplit }} -{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_validations.tpl b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_validations.tpl deleted file mode 100755 index 62635b30e..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_validations.tpl +++ /dev/null @@ -1,219 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Validate values must not be empty. - -Usage: -{{- $validateValueConf00 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-00") -}} -{{- $validateValueConf01 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-01") -}} -{{ include "common.validations.values.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} - -Validate value params: - - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" - - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" - - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" -*/}} -{{- define "common.validations.values.multiple.empty" -}} - {{- range .required -}} - {{- include "common.validations.values.single.empty" (dict "valueKey" .valueKey "secret" .secret "field" .field "context" $.context) -}} - {{- end -}} -{{- end -}} - - -{{/* -Validate a value must not be empty. - -Usage: -{{ include "common.validations.value.empty" (dict "valueKey" "mariadb.password" "secret" "secretName" "field" "my-password" "context" $) }} - -Validate value params: - - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" - - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" - - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" -*/}} -{{- define "common.validations.values.single.empty" -}} - {{- $valueKeyArray := splitList "." .valueKey -}} - {{- $value := "" -}} - {{- $latestObj := $.context.Values -}} - {{- range $valueKeyArray -}} - {{- if not $latestObj -}} - {{- printf "please review the entire path of '%s' exists in values" $.valueKey | fail -}} - {{- end -}} - - {{- $value = ( index $latestObj . ) -}} - {{- $latestObj = $value -}} - {{- end -}} - - {{- if not $value -}} - {{- $varname := "my-value" -}} - {{- $getCurrentValue := "" -}} - {{- if and .secret .field -}} - {{- $varname = include "common.utils.fieldToEnvVar" . -}} - {{- $getCurrentValue = printf " To get the current value:\n\n %s\n" (include "common.utils.secret.getvalue" .) -}} - {{- end -}} - - {{- printf "\n '%s' must not be empty, please add '--set %s=$%s' to the command.%s" .valueKey .valueKey $varname $getCurrentValue -}} - {{- end -}} -{{- end -}} - -{{/* -Validate a mariadb required password must not be empty. - -Usage: -{{ include "common.validations.values.mariadb.passwords" (dict "secret" "secretName" "context" $) }} - -Validate value params: - - secret - String - Required. Name of the secret where mysql values are stored, e.g: "mysql-passwords-secret" -*/}} -{{- define "common.validations.values.mariadb.passwords" -}} - {{- if and (not .context.Values.mariadb.existingSecret) .context.Values.mariadb.enabled -}} - {{- $requiredPasswords := list -}} - - {{- if .context.Values.mariadb.secret.requirePasswords -}} - {{- $requiredRootMariadbPassword := dict "valueKey" "mariadb.rootUser.password" "secret" .secretName "field" "mariadb-root-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRootMariadbPassword -}} - - {{- if not (empty .context.Values.mariadb.db.user) -}} - {{- $requiredMariadbPassword := dict "valueKey" "mariadb.db.password" "secret" .secretName "field" "mariadb-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredMariadbPassword -}} - {{- end -}} - - {{- if .context.Values.mariadb.replication.enabled -}} - {{- $requiredReplicationPassword := dict "valueKey" "mariadb.replication.password" "secret" .secretName "field" "mariadb-replication-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - {{- end -}} - {{- end -}} -{{- end -}} - -{{/* -Validate a postgresql required password must not be empty. - -Usage: -{{ include "common.validations.values.postgresql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where postgresql values are stored, e.g: "mysql-passwords-secret" - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.postgresql.passwords" -}} - {{- $existingSecret := include "common.postgresql.values.existingSecret" . -}} - {{- $enabled := include "common.postgresql.values.enabled" . -}} - {{- $valueKeyPostgresqlPassword := include "common.postgresql.values.key.postgressPassword" . -}} - {{- $enabledReplication := include "common.postgresql.values.enabled.replication" . -}} - {{- $valueKeyPostgresqlReplicationEnabled := include "common.postgresql.values.key.replicationPassword" . -}} - - {{- if and (not $existingSecret) $enabled -}} - {{- $requiredPasswords := list -}} - - {{- $requiredPostgresqlPassword := dict "valueKey" $valueKeyPostgresqlPassword "secret" .secret "field" "postgresql-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlPassword -}} - - {{- if $enabledReplication -}} - {{- $requiredPostgresqlReplicationPassword := dict "valueKey" $valueKeyPostgresqlReplicationEnabled "secret" .secret "field" "postgresql-replication-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlReplicationPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliar function to decide whether evaluate global values. - -Usage: -{{ include "common.postgresql.values.use.global" (dict "key" "key-of-global" "context" $) }} -Params: - - key - String - Required. Field to be evaluated within global, e.g: "existingSecret" -*/}} -{{- define "common.postgresql.values.use.global" -}} - {{- if .context.Values.global -}} - {{- if .context.Values.global.postgresql -}} - {{- index .context.Values.global.postgresql .key | quote -}} - {{- end -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliar function to get the right value for existingSecret. - -Usage: -{{ include "common.postgresql.values.existingSecret" (dict "context" $) }} -*/}} -{{- define "common.postgresql.values.existingSecret" -}} - {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "existingSecret" "context" .context) -}} - - {{- if .subchart -}} - {{- default (.context.Values.postgresql.existingSecret | quote) $globalValue -}} - {{- else -}} - {{- default (.context.Values.existingSecret | quote) $globalValue -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliar function to get the right value for enabled postgresql. - -Usage: -{{ include "common.postgresql.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.postgresql.values.enabled" -}} - {{- if .subchart -}} - {{- .context.Values.postgresql.enabled | quote -}} - {{- else -}} - true - {{- end -}} -{{- end -}} - -{{/* -Auxiliar function to get the right value for the key postgressPassword. - -Usage: -{{ include "common.postgresql.values.key.postgressPassword" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.postgresql.values.key.postgressPassword" -}} - {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "postgresqlUsername" "context" .context) -}} - - {{- if not $globalValue -}} - {{- if .subchart -}} - postgresql.postgresqlPassword - {{- else -}} - postgresqlPassword - {{- end -}} - {{- else -}} - global.postgresql.postgresqlPassword - {{- end -}} -{{- end -}} - -{{/* -Auxiliar function to get the right value for enabled.replication. - -Usage: -{{ include "common.postgresql.values.enabled.replication" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.postgresql.values.enabled.replication" -}} - {{- if .subchart -}} - {{- .context.Values.postgresql.replication.enabled | quote -}} - {{- else -}} - {{- .context.Values.replication.enabled | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliar function to get the right value for the key replication.password. - -Usage: -{{ include "common.postgresql.values.key.replicationPassword" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.postgresql.values.key.replicationPassword" -}} - {{- if .subchart -}} - postgresql.replication.password - {{- else -}} - replication.password - {{- end -}} -{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_warnings.tpl b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_warnings.tpl deleted file mode 100755 index ae10fa41e..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_warnings.tpl +++ /dev/null @@ -1,14 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Warning about using rolling tag. -Usage: -{{ include "common.warnings.rollingTag" .Values.path.to.the.imageRoot }} -*/}} -{{- define "common.warnings.rollingTag" -}} - -{{- if and (contains "bitnami/" .repository) (not (.tag | toString | regexFind "-r\\d+$|sha256:")) }} -WARNING: Rolling tag detected ({{ .repository }}:{{ .tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment. -+info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/ -{{- end }} - -{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/values.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/values.yaml deleted file mode 100755 index 9ecdc93f5..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/values.yaml +++ /dev/null @@ -1,3 +0,0 @@ -## bitnami/common -## It is required by CI/CD tools and processes. -exampleValue: common-chart diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/ci/commonAnnotations.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/ci/commonAnnotations.yaml deleted file mode 100755 index f6977823c..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/ci/commonAnnotations.yaml +++ /dev/null @@ -1,3 +0,0 @@ -commonAnnotations: - helm.sh/hook: 'pre-install, pre-upgrade' - helm.sh/hook-weight: '-1' diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/ci/default-values.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/ci/default-values.yaml deleted file mode 100755 index fc2ba605a..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/ci/default-values.yaml +++ /dev/null @@ -1 +0,0 @@ -# Leave this file empty to ensure that CI runs builds against the default configuration in values.yaml. diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/ci/shmvolume-disabled-values.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/ci/shmvolume-disabled-values.yaml deleted file mode 100755 index 347d3b40a..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/ci/shmvolume-disabled-values.yaml +++ /dev/null @@ -1,2 +0,0 @@ -shmVolume: - enabled: false diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/files/README.md b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/files/README.md deleted file mode 100755 index 1813a2fea..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/files/README.md +++ /dev/null @@ -1 +0,0 @@ -Copy here your postgresql.conf and/or pg_hba.conf files to use it as a config map. diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/files/conf.d/README.md b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/files/conf.d/README.md deleted file mode 100755 index 184c1875d..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/files/conf.d/README.md +++ /dev/null @@ -1,4 +0,0 @@ -If you don't want to provide the whole configuration file and only specify certain parameters, you can copy here your extended `.conf` files. -These files will be injected as a config maps and add/overwrite the default configuration using the `include_dir` directive that allows settings to be loaded from files other than the default `postgresql.conf`. - -More info in the [bitnami-docker-postgresql README](https://github.com/bitnami/bitnami-docker-postgresql#configuration-file). diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/files/docker-entrypoint-initdb.d/README.md b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/files/docker-entrypoint-initdb.d/README.md deleted file mode 100755 index cba38091e..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/files/docker-entrypoint-initdb.d/README.md +++ /dev/null @@ -1,3 +0,0 @@ -You can copy here your custom `.sh`, `.sql` or `.sql.gz` file so they are executed during the first boot of the image. - -More info in the [bitnami-docker-postgresql](https://github.com/bitnami/bitnami-docker-postgresql#initializing-a-new-instance) repository. \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/requirements.lock b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/requirements.lock deleted file mode 100755 index 72e1642e2..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/requirements.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: common - repository: https://charts.bitnami.com/bitnami - version: 0.6.2 -digest: sha256:740783295d301fdd168fafdbaa760de27ab54b0ff36b513589a5a2515072b885 -generated: "2020-09-01T17:40:02.795096189Z" diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/requirements.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/requirements.yaml deleted file mode 100755 index 2c28bfe14..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/requirements.yaml +++ /dev/null @@ -1,4 +0,0 @@ -dependencies: - - name: common - version: 0.x.x - repository: https://charts.bitnami.com/bitnami diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/NOTES.txt b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/NOTES.txt deleted file mode 100755 index 596e969ce..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/NOTES.txt +++ /dev/null @@ -1,59 +0,0 @@ -** Please be patient while the chart is being deployed ** - -PostgreSQL can be accessed via port {{ template "postgresql.port" . }} on the following DNS name from within your cluster: - - {{ template "postgresql.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local - Read/Write connection -{{- if .Values.replication.enabled }} - {{ template "postgresql.fullname" . }}-read.{{ .Release.Namespace }}.svc.cluster.local - Read only connection -{{- end }} - -{{- if and (not (eq .Values.postgresqlUsername "postgres")) (or .Values.postgresqlPostgresPassword (include "postgresql.useExistingSecret" .)) }} - -To get the password for "postgres" run: - - export POSTGRES_ADMIN_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "postgresql.secretName" . }} -o jsonpath="{.data.postgresql-postgres-password}" | base64 --decode) -{{- end }} - -To get the password for "{{ template "postgresql.username" . }}" run: - - export POSTGRES_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "postgresql.secretName" . }} -o jsonpath="{.data.postgresql-password}" | base64 --decode) - -To connect to your database run the following command: - - kubectl run {{ template "postgresql.fullname" . }}-client --rm --tty -i --restart='Never' --namespace {{ .Release.Namespace }} --image {{ template "postgresql.image" . }} --env="PGPASSWORD=$POSTGRES_PASSWORD" {{- if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }} - --labels="{{ template "postgresql.fullname" . }}-client=true" {{- end }} --command -- psql --host {{ template "postgresql.fullname" . }} -U {{ .Values.postgresqlUsername }} -d {{- if .Values.postgresqlDatabase }} {{ .Values.postgresqlDatabase }}{{- else }} postgres{{- end }} -p {{ template "postgresql.port" . }} - -{{ if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }} -Note: Since NetworkPolicy is enabled, only pods with label {{ template "postgresql.fullname" . }}-client=true" will be able to connect to this PostgreSQL cluster. -{{- end }} - -To connect to your database from outside the cluster execute the following commands: - -{{- if contains "NodePort" .Values.service.type }} - - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "postgresql.fullname" . }}) - {{ if (include "postgresql.password" . ) }}PGPASSWORD="$POSTGRES_PASSWORD" {{ end }}psql --host $NODE_IP --port $NODE_PORT -U {{ .Values.postgresqlUsername }} -d {{- if .Values.postgresqlDatabase }} {{ .Values.postgresqlDatabase }}{{- else }} postgres{{- end }} - -{{- else if contains "LoadBalancer" .Values.service.type }} - - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "postgresql.fullname" . }}' - - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "postgresql.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - {{ if (include "postgresql.password" . ) }}PGPASSWORD="$POSTGRES_PASSWORD" {{ end }}psql --host $SERVICE_IP --port {{ template "postgresql.port" . }} -U {{ .Values.postgresqlUsername }} -d {{- if .Values.postgresqlDatabase }} {{ .Values.postgresqlDatabase }}{{- else }} postgres{{- end }} - -{{- else if contains "ClusterIP" .Values.service.type }} - - kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "postgresql.fullname" . }} {{ template "postgresql.port" . }}:{{ template "postgresql.port" . }} & - {{ if (include "postgresql.password" . ) }}PGPASSWORD="$POSTGRES_PASSWORD" {{ end }}psql --host 127.0.0.1 -U {{ .Values.postgresqlUsername }} -d {{- if .Values.postgresqlDatabase }} {{ .Values.postgresqlDatabase }}{{- else }} postgres{{- end }} -p {{ template "postgresql.port" . }} - -{{- end }} - -{{- include "postgresql.validateValues" . -}} - -{{- include "common.warnings.rollingTag" .Values.image -}} - -{{- $passwordValidationErrors := include "common.validations.values.postgresql.passwords" (dict "secret" (include "postgresql.fullname" .) "context" $) -}} - -{{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $passwordValidationErrors) "context" $) -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/_helpers.tpl b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/_helpers.tpl deleted file mode 100755 index 68cd0dc0e..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/_helpers.tpl +++ /dev/null @@ -1,501 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "postgresql.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "postgresql.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "postgresql.master.fullname" -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- $fullname := default (printf "%s-%s" .Release.Name $name) .Values.fullnameOverride -}} -{{- if .Values.replication.enabled -}} -{{- printf "%s-%s" $fullname "master" | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s" $fullname | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for networkpolicy. -*/}} -{{- define "postgresql.networkPolicy.apiVersion" -}} -{{- if semverCompare ">=1.4-0, <1.7-0" .Capabilities.KubeVersion.GitVersion -}} -"extensions/v1beta1" -{{- else if semverCompare "^1.7-0" .Capabilities.KubeVersion.GitVersion -}} -"networking.k8s.io/v1" -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "postgresql.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Return the proper PostgreSQL image name -*/}} -{{- define "postgresql.image" -}} -{{- $registryName := .Values.image.registry -}} -{{- $repositoryName := .Values.image.repository -}} -{{- $tag := .Values.image.tag | toString -}} -{{/* -Helm 2.11 supports the assignment of a value to a variable defined in a different scope, -but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic. -Also, we can't use a single if because lazy evaluation is not an option -*/}} -{{- if .Values.global }} - {{- if .Values.global.imageRegistry }} - {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}} - {{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} - {{- end -}} -{{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} -{{- end -}} -{{- end -}} - -{{/* -Return PostgreSQL postgres user password -*/}} -{{- define "postgresql.postgres.password" -}} -{{- if .Values.global.postgresql.postgresqlPostgresPassword }} - {{- .Values.global.postgresql.postgresqlPostgresPassword -}} -{{- else if .Values.postgresqlPostgresPassword -}} - {{- .Values.postgresqlPostgresPassword -}} -{{- else -}} - {{- randAlphaNum 10 -}} -{{- end -}} -{{- end -}} - -{{/* -Return PostgreSQL password -*/}} -{{- define "postgresql.password" -}} -{{- if .Values.global.postgresql.postgresqlPassword }} - {{- .Values.global.postgresql.postgresqlPassword -}} -{{- else if .Values.postgresqlPassword -}} - {{- .Values.postgresqlPassword -}} -{{- else -}} - {{- randAlphaNum 10 -}} -{{- end -}} -{{- end -}} - -{{/* -Return PostgreSQL replication password -*/}} -{{- define "postgresql.replication.password" -}} -{{- if .Values.global.postgresql.replicationPassword }} - {{- .Values.global.postgresql.replicationPassword -}} -{{- else if .Values.replication.password -}} - {{- .Values.replication.password -}} -{{- else -}} - {{- randAlphaNum 10 -}} -{{- end -}} -{{- end -}} - -{{/* -Return PostgreSQL username -*/}} -{{- define "postgresql.username" -}} -{{- if .Values.global.postgresql.postgresqlUsername }} - {{- .Values.global.postgresql.postgresqlUsername -}} -{{- else -}} - {{- .Values.postgresqlUsername -}} -{{- end -}} -{{- end -}} - - -{{/* -Return PostgreSQL replication username -*/}} -{{- define "postgresql.replication.username" -}} -{{- if .Values.global.postgresql.replicationUser }} - {{- .Values.global.postgresql.replicationUser -}} -{{- else -}} - {{- .Values.replication.user -}} -{{- end -}} -{{- end -}} - -{{/* -Return PostgreSQL port -*/}} -{{- define "postgresql.port" -}} -{{- if .Values.global.postgresql.servicePort }} - {{- .Values.global.postgresql.servicePort -}} -{{- else -}} - {{- .Values.service.port -}} -{{- end -}} -{{- end -}} - -{{/* -Return PostgreSQL created database -*/}} -{{- define "postgresql.database" -}} -{{- if .Values.global.postgresql.postgresqlDatabase }} - {{- .Values.global.postgresql.postgresqlDatabase -}} -{{- else if .Values.postgresqlDatabase -}} - {{- .Values.postgresqlDatabase -}} -{{- end -}} -{{- end -}} - -{{/* -Return the proper image name to change the volume permissions -*/}} -{{- define "postgresql.volumePermissions.image" -}} -{{- $registryName := .Values.volumePermissions.image.registry -}} -{{- $repositoryName := .Values.volumePermissions.image.repository -}} -{{- $tag := .Values.volumePermissions.image.tag | toString -}} -{{/* -Helm 2.11 supports the assignment of a value to a variable defined in a different scope, -but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic. -Also, we can't use a single if because lazy evaluation is not an option -*/}} -{{- if .Values.global }} - {{- if .Values.global.imageRegistry }} - {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}} - {{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} - {{- end -}} -{{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} -{{- end -}} -{{- end -}} - -{{/* -Return the proper PostgreSQL metrics image name -*/}} -{{- define "postgresql.metrics.image" -}} -{{- $registryName := default "docker.io" .Values.metrics.image.registry -}} -{{- $repositoryName := .Values.metrics.image.repository -}} -{{- $tag := default "latest" .Values.metrics.image.tag | toString -}} -{{/* -Helm 2.11 supports the assignment of a value to a variable defined in a different scope, -but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic. -Also, we can't use a single if because lazy evaluation is not an option -*/}} -{{- if .Values.global }} - {{- if .Values.global.imageRegistry }} - {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}} - {{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} - {{- end -}} -{{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} -{{- end -}} -{{- end -}} - -{{/* -Get the password secret. -*/}} -{{- define "postgresql.secretName" -}} -{{- if .Values.global.postgresql.existingSecret }} - {{- printf "%s" (tpl .Values.global.postgresql.existingSecret $) -}} -{{- else if .Values.existingSecret -}} - {{- printf "%s" (tpl .Values.existingSecret $) -}} -{{- else -}} - {{- printf "%s" (include "postgresql.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if we should use an existingSecret. -*/}} -{{- define "postgresql.useExistingSecret" -}} -{{- if or .Values.global.postgresql.existingSecret .Values.existingSecret -}} - {{- true -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if a secret object should be created -*/}} -{{- define "postgresql.createSecret" -}} -{{- if not (include "postgresql.useExistingSecret" .) -}} - {{- true -}} -{{- end -}} -{{- end -}} - -{{/* -Get the configuration ConfigMap name. -*/}} -{{- define "postgresql.configurationCM" -}} -{{- if .Values.configurationConfigMap -}} -{{- printf "%s" (tpl .Values.configurationConfigMap $) -}} -{{- else -}} -{{- printf "%s-configuration" (include "postgresql.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Get the extended configuration ConfigMap name. -*/}} -{{- define "postgresql.extendedConfigurationCM" -}} -{{- if .Values.extendedConfConfigMap -}} -{{- printf "%s" (tpl .Values.extendedConfConfigMap $) -}} -{{- else -}} -{{- printf "%s-extended-configuration" (include "postgresql.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if a configmap should be mounted with PostgreSQL configuration -*/}} -{{- define "postgresql.mountConfigurationCM" -}} -{{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap }} - {{- true -}} -{{- end -}} -{{- end -}} - -{{/* -Get the initialization scripts ConfigMap name. -*/}} -{{- define "postgresql.initdbScriptsCM" -}} -{{- if .Values.initdbScriptsConfigMap -}} -{{- printf "%s" (tpl .Values.initdbScriptsConfigMap $) -}} -{{- else -}} -{{- printf "%s-init-scripts" (include "postgresql.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Get the initialization scripts Secret name. -*/}} -{{- define "postgresql.initdbScriptsSecret" -}} -{{- printf "%s" (tpl .Values.initdbScriptsSecret $) -}} -{{- end -}} - -{{/* -Get the metrics ConfigMap name. -*/}} -{{- define "postgresql.metricsCM" -}} -{{- printf "%s-metrics" (include "postgresql.fullname" .) -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "postgresql.imagePullSecrets" -}} -{{/* -Helm 2.11 supports the assignment of a value to a variable defined in a different scope, -but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic. -Also, we can not use a single if because lazy evaluation is not an option -*/}} -{{- if .Values.global }} -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- else if or .Values.image.pullSecrets .Values.metrics.image.pullSecrets .Values.volumePermissions.image.pullSecrets }} -imagePullSecrets: -{{- range .Values.image.pullSecrets }} - - name: {{ . }} -{{- end }} -{{- range .Values.metrics.image.pullSecrets }} - - name: {{ . }} -{{- end }} -{{- range .Values.volumePermissions.image.pullSecrets }} - - name: {{ . }} -{{- end }} -{{- end -}} -{{- else if or .Values.image.pullSecrets .Values.metrics.image.pullSecrets .Values.volumePermissions.image.pullSecrets }} -imagePullSecrets: -{{- range .Values.image.pullSecrets }} - - name: {{ . }} -{{- end }} -{{- range .Values.metrics.image.pullSecrets }} - - name: {{ . }} -{{- end }} -{{- range .Values.volumePermissions.image.pullSecrets }} - - name: {{ . }} -{{- end }} -{{- end -}} -{{- end -}} - -{{/* -Get the readiness probe command -*/}} -{{- define "postgresql.readinessProbeCommand" -}} -- | -{{- if (include "postgresql.database" .) }} - exec pg_isready -U {{ include "postgresql.username" . | quote }} -d "dbname={{ include "postgresql.database" . }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}{{- end }}" -h 127.0.0.1 -p {{ template "postgresql.port" . }} -{{- else }} - exec pg_isready -U {{ include "postgresql.username" . | quote }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} -d "sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}"{{- end }} -h 127.0.0.1 -p {{ template "postgresql.port" . }} -{{- end }} -{{- if contains "bitnami/" .Values.image.repository }} - [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ] -{{- end -}} -{{- end -}} - -{{/* -Return the proper Storage Class -*/}} -{{- define "postgresql.storageClass" -}} -{{/* -Helm 2.11 supports the assignment of a value to a variable defined in a different scope, -but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic. -*/}} -{{- if .Values.global -}} - {{- if .Values.global.storageClass -}} - {{- if (eq "-" .Values.global.storageClass) -}} - {{- printf "storageClassName: \"\"" -}} - {{- else }} - {{- printf "storageClassName: %s" .Values.global.storageClass -}} - {{- end -}} - {{- else -}} - {{- if .Values.persistence.storageClass -}} - {{- if (eq "-" .Values.persistence.storageClass) -}} - {{- printf "storageClassName: \"\"" -}} - {{- else }} - {{- printf "storageClassName: %s" .Values.persistence.storageClass -}} - {{- end -}} - {{- end -}} - {{- end -}} -{{- else -}} - {{- if .Values.persistence.storageClass -}} - {{- if (eq "-" .Values.persistence.storageClass) -}} - {{- printf "storageClassName: \"\"" -}} - {{- else }} - {{- printf "storageClassName: %s" .Values.persistence.storageClass -}} - {{- end -}} - {{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Renders a value that contains template. -Usage: -{{ include "postgresql.tplValue" ( dict "value" .Values.path.to.the.Value "context" $) }} -*/}} -{{- define "postgresql.tplValue" -}} - {{- if typeIs "string" .value }} - {{- tpl .value .context }} - {{- else }} - {{- tpl (.value | toYaml) .context }} - {{- end }} -{{- end -}} - -{{/* -Return the appropriate apiVersion for statefulset. -*/}} -{{- define "postgresql.statefulset.apiVersion" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "apps/v1beta2" -}} -{{- else -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Compile all warnings into a single message, and call fail. -*/}} -{{- define "postgresql.validateValues" -}} -{{- $messages := list -}} -{{- $messages := append $messages (include "postgresql.validateValues.ldapConfigurationMethod" .) -}} -{{- $messages := append $messages (include "postgresql.validateValues.psp" .) -}} -{{- $messages := append $messages (include "postgresql.validateValues.tls" .) -}} -{{- $messages := without $messages "" -}} -{{- $message := join "\n" $messages -}} - -{{- if $message -}} -{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} -{{- end -}} -{{- end -}} - -{{/* -Validate values of Postgresql - If ldap.url is used then you don't need the other settings for ldap -*/}} -{{- define "postgresql.validateValues.ldapConfigurationMethod" -}} -{{- if and .Values.ldap.enabled (and (not (empty .Values.ldap.url)) (not (empty .Values.ldap.server))) }} -postgresql: ldap.url, ldap.server - You cannot set both `ldap.url` and `ldap.server` at the same time. - Please provide a unique way to configure LDAP. - More info at https://www.postgresql.org/docs/current/auth-ldap.html -{{- end -}} -{{- end -}} - -{{/* -Validate values of Postgresql - If PSP is enabled RBAC should be enabled too -*/}} -{{- define "postgresql.validateValues.psp" -}} -{{- if and .Values.psp.create (not .Values.rbac.create) }} -postgresql: psp.create, rbac.create - RBAC should be enabled if PSP is enabled in order for PSP to work. - More info at https://kubernetes.io/docs/concepts/policy/pod-security-policy/#authorizing-policies -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for podsecuritypolicy. -*/}} -{{- define "podsecuritypolicy.apiVersion" -}} -{{- if semverCompare "<1.10-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} -{{- print "policy/v1beta1" -}} -{{- end -}} -{{- end -}} - -{{/* -Validate values of Postgresql TLS - When TLS is enabled, so must be VolumePermissions -*/}} -{{- define "postgresql.validateValues.tls" -}} -{{- if and .Values.tls.enabled (not .Values.volumePermissions.enabled) }} -postgresql: tls.enabled, volumePermissions.enabled - When TLS is enabled you must enable volumePermissions as well to ensure certificates files have - the right permissions. -{{- end -}} -{{- end -}} - -{{/* -Return the path to the cert file. -*/}} -{{- define "postgresql.tlsCert" -}} -{{- required "Certificate filename is required when TLS in enabled" .Values.tls.certFilename | printf "/opt/bitnami/postgresql/certs/%s" -}} -{{- end -}} - -{{/* -Return the path to the cert key file. -*/}} -{{- define "postgresql.tlsCertKey" -}} -{{- required "Certificate Key filename is required when TLS in enabled" .Values.tls.certKeyFilename | printf "/opt/bitnami/postgresql/certs/%s" -}} -{{- end -}} - -{{/* -Return the path to the CA cert file. -*/}} -{{- define "postgresql.tlsCACert" -}} -{{- printf "/opt/bitnami/postgresql/certs/%s" .Values.tls.certCAFilename -}} -{{- end -}} - -{{/* -Return the path to the CRL file. -*/}} -{{- define "postgresql.tlsCRL" -}} -{{- if .Values.tls.crlFilename -}} -{{- printf "/opt/bitnami/postgresql/certs/%s" .Values.tls.crlFilename -}} -{{- end -}} -{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/configmap.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/configmap.yaml deleted file mode 100755 index b29ef6040..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/configmap.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{ if and (or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration) (not .Values.configurationConfigMap) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "postgresql.fullname" . }}-configuration - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: -{{- if (.Files.Glob "files/postgresql.conf") }} -{{ (.Files.Glob "files/postgresql.conf").AsConfig | indent 2 }} -{{- else if .Values.postgresqlConfiguration }} - postgresql.conf: | -{{- range $key, $value := default dict .Values.postgresqlConfiguration }} - {{ $key | snakecase }}={{ $value }} -{{- end }} -{{- end }} -{{- if (.Files.Glob "files/pg_hba.conf") }} -{{ (.Files.Glob "files/pg_hba.conf").AsConfig | indent 2 }} -{{- else if .Values.pgHbaConfiguration }} - pg_hba.conf: | -{{ .Values.pgHbaConfiguration | indent 4 }} -{{- end }} -{{ end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/extended-config-configmap.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/extended-config-configmap.yaml deleted file mode 100755 index f21a97654..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/extended-config-configmap.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if and (or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf) (not .Values.extendedConfConfigMap)}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "postgresql.fullname" . }}-extended-configuration - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: -{{- with .Files.Glob "files/conf.d/*.conf" }} -{{ .AsConfig | indent 2 }} -{{- end }} -{{ with .Values.postgresqlExtendedConf }} - override.conf: | -{{- range $key, $value := . }} - {{ $key | snakecase }}={{ $value }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/initialization-configmap.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/initialization-configmap.yaml deleted file mode 100755 index 6637867a3..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/initialization-configmap.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if and (or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScripts) (not .Values.initdbScriptsConfigMap) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "postgresql.fullname" . }}-init-scripts - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -{{- with .Files.Glob "files/docker-entrypoint-initdb.d/*.sql.gz" }} -binaryData: -{{- range $path, $bytes := . }} - {{ base $path }}: {{ $.Files.Get $path | b64enc | quote }} -{{- end }} -{{- end }} -data: -{{- with .Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql}" }} -{{ .AsConfig | indent 2 }} -{{- end }} -{{- with .Values.initdbScripts }} -{{ toYaml . | indent 2 }} -{{- end }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/metrics-configmap.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/metrics-configmap.yaml deleted file mode 100755 index 6b7a3171e..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/metrics-configmap.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if and .Values.metrics.enabled .Values.metrics.customMetrics }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "postgresql.metricsCM" . }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: - custom-metrics.yaml: {{ toYaml .Values.metrics.customMetrics | quote }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/metrics-svc.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/metrics-svc.yaml deleted file mode 100755 index b993c9971..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/metrics-svc.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if .Values.metrics.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "postgresql.fullname" . }}-metrics - labels: - {{- include "common.labels.standard" . | nindent 4 }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- toYaml .Values.metrics.service.annotations | nindent 4 }} -spec: - type: {{ .Values.metrics.service.type }} - {{- if and (eq .Values.metrics.service.type "LoadBalancer") .Values.metrics.service.loadBalancerIP }} - loadBalancerIP: {{ .Values.metrics.service.loadBalancerIP }} - {{- end }} - ports: - - name: http-metrics - port: 9187 - targetPort: http-metrics - selector: - {{- include "common.labels.matchLabels" . | nindent 4 }} - role: master -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/networkpolicy.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/networkpolicy.yaml deleted file mode 100755 index 2a7b372fe..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/networkpolicy.yaml +++ /dev/null @@ -1,36 +0,0 @@ -{{- if .Values.networkPolicy.enabled }} -kind: NetworkPolicy -apiVersion: {{ template "postgresql.networkPolicy.apiVersion" . }} -metadata: - name: {{ template "postgresql.fullname" . }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - podSelector: - matchLabels: - {{- include "common.labels.matchLabels" . | nindent 6 }} - ingress: - # Allow inbound connections - - ports: - - port: {{ template "postgresql.port" . }} - {{- if not .Values.networkPolicy.allowExternal }} - from: - - podSelector: - matchLabels: - {{ template "postgresql.fullname" . }}-client: "true" - {{- if .Values.networkPolicy.explicitNamespacesSelector }} - namespaceSelector: -{{ toYaml .Values.networkPolicy.explicitNamespacesSelector | indent 12 }} - {{- end }} - - podSelector: - matchLabels: - {{- include "common.labels.matchLabels" . | nindent 14 }} - role: slave - {{- end }} - # Allow prometheus scrapes - - ports: - - port: 9187 -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/podsecuritypolicy.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/podsecuritypolicy.yaml deleted file mode 100755 index da0b3ab11..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/podsecuritypolicy.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{- if .Values.psp.create }} -apiVersion: {{ include "podsecuritypolicy.apiVersion" . }} -kind: PodSecurityPolicy -metadata: - name: {{ template "postgresql.fullname" . }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - privileged: false - volumes: - - 'configMap' - - 'secret' - - 'persistentVolumeClaim' - - 'emptyDir' - - 'projected' - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'MustRunAsNonRoot' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - readOnlyRootFilesystem: false -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/prometheusrule.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/prometheusrule.yaml deleted file mode 100755 index b0c41b1a4..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/prometheusrule.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ template "postgresql.fullname" . }} -{{- with .Values.metrics.prometheusRule.namespace }} - namespace: {{ . }} -{{- end }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- with .Values.metrics.prometheusRule.additionalLabels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: -{{- with .Values.metrics.prometheusRule.rules }} - groups: - - name: {{ template "postgresql.name" $ }} - rules: {{ tpl (toYaml .) $ | nindent 8 }} -{{- end }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/role.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/role.yaml deleted file mode 100755 index 6d3cf50a4..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/role.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.rbac.create }} -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ template "postgresql.fullname" . }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -rules: - {{- if .Values.psp.create }} - - apiGroups: ["extensions"] - resources: ["podsecuritypolicies"] - verbs: ["use"] - resourceNames: - - {{ template "postgresql.fullname" . }} - {{- end }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/rolebinding.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/rolebinding.yaml deleted file mode 100755 index f7837388d..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/rolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.rbac.create }} -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ template "postgresql.fullname" . }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -roleRef: - kind: Role - name: {{ template "postgresql.fullname" . }} - apiGroup: rbac.authorization.k8s.io -subjects: - - kind: ServiceAccount - name: {{ default (include "postgresql.fullname" . ) .Values.serviceAccount.name }} - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/secrets.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/secrets.yaml deleted file mode 100755 index c93dbe0bd..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/secrets.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if (include "postgresql.createSecret" .) }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "postgresql.fullname" . }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: Opaque -data: - {{- if and .Values.postgresqlPostgresPassword (not (eq .Values.postgresqlUsername "postgres")) }} - postgresql-postgres-password: {{ include "postgresql.postgres.password" . | b64enc | quote }} - {{- end }} - postgresql-password: {{ include "postgresql.password" . | b64enc | quote }} - {{- if .Values.replication.enabled }} - postgresql-replication-password: {{ include "postgresql.replication.password" . | b64enc | quote }} - {{- end }} - {{- if (and .Values.ldap.enabled .Values.ldap.bind_password)}} - postgresql-ldap-password: {{ .Values.ldap.bind_password | b64enc | quote }} - {{- end }} -{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/serviceaccount.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/serviceaccount.yaml deleted file mode 100755 index 17f7ff399..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/serviceaccount.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if and (.Values.serviceAccount.enabled) (not .Values.serviceAccount.name) }} -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - {{- include "common.labels.standard" . | nindent 4 }} - name: {{ template "postgresql.fullname" . }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/servicemonitor.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/servicemonitor.yaml deleted file mode 100755 index d57b7fb48..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/servicemonitor.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "postgresql.fullname" . }} - {{- if .Values.metrics.serviceMonitor.namespace }} - namespace: {{ .Values.metrics.serviceMonitor.namespace }} - {{- end }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.metrics.serviceMonitor.additionalLabels }} - {{- toYaml .Values.metrics.serviceMonitor.additionalLabels | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - -spec: - endpoints: - - port: http-metrics - {{- if .Values.metrics.serviceMonitor.interval }} - interval: {{ .Values.metrics.serviceMonitor.interval }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} - {{- end }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} - selector: - matchLabels: - {{- include "common.labels.matchLabels" . | nindent 6 }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/statefulset-slaves.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/statefulset-slaves.yaml deleted file mode 100755 index 54d24099f..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/statefulset-slaves.yaml +++ /dev/null @@ -1,345 +0,0 @@ -{{- if .Values.replication.enabled }} -apiVersion: {{ template "postgresql.statefulset.apiVersion" . }} -kind: StatefulSet -metadata: - name: "{{ template "postgresql.fullname" . }}-slave" - labels: - {{- include "common.labels.standard" . | nindent 4 }} -{{- with .Values.slave.labels }} -{{ toYaml . | indent 4 }} -{{- end }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- with .Values.slave.annotations }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - serviceName: {{ template "postgresql.fullname" . }}-headless - replicas: {{ .Values.replication.slaveReplicas }} - selector: - matchLabels: - {{- include "common.labels.matchLabels" . | nindent 6 }} - role: slave - template: - metadata: - name: {{ template "postgresql.fullname" . }} - labels: - {{- include "common.labels.standard" . | nindent 8 }} - role: slave -{{- with .Values.slave.podLabels }} -{{ toYaml . | indent 8 }} -{{- end }} -{{- with .Values.slave.podAnnotations }} - annotations: -{{ toYaml . | indent 8 }} -{{- end }} - spec: - {{- if .Values.schedulerName }} - schedulerName: "{{ .Values.schedulerName }}" - {{- end }} -{{- include "postgresql.imagePullSecrets" . | indent 6 }} - {{- if .Values.slave.nodeSelector }} - nodeSelector: -{{ toYaml .Values.slave.nodeSelector | indent 8 }} - {{- end }} - {{- if .Values.slave.affinity }} - affinity: -{{ toYaml .Values.slave.affinity | indent 8 }} - {{- end }} - {{- if .Values.slave.tolerations }} - tolerations: -{{ toYaml .Values.slave.tolerations | indent 8 }} - {{- end }} - {{- if .Values.terminationGracePeriodSeconds }} - terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} - {{- end }} - {{- if .Values.securityContext.enabled }} - securityContext: - fsGroup: {{ .Values.securityContext.fsGroup }} - {{- end }} - {{- if .Values.serviceAccount.enabled }} - serviceAccountName: {{ default (include "postgresql.fullname" . ) .Values.serviceAccount.name}} - {{- end }} - {{- if or .Values.slave.extraInitContainers (and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled))) }} - initContainers: - {{- if and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled) .Values.tls.enabled) }} - - name: init-chmod-data - image: {{ template "postgresql.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- end }} - command: - - /bin/sh - - -cx - - | - {{- if .Values.persistence.enabled }} - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - chown `id -u`:`id -G | cut -d " " -f2` {{ .Values.persistence.mountPath }} - {{- else }} - chown {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} {{ .Values.persistence.mountPath }} - {{- end }} - mkdir -p {{ .Values.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.persistence.mountPath }}/conf {{- end }} - chmod 700 {{ .Values.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.persistence.mountPath }}/conf {{- end }} - find {{ .Values.persistence.mountPath }} -mindepth 1 -maxdepth 1 {{- if not (include "postgresql.mountConfigurationCM" .) }} -not -name "conf" {{- end }} -not -name ".snapshot" -not -name "lost+found" | \ - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - xargs chown -R `id -u`:`id -G | cut -d " " -f2` - {{- else }} - xargs chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} - {{- end }} - {{- end }} - {{- if and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled }} - chmod -R 777 /dev/shm - {{- end }} - {{- if .Values.tls.enabled }} - cp /tmp/certs/* /opt/bitnami/postgresql/certs/ - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - chown -R `id -u`:`id -G | cut -d " " -f2` /opt/bitnami/postgresql/certs/ - {{- else }} - chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} /opt/bitnami/postgresql/certs/ - {{- end }} - chmod 600 {{ template "postgresql.tlsCertKey" . }} - {{- end }} - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - securityContext: - {{- else }} - securityContext: - runAsUser: {{ .Values.volumePermissions.securityContext.runAsUser }} - {{- end }} - volumeMounts: - {{ if .Values.persistence.enabled }} - - name: data - mountPath: {{ .Values.persistence.mountPath }} - subPath: {{ .Values.persistence.subPath }} - {{- end }} - {{- if .Values.shmVolume.enabled }} - - name: dshm - mountPath: /dev/shm - {{- end }} - {{- if .Values.tls.enabled }} - - name: raw-certificates - mountPath: /tmp/certs - - name: postgresql-certificates - mountPath: /opt/bitnami/postgresql/certs - {{- end }} - {{- end }} - {{- if .Values.slave.extraInitContainers }} -{{ tpl .Values.slave.extraInitContainers . | indent 8 }} - {{- end }} - {{- end }} - {{- if .Values.slave.priorityClassName }} - priorityClassName: {{ .Values.slave.priorityClassName }} - {{- end }} - containers: - - name: {{ template "postgresql.fullname" . }} - image: {{ template "postgresql.image" . }} - imagePullPolicy: "{{ .Values.image.pullPolicy }}" - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- end }} - {{- if .Values.securityContext.enabled }} - securityContext: - runAsUser: {{ .Values.securityContext.runAsUser }} - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" .Values.image.debug | quote }} - - name: POSTGRESQL_VOLUME_DIR - value: "{{ .Values.persistence.mountPath }}" - - name: POSTGRESQL_PORT_NUMBER - value: "{{ template "postgresql.port" . }}" - {{- if .Values.persistence.mountPath }} - - name: PGDATA - value: {{ .Values.postgresqlDataDir | quote }} - {{- end }} - - name: POSTGRES_REPLICATION_MODE - value: "slave" - - name: POSTGRES_REPLICATION_USER - value: {{ include "postgresql.replication.username" . | quote }} - {{- if .Values.usePasswordFile }} - - name: POSTGRES_REPLICATION_PASSWORD_FILE - value: "/opt/bitnami/postgresql/secrets/postgresql-replication-password" - {{- else }} - - name: POSTGRES_REPLICATION_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "postgresql.secretName" . }} - key: postgresql-replication-password - {{- end }} - - name: POSTGRES_CLUSTER_APP_NAME - value: {{ .Values.replication.applicationName }} - - name: POSTGRES_MASTER_HOST - value: {{ template "postgresql.fullname" . }} - - name: POSTGRES_MASTER_PORT_NUMBER - value: {{ include "postgresql.port" . | quote }} - {{- if and (not (eq .Values.postgresqlUsername "postgres")) (or .Values.postgresqlPostgresPassword (include "postgresql.useExistingSecret" .)) }} - {{- if .Values.usePasswordFile }} - - name: POSTGRES_POSTGRES_PASSWORD_FILE - value: "/opt/bitnami/postgresql/secrets/postgresql-postgres-password" - {{- else }} - - name: POSTGRES_POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "postgresql.secretName" . }} - key: postgresql-postgres-password - {{- end }} - {{- end }} - {{- if .Values.usePasswordFile }} - - name: POSTGRES_PASSWORD_FILE - value: "/opt/bitnami/postgresql/secrets/postgresql-password" - {{- else }} - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "postgresql.secretName" . }} - key: postgresql-password - {{- end }} - - name: POSTGRESQL_ENABLE_TLS - value: {{ ternary "yes" "no" .Values.tls.enabled | quote }} - {{- if .Values.tls.enabled }} - - name: POSTGRESQL_TLS_PREFER_SERVER_CIPHERS - value: {{ ternary "yes" "no" .Values.tls.preferServerCiphers | quote }} - - name: POSTGRESQL_TLS_CERT_FILE - value: {{ template "postgresql.tlsCert" . }} - - name: POSTGRESQL_TLS_KEY_FILE - value: {{ template "postgresql.tlsCertKey" . }} - {{- if .Values.tls.certCAFilename }} - - name: POSTGRESQL_TLS_CA_FILE - value: {{ template "postgresql.tlsCACert" . }} - {{- end }} - {{- if .Values.tls.crlFilename }} - - name: POSTGRESQL_TLS_CRL_FILE - value: {{ template "postgresql.tlsCRL" . }} - {{- end }} - {{- end }} - ports: - - name: tcp-postgresql - containerPort: {{ template "postgresql.port" . }} - {{- if .Values.livenessProbe.enabled }} - livenessProbe: - exec: - command: - - /bin/sh - - -c - {{- if (include "postgresql.database" .) }} - - exec pg_isready -U {{ include "postgresql.username" . | quote }} -d "dbname={{ include "postgresql.database" . }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}{{- end }}" -h 127.0.0.1 -p {{ template "postgresql.port" . }} - {{- else }} - - exec pg_isready -U {{ include "postgresql.username" . | quote }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} -d "sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}"{{- end }} -h 127.0.0.1 -p {{ template "postgresql.port" . }} - {{- end }} - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.livenessProbe.failureThreshold }} - {{- end }} - {{- if .Values.readinessProbe.enabled }} - readinessProbe: - exec: - command: - - /bin/sh - - -c - - -e - {{- include "postgresql.readinessProbeCommand" . | nindent 16 }} - initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.readinessProbe.failureThreshold }} - {{- end }} - volumeMounts: - {{- if .Values.usePasswordFile }} - - name: postgresql-password - mountPath: /opt/bitnami/postgresql/secrets/ - {{- end }} - {{- if .Values.shmVolume.enabled }} - - name: dshm - mountPath: /dev/shm - {{- end }} - {{- if .Values.persistence.enabled }} - - name: data - mountPath: {{ .Values.persistence.mountPath }} - subPath: {{ .Values.persistence.subPath }} - {{ end }} - {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }} - - name: postgresql-extended-config - mountPath: /bitnami/postgresql/conf/conf.d/ - {{- end }} - {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap }} - - name: postgresql-config - mountPath: /bitnami/postgresql/conf - {{- end }} - {{- if .Values.tls.enabled }} - - name: postgresql-certificates - mountPath: /opt/bitnami/postgresql/certs - readOnly: true - {{- end }} - {{- if .Values.slave.extraVolumeMounts }} - {{- toYaml .Values.slave.extraVolumeMounts | nindent 12 }} - {{- end }} -{{- if .Values.slave.sidecars }} -{{- include "postgresql.tplValue" ( dict "value" .Values.slave.sidecars "context" $ ) | nindent 8 }} -{{- end }} - volumes: - {{- if .Values.usePasswordFile }} - - name: postgresql-password - secret: - secretName: {{ template "postgresql.secretName" . }} - {{- end }} - {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap}} - - name: postgresql-config - configMap: - name: {{ template "postgresql.configurationCM" . }} - {{- end }} - {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }} - - name: postgresql-extended-config - configMap: - name: {{ template "postgresql.extendedConfigurationCM" . }} - {{- end }} - {{- if .Values.tls.enabled }} - - name: raw-certificates - secret: - secretName: {{ required "A secret containing TLS certificates is required when TLS is enabled" .Values.tls.certificatesSecret }} - - name: postgresql-certificates - emptyDir: {} - {{- end }} - {{- if .Values.shmVolume.enabled }} - - name: dshm - emptyDir: - medium: Memory - sizeLimit: 1Gi - {{- end }} - {{- if or (not .Values.persistence.enabled) (not .Values.slave.persistence.enabled) }} - - name: data - emptyDir: {} - {{- end }} - {{- if .Values.slave.extraVolumes }} - {{- toYaml .Values.slave.extraVolumes | nindent 8 }} - {{- end }} - updateStrategy: - type: {{ .Values.updateStrategy.type }} - {{- if (eq "Recreate" .Values.updateStrategy.type) }} - rollingUpdate: null - {{- end }} -{{- if and .Values.persistence.enabled .Values.slave.persistence.enabled }} - volumeClaimTemplates: - - metadata: - name: data - {{- with .Values.persistence.annotations }} - annotations: - {{- range $key, $value := . }} - {{ $key }}: {{ $value }} - {{- end }} - {{- end }} - spec: - accessModes: - {{- range .Values.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - {{ include "postgresql.storageClass" . }} -{{- end }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/statefulset.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/statefulset.yaml deleted file mode 100755 index 0e6eefebb..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/statefulset.yaml +++ /dev/null @@ -1,514 +0,0 @@ -apiVersion: {{ template "postgresql.statefulset.apiVersion" . }} -kind: StatefulSet -metadata: - name: {{ template "postgresql.master.fullname" . }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- with .Values.master.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- with .Values.master.annotations }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - serviceName: {{ template "postgresql.fullname" . }}-headless - replicas: 1 - updateStrategy: - type: {{ .Values.updateStrategy.type }} - {{- if (eq "Recreate" .Values.updateStrategy.type) }} - rollingUpdate: null - {{- end }} - selector: - matchLabels: - {{- include "common.labels.matchLabels" . | nindent 6 }} - role: master - template: - metadata: - name: {{ template "postgresql.fullname" . }} - labels: - {{- include "common.labels.standard" . | nindent 8 }} - role: master - {{- with .Values.master.podLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.master.podAnnotations }} - annotations: {{- toYaml . | nindent 8 }} - {{- end }} - spec: - {{- if .Values.schedulerName }} - schedulerName: "{{ .Values.schedulerName }}" - {{- end }} -{{- include "postgresql.imagePullSecrets" . | indent 6 }} - {{- if .Values.master.nodeSelector }} - nodeSelector: {{- toYaml .Values.master.nodeSelector | nindent 8 }} - {{- end }} - {{- if .Values.master.affinity }} - affinity: {{- toYaml .Values.master.affinity | nindent 8 }} - {{- end }} - {{- if .Values.master.tolerations }} - tolerations: {{- toYaml .Values.master.tolerations | nindent 8 }} - {{- end }} - {{- if .Values.terminationGracePeriodSeconds }} - terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} - {{- end }} - {{- if .Values.securityContext.enabled }} - securityContext: - fsGroup: {{ .Values.securityContext.fsGroup }} - {{- end }} - {{- if .Values.serviceAccount.enabled }} - serviceAccountName: {{ default (include "postgresql.fullname" . ) .Values.serviceAccount.name }} - {{- end }} - {{- if or .Values.master.extraInitContainers (and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled))) }} - initContainers: - {{- if and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled) .Values.tls.enabled) }} - - name: init-chmod-data - image: {{ template "postgresql.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- end }} - command: - - /bin/sh - - -cx - - | - {{- if .Values.persistence.enabled }} - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - chown `id -u`:`id -G | cut -d " " -f2` {{ .Values.persistence.mountPath }} - {{- else }} - chown {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} {{ .Values.persistence.mountPath }} - {{- end }} - mkdir -p {{ .Values.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.persistence.mountPath }}/conf {{- end }} - chmod 700 {{ .Values.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.persistence.mountPath }}/conf {{- end }} - find {{ .Values.persistence.mountPath }} -mindepth 1 -maxdepth 1 {{- if not (include "postgresql.mountConfigurationCM" .) }} -not -name "conf" {{- end }} -not -name ".snapshot" -not -name "lost+found" | \ - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - xargs chown -R `id -u`:`id -G | cut -d " " -f2` - {{- else }} - xargs chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} - {{- end }} - {{- end }} - {{- if and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled }} - chmod -R 777 /dev/shm - {{- end }} - {{- if .Values.tls.enabled }} - cp /tmp/certs/* /opt/bitnami/postgresql/certs/ - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - chown -R `id -u`:`id -G | cut -d " " -f2` /opt/bitnami/postgresql/certs/ - {{- else }} - chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} /opt/bitnami/postgresql/certs/ - {{- end }} - chmod 600 {{ template "postgresql.tlsCertKey" . }} - {{- end }} - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - securityContext: - {{- else }} - securityContext: - runAsUser: {{ .Values.volumePermissions.securityContext.runAsUser }} - {{- end }} - volumeMounts: - {{- if .Values.persistence.enabled }} - - name: data - mountPath: {{ .Values.persistence.mountPath }} - subPath: {{ .Values.persistence.subPath }} - {{- end }} - {{- if .Values.shmVolume.enabled }} - - name: dshm - mountPath: /dev/shm - {{- end }} - {{- if .Values.tls.enabled }} - - name: raw-certificates - mountPath: /tmp/certs - - name: postgresql-certificates - mountPath: /opt/bitnami/postgresql/certs - {{- end }} - {{- end }} - {{- if .Values.master.extraInitContainers }} - {{- include "postgresql.tplValue" ( dict "value" .Values.master.extraInitContainers "context" $ ) | nindent 8 }} - {{- end }} - {{- end }} - {{- if .Values.master.priorityClassName }} - priorityClassName: {{ .Values.master.priorityClassName }} - {{- end }} - containers: - - name: {{ template "postgresql.fullname" . }} - image: {{ template "postgresql.image" . }} - imagePullPolicy: "{{ .Values.image.pullPolicy }}" - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- end }} - {{- if .Values.securityContext.enabled }} - securityContext: - runAsUser: {{ .Values.securityContext.runAsUser }} - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" .Values.image.debug | quote }} - - name: POSTGRESQL_PORT_NUMBER - value: "{{ template "postgresql.port" . }}" - - name: POSTGRESQL_VOLUME_DIR - value: "{{ .Values.persistence.mountPath }}" - {{- if .Values.postgresqlInitdbArgs }} - - name: POSTGRES_INITDB_ARGS - value: {{ .Values.postgresqlInitdbArgs | quote }} - {{- end }} - {{- if .Values.postgresqlInitdbWalDir }} - - name: POSTGRES_INITDB_WALDIR - value: {{ .Values.postgresqlInitdbWalDir | quote }} - {{- end }} - {{- if .Values.initdbUser }} - - name: POSTGRESQL_INITSCRIPTS_USERNAME - value: {{ .Values.initdbUser }} - {{- end }} - {{- if .Values.initdbPassword }} - - name: POSTGRESQL_INITSCRIPTS_PASSWORD - value: {{ .Values.initdbPassword }} - {{- end }} - {{- if .Values.persistence.mountPath }} - - name: PGDATA - value: {{ .Values.postgresqlDataDir | quote }} - {{- end }} - {{- if .Values.replication.enabled }} - - name: POSTGRES_REPLICATION_MODE - value: "master" - - name: POSTGRES_REPLICATION_USER - value: {{ include "postgresql.replication.username" . | quote }} - {{- if .Values.usePasswordFile }} - - name: POSTGRES_REPLICATION_PASSWORD_FILE - value: "/opt/bitnami/postgresql/secrets/postgresql-replication-password" - {{- else }} - - name: POSTGRES_REPLICATION_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "postgresql.secretName" . }} - key: postgresql-replication-password - {{- end }} - {{- if not (eq .Values.replication.synchronousCommit "off")}} - - name: POSTGRES_SYNCHRONOUS_COMMIT_MODE - value: {{ .Values.replication.synchronousCommit | quote }} - - name: POSTGRES_NUM_SYNCHRONOUS_REPLICAS - value: {{ .Values.replication.numSynchronousReplicas | quote }} - {{- end }} - - name: POSTGRES_CLUSTER_APP_NAME - value: {{ .Values.replication.applicationName }} - {{- end }} - {{- if and (not (eq .Values.postgresqlUsername "postgres")) (or .Values.postgresqlPostgresPassword (include "postgresql.useExistingSecret" .)) }} - {{- if .Values.usePasswordFile }} - - name: POSTGRES_POSTGRES_PASSWORD_FILE - value: "/opt/bitnami/postgresql/secrets/postgresql-postgres-password" - {{- else }} - - name: POSTGRES_POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "postgresql.secretName" . }} - key: postgresql-postgres-password - {{- end }} - {{- end }} - - name: POSTGRES_USER - value: {{ include "postgresql.username" . | quote }} - {{- if .Values.usePasswordFile }} - - name: POSTGRES_PASSWORD_FILE - value: "/opt/bitnami/postgresql/secrets/postgresql-password" - {{- else }} - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "postgresql.secretName" . }} - key: postgresql-password - {{- end }} - {{- if (include "postgresql.database" .) }} - - name: POSTGRES_DB - value: {{ (include "postgresql.database" .) | quote }} - {{- end }} - {{- if .Values.extraEnv }} - {{- include "postgresql.tplValue" (dict "value" .Values.extraEnv "context" $) | nindent 12 }} - {{- end }} - - name: POSTGRESQL_ENABLE_LDAP - value: {{ ternary "yes" "no" .Values.ldap.enabled | quote }} - {{- if .Values.ldap.enabled }} - - name: POSTGRESQL_LDAP_SERVER - value: {{ .Values.ldap.server }} - - name: POSTGRESQL_LDAP_PORT - value: {{ .Values.ldap.port | quote }} - - name: POSTGRESQL_LDAP_SCHEME - value: {{ .Values.ldap.scheme }} - {{- if .Values.ldap.tls }} - - name: POSTGRESQL_LDAP_TLS - value: "1" - {{- end}} - - name: POSTGRESQL_LDAP_PREFIX - value: {{ .Values.ldap.prefix | quote }} - - name: POSTGRESQL_LDAP_SUFFIX - value: {{ .Values.ldap.suffix | quote}} - - name: POSTGRESQL_LDAP_BASE_DN - value: {{ .Values.ldap.baseDN }} - - name: POSTGRESQL_LDAP_BIND_DN - value: {{ .Values.ldap.bindDN }} - {{- if (not (empty .Values.ldap.bind_password)) }} - - name: POSTGRESQL_LDAP_BIND_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "postgresql.secretName" . }} - key: postgresql-ldap-password - {{- end}} - - name: POSTGRESQL_LDAP_SEARCH_ATTR - value: {{ .Values.ldap.search_attr }} - - name: POSTGRESQL_LDAP_SEARCH_FILTER - value: {{ .Values.ldap.search_filter }} - - name: POSTGRESQL_LDAP_URL - value: {{ .Values.ldap.url }} - {{- end}} - - name: POSTGRESQL_ENABLE_TLS - value: {{ ternary "yes" "no" .Values.tls.enabled | quote }} - {{- if .Values.tls.enabled }} - - name: POSTGRESQL_TLS_PREFER_SERVER_CIPHERS - value: {{ ternary "yes" "no" .Values.tls.preferServerCiphers | quote }} - - name: POSTGRESQL_TLS_CERT_FILE - value: {{ template "postgresql.tlsCert" . }} - - name: POSTGRESQL_TLS_KEY_FILE - value: {{ template "postgresql.tlsCertKey" . }} - {{- if .Values.tls.certCAFilename }} - - name: POSTGRESQL_TLS_CA_FILE - value: {{ template "postgresql.tlsCACert" . }} - {{- end }} - {{- if .Values.tls.crlFilename }} - - name: POSTGRESQL_TLS_CRL_FILE - value: {{ template "postgresql.tlsCRL" . }} - {{- end }} - {{- end }} - {{- if .Values.extraEnvVarsCM }} - envFrom: - - configMapRef: - name: {{ tpl .Values.extraEnvVarsCM . }} - {{- end }} - ports: - - name: tcp-postgresql - containerPort: {{ template "postgresql.port" . }} - {{- if .Values.livenessProbe.enabled }} - livenessProbe: - exec: - command: - - /bin/sh - - -c - {{- if (include "postgresql.database" .) }} - - exec pg_isready -U {{ include "postgresql.username" . | quote }} -d "dbname={{ include "postgresql.database" . }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}{{- end }}" -h 127.0.0.1 -p {{ template "postgresql.port" . }} - {{- else }} - - exec pg_isready -U {{ include "postgresql.username" . | quote }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} -d "sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}"{{- end }} -h 127.0.0.1 -p {{ template "postgresql.port" . }} - {{- end }} - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.livenessProbe.failureThreshold }} - {{- end }} - {{- if .Values.readinessProbe.enabled }} - readinessProbe: - exec: - command: - - /bin/sh - - -c - - -e - {{- include "postgresql.readinessProbeCommand" . | nindent 16 }} - initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.readinessProbe.failureThreshold }} - {{- end }} - volumeMounts: - {{- if or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScriptsConfigMap .Values.initdbScripts }} - - name: custom-init-scripts - mountPath: /docker-entrypoint-initdb.d/ - {{- end }} - {{- if .Values.initdbScriptsSecret }} - - name: custom-init-scripts-secret - mountPath: /docker-entrypoint-initdb.d/secret - {{- end }} - {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }} - - name: postgresql-extended-config - mountPath: /bitnami/postgresql/conf/conf.d/ - {{- end }} - {{- if .Values.usePasswordFile }} - - name: postgresql-password - mountPath: /opt/bitnami/postgresql/secrets/ - {{- end }} - {{- if .Values.tls.enabled }} - - name: postgresql-certificates - mountPath: /opt/bitnami/postgresql/certs - readOnly: true - {{- end }} - {{- if .Values.shmVolume.enabled }} - - name: dshm - mountPath: /dev/shm - {{- end }} - {{- if .Values.persistence.enabled }} - - name: data - mountPath: {{ .Values.persistence.mountPath }} - subPath: {{ .Values.persistence.subPath }} - {{- end }} - {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap }} - - name: postgresql-config - mountPath: /bitnami/postgresql/conf - {{- end }} - {{- if .Values.master.extraVolumeMounts }} - {{- toYaml .Values.master.extraVolumeMounts | nindent 12 }} - {{- end }} -{{- if .Values.master.sidecars }} -{{- include "postgresql.tplValue" ( dict "value" .Values.master.sidecars "context" $ ) | nindent 8 }} -{{- end }} -{{- if .Values.metrics.enabled }} - - name: metrics - image: {{ template "postgresql.metrics.image" . }} - imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} - {{- if .Values.metrics.securityContext.enabled }} - securityContext: - runAsUser: {{ .Values.metrics.securityContext.runAsUser }} - {{- end }} - env: - {{- $database := required "In order to enable metrics you need to specify a database (.Values.postgresqlDatabase or .Values.global.postgresql.postgresqlDatabase)" (include "postgresql.database" .) }} - {{- $sslmode := ternary "require" "disable" .Values.tls.enabled }} - {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} - - name: DATA_SOURCE_NAME - value: {{ printf "host=127.0.0.1 port=%d user=%s sslmode=%s sslcert=%s sslkey=%s" (int (include "postgresql.port" .)) (include "postgresql.username" .) $sslmode (include "postgresql.tlsCert" .) (include "postgresql.tlsCertKey" .) }} - {{- else }} - - name: DATA_SOURCE_URI - value: {{ printf "127.0.0.1:%d/%s?sslmode=%s" (int (include "postgresql.port" .)) $database $sslmode }} - {{- end }} - {{- if .Values.usePasswordFile }} - - name: DATA_SOURCE_PASS_FILE - value: "/opt/bitnami/postgresql/secrets/postgresql-password" - {{- else }} - - name: DATA_SOURCE_PASS - valueFrom: - secretKeyRef: - name: {{ template "postgresql.secretName" . }} - key: postgresql-password - {{- end }} - - name: DATA_SOURCE_USER - value: {{ template "postgresql.username" . }} - {{- if .Values.metrics.extraEnvVars }} - {{- include "postgresql.tplValue" (dict "value" .Values.metrics.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: / - port: http-metrics - initialDelaySeconds: {{ .Values.metrics.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.metrics.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.metrics.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.metrics.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.metrics.livenessProbe.failureThreshold }} - {{- end }} - {{- if .Values.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: / - port: http-metrics - initialDelaySeconds: {{ .Values.metrics.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.metrics.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.metrics.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.metrics.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.metrics.readinessProbe.failureThreshold }} - {{- end }} - volumeMounts: - {{- if .Values.usePasswordFile }} - - name: postgresql-password - mountPath: /opt/bitnami/postgresql/secrets/ - {{- end }} - {{- if .Values.tls.enabled }} - - name: postgresql-certificates - mountPath: /opt/bitnami/postgresql/certs - readOnly: true - {{- end }} - {{- if .Values.metrics.customMetrics }} - - name: custom-metrics - mountPath: /conf - readOnly: true - args: ["--extend.query-path", "/conf/custom-metrics.yaml"] - {{- end }} - ports: - - name: http-metrics - containerPort: 9187 - {{- if .Values.metrics.resources }} - resources: {{- toYaml .Values.metrics.resources | nindent 12 }} - {{- end }} -{{- end }} - volumes: - {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap}} - - name: postgresql-config - configMap: - name: {{ template "postgresql.configurationCM" . }} - {{- end }} - {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }} - - name: postgresql-extended-config - configMap: - name: {{ template "postgresql.extendedConfigurationCM" . }} - {{- end }} - {{- if .Values.usePasswordFile }} - - name: postgresql-password - secret: - secretName: {{ template "postgresql.secretName" . }} - {{- end }} - {{- if or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScriptsConfigMap .Values.initdbScripts }} - - name: custom-init-scripts - configMap: - name: {{ template "postgresql.initdbScriptsCM" . }} - {{- end }} - {{- if .Values.initdbScriptsSecret }} - - name: custom-init-scripts-secret - secret: - secretName: {{ template "postgresql.initdbScriptsSecret" . }} - {{- end }} - {{- if .Values.tls.enabled }} - - name: raw-certificates - secret: - secretName: {{ required "A secret containing TLS certificates is required when TLS is enabled" .Values.tls.certificatesSecret }} - - name: postgresql-certificates - emptyDir: {} - {{- end }} - {{- if .Values.master.extraVolumes }} - {{- toYaml .Values.master.extraVolumes | nindent 8 }} - {{- end }} - {{- if and .Values.metrics.enabled .Values.metrics.customMetrics }} - - name: custom-metrics - configMap: - name: {{ template "postgresql.metricsCM" . }} - {{- end }} - {{- if .Values.shmVolume.enabled }} - - name: dshm - emptyDir: - medium: Memory - sizeLimit: 1Gi - {{- end }} -{{- if and .Values.persistence.enabled .Values.persistence.existingClaim }} - - name: data - persistentVolumeClaim: -{{- with .Values.persistence.existingClaim }} - claimName: {{ tpl . $ }} -{{- end }} -{{- else if not .Values.persistence.enabled }} - - name: data - emptyDir: {} -{{- else if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} - volumeClaimTemplates: - - metadata: - name: data - {{- with .Values.persistence.annotations }} - annotations: - {{- range $key, $value := . }} - {{ $key }}: {{ $value }} - {{- end }} - {{- end }} - spec: - accessModes: - {{- range .Values.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - {{ include "postgresql.storageClass" . }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/svc-headless.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/svc-headless.yaml deleted file mode 100755 index 49131578a..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/svc-headless.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "postgresql.fullname" . }}-headless - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - type: ClusterIP - clusterIP: None - ports: - - name: tcp-postgresql - port: {{ template "postgresql.port" . }} - targetPort: tcp-postgresql - selector: - {{- include "common.labels.matchLabels" . | nindent 4 }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/svc-read.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/svc-read.yaml deleted file mode 100755 index 885c7bb04..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/svc-read.yaml +++ /dev/null @@ -1,42 +0,0 @@ -{{- if .Values.replication.enabled }} -{{- $serviceAnnotations := coalesce .Values.slave.service.annotations .Values.service.annotations -}} -{{- $serviceType := coalesce .Values.slave.service.type .Values.service.type -}} -{{- $serviceLoadBalancerIP := coalesce .Values.slave.service.loadBalancerIP .Values.service.loadBalancerIP -}} -{{- $serviceLoadBalancerSourceRanges := coalesce .Values.slave.service.loadBalancerSourceRanges .Values.service.loadBalancerSourceRanges -}} -{{- $serviceClusterIP := coalesce .Values.slave.service.clusterIP .Values.service.clusterIP -}} -{{- $serviceNodePort := coalesce .Values.slave.service.nodePort .Values.service.nodePort -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "postgresql.fullname" . }}-read - labels: - {{- include "common.labels.standard" . | nindent 4 }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if $serviceAnnotations }} - {{- include "postgresql.tplValue" (dict "value" $serviceAnnotations "context" $) | nindent 4 }} - {{- end }} -spec: - type: {{ $serviceType }} - {{- if and $serviceLoadBalancerIP (eq $serviceType "LoadBalancer") }} - loadBalancerIP: {{ $serviceLoadBalancerIP }} - {{- end }} - {{- if and (eq $serviceType "LoadBalancer") $serviceLoadBalancerSourceRanges }} - loadBalancerSourceRanges: {{- include "postgresql.tplValue" (dict "value" $serviceLoadBalancerSourceRanges "context" $) | nindent 4 }} - {{- end }} - {{- if and (eq $serviceType "ClusterIP") $serviceClusterIP }} - clusterIP: {{ $serviceClusterIP }} - {{- end }} - ports: - - name: tcp-postgresql - port: {{ template "postgresql.port" . }} - targetPort: tcp-postgresql - {{- if $serviceNodePort }} - nodePort: {{ $serviceNodePort }} - {{- end }} - selector: - {{- include "common.labels.matchLabels" . | nindent 4 }} - role: slave -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/svc.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/svc.yaml deleted file mode 100755 index e9fc50456..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/svc.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- $serviceAnnotations := coalesce .Values.master.service.annotations .Values.service.annotations -}} -{{- $serviceType := coalesce .Values.master.service.type .Values.service.type -}} -{{- $serviceLoadBalancerIP := coalesce .Values.master.service.loadBalancerIP .Values.service.loadBalancerIP -}} -{{- $serviceLoadBalancerSourceRanges := coalesce .Values.master.service.loadBalancerSourceRanges .Values.service.loadBalancerSourceRanges -}} -{{- $serviceClusterIP := coalesce .Values.master.service.clusterIP .Values.service.clusterIP -}} -{{- $serviceNodePort := coalesce .Values.master.service.nodePort .Values.service.nodePort -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "postgresql.fullname" . }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if $serviceAnnotations }} - {{- include "postgresql.tplValue" (dict "value" $serviceAnnotations "context" $) | nindent 4 }} - {{- end }} -spec: - type: {{ $serviceType }} - {{- if and $serviceLoadBalancerIP (eq $serviceType "LoadBalancer") }} - loadBalancerIP: {{ $serviceLoadBalancerIP }} - {{- end }} - {{- if and (eq $serviceType "LoadBalancer") $serviceLoadBalancerSourceRanges }} - loadBalancerSourceRanges: {{- include "postgresql.tplValue" (dict "value" $serviceLoadBalancerSourceRanges "context" $) | nindent 4 }} - {{- end }} - {{- if and (eq $serviceType "ClusterIP") $serviceClusterIP }} - clusterIP: {{ $serviceClusterIP }} - {{- end }} - ports: - - name: tcp-postgresql - port: {{ template "postgresql.port" . }} - targetPort: tcp-postgresql - {{- if $serviceNodePort }} - nodePort: {{ $serviceNodePort }} - {{- end }} - selector: - {{- include "common.labels.matchLabels" . | nindent 4 }} - role: master diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/values-production.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/values-production.yaml deleted file mode 100755 index c08014549..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/values-production.yaml +++ /dev/null @@ -1,594 +0,0 @@ -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry and imagePullSecrets -## -global: - postgresql: {} -# imageRegistry: myRegistryName -# imagePullSecrets: -# - myRegistryKeySecretName -# storageClass: myStorageClass - -## Bitnami PostgreSQL image version -## ref: https://hub.docker.com/r/bitnami/postgresql/tags/ -## -image: - registry: docker.io - repository: bitnami/postgresql - tag: 11.9.0-debian-10-r1 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - - ## Set to true if you would like to see extra information on logs - ## It turns BASH and NAMI debugging in minideb - ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging - debug: false - -## String to partially override postgresql.fullname template (will maintain the release name) -## -# nameOverride: - -## String to fully override postgresql.fullname template -## -# fullnameOverride: - -## -## Init containers parameters: -## volumePermissions: Change the owner of the persist volume mountpoint to RunAsUser:fsGroup -## -volumePermissions: - enabled: false - image: - registry: docker.io - repository: bitnami/minideb - tag: buster - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: Always - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - ## Init container Security Context - ## Note: the chown of the data folder is done to securityContext.runAsUser - ## and not the below volumePermissions.securityContext.runAsUser - ## When runAsUser is set to special value "auto", init container will try to chwon the - ## data folder to autodetermined user&group, using commands: `id -u`:`id -G | cut -d" " -f2` - ## "auto" is especially useful for OpenShift which has scc with dynamic userids (and 0 is not allowed). - ## You may want to use this volumePermissions.securityContext.runAsUser="auto" in combination with - ## pod securityContext.enabled=false and shmVolume.chmod.enabled=false - ## - securityContext: - runAsUser: 0 - -## Use an alternate scheduler, e.g. "stork". -## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ -## -# schedulerName: - -## Pod Security Context -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ -## -securityContext: - enabled: true - fsGroup: 1001 - runAsUser: 1001 - -## Pod Service Account -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ -serviceAccount: - enabled: false - ## Name of an already existing service account. Setting this value disables the automatic service account creation. - # name: - -## Pod Security Policy -## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ -psp: - create: false - -## Creates role for ServiceAccount -## Required for PSP -rbac: - create: false - -replication: - enabled: true - user: repl_user - password: repl_password - slaveReplicas: 2 - ## Set synchronous commit mode: on, off, remote_apply, remote_write and local - ## ref: https://www.postgresql.org/docs/9.6/runtime-config-wal.html#GUC-WAL-LEVEL - synchronousCommit: 'on' - ## From the number of `slaveReplicas` defined above, set the number of those that will have synchronous replication - ## NOTE: It cannot be > slaveReplicas - numSynchronousReplicas: 1 - ## Replication Cluster application name. Useful for defining multiple replication policies - applicationName: my_application - -## PostgreSQL admin password (used when `postgresqlUsername` is not `postgres`) -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-user-on-first-run (see note!) -# postgresqlPostgresPassword: - -## PostgreSQL user (has superuser privileges if username is `postgres`) -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run -postgresqlUsername: postgres - -## PostgreSQL password -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run -## -# postgresqlPassword: - -## PostgreSQL password using existing secret -## existingSecret: secret - -## Mount PostgreSQL secret as a file instead of passing environment variable -# usePasswordFile: false - -## Create a database -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-on-first-run -## -# postgresqlDatabase: - -## PostgreSQL data dir -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md -## -postgresqlDataDir: /bitnami/postgresql/data - -## An array to add extra environment variables -## For example: -## extraEnv: -## - name: FOO -## value: "bar" -## -# extraEnv: -extraEnv: [] - -## Name of a ConfigMap containing extra env vars -## -# extraEnvVarsCM: - -## Specify extra initdb args -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md -## -# postgresqlInitdbArgs: - -## Specify a custom location for the PostgreSQL transaction log -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md -## -# postgresqlInitdbWalDir: - -## PostgreSQL configuration -## Specify runtime configuration parameters as a dict, using camelCase, e.g. -## {"sharedBuffers": "500MB"} -## Alternatively, you can put your postgresql.conf under the files/ directory -## ref: https://www.postgresql.org/docs/current/static/runtime-config.html -## -# postgresqlConfiguration: - -## PostgreSQL extended configuration -## As above, but _appended_ to the main configuration -## Alternatively, you can put your *.conf under the files/conf.d/ directory -## https://github.com/bitnami/bitnami-docker-postgresql#allow-settings-to-be-loaded-from-files-other-than-the-default-postgresqlconf -## -# postgresqlExtendedConf: - -## PostgreSQL client authentication configuration -## Specify content for pg_hba.conf -## Default: do not create pg_hba.conf -## Alternatively, you can put your pg_hba.conf under the files/ directory -# pgHbaConfiguration: |- -# local all all trust -# host all all localhost trust -# host mydatabase mysuser 192.168.0.0/24 md5 - -## ConfigMap with PostgreSQL configuration -## NOTE: This will override postgresqlConfiguration and pgHbaConfiguration -# configurationConfigMap: - -## ConfigMap with PostgreSQL extended configuration -# extendedConfConfigMap: - -## initdb scripts -## Specify dictionary of scripts to be run at first boot -## Alternatively, you can put your scripts under the files/docker-entrypoint-initdb.d directory -## -# initdbScripts: -# my_init_script.sh: | -# #!/bin/sh -# echo "Do something." - -## Specify the PostgreSQL username and password to execute the initdb scripts -# initdbUser: -# initdbPassword: - -## ConfigMap with scripts to be run at first boot -## NOTE: This will override initdbScripts -# initdbScriptsConfigMap: - -## Secret with scripts to be run at first boot (in case it contains sensitive information) -## NOTE: This can work along initdbScripts or initdbScriptsConfigMap -# initdbScriptsSecret: - -## Optional duration in seconds the pod needs to terminate gracefully. -## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods -## -# terminationGracePeriodSeconds: 30 - -## LDAP configuration -## -ldap: - enabled: false - url: '' - server: '' - port: '' - prefix: '' - suffix: '' - baseDN: '' - bindDN: '' - bind_password: - search_attr: '' - search_filter: '' - scheme: '' - tls: false - -## PostgreSQL service configuration -service: - ## PosgresSQL service type - type: ClusterIP - # clusterIP: None - port: 5432 - - ## Specify the nodePort value for the LoadBalancer and NodePort service types. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## - # nodePort: - - ## Provide any additional annotations which may be required. Evaluated as a template. - ## - annotations: {} - ## Set the LoadBalancer service type to internal only. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - # loadBalancerIP: - ## Load Balancer sources. Evaluated as a template. - ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## - # loadBalancerSourceRanges: - # - 10.10.10.0/24 - -## Start master and slave(s) pod(s) without limitations on shm memory. -## By default docker and containerd (and possibly other container runtimes) -## limit `/dev/shm` to `64M` (see e.g. the -## [docker issue](https://github.com/docker-library/postgres/issues/416) and the -## [containerd issue](https://github.com/containerd/containerd/issues/3654), -## which could be not enough if PostgreSQL uses parallel workers heavily. -## -shmVolume: - ## Set `shmVolume.enabled` to `true` to mount a new tmpfs volume to remove - ## this limitation. - ## - enabled: true - ## Set to `true` to `chmod 777 /dev/shm` on a initContainer. - ## This option is ingored if `volumePermissions.enabled` is `false` - ## - chmod: - enabled: true - -## PostgreSQL data Persistent Volume Storage Class -## If defined, storageClassName: -## If set to "-", storageClassName: "", which disables dynamic provisioning -## If undefined (the default) or set to null, no storageClassName spec is -## set, choosing the default provisioner. (gp2 on AWS, standard on -## GKE, AWS & OpenStack) -## -persistence: - enabled: true - ## A manually managed Persistent Volume and Claim - ## If defined, PVC must be created manually before volume will be bound - ## The value is evaluated as a template, so, for example, the name can depend on .Release or .Chart - ## - # existingClaim: - - ## The path the volume will be mounted at, useful when using different - ## PostgreSQL images. - ## - mountPath: /bitnami/postgresql - - ## The subdirectory of the volume to mount to, useful in dev environments - ## and one PV for multiple services. - ## - subPath: '' - - # storageClass: "-" - accessModes: - - ReadWriteOnce - size: 8Gi - annotations: {} - -## updateStrategy for PostgreSQL StatefulSet and its slaves StatefulSets -## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies -updateStrategy: - type: RollingUpdate - -## -## PostgreSQL Master parameters -## -master: - ## Node, affinity, tolerations, and priorityclass settings for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature - ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption - nodeSelector: {} - affinity: {} - tolerations: [] - labels: {} - annotations: {} - podLabels: {} - podAnnotations: {} - priorityClassName: '' - ## Additional PostgreSQL Master Volume mounts - ## - extraVolumeMounts: [] - ## Additional PostgreSQL Master Volumes - ## - extraVolumes: [] - ## Add sidecars to the pod - ## - ## For example: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - sidecars: [] - - ## Override the service configuration for master - ## - service: {} - # type: - # nodePort: - # clusterIP: - -## -## PostgreSQL Slave parameters -## -slave: - ## Node, affinity, tolerations, and priorityclass settings for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature - ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption - nodeSelector: {} - affinity: {} - tolerations: [] - labels: {} - annotations: {} - podLabels: {} - podAnnotations: {} - priorityClassName: '' - ## Extra init containers - ## Example - ## - ## extraInitContainers: - ## - name: do-something - ## image: busybox - ## command: ['do', 'something'] - extraInitContainers: [] - ## Additional PostgreSQL Slave Volume mounts - ## - extraVolumeMounts: [] - ## Additional PostgreSQL Slave Volumes - ## - extraVolumes: [] - ## Add sidecars to the pod - ## - ## For example: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - sidecars: [] - - ## Override the service configuration for slave - ## - service: {} - # type: - # nodePort: - # clusterIP: - ## Whether to enable PostgreSQL slave replicas data Persistent - ## - persistence: - enabled: true - -## Configure resource requests and limits -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## -resources: - requests: - memory: 256Mi - cpu: 250m - -## Add annotations to all the deployed resources -## -commonAnnotations: {} - -networkPolicy: - ## Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now. - ## - enabled: false - - ## The Policy model to apply. When set to false, only pods with the correct - ## client label will have network access to the port PostgreSQL is listening - ## on. When true, PostgreSQL will accept connections from any source - ## (with the correct destination port). - ## - allowExternal: true - - ## if explicitNamespacesSelector is missing or set to {}, only client Pods that are in the networkPolicy's namespace - ## and that match other criteria, the ones that have the good label, can reach the DB. - ## But sometimes, we want the DB to be accessible to clients from other namespaces, in this case, we can use this - ## LabelSelector to select these namespaces, note that the networkPolicy's namespace should also be explicitly added. - ## - ## Example: - ## explicitNamespacesSelector: - ## matchLabels: - ## role: frontend - ## matchExpressions: - ## - {key: role, operator: In, values: [frontend]} - explicitNamespacesSelector: {} - -## Configure extra options for liveness and readiness probes -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) -livenessProbe: - enabled: true - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - -readinessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - -## -## TLS configuration -## -tls: - # Enable TLS traffic - enabled: false - # - # Whether to use the server's TLS cipher preferences rather than the client's. - preferServerCiphers: true - # - # Name of the Secret that contains the certificates - certificatesSecret: '' - # - # Certificate filename - certFilename: '' - # - # Certificate Key filename - certKeyFilename: '' - # - # CA Certificate filename - # If provided, PostgreSQL will authenticate TLS/SSL clients by requesting them a certificate - # ref: https://www.postgresql.org/docs/9.6/auth-methods.html - certCAFilename: - # - # File containing a Certificate Revocation List - crlFilename: - -## Configure metrics exporter -## -metrics: - enabled: true - # resources: {} - service: - type: ClusterIP - annotations: - prometheus.io/scrape: 'true' - prometheus.io/port: '9187' - loadBalancerIP: - serviceMonitor: - enabled: false - additionalLabels: {} - # namespace: monitoring - # interval: 30s - # scrapeTimeout: 10s - ## Custom PrometheusRule to be defined - ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart - ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions - prometheusRule: - enabled: false - additionalLabels: {} - namespace: '' - ## These are just examples rules, please adapt them to your needs. - ## Make sure to constraint the rules to the current postgresql service. - ## rules: - ## - alert: HugeReplicationLag - ## expr: pg_replication_lag{service="{{ template "postgresql.fullname" . }}-metrics"} / 3600 > 1 - ## for: 1m - ## labels: - ## severity: critical - ## annotations: - ## description: replication for {{ template "postgresql.fullname" . }} PostgreSQL is lagging by {{ "{{ $value }}" }} hour(s). - ## summary: PostgreSQL replication is lagging by {{ "{{ $value }}" }} hour(s). - rules: [] - - image: - registry: docker.io - repository: bitnami/postgres-exporter - tag: 0.8.0-debian-10-r188 - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - ## Define additional custom metrics - ## ref: https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file - # customMetrics: - # pg_database: - # query: "SELECT d.datname AS name, CASE WHEN pg_catalog.has_database_privilege(d.datname, 'CONNECT') THEN pg_catalog.pg_database_size(d.datname) ELSE 0 END AS size FROM pg_catalog.pg_database d where datname not in ('template0', 'template1', 'postgres')" - # metrics: - # - name: - # usage: "LABEL" - # description: "Name of the database" - # - size_bytes: - # usage: "GAUGE" - # description: "Size of the database in bytes" - ## An array to add extra env vars to configure postgres-exporter - ## see: https://github.com/wrouesnel/postgres_exporter#environment-variables - ## For example: - # extraEnvVars: - # - name: PG_EXPORTER_DISABLE_DEFAULT_METRICS - # value: "true" - extraEnvVars: {} - - ## Pod Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - ## - securityContext: - enabled: false - runAsUser: 1001 - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) - ## Configure extra options for liveness and readiness probes - livenessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - - readinessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/values.schema.json b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/values.schema.json deleted file mode 100755 index 7b5e2efc3..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/values.schema.json +++ /dev/null @@ -1,103 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "type": "object", - "properties": { - "postgresqlUsername": { - "type": "string", - "title": "Admin user", - "form": true - }, - "postgresqlPassword": { - "type": "string", - "title": "Password", - "form": true - }, - "persistence": { - "type": "object", - "properties": { - "size": { - "type": "string", - "title": "Persistent Volume Size", - "form": true, - "render": "slider", - "sliderMin": 1, - "sliderMax": 100, - "sliderUnit": "Gi" - } - } - }, - "resources": { - "type": "object", - "title": "Required Resources", - "description": "Configure resource requests", - "form": true, - "properties": { - "requests": { - "type": "object", - "properties": { - "memory": { - "type": "string", - "form": true, - "render": "slider", - "title": "Memory Request", - "sliderMin": 10, - "sliderMax": 2048, - "sliderUnit": "Mi" - }, - "cpu": { - "type": "string", - "form": true, - "render": "slider", - "title": "CPU Request", - "sliderMin": 10, - "sliderMax": 2000, - "sliderUnit": "m" - } - } - } - } - }, - "replication": { - "type": "object", - "form": true, - "title": "Replication Details", - "properties": { - "enabled": { - "type": "boolean", - "title": "Enable Replication", - "form": true - }, - "slaveReplicas": { - "type": "integer", - "title": "Slave Replicas", - "form": true, - "hidden": { - "value": false, - "path": "replication/enabled" - } - } - } - }, - "volumePermissions": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "form": true, - "title": "Enable Init Containers", - "description": "Change the owner of the persist volume mountpoint to RunAsUser:fsGroup" - } - } - }, - "metrics": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "title": "Configure metrics exporter", - "form": true - } - } - } - } -} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/values.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/values.yaml deleted file mode 100755 index f45c4183d..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/values.yaml +++ /dev/null @@ -1,600 +0,0 @@ -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry and imagePullSecrets -## -global: - postgresql: {} -# imageRegistry: myRegistryName -# imagePullSecrets: -# - myRegistryKeySecretName -# storageClass: myStorageClass - -## Bitnami PostgreSQL image version -## ref: https://hub.docker.com/r/bitnami/postgresql/tags/ -## -image: - registry: docker.io - repository: bitnami/postgresql - tag: 11.9.0-debian-10-r1 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - - ## Set to true if you would like to see extra information on logs - ## It turns BASH and NAMI debugging in minideb - ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging - debug: false - -## String to partially override postgresql.fullname template (will maintain the release name) -## -# nameOverride: - -## String to fully override postgresql.fullname template -## -# fullnameOverride: - -## -## Init containers parameters: -## volumePermissions: Change the owner of the persist volume mountpoint to RunAsUser:fsGroup -## -volumePermissions: - enabled: false - image: - registry: docker.io - repository: bitnami/minideb - tag: buster - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: Always - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - ## Init container Security Context - ## Note: the chown of the data folder is done to securityContext.runAsUser - ## and not the below volumePermissions.securityContext.runAsUser - ## When runAsUser is set to special value "auto", init container will try to chwon the - ## data folder to autodetermined user&group, using commands: `id -u`:`id -G | cut -d" " -f2` - ## "auto" is especially useful for OpenShift which has scc with dynamic userids (and 0 is not allowed). - ## You may want to use this volumePermissions.securityContext.runAsUser="auto" in combination with - ## pod securityContext.enabled=false and shmVolume.chmod.enabled=false - ## - securityContext: - runAsUser: 0 - -## Use an alternate scheduler, e.g. "stork". -## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ -## -# schedulerName: - -## Pod Security Context -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ -## -securityContext: - enabled: true - fsGroup: 1001 - runAsUser: 1001 - -## Pod Service Account -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ -serviceAccount: - enabled: false - ## Name of an already existing service account. Setting this value disables the automatic service account creation. - # name: - -## Pod Security Policy -## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ -psp: - create: false - -## Creates role for ServiceAccount -## Required for PSP -rbac: - create: false - -replication: - enabled: false - user: repl_user - password: repl_password - slaveReplicas: 1 - ## Set synchronous commit mode: on, off, remote_apply, remote_write and local - ## ref: https://www.postgresql.org/docs/9.6/runtime-config-wal.html#GUC-WAL-LEVEL - synchronousCommit: 'off' - ## From the number of `slaveReplicas` defined above, set the number of those that will have synchronous replication - ## NOTE: It cannot be > slaveReplicas - numSynchronousReplicas: 0 - ## Replication Cluster application name. Useful for defining multiple replication policies - applicationName: my_application - -## PostgreSQL admin password (used when `postgresqlUsername` is not `postgres`) -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-user-on-first-run (see note!) -# postgresqlPostgresPassword: - -## PostgreSQL user (has superuser privileges if username is `postgres`) -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run -postgresqlUsername: postgres - -## PostgreSQL password -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run -## -# postgresqlPassword: - -## PostgreSQL password using existing secret -## existingSecret: secret - -## Mount PostgreSQL secret as a file instead of passing environment variable -# usePasswordFile: false - -## Create a database -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-on-first-run -## -# postgresqlDatabase: - -## PostgreSQL data dir -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md -## -postgresqlDataDir: /bitnami/postgresql/data - -## An array to add extra environment variables -## For example: -## extraEnv: -## - name: FOO -## value: "bar" -## -# extraEnv: -extraEnv: [] - -## Name of a ConfigMap containing extra env vars -## -# extraEnvVarsCM: - -## Specify extra initdb args -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md -## -# postgresqlInitdbArgs: - -## Specify a custom location for the PostgreSQL transaction log -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md -## -# postgresqlInitdbWalDir: - -## PostgreSQL configuration -## Specify runtime configuration parameters as a dict, using camelCase, e.g. -## {"sharedBuffers": "500MB"} -## Alternatively, you can put your postgresql.conf under the files/ directory -## ref: https://www.postgresql.org/docs/current/static/runtime-config.html -## -# postgresqlConfiguration: - -## PostgreSQL extended configuration -## As above, but _appended_ to the main configuration -## Alternatively, you can put your *.conf under the files/conf.d/ directory -## https://github.com/bitnami/bitnami-docker-postgresql#allow-settings-to-be-loaded-from-files-other-than-the-default-postgresqlconf -## -# postgresqlExtendedConf: - -## PostgreSQL client authentication configuration -## Specify content for pg_hba.conf -## Default: do not create pg_hba.conf -## Alternatively, you can put your pg_hba.conf under the files/ directory -# pgHbaConfiguration: |- -# local all all trust -# host all all localhost trust -# host mydatabase mysuser 192.168.0.0/24 md5 - -## ConfigMap with PostgreSQL configuration -## NOTE: This will override postgresqlConfiguration and pgHbaConfiguration -# configurationConfigMap: - -## ConfigMap with PostgreSQL extended configuration -# extendedConfConfigMap: - -## initdb scripts -## Specify dictionary of scripts to be run at first boot -## Alternatively, you can put your scripts under the files/docker-entrypoint-initdb.d directory -## -# initdbScripts: -# my_init_script.sh: | -# #!/bin/sh -# echo "Do something." - -## ConfigMap with scripts to be run at first boot -## NOTE: This will override initdbScripts -# initdbScriptsConfigMap: - -## Secret with scripts to be run at first boot (in case it contains sensitive information) -## NOTE: This can work along initdbScripts or initdbScriptsConfigMap -# initdbScriptsSecret: - -## Specify the PostgreSQL username and password to execute the initdb scripts -# initdbUser: -# initdbPassword: - -## Optional duration in seconds the pod needs to terminate gracefully. -## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods -## -# terminationGracePeriodSeconds: 30 - -## LDAP configuration -## -ldap: - enabled: false - url: '' - server: '' - port: '' - prefix: '' - suffix: '' - baseDN: '' - bindDN: '' - bind_password: - search_attr: '' - search_filter: '' - scheme: '' - tls: false - -## PostgreSQL service configuration -service: - ## PosgresSQL service type - type: ClusterIP - # clusterIP: None - port: 5432 - - ## Specify the nodePort value for the LoadBalancer and NodePort service types. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## - # nodePort: - - ## Provide any additional annotations which may be required. Evaluated as a template. - ## - annotations: {} - ## Set the LoadBalancer service type to internal only. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - # loadBalancerIP: - ## Load Balancer sources. Evaluated as a template. - ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## - # loadBalancerSourceRanges: - # - 10.10.10.0/24 - -## Start master and slave(s) pod(s) without limitations on shm memory. -## By default docker and containerd (and possibly other container runtimes) -## limit `/dev/shm` to `64M` (see e.g. the -## [docker issue](https://github.com/docker-library/postgres/issues/416) and the -## [containerd issue](https://github.com/containerd/containerd/issues/3654), -## which could be not enough if PostgreSQL uses parallel workers heavily. -## -shmVolume: - ## Set `shmVolume.enabled` to `true` to mount a new tmpfs volume to remove - ## this limitation. - ## - enabled: true - ## Set to `true` to `chmod 777 /dev/shm` on a initContainer. - ## This option is ingored if `volumePermissions.enabled` is `false` - ## - chmod: - enabled: true - -## PostgreSQL data Persistent Volume Storage Class -## If defined, storageClassName: -## If set to "-", storageClassName: "", which disables dynamic provisioning -## If undefined (the default) or set to null, no storageClassName spec is -## set, choosing the default provisioner. (gp2 on AWS, standard on -## GKE, AWS & OpenStack) -## -persistence: - enabled: true - ## A manually managed Persistent Volume and Claim - ## If defined, PVC must be created manually before volume will be bound - ## The value is evaluated as a template, so, for example, the name can depend on .Release or .Chart - ## - # existingClaim: - - ## The path the volume will be mounted at, useful when using different - ## PostgreSQL images. - ## - mountPath: /bitnami/postgresql - - ## The subdirectory of the volume to mount to, useful in dev environments - ## and one PV for multiple services. - ## - subPath: '' - - # storageClass: "-" - accessModes: - - ReadWriteOnce - size: 8Gi - annotations: {} - -## updateStrategy for PostgreSQL StatefulSet and its slaves StatefulSets -## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies -updateStrategy: - type: RollingUpdate - -## -## PostgreSQL Master parameters -## -master: - ## Node, affinity, tolerations, and priorityclass settings for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature - ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption - nodeSelector: {} - affinity: {} - tolerations: [] - labels: {} - annotations: {} - podLabels: {} - podAnnotations: {} - priorityClassName: '' - ## Extra init containers - ## Example - ## - ## extraInitContainers: - ## - name: do-something - ## image: busybox - ## command: ['do', 'something'] - extraInitContainers: [] - - ## Additional PostgreSQL Master Volume mounts - ## - extraVolumeMounts: [] - ## Additional PostgreSQL Master Volumes - ## - extraVolumes: [] - ## Add sidecars to the pod - ## - ## For example: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - sidecars: [] - - ## Override the service configuration for master - ## - service: {} - # type: - # nodePort: - # clusterIP: - -## -## PostgreSQL Slave parameters -## -slave: - ## Node, affinity, tolerations, and priorityclass settings for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature - ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption - nodeSelector: {} - affinity: {} - tolerations: [] - labels: {} - annotations: {} - podLabels: {} - podAnnotations: {} - priorityClassName: '' - extraInitContainers: | - # - name: do-something - # image: busybox - # command: ['do', 'something'] - ## Additional PostgreSQL Slave Volume mounts - ## - extraVolumeMounts: [] - ## Additional PostgreSQL Slave Volumes - ## - extraVolumes: [] - ## Add sidecars to the pod - ## - ## For example: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - sidecars: [] - - ## Override the service configuration for slave - ## - service: {} - # type: - # nodePort: - # clusterIP: - ## Whether to enable PostgreSQL slave replicas data Persistent - ## - persistence: - enabled: true - -## Configure resource requests and limits -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## -resources: - requests: - memory: 256Mi - cpu: 250m - -## Add annotations to all the deployed resources -## -commonAnnotations: {} - -networkPolicy: - ## Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now. - ## - enabled: false - - ## The Policy model to apply. When set to false, only pods with the correct - ## client label will have network access to the port PostgreSQL is listening - ## on. When true, PostgreSQL will accept connections from any source - ## (with the correct destination port). - ## - allowExternal: true - - ## if explicitNamespacesSelector is missing or set to {}, only client Pods that are in the networkPolicy's namespace - ## and that match other criteria, the ones that have the good label, can reach the DB. - ## But sometimes, we want the DB to be accessible to clients from other namespaces, in this case, we can use this - ## LabelSelector to select these namespaces, note that the networkPolicy's namespace should also be explicitly added. - ## - ## Example: - ## explicitNamespacesSelector: - ## matchLabels: - ## role: frontend - ## matchExpressions: - ## - {key: role, operator: In, values: [frontend]} - explicitNamespacesSelector: {} - -## Configure extra options for liveness and readiness probes -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) -livenessProbe: - enabled: true - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - -readinessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - -## -## TLS configuration -## -tls: - # Enable TLS traffic - enabled: false - # - # Whether to use the server's TLS cipher preferences rather than the client's. - preferServerCiphers: true - # - # Name of the Secret that contains the certificates - certificatesSecret: '' - # - # Certificate filename - certFilename: '' - # - # Certificate Key filename - certKeyFilename: '' - # - # CA Certificate filename - # If provided, PostgreSQL will authenticate TLS/SSL clients by requesting them a certificate - # ref: https://www.postgresql.org/docs/9.6/auth-methods.html - certCAFilename: - # - # File containing a Certificate Revocation List - crlFilename: - -## Configure metrics exporter -## -metrics: - enabled: false - # resources: {} - service: - type: ClusterIP - annotations: - prometheus.io/scrape: 'true' - prometheus.io/port: '9187' - loadBalancerIP: - serviceMonitor: - enabled: false - additionalLabels: {} - # namespace: monitoring - # interval: 30s - # scrapeTimeout: 10s - ## Custom PrometheusRule to be defined - ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart - ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions - prometheusRule: - enabled: false - additionalLabels: {} - namespace: '' - ## These are just examples rules, please adapt them to your needs. - ## Make sure to constraint the rules to the current postgresql service. - ## rules: - ## - alert: HugeReplicationLag - ## expr: pg_replication_lag{service="{{ template "postgresql.fullname" . }}-metrics"} / 3600 > 1 - ## for: 1m - ## labels: - ## severity: critical - ## annotations: - ## description: replication for {{ template "postgresql.fullname" . }} PostgreSQL is lagging by {{ "{{ $value }}" }} hour(s). - ## summary: PostgreSQL replication is lagging by {{ "{{ $value }}" }} hour(s). - rules: [] - - image: - registry: docker.io - repository: bitnami/postgres-exporter - tag: 0.8.0-debian-10-r188 - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - ## Define additional custom metrics - ## ref: https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file - # customMetrics: - # pg_database: - # query: "SELECT d.datname AS name, CASE WHEN pg_catalog.has_database_privilege(d.datname, 'CONNECT') THEN pg_catalog.pg_database_size(d.datname) ELSE 0 END AS size_bytes FROM pg_catalog.pg_database d where datname not in ('template0', 'template1', 'postgres')" - # metrics: - # - name: - # usage: "LABEL" - # description: "Name of the database" - # - size_bytes: - # usage: "GAUGE" - # description: "Size of the database in bytes" - # - ## An array to add extra env vars to configure postgres-exporter - ## see: https://github.com/wrouesnel/postgres_exporter#environment-variables - ## For example: - # extraEnvVars: - # - name: PG_EXPORTER_DISABLE_DEFAULT_METRICS - # value: "true" - extraEnvVars: {} - - ## Pod Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - ## - securityContext: - enabled: false - runAsUser: 1001 - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) - ## Configure extra options for liveness and readiness probes - livenessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - - readinessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/ci/access-tls-values.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/ci/access-tls-values.yaml deleted file mode 100755 index b82db72d7..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/ci/access-tls-values.yaml +++ /dev/null @@ -1,11 +0,0 @@ -databaseUpgradeReady: true -artifactory: - masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF -# To Fix ct tool --reuse-values - PASSWORDS ERROR: you must provide your current passwords when upgrade the release -postgresql: - postgresqlPassword: password -access: - accessConfig: - security: - tls: true - resetAccessCAKeys: true diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/ci/default-values.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/ci/default-values.yaml deleted file mode 100755 index 1ebf93823..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/ci/default-values.yaml +++ /dev/null @@ -1,9 +0,0 @@ -# Leave this file empty to ensure that CI runs builds against the default configuration in values.yaml. -databaseUpgradeReady: true -## This is an exception here because HA needs masterKey to connect with other node members and it is commented in values to support 6.x to 7.x Migration -## Please refer https://github.com/jfrog/charts/blob/master/stable/artifactory-ha/README.md#special-upgrade-notes-1 -artifactory: - masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF -# To Fix ct tool --reuse-values - PASSWORDS ERROR: you must provide your current passwords when upgrade the release -postgresql: - postgresqlPassword: password diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/ci/global-values.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/ci/global-values.yaml deleted file mode 100755 index e6fb0c283..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/ci/global-values.yaml +++ /dev/null @@ -1,47 +0,0 @@ -databaseUpgradeReady: true -# To Fix ct tool --reuse-values - PASSWORDS ERROR: you must provide your current passwords when upgrade the release -postgresql: - postgresqlPassword: password -global: - versions: - artifactory: 7.12.8 - masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF - joinKey: EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE - customInitContainers: | - - name: "custom-setup" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" - command: - - 'sh' - - '-c' - - 'touch {{ .Values.artifactory.persistence.mountPath }}/example-custom-setup' - volumeMounts: - - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - name: volume - # Add custom volumes - customVolumes: | - - name: custom-script - emptyDir: - sizeLimit: 100Mi - # Add custom volumesMounts - customVolumeMounts: | - - name: custom-script - mountPath: "/scripts" - # Add custom sidecar containers - customSidecarContainers: | - - name: "sidecar-list-etc" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" - securityContext: - allowPrivilegeEscalation: false - command: ["sh","-c","echo 'Sidecar is running' >> /scripts/sidecar.txt; cat /scripts/sidecar.txt; while true; do sleep 30; done"] - volumeMounts: - - mountPath: "/scripts" - name: custom-script - resources: - requests: - memory: "32Mi" - cpu: "50m" - limits: - memory: "128Mi" - cpu: "100m" diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/ci/migration-disabled-values.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/ci/migration-disabled-values.yaml deleted file mode 100755 index 6c1e2587f..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/ci/migration-disabled-values.yaml +++ /dev/null @@ -1,8 +0,0 @@ -databaseUpgradeReady: true -# To Fix ct tool --reuse-values - PASSWORDS ERROR: you must provide your current passwords when upgrade the release -postgresql: - postgresqlPassword: password -artifactory: - masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF - migration: - enabled: false diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/ci/test-values.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/ci/test-values.yaml deleted file mode 100755 index efe3241d8..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/ci/test-values.yaml +++ /dev/null @@ -1,12 +0,0 @@ -databaseUpgradeReady: true -artifactory: - masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF - persistence: - enabled: true - -postgresql: - postgresqlPassword: "password" - postgresqlExtendedConf: - maxConnections: "102" - persistence: - enabled: true diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/files/migrate.sh b/charts/artifactory-ha/artifactory-ha/4.13.000/files/migrate.sh deleted file mode 100755 index e35bfdbb2..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/files/migrate.sh +++ /dev/null @@ -1,4339 +0,0 @@ -#!/bin/bash - -# Flags -FLAG_Y="y" -FLAG_N="n" -FLAGS_Y_N="$FLAG_Y $FLAG_N" -FLAG_NOT_APPLICABLE="_NA_" - -CURRENT_VERSION=$1 - -WRAPPER_SCRIPT_TYPE_RPMDEB="RPMDEB" -WRAPPER_SCRIPT_TYPE_DOCKER_COMPOSE="DOCKERCOMPOSE" - -SENSITIVE_KEY_VALUE="__sensitive_key_hidden___" - -# Shared system keys -SYS_KEY_SHARED_JFROGURL="shared.jfrogUrl" -SYS_KEY_SHARED_SECURITY_JOINKEY="shared.security.joinKey" -SYS_KEY_SHARED_SECURITY_MASTERKEY="shared.security.masterKey" - -SYS_KEY_SHARED_NODE_ID="shared.node.id" -SYS_KEY_SHARED_JAVAHOME="shared.javaHome" - -SYS_KEY_SHARED_DATABASE_TYPE="shared.database.type" -SYS_KEY_SHARED_DATABASE_TYPE_VALUE_POSTGRES="postgresql" -SYS_KEY_SHARED_DATABASE_DRIVER="shared.database.driver" -SYS_KEY_SHARED_DATABASE_URL="shared.database.url" -SYS_KEY_SHARED_DATABASE_USERNAME="shared.database.username" -SYS_KEY_SHARED_DATABASE_PASSWORD="shared.database.password" - -SYS_KEY_SHARED_ELASTICSEARCH_URL="shared.elasticsearch.url" -SYS_KEY_SHARED_ELASTICSEARCH_USERNAME="shared.elasticsearch.username" -SYS_KEY_SHARED_ELASTICSEARCH_PASSWORD="shared.elasticsearch.password" -SYS_KEY_SHARED_ELASTICSEARCH_CLUSTERSETUP="shared.elasticsearch.clusterSetup" -SYS_KEY_SHARED_ELASTICSEARCH_UNICASTFILE="shared.elasticsearch.unicastFile" -SYS_KEY_SHARED_ELASTICSEARCH_CLUSTERSETUP_VALUE="YES" - -# Define this in product specific script. Should contain the path to unitcast file -# File used by insight server to write cluster active nodes info. This will be read by elasticsearch -#SYS_KEY_SHARED_ELASTICSEARCH_UNICASTFILE_VALUE="" - -SYS_KEY_RABBITMQ_ACTIVE_NODE_NAME="shared.rabbitMq.active.node.name" -SYS_KEY_RABBITMQ_ACTIVE_NODE_IP="shared.rabbitMq.active.node.ip" - -# Filenames -FILE_NAME_SYSTEM_YAML="system.yaml" -FILE_NAME_JOIN_KEY="join.key" -FILE_NAME_MASTER_KEY="master.key" -FILE_NAME_INSTALLER_YAML="installer.yaml" - -# Global constants used in business logic -NODE_TYPE_STANDALONE="standalone" -NODE_TYPE_CLUSTER_NODE="node" -NODE_TYPE_DATABASE="database" - -# External(isable) databases -DATABASE_POSTGRES="POSTGRES" -DATABASE_ELASTICSEARCH="ELASTICSEARCH" -DATABASE_RABBITMQ="RABBITMQ" - -POSTGRES_LABEL="PostgreSQL" -ELASTICSEARCH_LABEL="Elasticsearch" -RABBITMQ_LABEL="Rabbitmq" - -ARTIFACTORY_LABEL="Artifactory" -JFMC_LABEL="Mission Control" -DISTRIBUTION_LABEL="Distribution" -XRAY_LABEL="Xray" - -POSTGRES_CONTAINER="postgres" -ELASTICSEARCH_CONTAINER="elasticsearch" -RABBITMQ_CONTAINER="rabbitmq" -REDIS_CONTAINER="redis" - -#Adding a small timeout before a read ensures it is positioned correctly in the screen -read_timeout=0.5 - -# Options related to data directory location -PROMPT_DATA_DIR_LOCATION="Installation Directory" -KEY_DATA_DIR_LOCATION="installer.data_dir" - -SYS_KEY_SHARED_NODE_HAENABLED="shared.node.haEnabled" -PROMPT_ADD_TO_CLUSTER="Are you adding an additional node to an existing product cluster?" -KEY_ADD_TO_CLUSTER="installer.ha" -VALID_VALUES_ADD_TO_CLUSTER="$FLAGS_Y_N" - -MESSAGE_POSTGRES_INSTALL="The installer can install a $POSTGRES_LABEL database, or you can connect to an existing compatible $POSTGRES_LABEL database\n(compatible databases: https://www.jfrog.com/confluence/display/JFROG/System+Requirements#SystemRequirements-RequirementsMatrix)" -PROMPT_POSTGRES_INSTALL="Do you want to install $POSTGRES_LABEL?" -KEY_POSTGRES_INSTALL="installer.install_postgresql" -VALID_VALUES_POSTGRES_INSTALL="$FLAGS_Y_N" - -# Postgres connection details -RPM_DEB_POSTGRES_HOME_DEFAULT="/var/opt/jfrog/postgres" -RPM_DEB_MESSAGE_STANDALONE_POSTGRES_DATA="$POSTGRES_LABEL home will have data and its configuration" -RPM_DEB_PROMPT_STANDALONE_POSTGRES_DATA="Type desired $POSTGRES_LABEL home location" -RPM_DEB_KEY_STANDALONE_POSTGRES_DATA="installer.postgresql.home" - -MESSAGE_DATABASE_URL="Provide the database connection details" -PROMPT_DATABASE_URL(){ - local databaseURlExample= - case "$PRODUCT_NAME" in - $ARTIFACTORY_LABEL) - databaseURlExample="jdbc:postgresql://:/artifactory" - ;; - $JFMC_LABEL) - databaseURlExample="postgresql://:/mission_control?sslmode=disable" - ;; - $DISTRIBUTION_LABEL) - databaseURlExample="jdbc:postgresql://:/distribution?sslmode=disable" - ;; - $XRAY_LABEL) - databaseURlExample="postgres://:/xraydb?sslmode=disable" - ;; - esac - if [ -z "$databaseURlExample" ]; then - echo -n "$POSTGRES_LABEL URL" # For consistency with username and password - return - fi - echo -n "$POSTGRES_LABEL url. Example: [$databaseURlExample]" -} -REGEX_DATABASE_URL(){ - local databaseURlExample= - case "$PRODUCT_NAME" in - $ARTIFACTORY_LABEL) - databaseURlExample="jdbc:postgresql://.*/artifactory.*" - ;; - $JFMC_LABEL) - databaseURlExample="postgresql://.*/mission_control.*" - ;; - $DISTRIBUTION_LABEL) - databaseURlExample="jdbc:postgresql://.*/distribution.*" - ;; - $XRAY_LABEL) - databaseURlExample="postgres://.*/xraydb.*" - ;; - esac - echo -n "^$databaseURlExample\$" -} -ERROR_MESSAGE_DATABASE_URL="Invalid $POSTGRES_LABEL URL" -KEY_DATABASE_URL="$SYS_KEY_SHARED_DATABASE_URL" -#NOTE: It is important to display the label. Since the message may be hidden if URL is known -PROMPT_DATABASE_USERNAME="$POSTGRES_LABEL username" -KEY_DATABASE_USERNAME="$SYS_KEY_SHARED_DATABASE_USERNAME" -#NOTE: It is important to display the label. Since the message may be hidden if URL is known -PROMPT_DATABASE_PASSWORD="$POSTGRES_LABEL password" -KEY_DATABASE_PASSWORD="$SYS_KEY_SHARED_DATABASE_PASSWORD" -IS_SENSITIVE_DATABASE_PASSWORD="$FLAG_Y" - -MESSAGE_STANDALONE_ELASTICSEARCH_INSTALL="The installer can install a $ELASTICSEARCH_LABEL database or you can connect to an existing compatible $ELASTICSEARCH_LABEL database" -PROMPT_STANDALONE_ELASTICSEARCH_INSTALL="Do you want to install $ELASTICSEARCH_LABEL?" -KEY_STANDALONE_ELASTICSEARCH_INSTALL="installer.install_elasticsearch" -VALID_VALUES_STANDALONE_ELASTICSEARCH_INSTALL="$FLAGS_Y_N" - -# Elasticsearch connection details -MESSAGE_ELASTICSEARCH_DETAILS="Provide the $ELASTICSEARCH_LABEL connection details" -PROMPT_ELASTICSEARCH_URL="$ELASTICSEARCH_LABEL URL" -KEY_ELASTICSEARCH_URL="$SYS_KEY_SHARED_ELASTICSEARCH_URL" - -PROMPT_ELASTICSEARCH_USERNAME="$ELASTICSEARCH_LABEL username" -KEY_ELASTICSEARCH_USERNAME="$SYS_KEY_SHARED_ELASTICSEARCH_USERNAME" - -PROMPT_ELASTICSEARCH_PASSWORD="$ELASTICSEARCH_LABEL password" -KEY_ELASTICSEARCH_PASSWORD="$SYS_KEY_SHARED_ELASTICSEARCH_PASSWORD" -IS_SENSITIVE_ELASTICSEARCH_PASSWORD="$FLAG_Y" - -# Cluster related questions -MESSAGE_CLUSTER_MASTER_KEY="Provide the cluster's master key. It can be found in the data directory of the first node under /etc/security/master.key" -PROMPT_CLUSTER_MASTER_KEY="Master Key" -KEY_CLUSTER_MASTER_KEY="$SYS_KEY_SHARED_SECURITY_MASTERKEY" -IS_SENSITIVE_CLUSTER_MASTER_KEY="$FLAG_Y" - -MESSAGE_JOIN_KEY="The Join key is the secret key used to establish trust between services in the JFrog Platform.\n(You can copy the Join Key from Admin > Security > Settings)" -PROMPT_JOIN_KEY="Join Key" -KEY_JOIN_KEY="$SYS_KEY_SHARED_SECURITY_JOINKEY" -IS_SENSITIVE_JOIN_KEY="$FLAG_Y" -REGEX_JOIN_KEY="^[a-zA-Z0-9]{16,}\$" -ERROR_MESSAGE_JOIN_KEY="Invalid Join Key" - -# Rabbitmq related cluster information -MESSAGE_RABBITMQ_ACTIVE_NODE_NAME="Provide an active ${RABBITMQ_LABEL} node name. Run the command [ hostname -s ] on any of the existing nodes in the product cluster to get this" -PROMPT_RABBITMQ_ACTIVE_NODE_NAME="${RABBITMQ_LABEL} active node name" -KEY_RABBITMQ_ACTIVE_NODE_NAME="$SYS_KEY_RABBITMQ_ACTIVE_NODE_NAME" - -# Rabbitmq related cluster information (necessary only for docker-compose) -PROMPT_RABBITMQ_ACTIVE_NODE_IP="${RABBITMQ_LABEL} active node ip" -KEY_RABBITMQ_ACTIVE_NODE_IP="$SYS_KEY_RABBITMQ_ACTIVE_NODE_IP" - -MESSAGE_JFROGURL(){ - echo -e "The JFrog URL allows ${PRODUCT_NAME} to connect to a JFrog Platform Instance.\n(You can copy the JFrog URL from Admin > Security > Settings)" -} -PROMPT_JFROGURL="JFrog URL" -KEY_JFROGURL="$SYS_KEY_SHARED_JFROGURL" -REGEX_JFROGURL="^https?://.*:{0,}[0-9]{0,4}\$" -ERROR_MESSAGE_JFROGURL="Invalid JFrog URL" - - -# Set this to FLAG_Y on upgrade -IS_UPGRADE="${FLAG_N}" - -# This belongs in JFMC but is the ONLY one that needs it so keeping it here for now. Can be made into a method and overridden if necessary -MESSAGE_MULTIPLE_PG_SCHEME="Please setup $POSTGRES_LABEL with schema as described in https://www.jfrog.com/confluence/display/JFROG/Installing+Mission+Control" - -_getMethodOutputOrVariableValue() { - unset EFFECTIVE_MESSAGE - local keyToSearch=$1 - local effectiveMessage= - local result="0" - # logSilly "Searching for method: [$keyToSearch]" - LC_ALL=C type "$keyToSearch" > /dev/null 2>&1 || result="$?" - if [[ "$result" == "0" ]]; then - # logSilly "Found method for [$keyToSearch]" - EFFECTIVE_MESSAGE="$($keyToSearch)" - return - fi - eval EFFECTIVE_MESSAGE=\${$keyToSearch} - if [ ! -z "$EFFECTIVE_MESSAGE" ]; then - return - fi - # logSilly "Didn't find method or variable for [$keyToSearch]" -} - - -# REF https://misc.flogisoft.com/bash/tip_colors_and_formatting -cClear="\e[0m" -cBlue="\e[38;5;69m" -cRedDull="\e[1;31m" -cYellow="\e[1;33m" -cRedBright="\e[38;5;197m" -cBold="\e[1m" - - -_loggerGetModeRaw() { - local MODE="$1" - case $MODE in - INFO) - printf "" - ;; - DEBUG) - printf "%s" "[${MODE}] " - ;; - WARN) - printf "${cRedDull}%s%s${cClear}" "[" "${MODE}" "] " - ;; - ERROR) - printf "${cRedBright}%s%s${cClear}" "[" "${MODE}" "] " - ;; - esac -} - - -_loggerGetMode() { - local MODE="$1" - case $MODE in - INFO) - printf "${cBlue}%s%-5s%s${cClear}" "[" "${MODE}" "]" - ;; - DEBUG) - printf "%-7s" "[${MODE}]" - ;; - WARN) - printf "${cRedDull}%s%-5s%s${cClear}" "[" "${MODE}" "]" - ;; - ERROR) - printf "${cRedBright}%s%-5s%s${cClear}" "[" "${MODE}" "]" - ;; - esac -} - -# Capitalises the first letter of the message -_loggerGetMessage() { - local originalMessage="$*" - local firstChar=$(echo "${originalMessage:0:1}" | awk '{ print toupper($0) }') - local resetOfMessage="${originalMessage:1}" - echo "$firstChar$resetOfMessage" -} - -# The spec also says content should be left-trimmed but this is not necessary in our case. We don't reach the limit. -_loggerGetStackTrace() { - printf "%s%-30s%s" "[" "$1:$2" "]" -} - -_loggerGetThread() { - printf "%s" "[main]" -} - -_loggerGetServiceType() { - printf "%s%-5s%s" "[" "shell" "]" -} - -#Trace ID is not applicable to scripts -_loggerGetTraceID() { - printf "%s" "[]" -} - -logRaw() { - echo "" - printf "$1" - echo "" -} - -logBold(){ - echo "" - printf "${cBold}$1${cClear}" - echo "" -} - -# The date binary works differently based on whether it is GNU/BSD -is_date_supported=0 -date --version > /dev/null 2>&1 || is_date_supported=1 -IS_GNU=$(echo $is_date_supported) - -_loggerGetTimestamp() { - if [ "${IS_GNU}" == "0" ]; then - echo -n $(date -u +%FT%T.%3NZ) - else - echo -n $(date -u +%FT%T.000Z) - fi -} - -# https://www.shellscript.sh/tips/spinner/ -_spin() -{ - spinner="/|\\-/|\\-" - while : - do - for i in `seq 0 7` - do - echo -n "${spinner:$i:1}" - echo -en "\010" - sleep 1 - done - done -} - -showSpinner() { - # Start the Spinner: - _spin & - # Make a note of its Process ID (PID): - SPIN_PID=$! - # Kill the spinner on any signal, including our own exit. - trap "kill -9 $SPIN_PID" `seq 0 15` &> /dev/null || return 0 -} - -stopSpinner() { - local occurrences=$(ps -ef | grep -wc "${SPIN_PID}") - let "occurrences+=0" - # validate that it is present (2 since this search itself will show up in the results) - if [ $occurrences -gt 1 ]; then - kill -9 $SPIN_PID &>/dev/null || return 0 - wait $SPIN_ID &>/dev/null - fi -} - -_getEffectiveMessage(){ - local MESSAGE="$1" - local MODE=${2-"INFO"} - - if [ -z "$CONTEXT" ]; then - CONTEXT=$(caller) - fi - - _EFFECTIVE_MESSAGE= - if [ -z "$LOG_BEHAVIOR_ADD_META" ]; then - _EFFECTIVE_MESSAGE="$(_loggerGetModeRaw $MODE)$(_loggerGetMessage $MESSAGE)" - else - local SERVICE_TYPE="script" - local TRACE_ID="" - local THREAD="main" - - local CONTEXT_LINE=$(echo "$CONTEXT" | awk '{print $1}') - local CONTEXT_FILE=$(echo "$CONTEXT" | awk -F"/" '{print $NF}') - - _EFFECTIVE_MESSAGE="$(_loggerGetTimestamp) $(_loggerGetServiceType) $(_loggerGetMode $MODE) $(_loggerGetTraceID) $(_loggerGetStackTrace $CONTEXT_FILE $CONTEXT_LINE) $(_loggerGetThread) - $(_loggerGetMessage $MESSAGE)" - fi - CONTEXT= -} - -# Important - don't call any log method from this method. Will become an infinite loop. Use echo to debug -_logToFile() { - local MODE=${1-"INFO"} - local targetFile="$LOG_BEHAVIOR_ADD_REDIRECTION" - # IF the file isn't passed, abort - if [ -z "$targetFile" ]; then - return - fi - # IF this is not being run in verbose mode and mode is debug or lower, abort - if [ "${VERBOSE_MODE}" != "$FLAG_Y" ] && [ "${VERBOSE_MODE}" != "true" ] && [ "${VERBOSE_MODE}" != "debug" ]; then - if [ "$MODE" == "DEBUG" ] || [ "$MODE" == "SILLY" ]; then - return - fi - fi - - # Create the file if it doesn't exist - if [ ! -f "${targetFile}" ]; then - return - # touch $targetFile > /dev/null 2>&1 || true - fi - # # Make it readable - # chmod 640 $targetFile > /dev/null 2>&1 || true - - # Log contents - printf "%s\n" "$_EFFECTIVE_MESSAGE" >> "$targetFile" || true -} - -logger() { - if [ "$LOG_BEHAVIOR_ADD_NEW_LINE" == "$FLAG_Y" ]; then - echo "" - fi - _getEffectiveMessage "$@" - local MODE=${2-"INFO"} - printf "%s\n" "$_EFFECTIVE_MESSAGE" - _logToFile "$MODE" -} - -logDebug(){ - VERBOSE_MODE=${VERBOSE_MODE-"false"} - CONTEXT=$(caller) - if [ "${VERBOSE_MODE}" == "$FLAG_Y" ] || [ "${VERBOSE_MODE}" == "true" ] || [ "${VERBOSE_MODE}" == "debug" ];then - logger "$1" "DEBUG" - else - logger "$1" "DEBUG" >&6 - fi - CONTEXT= -} - -logSilly(){ - VERBOSE_MODE=${VERBOSE_MODE-"false"} - CONTEXT=$(caller) - if [ "${VERBOSE_MODE}" == "silly" ];then - logger "$1" "DEBUG" - else - logger "$1" "DEBUG" >&6 - fi - CONTEXT= -} - -logError() { - CONTEXT=$(caller) - logger "$1" "ERROR" - CONTEXT= -} - -errorExit () { - CONTEXT=$(caller) - logger "$1" "ERROR" - CONTEXT= - exit 1 -} - -warn () { - CONTEXT=$(caller) - logger "$1" "WARN" - CONTEXT= -} - -note () { - CONTEXT=$(caller) - logger "$1" "NOTE" - CONTEXT= -} - -bannerStart() { - title=$1 - echo - echo -e "\033[1m${title}\033[0m" - echo -} - -bannerSection() { - title=$1 - echo - echo -e "******************************** ${title} ********************************" - echo -} - -bannerSubSection() { - title=$1 - echo - echo -e "************** ${title} *******************" - echo -} - -bannerMessge() { - title=$1 - echo - echo -e "********************************" - echo -e "${title}" - echo -e "********************************" - echo -} - -setRed () { - local input="$1" - echo -e \\033[31m${input}\\033[0m -} -setGreen () { - local input="$1" - echo -e \\033[32m${input}\\033[0m -} -setYellow () { - local input="$1" - echo -e \\033[33m${input}\\033[0m -} - -logger_addLinebreak () { - echo -e "---\n" -} - -bannerImportant() { - title=$1 - local bold="\033[1m" - local noColour="\033[0m" - echo - echo -e "${bold}######################################## IMPORTANT ########################################${noColour}" - echo -e "${bold}${title}${noColour}" - echo -e "${bold}###########################################################################################${noColour}" - echo -} - -bannerEnd() { - #TODO pass a title and calculate length dynamically so that start and end look alike - echo - echo "*****************************************************************************" - echo -} - -banner() { - title=$1 - content=$2 - bannerStart "${title}" - echo -e "$content" -} - -# The logic below helps us redirect content we'd normally hide to the log file. - # - # We have several commands which clutter the console with output and so use - # `cmd > /dev/null` - this redirects the command's output to null. - # - # However, the information we just hid maybe useful for support. Using the code pattern - # `cmd >&6` (instead of `cmd> >/dev/null` ), the command's output is hidden from the console - # but redirected to the installation log file - # - -#Default value of 6 is just null -exec 6>>/dev/null -redirectLogsToFile() { - echo "" - # local file=$1 - - # [ ! -z "${file}" ] || return 0 - - # local logDir=$(dirname "$file") - - # if [ ! -f "${file}" ]; then - # [ -d "${logDir}" ] || mkdir -p ${logDir} || \ - # ( echo "WARNING : Could not create parent directory (${logDir}) to redirect console log : ${file}" ; return 0 ) - # fi - - # #6 now points to the log file - # exec 6>>${file} - # #reference https://unix.stackexchange.com/questions/145651/using-exec-and-tee-to-redirect-logs-to-stdout-and-a-log-file-in-the-same-time - # exec 2>&1 > >(tee -a "${file}") -} - -# Check if a give key contains any sensitive string as part of it -# Based on the result, the caller can decide its value can be displayed or not -# Sample usage : isKeySensitive "${key}" && displayValue="******" || displayValue=${value} -isKeySensitive(){ - local key=$1 - local sensitiveKeys="password|secret|key|token" - - if [ -z "${key}" ]; then - return 1 - else - local lowercaseKey=$(echo "${key}" | tr '[:upper:]' '[:lower:]' 2>/dev/null) - [[ "${lowercaseKey}" =~ ${sensitiveKeys} ]] && return 0 || return 1 - fi -} - -getPrintableValueOfKey(){ - local displayValue= - local key="$1" - if [ -z "$key" ]; then - # This is actually an incorrect usage of this method but any logging will cause unexpected content in the caller - echo -n "" - return - fi - - local value="$2" - isKeySensitive "${key}" && displayValue="$SENSITIVE_KEY_VALUE" || displayValue="${value}" - echo -n $displayValue -} - -_createConsoleLog(){ - if [ -z "${JF_PRODUCT_HOME}" ]; then - return - fi - local targetFile="${JF_PRODUCT_HOME}/var/log/console.log" - mkdir -p "${JF_PRODUCT_HOME}/var/log" || true - if [ ! -f ${targetFile} ]; then - touch $targetFile > /dev/null 2>&1 || true - fi - chmod 640 $targetFile > /dev/null 2>&1 || true -} - -# Output from application's logs are piped to this method. It checks a configuration variable to determine if content should be logged to -# the common console.log file -redirectServiceLogsToFile() { - - local result="0" - # check if the function getSystemValue exists - LC_ALL=C type getSystemValue > /dev/null 2>&1 || result="$?" - if [[ "$result" != "0" ]]; then - warn "Couldn't find the systemYamlHelper. Skipping log redirection" - return 0 - fi - - getSystemValue "shared.consoleLog" "NOT_SET" - if [[ "${YAML_VALUE}" == "false" ]]; then - logger "Redirection is set to false. Skipping log redirection" - return 0; - fi - - if [ -z "${JF_PRODUCT_HOME}" ] || [ "${JF_PRODUCT_HOME}" == "" ]; then - warn "JF_PRODUCT_HOME is unavailable. Skipping log redirection" - return 0 - fi - - local targetFile="${JF_PRODUCT_HOME}/var/log/console.log" - - _createConsoleLog - - while read -r line; do - printf '%s\n' "${line}" >> $targetFile || return 0 # Don't want to log anything - might clutter the screen - done -} - -## Display environment variables starting with JF_ along with its value -## Value of sensitive keys will be displayed as "******" -## -## Sample Display : -## -## ======================== -## JF Environment variables -## ======================== -## -## JF_SHARED_NODE_ID : locahost -## JF_SHARED_JOINKEY : ****** -## -## -displayEnv() { - local JFEnv=$(printenv | grep ^JF_ 2>/dev/null) - local key= - local value= - - if [ -z "${JFEnv}" ]; then - return - fi - - cat << ENV_START_MESSAGE - -======================== -JF Environment variables -======================== -ENV_START_MESSAGE - - for entry in ${JFEnv}; do - key=$(echo "${entry}" | awk -F'=' '{print $1}') - value=$(echo "${entry}" | awk -F'=' '{print $2}') - - isKeySensitive "${key}" && value="******" || value=${value} - - printf "\n%-35s%s" "${key}" " : ${value}" - done - echo; -} - -_addLogRotateConfiguration() { - logDebug "Method ${FUNCNAME[0]}" - # mandatory inputs - local confFile="$1" - local logFile="$2" - - # Method available in _ioOperations.sh - LC_ALL=C type io_setYQPath > /dev/null 2>&1 || return 1 - - io_setYQPath - - # Method available in _systemYamlHelper.sh - LC_ALL=C type getSystemValue > /dev/null 2>&1 || return 1 - - local frequency="daily" - local archiveFolder="archived" - - local compressLogFiles= - getSystemValue "shared.logging.rotation.compress" "true" - if [[ "${YAML_VALUE}" == "true" ]]; then - compressLogFiles="compress" - fi - - getSystemValue "shared.logging.rotation.maxFiles" "10" - local noOfBackupFiles="${YAML_VALUE}" - - getSystemValue "shared.logging.rotation.maxSizeMb" "25" - local sizeOfFile="${YAML_VALUE}M" - - logDebug "Adding logrotate configuration for [$logFile] to [$confFile]" - - # Add configuration to file - local confContent=$(cat << LOGROTATECONF -$logFile { - $frequency - missingok - rotate $noOfBackupFiles - $compressLogFiles - notifempty - olddir $archiveFolder - dateext - extension .log - dateformat -%Y-%m-%d - size ${sizeOfFile} -} -LOGROTATECONF -) - echo "${confContent}" > ${confFile} || return 1 -} - -_operationIsBySameUser() { - local targetUser="$1" - local currentUserID=$(id -u) - local currentUserName=$(id -un) - - if [ $currentUserID == $targetUser ] || [ $currentUserName == $targetUser ]; then - echo -n "yes" - else - echo -n "no" - fi -} - -_addCronJobForLogrotate() { - logDebug "Method ${FUNCNAME[0]}" - - # Abort if logrotate is not available - [ "$(io_commandExists 'crontab')" != "yes" ] && warn "cron is not available" && return 1 - - # mandatory inputs - local productHome="$1" - local confFile="$2" - local cronJobOwner="$3" - - # We want to use our binary if possible. It may be more recent than the one in the OS - local logrotateBinary="$productHome/app/third-party/logrotate/logrotate" - - if [ ! -f "$logrotateBinary" ]; then - logrotateBinary="logrotate" - [ "$(io_commandExists 'logrotate')" != "yes" ] && warn "logrotate is not available" && return 1 - fi - local cmd="$logrotateBinary ${confFile} --state $productHome/var/etc/logrotate/logrotate-state" #--verbose - - id -u $cronJobOwner > /dev/null 2>&1 || { warn "User $cronJobOwner does not exist. Aborting logrotate configuration" && return 1; } - - # Remove the existing line - removeLogRotation "$productHome" "$cronJobOwner" || true - - # Run logrotate daily at 23:55 hours - local cronInterval="55 23 * * * $cmd" - - local standaloneMode=$(_operationIsBySameUser "$cronJobOwner") - - # If this is standalone mode, we cannot use -u - the user running this process may not have the necessary privileges - if [ "$standaloneMode" == "no" ]; then - (crontab -l -u $cronJobOwner 2>/dev/null; echo "$cronInterval") | crontab -u $cronJobOwner - - else - (crontab -l 2>/dev/null; echo "$cronInterval") | crontab - - fi -} - -## Configure logrotate for a product -## Failure conditions: -## If logrotation could not be setup for some reason -## Parameters: -## $1: The product name -## $2: The product home -## Depends on global: none -## Updates global: none -## Returns: NA - -configureLogRotation() { - logDebug "Method ${FUNCNAME[0]}" - - # mandatory inputs - local productName="$1" - if [ -z $productName ]; then - warn "Incorrect usage. A product name is necessary for configuring log rotation" && return 1 - fi - - local productHome="$2" - if [ -z $productHome ]; then - warn "Incorrect usage. A product home folder is necessary for configuring log rotation" && return 1 - fi - - local logFile="${productHome}/var/log/console.log" - if [[ $(uname) == "Darwin" ]]; then - logger "Log rotation for [$logFile] has not been configured. Please setup manually" - return 0 - fi - - local userID="$3" - if [ -z $userID ]; then - warn "Incorrect usage. A userID is necessary for configuring log rotation" && return 1 - fi - - local groupID=${4:-$userID} - local logConfigOwner=${5:-$userID} - - logDebug "Configuring log rotation as user [$userID], group [$groupID], effective cron User [$logConfigOwner]" - - local errorMessage="Could not configure logrotate. Please configure log rotation of the file: [$logFile] manually" - - local confFile="${productHome}/var/etc/logrotate/logrotate.conf" - - # TODO move to recursive method - createDir "${productHome}" "$userID" "$groupID" || { warn "${errorMessage}" && return 1; } - createDir "${productHome}/var" "$userID" "$groupID" || { warn "${errorMessage}" && return 1; } - createDir "${productHome}/var/log" "$userID" "$groupID" || { warn "${errorMessage}" && return 1; } - createDir "${productHome}/var/log/archived" "$userID" "$groupID" || { warn "${errorMessage}" && return 1; } - - # TODO move to recursive method - createDir "${productHome}/var/etc" "$userID" "$groupID" || { warn "${errorMessage}" && return 1; } - createDir "${productHome}/var/etc/logrotate" "$logConfigOwner" || { warn "${errorMessage}" && return 1; } - - # conf file should be owned by the user running the script - createFile "${confFile}" "${logConfigOwner}" || { warn "Could not create configuration file [$confFile]" return 1; } - - _addLogRotateConfiguration "${confFile}" "${logFile}" "$userID" "$groupID" || { warn "${errorMessage}" && return 1; } - _addCronJobForLogrotate "${productHome}" "${confFile}" "${logConfigOwner}" || { warn "${errorMessage}" && return 1; } -} - -_pauseExecution() { - if [ "${VERBOSE_MODE}" == "debug" ]; then - - local breakPoint="$1" - if [ ! -z "$breakPoint" ]; then - printf "${cBlue}Breakpoint${cClear} [$breakPoint] " - echo "" - fi - printf "${cBlue}Press enter once you are ready to continue${cClear}" - read -s choice - echo "" - fi -} - -# removeLogRotation "$productHome" "$cronJobOwner" || true -removeLogRotation() { - logDebug "Method ${FUNCNAME[0]}" - if [[ $(uname) == "Darwin" ]]; then - logDebug "Not implemented for Darwin." - return 0 - fi - local productHome="$1" - local cronJobOwner="$2" - local standaloneMode=$(_operationIsBySameUser "$cronJobOwner") - - local confFile="${productHome}/var/etc/logrotate/logrotate.conf" - - if [ "$standaloneMode" == "no" ]; then - crontab -l -u $cronJobOwner 2>/dev/null | grep -v "$confFile" | crontab -u $cronJobOwner - - else - crontab -l 2>/dev/null | grep -v "$confFile" | crontab - - fi -} - -# NOTE: This method does not check the configuration to see if redirection is necessary. -# This is intentional. If we don't redirect, tomcat logs might get redirected to a folder/file -# that does not exist, causing the service itself to not start -setupTomcatRedirection() { - logDebug "Method ${FUNCNAME[0]}" - local consoleLog="${JF_PRODUCT_HOME}/var/log/console.log" - _createConsoleLog - export CATALINA_OUT="${consoleLog}" -} - -setupScriptLogsRedirection() { - logDebug "Method ${FUNCNAME[0]}" - if [ -z "${JF_PRODUCT_HOME}" ]; then - logDebug "No JF_PRODUCT_HOME. Returning" - return - fi - # Create the console.log file if it is not already present - # _createConsoleLog || true - # # Ensure any logs (logger/logError/warn) also get redirected to the console.log - # # Using installer.log as a temparory fix. Please change this to console.log once INST-291 is fixed - export LOG_BEHAVIOR_ADD_REDIRECTION="${JF_PRODUCT_HOME}/var/log/console.log" - export LOG_BEHAVIOR_ADD_META="$FLAG_Y" -} - -# Returns Y if this method is run inside a container -isRunningInsideAContainer() { - if [ -f "/.dockerenv" ]; then - echo -n "$FLAG_Y" - else - echo -n "$FLAG_N" - fi -} - -POSTGRES_USER=999 -NGINX_USER=104 -NGINX_GROUP=107 -ES_USER=1000 -REDIS_USER=999 -MONGO_USER=999 -RABBITMQ_USER=999 -LOG_FILE_PERMISSION=640 -PID_FILE_PERMISSION=644 - -# Copy file -copyFile(){ - local source=$1 - local target=$2 - local mode=${3:-overwrite} - local enableVerbose=${4:-"${FLAG_N}"} - local verboseFlag="" - - if [ ! -z "${enableVerbose}" ] && [ "${enableVerbose}" == "${FLAG_Y}" ]; then - verboseFlag="-v" - fi - - if [[ ! ( $source && $target ) ]]; then - warn "Source and target is mandatory to copy file" - return 1 - fi - - if [[ -f "${target}" ]]; then - [[ "$mode" = "overwrite" ]] && ( cp ${verboseFlag} -f "$source" "$target" || errorExit "Unable to copy file, command : cp -f ${source} ${target}") || true - else - cp ${verboseFlag} -f "$source" "$target" || errorExit "Unable to copy file, command : cp -f ${source} ${target}" - fi -} - -# Copy files recursively from given source directory to destination directory -# This method wil copy but will NOT overwrite -# Destination will be created if its not available -copyFilesNoOverwrite(){ - local src=$1 - local dest=$2 - local enableVerboseCopy="${3:-${FLAG_Y}}" - - if [[ -z "${src}" || -z "${dest}" ]]; then - return - fi - - if [ -d "${src}" ] && [ "$(ls -A ${src})" ]; then - local relativeFilePath="" - local targetFilePath="" - - for file in $(find ${src} -type f 2>/dev/null) ; do - # Derive relative path and attach it to destination - # Example : - # src=/extra_config - # dest=/var/opt/jfrog/artifactory/etc - # file=/extra_config/config.xml - # relativeFilePath=config.xml - # targetFilePath=/var/opt/jfrog/artifactory/etc/config.xml - relativeFilePath=${file/${src}/} - targetFilePath=${dest}${relativeFilePath} - - createDir "$(dirname "$targetFilePath")" - copyFile "${file}" "${targetFilePath}" "no_overwrite" "${enableVerboseCopy}" - done - fi -} - -# TODO : WINDOWS ? -# Check the max open files and open processes set on the system -checkULimits () { - local minMaxOpenFiles=${1:-32000} - local minMaxOpenProcesses=${2:-1024} - local setValue=${3:-true} - local warningMsgForFiles=${4} - local warningMsgForProcesses=${5} - - logger "Checking open files and processes limits" - - local currentMaxOpenFiles=$(ulimit -n) - logger "Current max open files is $currentMaxOpenFiles" - if [ ${currentMaxOpenFiles} != "unlimited" ] && [ "$currentMaxOpenFiles" -lt "$minMaxOpenFiles" ]; then - if [ "${setValue}" ]; then - ulimit -n "${minMaxOpenFiles}" >/dev/null 2>&1 || warn "Max number of open files $currentMaxOpenFiles is low!" - [ -z "${warningMsgForFiles}" ] || warn "${warningMsgForFiles}" - else - errorExit "Max number of open files $currentMaxOpenFiles, is too low. Cannot run the application!" - fi - fi - - local currentMaxOpenProcesses=$(ulimit -u) - logger "Current max open processes is $currentMaxOpenProcesses" - if [ "$currentMaxOpenProcesses" != "unlimited" ] && [ "$currentMaxOpenProcesses" -lt "$minMaxOpenProcesses" ]; then - if [ "${setValue}" ]; then - ulimit -u "${minMaxOpenProcesses}" >/dev/null 2>&1 || warn "Max number of open files $currentMaxOpenFiles is low!" - [ -z "${warningMsgForProcesses}" ] || warn "${warningMsgForProcesses}" - else - errorExit "Max number of open files $currentMaxOpenProcesses, is too low. Cannot run the application!" - fi - fi -} - -createDirs() { - local appDataDir=$1 - local serviceName=$2 - local folders="backup bootstrap data etc logs work" - - [ -z "${appDataDir}" ] && errorExit "An application directory is mandatory to create its data structure" || true - [ -z "${serviceName}" ] && errorExit "A service name is mandatory to create service data structure" || true - - for folder in ${folders} - do - folder=${appDataDir}/${folder}/${serviceName} - if [ ! -d "${folder}" ]; then - logger "Creating folder : ${folder}" - mkdir -p "${folder}" || errorExit "Failed to create ${folder}" - fi - done -} - - -testReadWritePermissions () { - local dir_to_check=$1 - local error=false - - [ -d ${dir_to_check} ] || errorExit "'${dir_to_check}' is not a directory" - - local test_file=${dir_to_check}/test-permissions - - # Write file - if echo test > ${test_file} 1> /dev/null 2>&1; then - # Write succeeded. Testing read... - if cat ${test_file} > /dev/null; then - rm -f ${test_file} - else - error=true - fi - else - error=true - fi - - if [ ${error} == true ]; then - return 1 - else - return 0 - fi -} - -# Test directory has read/write permissions for current user -testDirectoryPermissions () { - local dir_to_check=$1 - local error=false - - [ -d ${dir_to_check} ] || errorExit "'${dir_to_check}' is not a directory" - - local u_id=$(id -u) - local id_str="id ${u_id}" - - logger "Testing directory ${dir_to_check} has read/write permissions for user ${id_str}" - - if ! testReadWritePermissions ${dir_to_check}; then - error=true - fi - - if [ "${error}" == true ]; then - local stat_data=$(stat -Lc "Directory: %n, permissions: %a, owner: %U, group: %G" ${dir_to_check}) - logger "###########################################################" - logger "${dir_to_check} DOES NOT have proper permissions for user ${id_str}" - logger "${stat_data}" - logger "Mounted directory must have read/write permissions for user ${id_str}" - logger "###########################################################" - errorExit "Directory ${dir_to_check} has bad permissions for user ${id_str}" - fi - logger "Permissions for ${dir_to_check} are good" -} - -# Utility method to create a directory path recursively with chown feature as -# Failure conditions: -## Exits if unable to create a directory -# Parameters: -## $1: Root directory from where the path can be created -## $2: List of recursive child directories seperated by space -## $3: user who should own the directory. Optional -## $4: group who should own the directory. Optional -# Depends on global: none -# Updates global: none -# Returns: NA -# -# Usage: -# createRecursiveDir "/opt/jfrog/product/var" "bootstrap tomcat lib" "user_name" "group_name" -createRecursiveDir(){ - local rootDir=$1 - local pathDirs=$2 - local user=$3 - local group=${4:-${user}} - local fullPath= - - [ ! -z "${rootDir}" ] || return 0 - - createDir "${rootDir}" "${user}" "${group}" - - [ ! -z "${pathDirs}" ] || return 0 - - fullPath=${rootDir} - - for dir in ${pathDirs}; do - fullPath=${fullPath}/${dir} - createDir "${fullPath}" "${user}" "${group}" - done -} - -# Utility method to create a directory -# Failure conditions: -## Exits if unable to create a directory -# Parameters: -## $1: directory to create -## $2: user who should own the directory. Optional -## $3: group who should own the directory. Optional -# Depends on global: none -# Updates global: none -# Returns: NA - -createDir(){ - local dirName="$1" - local printMessage=no - logSilly "Method ${FUNCNAME[0]} invoked with [$dirName]" - [ -z "${dirName}" ] && return - - logDebug "Attempting to create ${dirName}" - mkdir -p "${dirName}" || errorExit "Unable to create directory: [${dirName}]" - local userID="$2" - local groupID=${3:-$userID} - - # If UID/GID is passed, chown the folder - if [ ! -z "$userID" ] && [ ! -z "$groupID" ]; then - # Earlier, this line would have returned 1 if it failed. Now it just warns. - # This is intentional. Earlier, this line would NOT be reached if the folder already existed. - # Since it will always come to this line and the script may be running as a non-root user, this method will just warn if - # setting permissions fails (so as to not affect any existing flows) - io_setOwnershipNonRecursive "$dirName" "$userID" "$groupID" || warn "Could not set owner of [$dirName] to [$userID:$groupID]" - fi - # logging message to print created dir with user and group - local logMessage=${4:-$printMessage} - if [[ "${logMessage}" == "yes" ]]; then - logger "Successfully created directory [${dirName}]. Owner: [${userID}:${groupID}]" - fi -} - -removeSoftLinkAndCreateDir () { - local dirName="$1" - local userID="$2" - local groupID="$3" - local logMessage="$4" - removeSoftLink "${dirName}" - createDir "${dirName}" "${userID}" "${groupID}" "${logMessage}" -} - -# Utility method to remove a soft link -removeSoftLink () { - local dirName="$1" - if [[ -L "${dirName}" ]]; then - targetLink=$(readlink -f "${dirName}") - logger "Removing the symlink [${dirName}] pointing to [${targetLink}]" - rm -f "${dirName}" - fi -} - -# Check Directory exist in the path -checkDirExists () { - local directoryPath="$1" - - [[ -d "${directoryPath}" ]] && echo -n "true" || echo -n "false" -} - - -# Utility method to create a file -# Failure conditions: -# Parameters: -## $1: file to create -# Depends on global: none -# Updates global: none -# Returns: NA - -createFile(){ - local fileName="$1" - logSilly "Method ${FUNCNAME[0]} [$fileName]" - [ -f "${fileName}" ] && return 0 - touch "${fileName}" || return 1 - - local userID="$2" - local groupID=${3:-$userID} - - # If UID/GID is passed, chown the folder - if [ ! -z "$userID" ] && [ ! -z "$groupID" ]; then - io_setOwnership "$fileName" "$userID" "$groupID" || return 1 - fi -} - -# Check File exist in the filePath -# IMPORTANT- DON'T ADD LOGGING to this method -checkFileExists () { - local filePath="$1" - - [[ -f "${filePath}" ]] && echo -n "true" || echo -n "false" -} - -# Check for directories contains any (files or sub directories) -# IMPORTANT- DON'T ADD LOGGING to this method -checkDirContents () { - local directoryPath="$1" - if [[ "$(ls -1 "${directoryPath}" | wc -l)" -gt 0 ]]; then - echo -n "true" - else - echo -n "false" - fi -} - -# Check contents exist in directory -# IMPORTANT- DON'T ADD LOGGING to this method -checkContentExists () { - local source="$1" - - if [[ "$(checkDirContents "${source}")" != "true" ]]; then - echo -n "false" - else - echo -n "true" - fi -} - -# Resolve the variable -# IMPORTANT- DON'T ADD LOGGING to this method -evalVariable () { - local output="$1" - local input="$2" - - eval "${output}"=\${"${input}"} - eval echo \${"${output}"} -} - -# Usage: if [ "$(io_commandExists 'curl')" == "yes" ] -# IMPORTANT- DON'T ADD LOGGING to this method -io_commandExists() { - local commandToExecute="$1" - hash "${commandToExecute}" 2>/dev/null - local rt=$? - if [ "$rt" == 0 ]; then echo -n "yes"; else echo -n "no"; fi -} - -# Usage: if [ "$(io_curlExists)" != "yes" ] -# IMPORTANT- DON'T ADD LOGGING to this method -io_curlExists() { - io_commandExists "curl" -} - - -io_hasMatch() { - logSilly "Method ${FUNCNAME[0]}" - local result=0 - logDebug "Executing [echo \"$1\" | grep \"$2\" >/dev/null 2>&1]" - echo "$1" | grep "$2" >/dev/null 2>&1 || result=1 - return $result -} - -# Utility method to check if the string passed (usually a connection url) corresponds to this machine itself -# Failure conditions: None -# Parameters: -## $1: string to check against -# Depends on global: none -# Updates global: IS_LOCALHOST with value "yes/no" -# Returns: NA - -io_getIsLocalhost() { - logSilly "Method ${FUNCNAME[0]}" - IS_LOCALHOST="$FLAG_N" - local inputString="$1" - logDebug "Parsing [$inputString] to check if we are dealing with this machine itself" - - io_hasMatch "$inputString" "localhost" && { - logDebug "Found localhost. Returning [$FLAG_Y]" - IS_LOCALHOST="$FLAG_Y" && return; - } || logDebug "Did not find match for localhost" - - local hostIP=$(io_getPublicHostIP) - io_hasMatch "$inputString" "$hostIP" && { - logDebug "Found $hostIP. Returning [$FLAG_Y]" - IS_LOCALHOST="$FLAG_Y" && return; - } || logDebug "Did not find match for $hostIP" - - local hostID=$(io_getPublicHostID) - io_hasMatch "$inputString" "$hostID" && { - logDebug "Found $hostID. Returning [$FLAG_Y]" - IS_LOCALHOST="$FLAG_Y" && return; - } || logDebug "Did not find match for $hostID" - - local hostName=$(io_getPublicHostName) - io_hasMatch "$inputString" "$hostName" && { - logDebug "Found $hostName. Returning [$FLAG_Y]" - IS_LOCALHOST="$FLAG_Y" && return; - } || logDebug "Did not find match for $hostName" - -} - -# Usage: if [ "$(io_tarExists)" != "yes" ] -# IMPORTANT- DON'T ADD LOGGING to this method -io_tarExists() { - io_commandExists "tar" -} - -# IMPORTANT- DON'T ADD LOGGING to this method -io_getPublicHostIP() { - local OS_TYPE=$(uname) - local publicHostIP= - if [ "${OS_TYPE}" == "Darwin" ]; then - ipStatus=$(ifconfig en0 | grep "status" | awk '{print$2}') - if [ "${ipStatus}" == "active" ]; then - publicHostIP=$(ifconfig en0 | grep inet | grep -v inet6 | awk '{print $2}') - else - errorExit "Host IP could not be resolved!" - fi - elif [ "${OS_TYPE}" == "Linux" ]; then - publicHostIP=$(hostname -i 2>/dev/null || echo "127.0.0.1") - fi - publicHostIP=$(echo "${publicHostIP}" | awk '{print $1}') - echo -n "${publicHostIP}" -} - -# Will return the short host name (up to the first dot) -# IMPORTANT- DON'T ADD LOGGING to this method -io_getPublicHostName() { - echo -n "$(hostname -s)" -} - -# Will return the full host name (use this as much as possible) -# IMPORTANT- DON'T ADD LOGGING to this method -io_getPublicHostID() { - echo -n "$(hostname)" -} - -# Utility method to backup a file -# Failure conditions: NA -# Parameters: filePath -# Depends on global: none, -# Updates global: none -# Returns: NA -io_backupFile() { - logSilly "Method ${FUNCNAME[0]}" - fileName="$1" - if [ ! -f "${filePath}" ]; then - logDebug "No file: [${filePath}] to backup" - return - fi - dateTime=$(date +"%Y-%m-%d-%H-%M-%S") - targetFileName="${fileName}.backup.${dateTime}" - yes | \cp -f "$fileName" "${targetFileName}" - logger "File [${fileName}] backedup as [${targetFileName}]" -} - -# Reference https://stackoverflow.com/questions/4023830/how-to-compare-two-strings-in-dot-separated-version-format-in-bash/4025065#4025065 -is_number() { - case "$BASH_VERSION" in - 3.1.*) - PATTERN='\^\[0-9\]+\$' - ;; - *) - PATTERN='^[0-9]+$' - ;; - esac - - [[ "$1" =~ $PATTERN ]] -} - -io_compareVersions() { - if [[ $# != 2 ]] - then - echo "Usage: min_version current minimum" - return - fi - - A="${1%%.*}" - B="${2%%.*}" - - if [[ "$A" != "$1" && "$B" != "$2" && "$A" == "$B" ]] - then - io_compareVersions "${1#*.}" "${2#*.}" - else - if is_number "$A" && is_number "$B" - then - if [[ "$A" -eq "$B" ]]; then - echo "0" - elif [[ "$A" -gt "$B" ]]; then - echo "1" - elif [[ "$A" -lt "$B" ]]; then - echo "-1" - fi - fi - fi -} - -# Reference https://stackoverflow.com/questions/369758/how-to-trim-whitespace-from-a-bash-variable -# Strip all leading and trailing spaces -# IMPORTANT- DON'T ADD LOGGING to this method -io_trim() { - local var="$1" - # remove leading whitespace characters - var="${var#"${var%%[![:space:]]*}"}" - # remove trailing whitespace characters - var="${var%"${var##*[![:space:]]}"}" - echo -n "$var" -} - -# temporary function will be removing it ASAP -# search for string and replace text in file -replaceText_migration_hook () { - local regexString="$1" - local replaceText="$2" - local file="$3" - - if [[ "$(checkFileExists "${file}")" != "true" ]]; then - return - fi - if [[ $(uname) == "Darwin" ]]; then - sed -i '' -e "s/${regexString}/${replaceText}/" "${file}" || warn "Failed to replace the text in ${file}" - else - sed -i -e "s/${regexString}/${replaceText}/" "${file}" || warn "Failed to replace the text in ${file}" - fi -} - -# search for string and replace text in file -replaceText () { - local regexString="$1" - local replaceText="$2" - local file="$3" - - if [[ "$(checkFileExists "${file}")" != "true" ]]; then - return - fi - if [[ $(uname) == "Darwin" ]]; then - sed -i '' -e "s#${regexString}#${replaceText}#" "${file}" || warn "Failed to replace the text in ${file}" - else - sed -i -e "s#${regexString}#${replaceText}#" "${file}" || warn "Failed to replace the text in ${file}" - logDebug "Replaced [$regexString] with [$replaceText] in [$file]" - fi -} - -# search for string and prepend text in file -prependText () { - local regexString="$1" - local text="$2" - local file="$3" - - if [[ "$(checkFileExists "${file}")" != "true" ]]; then - return - fi - if [[ $(uname) == "Darwin" ]]; then - sed -i '' -e '/'"${regexString}"'/i\'$'\n\\'"${text}"''$'\n' "${file}" || warn "Failed to prepend the text in ${file}" - else - sed -i -e '/'"${regexString}"'/i\'$'\n\\'"${text}"''$'\n' "${file}" || warn "Failed to prepend the text in ${file}" - fi -} - -# add text to beginning of the file -addText () { - local text="$1" - local file="$2" - - if [[ "$(checkFileExists "${file}")" != "true" ]]; then - return - fi - if [[ $(uname) == "Darwin" ]]; then - sed -i '' -e '1s/^/'"${text}"'\'$'\n/' "${file}" || warn "Failed to add the text in ${file}" - else - sed -i -e '1s/^/'"${text}"'\'$'\n/' "${file}" || warn "Failed to add the text in ${file}" - fi -} - -io_replaceString () { - local value="$1" - local firstString="$2" - local secondString="$3" - local separator=${4:-"/"} - local updateValue= - if [[ $(uname) == "Darwin" ]]; then - updateValue=$(echo "${value}" | sed "s${separator}${firstString}${separator}${secondString}${separator}") - else - updateValue=$(echo "${value}" | sed "s${separator}${firstString}${separator}${secondString}${separator}") - fi - echo -n "${updateValue}" -} - -_findYQ() { - # logSilly "Method ${FUNCNAME[0]}" (Intentionally not logging. Does not add value) - local parentDir="$1" - if [ -z "$parentDir" ]; then - return - fi - logDebug "Executing command [find "${parentDir}" -name third-party -type d]" - local yq=$(find "${parentDir}" -name third-party -type d) - if [ -d "${yq}/yq" ]; then - export YQ_PATH="${yq}/yq" - fi -} - - -io_setYQPath() { - # logSilly "Method ${FUNCNAME[0]}" (Intentionally not logging. Does not add value) - if [ "$(io_commandExists 'yq')" == "yes" ]; then - return - fi - - if [ ! -z "${JF_PRODUCT_HOME}" ] && [ -d "${JF_PRODUCT_HOME}" ]; then - _findYQ "${JF_PRODUCT_HOME}" - fi - - if [ -z "${YQ_PATH}" ] && [ ! -z "${COMPOSE_HOME}" ] && [ -d "${COMPOSE_HOME}" ]; then - _findYQ "${COMPOSE_HOME}" - fi - # TODO We can remove this block after all the code is restructured. - if [ -z "${YQ_PATH}" ] && [ ! -z "${SCRIPT_HOME}" ] && [ -d "${SCRIPT_HOME}" ]; then - _findYQ "${SCRIPT_HOME}" - fi - -} - -io_getLinuxDistribution() { - LINUX_DISTRIBUTION= - - # Make sure running on Linux - [ $(uname -s) != "Linux" ] && return - - # Find out what Linux distribution we are on - - cat /etc/*-release | grep -i Red >/dev/null 2>&1 && LINUX_DISTRIBUTION=RedHat || true - - # OS 6.x - cat /etc/issue.net | grep Red >/dev/null 2>&1 && LINUX_DISTRIBUTION=RedHat || true - - # OS 7.x - cat /etc/*-release | grep -i centos >/dev/null 2>&1 && LINUX_DISTRIBUTION=CentOS && LINUX_DISTRIBUTION_VER="7" || true - - # OS 8.x - grep -q -i "release 8" /etc/redhat-release >/dev/null 2>&1 && LINUX_DISTRIBUTION_VER="8" || true - - # OS 7.x - grep -q -i "release 7" /etc/redhat-release >/dev/null 2>&1 && LINUX_DISTRIBUTION_VER="7" || true - - # OS 6.x - grep -q -i "release 6" /etc/redhat-release >/dev/null 2>&1 && LINUX_DISTRIBUTION_VER="6" || true - - cat /etc/*-release | grep -i Red | grep -i 'VERSION=7' >/dev/null 2>&1 && LINUX_DISTRIBUTION=RedHat && LINUX_DISTRIBUTION_VER="7" || true - - cat /etc/*-release | grep -i debian >/dev/null 2>&1 && LINUX_DISTRIBUTION=Debian || true - - cat /etc/*-release | grep -i ubuntu >/dev/null 2>&1 && LINUX_DISTRIBUTION=Ubuntu || true -} - -## Utility method to check ownership of folders/files -## Failure conditions: - ## If invoked with incorrect inputs - FATAL - ## If file is not owned by the user & group -## Parameters: - ## user - ## group - ## folder to chown -## Globals: none -## Returns: none -## NOTE: The method does NOTHING if the OS is Mac -io_checkOwner () { - logSilly "Method ${FUNCNAME[0]}" - local osType=$(uname) - - if [ "${osType}" != "Linux" ]; then - logDebug "Unsupported OS. Skipping check" - return 0 - fi - - local file_to_check=$1 - local user_id_to_check=$2 - - - if [ -z "$user_id_to_check" ] || [ -z "$file_to_check" ]; then - errorExit "Invalid invocation of method. Missing mandatory inputs" - fi - - local group_id_to_check=${3:-$user_id_to_check} - local check_user_name=${4:-"no"} - - logDebug "Checking permissions on [$file_to_check] for user [$user_id_to_check] & group [$group_id_to_check]" - - local stat= - - if [ "${check_user_name}" == "yes" ]; then - stat=( $(stat -Lc "%U %G" ${file_to_check}) ) - else - stat=( $(stat -Lc "%u %g" ${file_to_check}) ) - fi - - local user_id=${stat[0]} - local group_id=${stat[1]} - - if [[ "${user_id}" != "${user_id_to_check}" ]] || [[ "${group_id}" != "${group_id_to_check}" ]] ; then - logDebug "Ownership mismatch. [${file_to_check}] is not owned by [${user_id_to_check}:${group_id_to_check}]" - return 1 - else - return 0 - fi -} - -## Utility method to change ownership of a file/folder - NON recursive -## Failure conditions: - ## If invoked with incorrect inputs - FATAL - ## If chown operation fails - returns 1 -## Parameters: - ## user - ## group - ## file to chown -## Globals: none -## Returns: none -## NOTE: The method does NOTHING if the OS is Mac - -io_setOwnershipNonRecursive() { - - local osType=$(uname) - if [ "${osType}" != "Linux" ]; then - return - fi - - local targetFile=$1 - local user=$2 - - if [ -z "$user" ] || [ -z "$targetFile" ]; then - errorExit "Invalid invocation of method. Missing mandatory inputs" - fi - - local group=${3:-$user} - logDebug "Method ${FUNCNAME[0]}. Executing [chown ${user}:${group} ${targetFile}]" - chown ${user}:${group} ${targetFile} || return 1 -} - -## Utility method to change ownership of a file. -## IMPORTANT -## If being called on a folder, should ONLY be called for fresh folders or may cause performance issues -## Failure conditions: - ## If invoked with incorrect inputs - FATAL - ## If chown operation fails - returns 1 -## Parameters: - ## user - ## group - ## file to chown -## Globals: none -## Returns: none -## NOTE: The method does NOTHING if the OS is Mac - -io_setOwnership() { - - local osType=$(uname) - if [ "${osType}" != "Linux" ]; then - return - fi - - local targetFile=$1 - local user=$2 - - if [ -z "$user" ] || [ -z "$targetFile" ]; then - errorExit "Invalid invocation of method. Missing mandatory inputs" - fi - - local group=${3:-$user} - logDebug "Method ${FUNCNAME[0]}. Executing [chown -R ${user}:${group} ${targetFile}]" - chown -R ${user}:${group} ${targetFile} || return 1 -} - -## Utility method to create third party folder structure necessary for Postgres -## Failure conditions: -## If creation of directory or assigning permissions fails -## Parameters: none -## Globals: -## POSTGRESQL_DATA_ROOT -## Returns: none -## NOTE: The method does NOTHING if the folder already exists -io_createPostgresDir() { - logDebug "Method ${FUNCNAME[0]}" - [ -z "${POSTGRESQL_DATA_ROOT}" ] && return 0 - - logDebug "Property [${POSTGRESQL_DATA_ROOT}] exists. Proceeding" - - createDir "${POSTGRESQL_DATA_ROOT}/data" - io_setOwnership "${POSTGRESQL_DATA_ROOT}" "${POSTGRES_USER}" "${POSTGRES_USER}" || errorExit "Setting ownership of [${POSTGRESQL_DATA_ROOT}] to [${POSTGRES_USER}:${POSTGRES_USER}] failed" -} - -## Utility method to create third party folder structure necessary for Nginx -## Failure conditions: -## If creation of directory or assigning permissions fails -## Parameters: none -## Globals: -## NGINX_DATA_ROOT -## Returns: none -## NOTE: The method does NOTHING if the folder already exists -io_createNginxDir() { - logDebug "Method ${FUNCNAME[0]}" - [ -z "${NGINX_DATA_ROOT}" ] && return 0 - - logDebug "Property [${NGINX_DATA_ROOT}] exists. Proceeding" - - createDir "${NGINX_DATA_ROOT}" - io_setOwnership "${NGINX_DATA_ROOT}" "${NGINX_USER}" "${NGINX_GROUP}" || errorExit "Setting ownership of [${NGINX_DATA_ROOT}] to [${NGINX_USER}:${NGINX_GROUP}] failed" -} - -## Utility method to create third party folder structure necessary for ElasticSearch -## Failure conditions: -## If creation of directory or assigning permissions fails -## Parameters: none -## Globals: -## ELASTIC_DATA_ROOT -## Returns: none -## NOTE: The method does NOTHING if the folder already exists -io_createElasticSearchDir() { - logDebug "Method ${FUNCNAME[0]}" - [ -z "${ELASTIC_DATA_ROOT}" ] && return 0 - - logDebug "Property [${ELASTIC_DATA_ROOT}] exists. Proceeding" - - createDir "${ELASTIC_DATA_ROOT}/data" - io_setOwnership "${ELASTIC_DATA_ROOT}" "${ES_USER}" "${ES_USER}" || errorExit "Setting ownership of [${ELASTIC_DATA_ROOT}] to [${ES_USER}:${ES_USER}] failed" -} - -## Utility method to create third party folder structure necessary for Redis -## Failure conditions: -## If creation of directory or assigning permissions fails -## Parameters: none -## Globals: -## REDIS_DATA_ROOT -## Returns: none -## NOTE: The method does NOTHING if the folder already exists -io_createRedisDir() { - logDebug "Method ${FUNCNAME[0]}" - [ -z "${REDIS_DATA_ROOT}" ] && return 0 - - logDebug "Property [${REDIS_DATA_ROOT}] exists. Proceeding" - - createDir "${REDIS_DATA_ROOT}" - io_setOwnership "${REDIS_DATA_ROOT}" "${REDIS_USER}" "${REDIS_USER}" || errorExit "Setting ownership of [${REDIS_DATA_ROOT}] to [${REDIS_USER}:${REDIS_USER}] failed" -} - -## Utility method to create third party folder structure necessary for Mongo -## Failure conditions: -## If creation of directory or assigning permissions fails -## Parameters: none -## Globals: -## MONGODB_DATA_ROOT -## Returns: none -## NOTE: The method does NOTHING if the folder already exists -io_createMongoDir() { - logDebug "Method ${FUNCNAME[0]}" - [ -z "${MONGODB_DATA_ROOT}" ] && return 0 - - logDebug "Property [${MONGODB_DATA_ROOT}] exists. Proceeding" - - createDir "${MONGODB_DATA_ROOT}/logs" - createDir "${MONGODB_DATA_ROOT}/configdb" - createDir "${MONGODB_DATA_ROOT}/db" - io_setOwnership "${MONGODB_DATA_ROOT}" "${MONGO_USER}" "${MONGO_USER}" || errorExit "Setting ownership of [${MONGODB_DATA_ROOT}] to [${MONGO_USER}:${MONGO_USER}] failed" -} - -## Utility method to create third party folder structure necessary for RabbitMQ -## Failure conditions: -## If creation of directory or assigning permissions fails -## Parameters: none -## Globals: -## RABBITMQ_DATA_ROOT -## Returns: none -## NOTE: The method does NOTHING if the folder already exists -io_createRabbitMQDir() { - logDebug "Method ${FUNCNAME[0]}" - [ -z "${RABBITMQ_DATA_ROOT}" ] && return 0 - - logDebug "Property [${RABBITMQ_DATA_ROOT}] exists. Proceeding" - - createDir "${RABBITMQ_DATA_ROOT}" - io_setOwnership "${RABBITMQ_DATA_ROOT}" "${RABBITMQ_USER}" "${RABBITMQ_USER}" || errorExit "Setting ownership of [${RABBITMQ_DATA_ROOT}] to [${RABBITMQ_USER}:${RABBITMQ_USER}] failed" -} - -# Add or replace a property in provided properties file -addOrReplaceProperty() { - local propertyName=$1 - local propertyValue=$2 - local propertiesPath=$3 - local delimiter=${4:-"="} - - # Return if any of the inputs are empty - [[ -z "$propertyName" || "$propertyName" == "" ]] && return - [[ -z "$propertyValue" || "$propertyValue" == "" ]] && return - [[ -z "$propertiesPath" || "$propertiesPath" == "" ]] && return - - grep "^${propertyName}\s*${delimiter}.*$" ${propertiesPath} > /dev/null 2>&1 - [ $? -ne 0 ] && echo -e "\n${propertyName}${delimiter}${propertyValue}" >> ${propertiesPath} - sed -i -e "s|^${propertyName}\s*${delimiter}.*$|${propertyName}${delimiter}${propertyValue}|g;" ${propertiesPath} -} - -# Set property only if its not set -io_setPropertyNoOverride(){ - local propertyName=$1 - local propertyValue=$2 - local propertiesPath=$3 - - # Return if any of the inputs are empty - [[ -z "$propertyName" || "$propertyName" == "" ]] && return - [[ -z "$propertyValue" || "$propertyValue" == "" ]] && return - [[ -z "$propertiesPath" || "$propertiesPath" == "" ]] && return - - grep "^${propertyName}:" ${propertiesPath} > /dev/null 2>&1 - if [ $? -ne 0 ]; then - echo -e "${propertyName}: ${propertyValue}" >> ${propertiesPath} || warn "Setting property ${propertyName}: ${propertyValue} in [ ${propertiesPath} ] failed" - else - logger "Skipping update of property : ${propertyName}" >&6 - fi -} - -# Add a line to a file if it doesn't already exist -addLine() { - local line_to_add=$1 - local target_file=$2 - logger "Trying to add line $1 to $2" >&6 2>&1 - cat "$target_file" | grep -F "$line_to_add" -wq >&6 2>&1 - if [ $? != 0 ]; then - logger "Line does not exist and will be added" >&6 2>&1 - echo $line_to_add >> $target_file || errorExit "Could not update $target_file" - fi -} - -# Utility method to check if a value (first paramter) exists in an array (2nd parameter) -# 1st parameter "value to find" -# 2nd parameter "The array to search in. Please pass a string with each value separated by space" -# Example: containsElement "y" "y Y n N" -containsElement () { - local searchElement=$1 - local searchArray=($2) - local found=1 - for elementInIndex in "${searchArray[@]}";do - if [[ $elementInIndex == $searchElement ]]; then - found=0 - fi - done - return $found -} - -# Utility method to get user's choice -# 1st parameter "what to ask the user" -# 2nd parameter "what choices to accept, separated by spaces" -# 3rd parameter "what is the default choice (to use if the user simply presses Enter)" -# Example 'getUserChoice "Are you feeling lucky? Punk!" "y n Y N" "y"' -getUserChoice(){ - configureLogOutput - read_timeout=${read_timeout:-0.5} - local choice="na" - local text_to_display=$1 - local choices=$2 - local default_choice=$3 - users_choice= - - until containsElement "$choice" "$choices"; do - echo "";echo ""; - sleep $read_timeout #This ensures correct placement of the question. - read -p "$text_to_display :" choice - : ${choice:=$default_choice} - done - users_choice=$choice - echo -e "\n$text_to_display: $users_choice" >&6 - sleep $read_timeout #This ensures correct logging -} - -setFilePermission () { - local permission=$1 - local file=$2 - chmod "${permission}" "${file}" || warn "Setting permission ${permission} to file [ ${file} ] failed" -} - - -#setting required paths -setAppDir (){ - SCRIPT_DIR=$(dirname $0) - SCRIPT_HOME="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" - APP_DIR="`cd "${SCRIPT_HOME}";pwd`" -} - -ZIP_TYPE="zip" -COMPOSE_TYPE="compose" -HELM_TYPE="helm" -RPM_TYPE="rpm" -DEB_TYPE="debian" - -sourceScript () { - local file="$1" - - [ ! -z "${file}" ] || errorExit "target file is not passed to source a file" - - if [ ! -f "${file}" ]; then - errorExit "${file} file is not found" - else - source "${file}" || errorExit "Unable to source ${file}, please check if the user ${USER} has permissions to perform this action" - fi -} -# Source required helpers -initHelpers () { - local systemYamlHelper="${APP_DIR}/systemYamlHelper.sh" - local thirdPartyDir=$(find ${APP_DIR}/.. -name third-party -type d) - export YQ_PATH="${thirdPartyDir}/yq" - LIBXML2_PATH="${thirdPartyDir}/libxml2/bin/xmllint" - export LD_LIBRARY_PATH="${thirdPartyDir}/libxml2/lib" - sourceScript "${systemYamlHelper}" -} -# Check migration info yaml file available in the path -checkMigrationInfoYaml () { - - if [[ -f "${APP_DIR}/migrationHelmInfo.yaml" ]]; then - MIGRATION_SYSTEM_YAML_INFO="${APP_DIR}/migrationHelmInfo.yaml" - INSTALLER="${HELM_TYPE}" - elif [[ -f "${APP_DIR}/migrationZipInfo.yaml" ]]; then - MIGRATION_SYSTEM_YAML_INFO="${APP_DIR}/migrationZipInfo.yaml" - INSTALLER="${ZIP_TYPE}" - elif [[ -f "${APP_DIR}/migrationRpmInfo.yaml" ]]; then - MIGRATION_SYSTEM_YAML_INFO="${APP_DIR}/migrationRpmInfo.yaml" - INSTALLER="${RPM_TYPE}" - elif [[ -f "${APP_DIR}/migrationDebInfo.yaml" ]]; then - MIGRATION_SYSTEM_YAML_INFO="${APP_DIR}/migrationDebInfo.yaml" - INSTALLER="${DEB_TYPE}" - elif [[ -f "${APP_DIR}/migrationComposeInfo.yaml" ]]; then - MIGRATION_SYSTEM_YAML_INFO="${APP_DIR}/migrationComposeInfo.yaml" - INSTALLER="${COMPOSE_TYPE}" - else - errorExit "File migration Info yaml does not exist in [${APP_DIR}]" - fi -} - -retrieveYamlValue () { - local yamlPath="$1" - local value="$2" - local output="$3" - local message="$4" - - [[ -z "${yamlPath}" ]] && errorExit "yamlPath is mandatory to get value from ${MIGRATION_SYSTEM_YAML_INFO}" - - getYamlValue "${yamlPath}" "${MIGRATION_SYSTEM_YAML_INFO}" "false" - value="${YAML_VALUE}" - if [[ -z "${value}" ]]; then - if [[ "${output}" == "Warning" ]]; then - warn "Empty value for ${yamlPath} in [${MIGRATION_SYSTEM_YAML_INFO}]" - elif [[ "${output}" == "Skip" ]]; then - return - else - errorExit "${message}" - fi - fi -} - -checkEnv () { - - if [[ "${INSTALLER}" == "${ZIP_TYPE}" ]]; then - # check Environment JF_PRODUCT_HOME is set before migration - NEW_DATA_DIR="$(evalVariable "NEW_DATA_DIR" "JF_PRODUCT_HOME")" - if [[ -z "${NEW_DATA_DIR}" ]]; then - errorExit "Environment variable JF_PRODUCT_HOME is not set, this is required to perform Migration" - fi - # appending var directory to $JF_PRODUCT_HOME - NEW_DATA_DIR="${NEW_DATA_DIR}/var" - elif [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then - getCustomDataDir_hook - NEW_DATA_DIR="${OLD_DATA_DIR}" - if [[ -z "${NEW_DATA_DIR}" ]] && [[ -z "${OLD_DATA_DIR}" ]]; then - errorExit "Could not find ${PROMPT_DATA_DIR_LOCATION} to perform Migration" - fi - else - # check Environment JF_ROOT_DATA_DIR is set before migration - OLD_DATA_DIR="$(evalVariable "OLD_DATA_DIR" "JF_ROOT_DATA_DIR")" - # check Environment JF_ROOT_DATA_DIR is set before migration - NEW_DATA_DIR="$(evalVariable "NEW_DATA_DIR" "JF_ROOT_DATA_DIR")" - if [[ -z "${NEW_DATA_DIR}" ]] && [[ -z "${OLD_DATA_DIR}" ]]; then - errorExit "Could not find ${PROMPT_DATA_DIR_LOCATION} to perform Migration" - fi - # appending var directory to $JF_PRODUCT_HOME - NEW_DATA_DIR="${NEW_DATA_DIR}/var" - fi - -} - -getDataDir () { - - if [[ "${INSTALLER}" == "${ZIP_TYPE}" || "${INSTALLER}" == "${COMPOSE_TYPE}"|| "${INSTALLER}" == "${HELM_TYPE}" ]]; then - checkEnv - else - getCustomDataDir_hook - NEW_DATA_DIR="`cd "${APP_DIR}"/../../;pwd`" - NEW_DATA_DIR="${NEW_DATA_DIR}/var" - fi -} - -# Retrieve Product name from MIGRATION_SYSTEM_YAML_INFO -getProduct () { - retrieveYamlValue "migration.product" "${YAML_VALUE}" "Fail" "Empty value under ${yamlPath} in [${MIGRATION_SYSTEM_YAML_INFO}]" - PRODUCT="${YAML_VALUE}" - PRODUCT=$(echo "${PRODUCT}" | tr '[:upper:]' '[:lower:]' 2>/dev/null) - if [[ "${PRODUCT}" != "artifactory" && "${PRODUCT}" != "distribution" && "${PRODUCT}" != "xray" ]]; then - errorExit "migration.product in [${MIGRATION_SYSTEM_YAML_INFO}] is not correct, please set based on product as ARTIFACTORY or DISTRIBUTION" - fi - if [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then - JF_USER="${PRODUCT}" - fi -} -# Compare product version with minProductVersion and maxProductVersion -migrateCheckVersion () { - local productVersion="$1" - local minProductVersion="$2" - local maxProductVersion="$3" - local productVersion618="6.18.0" - local unSupportedProductVersions7=("7.2.0 7.2.1") - - if [[ "$(io_compareVersions "${productVersion}" "${maxProductVersion}")" -eq 0 || "$(io_compareVersions "${productVersion}" "${maxProductVersion}")" -eq 1 ]]; then - logger "Migration not necessary. ${PRODUCT} is already ${productVersion}" - exit 11 - elif [[ "$(io_compareVersions "${productVersion}" "${minProductVersion}")" -eq 0 || "$(io_compareVersions "${productVersion}" "${minProductVersion}")" -eq 1 ]]; then - if [[ ("$(io_compareVersions "${productVersion}" "${productVersion618}")" -eq 0 || "$(io_compareVersions "${productVersion}" "${productVersion618}")" -eq 1) && " ${unSupportedProductVersions7[@]} " =~ " ${CURRENT_VERSION} " ]]; then - touch /tmp/error; - errorExit "Current ${PRODUCT} version (${productVersion}) does not support migration to ${CURRENT_VERSION}" - else - bannerStart "Detected ${PRODUCT} ${productVersion}, initiating migration" - fi - else - logger "Current ${PRODUCT} ${productVersion} version is not supported for migration" - exit 1 - fi -} - -getProductVersion () { - local minProductVersion="$1" - local maxProductVersion="$2" - local newfilePath="$3" - local oldfilePath="$4" - local propertyInDocker="$5" - local property="$6" - local productVersion= - local status= - - if [[ "$INSTALLER" == "${COMPOSE_TYPE}" ]]; then - if [[ -f "${oldfilePath}" ]]; then - if [[ "${PRODUCT}" == "artifactory" ]]; then - productVersion="$(readKey "${property}" "${oldfilePath}")" - else - productVersion="$(cat "${oldfilePath}")" - fi - status="success" - elif [[ -f "${newfilePath}" ]]; then - productVersion="$(readKey "${propertyInDocker}" "${newfilePath}")" - status="fail" - else - logger "File [${oldfilePath}] or [${newfilePath}] not found to get current version." - exit 0 - fi - elif [[ "$INSTALLER" == "${HELM_TYPE}" ]]; then - if [[ -f "${oldfilePath}" ]]; then - if [[ "${PRODUCT}" == "artifactory" ]]; then - productVersion="$(readKey "${property}" "${oldfilePath}")" - else - productVersion="$(cat "${oldfilePath}")" - fi - status="success" - else - productVersion="${CURRENT_VERSION}" - [[ -z "${productVersion}" || "${productVersion}" == "" ]] && logger "${PRODUCT} CURRENT_VERSION is not set" && exit 0 - fi - else - if [[ -f "${newfilePath}" ]]; then - productVersion="$(readKey "${property}" "${newfilePath}")" - status="fail" - elif [[ -f "${oldfilePath}" ]]; then - productVersion="$(readKey "${property}" "${oldfilePath}")" - status="success" - else - if [[ "${INSTALLER}" == "${ZIP_TYPE}" ]]; then - logger "File [${newfilePath}] not found to get current version." - else - logger "File [${oldfilePath}] or [${newfilePath}] not found to get current version." - fi - exit 0 - fi - fi - if [[ -z "${productVersion}" || "${productVersion}" == "" ]]; then - [[ "${status}" == "success" ]] && logger "No version found in file [${oldfilePath}]." - [[ "${status}" == "fail" ]] && logger "No version found in file [${newfilePath}]." - exit 0 - fi - - migrateCheckVersion "${productVersion}" "${minProductVersion}" "${maxProductVersion}" -} - -readKey () { - local property="$1" - local file="$2" - local version= - - while IFS='=' read -r key value || [ -n "${key}" ]; - do - [[ ! "${key}" =~ \#.* && ! -z "${key}" && ! -z "${value}" ]] - key="$(io_trim "${key}")" - if [[ "${key}" == "${property}" ]]; then - version="${value}" && check=true && break - else - check=false - fi - done < "${file}" - if [[ "${check}" == "false" ]]; then - return - fi - echo "${version}" -} - -# create Log directory -createLogDir () { - if [[ "${INSTALLER}" == "${DEB_TYPE}" || "${INSTALLER}" == "${RPM_TYPE}" ]]; then - getUserAndGroupFromFile - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/log" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" - fi -} - -# Creating migration log file -creationMigrateLog () { - local LOG_FILE_NAME="migration.log" - createLogDir - local MIGRATION_LOG_FILE="${NEW_DATA_DIR}/log/${LOG_FILE_NAME}" - if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then - MIGRATION_LOG_FILE="${SCRIPT_HOME}/${LOG_FILE_NAME}" - fi - touch "${MIGRATION_LOG_FILE}" - setFilePermission "${LOG_FILE_PERMISSION}" "${MIGRATION_LOG_FILE}" - exec &> >(tee -a "${MIGRATION_LOG_FILE}") -} -# Set path where system.yaml should create -setSystemYamlPath () { - SYSTEM_YAML_PATH="${NEW_DATA_DIR}/etc/system.yaml" - if [[ "${INSTALLER}" != "${HELM_TYPE}" ]]; then - logger "system.yaml will be created in path [${SYSTEM_YAML_PATH}]" - fi -} -# Create directory -createDirectory () { - local directory="$1" - local output="$2" - local check=false - local message="Could not create directory ${directory}, please check if the user ${USER} has permissions to perform this action" - removeSoftLink "${directory}" - mkdir -p "${directory}" && check=true || check=false - if [[ "${check}" == "false" ]]; then - if [[ "${output}" == "Warning" ]]; then - warn "${message}" - else - errorExit "${message}" - fi - fi - setOwnershipBasedOnInstaller "${directory}" -} - -setOwnershipBasedOnInstaller () { - local directory="$1" - if [[ "${INSTALLER}" == "${DEB_TYPE}" || "${INSTALLER}" == "${RPM_TYPE}" ]]; then - getUserAndGroupFromFile - chown -R ${USER_TO_CHECK}:${GROUP_TO_CHECK} "${directory}" || warn "Setting ownership on $directory failed" - elif [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then - io_setOwnership "${directory}" "${JF_USER}" "${JF_USER}" - fi -} - -getUserAndGroup () { - local file="$1" - read uid gid <<<$(stat -c '%U %G' ${file}) - USER_TO_CHECK="${uid}" - GROUP_TO_CHECK="${gid}" -} - -# set ownership -getUserAndGroupFromFile () { - case $PRODUCT in - artifactory) - getUserAndGroup "/etc/opt/jfrog/artifactory/artifactory.properties" - ;; - distribution) - getUserAndGroup "${OLD_DATA_DIR}/etc/versions.properties" - ;; - xray) - getUserAndGroup "${OLD_DATA_DIR}/security/master.key" - ;; - esac -} - -# creating required directories -createRequiredDirs () { - bannerSubSection "CREATING REQUIRED DIRECTORIES" - if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/etc/security" "${JF_USER}" "${JF_USER}" "yes" - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/data" "${JF_USER}" "${JF_USER}" "yes" - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/log/archived" "${JF_USER}" "${JF_USER}" "yes" - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/work" "${JF_USER}" "${JF_USER}" "yes" - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/backup" "${JF_USER}" "${JF_USER}" "yes" - io_setOwnership "${NEW_DATA_DIR}" "${JF_USER}" "${JF_USER}" - if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" ]]; then - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/data/postgres" "${POSTGRES_USER}" "${POSTGRES_USER}" "yes" - fi - elif [[ "${INSTALLER}" == "${DEB_TYPE}" || "${INSTALLER}" == "${RPM_TYPE}" ]]; then - getUserAndGroupFromFile - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/etc" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" "yes" - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/etc/security" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" "yes" - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/data" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" "yes" - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/log/archived" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" "yes" - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/work" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" "yes" - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/backup" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" "yes" - fi -} - -# Check entry in map is format -checkMapEntry () { - local entry="$1" - - [[ "${entry}" != *"="* ]] && echo -n "false" || echo -n "true" -} -# Check value Empty and warn -warnIfEmpty () { - local filePath="$1" - local yamlPath="$2" - local check= - - if [[ -z "${filePath}" ]]; then - warn "Empty value in yamlpath [${yamlPath} in [${MIGRATION_SYSTEM_YAML_INFO}]" - check=false - else - check=true - fi - echo "${check}" -} - -logCopyStatus () { - local status="$1" - local logMessage="$2" - local warnMessage="$3" - - [[ "${status}" == "success" ]] && logger "${logMessage}" - [[ "${status}" == "fail" ]] && warn "${warnMessage}" -} -# copy contents from source to destination -copyCmd () { - local source="$1" - local target="$2" - local mode="$3" - local status= - - case $mode in - unique) - cp -up "${source}"/* "${target}"/ && status="success" || status="fail" - logCopyStatus "${status}" "Successfully copied directory contents from [${source}] to [${target}]" "Failed to copy directory contents from [${source}] to [${target}]" - ;; - specific) - cp -pf "${source}" "${target}"/ && status="success" || status="fail" - logCopyStatus "${status}" "Successfully copied file [${source}] to [${target}]" "Failed to copy file [${source}] to [${target}]" - ;; - patternFiles) - cp -pf "${source}"* "${target}"/ && status="success" || status="fail" - logCopyStatus "${status}" "Successfully copied files matching [${source}*] to [${target}]" "Failed to copy files matching [${source}*] to [${target}]" - ;; - full) - cp -prf "${source}"/* "${target}"/ && status="success" || status="fail" - logCopyStatus "${status}" "Successfully copied directory contents from [${source}] to [${target}]" "Failed to copy directory contents from [${source}] to [${target}]" - ;; - esac -} -# Check contents exist in source before copying -copyOnContentExist () { - local source="$1" - local target="$2" - local mode="$3" - - if [[ "$(checkContentExists "${source}")" == "true" ]]; then - copyCmd "${source}" "${target}" "${mode}" - else - logger "No contents to copy from [${source}]" - fi -} - -# move source to destination -moveCmd () { - local source="$1" - local target="$2" - local status= - - mv -f "${source}" "${target}" && status="success" || status="fail" - [[ "${status}" == "success" ]] && logger "Successfully moved directory [${source}] to [${target}]" - [[ "${status}" == "fail" ]] && warn "Failed to move directory [${source}] to [${target}]" -} - -# symlink target to source -symlinkCmd () { - local source="$1" - local target="$2" - local symlinkSubDir="$3" - local check=false - - if [[ "${symlinkSubDir}" == "subDir" ]]; then - ln -sf "${source}"/* "${target}" && check=true || check=false - else - ln -sf "${source}" "${target}" && check=true || check=false - fi - - [[ "${check}" == "true" ]] && logger "Successfully symlinked directory [${target}] to old [${source}]" - [[ "${check}" == "false" ]] && warn "Symlink operation failed" -} -# Check contents exist in source before symlinking -symlinkOnExist () { - local source="$1" - local target="$2" - local symlinkSubDir="$3" - - if [[ "$(checkContentExists "${source}")" == "true" ]]; then - if [[ "${symlinkSubDir}" == "subDir" ]]; then - symlinkCmd "${source}" "${target}" "subDir" - else - symlinkCmd "${source}" "${target}" - fi - else - logger "No contents to symlink from [${source}]" - fi -} - -prependDir () { - local absolutePath="$1" - local fullPath="$2" - local sourcePath= - - if [[ "${absolutePath}" = \/* ]]; then - sourcePath="${absolutePath}" - else - sourcePath="${fullPath}" - fi - echo "${sourcePath}" -} - -getFirstEntry (){ - local entry="$1" - - [[ -z "${entry}" ]] && return - echo "${entry}" | awk -F"=" '{print $1}' -} - -getSecondEntry () { - local entry="$1" - - [[ -z "${entry}" ]] && return - echo "${entry}" | awk -F"=" '{print $2}' -} -# To get absolutePath -pathResolver () { - local directoryPath="$1" - local dataDir= - - if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then - retrieveYamlValue "migration.oldDataDir" "oldDataDir" "Warning" - dataDir="${YAML_VALUE}" - cd "${dataDir}" - else - cd "${OLD_DATA_DIR}" - fi - absoluteDir="`cd "${directoryPath}";pwd`" - echo "${absoluteDir}" -} - -checkPathResolver () { - local value="$1" - - if [[ "${value}" == \/* ]]; then - value="${value}" - else - value="$(pathResolver "${value}")" - fi - echo "${value}" -} - -propertyMigrate () { - local entry="$1" - local filePath="$2" - local fileName="$3" - local check=false - - local yamlPath="$(getFirstEntry "${entry}")" - local property="$(getSecondEntry "${entry}")" - if [[ -z "${property}" ]]; then - warn "Property is empty in map [${entry}] in the file [${MIGRATION_SYSTEM_YAML_INFO}]" - return - fi - if [[ -z "${yamlPath}" ]]; then - warn "yamlPath is empty for [${property}] in [${MIGRATION_SYSTEM_YAML_INFO}]" - return - fi - while IFS='=' read -r key value || [ -n "${key}" ]; - do - [[ ! "${key}" =~ \#.* && ! -z "${key}" && ! -z "${value}" ]] - key="$(io_trim "${key}")" - if [[ "${key}" == "${property}" ]]; then - if [[ "${PRODUCT}" == "artifactory" ]]; then - value="$(migrateResolveDerbyPath "${key}" "${value}")" - value="$(migrateResolveHaDirPath "${key}" "${value}")" - value="$(updatePostgresUrlString_Hook "${yamlPath}" "${value}")" - fi - if [[ "${key}" == "context.url" ]]; then - local ip=$(echo "${value}" | awk -F/ '{print $3}' | sed 's/:.*//') - setSystemValue "shared.node.ip" "${ip}" "${SYSTEM_YAML_PATH}" - logger "Setting [shared.node.ip] with [${ip}] in system.yaml" - fi - setSystemValue "${yamlPath}" "${value}" "${SYSTEM_YAML_PATH}" && logger "Setting [${yamlPath}] with value of the property [${property}] in system.yaml" && check=true && break || check=false - fi - done < "${NEW_DATA_DIR}/${filePath}/${fileName}" - [[ "${check}" == "false" ]] && logger "Property [${property}] not found in file [${fileName}]" -} - -setHaEnabled_hook () { - echo "" -} - -migratePropertiesFiles () { - local fileList= - local filePath= - local fileName= - local map= - - retrieveYamlValue "migration.propertyFiles.files" "fileList" "Skip" - fileList="${YAML_VALUE}" - if [[ -z "${fileList}" ]]; then - return - fi - bannerSection "PROCESSING MIGRATION OF PROPERTY FILES" - for file in ${fileList}; - do - bannerSubSection "Processing Migration of $file" - retrieveYamlValue "migration.propertyFiles.$file.filePath" "filePath" "Warning" - filePath="${YAML_VALUE}" - retrieveYamlValue "migration.propertyFiles.$file.fileName" "fileName" "Warning" - fileName="${YAML_VALUE}" - [[ -z "${filePath}" && -z "${fileName}" ]] && continue - if [[ "$(checkFileExists "${NEW_DATA_DIR}/${filePath}/${fileName}")" == "true" ]]; then - logger "File [${fileName}] found in path [${NEW_DATA_DIR}/${filePath}]" - # setting haEnabled with true only if ha-node.properties is present - setHaEnabled_hook "${filePath}" - retrieveYamlValue "migration.propertyFiles.$file.map" "map" "Warning" - map="${YAML_VALUE}" - [[ -z "${map}" ]] && continue - for entry in $map; - do - if [[ "$(checkMapEntry "${entry}")" == "true" ]]; then - propertyMigrate "${entry}" "${filePath}" "${fileName}" - else - warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e yamlPath=property" - fi - done - else - logger "File [${fileName}] was not found in path [${NEW_DATA_DIR}/${filePath}] to migrate" - fi - done -} - -createTargetDir () { - local mountDir="$1" - local target="$2" - - logger "Target directory not found [${mountDir}/${target}], creating it" - createDirectoryRecursive "${mountDir}" "${target}" "Warning" -} - -createDirectoryRecursive () { - local mountDir="$1" - local target="$2" - local output="$3" - local check=false - local message="Could not create directory ${directory}, please check if the user ${USER} has permissions to perform this action" - removeSoftLink "${mountDir}/${target}" - local directory=$(echo "${target}" | tr '/' ' ' ) - local targetDir="${mountDir}" - for dir in ${directory}; - do - targetDir="${targetDir}/${dir}" - mkdir -p "${targetDir}" && check=true || check=false - setOwnershipBasedOnInstaller "${targetDir}" - done - if [[ "${check}" == "false" ]]; then - if [[ "${output}" == "Warning" ]]; then - warn "${message}" - else - errorExit "${message}" - fi - fi -} - -copyOperation () { - local source="$1" - local target="$2" - local mode="$3" - local check=false - local targetDataDir= - local targetLink= - local date= - - # prepend OLD_DATA_DIR only if source is relative path - source="$(prependDir "${source}" "${OLD_DATA_DIR}/${source}")" - if [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then - targetDataDir="${NEW_DATA_DIR}" - else - targetDataDir="`cd "${NEW_DATA_DIR}"/../;pwd`" - fi - copyLogMessage "${mode}" - #remove source if it is a symlink - if [[ -L "${source}" ]]; then - targetLink=$(readlink -f "${source}") - logger "Removing the symlink [${source}] pointing to [${targetLink}]" - rm -f "${source}" - source=${targetLink} - fi - if [[ "$(checkDirExists "${source}")" != "true" ]]; then - logger "Source [${source}] directory not found in path" - return - fi - if [[ "$(checkDirContents "${source}")" != "true" ]]; then - logger "No contents to copy from [${source}]" - return - fi - if [[ "$(checkDirExists "${targetDataDir}/${target}")" != "true" ]]; then - createTargetDir "${targetDataDir}" "${target}" - fi - copyOnContentExist "${source}" "${targetDataDir}/${target}" "${mode}" -} - -copySpecificFiles () { - local source="$1" - local target="$2" - local mode="$3" - - # prepend OLD_DATA_DIR only if source is relative path - source="$(prependDir "${source}" "${OLD_DATA_DIR}/${source}")" - if [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then - targetDataDir="${NEW_DATA_DIR}" - else - targetDataDir="`cd "${NEW_DATA_DIR}"/../;pwd`" - fi - copyLogMessage "${mode}" - if [[ "$(checkFileExists "${source}")" != "true" ]]; then - logger "Source file [${source}] does not exist in path" - return - fi - if [[ "$(checkDirExists "${targetDataDir}/${target}")" != "true" ]]; then - createTargetDir "${targetDataDir}" "${target}" - fi - copyCmd "${source}" "${targetDataDir}/${target}" "${mode}" -} - -copyPatternMatchingFiles () { - local source="$1" - local target="$2" - local mode="$3" - local sourcePath="${4}" - - # prepend OLD_DATA_DIR only if source is relative path - sourcePath="$(prependDir "${sourcePath}" "${OLD_DATA_DIR}/${sourcePath}")" - if [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then - targetDataDir="${NEW_DATA_DIR}" - else - targetDataDir="`cd "${NEW_DATA_DIR}"/../;pwd`" - fi - copyLogMessage "${mode}" - if [[ "$(checkDirExists "${sourcePath}")" != "true" ]]; then - logger "Source [${sourcePath}] directory not found in path" - return - fi - if ls "${sourcePath}/${source}"* 1> /dev/null 2>&1; then - if [[ "$(checkDirExists "${targetDataDir}/${target}")" != "true" ]]; then - createTargetDir "${targetDataDir}" "${target}" - fi - copyCmd "${sourcePath}/${source}" "${targetDataDir}/${target}" "${mode}" - else - logger "Source file [${sourcePath}/${source}*] does not exist in path" - fi -} - -copyLogMessage () { - local mode="$1" - case $mode in - specific) - logger "Copy file [${source}] to target [${targetDataDir}/${target}]" - ;; - patternFiles) - logger "Copy files matching [${sourcePath}/${source}*] to target [${targetDataDir}/${target}]" - ;; - full) - logger "Copy directory contents from source [${source}] to target [${targetDataDir}/${target}]" - ;; - unique) - logger "Copy directory contents from source [${source}] to target [${targetDataDir}/${target}]" - ;; - esac -} - -copyBannerMessages () { - local mode="$1" - local textMode="$2" - case $mode in - specific) - bannerSection "COPY ${textMode} FILES" - ;; - patternFiles) - bannerSection "COPY MATCHING ${textMode}" - ;; - full) - bannerSection "COPY ${textMode} DIRECTORIES CONTENTS" - ;; - unique) - bannerSection "COPY ${textMode} DIRECTORIES CONTENTS" - ;; - esac -} - -invokeCopyFunctions () { - local mode="$1" - local source="$2" - local target="$3" - - case $mode in - specific) - copySpecificFiles "${source}" "${target}" "${mode}" - ;; - patternFiles) - retrieveYamlValue "migration.${copyFormat}.sourcePath" "map" "Warning" - local sourcePath="${YAML_VALUE}" - copyPatternMatchingFiles "${source}" "${target}" "${mode}" "${sourcePath}" - ;; - full) - copyOperation "${source}" "${target}" "${mode}" - ;; - unique) - copyOperation "${source}" "${target}" "${mode}" - ;; - esac -} -# Copies contents from source directory and target directory -copyDataDirectories () { - local copyFormat="$1" - local mode="$2" - local map= - local source= - local target= - local textMode= - local targetDataDir= - local copyFormatValue= - - retrieveYamlValue "migration.${copyFormat}" "${copyFormat}" "Skip" - copyFormatValue="${YAML_VALUE}" - if [[ -z "${copyFormatValue}" ]]; then - return - fi - textMode=$(echo "${mode}" | tr '[:lower:]' '[:upper:]' 2>/dev/null) - copyBannerMessages "${mode}" "${textMode}" - retrieveYamlValue "migration.${copyFormat}.map" "map" "Warning" - map="${YAML_VALUE}" - if [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then - targetDataDir="${NEW_DATA_DIR}" - else - targetDataDir="`cd "${NEW_DATA_DIR}"/../;pwd`" - fi - for entry in $map; - do - if [[ "$(checkMapEntry "${entry}")" == "true" ]]; then - source="$(getSecondEntry "${entry}")" - target="$(getFirstEntry "${entry}")" - [[ -z "${source}" ]] && warn "source value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue - [[ -z "${target}" ]] && warn "target value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue - invokeCopyFunctions "${mode}" "${source}" "${target}" - else - warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e target=source" - fi - echo ""; - done -} - -invokeMoveFunctions () { - local source="$1" - local target="$2" - local sourceDataDir= - local targetBasename= - # prepend OLD_DATA_DIR only if source is relative path - sourceDataDir=$(prependDir "${source}" "${OLD_DATA_DIR}/${source}") - targetBasename=$(dirname "${target}") - logger "Moving directory source [${sourceDataDir}] to target [${NEW_DATA_DIR}/${target}]" - if [[ "$(checkDirExists "${sourceDataDir}")" != "true" ]]; then - logger "Directory [${sourceDataDir}] not found in path to move" - return - fi - if [[ "$(checkDirExists "${NEW_DATA_DIR}/${targetBasename}")" != "true" ]]; then - createTargetDir "${NEW_DATA_DIR}" "${targetBasename}" - moveCmd "${sourceDataDir}" "${NEW_DATA_DIR}/${target}" - else - moveCmd "${sourceDataDir}" "${NEW_DATA_DIR}/tempDir" - moveCmd "${NEW_DATA_DIR}/tempDir" "${NEW_DATA_DIR}/${target}" - fi -} - -# Move source directory and target directory -moveDirectories () { - local moveDataDirectories= - local map= - local source= - local target= - - retrieveYamlValue "migration.moveDirectories" "moveDirectories" "Skip" - moveDirectories="${YAML_VALUE}" - if [[ -z "${moveDirectories}" ]]; then - return - fi - bannerSection "MOVE DIRECTORIES" - retrieveYamlValue "migration.moveDirectories.map" "map" "Warning" - map="${YAML_VALUE}" - for entry in $map; - do - if [[ "$(checkMapEntry "${entry}")" == "true" ]]; then - source="$(getSecondEntry "${entry}")" - target="$(getFirstEntry "${entry}")" - [[ -z "${source}" ]] && warn "source value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue - [[ -z "${target}" ]] && warn "target value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue - invokeMoveFunctions "${source}" "${target}" - else - warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e target=source" - fi - echo ""; - done -} - -# Trim masterKey if its generated using hex 32 -trimMasterKey () { - local masterKeyDir=/opt/jfrog/artifactory/var/etc/security - local oldMasterKey=$(<${masterKeyDir}/master.key) - local oldMasterKey_Length=$(echo ${#oldMasterKey}) - local newMasterKey= - if [[ ${oldMasterKey_Length} -gt 32 ]]; then - bannerSection "TRIM MASTERKEY" - newMasterKey=$(echo ${oldMasterKey:0:32}) - cp ${masterKeyDir}/master.key ${masterKeyDir}/backup_master.key - logger "Original masterKey is backed up : ${masterKeyDir}/backup_master.key" - rm -rf ${masterKeyDir}/master.key - echo ${newMasterKey} > ${masterKeyDir}/master.key - logger "masterKey is trimmed : ${masterKeyDir}/master.key" - fi -} - -copyDirectories () { - - copyDataDirectories "copyFiles" "full" - copyDataDirectories "copyUniqueFiles" "unique" - copyDataDirectories "copySpecificFiles" "specific" - copyDataDirectories "copyPatternMatchingFiles" "patternFiles" -} - -symlinkDir () { - local source="$1" - local target="$2" - local targetDir= - local basename= - local targetParentDir= - - targetDir="$(dirname "${target}")" - if [[ "${targetDir}" == "${source}" ]]; then - # symlink the sub directories - createDirectory "${NEW_DATA_DIR}/${target}" "Warning" - if [[ "$(checkDirExists "${NEW_DATA_DIR}/${target}")" == "true" ]]; then - symlinkOnExist "${OLD_DATA_DIR}/${source}" "${NEW_DATA_DIR}/${target}" "subDir" - basename="$(basename "${target}")" - cd "${NEW_DATA_DIR}/${target}" && rm -f "${basename}" - fi - else - targetParentDir="$(dirname "${NEW_DATA_DIR}/${target}")" - createDirectory "${targetParentDir}" "Warning" - if [[ "$(checkDirExists "${targetParentDir}")" == "true" ]]; then - symlinkOnExist "${OLD_DATA_DIR}/${source}" "${NEW_DATA_DIR}/${target}" - fi - fi -} - -symlinkOperation () { - local source="$1" - local target="$2" - local check=false - local targetLink= - local date= - - # Check if source is a link and do symlink - if [[ -L "${OLD_DATA_DIR}/${source}" ]]; then - targetLink=$(readlink -f "${OLD_DATA_DIR}/${source}") - symlinkOnExist "${targetLink}" "${NEW_DATA_DIR}/${target}" - else - # check if source is directory and do symlink - if [[ "$(checkDirExists "${OLD_DATA_DIR}/${source}")" != "true" ]]; then - logger "Source [${source}] directory not found in path to symlink" - return - fi - if [[ "$(checkDirContents "${OLD_DATA_DIR}/${source}")" != "true" ]]; then - logger "No contents found in [${OLD_DATA_DIR}/${source}] to symlink" - return - fi - if [[ "$(checkDirExists "${NEW_DATA_DIR}/${target}")" != "true" ]]; then - logger "Target directory [${NEW_DATA_DIR}/${target}] does not exist to create symlink, creating it" - symlinkDir "${source}" "${target}" - else - rm -rf "${NEW_DATA_DIR}/${target}" && check=true || check=false - [[ "${check}" == "false" ]] && warn "Failed to remove contents in [${NEW_DATA_DIR}/${target}/]" - symlinkDir "${source}" "${target}" - fi - fi -} -# Creates a symlink path - Source directory to which the symbolic link should point. -symlinkDirectories () { - local linkFiles= - local map= - local source= - local target= - - retrieveYamlValue "migration.linkFiles" "linkFiles" "Skip" - linkFiles="${YAML_VALUE}" - if [[ -z "${linkFiles}" ]]; then - return - fi - bannerSection "SYMLINK DIRECTORIES" - retrieveYamlValue "migration.linkFiles.map" "map" "Warning" - map="${YAML_VALUE}" - for entry in $map; - do - if [[ "$(checkMapEntry "${entry}")" == "true" ]]; then - source="$(getSecondEntry "${entry}")" - target="$(getFirstEntry "${entry}")" - logger "Symlink directory [${NEW_DATA_DIR}/${target}] to old [${OLD_DATA_DIR}/${source}]" - [[ -z "${source}" ]] && warn "source value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue - [[ -z "${target}" ]] && warn "target value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue - symlinkOperation "${source}" "${target}" - else - warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e target=source" - fi - echo ""; - done -} - -updateConnectionString () { - local yamlPath="$1" - local value="$2" - local mongoPath="shared.mongo.url" - local rabbitmqPath="shared.rabbitMq.url" - local postgresPath="shared.database.url" - local redisPath="shared.redis.connectionString" - local mongoConnectionString="mongo.connectionString" - local sourceKey= - local hostIp=$(io_getPublicHostIP) - local hostKey= - - if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then - # Replace @postgres:,@mongodb:,@rabbitmq:,@redis: to @{hostIp}: (Compose Installer) - hostKey="@${hostIp}:" - case $yamlPath in - ${postgresPath}) - sourceKey="@postgres:" - value=$(io_replaceString "${value}" "${sourceKey}" "${hostKey}") - ;; - ${mongoPath}) - sourceKey="@mongodb:" - value=$(io_replaceString "${value}" "${sourceKey}" "${hostKey}") - ;; - ${rabbitmqPath}) - sourceKey="@rabbitmq:" - value=$(io_replaceString "${value}" "${sourceKey}" "${hostKey}") - ;; - ${redisPath}) - sourceKey="@redis:" - value=$(io_replaceString "${value}" "${sourceKey}" "${hostKey}") - ;; - ${mongoConnectionString}) - sourceKey="@mongodb:" - value=$(io_replaceString "${value}" "${sourceKey}" "${hostKey}") - ;; - esac - fi - echo -n "${value}" -} - -yamlMigrate () { - local entry="$1" - local sourceFile="$2" - local value= - local yamlPath= - local key= - yamlPath="$(getFirstEntry "${entry}")" - key="$(getSecondEntry "${entry}")" - if [[ -z "${key}" ]]; then - warn "key is empty in map [${entry}] in the file [${MIGRATION_SYSTEM_YAML_INFO}]" - return - fi - if [[ -z "${yamlPath}" ]]; then - warn "yamlPath is empty for [${key}] in [${MIGRATION_SYSTEM_YAML_INFO}]" - return - fi - getYamlValue "${key}" "${sourceFile}" "false" - value="${YAML_VALUE}" - if [[ ! -z "${value}" ]]; then - value=$(updateConnectionString "${yamlPath}" "${value}") - fi - if [[ "${PRODUCT}" == "artifactory" ]]; then - replicatorProfiling - fi - if [[ -z "${value}" ]]; then - logger "No value for [${key}] in [${sourceFile}]" - else - setSystemValue "${yamlPath}" "${value}" "${SYSTEM_YAML_PATH}" - logger "Setting [${yamlPath}] with value of the key [${key}] in system.yaml" - fi -} - -migrateYamlFile () { - local files= - local filePath= - local fileName= - local sourceFile= - local map= - retrieveYamlValue "migration.yaml.files" "files" "Skip" - files="${YAML_VALUE}" - if [[ -z "${files}" ]]; then - return - fi - bannerSection "MIGRATION OF YAML FILES" - for file in $files; - do - bannerSubSection "Processing Migration of $file" - retrieveYamlValue "migration.yaml.$file.filePath" "filePath" "Warning" - filePath="${YAML_VALUE}" - retrieveYamlValue "migration.yaml.$file.fileName" "fileName" "Warning" - fileName="${YAML_VALUE}" - [[ -z "${filePath}" && -z "${fileName}" ]] && continue - sourceFile="${NEW_DATA_DIR}/${filePath}/${fileName}" - if [[ "$(checkFileExists "${sourceFile}")" == "true" ]]; then - logger "File [${fileName}] found in path [${NEW_DATA_DIR}/${filePath}]" - retrieveYamlValue "migration.yaml.$file.map" "map" "Warning" - map="${YAML_VALUE}" - [[ -z "${map}" ]] && continue - for entry in $map; - do - if [[ "$(checkMapEntry "${entry}")" == "true" ]]; then - yamlMigrate "${entry}" "${sourceFile}" - else - warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e yamlPath=key" - fi - done - else - logger "File [${fileName}] is not found in path [${NEW_DATA_DIR}/${filePath}] to migrate" - fi - done -} -# updates the key and value in system.yaml -updateYamlKeyValue () { - local entry="$1" - local value= - local yamlPath= - local key= - - yamlPath="$(getFirstEntry "${entry}")" - value="$(getSecondEntry "${entry}")" - if [[ -z "${value}" ]]; then - warn "value is empty in map [${entry}] in the file [${MIGRATION_SYSTEM_YAML_INFO}]" - return - fi - if [[ -z "${yamlPath}" ]]; then - warn "yamlPath is empty for [${key}] in [${MIGRATION_SYSTEM_YAML_INFO}]" - return - fi - setSystemValue "${yamlPath}" "${value}" "${SYSTEM_YAML_PATH}" - logger "Setting [${yamlPath}] with value [${value}] in system.yaml" -} - -updateSystemYamlFile () { - local updateYaml= - local map= - - retrieveYamlValue "migration.updateSystemYaml" "updateYaml" "Skip" - updateSystemYaml="${YAML_VALUE}" - if [[ -z "${updateSystemYaml}" ]]; then - return - fi - bannerSection "UPDATE SYSTEM YAML FILE WITH KEY AND VALUES" - retrieveYamlValue "migration.updateSystemYaml.map" "map" "Warning" - map="${YAML_VALUE}" - if [[ -z "${map}" ]]; then - return - fi - for entry in $map; - do - if [[ "$(checkMapEntry "${entry}")" == "true" ]]; then - updateYamlKeyValue "${entry}" - else - warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e yamlPath=key" - fi - done -} - -backupFiles_hook () { - logSilly "Method ${FUNCNAME[0]}" -} - -backupDirectory () { - local backupDir="$1" - local dir="$2" - local targetDir="$3" - local effectiveUser= - local effectiveGroup= - - if [[ "${dir}" = \/* ]]; then - dir=$(echo "${dir/\//}") - fi - - if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then - effectiveUser="${JF_USER}" - effectiveGroup="${JF_USER}" - elif [[ "${INSTALLER}" == "${DEB_TYPE}" || "${INSTALLER}" == "${RPM_TYPE}" ]]; then - effectiveUser="${USER_TO_CHECK}" - effectiveGroup="${GROUP_TO_CHECK}" - fi - - removeSoftLinkAndCreateDir "${backupDir}" "${effectiveUser}" "${effectiveGroup}" "yes" - local backupDirectory="${backupDir}/${PRODUCT}" - removeSoftLinkAndCreateDir "${backupDirectory}" "${effectiveUser}" "${effectiveGroup}" "yes" - removeSoftLinkAndCreateDir "${backupDirectory}/${dir}" "${effectiveUser}" "${effectiveGroup}" "yes" - local outputCheckDirExists="$(checkDirExists "${backupDirectory}/${dir}")" - if [[ "${outputCheckDirExists}" == "true" ]]; then - copyOnContentExist "${targetDir}" "${backupDirectory}/${dir}" "full" - fi -} - -removeOldDirectory () { - local backupDir="$1" - local entry="$2" - local check=false - - # prepend OLD_DATA_DIR only if entry is relative path - local targetDir="$(prependDir "${entry}" "${OLD_DATA_DIR}/${entry}")" - local outputCheckDirExists="$(checkDirExists "${targetDir}")" - if [[ "${outputCheckDirExists}" != "true" ]]; then - logger "No [${targetDir}] directory found to delete" - echo ""; - return - fi - backupDirectory "${backupDir}" "${entry}" "${targetDir}" - rm -rf "${targetDir}" && check=true || check=false - [[ "${check}" == "true" ]] && logger "Successfully removed directory [${targetDir}]" - [[ "${check}" == "false" ]] && warn "Failed to remove directory [${targetDir}]" - echo ""; -} - -cleanUpOldDataDirectories () { - local cleanUpOldDataDir= - local map= - local entry= - - retrieveYamlValue "migration.cleanUpOldDataDir" "cleanUpOldDataDir" "Skip" - cleanUpOldDataDir="${YAML_VALUE}" - if [[ -z "${cleanUpOldDataDir}" ]]; then - return - fi - bannerSection "CLEAN UP OLD DATA DIRECTORIES" - retrieveYamlValue "migration.cleanUpOldDataDir.map" "map" "Warning" - map="${YAML_VALUE}" - [[ -z "${map}" ]] && continue - date="$(date +%Y%m%d%H%M)" - backupDir="${NEW_DATA_DIR}/backup/backup-${date}" - bannerImportant "****** Old data configurations are backedup in [${backupDir}] directory ******" - backupFiles_hook "${backupDir}/${PRODUCT}" - for entry in $map; - do - removeOldDirectory "${backupDir}" "${entry}" - done -} - -backupFiles () { - local backupDir="$1" - local dir="$2" - local targetDir="$3" - local fileName="$4" - local effectiveUser= - local effectiveGroup= - - if [[ "${dir}" = \/* ]]; then - dir=$(echo "${dir/\//}") - fi - - if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then - effectiveUser="${JF_USER}" - effectiveGroup="${JF_USER}" - elif [[ "${INSTALLER}" == "${DEB_TYPE}" || "${INSTALLER}" == "${RPM_TYPE}" ]]; then - effectiveUser="${USER_TO_CHECK}" - effectiveGroup="${GROUP_TO_CHECK}" - fi - - removeSoftLinkAndCreateDir "${backupDir}" "${effectiveUser}" "${effectiveGroup}" "yes" - local backupDirectory="${backupDir}/${PRODUCT}" - removeSoftLinkAndCreateDir "${backupDirectory}" "${effectiveUser}" "${effectiveGroup}" "yes" - removeSoftLinkAndCreateDir "${backupDirectory}/${dir}" "${effectiveUser}" "${effectiveGroup}" "yes" - local outputCheckDirExists="$(checkDirExists "${backupDirectory}/${dir}")" - if [[ "${outputCheckDirExists}" == "true" ]]; then - copyCmd "${targetDir}/${fileName}" "${backupDirectory}/${dir}" "specific" - fi -} - -removeOldFiles () { - local backupDir="$1" - local directoryName="$2" - local fileName="$3" - local check=false - - # prepend OLD_DATA_DIR only if entry is relative path - local targetDir="$(prependDir "${directoryName}" "${OLD_DATA_DIR}/${directoryName}")" - local outputCheckFileExists="$(checkFileExists "${targetDir}/${fileName}")" - if [[ "${outputCheckFileExists}" != "true" ]]; then - logger "No [${targetDir}/${fileName}] file found to delete" - return - fi - backupFiles "${backupDir}" "${directoryName}" "${targetDir}" "${fileName}" - rm -f "${targetDir}/${fileName}" && check=true || check=false - [[ "${check}" == "true" ]] && logger "Successfully removed file [${targetDir}/${fileName}]" - [[ "${check}" == "false" ]] && warn "Failed to remove file [${targetDir}/${fileName}]" - echo ""; -} - -cleanUpOldFiles () { - local cleanUpFiles= - local map= - local entry= - - retrieveYamlValue "migration.cleanUpOldFiles" "cleanUpOldFiles" "Skip" - cleanUpOldFiles="${YAML_VALUE}" - if [[ -z "${cleanUpOldFiles}" ]]; then - return - fi - bannerSection "CLEAN UP OLD FILES" - retrieveYamlValue "migration.cleanUpOldFiles.map" "map" "Warning" - map="${YAML_VALUE}" - [[ -z "${map}" ]] && continue - date="$(date +%Y%m%d%H%M)" - backupDir="${NEW_DATA_DIR}/backup/backup-${date}" - bannerImportant "****** Old files are backedup in [${backupDir}] directory ******" - for entry in $map; - do - local outputCheckMapEntry="$(checkMapEntry "${entry}")" - if [[ "${outputCheckMapEntry}" != "true" ]]; then - warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e directoryName=fileName" - fi - local fileName="$(getSecondEntry "${entry}")" - local directoryName="$(getFirstEntry "${entry}")" - [[ -z "${fileName}" ]] && warn "File name value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue - [[ -z "${directoryName}" ]] && warn "Directory name value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue - removeOldFiles "${backupDir}" "${directoryName}" "${fileName}" - echo ""; - done -} - -startMigration () { - bannerSection "STARTING MIGRATION" -} - -endMigration () { - bannerSection "MIGRATION COMPLETED SUCCESSFULLY" -} - -initialize () { - setAppDir - _pauseExecution "setAppDir" - initHelpers - _pauseExecution "initHelpers" - checkMigrationInfoYaml - _pauseExecution "checkMigrationInfoYaml" - getProduct - _pauseExecution "getProduct" - getDataDir - _pauseExecution "getDataDir" -} - -main () { - case $PRODUCT in - artifactory) - migrateArtifactory - ;; - distribution) - migrateDistribution - ;; - xray) - migrationXray - ;; - esac - exit 0 -} - -# Ensures meta data is logged -LOG_BEHAVIOR_ADD_META="$FLAG_Y" - - -migrateResolveDerbyPath () { - local key="$1" - local value="$2" - - if [[ "${key}" == "url" && "${value}" == *"db.home"* ]]; then - if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" ]]; then - derbyPath="/opt/jfrog/artifactory/var/data/artifactory/derby" - value=$(echo "${value}" | sed "s|{db.home}|$derbyPath|") - else - derbyPath="${NEW_DATA_DIR}/data/artifactory/derby" - value=$(echo "${value}" | sed "s|{db.home}|$derbyPath|") - fi - fi - echo "${value}" -} - -migrateResolveHaDirPath () { - local key="$1" - local value="$2" - - if [[ "${INSTALLER}" == "${RPM_TYPE}" || "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" || "${INSTALLER}" == "${DEB_TYPE}" ]]; then - if [[ "${key}" == "artifactory.ha.data.dir" || "${key}" == "artifactory.ha.backup.dir" ]]; then - value=$(checkPathResolver "${value}") - fi - fi - echo "${value}" -} -updatePostgresUrlString_Hook () { - local yamlPath="$1" - local value="$2" - local hostIp=$(io_getPublicHostIP) - local sourceKey="//postgresql:" - if [[ "${yamlPath}" == "shared.database.url" ]]; then - value=$(io_replaceString "${value}" "${sourceKey}" "//${hostIp}:" "#") - fi - echo "${value}" -} -# Check Artifactory product version -checkArtifactoryVersion () { - local minProductVersion="6.0.0" - local maxProductVersion="7.0.0" - local propertyInDocker="ARTIFACTORY_VERSION" - local property="artifactory.version" - - if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" ]]; then - local newfilePath="${APP_DIR}/../.env" - local oldfilePath="${OLD_DATA_DIR}/etc/artifactory.properties" - elif [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then - local oldfilePath="${OLD_DATA_DIR}/etc/artifactory.properties" - elif [[ "${INSTALLER}" == "${ZIP_TYPE}" ]]; then - local newfilePath="${NEW_DATA_DIR}/etc/artifactory/artifactory.properties" - local oldfilePath="${OLD_DATA_DIR}/etc/artifactory.properties" - else - local newfilePath="${NEW_DATA_DIR}/etc/artifactory/artifactory.properties" - local oldfilePath="/etc/opt/jfrog/artifactory/artifactory.properties" - fi - - getProductVersion "${minProductVersion}" "${maxProductVersion}" "${newfilePath}" "${oldfilePath}" "${propertyInDocker}" "${property}" -} - -getCustomDataDir_hook () { - retrieveYamlValue "migration.oldDataDir" "oldDataDir" "Fail" - OLD_DATA_DIR="${YAML_VALUE}" -} - -# Get protocol value of connector -getXmlConnectorProtocol () { - local i="$1" - local filePath="$2" - local fileName="$3" - local protocolValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@protocol' ${filePath}/${fileName} 2>/dev/null |awk -F"=" '{print $2}' | tr -d '"') - echo -e "${protocolValue}" -} - -# Get all attributes of connector -getXmlConnectorAttributes () { - local i="$1" - local filePath="$2" - local fileName="$3" - local connectorAttributes=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@*' ${filePath}/${fileName} 2>/dev/null) - # strip leading and trailing spaces - connectorAttributes=$(io_trim "${connectorAttributes}") - echo "${connectorAttributes}" -} - -# Get port value of connector -getXmlConnectorPort () { - local i="$1" - local filePath="$2" - local fileName="$3" - local portValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@port' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') - echo -e "${portValue}" -} - -# Get maxThreads value of connector -getXmlConnectorMaxThreads () { - local i="$1" - local filePath="$2" - local fileName="$3" - local maxThreadValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@maxThreads' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') - echo -e "${maxThreadValue}" -} -# Get sendReasonPhrase value of connector -getXmlConnectorSendReasonPhrase () { - local i="$1" - local filePath="$2" - local fileName="$3" - local sendReasonPhraseValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@sendReasonPhrase' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') - echo -e "${sendReasonPhraseValue}" -} -# Get relaxedPathChars value of connector -getXmlConnectorRelaxedPathChars () { - local i="$1" - local filePath="$2" - local fileName="$3" - local relaxedPathCharsValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@relaxedPathChars' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') - # strip leading and trailing spaces - relaxedPathCharsValue=$(io_trim "${relaxedPathCharsValue}") - echo -e "${relaxedPathCharsValue}" -} -# Get relaxedQueryChars value of connector -getXmlConnectorRelaxedQueryChars () { - local i="$1" - local filePath="$2" - local fileName="$3" - local relaxedQueryCharsValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@relaxedQueryChars' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') - # strip leading and trailing spaces - relaxedQueryCharsValue=$(io_trim "${relaxedQueryCharsValue}") - echo -e "${relaxedQueryCharsValue}" -} - -# Updating system.yaml with Connector port -setConnectorPort () { - local yamlPath="$1" - local valuePort="$2" - local portYamlPath= - if [[ -z "${yamlPath}" ]]; then - return - fi - if [[ -z "${valuePort}" ]]; then - warn "port value is empty, could not migrate to system.yaml" - return - fi - ## Getting port yaml path from migration info yaml - retrieveYamlValue "${yamlPath}" portYamlPath "Warning" - portYamlPath="${YAML_VALUE}" - if [[ -z "${portYamlPath}" ]]; then - return - fi - setSystemValue "${portYamlPath}" "${valuePort}" "${SYSTEM_YAML_PATH}" - logger "Setting [${portYamlPath}] with value [${valuePort}] in system.yaml" -} - -# Updating system.yaml with Connector maxThreads -setConnectorMaxThread () { - local yamlPath="$1" - local threadValue="$2" - local maxThreadYamlPath= - if [[ -z "${yamlPath}" ]]; then - return - fi - if [[ -z "${threadValue}" ]]; then - return - fi - ## Getting max Threads yaml path from migration info yaml - retrieveYamlValue "${yamlPath}" maxThreadYamlPath "Warning" - maxThreadYamlPath="${YAML_VALUE}" - if [[ -z "${maxThreadYamlPath}" ]]; then - return - fi - setSystemValue "${maxThreadYamlPath}" "${threadValue}" "${SYSTEM_YAML_PATH}" - logger "Setting [${maxThreadYamlPath}] with value [${threadValue}] in system.yaml" -} - -# Updating system.yaml with Connector sendReasonPhrase -setConnectorSendReasonPhrase () { - local yamlPath="$1" - local sendReasonPhraseValue="$2" - local sendReasonPhraseYamlPath= - if [[ -z "${yamlPath}" ]]; then - return - fi - if [[ -z "${sendReasonPhraseValue}" ]]; then - return - fi - ## Getting sendReasonPhrase yaml path from migration info yaml - retrieveYamlValue "${yamlPath}" sendReasonPhraseYamlPath "Warning" - sendReasonPhraseYamlPath="${YAML_VALUE}" - if [[ -z "${sendReasonPhraseYamlPath}" ]]; then - return - fi - setSystemValue "${sendReasonPhraseYamlPath}" "${sendReasonPhraseValue}" "${SYSTEM_YAML_PATH}" - logger "Setting [${sendReasonPhraseYamlPath}] with value [${sendReasonPhraseValue}] in system.yaml" -} - -# Updating system.yaml with Connector relaxedPathChars -setConnectorRelaxedPathChars () { - local yamlPath="$1" - local relaxedPathCharsValue="$2" - local relaxedPathCharsYamlPath= - if [[ -z "${yamlPath}" ]]; then - return - fi - if [[ -z "${relaxedPathCharsValue}" ]]; then - return - fi - ## Getting relaxedPathChars yaml path from migration info yaml - retrieveYamlValue "${yamlPath}" relaxedPathCharsYamlPath "Warning" - relaxedPathCharsYamlPath="${YAML_VALUE}" - if [[ -z "${relaxedPathCharsYamlPath}" ]]; then - return - fi - setSystemValue "${relaxedPathCharsYamlPath}" "${relaxedPathCharsValue}" "${SYSTEM_YAML_PATH}" - logger "Setting [${relaxedPathCharsYamlPath}] with value [${relaxedPathCharsValue}] in system.yaml" -} - -# Updating system.yaml with Connector relaxedQueryChars -setConnectorRelaxedQueryChars () { - local yamlPath="$1" - local relaxedQueryCharsValue="$2" - local relaxedQueryCharsYamlPath= - if [[ -z "${yamlPath}" ]]; then - return - fi - if [[ -z "${relaxedQueryCharsValue}" ]]; then - return - fi - ## Getting relaxedQueryChars yaml path from migration info yaml - retrieveYamlValue "${yamlPath}" relaxedQueryCharsYamlPath "Warning" - relaxedQueryCharsYamlPath="${YAML_VALUE}" - if [[ -z "${relaxedQueryCharsYamlPath}" ]]; then - return - fi - setSystemValue "${relaxedQueryCharsYamlPath}" "${relaxedQueryCharsValue}" "${SYSTEM_YAML_PATH}" - logger "Setting [${relaxedQueryCharsYamlPath}] with value [${relaxedQueryCharsValue}] in system.yaml" -} - -# Updating system.yaml with Connectors configurations -setConnectorExtraConfig () { - local yamlPath="$1" - local connectorAttributes="$2" - local extraConfigPath= - if [[ -z "${yamlPath}" ]]; then - return - fi - if [[ -z "${connectorAttributes}" ]]; then - return - fi - ## Getting extraConfig yaml path from migration info yaml - retrieveYamlValue "${yamlPath}" extraConfig "Warning" - extraConfigPath="${YAML_VALUE}" - if [[ -z "${extraConfigPath}" ]]; then - return - fi - # strip leading and trailing spaces - connectorAttributes=$(io_trim "${connectorAttributes}") - setSystemValue "${extraConfigPath}" "${connectorAttributes}" "${SYSTEM_YAML_PATH}" - logger "Setting [${extraConfigPath}] with connector attributes in system.yaml" -} - -# Updating system.yaml with extra Connectors -setExtraConnector () { - local yamlPath="$1" - local extraConnector="$2" - local extraConnectorYamlPath= - if [[ -z "${yamlPath}" ]]; then - return - fi - if [[ -z "${extraConnector}" ]]; then - return - fi - ## Getting extraConnecotr yaml path from migration info yaml - retrieveYamlValue "${yamlPath}" extraConnectorYamlPath "Warning" - extraConnectorYamlPath="${YAML_VALUE}" - if [[ -z "${extraConnectorYamlPath}" ]]; then - return - fi - getYamlValue "${extraConnectorYamlPath}" "${SYSTEM_YAML_PATH}" "false" - local connectorExtra="${YAML_VALUE}" - if [[ -z "${connectorExtra}" ]]; then - setSystemValue "${extraConnectorYamlPath}" "${extraConnector}" "${SYSTEM_YAML_PATH}" - logger "Setting [${extraConnectorYamlPath}] with extra connectors in system.yaml" - else - setSystemValue "${extraConnectorYamlPath}" "\"${connectorExtra} ${extraConnector}\"" "${SYSTEM_YAML_PATH}" - logger "Setting [${extraConnectorYamlPath}] with extra connectors in system.yaml" - fi -} - -# Migrate extra connectors to system.yaml -migrateExtraConnectors () { - local filePath="$1" - local fileName="$2" - local connectorCount="$3" - local excludeDefaultPort="$4" - local i="$5" - local extraConfig= - local extraConnector= - if [[ "${excludeDefaultPort}" == "yes" ]]; then - for ((i = 1 ; i <= "${connectorCount}" ; i++)); - do - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - [[ "${portValue}" != "${DEFAULT_ACCESS_PORT}" && "${portValue}" != "${DEFAULT_RT_PORT}" ]] || continue - extraConnector=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']' ${filePath}/${fileName} 2>/dev/null) - setExtraConnector "${EXTRA_CONFIG_YAMLPATH}" "${extraConnector}" - done - else - extraConnector=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']' ${filePath}/${fileName} 2>/dev/null) - setExtraConnector "${EXTRA_CONFIG_YAMLPATH}" "${extraConnector}" - fi -} - -# Migrate connector configurations -migrateConnectorConfig () { - local i="$1" - local protocolType="$2" - local portValue="$3" - local connectorPortYamlPath="$4" - local connectorMaxThreadYamlPath="$5" - local connectorAttributesYamlPath="$6" - local filePath="$7" - local fileName="$8" - local connectorSendReasonPhraseYamlPath="$9" - local connectorRelaxedPathCharsYamlPath="${10}" - local connectorRelaxedQueryCharsYamlPath="${11}" - - # migrate port - setConnectorPort "${connectorPortYamlPath}" "${portValue}" - - # migrate maxThreads - local maxThreadValue=$(getXmlConnectorMaxThreads "$i" "${filePath}" "${fileName}") - setConnectorMaxThread "${connectorMaxThreadYamlPath}" "${maxThreadValue}" - - # migrate sendReasonPhrase - local sendReasonPhraseValue=$(getXmlConnectorSendReasonPhrase "$i" "${filePath}" "${fileName}") - setConnectorSendReasonPhrase "${connectorSendReasonPhraseYamlPath}" "${sendReasonPhraseValue}" - - # migrate relaxedPathChars - local relaxedPathCharsValue=$(getXmlConnectorRelaxedPathChars "$i" "${filePath}" "${fileName}") - setConnectorRelaxedPathChars "${connectorRelaxedPathCharsYamlPath}" "\"${relaxedPathCharsValue}\"" - # migrate relaxedQueryChars - local relaxedQueryCharsValue=$(getXmlConnectorRelaxedQueryChars "$i" "${filePath}" "${fileName}") - setConnectorRelaxedQueryChars "${connectorRelaxedQueryCharsYamlPath}" "\"${relaxedQueryCharsValue}\"" - - # migrate all attributes to extra config except port , maxThread , sendReasonPhrase ,relaxedPathChars and relaxedQueryChars - local connectorAttributes=$(getXmlConnectorAttributes "$i" "${filePath}" "${fileName}") - connectorAttributes=$(echo "${connectorAttributes}" | sed 's/port="'${portValue}'"//g' | sed 's/maxThreads="'${maxThreadValue}'"//g' | sed 's/sendReasonPhrase="'${sendReasonPhraseValue}'"//g' | sed 's/relaxedPathChars="\'${relaxedPathCharsValue}'\"//g' | sed 's/relaxedQueryChars="\'${relaxedQueryCharsValue}'\"//g') - # strip leading and trailing spaces - connectorAttributes=$(io_trim "${connectorAttributes}") - setConnectorExtraConfig "${connectorAttributesYamlPath}" "${connectorAttributes}" -} - -# Check for default port 8040 and 8081 in connectors and migrate -migrateConnectorPort () { - local filePath="$1" - local fileName="$2" - local connectorCount="$3" - local defaultPort="$4" - local connectorPortYamlPath="$5" - local connectorMaxThreadYamlPath="$6" - local connectorAttributesYamlPath="$7" - local connectorSendReasonPhraseYamlPath="$8" - local connectorRelaxedPathCharsYamlPath="$9" - local connectorRelaxedQueryCharsYamlPath="${10}" - local portYamlPath= - local maxThreadYamlPath= - local status= - for ((i = 1 ; i <= "${connectorCount}" ; i++)); - do - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - local protocolType=$(getXmlConnectorProtocol "$i" "${filePath}" "${fileName}") - [[ "${protocolType}" == *AJP* ]] && continue - [[ "${portValue}" != "${defaultPort}" ]] && continue - if [[ "${portValue}" == "${DEFAULT_RT_PORT}" ]]; then - RT_DEFAULTPORT_STATUS=success - else - AC_DEFAULTPORT_STATUS=success - fi - migrateConnectorConfig "${i}" "${protocolType}" "${portValue}" "${connectorPortYamlPath}" "${connectorMaxThreadYamlPath}" "${connectorAttributesYamlPath}" "${filePath}" "${fileName}" "${connectorSendReasonPhraseYamlPath}" "${connectorRelaxedPathCharsYamlPath}" "${connectorRelaxedQueryCharsYamlPath}" - done -} - -# migrate to extra, connector having default port and protocol is AJP -migrateDefaultPortIfAjp () { - local filePath="$1" - local fileName="$2" - local connectorCount="$3" - local defaultPort="$4" - - for ((i = 1 ; i <= "${connectorCount}" ; i++)); - do - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - local protocolType=$(getXmlConnectorProtocol "$i" "${filePath}" "${fileName}") - [[ "${protocolType}" != *AJP* ]] && continue - [[ "${portValue}" != "${defaultPort}" ]] && continue - migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "no" "${i}" - done - -} - -# Comparing max threads in connectors -compareMaxThreads () { - local firstConnectorMaxThread="$1" - local firstConnectorNode="$2" - local secondConnectorMaxThread="$3" - local secondConnectorNode="$4" - local filePath="$5" - local fileName="$6" - - # choose higher maxThreads connector as Artifactory. - if [[ "${firstConnectorMaxThread}" -gt ${secondConnectorMaxThread} || "${firstConnectorMaxThread}" -eq ${secondConnectorMaxThread} ]]; then - # maxThread is higher in firstConnector, - # Taking firstConnector as Artifactory and SecondConnector as Access - # maxThread is equal in both connector,considering firstConnector as Artifactory and SecondConnector as Access - local rtPortValue=$(getXmlConnectorPort "${firstConnectorNode}" "${filePath}" "${fileName}") - migrateConnectorConfig "${firstConnectorNode}" "${protocolType}" "${rtPortValue}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" - local acPortValue=$(getXmlConnectorPort "${secondConnectorNode}" "${filePath}" "${fileName}") - migrateConnectorConfig "${secondConnectorNode}" "${protocolType}" "${acPortValue}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${AC_SENDREASONPHRASE_YAMLPATH}" - else - # maxThread is higher in SecondConnector, - # Taking SecondConnector as Artifactory and firstConnector as Access - local rtPortValue=$(getXmlConnectorPort "${secondConnectorNode}" "${filePath}" "${fileName}") - migrateConnectorConfig "${secondConnectorNode}" "${protocolType}" "${rtPortValue}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" - local acPortValue=$(getXmlConnectorPort "${firstConnectorNode}" "${filePath}" "${fileName}") - migrateConnectorConfig "${firstConnectorNode}" "${protocolType}" "${acPortValue}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${AC_SENDREASONPHRASE_YAMLPATH}" - fi -} - -# Check max threads exist to compare -maxThreadsExistToCompare () { - local filePath="$1" - local fileName="$2" - local connectorCount="$3" - local firstConnectorMaxThread= - local secondConnectorMaxThread= - local firstConnectorNode= - local secondConnectorNode= - local status=success - local firstnode=fail - - for ((i = 1 ; i <= "${connectorCount}" ; i++)); - do - local protocolType=$(getXmlConnectorProtocol "$i" "${filePath}" "${fileName}") - if [[ ${protocolType} == *AJP* ]]; then - # Migrate Connectors - migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "no" "${i}" - continue - fi - # store maxthreads value of each connector - if [[ ${firstnode} == "fail" ]]; then - firstConnectorMaxThread=$(getXmlConnectorMaxThreads "${i}" "${filePath}" "${fileName}") - firstConnectorNode="${i}" - firstnode=success - else - secondConnectorMaxThread=$(getXmlConnectorMaxThreads "${i}" "${filePath}" "${fileName}") - secondConnectorNode="${i}" - fi - done - [[ -z "${firstConnectorMaxThread}" ]] && status=fail - [[ -z "${secondConnectorMaxThread}" ]] && status=fail - # maxThreads is set, now compare MaxThreads - if [[ "${status}" == "success" ]]; then - compareMaxThreads "${firstConnectorMaxThread}" "${firstConnectorNode}" "${secondConnectorMaxThread}" "${secondConnectorNode}" "${filePath}" "${fileName}" - else - # Assume first connector is RT, maxThreads is not set in both connectors - local rtPortValue=$(getXmlConnectorPort "${firstConnectorNode}" "${filePath}" "${fileName}") - migrateConnectorConfig "${firstConnectorNode}" "${protocolType}" "${rtPortValue}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" - local acPortValue=$(getXmlConnectorPort "${secondConnectorNode}" "${filePath}" "${fileName}") - migrateConnectorConfig "${secondConnectorNode}" "${protocolType}" "${acPortValue}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${AC_SENDREASONPHRASE_YAMLPATH}" - fi -} - -migrateExtraBasedOnNonAjpCount () { - local nonAjpCount="$1" - local filePath="$2" - local fileName="$3" - local connectorCount="$4" - local i="$5" - - local protocolType=$(getXmlConnectorProtocol "$i" "${filePath}" "${fileName}") - if [[ "${protocolType}" == *AJP* ]]; then - if [[ "${nonAjpCount}" -eq 1 ]]; then - # migrateExtraConnectors - migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "no" "${i}" - continue - else - # migrateExtraConnectors - migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "yes" - continue - fi - fi -} - -# find RT and AC Connector -findRtAndAcConnector () { - local filePath="$1" - local fileName="$2" - local connectorCount="$3" - local initialAjpCount=0 - local nonAjpCount=0 - - # get the count of non AJP - for ((i = 1 ; i <= "${connectorCount}" ; i++)); - do - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - local protocolType=$(getXmlConnectorProtocol "$i" "${filePath}" "${fileName}") - [[ "${protocolType}" != *AJP* ]] || continue - nonAjpCount=$((initialAjpCount+1)) - initialAjpCount="${nonAjpCount}" - done - if [[ "${nonAjpCount}" -eq 1 ]]; then - # Add the connector found as access and artifactory connectors - # Mark port as 8040 for access - for ((i = 1 ; i <= "${connectorCount}" ; i++)) - do - migrateExtraBasedOnNonAjpCount "${nonAjpCount}" "${filePath}" "${fileName}" "${connectorCount}" "$i" - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - migrateConnectorConfig "$i" "${protocolType}" "${portValue}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" - migrateConnectorConfig "$i" "${protocolType}" "${portValue}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${AC_SENDREASONPHRASE_YAMLPATH}" - setConnectorPort "${AC_PORT_YAMLPATH}" "${DEFAULT_ACCESS_PORT}" - done - elif [[ "${nonAjpCount}" -eq 2 ]]; then - # compare maxThreads in both connectors - maxThreadsExistToCompare "${filePath}" "${fileName}" "${connectorCount}" - elif [[ "${nonAjpCount}" -gt 2 ]]; then - # migrateExtraConnectors - migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "yes" - elif [[ "${nonAjpCount}" -eq 0 ]]; then - # setting with default port in system.yaml - setConnectorPort "${RT_PORT_YAMLPATH}" "${DEFAULT_RT_PORT}" - setConnectorPort "${AC_PORT_YAMLPATH}" "${DEFAULT_ACCESS_PORT}" - # migrateExtraConnectors - migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "yes" - fi -} - -# get the count of non AJP -getCountOfNonAjp () { - local port="$1" - local connectorCount="$2" - local filePath=$3 - local fileName=$4 - local initialNonAjpCount=0 - - for ((i = 1 ; i <= "${connectorCount}" ; i++)); - do - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - local protocolType=$(getXmlConnectorProtocol "$i" "${filePath}" "${fileName}") - [[ "${portValue}" != "${port}" ]] || continue - [[ "${protocolType}" != *AJP* ]] || continue - local nonAjpCount=$((initialNonAjpCount+1)) - initialNonAjpCount="${nonAjpCount}" - done - echo -e "${nonAjpCount}" -} - -# Find for access connector -findAcConnector () { - local filePath="$1" - local fileName="$2" - local connectorCount="$3" - - # get the count of non AJP - local nonAjpCount=$(getCountOfNonAjp "${DEFAULT_RT_PORT}" "${connectorCount}" "${filePath}" "${fileName}") - if [[ "${nonAjpCount}" -eq 1 ]]; then - # Add the connector found as access connector and mark port as that of connector - for ((i = 1 ; i <= "${connectorCount}" ; i++)) - do - migrateExtraBasedOnNonAjpCount "${nonAjpCount}" "${filePath}" "${fileName}" "${connectorCount}" "$i" - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - if [[ "${portValue}" != "${DEFAULT_RT_PORT}" ]]; then - migrateConnectorConfig "$i" "${protocolType}" "${portValue}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${AC_SENDREASONPHRASE_YAMLPATH}" - fi - done - elif [[ "${nonAjpCount}" -gt 1 ]]; then - # Take RT properties into access with 8040 - for ((i = 1 ; i <= "${connectorCount}" ; i++)) - do - migrateExtraBasedOnNonAjpCount "${nonAjpCount}" "${filePath}" "${fileName}" "${connectorCount}" "$i" - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - if [[ "${portValue}" == "${DEFAULT_RT_PORT}" ]]; then - migrateConnectorConfig "$i" "${protocolType}" "${portValue}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${AC_SENDREASONPHRASE_YAMLPATH}" - setConnectorPort "${AC_PORT_YAMLPATH}" "${DEFAULT_ACCESS_PORT}" - fi - done - elif [[ "${nonAjpCount}" -eq 0 ]]; then - # Add RT connector details as access connector and mark port as 8040 - migrateConnectorPort "${filePath}" "${fileName}" "${connectorCount}" "${DEFAULT_RT_PORT}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${AC_SENDREASONPHRASE_YAMLPATH}" - setConnectorPort "${AC_PORT_YAMLPATH}" "${DEFAULT_ACCESS_PORT}" - # migrateExtraConnectors - migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "yes" - fi -} - -# Find for artifactory connector -findRtConnector () { - local filePath="$1" - local fileName="$2" - local connectorCount="$3" - - # get the count of non AJP - local nonAjpCount=$(getCountOfNonAjp "${DEFAULT_ACCESS_PORT}" "${connectorCount}" "${filePath}" "${fileName}") - if [[ "${nonAjpCount}" -eq 1 ]]; then - # Add the connector found as RT connector - for ((i = 1 ; i <= "${connectorCount}" ; i++)) - do - migrateExtraBasedOnNonAjpCount "${nonAjpCount}" "${filePath}" "${fileName}" "${connectorCount}" "$i" - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - if [[ "${portValue}" != "${DEFAULT_ACCESS_PORT}" ]]; then - migrateConnectorConfig "$i" "${protocolType}" "${portValue}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" - fi - done - elif [[ "${nonAjpCount}" -gt 1 ]]; then - # Take access properties into artifactory with 8081 - for ((i = 1 ; i <= "${connectorCount}" ; i++)) - do - migrateExtraBasedOnNonAjpCount "${nonAjpCount}" "${filePath}" "${fileName}" "${connectorCount}" "$i" - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - if [[ "${portValue}" == "${DEFAULT_ACCESS_PORT}" ]]; then - migrateConnectorConfig "$i" "${protocolType}" "${portValue}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" - setConnectorPort "${RT_PORT_YAMLPATH}" "${DEFAULT_RT_PORT}" - fi - done - elif [[ "${nonAjpCount}" -eq 0 ]]; then - # Add access connector details as RT connector and mark as ${DEFAULT_RT_PORT} - migrateConnectorPort "${filePath}" "${fileName}" "${connectorCount}" "${DEFAULT_ACCESS_PORT}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" - setConnectorPort "${RT_PORT_YAMLPATH}" "${DEFAULT_RT_PORT}" - # migrateExtraConnectors - migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "yes" - fi -} - -checkForTlsConnector () { - local filePath="$1" - local fileName="$2" - local connectorCount="$3" - for ((i = 1 ; i <= "${connectorCount}" ; i++)) - do - local sslProtocolValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@sslProtocol' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') - if [[ "${sslProtocolValue}" == "TLS" ]]; then - bannerImportant "NOTE: Ignoring TLS connector during migration, modify the system yaml to enable TLS. Original server.xml is saved in path [${filePath}/${fileName}]" - TLS_CONNECTOR_EXISTS=${FLAG_Y} - continue - fi - done -} - -# set custom tomcat server Listeners to system.yaml -setListenerConnector () { - local filePath="$1" - local fileName="$2" - local listenerCount="$3" - for ((i = 1 ; i <= "${listenerCount}" ; i++)) - do - local listenerConnector=$($LIBXML2_PATH --xpath '//Server/Listener['$i']' ${filePath}/${fileName} 2>/dev/null) - local listenerClassName=$($LIBXML2_PATH --xpath '//Server/Listener['$i']/@className' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') - if [[ "${listenerClassName}" == *Apr* ]]; then - setExtraConnector "${EXTRA_LISTENER_CONFIG_YAMLPATH}" "${listenerConnector}" - fi - done -} -# add custom tomcat server Listeners -addTomcatServerListeners () { - local filePath="$1" - local fileName="$2" - local listenerCount="$3" - if [[ "${listenerCount}" == "0" ]]; then - logger "No listener connectors found in the [${filePath}/${fileName}],skipping migration of listener connectors" - else - setListenerConnector "${filePath}" "${fileName}" "${listenerCount}" - setSystemValue "${RT_TOMCAT_HTTPSCONNECTOR_ENABLED}" "true" "${SYSTEM_YAML_PATH}" - logger "Setting [${RT_TOMCAT_HTTPSCONNECTOR_ENABLED}] with value [true] in system.yaml" - fi -} - -# server.xml migration operations -xmlMigrateOperation () { - local filePath="$1" - local fileName="$2" - local connectorCount="$3" - local listenerCount="$4" - RT_DEFAULTPORT_STATUS=fail - AC_DEFAULTPORT_STATUS=fail - TLS_CONNECTOR_EXISTS=${FLAG_N} - - # Check for connector with TLS , if found ignore migrating it - checkForTlsConnector "${filePath}" "${fileName}" "${connectorCount}" - if [[ "${TLS_CONNECTOR_EXISTS}" == "${FLAG_Y}" ]]; then - return - fi - addTomcatServerListeners "${filePath}" "${fileName}" "${listenerCount}" - # Migrate RT default port from connectors - migrateConnectorPort "${filePath}" "${fileName}" "${connectorCount}" "${DEFAULT_RT_PORT}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" - # Migrate to extra if RT default ports are AJP - migrateDefaultPortIfAjp "${filePath}" "${fileName}" "${connectorCount}" "${DEFAULT_RT_PORT}" - # Migrate AC default port from connectors - migrateConnectorPort "${filePath}" "${fileName}" "${connectorCount}" "${DEFAULT_ACCESS_PORT}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${AC_SENDREASONPHRASE_YAMLPATH}" - # Migrate to extra if access default ports are AJP - migrateDefaultPortIfAjp "${filePath}" "${fileName}" "${connectorCount}" "${DEFAULT_ACCESS_PORT}" - - if [[ "${AC_DEFAULTPORT_STATUS}" == "success" && "${RT_DEFAULTPORT_STATUS}" == "success" ]]; then - # RT and AC default port found - logger "Artifactory 8081 and Access 8040 default port are found" - migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "yes" - elif [[ "${AC_DEFAULTPORT_STATUS}" == "success" && "${RT_DEFAULTPORT_STATUS}" == "fail" ]]; then - # Only AC default port found,find RT connector - logger "Found Access default 8040 port" - findRtConnector "${filePath}" "${fileName}" "${connectorCount}" - elif [[ "${AC_DEFAULTPORT_STATUS}" == "fail" && "${RT_DEFAULTPORT_STATUS}" == "success" ]]; then - # Only RT default port found,find AC connector - logger "Found Artifactory default 8081 port" - findAcConnector "${filePath}" "${fileName}" "${connectorCount}" - elif [[ "${AC_DEFAULTPORT_STATUS}" == "fail" && "${RT_DEFAULTPORT_STATUS}" == "fail" ]]; then - # RT and AC default port not found, find connector - logger "Artifactory 8081 and Access 8040 default port are not found" - findRtAndAcConnector "${filePath}" "${fileName}" "${connectorCount}" - fi -} - -# get count of connectors -getXmlConnectorCount () { - local filePath="$1" - local fileName="$2" - local count=$($LIBXML2_PATH --xpath 'count(/Server/Service/Connector)' ${filePath}/${fileName}) - echo -e "${count}" -} - -# get count of listener connectors -getTomcatServerListenersCount () { - local filePath="$1" - local fileName="$2" - local count=$($LIBXML2_PATH --xpath 'count(/Server/Listener)' ${filePath}/${fileName}) - echo -e "${count}" -} - -# Migrate server.xml configuration to system.yaml -migrateXmlFile () { - local xmlFiles= - local fileName= - local filePath= - local sourceFilePath= - DEFAULT_ACCESS_PORT="8040" - DEFAULT_RT_PORT="8081" - AC_PORT_YAMLPATH="migration.xmlFiles.serverXml.access.port" - AC_MAXTHREADS_YAMLPATH="migration.xmlFiles.serverXml.access.maxThreads" - AC_SENDREASONPHRASE_YAMLPATH="migration.xmlFiles.serverXml.access.sendReasonPhrase" - AC_EXTRACONFIG_YAMLPATH="migration.xmlFiles.serverXml.access.extraConfig" - RT_PORT_YAMLPATH="migration.xmlFiles.serverXml.artifactory.port" - RT_MAXTHREADS_YAMLPATH="migration.xmlFiles.serverXml.artifactory.maxThreads" - RT_SENDREASONPHRASE_YAMLPATH='migration.xmlFiles.serverXml.artifactory.sendReasonPhrase' - RT_RELAXEDPATHCHARS_YAMLPATH='migration.xmlFiles.serverXml.artifactory.relaxedPathChars' - RT_RELAXEDQUERYCHARS_YAMLPATH='migration.xmlFiles.serverXml.artifactory.relaxedQueryChars' - RT_EXTRACONFIG_YAMLPATH="migration.xmlFiles.serverXml.artifactory.extraConfig" - ROUTER_PORT_YAMLPATH="migration.xmlFiles.serverXml.router.port" - EXTRA_CONFIG_YAMLPATH="migration.xmlFiles.serverXml.extra.config" - EXTRA_LISTENER_CONFIG_YAMLPATH="migration.xmlFiles.serverXml.extra.listener" - RT_TOMCAT_HTTPSCONNECTOR_ENABLED="artifactory.tomcat.httpsConnector.enabled" - - retrieveYamlValue "migration.xmlFiles" "xmlFiles" "Skip" - xmlFiles="${YAML_VALUE}" - if [[ -z "${xmlFiles}" ]]; then - return - fi - bannerSection "PROCESSING MIGRATION OF XML FILES" - retrieveYamlValue "migration.xmlFiles.serverXml.fileName" "fileName" "Warning" - fileName="${YAML_VALUE}" - if [[ -z "${fileName}" ]]; then - return - fi - bannerSubSection "Processing Migration of $fileName" - retrieveYamlValue "migration.xmlFiles.serverXml.filePath" "filePath" "Warning" - filePath="${YAML_VALUE}" - if [[ -z "${filePath}" ]]; then - return - fi - # prepend NEW_DATA_DIR only if filePath is relative path - sourceFilePath=$(prependDir "${filePath}" "${NEW_DATA_DIR}/${filePath}") - if [[ "$(checkFileExists "${sourceFilePath}/${fileName}")" == "true" ]]; then - logger "File [${fileName}] is found in path [${sourceFilePath}]" - local connectorCount=$(getXmlConnectorCount "${sourceFilePath}" "${fileName}") - if [[ "${connectorCount}" == "0" ]]; then - logger "No connectors found in the [${filePath}/${fileName}],skipping migration of xml configuration" - return - fi - local listenerCount=$(getTomcatServerListenersCount "${sourceFilePath}" "${fileName}") - xmlMigrateOperation "${sourceFilePath}" "${fileName}" "${connectorCount}" "${listenerCount}" - else - logger "File [${fileName}] is not found in path [${sourceFilePath}] to migrate" - fi -} - -compareArtifactoryUser () { - local property="$1" - local oldPropertyValue="$2" - local newPropertyValue="$3" - local yamlPath="$4" - local sourceFile="$5" - - if [[ "${oldPropertyValue}" != "${newPropertyValue}" ]]; then - setSystemValue "${yamlPath}" "${oldPropertyValue}" "${SYSTEM_YAML_PATH}" - logger "Setting [${yamlPath}] with value of the property [${property}] in system.yaml" - else - logger "No change in property [${property}] value in [${sourceFile}] to migrate" - fi -} - -migrateReplicator () { - local property="$1" - local oldPropertyValue="$2" - local yamlPath="$3" - - setSystemValue "${yamlPath}" "${oldPropertyValue}" "${SYSTEM_YAML_PATH}" - logger "Setting [${yamlPath}] with value of the property [${property}] in system.yaml" -} - -compareJavaOptions () { - local property="$1" - local oldPropertyValue="$2" - local newPropertyValue="$3" - local yamlPath="$4" - local sourceFile="$5" - local oldJavaOption= - local newJavaOption= - local extraJavaOption= - local check=false - local success=true - local status=true - - oldJavaOption=$(echo "${oldPropertyValue}" | awk 'BEGIN{FS=OFS="\""}{for(i=2;i?{ZA$HxqETC|*rM91T19KmqNu$$X|1YRlo%n3 zS`n+nc3z*~_xy3L^Y8id#FfkCeV+S%@Acg4xkVZ1J*K8)r38UM)S4Qqh9D5w3xgb8WhxZ$y7!lHJ>wj;~wuKHH9WHeEq3jp9ZuE;pLqRwC$gNJ!(mo7B+{+cd}K+&8Pi!_0FjO5@8*ZzD}2r^##exEvognS+-{g{^6tp z?)N?|i<14ZoBG#7@~T5-j~XwSWPM+(3%fg{vsbgSZ!4kOZ9uu&gXi#;nuC`CiY{Sw zV%j!!B^&4HNe(ZP6RMff`7Jr6{@hs0t$fM^OOyG@-73;sCR;V8KQWOo;(z`#;7uN0{C(}fj z5@n%ouSwo25b(_DLVkPxNgzV7HK<<9ra*J8%b2H2?j*W-SA4d-@b|EozhM3J*N`8F zvthBl;e6p4nBymM**1$N){S1%@1+h=syyr@LJ8L_ENqes3Pk((nf;{e&%eUEIZczi zon7kPeF;>CV|2s$T|HjBz;1^>_h3;DI*uid;cNp#N0Qi^b?uMtu#!|D&bSesUd0A2 zN{2{Q2fM3X-Jkcy+AYdfVo{bzHGVT)(mSa7xXT|HQ4WERCViYA-sxNeUajfA`>7|b znNg7W@L^0+35VsKqyacqE^{9_rksZ`!VyLNsCa^+ODjnJ7-&Ji^fZRR+Qyp75u{V2 z&5j12eP5i#%3Sk1a0((z(9|N*cA(qfC$K;3oegg^ntf?qvvM0tmVH8i9>~89)S6+j zaY(#ErYd(rRU5NR4cjKsBlW88`b63V53^=Wbu5PTbOtX-m+D{S8-#D63i0bx=!T2lZ;~EkuE`n^ zhA28GWj_#TN!w zF@{uiw}r|Q<;}Rt1`b;zMDX*2gbnpbu7cqd8MnU|mbO!+GSq6U?*Q|TSi{*SBbku# zVC{ZAF=i4IBl#VF>MBP6YyRC?zu{#s$BMrG-Z=T$nXo?oQvX}Ibi{MnxZOcb zp)Tr}T}o+blPrnnl&xvJtt=gU@Y7UDvf5+78*Ovgo`Sr842uwqVQ7p}ih*_Y=TRlj zAZ2dDd_b@u#siV8w2{??>ZJti?drZ-s%*v4BO9z9q7#A(l?HZFFQ&_tphkV%ckz7ue_fp9I zvvBT2imY?!DVU3NzH50lH1E+?!h8}c79V>5s2mnAUsmeMh4DWqjTERRJ9f<~tZ3uw zcfB)>!K@PXy%LsM;&HCE8b=1>Ug8U=u}mi8|Mt6j_Ux<4?u_AXR;hAt@cVMPM1_F; z8Aj=X6hy~lcZhe8@>A)@l!(xX>gx0_`GV0aEkk;`AA1V3t^PP=6iEyAdn>@Tsr3pQ zv@h75U0Ux(Q0@pKF6&muEFCW4iff^>EiG^mbE>6sEwEoT#M48&1acXBXTLl^$osZ##d`E6CGQha8#$QZp`Oe0h9+a_0Lzxrc<3G4)xYNd;Y-GDfWl^8q5tBLe&sKReV;NS;-bvmh z?rRCPTH}a?R-tE3qsuA!*%5kDOKvDSXO{+6-}XuRxJ#FwbIVf7Lbodc>Hq@VD9G;& z()T{S)f-u|g_(Gvj%@ul;IyH{$x%NGAJkC)$uV@_^1v?BYem9kAYNB|p#8g0fS^I{ zp}O6jir+J9JH~{Kskf9X2UiG%t`O$t&q?;h#Dlhr8hDlOlz^rnonEVZyUu~9zoCVi zjRw%6N>&)@nK@Ug5AUE8Jdfn51}t}OUt~ksck3|Y4cPambR>#%_~0Z zm3J!hyiYUt2fxr$HX^Vd0--b!o&IBZJ4YJ_>UxiA{T7#B4X;y2QXxmK`5ZX2ktLu2 zLckVdrl~mtD~gazwWUGl7$O9S32UYG{SHJs=s@n0*va-+LT#NdCz@@@pUG1yww9!i zd6+PFKKIRTAs^r-@i`Ev!iDZJ*=ECXq-$$m#MoBd^Q1lMadKud`woe)rZmZ8KR!-! z-KO`G|KWA0haH-jd~yHP`!2%nzZ^2E!bp2sb)M2IO3cPgGjo;`^|xiKns2}>CKu1T zF`_!c?Jt`QCewU<$2#oHhv)RAS2>tHhz{RF@50#6zE7Obs~u;O#qjQ3Eo3-+6Eh6=};!U2!uJ`%#i#MyF$_-tb=7v-(;-CXij`(+0CdR{nKqTGQA;WE+hvbzYVmx3dTK4WIqgJHBF}~!dl@H}C zSYW{kC~=;4{MdI9B@F8CAnXnwVpncN){qeN1D@j+$Wo}|x;sR<%|8HHS3-Y9yVZ}C z#ATr_MIs!F6Eg$sQ`cjK`slZm)6mxsv^m>$=7;u&XEs}`#!f6HXX7n?yx;v%#ZbGX z;pK7|I3C&v4gCcPY<=p$)DwItnny)?bR)xLY-pRJmJo^Cv>S@*d`(b`#$2fObA< z)dzn2iLaR)(eaA@*~1cmgTfD|P!AK{zKrg=-Orkm~Ko9}b0&UvrB- z3@WK=O*@C8Ysgm~hYw)JYp2{SLkhneH(X=Tws-e?p8h3_=qzz2E#bgH8Ig$Yn;F0a zb$4)aCw+ofsrnh7GQ4T4zsn_2s}DBXv0Lxt6%)HG#x|&*x)MTz&U2(cj7#d%a~4n*N;-`IFKLEfjkgN!@r4LJD+mDz-4rekj( zlEhc&G<9j!71MCuH|1Au(3GfT@dU?JS`gYFmsZxdVRizFh_53s5@JJWRqsN8h_m`@ zeqlU)WSXpa+ZL}c7u;sC@>nLjxrX(WQ)9{ew>4{@Ak$-VbM2(I_At#7H1PPHl-w2E zv(e}9ZQ_}Yr(PU8>l39)R?`^MC`_kRMfmskTIpYuh%SYyTJ)YR5zHeG5xd{6%l<=Y{uz}Yo)P;Y#h8@53cIO<2FMBa2IN< zX#j&cqrW=qc)u-B{+lRSPVJI0T2&%@A2Mr45KZcXnQl+|l$}r`E;~_X*6&%Zv(dBq zXDegDSHPdHfIpb*_q_@M757;reU(q~|Ctg=+0JH95J?)@+1vZ_)%1d7wMf|_GSLm5 z3H4T2?0q)Do%9L-tQBhe>Y^^<7^a&w&+5bM^)-h@;BeBry2fGf=b!iY@#}m@248`I zV*71NtBtP&mZ<-M)h&Bhg7u0NmAD9?RT_q$h;F>)-Og`z>+XF@By%?Lfuxl~=I+yf zIzA5z+zem@r0KZEe}Hp@hY?LInSJm@@d?aIMt z9!iJr>7}B1_pSj}CO_ytyKm4nPpwm;(kwWKYs<6K^tkr(b!+u%`mc%eh429YWjc$; zY`a@!zCA&BOapKo$hZqTZM%L;r2U2go(6IG-N1A^zxp&8$13m-x_-nIzA%|Lw~KFk zwrC8US+sT_BN4iR{HXG6o@5zpI2CdNPL4!&w%3+p>6 z`n7qjg+9oJ6mt1?8HZHp`;F{>>!qbBdQ{)1f$a9#7pLX0kOs&Qp161M{ zzq66q{kQEDvQnNUvH0Mn4NI9xduYs$S`0-n3pod#Kr&xn_mup+*t%fx9!%3H16sRf zCJDSEwCBt;+iM-YV7*-(l>8Sc`ih)>R?ao^c$Tz%V{uAk=W2CKK;Nt?a1w6*iUv2Z zzY-m6pTdl=ZQ!keB_|t|p810hp;S$Ro+S~~K|^DLEr2?7b&0goO%l-q;f*)^4xQOo zzw2i7Rz_ng-vu1V&4rQ25DO(il7lQScF^bVy9djpIU+#`hihkH@mZ1Q8m+C``-TA14)|81jCN-VGdR^zKz57*U8`+E zQFBqe>_yIN>z!=LTA3kC5F+adzpgewPLes3=Todedy{p2&8D-kYsy=3D;(nMg-foI zXGzjfqLCdzkS-cfSC*+wLmjn0M^z9?qV$_6EB`-5767v&8&0Hrf1;D5jLHlyu+tFd zRn6%b^j-=mNS)-yi&pf(dX!f1TfTwz1cANG!HT=MXQQMIXbujrurA=R)8m@!A%O8z z-}Sx38{~Ny;cV2h2Vi-Kte`-O9esaay%UB60haehEQ>-+><=*RO1zJ2}gty zD=<_IK1p8Ii^h~{v;%q{e<8|LWak5sge2d4<`;5>wM^@ISq%MNke}#|+Lmd3;}zO$ z0BwL-P0{bTUW(@#UHW9LfhxnK?{tb^HkQYQrR27@&i*NQ{xiHfh@pfJV4rhX6GcQM zXhmzq(W;w}_40g=0Y9vT{epaMv$#meqIcq_G#k6gX!B%{x0glPGMA2FXAE#|Aprce z6GJvARBMYj_WI1VWWVIrq8@kS0vmvUduDOXsC%zZvpbmxrFMjSdxqD9w@Y8qLJ*`v zMjBaAJA#0r=oQ|*2bSc6RAztP`ndjUK!?0YO_uC6}4S;7R+NclF4 z634K%mw~jU$x>8cY}HRlaW)=7`Rx#WcbgtfHZ#QGwugHF?m2H(@$AcK_XIFklAHY@ zsw{v2IHrxA?sI_g6h6o7RaJ5(SvLUqK;Y!zYL`8+ACyfInFE@x_Bd%ZzuyLk<0qNM z%De_q$CHUu_K%z>Da{fC+}UYxOly0VbL$*JhwHn!4iU#IsK3gl3zF4XvhrvtViKYL zy0{K}+Fy3gkL>WR zDyTse349IB-md_lD>D+cOgE6vzB92ni~s{(9YAQlRgEateY|SVezW!Qf7oij=(suE z#}T8zpPIbK|7sQ23vmDPPp=@Ypf>xn6K9wbH%a=Tiy5O-PiS|BREaI;W^bg|O>;u;4eS>Tl$0*n7H@O_DX$5JdtNfF>OH-VNw@ z&Ut-9xDW{H{(uw_c+y8uN+nqEU{N>z3C~U7g#|pCHl%|zFWn+rF|L+Zw9nQ>Jx2Zx z7f~uLd~;kKbdy32cw_%g04hdo>aU){M9a;DUhyCqHZuI(!B8_{cth9~)Du) z9CsgPyTqio&khhxwtPL3!A=Fkhyc`F3w%ref^JVDWRF4wQ_72b-3@r^!YdRJgdp;p zRmhZ{|521l-x>7uRjp(0K&4D=JwQMSQy@N-uK z0{WZEJ05NxF4D<}W(5qWMO?tF3VHucfo`Ot_T8&>Ssgw!+iQjUCgskwfDgeh$?5}D z)J;jhXv}8~a^TE7fa?@8)_`}YH>DMupnmb(2Z@38?*odNNM`u0$R2r8s9bgkL`zwU{_kt#qO?iUeU1+jJChByj}fr2jZV~+y_*68;EYC)BIJ! zqxCBPZSV^4A`K#KIb*)Qamy*87_emTxe)p5%awK!nB(`K8RpAN2RPlCmbUd?b1>`Nf$eopTuQ7)S2g=7J)DUku;Y)r zP`x^}Wfr++@sg@l8BJEPXhe z2)4vAsy)(1U6cO^BZ`i^qUSw8PojN1y*s3}=_|3i|* z9!5<5&o7aK=8H-W@BWO%m%-a}Y_Dg(KIM!9qyj|XM9tqDYx$_R$|(zczF`4?XL%(_ zL-Hs~

sCPb@d4#iMxTw1P!CIbM}-ztF`V#Th=K!tjm{;>cl*pcKEIR!oQjpu;>s zhj)RNF2|Y3_cl#5rC*!*XCyC+VJDEDf>cKZzKZm-nk`%nP z$sb!*L1bht!RcS-6b<-YlAiqMn1w1y$`X`Qa%Lx!*%`0cp{s?2LjZT;mY8~oO1ugw zgI_HUUSfX%qz}X_0UDu;IsS%vrEJ=n;n`;%^C>L8fVbi$9K`0QRlLa- zx@v&%NKIl?Wql0@f70NY+VARF@Uv%@` zf05e>>_@f(MELC}-mIw_Z|<-0PIgh0Q@dY<59kVF)_e1cq^6gV?8GUiJF^7g7E`H)~GXO-rm8ok=wCA z-U(e}dL{LyZle^*2eDRktn&Xmc#jMa_;O)7riHKw(*`H|bN6^K3;cUCb7Wd@Wn4yR z#Y9CUnY=U^cC@>U56FW=v$E8ihSZ3-q#bnu9yfrvnf|@bNt0xW5+?POLUI$&PZ*5C zl>Qjr;74pzx6!s2~;RZ}Ej^}&Tm-a|2eH^(qS8L+L*Y|B(A>(z8C($g|lRD2(&bV0ezKnettBuV(U90JTnE(Fq6ZG^(Q3mnB z!#WB&uRG_fCs26fMp`Vzg5`4{;@ww2Wzg^vt|a!TTL8!`HIDZ+`MZMuHSt7e>KRs zx$zo?_>7XgnQtT<=IEPzpq?j{&0F{ah;?jxT#94#m+V*>kkV^TFQG<|&M5BF)ZLCZrheNuS}hZbgx5v! zPCQ)1-$QL%Y;jI2)mJqk;81j(az`z7q3t*QfnxNLc658FrmcQ)W1Xs>*6^0Fau8Mm zA@?ydh_u)Ke}!9l!OwQt6k-ucObo4AoC;9SjXl9DQr6anr-f@D1d?#X-ubUEomAF$ zl0Om+CxfH}s)4tyCrmS0uS(hIpw^;@b~agY&k{1s@$qO)#|OT<@1%eP*~yuqkuAIw zoZ>_@pDqJ5eJZ6Yt>XM7=QYtIA!J;|Pn+-hb^e$27+IR*FmJuZcMPzGqP5)@Uu&)A zMEyp_f|LI-9Nw>u2YZ84ES83kO9KNR+YyB5GOqdqTlg+zrRyiYdtmtXIzN*ourQQg zJAp~o_TmERQCaNIv+AH7Yqs9Ql+`ae=o16y=VHW6SA=;I7oWR_I*2m#51K!pOh*@j`8tT zBP4+%crJ`A^!76Zg6zk$%ufTnj#*yMZ*#SJ^k)wn-mc~eAluQq_3v)u5~}b{j4jhu zj|Wg}P1nx)%9BA+(v96zdl^YZg~I!$@zW$u5+y4w;-^6{b&j9s^W*>Ir+mwcfd*4S z0?@Wp=u$Ra_d{HARyEVC&`2CPJZ`pZZ5wzEh$~(%CXASIB5%%bu9IYr%f| zW+oIXn@MYBS(F$AT20;U1*FE*8kVLoqYZ6_9%{@#gL4tVCrfbDaal?e?RJ*`cjwO= z@Mf5((=gCMAh86~k&vdB`YHp-x$93V3yY0G-oKR)MZF_$(wqj)Gqwop_QpQEZ9&4i ziq&#JVJET3?X!6^eR&Yhdp`Z<;pw-$Jc4MVX4(GF&&~BW#ZPZ~!m@sTLG}FJKo?e@ zGCBDGwlQL#YcQV~c;btlluL&Gj1grQ^XOEoK27PZEA}V}h_1Ik48Z=7OYR_9b?L%H z%v4)1lUy~Mub0kITs(kTb3}7G^4NNa`sVm~9y<&<^mF-^n`JL21xKcZkjOT~6;8xU%8wdR8-ko=*;fr5YgD>q81YU?UF&4FgVI8l#l|`wB3E) zY_+$I+T{LdyS-yw`BX_}!pMf>)JB7uqeu>Dc6IGQmK{7x6vWAy&X*4 zNmr(;JzW-jyC?VSAhHejfW4yy9!Xw zVWiQ88TJdb3H@5}S>*E!YVcAwDLre^|R_=5_o%xG-I5 zJjUZm21o3T3QiwF80&(fmp1P7wnW;xfq8g}jDsV(5fqB(f;bPzX=y3rl*y=oGpMDjb@RD^4ytoVlrU@p@nE@4%@ zs~6L+X7`VI#AO*?M2W>ZnWb^x|H-z%25L<^;q4muN0x9Ssu~Sf$X~8p~ zZB}VA{!=D0T2S47fj*&M&!tNBt}-z9Gb?n=hZQY>c0}h<&iyF~Q`8-|r6qi9?CB8Q zJCi$UbxfaKXI=$8re96CgFYb6Gak@lvs++F5CTX_yTwt6Z%#%#B9-`tbtcCr zo4vzX7FgFd+650o5-!?u7*1*Y;IDq=Ax_ZyK(;01k*lEl-samx~JdR5?x2kd)D zz|jU1`P09&xP`Jeojs+Nyz(K?uCH}-oW>bpw6#9!6< z&HsKCV)^!iolU8gE)}&QpZ7XIpD6((HvoNX7ffNMe)hqb1n*7Q*Emnq5()7!Htn3h zUYaz_098-Nuc9-CaP6pX-Iq9Dtbm4+!l-cz^bktd{~4{c%$@ez9Ir@PD+Ev4ojx*)^P4*=5u0Bb z!o2*=H6OZMUC8|f7p3pgz`?%(SOY%*|ex#JHQd{MJxA67~-h<-;4Ml;G9+ZtB>XoanmQc$`V z;IS6C+Kz%f+5XdzJU7v3??+P~lE9h9aF&gz><%ld_wMQbG*|(wfc2y=u}%51UYq+s|?bjX3dEUD~^tgv}gjk~lS~EkbKn@Ia(Gt<7O)p{fn`?i;=!gG)t@RBS z!knz7$J*0&p7t_9PrZ)f^=s0`9qaVc#w0L8S?+MjmlGmzF=_Z9~C?ByYI8q~iORbkkWwiAf3H`Btx{hPq8qmXJewl)`B=5xfkvk&-5-zzDJUZoN| zetSJd=#Nmiutv;O#JQ+5*<+WG$>k(4f@n43(lxhqy8{iOORxrRSrdu2LbUhI@VVWI zh-YmSve$p~aHh27Qr27JMfI|%=(V?5*2aj2xXpozBk^{0=w!A_+HXIhsCI}fMD}%m z7`qOmakvuFHbHIy(&}5Bn}t@Z0U{PpgxpEc9+oe>y%&4H|KdJnk>B;hk(ZZhyeof= zF(ETTPkADMszkz7v)M6yk&LZva&TVDE!ITvWV*8P3DyQ70=_i9f6!{`=b|K-AT%CX zra}J#7*)L`vp{F_e1{SHqOM)#1&sp99L+`2O_4kGeQ)2-cs(p&xjG98aTlE41SnlT zs3B(NkS1{7)9!(%OciC5K)K23ICVz0#qnRZV5Ukz?xd?B!K4kq=eb95kaS$H9S=7` zny+~;7J9-YhwEufU)frh%xs$+{Bw^5Mr@;0xC*#+D?-%7t0xY{m&9N!=yenrMw&hy zsAvq6+_^RUspOP_!cQiZ|H$DJ>0V z8=dd(f4I}6Cj=5 zP1I*_?dAvN%Q?&zp>HOQqkiN7_a5A$FLnusjSlm-gHoq2P!CZQ@Ix)2e_) zyDet7p7W@@E0(koM37UEMgIokE$Dy4$yvbhxX+ui?D)m0CDPoBxObP7&tP`c=dKt> zDrsFe=jJ{$88F6OQeN1?bOw*i2$%QF*1|~BG6g-hqkXD+mkYQCpXQC$f+ow*2@S;- z{Wcd~rj=gujEO)og1nI!MDUinF!J~QjV0zP3Ut+y3v{QT3nCllIo8_ScV<&N*E=~` zCzow9ZrsBV_>Ygf6)+#wR}c37^z?JqS~{*K%~{FJvIToc&UWoWug%g2%T!^Cq43P! zu#sS0qM2fnYK40H&}$kwyZ5z(6=DrC-UObwBwdPY9Lsf0E|x(iu^lbW>q+sZu1j3W zpT^LH$Er2J^^WRiGjyv|&dBslA({IxGyaS^t5c0`jM{yGj6^^=DnRUg;&WN=(@bCX zinDn;vIk!yBz%>WkV|)MUHmPlY_9tMe^gZq63lT#??66>1R?O39?r;jI)UrTrXCLt zZ>jD9mlQQ!B&dh{|Du0XusjSa(}Vz*r0UO<>4L6vORTTQOF5CByt&KG%`Nc_@C3l; zF5o!dy?ghA7#O0tapOiB3~= 3.1.0" - ## Description / note - description: This CVE needs to be fixed in the alpine base image of nginx container. - diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/NOTES.txt b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/NOTES.txt deleted file mode 100755 index 019ed74df..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/NOTES.txt +++ /dev/null @@ -1,118 +0,0 @@ -Congratulations. You have just deployed JFrog Artifactory HA! - -{{- if .Values.artifactory.masterKey }} -{{- if and (not .Values.artifactory.masterKeySecretName) (eq .Values.artifactory.masterKey "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF") }} - - -***************************************** WARNING ****************************************** -* Your Artifactory master key is still set to the provided example: * -* artifactory.masterKey=FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF * -* * -* You should change this to your own generated key: * -* $ export MASTER_KEY=$(openssl rand -hex 32) * -* $ echo ${MASTER_KEY} * -* * -* Pass the created master key to helm with '--set artifactory.masterKey=${MASTER_KEY}' * -* * -* Alternatively, you can use a pre-existing secret with a key called master-key with * -* '--set artifactory.masterKeySecretName=${SECRET_NAME}' * -******************************************************************************************** -{{- end }} -{{- end }} - -{{- if .Values.artifactory.joinKey }} -{{- if eq .Values.artifactory.joinKey "EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE" }} - - -***************************************** WARNING ****************************************** -* Your Artifactory join key is still set to the provided example: * -* artifactory.joinKey=EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE * -* * -* You should change this to your own generated key: * -* $ export JOIN_KEY=$(openssl rand -hex 32) * -* $ echo ${JOIN_KEY} * -* * -* Pass the created master key to helm with '--set artifactory.joinKey=${JOIN_KEY}' * -* * -******************************************************************************************** -{{- end }} -{{- end }} - - -{{- if .Values.postgresql.enabled }} - -DATABASE: -To extract the database password, run the following -export DB_PASSWORD=$(kubectl get --namespace {{ .Release.Namespace }} $(kubectl get secret --namespace {{ .Release.Namespace }} -o name | grep postgresql) -o jsonpath="{.data.postgresql-password}" | base64 --decode) -echo ${DB_PASSWORD} -{{- end }} - -SETUP: -1. Get the Artifactory IP and URL - - {{- if contains "NodePort" .Values.nginx.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "artifactory-ha.nginx.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT/ - - {{- else if contains "LoadBalancer" .Values.nginx.service.type }} - NOTE: It may take a few minutes for the LoadBalancer public IP to be available! - - You can watch the status of the service by running 'kubectl get svc -w {{ template "artifactory-ha.nginx.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "artifactory-ha.nginx.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP/ - - {{- else if contains "ClusterIP" .Values.nginx.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "component={{ .Values.nginx.name }}" -o jsonpath="{.items[0].metadata.name}") - kubectl port-forward --namespace {{ .Release.Namespace }} $POD_NAME 8080:80 - echo http://127.0.0.1:8080 - - {{- end }} - -2. Open Artifactory in your browser - Default credential for Artifactory: - user: admin - password: password - - {{- if .Values.artifactory.license.secret }} - -3. Artifactory license(s) is deployed as a Kubernetes secret. This method is relevant for initial deployment only! - Updating the license should be done via Artifactory UI or REST API. If you want to keep managing the artifactory license using the same method, you can use artifactory.copyOnEveryStartup in values.yaml. - - {{- else }} - -3. Add HA licenses to activate Artifactory HA through the Artifactory UI - NOTE: Each Artifactory node requires a valid license. See https://www.jfrog.com/confluence/display/RTF/HA+Installation+and+Setup for more details. - - {{- end }} - -{{ if or .Values.artifactory.primary.javaOpts.jmx.enabled .Values.artifactory.node.javaOpts.jmx.enabled }} -JMX configuration: -{{- if not (contains "LoadBalancer" .Values.artifactory.service.type) }} -If you want to access JMX from you computer with jconsole, you should set ".Values.artifactory.service.type=LoadBalancer" !!! -{{ end }} - -1. Get the Artifactory service IP: -{{- if .Values.artifactory.primary.javaOpts.jmx.enabled }} -export PRIMARY_SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "artifactory-ha.primary.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') -{{- end }} -{{- if .Values.artifactory.node.javaOpts.jmx.enabled }} -export MEMBER_SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "artifactory-ha.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') -{{- end }} - -2. Map the service name to the service IP in /etc/hosts: -{{- if .Values.artifactory.primary.javaOpts.jmx.enabled }} -sudo sh -c "echo \"${PRIMARY_SERVICE_IP} {{ template "artifactory-ha.primary.name" . }}\" >> /etc/hosts" -{{- end }} -{{- if .Values.artifactory.node.javaOpts.jmx.enabled }} -sudo sh -c "echo \"${MEMBER_SERVICE_IP} {{ template "artifactory-ha.fullname" . }}\" >> /etc/hosts" -{{- end }} - -3. Launch jconsole: -{{- if .Values.artifactory.primary.javaOpts.jmx.enabled }} -jconsole {{ template "artifactory-ha.primary.name" . }}:{{ .Values.artifactory.primary.javaOpts.jmx.port }} -{{- end }} -{{- if .Values.artifactory.node.javaOpts.jmx.enabled }} -jconsole {{ template "artifactory-ha.fullname" . }}:{{ .Values.artifactory.node.javaOpts.jmx.port }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/_helpers.tpl b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/_helpers.tpl deleted file mode 100755 index f8417e945..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/_helpers.tpl +++ /dev/null @@ -1,302 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "artifactory-ha.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -The primary node name -*/}} -{{- define "artifactory-ha.primary.name" -}} -{{- if .Values.nameOverride -}} -{{- printf "%s-primary" .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := .Release.Name | trunc 29 -}} -{{- printf "%s-%s-primary" $name .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} - -{{/* -The member node name -*/}} -{{- define "artifactory-ha.node.name" -}} -{{- if .Values.nameOverride -}} -{{- printf "%s-member" .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := .Release.Name | trunc 29 -}} -{{- printf "%s-%s-member" $name .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} - -{{/* -Expand the name nginx service. -*/}} -{{- define "artifactory-ha.nginx.name" -}} -{{- default .Values.nginx.name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "artifactory-ha.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create a default fully qualified Replicator app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "artifactory-ha.replicator.fullname" -}} -{{- if .Values.artifactory.replicator.ingress.name -}} -{{- .Values.artifactory.replicator.ingress.name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-replication" .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} - -{{/* -Create a default fully qualified replicator tracker ingress name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "artifactory-ha.replicator.tracker.fullname" -}} -{{- if .Values.artifactory.replicator.trackerIngress.name -}} -{{- .Values.artifactory.replicator.trackerIngress.name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-replication-tracker" .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "artifactory-ha.nginx.fullname" -}} -{{- if .Values.nginx.fullnameOverride -}} -{{- .Values.nginx.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nginx.name -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "artifactory-ha.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} -{{ default (include "artifactory-ha.fullname" .) .Values.serviceAccount.name }} -{{- else -}} -{{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "artifactory-ha.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Generate SSL certificates -*/}} -{{- define "artifactory-ha.gen-certs" -}} -{{- $altNames := list ( printf "%s.%s" (include "artifactory-ha.name" .) .Release.Namespace ) ( printf "%s.%s.svc" (include "artifactory-ha.name" .) .Release.Namespace ) -}} -{{- $ca := genCA "artifactory-ca" 365 -}} -{{- $cert := genSignedCert ( include "artifactory-ha.name" . ) nil $altNames 365 $ca -}} -tls.crt: {{ $cert.Cert | b64enc }} -tls.key: {{ $cert.Key | b64enc }} -{{- end -}} - -{{/* -Scheme (http/https) based on Access TLS enabled/disabled -*/}} -{{- define "artifactory-ha.scheme" -}} -{{- if .Values.access.accessConfig.security.tls -}} -{{- printf "%s" "https" -}} -{{- else -}} -{{- printf "%s" "http" -}} -{{- end -}} -{{- end -}} - -{{/* -Resolve joinKey value -*/}} -{{- define "artifactory-ha.joinKey" -}} -{{- if .Values.global.joinKey -}} -{{- .Values.global.joinKey -}} -{{- else if .Values.artifactory.joinKey -}} -{{- .Values.artifactory.joinKey -}} -{{- end -}} -{{- end -}} - -{{/* -Resolve masterKey value -*/}} -{{- define "artifactory-ha.masterKey" -}} -{{- if .Values.global.masterKey -}} -{{- .Values.global.masterKey -}} -{{- else if .Values.artifactory.masterKey -}} -{{- .Values.artifactory.masterKey -}} -{{- end -}} -{{- end -}} - -{{/* -Resolve joinKeySecretName value -*/}} -{{- define "artifactory-ha.joinKeySecretName" -}} -{{- if .Values.global.joinKeySecretName -}} -{{- .Values.global.joinKeySecretName -}} -{{- else if .Values.artifactory.joinKeySecretName -}} -{{- .Values.artifactory.joinKeySecretName -}} -{{- else -}} -{{ include "artifactory-ha.fullname" . }} -{{- end -}} -{{- end -}} - -{{/* -Resolve masterKeySecretName value -*/}} -{{- define "artifactory-ha.masterKeySecretName" -}} -{{- if .Values.global.masterKeySecretName -}} -{{- .Values.global.masterKeySecretName -}} -{{- else if .Values.artifactory.masterKeySecretName -}} -{{- .Values.artifactory.masterKeySecretName -}} -{{- else -}} -{{ include "artifactory-ha.fullname" . }} -{{- end -}} -{{- end -}} - -{{/* -Resolve imagePullSecrets value -*/}} -{{- define "artifactory-ha.imagePullSecrets" -}} -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- else if .Values.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end -}} -{{- end -}} - -{{/* -Resolve customInitContainersBegin value -*/}} -{{- define "artifactory-ha.customInitContainersBegin" -}} -{{- if .Values.global.customInitContainersBegin -}} -{{- .Values.global.customInitContainersBegin -}} -{{- else if .Values.artifactory.customInitContainersBegin -}} -{{- .Values.artifactory.customInitContainersBegin -}} -{{- end -}} -{{- end -}} - -{{/* -Resolve customInitContainers value -*/}} -{{- define "artifactory-ha.customInitContainers" -}} -{{- if .Values.global.customInitContainers -}} -{{- .Values.global.customInitContainers -}} -{{- else if .Values.artifactory.customInitContainers -}} -{{- .Values.artifactory.customInitContainers -}} -{{- end -}} -{{- end -}} - -{{/* -Resolve customVolumes value -*/}} -{{- define "artifactory-ha.customVolumes" -}} -{{- if .Values.global.customVolumes -}} -{{- .Values.global.customVolumes -}} -{{- else if .Values.artifactory.customVolumes -}} -{{- .Values.artifactory.customVolumes -}} -{{- end -}} -{{- end -}} - -{{/* -Resolve customVolumeMounts value -*/}} -{{- define "artifactory-ha.customVolumeMounts" -}} -{{- if .Values.global.customVolumeMounts -}} -{{- .Values.global.customVolumeMounts -}} -{{- else if .Values.artifactory.customVolumeMounts -}} -{{- .Values.artifactory.customVolumeMounts -}} -{{- end -}} -{{- end -}} - -{{/* -Resolve customSidecarContainers value -*/}} -{{- define "artifactory-ha.customSidecarContainers" -}} -{{- if .Values.global.customSidecarContainers -}} -{{- .Values.global.customSidecarContainers -}} -{{- else if .Values.artifactory.customSidecarContainers -}} -{{- .Values.artifactory.customSidecarContainers -}} -{{- end -}} -{{- end -}} - -{{/* -Return the proper artifactory chart image names -*/}} -{{- define "artifactory-ha.getImageInfoByValue" -}} -{{- $dot := index . 0 }} -{{- $indexReference := index . 1 }} -{{- $registryName := index $dot.Values $indexReference "image" "registry" -}} -{{- $repositoryName := index $dot.Values $indexReference "image" "repository" -}} -{{- $tag := default $dot.Chart.AppVersion (index $dot.Values $indexReference "image" "tag") | toString -}} -{{- if $dot.Values.global }} - {{- if and $dot.Values.global.versions.artifactory (or (eq $indexReference "artifactory") (eq $indexReference "nginx") ) }} - {{- $tag = $dot.Values.global.versions.artifactory | toString -}} - {{- end -}} - {{- if $dot.Values.global.imageRegistry }} - {{- printf "%s/%s:%s" $dot.Values.global.imageRegistry $repositoryName $tag -}} - {{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} - {{- end -}} -{{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} -{{- end -}} -{{- end -}} - -{{/* -Return the proper artifactory app version -*/}} -{{- define "artifactory-ha.app.version" -}} -{{- $image := split ":" ((include "artifactory-ha.getImageInfoByValue" (list . "artifactory")) | toString) -}} -{{- $tag := $image._1 -}} -{{- printf "%s" $tag -}} -{{- end -}} - -{{/* -Custom certificate copy command -*/}} -{{- define "artifactory-ha.copyCustomCerts" -}} -echo "Copy custom certificates to {{ .Values.artifactory.persistence.mountPath }}/etc/security/keys/trusted"; -mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/security/keys/trusted; -find /tmp/certs -type f -not -name "*.key" -exec cp -v {} {{ .Values.artifactory.persistence.mountPath }}/etc/security/keys/trusted \;; -find {{ .Values.artifactory.persistence.mountPath }}/etc/security/keys/trusted/ -type f -name "tls.crt" -exec mv -v {} {{ .Values.artifactory.persistence.mountPath }}/etc/security/keys/trusted/ca.crt \;; -{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/additional-resources.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/additional-resources.yaml deleted file mode 100755 index c4d06f08a..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/additional-resources.yaml +++ /dev/null @@ -1,3 +0,0 @@ -{{ if .Values.additionalResources }} -{{ tpl .Values.additionalResources . }} -{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/admin-bootstrap-creds.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/admin-bootstrap-creds.yaml deleted file mode 100755 index b344e86b6..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/admin-bootstrap-creds.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if not (and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey) }} -{{- if .Values.artifactory.admin.password }} -kind: Secret -apiVersion: v1 -metadata: - name: {{ template "artifactory-ha.fullname" . }}-bootstrap-creds - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - bootstrap.creds: {{ (printf "%s@%s=%s" .Values.artifactory.admin.username .Values.artifactory.admin.ip .Values.artifactory.admin.password) | b64enc }} -{{- end }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-access-config.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-access-config.yaml deleted file mode 100755 index 4eac505bc..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-access-config.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if .Values.access.accessConfig }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "artifactory-ha.fullname" . }}-access-config - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -type: Opaque -stringData: - access.config.patch.yml: | -{{ tpl (toYaml .Values.access.accessConfig) . | indent 4 }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-binarystore-secret.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-binarystore-secret.yaml deleted file mode 100755 index 2e7cac758..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-binarystore-secret.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if not .Values.artifactory.persistence.customBinarystoreXmlSecret }} -kind: Secret -apiVersion: v1 -metadata: - name: {{ template "artifactory-ha.fullname" . }}-binarystore - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -stringData: - binarystore.xml: |- -{{ tpl .Values.artifactory.persistence.binarystoreXml . | indent 4 }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-configmaps.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-configmaps.yaml deleted file mode 100755 index 1385bc578..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-configmaps.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{ if .Values.artifactory.configMaps }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "artifactory-ha.fullname" . }}-configmaps - labels: - app: {{ template "artifactory-ha.fullname" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: -{{ tpl .Values.artifactory.configMaps . | indent 2 }} -{{ end -}} \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-custom-secrets.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-custom-secrets.yaml deleted file mode 100755 index 67473fc58..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-custom-secrets.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.artifactory.customSecrets }} -{{- range .Values.artifactory.customSecrets }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "artifactory-ha.fullname" $ }}-{{ .name }} - labels: - app: "{{ template "artifactory-ha.name" $ }}" - chart: "{{ template "artifactory-ha.chart" $ }}" - component: "{{ $.Values.artifactory.name }}" - heritage: {{ $.Release.Service | quote }} - release: {{ $.Release.Name | quote }} -type: Opaque -stringData: - {{ .key }}: | -{{ .data | indent 4 -}} -{{- end -}} -{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-database-secrets.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-database-secrets.yaml deleted file mode 100755 index 9ff71855f..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-database-secrets.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if and (not .Values.database.secrets) (not .Values.postgresql.enabled) }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "artifactory-ha.fullname" . }}-database-creds - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -type: Opaque -data: - {{- with .Values.database.url }} - db-url: {{ tpl . $ | b64enc | quote }} - {{- end }} - {{- with .Values.database.user }} - db-user: {{ tpl . $ | b64enc | quote }} - {{- end }} - {{- with .Values.database.password }} - db-password: {{ tpl . $ | b64enc | quote }} - {{- end }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-gcp-credentials-secret.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-gcp-credentials-secret.yaml deleted file mode 100755 index c6a2682c8..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-gcp-credentials-secret.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if not .Values.artifactory.persistence.googleStorage.gcpServiceAccount.customSecretName }} -{{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} -kind: Secret -apiVersion: v1 -metadata: - name: {{ template "artifactory-ha.fullname" . }}-gcpcreds - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -stringData: - gcp.credentials.json: |- -{{ tpl .Values.artifactory.persistence.googleStorage.gcpServiceAccount.config . | indent 4 }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-installer-info.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-installer-info.yaml deleted file mode 100755 index e58ec41b3..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-installer-info.yaml +++ /dev/null @@ -1,12 +0,0 @@ -kind: ConfigMap -apiVersion: v1 -metadata: - name: {{ template "artifactory-ha.fullname" . }}-installer-info - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - installer-info.json: | - {{ tpl .Values.installerInfo . }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-license-secret.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-license-secret.yaml deleted file mode 100755 index 3f629c6e4..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-license-secret.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- with .Values.artifactory.license.licenseKey }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "artifactory-ha.fullname" $ }}-license - labels: - app: {{ template "artifactory-ha.name" $ }} - chart: {{ template "artifactory-ha.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} -type: Opaque -data: - artifactory.lic: {{ . | b64enc | quote }} -{{- end }} \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-migration-scripts.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-migration-scripts.yaml deleted file mode 100755 index fe40f980f..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-migration-scripts.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.artifactory.migration.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "artifactory-ha.fullname" . }}-migration-scripts - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - migrate.sh: | -{{ .Files.Get "files/migrate.sh" | indent 4 }} - migrationHelmInfo.yaml: | -{{ .Files.Get "files/migrationHelmInfo.yaml" | indent 4 }} - migrationStatus.sh: | -{{ .Files.Get "files/migrationStatus.sh" | indent 4 }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-networkpolicy.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-networkpolicy.yaml deleted file mode 100755 index 371dc9a5f..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-networkpolicy.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{- range .Values.networkpolicy }} -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ template "artifactory-ha.fullname" $ }}-{{ .name }}-networkpolicy - labels: - app: {{ template "artifactory-ha.name" $ }} - chart: {{ template "artifactory-ha.chart" $ }} - release: {{ $.Release.Name }} - heritage: {{ $.Release.Service }} -spec: -{{- if .podSelector }} - podSelector: -{{ .podSelector | toYaml | trimSuffix "\n" | indent 4 -}} -{{ else }} - podSelector: {} -{{- end }} - policyTypes: - {{- if .ingress }} - - Ingress - {{- end }} - {{- if .egress }} - - Egress - {{- end }} -{{- if .ingress }} - ingress: -{{ .ingress | toYaml | trimSuffix "\n" | indent 2 -}} -{{- end }} -{{- if .egress }} - egress: -{{ .egress | toYaml | trimSuffix "\n" | indent 2 -}} -{{- end }} ---- -{{- end -}} \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-nfs-pvc.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-nfs-pvc.yaml deleted file mode 100755 index 6ed7d82f6..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-nfs-pvc.yaml +++ /dev/null @@ -1,101 +0,0 @@ -{{- if eq .Values.artifactory.persistence.type "nfs" }} -### Artifactory HA data -apiVersion: v1 -kind: PersistentVolume -metadata: - name: {{ template "artifactory-ha.fullname" . }}-data-pv - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - id: {{ template "artifactory-ha.name" . }}-data-pv - type: nfs-volume -spec: - {{- if .Values.artifactory.persistence.nfs.mountOptions }} - mountOptions: -{{ toYaml .Values.artifactory.persistence.nfs.mountOptions | indent 4 }} - {{- end }} - capacity: - storage: {{ .Values.artifactory.persistence.nfs.capacity }} - accessModes: - - ReadWriteOnce - persistentVolumeReclaimPolicy: Retain - nfs: - server: {{ .Values.artifactory.persistence.nfs.ip }} - path: "{{ .Values.artifactory.persistence.nfs.haDataMount }}" - readOnly: false ---- -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ template "artifactory-ha.fullname" . }}-data-pvc - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - type: nfs-volume -spec: - accessModes: - - ReadWriteOnce - storageClassName: "" - resources: - requests: - storage: {{ .Values.artifactory.persistence.nfs.capacity }} - selector: - matchLabels: - id: {{ template "artifactory-ha.name" . }}-data-pv - app: {{ template "artifactory-ha.name" . }} - release: {{ .Release.Name }} ---- -### Artifactory HA backup -apiVersion: v1 -kind: PersistentVolume -metadata: - name: {{ template "artifactory-ha.fullname" . }}-backup-pv - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - id: {{ template "artifactory-ha.name" . }}-backup-pv - type: nfs-volume -spec: - {{- if .Values.artifactory.persistence.nfs.mountOptions }} - mountOptions: -{{ toYaml .Values.artifactory.persistence.nfs.mountOptions | indent 4 }} - {{- end }} - capacity: - storage: {{ .Values.artifactory.persistence.nfs.capacity }} - accessModes: - - ReadWriteOnce - persistentVolumeReclaimPolicy: Retain - nfs: - server: {{ .Values.artifactory.persistence.nfs.ip }} - path: "{{ .Values.artifactory.persistence.nfs.haBackupMount }}" - readOnly: false ---- -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ template "artifactory-ha.fullname" . }}-backup-pvc - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - type: nfs-volume -spec: - accessModes: - - ReadWriteOnce - storageClassName: "" - resources: - requests: - storage: {{ .Values.artifactory.persistence.nfs.capacity }} - selector: - matchLabels: - id: {{ template "artifactory-ha.name" . }}-backup-pv - app: {{ template "artifactory-ha.name" . }} - release: {{ .Release.Name }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-node-pdb.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-node-pdb.yaml deleted file mode 100755 index cb45027cf..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-node-pdb.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.artifactory.node.minAvailable -}} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ template "artifactory-ha.fullname" . }}-node - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - component: {{ .Values.artifactory.name }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - matchLabels: - component: {{ .Values.artifactory.name }} - app: {{ template "artifactory-ha.name" . }} - role: {{ template "artifactory-ha.node.name" . }} - release: {{ .Release.Name }} - minAvailable: {{ .Values.artifactory.node.minAvailable }} -{{- end }} \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-node-statefulset.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-node-statefulset.yaml deleted file mode 100755 index 18f5de1ff..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-node-statefulset.yaml +++ /dev/null @@ -1,777 +0,0 @@ -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ template "artifactory-ha.node.name" . }} - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - component: {{ .Values.artifactory.name }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -{{- with .Values.artifactory.node.labels }} -{{ toYaml . | indent 4 }} -{{- end }} -spec: - serviceName: {{ template "artifactory-ha.node.name" . }} - replicas: {{ .Values.artifactory.node.replicaCount }} - updateStrategy: {{- toYaml .Values.artifactory.node.updateStrategy | nindent 4}} - selector: - matchLabels: - app: {{ template "artifactory-ha.name" . }} - role: {{ template "artifactory-ha.node.name" . }} - release: {{ .Release.Name }} - template: - metadata: - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - role: {{ template "artifactory-ha.node.name" . }} - heritage: {{ .Release.Service }} - component: {{ .Values.artifactory.name }} - release: {{ .Release.Name }} - {{- with .Values.artifactory.node.labels }} -{{ toYaml . | indent 8 }} - {{- end }} - annotations: - checksum/database-secrets: {{ include (print $.Template.BasePath "/artifactory-database-secrets.yaml") . | sha256sum }} - checksum/binarystore: {{ include (print $.Template.BasePath "/artifactory-binarystore-secret.yaml") . | sha256sum }} - checksum/systemyaml: {{ include (print $.Template.BasePath "/artifactory-system-yaml.yaml") . | sha256sum }} - {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} - checksum/gcpcredentials: {{ include (print $.Template.BasePath "/artifactory-gcp-credentials-secret.yaml") . | sha256sum }} - {{- end }} - {{- range $key, $value := .Values.artifactory.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} - spec: - {{- if .Values.artifactory.priorityClass.existingPriorityClass }} - priorityClassName: {{ .Values.artifactory.priorityClass.existingPriorityClass }} - {{- else -}} - {{- if .Values.artifactory.priorityClass.create }} - priorityClassName: {{ default (include "artifactory-ha.fullname" .) .Values.artifactory.priorityClass.name }} - {{- end }} - {{- end }} - serviceAccountName: {{ template "artifactory-ha.serviceAccountName" . }} - terminationGracePeriodSeconds: {{ .Values.artifactory.terminationGracePeriodSeconds }} - {{- if or .Values.imagePullSecrets .Values.global.imagePullSecrets }} -{{- include "artifactory-ha.imagePullSecrets" . | indent 6 }} - {{- end }} - {{- if .Values.artifactory.setSecurityContext }} - securityContext: - runAsUser: {{ .Values.artifactory.uid }} - fsGroup: {{ .Values.artifactory.gid }} - {{- end }} - initContainers: - {{- if or .Values.artifactory.customInitContainersBegin .Values.global.customInitContainersBegin }} -{{ tpl (include "artifactory-ha.customInitContainersBegin" .) . | indent 6 }} - {{- end }} - {{- if .Values.artifactory.persistence.enabled }} - {{- if eq .Values.artifactory.persistence.type "file-system" }} - {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} - - name: "create-artifactory-data-dir" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} - command: - - 'sh' - - '-c' - - > - mkdir -p {{ tpl .Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir . }}; - resources: -{{ toYaml .Values.initContainers.resources | indent 10 }} - volumeMounts: - - mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} - name: volume - {{- end }} - {{- end }} - {{- if .Values.artifactory.deleteDBPropertiesOnStartup }} - - name: "delete-db-properties" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} - command: - - 'sh' - - '-c' - - 'rm -fv {{ .Values.artifactory.persistence.mountPath }}/etc/db.properties' - resources: -{{ toYaml .Values.initContainers.resources | indent 10 }} - volumeMounts: - - mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} - name: volume - {{- end }} - {{- end }} - {{- if and .Values.artifactory.node.waitForPrimaryStartup.enabled }} - - name: "wait-for-primary" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} - command: - - 'sh' - - '-c' - - > - echo "Waiting for primary node to be ready..."; - {{- if and .Values.artifactory.node.waitForPrimaryStartup.enabled .Values.artifactory.node.waitForPrimaryStartup.time }} - echo "Sleeping to allow time for primary node to come up"; - sleep {{ .Values.artifactory.node.waitForPrimaryStartup.time }}; - {{- else }} - while [ "$(wget --spider --no-check-certificate -S -T 3 {{ include "artifactory-ha.scheme" . }}://{{ template "artifactory-ha.primary.name" . }}:{{ .Values.artifactory.externalPort }}/ 2>&1 | grep '^ HTTP/' | awk '{print $2}')" != "200" ]; - do echo "Primary not ready. Waiting..."; sleep 3; - done; - echo "Primary node ready!"; - {{- end }} - resources: -{{ toYaml .Values.initContainers.resources | indent 10 }} - {{- end }} - - name: 'copy-system-yaml' - image: '{{ .Values.initContainerImage }}' - command: - - '/bin/sh' - - '-c' - - > - echo "Copy system.yaml to {{ .Values.artifactory.persistence.mountPath }}/etc"; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/access/keys/trusted; - {{- if .Values.systemYamlOverride.existingSecret }} - cp -fv /tmp/etc/{{ .Values.systemYamlOverride.dataKey }} {{ .Values.artifactory.persistence.mountPath }}/etc/system.yaml; - {{- else }} - cp -fv /tmp/etc/system.yaml {{ .Values.artifactory.persistence.mountPath }}/etc/system.yaml; - {{- end }} - echo "Remove {{ .Values.artifactory.persistence.mountPath }}/lost+found folder if exists"; - rm -rfv {{ .Values.artifactory.persistence.mountPath }}/lost+found; - echo "Removing join.key file"; - rm -fv {{ .Values.artifactory.persistence.mountPath }}/etc/security/join.key; - {{- if .Values.access.resetAccessCAKeys }} - echo "Resetting Access CA Keys - load from database"; - {{- end }} - {{- if .Values.access.customCertificatesSecretName }} - echo "Load custom certificates from database"; - {{- end }} - {{- if or .Values.artifactory.masterKey .Values.global.masterKey .Values.artifactory.masterKeySecretName .Values.global.masterKeySecretName }} - echo "Copy masterKey to {{ .Values.artifactory.persistence.mountPath }}/etc/security"; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/security; - echo -n ${ARTIFACTORY_MASTER_KEY} > {{ .Values.artifactory.persistence.mountPath }}/etc/security/master.key; - env: - - name: ARTIFACTORY_MASTER_KEY - valueFrom: - secretKeyRef: - name: {{ include "artifactory-ha.masterKeySecretName" . }} - key: master-key - {{- end }} - resources: -{{ toYaml .Values.initContainers.resources | indent 10 }} - volumeMounts: - - name: volume - mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} - {{- if or .Values.systemYamlOverride.existingSecret .Values.artifactory.systemYaml }} - - name: systemyaml - {{- if .Values.systemYamlOverride.existingSecret }} - mountPath: "/tmp/etc/{{.Values.systemYamlOverride.dataKey}}" - subPath: {{ .Values.systemYamlOverride.dataKey }} - {{- else if .Values.artifactory.systemYaml }} - mountPath: "/tmp/etc/system.yaml" - subPath: system.yaml - {{- end }} - {{- end }} - {{- if and .Values.artifactory.customPersistentPodVolumeClaim (not .Values.artifactory.customPersistentPodVolumeClaim.skipPrepareContainer) }} - - name: "prepare-custom-persistent-volume" - image: "{{ .Values.initContainerImage }}" - command: - - 'sh' - - '-c' - - > - chown -Rv {{ .Values.artifactory.uid }}:{{ .Values.artifactory.gid }} {{ .Values.artifactory.customPersistentPodVolumeClaim.mountPath }} - securityContext: - runAsUser: 0 - resources: -{{ toYaml .Values.initContainers.resources | indent 10 }} - volumeMounts: - - name: {{ .Values.artifactory.customPersistentPodVolumeClaim.name }} - mountPath: {{ .Values.artifactory.customPersistentPodVolumeClaim.mountPath }} - {{- end }} - {{- if or .Values.artifactory.customCertificates.enabled .Values.global.customCertificates.enabled }} - - name: copy-custom-certificates - image: "{{ .Values.initContainerImage }}" - resources: -{{ toYaml .Values.initContainers.resources | indent 10 }} - command: - - 'sh' - - '-c' - - > -{{ include "artifactory-ha.copyCustomCerts" . | indent 10 }} - volumeMounts: - - name: volume - mountPath: {{ .Values.artifactory.persistence.mountPath }} - - name: ca-certs - mountPath: "/tmp/certs" - {{- end }} - {{- if .Values.waitForDatabase }} - {{- if or .Values.postgresql.enabled }} - - name: "wait-for-db" - image: "{{ .Values.initContainerImage }}" - command: - - 'sh' - - '-c' - - > - until nc -z -w 2 {{ .Release.Name }}-postgresql {{ .Values.postgresql.service.port }} && echo database ok; do - sleep 2; - done; - resources: -{{ toYaml .Values.initContainers.resources | indent 10 }} - {{- end }} - {{- end }} - {{- if or .Values.artifactory.customInitContainers .Values.global.customInitContainers }} -{{ tpl (include "artifactory-ha.customInitContainers" .) . | indent 6 }} - {{- end }} -{{- if .Values.artifactory.migration.enabled }} - - name: 'migration-artifactory-ha' - image: {{ include "artifactory-ha.getImageInfoByValue" (list . "artifactory") }} - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} - securityContext: - allowPrivilegeEscalation: false - command: - - '/bin/bash' - - '-c' - - > - {{- if .Values.artifactory.migration.preStartCommand }} - echo "Running custom preStartCommand command"; - {{ tpl .Values.artifactory.migration.preStartCommand . }}; - {{- end }} - scriptsPath="/opt/jfrog/artifactory/app/bin"; - mkdir -p $scriptsPath; - echo "Copy migration scripts and Run migration"; - cp -fv /tmp/migrate.sh $scriptsPath/migrate.sh; - cp -fv /tmp/migrationHelmInfo.yaml $scriptsPath/migrationHelmInfo.yaml; - cp -fv /tmp/migrationStatus.sh $scriptsPath/migrationStatus.sh; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/log; - bash $scriptsPath/migrationStatus.sh {{ include "artifactory-ha.app.version" . }} {{ .Values.artifactory.migration.timeoutSeconds }} > >(tee {{ .Values.artifactory.persistence.mountPath }}/log/helm-migration.log) 2>&1; - resources: -{{ toYaml .Values.artifactory.node.resources | indent 10 }} - env: - {{- if and (not .Values.waitForDatabase) (not .Values.postgresql.enabled) }} - - name: SKIP_WAIT_FOR_EXTERNAL_DB - value: "true" - {{- end }} - {{- if or .Values.database.secrets.user .Values.database.user }} - - name: JF_SHARED_DATABASE_USERNAME - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.user }} - name: {{ tpl .Values.database.secrets.user.name . }} - key: {{ tpl .Values.database.secrets.user.key . }} - {{- else if .Values.database.user }} - name: {{ template "artifactory-ha.fullname" . }}-database-creds - key: db-user - {{- end }} - {{- end }} - {{ if or .Values.database.secrets.password .Values.database.password .Values.postgresql.enabled }} - - name: JF_SHARED_DATABASE_PASSWORD - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.password }} - name: {{ tpl .Values.database.secrets.password.name . }} - key: {{ tpl .Values.database.secrets.password.key . }} - {{- else if .Values.database.password }} - name: {{ template "artifactory-ha.fullname" . }}-database-creds - key: db-password - {{- else if .Values.postgresql.enabled }} - name: {{ .Release.Name }}-postgresql - key: postgresql-password - {{- end }} - {{- end }} - {{- if or .Values.database.secrets.url .Values.database.url }} - - name: JF_SHARED_DATABASE_URL - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.url }} - name: {{ tpl .Values.database.secrets.url.name . }} - key: {{ tpl .Values.database.secrets.url.key . }} - {{- else if .Values.database.url }} - name: {{ template "artifactory-ha.fullname" . }}-database-creds - key: db-url - {{- end }} - {{- end }} - - name: JF_SHARED_NODE_PRIMARY - value: "false" - - name: JF_SHARED_NODE_HAENABLED - value: "true" -{{- with .Values.artifactory.extraEnvironmentVariables }} -{{ tpl (toYaml .) $ | indent 8 }} -{{- end }} - volumeMounts: - - name: migration-scripts - mountPath: "/tmp/migrate.sh" - subPath: migrate.sh - - name: migration-scripts - mountPath: "/tmp/migrationHelmInfo.yaml" - subPath: migrationHelmInfo.yaml - - name: migration-scripts - mountPath: "/tmp/migrationStatus.sh" - subPath: migrationStatus.sh - - name: volume - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - {{- if eq .Values.artifactory.persistence.type "file-system" }} - {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} - {{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }} - - name: artifactory-ha-data-{{ $sharedClaimNumber }} - mountPath: "{{ tpl $.Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir $ }}/filestore{{ $sharedClaimNumber }}" - {{- end }} - - name: artifactory-ha-backup - mountPath: "{{ $.Values.artifactory.persistence.fileSystem.existingSharedClaim.backupDir }}" - {{- end }} - {{- end }} - {{- if or .Values.artifactory.customVolumeMounts .Values.global.customVolumeMounts }} -{{ tpl (include "artifactory-ha.customVolumeMounts" .) . | indent 8 }} - {{- end }} - {{- if eq .Values.artifactory.persistence.type "nfs" }} - - name: artifactory-ha-data - mountPath: "{{ .Values.artifactory.persistence.nfs.dataDir }}" - - name: artifactory-ha-backup - mountPath: "{{ .Values.artifactory.persistence.nfs.backupDir }}" - {{- else }} - {{- if .Values.artifactory.binarystore.enabled }} - - name: binarystore-xml - mountPath: "/artifactory_bootstrap/binarystore.xml" - subPath: binarystore.xml - {{- end }} - {{- end }} - {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} - - name: gcpcreds-json - mountPath: "/artifactory_bootstrap/gcp.credentials.json" - subPath: gcp.credentials.json - {{- end }} -{{- end }} - {{- if .Values.hostAliases }} - hostAliases: -{{ toYaml .Values.hostAliases | indent 6 }} - {{- end }} - containers: - - name: {{ .Values.artifactory.name }} - image: {{ include "artifactory-ha.getImageInfoByValue" (list . "artifactory") }} - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} - securityContext: - allowPrivilegeEscalation: false - command: - - '/bin/bash' - - '-c' - - > - set -e; - {{- range .Values.artifactory.copyOnEveryStartup }} - {{- $targetPath := printf "%s/%s" $.Values.artifactory.persistence.mountPath .target }} - {{- $baseDirectory := regexFind ".*/" $targetPath }} - mkdir -p {{ $baseDirectory }}; - cp -Lrf {{ .source }} {{ $.Values.artifactory.persistence.mountPath }}/{{ .target }}; - {{- end }} - {{- if .Values.artifactory.preStartCommand }} - echo "Running custom preStartCommand command"; - {{ tpl .Values.artifactory.preStartCommand . }}; - {{- end }} - {{- with .Values.artifactory.node.preStartCommand }} - echo "Running member node specific custom preStartCommand command"; - {{ tpl . $ }}; - {{- end }} - exec /entrypoint-artifactory.sh - {{- with .Values.artifactory.postStartCommand }} - lifecycle: - postStart: - exec: - command: - - '/bin/bash' - - '-c' - - > - echo "Running custom postStartCommand command"; - {{ tpl . $ }} - {{- end }} - env: - {{- if and (not .Values.waitForDatabase) (not .Values.postgresql.enabled) }} - - name: SKIP_WAIT_FOR_EXTERNAL_DB - value: "true" - {{- end }} - {{- if or .Values.database.secrets.user .Values.database.user }} - - name: JF_SHARED_DATABASE_USERNAME - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.user }} - name: {{ tpl .Values.database.secrets.user.name . }} - key: {{ tpl .Values.database.secrets.user.key . }} - {{- else if .Values.database.user }} - name: {{ template "artifactory-ha.fullname" . }}-database-creds - key: db-user - {{- end }} - {{- end }} - {{ if or .Values.database.secrets.password .Values.database.password .Values.postgresql.enabled }} - - name: JF_SHARED_DATABASE_PASSWORD - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.password }} - name: {{ tpl .Values.database.secrets.password.name . }} - key: {{ tpl .Values.database.secrets.password.key . }} - {{- else if .Values.database.password }} - name: {{ template "artifactory-ha.fullname" . }}-database-creds - key: db-password - {{- else if .Values.postgresql.enabled }} - name: {{ .Release.Name }}-postgresql - key: postgresql-password - {{- end }} - {{- end }} - {{- if or .Values.database.secrets.url .Values.database.url }} - - name: JF_SHARED_DATABASE_URL - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.url }} - name: {{ tpl .Values.database.secrets.url.name . }} - key: {{ tpl .Values.database.secrets.url.key . }} - {{- else if .Values.database.url }} - name: {{ template "artifactory-ha.fullname" . }}-database-creds - key: db-url - {{- end }} - {{- end }} - - name: JF_SHARED_NODE_PRIMARY - value: "false" - - name: JF_SHARED_NODE_HAENABLED - value: "true" -{{- with .Values.artifactory.extraEnvironmentVariables }} -{{ tpl (toYaml .) $ | indent 8 }} -{{- end }} - ports: - - containerPort: {{ .Values.artifactory.internalPort }} - name: http - - containerPort: {{ .Values.artifactory.internalArtifactoryPort }} - name: http-internal - {{- if .Values.artifactory.node.javaOpts.jmx.enabled }} - - containerPort: {{ .Values.artifactory.node.javaOpts.jmx.port }} - name: tcp-jmx - {{- end }} - {{- if .Values.artifactory.ssh.enabled }} - - containerPort: {{ .Values.artifactory.ssh.internalPort }} - name: tcp-ssh - {{- end }} - volumeMounts: - {{- if .Values.artifactory.customPersistentVolumeClaim }} - - name: {{ .Values.artifactory.customPersistentVolumeClaim.name }} - mountPath: {{ .Values.artifactory.customPersistentVolumeClaim.mountPath }} - {{- end }} - {{- if .Values.artifactory.customPersistentPodVolumeClaim }} - - name: {{ .Values.artifactory.customPersistentPodVolumeClaim.name }} - mountPath: {{ .Values.artifactory.customPersistentPodVolumeClaim.mountPath }} - {{- end }} - - name: volume - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - {{- if eq .Values.artifactory.persistence.type "file-system" }} - {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} - {{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }} - - name: artifactory-ha-data-{{ $sharedClaimNumber }} - mountPath: "{{ tpl $.Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir $ }}/filestore{{ $sharedClaimNumber }}" - {{- end }} - - name: artifactory-ha-backup - mountPath: "{{ $.Values.artifactory.persistence.fileSystem.existingSharedClaim.backupDir }}" - {{- end }} - {{- end }} - {{- if eq .Values.artifactory.persistence.type "nfs" }} - - name: artifactory-ha-data - mountPath: "{{ .Values.artifactory.persistence.nfs.dataDir }}" - - name: artifactory-ha-backup - mountPath: "{{ .Values.artifactory.persistence.nfs.backupDir }}" - {{- else }} - {{- if .Values.artifactory.binarystore.enabled }} - - name: binarystore-xml - mountPath: "/artifactory_bootstrap/binarystore.xml" - subPath: binarystore.xml - {{- end }} - {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} - - name: gcpcreds-json - mountPath: "/artifactory_bootstrap/gcp.credentials.json" - subPath: gcp.credentials.json - {{- end }} - {{- if .Values.artifactory.configMapName }} - - name: bootstrap-config - mountPath: "/bootstrap/" - {{- end }} - {{- if or .Values.artifactory.license.secret .Values.artifactory.license.licenseKey }} - - name: artifactory-license - mountPath: "/artifactory_bootstrap/artifactory.cluster.license" - {{- if .Values.artifactory.license.secret }} - subPath: {{ .Values.artifactory.license.dataKey }} - {{- else if .Values.artifactory.license.licenseKey }} - subPath: artifactory.lic - {{- end }} - {{- end }} - {{- end }} - - name: installer-info - mountPath: "/artifactory_bootstrap/info/installer-info.json" - subPath: installer-info.json - {{- if or .Values.artifactory.customVolumeMounts .Values.global.customVolumeMounts }} -{{ tpl (include "artifactory-ha.customVolumeMounts" .) . | indent 8 }} - {{- end }} - resources: -{{ toYaml .Values.artifactory.node.resources | indent 10 }} - {{- if .Values.artifactory.startupProbe.enabled }} - startupProbe: - httpGet: - path: {{ .Values.artifactory.startupProbe.path }} - scheme: {{ include "artifactory-ha.scheme" . | upper }} - port: {{ .Values.artifactory.internalPort }} - initialDelaySeconds: {{ .Values.artifactory.startupProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.artifactory.startupProbe.periodSeconds }} - failureThreshold: {{ .Values.artifactory.startupProbe.failureThreshold }} - timeoutSeconds: {{ .Values.artifactory.startupProbe.timeoutSeconds }} - {{- end }} - {{- if .Values.artifactory.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: {{ .Values.artifactory.readinessProbe.path }} - scheme: {{ include "artifactory-ha.scheme" . | upper }} - port: {{ .Values.artifactory.internalPort }} - initialDelaySeconds: {{ .Values.artifactory.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.artifactory.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.artifactory.readinessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.artifactory.readinessProbe.failureThreshold }} - successThreshold: {{ .Values.artifactory.readinessProbe.successThreshold }} - {{- end }} - {{- if .Values.artifactory.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: {{ .Values.artifactory.livenessProbe.path }} - scheme: {{ include "artifactory-ha.scheme" . | upper }} - port: {{ .Values.artifactory.internalPort }} - initialDelaySeconds: {{ .Values.artifactory.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.artifactory.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.artifactory.livenessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.artifactory.livenessProbe.failureThreshold }} - successThreshold: {{ .Values.artifactory.livenessProbe.successThreshold }} - {{- end }} - {{- $mountPath := .Values.artifactory.persistence.mountPath }} - {{- range .Values.artifactory.loggers }} - - name: {{ . | replace "_" "-" | replace "." "-" }} - image: {{ include "artifactory-ha.getImageInfoByValue" (list $ "logger") }} - command: - - 'sh' - - '-c' - - 'sh /scripts/tail-log.sh {{ $mountPath }}/log {{ . }}' - volumeMounts: - - name: volume - mountPath: {{ $mountPath }} - - name: tail-logger-script - mountPath: /scripts/tail-log.sh - subPath: tail-log.sh - resources: -{{ toYaml $.Values.artifactory.loggersResources | indent 10 }} - {{- end }} - {{ if .Values.artifactory.catalinaLoggers }} - {{- range .Values.artifactory.catalinaLoggers }} - - name: {{ . | replace "_" "-" | replace "." "-" }} - image: {{ include "artifactory-ha.getImageInfoByValue" (list $ "logger") }} - command: - - 'sh' - - '-c' - - 'sh /scripts/tail-log.sh {{ $mountPath }}/log/tomcat {{ . }}' - volumeMounts: - - name: volume - mountPath: {{ $mountPath }} - - name: tail-logger-script - mountPath: /scripts/tail-log.sh - subPath: tail-log.sh - resources: -{{ toYaml $.Values.artifactory.catalinaLoggersResources | indent 10 }} - {{- end }} - {{- end }} - {{- if .Values.filebeat.enabled }} - - name: {{ .Values.filebeat.name }} - image: "{{ .Values.filebeat.image.repository }}:{{ .Values.filebeat.image.version }}" - imagePullPolicy: {{ .Values.filebeat.image.pullPolicy }} - args: - - "-e" - - "-E" - - "http.enabled=true" - securityContext: - runAsUser: 0 - volumeMounts: - - name: filebeat-config - mountPath: /usr/share/filebeat/filebeat.yml - readOnly: true - subPath: filebeat.yml - - name: volume - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - livenessProbe: -{{ toYaml .Values.filebeat.livenessProbe | indent 10 }} - readinessProbe: -{{ toYaml .Values.filebeat.readinessProbe | indent 10 }} - resources: -{{ toYaml .Values.filebeat.resources | indent 10 }} - terminationGracePeriodSeconds: {{ .Values.terminationGracePeriod }} - {{- end }} - {{- if or .Values.artifactory.customSidecarContainers .Values.global.customSidecarContainers }} -{{ tpl (include "artifactory-ha.customSidecarContainers" .) . | indent 6 }} - {{- end }} - {{- with .Values.artifactory.node.nodeSelector }} - nodeSelector: -{{ toYaml . | indent 8 }} - {{- end }} - {{- if .Values.artifactory.node.affinity }} - {{- with .Values.artifactory.node.affinity }} - affinity: -{{ toYaml . | indent 8 }} - {{- end }} - {{- else if eq .Values.artifactory.node.podAntiAffinity.type "soft" }} - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 - podAffinityTerm: - topologyKey: {{ .Values.artifactory.node.podAntiAffinity.topologyKey }} - labelSelector: - matchLabels: - app: {{ template "artifactory-ha.name" . }} - release: {{ .Release.Name }} - {{- if eq .Values.artifactory.service.pool "members" }} - role: {{ template "artifactory-ha.node.name" . }} - {{- end }} - {{- else if eq .Values.artifactory.node.podAntiAffinity.type "hard" }} - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: {{ .Values.artifactory.node.podAntiAffinity.topologyKey }} - labelSelector: - matchLabels: - app: {{ template "artifactory-ha.name" . }} - release: {{ .Release.Name }} - {{- if eq .Values.artifactory.service.pool "members" }} - role: {{ template "artifactory-ha.node.name" . }} - {{- end }} - {{- end }} - {{- with .Values.artifactory.node.tolerations }} - tolerations: -{{ toYaml . | indent 8 }} - {{- end }} - volumes: - {{- if or .Values.artifactory.customCertificates.enabled .Values.global.customCertificates.enabled }} - - name: ca-certs - secret: - secretName: {{ default .Values.global.customCertificates.certificateSecretName .Values.artifactory.customCertificates.certificateSecretName }} - {{- end }} - {{- if .Values.artifactory.binarystore.enabled }} - - name: binarystore-xml - secret: - {{- if .Values.artifactory.persistence.customBinarystoreXmlSecret }} - secretName: {{ .Values.artifactory.persistence.customBinarystoreXmlSecret }} - {{- else }} - secretName: {{ template "artifactory-ha.fullname" . }}-binarystore - {{- end }} - {{- end }} - {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} - - name: gcpcreds-json - secret: - {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.customSecretName }} - secretName: {{ .Values.artifactory.persistence.googleStorage.gcpServiceAccount.customSecretName }} - {{- else }} - secretName: {{ template "artifactory-ha.fullname" . }}-gcpcreds - {{- end }} - {{- end }} - {{- if or .Values.artifactory.license.secret .Values.artifactory.license.licenseKey }} - - name: artifactory-license - secret: - {{- if .Values.artifactory.license.secret }} - secretName: {{ .Values.artifactory.license.secret }} - {{- else if .Values.artifactory.license.licenseKey }} - secretName: {{ template "artifactory-ha.fullname" . }}-license - {{- end }} - {{- end }} -{{- if .Values.artifactory.migration.enabled }} - - name: migration-scripts - configMap: - name: {{ template "artifactory-ha.fullname" . }}-migration-scripts -{{- end }} - - name: installer-info - configMap: - name: {{ template "artifactory-ha.fullname" . }}-installer-info - {{- if .Values.artifactory.configMapName }} - - name: bootstrap-config - configMap: - name: {{ .Values.artifactory.configMapName }} - {{- end}} - {{- if or .Values.artifactory.loggers .Values.artifactory.catalinaLoggers }} - - name: tail-logger-script - configMap: - name: {{ template "artifactory-ha.fullname" . }}-logger - {{- end }} - {{- if .Values.artifactory.configMaps }} - - name: artifactory-configmaps - configMap: - name: {{ template "artifactory-ha.fullname" . }}-configmaps - {{- end }} - {{- if eq .Values.artifactory.persistence.type "file-system" }} - {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} - {{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }} - - name: artifactory-ha-data-{{ $sharedClaimNumber }} - persistentVolumeClaim: - claimName: {{ template "artifactory-ha.fullname" $ }}-data-pvc-{{ $sharedClaimNumber }} - {{- end }} - - name: artifactory-ha-backup - persistentVolumeClaim: - claimName: {{ template "artifactory-ha.fullname" $ }}-backup-pvc - {{- end }} - {{- end }} - {{- if eq .Values.artifactory.persistence.type "nfs" }} - - name: artifactory-ha-data - persistentVolumeClaim: - claimName: {{ template "artifactory-ha.fullname" . }}-data-pvc - - name: artifactory-ha-backup - persistentVolumeClaim: - claimName: {{ template "artifactory-ha.fullname" . }}-backup-pvc - {{- end }} - {{- if or .Values.systemYamlOverride.existingSecret .Values.artifactory.systemYaml }} - - name: systemyaml - secret: - secretName: {{ default (printf "%s-%s" (include "artifactory-ha.primary.name" .) "system-yaml") .Values.systemYamlOverride.existingSecret }} - {{- end }} - {{- if .Values.artifactory.customPersistentVolumeClaim }} - - name: {{ .Values.artifactory.customPersistentVolumeClaim.name }} - persistentVolumeClaim: - claimName: {{ .Values.artifactory.customPersistentVolumeClaim.name }} - {{- end }} - {{- if .Values.filebeat.enabled }} - - name: filebeat-config - configMap: - name: {{ template "artifactory-ha.fullname" . }}-filebeat-config - {{- end }} - {{- if or .Values.artifactory.customVolumes .Values.global.customVolumes }} -{{ tpl (include "artifactory-ha.customVolumes" .) . | indent 6 }} - {{- end }} - {{- if not .Values.artifactory.persistence.enabled }} - - name: volume - emptyDir: - sizeLimit: {{ .Values.artifactory.persistence.size }} - {{- end }} - volumeClaimTemplates: - {{- if .Values.artifactory.persistence.enabled }} - - metadata: - name: volume - {{- if not .Values.artifactory.node.persistence.existingClaim }} - spec: - {{- if .Values.artifactory.persistence.storageClassName }} - {{- if (eq "-" .Values.artifactory.persistence.storageClassName) }} - storageClassName: "" - {{- else }} - storageClassName: "{{ .Values.artifactory.persistence.storageClassName }}" - {{- end }} - {{- end }} - accessModes: [ "{{ .Values.artifactory.persistence.accessMode }}" ] - resources: - requests: - storage: {{ .Values.artifactory.persistence.size }} - {{- end }} - {{- end }} - {{- if .Values.artifactory.customPersistentPodVolumeClaim }} - - metadata: - name: {{ .Values.artifactory.customPersistentPodVolumeClaim.name }} - spec: - {{- if .Values.artifactory.customPersistentPodVolumeClaim.storageClassName }} - {{- if (eq "-" .Values.artifactory.customPersistentPodVolumeClaim.storageClassName) }} - storageClassName: "" - {{- else }} - storageClassName: "{{ .Values.artifactory.customPersistentPodVolumeClaim.storageClassName }}" - {{- end }} - {{- end }} - accessModes: - {{- range .Values.artifactory.customPersistentPodVolumeClaim.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.artifactory.customPersistentPodVolumeClaim.size }} - {{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-primary-pdb.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-primary-pdb.yaml deleted file mode 100755 index cc4dfab65..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-primary-pdb.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.artifactory.primary.minAvailable -}} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ template "artifactory-ha.fullname" . }}-primary - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - component: {{ .Values.artifactory.name }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - matchLabels: - component: {{ .Values.artifactory.name }} - app: {{ template "artifactory-ha.name" . }} - role: {{ template "artifactory-ha.primary.name" . }} - release: {{ .Release.Name }} - minAvailable: {{ .Values.artifactory.primary.minAvailable }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-primary-statefulset.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-primary-statefulset.yaml deleted file mode 100755 index c86a8b1cb..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-primary-statefulset.yaml +++ /dev/null @@ -1,897 +0,0 @@ -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ template "artifactory-ha.primary.name" . }} - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - component: {{ .Values.artifactory.name }} - version: {{ include "artifactory-ha.app.version" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -{{- with .Values.artifactory.primary.labels }} -{{ toYaml . | indent 4 }} -{{- end }} -{{- if and .Release.IsUpgrade .Values.postgresql.enabled }} - databaseUpgradeReady: {{ required "\n\n*********\nIMPORTANT: UPGRADE STOPPED to prevent data loss!\nReview CHANGELOG.md (https://github.com/jfrog/charts/blob/master/stable/artifactory-ha/CHANGELOG.md) \nNote: This applies only when you are using bundled postgresql (postgresql.enabled=true) \nIf you are upgrading from a chart version (< 4.x) that has postgresql.image.tag of 9.x or 10.x, make sure to pass the current postgresql.image.tag and set databaseUpgradeReady=true \nOR \nIf you are upgrading from a chart version (>= 4.x), just set databaseUpgradeReady=true \n" .Values.databaseUpgradeReady | quote }} -{{- end }} -spec: - serviceName: {{ template "artifactory-ha.primary.name" . }} - replicas: {{ .Values.artifactory.primary.replicaCount }} - updateStrategy: {{- toYaml .Values.artifactory.primary.updateStrategy | nindent 4}} - selector: - matchLabels: - app: {{ template "artifactory-ha.name" . }} - role: {{ template "artifactory-ha.primary.name" . }} - release: {{ .Release.Name }} - template: - metadata: - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - role: {{ template "artifactory-ha.primary.name" . }} - component: {{ .Values.artifactory.name }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - {{- with .Values.artifactory.primary.labels }} -{{ toYaml . | indent 8 }} - {{- end }} - annotations: - checksum/database-secrets: {{ include (print $.Template.BasePath "/artifactory-database-secrets.yaml") . | sha256sum }} - checksum/binarystore: {{ include (print $.Template.BasePath "/artifactory-binarystore-secret.yaml") . | sha256sum }} - checksum/systemyaml: {{ include (print $.Template.BasePath "/artifactory-system-yaml.yaml") . | sha256sum }} - {{- if .Values.access.accessConfig }} - checksum/access-config: {{ include (print $.Template.BasePath "/artifactory-access-config.yaml") . | sha256sum }} - {{- end }} - {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} - checksum/gcpcredentials: {{ include (print $.Template.BasePath "/artifactory-gcp-credentials-secret.yaml") . | sha256sum }} - {{- end }} - {{- if not (and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey) }} - checksum/admin-creds: {{ include (print $.Template.BasePath "/admin-bootstrap-creds.yaml") . | sha256sum }} - {{- end }} - {{- range $key, $value := .Values.artifactory.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} - spec: - {{- if .Values.artifactory.priorityClass.existingPriorityClass }} - priorityClassName: {{ .Values.artifactory.priorityClass.existingPriorityClass }} - {{- else -}} - {{- if .Values.artifactory.priorityClass.create }} - priorityClassName: {{ default (include "artifactory-ha.fullname" .) .Values.artifactory.priorityClass.name }} - {{- end }} - {{- end }} - serviceAccountName: {{ template "artifactory-ha.serviceAccountName" . }} - terminationGracePeriodSeconds: {{ .Values.artifactory.terminationGracePeriodSeconds }} - {{- if or .Values.imagePullSecrets .Values.global.imagePullSecrets }} -{{- include "artifactory-ha.imagePullSecrets" . | indent 6 }} - {{- end }} - {{- if .Values.artifactory.setSecurityContext }} - securityContext: - runAsUser: {{ .Values.artifactory.uid }} - fsGroup: {{ .Values.artifactory.gid }} - {{- end }} - initContainers: - {{- if or .Values.artifactory.customInitContainersBegin .Values.global.customInitContainersBegin }} -{{ tpl (include "artifactory-ha.customInitContainersBegin" .) . | indent 6 }} - {{- end }} - {{- if .Values.artifactory.persistence.enabled }} - {{- if eq .Values.artifactory.persistence.type "file-system" }} - {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} - - name: "create-artifactory-data-dir" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} - resources: -{{ toYaml .Values.initContainers.resources | indent 10 }} - command: - - 'sh' - - '-c' - - > - mkdir -p {{ tpl .Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir . }}; - volumeMounts: - - mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} - name: volume - {{- end }} - {{- end }} - {{- if .Values.artifactory.deleteDBPropertiesOnStartup }} - - name: "delete-db-properties" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} - resources: -{{ toYaml .Values.initContainers.resources | indent 10 }} - command: - - 'sh' - - '-c' - - 'rm -fv {{ .Values.artifactory.persistence.mountPath }}/etc/db.properties' - volumeMounts: - - mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} - name: volume - {{- end }} - - name: "remove-lost-found" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} - resources: -{{ toYaml .Values.initContainers.resources | indent 10 }} - command: - - 'sh' - - '-c' - - > - rm -rfv {{ .Values.artifactory.persistence.mountPath }}/lost+found; - rm -rfv {{ tpl .Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir . }}/lost+found; - rm -rfv {{ .Values.artifactory.persistence.fileSystem.existingSharedClaim.backupDir }}/lost+found; - volumeMounts: - - name: volume - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - {{- if eq .Values.artifactory.persistence.type "file-system" }} - {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} - {{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }} - - name: artifactory-ha-data-{{ $sharedClaimNumber }} - mountPath: "{{ tpl $.Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir $ }}/filestore{{ $sharedClaimNumber }}" - {{- end }} - - name: artifactory-ha-backup - mountPath: "{{ $.Values.artifactory.persistence.fileSystem.existingSharedClaim.backupDir }}" - {{- end }} - {{- end }} - {{- if or (and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey) .Values.artifactory.admin.password }} - - name: "access-bootstrap-creds" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} - resources: -{{ toYaml .Values.initContainers.resources | indent 10 }} - command: - - 'sh' - - '-c' - - > - echo "Preparing {{ .Values.artifactory.persistence.mountPath }}/etc/access/bootstrap.creds"; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/access; - cp -Lrf /tmp/access/bootstrap.creds {{ .Values.artifactory.persistence.mountPath }}/etc/access/bootstrap.creds; - chmod 600 {{ .Values.artifactory.persistence.mountPath }}/etc/access/bootstrap.creds; - volumeMounts: - - name: volume - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - - name: access-bootstrap-creds - mountPath: "/tmp/access/bootstrap.creds" - {{- if and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey }} - subPath: {{ .Values.artifactory.admin.dataKey }} - {{- else }} - subPath: bootstrap.creds - {{- end }} - {{- end }} - {{- end }} - - name: 'copy-system-yaml' - image: '{{ .Values.initContainerImage }}' - resources: -{{ toYaml .Values.initContainers.resources | indent 10 }} - command: - - '/bin/sh' - - '-c' - - > - echo "Copy system.yaml to {{ .Values.artifactory.persistence.mountPath }}/etc"; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/access/keys/trusted; - {{- if .Values.systemYamlOverride.existingSecret }} - cp -fv /tmp/etc/{{ .Values.systemYamlOverride.dataKey }} {{ .Values.artifactory.persistence.mountPath }}/etc/system.yaml; - {{- else }} - cp -fv /tmp/etc/system.yaml {{ .Values.artifactory.persistence.mountPath }}/etc/system.yaml; - {{- end }} - echo "Remove {{ .Values.artifactory.persistence.mountPath }}/lost+found folder if exists"; - rm -rfv {{ .Values.artifactory.persistence.mountPath }}/lost+found; - {{- if .Values.access.accessConfig }} - echo "Copy access.config.patch.yml to {{ .Values.artifactory.persistence.mountPath }}/etc/access"; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/access; - cp -fv /tmp/etc/access.config.patch.yml {{ .Values.artifactory.persistence.mountPath }}/etc/access/access.config.patch.yml; - {{- end }} - {{- if .Values.access.resetAccessCAKeys }} - echo "Resetting Access CA Keys"; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys; - touch {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys/reset_ca_keys; - {{- end }} - {{- if .Values.access.customCertificatesSecretName }} - echo "Copying custom certificates to {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys"; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys; - cp -fv /tmp/etc/tls.crt {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys/ca.crt; - cp -fv /tmp/etc/tls.key {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys/ca.private.key; - {{- end }} - {{- if or .Values.artifactory.joinKey .Values.global.joinKey .Values.artifactory.joinKeySecretName .Values.global.joinKeySecretName }} - echo "Copy joinKey to {{ .Values.artifactory.persistence.mountPath }}/bootstrap/access/etc/security"; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/bootstrap/access/etc/security; - echo -n ${ARTIFACTORY_JOIN_KEY} > {{ .Values.artifactory.persistence.mountPath }}/bootstrap/access/etc/security/join.key; - {{- end }} - {{- if or .Values.artifactory.masterKey .Values.global.masterKey .Values.artifactory.masterKeySecretName .Values.global.masterKeySecretName }} - echo "Copy masterKey to {{ .Values.artifactory.persistence.mountPath }}/etc/security"; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/security; - echo -n ${ARTIFACTORY_MASTER_KEY} > {{ .Values.artifactory.persistence.mountPath }}/etc/security/master.key; - {{- end }} - env: - {{- if or .Values.artifactory.joinKey .Values.global.joinKey .Values.artifactory.joinKeySecretName .Values.global.joinKeySecretName }} - - name: ARTIFACTORY_JOIN_KEY - valueFrom: - secretKeyRef: - name: {{ include "artifactory-ha.joinKeySecretName" . }} - key: join-key - {{- end }} - {{- if or .Values.artifactory.masterKey .Values.global.masterKey .Values.artifactory.masterKeySecretName .Values.global.masterKeySecretName }} - - name: ARTIFACTORY_MASTER_KEY - valueFrom: - secretKeyRef: - name: {{ include "artifactory-ha.masterKeySecretName" . }} - key: master-key - {{- end }} - volumeMounts: - - name: volume - mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} - {{- if or .Values.systemYamlOverride.existingSecret .Values.artifactory.systemYaml }} - - name: systemyaml - {{- if .Values.systemYamlOverride.existingSecret }} - mountPath: "/tmp/etc/{{.Values.systemYamlOverride.dataKey}}" - subPath: {{ .Values.systemYamlOverride.dataKey }} - {{- else if .Values.artifactory.systemYaml }} - mountPath: "/tmp/etc/system.yaml" - subPath: system.yaml - {{- end }} - {{- end }} - {{- if .Values.access.accessConfig }} - - name: access-config - mountPath: "/tmp/etc/access.config.patch.yml" - subPath: access.config.patch.yml - {{- end }} - {{- if .Values.access.customCertificatesSecretName }} - - name: access-certs - mountPath: "/tmp/etc/tls.crt" - subPath: tls.crt - - name: access-certs - mountPath: "/tmp/etc/tls.key" - subPath: tls.key - {{- end }} - {{- if and .Values.artifactory.customPersistentPodVolumeClaim (not .Values.artifactory.customPersistentPodVolumeClaim.skipPrepareContainer) }} - - name: "prepare-custom-persistent-volume" - image: "{{ .Values.initContainerImage }}" - resources: -{{ toYaml .Values.initContainers.resources | indent 10 }} - command: - - 'sh' - - '-c' - - > - chown -Rv {{ .Values.artifactory.uid }}:{{ .Values.artifactory.gid }} {{ .Values.artifactory.customPersistentPodVolumeClaim.mountPath }} - securityContext: - capabilities: - add: - - CHOWN - resources: -{{ toYaml .Values.initContainers.resources | indent 10 }} - volumeMounts: - - name: {{ .Values.artifactory.customPersistentPodVolumeClaim.name }} - mountPath: {{ .Values.artifactory.customPersistentPodVolumeClaim.mountPath }} - {{- end }} - {{- if or .Values.artifactory.customCertificates.enabled .Values.global.customCertificates.enabled }} - - name: copy-custom-certificates - image: "{{ .Values.initContainerImage }}" - resources: -{{ toYaml .Values.initContainers.resources | indent 10 }} - command: - - 'sh' - - '-c' - - > -{{ include "artifactory-ha.copyCustomCerts" . | indent 10 }} - volumeMounts: - - name: volume - mountPath: {{ .Values.artifactory.persistence.mountPath }} - - name: ca-certs - mountPath: "/tmp/certs" - {{- end }} - {{- if .Values.waitForDatabase }} - {{- if or .Values.postgresql.enabled }} - - name: "wait-for-db" - image: "{{ .Values.initContainerImage }}" - command: - - 'sh' - - '-c' - - > - until nc -z -w 2 {{ .Release.Name }}-postgresql {{ .Values.postgresql.service.port }} && echo database ok; do - sleep 2; - done; - resources: -{{ toYaml .Values.initContainers.resources | indent 10 }} - {{- end }} - {{- end }} - {{- if or .Values.artifactory.customInitContainers .Values.global.customInitContainers }} -{{ tpl (include "artifactory-ha.customInitContainers" .) . | indent 6 }} - {{- end }} -{{- if .Values.artifactory.migration.enabled }} - - name: 'migration-artifactory-ha' - image: {{ include "artifactory-ha.getImageInfoByValue" (list . "artifactory") }} - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} - resources: -{{ toYaml .Values.artifactory.primary.resources | indent 10 }} - securityContext: - allowPrivilegeEscalation: false - command: - - '/bin/bash' - - '-c' - - > - {{- if .Values.artifactory.migration.preStartCommand }} - echo "Running custom preStartCommand command"; - {{ tpl .Values.artifactory.migration.preStartCommand . }}; - {{- end }} - scriptsPath="/opt/jfrog/artifactory/app/bin"; - mkdir -p $scriptsPath; - echo "Copy migration scripts and Run migration"; - cp -fv /tmp/migrate.sh $scriptsPath/migrate.sh; - cp -fv /tmp/migrationHelmInfo.yaml $scriptsPath/migrationHelmInfo.yaml; - cp -fv /tmp/migrationStatus.sh $scriptsPath/migrationStatus.sh; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/log; - bash $scriptsPath/migrationStatus.sh {{ include "artifactory-ha.app.version" . }} {{ .Values.artifactory.migration.timeoutSeconds }} > >(tee {{ .Values.artifactory.persistence.mountPath }}/log/helm-migration.log) 2>&1; - env: - {{- if and (not .Values.waitForDatabase) (not .Values.postgresql.enabled) }} - - name: SKIP_WAIT_FOR_EXTERNAL_DB - value: "true" - {{- end }} - {{- if or .Values.database.secrets.user .Values.database.user }} - - name: JF_SHARED_DATABASE_USERNAME - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.user }} - name: {{ tpl .Values.database.secrets.user.name . }} - key: {{ tpl .Values.database.secrets.user.key . }} - {{- else if .Values.database.user }} - name: {{ template "artifactory-ha.fullname" . }}-database-creds - key: db-user - {{- end }} - {{- end }} - {{ if or .Values.database.secrets.password .Values.database.password .Values.postgresql.enabled }} - - name: JF_SHARED_DATABASE_PASSWORD - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.password }} - name: {{ tpl .Values.database.secrets.password.name . }} - key: {{ tpl .Values.database.secrets.password.key . }} - {{- else if .Values.database.password }} - name: {{ template "artifactory-ha.fullname" . }}-database-creds - key: db-password - {{- else if .Values.postgresql.enabled }} - name: {{ .Release.Name }}-postgresql - key: postgresql-password - {{- end }} - {{- end }} - {{- if or .Values.database.secrets.url .Values.database.url }} - - name: JF_SHARED_DATABASE_URL - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.url }} - name: {{ tpl .Values.database.secrets.url.name . }} - key: {{ tpl .Values.database.secrets.url.key . }} - {{- else if .Values.database.url }} - name: {{ template "artifactory-ha.fullname" . }}-database-creds - key: db-url - {{- end }} - {{- end }} - - name: JF_SHARED_NODE_PRIMARY - value: "true" - - name: JF_SHARED_NODE_HAENABLED - value: "true" -{{- with .Values.artifactory.extraEnvironmentVariables }} -{{ tpl (toYaml .) $ | indent 8 }} -{{- end }} - volumeMounts: - - name: migration-scripts - mountPath: "/tmp/migrate.sh" - subPath: migrate.sh - - name: migration-scripts - mountPath: "/tmp/migrationHelmInfo.yaml" - subPath: migrationHelmInfo.yaml - - name: migration-scripts - mountPath: "/tmp/migrationStatus.sh" - subPath: migrationStatus.sh - - name: volume - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - {{- if eq .Values.artifactory.persistence.type "file-system" }} - {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} - {{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }} - - name: artifactory-ha-data-{{ $sharedClaimNumber }} - mountPath: "{{ tpl $.Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir $ }}/filestore{{ $sharedClaimNumber }}" - {{- end }} - - name: artifactory-ha-backup - mountPath: "{{ $.Values.artifactory.persistence.fileSystem.existingSharedClaim.backupDir }}" - {{- end }} - {{- end }} - {{- if or .Values.artifactory.customVolumeMounts .Values.global.customVolumeMounts }} -{{ tpl (include "artifactory-ha.customVolumeMounts" .) . | indent 8 }} - {{- end }} - {{- if eq .Values.artifactory.persistence.type "nfs" }} - - name: artifactory-ha-data - mountPath: "{{ .Values.artifactory.persistence.nfs.dataDir }}" - - name: artifactory-ha-backup - mountPath: "{{ .Values.artifactory.persistence.nfs.backupDir }}" - {{- else }} - {{- if .Values.artifactory.binarystore.enabled }} - - name: binarystore-xml - mountPath: "/artifactory_bootstrap/binarystore.xml" - subPath: binarystore.xml - {{- end }} - {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} - - name: gcpcreds-json - mountPath: "/artifactory_bootstrap/gcp.credentials.json" - subPath: gcp.credentials.json - {{- end }} - {{- end }} -{{- end }} - {{- if .Values.hostAliases }} - hostAliases: -{{ toYaml .Values.hostAliases | indent 6 }} - {{- end }} - containers: - - name: {{ .Values.artifactory.name }} - image: {{ include "artifactory-ha.getImageInfoByValue" (list . "artifactory") }} - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} - securityContext: - allowPrivilegeEscalation: false - command: - - '/bin/bash' - - '-c' - - > - set -e; - if [ -d /artifactory_extra_conf ] && [ -d /artifactory_bootstrap ]; then - echo "Copying bootstrap config from /artifactory_extra_conf to /artifactory_bootstrap"; - cp -Lrfv /artifactory_extra_conf/ /artifactory_bootstrap/; - fi; - {{- if .Values.artifactory.configMapName }} - echo "Copying bootstrap configs"; - cp -Lrf /bootstrap/* /artifactory_bootstrap/; - {{- end }} - {{- if .Values.artifactory.userPluginSecrets }} - echo "Copying plugins"; - cp -Lrf /tmp/plugin/*/* /artifactory_bootstrap/plugins; - {{- end }} - {{- range .Values.artifactory.copyOnEveryStartup }} - {{- $targetPath := printf "%s/%s" $.Values.artifactory.persistence.mountPath .target }} - {{- $baseDirectory := regexFind ".*/" $targetPath }} - mkdir -p {{ $baseDirectory }}; - cp -Lrf {{ .source }} {{ $.Values.artifactory.persistence.mountPath }}/{{ .target }}; - {{- end }} - {{- with .Values.artifactory.preStartCommand }} - echo "Running custom preStartCommand command"; - {{ tpl . $ }}; - {{- end }} - {{- with .Values.artifactory.primary.preStartCommand }} - echo "Running primary specific custom preStartCommand command"; - {{ tpl . $ }}; - {{- end }} - exec /entrypoint-artifactory.sh - {{- with .Values.artifactory.postStartCommand }} - lifecycle: - postStart: - exec: - command: - - '/bin/bash' - - '-c' - - > - echo "Running custom postStartCommand command"; - {{ tpl . $ }}; - {{- end }} - env: - {{- if and (not .Values.waitForDatabase) (not .Values.postgresql.enabled) }} - - name: SKIP_WAIT_FOR_EXTERNAL_DB - value: "true" - {{- end }} - {{- if or .Values.database.secrets.user .Values.database.user }} - - name: JF_SHARED_DATABASE_USERNAME - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.user }} - name: {{ tpl .Values.database.secrets.user.name . }} - key: {{ tpl .Values.database.secrets.user.key . }} - {{- else if .Values.database.user }} - name: {{ template "artifactory-ha.fullname" . }}-database-creds - key: db-user - {{- end }} - {{- end }} - {{ if or .Values.database.secrets.password .Values.database.password .Values.postgresql.enabled }} - - name: JF_SHARED_DATABASE_PASSWORD - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.password }} - name: {{ tpl .Values.database.secrets.password.name . }} - key: {{ tpl .Values.database.secrets.password.key . }} - {{- else if .Values.database.password }} - name: {{ template "artifactory-ha.fullname" . }}-database-creds - key: db-password - {{- else if .Values.postgresql.enabled }} - name: {{ .Release.Name }}-postgresql - key: postgresql-password - {{- end }} - {{- end }} - {{- if or .Values.database.secrets.url .Values.database.url }} - - name: JF_SHARED_DATABASE_URL - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.url }} - name: {{ tpl .Values.database.secrets.url.name . }} - key: {{ tpl .Values.database.secrets.url.key . }} - {{- else if .Values.database.url }} - name: {{ template "artifactory-ha.fullname" . }}-database-creds - key: db-url - {{- end }} - {{- end }} - - name: JF_SHARED_NODE_PRIMARY - value: "true" - - name: JF_SHARED_NODE_HAENABLED - value: "true" -{{- with .Values.artifactory.extraEnvironmentVariables }} -{{ tpl (toYaml .) $ | indent 8 }} -{{- end }} - ports: - - containerPort: {{ .Values.artifactory.internalPort }} - name: http - - containerPort: {{ .Values.artifactory.internalArtifactoryPort }} - name: http-internal - {{- if .Values.artifactory.primary.javaOpts.jmx.enabled }} - - containerPort: {{ .Values.artifactory.primary.javaOpts.jmx.port }} - name: tcp-jmx - {{- end }} - {{- if .Values.artifactory.ssh.enabled }} - - containerPort: {{ .Values.artifactory.ssh.internalPort }} - name: tcp-ssh - {{- end }} - volumeMounts: - {{- if .Values.artifactory.customPersistentVolumeClaim }} - - name: {{ .Values.artifactory.customPersistentVolumeClaim.name }} - mountPath: {{ .Values.artifactory.customPersistentVolumeClaim.mountPath }} - {{- end }} - {{- if .Values.artifactory.customPersistentPodVolumeClaim }} - - name: {{ .Values.artifactory.customPersistentPodVolumeClaim.name }} - mountPath: {{ .Values.artifactory.customPersistentPodVolumeClaim.mountPath }} - {{- end }} - {{- if .Values.artifactory.userPluginSecrets }} - - name: bootstrap-plugins - mountPath: "/artifactory_bootstrap/plugins/" - {{- range .Values.artifactory.userPluginSecrets }} - - name: {{ tpl . $ }} - mountPath: "/tmp/plugin/{{ tpl . $ }}" - {{- end }} - {{- end }} - - name: volume - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - {{- if eq .Values.artifactory.persistence.type "file-system" }} - {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} - {{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }} - - name: artifactory-ha-data-{{ $sharedClaimNumber }} - mountPath: "{{ tpl $.Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir $ }}/filestore{{ $sharedClaimNumber }}" - {{- end }} - - name: artifactory-ha-backup - mountPath: "{{ $.Values.artifactory.persistence.fileSystem.existingSharedClaim.backupDir }}" - {{- end }} - {{- end }} - {{- if eq .Values.artifactory.persistence.type "nfs" }} - - name: artifactory-ha-data - mountPath: "{{ .Values.artifactory.persistence.nfs.dataDir }}" - - name: artifactory-ha-backup - mountPath: "{{ .Values.artifactory.persistence.nfs.backupDir }}" - {{- else }} - {{- if .Values.artifactory.binarystore.enabled }} - - name: binarystore-xml - mountPath: "/artifactory_bootstrap/binarystore.xml" - subPath: binarystore.xml - {{- end }} - {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} - - name: gcpcreds-json - mountPath: "/artifactory_bootstrap/gcp.credentials.json" - subPath: gcp.credentials.json - {{- end }} - {{- end }} - {{- if .Values.artifactory.configMapName }} - - name: bootstrap-config - mountPath: "/bootstrap/" - {{- end }} - {{- if or .Values.artifactory.license.secret .Values.artifactory.license.licenseKey }} - - name: artifactory-license - mountPath: "/artifactory_bootstrap/artifactory.cluster.license" - {{- if .Values.artifactory.license.secret }} - subPath: {{ .Values.artifactory.license.dataKey }} - {{- else if .Values.artifactory.license.licenseKey }} - subPath: artifactory.lic - {{- end }} - {{- end }} - - name: installer-info - mountPath: "/artifactory_bootstrap/info/installer-info.json" - subPath: installer-info.json - {{- if or .Values.artifactory.customVolumeMounts .Values.global.customVolumeMounts }} -{{ tpl (include "artifactory-ha.customVolumeMounts" .) . | indent 8 }} - {{- end }} - resources: -{{ toYaml .Values.artifactory.primary.resources | indent 10 }} - {{- if .Values.artifactory.startupProbe.enabled }} - startupProbe: - httpGet: - path: {{ .Values.artifactory.startupProbe.path }} - scheme: {{ include "artifactory-ha.scheme" . | upper }} - port: {{ .Values.artifactory.internalPort }} - initialDelaySeconds: {{ .Values.artifactory.startupProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.artifactory.startupProbe.periodSeconds }} - failureThreshold: {{ .Values.artifactory.startupProbe.failureThreshold }} - timeoutSeconds: {{ .Values.artifactory.startupProbe.timeoutSeconds }} - {{- end }} - {{- if .Values.artifactory.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: {{ .Values.artifactory.readinessProbe.path }} - scheme: {{ include "artifactory-ha.scheme" . | upper }} - port: {{ .Values.artifactory.internalPort }} - initialDelaySeconds: {{ .Values.artifactory.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.artifactory.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.artifactory.readinessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.artifactory.readinessProbe.failureThreshold }} - successThreshold: {{ .Values.artifactory.readinessProbe.successThreshold }} - {{- end }} - {{- if .Values.artifactory.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: {{ .Values.artifactory.livenessProbe.path }} - scheme: {{ include "artifactory-ha.scheme" . | upper }} - port: {{ .Values.artifactory.internalPort }} - initialDelaySeconds: {{ .Values.artifactory.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.artifactory.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.artifactory.livenessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.artifactory.livenessProbe.failureThreshold }} - successThreshold: {{ .Values.artifactory.livenessProbe.successThreshold }} - {{- end }} - {{- $mountPath := .Values.artifactory.persistence.mountPath }} - {{- range .Values.artifactory.loggers }} - - name: {{ . | replace "_" "-" | replace "." "-" }} - image: {{ include "artifactory-ha.getImageInfoByValue" (list $ "logger") }} - command: - - 'sh' - - '-c' - - 'sh /scripts/tail-log.sh {{ $mountPath }}/log {{ . }}' - volumeMounts: - - name: volume - mountPath: {{ $mountPath }} - - name: tail-logger-script - mountPath: /scripts/tail-log.sh - subPath: tail-log.sh - resources: -{{ toYaml $.Values.artifactory.loggersResources | indent 10 }} - {{- end }} - {{ if .Values.artifactory.catalinaLoggers }} - {{- range .Values.artifactory.catalinaLoggers }} - - name: {{ . | replace "_" "-" | replace "." "-" }} - image: {{ include "artifactory-ha.getImageInfoByValue" (list $ "logger") }} - command: - - 'sh' - - '-c' - - 'sh /scripts/tail-log.sh {{ $mountPath }}/log/tomcat {{ . }}' - volumeMounts: - - name: volume - mountPath: {{ $mountPath }} - - name: tail-logger-script - mountPath: /scripts/tail-log.sh - subPath: tail-log.sh - resources: -{{ toYaml $.Values.artifactory.catalinaLoggersResources | indent 10 }} - {{- end }} - {{- end }} - {{- if .Values.filebeat.enabled }} - - name: {{ .Values.filebeat.name }} - image: "{{ .Values.filebeat.image.repository }}:{{ .Values.filebeat.image.version }}" - imagePullPolicy: {{ .Values.filebeat.image.pullPolicy }} - args: - - "-e" - - "-E" - - "http.enabled=true" - securityContext: - runAsUser: 0 - volumeMounts: - - name: filebeat-config - mountPath: /usr/share/filebeat/filebeat.yml - readOnly: true - subPath: filebeat.yml - - name: volume - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - livenessProbe: -{{ toYaml .Values.filebeat.livenessProbe | indent 10 }} - readinessProbe: -{{ toYaml .Values.filebeat.readinessProbe | indent 10 }} - resources: -{{ toYaml .Values.filebeat.resources | indent 10 }} - terminationGracePeriodSeconds: {{ .Values.terminationGracePeriod }} - {{- end }} - {{- if or .Values.artifactory.customSidecarContainers .Values.global.customSidecarContainers }} -{{ tpl (include "artifactory-ha.customSidecarContainers" .) . | indent 6 }} - {{- end }} - {{- with .Values.artifactory.primary.nodeSelector }} - nodeSelector: -{{ toYaml . | indent 8 }} - {{- end }} - {{- if .Values.artifactory.primary.affinity }} - {{- with .Values.artifactory.primary.affinity }} - affinity: -{{ toYaml . | indent 8 }} - {{- end }} - {{- else if eq .Values.artifactory.primary.podAntiAffinity.type "soft" }} - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 - podAffinityTerm: - topologyKey: {{ .Values.artifactory.primary.podAntiAffinity.topologyKey }} - labelSelector: - matchLabels: - app: {{ template "artifactory-ha.name" . }} - release: {{ .Release.Name }} - {{- else if eq .Values.artifactory.primary.podAntiAffinity.type "hard" }} - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: {{ .Values.artifactory.primary.podAntiAffinity.topologyKey }} - labelSelector: - matchLabels: - app: {{ template "artifactory-ha.name" . }} - release: {{ .Release.Name }} - {{- end }} - {{- with .Values.artifactory.primary.tolerations }} - tolerations: -{{ toYaml . | indent 8 }} - {{- end }} - volumes: - {{- if or .Values.artifactory.customCertificates.enabled .Values.global.customCertificates.enabled }} - - name: ca-certs - secret: - secretName: {{ default .Values.global.customCertificates.certificateSecretName .Values.artifactory.customCertificates.certificateSecretName }} - {{- end }} - {{- if .Values.artifactory.binarystore.enabled }} - - name: binarystore-xml - secret: - {{- if .Values.artifactory.persistence.customBinarystoreXmlSecret }} - secretName: {{ .Values.artifactory.persistence.customBinarystoreXmlSecret }} - {{- else }} - secretName: {{ template "artifactory-ha.fullname" . }}-binarystore - {{- end }} - {{- end }} - {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} - - name: gcpcreds-json - secret: - {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.customSecretName }} - secretName: {{ .Values.artifactory.persistence.googleStorage.gcpServiceAccount.customSecretName }} - {{- else }} - secretName: {{ template "artifactory-ha.fullname" . }}-gcpcreds - {{- end }} - {{- end }} - {{- if or .Values.artifactory.license.secret .Values.artifactory.license.licenseKey }} - - name: artifactory-license - secret: - {{- if .Values.artifactory.license.secret }} - secretName: {{ .Values.artifactory.license.secret }} - {{- else if .Values.artifactory.license.licenseKey }} - secretName: {{ template "artifactory-ha.fullname" . }}-license - {{- end }} - {{- end }} -{{- if .Values.artifactory.migration.enabled }} - - name: migration-scripts - configMap: - name: {{ template "artifactory-ha.fullname" . }}-migration-scripts -{{- end }} - - name: installer-info - configMap: - name: {{ template "artifactory-ha.fullname" . }}-installer-info - {{- if .Values.artifactory.userPluginSecrets }} - - name: bootstrap-plugins - emptyDir: {} - {{- range .Values.artifactory.userPluginSecrets }} - - name: {{ tpl . $ }} - secret: - secretName: {{ tpl . $ }} - {{- end }} - {{- end }} - {{- if .Values.artifactory.configMapName }} - - name: bootstrap-config - configMap: - name: {{ .Values.artifactory.configMapName }} - {{- end}} - {{- if or .Values.artifactory.loggers .Values.artifactory.catalinaLoggers }} - - name: tail-logger-script - configMap: - name: {{ template "artifactory-ha.fullname" . }}-logger - {{- end }} - {{- if .Values.artifactory.configMaps }} - - name: artifactory-configmaps - configMap: - name: {{ template "artifactory-ha.fullname" . }}-configmaps - {{- end }} - {{- if or (and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey) .Values.artifactory.admin.password }} - - name: access-bootstrap-creds - secret: - {{- if and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey }} - secretName: {{ .Values.artifactory.admin.secret }} - {{- else }} - secretName: {{ template "artifactory-ha.fullname" . }}-bootstrap-creds - {{- end }} - {{- end }} - {{- if eq .Values.artifactory.persistence.type "file-system" }} - {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} - {{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }} - - name: artifactory-ha-data-{{ $sharedClaimNumber }} - persistentVolumeClaim: - claimName: {{ template "artifactory-ha.fullname" $ }}-data-pvc-{{ $sharedClaimNumber }} - {{- end }} - - name: artifactory-ha-backup - persistentVolumeClaim: - claimName: {{ template "artifactory-ha.fullname" $ }}-backup-pvc - {{- end }} - {{- end }} - {{- if eq .Values.artifactory.persistence.type "nfs" }} - - name: artifactory-ha-data - persistentVolumeClaim: - claimName: {{ template "artifactory-ha.fullname" . }}-data-pvc - - name: artifactory-ha-backup - persistentVolumeClaim: - claimName: {{ template "artifactory-ha.fullname" . }}-backup-pvc - {{- end }} - {{- if or .Values.systemYamlOverride.existingSecret .Values.artifactory.systemYaml }} - - name: systemyaml - secret: - secretName: {{ default (printf "%s-%s" (include "artifactory-ha.primary.name" .) "system-yaml") .Values.systemYamlOverride.existingSecret }} - {{- end }} - {{- if .Values.access.accessConfig }} - - name: access-config - secret: - secretName: {{ template "artifactory-ha.fullname" . }}-access-config - {{- end }} - {{- if .Values.access.customCertificatesSecretName }} - - name: access-certs - secret: - secretName: {{ .Values.access.customCertificatesSecretName }} - {{- end }} - {{- if .Values.artifactory.customPersistentVolumeClaim }} - - name: {{ .Values.artifactory.customPersistentVolumeClaim.name }} - persistentVolumeClaim: - claimName: {{ .Values.artifactory.customPersistentVolumeClaim.name }} - {{- end }} - {{- if .Values.filebeat.enabled }} - - name: filebeat-config - configMap: - name: {{ template "artifactory-ha.fullname" . }}-filebeat-config - {{- end }} - {{- if or .Values.artifactory.customVolumes .Values.global.customVolumes }} -{{ tpl (include "artifactory-ha.customVolumes" .) . | indent 6 }} - {{- end }} - {{- if not .Values.artifactory.persistence.enabled }} - - name: volume - emptyDir: - sizeLimit: {{ .Values.artifactory.persistence.size }} - {{- end }} - volumeClaimTemplates: - {{- if .Values.artifactory.persistence.enabled }} - - metadata: - name: volume - {{- if not .Values.artifactory.primary.persistence.existingClaim }} - spec: - {{- if .Values.artifactory.persistence.storageClassName }} - {{- if (eq "-" .Values.artifactory.persistence.storageClassName) }} - storageClassName: "" - {{- else }} - storageClassName: "{{ .Values.artifactory.persistence.storageClassName }}" - {{- end }} - {{- end }} - accessModes: [ "{{ .Values.artifactory.persistence.accessMode }}" ] - resources: - requests: - storage: {{ .Values.artifactory.persistence.size }} - {{- end }} - {{- end }} - {{- if .Values.artifactory.customPersistentPodVolumeClaim }} - - metadata: - name: {{ .Values.artifactory.customPersistentPodVolumeClaim.name }} - spec: - {{- if .Values.artifactory.customPersistentPodVolumeClaim.storageClassName }} - {{- if (eq "-" .Values.artifactory.customPersistentPodVolumeClaim.storageClassName) }} - storageClassName: "" - {{- else }} - storageClassName: "{{ .Values.artifactory.customPersistentPodVolumeClaim.storageClassName }}" - {{- end }} - {{- end }} - accessModes: - {{- range .Values.artifactory.customPersistentPodVolumeClaim.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.artifactory.customPersistentPodVolumeClaim.size }} - {{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-priority-class.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-priority-class.yaml deleted file mode 100755 index 417ec5c06..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-priority-class.yaml +++ /dev/null @@ -1,9 +0,0 @@ -{{- if .Values.artifactory.priorityClass.create }} -apiVersion: scheduling.k8s.io/v1 -kind: PriorityClass -metadata: - name: {{ default (include "artifactory-ha.fullname" .) .Values.artifactory.priorityClass.name }} -value: {{ .Values.artifactory.priorityClass.value }} -globalDefault: false -description: "Artifactory priority class" -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-role.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-role.yaml deleted file mode 100755 index c86bffddd..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-role.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.rbac.create }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - component: {{ .Values.artifactory.name }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - name: {{ template "artifactory-ha.fullname" . }} -rules: -{{ toYaml .Values.rbac.role.rules }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-rolebinding.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-rolebinding.yaml deleted file mode 100755 index 4412870b1..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-rolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.rbac.create }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - component: {{ .Values.artifactory.name }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - name: {{ template "artifactory-ha.fullname" . }} -subjects: -- kind: ServiceAccount - name: {{ template "artifactory-ha.serviceAccountName" . }} -roleRef: - kind: Role - apiGroup: rbac.authorization.k8s.io - name: {{ template "artifactory-ha.fullname" . }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-secrets.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-secrets.yaml deleted file mode 100755 index 5870428ca..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-secrets.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "artifactory-ha.fullname" . }} - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -type: Opaque -data: - {{- if or .Values.artifactory.masterKey .Values.global.masterKey }} - {{- if not (or .Values.artifactory.masterKeySecretName .Values.global.masterKeySecretName) }} - master-key: {{ include "artifactory-ha.masterKey" . | b64enc | quote }} - {{- end }} - {{- end }} - {{- if or .Values.artifactory.joinKey .Values.global.joinKey }} - {{- if not (or .Values.artifactory.joinKeySecretName .Values.global.joinKeySecretName) }} - join-key: {{ include "artifactory-ha.joinKey" . | b64enc | quote }} - {{- end }} - {{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-service.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-service.yaml deleted file mode 100755 index baacb970f..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-service.yaml +++ /dev/null @@ -1,109 +0,0 @@ -# Service for all Artifactory cluster nodes. -apiVersion: v1 -kind: Service -metadata: - name: {{ template "artifactory-ha.fullname" . }} - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - component: {{ .Values.artifactory.name }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - {{- with .Values.artifactory.node.labels }} -{{ toYaml .| indent 4 }} - {{- end }} -{{- if .Values.artifactory.service.annotations }} - annotations: -{{ toYaml .Values.artifactory.service.annotations | indent 4 }} -{{- end }} -spec: - type: {{ .Values.artifactory.service.type }} - {{- if and (eq .Values.artifactory.service.type "ClusterIP") .Values.artifactory.service.clusterIP }} - clusterIP: {{ .Values.artifactory.service.clusterIP }} - {{- end }} - {{- if .Values.artifactory.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml .Values.artifactory.service.loadBalancerSourceRanges | indent 4 }} - {{- end }} - ports: - - port: {{ .Values.artifactory.externalPort }} - targetPort: {{ .Values.artifactory.internalPort }} - protocol: TCP - name: http-router - {{- if .Values.artifactory.ssh.enabled }} - - port: {{ .Values.artifactory.ssh.externalPort }} - targetPort: {{ .Values.artifactory.ssh.internalPort }} - protocol: TCP - name: tcp-ssh - {{- end }} - - port: {{ .Values.artifactory.externalArtifactoryPort }} - targetPort: {{ .Values.artifactory.internalArtifactoryPort }} - protocol: TCP - name: http-artifactory - {{- with .Values.artifactory.node.javaOpts.jmx }} - {{- if .enabled }} - - port: {{ .port }} - targetPort: {{ .port }} - protocol: TCP - name: tcp-jmx - {{- end }} - {{- end }} - selector: -{{- if eq (int .Values.artifactory.node.replicaCount) 0 }} - role: {{ template "artifactory-ha.primary.name" . }} -{{- else if eq .Values.artifactory.service.pool "members" }} - role: {{ template "artifactory-ha.node.name" . }} -{{- end }} - app: {{ template "artifactory-ha.name" . }} - component: "{{ .Values.artifactory.name }}" - release: {{ .Release.Name }} ---- -# Internal service for Artifactory primary node only! -# Used by member nodes to check readiness of primary node before starting up -apiVersion: v1 -kind: Service -metadata: - name: {{ template "artifactory-ha.primary.name" . }} - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - component: {{ .Values.artifactory.name }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - {{- with .Values.artifactory.primary.labels }} -{{ toYaml . | indent 4 }} - {{- end }} -spec: - # Statically setting service type to ClusterIP since this is an internal only service - type: ClusterIP - {{- if and (eq .Values.artifactory.service.type "ClusterIP") .Values.artifactory.service.clusterIP }} - clusterIP: {{ .Values.artifactory.service.clusterIP }} - {{- end }} - ports: - - port: {{ .Values.artifactory.externalPort }} - targetPort: {{ .Values.artifactory.internalPort }} - protocol: TCP - name: http-router - - port: {{ .Values.artifactory.externalArtifactoryPort }} - targetPort: {{ .Values.artifactory.internalArtifactoryPort }} - protocol: TCP - name: http-artifactory - {{- if .Values.artifactory.ssh.enabled }} - - port: {{ .Values.artifactory.ssh.externalPort }} - targetPort: {{ .Values.artifactory.ssh.internalPort }} - protocol: TCP - name: tcp-ssh - {{- end }} - {{- with .Values.artifactory.primary.javaOpts.jmx }} - {{- if .enabled }} - - port: {{ .port }} - targetPort: {{ .port }} - protocol: TCP - name: tcp-jmx - {{- end }} - {{- end }} - selector: - role: {{ template "artifactory-ha.primary.name" . }} - app: {{ template "artifactory-ha.name" . }} - component: "{{ .Values.artifactory.name }}" - release: {{ .Release.Name }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-serviceaccount.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-serviceaccount.yaml deleted file mode 100755 index 6983c1d12..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: -{{- with .Values.serviceAccount.annotations }} - annotations: -{{ tpl (toYaml .) $ | indent 4 }} -{{- end }} - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - component: {{ .Values.artifactory.name }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - name: {{ template "artifactory-ha.serviceAccountName" . }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-storage-pvc.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-storage-pvc.yaml deleted file mode 100755 index e0bfa6b11..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-storage-pvc.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{ if .Values.artifactory.customPersistentVolumeClaim }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ .Values.artifactory.customPersistentVolumeClaim.name }} - labels: - app: {{ template "artifactory-ha.name" . }} - version: "{{ .Values.artifactory.version }}" - chart: {{ template "artifactory-ha.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - accessModes: - {{- range .Values.artifactory.customPersistentVolumeClaim.accessModes }} - - {{ . | quote }} - {{- end }} - {{- if .Values.artifactory.customPersistentVolumeClaim.storageClassName }} - {{- if (eq "-" .Values.artifactory.customPersistentVolumeClaim.storageClassName) }} - storageClassName: "" - {{- else }} - storageClassName: "{{ .Values.artifactory.customPersistentVolumeClaim.storageClassName }}" - {{- end }} - {{- end }} - resources: - requests: - storage: {{ .Values.artifactory.customPersistentVolumeClaim.size | quote }} -{{ end -}} \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-system-yaml.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-system-yaml.yaml deleted file mode 100755 index aaa1be152..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-system-yaml.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if not .Values.systemYamlOverride.existingSecret }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "artifactory-ha.primary.name" . }}-system-yaml - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - component: {{ .Values.artifactory.name }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -type: Opaque -stringData: - system.yaml: | -{{ tpl .Values.artifactory.systemYaml . | indent 4 }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/filebeat-configmap.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/filebeat-configmap.yaml deleted file mode 100755 index d2db2a067..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/filebeat-configmap.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if .Values.filebeat.enabled }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "artifactory-ha.name" . }}-filebeat-config - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version }} - heritage: {{ .Release.Service | quote }} - release: {{ .Release.Name | quote }} -data: - filebeat.yml: | -{{ tpl .Values.filebeat.filebeatYml . | indent 4 }} -{{- end -}} \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/ingress.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/ingress.yaml deleted file mode 100755 index 53f7c93ec..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/ingress.yaml +++ /dev/null @@ -1,149 +0,0 @@ -{{- if .Values.ingress.enabled -}} -{{- $serviceName := include "artifactory-ha.fullname" . -}} -{{- $servicePort := .Values.artifactory.externalPort -}} -{{- $artifactoryServicePort := .Values.artifactory.externalArtifactoryPort -}} -{{- $ingressName := default ( include "artifactory-ha.fullname" . ) .Values.ingress.name -}} -{{- if semverCompare ">=v1.14.0-0" .Capabilities.KubeVersion.GitVersion }} -apiVersion: networking.k8s.io/v1beta1 -{{- else }} -apiVersion: extensions/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: {{ $ingressName }} - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -{{- if .Values.ingress.labels }} -{{ .Values.ingress.labels | toYaml | trimSuffix "\n"| indent 4 -}} -{{- end}} -{{- if .Values.ingress.annotations }} - annotations: -{{ .Values.ingress.annotations | toYaml | trimSuffix "\n" | indent 4 -}} -{{- end }} -spec: - {{- if .Values.ingress.defaultBackend.enabled }} - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end }} - rules: -{{- if .Values.ingress.hosts }} - {{- range $host := .Values.ingress.hosts }} - - host: {{ $host | quote }} - http: - paths: - - path: {{ $.Values.ingress.routerPath }} - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - - path: {{ $.Values.ingress.artifactoryPath }} - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $artifactoryServicePort }} - {{- end -}} -{{- end -}} - {{- with .Values.ingress.additionalRules }} -{{ tpl . $ | indent 2 }} - {{- end }} - {{- if .Values.ingress.tls }} - tls: -{{ toYaml .Values.ingress.tls | indent 4 }} - {{- end -}} -{{- if .Values.artifactory.replicator.enabled }} ---- -{{- $replicationIngressName := default ( include "artifactory-ha.replicator.fullname" . ) .Values.artifactory.replicator.ingress.name -}} -{{- if semverCompare ">=v1.14.0-0" .Capabilities.KubeVersion.GitVersion }} -apiVersion: networking.k8s.io/v1beta1 -{{- else }} -apiVersion: extensions/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: {{ $replicationIngressName }} - labels: - app: "{{ template "artifactory-ha.name" $ }}" - chart: "{{ template "artifactory-ha.chart" $ }}" - release: {{ $.Release.Name | quote }} - heritage: {{ $.Release.Service | quote }} - {{- if .Values.artifactory.replicator.ingress.annotations }} - annotations: -{{ .Values.artifactory.replicator.ingress.annotations | toYaml | trimSuffix "\n" | indent 4 -}} - {{- end }} -spec: - {{- if .Values.ingress.defaultBackend.enabled }} - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end }} - rules: -{{- if .Values.artifactory.replicator.ingress.hosts }} - {{- range $host := .Values.artifactory.replicator.ingress.hosts }} - - host: {{ $host | quote }} - http: - paths: - - path: /replicator/ - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - - path: /artifactory/api/replication/replicate/file/streaming - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end -}} -{{- end -}} - {{- if .Values.artifactory.replicator.ingress.tls }} - tls: -{{ toYaml .Values.artifactory.replicator.ingress.tls | indent 4 }} - {{- end -}} -{{- end -}} -{{- if and .Values.artifactory.replicator.enabled .Values.artifactory.replicator.trackerIngress.enabled }} ---- -{{- $replicatorTrackerIngressName := default ( include "artifactory-ha.replicator.tracker.fullname" . ) .Values.artifactory.replicator.trackerIngress.name -}} - {{- if semverCompare ">=v1.14.0-0" .Capabilities.KubeVersion.GitVersion }} -apiVersion: networking.k8s.io/v1beta1 - {{- else }} -apiVersion: extensions/v1beta1 - {{- end }} -kind: Ingress -metadata: - name: {{ $replicatorTrackerIngressName }} - labels: - app: "{{ template "artifactory-ha.name" $ }}" - chart: "{{ template "artifactory-ha.chart" $ }}" - release: {{ $.Release.Name | quote }} - heritage: {{ $.Release.Service | quote }} - {{- if .Values.artifactory.replicator.trackerIngress.annotations }} - annotations: -{{ .Values.artifactory.replicator.trackerIngress.annotations | toYaml | trimSuffix "\n" | indent 4 -}} - {{- end }} -spec: - {{- if .Values.ingress.defaultBackend.enabled }} - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end }} - rules: -{{- if .Values.artifactory.replicator.trackerIngress.hosts }} - {{- range $host := .Values.artifactory.replicator.trackerIngress.hosts }} - - host: {{ $host | quote }} - http: - paths: - - path: / - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end -}} -{{- end -}} - {{- if .Values.artifactory.replicator.trackerIngress.tls }} - tls: -{{ toYaml .Values.artifactory.replicator.trackerIngress.tls | indent 4 }} - {{- end -}} -{{- end -}} -{{- if .Values.customIngress }} ---- -{{ .Values.customIngress | toYaml | trimSuffix "\n" }} -{{- end -}} -{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/logger-configmap.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/logger-configmap.yaml deleted file mode 100755 index 87fe8999e..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/logger-configmap.yaml +++ /dev/null @@ -1,63 +0,0 @@ -{{- if or .Values.artifactory.loggers .Values.artifactory.catalinaLoggers }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "artifactory-ha.fullname" . }}-logger - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - tail-log.sh: | - #!/bin/sh - - LOG_DIR=$1 - LOG_NAME=$2 - PID= - - # Wait for log dir to appear - while [ ! -d ${LOG_DIR} ]; do - sleep 1 - done - - cd ${LOG_DIR} - - LOG_PREFIX=$(echo ${LOG_NAME} | sed 's/.log$//g') - - # Find the log to tail - LOG_FILE=$(ls -1t ./${LOG_PREFIX}*.log 2>/dev/null | head -1) - - # Wait for the log file - while [ -z "${LOG_FILE}" ]; do - sleep 1 - LOG_FILE=$(ls -1t ./${LOG_PREFIX}*.log 2>/dev/null | head -1) - done - - echo "Log file ${LOG_FILE} is ready!" - - # Get inode number - INODE_ID=$(ls -i ${LOG_FILE}) - - # echo "Tailing ${LOG_FILE}" - tail -F ${LOG_FILE} & - PID=$! - - # Loop forever to see if a new log was created - while true; do - # Check inode number - NEW_INODE_ID=$(ls -i ${LOG_FILE}) - - # If inode number changed, this means log was rotated and need to start a new tail - if [ "${INODE_ID}" != "${NEW_INODE_ID}" ]; then - kill -9 ${PID} 2>/dev/null - INODE_ID="${NEW_INODE_ID}" - - # Start a new tail - tail -F ${LOG_FILE} & - PID=$! - fi - sleep 1 - done - -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/nginx-artifactory-conf.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/nginx-artifactory-conf.yaml deleted file mode 100755 index eb1f0e698..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/nginx-artifactory-conf.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if and (not .Values.nginx.customArtifactoryConfigMap) .Values.nginx.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "artifactory-ha.fullname" . }}-nginx-artifactory-conf - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - artifactory.conf: | -{{ tpl .Values.nginx.artifactoryConf . | indent 4 }} -{{- end }} \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/nginx-certificate-secret.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/nginx-certificate-secret.yaml deleted file mode 100755 index 29c77ad5a..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/nginx-certificate-secret.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if and (not .Values.nginx.tlsSecretName) .Values.nginx.enabled .Values.nginx.https.enabled }} -apiVersion: v1 -kind: Secret -type: kubernetes.io/tls -metadata: - name: {{ template "artifactory-ha.fullname" . }}-nginx-certificate - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: -{{ ( include "artifactory-ha.gen-certs" . ) | indent 2 }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/nginx-conf.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/nginx-conf.yaml deleted file mode 100755 index 5f424d52a..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/nginx-conf.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if and (not .Values.nginx.customConfigMap) .Values.nginx.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "artifactory-ha.fullname" . }}-nginx-conf - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - nginx.conf: | -{{ tpl .Values.nginx.mainConf . | indent 4 }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/nginx-deployment.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/nginx-deployment.yaml deleted file mode 100755 index 0bc7ae48c..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/nginx-deployment.yaml +++ /dev/null @@ -1,217 +0,0 @@ -{{- if .Values.nginx.enabled -}} -{{- $serviceName := include "artifactory-ha.fullname" . -}} -{{- $servicePort := .Values.artifactory.externalPort -}} -apiVersion: apps/v1 -kind: {{ .Values.nginx.kind }} -metadata: - name: {{ template "artifactory-ha.nginx.fullname" . }} - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - component: {{ .Values.nginx.name }} -{{- if .Values.nginx.labels }} -{{ toYaml .Values.nginx.labels | indent 4 }} -{{- end }} -spec: -{{- if ne .Values.nginx.kind "DaemonSet" }} - replicas: {{ .Values.nginx.replicaCount }} -{{- end }} - selector: - matchLabels: - app: {{ template "artifactory-ha.name" . }} - release: {{ .Release.Name }} - component: {{ .Values.nginx.name }} - template: - metadata: - annotations: - checksum/nginx-conf: {{ include (print $.Template.BasePath "/nginx-conf.yaml") . | sha256sum }} - checksum/nginx-artifactory-conf: {{ include (print $.Template.BasePath "/nginx-artifactory-conf.yaml") . | sha256sum }} - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - component: {{ .Values.nginx.name }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - serviceAccountName: {{ template "artifactory-ha.serviceAccountName" . }} - {{- if or .Values.imagePullSecrets .Values.global.imagePullSecrets }} -{{- include "artifactory-ha.imagePullSecrets" . | indent 6 }} - {{- end }} - {{- if .Values.nginx.priorityClassName }} - priorityClassName: {{ .Values.nginx.priorityClassName | quote }} - {{- end }} - initContainers: - - name: "setup" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: {{ .Values.nginx.image.pullPolicy }} - command: - - '/bin/sh' - - '-c' - - > - rm -rfv {{ .Values.nginx.persistence.mountPath }}/lost+found; - mkdir -p {{ .Values.nginx.persistence.mountPath }}/logs; - volumeMounts: - - mountPath: {{ .Values.nginx.persistence.mountPath | quote }} - name: nginx-volume - securityContext: - runAsUser: {{ .Values.nginx.uid }} - fsGroup: {{ .Values.nginx.gid }} - containers: - - name: {{ .Values.nginx.name }} - image: {{ include "artifactory-ha.getImageInfoByValue" (list . "nginx") }} - imagePullPolicy: {{ .Values.nginx.image.pullPolicy }} - command: - - 'nginx' - - '-g' - - 'daemon off;' - ports: - # DEPRECATION NOTE: The following is to maintain support for values pre 1.3.1 and - # will be cleaned up in a later version - {{- if .Values.nginx.http }} - {{- if .Values.nginx.http.enabled }} - - containerPort: {{ .Values.nginx.http.internalPort }} - name: http - {{- end }} - {{- else }} # DEPRECATED - - containerPort: {{ .Values.nginx.internalPortHttp }} - name: http-internal - {{- end }} - {{- if .Values.nginx.https }} - {{- if .Values.nginx.https.enabled }} - - containerPort: {{ .Values.nginx.https.internalPort }} - name: https - {{- end }} - {{- else }} # DEPRECATED - - containerPort: {{ .Values.nginx.internalPortHttps }} - name: https-internal - {{- end }} - {{- if .Values.artifactory.ssh.enabled }} - - containerPort: {{ .Values.nginx.ssh.internalPort }} - name: tcp-ssh - {{- end }} - volumeMounts: - - name: nginx-conf - mountPath: /etc/nginx/nginx.conf - subPath: nginx.conf - - name: nginx-artifactory-conf - mountPath: "{{ .Values.nginx.persistence.mountPath }}/conf.d/" - - name: nginx-volume - mountPath: {{ .Values.nginx.persistence.mountPath | quote }} - {{- if .Values.nginx.https.enabled }} - - name: ssl-certificates - mountPath: "{{ .Values.nginx.persistence.mountPath }}/ssl" - {{- end }} - resources: -{{ toYaml .Values.nginx.resources | indent 10 }} - {{- if .Values.nginx.startupProbe.enabled }} - startupProbe: - httpGet: - path: {{ .Values.nginx.startupProbe.path }} - {{- if .Values.nginx.http.enabled }} - port: {{ .Values.nginx.http.internalPort }} - scheme: HTTP - {{- else }} - port: {{ .Values.nginx.https.internalPort }} - scheme: HTTPS - {{- end }} - initialDelaySeconds: {{ .Values.nginx.startupProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.nginx.startupProbe.periodSeconds }} - failureThreshold: {{ .Values.nginx.startupProbe.failureThreshold }} - timeoutSeconds: {{ .Values.nginx.startupProbe.timeoutSeconds }} - {{- end }} - {{- if .Values.nginx.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: {{ .Values.nginx.readinessProbe.path }} - {{- if .Values.nginx.http.enabled }} - port: {{ .Values.nginx.http.internalPort }} - scheme: HTTP - {{- else }} - port: {{ .Values.nginx.https.internalPort }} - scheme: HTTPS - {{- end }} - initialDelaySeconds: {{ .Values.nginx.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.nginx.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.nginx.readinessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.nginx.readinessProbe.failureThreshold }} - successThreshold: {{ .Values.nginx.readinessProbe.successThreshold }} - {{- end }} - {{- if .Values.nginx.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: {{ .Values.nginx.livenessProbe.path }} - {{- if .Values.nginx.http.enabled }} - port: {{ .Values.nginx.http.internalPort }} - scheme: HTTP - {{- else }} - port: {{ .Values.nginx.https.internalPort }} - scheme: HTTPS - {{- end }} - initialDelaySeconds: {{ .Values.nginx.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.nginx.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.nginx.livenessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.nginx.livenessProbe.failureThreshold }} - successThreshold: {{ .Values.nginx.livenessProbe.successThreshold }} - {{- end }} - {{- $mountPath := .Values.nginx.persistence.mountPath }} - {{- range .Values.nginx.loggers }} - - name: {{ . | replace "_" "-" | replace "." "-" }} - image: {{ include "artifactory-ha.getImageInfoByValue" (list $ "logger") }} - command: - - tail - args: - - '-F' - - '{{ $mountPath }}/logs/{{ . }}' - volumeMounts: - - name: nginx-volume - mountPath: {{ $mountPath }} - resources: -{{ toYaml $.Values.nginx.loggersResources | indent 10 }} - {{- end }} - {{- with .Values.nginx.nodeSelector }} - nodeSelector: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.nginx.affinity }} - affinity: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.nginx.tolerations }} - tolerations: -{{ toYaml . | indent 8 }} - {{- end }} - volumes: - - name: nginx-conf - configMap: - {{- if .Values.nginx.customConfigMap }} - name: {{ .Values.nginx.customConfigMap }} - {{- else }} - name: {{ template "artifactory-ha.fullname" . }}-nginx-conf - {{- end }} - - name: nginx-artifactory-conf - configMap: - {{- if .Values.nginx.customArtifactoryConfigMap }} - name: {{ .Values.nginx.customArtifactoryConfigMap }} - {{- else }} - name: {{ template "artifactory-ha.fullname" . }}-nginx-artifactory-conf - {{- end }} - - - name: nginx-volume - {{- if .Values.nginx.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ .Values.nginx.persistence.existingClaim | default (include "artifactory-ha.nginx.fullname" .) }} - {{- else }} - emptyDir: {} - {{- end }} - {{- if .Values.nginx.https.enabled }} - - name: ssl-certificates - secret: - {{- if .Values.nginx.tlsSecretName }} - secretName: {{ .Values.nginx.tlsSecretName }} - {{- else }} - secretName: {{ template "artifactory-ha.fullname" . }}-nginx-certificate - {{- end }} - {{- end }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/nginx-pdb.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/nginx-pdb.yaml deleted file mode 100755 index 8310377a6..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/nginx-pdb.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.nginx.enabled -}} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ template "artifactory-ha.nginx.fullname" . }} - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - component: {{ .Values.nginx.name }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - matchLabels: - component: {{ .Values.nginx.name }} - app: {{ template "artifactory-ha.name" . }} - release: {{ .Release.Name }} - minAvailable: {{ .Values.nginx.minAvailable }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/nginx-pvc.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/nginx-pvc.yaml deleted file mode 100755 index 0e573f383..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/nginx-pvc.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if and .Values.nginx.persistence.enabled (.Values.nginx.enabled) (eq (int .Values.nginx.replicaCount) 1) }} -{{- if (not .Values.nginx.persistence.existingClaim) }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ template "artifactory-ha.nginx.fullname" . }} - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - accessModes: - - {{ .Values.nginx.persistence.accessMode | quote }} - resources: - requests: - storage: {{ .Values.nginx.persistence.size | quote }} -{{- if .Values.nginx.persistence.storageClassName }} -{{- if (eq "-" .Values.nginx.persistence.storageClassName) }} - storageClassName: "" -{{- else }} - storageClassName: "{{ .Values.nginx.persistence.storageClassName }}" -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/nginx-service.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/nginx-service.yaml deleted file mode 100755 index 594717cf9..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/nginx-service.yaml +++ /dev/null @@ -1,79 +0,0 @@ -{{- if .Values.nginx.enabled -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "artifactory-ha.nginx.fullname" . }} - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - component: {{ .Values.nginx.name }} - {{- if .Values.nginx.service.labels }} -{{ toYaml .Values.nginx.service.labels | indent 4 }} - {{- end }} -{{- if .Values.nginx.service.annotations }} - annotations: -{{ toYaml .Values.nginx.service.annotations | indent 4 }} -{{- end }} -spec: - type: {{ .Values.nginx.service.type }} - {{- if and (eq .Values.nginx.service.type "ClusterIP") .Values.nginx.service.clusterIP }} - clusterIP: {{ .Values.nginx.service.clusterIP }} - {{- end }} -{{- if eq .Values.nginx.service.type "LoadBalancer" }} - {{ if .Values.nginx.service.loadBalancerIP -}} - loadBalancerIP: {{ .Values.nginx.service.loadBalancerIP }} - {{ end -}} - {{- if .Values.nginx.service.externalTrafficPolicy }} - externalTrafficPolicy: {{ .Values.nginx.service.externalTrafficPolicy }} - {{- end }} -{{- end }} -{{- if .Values.nginx.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml .Values.nginx.service.loadBalancerSourceRanges | indent 4 }} -{{- end }} - ports: - # DEPRECATION NOTE: The following is to maintain support for values pre 1.3.0 and - # will be cleaned up in a later verion - {{- if .Values.nginx.http }} - {{- if .Values.nginx.http.enabled }} - - port: {{ .Values.nginx.http.externalPort }} - targetPort: {{ .Values.nginx.http.internalPort }} - protocol: TCP - name: http - {{- end }} - {{- else }} # DEPRECATED - - port: {{ .Values.nginx.externalPortHttp }} - targetPort: {{ .Values.nginx.internalPortHttp }} - protocol: TCP - name: http - {{- end }} - {{- if .Values.nginx.https }} - {{- if or .Values.nginx.https.enabled .Values.nginx.service.ssloffload }} - - port: {{ .Values.nginx.https.externalPort }} - {{- if .Values.nginx.service.ssloffload }} - targetPort: {{ .Values.nginx.http.internalPort }} - {{- else }} - targetPort: {{ .Values.nginx.https.internalPort}} - {{- end }} - protocol: TCP - name: https - {{- end }} - {{- else }} # DEPRECATED - - port: {{ .Values.nginx.externalPortHttps }} - targetPort: {{ .Values.nginx.internalPortHttps }} - protocol: TCP - name: https - {{- end }} - {{- if .Values.artifactory.ssh.enabled }} - - port: {{ .Values.nginx.ssh.externalPort }} - targetPort: {{ .Values.nginx.ssh.internalPort }} - protocol: TCP - name: tcp-ssh - {{- end }} - selector: - app: {{ template "artifactory-ha.name" . }} - component: {{ .Values.nginx.name }} - release: {{ .Release.Name }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/values-large.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/values-large.yaml deleted file mode 100755 index ec05d2add..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/values-large.yaml +++ /dev/null @@ -1,24 +0,0 @@ -artifactory: - primary: - resources: - requests: - memory: "6Gi" - cpu: "4" - limits: - memory: "10Gi" - cpu: "8" - javaOpts: - xms: "6g" - xmx: "8g" - node: - replicaCount: 3 - resources: - requests: - memory: "6Gi" - cpu: "4" - limits: - memory: "10Gi" - cpu: "8" - javaOpts: - xms: "6g" - xmx: "8g" diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/values-medium.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/values-medium.yaml deleted file mode 100755 index 33879c00b..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/values-medium.yaml +++ /dev/null @@ -1,24 +0,0 @@ -artifactory: - primary: - resources: - requests: - memory: "4Gi" - cpu: "2" - limits: - memory: "8Gi" - cpu: "6" - javaOpts: - xms: "4g" - xmx: "6g" - node: - replicaCount: 2 - resources: - requests: - memory: "4Gi" - cpu: "2" - limits: - memory: "8Gi" - cpu: "6" - javaOpts: - xms: "4g" - xmx: "6g" diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/values-small.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/values-small.yaml deleted file mode 100755 index 4babf97cb..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/values-small.yaml +++ /dev/null @@ -1,24 +0,0 @@ -artifactory: - primary: - resources: - requests: - memory: "4Gi" - cpu: "2" - limits: - memory: "6Gi" - cpu: "4" - javaOpts: - xms: "4g" - xmx: "4g" - node: - replicaCount: 1 - resources: - requests: - memory: "4Gi" - cpu: "2" - limits: - memory: "6Gi" - cpu: "4" - javaOpts: - xms: "4g" - xmx: "4g" diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/values.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/values.yaml deleted file mode 100755 index f0b943cc4..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.13.000/values.yaml +++ /dev/null @@ -1,1710 +0,0 @@ -# Default values for artifactory-ha. -# This is a YAML-formatted file. -# Beware when changing values here. You should know what you are doing! -# Access the values with {{ .Values.key.subkey }} - -global: - # imageRegistry: releases-docker.jfrog.io - # imagePullSecrets: - # - myRegistryKeySecretName - ## Chart.AppVersion can be overidden using global.versions.artifactory or .Values.artifactory.image.tag - ## Note: Order of preference is 1) global.versions 2) .Values.artifactory.image.tag 3) Chart.AppVersion - ## This applies also for nginx images (.Values.nginx.image.tag) - versions: {} - # artifactory: - # joinKey: - # masterKey: - # joinKeySecretName: - # masterKeySecretName: - # customInitContainersBegin: | - - # customInitContainers: | - - # customVolumes: | - - # customVolumeMounts: | - - # customSidecarContainers: | - - ## certificates added to this secret will be copied to $JFROG_HOME/artifactory/var/etc/security/keys/trusted directory - customCertificates: - enabled: false - # certificateSecretName: - -initContainerImage: releases-docker.jfrog.io/alpine:3.13.1 - -installer: - type: - platform: - -installerInfo: '{"productId": "Helm_artifactory-ha/{{ .Chart.Version }}", "features": [ { "featureId": "Platform/{{ default "kubernetes" .Values.installer.platform }}"}]}' - -# For supporting pulling from private registries -# imagePullSecrets: -# - myRegistryKeySecretName - -## Artifactory systemYaml override -## This is for advanced usecases where users wants to provide their own systemYaml for configuring artifactory -## Refer: https://www.jfrog.com/confluence/display/JFROG/Artifactory+System+YAML -## Note: This will override existing (default) .Values.artifactory.systemYaml in values.yaml -## Alternatively, systemYaml can be overidden via customInitContainers using external sources like vaults, external repositories etc. Please refer customInitContainer section below for an example. -## Note: Order of preference is 1) customInitContainers 2) systemYamlOverride existingSecret 3) default systemYaml in values.yaml -systemYamlOverride: -## You can use a pre-existing secret by specifying existingSecret - existingSecret: -## The dataKey should be the name of the secret data key created. - dataKey: - -## Role Based Access Control -## Ref: https://kubernetes.io/docs/admin/authorization/rbac/ -rbac: - create: true - role: - ## Rules to create. It follows the role specification - rules: - - apiGroups: - - '' - resources: - - services - - endpoints - - pods - verbs: - - get - - watch - - list - -## Service Account -## Ref: https://kubernetes.io/docs/admin/service-accounts-admin/ -## -serviceAccount: - create: true - ## The name of the ServiceAccount to use. - ## If not set and create is true, a name is generated using the fullname template - name: - annotations: {} - -ingress: - enabled: false - defaultBackend: - enabled: true - # Used to create an Ingress record. - hosts: [] - routerPath: / - artifactoryPath: /artifactory/ - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - # nginx.ingress.kubernetes.io/proxy-body-size: "0" - labels: {} - # traffic-type: external - # traffic-type: internal - tls: [] - # Secrets must be manually created in the namespace. - # - secretName: chart-example-tls - # hosts: - # - artifactory.domain.example - - # Additional ingress rules - additionalRules: [] - -## Allows to add custom ingress -customIngress: | - -networkpolicy: - # Allows all ingress and egress - - name: artifactory - podSelector: - matchLabels: - app: artifactory-ha - egress: - - {} - ingress: - - {} - # Uncomment to allow only artifactory pods to communicate with postgresql (if postgresql.enabled is true) - # - name: postgresql - # podSelector: - # matchLabels: - # app: postgresql - # ingress: - # - from: - # - podSelector: - # matchLabels: - # app: artifactory-ha - - -## Database configurations -## Use the wait-for-db init container. Set to false to skip -waitForDatabase: true - -## Configuration values for the postgresql dependency -## ref: https://github.com/bitnami/charts/blob/master/bitnami/postgresql/README.md -## -postgresql: - enabled: true - image: - registry: releases-docker.jfrog.io - repository: bitnami/postgresql - tag: 12.5.0-debian-10-r25 - postgresqlUsername: artifactory - postgresqlPassword: "" - postgresqlDatabase: artifactory - postgresqlExtendedConf: - listenAddresses: "'*'" - maxConnections: "1500" - persistence: - enabled: true - size: 50Gi - service: - port: 5432 - master: - nodeSelector: {} - affinity: {} - tolerations: [] - slave: - nodeSelector: {} - affinity: {} - tolerations: [] - resources: {} - # requests: - # memory: "512Mi" - # cpu: "100m" - # limits: - # memory: "1Gi" - # cpu: "500m" - -## If NOT using the PostgreSQL in this chart (postgresql.enabled=false), -## you MUST specify custom database details here or Artifactory will NOT start -database: - type: - driver: - ## If you set the url, leave host and port empty - url: - ## If you would like this chart to create the secret containing the db - ## password, use these values - user: - password: - ## If you have existing Kubernetes secrets containing db credentials, use - ## these values - secrets: {} - # user: - # name: "rds-artifactory" - # key: "db-user" - # password: - # name: "rds-artifactory" - # key: "db-password" - # url: - # name: "rds-artifactory" - # key: "db-url" - -logger: - image: - registry: releases-docker.jfrog.io - repository: busybox - tag: 1.32.1 - -# Artifactory -artifactory: - name: artifactory-ha - # Note that by default we use appVersion to get image tag/version - image: - registry: releases-docker.jfrog.io - repository: jfrog/artifactory-pro - # tag: - pullPolicy: IfNotPresent - - # Create a priority class for the Artifactory pods or use an existing one - # NOTE - Maximum allowed value of a user defined priority is 1000000000 - priorityClass: - create: false - value: 1000000000 - ## Override default name - # name: - ## Use an existing priority class - # existingPriorityClass: - - # Delete the db.properties file in ARTIFACTORY_HOME/etc/db.properties - deleteDBPropertiesOnStartup: true - database: - maxOpenConnections: 80 - tomcat: - connector: - maxThreads: 200 - extraConfig: 'acceptCount="100"' - - # certificates added to this secret will be copied to $JFROG_HOME/artifactory/var/etc/security/keys/trusted directory - customCertificates: - enabled: false - # certificateSecretName: - - # Support for open metrics is only available for Artifactory 7.7.x (appVersions) and above. - # To enable set `.Values.artifactory.openMetrics.enabled` to `true` - # Refer - https://www.jfrog.com/confluence/display/JFROG/Open+Metrics - openMetrics: - enabled: false - - # This directory is intended for use with NFS eventual configuration for HA - haDataDir: - enabled: false - path: - haBackupDir: - enabled: false - path: - - # Files to copy to ARTIFACTORY_HOME/ on each Artifactory startup - copyOnEveryStartup: - # # Absolute path - # - source: /artifactory_bootstrap/binarystore.xml - # # Relative to ARTIFACTORY_HOME/ - # target: etc/artifactory/ - # # Absolute path - # - source: /artifactory_bootstrap/artifactory.cluster.license - # # Relative to ARTIFACTORY_HOME/ - # target: etc/artifactory/ - - # Sidecar containers for tailing Artifactory logs - loggers: [] - # - access-audit.log - # - access-request.log - # - access-security-audit.log - # - access-service.log - # - artifactory-access.log - # - artifactory-event.log - # - artifactory-import-export.log - # - artifactory-request.log - # - artifactory-service.log - # - frontend-request.log - # - frontend-service.log - # - metadata-request.log - # - metadata-service.log - # - router-request.log - # - router-service.log - # - router-traefik.log - # - derby.log - - # Loggers containers resources - loggersResources: {} - # requests: - # memory: "10Mi" - # cpu: "10m" - # limits: - # memory: "100Mi" - # cpu: "50m" - - # Sidecar containers for tailing Tomcat (catalina) logs - catalinaLoggers: [] - # - tomcat-catalina.log - # - tomcat-localhost.log - - # Tomcat (catalina) loggers resources - catalinaLoggersResources: {} - # requests: - # memory: "10Mi" - # cpu: "10m" - # limits: - # memory: "100Mi" - # cpu: "50m" - - # Migration support from 6.x to 7.x - migration: - enabled: true - timeoutSeconds: 3600 - ## Extra pre-start command in migration Init Container to install JDBC driver for MySql/MariaDb/Oracle - # preStartCommand: "mkdir -p /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib; cd /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib && wget -O /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib/mysql-connector-java-5.1.41.jar https://jcenter.bintray.com/mysql/mysql-connector-java/5.1.41/mysql-connector-java-5.1.41.jar" - - - ## Add custom init containers execution before predefined init containers - customInitContainersBegin: | - # - name: "custom-setup" - # image: "{{ .Values.initContainerImage }}" - # imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" - # command: - # - 'sh' - # - '-c' - # - 'touch {{ .Values.artifactory.persistence.mountPath }}/example-custom-setup' - # volumeMounts: - # - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - # name: volume - ## Add custom init containers - - ## Add custom init containers execution after predefined init containers - customInitContainers: | - # - name: "custom-systemyaml-setup" - # image: "{{ .Values.initContainerImage }}" - # imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" - # command: - # - 'sh' - # - '-c' - # - 'wget -O {{ .Values.artifactory.persistence.mountPath }}/etc/system.yaml https:///systemyaml' - # volumeMounts: - # - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - # name: volume - - ## Add custom sidecar containers - # - The provided example uses a custom volume (customVolumes) - # - The provided example shows running container as root (id 0) - customSidecarContainers: | - # - name: "sidecar-list-etc" - # image: "{{ .Values.initContainerImage }}" - # imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" - # securityContext: - # allowPrivilegeEscalation: false - # command: - # - 'sh' - # - '-c' - # - 'sh /scripts/script.sh' - # volumeMounts: - # - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - # name: volume - # - mountPath: "/scripts/script.sh" - # name: custom-script - # subPath: script.sh - # resources: - # requests: - # memory: "32Mi" - # cpu: "50m" - # limits: - # memory: "128Mi" - # cpu: "100m" - - ## Add custom volumes - customVolumes: | - # - name: custom-script - # configMap: - # name: custom-script - - ## Add custom volumesMounts - customVolumeMounts: | - # - name: custom-script - # mountPath: "/scripts/script.sh" - # subPath: script.sh - # - name: posthook-start - # mountPath: "/scripts/posthoook-start.sh" - # subPath: posthoook-start.sh - # - name: prehook-start - # mountPath: "/scripts/prehook-start.sh" - # subPath: prehook-start.sh - - # Add custom persistent volume mounts - Available for the pod - # If skipPrepareContainer is set to true , this will skip the prepare-custom-persistent-volume init container - customPersistentPodVolumeClaim: {} - # name: - # mountPath: - # accessModes: - # - "-" - # size: - # storageClassName: - # skipPrepareContainer: false - - # Add custom persistent volume mounts - Available to the entire namespace - customPersistentVolumeClaim: {} - # name: - # mountPath: - # accessModes: - # - "-" - # size: - # storageClassName: - - ## Artifactory HA requires a unique master key. Each Artifactory node must have the same master key! - ## You can generate one with the command: "openssl rand -hex 32" - ## Pass it to helm with '--set artifactory.masterKey=${MASTER_KEY}' - ## Alternatively, you can use a pre-existing secret with a key called master-key by specifying masterKeySecretName - ## IMPORTANT: You should NOT use the example masterKey for a production deployment! - ## IMPORTANT: This is a mandatory for fresh Install of 7.x (App version) - # masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF - # masterKeySecretName: - - ## Join Key to connect to other services to Artifactory. - ## IMPORTANT: Setting this value overrides the existing joinKey - ## IMPORTANT: You should NOT use the example joinKey for a production deployment! - # joinKey: EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE - ## Alternatively, you can use a pre-existing secret with a key called join-key by specifying joinKeySecretName - # joinKeySecretName: - - # Add custom secrets - secret per file - customSecrets: - # - name: custom-secret - # key: custom-secret.yaml - # data: > - # custom_secret_config: - # parameter1: value1 - # parameter2: value2 - # - name: custom-secret2 - # key: custom-secret2.config - # data: | - # here the custom secret 2 config - - ## If false, all service console logs will not redirect to a common console.log - consoleLog: false - - binarystore: - enabled: true - - ## admin allows to set the password for the default admin user. - ## See: https://www.jfrog.com/confluence/display/JFROG/Users+and+Groups#UsersandGroups-RecreatingtheDefaultAdminUserrecreate - admin: - ip: "127.0.0.1" - username: "admin" - password: - secret: - dataKey: - - ## Artifactory license. - license: - ## licenseKey is the license key in plain text. Use either this or the license.secret setting - licenseKey: - ## If artifactory.license.secret is passed, it will be mounted as - ## ARTIFACTORY_HOME/etc/artifactory.cluster.license and loaded at run time. - secret: - ## The dataKey should be the name of the secret data key created. - dataKey: - - ## Create configMap with artifactory.config.import.xml and security.import.xml and pass name of configMap in following parameter - configMapName: - - # Add any list of configmaps to Artifactory - configMaps: | - # posthook-start.sh: |- - # echo "This is a post start script" - # posthook-end.sh: |- - # echo "This is a post end script" - - ## List of secrets for Artifactory user plugins. - ## One Secret per plugin's files. - userPluginSecrets: - # - archive-old-artifacts - # - build-cleanup - # - webhook - # - '{{ template "my-chart.fullname" . }}' - - ## Extra pre-start command to install JDBC driver for MySql/MariaDb/Oracle - # preStartCommand: "mkdir -p /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib; cd /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib && wget -O /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib/mysql-connector-java-5.1.41.jar https://jcenter.bintray.com/mysql/mysql-connector-java/5.1.41/mysql-connector-java-5.1.41.jar" - ## Extra post-start command to run extra commands after container starts - # postStartCommand: - - ## Extra environment variables that can be used to tune Artifactory to your needs. - ## Uncomment and set value as needed - extraEnvironmentVariables: - # - name: SERVER_XML_ARTIFACTORY_PORT - # value: "8081" - # - name: SERVER_XML_ARTIFACTORY_MAX_THREADS - # value: "200" - # - name: SERVER_XML_ACCESS_MAX_THREADS - # value: "50" - # - name: SERVER_XML_ARTIFACTORY_EXTRA_CONFIG - # value: "" - # - name: SERVER_XML_ACCESS_EXTRA_CONFIG - # value: "" - # - name: SERVER_XML_EXTRA_CONNECTOR - # value: "" - # - name: DB_POOL_MAX_ACTIVE - # value: "100" - # - name: DB_POOL_MAX_IDLE - # value: "10" - # - name: MY_SECRET_ENV_VAR - # valueFrom: - # secretKeyRef: - # name: my-secret-name - # key: my-secret-key - - # TODO: Fix javaOpts for member nodes (currently uses primary settings for all nodes) - systemYaml: | - shared: - logging: - consoleLog: - enabled: {{ .Values.artifactory.consoleLog }} - extraJavaOpts: > - -Dartifactory.access.client.max.connections={{ .Values.access.tomcat.connector.maxThreads }} - {{- with .Values.artifactory.primary.javaOpts }} - -Dartifactory.async.corePoolSize={{ .corePoolSize }} - {{- if .xms }} - -Xms{{ .xms }} - {{- end }} - {{- if .xmx }} - -Xmx{{ .xmx }} - {{- end }} - {{- if .jmx.enabled }} - -Dcom.sun.management.jmxremote - -Dcom.sun.management.jmxremote.port={{ .jmx.port }} - -Dcom.sun.management.jmxremote.rmi.port={{ .jmx.port }} - -Dcom.sun.management.jmxremote.ssl={{ .jmx.ssl }} - {{- if .jmx.host }} - -Djava.rmi.server.hostname={{ tpl .jmx.host $ }} - {{- else }} - -Djava.rmi.server.hostname={{ template "artifactory-ha.fullname" $ }} - {{- end }} - {{- if .jmx.authenticate }} - -Dcom.sun.management.jmxremote.authenticate=true - -Dcom.sun.management.jmxremote.access.file={{ .jmx.accessFile }} - -Dcom.sun.management.jmxremote.password.file={{ .jmx.passwordFile }} - {{- else }} - -Dcom.sun.management.jmxremote.authenticate=false - {{- end }} - {{- end }} - {{- if .other }} - {{ .other }} - {{- end }} - {{- end }} - database: - {{- if .Values.postgresql.enabled }} - type: postgresql - url: "jdbc:postgresql://{{ .Release.Name }}-postgresql:{{ .Values.postgresql.service.port }}/{{ .Values.postgresql.postgresqlDatabase }}" - host: "" - driver: org.postgresql.Driver - username: "{{ .Values.postgresql.postgresqlUsername }}" - {{ else }} - type: "{{ .Values.database.type }}" - driver: "{{ .Values.database.driver }}" - {{- end }} - artifactory: - {{- if .Values.artifactory.openMetrics }} - metrics: - enabled: {{ .Values.artifactory.openMetrics.enabled }} - {{- end }} - {{- if or .Values.artifactory.haDataDir.enabled .Values.artifactory.haBackupDir.enabled }} - node: - {{- if .Values.artifactory.haDataDir.path }} - haDataDir: {{ .Values.artifactory.haDataDir.path }} - {{- end }} - {{- if .Values.artifactory.haBackupDir.path }} - haBackupDir: {{ .Values.artifactory.haBackupDir.path }} - {{- end }} - {{- end }} - database: - maxOpenConnections: {{ .Values.artifactory.database.maxOpenConnections }} - tomcat: - connector: - maxThreads: {{ .Values.artifactory.tomcat.connector.maxThreads }} - extraConfig: {{ .Values.artifactory.tomcat.connector.extraConfig }} - frontend: - session: - timeMinutes: {{ .Values.frontend.session.timeoutMinutes | quote }} - access: - database: - maxOpenConnections: {{ .Values.access.database.maxOpenConnections }} - tomcat: - connector: - maxThreads: {{ .Values.access.tomcat.connector.maxThreads }} - extraConfig: {{ .Values.access.tomcat.connector.extraConfig }} - {{- if .Values.access.database.enabled }} - type: "{{ .Values.access.database.type }}" - url: "{{ .Values.access.database.url }}" - driver: "{{ .Values.access.database.driver }}" - username: "{{ .Values.access.database.user }}" - password: "{{ .Values.access.database.password }}" - {{- end }} - metadata: - database: - maxOpenConnections: {{ .Values.metadata.database.maxOpenConnections }} - {{- if .Values.artifactory.replicator.enabled }} - replicator: - enabled: true - {{- end }} - - ## IMPORTANT: If overriding artifactory.internalPort: - ## DO NOT use port lower than 1024 as Artifactory runs as non-root and cannot bind to ports lower than 1024! - externalPort: 8082 - internalPort: 8082 - externalArtifactoryPort: 8081 - internalArtifactoryPort: 8081 - uid: 1030 - gid: 1030 - terminationGracePeriodSeconds: 30 - - ## By default, the Artifactory StatefulSet is created with a securityContext that sets the `runAsUser` and the `fsGroup` to the `artifactory.uid` value. - ## If you want to disable the securityContext for the Artifactory StatefulSet, set this tag to false - setSecurityContext: true - - ## The following settings are to configure the frequency of the liveness and readiness probes - livenessProbe: - enabled: true - path: /router/api/v1/system/health - initialDelaySeconds: 0 - failureThreshold: 10 - timeoutSeconds: 5 - periodSeconds: 10 - successThreshold: 1 - - readinessProbe: - enabled: true - path: /router/api/v1/system/health - initialDelaySeconds: 0 - failureThreshold: 10 - timeoutSeconds: 5 - periodSeconds: 10 - successThreshold: 1 - - startupProbe: - enabled: true - path: /router/api/v1/system/health - initialDelaySeconds: 30 - failureThreshold: 60 - periodSeconds: 5 - timeoutSeconds: 5 - - persistence: - enabled: true - local: false - redundancy: 3 - mountPath: "/var/opt/jfrog/artifactory" - accessMode: ReadWriteOnce - size: 200Gi - - ## Use a custom Secret to be mounted as your binarystore.xml - ## NOTE: This will ignore all settings below that make up binarystore.xml - customBinarystoreXmlSecret: - - maxCacheSize: 50000000000 - cacheProviderDir: cache - eventual: - numberOfThreads: 10 - ## artifactory data Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - # storageClassName: "-" - - ## Set the persistence storage type. This will apply the matching binarystore.xml to Artifactory config - ## Supported types are: - ## file-system (default) - ## nfs - ## google-storage - ## aws-s3 - ## aws-s3-v3 - ## azure-blob - type: file-system - - ## Use binarystoreXml to provide a custom binarystore.xml - ## This can be a template or hardcoded. - binarystoreXml: | - {{- if eq .Values.artifactory.persistence.type "file-system" }} - - {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} - - - - - - {{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) -}} - - {{- end }} - - - - - - {{ .Values.artifactory.persistence.maxCacheSize }} - {{ .Values.artifactory.persistence.cacheProviderDir }} - - - // Specify the read and write strategy and redundancy for the sharding binary provider - - roundRobin - percentageFreeSpace - 2 - - - {{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) -}} - //For each sub-provider (mount), specify the filestore location - - filestore{{ $sharedClaimNumber }} - - {{- end }} - - {{- else }} - - - - - crossNetworkStrategy - crossNetworkStrategy - {{ .Values.artifactory.persistence.redundancy }} - 2 - 2 - - - - - - - - - {{ .Values.artifactory.persistence.maxCacheSize }} - {{ .Values.artifactory.persistence.cacheProviderDir }} - - - - - shard-fs-1 - local - - - - - 30 - tester-remote1 - 10000 - remote - - - - {{- end }} - {{- end }} - {{- if eq .Values.artifactory.persistence.type "google-storage" }} - - - - - - crossNetworkStrategy - crossNetworkStrategy - {{ .Values.artifactory.persistence.redundancy }} - 2 - - - {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} - - {{- else }} - - {{- end }} - - - - - - - - - - - {{ .Values.artifactory.persistence.maxCacheSize }} - {{ .Values.artifactory.persistence.cacheProviderDir }} - - - - local - - - - 30 - 10000 - remote - - - - {{ .Values.artifactory.persistence.mountPath }}/data/filestore - /tmp - - - {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} - - false - {{- else }} - - {{ .Values.artifactory.persistence.googleStorage.identity }} - {{ .Values.artifactory.persistence.googleStorage.credential }} - {{- end }} - google-cloud-storage - {{ .Values.artifactory.persistence.googleStorage.endpoint }} - {{ .Values.artifactory.persistence.googleStorage.httpsOnly }} - {{ .Values.artifactory.persistence.googleStorage.bucketName }} - {{ .Values.artifactory.persistence.googleStorage.path }} - {{ .Values.artifactory.persistence.googleStorage.bucketExists }} - - - {{- end }} - {{- if eq .Values.artifactory.persistence.type "aws-s3-v3" }} - - - - - - - - - - - - - - - - - crossNetworkStrategy - crossNetworkStrategy - {{ .Values.artifactory.persistence.redundancy }} - - - - - remote - - - - local - - - - - {{ .Values.artifactory.persistence.maxCacheSize }} - {{ .Values.artifactory.persistence.cacheProviderDir }} - - - {{- with .Values.artifactory.persistence.awsS3V3 }} - - {{ .testConnection }} - {{- if .identity }} - {{ .identity }} - {{- end }} - {{- if .credential }} - {{ .credential }} - {{- end }} - {{ .region }} - {{ .bucketName }} - {{ .path }} - {{ .endpoint }} - {{- with .maxConnections }} - {{ . }} - {{- end }} - {{- with .kmsServerSideEncryptionKeyId }} - {{ . }} - {{- end }} - {{- with .kmsKeyRegion }} - {{ . }} - {{- end }} - {{- with .kmsCryptoMode }} - {{ . }} - {{- end }} - {{- if .useInstanceCredentials }} - true - {{- else }} - false - {{- end }} - {{ .usePresigning }} - {{ .signatureExpirySeconds }} - {{- with .cloudFrontDomainName }} - {{ . }} - {{- end }} - {{- with .cloudFrontKeyPairId }} - {{ .cloudFrontKeyPairId }} - {{- end }} - {{- with .cloudFrontPrivateKey }} - {{ . }} - {{- end }} - {{- with .enableSignedUrlRedirect }} - {{ . }} - {{- end }} - {{- with .enablePathStyleAccess }} - {{ . }} - {{- end }} - - {{- end }} - - {{- end }} - - {{- if eq .Values.artifactory.persistence.type "aws-s3" }} - - - - - - - - - - - - - - - - - - {{ .Values.artifactory.persistence.maxCacheSize }} - {{ .Values.artifactory.persistence.cacheProviderDir }} - - - - local - - - - 30 - 10000 - remote - - - - crossNetworkStrategy - crossNetworkStrategy - {{ .Values.artifactory.persistence.redundancy }} - - - - - {{ .Values.artifactory.persistence.awsS3.endpoint }} - {{- if .Values.artifactory.persistence.awsS3.roleName }} - {{ .Values.artifactory.persistence.awsS3.roleName }} - true - {{- else }} - {{ .Values.artifactory.persistence.awsS3.refreshCredentials }} - {{- end }} - {{ .Values.artifactory.persistence.awsS3.s3AwsVersion }} - {{ .Values.artifactory.persistence.awsS3.testConnection }} - {{ .Values.artifactory.persistence.awsS3.httpsOnly }} - {{ .Values.artifactory.persistence.awsS3.region }} - {{ .Values.artifactory.persistence.awsS3.bucketName }} - {{- if .Values.artifactory.persistence.awsS3.identity }} - {{ .Values.artifactory.persistence.awsS3.identity }} - {{- end }} - {{- if .Values.artifactory.persistence.awsS3.credential }} - {{ .Values.artifactory.persistence.awsS3.credential }} - {{- end }} - {{ .Values.artifactory.persistence.awsS3.path }} - {{- range $key, $value := .Values.artifactory.persistence.awsS3.properties }} - - {{- end }} - - - {{- end }} - {{- if eq .Values.artifactory.persistence.type "azure-blob" }} - - - - - - - - - - - - - - - - - - {{ .Values.artifactory.persistence.maxCacheSize }} - {{ .Values.artifactory.persistence.cacheProviderDir }} - - - - - crossNetworkStrategy - crossNetworkStrategy - 2 - 1 - - - - - remote - - - - local - - - - - {{ .Values.artifactory.persistence.azureBlob.accountName }} - {{ .Values.artifactory.persistence.azureBlob.accountKey }} - {{ .Values.artifactory.persistence.azureBlob.endpoint }} - {{ .Values.artifactory.persistence.azureBlob.containerName }} - {{ .Values.artifactory.persistence.azureBlob.multiPartLimit }} - {{ .Values.artifactory.persistence.azureBlob.multipartElementSize }} - {{ .Values.artifactory.persistence.azureBlob.testConnection }} - - - {{- end }} - - ## For artifactory.persistence.type file-system - fileSystem: - ## You may also use existing shared claims for the data and backup storage. This allows storage (NAS for example) to be used for Data and Backup dirs which are safe to share across multiple artifactory nodes. - ## You may specify numberOfExistingClaims to indicate how many of these existing shared claims to mount. (Default = 1) - ## Create PVCs with ReadWriteMany that match the naming convetions: - ## {{ template "artifactory-ha.fullname" . }}-data-pvc- - ## {{ template "artifactory-ha.fullname" . }}-backup-pvc - ## Example (using numberOfExistingClaims: 2) - ## myexample-data-pvc-0 - ## myexample-data-pvc-1 - ## myexample-backup-pvc - ## Note: While you need two PVC fronting two PVs, multiple PVs can be attached to the same storage in many cases allowing you to share an underlying drive. - - ## Need to have the following set - existingSharedClaim: - enabled: false - numberOfExistingClaims: 1 - ## Should be a child directory of {{ .Values.artifactory.persistence.mountPath }} - dataDir: "{{ .Values.artifactory.persistence.mountPath }}/artifactory-data" - backupDir: "/var/opt/jfrog/artifactory-backup" - - - ## For artifactory.persistence.type nfs - ## If using NFS as the shared storage, you must have a running NFS server that is accessible by your Kubernetes - ## cluster nodes. - ## Need to have the following set - nfs: - # Must pass actual IP of NFS server with '--set For artifactory.persistence.nfs.ip=${NFS_IP}' - ip: - haDataMount: "/data" - haBackupMount: "/backup" - dataDir: "/var/opt/jfrog/artifactory-ha" - backupDir: "/var/opt/jfrog/artifactory-backup" - capacity: 200Gi - mountOptions: [] - ## For artifactory.persistence.type google-storage - googleStorage: - ## When using GCP buckets as your binary store (Available with enterprise license only) - gcpServiceAccount: - enabled: false - ## Use either an existing secret prepared in advance or put the config (replace the content) in the values - ## ref: https://github.com/jfrog/charts/blob/master/stable/artifactory-ha/README.md#google-storage - # customSecretName: - # config: | - # { - # "type": "service_account", - # "project_id": "", - # "private_key_id": "?????", - # "private_key": "-----BEGIN PRIVATE KEY-----\n????????==\n-----END PRIVATE KEY-----\n", - # "client_email": "???@j.iam.gserviceaccount.com", - # "client_id": "???????", - # "auth_uri": "https://accounts.google.com/o/oauth2/auth", - # "token_uri": "https://oauth2.googleapis.com/token", - # "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", - # "client_x509_cert_url": "https://www.googleapis.com/robot/v1....." - # } - endpoint: commondatastorage.googleapis.com - httpsOnly: false - # Set a unique bucket name - bucketName: "artifactory-ha-gcp" - identity: - credential: - path: "artifactory-ha/filestore" - bucketExists: false - - ## For artifactory.persistence.type aws-s3-v3 - awsS3V3: - testConnection: false - identity: - credential: - region: - bucketName: artifactory-aws - path: artifactory/filestore - endpoint: - maxConnections: 50 - kmsServerSideEncryptionKeyId: - kmsKeyRegion: - kmsCryptoMode: - useInstanceCredentials: true - usePresigning: false - signatureExpirySeconds: 300 - cloudFrontDomainName: - cloudFrontKeyPairId: - cloudFrontPrivateKey: - enableSignedUrlRedirect: false - enablePathStyleAccess: false - - ## For artifactory.persistence.type aws-s3 - ## IMPORTANT: Make sure S3 `endpoint` and `region` match! See https://docs.aws.amazon.com/general/latest/gr/rande.html - awsS3: - # Set a unique bucket name - bucketName: "artifactory-ha-aws" - endpoint: - region: - roleName: - identity: - credential: - path: "artifactory-ha/filestore" - refreshCredentials: true - httpsOnly: true - testConnection: false - s3AwsVersion: "AWS4-HMAC-SHA256" - - ## Additional properties to set on the s3 provider - properties: {} - # httpclient.max-connections: 100 - ## For artifactory.persistence.type azure-blob - azureBlob: - accountName: - accountKey: - endpoint: - containerName: - multiPartLimit: 100000000 - multipartElementSize: 50000000 - testConnection: false - service: - name: artifactory - type: ClusterIP - ## For supporting whitelist on the Artifactory service (useful if setting service.type=LoadBalancer) - ## Set this to a list of IP CIDR ranges - ## Example: loadBalancerSourceRanges: ['10.10.10.5/32', '10.11.10.5/32'] - ## or pass from helm command line - ## Example: helm install ... --set nginx.service.loadBalancerSourceRanges='{10.10.10.5/32,10.11.10.5/32}' - loadBalancerSourceRanges: [] - annotations: {} - ## Which nodes in the cluster should be in the external load balancer pool (have external traffic routed to them) - ## Supported pool values - ## members - ## all - pool: members - - ## The following Java options are passed to the java process running Artifactory. - ## This will be passed to all cluster members. Primary and member nodes. - javaOpts: {} - # other: "" - - ## The following setting are to configure a dedicated Ingress object for Replicator service - replicator: - enabled: false - ingress: - name: - hosts: [] - annotations: {} - # kubernetes.io/ingress.class: nginx - # nginx.ingress.kubernetes.io/proxy-buffering: "off" - # nginx.ingress.kubernetes.io/configuration-snippet: | - # chunked_transfer_encoding on; - tls: [] - # Secrets must be manually created in the namespace. - # - hosts: - # - artifactory.domain.example - # secretName: chart-example-tls-secret - ## When replicator is enabled and want to use tracker feature, trackerIngress.enabled flag should be set to true - ## Please refer - https://www.jfrog.com/confluence/display/JFROG/JFrog+Peer-to-Peer+%28P2P%29+Downloads - trackerIngress: - enabled: false - name: - hosts: [] - annotations: {} - # kubernetes.io/ingress.class: nginx - # nginx.ingress.kubernetes.io/proxy-buffering: "off" - # nginx.ingress.kubernetes.io/configuration-snippet: | - # chunked_transfer_encoding on; - tls: [] - # Secrets must be manually created in the namespace. - # - hosts: - # - artifactory.domain.example - # secretName: chart-example-tls-secret - - ssh: - enabled: false - internalPort: 1339 - externalPort: 1339 - - annotations: {} - - ## Type specific configurations. - ## There is a difference between the primary and the member nodes. - ## Customising their resources and java parameters is done here. - primary: - name: artifactory-ha-primary - # preStartCommand specific to the primary node, to be run after artifactory.preStartCommand - # preStartCommand: - labels: {} - persistence: - ## Set existingClaim to true or false - ## If true, you must prepare a PVC with the name e.g `volume-myrelease-artifactory-ha-primary-0` - existingClaim: false - - replicaCount: 1 - # minAvailable: 1 - - updateStrategy: - type: RollingUpdate - - ## Resources for the primary node - resources: {} - # requests: - # memory: "1Gi" - # cpu: "500m" - # limits: - # memory: "2Gi" - # cpu: "1" - ## The following Java options are passed to the java process running Artifactory primary node. - ## You should set them according to the resources set above - javaOpts: - # xms: "1g" - # xmx: "2g" - corePoolSize: 16 - jmx: - enabled: false - port: 9010 - host: - ssl: false - # When authenticate is true, accessFile and passwordFile are required - authenticate: false - accessFile: - passwordFile: - # other: "" - nodeSelector: {} - - tolerations: [] - - affinity: {} - ## Only used if "affinity" is empty - podAntiAffinity: - ## Valid values are "soft" or "hard"; any other value indicates no anti-affinity - type: "" - topologyKey: "kubernetes.io/hostname" - - node: - name: artifactory-ha-member - # preStartCommand specific to the member node, to be run after artifactory.preStartCommand - # preStartCommand: - labels: {} - persistence: - ## Set existingClaim to true or false - ## If true, you must prepare a PVC with the name e.g `volume-myrelease-artifactory-ha-member-0` - existingClaim: false - replicaCount: 2 - updateStrategy: - type: RollingUpdate - minAvailable: 1 - ## Resources for the member nodes - resources: {} - # requests: - # memory: "1Gi" - # cpu: "500m" - # limits: - # memory: "2Gi" - # cpu: "1" - ## The following Java options are passed to the java process running Artifactory member nodes. - ## You should set them according to the resources set above - javaOpts: - # xms: "1g" - # xmx: "2g" - corePoolSize: 16 - jmx: - enabled: false - port: 9010 - host: - ssl: false - # When authenticate is true, accessFile and passwordFile are required - authenticate: false - accessFile: - passwordFile: - # other: "" - # xms: "1g" - # xmx: "2g" - # other: "" - nodeSelector: {} - - ## Wait for Artifactory primary - waitForPrimaryStartup: - enabled: true - - ## Setting time will override the built in test and will just wait the set time - time: - - tolerations: [] - - ## Complete specification of the "affinity" of the member nodes; if this is non-empty, - ## "podAntiAffinity" values are not used. - affinity: {} - - ## Only used if "affinity" is empty - podAntiAffinity: - ## Valid values are "soft" or "hard"; any other value indicates no anti-affinity - type: "" - topologyKey: "kubernetes.io/hostname" - -frontend: - ## Session settings - session: - ## Time in minutes after which the frontend token will need to be refreshed - timeoutMinutes: '30' - -access: - ## Enable TLS by changing the tls entry (under the security section) in the access.config.yaml file. - ## ref: https://www.jfrog.com/confluence/display/JFROG/Managing+TLS+Certificates#ManagingTLSCertificates - ## When security.tls is set to true, JFrog Access will act as the Certificate Authority (CA) and sign the TLS certificates used by all the different JFrog Platform nodes. - ## This ensures that the node to node communication is done over TLS. - accessConfig: - security: - tls: false - - ## You can use a pre-existing secret by specifying customCertificatesSecretName - ## Example : Create a tls secret using `kubectl create secret tls --cert=ca.crt --key=ca.private.key` - # customCertificatesSecretName: - - ## When resetAccessCAKeys is true, Access will regenerate the CA certificate and matching private key - # resetAccessCAKeys: false - database: - maxOpenConnections: 80 - tomcat: - connector: - maxThreads: 50 - extraConfig: 'acceptCount="100"' - -metadata: - database: - maxOpenConnections: 80 - -# Init containers -initContainers: - resources: {} -# requests: -# memory: "64Mi" -# cpu: "10m" -# limits: -# memory: "128Mi" -# cpu: "250m" - - -# Nginx -nginx: - enabled: true - kind: Deployment - name: nginx - labels: {} - replicaCount: 1 - minAvailable: 0 - uid: 104 - gid: 107 - # Note that by default we use appVersion to get image tag/version - image: - registry: releases-docker.jfrog.io - repository: jfrog/nginx-artifactory-pro - # tag: - pullPolicy: IfNotPresent - - # Priority Class name to be used in deployment if provided - priorityClassName: - - # Sidecar containers for tailing Nginx logs - loggers: [] - # - access.log - # - error.log - - # Loggers containers resources - loggersResources: {} - # requests: - # memory: "64Mi" - # cpu: "25m" - # limits: - # memory: "128Mi" - # cpu: "50m" - - # Logs options - logs: - stderr: false - level: warn - - mainConf: | - # Main Nginx configuration file - worker_processes 4; - - {{ if .Values.nginx.logs.stderr }} - error_log stderr {{ .Values.nginx.logs.level }}; - {{- else -}} - error_log {{ .Values.nginx.persistence.mountPath }}/logs/error.log {{ .Values.nginx.logs.level }}; - {{- end }} - pid /tmp/nginx.pid; - - {{- if .Values.artifactory.ssh.enabled }} - ## SSH Server Configuration - stream { - server { - listen {{ .Values.nginx.ssh.internalPort }}; - proxy_pass {{ include "artifactory-ha.fullname" . }}:{{ .Values.artifactory.ssh.externalPort }}; - } - } - {{- end }} - - events { - worker_connections 1024; - } - http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - variables_hash_max_size 1024; - variables_hash_bucket_size 64; - server_names_hash_max_size 4096; - server_names_hash_bucket_size 128; - types_hash_max_size 2048; - types_hash_bucket_size 64; - proxy_read_timeout 2400s; - client_header_timeout 2400s; - client_body_timeout 2400s; - proxy_connect_timeout 75s; - proxy_send_timeout 2400s; - proxy_buffer_size 128k; - proxy_buffers 40 128k; - proxy_busy_buffers_size 128k; - proxy_temp_file_write_size 250m; - proxy_http_version 1.1; - client_body_buffer_size 128k; - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - log_format timing 'ip = $remote_addr ' - 'user = \"$remote_user\" ' - 'local_time = \"$time_local\" ' - 'host = $host ' - 'request = \"$request\" ' - 'status = $status ' - 'bytes = $body_bytes_sent ' - 'upstream = \"$upstream_addr\" ' - 'upstream_time = $upstream_response_time ' - 'request_time = $request_time ' - 'referer = \"$http_referer\" ' - 'UA = \"$http_user_agent\"'; - access_log {{ .Values.nginx.persistence.mountPath }}/logs/access.log timing; - sendfile on; - #tcp_nopush on; - keepalive_timeout 65; - #gzip on; - include /etc/nginx/conf.d/*.conf; - } - - artifactoryConf: | - {{- if .Values.nginx.https.enabled }} - ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; - ssl_certificate {{ .Values.nginx.persistence.mountPath }}/ssl/tls.crt; - ssl_certificate_key {{ .Values.nginx.persistence.mountPath }}/ssl/tls.key; - ssl_session_cache shared:SSL:1m; - ssl_prefer_server_ciphers on; - {{- end }} - ## server configuration - server { - {{- if .Values.nginx.internalPortHttps }} - listen {{ .Values.nginx.internalPortHttps }} ssl; - {{- else -}} - {{- if .Values.nginx.https.enabled }} - listen {{ .Values.nginx.https.internalPort }} ssl; - {{- end }} - {{- end }} - {{- if .Values.nginx.internalPortHttp }} - listen {{ .Values.nginx.internalPortHttp }}; - {{- else -}} - {{- if .Values.nginx.http.enabled }} - listen {{ .Values.nginx.http.internalPort }}; - {{- end }} - {{- end }} - server_name ~(?.+)\.{{ include "artifactory-ha.fullname" . }} {{ include "artifactory-ha.fullname" . }} - {{- range .Values.ingress.hosts -}} - {{- if contains "." . -}} - {{ "" | indent 0 }} ~(?.+)\.{{ . }} - {{- end -}} - {{- end -}}; - if ($http_x_forwarded_proto = '') { - set $http_x_forwarded_proto $scheme; - } - ## Application specific logs - ## access_log /var/log/nginx/artifactory-access.log timing; - ## error_log /var/log/nginx/artifactory-error.log; - rewrite ^/artifactory/?$ / redirect; - if ( $repo != "" ) { - rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/$repo/$1/$2 break; - } - chunked_transfer_encoding on; - client_max_body_size 0; - - location / { - proxy_read_timeout 900; - proxy_pass_header Server; - proxy_cookie_path ~*^/.* /; - proxy_pass {{ include "artifactory-ha.scheme" . }}://{{ include "artifactory-ha.fullname" . }}:{{ .Values.artifactory.externalPort }}/; - {{- if .Values.nginx.service.ssloffload}} - proxy_set_header X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host; - {{- else }} - proxy_set_header X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host:$server_port; - proxy_set_header X-Forwarded-Port $server_port; - {{- end }} - proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - add_header Strict-Transport-Security always; - - location /artifactory/ { - if ( $request_uri ~ ^/artifactory/(.*)$ ) { - proxy_pass {{ include "artifactory-ha.scheme" . }}://{{ include "artifactory-ha.fullname" . }}:{{ .Values.artifactory.externalArtifactoryPort }}/artifactory/$1; - } - proxy_pass {{ include "artifactory-ha.scheme" . }}://{{ include "artifactory-ha.fullname" . }}:{{ .Values.artifactory.externalArtifactoryPort }}/artifactory/; - } - } - } - - service: - ## For minikube, set this to NodePort, elsewhere use LoadBalancer - type: LoadBalancer - ssloffload: false - ## For supporting whitelist on the Nginx LoadBalancer service - ## Set this to a list of IP CIDR ranges - ## Example: loadBalancerSourceRanges: ['10.10.10.5/32', '10.11.10.5/32'] - ## or pass from helm command line - ## Example: helm install ... --set nginx.service.loadBalancerSourceRanges='{10.10.10.5/32,10.11.10.5/32}' - loadBalancerSourceRanges: [] - ## Provide static ip address - loadBalancerIP: - ## There are two available options: “Cluster” (default) and “Local”. - externalTrafficPolicy: Cluster - labels: {} - # label-key: label-value - http: - enabled: true - externalPort: 80 - internalPort: 80 - https: - enabled: true - externalPort: 443 - internalPort: 443 - # DEPRECATED: The following will be replaced by L1065-L1076 in a future release - # externalPortHttp: 80 - # internalPortHttp: 80 - # externalPortHttps: 443 - # internalPortHttps: 443 - - ssh: - internalPort: 1339 - externalPort: 1339 - - ## The following settings are to configure the frequency of the liveness and readiness probes - livenessProbe: - enabled: true - path: /router/api/v1/system/health - initialDelaySeconds: 0 - failureThreshold: 10 - timeoutSeconds: 5 - periodSeconds: 10 - successThreshold: 1 - - readinessProbe: - enabled: true - path: /router/api/v1/system/health - initialDelaySeconds: 0 - failureThreshold: 10 - timeoutSeconds: 5 - periodSeconds: 10 - successThreshold: 1 - - startupProbe: - enabled: true - path: /router/api/v1/system/health - initialDelaySeconds: 30 - failureThreshold: 60 - periodSeconds: 5 - timeoutSeconds: 5 - - ## The SSL secret that will be used by the Nginx pod - # tlsSecretName: chart-example-tls - ## Custom ConfigMap for nginx.conf - customConfigMap: - ## Custom ConfigMap for artifactory.conf - customArtifactoryConfigMap: - persistence: - mountPath: "/var/opt/jfrog/nginx" - enabled: false - ## A manually managed Persistent Volume and Claim - ## Requires persistence.enabled: true - ## If defined, PVC must be created manually before volume will be bound - # existingClaim: - - accessMode: ReadWriteOnce - size: 5Gi - ## nginx data Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - # storageClassName: "-" - resources: {} - # requests: - # memory: "250Mi" - # cpu: "100m" - # limits: - # memory: "250Mi" - # cpu: "500m" - - nodeSelector: {} - - tolerations: [] - - affinity: {} - -# Filebeat Sidecar container -## The provided filebeat configuration is for Artifactory logs. It assumes you have a logstash installed and configured properly. -filebeat: - enabled: false - name: artifactory-filebeat - image: - repository: "docker.elastic.co/beats/filebeat" - version: 7.9.2 - logstashUrl: "logstash:5044" - - terminationGracePeriod: 10 - - livenessProbe: - exec: - command: - - sh - - -c - - | - #!/usr/bin/env bash -e - curl --fail 127.0.0.1:5066 - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 5 - - readinessProbe: - exec: - command: - - sh - - -c - - | - #!/usr/bin/env bash -e - filebeat test output - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 5 - - resources: {} -# requests: -# memory: "100Mi" -# cpu: "100m" -# limits: -# memory: "100Mi" -# cpu: "100m" - - filebeatYml: | - logging.level: info - path.data: {{ .Values.artifactory.persistence.mountPath }}/log/filebeat - name: artifactory-filebeat - queue.spool: ~ - filebeat.inputs: - - type: log - enabled: true - close_eof: ${CLOSE:false} - paths: - - {{ .Values.artifactory.persistence.mountPath }}/log/*.log - fields: - service: "jfrt" - log_type: "artifactory" - output: - logstash: - hosts: ["{{ .Values.filebeat.logstashUrl }}"] - -## Allows to add additional kubernetes resources -## Use --- as a separator between multiple resources -## For an example, refer - https://github.com/jfrog/log-analytics-prometheus/blob/master/artifactory-ha-values.yaml -additionalResources: | - -# Adding entries to a Pod's /etc/hosts file -# For an example, refer - https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases -hostAliases: [] -# - ip: "127.0.0.1" -# hostnames: -# - "foo.local" -# - "bar.local" -# - ip: "10.1.2.3" -# hostnames: -# - "foo.remote" -# - "bar.remote" diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/.helmignore b/charts/artifactory-ha/artifactory-ha/4.7.600/.helmignore deleted file mode 100755 index c7eb1e274..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -OWNERS \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/CHANGELOG.md b/charts/artifactory-ha/artifactory-ha/4.7.600/CHANGELOG.md deleted file mode 100755 index d39066f5a..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/CHANGELOG.md +++ /dev/null @@ -1,989 +0,0 @@ -# JFrog Artifactory-ha Chart Changelog -All changes to this chart will be documented in this file - -## [4.7.6] - Jan 11, 2020 -* Updated Artifactory version to 7.12.6 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.12.6) - -## [4.7.5] - Jan 07, 2020 -* Added support for optional tracker dedicated ingress `.Values.artifactory.replicator.trackerIngress.enabled` (defaults to false) - -## [4.7.4] - Jan 04, 2020 -* Fixed gid support for statefulset - -## [4.7.3] - Dec 31, 2020 -* Added gid support for statefulset -* Add setSecurityContext flag to allow securityContext block to be removed from artifactory statefulset - -## [4.7.2] - Dec 29, 2020 -* **Important:** Removed `.Values.metrics` and `.Values.fluentd` (Fluentd and Prometheus integrations) -* Add support for creating additional kubernetes resources - [refer here](https://github.com/jfrog/log-analytics-prometheus/blob/master/artifactory-ha-values.yaml) -* Updated Artifactory version to 7.12.5 - -## [4.7.1] - Dec 21, 2020 -* Updated Artifactory version to 7.12.3 - -## [4.7.0] - Dec 18, 2020 -* Updated Artifactory version to 7.12.2 -* Added `.Values.artifactory.openMetrics.enabled` - -## [4.6.1] - Dec 11, 2020 -* Added configurable `.Values.global.versions.artifactory` in values.yaml - -## [4.6.0] - Dec 10, 2020 -* Update postgresql tag version to `12.5.0-debian-10-r25` -* Fixed `artifactory.persistence.googleStorage.endpoint` from `storage.googleapis.com` to `commondatastorage.googleapis.com` -* Updated chart maintainers email - -## [4.5.5] - Dec 4, 2020 -* **Important:** Renamed `.Values.systemYaml` to `.Values.systemYamlOverride` - -## [4.5.4] - Dec 1, 2020 -* Improve error message returned when attempting helm upgrade command - -## [4.5.3] - Nov 30, 2020 -* Updated Artifactory version to 7.11.5 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.11) - -# [4.5.2] - Nov 23, 2020 -* Updated Artifactory version to 7.11.2 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.11) -* Updated port namings on services and pods to allow for istio protocol discovery -* Change semverCompare checks to support hosted Kubernetes -* Add flag to disable creation of ServiceMonitor when enabling prometheus metrics -* Prevent the PostHook command to be executed if the user did not specify a command in the values file -* Fix issue with tls file generation when nginx.https.enabled is false - -## [4.5.1] - Nov 19, 2020 -* Updated Artifactory version to 7.11.2 -* Bugfix - access.config.import.xml override Access Federation configurations - -## [4.5.0] - Nov 17, 2020 -* Updated Artifactory version to 7.11.1 -* Update alpine tag version to `3.12.1` - -## [4.4.6] - Nov 10, 2020 -* Pass system.yaml via external secret for advanced usecases -* Added support for custom ingress -* Bugfix - stateful set not picking up changes to database secrets - -## [4.4.5] - Nov 9, 2020 -* Updated Artifactory version to 7.10.6 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.10.6) - -## [4.4.4] - Nov 2, 2020 -* Add enablePathStyleAccess property for aws-s3-v3 binary provider template - -## [4.4.3] - Nov 2, 2020 -* Updated Artifactory version to 7.10.5 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.10.5) - -## [4.4.2] - Oct 22, 2020 -* Chown bug fix where Linux capability cannot chown all files causing log line warnings -* Fix Frontend timeout linting issue - -## [4.4.1] - Oct 20, 2020 -* Add flag to disable prepare-custom-persistent-volume init container - -## [4.4.0] - Oct 19, 2020 -* Updated Artifactory version to 7.10.2 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.10.2) - -## [4.3.4] - Oct 19, 2020 -* Add support to specify priorityClassName for nginx deployment - -## [4.3.3] - Oct 15, 2020 -* Fixed issue with node PodDisruptionBudget which also getting applied on the primary -* Fix mandatory masterKey check issue when upgrading from 6.x to 7.x - -## [4.3.2] - Oct 14, 2020 -* Add support to allow more than 1 Primary in Artifactory-ha STS - -## [4.3.1] - Oct 9, 2020 -* Add global support for customInitContainersBegin - -## [4.3.0] - Oct 07, 2020 -* Updated Artifactory version to 7.9.1 -* **Breaking change:** Fix `storageClass` to correct `storageClassName` in values.yaml - -## [4.2.0] - Oct 5, 2020 -* Expose Prometheus metrics via a ServiceMonitor -* Parse log files for metric data with Fluentd - -## [4.1.0] - Sep 30, 2020 -* Updated Artifactory version to 7.9.0 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.9) - -## [4.0.12] - Sep 25, 2020 -* Update to use linux capability CAP_CHOWN instead of root base init container to avoid any use of root containers to pass Redhat security requirements - -## [4.0.11] - Sep 28, 2020 -* Setting chart coordinates in migitation yaml - -## [4.0.10] - Sep 25, 2020 -* Update filebeat version to `7.9.2` - -## [4.0.9] - Sep 24, 2020 -* Fixed broken issue - when setting `waitForDatabase:false` container startup still waits for DB - -## [4.0.8] - Sep 22, 2020 -* Updated readme - -## [4.0.7] - Sep 22, 2020 -* Fix lint issue in migitation yaml - -## [4.0.6] - Sep 22, 2020 -* Fix broken migitation yaml - -## [4.0.5] - Sep 21, 2020 -* Added mitigation yaml for Artifactory - [More info](https://github.com/jfrog/chartcenter/blob/master/docs/securitymitigationspec.md) - -## [4.0.4] - Sep 17, 2020 -* Added configurable session(UI) timeout in frontend microservice - -## [4.0.3] - Sep 17, 2020 -* Fix small typo in README and added proper required text to be shown while postgres upgrades - -## [4.0.2] - Sep 14, 2020 -* Updated Artifactory version to 7.7.8 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.7.8) - -## [4.0.1] - Sep 8, 2020 -* Added support for artifactory pro license (single node) installation. - -## [4.0.0] - Sep 2, 2020 -* **Breaking change:** Changed `imagePullSecrets` value from string to list -* **Breaking change:** Added `image.registry` and changed `image.version` to `image.tag` for docker images -* Added support for global values -* Updated maintainers in chart.yaml -* Update postgresql tag version to `12.3.0-debian-10-r71` -* Update postgresqlsub chart version to `9.3.4` - [9.x Upgrade Notes](https://github.com/bitnami/charts/tree/master/bitnami/postgresql#900) -* **IMPORTANT** -* If this is a new deployment or you already use an external database (`postgresql.enabled=false`), these changes **do not affect you**! -* If this is an upgrade and you are using the default PostgreSQL (`postgresql.enabled=true`), you need to pass previous 9.x/10.x's postgresql.image.tag and databaseUpgradeReady=true. - -## [3.1.0] - Aug 13, 2020 -* Updated Artifactory version to 7.7.3 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.7) - -## [3.0.15] - Aug 10, 2020 -* Added enableSignedUrlRedirect for persistent storage type aws-s3-v3. - -## [3.0.14] - Jul 31, 2020 -* Update the README section on Nginx SSL termination to reflect the actual YAML structure. - -## [3.0.13] - Jul 30, 2020 -* Added condition to disable the migration scripts. - -## [3.0.12] - Jul 29, 2020 -* Document Artifactory node affinity. - -## [3.0.11] - Jul 28, 2020 -* Added maxConnections for persistent storage type aws-s3-v3. - -## [3.0.10] - Jul 28, 2020 -Bugfix / support for userPluginSecrets with Artifactory 7 - -## [3.0.9] - Jul 27, 2020 -* Add tpl to external database secrets. -* Modified `scheme` to `artifactory-ha.scheme` - -## [3.0.8] - Jul 23, 2020 -* Added condition to disable the migration init container. - -## [3.0.7] - Jul 21, 2020 -* Updated Artifactory-ha Chart to add node and primary labels to pods and service objects. - -## [3.0.6] - Jul 20, 2020 -* Support custom CA and certificates - -## [3.0.5] - Jul 13, 2020 -* Updated Artifactory version to 7.6.3 - https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.6.3 -* Fixed Mysql database jar path in `preStartCommand` in README - -## [3.0.4] - Jul 8, 2020 -* Move some postgresql values to where they should be according to the subchart - -## [3.0.3] - Jul 8, 2020 -* Set Artifactory access client connections to the same value as the access threads. - -## [3.0.2] - Jul 6, 2020 -* Updated Artifactory version to 7.6.2 -* **IMPORTANT** -* Added ChartCenter Helm repository in README - -## [3.0.1] - Jul 01, 2020 -* Add dedicated ingress object for Replicator service when enabled - -## [3.0.0] - Jun 30, 2020 -* Update postgresql tag version to `10.13.0-debian-10-r38` -* Update alpine tag version to `3.12` -* Update busybox tag version to `1.31.1` -* **IMPORTANT** -* If this is a new deployment or you already use an external database (`postgresql.enabled=false`), these changes **do not affect you**! -* If this is an upgrade and you are using the default PostgreSQL (`postgresql.enabled=true`), you need to pass postgresql.image.tag=9.6.18-debian-10-r7 and databaseUpgradeReady=true - -## [2.6.0] - Jun 29, 2020 -* Updated Artifactory version to 7.6.1 - https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.6.1 -* Add tpl for external database secrets - -## [2.5.8] - Jun 25, 2020 -* Stop loading the Nginx stream module because it is now a core module - -## [2.5.7] - Jun 18, 2020 -* Fixes bootstrap configMap issue on member node - -## [2.5.6] - Jun 11, 2020 -* Support list of custom secrets - -## [2.5.5] - Jun 11, 2020 -* NOTES.txt fixed incorrect information - -## [2.5.4] - Jun 12, 2020 -* Updated Artifactory version to 7.5.7 - https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.5.7 - -## [2.5.3] - Jun 8, 2020 -* Statically setting primary service type to ClusterIP. -* Prevents primary service from being exposed publicly when using LoadBalancer type on cloud providers. - -## [2.5.2] - Jun 8, 2020 -* Readme update - configuring Artifactory with oracledb - -## [2.5.1] - Jun 5, 2020 -* Fixes broken PDB issue upgrading from 6.x to 7.x - -## [2.5.0] - Jun 1, 2020 -* Updated Artifactory version to 7.5.5 - https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.5 -* Fixes bootstrap configMap permission issue -* Update postgresql tag version to `9.6.18-debian-10-r7` - -## [2.4.10] - May 27, 2020 -* Added Tomcat maxThreads & acceptCount - -## [2.4.9] - May 25, 2020 -* Fixed postgresql README `image` Parameters - -## [2.4.8] - May 24, 2020 -* Fixed typo in README regarding migration timeout - -## [2.4.7] - May 19, 2020 -* Added metadata maxOpenConnections - -## [2.4.6] - May 07, 2020 -* Fix `installerInfo` string format - -## [2.4.5] - Apr 27, 2020 -* Updated Artifactory version to 7.4.3 - -## [2.4.4] - Apr 27, 2020 -* Change customInitContainers order to run before the "migration-ha-artifactory" initContainer - -## [2.4.3] - Apr 24, 2020 -* Fix `artifactory.persistence.awsS3V3.useInstanceCredentials` incorrect conditional logic -* Bump postgresql tag version to `9.6.17-debian-10-r72` in values.yaml - -## [2.4.2] - Apr 16, 2020 -* Custom volume mounts in migration init container. - -## [2.4.1] - Apr 16, 2020 -* Fix broken support for gcpServiceAccount for googleStorage - -## [2.4.0] - Apr 14, 2020 -* Updated Artifactory version to 7.4.1 - -## [2.3.1] - April 13, 2020 -* Update README with helm v3 commands - -## [2.3.0] - April 10, 2020 -* Use dependency charts from `https://charts.bitnami.com/bitnami` -* Bump postgresql chart version to `8.7.3` in requirements.yaml -* Bump postgresql tag version to `9.6.17-debian-10-r21` in values.yaml - -## [2.2.11] - Apr 8, 2020 -* Added recommended ingress annotation to avoid 413 errors - -## [2.2.10] - Apr 8, 2020 -* Moved migration scripts under `files` directory -* Support preStartCommand in migration Init container as `artifactory.migration.preStartCommand` - -## [2.2.9] - Apr 01, 2020 -* Support masterKey and joinKey as secrets - -## [2.2.8] - Apr 01, 2020 -* Ensure that the join key is also copied when provided by an external secret -* Migration container in primary and node statefulset now respects custom versions and the specified node/primary resources - -## [2.2.7] - Apr 01, 2020 -* Added cache-layer in chain definition of Google Cloud Storage template -* Fix readme use to `-hex 32` instead of `-hex 16` - -## [2.2.6] - Mar 31, 2020 -* Change the way the artifactory `command:` is set so it will properly pass a SIGTERM to java - -## [2.2.5] - Mar 31, 2020 -* Removed duplicate `artifactory-license` volume from primary node - -## [2.2.4] - Mar 31, 2020 -* Restore `artifactory-license` volume for the primary node - -## [2.2.3] - Mar 29, 2020 -* Add Nginx log options: stderr as logfile and log level - -## [2.2.2] - Mar 30, 2020 -* Apply initContainers.resources to `copy-system-yaml`, `prepare-custom-persistent-volume`, and `migration-artifactory-ha` containers -* Use the same defaulting mechanism used for the artifactory version used elsewhere in the chart -* Removed duplicate `artifactory-license` volume that prevented using an external secret - -## [2.2.1] - Mar 29, 2020 -* Fix loggers sidecars configurations to support new file system layout and new log names - -## [2.2.0] - Mar 29, 2020 -* Fix broken admin user bootstrap configuration -* **Breaking change:** renamed `artifactory.accessAdmin` to `artifactory.admin` - -## [2.1.3] - Mar 24, 2020 -* Use `postgresqlExtendedConf` for setting custom PostgreSQL configuration (instead of `postgresqlConfiguration`) - -## [2.1.2] - Mar 21, 2020 -* Support for SSL offload in Nginx service(LoadBalancer) layer. Introduced `nginx.service.ssloffload` field with boolean type. - -## [2.1.1] - Mar 23, 2020 -* Moved installer info to values.yaml so it is fully customizable - -## [2.1.0] - Mar 23, 2020 -* Updated Artifactory version to 7.3.2 - -## [2.0.36] - Mar 20, 2020 -* Add support GCP credentials.json authentication - -## [2.0.35] - Mar 20, 2020 -* Add support for masterKey trim during 6.x to 7.x migration if 6.x masterKey is 32 hex (64 characters) - -## [2.0.34] - Mar 19, 2020 -* Add support for NFS directories `haBackupDir` and `haDataDir` - -## [2.0.33] - Mar 18, 2020 -* Increased Nginx proxy_buffers size - -## [2.0.32] - Mar 17, 2020 -* Changed all single quotes to double quotes in values files -* useInstanceCredentials variable was declared in S3 settings but not used in chart. Now it is being used. - -## [2.0.31] - Mar 17, 2020 -* Fix rendering of Service Account annotations - -## [2.0.30] - Mar 16, 2020 -* Add Unsupported message from 6.18 to 7.2.x (migration) - -## [2.0.29] - Mar 11, 2020 -* Upgrade Docs update - -## [2.0.28] - Mar 11, 2020 -* Unified charts public release - -## [2.0.27] - Mar 8, 2020 -* Add an optional wait for primary node to be ready with a proper test for http status - -## [2.0.23] - Mar 6, 2020 -* Fix path to `/artifactory_bootstrap` -* Add support for controlling the name of the ingress and allow to set more than one cname - -## [2.0.22] - Mar 4, 2020 -* Add support for disabling `consoleLog` in `system.yaml` file - -## [2.0.21] - Feb 28, 2020 -* Add support to process `valueFrom` for extraEnvironmentVariables - -## [2.0.20] - Feb 26, 2020 -* Store join key to secret - -## [2.0.19] - Feb 26, 2020 -* Updated Artifactory version to 7.2.1 - -## [2.0.12] - Feb 07, 2020 -* Remove protection flag `databaseUpgradeReady` which was added to check internal postgres upgrade - -## [2.0.0] - Feb 07, 2020 -* Updated Artifactory version to 7.0.0 - -## [1.4.10] - Feb 13, 2020 -* Add support for SSH authentication to Artifactory - -## [1.4.9] - Feb 10, 2020 -* Fix custom DB password indention - -## [1.4.8] - Feb 9, 2020 -* Add support for `tpl` in the `postStartCommand` - -## [1.4.7] - Feb 4, 2020 -* Support customisable Nginx kind - -## [1.4.6] - Feb 2, 2020 -* Add a comment stating that it is recommended to use an external PostgreSQL with a static password for production installations - -## [1.4.5] - Feb 2, 2020 -* Add support for primary or member node specific preStartCommand - -## [1.4.4] - Jan 30, 2020 -* Add the option to configure resources for the logger containers - -## [1.4.3] - Jan 26, 2020 -* Improve `database.user` and `database.password` logic in order to support more use cases and make the configuration less repetitive - -## [1.4.2] - Jan 22, 2020 -* Refined pod disruption budgets to separate nginx and Artifactory pods - -## [1.4.1] - Jan 19, 2020 -* Fix replicator port config in nginx replicator configmap - -## [1.4.0] - Jan 19, 2020 -* Updated Artifactory version to 6.17.0 - -## [1.3.8] - Jan 16, 2020 -* Added example for external nginx-ingress - -## [1.3.7] - Jan 07, 2020 -* Add support for customizable `mountOptions` of NFS PVs - -## [1.3.6] - Dec 30, 2019 -* Fix for nginx probes failing when launched with http disabled - -## [1.3.5] - Dec 24, 2019 -* Better support for custom `artifactory.internalPort` - -## [1.3.4] - Dec 23, 2019 -* Mark empty map values with `{}` - -## [1.3.3] - Dec 16, 2019 -* Another fix for toggling nginx service ports - -## [1.3.2] - Dec 12, 2019 -* Fix for toggling nginx service ports - -## [1.3.1] - Dec 10, 2019 -* Add support for toggling nginx service ports - -## [1.3.0] - Dec 1, 2019 -* Updated Artifactory version to 6.16.0 - -## [1.2.4] - Nov 28, 2019 -* Add support for using existing PriorityClass - -## [1.2.3] - Nov 27, 2019 -* Add support for PriorityClass - -## [1.2.2] - Nov 20, 2019 -* Update Artifactory logo - -## [1.2.1] - Nov 18, 2019 -* Add the option to provide service account annotations (in order to support stuff like https://docs.aws.amazon.com/eks/latest/userguide/specify-service-account-role.html) - -## [1.2.0] - Nov 18, 2019 -* Updated Artifactory version to 6.15.0 - -## [1.1.12] - Nov 17, 2019 -* Fix `README.md` format (broken table) - -## [1.1.11] - Nov 17, 2019 -* Update comment on Artifactory master key - -## [1.1.10] - Nov 17, 2019 -* Fix creation of double slash in nginx artifactory configuration - -## [1.1.9] - Nov 14, 2019 -* Set explicit `postgresql.postgresqlPassword=""` to avoid helm v3 error - -## [1.1.8] - Nov 12, 2019 -* Updated Artifactory version to 6.14.1 - -## [1.1.7] - Nov 11, 2019 -* Additional documentation for masterKey - -## [1.1.6] - Nov 10, 2019 -* Update PostgreSQL chart version to 7.0.1 -* Use formal PostgreSQL configuration format - -## [1.1.5] - Nov 8, 2019 -* Add support `artifactory.service.loadBalancerSourceRanges` for whitelisting when setting `artifactory.service.type=LoadBalancer` - -## [1.1.4] - Nov 6, 2019 -* Add support for any type of environment variable by using `extraEnvironmentVariables` as-is - -## [1.1.3] - Nov 6, 2019 -* Add nodeselector support for Postgresql - -## [1.1.2] - Nov 5, 2019 -* Add support for the aws-s3-v3 filestore, which adds support for pod IAM roles - -## [1.1.1] - Nov 4, 2019 -* When using `copyOnEveryStartup`, make sure that the target base directories are created before copying the files - -## [1.1.0] - Nov 3, 2019 -* Updated Artifactory version to 6.14.0 - -## [1.0.1] - Nov 3, 2019 -* Make sure the artifactory pod exits when one of the pre-start stages fail - -## [1.0.0] - Oct 27, 2019 -**IMPORTANT - BREAKING CHANGES!**
-**DOWNTIME MIGHT BE REQUIRED FOR AN UPGRADE!** -* If this is a new deployment or you already use an external database (`postgresql.enabled=false`), these changes **do not affect you**! -* If this is an upgrade and you are using the default PostgreSQL (`postgresql.enabled=true`), must use the upgrade instructions in [UPGRADE_NOTES.md](UPGRADE_NOTES.md)! -* PostgreSQL sub chart was upgraded to version `6.5.x`. This version is **not backward compatible** with the old version (`0.9.5`)! -* Note the following **PostgreSQL** Helm chart changes - * The chart configuration has changed! See [values.yaml](values.yaml) for the new keys used - * **PostgreSQL** is deployed as a StatefulSet - * See [PostgreSQL helm chart](https://hub.helm.sh/charts/stable/postgresql) for all available configurations - -## [0.17.3] - Oct 24, 2019 -* Change the preStartCommand to support templating - -## [0.17.2] - Oct 21, 2019 -* Add support for setting `artifactory.primary.labels` -* Add support for setting `artifactory.node.labels` -* Add support for setting `nginx.labels` - -## [0.17.1] - Oct 10, 2019 -* Updated Artifactory version to 6.13.1 - -## [0.17.0] - Oct 7, 2019 -* Updated Artifactory version to 6.13.0 - -## [0.16.7] - Sep 24, 2019 -* Option to skip wait-for-db init container with '--set waitForDatabase=false' - -## [0.16.6] - Sep 24, 2019 -* Add support for setting `nginx.service.labels` - -## [0.16.5] - Sep 23, 2019 -* Add support for setting `artifactory.customInitContainersBegin` - -## [0.16.4] - Sep 20, 2019 -* Add support for setting `initContainers.resources` - -## [0.16.3] - Sep 11, 2019 -* Updated Artifactory version to 6.12.2 - -## [0.16.2] - Sep 9, 2019 -* Updated Artifactory version to 6.12.1 - -## [0.16.1] - Aug 22, 2019 -* Fix the nginx server_name directive used with ingress.hosts - -## [0.16.0] - Aug 21, 2019 -* Updated Artifactory version to 6.12.0 - -## [0.15.15] - Aug 18, 2019 -* Fix existingSharedClaim permissions issue and example - -## [0.15.14] - Aug 14, 2019 -* Updated Artifactory version to 6.11.6 - -## [0.15.13] - Aug 11, 2019 -* Fix Ingress routing and add an example - -## [0.15.12] - Aug 6, 2019 -* Do not mount `access/etc/bootstrap.creds` unless user specifies a custom password or secret (Access already generates a random password if not provided one) -* If custom `bootstrap.creds` is provided (using keys or custom secret), prepare it with an init container so the temp file does not persist - -## [0.15.11] - Aug 5, 2019 -* Improve binarystore config - 1. Convert to a secret - 2. Move config to values.yaml - 3. Support an external secret - -## [0.15.10] - Aug 5, 2019 -* Don't create the nginx configmaps when nginx.enabled is false - -## [0.15.9] - Aug 1, 2019 -* Fix masterkey/masterKeySecretName not specified warning render logic in NOTES.txt - -## [0.15.8] - Jul 28, 2019 -* Simplify nginx setup and shorten initial wait for probes - -## [0.15.7] - Jul 25, 2019 -* Updated README about how to apply Artifactory licenses - -## [0.15.6] - Jul 22, 2019 -* Change Ingress API to be compatible with recent kubernetes versions - -## [0.15.5] - Jul 22, 2019 -* Updated Artifactory version to 6.11.3 - -## [0.15.4] - Jul 11, 2019 -* Add `artifactory.customVolumeMounts` support to member node statefulset template - -## [0.15.3] - Jul 11, 2019 -* Add ingress.hosts to the Nginx server_name directive when ingress is enabled to help with Docker repository sub domain configuration - -## [0.15.2] - Jul 3, 2019 -* Add the option for changing nginx config using values.yaml and remove outdated reverse proxy documentation - -## [0.15.1] - Jul 1, 2019 -* Updated Artifactory version to 6.11.1 - -## [0.15.0] - Jun 27, 2019 -* Updated Artifactory version to 6.11.0 and Restart Primary node when bootstrap.creds file has been modified in artifactory-ha - -## [0.14.4] - Jun 24, 2019 -* Add the option to provide an IP for the access-admin endpoints - -## [0.14.3] - Jun 24, 2019 -* Update chart maintainers - -## [0.14.2] - Jun 24, 2019 -* Change Nginx to point to the artifactory externalPort - -## [0.14.1] - Jun 23, 2019 -* Add values files for small, medium and large installations - -## [0.14.0] - Jun 20, 2019 -* Use ConfigMaps for nginx configuration and remove nginx postStart command - -## [0.13.10] - Jun 19, 2019 -* Updated Artifactory version to 6.10.4 - -## [0.13.9] - Jun 18, 2019 -* Add the option to provide additional ingress rules - -## [0.13.8] - Jun 14, 2019 -* Updated readme with improved external database setup example - -## [0.13.7] - Jun 6, 2019 -* Updated Artifactory version to 6.10.3 -* Updated installer-info template - -## [0.13.6] - Jun 6, 2019 -* Updated Google Cloud Storage API URL and https settings - -## [0.13.5] - Jun 5, 2019 -* Delete the db.properties file on Artifactory startup - -## [0.13.4] - Jun 3, 2019 -* Updated Artifactory version to 6.10.2 - -## [0.13.3] - May 21, 2019 -* Updated Artifactory version to 6.10.1 - -## [0.13.2] - May 19, 2019 -* Fix missing logger image tag - -## [0.13.1] - May 15, 2019 -* Support `artifactory.persistence.cacheProviderDir` for on-premise cluster - -## [0.13.0] - May 7, 2019 -* Updated Artifactory version to 6.10.0 - -## [0.12.23] - May 5, 2019 -* Add support for setting `artifactory.async.corePoolSize` - -## [0.12.22] - May 2, 2019 -* Remove unused property `artifactory.releasebundle.feature.enabled` - -## [0.12.21] - Apr 30, 2019 -* Add support for JMX monitoring - -## [0.12.20] - Apr29, 2019 -* Added support for headless services - -## [0.12.19] - Apr 28, 2019 -* Added support for `cacheProviderDir` - -## [0.12.18] - Apr 18, 2019 -* Changing API StatefulSet version to `v1` and permission fix for custom `artifactory.conf` for Nginx - -## [0.12.17] - Apr 16, 2019 -* Updated documentation for Reverse Proxy Configuration - -## [0.12.16] - Apr 12, 2019 -* Added support for `customVolumeMounts` - -## [0.12.15] - Aprl 12, 2019 -* Added support for `bucketExists` flag for googleStorage - -## [0.12.14] - Apr 11, 2019 -* Replace `curl` examples with `wget` due to the new base image - -## [0.12.13] - Aprl 07, 2019 -* Add support for providing the Artifactory license as a parameter - -## [0.12.12] - Apr 10, 2019 -* Updated Artifactory version to 6.9.1 - -## [0.12.11] - Aprl 04, 2019 -* Add support for templated extraEnvironmentVariables - -## [0.12.10] - Aprl 07, 2019 -* Change network policy API group - -## [0.12.9] - Aprl 04, 2019 -* Apply the existing PVC for members (in addition to primary) - -## [0.12.8] - Aprl 03, 2019 -* Bugfix for userPluginSecrets - -## [0.12.7] - Apr 4, 2019 -* Add information about upgrading Artifactory with auto-generated postgres password - -## [0.12.6] - Aprl 03, 2019 -* Added installer info - -## [0.12.5] - Aprl 03, 2019 -* Allow secret names for user plugins to contain template language - -## [0.12.4] - Apr 02, 2019 -* Fix issue #253 (use existing PVC for data and backup storage) - -## [0.12.3] - Apr 02, 2019 -* Allow NetworkPolicy configurations (defaults to allow all) - -## [0.12.2] - Aprl 01, 2019 -* Add support for user plugin secret - -## [0.12.1] - Mar 26, 2019 -* Add the option to copy a list of files to ARTIFACTORY_HOME on startup - -## [0.12.0] - Mar 26, 2019 -* Updated Artifactory version to 6.9.0 - -## [0.11.18] - Mar 25, 2019 -* Add CI tests for persistence, ingress support and nginx - -## [0.11.17] - Mar 22, 2019 -* Add the option to change the default access-admin password - -## [0.11.16] - Mar 22, 2019 -* Added support for `.Probe.path` to customise the paths used for health probes - -## [0.11.15] - Mar 21, 2019 -* Added support for `artifactory.customSidecarContainers` to create custom sidecar containers -* Added support for `artifactory.customVolumes` to create custom volumes - -## [0.11.14] - Mar 21, 2019 -* Make ingress path configurable - -## [0.11.13] - Mar 19, 2019 -* Move the copy of bootstrap config from postStart to preStart for Primary - -## [0.11.12] - Mar 19, 2019 -* Fix existingClaim example - -## [0.11.11] - Mar 18, 2019 -* Disable the option to use nginx PVC with more than one replica - -## [0.11.10] - Mar 15, 2019 -* Wait for nginx configuration file before using it - -## [0.11.9] - Mar 15, 2019 -* Revert securityContext changes since they were causing issues - -## [0.11.8] - Mar 15, 2019 -* Fix issue #247 (init container failing to run) - -## [0.11.7] - Mar 14, 2019 -* Updated Artifactory version to 6.8.7 - -## [0.11.6] - Mar 13, 2019 -* Move securityContext to container level - -## [0.11.5] - Mar 11, 2019 -* Add the option to use existing volume claims for Artifactory storage - -## [0.11.4] - Mar 11, 2019 -* Updated Artifactory version to 6.8.6 - -## [0.11.3] - Mar 5, 2019 -* Updated Artifactory version to 6.8.4 - -## [0.11.2] - Mar 4, 2019 -* Add support for catalina logs sidecars - -## [0.11.1] - Feb 27, 2019 -* Updated Artifactory version to 6.8.3 - -## [0.11.0] - Feb 25, 2019 -* Add nginx support for tail sidecars - -## [0.10.3] - Feb 21, 2019 -* Add s3AwsVersion option to awsS3 configuration for use with IAM roles - -## [0.10.2] - Feb 19, 2019 -* Updated Artifactory version to 6.8.2 - -## [0.10.1] - Feb 17, 2019 -* Updated Artifactory version to 6.8.1 -* Add example of `SERVER_XML_EXTRA_CONNECTOR` usage - -## [0.10.0] - Feb 15, 2019 -* Updated Artifactory version to 6.8.0 - -## [0.9.7] - Feb 13, 2019 -* Updated Artifactory version to 6.7.3 - -## [0.9.6] - Feb 7, 2019 -* Add support for tail sidecars to view logs from k8s api - -## [0.9.5] - Feb 6, 2019 -* Fix support for customizing statefulset `terminationGracePeriodSeconds` - -## [0.9.4] - Feb 5, 2019 -* Add support for customizing statefulset `terminationGracePeriodSeconds` - -## [0.9.3] - Feb 5, 2019 -* Remove the inactive server remove plugin - -## [0.9.2] - Feb 3, 2019 -* Updated Artifactory version to 6.7.2 - -## [0.9.1] - Jan 27, 2019 -* Fix support for Azure Blob Storage Binary provider - -## [0.9.0] - Jan 23, 2019 -* Updated Artifactory version to 6.7.0 - -## [0.8.10] - Jan 22, 2019 -* Added support for `artifactory.customInitContainers` to create custom init containers - -## [0.8.9] - Jan 18, 2019 -* Added support of values ingress.labels - -## [0.8.8] - Jan 16, 2019 -* Mount replicator.yaml (config) directly to /replicator_extra_conf - -## [0.8.7] - Jan 15, 2018 -* Add support for Azure Blob Storage Binary provider - -## [0.8.6] - Jan 13, 2019 -* Fix documentation about nginx group id - -## [0.8.5] - Jan 13, 2019 -* Updated Artifactory version to 6.6.5 - -## [0.8.4] - Jan 8, 2019 -* Make artifactory.replicator.publicUrl required when the replicator is enabled - -## [0.8.3] - Jan 1, 2019 -* Updated Artifactory version to 6.6.3 -* Add support for `artifactory.extraEnvironmentVariables` to pass more environment variables to Artifactory - -## [0.8.2] - Dec 28, 2018 -* Fix location `replicator.yaml` is copied to - -## [0.8.1] - Dec 27, 2018 -* Updated Artifactory version to 6.6.1 - -## [0.8.0] - Dec 20, 2018 -* Updated Artifactory version to 6.6.0 - -## [0.7.17] - Dec 17, 2018 -* Updated Artifactory version to 6.5.13 - -## [0.7.16] - Dec 12, 2018 -* Fix documentation about Artifactory license setup using secret - -## [0.7.15] - Dec 9, 2018 -* AWS S3 add `roleName` for using IAM role - -## [0.7.14] - Dec 6, 2018 -* AWS S3 `identity` and `credential` are now added only if have a value to allow using IAM role - -## [0.7.13] - Dec 5, 2018 -* Remove Distribution certificates creation. - -## [0.7.12] - Dec 2, 2018 -* Remove Java option "-Dartifactory.locking.provider.type=db". This is already the default setting. - -## [0.7.11] - Nov 30, 2018 -* Updated Artifactory version to 6.5.9 - -## [0.7.10] - Nov 29, 2018 -* Fixed the volumeMount for the replicator.yaml - -## [0.7.9] - Nov 29, 2018 -* Optionally include primary node into poddisruptionbudget - -## [0.7.8] - Nov 29, 2018 -* Updated postgresql version to 9.6.11 - -## [0.7.7] - Nov 27, 2018 -* Updated Artifactory version to 6.5.8 - -## [0.7.6] - Nov 18, 2018 -* Added support for configMap to use custom Reverse Proxy Configuration with Nginx - -## [0.7.5] - Nov 14, 2018 -* Updated Artifactory version to 6.5.3 - -## [0.7.4] - Nov 13, 2018 -* Allow pod anti-affinity settings to include primary node - -## [0.7.3] - Nov 12, 2018 -* Support artifactory.preStartCommand for running command before entrypoint starts - -## [0.7.2] - Nov 7, 2018 -* Support database.url parameter (DB_URL) - -## [0.7.1] - Oct 29, 2018 -* Change probes port to 8040 (so they will not be blocked when all tomcat threads on 8081 are exhausted) - -## [0.7.0] - Oct 28, 2018 -* Update postgresql chart to version 0.9.5 to be able and use `postgresConfig` options - -## [0.6.9] - Oct 23, 2018 -* Fix providing external secret for database credentials - -## [0.6.8] - Oct 22, 2018 -* Allow user to configure externalTrafficPolicy for Loadbalancer - -## [0.6.7] - Oct 22, 2018 -* Updated ingress annotation support (with examples) to support docker registry v2 - -## [0.6.6] - Oct 21, 2018 -* Updated Artifactory version to 6.5.2 - -## [0.6.5] - Oct 19, 2018 -* Allow providing pre-existing secret containing master key -* Allow arbitrary annotations on primary and member node pods -* Enforce size limits when using local storage with `emptyDir` -* Allow `soft` or `hard` specification of member node anti-affinity -* Allow providing pre-existing secrets containing external database credentials -* Fix `s3` binary store provider to properly use the `cache-fs` provider -* Allow arbitrary properties when using the `s3` binary store provider - -## [0.6.4] - Oct 18, 2018 -* Updated Artifactory version to 6.5.1 - -## [0.6.3] - Oct 17, 2018 -* Add Apache 2.0 license - -## [0.6.2] - Oct 14, 2018 -* Make S3 endpoint configurable (was hardcoded with `s3.amazonaws.com`) - -## [0.6.1] - Oct 11, 2018 -* Allows ingress default `backend` to be enabled or disabled (defaults to enabled) - -## [0.6.0] - Oct 11, 2018 -* Updated Artifactory version to 6.5.0 - -## [0.5.3] - Oct 9, 2018 -* Quote ingress hosts to support wildcard names - -## [0.5.2] - Oct 2, 2018 -* Add `helm repo add jfrog https://charts.jfrog.io` to README - -## [0.5.1] - Oct 2, 2018 -* Set Artifactory to 6.4.1 - -## [0.5.0] - Sep 27, 2018 -* Set Artifactory to 6.4.0 - -## [0.4.7] - Sep 26, 2018 -* Add ci/test-values.yaml - -## [0.4.6] - Sep 25, 2018 -* Add PodDisruptionBudget for member nodes, defaulting to minAvailable of 1 - -## [0.4.4] - Sep 2, 2018 -* Updated Artifactory version to 6.3.2 - -## [0.4.0] - Aug 22, 2018 -* Added support to run as non root -* Updated Artifactory version to 6.2.0 - -## [0.3.0] - Aug 22, 2018 -* Enabled RBAC Support -* Added support for PostStartCommand (To download Database JDBC connector) -* Increased postgresql max_connections -* Added support for `nginx.conf` ConfigMap -* Updated Artifactory version to 6.1.0 diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/Chart.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/Chart.yaml deleted file mode 100755 index a1f6b3dd9..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/Chart.yaml +++ /dev/null @@ -1,20 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: artifactory-ha -apiVersion: v1 -appVersion: 7.12.6 -description: Universal Repository Manager supporting all major packaging formats, build tools and CI servers. -home: https://www.jfrog.com/artifactory/ -icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory-ha/logo/artifactory-logo.png -keywords: -- artifactory -- jfrog -- devops -maintainers: -- email: installers@jfrog.com - name: Chart Maintainers at JFrog -name: artifactory-ha -sources: -- https://bintray.com/jfrog/product/JFrog-Artifactory-Pro/view -- https://github.com/jfrog/charts -version: 4.7.600 diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/LICENSE b/charts/artifactory-ha/artifactory-ha/4.7.600/LICENSE deleted file mode 100755 index 8dada3eda..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/LICENSE +++ /dev/null @@ -1,201 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "{}" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright {yyyy} {name of copyright owner} - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/README.md b/charts/artifactory-ha/artifactory-ha/4.7.600/README.md deleted file mode 100755 index 47fe4db80..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/README.md +++ /dev/null @@ -1,1267 +0,0 @@ -# JFrog Artifactory High Availability Helm Chart - -**Heads up: Our Helm Chart docs are moving to our main documentation site. For Artifactory installers, see [Installing Artifactory](https://www.jfrog.com/confluence/display/JFROG/Installing+Artifactory).** - -## Prerequisites Details - -* Kubernetes 1.12+ -* Artifactory HA license - -## Chart Details -This chart will do the following: - -* Deploy Artifactory highly available cluster. 1 primary node and 2 member nodes. -* Deploy a PostgreSQL database **NOTE:** For production grade installations it is recommended to use an external PostgreSQL -* Deploy an Nginx server - -## Artifactory HA architecture -The Artifactory HA cluster in this chart is made up of -- A single primary node -- Two member nodes, which can be resized at will - -Load balancing is done to the member nodes only. -This leaves the primary node free to handle jobs and tasks and not be interrupted by inbound traffic. -This can be controlled by the parameter `artifactory.service.pool`. -**NOTE:** - Using artifactory pro license (which supports single node only), set `artifactory.node.replicaCount=0` in values.yaml. - To scale from single node to multiple nodes(>1), use Enterprise(+) license and then do an helm upgrade (Each node need a seperate license). - -## Installing the Chart - -### Add ChartCenter Helm repository - -Before installing JFrog helm charts, you need to add the [ChartCenter helm repository](https://chartcenter.io) to your helm client - -```bash -helm repo add center https://repo.chartcenter.io -helm repo update -``` - -**NOTE:** Passing masterKey is mandatory for fresh install of chart (7.x Appversion) - -### Create a unique Master Key -Artifactory HA cluster requires a unique master key. - -**For production grade installations it is strongly recommended to use a custom master key. If you initially use the default master key it will be very hard to change the master key at a later stage** - -You should generate a unique one and pass it to the template at install/upgrade time. -```bash -# Create a key -export MASTER_KEY=$(openssl rand -hex 32) -echo ${MASTER_KEY} -``` - -### Install Chart -To install the chart with the release name `artifactory-ha`: - -```bash -helm upgrade --install artifactory-ha --set artifactory.masterKey=${MASTER_KEY} --namespace artifactory-ha center/jfrog/artifactory-ha -``` - -### System Configuration -Artifactory uses a common system configuration file - `system.yaml`. See [official documentation](https://www.jfrog.com/confluence/display/JFROG/System+YAML+Configuration+File) on its usage. -In order to override the default `system.yaml` configuration, do the following: -```bash -artifactory: - systemYaml: | - -``` - -### Deploying Artifactory for small/medium/large installations -In the chart directory, we have added three values files, one for each installation type - small/medium/large. These values files are recommendations for setting resources requests and limits for your installation. The values are derived from the following [documentation](https://www.jfrog.com/confluence/display/EP/Installing+on+Kubernetes#InstallingonKubernetes-Systemrequirements). You can find them in the corresponding chart directory - values-small.yaml, values-medium.yaml and values-large.yaml - -### Accessing Artifactory -**NOTE:** It might take a few minutes for Artifactory's public IP to become available, and the nodes to complete initial setup. -Follow the instructions outputted by the install command to get the Artifactory IP and URL to access it. - -### Updating Artifactory -Once you have a new chart version, you can update your deployment with -```bash -helm upgrade artifactory-ha --namespace artifactory-ha center/jfrog/artifactory-ha -``` - -If artifactory was installed without providing a value to postgresql.postgresqlPassword (a password was autogenerated), follow these instructions: -1. Get the current password by running: -```bash -POSTGRES_PASSWORD=$(kubectl get secret -n -postgresql -o jsonpath="{.data.postgresql-password}" | base64 --decode) -``` -2. Upgrade the release by passing the previously auto-generated secret: -```bash -helm upgrade --namespace artifactory-ha center/jfrog/artifactory-ha --set postgresql.postgresqlPassword=${POSTGRES_PASSWORD} -``` - -This will apply any configuration changes on your existing deployment. - -### Special Upgrade Notes -#### Artifactory upgrade from 6.x to 7.x (App Version) -Arifactory 6.x to 7.x upgrade requires a one time migration process. This is done automatically on pod startup if needed. -It's possible to configure the migration timeout with the following configuration in extreme cases. The provided default should be more than enough for completion of the migration. -```yaml -artifactory: - # Migration support from 6.x to 7.x - migration: - enabled: true - timeoutSeconds: 3600 -``` -* Note: If you are upgrading from 1.x to 4.x and above chart versions, please delete the existing statefulset of postgresql before upgrading the chart due to breaking changes in postgresql subchart. -```bash -kubectl delete statefulsets -postgresql -``` - -### Artifactory memory and CPU resources -The Artifactory HA Helm chart comes with support for configured resource requests and limits to all pods. By default, these settings are commented out. -It is **highly** recommended to set these so you have full control of the allocated resources and limits. - -See more information on [setting resources for your Artifactory based on planned usage](https://www.jfrog.com/confluence/display/RTF/System+Requirements#SystemRequirements-RecommendedHardware). - -```bash -# Example of setting resource requests and limits to all pods (including passing java memory settings to Artifactory) -helm upgrade --install artifactory-ha \ - --set artifactory.primary.resources.requests.cpu="500m" \ - --set artifactory.primary.resources.limits.cpu="2" \ - --set artifactory.primary.resources.requests.memory="1Gi" \ - --set artifactory.primary.resources.limits.memory="4Gi" \ - --set artifactory.primary.javaOpts.xms="1g" \ - --set artifactory.primary.javaOpts.xmx="4g" \ - --set artifactory.node.resources.requests.cpu="500m" \ - --set artifactory.node.resources.limits.cpu="2" \ - --set artifactory.node.resources.requests.memory="1Gi" \ - --set artifactory.node.resources.limits.memory="4Gi" \ - --set artifactory.node.javaOpts.xms="1g" \ - --set artifactory.node.javaOpts.xmx="4g" \ - --set initContainers.resources.requests.cpu="10m" \ - --set initContainers.resources.limits.cpu="250m" \ - --set initContainers.resources.requests.memory="64Mi" \ - --set initContainers.resources.limits.memory="128Mi" \ - --set postgresql.resources.requests.cpu="200m" \ - --set postgresql.resources.limits.cpu="1" \ - --set postgresql.resources.requests.memory="500Mi" \ - --set postgresql.resources.limits.memory="1Gi" \ - --set nginx.resources.requests.cpu="100m" \ - --set nginx.resources.limits.cpu="250m" \ - --set nginx.resources.requests.memory="250Mi" \ - --set nginx.resources.limits.memory="500Mi" \ - --namespace artifactory-ha center/jfrog/artifactory-ha -``` -> Artifactory java memory parameters can (and should) also be set to match the allocated resources with `artifactory.[primary|node].javaOpts.xms` and `artifactory.[primary|node].javaOpts.xmx`. - -Get more details on configuring Artifactory in the [official documentation](https://www.jfrog.com/confluence/). - -Although it is possible to set resources limits and requests this way, it is recommended to use the pre-built values files -for small, medium and large installation and change them according to your needs (if necessary), as described [here](#Deploying-Artifactory-for-small/medium/large-installations) - -### Deploying Artifactory for small/medium/large installations -In the chart directory, we have added three values files, one for each installation type - small/medium/large. These values files are recommendations for setting resources requests and limits for your installation. The values are derived from the following [documentation](https://www.jfrog.com/confluence/display/EP/Installing+on+Kubernetes#InstallingonKubernetes-Systemrequirements). You can find them in the corresponding chart directory - values-small.yaml, values-medium.yaml and values-large.yaml - -### Artifactory storage -Artifactory HA support a wide range of storage back ends. You can see more details on [Artifactory HA storage options](https://www.jfrog.com/confluence/display/RTF/HA+Installation+and+Setup#HAInstallationandSetup-SettingUpYourStorageConfiguration) - -In this chart, you set the type of storage you want with `artifactory.persistence.type` and pass the required configuration settings. -The default storage in this chart is the `file-system` replication, where the data is replicated to all nodes. - -> **IMPORTANT:** All storage configurations (except NFS) come with a default `artifactory.persistence.redundancy` parameter. -This is used to set how many replicas of a binary should be stored in the cluster's nodes. -Once this value is set on initial deployment, you can not update it using helm. -It is recommended to set this to a number greater than half of your cluster's size, and never scale your cluster down to a size smaller than this number. - -#### Existing volume claim - -###### Primary node -In order to use an existing volume claim for the Artifactory primary storage, you need to: -- Create a persistent volume claim by the name `volume--artifactory-ha-primary-0` e.g `volume-myrelease-artifactory-ha-primary-0` -- Pass a parameter to `helm install` and `helm upgrade` -```bash -... ---set artifactory.primary.persistence.existingClaim=true -``` - -###### Member nodes -In order to use an existing volume claim for the Artifactory member nodes storage, you need to: -- Create persistent volume claims according to the number of replicas defined at `artifactory.node.replicaCount` by the names `volume--artifactory-ha-member-`, e.g `volume-myrelease-artifactory-ha-member-0` and `volume-myrelease-artifactory-ha-primary-1`. -- Pass a parameter to `helm install` and `helm upgrade` -```bash -... ---set artifactory.node.persistence.existingClaim=true -``` - -#### Existing shared volume claim - -In order to use an existing claim (for data and backup) that is to be shared across all nodes, you need to: - -- Create PVCs with ReadWriteMany that match the naming conventions: -``` - {{ template "artifactory-ha.fullname" . }}-data-pvc- - {{ template "artifactory-ha.fullname" . }}-backup-pvc- -``` -An example that shows 2 existing claims to be used: -``` - myexample-artifactory-ha-data-pvc-0 - myexample-artifactory-ha-backup-pvc-0 - myexample-artifactory-ha-data-pvc-1 - myexample-artifactory-ha-backup-pvc-1 -``` -- Set the artifactory.persistence.fileSystem.existingSharedClaim.enabled in values.yaml to true: -``` --- set artifactory.persistence.fileSystem.existingSharedClaim.enabled=true --- set artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims=2 -``` - -#### NFS -To use an NFS server as your cluster's storage, you need to -- Setup an NFS server. Get its IP as `NFS_IP` -- Create a `data` and `backup` directories on the NFS exported directory with write permissions to all -- Pass NFS parameters to `helm install` and `helm upgrade` -```bash -... ---set artifactory.persistence.type=nfs \ ---set artifactory.persistence.nfs.ip=${NFS_IP} \ -... -``` - -#### Google Storage -To use a Google Storage bucket as the cluster's filestore. See [Google Storage Binary Provider](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore#ConfiguringtheFilestore-GoogleStorageBinaryProvider) -- Pass Google Storage parameters to `helm install` and `helm upgrade` -```bash -... ---set artifactory.persistence.type=google-storage \ ---set artifactory.persistence.googleStorage.identity=${GCP_ID} \ ---set artifactory.persistence.googleStorage.credential=${GCP_KEY} \ -... -``` -``` -In order to use a GCP service account, Artifactory needs a gcp.credentials.json file in the same directory asa binaraystore.xml file. -This can be generated by running: -```bash -gcloud iam service-accounts keys create --iam-account -``` -Which will produce the following, which can be saved to a file or copied into your `values.yaml`. -```bash -{ - "type": "service_account", - "project_id": "", - "private_key_id": "?????", - "private_key": "-----BEGIN PRIVATE KEY-----\n????????==\n-----END PRIVATE KEY-----\n", - "client_email": "???@j.iam.gserviceaccount.com", - "client_id": "???????", - "auth_uri": "https://accounts.google.com/o/oauth2/auth", - "token_uri": "https://oauth2.googleapis.com/token", - "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", - "client_x509_cert_url": "https://www.googleapis.com/robot/v1....." -} -``` - -One option is to create your own [Secret](https://kubernetes.io/docs/concepts/configuration/secret/) and pass it to your `helm install` in a custom `values.yaml` -```bash -# Create the Kubernetes secret from the file you created earlier. -# IMPORTANT: The file must be called "gcp.credentials.json" because this is used later as the secret key! -kubectl create secret generic artifactory-gcp-creds --from-file=./gcp.credentials.json -``` -Set this secret in your custom `values.yaml` -```bash -artifactory: - persistence: - googleStorage - gcpServiceAccount: - enabled: true - customSecretName: artifactory-gcp-creds -``` - -Another option is to put your generated config directly in your custom `values.yaml` and the a secret will be created from it -``` -artifactory: - persistence: - googleStorage - gcpServiceAccount: - enabled: true - config: | - { - "type": "service_account", - "project_id": "", - "private_key_id": "?????", - "private_key": "-----BEGIN PRIVATE KEY-----\n????????==\n-----END PRIVATE KEY-----\n", - "client_email": "???@j.iam.gserviceaccount.com", - "client_id": "???????", - "auth_uri": "https://accounts.google.com/o/oauth2/auth", - "token_uri": "https://oauth2.googleapis.com/token", - "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", - "client_x509_cert_url": "https://www.googleapis.com/robot/v1....." - } -``` - -#### AWS S3 -**NOTE** Keep in mind that when using the `aws-s3` persistence type, you will not be able to provide an IAM on the pod level. -In order to grant permissions to Artifactory using an IAM role, you will have to attach the IAM role to the machine(s) on which Artifactory is running. -This is due to the fact that the `aws-s3` template uses the `JetS3t` library to interact with AWS. If you want to grant an IAM role at the pod level, see the `AWS S3 Vs` section. - -To use an AWS S3 bucket as the cluster's filestore. See [S3 Binary Provider](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore#ConfiguringtheFilestore-S3BinaryProvider) -- Pass AWS S3 parameters to `helm install` and `helm upgrade` -```bash -... -# With explicit credentials: ---set artifactory.persistence.type=aws-s3 \ ---set artifactory.persistence.awsS3.endpoint=${AWS_S3_ENDPOINT} \ ---set artifactory.persistence.awsS3.region=${AWS_REGION} \ ---set artifactory.persistence.awsS3.identity=${AWS_ACCESS_KEY_ID} \ ---set artifactory.persistence.awsS3.credential=${AWS_SECRET_ACCESS_KEY} \ -... - -... -# With using existing IAM role ---set artifactory.persistence.type=aws-s3 \ ---set artifactory.persistence.awsS3.endpoint=${AWS_S3_ENDPOINT} \ ---set artifactory.persistence.awsS3.region=${AWS_REGION} \ ---set artifactory.persistence.awsS3.roleName=${AWS_ROLE_NAME} \ -... -``` -**NOTE:** Make sure S3 `endpoint` and `region` match. See [AWS documentation on endpoint](https://docs.aws.amazon.com/general/latest/gr/rande.html) - -#### AWS S3 V3 -To use an AWS S3 bucket as the cluster's filestore and access it with the official AWS SDK, See [S3 Official SDK Binary Provider](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore#ConfiguringtheFilestore-AmazonS3OfficialSDKTemplate). -This filestore template uses the official AWS SDK, unlike the `aws-s3` implementation that uses the `JetS3t` library. -Use this template if you want to attach an IAM role to the Artifactory pod directly (as opposed to attaching it to the machine/s that Artifactory will run on). - -**NOTE** This will have to be combined with a k8s mechanism for attaching IAM roles to pods, like [kube2iam](https://github.com/helm/charts/tree/master/stable/kube2iam) or anything similar. - -- Pass AWS S3 V3 parameters and the annotation pointing to the IAM role (when using an IAM role. this is kube2iam specific and may vary depending on the implementation) to `helm install` and `helm upgrade` - -```bash -# With explicit credentials: ---set artifactory.persistence.type=aws-s3-v3 \ ---set artifactory.persistence.awsS3V3.region=${AWS_REGION} \ ---set artifactory.persistence.awsS3V3.bucketName=${AWS_S3_BUCKET_NAME} \ ---set artifactory.persistence.awsS3V3.identity=${AWS_ACCESS_KEY_ID} \ ---set artifactory.persistence.awsS3V3.credential=${AWS_SECRET_ACCESS_KEY} \ -... -``` - -```bash -# With using existing IAM role ---set artifactory.persistence.type=aws-s3-v3 \ ---set artifactory.persistence.awsS3V3.region=${AWS_REGION} \ ---set artifactory.persistence.awsS3V3.bucketName=${AWS_S3_BUCKET_NAME} \ ---set artifactory.annotations.'iam\.amazonaws\.com/role'=${AWS_IAM_ROLE_ARN} -... -``` - -To enable [Direct Cloud Storage Download](https://www.jfrog.com/confluence/display/JFROG/Direct+Cloud+Storage+Download#DirectCloudStorageDownload-1.ConfiguretheArtifactoryFilestore) -```bash -... ---set artifactory.persistence.awsS3V3.enableSignedUrlRedirect=true \ -... -``` - -#### Microsoft Azure Blob Storage -To use Azure Blob Storage as the cluster's filestore. See [Azure Blob Storage Binary Provider](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore#ConfiguringtheFilestore-AzureBlobStorageClusterBinaryProvider) -- Pass Azure Blob Storage parameters to `helm install` and `helm upgrade` -```bash -... ---set artifactory.persistence.type=azure-blob \ ---set artifactory.persistence.azureBlob.accountName=${AZURE_ACCOUNT_NAME} \ ---set artifactory.persistence.azureBlob.accountKey=${AZURE_ACCOUNT_KEY} \ ---set artifactory.persistence.azureBlob.endpoint=${AZURE_ENDPOINT} \ ---set artifactory.persistence.azureBlob.containerName=${AZURE_CONTAINER_NAME} \ -... -``` - -#### Custom binarystore.xml -You have an option to provide a custom [binarystore.xml](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore).
-There are two options for this - -1. Editing directly in [values.yaml](values.yaml) -```yaml -artifactory: - persistence: - binarystoreXml: | - - - - - -``` - -2. Create your own [Secret](https://kubernetes.io/docs/concepts/configuration/secret/) and pass it to your `helm install` command -```yaml -# Prepare your custom Secret file (custom-binarystore.yaml) -kind: Secret -apiVersion: v1 -metadata: - name: custom-binarystore - labels: - app: artifactory - chart: artifactory -stringData: - binarystore.xml: |- - - - - -``` - -```bash -# Create a secret from the file -kubectl apply -n artifactory -f ./custom-binarystore.yaml - -# Pass it to your helm install command: -helm upgrade --install artifactory-ha --set artifactory.persistence.customBinarystoreXmlSecret=custom-binarystore --namespace artifactory-ha center/jfrog/artifactory-ha -``` - -### Create a unique Master Key - -Alternatively, you can create a secret containing the master key manually and pass it to the template at install/upgrade time. -```bash -# Create a key -export MASTER_KEY=$(openssl rand -hex 32) -echo ${MASTER_KEY} - -# Create a secret containing the key. The key in the secret must be named master-key -kubectl create secret generic my-secret --from-literal=master-key=${MASTER_KEY} - -# Pass the created secret to helm -helm upgrade --install artifactory-ha --set artifactory.masterKeySecretName=my-secret --namespace artifactory-ha center/jfrog/artifactory-ha -``` -**NOTE:** In either case, make sure to pass the same master key on all future calls to `helm install` and `helm upgrade`! In the first case, this means always passing `--set artifactory.masterKey=${MASTER_KEY}`. In the second, this means always passing `--set artifactory.masterKeySecretName=my-secret` and ensuring the contents of the secret remain unchanged. - -### Special Upgrade Notes -### MasterKey during 6.x to 7.x Migration (App version) - -**NOTE:** 6.x only supports masterKey with 16 hex (32 characters) and if you have set masterKey using `openssl rand -hex 32` (64 characters) in 6.x, only the first 32 characters are used and rest are ignored. Hence, during 6.x to 7.x migration, we trim first 32 characters and set masterkey, which implies 7.x still uses the trimmed masterkey of 6.x. Hence, `artifactory.masterKey` should not be passed during migration from 6.x to 7.x. - -### Create a unique Join Key -Artifactory requires a unique join key. By default the chart has one set in values.yaml (`artifactory.joinKey`). - -**This key is for demo purpose and should not be used in a production environment!** - -You should generate a unique key and pass it to the template at install/upgrade time. -```bash -# Create a key -export JOIN_KEY=$(openssl rand -hex 32) -echo ${JOIN_KEY} - -# Pass the created join key to helm -helm upgrade --install artifactory-ha --set artifactory.joinKey=${JOIN_KEY} --namespace artifactory-ha center/jfrog/artifactory-ha -``` - -Alternatively, you can create a secret containing the join key manually and pass it to the template at install/upgrade time. -```bash -# Create a key -export JOIN_KEY=$(openssl rand -hex 32) -echo ${JOIN_KEY} - -# Create a secret containing the key. The key in the secret must be named join-key -kubectl create secret generic my-secret --from-literal=join-key=${JOIN_KEY} - -# Pass the created secret to helm -helm upgrade --install artifactory-ha --set artifactory.joinKeySecretName=my-secret --namespace artifactory-ha center/jfrog/artifactory-ha -``` -**NOTE:** In either case, make sure to pass the same join key on all future calls to `helm install` and `helm upgrade`! This means always passing `--set artifactory.joinKey=${JOIN_KEY}`. In the second, this means always passing `--set artifactory.joinKeySecretName=my-secret` and ensuring the contents of the secret remain unchanged.. - -### Install Artifactory HA license -For activating Artifactory HA, you must install an appropriate license. There are three ways to manage the license. **Artifactory UI**, **REST API**, or a **Kubernetes Secret**. - -The easier and recommended way is the **Artifactory UI**. Using the **Kubernetes Secret** or **REST API** is for advanced users and is better suited for automation. - -**IMPORTANT:** You should use only one of the following methods. Switching between them while a cluster is running might disable your Artifactory HA cluster! - -##### Artifactory UI -Once primary cluster is running, open Artifactory UI and insert the license(s) in the UI. See [HA installation and setup](https://www.jfrog.com/confluence/display/RTF/HA+Installation+and+Setup) for more details. **Note that you should enter all licenses at once, with each license is separated by a newline.** If you add the licenses one at a time, you may get redirected to a node without a license and the UI won't load for that node. - -##### REST API -You can add licenses via REST API (https://www.jfrog.com/confluence/display/RTF/Artifactory+REST+API#ArtifactoryRESTAPI-InstallHAClusterLicenses). Note that the REST API expects "\n" for the newlines in the licenses. - -##### Kubernetes Secret -You can deploy the Artifactory license(s) as a [Kubernetes secret](https://kubernetes.io/docs/concepts/configuration/secret/). -Prepare a text file with the license(s) written in it. If writing multiple licenses (must be in the same file), it's important to put **two new lines between each license block**! -```bash -# Create the Kubernetes secret (assuming the local license file is 'art.lic') -kubectl create secret generic artifactory-cluster-license --from-file=./art.lic - -# Pass the license to helm -helm upgrade --install artifactory-ha --set artifactory.license.secret=artifactory-cluster-license,artifactory.license.dataKey=art.lic --namespace artifactory-ha center/jfrog/artifactory-ha -``` -**NOTE:** This method is relevant for initial deployment only! Once Artifactory is deployed, you should not keep passing these parameters as the license is already persisted into Artifactory's storage (they will be ignored). -Updating the license should be done via Artifactory UI or REST API. - -##### Create the secret as part of the helm release -values.yaml -```yaml -artifactory: - license: - licenseKey: |- - - - - - - - -``` - -```bash -helm upgrade --install artifactory-ha -f values.yaml --namespace artifactory-ha center/jfrog/artifactory-ha -``` -**NOTE:** This method is relevant for initial deployment only! Once Artifactory is deployed, you should not keep passing these parameters as the license is already persisted into Artifactory's storage (they will be ignored). -Updating the license should be done via Artifactory UI or REST API. -If you want to keep managing the artifactory license using the same method, you can use the copyOnEveryStartup example shown in the values.yaml file - - -### copyOnEveryStartup feature -Files stored in the `/artifactory-extra-conf` directory are only copied to the `ARTIFACTORY_HOME/etc` directory upon the first startup. -In some cases, you want your configuration files to be copied to the `ARTIFACTORY_HOME/etc` directory on every startup. -Two examples for that would be: - -1. the binarstore.xml file. If you use the default behaviour, your binarystore.xml configuration will only be copied on the first startup, -which means that changes you make over time to the `binaryStoreXml` configuration will not be applied. In order to make sure your changes are applied on every startup, do the following: -Create a values file with the following values: -```yaml -artifactory: - copyOnEveryStartup: - - source: /artifactory_bootstrap/binarystore.xml - target: etc/artifactory/ -``` - -Install the helm chart with the values file you created: -```bash -helm upgrade --install artifactory-ha --namespace artifactory-ha center/jfrog/artifactory-ha -f values.yaml -``` - -2. Any custom configuration file you have to configure artifactory, such as `logback.xml`: -Create a config map with your `logback.xml` configuration. - -Create a values file with the following values: -```yaml -artifactory: - ## Create a volume pointing to the config map with your configuration file - customVolumes: | - - name: logback-xml-configmap - configMap: - name: logback-xml-configmap - customVolumeMounts: | - - name: logback-xml-configmap - mountPath: /tmp/artifactory-logback/ - copyOnEveryStartup: - - source: /tmp/artifactory-logback/* - target: etc/ -``` - -Install the helm chart with the values file you created: -```bash -helm upgrade --install artifactory-ha --namespace artifactory-ha center/jfrog/artifactory-ha -f values.yaml -``` - -### Configure NetworkPolicy - -NetworkPolicy specifies what ingress and egress is allowed in this namespace. It is encouraged to be more specific whenever possible to increase security of the system. - -In the `networkpolicy` section of values.yaml you can specify a list of NetworkPolicy objects. - -For podSelector, ingress and egress, if nothing is provided then a default `- {}` is applied which is to allow everything. - -A full (but very wide open) example that results in 2 NetworkPolicy objects being created: -```yaml -networkpolicy: - # Allows all ingress and egress to/from artifactory primary and member pods. - - name: artifactory - podSelector: - matchLabels: - app: artifactory-ha - egress: - - {} - ingress: - - {} - # Allows connectivity from artifactory-ha pods to postgresql pods, but no traffic leaving postgresql pod. - - name: postgresql - podSelector: - matchLabels: - app: postgresql - ingress: - - from: - - podSelector: - matchLabels: - app: artifactory-ha -``` - -### Artifactory JMX Configuration -** You can see some information about the exposed MBeans here - https://www.jfrog.com/confluence/display/RTF/Artifactory+JMX+MBeans - -Enable JMX in your deployment: -```bash -helm upgrade --install artifactory \ - --set artifactory.primary.javaOpts.jmx.enabled=true \ - --set artifactory.node.javaOpts.jmx.enabled=true \ - --namespace artifactory-ha center/jfrog/artifactory-ha -``` -This will enable access to Artifactory with JMX on the default port (9010). -** You have the option to change the port by setting ```artifactory.primary.javaOpts.jmx.port``` and ```artifactory.node.javaOpts.jmx.port``` -to your choice of port - -In order to connect to Artifactory using JMX with jconsole (or any similar tool) installed on your computer, follow the following steps: -1. Enable JMX as described above and Change the Artifactory service to be of type LoadBalancer: -```bash -helm upgrade --install artifactory \ - --set artifactory.primary.javaOpts.jmx.enabled=true \ - --set artifactory.node.javaOpts.jmx.enabled=true \ - --set artifactory.service.type=LoadBalancer \ - --namespace artifactory-ha center/jfrog/artifactory-ha -``` -2. The default setting for java.rmi.server.hostname is the service name (this is also configurable with -```artifactory.primary.javaOpts.jmx.host``` and ```artifactory.node.javaOpts.jmx.host```), So in order to connect to Artifactory -with jconsole you should map the Artifactory kuberentes service IP to the service name using your hosts file as such: -``` - artifactory-ha--primary - -``` -3. Launch jconsole with the service address and port: -```bash -jconsole artifactory-ha--primary: -jconsole : -``` - -### Bootstrapping Artifactory admin password -You can bootstrap the `admin` user password as described in the [bootstrap Artifactory admin credentials](https://www.jfrog.com/confluence/display/JFROG/Users+and+Groups#UsersandGroups-RecreatingtheDefaultAdminUserrecreate) guide. - -1. Create `admin-creds-values.yaml` and provide the IP (By default 127.0.0.1) and password: -```yaml -artifactory: - admin: - ip: "" # Example: "*" to allow access from anywhere - username: "admin" - password: "" -``` - -2. Apply the `admin-creds-values.yaml` file: -```bash -helm upgrade --install artifactory --namespace artifactory-ha center/jfrog/artifactory-ha -f admin-creds-values.yaml -``` - -### Bootstrapping Artifactory configuration -**IMPORTANT:** Bootstrapping Artifactory needs license. Pass license as shown in above section. - -* User guide to [bootstrap Artifactory Global Configuration](https://www.jfrog.com/confluence/display/RTF/Configuration+Files#ConfigurationFiles-BootstrappingtheGlobalConfiguration) -* User guide to [bootstrap Artifactory Security Configuration](https://www.jfrog.com/confluence/display/RTF/Configuration+Files#ConfigurationFiles-BootstrappingtheSecurityConfiguration) - -1. Create `bootstrap-config.yaml` with artifactory.config.import.xml and security.import.xml as shown below: -```yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: my-release-bootstrap-config -data: - artifactory.config.import.xml: | - - security.import.xml: | - -``` - -2. Create configMap in Kubernetes: -```bash -kubectl apply -f bootstrap-config.yaml -``` -3. Pass the configMap to helm -```bash -helm upgrade --install artifactory-ha --set artifactory.license.secret=artifactory-cluster-license,artifactory.license.dataKey=art.lic,artifactory.configMapName=my-release-bootstrap-config --namespace artifactory-ha center/jfrog/artifactory-ha -``` - -### Use custom nginx.conf with Nginx - -Steps to create configMap with nginx.conf -* Create `nginx.conf` file. -```bash -kubectl create configmap nginx-config --from-file=nginx.conf -``` -* Pass configMap to helm install -```bash -helm upgrade --install artifactory-ha --set nginx.customConfigMap=nginx-config --namespace artifactory-ha center/jfrog/artifactory-ha -``` - -### Scaling your Artifactory cluster -A key feature in Artifactory HA is the ability to set an initial cluster size with `--set artifactory.node.replicaCount=${CLUSTER_SIZE}` and if needed, resize it. - -##### Before scaling -**IMPORTANT:** When scaling, you need to explicitly pass the database password if it's an auto generated one (this is the default with the enclosed PostgreSQL helm chart). - -Get the current database password -```bash -export DB_PASSWORD=$(kubectl get $(kubectl get secret -o name | grep postgresql) -o jsonpath="{.data.postgresql-password}" | base64 --decode) -``` -Use `--set postgresql.postgresqlPassword=${DB_PASSWORD}` with every scale action to prevent a miss configured cluster! - -##### Scale up -Let's assume you have a cluster with **2** member nodes, and you want to scale up to **3** member nodes (a total of 4 nodes). -```bash -# Scale to 4 nodes (1 primary and 3 member nodes) -helm upgrade --install artifactory-ha --set artifactory.node.replicaCount=3 --set postgresql.postgresqlPassword=${DB_PASSWORD} --namespace artifactory-ha center/jfrog/artifactory-ha -``` - -##### Scale down -Let's assume you have a cluster with **3** member nodes, and you want to scale down to **2** member node. - -```bash -# Scale down to 2 member nodes -helm upgrade --install artifactory-ha --set artifactory.node.replicaCount=2 --set postgresql.postgresqlPassword=${DB_PASSWORD} --namespace artifactory-ha center/jfrog/artifactory-ha -``` -- **NOTE:** Since Artifactory is running as a Kubernetes Stateful Set, the removal of the node will **not** remove the persistent volume. You need to explicitly remove it -```bash -# List PVCs -kubectl get pvc - -# Remove the PVC with highest ordinal! -# In this example, the highest node ordinal was 2, so need to remove its storage. -kubectl delete pvc volume-artifactory-node-2 -``` - -### Use an external Database - -**For production grade installations it is recommended to use an external PostgreSQL with a static password** - -#### PostgreSQL -There are cases where you will want to use external PostgreSQL with a different database name e.g. `my-artifactory-db`, then you need set a custom PostgreSQL connection URL, where `my-artifactory-db` is the database name. - -This can be done with the following parameters -```bash -... ---set postgresql.enabled=false \ ---set database.type=postgresql \ ---set database.driver=org.postgresql.Driver \ ---set database.url='jdbc:postgresql://${DB_HOST}:${DB_PORT}/my-artifactory-db' \ ---set database.user=${DB_USER} \ ---set database.password=${DB_PASSWORD} \ -... -``` -**NOTE:** You must set `postgresql.enabled=false` in order for the chart to use the `database.*` parameters. Without it, they will be ignored! - -#### Other DB type -There are cases where you will want to use a different database and not the enclosed **PostgreSQL**. -See more details on [configuring the database](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Database) -> The official Artifactory Docker images include the PostgreSQL database driver. -> For other database types, you will have to add the relevant database driver to Artifactory's tomcat/lib - -This can be done with the following parameters -```bash -# Make sure your Artifactory Docker image has the MySQL database driver in it -... ---set postgresql.enabled=false \ ---set artifactory.preStartCommand="mkdir -p /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib; cd /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib && wget -O /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib/mysql-connector-java-5.1.41.jar https://jcenter.bintray.com/mysql/mysql-connector-java/5.1.41/mysql-connector-java-5.1.41.jar" \ ---set database.type=mysql \ ---set database.driver=com.mysql.jdbc.Driver \ ---set database.url=${DB_URL} \ ---set database.user=${DB_USER} \ ---set database.password=${DB_PASSWORD} \ -... -``` -**NOTE:** You must set `postgresql.enabled=false` in order for the chart to use the `database.*` parameters. Without it, they will be ignored! -##### Configuring Artifactory with external Oracle database -To use artifactory with oracledb the required instant client library files, libaio has to be copied to tomcat lib. Also set LD_LIBRARY_PATH env variable. -1. Create a value file with the configuration -```yaml -postgresql: - enabled: false -database: - type: oracle - driver: oracle.jdbc.OracleDriver - url: - user: - password: -artifactory: - preStartCommand: "mkdir -p /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib; cd /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib && wget -O instantclient-basic-linux.x64-19.6.0.0.0dbru.zip https://download.oracle.com/otn_software/linux/instantclient/19600/instantclient-basic-linux.x64-19.6.0.0.0dbru.zip && unzip -jn instantclient-basic-linux.x64-19.6.0.0.0dbru.zip && wget -O libaio1_0.3.110-3_amd64.deb http://ftp.br.debian.org/debian/pool/main/liba/libaio/libaio1_0.3.110-3_amd64.deb && dpkg-deb -x libaio1_0.3.110-3_amd64.deb . && cp lib/x86_64-linux-gnu/* ." - extraEnvironmentVariables: - - name: LD_LIBRARY_PATH - value: /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib -``` -2. Install Artifactory with the values file you created: -```bash -helm upgrade --install artifactory center/jfrog/artifactory-ha --namespace artifactory -f values-oracle.yaml -``` -**NOTE:** If its an upgrade from 6.x to 7.x, add same `preStartCommand` under `artifactory.migration.preStartCommand` - -#### Using pre-existing Kubernetes Secret -If you store your database credentials in a pre-existing Kubernetes `Secret`, you can specify them via `database.secrets` instead of `database.user` and `database.password`: -```bash -# Create a secret containing the database credentials -kubectl create secret generic my-secret --from-literal=user=${DB_USER} --from-literal=password=${DB_PASSWORD} -... ---set postgresql.enabled=false \ ---set database.secrets.user.name=my-secret \ ---set database.secrets.user.key=user \ ---set database.secrets.password.name=my-secret \ ---set database.secrets.password.key=password \ -... -``` - -### Deleting Artifactory -To delete the Artifactory HA cluster - -On helm v2: -```bash -helm delete --purge artifactory-ha -``` - -On helm v3: -```bash -helm delete artifactory-ha --namespace artifactory-ha -``` - -This will completely delete your Artifactory HA cluster. -**NOTE:** Since Artifactory is running as Kubernetes Stateful Sets, the removal of the helm release will **not** remove the persistent volumes. You need to explicitly remove them -```bash -kubectl delete pvc -l release=artifactory-ha -``` -See more details in the official [Kubernetes Stateful Set removal page](https://kubernetes.io/docs/tasks/run-application/delete-stateful-set/) - -### Custom Docker registry for your images -If you need to pull your Docker images from a private registry (for example, when you have a custom image with a MySQL database driver), you need to create a -[Kubernetes Docker registry secret](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/) and pass it to helm -```bash -# Create a Docker registry secret called 'regsecret' -kubectl create secret docker-registry regsecret --docker-server=${DOCKER_REGISTRY} --docker-username=${DOCKER_USER} --docker-password=${DOCKER_PASS} --docker-email=${DOCKER_EMAIL} -``` -Once created, you pass it to `helm` -```bash -helm upgrade --install artifactory-ha --set imagePullSecrets=regsecret --namespace artifactory-ha center/jfrog/artifactory-ha -``` - -### Logger sidecars -This chart provides the option to add sidecars to tail various logs from Artifactory. See the available values in [values.yaml](values.yaml) - -Get list of containers in the pod -```bash -kubectl get pods -n -o jsonpath='{.spec.containers[*].name}' | tr ' ' '\n' -``` - -View specific log -```bash -kubectl logs -n -c -``` - - -### Custom init containers -There are cases where a special, unsupported init processes is needed like checking something on the file system or testing something before spinning up the main container. - -For this, there is a section for writing custom init containers before and after the predefined init containers in the [values.yaml](values.yaml) . By default it's commented out -```yaml -artifactory: - ## Add custom init containers executed before predefined init containers - customInitContainersBegin: | - ## Init containers template goes here ## - ## Add custom init containers executed after predefined init containers - customInitContainers: | - ## Init containers template goes here ## -``` - -### Custom sidecar containers -There are cases where an extra sidecar container is needed. For example monitoring agents or log collection. - -For this, there is a section for writing a custom sidecar container in the [values.yaml](values.yaml). By default it's commented out -```yaml -artifactory: - ## Add custom sidecar containers - customSidecarContainers: | - ## Sidecar containers template goes here ## -``` - -You can configure the sidecar to run as a custom user if needed by setting the following in the container template -```yaml - # Example of running container as root (id 0) - securityContext: - runAsUser: 0 - fsGroup: 0 -``` - -### Custom volumes -If you need to use a custom volume in a custom init or sidecar container, you can use this option. - -For this, there is a section for defining custom volumes in the [values.yaml](values.yaml). By default it's commented out -```yaml -artifactory: - ## Add custom volumes - customVolumes: | - ## Custom volume comes here ## -``` - -### Custom secrets -If you need to add a custom secret in a custom init or sidecar container, you can use this option. - -For this, there is a section for defining custom secrets in the [values.yaml](values.yaml). By default it's commented out -```yaml -artifactory: - # Add custom secrets - secret per file - customSecrets: - - name: custom-secret - key: custom-secret.yaml - data: > - secret data -``` - -To use a custom secret, need to define a custom volume. -```yaml -artifactory: - ## Add custom volumes - customVolumes: | - - name: custom-secret - secret: - secretName: custom-secret -``` - -To use a volume, need to define a volume mount as part of a custom init or sidecar container. -```yaml -artifactory: - customSidecarContainers: - - name: side-car-container - volumeMounts: - - name: custom-secret - mountPath: /opt/custom-secret.yaml - subPath: custom-secret.yaml - readOnly: true -``` - -### Add Artifactory User Plugin during installation -If you need to add [Artifactory User Plugin](https://github.com/jfrog/artifactory-user-plugins), you can use this option. - -Create a secret with [Artifactory User Plugin](https://github.com/jfrog/artifactory-user-plugins) by following command: -```bash -# Secret with single user plugin -kubectl create secret generic archive-old-artifacts --from-file=archiveOldArtifacts.groovy --namespace=artifactory-ha - -# Secret with single user plugin with configuration file -kubectl create secret generic webhook --from-file=webhook.groovy --from-file=webhook.config.json.sample --namespace=artifactory-ha -``` - -Add plugin secret names to `plugins.yaml` as following: -```yaml -artifactory: - userPluginSecrets: - - archive-old-artifacts - - webhook -``` - -You can now pass the created `plugins.yaml` file to helm install command to deploy Artifactory with user plugins as follows: -```bash -helm upgrade --install artifactory-ha -f plugins.yaml --namespace artifactory-ha center/jfrog/artifactory-ha -``` - -Alternatively, you may be in a situation in which you would like to create a secret in a Helm chart that depends on this chart. In this scenario, the name of the secret is likely dynamically generated via template functions, so passing a statically named secret isn't possible. In this case, the chart supports evaluating strings as templates via the [`tpl`](https://helm.sh/docs/charts_tips_and_tricks/#using-the-tpl-function) function - simply pass the raw string containing the templating language used to name your secret as a value instead by adding the following to your chart's `values.yaml` file: -```yaml -artifactory-ha: # Name of the artifactory-ha dependency - artifactory: - userPluginSecrets: - - '{{ template "my-chart.fullname" . }}' -``` -For additional information, please refer [here](https://www.jfrog.com/confluence/display/JFROG/User+Plugins). - -### Provide custom configMaps to Artifactory -If you want to mount a custom file to Artifactory, either an init shell script or a custom configuration file (such as `logback.xml`), you can use this option. - -Create a `configmaps.yaml` file with the following content: -```yaml -artifactory: - configMaps: | - logback.xml: | - - - - - %date [%-5level] \(%-20c{3}:%L\) %message%n - - - - - - - - - - - - - - - my-custom-post-start-hook.sh: | - echo "This is my custom post start hook" - - customVolumeMounts: | - - name: artifactory-configmaps - mountPath: /tmp/my-config-map - - postStartCommand: | - chmod +x /tmp/my-config-map/my-custom-post-start-hook.sh; - /tmp/my-config-map/my-custom-post-start-hook.sh; - - copyOnEveryStartup: - - source: /tmp/my-config-map/logback.xml - target: etc/ - -``` - -and use it with you helm install/upgrade: -```bash -helm upgrade --install artifactory-ha -f configmaps.yaml --namespace artifactory-ha center/jfrog/artifactory-ha -``` - -This will, in turn: -* create a configMap with the files you specified above -* create a volume pointing to the configMap with the name `artifactory-configmaps` -* Mount said configMap onto `/tmp/my-config-map` using a `customVolumeMounts` -* Set the shell script we mounted as the `postStartCommand` -* Copy the `logback.xml` file to its proper location in the `$ARTIFACTORY_HOME/etc` directory. - -### Establishing TLS and Adding certificates -In HTTPS, the communication protocol is encrypted using Transport Layer Security (TLS). By default, TLS between JFrog Platform nodes is disabled. -When TLS is enabled, JFrog Access acts as the Certificate Authority (CA) signs the TLS certificates used by all the different JFrog Platform nodes. - -To establish TLS between JFrog Platform nodes: -Enable TLS by changing the tls entry (under the security section) in the access.config.yaml file. For more info, Please refer [here](https://www.jfrog.com/confluence/display/JFROG/Managing+TLS+Certificates#ManagingTLSCertificates) - -To enable tls in charts, set `tls` to true under `access` in [values.yaml](values.yaml). By default it's false -```yaml -access: - accessConfig: - security: - tls: true -``` - -To add custom tls certificates, create a tls secret from the certificate files. - -```bash -kubectl create secret tls --cert=ca.crt --key=ca.private.key -``` - -For resetting access certificates , you can set `resetAccessCAKeys` to true under access section in [values.yaml](values.yaml) and perform an helm upgrade. -* Note : Once helm upgrade is done, set `resetAccessCAKeys` to false for subsequent upgrades (to avoid resetting access certificates on every helm upgrade) -```yaml -access: - accessConfig: - security: - tls: true - customCertificatesSecretName: - resetAccessCAKeys: true -``` - -### Artifactory filebeat -If you want to collect logs from your Artifactory installation and send them to a central log collection solution like ELK, you can use this option. - -Create a `filebeat.yaml` values file with the following content: -```yaml -filebeat: - enabled: true - logstashUrl: - resources: - requests: - memory: "100Mi" - cpu: "100m" - limits: - memory: "100Mi" - cpu: "100m" -``` - -You can optionally customize the `filebeat.yaml` to send output to a different location like so: -```yaml -filebeat: - enabled: true - filebeatYml: | - -``` - -and use it with you helm install/upgrade: -```bash -helm upgrade --install artifactory-ha -f filebeat.yaml --namespace artifactory-ha center/jfrog/artifactory -``` - -This will start sending your Artifactory logs to the log aggregator of your choice, based on your configuration in the `filebeatYml` - -### Install Artifactory HA with Nginx and Terminate SSL in Nginx Service(LoadBalancer). -To install the helm chart with performing SSL offload in the LoadBalancer layer of Nginx -For Ex: Using AWS ACM certificates to do SSL offload in the loadbalancer layer. -In order to do that, simply add the following to a `artifactory-ssl-values.yaml` file: -```yaml - nginx: - https: - enabled: false - service: - ssloffload: true - annotations: - service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:xx-xxxx:xxxxxxxx:certificate/xxxxxxxxxxxxx" - service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http" - service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https" -``` - -and use it with you helm install/upgrade: -```bash -helm upgrade --install artifactory -f artifactory-ssl-values.yaml --namespace artifactory center/jfrog/artifactory -``` - -### Ingress and TLS -To get Helm to create an ingress object with a hostname, add these below lines to `artifactory-ingress-values.yaml` file -```yaml - ingress: - enabled: true - hosts: - - artifactory.company.com - artifactory: - service: - type: NodePort - nginx - enabled: false -``` - -and use it with you helm install/upgrade: -```bash -helm upgrade --install artifactory -f artifactory-ingress-values.yaml--namespace artifactory center/jfrog/artifactory -``` - -If your cluster allows automatic creation/retrieval of TLS certificates (e.g. [cert-manager](https://github.com/jetstack/cert-manager)), please refer to the documentation for that mechanism. - -To manually configure TLS, first create/retrieve a key & certificate pair for the address(es) you wish to protect. Then create a TLS secret in the namespace: - -```bash -kubectl create secret tls artifactory-tls --cert=path/to/tls.cert --key=path/to/tls.key -``` - -Include the secret's name, along with the desired hostnames, in the Artifactory Ingress TLS section of your custom `values.yaml` file: - -```yaml - ingress: - ## If true, Artifactory Ingress will be created - ## - enabled: true - - ## Artifactory Ingress hostnames - ## Must be provided if Ingress is enabled - ## - hosts: - - artifactory.domain.com - annotations: - kubernetes.io/tls-acme: "true" - ## Artifactory Ingress TLS configuration - ## Secrets must be manually created in the namespace - ## - tls: - - secretName: artifactory-tls - hosts: - - artifactory.domain.com -``` - -### Ingress annotations - -This example specifically enables Artifactory to work as a Docker Registry using the Repository Path method. See [Artifactory as Docker Registry](https://www.jfrog.com/confluence/display/RTF/Getting+Started+with+Artifactory+as+a+Docker+Registry) documentation for more information about this setup. - -```yaml -ingress: - enabled: true - defaultBackend: - enabled: false - hosts: - - myhost.example.com - annotations: - ingress.kubernetes.io/force-ssl-redirect: "true" - ingress.kubernetes.io/proxy-body-size: "0" - ingress.kubernetes.io/proxy-read-timeout: "600" - ingress.kubernetes.io/proxy-send-timeout: "600" - kubernetes.io/ingress.class: nginx - nginx.ingress.kubernetes.io/configuration-snippet: | - rewrite ^/(v2)/token /artifactory/api/docker/null/v2/token; - rewrite ^/(v2)/([^\/]*)/(.*) /artifactory/api/docker/$2/$1/$3; - nginx.ingress.kubernetes.io/proxy-body-size: "0" - tls: - - hosts: - - "myhost.example.com" -``` - -### Ingress additional rules - -You have the option to add additional ingress rules to the Artifactory ingress. An example for this use case can be routing the /xray path to Xray. -In order to do that, simply add the following to a `artifactory-ha-values.yaml` file: -```yaml -ingress: - enabled: true - - defaultBackend: - enabled: false - - annotations: - kubernetes.io/ingress.class: nginx - nginx.ingress.kubernetes.io/configuration-snippet: | - rewrite "(?i)/xray(/|$)(.*)" /$2 break; - - additionalRules: | - - host: - http: - paths: - - path: / - backend: - serviceName: - servicePort: - - path: /xray - backend: - serviceName: - servicePort: - - path: /artifactory - backend: - serviceName: {{ template "artifactory.nginx.fullname" . }} - servicePort: {{ .Values.nginx.externalPortHttp }} -``` - -and running: -```bash -helm upgrade --install artifactory-ha --namespace artifactory-ha center/jfrog/artifactory-ha -f artifactory-ha-values.yaml -``` - -### Dedicated Ingress object for replicator service - -You have the option to add additional ingress object to the Replicator service. An example for this use case can be routing the /replicator/ path to Artifactory. -In order to do that, simply add the following to a `artifactory-values.yaml` file: - -```yaml -artifactory: - replicator: - enabled: true - ingress: - name: - hosts: - - myhost.example.com - annotations: - kubernetes.io/ingress.class: nginx - nginx.ingress.kubernetes.io/proxy-buffering: "off" - nginx.ingress.kubernetes.io/configuration-snippet: | - chunked_transfer_encoding on; - tls: - - hosts: - - "myhost.example.com" - secretName: -``` - -### Ingress behind another load balancer -If you are running a load balancer, that is used to offload the TLS, in front of Nginx Ingress Controller, or if you are setting **X-Forwarded-*** headers, you might want to enable **'use-forwarded-headers=true'** option. Otherwise nginx will be filling those headers with the request information it receives from the external load balancer. - -To enable it with `helm install` -```bash -helm upgrade --install nginx-ingress --namespace nginx-ingress center/kubernetes-ingress-nginx/ingress-nginx --set-string controller.config.use-forwarded-headers=true -``` -or `helm upgrade` -```bash -helm upgrade nginx-ingress --set-string controller.config.use-forwarded-headers=true center/kubernetes-ingress-nginx/ingress-nginx -``` -or create a values.yaml file with the following content: -```yaml -controller: - config: - use-forwarded-headers: "true" -``` -Then install nginx-ingress with the values file you created: -```bash -helm upgrade --install nginx-ingress --namespace nginx-ingress center/kubernetes-ingress-nginx/ingress-nginx -f values.yaml -``` - -### Log Analytics - -#### FluentD, Prometheus and Grafana - -To configure Prometheus and Grafana to gather metrics from Artifactory through the use of FluentD, please refer to the log analytics repo: - -https://github.com/jfrog/log-analytics-prometheus - -That repo contains a file `artifactory-ha-values.yaml` that can be used to deploy Prometheus, Service Monitor, and Grafana with this chart. - - -## Useful links -- https://www.jfrog.com/confluence/display/EP/Getting+Started -- https://www.jfrog.com/confluence/display/RTF/Installing+Artifactory -- https://www.jfrog.com/confluence/ diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/ReverseProxyConfiguration.md b/charts/artifactory-ha/artifactory-ha/4.7.600/ReverseProxyConfiguration.md deleted file mode 100755 index 851593236..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/ReverseProxyConfiguration.md +++ /dev/null @@ -1,140 +0,0 @@ -# JFrog Artifactory Reverse Proxy Settings using Nginx - -#### Reverse Proxy -* To use Artifactory as docker registry it's mandatory to use Reverse Proxy. -* Artifactory provides a Reverse Proxy Configuration Generator screen in which you can fill in a set of fields to generate -the required configuration snippet which you can then download and install directly in the corresponding directory of your reverse proxy server. -* To learn about configuring NGINX or Apache for reverse proxy refer to documentation provided on [JFrog wiki](https://www.jfrog.com/confluence/display/RTF/Configuring+a+Reverse+Proxy) -* By default Artifactory helm chart uses Nginx for reverse proxy and load balancing. - -**Note**: Nginx image distributed with Artifactory helm chart is custom image managed and maintained by JFrog. - -#### Features of Artifactory Nginx -* Provides default configuration with self signed SSL certificate generated on each helm install/upgrade. -* Persist configuration and SSL certificate in `/var/opt/jfrog/nginx` directory - -#### Changing the default Artifactory nginx conf -Use a values.yaml file for changing the value of nginx.mainConf or nginx.artifactoryConf -These configuration will be mounted to the nginx container using a configmap. -For example: -1. Create a values file `nginx-values.yaml` with the following values: -```yaml -nginx: - artifactoryConf: | - ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; - ssl_certificate {{ .Values.nginx.persistence.mountPath }}/ssl/tls.crt; - ssl_certificate_key {{ .Values.nginx.persistence.mountPath }}/ssl/tls.key; - ssl_session_cache shared:SSL:1m; - ssl_prefer_server_ciphers on; - ## server configuration - server { - listen {{ .Values.nginx.internalPortHttps }} ssl; - listen {{ .Values.nginx.internalPortHttp }} ; - ## Change to you DNS name you use to access Artifactory - server_name ~(?.+)\.{{ include "artifactory-ha.fullname" . }} {{ include "artifactory-ha.fullname" . }}; - - if ($http_x_forwarded_proto = '') { - set $http_x_forwarded_proto $scheme; - } - ## Application specific logs - ## access_log /var/log/nginx/artifactory-access.log timing; - ## error_log /var/log/nginx/artifactory-error.log; - rewrite ^/$ /artifactory/webapp/ redirect; - rewrite ^/artifactory/?(/webapp)?$ /artifactory/webapp/ redirect; - if ( $repo != "" ) { - rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/$repo/$1/$2 break; - } - rewrite ^/(v1|v2)/([^/]+)(.*)$ /artifactory/api/docker/$2/$1/$3; - rewrite ^/(v1|v2)/ /artifactory/api/docker/$1/; - chunked_transfer_encoding on; - client_max_body_size 0; - location /artifactory/ { - proxy_read_timeout 900; - proxy_pass_header Server; - proxy_cookie_path ~*^/.* /; - if ( $request_uri ~ ^/artifactory/(.*)$ ) { - proxy_pass http://{{ include "artifactory-ha.fullname" . }}:{{ .Values.artifactory.externalPort }}/artifactory/$1; - } - proxy_pass http://{{ include "artifactory-ha.fullname" . }}:{{ .Values.artifactory.externalPort }}/artifactory/; - proxy_set_header X-Artifactory-Override-Base-Url $http_x_forwarded_proto://$host:$server_port/artifactory; - proxy_set_header X-Forwarded-Port $server_port; - proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } - } -``` - -2. Install/upgrade artifactory: -```bash -helm upgrade --install artifactory-ha jfrog/artifactory-ha -f nginx-values.yaml -``` - - -#### Steps to use static configuration for reverse proxy in nginx. -1. Get Artifactory service name using this command `kubectl get svc -n $NAMESPACE` - -2. Create `artifactory.conf` file with nginx configuration. More [nginx configuration examples](https://github.com/jfrog/artifactory-docker-examples/tree/master/files/nginx/conf.d) - - Following is example `artifactory.conf` - - **Note**: - * Create file with name `artifactory.conf` as it's fixed in configMap key. - * Replace `artifactory-artifactory` with service name taken from step 1. - - ```bash - ## add ssl entries when https has been set in config - ssl_certificate /var/opt/jfrog/nginx/ssl/tls.crt; - ssl_certificate_key /var/opt/jfrog/nginx/ssl/tls.key; - ssl_session_cache shared:SSL:1m; - ssl_prefer_server_ciphers on; - ## server configuration - server { - listen 443 ssl; - listen 80; - ## Change to you DNS name you use to access Artifactory - server_name ~(?.+)\.artifactory-artifactory artifactory-artifactory; - - if ($http_x_forwarded_proto = '') { - set $http_x_forwarded_proto $scheme; - } - ## Application specific logs - ## access_log /var/log/nginx/artifactory-access.log timing; - ## error_log /var/log/nginx/artifactory-error.log; - rewrite ^/$ /artifactory/webapp/ redirect; - rewrite ^/artifactory/?(/webapp)?$ /artifactory/webapp/ redirect; - if ( $repo != "" ) { - rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/$repo/$1/$2 break; - } - rewrite ^/(v1|v2)/([^/]+)(.*)$ /artifactory/api/docker/$2/$1/$3; - rewrite ^/(v1|v2)/ /artifactory/api/docker/$1/; - chunked_transfer_encoding on; - client_max_body_size 0; - location /artifactory/ { - proxy_read_timeout 900; - proxy_pass_header Server; - proxy_cookie_path ~*^/.* /; - if ( $request_uri ~ ^/artifactory/(.*)$ ) { - proxy_pass http://artifactory-artifactory:8081/artifactory/$1 break; - } - proxy_pass http://artifactory-artifactory:8081/artifactory/; - proxy_set_header X-Artifactory-Override-Base-Url $http_x_forwarded_proto://$host:$server_port/artifactory; - proxy_set_header X-Forwarded-Port $server_port; - proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } - } - ``` - -3. Create configMap of `artifactory.conf` created with step above. - ```bash - kubectl create configmap art-nginx-conf --from-file=artifactory.conf - ``` -4. Deploy Artifactory using helm chart. - You can achieve this by providing the name of configMap created above to `nginx.customArtifactoryConfigMap` in [values.yaml](values.yaml) - - Following is command to set values at runtime: - ```bash - helm install --name artifactory-ha nginx.customArtifactoryConfigMap=art-nginx-conf jfrog/artifactory-ha - ``` \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/UPGRADE_NOTES.md b/charts/artifactory-ha/artifactory-ha/4.7.600/UPGRADE_NOTES.md deleted file mode 100755 index b3326dccc..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/UPGRADE_NOTES.md +++ /dev/null @@ -1,42 +0,0 @@ -# JFrog Artifactory Chart Upgrade Notes -This file describes special upgrade notes needed at specific versions - -## Upgrade from 1.X to 2.X and above (Chart Versions) - -* If this is a new deployment or you already use an external database (`postgresql.enabled=false`), these changes **do not affect you!** -* To upgrade from a version prior to 1.x, you first need to upgrade to latest version of 1.x as described in https://github.com/jfrog/charts/blob/master/stable/artifactory-ha/CHANGELOG.md. -* Note: If you are upgrading from 1.x to 4.x and above chart versions, please delete the existing statefulset of postgresql before upgrading the chart due to breaking changes in postgresql subchart. -```bash -kubectl delete statefulsets -postgresql -``` - -## Upgrade from 0.X to 1.X (Chart Versions) -**DOWNTIME IS REQUIRED FOR AN UPGRADE!** -* If this is a new deployment or you already use an external database (`postgresql.enabled=false`), these changes **do not affect you!** -* PostgreSQL sub chart was upgraded to version `6.5.x`. This version is not backward compatible with the old version (`0.9.5`)! -* Note the following **PostgreSQL** Helm chart changes - * The chart configuration has changed! See [values.yaml](values.yaml) for the new keys used - * **PostgreSQL** is deployed as a StatefulSet - * See [PostgreSQL helm chart](https://hub.helm.sh/charts/stable/postgresql) for all available configurations -* Upgrade - * Due to breaking changes in the **PostgreSQL** Helm chart, a migration of the database is needed from the old to the new database - * The recommended migration process is the [full system export and import](https://www.jfrog.com/confluence/display/RTF/Importing+and+Exporting) - * **NOTE:** To save time, export only metadata and configuration (check `Exclude Content` in the `System Import & Export`) since the Artifactory filestore is persisted - * Upgrade steps: - 1. Block user access to Artifactory (do not shutdown) - a. Scale down the cluster to primary node only (`node.replicaCount=0`) so the exported db and configuration will be kept on one known node (the primary) - b. If your Artifactory HA K8s service is set to member nodes only (`service.pool=members`) you will need to access the primary node directly (use `kubectl port-forward`) - 2. Perform `Export System` from the `Admin` -> `Import & Export` -> `System` -> `Export System` - a. Check `Exclude Content` to save export size (as Artifactory filestore will persist across upgrade) - b. Choose to save the export on the persisted Artifactory volume (`/var/opt/jfrog/artifactory/`) - c. Click `Export` (this can take some time) - 3. Run the `helm upgrade` with the new version. Old PostgreSQL will be removed and new one deployed - a. You must pass explicit "ready for upgrade flag" with `--set databaseUpgradeReady=yes`. Failing to provide this will block the upgrade! - 4. Once ready, open Artifactory UI (you might need to re-enter a valid license). Skip all onboarding wizard steps - a. **NOTE:** Don't worry you can't see the old config and files. It will all restore with the system import in the next step - 5. Perform `Import System` from the `Admin` -> `Import & Export` -> `System` -> `Import System` - a. Browse to where the export was saved Artifactory volume (`/var/opt/jfrog/artifactory/`) - b. Click `Import` (this can take some time) - 6. Restore access to Artifactory - a. Scale the cluster member nodes back to the original size - * Artifactory should now be ready to get back to normal operation diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/app-readme.md b/charts/artifactory-ha/artifactory-ha/4.7.600/app-readme.md deleted file mode 100755 index a5aa5fd47..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/app-readme.md +++ /dev/null @@ -1,16 +0,0 @@ -# JFrog Artifactory High Availability Helm Chart - -Universal Repository Manager supporting all major packaging formats, build tools and CI servers. - -## Chart Details -This chart will do the following: - -* Deploy Artifactory highly available cluster. 1 primary node and 2 member nodes. -* Deploy a PostgreSQL database -* Deploy an Nginx server(optional) - -## Useful links -Blog: [Herd Trust Into Your Rancher Labs Multi-Cloud Strategy with Artifactory](https://jfrog.com/blog/herd-trust-into-your-rancher-labs-multi-cloud-strategy-with-artifactory/) - -## Activate Your Artifactory Instance -Don't have a license? Please send an email to [rancher-jfrog-licenses@jfrog.com](mailto:rancher-jfrog-licenses@jfrog.com) to get it. diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/.helmignore b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/.helmignore deleted file mode 100755 index f0c131944..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/Chart.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/Chart.yaml deleted file mode 100755 index 2f858e60e..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/Chart.yaml +++ /dev/null @@ -1,23 +0,0 @@ -annotations: - category: Database -apiVersion: v1 -appVersion: 11.9.0 -description: Chart for PostgreSQL, an object-relational database management system (ORDBMS) with an emphasis on extensibility and on standards-compliance. -home: https://www.postgresql.org/ -icon: https://bitnami.com/assets/stacks/postgresql/img/postgresql-stack-110x117.png -keywords: -- postgresql -- postgres -- database -- sql -- replication -- cluster -maintainers: -- email: containers@bitnami.com - name: Bitnami -- email: cedric@desaintmartin.fr - name: desaintmartin -name: postgresql -sources: -- https://github.com/bitnami/bitnami-docker-postgresql -version: 9.3.4 diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/README.md b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/README.md deleted file mode 100755 index 319291bc6..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/README.md +++ /dev/null @@ -1,680 +0,0 @@ -# PostgreSQL - -[PostgreSQL](https://www.postgresql.org/) is an object-relational database management system (ORDBMS) with an emphasis on extensibility and on standards-compliance. - -For HA, please see [this repo](https://github.com/bitnami/charts/tree/master/bitnami/postgresql-ha) - -## TL;DR - -```console -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release bitnami/postgresql -``` - -## Introduction - -This chart bootstraps a [PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/). - -## Prerequisites - -- Kubernetes 1.12+ -- Helm 2.12+ or Helm 3.0-beta3+ -- PV provisioner support in the underlying infrastructure - -## Installing the Chart -To install the chart with the release name `my-release`: - -```console -$ helm install my-release bitnami/postgresql -``` - -The command deploys PostgreSQL on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `my-release` deployment: - -```console -$ helm delete my-release -``` - -The command removes all the Kubernetes components but PVC's associated with the chart and deletes the release. - -To delete the PVC's associated with `my-release`: - -```console -$ kubectl delete pvc -l release=my-release -``` - -> **Note**: Deleting the PVC's will delete postgresql data as well. Please be cautious before doing it. - -## Parameters - -The following tables lists the configurable parameters of the PostgreSQL chart and their default values. - -| Parameter | Description | Default | -|-----------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------| -| `global.imageRegistry` | Global Docker Image registry | `nil` | -| `global.postgresql.postgresqlDatabase` | PostgreSQL database (overrides `postgresqlDatabase`) | `nil` | -| `global.postgresql.postgresqlUsername` | PostgreSQL username (overrides `postgresqlUsername`) | `nil` | -| `global.postgresql.existingSecret` | Name of existing secret to use for PostgreSQL passwords (overrides `existingSecret`) | `nil` | -| `global.postgresql.postgresqlPassword` | PostgreSQL admin password (overrides `postgresqlPassword`) | `nil` | -| `global.postgresql.servicePort` | PostgreSQL port (overrides `service.port`) | `nil` | -| `global.postgresql.replicationPassword` | Replication user password (overrides `replication.password`) | `nil` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | -| `global.storageClass` | Global storage class for dynamic provisioning | `nil` | -| `image.registry` | PostgreSQL Image registry | `docker.io` | -| `image.repository` | PostgreSQL Image name | `bitnami/postgresql` | -| `image.tag` | PostgreSQL Image tag | `{TAG_NAME}` | -| `image.pullPolicy` | PostgreSQL Image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Specify Image pull secrets | `nil` (does not add image pull secrets to deployed pods) | -| `image.debug` | Specify if debug values should be set | `false` | -| `nameOverride` | String to partially override postgresql.fullname template with a string (will prepend the release name) | `nil` | -| `fullnameOverride` | String to fully override postgresql.fullname template with a string | `nil` | -| `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work) | `false` | -| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | -| `volumePermissions.image.repository` | Init container volume-permissions image name | `bitnami/minideb` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag | `buster` | -| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `Always` | -| `volumePermissions.securityContext.runAsUser` | User ID for the init container (when facing issues in OpenShift or uid unknown, try value "auto") | `0` | -| `usePasswordFile` | Have the secrets mounted as a file instead of env vars | `false` | -| `ldap.enabled` | Enable LDAP support | `false` | -| `ldap.existingSecret` | Name of existing secret to use for LDAP passwords | `nil` | -| `ldap.url` | LDAP URL beginning in the form `ldap[s]://host[:port]/basedn[?[attribute][?[scope][?[filter]]]]` | `nil` | -| `ldap.server` | IP address or name of the LDAP server. | `nil` | -| `ldap.port` | Port number on the LDAP server to connect to | `nil` | -| `ldap.scheme` | Set to `ldaps` to use LDAPS. | `nil` | -| `ldap.tls` | Set to `1` to use TLS encryption | `nil` | -| `ldap.prefix` | String to prepend to the user name when forming the DN to bind | `nil` | -| `ldap.suffix` | String to append to the user name when forming the DN to bind | `nil` | -| `ldap.search_attr` | Attribute to match agains the user name in the search | `nil` | -| `ldap.search_filter` | The search filter to use when doing search+bind authentication | `nil` | -| `ldap.baseDN` | Root DN to begin the search for the user in | `nil` | -| `ldap.bindDN` | DN of user to bind to LDAP | `nil` | -| `ldap.bind_password` | Password for the user to bind to LDAP | `nil` | -| `replication.enabled` | Enable replication | `false` | -| `replication.user` | Replication user | `repl_user` | -| `replication.password` | Replication user password | `repl_password` | -| `replication.slaveReplicas` | Number of slaves replicas | `1` | -| `replication.synchronousCommit` | Set synchronous commit mode. Allowed values: `on`, `remote_apply`, `remote_write`, `local` and `off` | `off` | -| `replication.numSynchronousReplicas` | Number of replicas that will have synchronous replication. Note: Cannot be greater than `replication.slaveReplicas`. | `0` | -| `replication.applicationName` | Cluster application name. Useful for advanced replication settings | `my_application` | -| `existingSecret` | Name of existing secret to use for PostgreSQL passwords. The secret has to contain the keys `postgresql-postgres-password` which is the password for `postgresqlUsername` when it is different of `postgres`, `postgresql-password` which will override `postgresqlPassword`, `postgresql-replication-password` which will override `replication.password` and `postgresql-ldap-password` which will be sed to authenticate on LDAP. The value is evaluated as a template. | `nil` | -| `postgresqlPostgresPassword` | PostgreSQL admin password (used when `postgresqlUsername` is not `postgres`, in which case`postgres` is the admin username). | _random 10 character alphanumeric string_ | -| `postgresqlUsername` | PostgreSQL user (creates a non-admin user when `postgresqlUsername` is not `postgres`) | `postgres` | -| `postgresqlPassword` | PostgreSQL user password | _random 10 character alphanumeric string_ | -| `postgresqlDatabase` | PostgreSQL database | `nil` | -| `postgresqlDataDir` | PostgreSQL data dir folder | `/bitnami/postgresql` (same value as persistence.mountPath) | -| `extraEnv` | Any extra environment variables you would like to pass on to the pod. The value is evaluated as a template. | `[]` | -| `extraEnvVarsCM` | Name of a Config Map containing extra environment variables you would like to pass on to the pod. The value is evaluated as a template. | `nil` | -| `postgresqlInitdbArgs` | PostgreSQL initdb extra arguments | `nil` | -| `postgresqlInitdbWalDir` | PostgreSQL location for transaction log | `nil` | -| `postgresqlConfiguration` | Runtime Config Parameters | `nil` | -| `postgresqlExtendedConf` | Extended Runtime Config Parameters (appended to main or default configuration) | `nil` | -| `pgHbaConfiguration` | Content of pg_hba.conf | `nil (do not create pg_hba.conf)` | -| `configurationConfigMap` | ConfigMap with the PostgreSQL configuration files (Note: Overrides `postgresqlConfiguration` and `pgHbaConfiguration`). The value is evaluated as a template. | `nil` | -| `extendedConfConfigMap` | ConfigMap with the extended PostgreSQL configuration files. The value is evaluated as a template. | `nil` | -| `initdbScripts` | Dictionary of initdb scripts | `nil` | -| `initdbUser` | PostgreSQL user to execute the .sql and sql.gz scripts | `nil` | -| `initdbPassword` | Password for the user specified in `initdbUser` | `nil` | -| `initdbScriptsConfigMap` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`). The value is evaluated as a template. | `nil` | -| `initdbScriptsSecret` | Secret with initdb scripts that contain sensitive information (Note: can be used with `initdbScriptsConfigMap` or `initdbScripts`). The value is evaluated as a template. | `nil` | -| `service.type` | Kubernetes Service type | `ClusterIP` | -| `service.port` | PostgreSQL port | `5432` | -| `service.nodePort` | Kubernetes Service nodePort | `nil` | -| `service.annotations` | Annotations for PostgreSQL service | `{}` (evaluated as a template) | -| `service.loadBalancerIP` | loadBalancerIP if service type is `LoadBalancer` | `nil` | -| `service.loadBalancerSourceRanges` | Address that are allowed when svc is LoadBalancer | `[]` (evaluated as a template) | -| `schedulerName` | Name of the k8s scheduler (other than default) | `nil` | -| `shmVolume.enabled` | Enable emptyDir volume for /dev/shm for master and slave(s) Pod(s) | `true` | -| `shmVolume.chmod.enabled` | Run at init chmod 777 of the /dev/shm (ignored if `volumePermissions.enabled` is `false`) | `true` | -| `persistence.enabled` | Enable persistence using PVC | `true` | -| `persistence.existingClaim` | Provide an existing `PersistentVolumeClaim`, the value is evaluated as a template. | `nil` | -| `persistence.mountPath` | Path to mount the volume at | `/bitnami/postgresql` | -| `persistence.subPath` | Subdirectory of the volume to mount at | `""` | -| `persistence.storageClass` | PVC Storage Class for PostgreSQL volume | `nil` | -| `persistence.accessModes` | PVC Access Mode for PostgreSQL volume | `[ReadWriteOnce]` | -| `persistence.size` | PVC Storage Request for PostgreSQL volume | `8Gi` | -| `persistence.annotations` | Annotations for the PVC | `{}` | -| `commonAnnotations` | Annotations to be added to all deployed resources (rendered as a template) | `{}` | -| `master.nodeSelector` | Node labels for pod assignment (postgresql master) | `{}` | -| `master.affinity` | Affinity labels for pod assignment (postgresql master) | `{}` | -| `master.tolerations` | Toleration labels for pod assignment (postgresql master) | `[]` | -| `master.anotations` | Map of annotations to add to the statefulset (postgresql master) | `{}` | -| `master.labels` | Map of labels to add to the statefulset (postgresql master) | `{}` | -| `master.podAnnotations` | Map of annotations to add to the pods (postgresql master) | `{}` | -| `master.podLabels` | Map of labels to add to the pods (postgresql master) | `{}` | -| `master.priorityClassName` | Priority Class to use for each pod (postgresql master) | `nil` | -| `master.extraInitContainers` | Additional init containers to add to the pods (postgresql master) | `[]` | -| `master.extraVolumeMounts` | Additional volume mounts to add to the pods (postgresql master) | `[]` | -| `master.extraVolumes` | Additional volumes to add to the pods (postgresql master) | `[]` | -| `master.sidecars` | Add additional containers to the pod | `[]` | -| `master.service.type` | Allows using a different service type for Master | `nil` | -| `master.service.nodePort` | Allows using a different nodePort for Master | `nil` | -| `master.service.clusterIP` | Allows using a different clusterIP for Master | `nil` | -| `slave.nodeSelector` | Node labels for pod assignment (postgresql slave) | `{}` | -| `slave.affinity` | Affinity labels for pod assignment (postgresql slave) | `{}` | -| `slave.tolerations` | Toleration labels for pod assignment (postgresql slave) | `[]` | -| `slave.anotations` | Map of annotations to add to the statefulsets (postgresql slave) | `{}` | -| `slave.labels` | Map of labels to add to the statefulsets (postgresql slave) | `{}` | -| `slave.podAnnotations` | Map of annotations to add to the pods (postgresql slave) | `{}` | -| `slave.podLabels` | Map of labels to add to the pods (postgresql slave) | `{}` | -| `slave.priorityClassName` | Priority Class to use for each pod (postgresql slave) | `nil` | -| `slave.extraInitContainers` | Additional init containers to add to the pods (postgresql slave) | `[]` | -| `slave.extraVolumeMounts` | Additional volume mounts to add to the pods (postgresql slave) | `[]` | -| `slave.extraVolumes` | Additional volumes to add to the pods (postgresql slave) | `[]` | -| `slave.sidecars` | Add additional containers to the pod | `[]` | -| `slave.service.type` | Allows using a different service type for Slave | `nil` | -| `slave.service.nodePort` | Allows using a different nodePort for Slave | `nil` | -| `slave.service.clusterIP` | Allows using a different clusterIP for Slave | `nil` | -| `slave.persistence.enabled` | Whether to enable slave replicas persistence | `true` | -| `terminationGracePeriodSeconds` | Seconds the pod needs to terminate gracefully | `nil` | -| `resources` | CPU/Memory resource requests/limits | Memory: `256Mi`, CPU: `250m` | -| `securityContext.enabled` | Enable security context | `true` | -| `securityContext.fsGroup` | Group ID for the container | `1001` | -| `securityContext.runAsUser` | User ID for the container | `1001` | -| `serviceAccount.enabled` | Enable service account (Note: Service Account will only be automatically created if `serviceAccount.name` is not set) | `false` | -| `serviceAccount.name` | Name of existing service account | `nil` | -| `livenessProbe.enabled` | Would you like a livenessProbe to be enabled | `true` | -| `networkPolicy.enabled` | Enable NetworkPolicy | `false` | -| `networkPolicy.allowExternal` | Don't require client label for connections | `true` | -| `networkPolicy.explicitNamespacesSelector` | A Kubernetes LabelSelector to explicitly select namespaces from which ingress traffic could be allowed | `{}` | -| `livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 30 | -| `livenessProbe.periodSeconds` | How often to perform the probe | 10 | -| `livenessProbe.timeoutSeconds` | When the probe times out | 5 | -| `livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | -| `livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | -| `readinessProbe.enabled` | would you like a readinessProbe to be enabled | `true` | -| `readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | 5 | -| `readinessProbe.periodSeconds` | How often to perform the probe | 10 | -| `readinessProbe.timeoutSeconds` | When the probe times out | 5 | -| `readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | -| `readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | -| `tls.enabled` | Enable TLS traffic support | `false` | -| `tls.preferServerCiphers` | Whether to use the server's TLS cipher preferences rather than the client's | `true` | -| `tls.certificatesSecret` | Name of an existing secret that contains the certificates | `nil` | -| `tls.certFilename` | Certificate filename | `""` | -| `tls.certKeyFilename` | Certificate key filename | `""` | -| `tls.certCAFilename` | CA Certificate filename. If provided, PostgreSQL will authenticate TLS/SSL clients by requesting them a certificate. |`nil` | -| `tls.crlFilename` | File containing a Certificate Revocation List |`nil` | -| `metrics.enabled` | Start a prometheus exporter | `false` | -| `metrics.service.type` | Kubernetes Service type | `ClusterIP` | -| `service.clusterIP` | Static clusterIP or None for headless services | `nil` | -| `metrics.service.annotations` | Additional annotations for metrics exporter pod | `{ prometheus.io/scrape: "true", prometheus.io/port: "9187"}` | -| `metrics.service.loadBalancerIP` | loadBalancerIP if redis metrics service type is `LoadBalancer` | `nil` | -| `metrics.serviceMonitor.enabled` | Set this to `true` to create ServiceMonitor for Prometheus operator | `false` | -| `metrics.serviceMonitor.additionalLabels` | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus | `{}` | -| `metrics.serviceMonitor.namespace` | Optional namespace in which to create ServiceMonitor | `nil` | -| `metrics.serviceMonitor.interval` | Scrape interval. If not set, the Prometheus default scrape interval is used | `nil` | -| `metrics.serviceMonitor.scrapeTimeout` | Scrape timeout. If not set, the Prometheus default scrape timeout is used | `nil` | -| `metrics.prometheusRule.enabled` | Set this to true to create prometheusRules for Prometheus operator | `false` | -| `metrics.prometheusRule.additionalLabels` | Additional labels that can be used so prometheusRules will be discovered by Prometheus | `{}` | -| `metrics.prometheusRule.namespace` | namespace where prometheusRules resource should be created | the same namespace as postgresql | -| `metrics.prometheusRule.rules` | [rules](https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/) to be created, check values for an example. | `[]` | -| `metrics.image.registry` | PostgreSQL Exporter Image registry | `docker.io` | -| `metrics.image.repository` | PostgreSQL Exporter Image name | `bitnami/postgres-exporter` | -| `metrics.image.tag` | PostgreSQL Exporter Image tag | `{TAG_NAME}` | -| `metrics.image.pullPolicy` | PostgreSQL Exporter Image pull policy | `IfNotPresent` | -| `metrics.image.pullSecrets` | Specify Image pull secrets | `nil` (does not add image pull secrets to deployed pods) | -| `metrics.customMetrics` | Additional custom metrics | `nil` | -| `metrics.extraEnvVars` | Extra environment variables to add to exporter | `{}` (evaluated as a template) | -| `metrics.securityContext.enabled` | Enable security context for metrics | `false` | -| `metrics.securityContext.runAsUser` | User ID for the container for metrics | `1001` | -| `metrics.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 30 | -| `metrics.livenessProbe.periodSeconds` | How often to perform the probe | 10 | -| `metrics.livenessProbe.timeoutSeconds` | When the probe times out | 5 | -| `metrics.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | -| `metrics.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | -| `metrics.readinessProbe.enabled` | would you like a readinessProbe to be enabled | `true` | -| `metrics.readinessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 5 | -| `metrics.readinessProbe.periodSeconds` | How often to perform the probe | 10 | -| `metrics.readinessProbe.timeoutSeconds` | When the probe times out | 5 | -| `metrics.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | -| `metrics.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | -| `updateStrategy` | Update strategy policy | `{type: "RollingUpdate"}` | -| `psp.create` | Create Pod Security Policy | `false` | -| `rbac.create` | Create Role and RoleBinding (required for PSP to work) | `false` | - - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```console -$ helm install my-release \ - --set postgresqlPassword=secretpassword,postgresqlDatabase=my-database \ - bitnami/postgresql -``` - -The above command sets the PostgreSQL `postgres` account password to `secretpassword`. Additionally it creates a database named `my-database`. - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```console -$ helm install my-release -f values.yaml bitnami/postgresql -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -## Configuration and installation details - -### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) - -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. - -Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. - -### Production configuration and horizontal scaling - -This chart includes a `values-production.yaml` file where you can find some parameters oriented to production configuration in comparison to the regular `values.yaml`. You can use this file instead of the default one. - -- Enable replication: -```diff -- replication.enabled: false -+ replication.enabled: true -``` - -- Number of slaves replicas: -```diff -- replication.slaveReplicas: 1 -+ replication.slaveReplicas: 2 -``` - -- Set synchronous commit mode: -```diff -- replication.synchronousCommit: "off" -+ replication.synchronousCommit: "on" -``` - -- Number of replicas that will have synchronous replication: -```diff -- replication.numSynchronousReplicas: 0 -+ replication.numSynchronousReplicas: 1 -``` - -- Start a prometheus exporter: -```diff -- metrics.enabled: false -+ metrics.enabled: true -``` - -To horizontally scale this chart, you can use the `--replicas` flag to modify the number of nodes in your PostgreSQL deployment. Also you can use the `values-production.yaml` file or modify the parameters shown above. - -### Customizing Master and Slave services in a replicated configuration - -At the top level, there is a service object which defines the services for both master and slave. For deeper customization, there are service objects for both the master and slave types individually. This allows you to override the values in the top level service object so that the master and slave can be of different service types and with different clusterIPs / nodePorts. Also in the case you want the master and slave to be of type nodePort, you will need to set the nodePorts to different values to prevent a collision. The values that are deeper in the master.service or slave.service objects will take precedence over the top level service object. - -### Change PostgreSQL version - -To modify the PostgreSQL version used in this chart you can specify a [valid image tag](https://hub.docker.com/r/bitnami/postgresql/tags/) using the `image.tag` parameter. For example, `image.tag=X.Y.Z`. This approach is also applicable to other images like exporters. - -### postgresql.conf / pg_hba.conf files as configMap - -This helm chart also supports to customize the whole configuration file. - -Add your custom file to "files/postgresql.conf" in your working directory. This file will be mounted as configMap to the containers and it will be used for configuring the PostgreSQL server. - -Alternatively, you can specify PostgreSQL configuration parameters using the `postgresqlConfiguration` parameter as a dict, using camelCase, e.g. {"sharedBuffers": "500MB"}. - -In addition to these options, you can also set an external ConfigMap with all the configuration files. This is done by setting the `configurationConfigMap` parameter. Note that this will override the two previous options. - -### Allow settings to be loaded from files other than the default `postgresql.conf` - -If you don't want to provide the whole PostgreSQL configuration file and only specify certain parameters, you can add your extended `.conf` files to "files/conf.d/" in your working directory. -Those files will be mounted as configMap to the containers adding/overwriting the default configuration using the `include_dir` directive that allows settings to be loaded from files other than the default `postgresql.conf`. - -Alternatively, you can also set an external ConfigMap with all the extra configuration files. This is done by setting the `extendedConfConfigMap` parameter. Note that this will override the previous option. - -### Initialize a fresh instance - -The [Bitnami PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) image allows you to use your custom scripts to initialize a fresh instance. In order to execute the scripts, they must be located inside the chart folder `files/docker-entrypoint-initdb.d` so they can be consumed as a ConfigMap. - -Alternatively, you can specify custom scripts using the `initdbScripts` parameter as dict. - -In addition to these options, you can also set an external ConfigMap with all the initialization scripts. This is done by setting the `initdbScriptsConfigMap` parameter. Note that this will override the two previous options. If your initialization scripts contain sensitive information such as credentials or passwords, you can use the `initdbScriptsSecret` parameter. - -The allowed extensions are `.sh`, `.sql` and `.sql.gz`. - -### Securing traffic using TLS - -TLS support can be enabled in the chart by specifying the `tls.` parameters while creating a release. The following parameters should be configured to properly enable the TLS support in the chart: - -- `tls.enabled`: Enable TLS support. Defaults to `false` -- `tls.certificatesSecret`: Name of an existing secret that contains the certificates. No defaults. -- `tls.certFilename`: Certificate filename. No defaults. -- `tls.certKeyFilename`: Certificate key filename. No defaults. - -For example: - -* First, create the secret with the cetificates files: - - ```console - kubectl create secret generic certificates-tls-secret --from-file=./cert.crt --from-file=./cert.key --from-file=./ca.crt - ``` - -* Then, use the following parameters: - - ```console - volumePermissions.enabled=true - tls.enabled=true - tls.certificatesSecret="certificates-tls-secret" - tls.certFilename="cert.crt" - tls.certKeyFilename="cert.key" - ``` - - > Note TLS and VolumePermissions: PostgreSQL requires certain permissions on sensitive files (such as certificate keys) to start up. Due to an on-going [issue](https://github.com/kubernetes/kubernetes/issues/57923) regarding kubernetes permissions and the use of `securityContext.runAsUser`, you must enable `volumePermissions` to ensure everything works as expected. - -### Sidecars - -If you need additional containers to run within the same pod as PostgreSQL (e.g. an additional metrics or logging exporter), you can do so via the `sidecars` config parameter. Simply define your container according to the Kubernetes container spec. - -```yaml -# For the PostgreSQL master -master: - sidecars: - - name: your-image-name - image: your-image - imagePullPolicy: Always - ports: - - name: portname - containerPort: 1234 -# For the PostgreSQL replicas -slave: - sidecars: - - name: your-image-name - image: your-image - imagePullPolicy: Always - ports: - - name: portname - containerPort: 1234 -``` - -### Metrics - -The chart optionally can start a metrics exporter for [prometheus](https://prometheus.io). The metrics endpoint (port 9187) is not exposed and it is expected that the metrics are collected from inside the k8s cluster using something similar as the described in the [example Prometheus scrape configuration](https://github.com/prometheus/prometheus/blob/master/documentation/examples/prometheus-kubernetes.yml). - -The exporter allows to create custom metrics from additional SQL queries. See the Chart's `values.yaml` for an example and consult the [exporters documentation](https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file) for more details. - -### Use of global variables - -In more complex scenarios, we may have the following tree of dependencies - -``` - +--------------+ - | | - +------------+ Chart 1 +-----------+ - | | | | - | --------+------+ | - | | | - | | | - | | | - | | | - v v v -+-------+------+ +--------+------+ +--------+------+ -| | | | | | -| PostgreSQL | | Sub-chart 1 | | Sub-chart 2 | -| | | | | | -+--------------+ +---------------+ +---------------+ -``` - -The three charts below depend on the parent chart Chart 1. However, subcharts 1 and 2 may need to connect to PostgreSQL as well. In order to do so, subcharts 1 and 2 need to know the PostgreSQL credentials, so one option for deploying could be deploy Chart 1 with the following parameters: - -``` -postgresql.postgresqlPassword=testtest -subchart1.postgresql.postgresqlPassword=testtest -subchart2.postgresql.postgresqlPassword=testtest -postgresql.postgresqlDatabase=db1 -subchart1.postgresql.postgresqlDatabase=db1 -subchart2.postgresql.postgresqlDatabase=db1 -``` - -If the number of dependent sub-charts increases, installing the chart with parameters can become increasingly difficult. An alternative would be to set the credentials using global variables as follows: - -``` -global.postgresql.postgresqlPassword=testtest -global.postgresql.postgresqlDatabase=db1 -``` - -This way, the credentials will be available in all of the subcharts. - -## Persistence - -The [Bitnami PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) image stores the PostgreSQL data and configurations at the `/bitnami/postgresql` path of the container. - -Persistent Volume Claims are used to keep the data across deployments. This is known to work in GCE, AWS, and minikube. -See the [Parameters](#parameters) section to configure the PVC or to disable persistence. - -If you already have data in it, you will fail to sync to standby nodes for all commits, details can refer to [code](https://github.com/bitnami/bitnami-docker-postgresql/blob/8725fe1d7d30ebe8d9a16e9175d05f7ad9260c93/9.6/debian-9/rootfs/libpostgresql.sh#L518-L556). If you need to use those data, please covert them to sql and import after `helm install` finished. - -## NetworkPolicy - -To enable network policy for PostgreSQL, install [a networking plugin that implements the Kubernetes NetworkPolicy spec](https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy#before-you-begin), and set `networkPolicy.enabled` to `true`. - -For Kubernetes v1.5 & v1.6, you must also turn on NetworkPolicy by setting the DefaultDeny namespace annotation. Note: this will enforce policy for _all_ pods in the namespace: - -```console -$ kubectl annotate namespace default "net.beta.kubernetes.io/network-policy={\"ingress\":{\"isolation\":\"DefaultDeny\"}}" -``` - -With NetworkPolicy enabled, traffic will be limited to just port 5432. - -For more precise policy, set `networkPolicy.allowExternal=false`. This will only allow pods with the generated client label to connect to PostgreSQL. -This label will be displayed in the output of a successful install. - -## Differences between Bitnami PostgreSQL image and [Docker Official](https://hub.docker.com/_/postgres) image - -- The Docker Official PostgreSQL image does not support replication. If you pass any replication environment variable, this would be ignored. The only environment variables supported by the Docker Official image are POSTGRES_USER, POSTGRES_DB, POSTGRES_PASSWORD, POSTGRES_INITDB_ARGS, POSTGRES_INITDB_WALDIR and PGDATA. All the remaining environment variables are specific to the Bitnami PostgreSQL image. -- The Bitnami PostgreSQL image is non-root by default. This requires that you run the pod with `securityContext` and updates the permissions of the volume with an `initContainer`. A key benefit of this configuration is that the pod follows security best practices and is prepared to run on Kubernetes distributions with hard security constraints like OpenShift. -- For OpenShift, one may either define the runAsUser and fsGroup accordingly, or try this more dynamic option: volumePermissions.securityContext.runAsUser="auto",securityContext.enabled=false,shmVolume.chmod.enabled=false - -### Deploy chart using Docker Official PostgreSQL Image - -From chart version 4.0.0, it is possible to use this chart with the Docker Official PostgreSQL image. -Besides specifying the new Docker repository and tag, it is important to modify the PostgreSQL data directory and volume mount point. Basically, the PostgreSQL data dir cannot be the mount point directly, it has to be a subdirectory. - -``` -image.repository=postgres -image.tag=10.6 -postgresqlDataDir=/data/pgdata -persistence.mountPath=/data/ -``` - -## Upgrade - -It's necessary to specify the existing passwords while performing an upgrade to ensure the secrets are not updated with invalid randomly generated passwords. Remember to specify the existing values of the `postgresqlPassword` and `replication.password` parameters when upgrading the chart: - -```bash -$ helm upgrade my-release stable/postgresql \ - --set postgresqlPassword=[POSTGRESQL_PASSWORD] \ - --set replication.password=[REPLICATION_PASSWORD] -``` - -> Note: you need to substitute the placeholders _[POSTGRESQL_PASSWORD]_, and _[REPLICATION_PASSWORD]_ with the values obtained from instructions in the installation notes. - -## 9.0.0 - -In this version the chart was adapted to follow the Helm label best practices, see [PR 3021](https://github.com/bitnami/charts/pull/3021). That means the backward compatibility is not guarantee when upgrading the chart to this major version. - -As a workaround, you can delete the existing statefulset (using the `--cascade=false` flag pods are not deleted) before upgrade the chart. For example, this can be a valid workflow: - -- Deploy an old version (8.X.X) -```console -$ helm install postgresql bitnami/postgresql --version 8.10.14 -``` - -- Old version is up and running -```console -$ helm ls -NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION -postgresql default 1 2020-08-04 13:39:54.783480286 +0000 UTC deployed postgresql-8.10.14 11.8.0 - -$ kubectl get pods -NAME READY STATUS RESTARTS AGE -postgresql-postgresql-0 1/1 Running 0 76s -``` - -- The upgrade to the latest one (9.X.X) is going to fail -```console -$ helm upgrade postgresql bitnami/postgresql -Error: UPGRADE FAILED: cannot patch "postgresql-postgresql" with kind StatefulSet: StatefulSet.apps "postgresql-postgresql" is invalid: spec: Forbidden: updates to statefulset spec for fields other than 'replicas', 'template', and 'updateStrategy' are forbidden -``` - -- Delete the statefulset -```console -$ kubectl delete statefulsets.apps --cascade=false postgresql-postgresql -statefulset.apps "postgresql-postgresql" deleted -``` - -- Now the upgrade works -```cosnole -$ helm upgrade postgresql bitnami/postgresql -$ helm ls -NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION -postgresql default 3 2020-08-04 13:42:08.020385884 +0000 UTC deployed postgresql-9.1.2 11.8.0 -``` - -- We can kill the existing pod and the new statefulset is going to create a new one: -```console -$ kubectl delete pod postgresql-postgresql-0 -pod "postgresql-postgresql-0" deleted - -$ kubectl get pods -NAME READY STATUS RESTARTS AGE -postgresql-postgresql-0 1/1 Running 0 19s -``` - -Please, note that without the `--cascade=false` both objects (statefulset and pod) are going to be removed and both objects will be deployed again with the `helm upgrade` command - -## 8.0.0 - -Prefixes the port names with their protocols to comply with Istio conventions. - -If you depend on the port names in your setup, make sure to update them to reflect this change. - -## 7.1.0 - -Adds support for LDAP configuration. - -## 7.0.0 - -Helm performs a lookup for the object based on its group (apps), version (v1), and kind (Deployment). Also known as its GroupVersionKind, or GVK. Changing the GVK is considered a compatibility breaker from Kubernetes' point of view, so you cannot "upgrade" those objects to the new GVK in-place. Earlier versions of Helm 3 did not perform the lookup correctly which has since been fixed to match the spec. - -In https://github.com/helm/charts/pull/17281 the `apiVersion` of the statefulset resources was updated to `apps/v1` in tune with the api's deprecated, resulting in compatibility breakage. - -This major version bump signifies this change. - -## 6.5.7 - -In this version, the chart will use PostgreSQL with the Postgis extension included. The version used with Postgresql version 10, 11 and 12 is Postgis 2.5. It has been compiled with the following dependencies: - -- protobuf -- protobuf-c -- json-c -- geos -- proj - -## 5.0.0 - -In this version, the **chart is using PostgreSQL 11 instead of PostgreSQL 10**. You can find the main difference and notable changes in the following links: [https://www.postgresql.org/about/news/1894/](https://www.postgresql.org/about/news/1894/) and [https://www.postgresql.org/about/featurematrix/](https://www.postgresql.org/about/featurematrix/). - -For major releases of PostgreSQL, the internal data storage format is subject to change, thus complicating upgrades, you can see some errors like the following one in the logs: - -```console -Welcome to the Bitnami postgresql container -Subscribe to project updates by watching https://github.com/bitnami/bitnami-docker-postgresql -Submit issues and feature requests at https://github.com/bitnami/bitnami-docker-postgresql/issues -Send us your feedback at containers@bitnami.com - -INFO ==> ** Starting PostgreSQL setup ** -NFO ==> Validating settings in POSTGRESQL_* env vars.. -INFO ==> Initializing PostgreSQL database... -INFO ==> postgresql.conf file not detected. Generating it... -INFO ==> pg_hba.conf file not detected. Generating it... -INFO ==> Deploying PostgreSQL with persisted data... -INFO ==> Configuring replication parameters -INFO ==> Loading custom scripts... -INFO ==> Enabling remote connections -INFO ==> Stopping PostgreSQL... -INFO ==> ** PostgreSQL setup finished! ** - -INFO ==> ** Starting PostgreSQL ** - [1] FATAL: database files are incompatible with server - [1] DETAIL: The data directory was initialized by PostgreSQL version 10, which is not compatible with this version 11.3. -``` - -In this case, you should migrate the data from the old chart to the new one following an approach similar to that described in [this section](https://www.postgresql.org/docs/current/upgrading.html#UPGRADING-VIA-PGDUMPALL) from the official documentation. Basically, create a database dump in the old chart, move and restore it in the new one. - -### 4.0.0 - -This chart will use by default the Bitnami PostgreSQL container starting from version `10.7.0-r68`. This version moves the initialization logic from node.js to bash. This new version of the chart requires setting the `POSTGRES_PASSWORD` in the slaves as well, in order to properly configure the `pg_hba.conf` file. Users from previous versions of the chart are advised to upgrade immediately. - -IMPORTANT: If you do not want to upgrade the chart version then make sure you use the `10.7.0-r68` version of the container. Otherwise, you will get this error - -``` -The POSTGRESQL_PASSWORD environment variable is empty or not set. Set the environment variable ALLOW_EMPTY_PASSWORD=yes to allow the container to be started with blank passwords. This is recommended only for development -``` - -### 3.0.0 - -This releases make it possible to specify different nodeSelector, affinity and tolerations for master and slave pods. -It also fixes an issue with `postgresql.master.fullname` helper template not obeying fullnameOverride. - -#### Breaking changes - -- `affinty` has been renamed to `master.affinity` and `slave.affinity`. -- `tolerations` has been renamed to `master.tolerations` and `slave.tolerations`. -- `nodeSelector` has been renamed to `master.nodeSelector` and `slave.nodeSelector`. - -### 2.0.0 - -In order to upgrade from the `0.X.X` branch to `1.X.X`, you should follow the below steps: - - - Obtain the service name (`SERVICE_NAME`) and password (`OLD_PASSWORD`) of the existing postgresql chart. You can find the instructions to obtain the password in the NOTES.txt, the service name can be obtained by running - -```console -$ kubectl get svc -``` - -- Install (not upgrade) the new version - -```console -$ helm repo update -$ helm install my-release bitnami/postgresql -``` - -- Connect to the new pod (you can obtain the name by running `kubectl get pods`): - -```console -$ kubectl exec -it NAME bash -``` - -- Once logged in, create a dump file from the previous database using `pg_dump`, for that we should connect to the previous postgresql chart: - -```console -$ pg_dump -h SERVICE_NAME -U postgres DATABASE_NAME > /tmp/backup.sql -``` - -After run above command you should be prompted for a password, this password is the previous chart password (`OLD_PASSWORD`). -This operation could take some time depending on the database size. - -- Once you have the backup file, you can restore it with a command like the one below: - -```console -$ psql -U postgres DATABASE_NAME < /tmp/backup.sql -``` - -In this case, you are accessing to the local postgresql, so the password should be the new one (you can find it in NOTES.txt). - -If you want to restore the database and the database schema does not exist, it is necessary to first follow the steps described below. - -```console -$ psql -U postgres -postgres=# drop database DATABASE_NAME; -postgres=# create database DATABASE_NAME; -postgres=# create user USER_NAME; -postgres=# alter role USER_NAME with password 'BITNAMI_USER_PASSWORD'; -postgres=# grant all privileges on database DATABASE_NAME to USER_NAME; -postgres=# alter database DATABASE_NAME owner to USER_NAME; -``` diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/.helmignore b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/.helmignore deleted file mode 100755 index 50af03172..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/Chart.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/Chart.yaml deleted file mode 100755 index e6bac7873..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/Chart.yaml +++ /dev/null @@ -1,20 +0,0 @@ -annotations: - category: Infrastructure -apiVersion: v1 -appVersion: 0.6.2 -description: A Library Helm Chart for grouping common logic between bitnami charts. This chart is not deployable by itself. -home: http://www.bitnami.com/ -icon: https://bitnami.com/downloads/logos/bitnami-mark.png -keywords: -- common -- helper -- template -- function -- bitnami -maintainers: -- email: containers@bitnami.com - name: Bitnami -name: common -sources: -- https://github.com/bitnami/charts -version: 0.6.2 diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/README.md b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/README.md deleted file mode 100755 index e04391a3f..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/README.md +++ /dev/null @@ -1,274 +0,0 @@ -# Bitnami Common Library Chart - -A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between bitnami charts. - -## TL;DR - -```yaml -dependencies: - - name: common - version: 0.x.x - repository: https://charts.bitnami.com/bitnami -``` - -```bash -$ helm dependency update -``` - -```yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.names.fullname" . }} -data: - myvalue: "Hello World" -``` - -## Introduction - -This chart provides a common template helpers which can be used to develop new charts using [Helm](https://helm.sh) package manager. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This Helm chart has been tested on top of [Bitnami Kubernetes Production Runtime](https://kubeprod.io/) (BKPR). Deploy BKPR to get automated TLS certificates, logging and monitoring for your applications. - -## Prerequisites - -- Kubernetes 1.12+ -- Helm 2.12+ or Helm 3.0-beta3+ - -## Parameters - -The following table lists the helpers available in the library which are scoped in different sections. - -**Names** - -| Helper identifier | Description | Expected Input | -|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.names.name` | Expand the name of the chart or use `.Values.nameOverride` | `.` Chart context | -| `common.names.fullname` | Create a default fully qualified app name. | `.` Chart context | -| `common.names.chart` | Chart name plus version | `.` Chart context | - -**Images** - -| Helper identifier | Description | Expected Input | -|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.images.image` | Return the proper and full image name | `dict "imageRoot" .Values.path.to.the.image "global" $`, see [ImageRoot](#imageroot) for the structure. | -| `common.images.pullSecrets` | Return the proper Docker Image Registry Secret Names | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global` | - -**Labels** - -| Helper identifier | Description | Expected Input | -|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.labels.standard` | Return Kubernetes standard labels | `.` Chart context | -| `common.labels.matchLabels` | Return the proper Docker Image Registry Secret Names | `.` Chart context | - -**Storage** - -| Helper identifier | Description | Expected Input | -|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.storage.class` | Return the proper Storage Class | `dict "persistence" .Values.path.to.the.persistence "global" $`, see [Persistence](#persistence) for the structure. | - -**TplValues** - -| Helper identifier | Description | Expected Input | -|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.tplvalues.render` | Renders a value that contains template | `dict "value" .Values.path.to.the.Value "context" $`, value is the value should rendered as template, context frecuently is the chart context `$` or `.` | - -**Capabilities** - -| Helper identifier | Description | Expected Input | -|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.capabilities.deployment.apiVersion` | Return the appropriate apiVersion for deployment. | `.` Chart context | -| `common.capabilities.ingress.apiVersion` | Return the appropriate apiVersion for ingress. | `.` Chart context | - -**Validations** - -| Helper identifier | Description | Expected Input | -|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.validations.values.single.empty` | Validate a value must not be empty. | `dict "valueKey" "path.to.value" "secret" "secret.name" "field" "my-password" "context" $` secret and field are optional. In case they are given, the helper will generate a how to get instruction. See [ValidateValue](#validatevalue) | -| `common.validations.values.multiple.empty` | Validate a multiple values must not be empty. It returns a shared error for all the values. | `dict "required" (list $validateValueConf00 $validateValueConf01) "context" $`. See [ValidateValue](#validatevalue) | -| `common.validations.values.mariadb.passwords` | When a chart is using `bitnami/mariadb` as subchart you should use this to validate required password are not empty. It returns a shared error for all the values. | `dict "secret" "mariadb-secret" "context" $` | -| `common.validations.values.postgresql.passwords` | This helper will ensure required password are not empty. It returns a shared error for all the values. | `dict "secret" "postgresql-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use postgresql chart and the helper. | - -**Warnings** - -| Helper identifier | Description | Expected Input | -|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.warnings.rollingTag` | Warning about using rolling tag. | `ImageRoot` see [ImageRoot](#imageroot) for the structure. | - -**Errors** - -| Helper identifier | Description | Expected Input | -|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.errors.upgrade.passwords.empty` | It will ensure required passwords are given when we are upgrading a chart. If `validationErrors` is not empty it will throw an error and will stop the upgrade action. | `dict "validationErrors" (list $validationError00 $validationError01) "context" $` | - -**Utils** - -| Helper identifier | Description | Expected Input | -|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.utils.fieldToEnvVar` | Build environment variable name given a field. | `dict "field" "my-password"` | -| `common.utils.secret.getvalue` | Print instructions to get a secret value. | `dict "secret" "secret-name" "field" "secret-value-field" "context" $` | - -**Secrets** - -| Helper identifier | Description | Expected Input | -|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.secrets.name` | Generate the name of the secret. | `dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $` see [ExistingSecret](#existingsecret) for the structure. | -| `common.secrets.key` | Generate secret key. | `dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName"` see [ExistingSecret](#existingsecret) for the structure. | - -## Special input schemas - -### ImageRoot - -```yaml -registry: - type: string - description: Docker registry where the image is located - example: docker.io - -repository: - type: string - description: Repository and image name - example: bitnami/nginx - -tag: - type: string - description: image tag - example: 1.16.1-debian-10-r63 - -pullPolicy: - type: string - description: Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - -pullSecrets: - type: array - items: - type: string - description: Optionally specify an array of imagePullSecrets. - -debug: - type: boolean - description: Set to true if you would like to see extra information on logs - example: false - -## An instance would be: -# registry: docker.io -# repository: bitnami/nginx -# tag: 1.16.1-debian-10-r63 -# pullPolicy: IfNotPresent -# debug: false -``` - -### Persistence - -```yaml -enabled: - type: boolean - description: Whether enable persistence. - example: true - -storageClass: - type: string - description: Ghost data Persistent Volume Storage Class, If set to "-", storageClassName: "" which disables dynamic provisioning. - example: "-" - -accessMode: - type: string - description: Access mode for the Persistent Volume Storage. - example: ReadWriteOnce - -size: - type: string - description: Size the Persistent Volume Storage. - example: 8Gi - -path: - type: string - description: Path to be persisted. - example: /bitnami - -## An instance would be: -# enabled: true -# storageClass: "-" -# accessMode: ReadWriteOnce -# size: 8Gi -# path: /bitnami -``` - -### ExistingSecret -```yaml -name: - type: string - description: Name of the existing secret. - example: mySecret -keyMapping: - description: Mapping between the expected key name and the name of the key in the existing secret. - type: object - -## An instance would be: -# name: mySecret -# keyMapping: -# password: myPasswordKey -``` - -**Example of use** - -When we store sensitive data for a deployment in a secret, some times we want to give to users the possiblity of using theirs existing secrets. - -```yaml -# templates/secret.yaml ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.names.fullname" . }} - labels: - app: {{ include "common.names.fullname" . }} -type: Opaque -data: - password: {{ .Values.password | b64enc | quote }} - -# templates/dpl.yaml ---- -... - env: - - name: PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.secrets.name" (dict "existingSecret" .Values.existingSecret "context" $) }} - key: {{ include "common.secrets.key" (dict "existingSecret" .Values.existingSecret "key" "password") }} -... - -# values.yaml ---- -name: mySecret -keyMapping: - password: myPasswordKey -``` - -### ValidateValue - -**NOTES.txt** - -``` -{{- $validateValueConf00 := (dict "valueKey" "path.to.value00" "secret" "secretName" "field" "password-00") -}} -{{- $validateValueConf01 := (dict "valueKey" "path.to.value01" "secret" "secretName" "field" "password-01") -}} - -{{ include "common.validations.values.multiple.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} -``` - -If we force those values to be empty we will see some alerts - -```console -$ helm install test mychart --set path.to.value00="",path.to.value01="" - 'path.to.value00' must not be empty, please add '--set path.to.value00=$PASSWORD_00' to the command. To get the current value: - - export PASSWORD_00=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-00}" | base64 --decode) - - 'path.to.value01' must not be empty, please add '--set path.to.value01=$PASSWORD_01' to the command. To get the current value: - - export PASSWORD_01=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-01}" | base64 --decode) -``` - -## Notable changes - -N/A diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_capabilities.tpl b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_capabilities.tpl deleted file mode 100755 index c0ea2c70c..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_capabilities.tpl +++ /dev/null @@ -1,22 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Return the appropriate apiVersion for deployment. -*/}} -{{- define "common.capabilities.deployment.apiVersion" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for ingress. -*/}} -{{- define "common.capabilities.ingress.apiVersion" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1beta1" -}} -{{- end -}} -{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_errors.tpl b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_errors.tpl deleted file mode 100755 index d6d3ec65a..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_errors.tpl +++ /dev/null @@ -1,20 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Through error when upgrading using empty passwords values that must not be empty. - -Usage: -{{- $validationError00 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password00" "secret" "secretName" "field" "password-00") -}} -{{- $validationError01 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password01" "secret" "secretName" "field" "password-01") -}} -{{ include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $validationError00 $validationError01) "context" $) }} - -Required password params: - - validationErrors - String - Required. List of validation strings to be return, if it is empty it won't throw error. - - context - Context - Required. Parent context. -*/}} -{{- define "common.errors.upgrade.passwords.empty" -}} - {{- $validationErrors := join "" .validationErrors -}} - {{- if and $validationErrors .context.Release.IsUpgrade -}} - {{- $errorString := "\nPASSWORDS ERROR: you must provide your current passwords when upgrade the release%s" -}} - {{- printf $errorString $validationErrors | fail -}} - {{- end -}} -{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_images.tpl b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_images.tpl deleted file mode 100755 index aafde9f3b..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_images.tpl +++ /dev/null @@ -1,43 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Return the proper image name -{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" $) }} -*/}} -{{- define "common.images.image" -}} -{{- $registryName := .imageRoot.registry -}} -{{- $repositoryName := .imageRoot.repository -}} -{{- $tag := .imageRoot.tag | toString -}} -{{- if .global }} - {{- if .global.imageRegistry }} - {{- $registryName = .global.imageRegistry -}} - {{- end -}} -{{- end -}} -{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -{{ include "common.images.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global) }} -*/}} -{{- define "common.images.pullSecrets" -}} - {{- $pullSecrets := list }} - - {{- if .global }} - {{- range .global.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets . -}} - {{- end -}} - {{- end -}} - - {{- range .images -}} - {{- range .pullSecrets -}} - {{- $pullSecrets = append $pullSecrets . -}} - {{- end -}} - {{- end -}} - - {{- if (not (empty $pullSecrets)) }} -imagePullSecrets: - {{- range $pullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} -{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_labels.tpl b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_labels.tpl deleted file mode 100755 index 252066c7e..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_labels.tpl +++ /dev/null @@ -1,18 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Kubernetes standard labels -*/}} -{{- define "common.labels.standard" -}} -app.kubernetes.io/name: {{ include "common.names.name" . }} -helm.sh/chart: {{ include "common.names.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} - -{{/* -Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector -*/}} -{{- define "common.labels.matchLabels" -}} -app.kubernetes.io/name: {{ include "common.names.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_names.tpl b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_names.tpl deleted file mode 100755 index adf2a74f4..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_names.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "common.names.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "common.names.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "common.names.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_secrets.tpl b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_secrets.tpl deleted file mode 100755 index d6165a294..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_secrets.tpl +++ /dev/null @@ -1,49 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Generate secret name. - -Usage: -{{ include "common.secrets.name" (dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $) }} - -Params: - - existingSecret - ExistingSecret - Optional. The path to the existing secrets in the values.yaml given by the user - to be used istead of the default one. +info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret - - defaultNameSuffix - String - Optional. It is used only if we have several secrets in the same deployment. - - context - Dict - Required. The context for the template evaluation. -*/}} -{{- define "common.secrets.name" -}} -{{- $name := (include "common.names.fullname" .context) -}} - -{{- if .defaultNameSuffix -}} -{{- $name = cat $name .defaultNameSuffix -}} -{{- end -}} - -{{- with .existingSecret -}} -{{- $name = .name -}} -{{- end -}} - -{{- printf "%s" $name -}} -{{- end -}} - -{{/* -Generate secret key. - -Usage: -{{ include "common.secrets.key" (dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName") }} - -Params: - - existingSecret - ExistingSecret - Optional. The path to the existing secrets in the values.yaml given by the user - to be used istead of the default one. +info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret - - key - String - Required. Name of the key in the secret. -*/}} -{{- define "common.secrets.key" -}} -{{- $key := .key -}} - -{{- if .existingSecret -}} - {{- if .existingSecret.keyMapping -}} - {{- $key = index .existingSecret.keyMapping $.key -}} - {{- end -}} -{{- end -}} - -{{- printf "%s" $key -}} -{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_storage.tpl b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_storage.tpl deleted file mode 100755 index 60e2a844f..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_storage.tpl +++ /dev/null @@ -1,23 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Return the proper Storage Class -{{ include "common.storage.class" ( dict "persistence" .Values.path.to.the.persistence "global" $) }} -*/}} -{{- define "common.storage.class" -}} - -{{- $storageClass := .persistence.storageClass -}} -{{- if .global -}} - {{- if .global.storageClass -}} - {{- $storageClass = .global.storageClass -}} - {{- end -}} -{{- end -}} - -{{- if $storageClass -}} - {{- if (eq "-" $storageClass) -}} - {{- printf "storageClassName: \"\"" -}} - {{- else }} - {{- printf "storageClassName: %s" $storageClass -}} - {{- end -}} -{{- end -}} - -{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_tplvalues.tpl b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_tplvalues.tpl deleted file mode 100755 index 2db166851..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_tplvalues.tpl +++ /dev/null @@ -1,13 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Renders a value that contains template. -Usage: -{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $) }} -*/}} -{{- define "common.tplvalues.render" -}} - {{- if typeIs "string" .value }} - {{- tpl .value .context }} - {{- else }} - {{- tpl (.value | toYaml) .context }} - {{- end }} -{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_utils.tpl b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_utils.tpl deleted file mode 100755 index 7d02f2ef6..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_utils.tpl +++ /dev/null @@ -1,26 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Print instructions to get a secret value. -Usage: -{{ include "common.utils.secret.getvalue" (dict "secret" "secret-name" "field" "secret-value-field" "context" $) }} -*/}} -{{- define "common.utils.secret.getvalue" -}} -{{- $varname := include "common.utils.fieldToEnvVar" . -}} -export {{ $varname }}=$(kubectl get secret --namespace {{ .context.Release.Namespace }} {{ .secret }} -o jsonpath="{.data.{{ .field }}}" | base64 --decode) -{{- end -}} - -{{/* -Build env var name given a field -Usage: -{{ include "common.utils.fieldToEnvVar" dict "field" "my-password" }} -*/}} -{{- define "common.utils.fieldToEnvVar" -}} - {{- $fieldNameSplit := splitList "-" .field -}} - {{- $upperCaseFieldNameSplit := list -}} - - {{- range $fieldNameSplit -}} - {{- $upperCaseFieldNameSplit = append $upperCaseFieldNameSplit ( upper . ) -}} - {{- end -}} - - {{ join "_" $upperCaseFieldNameSplit }} -{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_validations.tpl b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_validations.tpl deleted file mode 100755 index 62635b30e..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_validations.tpl +++ /dev/null @@ -1,219 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Validate values must not be empty. - -Usage: -{{- $validateValueConf00 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-00") -}} -{{- $validateValueConf01 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-01") -}} -{{ include "common.validations.values.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} - -Validate value params: - - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" - - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" - - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" -*/}} -{{- define "common.validations.values.multiple.empty" -}} - {{- range .required -}} - {{- include "common.validations.values.single.empty" (dict "valueKey" .valueKey "secret" .secret "field" .field "context" $.context) -}} - {{- end -}} -{{- end -}} - - -{{/* -Validate a value must not be empty. - -Usage: -{{ include "common.validations.value.empty" (dict "valueKey" "mariadb.password" "secret" "secretName" "field" "my-password" "context" $) }} - -Validate value params: - - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" - - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" - - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" -*/}} -{{- define "common.validations.values.single.empty" -}} - {{- $valueKeyArray := splitList "." .valueKey -}} - {{- $value := "" -}} - {{- $latestObj := $.context.Values -}} - {{- range $valueKeyArray -}} - {{- if not $latestObj -}} - {{- printf "please review the entire path of '%s' exists in values" $.valueKey | fail -}} - {{- end -}} - - {{- $value = ( index $latestObj . ) -}} - {{- $latestObj = $value -}} - {{- end -}} - - {{- if not $value -}} - {{- $varname := "my-value" -}} - {{- $getCurrentValue := "" -}} - {{- if and .secret .field -}} - {{- $varname = include "common.utils.fieldToEnvVar" . -}} - {{- $getCurrentValue = printf " To get the current value:\n\n %s\n" (include "common.utils.secret.getvalue" .) -}} - {{- end -}} - - {{- printf "\n '%s' must not be empty, please add '--set %s=$%s' to the command.%s" .valueKey .valueKey $varname $getCurrentValue -}} - {{- end -}} -{{- end -}} - -{{/* -Validate a mariadb required password must not be empty. - -Usage: -{{ include "common.validations.values.mariadb.passwords" (dict "secret" "secretName" "context" $) }} - -Validate value params: - - secret - String - Required. Name of the secret where mysql values are stored, e.g: "mysql-passwords-secret" -*/}} -{{- define "common.validations.values.mariadb.passwords" -}} - {{- if and (not .context.Values.mariadb.existingSecret) .context.Values.mariadb.enabled -}} - {{- $requiredPasswords := list -}} - - {{- if .context.Values.mariadb.secret.requirePasswords -}} - {{- $requiredRootMariadbPassword := dict "valueKey" "mariadb.rootUser.password" "secret" .secretName "field" "mariadb-root-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRootMariadbPassword -}} - - {{- if not (empty .context.Values.mariadb.db.user) -}} - {{- $requiredMariadbPassword := dict "valueKey" "mariadb.db.password" "secret" .secretName "field" "mariadb-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredMariadbPassword -}} - {{- end -}} - - {{- if .context.Values.mariadb.replication.enabled -}} - {{- $requiredReplicationPassword := dict "valueKey" "mariadb.replication.password" "secret" .secretName "field" "mariadb-replication-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - {{- end -}} - {{- end -}} -{{- end -}} - -{{/* -Validate a postgresql required password must not be empty. - -Usage: -{{ include "common.validations.values.postgresql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where postgresql values are stored, e.g: "mysql-passwords-secret" - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.postgresql.passwords" -}} - {{- $existingSecret := include "common.postgresql.values.existingSecret" . -}} - {{- $enabled := include "common.postgresql.values.enabled" . -}} - {{- $valueKeyPostgresqlPassword := include "common.postgresql.values.key.postgressPassword" . -}} - {{- $enabledReplication := include "common.postgresql.values.enabled.replication" . -}} - {{- $valueKeyPostgresqlReplicationEnabled := include "common.postgresql.values.key.replicationPassword" . -}} - - {{- if and (not $existingSecret) $enabled -}} - {{- $requiredPasswords := list -}} - - {{- $requiredPostgresqlPassword := dict "valueKey" $valueKeyPostgresqlPassword "secret" .secret "field" "postgresql-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlPassword -}} - - {{- if $enabledReplication -}} - {{- $requiredPostgresqlReplicationPassword := dict "valueKey" $valueKeyPostgresqlReplicationEnabled "secret" .secret "field" "postgresql-replication-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlReplicationPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliar function to decide whether evaluate global values. - -Usage: -{{ include "common.postgresql.values.use.global" (dict "key" "key-of-global" "context" $) }} -Params: - - key - String - Required. Field to be evaluated within global, e.g: "existingSecret" -*/}} -{{- define "common.postgresql.values.use.global" -}} - {{- if .context.Values.global -}} - {{- if .context.Values.global.postgresql -}} - {{- index .context.Values.global.postgresql .key | quote -}} - {{- end -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliar function to get the right value for existingSecret. - -Usage: -{{ include "common.postgresql.values.existingSecret" (dict "context" $) }} -*/}} -{{- define "common.postgresql.values.existingSecret" -}} - {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "existingSecret" "context" .context) -}} - - {{- if .subchart -}} - {{- default (.context.Values.postgresql.existingSecret | quote) $globalValue -}} - {{- else -}} - {{- default (.context.Values.existingSecret | quote) $globalValue -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliar function to get the right value for enabled postgresql. - -Usage: -{{ include "common.postgresql.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.postgresql.values.enabled" -}} - {{- if .subchart -}} - {{- .context.Values.postgresql.enabled | quote -}} - {{- else -}} - true - {{- end -}} -{{- end -}} - -{{/* -Auxiliar function to get the right value for the key postgressPassword. - -Usage: -{{ include "common.postgresql.values.key.postgressPassword" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.postgresql.values.key.postgressPassword" -}} - {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "postgresqlUsername" "context" .context) -}} - - {{- if not $globalValue -}} - {{- if .subchart -}} - postgresql.postgresqlPassword - {{- else -}} - postgresqlPassword - {{- end -}} - {{- else -}} - global.postgresql.postgresqlPassword - {{- end -}} -{{- end -}} - -{{/* -Auxiliar function to get the right value for enabled.replication. - -Usage: -{{ include "common.postgresql.values.enabled.replication" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.postgresql.values.enabled.replication" -}} - {{- if .subchart -}} - {{- .context.Values.postgresql.replication.enabled | quote -}} - {{- else -}} - {{- .context.Values.replication.enabled | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliar function to get the right value for the key replication.password. - -Usage: -{{ include "common.postgresql.values.key.replicationPassword" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.postgresql.values.key.replicationPassword" -}} - {{- if .subchart -}} - postgresql.replication.password - {{- else -}} - replication.password - {{- end -}} -{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_warnings.tpl b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_warnings.tpl deleted file mode 100755 index ae10fa41e..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_warnings.tpl +++ /dev/null @@ -1,14 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Warning about using rolling tag. -Usage: -{{ include "common.warnings.rollingTag" .Values.path.to.the.imageRoot }} -*/}} -{{- define "common.warnings.rollingTag" -}} - -{{- if and (contains "bitnami/" .repository) (not (.tag | toString | regexFind "-r\\d+$|sha256:")) }} -WARNING: Rolling tag detected ({{ .repository }}:{{ .tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment. -+info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/ -{{- end }} - -{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/values.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/values.yaml deleted file mode 100755 index 9ecdc93f5..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/values.yaml +++ /dev/null @@ -1,3 +0,0 @@ -## bitnami/common -## It is required by CI/CD tools and processes. -exampleValue: common-chart diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/ci/commonAnnotations.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/ci/commonAnnotations.yaml deleted file mode 100755 index f6977823c..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/ci/commonAnnotations.yaml +++ /dev/null @@ -1,3 +0,0 @@ -commonAnnotations: - helm.sh/hook: 'pre-install, pre-upgrade' - helm.sh/hook-weight: '-1' diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/ci/default-values.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/ci/default-values.yaml deleted file mode 100755 index fc2ba605a..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/ci/default-values.yaml +++ /dev/null @@ -1 +0,0 @@ -# Leave this file empty to ensure that CI runs builds against the default configuration in values.yaml. diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/ci/shmvolume-disabled-values.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/ci/shmvolume-disabled-values.yaml deleted file mode 100755 index 347d3b40a..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/ci/shmvolume-disabled-values.yaml +++ /dev/null @@ -1,2 +0,0 @@ -shmVolume: - enabled: false diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/files/README.md b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/files/README.md deleted file mode 100755 index 1813a2fea..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/files/README.md +++ /dev/null @@ -1 +0,0 @@ -Copy here your postgresql.conf and/or pg_hba.conf files to use it as a config map. diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/files/conf.d/README.md b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/files/conf.d/README.md deleted file mode 100755 index 184c1875d..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/files/conf.d/README.md +++ /dev/null @@ -1,4 +0,0 @@ -If you don't want to provide the whole configuration file and only specify certain parameters, you can copy here your extended `.conf` files. -These files will be injected as a config maps and add/overwrite the default configuration using the `include_dir` directive that allows settings to be loaded from files other than the default `postgresql.conf`. - -More info in the [bitnami-docker-postgresql README](https://github.com/bitnami/bitnami-docker-postgresql#configuration-file). diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/files/docker-entrypoint-initdb.d/README.md b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/files/docker-entrypoint-initdb.d/README.md deleted file mode 100755 index cba38091e..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/files/docker-entrypoint-initdb.d/README.md +++ /dev/null @@ -1,3 +0,0 @@ -You can copy here your custom `.sh`, `.sql` or `.sql.gz` file so they are executed during the first boot of the image. - -More info in the [bitnami-docker-postgresql](https://github.com/bitnami/bitnami-docker-postgresql#initializing-a-new-instance) repository. \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/requirements.lock b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/requirements.lock deleted file mode 100755 index 72e1642e2..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/requirements.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: common - repository: https://charts.bitnami.com/bitnami - version: 0.6.2 -digest: sha256:740783295d301fdd168fafdbaa760de27ab54b0ff36b513589a5a2515072b885 -generated: "2020-09-01T17:40:02.795096189Z" diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/requirements.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/requirements.yaml deleted file mode 100755 index 2c28bfe14..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/requirements.yaml +++ /dev/null @@ -1,4 +0,0 @@ -dependencies: - - name: common - version: 0.x.x - repository: https://charts.bitnami.com/bitnami diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/NOTES.txt b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/NOTES.txt deleted file mode 100755 index 596e969ce..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/NOTES.txt +++ /dev/null @@ -1,59 +0,0 @@ -** Please be patient while the chart is being deployed ** - -PostgreSQL can be accessed via port {{ template "postgresql.port" . }} on the following DNS name from within your cluster: - - {{ template "postgresql.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local - Read/Write connection -{{- if .Values.replication.enabled }} - {{ template "postgresql.fullname" . }}-read.{{ .Release.Namespace }}.svc.cluster.local - Read only connection -{{- end }} - -{{- if and (not (eq .Values.postgresqlUsername "postgres")) (or .Values.postgresqlPostgresPassword (include "postgresql.useExistingSecret" .)) }} - -To get the password for "postgres" run: - - export POSTGRES_ADMIN_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "postgresql.secretName" . }} -o jsonpath="{.data.postgresql-postgres-password}" | base64 --decode) -{{- end }} - -To get the password for "{{ template "postgresql.username" . }}" run: - - export POSTGRES_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "postgresql.secretName" . }} -o jsonpath="{.data.postgresql-password}" | base64 --decode) - -To connect to your database run the following command: - - kubectl run {{ template "postgresql.fullname" . }}-client --rm --tty -i --restart='Never' --namespace {{ .Release.Namespace }} --image {{ template "postgresql.image" . }} --env="PGPASSWORD=$POSTGRES_PASSWORD" {{- if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }} - --labels="{{ template "postgresql.fullname" . }}-client=true" {{- end }} --command -- psql --host {{ template "postgresql.fullname" . }} -U {{ .Values.postgresqlUsername }} -d {{- if .Values.postgresqlDatabase }} {{ .Values.postgresqlDatabase }}{{- else }} postgres{{- end }} -p {{ template "postgresql.port" . }} - -{{ if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }} -Note: Since NetworkPolicy is enabled, only pods with label {{ template "postgresql.fullname" . }}-client=true" will be able to connect to this PostgreSQL cluster. -{{- end }} - -To connect to your database from outside the cluster execute the following commands: - -{{- if contains "NodePort" .Values.service.type }} - - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "postgresql.fullname" . }}) - {{ if (include "postgresql.password" . ) }}PGPASSWORD="$POSTGRES_PASSWORD" {{ end }}psql --host $NODE_IP --port $NODE_PORT -U {{ .Values.postgresqlUsername }} -d {{- if .Values.postgresqlDatabase }} {{ .Values.postgresqlDatabase }}{{- else }} postgres{{- end }} - -{{- else if contains "LoadBalancer" .Values.service.type }} - - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "postgresql.fullname" . }}' - - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "postgresql.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - {{ if (include "postgresql.password" . ) }}PGPASSWORD="$POSTGRES_PASSWORD" {{ end }}psql --host $SERVICE_IP --port {{ template "postgresql.port" . }} -U {{ .Values.postgresqlUsername }} -d {{- if .Values.postgresqlDatabase }} {{ .Values.postgresqlDatabase }}{{- else }} postgres{{- end }} - -{{- else if contains "ClusterIP" .Values.service.type }} - - kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "postgresql.fullname" . }} {{ template "postgresql.port" . }}:{{ template "postgresql.port" . }} & - {{ if (include "postgresql.password" . ) }}PGPASSWORD="$POSTGRES_PASSWORD" {{ end }}psql --host 127.0.0.1 -U {{ .Values.postgresqlUsername }} -d {{- if .Values.postgresqlDatabase }} {{ .Values.postgresqlDatabase }}{{- else }} postgres{{- end }} -p {{ template "postgresql.port" . }} - -{{- end }} - -{{- include "postgresql.validateValues" . -}} - -{{- include "common.warnings.rollingTag" .Values.image -}} - -{{- $passwordValidationErrors := include "common.validations.values.postgresql.passwords" (dict "secret" (include "postgresql.fullname" .) "context" $) -}} - -{{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $passwordValidationErrors) "context" $) -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/_helpers.tpl b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/_helpers.tpl deleted file mode 100755 index 68cd0dc0e..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/_helpers.tpl +++ /dev/null @@ -1,501 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "postgresql.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "postgresql.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "postgresql.master.fullname" -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- $fullname := default (printf "%s-%s" .Release.Name $name) .Values.fullnameOverride -}} -{{- if .Values.replication.enabled -}} -{{- printf "%s-%s" $fullname "master" | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s" $fullname | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for networkpolicy. -*/}} -{{- define "postgresql.networkPolicy.apiVersion" -}} -{{- if semverCompare ">=1.4-0, <1.7-0" .Capabilities.KubeVersion.GitVersion -}} -"extensions/v1beta1" -{{- else if semverCompare "^1.7-0" .Capabilities.KubeVersion.GitVersion -}} -"networking.k8s.io/v1" -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "postgresql.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Return the proper PostgreSQL image name -*/}} -{{- define "postgresql.image" -}} -{{- $registryName := .Values.image.registry -}} -{{- $repositoryName := .Values.image.repository -}} -{{- $tag := .Values.image.tag | toString -}} -{{/* -Helm 2.11 supports the assignment of a value to a variable defined in a different scope, -but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic. -Also, we can't use a single if because lazy evaluation is not an option -*/}} -{{- if .Values.global }} - {{- if .Values.global.imageRegistry }} - {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}} - {{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} - {{- end -}} -{{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} -{{- end -}} -{{- end -}} - -{{/* -Return PostgreSQL postgres user password -*/}} -{{- define "postgresql.postgres.password" -}} -{{- if .Values.global.postgresql.postgresqlPostgresPassword }} - {{- .Values.global.postgresql.postgresqlPostgresPassword -}} -{{- else if .Values.postgresqlPostgresPassword -}} - {{- .Values.postgresqlPostgresPassword -}} -{{- else -}} - {{- randAlphaNum 10 -}} -{{- end -}} -{{- end -}} - -{{/* -Return PostgreSQL password -*/}} -{{- define "postgresql.password" -}} -{{- if .Values.global.postgresql.postgresqlPassword }} - {{- .Values.global.postgresql.postgresqlPassword -}} -{{- else if .Values.postgresqlPassword -}} - {{- .Values.postgresqlPassword -}} -{{- else -}} - {{- randAlphaNum 10 -}} -{{- end -}} -{{- end -}} - -{{/* -Return PostgreSQL replication password -*/}} -{{- define "postgresql.replication.password" -}} -{{- if .Values.global.postgresql.replicationPassword }} - {{- .Values.global.postgresql.replicationPassword -}} -{{- else if .Values.replication.password -}} - {{- .Values.replication.password -}} -{{- else -}} - {{- randAlphaNum 10 -}} -{{- end -}} -{{- end -}} - -{{/* -Return PostgreSQL username -*/}} -{{- define "postgresql.username" -}} -{{- if .Values.global.postgresql.postgresqlUsername }} - {{- .Values.global.postgresql.postgresqlUsername -}} -{{- else -}} - {{- .Values.postgresqlUsername -}} -{{- end -}} -{{- end -}} - - -{{/* -Return PostgreSQL replication username -*/}} -{{- define "postgresql.replication.username" -}} -{{- if .Values.global.postgresql.replicationUser }} - {{- .Values.global.postgresql.replicationUser -}} -{{- else -}} - {{- .Values.replication.user -}} -{{- end -}} -{{- end -}} - -{{/* -Return PostgreSQL port -*/}} -{{- define "postgresql.port" -}} -{{- if .Values.global.postgresql.servicePort }} - {{- .Values.global.postgresql.servicePort -}} -{{- else -}} - {{- .Values.service.port -}} -{{- end -}} -{{- end -}} - -{{/* -Return PostgreSQL created database -*/}} -{{- define "postgresql.database" -}} -{{- if .Values.global.postgresql.postgresqlDatabase }} - {{- .Values.global.postgresql.postgresqlDatabase -}} -{{- else if .Values.postgresqlDatabase -}} - {{- .Values.postgresqlDatabase -}} -{{- end -}} -{{- end -}} - -{{/* -Return the proper image name to change the volume permissions -*/}} -{{- define "postgresql.volumePermissions.image" -}} -{{- $registryName := .Values.volumePermissions.image.registry -}} -{{- $repositoryName := .Values.volumePermissions.image.repository -}} -{{- $tag := .Values.volumePermissions.image.tag | toString -}} -{{/* -Helm 2.11 supports the assignment of a value to a variable defined in a different scope, -but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic. -Also, we can't use a single if because lazy evaluation is not an option -*/}} -{{- if .Values.global }} - {{- if .Values.global.imageRegistry }} - {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}} - {{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} - {{- end -}} -{{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} -{{- end -}} -{{- end -}} - -{{/* -Return the proper PostgreSQL metrics image name -*/}} -{{- define "postgresql.metrics.image" -}} -{{- $registryName := default "docker.io" .Values.metrics.image.registry -}} -{{- $repositoryName := .Values.metrics.image.repository -}} -{{- $tag := default "latest" .Values.metrics.image.tag | toString -}} -{{/* -Helm 2.11 supports the assignment of a value to a variable defined in a different scope, -but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic. -Also, we can't use a single if because lazy evaluation is not an option -*/}} -{{- if .Values.global }} - {{- if .Values.global.imageRegistry }} - {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}} - {{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} - {{- end -}} -{{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} -{{- end -}} -{{- end -}} - -{{/* -Get the password secret. -*/}} -{{- define "postgresql.secretName" -}} -{{- if .Values.global.postgresql.existingSecret }} - {{- printf "%s" (tpl .Values.global.postgresql.existingSecret $) -}} -{{- else if .Values.existingSecret -}} - {{- printf "%s" (tpl .Values.existingSecret $) -}} -{{- else -}} - {{- printf "%s" (include "postgresql.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if we should use an existingSecret. -*/}} -{{- define "postgresql.useExistingSecret" -}} -{{- if or .Values.global.postgresql.existingSecret .Values.existingSecret -}} - {{- true -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if a secret object should be created -*/}} -{{- define "postgresql.createSecret" -}} -{{- if not (include "postgresql.useExistingSecret" .) -}} - {{- true -}} -{{- end -}} -{{- end -}} - -{{/* -Get the configuration ConfigMap name. -*/}} -{{- define "postgresql.configurationCM" -}} -{{- if .Values.configurationConfigMap -}} -{{- printf "%s" (tpl .Values.configurationConfigMap $) -}} -{{- else -}} -{{- printf "%s-configuration" (include "postgresql.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Get the extended configuration ConfigMap name. -*/}} -{{- define "postgresql.extendedConfigurationCM" -}} -{{- if .Values.extendedConfConfigMap -}} -{{- printf "%s" (tpl .Values.extendedConfConfigMap $) -}} -{{- else -}} -{{- printf "%s-extended-configuration" (include "postgresql.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if a configmap should be mounted with PostgreSQL configuration -*/}} -{{- define "postgresql.mountConfigurationCM" -}} -{{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap }} - {{- true -}} -{{- end -}} -{{- end -}} - -{{/* -Get the initialization scripts ConfigMap name. -*/}} -{{- define "postgresql.initdbScriptsCM" -}} -{{- if .Values.initdbScriptsConfigMap -}} -{{- printf "%s" (tpl .Values.initdbScriptsConfigMap $) -}} -{{- else -}} -{{- printf "%s-init-scripts" (include "postgresql.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Get the initialization scripts Secret name. -*/}} -{{- define "postgresql.initdbScriptsSecret" -}} -{{- printf "%s" (tpl .Values.initdbScriptsSecret $) -}} -{{- end -}} - -{{/* -Get the metrics ConfigMap name. -*/}} -{{- define "postgresql.metricsCM" -}} -{{- printf "%s-metrics" (include "postgresql.fullname" .) -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "postgresql.imagePullSecrets" -}} -{{/* -Helm 2.11 supports the assignment of a value to a variable defined in a different scope, -but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic. -Also, we can not use a single if because lazy evaluation is not an option -*/}} -{{- if .Values.global }} -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- else if or .Values.image.pullSecrets .Values.metrics.image.pullSecrets .Values.volumePermissions.image.pullSecrets }} -imagePullSecrets: -{{- range .Values.image.pullSecrets }} - - name: {{ . }} -{{- end }} -{{- range .Values.metrics.image.pullSecrets }} - - name: {{ . }} -{{- end }} -{{- range .Values.volumePermissions.image.pullSecrets }} - - name: {{ . }} -{{- end }} -{{- end -}} -{{- else if or .Values.image.pullSecrets .Values.metrics.image.pullSecrets .Values.volumePermissions.image.pullSecrets }} -imagePullSecrets: -{{- range .Values.image.pullSecrets }} - - name: {{ . }} -{{- end }} -{{- range .Values.metrics.image.pullSecrets }} - - name: {{ . }} -{{- end }} -{{- range .Values.volumePermissions.image.pullSecrets }} - - name: {{ . }} -{{- end }} -{{- end -}} -{{- end -}} - -{{/* -Get the readiness probe command -*/}} -{{- define "postgresql.readinessProbeCommand" -}} -- | -{{- if (include "postgresql.database" .) }} - exec pg_isready -U {{ include "postgresql.username" . | quote }} -d "dbname={{ include "postgresql.database" . }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}{{- end }}" -h 127.0.0.1 -p {{ template "postgresql.port" . }} -{{- else }} - exec pg_isready -U {{ include "postgresql.username" . | quote }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} -d "sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}"{{- end }} -h 127.0.0.1 -p {{ template "postgresql.port" . }} -{{- end }} -{{- if contains "bitnami/" .Values.image.repository }} - [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ] -{{- end -}} -{{- end -}} - -{{/* -Return the proper Storage Class -*/}} -{{- define "postgresql.storageClass" -}} -{{/* -Helm 2.11 supports the assignment of a value to a variable defined in a different scope, -but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic. -*/}} -{{- if .Values.global -}} - {{- if .Values.global.storageClass -}} - {{- if (eq "-" .Values.global.storageClass) -}} - {{- printf "storageClassName: \"\"" -}} - {{- else }} - {{- printf "storageClassName: %s" .Values.global.storageClass -}} - {{- end -}} - {{- else -}} - {{- if .Values.persistence.storageClass -}} - {{- if (eq "-" .Values.persistence.storageClass) -}} - {{- printf "storageClassName: \"\"" -}} - {{- else }} - {{- printf "storageClassName: %s" .Values.persistence.storageClass -}} - {{- end -}} - {{- end -}} - {{- end -}} -{{- else -}} - {{- if .Values.persistence.storageClass -}} - {{- if (eq "-" .Values.persistence.storageClass) -}} - {{- printf "storageClassName: \"\"" -}} - {{- else }} - {{- printf "storageClassName: %s" .Values.persistence.storageClass -}} - {{- end -}} - {{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Renders a value that contains template. -Usage: -{{ include "postgresql.tplValue" ( dict "value" .Values.path.to.the.Value "context" $) }} -*/}} -{{- define "postgresql.tplValue" -}} - {{- if typeIs "string" .value }} - {{- tpl .value .context }} - {{- else }} - {{- tpl (.value | toYaml) .context }} - {{- end }} -{{- end -}} - -{{/* -Return the appropriate apiVersion for statefulset. -*/}} -{{- define "postgresql.statefulset.apiVersion" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "apps/v1beta2" -}} -{{- else -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Compile all warnings into a single message, and call fail. -*/}} -{{- define "postgresql.validateValues" -}} -{{- $messages := list -}} -{{- $messages := append $messages (include "postgresql.validateValues.ldapConfigurationMethod" .) -}} -{{- $messages := append $messages (include "postgresql.validateValues.psp" .) -}} -{{- $messages := append $messages (include "postgresql.validateValues.tls" .) -}} -{{- $messages := without $messages "" -}} -{{- $message := join "\n" $messages -}} - -{{- if $message -}} -{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} -{{- end -}} -{{- end -}} - -{{/* -Validate values of Postgresql - If ldap.url is used then you don't need the other settings for ldap -*/}} -{{- define "postgresql.validateValues.ldapConfigurationMethod" -}} -{{- if and .Values.ldap.enabled (and (not (empty .Values.ldap.url)) (not (empty .Values.ldap.server))) }} -postgresql: ldap.url, ldap.server - You cannot set both `ldap.url` and `ldap.server` at the same time. - Please provide a unique way to configure LDAP. - More info at https://www.postgresql.org/docs/current/auth-ldap.html -{{- end -}} -{{- end -}} - -{{/* -Validate values of Postgresql - If PSP is enabled RBAC should be enabled too -*/}} -{{- define "postgresql.validateValues.psp" -}} -{{- if and .Values.psp.create (not .Values.rbac.create) }} -postgresql: psp.create, rbac.create - RBAC should be enabled if PSP is enabled in order for PSP to work. - More info at https://kubernetes.io/docs/concepts/policy/pod-security-policy/#authorizing-policies -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for podsecuritypolicy. -*/}} -{{- define "podsecuritypolicy.apiVersion" -}} -{{- if semverCompare "<1.10-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} -{{- print "policy/v1beta1" -}} -{{- end -}} -{{- end -}} - -{{/* -Validate values of Postgresql TLS - When TLS is enabled, so must be VolumePermissions -*/}} -{{- define "postgresql.validateValues.tls" -}} -{{- if and .Values.tls.enabled (not .Values.volumePermissions.enabled) }} -postgresql: tls.enabled, volumePermissions.enabled - When TLS is enabled you must enable volumePermissions as well to ensure certificates files have - the right permissions. -{{- end -}} -{{- end -}} - -{{/* -Return the path to the cert file. -*/}} -{{- define "postgresql.tlsCert" -}} -{{- required "Certificate filename is required when TLS in enabled" .Values.tls.certFilename | printf "/opt/bitnami/postgresql/certs/%s" -}} -{{- end -}} - -{{/* -Return the path to the cert key file. -*/}} -{{- define "postgresql.tlsCertKey" -}} -{{- required "Certificate Key filename is required when TLS in enabled" .Values.tls.certKeyFilename | printf "/opt/bitnami/postgresql/certs/%s" -}} -{{- end -}} - -{{/* -Return the path to the CA cert file. -*/}} -{{- define "postgresql.tlsCACert" -}} -{{- printf "/opt/bitnami/postgresql/certs/%s" .Values.tls.certCAFilename -}} -{{- end -}} - -{{/* -Return the path to the CRL file. -*/}} -{{- define "postgresql.tlsCRL" -}} -{{- if .Values.tls.crlFilename -}} -{{- printf "/opt/bitnami/postgresql/certs/%s" .Values.tls.crlFilename -}} -{{- end -}} -{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/configmap.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/configmap.yaml deleted file mode 100755 index b29ef6040..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/configmap.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{ if and (or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration) (not .Values.configurationConfigMap) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "postgresql.fullname" . }}-configuration - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: -{{- if (.Files.Glob "files/postgresql.conf") }} -{{ (.Files.Glob "files/postgresql.conf").AsConfig | indent 2 }} -{{- else if .Values.postgresqlConfiguration }} - postgresql.conf: | -{{- range $key, $value := default dict .Values.postgresqlConfiguration }} - {{ $key | snakecase }}={{ $value }} -{{- end }} -{{- end }} -{{- if (.Files.Glob "files/pg_hba.conf") }} -{{ (.Files.Glob "files/pg_hba.conf").AsConfig | indent 2 }} -{{- else if .Values.pgHbaConfiguration }} - pg_hba.conf: | -{{ .Values.pgHbaConfiguration | indent 4 }} -{{- end }} -{{ end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/extended-config-configmap.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/extended-config-configmap.yaml deleted file mode 100755 index f21a97654..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/extended-config-configmap.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if and (or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf) (not .Values.extendedConfConfigMap)}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "postgresql.fullname" . }}-extended-configuration - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: -{{- with .Files.Glob "files/conf.d/*.conf" }} -{{ .AsConfig | indent 2 }} -{{- end }} -{{ with .Values.postgresqlExtendedConf }} - override.conf: | -{{- range $key, $value := . }} - {{ $key | snakecase }}={{ $value }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/initialization-configmap.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/initialization-configmap.yaml deleted file mode 100755 index 6637867a3..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/initialization-configmap.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if and (or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScripts) (not .Values.initdbScriptsConfigMap) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "postgresql.fullname" . }}-init-scripts - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -{{- with .Files.Glob "files/docker-entrypoint-initdb.d/*.sql.gz" }} -binaryData: -{{- range $path, $bytes := . }} - {{ base $path }}: {{ $.Files.Get $path | b64enc | quote }} -{{- end }} -{{- end }} -data: -{{- with .Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql}" }} -{{ .AsConfig | indent 2 }} -{{- end }} -{{- with .Values.initdbScripts }} -{{ toYaml . | indent 2 }} -{{- end }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/metrics-configmap.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/metrics-configmap.yaml deleted file mode 100755 index 6b7a3171e..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/metrics-configmap.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if and .Values.metrics.enabled .Values.metrics.customMetrics }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "postgresql.metricsCM" . }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: - custom-metrics.yaml: {{ toYaml .Values.metrics.customMetrics | quote }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/metrics-svc.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/metrics-svc.yaml deleted file mode 100755 index b993c9971..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/metrics-svc.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if .Values.metrics.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "postgresql.fullname" . }}-metrics - labels: - {{- include "common.labels.standard" . | nindent 4 }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- toYaml .Values.metrics.service.annotations | nindent 4 }} -spec: - type: {{ .Values.metrics.service.type }} - {{- if and (eq .Values.metrics.service.type "LoadBalancer") .Values.metrics.service.loadBalancerIP }} - loadBalancerIP: {{ .Values.metrics.service.loadBalancerIP }} - {{- end }} - ports: - - name: http-metrics - port: 9187 - targetPort: http-metrics - selector: - {{- include "common.labels.matchLabels" . | nindent 4 }} - role: master -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/networkpolicy.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/networkpolicy.yaml deleted file mode 100755 index 2a7b372fe..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/networkpolicy.yaml +++ /dev/null @@ -1,36 +0,0 @@ -{{- if .Values.networkPolicy.enabled }} -kind: NetworkPolicy -apiVersion: {{ template "postgresql.networkPolicy.apiVersion" . }} -metadata: - name: {{ template "postgresql.fullname" . }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - podSelector: - matchLabels: - {{- include "common.labels.matchLabels" . | nindent 6 }} - ingress: - # Allow inbound connections - - ports: - - port: {{ template "postgresql.port" . }} - {{- if not .Values.networkPolicy.allowExternal }} - from: - - podSelector: - matchLabels: - {{ template "postgresql.fullname" . }}-client: "true" - {{- if .Values.networkPolicy.explicitNamespacesSelector }} - namespaceSelector: -{{ toYaml .Values.networkPolicy.explicitNamespacesSelector | indent 12 }} - {{- end }} - - podSelector: - matchLabels: - {{- include "common.labels.matchLabels" . | nindent 14 }} - role: slave - {{- end }} - # Allow prometheus scrapes - - ports: - - port: 9187 -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/podsecuritypolicy.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/podsecuritypolicy.yaml deleted file mode 100755 index da0b3ab11..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/podsecuritypolicy.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{- if .Values.psp.create }} -apiVersion: {{ include "podsecuritypolicy.apiVersion" . }} -kind: PodSecurityPolicy -metadata: - name: {{ template "postgresql.fullname" . }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - privileged: false - volumes: - - 'configMap' - - 'secret' - - 'persistentVolumeClaim' - - 'emptyDir' - - 'projected' - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'MustRunAsNonRoot' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - readOnlyRootFilesystem: false -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/prometheusrule.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/prometheusrule.yaml deleted file mode 100755 index b0c41b1a4..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/prometheusrule.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ template "postgresql.fullname" . }} -{{- with .Values.metrics.prometheusRule.namespace }} - namespace: {{ . }} -{{- end }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- with .Values.metrics.prometheusRule.additionalLabels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: -{{- with .Values.metrics.prometheusRule.rules }} - groups: - - name: {{ template "postgresql.name" $ }} - rules: {{ tpl (toYaml .) $ | nindent 8 }} -{{- end }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/role.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/role.yaml deleted file mode 100755 index 6d3cf50a4..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/role.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.rbac.create }} -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ template "postgresql.fullname" . }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -rules: - {{- if .Values.psp.create }} - - apiGroups: ["extensions"] - resources: ["podsecuritypolicies"] - verbs: ["use"] - resourceNames: - - {{ template "postgresql.fullname" . }} - {{- end }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/rolebinding.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/rolebinding.yaml deleted file mode 100755 index f7837388d..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/rolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.rbac.create }} -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ template "postgresql.fullname" . }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -roleRef: - kind: Role - name: {{ template "postgresql.fullname" . }} - apiGroup: rbac.authorization.k8s.io -subjects: - - kind: ServiceAccount - name: {{ default (include "postgresql.fullname" . ) .Values.serviceAccount.name }} - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/secrets.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/secrets.yaml deleted file mode 100755 index c93dbe0bd..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/secrets.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if (include "postgresql.createSecret" .) }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "postgresql.fullname" . }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: Opaque -data: - {{- if and .Values.postgresqlPostgresPassword (not (eq .Values.postgresqlUsername "postgres")) }} - postgresql-postgres-password: {{ include "postgresql.postgres.password" . | b64enc | quote }} - {{- end }} - postgresql-password: {{ include "postgresql.password" . | b64enc | quote }} - {{- if .Values.replication.enabled }} - postgresql-replication-password: {{ include "postgresql.replication.password" . | b64enc | quote }} - {{- end }} - {{- if (and .Values.ldap.enabled .Values.ldap.bind_password)}} - postgresql-ldap-password: {{ .Values.ldap.bind_password | b64enc | quote }} - {{- end }} -{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/serviceaccount.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/serviceaccount.yaml deleted file mode 100755 index 17f7ff399..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/serviceaccount.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if and (.Values.serviceAccount.enabled) (not .Values.serviceAccount.name) }} -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - {{- include "common.labels.standard" . | nindent 4 }} - name: {{ template "postgresql.fullname" . }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/servicemonitor.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/servicemonitor.yaml deleted file mode 100755 index d57b7fb48..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/servicemonitor.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "postgresql.fullname" . }} - {{- if .Values.metrics.serviceMonitor.namespace }} - namespace: {{ .Values.metrics.serviceMonitor.namespace }} - {{- end }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.metrics.serviceMonitor.additionalLabels }} - {{- toYaml .Values.metrics.serviceMonitor.additionalLabels | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - -spec: - endpoints: - - port: http-metrics - {{- if .Values.metrics.serviceMonitor.interval }} - interval: {{ .Values.metrics.serviceMonitor.interval }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} - {{- end }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} - selector: - matchLabels: - {{- include "common.labels.matchLabels" . | nindent 6 }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/statefulset-slaves.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/statefulset-slaves.yaml deleted file mode 100755 index 54d24099f..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/statefulset-slaves.yaml +++ /dev/null @@ -1,345 +0,0 @@ -{{- if .Values.replication.enabled }} -apiVersion: {{ template "postgresql.statefulset.apiVersion" . }} -kind: StatefulSet -metadata: - name: "{{ template "postgresql.fullname" . }}-slave" - labels: - {{- include "common.labels.standard" . | nindent 4 }} -{{- with .Values.slave.labels }} -{{ toYaml . | indent 4 }} -{{- end }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- with .Values.slave.annotations }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - serviceName: {{ template "postgresql.fullname" . }}-headless - replicas: {{ .Values.replication.slaveReplicas }} - selector: - matchLabels: - {{- include "common.labels.matchLabels" . | nindent 6 }} - role: slave - template: - metadata: - name: {{ template "postgresql.fullname" . }} - labels: - {{- include "common.labels.standard" . | nindent 8 }} - role: slave -{{- with .Values.slave.podLabels }} -{{ toYaml . | indent 8 }} -{{- end }} -{{- with .Values.slave.podAnnotations }} - annotations: -{{ toYaml . | indent 8 }} -{{- end }} - spec: - {{- if .Values.schedulerName }} - schedulerName: "{{ .Values.schedulerName }}" - {{- end }} -{{- include "postgresql.imagePullSecrets" . | indent 6 }} - {{- if .Values.slave.nodeSelector }} - nodeSelector: -{{ toYaml .Values.slave.nodeSelector | indent 8 }} - {{- end }} - {{- if .Values.slave.affinity }} - affinity: -{{ toYaml .Values.slave.affinity | indent 8 }} - {{- end }} - {{- if .Values.slave.tolerations }} - tolerations: -{{ toYaml .Values.slave.tolerations | indent 8 }} - {{- end }} - {{- if .Values.terminationGracePeriodSeconds }} - terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} - {{- end }} - {{- if .Values.securityContext.enabled }} - securityContext: - fsGroup: {{ .Values.securityContext.fsGroup }} - {{- end }} - {{- if .Values.serviceAccount.enabled }} - serviceAccountName: {{ default (include "postgresql.fullname" . ) .Values.serviceAccount.name}} - {{- end }} - {{- if or .Values.slave.extraInitContainers (and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled))) }} - initContainers: - {{- if and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled) .Values.tls.enabled) }} - - name: init-chmod-data - image: {{ template "postgresql.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- end }} - command: - - /bin/sh - - -cx - - | - {{- if .Values.persistence.enabled }} - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - chown `id -u`:`id -G | cut -d " " -f2` {{ .Values.persistence.mountPath }} - {{- else }} - chown {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} {{ .Values.persistence.mountPath }} - {{- end }} - mkdir -p {{ .Values.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.persistence.mountPath }}/conf {{- end }} - chmod 700 {{ .Values.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.persistence.mountPath }}/conf {{- end }} - find {{ .Values.persistence.mountPath }} -mindepth 1 -maxdepth 1 {{- if not (include "postgresql.mountConfigurationCM" .) }} -not -name "conf" {{- end }} -not -name ".snapshot" -not -name "lost+found" | \ - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - xargs chown -R `id -u`:`id -G | cut -d " " -f2` - {{- else }} - xargs chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} - {{- end }} - {{- end }} - {{- if and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled }} - chmod -R 777 /dev/shm - {{- end }} - {{- if .Values.tls.enabled }} - cp /tmp/certs/* /opt/bitnami/postgresql/certs/ - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - chown -R `id -u`:`id -G | cut -d " " -f2` /opt/bitnami/postgresql/certs/ - {{- else }} - chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} /opt/bitnami/postgresql/certs/ - {{- end }} - chmod 600 {{ template "postgresql.tlsCertKey" . }} - {{- end }} - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - securityContext: - {{- else }} - securityContext: - runAsUser: {{ .Values.volumePermissions.securityContext.runAsUser }} - {{- end }} - volumeMounts: - {{ if .Values.persistence.enabled }} - - name: data - mountPath: {{ .Values.persistence.mountPath }} - subPath: {{ .Values.persistence.subPath }} - {{- end }} - {{- if .Values.shmVolume.enabled }} - - name: dshm - mountPath: /dev/shm - {{- end }} - {{- if .Values.tls.enabled }} - - name: raw-certificates - mountPath: /tmp/certs - - name: postgresql-certificates - mountPath: /opt/bitnami/postgresql/certs - {{- end }} - {{- end }} - {{- if .Values.slave.extraInitContainers }} -{{ tpl .Values.slave.extraInitContainers . | indent 8 }} - {{- end }} - {{- end }} - {{- if .Values.slave.priorityClassName }} - priorityClassName: {{ .Values.slave.priorityClassName }} - {{- end }} - containers: - - name: {{ template "postgresql.fullname" . }} - image: {{ template "postgresql.image" . }} - imagePullPolicy: "{{ .Values.image.pullPolicy }}" - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- end }} - {{- if .Values.securityContext.enabled }} - securityContext: - runAsUser: {{ .Values.securityContext.runAsUser }} - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" .Values.image.debug | quote }} - - name: POSTGRESQL_VOLUME_DIR - value: "{{ .Values.persistence.mountPath }}" - - name: POSTGRESQL_PORT_NUMBER - value: "{{ template "postgresql.port" . }}" - {{- if .Values.persistence.mountPath }} - - name: PGDATA - value: {{ .Values.postgresqlDataDir | quote }} - {{- end }} - - name: POSTGRES_REPLICATION_MODE - value: "slave" - - name: POSTGRES_REPLICATION_USER - value: {{ include "postgresql.replication.username" . | quote }} - {{- if .Values.usePasswordFile }} - - name: POSTGRES_REPLICATION_PASSWORD_FILE - value: "/opt/bitnami/postgresql/secrets/postgresql-replication-password" - {{- else }} - - name: POSTGRES_REPLICATION_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "postgresql.secretName" . }} - key: postgresql-replication-password - {{- end }} - - name: POSTGRES_CLUSTER_APP_NAME - value: {{ .Values.replication.applicationName }} - - name: POSTGRES_MASTER_HOST - value: {{ template "postgresql.fullname" . }} - - name: POSTGRES_MASTER_PORT_NUMBER - value: {{ include "postgresql.port" . | quote }} - {{- if and (not (eq .Values.postgresqlUsername "postgres")) (or .Values.postgresqlPostgresPassword (include "postgresql.useExistingSecret" .)) }} - {{- if .Values.usePasswordFile }} - - name: POSTGRES_POSTGRES_PASSWORD_FILE - value: "/opt/bitnami/postgresql/secrets/postgresql-postgres-password" - {{- else }} - - name: POSTGRES_POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "postgresql.secretName" . }} - key: postgresql-postgres-password - {{- end }} - {{- end }} - {{- if .Values.usePasswordFile }} - - name: POSTGRES_PASSWORD_FILE - value: "/opt/bitnami/postgresql/secrets/postgresql-password" - {{- else }} - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "postgresql.secretName" . }} - key: postgresql-password - {{- end }} - - name: POSTGRESQL_ENABLE_TLS - value: {{ ternary "yes" "no" .Values.tls.enabled | quote }} - {{- if .Values.tls.enabled }} - - name: POSTGRESQL_TLS_PREFER_SERVER_CIPHERS - value: {{ ternary "yes" "no" .Values.tls.preferServerCiphers | quote }} - - name: POSTGRESQL_TLS_CERT_FILE - value: {{ template "postgresql.tlsCert" . }} - - name: POSTGRESQL_TLS_KEY_FILE - value: {{ template "postgresql.tlsCertKey" . }} - {{- if .Values.tls.certCAFilename }} - - name: POSTGRESQL_TLS_CA_FILE - value: {{ template "postgresql.tlsCACert" . }} - {{- end }} - {{- if .Values.tls.crlFilename }} - - name: POSTGRESQL_TLS_CRL_FILE - value: {{ template "postgresql.tlsCRL" . }} - {{- end }} - {{- end }} - ports: - - name: tcp-postgresql - containerPort: {{ template "postgresql.port" . }} - {{- if .Values.livenessProbe.enabled }} - livenessProbe: - exec: - command: - - /bin/sh - - -c - {{- if (include "postgresql.database" .) }} - - exec pg_isready -U {{ include "postgresql.username" . | quote }} -d "dbname={{ include "postgresql.database" . }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}{{- end }}" -h 127.0.0.1 -p {{ template "postgresql.port" . }} - {{- else }} - - exec pg_isready -U {{ include "postgresql.username" . | quote }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} -d "sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}"{{- end }} -h 127.0.0.1 -p {{ template "postgresql.port" . }} - {{- end }} - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.livenessProbe.failureThreshold }} - {{- end }} - {{- if .Values.readinessProbe.enabled }} - readinessProbe: - exec: - command: - - /bin/sh - - -c - - -e - {{- include "postgresql.readinessProbeCommand" . | nindent 16 }} - initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.readinessProbe.failureThreshold }} - {{- end }} - volumeMounts: - {{- if .Values.usePasswordFile }} - - name: postgresql-password - mountPath: /opt/bitnami/postgresql/secrets/ - {{- end }} - {{- if .Values.shmVolume.enabled }} - - name: dshm - mountPath: /dev/shm - {{- end }} - {{- if .Values.persistence.enabled }} - - name: data - mountPath: {{ .Values.persistence.mountPath }} - subPath: {{ .Values.persistence.subPath }} - {{ end }} - {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }} - - name: postgresql-extended-config - mountPath: /bitnami/postgresql/conf/conf.d/ - {{- end }} - {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap }} - - name: postgresql-config - mountPath: /bitnami/postgresql/conf - {{- end }} - {{- if .Values.tls.enabled }} - - name: postgresql-certificates - mountPath: /opt/bitnami/postgresql/certs - readOnly: true - {{- end }} - {{- if .Values.slave.extraVolumeMounts }} - {{- toYaml .Values.slave.extraVolumeMounts | nindent 12 }} - {{- end }} -{{- if .Values.slave.sidecars }} -{{- include "postgresql.tplValue" ( dict "value" .Values.slave.sidecars "context" $ ) | nindent 8 }} -{{- end }} - volumes: - {{- if .Values.usePasswordFile }} - - name: postgresql-password - secret: - secretName: {{ template "postgresql.secretName" . }} - {{- end }} - {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap}} - - name: postgresql-config - configMap: - name: {{ template "postgresql.configurationCM" . }} - {{- end }} - {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }} - - name: postgresql-extended-config - configMap: - name: {{ template "postgresql.extendedConfigurationCM" . }} - {{- end }} - {{- if .Values.tls.enabled }} - - name: raw-certificates - secret: - secretName: {{ required "A secret containing TLS certificates is required when TLS is enabled" .Values.tls.certificatesSecret }} - - name: postgresql-certificates - emptyDir: {} - {{- end }} - {{- if .Values.shmVolume.enabled }} - - name: dshm - emptyDir: - medium: Memory - sizeLimit: 1Gi - {{- end }} - {{- if or (not .Values.persistence.enabled) (not .Values.slave.persistence.enabled) }} - - name: data - emptyDir: {} - {{- end }} - {{- if .Values.slave.extraVolumes }} - {{- toYaml .Values.slave.extraVolumes | nindent 8 }} - {{- end }} - updateStrategy: - type: {{ .Values.updateStrategy.type }} - {{- if (eq "Recreate" .Values.updateStrategy.type) }} - rollingUpdate: null - {{- end }} -{{- if and .Values.persistence.enabled .Values.slave.persistence.enabled }} - volumeClaimTemplates: - - metadata: - name: data - {{- with .Values.persistence.annotations }} - annotations: - {{- range $key, $value := . }} - {{ $key }}: {{ $value }} - {{- end }} - {{- end }} - spec: - accessModes: - {{- range .Values.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - {{ include "postgresql.storageClass" . }} -{{- end }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/statefulset.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/statefulset.yaml deleted file mode 100755 index 0e6eefebb..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/statefulset.yaml +++ /dev/null @@ -1,514 +0,0 @@ -apiVersion: {{ template "postgresql.statefulset.apiVersion" . }} -kind: StatefulSet -metadata: - name: {{ template "postgresql.master.fullname" . }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- with .Values.master.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- with .Values.master.annotations }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - serviceName: {{ template "postgresql.fullname" . }}-headless - replicas: 1 - updateStrategy: - type: {{ .Values.updateStrategy.type }} - {{- if (eq "Recreate" .Values.updateStrategy.type) }} - rollingUpdate: null - {{- end }} - selector: - matchLabels: - {{- include "common.labels.matchLabels" . | nindent 6 }} - role: master - template: - metadata: - name: {{ template "postgresql.fullname" . }} - labels: - {{- include "common.labels.standard" . | nindent 8 }} - role: master - {{- with .Values.master.podLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.master.podAnnotations }} - annotations: {{- toYaml . | nindent 8 }} - {{- end }} - spec: - {{- if .Values.schedulerName }} - schedulerName: "{{ .Values.schedulerName }}" - {{- end }} -{{- include "postgresql.imagePullSecrets" . | indent 6 }} - {{- if .Values.master.nodeSelector }} - nodeSelector: {{- toYaml .Values.master.nodeSelector | nindent 8 }} - {{- end }} - {{- if .Values.master.affinity }} - affinity: {{- toYaml .Values.master.affinity | nindent 8 }} - {{- end }} - {{- if .Values.master.tolerations }} - tolerations: {{- toYaml .Values.master.tolerations | nindent 8 }} - {{- end }} - {{- if .Values.terminationGracePeriodSeconds }} - terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} - {{- end }} - {{- if .Values.securityContext.enabled }} - securityContext: - fsGroup: {{ .Values.securityContext.fsGroup }} - {{- end }} - {{- if .Values.serviceAccount.enabled }} - serviceAccountName: {{ default (include "postgresql.fullname" . ) .Values.serviceAccount.name }} - {{- end }} - {{- if or .Values.master.extraInitContainers (and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled))) }} - initContainers: - {{- if and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled) .Values.tls.enabled) }} - - name: init-chmod-data - image: {{ template "postgresql.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- end }} - command: - - /bin/sh - - -cx - - | - {{- if .Values.persistence.enabled }} - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - chown `id -u`:`id -G | cut -d " " -f2` {{ .Values.persistence.mountPath }} - {{- else }} - chown {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} {{ .Values.persistence.mountPath }} - {{- end }} - mkdir -p {{ .Values.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.persistence.mountPath }}/conf {{- end }} - chmod 700 {{ .Values.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.persistence.mountPath }}/conf {{- end }} - find {{ .Values.persistence.mountPath }} -mindepth 1 -maxdepth 1 {{- if not (include "postgresql.mountConfigurationCM" .) }} -not -name "conf" {{- end }} -not -name ".snapshot" -not -name "lost+found" | \ - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - xargs chown -R `id -u`:`id -G | cut -d " " -f2` - {{- else }} - xargs chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} - {{- end }} - {{- end }} - {{- if and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled }} - chmod -R 777 /dev/shm - {{- end }} - {{- if .Values.tls.enabled }} - cp /tmp/certs/* /opt/bitnami/postgresql/certs/ - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - chown -R `id -u`:`id -G | cut -d " " -f2` /opt/bitnami/postgresql/certs/ - {{- else }} - chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} /opt/bitnami/postgresql/certs/ - {{- end }} - chmod 600 {{ template "postgresql.tlsCertKey" . }} - {{- end }} - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - securityContext: - {{- else }} - securityContext: - runAsUser: {{ .Values.volumePermissions.securityContext.runAsUser }} - {{- end }} - volumeMounts: - {{- if .Values.persistence.enabled }} - - name: data - mountPath: {{ .Values.persistence.mountPath }} - subPath: {{ .Values.persistence.subPath }} - {{- end }} - {{- if .Values.shmVolume.enabled }} - - name: dshm - mountPath: /dev/shm - {{- end }} - {{- if .Values.tls.enabled }} - - name: raw-certificates - mountPath: /tmp/certs - - name: postgresql-certificates - mountPath: /opt/bitnami/postgresql/certs - {{- end }} - {{- end }} - {{- if .Values.master.extraInitContainers }} - {{- include "postgresql.tplValue" ( dict "value" .Values.master.extraInitContainers "context" $ ) | nindent 8 }} - {{- end }} - {{- end }} - {{- if .Values.master.priorityClassName }} - priorityClassName: {{ .Values.master.priorityClassName }} - {{- end }} - containers: - - name: {{ template "postgresql.fullname" . }} - image: {{ template "postgresql.image" . }} - imagePullPolicy: "{{ .Values.image.pullPolicy }}" - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- end }} - {{- if .Values.securityContext.enabled }} - securityContext: - runAsUser: {{ .Values.securityContext.runAsUser }} - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" .Values.image.debug | quote }} - - name: POSTGRESQL_PORT_NUMBER - value: "{{ template "postgresql.port" . }}" - - name: POSTGRESQL_VOLUME_DIR - value: "{{ .Values.persistence.mountPath }}" - {{- if .Values.postgresqlInitdbArgs }} - - name: POSTGRES_INITDB_ARGS - value: {{ .Values.postgresqlInitdbArgs | quote }} - {{- end }} - {{- if .Values.postgresqlInitdbWalDir }} - - name: POSTGRES_INITDB_WALDIR - value: {{ .Values.postgresqlInitdbWalDir | quote }} - {{- end }} - {{- if .Values.initdbUser }} - - name: POSTGRESQL_INITSCRIPTS_USERNAME - value: {{ .Values.initdbUser }} - {{- end }} - {{- if .Values.initdbPassword }} - - name: POSTGRESQL_INITSCRIPTS_PASSWORD - value: {{ .Values.initdbPassword }} - {{- end }} - {{- if .Values.persistence.mountPath }} - - name: PGDATA - value: {{ .Values.postgresqlDataDir | quote }} - {{- end }} - {{- if .Values.replication.enabled }} - - name: POSTGRES_REPLICATION_MODE - value: "master" - - name: POSTGRES_REPLICATION_USER - value: {{ include "postgresql.replication.username" . | quote }} - {{- if .Values.usePasswordFile }} - - name: POSTGRES_REPLICATION_PASSWORD_FILE - value: "/opt/bitnami/postgresql/secrets/postgresql-replication-password" - {{- else }} - - name: POSTGRES_REPLICATION_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "postgresql.secretName" . }} - key: postgresql-replication-password - {{- end }} - {{- if not (eq .Values.replication.synchronousCommit "off")}} - - name: POSTGRES_SYNCHRONOUS_COMMIT_MODE - value: {{ .Values.replication.synchronousCommit | quote }} - - name: POSTGRES_NUM_SYNCHRONOUS_REPLICAS - value: {{ .Values.replication.numSynchronousReplicas | quote }} - {{- end }} - - name: POSTGRES_CLUSTER_APP_NAME - value: {{ .Values.replication.applicationName }} - {{- end }} - {{- if and (not (eq .Values.postgresqlUsername "postgres")) (or .Values.postgresqlPostgresPassword (include "postgresql.useExistingSecret" .)) }} - {{- if .Values.usePasswordFile }} - - name: POSTGRES_POSTGRES_PASSWORD_FILE - value: "/opt/bitnami/postgresql/secrets/postgresql-postgres-password" - {{- else }} - - name: POSTGRES_POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "postgresql.secretName" . }} - key: postgresql-postgres-password - {{- end }} - {{- end }} - - name: POSTGRES_USER - value: {{ include "postgresql.username" . | quote }} - {{- if .Values.usePasswordFile }} - - name: POSTGRES_PASSWORD_FILE - value: "/opt/bitnami/postgresql/secrets/postgresql-password" - {{- else }} - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "postgresql.secretName" . }} - key: postgresql-password - {{- end }} - {{- if (include "postgresql.database" .) }} - - name: POSTGRES_DB - value: {{ (include "postgresql.database" .) | quote }} - {{- end }} - {{- if .Values.extraEnv }} - {{- include "postgresql.tplValue" (dict "value" .Values.extraEnv "context" $) | nindent 12 }} - {{- end }} - - name: POSTGRESQL_ENABLE_LDAP - value: {{ ternary "yes" "no" .Values.ldap.enabled | quote }} - {{- if .Values.ldap.enabled }} - - name: POSTGRESQL_LDAP_SERVER - value: {{ .Values.ldap.server }} - - name: POSTGRESQL_LDAP_PORT - value: {{ .Values.ldap.port | quote }} - - name: POSTGRESQL_LDAP_SCHEME - value: {{ .Values.ldap.scheme }} - {{- if .Values.ldap.tls }} - - name: POSTGRESQL_LDAP_TLS - value: "1" - {{- end}} - - name: POSTGRESQL_LDAP_PREFIX - value: {{ .Values.ldap.prefix | quote }} - - name: POSTGRESQL_LDAP_SUFFIX - value: {{ .Values.ldap.suffix | quote}} - - name: POSTGRESQL_LDAP_BASE_DN - value: {{ .Values.ldap.baseDN }} - - name: POSTGRESQL_LDAP_BIND_DN - value: {{ .Values.ldap.bindDN }} - {{- if (not (empty .Values.ldap.bind_password)) }} - - name: POSTGRESQL_LDAP_BIND_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "postgresql.secretName" . }} - key: postgresql-ldap-password - {{- end}} - - name: POSTGRESQL_LDAP_SEARCH_ATTR - value: {{ .Values.ldap.search_attr }} - - name: POSTGRESQL_LDAP_SEARCH_FILTER - value: {{ .Values.ldap.search_filter }} - - name: POSTGRESQL_LDAP_URL - value: {{ .Values.ldap.url }} - {{- end}} - - name: POSTGRESQL_ENABLE_TLS - value: {{ ternary "yes" "no" .Values.tls.enabled | quote }} - {{- if .Values.tls.enabled }} - - name: POSTGRESQL_TLS_PREFER_SERVER_CIPHERS - value: {{ ternary "yes" "no" .Values.tls.preferServerCiphers | quote }} - - name: POSTGRESQL_TLS_CERT_FILE - value: {{ template "postgresql.tlsCert" . }} - - name: POSTGRESQL_TLS_KEY_FILE - value: {{ template "postgresql.tlsCertKey" . }} - {{- if .Values.tls.certCAFilename }} - - name: POSTGRESQL_TLS_CA_FILE - value: {{ template "postgresql.tlsCACert" . }} - {{- end }} - {{- if .Values.tls.crlFilename }} - - name: POSTGRESQL_TLS_CRL_FILE - value: {{ template "postgresql.tlsCRL" . }} - {{- end }} - {{- end }} - {{- if .Values.extraEnvVarsCM }} - envFrom: - - configMapRef: - name: {{ tpl .Values.extraEnvVarsCM . }} - {{- end }} - ports: - - name: tcp-postgresql - containerPort: {{ template "postgresql.port" . }} - {{- if .Values.livenessProbe.enabled }} - livenessProbe: - exec: - command: - - /bin/sh - - -c - {{- if (include "postgresql.database" .) }} - - exec pg_isready -U {{ include "postgresql.username" . | quote }} -d "dbname={{ include "postgresql.database" . }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}{{- end }}" -h 127.0.0.1 -p {{ template "postgresql.port" . }} - {{- else }} - - exec pg_isready -U {{ include "postgresql.username" . | quote }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} -d "sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}"{{- end }} -h 127.0.0.1 -p {{ template "postgresql.port" . }} - {{- end }} - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.livenessProbe.failureThreshold }} - {{- end }} - {{- if .Values.readinessProbe.enabled }} - readinessProbe: - exec: - command: - - /bin/sh - - -c - - -e - {{- include "postgresql.readinessProbeCommand" . | nindent 16 }} - initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.readinessProbe.failureThreshold }} - {{- end }} - volumeMounts: - {{- if or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScriptsConfigMap .Values.initdbScripts }} - - name: custom-init-scripts - mountPath: /docker-entrypoint-initdb.d/ - {{- end }} - {{- if .Values.initdbScriptsSecret }} - - name: custom-init-scripts-secret - mountPath: /docker-entrypoint-initdb.d/secret - {{- end }} - {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }} - - name: postgresql-extended-config - mountPath: /bitnami/postgresql/conf/conf.d/ - {{- end }} - {{- if .Values.usePasswordFile }} - - name: postgresql-password - mountPath: /opt/bitnami/postgresql/secrets/ - {{- end }} - {{- if .Values.tls.enabled }} - - name: postgresql-certificates - mountPath: /opt/bitnami/postgresql/certs - readOnly: true - {{- end }} - {{- if .Values.shmVolume.enabled }} - - name: dshm - mountPath: /dev/shm - {{- end }} - {{- if .Values.persistence.enabled }} - - name: data - mountPath: {{ .Values.persistence.mountPath }} - subPath: {{ .Values.persistence.subPath }} - {{- end }} - {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap }} - - name: postgresql-config - mountPath: /bitnami/postgresql/conf - {{- end }} - {{- if .Values.master.extraVolumeMounts }} - {{- toYaml .Values.master.extraVolumeMounts | nindent 12 }} - {{- end }} -{{- if .Values.master.sidecars }} -{{- include "postgresql.tplValue" ( dict "value" .Values.master.sidecars "context" $ ) | nindent 8 }} -{{- end }} -{{- if .Values.metrics.enabled }} - - name: metrics - image: {{ template "postgresql.metrics.image" . }} - imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} - {{- if .Values.metrics.securityContext.enabled }} - securityContext: - runAsUser: {{ .Values.metrics.securityContext.runAsUser }} - {{- end }} - env: - {{- $database := required "In order to enable metrics you need to specify a database (.Values.postgresqlDatabase or .Values.global.postgresql.postgresqlDatabase)" (include "postgresql.database" .) }} - {{- $sslmode := ternary "require" "disable" .Values.tls.enabled }} - {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} - - name: DATA_SOURCE_NAME - value: {{ printf "host=127.0.0.1 port=%d user=%s sslmode=%s sslcert=%s sslkey=%s" (int (include "postgresql.port" .)) (include "postgresql.username" .) $sslmode (include "postgresql.tlsCert" .) (include "postgresql.tlsCertKey" .) }} - {{- else }} - - name: DATA_SOURCE_URI - value: {{ printf "127.0.0.1:%d/%s?sslmode=%s" (int (include "postgresql.port" .)) $database $sslmode }} - {{- end }} - {{- if .Values.usePasswordFile }} - - name: DATA_SOURCE_PASS_FILE - value: "/opt/bitnami/postgresql/secrets/postgresql-password" - {{- else }} - - name: DATA_SOURCE_PASS - valueFrom: - secretKeyRef: - name: {{ template "postgresql.secretName" . }} - key: postgresql-password - {{- end }} - - name: DATA_SOURCE_USER - value: {{ template "postgresql.username" . }} - {{- if .Values.metrics.extraEnvVars }} - {{- include "postgresql.tplValue" (dict "value" .Values.metrics.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: / - port: http-metrics - initialDelaySeconds: {{ .Values.metrics.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.metrics.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.metrics.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.metrics.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.metrics.livenessProbe.failureThreshold }} - {{- end }} - {{- if .Values.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: / - port: http-metrics - initialDelaySeconds: {{ .Values.metrics.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.metrics.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.metrics.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.metrics.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.metrics.readinessProbe.failureThreshold }} - {{- end }} - volumeMounts: - {{- if .Values.usePasswordFile }} - - name: postgresql-password - mountPath: /opt/bitnami/postgresql/secrets/ - {{- end }} - {{- if .Values.tls.enabled }} - - name: postgresql-certificates - mountPath: /opt/bitnami/postgresql/certs - readOnly: true - {{- end }} - {{- if .Values.metrics.customMetrics }} - - name: custom-metrics - mountPath: /conf - readOnly: true - args: ["--extend.query-path", "/conf/custom-metrics.yaml"] - {{- end }} - ports: - - name: http-metrics - containerPort: 9187 - {{- if .Values.metrics.resources }} - resources: {{- toYaml .Values.metrics.resources | nindent 12 }} - {{- end }} -{{- end }} - volumes: - {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap}} - - name: postgresql-config - configMap: - name: {{ template "postgresql.configurationCM" . }} - {{- end }} - {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }} - - name: postgresql-extended-config - configMap: - name: {{ template "postgresql.extendedConfigurationCM" . }} - {{- end }} - {{- if .Values.usePasswordFile }} - - name: postgresql-password - secret: - secretName: {{ template "postgresql.secretName" . }} - {{- end }} - {{- if or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScriptsConfigMap .Values.initdbScripts }} - - name: custom-init-scripts - configMap: - name: {{ template "postgresql.initdbScriptsCM" . }} - {{- end }} - {{- if .Values.initdbScriptsSecret }} - - name: custom-init-scripts-secret - secret: - secretName: {{ template "postgresql.initdbScriptsSecret" . }} - {{- end }} - {{- if .Values.tls.enabled }} - - name: raw-certificates - secret: - secretName: {{ required "A secret containing TLS certificates is required when TLS is enabled" .Values.tls.certificatesSecret }} - - name: postgresql-certificates - emptyDir: {} - {{- end }} - {{- if .Values.master.extraVolumes }} - {{- toYaml .Values.master.extraVolumes | nindent 8 }} - {{- end }} - {{- if and .Values.metrics.enabled .Values.metrics.customMetrics }} - - name: custom-metrics - configMap: - name: {{ template "postgresql.metricsCM" . }} - {{- end }} - {{- if .Values.shmVolume.enabled }} - - name: dshm - emptyDir: - medium: Memory - sizeLimit: 1Gi - {{- end }} -{{- if and .Values.persistence.enabled .Values.persistence.existingClaim }} - - name: data - persistentVolumeClaim: -{{- with .Values.persistence.existingClaim }} - claimName: {{ tpl . $ }} -{{- end }} -{{- else if not .Values.persistence.enabled }} - - name: data - emptyDir: {} -{{- else if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} - volumeClaimTemplates: - - metadata: - name: data - {{- with .Values.persistence.annotations }} - annotations: - {{- range $key, $value := . }} - {{ $key }}: {{ $value }} - {{- end }} - {{- end }} - spec: - accessModes: - {{- range .Values.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - {{ include "postgresql.storageClass" . }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/svc-headless.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/svc-headless.yaml deleted file mode 100755 index 49131578a..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/svc-headless.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "postgresql.fullname" . }}-headless - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - type: ClusterIP - clusterIP: None - ports: - - name: tcp-postgresql - port: {{ template "postgresql.port" . }} - targetPort: tcp-postgresql - selector: - {{- include "common.labels.matchLabels" . | nindent 4 }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/svc-read.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/svc-read.yaml deleted file mode 100755 index 885c7bb04..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/svc-read.yaml +++ /dev/null @@ -1,42 +0,0 @@ -{{- if .Values.replication.enabled }} -{{- $serviceAnnotations := coalesce .Values.slave.service.annotations .Values.service.annotations -}} -{{- $serviceType := coalesce .Values.slave.service.type .Values.service.type -}} -{{- $serviceLoadBalancerIP := coalesce .Values.slave.service.loadBalancerIP .Values.service.loadBalancerIP -}} -{{- $serviceLoadBalancerSourceRanges := coalesce .Values.slave.service.loadBalancerSourceRanges .Values.service.loadBalancerSourceRanges -}} -{{- $serviceClusterIP := coalesce .Values.slave.service.clusterIP .Values.service.clusterIP -}} -{{- $serviceNodePort := coalesce .Values.slave.service.nodePort .Values.service.nodePort -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "postgresql.fullname" . }}-read - labels: - {{- include "common.labels.standard" . | nindent 4 }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if $serviceAnnotations }} - {{- include "postgresql.tplValue" (dict "value" $serviceAnnotations "context" $) | nindent 4 }} - {{- end }} -spec: - type: {{ $serviceType }} - {{- if and $serviceLoadBalancerIP (eq $serviceType "LoadBalancer") }} - loadBalancerIP: {{ $serviceLoadBalancerIP }} - {{- end }} - {{- if and (eq $serviceType "LoadBalancer") $serviceLoadBalancerSourceRanges }} - loadBalancerSourceRanges: {{- include "postgresql.tplValue" (dict "value" $serviceLoadBalancerSourceRanges "context" $) | nindent 4 }} - {{- end }} - {{- if and (eq $serviceType "ClusterIP") $serviceClusterIP }} - clusterIP: {{ $serviceClusterIP }} - {{- end }} - ports: - - name: tcp-postgresql - port: {{ template "postgresql.port" . }} - targetPort: tcp-postgresql - {{- if $serviceNodePort }} - nodePort: {{ $serviceNodePort }} - {{- end }} - selector: - {{- include "common.labels.matchLabels" . | nindent 4 }} - role: slave -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/svc.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/svc.yaml deleted file mode 100755 index e9fc50456..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/svc.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- $serviceAnnotations := coalesce .Values.master.service.annotations .Values.service.annotations -}} -{{- $serviceType := coalesce .Values.master.service.type .Values.service.type -}} -{{- $serviceLoadBalancerIP := coalesce .Values.master.service.loadBalancerIP .Values.service.loadBalancerIP -}} -{{- $serviceLoadBalancerSourceRanges := coalesce .Values.master.service.loadBalancerSourceRanges .Values.service.loadBalancerSourceRanges -}} -{{- $serviceClusterIP := coalesce .Values.master.service.clusterIP .Values.service.clusterIP -}} -{{- $serviceNodePort := coalesce .Values.master.service.nodePort .Values.service.nodePort -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "postgresql.fullname" . }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if $serviceAnnotations }} - {{- include "postgresql.tplValue" (dict "value" $serviceAnnotations "context" $) | nindent 4 }} - {{- end }} -spec: - type: {{ $serviceType }} - {{- if and $serviceLoadBalancerIP (eq $serviceType "LoadBalancer") }} - loadBalancerIP: {{ $serviceLoadBalancerIP }} - {{- end }} - {{- if and (eq $serviceType "LoadBalancer") $serviceLoadBalancerSourceRanges }} - loadBalancerSourceRanges: {{- include "postgresql.tplValue" (dict "value" $serviceLoadBalancerSourceRanges "context" $) | nindent 4 }} - {{- end }} - {{- if and (eq $serviceType "ClusterIP") $serviceClusterIP }} - clusterIP: {{ $serviceClusterIP }} - {{- end }} - ports: - - name: tcp-postgresql - port: {{ template "postgresql.port" . }} - targetPort: tcp-postgresql - {{- if $serviceNodePort }} - nodePort: {{ $serviceNodePort }} - {{- end }} - selector: - {{- include "common.labels.matchLabels" . | nindent 4 }} - role: master diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/values-production.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/values-production.yaml deleted file mode 100755 index c08014549..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/values-production.yaml +++ /dev/null @@ -1,594 +0,0 @@ -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry and imagePullSecrets -## -global: - postgresql: {} -# imageRegistry: myRegistryName -# imagePullSecrets: -# - myRegistryKeySecretName -# storageClass: myStorageClass - -## Bitnami PostgreSQL image version -## ref: https://hub.docker.com/r/bitnami/postgresql/tags/ -## -image: - registry: docker.io - repository: bitnami/postgresql - tag: 11.9.0-debian-10-r1 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - - ## Set to true if you would like to see extra information on logs - ## It turns BASH and NAMI debugging in minideb - ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging - debug: false - -## String to partially override postgresql.fullname template (will maintain the release name) -## -# nameOverride: - -## String to fully override postgresql.fullname template -## -# fullnameOverride: - -## -## Init containers parameters: -## volumePermissions: Change the owner of the persist volume mountpoint to RunAsUser:fsGroup -## -volumePermissions: - enabled: false - image: - registry: docker.io - repository: bitnami/minideb - tag: buster - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: Always - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - ## Init container Security Context - ## Note: the chown of the data folder is done to securityContext.runAsUser - ## and not the below volumePermissions.securityContext.runAsUser - ## When runAsUser is set to special value "auto", init container will try to chwon the - ## data folder to autodetermined user&group, using commands: `id -u`:`id -G | cut -d" " -f2` - ## "auto" is especially useful for OpenShift which has scc with dynamic userids (and 0 is not allowed). - ## You may want to use this volumePermissions.securityContext.runAsUser="auto" in combination with - ## pod securityContext.enabled=false and shmVolume.chmod.enabled=false - ## - securityContext: - runAsUser: 0 - -## Use an alternate scheduler, e.g. "stork". -## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ -## -# schedulerName: - -## Pod Security Context -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ -## -securityContext: - enabled: true - fsGroup: 1001 - runAsUser: 1001 - -## Pod Service Account -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ -serviceAccount: - enabled: false - ## Name of an already existing service account. Setting this value disables the automatic service account creation. - # name: - -## Pod Security Policy -## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ -psp: - create: false - -## Creates role for ServiceAccount -## Required for PSP -rbac: - create: false - -replication: - enabled: true - user: repl_user - password: repl_password - slaveReplicas: 2 - ## Set synchronous commit mode: on, off, remote_apply, remote_write and local - ## ref: https://www.postgresql.org/docs/9.6/runtime-config-wal.html#GUC-WAL-LEVEL - synchronousCommit: 'on' - ## From the number of `slaveReplicas` defined above, set the number of those that will have synchronous replication - ## NOTE: It cannot be > slaveReplicas - numSynchronousReplicas: 1 - ## Replication Cluster application name. Useful for defining multiple replication policies - applicationName: my_application - -## PostgreSQL admin password (used when `postgresqlUsername` is not `postgres`) -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-user-on-first-run (see note!) -# postgresqlPostgresPassword: - -## PostgreSQL user (has superuser privileges if username is `postgres`) -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run -postgresqlUsername: postgres - -## PostgreSQL password -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run -## -# postgresqlPassword: - -## PostgreSQL password using existing secret -## existingSecret: secret - -## Mount PostgreSQL secret as a file instead of passing environment variable -# usePasswordFile: false - -## Create a database -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-on-first-run -## -# postgresqlDatabase: - -## PostgreSQL data dir -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md -## -postgresqlDataDir: /bitnami/postgresql/data - -## An array to add extra environment variables -## For example: -## extraEnv: -## - name: FOO -## value: "bar" -## -# extraEnv: -extraEnv: [] - -## Name of a ConfigMap containing extra env vars -## -# extraEnvVarsCM: - -## Specify extra initdb args -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md -## -# postgresqlInitdbArgs: - -## Specify a custom location for the PostgreSQL transaction log -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md -## -# postgresqlInitdbWalDir: - -## PostgreSQL configuration -## Specify runtime configuration parameters as a dict, using camelCase, e.g. -## {"sharedBuffers": "500MB"} -## Alternatively, you can put your postgresql.conf under the files/ directory -## ref: https://www.postgresql.org/docs/current/static/runtime-config.html -## -# postgresqlConfiguration: - -## PostgreSQL extended configuration -## As above, but _appended_ to the main configuration -## Alternatively, you can put your *.conf under the files/conf.d/ directory -## https://github.com/bitnami/bitnami-docker-postgresql#allow-settings-to-be-loaded-from-files-other-than-the-default-postgresqlconf -## -# postgresqlExtendedConf: - -## PostgreSQL client authentication configuration -## Specify content for pg_hba.conf -## Default: do not create pg_hba.conf -## Alternatively, you can put your pg_hba.conf under the files/ directory -# pgHbaConfiguration: |- -# local all all trust -# host all all localhost trust -# host mydatabase mysuser 192.168.0.0/24 md5 - -## ConfigMap with PostgreSQL configuration -## NOTE: This will override postgresqlConfiguration and pgHbaConfiguration -# configurationConfigMap: - -## ConfigMap with PostgreSQL extended configuration -# extendedConfConfigMap: - -## initdb scripts -## Specify dictionary of scripts to be run at first boot -## Alternatively, you can put your scripts under the files/docker-entrypoint-initdb.d directory -## -# initdbScripts: -# my_init_script.sh: | -# #!/bin/sh -# echo "Do something." - -## Specify the PostgreSQL username and password to execute the initdb scripts -# initdbUser: -# initdbPassword: - -## ConfigMap with scripts to be run at first boot -## NOTE: This will override initdbScripts -# initdbScriptsConfigMap: - -## Secret with scripts to be run at first boot (in case it contains sensitive information) -## NOTE: This can work along initdbScripts or initdbScriptsConfigMap -# initdbScriptsSecret: - -## Optional duration in seconds the pod needs to terminate gracefully. -## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods -## -# terminationGracePeriodSeconds: 30 - -## LDAP configuration -## -ldap: - enabled: false - url: '' - server: '' - port: '' - prefix: '' - suffix: '' - baseDN: '' - bindDN: '' - bind_password: - search_attr: '' - search_filter: '' - scheme: '' - tls: false - -## PostgreSQL service configuration -service: - ## PosgresSQL service type - type: ClusterIP - # clusterIP: None - port: 5432 - - ## Specify the nodePort value for the LoadBalancer and NodePort service types. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## - # nodePort: - - ## Provide any additional annotations which may be required. Evaluated as a template. - ## - annotations: {} - ## Set the LoadBalancer service type to internal only. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - # loadBalancerIP: - ## Load Balancer sources. Evaluated as a template. - ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## - # loadBalancerSourceRanges: - # - 10.10.10.0/24 - -## Start master and slave(s) pod(s) without limitations on shm memory. -## By default docker and containerd (and possibly other container runtimes) -## limit `/dev/shm` to `64M` (see e.g. the -## [docker issue](https://github.com/docker-library/postgres/issues/416) and the -## [containerd issue](https://github.com/containerd/containerd/issues/3654), -## which could be not enough if PostgreSQL uses parallel workers heavily. -## -shmVolume: - ## Set `shmVolume.enabled` to `true` to mount a new tmpfs volume to remove - ## this limitation. - ## - enabled: true - ## Set to `true` to `chmod 777 /dev/shm` on a initContainer. - ## This option is ingored if `volumePermissions.enabled` is `false` - ## - chmod: - enabled: true - -## PostgreSQL data Persistent Volume Storage Class -## If defined, storageClassName: -## If set to "-", storageClassName: "", which disables dynamic provisioning -## If undefined (the default) or set to null, no storageClassName spec is -## set, choosing the default provisioner. (gp2 on AWS, standard on -## GKE, AWS & OpenStack) -## -persistence: - enabled: true - ## A manually managed Persistent Volume and Claim - ## If defined, PVC must be created manually before volume will be bound - ## The value is evaluated as a template, so, for example, the name can depend on .Release or .Chart - ## - # existingClaim: - - ## The path the volume will be mounted at, useful when using different - ## PostgreSQL images. - ## - mountPath: /bitnami/postgresql - - ## The subdirectory of the volume to mount to, useful in dev environments - ## and one PV for multiple services. - ## - subPath: '' - - # storageClass: "-" - accessModes: - - ReadWriteOnce - size: 8Gi - annotations: {} - -## updateStrategy for PostgreSQL StatefulSet and its slaves StatefulSets -## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies -updateStrategy: - type: RollingUpdate - -## -## PostgreSQL Master parameters -## -master: - ## Node, affinity, tolerations, and priorityclass settings for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature - ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption - nodeSelector: {} - affinity: {} - tolerations: [] - labels: {} - annotations: {} - podLabels: {} - podAnnotations: {} - priorityClassName: '' - ## Additional PostgreSQL Master Volume mounts - ## - extraVolumeMounts: [] - ## Additional PostgreSQL Master Volumes - ## - extraVolumes: [] - ## Add sidecars to the pod - ## - ## For example: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - sidecars: [] - - ## Override the service configuration for master - ## - service: {} - # type: - # nodePort: - # clusterIP: - -## -## PostgreSQL Slave parameters -## -slave: - ## Node, affinity, tolerations, and priorityclass settings for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature - ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption - nodeSelector: {} - affinity: {} - tolerations: [] - labels: {} - annotations: {} - podLabels: {} - podAnnotations: {} - priorityClassName: '' - ## Extra init containers - ## Example - ## - ## extraInitContainers: - ## - name: do-something - ## image: busybox - ## command: ['do', 'something'] - extraInitContainers: [] - ## Additional PostgreSQL Slave Volume mounts - ## - extraVolumeMounts: [] - ## Additional PostgreSQL Slave Volumes - ## - extraVolumes: [] - ## Add sidecars to the pod - ## - ## For example: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - sidecars: [] - - ## Override the service configuration for slave - ## - service: {} - # type: - # nodePort: - # clusterIP: - ## Whether to enable PostgreSQL slave replicas data Persistent - ## - persistence: - enabled: true - -## Configure resource requests and limits -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## -resources: - requests: - memory: 256Mi - cpu: 250m - -## Add annotations to all the deployed resources -## -commonAnnotations: {} - -networkPolicy: - ## Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now. - ## - enabled: false - - ## The Policy model to apply. When set to false, only pods with the correct - ## client label will have network access to the port PostgreSQL is listening - ## on. When true, PostgreSQL will accept connections from any source - ## (with the correct destination port). - ## - allowExternal: true - - ## if explicitNamespacesSelector is missing or set to {}, only client Pods that are in the networkPolicy's namespace - ## and that match other criteria, the ones that have the good label, can reach the DB. - ## But sometimes, we want the DB to be accessible to clients from other namespaces, in this case, we can use this - ## LabelSelector to select these namespaces, note that the networkPolicy's namespace should also be explicitly added. - ## - ## Example: - ## explicitNamespacesSelector: - ## matchLabels: - ## role: frontend - ## matchExpressions: - ## - {key: role, operator: In, values: [frontend]} - explicitNamespacesSelector: {} - -## Configure extra options for liveness and readiness probes -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) -livenessProbe: - enabled: true - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - -readinessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - -## -## TLS configuration -## -tls: - # Enable TLS traffic - enabled: false - # - # Whether to use the server's TLS cipher preferences rather than the client's. - preferServerCiphers: true - # - # Name of the Secret that contains the certificates - certificatesSecret: '' - # - # Certificate filename - certFilename: '' - # - # Certificate Key filename - certKeyFilename: '' - # - # CA Certificate filename - # If provided, PostgreSQL will authenticate TLS/SSL clients by requesting them a certificate - # ref: https://www.postgresql.org/docs/9.6/auth-methods.html - certCAFilename: - # - # File containing a Certificate Revocation List - crlFilename: - -## Configure metrics exporter -## -metrics: - enabled: true - # resources: {} - service: - type: ClusterIP - annotations: - prometheus.io/scrape: 'true' - prometheus.io/port: '9187' - loadBalancerIP: - serviceMonitor: - enabled: false - additionalLabels: {} - # namespace: monitoring - # interval: 30s - # scrapeTimeout: 10s - ## Custom PrometheusRule to be defined - ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart - ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions - prometheusRule: - enabled: false - additionalLabels: {} - namespace: '' - ## These are just examples rules, please adapt them to your needs. - ## Make sure to constraint the rules to the current postgresql service. - ## rules: - ## - alert: HugeReplicationLag - ## expr: pg_replication_lag{service="{{ template "postgresql.fullname" . }}-metrics"} / 3600 > 1 - ## for: 1m - ## labels: - ## severity: critical - ## annotations: - ## description: replication for {{ template "postgresql.fullname" . }} PostgreSQL is lagging by {{ "{{ $value }}" }} hour(s). - ## summary: PostgreSQL replication is lagging by {{ "{{ $value }}" }} hour(s). - rules: [] - - image: - registry: docker.io - repository: bitnami/postgres-exporter - tag: 0.8.0-debian-10-r188 - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - ## Define additional custom metrics - ## ref: https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file - # customMetrics: - # pg_database: - # query: "SELECT d.datname AS name, CASE WHEN pg_catalog.has_database_privilege(d.datname, 'CONNECT') THEN pg_catalog.pg_database_size(d.datname) ELSE 0 END AS size FROM pg_catalog.pg_database d where datname not in ('template0', 'template1', 'postgres')" - # metrics: - # - name: - # usage: "LABEL" - # description: "Name of the database" - # - size_bytes: - # usage: "GAUGE" - # description: "Size of the database in bytes" - ## An array to add extra env vars to configure postgres-exporter - ## see: https://github.com/wrouesnel/postgres_exporter#environment-variables - ## For example: - # extraEnvVars: - # - name: PG_EXPORTER_DISABLE_DEFAULT_METRICS - # value: "true" - extraEnvVars: {} - - ## Pod Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - ## - securityContext: - enabled: false - runAsUser: 1001 - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) - ## Configure extra options for liveness and readiness probes - livenessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - - readinessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/values.schema.json b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/values.schema.json deleted file mode 100755 index 7b5e2efc3..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/values.schema.json +++ /dev/null @@ -1,103 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "type": "object", - "properties": { - "postgresqlUsername": { - "type": "string", - "title": "Admin user", - "form": true - }, - "postgresqlPassword": { - "type": "string", - "title": "Password", - "form": true - }, - "persistence": { - "type": "object", - "properties": { - "size": { - "type": "string", - "title": "Persistent Volume Size", - "form": true, - "render": "slider", - "sliderMin": 1, - "sliderMax": 100, - "sliderUnit": "Gi" - } - } - }, - "resources": { - "type": "object", - "title": "Required Resources", - "description": "Configure resource requests", - "form": true, - "properties": { - "requests": { - "type": "object", - "properties": { - "memory": { - "type": "string", - "form": true, - "render": "slider", - "title": "Memory Request", - "sliderMin": 10, - "sliderMax": 2048, - "sliderUnit": "Mi" - }, - "cpu": { - "type": "string", - "form": true, - "render": "slider", - "title": "CPU Request", - "sliderMin": 10, - "sliderMax": 2000, - "sliderUnit": "m" - } - } - } - } - }, - "replication": { - "type": "object", - "form": true, - "title": "Replication Details", - "properties": { - "enabled": { - "type": "boolean", - "title": "Enable Replication", - "form": true - }, - "slaveReplicas": { - "type": "integer", - "title": "Slave Replicas", - "form": true, - "hidden": { - "value": false, - "path": "replication/enabled" - } - } - } - }, - "volumePermissions": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "form": true, - "title": "Enable Init Containers", - "description": "Change the owner of the persist volume mountpoint to RunAsUser:fsGroup" - } - } - }, - "metrics": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "title": "Configure metrics exporter", - "form": true - } - } - } - } -} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/values.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/values.yaml deleted file mode 100755 index f45c4183d..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/values.yaml +++ /dev/null @@ -1,600 +0,0 @@ -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry and imagePullSecrets -## -global: - postgresql: {} -# imageRegistry: myRegistryName -# imagePullSecrets: -# - myRegistryKeySecretName -# storageClass: myStorageClass - -## Bitnami PostgreSQL image version -## ref: https://hub.docker.com/r/bitnami/postgresql/tags/ -## -image: - registry: docker.io - repository: bitnami/postgresql - tag: 11.9.0-debian-10-r1 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - - ## Set to true if you would like to see extra information on logs - ## It turns BASH and NAMI debugging in minideb - ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging - debug: false - -## String to partially override postgresql.fullname template (will maintain the release name) -## -# nameOverride: - -## String to fully override postgresql.fullname template -## -# fullnameOverride: - -## -## Init containers parameters: -## volumePermissions: Change the owner of the persist volume mountpoint to RunAsUser:fsGroup -## -volumePermissions: - enabled: false - image: - registry: docker.io - repository: bitnami/minideb - tag: buster - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: Always - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - ## Init container Security Context - ## Note: the chown of the data folder is done to securityContext.runAsUser - ## and not the below volumePermissions.securityContext.runAsUser - ## When runAsUser is set to special value "auto", init container will try to chwon the - ## data folder to autodetermined user&group, using commands: `id -u`:`id -G | cut -d" " -f2` - ## "auto" is especially useful for OpenShift which has scc with dynamic userids (and 0 is not allowed). - ## You may want to use this volumePermissions.securityContext.runAsUser="auto" in combination with - ## pod securityContext.enabled=false and shmVolume.chmod.enabled=false - ## - securityContext: - runAsUser: 0 - -## Use an alternate scheduler, e.g. "stork". -## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ -## -# schedulerName: - -## Pod Security Context -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ -## -securityContext: - enabled: true - fsGroup: 1001 - runAsUser: 1001 - -## Pod Service Account -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ -serviceAccount: - enabled: false - ## Name of an already existing service account. Setting this value disables the automatic service account creation. - # name: - -## Pod Security Policy -## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ -psp: - create: false - -## Creates role for ServiceAccount -## Required for PSP -rbac: - create: false - -replication: - enabled: false - user: repl_user - password: repl_password - slaveReplicas: 1 - ## Set synchronous commit mode: on, off, remote_apply, remote_write and local - ## ref: https://www.postgresql.org/docs/9.6/runtime-config-wal.html#GUC-WAL-LEVEL - synchronousCommit: 'off' - ## From the number of `slaveReplicas` defined above, set the number of those that will have synchronous replication - ## NOTE: It cannot be > slaveReplicas - numSynchronousReplicas: 0 - ## Replication Cluster application name. Useful for defining multiple replication policies - applicationName: my_application - -## PostgreSQL admin password (used when `postgresqlUsername` is not `postgres`) -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-user-on-first-run (see note!) -# postgresqlPostgresPassword: - -## PostgreSQL user (has superuser privileges if username is `postgres`) -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run -postgresqlUsername: postgres - -## PostgreSQL password -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run -## -# postgresqlPassword: - -## PostgreSQL password using existing secret -## existingSecret: secret - -## Mount PostgreSQL secret as a file instead of passing environment variable -# usePasswordFile: false - -## Create a database -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-on-first-run -## -# postgresqlDatabase: - -## PostgreSQL data dir -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md -## -postgresqlDataDir: /bitnami/postgresql/data - -## An array to add extra environment variables -## For example: -## extraEnv: -## - name: FOO -## value: "bar" -## -# extraEnv: -extraEnv: [] - -## Name of a ConfigMap containing extra env vars -## -# extraEnvVarsCM: - -## Specify extra initdb args -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md -## -# postgresqlInitdbArgs: - -## Specify a custom location for the PostgreSQL transaction log -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md -## -# postgresqlInitdbWalDir: - -## PostgreSQL configuration -## Specify runtime configuration parameters as a dict, using camelCase, e.g. -## {"sharedBuffers": "500MB"} -## Alternatively, you can put your postgresql.conf under the files/ directory -## ref: https://www.postgresql.org/docs/current/static/runtime-config.html -## -# postgresqlConfiguration: - -## PostgreSQL extended configuration -## As above, but _appended_ to the main configuration -## Alternatively, you can put your *.conf under the files/conf.d/ directory -## https://github.com/bitnami/bitnami-docker-postgresql#allow-settings-to-be-loaded-from-files-other-than-the-default-postgresqlconf -## -# postgresqlExtendedConf: - -## PostgreSQL client authentication configuration -## Specify content for pg_hba.conf -## Default: do not create pg_hba.conf -## Alternatively, you can put your pg_hba.conf under the files/ directory -# pgHbaConfiguration: |- -# local all all trust -# host all all localhost trust -# host mydatabase mysuser 192.168.0.0/24 md5 - -## ConfigMap with PostgreSQL configuration -## NOTE: This will override postgresqlConfiguration and pgHbaConfiguration -# configurationConfigMap: - -## ConfigMap with PostgreSQL extended configuration -# extendedConfConfigMap: - -## initdb scripts -## Specify dictionary of scripts to be run at first boot -## Alternatively, you can put your scripts under the files/docker-entrypoint-initdb.d directory -## -# initdbScripts: -# my_init_script.sh: | -# #!/bin/sh -# echo "Do something." - -## ConfigMap with scripts to be run at first boot -## NOTE: This will override initdbScripts -# initdbScriptsConfigMap: - -## Secret with scripts to be run at first boot (in case it contains sensitive information) -## NOTE: This can work along initdbScripts or initdbScriptsConfigMap -# initdbScriptsSecret: - -## Specify the PostgreSQL username and password to execute the initdb scripts -# initdbUser: -# initdbPassword: - -## Optional duration in seconds the pod needs to terminate gracefully. -## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods -## -# terminationGracePeriodSeconds: 30 - -## LDAP configuration -## -ldap: - enabled: false - url: '' - server: '' - port: '' - prefix: '' - suffix: '' - baseDN: '' - bindDN: '' - bind_password: - search_attr: '' - search_filter: '' - scheme: '' - tls: false - -## PostgreSQL service configuration -service: - ## PosgresSQL service type - type: ClusterIP - # clusterIP: None - port: 5432 - - ## Specify the nodePort value for the LoadBalancer and NodePort service types. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## - # nodePort: - - ## Provide any additional annotations which may be required. Evaluated as a template. - ## - annotations: {} - ## Set the LoadBalancer service type to internal only. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - # loadBalancerIP: - ## Load Balancer sources. Evaluated as a template. - ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## - # loadBalancerSourceRanges: - # - 10.10.10.0/24 - -## Start master and slave(s) pod(s) without limitations on shm memory. -## By default docker and containerd (and possibly other container runtimes) -## limit `/dev/shm` to `64M` (see e.g. the -## [docker issue](https://github.com/docker-library/postgres/issues/416) and the -## [containerd issue](https://github.com/containerd/containerd/issues/3654), -## which could be not enough if PostgreSQL uses parallel workers heavily. -## -shmVolume: - ## Set `shmVolume.enabled` to `true` to mount a new tmpfs volume to remove - ## this limitation. - ## - enabled: true - ## Set to `true` to `chmod 777 /dev/shm` on a initContainer. - ## This option is ingored if `volumePermissions.enabled` is `false` - ## - chmod: - enabled: true - -## PostgreSQL data Persistent Volume Storage Class -## If defined, storageClassName: -## If set to "-", storageClassName: "", which disables dynamic provisioning -## If undefined (the default) or set to null, no storageClassName spec is -## set, choosing the default provisioner. (gp2 on AWS, standard on -## GKE, AWS & OpenStack) -## -persistence: - enabled: true - ## A manually managed Persistent Volume and Claim - ## If defined, PVC must be created manually before volume will be bound - ## The value is evaluated as a template, so, for example, the name can depend on .Release or .Chart - ## - # existingClaim: - - ## The path the volume will be mounted at, useful when using different - ## PostgreSQL images. - ## - mountPath: /bitnami/postgresql - - ## The subdirectory of the volume to mount to, useful in dev environments - ## and one PV for multiple services. - ## - subPath: '' - - # storageClass: "-" - accessModes: - - ReadWriteOnce - size: 8Gi - annotations: {} - -## updateStrategy for PostgreSQL StatefulSet and its slaves StatefulSets -## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies -updateStrategy: - type: RollingUpdate - -## -## PostgreSQL Master parameters -## -master: - ## Node, affinity, tolerations, and priorityclass settings for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature - ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption - nodeSelector: {} - affinity: {} - tolerations: [] - labels: {} - annotations: {} - podLabels: {} - podAnnotations: {} - priorityClassName: '' - ## Extra init containers - ## Example - ## - ## extraInitContainers: - ## - name: do-something - ## image: busybox - ## command: ['do', 'something'] - extraInitContainers: [] - - ## Additional PostgreSQL Master Volume mounts - ## - extraVolumeMounts: [] - ## Additional PostgreSQL Master Volumes - ## - extraVolumes: [] - ## Add sidecars to the pod - ## - ## For example: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - sidecars: [] - - ## Override the service configuration for master - ## - service: {} - # type: - # nodePort: - # clusterIP: - -## -## PostgreSQL Slave parameters -## -slave: - ## Node, affinity, tolerations, and priorityclass settings for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature - ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption - nodeSelector: {} - affinity: {} - tolerations: [] - labels: {} - annotations: {} - podLabels: {} - podAnnotations: {} - priorityClassName: '' - extraInitContainers: | - # - name: do-something - # image: busybox - # command: ['do', 'something'] - ## Additional PostgreSQL Slave Volume mounts - ## - extraVolumeMounts: [] - ## Additional PostgreSQL Slave Volumes - ## - extraVolumes: [] - ## Add sidecars to the pod - ## - ## For example: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - sidecars: [] - - ## Override the service configuration for slave - ## - service: {} - # type: - # nodePort: - # clusterIP: - ## Whether to enable PostgreSQL slave replicas data Persistent - ## - persistence: - enabled: true - -## Configure resource requests and limits -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## -resources: - requests: - memory: 256Mi - cpu: 250m - -## Add annotations to all the deployed resources -## -commonAnnotations: {} - -networkPolicy: - ## Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now. - ## - enabled: false - - ## The Policy model to apply. When set to false, only pods with the correct - ## client label will have network access to the port PostgreSQL is listening - ## on. When true, PostgreSQL will accept connections from any source - ## (with the correct destination port). - ## - allowExternal: true - - ## if explicitNamespacesSelector is missing or set to {}, only client Pods that are in the networkPolicy's namespace - ## and that match other criteria, the ones that have the good label, can reach the DB. - ## But sometimes, we want the DB to be accessible to clients from other namespaces, in this case, we can use this - ## LabelSelector to select these namespaces, note that the networkPolicy's namespace should also be explicitly added. - ## - ## Example: - ## explicitNamespacesSelector: - ## matchLabels: - ## role: frontend - ## matchExpressions: - ## - {key: role, operator: In, values: [frontend]} - explicitNamespacesSelector: {} - -## Configure extra options for liveness and readiness probes -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) -livenessProbe: - enabled: true - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - -readinessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - -## -## TLS configuration -## -tls: - # Enable TLS traffic - enabled: false - # - # Whether to use the server's TLS cipher preferences rather than the client's. - preferServerCiphers: true - # - # Name of the Secret that contains the certificates - certificatesSecret: '' - # - # Certificate filename - certFilename: '' - # - # Certificate Key filename - certKeyFilename: '' - # - # CA Certificate filename - # If provided, PostgreSQL will authenticate TLS/SSL clients by requesting them a certificate - # ref: https://www.postgresql.org/docs/9.6/auth-methods.html - certCAFilename: - # - # File containing a Certificate Revocation List - crlFilename: - -## Configure metrics exporter -## -metrics: - enabled: false - # resources: {} - service: - type: ClusterIP - annotations: - prometheus.io/scrape: 'true' - prometheus.io/port: '9187' - loadBalancerIP: - serviceMonitor: - enabled: false - additionalLabels: {} - # namespace: monitoring - # interval: 30s - # scrapeTimeout: 10s - ## Custom PrometheusRule to be defined - ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart - ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions - prometheusRule: - enabled: false - additionalLabels: {} - namespace: '' - ## These are just examples rules, please adapt them to your needs. - ## Make sure to constraint the rules to the current postgresql service. - ## rules: - ## - alert: HugeReplicationLag - ## expr: pg_replication_lag{service="{{ template "postgresql.fullname" . }}-metrics"} / 3600 > 1 - ## for: 1m - ## labels: - ## severity: critical - ## annotations: - ## description: replication for {{ template "postgresql.fullname" . }} PostgreSQL is lagging by {{ "{{ $value }}" }} hour(s). - ## summary: PostgreSQL replication is lagging by {{ "{{ $value }}" }} hour(s). - rules: [] - - image: - registry: docker.io - repository: bitnami/postgres-exporter - tag: 0.8.0-debian-10-r188 - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - ## Define additional custom metrics - ## ref: https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file - # customMetrics: - # pg_database: - # query: "SELECT d.datname AS name, CASE WHEN pg_catalog.has_database_privilege(d.datname, 'CONNECT') THEN pg_catalog.pg_database_size(d.datname) ELSE 0 END AS size_bytes FROM pg_catalog.pg_database d where datname not in ('template0', 'template1', 'postgres')" - # metrics: - # - name: - # usage: "LABEL" - # description: "Name of the database" - # - size_bytes: - # usage: "GAUGE" - # description: "Size of the database in bytes" - # - ## An array to add extra env vars to configure postgres-exporter - ## see: https://github.com/wrouesnel/postgres_exporter#environment-variables - ## For example: - # extraEnvVars: - # - name: PG_EXPORTER_DISABLE_DEFAULT_METRICS - # value: "true" - extraEnvVars: {} - - ## Pod Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - ## - securityContext: - enabled: false - runAsUser: 1001 - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) - ## Configure extra options for liveness and readiness probes - livenessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - - readinessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/ci/access-tls-values.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/ci/access-tls-values.yaml deleted file mode 100755 index e11939170..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/ci/access-tls-values.yaml +++ /dev/null @@ -1,13 +0,0 @@ -databaseUpgradeReady: true -artifactory: - masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF -# To Fix ct tool --reuse-values - PASSWORDS ERROR: you must provide your current passwords when upgrade the release -postgresql: - image: - tag: 12.3.0-debian-10-r71 - postgresqlPassword: password -access: - accessConfig: - security: - tls: true - resetAccessCAKeys: true diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/ci/default-values.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/ci/default-values.yaml deleted file mode 100755 index 1ebf93823..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/ci/default-values.yaml +++ /dev/null @@ -1,9 +0,0 @@ -# Leave this file empty to ensure that CI runs builds against the default configuration in values.yaml. -databaseUpgradeReady: true -## This is an exception here because HA needs masterKey to connect with other node members and it is commented in values to support 6.x to 7.x Migration -## Please refer https://github.com/jfrog/charts/blob/master/stable/artifactory-ha/README.md#special-upgrade-notes-1 -artifactory: - masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF -# To Fix ct tool --reuse-values - PASSWORDS ERROR: you must provide your current passwords when upgrade the release -postgresql: - postgresqlPassword: password diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/ci/global-values.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/ci/global-values.yaml deleted file mode 100755 index d2ce1d675..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/ci/global-values.yaml +++ /dev/null @@ -1,47 +0,0 @@ -databaseUpgradeReady: true -# To Fix ct tool --reuse-values - PASSWORDS ERROR: you must provide your current passwords when upgrade the release -postgresql: - postgresqlPassword: password -global: - versions: - artifactory: 7.11.2 - masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF - joinKey: EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE - customInitContainers: | - - name: "custom-setup" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" - command: - - 'sh' - - '-c' - - 'touch {{ .Values.artifactory.persistence.mountPath }}/example-custom-setup' - volumeMounts: - - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - name: volume - # Add custom volumes - customVolumes: | - - name: custom-script - emptyDir: - sizeLimit: 100Mi - # Add custom volumesMounts - customVolumeMounts: | - - name: custom-script - mountPath: "/scripts" - # Add custom sidecar containers - customSidecarContainers: | - - name: "sidecar-list-etc" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" - securityContext: - allowPrivilegeEscalation: false - command: ["sh","-c","echo 'Sidecar is running' >> /scripts/sidecar.txt; cat /scripts/sidecar.txt; while true; do sleep 30; done"] - volumeMounts: - - mountPath: "/scripts" - name: custom-script - resources: - requests: - memory: "32Mi" - cpu: "50m" - limits: - memory: "128Mi" - cpu: "100m" diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/ci/migration-disabled-values.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/ci/migration-disabled-values.yaml deleted file mode 100755 index 6c1e2587f..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/ci/migration-disabled-values.yaml +++ /dev/null @@ -1,8 +0,0 @@ -databaseUpgradeReady: true -# To Fix ct tool --reuse-values - PASSWORDS ERROR: you must provide your current passwords when upgrade the release -postgresql: - postgresqlPassword: password -artifactory: - masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF - migration: - enabled: false diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/ci/test-values.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/ci/test-values.yaml deleted file mode 100755 index 0ee7cbdd2..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/ci/test-values.yaml +++ /dev/null @@ -1,14 +0,0 @@ -databaseUpgradeReady: true -artifactory: - masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF - persistence: - enabled: true - -postgresql: - image: - tag: 9.6.18-debian-10-r7 - postgresqlPassword: "password" - postgresqlExtendedConf: - maxConnections: "102" - persistence: - enabled: true diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/files/migrate.sh b/charts/artifactory-ha/artifactory-ha/4.7.600/files/migrate.sh deleted file mode 100755 index e35bfdbb2..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/files/migrate.sh +++ /dev/null @@ -1,4339 +0,0 @@ -#!/bin/bash - -# Flags -FLAG_Y="y" -FLAG_N="n" -FLAGS_Y_N="$FLAG_Y $FLAG_N" -FLAG_NOT_APPLICABLE="_NA_" - -CURRENT_VERSION=$1 - -WRAPPER_SCRIPT_TYPE_RPMDEB="RPMDEB" -WRAPPER_SCRIPT_TYPE_DOCKER_COMPOSE="DOCKERCOMPOSE" - -SENSITIVE_KEY_VALUE="__sensitive_key_hidden___" - -# Shared system keys -SYS_KEY_SHARED_JFROGURL="shared.jfrogUrl" -SYS_KEY_SHARED_SECURITY_JOINKEY="shared.security.joinKey" -SYS_KEY_SHARED_SECURITY_MASTERKEY="shared.security.masterKey" - -SYS_KEY_SHARED_NODE_ID="shared.node.id" -SYS_KEY_SHARED_JAVAHOME="shared.javaHome" - -SYS_KEY_SHARED_DATABASE_TYPE="shared.database.type" -SYS_KEY_SHARED_DATABASE_TYPE_VALUE_POSTGRES="postgresql" -SYS_KEY_SHARED_DATABASE_DRIVER="shared.database.driver" -SYS_KEY_SHARED_DATABASE_URL="shared.database.url" -SYS_KEY_SHARED_DATABASE_USERNAME="shared.database.username" -SYS_KEY_SHARED_DATABASE_PASSWORD="shared.database.password" - -SYS_KEY_SHARED_ELASTICSEARCH_URL="shared.elasticsearch.url" -SYS_KEY_SHARED_ELASTICSEARCH_USERNAME="shared.elasticsearch.username" -SYS_KEY_SHARED_ELASTICSEARCH_PASSWORD="shared.elasticsearch.password" -SYS_KEY_SHARED_ELASTICSEARCH_CLUSTERSETUP="shared.elasticsearch.clusterSetup" -SYS_KEY_SHARED_ELASTICSEARCH_UNICASTFILE="shared.elasticsearch.unicastFile" -SYS_KEY_SHARED_ELASTICSEARCH_CLUSTERSETUP_VALUE="YES" - -# Define this in product specific script. Should contain the path to unitcast file -# File used by insight server to write cluster active nodes info. This will be read by elasticsearch -#SYS_KEY_SHARED_ELASTICSEARCH_UNICASTFILE_VALUE="" - -SYS_KEY_RABBITMQ_ACTIVE_NODE_NAME="shared.rabbitMq.active.node.name" -SYS_KEY_RABBITMQ_ACTIVE_NODE_IP="shared.rabbitMq.active.node.ip" - -# Filenames -FILE_NAME_SYSTEM_YAML="system.yaml" -FILE_NAME_JOIN_KEY="join.key" -FILE_NAME_MASTER_KEY="master.key" -FILE_NAME_INSTALLER_YAML="installer.yaml" - -# Global constants used in business logic -NODE_TYPE_STANDALONE="standalone" -NODE_TYPE_CLUSTER_NODE="node" -NODE_TYPE_DATABASE="database" - -# External(isable) databases -DATABASE_POSTGRES="POSTGRES" -DATABASE_ELASTICSEARCH="ELASTICSEARCH" -DATABASE_RABBITMQ="RABBITMQ" - -POSTGRES_LABEL="PostgreSQL" -ELASTICSEARCH_LABEL="Elasticsearch" -RABBITMQ_LABEL="Rabbitmq" - -ARTIFACTORY_LABEL="Artifactory" -JFMC_LABEL="Mission Control" -DISTRIBUTION_LABEL="Distribution" -XRAY_LABEL="Xray" - -POSTGRES_CONTAINER="postgres" -ELASTICSEARCH_CONTAINER="elasticsearch" -RABBITMQ_CONTAINER="rabbitmq" -REDIS_CONTAINER="redis" - -#Adding a small timeout before a read ensures it is positioned correctly in the screen -read_timeout=0.5 - -# Options related to data directory location -PROMPT_DATA_DIR_LOCATION="Installation Directory" -KEY_DATA_DIR_LOCATION="installer.data_dir" - -SYS_KEY_SHARED_NODE_HAENABLED="shared.node.haEnabled" -PROMPT_ADD_TO_CLUSTER="Are you adding an additional node to an existing product cluster?" -KEY_ADD_TO_CLUSTER="installer.ha" -VALID_VALUES_ADD_TO_CLUSTER="$FLAGS_Y_N" - -MESSAGE_POSTGRES_INSTALL="The installer can install a $POSTGRES_LABEL database, or you can connect to an existing compatible $POSTGRES_LABEL database\n(compatible databases: https://www.jfrog.com/confluence/display/JFROG/System+Requirements#SystemRequirements-RequirementsMatrix)" -PROMPT_POSTGRES_INSTALL="Do you want to install $POSTGRES_LABEL?" -KEY_POSTGRES_INSTALL="installer.install_postgresql" -VALID_VALUES_POSTGRES_INSTALL="$FLAGS_Y_N" - -# Postgres connection details -RPM_DEB_POSTGRES_HOME_DEFAULT="/var/opt/jfrog/postgres" -RPM_DEB_MESSAGE_STANDALONE_POSTGRES_DATA="$POSTGRES_LABEL home will have data and its configuration" -RPM_DEB_PROMPT_STANDALONE_POSTGRES_DATA="Type desired $POSTGRES_LABEL home location" -RPM_DEB_KEY_STANDALONE_POSTGRES_DATA="installer.postgresql.home" - -MESSAGE_DATABASE_URL="Provide the database connection details" -PROMPT_DATABASE_URL(){ - local databaseURlExample= - case "$PRODUCT_NAME" in - $ARTIFACTORY_LABEL) - databaseURlExample="jdbc:postgresql://:/artifactory" - ;; - $JFMC_LABEL) - databaseURlExample="postgresql://:/mission_control?sslmode=disable" - ;; - $DISTRIBUTION_LABEL) - databaseURlExample="jdbc:postgresql://:/distribution?sslmode=disable" - ;; - $XRAY_LABEL) - databaseURlExample="postgres://:/xraydb?sslmode=disable" - ;; - esac - if [ -z "$databaseURlExample" ]; then - echo -n "$POSTGRES_LABEL URL" # For consistency with username and password - return - fi - echo -n "$POSTGRES_LABEL url. Example: [$databaseURlExample]" -} -REGEX_DATABASE_URL(){ - local databaseURlExample= - case "$PRODUCT_NAME" in - $ARTIFACTORY_LABEL) - databaseURlExample="jdbc:postgresql://.*/artifactory.*" - ;; - $JFMC_LABEL) - databaseURlExample="postgresql://.*/mission_control.*" - ;; - $DISTRIBUTION_LABEL) - databaseURlExample="jdbc:postgresql://.*/distribution.*" - ;; - $XRAY_LABEL) - databaseURlExample="postgres://.*/xraydb.*" - ;; - esac - echo -n "^$databaseURlExample\$" -} -ERROR_MESSAGE_DATABASE_URL="Invalid $POSTGRES_LABEL URL" -KEY_DATABASE_URL="$SYS_KEY_SHARED_DATABASE_URL" -#NOTE: It is important to display the label. Since the message may be hidden if URL is known -PROMPT_DATABASE_USERNAME="$POSTGRES_LABEL username" -KEY_DATABASE_USERNAME="$SYS_KEY_SHARED_DATABASE_USERNAME" -#NOTE: It is important to display the label. Since the message may be hidden if URL is known -PROMPT_DATABASE_PASSWORD="$POSTGRES_LABEL password" -KEY_DATABASE_PASSWORD="$SYS_KEY_SHARED_DATABASE_PASSWORD" -IS_SENSITIVE_DATABASE_PASSWORD="$FLAG_Y" - -MESSAGE_STANDALONE_ELASTICSEARCH_INSTALL="The installer can install a $ELASTICSEARCH_LABEL database or you can connect to an existing compatible $ELASTICSEARCH_LABEL database" -PROMPT_STANDALONE_ELASTICSEARCH_INSTALL="Do you want to install $ELASTICSEARCH_LABEL?" -KEY_STANDALONE_ELASTICSEARCH_INSTALL="installer.install_elasticsearch" -VALID_VALUES_STANDALONE_ELASTICSEARCH_INSTALL="$FLAGS_Y_N" - -# Elasticsearch connection details -MESSAGE_ELASTICSEARCH_DETAILS="Provide the $ELASTICSEARCH_LABEL connection details" -PROMPT_ELASTICSEARCH_URL="$ELASTICSEARCH_LABEL URL" -KEY_ELASTICSEARCH_URL="$SYS_KEY_SHARED_ELASTICSEARCH_URL" - -PROMPT_ELASTICSEARCH_USERNAME="$ELASTICSEARCH_LABEL username" -KEY_ELASTICSEARCH_USERNAME="$SYS_KEY_SHARED_ELASTICSEARCH_USERNAME" - -PROMPT_ELASTICSEARCH_PASSWORD="$ELASTICSEARCH_LABEL password" -KEY_ELASTICSEARCH_PASSWORD="$SYS_KEY_SHARED_ELASTICSEARCH_PASSWORD" -IS_SENSITIVE_ELASTICSEARCH_PASSWORD="$FLAG_Y" - -# Cluster related questions -MESSAGE_CLUSTER_MASTER_KEY="Provide the cluster's master key. It can be found in the data directory of the first node under /etc/security/master.key" -PROMPT_CLUSTER_MASTER_KEY="Master Key" -KEY_CLUSTER_MASTER_KEY="$SYS_KEY_SHARED_SECURITY_MASTERKEY" -IS_SENSITIVE_CLUSTER_MASTER_KEY="$FLAG_Y" - -MESSAGE_JOIN_KEY="The Join key is the secret key used to establish trust between services in the JFrog Platform.\n(You can copy the Join Key from Admin > Security > Settings)" -PROMPT_JOIN_KEY="Join Key" -KEY_JOIN_KEY="$SYS_KEY_SHARED_SECURITY_JOINKEY" -IS_SENSITIVE_JOIN_KEY="$FLAG_Y" -REGEX_JOIN_KEY="^[a-zA-Z0-9]{16,}\$" -ERROR_MESSAGE_JOIN_KEY="Invalid Join Key" - -# Rabbitmq related cluster information -MESSAGE_RABBITMQ_ACTIVE_NODE_NAME="Provide an active ${RABBITMQ_LABEL} node name. Run the command [ hostname -s ] on any of the existing nodes in the product cluster to get this" -PROMPT_RABBITMQ_ACTIVE_NODE_NAME="${RABBITMQ_LABEL} active node name" -KEY_RABBITMQ_ACTIVE_NODE_NAME="$SYS_KEY_RABBITMQ_ACTIVE_NODE_NAME" - -# Rabbitmq related cluster information (necessary only for docker-compose) -PROMPT_RABBITMQ_ACTIVE_NODE_IP="${RABBITMQ_LABEL} active node ip" -KEY_RABBITMQ_ACTIVE_NODE_IP="$SYS_KEY_RABBITMQ_ACTIVE_NODE_IP" - -MESSAGE_JFROGURL(){ - echo -e "The JFrog URL allows ${PRODUCT_NAME} to connect to a JFrog Platform Instance.\n(You can copy the JFrog URL from Admin > Security > Settings)" -} -PROMPT_JFROGURL="JFrog URL" -KEY_JFROGURL="$SYS_KEY_SHARED_JFROGURL" -REGEX_JFROGURL="^https?://.*:{0,}[0-9]{0,4}\$" -ERROR_MESSAGE_JFROGURL="Invalid JFrog URL" - - -# Set this to FLAG_Y on upgrade -IS_UPGRADE="${FLAG_N}" - -# This belongs in JFMC but is the ONLY one that needs it so keeping it here for now. Can be made into a method and overridden if necessary -MESSAGE_MULTIPLE_PG_SCHEME="Please setup $POSTGRES_LABEL with schema as described in https://www.jfrog.com/confluence/display/JFROG/Installing+Mission+Control" - -_getMethodOutputOrVariableValue() { - unset EFFECTIVE_MESSAGE - local keyToSearch=$1 - local effectiveMessage= - local result="0" - # logSilly "Searching for method: [$keyToSearch]" - LC_ALL=C type "$keyToSearch" > /dev/null 2>&1 || result="$?" - if [[ "$result" == "0" ]]; then - # logSilly "Found method for [$keyToSearch]" - EFFECTIVE_MESSAGE="$($keyToSearch)" - return - fi - eval EFFECTIVE_MESSAGE=\${$keyToSearch} - if [ ! -z "$EFFECTIVE_MESSAGE" ]; then - return - fi - # logSilly "Didn't find method or variable for [$keyToSearch]" -} - - -# REF https://misc.flogisoft.com/bash/tip_colors_and_formatting -cClear="\e[0m" -cBlue="\e[38;5;69m" -cRedDull="\e[1;31m" -cYellow="\e[1;33m" -cRedBright="\e[38;5;197m" -cBold="\e[1m" - - -_loggerGetModeRaw() { - local MODE="$1" - case $MODE in - INFO) - printf "" - ;; - DEBUG) - printf "%s" "[${MODE}] " - ;; - WARN) - printf "${cRedDull}%s%s${cClear}" "[" "${MODE}" "] " - ;; - ERROR) - printf "${cRedBright}%s%s${cClear}" "[" "${MODE}" "] " - ;; - esac -} - - -_loggerGetMode() { - local MODE="$1" - case $MODE in - INFO) - printf "${cBlue}%s%-5s%s${cClear}" "[" "${MODE}" "]" - ;; - DEBUG) - printf "%-7s" "[${MODE}]" - ;; - WARN) - printf "${cRedDull}%s%-5s%s${cClear}" "[" "${MODE}" "]" - ;; - ERROR) - printf "${cRedBright}%s%-5s%s${cClear}" "[" "${MODE}" "]" - ;; - esac -} - -# Capitalises the first letter of the message -_loggerGetMessage() { - local originalMessage="$*" - local firstChar=$(echo "${originalMessage:0:1}" | awk '{ print toupper($0) }') - local resetOfMessage="${originalMessage:1}" - echo "$firstChar$resetOfMessage" -} - -# The spec also says content should be left-trimmed but this is not necessary in our case. We don't reach the limit. -_loggerGetStackTrace() { - printf "%s%-30s%s" "[" "$1:$2" "]" -} - -_loggerGetThread() { - printf "%s" "[main]" -} - -_loggerGetServiceType() { - printf "%s%-5s%s" "[" "shell" "]" -} - -#Trace ID is not applicable to scripts -_loggerGetTraceID() { - printf "%s" "[]" -} - -logRaw() { - echo "" - printf "$1" - echo "" -} - -logBold(){ - echo "" - printf "${cBold}$1${cClear}" - echo "" -} - -# The date binary works differently based on whether it is GNU/BSD -is_date_supported=0 -date --version > /dev/null 2>&1 || is_date_supported=1 -IS_GNU=$(echo $is_date_supported) - -_loggerGetTimestamp() { - if [ "${IS_GNU}" == "0" ]; then - echo -n $(date -u +%FT%T.%3NZ) - else - echo -n $(date -u +%FT%T.000Z) - fi -} - -# https://www.shellscript.sh/tips/spinner/ -_spin() -{ - spinner="/|\\-/|\\-" - while : - do - for i in `seq 0 7` - do - echo -n "${spinner:$i:1}" - echo -en "\010" - sleep 1 - done - done -} - -showSpinner() { - # Start the Spinner: - _spin & - # Make a note of its Process ID (PID): - SPIN_PID=$! - # Kill the spinner on any signal, including our own exit. - trap "kill -9 $SPIN_PID" `seq 0 15` &> /dev/null || return 0 -} - -stopSpinner() { - local occurrences=$(ps -ef | grep -wc "${SPIN_PID}") - let "occurrences+=0" - # validate that it is present (2 since this search itself will show up in the results) - if [ $occurrences -gt 1 ]; then - kill -9 $SPIN_PID &>/dev/null || return 0 - wait $SPIN_ID &>/dev/null - fi -} - -_getEffectiveMessage(){ - local MESSAGE="$1" - local MODE=${2-"INFO"} - - if [ -z "$CONTEXT" ]; then - CONTEXT=$(caller) - fi - - _EFFECTIVE_MESSAGE= - if [ -z "$LOG_BEHAVIOR_ADD_META" ]; then - _EFFECTIVE_MESSAGE="$(_loggerGetModeRaw $MODE)$(_loggerGetMessage $MESSAGE)" - else - local SERVICE_TYPE="script" - local TRACE_ID="" - local THREAD="main" - - local CONTEXT_LINE=$(echo "$CONTEXT" | awk '{print $1}') - local CONTEXT_FILE=$(echo "$CONTEXT" | awk -F"/" '{print $NF}') - - _EFFECTIVE_MESSAGE="$(_loggerGetTimestamp) $(_loggerGetServiceType) $(_loggerGetMode $MODE) $(_loggerGetTraceID) $(_loggerGetStackTrace $CONTEXT_FILE $CONTEXT_LINE) $(_loggerGetThread) - $(_loggerGetMessage $MESSAGE)" - fi - CONTEXT= -} - -# Important - don't call any log method from this method. Will become an infinite loop. Use echo to debug -_logToFile() { - local MODE=${1-"INFO"} - local targetFile="$LOG_BEHAVIOR_ADD_REDIRECTION" - # IF the file isn't passed, abort - if [ -z "$targetFile" ]; then - return - fi - # IF this is not being run in verbose mode and mode is debug or lower, abort - if [ "${VERBOSE_MODE}" != "$FLAG_Y" ] && [ "${VERBOSE_MODE}" != "true" ] && [ "${VERBOSE_MODE}" != "debug" ]; then - if [ "$MODE" == "DEBUG" ] || [ "$MODE" == "SILLY" ]; then - return - fi - fi - - # Create the file if it doesn't exist - if [ ! -f "${targetFile}" ]; then - return - # touch $targetFile > /dev/null 2>&1 || true - fi - # # Make it readable - # chmod 640 $targetFile > /dev/null 2>&1 || true - - # Log contents - printf "%s\n" "$_EFFECTIVE_MESSAGE" >> "$targetFile" || true -} - -logger() { - if [ "$LOG_BEHAVIOR_ADD_NEW_LINE" == "$FLAG_Y" ]; then - echo "" - fi - _getEffectiveMessage "$@" - local MODE=${2-"INFO"} - printf "%s\n" "$_EFFECTIVE_MESSAGE" - _logToFile "$MODE" -} - -logDebug(){ - VERBOSE_MODE=${VERBOSE_MODE-"false"} - CONTEXT=$(caller) - if [ "${VERBOSE_MODE}" == "$FLAG_Y" ] || [ "${VERBOSE_MODE}" == "true" ] || [ "${VERBOSE_MODE}" == "debug" ];then - logger "$1" "DEBUG" - else - logger "$1" "DEBUG" >&6 - fi - CONTEXT= -} - -logSilly(){ - VERBOSE_MODE=${VERBOSE_MODE-"false"} - CONTEXT=$(caller) - if [ "${VERBOSE_MODE}" == "silly" ];then - logger "$1" "DEBUG" - else - logger "$1" "DEBUG" >&6 - fi - CONTEXT= -} - -logError() { - CONTEXT=$(caller) - logger "$1" "ERROR" - CONTEXT= -} - -errorExit () { - CONTEXT=$(caller) - logger "$1" "ERROR" - CONTEXT= - exit 1 -} - -warn () { - CONTEXT=$(caller) - logger "$1" "WARN" - CONTEXT= -} - -note () { - CONTEXT=$(caller) - logger "$1" "NOTE" - CONTEXT= -} - -bannerStart() { - title=$1 - echo - echo -e "\033[1m${title}\033[0m" - echo -} - -bannerSection() { - title=$1 - echo - echo -e "******************************** ${title} ********************************" - echo -} - -bannerSubSection() { - title=$1 - echo - echo -e "************** ${title} *******************" - echo -} - -bannerMessge() { - title=$1 - echo - echo -e "********************************" - echo -e "${title}" - echo -e "********************************" - echo -} - -setRed () { - local input="$1" - echo -e \\033[31m${input}\\033[0m -} -setGreen () { - local input="$1" - echo -e \\033[32m${input}\\033[0m -} -setYellow () { - local input="$1" - echo -e \\033[33m${input}\\033[0m -} - -logger_addLinebreak () { - echo -e "---\n" -} - -bannerImportant() { - title=$1 - local bold="\033[1m" - local noColour="\033[0m" - echo - echo -e "${bold}######################################## IMPORTANT ########################################${noColour}" - echo -e "${bold}${title}${noColour}" - echo -e "${bold}###########################################################################################${noColour}" - echo -} - -bannerEnd() { - #TODO pass a title and calculate length dynamically so that start and end look alike - echo - echo "*****************************************************************************" - echo -} - -banner() { - title=$1 - content=$2 - bannerStart "${title}" - echo -e "$content" -} - -# The logic below helps us redirect content we'd normally hide to the log file. - # - # We have several commands which clutter the console with output and so use - # `cmd > /dev/null` - this redirects the command's output to null. - # - # However, the information we just hid maybe useful for support. Using the code pattern - # `cmd >&6` (instead of `cmd> >/dev/null` ), the command's output is hidden from the console - # but redirected to the installation log file - # - -#Default value of 6 is just null -exec 6>>/dev/null -redirectLogsToFile() { - echo "" - # local file=$1 - - # [ ! -z "${file}" ] || return 0 - - # local logDir=$(dirname "$file") - - # if [ ! -f "${file}" ]; then - # [ -d "${logDir}" ] || mkdir -p ${logDir} || \ - # ( echo "WARNING : Could not create parent directory (${logDir}) to redirect console log : ${file}" ; return 0 ) - # fi - - # #6 now points to the log file - # exec 6>>${file} - # #reference https://unix.stackexchange.com/questions/145651/using-exec-and-tee-to-redirect-logs-to-stdout-and-a-log-file-in-the-same-time - # exec 2>&1 > >(tee -a "${file}") -} - -# Check if a give key contains any sensitive string as part of it -# Based on the result, the caller can decide its value can be displayed or not -# Sample usage : isKeySensitive "${key}" && displayValue="******" || displayValue=${value} -isKeySensitive(){ - local key=$1 - local sensitiveKeys="password|secret|key|token" - - if [ -z "${key}" ]; then - return 1 - else - local lowercaseKey=$(echo "${key}" | tr '[:upper:]' '[:lower:]' 2>/dev/null) - [[ "${lowercaseKey}" =~ ${sensitiveKeys} ]] && return 0 || return 1 - fi -} - -getPrintableValueOfKey(){ - local displayValue= - local key="$1" - if [ -z "$key" ]; then - # This is actually an incorrect usage of this method but any logging will cause unexpected content in the caller - echo -n "" - return - fi - - local value="$2" - isKeySensitive "${key}" && displayValue="$SENSITIVE_KEY_VALUE" || displayValue="${value}" - echo -n $displayValue -} - -_createConsoleLog(){ - if [ -z "${JF_PRODUCT_HOME}" ]; then - return - fi - local targetFile="${JF_PRODUCT_HOME}/var/log/console.log" - mkdir -p "${JF_PRODUCT_HOME}/var/log" || true - if [ ! -f ${targetFile} ]; then - touch $targetFile > /dev/null 2>&1 || true - fi - chmod 640 $targetFile > /dev/null 2>&1 || true -} - -# Output from application's logs are piped to this method. It checks a configuration variable to determine if content should be logged to -# the common console.log file -redirectServiceLogsToFile() { - - local result="0" - # check if the function getSystemValue exists - LC_ALL=C type getSystemValue > /dev/null 2>&1 || result="$?" - if [[ "$result" != "0" ]]; then - warn "Couldn't find the systemYamlHelper. Skipping log redirection" - return 0 - fi - - getSystemValue "shared.consoleLog" "NOT_SET" - if [[ "${YAML_VALUE}" == "false" ]]; then - logger "Redirection is set to false. Skipping log redirection" - return 0; - fi - - if [ -z "${JF_PRODUCT_HOME}" ] || [ "${JF_PRODUCT_HOME}" == "" ]; then - warn "JF_PRODUCT_HOME is unavailable. Skipping log redirection" - return 0 - fi - - local targetFile="${JF_PRODUCT_HOME}/var/log/console.log" - - _createConsoleLog - - while read -r line; do - printf '%s\n' "${line}" >> $targetFile || return 0 # Don't want to log anything - might clutter the screen - done -} - -## Display environment variables starting with JF_ along with its value -## Value of sensitive keys will be displayed as "******" -## -## Sample Display : -## -## ======================== -## JF Environment variables -## ======================== -## -## JF_SHARED_NODE_ID : locahost -## JF_SHARED_JOINKEY : ****** -## -## -displayEnv() { - local JFEnv=$(printenv | grep ^JF_ 2>/dev/null) - local key= - local value= - - if [ -z "${JFEnv}" ]; then - return - fi - - cat << ENV_START_MESSAGE - -======================== -JF Environment variables -======================== -ENV_START_MESSAGE - - for entry in ${JFEnv}; do - key=$(echo "${entry}" | awk -F'=' '{print $1}') - value=$(echo "${entry}" | awk -F'=' '{print $2}') - - isKeySensitive "${key}" && value="******" || value=${value} - - printf "\n%-35s%s" "${key}" " : ${value}" - done - echo; -} - -_addLogRotateConfiguration() { - logDebug "Method ${FUNCNAME[0]}" - # mandatory inputs - local confFile="$1" - local logFile="$2" - - # Method available in _ioOperations.sh - LC_ALL=C type io_setYQPath > /dev/null 2>&1 || return 1 - - io_setYQPath - - # Method available in _systemYamlHelper.sh - LC_ALL=C type getSystemValue > /dev/null 2>&1 || return 1 - - local frequency="daily" - local archiveFolder="archived" - - local compressLogFiles= - getSystemValue "shared.logging.rotation.compress" "true" - if [[ "${YAML_VALUE}" == "true" ]]; then - compressLogFiles="compress" - fi - - getSystemValue "shared.logging.rotation.maxFiles" "10" - local noOfBackupFiles="${YAML_VALUE}" - - getSystemValue "shared.logging.rotation.maxSizeMb" "25" - local sizeOfFile="${YAML_VALUE}M" - - logDebug "Adding logrotate configuration for [$logFile] to [$confFile]" - - # Add configuration to file - local confContent=$(cat << LOGROTATECONF -$logFile { - $frequency - missingok - rotate $noOfBackupFiles - $compressLogFiles - notifempty - olddir $archiveFolder - dateext - extension .log - dateformat -%Y-%m-%d - size ${sizeOfFile} -} -LOGROTATECONF -) - echo "${confContent}" > ${confFile} || return 1 -} - -_operationIsBySameUser() { - local targetUser="$1" - local currentUserID=$(id -u) - local currentUserName=$(id -un) - - if [ $currentUserID == $targetUser ] || [ $currentUserName == $targetUser ]; then - echo -n "yes" - else - echo -n "no" - fi -} - -_addCronJobForLogrotate() { - logDebug "Method ${FUNCNAME[0]}" - - # Abort if logrotate is not available - [ "$(io_commandExists 'crontab')" != "yes" ] && warn "cron is not available" && return 1 - - # mandatory inputs - local productHome="$1" - local confFile="$2" - local cronJobOwner="$3" - - # We want to use our binary if possible. It may be more recent than the one in the OS - local logrotateBinary="$productHome/app/third-party/logrotate/logrotate" - - if [ ! -f "$logrotateBinary" ]; then - logrotateBinary="logrotate" - [ "$(io_commandExists 'logrotate')" != "yes" ] && warn "logrotate is not available" && return 1 - fi - local cmd="$logrotateBinary ${confFile} --state $productHome/var/etc/logrotate/logrotate-state" #--verbose - - id -u $cronJobOwner > /dev/null 2>&1 || { warn "User $cronJobOwner does not exist. Aborting logrotate configuration" && return 1; } - - # Remove the existing line - removeLogRotation "$productHome" "$cronJobOwner" || true - - # Run logrotate daily at 23:55 hours - local cronInterval="55 23 * * * $cmd" - - local standaloneMode=$(_operationIsBySameUser "$cronJobOwner") - - # If this is standalone mode, we cannot use -u - the user running this process may not have the necessary privileges - if [ "$standaloneMode" == "no" ]; then - (crontab -l -u $cronJobOwner 2>/dev/null; echo "$cronInterval") | crontab -u $cronJobOwner - - else - (crontab -l 2>/dev/null; echo "$cronInterval") | crontab - - fi -} - -## Configure logrotate for a product -## Failure conditions: -## If logrotation could not be setup for some reason -## Parameters: -## $1: The product name -## $2: The product home -## Depends on global: none -## Updates global: none -## Returns: NA - -configureLogRotation() { - logDebug "Method ${FUNCNAME[0]}" - - # mandatory inputs - local productName="$1" - if [ -z $productName ]; then - warn "Incorrect usage. A product name is necessary for configuring log rotation" && return 1 - fi - - local productHome="$2" - if [ -z $productHome ]; then - warn "Incorrect usage. A product home folder is necessary for configuring log rotation" && return 1 - fi - - local logFile="${productHome}/var/log/console.log" - if [[ $(uname) == "Darwin" ]]; then - logger "Log rotation for [$logFile] has not been configured. Please setup manually" - return 0 - fi - - local userID="$3" - if [ -z $userID ]; then - warn "Incorrect usage. A userID is necessary for configuring log rotation" && return 1 - fi - - local groupID=${4:-$userID} - local logConfigOwner=${5:-$userID} - - logDebug "Configuring log rotation as user [$userID], group [$groupID], effective cron User [$logConfigOwner]" - - local errorMessage="Could not configure logrotate. Please configure log rotation of the file: [$logFile] manually" - - local confFile="${productHome}/var/etc/logrotate/logrotate.conf" - - # TODO move to recursive method - createDir "${productHome}" "$userID" "$groupID" || { warn "${errorMessage}" && return 1; } - createDir "${productHome}/var" "$userID" "$groupID" || { warn "${errorMessage}" && return 1; } - createDir "${productHome}/var/log" "$userID" "$groupID" || { warn "${errorMessage}" && return 1; } - createDir "${productHome}/var/log/archived" "$userID" "$groupID" || { warn "${errorMessage}" && return 1; } - - # TODO move to recursive method - createDir "${productHome}/var/etc" "$userID" "$groupID" || { warn "${errorMessage}" && return 1; } - createDir "${productHome}/var/etc/logrotate" "$logConfigOwner" || { warn "${errorMessage}" && return 1; } - - # conf file should be owned by the user running the script - createFile "${confFile}" "${logConfigOwner}" || { warn "Could not create configuration file [$confFile]" return 1; } - - _addLogRotateConfiguration "${confFile}" "${logFile}" "$userID" "$groupID" || { warn "${errorMessage}" && return 1; } - _addCronJobForLogrotate "${productHome}" "${confFile}" "${logConfigOwner}" || { warn "${errorMessage}" && return 1; } -} - -_pauseExecution() { - if [ "${VERBOSE_MODE}" == "debug" ]; then - - local breakPoint="$1" - if [ ! -z "$breakPoint" ]; then - printf "${cBlue}Breakpoint${cClear} [$breakPoint] " - echo "" - fi - printf "${cBlue}Press enter once you are ready to continue${cClear}" - read -s choice - echo "" - fi -} - -# removeLogRotation "$productHome" "$cronJobOwner" || true -removeLogRotation() { - logDebug "Method ${FUNCNAME[0]}" - if [[ $(uname) == "Darwin" ]]; then - logDebug "Not implemented for Darwin." - return 0 - fi - local productHome="$1" - local cronJobOwner="$2" - local standaloneMode=$(_operationIsBySameUser "$cronJobOwner") - - local confFile="${productHome}/var/etc/logrotate/logrotate.conf" - - if [ "$standaloneMode" == "no" ]; then - crontab -l -u $cronJobOwner 2>/dev/null | grep -v "$confFile" | crontab -u $cronJobOwner - - else - crontab -l 2>/dev/null | grep -v "$confFile" | crontab - - fi -} - -# NOTE: This method does not check the configuration to see if redirection is necessary. -# This is intentional. If we don't redirect, tomcat logs might get redirected to a folder/file -# that does not exist, causing the service itself to not start -setupTomcatRedirection() { - logDebug "Method ${FUNCNAME[0]}" - local consoleLog="${JF_PRODUCT_HOME}/var/log/console.log" - _createConsoleLog - export CATALINA_OUT="${consoleLog}" -} - -setupScriptLogsRedirection() { - logDebug "Method ${FUNCNAME[0]}" - if [ -z "${JF_PRODUCT_HOME}" ]; then - logDebug "No JF_PRODUCT_HOME. Returning" - return - fi - # Create the console.log file if it is not already present - # _createConsoleLog || true - # # Ensure any logs (logger/logError/warn) also get redirected to the console.log - # # Using installer.log as a temparory fix. Please change this to console.log once INST-291 is fixed - export LOG_BEHAVIOR_ADD_REDIRECTION="${JF_PRODUCT_HOME}/var/log/console.log" - export LOG_BEHAVIOR_ADD_META="$FLAG_Y" -} - -# Returns Y if this method is run inside a container -isRunningInsideAContainer() { - if [ -f "/.dockerenv" ]; then - echo -n "$FLAG_Y" - else - echo -n "$FLAG_N" - fi -} - -POSTGRES_USER=999 -NGINX_USER=104 -NGINX_GROUP=107 -ES_USER=1000 -REDIS_USER=999 -MONGO_USER=999 -RABBITMQ_USER=999 -LOG_FILE_PERMISSION=640 -PID_FILE_PERMISSION=644 - -# Copy file -copyFile(){ - local source=$1 - local target=$2 - local mode=${3:-overwrite} - local enableVerbose=${4:-"${FLAG_N}"} - local verboseFlag="" - - if [ ! -z "${enableVerbose}" ] && [ "${enableVerbose}" == "${FLAG_Y}" ]; then - verboseFlag="-v" - fi - - if [[ ! ( $source && $target ) ]]; then - warn "Source and target is mandatory to copy file" - return 1 - fi - - if [[ -f "${target}" ]]; then - [[ "$mode" = "overwrite" ]] && ( cp ${verboseFlag} -f "$source" "$target" || errorExit "Unable to copy file, command : cp -f ${source} ${target}") || true - else - cp ${verboseFlag} -f "$source" "$target" || errorExit "Unable to copy file, command : cp -f ${source} ${target}" - fi -} - -# Copy files recursively from given source directory to destination directory -# This method wil copy but will NOT overwrite -# Destination will be created if its not available -copyFilesNoOverwrite(){ - local src=$1 - local dest=$2 - local enableVerboseCopy="${3:-${FLAG_Y}}" - - if [[ -z "${src}" || -z "${dest}" ]]; then - return - fi - - if [ -d "${src}" ] && [ "$(ls -A ${src})" ]; then - local relativeFilePath="" - local targetFilePath="" - - for file in $(find ${src} -type f 2>/dev/null) ; do - # Derive relative path and attach it to destination - # Example : - # src=/extra_config - # dest=/var/opt/jfrog/artifactory/etc - # file=/extra_config/config.xml - # relativeFilePath=config.xml - # targetFilePath=/var/opt/jfrog/artifactory/etc/config.xml - relativeFilePath=${file/${src}/} - targetFilePath=${dest}${relativeFilePath} - - createDir "$(dirname "$targetFilePath")" - copyFile "${file}" "${targetFilePath}" "no_overwrite" "${enableVerboseCopy}" - done - fi -} - -# TODO : WINDOWS ? -# Check the max open files and open processes set on the system -checkULimits () { - local minMaxOpenFiles=${1:-32000} - local minMaxOpenProcesses=${2:-1024} - local setValue=${3:-true} - local warningMsgForFiles=${4} - local warningMsgForProcesses=${5} - - logger "Checking open files and processes limits" - - local currentMaxOpenFiles=$(ulimit -n) - logger "Current max open files is $currentMaxOpenFiles" - if [ ${currentMaxOpenFiles} != "unlimited" ] && [ "$currentMaxOpenFiles" -lt "$minMaxOpenFiles" ]; then - if [ "${setValue}" ]; then - ulimit -n "${minMaxOpenFiles}" >/dev/null 2>&1 || warn "Max number of open files $currentMaxOpenFiles is low!" - [ -z "${warningMsgForFiles}" ] || warn "${warningMsgForFiles}" - else - errorExit "Max number of open files $currentMaxOpenFiles, is too low. Cannot run the application!" - fi - fi - - local currentMaxOpenProcesses=$(ulimit -u) - logger "Current max open processes is $currentMaxOpenProcesses" - if [ "$currentMaxOpenProcesses" != "unlimited" ] && [ "$currentMaxOpenProcesses" -lt "$minMaxOpenProcesses" ]; then - if [ "${setValue}" ]; then - ulimit -u "${minMaxOpenProcesses}" >/dev/null 2>&1 || warn "Max number of open files $currentMaxOpenFiles is low!" - [ -z "${warningMsgForProcesses}" ] || warn "${warningMsgForProcesses}" - else - errorExit "Max number of open files $currentMaxOpenProcesses, is too low. Cannot run the application!" - fi - fi -} - -createDirs() { - local appDataDir=$1 - local serviceName=$2 - local folders="backup bootstrap data etc logs work" - - [ -z "${appDataDir}" ] && errorExit "An application directory is mandatory to create its data structure" || true - [ -z "${serviceName}" ] && errorExit "A service name is mandatory to create service data structure" || true - - for folder in ${folders} - do - folder=${appDataDir}/${folder}/${serviceName} - if [ ! -d "${folder}" ]; then - logger "Creating folder : ${folder}" - mkdir -p "${folder}" || errorExit "Failed to create ${folder}" - fi - done -} - - -testReadWritePermissions () { - local dir_to_check=$1 - local error=false - - [ -d ${dir_to_check} ] || errorExit "'${dir_to_check}' is not a directory" - - local test_file=${dir_to_check}/test-permissions - - # Write file - if echo test > ${test_file} 1> /dev/null 2>&1; then - # Write succeeded. Testing read... - if cat ${test_file} > /dev/null; then - rm -f ${test_file} - else - error=true - fi - else - error=true - fi - - if [ ${error} == true ]; then - return 1 - else - return 0 - fi -} - -# Test directory has read/write permissions for current user -testDirectoryPermissions () { - local dir_to_check=$1 - local error=false - - [ -d ${dir_to_check} ] || errorExit "'${dir_to_check}' is not a directory" - - local u_id=$(id -u) - local id_str="id ${u_id}" - - logger "Testing directory ${dir_to_check} has read/write permissions for user ${id_str}" - - if ! testReadWritePermissions ${dir_to_check}; then - error=true - fi - - if [ "${error}" == true ]; then - local stat_data=$(stat -Lc "Directory: %n, permissions: %a, owner: %U, group: %G" ${dir_to_check}) - logger "###########################################################" - logger "${dir_to_check} DOES NOT have proper permissions for user ${id_str}" - logger "${stat_data}" - logger "Mounted directory must have read/write permissions for user ${id_str}" - logger "###########################################################" - errorExit "Directory ${dir_to_check} has bad permissions for user ${id_str}" - fi - logger "Permissions for ${dir_to_check} are good" -} - -# Utility method to create a directory path recursively with chown feature as -# Failure conditions: -## Exits if unable to create a directory -# Parameters: -## $1: Root directory from where the path can be created -## $2: List of recursive child directories seperated by space -## $3: user who should own the directory. Optional -## $4: group who should own the directory. Optional -# Depends on global: none -# Updates global: none -# Returns: NA -# -# Usage: -# createRecursiveDir "/opt/jfrog/product/var" "bootstrap tomcat lib" "user_name" "group_name" -createRecursiveDir(){ - local rootDir=$1 - local pathDirs=$2 - local user=$3 - local group=${4:-${user}} - local fullPath= - - [ ! -z "${rootDir}" ] || return 0 - - createDir "${rootDir}" "${user}" "${group}" - - [ ! -z "${pathDirs}" ] || return 0 - - fullPath=${rootDir} - - for dir in ${pathDirs}; do - fullPath=${fullPath}/${dir} - createDir "${fullPath}" "${user}" "${group}" - done -} - -# Utility method to create a directory -# Failure conditions: -## Exits if unable to create a directory -# Parameters: -## $1: directory to create -## $2: user who should own the directory. Optional -## $3: group who should own the directory. Optional -# Depends on global: none -# Updates global: none -# Returns: NA - -createDir(){ - local dirName="$1" - local printMessage=no - logSilly "Method ${FUNCNAME[0]} invoked with [$dirName]" - [ -z "${dirName}" ] && return - - logDebug "Attempting to create ${dirName}" - mkdir -p "${dirName}" || errorExit "Unable to create directory: [${dirName}]" - local userID="$2" - local groupID=${3:-$userID} - - # If UID/GID is passed, chown the folder - if [ ! -z "$userID" ] && [ ! -z "$groupID" ]; then - # Earlier, this line would have returned 1 if it failed. Now it just warns. - # This is intentional. Earlier, this line would NOT be reached if the folder already existed. - # Since it will always come to this line and the script may be running as a non-root user, this method will just warn if - # setting permissions fails (so as to not affect any existing flows) - io_setOwnershipNonRecursive "$dirName" "$userID" "$groupID" || warn "Could not set owner of [$dirName] to [$userID:$groupID]" - fi - # logging message to print created dir with user and group - local logMessage=${4:-$printMessage} - if [[ "${logMessage}" == "yes" ]]; then - logger "Successfully created directory [${dirName}]. Owner: [${userID}:${groupID}]" - fi -} - -removeSoftLinkAndCreateDir () { - local dirName="$1" - local userID="$2" - local groupID="$3" - local logMessage="$4" - removeSoftLink "${dirName}" - createDir "${dirName}" "${userID}" "${groupID}" "${logMessage}" -} - -# Utility method to remove a soft link -removeSoftLink () { - local dirName="$1" - if [[ -L "${dirName}" ]]; then - targetLink=$(readlink -f "${dirName}") - logger "Removing the symlink [${dirName}] pointing to [${targetLink}]" - rm -f "${dirName}" - fi -} - -# Check Directory exist in the path -checkDirExists () { - local directoryPath="$1" - - [[ -d "${directoryPath}" ]] && echo -n "true" || echo -n "false" -} - - -# Utility method to create a file -# Failure conditions: -# Parameters: -## $1: file to create -# Depends on global: none -# Updates global: none -# Returns: NA - -createFile(){ - local fileName="$1" - logSilly "Method ${FUNCNAME[0]} [$fileName]" - [ -f "${fileName}" ] && return 0 - touch "${fileName}" || return 1 - - local userID="$2" - local groupID=${3:-$userID} - - # If UID/GID is passed, chown the folder - if [ ! -z "$userID" ] && [ ! -z "$groupID" ]; then - io_setOwnership "$fileName" "$userID" "$groupID" || return 1 - fi -} - -# Check File exist in the filePath -# IMPORTANT- DON'T ADD LOGGING to this method -checkFileExists () { - local filePath="$1" - - [[ -f "${filePath}" ]] && echo -n "true" || echo -n "false" -} - -# Check for directories contains any (files or sub directories) -# IMPORTANT- DON'T ADD LOGGING to this method -checkDirContents () { - local directoryPath="$1" - if [[ "$(ls -1 "${directoryPath}" | wc -l)" -gt 0 ]]; then - echo -n "true" - else - echo -n "false" - fi -} - -# Check contents exist in directory -# IMPORTANT- DON'T ADD LOGGING to this method -checkContentExists () { - local source="$1" - - if [[ "$(checkDirContents "${source}")" != "true" ]]; then - echo -n "false" - else - echo -n "true" - fi -} - -# Resolve the variable -# IMPORTANT- DON'T ADD LOGGING to this method -evalVariable () { - local output="$1" - local input="$2" - - eval "${output}"=\${"${input}"} - eval echo \${"${output}"} -} - -# Usage: if [ "$(io_commandExists 'curl')" == "yes" ] -# IMPORTANT- DON'T ADD LOGGING to this method -io_commandExists() { - local commandToExecute="$1" - hash "${commandToExecute}" 2>/dev/null - local rt=$? - if [ "$rt" == 0 ]; then echo -n "yes"; else echo -n "no"; fi -} - -# Usage: if [ "$(io_curlExists)" != "yes" ] -# IMPORTANT- DON'T ADD LOGGING to this method -io_curlExists() { - io_commandExists "curl" -} - - -io_hasMatch() { - logSilly "Method ${FUNCNAME[0]}" - local result=0 - logDebug "Executing [echo \"$1\" | grep \"$2\" >/dev/null 2>&1]" - echo "$1" | grep "$2" >/dev/null 2>&1 || result=1 - return $result -} - -# Utility method to check if the string passed (usually a connection url) corresponds to this machine itself -# Failure conditions: None -# Parameters: -## $1: string to check against -# Depends on global: none -# Updates global: IS_LOCALHOST with value "yes/no" -# Returns: NA - -io_getIsLocalhost() { - logSilly "Method ${FUNCNAME[0]}" - IS_LOCALHOST="$FLAG_N" - local inputString="$1" - logDebug "Parsing [$inputString] to check if we are dealing with this machine itself" - - io_hasMatch "$inputString" "localhost" && { - logDebug "Found localhost. Returning [$FLAG_Y]" - IS_LOCALHOST="$FLAG_Y" && return; - } || logDebug "Did not find match for localhost" - - local hostIP=$(io_getPublicHostIP) - io_hasMatch "$inputString" "$hostIP" && { - logDebug "Found $hostIP. Returning [$FLAG_Y]" - IS_LOCALHOST="$FLAG_Y" && return; - } || logDebug "Did not find match for $hostIP" - - local hostID=$(io_getPublicHostID) - io_hasMatch "$inputString" "$hostID" && { - logDebug "Found $hostID. Returning [$FLAG_Y]" - IS_LOCALHOST="$FLAG_Y" && return; - } || logDebug "Did not find match for $hostID" - - local hostName=$(io_getPublicHostName) - io_hasMatch "$inputString" "$hostName" && { - logDebug "Found $hostName. Returning [$FLAG_Y]" - IS_LOCALHOST="$FLAG_Y" && return; - } || logDebug "Did not find match for $hostName" - -} - -# Usage: if [ "$(io_tarExists)" != "yes" ] -# IMPORTANT- DON'T ADD LOGGING to this method -io_tarExists() { - io_commandExists "tar" -} - -# IMPORTANT- DON'T ADD LOGGING to this method -io_getPublicHostIP() { - local OS_TYPE=$(uname) - local publicHostIP= - if [ "${OS_TYPE}" == "Darwin" ]; then - ipStatus=$(ifconfig en0 | grep "status" | awk '{print$2}') - if [ "${ipStatus}" == "active" ]; then - publicHostIP=$(ifconfig en0 | grep inet | grep -v inet6 | awk '{print $2}') - else - errorExit "Host IP could not be resolved!" - fi - elif [ "${OS_TYPE}" == "Linux" ]; then - publicHostIP=$(hostname -i 2>/dev/null || echo "127.0.0.1") - fi - publicHostIP=$(echo "${publicHostIP}" | awk '{print $1}') - echo -n "${publicHostIP}" -} - -# Will return the short host name (up to the first dot) -# IMPORTANT- DON'T ADD LOGGING to this method -io_getPublicHostName() { - echo -n "$(hostname -s)" -} - -# Will return the full host name (use this as much as possible) -# IMPORTANT- DON'T ADD LOGGING to this method -io_getPublicHostID() { - echo -n "$(hostname)" -} - -# Utility method to backup a file -# Failure conditions: NA -# Parameters: filePath -# Depends on global: none, -# Updates global: none -# Returns: NA -io_backupFile() { - logSilly "Method ${FUNCNAME[0]}" - fileName="$1" - if [ ! -f "${filePath}" ]; then - logDebug "No file: [${filePath}] to backup" - return - fi - dateTime=$(date +"%Y-%m-%d-%H-%M-%S") - targetFileName="${fileName}.backup.${dateTime}" - yes | \cp -f "$fileName" "${targetFileName}" - logger "File [${fileName}] backedup as [${targetFileName}]" -} - -# Reference https://stackoverflow.com/questions/4023830/how-to-compare-two-strings-in-dot-separated-version-format-in-bash/4025065#4025065 -is_number() { - case "$BASH_VERSION" in - 3.1.*) - PATTERN='\^\[0-9\]+\$' - ;; - *) - PATTERN='^[0-9]+$' - ;; - esac - - [[ "$1" =~ $PATTERN ]] -} - -io_compareVersions() { - if [[ $# != 2 ]] - then - echo "Usage: min_version current minimum" - return - fi - - A="${1%%.*}" - B="${2%%.*}" - - if [[ "$A" != "$1" && "$B" != "$2" && "$A" == "$B" ]] - then - io_compareVersions "${1#*.}" "${2#*.}" - else - if is_number "$A" && is_number "$B" - then - if [[ "$A" -eq "$B" ]]; then - echo "0" - elif [[ "$A" -gt "$B" ]]; then - echo "1" - elif [[ "$A" -lt "$B" ]]; then - echo "-1" - fi - fi - fi -} - -# Reference https://stackoverflow.com/questions/369758/how-to-trim-whitespace-from-a-bash-variable -# Strip all leading and trailing spaces -# IMPORTANT- DON'T ADD LOGGING to this method -io_trim() { - local var="$1" - # remove leading whitespace characters - var="${var#"${var%%[![:space:]]*}"}" - # remove trailing whitespace characters - var="${var%"${var##*[![:space:]]}"}" - echo -n "$var" -} - -# temporary function will be removing it ASAP -# search for string and replace text in file -replaceText_migration_hook () { - local regexString="$1" - local replaceText="$2" - local file="$3" - - if [[ "$(checkFileExists "${file}")" != "true" ]]; then - return - fi - if [[ $(uname) == "Darwin" ]]; then - sed -i '' -e "s/${regexString}/${replaceText}/" "${file}" || warn "Failed to replace the text in ${file}" - else - sed -i -e "s/${regexString}/${replaceText}/" "${file}" || warn "Failed to replace the text in ${file}" - fi -} - -# search for string and replace text in file -replaceText () { - local regexString="$1" - local replaceText="$2" - local file="$3" - - if [[ "$(checkFileExists "${file}")" != "true" ]]; then - return - fi - if [[ $(uname) == "Darwin" ]]; then - sed -i '' -e "s#${regexString}#${replaceText}#" "${file}" || warn "Failed to replace the text in ${file}" - else - sed -i -e "s#${regexString}#${replaceText}#" "${file}" || warn "Failed to replace the text in ${file}" - logDebug "Replaced [$regexString] with [$replaceText] in [$file]" - fi -} - -# search for string and prepend text in file -prependText () { - local regexString="$1" - local text="$2" - local file="$3" - - if [[ "$(checkFileExists "${file}")" != "true" ]]; then - return - fi - if [[ $(uname) == "Darwin" ]]; then - sed -i '' -e '/'"${regexString}"'/i\'$'\n\\'"${text}"''$'\n' "${file}" || warn "Failed to prepend the text in ${file}" - else - sed -i -e '/'"${regexString}"'/i\'$'\n\\'"${text}"''$'\n' "${file}" || warn "Failed to prepend the text in ${file}" - fi -} - -# add text to beginning of the file -addText () { - local text="$1" - local file="$2" - - if [[ "$(checkFileExists "${file}")" != "true" ]]; then - return - fi - if [[ $(uname) == "Darwin" ]]; then - sed -i '' -e '1s/^/'"${text}"'\'$'\n/' "${file}" || warn "Failed to add the text in ${file}" - else - sed -i -e '1s/^/'"${text}"'\'$'\n/' "${file}" || warn "Failed to add the text in ${file}" - fi -} - -io_replaceString () { - local value="$1" - local firstString="$2" - local secondString="$3" - local separator=${4:-"/"} - local updateValue= - if [[ $(uname) == "Darwin" ]]; then - updateValue=$(echo "${value}" | sed "s${separator}${firstString}${separator}${secondString}${separator}") - else - updateValue=$(echo "${value}" | sed "s${separator}${firstString}${separator}${secondString}${separator}") - fi - echo -n "${updateValue}" -} - -_findYQ() { - # logSilly "Method ${FUNCNAME[0]}" (Intentionally not logging. Does not add value) - local parentDir="$1" - if [ -z "$parentDir" ]; then - return - fi - logDebug "Executing command [find "${parentDir}" -name third-party -type d]" - local yq=$(find "${parentDir}" -name third-party -type d) - if [ -d "${yq}/yq" ]; then - export YQ_PATH="${yq}/yq" - fi -} - - -io_setYQPath() { - # logSilly "Method ${FUNCNAME[0]}" (Intentionally not logging. Does not add value) - if [ "$(io_commandExists 'yq')" == "yes" ]; then - return - fi - - if [ ! -z "${JF_PRODUCT_HOME}" ] && [ -d "${JF_PRODUCT_HOME}" ]; then - _findYQ "${JF_PRODUCT_HOME}" - fi - - if [ -z "${YQ_PATH}" ] && [ ! -z "${COMPOSE_HOME}" ] && [ -d "${COMPOSE_HOME}" ]; then - _findYQ "${COMPOSE_HOME}" - fi - # TODO We can remove this block after all the code is restructured. - if [ -z "${YQ_PATH}" ] && [ ! -z "${SCRIPT_HOME}" ] && [ -d "${SCRIPT_HOME}" ]; then - _findYQ "${SCRIPT_HOME}" - fi - -} - -io_getLinuxDistribution() { - LINUX_DISTRIBUTION= - - # Make sure running on Linux - [ $(uname -s) != "Linux" ] && return - - # Find out what Linux distribution we are on - - cat /etc/*-release | grep -i Red >/dev/null 2>&1 && LINUX_DISTRIBUTION=RedHat || true - - # OS 6.x - cat /etc/issue.net | grep Red >/dev/null 2>&1 && LINUX_DISTRIBUTION=RedHat || true - - # OS 7.x - cat /etc/*-release | grep -i centos >/dev/null 2>&1 && LINUX_DISTRIBUTION=CentOS && LINUX_DISTRIBUTION_VER="7" || true - - # OS 8.x - grep -q -i "release 8" /etc/redhat-release >/dev/null 2>&1 && LINUX_DISTRIBUTION_VER="8" || true - - # OS 7.x - grep -q -i "release 7" /etc/redhat-release >/dev/null 2>&1 && LINUX_DISTRIBUTION_VER="7" || true - - # OS 6.x - grep -q -i "release 6" /etc/redhat-release >/dev/null 2>&1 && LINUX_DISTRIBUTION_VER="6" || true - - cat /etc/*-release | grep -i Red | grep -i 'VERSION=7' >/dev/null 2>&1 && LINUX_DISTRIBUTION=RedHat && LINUX_DISTRIBUTION_VER="7" || true - - cat /etc/*-release | grep -i debian >/dev/null 2>&1 && LINUX_DISTRIBUTION=Debian || true - - cat /etc/*-release | grep -i ubuntu >/dev/null 2>&1 && LINUX_DISTRIBUTION=Ubuntu || true -} - -## Utility method to check ownership of folders/files -## Failure conditions: - ## If invoked with incorrect inputs - FATAL - ## If file is not owned by the user & group -## Parameters: - ## user - ## group - ## folder to chown -## Globals: none -## Returns: none -## NOTE: The method does NOTHING if the OS is Mac -io_checkOwner () { - logSilly "Method ${FUNCNAME[0]}" - local osType=$(uname) - - if [ "${osType}" != "Linux" ]; then - logDebug "Unsupported OS. Skipping check" - return 0 - fi - - local file_to_check=$1 - local user_id_to_check=$2 - - - if [ -z "$user_id_to_check" ] || [ -z "$file_to_check" ]; then - errorExit "Invalid invocation of method. Missing mandatory inputs" - fi - - local group_id_to_check=${3:-$user_id_to_check} - local check_user_name=${4:-"no"} - - logDebug "Checking permissions on [$file_to_check] for user [$user_id_to_check] & group [$group_id_to_check]" - - local stat= - - if [ "${check_user_name}" == "yes" ]; then - stat=( $(stat -Lc "%U %G" ${file_to_check}) ) - else - stat=( $(stat -Lc "%u %g" ${file_to_check}) ) - fi - - local user_id=${stat[0]} - local group_id=${stat[1]} - - if [[ "${user_id}" != "${user_id_to_check}" ]] || [[ "${group_id}" != "${group_id_to_check}" ]] ; then - logDebug "Ownership mismatch. [${file_to_check}] is not owned by [${user_id_to_check}:${group_id_to_check}]" - return 1 - else - return 0 - fi -} - -## Utility method to change ownership of a file/folder - NON recursive -## Failure conditions: - ## If invoked with incorrect inputs - FATAL - ## If chown operation fails - returns 1 -## Parameters: - ## user - ## group - ## file to chown -## Globals: none -## Returns: none -## NOTE: The method does NOTHING if the OS is Mac - -io_setOwnershipNonRecursive() { - - local osType=$(uname) - if [ "${osType}" != "Linux" ]; then - return - fi - - local targetFile=$1 - local user=$2 - - if [ -z "$user" ] || [ -z "$targetFile" ]; then - errorExit "Invalid invocation of method. Missing mandatory inputs" - fi - - local group=${3:-$user} - logDebug "Method ${FUNCNAME[0]}. Executing [chown ${user}:${group} ${targetFile}]" - chown ${user}:${group} ${targetFile} || return 1 -} - -## Utility method to change ownership of a file. -## IMPORTANT -## If being called on a folder, should ONLY be called for fresh folders or may cause performance issues -## Failure conditions: - ## If invoked with incorrect inputs - FATAL - ## If chown operation fails - returns 1 -## Parameters: - ## user - ## group - ## file to chown -## Globals: none -## Returns: none -## NOTE: The method does NOTHING if the OS is Mac - -io_setOwnership() { - - local osType=$(uname) - if [ "${osType}" != "Linux" ]; then - return - fi - - local targetFile=$1 - local user=$2 - - if [ -z "$user" ] || [ -z "$targetFile" ]; then - errorExit "Invalid invocation of method. Missing mandatory inputs" - fi - - local group=${3:-$user} - logDebug "Method ${FUNCNAME[0]}. Executing [chown -R ${user}:${group} ${targetFile}]" - chown -R ${user}:${group} ${targetFile} || return 1 -} - -## Utility method to create third party folder structure necessary for Postgres -## Failure conditions: -## If creation of directory or assigning permissions fails -## Parameters: none -## Globals: -## POSTGRESQL_DATA_ROOT -## Returns: none -## NOTE: The method does NOTHING if the folder already exists -io_createPostgresDir() { - logDebug "Method ${FUNCNAME[0]}" - [ -z "${POSTGRESQL_DATA_ROOT}" ] && return 0 - - logDebug "Property [${POSTGRESQL_DATA_ROOT}] exists. Proceeding" - - createDir "${POSTGRESQL_DATA_ROOT}/data" - io_setOwnership "${POSTGRESQL_DATA_ROOT}" "${POSTGRES_USER}" "${POSTGRES_USER}" || errorExit "Setting ownership of [${POSTGRESQL_DATA_ROOT}] to [${POSTGRES_USER}:${POSTGRES_USER}] failed" -} - -## Utility method to create third party folder structure necessary for Nginx -## Failure conditions: -## If creation of directory or assigning permissions fails -## Parameters: none -## Globals: -## NGINX_DATA_ROOT -## Returns: none -## NOTE: The method does NOTHING if the folder already exists -io_createNginxDir() { - logDebug "Method ${FUNCNAME[0]}" - [ -z "${NGINX_DATA_ROOT}" ] && return 0 - - logDebug "Property [${NGINX_DATA_ROOT}] exists. Proceeding" - - createDir "${NGINX_DATA_ROOT}" - io_setOwnership "${NGINX_DATA_ROOT}" "${NGINX_USER}" "${NGINX_GROUP}" || errorExit "Setting ownership of [${NGINX_DATA_ROOT}] to [${NGINX_USER}:${NGINX_GROUP}] failed" -} - -## Utility method to create third party folder structure necessary for ElasticSearch -## Failure conditions: -## If creation of directory or assigning permissions fails -## Parameters: none -## Globals: -## ELASTIC_DATA_ROOT -## Returns: none -## NOTE: The method does NOTHING if the folder already exists -io_createElasticSearchDir() { - logDebug "Method ${FUNCNAME[0]}" - [ -z "${ELASTIC_DATA_ROOT}" ] && return 0 - - logDebug "Property [${ELASTIC_DATA_ROOT}] exists. Proceeding" - - createDir "${ELASTIC_DATA_ROOT}/data" - io_setOwnership "${ELASTIC_DATA_ROOT}" "${ES_USER}" "${ES_USER}" || errorExit "Setting ownership of [${ELASTIC_DATA_ROOT}] to [${ES_USER}:${ES_USER}] failed" -} - -## Utility method to create third party folder structure necessary for Redis -## Failure conditions: -## If creation of directory or assigning permissions fails -## Parameters: none -## Globals: -## REDIS_DATA_ROOT -## Returns: none -## NOTE: The method does NOTHING if the folder already exists -io_createRedisDir() { - logDebug "Method ${FUNCNAME[0]}" - [ -z "${REDIS_DATA_ROOT}" ] && return 0 - - logDebug "Property [${REDIS_DATA_ROOT}] exists. Proceeding" - - createDir "${REDIS_DATA_ROOT}" - io_setOwnership "${REDIS_DATA_ROOT}" "${REDIS_USER}" "${REDIS_USER}" || errorExit "Setting ownership of [${REDIS_DATA_ROOT}] to [${REDIS_USER}:${REDIS_USER}] failed" -} - -## Utility method to create third party folder structure necessary for Mongo -## Failure conditions: -## If creation of directory or assigning permissions fails -## Parameters: none -## Globals: -## MONGODB_DATA_ROOT -## Returns: none -## NOTE: The method does NOTHING if the folder already exists -io_createMongoDir() { - logDebug "Method ${FUNCNAME[0]}" - [ -z "${MONGODB_DATA_ROOT}" ] && return 0 - - logDebug "Property [${MONGODB_DATA_ROOT}] exists. Proceeding" - - createDir "${MONGODB_DATA_ROOT}/logs" - createDir "${MONGODB_DATA_ROOT}/configdb" - createDir "${MONGODB_DATA_ROOT}/db" - io_setOwnership "${MONGODB_DATA_ROOT}" "${MONGO_USER}" "${MONGO_USER}" || errorExit "Setting ownership of [${MONGODB_DATA_ROOT}] to [${MONGO_USER}:${MONGO_USER}] failed" -} - -## Utility method to create third party folder structure necessary for RabbitMQ -## Failure conditions: -## If creation of directory or assigning permissions fails -## Parameters: none -## Globals: -## RABBITMQ_DATA_ROOT -## Returns: none -## NOTE: The method does NOTHING if the folder already exists -io_createRabbitMQDir() { - logDebug "Method ${FUNCNAME[0]}" - [ -z "${RABBITMQ_DATA_ROOT}" ] && return 0 - - logDebug "Property [${RABBITMQ_DATA_ROOT}] exists. Proceeding" - - createDir "${RABBITMQ_DATA_ROOT}" - io_setOwnership "${RABBITMQ_DATA_ROOT}" "${RABBITMQ_USER}" "${RABBITMQ_USER}" || errorExit "Setting ownership of [${RABBITMQ_DATA_ROOT}] to [${RABBITMQ_USER}:${RABBITMQ_USER}] failed" -} - -# Add or replace a property in provided properties file -addOrReplaceProperty() { - local propertyName=$1 - local propertyValue=$2 - local propertiesPath=$3 - local delimiter=${4:-"="} - - # Return if any of the inputs are empty - [[ -z "$propertyName" || "$propertyName" == "" ]] && return - [[ -z "$propertyValue" || "$propertyValue" == "" ]] && return - [[ -z "$propertiesPath" || "$propertiesPath" == "" ]] && return - - grep "^${propertyName}\s*${delimiter}.*$" ${propertiesPath} > /dev/null 2>&1 - [ $? -ne 0 ] && echo -e "\n${propertyName}${delimiter}${propertyValue}" >> ${propertiesPath} - sed -i -e "s|^${propertyName}\s*${delimiter}.*$|${propertyName}${delimiter}${propertyValue}|g;" ${propertiesPath} -} - -# Set property only if its not set -io_setPropertyNoOverride(){ - local propertyName=$1 - local propertyValue=$2 - local propertiesPath=$3 - - # Return if any of the inputs are empty - [[ -z "$propertyName" || "$propertyName" == "" ]] && return - [[ -z "$propertyValue" || "$propertyValue" == "" ]] && return - [[ -z "$propertiesPath" || "$propertiesPath" == "" ]] && return - - grep "^${propertyName}:" ${propertiesPath} > /dev/null 2>&1 - if [ $? -ne 0 ]; then - echo -e "${propertyName}: ${propertyValue}" >> ${propertiesPath} || warn "Setting property ${propertyName}: ${propertyValue} in [ ${propertiesPath} ] failed" - else - logger "Skipping update of property : ${propertyName}" >&6 - fi -} - -# Add a line to a file if it doesn't already exist -addLine() { - local line_to_add=$1 - local target_file=$2 - logger "Trying to add line $1 to $2" >&6 2>&1 - cat "$target_file" | grep -F "$line_to_add" -wq >&6 2>&1 - if [ $? != 0 ]; then - logger "Line does not exist and will be added" >&6 2>&1 - echo $line_to_add >> $target_file || errorExit "Could not update $target_file" - fi -} - -# Utility method to check if a value (first paramter) exists in an array (2nd parameter) -# 1st parameter "value to find" -# 2nd parameter "The array to search in. Please pass a string with each value separated by space" -# Example: containsElement "y" "y Y n N" -containsElement () { - local searchElement=$1 - local searchArray=($2) - local found=1 - for elementInIndex in "${searchArray[@]}";do - if [[ $elementInIndex == $searchElement ]]; then - found=0 - fi - done - return $found -} - -# Utility method to get user's choice -# 1st parameter "what to ask the user" -# 2nd parameter "what choices to accept, separated by spaces" -# 3rd parameter "what is the default choice (to use if the user simply presses Enter)" -# Example 'getUserChoice "Are you feeling lucky? Punk!" "y n Y N" "y"' -getUserChoice(){ - configureLogOutput - read_timeout=${read_timeout:-0.5} - local choice="na" - local text_to_display=$1 - local choices=$2 - local default_choice=$3 - users_choice= - - until containsElement "$choice" "$choices"; do - echo "";echo ""; - sleep $read_timeout #This ensures correct placement of the question. - read -p "$text_to_display :" choice - : ${choice:=$default_choice} - done - users_choice=$choice - echo -e "\n$text_to_display: $users_choice" >&6 - sleep $read_timeout #This ensures correct logging -} - -setFilePermission () { - local permission=$1 - local file=$2 - chmod "${permission}" "${file}" || warn "Setting permission ${permission} to file [ ${file} ] failed" -} - - -#setting required paths -setAppDir (){ - SCRIPT_DIR=$(dirname $0) - SCRIPT_HOME="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" - APP_DIR="`cd "${SCRIPT_HOME}";pwd`" -} - -ZIP_TYPE="zip" -COMPOSE_TYPE="compose" -HELM_TYPE="helm" -RPM_TYPE="rpm" -DEB_TYPE="debian" - -sourceScript () { - local file="$1" - - [ ! -z "${file}" ] || errorExit "target file is not passed to source a file" - - if [ ! -f "${file}" ]; then - errorExit "${file} file is not found" - else - source "${file}" || errorExit "Unable to source ${file}, please check if the user ${USER} has permissions to perform this action" - fi -} -# Source required helpers -initHelpers () { - local systemYamlHelper="${APP_DIR}/systemYamlHelper.sh" - local thirdPartyDir=$(find ${APP_DIR}/.. -name third-party -type d) - export YQ_PATH="${thirdPartyDir}/yq" - LIBXML2_PATH="${thirdPartyDir}/libxml2/bin/xmllint" - export LD_LIBRARY_PATH="${thirdPartyDir}/libxml2/lib" - sourceScript "${systemYamlHelper}" -} -# Check migration info yaml file available in the path -checkMigrationInfoYaml () { - - if [[ -f "${APP_DIR}/migrationHelmInfo.yaml" ]]; then - MIGRATION_SYSTEM_YAML_INFO="${APP_DIR}/migrationHelmInfo.yaml" - INSTALLER="${HELM_TYPE}" - elif [[ -f "${APP_DIR}/migrationZipInfo.yaml" ]]; then - MIGRATION_SYSTEM_YAML_INFO="${APP_DIR}/migrationZipInfo.yaml" - INSTALLER="${ZIP_TYPE}" - elif [[ -f "${APP_DIR}/migrationRpmInfo.yaml" ]]; then - MIGRATION_SYSTEM_YAML_INFO="${APP_DIR}/migrationRpmInfo.yaml" - INSTALLER="${RPM_TYPE}" - elif [[ -f "${APP_DIR}/migrationDebInfo.yaml" ]]; then - MIGRATION_SYSTEM_YAML_INFO="${APP_DIR}/migrationDebInfo.yaml" - INSTALLER="${DEB_TYPE}" - elif [[ -f "${APP_DIR}/migrationComposeInfo.yaml" ]]; then - MIGRATION_SYSTEM_YAML_INFO="${APP_DIR}/migrationComposeInfo.yaml" - INSTALLER="${COMPOSE_TYPE}" - else - errorExit "File migration Info yaml does not exist in [${APP_DIR}]" - fi -} - -retrieveYamlValue () { - local yamlPath="$1" - local value="$2" - local output="$3" - local message="$4" - - [[ -z "${yamlPath}" ]] && errorExit "yamlPath is mandatory to get value from ${MIGRATION_SYSTEM_YAML_INFO}" - - getYamlValue "${yamlPath}" "${MIGRATION_SYSTEM_YAML_INFO}" "false" - value="${YAML_VALUE}" - if [[ -z "${value}" ]]; then - if [[ "${output}" == "Warning" ]]; then - warn "Empty value for ${yamlPath} in [${MIGRATION_SYSTEM_YAML_INFO}]" - elif [[ "${output}" == "Skip" ]]; then - return - else - errorExit "${message}" - fi - fi -} - -checkEnv () { - - if [[ "${INSTALLER}" == "${ZIP_TYPE}" ]]; then - # check Environment JF_PRODUCT_HOME is set before migration - NEW_DATA_DIR="$(evalVariable "NEW_DATA_DIR" "JF_PRODUCT_HOME")" - if [[ -z "${NEW_DATA_DIR}" ]]; then - errorExit "Environment variable JF_PRODUCT_HOME is not set, this is required to perform Migration" - fi - # appending var directory to $JF_PRODUCT_HOME - NEW_DATA_DIR="${NEW_DATA_DIR}/var" - elif [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then - getCustomDataDir_hook - NEW_DATA_DIR="${OLD_DATA_DIR}" - if [[ -z "${NEW_DATA_DIR}" ]] && [[ -z "${OLD_DATA_DIR}" ]]; then - errorExit "Could not find ${PROMPT_DATA_DIR_LOCATION} to perform Migration" - fi - else - # check Environment JF_ROOT_DATA_DIR is set before migration - OLD_DATA_DIR="$(evalVariable "OLD_DATA_DIR" "JF_ROOT_DATA_DIR")" - # check Environment JF_ROOT_DATA_DIR is set before migration - NEW_DATA_DIR="$(evalVariable "NEW_DATA_DIR" "JF_ROOT_DATA_DIR")" - if [[ -z "${NEW_DATA_DIR}" ]] && [[ -z "${OLD_DATA_DIR}" ]]; then - errorExit "Could not find ${PROMPT_DATA_DIR_LOCATION} to perform Migration" - fi - # appending var directory to $JF_PRODUCT_HOME - NEW_DATA_DIR="${NEW_DATA_DIR}/var" - fi - -} - -getDataDir () { - - if [[ "${INSTALLER}" == "${ZIP_TYPE}" || "${INSTALLER}" == "${COMPOSE_TYPE}"|| "${INSTALLER}" == "${HELM_TYPE}" ]]; then - checkEnv - else - getCustomDataDir_hook - NEW_DATA_DIR="`cd "${APP_DIR}"/../../;pwd`" - NEW_DATA_DIR="${NEW_DATA_DIR}/var" - fi -} - -# Retrieve Product name from MIGRATION_SYSTEM_YAML_INFO -getProduct () { - retrieveYamlValue "migration.product" "${YAML_VALUE}" "Fail" "Empty value under ${yamlPath} in [${MIGRATION_SYSTEM_YAML_INFO}]" - PRODUCT="${YAML_VALUE}" - PRODUCT=$(echo "${PRODUCT}" | tr '[:upper:]' '[:lower:]' 2>/dev/null) - if [[ "${PRODUCT}" != "artifactory" && "${PRODUCT}" != "distribution" && "${PRODUCT}" != "xray" ]]; then - errorExit "migration.product in [${MIGRATION_SYSTEM_YAML_INFO}] is not correct, please set based on product as ARTIFACTORY or DISTRIBUTION" - fi - if [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then - JF_USER="${PRODUCT}" - fi -} -# Compare product version with minProductVersion and maxProductVersion -migrateCheckVersion () { - local productVersion="$1" - local minProductVersion="$2" - local maxProductVersion="$3" - local productVersion618="6.18.0" - local unSupportedProductVersions7=("7.2.0 7.2.1") - - if [[ "$(io_compareVersions "${productVersion}" "${maxProductVersion}")" -eq 0 || "$(io_compareVersions "${productVersion}" "${maxProductVersion}")" -eq 1 ]]; then - logger "Migration not necessary. ${PRODUCT} is already ${productVersion}" - exit 11 - elif [[ "$(io_compareVersions "${productVersion}" "${minProductVersion}")" -eq 0 || "$(io_compareVersions "${productVersion}" "${minProductVersion}")" -eq 1 ]]; then - if [[ ("$(io_compareVersions "${productVersion}" "${productVersion618}")" -eq 0 || "$(io_compareVersions "${productVersion}" "${productVersion618}")" -eq 1) && " ${unSupportedProductVersions7[@]} " =~ " ${CURRENT_VERSION} " ]]; then - touch /tmp/error; - errorExit "Current ${PRODUCT} version (${productVersion}) does not support migration to ${CURRENT_VERSION}" - else - bannerStart "Detected ${PRODUCT} ${productVersion}, initiating migration" - fi - else - logger "Current ${PRODUCT} ${productVersion} version is not supported for migration" - exit 1 - fi -} - -getProductVersion () { - local minProductVersion="$1" - local maxProductVersion="$2" - local newfilePath="$3" - local oldfilePath="$4" - local propertyInDocker="$5" - local property="$6" - local productVersion= - local status= - - if [[ "$INSTALLER" == "${COMPOSE_TYPE}" ]]; then - if [[ -f "${oldfilePath}" ]]; then - if [[ "${PRODUCT}" == "artifactory" ]]; then - productVersion="$(readKey "${property}" "${oldfilePath}")" - else - productVersion="$(cat "${oldfilePath}")" - fi - status="success" - elif [[ -f "${newfilePath}" ]]; then - productVersion="$(readKey "${propertyInDocker}" "${newfilePath}")" - status="fail" - else - logger "File [${oldfilePath}] or [${newfilePath}] not found to get current version." - exit 0 - fi - elif [[ "$INSTALLER" == "${HELM_TYPE}" ]]; then - if [[ -f "${oldfilePath}" ]]; then - if [[ "${PRODUCT}" == "artifactory" ]]; then - productVersion="$(readKey "${property}" "${oldfilePath}")" - else - productVersion="$(cat "${oldfilePath}")" - fi - status="success" - else - productVersion="${CURRENT_VERSION}" - [[ -z "${productVersion}" || "${productVersion}" == "" ]] && logger "${PRODUCT} CURRENT_VERSION is not set" && exit 0 - fi - else - if [[ -f "${newfilePath}" ]]; then - productVersion="$(readKey "${property}" "${newfilePath}")" - status="fail" - elif [[ -f "${oldfilePath}" ]]; then - productVersion="$(readKey "${property}" "${oldfilePath}")" - status="success" - else - if [[ "${INSTALLER}" == "${ZIP_TYPE}" ]]; then - logger "File [${newfilePath}] not found to get current version." - else - logger "File [${oldfilePath}] or [${newfilePath}] not found to get current version." - fi - exit 0 - fi - fi - if [[ -z "${productVersion}" || "${productVersion}" == "" ]]; then - [[ "${status}" == "success" ]] && logger "No version found in file [${oldfilePath}]." - [[ "${status}" == "fail" ]] && logger "No version found in file [${newfilePath}]." - exit 0 - fi - - migrateCheckVersion "${productVersion}" "${minProductVersion}" "${maxProductVersion}" -} - -readKey () { - local property="$1" - local file="$2" - local version= - - while IFS='=' read -r key value || [ -n "${key}" ]; - do - [[ ! "${key}" =~ \#.* && ! -z "${key}" && ! -z "${value}" ]] - key="$(io_trim "${key}")" - if [[ "${key}" == "${property}" ]]; then - version="${value}" && check=true && break - else - check=false - fi - done < "${file}" - if [[ "${check}" == "false" ]]; then - return - fi - echo "${version}" -} - -# create Log directory -createLogDir () { - if [[ "${INSTALLER}" == "${DEB_TYPE}" || "${INSTALLER}" == "${RPM_TYPE}" ]]; then - getUserAndGroupFromFile - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/log" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" - fi -} - -# Creating migration log file -creationMigrateLog () { - local LOG_FILE_NAME="migration.log" - createLogDir - local MIGRATION_LOG_FILE="${NEW_DATA_DIR}/log/${LOG_FILE_NAME}" - if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then - MIGRATION_LOG_FILE="${SCRIPT_HOME}/${LOG_FILE_NAME}" - fi - touch "${MIGRATION_LOG_FILE}" - setFilePermission "${LOG_FILE_PERMISSION}" "${MIGRATION_LOG_FILE}" - exec &> >(tee -a "${MIGRATION_LOG_FILE}") -} -# Set path where system.yaml should create -setSystemYamlPath () { - SYSTEM_YAML_PATH="${NEW_DATA_DIR}/etc/system.yaml" - if [[ "${INSTALLER}" != "${HELM_TYPE}" ]]; then - logger "system.yaml will be created in path [${SYSTEM_YAML_PATH}]" - fi -} -# Create directory -createDirectory () { - local directory="$1" - local output="$2" - local check=false - local message="Could not create directory ${directory}, please check if the user ${USER} has permissions to perform this action" - removeSoftLink "${directory}" - mkdir -p "${directory}" && check=true || check=false - if [[ "${check}" == "false" ]]; then - if [[ "${output}" == "Warning" ]]; then - warn "${message}" - else - errorExit "${message}" - fi - fi - setOwnershipBasedOnInstaller "${directory}" -} - -setOwnershipBasedOnInstaller () { - local directory="$1" - if [[ "${INSTALLER}" == "${DEB_TYPE}" || "${INSTALLER}" == "${RPM_TYPE}" ]]; then - getUserAndGroupFromFile - chown -R ${USER_TO_CHECK}:${GROUP_TO_CHECK} "${directory}" || warn "Setting ownership on $directory failed" - elif [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then - io_setOwnership "${directory}" "${JF_USER}" "${JF_USER}" - fi -} - -getUserAndGroup () { - local file="$1" - read uid gid <<<$(stat -c '%U %G' ${file}) - USER_TO_CHECK="${uid}" - GROUP_TO_CHECK="${gid}" -} - -# set ownership -getUserAndGroupFromFile () { - case $PRODUCT in - artifactory) - getUserAndGroup "/etc/opt/jfrog/artifactory/artifactory.properties" - ;; - distribution) - getUserAndGroup "${OLD_DATA_DIR}/etc/versions.properties" - ;; - xray) - getUserAndGroup "${OLD_DATA_DIR}/security/master.key" - ;; - esac -} - -# creating required directories -createRequiredDirs () { - bannerSubSection "CREATING REQUIRED DIRECTORIES" - if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/etc/security" "${JF_USER}" "${JF_USER}" "yes" - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/data" "${JF_USER}" "${JF_USER}" "yes" - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/log/archived" "${JF_USER}" "${JF_USER}" "yes" - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/work" "${JF_USER}" "${JF_USER}" "yes" - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/backup" "${JF_USER}" "${JF_USER}" "yes" - io_setOwnership "${NEW_DATA_DIR}" "${JF_USER}" "${JF_USER}" - if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" ]]; then - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/data/postgres" "${POSTGRES_USER}" "${POSTGRES_USER}" "yes" - fi - elif [[ "${INSTALLER}" == "${DEB_TYPE}" || "${INSTALLER}" == "${RPM_TYPE}" ]]; then - getUserAndGroupFromFile - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/etc" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" "yes" - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/etc/security" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" "yes" - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/data" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" "yes" - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/log/archived" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" "yes" - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/work" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" "yes" - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/backup" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" "yes" - fi -} - -# Check entry in map is format -checkMapEntry () { - local entry="$1" - - [[ "${entry}" != *"="* ]] && echo -n "false" || echo -n "true" -} -# Check value Empty and warn -warnIfEmpty () { - local filePath="$1" - local yamlPath="$2" - local check= - - if [[ -z "${filePath}" ]]; then - warn "Empty value in yamlpath [${yamlPath} in [${MIGRATION_SYSTEM_YAML_INFO}]" - check=false - else - check=true - fi - echo "${check}" -} - -logCopyStatus () { - local status="$1" - local logMessage="$2" - local warnMessage="$3" - - [[ "${status}" == "success" ]] && logger "${logMessage}" - [[ "${status}" == "fail" ]] && warn "${warnMessage}" -} -# copy contents from source to destination -copyCmd () { - local source="$1" - local target="$2" - local mode="$3" - local status= - - case $mode in - unique) - cp -up "${source}"/* "${target}"/ && status="success" || status="fail" - logCopyStatus "${status}" "Successfully copied directory contents from [${source}] to [${target}]" "Failed to copy directory contents from [${source}] to [${target}]" - ;; - specific) - cp -pf "${source}" "${target}"/ && status="success" || status="fail" - logCopyStatus "${status}" "Successfully copied file [${source}] to [${target}]" "Failed to copy file [${source}] to [${target}]" - ;; - patternFiles) - cp -pf "${source}"* "${target}"/ && status="success" || status="fail" - logCopyStatus "${status}" "Successfully copied files matching [${source}*] to [${target}]" "Failed to copy files matching [${source}*] to [${target}]" - ;; - full) - cp -prf "${source}"/* "${target}"/ && status="success" || status="fail" - logCopyStatus "${status}" "Successfully copied directory contents from [${source}] to [${target}]" "Failed to copy directory contents from [${source}] to [${target}]" - ;; - esac -} -# Check contents exist in source before copying -copyOnContentExist () { - local source="$1" - local target="$2" - local mode="$3" - - if [[ "$(checkContentExists "${source}")" == "true" ]]; then - copyCmd "${source}" "${target}" "${mode}" - else - logger "No contents to copy from [${source}]" - fi -} - -# move source to destination -moveCmd () { - local source="$1" - local target="$2" - local status= - - mv -f "${source}" "${target}" && status="success" || status="fail" - [[ "${status}" == "success" ]] && logger "Successfully moved directory [${source}] to [${target}]" - [[ "${status}" == "fail" ]] && warn "Failed to move directory [${source}] to [${target}]" -} - -# symlink target to source -symlinkCmd () { - local source="$1" - local target="$2" - local symlinkSubDir="$3" - local check=false - - if [[ "${symlinkSubDir}" == "subDir" ]]; then - ln -sf "${source}"/* "${target}" && check=true || check=false - else - ln -sf "${source}" "${target}" && check=true || check=false - fi - - [[ "${check}" == "true" ]] && logger "Successfully symlinked directory [${target}] to old [${source}]" - [[ "${check}" == "false" ]] && warn "Symlink operation failed" -} -# Check contents exist in source before symlinking -symlinkOnExist () { - local source="$1" - local target="$2" - local symlinkSubDir="$3" - - if [[ "$(checkContentExists "${source}")" == "true" ]]; then - if [[ "${symlinkSubDir}" == "subDir" ]]; then - symlinkCmd "${source}" "${target}" "subDir" - else - symlinkCmd "${source}" "${target}" - fi - else - logger "No contents to symlink from [${source}]" - fi -} - -prependDir () { - local absolutePath="$1" - local fullPath="$2" - local sourcePath= - - if [[ "${absolutePath}" = \/* ]]; then - sourcePath="${absolutePath}" - else - sourcePath="${fullPath}" - fi - echo "${sourcePath}" -} - -getFirstEntry (){ - local entry="$1" - - [[ -z "${entry}" ]] && return - echo "${entry}" | awk -F"=" '{print $1}' -} - -getSecondEntry () { - local entry="$1" - - [[ -z "${entry}" ]] && return - echo "${entry}" | awk -F"=" '{print $2}' -} -# To get absolutePath -pathResolver () { - local directoryPath="$1" - local dataDir= - - if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then - retrieveYamlValue "migration.oldDataDir" "oldDataDir" "Warning" - dataDir="${YAML_VALUE}" - cd "${dataDir}" - else - cd "${OLD_DATA_DIR}" - fi - absoluteDir="`cd "${directoryPath}";pwd`" - echo "${absoluteDir}" -} - -checkPathResolver () { - local value="$1" - - if [[ "${value}" == \/* ]]; then - value="${value}" - else - value="$(pathResolver "${value}")" - fi - echo "${value}" -} - -propertyMigrate () { - local entry="$1" - local filePath="$2" - local fileName="$3" - local check=false - - local yamlPath="$(getFirstEntry "${entry}")" - local property="$(getSecondEntry "${entry}")" - if [[ -z "${property}" ]]; then - warn "Property is empty in map [${entry}] in the file [${MIGRATION_SYSTEM_YAML_INFO}]" - return - fi - if [[ -z "${yamlPath}" ]]; then - warn "yamlPath is empty for [${property}] in [${MIGRATION_SYSTEM_YAML_INFO}]" - return - fi - while IFS='=' read -r key value || [ -n "${key}" ]; - do - [[ ! "${key}" =~ \#.* && ! -z "${key}" && ! -z "${value}" ]] - key="$(io_trim "${key}")" - if [[ "${key}" == "${property}" ]]; then - if [[ "${PRODUCT}" == "artifactory" ]]; then - value="$(migrateResolveDerbyPath "${key}" "${value}")" - value="$(migrateResolveHaDirPath "${key}" "${value}")" - value="$(updatePostgresUrlString_Hook "${yamlPath}" "${value}")" - fi - if [[ "${key}" == "context.url" ]]; then - local ip=$(echo "${value}" | awk -F/ '{print $3}' | sed 's/:.*//') - setSystemValue "shared.node.ip" "${ip}" "${SYSTEM_YAML_PATH}" - logger "Setting [shared.node.ip] with [${ip}] in system.yaml" - fi - setSystemValue "${yamlPath}" "${value}" "${SYSTEM_YAML_PATH}" && logger "Setting [${yamlPath}] with value of the property [${property}] in system.yaml" && check=true && break || check=false - fi - done < "${NEW_DATA_DIR}/${filePath}/${fileName}" - [[ "${check}" == "false" ]] && logger "Property [${property}] not found in file [${fileName}]" -} - -setHaEnabled_hook () { - echo "" -} - -migratePropertiesFiles () { - local fileList= - local filePath= - local fileName= - local map= - - retrieveYamlValue "migration.propertyFiles.files" "fileList" "Skip" - fileList="${YAML_VALUE}" - if [[ -z "${fileList}" ]]; then - return - fi - bannerSection "PROCESSING MIGRATION OF PROPERTY FILES" - for file in ${fileList}; - do - bannerSubSection "Processing Migration of $file" - retrieveYamlValue "migration.propertyFiles.$file.filePath" "filePath" "Warning" - filePath="${YAML_VALUE}" - retrieveYamlValue "migration.propertyFiles.$file.fileName" "fileName" "Warning" - fileName="${YAML_VALUE}" - [[ -z "${filePath}" && -z "${fileName}" ]] && continue - if [[ "$(checkFileExists "${NEW_DATA_DIR}/${filePath}/${fileName}")" == "true" ]]; then - logger "File [${fileName}] found in path [${NEW_DATA_DIR}/${filePath}]" - # setting haEnabled with true only if ha-node.properties is present - setHaEnabled_hook "${filePath}" - retrieveYamlValue "migration.propertyFiles.$file.map" "map" "Warning" - map="${YAML_VALUE}" - [[ -z "${map}" ]] && continue - for entry in $map; - do - if [[ "$(checkMapEntry "${entry}")" == "true" ]]; then - propertyMigrate "${entry}" "${filePath}" "${fileName}" - else - warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e yamlPath=property" - fi - done - else - logger "File [${fileName}] was not found in path [${NEW_DATA_DIR}/${filePath}] to migrate" - fi - done -} - -createTargetDir () { - local mountDir="$1" - local target="$2" - - logger "Target directory not found [${mountDir}/${target}], creating it" - createDirectoryRecursive "${mountDir}" "${target}" "Warning" -} - -createDirectoryRecursive () { - local mountDir="$1" - local target="$2" - local output="$3" - local check=false - local message="Could not create directory ${directory}, please check if the user ${USER} has permissions to perform this action" - removeSoftLink "${mountDir}/${target}" - local directory=$(echo "${target}" | tr '/' ' ' ) - local targetDir="${mountDir}" - for dir in ${directory}; - do - targetDir="${targetDir}/${dir}" - mkdir -p "${targetDir}" && check=true || check=false - setOwnershipBasedOnInstaller "${targetDir}" - done - if [[ "${check}" == "false" ]]; then - if [[ "${output}" == "Warning" ]]; then - warn "${message}" - else - errorExit "${message}" - fi - fi -} - -copyOperation () { - local source="$1" - local target="$2" - local mode="$3" - local check=false - local targetDataDir= - local targetLink= - local date= - - # prepend OLD_DATA_DIR only if source is relative path - source="$(prependDir "${source}" "${OLD_DATA_DIR}/${source}")" - if [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then - targetDataDir="${NEW_DATA_DIR}" - else - targetDataDir="`cd "${NEW_DATA_DIR}"/../;pwd`" - fi - copyLogMessage "${mode}" - #remove source if it is a symlink - if [[ -L "${source}" ]]; then - targetLink=$(readlink -f "${source}") - logger "Removing the symlink [${source}] pointing to [${targetLink}]" - rm -f "${source}" - source=${targetLink} - fi - if [[ "$(checkDirExists "${source}")" != "true" ]]; then - logger "Source [${source}] directory not found in path" - return - fi - if [[ "$(checkDirContents "${source}")" != "true" ]]; then - logger "No contents to copy from [${source}]" - return - fi - if [[ "$(checkDirExists "${targetDataDir}/${target}")" != "true" ]]; then - createTargetDir "${targetDataDir}" "${target}" - fi - copyOnContentExist "${source}" "${targetDataDir}/${target}" "${mode}" -} - -copySpecificFiles () { - local source="$1" - local target="$2" - local mode="$3" - - # prepend OLD_DATA_DIR only if source is relative path - source="$(prependDir "${source}" "${OLD_DATA_DIR}/${source}")" - if [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then - targetDataDir="${NEW_DATA_DIR}" - else - targetDataDir="`cd "${NEW_DATA_DIR}"/../;pwd`" - fi - copyLogMessage "${mode}" - if [[ "$(checkFileExists "${source}")" != "true" ]]; then - logger "Source file [${source}] does not exist in path" - return - fi - if [[ "$(checkDirExists "${targetDataDir}/${target}")" != "true" ]]; then - createTargetDir "${targetDataDir}" "${target}" - fi - copyCmd "${source}" "${targetDataDir}/${target}" "${mode}" -} - -copyPatternMatchingFiles () { - local source="$1" - local target="$2" - local mode="$3" - local sourcePath="${4}" - - # prepend OLD_DATA_DIR only if source is relative path - sourcePath="$(prependDir "${sourcePath}" "${OLD_DATA_DIR}/${sourcePath}")" - if [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then - targetDataDir="${NEW_DATA_DIR}" - else - targetDataDir="`cd "${NEW_DATA_DIR}"/../;pwd`" - fi - copyLogMessage "${mode}" - if [[ "$(checkDirExists "${sourcePath}")" != "true" ]]; then - logger "Source [${sourcePath}] directory not found in path" - return - fi - if ls "${sourcePath}/${source}"* 1> /dev/null 2>&1; then - if [[ "$(checkDirExists "${targetDataDir}/${target}")" != "true" ]]; then - createTargetDir "${targetDataDir}" "${target}" - fi - copyCmd "${sourcePath}/${source}" "${targetDataDir}/${target}" "${mode}" - else - logger "Source file [${sourcePath}/${source}*] does not exist in path" - fi -} - -copyLogMessage () { - local mode="$1" - case $mode in - specific) - logger "Copy file [${source}] to target [${targetDataDir}/${target}]" - ;; - patternFiles) - logger "Copy files matching [${sourcePath}/${source}*] to target [${targetDataDir}/${target}]" - ;; - full) - logger "Copy directory contents from source [${source}] to target [${targetDataDir}/${target}]" - ;; - unique) - logger "Copy directory contents from source [${source}] to target [${targetDataDir}/${target}]" - ;; - esac -} - -copyBannerMessages () { - local mode="$1" - local textMode="$2" - case $mode in - specific) - bannerSection "COPY ${textMode} FILES" - ;; - patternFiles) - bannerSection "COPY MATCHING ${textMode}" - ;; - full) - bannerSection "COPY ${textMode} DIRECTORIES CONTENTS" - ;; - unique) - bannerSection "COPY ${textMode} DIRECTORIES CONTENTS" - ;; - esac -} - -invokeCopyFunctions () { - local mode="$1" - local source="$2" - local target="$3" - - case $mode in - specific) - copySpecificFiles "${source}" "${target}" "${mode}" - ;; - patternFiles) - retrieveYamlValue "migration.${copyFormat}.sourcePath" "map" "Warning" - local sourcePath="${YAML_VALUE}" - copyPatternMatchingFiles "${source}" "${target}" "${mode}" "${sourcePath}" - ;; - full) - copyOperation "${source}" "${target}" "${mode}" - ;; - unique) - copyOperation "${source}" "${target}" "${mode}" - ;; - esac -} -# Copies contents from source directory and target directory -copyDataDirectories () { - local copyFormat="$1" - local mode="$2" - local map= - local source= - local target= - local textMode= - local targetDataDir= - local copyFormatValue= - - retrieveYamlValue "migration.${copyFormat}" "${copyFormat}" "Skip" - copyFormatValue="${YAML_VALUE}" - if [[ -z "${copyFormatValue}" ]]; then - return - fi - textMode=$(echo "${mode}" | tr '[:lower:]' '[:upper:]' 2>/dev/null) - copyBannerMessages "${mode}" "${textMode}" - retrieveYamlValue "migration.${copyFormat}.map" "map" "Warning" - map="${YAML_VALUE}" - if [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then - targetDataDir="${NEW_DATA_DIR}" - else - targetDataDir="`cd "${NEW_DATA_DIR}"/../;pwd`" - fi - for entry in $map; - do - if [[ "$(checkMapEntry "${entry}")" == "true" ]]; then - source="$(getSecondEntry "${entry}")" - target="$(getFirstEntry "${entry}")" - [[ -z "${source}" ]] && warn "source value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue - [[ -z "${target}" ]] && warn "target value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue - invokeCopyFunctions "${mode}" "${source}" "${target}" - else - warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e target=source" - fi - echo ""; - done -} - -invokeMoveFunctions () { - local source="$1" - local target="$2" - local sourceDataDir= - local targetBasename= - # prepend OLD_DATA_DIR only if source is relative path - sourceDataDir=$(prependDir "${source}" "${OLD_DATA_DIR}/${source}") - targetBasename=$(dirname "${target}") - logger "Moving directory source [${sourceDataDir}] to target [${NEW_DATA_DIR}/${target}]" - if [[ "$(checkDirExists "${sourceDataDir}")" != "true" ]]; then - logger "Directory [${sourceDataDir}] not found in path to move" - return - fi - if [[ "$(checkDirExists "${NEW_DATA_DIR}/${targetBasename}")" != "true" ]]; then - createTargetDir "${NEW_DATA_DIR}" "${targetBasename}" - moveCmd "${sourceDataDir}" "${NEW_DATA_DIR}/${target}" - else - moveCmd "${sourceDataDir}" "${NEW_DATA_DIR}/tempDir" - moveCmd "${NEW_DATA_DIR}/tempDir" "${NEW_DATA_DIR}/${target}" - fi -} - -# Move source directory and target directory -moveDirectories () { - local moveDataDirectories= - local map= - local source= - local target= - - retrieveYamlValue "migration.moveDirectories" "moveDirectories" "Skip" - moveDirectories="${YAML_VALUE}" - if [[ -z "${moveDirectories}" ]]; then - return - fi - bannerSection "MOVE DIRECTORIES" - retrieveYamlValue "migration.moveDirectories.map" "map" "Warning" - map="${YAML_VALUE}" - for entry in $map; - do - if [[ "$(checkMapEntry "${entry}")" == "true" ]]; then - source="$(getSecondEntry "${entry}")" - target="$(getFirstEntry "${entry}")" - [[ -z "${source}" ]] && warn "source value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue - [[ -z "${target}" ]] && warn "target value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue - invokeMoveFunctions "${source}" "${target}" - else - warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e target=source" - fi - echo ""; - done -} - -# Trim masterKey if its generated using hex 32 -trimMasterKey () { - local masterKeyDir=/opt/jfrog/artifactory/var/etc/security - local oldMasterKey=$(<${masterKeyDir}/master.key) - local oldMasterKey_Length=$(echo ${#oldMasterKey}) - local newMasterKey= - if [[ ${oldMasterKey_Length} -gt 32 ]]; then - bannerSection "TRIM MASTERKEY" - newMasterKey=$(echo ${oldMasterKey:0:32}) - cp ${masterKeyDir}/master.key ${masterKeyDir}/backup_master.key - logger "Original masterKey is backed up : ${masterKeyDir}/backup_master.key" - rm -rf ${masterKeyDir}/master.key - echo ${newMasterKey} > ${masterKeyDir}/master.key - logger "masterKey is trimmed : ${masterKeyDir}/master.key" - fi -} - -copyDirectories () { - - copyDataDirectories "copyFiles" "full" - copyDataDirectories "copyUniqueFiles" "unique" - copyDataDirectories "copySpecificFiles" "specific" - copyDataDirectories "copyPatternMatchingFiles" "patternFiles" -} - -symlinkDir () { - local source="$1" - local target="$2" - local targetDir= - local basename= - local targetParentDir= - - targetDir="$(dirname "${target}")" - if [[ "${targetDir}" == "${source}" ]]; then - # symlink the sub directories - createDirectory "${NEW_DATA_DIR}/${target}" "Warning" - if [[ "$(checkDirExists "${NEW_DATA_DIR}/${target}")" == "true" ]]; then - symlinkOnExist "${OLD_DATA_DIR}/${source}" "${NEW_DATA_DIR}/${target}" "subDir" - basename="$(basename "${target}")" - cd "${NEW_DATA_DIR}/${target}" && rm -f "${basename}" - fi - else - targetParentDir="$(dirname "${NEW_DATA_DIR}/${target}")" - createDirectory "${targetParentDir}" "Warning" - if [[ "$(checkDirExists "${targetParentDir}")" == "true" ]]; then - symlinkOnExist "${OLD_DATA_DIR}/${source}" "${NEW_DATA_DIR}/${target}" - fi - fi -} - -symlinkOperation () { - local source="$1" - local target="$2" - local check=false - local targetLink= - local date= - - # Check if source is a link and do symlink - if [[ -L "${OLD_DATA_DIR}/${source}" ]]; then - targetLink=$(readlink -f "${OLD_DATA_DIR}/${source}") - symlinkOnExist "${targetLink}" "${NEW_DATA_DIR}/${target}" - else - # check if source is directory and do symlink - if [[ "$(checkDirExists "${OLD_DATA_DIR}/${source}")" != "true" ]]; then - logger "Source [${source}] directory not found in path to symlink" - return - fi - if [[ "$(checkDirContents "${OLD_DATA_DIR}/${source}")" != "true" ]]; then - logger "No contents found in [${OLD_DATA_DIR}/${source}] to symlink" - return - fi - if [[ "$(checkDirExists "${NEW_DATA_DIR}/${target}")" != "true" ]]; then - logger "Target directory [${NEW_DATA_DIR}/${target}] does not exist to create symlink, creating it" - symlinkDir "${source}" "${target}" - else - rm -rf "${NEW_DATA_DIR}/${target}" && check=true || check=false - [[ "${check}" == "false" ]] && warn "Failed to remove contents in [${NEW_DATA_DIR}/${target}/]" - symlinkDir "${source}" "${target}" - fi - fi -} -# Creates a symlink path - Source directory to which the symbolic link should point. -symlinkDirectories () { - local linkFiles= - local map= - local source= - local target= - - retrieveYamlValue "migration.linkFiles" "linkFiles" "Skip" - linkFiles="${YAML_VALUE}" - if [[ -z "${linkFiles}" ]]; then - return - fi - bannerSection "SYMLINK DIRECTORIES" - retrieveYamlValue "migration.linkFiles.map" "map" "Warning" - map="${YAML_VALUE}" - for entry in $map; - do - if [[ "$(checkMapEntry "${entry}")" == "true" ]]; then - source="$(getSecondEntry "${entry}")" - target="$(getFirstEntry "${entry}")" - logger "Symlink directory [${NEW_DATA_DIR}/${target}] to old [${OLD_DATA_DIR}/${source}]" - [[ -z "${source}" ]] && warn "source value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue - [[ -z "${target}" ]] && warn "target value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue - symlinkOperation "${source}" "${target}" - else - warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e target=source" - fi - echo ""; - done -} - -updateConnectionString () { - local yamlPath="$1" - local value="$2" - local mongoPath="shared.mongo.url" - local rabbitmqPath="shared.rabbitMq.url" - local postgresPath="shared.database.url" - local redisPath="shared.redis.connectionString" - local mongoConnectionString="mongo.connectionString" - local sourceKey= - local hostIp=$(io_getPublicHostIP) - local hostKey= - - if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then - # Replace @postgres:,@mongodb:,@rabbitmq:,@redis: to @{hostIp}: (Compose Installer) - hostKey="@${hostIp}:" - case $yamlPath in - ${postgresPath}) - sourceKey="@postgres:" - value=$(io_replaceString "${value}" "${sourceKey}" "${hostKey}") - ;; - ${mongoPath}) - sourceKey="@mongodb:" - value=$(io_replaceString "${value}" "${sourceKey}" "${hostKey}") - ;; - ${rabbitmqPath}) - sourceKey="@rabbitmq:" - value=$(io_replaceString "${value}" "${sourceKey}" "${hostKey}") - ;; - ${redisPath}) - sourceKey="@redis:" - value=$(io_replaceString "${value}" "${sourceKey}" "${hostKey}") - ;; - ${mongoConnectionString}) - sourceKey="@mongodb:" - value=$(io_replaceString "${value}" "${sourceKey}" "${hostKey}") - ;; - esac - fi - echo -n "${value}" -} - -yamlMigrate () { - local entry="$1" - local sourceFile="$2" - local value= - local yamlPath= - local key= - yamlPath="$(getFirstEntry "${entry}")" - key="$(getSecondEntry "${entry}")" - if [[ -z "${key}" ]]; then - warn "key is empty in map [${entry}] in the file [${MIGRATION_SYSTEM_YAML_INFO}]" - return - fi - if [[ -z "${yamlPath}" ]]; then - warn "yamlPath is empty for [${key}] in [${MIGRATION_SYSTEM_YAML_INFO}]" - return - fi - getYamlValue "${key}" "${sourceFile}" "false" - value="${YAML_VALUE}" - if [[ ! -z "${value}" ]]; then - value=$(updateConnectionString "${yamlPath}" "${value}") - fi - if [[ "${PRODUCT}" == "artifactory" ]]; then - replicatorProfiling - fi - if [[ -z "${value}" ]]; then - logger "No value for [${key}] in [${sourceFile}]" - else - setSystemValue "${yamlPath}" "${value}" "${SYSTEM_YAML_PATH}" - logger "Setting [${yamlPath}] with value of the key [${key}] in system.yaml" - fi -} - -migrateYamlFile () { - local files= - local filePath= - local fileName= - local sourceFile= - local map= - retrieveYamlValue "migration.yaml.files" "files" "Skip" - files="${YAML_VALUE}" - if [[ -z "${files}" ]]; then - return - fi - bannerSection "MIGRATION OF YAML FILES" - for file in $files; - do - bannerSubSection "Processing Migration of $file" - retrieveYamlValue "migration.yaml.$file.filePath" "filePath" "Warning" - filePath="${YAML_VALUE}" - retrieveYamlValue "migration.yaml.$file.fileName" "fileName" "Warning" - fileName="${YAML_VALUE}" - [[ -z "${filePath}" && -z "${fileName}" ]] && continue - sourceFile="${NEW_DATA_DIR}/${filePath}/${fileName}" - if [[ "$(checkFileExists "${sourceFile}")" == "true" ]]; then - logger "File [${fileName}] found in path [${NEW_DATA_DIR}/${filePath}]" - retrieveYamlValue "migration.yaml.$file.map" "map" "Warning" - map="${YAML_VALUE}" - [[ -z "${map}" ]] && continue - for entry in $map; - do - if [[ "$(checkMapEntry "${entry}")" == "true" ]]; then - yamlMigrate "${entry}" "${sourceFile}" - else - warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e yamlPath=key" - fi - done - else - logger "File [${fileName}] is not found in path [${NEW_DATA_DIR}/${filePath}] to migrate" - fi - done -} -# updates the key and value in system.yaml -updateYamlKeyValue () { - local entry="$1" - local value= - local yamlPath= - local key= - - yamlPath="$(getFirstEntry "${entry}")" - value="$(getSecondEntry "${entry}")" - if [[ -z "${value}" ]]; then - warn "value is empty in map [${entry}] in the file [${MIGRATION_SYSTEM_YAML_INFO}]" - return - fi - if [[ -z "${yamlPath}" ]]; then - warn "yamlPath is empty for [${key}] in [${MIGRATION_SYSTEM_YAML_INFO}]" - return - fi - setSystemValue "${yamlPath}" "${value}" "${SYSTEM_YAML_PATH}" - logger "Setting [${yamlPath}] with value [${value}] in system.yaml" -} - -updateSystemYamlFile () { - local updateYaml= - local map= - - retrieveYamlValue "migration.updateSystemYaml" "updateYaml" "Skip" - updateSystemYaml="${YAML_VALUE}" - if [[ -z "${updateSystemYaml}" ]]; then - return - fi - bannerSection "UPDATE SYSTEM YAML FILE WITH KEY AND VALUES" - retrieveYamlValue "migration.updateSystemYaml.map" "map" "Warning" - map="${YAML_VALUE}" - if [[ -z "${map}" ]]; then - return - fi - for entry in $map; - do - if [[ "$(checkMapEntry "${entry}")" == "true" ]]; then - updateYamlKeyValue "${entry}" - else - warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e yamlPath=key" - fi - done -} - -backupFiles_hook () { - logSilly "Method ${FUNCNAME[0]}" -} - -backupDirectory () { - local backupDir="$1" - local dir="$2" - local targetDir="$3" - local effectiveUser= - local effectiveGroup= - - if [[ "${dir}" = \/* ]]; then - dir=$(echo "${dir/\//}") - fi - - if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then - effectiveUser="${JF_USER}" - effectiveGroup="${JF_USER}" - elif [[ "${INSTALLER}" == "${DEB_TYPE}" || "${INSTALLER}" == "${RPM_TYPE}" ]]; then - effectiveUser="${USER_TO_CHECK}" - effectiveGroup="${GROUP_TO_CHECK}" - fi - - removeSoftLinkAndCreateDir "${backupDir}" "${effectiveUser}" "${effectiveGroup}" "yes" - local backupDirectory="${backupDir}/${PRODUCT}" - removeSoftLinkAndCreateDir "${backupDirectory}" "${effectiveUser}" "${effectiveGroup}" "yes" - removeSoftLinkAndCreateDir "${backupDirectory}/${dir}" "${effectiveUser}" "${effectiveGroup}" "yes" - local outputCheckDirExists="$(checkDirExists "${backupDirectory}/${dir}")" - if [[ "${outputCheckDirExists}" == "true" ]]; then - copyOnContentExist "${targetDir}" "${backupDirectory}/${dir}" "full" - fi -} - -removeOldDirectory () { - local backupDir="$1" - local entry="$2" - local check=false - - # prepend OLD_DATA_DIR only if entry is relative path - local targetDir="$(prependDir "${entry}" "${OLD_DATA_DIR}/${entry}")" - local outputCheckDirExists="$(checkDirExists "${targetDir}")" - if [[ "${outputCheckDirExists}" != "true" ]]; then - logger "No [${targetDir}] directory found to delete" - echo ""; - return - fi - backupDirectory "${backupDir}" "${entry}" "${targetDir}" - rm -rf "${targetDir}" && check=true || check=false - [[ "${check}" == "true" ]] && logger "Successfully removed directory [${targetDir}]" - [[ "${check}" == "false" ]] && warn "Failed to remove directory [${targetDir}]" - echo ""; -} - -cleanUpOldDataDirectories () { - local cleanUpOldDataDir= - local map= - local entry= - - retrieveYamlValue "migration.cleanUpOldDataDir" "cleanUpOldDataDir" "Skip" - cleanUpOldDataDir="${YAML_VALUE}" - if [[ -z "${cleanUpOldDataDir}" ]]; then - return - fi - bannerSection "CLEAN UP OLD DATA DIRECTORIES" - retrieveYamlValue "migration.cleanUpOldDataDir.map" "map" "Warning" - map="${YAML_VALUE}" - [[ -z "${map}" ]] && continue - date="$(date +%Y%m%d%H%M)" - backupDir="${NEW_DATA_DIR}/backup/backup-${date}" - bannerImportant "****** Old data configurations are backedup in [${backupDir}] directory ******" - backupFiles_hook "${backupDir}/${PRODUCT}" - for entry in $map; - do - removeOldDirectory "${backupDir}" "${entry}" - done -} - -backupFiles () { - local backupDir="$1" - local dir="$2" - local targetDir="$3" - local fileName="$4" - local effectiveUser= - local effectiveGroup= - - if [[ "${dir}" = \/* ]]; then - dir=$(echo "${dir/\//}") - fi - - if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then - effectiveUser="${JF_USER}" - effectiveGroup="${JF_USER}" - elif [[ "${INSTALLER}" == "${DEB_TYPE}" || "${INSTALLER}" == "${RPM_TYPE}" ]]; then - effectiveUser="${USER_TO_CHECK}" - effectiveGroup="${GROUP_TO_CHECK}" - fi - - removeSoftLinkAndCreateDir "${backupDir}" "${effectiveUser}" "${effectiveGroup}" "yes" - local backupDirectory="${backupDir}/${PRODUCT}" - removeSoftLinkAndCreateDir "${backupDirectory}" "${effectiveUser}" "${effectiveGroup}" "yes" - removeSoftLinkAndCreateDir "${backupDirectory}/${dir}" "${effectiveUser}" "${effectiveGroup}" "yes" - local outputCheckDirExists="$(checkDirExists "${backupDirectory}/${dir}")" - if [[ "${outputCheckDirExists}" == "true" ]]; then - copyCmd "${targetDir}/${fileName}" "${backupDirectory}/${dir}" "specific" - fi -} - -removeOldFiles () { - local backupDir="$1" - local directoryName="$2" - local fileName="$3" - local check=false - - # prepend OLD_DATA_DIR only if entry is relative path - local targetDir="$(prependDir "${directoryName}" "${OLD_DATA_DIR}/${directoryName}")" - local outputCheckFileExists="$(checkFileExists "${targetDir}/${fileName}")" - if [[ "${outputCheckFileExists}" != "true" ]]; then - logger "No [${targetDir}/${fileName}] file found to delete" - return - fi - backupFiles "${backupDir}" "${directoryName}" "${targetDir}" "${fileName}" - rm -f "${targetDir}/${fileName}" && check=true || check=false - [[ "${check}" == "true" ]] && logger "Successfully removed file [${targetDir}/${fileName}]" - [[ "${check}" == "false" ]] && warn "Failed to remove file [${targetDir}/${fileName}]" - echo ""; -} - -cleanUpOldFiles () { - local cleanUpFiles= - local map= - local entry= - - retrieveYamlValue "migration.cleanUpOldFiles" "cleanUpOldFiles" "Skip" - cleanUpOldFiles="${YAML_VALUE}" - if [[ -z "${cleanUpOldFiles}" ]]; then - return - fi - bannerSection "CLEAN UP OLD FILES" - retrieveYamlValue "migration.cleanUpOldFiles.map" "map" "Warning" - map="${YAML_VALUE}" - [[ -z "${map}" ]] && continue - date="$(date +%Y%m%d%H%M)" - backupDir="${NEW_DATA_DIR}/backup/backup-${date}" - bannerImportant "****** Old files are backedup in [${backupDir}] directory ******" - for entry in $map; - do - local outputCheckMapEntry="$(checkMapEntry "${entry}")" - if [[ "${outputCheckMapEntry}" != "true" ]]; then - warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e directoryName=fileName" - fi - local fileName="$(getSecondEntry "${entry}")" - local directoryName="$(getFirstEntry "${entry}")" - [[ -z "${fileName}" ]] && warn "File name value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue - [[ -z "${directoryName}" ]] && warn "Directory name value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue - removeOldFiles "${backupDir}" "${directoryName}" "${fileName}" - echo ""; - done -} - -startMigration () { - bannerSection "STARTING MIGRATION" -} - -endMigration () { - bannerSection "MIGRATION COMPLETED SUCCESSFULLY" -} - -initialize () { - setAppDir - _pauseExecution "setAppDir" - initHelpers - _pauseExecution "initHelpers" - checkMigrationInfoYaml - _pauseExecution "checkMigrationInfoYaml" - getProduct - _pauseExecution "getProduct" - getDataDir - _pauseExecution "getDataDir" -} - -main () { - case $PRODUCT in - artifactory) - migrateArtifactory - ;; - distribution) - migrateDistribution - ;; - xray) - migrationXray - ;; - esac - exit 0 -} - -# Ensures meta data is logged -LOG_BEHAVIOR_ADD_META="$FLAG_Y" - - -migrateResolveDerbyPath () { - local key="$1" - local value="$2" - - if [[ "${key}" == "url" && "${value}" == *"db.home"* ]]; then - if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" ]]; then - derbyPath="/opt/jfrog/artifactory/var/data/artifactory/derby" - value=$(echo "${value}" | sed "s|{db.home}|$derbyPath|") - else - derbyPath="${NEW_DATA_DIR}/data/artifactory/derby" - value=$(echo "${value}" | sed "s|{db.home}|$derbyPath|") - fi - fi - echo "${value}" -} - -migrateResolveHaDirPath () { - local key="$1" - local value="$2" - - if [[ "${INSTALLER}" == "${RPM_TYPE}" || "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" || "${INSTALLER}" == "${DEB_TYPE}" ]]; then - if [[ "${key}" == "artifactory.ha.data.dir" || "${key}" == "artifactory.ha.backup.dir" ]]; then - value=$(checkPathResolver "${value}") - fi - fi - echo "${value}" -} -updatePostgresUrlString_Hook () { - local yamlPath="$1" - local value="$2" - local hostIp=$(io_getPublicHostIP) - local sourceKey="//postgresql:" - if [[ "${yamlPath}" == "shared.database.url" ]]; then - value=$(io_replaceString "${value}" "${sourceKey}" "//${hostIp}:" "#") - fi - echo "${value}" -} -# Check Artifactory product version -checkArtifactoryVersion () { - local minProductVersion="6.0.0" - local maxProductVersion="7.0.0" - local propertyInDocker="ARTIFACTORY_VERSION" - local property="artifactory.version" - - if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" ]]; then - local newfilePath="${APP_DIR}/../.env" - local oldfilePath="${OLD_DATA_DIR}/etc/artifactory.properties" - elif [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then - local oldfilePath="${OLD_DATA_DIR}/etc/artifactory.properties" - elif [[ "${INSTALLER}" == "${ZIP_TYPE}" ]]; then - local newfilePath="${NEW_DATA_DIR}/etc/artifactory/artifactory.properties" - local oldfilePath="${OLD_DATA_DIR}/etc/artifactory.properties" - else - local newfilePath="${NEW_DATA_DIR}/etc/artifactory/artifactory.properties" - local oldfilePath="/etc/opt/jfrog/artifactory/artifactory.properties" - fi - - getProductVersion "${minProductVersion}" "${maxProductVersion}" "${newfilePath}" "${oldfilePath}" "${propertyInDocker}" "${property}" -} - -getCustomDataDir_hook () { - retrieveYamlValue "migration.oldDataDir" "oldDataDir" "Fail" - OLD_DATA_DIR="${YAML_VALUE}" -} - -# Get protocol value of connector -getXmlConnectorProtocol () { - local i="$1" - local filePath="$2" - local fileName="$3" - local protocolValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@protocol' ${filePath}/${fileName} 2>/dev/null |awk -F"=" '{print $2}' | tr -d '"') - echo -e "${protocolValue}" -} - -# Get all attributes of connector -getXmlConnectorAttributes () { - local i="$1" - local filePath="$2" - local fileName="$3" - local connectorAttributes=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@*' ${filePath}/${fileName} 2>/dev/null) - # strip leading and trailing spaces - connectorAttributes=$(io_trim "${connectorAttributes}") - echo "${connectorAttributes}" -} - -# Get port value of connector -getXmlConnectorPort () { - local i="$1" - local filePath="$2" - local fileName="$3" - local portValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@port' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') - echo -e "${portValue}" -} - -# Get maxThreads value of connector -getXmlConnectorMaxThreads () { - local i="$1" - local filePath="$2" - local fileName="$3" - local maxThreadValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@maxThreads' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') - echo -e "${maxThreadValue}" -} -# Get sendReasonPhrase value of connector -getXmlConnectorSendReasonPhrase () { - local i="$1" - local filePath="$2" - local fileName="$3" - local sendReasonPhraseValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@sendReasonPhrase' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') - echo -e "${sendReasonPhraseValue}" -} -# Get relaxedPathChars value of connector -getXmlConnectorRelaxedPathChars () { - local i="$1" - local filePath="$2" - local fileName="$3" - local relaxedPathCharsValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@relaxedPathChars' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') - # strip leading and trailing spaces - relaxedPathCharsValue=$(io_trim "${relaxedPathCharsValue}") - echo -e "${relaxedPathCharsValue}" -} -# Get relaxedQueryChars value of connector -getXmlConnectorRelaxedQueryChars () { - local i="$1" - local filePath="$2" - local fileName="$3" - local relaxedQueryCharsValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@relaxedQueryChars' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') - # strip leading and trailing spaces - relaxedQueryCharsValue=$(io_trim "${relaxedQueryCharsValue}") - echo -e "${relaxedQueryCharsValue}" -} - -# Updating system.yaml with Connector port -setConnectorPort () { - local yamlPath="$1" - local valuePort="$2" - local portYamlPath= - if [[ -z "${yamlPath}" ]]; then - return - fi - if [[ -z "${valuePort}" ]]; then - warn "port value is empty, could not migrate to system.yaml" - return - fi - ## Getting port yaml path from migration info yaml - retrieveYamlValue "${yamlPath}" portYamlPath "Warning" - portYamlPath="${YAML_VALUE}" - if [[ -z "${portYamlPath}" ]]; then - return - fi - setSystemValue "${portYamlPath}" "${valuePort}" "${SYSTEM_YAML_PATH}" - logger "Setting [${portYamlPath}] with value [${valuePort}] in system.yaml" -} - -# Updating system.yaml with Connector maxThreads -setConnectorMaxThread () { - local yamlPath="$1" - local threadValue="$2" - local maxThreadYamlPath= - if [[ -z "${yamlPath}" ]]; then - return - fi - if [[ -z "${threadValue}" ]]; then - return - fi - ## Getting max Threads yaml path from migration info yaml - retrieveYamlValue "${yamlPath}" maxThreadYamlPath "Warning" - maxThreadYamlPath="${YAML_VALUE}" - if [[ -z "${maxThreadYamlPath}" ]]; then - return - fi - setSystemValue "${maxThreadYamlPath}" "${threadValue}" "${SYSTEM_YAML_PATH}" - logger "Setting [${maxThreadYamlPath}] with value [${threadValue}] in system.yaml" -} - -# Updating system.yaml with Connector sendReasonPhrase -setConnectorSendReasonPhrase () { - local yamlPath="$1" - local sendReasonPhraseValue="$2" - local sendReasonPhraseYamlPath= - if [[ -z "${yamlPath}" ]]; then - return - fi - if [[ -z "${sendReasonPhraseValue}" ]]; then - return - fi - ## Getting sendReasonPhrase yaml path from migration info yaml - retrieveYamlValue "${yamlPath}" sendReasonPhraseYamlPath "Warning" - sendReasonPhraseYamlPath="${YAML_VALUE}" - if [[ -z "${sendReasonPhraseYamlPath}" ]]; then - return - fi - setSystemValue "${sendReasonPhraseYamlPath}" "${sendReasonPhraseValue}" "${SYSTEM_YAML_PATH}" - logger "Setting [${sendReasonPhraseYamlPath}] with value [${sendReasonPhraseValue}] in system.yaml" -} - -# Updating system.yaml with Connector relaxedPathChars -setConnectorRelaxedPathChars () { - local yamlPath="$1" - local relaxedPathCharsValue="$2" - local relaxedPathCharsYamlPath= - if [[ -z "${yamlPath}" ]]; then - return - fi - if [[ -z "${relaxedPathCharsValue}" ]]; then - return - fi - ## Getting relaxedPathChars yaml path from migration info yaml - retrieveYamlValue "${yamlPath}" relaxedPathCharsYamlPath "Warning" - relaxedPathCharsYamlPath="${YAML_VALUE}" - if [[ -z "${relaxedPathCharsYamlPath}" ]]; then - return - fi - setSystemValue "${relaxedPathCharsYamlPath}" "${relaxedPathCharsValue}" "${SYSTEM_YAML_PATH}" - logger "Setting [${relaxedPathCharsYamlPath}] with value [${relaxedPathCharsValue}] in system.yaml" -} - -# Updating system.yaml with Connector relaxedQueryChars -setConnectorRelaxedQueryChars () { - local yamlPath="$1" - local relaxedQueryCharsValue="$2" - local relaxedQueryCharsYamlPath= - if [[ -z "${yamlPath}" ]]; then - return - fi - if [[ -z "${relaxedQueryCharsValue}" ]]; then - return - fi - ## Getting relaxedQueryChars yaml path from migration info yaml - retrieveYamlValue "${yamlPath}" relaxedQueryCharsYamlPath "Warning" - relaxedQueryCharsYamlPath="${YAML_VALUE}" - if [[ -z "${relaxedQueryCharsYamlPath}" ]]; then - return - fi - setSystemValue "${relaxedQueryCharsYamlPath}" "${relaxedQueryCharsValue}" "${SYSTEM_YAML_PATH}" - logger "Setting [${relaxedQueryCharsYamlPath}] with value [${relaxedQueryCharsValue}] in system.yaml" -} - -# Updating system.yaml with Connectors configurations -setConnectorExtraConfig () { - local yamlPath="$1" - local connectorAttributes="$2" - local extraConfigPath= - if [[ -z "${yamlPath}" ]]; then - return - fi - if [[ -z "${connectorAttributes}" ]]; then - return - fi - ## Getting extraConfig yaml path from migration info yaml - retrieveYamlValue "${yamlPath}" extraConfig "Warning" - extraConfigPath="${YAML_VALUE}" - if [[ -z "${extraConfigPath}" ]]; then - return - fi - # strip leading and trailing spaces - connectorAttributes=$(io_trim "${connectorAttributes}") - setSystemValue "${extraConfigPath}" "${connectorAttributes}" "${SYSTEM_YAML_PATH}" - logger "Setting [${extraConfigPath}] with connector attributes in system.yaml" -} - -# Updating system.yaml with extra Connectors -setExtraConnector () { - local yamlPath="$1" - local extraConnector="$2" - local extraConnectorYamlPath= - if [[ -z "${yamlPath}" ]]; then - return - fi - if [[ -z "${extraConnector}" ]]; then - return - fi - ## Getting extraConnecotr yaml path from migration info yaml - retrieveYamlValue "${yamlPath}" extraConnectorYamlPath "Warning" - extraConnectorYamlPath="${YAML_VALUE}" - if [[ -z "${extraConnectorYamlPath}" ]]; then - return - fi - getYamlValue "${extraConnectorYamlPath}" "${SYSTEM_YAML_PATH}" "false" - local connectorExtra="${YAML_VALUE}" - if [[ -z "${connectorExtra}" ]]; then - setSystemValue "${extraConnectorYamlPath}" "${extraConnector}" "${SYSTEM_YAML_PATH}" - logger "Setting [${extraConnectorYamlPath}] with extra connectors in system.yaml" - else - setSystemValue "${extraConnectorYamlPath}" "\"${connectorExtra} ${extraConnector}\"" "${SYSTEM_YAML_PATH}" - logger "Setting [${extraConnectorYamlPath}] with extra connectors in system.yaml" - fi -} - -# Migrate extra connectors to system.yaml -migrateExtraConnectors () { - local filePath="$1" - local fileName="$2" - local connectorCount="$3" - local excludeDefaultPort="$4" - local i="$5" - local extraConfig= - local extraConnector= - if [[ "${excludeDefaultPort}" == "yes" ]]; then - for ((i = 1 ; i <= "${connectorCount}" ; i++)); - do - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - [[ "${portValue}" != "${DEFAULT_ACCESS_PORT}" && "${portValue}" != "${DEFAULT_RT_PORT}" ]] || continue - extraConnector=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']' ${filePath}/${fileName} 2>/dev/null) - setExtraConnector "${EXTRA_CONFIG_YAMLPATH}" "${extraConnector}" - done - else - extraConnector=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']' ${filePath}/${fileName} 2>/dev/null) - setExtraConnector "${EXTRA_CONFIG_YAMLPATH}" "${extraConnector}" - fi -} - -# Migrate connector configurations -migrateConnectorConfig () { - local i="$1" - local protocolType="$2" - local portValue="$3" - local connectorPortYamlPath="$4" - local connectorMaxThreadYamlPath="$5" - local connectorAttributesYamlPath="$6" - local filePath="$7" - local fileName="$8" - local connectorSendReasonPhraseYamlPath="$9" - local connectorRelaxedPathCharsYamlPath="${10}" - local connectorRelaxedQueryCharsYamlPath="${11}" - - # migrate port - setConnectorPort "${connectorPortYamlPath}" "${portValue}" - - # migrate maxThreads - local maxThreadValue=$(getXmlConnectorMaxThreads "$i" "${filePath}" "${fileName}") - setConnectorMaxThread "${connectorMaxThreadYamlPath}" "${maxThreadValue}" - - # migrate sendReasonPhrase - local sendReasonPhraseValue=$(getXmlConnectorSendReasonPhrase "$i" "${filePath}" "${fileName}") - setConnectorSendReasonPhrase "${connectorSendReasonPhraseYamlPath}" "${sendReasonPhraseValue}" - - # migrate relaxedPathChars - local relaxedPathCharsValue=$(getXmlConnectorRelaxedPathChars "$i" "${filePath}" "${fileName}") - setConnectorRelaxedPathChars "${connectorRelaxedPathCharsYamlPath}" "\"${relaxedPathCharsValue}\"" - # migrate relaxedQueryChars - local relaxedQueryCharsValue=$(getXmlConnectorRelaxedQueryChars "$i" "${filePath}" "${fileName}") - setConnectorRelaxedQueryChars "${connectorRelaxedQueryCharsYamlPath}" "\"${relaxedQueryCharsValue}\"" - - # migrate all attributes to extra config except port , maxThread , sendReasonPhrase ,relaxedPathChars and relaxedQueryChars - local connectorAttributes=$(getXmlConnectorAttributes "$i" "${filePath}" "${fileName}") - connectorAttributes=$(echo "${connectorAttributes}" | sed 's/port="'${portValue}'"//g' | sed 's/maxThreads="'${maxThreadValue}'"//g' | sed 's/sendReasonPhrase="'${sendReasonPhraseValue}'"//g' | sed 's/relaxedPathChars="\'${relaxedPathCharsValue}'\"//g' | sed 's/relaxedQueryChars="\'${relaxedQueryCharsValue}'\"//g') - # strip leading and trailing spaces - connectorAttributes=$(io_trim "${connectorAttributes}") - setConnectorExtraConfig "${connectorAttributesYamlPath}" "${connectorAttributes}" -} - -# Check for default port 8040 and 8081 in connectors and migrate -migrateConnectorPort () { - local filePath="$1" - local fileName="$2" - local connectorCount="$3" - local defaultPort="$4" - local connectorPortYamlPath="$5" - local connectorMaxThreadYamlPath="$6" - local connectorAttributesYamlPath="$7" - local connectorSendReasonPhraseYamlPath="$8" - local connectorRelaxedPathCharsYamlPath="$9" - local connectorRelaxedQueryCharsYamlPath="${10}" - local portYamlPath= - local maxThreadYamlPath= - local status= - for ((i = 1 ; i <= "${connectorCount}" ; i++)); - do - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - local protocolType=$(getXmlConnectorProtocol "$i" "${filePath}" "${fileName}") - [[ "${protocolType}" == *AJP* ]] && continue - [[ "${portValue}" != "${defaultPort}" ]] && continue - if [[ "${portValue}" == "${DEFAULT_RT_PORT}" ]]; then - RT_DEFAULTPORT_STATUS=success - else - AC_DEFAULTPORT_STATUS=success - fi - migrateConnectorConfig "${i}" "${protocolType}" "${portValue}" "${connectorPortYamlPath}" "${connectorMaxThreadYamlPath}" "${connectorAttributesYamlPath}" "${filePath}" "${fileName}" "${connectorSendReasonPhraseYamlPath}" "${connectorRelaxedPathCharsYamlPath}" "${connectorRelaxedQueryCharsYamlPath}" - done -} - -# migrate to extra, connector having default port and protocol is AJP -migrateDefaultPortIfAjp () { - local filePath="$1" - local fileName="$2" - local connectorCount="$3" - local defaultPort="$4" - - for ((i = 1 ; i <= "${connectorCount}" ; i++)); - do - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - local protocolType=$(getXmlConnectorProtocol "$i" "${filePath}" "${fileName}") - [[ "${protocolType}" != *AJP* ]] && continue - [[ "${portValue}" != "${defaultPort}" ]] && continue - migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "no" "${i}" - done - -} - -# Comparing max threads in connectors -compareMaxThreads () { - local firstConnectorMaxThread="$1" - local firstConnectorNode="$2" - local secondConnectorMaxThread="$3" - local secondConnectorNode="$4" - local filePath="$5" - local fileName="$6" - - # choose higher maxThreads connector as Artifactory. - if [[ "${firstConnectorMaxThread}" -gt ${secondConnectorMaxThread} || "${firstConnectorMaxThread}" -eq ${secondConnectorMaxThread} ]]; then - # maxThread is higher in firstConnector, - # Taking firstConnector as Artifactory and SecondConnector as Access - # maxThread is equal in both connector,considering firstConnector as Artifactory and SecondConnector as Access - local rtPortValue=$(getXmlConnectorPort "${firstConnectorNode}" "${filePath}" "${fileName}") - migrateConnectorConfig "${firstConnectorNode}" "${protocolType}" "${rtPortValue}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" - local acPortValue=$(getXmlConnectorPort "${secondConnectorNode}" "${filePath}" "${fileName}") - migrateConnectorConfig "${secondConnectorNode}" "${protocolType}" "${acPortValue}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${AC_SENDREASONPHRASE_YAMLPATH}" - else - # maxThread is higher in SecondConnector, - # Taking SecondConnector as Artifactory and firstConnector as Access - local rtPortValue=$(getXmlConnectorPort "${secondConnectorNode}" "${filePath}" "${fileName}") - migrateConnectorConfig "${secondConnectorNode}" "${protocolType}" "${rtPortValue}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" - local acPortValue=$(getXmlConnectorPort "${firstConnectorNode}" "${filePath}" "${fileName}") - migrateConnectorConfig "${firstConnectorNode}" "${protocolType}" "${acPortValue}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${AC_SENDREASONPHRASE_YAMLPATH}" - fi -} - -# Check max threads exist to compare -maxThreadsExistToCompare () { - local filePath="$1" - local fileName="$2" - local connectorCount="$3" - local firstConnectorMaxThread= - local secondConnectorMaxThread= - local firstConnectorNode= - local secondConnectorNode= - local status=success - local firstnode=fail - - for ((i = 1 ; i <= "${connectorCount}" ; i++)); - do - local protocolType=$(getXmlConnectorProtocol "$i" "${filePath}" "${fileName}") - if [[ ${protocolType} == *AJP* ]]; then - # Migrate Connectors - migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "no" "${i}" - continue - fi - # store maxthreads value of each connector - if [[ ${firstnode} == "fail" ]]; then - firstConnectorMaxThread=$(getXmlConnectorMaxThreads "${i}" "${filePath}" "${fileName}") - firstConnectorNode="${i}" - firstnode=success - else - secondConnectorMaxThread=$(getXmlConnectorMaxThreads "${i}" "${filePath}" "${fileName}") - secondConnectorNode="${i}" - fi - done - [[ -z "${firstConnectorMaxThread}" ]] && status=fail - [[ -z "${secondConnectorMaxThread}" ]] && status=fail - # maxThreads is set, now compare MaxThreads - if [[ "${status}" == "success" ]]; then - compareMaxThreads "${firstConnectorMaxThread}" "${firstConnectorNode}" "${secondConnectorMaxThread}" "${secondConnectorNode}" "${filePath}" "${fileName}" - else - # Assume first connector is RT, maxThreads is not set in both connectors - local rtPortValue=$(getXmlConnectorPort "${firstConnectorNode}" "${filePath}" "${fileName}") - migrateConnectorConfig "${firstConnectorNode}" "${protocolType}" "${rtPortValue}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" - local acPortValue=$(getXmlConnectorPort "${secondConnectorNode}" "${filePath}" "${fileName}") - migrateConnectorConfig "${secondConnectorNode}" "${protocolType}" "${acPortValue}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${AC_SENDREASONPHRASE_YAMLPATH}" - fi -} - -migrateExtraBasedOnNonAjpCount () { - local nonAjpCount="$1" - local filePath="$2" - local fileName="$3" - local connectorCount="$4" - local i="$5" - - local protocolType=$(getXmlConnectorProtocol "$i" "${filePath}" "${fileName}") - if [[ "${protocolType}" == *AJP* ]]; then - if [[ "${nonAjpCount}" -eq 1 ]]; then - # migrateExtraConnectors - migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "no" "${i}" - continue - else - # migrateExtraConnectors - migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "yes" - continue - fi - fi -} - -# find RT and AC Connector -findRtAndAcConnector () { - local filePath="$1" - local fileName="$2" - local connectorCount="$3" - local initialAjpCount=0 - local nonAjpCount=0 - - # get the count of non AJP - for ((i = 1 ; i <= "${connectorCount}" ; i++)); - do - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - local protocolType=$(getXmlConnectorProtocol "$i" "${filePath}" "${fileName}") - [[ "${protocolType}" != *AJP* ]] || continue - nonAjpCount=$((initialAjpCount+1)) - initialAjpCount="${nonAjpCount}" - done - if [[ "${nonAjpCount}" -eq 1 ]]; then - # Add the connector found as access and artifactory connectors - # Mark port as 8040 for access - for ((i = 1 ; i <= "${connectorCount}" ; i++)) - do - migrateExtraBasedOnNonAjpCount "${nonAjpCount}" "${filePath}" "${fileName}" "${connectorCount}" "$i" - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - migrateConnectorConfig "$i" "${protocolType}" "${portValue}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" - migrateConnectorConfig "$i" "${protocolType}" "${portValue}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${AC_SENDREASONPHRASE_YAMLPATH}" - setConnectorPort "${AC_PORT_YAMLPATH}" "${DEFAULT_ACCESS_PORT}" - done - elif [[ "${nonAjpCount}" -eq 2 ]]; then - # compare maxThreads in both connectors - maxThreadsExistToCompare "${filePath}" "${fileName}" "${connectorCount}" - elif [[ "${nonAjpCount}" -gt 2 ]]; then - # migrateExtraConnectors - migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "yes" - elif [[ "${nonAjpCount}" -eq 0 ]]; then - # setting with default port in system.yaml - setConnectorPort "${RT_PORT_YAMLPATH}" "${DEFAULT_RT_PORT}" - setConnectorPort "${AC_PORT_YAMLPATH}" "${DEFAULT_ACCESS_PORT}" - # migrateExtraConnectors - migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "yes" - fi -} - -# get the count of non AJP -getCountOfNonAjp () { - local port="$1" - local connectorCount="$2" - local filePath=$3 - local fileName=$4 - local initialNonAjpCount=0 - - for ((i = 1 ; i <= "${connectorCount}" ; i++)); - do - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - local protocolType=$(getXmlConnectorProtocol "$i" "${filePath}" "${fileName}") - [[ "${portValue}" != "${port}" ]] || continue - [[ "${protocolType}" != *AJP* ]] || continue - local nonAjpCount=$((initialNonAjpCount+1)) - initialNonAjpCount="${nonAjpCount}" - done - echo -e "${nonAjpCount}" -} - -# Find for access connector -findAcConnector () { - local filePath="$1" - local fileName="$2" - local connectorCount="$3" - - # get the count of non AJP - local nonAjpCount=$(getCountOfNonAjp "${DEFAULT_RT_PORT}" "${connectorCount}" "${filePath}" "${fileName}") - if [[ "${nonAjpCount}" -eq 1 ]]; then - # Add the connector found as access connector and mark port as that of connector - for ((i = 1 ; i <= "${connectorCount}" ; i++)) - do - migrateExtraBasedOnNonAjpCount "${nonAjpCount}" "${filePath}" "${fileName}" "${connectorCount}" "$i" - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - if [[ "${portValue}" != "${DEFAULT_RT_PORT}" ]]; then - migrateConnectorConfig "$i" "${protocolType}" "${portValue}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${AC_SENDREASONPHRASE_YAMLPATH}" - fi - done - elif [[ "${nonAjpCount}" -gt 1 ]]; then - # Take RT properties into access with 8040 - for ((i = 1 ; i <= "${connectorCount}" ; i++)) - do - migrateExtraBasedOnNonAjpCount "${nonAjpCount}" "${filePath}" "${fileName}" "${connectorCount}" "$i" - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - if [[ "${portValue}" == "${DEFAULT_RT_PORT}" ]]; then - migrateConnectorConfig "$i" "${protocolType}" "${portValue}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${AC_SENDREASONPHRASE_YAMLPATH}" - setConnectorPort "${AC_PORT_YAMLPATH}" "${DEFAULT_ACCESS_PORT}" - fi - done - elif [[ "${nonAjpCount}" -eq 0 ]]; then - # Add RT connector details as access connector and mark port as 8040 - migrateConnectorPort "${filePath}" "${fileName}" "${connectorCount}" "${DEFAULT_RT_PORT}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${AC_SENDREASONPHRASE_YAMLPATH}" - setConnectorPort "${AC_PORT_YAMLPATH}" "${DEFAULT_ACCESS_PORT}" - # migrateExtraConnectors - migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "yes" - fi -} - -# Find for artifactory connector -findRtConnector () { - local filePath="$1" - local fileName="$2" - local connectorCount="$3" - - # get the count of non AJP - local nonAjpCount=$(getCountOfNonAjp "${DEFAULT_ACCESS_PORT}" "${connectorCount}" "${filePath}" "${fileName}") - if [[ "${nonAjpCount}" -eq 1 ]]; then - # Add the connector found as RT connector - for ((i = 1 ; i <= "${connectorCount}" ; i++)) - do - migrateExtraBasedOnNonAjpCount "${nonAjpCount}" "${filePath}" "${fileName}" "${connectorCount}" "$i" - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - if [[ "${portValue}" != "${DEFAULT_ACCESS_PORT}" ]]; then - migrateConnectorConfig "$i" "${protocolType}" "${portValue}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" - fi - done - elif [[ "${nonAjpCount}" -gt 1 ]]; then - # Take access properties into artifactory with 8081 - for ((i = 1 ; i <= "${connectorCount}" ; i++)) - do - migrateExtraBasedOnNonAjpCount "${nonAjpCount}" "${filePath}" "${fileName}" "${connectorCount}" "$i" - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - if [[ "${portValue}" == "${DEFAULT_ACCESS_PORT}" ]]; then - migrateConnectorConfig "$i" "${protocolType}" "${portValue}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" - setConnectorPort "${RT_PORT_YAMLPATH}" "${DEFAULT_RT_PORT}" - fi - done - elif [[ "${nonAjpCount}" -eq 0 ]]; then - # Add access connector details as RT connector and mark as ${DEFAULT_RT_PORT} - migrateConnectorPort "${filePath}" "${fileName}" "${connectorCount}" "${DEFAULT_ACCESS_PORT}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" - setConnectorPort "${RT_PORT_YAMLPATH}" "${DEFAULT_RT_PORT}" - # migrateExtraConnectors - migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "yes" - fi -} - -checkForTlsConnector () { - local filePath="$1" - local fileName="$2" - local connectorCount="$3" - for ((i = 1 ; i <= "${connectorCount}" ; i++)) - do - local sslProtocolValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@sslProtocol' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') - if [[ "${sslProtocolValue}" == "TLS" ]]; then - bannerImportant "NOTE: Ignoring TLS connector during migration, modify the system yaml to enable TLS. Original server.xml is saved in path [${filePath}/${fileName}]" - TLS_CONNECTOR_EXISTS=${FLAG_Y} - continue - fi - done -} - -# set custom tomcat server Listeners to system.yaml -setListenerConnector () { - local filePath="$1" - local fileName="$2" - local listenerCount="$3" - for ((i = 1 ; i <= "${listenerCount}" ; i++)) - do - local listenerConnector=$($LIBXML2_PATH --xpath '//Server/Listener['$i']' ${filePath}/${fileName} 2>/dev/null) - local listenerClassName=$($LIBXML2_PATH --xpath '//Server/Listener['$i']/@className' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') - if [[ "${listenerClassName}" == *Apr* ]]; then - setExtraConnector "${EXTRA_LISTENER_CONFIG_YAMLPATH}" "${listenerConnector}" - fi - done -} -# add custom tomcat server Listeners -addTomcatServerListeners () { - local filePath="$1" - local fileName="$2" - local listenerCount="$3" - if [[ "${listenerCount}" == "0" ]]; then - logger "No listener connectors found in the [${filePath}/${fileName}],skipping migration of listener connectors" - else - setListenerConnector "${filePath}" "${fileName}" "${listenerCount}" - setSystemValue "${RT_TOMCAT_HTTPSCONNECTOR_ENABLED}" "true" "${SYSTEM_YAML_PATH}" - logger "Setting [${RT_TOMCAT_HTTPSCONNECTOR_ENABLED}] with value [true] in system.yaml" - fi -} - -# server.xml migration operations -xmlMigrateOperation () { - local filePath="$1" - local fileName="$2" - local connectorCount="$3" - local listenerCount="$4" - RT_DEFAULTPORT_STATUS=fail - AC_DEFAULTPORT_STATUS=fail - TLS_CONNECTOR_EXISTS=${FLAG_N} - - # Check for connector with TLS , if found ignore migrating it - checkForTlsConnector "${filePath}" "${fileName}" "${connectorCount}" - if [[ "${TLS_CONNECTOR_EXISTS}" == "${FLAG_Y}" ]]; then - return - fi - addTomcatServerListeners "${filePath}" "${fileName}" "${listenerCount}" - # Migrate RT default port from connectors - migrateConnectorPort "${filePath}" "${fileName}" "${connectorCount}" "${DEFAULT_RT_PORT}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" - # Migrate to extra if RT default ports are AJP - migrateDefaultPortIfAjp "${filePath}" "${fileName}" "${connectorCount}" "${DEFAULT_RT_PORT}" - # Migrate AC default port from connectors - migrateConnectorPort "${filePath}" "${fileName}" "${connectorCount}" "${DEFAULT_ACCESS_PORT}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${AC_SENDREASONPHRASE_YAMLPATH}" - # Migrate to extra if access default ports are AJP - migrateDefaultPortIfAjp "${filePath}" "${fileName}" "${connectorCount}" "${DEFAULT_ACCESS_PORT}" - - if [[ "${AC_DEFAULTPORT_STATUS}" == "success" && "${RT_DEFAULTPORT_STATUS}" == "success" ]]; then - # RT and AC default port found - logger "Artifactory 8081 and Access 8040 default port are found" - migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "yes" - elif [[ "${AC_DEFAULTPORT_STATUS}" == "success" && "${RT_DEFAULTPORT_STATUS}" == "fail" ]]; then - # Only AC default port found,find RT connector - logger "Found Access default 8040 port" - findRtConnector "${filePath}" "${fileName}" "${connectorCount}" - elif [[ "${AC_DEFAULTPORT_STATUS}" == "fail" && "${RT_DEFAULTPORT_STATUS}" == "success" ]]; then - # Only RT default port found,find AC connector - logger "Found Artifactory default 8081 port" - findAcConnector "${filePath}" "${fileName}" "${connectorCount}" - elif [[ "${AC_DEFAULTPORT_STATUS}" == "fail" && "${RT_DEFAULTPORT_STATUS}" == "fail" ]]; then - # RT and AC default port not found, find connector - logger "Artifactory 8081 and Access 8040 default port are not found" - findRtAndAcConnector "${filePath}" "${fileName}" "${connectorCount}" - fi -} - -# get count of connectors -getXmlConnectorCount () { - local filePath="$1" - local fileName="$2" - local count=$($LIBXML2_PATH --xpath 'count(/Server/Service/Connector)' ${filePath}/${fileName}) - echo -e "${count}" -} - -# get count of listener connectors -getTomcatServerListenersCount () { - local filePath="$1" - local fileName="$2" - local count=$($LIBXML2_PATH --xpath 'count(/Server/Listener)' ${filePath}/${fileName}) - echo -e "${count}" -} - -# Migrate server.xml configuration to system.yaml -migrateXmlFile () { - local xmlFiles= - local fileName= - local filePath= - local sourceFilePath= - DEFAULT_ACCESS_PORT="8040" - DEFAULT_RT_PORT="8081" - AC_PORT_YAMLPATH="migration.xmlFiles.serverXml.access.port" - AC_MAXTHREADS_YAMLPATH="migration.xmlFiles.serverXml.access.maxThreads" - AC_SENDREASONPHRASE_YAMLPATH="migration.xmlFiles.serverXml.access.sendReasonPhrase" - AC_EXTRACONFIG_YAMLPATH="migration.xmlFiles.serverXml.access.extraConfig" - RT_PORT_YAMLPATH="migration.xmlFiles.serverXml.artifactory.port" - RT_MAXTHREADS_YAMLPATH="migration.xmlFiles.serverXml.artifactory.maxThreads" - RT_SENDREASONPHRASE_YAMLPATH='migration.xmlFiles.serverXml.artifactory.sendReasonPhrase' - RT_RELAXEDPATHCHARS_YAMLPATH='migration.xmlFiles.serverXml.artifactory.relaxedPathChars' - RT_RELAXEDQUERYCHARS_YAMLPATH='migration.xmlFiles.serverXml.artifactory.relaxedQueryChars' - RT_EXTRACONFIG_YAMLPATH="migration.xmlFiles.serverXml.artifactory.extraConfig" - ROUTER_PORT_YAMLPATH="migration.xmlFiles.serverXml.router.port" - EXTRA_CONFIG_YAMLPATH="migration.xmlFiles.serverXml.extra.config" - EXTRA_LISTENER_CONFIG_YAMLPATH="migration.xmlFiles.serverXml.extra.listener" - RT_TOMCAT_HTTPSCONNECTOR_ENABLED="artifactory.tomcat.httpsConnector.enabled" - - retrieveYamlValue "migration.xmlFiles" "xmlFiles" "Skip" - xmlFiles="${YAML_VALUE}" - if [[ -z "${xmlFiles}" ]]; then - return - fi - bannerSection "PROCESSING MIGRATION OF XML FILES" - retrieveYamlValue "migration.xmlFiles.serverXml.fileName" "fileName" "Warning" - fileName="${YAML_VALUE}" - if [[ -z "${fileName}" ]]; then - return - fi - bannerSubSection "Processing Migration of $fileName" - retrieveYamlValue "migration.xmlFiles.serverXml.filePath" "filePath" "Warning" - filePath="${YAML_VALUE}" - if [[ -z "${filePath}" ]]; then - return - fi - # prepend NEW_DATA_DIR only if filePath is relative path - sourceFilePath=$(prependDir "${filePath}" "${NEW_DATA_DIR}/${filePath}") - if [[ "$(checkFileExists "${sourceFilePath}/${fileName}")" == "true" ]]; then - logger "File [${fileName}] is found in path [${sourceFilePath}]" - local connectorCount=$(getXmlConnectorCount "${sourceFilePath}" "${fileName}") - if [[ "${connectorCount}" == "0" ]]; then - logger "No connectors found in the [${filePath}/${fileName}],skipping migration of xml configuration" - return - fi - local listenerCount=$(getTomcatServerListenersCount "${sourceFilePath}" "${fileName}") - xmlMigrateOperation "${sourceFilePath}" "${fileName}" "${connectorCount}" "${listenerCount}" - else - logger "File [${fileName}] is not found in path [${sourceFilePath}] to migrate" - fi -} - -compareArtifactoryUser () { - local property="$1" - local oldPropertyValue="$2" - local newPropertyValue="$3" - local yamlPath="$4" - local sourceFile="$5" - - if [[ "${oldPropertyValue}" != "${newPropertyValue}" ]]; then - setSystemValue "${yamlPath}" "${oldPropertyValue}" "${SYSTEM_YAML_PATH}" - logger "Setting [${yamlPath}] with value of the property [${property}] in system.yaml" - else - logger "No change in property [${property}] value in [${sourceFile}] to migrate" - fi -} - -migrateReplicator () { - local property="$1" - local oldPropertyValue="$2" - local yamlPath="$3" - - setSystemValue "${yamlPath}" "${oldPropertyValue}" "${SYSTEM_YAML_PATH}" - logger "Setting [${yamlPath}] with value of the property [${property}] in system.yaml" -} - -compareJavaOptions () { - local property="$1" - local oldPropertyValue="$2" - local newPropertyValue="$3" - local yamlPath="$4" - local sourceFile="$5" - local oldJavaOption= - local newJavaOption= - local extraJavaOption= - local check=false - local success=true - local status=true - - oldJavaOption=$(echo "${oldPropertyValue}" | awk 'BEGIN{FS=OFS="\""}{for(i=2;i?{ZA$HxqETC|*rM91T19KmqNu$$X|1YRlo%n3 zS`n+nc3z*~_xy3L^Y8id#FfkCeV+S%@Acg4xkVZ1J*K8)r38UM)S4Qqh9D5w3xgb8WhxZ$y7!lHJ>wj;~wuKHH9WHeEq3jp9ZuE;pLqRwC$gNJ!(mo7B+{+cd}K+&8Pi!_0FjO5@8*ZzD}2r^##exEvognS+-{g{^6tp z?)N?|i<14ZoBG#7@~T5-j~XwSWPM+(3%fg{vsbgSZ!4kOZ9uu&gXi#;nuC`CiY{Sw zV%j!!B^&4HNe(ZP6RMff`7Jr6{@hs0t$fM^OOyG@-73;sCR;V8KQWOo;(z`#;7uN0{C(}fj z5@n%ouSwo25b(_DLVkPxNgzV7HK<<9ra*J8%b2H2?j*W-SA4d-@b|EozhM3J*N`8F zvthBl;e6p4nBymM**1$N){S1%@1+h=syyr@LJ8L_ENqes3Pk((nf;{e&%eUEIZczi zon7kPeF;>CV|2s$T|HjBz;1^>_h3;DI*uid;cNp#N0Qi^b?uMtu#!|D&bSesUd0A2 zN{2{Q2fM3X-Jkcy+AYdfVo{bzHGVT)(mSa7xXT|HQ4WERCViYA-sxNeUajfA`>7|b znNg7W@L^0+35VsKqyacqE^{9_rksZ`!VyLNsCa^+ODjnJ7-&Ji^fZRR+Qyp75u{V2 z&5j12eP5i#%3Sk1a0((z(9|N*cA(qfC$K;3oegg^ntf?qvvM0tmVH8i9>~89)S6+j zaY(#ErYd(rRU5NR4cjKsBlW88`b63V53^=Wbu5PTbOtX-m+D{S8-#D63i0bx=!T2lZ;~EkuE`n^ zhA28GWj_#TN!w zF@{uiw}r|Q<;}Rt1`b;zMDX*2gbnpbu7cqd8MnU|mbO!+GSq6U?*Q|TSi{*SBbku# zVC{ZAF=i4IBl#VF>MBP6YyRC?zu{#s$BMrG-Z=T$nXo?oQvX}Ibi{MnxZOcb zp)Tr}T}o+blPrnnl&xvJtt=gU@Y7UDvf5+78*Ovgo`Sr842uwqVQ7p}ih*_Y=TRlj zAZ2dDd_b@u#siV8w2{??>ZJti?drZ-s%*v4BO9z9q7#A(l?HZFFQ&_tphkV%ckz7ue_fp9I zvvBT2imY?!DVU3NzH50lH1E+?!h8}c79V>5s2mnAUsmeMh4DWqjTERRJ9f<~tZ3uw zcfB)>!K@PXy%LsM;&HCE8b=1>Ug8U=u}mi8|Mt6j_Ux<4?u_AXR;hAt@cVMPM1_F; z8Aj=X6hy~lcZhe8@>A)@l!(xX>gx0_`GV0aEkk;`AA1V3t^PP=6iEyAdn>@Tsr3pQ zv@h75U0Ux(Q0@pKF6&muEFCW4iff^>EiG^mbE>6sEwEoT#M48&1acXBXTLl^$osZ##d`E6CGQha8#$QZp`Oe0h9+a_0Lzxrc<3G4)xYNd;Y-GDfWl^8q5tBLe&sKReV;NS;-bvmh z?rRCPTH}a?R-tE3qsuA!*%5kDOKvDSXO{+6-}XuRxJ#FwbIVf7Lbodc>Hq@VD9G;& z()T{S)f-u|g_(Gvj%@ul;IyH{$x%NGAJkC)$uV@_^1v?BYem9kAYNB|p#8g0fS^I{ zp}O6jir+J9JH~{Kskf9X2UiG%t`O$t&q?;h#Dlhr8hDlOlz^rnonEVZyUu~9zoCVi zjRw%6N>&)@nK@Ug5AUE8Jdfn51}t}OUt~ksck3|Y4cPambR>#%_~0Z zm3J!hyiYUt2fxr$HX^Vd0--b!o&IBZJ4YJ_>UxiA{T7#B4X;y2QXxmK`5ZX2ktLu2 zLckVdrl~mtD~gazwWUGl7$O9S32UYG{SHJs=s@n0*va-+LT#NdCz@@@pUG1yww9!i zd6+PFKKIRTAs^r-@i`Ev!iDZJ*=ECXq-$$m#MoBd^Q1lMadKud`woe)rZmZ8KR!-! z-KO`G|KWA0haH-jd~yHP`!2%nzZ^2E!bp2sb)M2IO3cPgGjo;`^|xiKns2}>CKu1T zF`_!c?Jt`QCewU<$2#oHhv)RAS2>tHhz{RF@50#6zE7Obs~u;O#qjQ3Eo3-+6Eh6=};!U2!uJ`%#i#MyF$_-tb=7v-(;-CXij`(+0CdR{nKqTGQA;WE+hvbzYVmx3dTK4WIqgJHBF}~!dl@H}C zSYW{kC~=;4{MdI9B@F8CAnXnwVpncN){qeN1D@j+$Wo}|x;sR<%|8HHS3-Y9yVZ}C z#ATr_MIs!F6Eg$sQ`cjK`slZm)6mxsv^m>$=7;u&XEs}`#!f6HXX7n?yx;v%#ZbGX z;pK7|I3C&v4gCcPY<=p$)DwItnny)?bR)xLY-pRJmJo^Cv>S@*d`(b`#$2fObA< z)dzn2iLaR)(eaA@*~1cmgTfD|P!AK{zKrg=-Orkm~Ko9}b0&UvrB- z3@WK=O*@C8Ysgm~hYw)JYp2{SLkhneH(X=Tws-e?p8h3_=qzz2E#bgH8Ig$Yn;F0a zb$4)aCw+ofsrnh7GQ4T4zsn_2s}DBXv0Lxt6%)HG#x|&*x)MTz&U2(cj7#d%a~4n*N;-`IFKLEfjkgN!@r4LJD+mDz-4rekj( zlEhc&G<9j!71MCuH|1Au(3GfT@dU?JS`gYFmsZxdVRizFh_53s5@JJWRqsN8h_m`@ zeqlU)WSXpa+ZL}c7u;sC@>nLjxrX(WQ)9{ew>4{@Ak$-VbM2(I_At#7H1PPHl-w2E zv(e}9ZQ_}Yr(PU8>l39)R?`^MC`_kRMfmskTIpYuh%SYyTJ)YR5zHeG5xd{6%l<=Y{uz}Yo)P;Y#h8@53cIO<2FMBa2IN< zX#j&cqrW=qc)u-B{+lRSPVJI0T2&%@A2Mr45KZcXnQl+|l$}r`E;~_X*6&%Zv(dBq zXDegDSHPdHfIpb*_q_@M757;reU(q~|Ctg=+0JH95J?)@+1vZ_)%1d7wMf|_GSLm5 z3H4T2?0q)Do%9L-tQBhe>Y^^<7^a&w&+5bM^)-h@;BeBry2fGf=b!iY@#}m@248`I zV*71NtBtP&mZ<-M)h&Bhg7u0NmAD9?RT_q$h;F>)-Og`z>+XF@By%?Lfuxl~=I+yf zIzA5z+zem@r0KZEe}Hp@hY?LInSJm@@d?aIMt z9!iJr>7}B1_pSj}CO_ytyKm4nPpwm;(kwWKYs<6K^tkr(b!+u%`mc%eh429YWjc$; zY`a@!zCA&BOapKo$hZqTZM%L;r2U2go(6IG-N1A^zxp&8$13m-x_-nIzA%|Lw~KFk zwrC8US+sT_BN4iR{HXG6o@5zpI2CdNPL4!&w%3+p>6 z`n7qjg+9oJ6mt1?8HZHp`;F{>>!qbBdQ{)1f$a9#7pLX0kOs&Qp161M{ zzq66q{kQEDvQnNUvH0Mn4NI9xduYs$S`0-n3pod#Kr&xn_mup+*t%fx9!%3H16sRf zCJDSEwCBt;+iM-YV7*-(l>8Sc`ih)>R?ao^c$Tz%V{uAk=W2CKK;Nt?a1w6*iUv2Z zzY-m6pTdl=ZQ!keB_|t|p810hp;S$Ro+S~~K|^DLEr2?7b&0goO%l-q;f*)^4xQOo zzw2i7Rz_ng-vu1V&4rQ25DO(il7lQScF^bVy9djpIU+#`hihkH@mZ1Q8m+C``-TA14)|81jCN-VGdR^zKz57*U8`+E zQFBqe>_yIN>z!=LTA3kC5F+adzpgewPLes3=Todedy{p2&8D-kYsy=3D;(nMg-foI zXGzjfqLCdzkS-cfSC*+wLmjn0M^z9?qV$_6EB`-5767v&8&0Hrf1;D5jLHlyu+tFd zRn6%b^j-=mNS)-yi&pf(dX!f1TfTwz1cANG!HT=MXQQMIXbujrurA=R)8m@!A%O8z z-}Sx38{~Ny;cV2h2Vi-Kte`-O9esaay%UB60haehEQ>-+><=*RO1zJ2}gty zD=<_IK1p8Ii^h~{v;%q{e<8|LWak5sge2d4<`;5>wM^@ISq%MNke}#|+Lmd3;}zO$ z0BwL-P0{bTUW(@#UHW9LfhxnK?{tb^HkQYQrR27@&i*NQ{xiHfh@pfJV4rhX6GcQM zXhmzq(W;w}_40g=0Y9vT{epaMv$#meqIcq_G#k6gX!B%{x0glPGMA2FXAE#|Aprce z6GJvARBMYj_WI1VWWVIrq8@kS0vmvUduDOXsC%zZvpbmxrFMjSdxqD9w@Y8qLJ*`v zMjBaAJA#0r=oQ|*2bSc6RAztP`ndjUK!?0YO_uC6}4S;7R+NclF4 z634K%mw~jU$x>8cY}HRlaW)=7`Rx#WcbgtfHZ#QGwugHF?m2H(@$AcK_XIFklAHY@ zsw{v2IHrxA?sI_g6h6o7RaJ5(SvLUqK;Y!zYL`8+ACyfInFE@x_Bd%ZzuyLk<0qNM z%De_q$CHUu_K%z>Da{fC+}UYxOly0VbL$*JhwHn!4iU#IsK3gl3zF4XvhrvtViKYL zy0{K}+Fy3gkL>WR zDyTse349IB-md_lD>D+cOgE6vzB92ni~s{(9YAQlRgEateY|SVezW!Qf7oij=(suE z#}T8zpPIbK|7sQ23vmDPPp=@Ypf>xn6K9wbH%a=Tiy5O-PiS|BREaI;W^bg|O>;u;4eS>Tl$0*n7H@O_DX$5JdtNfF>OH-VNw@ z&Ut-9xDW{H{(uw_c+y8uN+nqEU{N>z3C~U7g#|pCHl%|zFWn+rF|L+Zw9nQ>Jx2Zx z7f~uLd~;kKbdy32cw_%g04hdo>aU){M9a;DUhyCqHZuI(!B8_{cth9~)Du) z9CsgPyTqio&khhxwtPL3!A=Fkhyc`F3w%ref^JVDWRF4wQ_72b-3@r^!YdRJgdp;p zRmhZ{|521l-x>7uRjp(0K&4D=JwQMSQy@N-uK z0{WZEJ05NxF4D<}W(5qWMO?tF3VHucfo`Ot_T8&>Ssgw!+iQjUCgskwfDgeh$?5}D z)J;jhXv}8~a^TE7fa?@8)_`}YH>DMupnmb(2Z@38?*odNNM`u0$R2r8s9bgkL`zwU{_kt#qO?iUeU1+jJChByj}fr2jZV~+y_*68;EYC)BIJ! zqxCBPZSV^4A`K#KIb*)Qamy*87_emTxe)p5%awK!nB(`K8RpAN2RPlCmbUd?b1>`Nf$eopTuQ7)S2g=7J)DUku;Y)r zP`x^}Wfr++@sg@l8BJEPXhe z2)4vAsy)(1U6cO^BZ`i^qUSw8PojN1y*s3}=_|3i|* z9!5<5&o7aK=8H-W@BWO%m%-a}Y_Dg(KIM!9qyj|XM9tqDYx$_R$|(zczF`4?XL%(_ zL-Hs~

sCPb@d4#iMxTw1P!CIbM}-ztF`V#Th=K!tjm{;>cl*pcKEIR!oQjpu;>s zhj)RNF2|Y3_cl#5rC*!*XCyC+VJDEDf>cKZzKZm-nk`%nP z$sb!*L1bht!RcS-6b<-YlAiqMn1w1y$`X`Qa%Lx!*%`0cp{s?2LjZT;mY8~oO1ugw zgI_HUUSfX%qz}X_0UDu;IsS%vrEJ=n;n`;%^C>L8fVbi$9K`0QRlLa- zx@v&%NKIl?Wql0@f70NY+VARF@Uv%@` zf05e>>_@f(MELC}-mIw_Z|<-0PIgh0Q@dY<59kVF)_e1cq^6gV?8GUiJF^7g7E`H)~GXO-rm8ok=wCA z-U(e}dL{LyZle^*2eDRktn&Xmc#jMa_;O)7riHKw(*`H|bN6^K3;cUCb7Wd@Wn4yR z#Y9CUnY=U^cC@>U56FW=v$E8ihSZ3-q#bnu9yfrvnf|@bNt0xW5+?POLUI$&PZ*5C zl>Qjr;74pzx6!s2~;RZ}Ej^}&Tm-a|2eH^(qS8L+L*Y|B(A>(z8C($g|lRD2(&bV0ezKnettBuV(U90JTnE(Fq6ZG^(Q3mnB z!#WB&uRG_fCs26fMp`Vzg5`4{;@ww2Wzg^vt|a!TTL8!`HIDZ+`MZMuHSt7e>KRs zx$zo?_>7XgnQtT<=IEPzpq?j{&0F{ah;?jxT#94#m+V*>kkV^TFQG<|&M5BF)ZLCZrheNuS}hZbgx5v! zPCQ)1-$QL%Y;jI2)mJqk;81j(az`z7q3t*QfnxNLc658FrmcQ)W1Xs>*6^0Fau8Mm zA@?ydh_u)Ke}!9l!OwQt6k-ucObo4AoC;9SjXl9DQr6anr-f@D1d?#X-ubUEomAF$ zl0Om+CxfH}s)4tyCrmS0uS(hIpw^;@b~agY&k{1s@$qO)#|OT<@1%eP*~yuqkuAIw zoZ>_@pDqJ5eJZ6Yt>XM7=QYtIA!J;|Pn+-hb^e$27+IR*FmJuZcMPzGqP5)@Uu&)A zMEyp_f|LI-9Nw>u2YZ84ES83kO9KNR+YyB5GOqdqTlg+zrRyiYdtmtXIzN*ourQQg zJAp~o_TmERQCaNIv+AH7Yqs9Ql+`ae=o16y=VHW6SA=;I7oWR_I*2m#51K!pOh*@j`8tT zBP4+%crJ`A^!76Zg6zk$%ufTnj#*yMZ*#SJ^k)wn-mc~eAluQq_3v)u5~}b{j4jhu zj|Wg}P1nx)%9BA+(v96zdl^YZg~I!$@zW$u5+y4w;-^6{b&j9s^W*>Ir+mwcfd*4S z0?@Wp=u$Ra_d{HARyEVC&`2CPJZ`pZZ5wzEh$~(%CXASIB5%%bu9IYr%f| zW+oIXn@MYBS(F$AT20;U1*FE*8kVLoqYZ6_9%{@#gL4tVCrfbDaal?e?RJ*`cjwO= z@Mf5((=gCMAh86~k&vdB`YHp-x$93V3yY0G-oKR)MZF_$(wqj)Gqwop_QpQEZ9&4i ziq&#JVJET3?X!6^eR&Yhdp`Z<;pw-$Jc4MVX4(GF&&~BW#ZPZ~!m@sTLG}FJKo?e@ zGCBDGwlQL#YcQV~c;btlluL&Gj1grQ^XOEoK27PZEA}V}h_1Ik48Z=7OYR_9b?L%H z%v4)1lUy~Mub0kITs(kTb3}7G^4NNa`sVm~9y<&<^mF-^n`JL21xKcZkjOT~6;8xU%8wdR8-ko=*;fr5YgD>q81YU?UF&4FgVI8l#l|`wB3E) zY_+$I+T{LdyS-yw`BX_}!pMf>)JB7uqeu>Dc6IGQmK{7x6vWAy&X*4 zNmr(;JzW-jyC?VSAhHejfW4yy9!Xw zVWiQ88TJdb3H@5}S>*E!YVcAwDLre^|R_=5_o%xG-I5 zJjUZm21o3T3QiwF80&(fmp1P7wnW;xfq8g}jDsV(5fqB(f;bPzX=y3rl*y=oGpMDjb@RD^4ytoVlrU@p@nE@4%@ zs~6L+X7`VI#AO*?M2W>ZnWb^x|H-z%25L<^;q4muN0x9Ssu~Sf$X~8p~ zZB}VA{!=D0T2S47fj*&M&!tNBt}-z9Gb?n=hZQY>c0}h<&iyF~Q`8-|r6qi9?CB8Q zJCi$UbxfaKXI=$8re96CgFYb6Gak@lvs++F5CTX_yTwt6Z%#%#B9-`tbtcCr zo4vzX7FgFd+650o5-!?u7*1*Y;IDq=Ax_ZyK(;01k*lEl-samx~JdR5?x2kd)D zz|jU1`P09&xP`Jeojs+Nyz(K?uCH}-oW>bpw6#9!6< z&HsKCV)^!iolU8gE)}&QpZ7XIpD6((HvoNX7ffNMe)hqb1n*7Q*Emnq5()7!Htn3h zUYaz_098-Nuc9-CaP6pX-Iq9Dtbm4+!l-cz^bktd{~4{c%$@ez9Ir@PD+Ev4ojx*)^P4*=5u0Bb z!o2*=H6OZMUC8|f7p3pgz`?%(SOY%*|ex#JHQd{MJxA67~-h<-;4Ml;G9+ZtB>XoanmQc$`V z;IS6C+Kz%f+5XdzJU7v3??+P~lE9h9aF&gz><%ld_wMQbG*|(wfc2y=u}%51UYq+s|?bjX3dEUD~^tgv}gjk~lS~EkbKn@Ia(Gt<7O)p{fn`?i;=!gG)t@RBS z!knz7$J*0&p7t_9PrZ)f^=s0`9qaVc#w0L8S?+MjmlGmzF=_Z9~C?ByYI8q~iORbkkWwiAf3H`Btx{hPq8qmXJewl)`B=5xfkvk&-5-zzDJUZoN| zetSJd=#Nmiutv;O#JQ+5*<+WG$>k(4f@n43(lxhqy8{iOORxrRSrdu2LbUhI@VVWI zh-YmSve$p~aHh27Qr27JMfI|%=(V?5*2aj2xXpozBk^{0=w!A_+HXIhsCI}fMD}%m z7`qOmakvuFHbHIy(&}5Bn}t@Z0U{PpgxpEc9+oe>y%&4H|KdJnk>B;hk(ZZhyeof= zF(ETTPkADMszkz7v)M6yk&LZva&TVDE!ITvWV*8P3DyQ70=_i9f6!{`=b|K-AT%CX zra}J#7*)L`vp{F_e1{SHqOM)#1&sp99L+`2O_4kGeQ)2-cs(p&xjG98aTlE41SnlT zs3B(NkS1{7)9!(%OciC5K)K23ICVz0#qnRZV5Ukz?xd?B!K4kq=eb95kaS$H9S=7` zny+~;7J9-YhwEufU)frh%xs$+{Bw^5Mr@;0xC*#+D?-%7t0xY{m&9N!=yenrMw&hy zsAvq6+_^RUspOP_!cQiZ|H$DJ>0V z8=dd(f4I}6Cj=5 zP1I*_?dAvN%Q?&zp>HOQqkiN7_a5A$FLnusjSlm-gHoq2P!CZQ@Ix)2e_) zyDet7p7W@@E0(koM37UEMgIokE$Dy4$yvbhxX+ui?D)m0CDPoBxObP7&tP`c=dKt> zDrsFe=jJ{$88F6OQeN1?bOw*i2$%QF*1|~BG6g-hqkXD+mkYQCpXQC$f+ow*2@S;- z{Wcd~rj=gujEO)og1nI!MDUinF!J~QjV0zP3Ut+y3v{QT3nCllIo8_ScV<&N*E=~` zCzow9ZrsBV_>Ygf6)+#wR}c37^z?JqS~{*K%~{FJvIToc&UWoWug%g2%T!^Cq43P! zu#sS0qM2fnYK40H&}$kwyZ5z(6=DrC-UObwBwdPY9Lsf0E|x(iu^lbW>q+sZu1j3W zpT^LH$Er2J^^WRiGjyv|&dBslA({IxGyaS^t5c0`jM{yGj6^^=DnRUg;&WN=(@bCX zinDn;vIk!yBz%>WkV|)MUHmPlY_9tMe^gZq63lT#??66>1R?O39?r;jI)UrTrXCLt zZ>jD9mlQQ!B&dh{|Du0XusjSa(}Vz*r0UO<>4L6vORTTQOF5CByt&KG%`Nc_@C3l; zF5o!dy?ghA7#O0tapOiB3~= 3.1.0" - ## Description / note - description: This CVE needs to be fixed in the alpine base image of nginx container. - diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/NOTES.txt b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/NOTES.txt deleted file mode 100755 index 019ed74df..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/NOTES.txt +++ /dev/null @@ -1,118 +0,0 @@ -Congratulations. You have just deployed JFrog Artifactory HA! - -{{- if .Values.artifactory.masterKey }} -{{- if and (not .Values.artifactory.masterKeySecretName) (eq .Values.artifactory.masterKey "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF") }} - - -***************************************** WARNING ****************************************** -* Your Artifactory master key is still set to the provided example: * -* artifactory.masterKey=FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF * -* * -* You should change this to your own generated key: * -* $ export MASTER_KEY=$(openssl rand -hex 32) * -* $ echo ${MASTER_KEY} * -* * -* Pass the created master key to helm with '--set artifactory.masterKey=${MASTER_KEY}' * -* * -* Alternatively, you can use a pre-existing secret with a key called master-key with * -* '--set artifactory.masterKeySecretName=${SECRET_NAME}' * -******************************************************************************************** -{{- end }} -{{- end }} - -{{- if .Values.artifactory.joinKey }} -{{- if eq .Values.artifactory.joinKey "EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE" }} - - -***************************************** WARNING ****************************************** -* Your Artifactory join key is still set to the provided example: * -* artifactory.joinKey=EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE * -* * -* You should change this to your own generated key: * -* $ export JOIN_KEY=$(openssl rand -hex 32) * -* $ echo ${JOIN_KEY} * -* * -* Pass the created master key to helm with '--set artifactory.joinKey=${JOIN_KEY}' * -* * -******************************************************************************************** -{{- end }} -{{- end }} - - -{{- if .Values.postgresql.enabled }} - -DATABASE: -To extract the database password, run the following -export DB_PASSWORD=$(kubectl get --namespace {{ .Release.Namespace }} $(kubectl get secret --namespace {{ .Release.Namespace }} -o name | grep postgresql) -o jsonpath="{.data.postgresql-password}" | base64 --decode) -echo ${DB_PASSWORD} -{{- end }} - -SETUP: -1. Get the Artifactory IP and URL - - {{- if contains "NodePort" .Values.nginx.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "artifactory-ha.nginx.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT/ - - {{- else if contains "LoadBalancer" .Values.nginx.service.type }} - NOTE: It may take a few minutes for the LoadBalancer public IP to be available! - - You can watch the status of the service by running 'kubectl get svc -w {{ template "artifactory-ha.nginx.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "artifactory-ha.nginx.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP/ - - {{- else if contains "ClusterIP" .Values.nginx.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "component={{ .Values.nginx.name }}" -o jsonpath="{.items[0].metadata.name}") - kubectl port-forward --namespace {{ .Release.Namespace }} $POD_NAME 8080:80 - echo http://127.0.0.1:8080 - - {{- end }} - -2. Open Artifactory in your browser - Default credential for Artifactory: - user: admin - password: password - - {{- if .Values.artifactory.license.secret }} - -3. Artifactory license(s) is deployed as a Kubernetes secret. This method is relevant for initial deployment only! - Updating the license should be done via Artifactory UI or REST API. If you want to keep managing the artifactory license using the same method, you can use artifactory.copyOnEveryStartup in values.yaml. - - {{- else }} - -3. Add HA licenses to activate Artifactory HA through the Artifactory UI - NOTE: Each Artifactory node requires a valid license. See https://www.jfrog.com/confluence/display/RTF/HA+Installation+and+Setup for more details. - - {{- end }} - -{{ if or .Values.artifactory.primary.javaOpts.jmx.enabled .Values.artifactory.node.javaOpts.jmx.enabled }} -JMX configuration: -{{- if not (contains "LoadBalancer" .Values.artifactory.service.type) }} -If you want to access JMX from you computer with jconsole, you should set ".Values.artifactory.service.type=LoadBalancer" !!! -{{ end }} - -1. Get the Artifactory service IP: -{{- if .Values.artifactory.primary.javaOpts.jmx.enabled }} -export PRIMARY_SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "artifactory-ha.primary.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') -{{- end }} -{{- if .Values.artifactory.node.javaOpts.jmx.enabled }} -export MEMBER_SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "artifactory-ha.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') -{{- end }} - -2. Map the service name to the service IP in /etc/hosts: -{{- if .Values.artifactory.primary.javaOpts.jmx.enabled }} -sudo sh -c "echo \"${PRIMARY_SERVICE_IP} {{ template "artifactory-ha.primary.name" . }}\" >> /etc/hosts" -{{- end }} -{{- if .Values.artifactory.node.javaOpts.jmx.enabled }} -sudo sh -c "echo \"${MEMBER_SERVICE_IP} {{ template "artifactory-ha.fullname" . }}\" >> /etc/hosts" -{{- end }} - -3. Launch jconsole: -{{- if .Values.artifactory.primary.javaOpts.jmx.enabled }} -jconsole {{ template "artifactory-ha.primary.name" . }}:{{ .Values.artifactory.primary.javaOpts.jmx.port }} -{{- end }} -{{- if .Values.artifactory.node.javaOpts.jmx.enabled }} -jconsole {{ template "artifactory-ha.fullname" . }}:{{ .Values.artifactory.node.javaOpts.jmx.port }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/_helpers.tpl b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/_helpers.tpl deleted file mode 100755 index 04109d8c4..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/_helpers.tpl +++ /dev/null @@ -1,292 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "artifactory-ha.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -The primary node name -*/}} -{{- define "artifactory-ha.primary.name" -}} -{{- if .Values.nameOverride -}} -{{- printf "%s-primary" .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := .Release.Name | trunc 29 -}} -{{- printf "%s-%s-primary" $name .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} - -{{/* -The member node name -*/}} -{{- define "artifactory-ha.node.name" -}} -{{- if .Values.nameOverride -}} -{{- printf "%s-member" .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := .Release.Name | trunc 29 -}} -{{- printf "%s-%s-member" $name .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} - -{{/* -Expand the name nginx service. -*/}} -{{- define "artifactory-ha.nginx.name" -}} -{{- default .Values.nginx.name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "artifactory-ha.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create a default fully qualified Replicator app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "artifactory-ha.replicator.fullname" -}} -{{- if .Values.artifactory.replicator.ingress.name -}} -{{- .Values.artifactory.replicator.ingress.name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-replication" .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} - -{{/* -Create a default fully qualified replicator tracker ingress name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "artifactory-ha.replicator.tracker.fullname" -}} -{{- if .Values.artifactory.replicator.trackerIngress.name -}} -{{- .Values.artifactory.replicator.trackerIngress.name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-replication-tracker" .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "artifactory-ha.nginx.fullname" -}} -{{- if .Values.nginx.fullnameOverride -}} -{{- .Values.nginx.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nginx.name -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "artifactory-ha.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} -{{ default (include "artifactory-ha.fullname" .) .Values.serviceAccount.name }} -{{- else -}} -{{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "artifactory-ha.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Generate SSL certificates -*/}} -{{- define "artifactory-ha.gen-certs" -}} -{{- $altNames := list ( printf "%s.%s" (include "artifactory-ha.name" .) .Release.Namespace ) ( printf "%s.%s.svc" (include "artifactory-ha.name" .) .Release.Namespace ) -}} -{{- $ca := genCA "artifactory-ca" 365 -}} -{{- $cert := genSignedCert ( include "artifactory-ha.name" . ) nil $altNames 365 $ca -}} -tls.crt: {{ $cert.Cert | b64enc }} -tls.key: {{ $cert.Key | b64enc }} -{{- end -}} - -{{/* -Scheme (http/https) based on Access TLS enabled/disabled -*/}} -{{- define "artifactory-ha.scheme" -}} -{{- if .Values.access.accessConfig.security.tls -}} -{{- printf "%s" "https" -}} -{{- else -}} -{{- printf "%s" "http" -}} -{{- end -}} -{{- end -}} - -{{/* -Resolve joinKey value -*/}} -{{- define "artifactory-ha.joinKey" -}} -{{- if .Values.global.joinKey -}} -{{- .Values.global.joinKey -}} -{{- else if .Values.artifactory.joinKey -}} -{{- .Values.artifactory.joinKey -}} -{{- end -}} -{{- end -}} - -{{/* -Resolve masterKey value -*/}} -{{- define "artifactory-ha.masterKey" -}} -{{- if .Values.global.masterKey -}} -{{- .Values.global.masterKey -}} -{{- else if .Values.artifactory.masterKey -}} -{{- .Values.artifactory.masterKey -}} -{{- end -}} -{{- end -}} - -{{/* -Resolve joinKeySecretName value -*/}} -{{- define "artifactory-ha.joinKeySecretName" -}} -{{- if .Values.global.joinKeySecretName -}} -{{- .Values.global.joinKeySecretName -}} -{{- else if .Values.artifactory.joinKeySecretName -}} -{{- .Values.artifactory.joinKeySecretName -}} -{{- else -}} -{{ include "artifactory-ha.fullname" . }} -{{- end -}} -{{- end -}} - -{{/* -Resolve masterKeySecretName value -*/}} -{{- define "artifactory-ha.masterKeySecretName" -}} -{{- if .Values.global.masterKeySecretName -}} -{{- .Values.global.masterKeySecretName -}} -{{- else if .Values.artifactory.masterKeySecretName -}} -{{- .Values.artifactory.masterKeySecretName -}} -{{- else -}} -{{ include "artifactory-ha.fullname" . }} -{{- end -}} -{{- end -}} - -{{/* -Resolve imagePullSecrets value -*/}} -{{- define "artifactory-ha.imagePullSecrets" -}} -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- else if .Values.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end -}} -{{- end -}} - -{{/* -Resolve customInitContainersBegin value -*/}} -{{- define "artifactory-ha.customInitContainersBegin" -}} -{{- if .Values.global.customInitContainersBegin -}} -{{- .Values.global.customInitContainersBegin -}} -{{- else if .Values.artifactory.customInitContainersBegin -}} -{{- .Values.artifactory.customInitContainersBegin -}} -{{- end -}} -{{- end -}} - -{{/* -Resolve customInitContainers value -*/}} -{{- define "artifactory-ha.customInitContainers" -}} -{{- if .Values.global.customInitContainers -}} -{{- .Values.global.customInitContainers -}} -{{- else if .Values.artifactory.customInitContainers -}} -{{- .Values.artifactory.customInitContainers -}} -{{- end -}} -{{- end -}} - -{{/* -Resolve customVolumes value -*/}} -{{- define "artifactory-ha.customVolumes" -}} -{{- if .Values.global.customVolumes -}} -{{- .Values.global.customVolumes -}} -{{- else if .Values.artifactory.customVolumes -}} -{{- .Values.artifactory.customVolumes -}} -{{- end -}} -{{- end -}} - -{{/* -Resolve customVolumeMounts value -*/}} -{{- define "artifactory-ha.customVolumeMounts" -}} -{{- if .Values.global.customVolumeMounts -}} -{{- .Values.global.customVolumeMounts -}} -{{- else if .Values.artifactory.customVolumeMounts -}} -{{- .Values.artifactory.customVolumeMounts -}} -{{- end -}} -{{- end -}} - -{{/* -Resolve customSidecarContainers value -*/}} -{{- define "artifactory-ha.customSidecarContainers" -}} -{{- if .Values.global.customSidecarContainers -}} -{{- .Values.global.customSidecarContainers -}} -{{- else if .Values.artifactory.customSidecarContainers -}} -{{- .Values.artifactory.customSidecarContainers -}} -{{- end -}} -{{- end -}} - -{{/* -Return the proper artifactory chart image names -*/}} -{{- define "artifactory-ha.getImageInfoByValue" -}} -{{- $dot := index . 0 }} -{{- $indexReference := index . 1 }} -{{- $registryName := index $dot.Values $indexReference "image" "registry" -}} -{{- $repositoryName := index $dot.Values $indexReference "image" "repository" -}} -{{- $tag := default $dot.Chart.AppVersion (index $dot.Values $indexReference "image" "tag") | toString -}} -{{- if $dot.Values.global }} - {{- if and $dot.Values.global.versions.artifactory (or (eq $indexReference "artifactory") (eq $indexReference "nginx") ) }} - {{- $tag = $dot.Values.global.versions.artifactory | toString -}} - {{- end -}} - {{- if $dot.Values.global.imageRegistry }} - {{- printf "%s/%s:%s" $dot.Values.global.imageRegistry $repositoryName $tag -}} - {{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} - {{- end -}} -{{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} -{{- end -}} -{{- end -}} - -{{/* -Return the proper artifactory app version -*/}} -{{- define "artifactory-ha.app.version" -}} -{{- $image := split ":" ((include "artifactory-ha.getImageInfoByValue" (list . "artifactory")) | toString) -}} -{{- $tag := $image._1 -}} -{{- printf "%s" $tag -}} -{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/additional-resources.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/additional-resources.yaml deleted file mode 100755 index c4d06f08a..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/additional-resources.yaml +++ /dev/null @@ -1,3 +0,0 @@ -{{ if .Values.additionalResources }} -{{ tpl .Values.additionalResources . }} -{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/admin-bootstrap-creds.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/admin-bootstrap-creds.yaml deleted file mode 100755 index b344e86b6..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/admin-bootstrap-creds.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if not (and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey) }} -{{- if .Values.artifactory.admin.password }} -kind: Secret -apiVersion: v1 -metadata: - name: {{ template "artifactory-ha.fullname" . }}-bootstrap-creds - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - bootstrap.creds: {{ (printf "%s@%s=%s" .Values.artifactory.admin.username .Values.artifactory.admin.ip .Values.artifactory.admin.password) | b64enc }} -{{- end }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-access-config.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-access-config.yaml deleted file mode 100755 index 4eac505bc..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-access-config.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if .Values.access.accessConfig }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "artifactory-ha.fullname" . }}-access-config - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -type: Opaque -stringData: - access.config.patch.yml: | -{{ tpl (toYaml .Values.access.accessConfig) . | indent 4 }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-binarystore-secret.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-binarystore-secret.yaml deleted file mode 100755 index 2e7cac758..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-binarystore-secret.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if not .Values.artifactory.persistence.customBinarystoreXmlSecret }} -kind: Secret -apiVersion: v1 -metadata: - name: {{ template "artifactory-ha.fullname" . }}-binarystore - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -stringData: - binarystore.xml: |- -{{ tpl .Values.artifactory.persistence.binarystoreXml . | indent 4 }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-configmaps.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-configmaps.yaml deleted file mode 100755 index 1385bc578..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-configmaps.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{ if .Values.artifactory.configMaps }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "artifactory-ha.fullname" . }}-configmaps - labels: - app: {{ template "artifactory-ha.fullname" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: -{{ tpl .Values.artifactory.configMaps . | indent 2 }} -{{ end -}} \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-custom-secrets.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-custom-secrets.yaml deleted file mode 100755 index 67473fc58..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-custom-secrets.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.artifactory.customSecrets }} -{{- range .Values.artifactory.customSecrets }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "artifactory-ha.fullname" $ }}-{{ .name }} - labels: - app: "{{ template "artifactory-ha.name" $ }}" - chart: "{{ template "artifactory-ha.chart" $ }}" - component: "{{ $.Values.artifactory.name }}" - heritage: {{ $.Release.Service | quote }} - release: {{ $.Release.Name | quote }} -type: Opaque -stringData: - {{ .key }}: | -{{ .data | indent 4 -}} -{{- end -}} -{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-database-secrets.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-database-secrets.yaml deleted file mode 100755 index 9ff71855f..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-database-secrets.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if and (not .Values.database.secrets) (not .Values.postgresql.enabled) }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "artifactory-ha.fullname" . }}-database-creds - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -type: Opaque -data: - {{- with .Values.database.url }} - db-url: {{ tpl . $ | b64enc | quote }} - {{- end }} - {{- with .Values.database.user }} - db-user: {{ tpl . $ | b64enc | quote }} - {{- end }} - {{- with .Values.database.password }} - db-password: {{ tpl . $ | b64enc | quote }} - {{- end }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-gcp-credentials-secret.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-gcp-credentials-secret.yaml deleted file mode 100755 index c6a2682c8..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-gcp-credentials-secret.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if not .Values.artifactory.persistence.googleStorage.gcpServiceAccount.customSecretName }} -{{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} -kind: Secret -apiVersion: v1 -metadata: - name: {{ template "artifactory-ha.fullname" . }}-gcpcreds - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -stringData: - gcp.credentials.json: |- -{{ tpl .Values.artifactory.persistence.googleStorage.gcpServiceAccount.config . | indent 4 }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-installer-info.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-installer-info.yaml deleted file mode 100755 index e58ec41b3..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-installer-info.yaml +++ /dev/null @@ -1,12 +0,0 @@ -kind: ConfigMap -apiVersion: v1 -metadata: - name: {{ template "artifactory-ha.fullname" . }}-installer-info - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - installer-info.json: | - {{ tpl .Values.installerInfo . }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-license-secret.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-license-secret.yaml deleted file mode 100755 index 3f629c6e4..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-license-secret.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- with .Values.artifactory.license.licenseKey }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "artifactory-ha.fullname" $ }}-license - labels: - app: {{ template "artifactory-ha.name" $ }} - chart: {{ template "artifactory-ha.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} -type: Opaque -data: - artifactory.lic: {{ . | b64enc | quote }} -{{- end }} \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-migration-scripts.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-migration-scripts.yaml deleted file mode 100755 index fe40f980f..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-migration-scripts.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.artifactory.migration.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "artifactory-ha.fullname" . }}-migration-scripts - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - migrate.sh: | -{{ .Files.Get "files/migrate.sh" | indent 4 }} - migrationHelmInfo.yaml: | -{{ .Files.Get "files/migrationHelmInfo.yaml" | indent 4 }} - migrationStatus.sh: | -{{ .Files.Get "files/migrationStatus.sh" | indent 4 }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-networkpolicy.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-networkpolicy.yaml deleted file mode 100755 index 371dc9a5f..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-networkpolicy.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{- range .Values.networkpolicy }} -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ template "artifactory-ha.fullname" $ }}-{{ .name }}-networkpolicy - labels: - app: {{ template "artifactory-ha.name" $ }} - chart: {{ template "artifactory-ha.chart" $ }} - release: {{ $.Release.Name }} - heritage: {{ $.Release.Service }} -spec: -{{- if .podSelector }} - podSelector: -{{ .podSelector | toYaml | trimSuffix "\n" | indent 4 -}} -{{ else }} - podSelector: {} -{{- end }} - policyTypes: - {{- if .ingress }} - - Ingress - {{- end }} - {{- if .egress }} - - Egress - {{- end }} -{{- if .ingress }} - ingress: -{{ .ingress | toYaml | trimSuffix "\n" | indent 2 -}} -{{- end }} -{{- if .egress }} - egress: -{{ .egress | toYaml | trimSuffix "\n" | indent 2 -}} -{{- end }} ---- -{{- end -}} \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-nfs-pvc.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-nfs-pvc.yaml deleted file mode 100755 index 6ed7d82f6..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-nfs-pvc.yaml +++ /dev/null @@ -1,101 +0,0 @@ -{{- if eq .Values.artifactory.persistence.type "nfs" }} -### Artifactory HA data -apiVersion: v1 -kind: PersistentVolume -metadata: - name: {{ template "artifactory-ha.fullname" . }}-data-pv - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - id: {{ template "artifactory-ha.name" . }}-data-pv - type: nfs-volume -spec: - {{- if .Values.artifactory.persistence.nfs.mountOptions }} - mountOptions: -{{ toYaml .Values.artifactory.persistence.nfs.mountOptions | indent 4 }} - {{- end }} - capacity: - storage: {{ .Values.artifactory.persistence.nfs.capacity }} - accessModes: - - ReadWriteOnce - persistentVolumeReclaimPolicy: Retain - nfs: - server: {{ .Values.artifactory.persistence.nfs.ip }} - path: "{{ .Values.artifactory.persistence.nfs.haDataMount }}" - readOnly: false ---- -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ template "artifactory-ha.fullname" . }}-data-pvc - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - type: nfs-volume -spec: - accessModes: - - ReadWriteOnce - storageClassName: "" - resources: - requests: - storage: {{ .Values.artifactory.persistence.nfs.capacity }} - selector: - matchLabels: - id: {{ template "artifactory-ha.name" . }}-data-pv - app: {{ template "artifactory-ha.name" . }} - release: {{ .Release.Name }} ---- -### Artifactory HA backup -apiVersion: v1 -kind: PersistentVolume -metadata: - name: {{ template "artifactory-ha.fullname" . }}-backup-pv - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - id: {{ template "artifactory-ha.name" . }}-backup-pv - type: nfs-volume -spec: - {{- if .Values.artifactory.persistence.nfs.mountOptions }} - mountOptions: -{{ toYaml .Values.artifactory.persistence.nfs.mountOptions | indent 4 }} - {{- end }} - capacity: - storage: {{ .Values.artifactory.persistence.nfs.capacity }} - accessModes: - - ReadWriteOnce - persistentVolumeReclaimPolicy: Retain - nfs: - server: {{ .Values.artifactory.persistence.nfs.ip }} - path: "{{ .Values.artifactory.persistence.nfs.haBackupMount }}" - readOnly: false ---- -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ template "artifactory-ha.fullname" . }}-backup-pvc - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - type: nfs-volume -spec: - accessModes: - - ReadWriteOnce - storageClassName: "" - resources: - requests: - storage: {{ .Values.artifactory.persistence.nfs.capacity }} - selector: - matchLabels: - id: {{ template "artifactory-ha.name" . }}-backup-pv - app: {{ template "artifactory-ha.name" . }} - release: {{ .Release.Name }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-node-pdb.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-node-pdb.yaml deleted file mode 100755 index cb45027cf..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-node-pdb.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.artifactory.node.minAvailable -}} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ template "artifactory-ha.fullname" . }}-node - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - component: {{ .Values.artifactory.name }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - matchLabels: - component: {{ .Values.artifactory.name }} - app: {{ template "artifactory-ha.name" . }} - role: {{ template "artifactory-ha.node.name" . }} - release: {{ .Release.Name }} - minAvailable: {{ .Values.artifactory.node.minAvailable }} -{{- end }} \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-node-statefulset.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-node-statefulset.yaml deleted file mode 100755 index c5b6f08f4..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-node-statefulset.yaml +++ /dev/null @@ -1,736 +0,0 @@ -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ template "artifactory-ha.node.name" . }} - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - component: {{ .Values.artifactory.name }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -{{- with .Values.artifactory.node.labels }} -{{ toYaml . | indent 4 }} -{{- end }} -spec: - serviceName: {{ template "artifactory-ha.node.name" . }} - replicas: {{ .Values.artifactory.node.replicaCount }} - updateStrategy: - type: RollingUpdate - selector: - matchLabels: - app: {{ template "artifactory-ha.name" . }} - role: {{ template "artifactory-ha.node.name" . }} - release: {{ .Release.Name }} - template: - metadata: - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - role: {{ template "artifactory-ha.node.name" . }} - heritage: {{ .Release.Service }} - component: {{ .Values.artifactory.name }} - release: {{ .Release.Name }} - {{- with .Values.artifactory.node.labels }} -{{ toYaml . | indent 8 }} - {{- end }} - annotations: - checksum/database-secrets: {{ include (print $.Template.BasePath "/artifactory-database-secrets.yaml") . | sha256sum }} - checksum/binarystore: {{ include (print $.Template.BasePath "/artifactory-binarystore-secret.yaml") . | sha256sum }} - checksum/systemyaml: {{ include (print $.Template.BasePath "/artifactory-system-yaml.yaml") . | sha256sum }} - {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} - checksum/gcpcredentials: {{ include (print $.Template.BasePath "/artifactory-gcp-credentials-secret.yaml") . | sha256sum }} - {{- end }} - {{- range $key, $value := .Values.artifactory.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} - spec: - {{- if .Values.artifactory.priorityClass.existingPriorityClass }} - priorityClassName: {{ .Values.artifactory.priorityClass.existingPriorityClass }} - {{- else -}} - {{- if .Values.artifactory.priorityClass.create }} - priorityClassName: {{ default (include "artifactory-ha.fullname" .) .Values.artifactory.priorityClass.name }} - {{- end }} - {{- end }} - serviceAccountName: {{ template "artifactory-ha.serviceAccountName" . }} - terminationGracePeriodSeconds: {{ .Values.artifactory.terminationGracePeriodSeconds }} - {{- if or .Values.imagePullSecrets .Values.global.imagePullSecrets }} -{{- include "artifactory-ha.imagePullSecrets" . | indent 6 }} - {{- end }} - {{- if .Values.artifactory.setSecurityContext }} - securityContext: - runAsUser: {{ .Values.artifactory.uid }} - fsGroup: {{ .Values.artifactory.gid }} - {{- end }} - initContainers: - {{- if or .Values.artifactory.customInitContainersBegin .Values.global.customInitContainersBegin }} -{{ tpl (include "artifactory-ha.customInitContainersBegin" .) . | indent 6 }} - {{- end }} - {{- if .Values.artifactory.persistence.enabled }} - {{- if eq .Values.artifactory.persistence.type "file-system" }} - {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} - - name: "create-artifactory-data-dir" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} - command: - - 'sh' - - '-c' - - > - mkdir -p {{ tpl .Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir . }}; - resources: -{{ toYaml .Values.initContainers.resources | indent 10 }} - volumeMounts: - - mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} - name: volume - {{- end }} - {{- end }} - {{- if .Values.artifactory.deleteDBPropertiesOnStartup }} - - name: "delete-db-properties" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} - command: - - 'sh' - - '-c' - - 'rm -fv {{ .Values.artifactory.persistence.mountPath }}/etc/db.properties' - resources: -{{ toYaml .Values.initContainers.resources | indent 10 }} - volumeMounts: - - mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} - name: volume - {{- end }} - {{- end }} - {{- if and .Values.artifactory.node.waitForPrimaryStartup.enabled }} - - name: "wait-for-primary" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} - command: - - 'sh' - - '-c' - - > - echo "Waiting for primary node to be ready..."; - {{- if and .Values.artifactory.node.waitForPrimaryStartup.enabled .Values.artifactory.node.waitForPrimaryStartup.time }} - echo "Sleeping to allow time for primary node to come up"; - sleep {{ .Values.artifactory.node.waitForPrimaryStartup.time }}; - {{- else }} - while [ "$(wget --spider --no-check-certificate -S -T 3 {{ include "artifactory-ha.scheme" . }}://{{ template "artifactory-ha.primary.name" . }}:{{ .Values.artifactory.externalPort }}/ 2>&1 | grep '^ HTTP/' | awk '{print $2}')" != "200" ]; - do echo "Primary not ready. Waiting..."; sleep 3; - done; - echo "Primary node ready!"; - {{- end }} - resources: -{{ toYaml .Values.initContainers.resources | indent 10 }} - {{- end }} - - name: 'copy-system-yaml' - image: '{{ .Values.initContainerImage }}' - command: - - '/bin/sh' - - '-c' - - > - echo "Copy system.yaml to {{ .Values.artifactory.persistence.mountPath }}/etc"; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/access/keys/trusted; - {{- if .Values.systemYamlOverride.existingSecret }} - cp -fv /tmp/etc/{{ .Values.systemYamlOverride.dataKey }} {{ .Values.artifactory.persistence.mountPath }}/etc/system.yaml; - {{- else }} - cp -fv /tmp/etc/system.yaml {{ .Values.artifactory.persistence.mountPath }}/etc/system.yaml; - {{- end }} - echo "Remove {{ .Values.artifactory.persistence.mountPath }}/lost+found folder if exists"; - rm -rfv {{ .Values.artifactory.persistence.mountPath }}/lost+found; - echo "Removing join.key file"; - rm -fv {{ .Values.artifactory.persistence.mountPath }}/etc/security/join.key; - {{- if .Values.access.resetAccessCAKeys }} - echo "Resetting Access CA Keys - load from database"; - {{- end }} - {{- if .Values.access.customCertificatesSecretName }} - echo "Load custom certificates from database"; - {{- end }} - {{- if or .Values.artifactory.masterKey .Values.global.masterKey .Values.artifactory.masterKeySecretName .Values.global.masterKeySecretName }} - echo "Copy masterKey to {{ .Values.artifactory.persistence.mountPath }}/etc/security"; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/security; - echo -n ${ARTIFACTORY_MASTER_KEY} > {{ .Values.artifactory.persistence.mountPath }}/etc/security/master.key; - env: - - name: ARTIFACTORY_MASTER_KEY - valueFrom: - secretKeyRef: - name: {{ include "artifactory-ha.masterKeySecretName" . }} - key: master-key - {{- end }} - resources: -{{ toYaml .Values.initContainers.resources | indent 10 }} - volumeMounts: - - name: volume - mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} - {{- if or .Values.systemYamlOverride.existingSecret .Values.artifactory.systemYaml }} - - name: systemyaml - {{- if .Values.systemYamlOverride.existingSecret }} - mountPath: "/tmp/etc/{{.Values.systemYamlOverride.dataKey}}" - subPath: {{ .Values.systemYamlOverride.dataKey }} - {{- else if .Values.artifactory.systemYaml }} - mountPath: "/tmp/etc/system.yaml" - subPath: system.yaml - {{- end }} - {{- end }} - {{- if and .Values.artifactory.customPersistentPodVolumeClaim (not .Values.artifactory.customPersistentPodVolumeClaim.skipPrepareContainer) }} - - name: "prepare-custom-persistent-volume" - image: "{{ .Values.initContainerImage }}" - command: - - 'sh' - - '-c' - - > - chown -Rv {{ .Values.artifactory.uid }}:{{ .Values.artifactory.gid }} {{ .Values.artifactory.customPersistentPodVolumeClaim.mountPath }} - securityContext: - runAsUser: 0 - resources: -{{ toYaml .Values.initContainers.resources | indent 10 }} - volumeMounts: - - name: {{ .Values.artifactory.customPersistentPodVolumeClaim.name }} - mountPath: {{ .Values.artifactory.customPersistentPodVolumeClaim.mountPath }} - {{- end }} - {{- if .Values.waitForDatabase }} - {{- if or .Values.postgresql.enabled }} - - name: "wait-for-db" - image: "{{ .Values.initContainerImage }}" - command: - - 'sh' - - '-c' - - > - until nc -z -w 2 {{ .Release.Name }}-postgresql {{ .Values.postgresql.service.port }} && echo database ok; do - sleep 2; - done; - resources: -{{ toYaml .Values.initContainers.resources | indent 10 }} - {{- end }} - {{- end }} - {{- if or .Values.artifactory.customInitContainers .Values.global.customInitContainers }} -{{ tpl (include "artifactory-ha.customInitContainers" .) . | indent 6 }} - {{- end }} -{{- if .Values.artifactory.migration.enabled }} - - name: 'migration-artifactory-ha' - image: {{ include "artifactory-ha.getImageInfoByValue" (list . "artifactory") }} - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} - securityContext: - allowPrivilegeEscalation: false - command: - - '/bin/bash' - - '-c' - - > - {{- if .Values.artifactory.migration.preStartCommand }} - echo "Running custom preStartCommand command"; - {{ tpl .Values.artifactory.migration.preStartCommand . }}; - {{- end }} - scriptsPath="/opt/jfrog/artifactory/app/bin"; - mkdir -p $scriptsPath; - echo "Copy migration scripts and Run migration"; - cp -fv /tmp/migrate.sh $scriptsPath/migrate.sh; - cp -fv /tmp/migrationHelmInfo.yaml $scriptsPath/migrationHelmInfo.yaml; - cp -fv /tmp/migrationStatus.sh $scriptsPath/migrationStatus.sh; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/log; - bash $scriptsPath/migrationStatus.sh {{ include "artifactory-ha.app.version" . }} {{ .Values.artifactory.migration.timeoutSeconds }} > >(tee {{ .Values.artifactory.persistence.mountPath }}/log/helm-migration.log) 2>&1; - resources: -{{ toYaml .Values.artifactory.node.resources | indent 10 }} - env: - {{- if and (not .Values.waitForDatabase) (not .Values.postgresql.enabled) }} - - name: SKIP_WAIT_FOR_EXTERNAL_DB - value: "true" - {{- end }} - {{- if or .Values.database.secrets.user .Values.database.user }} - - name: JF_SHARED_DATABASE_USERNAME - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.user }} - name: {{ tpl .Values.database.secrets.user.name . }} - key: {{ tpl .Values.database.secrets.user.key . }} - {{- else if .Values.database.user }} - name: {{ template "artifactory-ha.fullname" . }}-database-creds - key: db-user - {{- end }} - {{- end }} - {{ if or .Values.database.secrets.password .Values.database.password .Values.postgresql.enabled }} - - name: JF_SHARED_DATABASE_PASSWORD - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.password }} - name: {{ tpl .Values.database.secrets.password.name . }} - key: {{ tpl .Values.database.secrets.password.key . }} - {{- else if .Values.database.password }} - name: {{ template "artifactory-ha.fullname" . }}-database-creds - key: db-password - {{- else if .Values.postgresql.enabled }} - name: {{ .Release.Name }}-postgresql - key: postgresql-password - {{- end }} - {{- end }} - {{- if or .Values.database.secrets.url .Values.database.url }} - - name: JF_SHARED_DATABASE_URL - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.url }} - name: {{ tpl .Values.database.secrets.url.name . }} - key: {{ tpl .Values.database.secrets.url.key . }} - {{- else if .Values.database.url }} - name: {{ template "artifactory-ha.fullname" . }}-database-creds - key: db-url - {{- end }} - {{- end }} - - name: JF_SHARED_NODE_PRIMARY - value: "false" - - name: JF_SHARED_NODE_HAENABLED - value: "true" -{{- with .Values.artifactory.extraEnvironmentVariables }} -{{ tpl (toYaml .) $ | indent 8 }} -{{- end }} - volumeMounts: - - name: migration-scripts - mountPath: "/tmp/migrate.sh" - subPath: migrate.sh - - name: migration-scripts - mountPath: "/tmp/migrationHelmInfo.yaml" - subPath: migrationHelmInfo.yaml - - name: migration-scripts - mountPath: "/tmp/migrationStatus.sh" - subPath: migrationStatus.sh - - name: volume - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - {{- if eq .Values.artifactory.persistence.type "file-system" }} - {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} - {{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }} - - name: artifactory-ha-data-{{ $sharedClaimNumber }} - mountPath: "{{ tpl $.Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir $ }}/filestore{{ $sharedClaimNumber }}" - {{- end }} - - name: artifactory-ha-backup - mountPath: "{{ $.Values.artifactory.persistence.fileSystem.existingSharedClaim.backupDir }}" - {{- end }} - {{- end }} - {{- if or .Values.artifactory.customVolumeMounts .Values.global.customVolumeMounts }} -{{ tpl (include "artifactory-ha.customVolumeMounts" .) . | indent 8 }} - {{- end }} - {{- if eq .Values.artifactory.persistence.type "nfs" }} - - name: artifactory-ha-data - mountPath: "{{ .Values.artifactory.persistence.nfs.dataDir }}" - - name: artifactory-ha-backup - mountPath: "{{ .Values.artifactory.persistence.nfs.backupDir }}" - {{- else }} - {{- if .Values.artifactory.binarystore.enabled }} - - name: binarystore-xml - mountPath: "/artifactory_bootstrap/binarystore.xml" - subPath: binarystore.xml - {{- end }} - {{- end }} - {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} - - name: gcpcreds-json - mountPath: "/artifactory_bootstrap/gcp.credentials.json" - subPath: gcp.credentials.json - {{- end }} -{{- end }} - containers: - - name: {{ .Values.artifactory.name }} - image: {{ include "artifactory-ha.getImageInfoByValue" (list . "artifactory") }} - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} - securityContext: - allowPrivilegeEscalation: false - command: - - '/bin/bash' - - '-c' - - > - set -e; - {{- if .Values.artifactory.preStartCommand }} - echo "Running custom preStartCommand command"; - {{ tpl .Values.artifactory.preStartCommand . }}; - {{- end }} - {{- with .Values.artifactory.node.preStartCommand }} - echo "Running member node specific custom preStartCommand command"; - {{ tpl . $ }}; - {{- end }} - exec /entrypoint-artifactory.sh - {{- with .Values.artifactory.postStartCommand }} - lifecycle: - postStart: - exec: - command: - - '/bin/bash' - - '-c' - - > - echo "Running custom postStartCommand command"; - {{ tpl . $ }} - {{- end }} - env: - {{- if and (not .Values.waitForDatabase) (not .Values.postgresql.enabled) }} - - name: SKIP_WAIT_FOR_EXTERNAL_DB - value: "true" - {{- end }} - {{- if or .Values.database.secrets.user .Values.database.user }} - - name: JF_SHARED_DATABASE_USERNAME - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.user }} - name: {{ tpl .Values.database.secrets.user.name . }} - key: {{ tpl .Values.database.secrets.user.key . }} - {{- else if .Values.database.user }} - name: {{ template "artifactory-ha.fullname" . }}-database-creds - key: db-user - {{- end }} - {{- end }} - {{ if or .Values.database.secrets.password .Values.database.password .Values.postgresql.enabled }} - - name: JF_SHARED_DATABASE_PASSWORD - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.password }} - name: {{ tpl .Values.database.secrets.password.name . }} - key: {{ tpl .Values.database.secrets.password.key . }} - {{- else if .Values.database.password }} - name: {{ template "artifactory-ha.fullname" . }}-database-creds - key: db-password - {{- else if .Values.postgresql.enabled }} - name: {{ .Release.Name }}-postgresql - key: postgresql-password - {{- end }} - {{- end }} - {{- if or .Values.database.secrets.url .Values.database.url }} - - name: JF_SHARED_DATABASE_URL - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.url }} - name: {{ tpl .Values.database.secrets.url.name . }} - key: {{ tpl .Values.database.secrets.url.key . }} - {{- else if .Values.database.url }} - name: {{ template "artifactory-ha.fullname" . }}-database-creds - key: db-url - {{- end }} - {{- end }} - - name: JF_SHARED_NODE_PRIMARY - value: "false" - - name: JF_SHARED_NODE_HAENABLED - value: "true" -{{- with .Values.artifactory.extraEnvironmentVariables }} -{{ tpl (toYaml .) $ | indent 8 }} -{{- end }} - ports: - - containerPort: {{ .Values.artifactory.internalPort }} - name: http - - containerPort: {{ .Values.artifactory.internalArtifactoryPort }} - name: http-internal - {{- if .Values.artifactory.node.javaOpts.jmx.enabled }} - - containerPort: {{ .Values.artifactory.node.javaOpts.jmx.port }} - name: tcp-jmx - {{- end }} - {{- if .Values.artifactory.ssh.enabled }} - - containerPort: {{ .Values.artifactory.ssh.internalPort }} - name: tcp-ssh - {{- end }} - volumeMounts: - {{- if .Values.artifactory.customPersistentVolumeClaim }} - - name: {{ .Values.artifactory.customPersistentVolumeClaim.name }} - mountPath: {{ .Values.artifactory.customPersistentVolumeClaim.mountPath }} - {{- end }} - {{- if .Values.artifactory.customPersistentPodVolumeClaim }} - - name: {{ .Values.artifactory.customPersistentPodVolumeClaim.name }} - mountPath: {{ .Values.artifactory.customPersistentPodVolumeClaim.mountPath }} - {{- end }} - - name: volume - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - {{- if eq .Values.artifactory.persistence.type "file-system" }} - {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} - {{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }} - - name: artifactory-ha-data-{{ $sharedClaimNumber }} - mountPath: "{{ tpl $.Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir $ }}/filestore{{ $sharedClaimNumber }}" - {{- end }} - - name: artifactory-ha-backup - mountPath: "{{ $.Values.artifactory.persistence.fileSystem.existingSharedClaim.backupDir }}" - {{- end }} - {{- end }} - {{- if eq .Values.artifactory.persistence.type "nfs" }} - - name: artifactory-ha-data - mountPath: "{{ .Values.artifactory.persistence.nfs.dataDir }}" - - name: artifactory-ha-backup - mountPath: "{{ .Values.artifactory.persistence.nfs.backupDir }}" - {{- else }} - {{- if .Values.artifactory.binarystore.enabled }} - - name: binarystore-xml - mountPath: "/artifactory_bootstrap/binarystore.xml" - subPath: binarystore.xml - {{- end }} - {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} - - name: gcpcreds-json - mountPath: "/artifactory_bootstrap/gcp.credentials.json" - subPath: gcp.credentials.json - {{- end }} - {{- if .Values.artifactory.configMapName }} - - name: bootstrap-config - mountPath: "/bootstrap/" - {{- end }} - {{- if or .Values.artifactory.license.secret .Values.artifactory.license.licenseKey }} - - name: artifactory-license - mountPath: "/artifactory_bootstrap/artifactory.cluster.license" - {{- if .Values.artifactory.license.secret }} - subPath: {{ .Values.artifactory.license.dataKey }} - {{- else if .Values.artifactory.license.licenseKey }} - subPath: artifactory.lic - {{- end }} - {{- end }} - {{- end }} - - name: installer-info - mountPath: "/artifactory_bootstrap/info/installer-info.json" - subPath: installer-info.json - {{- if or .Values.artifactory.customVolumeMounts .Values.global.customVolumeMounts }} -{{ tpl (include "artifactory-ha.customVolumeMounts" .) . | indent 8 }} - {{- end }} - resources: -{{ toYaml .Values.artifactory.node.resources | indent 10 }} - {{- if .Values.artifactory.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: {{ .Values.artifactory.readinessProbe.path }} - scheme: {{ include "artifactory-ha.scheme" . | upper }} - port: {{ .Values.artifactory.internalPort }} - initialDelaySeconds: {{ .Values.artifactory.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.artifactory.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.artifactory.readinessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.artifactory.readinessProbe.failureThreshold }} - successThreshold: {{ .Values.artifactory.readinessProbe.successThreshold }} - {{- end }} - {{- if .Values.artifactory.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: {{ .Values.artifactory.livenessProbe.path }} - scheme: {{ include "artifactory-ha.scheme" . | upper }} - port: {{ .Values.artifactory.internalPort }} - initialDelaySeconds: {{ .Values.artifactory.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.artifactory.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.artifactory.livenessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.artifactory.livenessProbe.failureThreshold }} - successThreshold: {{ .Values.artifactory.livenessProbe.successThreshold }} - {{- end }} - {{- $mountPath := .Values.artifactory.persistence.mountPath }} - {{- range .Values.artifactory.loggers }} - - name: {{ . | replace "_" "-" | replace "." "-" }} - image: {{ include "artifactory-ha.getImageInfoByValue" (list $ "logger") }} - command: - - 'sh' - - '-c' - - 'sh /scripts/tail-log.sh {{ $mountPath }}/log {{ . }}' - volumeMounts: - - name: volume - mountPath: {{ $mountPath }} - - name: tail-logger-script - mountPath: /scripts/tail-log.sh - subPath: tail-log.sh - resources: -{{ toYaml $.Values.artifactory.loggersResources | indent 10 }} - {{- end }} - {{ if .Values.artifactory.catalinaLoggers }} - {{- range .Values.artifactory.catalinaLoggers }} - - name: {{ . | replace "_" "-" | replace "." "-" }} - image: {{ include "artifactory-ha.getImageInfoByValue" (list $ "logger") }} - command: - - 'sh' - - '-c' - - 'sh /scripts/tail-log.sh {{ $mountPath }}/log/tomcat {{ . }}' - volumeMounts: - - name: volume - mountPath: {{ $mountPath }} - - name: tail-logger-script - mountPath: /scripts/tail-log.sh - subPath: tail-log.sh - resources: -{{ toYaml $.Values.artifactory.catalinaLoggersResources | indent 10 }} - {{- end }} - {{- end }} - {{- if .Values.filebeat.enabled }} - - name: {{ .Values.filebeat.name }} - image: "{{ .Values.filebeat.image.repository }}:{{ .Values.filebeat.image.version }}" - imagePullPolicy: {{ .Values.filebeat.image.pullPolicy }} - args: - - "-e" - - "-E" - - "http.enabled=true" - securityContext: - runAsUser: 0 - volumeMounts: - - name: filebeat-config - mountPath: /usr/share/filebeat/filebeat.yml - readOnly: true - subPath: filebeat.yml - - name: volume - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - livenessProbe: -{{ toYaml .Values.filebeat.livenessProbe | indent 10 }} - readinessProbe: -{{ toYaml .Values.filebeat.readinessProbe | indent 10 }} - resources: -{{ toYaml .Values.filebeat.resources | indent 10 }} - terminationGracePeriodSeconds: {{ .Values.terminationGracePeriod }} - {{- end }} - {{- if or .Values.artifactory.customSidecarContainers .Values.global.customSidecarContainers }} -{{ tpl (include "artifactory-ha.customSidecarContainers" .) . | indent 6 }} - {{- end }} - {{- with .Values.artifactory.node.nodeSelector }} - nodeSelector: -{{ toYaml . | indent 8 }} - {{- end }} - {{- if .Values.artifactory.node.affinity }} - {{- with .Values.artifactory.node.affinity }} - affinity: -{{ toYaml . | indent 8 }} - {{- end }} - {{- else if eq .Values.artifactory.node.podAntiAffinity.type "soft" }} - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 - podAffinityTerm: - topologyKey: {{ .Values.artifactory.node.podAntiAffinity.topologyKey }} - labelSelector: - matchLabels: - app: {{ template "artifactory-ha.name" . }} - release: {{ .Release.Name }} - {{- if eq .Values.artifactory.service.pool "members" }} - role: {{ template "artifactory-ha.node.name" . }} - {{- end }} - {{- else if eq .Values.artifactory.node.podAntiAffinity.type "hard" }} - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: {{ .Values.artifactory.node.podAntiAffinity.topologyKey }} - labelSelector: - matchLabels: - app: {{ template "artifactory-ha.name" . }} - release: {{ .Release.Name }} - {{- if eq .Values.artifactory.service.pool "members" }} - role: {{ template "artifactory-ha.node.name" . }} - {{- end }} - {{- end }} - {{- with .Values.artifactory.node.tolerations }} - tolerations: -{{ toYaml . | indent 8 }} - {{- end }} - volumes: - {{- if .Values.artifactory.binarystore.enabled }} - - name: binarystore-xml - secret: - {{- if .Values.artifactory.persistence.customBinarystoreXmlSecret }} - secretName: {{ .Values.artifactory.persistence.customBinarystoreXmlSecret }} - {{- else }} - secretName: {{ template "artifactory-ha.fullname" . }}-binarystore - {{- end }} - {{- end }} - {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} - - name: gcpcreds-json - secret: - {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.customSecretName }} - secretName: {{ .Values.artifactory.persistence.googleStorage.gcpServiceAccount.customSecretName }} - {{- else }} - secretName: {{ template "artifactory-ha.fullname" . }}-gcpcreds - {{- end }} - {{- end }} - {{- if or .Values.artifactory.license.secret .Values.artifactory.license.licenseKey }} - - name: artifactory-license - secret: - {{- if .Values.artifactory.license.secret }} - secretName: {{ .Values.artifactory.license.secret }} - {{- else if .Values.artifactory.license.licenseKey }} - secretName: {{ template "artifactory-ha.fullname" . }}-license - {{- end }} - {{- end }} -{{- if .Values.artifactory.migration.enabled }} - - name: migration-scripts - configMap: - name: {{ template "artifactory-ha.fullname" . }}-migration-scripts -{{- end }} - - name: installer-info - configMap: - name: {{ template "artifactory-ha.fullname" . }}-installer-info - {{- if .Values.artifactory.configMapName }} - - name: bootstrap-config - configMap: - name: {{ .Values.artifactory.configMapName }} - {{- end}} - {{- if or .Values.artifactory.loggers .Values.artifactory.catalinaLoggers }} - - name: tail-logger-script - configMap: - name: {{ template "artifactory-ha.fullname" . }}-logger - {{- end }} - {{- if .Values.artifactory.configMaps }} - - name: artifactory-configmaps - configMap: - name: {{ template "artifactory-ha.fullname" . }}-configmaps - {{- end }} - {{- if eq .Values.artifactory.persistence.type "file-system" }} - {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} - {{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }} - - name: artifactory-ha-data-{{ $sharedClaimNumber }} - persistentVolumeClaim: - claimName: {{ template "artifactory-ha.fullname" $ }}-data-pvc-{{ $sharedClaimNumber }} - {{- end }} - - name: artifactory-ha-backup - persistentVolumeClaim: - claimName: {{ template "artifactory-ha.fullname" $ }}-backup-pvc - {{- end }} - {{- end }} - {{- if eq .Values.artifactory.persistence.type "nfs" }} - - name: artifactory-ha-data - persistentVolumeClaim: - claimName: {{ template "artifactory-ha.fullname" . }}-data-pvc - - name: artifactory-ha-backup - persistentVolumeClaim: - claimName: {{ template "artifactory-ha.fullname" . }}-backup-pvc - {{- end }} - {{- if or .Values.systemYamlOverride.existingSecret .Values.artifactory.systemYaml }} - - name: systemyaml - secret: - secretName: {{ default (printf "%s-%s" (include "artifactory-ha.primary.name" .) "system-yaml") .Values.systemYamlOverride.existingSecret }} - {{- end }} - {{- if .Values.artifactory.customPersistentVolumeClaim }} - - name: {{ .Values.artifactory.customPersistentVolumeClaim.name }} - persistentVolumeClaim: - claimName: {{ .Values.artifactory.customPersistentVolumeClaim.name }} - {{- end }} - {{- if .Values.filebeat.enabled }} - - name: filebeat-config - configMap: - name: {{ template "artifactory-ha.fullname" . }}-filebeat-config - {{- end }} - {{- if or .Values.artifactory.customVolumes .Values.global.customVolumes }} -{{ tpl (include "artifactory-ha.customVolumes" .) . | indent 6 }} - {{- end }} - {{- if not .Values.artifactory.persistence.enabled }} - - name: volume - emptyDir: - sizeLimit: {{ .Values.artifactory.persistence.size }} - {{- end }} - volumeClaimTemplates: - {{- if .Values.artifactory.persistence.enabled }} - - metadata: - name: volume - {{- if not .Values.artifactory.node.persistence.existingClaim }} - spec: - {{- if .Values.artifactory.persistence.storageClassName }} - {{- if (eq "-" .Values.artifactory.persistence.storageClassName) }} - storageClassName: "" - {{- else }} - storageClassName: "{{ .Values.artifactory.persistence.storageClassName }}" - {{- end }} - {{- end }} - accessModes: [ "{{ .Values.artifactory.persistence.accessMode }}" ] - resources: - requests: - storage: {{ .Values.artifactory.persistence.size }} - {{- end }} - {{- end }} - {{- if .Values.artifactory.customPersistentPodVolumeClaim }} - - metadata: - name: {{ .Values.artifactory.customPersistentPodVolumeClaim.name }} - spec: - {{- if .Values.artifactory.customPersistentPodVolumeClaim.storageClassName }} - {{- if (eq "-" .Values.artifactory.customPersistentPodVolumeClaim.storageClassName) }} - storageClassName: "" - {{- else }} - storageClassName: "{{ .Values.artifactory.customPersistentPodVolumeClaim.storageClassName }}" - {{- end }} - {{- end }} - accessModes: - {{- range .Values.artifactory.customPersistentPodVolumeClaim.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.artifactory.customPersistentPodVolumeClaim.size }} - {{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-primary-pdb.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-primary-pdb.yaml deleted file mode 100755 index cc4dfab65..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-primary-pdb.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.artifactory.primary.minAvailable -}} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ template "artifactory-ha.fullname" . }}-primary - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - component: {{ .Values.artifactory.name }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - matchLabels: - component: {{ .Values.artifactory.name }} - app: {{ template "artifactory-ha.name" . }} - role: {{ template "artifactory-ha.primary.name" . }} - release: {{ .Release.Name }} - minAvailable: {{ .Values.artifactory.primary.minAvailable }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-primary-statefulset.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-primary-statefulset.yaml deleted file mode 100755 index afe1d223d..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-primary-statefulset.yaml +++ /dev/null @@ -1,862 +0,0 @@ -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ template "artifactory-ha.primary.name" . }} - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - component: {{ .Values.artifactory.name }} - version: {{ include "artifactory-ha.app.version" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -{{- with .Values.artifactory.primary.labels }} -{{ toYaml . | indent 4 }} -{{- end }} -{{- if and .Release.IsUpgrade .Values.postgresql.enabled }} - databaseUpgradeReady: {{ required "\n\n*********\nIMPORTANT: UPGRADE STOPPED to prevent data loss!\nReview CHANGELOG.md (https://github.com/jfrog/charts/blob/master/stable/artifactory-ha/CHANGELOG.md) \nNote: This applies only when you are using bundled postgresql (postgresql.enabled=true) \nIf you are upgrading from a chart version (< 4.x) that has postgresql.image.tag of 9.x or 10.x, make sure to pass the current postgresql.image.tag and set databaseUpgradeReady=true \nOR \nIf you are upgrading from a chart version (>= 4.x), just set databaseUpgradeReady=true \n" .Values.databaseUpgradeReady | quote }} -{{- end }} -spec: - serviceName: {{ template "artifactory-ha.primary.name" . }} - replicas: {{ .Values.artifactory.primary.replicaCount }} - updateStrategy: - type: RollingUpdate - selector: - matchLabels: - app: {{ template "artifactory-ha.name" . }} - role: {{ template "artifactory-ha.primary.name" . }} - release: {{ .Release.Name }} - template: - metadata: - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - role: {{ template "artifactory-ha.primary.name" . }} - component: {{ .Values.artifactory.name }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - {{- with .Values.artifactory.primary.labels }} -{{ toYaml . | indent 8 }} - {{- end }} - annotations: - checksum/database-secrets: {{ include (print $.Template.BasePath "/artifactory-database-secrets.yaml") . | sha256sum }} - checksum/binarystore: {{ include (print $.Template.BasePath "/artifactory-binarystore-secret.yaml") . | sha256sum }} - checksum/systemyaml: {{ include (print $.Template.BasePath "/artifactory-system-yaml.yaml") . | sha256sum }} - {{- if .Values.access.accessConfig }} - checksum/access-config: {{ include (print $.Template.BasePath "/artifactory-access-config.yaml") . | sha256sum }} - {{- end }} - {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} - checksum/gcpcredentials: {{ include (print $.Template.BasePath "/artifactory-gcp-credentials-secret.yaml") . | sha256sum }} - {{- end }} - {{- if not (and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey) }} - checksum/admin-creds: {{ include (print $.Template.BasePath "/admin-bootstrap-creds.yaml") . | sha256sum }} - {{- end }} - {{- range $key, $value := .Values.artifactory.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} - spec: - {{- if .Values.artifactory.priorityClass.existingPriorityClass }} - priorityClassName: {{ .Values.artifactory.priorityClass.existingPriorityClass }} - {{- else -}} - {{- if .Values.artifactory.priorityClass.create }} - priorityClassName: {{ default (include "artifactory-ha.fullname" .) .Values.artifactory.priorityClass.name }} - {{- end }} - {{- end }} - serviceAccountName: {{ template "artifactory-ha.serviceAccountName" . }} - terminationGracePeriodSeconds: {{ .Values.artifactory.terminationGracePeriodSeconds }} - {{- if or .Values.imagePullSecrets .Values.global.imagePullSecrets }} -{{- include "artifactory-ha.imagePullSecrets" . | indent 6 }} - {{- end }} - {{- if .Values.artifactory.setSecurityContext }} - securityContext: - runAsUser: {{ .Values.artifactory.uid }} - fsGroup: {{ .Values.artifactory.gid }} - {{- end }} - initContainers: - {{- if or .Values.artifactory.customInitContainersBegin .Values.global.customInitContainersBegin }} -{{ tpl (include "artifactory-ha.customInitContainersBegin" .) . | indent 6 }} - {{- end }} - {{- if .Values.artifactory.persistence.enabled }} - {{- if eq .Values.artifactory.persistence.type "file-system" }} - {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} - - name: "create-artifactory-data-dir" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} - resources: -{{ toYaml .Values.initContainers.resources | indent 10 }} - command: - - 'sh' - - '-c' - - > - mkdir -p {{ tpl .Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir . }}; - volumeMounts: - - mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} - name: volume - {{- end }} - {{- end }} - {{- if .Values.artifactory.deleteDBPropertiesOnStartup }} - - name: "delete-db-properties" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} - resources: -{{ toYaml .Values.initContainers.resources | indent 10 }} - command: - - 'sh' - - '-c' - - 'rm -fv {{ .Values.artifactory.persistence.mountPath }}/etc/db.properties' - volumeMounts: - - mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} - name: volume - {{- end }} - - name: "remove-lost-found" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} - resources: -{{ toYaml .Values.initContainers.resources | indent 10 }} - command: - - 'sh' - - '-c' - - > - rm -rfv {{ .Values.artifactory.persistence.mountPath }}/lost+found; - rm -rfv {{ tpl .Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir . }}/lost+found; - rm -rfv {{ .Values.artifactory.persistence.fileSystem.existingSharedClaim.backupDir }}/lost+found; - volumeMounts: - - name: volume - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - {{- if eq .Values.artifactory.persistence.type "file-system" }} - {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} - {{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }} - - name: artifactory-ha-data-{{ $sharedClaimNumber }} - mountPath: "{{ tpl $.Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir $ }}/filestore{{ $sharedClaimNumber }}" - {{- end }} - - name: artifactory-ha-backup - mountPath: "{{ $.Values.artifactory.persistence.fileSystem.existingSharedClaim.backupDir }}" - {{- end }} - {{- end }} - {{- if or (and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey) .Values.artifactory.admin.password }} - - name: "access-bootstrap-creds" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} - resources: -{{ toYaml .Values.initContainers.resources | indent 10 }} - command: - - 'sh' - - '-c' - - > - echo "Preparing {{ .Values.artifactory.persistence.mountPath }}/etc/access/bootstrap.creds"; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/access; - cp -Lrf /tmp/access/bootstrap.creds {{ .Values.artifactory.persistence.mountPath }}/etc/access/bootstrap.creds; - chmod 600 {{ .Values.artifactory.persistence.mountPath }}/etc/access/bootstrap.creds; - volumeMounts: - - name: volume - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - - name: access-bootstrap-creds - mountPath: "/tmp/access/bootstrap.creds" - {{- if and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey }} - subPath: {{ .Values.artifactory.admin.dataKey }} - {{- else }} - subPath: bootstrap.creds - {{- end }} - {{- end }} - {{- end }} - - name: 'copy-system-yaml' - image: '{{ .Values.initContainerImage }}' - resources: -{{ toYaml .Values.initContainers.resources | indent 10 }} - command: - - '/bin/sh' - - '-c' - - > - echo "Copy system.yaml to {{ .Values.artifactory.persistence.mountPath }}/etc"; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/access/keys/trusted; - {{- if .Values.systemYamlOverride.existingSecret }} - cp -fv /tmp/etc/{{ .Values.systemYamlOverride.dataKey }} {{ .Values.artifactory.persistence.mountPath }}/etc/system.yaml; - {{- else }} - cp -fv /tmp/etc/system.yaml {{ .Values.artifactory.persistence.mountPath }}/etc/system.yaml; - {{- end }} - echo "Remove {{ .Values.artifactory.persistence.mountPath }}/lost+found folder if exists"; - rm -rfv {{ .Values.artifactory.persistence.mountPath }}/lost+found; - {{- if .Values.access.accessConfig }} - echo "Copy access.config.patch.yml to {{ .Values.artifactory.persistence.mountPath }}/etc/access"; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/access; - cp -fv /tmp/etc/access.config.patch.yml {{ .Values.artifactory.persistence.mountPath }}/etc/access/access.config.patch.yml; - {{- end }} - {{- if .Values.access.resetAccessCAKeys }} - echo "Resetting Access CA Keys"; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys; - touch {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys/reset_ca_keys; - {{- end }} - {{- if .Values.access.customCertificatesSecretName }} - echo "Copying custom certificates to {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys"; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys; - cp -fv /tmp/etc/tls.crt {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys/ca.crt; - cp -fv /tmp/etc/tls.key {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys/ca.private.key; - {{- end }} - {{- if or .Values.artifactory.joinKey .Values.global.joinKey .Values.artifactory.joinKeySecretName .Values.global.joinKeySecretName }} - echo "Copy joinKey to {{ .Values.artifactory.persistence.mountPath }}/bootstrap/access/etc/security"; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/bootstrap/access/etc/security; - echo -n ${ARTIFACTORY_JOIN_KEY} > {{ .Values.artifactory.persistence.mountPath }}/bootstrap/access/etc/security/join.key; - {{- end }} - {{- if or .Values.artifactory.masterKey .Values.global.masterKey .Values.artifactory.masterKeySecretName .Values.global.masterKeySecretName }} - echo "Copy masterKey to {{ .Values.artifactory.persistence.mountPath }}/etc/security"; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/security; - echo -n ${ARTIFACTORY_MASTER_KEY} > {{ .Values.artifactory.persistence.mountPath }}/etc/security/master.key; - {{- end }} - env: - {{- if or .Values.artifactory.joinKey .Values.global.joinKey .Values.artifactory.joinKeySecretName .Values.global.joinKeySecretName }} - - name: ARTIFACTORY_JOIN_KEY - valueFrom: - secretKeyRef: - name: {{ include "artifactory-ha.joinKeySecretName" . }} - key: join-key - {{- end }} - {{- if or .Values.artifactory.masterKey .Values.global.masterKey .Values.artifactory.masterKeySecretName .Values.global.masterKeySecretName }} - - name: ARTIFACTORY_MASTER_KEY - valueFrom: - secretKeyRef: - name: {{ include "artifactory-ha.masterKeySecretName" . }} - key: master-key - {{- end }} - volumeMounts: - - name: volume - mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} - {{- if or .Values.systemYamlOverride.existingSecret .Values.artifactory.systemYaml }} - - name: systemyaml - {{- if .Values.systemYamlOverride.existingSecret }} - mountPath: "/tmp/etc/{{.Values.systemYamlOverride.dataKey}}" - subPath: {{ .Values.systemYamlOverride.dataKey }} - {{- else if .Values.artifactory.systemYaml }} - mountPath: "/tmp/etc/system.yaml" - subPath: system.yaml - {{- end }} - {{- end }} - {{- if .Values.access.accessConfig }} - - name: access-config - mountPath: "/tmp/etc/access.config.patch.yml" - subPath: access.config.patch.yml - {{- end }} - {{- if .Values.access.customCertificatesSecretName }} - - name: access-certs - mountPath: "/tmp/etc/tls.crt" - subPath: tls.crt - - name: access-certs - mountPath: "/tmp/etc/tls.key" - subPath: tls.key - {{- end }} - {{- if and .Values.artifactory.customPersistentPodVolumeClaim (not .Values.artifactory.customPersistentPodVolumeClaim.skipPrepareContainer) }} - - name: "prepare-custom-persistent-volume" - image: "{{ .Values.initContainerImage }}" - resources: -{{ toYaml .Values.initContainers.resources | indent 10 }} - command: - - 'sh' - - '-c' - - > - chown -Rv {{ .Values.artifactory.uid }}:{{ .Values.artifactory.gid }} {{ .Values.artifactory.customPersistentPodVolumeClaim.mountPath }} - securityContext: - capabilities: - add: - - CHOWN - resources: -{{ toYaml .Values.initContainers.resources | indent 10 }} - volumeMounts: - - name: {{ .Values.artifactory.customPersistentPodVolumeClaim.name }} - mountPath: {{ .Values.artifactory.customPersistentPodVolumeClaim.mountPath }} - {{- end }} - {{- if .Values.waitForDatabase }} - {{- if or .Values.postgresql.enabled }} - - name: "wait-for-db" - image: "{{ .Values.initContainerImage }}" - command: - - 'sh' - - '-c' - - > - until nc -z -w 2 {{ .Release.Name }}-postgresql {{ .Values.postgresql.service.port }} && echo database ok; do - sleep 2; - done; - resources: -{{ toYaml .Values.initContainers.resources | indent 10 }} - {{- end }} - {{- end }} - {{- if or .Values.artifactory.customInitContainers .Values.global.customInitContainers }} -{{ tpl (include "artifactory-ha.customInitContainers" .) . | indent 6 }} - {{- end }} -{{- if .Values.artifactory.migration.enabled }} - - name: 'migration-artifactory-ha' - image: {{ include "artifactory-ha.getImageInfoByValue" (list . "artifactory") }} - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} - resources: -{{ toYaml .Values.artifactory.primary.resources | indent 10 }} - securityContext: - allowPrivilegeEscalation: false - command: - - '/bin/bash' - - '-c' - - > - {{- if .Values.artifactory.migration.preStartCommand }} - echo "Running custom preStartCommand command"; - {{ tpl .Values.artifactory.migration.preStartCommand . }}; - {{- end }} - scriptsPath="/opt/jfrog/artifactory/app/bin"; - mkdir -p $scriptsPath; - echo "Copy migration scripts and Run migration"; - cp -fv /tmp/migrate.sh $scriptsPath/migrate.sh; - cp -fv /tmp/migrationHelmInfo.yaml $scriptsPath/migrationHelmInfo.yaml; - cp -fv /tmp/migrationStatus.sh $scriptsPath/migrationStatus.sh; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/log; - bash $scriptsPath/migrationStatus.sh {{ include "artifactory-ha.app.version" . }} {{ .Values.artifactory.migration.timeoutSeconds }} > >(tee {{ .Values.artifactory.persistence.mountPath }}/log/helm-migration.log) 2>&1; - env: - {{- if and (not .Values.waitForDatabase) (not .Values.postgresql.enabled) }} - - name: SKIP_WAIT_FOR_EXTERNAL_DB - value: "true" - {{- end }} - {{- if or .Values.database.secrets.user .Values.database.user }} - - name: JF_SHARED_DATABASE_USERNAME - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.user }} - name: {{ tpl .Values.database.secrets.user.name . }} - key: {{ tpl .Values.database.secrets.user.key . }} - {{- else if .Values.database.user }} - name: {{ template "artifactory-ha.fullname" . }}-database-creds - key: db-user - {{- end }} - {{- end }} - {{ if or .Values.database.secrets.password .Values.database.password .Values.postgresql.enabled }} - - name: JF_SHARED_DATABASE_PASSWORD - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.password }} - name: {{ tpl .Values.database.secrets.password.name . }} - key: {{ tpl .Values.database.secrets.password.key . }} - {{- else if .Values.database.password }} - name: {{ template "artifactory-ha.fullname" . }}-database-creds - key: db-password - {{- else if .Values.postgresql.enabled }} - name: {{ .Release.Name }}-postgresql - key: postgresql-password - {{- end }} - {{- end }} - {{- if or .Values.database.secrets.url .Values.database.url }} - - name: JF_SHARED_DATABASE_URL - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.url }} - name: {{ tpl .Values.database.secrets.url.name . }} - key: {{ tpl .Values.database.secrets.url.key . }} - {{- else if .Values.database.url }} - name: {{ template "artifactory-ha.fullname" . }}-database-creds - key: db-url - {{- end }} - {{- end }} - - name: JF_SHARED_NODE_PRIMARY - value: "true" - - name: JF_SHARED_NODE_HAENABLED - value: "true" -{{- with .Values.artifactory.extraEnvironmentVariables }} -{{ tpl (toYaml .) $ | indent 8 }} -{{- end }} - volumeMounts: - - name: migration-scripts - mountPath: "/tmp/migrate.sh" - subPath: migrate.sh - - name: migration-scripts - mountPath: "/tmp/migrationHelmInfo.yaml" - subPath: migrationHelmInfo.yaml - - name: migration-scripts - mountPath: "/tmp/migrationStatus.sh" - subPath: migrationStatus.sh - - name: volume - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - {{- if eq .Values.artifactory.persistence.type "file-system" }} - {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} - {{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }} - - name: artifactory-ha-data-{{ $sharedClaimNumber }} - mountPath: "{{ tpl $.Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir $ }}/filestore{{ $sharedClaimNumber }}" - {{- end }} - - name: artifactory-ha-backup - mountPath: "{{ $.Values.artifactory.persistence.fileSystem.existingSharedClaim.backupDir }}" - {{- end }} - {{- end }} - {{- if or .Values.artifactory.customVolumeMounts .Values.global.customVolumeMounts }} -{{ tpl (include "artifactory-ha.customVolumeMounts" .) . | indent 8 }} - {{- end }} - {{- if eq .Values.artifactory.persistence.type "nfs" }} - - name: artifactory-ha-data - mountPath: "{{ .Values.artifactory.persistence.nfs.dataDir }}" - - name: artifactory-ha-backup - mountPath: "{{ .Values.artifactory.persistence.nfs.backupDir }}" - {{- else }} - {{- if .Values.artifactory.binarystore.enabled }} - - name: binarystore-xml - mountPath: "/artifactory_bootstrap/binarystore.xml" - subPath: binarystore.xml - {{- end }} - {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} - - name: gcpcreds-json - mountPath: "/artifactory_bootstrap/gcp.credentials.json" - subPath: gcp.credentials.json - {{- end }} - {{- end }} -{{- end }} - containers: - - name: {{ .Values.artifactory.name }} - image: {{ include "artifactory-ha.getImageInfoByValue" (list . "artifactory") }} - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} - securityContext: - allowPrivilegeEscalation: false - command: - - '/bin/bash' - - '-c' - - > - set -e; - if [ -d /artifactory_extra_conf ] && [ -d /artifactory_bootstrap ]; then - echo "Copying bootstrap config from /artifactory_extra_conf to /artifactory_bootstrap"; - cp -Lrfv /artifactory_extra_conf/ /artifactory_bootstrap/; - fi; - {{- if .Values.artifactory.configMapName }} - echo "Copying bootstrap configs"; - cp -Lrf /bootstrap/* /artifactory_bootstrap/; - {{- end }} - {{- if .Values.artifactory.userPluginSecrets }} - echo "Copying plugins"; - cp -Lrf /tmp/plugin/*/* /artifactory_bootstrap/plugins; - {{- end }} - {{- range .Values.artifactory.copyOnEveryStartup }} - {{- $targetPath := printf "%s/%s" $.Values.artifactory.persistence.mountPath .target }} - {{- $baseDirectory := regexFind ".*/" $targetPath }} - mkdir -p {{ $baseDirectory }}; - cp -Lrf {{ .source }} {{ $.Values.artifactory.persistence.mountPath }}/{{ .target }}; - {{- end }} - {{- with .Values.artifactory.preStartCommand }} - echo "Running custom preStartCommand command"; - {{ tpl . $ }}; - {{- end }} - {{- with .Values.artifactory.primary.preStartCommand }} - echo "Running primary specific custom preStartCommand command"; - {{ tpl . $ }}; - {{- end }} - exec /entrypoint-artifactory.sh - {{- with .Values.artifactory.postStartCommand }} - lifecycle: - postStart: - exec: - command: - - '/bin/bash' - - '-c' - - > - echo "Running custom postStartCommand command"; - {{ tpl . $ }}; - {{- end }} - env: - {{- if and (not .Values.waitForDatabase) (not .Values.postgresql.enabled) }} - - name: SKIP_WAIT_FOR_EXTERNAL_DB - value: "true" - {{- end }} - {{- if or .Values.database.secrets.user .Values.database.user }} - - name: JF_SHARED_DATABASE_USERNAME - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.user }} - name: {{ tpl .Values.database.secrets.user.name . }} - key: {{ tpl .Values.database.secrets.user.key . }} - {{- else if .Values.database.user }} - name: {{ template "artifactory-ha.fullname" . }}-database-creds - key: db-user - {{- end }} - {{- end }} - {{ if or .Values.database.secrets.password .Values.database.password .Values.postgresql.enabled }} - - name: JF_SHARED_DATABASE_PASSWORD - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.password }} - name: {{ tpl .Values.database.secrets.password.name . }} - key: {{ tpl .Values.database.secrets.password.key . }} - {{- else if .Values.database.password }} - name: {{ template "artifactory-ha.fullname" . }}-database-creds - key: db-password - {{- else if .Values.postgresql.enabled }} - name: {{ .Release.Name }}-postgresql - key: postgresql-password - {{- end }} - {{- end }} - {{- if or .Values.database.secrets.url .Values.database.url }} - - name: JF_SHARED_DATABASE_URL - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.url }} - name: {{ tpl .Values.database.secrets.url.name . }} - key: {{ tpl .Values.database.secrets.url.key . }} - {{- else if .Values.database.url }} - name: {{ template "artifactory-ha.fullname" . }}-database-creds - key: db-url - {{- end }} - {{- end }} - - name: JF_SHARED_NODE_PRIMARY - value: "true" - - name: JF_SHARED_NODE_HAENABLED - value: "true" -{{- with .Values.artifactory.extraEnvironmentVariables }} -{{ tpl (toYaml .) $ | indent 8 }} -{{- end }} - ports: - - containerPort: {{ .Values.artifactory.internalPort }} - name: http - - containerPort: {{ .Values.artifactory.internalArtifactoryPort }} - name: http-internal - {{- if .Values.artifactory.primary.javaOpts.jmx.enabled }} - - containerPort: {{ .Values.artifactory.primary.javaOpts.jmx.port }} - name: tcp-jmx - {{- end }} - {{- if .Values.artifactory.ssh.enabled }} - - containerPort: {{ .Values.artifactory.ssh.internalPort }} - name: tcp-ssh - {{- end }} - volumeMounts: - {{- if .Values.artifactory.customPersistentVolumeClaim }} - - name: {{ .Values.artifactory.customPersistentVolumeClaim.name }} - mountPath: {{ .Values.artifactory.customPersistentVolumeClaim.mountPath }} - {{- end }} - {{- if .Values.artifactory.customPersistentPodVolumeClaim }} - - name: {{ .Values.artifactory.customPersistentPodVolumeClaim.name }} - mountPath: {{ .Values.artifactory.customPersistentPodVolumeClaim.mountPath }} - {{- end }} - {{- if .Values.artifactory.userPluginSecrets }} - - name: bootstrap-plugins - mountPath: "/artifactory_bootstrap/plugins/" - {{- range .Values.artifactory.userPluginSecrets }} - - name: {{ tpl . $ }} - mountPath: "/tmp/plugin/{{ tpl . $ }}" - {{- end }} - {{- end }} - - name: volume - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - {{- if eq .Values.artifactory.persistence.type "file-system" }} - {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} - {{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }} - - name: artifactory-ha-data-{{ $sharedClaimNumber }} - mountPath: "{{ tpl $.Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir $ }}/filestore{{ $sharedClaimNumber }}" - {{- end }} - - name: artifactory-ha-backup - mountPath: "{{ $.Values.artifactory.persistence.fileSystem.existingSharedClaim.backupDir }}" - {{- end }} - {{- end }} - {{- if eq .Values.artifactory.persistence.type "nfs" }} - - name: artifactory-ha-data - mountPath: "{{ .Values.artifactory.persistence.nfs.dataDir }}" - - name: artifactory-ha-backup - mountPath: "{{ .Values.artifactory.persistence.nfs.backupDir }}" - {{- else }} - {{- if .Values.artifactory.binarystore.enabled }} - - name: binarystore-xml - mountPath: "/artifactory_bootstrap/binarystore.xml" - subPath: binarystore.xml - {{- end }} - {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} - - name: gcpcreds-json - mountPath: "/artifactory_bootstrap/gcp.credentials.json" - subPath: gcp.credentials.json - {{- end }} - {{- end }} - {{- if .Values.artifactory.configMapName }} - - name: bootstrap-config - mountPath: "/bootstrap/" - {{- end }} - {{- if or .Values.artifactory.license.secret .Values.artifactory.license.licenseKey }} - - name: artifactory-license - mountPath: "/artifactory_bootstrap/artifactory.cluster.license" - {{- if .Values.artifactory.license.secret }} - subPath: {{ .Values.artifactory.license.dataKey }} - {{- else if .Values.artifactory.license.licenseKey }} - subPath: artifactory.lic - {{- end }} - {{- end }} - - name: installer-info - mountPath: "/artifactory_bootstrap/info/installer-info.json" - subPath: installer-info.json - {{- if or .Values.artifactory.customVolumeMounts .Values.global.customVolumeMounts }} -{{ tpl (include "artifactory-ha.customVolumeMounts" .) . | indent 8 }} - {{- end }} - resources: -{{ toYaml .Values.artifactory.primary.resources | indent 10 }} - {{- if .Values.artifactory.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: {{ .Values.artifactory.readinessProbe.path }} - scheme: {{ include "artifactory-ha.scheme" . | upper }} - port: {{ .Values.artifactory.internalPort }} - initialDelaySeconds: {{ .Values.artifactory.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.artifactory.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.artifactory.readinessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.artifactory.readinessProbe.failureThreshold }} - successThreshold: {{ .Values.artifactory.readinessProbe.successThreshold }} - {{- end }} - {{- if .Values.artifactory.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: {{ .Values.artifactory.livenessProbe.path }} - scheme: {{ include "artifactory-ha.scheme" . | upper }} - port: {{ .Values.artifactory.internalPort }} - initialDelaySeconds: {{ .Values.artifactory.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.artifactory.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.artifactory.livenessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.artifactory.livenessProbe.failureThreshold }} - successThreshold: {{ .Values.artifactory.livenessProbe.successThreshold }} - {{- end }} - {{- $mountPath := .Values.artifactory.persistence.mountPath }} - {{- range .Values.artifactory.loggers }} - - name: {{ . | replace "_" "-" | replace "." "-" }} - image: {{ include "artifactory-ha.getImageInfoByValue" (list $ "logger") }} - command: - - 'sh' - - '-c' - - 'sh /scripts/tail-log.sh {{ $mountPath }}/log {{ . }}' - volumeMounts: - - name: volume - mountPath: {{ $mountPath }} - - name: tail-logger-script - mountPath: /scripts/tail-log.sh - subPath: tail-log.sh - resources: -{{ toYaml $.Values.artifactory.loggersResources | indent 10 }} - {{- end }} - {{ if .Values.artifactory.catalinaLoggers }} - {{- range .Values.artifactory.catalinaLoggers }} - - name: {{ . | replace "_" "-" | replace "." "-" }} - image: {{ include "artifactory-ha.getImageInfoByValue" (list $ "logger") }} - command: - - 'sh' - - '-c' - - 'sh /scripts/tail-log.sh {{ $mountPath }}/log/tomcat {{ . }}' - volumeMounts: - - name: volume - mountPath: {{ $mountPath }} - - name: tail-logger-script - mountPath: /scripts/tail-log.sh - subPath: tail-log.sh - resources: -{{ toYaml $.Values.artifactory.catalinaLoggersResources | indent 10 }} - {{- end }} - {{- end }} - {{- if .Values.filebeat.enabled }} - - name: {{ .Values.filebeat.name }} - image: "{{ .Values.filebeat.image.repository }}:{{ .Values.filebeat.image.version }}" - imagePullPolicy: {{ .Values.filebeat.image.pullPolicy }} - args: - - "-e" - - "-E" - - "http.enabled=true" - securityContext: - runAsUser: 0 - volumeMounts: - - name: filebeat-config - mountPath: /usr/share/filebeat/filebeat.yml - readOnly: true - subPath: filebeat.yml - - name: volume - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - livenessProbe: -{{ toYaml .Values.filebeat.livenessProbe | indent 10 }} - readinessProbe: -{{ toYaml .Values.filebeat.readinessProbe | indent 10 }} - resources: -{{ toYaml .Values.filebeat.resources | indent 10 }} - terminationGracePeriodSeconds: {{ .Values.terminationGracePeriod }} - {{- end }} - {{- if or .Values.artifactory.customSidecarContainers .Values.global.customSidecarContainers }} -{{ tpl (include "artifactory-ha.customSidecarContainers" .) . | indent 6 }} - {{- end }} - {{- with .Values.artifactory.primary.nodeSelector }} - nodeSelector: -{{ toYaml . | indent 8 }} - {{- end }} - {{- if .Values.artifactory.primary.affinity }} - {{- with .Values.artifactory.primary.affinity }} - affinity: -{{ toYaml . | indent 8 }} - {{- end }} - {{- else if eq .Values.artifactory.primary.podAntiAffinity.type "soft" }} - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 - podAffinityTerm: - topologyKey: {{ .Values.artifactory.primary.podAntiAffinity.topologyKey }} - labelSelector: - matchLabels: - app: {{ template "artifactory-ha.name" . }} - release: {{ .Release.Name }} - {{- else if eq .Values.artifactory.primary.podAntiAffinity.type "hard" }} - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: {{ .Values.artifactory.primary.podAntiAffinity.topologyKey }} - labelSelector: - matchLabels: - app: {{ template "artifactory-ha.name" . }} - release: {{ .Release.Name }} - {{- end }} - {{- with .Values.artifactory.primary.tolerations }} - tolerations: -{{ toYaml . | indent 8 }} - {{- end }} - volumes: - {{- if .Values.artifactory.binarystore.enabled }} - - name: binarystore-xml - secret: - {{- if .Values.artifactory.persistence.customBinarystoreXmlSecret }} - secretName: {{ .Values.artifactory.persistence.customBinarystoreXmlSecret }} - {{- else }} - secretName: {{ template "artifactory-ha.fullname" . }}-binarystore - {{- end }} - {{- end }} - {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} - - name: gcpcreds-json - secret: - {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.customSecretName }} - secretName: {{ .Values.artifactory.persistence.googleStorage.gcpServiceAccount.customSecretName }} - {{- else }} - secretName: {{ template "artifactory-ha.fullname" . }}-gcpcreds - {{- end }} - {{- end }} - {{- if or .Values.artifactory.license.secret .Values.artifactory.license.licenseKey }} - - name: artifactory-license - secret: - {{- if .Values.artifactory.license.secret }} - secretName: {{ .Values.artifactory.license.secret }} - {{- else if .Values.artifactory.license.licenseKey }} - secretName: {{ template "artifactory-ha.fullname" . }}-license - {{- end }} - {{- end }} -{{- if .Values.artifactory.migration.enabled }} - - name: migration-scripts - configMap: - name: {{ template "artifactory-ha.fullname" . }}-migration-scripts -{{- end }} - - name: installer-info - configMap: - name: {{ template "artifactory-ha.fullname" . }}-installer-info - {{- if .Values.artifactory.userPluginSecrets }} - - name: bootstrap-plugins - emptyDir: {} - {{- range .Values.artifactory.userPluginSecrets }} - - name: {{ tpl . $ }} - secret: - secretName: {{ tpl . $ }} - {{- end }} - {{- end }} - {{- if .Values.artifactory.configMapName }} - - name: bootstrap-config - configMap: - name: {{ .Values.artifactory.configMapName }} - {{- end}} - {{- if or .Values.artifactory.loggers .Values.artifactory.catalinaLoggers }} - - name: tail-logger-script - configMap: - name: {{ template "artifactory-ha.fullname" . }}-logger - {{- end }} - {{- if .Values.artifactory.configMaps }} - - name: artifactory-configmaps - configMap: - name: {{ template "artifactory-ha.fullname" . }}-configmaps - {{- end }} - {{- if or (and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey) .Values.artifactory.admin.password }} - - name: access-bootstrap-creds - secret: - {{- if and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey }} - secretName: {{ .Values.artifactory.admin.secret }} - {{- else }} - secretName: {{ template "artifactory-ha.fullname" . }}-bootstrap-creds - {{- end }} - {{- end }} - {{- if eq .Values.artifactory.persistence.type "file-system" }} - {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} - {{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }} - - name: artifactory-ha-data-{{ $sharedClaimNumber }} - persistentVolumeClaim: - claimName: {{ template "artifactory-ha.fullname" $ }}-data-pvc-{{ $sharedClaimNumber }} - {{- end }} - - name: artifactory-ha-backup - persistentVolumeClaim: - claimName: {{ template "artifactory-ha.fullname" $ }}-backup-pvc - {{- end }} - {{- end }} - {{- if eq .Values.artifactory.persistence.type "nfs" }} - - name: artifactory-ha-data - persistentVolumeClaim: - claimName: {{ template "artifactory-ha.fullname" . }}-data-pvc - - name: artifactory-ha-backup - persistentVolumeClaim: - claimName: {{ template "artifactory-ha.fullname" . }}-backup-pvc - {{- end }} - {{- if or .Values.systemYamlOverride.existingSecret .Values.artifactory.systemYaml }} - - name: systemyaml - secret: - secretName: {{ default (printf "%s-%s" (include "artifactory-ha.primary.name" .) "system-yaml") .Values.systemYamlOverride.existingSecret }} - {{- end }} - {{- if .Values.access.accessConfig }} - - name: access-config - secret: - secretName: {{ template "artifactory-ha.fullname" . }}-access-config - {{- end }} - {{- if .Values.access.customCertificatesSecretName }} - - name: access-certs - secret: - secretName: {{ .Values.access.customCertificatesSecretName }} - {{- end }} - {{- if .Values.artifactory.customPersistentVolumeClaim }} - - name: {{ .Values.artifactory.customPersistentVolumeClaim.name }} - persistentVolumeClaim: - claimName: {{ .Values.artifactory.customPersistentVolumeClaim.name }} - {{- end }} - {{- if .Values.filebeat.enabled }} - - name: filebeat-config - configMap: - name: {{ template "artifactory-ha.fullname" . }}-filebeat-config - {{- end }} - {{- if or .Values.artifactory.customVolumes .Values.global.customVolumes }} -{{ tpl (include "artifactory-ha.customVolumes" .) . | indent 6 }} - {{- end }} - {{- if not .Values.artifactory.persistence.enabled }} - - name: volume - emptyDir: - sizeLimit: {{ .Values.artifactory.persistence.size }} - {{- end }} - volumeClaimTemplates: - {{- if .Values.artifactory.persistence.enabled }} - - metadata: - name: volume - {{- if not .Values.artifactory.primary.persistence.existingClaim }} - spec: - {{- if .Values.artifactory.persistence.storageClassName }} - {{- if (eq "-" .Values.artifactory.persistence.storageClassName) }} - storageClassName: "" - {{- else }} - storageClassName: "{{ .Values.artifactory.persistence.storageClassName }}" - {{- end }} - {{- end }} - accessModes: [ "{{ .Values.artifactory.persistence.accessMode }}" ] - resources: - requests: - storage: {{ .Values.artifactory.persistence.size }} - {{- end }} - {{- end }} - {{- if .Values.artifactory.customPersistentPodVolumeClaim }} - - metadata: - name: {{ .Values.artifactory.customPersistentPodVolumeClaim.name }} - spec: - {{- if .Values.artifactory.customPersistentPodVolumeClaim.storageClassName }} - {{- if (eq "-" .Values.artifactory.customPersistentPodVolumeClaim.storageClassName) }} - storageClassName: "" - {{- else }} - storageClassName: "{{ .Values.artifactory.customPersistentPodVolumeClaim.storageClassName }}" - {{- end }} - {{- end }} - accessModes: - {{- range .Values.artifactory.customPersistentPodVolumeClaim.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.artifactory.customPersistentPodVolumeClaim.size }} - {{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-priority-class.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-priority-class.yaml deleted file mode 100755 index 417ec5c06..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-priority-class.yaml +++ /dev/null @@ -1,9 +0,0 @@ -{{- if .Values.artifactory.priorityClass.create }} -apiVersion: scheduling.k8s.io/v1 -kind: PriorityClass -metadata: - name: {{ default (include "artifactory-ha.fullname" .) .Values.artifactory.priorityClass.name }} -value: {{ .Values.artifactory.priorityClass.value }} -globalDefault: false -description: "Artifactory priority class" -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-role.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-role.yaml deleted file mode 100755 index c86bffddd..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-role.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.rbac.create }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - component: {{ .Values.artifactory.name }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - name: {{ template "artifactory-ha.fullname" . }} -rules: -{{ toYaml .Values.rbac.role.rules }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-rolebinding.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-rolebinding.yaml deleted file mode 100755 index 4412870b1..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-rolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.rbac.create }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - component: {{ .Values.artifactory.name }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - name: {{ template "artifactory-ha.fullname" . }} -subjects: -- kind: ServiceAccount - name: {{ template "artifactory-ha.serviceAccountName" . }} -roleRef: - kind: Role - apiGroup: rbac.authorization.k8s.io - name: {{ template "artifactory-ha.fullname" . }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-secrets.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-secrets.yaml deleted file mode 100755 index 5870428ca..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-secrets.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "artifactory-ha.fullname" . }} - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -type: Opaque -data: - {{- if or .Values.artifactory.masterKey .Values.global.masterKey }} - {{- if not (or .Values.artifactory.masterKeySecretName .Values.global.masterKeySecretName) }} - master-key: {{ include "artifactory-ha.masterKey" . | b64enc | quote }} - {{- end }} - {{- end }} - {{- if or .Values.artifactory.joinKey .Values.global.joinKey }} - {{- if not (or .Values.artifactory.joinKeySecretName .Values.global.joinKeySecretName) }} - join-key: {{ include "artifactory-ha.joinKey" . | b64enc | quote }} - {{- end }} - {{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-service.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-service.yaml deleted file mode 100755 index baacb970f..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-service.yaml +++ /dev/null @@ -1,109 +0,0 @@ -# Service for all Artifactory cluster nodes. -apiVersion: v1 -kind: Service -metadata: - name: {{ template "artifactory-ha.fullname" . }} - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - component: {{ .Values.artifactory.name }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - {{- with .Values.artifactory.node.labels }} -{{ toYaml .| indent 4 }} - {{- end }} -{{- if .Values.artifactory.service.annotations }} - annotations: -{{ toYaml .Values.artifactory.service.annotations | indent 4 }} -{{- end }} -spec: - type: {{ .Values.artifactory.service.type }} - {{- if and (eq .Values.artifactory.service.type "ClusterIP") .Values.artifactory.service.clusterIP }} - clusterIP: {{ .Values.artifactory.service.clusterIP }} - {{- end }} - {{- if .Values.artifactory.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml .Values.artifactory.service.loadBalancerSourceRanges | indent 4 }} - {{- end }} - ports: - - port: {{ .Values.artifactory.externalPort }} - targetPort: {{ .Values.artifactory.internalPort }} - protocol: TCP - name: http-router - {{- if .Values.artifactory.ssh.enabled }} - - port: {{ .Values.artifactory.ssh.externalPort }} - targetPort: {{ .Values.artifactory.ssh.internalPort }} - protocol: TCP - name: tcp-ssh - {{- end }} - - port: {{ .Values.artifactory.externalArtifactoryPort }} - targetPort: {{ .Values.artifactory.internalArtifactoryPort }} - protocol: TCP - name: http-artifactory - {{- with .Values.artifactory.node.javaOpts.jmx }} - {{- if .enabled }} - - port: {{ .port }} - targetPort: {{ .port }} - protocol: TCP - name: tcp-jmx - {{- end }} - {{- end }} - selector: -{{- if eq (int .Values.artifactory.node.replicaCount) 0 }} - role: {{ template "artifactory-ha.primary.name" . }} -{{- else if eq .Values.artifactory.service.pool "members" }} - role: {{ template "artifactory-ha.node.name" . }} -{{- end }} - app: {{ template "artifactory-ha.name" . }} - component: "{{ .Values.artifactory.name }}" - release: {{ .Release.Name }} ---- -# Internal service for Artifactory primary node only! -# Used by member nodes to check readiness of primary node before starting up -apiVersion: v1 -kind: Service -metadata: - name: {{ template "artifactory-ha.primary.name" . }} - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - component: {{ .Values.artifactory.name }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - {{- with .Values.artifactory.primary.labels }} -{{ toYaml . | indent 4 }} - {{- end }} -spec: - # Statically setting service type to ClusterIP since this is an internal only service - type: ClusterIP - {{- if and (eq .Values.artifactory.service.type "ClusterIP") .Values.artifactory.service.clusterIP }} - clusterIP: {{ .Values.artifactory.service.clusterIP }} - {{- end }} - ports: - - port: {{ .Values.artifactory.externalPort }} - targetPort: {{ .Values.artifactory.internalPort }} - protocol: TCP - name: http-router - - port: {{ .Values.artifactory.externalArtifactoryPort }} - targetPort: {{ .Values.artifactory.internalArtifactoryPort }} - protocol: TCP - name: http-artifactory - {{- if .Values.artifactory.ssh.enabled }} - - port: {{ .Values.artifactory.ssh.externalPort }} - targetPort: {{ .Values.artifactory.ssh.internalPort }} - protocol: TCP - name: tcp-ssh - {{- end }} - {{- with .Values.artifactory.primary.javaOpts.jmx }} - {{- if .enabled }} - - port: {{ .port }} - targetPort: {{ .port }} - protocol: TCP - name: tcp-jmx - {{- end }} - {{- end }} - selector: - role: {{ template "artifactory-ha.primary.name" . }} - app: {{ template "artifactory-ha.name" . }} - component: "{{ .Values.artifactory.name }}" - release: {{ .Release.Name }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-serviceaccount.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-serviceaccount.yaml deleted file mode 100755 index 6983c1d12..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: -{{- with .Values.serviceAccount.annotations }} - annotations: -{{ tpl (toYaml .) $ | indent 4 }} -{{- end }} - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - component: {{ .Values.artifactory.name }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - name: {{ template "artifactory-ha.serviceAccountName" . }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-storage-pvc.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-storage-pvc.yaml deleted file mode 100755 index e0bfa6b11..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-storage-pvc.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{ if .Values.artifactory.customPersistentVolumeClaim }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ .Values.artifactory.customPersistentVolumeClaim.name }} - labels: - app: {{ template "artifactory-ha.name" . }} - version: "{{ .Values.artifactory.version }}" - chart: {{ template "artifactory-ha.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - accessModes: - {{- range .Values.artifactory.customPersistentVolumeClaim.accessModes }} - - {{ . | quote }} - {{- end }} - {{- if .Values.artifactory.customPersistentVolumeClaim.storageClassName }} - {{- if (eq "-" .Values.artifactory.customPersistentVolumeClaim.storageClassName) }} - storageClassName: "" - {{- else }} - storageClassName: "{{ .Values.artifactory.customPersistentVolumeClaim.storageClassName }}" - {{- end }} - {{- end }} - resources: - requests: - storage: {{ .Values.artifactory.customPersistentVolumeClaim.size | quote }} -{{ end -}} \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-system-yaml.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-system-yaml.yaml deleted file mode 100755 index aaa1be152..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-system-yaml.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if not .Values.systemYamlOverride.existingSecret }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "artifactory-ha.primary.name" . }}-system-yaml - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - component: {{ .Values.artifactory.name }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -type: Opaque -stringData: - system.yaml: | -{{ tpl .Values.artifactory.systemYaml . | indent 4 }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/filebeat-configmap.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/filebeat-configmap.yaml deleted file mode 100755 index d2db2a067..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/filebeat-configmap.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if .Values.filebeat.enabled }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "artifactory-ha.name" . }}-filebeat-config - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version }} - heritage: {{ .Release.Service | quote }} - release: {{ .Release.Name | quote }} -data: - filebeat.yml: | -{{ tpl .Values.filebeat.filebeatYml . | indent 4 }} -{{- end -}} \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/ingress.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/ingress.yaml deleted file mode 100755 index 53f7c93ec..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/ingress.yaml +++ /dev/null @@ -1,149 +0,0 @@ -{{- if .Values.ingress.enabled -}} -{{- $serviceName := include "artifactory-ha.fullname" . -}} -{{- $servicePort := .Values.artifactory.externalPort -}} -{{- $artifactoryServicePort := .Values.artifactory.externalArtifactoryPort -}} -{{- $ingressName := default ( include "artifactory-ha.fullname" . ) .Values.ingress.name -}} -{{- if semverCompare ">=v1.14.0-0" .Capabilities.KubeVersion.GitVersion }} -apiVersion: networking.k8s.io/v1beta1 -{{- else }} -apiVersion: extensions/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: {{ $ingressName }} - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -{{- if .Values.ingress.labels }} -{{ .Values.ingress.labels | toYaml | trimSuffix "\n"| indent 4 -}} -{{- end}} -{{- if .Values.ingress.annotations }} - annotations: -{{ .Values.ingress.annotations | toYaml | trimSuffix "\n" | indent 4 -}} -{{- end }} -spec: - {{- if .Values.ingress.defaultBackend.enabled }} - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end }} - rules: -{{- if .Values.ingress.hosts }} - {{- range $host := .Values.ingress.hosts }} - - host: {{ $host | quote }} - http: - paths: - - path: {{ $.Values.ingress.routerPath }} - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - - path: {{ $.Values.ingress.artifactoryPath }} - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $artifactoryServicePort }} - {{- end -}} -{{- end -}} - {{- with .Values.ingress.additionalRules }} -{{ tpl . $ | indent 2 }} - {{- end }} - {{- if .Values.ingress.tls }} - tls: -{{ toYaml .Values.ingress.tls | indent 4 }} - {{- end -}} -{{- if .Values.artifactory.replicator.enabled }} ---- -{{- $replicationIngressName := default ( include "artifactory-ha.replicator.fullname" . ) .Values.artifactory.replicator.ingress.name -}} -{{- if semverCompare ">=v1.14.0-0" .Capabilities.KubeVersion.GitVersion }} -apiVersion: networking.k8s.io/v1beta1 -{{- else }} -apiVersion: extensions/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: {{ $replicationIngressName }} - labels: - app: "{{ template "artifactory-ha.name" $ }}" - chart: "{{ template "artifactory-ha.chart" $ }}" - release: {{ $.Release.Name | quote }} - heritage: {{ $.Release.Service | quote }} - {{- if .Values.artifactory.replicator.ingress.annotations }} - annotations: -{{ .Values.artifactory.replicator.ingress.annotations | toYaml | trimSuffix "\n" | indent 4 -}} - {{- end }} -spec: - {{- if .Values.ingress.defaultBackend.enabled }} - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end }} - rules: -{{- if .Values.artifactory.replicator.ingress.hosts }} - {{- range $host := .Values.artifactory.replicator.ingress.hosts }} - - host: {{ $host | quote }} - http: - paths: - - path: /replicator/ - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - - path: /artifactory/api/replication/replicate/file/streaming - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end -}} -{{- end -}} - {{- if .Values.artifactory.replicator.ingress.tls }} - tls: -{{ toYaml .Values.artifactory.replicator.ingress.tls | indent 4 }} - {{- end -}} -{{- end -}} -{{- if and .Values.artifactory.replicator.enabled .Values.artifactory.replicator.trackerIngress.enabled }} ---- -{{- $replicatorTrackerIngressName := default ( include "artifactory-ha.replicator.tracker.fullname" . ) .Values.artifactory.replicator.trackerIngress.name -}} - {{- if semverCompare ">=v1.14.0-0" .Capabilities.KubeVersion.GitVersion }} -apiVersion: networking.k8s.io/v1beta1 - {{- else }} -apiVersion: extensions/v1beta1 - {{- end }} -kind: Ingress -metadata: - name: {{ $replicatorTrackerIngressName }} - labels: - app: "{{ template "artifactory-ha.name" $ }}" - chart: "{{ template "artifactory-ha.chart" $ }}" - release: {{ $.Release.Name | quote }} - heritage: {{ $.Release.Service | quote }} - {{- if .Values.artifactory.replicator.trackerIngress.annotations }} - annotations: -{{ .Values.artifactory.replicator.trackerIngress.annotations | toYaml | trimSuffix "\n" | indent 4 -}} - {{- end }} -spec: - {{- if .Values.ingress.defaultBackend.enabled }} - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end }} - rules: -{{- if .Values.artifactory.replicator.trackerIngress.hosts }} - {{- range $host := .Values.artifactory.replicator.trackerIngress.hosts }} - - host: {{ $host | quote }} - http: - paths: - - path: / - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end -}} -{{- end -}} - {{- if .Values.artifactory.replicator.trackerIngress.tls }} - tls: -{{ toYaml .Values.artifactory.replicator.trackerIngress.tls | indent 4 }} - {{- end -}} -{{- end -}} -{{- if .Values.customIngress }} ---- -{{ .Values.customIngress | toYaml | trimSuffix "\n" }} -{{- end -}} -{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/logger-configmap.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/logger-configmap.yaml deleted file mode 100755 index 87fe8999e..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/logger-configmap.yaml +++ /dev/null @@ -1,63 +0,0 @@ -{{- if or .Values.artifactory.loggers .Values.artifactory.catalinaLoggers }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "artifactory-ha.fullname" . }}-logger - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - tail-log.sh: | - #!/bin/sh - - LOG_DIR=$1 - LOG_NAME=$2 - PID= - - # Wait for log dir to appear - while [ ! -d ${LOG_DIR} ]; do - sleep 1 - done - - cd ${LOG_DIR} - - LOG_PREFIX=$(echo ${LOG_NAME} | sed 's/.log$//g') - - # Find the log to tail - LOG_FILE=$(ls -1t ./${LOG_PREFIX}*.log 2>/dev/null | head -1) - - # Wait for the log file - while [ -z "${LOG_FILE}" ]; do - sleep 1 - LOG_FILE=$(ls -1t ./${LOG_PREFIX}*.log 2>/dev/null | head -1) - done - - echo "Log file ${LOG_FILE} is ready!" - - # Get inode number - INODE_ID=$(ls -i ${LOG_FILE}) - - # echo "Tailing ${LOG_FILE}" - tail -F ${LOG_FILE} & - PID=$! - - # Loop forever to see if a new log was created - while true; do - # Check inode number - NEW_INODE_ID=$(ls -i ${LOG_FILE}) - - # If inode number changed, this means log was rotated and need to start a new tail - if [ "${INODE_ID}" != "${NEW_INODE_ID}" ]; then - kill -9 ${PID} 2>/dev/null - INODE_ID="${NEW_INODE_ID}" - - # Start a new tail - tail -F ${LOG_FILE} & - PID=$! - fi - sleep 1 - done - -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/nginx-artifactory-conf.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/nginx-artifactory-conf.yaml deleted file mode 100755 index eb1f0e698..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/nginx-artifactory-conf.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if and (not .Values.nginx.customArtifactoryConfigMap) .Values.nginx.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "artifactory-ha.fullname" . }}-nginx-artifactory-conf - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - artifactory.conf: | -{{ tpl .Values.nginx.artifactoryConf . | indent 4 }} -{{- end }} \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/nginx-certificate-secret.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/nginx-certificate-secret.yaml deleted file mode 100755 index c4aceb951..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/nginx-certificate-secret.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if and (not .Values.nginx.tlsSecretName) .Values.nginx.https.enabled }} -apiVersion: v1 -kind: Secret -type: kubernetes.io/tls -metadata: - name: {{ template "artifactory-ha.fullname" . }}-nginx-certificate - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: -{{ ( include "artifactory-ha.gen-certs" . ) | indent 2 }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/nginx-conf.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/nginx-conf.yaml deleted file mode 100755 index 5f424d52a..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/nginx-conf.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if and (not .Values.nginx.customConfigMap) .Values.nginx.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "artifactory-ha.fullname" . }}-nginx-conf - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - nginx.conf: | -{{ tpl .Values.nginx.mainConf . | indent 4 }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/nginx-deployment.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/nginx-deployment.yaml deleted file mode 100755 index 7d321b3f9..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/nginx-deployment.yaml +++ /dev/null @@ -1,201 +0,0 @@ -{{- if .Values.nginx.enabled -}} -{{- $serviceName := include "artifactory-ha.fullname" . -}} -{{- $servicePort := .Values.artifactory.externalPort -}} -apiVersion: apps/v1 -kind: {{ .Values.nginx.kind }} -metadata: - name: {{ template "artifactory-ha.nginx.fullname" . }} - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - component: {{ .Values.nginx.name }} -{{- if .Values.nginx.labels }} -{{ toYaml .Values.nginx.labels | indent 4 }} -{{- end }} -spec: -{{- if ne .Values.nginx.kind "DaemonSet" }} - replicas: {{ .Values.nginx.replicaCount }} -{{- end }} - selector: - matchLabels: - app: {{ template "artifactory-ha.name" . }} - release: {{ .Release.Name }} - component: {{ .Values.nginx.name }} - template: - metadata: - annotations: - checksum/nginx-conf: {{ include (print $.Template.BasePath "/nginx-conf.yaml") . | sha256sum }} - checksum/nginx-artifactory-conf: {{ include (print $.Template.BasePath "/nginx-artifactory-conf.yaml") . | sha256sum }} - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - component: {{ .Values.nginx.name }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - serviceAccountName: {{ template "artifactory-ha.serviceAccountName" . }} - {{- if or .Values.imagePullSecrets .Values.global.imagePullSecrets }} -{{- include "artifactory-ha.imagePullSecrets" . | indent 6 }} - {{- end }} - {{- if .Values.nginx.priorityClassName }} - priorityClassName: {{ .Values.nginx.priorityClassName | quote }} - {{- end }} - initContainers: - - name: "setup" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: {{ .Values.nginx.image.pullPolicy }} - command: - - '/bin/sh' - - '-c' - - > - rm -rfv {{ .Values.nginx.persistence.mountPath }}/lost+found; - mkdir -p {{ .Values.nginx.persistence.mountPath }}/logs; - volumeMounts: - - mountPath: {{ .Values.nginx.persistence.mountPath | quote }} - name: nginx-volume - securityContext: - runAsUser: {{ .Values.nginx.uid }} - fsGroup: {{ .Values.nginx.gid }} - containers: - - name: {{ .Values.nginx.name }} - image: {{ include "artifactory-ha.getImageInfoByValue" (list . "nginx") }} - imagePullPolicy: {{ .Values.nginx.image.pullPolicy }} - command: - - 'nginx' - - '-g' - - 'daemon off;' - ports: - # DEPRECATION NOTE: The following is to maintain support for values pre 1.3.1 and - # will be cleaned up in a later version - {{- if .Values.nginx.http }} - {{- if .Values.nginx.http.enabled }} - - containerPort: {{ .Values.nginx.http.internalPort }} - name: http - {{- end }} - {{- else }} # DEPRECATED - - containerPort: {{ .Values.nginx.internalPortHttp }} - name: http-internal - {{- end }} - {{- if .Values.nginx.https }} - {{- if .Values.nginx.https.enabled }} - - containerPort: {{ .Values.nginx.https.internalPort }} - name: https - {{- end }} - {{- else }} # DEPRECATED - - containerPort: {{ .Values.nginx.internalPortHttps }} - name: https-internal - {{- end }} - {{- if .Values.artifactory.ssh.enabled }} - - containerPort: {{ .Values.nginx.ssh.internalPort }} - name: tcp-ssh - {{- end }} - volumeMounts: - - name: nginx-conf - mountPath: /etc/nginx/nginx.conf - subPath: nginx.conf - - name: nginx-artifactory-conf - mountPath: "{{ .Values.nginx.persistence.mountPath }}/conf.d/" - - name: nginx-volume - mountPath: {{ .Values.nginx.persistence.mountPath | quote }} - {{- if .Values.nginx.https.enabled }} - - name: ssl-certificates - mountPath: "{{ .Values.nginx.persistence.mountPath }}/ssl" - {{- end }} - resources: -{{ toYaml .Values.nginx.resources | indent 10 }} - {{- if .Values.nginx.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: {{ .Values.nginx.readinessProbe.path }} - {{- if .Values.nginx.http.enabled }} - port: {{ .Values.nginx.http.internalPort }} - scheme: HTTP - {{- else }} - port: {{ .Values.nginx.https.internalPort }} - scheme: HTTPS - {{- end }} - initialDelaySeconds: {{ .Values.nginx.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.nginx.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.nginx.readinessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.nginx.readinessProbe.failureThreshold }} - successThreshold: {{ .Values.nginx.readinessProbe.successThreshold }} - {{- end }} - {{- if .Values.nginx.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: {{ .Values.nginx.livenessProbe.path }} - {{- if .Values.nginx.http.enabled }} - port: {{ .Values.nginx.http.internalPort }} - scheme: HTTP - {{- else }} - port: {{ .Values.nginx.https.internalPort }} - scheme: HTTPS - {{- end }} - initialDelaySeconds: {{ .Values.nginx.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.nginx.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.nginx.livenessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.nginx.livenessProbe.failureThreshold }} - successThreshold: {{ .Values.nginx.livenessProbe.successThreshold }} - {{- end }} - {{- $mountPath := .Values.nginx.persistence.mountPath }} - {{- range .Values.nginx.loggers }} - - name: {{ . | replace "_" "-" | replace "." "-" }} - image: {{ include "artifactory-ha.getImageInfoByValue" (list $ "logger") }} - command: - - tail - args: - - '-F' - - '{{ $mountPath }}/logs/{{ . }}' - volumeMounts: - - name: nginx-volume - mountPath: {{ $mountPath }} - resources: -{{ toYaml $.Values.nginx.loggersResources | indent 10 }} - {{- end }} - {{- with .Values.nginx.nodeSelector }} - nodeSelector: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.nginx.affinity }} - affinity: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.nginx.tolerations }} - tolerations: -{{ toYaml . | indent 8 }} - {{- end }} - volumes: - - name: nginx-conf - configMap: - {{- if .Values.nginx.customConfigMap }} - name: {{ .Values.nginx.customConfigMap }} - {{- else }} - name: {{ template "artifactory-ha.fullname" . }}-nginx-conf - {{- end }} - - name: nginx-artifactory-conf - configMap: - {{- if .Values.nginx.customArtifactoryConfigMap }} - name: {{ .Values.nginx.customArtifactoryConfigMap }} - {{- else }} - name: {{ template "artifactory-ha.fullname" . }}-nginx-artifactory-conf - {{- end }} - - - name: nginx-volume - {{- if .Values.nginx.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ .Values.nginx.persistence.existingClaim | default (include "artifactory-ha.nginx.fullname" .) }} - {{- else }} - emptyDir: {} - {{- end }} - {{- if .Values.nginx.https.enabled }} - - name: ssl-certificates - secret: - {{- if .Values.nginx.tlsSecretName }} - secretName: {{ .Values.nginx.tlsSecretName }} - {{- else }} - secretName: {{ template "artifactory-ha.fullname" . }}-nginx-certificate - {{- end }} - {{- end }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/nginx-pdb.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/nginx-pdb.yaml deleted file mode 100755 index 8310377a6..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/nginx-pdb.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.nginx.enabled -}} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ template "artifactory-ha.nginx.fullname" . }} - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - component: {{ .Values.nginx.name }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - matchLabels: - component: {{ .Values.nginx.name }} - app: {{ template "artifactory-ha.name" . }} - release: {{ .Release.Name }} - minAvailable: {{ .Values.nginx.minAvailable }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/nginx-pvc.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/nginx-pvc.yaml deleted file mode 100755 index 0e573f383..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/nginx-pvc.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if and .Values.nginx.persistence.enabled (.Values.nginx.enabled) (eq (int .Values.nginx.replicaCount) 1) }} -{{- if (not .Values.nginx.persistence.existingClaim) }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ template "artifactory-ha.nginx.fullname" . }} - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - accessModes: - - {{ .Values.nginx.persistence.accessMode | quote }} - resources: - requests: - storage: {{ .Values.nginx.persistence.size | quote }} -{{- if .Values.nginx.persistence.storageClassName }} -{{- if (eq "-" .Values.nginx.persistence.storageClassName) }} - storageClassName: "" -{{- else }} - storageClassName: "{{ .Values.nginx.persistence.storageClassName }}" -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/nginx-service.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/nginx-service.yaml deleted file mode 100755 index 594717cf9..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/nginx-service.yaml +++ /dev/null @@ -1,79 +0,0 @@ -{{- if .Values.nginx.enabled -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "artifactory-ha.nginx.fullname" . }} - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - component: {{ .Values.nginx.name }} - {{- if .Values.nginx.service.labels }} -{{ toYaml .Values.nginx.service.labels | indent 4 }} - {{- end }} -{{- if .Values.nginx.service.annotations }} - annotations: -{{ toYaml .Values.nginx.service.annotations | indent 4 }} -{{- end }} -spec: - type: {{ .Values.nginx.service.type }} - {{- if and (eq .Values.nginx.service.type "ClusterIP") .Values.nginx.service.clusterIP }} - clusterIP: {{ .Values.nginx.service.clusterIP }} - {{- end }} -{{- if eq .Values.nginx.service.type "LoadBalancer" }} - {{ if .Values.nginx.service.loadBalancerIP -}} - loadBalancerIP: {{ .Values.nginx.service.loadBalancerIP }} - {{ end -}} - {{- if .Values.nginx.service.externalTrafficPolicy }} - externalTrafficPolicy: {{ .Values.nginx.service.externalTrafficPolicy }} - {{- end }} -{{- end }} -{{- if .Values.nginx.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml .Values.nginx.service.loadBalancerSourceRanges | indent 4 }} -{{- end }} - ports: - # DEPRECATION NOTE: The following is to maintain support for values pre 1.3.0 and - # will be cleaned up in a later verion - {{- if .Values.nginx.http }} - {{- if .Values.nginx.http.enabled }} - - port: {{ .Values.nginx.http.externalPort }} - targetPort: {{ .Values.nginx.http.internalPort }} - protocol: TCP - name: http - {{- end }} - {{- else }} # DEPRECATED - - port: {{ .Values.nginx.externalPortHttp }} - targetPort: {{ .Values.nginx.internalPortHttp }} - protocol: TCP - name: http - {{- end }} - {{- if .Values.nginx.https }} - {{- if or .Values.nginx.https.enabled .Values.nginx.service.ssloffload }} - - port: {{ .Values.nginx.https.externalPort }} - {{- if .Values.nginx.service.ssloffload }} - targetPort: {{ .Values.nginx.http.internalPort }} - {{- else }} - targetPort: {{ .Values.nginx.https.internalPort}} - {{- end }} - protocol: TCP - name: https - {{- end }} - {{- else }} # DEPRECATED - - port: {{ .Values.nginx.externalPortHttps }} - targetPort: {{ .Values.nginx.internalPortHttps }} - protocol: TCP - name: https - {{- end }} - {{- if .Values.artifactory.ssh.enabled }} - - port: {{ .Values.nginx.ssh.externalPort }} - targetPort: {{ .Values.nginx.ssh.internalPort }} - protocol: TCP - name: tcp-ssh - {{- end }} - selector: - app: {{ template "artifactory-ha.name" . }} - component: {{ .Values.nginx.name }} - release: {{ .Release.Name }} -{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/values-large.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/values-large.yaml deleted file mode 100755 index ec05d2add..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/values-large.yaml +++ /dev/null @@ -1,24 +0,0 @@ -artifactory: - primary: - resources: - requests: - memory: "6Gi" - cpu: "4" - limits: - memory: "10Gi" - cpu: "8" - javaOpts: - xms: "6g" - xmx: "8g" - node: - replicaCount: 3 - resources: - requests: - memory: "6Gi" - cpu: "4" - limits: - memory: "10Gi" - cpu: "8" - javaOpts: - xms: "6g" - xmx: "8g" diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/values-medium.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/values-medium.yaml deleted file mode 100755 index 33879c00b..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/values-medium.yaml +++ /dev/null @@ -1,24 +0,0 @@ -artifactory: - primary: - resources: - requests: - memory: "4Gi" - cpu: "2" - limits: - memory: "8Gi" - cpu: "6" - javaOpts: - xms: "4g" - xmx: "6g" - node: - replicaCount: 2 - resources: - requests: - memory: "4Gi" - cpu: "2" - limits: - memory: "8Gi" - cpu: "6" - javaOpts: - xms: "4g" - xmx: "6g" diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/values-small.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/values-small.yaml deleted file mode 100755 index 4babf97cb..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/values-small.yaml +++ /dev/null @@ -1,24 +0,0 @@ -artifactory: - primary: - resources: - requests: - memory: "4Gi" - cpu: "2" - limits: - memory: "6Gi" - cpu: "4" - javaOpts: - xms: "4g" - xmx: "4g" - node: - replicaCount: 1 - resources: - requests: - memory: "4Gi" - cpu: "2" - limits: - memory: "6Gi" - cpu: "4" - javaOpts: - xms: "4g" - xmx: "4g" diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/values.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/values.yaml deleted file mode 100755 index b142d38c6..000000000 --- a/charts/artifactory-ha/artifactory-ha/4.7.600/values.yaml +++ /dev/null @@ -1,1653 +0,0 @@ -# Default values for artifactory-ha. -# This is a YAML-formatted file. -# Beware when changing values here. You should know what you are doing! -# Access the values with {{ .Values.key.subkey }} - -global: - # imageRegistry: docker.bintray.io - # imagePullSecrets: - # - myRegistryKeySecretName - ## Chart.AppVersion can be overidden using global.versions.artifactory or .Values.artifactory.image.tag - ## Note: Order of preference is 1) global.versions 2) .Values.artifactory.image.tag 3) Chart.AppVersion - ## This applies also for nginx images (.Values.nginx.image.tag) - versions: {} - # artifactory: - # joinKey: - # masterKey: - # joinKeySecretName: - # masterKeySecretName: - # customInitContainersBegin: | - - # customInitContainers: | - - # customVolumes: | - - # customVolumeMounts: | - - # customSidecarContainers: | - -initContainerImage: docker.bintray.io/alpine:3.12.1 - -installer: - type: - platform: - -installerInfo: '{"productId": "Helm_artifactory-ha/{{ .Chart.Version }}", "features": [ { "featureId": "Platform/{{ default "kubernetes" .Values.installer.platform }}"}]}' - -# For supporting pulling from private registries -# imagePullSecrets: -# - myRegistryKeySecretName - -## Artifactory systemYaml override -## This is for advanced usecases where users wants to provide their own systemYaml for configuring artifactory -## Refer: https://www.jfrog.com/confluence/display/JFROG/Artifactory+System+YAML -## Note: This will override existing (default) .Values.artifactory.systemYaml in values.yaml -## Alternatively, systemYaml can be overidden via customInitContainers using external sources like vaults, external repositories etc. Please refer customInitContainer section below for an example. -## Note: Order of preference is 1) customInitContainers 2) systemYamlOverride existingSecret 3) default systemYaml in values.yaml -systemYamlOverride: -## You can use a pre-existing secret by specifying existingSecret - existingSecret: -## The dataKey should be the name of the secret data key created. - dataKey: - -## Role Based Access Control -## Ref: https://kubernetes.io/docs/admin/authorization/rbac/ -rbac: - create: true - role: - ## Rules to create. It follows the role specification - rules: - - apiGroups: - - '' - resources: - - services - - endpoints - - pods - verbs: - - get - - watch - - list - -## Service Account -## Ref: https://kubernetes.io/docs/admin/service-accounts-admin/ -## -serviceAccount: - create: true - ## The name of the ServiceAccount to use. - ## If not set and create is true, a name is generated using the fullname template - name: - annotations: {} - -ingress: - enabled: false - defaultBackend: - enabled: true - # Used to create an Ingress record. - hosts: [] - routerPath: / - artifactoryPath: /artifactory/ - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - # nginx.ingress.kubernetes.io/proxy-body-size: "0" - labels: {} - # traffic-type: external - # traffic-type: internal - tls: [] - # Secrets must be manually created in the namespace. - # - secretName: chart-example-tls - # hosts: - # - artifactory.domain.example - - # Additional ingress rules - additionalRules: [] - -## Allows to add custom ingress -customIngress: | - -networkpolicy: - # Allows all ingress and egress - - name: artifactory - podSelector: - matchLabels: - app: artifactory-ha - egress: - - {} - ingress: - - {} - # Uncomment to allow only artifactory pods to communicate with postgresql (if postgresql.enabled is true) - # - name: postgresql - # podSelector: - # matchLabels: - # app: postgresql - # ingress: - # - from: - # - podSelector: - # matchLabels: - # app: artifactory-ha - - -## Database configurations -## Use the wait-for-db init container. Set to false to skip -waitForDatabase: true - -## Configuration values for the postgresql dependency -## ref: https://github.com/bitnami/charts/blob/master/bitnami/postgresql/README.md -## -postgresql: - enabled: true - image: - registry: docker.bintray.io - repository: bitnami/postgresql - tag: 12.5.0-debian-10-r25 - postgresqlUsername: artifactory - postgresqlPassword: "" - postgresqlDatabase: artifactory - postgresqlExtendedConf: - listenAddresses: "'*'" - maxConnections: "1500" - persistence: - enabled: true - size: 50Gi - service: - port: 5432 - master: - nodeSelector: {} - affinity: {} - tolerations: [] - slave: - nodeSelector: {} - affinity: {} - tolerations: [] - resources: {} - # requests: - # memory: "512Mi" - # cpu: "100m" - # limits: - # memory: "1Gi" - # cpu: "500m" - -## If NOT using the PostgreSQL in this chart (postgresql.enabled=false), -## you MUST specify custom database details here or Artifactory will NOT start -database: - type: - driver: - ## If you set the url, leave host and port empty - url: - ## If you would like this chart to create the secret containing the db - ## password, use these values - user: - password: - ## If you have existing Kubernetes secrets containing db credentials, use - ## these values - secrets: {} - # user: - # name: "rds-artifactory" - # key: "db-user" - # password: - # name: "rds-artifactory" - # key: "db-password" - # url: - # name: "rds-artifactory" - # key: "db-url" - -logger: - image: - registry: docker.bintray.io - repository: busybox - tag: 1.31.1 - -# Artifactory -artifactory: - name: artifactory-ha - # Note that by default we use appVersion to get image tag/version - image: - registry: docker.bintray.io - repository: jfrog/artifactory-pro - # tag: - pullPolicy: IfNotPresent - - # Create a priority class for the Artifactory pods or use an existing one - # NOTE - Maximum allowed value of a user defined priority is 1000000000 - priorityClass: - create: false - value: 1000000000 - ## Override default name - # name: - ## Use an existing priority class - # existingPriorityClass: - - # Delete the db.properties file in ARTIFACTORY_HOME/etc/db.properties - deleteDBPropertiesOnStartup: true - database: - maxOpenConnections: 80 - tomcat: - connector: - maxThreads: 200 - extraConfig: 'acceptCount="100"' - - # Support for open metrics is only available for Artifactory 7.7.x (appVersions) and above. - # To enable set `.Values.artifactory.openMetrics.enabled` to `true` - # Refer - https://www.jfrog.com/confluence/display/JFROG/Open+Metrics - openMetrics: - enabled: false - - # This directory is intended for use with NFS eventual configuration for HA - haDataDir: - enabled: false - path: - haBackupDir: - enabled: false - path: - - # Files to copy to ARTIFACTORY_HOME/ on each Artifactory startup - copyOnEveryStartup: - # # Absolute path - # - source: /artifactory_bootstrap/binarystore.xml - # # Relative to ARTIFACTORY_HOME/ - # target: etc/artifactory/ - # # Absolute path - # - source: /artifactory_bootstrap/artifactory.lic - # # Relative to ARTIFACTORY_HOME/ - # target: etc/artifactory/ - - # Sidecar containers for tailing Artifactory logs - loggers: [] - # - access-audit.log - # - access-request.log - # - access-security-audit.log - # - access-service.log - # - artifactory-access.log - # - artifactory-event.log - # - artifactory-import-export.log - # - artifactory-request.log - # - artifactory-service.log - # - frontend-request.log - # - frontend-service.log - # - metadata-request.log - # - metadata-service.log - # - router-request.log - # - router-service.log - # - router-traefik.log - # - derby.log - - # Loggers containers resources - loggersResources: {} - # requests: - # memory: "10Mi" - # cpu: "10m" - # limits: - # memory: "100Mi" - # cpu: "50m" - - # Sidecar containers for tailing Tomcat (catalina) logs - catalinaLoggers: [] - # - tomcat-catalina.log - # - tomcat-localhost.log - - # Tomcat (catalina) loggers resources - catalinaLoggersResources: {} - # requests: - # memory: "10Mi" - # cpu: "10m" - # limits: - # memory: "100Mi" - # cpu: "50m" - - # Migration support from 6.x to 7.x - migration: - enabled: true - timeoutSeconds: 3600 - ## Extra pre-start command in migration Init Container to install JDBC driver for MySql/MariaDb/Oracle - # preStartCommand: "mkdir -p /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib; cd /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib && wget -O /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib/mysql-connector-java-5.1.41.jar https://jcenter.bintray.com/mysql/mysql-connector-java/5.1.41/mysql-connector-java-5.1.41.jar" - - - ## Add custom init containers execution before predefined init containers - customInitContainersBegin: | - # - name: "custom-setup" - # image: "{{ .Values.initContainerImage }}" - # imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" - # command: - # - 'sh' - # - '-c' - # - 'touch {{ .Values.artifactory.persistence.mountPath }}/example-custom-setup' - # volumeMounts: - # - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - # name: volume - ## Add custom init containers - - ## Add custom init containers execution after predefined init containers - customInitContainers: | - # - name: "custom-systemyaml-setup" - # image: "{{ .Values.initContainerImage }}" - # imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" - # command: - # - 'sh' - # - '-c' - # - 'wget -O {{ .Values.artifactory.persistence.mountPath }}/etc/system.yaml https:///systemyaml' - # volumeMounts: - # - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - # name: volume - - ## Add custom sidecar containers - # - The provided example uses a custom volume (customVolumes) - # - The provided example shows running container as root (id 0) - customSidecarContainers: | - # - name: "sidecar-list-etc" - # image: "{{ .Values.initContainerImage }}" - # imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" - # securityContext: - # allowPrivilegeEscalation: false - # command: - # - 'sh' - # - '-c' - # - 'sh /scripts/script.sh' - # volumeMounts: - # - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - # name: volume - # - mountPath: "/scripts/script.sh" - # name: custom-script - # subPath: script.sh - # resources: - # requests: - # memory: "32Mi" - # cpu: "50m" - # limits: - # memory: "128Mi" - # cpu: "100m" - - ## Add custom volumes - customVolumes: | - # - name: custom-script - # configMap: - # name: custom-script - - ## Add custom volumesMounts - customVolumeMounts: | - # - name: custom-script - # mountPath: "/scripts/script.sh" - # subPath: script.sh - # - name: posthook-start - # mountPath: "/scripts/posthoook-start.sh" - # subPath: posthoook-start.sh - # - name: prehook-start - # mountPath: "/scripts/prehook-start.sh" - # subPath: prehook-start.sh - - # Add custom persistent volume mounts - Available for the pod - # If skipPrepareContainer is set to true , this will skip the prepare-custom-persistent-volume init container - customPersistentPodVolumeClaim: {} - # name: - # mountPath: - # accessModes: - # - "-" - # size: - # storageClassName: - # skipPrepareContainer: false - - # Add custom persistent volume mounts - Available to the entire namespace - customPersistentVolumeClaim: {} - # name: - # mountPath: - # accessModes: - # - "-" - # size: - # storageClassName: - - ## Artifactory HA requires a unique master key. Each Artifactory node must have the same master key! - ## You can generate one with the command: "openssl rand -hex 32" - ## Pass it to helm with '--set artifactory.masterKey=${MASTER_KEY}' - ## Alternatively, you can use a pre-existing secret with a key called master-key by specifying masterKeySecretName - ## IMPORTANT: You should NOT use the example masterKey for a production deployment! - ## IMPORTANT: This is a mandatory for fresh Install of 7.x (App version) - # masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF - # masterKeySecretName: - - ## Join Key to connect to other services to Artifactory. - ## IMPORTANT: Setting this value overrides the existing joinKey - ## IMPORTANT: You should NOT use the example joinKey for a production deployment! - # joinKey: EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE - ## Alternatively, you can use a pre-existing secret with a key called join-key by specifying joinKeySecretName - # joinKeySecretName: - - # Add custom secrets - secret per file - customSecrets: - # - name: custom-secret - # key: custom-secret.yaml - # data: > - # custom_secret_config: - # parameter1: value1 - # parameter2: value2 - # - name: custom-secret2 - # key: custom-secret2.config - # data: | - # here the custom secret 2 config - - ## If false, all service console logs will not redirect to a common console.log - consoleLog: false - - binarystore: - enabled: true - - ## admin allows to set the password for the default admin user. - ## See: https://www.jfrog.com/confluence/display/JFROG/Users+and+Groups#UsersandGroups-RecreatingtheDefaultAdminUserrecreate - admin: - ip: "127.0.0.1" - username: "admin" - password: - secret: - dataKey: - - ## Artifactory license. - license: - ## licenseKey is the license key in plain text. Use either this or the license.secret setting - licenseKey: - ## If artifactory.license.secret is passed, it will be mounted as - ## ARTIFACTORY_HOME/etc/artifactory.lic and loaded at run time. - secret: - ## The dataKey should be the name of the secret data key created. - dataKey: - - ## Create configMap with artifactory.config.import.xml and security.import.xml and pass name of configMap in following parameter - configMapName: - - # Add any list of configmaps to Artifactory - configMaps: | - # posthook-start.sh: |- - # echo "This is a post start script" - # posthook-end.sh: |- - # echo "This is a post end script" - - ## List of secrets for Artifactory user plugins. - ## One Secret per plugin's files. - userPluginSecrets: - # - archive-old-artifacts - # - build-cleanup - # - webhook - # - '{{ template "my-chart.fullname" . }}' - - ## Extra pre-start command to install JDBC driver for MySql/MariaDb/Oracle - # preStartCommand: "mkdir -p /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib; cd /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib && wget -O /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib/mysql-connector-java-5.1.41.jar https://jcenter.bintray.com/mysql/mysql-connector-java/5.1.41/mysql-connector-java-5.1.41.jar" - ## Extra post-start command to run extra commands after container starts - # postStartCommand: - - ## Extra environment variables that can be used to tune Artifactory to your needs. - ## Uncomment and set value as needed - extraEnvironmentVariables: - # - name: SERVER_XML_ARTIFACTORY_PORT - # value: "8081" - # - name: SERVER_XML_ARTIFACTORY_MAX_THREADS - # value: "200" - # - name: SERVER_XML_ACCESS_MAX_THREADS - # value: "50" - # - name: SERVER_XML_ARTIFACTORY_EXTRA_CONFIG - # value: "" - # - name: SERVER_XML_ACCESS_EXTRA_CONFIG - # value: "" - # - name: SERVER_XML_EXTRA_CONNECTOR - # value: "" - # - name: DB_POOL_MAX_ACTIVE - # value: "100" - # - name: DB_POOL_MAX_IDLE - # value: "10" - # - name: MY_SECRET_ENV_VAR - # valueFrom: - # secretKeyRef: - # name: my-secret-name - # key: my-secret-key - - # TODO: Fix javaOpts for member nodes (currently uses primary settings for all nodes) - systemYaml: | - shared: - logging: - consoleLog: - enabled: {{ .Values.artifactory.consoleLog }} - extraJavaOpts: > - -Dartifactory.access.client.max.connections={{ .Values.access.tomcat.connector.maxThreads }} - {{- with .Values.artifactory.primary.javaOpts }} - -Dartifactory.async.corePoolSize={{ .corePoolSize }} - {{- if .xms }} - -Xms{{ .xms }} - {{- end }} - {{- if .xmx }} - -Xmx{{ .xmx }} - {{- end }} - {{- if .jmx.enabled }} - -Dcom.sun.management.jmxremote - -Dcom.sun.management.jmxremote.port={{ .jmx.port }} - -Dcom.sun.management.jmxremote.rmi.port={{ .jmx.port }} - -Dcom.sun.management.jmxremote.ssl={{ .jmx.ssl }} - {{- if .jmx.host }} - -Djava.rmi.server.hostname={{ tpl .jmx.host $ }} - {{- else }} - -Djava.rmi.server.hostname={{ template "artifactory-ha.fullname" $ }} - {{- end }} - {{- if .jmx.authenticate }} - -Dcom.sun.management.jmxremote.authenticate=true - -Dcom.sun.management.jmxremote.access.file={{ .jmx.accessFile }} - -Dcom.sun.management.jmxremote.password.file={{ .jmx.passwordFile }} - {{- else }} - -Dcom.sun.management.jmxremote.authenticate=false - {{- end }} - {{- end }} - {{- if .other }} - {{ .other }} - {{- end }} - {{- end }} - database: - {{- if .Values.postgresql.enabled }} - type: postgresql - url: "jdbc:postgresql://{{ .Release.Name }}-postgresql:{{ .Values.postgresql.service.port }}/{{ .Values.postgresql.postgresqlDatabase }}" - host: "" - driver: org.postgresql.Driver - username: "{{ .Values.postgresql.postgresqlUsername }}" - {{ else }} - type: "{{ .Values.database.type }}" - driver: "{{ .Values.database.driver }}" - {{- end }} - artifactory: - {{- if .Values.artifactory.openMetrics }} - metrics: - enabled: {{ .Values.artifactory.openMetrics.enabled }} - {{- end }} - {{- if or .Values.artifactory.haDataDir.enabled .Values.artifactory.haBackupDir.enabled }} - node: - {{- if .Values.artifactory.haDataDir.path }} - haDataDir: {{ .Values.artifactory.haDataDir.path }} - {{- end }} - {{- if .Values.artifactory.haBackupDir.path }} - haBackupDir: {{ .Values.artifactory.haBackupDir.path }} - {{- end }} - {{- end }} - database: - maxOpenConnections: {{ .Values.artifactory.database.maxOpenConnections }} - tomcat: - connector: - maxThreads: {{ .Values.artifactory.tomcat.connector.maxThreads }} - extraConfig: {{ .Values.artifactory.tomcat.connector.extraConfig }} - frontend: - session: - timeMinutes: {{ .Values.frontend.session.timeoutMinutes | quote }} - access: - database: - maxOpenConnections: {{ .Values.access.database.maxOpenConnections }} - tomcat: - connector: - maxThreads: {{ .Values.access.tomcat.connector.maxThreads }} - extraConfig: {{ .Values.access.tomcat.connector.extraConfig }} - {{- if .Values.access.database.enabled }} - type: "{{ .Values.access.database.type }}" - url: "{{ .Values.access.database.url }}" - driver: "{{ .Values.access.database.driver }}" - username: "{{ .Values.access.database.user }}" - password: "{{ .Values.access.database.password }}" - {{- end }} - metadata: - database: - maxOpenConnections: {{ .Values.metadata.database.maxOpenConnections }} - {{- if .Values.artifactory.replicator.enabled }} - replicator: - enabled: true - {{- end }} - - ## IMPORTANT: If overriding artifactory.internalPort: - ## DO NOT use port lower than 1024 as Artifactory runs as non-root and cannot bind to ports lower than 1024! - externalPort: 8082 - internalPort: 8082 - externalArtifactoryPort: 8081 - internalArtifactoryPort: 8081 - uid: 1030 - gid: 1030 - terminationGracePeriodSeconds: 30 - - ## By default, the Artifactory StatefulSet is created with a securityContext that sets the `runAsUser` and the `fsGroup` to the `artifactory.uid` value. - ## If you want to disable the securityContext for the Artifactory StatefulSet, set this tag to false - setSecurityContext: true - - ## The following settings are to configure the frequency of the liveness and readiness probes - livenessProbe: - enabled: true - path: /router/api/v1/system/health - initialDelaySeconds: 180 - failureThreshold: 10 - timeoutSeconds: 10 - periodSeconds: 10 - successThreshold: 1 - - readinessProbe: - enabled: true - path: /router/api/v1/system/health - initialDelaySeconds: 90 - failureThreshold: 10 - timeoutSeconds: 10 - periodSeconds: 10 - successThreshold: 1 - - persistence: - enabled: true - local: false - redundancy: 3 - mountPath: "/var/opt/jfrog/artifactory" - accessMode: ReadWriteOnce - size: 200Gi - - ## Use a custom Secret to be mounted as your binarystore.xml - ## NOTE: This will ignore all settings below that make up binarystore.xml - customBinarystoreXmlSecret: - - maxCacheSize: 50000000000 - cacheProviderDir: cache - eventual: - numberOfThreads: 10 - ## artifactory data Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - # storageClassName: "-" - - ## Set the persistence storage type. This will apply the matching binarystore.xml to Artifactory config - ## Supported types are: - ## file-system (default) - ## nfs - ## google-storage - ## aws-s3 - ## aws-s3-v3 - ## azure-blob - type: file-system - - ## Use binarystoreXml to provide a custom binarystore.xml - ## This can be a template or hardcoded. - binarystoreXml: | - {{- if eq .Values.artifactory.persistence.type "file-system" }} - - {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} - - - - - - {{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) -}} - - {{- end }} - - - - - - {{ .Values.artifactory.persistence.maxCacheSize }} - {{ .Values.artifactory.persistence.cacheProviderDir }} - - - // Specify the read and write strategy and redundancy for the sharding binary provider - - roundRobin - percentageFreeSpace - 2 - - - {{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) -}} - //For each sub-provider (mount), specify the filestore location - - filestore{{ $sharedClaimNumber }} - - {{- end }} - - {{- else }} - - - - - crossNetworkStrategy - crossNetworkStrategy - {{ .Values.artifactory.persistence.redundancy }} - 2 - 2 - - - - - - - - - {{ .Values.artifactory.persistence.maxCacheSize }} - {{ .Values.artifactory.persistence.cacheProviderDir }} - - - - - shard-fs-1 - local - - - - - 30 - tester-remote1 - 10000 - remote - - - - {{- end }} - {{- end }} - {{- if eq .Values.artifactory.persistence.type "google-storage" }} - - - - - - crossNetworkStrategy - crossNetworkStrategy - {{ .Values.artifactory.persistence.redundancy }} - 2 - - - - - - - - - - - - - - {{ .Values.artifactory.persistence.maxCacheSize }} - {{ .Values.artifactory.persistence.cacheProviderDir }} - - - - local - - - - 30 - 10000 - remote - - - - {{ .Values.artifactory.persistence.mountPath }}/data/filestore - /tmp - - - - google-cloud-storage - {{ .Values.artifactory.persistence.googleStorage.endpoint }} - {{ .Values.artifactory.persistence.googleStorage.httpsOnly }} - {{ .Values.artifactory.persistence.googleStorage.bucketName }} - {{ .Values.artifactory.persistence.googleStorage.identity }} - {{ .Values.artifactory.persistence.googleStorage.credential }} - {{ .Values.artifactory.persistence.googleStorage.path }} - {{ .Values.artifactory.persistence.googleStorage.bucketExists }} - - - {{- end }} - {{- if eq .Values.artifactory.persistence.type "aws-s3-v3" }} - - - - - - - - - - - - - - - - - crossNetworkStrategy - crossNetworkStrategy - {{ .Values.artifactory.persistence.redundancy }} - - - - - remote - - - - local - - - - - {{ .Values.artifactory.persistence.maxCacheSize }} - {{ .Values.artifactory.persistence.cacheProviderDir }} - - - {{- with .Values.artifactory.persistence.awsS3V3 }} - - {{ .testConnection }} - {{- if .identity }} - {{ .identity }} - {{- end }} - {{- if .credential }} - {{ .credential }} - {{- end }} - {{ .region }} - {{ .bucketName }} - {{ .path }} - {{ .endpoint }} - {{- with .maxConnections }} - {{ . }} - {{- end }} - {{- with .kmsServerSideEncryptionKeyId }} - {{ . }} - {{- end }} - {{- with .kmsKeyRegion }} - {{ . }} - {{- end }} - {{- with .kmsCryptoMode }} - {{ . }} - {{- end }} - {{- if .useInstanceCredentials }} - true - {{- else }} - false - {{- end }} - {{ .usePresigning }} - {{ .signatureExpirySeconds }} - {{- with .cloudFrontDomainName }} - {{ . }} - {{- end }} - {{- with .cloudFrontKeyPairId }} - {{ .cloudFrontKeyPairId }} - {{- end }} - {{- with .cloudFrontPrivateKey }} - {{ . }} - {{- end }} - {{- with .enableSignedUrlRedirect }} - {{ . }} - {{- end }} - {{- with .enablePathStyleAccess }} - {{ . }} - {{- end }} - - {{- end }} - - {{- end }} - - {{- if eq .Values.artifactory.persistence.type "aws-s3" }} - - - - - - - - - - - - - - - - - - {{ .Values.artifactory.persistence.maxCacheSize }} - {{ .Values.artifactory.persistence.cacheProviderDir }} - - - - local - - - - 30 - 10000 - remote - - - - crossNetworkStrategy - crossNetworkStrategy - {{ .Values.artifactory.persistence.redundancy }} - - - - - {{ .Values.artifactory.persistence.awsS3.endpoint }} - {{- if .Values.artifactory.persistence.awsS3.roleName }} - {{ .Values.artifactory.persistence.awsS3.roleName }} - true - {{- else }} - {{ .Values.artifactory.persistence.awsS3.refreshCredentials }} - {{- end }} - {{ .Values.artifactory.persistence.awsS3.s3AwsVersion }} - {{ .Values.artifactory.persistence.awsS3.testConnection }} - {{ .Values.artifactory.persistence.awsS3.httpsOnly }} - {{ .Values.artifactory.persistence.awsS3.region }} - {{ .Values.artifactory.persistence.awsS3.bucketName }} - {{- if .Values.artifactory.persistence.awsS3.identity }} - {{ .Values.artifactory.persistence.awsS3.identity }} - {{- end }} - {{- if .Values.artifactory.persistence.awsS3.credential }} - {{ .Values.artifactory.persistence.awsS3.credential }} - {{- end }} - {{ .Values.artifactory.persistence.awsS3.path }} - {{- range $key, $value := .Values.artifactory.persistence.awsS3.properties }} - - {{- end }} - - - {{- end }} - {{- if eq .Values.artifactory.persistence.type "azure-blob" }} - - - - - - - - - - - - - - - - - - {{ .Values.artifactory.persistence.maxCacheSize }} - {{ .Values.artifactory.persistence.cacheProviderDir }} - - - - - crossNetworkStrategy - crossNetworkStrategy - 2 - 1 - - - - - remote - - - - local - - - - - {{ .Values.artifactory.persistence.azureBlob.accountName }} - {{ .Values.artifactory.persistence.azureBlob.accountKey }} - {{ .Values.artifactory.persistence.azureBlob.endpoint }} - {{ .Values.artifactory.persistence.azureBlob.containerName }} - {{ .Values.artifactory.persistence.azureBlob.testConnection }} - - - {{- end }} - - ## For artifactory.persistence.type file-system - fileSystem: - ## You may also use existing shared claims for the data and backup storage. This allows storage (NAS for example) to be used for Data and Backup dirs which are safe to share across multiple artifactory nodes. - ## You may specify numberOfExistingClaims to indicate how many of these existing shared claims to mount. (Default = 1) - ## Create PVCs with ReadWriteMany that match the naming convetions: - ## {{ template "artifactory-ha.fullname" . }}-data-pvc- - ## {{ template "artifactory-ha.fullname" . }}-backup-pvc - ## Example (using numberOfExistingClaims: 2) - ## myexample-data-pvc-0 - ## myexample-data-pvc-1 - ## myexample-backup-pvc - ## Note: While you need two PVC fronting two PVs, multiple PVs can be attached to the same storage in many cases allowing you to share an underlying drive. - - ## Need to have the following set - existingSharedClaim: - enabled: false - numberOfExistingClaims: 1 - ## Should be a child directory of {{ .Values.artifactory.persistence.mountPath }} - dataDir: "{{ .Values.artifactory.persistence.mountPath }}/artifactory-data" - backupDir: "/var/opt/jfrog/artifactory-backup" - - - ## For artifactory.persistence.type nfs - ## If using NFS as the shared storage, you must have a running NFS server that is accessible by your Kubernetes - ## cluster nodes. - ## Need to have the following set - nfs: - # Must pass actual IP of NFS server with '--set For artifactory.persistence.nfs.ip=${NFS_IP}' - ip: - haDataMount: "/data" - haBackupMount: "/backup" - dataDir: "/var/opt/jfrog/artifactory-ha" - backupDir: "/var/opt/jfrog/artifactory-backup" - capacity: 200Gi - mountOptions: [] - ## For artifactory.persistence.type google-storage - googleStorage: - ## When using GCP buckets as your binary store (Available with enterprise license only) - gcpServiceAccount: - enabled: false - ## Use either an existing secret prepared in advance or put the config (replace the content) in the values - ## ref: https://github.com/jfrog/charts/blob/master/stable/artifactory-ha/README.md#google-storage - # customSecretName: - # config: | - # { - # "type": "service_account", - # "project_id": "", - # "private_key_id": "?????", - # "private_key": "-----BEGIN PRIVATE KEY-----\n????????==\n-----END PRIVATE KEY-----\n", - # "client_email": "???@j.iam.gserviceaccount.com", - # "client_id": "???????", - # "auth_uri": "https://accounts.google.com/o/oauth2/auth", - # "token_uri": "https://oauth2.googleapis.com/token", - # "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", - # "client_x509_cert_url": "https://www.googleapis.com/robot/v1....." - # } - endpoint: commondatastorage.googleapis.com - httpsOnly: false - # Set a unique bucket name - bucketName: "artifactory-ha-gcp" - identity: - credential: - path: "artifactory-ha/filestore" - bucketExists: false - - ## For artifactory.persistence.type aws-s3-v3 - awsS3V3: - testConnection: false - identity: - credential: - region: - bucketName: artifactory-aws - path: artifactory/filestore - endpoint: - maxConnections: 50 - kmsServerSideEncryptionKeyId: - kmsKeyRegion: - kmsCryptoMode: - useInstanceCredentials: true - usePresigning: false - signatureExpirySeconds: 300 - cloudFrontDomainName: - cloudFrontKeyPairId: - cloudFrontPrivateKey: - enableSignedUrlRedirect: false - enablePathStyleAccess: false - - ## For artifactory.persistence.type aws-s3 - ## IMPORTANT: Make sure S3 `endpoint` and `region` match! See https://docs.aws.amazon.com/general/latest/gr/rande.html - awsS3: - # Set a unique bucket name - bucketName: "artifactory-ha-aws" - endpoint: - region: - roleName: - identity: - credential: - path: "artifactory-ha/filestore" - refreshCredentials: true - httpsOnly: true - testConnection: false - s3AwsVersion: "AWS4-HMAC-SHA256" - - ## Additional properties to set on the s3 provider - properties: {} - # httpclient.max-connections: 100 - ## For artifactory.persistence.type azure-blob - azureBlob: - accountName: - accountKey: - endpoint: - containerName: - testConnection: false - service: - name: artifactory - type: ClusterIP - ## For supporting whitelist on the Artifactory service (useful if setting service.type=LoadBalancer) - ## Set this to a list of IP CIDR ranges - ## Example: loadBalancerSourceRanges: ['10.10.10.5/32', '10.11.10.5/32'] - ## or pass from helm command line - ## Example: helm install ... --set nginx.service.loadBalancerSourceRanges='{10.10.10.5/32,10.11.10.5/32}' - loadBalancerSourceRanges: [] - annotations: {} - ## Which nodes in the cluster should be in the external load balancer pool (have external traffic routed to them) - ## Supported pool values - ## members - ## all - pool: members - - ## The following Java options are passed to the java process running Artifactory. - ## This will be passed to all cluster members. Primary and member nodes. - javaOpts: {} - # other: "" - - ## The following setting are to configure a dedicated Ingress object for Replicator service - replicator: - enabled: false - ingress: - name: - hosts: [] - annotations: {} - # kubernetes.io/ingress.class: nginx - # nginx.ingress.kubernetes.io/proxy-buffering: "off" - # nginx.ingress.kubernetes.io/configuration-snippet: | - # chunked_transfer_encoding on; - tls: [] - # Secrets must be manually created in the namespace. - # - hosts: - # - artifactory.domain.example - # secretName: chart-example-tls-secret - ## When replicator is enabled and want to use tracker feature, trackerIngress.enabled flag should be set to true - ## Please refer - https://www.jfrog.com/confluence/display/JFROG/JFrog+Peer-to-Peer+%28P2P%29+Downloads - trackerIngress: - enabled: false - name: - hosts: [] - annotations: {} - # kubernetes.io/ingress.class: nginx - # nginx.ingress.kubernetes.io/proxy-buffering: "off" - # nginx.ingress.kubernetes.io/configuration-snippet: | - # chunked_transfer_encoding on; - tls: [] - # Secrets must be manually created in the namespace. - # - hosts: - # - artifactory.domain.example - # secretName: chart-example-tls-secret - - ssh: - enabled: false - internalPort: 1339 - externalPort: 1339 - - annotations: {} - - ## Type specific configurations. - ## There is a difference between the primary and the member nodes. - ## Customising their resources and java parameters is done here. - primary: - name: artifactory-ha-primary - # preStartCommand specific to the primary node, to be run after artifactory.preStartCommand - # preStartCommand: - labels: {} - persistence: - ## Set existingClaim to true or false - ## If true, you must prepare a PVC with the name e.g `volume-myrelease-artifactory-ha-primary-0` - existingClaim: false - - ## IMPORTANT: This value should remain at 1! - replicaCount: 1 - # minAvailable: 1 - - ## Resources for the primary node - resources: {} - # requests: - # memory: "1Gi" - # cpu: "500m" - # limits: - # memory: "2Gi" - # cpu: "1" - ## The following Java options are passed to the java process running Artifactory primary node. - ## You should set them according to the resources set above - javaOpts: - # xms: "1g" - # xmx: "2g" - corePoolSize: 16 - jmx: - enabled: false - port: 9010 - host: - ssl: false - # When authenticate is true, accessFile and passwordFile are required - authenticate: false - accessFile: - passwordFile: - # other: "" - nodeSelector: {} - - tolerations: [] - - affinity: {} - ## Only used if "affinity" is empty - podAntiAffinity: - ## Valid values are "soft" or "hard"; any other value indicates no anti-affinity - type: "" - topologyKey: "kubernetes.io/hostname" - - node: - name: artifactory-ha-member - # preStartCommand specific to the member node, to be run after artifactory.preStartCommand - # preStartCommand: - labels: {} - persistence: - ## Set existingClaim to true or false - ## If true, you must prepare a PVC with the name e.g `volume-myrelease-artifactory-ha-member-0` - existingClaim: false - replicaCount: 2 - minAvailable: 1 - ## Resources for the member nodes - resources: {} - # requests: - # memory: "1Gi" - # cpu: "500m" - # limits: - # memory: "2Gi" - # cpu: "1" - ## The following Java options are passed to the java process running Artifactory member nodes. - ## You should set them according to the resources set above - javaOpts: - # xms: "1g" - # xmx: "2g" - corePoolSize: 16 - jmx: - enabled: false - port: 9010 - host: - ssl: false - # When authenticate is true, accessFile and passwordFile are required - authenticate: false - accessFile: - passwordFile: - # other: "" - # xms: "1g" - # xmx: "2g" - # other: "" - nodeSelector: {} - - ## Wait for Artifactory primary - waitForPrimaryStartup: - enabled: true - - ## Setting time will override the built in test and will just wait the set time - time: - - tolerations: [] - - ## Complete specification of the "affinity" of the member nodes; if this is non-empty, - ## "podAntiAffinity" values are not used. - affinity: {} - - ## Only used if "affinity" is empty - podAntiAffinity: - ## Valid values are "soft" or "hard"; any other value indicates no anti-affinity - type: "" - topologyKey: "kubernetes.io/hostname" - -frontend: - ## Session settings - session: - ## Time in minutes after which the frontend token will need to be refreshed - timeoutMinutes: '30' - -access: - ## Enable TLS by changing the tls entry (under the security section) in the access.config.yaml file. - ## ref: https://www.jfrog.com/confluence/display/JFROG/Managing+TLS+Certificates#ManagingTLSCertificates - ## When security.tls is set to true, JFrog Access will act as the Certificate Authority (CA) and sign the TLS certificates used by all the different JFrog Platform nodes. - ## This ensures that the node to node communication is done over TLS. - accessConfig: - security: - tls: false - - ## You can use a pre-existing secret by specifying customCertificatesSecretName - ## Example : Create a tls secret using `kubectl create secret tls --cert=ca.crt --key=ca.private.key` - # customCertificatesSecretName: - - ## When resetAccessCAKeys is true, Access will regenerate the CA certificate and matching private key - # resetAccessCAKeys: false - database: - maxOpenConnections: 80 - tomcat: - connector: - maxThreads: 50 - extraConfig: 'acceptCount="100"' - -metadata: - database: - maxOpenConnections: 80 - -# Init containers -initContainers: - resources: {} -# requests: -# memory: "64Mi" -# cpu: "10m" -# limits: -# memory: "128Mi" -# cpu: "250m" - - -# Nginx -nginx: - enabled: true - kind: Deployment - name: nginx - labels: {} - replicaCount: 1 - minAvailable: 0 - uid: 104 - gid: 107 - # Note that by default we use appVersion to get image tag/version - image: - registry: docker.bintray.io - repository: jfrog/nginx-artifactory-pro - # tag: - pullPolicy: IfNotPresent - - # Priority Class name to be used in deployment if provided - priorityClassName: - - # Sidecar containers for tailing Nginx logs - loggers: [] - # - access.log - # - error.log - - # Loggers containers resources - loggersResources: {} - # requests: - # memory: "64Mi" - # cpu: "25m" - # limits: - # memory: "128Mi" - # cpu: "50m" - - # Logs options - logs: - stderr: false - level: warn - - mainConf: | - # Main Nginx configuration file - worker_processes 4; - - {{ if .Values.nginx.logs.stderr }} - error_log stderr {{ .Values.nginx.logs.level }}; - {{- else -}} - error_log {{ .Values.nginx.persistence.mountPath }}/logs/error.log {{ .Values.nginx.logs.level }}; - {{- end }} - pid /tmp/nginx.pid; - - {{- if .Values.artifactory.ssh.enabled }} - ## SSH Server Configuration - stream { - server { - listen {{ .Values.nginx.ssh.internalPort }}; - proxy_pass {{ include "artifactory-ha.fullname" . }}:{{ .Values.artifactory.ssh.externalPort }}; - } - } - {{- end }} - - events { - worker_connections 1024; - } - http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - variables_hash_max_size 1024; - variables_hash_bucket_size 64; - server_names_hash_max_size 4096; - server_names_hash_bucket_size 128; - types_hash_max_size 2048; - types_hash_bucket_size 64; - proxy_read_timeout 2400s; - client_header_timeout 2400s; - client_body_timeout 2400s; - proxy_connect_timeout 75s; - proxy_send_timeout 2400s; - proxy_buffer_size 128k; - proxy_buffers 40 128k; - proxy_busy_buffers_size 128k; - proxy_temp_file_write_size 250m; - proxy_http_version 1.1; - client_body_buffer_size 128k; - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - log_format timing 'ip = $remote_addr ' - 'user = \"$remote_user\" ' - 'local_time = \"$time_local\" ' - 'host = $host ' - 'request = \"$request\" ' - 'status = $status ' - 'bytes = $body_bytes_sent ' - 'upstream = \"$upstream_addr\" ' - 'upstream_time = $upstream_response_time ' - 'request_time = $request_time ' - 'referer = \"$http_referer\" ' - 'UA = \"$http_user_agent\"'; - access_log {{ .Values.nginx.persistence.mountPath }}/logs/access.log timing; - sendfile on; - #tcp_nopush on; - keepalive_timeout 65; - #gzip on; - include /etc/nginx/conf.d/*.conf; - } - - artifactoryConf: | - {{- if .Values.nginx.https.enabled }} - ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; - ssl_certificate {{ .Values.nginx.persistence.mountPath }}/ssl/tls.crt; - ssl_certificate_key {{ .Values.nginx.persistence.mountPath }}/ssl/tls.key; - ssl_session_cache shared:SSL:1m; - ssl_prefer_server_ciphers on; - {{- end }} - ## server configuration - server { - {{- if .Values.nginx.internalPortHttps }} - listen {{ .Values.nginx.internalPortHttps }} ssl; - {{- else -}} - {{- if .Values.nginx.https.enabled }} - listen {{ .Values.nginx.https.internalPort }} ssl; - {{- end }} - {{- end }} - {{- if .Values.nginx.internalPortHttp }} - listen {{ .Values.nginx.internalPortHttp }}; - {{- else -}} - {{- if .Values.nginx.http.enabled }} - listen {{ .Values.nginx.http.internalPort }}; - {{- end }} - {{- end }} - server_name ~(?.+)\.{{ include "artifactory-ha.fullname" . }} {{ include "artifactory-ha.fullname" . }} - {{- range .Values.ingress.hosts -}} - {{- if contains "." . -}} - {{ "" | indent 0 }} ~(?.+)\.{{ . }} - {{- end -}} - {{- end -}}; - if ($http_x_forwarded_proto = '') { - set $http_x_forwarded_proto $scheme; - } - ## Application specific logs - ## access_log /var/log/nginx/artifactory-access.log timing; - ## error_log /var/log/nginx/artifactory-error.log; - rewrite ^/artifactory/?$ / redirect; - if ( $repo != "" ) { - rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/$repo/$1/$2 break; - } - chunked_transfer_encoding on; - client_max_body_size 0; - - location / { - proxy_read_timeout 900; - proxy_pass_header Server; - proxy_cookie_path ~*^/.* /; - proxy_pass {{ include "artifactory-ha.scheme" . }}://{{ include "artifactory-ha.fullname" . }}:{{ .Values.artifactory.externalPort }}/; - {{- if .Values.nginx.service.ssloffload}} - proxy_set_header X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host; - {{- else }} - proxy_set_header X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host:$server_port; - proxy_set_header X-Forwarded-Port $server_port; - {{- end }} - proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - location /artifactory/ { - if ( $request_uri ~ ^/artifactory/(.*)$ ) { - proxy_pass {{ include "artifactory-ha.scheme" . }}://{{ include "artifactory-ha.fullname" . }}:{{ .Values.artifactory.externalArtifactoryPort }}/artifactory/$1; - } - proxy_pass {{ include "artifactory-ha.scheme" . }}://{{ include "artifactory-ha.fullname" . }}:{{ .Values.artifactory.externalArtifactoryPort }}/artifactory/; - } - } - } - - service: - ## For minikube, set this to NodePort, elsewhere use LoadBalancer - type: LoadBalancer - ssloffload: false - ## For supporting whitelist on the Nginx LoadBalancer service - ## Set this to a list of IP CIDR ranges - ## Example: loadBalancerSourceRanges: ['10.10.10.5/32', '10.11.10.5/32'] - ## or pass from helm command line - ## Example: helm install ... --set nginx.service.loadBalancerSourceRanges='{10.10.10.5/32,10.11.10.5/32}' - loadBalancerSourceRanges: [] - ## Provide static ip address - loadBalancerIP: - ## There are two available options: “Cluster” (default) and “Local”. - externalTrafficPolicy: Cluster - labels: {} - # label-key: label-value - http: - enabled: true - externalPort: 80 - internalPort: 80 - https: - enabled: true - externalPort: 443 - internalPort: 443 - # DEPRECATED: The following will be replaced by L1065-L1076 in a future release - # externalPortHttp: 80 - # internalPortHttp: 80 - # externalPortHttps: 443 - # internalPortHttps: 443 - - ssh: - internalPort: 1339 - externalPort: 1339 - - ## The following settings are to configure the frequency of the liveness and readiness probes - livenessProbe: - enabled: true - path: /router/api/v1/system/health - initialDelaySeconds: 180 - failureThreshold: 10 - timeoutSeconds: 10 - periodSeconds: 10 - successThreshold: 1 - - readinessProbe: - enabled: true - path: /router/api/v1/system/health - initialDelaySeconds: 120 - failureThreshold: 10 - timeoutSeconds: 10 - periodSeconds: 10 - successThreshold: 1 - ## The SSL secret that will be used by the Nginx pod - # tlsSecretName: chart-example-tls - ## Custom ConfigMap for nginx.conf - customConfigMap: - ## Custom ConfigMap for artifactory.conf - customArtifactoryConfigMap: - persistence: - mountPath: "/var/opt/jfrog/nginx" - enabled: false - ## A manually managed Persistent Volume and Claim - ## Requires persistence.enabled: true - ## If defined, PVC must be created manually before volume will be bound - # existingClaim: - - accessMode: ReadWriteOnce - size: 5Gi - ## nginx data Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - # storageClassName: "-" - resources: {} - # requests: - # memory: "250Mi" - # cpu: "100m" - # limits: - # memory: "250Mi" - # cpu: "500m" - - nodeSelector: {} - - tolerations: [] - - affinity: {} - -# Filebeat Sidecar container -## The provided filebeat configuration is for Artifactory logs. It assumes you have a logstash installed and configured properly. -filebeat: - enabled: false - name: artifactory-filebeat - image: - repository: "docker.elastic.co/beats/filebeat" - version: 7.9.2 - logstashUrl: "logstash:5044" - - terminationGracePeriod: 10 - - livenessProbe: - exec: - command: - - sh - - -c - - | - #!/usr/bin/env bash -e - curl --fail 127.0.0.1:5066 - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 5 - - readinessProbe: - exec: - command: - - sh - - -c - - | - #!/usr/bin/env bash -e - filebeat test output - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 5 - - resources: {} -# requests: -# memory: "100Mi" -# cpu: "100m" -# limits: -# memory: "100Mi" -# cpu: "100m" - - filebeatYml: | - logging.level: info - path.data: {{ .Values.artifactory.persistence.mountPath }}/log/filebeat - name: artifactory-filebeat - queue.spool: ~ - filebeat.inputs: - - type: log - enabled: true - close_eof: ${CLOSE:false} - paths: - - {{ .Values.artifactory.persistence.mountPath }}/log/*.log - fields: - service: "jfrt" - log_type: "artifactory" - output: - logstash: - hosts: ["{{ .Values.filebeat.logstashUrl }}"] - -## Allows to add additional kubernetes resources -## Use --- as a separator between multiple resources -## For an example, refer - https://github.com/jfrog/log-analytics-prometheus/blob/master/artifactory-ha-values.yaml -additionalResources: | diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/CHANGELOG.md b/charts/artifactory-jcr/artifactory-jcr/2.5.100/CHANGELOG.md deleted file mode 100755 index 3a5fb161c..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/CHANGELOG.md +++ /dev/null @@ -1,120 +0,0 @@ -# JFrog Container Registry Chart Changelog -All changes to this chart will be documented in this file. - -## [2.5.1] - Jul 29, 2020 -* Update dependency Artifactory chart version to 10.0.12 (Artifactory 7.6.3) - -## [2.5.0] - Jul 10, 2020 -* Update dependency Artifactory chart version to 10.0.3 (Artifactory 7.6.2) -* **IMPORTANT** -* Added ChartCenter Helm repository in README - -## [2.4.0] - Jun 30, 2020 -* Update dependency Artifactory chart version to 9.6.0 (Artifactory 7.6.1) - -## [2.3.1] - Jun 12, 2020 -* Update dependency Artifactory chart version to 9.5.2 (Artifactory 7.5.7) - -## [2.3.0] - Jun 1, 2020 -* Update dependency Artifactory chart version to 9.5.0 (Artifactory 7.5.5) - -## [2.2.5] - May 27, 2020 -* Update dependency Artifactory chart version to 9.4.9 (Artifactory 7.4.3) - -## [2.2.4] - May 20, 2020 -* Update dependency Artifactory chart version to 9.4.6 (Artifactory 7.4.3) - -## [2.2.3] - May 07, 2020 -* Update dependency Artifactory chart version to 9.4.5 (Artifactory 7.4.3) -* Add `installerInfo` string format - -## [2.2.2] - Apr 28, 2020 -* Update dependency Artifactory chart version to 9.4.4 (Artifactory 7.4.3) - -## [2.2.1] - Apr 27, 2020 -* Update dependency Artifactory chart version to 9.4.3 (Artifactory 7.4.1) - -## [2.2.0] - Apr 14, 2020 -* Update dependency Artifactory chart version to 9.4.0 (Artifactory 7.4.1) - -## [2.2.0] - Apr 14, 2020 -* Update dependency Artifactory chart version to 9.4.0 (Artifactory 7.4.1) - -## [2.1.6] - Apr 13, 2020 -* Update dependency Artifactory chart version to 9.3.1 (Artifactory 7.3.2) - -## [2.1.5] - Apr 8, 2020 -* Update dependency Artifactory chart version to 9.2.8 (Artifactory 7.3.2) - -## [2.1.4] - Mar 30, 2020 -* Update dependency Artifactory chart version to 9.2.3 (Artifactory 7.3.2) - -## [2.1.3] - Mar 30, 2020 -* Update dependency Artifactory chart version to 9.2.1 (Artifactory 7.3.2) - -## [2.1.2] - Mar 26, 2020 -* Update dependency Artifactory chart version to 9.1.5 (Artifactory 7.3.2) - -## [2.1.1] - Mar 25, 2020 -* Update dependency Artifactory chart version to 9.1.4 (Artifactory 7.3.2) - -## [2.1.0] - Mar 23, 2020 -* Update dependency Artifactory chart version to 9.1.3 (Artifactory 7.3.2) - -## [2.0.13] - Mar 19, 2020 -* Update dependency Artifactory chart version to 9.0.28 (Artifactory 7.2.1) - -## [2.0.12] - Mar 17, 2020 -* Update dependency Artifactory chart version to 9.0.26 (Artifactory 7.2.1) - -## [2.0.11] - Mar 11, 2020 -* Unified charts public release - -## [2.0.10] - Mar 8, 2020 -* Update dependency Artifactory chart version to 9.0.20 (Artifactory 7.2.1) - -## [2.0.9] - Feb 26, 2020 -* Update dependency Artifactory chart version to 9.0.15 (Artifactory 7.2.1) - -## [2.0.0] - Feb 12, 2020 -* Update dependency Artifactory chart version to 9.0.0 (Artifactory 7.0.0) - -## [1.1.0] - Jan 19, 2020 -* Update dependency Artifactory chart version to 8.4.1 (Artifactory 6.17.0) - -## [1.1.1] - Feb 3, 2020 -* Update dependency Artifactory chart version to 8.4.4 - -## [1.1.0] - Jan 19, 2020 -* Update dependency Artifactory chart version to 8.4.1 (Artifactory 6.17.0) - -## [1.0.1] - Dec 31, 2019 -* Update dependency Artifactory chart version to 8.3.5 - -## [1.0.0] - Dec 23, 2019 -* Update dependency Artifactory chart version to 8.3.3 - -## [0.2.1] - Dec 12, 2019 -* Update dependency Artifactory chart version to 8.3.1 - -## [0.2.0] - Dec 1, 2019 -* Updated Artifactory version to 6.16.0 - -## [0.1.5] - Nov 28, 2019 -* Update dependency Artifactory chart version to 8.2.6 - -## [0.1.4] - Nov 20, 2019 -* Update Readme - -## [0.1.3] - Nov 20, 2019 -* Fix JCR logo url -* Update dependency to Artifactory 8.2.2 chart - -## [0.1.2] - Nov 20, 2019 -* Update JCR logo - -## [0.1.1] - Nov 20, 2019 -* Add `appVersion` to Chart.yaml - -## [0.1.0] - Nov 20, 2019 -* Initial release of the JFrog Container Registry helm chart diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/Chart.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/Chart.yaml deleted file mode 100755 index 96aed4e8b..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/Chart.yaml +++ /dev/null @@ -1,32 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: artifactory-jcr -apiVersion: v1 -appVersion: 7.6.3 -description: JFrog Container Registry -home: https://jfrog.com/container-registry/ -icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory-jcr/logo/jcr-logo.png -keywords: -- artifactory -- jfrog -- container -- registry -- devops -- jfrog-container-registry -maintainers: -- email: amithk@jfrog.com - name: amithins -- email: daniele@jfrog.com - name: danielezer -- email: eldada@jfrog.com - name: eldada -- email: ramc@jfrog.com - name: chukka -- email: rimasm@jfrog.com - name: rimusz -- email: vinaya@jfrog.com - name: vinaya -name: artifactory-jcr -sources: -- https://github.com/jfrog/charts -version: 2.5.100 diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/LICENSE b/charts/artifactory-jcr/artifactory-jcr/2.5.100/LICENSE deleted file mode 100755 index 8dada3eda..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/LICENSE +++ /dev/null @@ -1,201 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "{}" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright {yyyy} {name of copyright owner} - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/OWNERS b/charts/artifactory-jcr/artifactory-jcr/2.5.100/OWNERS deleted file mode 100755 index 94561416c..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/OWNERS +++ /dev/null @@ -1,14 +0,0 @@ -approvers: -- eldada -- rimusz -- danielezer -- vinaya -- amithins -- chukka -reviewers: -- eldada -- rimusz -- danielezer -- vinaya -- amithins -- chukka diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/README.md b/charts/artifactory-jcr/artifactory-jcr/2.5.100/README.md deleted file mode 100755 index f043782da..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/README.md +++ /dev/null @@ -1,133 +0,0 @@ -# JFrog Container Registry Helm Chart - -JFrog Container Registry is a free Artifactory edition with Docker and Helm repositories support. - -## Prerequisites Details - -* Kubernetes 1.12+ - -## Chart Details -This chart will do the following: - -* Deploy JFrog Container Registry -* Deploy an optional Nginx server -* Deploy an optional PostgreSQL Database -* Optionally expose Artifactory with Ingress [Ingress documentation](https://kubernetes.io/docs/concepts/services-networking/ingress/) - -## Installing the Chart - -### Add ChartCenter Helm repository - -Before installing JFrog helm charts, you need to add the [ChartCenter helm repository](https://chartcenter.io) to your helm client. - -```bash -helm repo add center https://repo.chartcenter.io -helm repo update -``` - -### Install Chart -To install the chart with the release name `jfrog-container-registry`: -```bash -helm upgrade --install jfrog-container-registry --set postgresql.postgresqlPassword= --namespace artifactory-jcr center/jfrog/artifactory-jcr -``` - -### Accessing JFrog Container Registry -**NOTE:** If using artifactory or nginx service type `LoadBalancer`, it might take a few minutes for JFrog Container Registry's public IP to become available. - -### Updating JFrog Container Registry -Once you have a new chart version, you can upgrade your deployment with -```bash -helm upgrade jfrog-container-registry center/jfrog/artifactory-jcr -``` - -### Deleting JFrog Container Registry - -On helm v2: -```bash -helm delete --purge jfrog-container-registry -``` - -On helm v3: -```bash -helm delete jfrog-container-registry --namespace artifactory-jcr -``` - -This will delete your JFrog Container Registry deployment.
-**NOTE:** You might have left behind persistent volumes. You should explicitly delete them with -```bash -kubectl delete pvc ... -kubectl delete pv ... -``` - -## Database -The JFrog Container Registry chart comes with PostgreSQL deployed by default.
-For details on the PostgreSQL configuration or customising the database, Look at the options described in the [Artifactory helm chart](https://github.com/jfrog/charts/tree/master/stable/artifactory). - -## Configuration -The following table lists the **basic** configurable parameters of the JFrog Container Registry chart and their default values. - -**NOTE:** All supported parameters are documented in the main [artifactory helm chart](https://github.com/jfrog/charts/tree/master/stable/artifactory). - -| Parameter | Description | Default | -|------------------------------------------------|-----------------------------------|---------------------------------------------------| -| `artifactory.artifactory.image.repository` | Container image | `docker.bintray.io/jfrog/artifactory-jcr` | -| `artifactory.artifactory.image.version` | Container tag | `.Chart.AppVersion` | -| `artifactory.artifactory.resources` | Artifactory container resources | `{}` | -| `artifactory.artifactory.javaOpts` | Artifactory Java options | `{}` | -| `artifactory.nginx.enabled` | Deploy nginx server | `true` | -| `artifactory.nginx.service.type` | Nginx service type | `LoadBalancer` | -| `artifactory.nginx.tlsSecretName` | TLS secret for Nginx pod | `` | -| `artifactory.ingress.enabled` | Enable Ingress (should come with `artifactory.nginx.enabled=false`) | `false` | -| `artifactory.ingress.tls` | Ingress TLS configuration (YAML) | `[]` | -| `artifactory.postgresql.enabled` | Use the Artifactory PostgreSQL sub chart | `true` | -| `artifactory.database` | Custom database configuration (if not using bundled PostgreSQL sub-chart) | | -| `postgresql.enabled` | Enable the Artifactory PostgreSQL sub chart | `true` | - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. - -### Ingress and TLS -To get Helm to create an ingress object with a hostname, add these two lines to your Helm command: -```bash -helm upgrade --install jfrog-container-registry \ - --set artifactory.nginx.enabled=false \ - --set artifactory.ingress.enabled=true \ - --set artifactory.ingress.hosts[0]="artifactory.company.com" \ - --set artifactory.artifactory.service.type=NodePort \ - --namespace artifactory-jcr center/jfrog/artifactory-jcr -``` - -To manually configure TLS, first create/retrieve a key & certificate pair for the address(es) you wish to protect. Then create a TLS secret in the namespace: - -```bash -kubectl create secret tls artifactory-tls --cert=path/to/tls.cert --key=path/to/tls.key -``` - -Include the secret's name, along with the desired hostnames, in the Artifactory Ingress TLS section of your custom `values.yaml` file: - -```yaml -artifactory: - artifactory: - ingress: - ## If true, Artifactory Ingress will be created - ## - enabled: true - - ## Artifactory Ingress hostnames - ## Must be provided if Ingress is enabled - ## - hosts: - - jfrog-container-registry.domain.com - annotations: - kubernetes.io/tls-acme: "true" - ## Artifactory Ingress TLS configuration - ## Secrets must be manually created in the namespace - ## - tls: - - secretName: artifactory-tls - hosts: - - jfrog-container-registry.domain.com -``` - -## Useful links -https://www.jfrog.com -https://www.jfrog.com/confluence/ diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/app-readme.md b/charts/artifactory-jcr/artifactory-jcr/2.5.100/app-readme.md deleted file mode 100755 index 9d9b7d85f..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/app-readme.md +++ /dev/null @@ -1,18 +0,0 @@ -# JFrog Container Registry Helm Chart - -Universal Repository Manager supporting all major packaging formats, build tools and CI servers. - -## Chart Details -This chart will do the following: - -* Deploy JFrog Container Registry -* Deploy an optional Nginx server -* Optionally expose Artifactory with Ingress [Ingress documentation](https://kubernetes.io/docs/concepts/services-networking/ingress/) - - -## Useful links -Blog: [Herd Trust Into Your Rancher Labs Multi-Cloud Strategy with Artifactory](https://jfrog.com/blog/herd-trust-into-your-rancher-labs-multi-cloud-strategy-with-artifactory/) - -## Activate Your Artifactory Instance -Don't have a license? Please send an email to [rancher-jfrog-licenses@jfrog.com](mailto:rancher-jfrog-licenses@jfrog.com) to get it. - diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/.helmignore b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/.helmignore deleted file mode 100755 index c7eb1e274..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -OWNERS \ No newline at end of file diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/CHANGELOG.md b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/CHANGELOG.md deleted file mode 100755 index ae2651280..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/CHANGELOG.md +++ /dev/null @@ -1,755 +0,0 @@ -# JFrog Artifactory Chart Changelog -All changes to this chart will be documented in this file. - -## [10.0.12] - Jul 28, 2020 -* Document Artifactory node affinity. - -## [10.0.11] - Jul 28, 2020 -* Added maxConnections for persistent storage type aws-s3-v3. - -## [10.0.10] - Jul 28, 2020 -* Bugfix / support for userPluginSecrets with Artifactory 7 - -## [10.0.9] - Jul 27, 2020 -* Add tpl to external database secrets -* Modified `scheme` to `artifactory.scheme` - -## [10.0.8] - Jul 23, 2020 -* Added condition to disable the migration init container. - -## [10.0.7] - Jul 21, 2020 -* Updated Artifactory Chart to add node and primary labels to pods and service objects. - -## [10.0.6] - Jul 20, 2020 -* Support custom CA and certificates - -## [10.0.5] - Jul 13, 2020 -* Updated Artifactory version to 7.6.3 - https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.6.3 -* Fixed Mysql database jar path in `preStartCommand` in README - -## [10.0.4] - Jul 10, 2020 -* Move some postgresql values to where they should be according to the subchart - -## [10.0.3] - Jul 8, 2020 -* Set Artifactory access client connections to the same value as the access threads - -## [10.0.2] - Jul 6, 2020 -* Updated Artifactory version to 7.6.2 -* **IMPORTANT** -* Added ChartCenter Helm repository in README - -## [10.0.1] - Jul 01, 2020 -* Add dedicated ingress object for Replicator service when enabled - -## [10.0.0] - Jun 30, 2020 -* Update postgresql tag version to `10.13.0-debian-10-r38` -* Update alpine tag version to `3.12` -* Update busybox tag version to `1.31.1` -* **IMPORTANT** -* If this is a new deployment or you already use an external database (`postgresql.enabled=false`), these changes **do not affect you**! -* If this is an upgrade and you are using the default PostgreSQL (`postgresql.enabled=true`), you need to pass postgresql.image.tag=9.6.18-debian-10-r7 and databaseUpgradeReady=true - -## [9.6.0] - Jun 29, 2020 -* Updated Artifactory version to 7.6.1 - https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.6.1 -* Add tpl for external database secrets - -## [9.5.5] - Jun 25, 2020 -* Stop loading the Nginx stream module because it is now a core module - -## [9.5.4] - Jun 25, 2020 -* Notes.txt update - add --namespace parameter - -## [9.5.3] - Jun 11, 2020 -* Support list of custom secrets - -## [9.5.2] - Jun 12, 2020 -* Updated Artifactory version to 7.5.7 - https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.5.7 - -## [9.5.1] - Jun 8, 2020 -* Readme update - configuring Artifactory with oracledb - -## [9.5.0] - Jun 1, 2020 -* Updated Artifactory version to 7.5.5 - https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.5 -* Fixes bootstrap configMap permission issue -* Update postgresql tag version to `9.6.18-debian-10-r7` - -## [9.4.9] - May 27, 2020 -* Added Tomcat maxThreads & acceptCount - -## [9.4.8] - May 25, 2020 -* Fixed postgresql README `image` Parameters - -## [9.4.7] - May 24, 2020 -* Fixed typo in README regarding migration timeout - -## [9.4.6] - May 19, 2020 -* Added metadata maxOpenConnections - -## [9.4.5] - May 07, 2020 -* Fix `installerInfo` string format - -## [9.4.4] - Apr 27, 2020 -* Updated Artifactory version to 7.4.3 - -## [9.4.3] - Apr 26, 2020 -* Change order of the customInitContainers to run before the "migration-artifactory" initContainer. - -## [9.4.2] - Apr 24, 2020 -* Fix `artifactory.persistence.awsS3V3.useInstanceCredentials` incorrect conditional logic -* Bump postgresql tag version to `9.6.17-debian-10-r72` in values.yaml - -## [9.4.1] - Apr 16, 2020 -* Custom volumes in migration init container. - -## [9.4.0] - Apr 14, 2020 -* Updated Artifactory version to 7.4.1 - -## [9.3.1] - April 13, 2020 -* Update README with helm v3 commands - -## [9.3.0] - April 10, 2020 -* Use dependency charts from `https://charts.bitnami.com/bitnami` -* Bump postgresql chart version to `8.7.3` in requirements.yaml -* Bump postgresql tag version to `9.6.17-debian-10-r21` in values.yaml - -## [9.2.9] - Apr 8, 2020 -* Added recommended ingress annotation to avoid 413 errors - -## [9.2.8] - Apr 8, 2020 -* Moved migration scripts under `files` directory -* Support preStartCommand in migration Init container as `artifactory.migration.preStartCommand` - -## [9.2.7] - Apr 6, 2020 -* Fix cache size (should be 5gb instead of 50gb since volume claim is only 20gb). - -## [9.2.6] - Apr 1, 2020 -* Support masterKey and joinKey as secrets - -## [9.2.5] - Apr 1, 2020 -* Fix readme use to `-hex 32` instead of `-hex 16` - -## [9.2.4] - Mar 31, 2020 -* Change the way the artifactory `command:` is set so it will properly pass a SIGTERM to java - -## [9.2.3] - Mar 29, 2020 -* Add Nginx log options: stderr as logfile and log level - -## [9.2.2] - Mar 30, 2020 -* Use the same defaulting mechanism used for the artifactory version used elsewhere in the chart - -## [9.2.1] - Mar 29, 2020 -* Fix loggers sidecars configurations to support new file system layout and new log names - -## [9.2.0] - Mar 29, 2020 -* Fix broken admin user bootstrap configuration -* **Breaking change:** renamed `artifactory.accessAdmin` to `artifactory.admin` - -## [9.1.5] - Mar 26, 2020 -* Fix volumeClaimTemplate issue - -## [9.1.4] - Mar 25, 2020 -* Fix volume name used by filebeat container - -## [9.1.3] - Mar 24, 2020 -* Use `postgresqlExtendedConf` for setting custom PostgreSQL configuration (instead of `postgresqlConfiguration`) - -## [9.1.2] - Mar 22, 2020 -* Support for SSL offload in Nginx service(LoadBalancer) layer. Introduced `nginx.service.ssloffload` field with boolean type. - -## [9.1.1] - Mar 23, 2020 -* Moved installer info to values.yaml so it is fully customizable - -## [9.1.0] - Mar 23, 2020 -* Updated Artifactory version to 7.3.2 - -## [9.0.29] - Mar 20, 2020 -* Add support for masterKey trim during 6.x to 7.x migration if 6.x masterKey is 32 hex (64 characters) - -## [9.0.28] - Mar 18, 2020 -* Increased Nginx proxy_buffers size - -## [9.0.27] - Mar 17, 2020 -* Changed all single quotes to double quotes in values files -* useInstanceCredentials variable was declared in S3 settings but not used in chart. Now it is being used. - -## [9.0.26] - Mar 17, 2020 -* Fix rendering of Service Account annotations - -## [9.0.25] - Mar 16, 2020 -* Update Artifactory readme with extra ingress annotations needed for Artifactory to be set as SSO provider - -## [9.0.24] - Mar 16, 2020 -* Add Unsupported message from 6.18 to 7.2.x (migration) - -## [9.0.23] - Mar 12, 2020 -* Fix README.md rendering issue - -## [9.0.22] - Mar 11, 2020 -* Upgrade Docs update - -## [9.0.21] - Mar 11, 2020 -* Unified charts public release - -## [9.0.20] - Mar 6, 2020 -* Fix path to `/artifactory_bootstrap` -* Add support for controlling the name of the ingress and allow to set more than one cname - -## [9.0.19] - Mar 4, 2020 -* Add support for disabling `consoleLog` in `system.yaml` file - -## [9.0.18] - Feb 28, 2020 -* Add support to process `valueFrom` for extraEnvironmentVariables - -## [9.0.17] - Feb 26, 2020 -* Fix join key secret naming - -## [9.0.16] - Feb 26, 2020 -* Store join key to secret - -## [9.0.15] - Feb 26, 2020 -* Updated Artifactory version to 7.2.1 - -## [9.0.10] - Feb 07, 2020 -* Remove protection flag `databaseUpgradeReady` which was added to check internal postgres upgrade - -## [9.0.0] - Feb 07, 2020 -* Updated Artifactory version to 7.0.0 - -## [8.4.8] - Feb 13, 2020 -* Add support for SSH authentication to Artifactory - -## [8.4.7] - Feb 11, 2020 -* Change Artifactory service port name to be hard-coded to `http` instead of using `{{ .Release.Name }}` - -## [8.4.6] - Feb 9, 2020 -* Add support for `tpl` in the `postStartCommand` - -## [8.4.5] - Feb 4, 2020 -* Support customisable Nginx kind - -## [8.4.4] - Feb 2, 2020 -* Add a comment stating that it is recommended to use an external PostgreSQL with a static password for production installations - -## [8.4.3] - Jan 30, 2020 -* Add the option to configure resources for the logger containers - -## [8.4.2] - Jan 26, 2020 -* Improve `database.user` and `database.password` logic in order to support more use cases and make the configuration less repetitive - -## [8.4.1] - Jan 19, 2020 -* Fix replicator port config in nginx replicator configmap - -## [8.4.0] - Jan 19, 2020 -* Updated Artifactory version to 6.17.0 - -## [8.3.6] - Jan 16, 2020 -* Added example for external nginx-ingress - -## [8.3.5] - Dec 30, 2019 -* Fix for nginx probes failing when launched with http disabled - -## [8.3.4] - Dec 24, 2019 -* Better support for custom `artifactory.internalPort` - -## [8.3.3] - Dec 23, 2019 -* Mark empty map values with `{}` - -## [8.3.2] - Dec 16, 2019 -* Fix for toggling nginx service ports - -## [8.3.1] - Dec 12, 2019 -* Add support for toggling nginx service ports - -## [8.3.0] - Dec 1, 2019 -* Updated Artifactory version to 6.16.0 - -## [8.2.6] - Nov 28, 2019 -* Add support for using existing PriorityClass - -## [8.2.5] - Nov 27, 2019 -* Add support for PriorityClass - -## [8.2.4] - Nov 21, 2019 -* Add an option to use a file system cache-fs with the file-system binarystore template - -## [8.2.3] - Nov 20, 2019 -* Update Artifactory Readme - -## [8.2.2] - Nov 20, 2019 -* Update Artfactory logo - -## [8.2.1] - Nov 18, 2019 -* Add the option to provide service account annotations (in order to support stuff like https://docs.aws.amazon.com/eks/latest/userguide/specify-service-account-role.html) - -## [8.2.0] - Nov 18, 2019 -* Updated Artifactory version to 6.15.0 - -## [8.1.11] - Nov 17, 2019 -* Do not provide a default master key. Allow it to be auto generated by Artifactory on first startup - -## [8.1.10] - Nov 17, 2019 -* Fix creation of double slash in nginx artifactory configuration - -## [8.1.9] - Nov 14, 2019 -* Set explicit `postgresql.postgresqlPassword=""` to avoid helm v3 error - -## [8.1.8] - Nov 12, 2019 -* Updated Artifactory version to 6.14.1 - -## [8.1.7] - Nov 9, 2019 -* Additional documentation for masterKey - -## [8.1.6] - Nov 10, 2019 -* Update PostgreSQL chart version to 7.0.1 -* Use formal PostgreSQL configuration format - -## [8.1.5] - Nov 8, 2019 -* Add support `artifactory.service.loadBalancerSourceRanges` for whitelisting when setting `artifactory.service.type=LoadBalancer` - -## [8.1.4] - Nov 6, 2019 -* Add support for any type of environment variable by using `extraEnvironmentVariables` as-is - -## [8.1.3] - Nov 6, 2019 -* Add nodeselector support for Postgresql - -## [8.1.2] - Nov 5, 2019 -* Add support for the aws-s3-v3 filestore, which adds support for pod IAM roles - -## [8.1.1] - Nov 4, 2019 -* When using `copyOnEveryStartup`, make sure that the target base directories are created before copying the files - -## [8.1.0] - Nov 3, 2019 -* Updated Artifactory version to 6.14.0 - -## [8.0.1] - Nov 3, 2019 -* Make sure the artifactory pod exits when one of the pre-start stages fail - -## [8.0.0] - Oct 27, 2019 -**IMPORTANT - BREAKING CHANGES!**
-**DOWNTIME MIGHT BE REQUIRED FOR AN UPGRADE!** -* If this is a new deployment or you already use an external database (`postgresql.enabled=false`), these changes **do not affect you**! -* If this is an upgrade and you are using the default PostgreSQL (`postgresql.enabled=true`), must use the upgrade instructions in [UPGRADE_NOTES.md](UPGRADE_NOTES.md)! -* PostgreSQL sub chart was upgraded to version `6.5.x`. This version is **not backward compatible** with the old version (`0.9.5`)! -* Note the following **PostgreSQL** Helm chart changes - * The chart configuration has changed! See [values.yaml](values.yaml) for the new keys used - * **PostgreSQL** is deployed as a StatefulSet - * See [PostgreSQL helm chart](https://hub.helm.sh/charts/stable/postgresql) for all available configurations - -## [7.18.3] - Oct 24, 2019 -* Change the preStartCommand to support templating - -## [7.18.2] - Oct 21, 2019 -* Add support for setting `artifactory.labels` -* Add support for setting `nginx.labels` - -## [7.18.1] - Oct 10, 2019 -* Updated Artifactory version to 6.13.1 - -## [7.18.0] - Oct 7, 2019 -* Updated Artifactory version to 6.13.0 - -## [7.17.5] - Sep 24, 2019 -* Option to skip wait-for-db init container with '--set waitForDatabase=false' - -## [7.17.4] - Sep 11, 2019 -* Updated Artifactory version to 6.12.2 - -## [7.17.3] - Sep 9, 2019 -* Updated Artifactory version to 6.12.1 - -## [7.17.2] - Aug 22, 2019 -* Fix the nginx server_name directive used with ingress.hosts - -## [7.17.1] - Aug 21, 2019 -* Enable the Artifactory container's liveness and readiness probes - -## [7.17.0] - Aug 21, 2019 -* Updated Artifactory version to 6.12.0 - -## [7.16.11] - Aug 14, 2019 -* Updated Artifactory version to 6.11.6 - -## [7.16.10] - Aug 11, 2019 -* Fix Ingress routing and add an example - -## [7.16.9] - Aug 5, 2019 -* Do not mount `access/etc/bootstrap.creds` unless user specifies a custom password or secret (Access already generates a random password if not provided one) -* If custom `bootstrap.creds` is provided (using keys or custom secret), prepare it with an init container so the temp file does not persist - -## [7.16.8] - Aug 4, 2019 -* Improve binarystore config - 1. Convert to a secret - 2. Move config to values.yaml - 3. Support an external secret - -## [7.16.7] - Jul 29, 2019 -* Don't create the nginx configmaps when nginx.enabled is false - -## [7.16.6] - Jul 24, 2019 -* Simplify nginx setup and shorten initial wait for probes - -## [7.16.5] - Jul 22, 2019 -* Change Ingress API to be compatible with recent kubernetes versions - -## [7.16.4] - Jul 22, 2019 -* Updated Artifactory version to 6.11.3 - -## [7.16.3] - Jul 11, 2019 -* Add ingress.hosts to the Nginx server_name directive when ingress is enabled to help with Docker repository sub domain configuration - -## [7.16.2] - Jul 3, 2019 -* Fix values key in reverse proxy example - -## [7.16.1] - Jul 1, 2019 -* Updated Artifactory version to 6.11.1 - -## [7.16.0] - Jun 27, 2019 -* Update Artifactory version to 6.11 and add restart to Artifactory when bootstrap.creds file has been modified - -## [7.15.8] - Jun 27, 2019 -* Add the option for changing nginx config using values.yaml and remove outdated reverse proxy documentation - -## [7.15.6] - Jun 24, 2019 -* Update chart maintainers - -## [7.15.5] - Jun 24, 2019 -* Change Nginx to point to the artifactory externalPort - -## [7.15.4] - Jun 23, 2019 -* Add the option to provide an IP for the access-admin endpoints - -## [7.15.3] - Jun 23, 2019 -* Add values files for small, medium and large installations - -## [7.15.2] - Jun 20, 2019 -* Add missing terminationGracePeriodSeconds to values.yaml - -## [7.15.1] - Jun 19, 2019 -* Updated Artifactory version to 6.10.4 - -## [7.15.0] - Jun 17, 2019 -* Use configmaps for nginx configuration and remove nginx postStart command - -## [7.14.8] - Jun 18, 2019 -* Add the option to provide additional ingress rules - -## [7.14.7] - Jun 14, 2019 -* Updated readme with improved external database setup example - -## [7.14.6] - Jun 11, 2019 -* Updated Artifactory version to 6.10.3 -* Updated installer-info template - -## [7.14.5] - Jun 6, 2019 -* Updated Google Cloud Storage API URL and https settings - -## [7.14.4] - Jun 5, 2019 -* Delete the db.properties file on Artifactory startup - -## [7.14.3] - Jun 3, 2019 -* Updated Artifactory version to 6.10.2 - -## [7.14.2] - May 21, 2019 -* Updated Artifactory version to 6.10.1 - -## [7.14.1] - May 19, 2019 -* Fix missing logger image tag - -## [7.14.0] - May 7, 2019 -* Updated Artifactory version to 6.10.0 - -## [7.13.21] - May 5, 2019 -* Add support for setting `artifactory.async.corePoolSize` - -## [7.13.20] - May 2, 2019 -* Remove unused property `artifactory.releasebundle.feature.enabled` - -## [7.13.19] - May 1, 2019 -* Fix indentation issue with the replicator system property - -## [7.13.18] - Apr 30, 2019 -* Add support for JMX monitoring - -## [7.13.17] - Apr 25, 2019 -* Added support for `cacheProviderDir` - -## [7.13.16] - Apr 18, 2019 -* Changing API StatefulSet version to `v1` and permission fix for custom `artifactory.conf` for Nginx - -## [7.13.15] - Apr 16, 2019 -* Updated documentation for Reverse Proxy Configuration - -## [7.13.14] - Apr 15, 2019 -* Added support for `customVolumeMounts` - -## [7.13.13] - Aprl 12, 2019 -* Added support for `bucketExists` flag for googleStorage - -## [7.13.12] - Apr 11, 2019 -* Replace `curl` examples with `wget` due to the new base image - -## [7.13.11] - Aprl 07, 2019 -* Add support for providing the Artifactory license as a parameter - -## [7.13.10] - Apr 10, 2019 -* Updated Artifactory version to 6.9.1 - -## [7.13.9] - Aprl 04, 2019 -* Add support for templated extraEnvironmentVariables - -## [7.13.8] - Aprl 07, 2019 -* Change network policy API group - -## [7.13.7] - Aprl 04, 2019 -* Bugfix for userPluginSecrets - -## [7.13.6] - Apr 4, 2019 -* Add information about upgrading Artifactory with auto-generated postgres password - -## [7.13.5] - Aprl 03, 2019 -* Added installer info - -## [7.13.4] - Aprl 03, 2019 -* Allow secret names for user plugins to contain template language - -## [7.13.3] - Apr 02, 2019 -* Allow NetworkPolicy configurations (defaults to allow all) - -## [7.13.2] - Aprl 01, 2019 -* Add support for user plugin secret - -## [7.13.1] - Mar 27, 2019 -* Add the option to copy a list of files to ARTIFACTORY_HOME on startup - -## [7.13.0] - Mar 26, 2019 -* Updated Artifactory version to 6.9.0 - -## [7.12.18] - Mar 25, 2019 -* Add CI tests for persistence, ingress support and nginx - -## [7.12.17] - Mar 22, 2019 -* Add the option to change the default access-admin password - -## [7.12.16] - Mar 22, 2019 -* Added support for `.Probe.path` to customise the paths used for health probes - -## [7.12.15] - Mar 21, 2019 -* Added support for `artifactory.customSidecarContainers` to create custom sidecar containers -* Added support for `artifactory.customVolumes` to create custom volumes - -## [7.12.14] - Mar 21, 2019 -* Make ingress path configurable - -## [7.12.13] - Mar 19, 2019 -* Move the copy of bootstrap config from postStart to preStart - -## [7.12.12] - Mar 19, 2019 -* Fix existingClaim example - -## [7.12.11] - Mar 18, 2019 -* Add information about nginx persistence - -## [7.12.10] - Mar 15, 2019 -* Wait for nginx configuration file before using it - -## [7.12.9] - Mar 15, 2019 -* Revert securityContext changes since they were causing issues - -## [7.12.8] - Mar 15, 2019 -* Fix issue #247 (init container failing to run) - -## [7.12.7] - Mar 14, 2019 -* Updated Artifactory version to 6.8.7 -* Add support for Artifactory-CE for C++ - -## [7.12.6] - Mar 13, 2019 -* Move securityContext to container level - -## [7.12.5] - Mar 11, 2019 -* Updated Artifactory version to 6.8.6 - -## [7.12.4] - Mar 8, 2019 -* Fix existingClaim option - -## [7.12.3] - Mar 5, 2019 -* Updated Artifactory version to 6.8.4 - -## [7.12.2] - Mar 4, 2019 -* Add support for catalina logs sidecars - -## [7.12.1] - Feb 27, 2019 -* Updated Artifactory version to 6.8.3 - -## [7.12.0] - Feb 25, 2019 -* Add nginx support for tail sidecars - -## [7.11.1] - Feb 20, 2019 -* Added support for enterprise storage - -## [7.10.2] - Feb 19, 2019 -* Updated Artifactory version to 6.8.2 - -## [7.10.1] - Feb 17, 2019 -* Updated Artifactory version to 6.8.1 -* Add example of `SERVER_XML_EXTRA_CONNECTOR` usage - -## [7.10.0] - Feb 15, 2019 -* Updated Artifactory version to 6.8.0 - -## [7.9.6] - Feb 13, 2019 -* Updated Artifactory version to 6.7.3 - -## [7.9.5] - Feb 12, 2019 -* Add support for tail sidecars to view logs from k8s api - -## [7.9.4] - Feb 6, 2019 -* Fix support for customizing statefulset `terminationGracePeriodSeconds` - -## [7.9.3] - Feb 5, 2019 -* Add instructions on how to deploy Artifactory with embedded Derby database - -## [7.9.2] - Feb 5, 2019 -* Add support for customizing statefulset `terminationGracePeriodSeconds` - -## [7.9.1] - Feb 3, 2019 -* Updated Artifactory version to 6.7.2 - -## [7.9.0] - Jan 23, 2019 -* Updated Artifactory version to 6.7.0 - -## [7.8.9] - Jan 22, 2019 -* Added support for `artifactory.customInitContainers` to create custom init containers - -## [7.8.8] - Jan 17, 2019 -* Added support of values ingress.labels - -## [7.8.7] - Jan 16, 2019 -* Mount replicator.yaml (config) directly to /replicator_extra_conf - -## [7.8.6] - Jan 13, 2019 -* Fix documentation about nginx group id - -## [7.8.5] - Jan 13, 2019 -* Updated Artifactory version to 6.6.5 - -## [7.8.4] - Jan 8, 2019 -* Make artifactory.replicator.publicUrl required when the replicator is enabled - -## [7.8.3] - Jan 1, 2019 -* Updated Artifactory version to 6.6.3 -* Add support for `artifactory.extraEnvironmentVariables` to pass more environment variables to Artifactory - -## [7.8.2] - Dec 28, 2018 -* Fix location `replicator.yaml` is copied to - -## [7.8.1] - Dec 27, 2018 -* Updated Artifactory version to 6.6.1 - -## [7.8.0] - Dec 20, 2018 -* Updated Artifactory version to 6.6.0 - -## [7.7.13] - Dec 17, 2018 -* Updated Artifactory version to 6.5.13 - -## [7.7.12] - Dec 12, 2018 -* Fix documentation about Artifactory license setup using secret - -## [7.7.11] - Dec 10, 2018 -* Fix issue when using existing claim - -## [7.7.10] - Dec 5, 2018 -* Remove Distribution certificates creation. - -## [7.7.9] - Nov 30, 2018 -* Updated Artifactory version to 6.5.9 - -## [7.7.8] - Nov 29, 2018 -* Updated postgresql version to 9.6.11 - -## [7.7.7] - Nov 27, 2018 -* Updated Artifactory version to 6.5.8 - -## [7.7.6] - Nov 19, 2018 -* Added support for configMap to use custom Reverse Proxy Configuration with Nginx - -## [7.7.5] - Nov 14, 2018 -* Fix location of `nodeSelector`, `affinity` and `tolerations` - -## [7.7.4] - Nov 14, 2018 -* Updated Artifactory version to 6.5.3 - -## [7.7.3] - Nov 12, 2018 -* Support artifactory.preStartCommand for running command before entrypoint starts - -## [7.7.2] - Nov 7, 2018 -* Support database.url parameter (DB_URL) - -## [7.7.1] - Oct 29, 2018 -* Change probes port to 8040 (so they will not be blocked when all tomcat threads on 8081 are exhausted) - -## [7.7.0] - Oct 28, 2018 -* Update postgresql chart to version 0.9.5 to be able and use `postgresConfig` options - -## [7.6.8] - Oct 23, 2018 -* Fix providing external secret for database credentials - -## [7.6.7] - Oct 23, 2018 -* Allow user to configure externalTrafficPolicy for Loadbalancer - -## [7.6.6] - Oct 22, 2018 -* Updated ingress annotation support (with examples) to support docker registry v2 - -## [7.6.5] - Oct 21, 2018 -* Updated Artifactory version to 6.5.2 - -## [7.6.4] - Oct 19, 2018 -* Allow providing pre-existing secret containing master key -* Allow arbitrary annotations on primary and member node pods -* Enforce size limits when using local storage with `emptyDir` -* Allow providing pre-existing secrets containing external database credentials - -## [7.6.3] - Oct 18, 2018 -* Updated Artifactory version to 6.5.1 - -## [7.6.2] - Oct 17, 2018 -* Add Apache 2.0 license - -## [7.6.1] - Oct 11, 2018 -* Supports master-key in the secrets and stateful-set -* Allows ingress default `backend` to be enabled or disabled (defaults to enabled) - -## [7.6.0] - Oct 11, 2018 -* Updated Artifactory version to 6.5.0 - -## [7.5.4] - Oct 9, 2018 -* Quote ingress hosts to support wildcard names - -## [7.5.3] - Oct 4, 2018 -* Add PostgreSQL resources template - -## [7.5.2] - Oct 2, 2018 -* Add `helm repo add jfrog https://charts.jfrog.io` to README - -## [7.5.1] - Oct 2, 2018 -* Set Artifactory to 6.4.1 - -## [7.5.0] - Sep 27, 2018 -* Set Artifactory to 6.4.0 - -## [7.4.3] - Sep 26, 2018 -* Add ci/test-values.yaml - -## [7.4.2] - Sep 2, 2018 -* Updated Artifactory version to 6.3.2 -* Removed unused PVC - -## [7.4.0] - Aug 22, 2018 -* Added support to run as non root -* Updated Artifactory version to 6.2.0 - -## [7.3.0] - Aug 22, 2018 -* Enabled RBAC Support -* Added support for PostStartCommand (To download Database JDBC connector) -* Increased postgresql max_connections -* Added support for `nginx.conf` ConfigMap -* Updated Artifactory version to 6.1.0 diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/Chart.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/Chart.yaml deleted file mode 100755 index 2a3ddf048..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/Chart.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: v1 -appVersion: 7.6.3 -description: Universal Repository Manager supporting all major packaging formats, - build tools and CI servers. -home: https://www.jfrog.com/artifactory/ -icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory/logo/artifactory-logo.png -keywords: -- artifactory -- jfrog -- devops -maintainers: -- email: amithk@jfrog.com - name: amithins -- email: daniele@jfrog.com - name: danielezer -- email: eldada@jfrog.com - name: eldada -- email: ramc@jfrog.com - name: chukka -- email: rimasm@jfrog.com - name: rimusz -name: artifactory -sources: -- https://bintray.com/jfrog/product/JFrog-Artifactory-Pro/view -- https://github.com/jfrog/charts -version: 10.0.12 diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/LICENSE b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/LICENSE deleted file mode 100755 index 8dada3eda..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/LICENSE +++ /dev/null @@ -1,201 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "{}" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright {yyyy} {name of copyright owner} - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/README.md b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/README.md deleted file mode 100755 index 25fadc7f4..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/README.md +++ /dev/null @@ -1,1431 +0,0 @@ -# JFrog Artifactory Helm Chart - -## Prerequisites Details - -* Kubernetes 1.12+ -* Artifactory Pro trial license [get one from here](https://www.jfrog.com/artifactory/free-trial/) - -## Chart Details -This chart will do the following: - -* Deploy Artifactory-Pro/Artifactory-Edge (or OSS/CE if custom image is set) -* Deploy a PostgreSQL database using the stable/postgresql chart (can be changed) **NOTE:** For production grade installations it is recommended to use an external PostgreSQL. -* Deploy an optional Nginx server -* Optionally expose Artifactory with Ingress [Ingress documentation](https://kubernetes.io/docs/concepts/services-networking/ingress/) - -## Installing the Chart - -### Add ChartCenter Helm repository - -Before installing JFrog helm charts, you need to add the [ChartCenter helm repository](https://chartcenter.io) to your helm client - -```bash -helm repo add center https://repo.chartcenter.io -helm repo update -``` - -### Install Chart -To install the chart with the release name `artifactory`: -```bash -helm upgrade --install artifactory --namespace artifactory center/jfrog/artifactory -``` - -### System Configuration -Artifactory uses a common system configuration file - `system.yaml`. See [official documentation](https://www.jfrog.com/confluence/display/JFROG/System+YAML+Configuration+File) on its usage. -In order to override the default `system.yaml` configuration, do the following: -```bash -artifactory: - systemYaml: | - -``` - -### Deploying Artifactory with embedded Derby database -By default, this chart deploys Artifactory with PostgreSQL (running in a separate pod). -It's possible to deploy Artifactory without PostgreSQL (or any other external database), which will default to the embedded [Derby database](https://db.apache.org/derby/). -```bash -# Disable the default postgresql -helm upgrade --install artifactory --set postgresql.enabled=false --namespace artifactory center/jfrog/artifactory -``` -Artifactory will start with it's embedded Derby database. - -### Accessing Artifactory -**NOTE:** It might take a few minutes for Artifactory's public IP to become available. -Follow the instructions outputted by the install command to get the Artifactory IP to access it. - -### Updating Artifactory -Once you have a new chart version, you can update your deployment with -```bash -helm upgrade artifactory --namespace artifactory center/jfrog/artifactory -``` - -If artifactory was installed without providing a value to postgresql.postgresqlPassword (a password was autogenerated), follow these instructions: -1. Get the current password by running: -```bash -POSTGRES_PASSWORD=$(kubectl get secret -n -postgresql -o jsonpath="{.data.postgresql-password}" | base64 --decode) -``` -2. Upgrade the release by passing the previously auto-generated secret: -```bash -helm upgrade center/jfrog/artifactory --set postgresql.postgresqlPassword=${POSTGRES_PASSWORD} --namespace -``` - -This will apply any configuration changes on your existing deployment. - -### Special Upgrade Notes -#### Artifactory upgrade from 6.x to 7.x (App Version) -Arifactory 6.x to 7.x upgrade requires a one time migration process. This is done automatically on pod startup if needed. -It's possible to configure the migration timeout with the following configuration in extreme cases. The provided default should be more than enough for completion of the migration. -```yaml -artifactory: - # Migration support from 6.x to 7.x - migration: - timeoutSeconds: 3600 -``` - -### Artifactory memory and CPU resources -The Artifactory Helm chart comes with support for configured resource requests and limits to Artifactory, Nginx and PostgreSQL. By default, these settings are commented out. -It is **highly** recommended to set these so you have full control of the allocated resources and limits. -Artifactory java memory parameters can (and should) also be set to match the allocated resources with `artifactory.javaOpts.xms` and `artifactory.javaOpts.xmx`. -```bash -# Example of setting resource requests and limits to all pods (including passing java memory settings to Artifactory) -helm upgrade --install artifactory \ - --set artifactory.resources.requests.cpu="500m" \ - --set artifactory.resources.limits.cpu="2" \ - --set artifactory.resources.requests.memory="1Gi" \ - --set artifactory.resources.limits.memory="4Gi" \ - --set artifactory.javaOpts.xms="1g" \ - --set artifactory.javaOpts.xmx="4g" \ - --set nginx.resources.requests.cpu="100m" \ - --set nginx.resources.limits.cpu="250m" \ - --set nginx.resources.requests.memory="250Mi" \ - --set nginx.resources.limits.memory="500Mi" \ - --namespace artifactory center/jfrog/artifactory -``` -Get more details on configuring Artifactory in the [official documentation](https://www.jfrog.com/confluence/). - -Although it is possible to set resources limits and requests this way, it is recommended to use the pre-built values files -for small, medium and large installation and change them according to your needs (if necessary), as described [here](#Deploying-Artifactory-for-small/medium/large-installations) - -### Deploying Artifactory for small/medium/large installations -In the chart directory, we have added three values files, one for each installation type - small/medium/large. These values files are recommendations for setting resources requests and limits for your installation. The values are derived from the following [documentation](https://www.jfrog.com/confluence/display/EP/Installing+on+Kubernetes#InstallingonKubernetes-Systemrequirements). You can find them in the corresponding chart directory - values-small.yaml, values-medium.yaml and values-large.yaml - - -### Artifactory storage -When using an enterprise license. Artifactory supports a wide range of storage back ends. You can see more details on [Artifactory Filestore options](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore) - -In this chart, you set the type of storage you want with `artifactory.persistence.type` and pass the required configuration settings. -The default storage in this chart is the `file-system` replication, where the data is replicated to all nodes. - -#### NFS -To use an NFS server as your cluster's storage, you need to -- Setup an NFS server. Get its IP as `NFS_IP` -- Create a `data` and `backup` directories on the NFS exported directory with write permissions to all -- Pass NFS parameters to `helm install` and `helm upgrade` -```bash -... ---set artifactory.persistence.type=nfs \ ---set artifactory.persistence.nfs.ip=${NFS_IP} \ -... -``` - -#### Using a network file system with the file-system persistence type -In some cases, it is not possible for the helm chart to set up your NFS mounts automatically for Artiactory. -In such cases, such as using AWS EFS, you will use the `artifactory.persistnece.type=file-system` even though your underlying persistence is actually a network file system. -The same thing applies when using a slow storage device (such as cheap disks) as your main storage solution for Artifactory. -This means that serving highly used files from the network file system/slow storage can take time, -and that's why you would want a cache filesystem that's stored locally on disk (fast disks like SSD). - -This is how you would configure it: -Create a values file with the following content: -1. Set up your volume mount to your fast storage device -```yaml -artifactory: - ## Set up your volume mount to your fast storage device - customVolumes: | - - name: my-cache-fast-storage - persistentVolumeClaim: - claimName: my-cache-fast-storage-pvc - ## Enable caching and configure the cache directory - customVolumeMounts: | - - name: my-cache-fast-storage - mountPath: /my-fast-cache-mount - ## Install the helm chart with the values file you created - persistence: - cacheProviderDir: /my-fast-cache-mount - fileSystem: - cache: - enabled: true - -``` -2. Install Artifactory with the values file you created: -```bash -helm upgrade --install artifactory center/jfrog/artifactory --namespace artifactory -f values.yaml -``` - -#### Google Storage -To use a Google Storage bucket as the cluster's filestore. See [Google Storage Binary Provider](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore#ConfiguringtheFilestore-GoogleStorageBinaryProvider) -- Pass Google Storage parameters to `helm install` and `helm upgrade` -```bash -... ---set artifactory.persistence.type=google-storage \ ---set artifactory.persistence.googleStorage.identity=${GCP_ID} \ ---set artifactory.persistence.googleStorage.credential=${GCP_KEY} \ -... -``` - -#### AWS S3 -**NOTE** Keep in mind that when using the `aws-s3` persistence type, you will not be able to provide an IAM on the pod level. -In order to grant permissions to Artifactory using an IAM role, you will have to attach the said IAM role to the machine(s) on which Artifactory is running. -This is due to the fact that the `aws-s3` template uses the `JetS3t` library to interact with AWS. If you want to grant an IAM role at the pod level, see the `AWS S3 Vs` section. - -To use an AWS S3 bucket as the cluster's filestore. See [S3 Binary Provider](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore#ConfiguringtheFilestore-S3BinaryProvider) -- Pass AWS S3 parameters to `helm install` and `helm upgrade` -```bash -... -# With explicit credentials: ---set artifactory.persistence.type=aws-s3 \ ---set artifactory.persistence.awsS3.endpoint=${AWS_S3_ENDPOINT} \ ---set artifactory.persistence.awsS3.region=${AWS_REGION} \ ---set artifactory.persistence.awsS3.identity=${AWS_ACCESS_KEY_ID} \ ---set artifactory.persistence.awsS3.credential=${AWS_SECRET_ACCESS_KEY} \ -... - -... -# With using existing IAM role ---set artifactory.persistence.type=aws-s3 \ ---set artifactory.persistence.awsS3.endpoint=${AWS_S3_ENDPOINT} \ ---set artifactory.persistence.awsS3.region=${AWS_REGION} \ ---set artifactory.persistence.awsS3.roleName=${AWS_ROLE_NAME} \ -... -``` -**NOTE:** Make sure S3 `endpoint` and `region` match. See [AWS documentation on endpoint](https://docs.aws.amazon.com/general/latest/gr/rande.html) - -#### AWS S3 V3 -To use an AWS S3 bucket as the cluster's filestore and access it with the official AWS SDK, See [S3 Official SDK Binary Provider](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore#ConfiguringtheFilestore-AmazonS3OfficialSDKTemplate). -This filestore template uses the official AWS SDK, unlike th`aws-s3` implementation that uses the `JetS3t` library. -Use this template if you want to attach an IAM role to the Artifactory pod directly (as opposed to attaching it to the machine/s that Artifactory will run on). - -**NOTE** This will have to be combined with a k8s mechanism for attaching IAM roles to pods, like [kube2iam](https://github.com/helm/charts/tree/master/stable/kube2iam) or anything similar. - -- Pass AWS S3 V3 parameters and the annotation pointing to the IAM role (when using an IAM role. this is kube2iam specific and may vary depending on the implementation) to `helm install` and `helm upgrade` - -```bash -# With explicit credentials: ---set artifactory.persistence.type=aws-s3-v3 \ ---set artifactory.persistence.awsS3V3.region=${AWS_REGION} \ ---set artifactory.persistence.awsS3V3.bucketName=${AWS_S3_BUCKET_NAME} \ ---set artifactory.persistence.awsS3V3.identity=${AWS_ACCESS_KEY_ID} \ ---set artifactory.persistence.awsS3V3.credential=${AWS_SECRET_ACCESS_KEY} \ -... -``` - -```bash -# With using existing IAM role ---set artifactory.persistence.type=aws-s3-v3 \ ---set artifactory.persistence.awsS3V3.region=${AWS_REGION} \ ---set artifactory.persistence.awsS3V3.bucketName=${AWS_S3_BUCKET_NAME} \ ---set artifactory.annotations.'iam\.amazonaws\.com/role'=${AWS_IAM_ROLE_ARN} -... -``` - -#### Microsoft Azure Blob Storage -To use Azure Blob Storage as the cluster's filestore. See [Azure Blob Storage Binary Provider](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore#ConfiguringtheFilestore-AzureBlobStorageClusterBinaryProvider) -- Pass Azure Blob Storage parameters to `helm install` and `helm upgrade` -```bash -... ---set artifactory.persistence.type=azure-blob \ ---set artifactory.persistence.azureBlob.accountName=${AZURE_ACCOUNT_NAME} \ ---set artifactory.persistence.azureBlob.accountKey=${AZURE_ACCOUNT_KEY} \ ---set artifactory.persistence.azureBlob.endpoint=${AZURE_ENDPOINT} \ ---set artifactory.persistence.azureBlob.containerName=${AZURE_CONTAINER_NAME} \ -... -``` - -* To use a persistent volume claim as cache dir together with Azure Blob Storage, additionally pass the following parameters to `helm install` and `helm upgrade` (make sure `mountPath` and `cacheProviderDir` point to the same location) -```bash -... ---set artifactory.persistence.existingClaim=${YOUR_CLAIM} \ ---set artifactory.persistence.mountPath=/opt/cache-dir \ ---set artifactory.persistence.cacheProviderDir=/opt/cache-dir \ -... -``` - -#### Custom binarystore.xml -You have an option to provide a custom [binarystore.xml](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore).
-There are two options for this - -1. Editing directly in [values.yaml](values.yaml) -```yaml -artifactory: - persistence: - binarystoreXml: | - - - - - -``` - -2. Create your own [Secret](https://kubernetes.io/docs/concepts/configuration/secret/) and pass it to your `helm install` command -```yaml -# Prepare your custom Secret file (custom-binarystore.yaml) -kind: Secret -apiVersion: v1 -metadata: - name: custom-binarystore - labels: - app: artifactory - chart: artifactory -stringData: - binarystore.xml: |- - - - - -``` - -```bash -# Create a secret from the file -kubectl apply -n artifactory -f ./custom-binarystore.yaml - -# Pass it to your helm install command: -helm upgrade --install artifactory --namespace artifactory --set artifactory.persistence.customBinarystoreXmlSecret=custom-binarystore center/jfrog/artifactory -``` - -### Create a unique Master Key -Artifactory requires a unique master key. By default the chart has one set in values.yaml (`artifactory.masterKey`). - -**For production grade installations it is strongly recommended to use a custom master key. If you initially use the default master key it will be very hard to change the master key at a later stage** -**This key is for demo purpose and should not be used in a production environment!** - -You should generate a unique one and pass it to the template at install/upgrade time. -```bash -# Create a key -export MASTER_KEY=$(openssl rand -hex 32) -echo ${MASTER_KEY} - -# Pass the created master key to helm -helm upgrade --install artifactory --set artifactory.masterKey=${MASTER_KEY} --namespace artifactory center/jfrog/artifactory -``` - -Alternatively, you can create a secret containing the master key manually and pass it to the template at install/upgrade time. -```bash -# Create a key -export MASTER_KEY=$(openssl rand -hex 32) -echo ${MASTER_KEY} - -# Create a secret containing the key. The key in the secret must be named master-key -kubectl create secret generic my-secret --from-literal=master-key=${MASTER_KEY} - -# Pass the created secret to helm -helm upgrade --install artifactory --set artifactory.masterKeySecretName=my-secret --namespace artifactory center/jfrog/artifactory -``` -**NOTE:** In either case, make sure to pass the same master key on all future calls to `helm install` and `helm upgrade`! In the first case, this means always passing `--set artifactory.masterKey=${MASTER_KEY}`. In the second, this means always passing `--set artifactory.masterKeySecretName=my-secret` and ensuring the contents of the secret remain unchanged. - -### Special Upgrade Notes -### MasterKey during 6.x to 7.x Migration (App version) - -**NOTE:** 6.x only supports masterKey with 16 hex (32 characters) and if you have set masterKey using `openssl rand -hex 32` (64 characters) in 6.x, only the first 32 characters are used and rest are ignored. Hence, during 6.x to 7.x migration, we trim first 32 characters and set masterkey, which implies 7.x still uses the trimmed masterkey of 6.x. Hence, `artifactory.masterKey` should not be passed during migration from 6.x to 7.x. - -### Create a unique Join Key -Artifactory requires a unique join key. By default the chart has one set in values.yaml (`artifactory.joinKey`). - -**This key is for demo purpose and should not be used in a production environment!** - -You should generate a unique key and pass it to the template at install/upgrade time. -```bash -# Create a key -export JOIN_KEY=$(openssl rand -hex 32) -echo ${JOIN_KEY} - -# Pass the created join key to helm -helm upgrade --install artifactory --set artifactory.joinKey=${JOIN_KEY} --namespace artifactory center/jfrog/artifactory -``` - -Alternatively, you can create a secret containing the join key manually and pass it to the template at install/upgrade time. -```bash -# Create a key -export JOIN_KEY=$(openssl rand -hex 32) -echo ${JOIN_KEY} - -# Create a secret containing the key. The key in the secret must be named join-key -kubectl create secret generic my-secret --from-literal=join-key=${JOIN_KEY} - -# Pass the created secret to helm -helm upgrade --install artifactory --set artifactory.joinKeySecretName=my-secret --namespace artifactory center/jfrog/artifactory -``` -**NOTE:** In either case, make sure to pass the same join key on all future calls to `helm install` and `helm upgrade`! This means always passing `--set artifactory.joinKey=${JOIN_KEY}`. In the second, this means always passing `--set artifactory.joinKeySecretName=my-secret` and ensuring the contents of the secret remain unchanged. - -### Customizing Database password -You can override the specified database password (set in [values.yaml](values.yaml)), by passing it as a parameter in the install command line -```bash -helm upgrade --install artifactory --namespace artifactory --set postgresql.postgresqlPassword=12_hX34qwerQ2 center/jfrog/artifactory -``` - -You can customise other parameters in the same way, by passing them on `helm install` command line. - -### Deleting Artifactory - -On helm v2: -```bash -helm delete --purge artifactory -``` - -On helm v3: -```bash -helm delete artifactory --namespace artifactory -``` -This will completely delete your Artifactory Pro deployment. -**IMPORTANT:** This will also delete your data volumes. You will lose all data! - -### Kubernetes Secret for Artifactory License -##### Use an existing secret -You can deploy the Artifactory license as a [Kubernetes secret](https://kubernetes.io/docs/concepts/configuration/secret/). -Prepare a text file with the license written in it and create a Kubernetes secret from it. -```bash -# Create the Kubernetes secret (assuming the local license file is 'art.lic') -kubectl create secret generic artifactory-license --from-file=./art.lic - -# Pass the license to helm -helm upgrade --install artifactory --set artifactory.license.secret=artifactory-license,artifactory.license.dataKey=art.lic --namespace artifactory center/jfrog/artifactory -``` -**NOTE:** This method is relevant for initial deployment only! Once Artifactory is deployed, you should not keep passing these parameters as the license is already persisted into Artifactory's storage (they will be ignored). -Updating the license should be done via Artifactory UI or REST API. -If you want to keep managing the artifactory license using the same method, you can use the copyOnEveryStartup example shown in the values.yaml file - -##### Create the secret as part of the helm release -values.yaml -```yaml -artifactory: - license: - licenseKey: |- - -``` - -```bash -helm upgrade --install artifactory -f values.yaml --namespace artifactory center/jfrog/artifactory -``` -**NOTE:** This method is relevant for initial deployment only! Once Artifactory is deployed, you should not keep passing these parameters as the license is already persisted into Artifactory's storage (they will be ignored). -Updating the license should be done via Artifactory UI or REST API. -If you want to keep managing the artifactory license using the same method, you can use the copyOnEveryStartup example shown in the values.yaml file - - -### copyOnEveryStartup feature -Files stored in the `/artifactory-extra-conf` directory are only copied to the `ARTIFACTORY_HOME/etc` directory upon the first startup. -In some cases, you want your configuration files to be copied to the `ARTIFACTORY_HOME/etc` directory on every startup. -Two examples for that would be: - -1. the binarstore.xml file. If you use the default behaviour, your binarystore.xml configuration will only be copied on the first startup, -which means that changes you make over time to the `binaryStoreXml` configuration will not be applied. In order to make sure your changes are applied on every startup, do the following: -Create a values file with the following values: -```yaml -artifactory: - copyOnEveryStartup: - - source: /artifactory_bootstrap/binarystore.xml - target: etc/artifactory/ -``` - -Install the helm chart with the values file you created: -```bash -helm upgrade --install artifactory --namespace artifactory center/jfrog/artifactory -f values.yaml -``` - -2. Any custom configuration file you have to configure artifactory, such as `logback.xml`: -Create a config map with your `logback.xml` configuration. - -Create a values file with the following values: -```yaml -artifactory: - ## Create a volume pointing to the config map with your configuration file - customVolumes: | - - name: logback-xml-configmap - configMap: - name: logback-xml-configmap - customVolumeMounts: | - - name: logback-xml-configmap - mountPath: /tmp/artifactory-logback/ - copyOnEveryStartup: - - source: /tmp/artifactory-logback/* - target: etc/ -``` - -Install the helm chart with the values file you created: -```bash -helm upgrade --install artifactory --namespace artifactory center/jfrog/artifactory -f values.yaml -``` - -### Configure NetworkPolicy - -NetworkPolicy specifies what ingress and egress is allowed in this namespace. It is encouraged to be more specific whenever possible to increase security of the system. - -In the `networkpolicy` section of values.yaml you can specify a list of NetworkPolicy objects. - -For podSelector, ingress and egress, if nothing is provided then a default `- {}` is applied which is to allow everything. - -A full (but very wide open) example that results in 2 NetworkPolicy objects being created: -```yaml -networkpolicy: - # Allows all ingress and egress to/from artifactory. - - name: artifactory - podSelector: - matchLabels: - app: artifactory - egress: - - {} - ingress: - - {} - # Allows connectivity from artifactory pods to postgresql pods, but no traffic leaving postgresql pod. - - name: postgres - podSelector: - matchLabels: - app: postgresql - ingress: - - from: - - podSelector: - matchLabels: - app: artifactory -``` -### Artifactory JMX Configuration -** You can see some information about the exposed MBeans here - https://www.jfrog.com/confluence/display/RTF/Artifactory+JMX+MBeans - -Enable JMX in your deployment: -```bash -helm upgrade --install artifactory \ - --set artifactory.javaOpts.jmx.enabled=true \ - --namespace artifactory center/jfrog/artifactory -``` -This will enable access to Artifactory with JMX on the default port (9010). -** You have the option to change the port by setting ```artifactory.javaOpts.jmx.port``` to your choice of port - -In order to connect to Artifactory using JMX with jconsole (or any similar tool) installed on your computer, follow the following steps: -1. Enable JMX as described above and Change the Artifactory service to be of type LoadBalancer: -```bash -helm upgrade --install artifactory \ - --set artifactory.javaOpts.jmx.enabled=true \ - --set artifactory.service.type=LoadBalancer \ - --namespace artifactory center/jfrog/artifactory - -``` -2. The default setting for java.rmi.server.hostname is the service name (this is also configurable with ```artifactory.javaOpts.jmx.host```). -So in order to connect to Artifactory with jconsole you should map the Artifactory kuberentes service IP to the service name using your hosts file as such: -``` - artifactory- -``` -3. Launch jconsole with the service address and port: -```bash -jconsole artifactory-: -``` - -### Bootstrapping Artifactory admin password -You can bootstrap the `admin` user password as described in the [bootstrap Artifactory admin credentials](https://www.jfrog.com/confluence/display/JFROG/Users+and+Groups#UsersandGroups-RecreatingtheDefaultAdminUserrecreate) guide. - -1. Create `admin-creds-values.yaml` and provide the IP (By default 127.0.0.1) and password: -```yaml -artifactory: - admin: - ip: "" # Example: "*" to allow access from anywhere - username: "admin" - password: "" -``` - -2. Apply the `admin-creds-values.yaml` file: -```bash -helm upgrade --install artifactory --namespace artifactory center/jfrog/artifactory -f admin-creds-values.yaml -``` - -3. Restart Artifactory Pod (`Kubectl delete pod `) - -### Bootstrapping Artifactory configuration -**IMPORTANT:** Bootstrapping Artifactory needs license. Pass license as shown in above section. - -* User guide to [bootstrap Artifactory Global Configuration](https://www.jfrog.com/confluence/display/RTF/Configuration+Files#ConfigurationFiles-BootstrappingtheGlobalConfiguration) -* User guide to [bootstrap Artifactory Security Configuration](https://www.jfrog.com/confluence/display/RTF/Configuration+Files#ConfigurationFiles-BootstrappingtheSecurityConfiguration) - -1. Create `bootstrap-config.yaml` with artifactory.config.import.xml and security.import.xml as shown below: -```yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: my-release-bootstrap-config -data: - artifactory.config.import.xml: | - - security.import.xml: | - -``` - -2. Create configMap in Kubernetes: -```bash -kubectl apply -f bootstrap-config.yaml -``` -3. Pass the configMap to helm -```bash -helm upgrade --install artifactory --set artifactory.license.secret=artifactory-license,artifactory.license.dataKey=art.lic,artifactory.configMapName=my-release-bootstrap-config --namespace artifactory center/jfrog/artifactory -``` -OR -```bash -helm upgrade --install artifactory --set artifactory.license.licenseKey=,artifactory.configMapName=my-release-bootstrap-config --namespace artifactory center/jfrog/artifactory -``` - -### Use custom nginx.conf with Nginx - -Steps to create configMap with nginx.conf -* Create `nginx.conf` file. -```bash -kubectl create configmap nginx-config --from-file=nginx.conf -``` -* Pass configMap to helm install -```bash -helm upgrade --install artifactory --set nginx.customConfigMap=nginx-config --namespace artifactory center/jfrog/artifactory -``` - -### Use an external Database - -**For production grade installations it is recommended to use an external PostgreSQL with a static password** - -#### PostgreSQL -There are cases where you will want to use an external PostgreSQL with a different database name e.g. `my-artifactory-db`, then you need set a custom PostgreSQL connection URL, where `my-artifactory-db` is the name of the database. - -This can be done with the following parameters -```bash -... ---set postgresql.enabled=false \ ---set database.type=postgresql \ ---set database.driver=org.postgresql.Driver \ ---set database.url='jdbc:postgresql://${DB_HOST}:${DB_PORT}/my-artifactory-db' \ ---set database.user=${DB_USER} \ ---set database.password=${DB_PASSWORD} \ -... -``` -**NOTE:** You must set `postgresql.enabled=false` in order for the chart to use the `database.*` parameters. Without it, they will be ignored! - -#### Other DB type -There are cases where you will want to use a different database and not the enclosed **PostgreSQL**. -See more details on [configuring the database](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Database) -> The official Artifactory Docker images include the PostgreSQL database driver. -> For other database types, you will have to add the relevant database driver to Artifactory's tomcat/lib - -This can be done with the following parameters -```bash -# Make sure your Artifactory Docker image has the MySQL database driver in it -... ---set postgresql.enabled=false \ ---set artifactory.preStartCommand="mkdir -p /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib; cd /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib && wget -O /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib/mysql-connector-java-5.1.41.jar https://jcenter.bintray.com/mysql/mysql-connector-java/5.1.41/mysql-connector-java-5.1.41.jar" \ ---set database.type=mysql \ ---set database.driver=com.mysql.jdbc.Driver \ ---set database.url=${DB_URL} \ ---set database.user=${DB_USER} \ ---set database.password=${DB_PASSWORD} \ -... -``` -**NOTE:** You must set `postgresql.enabled=false` in order for the chart to use the `database.*` parameters. Without it, they will be ignored! -##### Configuring Artifactory with external Oracle database -To use artifactory with oracledb the required instant client library files, libaio has to be copied to tomcat lib. Also set LD_LIBRARY_PATH env variable. -1. Create a value file with the configuration -```yaml -postgresql: - enabled: false -database: - type: oracle - driver: oracle.jdbc.OracleDriver - url: - user: - password: -artifactory: - preStartCommand: "mkdir -p /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib; cd /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib && wget -O instantclient-basic-linux.x64-19.6.0.0.0dbru.zip https://download.oracle.com/otn_software/linux/instantclient/19600/instantclient-basic-linux.x64-19.6.0.0.0dbru.zip && unzip -jn instantclient-basic-linux.x64-19.6.0.0.0dbru.zip && wget -O libaio1_0.3.110-3_amd64.deb http://ftp.br.debian.org/debian/pool/main/liba/libaio/libaio1_0.3.110-3_amd64.deb && dpkg-deb -x libaio1_0.3.110-3_amd64.deb . && cp lib/x86_64-linux-gnu/* ." - extraEnvironmentVariables: - - name: LD_LIBRARY_PATH - value: /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib -``` -2. Install Artifactory with the values file you created: -```bash -helm upgrade --install artifactory center/jfrog/artifactory --namespace artifactory -f values-oracle.yaml -``` -**NOTE:** If its an upgrade from 6.x to 7.x, add same `preStartCommand` under `artifactory.migration.preStartCommand` - -#### Using pre-existing Kubernetes Secret -If you store your database credentials in a pre-existing Kubernetes `Secret`, you can specify them via `database.secrets` instead of `database.user` and `database.password`: -```bash -# Create a secret containing the database credentials -kubectl create secret generic my-secret --from-literal=user=${DB_USER} --from-literal=password=${DB_PASSWORD} -... ---set postgresql.enabled=false \ ---set database.secrets.user.name=my-secret \ ---set database.secrets.user.key=user \ ---set database.secrets.password.name=my-secret \ ---set database.secrets.password.key=password \ ---set database.secrets.url.name=my-secret \ ---set database.secrets.url.key=url \ -... -``` - -### Deleting Artifactory -To delete the Artifactory. - -On helm v2: -```bash -helm delete --purge artifactory -``` - -On helm v3: -```bash -helm delete artifactory --namespace artifactory -``` -This will completely delete your Artifactory HA cluster. - -### Custom Docker registry for your images -If you need to pull your Docker images from a private registry, you need to create a -[Kubernetes Docker registry secret](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/) and pass it to helm -```bash -# Create a Docker registry secret called 'regsecret' -kubectl create secret docker-registry regsecret --docker-server= --docker-username= --docker-password= --docker-email= -``` -Once created, you pass it to `helm` -```bash -helm upgrade --install artifactory --set imagePullSecrets=regsecret --namespace artifactory center/jfrog/artifactory -``` - -### Logger sidecars -This chart provides the option to add sidecars to tail various logs from Artifactory. See the available values in [values.yaml](values.yaml) - -Get list of containers in the pod -```bash -kubectl get pods -n -o jsonpath='{.spec.containers[*].name}' | tr ' ' '\n' -``` - -View specific log -```bash -kubectl logs -n -c -``` - -### Custom init containers -There are cases where a special, unsupported init processes is needed like checking something on the file system or testing something before spinning up the main container. - -For this, there is a section for writing a custom init container in the [values.yaml](values.yaml). By default it's commented out -```yaml -artifactory: - ## Add custom init containers - customInitContainers: | - ## Init containers template goes here ## -``` - -### Custom sidecar containers -There are cases where an extra sidecar container is needed. For example monitoring agents or log collection. - -For this, there is a section for writing a custom sidecar container in the [values.yaml](values.yaml). By default it's commented out -```yaml -artifactory: - ## Add custom sidecar containers - customSidecarContainers: | - ## Sidecar containers template goes here ## -``` - -### Custom volumes -If you need to use a custom volume in a custom init or sidecar container, you can use this option. - -For this, there is a section for defining custom volumes in the [values.yaml](values.yaml). By default it's commented out -```yaml -artifactory: - ## Add custom volumes - customVolumes: | - ## Custom volume comes here ## -``` - -### Custom secrets -If you need to add a custom secret in a custom init or sidecar container, you can use this option. - -For this, there is a section for defining custom secrets in the [values.yaml](values.yaml). By default it's commented out -```yaml -artifactory: - # Add custom secrets - secret per file - customSecrets: - - name: custom-secret - key: custom-secret.yaml - data: > - secret data -``` - -To use a custom secret, need to define a custom volume. -```yaml -artifactory: - ## Add custom volumes - customVolumes: | - - name: custom-secret - secret: - secretName: custom-secret -``` - -To use a volume, need to define a volume mount as part of a custom init or sidecar container. -```yaml -artifactory: - customSidecarContainers: - - name: side-car-container - volumeMounts: - - name: custom-secret - mountPath: /opt/custom-secret.yaml - subPath: custom-secret.yaml - readOnly: true -``` - -You can configure the sidecar to run as a custom user if needed by setting the following in the container template -```yaml - # Example of running container as root (id 0) - securityContext: - runAsUser: 0 - fsGroup: 0 -``` - -### Add Artifactory User Plugin during installation -If you need to add [Artifactory User Plugin](https://github.com/jfrog/artifactory-user-plugins), you can use this option. - -Create a secret with [Artifactory User Plugin](https://github.com/jfrog/artifactory-user-plugins) by following command: -```bash -# Secret with single user plugin -kubectl create secret generic archive-old-artifacts --from-file=archiveOldArtifacts.groovy --namespace=artifactory - -# Secret with single user plugin with configuration file -kubectl create secret generic webhook --from-file=webhook.groovy --from-file=webhook.config.json.sample --namespace=artifactory -``` - -Add plugin secret names to `plugins.yaml` as following: -```yaml -artifactory: - userPluginSecrets: - - archive-old-artifacts - - webhook -``` - -You can now pass the created `plugins.yaml` file to helm install command to deploy Artifactory with user plugins as follows: -```bash -helm upgrade --install artifactory -f plugins.yaml --namespace artifactory center/jfrog/artifactory -``` - -Alternatively, you may be in a situation in which you would like to create a secret in a Helm chart that depends on this chart. In this scenario, the name of the secret is likely dynamically generated via template functions, so passing a statically named secret isn't possible. In this case, the chart supports evaluating strings as templates via the [`tpl`](https://helm.sh/docs/charts_tips_and_tricks/#using-the-tpl-function) function - simply pass the raw string containing the templating language used to name your secret as a value instead by adding the following to your chart's `values.yaml` file: -```yaml -artifactory: # Name of the artifactory dependency - artifactory: - userPluginSecrets: - - '{{ template "my-chart.fullname" . }}' -``` -For additional information, please refer [here](https://www.jfrog.com/confluence/display/JFROG/User+Plugins). - -### Provide custom configMaps to Artifactory -If you want to mount a custom file to Artifactory, either an init shell script or a custom configuration file (such as `logback.xml`), you can use this option. - -Create a `configmaps.yaml` file with the following content: -```yaml -artifactory: - configMaps: | - logback.xml: | - - - - - %date [%-5level] \(%-20c{3}:%L\) %message%n - - - - - - - - - - - - - - - my-custom-post-start-hook.sh: | - echo "This is my custom post start hook" - - customVolumeMounts: | - - name: artifactory-configmaps - mountPath: /tmp/my-config-map - - postStartCommand: | - chmod +x /tmp/my-config-map/my-custom-post-start-hook.sh; - /tmp/my-config-map/my-custom-post-start-hook.sh; - - copyOnEveryStartup: - - source: /tmp/my-config-map/logback.xml - target: etc/ - -``` - -and use it with you helm install/upgrade: -```bash -helm upgrade --install artifactory -f configmaps.yaml --namespace artifactory center/jfrog/artifactory -``` - -This will, in turn: -* create a configMap with the files you specified above -* create a volume pointing to the configMap with the name `artifactory-configmaps` -* Mount said configMap onto `/tmp/my-config-map` using a `customVolumeMounts` -* Set the shell script we mounted as the `postStartCommand` -* Copy the `logback.xml` file to its proper location in the `$ARTIFACTORY_HOME/etc` directory. - -### Establishing TLS and Adding certificates -In HTTPS, the communication protocol is encrypted using Transport Layer Security (TLS). By default, TLS between JFrog Platform nodes is disabled. -When TLS is enabled, JFrog Access acts as the Certificate Authority (CA) signs the TLS certificates used by all the different JFrog Platform nodes. - -To establish TLS between JFrog Platform nodes: -Enable TLS by changing the tls entry (under the security section) in the access.config.yaml file. For more info, Please refer [here](https://www.jfrog.com/confluence/display/JFROG/Managing+TLS+Certificates#ManagingTLSCertificates) - -To enable tls in charts, set `tls` to true under `access` in [values.yaml](values.yaml). By default it's false -```yaml -access: - accessConfig: - security: - tls: true -``` - -To add custom tls certificates, create a tls secret from the certificate files. - -```bash -kubectl create secret tls --cert=ca.crt --key=ca.private.key -``` - -For resetting access certificates , you can set `resetAccessCAKeys` to true under access section in [values.yaml](values.yaml) and perform an helm upgrade. -* Note : Once helm upgrade is done, set `resetAccessCAKeys` to false for subsequent upgrades (to avoid resetting access certificates on every helm upgrade) -```yaml -access: - accessConfig: - security: - tls: true - customCertificatesSecretName: - resetAccessCAKeys: true -``` - -### Artifactory filebeat -If you want to collect logs from your Artifactory installation and send them to a central log collection solution like ELK, you can use this option. - -Create a `filebeat.yaml` values file with the following content: -```yaml -filebeat: - enabled: true - logstashUrl: - resources: - requests: - memory: "100Mi" - cpu: "100m" - limits: - memory: "100Mi" - cpu: "100m" -``` - -You can optionally customize the `filebeat.yaml` to send output to a different location like so: -```yaml -filebeat: - enabled: true - filebeatYml: | - -``` - -and use it with you helm install/upgrade: -```bash -helm upgrade --install artifactory -f filebeat.yaml --namespace artifactory center/jfrog/artifactory -``` - -### Install Artifactory HA with Nginx and Terminate SSL in Nginx Service(LoadBalancer). -To install the helm chart with performing SSL offload in the LoadBalancer layer of Nginx -For Ex: Using AWS ACM certificates to do SSL offload in the loadbalancer layer. -In order to do that, simply add the following to a `artifactory-ssl-values.yaml` file: -```yaml - nginx: - ssloffload: true - https: - enabled: false - service: - annotations: - service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:xx-xxxx:xxxxxxxx:certificate/xxxxxxxxxxxxx" - service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http" - service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https" -``` - -and use it with you helm install/upgrade: -```bash -helm upgrade --install artifactory -f artifactory-ssl-values.yaml --namespace artifactory center/jfrog/artifactory -``` - -### Ingress and TLS -To get Helm to create an ingress object with a hostname, add these below lines to `artifactory-ingress-values.yaml` file -```yaml - ingress: - enabled: true - hosts: - - artifactory.company.com - artifactory: - service: - type: NodePort - nginx - enabled: false -``` - -and use it with you helm install/upgrade: -```bash -helm upgrade --install artifactory -f artifactory-ingress-values.yaml --namespace artifactory center/jfrog/artifactory -``` - -If your cluster allows automatic creation/retrieval of TLS certificates (e.g. [cert-manager](https://github.com/jetstack/cert-manager)), please refer to the documentation for that mechanism. - -To manually configure TLS, first create/retrieve a key & certificate pair for the address(es) you wish to protect. Then create a TLS secret in the namespace: - -```bash -kubectl create secret tls artifactory-tls --cert=path/to/tls.cert --key=path/to/tls.key -``` - -Include the secret's name, along with the desired hostnames, in the Artifactory Ingress TLS section of your custom `values.yaml` file: - -```yaml - ingress: - ## If true, Artifactory Ingress will be created - ## - enabled: true - - ## Artifactory Ingress hostnames - ## Must be provided if Ingress is enabled - ## - hosts: - - artifactory.domain.com - annotations: - kubernetes.io/tls-acme: "true" - ## Artifactory Ingress TLS configuration - ## Secrets must be manually created in the namespace - ## - tls: - - secretName: artifactory-tls - hosts: - - artifactory.domain.com -``` - -### Ingress annotations - -This example specifically enables Artifactory to work as a Docker Registry using the Repository Path method. See [Artifactory as Docker Registry](https://www.jfrog.com/confluence/display/RTF/Getting+Started+with+Artifactory+as+a+Docker+Registry) documentation for more information about this setup. - -```yaml -ingress: - enabled: true - defaultBackend: - enabled: false - hosts: - - myhost.example.com - annotations: - ingress.kubernetes.io/force-ssl-redirect: "true" - ingress.kubernetes.io/proxy-body-size: "0" - ingress.kubernetes.io/proxy-read-timeout: "600" - ingress.kubernetes.io/proxy-send-timeout: "600" - kubernetes.io/ingress.class: nginx - nginx.ingress.kubernetes.io/configuration-snippet: | - rewrite ^/(v2)/token /artifactory/api/docker/null/v2/token; - rewrite ^/(v2)/([^\/]*)/(.*) /artifactory/api/docker/$2/$1/$3; - nginx.ingress.kubernetes.io/proxy-body-size: "0" - tls: - - hosts: - - "myhost.example.com" -``` - -If you're using Artifactory as SSO provider (e.g. with xray), you will need to have the following annotations, and change with your domain: -```yaml -.. - annotations: - kubernetes.io/ingress.class: nginx - nginx.ingress.kubernetes.io/configuration-snippet: | - proxy_pass_header Server; - proxy_set_header X-JFrog-Override-Base-Url https://; -``` - -### Ingress additional rules - -You have the option to add additional ingress rules to the Artifactory ingress. An example for this use case can be routing the /xray path to Xray. -In order to do that, simply add the following to a `artifactory-values.yaml` file: -```yaml -ingress: - enabled: true - - defaultBackend: - enabled: false - - annotations: - kubernetes.io/ingress.class: nginx - nginx.ingress.kubernetes.io/configuration-snippet: | - rewrite "(?i)/xray(/|$)(.*)" /$2 break; - - additionalRules: | - - host: - http: - paths: - - path: / - backend: - serviceName: - servicePort: - - path: /xray - backend: - serviceName: - servicePort: - - path: /artifactory - backend: - serviceName: {{ template "artifactory.nginx.fullname" . }} - servicePort: {{ .Values.nginx.externalPortHttp }} -``` - -and running: -```bash -helm upgrade --install xray center/jfrog/artifactory -f artifactory-values.yaml -``` - -### Dedicated Ingress object for replicator service - -You have the option to add additional ingress object to the Replicator service. An example for this use case can be routing the /replicator/ path to Artifactory. -In order to do that, simply add the following to a `artifactory-values.yaml` file: - -```yaml -artifactory: - replicator: - enabled: true - ingress: - name: - hosts: - - myhost.example.com - annotations: - kubernetes.io/ingress.class: nginx - nginx.ingress.kubernetes.io/proxy-buffering: "off" - nginx.ingress.kubernetes.io/configuration-snippet: | - chunked_transfer_encoding on; - tls: - - hosts: - - "myhost.example.com" - secretName: -``` - - -### Ingress behind another load balancer -If you are running a load balancer, that is used to offload the TLS, in front of Nginx Ingress Controller, or if you are setting **X-Forwarded-*** headers, you might want to enable **'use-forwarded-headers=true'** option. Otherwise nginx will be filling those headers with the request information it receives from the external load balancer. - -To enable it with `helm install` -```bash -helm upgrade --install nginx-ingress --namespace nginx-ingress stable/nginx-ingress --set-string controller.config.use-forwarded-headers=true -``` -or `helm upgrade` -```bash -helm upgrade nginx-ingress --set-string controller.config.use-forwarded-headers=true stable/nginx-ingress -``` -or create a values.yaml file with the following content: -```yaml -controller: - config: - use-forwarded-headers: "true" -``` -Then install nginx-ingress with the values file you created: -```bash -helm upgrade --install nginx-ingress --namespace nginx-ingress stable/nginx-ingress -f values.yaml -``` -This will start sending your Artifactory logs to the log aggregator of your choice, based on your configuration in the `filebeatYml` - - -## Configuration -The following table lists the configurable parameters of the artifactory chart and their default values. - -| Parameter | Description | Default | -|---------------------------|-----------------------------------|----------------------------------------------------------| -| `imagePullSecrets` | Docker registry pull secret | | -| `serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | -| `serviceAccount.name` | The name of the ServiceAccount to create | Generated using the fullname template | -| `serviceAccount.annotations` | Artifactory service account annotations | `` | -| `rbac.create` | Specifies whether RBAC resources should be created | `true` | -| `rbac.role.rules` | Rules to create | `[]` | -| `logger.image.repository` | repository for logger image | `busybox` | -| `logger.image.tag` | tag for logger image | `1.30` | -| `artifactory.name` | Artifactory name | `artifactory` | -| `artifactory.replicaCount` | Replica count for Artifactory deployment| `1` | -| `artifactory.image.pullPolicy` | Container pull policy | `IfNotPresent` | -| `artifactory.image.repository` | Container image | `docker.bintray.io/jfrog/artifactory-pro` | -| `artifactory.image.version` | Container tag | `.Chart.AppVersion` | -| `artifactory.labels` | Artifactory labels | `{}` | -| `artifactory.priorityClass.create` | Create a PriorityClass object | `false` | -| `artifactory.priorityClass.value` | Priority Class value | `1000000000` | -| `artifactory.priorityClass.name` | Priority Class name | `{{ template "artifactory.fullname" . }}` | -| `artifactory.priorityClass.existingPriorityClass` | Use existing priority class | `` | -| `artifactory.loggers` | Artifactory loggers (see values.yaml for possible values) | `[]` | -| `artifactory.loggersResources.requests.memory` | Artifactory loggers initial memory request | | -| `artifactory.loggersResources.requests.cpu` | Artifactory loggers initial cpu request | | -| `artifactory.loggersResources.limits.memory` | Artifactory loggers memory limit | | -| `artifactory.loggersResources.limits.cpu` | Artifactory loggers cpu limit | | -| `artifactory.catalinaLoggers` | Artifactory Tomcat loggers (see values.yaml for possible values) | `[]` | -| `artifactory.catalinaLoggersResources.requests.memory` | Artifactory Tomcat loggers initial memory request | | -| `artifactory.catalinaLoggersResources.requests.cpu` | Artifactory Tomcat loggers initial cpu request | | -| `artifactory.catalinaLoggersResources.limits.memory` | Artifactory Tomcat loggers memory limit | | -| `artifactory.catalinaLoggersResources.limits.cpu` | Artifactory Tomcat loggers cpu limit | | -| `artifactory.customInitContainers`| Custom init containers | | -| `artifactory.customSidecarContainers`| Custom sidecar containers | | -| `artifactory.customVolumes` | Custom volumes | | -| `artifactory.customVolumeMounts` | Custom Artifactory volumeMounts | | -| `artifactory.customSecrets` | Custom secrets | | -| `artifactory.customPersistentPodVolumeClaim` | Custom PVC spec to create and attach a unique PVC for each pod on startup with the volumeClaimTemplates feature in StatefulSet | | -| `artifactory.customPersistentVolumeClaim` | Custom PVC spec to be mounted to the all artifactory containers using a volume | | -| `artifactory.userPluginSecrets` | Array of secret names for Artifactory user plugins | | -| `artifactory.license.licenseKey` | Artifactory license key. Providing the license key as a parameter will cause a secret containing the license key to be created as part of the release. Use either this setting or the license.secret and license.dataKey. If you use both, the latter will be used. | | -| `artifactory.configMaps` | configMaps to be created as volume by the name `artifactory-configmaps`. In order to use these configMaps, you will need to add `customVolumeMounts` to point to the created volume and mount it onto a container | | -| `artifactory.license.secret` | Artifactory license secret name | | -| `artifactory.license.dataKey`| Artifactory license secret data key | | -| `artifactory.service.name`| Artifactory service name to be set in Nginx configuration | `artifactory` | -| `artifactory.service.type`| Artifactory service type | `ClusterIP` | -| `artifactory.service.loadBalancerSourceRanges`| Artifactory service array of IP CIDR ranges to whitelist (only when service type is LoadBalancer) | | -| `artifactory.service.annotations` | Artifactory service annotations | `{}` | -| `artifactory.externalPort` | Artifactory router service external port | `8082` | -| `artifactory.internalPort` | Artifactory router service internal port (**DO NOT** use port lower than 1024) | `8082` | -| `artifactory.internalArtifactoryPort` | Artifactory service internal port (**DO NOT** use port lower than 1024) | `8081` | -| `artifactory.externalArtifactoryPort` | Artifactory service external port | `8081` | -| `artifactory.livenessProbe.enabled` | Enable liveness probe | `true` | -| `artifactory.livenessProbe.path` | Liveness probe HTTP Get path | `/router/api/v1/system/health` | -| `artifactory.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 180 | -| `artifactory.livenessProbe.periodSeconds` | How often to perform the probe | 10 | -| `artifactory.livenessProbe.timeoutSeconds` | When the probe times out | 10 | -| `artifactory.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | 1 | -| `artifactory.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 10 | -| `artifactory.masterKey` | Artifactory Master Key. A 128-Bit key size (hexadecimal encoded) string (32 hex characters). Can be generated with `openssl rand -hex 32`. NOTE: This key is generated only once and cannot be updated once created | `` | -| `artifactory.masterKeySecretName` | Artifactory Master Key secret name | | -| `artifactory.joinKey` | Join Key to connect other services to Artifactory. Can be generated with `openssl rand -hex 32` | `` | -| `artifactory.joinKeySecretName` | Artifactory join Key secret name | | -| `artifactory.admin.ip` | Artifactory admin ip to be set upon startup, can use (*) for 0.0.0.0| `127.0.0.1` | -| `artifactory.admin.username` | Artifactory admin username to be set upon startup| `admin` | -| `artifactory.admin.password` | Artifactory admin password to be set upon startup| | -| `artifactory.admin.secret` | Artifactory admin secret name | | -| `artifactory.admin.dataKey` | Artifactory admin secret data key | | -| `artifactory.preStartCommand` | Command to run before entrypoint starts | | -| `artifactory.postStartCommand` | Command to run after container starts. Supports templating with `tpl` | | -| `artifactory.extraEnvironmentVariables` | Extra environment variables to pass to Artifactory. Supports evaluating strings as templates via the [`tpl`](https://helm.sh/docs/charts_tips_and_tricks/#using-the-tpl-function) function. See [documentation](https://www.jfrog.com/confluence/display/RTF/Installing+with+Docker#InstallingwithDocker-SupportedEnvironmentVariables) | | -| `artifactory.readinessProbe.enabled` | would you like a readinessProbe to be enabled | `true` | -| `artifactory.readinessProbe.path` | Readiness probe HTTP Get path | `/router/api/v1/system/health` | -| `artifactory.readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | 180 | -| `artifactory.readinessProbe.periodSeconds` | How often to perform the probe | 10 | -| `artifactory.readinessProbe.timeoutSeconds` | When the probe times out | 10 | -| `artifactory.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | 1 | -| `artifactory.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 10 | -| `artifactory.deleteDBPropertiesOnStartup` | Whether to delete the ARTIFACTORY_HOME/etc/db.properties file on startup. Disabling this will remove the ability for the db.properties to be updated with any DB-related environment variables change (e.g. DB_HOST, DB_URL) | `true` | -| `artifactory.database.maxOpenConnections` | Maximum amount of open connections from Artifactory to the DB | `80` | -| `artifactory.copyOnEveryStartup` | List of files to copy on startup from source (which is absolute) to target (which is relative to ARTIFACTORY_HOME | | -| `artifactory.migration.timeoutSeconds` | Artifactory migration Maximum Timeout in seconds| `3600` | -| `artifactory.migration.enabled` | Artifactory migration enabled or disabled | `true` | -| `artifactory.persistence.mountPath` | Artifactory persistence volume mount path | `"/var/opt/jfrog/artifactory"` | -| `artifactory.persistence.enabled` | Artifactory persistence volume enabled | `true` | -| `artifactory.persistence.existingClaim` | Artifactory persistence volume claim name | | -| `artifactory.persistence.accessMode` | Artifactory persistence volume access mode | `ReadWriteOnce` | -| `artifactory.persistence.size` | Artifactory persistence or local volume size | `20Gi` | -| `artifactory.persistence.binarystore.enabled` | whether you want to mount the binarystore.xml file from a secret created by the chart. If `false` you will need need to get the binarystore.xml file into the file-system from either an `initContainer` or using a `preStartCommand` | `true` | -| `artifactory.persistence.binarystoreXml` | Artifactory binarystore.xml template | See `values.yaml` | -| `artifactory.persistence.customBinarystoreXmlSecret` | A custom Secret for binarystore.xml | `` | -| `artifactory.persistence.maxCacheSize` | The maximum storage allocated for the cache in bytes. | `50000000000` | -| `artifactory.persistence.cacheProviderDir` | the root folder of binaries for the filestore cache. If the value specified starts with a forward slash ("/") it is considered the fully qualified path to the filestore folder. Otherwise, it is considered relative to the *baseDataDir*. | `cache` | -| `artifactory.persistence.type` | Artifactory HA storage type | `file-system` | -| `artifactory.persistence.redundancy` | Artifactory HA storage redundancy | `3` | -| `artifactory.persistence.nfs.ip` | NFS server IP | | -| `artifactory.persistence.nfs.haDataMount` | NFS data directory | `/data` | -| `artifactory.persistence.nfs.haBackupMount` | NFS backup directory | `/backup` | -| `artifactory.persistence.nfs.dataDir` | HA data directory | `/var/opt/jfrog/artifactory` | -| `artifactory.persistence.nfs.backupDir` | HA backup directory | `/var/opt/jfrog/artifactory-backup` | -| `artifactory.persistence.nfs.capacity` | NFS PVC size | `200Gi` | -| `artifactory.persistence.fileSystem.cache.enabled` | Enable Artifactory cache when using the file-system persistence type | `false` | -| `artifactory.persistence.eventual.numberOfThreads` | Eventual number of threads | `10` | -| `artifactory.persistence.googleStorage.endpoint` | Google Storage API endpoint| `storage.googleapis.com` | -| `artifactory.persistence.googleStorage.httpsOnly` | Google Storage API has to be consumed https only| `false` | -| `artifactory.persistence.googleStorage.bucketName` | Google Storage bucket name | `artifactory` | -| `artifactory.persistence.googleStorage.identity` | Google Storage service account id | | -| `artifactory.persistence.googleStorage.credential` | Google Storage service account key | | -| `artifactory.persistence.googleStorage.path` | Google Storage path in bucket | `artifactory/filestore` | -| `artifactory.persistence.googleStorage.bucketExists`| Google Storage bucket exists therefore does not need to be created.| `false` | -| `artifactory.persistence.awsS3.bucketName` | AWS S3 bucket name | `artifactory-aws` | -| `artifactory.persistence.awsS3.endpoint` | AWS S3 bucket endpoint | See https://docs.aws.amazon.com/general/latest/gr/rande.html | -| `artifactory.persistence.awsS3.region` | AWS S3 bucket region | | -| `artifactory.persistence.awsS3.roleName` | AWS S3 IAM role name | | -| `artifactory.persistence.awsS3.identity` | AWS S3 AWS_ACCESS_KEY_ID | | -| `artifactory.persistence.awsS3.credential` | AWS S3 AWS_SECRET_ACCESS_KEY | | -| `artifactory.persistence.awsS3.properties` | AWS S3 additional properties | | -| `artifactory.persistence.awsS3.path` | AWS S3 path in bucket | `artifactory/filestore` | -| `artifactory.persistence.awsS3.refreshCredentials` | AWS S3 renew credentials on expiration | `true` (When roleName is used, this parameter will be set to true) | -| `artifactory.persistence.awsS3.httpsOnly` | AWS S3 https access to the bucket only | `true` | -| `artifactory.persistence.awsS3.testConnection` | AWS S3 test connection on start up | `false` | -| `artifactory.persistence.awsS3.s3AwsVersion` | AWS S3 signature version | `AWS4-HMAC-SHA256` | -| `artifactory.persistence.awsS3V3.testConnection` | AWS S3 test connection on start up | `false` | -| `artifactory.persistence.awsS3V3.identity` | AWS S3 AWS_ACCESS_KEY_ID | | -| `artifactory.persistence.awsS3V3.credential` | AWS S3 AWS_SECRET_ACCESS_KEY | | -| `artifactory.persistence.awsS3V3.region` | AWS S3 bucket region | | -| `artifactory.persistence.awsS3V3.bucketName` | AWS S3 bucket name | `artifactory-aws` | -| `artifactory.persistence.awsS3V3.path` | AWS S3 path in bucket | `artifactory/filestore` | -| `artifactory.persistence.awsS3V3.endpoint` | AWS S3 bucket endpoint | See https://docs.aws.amazon.com/general/latest/gr/rande.html | -| `artifactory.persistence.awsS3V3.maxConnections` | AWS S3 bucket maxConnections | `50` | -| `artifactory.persistence.awsS3V3.kmsServerSideEncryptionKeyId` | AWS S3 encryption key ID or alias | | -| `artifactory.persistence.awsS3V3.kmsKeyRegion` | AWS S3 KMS Key region | | -| `artifactory.persistence.awsS3V3.kmsCryptoMode` | AWS S3 KMS encryption mode | See https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore#ConfiguringtheFilestore-AmazonS3OfficialSDKTemplate | -| `artifactory.persistence.awsS3V3.useInstanceCredentials` | AWS S3 Use default authentication mechanism | See https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore#ConfiguringtheFilestore-authentication | -| `artifactory.persistence.awsS3V3.usePresigning` | AWS S3 Use URL signing | `false` | -| `artifactory.persistence.awsS3V3.signatureExpirySeconds` | AWS S3 Validity period in seconds for signed URLs | `300` | -| `artifactory.persistence.awsS3V3.cloudFrontDomainName` | AWS CloudFront domain name | See https://www.jfrog.com/confluence/display/RTF/Direct+Cloud+Storage+Download#DirectCloudStorageDownload-UsingCloudFront(Optional)| -| `artifactory.persistence.awsS3V3.cloudFrontKeyPairId` | AWS CloudFront key pair ID | See https://www.jfrog.com/confluence/display/RTF/Direct+Cloud+Storage+Download#DirectCloudStorageDownload-UsingCloudFront(Optional)| -| `artifactory.persistence.awsS3V3.cloudFrontPrivateKey` | AWS CloudFront private key | See https://www.jfrog.com/confluence/display/RTF/Direct+Cloud+Storage+Download#DirectCloudStorageDownload-UsingCloudFront(Optional)| -| `artifactory.persistence.azureBlob.accountName` | Azure Blob Storage account name | `` | -| `artifactory.persistence.azureBlob.accountKey` | Azure Blob Storage account key | `` | -| `artifactory.persistence.azureBlob.endpoint` | Azure Blob Storage endpoint | `` | -| `artifactory.persistence.azureBlob.containerName` | Azure Blob Storage container name | `` | -| `artifactory.persistence.azureBlob.testConnection` | Azure Blob Storage test connection | `false` | -| `artifactory.resources.requests.memory` | Artifactory initial memory request | | -| `artifactory.resources.requests.cpu` | Artifactory initial cpu request | | -| `artifactory.resources.limits.memory` | Artifactory memory limit | | -| `artifactory.resources.limits.cpu` | Artifactory cpu limit | | -| `artifactory.javaOpts.xms` | Artifactory java Xms size | | -| `artifactory.javaOpts.xmx` | Artifactory java Xms size | | -| `artifactory.javaOpts.corePoolSize` | The number of async processes that can run in parallel - https://jfrog.com/knowledge-base/how-do-i-tune-artifactory-for-heavy-loads/ | `8` | -| `artifactory.javaOpts.jmx.enabled` | Enable JMX monitoring | `false` | -| `artifactory.javaOpts.jmx.port` | JMX Port number | `9010` | -| `artifactory.javaOpts.jmx.host` | JMX hostname (parsed as a helm template) | `{{ template "artifactory.fullname" $ }}` | -| `artifactory.javaOpts.jmx.ssl` | Enable SSL | `false` | -| `artifactory.javaOpts.jmx.authenticate` | Enable JMX authentication | `false` | -| `artifactory.javaOpts.jmx.accessFile` | The path to the JMX access file, when JMX authentication is enabled | | -| `artifactory.javaOpts.jmx.passwordFile` | The path to the JMX password file, when JMX authentication is enabled | | -| `artifactory.javaOpts.other` | Artifactory additional java options | | -| `artifactory.replicator.enabled` | Enable the Replicator service (relevant for Enterprise+ only) | `false` | -| `artifactory.ssh.enabled` | Enable Artifactory SSH access | | -| `artifactory.ssh.internalPort` | Artifactory SSH internal port | `1339` | -| `artifactory.ssh.externalPort` | Artifactory SSH external port | `1339` | -| `artifactory.terminationGracePeriodSeconds` | Termination grace period (seconds) | `30s` | -| `artifactory.tomcat.connector.maxThreads` | The max number of connections to Artifactory connector | `200` | -| `artifactory.tomcat.connector.extraConfig` | The max queue length for incoming connections to Artifactory connector | `'acceptCount="100"'` | -| `artifactory.systemYaml` | Artifactory system configuration (`system.yaml`) as described here - https://www.jfrog.com/confluence/display/JFROG/Artifactory+System+YAML | `see values.yaml` | -| `artifactory.affinity` | Artifactory node affinity | `{}` | -| `access.database.maxOpenConnections` | Maximum amount of open connections from Access to the DB | `80` | -| `access.tomcat.connector.maxThreads` | The max number of connections to Aceess connector | `50` | -| `access.tomcat.connector.extraConfig` | The max queue length for incoming connections to Access connector | `'acceptCount="100"'` | -| `ingress.enabled` | If true, Artifactory Ingress will be created | `false` | -| `ingress.annotations` | Artifactory Ingress annotations | `{}` | -| `ingress.labels` | Artifactory Ingress labels | `{}` | -| `ingress.hosts` | Artifactory Ingress hostnames | `[]` | -| `ingress.routerPath` | Router Ingress path | `/` | -| `ingress.artifactoryPath` | Artifactory Ingress path | `/` | -| `ingress.tls` | Artifactory Ingress TLS configuration (YAML) | `[]` | -| `ingress.defaultBackend.enabled` | If true, the default `backend` will be added using serviceName and servicePort | `true` | -| `ingress.annotations` | Ingress annotations, which are written out if annotations section exists in values. Everything inside of the annotations section will appear verbatim inside the resulting manifest. See `Ingress annotations` section below for examples of how to leverage the annotations, specifically for how to enable docker authentication. | | -| `ingress.additionalRules` | Ingress additional rules to be added to the Artifactory ingress. | `[]` | -| `metadata.database.maxOpenConnections` | Maximum amount of open connections from metadata to the DB | `80` | -| `nginx.name` | Nginx name | `nginx` | -| `nginx.enabled` | Deploy nginx server | `true` | -| `nginx.kind` | Nginx object kind, for example `DaemonSet`, `Deployment` or `StatefulSet` | `Deployment` | -| `nginx.name` | Nginx name | `nginx` | -| `nginx.replicaCount` | Nginx replica count | `1` | -| `nginx.uid` | Nginx User Id | `104` | -| `nginx.gid` | Nginx Group Id | `107` | -| `nginx.image.repository` | Container image | `docker.bintray.io/jfrog/nginx-artifactory-pro` | -| `nginx.image.version` | Container tag | `.Chart.AppVersion` | -| `nginx.image.pullPolicy` | Container pull policy | `IfNotPresent` | -| `nginx.labels` | Nginx deployment labels | `{}` | -| `nginx.loggers` | Nginx loggers (see values.yaml for possible values) | `[]` | -| `nginx.loggersResources.requests.memory` | Nginx logger initial memory request | | -| `nginx.loggersResources.requests.cpu` | Nginx logger initial cpu request | | -| `nginx.loggersResources.limits.memory` | Nginx logger memory limit | | -| `nginx.loggersResources.limits.cpu` | Nginx logger cpu limit | | -| `nginx.logs.stderr` | Send nginx logs to stderr | false | -| `nginx.logs.level` | Nginx log level: debug, info, notice, warn, error, crit, alert, or emerg | warn | -| `nginx.mainConf` | Content of the Artifactory nginx main nginx.conf config file | `see values.yaml` | -| `nginx.artifactoryConf` | Content of Artifactory nginx artifactory.conf config file | `see values.yaml` | -| `nginx.service.type`| Nginx service type | `LoadBalancer` | -| `nginx.service.loadBalancerSourceRanges`| Nginx service array of IP CIDR ranges to whitelist (only when service type is LoadBalancer) | | -| `nginx.service.externalTrafficPolicy`| Nginx service desires to route external traffic to node-local or cluster-wide endpoints. | `Cluster` | -| `nginx.service.ssloffload` | Nginx service SSL offload | false | -| `nginx.loadBalancerIP` | Provide Static IP to configure with Nginx | | -| `nginx.http.enabled` | Nginx http service enabled/disabled | true | -| `nginx.http.externalPort` | Nginx service external port | `80` | -| `nginx.http.internalPort` | Nginx service internal port | `80` | -| `nginx.https.enabled` | Nginx http service enabled/disabled | true | -| `nginx.https.externalPort` | Nginx service external port | `443` | -| `nginx.https.internalPort` | Nginx service internal port | `443` | -| `nginx.ssh.internalPort` | Nginx SSH internal port | `22` | -| `nginx.ssh.externalPort` | Nginx SSH external port | `22` | -| `nginx.externalPortHttp` | DEPRECATED: Nginx service external port | `80` | -| `nginx.internalPortHttp` | DEPRECATED:Nginx service internal port | `80` | -| `nginx.externalPortHttps` | DEPRECATED: Nginx service external port | `443` | -| `nginx.internalPortHttps` | DEPRECATED: Nginx service internal port | `443` | -| `nginx.livenessProbe.enabled` | Enable liveness probe | `true` | -| `nginx.livenessProbe.path` | Liveness probe HTTP Get path | `/router/api/v1/system/health` | -| `nginx.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 60 | -| `nginx.livenessProbe.periodSeconds` | How often to perform the probe | 10 | -| `nginx.livenessProbe.timeoutSeconds` | When the probe times out | 10 | -| `nginx.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | 10 | -| `nginx.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 1| -| `nginx.readinessProbe.enabled` | would you like a readinessProbe to be enabled | `true` | -| `nginx.readinessProbe.path` | Readiness probe HTTP Get path | `/artifactory/webapp/#/login` | -| `nginx.readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | 60 | -| `nginx.readinessProbe.periodSeconds` | How often to perform the probe | 10 | -| `nginx.readinessProbe.timeoutSeconds` | When the probe times out | 10 | -| `nginx.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | 10 | -| `nginx.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 1 | -| `nginx.tlsSecretName` | SSL secret that will be used by the Nginx pod | | -| `nginx.customConfigMap` | Nginx CustomeConfigMap name for `nginx.conf` | ` ` | -| `nginx.customArtifactoryConfigMap`| Nginx CustomeConfigMap name for `artifactory.conf` | ` ` | -| `nginx.persistence.mountPath` | Nginx persistence volume mount path | `"/var/opt/jfrog/nginx"` | -| `nginx.persistence.enabled` | Nginx persistence volume enabled | `false` | -| `nginx.persistence.accessMode` | Nginx persistence volume access mode | `ReadWriteOnce` | -| `nginx.persistence.size` | Nginx persistence volume size | `5Gi` | -| `nginx.resources.requests.memory` | Nginx initial memory request | | -| `nginx.resources.requests.cpu` | Nginx initial cpu request | | -| `nginx.resources.limits.memory` | Nginx memory limit | | -| `nginx.resources.limits.cpu` | Nginx cpu limit | | -| `waitForDatabase` | Wait for database (using wait-for-db init container) | `true` | -| `postgresql.enabled` | Use enclosed PostgreSQL as database | `true` | -| `postgresql.image.registry` | PostgreSQL image registry | `docker.bintray.io` | -| `postgresql.image.repository` | PostgreSQL image repository | `bitnami/postgresql` | -| `postgresql.image.tag` | PostgreSQL image tag | `9.6.18-debian-10-r7` | -| `postgresql.postgresqlDatabase` | PostgreSQL database name | `artifactory` | -| `postgresql.postgresqlUsername` | PostgreSQL database user | `artifactory` | -| `postgresql.postgresqlPassword` | PostgreSQL database password | | -| `postgresql.postgresqlExtendedConf.listenAddresses` | PostgreSQL listen address | `"'*'"` | -| `postgresql.postgresqlExtendedConf.maxConnections` | PostgreSQL max_connections parameter | `1500` | -| `postgresql.persistence.enabled` | PostgreSQL use persistent storage | `true` | -| `postgresql.persistence.size` | PostgreSQL persistent storage size | `50Gi` | -| `postgresql.service.port` | PostgreSQL database port | `5432` | -| `postgresql.resources.requests.memory` | PostgreSQL initial memory request | | -| `postgresql.resources.requests.cpu` | PostgreSQL initial cpu request | | -| `postgresql.resources.limits.memory` | PostgreSQL memory limit | | -| `postgresql.resources.limits.cpu` | PostgreSQL cpu limit | | -| `postgresql.master.nodeSelector` | PostgreSQL master node selector | `{}` | -| `postgresql.master.affinity` | PostgreSQL master node affinity | `{}` | -| `postgresql.master.tolerations` | PostgreSQL master node tolerations | `[]` | -| `postgresql.slave.nodeSelector` | PostgreSQL slave node selector | `{}` | -| `postgresql.slave.affinity` | PostgreSQL slave node affinity | `{}` | -| `postgresql.slave.tolerations` | PostgreSQL slave node tolerations | `[]` | -| `database.type` | External database type (`postgresql`, `mysql`, `oracle` or `mssql`) | | -| `database.driver` | External database driver e.g. `org.postgresql.Driver` | | -| `database.url` | External database connection URL | | -| `database.user` | External database username | | -| `database.password` | External database password | | -| `database.secrets.user.name` | External database username `Secret` name | | -| `database.secrets.user.key` | External database username `Secret` key | | -| `database.secrets.password.name` | External database password `Secret` name | | -| `database.secrets.password.key` | External database password `Secret` key | | -| `database.secrets.url.name ` | External database url `Secret` name | | -| `database.secrets.url.key` | External database url `Secret` key | | -| `networkpolicy.name` | Becomes part of the NetworkPolicy object name | `artifactory` | -| `networkpolicy.podselector` | Contains the YAML that specifies how to match pods. Usually using matchLabels. | | -| `networkpolicy.ingress` | YAML snippet containing to & from rules applied to incoming traffic | `- {}` (open to all inbound traffic) | -| `networkpolicy.egress` | YAML snippet containing to & from rules applied to outgoing traffic | `- {}` (open to all outbound traffic) | -| `filebeat.enabled` | Enable a filebeat container to send your logs to a log management solution like ELK | `false` | -| `filebeat.name` | filebeat container name | `artifactory-filebeat` | -| `filebeat.image.repository` | filebeat Docker image repository | `docker.elastic.co/beats/filebeat` | -| `filebeat.image.version` | filebeat Docker image version | `7.5.1` | -| `filebeat.logstashUrl` | The URL to the central Logstash service, if you have one | `logstash:5044` | -| `filebeat.livenessProbe.exec.command` | liveness probe exec command | see [values.yaml](stable/artifactory/values.yaml) | -| `filebeat.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 10 | -| `filebeat.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 180 | -| `filebeat.livenessProbe.periodSeconds` | How often to perform the probe | 10 | -| `filebeat.readinessProbe.exec.command` | readiness probe exec command | see [values.yaml](stable/artifactory/values.yaml) | -| `filebeat.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 10 | -| `filebeat.readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | 180 | -| `filebeat.readinessProbe.periodSeconds` | How often to perform the probe | 10 | -| `filebeat.resources.requests.memory` | Filebeat initial memory request | | -| `filebeat.resources.requests.cpu` | Filebeat initial cpu request | | -| `filebeat.resources.limits.memory` | Filebeat memory limit | | -| `filebeat.resources.limits.cpu` | Filebeat cpu limit | | -| `filebeat.filebeatYml` | Filebeat yaml configuration file | see [values.yaml](stable/artifactory/values.yaml) | - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. - -## Useful links -https://www.jfrog.com -https://www.jfrog.com/confluence/ diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/ReverseProxyConfiguration.md b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/ReverseProxyConfiguration.md deleted file mode 100755 index 38c4a9eaa..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/ReverseProxyConfiguration.md +++ /dev/null @@ -1,140 +0,0 @@ -# JFrog Artifactory Reverse Proxy Settings using Nginx - -#### Reverse Proxy -* To use Artifactory as docker registry it's mandatory to use Reverse Proxy. -* Artifactory provides a Reverse Proxy Configuration Generator screen in which you can fill in a set of fields to generate -the required configuration snippet which you can then download and install directly in the corresponding directory of your reverse proxy server. -* To learn about configuring NGINX or Apache for reverse proxy refer to documentation provided on [JFrog wiki](https://www.jfrog.com/confluence/display/RTF/Configuring+a+Reverse+Proxy) -* By default Artifactory helm chart uses Nginx for reverse proxy and load balancing. - -**Note**: Nginx image distributed with Artifactory helm chart is custom image managed and maintained by JFrog. - -#### Features of Artifactory Nginx -* Provides default configuration with self signed SSL certificate generated on each helm install/upgrade. -* Persist configuration and SSL certificate in `/var/opt/jfrog/nginx` directory - -#### Changing the default Artifactory nginx conf -Use a values.yaml file for changing the value of nginx.mainConf or nginx.artifactoryConf -These configuration will be mounted to the nginx container using a configmap. -For example: -1. Create a values file `nginx-values.yaml` with the following values: -```yaml -nginx: - artifactoryConf: | - ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; - ssl_certificate {{ .Values.nginx.persistence.mountPath }}/ssl/tls.crt; - ssl_certificate_key {{ .Values.nginx.persistence.mountPath }}/ssl/tls.key; - ssl_session_cache shared:SSL:1m; - ssl_prefer_server_ciphers on; - ## server configuration - server { - listen {{ .Values.nginx.internalPortHttps }} ssl; - listen {{ .Values.nginx.internalPortHttp }} ; - ## Change to you DNS name you use to access Artifactory - server_name ~(?.+)\.{{ include "artifactory.fullname" . }} {{ include "artifactory.fullname" . }}; - - if ($http_x_forwarded_proto = '') { - set $http_x_forwarded_proto $scheme; - } - ## Application specific logs - ## access_log /var/log/nginx/artifactory-access.log timing; - ## error_log /var/log/nginx/artifactory-error.log; - rewrite ^/$ /artifactory/webapp/ redirect; - rewrite ^/artifactory/?(/webapp)?$ /artifactory/webapp/ redirect; - if ( $repo != "" ) { - rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/$repo/$1/$2 break; - } - rewrite ^/(v1|v2)/([^/]+)(.*)$ /artifactory/api/docker/$2/$1/$3; - rewrite ^/(v1|v2)/ /artifactory/api/docker/$1/; - chunked_transfer_encoding on; - client_max_body_size 0; - location /artifactory/ { - proxy_read_timeout 900; - proxy_pass_header Server; - proxy_cookie_path ~*^/.* /; - if ( $request_uri ~ ^/artifactory/(.*)$ ) { - proxy_pass http://{{ include "artifactory.fullname" . }}:{{ .Values.artifactory.externalPort }}/artifactory/$1; - } - proxy_pass http://{{ include "artifactory.fullname" . }}:{{ .Values.artifactory.externalPort }}/artifactory/; - proxy_set_header X-Artifactory-Override-Base-Url $http_x_forwarded_proto://$host:$server_port/artifactory; - proxy_set_header X-Forwarded-Port $server_port; - proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } - } -``` - -2. Install/upgrade artifactory: -```bash -helm upgrade --install artifactory jfrog/artifactory -f nginx-values.yaml -``` - - -#### Steps to use static configuration for reverse proxy in nginx. -1. Get Artifactory service name using this command `kubectl get svc -n $NAMESPACE` - -2. Create `artifactory.conf` file with nginx configuration. More [nginx configuration examples](https://github.com/jfrog/artifactory-docker-examples/tree/master/files/nginx/conf.d) - - Following is example `artifactory.conf` - - **Note**: - * Create file with name `artifactory.conf` as it's fixed in configMap key. - * Replace `artifactory-artifactory` with service name taken from step 1. - - ```bash - ## add ssl entries when https has been set in config - ssl_certificate /var/opt/jfrog/nginx/ssl/tls.crt; - ssl_certificate_key /var/opt/jfrog/nginx/ssl/tls.key; - ssl_session_cache shared:SSL:1m; - ssl_prefer_server_ciphers on; - ## server configuration - server { - listen 443 ssl; - listen 80; - ## Change to you DNS name you use to access Artifactory - server_name ~(?.+)\.artifactory-artifactory artifactory-artifactory; - - if ($http_x_forwarded_proto = '') { - set $http_x_forwarded_proto $scheme; - } - ## Application specific logs - ## access_log /var/log/nginx/artifactory-access.log timing; - ## error_log /var/log/nginx/artifactory-error.log; - rewrite ^/$ /artifactory/webapp/ redirect; - rewrite ^/artifactory/?(/webapp)?$ /artifactory/webapp/ redirect; - if ( $repo != "" ) { - rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/$repo/$1/$2 break; - } - rewrite ^/(v1|v2)/([^/]+)(.*)$ /artifactory/api/docker/$2/$1/$3; - rewrite ^/(v1|v2)/ /artifactory/api/docker/$1/; - chunked_transfer_encoding on; - client_max_body_size 0; - location /artifactory/ { - proxy_read_timeout 900; - proxy_pass_header Server; - proxy_cookie_path ~*^/.* /; - if ( $request_uri ~ ^/artifactory/(.*)$ ) { - proxy_pass http://artifactory-artifactory:8081/artifactory/$1 break; - } - proxy_pass http://artifactory-artifactory:8081/artifactory/; - proxy_set_header X-Artifactory-Override-Base-Url $http_x_forwarded_proto://$host:$server_port/artifactory; - proxy_set_header X-Forwarded-Port $server_port; - proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } - } - ``` - -3. Create configMap of `artifactory.conf` created with step above. - ```bash - kubectl create configmap art-nginx-conf --from-file=artifactory.conf - ``` -4. Deploy Artifactory using helm chart. - You can achieve this by providing the name of configMap created above to `nginx.customArtifactoryConfigMap` in [values.yaml](values.yaml) - - Following is command to set values at runtime: - ```bash - helm install --name artifactory nginx.customArtifactoryConfigMap=art-nginx-conf jfrog/artifactory - ``` \ No newline at end of file diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/UPGRADE_NOTES.md b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/UPGRADE_NOTES.md deleted file mode 100755 index 8917634f4..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/UPGRADE_NOTES.md +++ /dev/null @@ -1,35 +0,0 @@ -# JFrog Artifactory Chart Upgrade Notes -This file describes special upgrade notes needed at specific versions - -## Upgrade from 8.X to 9.X (Chart Versions) - -* If this is a new deployment or you already use an external database (`postgresql.enabled=false`), these changes **do not affect you!** -* To upgrade from a version prior to 8.x, you first need to upgrade to latest version of 8.x as described in https://github.com/jfrog/charts/blob/master/stable/artifactory/CHANGELOG.md. - -## Upgrade from 7.X to 8.X (Chart Versions) -**DOWNTIME IS REQUIRED FOR AN UPGRADE!** -* If this is a new deployment or you already use an external database (`postgresql.enabled=false`), these changes **do not affect you!** -* PostgreSQL sub chart was upgraded to version `6.5.x`. This version is not backward compatible with the old version (`0.9.5`)! -* Note the following **PostgreSQL** Helm chart changes - * The chart configuration has changed! See [values.yaml](values.yaml) for the new keys used - * **PostgreSQL** is deployed as a StatefulSet - * See [PostgreSQL helm chart](https://hub.helm.sh/charts/stable/postgresql) for all available configurations -* Upgrade - * Due to breaking changes in the **PostgreSQL** Helm chart, a migration of the database is needed from the old to the new database - * The recommended migration process is the [full system export and import](https://www.jfrog.com/confluence/display/RTF/Importing+and+Exporting) - * **NOTE:** To save time, export only metadata and configuration (check `Exclude Content` in the `System Import & Export`) since the Artifactory filestore is persisted - * Upgrade steps: - 1. Block user access to Artifactory (do not shutdown) - 2. Perform `Export System` from the `Admin` -> `Import & Export` -> `System` -> `Export System` - a. Check `Exclude Content` to save export size (as Artifactory filestore will persist across upgrade) - b. Choose to save the export on the persisted Artifactory volume (`/var/opt/jfrog/artifactory/`) - c. Click `Export` (this can take some time) - 3. Run the `helm upgrade` with the new version. Old PostgreSQL will be removed and new one deployed - a. You must pass explicit "ready for upgrade flag" with `--set databaseUpgradeReady=yes`. Failing to provide this will block the upgrade! - 4. Once ready, open Artifactory UI (you might need to re-enter a valid license). Skip all onboarding wizard steps - a. **NOTE:** Don't worry you can't see the old config and files. It will all restore with the system import in the next step - 5. Perform `Import System` from the `Admin` -> `Import & Export` -> `System` -> `Import System` - a. Browse to where the export was saved Artifactory volume (`/var/opt/jfrog/artifactory/`) - b. Click `Import` (this can take some time) - 6. Restore access to Artifactory - * Artifactory should now be ready to get back to normal operation diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/.helmignore b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/.helmignore deleted file mode 100755 index f0c131944..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/Chart.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/Chart.yaml deleted file mode 100755 index a61a09ff7..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/Chart.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v1 -appVersion: 11.7.0 -description: Chart for PostgreSQL, an object-relational database management system - (ORDBMS) with an emphasis on extensibility and on standards-compliance. -home: https://www.postgresql.org/ -icon: https://bitnami.com/assets/stacks/postgresql/img/postgresql-stack-110x117.png -keywords: -- postgresql -- postgres -- database -- sql -- replication -- cluster -maintainers: -- email: containers@bitnami.com - name: Bitnami -- email: cedric@desaintmartin.fr - name: desaintmartin -name: postgresql -sources: -- https://github.com/bitnami/bitnami-docker-postgresql -version: 8.7.3 diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/README.md b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/README.md deleted file mode 100755 index c2b848af1..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/README.md +++ /dev/null @@ -1,576 +0,0 @@ -# PostgreSQL - -[PostgreSQL](https://www.postgresql.org/) is an object-relational database management system (ORDBMS) with an emphasis on extensibility and on standards-compliance. - -For HA, please see [this repo](https://github.com/bitnami/charts/tree/master/bitnami/postgresql-ha) - -## TL;DR; - -```console -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release bitnami/postgresql -``` - -## Introduction - -This chart bootstraps a [PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/). - -## Prerequisites - -- Kubernetes 1.12+ -- Helm 2.11+ or Helm 3.0-beta3+ -- PV provisioner support in the underlying infrastructure - -## Installing the Chart -To install the chart with the release name `my-release`: - -```console -$ helm install my-release bitnami/postgresql -``` - -The command deploys PostgreSQL on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `my-release` deployment: - -```console -$ helm delete my-release -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Parameters - -The following tables lists the configurable parameters of the PostgreSQL chart and their default values. - -| Parameter | Description | Default | -|-----------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------| -| `global.imageRegistry` | Global Docker Image registry | `nil` | -| `global.postgresql.postgresqlDatabase` | PostgreSQL database (overrides `postgresqlDatabase`) | `nil` | -| `global.postgresql.postgresqlUsername` | PostgreSQL username (overrides `postgresqlUsername`) | `nil` | -| `global.postgresql.existingSecret` | Name of existing secret to use for PostgreSQL passwords (overrides `existingSecret`) | `nil` | -| `global.postgresql.postgresqlPassword` | PostgreSQL admin password (overrides `postgresqlPassword`) | `nil` | -| `global.postgresql.servicePort` | PostgreSQL port (overrides `service.port`) | `nil` | -| `global.postgresql.replicationPassword` | Replication user password (overrides `replication.password`) | `nil` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | -| `global.storageClass` | Global storage class for dynamic provisioning | `nil` | -| `image.registry` | PostgreSQL Image registry | `docker.io` | -| `image.repository` | PostgreSQL Image name | `bitnami/postgresql` | -| `image.tag` | PostgreSQL Image tag | `{TAG_NAME}` | -| `image.pullPolicy` | PostgreSQL Image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Specify Image pull secrets | `nil` (does not add image pull secrets to deployed pods) | -| `image.debug` | Specify if debug values should be set | `false` | -| `nameOverride` | String to partially override postgresql.fullname template with a string (will prepend the release name) | `nil` | -| `fullnameOverride` | String to fully override postgresql.fullname template with a string | `nil` | -| `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work) | `false` | -| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | -| `volumePermissions.image.repository` | Init container volume-permissions image name | `bitnami/minideb` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag | `buster` | -| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `Always` | -| `volumePermissions.securityContext.runAsUser` | User ID for the init container (when facing issues in OpenShift or uid unknown, try value "auto") | `0` | -| `usePasswordFile` | Have the secrets mounted as a file instead of env vars | `false` | -| `ldap.enabled` | Enable LDAP support | `false` | -| `ldap.existingSecret` | Name of existing secret to use for LDAP passwords | `nil` | -| `ldap.url` | LDAP URL beginning in the form `ldap[s]://host[:port]/basedn[?[attribute][?[scope][?[filter]]]]` | `nil` | -| `ldap.server` | IP address or name of the LDAP server. | `nil` | -| `ldap.port` | Port number on the LDAP server to connect to | `nil` | -| `ldap.scheme` | Set to `ldaps` to use LDAPS. | `nil` | -| `ldap.tls` | Set to `1` to use TLS encryption | `nil` | -| `ldap.prefix` | String to prepend to the user name when forming the DN to bind | `nil` | -| `ldap.suffix` | String to append to the user name when forming the DN to bind | `nil` | -| `ldap.search_attr` | Attribute to match agains the user name in the search | `nil` | -| `ldap.search_filter` | The search filter to use when doing search+bind authentication | `nil` | -| `ldap.baseDN` | Root DN to begin the search for the user in | `nil` | -| `ldap.bindDN` | DN of user to bind to LDAP | `nil` | -| `ldap.bind_password` | Password for the user to bind to LDAP | `nil` | -| `replication.enabled` | Enable replication | `false` | -| `replication.user` | Replication user | `repl_user` | -| `replication.password` | Replication user password | `repl_password` | -| `replication.slaveReplicas` | Number of slaves replicas | `1` | -| `replication.synchronousCommit` | Set synchronous commit mode. Allowed values: `on`, `remote_apply`, `remote_write`, `local` and `off` | `off` | -| `replication.numSynchronousReplicas` | Number of replicas that will have synchronous replication. Note: Cannot be greater than `replication.slaveReplicas`. | `0` | -| `replication.applicationName` | Cluster application name. Useful for advanced replication settings | `my_application` | -| `existingSecret` | Name of existing secret to use for PostgreSQL passwords. The secret has to contain the keys `postgresql-postgres-password` which is the password for `postgresqlUsername` when it is different of `postgres`, `postgresql-password` which will override `postgresqlPassword`, `postgresql-replication-password` which will override `replication.password` and `postgresql-ldap-password` which will be sed to authenticate on LDAP. The value is evaluated as a template. | `nil` | -| `postgresqlPostgresPassword` | PostgreSQL admin password (used when `postgresqlUsername` is not `postgres`) | _random 10 character alphanumeric string_ | -| `postgresqlUsername` | PostgreSQL admin user | `postgres` | -| `postgresqlPassword` | PostgreSQL admin password | _random 10 character alphanumeric string_ | -| `postgresqlDatabase` | PostgreSQL database | `nil` | -| `postgresqlDataDir` | PostgreSQL data dir folder | `/bitnami/postgresql` (same value as persistence.mountPath) | -| `extraEnv` | Any extra environment variables you would like to pass on to the pod. The value is evaluated as a template. | `[]` | -| `extraEnvVarsCM` | Name of a Config Map containing extra environment variables you would like to pass on to the pod. The value is evaluated as a template. | `nil` | -| `postgresqlInitdbArgs` | PostgreSQL initdb extra arguments | `nil` | -| `postgresqlInitdbWalDir` | PostgreSQL location for transaction log | `nil` | -| `postgresqlConfiguration` | Runtime Config Parameters | `nil` | -| `postgresqlExtendedConf` | Extended Runtime Config Parameters (appended to main or default configuration) | `nil` | -| `pgHbaConfiguration` | Content of pg_hba.conf | `nil (do not create pg_hba.conf)` | -| `configurationConfigMap` | ConfigMap with the PostgreSQL configuration files (Note: Overrides `postgresqlConfiguration` and `pgHbaConfiguration`). The value is evaluated as a template. | `nil` | -| `extendedConfConfigMap` | ConfigMap with the extended PostgreSQL configuration files. The value is evaluated as a template. | `nil` | -| `initdbScripts` | Dictionary of initdb scripts | `nil` | -| `initdbUser` | PostgreSQL user to execute the .sql and sql.gz scripts | `nil` | -| `initdbPassword` | Password for the user specified in `initdbUser` | `nil` | -| `initdbScriptsConfigMap` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`). The value is evaluated as a template. | `nil` | -| `initdbScriptsSecret` | Secret with initdb scripts that contain sensitive information (Note: can be used with `initdbScriptsConfigMap` or `initdbScripts`). The value is evaluated as a template. | `nil` | -| `service.type` | Kubernetes Service type | `ClusterIP` | -| `service.port` | PostgreSQL port | `5432` | -| `service.nodePort` | Kubernetes Service nodePort | `nil` | -| `service.annotations` | Annotations for PostgreSQL service | `{}` (evaluated as a template) | -| `service.loadBalancerIP` | loadBalancerIP if service type is `LoadBalancer` | `nil` | -| `service.loadBalancerSourceRanges` | Address that are allowed when svc is LoadBalancer | `[]` (evaluated as a template) | -| `schedulerName` | Name of the k8s scheduler (other than default) | `nil` | -| `shmVolume.enabled` | Enable emptyDir volume for /dev/shm for master and slave(s) Pod(s) | `true` | -| `shmVolume.chmod.enabled` | Run at init chmod 777 of the /dev/shm (ignored if `volumePermissions.enabled` is `false`) | `true` | -| `persistence.enabled` | Enable persistence using PVC | `true` | -| `persistence.existingClaim` | Provide an existing `PersistentVolumeClaim`, the value is evaluated as a template. | `nil` | -| `persistence.mountPath` | Path to mount the volume at | `/bitnami/postgresql` | -| `persistence.subPath` | Subdirectory of the volume to mount at | `""` | -| `persistence.storageClass` | PVC Storage Class for PostgreSQL volume | `nil` | -| `persistence.accessModes` | PVC Access Mode for PostgreSQL volume | `[ReadWriteOnce]` | -| `persistence.size` | PVC Storage Request for PostgreSQL volume | `8Gi` | -| `persistence.annotations` | Annotations for the PVC | `{}` | -| `master.nodeSelector` | Node labels for pod assignment (postgresql master) | `{}` | -| `master.affinity` | Affinity labels for pod assignment (postgresql master) | `{}` | -| `master.tolerations` | Toleration labels for pod assignment (postgresql master) | `[]` | -| `master.anotations` | Map of annotations to add to the statefulset (postgresql master) | `{}` | -| `master.labels` | Map of labels to add to the statefulset (postgresql master) | `{}` | -| `master.podAnnotations` | Map of annotations to add to the pods (postgresql master) | `{}` | -| `master.podLabels` | Map of labels to add to the pods (postgresql master) | `{}` | -| `master.priorityClassName` | Priority Class to use for each pod (postgresql master) | `nil` | -| `master.extraInitContainers` | Additional init containers to add to the pods (postgresql master) | `[]` | -| `master.extraVolumeMounts` | Additional volume mounts to add to the pods (postgresql master) | `[]` | -| `master.extraVolumes` | Additional volumes to add to the pods (postgresql master) | `[]` | -| `master.sidecars` | Add additional containers to the pod | `[]` | -| `master.service.type` | Allows using a different service type for Master | `nil` | -| `master.service.nodePort` | Allows using a different nodePort for Master | `nil` | -| `master.service.clusterIP` | Allows using a different clusterIP for Master | `nil` | -| `slave.nodeSelector` | Node labels for pod assignment (postgresql slave) | `{}` | -| `slave.affinity` | Affinity labels for pod assignment (postgresql slave) | `{}` | -| `slave.tolerations` | Toleration labels for pod assignment (postgresql slave) | `[]` | -| `slave.anotations` | Map of annotations to add to the statefulsets (postgresql slave) | `{}` | -| `slave.labels` | Map of labels to add to the statefulsets (postgresql slave) | `{}` | -| `slave.podAnnotations` | Map of annotations to add to the pods (postgresql slave) | `{}` | -| `slave.podLabels` | Map of labels to add to the pods (postgresql slave) | `{}` | -| `slave.priorityClassName` | Priority Class to use for each pod (postgresql slave) | `nil` | -| `slave.extraInitContainers` | Additional init containers to add to the pods (postgresql slave) | `[]` | -| `slave.extraVolumeMounts` | Additional volume mounts to add to the pods (postgresql slave) | `[]` | -| `slave.extraVolumes` | Additional volumes to add to the pods (postgresql slave) | `[]` | -| `slave.sidecars` | Add additional containers to the pod | `[]` | -| `slave.service.type` | Allows using a different service type for Slave | `nil` | -| `slave.service.nodePort` | Allows using a different nodePort for Slave | `nil` | -| `slave.service.clusterIP` | Allows using a different clusterIP for Slave | `nil` | -| `terminationGracePeriodSeconds` | Seconds the pod needs to terminate gracefully | `nil` | -| `resources` | CPU/Memory resource requests/limits | Memory: `256Mi`, CPU: `250m` | -| `securityContext.enabled` | Enable security context | `true` | -| `securityContext.fsGroup` | Group ID for the container | `1001` | -| `securityContext.runAsUser` | User ID for the container | `1001` | -| `serviceAccount.enabled` | Enable service account (Note: Service Account will only be automatically created if `serviceAccount.name` is not set) | `false` | -| `serviceAcccount.name` | Name of existing service account | `nil` | -| `livenessProbe.enabled` | Would you like a livenessProbe to be enabled | `true` | -| `networkPolicy.enabled` | Enable NetworkPolicy | `false` | -| `networkPolicy.allowExternal` | Don't require client label for connections | `true` | -| `networkPolicy.explicitNamespacesSelector` | A Kubernetes LabelSelector to explicitly select namespaces from which ingress traffic could be allowed | `{}` | -| `livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 30 | -| `livenessProbe.periodSeconds` | How often to perform the probe | 10 | -| `livenessProbe.timeoutSeconds` | When the probe times out | 5 | -| `livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | -| `livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | -| `readinessProbe.enabled` | would you like a readinessProbe to be enabled | `true` | -| `readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | 5 | -| `readinessProbe.periodSeconds` | How often to perform the probe | 10 | -| `readinessProbe.timeoutSeconds` | When the probe times out | 5 | -| `readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | -| `readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | -| `metrics.enabled` | Start a prometheus exporter | `false` | -| `metrics.service.type` | Kubernetes Service type | `ClusterIP` | -| `service.clusterIP` | Static clusterIP or None for headless services | `nil` | -| `metrics.service.annotations` | Additional annotations for metrics exporter pod | `{ prometheus.io/scrape: "true", prometheus.io/port: "9187"}` | -| `metrics.service.loadBalancerIP` | loadBalancerIP if redis metrics service type is `LoadBalancer` | `nil` | -| `metrics.serviceMonitor.enabled` | Set this to `true` to create ServiceMonitor for Prometheus operator | `false` | -| `metrics.serviceMonitor.additionalLabels` | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus | `{}` | -| `metrics.serviceMonitor.namespace` | Optional namespace in which to create ServiceMonitor | `nil` | -| `metrics.serviceMonitor.interval` | Scrape interval. If not set, the Prometheus default scrape interval is used | `nil` | -| `metrics.serviceMonitor.scrapeTimeout` | Scrape timeout. If not set, the Prometheus default scrape timeout is used | `nil` | -| `metrics.prometheusRule.enabled` | Set this to true to create prometheusRules for Prometheus operator | `false` | -| `metrics.prometheusRule.additionalLabels` | Additional labels that can be used so prometheusRules will be discovered by Prometheus | `{}` | -| `metrics.prometheusRule.namespace` | namespace where prometheusRules resource should be created | the same namespace as postgresql | -| `metrics.prometheusRule.rules` | [rules](https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/) to be created, check values for an example. | `[]` | -| `metrics.image.registry` | PostgreSQL Image registry | `docker.io` | -| `metrics.image.repository` | PostgreSQL Image name | `bitnami/postgres-exporter` | -| `metrics.image.tag` | PostgreSQL Image tag | `{TAG_NAME}` | -| `metrics.image.pullPolicy` | PostgreSQL Image pull policy | `IfNotPresent` | -| `metrics.image.pullSecrets` | Specify Image pull secrets | `nil` (does not add image pull secrets to deployed pods) | -| `metrics.customMetrics` | Additional custom metrics | `nil` | -| `metrics.securityContext.enabled` | Enable security context for metrics | `false` | -| `metrics.securityContext.runAsUser` | User ID for the container for metrics | `1001` | -| `metrics.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 30 | -| `metrics.livenessProbe.periodSeconds` | How often to perform the probe | 10 | -| `metrics.livenessProbe.timeoutSeconds` | When the probe times out | 5 | -| `metrics.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | -| `metrics.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | -| `metrics.readinessProbe.enabled` | would you like a readinessProbe to be enabled | `true` | -| `metrics.readinessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 5 | -| `metrics.readinessProbe.periodSeconds` | How often to perform the probe | 10 | -| `metrics.readinessProbe.timeoutSeconds` | When the probe times out | 5 | -| `metrics.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | -| `metrics.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | -| `updateStrategy` | Update strategy policy | `{type: "RollingUpdate"}` | - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```console -$ helm install my-release \ - --set postgresqlPassword=secretpassword,postgresqlDatabase=my-database \ - bitnami/postgresql -``` - -The above command sets the PostgreSQL `postgres` account password to `secretpassword`. Additionally it creates a database named `my-database`. - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```console -$ helm install my-release -f values.yaml bitnami/postgresql -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -## Configuration and installation details - -### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) - -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. - -Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. - -### Production configuration and horizontal scaling - -This chart includes a `values-production.yaml` file where you can find some parameters oriented to production configuration in comparison to the regular `values.yaml`. You can use this file instead of the default one. - -- Enable replication: -```diff -- replication.enabled: false -+ replication.enabled: true -``` - -- Number of slaves replicas: -```diff -- replication.slaveReplicas: 1 -+ replication.slaveReplicas: 2 -``` - -- Set synchronous commit mode: -```diff -- replication.synchronousCommit: "off" -+ replication.synchronousCommit: "on" -``` - -- Number of replicas that will have synchronous replication: -```diff -- replication.numSynchronousReplicas: 0 -+ replication.numSynchronousReplicas: 1 -``` - -- Start a prometheus exporter: -```diff -- metrics.enabled: false -+ metrics.enabled: true -``` - -To horizontally scale this chart, you can use the `--replicas` flag to modify the number of nodes in your PostgreSQL deployment. Also you can use the `values-production.yaml` file or modify the parameters shown above. - -### Customizing Master and Slave services in a replicated configuration - -At the top level, there is a service object which defines the services for both master and slave. For deeper customization, there are service objects for both the master and slave types individually. This allows you to override the values in the top level service object so that the master and slave can be of different service types and with different clusterIPs / nodePorts. Also in the case you want the master and slave to be of type nodePort, you will need to set the nodePorts to different values to prevent a collision. The values that are deeper in the master.service or slave.service objects will take precedence over the top level service object. - -### Change PostgreSQL version - -To modify the PostgreSQL version used in this chart you can specify a [valid image tag](https://hub.docker.com/r/bitnami/postgresql/tags/) using the `image.tag` parameter. For example, `image.tag=12.0.0` - -### postgresql.conf / pg_hba.conf files as configMap - -This helm chart also supports to customize the whole configuration file. - -Add your custom file to "files/postgresql.conf" in your working directory. This file will be mounted as configMap to the containers and it will be used for configuring the PostgreSQL server. - -Alternatively, you can specify PostgreSQL configuration parameters using the `postgresqlConfiguration` parameter as a dict, using camelCase, e.g. {"sharedBuffers": "500MB"}. - -In addition to these options, you can also set an external ConfigMap with all the configuration files. This is done by setting the `configurationConfigMap` parameter. Note that this will override the two previous options. - -### Allow settings to be loaded from files other than the default `postgresql.conf` - -If you don't want to provide the whole PostgreSQL configuration file and only specify certain parameters, you can add your extended `.conf` files to "files/conf.d/" in your working directory. -Those files will be mounted as configMap to the containers adding/overwriting the default configuration using the `include_dir` directive that allows settings to be loaded from files other than the default `postgresql.conf`. - -Alternatively, you can also set an external ConfigMap with all the extra configuration files. This is done by setting the `extendedConfConfigMap` parameter. Note that this will override the previous option. - -### Initialize a fresh instance - -The [Bitnami PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) image allows you to use your custom scripts to initialize a fresh instance. In order to execute the scripts, they must be located inside the chart folder `files/docker-entrypoint-initdb.d` so they can be consumed as a ConfigMap. - -Alternatively, you can specify custom scripts using the `initdbScripts` parameter as dict. - -In addition to these options, you can also set an external ConfigMap with all the initialization scripts. This is done by setting the `initdbScriptsConfigMap` parameter. Note that this will override the two previous options. If your initialization scripts contain sensitive information such as credentials or passwords, you can use the `initdbScriptsSecret` parameter. - -The allowed extensions are `.sh`, `.sql` and `.sql.gz`. - -### Sidecars - -If you need additional containers to run within the same pod as PostgreSQL (e.g. an additional metrics or logging exporter), you can do so via the `sidecars` config parameter. Simply define your container according to the Kubernetes container spec. - -```yaml -# For the PostgreSQL master -master: - sidecars: - - name: your-image-name - image: your-image - imagePullPolicy: Always - ports: - - name: portname - containerPort: 1234 -# For the PostgreSQL replicas -slave: - sidecars: - - name: your-image-name - image: your-image - imagePullPolicy: Always - ports: - - name: portname - containerPort: 1234 -``` - -### Metrics - -The chart optionally can start a metrics exporter for [prometheus](https://prometheus.io). The metrics endpoint (port 9187) is not exposed and it is expected that the metrics are collected from inside the k8s cluster using something similar as the described in the [example Prometheus scrape configuration](https://github.com/prometheus/prometheus/blob/master/documentation/examples/prometheus-kubernetes.yml). - -The exporter allows to create custom metrics from additional SQL queries. See the Chart's `values.yaml` for an example and consult the [exporters documentation](https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file) for more details. - -### Use of global variables - -In more complex scenarios, we may have the following tree of dependencies - -``` - +--------------+ - | | - +------------+ Chart 1 +-----------+ - | | | | - | --------+------+ | - | | | - | | | - | | | - | | | - v v v -+-------+------+ +--------+------+ +--------+------+ -| | | | | | -| PostgreSQL | | Sub-chart 1 | | Sub-chart 2 | -| | | | | | -+--------------+ +---------------+ +---------------+ -``` - -The three charts below depend on the parent chart Chart 1. However, subcharts 1 and 2 may need to connect to PostgreSQL as well. In order to do so, subcharts 1 and 2 need to know the PostgreSQL credentials, so one option for deploying could be deploy Chart 1 with the following parameters: - -``` -postgresql.postgresqlPassword=testtest -subchart1.postgresql.postgresqlPassword=testtest -subchart2.postgresql.postgresqlPassword=testtest -postgresql.postgresqlDatabase=db1 -subchart1.postgresql.postgresqlDatabase=db1 -subchart2.postgresql.postgresqlDatabase=db1 -``` - -If the number of dependent sub-charts increases, installing the chart with parameters can become increasingly difficult. An alternative would be to set the credentials using global variables as follows: - -``` -global.postgresql.postgresqlPassword=testtest -global.postgresql.postgresqlDatabase=db1 -``` - -This way, the credentials will be available in all of the subcharts. - -## Persistence - -The [Bitnami PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) image stores the PostgreSQL data and configurations at the `/bitnami/postgresql` path of the container. - -Persistent Volume Claims are used to keep the data across deployments. This is known to work in GCE, AWS, and minikube. -See the [Parameters](#parameters) section to configure the PVC or to disable persistence. - -If you already have data in it, you will fail to sync to standby nodes for all commits, details can refer to [code](https://github.com/bitnami/bitnami-docker-postgresql/blob/8725fe1d7d30ebe8d9a16e9175d05f7ad9260c93/9.6/debian-9/rootfs/libpostgresql.sh#L518-L556). If you need to use those data, please covert them to sql and import after `helm install` finished. - -## NetworkPolicy - -To enable network policy for PostgreSQL, install [a networking plugin that implements the Kubernetes NetworkPolicy spec](https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy#before-you-begin), and set `networkPolicy.enabled` to `true`. - -For Kubernetes v1.5 & v1.6, you must also turn on NetworkPolicy by setting the DefaultDeny namespace annotation. Note: this will enforce policy for _all_ pods in the namespace: - -```console -$ kubectl annotate namespace default "net.beta.kubernetes.io/network-policy={\"ingress\":{\"isolation\":\"DefaultDeny\"}}" -``` - -With NetworkPolicy enabled, traffic will be limited to just port 5432. - -For more precise policy, set `networkPolicy.allowExternal=false`. This will only allow pods with the generated client label to connect to PostgreSQL. -This label will be displayed in the output of a successful install. - -## Differences between Bitnami PostgreSQL image and [Docker Official](https://hub.docker.com/_/postgres) image - -- The Docker Official PostgreSQL image does not support replication. If you pass any replication environment variable, this would be ignored. The only environment variables supported by the Docker Official image are POSTGRES_USER, POSTGRES_DB, POSTGRES_PASSWORD, POSTGRES_INITDB_ARGS, POSTGRES_INITDB_WALDIR and PGDATA. All the remaining environment variables are specific to the Bitnami PostgreSQL image. -- The Bitnami PostgreSQL image is non-root by default. This requires that you run the pod with `securityContext` and updates the permissions of the volume with an `initContainer`. A key benefit of this configuration is that the pod follows security best practices and is prepared to run on Kubernetes distributions with hard security constraints like OpenShift. -- For OpenShift, one may either define the runAsUser and fsGroup accordingly, or try this more dynamic option: volumePermissions.securityContext.runAsUser="auto",securityContext.enabled=false,shmVolume.chmod.enabled=false - -### Deploy chart using Docker Official PostgreSQL Image - -From chart version 4.0.0, it is possible to use this chart with the Docker Official PostgreSQL image. -Besides specifying the new Docker repository and tag, it is important to modify the PostgreSQL data directory and volume mount point. Basically, the PostgreSQL data dir cannot be the mount point directly, it has to be a subdirectory. - -``` -image.repository=postgres -image.tag=10.6 -postgresqlDataDir=/data/pgdata -persistence.mountPath=/data/ -``` - -## Upgrade - -It's necessary to specify the existing passwords while performing an upgrade to ensure the secrets are not updated with invalid randomly generated passwords. Remember to specify the existing values of the `postgresqlPassword` and `replication.password` parameters when upgrading the chart: - -```bash -$ helm upgrade my-release stable/postgresql \ - --set postgresqlPassword=[POSTGRESQL_PASSWORD] \ - --set replication.password=[REPLICATION_PASSWORD] -``` - -> Note: you need to substitute the placeholders _[POSTGRESQL_PASSWORD]_, and _[REPLICATION_PASSWORD]_ with the values obtained from instructions in the installation notes. - -## 8.0.0 - -Prefixes the port names with their protocols to comply with Istio conventions. - -If you depend on the port names in your setup, make sure to update them to reflect this change. - -## 7.1.0 - -Adds support for LDAP configuration. - -## 7.0.0 - -Helm performs a lookup for the object based on its group (apps), version (v1), and kind (Deployment). Also known as its GroupVersionKind, or GVK. Changing the GVK is considered a compatibility breaker from Kubernetes' point of view, so you cannot "upgrade" those objects to the new GVK in-place. Earlier versions of Helm 3 did not perform the lookup correctly which has since been fixed to match the spec. - -In https://github.com/helm/charts/pull/17281 the `apiVersion` of the statefulset resources was updated to `apps/v1` in tune with the api's deprecated, resulting in compatibility breakage. - -This major version bump signifies this change. - -## 6.5.7 - -In this version, the chart will use PostgreSQL with the Postgis extension included. The version used with Postgresql version 10, 11 and 12 is Postgis 2.5. It has been compiled with the following dependencies: - -- protobuf -- protobuf-c -- json-c -- geos -- proj - -## 5.0.0 - -In this version, the **chart is using PostgreSQL 11 instead of PostgreSQL 10**. You can find the main difference and notable changes in the following links: [https://www.postgresql.org/about/news/1894/](https://www.postgresql.org/about/news/1894/) and [https://www.postgresql.org/about/featurematrix/](https://www.postgresql.org/about/featurematrix/). - -For major releases of PostgreSQL, the internal data storage format is subject to change, thus complicating upgrades, you can see some errors like the following one in the logs: - -```console -Welcome to the Bitnami postgresql container -Subscribe to project updates by watching https://github.com/bitnami/bitnami-docker-postgresql -Submit issues and feature requests at https://github.com/bitnami/bitnami-docker-postgresql/issues -Send us your feedback at containers@bitnami.com - -INFO ==> ** Starting PostgreSQL setup ** -NFO ==> Validating settings in POSTGRESQL_* env vars.. -INFO ==> Initializing PostgreSQL database... -INFO ==> postgresql.conf file not detected. Generating it... -INFO ==> pg_hba.conf file not detected. Generating it... -INFO ==> Deploying PostgreSQL with persisted data... -INFO ==> Configuring replication parameters -INFO ==> Loading custom scripts... -INFO ==> Enabling remote connections -INFO ==> Stopping PostgreSQL... -INFO ==> ** PostgreSQL setup finished! ** - -INFO ==> ** Starting PostgreSQL ** - [1] FATAL: database files are incompatible with server - [1] DETAIL: The data directory was initialized by PostgreSQL version 10, which is not compatible with this version 11.3. -``` - -In this case, you should migrate the data from the old chart to the new one following an approach similar to that described in [this section](https://www.postgresql.org/docs/current/upgrading.html#UPGRADING-VIA-PGDUMPALL) from the official documentation. Basically, create a database dump in the old chart, move and restore it in the new one. - -### 4.0.0 - -This chart will use by default the Bitnami PostgreSQL container starting from version `10.7.0-r68`. This version moves the initialization logic from node.js to bash. This new version of the chart requires setting the `POSTGRES_PASSWORD` in the slaves as well, in order to properly configure the `pg_hba.conf` file. Users from previous versions of the chart are advised to upgrade immediately. - -IMPORTANT: If you do not want to upgrade the chart version then make sure you use the `10.7.0-r68` version of the container. Otherwise, you will get this error - -``` -The POSTGRESQL_PASSWORD environment variable is empty or not set. Set the environment variable ALLOW_EMPTY_PASSWORD=yes to allow the container to be started with blank passwords. This is recommended only for development -``` - -### 3.0.0 - -This releases make it possible to specify different nodeSelector, affinity and tolerations for master and slave pods. -It also fixes an issue with `postgresql.master.fullname` helper template not obeying fullnameOverride. - -#### Breaking changes - -- `affinty` has been renamed to `master.affinity` and `slave.affinity`. -- `tolerations` has been renamed to `master.tolerations` and `slave.tolerations`. -- `nodeSelector` has been renamed to `master.nodeSelector` and `slave.nodeSelector`. - -### 2.0.0 - -In order to upgrade from the `0.X.X` branch to `1.X.X`, you should follow the below steps: - - - Obtain the service name (`SERVICE_NAME`) and password (`OLD_PASSWORD`) of the existing postgresql chart. You can find the instructions to obtain the password in the NOTES.txt, the service name can be obtained by running - -```console -$ kubectl get svc -``` - -- Install (not upgrade) the new version - -```console -$ helm repo update -$ helm install my-release bitnami/postgresql -``` - -- Connect to the new pod (you can obtain the name by running `kubectl get pods`): - -```console -$ kubectl exec -it NAME bash -``` - -- Once logged in, create a dump file from the previous database using `pg_dump`, for that we should connect to the previous postgresql chart: - -```console -$ pg_dump -h SERVICE_NAME -U postgres DATABASE_NAME > /tmp/backup.sql -``` - -After run above command you should be prompted for a password, this password is the previous chart password (`OLD_PASSWORD`). -This operation could take some time depending on the database size. - -- Once you have the backup file, you can restore it with a command like the one below: - -```console -$ psql -U postgres DATABASE_NAME < /tmp/backup.sql -``` - -In this case, you are accessing to the local postgresql, so the password should be the new one (you can find it in NOTES.txt). - -If you want to restore the database and the database schema does not exist, it is necessary to first follow the steps described below. - -```console -$ psql -U postgres -postgres=# drop database DATABASE_NAME; -postgres=# create database DATABASE_NAME; -postgres=# create user USER_NAME; -postgres=# alter role USER_NAME with password 'BITNAMI_USER_PASSWORD'; -postgres=# grant all privileges on database DATABASE_NAME to USER_NAME; -postgres=# alter database DATABASE_NAME owner to USER_NAME; -``` diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/ci/default-values.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/ci/default-values.yaml deleted file mode 100755 index fc2ba605a..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/ci/default-values.yaml +++ /dev/null @@ -1 +0,0 @@ -# Leave this file empty to ensure that CI runs builds against the default configuration in values.yaml. diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/ci/shmvolume-disabled-values.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/ci/shmvolume-disabled-values.yaml deleted file mode 100755 index 347d3b40a..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/ci/shmvolume-disabled-values.yaml +++ /dev/null @@ -1,2 +0,0 @@ -shmVolume: - enabled: false diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/files/README.md b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/files/README.md deleted file mode 100755 index 1813a2fea..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/files/README.md +++ /dev/null @@ -1 +0,0 @@ -Copy here your postgresql.conf and/or pg_hba.conf files to use it as a config map. diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/files/conf.d/README.md b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/files/conf.d/README.md deleted file mode 100755 index 184c1875d..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/files/conf.d/README.md +++ /dev/null @@ -1,4 +0,0 @@ -If you don't want to provide the whole configuration file and only specify certain parameters, you can copy here your extended `.conf` files. -These files will be injected as a config maps and add/overwrite the default configuration using the `include_dir` directive that allows settings to be loaded from files other than the default `postgresql.conf`. - -More info in the [bitnami-docker-postgresql README](https://github.com/bitnami/bitnami-docker-postgresql#configuration-file). diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/files/docker-entrypoint-initdb.d/README.md b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/files/docker-entrypoint-initdb.d/README.md deleted file mode 100755 index cba38091e..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/files/docker-entrypoint-initdb.d/README.md +++ /dev/null @@ -1,3 +0,0 @@ -You can copy here your custom `.sh`, `.sql` or `.sql.gz` file so they are executed during the first boot of the image. - -More info in the [bitnami-docker-postgresql](https://github.com/bitnami/bitnami-docker-postgresql#initializing-a-new-instance) repository. \ No newline at end of file diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/NOTES.txt b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/NOTES.txt deleted file mode 100755 index 3b5e6c60d..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/NOTES.txt +++ /dev/null @@ -1,60 +0,0 @@ -** Please be patient while the chart is being deployed ** - -PostgreSQL can be accessed via port {{ template "postgresql.port" . }} on the following DNS name from within your cluster: - - {{ template "postgresql.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local - Read/Write connection -{{- if .Values.replication.enabled }} - {{ template "postgresql.fullname" . }}-read.{{ .Release.Namespace }}.svc.cluster.local - Read only connection -{{- end }} - -{{- if and .Values.postgresqlPostgresPassword (not (eq .Values.postgresqlUsername "postgres")) }} - -To get the password for "postgres" run: - - export POSTGRES_ADMIN_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "postgresql.secretName" . }} -o jsonpath="{.data.postgresql-postgres-password}" | base64 --decode) -{{- end }} - -To get the password for "{{ template "postgresql.username" . }}" run: - - export POSTGRES_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "postgresql.secretName" . }} -o jsonpath="{.data.postgresql-password}" | base64 --decode) - -To connect to your database run the following command: - - kubectl run {{ template "postgresql.fullname" . }}-client --rm --tty -i --restart='Never' --namespace {{ .Release.Namespace }} --image {{ template "postgresql.image" . }} --env="PGPASSWORD=$POSTGRES_PASSWORD" {{- if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }} - --labels="{{ template "postgresql.fullname" . }}-client=true" {{- end }} --command -- psql --host {{ template "postgresql.fullname" . }} -U {{ .Values.postgresqlUsername }} -d {{- if .Values.postgresqlDatabase }} {{ .Values.postgresqlDatabase }}{{- else }} postgres{{- end }} -p {{ template "postgresql.port" . }} - -{{ if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }} -Note: Since NetworkPolicy is enabled, only pods with label {{ template "postgresql.fullname" . }}-client=true" will be able to connect to this PostgreSQL cluster. -{{- end }} - -To connect to your database from outside the cluster execute the following commands: - -{{- if contains "NodePort" .Values.service.type }} - - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "postgresql.fullname" . }}) - {{ if (include "postgresql.password" . ) }}PGPASSWORD="$POSTGRES_PASSWORD" {{ end }}psql --host $NODE_IP --port $NODE_PORT -U {{ .Values.postgresqlUsername }} -d {{- if .Values.postgresqlDatabase }} {{ .Values.postgresqlDatabase }}{{- else }} postgres{{- end }} - -{{- else if contains "LoadBalancer" .Values.service.type }} - - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "postgresql.fullname" . }}' - - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "postgresql.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - {{ if (include "postgresql.password" . ) }}PGPASSWORD="$POSTGRES_PASSWORD" {{ end }}psql --host $SERVICE_IP --port {{ template "postgresql.port" . }} -U {{ .Values.postgresqlUsername }} -d {{- if .Values.postgresqlDatabase }} {{ .Values.postgresqlDatabase }}{{- else }} postgres{{- end }} - -{{- else if contains "ClusterIP" .Values.service.type }} - - kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "postgresql.fullname" . }} {{ template "postgresql.port" . }}:{{ template "postgresql.port" . }} & - {{ if (include "postgresql.password" . ) }}PGPASSWORD="$POSTGRES_PASSWORD" {{ end }}psql --host 127.0.0.1 -U {{ .Values.postgresqlUsername }} -d {{- if .Values.postgresqlDatabase }} {{ .Values.postgresqlDatabase }}{{- else }} postgres{{- end }} -p {{ template "postgresql.port" . }} - -{{- end }} - -{{- include "postgresql.validateValues" . -}} - -{{- if and (contains "bitnami/" .Values.image.repository) (not (.Values.image.tag | toString | regexFind "-r\\d+$|sha256:")) }} - -WARNING: Rolling tag detected ({{ .Values.image.repository }}:{{ .Values.image.tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment. -+info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/ - -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/_helpers.tpl b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/_helpers.tpl deleted file mode 100755 index 708434856..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/_helpers.tpl +++ /dev/null @@ -1,420 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "postgresql.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "postgresql.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "postgresql.master.fullname" -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- $fullname := default (printf "%s-%s" .Release.Name $name) .Values.fullnameOverride -}} -{{- if .Values.replication.enabled -}} -{{- printf "%s-%s" $fullname "master" | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s" $fullname | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for networkpolicy. -*/}} -{{- define "postgresql.networkPolicy.apiVersion" -}} -{{- if semverCompare ">=1.4-0, <1.7-0" .Capabilities.KubeVersion.GitVersion -}} -"extensions/v1beta1" -{{- else if semverCompare "^1.7-0" .Capabilities.KubeVersion.GitVersion -}} -"networking.k8s.io/v1" -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "postgresql.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Return the proper PostgreSQL image name -*/}} -{{- define "postgresql.image" -}} -{{- $registryName := .Values.image.registry -}} -{{- $repositoryName := .Values.image.repository -}} -{{- $tag := .Values.image.tag | toString -}} -{{/* -Helm 2.11 supports the assignment of a value to a variable defined in a different scope, -but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic. -Also, we can't use a single if because lazy evaluation is not an option -*/}} -{{- if .Values.global }} - {{- if .Values.global.imageRegistry }} - {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}} - {{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} - {{- end -}} -{{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} -{{- end -}} -{{- end -}} - -{{/* -Return PostgreSQL postgres user password -*/}} -{{- define "postgresql.postgres.password" -}} -{{- if .Values.global.postgresql.postgresqlPostgresPassword }} - {{- .Values.global.postgresql.postgresqlPostgresPassword -}} -{{- else if .Values.postgresqlPostgresPassword -}} - {{- .Values.postgresqlPostgresPassword -}} -{{- else -}} - {{- randAlphaNum 10 -}} -{{- end -}} -{{- end -}} - -{{/* -Return PostgreSQL password -*/}} -{{- define "postgresql.password" -}} -{{- if .Values.global.postgresql.postgresqlPassword }} - {{- .Values.global.postgresql.postgresqlPassword -}} -{{- else if .Values.postgresqlPassword -}} - {{- .Values.postgresqlPassword -}} -{{- else -}} - {{- randAlphaNum 10 -}} -{{- end -}} -{{- end -}} - -{{/* -Return PostgreSQL replication password -*/}} -{{- define "postgresql.replication.password" -}} -{{- if .Values.global.postgresql.replicationPassword }} - {{- .Values.global.postgresql.replicationPassword -}} -{{- else if .Values.replication.password -}} - {{- .Values.replication.password -}} -{{- else -}} - {{- randAlphaNum 10 -}} -{{- end -}} -{{- end -}} - -{{/* -Return PostgreSQL username -*/}} -{{- define "postgresql.username" -}} -{{- if .Values.global.postgresql.postgresqlUsername }} - {{- .Values.global.postgresql.postgresqlUsername -}} -{{- else -}} - {{- .Values.postgresqlUsername -}} -{{- end -}} -{{- end -}} - - -{{/* -Return PostgreSQL replication username -*/}} -{{- define "postgresql.replication.username" -}} -{{- if .Values.global.postgresql.replicationUser }} - {{- .Values.global.postgresql.replicationUser -}} -{{- else -}} - {{- .Values.replication.user -}} -{{- end -}} -{{- end -}} - -{{/* -Return PostgreSQL port -*/}} -{{- define "postgresql.port" -}} -{{- if .Values.global.postgresql.servicePort }} - {{- .Values.global.postgresql.servicePort -}} -{{- else -}} - {{- .Values.service.port -}} -{{- end -}} -{{- end -}} - -{{/* -Return PostgreSQL created database -*/}} -{{- define "postgresql.database" -}} -{{- if .Values.global.postgresql.postgresqlDatabase }} - {{- .Values.global.postgresql.postgresqlDatabase -}} -{{- else if .Values.postgresqlDatabase -}} - {{- .Values.postgresqlDatabase -}} -{{- end -}} -{{- end -}} - -{{/* -Return the proper image name to change the volume permissions -*/}} -{{- define "postgresql.volumePermissions.image" -}} -{{- $registryName := .Values.volumePermissions.image.registry -}} -{{- $repositoryName := .Values.volumePermissions.image.repository -}} -{{- $tag := .Values.volumePermissions.image.tag | toString -}} -{{/* -Helm 2.11 supports the assignment of a value to a variable defined in a different scope, -but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic. -Also, we can't use a single if because lazy evaluation is not an option -*/}} -{{- if .Values.global }} - {{- if .Values.global.imageRegistry }} - {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}} - {{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} - {{- end -}} -{{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} -{{- end -}} -{{- end -}} - -{{/* -Return the proper PostgreSQL metrics image name -*/}} -{{- define "postgresql.metrics.image" -}} -{{- $registryName := default "docker.io" .Values.metrics.image.registry -}} -{{- $repositoryName := .Values.metrics.image.repository -}} -{{- $tag := default "latest" .Values.metrics.image.tag | toString -}} -{{/* -Helm 2.11 supports the assignment of a value to a variable defined in a different scope, -but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic. -Also, we can't use a single if because lazy evaluation is not an option -*/}} -{{- if .Values.global }} - {{- if .Values.global.imageRegistry }} - {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}} - {{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} - {{- end -}} -{{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} -{{- end -}} -{{- end -}} - -{{/* -Get the password secret. -*/}} -{{- define "postgresql.secretName" -}} -{{- if .Values.global.postgresql.existingSecret }} - {{- printf "%s" (tpl .Values.global.postgresql.existingSecret $) -}} -{{- else if .Values.existingSecret -}} - {{- printf "%s" (tpl .Values.existingSecret $) -}} -{{- else -}} - {{- printf "%s" (include "postgresql.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if a secret object should be created -*/}} -{{- define "postgresql.createSecret" -}} -{{- if .Values.global.postgresql.existingSecret }} -{{- else if .Values.existingSecret -}} -{{- else -}} - {{- true -}} -{{- end -}} -{{- end -}} - -{{/* -Get the configuration ConfigMap name. -*/}} -{{- define "postgresql.configurationCM" -}} -{{- if .Values.configurationConfigMap -}} -{{- printf "%s" (tpl .Values.configurationConfigMap $) -}} -{{- else -}} -{{- printf "%s-configuration" (include "postgresql.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Get the extended configuration ConfigMap name. -*/}} -{{- define "postgresql.extendedConfigurationCM" -}} -{{- if .Values.extendedConfConfigMap -}} -{{- printf "%s" (tpl .Values.extendedConfConfigMap $) -}} -{{- else -}} -{{- printf "%s-extended-configuration" (include "postgresql.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Get the initialization scripts ConfigMap name. -*/}} -{{- define "postgresql.initdbScriptsCM" -}} -{{- if .Values.initdbScriptsConfigMap -}} -{{- printf "%s" (tpl .Values.initdbScriptsConfigMap $) -}} -{{- else -}} -{{- printf "%s-init-scripts" (include "postgresql.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Get the initialization scripts Secret name. -*/}} -{{- define "postgresql.initdbScriptsSecret" -}} -{{- printf "%s" (tpl .Values.initdbScriptsSecret $) -}} -{{- end -}} - -{{/* -Get the metrics ConfigMap name. -*/}} -{{- define "postgresql.metricsCM" -}} -{{- printf "%s-metrics" (include "postgresql.fullname" .) -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "postgresql.imagePullSecrets" -}} -{{/* -Helm 2.11 supports the assignment of a value to a variable defined in a different scope, -but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic. -Also, we can not use a single if because lazy evaluation is not an option -*/}} -{{- if .Values.global }} -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- else if or .Values.image.pullSecrets .Values.metrics.image.pullSecrets .Values.volumePermissions.image.pullSecrets }} -imagePullSecrets: -{{- range .Values.image.pullSecrets }} - - name: {{ . }} -{{- end }} -{{- range .Values.metrics.image.pullSecrets }} - - name: {{ . }} -{{- end }} -{{- range .Values.volumePermissions.image.pullSecrets }} - - name: {{ . }} -{{- end }} -{{- end -}} -{{- else if or .Values.image.pullSecrets .Values.metrics.image.pullSecrets .Values.volumePermissions.image.pullSecrets }} -imagePullSecrets: -{{- range .Values.image.pullSecrets }} - - name: {{ . }} -{{- end }} -{{- range .Values.metrics.image.pullSecrets }} - - name: {{ . }} -{{- end }} -{{- range .Values.volumePermissions.image.pullSecrets }} - - name: {{ . }} -{{- end }} -{{- end -}} -{{- end -}} - -{{/* -Get the readiness probe command -*/}} -{{- define "postgresql.readinessProbeCommand" -}} -- | -{{- if (include "postgresql.database" .) }} - exec pg_isready -U {{ include "postgresql.username" . | quote }} -d {{ (include "postgresql.database" .) | quote }} -h 127.0.0.1 -p {{ template "postgresql.port" . }} -{{- else }} - exec pg_isready -U {{ include "postgresql.username" . | quote }} -h 127.0.0.1 -p {{ template "postgresql.port" . }} -{{- end }} -{{- if contains "bitnami/" .Values.image.repository }} - [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ] -{{- end -}} -{{- end -}} - -{{/* -Return the proper Storage Class -*/}} -{{- define "postgresql.storageClass" -}} -{{/* -Helm 2.11 supports the assignment of a value to a variable defined in a different scope, -but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic. -*/}} -{{- if .Values.global -}} - {{- if .Values.global.storageClass -}} - {{- if (eq "-" .Values.global.storageClass) -}} - {{- printf "storageClassName: \"\"" -}} - {{- else }} - {{- printf "storageClassName: %s" .Values.global.storageClass -}} - {{- end -}} - {{- else -}} - {{- if .Values.persistence.storageClass -}} - {{- if (eq "-" .Values.persistence.storageClass) -}} - {{- printf "storageClassName: \"\"" -}} - {{- else }} - {{- printf "storageClassName: %s" .Values.persistence.storageClass -}} - {{- end -}} - {{- end -}} - {{- end -}} -{{- else -}} - {{- if .Values.persistence.storageClass -}} - {{- if (eq "-" .Values.persistence.storageClass) -}} - {{- printf "storageClassName: \"\"" -}} - {{- else }} - {{- printf "storageClassName: %s" .Values.persistence.storageClass -}} - {{- end -}} - {{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Renders a value that contains template. -Usage: -{{ include "postgresql.tplValue" ( dict "value" .Values.path.to.the.Value "context" $) }} -*/}} -{{- define "postgresql.tplValue" -}} - {{- if typeIs "string" .value }} - {{- tpl .value .context }} - {{- else }} - {{- tpl (.value | toYaml) .context }} - {{- end }} -{{- end -}} - -{{/* -Return the appropriate apiVersion for statefulset. -*/}} -{{- define "postgresql.statefulset.apiVersion" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "apps/v1beta2" -}} -{{- else -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Compile all warnings into a single message, and call fail. -*/}} -{{- define "postgresql.validateValues" -}} -{{- $messages := list -}} -{{- $messages := append $messages (include "postgresql.validateValues.ldapConfigurationMethod" .) -}} -{{- $messages := without $messages "" -}} -{{- $message := join "\n" $messages -}} - -{{- if $message -}} -{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} -{{- end -}} -{{- end -}} - -{{/* -Validate values of Postgresql - If ldap.url is used then you don't need the other settings for ldap -*/}} -{{- define "postgresql.validateValues.ldapConfigurationMethod" -}} -{{- if and .Values.ldap.enabled (and (not (empty .Values.ldap.url)) (not (empty .Values.ldap.server))) }} -postgresql: ldap.url, ldap.server - You cannot set both `ldap.url` and `ldap.server` at the same time. - Please provide a unique way to configure LDAP. - More info at https://www.postgresql.org/docs/current/auth-ldap.html -{{- end -}} -{{- end -}} diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/configmap.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/configmap.yaml deleted file mode 100755 index d2178c077..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/configmap.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{ if and (or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration) (not .Values.configurationConfigMap) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "postgresql.fullname" . }}-configuration - labels: - app: {{ template "postgresql.name" . }} - chart: {{ template "postgresql.chart" . }} - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} -data: -{{- if (.Files.Glob "files/postgresql.conf") }} -{{ (.Files.Glob "files/postgresql.conf").AsConfig | indent 2 }} -{{- else if .Values.postgresqlConfiguration }} - postgresql.conf: | -{{- range $key, $value := default dict .Values.postgresqlConfiguration }} - {{ $key | snakecase }}={{ $value }} -{{- end }} -{{- end }} -{{- if (.Files.Glob "files/pg_hba.conf") }} -{{ (.Files.Glob "files/pg_hba.conf").AsConfig | indent 2 }} -{{- else if .Values.pgHbaConfiguration }} - pg_hba.conf: | -{{ .Values.pgHbaConfiguration | indent 4 }} -{{- end }} -{{ end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/extended-config-configmap.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/extended-config-configmap.yaml deleted file mode 100755 index 8a4119578..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/extended-config-configmap.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if and (or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf) (not .Values.extendedConfConfigMap)}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "postgresql.fullname" . }}-extended-configuration - labels: - app: {{ template "postgresql.name" . }} - chart: {{ template "postgresql.chart" . }} - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} -data: -{{- with .Files.Glob "files/conf.d/*.conf" }} -{{ .AsConfig | indent 2 }} -{{- end }} -{{ with .Values.postgresqlExtendedConf }} - override.conf: | -{{- range $key, $value := . }} - {{ $key | snakecase }}={{ $value }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/initialization-configmap.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/initialization-configmap.yaml deleted file mode 100755 index 8eb5e0588..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/initialization-configmap.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if and (or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScripts) (not .Values.initdbScriptsConfigMap) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "postgresql.fullname" . }}-init-scripts - labels: - app: {{ template "postgresql.name" . }} - chart: {{ template "postgresql.chart" . }} - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} -{{- with .Files.Glob "files/docker-entrypoint-initdb.d/*.sql.gz" }} -binaryData: -{{- range $path, $bytes := . }} - {{ base $path }}: {{ $.Files.Get $path | b64enc | quote }} -{{- end }} -{{- end }} -data: -{{- with .Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql}" }} -{{ .AsConfig | indent 2 }} -{{- end }} -{{- with .Values.initdbScripts }} -{{ toYaml . | indent 2 }} -{{- end }} -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/metrics-configmap.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/metrics-configmap.yaml deleted file mode 100755 index 524aa2f6a..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/metrics-configmap.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if and .Values.metrics.enabled .Values.metrics.customMetrics }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "postgresql.metricsCM" . }} - labels: - app: {{ template "postgresql.name" . }} - chart: {{ template "postgresql.chart" . }} - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} -data: - custom-metrics.yaml: {{ toYaml .Values.metrics.customMetrics | quote }} -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/metrics-svc.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/metrics-svc.yaml deleted file mode 100755 index c610f09af..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/metrics-svc.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if .Values.metrics.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "postgresql.fullname" . }}-metrics - labels: - app: {{ template "postgresql.name" . }} - chart: {{ template "postgresql.chart" . }} - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} - annotations: -{{ toYaml .Values.metrics.service.annotations | indent 4 }} -spec: - type: {{ .Values.metrics.service.type }} - {{- if and (eq .Values.metrics.service.type "LoadBalancer") .Values.metrics.service.loadBalancerIP }} - loadBalancerIP: {{ .Values.metrics.service.loadBalancerIP }} - {{- end }} - ports: - - name: http-metrics - port: 9187 - targetPort: http-metrics - selector: - app: {{ template "postgresql.name" . }} - release: {{ .Release.Name }} - role: master -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/networkpolicy.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/networkpolicy.yaml deleted file mode 100755 index ea1fc9b3a..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/networkpolicy.yaml +++ /dev/null @@ -1,38 +0,0 @@ -{{- if .Values.networkPolicy.enabled }} -kind: NetworkPolicy -apiVersion: {{ template "postgresql.networkPolicy.apiVersion" . }} -metadata: - name: {{ template "postgresql.fullname" . }} - labels: - app: {{ template "postgresql.name" . }} - chart: {{ template "postgresql.chart" . }} - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} -spec: - podSelector: - matchLabels: - app: {{ template "postgresql.name" . }} - release: {{ .Release.Name | quote }} - ingress: - # Allow inbound connections - - ports: - - port: {{ template "postgresql.port" . }} - {{- if not .Values.networkPolicy.allowExternal }} - from: - - podSelector: - matchLabels: - {{ template "postgresql.fullname" . }}-client: "true" - {{- if .Values.networkPolicy.explicitNamespacesSelector }} - namespaceSelector: -{{ toYaml .Values.networkPolicy.explicitNamespacesSelector | indent 12 }} - {{- end }} - - podSelector: - matchLabels: - app: {{ template "postgresql.name" . }} - release: {{ .Release.Name | quote }} - role: slave - {{- end }} - # Allow prometheus scrapes - - ports: - - port: 9187 -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/prometheusrule.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/prometheusrule.yaml deleted file mode 100755 index 44f1242dd..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/prometheusrule.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ template "postgresql.fullname" . }} -{{- with .Values.metrics.prometheusRule.namespace }} - namespace: {{ . }} -{{- end }} - labels: - app: {{ template "postgresql.name" . }} - chart: {{ template "postgresql.chart" . }} - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} -{{- with .Values.metrics.prometheusRule.additionalLabels }} -{{ toYaml . | indent 4 }} -{{- end }} -spec: -{{- with .Values.metrics.prometheusRule.rules }} - groups: - - name: {{ template "postgresql.name" $ }} - rules: {{ tpl (toYaml .) $ | nindent 8 }} -{{- end }} -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/secrets.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/secrets.yaml deleted file mode 100755 index 094d18b49..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/secrets.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if (include "postgresql.createSecret" .) }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "postgresql.fullname" . }} - labels: - app: {{ template "postgresql.name" . }} - chart: {{ template "postgresql.chart" . }} - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} -type: Opaque -data: - {{- if and .Values.postgresqlPostgresPassword (not (eq .Values.postgresqlUsername "postgres")) }} - postgresql-postgres-password: {{ include "postgresql.postgres.password" . | b64enc | quote }} - {{- end }} - postgresql-password: {{ include "postgresql.password" . | b64enc | quote }} - {{- if .Values.replication.enabled }} - postgresql-replication-password: {{ include "postgresql.replication.password" . | b64enc | quote }} - {{- end }} - {{- if (and .Values.ldap.enabled .Values.ldap.bind_password)}} - postgresql-ldap-password: {{ .Values.ldap.bind_password | b64enc | quote }} - {{- end }} -{{- end -}} diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/serviceaccount.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/serviceaccount.yaml deleted file mode 100755 index 27e5b516e..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/serviceaccount.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if and (.Values.serviceAccount.enabled) (not .Values.serviceAccount.name) }} -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app: {{ template "postgresql.name" . }} - chart: {{ template "postgresql.chart" . }} - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} - name: {{ template "postgresql.fullname" . }} -{{- end }} \ No newline at end of file diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/servicemonitor.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/servicemonitor.yaml deleted file mode 100755 index f3a529a96..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/servicemonitor.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "postgresql.fullname" . }} - {{- if .Values.metrics.serviceMonitor.namespace }} - namespace: {{ .Values.metrics.serviceMonitor.namespace }} - {{- end }} - labels: - app: {{ template "postgresql.name" . }} - chart: {{ template "postgresql.chart" . }} - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} - {{- if .Values.metrics.serviceMonitor.additionalLabels }} -{{ toYaml .Values.metrics.serviceMonitor.additionalLabels | indent 4 }} - {{- end }} -spec: - endpoints: - - port: http-metrics - {{- if .Values.metrics.serviceMonitor.interval }} - interval: {{ .Values.metrics.serviceMonitor.interval }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} - {{- end }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} - selector: - matchLabels: - app: {{ template "postgresql.name" . }} - release: {{ .Release.Name }} -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/statefulset-slaves.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/statefulset-slaves.yaml deleted file mode 100755 index b6d607672..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/statefulset-slaves.yaml +++ /dev/null @@ -1,299 +0,0 @@ -{{- if .Values.replication.enabled }} -apiVersion: {{ template "postgresql.statefulset.apiVersion" . }} -kind: StatefulSet -metadata: - name: "{{ template "postgresql.fullname" . }}-slave" - labels: - app: {{ template "postgresql.name" . }} - chart: {{ template "postgresql.chart" . }} - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} -{{- with .Values.slave.labels }} -{{ toYaml . | indent 4 }} -{{- end }} -{{- with .Values.slave.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} -spec: - serviceName: {{ template "postgresql.fullname" . }}-headless - replicas: {{ .Values.replication.slaveReplicas }} - selector: - matchLabels: - app: {{ template "postgresql.name" . }} - release: {{ .Release.Name | quote }} - role: slave - template: - metadata: - name: {{ template "postgresql.fullname" . }} - labels: - app: {{ template "postgresql.name" . }} - chart: {{ template "postgresql.chart" . }} - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} - role: slave -{{- with .Values.slave.podLabels }} -{{ toYaml . | indent 8 }} -{{- end }} -{{- with .Values.slave.podAnnotations }} - annotations: -{{ toYaml . | indent 8 }} -{{- end }} - spec: - {{- if .Values.schedulerName }} - schedulerName: "{{ .Values.schedulerName }}" - {{- end }} -{{- include "postgresql.imagePullSecrets" . | indent 6 }} - {{- if .Values.slave.nodeSelector }} - nodeSelector: -{{ toYaml .Values.slave.nodeSelector | indent 8 }} - {{- end }} - {{- if .Values.slave.affinity }} - affinity: -{{ toYaml .Values.slave.affinity | indent 8 }} - {{- end }} - {{- if .Values.slave.tolerations }} - tolerations: -{{ toYaml .Values.slave.tolerations | indent 8 }} - {{- end }} - {{- if .Values.terminationGracePeriodSeconds }} - terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} - {{- end }} - {{- if .Values.securityContext.enabled }} - securityContext: - fsGroup: {{ .Values.securityContext.fsGroup }} - {{- end }} - {{- if .Values.serviceAccount.enabled }} - serviceAccountName: {{ default (include "postgresql.fullname" . ) .Values.serviceAccount.name}} - {{- end }} - {{- if or .Values.slave.extraInitContainers (and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled))) }} - initContainers: - {{- if and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled)) }} - - name: init-chmod-data - image: {{ template "postgresql.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- end }} - command: - - /bin/sh - - -cx - - | - {{ if .Values.persistence.enabled }} - mkdir -p {{ .Values.persistence.mountPath }}/conf {{ .Values.persistence.mountPath }}/data - chmod 700 {{ .Values.persistence.mountPath }}/conf {{ .Values.persistence.mountPath }}/data - find {{ .Values.persistence.mountPath }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | \ - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - xargs chown -R `id -u`:`id -G | cut -d " " -f2` - {{- else }} - xargs chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} - {{- end }} - {{- end }} - {{- if and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled }} - chmod -R 777 /dev/shm - {{- end }} - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - securityContext: - {{- else }} - securityContext: - runAsUser: {{ .Values.volumePermissions.securityContext.runAsUser }} - {{- end }} - volumeMounts: - {{ if .Values.persistence.enabled }} - - name: data - mountPath: {{ .Values.persistence.mountPath }} - subPath: {{ .Values.persistence.subPath }} - {{- end }} - {{- if .Values.shmVolume.enabled }} - - name: dshm - mountPath: /dev/shm - {{- end }} - {{- end }} - {{- if .Values.slave.extraInitContainers }} -{{ tpl .Values.slave.extraInitContainers . | indent 8 }} - {{- end }} - {{- end }} - {{- if .Values.slave.priorityClassName }} - priorityClassName: {{ .Values.slave.priorityClassName }} - {{- end }} - containers: - - name: {{ template "postgresql.fullname" . }} - image: {{ template "postgresql.image" . }} - imagePullPolicy: "{{ .Values.image.pullPolicy }}" - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- end }} - {{- if .Values.securityContext.enabled }} - securityContext: - runAsUser: {{ .Values.securityContext.runAsUser }} - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" .Values.image.debug | quote }} - - name: POSTGRESQL_VOLUME_DIR - value: "{{ .Values.persistence.mountPath }}" - - name: POSTGRESQL_PORT_NUMBER - value: "{{ template "postgresql.port" . }}" - {{- if .Values.persistence.mountPath }} - - name: PGDATA - value: {{ .Values.postgresqlDataDir | quote }} - {{- end }} - - name: POSTGRES_REPLICATION_MODE - value: "slave" - - name: POSTGRES_REPLICATION_USER - value: {{ include "postgresql.replication.username" . | quote }} - {{- if .Values.usePasswordFile }} - - name: POSTGRES_REPLICATION_PASSWORD_FILE - value: "/opt/bitnami/postgresql/secrets/postgresql-replication-password" - {{- else }} - - name: POSTGRES_REPLICATION_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "postgresql.secretName" . }} - key: postgresql-replication-password - {{- end }} - - name: POSTGRES_CLUSTER_APP_NAME - value: {{ .Values.replication.applicationName }} - - name: POSTGRES_MASTER_HOST - value: {{ template "postgresql.fullname" . }} - - name: POSTGRES_MASTER_PORT_NUMBER - value: {{ include "postgresql.port" . | quote }} - {{- if and .Values.postgresqlPostgresPassword (not (eq .Values.postgresqlUsername "postgres")) }} - {{- if .Values.usePasswordFile }} - - name: POSTGRES_POSTGRES_PASSWORD_FILE - value: "/opt/bitnami/postgresql/secrets/postgresql-postgres-password" - {{- else }} - - name: POSTGRES_POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "postgresql.secretName" . }} - key: postgresql-postgres-password - {{- end }} - {{- end }} - {{- if .Values.usePasswordFile }} - - name: POSTGRES_PASSWORD_FILE - value: "/opt/bitnami/postgresql/secrets/postgresql-password" - {{- else }} - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "postgresql.secretName" . }} - key: postgresql-password - {{- end }} - ports: - - name: tcp-postgresql - containerPort: {{ template "postgresql.port" . }} - {{- if .Values.livenessProbe.enabled }} - livenessProbe: - exec: - command: - - /bin/sh - - -c - {{- if (include "postgresql.database" .) }} - - exec pg_isready -U {{ include "postgresql.username" . | quote }} -d {{ (include "postgresql.database" .) | quote }} -h 127.0.0.1 -p {{ template "postgresql.port" . }} - {{- else }} - - exec pg_isready -U {{ include "postgresql.username" . | quote }} -h 127.0.0.1 -p {{ template "postgresql.port" . }} - {{- end }} - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.livenessProbe.failureThreshold }} - {{- end }} - {{- if .Values.readinessProbe.enabled }} - readinessProbe: - exec: - command: - - /bin/sh - - -c - - -e - {{- include "postgresql.readinessProbeCommand" . | nindent 16 }} - initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.readinessProbe.failureThreshold }} - {{- end }} - volumeMounts: - {{- if .Values.usePasswordFile }} - - name: postgresql-password - mountPath: /opt/bitnami/postgresql/secrets/ - {{- end }} - {{- if .Values.shmVolume.enabled }} - - name: dshm - mountPath: /dev/shm - {{- end }} - {{- if .Values.persistence.enabled }} - - name: data - mountPath: {{ .Values.persistence.mountPath }} - subPath: {{ .Values.persistence.subPath }} - {{ end }} - {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }} - - name: postgresql-extended-config - mountPath: /bitnami/postgresql/conf/conf.d/ - {{- end }} - {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap }} - - name: postgresql-config - mountPath: /bitnami/postgresql/conf - {{- end }} - {{- if .Values.slave.extraVolumeMounts }} - {{- toYaml .Values.slave.extraVolumeMounts | nindent 12 }} - {{- end }} -{{- if .Values.slave.sidecars }} -{{- include "postgresql.tplValue" ( dict "value" .Values.slave.sidecars "context" $ ) | nindent 8 }} -{{- end }} - volumes: - {{- if .Values.usePasswordFile }} - - name: postgresql-password - secret: - secretName: {{ template "postgresql.secretName" . }} - {{- end }} - {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap}} - - name: postgresql-config - configMap: - name: {{ template "postgresql.configurationCM" . }} - {{- end }} - {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }} - - name: postgresql-extended-config - configMap: - name: {{ template "postgresql.extendedConfigurationCM" . }} - {{- end }} - {{- if .Values.shmVolume.enabled }} - - name: dshm - emptyDir: - medium: Memory - sizeLimit: 1Gi - {{- end }} - {{- if not .Values.persistence.enabled }} - - name: data - emptyDir: {} - {{- end }} - {{- if .Values.slave.extraVolumes }} - {{- toYaml .Values.slave.extraVolumes | nindent 8 }} - {{- end }} - updateStrategy: - type: {{ .Values.updateStrategy.type }} - {{- if (eq "Recreate" .Values.updateStrategy.type) }} - rollingUpdate: null - {{- end }} -{{- if .Values.persistence.enabled }} - volumeClaimTemplates: - - metadata: - name: data - {{- with .Values.persistence.annotations }} - annotations: - {{- range $key, $value := . }} - {{ $key }}: {{ $value }} - {{- end }} - {{- end }} - spec: - accessModes: - {{- range .Values.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - {{ include "postgresql.storageClass" . }} -{{- end }} -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/statefulset.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/statefulset.yaml deleted file mode 100755 index 66eaa01d1..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/statefulset.yaml +++ /dev/null @@ -1,453 +0,0 @@ -apiVersion: {{ template "postgresql.statefulset.apiVersion" . }} -kind: StatefulSet -metadata: - name: {{ template "postgresql.master.fullname" . }} - labels: - app: {{ template "postgresql.name" . }} - chart: {{ template "postgresql.chart" . }} - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} - {{- with .Values.master.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- with .Values.master.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} -spec: - serviceName: {{ template "postgresql.fullname" . }}-headless - replicas: 1 - updateStrategy: - type: {{ .Values.updateStrategy.type }} - {{- if (eq "Recreate" .Values.updateStrategy.type) }} - rollingUpdate: null - {{- end }} - selector: - matchLabels: - app: {{ template "postgresql.name" . }} - release: {{ .Release.Name | quote }} - role: master - template: - metadata: - name: {{ template "postgresql.fullname" . }} - labels: - app: {{ template "postgresql.name" . }} - chart: {{ template "postgresql.chart" . }} - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} - role: master - {{- with .Values.master.podLabels }} - {{- toYaml . | indent 8 }} - {{- end }} - {{- with .Values.master.podAnnotations }} - annotations: {{- toYaml . | nindent 8 }} - {{- end }} - spec: - {{- if .Values.schedulerName }} - schedulerName: "{{ .Values.schedulerName }}" - {{- end }} -{{- include "postgresql.imagePullSecrets" . | indent 6 }} - {{- if .Values.master.nodeSelector }} - nodeSelector: {{- toYaml .Values.master.nodeSelector | nindent 8 }} - {{- end }} - {{- if .Values.master.affinity }} - affinity: {{- toYaml .Values.master.affinity | nindent 8 }} - {{- end }} - {{- if .Values.master.tolerations }} - tolerations: {{- toYaml .Values.master.tolerations | nindent 8 }} - {{- end }} - {{- if .Values.terminationGracePeriodSeconds }} - terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} - {{- end }} - {{- if .Values.securityContext.enabled }} - securityContext: - fsGroup: {{ .Values.securityContext.fsGroup }} - {{- end }} - {{- if .Values.serviceAccount.enabled }} - serviceAccountName: {{ default (include "postgresql.fullname" . ) .Values.serviceAccount.name }} - {{- end }} - {{- if or .Values.master.extraInitContainers (and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled))) }} - initContainers: - {{- if and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled)) }} - - name: init-chmod-data - image: {{ template "postgresql.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- end }} - command: - - /bin/sh - - -cx - - | - {{- if .Values.persistence.enabled }} - mkdir -p {{ .Values.persistence.mountPath }}/conf {{ .Values.persistence.mountPath }}/data - chmod 700 {{ .Values.persistence.mountPath }}/conf {{ .Values.persistence.mountPath }}/data - find {{ .Values.persistence.mountPath }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | \ - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - xargs chown -R `id -u`:`id -G | cut -d " " -f2` - {{- else }} - xargs chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} - {{- end }} - {{- end }} - {{- if and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled }} - chmod -R 777 /dev/shm - {{- end }} - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - securityContext: - {{- else }} - securityContext: - runAsUser: {{ .Values.volumePermissions.securityContext.runAsUser }} - {{- end }} - volumeMounts: - {{- if .Values.persistence.enabled }} - - name: data - mountPath: {{ .Values.persistence.mountPath }} - subPath: {{ .Values.persistence.subPath }} - {{- end }} - {{- if .Values.shmVolume.enabled }} - - name: dshm - mountPath: /dev/shm - {{- end }} - {{- end }} - {{- if .Values.master.extraInitContainers }} - {{- tpl .Values.master.extraInitContainers . | nindent 8 }} - {{- end }} - {{- end }} - {{- if .Values.master.priorityClassName }} - priorityClassName: {{ .Values.master.priorityClassName }} - {{- end }} - containers: - - name: {{ template "postgresql.fullname" . }} - image: {{ template "postgresql.image" . }} - imagePullPolicy: "{{ .Values.image.pullPolicy }}" - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- end }} - {{- if .Values.securityContext.enabled }} - securityContext: - runAsUser: {{ .Values.securityContext.runAsUser }} - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" .Values.image.debug | quote }} - - name: POSTGRESQL_PORT_NUMBER - value: "{{ template "postgresql.port" . }}" - - name: POSTGRESQL_VOLUME_DIR - value: "{{ .Values.persistence.mountPath }}" - {{- if .Values.postgresqlInitdbArgs }} - - name: POSTGRES_INITDB_ARGS - value: {{ .Values.postgresqlInitdbArgs | quote }} - {{- end }} - {{- if .Values.postgresqlInitdbWalDir }} - - name: POSTGRES_INITDB_WALDIR - value: {{ .Values.postgresqlInitdbWalDir | quote }} - {{- end }} - {{- if .Values.initdbUser }} - - name: POSTGRESQL_INITSCRIPTS_USERNAME - value: {{ .Values.initdbUser }} - {{- end }} - {{- if .Values.initdbPassword }} - - name: POSTGRESQL_INITSCRIPTS_PASSWORD - value: {{ .Values.initdbPassword }} - {{- end }} - {{- if .Values.persistence.mountPath }} - - name: PGDATA - value: {{ .Values.postgresqlDataDir | quote }} - {{- end }} - {{- if .Values.replication.enabled }} - - name: POSTGRES_REPLICATION_MODE - value: "master" - - name: POSTGRES_REPLICATION_USER - value: {{ include "postgresql.replication.username" . | quote }} - {{- if .Values.usePasswordFile }} - - name: POSTGRES_REPLICATION_PASSWORD_FILE - value: "/opt/bitnami/postgresql/secrets/postgresql-replication-password" - {{- else }} - - name: POSTGRES_REPLICATION_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "postgresql.secretName" . }} - key: postgresql-replication-password - {{- end }} - {{- if not (eq .Values.replication.synchronousCommit "off")}} - - name: POSTGRES_SYNCHRONOUS_COMMIT_MODE - value: {{ .Values.replication.synchronousCommit | quote }} - - name: POSTGRES_NUM_SYNCHRONOUS_REPLICAS - value: {{ .Values.replication.numSynchronousReplicas | quote }} - {{- end }} - - name: POSTGRES_CLUSTER_APP_NAME - value: {{ .Values.replication.applicationName }} - {{- end }} - {{- if and .Values.postgresqlPostgresPassword (not (eq .Values.postgresqlUsername "postgres")) }} - {{- if .Values.usePasswordFile }} - - name: POSTGRES_POSTGRES_PASSWORD_FILE - value: "/opt/bitnami/postgresql/secrets/postgresql-postgres-password" - {{- else }} - - name: POSTGRES_POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "postgresql.secretName" . }} - key: postgresql-postgres-password - {{- end }} - {{- end }} - - name: POSTGRES_USER - value: {{ include "postgresql.username" . | quote }} - {{- if .Values.usePasswordFile }} - - name: POSTGRES_PASSWORD_FILE - value: "/opt/bitnami/postgresql/secrets/postgresql-password" - {{- else }} - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "postgresql.secretName" . }} - key: postgresql-password - {{- end }} - {{- if (include "postgresql.database" .) }} - - name: POSTGRES_DB - value: {{ (include "postgresql.database" .) | quote }} - {{- end }} - {{- if .Values.extraEnv }} - {{- include "postgresql.tplValue" (dict "value" .Values.extraEnv "context" $) | nindent 12 }} - {{- end }} - - name: POSTGRESQL_ENABLE_LDAP - value: {{ ternary "yes" "no" .Values.ldap.enabled | quote }} - {{- if .Values.ldap.enabled }} - - name: POSTGRESQL_LDAP_SERVER - value: {{ .Values.ldap.server }} - - name: POSTGRESQL_LDAP_PORT - value: {{ .Values.ldap.port | quote }} - - name: POSTGRESQL_LDAP_SCHEME - value: {{ .Values.ldap.scheme }} - {{- if .Values.ldap.tls }} - - name: POSTGRESQL_LDAP_TLS - value: "1" - {{- end}} - - name: POSTGRESQL_LDAP_PREFIX - value: {{ .Values.ldap.prefix | quote }} - - name: POSTGRESQL_LDAP_SUFFIX - value: {{ .Values.ldap.suffix | quote}} - - name: POSTGRESQL_LDAP_BASE_DN - value: {{ .Values.ldap.baseDN }} - - name: POSTGRESQL_LDAP_BIND_DN - value: {{ .Values.ldap.bindDN }} - {{- if (not (empty .Values.ldap.bind_password)) }} - - name: POSTGRESQL_LDAP_BIND_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "postgresql.secretName" . }} - key: postgresql-ldap-password - {{- end}} - - name: POSTGRESQL_LDAP_SEARCH_ATTR - value: {{ .Values.ldap.search_attr }} - - name: POSTGRESQL_LDAP_SEARCH_FILTER - value: {{ .Values.ldap.search_filter }} - - name: POSTGRESQL_LDAP_URL - value: {{ .Values.ldap.url }} - {{- end}} - {{- if .Values.extraEnvVarsCM }} - envFrom: - - configMapRef: - name: {{ tpl .Values.extraEnvVarsCM . }} - {{- end }} - ports: - - name: tcp-postgresql - containerPort: {{ template "postgresql.port" . }} - {{- if .Values.livenessProbe.enabled }} - livenessProbe: - exec: - command: - - /bin/sh - - -c - {{- if (include "postgresql.database" .) }} - - exec pg_isready -U {{ include "postgresql.username" . | quote }} -d {{ (include "postgresql.database" .) | quote }} -h 127.0.0.1 -p {{ template "postgresql.port" . }} - {{- else }} - - exec pg_isready -U {{ include "postgresql.username" . | quote }} -h 127.0.0.1 -p {{ template "postgresql.port" . }} - {{- end }} - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.livenessProbe.failureThreshold }} - {{- end }} - {{- if .Values.readinessProbe.enabled }} - readinessProbe: - exec: - command: - - /bin/sh - - -c - - -e - {{- include "postgresql.readinessProbeCommand" . | nindent 16 }} - initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.readinessProbe.failureThreshold }} - {{- end }} - volumeMounts: - {{- if or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScriptsConfigMap .Values.initdbScripts }} - - name: custom-init-scripts - mountPath: /docker-entrypoint-initdb.d/ - {{- end }} - {{- if .Values.initdbScriptsSecret }} - - name: custom-init-scripts-secret - mountPath: /docker-entrypoint-initdb.d/secret - {{- end }} - {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }} - - name: postgresql-extended-config - mountPath: /bitnami/postgresql/conf/conf.d/ - {{- end }} - {{- if .Values.usePasswordFile }} - - name: postgresql-password - mountPath: /opt/bitnami/postgresql/secrets/ - {{- end }} - {{- if .Values.shmVolume.enabled }} - - name: dshm - mountPath: /dev/shm - {{- end }} - {{- if .Values.persistence.enabled }} - - name: data - mountPath: {{ .Values.persistence.mountPath }} - subPath: {{ .Values.persistence.subPath }} - {{- end }} - {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap }} - - name: postgresql-config - mountPath: /bitnami/postgresql/conf - {{- end }} - {{- if .Values.master.extraVolumeMounts }} - {{- toYaml .Values.master.extraVolumeMounts | nindent 12 }} - {{- end }} -{{- if .Values.master.sidecars }} -{{- include "postgresql.tplValue" ( dict "value" .Values.master.sidecars "context" $ ) | nindent 8 }} -{{- end }} -{{- if .Values.metrics.enabled }} - - name: metrics - image: {{ template "postgresql.metrics.image" . }} - imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} - {{- if .Values.metrics.securityContext.enabled }} - securityContext: - runAsUser: {{ .Values.metrics.securityContext.runAsUser }} - {{- end }} - env: - {{- $database := required "In order to enable metrics you need to specify a database (.Values.postgresqlDatabase or .Values.global.postgresql.postgresqlDatabase)" (include "postgresql.database" .) }} - - name: DATA_SOURCE_URI - value: {{ printf "127.0.0.1:%d/%s?sslmode=disable" (int (include "postgresql.port" .)) $database | quote }} - {{- if .Values.usePasswordFile }} - - name: DATA_SOURCE_PASS_FILE - value: "/opt/bitnami/postgresql/secrets/postgresql-password" - {{- else }} - - name: DATA_SOURCE_PASS - valueFrom: - secretKeyRef: - name: {{ template "postgresql.secretName" . }} - key: postgresql-password - {{- end }} - - name: DATA_SOURCE_USER - value: {{ template "postgresql.username" . }} - {{- if .Values.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: / - port: http-metrics - initialDelaySeconds: {{ .Values.metrics.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.metrics.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.metrics.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.metrics.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.metrics.livenessProbe.failureThreshold }} - {{- end }} - {{- if .Values.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: / - port: http-metrics - initialDelaySeconds: {{ .Values.metrics.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.metrics.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.metrics.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.metrics.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.metrics.readinessProbe.failureThreshold }} - {{- end }} - volumeMounts: - {{- if .Values.usePasswordFile }} - - name: postgresql-password - mountPath: /opt/bitnami/postgresql/secrets/ - {{- end }} - {{- if .Values.metrics.customMetrics }} - - name: custom-metrics - mountPath: /conf - readOnly: true - args: ["--extend.query-path", "/conf/custom-metrics.yaml"] - {{- end }} - ports: - - name: http-metrics - containerPort: 9187 - {{- if .Values.metrics.resources }} - resources: {{- toYaml .Values.metrics.resources | nindent 12 }} - {{- end }} -{{- end }} - volumes: - {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap}} - - name: postgresql-config - configMap: - name: {{ template "postgresql.configurationCM" . }} - {{- end }} - {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }} - - name: postgresql-extended-config - configMap: - name: {{ template "postgresql.extendedConfigurationCM" . }} - {{- end }} - {{- if .Values.usePasswordFile }} - - name: postgresql-password - secret: - secretName: {{ template "postgresql.secretName" . }} - {{- end }} - {{- if or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScriptsConfigMap .Values.initdbScripts }} - - name: custom-init-scripts - configMap: - name: {{ template "postgresql.initdbScriptsCM" . }} - {{- end }} - {{- if .Values.initdbScriptsSecret }} - - name: custom-init-scripts-secret - secret: - secretName: {{ template "postgresql.initdbScriptsSecret" . }} - {{- end }} - {{- if .Values.master.extraVolumes }} - {{- toYaml .Values.master.extraVolumes | nindent 8 }} - {{- end }} - {{- if and .Values.metrics.enabled .Values.metrics.customMetrics }} - - name: custom-metrics - configMap: - name: {{ template "postgresql.metricsCM" . }} - {{- end }} - {{- if .Values.shmVolume.enabled }} - - name: dshm - emptyDir: - medium: Memory - sizeLimit: 1Gi - {{- end }} -{{- if and .Values.persistence.enabled .Values.persistence.existingClaim }} - - name: data - persistentVolumeClaim: -{{- with .Values.persistence.existingClaim }} - claimName: {{ tpl . $ }} -{{- end }} -{{- else if not .Values.persistence.enabled }} - - name: data - emptyDir: {} -{{- else if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} - volumeClaimTemplates: - - metadata: - name: data - {{- with .Values.persistence.annotations }} - annotations: - {{- range $key, $value := . }} - {{ $key }}: {{ $value }} - {{- end }} - {{- end }} - spec: - accessModes: - {{- range .Values.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - {{ include "postgresql.storageClass" . }} -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/svc-headless.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/svc-headless.yaml deleted file mode 100755 index 5c71f468d..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/svc-headless.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "postgresql.fullname" . }}-headless - labels: - app: {{ template "postgresql.name" . }} - chart: {{ template "postgresql.chart" . }} - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} -spec: - type: ClusterIP - clusterIP: None - ports: - - name: tcp-postgresql - port: {{ template "postgresql.port" . }} - targetPort: tcp-postgresql - selector: - app: {{ template "postgresql.name" . }} - release: {{ .Release.Name | quote }} diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/svc-read.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/svc-read.yaml deleted file mode 100755 index 92bdda80e..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/svc-read.yaml +++ /dev/null @@ -1,42 +0,0 @@ -{{- if .Values.replication.enabled }} -{{- $serviceAnnotations := coalesce .Values.slave.service.annotations .Values.service.annotations -}} -{{- $serviceType := coalesce .Values.slave.service.type .Values.service.type -}} -{{- $serviceLoadBalancerIP := coalesce .Values.slave.service.loadBalancerIP .Values.service.loadBalancerIP -}} -{{- $serviceLoadBalancerSourceRanges := coalesce .Values.slave.service.loadBalancerSourceRanges .Values.service.loadBalancerSourceRanges -}} -{{- $serviceClusterIP := coalesce .Values.slave.service.clusterIP .Values.service.clusterIP -}} -{{- $serviceNodePort := coalesce .Values.slave.service.nodePort .Values.service.nodePort -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "postgresql.fullname" . }}-read - labels: - app: {{ template "postgresql.name" . }} - chart: {{ template "postgresql.chart" . }} - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} - {{- if $serviceAnnotations }} - annotations: {{- include "postgresql.tplValue" (dict "value" $serviceAnnotations "context" $) | nindent 4 }} - {{- end }} -spec: - type: {{ $serviceType }} - {{- if and $serviceLoadBalancerIP (eq $serviceType "LoadBalancer") }} - loadBalancerIP: {{ $serviceLoadBalancerIP }} - {{- end }} - {{- if and (eq $serviceType "LoadBalancer") $serviceLoadBalancerSourceRanges }} - loadBalancerSourceRanges: {{- include "postgresql.tplValue" (dict "value" $serviceLoadBalancerSourceRanges "context" $) | nindent 4 }} - {{- end }} - {{- if and (eq $serviceType "ClusterIP") $serviceClusterIP }} - clusterIP: {{ $serviceClusterIP }} - {{- end }} - ports: - - name: tcp-postgresql - port: {{ template "postgresql.port" . }} - targetPort: tcp-postgresql - {{- if $serviceNodePort }} - nodePort: {{ $serviceNodePort }} - {{- end }} - selector: - app: {{ template "postgresql.name" . }} - release: {{ .Release.Name | quote }} - role: slave -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/svc.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/svc.yaml deleted file mode 100755 index 299e8d0b7..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/svc.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- $serviceAnnotations := coalesce .Values.master.service.annotations .Values.service.annotations -}} -{{- $serviceType := coalesce .Values.master.service.type .Values.service.type -}} -{{- $serviceLoadBalancerIP := coalesce .Values.master.service.loadBalancerIP .Values.service.loadBalancerIP -}} -{{- $serviceLoadBalancerSourceRanges := coalesce .Values.master.service.loadBalancerSourceRanges .Values.service.loadBalancerSourceRanges -}} -{{- $serviceClusterIP := coalesce .Values.master.service.clusterIP .Values.service.clusterIP -}} -{{- $serviceNodePort := coalesce .Values.master.service.nodePort .Values.service.nodePort -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "postgresql.fullname" . }} - labels: - app: {{ template "postgresql.name" . }} - chart: {{ template "postgresql.chart" . }} - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} - {{- if $serviceAnnotations }} - annotations: {{- include "postgresql.tplValue" (dict "value" $serviceAnnotations "context" $) | nindent 4 }} - {{- end }} -spec: - type: {{ $serviceType }} - {{- if and $serviceLoadBalancerIP (eq $serviceType "LoadBalancer") }} - loadBalancerIP: {{ $serviceLoadBalancerIP }} - {{- end }} - {{- if and (eq $serviceType "LoadBalancer") $serviceLoadBalancerSourceRanges }} - loadBalancerSourceRanges: {{- include "postgresql.tplValue" (dict "value" $serviceLoadBalancerSourceRanges "context" $) | nindent 4 }} - {{- end }} - {{- if and (eq $serviceType "ClusterIP") $serviceClusterIP }} - clusterIP: {{ $serviceClusterIP }} - {{- end }} - ports: - - name: tcp-postgresql - port: {{ template "postgresql.port" . }} - targetPort: tcp-postgresql - {{- if $serviceNodePort }} - nodePort: {{ $serviceNodePort }} - {{- end }} - selector: - app: {{ template "postgresql.name" . }} - release: {{ .Release.Name | quote }} - role: master diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/values-production.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/values-production.yaml deleted file mode 100755 index d34e326ee..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/values-production.yaml +++ /dev/null @@ -1,542 +0,0 @@ -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry and imagePullSecrets -## -global: - postgresql: {} -# imageRegistry: myRegistryName -# imagePullSecrets: -# - myRegistryKeySecretName -# storageClass: myStorageClass - -## Bitnami PostgreSQL image version -## ref: https://hub.docker.com/r/bitnami/postgresql/tags/ -## -image: - registry: docker.io - repository: bitnami/postgresql - tag: 11.7.0-debian-10-r65 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - - ## Set to true if you would like to see extra information on logs - ## It turns BASH and NAMI debugging in minideb - ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging - debug: false - -## String to partially override postgresql.fullname template (will maintain the release name) -## -# nameOverride: - -## String to fully override postgresql.fullname template -## -# fullnameOverride: - -## -## Init containers parameters: -## volumePermissions: Change the owner of the persist volume mountpoint to RunAsUser:fsGroup -## -volumePermissions: - enabled: false - image: - registry: docker.io - repository: bitnami/minideb - tag: buster - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: Always - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - ## Init container Security Context - ## Note: the chown of the data folder is done to securityContext.runAsUser - ## and not the below volumePermissions.securityContext.runAsUser - ## When runAsUser is set to special value "auto", init container will try to chwon the - ## data folder to autodetermined user&group, using commands: `id -u`:`id -G | cut -d" " -f2` - ## "auto" is especially useful for OpenShift which has scc with dynamic userids (and 0 is not allowed). - ## You may want to use this volumePermissions.securityContext.runAsUser="auto" in combination with - ## pod securityContext.enabled=false and shmVolume.chmod.enabled=false - ## - securityContext: - runAsUser: 0 - -## Use an alternate scheduler, e.g. "stork". -## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ -## -# schedulerName: - -## Pod Security Context -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ -## -securityContext: - enabled: true - fsGroup: 1001 - runAsUser: 1001 - -## Pod Service Account -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ -serviceAccount: - enabled: false - ## Name of an already existing service account. Setting this value disables the automatic service account creation. - # name: - -replication: - enabled: true - user: repl_user - password: repl_password - slaveReplicas: 2 - ## Set synchronous commit mode: on, off, remote_apply, remote_write and local - ## ref: https://www.postgresql.org/docs/9.6/runtime-config-wal.html#GUC-WAL-LEVEL - synchronousCommit: "on" - ## From the number of `slaveReplicas` defined above, set the number of those that will have synchronous replication - ## NOTE: It cannot be > slaveReplicas - numSynchronousReplicas: 1 - ## Replication Cluster application name. Useful for defining multiple replication policies - applicationName: my_application - -## PostgreSQL admin password (used when `postgresqlUsername` is not `postgres`) -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-user-on-first-run (see note!) -# postgresqlPostgresPassword: - -## PostgreSQL user (has superuser privileges if username is `postgres`) -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run -postgresqlUsername: postgres - -## PostgreSQL password -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run -## -# postgresqlPassword: - -## PostgreSQL password using existing secret -## existingSecret: secret - -## Mount PostgreSQL secret as a file instead of passing environment variable -# usePasswordFile: false - -## Create a database -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-on-first-run -## -# postgresqlDatabase: - -## PostgreSQL data dir -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md -## -postgresqlDataDir: /bitnami/postgresql/data - -## An array to add extra environment variables -## For example: -## extraEnv: -## - name: FOO -## value: "bar" -## -# extraEnv: -extraEnv: [] - -## Name of a ConfigMap containing extra env vars -## -# extraEnvVarsCM: - -## Specify extra initdb args -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md -## -# postgresqlInitdbArgs: - -## Specify a custom location for the PostgreSQL transaction log -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md -## -# postgresqlInitdbWalDir: - -## PostgreSQL configuration -## Specify runtime configuration parameters as a dict, using camelCase, e.g. -## {"sharedBuffers": "500MB"} -## Alternatively, you can put your postgresql.conf under the files/ directory -## ref: https://www.postgresql.org/docs/current/static/runtime-config.html -## -# postgresqlConfiguration: - -## PostgreSQL extended configuration -## As above, but _appended_ to the main configuration -## Alternatively, you can put your *.conf under the files/conf.d/ directory -## https://github.com/bitnami/bitnami-docker-postgresql#allow-settings-to-be-loaded-from-files-other-than-the-default-postgresqlconf -## -# postgresqlExtendedConf: - -## PostgreSQL client authentication configuration -## Specify content for pg_hba.conf -## Default: do not create pg_hba.conf -## Alternatively, you can put your pg_hba.conf under the files/ directory -# pgHbaConfiguration: |- -# local all all trust -# host all all localhost trust -# host mydatabase mysuser 192.168.0.0/24 md5 - -## ConfigMap with PostgreSQL configuration -## NOTE: This will override postgresqlConfiguration and pgHbaConfiguration -# configurationConfigMap: - -## ConfigMap with PostgreSQL extended configuration -# extendedConfConfigMap: - -## initdb scripts -## Specify dictionary of scripts to be run at first boot -## Alternatively, you can put your scripts under the files/docker-entrypoint-initdb.d directory -## -# initdbScripts: -# my_init_script.sh: | -# #!/bin/sh -# echo "Do something." - -## Specify the PostgreSQL username and password to execute the initdb scripts -# initdbUser: -# initdbPassword: - -## ConfigMap with scripts to be run at first boot -## NOTE: This will override initdbScripts -# initdbScriptsConfigMap: - -## Secret with scripts to be run at first boot (in case it contains sensitive information) -## NOTE: This can work along initdbScripts or initdbScriptsConfigMap -# initdbScriptsSecret: - -## Optional duration in seconds the pod needs to terminate gracefully. -## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods -## -# terminationGracePeriodSeconds: 30 - -## LDAP configuration -## -ldap: - enabled: false - url: "" - server: "" - port: "" - prefix: "" - suffix: "" - baseDN: "" - bindDN: "" - bind_password: - search_attr: "" - search_filter: "" - scheme: "" - tls: false - -## PostgreSQL service configuration -service: - ## PosgresSQL service type - type: ClusterIP - # clusterIP: None - port: 5432 - - ## Specify the nodePort value for the LoadBalancer and NodePort service types. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## - # nodePort: - - ## Provide any additional annotations which may be required. Evaluated as a template. - ## - annotations: {} - ## Set the LoadBalancer service type to internal only. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - # loadBalancerIP: - - ## Load Balancer sources. Evaluated as a template. - ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## - # loadBalancerSourceRanges: - # - 10.10.10.0/24 - -## Start master and slave(s) pod(s) without limitations on shm memory. -## By default docker and containerd (and possibly other container runtimes) -## limit `/dev/shm` to `64M` (see e.g. the -## [docker issue](https://github.com/docker-library/postgres/issues/416) and the -## [containerd issue](https://github.com/containerd/containerd/issues/3654), -## which could be not enough if PostgreSQL uses parallel workers heavily. -## -shmVolume: - ## Set `shmVolume.enabled` to `true` to mount a new tmpfs volume to remove - ## this limitation. - ## - enabled: true - ## Set to `true` to `chmod 777 /dev/shm` on a initContainer. - ## This option is ingored if `volumePermissions.enabled` is `false` - ## - chmod: - enabled: true - -## PostgreSQL data Persistent Volume Storage Class -## If defined, storageClassName: -## If set to "-", storageClassName: "", which disables dynamic provisioning -## If undefined (the default) or set to null, no storageClassName spec is -## set, choosing the default provisioner. (gp2 on AWS, standard on -## GKE, AWS & OpenStack) -## -persistence: - enabled: true - ## A manually managed Persistent Volume and Claim - ## If defined, PVC must be created manually before volume will be bound - ## The value is evaluated as a template, so, for example, the name can depend on .Release or .Chart - ## - # existingClaim: - - ## The path the volume will be mounted at, useful when using different - ## PostgreSQL images. - ## - mountPath: /bitnami/postgresql - - ## The subdirectory of the volume to mount to, useful in dev environments - ## and one PV for multiple services. - ## - subPath: "" - - # storageClass: "-" - accessModes: - - ReadWriteOnce - size: 8Gi - annotations: {} - -## updateStrategy for PostgreSQL StatefulSet and its slaves StatefulSets -## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies -updateStrategy: - type: RollingUpdate - -## -## PostgreSQL Master parameters -## -master: - ## Node, affinity, tolerations, and priorityclass settings for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature - ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption - nodeSelector: {} - affinity: {} - tolerations: [] - labels: {} - annotations: {} - podLabels: {} - podAnnotations: {} - priorityClassName: "" - ## Additional PostgreSQL Master Volume mounts - ## - extraVolumeMounts: [] - ## Additional PostgreSQL Master Volumes - ## - extraVolumes: [] - ## Add sidecars to the pod - ## - ## For example: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - sidecars: [] - - ## Override the service configuration for master - ## - service: {} - # type: - # nodePort: - # clusterIP: - -## -## PostgreSQL Slave parameters -## -slave: - ## Node, affinity, tolerations, and priorityclass settings for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature - ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption - nodeSelector: {} - affinity: {} - tolerations: [] - labels: {} - annotations: {} - podLabels: {} - podAnnotations: {} - priorityClassName: "" - ## Extra init containers - ## Example - ## - ## extraInitContainers: - ## - name: do-something - ## image: busybox - ## command: ['do', 'something'] - extraInitContainers: [] - ## Additional PostgreSQL Slave Volume mounts - ## - extraVolumeMounts: [] - ## Additional PostgreSQL Slave Volumes - ## - extraVolumes: [] - ## Add sidecars to the pod - ## - ## For example: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - sidecars: [] - - ## Override the service configuration for slave - ## - service: {} - # type: - # nodePort: - # clusterIP: - -## Configure resource requests and limits -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## -resources: - requests: - memory: 256Mi - cpu: 250m - -networkPolicy: - ## Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now. - ## - enabled: false - - ## The Policy model to apply. When set to false, only pods with the correct - ## client label will have network access to the port PostgreSQL is listening - ## on. When true, PostgreSQL will accept connections from any source - ## (with the correct destination port). - ## - allowExternal: true - - ## if explicitNamespacesSelector is missing or set to {}, only client Pods that are in the networkPolicy's namespace - ## and that match other criteria, the ones that have the good label, can reach the DB. - ## But sometimes, we want the DB to be accessible to clients from other namespaces, in this case, we can use this - ## LabelSelector to select these namespaces, note that the networkPolicy's namespace should also be explicitly added. - ## - ## Example: - ## explicitNamespacesSelector: - ## matchLabels: - ## role: frontend - ## matchExpressions: - ## - {key: role, operator: In, values: [frontend]} - explicitNamespacesSelector: {} - -## Configure extra options for liveness and readiness probes -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) -livenessProbe: - enabled: true - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - -readinessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - -## Configure metrics exporter -## -metrics: - enabled: true - # resources: {} - service: - type: ClusterIP - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "9187" - loadBalancerIP: - serviceMonitor: - enabled: false - additionalLabels: {} - # namespace: monitoring - # interval: 30s - # scrapeTimeout: 10s - ## Custom PrometheusRule to be defined - ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart - ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions - prometheusRule: - enabled: false - additionalLabels: {} - namespace: "" - ## These are just examples rules, please adapt them to your needs. - ## Make sure to constraint the rules to the current postgresql service. - ## rules: - ## - alert: HugeReplicationLag - ## expr: pg_replication_lag{service="{{ template "postgresql.fullname" . }}-metrics"} / 3600 > 1 - ## for: 1m - ## labels: - ## severity: critical - ## annotations: - ## description: replication for {{ template "postgresql.fullname" . }} PostgreSQL is lagging by {{ "{{ $value }}" }} hour(s). - ## summary: PostgreSQL replication is lagging by {{ "{{ $value }}" }} hour(s). - rules: [] - - image: - registry: docker.io - repository: bitnami/postgres-exporter - tag: 0.8.0-debian-10-r72 - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - ## Define additional custom metrics - ## ref: https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file - # customMetrics: - # pg_database: - # query: "SELECT d.datname AS name, CASE WHEN pg_catalog.has_database_privilege(d.datname, 'CONNECT') THEN pg_catalog.pg_database_size(d.datname) ELSE 0 END AS size FROM pg_catalog.pg_database d where datname not in ('template0', 'template1', 'postgres')" - # metrics: - # - name: - # usage: "LABEL" - # description: "Name of the database" - # - size_bytes: - # usage: "GAUGE" - # description: "Size of the database in bytes" - ## Pod Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - ## - securityContext: - enabled: false - runAsUser: 1001 - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) - ## Configure extra options for liveness and readiness probes - livenessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - - readinessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/values.schema.json b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/values.schema.json deleted file mode 100755 index ac2de6e94..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/values.schema.json +++ /dev/null @@ -1,103 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "type": "object", - "properties": { - "postgresqlUsername": { - "type": "string", - "title": "Admin user", - "form": true - }, - "postgresqlPassword": { - "type": "string", - "title": "Password", - "form": true - }, - "persistence": { - "type": "object", - "properties": { - "size": { - "type": "string", - "title": "Persistent Volume Size", - "form": true, - "render": "slider", - "sliderMin": 1, - "sliderMax": 100, - "sliderUnit": "Gi" - } - } - }, - "resources": { - "type": "object", - "title": "Required Resources", - "description": "Configure resource requests", - "form": true, - "properties": { - "requests": { - "type": "object", - "properties": { - "memory": { - "type": "string", - "form": true, - "render": "slider", - "title": "Memory Request", - "sliderMin": 10, - "sliderMax": 2048, - "sliderUnit": "Mi" - }, - "cpu": { - "type": "string", - "form": true, - "render": "slider", - "title": "CPU Request", - "sliderMin": 10, - "sliderMax": 2000, - "sliderUnit": "m" - } - } - } - } - }, - "replication": { - "type": "object", - "form": true, - "title": "Replication Details", - "properties": { - "enabled": { - "type": "boolean", - "title": "Enable Replication", - "form": true - }, - "slaveReplicas": { - "type": "integer", - "title": "Slave Replicas", - "form": true, - "hidden": { - "condition": false, - "value": "replication.enabled" - } - } - } - }, - "volumePermissions": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "form": true, - "title": "Enable Init Containers", - "description": "Change the owner of the persist volume mountpoint to RunAsUser:fsGroup" - } - } - }, - "metrics": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "title": "Configure metrics exporter", - "form": true - } - } - } - } -} diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/values.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/values.yaml deleted file mode 100755 index e14709a5e..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/values.yaml +++ /dev/null @@ -1,548 +0,0 @@ -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry and imagePullSecrets -## -global: - postgresql: {} -# imageRegistry: myRegistryName -# imagePullSecrets: -# - myRegistryKeySecretName -# storageClass: myStorageClass - -## Bitnami PostgreSQL image version -## ref: https://hub.docker.com/r/bitnami/postgresql/tags/ -## -image: - registry: docker.io - repository: bitnami/postgresql - tag: 11.7.0-debian-10-r65 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - - ## Set to true if you would like to see extra information on logs - ## It turns BASH and NAMI debugging in minideb - ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging - debug: false - -## String to partially override postgresql.fullname template (will maintain the release name) -## -# nameOverride: - -## String to fully override postgresql.fullname template -## -# fullnameOverride: - -## -## Init containers parameters: -## volumePermissions: Change the owner of the persist volume mountpoint to RunAsUser:fsGroup -## -volumePermissions: - enabled: false - image: - registry: docker.io - repository: bitnami/minideb - tag: buster - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: Always - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - ## Init container Security Context - ## Note: the chown of the data folder is done to securityContext.runAsUser - ## and not the below volumePermissions.securityContext.runAsUser - ## When runAsUser is set to special value "auto", init container will try to chwon the - ## data folder to autodetermined user&group, using commands: `id -u`:`id -G | cut -d" " -f2` - ## "auto" is especially useful for OpenShift which has scc with dynamic userids (and 0 is not allowed). - ## You may want to use this volumePermissions.securityContext.runAsUser="auto" in combination with - ## pod securityContext.enabled=false and shmVolume.chmod.enabled=false - ## - securityContext: - runAsUser: 0 - -## Use an alternate scheduler, e.g. "stork". -## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ -## -# schedulerName: - - -## Pod Security Context -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ -## -securityContext: - enabled: true - fsGroup: 1001 - runAsUser: 1001 - -## Pod Service Account -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ -serviceAccount: - enabled: false - ## Name of an already existing service account. Setting this value disables the automatic service account creation. - # name: - -replication: - enabled: false - user: repl_user - password: repl_password - slaveReplicas: 1 - ## Set synchronous commit mode: on, off, remote_apply, remote_write and local - ## ref: https://www.postgresql.org/docs/9.6/runtime-config-wal.html#GUC-WAL-LEVEL - synchronousCommit: "off" - ## From the number of `slaveReplicas` defined above, set the number of those that will have synchronous replication - ## NOTE: It cannot be > slaveReplicas - numSynchronousReplicas: 0 - ## Replication Cluster application name. Useful for defining multiple replication policies - applicationName: my_application - -## PostgreSQL admin password (used when `postgresqlUsername` is not `postgres`) -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-user-on-first-run (see note!) -# postgresqlPostgresPassword: - -## PostgreSQL user (has superuser privileges if username is `postgres`) -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run -postgresqlUsername: postgres - -## PostgreSQL password -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run -## -# postgresqlPassword: - -## PostgreSQL password using existing secret -## existingSecret: secret - -## Mount PostgreSQL secret as a file instead of passing environment variable -# usePasswordFile: false - -## Create a database -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-on-first-run -## -# postgresqlDatabase: - -## PostgreSQL data dir -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md -## -postgresqlDataDir: /bitnami/postgresql/data - -## An array to add extra environment variables -## For example: -## extraEnv: -## - name: FOO -## value: "bar" -## -# extraEnv: -extraEnv: [] - -## Name of a ConfigMap containing extra env vars -## -# extraEnvVarsCM: - -## Specify extra initdb args -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md -## -# postgresqlInitdbArgs: - -## Specify a custom location for the PostgreSQL transaction log -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md -## -# postgresqlInitdbWalDir: - -## PostgreSQL configuration -## Specify runtime configuration parameters as a dict, using camelCase, e.g. -## {"sharedBuffers": "500MB"} -## Alternatively, you can put your postgresql.conf under the files/ directory -## ref: https://www.postgresql.org/docs/current/static/runtime-config.html -## -# postgresqlConfiguration: - -## PostgreSQL extended configuration -## As above, but _appended_ to the main configuration -## Alternatively, you can put your *.conf under the files/conf.d/ directory -## https://github.com/bitnami/bitnami-docker-postgresql#allow-settings-to-be-loaded-from-files-other-than-the-default-postgresqlconf -## -# postgresqlExtendedConf: - -## PostgreSQL client authentication configuration -## Specify content for pg_hba.conf -## Default: do not create pg_hba.conf -## Alternatively, you can put your pg_hba.conf under the files/ directory -# pgHbaConfiguration: |- -# local all all trust -# host all all localhost trust -# host mydatabase mysuser 192.168.0.0/24 md5 - -## ConfigMap with PostgreSQL configuration -## NOTE: This will override postgresqlConfiguration and pgHbaConfiguration -# configurationConfigMap: - -## ConfigMap with PostgreSQL extended configuration -# extendedConfConfigMap: - -## initdb scripts -## Specify dictionary of scripts to be run at first boot -## Alternatively, you can put your scripts under the files/docker-entrypoint-initdb.d directory -## -# initdbScripts: -# my_init_script.sh: | -# #!/bin/sh -# echo "Do something." - -## ConfigMap with scripts to be run at first boot -## NOTE: This will override initdbScripts -# initdbScriptsConfigMap: - -## Secret with scripts to be run at first boot (in case it contains sensitive information) -## NOTE: This can work along initdbScripts or initdbScriptsConfigMap -# initdbScriptsSecret: - -## Specify the PostgreSQL username and password to execute the initdb scripts -# initdbUser: -# initdbPassword: - -## Optional duration in seconds the pod needs to terminate gracefully. -## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods -## -# terminationGracePeriodSeconds: 30 - -## LDAP configuration -## -ldap: - enabled: false - url: "" - server: "" - port: "" - prefix: "" - suffix: "" - baseDN: "" - bindDN: "" - bind_password: - search_attr: "" - search_filter: "" - scheme: "" - tls: false - -## PostgreSQL service configuration -service: - ## PosgresSQL service type - type: ClusterIP - # clusterIP: None - port: 5432 - - ## Specify the nodePort value for the LoadBalancer and NodePort service types. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## - # nodePort: - - ## Provide any additional annotations which may be required. Evaluated as a template. - ## - annotations: {} - ## Set the LoadBalancer service type to internal only. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - # loadBalancerIP: - - ## Load Balancer sources. Evaluated as a template. - ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## - # loadBalancerSourceRanges: - # - 10.10.10.0/24 - -## Start master and slave(s) pod(s) without limitations on shm memory. -## By default docker and containerd (and possibly other container runtimes) -## limit `/dev/shm` to `64M` (see e.g. the -## [docker issue](https://github.com/docker-library/postgres/issues/416) and the -## [containerd issue](https://github.com/containerd/containerd/issues/3654), -## which could be not enough if PostgreSQL uses parallel workers heavily. -## -shmVolume: - ## Set `shmVolume.enabled` to `true` to mount a new tmpfs volume to remove - ## this limitation. - ## - enabled: true - ## Set to `true` to `chmod 777 /dev/shm` on a initContainer. - ## This option is ingored if `volumePermissions.enabled` is `false` - ## - chmod: - enabled: true - -## PostgreSQL data Persistent Volume Storage Class -## If defined, storageClassName: -## If set to "-", storageClassName: "", which disables dynamic provisioning -## If undefined (the default) or set to null, no storageClassName spec is -## set, choosing the default provisioner. (gp2 on AWS, standard on -## GKE, AWS & OpenStack) -## -persistence: - enabled: true - ## A manually managed Persistent Volume and Claim - ## If defined, PVC must be created manually before volume will be bound - ## The value is evaluated as a template, so, for example, the name can depend on .Release or .Chart - ## - # existingClaim: - - ## The path the volume will be mounted at, useful when using different - ## PostgreSQL images. - ## - mountPath: /bitnami/postgresql - - ## The subdirectory of the volume to mount to, useful in dev environments - ## and one PV for multiple services. - ## - subPath: "" - - # storageClass: "-" - accessModes: - - ReadWriteOnce - size: 8Gi - annotations: {} - -## updateStrategy for PostgreSQL StatefulSet and its slaves StatefulSets -## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies -updateStrategy: - type: RollingUpdate - -## -## PostgreSQL Master parameters -## -master: - ## Node, affinity, tolerations, and priorityclass settings for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature - ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption - nodeSelector: {} - affinity: {} - tolerations: [] - labels: {} - annotations: {} - podLabels: {} - podAnnotations: {} - priorityClassName: "" - ## Extra init containers - ## Example - ## - ## extraInitContainers: - ## - name: do-something - ## image: busybox - ## command: ['do', 'something'] - extraInitContainers: [] - - ## Additional PostgreSQL Master Volume mounts - ## - extraVolumeMounts: [] - ## Additional PostgreSQL Master Volumes - ## - extraVolumes: [] - ## Add sidecars to the pod - ## - ## For example: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - sidecars: [] - - ## Override the service configuration for master - ## - service: {} - # type: - # nodePort: - # clusterIP: - -## -## PostgreSQL Slave parameters -## -slave: - ## Node, affinity, tolerations, and priorityclass settings for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature - ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption - nodeSelector: {} - affinity: {} - tolerations: [] - labels: {} - annotations: {} - podLabels: {} - podAnnotations: {} - priorityClassName: "" - extraInitContainers: | - # - name: do-something - # image: busybox - # command: ['do', 'something'] - ## Additional PostgreSQL Slave Volume mounts - ## - extraVolumeMounts: [] - ## Additional PostgreSQL Slave Volumes - ## - extraVolumes: [] - ## Add sidecars to the pod - ## - ## For example: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - sidecars: [] - - ## Override the service configuration for slave - ## - service: {} - # type: - # nodePort: - # clusterIP: - -## Configure resource requests and limits -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## -resources: - requests: - memory: 256Mi - cpu: 250m - -networkPolicy: - ## Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now. - ## - enabled: false - - ## The Policy model to apply. When set to false, only pods with the correct - ## client label will have network access to the port PostgreSQL is listening - ## on. When true, PostgreSQL will accept connections from any source - ## (with the correct destination port). - ## - allowExternal: true - - ## if explicitNamespacesSelector is missing or set to {}, only client Pods that are in the networkPolicy's namespace - ## and that match other criteria, the ones that have the good label, can reach the DB. - ## But sometimes, we want the DB to be accessible to clients from other namespaces, in this case, we can use this - ## LabelSelector to select these namespaces, note that the networkPolicy's namespace should also be explicitly added. - ## - ## Example: - ## explicitNamespacesSelector: - ## matchLabels: - ## role: frontend - ## matchExpressions: - ## - {key: role, operator: In, values: [frontend]} - explicitNamespacesSelector: {} - -## Configure extra options for liveness and readiness probes -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) -livenessProbe: - enabled: true - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - -readinessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - -## Configure metrics exporter -## -metrics: - enabled: false - # resources: {} - service: - type: ClusterIP - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "9187" - loadBalancerIP: - serviceMonitor: - enabled: false - additionalLabels: {} - # namespace: monitoring - # interval: 30s - # scrapeTimeout: 10s - ## Custom PrometheusRule to be defined - ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart - ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions - prometheusRule: - enabled: false - additionalLabels: {} - namespace: "" - ## These are just examples rules, please adapt them to your needs. - ## Make sure to constraint the rules to the current postgresql service. - ## rules: - ## - alert: HugeReplicationLag - ## expr: pg_replication_lag{service="{{ template "postgresql.fullname" . }}-metrics"} / 3600 > 1 - ## for: 1m - ## labels: - ## severity: critical - ## annotations: - ## description: replication for {{ template "postgresql.fullname" . }} PostgreSQL is lagging by {{ "{{ $value }}" }} hour(s). - ## summary: PostgreSQL replication is lagging by {{ "{{ $value }}" }} hour(s). - rules: [] - - image: - registry: docker.io - repository: bitnami/postgres-exporter - tag: 0.8.0-debian-10-r72 - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - ## Define additional custom metrics - ## ref: https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file - # customMetrics: - # pg_database: - # query: "SELECT d.datname AS name, CASE WHEN pg_catalog.has_database_privilege(d.datname, 'CONNECT') THEN pg_catalog.pg_database_size(d.datname) ELSE 0 END AS size FROM pg_catalog.pg_database d where datname not in ('template0', 'template1', 'postgres')" - # metrics: - # - name: - # usage: "LABEL" - # description: "Name of the database" - # - size_bytes: - # usage: "GAUGE" - # description: "Size of the database in bytes" - ## Pod Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - ## - securityContext: - enabled: false - runAsUser: 1001 - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) - ## Configure extra options for liveness and readiness probes - livenessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - - readinessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/ci/access-tls-values.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/ci/access-tls-values.yaml deleted file mode 100755 index 21ffa5d6b..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/ci/access-tls-values.yaml +++ /dev/null @@ -1,7 +0,0 @@ -databaseUpgradeReady: true - -access: - accessConfig: - security: - tls: true - resetAccessCAKeys: true diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/ci/default-values.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/ci/default-values.yaml deleted file mode 100755 index 31e0908c2..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/ci/default-values.yaml +++ /dev/null @@ -1,2 +0,0 @@ -# Leave this file empty to ensure that CI runs builds against the default configuration in values.yaml. -databaseUpgradeReady: true diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/ci/migration-disabled-values.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/ci/migration-disabled-values.yaml deleted file mode 100755 index d3754dfab..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/ci/migration-disabled-values.yaml +++ /dev/null @@ -1,4 +0,0 @@ -databaseUpgradeReady: true -artifactory: - migration: - enabled: false diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/ci/test-values.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/ci/test-values.yaml deleted file mode 100755 index 8adcd943f..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/ci/test-values.yaml +++ /dev/null @@ -1,13 +0,0 @@ -databaseUpgradeReady: true -artifactory: - persistence: - enabled: true - -postgresql: - image: - tag: 9.6.18-debian-10-r7 - postgresqlPassword: password - postgresqlExtendedConf: - maxConnections: 102 - persistence: - enabled: true diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/files/migrate.sh b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/files/migrate.sh deleted file mode 100755 index e35bfdbb2..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/files/migrate.sh +++ /dev/null @@ -1,4339 +0,0 @@ -#!/bin/bash - -# Flags -FLAG_Y="y" -FLAG_N="n" -FLAGS_Y_N="$FLAG_Y $FLAG_N" -FLAG_NOT_APPLICABLE="_NA_" - -CURRENT_VERSION=$1 - -WRAPPER_SCRIPT_TYPE_RPMDEB="RPMDEB" -WRAPPER_SCRIPT_TYPE_DOCKER_COMPOSE="DOCKERCOMPOSE" - -SENSITIVE_KEY_VALUE="__sensitive_key_hidden___" - -# Shared system keys -SYS_KEY_SHARED_JFROGURL="shared.jfrogUrl" -SYS_KEY_SHARED_SECURITY_JOINKEY="shared.security.joinKey" -SYS_KEY_SHARED_SECURITY_MASTERKEY="shared.security.masterKey" - -SYS_KEY_SHARED_NODE_ID="shared.node.id" -SYS_KEY_SHARED_JAVAHOME="shared.javaHome" - -SYS_KEY_SHARED_DATABASE_TYPE="shared.database.type" -SYS_KEY_SHARED_DATABASE_TYPE_VALUE_POSTGRES="postgresql" -SYS_KEY_SHARED_DATABASE_DRIVER="shared.database.driver" -SYS_KEY_SHARED_DATABASE_URL="shared.database.url" -SYS_KEY_SHARED_DATABASE_USERNAME="shared.database.username" -SYS_KEY_SHARED_DATABASE_PASSWORD="shared.database.password" - -SYS_KEY_SHARED_ELASTICSEARCH_URL="shared.elasticsearch.url" -SYS_KEY_SHARED_ELASTICSEARCH_USERNAME="shared.elasticsearch.username" -SYS_KEY_SHARED_ELASTICSEARCH_PASSWORD="shared.elasticsearch.password" -SYS_KEY_SHARED_ELASTICSEARCH_CLUSTERSETUP="shared.elasticsearch.clusterSetup" -SYS_KEY_SHARED_ELASTICSEARCH_UNICASTFILE="shared.elasticsearch.unicastFile" -SYS_KEY_SHARED_ELASTICSEARCH_CLUSTERSETUP_VALUE="YES" - -# Define this in product specific script. Should contain the path to unitcast file -# File used by insight server to write cluster active nodes info. This will be read by elasticsearch -#SYS_KEY_SHARED_ELASTICSEARCH_UNICASTFILE_VALUE="" - -SYS_KEY_RABBITMQ_ACTIVE_NODE_NAME="shared.rabbitMq.active.node.name" -SYS_KEY_RABBITMQ_ACTIVE_NODE_IP="shared.rabbitMq.active.node.ip" - -# Filenames -FILE_NAME_SYSTEM_YAML="system.yaml" -FILE_NAME_JOIN_KEY="join.key" -FILE_NAME_MASTER_KEY="master.key" -FILE_NAME_INSTALLER_YAML="installer.yaml" - -# Global constants used in business logic -NODE_TYPE_STANDALONE="standalone" -NODE_TYPE_CLUSTER_NODE="node" -NODE_TYPE_DATABASE="database" - -# External(isable) databases -DATABASE_POSTGRES="POSTGRES" -DATABASE_ELASTICSEARCH="ELASTICSEARCH" -DATABASE_RABBITMQ="RABBITMQ" - -POSTGRES_LABEL="PostgreSQL" -ELASTICSEARCH_LABEL="Elasticsearch" -RABBITMQ_LABEL="Rabbitmq" - -ARTIFACTORY_LABEL="Artifactory" -JFMC_LABEL="Mission Control" -DISTRIBUTION_LABEL="Distribution" -XRAY_LABEL="Xray" - -POSTGRES_CONTAINER="postgres" -ELASTICSEARCH_CONTAINER="elasticsearch" -RABBITMQ_CONTAINER="rabbitmq" -REDIS_CONTAINER="redis" - -#Adding a small timeout before a read ensures it is positioned correctly in the screen -read_timeout=0.5 - -# Options related to data directory location -PROMPT_DATA_DIR_LOCATION="Installation Directory" -KEY_DATA_DIR_LOCATION="installer.data_dir" - -SYS_KEY_SHARED_NODE_HAENABLED="shared.node.haEnabled" -PROMPT_ADD_TO_CLUSTER="Are you adding an additional node to an existing product cluster?" -KEY_ADD_TO_CLUSTER="installer.ha" -VALID_VALUES_ADD_TO_CLUSTER="$FLAGS_Y_N" - -MESSAGE_POSTGRES_INSTALL="The installer can install a $POSTGRES_LABEL database, or you can connect to an existing compatible $POSTGRES_LABEL database\n(compatible databases: https://www.jfrog.com/confluence/display/JFROG/System+Requirements#SystemRequirements-RequirementsMatrix)" -PROMPT_POSTGRES_INSTALL="Do you want to install $POSTGRES_LABEL?" -KEY_POSTGRES_INSTALL="installer.install_postgresql" -VALID_VALUES_POSTGRES_INSTALL="$FLAGS_Y_N" - -# Postgres connection details -RPM_DEB_POSTGRES_HOME_DEFAULT="/var/opt/jfrog/postgres" -RPM_DEB_MESSAGE_STANDALONE_POSTGRES_DATA="$POSTGRES_LABEL home will have data and its configuration" -RPM_DEB_PROMPT_STANDALONE_POSTGRES_DATA="Type desired $POSTGRES_LABEL home location" -RPM_DEB_KEY_STANDALONE_POSTGRES_DATA="installer.postgresql.home" - -MESSAGE_DATABASE_URL="Provide the database connection details" -PROMPT_DATABASE_URL(){ - local databaseURlExample= - case "$PRODUCT_NAME" in - $ARTIFACTORY_LABEL) - databaseURlExample="jdbc:postgresql://:/artifactory" - ;; - $JFMC_LABEL) - databaseURlExample="postgresql://:/mission_control?sslmode=disable" - ;; - $DISTRIBUTION_LABEL) - databaseURlExample="jdbc:postgresql://:/distribution?sslmode=disable" - ;; - $XRAY_LABEL) - databaseURlExample="postgres://:/xraydb?sslmode=disable" - ;; - esac - if [ -z "$databaseURlExample" ]; then - echo -n "$POSTGRES_LABEL URL" # For consistency with username and password - return - fi - echo -n "$POSTGRES_LABEL url. Example: [$databaseURlExample]" -} -REGEX_DATABASE_URL(){ - local databaseURlExample= - case "$PRODUCT_NAME" in - $ARTIFACTORY_LABEL) - databaseURlExample="jdbc:postgresql://.*/artifactory.*" - ;; - $JFMC_LABEL) - databaseURlExample="postgresql://.*/mission_control.*" - ;; - $DISTRIBUTION_LABEL) - databaseURlExample="jdbc:postgresql://.*/distribution.*" - ;; - $XRAY_LABEL) - databaseURlExample="postgres://.*/xraydb.*" - ;; - esac - echo -n "^$databaseURlExample\$" -} -ERROR_MESSAGE_DATABASE_URL="Invalid $POSTGRES_LABEL URL" -KEY_DATABASE_URL="$SYS_KEY_SHARED_DATABASE_URL" -#NOTE: It is important to display the label. Since the message may be hidden if URL is known -PROMPT_DATABASE_USERNAME="$POSTGRES_LABEL username" -KEY_DATABASE_USERNAME="$SYS_KEY_SHARED_DATABASE_USERNAME" -#NOTE: It is important to display the label. Since the message may be hidden if URL is known -PROMPT_DATABASE_PASSWORD="$POSTGRES_LABEL password" -KEY_DATABASE_PASSWORD="$SYS_KEY_SHARED_DATABASE_PASSWORD" -IS_SENSITIVE_DATABASE_PASSWORD="$FLAG_Y" - -MESSAGE_STANDALONE_ELASTICSEARCH_INSTALL="The installer can install a $ELASTICSEARCH_LABEL database or you can connect to an existing compatible $ELASTICSEARCH_LABEL database" -PROMPT_STANDALONE_ELASTICSEARCH_INSTALL="Do you want to install $ELASTICSEARCH_LABEL?" -KEY_STANDALONE_ELASTICSEARCH_INSTALL="installer.install_elasticsearch" -VALID_VALUES_STANDALONE_ELASTICSEARCH_INSTALL="$FLAGS_Y_N" - -# Elasticsearch connection details -MESSAGE_ELASTICSEARCH_DETAILS="Provide the $ELASTICSEARCH_LABEL connection details" -PROMPT_ELASTICSEARCH_URL="$ELASTICSEARCH_LABEL URL" -KEY_ELASTICSEARCH_URL="$SYS_KEY_SHARED_ELASTICSEARCH_URL" - -PROMPT_ELASTICSEARCH_USERNAME="$ELASTICSEARCH_LABEL username" -KEY_ELASTICSEARCH_USERNAME="$SYS_KEY_SHARED_ELASTICSEARCH_USERNAME" - -PROMPT_ELASTICSEARCH_PASSWORD="$ELASTICSEARCH_LABEL password" -KEY_ELASTICSEARCH_PASSWORD="$SYS_KEY_SHARED_ELASTICSEARCH_PASSWORD" -IS_SENSITIVE_ELASTICSEARCH_PASSWORD="$FLAG_Y" - -# Cluster related questions -MESSAGE_CLUSTER_MASTER_KEY="Provide the cluster's master key. It can be found in the data directory of the first node under /etc/security/master.key" -PROMPT_CLUSTER_MASTER_KEY="Master Key" -KEY_CLUSTER_MASTER_KEY="$SYS_KEY_SHARED_SECURITY_MASTERKEY" -IS_SENSITIVE_CLUSTER_MASTER_KEY="$FLAG_Y" - -MESSAGE_JOIN_KEY="The Join key is the secret key used to establish trust between services in the JFrog Platform.\n(You can copy the Join Key from Admin > Security > Settings)" -PROMPT_JOIN_KEY="Join Key" -KEY_JOIN_KEY="$SYS_KEY_SHARED_SECURITY_JOINKEY" -IS_SENSITIVE_JOIN_KEY="$FLAG_Y" -REGEX_JOIN_KEY="^[a-zA-Z0-9]{16,}\$" -ERROR_MESSAGE_JOIN_KEY="Invalid Join Key" - -# Rabbitmq related cluster information -MESSAGE_RABBITMQ_ACTIVE_NODE_NAME="Provide an active ${RABBITMQ_LABEL} node name. Run the command [ hostname -s ] on any of the existing nodes in the product cluster to get this" -PROMPT_RABBITMQ_ACTIVE_NODE_NAME="${RABBITMQ_LABEL} active node name" -KEY_RABBITMQ_ACTIVE_NODE_NAME="$SYS_KEY_RABBITMQ_ACTIVE_NODE_NAME" - -# Rabbitmq related cluster information (necessary only for docker-compose) -PROMPT_RABBITMQ_ACTIVE_NODE_IP="${RABBITMQ_LABEL} active node ip" -KEY_RABBITMQ_ACTIVE_NODE_IP="$SYS_KEY_RABBITMQ_ACTIVE_NODE_IP" - -MESSAGE_JFROGURL(){ - echo -e "The JFrog URL allows ${PRODUCT_NAME} to connect to a JFrog Platform Instance.\n(You can copy the JFrog URL from Admin > Security > Settings)" -} -PROMPT_JFROGURL="JFrog URL" -KEY_JFROGURL="$SYS_KEY_SHARED_JFROGURL" -REGEX_JFROGURL="^https?://.*:{0,}[0-9]{0,4}\$" -ERROR_MESSAGE_JFROGURL="Invalid JFrog URL" - - -# Set this to FLAG_Y on upgrade -IS_UPGRADE="${FLAG_N}" - -# This belongs in JFMC but is the ONLY one that needs it so keeping it here for now. Can be made into a method and overridden if necessary -MESSAGE_MULTIPLE_PG_SCHEME="Please setup $POSTGRES_LABEL with schema as described in https://www.jfrog.com/confluence/display/JFROG/Installing+Mission+Control" - -_getMethodOutputOrVariableValue() { - unset EFFECTIVE_MESSAGE - local keyToSearch=$1 - local effectiveMessage= - local result="0" - # logSilly "Searching for method: [$keyToSearch]" - LC_ALL=C type "$keyToSearch" > /dev/null 2>&1 || result="$?" - if [[ "$result" == "0" ]]; then - # logSilly "Found method for [$keyToSearch]" - EFFECTIVE_MESSAGE="$($keyToSearch)" - return - fi - eval EFFECTIVE_MESSAGE=\${$keyToSearch} - if [ ! -z "$EFFECTIVE_MESSAGE" ]; then - return - fi - # logSilly "Didn't find method or variable for [$keyToSearch]" -} - - -# REF https://misc.flogisoft.com/bash/tip_colors_and_formatting -cClear="\e[0m" -cBlue="\e[38;5;69m" -cRedDull="\e[1;31m" -cYellow="\e[1;33m" -cRedBright="\e[38;5;197m" -cBold="\e[1m" - - -_loggerGetModeRaw() { - local MODE="$1" - case $MODE in - INFO) - printf "" - ;; - DEBUG) - printf "%s" "[${MODE}] " - ;; - WARN) - printf "${cRedDull}%s%s${cClear}" "[" "${MODE}" "] " - ;; - ERROR) - printf "${cRedBright}%s%s${cClear}" "[" "${MODE}" "] " - ;; - esac -} - - -_loggerGetMode() { - local MODE="$1" - case $MODE in - INFO) - printf "${cBlue}%s%-5s%s${cClear}" "[" "${MODE}" "]" - ;; - DEBUG) - printf "%-7s" "[${MODE}]" - ;; - WARN) - printf "${cRedDull}%s%-5s%s${cClear}" "[" "${MODE}" "]" - ;; - ERROR) - printf "${cRedBright}%s%-5s%s${cClear}" "[" "${MODE}" "]" - ;; - esac -} - -# Capitalises the first letter of the message -_loggerGetMessage() { - local originalMessage="$*" - local firstChar=$(echo "${originalMessage:0:1}" | awk '{ print toupper($0) }') - local resetOfMessage="${originalMessage:1}" - echo "$firstChar$resetOfMessage" -} - -# The spec also says content should be left-trimmed but this is not necessary in our case. We don't reach the limit. -_loggerGetStackTrace() { - printf "%s%-30s%s" "[" "$1:$2" "]" -} - -_loggerGetThread() { - printf "%s" "[main]" -} - -_loggerGetServiceType() { - printf "%s%-5s%s" "[" "shell" "]" -} - -#Trace ID is not applicable to scripts -_loggerGetTraceID() { - printf "%s" "[]" -} - -logRaw() { - echo "" - printf "$1" - echo "" -} - -logBold(){ - echo "" - printf "${cBold}$1${cClear}" - echo "" -} - -# The date binary works differently based on whether it is GNU/BSD -is_date_supported=0 -date --version > /dev/null 2>&1 || is_date_supported=1 -IS_GNU=$(echo $is_date_supported) - -_loggerGetTimestamp() { - if [ "${IS_GNU}" == "0" ]; then - echo -n $(date -u +%FT%T.%3NZ) - else - echo -n $(date -u +%FT%T.000Z) - fi -} - -# https://www.shellscript.sh/tips/spinner/ -_spin() -{ - spinner="/|\\-/|\\-" - while : - do - for i in `seq 0 7` - do - echo -n "${spinner:$i:1}" - echo -en "\010" - sleep 1 - done - done -} - -showSpinner() { - # Start the Spinner: - _spin & - # Make a note of its Process ID (PID): - SPIN_PID=$! - # Kill the spinner on any signal, including our own exit. - trap "kill -9 $SPIN_PID" `seq 0 15` &> /dev/null || return 0 -} - -stopSpinner() { - local occurrences=$(ps -ef | grep -wc "${SPIN_PID}") - let "occurrences+=0" - # validate that it is present (2 since this search itself will show up in the results) - if [ $occurrences -gt 1 ]; then - kill -9 $SPIN_PID &>/dev/null || return 0 - wait $SPIN_ID &>/dev/null - fi -} - -_getEffectiveMessage(){ - local MESSAGE="$1" - local MODE=${2-"INFO"} - - if [ -z "$CONTEXT" ]; then - CONTEXT=$(caller) - fi - - _EFFECTIVE_MESSAGE= - if [ -z "$LOG_BEHAVIOR_ADD_META" ]; then - _EFFECTIVE_MESSAGE="$(_loggerGetModeRaw $MODE)$(_loggerGetMessage $MESSAGE)" - else - local SERVICE_TYPE="script" - local TRACE_ID="" - local THREAD="main" - - local CONTEXT_LINE=$(echo "$CONTEXT" | awk '{print $1}') - local CONTEXT_FILE=$(echo "$CONTEXT" | awk -F"/" '{print $NF}') - - _EFFECTIVE_MESSAGE="$(_loggerGetTimestamp) $(_loggerGetServiceType) $(_loggerGetMode $MODE) $(_loggerGetTraceID) $(_loggerGetStackTrace $CONTEXT_FILE $CONTEXT_LINE) $(_loggerGetThread) - $(_loggerGetMessage $MESSAGE)" - fi - CONTEXT= -} - -# Important - don't call any log method from this method. Will become an infinite loop. Use echo to debug -_logToFile() { - local MODE=${1-"INFO"} - local targetFile="$LOG_BEHAVIOR_ADD_REDIRECTION" - # IF the file isn't passed, abort - if [ -z "$targetFile" ]; then - return - fi - # IF this is not being run in verbose mode and mode is debug or lower, abort - if [ "${VERBOSE_MODE}" != "$FLAG_Y" ] && [ "${VERBOSE_MODE}" != "true" ] && [ "${VERBOSE_MODE}" != "debug" ]; then - if [ "$MODE" == "DEBUG" ] || [ "$MODE" == "SILLY" ]; then - return - fi - fi - - # Create the file if it doesn't exist - if [ ! -f "${targetFile}" ]; then - return - # touch $targetFile > /dev/null 2>&1 || true - fi - # # Make it readable - # chmod 640 $targetFile > /dev/null 2>&1 || true - - # Log contents - printf "%s\n" "$_EFFECTIVE_MESSAGE" >> "$targetFile" || true -} - -logger() { - if [ "$LOG_BEHAVIOR_ADD_NEW_LINE" == "$FLAG_Y" ]; then - echo "" - fi - _getEffectiveMessage "$@" - local MODE=${2-"INFO"} - printf "%s\n" "$_EFFECTIVE_MESSAGE" - _logToFile "$MODE" -} - -logDebug(){ - VERBOSE_MODE=${VERBOSE_MODE-"false"} - CONTEXT=$(caller) - if [ "${VERBOSE_MODE}" == "$FLAG_Y" ] || [ "${VERBOSE_MODE}" == "true" ] || [ "${VERBOSE_MODE}" == "debug" ];then - logger "$1" "DEBUG" - else - logger "$1" "DEBUG" >&6 - fi - CONTEXT= -} - -logSilly(){ - VERBOSE_MODE=${VERBOSE_MODE-"false"} - CONTEXT=$(caller) - if [ "${VERBOSE_MODE}" == "silly" ];then - logger "$1" "DEBUG" - else - logger "$1" "DEBUG" >&6 - fi - CONTEXT= -} - -logError() { - CONTEXT=$(caller) - logger "$1" "ERROR" - CONTEXT= -} - -errorExit () { - CONTEXT=$(caller) - logger "$1" "ERROR" - CONTEXT= - exit 1 -} - -warn () { - CONTEXT=$(caller) - logger "$1" "WARN" - CONTEXT= -} - -note () { - CONTEXT=$(caller) - logger "$1" "NOTE" - CONTEXT= -} - -bannerStart() { - title=$1 - echo - echo -e "\033[1m${title}\033[0m" - echo -} - -bannerSection() { - title=$1 - echo - echo -e "******************************** ${title} ********************************" - echo -} - -bannerSubSection() { - title=$1 - echo - echo -e "************** ${title} *******************" - echo -} - -bannerMessge() { - title=$1 - echo - echo -e "********************************" - echo -e "${title}" - echo -e "********************************" - echo -} - -setRed () { - local input="$1" - echo -e \\033[31m${input}\\033[0m -} -setGreen () { - local input="$1" - echo -e \\033[32m${input}\\033[0m -} -setYellow () { - local input="$1" - echo -e \\033[33m${input}\\033[0m -} - -logger_addLinebreak () { - echo -e "---\n" -} - -bannerImportant() { - title=$1 - local bold="\033[1m" - local noColour="\033[0m" - echo - echo -e "${bold}######################################## IMPORTANT ########################################${noColour}" - echo -e "${bold}${title}${noColour}" - echo -e "${bold}###########################################################################################${noColour}" - echo -} - -bannerEnd() { - #TODO pass a title and calculate length dynamically so that start and end look alike - echo - echo "*****************************************************************************" - echo -} - -banner() { - title=$1 - content=$2 - bannerStart "${title}" - echo -e "$content" -} - -# The logic below helps us redirect content we'd normally hide to the log file. - # - # We have several commands which clutter the console with output and so use - # `cmd > /dev/null` - this redirects the command's output to null. - # - # However, the information we just hid maybe useful for support. Using the code pattern - # `cmd >&6` (instead of `cmd> >/dev/null` ), the command's output is hidden from the console - # but redirected to the installation log file - # - -#Default value of 6 is just null -exec 6>>/dev/null -redirectLogsToFile() { - echo "" - # local file=$1 - - # [ ! -z "${file}" ] || return 0 - - # local logDir=$(dirname "$file") - - # if [ ! -f "${file}" ]; then - # [ -d "${logDir}" ] || mkdir -p ${logDir} || \ - # ( echo "WARNING : Could not create parent directory (${logDir}) to redirect console log : ${file}" ; return 0 ) - # fi - - # #6 now points to the log file - # exec 6>>${file} - # #reference https://unix.stackexchange.com/questions/145651/using-exec-and-tee-to-redirect-logs-to-stdout-and-a-log-file-in-the-same-time - # exec 2>&1 > >(tee -a "${file}") -} - -# Check if a give key contains any sensitive string as part of it -# Based on the result, the caller can decide its value can be displayed or not -# Sample usage : isKeySensitive "${key}" && displayValue="******" || displayValue=${value} -isKeySensitive(){ - local key=$1 - local sensitiveKeys="password|secret|key|token" - - if [ -z "${key}" ]; then - return 1 - else - local lowercaseKey=$(echo "${key}" | tr '[:upper:]' '[:lower:]' 2>/dev/null) - [[ "${lowercaseKey}" =~ ${sensitiveKeys} ]] && return 0 || return 1 - fi -} - -getPrintableValueOfKey(){ - local displayValue= - local key="$1" - if [ -z "$key" ]; then - # This is actually an incorrect usage of this method but any logging will cause unexpected content in the caller - echo -n "" - return - fi - - local value="$2" - isKeySensitive "${key}" && displayValue="$SENSITIVE_KEY_VALUE" || displayValue="${value}" - echo -n $displayValue -} - -_createConsoleLog(){ - if [ -z "${JF_PRODUCT_HOME}" ]; then - return - fi - local targetFile="${JF_PRODUCT_HOME}/var/log/console.log" - mkdir -p "${JF_PRODUCT_HOME}/var/log" || true - if [ ! -f ${targetFile} ]; then - touch $targetFile > /dev/null 2>&1 || true - fi - chmod 640 $targetFile > /dev/null 2>&1 || true -} - -# Output from application's logs are piped to this method. It checks a configuration variable to determine if content should be logged to -# the common console.log file -redirectServiceLogsToFile() { - - local result="0" - # check if the function getSystemValue exists - LC_ALL=C type getSystemValue > /dev/null 2>&1 || result="$?" - if [[ "$result" != "0" ]]; then - warn "Couldn't find the systemYamlHelper. Skipping log redirection" - return 0 - fi - - getSystemValue "shared.consoleLog" "NOT_SET" - if [[ "${YAML_VALUE}" == "false" ]]; then - logger "Redirection is set to false. Skipping log redirection" - return 0; - fi - - if [ -z "${JF_PRODUCT_HOME}" ] || [ "${JF_PRODUCT_HOME}" == "" ]; then - warn "JF_PRODUCT_HOME is unavailable. Skipping log redirection" - return 0 - fi - - local targetFile="${JF_PRODUCT_HOME}/var/log/console.log" - - _createConsoleLog - - while read -r line; do - printf '%s\n' "${line}" >> $targetFile || return 0 # Don't want to log anything - might clutter the screen - done -} - -## Display environment variables starting with JF_ along with its value -## Value of sensitive keys will be displayed as "******" -## -## Sample Display : -## -## ======================== -## JF Environment variables -## ======================== -## -## JF_SHARED_NODE_ID : locahost -## JF_SHARED_JOINKEY : ****** -## -## -displayEnv() { - local JFEnv=$(printenv | grep ^JF_ 2>/dev/null) - local key= - local value= - - if [ -z "${JFEnv}" ]; then - return - fi - - cat << ENV_START_MESSAGE - -======================== -JF Environment variables -======================== -ENV_START_MESSAGE - - for entry in ${JFEnv}; do - key=$(echo "${entry}" | awk -F'=' '{print $1}') - value=$(echo "${entry}" | awk -F'=' '{print $2}') - - isKeySensitive "${key}" && value="******" || value=${value} - - printf "\n%-35s%s" "${key}" " : ${value}" - done - echo; -} - -_addLogRotateConfiguration() { - logDebug "Method ${FUNCNAME[0]}" - # mandatory inputs - local confFile="$1" - local logFile="$2" - - # Method available in _ioOperations.sh - LC_ALL=C type io_setYQPath > /dev/null 2>&1 || return 1 - - io_setYQPath - - # Method available in _systemYamlHelper.sh - LC_ALL=C type getSystemValue > /dev/null 2>&1 || return 1 - - local frequency="daily" - local archiveFolder="archived" - - local compressLogFiles= - getSystemValue "shared.logging.rotation.compress" "true" - if [[ "${YAML_VALUE}" == "true" ]]; then - compressLogFiles="compress" - fi - - getSystemValue "shared.logging.rotation.maxFiles" "10" - local noOfBackupFiles="${YAML_VALUE}" - - getSystemValue "shared.logging.rotation.maxSizeMb" "25" - local sizeOfFile="${YAML_VALUE}M" - - logDebug "Adding logrotate configuration for [$logFile] to [$confFile]" - - # Add configuration to file - local confContent=$(cat << LOGROTATECONF -$logFile { - $frequency - missingok - rotate $noOfBackupFiles - $compressLogFiles - notifempty - olddir $archiveFolder - dateext - extension .log - dateformat -%Y-%m-%d - size ${sizeOfFile} -} -LOGROTATECONF -) - echo "${confContent}" > ${confFile} || return 1 -} - -_operationIsBySameUser() { - local targetUser="$1" - local currentUserID=$(id -u) - local currentUserName=$(id -un) - - if [ $currentUserID == $targetUser ] || [ $currentUserName == $targetUser ]; then - echo -n "yes" - else - echo -n "no" - fi -} - -_addCronJobForLogrotate() { - logDebug "Method ${FUNCNAME[0]}" - - # Abort if logrotate is not available - [ "$(io_commandExists 'crontab')" != "yes" ] && warn "cron is not available" && return 1 - - # mandatory inputs - local productHome="$1" - local confFile="$2" - local cronJobOwner="$3" - - # We want to use our binary if possible. It may be more recent than the one in the OS - local logrotateBinary="$productHome/app/third-party/logrotate/logrotate" - - if [ ! -f "$logrotateBinary" ]; then - logrotateBinary="logrotate" - [ "$(io_commandExists 'logrotate')" != "yes" ] && warn "logrotate is not available" && return 1 - fi - local cmd="$logrotateBinary ${confFile} --state $productHome/var/etc/logrotate/logrotate-state" #--verbose - - id -u $cronJobOwner > /dev/null 2>&1 || { warn "User $cronJobOwner does not exist. Aborting logrotate configuration" && return 1; } - - # Remove the existing line - removeLogRotation "$productHome" "$cronJobOwner" || true - - # Run logrotate daily at 23:55 hours - local cronInterval="55 23 * * * $cmd" - - local standaloneMode=$(_operationIsBySameUser "$cronJobOwner") - - # If this is standalone mode, we cannot use -u - the user running this process may not have the necessary privileges - if [ "$standaloneMode" == "no" ]; then - (crontab -l -u $cronJobOwner 2>/dev/null; echo "$cronInterval") | crontab -u $cronJobOwner - - else - (crontab -l 2>/dev/null; echo "$cronInterval") | crontab - - fi -} - -## Configure logrotate for a product -## Failure conditions: -## If logrotation could not be setup for some reason -## Parameters: -## $1: The product name -## $2: The product home -## Depends on global: none -## Updates global: none -## Returns: NA - -configureLogRotation() { - logDebug "Method ${FUNCNAME[0]}" - - # mandatory inputs - local productName="$1" - if [ -z $productName ]; then - warn "Incorrect usage. A product name is necessary for configuring log rotation" && return 1 - fi - - local productHome="$2" - if [ -z $productHome ]; then - warn "Incorrect usage. A product home folder is necessary for configuring log rotation" && return 1 - fi - - local logFile="${productHome}/var/log/console.log" - if [[ $(uname) == "Darwin" ]]; then - logger "Log rotation for [$logFile] has not been configured. Please setup manually" - return 0 - fi - - local userID="$3" - if [ -z $userID ]; then - warn "Incorrect usage. A userID is necessary for configuring log rotation" && return 1 - fi - - local groupID=${4:-$userID} - local logConfigOwner=${5:-$userID} - - logDebug "Configuring log rotation as user [$userID], group [$groupID], effective cron User [$logConfigOwner]" - - local errorMessage="Could not configure logrotate. Please configure log rotation of the file: [$logFile] manually" - - local confFile="${productHome}/var/etc/logrotate/logrotate.conf" - - # TODO move to recursive method - createDir "${productHome}" "$userID" "$groupID" || { warn "${errorMessage}" && return 1; } - createDir "${productHome}/var" "$userID" "$groupID" || { warn "${errorMessage}" && return 1; } - createDir "${productHome}/var/log" "$userID" "$groupID" || { warn "${errorMessage}" && return 1; } - createDir "${productHome}/var/log/archived" "$userID" "$groupID" || { warn "${errorMessage}" && return 1; } - - # TODO move to recursive method - createDir "${productHome}/var/etc" "$userID" "$groupID" || { warn "${errorMessage}" && return 1; } - createDir "${productHome}/var/etc/logrotate" "$logConfigOwner" || { warn "${errorMessage}" && return 1; } - - # conf file should be owned by the user running the script - createFile "${confFile}" "${logConfigOwner}" || { warn "Could not create configuration file [$confFile]" return 1; } - - _addLogRotateConfiguration "${confFile}" "${logFile}" "$userID" "$groupID" || { warn "${errorMessage}" && return 1; } - _addCronJobForLogrotate "${productHome}" "${confFile}" "${logConfigOwner}" || { warn "${errorMessage}" && return 1; } -} - -_pauseExecution() { - if [ "${VERBOSE_MODE}" == "debug" ]; then - - local breakPoint="$1" - if [ ! -z "$breakPoint" ]; then - printf "${cBlue}Breakpoint${cClear} [$breakPoint] " - echo "" - fi - printf "${cBlue}Press enter once you are ready to continue${cClear}" - read -s choice - echo "" - fi -} - -# removeLogRotation "$productHome" "$cronJobOwner" || true -removeLogRotation() { - logDebug "Method ${FUNCNAME[0]}" - if [[ $(uname) == "Darwin" ]]; then - logDebug "Not implemented for Darwin." - return 0 - fi - local productHome="$1" - local cronJobOwner="$2" - local standaloneMode=$(_operationIsBySameUser "$cronJobOwner") - - local confFile="${productHome}/var/etc/logrotate/logrotate.conf" - - if [ "$standaloneMode" == "no" ]; then - crontab -l -u $cronJobOwner 2>/dev/null | grep -v "$confFile" | crontab -u $cronJobOwner - - else - crontab -l 2>/dev/null | grep -v "$confFile" | crontab - - fi -} - -# NOTE: This method does not check the configuration to see if redirection is necessary. -# This is intentional. If we don't redirect, tomcat logs might get redirected to a folder/file -# that does not exist, causing the service itself to not start -setupTomcatRedirection() { - logDebug "Method ${FUNCNAME[0]}" - local consoleLog="${JF_PRODUCT_HOME}/var/log/console.log" - _createConsoleLog - export CATALINA_OUT="${consoleLog}" -} - -setupScriptLogsRedirection() { - logDebug "Method ${FUNCNAME[0]}" - if [ -z "${JF_PRODUCT_HOME}" ]; then - logDebug "No JF_PRODUCT_HOME. Returning" - return - fi - # Create the console.log file if it is not already present - # _createConsoleLog || true - # # Ensure any logs (logger/logError/warn) also get redirected to the console.log - # # Using installer.log as a temparory fix. Please change this to console.log once INST-291 is fixed - export LOG_BEHAVIOR_ADD_REDIRECTION="${JF_PRODUCT_HOME}/var/log/console.log" - export LOG_BEHAVIOR_ADD_META="$FLAG_Y" -} - -# Returns Y if this method is run inside a container -isRunningInsideAContainer() { - if [ -f "/.dockerenv" ]; then - echo -n "$FLAG_Y" - else - echo -n "$FLAG_N" - fi -} - -POSTGRES_USER=999 -NGINX_USER=104 -NGINX_GROUP=107 -ES_USER=1000 -REDIS_USER=999 -MONGO_USER=999 -RABBITMQ_USER=999 -LOG_FILE_PERMISSION=640 -PID_FILE_PERMISSION=644 - -# Copy file -copyFile(){ - local source=$1 - local target=$2 - local mode=${3:-overwrite} - local enableVerbose=${4:-"${FLAG_N}"} - local verboseFlag="" - - if [ ! -z "${enableVerbose}" ] && [ "${enableVerbose}" == "${FLAG_Y}" ]; then - verboseFlag="-v" - fi - - if [[ ! ( $source && $target ) ]]; then - warn "Source and target is mandatory to copy file" - return 1 - fi - - if [[ -f "${target}" ]]; then - [[ "$mode" = "overwrite" ]] && ( cp ${verboseFlag} -f "$source" "$target" || errorExit "Unable to copy file, command : cp -f ${source} ${target}") || true - else - cp ${verboseFlag} -f "$source" "$target" || errorExit "Unable to copy file, command : cp -f ${source} ${target}" - fi -} - -# Copy files recursively from given source directory to destination directory -# This method wil copy but will NOT overwrite -# Destination will be created if its not available -copyFilesNoOverwrite(){ - local src=$1 - local dest=$2 - local enableVerboseCopy="${3:-${FLAG_Y}}" - - if [[ -z "${src}" || -z "${dest}" ]]; then - return - fi - - if [ -d "${src}" ] && [ "$(ls -A ${src})" ]; then - local relativeFilePath="" - local targetFilePath="" - - for file in $(find ${src} -type f 2>/dev/null) ; do - # Derive relative path and attach it to destination - # Example : - # src=/extra_config - # dest=/var/opt/jfrog/artifactory/etc - # file=/extra_config/config.xml - # relativeFilePath=config.xml - # targetFilePath=/var/opt/jfrog/artifactory/etc/config.xml - relativeFilePath=${file/${src}/} - targetFilePath=${dest}${relativeFilePath} - - createDir "$(dirname "$targetFilePath")" - copyFile "${file}" "${targetFilePath}" "no_overwrite" "${enableVerboseCopy}" - done - fi -} - -# TODO : WINDOWS ? -# Check the max open files and open processes set on the system -checkULimits () { - local minMaxOpenFiles=${1:-32000} - local minMaxOpenProcesses=${2:-1024} - local setValue=${3:-true} - local warningMsgForFiles=${4} - local warningMsgForProcesses=${5} - - logger "Checking open files and processes limits" - - local currentMaxOpenFiles=$(ulimit -n) - logger "Current max open files is $currentMaxOpenFiles" - if [ ${currentMaxOpenFiles} != "unlimited" ] && [ "$currentMaxOpenFiles" -lt "$minMaxOpenFiles" ]; then - if [ "${setValue}" ]; then - ulimit -n "${minMaxOpenFiles}" >/dev/null 2>&1 || warn "Max number of open files $currentMaxOpenFiles is low!" - [ -z "${warningMsgForFiles}" ] || warn "${warningMsgForFiles}" - else - errorExit "Max number of open files $currentMaxOpenFiles, is too low. Cannot run the application!" - fi - fi - - local currentMaxOpenProcesses=$(ulimit -u) - logger "Current max open processes is $currentMaxOpenProcesses" - if [ "$currentMaxOpenProcesses" != "unlimited" ] && [ "$currentMaxOpenProcesses" -lt "$minMaxOpenProcesses" ]; then - if [ "${setValue}" ]; then - ulimit -u "${minMaxOpenProcesses}" >/dev/null 2>&1 || warn "Max number of open files $currentMaxOpenFiles is low!" - [ -z "${warningMsgForProcesses}" ] || warn "${warningMsgForProcesses}" - else - errorExit "Max number of open files $currentMaxOpenProcesses, is too low. Cannot run the application!" - fi - fi -} - -createDirs() { - local appDataDir=$1 - local serviceName=$2 - local folders="backup bootstrap data etc logs work" - - [ -z "${appDataDir}" ] && errorExit "An application directory is mandatory to create its data structure" || true - [ -z "${serviceName}" ] && errorExit "A service name is mandatory to create service data structure" || true - - for folder in ${folders} - do - folder=${appDataDir}/${folder}/${serviceName} - if [ ! -d "${folder}" ]; then - logger "Creating folder : ${folder}" - mkdir -p "${folder}" || errorExit "Failed to create ${folder}" - fi - done -} - - -testReadWritePermissions () { - local dir_to_check=$1 - local error=false - - [ -d ${dir_to_check} ] || errorExit "'${dir_to_check}' is not a directory" - - local test_file=${dir_to_check}/test-permissions - - # Write file - if echo test > ${test_file} 1> /dev/null 2>&1; then - # Write succeeded. Testing read... - if cat ${test_file} > /dev/null; then - rm -f ${test_file} - else - error=true - fi - else - error=true - fi - - if [ ${error} == true ]; then - return 1 - else - return 0 - fi -} - -# Test directory has read/write permissions for current user -testDirectoryPermissions () { - local dir_to_check=$1 - local error=false - - [ -d ${dir_to_check} ] || errorExit "'${dir_to_check}' is not a directory" - - local u_id=$(id -u) - local id_str="id ${u_id}" - - logger "Testing directory ${dir_to_check} has read/write permissions for user ${id_str}" - - if ! testReadWritePermissions ${dir_to_check}; then - error=true - fi - - if [ "${error}" == true ]; then - local stat_data=$(stat -Lc "Directory: %n, permissions: %a, owner: %U, group: %G" ${dir_to_check}) - logger "###########################################################" - logger "${dir_to_check} DOES NOT have proper permissions for user ${id_str}" - logger "${stat_data}" - logger "Mounted directory must have read/write permissions for user ${id_str}" - logger "###########################################################" - errorExit "Directory ${dir_to_check} has bad permissions for user ${id_str}" - fi - logger "Permissions for ${dir_to_check} are good" -} - -# Utility method to create a directory path recursively with chown feature as -# Failure conditions: -## Exits if unable to create a directory -# Parameters: -## $1: Root directory from where the path can be created -## $2: List of recursive child directories seperated by space -## $3: user who should own the directory. Optional -## $4: group who should own the directory. Optional -# Depends on global: none -# Updates global: none -# Returns: NA -# -# Usage: -# createRecursiveDir "/opt/jfrog/product/var" "bootstrap tomcat lib" "user_name" "group_name" -createRecursiveDir(){ - local rootDir=$1 - local pathDirs=$2 - local user=$3 - local group=${4:-${user}} - local fullPath= - - [ ! -z "${rootDir}" ] || return 0 - - createDir "${rootDir}" "${user}" "${group}" - - [ ! -z "${pathDirs}" ] || return 0 - - fullPath=${rootDir} - - for dir in ${pathDirs}; do - fullPath=${fullPath}/${dir} - createDir "${fullPath}" "${user}" "${group}" - done -} - -# Utility method to create a directory -# Failure conditions: -## Exits if unable to create a directory -# Parameters: -## $1: directory to create -## $2: user who should own the directory. Optional -## $3: group who should own the directory. Optional -# Depends on global: none -# Updates global: none -# Returns: NA - -createDir(){ - local dirName="$1" - local printMessage=no - logSilly "Method ${FUNCNAME[0]} invoked with [$dirName]" - [ -z "${dirName}" ] && return - - logDebug "Attempting to create ${dirName}" - mkdir -p "${dirName}" || errorExit "Unable to create directory: [${dirName}]" - local userID="$2" - local groupID=${3:-$userID} - - # If UID/GID is passed, chown the folder - if [ ! -z "$userID" ] && [ ! -z "$groupID" ]; then - # Earlier, this line would have returned 1 if it failed. Now it just warns. - # This is intentional. Earlier, this line would NOT be reached if the folder already existed. - # Since it will always come to this line and the script may be running as a non-root user, this method will just warn if - # setting permissions fails (so as to not affect any existing flows) - io_setOwnershipNonRecursive "$dirName" "$userID" "$groupID" || warn "Could not set owner of [$dirName] to [$userID:$groupID]" - fi - # logging message to print created dir with user and group - local logMessage=${4:-$printMessage} - if [[ "${logMessage}" == "yes" ]]; then - logger "Successfully created directory [${dirName}]. Owner: [${userID}:${groupID}]" - fi -} - -removeSoftLinkAndCreateDir () { - local dirName="$1" - local userID="$2" - local groupID="$3" - local logMessage="$4" - removeSoftLink "${dirName}" - createDir "${dirName}" "${userID}" "${groupID}" "${logMessage}" -} - -# Utility method to remove a soft link -removeSoftLink () { - local dirName="$1" - if [[ -L "${dirName}" ]]; then - targetLink=$(readlink -f "${dirName}") - logger "Removing the symlink [${dirName}] pointing to [${targetLink}]" - rm -f "${dirName}" - fi -} - -# Check Directory exist in the path -checkDirExists () { - local directoryPath="$1" - - [[ -d "${directoryPath}" ]] && echo -n "true" || echo -n "false" -} - - -# Utility method to create a file -# Failure conditions: -# Parameters: -## $1: file to create -# Depends on global: none -# Updates global: none -# Returns: NA - -createFile(){ - local fileName="$1" - logSilly "Method ${FUNCNAME[0]} [$fileName]" - [ -f "${fileName}" ] && return 0 - touch "${fileName}" || return 1 - - local userID="$2" - local groupID=${3:-$userID} - - # If UID/GID is passed, chown the folder - if [ ! -z "$userID" ] && [ ! -z "$groupID" ]; then - io_setOwnership "$fileName" "$userID" "$groupID" || return 1 - fi -} - -# Check File exist in the filePath -# IMPORTANT- DON'T ADD LOGGING to this method -checkFileExists () { - local filePath="$1" - - [[ -f "${filePath}" ]] && echo -n "true" || echo -n "false" -} - -# Check for directories contains any (files or sub directories) -# IMPORTANT- DON'T ADD LOGGING to this method -checkDirContents () { - local directoryPath="$1" - if [[ "$(ls -1 "${directoryPath}" | wc -l)" -gt 0 ]]; then - echo -n "true" - else - echo -n "false" - fi -} - -# Check contents exist in directory -# IMPORTANT- DON'T ADD LOGGING to this method -checkContentExists () { - local source="$1" - - if [[ "$(checkDirContents "${source}")" != "true" ]]; then - echo -n "false" - else - echo -n "true" - fi -} - -# Resolve the variable -# IMPORTANT- DON'T ADD LOGGING to this method -evalVariable () { - local output="$1" - local input="$2" - - eval "${output}"=\${"${input}"} - eval echo \${"${output}"} -} - -# Usage: if [ "$(io_commandExists 'curl')" == "yes" ] -# IMPORTANT- DON'T ADD LOGGING to this method -io_commandExists() { - local commandToExecute="$1" - hash "${commandToExecute}" 2>/dev/null - local rt=$? - if [ "$rt" == 0 ]; then echo -n "yes"; else echo -n "no"; fi -} - -# Usage: if [ "$(io_curlExists)" != "yes" ] -# IMPORTANT- DON'T ADD LOGGING to this method -io_curlExists() { - io_commandExists "curl" -} - - -io_hasMatch() { - logSilly "Method ${FUNCNAME[0]}" - local result=0 - logDebug "Executing [echo \"$1\" | grep \"$2\" >/dev/null 2>&1]" - echo "$1" | grep "$2" >/dev/null 2>&1 || result=1 - return $result -} - -# Utility method to check if the string passed (usually a connection url) corresponds to this machine itself -# Failure conditions: None -# Parameters: -## $1: string to check against -# Depends on global: none -# Updates global: IS_LOCALHOST with value "yes/no" -# Returns: NA - -io_getIsLocalhost() { - logSilly "Method ${FUNCNAME[0]}" - IS_LOCALHOST="$FLAG_N" - local inputString="$1" - logDebug "Parsing [$inputString] to check if we are dealing with this machine itself" - - io_hasMatch "$inputString" "localhost" && { - logDebug "Found localhost. Returning [$FLAG_Y]" - IS_LOCALHOST="$FLAG_Y" && return; - } || logDebug "Did not find match for localhost" - - local hostIP=$(io_getPublicHostIP) - io_hasMatch "$inputString" "$hostIP" && { - logDebug "Found $hostIP. Returning [$FLAG_Y]" - IS_LOCALHOST="$FLAG_Y" && return; - } || logDebug "Did not find match for $hostIP" - - local hostID=$(io_getPublicHostID) - io_hasMatch "$inputString" "$hostID" && { - logDebug "Found $hostID. Returning [$FLAG_Y]" - IS_LOCALHOST="$FLAG_Y" && return; - } || logDebug "Did not find match for $hostID" - - local hostName=$(io_getPublicHostName) - io_hasMatch "$inputString" "$hostName" && { - logDebug "Found $hostName. Returning [$FLAG_Y]" - IS_LOCALHOST="$FLAG_Y" && return; - } || logDebug "Did not find match for $hostName" - -} - -# Usage: if [ "$(io_tarExists)" != "yes" ] -# IMPORTANT- DON'T ADD LOGGING to this method -io_tarExists() { - io_commandExists "tar" -} - -# IMPORTANT- DON'T ADD LOGGING to this method -io_getPublicHostIP() { - local OS_TYPE=$(uname) - local publicHostIP= - if [ "${OS_TYPE}" == "Darwin" ]; then - ipStatus=$(ifconfig en0 | grep "status" | awk '{print$2}') - if [ "${ipStatus}" == "active" ]; then - publicHostIP=$(ifconfig en0 | grep inet | grep -v inet6 | awk '{print $2}') - else - errorExit "Host IP could not be resolved!" - fi - elif [ "${OS_TYPE}" == "Linux" ]; then - publicHostIP=$(hostname -i 2>/dev/null || echo "127.0.0.1") - fi - publicHostIP=$(echo "${publicHostIP}" | awk '{print $1}') - echo -n "${publicHostIP}" -} - -# Will return the short host name (up to the first dot) -# IMPORTANT- DON'T ADD LOGGING to this method -io_getPublicHostName() { - echo -n "$(hostname -s)" -} - -# Will return the full host name (use this as much as possible) -# IMPORTANT- DON'T ADD LOGGING to this method -io_getPublicHostID() { - echo -n "$(hostname)" -} - -# Utility method to backup a file -# Failure conditions: NA -# Parameters: filePath -# Depends on global: none, -# Updates global: none -# Returns: NA -io_backupFile() { - logSilly "Method ${FUNCNAME[0]}" - fileName="$1" - if [ ! -f "${filePath}" ]; then - logDebug "No file: [${filePath}] to backup" - return - fi - dateTime=$(date +"%Y-%m-%d-%H-%M-%S") - targetFileName="${fileName}.backup.${dateTime}" - yes | \cp -f "$fileName" "${targetFileName}" - logger "File [${fileName}] backedup as [${targetFileName}]" -} - -# Reference https://stackoverflow.com/questions/4023830/how-to-compare-two-strings-in-dot-separated-version-format-in-bash/4025065#4025065 -is_number() { - case "$BASH_VERSION" in - 3.1.*) - PATTERN='\^\[0-9\]+\$' - ;; - *) - PATTERN='^[0-9]+$' - ;; - esac - - [[ "$1" =~ $PATTERN ]] -} - -io_compareVersions() { - if [[ $# != 2 ]] - then - echo "Usage: min_version current minimum" - return - fi - - A="${1%%.*}" - B="${2%%.*}" - - if [[ "$A" != "$1" && "$B" != "$2" && "$A" == "$B" ]] - then - io_compareVersions "${1#*.}" "${2#*.}" - else - if is_number "$A" && is_number "$B" - then - if [[ "$A" -eq "$B" ]]; then - echo "0" - elif [[ "$A" -gt "$B" ]]; then - echo "1" - elif [[ "$A" -lt "$B" ]]; then - echo "-1" - fi - fi - fi -} - -# Reference https://stackoverflow.com/questions/369758/how-to-trim-whitespace-from-a-bash-variable -# Strip all leading and trailing spaces -# IMPORTANT- DON'T ADD LOGGING to this method -io_trim() { - local var="$1" - # remove leading whitespace characters - var="${var#"${var%%[![:space:]]*}"}" - # remove trailing whitespace characters - var="${var%"${var##*[![:space:]]}"}" - echo -n "$var" -} - -# temporary function will be removing it ASAP -# search for string and replace text in file -replaceText_migration_hook () { - local regexString="$1" - local replaceText="$2" - local file="$3" - - if [[ "$(checkFileExists "${file}")" != "true" ]]; then - return - fi - if [[ $(uname) == "Darwin" ]]; then - sed -i '' -e "s/${regexString}/${replaceText}/" "${file}" || warn "Failed to replace the text in ${file}" - else - sed -i -e "s/${regexString}/${replaceText}/" "${file}" || warn "Failed to replace the text in ${file}" - fi -} - -# search for string and replace text in file -replaceText () { - local regexString="$1" - local replaceText="$2" - local file="$3" - - if [[ "$(checkFileExists "${file}")" != "true" ]]; then - return - fi - if [[ $(uname) == "Darwin" ]]; then - sed -i '' -e "s#${regexString}#${replaceText}#" "${file}" || warn "Failed to replace the text in ${file}" - else - sed -i -e "s#${regexString}#${replaceText}#" "${file}" || warn "Failed to replace the text in ${file}" - logDebug "Replaced [$regexString] with [$replaceText] in [$file]" - fi -} - -# search for string and prepend text in file -prependText () { - local regexString="$1" - local text="$2" - local file="$3" - - if [[ "$(checkFileExists "${file}")" != "true" ]]; then - return - fi - if [[ $(uname) == "Darwin" ]]; then - sed -i '' -e '/'"${regexString}"'/i\'$'\n\\'"${text}"''$'\n' "${file}" || warn "Failed to prepend the text in ${file}" - else - sed -i -e '/'"${regexString}"'/i\'$'\n\\'"${text}"''$'\n' "${file}" || warn "Failed to prepend the text in ${file}" - fi -} - -# add text to beginning of the file -addText () { - local text="$1" - local file="$2" - - if [[ "$(checkFileExists "${file}")" != "true" ]]; then - return - fi - if [[ $(uname) == "Darwin" ]]; then - sed -i '' -e '1s/^/'"${text}"'\'$'\n/' "${file}" || warn "Failed to add the text in ${file}" - else - sed -i -e '1s/^/'"${text}"'\'$'\n/' "${file}" || warn "Failed to add the text in ${file}" - fi -} - -io_replaceString () { - local value="$1" - local firstString="$2" - local secondString="$3" - local separator=${4:-"/"} - local updateValue= - if [[ $(uname) == "Darwin" ]]; then - updateValue=$(echo "${value}" | sed "s${separator}${firstString}${separator}${secondString}${separator}") - else - updateValue=$(echo "${value}" | sed "s${separator}${firstString}${separator}${secondString}${separator}") - fi - echo -n "${updateValue}" -} - -_findYQ() { - # logSilly "Method ${FUNCNAME[0]}" (Intentionally not logging. Does not add value) - local parentDir="$1" - if [ -z "$parentDir" ]; then - return - fi - logDebug "Executing command [find "${parentDir}" -name third-party -type d]" - local yq=$(find "${parentDir}" -name third-party -type d) - if [ -d "${yq}/yq" ]; then - export YQ_PATH="${yq}/yq" - fi -} - - -io_setYQPath() { - # logSilly "Method ${FUNCNAME[0]}" (Intentionally not logging. Does not add value) - if [ "$(io_commandExists 'yq')" == "yes" ]; then - return - fi - - if [ ! -z "${JF_PRODUCT_HOME}" ] && [ -d "${JF_PRODUCT_HOME}" ]; then - _findYQ "${JF_PRODUCT_HOME}" - fi - - if [ -z "${YQ_PATH}" ] && [ ! -z "${COMPOSE_HOME}" ] && [ -d "${COMPOSE_HOME}" ]; then - _findYQ "${COMPOSE_HOME}" - fi - # TODO We can remove this block after all the code is restructured. - if [ -z "${YQ_PATH}" ] && [ ! -z "${SCRIPT_HOME}" ] && [ -d "${SCRIPT_HOME}" ]; then - _findYQ "${SCRIPT_HOME}" - fi - -} - -io_getLinuxDistribution() { - LINUX_DISTRIBUTION= - - # Make sure running on Linux - [ $(uname -s) != "Linux" ] && return - - # Find out what Linux distribution we are on - - cat /etc/*-release | grep -i Red >/dev/null 2>&1 && LINUX_DISTRIBUTION=RedHat || true - - # OS 6.x - cat /etc/issue.net | grep Red >/dev/null 2>&1 && LINUX_DISTRIBUTION=RedHat || true - - # OS 7.x - cat /etc/*-release | grep -i centos >/dev/null 2>&1 && LINUX_DISTRIBUTION=CentOS && LINUX_DISTRIBUTION_VER="7" || true - - # OS 8.x - grep -q -i "release 8" /etc/redhat-release >/dev/null 2>&1 && LINUX_DISTRIBUTION_VER="8" || true - - # OS 7.x - grep -q -i "release 7" /etc/redhat-release >/dev/null 2>&1 && LINUX_DISTRIBUTION_VER="7" || true - - # OS 6.x - grep -q -i "release 6" /etc/redhat-release >/dev/null 2>&1 && LINUX_DISTRIBUTION_VER="6" || true - - cat /etc/*-release | grep -i Red | grep -i 'VERSION=7' >/dev/null 2>&1 && LINUX_DISTRIBUTION=RedHat && LINUX_DISTRIBUTION_VER="7" || true - - cat /etc/*-release | grep -i debian >/dev/null 2>&1 && LINUX_DISTRIBUTION=Debian || true - - cat /etc/*-release | grep -i ubuntu >/dev/null 2>&1 && LINUX_DISTRIBUTION=Ubuntu || true -} - -## Utility method to check ownership of folders/files -## Failure conditions: - ## If invoked with incorrect inputs - FATAL - ## If file is not owned by the user & group -## Parameters: - ## user - ## group - ## folder to chown -## Globals: none -## Returns: none -## NOTE: The method does NOTHING if the OS is Mac -io_checkOwner () { - logSilly "Method ${FUNCNAME[0]}" - local osType=$(uname) - - if [ "${osType}" != "Linux" ]; then - logDebug "Unsupported OS. Skipping check" - return 0 - fi - - local file_to_check=$1 - local user_id_to_check=$2 - - - if [ -z "$user_id_to_check" ] || [ -z "$file_to_check" ]; then - errorExit "Invalid invocation of method. Missing mandatory inputs" - fi - - local group_id_to_check=${3:-$user_id_to_check} - local check_user_name=${4:-"no"} - - logDebug "Checking permissions on [$file_to_check] for user [$user_id_to_check] & group [$group_id_to_check]" - - local stat= - - if [ "${check_user_name}" == "yes" ]; then - stat=( $(stat -Lc "%U %G" ${file_to_check}) ) - else - stat=( $(stat -Lc "%u %g" ${file_to_check}) ) - fi - - local user_id=${stat[0]} - local group_id=${stat[1]} - - if [[ "${user_id}" != "${user_id_to_check}" ]] || [[ "${group_id}" != "${group_id_to_check}" ]] ; then - logDebug "Ownership mismatch. [${file_to_check}] is not owned by [${user_id_to_check}:${group_id_to_check}]" - return 1 - else - return 0 - fi -} - -## Utility method to change ownership of a file/folder - NON recursive -## Failure conditions: - ## If invoked with incorrect inputs - FATAL - ## If chown operation fails - returns 1 -## Parameters: - ## user - ## group - ## file to chown -## Globals: none -## Returns: none -## NOTE: The method does NOTHING if the OS is Mac - -io_setOwnershipNonRecursive() { - - local osType=$(uname) - if [ "${osType}" != "Linux" ]; then - return - fi - - local targetFile=$1 - local user=$2 - - if [ -z "$user" ] || [ -z "$targetFile" ]; then - errorExit "Invalid invocation of method. Missing mandatory inputs" - fi - - local group=${3:-$user} - logDebug "Method ${FUNCNAME[0]}. Executing [chown ${user}:${group} ${targetFile}]" - chown ${user}:${group} ${targetFile} || return 1 -} - -## Utility method to change ownership of a file. -## IMPORTANT -## If being called on a folder, should ONLY be called for fresh folders or may cause performance issues -## Failure conditions: - ## If invoked with incorrect inputs - FATAL - ## If chown operation fails - returns 1 -## Parameters: - ## user - ## group - ## file to chown -## Globals: none -## Returns: none -## NOTE: The method does NOTHING if the OS is Mac - -io_setOwnership() { - - local osType=$(uname) - if [ "${osType}" != "Linux" ]; then - return - fi - - local targetFile=$1 - local user=$2 - - if [ -z "$user" ] || [ -z "$targetFile" ]; then - errorExit "Invalid invocation of method. Missing mandatory inputs" - fi - - local group=${3:-$user} - logDebug "Method ${FUNCNAME[0]}. Executing [chown -R ${user}:${group} ${targetFile}]" - chown -R ${user}:${group} ${targetFile} || return 1 -} - -## Utility method to create third party folder structure necessary for Postgres -## Failure conditions: -## If creation of directory or assigning permissions fails -## Parameters: none -## Globals: -## POSTGRESQL_DATA_ROOT -## Returns: none -## NOTE: The method does NOTHING if the folder already exists -io_createPostgresDir() { - logDebug "Method ${FUNCNAME[0]}" - [ -z "${POSTGRESQL_DATA_ROOT}" ] && return 0 - - logDebug "Property [${POSTGRESQL_DATA_ROOT}] exists. Proceeding" - - createDir "${POSTGRESQL_DATA_ROOT}/data" - io_setOwnership "${POSTGRESQL_DATA_ROOT}" "${POSTGRES_USER}" "${POSTGRES_USER}" || errorExit "Setting ownership of [${POSTGRESQL_DATA_ROOT}] to [${POSTGRES_USER}:${POSTGRES_USER}] failed" -} - -## Utility method to create third party folder structure necessary for Nginx -## Failure conditions: -## If creation of directory or assigning permissions fails -## Parameters: none -## Globals: -## NGINX_DATA_ROOT -## Returns: none -## NOTE: The method does NOTHING if the folder already exists -io_createNginxDir() { - logDebug "Method ${FUNCNAME[0]}" - [ -z "${NGINX_DATA_ROOT}" ] && return 0 - - logDebug "Property [${NGINX_DATA_ROOT}] exists. Proceeding" - - createDir "${NGINX_DATA_ROOT}" - io_setOwnership "${NGINX_DATA_ROOT}" "${NGINX_USER}" "${NGINX_GROUP}" || errorExit "Setting ownership of [${NGINX_DATA_ROOT}] to [${NGINX_USER}:${NGINX_GROUP}] failed" -} - -## Utility method to create third party folder structure necessary for ElasticSearch -## Failure conditions: -## If creation of directory or assigning permissions fails -## Parameters: none -## Globals: -## ELASTIC_DATA_ROOT -## Returns: none -## NOTE: The method does NOTHING if the folder already exists -io_createElasticSearchDir() { - logDebug "Method ${FUNCNAME[0]}" - [ -z "${ELASTIC_DATA_ROOT}" ] && return 0 - - logDebug "Property [${ELASTIC_DATA_ROOT}] exists. Proceeding" - - createDir "${ELASTIC_DATA_ROOT}/data" - io_setOwnership "${ELASTIC_DATA_ROOT}" "${ES_USER}" "${ES_USER}" || errorExit "Setting ownership of [${ELASTIC_DATA_ROOT}] to [${ES_USER}:${ES_USER}] failed" -} - -## Utility method to create third party folder structure necessary for Redis -## Failure conditions: -## If creation of directory or assigning permissions fails -## Parameters: none -## Globals: -## REDIS_DATA_ROOT -## Returns: none -## NOTE: The method does NOTHING if the folder already exists -io_createRedisDir() { - logDebug "Method ${FUNCNAME[0]}" - [ -z "${REDIS_DATA_ROOT}" ] && return 0 - - logDebug "Property [${REDIS_DATA_ROOT}] exists. Proceeding" - - createDir "${REDIS_DATA_ROOT}" - io_setOwnership "${REDIS_DATA_ROOT}" "${REDIS_USER}" "${REDIS_USER}" || errorExit "Setting ownership of [${REDIS_DATA_ROOT}] to [${REDIS_USER}:${REDIS_USER}] failed" -} - -## Utility method to create third party folder structure necessary for Mongo -## Failure conditions: -## If creation of directory or assigning permissions fails -## Parameters: none -## Globals: -## MONGODB_DATA_ROOT -## Returns: none -## NOTE: The method does NOTHING if the folder already exists -io_createMongoDir() { - logDebug "Method ${FUNCNAME[0]}" - [ -z "${MONGODB_DATA_ROOT}" ] && return 0 - - logDebug "Property [${MONGODB_DATA_ROOT}] exists. Proceeding" - - createDir "${MONGODB_DATA_ROOT}/logs" - createDir "${MONGODB_DATA_ROOT}/configdb" - createDir "${MONGODB_DATA_ROOT}/db" - io_setOwnership "${MONGODB_DATA_ROOT}" "${MONGO_USER}" "${MONGO_USER}" || errorExit "Setting ownership of [${MONGODB_DATA_ROOT}] to [${MONGO_USER}:${MONGO_USER}] failed" -} - -## Utility method to create third party folder structure necessary for RabbitMQ -## Failure conditions: -## If creation of directory or assigning permissions fails -## Parameters: none -## Globals: -## RABBITMQ_DATA_ROOT -## Returns: none -## NOTE: The method does NOTHING if the folder already exists -io_createRabbitMQDir() { - logDebug "Method ${FUNCNAME[0]}" - [ -z "${RABBITMQ_DATA_ROOT}" ] && return 0 - - logDebug "Property [${RABBITMQ_DATA_ROOT}] exists. Proceeding" - - createDir "${RABBITMQ_DATA_ROOT}" - io_setOwnership "${RABBITMQ_DATA_ROOT}" "${RABBITMQ_USER}" "${RABBITMQ_USER}" || errorExit "Setting ownership of [${RABBITMQ_DATA_ROOT}] to [${RABBITMQ_USER}:${RABBITMQ_USER}] failed" -} - -# Add or replace a property in provided properties file -addOrReplaceProperty() { - local propertyName=$1 - local propertyValue=$2 - local propertiesPath=$3 - local delimiter=${4:-"="} - - # Return if any of the inputs are empty - [[ -z "$propertyName" || "$propertyName" == "" ]] && return - [[ -z "$propertyValue" || "$propertyValue" == "" ]] && return - [[ -z "$propertiesPath" || "$propertiesPath" == "" ]] && return - - grep "^${propertyName}\s*${delimiter}.*$" ${propertiesPath} > /dev/null 2>&1 - [ $? -ne 0 ] && echo -e "\n${propertyName}${delimiter}${propertyValue}" >> ${propertiesPath} - sed -i -e "s|^${propertyName}\s*${delimiter}.*$|${propertyName}${delimiter}${propertyValue}|g;" ${propertiesPath} -} - -# Set property only if its not set -io_setPropertyNoOverride(){ - local propertyName=$1 - local propertyValue=$2 - local propertiesPath=$3 - - # Return if any of the inputs are empty - [[ -z "$propertyName" || "$propertyName" == "" ]] && return - [[ -z "$propertyValue" || "$propertyValue" == "" ]] && return - [[ -z "$propertiesPath" || "$propertiesPath" == "" ]] && return - - grep "^${propertyName}:" ${propertiesPath} > /dev/null 2>&1 - if [ $? -ne 0 ]; then - echo -e "${propertyName}: ${propertyValue}" >> ${propertiesPath} || warn "Setting property ${propertyName}: ${propertyValue} in [ ${propertiesPath} ] failed" - else - logger "Skipping update of property : ${propertyName}" >&6 - fi -} - -# Add a line to a file if it doesn't already exist -addLine() { - local line_to_add=$1 - local target_file=$2 - logger "Trying to add line $1 to $2" >&6 2>&1 - cat "$target_file" | grep -F "$line_to_add" -wq >&6 2>&1 - if [ $? != 0 ]; then - logger "Line does not exist and will be added" >&6 2>&1 - echo $line_to_add >> $target_file || errorExit "Could not update $target_file" - fi -} - -# Utility method to check if a value (first paramter) exists in an array (2nd parameter) -# 1st parameter "value to find" -# 2nd parameter "The array to search in. Please pass a string with each value separated by space" -# Example: containsElement "y" "y Y n N" -containsElement () { - local searchElement=$1 - local searchArray=($2) - local found=1 - for elementInIndex in "${searchArray[@]}";do - if [[ $elementInIndex == $searchElement ]]; then - found=0 - fi - done - return $found -} - -# Utility method to get user's choice -# 1st parameter "what to ask the user" -# 2nd parameter "what choices to accept, separated by spaces" -# 3rd parameter "what is the default choice (to use if the user simply presses Enter)" -# Example 'getUserChoice "Are you feeling lucky? Punk!" "y n Y N" "y"' -getUserChoice(){ - configureLogOutput - read_timeout=${read_timeout:-0.5} - local choice="na" - local text_to_display=$1 - local choices=$2 - local default_choice=$3 - users_choice= - - until containsElement "$choice" "$choices"; do - echo "";echo ""; - sleep $read_timeout #This ensures correct placement of the question. - read -p "$text_to_display :" choice - : ${choice:=$default_choice} - done - users_choice=$choice - echo -e "\n$text_to_display: $users_choice" >&6 - sleep $read_timeout #This ensures correct logging -} - -setFilePermission () { - local permission=$1 - local file=$2 - chmod "${permission}" "${file}" || warn "Setting permission ${permission} to file [ ${file} ] failed" -} - - -#setting required paths -setAppDir (){ - SCRIPT_DIR=$(dirname $0) - SCRIPT_HOME="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" - APP_DIR="`cd "${SCRIPT_HOME}";pwd`" -} - -ZIP_TYPE="zip" -COMPOSE_TYPE="compose" -HELM_TYPE="helm" -RPM_TYPE="rpm" -DEB_TYPE="debian" - -sourceScript () { - local file="$1" - - [ ! -z "${file}" ] || errorExit "target file is not passed to source a file" - - if [ ! -f "${file}" ]; then - errorExit "${file} file is not found" - else - source "${file}" || errorExit "Unable to source ${file}, please check if the user ${USER} has permissions to perform this action" - fi -} -# Source required helpers -initHelpers () { - local systemYamlHelper="${APP_DIR}/systemYamlHelper.sh" - local thirdPartyDir=$(find ${APP_DIR}/.. -name third-party -type d) - export YQ_PATH="${thirdPartyDir}/yq" - LIBXML2_PATH="${thirdPartyDir}/libxml2/bin/xmllint" - export LD_LIBRARY_PATH="${thirdPartyDir}/libxml2/lib" - sourceScript "${systemYamlHelper}" -} -# Check migration info yaml file available in the path -checkMigrationInfoYaml () { - - if [[ -f "${APP_DIR}/migrationHelmInfo.yaml" ]]; then - MIGRATION_SYSTEM_YAML_INFO="${APP_DIR}/migrationHelmInfo.yaml" - INSTALLER="${HELM_TYPE}" - elif [[ -f "${APP_DIR}/migrationZipInfo.yaml" ]]; then - MIGRATION_SYSTEM_YAML_INFO="${APP_DIR}/migrationZipInfo.yaml" - INSTALLER="${ZIP_TYPE}" - elif [[ -f "${APP_DIR}/migrationRpmInfo.yaml" ]]; then - MIGRATION_SYSTEM_YAML_INFO="${APP_DIR}/migrationRpmInfo.yaml" - INSTALLER="${RPM_TYPE}" - elif [[ -f "${APP_DIR}/migrationDebInfo.yaml" ]]; then - MIGRATION_SYSTEM_YAML_INFO="${APP_DIR}/migrationDebInfo.yaml" - INSTALLER="${DEB_TYPE}" - elif [[ -f "${APP_DIR}/migrationComposeInfo.yaml" ]]; then - MIGRATION_SYSTEM_YAML_INFO="${APP_DIR}/migrationComposeInfo.yaml" - INSTALLER="${COMPOSE_TYPE}" - else - errorExit "File migration Info yaml does not exist in [${APP_DIR}]" - fi -} - -retrieveYamlValue () { - local yamlPath="$1" - local value="$2" - local output="$3" - local message="$4" - - [[ -z "${yamlPath}" ]] && errorExit "yamlPath is mandatory to get value from ${MIGRATION_SYSTEM_YAML_INFO}" - - getYamlValue "${yamlPath}" "${MIGRATION_SYSTEM_YAML_INFO}" "false" - value="${YAML_VALUE}" - if [[ -z "${value}" ]]; then - if [[ "${output}" == "Warning" ]]; then - warn "Empty value for ${yamlPath} in [${MIGRATION_SYSTEM_YAML_INFO}]" - elif [[ "${output}" == "Skip" ]]; then - return - else - errorExit "${message}" - fi - fi -} - -checkEnv () { - - if [[ "${INSTALLER}" == "${ZIP_TYPE}" ]]; then - # check Environment JF_PRODUCT_HOME is set before migration - NEW_DATA_DIR="$(evalVariable "NEW_DATA_DIR" "JF_PRODUCT_HOME")" - if [[ -z "${NEW_DATA_DIR}" ]]; then - errorExit "Environment variable JF_PRODUCT_HOME is not set, this is required to perform Migration" - fi - # appending var directory to $JF_PRODUCT_HOME - NEW_DATA_DIR="${NEW_DATA_DIR}/var" - elif [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then - getCustomDataDir_hook - NEW_DATA_DIR="${OLD_DATA_DIR}" - if [[ -z "${NEW_DATA_DIR}" ]] && [[ -z "${OLD_DATA_DIR}" ]]; then - errorExit "Could not find ${PROMPT_DATA_DIR_LOCATION} to perform Migration" - fi - else - # check Environment JF_ROOT_DATA_DIR is set before migration - OLD_DATA_DIR="$(evalVariable "OLD_DATA_DIR" "JF_ROOT_DATA_DIR")" - # check Environment JF_ROOT_DATA_DIR is set before migration - NEW_DATA_DIR="$(evalVariable "NEW_DATA_DIR" "JF_ROOT_DATA_DIR")" - if [[ -z "${NEW_DATA_DIR}" ]] && [[ -z "${OLD_DATA_DIR}" ]]; then - errorExit "Could not find ${PROMPT_DATA_DIR_LOCATION} to perform Migration" - fi - # appending var directory to $JF_PRODUCT_HOME - NEW_DATA_DIR="${NEW_DATA_DIR}/var" - fi - -} - -getDataDir () { - - if [[ "${INSTALLER}" == "${ZIP_TYPE}" || "${INSTALLER}" == "${COMPOSE_TYPE}"|| "${INSTALLER}" == "${HELM_TYPE}" ]]; then - checkEnv - else - getCustomDataDir_hook - NEW_DATA_DIR="`cd "${APP_DIR}"/../../;pwd`" - NEW_DATA_DIR="${NEW_DATA_DIR}/var" - fi -} - -# Retrieve Product name from MIGRATION_SYSTEM_YAML_INFO -getProduct () { - retrieveYamlValue "migration.product" "${YAML_VALUE}" "Fail" "Empty value under ${yamlPath} in [${MIGRATION_SYSTEM_YAML_INFO}]" - PRODUCT="${YAML_VALUE}" - PRODUCT=$(echo "${PRODUCT}" | tr '[:upper:]' '[:lower:]' 2>/dev/null) - if [[ "${PRODUCT}" != "artifactory" && "${PRODUCT}" != "distribution" && "${PRODUCT}" != "xray" ]]; then - errorExit "migration.product in [${MIGRATION_SYSTEM_YAML_INFO}] is not correct, please set based on product as ARTIFACTORY or DISTRIBUTION" - fi - if [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then - JF_USER="${PRODUCT}" - fi -} -# Compare product version with minProductVersion and maxProductVersion -migrateCheckVersion () { - local productVersion="$1" - local minProductVersion="$2" - local maxProductVersion="$3" - local productVersion618="6.18.0" - local unSupportedProductVersions7=("7.2.0 7.2.1") - - if [[ "$(io_compareVersions "${productVersion}" "${maxProductVersion}")" -eq 0 || "$(io_compareVersions "${productVersion}" "${maxProductVersion}")" -eq 1 ]]; then - logger "Migration not necessary. ${PRODUCT} is already ${productVersion}" - exit 11 - elif [[ "$(io_compareVersions "${productVersion}" "${minProductVersion}")" -eq 0 || "$(io_compareVersions "${productVersion}" "${minProductVersion}")" -eq 1 ]]; then - if [[ ("$(io_compareVersions "${productVersion}" "${productVersion618}")" -eq 0 || "$(io_compareVersions "${productVersion}" "${productVersion618}")" -eq 1) && " ${unSupportedProductVersions7[@]} " =~ " ${CURRENT_VERSION} " ]]; then - touch /tmp/error; - errorExit "Current ${PRODUCT} version (${productVersion}) does not support migration to ${CURRENT_VERSION}" - else - bannerStart "Detected ${PRODUCT} ${productVersion}, initiating migration" - fi - else - logger "Current ${PRODUCT} ${productVersion} version is not supported for migration" - exit 1 - fi -} - -getProductVersion () { - local minProductVersion="$1" - local maxProductVersion="$2" - local newfilePath="$3" - local oldfilePath="$4" - local propertyInDocker="$5" - local property="$6" - local productVersion= - local status= - - if [[ "$INSTALLER" == "${COMPOSE_TYPE}" ]]; then - if [[ -f "${oldfilePath}" ]]; then - if [[ "${PRODUCT}" == "artifactory" ]]; then - productVersion="$(readKey "${property}" "${oldfilePath}")" - else - productVersion="$(cat "${oldfilePath}")" - fi - status="success" - elif [[ -f "${newfilePath}" ]]; then - productVersion="$(readKey "${propertyInDocker}" "${newfilePath}")" - status="fail" - else - logger "File [${oldfilePath}] or [${newfilePath}] not found to get current version." - exit 0 - fi - elif [[ "$INSTALLER" == "${HELM_TYPE}" ]]; then - if [[ -f "${oldfilePath}" ]]; then - if [[ "${PRODUCT}" == "artifactory" ]]; then - productVersion="$(readKey "${property}" "${oldfilePath}")" - else - productVersion="$(cat "${oldfilePath}")" - fi - status="success" - else - productVersion="${CURRENT_VERSION}" - [[ -z "${productVersion}" || "${productVersion}" == "" ]] && logger "${PRODUCT} CURRENT_VERSION is not set" && exit 0 - fi - else - if [[ -f "${newfilePath}" ]]; then - productVersion="$(readKey "${property}" "${newfilePath}")" - status="fail" - elif [[ -f "${oldfilePath}" ]]; then - productVersion="$(readKey "${property}" "${oldfilePath}")" - status="success" - else - if [[ "${INSTALLER}" == "${ZIP_TYPE}" ]]; then - logger "File [${newfilePath}] not found to get current version." - else - logger "File [${oldfilePath}] or [${newfilePath}] not found to get current version." - fi - exit 0 - fi - fi - if [[ -z "${productVersion}" || "${productVersion}" == "" ]]; then - [[ "${status}" == "success" ]] && logger "No version found in file [${oldfilePath}]." - [[ "${status}" == "fail" ]] && logger "No version found in file [${newfilePath}]." - exit 0 - fi - - migrateCheckVersion "${productVersion}" "${minProductVersion}" "${maxProductVersion}" -} - -readKey () { - local property="$1" - local file="$2" - local version= - - while IFS='=' read -r key value || [ -n "${key}" ]; - do - [[ ! "${key}" =~ \#.* && ! -z "${key}" && ! -z "${value}" ]] - key="$(io_trim "${key}")" - if [[ "${key}" == "${property}" ]]; then - version="${value}" && check=true && break - else - check=false - fi - done < "${file}" - if [[ "${check}" == "false" ]]; then - return - fi - echo "${version}" -} - -# create Log directory -createLogDir () { - if [[ "${INSTALLER}" == "${DEB_TYPE}" || "${INSTALLER}" == "${RPM_TYPE}" ]]; then - getUserAndGroupFromFile - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/log" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" - fi -} - -# Creating migration log file -creationMigrateLog () { - local LOG_FILE_NAME="migration.log" - createLogDir - local MIGRATION_LOG_FILE="${NEW_DATA_DIR}/log/${LOG_FILE_NAME}" - if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then - MIGRATION_LOG_FILE="${SCRIPT_HOME}/${LOG_FILE_NAME}" - fi - touch "${MIGRATION_LOG_FILE}" - setFilePermission "${LOG_FILE_PERMISSION}" "${MIGRATION_LOG_FILE}" - exec &> >(tee -a "${MIGRATION_LOG_FILE}") -} -# Set path where system.yaml should create -setSystemYamlPath () { - SYSTEM_YAML_PATH="${NEW_DATA_DIR}/etc/system.yaml" - if [[ "${INSTALLER}" != "${HELM_TYPE}" ]]; then - logger "system.yaml will be created in path [${SYSTEM_YAML_PATH}]" - fi -} -# Create directory -createDirectory () { - local directory="$1" - local output="$2" - local check=false - local message="Could not create directory ${directory}, please check if the user ${USER} has permissions to perform this action" - removeSoftLink "${directory}" - mkdir -p "${directory}" && check=true || check=false - if [[ "${check}" == "false" ]]; then - if [[ "${output}" == "Warning" ]]; then - warn "${message}" - else - errorExit "${message}" - fi - fi - setOwnershipBasedOnInstaller "${directory}" -} - -setOwnershipBasedOnInstaller () { - local directory="$1" - if [[ "${INSTALLER}" == "${DEB_TYPE}" || "${INSTALLER}" == "${RPM_TYPE}" ]]; then - getUserAndGroupFromFile - chown -R ${USER_TO_CHECK}:${GROUP_TO_CHECK} "${directory}" || warn "Setting ownership on $directory failed" - elif [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then - io_setOwnership "${directory}" "${JF_USER}" "${JF_USER}" - fi -} - -getUserAndGroup () { - local file="$1" - read uid gid <<<$(stat -c '%U %G' ${file}) - USER_TO_CHECK="${uid}" - GROUP_TO_CHECK="${gid}" -} - -# set ownership -getUserAndGroupFromFile () { - case $PRODUCT in - artifactory) - getUserAndGroup "/etc/opt/jfrog/artifactory/artifactory.properties" - ;; - distribution) - getUserAndGroup "${OLD_DATA_DIR}/etc/versions.properties" - ;; - xray) - getUserAndGroup "${OLD_DATA_DIR}/security/master.key" - ;; - esac -} - -# creating required directories -createRequiredDirs () { - bannerSubSection "CREATING REQUIRED DIRECTORIES" - if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/etc/security" "${JF_USER}" "${JF_USER}" "yes" - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/data" "${JF_USER}" "${JF_USER}" "yes" - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/log/archived" "${JF_USER}" "${JF_USER}" "yes" - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/work" "${JF_USER}" "${JF_USER}" "yes" - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/backup" "${JF_USER}" "${JF_USER}" "yes" - io_setOwnership "${NEW_DATA_DIR}" "${JF_USER}" "${JF_USER}" - if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" ]]; then - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/data/postgres" "${POSTGRES_USER}" "${POSTGRES_USER}" "yes" - fi - elif [[ "${INSTALLER}" == "${DEB_TYPE}" || "${INSTALLER}" == "${RPM_TYPE}" ]]; then - getUserAndGroupFromFile - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/etc" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" "yes" - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/etc/security" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" "yes" - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/data" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" "yes" - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/log/archived" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" "yes" - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/work" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" "yes" - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/backup" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" "yes" - fi -} - -# Check entry in map is format -checkMapEntry () { - local entry="$1" - - [[ "${entry}" != *"="* ]] && echo -n "false" || echo -n "true" -} -# Check value Empty and warn -warnIfEmpty () { - local filePath="$1" - local yamlPath="$2" - local check= - - if [[ -z "${filePath}" ]]; then - warn "Empty value in yamlpath [${yamlPath} in [${MIGRATION_SYSTEM_YAML_INFO}]" - check=false - else - check=true - fi - echo "${check}" -} - -logCopyStatus () { - local status="$1" - local logMessage="$2" - local warnMessage="$3" - - [[ "${status}" == "success" ]] && logger "${logMessage}" - [[ "${status}" == "fail" ]] && warn "${warnMessage}" -} -# copy contents from source to destination -copyCmd () { - local source="$1" - local target="$2" - local mode="$3" - local status= - - case $mode in - unique) - cp -up "${source}"/* "${target}"/ && status="success" || status="fail" - logCopyStatus "${status}" "Successfully copied directory contents from [${source}] to [${target}]" "Failed to copy directory contents from [${source}] to [${target}]" - ;; - specific) - cp -pf "${source}" "${target}"/ && status="success" || status="fail" - logCopyStatus "${status}" "Successfully copied file [${source}] to [${target}]" "Failed to copy file [${source}] to [${target}]" - ;; - patternFiles) - cp -pf "${source}"* "${target}"/ && status="success" || status="fail" - logCopyStatus "${status}" "Successfully copied files matching [${source}*] to [${target}]" "Failed to copy files matching [${source}*] to [${target}]" - ;; - full) - cp -prf "${source}"/* "${target}"/ && status="success" || status="fail" - logCopyStatus "${status}" "Successfully copied directory contents from [${source}] to [${target}]" "Failed to copy directory contents from [${source}] to [${target}]" - ;; - esac -} -# Check contents exist in source before copying -copyOnContentExist () { - local source="$1" - local target="$2" - local mode="$3" - - if [[ "$(checkContentExists "${source}")" == "true" ]]; then - copyCmd "${source}" "${target}" "${mode}" - else - logger "No contents to copy from [${source}]" - fi -} - -# move source to destination -moveCmd () { - local source="$1" - local target="$2" - local status= - - mv -f "${source}" "${target}" && status="success" || status="fail" - [[ "${status}" == "success" ]] && logger "Successfully moved directory [${source}] to [${target}]" - [[ "${status}" == "fail" ]] && warn "Failed to move directory [${source}] to [${target}]" -} - -# symlink target to source -symlinkCmd () { - local source="$1" - local target="$2" - local symlinkSubDir="$3" - local check=false - - if [[ "${symlinkSubDir}" == "subDir" ]]; then - ln -sf "${source}"/* "${target}" && check=true || check=false - else - ln -sf "${source}" "${target}" && check=true || check=false - fi - - [[ "${check}" == "true" ]] && logger "Successfully symlinked directory [${target}] to old [${source}]" - [[ "${check}" == "false" ]] && warn "Symlink operation failed" -} -# Check contents exist in source before symlinking -symlinkOnExist () { - local source="$1" - local target="$2" - local symlinkSubDir="$3" - - if [[ "$(checkContentExists "${source}")" == "true" ]]; then - if [[ "${symlinkSubDir}" == "subDir" ]]; then - symlinkCmd "${source}" "${target}" "subDir" - else - symlinkCmd "${source}" "${target}" - fi - else - logger "No contents to symlink from [${source}]" - fi -} - -prependDir () { - local absolutePath="$1" - local fullPath="$2" - local sourcePath= - - if [[ "${absolutePath}" = \/* ]]; then - sourcePath="${absolutePath}" - else - sourcePath="${fullPath}" - fi - echo "${sourcePath}" -} - -getFirstEntry (){ - local entry="$1" - - [[ -z "${entry}" ]] && return - echo "${entry}" | awk -F"=" '{print $1}' -} - -getSecondEntry () { - local entry="$1" - - [[ -z "${entry}" ]] && return - echo "${entry}" | awk -F"=" '{print $2}' -} -# To get absolutePath -pathResolver () { - local directoryPath="$1" - local dataDir= - - if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then - retrieveYamlValue "migration.oldDataDir" "oldDataDir" "Warning" - dataDir="${YAML_VALUE}" - cd "${dataDir}" - else - cd "${OLD_DATA_DIR}" - fi - absoluteDir="`cd "${directoryPath}";pwd`" - echo "${absoluteDir}" -} - -checkPathResolver () { - local value="$1" - - if [[ "${value}" == \/* ]]; then - value="${value}" - else - value="$(pathResolver "${value}")" - fi - echo "${value}" -} - -propertyMigrate () { - local entry="$1" - local filePath="$2" - local fileName="$3" - local check=false - - local yamlPath="$(getFirstEntry "${entry}")" - local property="$(getSecondEntry "${entry}")" - if [[ -z "${property}" ]]; then - warn "Property is empty in map [${entry}] in the file [${MIGRATION_SYSTEM_YAML_INFO}]" - return - fi - if [[ -z "${yamlPath}" ]]; then - warn "yamlPath is empty for [${property}] in [${MIGRATION_SYSTEM_YAML_INFO}]" - return - fi - while IFS='=' read -r key value || [ -n "${key}" ]; - do - [[ ! "${key}" =~ \#.* && ! -z "${key}" && ! -z "${value}" ]] - key="$(io_trim "${key}")" - if [[ "${key}" == "${property}" ]]; then - if [[ "${PRODUCT}" == "artifactory" ]]; then - value="$(migrateResolveDerbyPath "${key}" "${value}")" - value="$(migrateResolveHaDirPath "${key}" "${value}")" - value="$(updatePostgresUrlString_Hook "${yamlPath}" "${value}")" - fi - if [[ "${key}" == "context.url" ]]; then - local ip=$(echo "${value}" | awk -F/ '{print $3}' | sed 's/:.*//') - setSystemValue "shared.node.ip" "${ip}" "${SYSTEM_YAML_PATH}" - logger "Setting [shared.node.ip] with [${ip}] in system.yaml" - fi - setSystemValue "${yamlPath}" "${value}" "${SYSTEM_YAML_PATH}" && logger "Setting [${yamlPath}] with value of the property [${property}] in system.yaml" && check=true && break || check=false - fi - done < "${NEW_DATA_DIR}/${filePath}/${fileName}" - [[ "${check}" == "false" ]] && logger "Property [${property}] not found in file [${fileName}]" -} - -setHaEnabled_hook () { - echo "" -} - -migratePropertiesFiles () { - local fileList= - local filePath= - local fileName= - local map= - - retrieveYamlValue "migration.propertyFiles.files" "fileList" "Skip" - fileList="${YAML_VALUE}" - if [[ -z "${fileList}" ]]; then - return - fi - bannerSection "PROCESSING MIGRATION OF PROPERTY FILES" - for file in ${fileList}; - do - bannerSubSection "Processing Migration of $file" - retrieveYamlValue "migration.propertyFiles.$file.filePath" "filePath" "Warning" - filePath="${YAML_VALUE}" - retrieveYamlValue "migration.propertyFiles.$file.fileName" "fileName" "Warning" - fileName="${YAML_VALUE}" - [[ -z "${filePath}" && -z "${fileName}" ]] && continue - if [[ "$(checkFileExists "${NEW_DATA_DIR}/${filePath}/${fileName}")" == "true" ]]; then - logger "File [${fileName}] found in path [${NEW_DATA_DIR}/${filePath}]" - # setting haEnabled with true only if ha-node.properties is present - setHaEnabled_hook "${filePath}" - retrieveYamlValue "migration.propertyFiles.$file.map" "map" "Warning" - map="${YAML_VALUE}" - [[ -z "${map}" ]] && continue - for entry in $map; - do - if [[ "$(checkMapEntry "${entry}")" == "true" ]]; then - propertyMigrate "${entry}" "${filePath}" "${fileName}" - else - warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e yamlPath=property" - fi - done - else - logger "File [${fileName}] was not found in path [${NEW_DATA_DIR}/${filePath}] to migrate" - fi - done -} - -createTargetDir () { - local mountDir="$1" - local target="$2" - - logger "Target directory not found [${mountDir}/${target}], creating it" - createDirectoryRecursive "${mountDir}" "${target}" "Warning" -} - -createDirectoryRecursive () { - local mountDir="$1" - local target="$2" - local output="$3" - local check=false - local message="Could not create directory ${directory}, please check if the user ${USER} has permissions to perform this action" - removeSoftLink "${mountDir}/${target}" - local directory=$(echo "${target}" | tr '/' ' ' ) - local targetDir="${mountDir}" - for dir in ${directory}; - do - targetDir="${targetDir}/${dir}" - mkdir -p "${targetDir}" && check=true || check=false - setOwnershipBasedOnInstaller "${targetDir}" - done - if [[ "${check}" == "false" ]]; then - if [[ "${output}" == "Warning" ]]; then - warn "${message}" - else - errorExit "${message}" - fi - fi -} - -copyOperation () { - local source="$1" - local target="$2" - local mode="$3" - local check=false - local targetDataDir= - local targetLink= - local date= - - # prepend OLD_DATA_DIR only if source is relative path - source="$(prependDir "${source}" "${OLD_DATA_DIR}/${source}")" - if [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then - targetDataDir="${NEW_DATA_DIR}" - else - targetDataDir="`cd "${NEW_DATA_DIR}"/../;pwd`" - fi - copyLogMessage "${mode}" - #remove source if it is a symlink - if [[ -L "${source}" ]]; then - targetLink=$(readlink -f "${source}") - logger "Removing the symlink [${source}] pointing to [${targetLink}]" - rm -f "${source}" - source=${targetLink} - fi - if [[ "$(checkDirExists "${source}")" != "true" ]]; then - logger "Source [${source}] directory not found in path" - return - fi - if [[ "$(checkDirContents "${source}")" != "true" ]]; then - logger "No contents to copy from [${source}]" - return - fi - if [[ "$(checkDirExists "${targetDataDir}/${target}")" != "true" ]]; then - createTargetDir "${targetDataDir}" "${target}" - fi - copyOnContentExist "${source}" "${targetDataDir}/${target}" "${mode}" -} - -copySpecificFiles () { - local source="$1" - local target="$2" - local mode="$3" - - # prepend OLD_DATA_DIR only if source is relative path - source="$(prependDir "${source}" "${OLD_DATA_DIR}/${source}")" - if [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then - targetDataDir="${NEW_DATA_DIR}" - else - targetDataDir="`cd "${NEW_DATA_DIR}"/../;pwd`" - fi - copyLogMessage "${mode}" - if [[ "$(checkFileExists "${source}")" != "true" ]]; then - logger "Source file [${source}] does not exist in path" - return - fi - if [[ "$(checkDirExists "${targetDataDir}/${target}")" != "true" ]]; then - createTargetDir "${targetDataDir}" "${target}" - fi - copyCmd "${source}" "${targetDataDir}/${target}" "${mode}" -} - -copyPatternMatchingFiles () { - local source="$1" - local target="$2" - local mode="$3" - local sourcePath="${4}" - - # prepend OLD_DATA_DIR only if source is relative path - sourcePath="$(prependDir "${sourcePath}" "${OLD_DATA_DIR}/${sourcePath}")" - if [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then - targetDataDir="${NEW_DATA_DIR}" - else - targetDataDir="`cd "${NEW_DATA_DIR}"/../;pwd`" - fi - copyLogMessage "${mode}" - if [[ "$(checkDirExists "${sourcePath}")" != "true" ]]; then - logger "Source [${sourcePath}] directory not found in path" - return - fi - if ls "${sourcePath}/${source}"* 1> /dev/null 2>&1; then - if [[ "$(checkDirExists "${targetDataDir}/${target}")" != "true" ]]; then - createTargetDir "${targetDataDir}" "${target}" - fi - copyCmd "${sourcePath}/${source}" "${targetDataDir}/${target}" "${mode}" - else - logger "Source file [${sourcePath}/${source}*] does not exist in path" - fi -} - -copyLogMessage () { - local mode="$1" - case $mode in - specific) - logger "Copy file [${source}] to target [${targetDataDir}/${target}]" - ;; - patternFiles) - logger "Copy files matching [${sourcePath}/${source}*] to target [${targetDataDir}/${target}]" - ;; - full) - logger "Copy directory contents from source [${source}] to target [${targetDataDir}/${target}]" - ;; - unique) - logger "Copy directory contents from source [${source}] to target [${targetDataDir}/${target}]" - ;; - esac -} - -copyBannerMessages () { - local mode="$1" - local textMode="$2" - case $mode in - specific) - bannerSection "COPY ${textMode} FILES" - ;; - patternFiles) - bannerSection "COPY MATCHING ${textMode}" - ;; - full) - bannerSection "COPY ${textMode} DIRECTORIES CONTENTS" - ;; - unique) - bannerSection "COPY ${textMode} DIRECTORIES CONTENTS" - ;; - esac -} - -invokeCopyFunctions () { - local mode="$1" - local source="$2" - local target="$3" - - case $mode in - specific) - copySpecificFiles "${source}" "${target}" "${mode}" - ;; - patternFiles) - retrieveYamlValue "migration.${copyFormat}.sourcePath" "map" "Warning" - local sourcePath="${YAML_VALUE}" - copyPatternMatchingFiles "${source}" "${target}" "${mode}" "${sourcePath}" - ;; - full) - copyOperation "${source}" "${target}" "${mode}" - ;; - unique) - copyOperation "${source}" "${target}" "${mode}" - ;; - esac -} -# Copies contents from source directory and target directory -copyDataDirectories () { - local copyFormat="$1" - local mode="$2" - local map= - local source= - local target= - local textMode= - local targetDataDir= - local copyFormatValue= - - retrieveYamlValue "migration.${copyFormat}" "${copyFormat}" "Skip" - copyFormatValue="${YAML_VALUE}" - if [[ -z "${copyFormatValue}" ]]; then - return - fi - textMode=$(echo "${mode}" | tr '[:lower:]' '[:upper:]' 2>/dev/null) - copyBannerMessages "${mode}" "${textMode}" - retrieveYamlValue "migration.${copyFormat}.map" "map" "Warning" - map="${YAML_VALUE}" - if [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then - targetDataDir="${NEW_DATA_DIR}" - else - targetDataDir="`cd "${NEW_DATA_DIR}"/../;pwd`" - fi - for entry in $map; - do - if [[ "$(checkMapEntry "${entry}")" == "true" ]]; then - source="$(getSecondEntry "${entry}")" - target="$(getFirstEntry "${entry}")" - [[ -z "${source}" ]] && warn "source value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue - [[ -z "${target}" ]] && warn "target value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue - invokeCopyFunctions "${mode}" "${source}" "${target}" - else - warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e target=source" - fi - echo ""; - done -} - -invokeMoveFunctions () { - local source="$1" - local target="$2" - local sourceDataDir= - local targetBasename= - # prepend OLD_DATA_DIR only if source is relative path - sourceDataDir=$(prependDir "${source}" "${OLD_DATA_DIR}/${source}") - targetBasename=$(dirname "${target}") - logger "Moving directory source [${sourceDataDir}] to target [${NEW_DATA_DIR}/${target}]" - if [[ "$(checkDirExists "${sourceDataDir}")" != "true" ]]; then - logger "Directory [${sourceDataDir}] not found in path to move" - return - fi - if [[ "$(checkDirExists "${NEW_DATA_DIR}/${targetBasename}")" != "true" ]]; then - createTargetDir "${NEW_DATA_DIR}" "${targetBasename}" - moveCmd "${sourceDataDir}" "${NEW_DATA_DIR}/${target}" - else - moveCmd "${sourceDataDir}" "${NEW_DATA_DIR}/tempDir" - moveCmd "${NEW_DATA_DIR}/tempDir" "${NEW_DATA_DIR}/${target}" - fi -} - -# Move source directory and target directory -moveDirectories () { - local moveDataDirectories= - local map= - local source= - local target= - - retrieveYamlValue "migration.moveDirectories" "moveDirectories" "Skip" - moveDirectories="${YAML_VALUE}" - if [[ -z "${moveDirectories}" ]]; then - return - fi - bannerSection "MOVE DIRECTORIES" - retrieveYamlValue "migration.moveDirectories.map" "map" "Warning" - map="${YAML_VALUE}" - for entry in $map; - do - if [[ "$(checkMapEntry "${entry}")" == "true" ]]; then - source="$(getSecondEntry "${entry}")" - target="$(getFirstEntry "${entry}")" - [[ -z "${source}" ]] && warn "source value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue - [[ -z "${target}" ]] && warn "target value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue - invokeMoveFunctions "${source}" "${target}" - else - warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e target=source" - fi - echo ""; - done -} - -# Trim masterKey if its generated using hex 32 -trimMasterKey () { - local masterKeyDir=/opt/jfrog/artifactory/var/etc/security - local oldMasterKey=$(<${masterKeyDir}/master.key) - local oldMasterKey_Length=$(echo ${#oldMasterKey}) - local newMasterKey= - if [[ ${oldMasterKey_Length} -gt 32 ]]; then - bannerSection "TRIM MASTERKEY" - newMasterKey=$(echo ${oldMasterKey:0:32}) - cp ${masterKeyDir}/master.key ${masterKeyDir}/backup_master.key - logger "Original masterKey is backed up : ${masterKeyDir}/backup_master.key" - rm -rf ${masterKeyDir}/master.key - echo ${newMasterKey} > ${masterKeyDir}/master.key - logger "masterKey is trimmed : ${masterKeyDir}/master.key" - fi -} - -copyDirectories () { - - copyDataDirectories "copyFiles" "full" - copyDataDirectories "copyUniqueFiles" "unique" - copyDataDirectories "copySpecificFiles" "specific" - copyDataDirectories "copyPatternMatchingFiles" "patternFiles" -} - -symlinkDir () { - local source="$1" - local target="$2" - local targetDir= - local basename= - local targetParentDir= - - targetDir="$(dirname "${target}")" - if [[ "${targetDir}" == "${source}" ]]; then - # symlink the sub directories - createDirectory "${NEW_DATA_DIR}/${target}" "Warning" - if [[ "$(checkDirExists "${NEW_DATA_DIR}/${target}")" == "true" ]]; then - symlinkOnExist "${OLD_DATA_DIR}/${source}" "${NEW_DATA_DIR}/${target}" "subDir" - basename="$(basename "${target}")" - cd "${NEW_DATA_DIR}/${target}" && rm -f "${basename}" - fi - else - targetParentDir="$(dirname "${NEW_DATA_DIR}/${target}")" - createDirectory "${targetParentDir}" "Warning" - if [[ "$(checkDirExists "${targetParentDir}")" == "true" ]]; then - symlinkOnExist "${OLD_DATA_DIR}/${source}" "${NEW_DATA_DIR}/${target}" - fi - fi -} - -symlinkOperation () { - local source="$1" - local target="$2" - local check=false - local targetLink= - local date= - - # Check if source is a link and do symlink - if [[ -L "${OLD_DATA_DIR}/${source}" ]]; then - targetLink=$(readlink -f "${OLD_DATA_DIR}/${source}") - symlinkOnExist "${targetLink}" "${NEW_DATA_DIR}/${target}" - else - # check if source is directory and do symlink - if [[ "$(checkDirExists "${OLD_DATA_DIR}/${source}")" != "true" ]]; then - logger "Source [${source}] directory not found in path to symlink" - return - fi - if [[ "$(checkDirContents "${OLD_DATA_DIR}/${source}")" != "true" ]]; then - logger "No contents found in [${OLD_DATA_DIR}/${source}] to symlink" - return - fi - if [[ "$(checkDirExists "${NEW_DATA_DIR}/${target}")" != "true" ]]; then - logger "Target directory [${NEW_DATA_DIR}/${target}] does not exist to create symlink, creating it" - symlinkDir "${source}" "${target}" - else - rm -rf "${NEW_DATA_DIR}/${target}" && check=true || check=false - [[ "${check}" == "false" ]] && warn "Failed to remove contents in [${NEW_DATA_DIR}/${target}/]" - symlinkDir "${source}" "${target}" - fi - fi -} -# Creates a symlink path - Source directory to which the symbolic link should point. -symlinkDirectories () { - local linkFiles= - local map= - local source= - local target= - - retrieveYamlValue "migration.linkFiles" "linkFiles" "Skip" - linkFiles="${YAML_VALUE}" - if [[ -z "${linkFiles}" ]]; then - return - fi - bannerSection "SYMLINK DIRECTORIES" - retrieveYamlValue "migration.linkFiles.map" "map" "Warning" - map="${YAML_VALUE}" - for entry in $map; - do - if [[ "$(checkMapEntry "${entry}")" == "true" ]]; then - source="$(getSecondEntry "${entry}")" - target="$(getFirstEntry "${entry}")" - logger "Symlink directory [${NEW_DATA_DIR}/${target}] to old [${OLD_DATA_DIR}/${source}]" - [[ -z "${source}" ]] && warn "source value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue - [[ -z "${target}" ]] && warn "target value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue - symlinkOperation "${source}" "${target}" - else - warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e target=source" - fi - echo ""; - done -} - -updateConnectionString () { - local yamlPath="$1" - local value="$2" - local mongoPath="shared.mongo.url" - local rabbitmqPath="shared.rabbitMq.url" - local postgresPath="shared.database.url" - local redisPath="shared.redis.connectionString" - local mongoConnectionString="mongo.connectionString" - local sourceKey= - local hostIp=$(io_getPublicHostIP) - local hostKey= - - if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then - # Replace @postgres:,@mongodb:,@rabbitmq:,@redis: to @{hostIp}: (Compose Installer) - hostKey="@${hostIp}:" - case $yamlPath in - ${postgresPath}) - sourceKey="@postgres:" - value=$(io_replaceString "${value}" "${sourceKey}" "${hostKey}") - ;; - ${mongoPath}) - sourceKey="@mongodb:" - value=$(io_replaceString "${value}" "${sourceKey}" "${hostKey}") - ;; - ${rabbitmqPath}) - sourceKey="@rabbitmq:" - value=$(io_replaceString "${value}" "${sourceKey}" "${hostKey}") - ;; - ${redisPath}) - sourceKey="@redis:" - value=$(io_replaceString "${value}" "${sourceKey}" "${hostKey}") - ;; - ${mongoConnectionString}) - sourceKey="@mongodb:" - value=$(io_replaceString "${value}" "${sourceKey}" "${hostKey}") - ;; - esac - fi - echo -n "${value}" -} - -yamlMigrate () { - local entry="$1" - local sourceFile="$2" - local value= - local yamlPath= - local key= - yamlPath="$(getFirstEntry "${entry}")" - key="$(getSecondEntry "${entry}")" - if [[ -z "${key}" ]]; then - warn "key is empty in map [${entry}] in the file [${MIGRATION_SYSTEM_YAML_INFO}]" - return - fi - if [[ -z "${yamlPath}" ]]; then - warn "yamlPath is empty for [${key}] in [${MIGRATION_SYSTEM_YAML_INFO}]" - return - fi - getYamlValue "${key}" "${sourceFile}" "false" - value="${YAML_VALUE}" - if [[ ! -z "${value}" ]]; then - value=$(updateConnectionString "${yamlPath}" "${value}") - fi - if [[ "${PRODUCT}" == "artifactory" ]]; then - replicatorProfiling - fi - if [[ -z "${value}" ]]; then - logger "No value for [${key}] in [${sourceFile}]" - else - setSystemValue "${yamlPath}" "${value}" "${SYSTEM_YAML_PATH}" - logger "Setting [${yamlPath}] with value of the key [${key}] in system.yaml" - fi -} - -migrateYamlFile () { - local files= - local filePath= - local fileName= - local sourceFile= - local map= - retrieveYamlValue "migration.yaml.files" "files" "Skip" - files="${YAML_VALUE}" - if [[ -z "${files}" ]]; then - return - fi - bannerSection "MIGRATION OF YAML FILES" - for file in $files; - do - bannerSubSection "Processing Migration of $file" - retrieveYamlValue "migration.yaml.$file.filePath" "filePath" "Warning" - filePath="${YAML_VALUE}" - retrieveYamlValue "migration.yaml.$file.fileName" "fileName" "Warning" - fileName="${YAML_VALUE}" - [[ -z "${filePath}" && -z "${fileName}" ]] && continue - sourceFile="${NEW_DATA_DIR}/${filePath}/${fileName}" - if [[ "$(checkFileExists "${sourceFile}")" == "true" ]]; then - logger "File [${fileName}] found in path [${NEW_DATA_DIR}/${filePath}]" - retrieveYamlValue "migration.yaml.$file.map" "map" "Warning" - map="${YAML_VALUE}" - [[ -z "${map}" ]] && continue - for entry in $map; - do - if [[ "$(checkMapEntry "${entry}")" == "true" ]]; then - yamlMigrate "${entry}" "${sourceFile}" - else - warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e yamlPath=key" - fi - done - else - logger "File [${fileName}] is not found in path [${NEW_DATA_DIR}/${filePath}] to migrate" - fi - done -} -# updates the key and value in system.yaml -updateYamlKeyValue () { - local entry="$1" - local value= - local yamlPath= - local key= - - yamlPath="$(getFirstEntry "${entry}")" - value="$(getSecondEntry "${entry}")" - if [[ -z "${value}" ]]; then - warn "value is empty in map [${entry}] in the file [${MIGRATION_SYSTEM_YAML_INFO}]" - return - fi - if [[ -z "${yamlPath}" ]]; then - warn "yamlPath is empty for [${key}] in [${MIGRATION_SYSTEM_YAML_INFO}]" - return - fi - setSystemValue "${yamlPath}" "${value}" "${SYSTEM_YAML_PATH}" - logger "Setting [${yamlPath}] with value [${value}] in system.yaml" -} - -updateSystemYamlFile () { - local updateYaml= - local map= - - retrieveYamlValue "migration.updateSystemYaml" "updateYaml" "Skip" - updateSystemYaml="${YAML_VALUE}" - if [[ -z "${updateSystemYaml}" ]]; then - return - fi - bannerSection "UPDATE SYSTEM YAML FILE WITH KEY AND VALUES" - retrieveYamlValue "migration.updateSystemYaml.map" "map" "Warning" - map="${YAML_VALUE}" - if [[ -z "${map}" ]]; then - return - fi - for entry in $map; - do - if [[ "$(checkMapEntry "${entry}")" == "true" ]]; then - updateYamlKeyValue "${entry}" - else - warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e yamlPath=key" - fi - done -} - -backupFiles_hook () { - logSilly "Method ${FUNCNAME[0]}" -} - -backupDirectory () { - local backupDir="$1" - local dir="$2" - local targetDir="$3" - local effectiveUser= - local effectiveGroup= - - if [[ "${dir}" = \/* ]]; then - dir=$(echo "${dir/\//}") - fi - - if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then - effectiveUser="${JF_USER}" - effectiveGroup="${JF_USER}" - elif [[ "${INSTALLER}" == "${DEB_TYPE}" || "${INSTALLER}" == "${RPM_TYPE}" ]]; then - effectiveUser="${USER_TO_CHECK}" - effectiveGroup="${GROUP_TO_CHECK}" - fi - - removeSoftLinkAndCreateDir "${backupDir}" "${effectiveUser}" "${effectiveGroup}" "yes" - local backupDirectory="${backupDir}/${PRODUCT}" - removeSoftLinkAndCreateDir "${backupDirectory}" "${effectiveUser}" "${effectiveGroup}" "yes" - removeSoftLinkAndCreateDir "${backupDirectory}/${dir}" "${effectiveUser}" "${effectiveGroup}" "yes" - local outputCheckDirExists="$(checkDirExists "${backupDirectory}/${dir}")" - if [[ "${outputCheckDirExists}" == "true" ]]; then - copyOnContentExist "${targetDir}" "${backupDirectory}/${dir}" "full" - fi -} - -removeOldDirectory () { - local backupDir="$1" - local entry="$2" - local check=false - - # prepend OLD_DATA_DIR only if entry is relative path - local targetDir="$(prependDir "${entry}" "${OLD_DATA_DIR}/${entry}")" - local outputCheckDirExists="$(checkDirExists "${targetDir}")" - if [[ "${outputCheckDirExists}" != "true" ]]; then - logger "No [${targetDir}] directory found to delete" - echo ""; - return - fi - backupDirectory "${backupDir}" "${entry}" "${targetDir}" - rm -rf "${targetDir}" && check=true || check=false - [[ "${check}" == "true" ]] && logger "Successfully removed directory [${targetDir}]" - [[ "${check}" == "false" ]] && warn "Failed to remove directory [${targetDir}]" - echo ""; -} - -cleanUpOldDataDirectories () { - local cleanUpOldDataDir= - local map= - local entry= - - retrieveYamlValue "migration.cleanUpOldDataDir" "cleanUpOldDataDir" "Skip" - cleanUpOldDataDir="${YAML_VALUE}" - if [[ -z "${cleanUpOldDataDir}" ]]; then - return - fi - bannerSection "CLEAN UP OLD DATA DIRECTORIES" - retrieveYamlValue "migration.cleanUpOldDataDir.map" "map" "Warning" - map="${YAML_VALUE}" - [[ -z "${map}" ]] && continue - date="$(date +%Y%m%d%H%M)" - backupDir="${NEW_DATA_DIR}/backup/backup-${date}" - bannerImportant "****** Old data configurations are backedup in [${backupDir}] directory ******" - backupFiles_hook "${backupDir}/${PRODUCT}" - for entry in $map; - do - removeOldDirectory "${backupDir}" "${entry}" - done -} - -backupFiles () { - local backupDir="$1" - local dir="$2" - local targetDir="$3" - local fileName="$4" - local effectiveUser= - local effectiveGroup= - - if [[ "${dir}" = \/* ]]; then - dir=$(echo "${dir/\//}") - fi - - if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then - effectiveUser="${JF_USER}" - effectiveGroup="${JF_USER}" - elif [[ "${INSTALLER}" == "${DEB_TYPE}" || "${INSTALLER}" == "${RPM_TYPE}" ]]; then - effectiveUser="${USER_TO_CHECK}" - effectiveGroup="${GROUP_TO_CHECK}" - fi - - removeSoftLinkAndCreateDir "${backupDir}" "${effectiveUser}" "${effectiveGroup}" "yes" - local backupDirectory="${backupDir}/${PRODUCT}" - removeSoftLinkAndCreateDir "${backupDirectory}" "${effectiveUser}" "${effectiveGroup}" "yes" - removeSoftLinkAndCreateDir "${backupDirectory}/${dir}" "${effectiveUser}" "${effectiveGroup}" "yes" - local outputCheckDirExists="$(checkDirExists "${backupDirectory}/${dir}")" - if [[ "${outputCheckDirExists}" == "true" ]]; then - copyCmd "${targetDir}/${fileName}" "${backupDirectory}/${dir}" "specific" - fi -} - -removeOldFiles () { - local backupDir="$1" - local directoryName="$2" - local fileName="$3" - local check=false - - # prepend OLD_DATA_DIR only if entry is relative path - local targetDir="$(prependDir "${directoryName}" "${OLD_DATA_DIR}/${directoryName}")" - local outputCheckFileExists="$(checkFileExists "${targetDir}/${fileName}")" - if [[ "${outputCheckFileExists}" != "true" ]]; then - logger "No [${targetDir}/${fileName}] file found to delete" - return - fi - backupFiles "${backupDir}" "${directoryName}" "${targetDir}" "${fileName}" - rm -f "${targetDir}/${fileName}" && check=true || check=false - [[ "${check}" == "true" ]] && logger "Successfully removed file [${targetDir}/${fileName}]" - [[ "${check}" == "false" ]] && warn "Failed to remove file [${targetDir}/${fileName}]" - echo ""; -} - -cleanUpOldFiles () { - local cleanUpFiles= - local map= - local entry= - - retrieveYamlValue "migration.cleanUpOldFiles" "cleanUpOldFiles" "Skip" - cleanUpOldFiles="${YAML_VALUE}" - if [[ -z "${cleanUpOldFiles}" ]]; then - return - fi - bannerSection "CLEAN UP OLD FILES" - retrieveYamlValue "migration.cleanUpOldFiles.map" "map" "Warning" - map="${YAML_VALUE}" - [[ -z "${map}" ]] && continue - date="$(date +%Y%m%d%H%M)" - backupDir="${NEW_DATA_DIR}/backup/backup-${date}" - bannerImportant "****** Old files are backedup in [${backupDir}] directory ******" - for entry in $map; - do - local outputCheckMapEntry="$(checkMapEntry "${entry}")" - if [[ "${outputCheckMapEntry}" != "true" ]]; then - warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e directoryName=fileName" - fi - local fileName="$(getSecondEntry "${entry}")" - local directoryName="$(getFirstEntry "${entry}")" - [[ -z "${fileName}" ]] && warn "File name value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue - [[ -z "${directoryName}" ]] && warn "Directory name value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue - removeOldFiles "${backupDir}" "${directoryName}" "${fileName}" - echo ""; - done -} - -startMigration () { - bannerSection "STARTING MIGRATION" -} - -endMigration () { - bannerSection "MIGRATION COMPLETED SUCCESSFULLY" -} - -initialize () { - setAppDir - _pauseExecution "setAppDir" - initHelpers - _pauseExecution "initHelpers" - checkMigrationInfoYaml - _pauseExecution "checkMigrationInfoYaml" - getProduct - _pauseExecution "getProduct" - getDataDir - _pauseExecution "getDataDir" -} - -main () { - case $PRODUCT in - artifactory) - migrateArtifactory - ;; - distribution) - migrateDistribution - ;; - xray) - migrationXray - ;; - esac - exit 0 -} - -# Ensures meta data is logged -LOG_BEHAVIOR_ADD_META="$FLAG_Y" - - -migrateResolveDerbyPath () { - local key="$1" - local value="$2" - - if [[ "${key}" == "url" && "${value}" == *"db.home"* ]]; then - if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" ]]; then - derbyPath="/opt/jfrog/artifactory/var/data/artifactory/derby" - value=$(echo "${value}" | sed "s|{db.home}|$derbyPath|") - else - derbyPath="${NEW_DATA_DIR}/data/artifactory/derby" - value=$(echo "${value}" | sed "s|{db.home}|$derbyPath|") - fi - fi - echo "${value}" -} - -migrateResolveHaDirPath () { - local key="$1" - local value="$2" - - if [[ "${INSTALLER}" == "${RPM_TYPE}" || "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" || "${INSTALLER}" == "${DEB_TYPE}" ]]; then - if [[ "${key}" == "artifactory.ha.data.dir" || "${key}" == "artifactory.ha.backup.dir" ]]; then - value=$(checkPathResolver "${value}") - fi - fi - echo "${value}" -} -updatePostgresUrlString_Hook () { - local yamlPath="$1" - local value="$2" - local hostIp=$(io_getPublicHostIP) - local sourceKey="//postgresql:" - if [[ "${yamlPath}" == "shared.database.url" ]]; then - value=$(io_replaceString "${value}" "${sourceKey}" "//${hostIp}:" "#") - fi - echo "${value}" -} -# Check Artifactory product version -checkArtifactoryVersion () { - local minProductVersion="6.0.0" - local maxProductVersion="7.0.0" - local propertyInDocker="ARTIFACTORY_VERSION" - local property="artifactory.version" - - if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" ]]; then - local newfilePath="${APP_DIR}/../.env" - local oldfilePath="${OLD_DATA_DIR}/etc/artifactory.properties" - elif [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then - local oldfilePath="${OLD_DATA_DIR}/etc/artifactory.properties" - elif [[ "${INSTALLER}" == "${ZIP_TYPE}" ]]; then - local newfilePath="${NEW_DATA_DIR}/etc/artifactory/artifactory.properties" - local oldfilePath="${OLD_DATA_DIR}/etc/artifactory.properties" - else - local newfilePath="${NEW_DATA_DIR}/etc/artifactory/artifactory.properties" - local oldfilePath="/etc/opt/jfrog/artifactory/artifactory.properties" - fi - - getProductVersion "${minProductVersion}" "${maxProductVersion}" "${newfilePath}" "${oldfilePath}" "${propertyInDocker}" "${property}" -} - -getCustomDataDir_hook () { - retrieveYamlValue "migration.oldDataDir" "oldDataDir" "Fail" - OLD_DATA_DIR="${YAML_VALUE}" -} - -# Get protocol value of connector -getXmlConnectorProtocol () { - local i="$1" - local filePath="$2" - local fileName="$3" - local protocolValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@protocol' ${filePath}/${fileName} 2>/dev/null |awk -F"=" '{print $2}' | tr -d '"') - echo -e "${protocolValue}" -} - -# Get all attributes of connector -getXmlConnectorAttributes () { - local i="$1" - local filePath="$2" - local fileName="$3" - local connectorAttributes=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@*' ${filePath}/${fileName} 2>/dev/null) - # strip leading and trailing spaces - connectorAttributes=$(io_trim "${connectorAttributes}") - echo "${connectorAttributes}" -} - -# Get port value of connector -getXmlConnectorPort () { - local i="$1" - local filePath="$2" - local fileName="$3" - local portValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@port' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') - echo -e "${portValue}" -} - -# Get maxThreads value of connector -getXmlConnectorMaxThreads () { - local i="$1" - local filePath="$2" - local fileName="$3" - local maxThreadValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@maxThreads' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') - echo -e "${maxThreadValue}" -} -# Get sendReasonPhrase value of connector -getXmlConnectorSendReasonPhrase () { - local i="$1" - local filePath="$2" - local fileName="$3" - local sendReasonPhraseValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@sendReasonPhrase' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') - echo -e "${sendReasonPhraseValue}" -} -# Get relaxedPathChars value of connector -getXmlConnectorRelaxedPathChars () { - local i="$1" - local filePath="$2" - local fileName="$3" - local relaxedPathCharsValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@relaxedPathChars' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') - # strip leading and trailing spaces - relaxedPathCharsValue=$(io_trim "${relaxedPathCharsValue}") - echo -e "${relaxedPathCharsValue}" -} -# Get relaxedQueryChars value of connector -getXmlConnectorRelaxedQueryChars () { - local i="$1" - local filePath="$2" - local fileName="$3" - local relaxedQueryCharsValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@relaxedQueryChars' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') - # strip leading and trailing spaces - relaxedQueryCharsValue=$(io_trim "${relaxedQueryCharsValue}") - echo -e "${relaxedQueryCharsValue}" -} - -# Updating system.yaml with Connector port -setConnectorPort () { - local yamlPath="$1" - local valuePort="$2" - local portYamlPath= - if [[ -z "${yamlPath}" ]]; then - return - fi - if [[ -z "${valuePort}" ]]; then - warn "port value is empty, could not migrate to system.yaml" - return - fi - ## Getting port yaml path from migration info yaml - retrieveYamlValue "${yamlPath}" portYamlPath "Warning" - portYamlPath="${YAML_VALUE}" - if [[ -z "${portYamlPath}" ]]; then - return - fi - setSystemValue "${portYamlPath}" "${valuePort}" "${SYSTEM_YAML_PATH}" - logger "Setting [${portYamlPath}] with value [${valuePort}] in system.yaml" -} - -# Updating system.yaml with Connector maxThreads -setConnectorMaxThread () { - local yamlPath="$1" - local threadValue="$2" - local maxThreadYamlPath= - if [[ -z "${yamlPath}" ]]; then - return - fi - if [[ -z "${threadValue}" ]]; then - return - fi - ## Getting max Threads yaml path from migration info yaml - retrieveYamlValue "${yamlPath}" maxThreadYamlPath "Warning" - maxThreadYamlPath="${YAML_VALUE}" - if [[ -z "${maxThreadYamlPath}" ]]; then - return - fi - setSystemValue "${maxThreadYamlPath}" "${threadValue}" "${SYSTEM_YAML_PATH}" - logger "Setting [${maxThreadYamlPath}] with value [${threadValue}] in system.yaml" -} - -# Updating system.yaml with Connector sendReasonPhrase -setConnectorSendReasonPhrase () { - local yamlPath="$1" - local sendReasonPhraseValue="$2" - local sendReasonPhraseYamlPath= - if [[ -z "${yamlPath}" ]]; then - return - fi - if [[ -z "${sendReasonPhraseValue}" ]]; then - return - fi - ## Getting sendReasonPhrase yaml path from migration info yaml - retrieveYamlValue "${yamlPath}" sendReasonPhraseYamlPath "Warning" - sendReasonPhraseYamlPath="${YAML_VALUE}" - if [[ -z "${sendReasonPhraseYamlPath}" ]]; then - return - fi - setSystemValue "${sendReasonPhraseYamlPath}" "${sendReasonPhraseValue}" "${SYSTEM_YAML_PATH}" - logger "Setting [${sendReasonPhraseYamlPath}] with value [${sendReasonPhraseValue}] in system.yaml" -} - -# Updating system.yaml with Connector relaxedPathChars -setConnectorRelaxedPathChars () { - local yamlPath="$1" - local relaxedPathCharsValue="$2" - local relaxedPathCharsYamlPath= - if [[ -z "${yamlPath}" ]]; then - return - fi - if [[ -z "${relaxedPathCharsValue}" ]]; then - return - fi - ## Getting relaxedPathChars yaml path from migration info yaml - retrieveYamlValue "${yamlPath}" relaxedPathCharsYamlPath "Warning" - relaxedPathCharsYamlPath="${YAML_VALUE}" - if [[ -z "${relaxedPathCharsYamlPath}" ]]; then - return - fi - setSystemValue "${relaxedPathCharsYamlPath}" "${relaxedPathCharsValue}" "${SYSTEM_YAML_PATH}" - logger "Setting [${relaxedPathCharsYamlPath}] with value [${relaxedPathCharsValue}] in system.yaml" -} - -# Updating system.yaml with Connector relaxedQueryChars -setConnectorRelaxedQueryChars () { - local yamlPath="$1" - local relaxedQueryCharsValue="$2" - local relaxedQueryCharsYamlPath= - if [[ -z "${yamlPath}" ]]; then - return - fi - if [[ -z "${relaxedQueryCharsValue}" ]]; then - return - fi - ## Getting relaxedQueryChars yaml path from migration info yaml - retrieveYamlValue "${yamlPath}" relaxedQueryCharsYamlPath "Warning" - relaxedQueryCharsYamlPath="${YAML_VALUE}" - if [[ -z "${relaxedQueryCharsYamlPath}" ]]; then - return - fi - setSystemValue "${relaxedQueryCharsYamlPath}" "${relaxedQueryCharsValue}" "${SYSTEM_YAML_PATH}" - logger "Setting [${relaxedQueryCharsYamlPath}] with value [${relaxedQueryCharsValue}] in system.yaml" -} - -# Updating system.yaml with Connectors configurations -setConnectorExtraConfig () { - local yamlPath="$1" - local connectorAttributes="$2" - local extraConfigPath= - if [[ -z "${yamlPath}" ]]; then - return - fi - if [[ -z "${connectorAttributes}" ]]; then - return - fi - ## Getting extraConfig yaml path from migration info yaml - retrieveYamlValue "${yamlPath}" extraConfig "Warning" - extraConfigPath="${YAML_VALUE}" - if [[ -z "${extraConfigPath}" ]]; then - return - fi - # strip leading and trailing spaces - connectorAttributes=$(io_trim "${connectorAttributes}") - setSystemValue "${extraConfigPath}" "${connectorAttributes}" "${SYSTEM_YAML_PATH}" - logger "Setting [${extraConfigPath}] with connector attributes in system.yaml" -} - -# Updating system.yaml with extra Connectors -setExtraConnector () { - local yamlPath="$1" - local extraConnector="$2" - local extraConnectorYamlPath= - if [[ -z "${yamlPath}" ]]; then - return - fi - if [[ -z "${extraConnector}" ]]; then - return - fi - ## Getting extraConnecotr yaml path from migration info yaml - retrieveYamlValue "${yamlPath}" extraConnectorYamlPath "Warning" - extraConnectorYamlPath="${YAML_VALUE}" - if [[ -z "${extraConnectorYamlPath}" ]]; then - return - fi - getYamlValue "${extraConnectorYamlPath}" "${SYSTEM_YAML_PATH}" "false" - local connectorExtra="${YAML_VALUE}" - if [[ -z "${connectorExtra}" ]]; then - setSystemValue "${extraConnectorYamlPath}" "${extraConnector}" "${SYSTEM_YAML_PATH}" - logger "Setting [${extraConnectorYamlPath}] with extra connectors in system.yaml" - else - setSystemValue "${extraConnectorYamlPath}" "\"${connectorExtra} ${extraConnector}\"" "${SYSTEM_YAML_PATH}" - logger "Setting [${extraConnectorYamlPath}] with extra connectors in system.yaml" - fi -} - -# Migrate extra connectors to system.yaml -migrateExtraConnectors () { - local filePath="$1" - local fileName="$2" - local connectorCount="$3" - local excludeDefaultPort="$4" - local i="$5" - local extraConfig= - local extraConnector= - if [[ "${excludeDefaultPort}" == "yes" ]]; then - for ((i = 1 ; i <= "${connectorCount}" ; i++)); - do - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - [[ "${portValue}" != "${DEFAULT_ACCESS_PORT}" && "${portValue}" != "${DEFAULT_RT_PORT}" ]] || continue - extraConnector=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']' ${filePath}/${fileName} 2>/dev/null) - setExtraConnector "${EXTRA_CONFIG_YAMLPATH}" "${extraConnector}" - done - else - extraConnector=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']' ${filePath}/${fileName} 2>/dev/null) - setExtraConnector "${EXTRA_CONFIG_YAMLPATH}" "${extraConnector}" - fi -} - -# Migrate connector configurations -migrateConnectorConfig () { - local i="$1" - local protocolType="$2" - local portValue="$3" - local connectorPortYamlPath="$4" - local connectorMaxThreadYamlPath="$5" - local connectorAttributesYamlPath="$6" - local filePath="$7" - local fileName="$8" - local connectorSendReasonPhraseYamlPath="$9" - local connectorRelaxedPathCharsYamlPath="${10}" - local connectorRelaxedQueryCharsYamlPath="${11}" - - # migrate port - setConnectorPort "${connectorPortYamlPath}" "${portValue}" - - # migrate maxThreads - local maxThreadValue=$(getXmlConnectorMaxThreads "$i" "${filePath}" "${fileName}") - setConnectorMaxThread "${connectorMaxThreadYamlPath}" "${maxThreadValue}" - - # migrate sendReasonPhrase - local sendReasonPhraseValue=$(getXmlConnectorSendReasonPhrase "$i" "${filePath}" "${fileName}") - setConnectorSendReasonPhrase "${connectorSendReasonPhraseYamlPath}" "${sendReasonPhraseValue}" - - # migrate relaxedPathChars - local relaxedPathCharsValue=$(getXmlConnectorRelaxedPathChars "$i" "${filePath}" "${fileName}") - setConnectorRelaxedPathChars "${connectorRelaxedPathCharsYamlPath}" "\"${relaxedPathCharsValue}\"" - # migrate relaxedQueryChars - local relaxedQueryCharsValue=$(getXmlConnectorRelaxedQueryChars "$i" "${filePath}" "${fileName}") - setConnectorRelaxedQueryChars "${connectorRelaxedQueryCharsYamlPath}" "\"${relaxedQueryCharsValue}\"" - - # migrate all attributes to extra config except port , maxThread , sendReasonPhrase ,relaxedPathChars and relaxedQueryChars - local connectorAttributes=$(getXmlConnectorAttributes "$i" "${filePath}" "${fileName}") - connectorAttributes=$(echo "${connectorAttributes}" | sed 's/port="'${portValue}'"//g' | sed 's/maxThreads="'${maxThreadValue}'"//g' | sed 's/sendReasonPhrase="'${sendReasonPhraseValue}'"//g' | sed 's/relaxedPathChars="\'${relaxedPathCharsValue}'\"//g' | sed 's/relaxedQueryChars="\'${relaxedQueryCharsValue}'\"//g') - # strip leading and trailing spaces - connectorAttributes=$(io_trim "${connectorAttributes}") - setConnectorExtraConfig "${connectorAttributesYamlPath}" "${connectorAttributes}" -} - -# Check for default port 8040 and 8081 in connectors and migrate -migrateConnectorPort () { - local filePath="$1" - local fileName="$2" - local connectorCount="$3" - local defaultPort="$4" - local connectorPortYamlPath="$5" - local connectorMaxThreadYamlPath="$6" - local connectorAttributesYamlPath="$7" - local connectorSendReasonPhraseYamlPath="$8" - local connectorRelaxedPathCharsYamlPath="$9" - local connectorRelaxedQueryCharsYamlPath="${10}" - local portYamlPath= - local maxThreadYamlPath= - local status= - for ((i = 1 ; i <= "${connectorCount}" ; i++)); - do - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - local protocolType=$(getXmlConnectorProtocol "$i" "${filePath}" "${fileName}") - [[ "${protocolType}" == *AJP* ]] && continue - [[ "${portValue}" != "${defaultPort}" ]] && continue - if [[ "${portValue}" == "${DEFAULT_RT_PORT}" ]]; then - RT_DEFAULTPORT_STATUS=success - else - AC_DEFAULTPORT_STATUS=success - fi - migrateConnectorConfig "${i}" "${protocolType}" "${portValue}" "${connectorPortYamlPath}" "${connectorMaxThreadYamlPath}" "${connectorAttributesYamlPath}" "${filePath}" "${fileName}" "${connectorSendReasonPhraseYamlPath}" "${connectorRelaxedPathCharsYamlPath}" "${connectorRelaxedQueryCharsYamlPath}" - done -} - -# migrate to extra, connector having default port and protocol is AJP -migrateDefaultPortIfAjp () { - local filePath="$1" - local fileName="$2" - local connectorCount="$3" - local defaultPort="$4" - - for ((i = 1 ; i <= "${connectorCount}" ; i++)); - do - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - local protocolType=$(getXmlConnectorProtocol "$i" "${filePath}" "${fileName}") - [[ "${protocolType}" != *AJP* ]] && continue - [[ "${portValue}" != "${defaultPort}" ]] && continue - migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "no" "${i}" - done - -} - -# Comparing max threads in connectors -compareMaxThreads () { - local firstConnectorMaxThread="$1" - local firstConnectorNode="$2" - local secondConnectorMaxThread="$3" - local secondConnectorNode="$4" - local filePath="$5" - local fileName="$6" - - # choose higher maxThreads connector as Artifactory. - if [[ "${firstConnectorMaxThread}" -gt ${secondConnectorMaxThread} || "${firstConnectorMaxThread}" -eq ${secondConnectorMaxThread} ]]; then - # maxThread is higher in firstConnector, - # Taking firstConnector as Artifactory and SecondConnector as Access - # maxThread is equal in both connector,considering firstConnector as Artifactory and SecondConnector as Access - local rtPortValue=$(getXmlConnectorPort "${firstConnectorNode}" "${filePath}" "${fileName}") - migrateConnectorConfig "${firstConnectorNode}" "${protocolType}" "${rtPortValue}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" - local acPortValue=$(getXmlConnectorPort "${secondConnectorNode}" "${filePath}" "${fileName}") - migrateConnectorConfig "${secondConnectorNode}" "${protocolType}" "${acPortValue}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${AC_SENDREASONPHRASE_YAMLPATH}" - else - # maxThread is higher in SecondConnector, - # Taking SecondConnector as Artifactory and firstConnector as Access - local rtPortValue=$(getXmlConnectorPort "${secondConnectorNode}" "${filePath}" "${fileName}") - migrateConnectorConfig "${secondConnectorNode}" "${protocolType}" "${rtPortValue}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" - local acPortValue=$(getXmlConnectorPort "${firstConnectorNode}" "${filePath}" "${fileName}") - migrateConnectorConfig "${firstConnectorNode}" "${protocolType}" "${acPortValue}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${AC_SENDREASONPHRASE_YAMLPATH}" - fi -} - -# Check max threads exist to compare -maxThreadsExistToCompare () { - local filePath="$1" - local fileName="$2" - local connectorCount="$3" - local firstConnectorMaxThread= - local secondConnectorMaxThread= - local firstConnectorNode= - local secondConnectorNode= - local status=success - local firstnode=fail - - for ((i = 1 ; i <= "${connectorCount}" ; i++)); - do - local protocolType=$(getXmlConnectorProtocol "$i" "${filePath}" "${fileName}") - if [[ ${protocolType} == *AJP* ]]; then - # Migrate Connectors - migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "no" "${i}" - continue - fi - # store maxthreads value of each connector - if [[ ${firstnode} == "fail" ]]; then - firstConnectorMaxThread=$(getXmlConnectorMaxThreads "${i}" "${filePath}" "${fileName}") - firstConnectorNode="${i}" - firstnode=success - else - secondConnectorMaxThread=$(getXmlConnectorMaxThreads "${i}" "${filePath}" "${fileName}") - secondConnectorNode="${i}" - fi - done - [[ -z "${firstConnectorMaxThread}" ]] && status=fail - [[ -z "${secondConnectorMaxThread}" ]] && status=fail - # maxThreads is set, now compare MaxThreads - if [[ "${status}" == "success" ]]; then - compareMaxThreads "${firstConnectorMaxThread}" "${firstConnectorNode}" "${secondConnectorMaxThread}" "${secondConnectorNode}" "${filePath}" "${fileName}" - else - # Assume first connector is RT, maxThreads is not set in both connectors - local rtPortValue=$(getXmlConnectorPort "${firstConnectorNode}" "${filePath}" "${fileName}") - migrateConnectorConfig "${firstConnectorNode}" "${protocolType}" "${rtPortValue}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" - local acPortValue=$(getXmlConnectorPort "${secondConnectorNode}" "${filePath}" "${fileName}") - migrateConnectorConfig "${secondConnectorNode}" "${protocolType}" "${acPortValue}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${AC_SENDREASONPHRASE_YAMLPATH}" - fi -} - -migrateExtraBasedOnNonAjpCount () { - local nonAjpCount="$1" - local filePath="$2" - local fileName="$3" - local connectorCount="$4" - local i="$5" - - local protocolType=$(getXmlConnectorProtocol "$i" "${filePath}" "${fileName}") - if [[ "${protocolType}" == *AJP* ]]; then - if [[ "${nonAjpCount}" -eq 1 ]]; then - # migrateExtraConnectors - migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "no" "${i}" - continue - else - # migrateExtraConnectors - migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "yes" - continue - fi - fi -} - -# find RT and AC Connector -findRtAndAcConnector () { - local filePath="$1" - local fileName="$2" - local connectorCount="$3" - local initialAjpCount=0 - local nonAjpCount=0 - - # get the count of non AJP - for ((i = 1 ; i <= "${connectorCount}" ; i++)); - do - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - local protocolType=$(getXmlConnectorProtocol "$i" "${filePath}" "${fileName}") - [[ "${protocolType}" != *AJP* ]] || continue - nonAjpCount=$((initialAjpCount+1)) - initialAjpCount="${nonAjpCount}" - done - if [[ "${nonAjpCount}" -eq 1 ]]; then - # Add the connector found as access and artifactory connectors - # Mark port as 8040 for access - for ((i = 1 ; i <= "${connectorCount}" ; i++)) - do - migrateExtraBasedOnNonAjpCount "${nonAjpCount}" "${filePath}" "${fileName}" "${connectorCount}" "$i" - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - migrateConnectorConfig "$i" "${protocolType}" "${portValue}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" - migrateConnectorConfig "$i" "${protocolType}" "${portValue}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${AC_SENDREASONPHRASE_YAMLPATH}" - setConnectorPort "${AC_PORT_YAMLPATH}" "${DEFAULT_ACCESS_PORT}" - done - elif [[ "${nonAjpCount}" -eq 2 ]]; then - # compare maxThreads in both connectors - maxThreadsExistToCompare "${filePath}" "${fileName}" "${connectorCount}" - elif [[ "${nonAjpCount}" -gt 2 ]]; then - # migrateExtraConnectors - migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "yes" - elif [[ "${nonAjpCount}" -eq 0 ]]; then - # setting with default port in system.yaml - setConnectorPort "${RT_PORT_YAMLPATH}" "${DEFAULT_RT_PORT}" - setConnectorPort "${AC_PORT_YAMLPATH}" "${DEFAULT_ACCESS_PORT}" - # migrateExtraConnectors - migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "yes" - fi -} - -# get the count of non AJP -getCountOfNonAjp () { - local port="$1" - local connectorCount="$2" - local filePath=$3 - local fileName=$4 - local initialNonAjpCount=0 - - for ((i = 1 ; i <= "${connectorCount}" ; i++)); - do - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - local protocolType=$(getXmlConnectorProtocol "$i" "${filePath}" "${fileName}") - [[ "${portValue}" != "${port}" ]] || continue - [[ "${protocolType}" != *AJP* ]] || continue - local nonAjpCount=$((initialNonAjpCount+1)) - initialNonAjpCount="${nonAjpCount}" - done - echo -e "${nonAjpCount}" -} - -# Find for access connector -findAcConnector () { - local filePath="$1" - local fileName="$2" - local connectorCount="$3" - - # get the count of non AJP - local nonAjpCount=$(getCountOfNonAjp "${DEFAULT_RT_PORT}" "${connectorCount}" "${filePath}" "${fileName}") - if [[ "${nonAjpCount}" -eq 1 ]]; then - # Add the connector found as access connector and mark port as that of connector - for ((i = 1 ; i <= "${connectorCount}" ; i++)) - do - migrateExtraBasedOnNonAjpCount "${nonAjpCount}" "${filePath}" "${fileName}" "${connectorCount}" "$i" - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - if [[ "${portValue}" != "${DEFAULT_RT_PORT}" ]]; then - migrateConnectorConfig "$i" "${protocolType}" "${portValue}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${AC_SENDREASONPHRASE_YAMLPATH}" - fi - done - elif [[ "${nonAjpCount}" -gt 1 ]]; then - # Take RT properties into access with 8040 - for ((i = 1 ; i <= "${connectorCount}" ; i++)) - do - migrateExtraBasedOnNonAjpCount "${nonAjpCount}" "${filePath}" "${fileName}" "${connectorCount}" "$i" - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - if [[ "${portValue}" == "${DEFAULT_RT_PORT}" ]]; then - migrateConnectorConfig "$i" "${protocolType}" "${portValue}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${AC_SENDREASONPHRASE_YAMLPATH}" - setConnectorPort "${AC_PORT_YAMLPATH}" "${DEFAULT_ACCESS_PORT}" - fi - done - elif [[ "${nonAjpCount}" -eq 0 ]]; then - # Add RT connector details as access connector and mark port as 8040 - migrateConnectorPort "${filePath}" "${fileName}" "${connectorCount}" "${DEFAULT_RT_PORT}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${AC_SENDREASONPHRASE_YAMLPATH}" - setConnectorPort "${AC_PORT_YAMLPATH}" "${DEFAULT_ACCESS_PORT}" - # migrateExtraConnectors - migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "yes" - fi -} - -# Find for artifactory connector -findRtConnector () { - local filePath="$1" - local fileName="$2" - local connectorCount="$3" - - # get the count of non AJP - local nonAjpCount=$(getCountOfNonAjp "${DEFAULT_ACCESS_PORT}" "${connectorCount}" "${filePath}" "${fileName}") - if [[ "${nonAjpCount}" -eq 1 ]]; then - # Add the connector found as RT connector - for ((i = 1 ; i <= "${connectorCount}" ; i++)) - do - migrateExtraBasedOnNonAjpCount "${nonAjpCount}" "${filePath}" "${fileName}" "${connectorCount}" "$i" - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - if [[ "${portValue}" != "${DEFAULT_ACCESS_PORT}" ]]; then - migrateConnectorConfig "$i" "${protocolType}" "${portValue}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" - fi - done - elif [[ "${nonAjpCount}" -gt 1 ]]; then - # Take access properties into artifactory with 8081 - for ((i = 1 ; i <= "${connectorCount}" ; i++)) - do - migrateExtraBasedOnNonAjpCount "${nonAjpCount}" "${filePath}" "${fileName}" "${connectorCount}" "$i" - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - if [[ "${portValue}" == "${DEFAULT_ACCESS_PORT}" ]]; then - migrateConnectorConfig "$i" "${protocolType}" "${portValue}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" - setConnectorPort "${RT_PORT_YAMLPATH}" "${DEFAULT_RT_PORT}" - fi - done - elif [[ "${nonAjpCount}" -eq 0 ]]; then - # Add access connector details as RT connector and mark as ${DEFAULT_RT_PORT} - migrateConnectorPort "${filePath}" "${fileName}" "${connectorCount}" "${DEFAULT_ACCESS_PORT}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" - setConnectorPort "${RT_PORT_YAMLPATH}" "${DEFAULT_RT_PORT}" - # migrateExtraConnectors - migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "yes" - fi -} - -checkForTlsConnector () { - local filePath="$1" - local fileName="$2" - local connectorCount="$3" - for ((i = 1 ; i <= "${connectorCount}" ; i++)) - do - local sslProtocolValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@sslProtocol' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') - if [[ "${sslProtocolValue}" == "TLS" ]]; then - bannerImportant "NOTE: Ignoring TLS connector during migration, modify the system yaml to enable TLS. Original server.xml is saved in path [${filePath}/${fileName}]" - TLS_CONNECTOR_EXISTS=${FLAG_Y} - continue - fi - done -} - -# set custom tomcat server Listeners to system.yaml -setListenerConnector () { - local filePath="$1" - local fileName="$2" - local listenerCount="$3" - for ((i = 1 ; i <= "${listenerCount}" ; i++)) - do - local listenerConnector=$($LIBXML2_PATH --xpath '//Server/Listener['$i']' ${filePath}/${fileName} 2>/dev/null) - local listenerClassName=$($LIBXML2_PATH --xpath '//Server/Listener['$i']/@className' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') - if [[ "${listenerClassName}" == *Apr* ]]; then - setExtraConnector "${EXTRA_LISTENER_CONFIG_YAMLPATH}" "${listenerConnector}" - fi - done -} -# add custom tomcat server Listeners -addTomcatServerListeners () { - local filePath="$1" - local fileName="$2" - local listenerCount="$3" - if [[ "${listenerCount}" == "0" ]]; then - logger "No listener connectors found in the [${filePath}/${fileName}],skipping migration of listener connectors" - else - setListenerConnector "${filePath}" "${fileName}" "${listenerCount}" - setSystemValue "${RT_TOMCAT_HTTPSCONNECTOR_ENABLED}" "true" "${SYSTEM_YAML_PATH}" - logger "Setting [${RT_TOMCAT_HTTPSCONNECTOR_ENABLED}] with value [true] in system.yaml" - fi -} - -# server.xml migration operations -xmlMigrateOperation () { - local filePath="$1" - local fileName="$2" - local connectorCount="$3" - local listenerCount="$4" - RT_DEFAULTPORT_STATUS=fail - AC_DEFAULTPORT_STATUS=fail - TLS_CONNECTOR_EXISTS=${FLAG_N} - - # Check for connector with TLS , if found ignore migrating it - checkForTlsConnector "${filePath}" "${fileName}" "${connectorCount}" - if [[ "${TLS_CONNECTOR_EXISTS}" == "${FLAG_Y}" ]]; then - return - fi - addTomcatServerListeners "${filePath}" "${fileName}" "${listenerCount}" - # Migrate RT default port from connectors - migrateConnectorPort "${filePath}" "${fileName}" "${connectorCount}" "${DEFAULT_RT_PORT}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" - # Migrate to extra if RT default ports are AJP - migrateDefaultPortIfAjp "${filePath}" "${fileName}" "${connectorCount}" "${DEFAULT_RT_PORT}" - # Migrate AC default port from connectors - migrateConnectorPort "${filePath}" "${fileName}" "${connectorCount}" "${DEFAULT_ACCESS_PORT}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${AC_SENDREASONPHRASE_YAMLPATH}" - # Migrate to extra if access default ports are AJP - migrateDefaultPortIfAjp "${filePath}" "${fileName}" "${connectorCount}" "${DEFAULT_ACCESS_PORT}" - - if [[ "${AC_DEFAULTPORT_STATUS}" == "success" && "${RT_DEFAULTPORT_STATUS}" == "success" ]]; then - # RT and AC default port found - logger "Artifactory 8081 and Access 8040 default port are found" - migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "yes" - elif [[ "${AC_DEFAULTPORT_STATUS}" == "success" && "${RT_DEFAULTPORT_STATUS}" == "fail" ]]; then - # Only AC default port found,find RT connector - logger "Found Access default 8040 port" - findRtConnector "${filePath}" "${fileName}" "${connectorCount}" - elif [[ "${AC_DEFAULTPORT_STATUS}" == "fail" && "${RT_DEFAULTPORT_STATUS}" == "success" ]]; then - # Only RT default port found,find AC connector - logger "Found Artifactory default 8081 port" - findAcConnector "${filePath}" "${fileName}" "${connectorCount}" - elif [[ "${AC_DEFAULTPORT_STATUS}" == "fail" && "${RT_DEFAULTPORT_STATUS}" == "fail" ]]; then - # RT and AC default port not found, find connector - logger "Artifactory 8081 and Access 8040 default port are not found" - findRtAndAcConnector "${filePath}" "${fileName}" "${connectorCount}" - fi -} - -# get count of connectors -getXmlConnectorCount () { - local filePath="$1" - local fileName="$2" - local count=$($LIBXML2_PATH --xpath 'count(/Server/Service/Connector)' ${filePath}/${fileName}) - echo -e "${count}" -} - -# get count of listener connectors -getTomcatServerListenersCount () { - local filePath="$1" - local fileName="$2" - local count=$($LIBXML2_PATH --xpath 'count(/Server/Listener)' ${filePath}/${fileName}) - echo -e "${count}" -} - -# Migrate server.xml configuration to system.yaml -migrateXmlFile () { - local xmlFiles= - local fileName= - local filePath= - local sourceFilePath= - DEFAULT_ACCESS_PORT="8040" - DEFAULT_RT_PORT="8081" - AC_PORT_YAMLPATH="migration.xmlFiles.serverXml.access.port" - AC_MAXTHREADS_YAMLPATH="migration.xmlFiles.serverXml.access.maxThreads" - AC_SENDREASONPHRASE_YAMLPATH="migration.xmlFiles.serverXml.access.sendReasonPhrase" - AC_EXTRACONFIG_YAMLPATH="migration.xmlFiles.serverXml.access.extraConfig" - RT_PORT_YAMLPATH="migration.xmlFiles.serverXml.artifactory.port" - RT_MAXTHREADS_YAMLPATH="migration.xmlFiles.serverXml.artifactory.maxThreads" - RT_SENDREASONPHRASE_YAMLPATH='migration.xmlFiles.serverXml.artifactory.sendReasonPhrase' - RT_RELAXEDPATHCHARS_YAMLPATH='migration.xmlFiles.serverXml.artifactory.relaxedPathChars' - RT_RELAXEDQUERYCHARS_YAMLPATH='migration.xmlFiles.serverXml.artifactory.relaxedQueryChars' - RT_EXTRACONFIG_YAMLPATH="migration.xmlFiles.serverXml.artifactory.extraConfig" - ROUTER_PORT_YAMLPATH="migration.xmlFiles.serverXml.router.port" - EXTRA_CONFIG_YAMLPATH="migration.xmlFiles.serverXml.extra.config" - EXTRA_LISTENER_CONFIG_YAMLPATH="migration.xmlFiles.serverXml.extra.listener" - RT_TOMCAT_HTTPSCONNECTOR_ENABLED="artifactory.tomcat.httpsConnector.enabled" - - retrieveYamlValue "migration.xmlFiles" "xmlFiles" "Skip" - xmlFiles="${YAML_VALUE}" - if [[ -z "${xmlFiles}" ]]; then - return - fi - bannerSection "PROCESSING MIGRATION OF XML FILES" - retrieveYamlValue "migration.xmlFiles.serverXml.fileName" "fileName" "Warning" - fileName="${YAML_VALUE}" - if [[ -z "${fileName}" ]]; then - return - fi - bannerSubSection "Processing Migration of $fileName" - retrieveYamlValue "migration.xmlFiles.serverXml.filePath" "filePath" "Warning" - filePath="${YAML_VALUE}" - if [[ -z "${filePath}" ]]; then - return - fi - # prepend NEW_DATA_DIR only if filePath is relative path - sourceFilePath=$(prependDir "${filePath}" "${NEW_DATA_DIR}/${filePath}") - if [[ "$(checkFileExists "${sourceFilePath}/${fileName}")" == "true" ]]; then - logger "File [${fileName}] is found in path [${sourceFilePath}]" - local connectorCount=$(getXmlConnectorCount "${sourceFilePath}" "${fileName}") - if [[ "${connectorCount}" == "0" ]]; then - logger "No connectors found in the [${filePath}/${fileName}],skipping migration of xml configuration" - return - fi - local listenerCount=$(getTomcatServerListenersCount "${sourceFilePath}" "${fileName}") - xmlMigrateOperation "${sourceFilePath}" "${fileName}" "${connectorCount}" "${listenerCount}" - else - logger "File [${fileName}] is not found in path [${sourceFilePath}] to migrate" - fi -} - -compareArtifactoryUser () { - local property="$1" - local oldPropertyValue="$2" - local newPropertyValue="$3" - local yamlPath="$4" - local sourceFile="$5" - - if [[ "${oldPropertyValue}" != "${newPropertyValue}" ]]; then - setSystemValue "${yamlPath}" "${oldPropertyValue}" "${SYSTEM_YAML_PATH}" - logger "Setting [${yamlPath}] with value of the property [${property}] in system.yaml" - else - logger "No change in property [${property}] value in [${sourceFile}] to migrate" - fi -} - -migrateReplicator () { - local property="$1" - local oldPropertyValue="$2" - local yamlPath="$3" - - setSystemValue "${yamlPath}" "${oldPropertyValue}" "${SYSTEM_YAML_PATH}" - logger "Setting [${yamlPath}] with value of the property [${property}] in system.yaml" -} - -compareJavaOptions () { - local property="$1" - local oldPropertyValue="$2" - local newPropertyValue="$3" - local yamlPath="$4" - local sourceFile="$5" - local oldJavaOption= - local newJavaOption= - local extraJavaOption= - local check=false - local success=true - local status=true - - oldJavaOption=$(echo "${oldPropertyValue}" | awk 'BEGIN{FS=OFS="\""}{for(i=2;i?{ZA$HxqETC|*rM91T19KmqNu$$X|1YRlo%n3 zS`n+nc3z*~_xy3L^Y8id#FfkCeV+S%@Acg4xkVZ1J*K8)r38UM)S4Qqh9D5w3xgb8WhxZ$y7!lHJ>wj;~wuKHH9WHeEq3jp9ZuE;pLqRwC$gNJ!(mo7B+{+cd}K+&8Pi!_0FjO5@8*ZzD}2r^##exEvognS+-{g{^6tp z?)N?|i<14ZoBG#7@~T5-j~XwSWPM+(3%fg{vsbgSZ!4kOZ9uu&gXi#;nuC`CiY{Sw zV%j!!B^&4HNe(ZP6RMff`7Jr6{@hs0t$fM^OOyG@-73;sCR;V8KQWOo;(z`#;7uN0{C(}fj z5@n%ouSwo25b(_DLVkPxNgzV7HK<<9ra*J8%b2H2?j*W-SA4d-@b|EozhM3J*N`8F zvthBl;e6p4nBymM**1$N){S1%@1+h=syyr@LJ8L_ENqes3Pk((nf;{e&%eUEIZczi zon7kPeF;>CV|2s$T|HjBz;1^>_h3;DI*uid;cNp#N0Qi^b?uMtu#!|D&bSesUd0A2 zN{2{Q2fM3X-Jkcy+AYdfVo{bzHGVT)(mSa7xXT|HQ4WERCViYA-sxNeUajfA`>7|b znNg7W@L^0+35VsKqyacqE^{9_rksZ`!VyLNsCa^+ODjnJ7-&Ji^fZRR+Qyp75u{V2 z&5j12eP5i#%3Sk1a0((z(9|N*cA(qfC$K;3oegg^ntf?qvvM0tmVH8i9>~89)S6+j zaY(#ErYd(rRU5NR4cjKsBlW88`b63V53^=Wbu5PTbOtX-m+D{S8-#D63i0bx=!T2lZ;~EkuE`n^ zhA28GWj_#TN!w zF@{uiw}r|Q<;}Rt1`b;zMDX*2gbnpbu7cqd8MnU|mbO!+GSq6U?*Q|TSi{*SBbku# zVC{ZAF=i4IBl#VF>MBP6YyRC?zu{#s$BMrG-Z=T$nXo?oQvX}Ibi{MnxZOcb zp)Tr}T}o+blPrnnl&xvJtt=gU@Y7UDvf5+78*Ovgo`Sr842uwqVQ7p}ih*_Y=TRlj zAZ2dDd_b@u#siV8w2{??>ZJti?drZ-s%*v4BO9z9q7#A(l?HZFFQ&_tphkV%ckz7ue_fp9I zvvBT2imY?!DVU3NzH50lH1E+?!h8}c79V>5s2mnAUsmeMh4DWqjTERRJ9f<~tZ3uw zcfB)>!K@PXy%LsM;&HCE8b=1>Ug8U=u}mi8|Mt6j_Ux<4?u_AXR;hAt@cVMPM1_F; z8Aj=X6hy~lcZhe8@>A)@l!(xX>gx0_`GV0aEkk;`AA1V3t^PP=6iEyAdn>@Tsr3pQ zv@h75U0Ux(Q0@pKF6&muEFCW4iff^>EiG^mbE>6sEwEoT#M48&1acXBXTLl^$osZ##d`E6CGQha8#$QZp`Oe0h9+a_0Lzxrc<3G4)xYNd;Y-GDfWl^8q5tBLe&sKReV;NS;-bvmh z?rRCPTH}a?R-tE3qsuA!*%5kDOKvDSXO{+6-}XuRxJ#FwbIVf7Lbodc>Hq@VD9G;& z()T{S)f-u|g_(Gvj%@ul;IyH{$x%NGAJkC)$uV@_^1v?BYem9kAYNB|p#8g0fS^I{ zp}O6jir+J9JH~{Kskf9X2UiG%t`O$t&q?;h#Dlhr8hDlOlz^rnonEVZyUu~9zoCVi zjRw%6N>&)@nK@Ug5AUE8Jdfn51}t}OUt~ksck3|Y4cPambR>#%_~0Z zm3J!hyiYUt2fxr$HX^Vd0--b!o&IBZJ4YJ_>UxiA{T7#B4X;y2QXxmK`5ZX2ktLu2 zLckVdrl~mtD~gazwWUGl7$O9S32UYG{SHJs=s@n0*va-+LT#NdCz@@@pUG1yww9!i zd6+PFKKIRTAs^r-@i`Ev!iDZJ*=ECXq-$$m#MoBd^Q1lMadKud`woe)rZmZ8KR!-! z-KO`G|KWA0haH-jd~yHP`!2%nzZ^2E!bp2sb)M2IO3cPgGjo;`^|xiKns2}>CKu1T zF`_!c?Jt`QCewU<$2#oHhv)RAS2>tHhz{RF@50#6zE7Obs~u;O#qjQ3Eo3-+6Eh6=};!U2!uJ`%#i#MyF$_-tb=7v-(;-CXij`(+0CdR{nKqTGQA;WE+hvbzYVmx3dTK4WIqgJHBF}~!dl@H}C zSYW{kC~=;4{MdI9B@F8CAnXnwVpncN){qeN1D@j+$Wo}|x;sR<%|8HHS3-Y9yVZ}C z#ATr_MIs!F6Eg$sQ`cjK`slZm)6mxsv^m>$=7;u&XEs}`#!f6HXX7n?yx;v%#ZbGX z;pK7|I3C&v4gCcPY<=p$)DwItnny)?bR)xLY-pRJmJo^Cv>S@*d`(b`#$2fObA< z)dzn2iLaR)(eaA@*~1cmgTfD|P!AK{zKrg=-Orkm~Ko9}b0&UvrB- z3@WK=O*@C8Ysgm~hYw)JYp2{SLkhneH(X=Tws-e?p8h3_=qzz2E#bgH8Ig$Yn;F0a zb$4)aCw+ofsrnh7GQ4T4zsn_2s}DBXv0Lxt6%)HG#x|&*x)MTz&U2(cj7#d%a~4n*N;-`IFKLEfjkgN!@r4LJD+mDz-4rekj( zlEhc&G<9j!71MCuH|1Au(3GfT@dU?JS`gYFmsZxdVRizFh_53s5@JJWRqsN8h_m`@ zeqlU)WSXpa+ZL}c7u;sC@>nLjxrX(WQ)9{ew>4{@Ak$-VbM2(I_At#7H1PPHl-w2E zv(e}9ZQ_}Yr(PU8>l39)R?`^MC`_kRMfmskTIpYuh%SYyTJ)YR5zHeG5xd{6%l<=Y{uz}Yo)P;Y#h8@53cIO<2FMBa2IN< zX#j&cqrW=qc)u-B{+lRSPVJI0T2&%@A2Mr45KZcXnQl+|l$}r`E;~_X*6&%Zv(dBq zXDegDSHPdHfIpb*_q_@M757;reU(q~|Ctg=+0JH95J?)@+1vZ_)%1d7wMf|_GSLm5 z3H4T2?0q)Do%9L-tQBhe>Y^^<7^a&w&+5bM^)-h@;BeBry2fGf=b!iY@#}m@248`I zV*71NtBtP&mZ<-M)h&Bhg7u0NmAD9?RT_q$h;F>)-Og`z>+XF@By%?Lfuxl~=I+yf zIzA5z+zem@r0KZEe}Hp@hY?LInSJm@@d?aIMt z9!iJr>7}B1_pSj}CO_ytyKm4nPpwm;(kwWKYs<6K^tkr(b!+u%`mc%eh429YWjc$; zY`a@!zCA&BOapKo$hZqTZM%L;r2U2go(6IG-N1A^zxp&8$13m-x_-nIzA%|Lw~KFk zwrC8US+sT_BN4iR{HXG6o@5zpI2CdNPL4!&w%3+p>6 z`n7qjg+9oJ6mt1?8HZHp`;F{>>!qbBdQ{)1f$a9#7pLX0kOs&Qp161M{ zzq66q{kQEDvQnNUvH0Mn4NI9xduYs$S`0-n3pod#Kr&xn_mup+*t%fx9!%3H16sRf zCJDSEwCBt;+iM-YV7*-(l>8Sc`ih)>R?ao^c$Tz%V{uAk=W2CKK;Nt?a1w6*iUv2Z zzY-m6pTdl=ZQ!keB_|t|p810hp;S$Ro+S~~K|^DLEr2?7b&0goO%l-q;f*)^4xQOo zzw2i7Rz_ng-vu1V&4rQ25DO(il7lQScF^bVy9djpIU+#`hihkH@mZ1Q8m+C``-TA14)|81jCN-VGdR^zKz57*U8`+E zQFBqe>_yIN>z!=LTA3kC5F+adzpgewPLes3=Todedy{p2&8D-kYsy=3D;(nMg-foI zXGzjfqLCdzkS-cfSC*+wLmjn0M^z9?qV$_6EB`-5767v&8&0Hrf1;D5jLHlyu+tFd zRn6%b^j-=mNS)-yi&pf(dX!f1TfTwz1cANG!HT=MXQQMIXbujrurA=R)8m@!A%O8z z-}Sx38{~Ny;cV2h2Vi-Kte`-O9esaay%UB60haehEQ>-+><=*RO1zJ2}gty zD=<_IK1p8Ii^h~{v;%q{e<8|LWak5sge2d4<`;5>wM^@ISq%MNke}#|+Lmd3;}zO$ z0BwL-P0{bTUW(@#UHW9LfhxnK?{tb^HkQYQrR27@&i*NQ{xiHfh@pfJV4rhX6GcQM zXhmzq(W;w}_40g=0Y9vT{epaMv$#meqIcq_G#k6gX!B%{x0glPGMA2FXAE#|Aprce z6GJvARBMYj_WI1VWWVIrq8@kS0vmvUduDOXsC%zZvpbmxrFMjSdxqD9w@Y8qLJ*`v zMjBaAJA#0r=oQ|*2bSc6RAztP`ndjUK!?0YO_uC6}4S;7R+NclF4 z634K%mw~jU$x>8cY}HRlaW)=7`Rx#WcbgtfHZ#QGwugHF?m2H(@$AcK_XIFklAHY@ zsw{v2IHrxA?sI_g6h6o7RaJ5(SvLUqK;Y!zYL`8+ACyfInFE@x_Bd%ZzuyLk<0qNM z%De_q$CHUu_K%z>Da{fC+}UYxOly0VbL$*JhwHn!4iU#IsK3gl3zF4XvhrvtViKYL zy0{K}+Fy3gkL>WR zDyTse349IB-md_lD>D+cOgE6vzB92ni~s{(9YAQlRgEateY|SVezW!Qf7oij=(suE z#}T8zpPIbK|7sQ23vmDPPp=@Ypf>xn6K9wbH%a=Tiy5O-PiS|BREaI;W^bg|O>;u;4eS>Tl$0*n7H@O_DX$5JdtNfF>OH-VNw@ z&Ut-9xDW{H{(uw_c+y8uN+nqEU{N>z3C~U7g#|pCHl%|zFWn+rF|L+Zw9nQ>Jx2Zx z7f~uLd~;kKbdy32cw_%g04hdo>aU){M9a;DUhyCqHZuI(!B8_{cth9~)Du) z9CsgPyTqio&khhxwtPL3!A=Fkhyc`F3w%ref^JVDWRF4wQ_72b-3@r^!YdRJgdp;p zRmhZ{|521l-x>7uRjp(0K&4D=JwQMSQy@N-uK z0{WZEJ05NxF4D<}W(5qWMO?tF3VHucfo`Ot_T8&>Ssgw!+iQjUCgskwfDgeh$?5}D z)J;jhXv}8~a^TE7fa?@8)_`}YH>DMupnmb(2Z@38?*odNNM`u0$R2r8s9bgkL`zwU{_kt#qO?iUeU1+jJChByj}fr2jZV~+y_*68;EYC)BIJ! zqxCBPZSV^4A`K#KIb*)Qamy*87_emTxe)p5%awK!nB(`K8RpAN2RPlCmbUd?b1>`Nf$eopTuQ7)S2g=7J)DUku;Y)r zP`x^}Wfr++@sg@l8BJEPXhe z2)4vAsy)(1U6cO^BZ`i^qUSw8PojN1y*s3}=_|3i|* z9!5<5&o7aK=8H-W@BWO%m%-a}Y_Dg(KIM!9qyj|XM9tqDYx$_R$|(zczF`4?XL%(_ zL-Hs~

sCPb@d4#iMxTw1P!CIbM}-ztF`V#Th=K!tjm{;>cl*pcKEIR!oQjpu;>s zhj)RNF2|Y3_cl#5rC*!*XCyC+VJDEDf>cKZzKZm-nk`%nP z$sb!*L1bht!RcS-6b<-YlAiqMn1w1y$`X`Qa%Lx!*%`0cp{s?2LjZT;mY8~oO1ugw zgI_HUUSfX%qz}X_0UDu;IsS%vrEJ=n;n`;%^C>L8fVbi$9K`0QRlLa- zx@v&%NKIl?Wql0@f70NY+VARF@Uv%@` zf05e>>_@f(MELC}-mIw_Z|<-0PIgh0Q@dY<59kVF)_e1cq^6gV?8GUiJF^7g7E`H)~GXO-rm8ok=wCA z-U(e}dL{LyZle^*2eDRktn&Xmc#jMa_;O)7riHKw(*`H|bN6^K3;cUCb7Wd@Wn4yR z#Y9CUnY=U^cC@>U56FW=v$E8ihSZ3-q#bnu9yfrvnf|@bNt0xW5+?POLUI$&PZ*5C zl>Qjr;74pzx6!s2~;RZ}Ej^}&Tm-a|2eH^(qS8L+L*Y|B(A>(z8C($g|lRD2(&bV0ezKnettBuV(U90JTnE(Fq6ZG^(Q3mnB z!#WB&uRG_fCs26fMp`Vzg5`4{;@ww2Wzg^vt|a!TTL8!`HIDZ+`MZMuHSt7e>KRs zx$zo?_>7XgnQtT<=IEPzpq?j{&0F{ah;?jxT#94#m+V*>kkV^TFQG<|&M5BF)ZLCZrheNuS}hZbgx5v! zPCQ)1-$QL%Y;jI2)mJqk;81j(az`z7q3t*QfnxNLc658FrmcQ)W1Xs>*6^0Fau8Mm zA@?ydh_u)Ke}!9l!OwQt6k-ucObo4AoC;9SjXl9DQr6anr-f@D1d?#X-ubUEomAF$ zl0Om+CxfH}s)4tyCrmS0uS(hIpw^;@b~agY&k{1s@$qO)#|OT<@1%eP*~yuqkuAIw zoZ>_@pDqJ5eJZ6Yt>XM7=QYtIA!J;|Pn+-hb^e$27+IR*FmJuZcMPzGqP5)@Uu&)A zMEyp_f|LI-9Nw>u2YZ84ES83kO9KNR+YyB5GOqdqTlg+zrRyiYdtmtXIzN*ourQQg zJAp~o_TmERQCaNIv+AH7Yqs9Ql+`ae=o16y=VHW6SA=;I7oWR_I*2m#51K!pOh*@j`8tT zBP4+%crJ`A^!76Zg6zk$%ufTnj#*yMZ*#SJ^k)wn-mc~eAluQq_3v)u5~}b{j4jhu zj|Wg}P1nx)%9BA+(v96zdl^YZg~I!$@zW$u5+y4w;-^6{b&j9s^W*>Ir+mwcfd*4S z0?@Wp=u$Ra_d{HARyEVC&`2CPJZ`pZZ5wzEh$~(%CXASIB5%%bu9IYr%f| zW+oIXn@MYBS(F$AT20;U1*FE*8kVLoqYZ6_9%{@#gL4tVCrfbDaal?e?RJ*`cjwO= z@Mf5((=gCMAh86~k&vdB`YHp-x$93V3yY0G-oKR)MZF_$(wqj)Gqwop_QpQEZ9&4i ziq&#JVJET3?X!6^eR&Yhdp`Z<;pw-$Jc4MVX4(GF&&~BW#ZPZ~!m@sTLG}FJKo?e@ zGCBDGwlQL#YcQV~c;btlluL&Gj1grQ^XOEoK27PZEA}V}h_1Ik48Z=7OYR_9b?L%H z%v4)1lUy~Mub0kITs(kTb3}7G^4NNa`sVm~9y<&<^mF-^n`JL21xKcZkjOT~6;8xU%8wdR8-ko=*;fr5YgD>q81YU?UF&4FgVI8l#l|`wB3E) zY_+$I+T{LdyS-yw`BX_}!pMf>)JB7uqeu>Dc6IGQmK{7x6vWAy&X*4 zNmr(;JzW-jyC?VSAhHejfW4yy9!Xw zVWiQ88TJdb3H@5}S>*E!YVcAwDLre^|R_=5_o%xG-I5 zJjUZm21o3T3QiwF80&(fmp1P7wnW;xfq8g}jDsV(5fqB(f;bPzX=y3rl*y=oGpMDjb@RD^4ytoVlrU@p@nE@4%@ zs~6L+X7`VI#AO*?M2W>ZnWb^x|H-z%25L<^;q4muN0x9Ssu~Sf$X~8p~ zZB}VA{!=D0T2S47fj*&M&!tNBt}-z9Gb?n=hZQY>c0}h<&iyF~Q`8-|r6qi9?CB8Q zJCi$UbxfaKXI=$8re96CgFYb6Gak@lvs++F5CTX_yTwt6Z%#%#B9-`tbtcCr zo4vzX7FgFd+650o5-!?u7*1*Y;IDq=Ax_ZyK(;01k*lEl-samx~JdR5?x2kd)D zz|jU1`P09&xP`Jeojs+Nyz(K?uCH}-oW>bpw6#9!6< z&HsKCV)^!iolU8gE)}&QpZ7XIpD6((HvoNX7ffNMe)hqb1n*7Q*Emnq5()7!Htn3h zUYaz_098-Nuc9-CaP6pX-Iq9Dtbm4+!l-cz^bktd{~4{c%$@ez9Ir@PD+Ev4ojx*)^P4*=5u0Bb z!o2*=H6OZMUC8|f7p3pgz`?%(SOY%*|ex#JHQd{MJxA67~-h<-;4Ml;G9+ZtB>XoanmQc$`V z;IS6C+Kz%f+5XdzJU7v3??+P~lE9h9aF&gz><%ld_wMQbG*|(wfc2y=u}%51UYq+s|?bjX3dEUD~^tgv}gjk~lS~EkbKn@Ia(Gt<7O)p{fn`?i;=!gG)t@RBS z!knz7$J*0&p7t_9PrZ)f^=s0`9qaVc#w0L8S?+MjmlGmzF=_Z9~C?ByYI8q~iORbkkWwiAf3H`Btx{hPq8qmXJewl)`B=5xfkvk&-5-zzDJUZoN| zetSJd=#Nmiutv;O#JQ+5*<+WG$>k(4f@n43(lxhqy8{iOORxrRSrdu2LbUhI@VVWI zh-YmSve$p~aHh27Qr27JMfI|%=(V?5*2aj2xXpozBk^{0=w!A_+HXIhsCI}fMD}%m z7`qOmakvuFHbHIy(&}5Bn}t@Z0U{PpgxpEc9+oe>y%&4H|KdJnk>B;hk(ZZhyeof= zF(ETTPkADMszkz7v)M6yk&LZva&TVDE!ITvWV*8P3DyQ70=_i9f6!{`=b|K-AT%CX zra}J#7*)L`vp{F_e1{SHqOM)#1&sp99L+`2O_4kGeQ)2-cs(p&xjG98aTlE41SnlT zs3B(NkS1{7)9!(%OciC5K)K23ICVz0#qnRZV5Ukz?xd?B!K4kq=eb95kaS$H9S=7` zny+~;7J9-YhwEufU)frh%xs$+{Bw^5Mr@;0xC*#+D?-%7t0xY{m&9N!=yenrMw&hy zsAvq6+_^RUspOP_!cQiZ|H$DJ>0V z8=dd(f4I}6Cj=5 zP1I*_?dAvN%Q?&zp>HOQqkiN7_a5A$FLnusjSlm-gHoq2P!CZQ@Ix)2e_) zyDet7p7W@@E0(koM37UEMgIokE$Dy4$yvbhxX+ui?D)m0CDPoBxObP7&tP`c=dKt> zDrsFe=jJ{$88F6OQeN1?bOw*i2$%QF*1|~BG6g-hqkXD+mkYQCpXQC$f+ow*2@S;- z{Wcd~rj=gujEO)og1nI!MDUinF!J~QjV0zP3Ut+y3v{QT3nCllIo8_ScV<&N*E=~` zCzow9ZrsBV_>Ygf6)+#wR}c37^z?JqS~{*K%~{FJvIToc&UWoWug%g2%T!^Cq43P! zu#sS0qM2fnYK40H&}$kwyZ5z(6=DrC-UObwBwdPY9Lsf0E|x(iu^lbW>q+sZu1j3W zpT^LH$Er2J^^WRiGjyv|&dBslA({IxGyaS^t5c0`jM{yGj6^^=DnRUg;&WN=(@bCX zinDn;vIk!yBz%>WkV|)MUHmPlY_9tMe^gZq63lT#??66>1R?O39?r;jI)UrTrXCLt zZ>jD9mlQQ!B&dh{|Du0XusjSa(}Vz*r0UO<>4L6vORTTQOF5CByt&KG%`Nc_@C3l; zF5o!dy?ghA7#O0tapOiB3~> /etc/hosts" - -3. Launch jconsole: -jconsole {{ template "artifactory.fullname" . }}:{{ .Values.artifactory.javaOpts.jmx.port }} -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/_helpers.tpl b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/_helpers.tpl deleted file mode 100755 index d683ca231..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/_helpers.tpl +++ /dev/null @@ -1,85 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "artifactory.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Expand the name nginx service. -*/}} -{{- define "artifactory.nginx.name" -}} -{{- default .Chart.Name .Values.nginx.name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "artifactory.fullname" -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified replicator app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "artifactory.replicator.fullname" -}} -{{- if .Values.artifactory.replicator.ingress.name -}} -{{- .Values.artifactory.replicator.ingress.name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-replication" .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} - -{{/* -Create a default fully qualified nginx name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "artifactory.nginx.fullname" -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- printf "%s-%s-%s" .Release.Name $name .Values.nginx.name | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "artifactory.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} -{{ default (include "artifactory.fullname" .) .Values.serviceAccount.name }} -{{- else -}} -{{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "artifactory.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Generate SSL certificates -*/}} -{{- define "artifactory.gen-certs" -}} -{{- $altNames := list ( printf "%s.%s" (include "artifactory.name" .) .Release.Namespace ) ( printf "%s.%s.svc" (include "artifactory.name" .) .Release.Namespace ) -}} -{{- $ca := genCA "artifactory-ca" 365 -}} -{{- $cert := genSignedCert ( include "artifactory.name" . ) nil $altNames 365 $ca -}} -tls.crt: {{ $cert.Cert | b64enc }} -tls.key: {{ $cert.Key | b64enc }} -{{- end -}} - -{{/* -Scheme (http/https) based on Access TLS enabled/disabled -*/}} -{{- define "artifactory.scheme" -}} -{{- if .Values.access.accessConfig.security.tls -}} -{{- printf "%s" "https" -}} -{{- else -}} -{{- printf "%s" "http" -}} -{{- end -}} -{{- end -}} diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/admin-bootstrap-creds.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/admin-bootstrap-creds.yaml deleted file mode 100755 index c8bf2eb16..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/admin-bootstrap-creds.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if not (and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey) }} -{{- if .Values.artifactory.admin.password }} -kind: Secret -apiVersion: v1 -metadata: - name: {{ template "artifactory.fullname" . }}-bootstrap-creds - labels: - app: {{ template "artifactory.name" . }} - chart: {{ template "artifactory.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - bootstrap.creds: {{ (printf "%s@%s=%s" .Values.artifactory.admin.username .Values.artifactory.admin.ip .Values.artifactory.admin.password) | b64enc }} -{{- end }} -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-access-config.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-access-config.yaml deleted file mode 100755 index 700e65608..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-access-config.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if .Values.access.accessConfig }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "artifactory.fullname" . }}-access-config - labels: - app: {{ template "artifactory.name" . }} - chart: {{ template "artifactory.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -type: Opaque -stringData: - access.config.import.yml: | -{{ tpl (toYaml .Values.access.accessConfig) . | indent 4 }} -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-binarystore-secret.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-binarystore-secret.yaml deleted file mode 100755 index bbfbdf3be..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-binarystore-secret.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if not .Values.artifactory.persistence.customBinarystoreXmlSecret }} -kind: Secret -apiVersion: v1 -metadata: - name: {{ template "artifactory.fullname" . }}-binarystore - labels: - app: {{ template "artifactory.name" . }} - chart: {{ template "artifactory.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -stringData: - binarystore.xml: |- -{{ tpl .Values.artifactory.persistence.binarystoreXml . | indent 4 }} -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-configmaps.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-configmaps.yaml deleted file mode 100755 index 359fa07d2..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-configmaps.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{ if .Values.artifactory.configMaps }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "artifactory.fullname" . }}-configmaps - labels: - app: {{ template "artifactory.fullname" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: -{{ tpl .Values.artifactory.configMaps . | indent 2 }} -{{ end -}} \ No newline at end of file diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-custom-secrets.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-custom-secrets.yaml deleted file mode 100755 index ab2e8324c..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-custom-secrets.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.artifactory.customSecrets }} -{{- range .Values.artifactory.customSecrets }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ .name }} - labels: - app: "{{ template "artifactory.name" $ }}" - chart: "{{ template "artifactory.chart" $ }}" - component: "{{ $.Values.artifactory.name }}" - heritage: {{ $.Release.Service | quote }} - release: {{ $.Release.Name | quote }} -type: Opaque -stringData: - {{ .key }}: | -{{ .data | indent 4 -}} -{{- end -}} -{{- end -}} diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-database-secrets.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-database-secrets.yaml deleted file mode 100755 index 9edf87dc1..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-database-secrets.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if and (not .Values.database.secrets) (not .Values.postgresql.enabled) }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "artifactory.fullname" . }}-database-creds - labels: - app: {{ template "artifactory.name" . }} - chart: {{ template "artifactory.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -type: Opaque -data: - {{- with .Values.database.url }} - db-url: {{ tpl . $ | b64enc | quote }} - {{- end }} - {{- with .Values.database.user }} - db-user: {{ tpl . $ | b64enc | quote }} - {{- end }} - {{- with .Values.database.password }} - db-password: {{ tpl . $ | b64enc | quote }} - {{- end }} -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-installer-info.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-installer-info.yaml deleted file mode 100755 index f2e2c0f5b..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-installer-info.yaml +++ /dev/null @@ -1,12 +0,0 @@ -kind: ConfigMap -apiVersion: v1 -metadata: - name: {{ template "artifactory.fullname" . }}-installer-info - labels: - app: {{ template "artifactory.name" . }} - chart: {{ template "artifactory.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - installer-info.json: | - {{ tpl .Values.installerInfo . }} diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-license-secret.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-license-secret.yaml deleted file mode 100755 index d37ed1e4b..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-license-secret.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- with .Values.artifactory.license.licenseKey }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "artifactory.fullname" $ }}-license - labels: - app: {{ template "artifactory.name" $ }} - chart: {{ template "artifactory.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} -type: Opaque -data: - artifactory.lic: {{ . | b64enc | quote }} -{{- end }} \ No newline at end of file diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-migration-scripts.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-migration-scripts.yaml deleted file mode 100755 index edca83ed3..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-migration-scripts.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "artifactory.fullname" . }}-migration-scripts - labels: - app: {{ template "artifactory.name" . }} - chart: {{ template "artifactory.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - migrate.sh: | -{{ .Files.Get "files/migrate.sh" | indent 4 }} - migrationHelmInfo.yaml: | -{{ .Files.Get "files/migrationHelmInfo.yaml" | indent 4 }} - migrationStatus.sh: | -{{ .Files.Get "files/migrationStatus.sh" | indent 4 }} \ No newline at end of file diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-networkpolicy.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-networkpolicy.yaml deleted file mode 100755 index da6fd178a..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-networkpolicy.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{- range .Values.networkpolicy }} -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ template "artifactory.fullname" $ }}-{{ .name }}-networkpolicy - labels: - app: {{ template "artifactory.name" $ }} - chart: {{ template "artifactory.chart" $ }} - release: {{ $.Release.Name }} - heritage: {{ $.Release.Service }} -spec: -{{- if .podSelector }} - podSelector: -{{ .podSelector | toYaml | trimSuffix "\n" | indent 4 -}} -{{ else }} - podSelector: {} -{{- end }} - policyTypes: - {{- if .ingress }} - - Ingress - {{- end }} - {{- if .egress }} - - Egress - {{- end }} -{{- if .ingress }} - ingress: -{{ .ingress | toYaml | trimSuffix "\n" | indent 2 -}} -{{- end }} -{{- if .egress }} - egress: -{{ .egress | toYaml | trimSuffix "\n" | indent 2 -}} -{{- end }} ---- -{{- end -}} \ No newline at end of file diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-priority-class.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-priority-class.yaml deleted file mode 100755 index 9eb94b35b..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-priority-class.yaml +++ /dev/null @@ -1,9 +0,0 @@ -{{- if .Values.artifactory.priorityClass.create }} -apiVersion: scheduling.k8s.io/v1 -kind: PriorityClass -metadata: - name: {{ default (include "artifactory.fullname" .) .Values.artifactory.priorityClass.name }} -value: {{ .Values.artifactory.priorityClass.value }} -globalDefault: false -description: "Artifactory priority class" -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-role.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-role.yaml deleted file mode 100755 index db01f235f..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-role.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.rbac.create }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app: {{ template "artifactory.name" . }} - chart: {{ template "artifactory.chart" . }} - component: {{ .Values.artifactory.name }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - name: {{ template "artifactory.fullname" . }} -rules: -{{ toYaml .Values.rbac.role.rules }} -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-rolebinding.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-rolebinding.yaml deleted file mode 100755 index dfb42258f..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-rolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.rbac.create }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app: {{ template "artifactory.name" . }} - chart: {{ template "artifactory.chart" . }} - component: {{ .Values.artifactory.name }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - name: {{ template "artifactory.fullname" . }} -subjects: -- kind: ServiceAccount - name: {{ template "artifactory.serviceAccountName" . }} -roleRef: - kind: Role - apiGroup: rbac.authorization.k8s.io - name: {{ template "artifactory.fullname" . }} -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-secrets.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-secrets.yaml deleted file mode 100755 index a1d772429..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-secrets.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "artifactory.fullname" . }} - labels: - app: {{ template "artifactory.name" . }} - chart: {{ template "artifactory.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -type: Opaque -data: - {{- if and .Values.artifactory.masterKey (not .Values.artifactory.masterKeySecretName) }} - master-key: {{ .Values.artifactory.masterKey | b64enc | quote }} - {{- end }} - {{- if and .Values.artifactory.joinKey (not .Values.artifactory.joinKeySecretName) }} - join-key: {{ .Values.artifactory.joinKey | b64enc | quote }} - {{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-service.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-service.yaml deleted file mode 100755 index f1f2be4a9..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-service.yaml +++ /dev/null @@ -1,50 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "artifactory.fullname" . }} - labels: - app: {{ template "artifactory.name" . }} - chart: {{ template "artifactory.chart" . }} - component: {{ .Values.artifactory.name }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - {{- with .Values.artifactory.labels }} -{{ toYaml . | indent 4 }} - {{- end }} -{{- if .Values.artifactory.service.annotations }} - annotations: -{{ toYaml .Values.artifactory.service.annotations | indent 4 }} -{{- end }} -spec: - type: {{ .Values.artifactory.service.type }} -{{- if .Values.artifactory.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml .Values.artifactory.service.loadBalancerSourceRanges | indent 4 }} -{{- end }} - ports: - - port: {{ .Values.artifactory.externalPort }} - targetPort: {{ .Values.artifactory.internalPort }} - protocol: TCP - name: router - - port: {{ .Values.artifactory.externalArtifactoryPort }} - targetPort: {{ .Values.artifactory.internalArtifactoryPort }} - protocol: TCP - name: artifactory - {{- if .Values.artifactory.ssh.enabled }} - - port: {{ .Values.artifactory.ssh.externalPort }} - targetPort: {{ .Values.artifactory.ssh.internalPort }} - protocol: TCP - name: ssh - {{- end }} - {{- with .Values.artifactory.javaOpts.jmx }} - {{- if .enabled }} - - port: {{ .port }} - targetPort: {{ .port }} - protocol: TCP - name: jmx - {{- end }} - {{- end }} - selector: - app: {{ template "artifactory.name" . }} - component: "{{ .Values.artifactory.name }}" - release: {{ .Release.Name }} diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-serviceaccount.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-serviceaccount.yaml deleted file mode 100755 index 4e9c5fbb5..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: -{{- with .Values.serviceAccount.annotations }} - annotations: -{{ tpl (toYaml .) $ | indent 4 }} -{{- end }} - labels: - app: {{ template "artifactory.name" . }} - chart: {{ template "artifactory.chart" . }} - component: {{ .Values.artifactory.name }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - name: {{ template "artifactory.serviceAccountName" . }} -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-statefulset.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-statefulset.yaml deleted file mode 100755 index 3680caf0e..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-statefulset.yaml +++ /dev/null @@ -1,695 +0,0 @@ -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ template "artifactory.fullname" . }} - labels: - app: {{ template "artifactory.name" . }} - chart: {{ template "artifactory.chart" . }} - component: {{ .Values.artifactory.name }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -{{- with .Values.artifactory.labels }} -{{ toYaml . | indent 4 }} -{{- end }} -{{- if and .Release.IsUpgrade .Values.postgresql.enabled }} - databaseUpgradeReady: {{ required "\n\n*********\nIMPORTANT: UPGRADE STOPPED to prevent data loss!\nReview CHANGELOG.md (https://github.com/jfrog/charts/blob/master/stable/artifactory/CHANGELOG.md), pass postgresql.image.tag=9.6.18-debian-10-r7 and databaseUpgradeReady=true if you are upgrading from chart version which has postgresql version 9.6.x." .Values.databaseUpgradeReady | quote }} -{{- end }} -spec: - serviceName: {{ template "artifactory.name" . }} - replicas: 1 - updateStrategy: - type: RollingUpdate - selector: - matchLabels: - app: {{ template "artifactory.name" . }} - role: {{ template "artifactory.name" . }} - release: {{ .Release.Name }} - template: - metadata: - labels: - app: {{ template "artifactory.name" . }} - chart: {{ template "artifactory.chart" . }} - heritage: {{ .Release.Service }} - role: {{ template "artifactory.name" . }} - component: {{ .Values.artifactory.name }} - release: {{ .Release.Name }} - {{- with .Values.artifactory.labels }} -{{ toYaml . | indent 8 }} - {{- end }} - annotations: - checksum/binarystore: {{ include (print $.Template.BasePath "/artifactory-binarystore-secret.yaml") . | sha256sum }} - checksum/systemyaml: {{ include (print $.Template.BasePath "/artifactory-system-yaml.yaml") . | sha256sum }} - {{- if .Values.access.accessConfig }} - checksum/access-config: {{ include (print $.Template.BasePath "/artifactory-access-config.yaml") . | sha256sum }} - {{- end }} - {{- if not (and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey) }} - checksum/admin-creds: {{ include (print $.Template.BasePath "/admin-bootstrap-creds.yaml") . | sha256sum }} - {{- end }} - {{- range $key, $value := .Values.artifactory.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} - spec: - {{- if .Values.artifactory.priorityClass.existingPriorityClass }} - priorityClassName: {{ .Values.artifactory.priorityClass.existingPriorityClass }} - {{- else -}} - {{- if .Values.artifactory.priorityClass.create }} - priorityClassName: {{ default (include "artifactory.fullname" .) .Values.artifactory.priorityClass.name }} - {{- end }} - {{- end }} - serviceAccountName: {{ template "artifactory.serviceAccountName" . }} - terminationGracePeriodSeconds: {{ .Values.artifactory.terminationGracePeriodSeconds }} - {{- if .Values.imagePullSecrets }} - imagePullSecrets: - - name: {{ .Values.imagePullSecrets }} - {{- end }} - securityContext: - runAsUser: {{ .Values.artifactory.uid }} - fsGroup: {{ .Values.artifactory.uid }} - initContainers: - {{- if .Values.artifactory.persistence.enabled }} - {{- if .Values.artifactory.deleteDBPropertiesOnStartup }} - - name: "delete-db-properties" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} - command: - - 'sh' - - '-c' - - 'rm -fv {{ .Values.artifactory.persistence.mountPath }}/etc/db.properties' - volumeMounts: - - name: artifactory-volume - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - {{- end }} - - name: "remove-lost-found" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} - command: - - 'sh' - - '-c' - - 'rm -rfv {{ .Values.artifactory.persistence.mountPath }}/lost+found {{ .Values.artifactory.persistence.mountPath }}/data/.lock' - volumeMounts: - - name: artifactory-volume - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - {{- end }} - {{- if or (and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey) .Values.artifactory.admin.password }} - - name: "access-bootstrap-creds" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} - command: - - 'sh' - - '-c' - - > - echo "Preparing {{ .Values.artifactory.persistence.mountPath }}/etc/access/bootstrap.creds"; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/access; - cp -Lrf /tmp/access/bootstrap.creds {{ .Values.artifactory.persistence.mountPath }}/etc/access/bootstrap.creds; - chmod 600 {{ .Values.artifactory.persistence.mountPath }}/etc/access/bootstrap.creds; - volumeMounts: - - name: artifactory-volume - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - - name: access-bootstrap-creds - mountPath: "/tmp/access/bootstrap.creds" - {{- if and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey }} - subPath: {{ .Values.artifactory.admin.dataKey }} - {{- else }} - subPath: bootstrap.creds - {{- end }} - {{- end }} - - name: 'copy-system-yaml' - image: '{{ .Values.initContainerImage }}' - command: - - '/bin/sh' - - '-c' - - > - sleep 30; - echo "Copy system.yaml to {{ .Values.artifactory.persistence.mountPath }}/etc"; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/access/keys/trusted; - cp -fv /tmp/etc/system.yaml {{ .Values.artifactory.persistence.mountPath }}/etc/system.yaml; - echo "Remove {{ .Values.artifactory.persistence.mountPath }}/lost+found folder if exists"; - rm -rfv {{ .Values.artifactory.persistence.mountPath }}/lost+found; - {{- if .Values.access.accessConfig }} - echo "Copy access.config.latest.yml to {{ .Values.artifactory.persistence.mountPath }}/etc"; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/access; - cp -fv /tmp/etc/access.config.import.yml {{ .Values.artifactory.persistence.mountPath }}/etc/access/access.config.import.yml; - {{- end }} - {{- if .Values.access.resetAccessCAKeys }} - echo "Resetting Access CA Keys"; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys; - touch {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys/reset_ca_keys; - {{- end }} - {{- if .Values.access.customCertificatesSecretName }} - echo "Copying custom certificates to {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys"; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys; - cp -fv /tmp/etc/tls.crt {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys/ca.crt; - cp -fv /tmp/etc/tls.key {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys/ca.private.key; - {{- end }} - {{- if or .Values.artifactory.joinKey .Values.artifactory.joinKeySecretName }} - echo "Copy joinKey to {{ .Values.artifactory.persistence.mountPath }}/bootstrap/access/etc/security"; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/bootstrap/access/etc/security; - echo -n ${ARTIFACTORY_JOIN_KEY} > {{ .Values.artifactory.persistence.mountPath }}/bootstrap/access/etc/security/join.key; - {{- end }} - {{- if or .Values.artifactory.masterKey .Values.artifactory.masterKeySecretName }} - echo "Copy masterKey to {{ .Values.artifactory.persistence.mountPath }}/etc/security"; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/security; - echo -n ${ARTIFACTORY_MASTER_KEY} > {{ .Values.artifactory.persistence.mountPath }}/etc/security/master.key; - {{- end }} - env: - {{- if or .Values.artifactory.joinKey .Values.artifactory.joinKeySecretName}} - - name: ARTIFACTORY_JOIN_KEY - valueFrom: - secretKeyRef: - name: "{{ .Values.artifactory.joinKeySecretName | default (include "artifactory.fullname" .) }}" - key: join-key - {{- end }} - {{- if or .Values.artifactory.masterKey .Values.artifactory.masterKeySecretName }} - - name: ARTIFACTORY_MASTER_KEY - valueFrom: - secretKeyRef: - name: "{{ .Values.artifactory.masterKeySecretName | default (include "artifactory.fullname" .) }}" - key: master-key - {{- end }} - volumeMounts: - - name: artifactory-volume - mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} - - name: systemyaml - mountPath: "/tmp/etc/system.yaml" - subPath: system.yaml - {{- if .Values.access.accessConfig }} - - name: access-config - mountPath: "/tmp/etc/access.config.import.yml" - subPath: access.config.import.yml - {{- end }} - {{- if .Values.access.customCertificatesSecretName }} - - name: access-certs - mountPath: "/tmp/etc/tls.crt" - subPath: tls.crt - - name: access-certs - mountPath: "/tmp/etc/tls.key" - subPath: tls.key - {{- end }} - {{- if .Values.artifactory.customPersistentPodVolumeClaim }} - - name: "prepare-custom-persistent-volume" - image: "{{ .Values.initContainerImage }}" - command: - - 'sh' - - '-c' - - > - echo "Setting ownership {{ .Values.artifactory.uid }}:{{ .Values.artifactory.uid }} on PVC {{ .Values.artifactory.customPersistentPodVolumeClaim.name }}" - chown -Rv {{ .Values.artifactory.uid }}:{{ .Values.artifactory.uid }} {{ .Values.artifactory.customPersistentPodVolumeClaim.mountPath }} - securityContext: - runAsUser: 0 - volumeMounts: - - name: {{ .Values.artifactory.customPersistentPodVolumeClaim.name }} - mountPath: {{ .Values.artifactory.customPersistentPodVolumeClaim.mountPath }} - {{- end }} - {{- if .Values.waitForDatabase }} - {{- if or .Values.postgresql.enabled }} - - name: "wait-for-db" - image: "{{ .Values.initContainerImage }}" - command: - - 'sh' - - '-c' - - > - until nc -z -w 2 {{ .Release.Name }}-postgresql {{ .Values.postgresql.service.port }} && echo database ok; do - sleep 2; - done; - {{- end }} - {{- end }} - {{- if .Values.artifactory.customInitContainers }} -{{ tpl .Values.artifactory.customInitContainers . | indent 6 }} - {{- end }} -{{- if .Values.artifactory.migration.enabled }} - - name: 'migration-artifactory' - image: '{{ .Values.artifactory.image.repository }}:{{ default .Chart.AppVersion .Values.artifactory.image.version }}' - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} - securityContext: - allowPrivilegeEscalation: false - command: - - '/bin/bash' - - '-c' - - > - {{- if .Values.artifactory.migration.preStartCommand }} - echo "Running custom preStartCommand command"; - {{ tpl .Values.artifactory.migration.preStartCommand . }}; - {{- end }} - scriptsPath="/opt/jfrog/artifactory/app/bin"; - mkdir -p $scriptsPath; - echo "Copy migration scripts and Run migration"; - cp -fv /tmp/migrate.sh $scriptsPath/migrate.sh; - cp -fv /tmp/migrationHelmInfo.yaml $scriptsPath/migrationHelmInfo.yaml; - cp -fv /tmp/migrationStatus.sh $scriptsPath/migrationStatus.sh; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/log; - bash $scriptsPath/migrationStatus.sh {{ default .Chart.AppVersion .Values.artifactory.image.version }} {{ .Values.artifactory.migration.timeoutSeconds }} > >(tee {{ .Values.artifactory.persistence.mountPath }}/log/helm-migration.log) 2>&1; - env: - {{- if or .Values.database.secrets.user .Values.database.user }} - - name: JF_SHARED_DATABASE_USERNAME - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.user }} - name: {{ tpl .Values.database.secrets.user.name . }} - key: {{ tpl .Values.database.secrets.user.key . }} - {{- else if .Values.database.user }} - name: {{ template "artifactory.fullname" . }}-database-creds - key: db-user - {{- end }} - {{- end }} - {{ if or .Values.database.secrets.password .Values.database.password .Values.postgresql.enabled }} - - name: JF_SHARED_DATABASE_PASSWORD - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.password }} - name: {{ tpl .Values.database.secrets.password.name . }} - key: {{ tpl .Values.database.secrets.password.key . }} - {{- else if .Values.database.password }} - name: {{ template "artifactory.fullname" . }}-database-creds - key: db-password - {{- else if .Values.postgresql.enabled }} - name: {{ .Release.Name }}-postgresql - key: postgresql-password - {{- end }} - {{- end }} - {{- if or .Values.database.secrets.url .Values.database.url }} - - name: JF_SHARED_DATABASE_URL - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.url }} - name: {{ tpl .Values.database.secrets.url.name . }} - key: {{ tpl .Values.database.secrets.url.key . }} - {{- else if .Values.database.url }} - name: {{ template "artifactory.fullname" . }}-database-creds - key: db-url - {{- end }} - {{- end }} -{{- with .Values.artifactory.extraEnvironmentVariables }} -{{ tpl (toYaml .) $ | indent 8 }} -{{- end }} - volumeMounts: - - name: migration-scripts - mountPath: "/tmp/migrate.sh" - subPath: migrate.sh - - name: migration-scripts - mountPath: "/tmp/migrationHelmInfo.yaml" - subPath: migrationHelmInfo.yaml - - name: migration-scripts - mountPath: "/tmp/migrationStatus.sh" - subPath: migrationStatus.sh - - name: artifactory-volume - mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} - {{- if eq .Values.artifactory.persistence.type "nfs" }} - - name: artifactory-data - mountPath: "{{ .Values.artifactory.persistence.nfs.dataDir }}" - - name: artifactory-backup - mountPath: "{{ .Values.artifactory.persistence.nfs.backupDir }}" - {{- else }} - - name: binarystore-xml - mountPath: "/artifactory_bootstrap/binarystore.xml" - subPath: binarystore.xml - {{- end }} - {{- if .Values.artifactory.customVolumeMounts }} -{{ tpl .Values.artifactory.customVolumeMounts . | indent 8 }} - {{- end }} -{{- end }} - containers: - - name: {{ .Values.artifactory.name }} - image: '{{ .Values.artifactory.image.repository }}:{{ default .Chart.AppVersion .Values.artifactory.image.version }}' - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} - securityContext: - allowPrivilegeEscalation: false - command: - - '/bin/bash' - - '-c' - - > - set -e; - if [ -d /artifactory_extra_conf ] && [ -d /artifactory_bootstrap ]; then - echo "Copying bootstrap config from /artifactory_extra_conf to /artifactory_bootstrap"; - cp -Lrfv /artifactory_extra_conf/ /artifactory_bootstrap/; - fi; - {{- if .Values.artifactory.configMapName }} - echo "Copying bootstrap configs"; - cp -Lrf /bootstrap/* /artifactory_bootstrap/; - {{- end }} - {{- if .Values.artifactory.userPluginSecrets }} - echo "Copying plugins"; - cp -Lrf /tmp/plugin/*/* /artifactory_bootstrap/plugins; - {{- end }} - {{- range .Values.artifactory.copyOnEveryStartup }} - {{- $targetPath := printf "%s/%s" $.Values.artifactory.persistence.mountPath .target }} - {{- $baseDirectory := regexFind ".*/" $targetPath }} - mkdir -p {{ $baseDirectory }}; - cp -Lrf {{ .source }} {{ $.Values.artifactory.persistence.mountPath }}/{{ .target }}; - {{- end }} - {{- if .Values.artifactory.preStartCommand }} - echo "Running custom preStartCommand command"; - {{ tpl .Values.artifactory.preStartCommand . }}; - {{- end }} - exec /entrypoint-artifactory.sh - lifecycle: - postStart: - exec: - command: - - '/bin/bash' - - '-c' - - > - echo; - {{- with .Values.artifactory.postStartCommand }} - {{ tpl . $ }} - {{- end }} - env: - {{- if or .Values.database.secrets.user .Values.database.user }} - - name: JF_SHARED_DATABASE_USERNAME - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.user }} - name: {{ tpl .Values.database.secrets.user.name . }} - key: {{ tpl .Values.database.secrets.user.key . }} - {{- else if .Values.database.user }} - name: {{ template "artifactory.fullname" . }}-database-creds - key: db-user - {{- end }} - {{- end }} - {{ if or .Values.database.secrets.password .Values.database.password .Values.postgresql.enabled }} - - name: JF_SHARED_DATABASE_PASSWORD - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.password }} - name: {{ tpl .Values.database.secrets.password.name . }} - key: {{ tpl .Values.database.secrets.password.key . }} - {{- else if .Values.database.password }} - name: {{ template "artifactory.fullname" . }}-database-creds - key: db-password - {{- else if .Values.postgresql.enabled }} - name: {{ .Release.Name }}-postgresql - key: postgresql-password - {{- end }} - {{- end }} - {{- if or .Values.database.secrets.url .Values.database.url }} - - name: JF_SHARED_DATABASE_URL - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.url }} - name: {{ tpl .Values.database.secrets.url.name . }} - key: {{ tpl .Values.database.secrets.url.key . }} - {{- else if .Values.database.url }} - name: {{ template "artifactory.fullname" . }}-database-creds - key: db-url - {{- end }} - {{- end }} -{{- with .Values.artifactory.extraEnvironmentVariables }} -{{ tpl (toYaml .) $ | indent 8 }} -{{- end }} - ports: - - containerPort: {{ .Values.artifactory.internalPort }} - - containerPort: {{ .Values.artifactory.internalArtifactoryPort }} - {{- if .Values.artifactory.javaOpts.jmx.enabled }} - - containerPort: {{ .Values.artifactory.javaOpts.jmx.port }} - {{- end }} - {{- if .Values.artifactory.ssh.enabled }} - - containerPort: {{ .Values.artifactory.ssh.internalPort }} - {{- end }} - volumeMounts: - {{- if .Values.artifactory.userPluginSecrets }} - - name: bootstrap-plugins - mountPath: "/artifactory_bootstrap/plugins/" - {{- range .Values.artifactory.userPluginSecrets }} - - name: {{ tpl . $ }} - mountPath: "/tmp/plugin/{{ tpl . $ }}" - {{- end }} - {{- end }} - - name: artifactory-volume - mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} - {{- if .Values.artifactory.configMapName }} - - name: bootstrap-config - mountPath: "/bootstrap/" - {{- end }} - {{- if eq .Values.artifactory.persistence.type "nfs" }} - - name: artifactory-data - mountPath: "{{ .Values.artifactory.persistence.nfs.dataDir }}" - - name: artifactory-backup - mountPath: "{{ .Values.artifactory.persistence.nfs.backupDir }}" - {{- else }} - - name: binarystore-xml - mountPath: "/artifactory_bootstrap/binarystore.xml" - subPath: binarystore.xml - {{- end }} - {{- if or .Values.artifactory.license.secret .Values.artifactory.license.licenseKey }} - - name: artifactory-license - mountPath: "/artifactory_bootstrap/artifactory.lic" - {{- if .Values.artifactory.license.secret }} - subPath: {{ .Values.artifactory.license.dataKey }} - {{- else if .Values.artifactory.license.licenseKey }} - subPath: artifactory.lic - {{- end }} - {{- end }} - - name: installer-info - mountPath: "/artifactory_bootstrap/info/installer-info.json" - subPath: installer-info.json - {{- if .Values.artifactory.customVolumeMounts }} -{{ tpl .Values.artifactory.customVolumeMounts . | indent 8 }} - {{- end }} - resources: -{{ toYaml .Values.artifactory.resources | indent 10 }} - {{- if .Values.artifactory.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: {{ .Values.artifactory.readinessProbe.path }} - scheme: {{ include "artifactory.scheme" . | upper }} - port: {{ .Values.artifactory.internalPort }} - initialDelaySeconds: {{ .Values.artifactory.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.artifactory.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.artifactory.readinessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.artifactory.readinessProbe.failureThreshold }} - successThreshold: {{ .Values.artifactory.readinessProbe.successThreshold }} - {{- end }} - {{- if .Values.artifactory.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: {{ .Values.artifactory.livenessProbe.path }} - scheme: {{ include "artifactory.scheme" . | upper }} - port: {{ .Values.artifactory.internalPort }} - initialDelaySeconds: {{ .Values.artifactory.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.artifactory.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.artifactory.livenessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.artifactory.livenessProbe.failureThreshold }} - successThreshold: {{ .Values.artifactory.livenessProbe.successThreshold }} - {{- end }} - {{- $image := .Values.logger.image.repository }} - {{- $tag := .Values.logger.image.tag }} - {{- $mountPath := .Values.artifactory.persistence.mountPath }} - {{- range .Values.artifactory.loggers }} - - name: {{ . | replace "_" "-" | replace "." "-" }} - image: '{{ $image }}:{{ $tag }}' - command: - - 'sh' - - '-c' - - 'sh /scripts/tail-log.sh {{ $mountPath }}/log {{ . }}' - volumeMounts: - - name: artifactory-volume - mountPath: {{ $mountPath }} - - name: tail-logger-script - mountPath: /scripts/tail-log.sh - subPath: tail-log.sh - resources: -{{ toYaml $.Values.artifactory.loggersResources | indent 10 }} - {{- end }} - {{ if .Values.artifactory.catalinaLoggers }} - {{- range .Values.artifactory.catalinaLoggers }} - - name: {{ . | replace "_" "-" | replace "." "-" }} - image: '{{ $image }}:{{ $tag }}' - command: - - 'sh' - - '-c' - - 'sh /scripts/tail-log.sh {{ $mountPath }}/log/tomcat {{ . }}' - volumeMounts: - - name: artifactory-volume - mountPath: {{ $mountPath }} - - name: tail-logger-script - mountPath: /scripts/tail-log.sh - subPath: tail-log.sh - resources: -{{ toYaml $.Values.artifactory.catalinaLoggersResources | indent 10 }} - {{- end }} - {{- end }} - {{- if .Values.filebeat.enabled }} - - name: {{ .Values.filebeat.name }} - image: "{{ .Values.filebeat.image.repository }}:{{ .Values.filebeat.image.version }}" - imagePullPolicy: {{ .Values.filebeat.image.pullPolicy }} - args: - - "-e" - - "-E" - - "http.enabled=true" - securityContext: - runAsUser: 0 - volumeMounts: - - name: filebeat-config - mountPath: /usr/share/filebeat/filebeat.yml - readOnly: true - subPath: filebeat.yml - - name: artifactory-volume - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - livenessProbe: -{{ toYaml .Values.filebeat.livenessProbe | indent 10 }} - readinessProbe: -{{ toYaml .Values.filebeat.readinessProbe | indent 10 }} - resources: -{{ toYaml .Values.filebeat.resources | indent 10 }} - terminationGracePeriodSeconds: {{ .Values.terminationGracePeriod }} - {{- end }} - {{- if .Values.artifactory.customSidecarContainers }} -{{ tpl .Values.artifactory.customSidecarContainers . | indent 6 }} - {{- end }} - {{- with .Values.artifactory.nodeSelector }} - nodeSelector: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.artifactory.affinity }} - affinity: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.artifactory.tolerations }} - tolerations: -{{ toYaml . | indent 8 }} - {{- end }} - volumes: - - name: binarystore-xml - secret: - {{- if .Values.artifactory.persistence.customBinarystoreXmlSecret }} - secretName: {{ .Values.artifactory.persistence.customBinarystoreXmlSecret }} - {{- else }} - secretName: {{ template "artifactory.fullname" . }}-binarystore - {{- end }} -{{- if .Values.artifactory.migration.enabled }} - - name: migration-scripts - configMap: - name: {{ template "artifactory.fullname" . }}-migration-scripts -{{- end }} - - name: installer-info - configMap: - name: {{ template "artifactory.fullname" . }}-installer-info - {{- if .Values.artifactory.userPluginSecrets }} - - name: bootstrap-plugins - emptyDir: {} - {{- range .Values.artifactory.userPluginSecrets }} - - name: {{ tpl . $ }} - secret: - secretName: {{ tpl . $ }} - {{- end }} - {{- end }} - {{- if and .Values.artifactory.persistence.enabled .Values.artifactory.persistence.existingClaim }} - - name: artifactory-volume - persistentVolumeClaim: - claimName: {{ .Values.artifactory.persistence.existingClaim }} - {{- end }} - {{- if .Values.artifactory.configMapName }} - - name: bootstrap-config - configMap: - name: {{ .Values.artifactory.configMapName }} - {{- end}} - {{- if or .Values.artifactory.loggers .Values.artifactory.catalinaLoggers }} - - name: tail-logger-script - configMap: - name: {{ template "artifactory.fullname" . }}-logger - {{- end }} - {{- if .Values.artifactory.configMaps }} - - name: artifactory-configmaps - configMap: - name: {{ template "artifactory.fullname" . }}-configmaps - {{- end }} - {{- if or .Values.artifactory.license.secret .Values.artifactory.license.licenseKey }} - - name: artifactory-license - secret: - {{- if .Values.artifactory.license.secret }} - secretName: {{ .Values.artifactory.license.secret }} - {{- else if .Values.artifactory.license.licenseKey }} - secretName: {{ template "artifactory.fullname" . }}-license - {{- end }} - {{- end }} - {{- if or (and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey) .Values.artifactory.admin.password }} - - name: access-bootstrap-creds - secret: - {{- if and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey }} - secretName: {{ .Values.artifactory.admin.secret }} - {{- else }} - secretName: {{ template "artifactory.fullname" . }}-bootstrap-creds - {{- end }} - {{- end }} - {{- if eq .Values.artifactory.persistence.type "nfs" }} - - name: artifactory-data - persistentVolumeClaim: - claimName: {{ template "artifactory.fullname" . }}-data-pvc - - name: artifactory-backup - persistentVolumeClaim: - claimName: {{ template "artifactory.fullname" . }}-backup-pvc - {{- end }} - {{- if not .Values.artifactory.persistence.enabled }} - - name: artifactory-volume - emptyDir: - sizeLimit: {{ .Values.artifactory.persistence.size }} - {{- end }} - - name: systemyaml - secret: - secretName: {{ template "artifactory.fullname" . }}-systemyaml - {{- if .Values.access.accessConfig }} - - name: access-config - secret: - secretName: {{ template "artifactory.fullname" . }}-access-config - {{- end }} - {{- if .Values.access.customCertificatesSecretName }} - - name: access-certs - secret: - secretName: {{ .Values.access.customCertificatesSecretName }} - {{- end }} - {{- if .Values.artifactory.customPersistentVolumeClaim }} - - name: {{ .Values.artifactory.customPersistentVolumeClaim.name }} - persistentVolumeClaim: - claimName: {{ .Values.artifactory.customPersistentVolumeClaim.name }} - {{- end }} - {{- if .Values.filebeat.enabled }} - - name: filebeat-config - configMap: - name: {{ template "artifactory.name" . }}-filebeat-config - {{- end }} - {{- if .Values.artifactory.customVolumes }} -{{ tpl .Values.artifactory.customVolumes . | indent 6 }} - {{- end }} - {{- if not .Values.artifactory.persistence.enabled }} - - name: volume - emptyDir: - sizeLimit: {{ .Values.artifactory.persistence.size }} - {{- end }} -{{- with .Values.artifactory.persistence }} - {{- if and .enabled (not .existingClaim) }} - volumeClaimTemplates: - - metadata: - name: artifactory-volume - spec: - {{- if .storageClassName }} - {{- if (eq "-" .storageClassName) }} - storageClassName: "" - {{- else }} - storageClassName: "{{ .storageClassName }}" - {{- end }} - {{- end }} - accessModes: [ "{{ .accessMode }}" ] - resources: - requests: - storage: {{ .size }} - {{- end }} -{{- end }} - {{- if .Values.artifactory.customPersistentPodVolumeClaim }} - - metadata: - name: {{ .Values.artifactory.customPersistentPodVolumeClaim.name }} - spec: - {{- if .Values.artifactory.customPersistentPodVolumeClaim.storageClassName }} - {{- if (eq "-" .Values.artifactory.customPersistentPodVolumeClaim.storageClassName) }} - storageClassName: "" - {{- else }} - storageClassName: "{{ .Values.artifactory.customPersistentPodVolumeClaim.storageClassName }}" - {{- end }} - {{- end }} - accessModes: - {{- range .Values.artifactory.customPersistentPodVolumeClaim.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.artifactory.customPersistentPodVolumeClaim.size }} - {{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-system-yaml.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-system-yaml.yaml deleted file mode 100755 index e2fa58e86..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-system-yaml.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "artifactory.fullname" . }}-systemyaml - labels: - app: {{ template "artifactory.name" . }} - chart: {{ template "artifactory.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -type: Opaque -stringData: - system.yaml: | -{{ tpl .Values.artifactory.systemYaml . | indent 4 }} diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/filebeat-configmap.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/filebeat-configmap.yaml deleted file mode 100755 index 8ceb67c01..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/filebeat-configmap.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if .Values.filebeat.enabled }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "artifactory.name" . }}-filebeat-config - labels: - app: {{ template "artifactory.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version }} - heritage: {{ .Release.Service | quote }} - release: {{ .Release.Name | quote }} -data: - filebeat.yml: | -{{ tpl .Values.filebeat.filebeatYml . | indent 4 }} -{{- end -}} \ No newline at end of file diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/ingress.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/ingress.yaml deleted file mode 100755 index 47e2f5505..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/ingress.yaml +++ /dev/null @@ -1,103 +0,0 @@ -{{- if .Values.ingress.enabled -}} -{{- $serviceName := include "artifactory.fullname" . -}} -{{- $servicePort := .Values.artifactory.externalPort -}} -{{- $artifactoryServicePort := .Values.artifactory.externalArtifactoryPort -}} -{{- $ingressName := default ( include "artifactory.fullname" . ) .Values.ingress.name -}} -{{- if semverCompare ">=v1.14.0" .Capabilities.KubeVersion.GitVersion }} -apiVersion: networking.k8s.io/v1beta1 -{{- else }} -apiVersion: extensions/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: {{ $ingressName }} - labels: - app: {{ template "artifactory.name" . }} - chart: {{ template "artifactory.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -{{- if .Values.ingress.labels }} -{{ .Values.ingress.labels | toYaml | trimSuffix "\n"| indent 4 -}} -{{- end}} -{{- if .Values.ingress.annotations }} - annotations: -{{ .Values.ingress.annotations | toYaml | trimSuffix "\n" | indent 4 -}} -{{- end }} -spec: - {{- if .Values.ingress.defaultBackend.enabled }} - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end }} - rules: -{{- if .Values.ingress.hosts }} - {{- range $host := .Values.ingress.hosts }} - - host: {{ $host | quote }} - http: - paths: - - path: {{ $.Values.ingress.routerPath }} - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - - path: {{ $.Values.ingress.artifactoryPath }} - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $artifactoryServicePort }} - {{- end -}} -{{- end -}} - {{- with .Values.ingress.additionalRules }} -{{ tpl . $ | indent 2 }} - {{- end }} - - {{- if .Values.ingress.tls }} - tls: -{{ toYaml .Values.ingress.tls | indent 4 }} - {{- end -}} -{{- if .Values.artifactory.replicator.enabled }} ---- -{{- $replicatorIngressName := default ( include "artifactory.replicator.fullname" . ) .Values.artifactory.replicator.ingress.name -}} - {{- if semverCompare ">=v1.14.0" .Capabilities.KubeVersion.GitVersion }} -apiVersion: networking.k8s.io/v1beta1 - {{- else }} -apiVersion: extensions/v1beta1 - {{- end }} -kind: Ingress -metadata: - name: {{ $replicatorIngressName }} - labels: - app: "{{ template "artifactory.name" $ }}" - chart: "{{ template "artifactory.chart" $ }}" - release: {{ $.Release.Name | quote }} - heritage: {{ $.Release.Service | quote }} - {{- if .Values.artifactory.replicator.ingress.annotations }} - annotations: -{{ .Values.artifactory.replicator.ingress.annotations | toYaml | trimSuffix "\n" | indent 4 -}} - {{- end }} -spec: - {{- if .Values.ingress.defaultBackend.enabled }} - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end }} - rules: -{{- if .Values.artifactory.replicator.ingress.hosts }} - {{- range $host := .Values.artifactory.replicator.ingress.hosts }} - - host: {{ $host | quote }} - http: - paths: - - path: /replicator/ - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - - path: /artifactory/api/replication/replicate/file/streaming - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end -}} -{{- end -}} - {{- if .Values.artifactory.replicator.ingress.tls }} - tls: -{{ toYaml .Values.artifactory.replicator.ingress.tls | indent 4 }} - {{- end -}} -{{- end -}} -{{- end -}} diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/logger-configmap.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/logger-configmap.yaml deleted file mode 100755 index f53f35e48..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/logger-configmap.yaml +++ /dev/null @@ -1,63 +0,0 @@ -{{- if or .Values.artifactory.loggers .Values.artifactory.catalinaLoggers }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "artifactory.fullname" . }}-logger - labels: - app: {{ template "artifactory.name" . }} - chart: {{ template "artifactory.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - tail-log.sh: | - #!/bin/sh - - LOG_DIR=$1 - LOG_NAME=$2 - PID= - - # Wait for log dir to appear - while [ ! -d ${LOG_DIR} ]; do - sleep 1 - done - - cd ${LOG_DIR} - - LOG_PREFIX=$(echo ${LOG_NAME} | sed 's/.log$//g') - - # Find the log to tail - LOG_FILE=$(ls -1t ./${LOG_PREFIX}*.log 2>/dev/null | head -1) - - # Wait for the log file - while [ -z "${LOG_FILE}" ]; do - sleep 1 - LOG_FILE=$(ls -1t ./${LOG_PREFIX}*.log 2>/dev/null | head -1) - done - - echo "Log file ${LOG_FILE} is ready!" - - # Get inode number - INODE_ID=$(ls -i ${LOG_FILE}) - - # echo "Tailing ${LOG_FILE}" - tail -F ${LOG_FILE} & - PID=$! - - # Loop forever to see if a new log was created - while true; do - # Check inode number - NEW_INODE_ID=$(ls -i ${LOG_FILE}) - - # If inode number changed, this means log was rotated and need to start a new tail - if [ "${INODE_ID}" != "${NEW_INODE_ID}" ]; then - kill -9 ${PID} 2>/dev/null - INODE_ID="${NEW_INODE_ID}" - - # Start a new tail - tail -F ${LOG_FILE} & - PID=$! - fi - sleep 1 - done - -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/nginx-artifactory-conf.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/nginx-artifactory-conf.yaml deleted file mode 100755 index bd2ebea96..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/nginx-artifactory-conf.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if and (not .Values.nginx.customArtifactoryConfigMap) .Values.nginx.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "artifactory.fullname" . }}-nginx-artifactory-conf - labels: - app: {{ template "artifactory.name" . }} - chart: {{ template "artifactory.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - artifactory.conf: | -{{ tpl .Values.nginx.artifactoryConf . | indent 4 }} -{{- end }} \ No newline at end of file diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/nginx-certificate-secret.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/nginx-certificate-secret.yaml deleted file mode 100755 index fa39459e7..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/nginx-certificate-secret.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if and (not .Values.nginx.tlsSecretName) .Values.nginx.enabled }} -apiVersion: v1 -kind: Secret -type: kubernetes.io/tls -metadata: - name: {{ template "artifactory.fullname" . }}-nginx-certificate - labels: - app: {{ template "artifactory.name" . }} - chart: {{ template "artifactory.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: -{{ ( include "artifactory.gen-certs" . ) | indent 2 }} -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/nginx-conf.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/nginx-conf.yaml deleted file mode 100755 index 851eae247..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/nginx-conf.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if and (not .Values.nginx.customConfigMap) .Values.nginx.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "artifactory.fullname" . }}-nginx-conf - labels: - app: {{ template "artifactory.name" . }} - chart: {{ template "artifactory.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - nginx.conf: | -{{ tpl .Values.nginx.mainConf . | indent 4 }} -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/nginx-deployment.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/nginx-deployment.yaml deleted file mode 100755 index ec0307769..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/nginx-deployment.yaml +++ /dev/null @@ -1,194 +0,0 @@ -{{- if .Values.nginx.enabled -}} -{{- $serviceName := include "artifactory.fullname" . -}} -{{- $servicePort := .Values.artifactory.externalPort -}} -apiVersion: apps/v1 -kind: {{ .Values.nginx.kind }} -metadata: - name: {{ template "artifactory.nginx.fullname" . }} - labels: - app: {{ template "artifactory.name" . }} - chart: {{ template "artifactory.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - component: {{ .Values.nginx.name }} -{{- if .Values.nginx.labels }} -{{ toYaml .Values.nginx.labels | indent 4 }} -{{- end }} -spec: -{{- if eq .Values.nginx.kind "StatefulSet" }} - serviceName: {{ template "artifactory.nginx.fullname" . }} -{{- end }} -{{- if ne .Values.nginx.kind "DaemonSet" }} - replicas: {{ .Values.nginx.replicaCount }} -{{- end }} - selector: - matchLabels: - app: {{ template "artifactory.name" . }} - release: {{ .Release.Name }} - component: {{ .Values.nginx.name }} - template: - metadata: - annotations: - checksum/nginx-conf: {{ include (print $.Template.BasePath "/nginx-conf.yaml") . | sha256sum }} - checksum/nginx-artifactory-conf: {{ include (print $.Template.BasePath "/nginx-artifactory-conf.yaml") . | sha256sum }} - labels: - app: {{ template "artifactory.name" . }} - chart: {{ template "artifactory.chart" . }} - component: {{ .Values.nginx.name }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - serviceAccountName: {{ template "artifactory.serviceAccountName" . }} - {{- if .Values.imagePullSecrets }} - imagePullSecrets: - - name: {{ .Values.imagePullSecrets }} - {{- end }} - initContainers: - - name: "setup" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: {{ .Values.nginx.image.pullPolicy }} - command: - - '/bin/sh' - - '-c' - - > - rm -rfv {{ .Values.nginx.persistence.mountPath }}/lost+found; - mkdir -p {{ .Values.nginx.persistence.mountPath }}/logs; - volumeMounts: - - mountPath: {{ .Values.nginx.persistence.mountPath | quote }} - name: nginx-volume - securityContext: - runAsUser: {{ .Values.nginx.uid }} - fsGroup: {{ .Values.nginx.gid }} - containers: - - name: {{ .Values.nginx.name }} - image: '{{ .Values.nginx.image.repository }}:{{ default .Chart.AppVersion .Values.nginx.image.version }}' - imagePullPolicy: {{ .Values.nginx.image.pullPolicy }} - command: - - 'nginx' - - '-g' - - 'daemon off;' - ports: - # DEPRECATION NOTE: The following is to maintain support for values pre 1.3.1 and - # will be cleaned up in a later version - {{- if .Values.nginx.http }} - {{- if .Values.nginx.http.enabled }} - - containerPort: {{ .Values.nginx.http.internalPort }} - {{- end }} - {{- else }} # DEPRECATED - - containerPort: {{ .Values.nginx.internalPortHttp }} - {{- end }} - {{- if .Values.nginx.https }} - {{- if .Values.nginx.https.enabled }} - - containerPort: {{ .Values.nginx.https.internalPort }} - {{- end }} - {{- else }} # DEPRECATED - - containerPort: {{ .Values.nginx.internalPortHttps }} - {{- end }} - {{- if .Values.artifactory.ssh.enabled }} - - containerPort: {{ .Values.nginx.ssh.internalPort }} - {{- end }} - volumeMounts: - - name: nginx-conf - mountPath: /etc/nginx/nginx.conf - subPath: nginx.conf - - name: nginx-artifactory-conf - mountPath: "{{ .Values.nginx.persistence.mountPath }}/conf.d/" - - name: nginx-volume - mountPath: {{ .Values.nginx.persistence.mountPath | quote }} - - name: ssl-certificates - mountPath: "{{ .Values.nginx.persistence.mountPath }}/ssl" - resources: -{{ toYaml .Values.nginx.resources | indent 10 }} - {{- if .Values.nginx.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: {{ .Values.nginx.readinessProbe.path }} - {{- if .Values.nginx.http.enabled }} - port: {{ .Values.nginx.http.internalPort }} - scheme: HTTP - {{- else }} - port: {{ .Values.nginx.https.internalPort }} - scheme: HTTPS - {{- end }} - initialDelaySeconds: {{ .Values.nginx.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.nginx.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.nginx.readinessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.nginx.readinessProbe.failureThreshold }} - successThreshold: {{ .Values.nginx.readinessProbe.successThreshold }} - {{- end }} - {{- if .Values.nginx.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: {{ .Values.nginx.livenessProbe.path }} - {{- if .Values.nginx.http.enabled }} - port: {{ .Values.nginx.http.internalPort }} - scheme: HTTP - {{- else }} - port: {{ .Values.nginx.https.internalPort }} - scheme: HTTPS - {{- end }} - initialDelaySeconds: {{ .Values.nginx.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.nginx.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.nginx.livenessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.nginx.livenessProbe.failureThreshold }} - successThreshold: {{ .Values.nginx.livenessProbe.successThreshold }} - {{- end }} - {{- $image := .Values.logger.image.repository }} - {{- $tag := .Values.logger.image.tag }} - {{- $mountPath := .Values.nginx.persistence.mountPath }} - {{- range .Values.nginx.loggers }} - - name: {{ . | replace "_" "-" | replace "." "-" }} - image: '{{ $image }}:{{ $tag }}' - command: - - tail - args: - - '-F' - - '{{ $mountPath }}/logs/{{ . }}' - volumeMounts: - - name: nginx-volume - mountPath: {{ $mountPath }} - resources: -{{ toYaml $.Values.nginx.loggersResources | indent 10 }} - {{- end }} - {{- with .Values.nginx.nodeSelector }} - nodeSelector: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.nginx.affinity }} - affinity: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.nginx.tolerations }} - tolerations: -{{ toYaml . | indent 8 }} - {{- end }} - volumes: - - name: nginx-conf - configMap: - {{- if .Values.nginx.customConfigMap }} - name: {{ .Values.nginx.customConfigMap }} - {{- else }} - name: {{ template "artifactory.fullname" . }}-nginx-conf - {{- end }} - - name: nginx-artifactory-conf - configMap: - {{- if .Values.nginx.customArtifactoryConfigMap }} - name: {{ .Values.nginx.customArtifactoryConfigMap }} - {{- else }} - name: {{ template "artifactory.fullname" . }}-nginx-artifactory-conf - {{- end }} - - name: nginx-volume - {{- if .Values.nginx.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ .Values.nginx.persistence.existingClaim | default (include "artifactory.nginx.fullname" .) }} - {{- else }} - emptyDir: {} - {{- end }} - - name: ssl-certificates - secret: - {{- if .Values.nginx.tlsSecretName }} - secretName: {{ .Values.nginx.tlsSecretName }} - {{- else }} - secretName: {{ template "artifactory.fullname" . }}-nginx-certificate - {{- end }} -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/nginx-pvc.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/nginx-pvc.yaml deleted file mode 100755 index a110d8b24..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/nginx-pvc.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if and .Values.nginx.persistence.enabled (.Values.nginx.enabled ) }} -{{- if (not .Values.nginx.persistence.existingClaim) }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ template "artifactory.nginx.fullname" . }} - labels: - app: {{ template "artifactory.name" . }} - chart: {{ template "artifactory.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - accessModes: - - {{ .Values.nginx.persistence.accessMode | quote }} - resources: - requests: - storage: {{ .Values.nginx.persistence.size | quote }} -{{- if .Values.nginx.persistence.storageClass }} -{{- if (eq "-" .Values.nginx.persistence.storageClass) }} - storageClassName: "" -{{- else }} - storageClassName: "{{ .Values.nginx.persistence.storageClass }}" -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/nginx-service.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/nginx-service.yaml deleted file mode 100755 index 78d2a6f29..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/nginx-service.yaml +++ /dev/null @@ -1,73 +0,0 @@ -{{- if .Values.nginx.enabled -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "artifactory.nginx.fullname" . }} - labels: - app: {{ template "artifactory.name" . }} - chart: {{ template "artifactory.chart" . }} - component: {{ .Values.nginx.name }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -{{- if .Values.nginx.service.annotations }} - annotations: -{{ toYaml .Values.nginx.service.annotations | indent 4 }} -{{- end }} -spec: - type: {{ .Values.nginx.service.type }} -{{- if eq .Values.nginx.service.type "LoadBalancer" }} - {{ if .Values.nginx.service.loadBalancerIP -}} - loadBalancerIP: {{ .Values.nginx.service.loadBalancerIP }} - {{ end -}} - {{- if .Values.nginx.service.externalTrafficPolicy }} - externalTrafficPolicy: {{ .Values.nginx.service.externalTrafficPolicy }} - {{- end }} -{{- end }} -{{- if .Values.nginx.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml .Values.nginx.service.loadBalancerSourceRanges | indent 4 }} -{{- end }} - ports: - # DEPRECATION NOTE: The following is to maintain support for values pre 1.3.0 and - # will be cleaned up in a later version - {{- if .Values.nginx.http }} - {{- if .Values.nginx.http.enabled }} - - port: {{ .Values.nginx.http.externalPort }} - targetPort: {{ .Values.nginx.http.internalPort }} - protocol: TCP - name: http - {{- end }} - {{- else }} # DEPRECATED - - port: {{ .Values.nginx.externalPortHttp }} - targetPort: {{ .Values.nginx.internalPortHttp }} - protocol: TCP - name: http - {{- end }} - {{- if .Values.nginx.https }} - {{- if or .Values.nginx.https.enabled .Values.nginx.service.ssloffload }} - - port: {{ .Values.nginx.https.externalPort }} - {{- if .Values.nginx.service.ssloffload }} - targetPort: {{ .Values.nginx.http.internalPort }} - {{- else }} - targetPort: {{ .Values.nginx.https.internalPort}} - {{- end }} - protocol: TCP - name: https - {{- end }} - {{- else }} # DEPRECATED - - port: {{ .Values.nginx.externalPortHttps }} - targetPort: {{ .Values.nginx.internalPortHttps }} - protocol: TCP - name: https - {{- end }} - {{- if .Values.artifactory.ssh.enabled }} - - port: {{ .Values.nginx.ssh.externalPort }} - targetPort: {{ .Values.nginx.ssh.internalPort }} - protocol: TCP - name: ssh - {{- end }} - selector: - app: {{ template "artifactory.name" . }} - component: {{ .Values.nginx.name }} - release: {{ .Release.Name }} -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/values-large.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/values-large.yaml deleted file mode 100755 index 6399c5b8a..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/values-large.yaml +++ /dev/null @@ -1,11 +0,0 @@ -artifactory: - resources: - requests: - memory: "6Gi" - cpu: "4" - limits: - memory: "10Gi" - cpu: "8" - javaOpts: - xms: "6g" - xmx: "8g" diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/values-medium.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/values-medium.yaml deleted file mode 100755 index 44aff82de..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/values-medium.yaml +++ /dev/null @@ -1,11 +0,0 @@ -artifactory: - resources: - requests: - memory: "4Gi" - cpu: "2" - limits: - memory: "8Gi" - cpu: "6" - javaOpts: - xms: "4g" - xmx: "6g" diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/values-small.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/values-small.yaml deleted file mode 100755 index 04368ae15..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/values-small.yaml +++ /dev/null @@ -1,11 +0,0 @@ -artifactory: - resources: - requests: - memory: "4Gi" - cpu: "2" - limits: - memory: "6Gi" - cpu: "4" - javaOpts: - xms: "4g" - xmx: "4g" diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/values.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/values.yaml deleted file mode 100755 index 9eee1703c..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/values.yaml +++ /dev/null @@ -1,1268 +0,0 @@ -# Default values for artifactory. -# This is a YAML-formatted file. - -# Beware when changing values here. You should know what you are doing! -# Access the values with {{ .Values.key.subkey }} - -# Common -initContainerImage: docker.bintray.io/alpine:3.12 - -installer: - type: - platform: - -installerInfo: '{"productId": "Helm_artifactory/{{ .Chart.Version }}", "features": [ { "featureId": "Platform/{{ default "kubernetes" .Values.installer.platform }}"}]}' - -# For supporting pulling from private registries -imagePullSecrets: - -## Role Based Access Control -## Ref: https://kubernetes.io/docs/admin/authorization/rbac/ -rbac: - create: true - role: - ## Rules to create. It follows the role specification - rules: - - apiGroups: - - '' - resources: - - services - - endpoints - - pods - verbs: - - get - - watch - - list - -## Service Account -## Ref: https://kubernetes.io/docs/admin/service-accounts-admin/ -## -serviceAccount: - create: true - ## The name of the ServiceAccount to use. - ## If not set and create is true, a name is generated using the fullname template - name: - ## Service Account annotations - annotations: {} - -ingress: - enabled: false - defaultBackend: - enabled: true - # Used to create an Ingress record. - hosts: [] - routerPath: / - artifactoryPath: /artifactory/ - annotations: {} - # kubernetes.io/ingress.class: nginx - # nginx.ingress.kubernetes.io/configuration-snippet: | - # proxy_pass_header Server; - # proxy_set_header X-JFrog-Override-Base-Url https://; - # kubernetes.io/tls-acme: "true" - # nginx.ingress.kubernetes.io/proxy-body-size: "0" - labels: {} - # traffic-type: external - # traffic-type: internal - tls: [] - # Secrets must be manually created in the namespace. - # - secretName: chart-example-tls - # hosts: - # - artifactory.domain.example - - # Additional ingress rules - additionalRules: [] - -networkpolicy: - # Allows all ingress and egress - - name: artifactory - podSelector: - matchLabels: - app: artifactory - egress: - - {} - ingress: - - {} - # Uncomment to allow only artifactory pods to communicate with postgresql (if postgresql.enabled is true) - # - name: postgresql - # podSelector: - # matchLabels: - # app: postgresql - # ingress: - # - from: - # - podSelector: - # matchLabels: - # app: artifactory - -logger: - image: - repository: docker.bintray.io/busybox - tag: 1.31.1 - -# Artifactory -artifactory: - name: artifactory - # Note that by default we use appVersion to get image tag/version - image: - repository: docker.bintray.io/jfrog/artifactory-pro - # version: - pullPolicy: IfNotPresent - labels: {} - - # Create a priority class for the Artifactory pod or use an existing one - # NOTE - Maximum allowed value of a user defined priority is 1000000000 - priorityClass: - create: false - value: 1000000000 - ## Override default name - # name: - ## Use an existing priority class - # existingPriorityClass: - - # Delete the db.properties file in ARTIFACTORY_HOME/etc/db.properties - deleteDBPropertiesOnStartup: true - - database: - maxOpenConnections: 80 - tomcat: - connector: - maxThreads: 200 - extraConfig: 'acceptCount="100"' - - # Files to copy to ARTIFACTORY_HOME/ on each Artifactory startup - copyOnEveryStartup: - # # Absolute path - # - source: /artifactory_bootstrap/binarystore.xml - # # Relative to ARTIFACTORY_HOME/ - # target: etc/artifactory/ - # # Absolute path - # - source: /artifactory_bootstrap/artifactory.lic - # # Relative to ARTIFACTORY_HOME/ - # target: etc/artifactory/ - - # Sidecar containers for tailing Artifactory logs - loggers: [] - # - access-audit.log - # - access-request.log - # - access-security-audit.log - # - access-service.log - # - artifactory-access.log - # - artifactory-event.log - # - artifactory-import-export.log - # - artifactory-request.log - # - artifactory-service.log - # - frontend-request.log - # - frontend-service.log - # - metadata-request.log - # - metadata-service.log - # - router-request.log - # - router-service.log - # - router-traefik.log - # - derby.log - - # Loggers containers resources - loggersResources: {} - # requests: - # memory: "10Mi" - # cpu: "10m" - # limits: - # memory: "100Mi" - # cpu: "50m" - - # Sidecar containers for tailing Tomcat (catalina) logs - catalinaLoggers: [] - # - tomcat-catalina.log - # - tomcat-localhost.log - - # Tomcat (catalina) loggers resources - catalinaLoggersResources: {} - # requests: - # memory: "10Mi" - # cpu: "10m" - # limits: - # memory: "100Mi" - # cpu: "50m" - - # Migration support from 6.x to 7.x - migration: - enabled: true - timeoutSeconds: 3600 - ## Extra pre-start command in migration Init Container to install JDBC driver for MySql/MariaDb/Oracle - # preStartCommand: "mkdir -p /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib; cd /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib && wget -O /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib/mysql-connector-java-5.1.41.jar https://jcenter.bintray.com/mysql/mysql-connector-java/5.1.41/mysql-connector-java-5.1.41.jar" - - ## Add custom init containers - customInitContainers: | - # - name: "custom-setup" - # image: "{{ .Values.initContainerImage }}" - # imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" - # command: - # - 'sh' - # - '-c' - # - 'touch {{ .Values.artifactory.persistence.mountPath }}/example-custom-setup' - # volumeMounts: - # - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - # name: artifactory-volume - - ## Add custom sidecar containers - # - The provided example uses a custom volume (customVolumes) - # - The provided example shows running container as root (id 0) - customSidecarContainers: | - # - name: "sidecar-list-etc" - # image: "{{ .Values.initContainerImage }}" - # imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" - # securityContext: - # runAsUser: 0 - # fsGroup: 0 - # command: - # - 'sh' - # - '-c' - # - 'sh /scripts/script.sh' - # volumeMounts: - # - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - # name: artifactory-volume - # - mountPath: "/scripts/script.sh" - # name: custom-script - # subPath: script.sh - # resources: - # requests: - # memory: "32Mi" - # cpu: "50m" - # limits: - # memory: "128Mi" - # cpu: "100m" - - ## Add custom volumes - customVolumes: | - # - name: custom-script - # configMap: - # name: custom-script - - ## Add custom volumesMounts - customVolumeMounts: | - # - name: custom-script - # mountPath: "/scripts/script.sh" - # subPath: script.sh - # - name: posthook-start - # mountPath: "/scripts/posthoook-start.sh" - # subPath: posthoook-start.sh - # - name: prehook-start - # mountPath: "/scripts/prehook-start.sh" - # subPath: prehook-start.sh - - # Add custom persistent volume mounts - Available for the pod - customPersistentPodVolumeClaim: {} - # name: - # mountPath: - # accessModes: - # - "-" - # size: - # storageClassName: - - # Add custom persistent volume mounts - Available to the entire namespace - customPersistentVolumeClaim: {} - # name: - # mountPath: - # accessModes: - # - "-" - # size: - # storageClassName: - - ## Artifactory license. - license: - ## licenseKey is the license key in plain text. Use either this or the license.secret setting - licenseKey: - ## If artifactory.license.secret is passed, it will be mounted as - ## ARTIFACTORY_HOME/etc/artifactory.lic and loaded at run time. - secret: - ## The dataKey should be the name of the secret data key created. - dataKey: - - ## Create configMap with artifactory.config.import.xml and security.import.xml and pass name of configMap in following parameter - configMapName: - - # Add any list of configmaps to Artifactory - configMaps: | - # posthook-start.sh: |- - # echo "This is a post start script" - # posthook-end.sh: |- - # echo "This is a post end script" - - ## List of secrets for Artifactory user plugins. - ## One Secret per plugin's files. - userPluginSecrets: - # - archive-old-artifacts - # - build-cleanup - # - webhook - # - '{{ template "my-chart.fullname" . }}' - - ## Artifactory requires a unique master key. - ## You can generate one with the command: "openssl rand -hex 32" - ## An initial one is auto generated by Artifactory on first startup. - # masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF - ## Alternatively, you can use a pre-existing secret with a key called master-key by specifying masterKeySecretName - # masterKeySecretName: - - ## Join Key to connect other services to Artifactory - ## IMPORTANT: Setting this value overrides the existing joinKey - ## IMPORTANT: You should NOT use the example joinKey for a production deployment! - # joinKey: EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE - ## Alternatively, you can use a pre-existing secret with a key called join-key by specifying joinKeySecretName - # joinKeySecretName: - - # Add custom secrets - secret per file - customSecrets: - # - name: custom-secret - # key: custom-secret.yaml - # data: > - # custom_secret_config: - # parameter1: value1 - # parameter2: value2 - # - name: custom-secret2 - # key: custom-secret2.config - # data: | - # here the custom secret 2 config - - ## If false, all service console logs will not redirect to a common console.log - consoleLog: false - - binarystore: - enabled: true - - ## admin allows to set the password for the default admin user. - ## See: https://www.jfrog.com/confluence/display/JFROG/Users+and+Groups#UsersandGroups-RecreatingtheDefaultAdminUserrecreate - admin: - ip: "127.0.0.1" - username: "admin" - password: - secret: - dataKey: - - ## Extra pre-start command to install JDBC driver for MySql/MariaDb/Oracle - # preStartCommand: "mkdir -p /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib; cd /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib && wget -O /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib/mysql-connector-java-5.1.41.jar https://jcenter.bintray.com/mysql/mysql-connector-java/5.1.41/mysql-connector-java-5.1.41.jar" - ## Extra post-start command to run extra commands after container starts - # postStartCommand: - - ## Extra environment variables that can be used to tune Artifactory to your needs. - ## Uncomment and set value as needed - extraEnvironmentVariables: - # - name: SERVER_XML_ARTIFACTORY_PORT - # value: "8081" - # - name: SERVER_XML_ARTIFACTORY_MAX_THREADS - # value: "200" - # - name: SERVER_XML_ACCESS_MAX_THREADS - # value: "50" - # - name: SERVER_XML_ARTIFACTORY_EXTRA_CONFIG - # value: "" - # - name: SERVER_XML_ACCESS_EXTRA_CONFIG - # value: "" - # - name: SERVER_XML_EXTRA_CONNECTOR - # value: "" - # - name: DB_POOL_MAX_ACTIVE - # value: "100" - # - name: DB_POOL_MAX_IDLE - # value: "10" - # - name: MY_SECRET_ENV_VAR - # valueFrom: - # secretKeyRef: - # name: my-secret-name - # key: my-secret-key - - systemYaml: | - shared: - logging: - consoleLog: - enabled: {{ .Values.artifactory.consoleLog }} - extraJavaOpts: > - -Dartifactory.access.client.max.connections={{ .Values.access.tomcat.connector.maxThreads }} - {{- with .Values.artifactory.javaOpts }} - -Dartifactory.async.corePoolSize={{ .corePoolSize }} - {{- if .xms }} - -Xms{{ .xms }} - {{- end }} - {{- if .xmx }} - -Xmx{{ .xmx }} - {{- end }} - {{- if .jmx.enabled }} - -Dcom.sun.management.jmxremote - -Dcom.sun.management.jmxremote.port={{ .jmx.port }} - -Dcom.sun.management.jmxremote.rmi.port={{ .jmx.port }} - -Dcom.sun.management.jmxremote.ssl={{ .jmx.ssl }} - {{- if .jmx.host }} - -Djava.rmi.server.hostname={{ tpl .jmx.host $ }} - {{- else }} - -Djava.rmi.server.hostname={{ template "artifactory.fullname" $ }} - {{- end }} - {{- if .jmx.authenticate }} - -Dcom.sun.management.jmxremote.authenticate=true - -Dcom.sun.management.jmxremote.access.file={{ .jmx.accessFile }} - -Dcom.sun.management.jmxremote.password.file={{ .jmx.passwordFile }} - {{- else }} - -Dcom.sun.management.jmxremote.authenticate=false - {{- end }} - {{- end }} - {{- if .other }} - {{ .other }} - {{- end }} - {{- end }} - {{- if or .Values.database.type .Values.postgresql.enabled }} - database: - {{- if .Values.postgresql.enabled }} - type: postgresql - url: "jdbc:postgresql://{{ .Release.Name }}-postgresql:{{ .Values.postgresql.service.port }}/{{ .Values.postgresql.postgresqlDatabase }}" - driver: org.postgresql.Driver - username: "{{ .Values.postgresql.postgresqlUsername }}" - {{- else }} - type: "{{ .Values.database.type }}" - driver: "{{ .Values.database.driver }}" - {{- end }} - {{- end }} - artifactory: - database: - maxOpenConnections: {{ .Values.artifactory.database.maxOpenConnections }} - tomcat: - connector: - maxThreads: {{ .Values.artifactory.tomcat.connector.maxThreads }} - extraConfig: {{ .Values.artifactory.tomcat.connector.extraConfig }} - access: - database: - maxOpenConnections: {{ .Values.access.database.maxOpenConnections }} - tomcat: - connector: - maxThreads: {{ .Values.access.tomcat.connector.maxThreads }} - extraConfig: {{ .Values.access.tomcat.connector.extraConfig }} - metadata: - database: - maxOpenConnections: {{ .Values.metadata.database.maxOpenConnections }} - {{- if .Values.artifactory.replicator.enabled }} - replicator: - enabled: true - {{- end }} - - annotations: {} - - service: - name: artifactory - type: ClusterIP - ## For supporting whitelist on the Artifactory service (useful if setting service.type=LoadBalancer) - ## Set this to a list of IP CIDR ranges - ## Example: loadBalancerSourceRanges: ['10.10.10.5/32', '10.11.10.5/32'] - ## or pass from helm command line - ## Example: helm install ... --set nginx.service.loadBalancerSourceRanges='{10.10.10.5/32,10.11.10.5/32}' - loadBalancerSourceRanges: [] - annotations: {} - - ## The following setting are to configure a dedicated Ingress object for Replicator service - replicator: - enabled: false - ingress: - name: - hosts: [] - annotations: {} - # kubernetes.io/ingress.class: nginx - # nginx.ingress.kubernetes.io/proxy-buffering: "off" - # nginx.ingress.kubernetes.io/configuration-snippet: | - # chunked_transfer_encoding on; - tls: [] - # Secrets must be manually created in the namespace. - # - hosts: - # - artifactory.domain.example - # secretName: chart-example-tls-secret - - ## IMPORTANT: If overriding artifactory.internalPort: - ## DO NOT use port lower than 1024 as Artifactory runs as non-root and cannot bind to ports lower than 1024! - externalPort: 8082 - internalPort: 8082 - externalArtifactoryPort: 8081 - internalArtifactoryPort: 8081 - uid: 1030 - terminationGracePeriodSeconds: 30 - - ## The following settings are to configure the frequency of the liveness and readiness probes - livenessProbe: - enabled: true - path: /router/api/v1/system/health - initialDelaySeconds: 180 - failureThreshold: 10 - timeoutSeconds: 10 - periodSeconds: 10 - successThreshold: 1 - - readinessProbe: - enabled: true - path: /router/api/v1/system/health - initialDelaySeconds: 90 - failureThreshold: 10 - timeoutSeconds: 10 - periodSeconds: 10 - successThreshold: 1 - - persistence: - mountPath: "/var/opt/jfrog/artifactory" - enabled: true - ## A manually managed Persistent Volume and Claim - ## Requires persistence.enabled: true - ## If defined, PVC must be created manually before volume will be bound - # existingClaim: - - accessMode: ReadWriteOnce - ## Storage default size. Should be increased for production deployments. - size: 20Gi - - ## Use a custom Secret to be mounted as your binarystore.xml - ## NOTE: This will ignore all settings below that make up binarystore.xml - customBinarystoreXmlSecret: - ## Cache default size. Should be increased for production deployments. - maxCacheSize: 5000000000 - cacheProviderDir: cache - - ## Set the persistence storage type. This will apply the matching binarystore.xml to Artifactory config - ## Supported types are: - ## file-system (default) - ## nfs - ## google-storage - ## aws-s3 - ## aws-s3-v3 - ## azure-blob - type: file-system - - ## Use binarystoreXml to provide a custom binarystore.xml - ## This can be a template or hardcoded. - binarystoreXml: | - {{- if eq .Values.artifactory.persistence.type "file-system" -}} - - - - {{- if .Values.artifactory.persistence.fileSystem.cache.enabled }} - - {{- end }} - - {{- if .Values.artifactory.persistence.fileSystem.cache.enabled }} - - {{- end }} - - - {{- if .Values.artifactory.persistence.fileSystem.cache.enabled }} - - {{ .Values.artifactory.persistence.maxCacheSize }} - {{ .Values.artifactory.persistence.cacheProviderDir }} - - {{- end }} - - {{- end }} - {{- if eq .Values.artifactory.persistence.type "google-storage" }} - - - - - - - - - - - - - - - {{ .Values.artifactory.persistence.maxCacheSize }} - {{ .Values.artifactory.persistence.cacheProviderDir }} - - - - {{ .Values.artifactory.persistence.mountPath }}/data/filestore - /tmp - - - - google-cloud-storage - {{ .Values.artifactory.persistence.googleStorage.endpoint }} - {{ .Values.artifactory.persistence.googleStorage.httpsOnly }} - {{ .Values.artifactory.persistence.googleStorage.bucketName }} - {{ .Values.artifactory.persistence.googleStorage.identity }} - {{ .Values.artifactory.persistence.googleStorage.credential }} - {{ .Values.artifactory.persistence.googleStorage.path }} - {{ .Values.artifactory.persistence.googleStorage.bucketExists }} - - - {{- end }} - {{- if eq .Values.artifactory.persistence.type "aws-s3-v3" }} - - - - - - - - - - - - - - - {{ .Values.artifactory.persistence.maxCacheSize }} - {{ .Values.artifactory.persistence.cacheProviderDir }} - - - {{- with .Values.artifactory.persistence.awsS3V3 }} - - {{ .testConnection }} - {{- if .identity }} - {{ .identity }} - {{- end }} - {{- if .credential }} - {{ .credential }} - {{- end }} - {{ .region }} - {{ .bucketName }} - {{ .path }} - {{ .endpoint }} - {{- with .maxConnections }} - {{ . }} - {{- end }} - {{- with .kmsServerSideEncryptionKeyId }} - {{ . }} - {{- end }} - {{- with .kmsKeyRegion }} - {{ . }} - {{- end }} - {{- with .kmsCryptoMode }} - {{ . }} - {{- end }} - {{- if .useInstanceCredentials }} - true - {{- else }} - false - {{- end }} - {{ .usePresigning }} - {{ .signatureExpirySeconds }} - {{- with .cloudFrontDomainName }} - {{ . }} - {{- end }} - {{- with .cloudFrontKeyPairId }} - {{ .cloudFrontKeyPairId }} - {{- end }} - {{- with .cloudFrontPrivateKey }} - {{ . }} - {{- end }} - - {{- end }} - - {{- end }} - - {{- if eq .Values.artifactory.persistence.type "aws-s3" }} - - - - - - - - - - - - - - - {{ .Values.artifactory.persistence.maxCacheSize }} - {{ .Values.artifactory.persistence.cacheProviderDir }} - - - - {{ .Values.artifactory.persistence.awsS3.endpoint }} - {{- if .Values.artifactory.persistence.awsS3.roleName }} - {{ .Values.artifactory.persistence.awsS3.roleName }} - true - {{- else }} - {{ .Values.artifactory.persistence.awsS3.refreshCredentials }} - {{- end }} - {{ .Values.artifactory.persistence.awsS3.s3AwsVersion }} - {{ .Values.artifactory.persistence.awsS3.testConnection }} - {{ .Values.artifactory.persistence.awsS3.httpsOnly }} - {{ .Values.artifactory.persistence.awsS3.region }} - {{ .Values.artifactory.persistence.awsS3.bucketName }} - {{- if .Values.artifactory.persistence.awsS3.identity }} - {{ .Values.artifactory.persistence.awsS3.identity }} - {{- end }} - {{- if .Values.artifactory.persistence.awsS3.credential }} - {{ .Values.artifactory.persistence.awsS3.credential }} - {{- end }} - {{ .Values.artifactory.persistence.awsS3.path }} - {{- range $key, $value := .Values.artifactory.persistence.awsS3.properties }} - - {{- end }} - - - {{- end }} - {{- if eq .Values.artifactory.persistence.type "azure-blob" }} - - - - - - - - - - - - - - - {{ .Values.artifactory.persistence.maxCacheSize }} - {{ .Values.artifactory.persistence.cacheProviderDir }} - - - - {{ .Values.artifactory.persistence.azureBlob.accountName }} - {{ .Values.artifactory.persistence.azureBlob.accountKey }} - {{ .Values.artifactory.persistence.azureBlob.endpoint }} - {{ .Values.artifactory.persistence.azureBlob.containerName }} - {{ .Values.artifactory.persistence.azureBlob.testConnection }} - - - {{- end }} - - ## For artifactory.persistence.type nfs - ## If using NFS as the shared storage, you must have a running NFS server that is accessible by your Kubernetes - ## cluster nodes. - ## Need to have the following set - nfs: - # Must pass actual IP of NFS server with '--set For artifactory.persistence.nfs.ip=${NFS_IP}' - ip: - haDataMount: "/data" - haBackupMount: "/backup" - dataDir: "/var/opt/jfrog/artifactory" - backupDir: "/var/opt/jfrog/artifactory-backup" - capacity: 200Gi - - ## For artifactory.persistence.type file-system - fileSystem: - cache: - enabled: false - - ## For artifactory.persistence.type google-storage - googleStorage: - endpoint: storage.googleapis.com - httpsOnly: false - # Set a unique bucket name - bucketName: "artifactory-gcp" - identity: - credential: - path: "artifactory/filestore" - bucketExists: false - - ## For artifactory.persistence.type aws-s3-v3 - awsS3V3: - testConnection: false - identity: - credential: - region: - bucketName: artifactory-aws - path: artifactory/filestore - endpoint: - maxConnections: 50 - kmsServerSideEncryptionKeyId: - kmsKeyRegion: - kmsCryptoMode: - useInstanceCredentials: true - usePresigning: false - signatureExpirySeconds: 300 - cloudFrontDomainName: - cloudFrontKeyPairId: - cloudFrontPrivateKey: - - ## For artifactory.persistence.type aws-s3 - ## IMPORTANT: Make sure S3 `endpoint` and `region` match! See https://docs.aws.amazon.com/general/latest/gr/rande.html - awsS3: - # Set a unique bucket name - bucketName: "artifactory-aws" - endpoint: - region: - roleName: - identity: - credential: - path: "artifactory/filestore" - refreshCredentials: true - httpsOnly: true - testConnection: false - s3AwsVersion: AWS4-HMAC-SHA256 - ## Additional properties to set on the s3 provider - properties: {} - # httpclient.max-connections: 100 - ## For artifactory.persistence.type azure-blob - azureBlob: - accountName: - accountKey: - endpoint: - containerName: - testConnection: false - ## artifactory data Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - # storageClass: "-" - ## Annotations for the Persistent Volume Claim - annotations: {} - ## Uncomment the following resources definitions or pass them from command line - ## to control the cpu and memory resources allocated by the Kubernetes cluster - resources: {} - # requests: - # memory: "1Gi" - # cpu: "500m" - # limits: - # memory: "2Gi" - # cpu: "1" - ## The following Java options are passed to the java process running Artifactory. - ## You should set them according to the resources set above - javaOpts: - # xms: "1g" - # xmx: "2g" - jmx: - enabled: false - port: 9010 - host: - ssl: false - # When authenticate is true, accessFile and passwordFile are required - authenticate: false - accessFile: - passwordFile: - corePoolSize: 8 - # other: "" - - nodeSelector: {} - - tolerations: [] - - affinity: {} - - ssh: - enabled: false - internalPort: 1339 - externalPort: 1339 - -access: - ## Enable TLS by changing the tls entry (under the security section) in the access.config.yaml file. - ## ref: https://www.jfrog.com/confluence/display/JFROG/Managing+TLS+Certificates#ManagingTLSCertificates - ## When security.tls is set to true, JFrog Access will act as the Certificate Authority (CA) and sign the TLS certificates used by all the different JFrog Platform nodes. - ## This ensures that the node to node communication is done over TLS. - accessConfig: - security: - tls: false - - ## You can use a pre-existing secret by specifying customCertificatesSecretName - ## Example : Create a tls secret using `kubectl create secret tls --cert=ca.crt --key=ca.private.key` - # customCertificatesSecretName: - - ## When resetAccessCAKeys is true, Access will regenerate the CA certificate and matching private key - # resetAccessCAKeys: false - database: - maxOpenConnections: 80 - tomcat: - connector: - maxThreads: 50 - extraConfig: 'acceptCount="100"' - -metadata: - database: - maxOpenConnections: 80 - -# Nginx -nginx: - enabled: true - kind: Deployment - name: nginx - labels: {} - replicaCount: 1 - uid: 104 - gid: 107 - # Note that by default we use appVersion to get image tag/version - image: - repository: docker.bintray.io/jfrog/nginx-artifactory-pro - # version: - pullPolicy: IfNotPresent - - # Sidecar containers for tailing Nginx logs - loggers: [] - # - access.log - # - error.log - - # Loggers containers resources - loggersResources: {} - # requests: - # memory: "64Mi" - # cpu: "25m" - # limits: - # memory: "128Mi" - # cpu: "50m" - - # Logs options - logs: - stderr: false - level: warn - - mainConf: | - # Main Nginx configuration file - worker_processes 4; - - {{ if .Values.nginx.logs.stderr }} - error_log stderr {{ .Values.nginx.logs.level }}; - {{- else -}} - error_log {{ .Values.nginx.persistence.mountPath }}/logs/error.log {{ .Values.nginx.logs.level }}; - {{- end }} - pid /tmp/nginx.pid; - - {{- if .Values.artifactory.ssh.enabled }} - ## SSH Server Configuration - stream { - server { - listen {{ .Values.nginx.ssh.internalPort }}; - proxy_pass {{ include "artifactory.fullname" . }}:{{ .Values.artifactory.ssh.externalPort }}; - } - } - {{- end }} - - events { - worker_connections 1024; - } - - - http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - - variables_hash_max_size 1024; - variables_hash_bucket_size 64; - server_names_hash_max_size 4096; - server_names_hash_bucket_size 128; - types_hash_max_size 2048; - types_hash_bucket_size 64; - proxy_read_timeout 2400s; - client_header_timeout 2400s; - client_body_timeout 2400s; - proxy_connect_timeout 75s; - proxy_send_timeout 2400s; - proxy_buffer_size 128k; - proxy_buffers 40 128k; - proxy_busy_buffers_size 128k; - proxy_temp_file_write_size 250m; - proxy_http_version 1.1; - client_body_buffer_size 128k; - - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - log_format timing 'ip = $remote_addr ' - 'user = \"$remote_user\" ' - 'local_time = \"$time_local\" ' - 'host = $host ' - 'request = \"$request\" ' - 'status = $status ' - 'bytes = $body_bytes_sent ' - 'upstream = \"$upstream_addr\" ' - 'upstream_time = $upstream_response_time ' - 'request_time = $request_time ' - 'referer = \"$http_referer\" ' - 'UA = \"$http_user_agent\"'; - - access_log {{ .Values.nginx.persistence.mountPath }}/logs/access.log timing; - - sendfile on; - #tcp_nopush on; - - keepalive_timeout 65; - - #gzip on; - - include /etc/nginx/conf.d/*.conf; - - } - - - artifactoryConf: | - {{- if .Values.nginx.https.enabled }} - ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; - ssl_certificate {{ .Values.nginx.persistence.mountPath }}/ssl/tls.crt; - ssl_certificate_key {{ .Values.nginx.persistence.mountPath }}/ssl/tls.key; - ssl_session_cache shared:SSL:1m; - ssl_prefer_server_ciphers on; - {{- end }} - ## server configuration - server { - {{- if .Values.nginx.internalPortHttps }} - listen {{ .Values.nginx.internalPortHttps }} ssl; - {{- else -}} - {{- if .Values.nginx.https.enabled }} - listen {{ .Values.nginx.https.internalPort }} ssl; - {{- end }} - {{- end }} - {{- if .Values.nginx.internalPortHttp }} - listen {{ .Values.nginx.internalPortHttp }}; - {{- else -}} - {{- if .Values.nginx.http.enabled }} - listen {{ .Values.nginx.http.internalPort }}; - {{- end }} - {{- end }} - server_name ~(?.+)\.{{ include "artifactory.fullname" . }} {{ include "artifactory.fullname" . }} - {{- range .Values.ingress.hosts -}} - {{- if contains "." . -}} - {{ "" | indent 0 }} ~(?.+)\.{{ . }} - {{- end -}} - {{- end -}}; - - if ($http_x_forwarded_proto = '') { - set $http_x_forwarded_proto $scheme; - } - ## Application specific logs - ## access_log /var/log/nginx/artifactory-access.log timing; - ## error_log /var/log/nginx/artifactory-error.log; - rewrite ^/artifactory/?$ / redirect; - if ( $repo != "" ) { - rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/$repo/$1/$2 break; - } - chunked_transfer_encoding on; - client_max_body_size 0; - - location / { - proxy_read_timeout 900; - proxy_pass_header Server; - proxy_cookie_path ~*^/.* /; - proxy_pass {{ include "artifactory.scheme" . }}://{{ include "artifactory.fullname" . }}:{{ .Values.artifactory.externalPort }}/; - {{- if .Values.nginx.service.ssloffload}} - proxy_set_header X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host; - {{- else }} - proxy_set_header X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host:$server_port; - proxy_set_header X-Forwarded-Port $server_port; - {{- end }} - proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - location /artifactory/ { - if ( $request_uri ~ ^/artifactory/(.*)$ ) { - proxy_pass {{ include "artifactory.scheme" . }}://{{ include "artifactory.fullname" . }}:{{ .Values.artifactory.externalArtifactoryPort }}/artifactory/$1; - } - proxy_pass {{ include "artifactory.scheme" . }}://{{ include "artifactory.fullname" . }}:{{ .Values.artifactory.externalArtifactoryPort }}/artifactory/; - } - } - } - - service: - ## For minikube, set this to NodePort, elsewhere use LoadBalancer - type: LoadBalancer - ssloffload: false - ## For supporting whitelist on the Nginx LoadBalancer service - ## Set this to a list of IP CIDR ranges - ## Example: loadBalancerSourceRanges: ['10.10.10.5/32', '10.11.10.5/32'] - ## or pass from helm command line - ## Example: helm install ... --set nginx.service.loadBalancerSourceRanges='{10.10.10.5/32,10.11.10.5/32}' - loadBalancerSourceRanges: [] - annotations: {} - ## Provide static ip address - loadBalancerIP: - ## There are two available options: “Cluster” (default) and “Local”. - externalTrafficPolicy: Cluster - - http: - enabled: true - externalPort: 80 - internalPort: 80 - https: - enabled: true - externalPort: 443 - internalPort: 443 - - ssh: - internalPort: 1339 - externalPort: 1339 - - # DEPRECATED: The following will be removed in a future release - # externalPortHttp: 80 - # internalPortHttp: 80 - # externalPortHttps: 443 - # internalPortHttps: 443 - - ## The following settings are to configure the frequency of the liveness and readiness probes - livenessProbe: - enabled: true - path: /router/api/v1/system/health - initialDelaySeconds: 180 - failureThreshold: 10 - timeoutSeconds: 10 - periodSeconds: 10 - successThreshold: 1 - - readinessProbe: - enabled: true - path: /router/api/v1/system/health - initialDelaySeconds: 120 - failureThreshold: 10 - timeoutSeconds: 10 - periodSeconds: 10 - successThreshold: 1 - - ## The SSL secret that will be used by the Nginx pod - # tlsSecretName: chart-example-tls - ## Custom ConfigMap for nginx.conf - customConfigMap: - ## Custom ConfigMap for artifactory-ha.conf - customArtifactoryConfigMap: - persistence: - mountPath: "/var/opt/jfrog/nginx" - enabled: false - ## A manually managed Persistent Volume and Claim - ## Requires persistence.enabled: true - ## If defined, PVC must be created manually before volume will be bound - # existingClaim: - - accessMode: ReadWriteOnce - size: 5Gi - ## nginx data Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - # storageClass: "-" - resources: {} - # requests: - # memory: "250Mi" - # cpu: "100m" - # limits: - # memory: "250Mi" - # cpu: "500m" - nodeSelector: {} - - tolerations: [] - - affinity: {} - -## Database configurations -## Use the wait-for-db init container. Set to false to skip -waitForDatabase: true - -## Configuration values for the PostgreSQL dependency sub-chart -## ref: https://github.com/bitnami/charts/blob/master/bitnami/postgresql/README.md -postgresql: - enabled: true - image: - registry: docker.bintray.io - repository: bitnami/postgresql - tag: 10.13.0-debian-10-r38 - postgresqlUsername: artifactory - postgresqlPassword: "" - postgresqlDatabase: artifactory - postgresqlExtendedConf: - listenAddresses: "'*'" - maxConnections: "1500" - persistence: - enabled: true - size: 50Gi - service: - port: 5432 - master: - nodeSelector: {} - affinity: {} - tolerations: [] - slave: - nodeSelector: {} - affinity: {} - tolerations: [] - resources: {} - # requests: - # memory: "512Mi" - # cpu: "100m" - # limits: - # memory: "1Gi" - # cpu: "500m" - -## If NOT using the PostgreSQL in this chart (postgresql.enabled=false), -## specify custom database details here or leave empty and Artifactory will use embedded derby -database: - type: - driver: - ## If you set the url, leave host and port empty - url: - ## If you would like this chart to create the secret containing the db - ## password, use these values - user: - password: - ## If you have existing Kubernetes secrets containing db credentials, use - ## these values - secrets: {} - # user: - # name: "rds-artifactory" - # key: "db-user" - # password: - # name: "rds-artifactory" - # key: "db-password" - # url: - # name: "rds-artifactory" - # key: "db-url" - -# Filebeat Sidecar container -## The provided filebeat configuration is for Artifactory logs. It assumes you have a logstash installed and configured properly. -filebeat: - enabled: false - name: artifactory-filebeat - image: - repository: "docker.elastic.co/beats/filebeat" - version: 7.5.1 - logstashUrl: "logstash:5044" - - livenessProbe: - exec: - command: - - sh - - -c - - | - #!/usr/bin/env bash -e - curl --fail 127.0.0.1:5066 - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 5 - - readinessProbe: - exec: - command: - - sh - - -c - - | - #!/usr/bin/env bash -e - filebeat test output - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 5 - - resources: {} -# requests: -# memory: "100Mi" -# cpu: "100m" -# limits: -# memory: "100Mi" -# cpu: "100m" - - filebeatYml: | - logging.level: info - path.data: {{ .Values.artifactory.persistence.mountPath }}/log/filebeat - name: artifactory-filebeat - queue.spool: ~ - filebeat.inputs: - - type: log - enabled: true - close_eof: ${CLOSE:false} - paths: - - {{ .Values.artifactory.persistence.mountPath }}/log/*.log - fields: - service: "jfrt" - log_type: "artifactory" - output: - logstash: - hosts: ["{{ .Values.filebeat.logstashUrl }}"] diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/ci/default-values.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/ci/default-values.yaml deleted file mode 100755 index fc2ba605a..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/ci/default-values.yaml +++ /dev/null @@ -1 +0,0 @@ -# Leave this file empty to ensure that CI runs builds against the default configuration in values.yaml. diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/logo/jcr-logo.png b/charts/artifactory-jcr/artifactory-jcr/2.5.100/logo/jcr-logo.png deleted file mode 100755 index e0ed038ca059f73c179a39841d3be9871075b3a3..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 3135 zcmZ`)c{r478-EMg5|gd$S;7$wLYet283r@&7+bOw6-rXJK^@9ch%DiVY>8uE3$s{C zNXv*29ZFd$$J!{A^?TmYxvua0@m<$5&vHNaZ@KUHxvsfMCgBD6B={f*60k7G*?^S> ze$6}_VAhkvn}LP%tTAj1LA6QzYp1xtS?-Lv4Gck7_CrwkbqHDkq3}rvqM#vY$_;|_ zGayLZH=ALNg`n+SWTKrZNFXstFdZf`h%lW%q9Zem%wWL(Y=|(pWf0jpFvtNA@*}bh z4NqbaNHq2>ok(O4fFji*gaC^~*eHtz3p@>vT+xsqxMGtKJek`6D-j+ZPHbjN(+DK$ zFA|VIrjkjG;D{JQfHbg2?2(#CfEn@3AlR4L!;D{sNi+i72wOKFBHK1FWAw;~#IOVmFbxI+vG)%Tp$Rku5d~F1n-Bq@z#ahUL`04qw|{C6ngI4B z2GNXe1~!0jD+kB{doU;&fgs*~MUWDZh2Io0(w$$ew+*1p#$!89)jIJfINEdQ12byhTE!A`Z#GDqyCvo5Qw> zXd$lxNFzP5rdxxqf+O1oJB~DJ>&?KH3`@3cn9zujgKmIKs|KsB=CDcFwIEK2KoQKq zD)`C-c3oRSfO%_JH3BwEm3yJZ!SBblHI;0mZSknc#MBky5zbJK&zV+}m$ z*+3hTEhKT&{dyszYxL`njhT-x>N3MILVN8K9(`(zwh$nX^ro6|?><9YStxhms$X5a zzg==NSfk+kZ8^=FwS2{r6!BegS9Uo5J!mW=?D`FdDr3@%GLmzPc@9O`syW2YzLq~d zue9yJ#o9TJDHC4OdJz9Z&XbStioQB{?`M@%e_E^HyZGlFZzilfS#5j`5A1x?eOkG zs(bGA{TB9i=)_pomm^DmDgWoQbu|TcRyWWw+;4gFCEow)z}ZqQ)5dSIC{Xye(*!(j zuAADc2M*kU7O*MzIKK$5jPA!91=%1HWPvlb3mKZtS$7pNmFg5XAH~_}8)+U?6eb*b zJ%QcTDnx$0fJ$M;)YwL(35nk5f6?Bq_2BD1TLQ1BaBApdTQwb>K4y%Hj_hP>uJ>ll zTzV))8xu?oUdcgpMUvN~zS zonig+Lwnmo=M>Fjo--G!gO_}He7F_NR;)3_vS|%b6V@9GGV6N^sp}U%`aL?Aw0GLk z<0FkFy#Mpi^WWulNygPLa&R9ohRn(*zAsZ#^PU{KQb^2{z;w-C?8_^fJ<-!jnbm$O zh8_3EPct1K!d1)aw~EV7^!IsmbqMFFFVwAO(@k7tWR$wCziZ@tDI2&Nt#t$SO`K-q zI>|DeQ~MPEOy{nDGb89=Rf*yktkvH_Cmy67&(Y|emTWHZn0PtIf6#_?^`@P}C;vPR z*&~-n3+wKvW~4T&8{|D*aQM;L)D%bVdf{NF=;UB8Ebs7$Z~BC#zQ#AL{u{eO5`-8# zzQ41<(aL`dJwd6ckM_N~ccK9xm z^=r&jomKefX`K5RgIBOe{0uUvIp&!^qg&)!C0XyT)00Oczcw&Kg>e-XQOe;TB3cx* zxkH3>vQ((ls4m)%^vW{r&hgB9>#G{`WA#nNx_*apX$jF(xA%3>pVL8{HMm1E zcUg0uY=})XAtyEe%*}rt1vE8 zZroX6Es9U-YD*po?0BtU7%lB5DSxp*Blk>@oB+3Zitg}9ES#bnRXAJOyMz)Po5V*J z^mkBt1(~Fyq|Lg&O4Ze6+JoiCYR=4*#3|(IBt=~56Wx64xF#IkZb%WEZ%;nF;CWim zWK938Up)TKV-!9*R7qPgFsIMHc5Vbup~CGuRK5EK+7If z(mnZITq!5}xm7XUw`k#s7Mm&3EJt%kQOuavxl?@FW0RPDwaS<=+uKK_-?^iP#@_Zc zH#1}T#gluhAGdH=i@U~%=|$)q@rmp)_O%~6D4s8J!Of>(z##4>zJrR^+U_h=;a76G zXy9lZJvL4<0K5Rp0i}MaAAOvrd^OsiO~IS7iSD{v>FH4vk({9OlkdECPekp-$ILt4 zK80zap;~$$AsoZyX?sHBWWTL<8yQnaB=9AHRX$p3Tu&p0KzTSAJTvDiufHon^~X2*w>#XS8R+m}vX z-e74?1$0SH&%g}Hf&Jt0&TN1+m z#AQL=x^%XwN#VSU2@^HlQarBCV1U%m;C7nHI0 zHT_K@^NYVGtw-+4NMuc8`D6;gFoaw;q=}*LxYS!#)rH(vWy{DEF+V>E2y2ZKJ-2rT)DP9&n3z#p(CK0JXYTTKvnH z3l=>(=8_%Ht+J`ix(3}d`Z=)Hlc^5=l$8Qaj|aM+3iQxFf=KlitTyppFy!`(Gr!<~@2LQ;zl!U7~>K6H5h0(N~ diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/questions.yml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/questions.yml deleted file mode 100755 index 9cde42870..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/questions.yml +++ /dev/null @@ -1,271 +0,0 @@ -questions: -# Advance Settings -- variable: artifactory.artifactory.masterKey - default: "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" - description: "Artifactory master key. For security reasons, we strongly recommend you generate your own master key using this command: 'openssl rand -hex 32'" - type: string - label: Artifactory master key - group: "Security Settings" - -# Container Images -- variable: defaultImage - default: true - description: "Use default Docker image" - label: Use Default Image - type: boolean - show_subquestion_if: false - group: "Container Images" - subquestions: - - variable: artifactory.artifactory.image.repository - default: "docker.bintray.io/jfrog/artifactory-jcr" - description: "JFrog Container Registry image name" - type: string - label: JFrog Container Registry Image Name - - variable: artifactory.artifactory.image.version - default: "7.6.3" - description: "JFrog Container Registry image tag" - type: string - label: JFrog Container Registry Image Tag - - variable: artifactory.imagePullSecrets - description: "Image Pull Secret" - type: string - label: Image Pull Secret - -# Services and LoadBalancing Settings -- variable: artifactory.ingress.enabled - default: false - description: "Expose app using Layer 7 Load Balancer - ingress" - type: boolean - label: Expose app using Layer 7 Load Balancer - show_subquestion_if: true - group: "Services and Load Balancing" - required: true - subquestions: - - variable: artifactory.ingress.hosts[0] - default: "xip.io" - description: "Hostname to your artifactory installation" - type: hostname - required: true - label: Hostname - -# Nginx Settings -- variable: artifactory.nginx.enabled - default: true - description: "Enable nginx server" - type: boolean - label: Enable Nginx Server - group: "Services and Load Balancing" - required: true - show_if: "artifactory.ingress.enabled=false" -- variable: artifactory.nginx.service.type - default: "LoadBalancer" - description: "Nginx service type" - type: enum - required: true - label: Nginx Service Type - show_if: "artifactory.nginx.enabled=true&&artifactory.ingress.enabled=false" - group: "Services and Load Balancing" - options: - - "ClusterIP" - - "NodePort" - - "LoadBalancer" -- variable: artifactory.nginx.service.loadBalancerIP - default: "" - description: "Provide Static IP to configure with Nginx" - type: string - label: Config Nginx LoadBalancer IP - show_if: "artifactory.nginx.enabled=true&&artifactory.nginx.service.type=LoadBalancer&&artifactory.ingress.enabled=false" - group: "Services and Load Balancing" -- variable: artifactory.nginx.tlsSecretName - default: "" - description: "Provide SSL Secret name to configure with Nginx" - type: string - label: Config Nginx SSL Secret - show_if: "artifactory.nginx.enabled=true&&artifactory.ingress.enabled=false" - group: "Services and Load Balancing" -- variable: artifactory.nginx.customArtifactoryConfigMap - default: "" - description: "Provide configMap name to configure Nginx with custom `artifactory.conf`" - type: string - label: ConfigMap for Nginx Artifactory Config - show_if: "artifactory.nginx.enabled=true&&artifactory.ingress.enabled=false" - group: "Services and Load Balancing" - -# Database Settings -- variable: artifactory.postgresql.enabled - default: true - description: "Enable PostgreSQL" - type: boolean - required: true - label: Enable PostgreSQL - group: "Database Settings" - show_subquestion_if: true - subquestions: - - variable: artifactory.postgresql.postgresqlPassword - default: "" - description: "PostgreSQL password" - type: password - required: true - label: PostgreSQL Password - group: "Database Settings" - show_if: "artifactory.postgresql.enabled=true" - - variable: artifactory.postgresql.persistence.size - default: 20Gi - description: "PostgreSQL persistent volume size" - type: string - label: PostgreSQL Persistent Volume Size - show_if: "artifactory.postgresql.enabled=true" - - variable: artifactory.postgresql.persistence.storageClass - default: "" - description: "If undefined or null, uses the default StorageClass. Default to null" - type: storageclass - label: Default StorageClass for PostgreSQL - show_if: "artifactory.postgresql.enabled=true" - - variable: artifactory.postgresql.resources.requests.cpu - default: "200m" - description: "PostgreSQL initial cpu request" - type: string - label: PostgreSQL Initial CPU Request - show_if: "artifactory.postgresql.enabled=true" - - variable: artifactory.postgresql.resources.requests.memory - default: "500Mi" - description: "PostgreSQL initial memory request" - type: string - label: PostgreSQL Initial Memory Request - show_if: "artifactory.postgresql.enabled=true" - - variable: artifactory.postgresql.resources.limits.cpu - default: "1" - description: "PostgreSQL cpu limit" - type: string - label: PostgreSQL CPU Limit - show_if: "artifactory.postgresql.enabled=true" - - variable: artifactory.postgresql.resources.limits.memory - default: "1Gi" - description: "PostgreSQL memory limit" - type: string - label: PostgreSQL Memory Limit - show_if: "artifactory.postgresql.enabled=true" -- variable: artifactory.database.type - default: "postgresql" - description: "xternal database type (postgresql, mysql, oracle or mssql)" - type: enum - required: true - label: External Database Type - group: "Database Settings" - show_if: "artifactory.postgresql.enabled=false" - options: - - "postgresql" - - "mysql" - - "oracle" - - "mssql" -- variable: artifactory.database.url - default: "" - description: "External database URL. If you set the url, leave host and port empty" - type: string - label: External Database URL - group: "Database Settings" - show_if: "artifactory.postgresql.enabled=false" -- variable: artifactory.database.host - default: "" - description: "External database hostname" - type: string - label: External Database Hostname - group: "Database Settings" - show_if: "artifactory.postgresql.enabled=false" -- variable: artifactory.database.port - default: "" - description: "External database port" - type: string - label: External Database Port - group: "Database Settings" - show_if: "artifactory.postgresql.enabled=false" -- variable: artifactory.database.user - default: "" - description: "External database username" - type: string - label: External Database Username - group: "Database Settings" - show_if: "artifactory.postgresql.enabled=false" -- variable: artifactory.database.password - default: "" - description: "External database password" - type: password - label: External Database Password - group: "Database Settings" - show_if: "artifactory.postgresql.enabled=false" - -# Advance Settings -- variable: artifactory.advancedOptions - default: false - description: "Show advanced configurations" - label: Show Advanced Configurations - type: boolean - show_subquestion_if: true - group: "Advanced Options" - subquestions: - - variable: artifactory.artifactory.primary.resources.requests.cpu - default: "500m" - description: "Artifactory primary node initial cpu request" - type: string - label: Artifactory Primary Node Initial CPU Request - - variable: artifactory.artifactory.primary.resources.requests.memory - default: "1Gi" - description: "Artifactory primary node initial memory request" - type: string - label: Artifactory Primary Node Initial Memory Request - - variable: artifactory.artifactory.primary.javaOpts.xms - default: "1g" - description: "Artifactory primary node java Xms size" - type: string - label: Artifactory Primary Node Java Xms Size - - variable: artifactory.artifactory.primary.resources.limits.cpu - default: "2" - description: "Artifactory primary node cpu limit" - type: string - label: Artifactory Primary Node CPU Limit - - variable: artifactory.artifactory.primary.resources.limits.memory - default: "4Gi" - description: "Artifactory primary node memory limit" - type: string - label: Artifactory Primary Node Memory Limit - - variable: artifactory.artifactory.primary.javaOpts.xmx - default: "4g" - description: "Artifactory primary node java Xmx size" - type: string - label: Artifactory Primary Node Java Xmx Size - - variable: artifactory.artifactory.node.resources.requests.cpu - default: "500m" - description: "Artifactory member node initial cpu request" - type: string - label: Artifactory Member Node Initial CPU Request - - variable: artifactory.artifactory.node.resources.requests.memory - default: "2Gi" - description: "Artifactory member node initial memory request" - type: string - label: Artifactory Member Node Initial Memory Request - - variable: artifactory.artifactory.node.javaOpts.xms - default: "1g" - description: "Artifactory member node java Xms size" - type: string - label: Artifactory Member Node Java Xms Size - - variable: artifactory.artifactory.node.resources.limits.cpu - default: "2" - description: "Artifactory member node cpu limit" - type: string - label: Artifactory Member Node CPU Limit - - variable: artifactory.artifactory.node.resources.limits.memory - default: "4Gi" - description: "Artifactory member node memory limit" - type: string - label: Artifactory Member Node Memory Limit - - variable: artifactory.artifactory.node.javaOpts.xmx - default: "4g" - description: "Artifactory member node java Xmx size" - type: string - label: Artifactory Member Node Java Xmx Size - -# Internal Settings -- variable: installerInfo - default: '\{\"productId\": \"RancherHelm_artifactory-jcr/7.6.3\", \"features\": \[\{\"featureId\": \"Partner/ACC-007246\"\}\]\}' - type: string - group: "Internal Settings (Do not modify)" diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/requirements.lock b/charts/artifactory-jcr/artifactory-jcr/2.5.100/requirements.lock deleted file mode 100755 index 8191ebbac..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/requirements.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: artifactory - repository: https://charts.jfrog.io/ - version: 10.0.12 -digest: sha256:a201c886d1f8e9e58f2b0e1b55d7a03fc225f3774233f1f786523963c57bab33 -generated: "2020-07-29T16:48:47.031129463Z" diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/requirements.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/requirements.yaml deleted file mode 100755 index 1088ea3c0..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/requirements.yaml +++ /dev/null @@ -1,4 +0,0 @@ -dependencies: - - name: artifactory - version: 10.0.12 - repository: https://charts.jfrog.io/ diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/templates/NOTES.txt b/charts/artifactory-jcr/artifactory-jcr/2.5.100/templates/NOTES.txt deleted file mode 100755 index 035bf8417..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/templates/NOTES.txt +++ /dev/null @@ -1 +0,0 @@ -Congratulations. You have just deployed JFrog Container Registry! diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/values.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/values.yaml deleted file mode 100755 index ffa1b6045..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/2.5.100/values.yaml +++ /dev/null @@ -1,74 +0,0 @@ -# Default values for artifactory-jcr. -# This is a YAML-formatted file. - -# Beware when changing values here. You should know what you are doing! -# Access the values with {{ .Values.key.subkey }} - -# This chart is based on the main artifactory chart with some customizations. -# See all supported configuration keys in https://github.com/jfrog/charts/tree/master/stable/artifactory - -## All values are under the 'artifactory' sub chart. -artifactory: - - ## Artifactory - ## See full list of supported Artifactory options and documentation in artifactory chart: https://github.com/jfrog/charts/tree/master/stable/artifactory - artifactory: - ## Default version is from the artifactory sub-chart in the requirements.yaml - image: - repository: docker.bintray.io/jfrog/artifactory-jcr - # version: - - ## Uncomment the following resources definitions or pass them from command line - ## to control the cpu and memory resources allocated by the Kubernetes cluster - resources: {} - # requests: - # memory: "1Gi" - # cpu: "500m" - # limits: - # memory: "4Gi" - # cpu: "1" - ## The following Java options are passed to the java process running Artifactory. - ## You should set them according to the resources set above. - ## IMPORTANT: Make sure resources.limits.memory is at least 1G more than Xmx. - javaOpts: {} - # xms: "1g" - # xmx: "3g" - # other: "" - - installer: - platform: jcr-helm - - installerInfo: '{"productId": "Helm_artifactory-jcr/{{ .Chart.Version }}", "features": [ { "featureId": "Platform/{{ default "kubernetes" .Values.installer.platform }}"}]}' - ## Nginx - ## See full list of supported Nginx options and documentation in artifactory chart: https://github.com/jfrog/charts/tree/master/stable/artifactory - nginx: - enabled: true - tlsSecretName: "" - service: - type: LoadBalancer - - ## Ingress - ## See full list of supported Ingress options and documentation in artifactory chart: https://github.com/jfrog/charts/tree/master/stable/artifactory - ingress: - enabled: false - tls: - - ## PostgreSQL - ## See list of supported postgresql options and documentation in artifactory chart: https://github.com/jfrog/charts/tree/master/stable/artifactory - ## Configuration values for the PostgreSQL dependency sub-chart - ## ref: https://github.com/bitnami/charts/blob/master/bitnami/postgresql/README.md - postgresql: - enabled: true - - ## This key is required for upgrades to protect old PostgreSQL chart's breaking changes. - databaseUpgradeReady: "yes" - - ## If NOT using the PostgreSQL in this chart (artifactory.postgresql.enabled=false), - ## specify custom database details here or leave empty and Artifactory will use embedded derby. - ## See full list of database options and documentation in artifactory chart: https://github.com/jfrog/charts/tree/master/stable/artifactory - # database: - - -## Enable the PostgreSQL sub chart -postgresql: - enabled: true diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/CHANGELOG.md b/charts/artifactory-jcr/artifactory-jcr/3.4.0/CHANGELOG.md deleted file mode 100644 index f56a5d644..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/CHANGELOG.md +++ /dev/null @@ -1,151 +0,0 @@ -# JFrog Container Registry Chart Changelog -All changes to this chart will be documented in this file. - -## [3.4.0] - Jan 4, 2020 -* Update dependency Artifactory chart version to 11.7.4 (Artifactory 7.12.5) - -## [3.3.1] - Dec 1, 2020 -* Update dependency Artifactory chart version to 11.5.4 (Artifactory 7.11.5) - -## [3.3.0] - Nov 23, 2020 -* Update dependency Artifactory chart version to 11.5.2 (Artifactory 7.11.2) - -## [3.2.2] - Nov 9, 2020 -* Update dependency Artifactory chart version to 11.4.5 (Artifactory 7.10.6) - -## [3.2.1] - Nov 2, 2020 -* Update dependency Artifactory chart version to 11.4.4 (Artifactory 7.10.5) - -## [3.2.0] - Oct 19, 2020 -* Update dependency Artifactory chart version to 11.4.0 (Artifactory 7.10.2) - -## [3.1.0] - Sep 30, 2020 -* Update dependency Artifactory chart version to 11.1.0 (Artifactory 7.9.0) - -## [3.0.2] - Sep 23, 2020 -* Updates readme - -## [3.0.1] - Sep 15, 2020 -* Update dependency Artifactory chart version to 11.0.1 (Artifactory 7.7.8) - -## [3.0.0] - Sep 14, 2020 -* **Breaking change:** Added `image.registry` and changed `image.version` to `image.tag` for docker images -* Update dependency Artifactory chart version to 11.0.0 (Artifactory 7.7.3) - -## [2.5.1] - Jul 29, 2020 -* Update dependency Artifactory chart version to 10.0.12 (Artifactory 7.6.3) - -## [2.5.0] - Jul 10, 2020 -* Update dependency Artifactory chart version to 10.0.3 (Artifactory 7.6.2) -* **IMPORTANT** -* Added ChartCenter Helm repository in README - -## [2.4.0] - Jun 30, 2020 -* Update dependency Artifactory chart version to 9.6.0 (Artifactory 7.6.1) - -## [2.3.1] - Jun 12, 2020 -* Update dependency Artifactory chart version to 9.5.2 (Artifactory 7.5.7) - -## [2.3.0] - Jun 1, 2020 -* Update dependency Artifactory chart version to 9.5.0 (Artifactory 7.5.5) - -## [2.2.5] - May 27, 2020 -* Update dependency Artifactory chart version to 9.4.9 (Artifactory 7.4.3) - -## [2.2.4] - May 20, 2020 -* Update dependency Artifactory chart version to 9.4.6 (Artifactory 7.4.3) - -## [2.2.3] - May 07, 2020 -* Update dependency Artifactory chart version to 9.4.5 (Artifactory 7.4.3) -* Add `installerInfo` string format - -## [2.2.2] - Apr 28, 2020 -* Update dependency Artifactory chart version to 9.4.4 (Artifactory 7.4.3) - -## [2.2.1] - Apr 27, 2020 -* Update dependency Artifactory chart version to 9.4.3 (Artifactory 7.4.1) - -## [2.2.0] - Apr 14, 2020 -* Update dependency Artifactory chart version to 9.4.0 (Artifactory 7.4.1) - -## [2.2.0] - Apr 14, 2020 -* Update dependency Artifactory chart version to 9.4.0 (Artifactory 7.4.1) - -## [2.1.6] - Apr 13, 2020 -* Update dependency Artifactory chart version to 9.3.1 (Artifactory 7.3.2) - -## [2.1.5] - Apr 8, 2020 -* Update dependency Artifactory chart version to 9.2.8 (Artifactory 7.3.2) - -## [2.1.4] - Mar 30, 2020 -* Update dependency Artifactory chart version to 9.2.3 (Artifactory 7.3.2) - -## [2.1.3] - Mar 30, 2020 -* Update dependency Artifactory chart version to 9.2.1 (Artifactory 7.3.2) - -## [2.1.2] - Mar 26, 2020 -* Update dependency Artifactory chart version to 9.1.5 (Artifactory 7.3.2) - -## [2.1.1] - Mar 25, 2020 -* Update dependency Artifactory chart version to 9.1.4 (Artifactory 7.3.2) - -## [2.1.0] - Mar 23, 2020 -* Update dependency Artifactory chart version to 9.1.3 (Artifactory 7.3.2) - -## [2.0.13] - Mar 19, 2020 -* Update dependency Artifactory chart version to 9.0.28 (Artifactory 7.2.1) - -## [2.0.12] - Mar 17, 2020 -* Update dependency Artifactory chart version to 9.0.26 (Artifactory 7.2.1) - -## [2.0.11] - Mar 11, 2020 -* Unified charts public release - -## [2.0.10] - Mar 8, 2020 -* Update dependency Artifactory chart version to 9.0.20 (Artifactory 7.2.1) - -## [2.0.9] - Feb 26, 2020 -* Update dependency Artifactory chart version to 9.0.15 (Artifactory 7.2.1) - -## [2.0.0] - Feb 12, 2020 -* Update dependency Artifactory chart version to 9.0.0 (Artifactory 7.0.0) - -## [1.1.0] - Jan 19, 2020 -* Update dependency Artifactory chart version to 8.4.1 (Artifactory 6.17.0) - -## [1.1.1] - Feb 3, 2020 -* Update dependency Artifactory chart version to 8.4.4 - -## [1.1.0] - Jan 19, 2020 -* Update dependency Artifactory chart version to 8.4.1 (Artifactory 6.17.0) - -## [1.0.1] - Dec 31, 2019 -* Update dependency Artifactory chart version to 8.3.5 - -## [1.0.0] - Dec 23, 2019 -* Update dependency Artifactory chart version to 8.3.3 - -## [0.2.1] - Dec 12, 2019 -* Update dependency Artifactory chart version to 8.3.1 - -## [0.2.0] - Dec 1, 2019 -* Updated Artifactory version to 6.16.0 - -## [0.1.5] - Nov 28, 2019 -* Update dependency Artifactory chart version to 8.2.6 - -## [0.1.4] - Nov 20, 2019 -* Update Readme - -## [0.1.3] - Nov 20, 2019 -* Fix JCR logo url -* Update dependency to Artifactory 8.2.2 chart - -## [0.1.2] - Nov 20, 2019 -* Update JCR logo - -## [0.1.1] - Nov 20, 2019 -* Add `appVersion` to Chart.yaml - -## [0.1.0] - Nov 20, 2019 -* Initial release of the JFrog Container Registry helm chart diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/Chart.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.0/Chart.yaml deleted file mode 100644 index f92c6559c..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/Chart.yaml +++ /dev/null @@ -1,22 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: artifactory-jcr -apiVersion: v1 -appVersion: 7.12.5 -description: JFrog Container Registry -home: https://jfrog.com/container-registry/ -icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory-jcr/logo/jcr-logo.png -keywords: -- artifactory -- jfrog -- container -- registry -- devops -- jfrog-container-registry -maintainers: -- email: helm@jfrog.com - name: Chart Maintainers at JFrog -name: artifactory-jcr -sources: -- https://github.com/jfrog/charts -version: 3.4.0 diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/LICENSE b/charts/artifactory-jcr/artifactory-jcr/3.4.0/LICENSE deleted file mode 100644 index 8dada3eda..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/LICENSE +++ /dev/null @@ -1,201 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "{}" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright {yyyy} {name of copyright owner} - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/README.md b/charts/artifactory-jcr/artifactory-jcr/3.4.0/README.md deleted file mode 100644 index f573c93fe..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/README.md +++ /dev/null @@ -1,131 +0,0 @@ -# JFrog Container Registry Helm Chart - -JFrog Container Registry is a free Artifactory edition with Docker and Helm repositories support. - -**Heads up: Our Helm Chart docs are moving to our main documentation site. For Artifactory installers, see [Installing Artifactory](https://www.jfrog.com/confluence/display/JFROG/Installing+Artifactory).** - -## Prerequisites Details - -* Kubernetes 1.12+ - -## Chart Details -This chart will do the following: - -* Deploy JFrog Container Registry -* Deploy an optional Nginx server -* Deploy an optional PostgreSQL Database -* Optionally expose Artifactory with Ingress [Ingress documentation](https://kubernetes.io/docs/concepts/services-networking/ingress/) - -## Installing the Chart - -### Add ChartCenter Helm repository - -Before installing JFrog helm charts, you need to add the [ChartCenter helm repository](https://chartcenter.io) to your helm client. - -```bash -helm repo add center https://repo.chartcenter.io -helm repo update -``` - -### Install Chart -To install the chart with the release name `jfrog-container-registry`: -```bash -helm upgrade --install jfrog-container-registry --set artifactory.postgresql.postgresqlPassword= --namespace artifactory-jcr center/jfrog/artifactory-jcr -``` - -### Accessing JFrog Container Registry -**NOTE:** If using artifactory or nginx service type `LoadBalancer`, it might take a few minutes for JFrog Container Registry's public IP to become available. - -### Updating JFrog Container Registry -Once you have a new chart version, you can upgrade your deployment with -```bash -helm upgrade jfrog-container-registry center/jfrog/artifactory-jcr -``` - -### Special Upgrade Notes -#### Artifactory upgrade from 6.x to 7.x (App Version) -Arifactory 6.x to 7.x upgrade requires a one time migration process. This is done automatically on pod startup if needed. -It's possible to configure the migration timeout with the following configuration in extreme cases. The provided default should be more than enough for completion of the migration. -```yaml -artifactory: - artifactory: - # Migration support from 6.x to 7.x - migration: - enabled: true - timeoutSeconds: 3600 -``` -* Note: If you are upgrading from 1.x to 3.x and above chart versions, please delete the existing statefulset of postgresql before upgrading the chart due to breaking changes in postgresql subchart. -```bash -kubectl delete statefulsets -postgresql -``` -* For more details about artifactory chart upgrades refer [here](https://github.com/jfrog/charts/blob/master/stable/artifactory/UPGRADE_NOTES.md) - -### Deleting JFrog Container Registry - -On helm v2: -```bash -helm delete --purge jfrog-container-registry -``` - -On helm v3: -```bash -helm delete jfrog-container-registry --namespace artifactory-jcr -``` - -This will delete your JFrog Container Registry deployment.
-**NOTE:** You might have left behind persistent volumes. You should explicitly delete them with -```bash -kubectl delete pvc ... -kubectl delete pv ... -``` - -## Database -The JFrog Container Registry chart comes with PostgreSQL deployed by default.
-For details on the PostgreSQL configuration or customising the database, Look at the options described in the [Artifactory helm chart](https://github.com/jfrog/charts/tree/master/stable/artifactory). - -### Ingress and TLS -To get Helm to create an ingress object with a hostname, add these two lines to your Helm command: -```bash -helm upgrade --install jfrog-container-registry \ - --set artifactory.nginx.enabled=false \ - --set artifactory.ingress.enabled=true \ - --set artifactory.ingress.hosts[0]="artifactory.company.com" \ - --set artifactory.artifactory.service.type=NodePort \ - --namespace artifactory-jcr center/jfrog/artifactory-jcr -``` - -To manually configure TLS, first create/retrieve a key & certificate pair for the address(es) you wish to protect. Then create a TLS secret in the namespace: - -```bash -kubectl create secret tls artifactory-tls --cert=path/to/tls.cert --key=path/to/tls.key -``` - -Include the secret's name, along with the desired hostnames, in the Artifactory Ingress TLS section of your custom `values.yaml` file: - -```yaml -artifactory: - artifactory: - ingress: - ## If true, Artifactory Ingress will be created - ## - enabled: true - - ## Artifactory Ingress hostnames - ## Must be provided if Ingress is enabled - ## - hosts: - - jfrog-container-registry.domain.com - annotations: - kubernetes.io/tls-acme: "true" - ## Artifactory Ingress TLS configuration - ## Secrets must be manually created in the namespace - ## - tls: - - secretName: artifactory-tls - hosts: - - jfrog-container-registry.domain.com -``` - -## Useful links -https://www.jfrog.com -https://www.jfrog.com/confluence/ diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/app-readme.md b/charts/artifactory-jcr/artifactory-jcr/3.4.0/app-readme.md deleted file mode 100644 index 9d9b7d85f..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/app-readme.md +++ /dev/null @@ -1,18 +0,0 @@ -# JFrog Container Registry Helm Chart - -Universal Repository Manager supporting all major packaging formats, build tools and CI servers. - -## Chart Details -This chart will do the following: - -* Deploy JFrog Container Registry -* Deploy an optional Nginx server -* Optionally expose Artifactory with Ingress [Ingress documentation](https://kubernetes.io/docs/concepts/services-networking/ingress/) - - -## Useful links -Blog: [Herd Trust Into Your Rancher Labs Multi-Cloud Strategy with Artifactory](https://jfrog.com/blog/herd-trust-into-your-rancher-labs-multi-cloud-strategy-with-artifactory/) - -## Activate Your Artifactory Instance -Don't have a license? Please send an email to [rancher-jfrog-licenses@jfrog.com](mailto:rancher-jfrog-licenses@jfrog.com) to get it. - diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/.helmignore b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/.helmignore deleted file mode 100644 index c7eb1e274..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -OWNERS \ No newline at end of file diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/CHANGELOG.md b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/CHANGELOG.md deleted file mode 100644 index 9a35fa0e6..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/CHANGELOG.md +++ /dev/null @@ -1,905 +0,0 @@ -# JFrog Artifactory Chart Changelog -All changes to this chart will be documented in this file. - -## [11.7.4] - Jan 04, 2020 -* Fixed gid support for statefulset - -## [11.7.3] - Dec 31, 2020 -* Added gid support for statefulset -* Add setSecurityContext flag to allow securityContext block to be removed from artifactory statefulset - -## [11.7.2] - Dec 29, 2020 -* **Important:** Removed `.Values.metrics` and `.Values.fluentd` (Fluentd and Prometheus integrations) -* Add support for creating additional kubernetes resources - [refer here](https://github.com/jfrog/log-analytics-prometheus/blob/master/artifactory-values.yaml) -* Updated Artifactory version to 7.12.5 - -## [11.7.1] - Dec 21, 2020 -* Updated Artifactory version to 7.12.3 - -## [11.7.0] - Dec 18, 2020 -* Updated Artifactory version to 7.12.2 -* Added `.Values.artifactory.openMetrics.enabled` - -## [11.6.1] - Dec 11, 2020 -* Added configurable `.Values.global.versions.artifactory` in values.yaml - -## [11.6.0] - Dec 10, 2020 -* Update postgresql tag version to `12.5.0-debian-10-r25` -* Fixed `artifactory.persistence.googleStorage.endpoint` from `storage.googleapis.com` to `commondatastorage.googleapis.com` -* Updated chart maintainers email - -## [11.5.5] - Dec 4, 2020 -* **Important:** Renamed `.Values.systemYaml` to `.Values.systemYamlOverride` - -## [11.5.4] - Dec 1, 2020 -* Improve error message returned when attempting helm upgrade command - -## [11.5.3] - Nov 30, 2020 -* Updated Artifactory version to 7.11.5 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.11) - -## [11.5.2] - Nov 23, 2020 -* Updated Artifactory version to 7.11.2 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.11) -* Updated port namings on services and pods to allow for istio protocol discovery -* Change semverCompare checks to support hosted Kubernetes -* Add flag to disable creation of ServiceMonitor when enabling prometheus metrics -* Prevent the PostHook command to be executed if the user did not specify a command in the values file -* Fix issue with tls file generation when nginx.https.enabled is false - -## [11.5.1] - Nov 19, 2020 -* Updated Artifactory version to 7.11.2 -* Bugfix - access.config.import.xml override Access Federation configurations - -## [11.5.0] - Nov 17, 2020 -* Updated Artifactory version to 7.11.1 -* Update alpine tag version to `3.12.1` - -## [11.4.6] - Nov 10, 2020 -* Pass system.yaml via external secret for advanced usecases -* Added support for custom ingress -* Bugfix - stateful set not picking up changes to database secrets - -## [11.4.5] - Nov 9, 2020 -* Updated Artifactory version to 7.10.6 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.10.6) - -## [11.4.4] - Nov 2, 2020 -* Add enablePathStyleAccess property for aws-s3-v3 binary provider template - -## [11.4.3] - Nov 2, 2020 -* Updated Artifactory version to 7.10.5 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.10.5) - -## [11.4.2] - Oct 22, 2020 -* Chown bug fix where Linux capability cannot chown all files causing log line warnings -* Fix Frontend timeout linting issue - -## [11.4.1] - Oct 20, 2020 -* Add flag to disable prepare-custom-persistent-volume init container - -## [11.4.0] - Oct 19, 2020 -* Updated Artifactory version to 7.10.2 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.10.2) - -## [11.3.2] - Oct 15, 2020 -* Add support to specify priorityClassName for nginx deployment - -## [11.3.1] - Oct 9, 2020 -* Add support for customInitContainersBegin - -## [11.3.0] - Oct 7, 2020 -* Updated Artifactory version to 7.9.1 -* **Breaking change:** Fix `storageClass` to correct `storageClassName` in values.yaml - -## [11.2.0] - Oct 5, 2020 -* Expose Prometheus metrics via a ServiceMonitor -* Parse log files for metric data with Fluentd - -## [11.1.0] - Sep 30, 2020 -* Updated Artifactory version to 7.9.0 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.9) -* Added support for resources in init container - -## [11.0.11] - Sep 25, 2020 -* Update to use linux capability CAP_CHOWN instead of root base init container to avoid any use of root containers to pass Redhat security requirements - -## [11.0.10] - Sep 28, 2020 -* Setting chart coordinates in migitation yaml - -## [11.0.9] - Sep 25, 2020 -* Update filebeat version to `7.9.2` - -## [11.0.8] - Sep 24, 2020 -* Fixed broken issue - when setting `waitForDatabase: false` container startup still waits for DB - -## [11.0.7] - Sep 22, 2020 -* Readme updates - -## [11.0.6] - Sep 22, 2020 -* Fix lint issue in migitation yaml - -## [11.0.5] - Sep 22, 2020 -* Fix broken migitation yaml - -## [11.0.4] - Sep 21, 2020 -* Added mitigation yaml for Artifactory - [More info](https://github.com/jfrog/chartcenter/blob/master/docs/securitymitigationspec.md) - -## [11.0.3] - Sep 17, 2020 -* Added configurable session(UI) timeout in frontend microservice - -## [11.0.2] - Sep 17, 2020 -* Added proper required text to be shown while postgres upgrades - -## [11.0.1] - Sep 14, 2020 -* Updated Artifactory version to 7.7.8 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.7.8) - -## [11.0.0] - Sep 2, 2020 -* **Breaking change:** Changed `imagePullSecrets`values from string to list. -* **Breaking change:** Added `image.registry` and changed `image.version` to `image.tag` for docker images -* Added support for global values -* Updated maintainers in chart.yaml -* Update postgresql tag version to `12.3.0-debian-10-r71` -* Update postgresql chart version to `9.3.4` in requirements.yaml - [9.x Upgrade Notes](https://github.com/bitnami/charts/tree/master/bitnami/postgresql#900) -* **IMPORTANT** -* If this is a new deployment or you already use an external database (`postgresql.enabled=false`), these changes **do not affect you**! -* If this is an upgrade and you are using the default PostgreSQL (`postgresql.enabled=true`), you need to pass previous 9.x/10.x's postgresql.image.tag and databaseUpgradeReady=true - -## [10.1.0] - Aug 13, 2020 -* Updated Artifactory version to 7.7.3 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.7) - -## [10.0.15] - Aug 10, 2020 -* Added enableSignedUrlRedirect for persistent storage type aws-s3-v3. - -## [10.0.14] - Jul 31, 2020 -* Update the README section on Nginx SSL termination to reflect the actual YAML structure. - -## [10.0.13] - Jul 30, 2020 -* Added condition to disable the migration scripts. - -## [10.0.12] - Jul 28, 2020 -* Document Artifactory node affinity. - -## [10.0.11] - Jul 28, 2020 -* Added maxConnections for persistent storage type aws-s3-v3. - -## [10.0.10] - Jul 28, 2020 -* Bugfix / support for userPluginSecrets with Artifactory 7 - -## [10.0.9] - Jul 27, 2020 -* Add tpl to external database secrets -* Modified `scheme` to `artifactory.scheme` - -## [10.0.8] - Jul 23, 2020 -* Added condition to disable the migration init container. - -## [10.0.7] - Jul 21, 2020 -* Updated Artifactory Chart to add node and primary labels to pods and service objects. - -## [10.0.6] - Jul 20, 2020 -* Support custom CA and certificates - -## [10.0.5] - Jul 13, 2020 -* Updated Artifactory version to 7.6.3 - https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.6.3 -* Fixed Mysql database jar path in `preStartCommand` in README - -## [10.0.4] - Jul 10, 2020 -* Move some postgresql values to where they should be according to the subchart - -## [10.0.3] - Jul 8, 2020 -* Set Artifactory access client connections to the same value as the access threads - -## [10.0.2] - Jul 6, 2020 -* Updated Artifactory version to 7.6.2 -* **IMPORTANT** -* Added ChartCenter Helm repository in README - -## [10.0.1] - Jul 01, 2020 -* Add dedicated ingress object for Replicator service when enabled - -## [10.0.0] - Jun 30, 2020 -* Update postgresql tag version to `10.13.0-debian-10-r38` -* Update alpine tag version to `3.12` -* Update busybox tag version to `1.31.1` -* **IMPORTANT** -* If this is a new deployment or you already use an external database (`postgresql.enabled=false`), these changes **do not affect you**! -* If this is an upgrade and you are using the default PostgreSQL (`postgresql.enabled=true`), you need to pass postgresql.image.tag=9.6.18-debian-10-r7 and databaseUpgradeReady=true - -## [9.6.0] - Jun 29, 2020 -* Updated Artifactory version to 7.6.1 - https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.6.1 -* Add tpl for external database secrets - -## [9.5.5] - Jun 25, 2020 -* Stop loading the Nginx stream module because it is now a core module - -## [9.5.4] - Jun 25, 2020 -* Notes.txt update - add --namespace parameter - -## [9.5.3] - Jun 11, 2020 -* Support list of custom secrets - -## [9.5.2] - Jun 12, 2020 -* Updated Artifactory version to 7.5.7 - https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.5.7 - -## [9.5.1] - Jun 8, 2020 -* Readme update - configuring Artifactory with oracledb - -## [9.5.0] - Jun 1, 2020 -* Updated Artifactory version to 7.5.5 - https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.5 -* Fixes bootstrap configMap permission issue -* Update postgresql tag version to `9.6.18-debian-10-r7` - -## [9.4.9] - May 27, 2020 -* Added Tomcat maxThreads & acceptCount - -## [9.4.8] - May 25, 2020 -* Fixed postgresql README `image` Parameters - -## [9.4.7] - May 24, 2020 -* Fixed typo in README regarding migration timeout - -## [9.4.6] - May 19, 2020 -* Added metadata maxOpenConnections - -## [9.4.5] - May 07, 2020 -* Fix `installerInfo` string format - -## [9.4.4] - Apr 27, 2020 -* Updated Artifactory version to 7.4.3 - -## [9.4.3] - Apr 26, 2020 -* Change order of the customInitContainers to run before the "migration-artifactory" initContainer. - -## [9.4.2] - Apr 24, 2020 -* Fix `artifactory.persistence.awsS3V3.useInstanceCredentials` incorrect conditional logic -* Bump postgresql tag version to `9.6.17-debian-10-r72` in values.yaml - -## [9.4.1] - Apr 16, 2020 -* Custom volumes in migration init container. - -## [9.4.0] - Apr 14, 2020 -* Updated Artifactory version to 7.4.1 - -## [9.3.1] - April 13, 2020 -* Update README with helm v3 commands - -## [9.3.0] - April 10, 2020 -* Use dependency charts from `https://charts.bitnami.com/bitnami` -* Bump postgresql chart version to `8.7.3` in requirements.yaml -* Bump postgresql tag version to `9.6.17-debian-10-r21` in values.yaml - -## [9.2.9] - Apr 8, 2020 -* Added recommended ingress annotation to avoid 413 errors - -## [9.2.8] - Apr 8, 2020 -* Moved migration scripts under `files` directory -* Support preStartCommand in migration Init container as `artifactory.migration.preStartCommand` - -## [9.2.7] - Apr 6, 2020 -* Fix cache size (should be 5gb instead of 50gb since volume claim is only 20gb). - -## [9.2.6] - Apr 1, 2020 -* Support masterKey and joinKey as secrets - -## [9.2.5] - Apr 1, 2020 -* Fix readme use to `-hex 32` instead of `-hex 16` - -## [9.2.4] - Mar 31, 2020 -* Change the way the artifactory `command:` is set so it will properly pass a SIGTERM to java - -## [9.2.3] - Mar 29, 2020 -* Add Nginx log options: stderr as logfile and log level - -## [9.2.2] - Mar 30, 2020 -* Use the same defaulting mechanism used for the artifactory version used elsewhere in the chart - -## [9.2.1] - Mar 29, 2020 -* Fix loggers sidecars configurations to support new file system layout and new log names - -## [9.2.0] - Mar 29, 2020 -* Fix broken admin user bootstrap configuration -* **Breaking change:** renamed `artifactory.accessAdmin` to `artifactory.admin` - -## [9.1.5] - Mar 26, 2020 -* Fix volumeClaimTemplate issue - -## [9.1.4] - Mar 25, 2020 -* Fix volume name used by filebeat container - -## [9.1.3] - Mar 24, 2020 -* Use `postgresqlExtendedConf` for setting custom PostgreSQL configuration (instead of `postgresqlConfiguration`) - -## [9.1.2] - Mar 22, 2020 -* Support for SSL offload in Nginx service(LoadBalancer) layer. Introduced `nginx.service.ssloffload` field with boolean type. - -## [9.1.1] - Mar 23, 2020 -* Moved installer info to values.yaml so it is fully customizable - -## [9.1.0] - Mar 23, 2020 -* Updated Artifactory version to 7.3.2 - -## [9.0.29] - Mar 20, 2020 -* Add support for masterKey trim during 6.x to 7.x migration if 6.x masterKey is 32 hex (64 characters) - -## [9.0.28] - Mar 18, 2020 -* Increased Nginx proxy_buffers size - -## [9.0.27] - Mar 17, 2020 -* Changed all single quotes to double quotes in values files -* useInstanceCredentials variable was declared in S3 settings but not used in chart. Now it is being used. - -## [9.0.26] - Mar 17, 2020 -* Fix rendering of Service Account annotations - -## [9.0.25] - Mar 16, 2020 -* Update Artifactory readme with extra ingress annotations needed for Artifactory to be set as SSO provider - -## [9.0.24] - Mar 16, 2020 -* Add Unsupported message from 6.18 to 7.2.x (migration) - -## [9.0.23] - Mar 12, 2020 -* Fix README.md rendering issue - -## [9.0.22] - Mar 11, 2020 -* Upgrade Docs update - -## [9.0.21] - Mar 11, 2020 -* Unified charts public release - -## [9.0.20] - Mar 6, 2020 -* Fix path to `/artifactory_bootstrap` -* Add support for controlling the name of the ingress and allow to set more than one cname - -## [9.0.19] - Mar 4, 2020 -* Add support for disabling `consoleLog` in `system.yaml` file - -## [9.0.18] - Feb 28, 2020 -* Add support to process `valueFrom` for extraEnvironmentVariables - -## [9.0.17] - Feb 26, 2020 -* Fix join key secret naming - -## [9.0.16] - Feb 26, 2020 -* Store join key to secret - -## [9.0.15] - Feb 26, 2020 -* Updated Artifactory version to 7.2.1 - -## [9.0.10] - Feb 07, 2020 -* Remove protection flag `databaseUpgradeReady` which was added to check internal postgres upgrade - -## [9.0.0] - Feb 07, 2020 -* Updated Artifactory version to 7.0.0 - -## [8.4.8] - Feb 13, 2020 -* Add support for SSH authentication to Artifactory - -## [8.4.7] - Feb 11, 2020 -* Change Artifactory service port name to be hard-coded to `http` instead of using `{{ .Release.Name }}` - -## [8.4.6] - Feb 9, 2020 -* Add support for `tpl` in the `postStartCommand` - -## [8.4.5] - Feb 4, 2020 -* Support customisable Nginx kind - -## [8.4.4] - Feb 2, 2020 -* Add a comment stating that it is recommended to use an external PostgreSQL with a static password for production installations - -## [8.4.3] - Jan 30, 2020 -* Add the option to configure resources for the logger containers - -## [8.4.2] - Jan 26, 2020 -* Improve `database.user` and `database.password` logic in order to support more use cases and make the configuration less repetitive - -## [8.4.1] - Jan 19, 2020 -* Fix replicator port config in nginx replicator configmap - -## [8.4.0] - Jan 19, 2020 -* Updated Artifactory version to 6.17.0 - -## [8.3.6] - Jan 16, 2020 -* Added example for external nginx-ingress - -## [8.3.5] - Dec 30, 2019 -* Fix for nginx probes failing when launched with http disabled - -## [8.3.4] - Dec 24, 2019 -* Better support for custom `artifactory.internalPort` - -## [8.3.3] - Dec 23, 2019 -* Mark empty map values with `{}` - -## [8.3.2] - Dec 16, 2019 -* Fix for toggling nginx service ports - -## [8.3.1] - Dec 12, 2019 -* Add support for toggling nginx service ports - -## [8.3.0] - Dec 1, 2019 -* Updated Artifactory version to 6.16.0 - -## [8.2.6] - Nov 28, 2019 -* Add support for using existing PriorityClass - -## [8.2.5] - Nov 27, 2019 -* Add support for PriorityClass - -## [8.2.4] - Nov 21, 2019 -* Add an option to use a file system cache-fs with the file-system binarystore template - -## [8.2.3] - Nov 20, 2019 -* Update Artifactory Readme - -## [8.2.2] - Nov 20, 2019 -* Update Artfactory logo - -## [8.2.1] - Nov 18, 2019 -* Add the option to provide service account annotations (in order to support stuff like https://docs.aws.amazon.com/eks/latest/userguide/specify-service-account-role.html) - -## [8.2.0] - Nov 18, 2019 -* Updated Artifactory version to 6.15.0 - -## [8.1.11] - Nov 17, 2019 -* Do not provide a default master key. Allow it to be auto generated by Artifactory on first startup - -## [8.1.10] - Nov 17, 2019 -* Fix creation of double slash in nginx artifactory configuration - -## [8.1.9] - Nov 14, 2019 -* Set explicit `postgresql.postgresqlPassword=""` to avoid helm v3 error - -## [8.1.8] - Nov 12, 2019 -* Updated Artifactory version to 6.14.1 - -## [8.1.7] - Nov 9, 2019 -* Additional documentation for masterKey - -## [8.1.6] - Nov 10, 2019 -* Update PostgreSQL chart version to 7.0.1 -* Use formal PostgreSQL configuration format - -## [8.1.5] - Nov 8, 2019 -* Add support `artifactory.service.loadBalancerSourceRanges` for whitelisting when setting `artifactory.service.type=LoadBalancer` - -## [8.1.4] - Nov 6, 2019 -* Add support for any type of environment variable by using `extraEnvironmentVariables` as-is - -## [8.1.3] - Nov 6, 2019 -* Add nodeselector support for Postgresql - -## [8.1.2] - Nov 5, 2019 -* Add support for the aws-s3-v3 filestore, which adds support for pod IAM roles - -## [8.1.1] - Nov 4, 2019 -* When using `copyOnEveryStartup`, make sure that the target base directories are created before copying the files - -## [8.1.0] - Nov 3, 2019 -* Updated Artifactory version to 6.14.0 - -## [8.0.1] - Nov 3, 2019 -* Make sure the artifactory pod exits when one of the pre-start stages fail - -## [8.0.0] - Oct 27, 2019 -**IMPORTANT - BREAKING CHANGES!**
-**DOWNTIME MIGHT BE REQUIRED FOR AN UPGRADE!** -* If this is a new deployment or you already use an external database (`postgresql.enabled=false`), these changes **do not affect you**! -* If this is an upgrade and you are using the default PostgreSQL (`postgresql.enabled=true`), must use the upgrade instructions in [UPGRADE_NOTES.md](UPGRADE_NOTES.md)! -* PostgreSQL sub chart was upgraded to version `6.5.x`. This version is **not backward compatible** with the old version (`0.9.5`)! -* Note the following **PostgreSQL** Helm chart changes - * The chart configuration has changed! See [values.yaml](values.yaml) for the new keys used - * **PostgreSQL** is deployed as a StatefulSet - * See [PostgreSQL helm chart](https://hub.helm.sh/charts/stable/postgresql) for all available configurations - -## [7.18.3] - Oct 24, 2019 -* Change the preStartCommand to support templating - -## [7.18.2] - Oct 21, 2019 -* Add support for setting `artifactory.labels` -* Add support for setting `nginx.labels` - -## [7.18.1] - Oct 10, 2019 -* Updated Artifactory version to 6.13.1 - -## [7.18.0] - Oct 7, 2019 -* Updated Artifactory version to 6.13.0 - -## [7.17.5] - Sep 24, 2019 -* Option to skip wait-for-db init container with '--set waitForDatabase=false' - -## [7.17.4] - Sep 11, 2019 -* Updated Artifactory version to 6.12.2 - -## [7.17.3] - Sep 9, 2019 -* Updated Artifactory version to 6.12.1 - -## [7.17.2] - Aug 22, 2019 -* Fix the nginx server_name directive used with ingress.hosts - -## [7.17.1] - Aug 21, 2019 -* Enable the Artifactory container's liveness and readiness probes - -## [7.17.0] - Aug 21, 2019 -* Updated Artifactory version to 6.12.0 - -## [7.16.11] - Aug 14, 2019 -* Updated Artifactory version to 6.11.6 - -## [7.16.10] - Aug 11, 2019 -* Fix Ingress routing and add an example - -## [7.16.9] - Aug 5, 2019 -* Do not mount `access/etc/bootstrap.creds` unless user specifies a custom password or secret (Access already generates a random password if not provided one) -* If custom `bootstrap.creds` is provided (using keys or custom secret), prepare it with an init container so the temp file does not persist - -## [7.16.8] - Aug 4, 2019 -* Improve binarystore config - 1. Convert to a secret - 2. Move config to values.yaml - 3. Support an external secret - -## [7.16.7] - Jul 29, 2019 -* Don't create the nginx configmaps when nginx.enabled is false - -## [7.16.6] - Jul 24, 2019 -* Simplify nginx setup and shorten initial wait for probes - -## [7.16.5] - Jul 22, 2019 -* Change Ingress API to be compatible with recent kubernetes versions - -## [7.16.4] - Jul 22, 2019 -* Updated Artifactory version to 6.11.3 - -## [7.16.3] - Jul 11, 2019 -* Add ingress.hosts to the Nginx server_name directive when ingress is enabled to help with Docker repository sub domain configuration - -## [7.16.2] - Jul 3, 2019 -* Fix values key in reverse proxy example - -## [7.16.1] - Jul 1, 2019 -* Updated Artifactory version to 6.11.1 - -## [7.16.0] - Jun 27, 2019 -* Update Artifactory version to 6.11 and add restart to Artifactory when bootstrap.creds file has been modified - -## [7.15.8] - Jun 27, 2019 -* Add the option for changing nginx config using values.yaml and remove outdated reverse proxy documentation - -## [7.15.6] - Jun 24, 2019 -* Update chart maintainers - -## [7.15.5] - Jun 24, 2019 -* Change Nginx to point to the artifactory externalPort - -## [7.15.4] - Jun 23, 2019 -* Add the option to provide an IP for the access-admin endpoints - -## [7.15.3] - Jun 23, 2019 -* Add values files for small, medium and large installations - -## [7.15.2] - Jun 20, 2019 -* Add missing terminationGracePeriodSeconds to values.yaml - -## [7.15.1] - Jun 19, 2019 -* Updated Artifactory version to 6.10.4 - -## [7.15.0] - Jun 17, 2019 -* Use configmaps for nginx configuration and remove nginx postStart command - -## [7.14.8] - Jun 18, 2019 -* Add the option to provide additional ingress rules - -## [7.14.7] - Jun 14, 2019 -* Updated readme with improved external database setup example - -## [7.14.6] - Jun 11, 2019 -* Updated Artifactory version to 6.10.3 -* Updated installer-info template - -## [7.14.5] - Jun 6, 2019 -* Updated Google Cloud Storage API URL and https settings - -## [7.14.4] - Jun 5, 2019 -* Delete the db.properties file on Artifactory startup - -## [7.14.3] - Jun 3, 2019 -* Updated Artifactory version to 6.10.2 - -## [7.14.2] - May 21, 2019 -* Updated Artifactory version to 6.10.1 - -## [7.14.1] - May 19, 2019 -* Fix missing logger image tag - -## [7.14.0] - May 7, 2019 -* Updated Artifactory version to 6.10.0 - -## [7.13.21] - May 5, 2019 -* Add support for setting `artifactory.async.corePoolSize` - -## [7.13.20] - May 2, 2019 -* Remove unused property `artifactory.releasebundle.feature.enabled` - -## [7.13.19] - May 1, 2019 -* Fix indentation issue with the replicator system property - -## [7.13.18] - Apr 30, 2019 -* Add support for JMX monitoring - -## [7.13.17] - Apr 25, 2019 -* Added support for `cacheProviderDir` - -## [7.13.16] - Apr 18, 2019 -* Changing API StatefulSet version to `v1` and permission fix for custom `artifactory.conf` for Nginx - -## [7.13.15] - Apr 16, 2019 -* Updated documentation for Reverse Proxy Configuration - -## [7.13.14] - Apr 15, 2019 -* Added support for `customVolumeMounts` - -## [7.13.13] - Aprl 12, 2019 -* Added support for `bucketExists` flag for googleStorage - -## [7.13.12] - Apr 11, 2019 -* Replace `curl` examples with `wget` due to the new base image - -## [7.13.11] - Aprl 07, 2019 -* Add support for providing the Artifactory license as a parameter - -## [7.13.10] - Apr 10, 2019 -* Updated Artifactory version to 6.9.1 - -## [7.13.9] - Aprl 04, 2019 -* Add support for templated extraEnvironmentVariables - -## [7.13.8] - Aprl 07, 2019 -* Change network policy API group - -## [7.13.7] - Aprl 04, 2019 -* Bugfix for userPluginSecrets - -## [7.13.6] - Apr 4, 2019 -* Add information about upgrading Artifactory with auto-generated postgres password - -## [7.13.5] - Aprl 03, 2019 -* Added installer info - -## [7.13.4] - Aprl 03, 2019 -* Allow secret names for user plugins to contain template language - -## [7.13.3] - Apr 02, 2019 -* Allow NetworkPolicy configurations (defaults to allow all) - -## [7.13.2] - Aprl 01, 2019 -* Add support for user plugin secret - -## [7.13.1] - Mar 27, 2019 -* Add the option to copy a list of files to ARTIFACTORY_HOME on startup - -## [7.13.0] - Mar 26, 2019 -* Updated Artifactory version to 6.9.0 - -## [7.12.18] - Mar 25, 2019 -* Add CI tests for persistence, ingress support and nginx - -## [7.12.17] - Mar 22, 2019 -* Add the option to change the default access-admin password - -## [7.12.16] - Mar 22, 2019 -* Added support for `.Probe.path` to customise the paths used for health probes - -## [7.12.15] - Mar 21, 2019 -* Added support for `artifactory.customSidecarContainers` to create custom sidecar containers -* Added support for `artifactory.customVolumes` to create custom volumes - -## [7.12.14] - Mar 21, 2019 -* Make ingress path configurable - -## [7.12.13] - Mar 19, 2019 -* Move the copy of bootstrap config from postStart to preStart - -## [7.12.12] - Mar 19, 2019 -* Fix existingClaim example - -## [7.12.11] - Mar 18, 2019 -* Add information about nginx persistence - -## [7.12.10] - Mar 15, 2019 -* Wait for nginx configuration file before using it - -## [7.12.9] - Mar 15, 2019 -* Revert securityContext changes since they were causing issues - -## [7.12.8] - Mar 15, 2019 -* Fix issue #247 (init container failing to run) - -## [7.12.7] - Mar 14, 2019 -* Updated Artifactory version to 6.8.7 -* Add support for Artifactory-CE for C++ - -## [7.12.6] - Mar 13, 2019 -* Move securityContext to container level - -## [7.12.5] - Mar 11, 2019 -* Updated Artifactory version to 6.8.6 - -## [7.12.4] - Mar 8, 2019 -* Fix existingClaim option - -## [7.12.3] - Mar 5, 2019 -* Updated Artifactory version to 6.8.4 - -## [7.12.2] - Mar 4, 2019 -* Add support for catalina logs sidecars - -## [7.12.1] - Feb 27, 2019 -* Updated Artifactory version to 6.8.3 - -## [7.12.0] - Feb 25, 2019 -* Add nginx support for tail sidecars - -## [7.11.1] - Feb 20, 2019 -* Added support for enterprise storage - -## [7.10.2] - Feb 19, 2019 -* Updated Artifactory version to 6.8.2 - -## [7.10.1] - Feb 17, 2019 -* Updated Artifactory version to 6.8.1 -* Add example of `SERVER_XML_EXTRA_CONNECTOR` usage - -## [7.10.0] - Feb 15, 2019 -* Updated Artifactory version to 6.8.0 - -## [7.9.6] - Feb 13, 2019 -* Updated Artifactory version to 6.7.3 - -## [7.9.5] - Feb 12, 2019 -* Add support for tail sidecars to view logs from k8s api - -## [7.9.4] - Feb 6, 2019 -* Fix support for customizing statefulset `terminationGracePeriodSeconds` - -## [7.9.3] - Feb 5, 2019 -* Add instructions on how to deploy Artifactory with embedded Derby database - -## [7.9.2] - Feb 5, 2019 -* Add support for customizing statefulset `terminationGracePeriodSeconds` - -## [7.9.1] - Feb 3, 2019 -* Updated Artifactory version to 6.7.2 - -## [7.9.0] - Jan 23, 2019 -* Updated Artifactory version to 6.7.0 - -## [7.8.9] - Jan 22, 2019 -* Added support for `artifactory.customInitContainers` to create custom init containers - -## [7.8.8] - Jan 17, 2019 -* Added support of values ingress.labels - -## [7.8.7] - Jan 16, 2019 -* Mount replicator.yaml (config) directly to /replicator_extra_conf - -## [7.8.6] - Jan 13, 2019 -* Fix documentation about nginx group id - -## [7.8.5] - Jan 13, 2019 -* Updated Artifactory version to 6.6.5 - -## [7.8.4] - Jan 8, 2019 -* Make artifactory.replicator.publicUrl required when the replicator is enabled - -## [7.8.3] - Jan 1, 2019 -* Updated Artifactory version to 6.6.3 -* Add support for `artifactory.extraEnvironmentVariables` to pass more environment variables to Artifactory - -## [7.8.2] - Dec 28, 2018 -* Fix location `replicator.yaml` is copied to - -## [7.8.1] - Dec 27, 2018 -* Updated Artifactory version to 6.6.1 - -## [7.8.0] - Dec 20, 2018 -* Updated Artifactory version to 6.6.0 - -## [7.7.13] - Dec 17, 2018 -* Updated Artifactory version to 6.5.13 - -## [7.7.12] - Dec 12, 2018 -* Fix documentation about Artifactory license setup using secret - -## [7.7.11] - Dec 10, 2018 -* Fix issue when using existing claim - -## [7.7.10] - Dec 5, 2018 -* Remove Distribution certificates creation. - -## [7.7.9] - Nov 30, 2018 -* Updated Artifactory version to 6.5.9 - -## [7.7.8] - Nov 29, 2018 -* Updated postgresql version to 9.6.11 - -## [7.7.7] - Nov 27, 2018 -* Updated Artifactory version to 6.5.8 - -## [7.7.6] - Nov 19, 2018 -* Added support for configMap to use custom Reverse Proxy Configuration with Nginx - -## [7.7.5] - Nov 14, 2018 -* Fix location of `nodeSelector`, `affinity` and `tolerations` - -## [7.7.4] - Nov 14, 2018 -* Updated Artifactory version to 6.5.3 - -## [7.7.3] - Nov 12, 2018 -* Support artifactory.preStartCommand for running command before entrypoint starts - -## [7.7.2] - Nov 7, 2018 -* Support database.url parameter (DB_URL) - -## [7.7.1] - Oct 29, 2018 -* Change probes port to 8040 (so they will not be blocked when all tomcat threads on 8081 are exhausted) - -## [7.7.0] - Oct 28, 2018 -* Update postgresql chart to version 0.9.5 to be able and use `postgresConfig` options - -## [7.6.8] - Oct 23, 2018 -* Fix providing external secret for database credentials - -## [7.6.7] - Oct 23, 2018 -* Allow user to configure externalTrafficPolicy for Loadbalancer - -## [7.6.6] - Oct 22, 2018 -* Updated ingress annotation support (with examples) to support docker registry v2 - -## [7.6.5] - Oct 21, 2018 -* Updated Artifactory version to 6.5.2 - -## [7.6.4] - Oct 19, 2018 -* Allow providing pre-existing secret containing master key -* Allow arbitrary annotations on primary and member node pods -* Enforce size limits when using local storage with `emptyDir` -* Allow providing pre-existing secrets containing external database credentials - -## [7.6.3] - Oct 18, 2018 -* Updated Artifactory version to 6.5.1 - -## [7.6.2] - Oct 17, 2018 -* Add Apache 2.0 license - -## [7.6.1] - Oct 11, 2018 -* Supports master-key in the secrets and stateful-set -* Allows ingress default `backend` to be enabled or disabled (defaults to enabled) - -## [7.6.0] - Oct 11, 2018 -* Updated Artifactory version to 6.5.0 - -## [7.5.4] - Oct 9, 2018 -* Quote ingress hosts to support wildcard names - -## [7.5.3] - Oct 4, 2018 -* Add PostgreSQL resources template - -## [7.5.2] - Oct 2, 2018 -* Add `helm repo add jfrog https://charts.jfrog.io` to README - -## [7.5.1] - Oct 2, 2018 -* Set Artifactory to 6.4.1 - -## [7.5.0] - Sep 27, 2018 -* Set Artifactory to 6.4.0 - -## [7.4.3] - Sep 26, 2018 -* Add ci/test-values.yaml - -## [7.4.2] - Sep 2, 2018 -* Updated Artifactory version to 6.3.2 -* Removed unused PVC - -## [7.4.0] - Aug 22, 2018 -* Added support to run as non root -* Updated Artifactory version to 6.2.0 - -## [7.3.0] - Aug 22, 2018 -* Enabled RBAC Support -* Added support for PostStartCommand (To download Database JDBC connector) -* Increased postgresql max_connections -* Added support for `nginx.conf` ConfigMap -* Updated Artifactory version to 6.1.0 diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/Chart.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/Chart.yaml deleted file mode 100644 index 4f98e28e3..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/Chart.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -appVersion: 7.12.5 -description: Universal Repository Manager supporting all major packaging formats, - build tools and CI servers. -home: https://www.jfrog.com/artifactory/ -icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory/logo/artifactory-logo.png -keywords: -- artifactory -- jfrog -- devops -maintainers: -- email: installers@jfrog.com - name: Chart Maintainers at JFrog -name: artifactory -sources: -- https://bintray.com/jfrog/product/JFrog-Artifactory-Pro/view -- https://github.com/jfrog/charts -version: 11.7.4 diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/LICENSE b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/LICENSE deleted file mode 100644 index 8dada3eda..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/LICENSE +++ /dev/null @@ -1,201 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "{}" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright {yyyy} {name of copyright owner} - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/README.md b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/README.md deleted file mode 100644 index 9c7551c92..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/README.md +++ /dev/null @@ -1,1151 +0,0 @@ -# JFrog Artifactory Helm Chart - -**Heads up: Our Helm Chart docs are moving to our main documentation site. For Artifactory installers, see [Installing Artifactory](https://www.jfrog.com/confluence/display/JFROG/Installing+Artifactory).** - -## Prerequisites Details - -* Kubernetes 1.12+ -* Artifactory Pro trial license [get one from here](https://www.jfrog.com/artifactory/free-trial/) - -## Chart Details -This chart will do the following: - -* Deploy Artifactory-Pro/Artifactory-Edge (or OSS/CE if custom image is set) -* Deploy a PostgreSQL database using the stable/postgresql chart (can be changed) **NOTE:** For production grade installations it is recommended to use an external PostgreSQL. -* Deploy an optional Nginx server -* Optionally expose Artifactory with Ingress [Ingress documentation](https://kubernetes.io/docs/concepts/services-networking/ingress/) - -## Installing the Chart - -### Add ChartCenter Helm repository - -Before installing JFrog helm charts, you need to add the [ChartCenter helm repository](https://chartcenter.io) to your helm client - -```bash -helm repo add center https://repo.chartcenter.io -helm repo update -``` - -### Install Chart -To install the chart with the release name `artifactory`: -```bash -helm upgrade --install artifactory --namespace artifactory center/jfrog/artifactory -``` - -### System Configuration -Artifactory uses a common system configuration file - `system.yaml`. See [official documentation](https://www.jfrog.com/confluence/display/JFROG/System+YAML+Configuration+File) on its usage. -In order to override the default `system.yaml` configuration, do the following: -```bash -artifactory: - systemYaml: | - -``` - -### Deploying Artifactory with embedded Derby database -By default, this chart deploys Artifactory with PostgreSQL (running in a separate pod). -It's possible to deploy Artifactory without PostgreSQL (or any other external database), which will default to the embedded [Derby database](https://db.apache.org/derby/). -```bash -# Disable the default postgresql -helm upgrade --install artifactory --set postgresql.enabled=false --namespace artifactory center/jfrog/artifactory -``` -Artifactory will start with it's embedded Derby database. - -### Accessing Artifactory -**NOTE:** It might take a few minutes for Artifactory's public IP to become available. -Follow the instructions outputted by the install command to get the Artifactory IP to access it. - -### Updating Artifactory -Once you have a new chart version, you can update your deployment with -```bash -helm upgrade artifactory --namespace artifactory center/jfrog/artifactory -``` - -If artifactory was installed without providing a value to postgresql.postgresqlPassword (a password was autogenerated), follow these instructions: -1. Get the current password by running: -```bash -POSTGRES_PASSWORD=$(kubectl get secret -n -postgresql -o jsonpath="{.data.postgresql-password}" | base64 --decode) -``` -2. Upgrade the release by passing the previously auto-generated secret: -```bash -helm upgrade center/jfrog/artifactory --set postgresql.postgresqlPassword=${POSTGRES_PASSWORD} --namespace -``` - -This will apply any configuration changes on your existing deployment. - -### Special Upgrade Notes -#### Artifactory upgrade from 6.x to 7.x (App Version) -Arifactory 6.x to 7.x upgrade requires a one time migration process. This is done automatically on pod startup if needed. -It's possible to configure the migration timeout with the following configuration in extreme cases. The provided default should be more than enough for completion of the migration. -```yaml -artifactory: - # Migration support from 6.x to 7.x - migration: - enabled: true - timeoutSeconds: 3600 -``` -* Note: If you are upgrading from 8.x to 11.x and above chart versions, please delete the existing statefulset of postgresql before upgrading the chart due to breaking changes in postgresql subchart. -```bash -kubectl delete statefulsets -postgresql -``` - -### Artifactory memory and CPU resources -The Artifactory Helm chart comes with support for configured resource requests and limits to Artifactory, Nginx and PostgreSQL. By default, these settings are commented out. -It is **highly** recommended to set these so you have full control of the allocated resources and limits. -Artifactory java memory parameters can (and should) also be set to match the allocated resources with `artifactory.javaOpts.xms` and `artifactory.javaOpts.xmx`. -```bash -# Example of setting resource requests and limits to all pods (including passing java memory settings to Artifactory) -helm upgrade --install artifactory \ - --set artifactory.resources.requests.cpu="500m" \ - --set artifactory.resources.limits.cpu="2" \ - --set artifactory.resources.requests.memory="1Gi" \ - --set artifactory.resources.limits.memory="4Gi" \ - --set artifactory.javaOpts.xms="1g" \ - --set artifactory.javaOpts.xmx="4g" \ - --set nginx.resources.requests.cpu="100m" \ - --set nginx.resources.limits.cpu="250m" \ - --set nginx.resources.requests.memory="250Mi" \ - --set nginx.resources.limits.memory="500Mi" \ - --namespace artifactory center/jfrog/artifactory -``` -Get more details on configuring Artifactory in the [official documentation](https://www.jfrog.com/confluence/). - -Although it is possible to set resources limits and requests this way, it is recommended to use the pre-built values files -for small, medium and large installation and change them according to your needs (if necessary), as described [here](#Deploying-Artifactory-for-small/medium/large-installations) - -### Deploying Artifactory for small/medium/large installations -In the chart directory, we have added three values files, one for each installation type - small/medium/large. These values files are recommendations for setting resources requests and limits for your installation. The values are derived from the following [documentation](https://www.jfrog.com/confluence/display/EP/Installing+on+Kubernetes#InstallingonKubernetes-Systemrequirements). You can find them in the corresponding chart directory - values-small.yaml, values-medium.yaml and values-large.yaml - - -### Artifactory storage -When using an enterprise license. Artifactory supports a wide range of storage back ends. You can see more details on [Artifactory Filestore options](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore) - -In this chart, you set the type of storage you want with `artifactory.persistence.type` and pass the required configuration settings. -The default storage in this chart is the `file-system` replication, where the data is replicated to all nodes. - -#### NFS -To use an NFS server as your cluster's storage, you need to -- Setup an NFS server. Get its IP as `NFS_IP` -- Create a `data` and `backup` directories on the NFS exported directory with write permissions to all -- Pass NFS parameters to `helm install` and `helm upgrade` -```bash -... ---set artifactory.persistence.type=nfs \ ---set artifactory.persistence.nfs.ip=${NFS_IP} \ -... -``` - -#### Using a network file system with the file-system persistence type -In some cases, it is not possible for the helm chart to set up your NFS mounts automatically for Artiactory. -In such cases, such as using AWS EFS, you will use the `artifactory.persistnece.type=file-system` even though your underlying persistence is actually a network file system. -The same thing applies when using a slow storage device (such as cheap disks) as your main storage solution for Artifactory. -This means that serving highly used files from the network file system/slow storage can take time, -and that's why you would want a cache filesystem that's stored locally on disk (fast disks like SSD). - -This is how you would configure it: -Create a values file with the following content: -1. Set up your volume mount to your fast storage device -```yaml -artifactory: - ## Set up your volume mount to your fast storage device - customVolumes: | - - name: my-cache-fast-storage - persistentVolumeClaim: - claimName: my-cache-fast-storage-pvc - ## Enable caching and configure the cache directory - customVolumeMounts: | - - name: my-cache-fast-storage - mountPath: /my-fast-cache-mount - ## Install the helm chart with the values file you created - persistence: - cacheProviderDir: /my-fast-cache-mount - fileSystem: - cache: - enabled: true - -``` -2. Install Artifactory with the values file you created: -```bash -helm upgrade --install artifactory center/jfrog/artifactory --namespace artifactory -f values.yaml -``` - -#### Google Storage -To use a Google Storage bucket as the cluster's filestore. See [Google Storage Binary Provider](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore#ConfiguringtheFilestore-GoogleStorageBinaryProvider) -- Pass Google Storage parameters to `helm install` and `helm upgrade` -```bash -... ---set artifactory.persistence.type=google-storage \ ---set artifactory.persistence.googleStorage.identity=${GCP_ID} \ ---set artifactory.persistence.googleStorage.credential=${GCP_KEY} \ -... -``` - -#### AWS S3 -**NOTE** Keep in mind that when using the `aws-s3` persistence type, you will not be able to provide an IAM on the pod level. -In order to grant permissions to Artifactory using an IAM role, you will have to attach the said IAM role to the machine(s) on which Artifactory is running. -This is due to the fact that the `aws-s3` template uses the `JetS3t` library to interact with AWS. If you want to grant an IAM role at the pod level, see the `AWS S3 Vs` section. - -To use an AWS S3 bucket as the cluster's filestore. See [S3 Binary Provider](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore#ConfiguringtheFilestore-S3BinaryProvider) -- Pass AWS S3 parameters to `helm install` and `helm upgrade` -```bash -... -# With explicit credentials: ---set artifactory.persistence.type=aws-s3 \ ---set artifactory.persistence.awsS3.endpoint=${AWS_S3_ENDPOINT} \ ---set artifactory.persistence.awsS3.region=${AWS_REGION} \ ---set artifactory.persistence.awsS3.identity=${AWS_ACCESS_KEY_ID} \ ---set artifactory.persistence.awsS3.credential=${AWS_SECRET_ACCESS_KEY} \ -... - -... -# With using existing IAM role ---set artifactory.persistence.type=aws-s3 \ ---set artifactory.persistence.awsS3.endpoint=${AWS_S3_ENDPOINT} \ ---set artifactory.persistence.awsS3.region=${AWS_REGION} \ ---set artifactory.persistence.awsS3.roleName=${AWS_ROLE_NAME} \ -... -``` -**NOTE:** Make sure S3 `endpoint` and `region` match. See [AWS documentation on endpoint](https://docs.aws.amazon.com/general/latest/gr/rande.html) - -#### AWS S3 V3 -To use an AWS S3 bucket as the cluster's filestore and access it with the official AWS SDK, See [S3 Official SDK Binary Provider](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore#ConfiguringtheFilestore-AmazonS3OfficialSDKTemplate). -This filestore template uses the official AWS SDK, unlike th`aws-s3` implementation that uses the `JetS3t` library. -Use this template if you want to attach an IAM role to the Artifactory pod directly (as opposed to attaching it to the machine/s that Artifactory will run on). - -**NOTE** This will have to be combined with a k8s mechanism for attaching IAM roles to pods, like [kube2iam](https://github.com/helm/charts/tree/master/stable/kube2iam) or anything similar. - -- Pass AWS S3 V3 parameters and the annotation pointing to the IAM role (when using an IAM role. this is kube2iam specific and may vary depending on the implementation) to `helm install` and `helm upgrade` - -```bash -# With explicit credentials: ---set artifactory.persistence.type=aws-s3-v3 \ ---set artifactory.persistence.awsS3V3.region=${AWS_REGION} \ ---set artifactory.persistence.awsS3V3.bucketName=${AWS_S3_BUCKET_NAME} \ ---set artifactory.persistence.awsS3V3.identity=${AWS_ACCESS_KEY_ID} \ ---set artifactory.persistence.awsS3V3.credential=${AWS_SECRET_ACCESS_KEY} \ -... -``` - -```bash -# With using existing IAM role ---set artifactory.persistence.type=aws-s3-v3 \ ---set artifactory.persistence.awsS3V3.region=${AWS_REGION} \ ---set artifactory.persistence.awsS3V3.bucketName=${AWS_S3_BUCKET_NAME} \ ---set artifactory.annotations.'iam\.amazonaws\.com/role'=${AWS_IAM_ROLE_ARN} -... -``` - -To enable [Direct Cloud Storage Download](https://www.jfrog.com/confluence/display/JFROG/Direct+Cloud+Storage+Download#DirectCloudStorageDownload-1.ConfiguretheArtifactoryFilestore) -```bash -... ---set artifactory.persistence.awsS3V3.enableSignedUrlRedirect=true \ -... -``` - -#### Microsoft Azure Blob Storage -To use Azure Blob Storage as the cluster's filestore. See [Azure Blob Storage Binary Provider](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore#ConfiguringtheFilestore-AzureBlobStorageClusterBinaryProvider) -- Pass Azure Blob Storage parameters to `helm install` and `helm upgrade` -```bash -... ---set artifactory.persistence.type=azure-blob \ ---set artifactory.persistence.azureBlob.accountName=${AZURE_ACCOUNT_NAME} \ ---set artifactory.persistence.azureBlob.accountKey=${AZURE_ACCOUNT_KEY} \ ---set artifactory.persistence.azureBlob.endpoint=${AZURE_ENDPOINT} \ ---set artifactory.persistence.azureBlob.containerName=${AZURE_CONTAINER_NAME} \ -... -``` - -* To use a persistent volume claim as cache dir together with Azure Blob Storage, additionally pass the following parameters to `helm install` and `helm upgrade` (make sure `mountPath` and `cacheProviderDir` point to the same location) -```bash -... ---set artifactory.persistence.existingClaim=${YOUR_CLAIM} \ ---set artifactory.persistence.mountPath=/opt/cache-dir \ ---set artifactory.persistence.cacheProviderDir=/opt/cache-dir \ -... -``` - -#### Custom binarystore.xml -You have an option to provide a custom [binarystore.xml](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore).
-There are two options for this - -1. Editing directly in [values.yaml](values.yaml) -```yaml -artifactory: - persistence: - binarystoreXml: | - - - - - -``` - -2. Create your own [Secret](https://kubernetes.io/docs/concepts/configuration/secret/) and pass it to your `helm install` command -```yaml -# Prepare your custom Secret file (custom-binarystore.yaml) -kind: Secret -apiVersion: v1 -metadata: - name: custom-binarystore - labels: - app: artifactory - chart: artifactory -stringData: - binarystore.xml: |- - - - - -``` - -```bash -# Create a secret from the file -kubectl apply -n artifactory -f ./custom-binarystore.yaml - -# Pass it to your helm install command: -helm upgrade --install artifactory --namespace artifactory --set artifactory.persistence.customBinarystoreXmlSecret=custom-binarystore center/jfrog/artifactory -``` - -### Create a unique Master Key -Artifactory requires a unique master key. By default the chart has one set in values.yaml (`artifactory.masterKey`). - -**For production grade installations it is strongly recommended to use a custom master key. If you initially use the default master key it will be very hard to change the master key at a later stage** -**This key is for demo purpose and should not be used in a production environment!** - -You should generate a unique one and pass it to the template at install/upgrade time. -```bash -# Create a key -export MASTER_KEY=$(openssl rand -hex 32) -echo ${MASTER_KEY} - -# Pass the created master key to helm -helm upgrade --install artifactory --set artifactory.masterKey=${MASTER_KEY} --namespace artifactory center/jfrog/artifactory -``` - -Alternatively, you can create a secret containing the master key manually and pass it to the template at install/upgrade time. -```bash -# Create a key -export MASTER_KEY=$(openssl rand -hex 32) -echo ${MASTER_KEY} - -# Create a secret containing the key. The key in the secret must be named master-key -kubectl create secret generic my-secret --from-literal=master-key=${MASTER_KEY} - -# Pass the created secret to helm -helm upgrade --install artifactory --set artifactory.masterKeySecretName=my-secret --namespace artifactory center/jfrog/artifactory -``` -**NOTE:** In either case, make sure to pass the same master key on all future calls to `helm install` and `helm upgrade`! In the first case, this means always passing `--set artifactory.masterKey=${MASTER_KEY}`. In the second, this means always passing `--set artifactory.masterKeySecretName=my-secret` and ensuring the contents of the secret remain unchanged. - -### Special Upgrade Notes -### MasterKey during 6.x to 7.x Migration (App version) - -**NOTE:** 6.x only supports masterKey with 16 hex (32 characters) and if you have set masterKey using `openssl rand -hex 32` (64 characters) in 6.x, only the first 32 characters are used and rest are ignored. Hence, during 6.x to 7.x migration, we trim first 32 characters and set masterkey, which implies 7.x still uses the trimmed masterkey of 6.x. Hence, `artifactory.masterKey` should not be passed during migration from 6.x to 7.x. - -### Create a unique Join Key -Artifactory requires a unique join key. By default the chart has one set in values.yaml (`artifactory.joinKey`). - -**This key is for demo purpose and should not be used in a production environment!** - -You should generate a unique key and pass it to the template at install/upgrade time. -```bash -# Create a key -export JOIN_KEY=$(openssl rand -hex 32) -echo ${JOIN_KEY} - -# Pass the created join key to helm -helm upgrade --install artifactory --set artifactory.joinKey=${JOIN_KEY} --namespace artifactory center/jfrog/artifactory -``` - -Alternatively, you can create a secret containing the join key manually and pass it to the template at install/upgrade time. -```bash -# Create a key -export JOIN_KEY=$(openssl rand -hex 32) -echo ${JOIN_KEY} - -# Create a secret containing the key. The key in the secret must be named join-key -kubectl create secret generic my-secret --from-literal=join-key=${JOIN_KEY} - -# Pass the created secret to helm -helm upgrade --install artifactory --set artifactory.joinKeySecretName=my-secret --namespace artifactory center/jfrog/artifactory -``` -**NOTE:** In either case, make sure to pass the same join key on all future calls to `helm install` and `helm upgrade`! This means always passing `--set artifactory.joinKey=${JOIN_KEY}`. In the second, this means always passing `--set artifactory.joinKeySecretName=my-secret` and ensuring the contents of the secret remain unchanged. - -### Customizing Database password -You can override the specified database password (set in [values.yaml](values.yaml)), by passing it as a parameter in the install command line -```bash -helm upgrade --install artifactory --namespace artifactory --set postgresql.postgresqlPassword=12_hX34qwerQ2 center/jfrog/artifactory -``` - -You can customise other parameters in the same way, by passing them on `helm install` command line. - -### Deleting Artifactory - -On helm v2: -```bash -helm delete --purge artifactory -``` - -On helm v3: -```bash -helm delete artifactory --namespace artifactory -``` -This will completely delete your Artifactory Pro deployment. -**IMPORTANT:** This will also delete your data volumes. You will lose all data! - -### Kubernetes Secret for Artifactory License -##### Use an existing secret -You can deploy the Artifactory license as a [Kubernetes secret](https://kubernetes.io/docs/concepts/configuration/secret/). -Prepare a text file with the license written in it and create a Kubernetes secret from it. -```bash -# Create the Kubernetes secret (assuming the local license file is 'art.lic') -kubectl create secret generic artifactory-license --from-file=./art.lic - -# Pass the license to helm -helm upgrade --install artifactory --set artifactory.license.secret=artifactory-license,artifactory.license.dataKey=art.lic --namespace artifactory center/jfrog/artifactory -``` -**NOTE:** This method is relevant for initial deployment only! Once Artifactory is deployed, you should not keep passing these parameters as the license is already persisted into Artifactory's storage (they will be ignored). -Updating the license should be done via Artifactory UI or REST API. -If you want to keep managing the artifactory license using the same method, you can use the copyOnEveryStartup example shown in the values.yaml file - -##### Create the secret as part of the helm release -values.yaml -```yaml -artifactory: - license: - licenseKey: |- - -``` - -```bash -helm upgrade --install artifactory -f values.yaml --namespace artifactory center/jfrog/artifactory -``` -**NOTE:** This method is relevant for initial deployment only! Once Artifactory is deployed, you should not keep passing these parameters as the license is already persisted into Artifactory's storage (they will be ignored). -Updating the license should be done via Artifactory UI or REST API. -If you want to keep managing the artifactory license using the same method, you can use the copyOnEveryStartup example shown in the values.yaml file - - -### copyOnEveryStartup feature -Files stored in the `/artifactory-extra-conf` directory are only copied to the `ARTIFACTORY_HOME/etc` directory upon the first startup. -In some cases, you want your configuration files to be copied to the `ARTIFACTORY_HOME/etc` directory on every startup. -Two examples for that would be: - -1. the binarstore.xml file. If you use the default behaviour, your binarystore.xml configuration will only be copied on the first startup, -which means that changes you make over time to the `binaryStoreXml` configuration will not be applied. In order to make sure your changes are applied on every startup, do the following: -Create a values file with the following values: -```yaml -artifactory: - copyOnEveryStartup: - - source: /artifactory_bootstrap/binarystore.xml - target: etc/artifactory/ -``` - -Install the helm chart with the values file you created: -```bash -helm upgrade --install artifactory --namespace artifactory center/jfrog/artifactory -f values.yaml -``` - -2. Any custom configuration file you have to configure artifactory, such as `logback.xml`: -Create a config map with your `logback.xml` configuration. - -Create a values file with the following values: -```yaml -artifactory: - ## Create a volume pointing to the config map with your configuration file - customVolumes: | - - name: logback-xml-configmap - configMap: - name: logback-xml-configmap - customVolumeMounts: | - - name: logback-xml-configmap - mountPath: /tmp/artifactory-logback/ - copyOnEveryStartup: - - source: /tmp/artifactory-logback/* - target: etc/ -``` - -Install the helm chart with the values file you created: -```bash -helm upgrade --install artifactory --namespace artifactory center/jfrog/artifactory -f values.yaml -``` - -### Configure NetworkPolicy - -NetworkPolicy specifies what ingress and egress is allowed in this namespace. It is encouraged to be more specific whenever possible to increase security of the system. - -In the `networkpolicy` section of values.yaml you can specify a list of NetworkPolicy objects. - -For podSelector, ingress and egress, if nothing is provided then a default `- {}` is applied which is to allow everything. - -A full (but very wide open) example that results in 2 NetworkPolicy objects being created: -```yaml -networkpolicy: - # Allows all ingress and egress to/from artifactory. - - name: artifactory - podSelector: - matchLabels: - app: artifactory - egress: - - {} - ingress: - - {} - # Allows connectivity from artifactory pods to postgresql pods, but no traffic leaving postgresql pod. - - name: postgres - podSelector: - matchLabels: - app: postgresql - ingress: - - from: - - podSelector: - matchLabels: - app: artifactory -``` -### Artifactory JMX Configuration -** You can see some information about the exposed MBeans here - https://www.jfrog.com/confluence/display/RTF/Artifactory+JMX+MBeans - -Enable JMX in your deployment: -```bash -helm upgrade --install artifactory \ - --set artifactory.javaOpts.jmx.enabled=true \ - --namespace artifactory center/jfrog/artifactory -``` -This will enable access to Artifactory with JMX on the default port (9010). -** You have the option to change the port by setting ```artifactory.javaOpts.jmx.port``` to your choice of port - -In order to connect to Artifactory using JMX with jconsole (or any similar tool) installed on your computer, follow the following steps: -1. Enable JMX as described above and Change the Artifactory service to be of type LoadBalancer: -```bash -helm upgrade --install artifactory \ - --set artifactory.javaOpts.jmx.enabled=true \ - --set artifactory.service.type=LoadBalancer \ - --namespace artifactory center/jfrog/artifactory - -``` -2. The default setting for java.rmi.server.hostname is the service name (this is also configurable with ```artifactory.javaOpts.jmx.host```). -So in order to connect to Artifactory with jconsole you should map the Artifactory kuberentes service IP to the service name using your hosts file as such: -``` - artifactory- -``` -3. Launch jconsole with the service address and port: -```bash -jconsole artifactory-: -``` - -### Bootstrapping Artifactory admin password -You can bootstrap the `admin` user password as described in the [bootstrap Artifactory admin credentials](https://www.jfrog.com/confluence/display/JFROG/Users+and+Groups#UsersandGroups-RecreatingtheDefaultAdminUserrecreate) guide. - -1. Create `admin-creds-values.yaml` and provide the IP (By default 127.0.0.1) and password: -```yaml -artifactory: - admin: - ip: "" # Example: "*" to allow access from anywhere - username: "admin" - password: "" -``` - -2. Apply the `admin-creds-values.yaml` file: -```bash -helm upgrade --install artifactory --namespace artifactory center/jfrog/artifactory -f admin-creds-values.yaml -``` - -3. Restart Artifactory Pod (`Kubectl delete pod `) - -### Bootstrapping Artifactory configuration -**IMPORTANT:** Bootstrapping Artifactory needs license. Pass license as shown in above section. - -* User guide to [bootstrap Artifactory Global Configuration](https://www.jfrog.com/confluence/display/RTF/Configuration+Files#ConfigurationFiles-BootstrappingtheGlobalConfiguration) -* User guide to [bootstrap Artifactory Security Configuration](https://www.jfrog.com/confluence/display/RTF/Configuration+Files#ConfigurationFiles-BootstrappingtheSecurityConfiguration) - -1. Create `bootstrap-config.yaml` with artifactory.config.import.xml and security.import.xml as shown below: -```yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: my-release-bootstrap-config -data: - artifactory.config.import.xml: | - - security.import.xml: | - -``` - -2. Create configMap in Kubernetes: -```bash -kubectl apply -f bootstrap-config.yaml -``` -3. Pass the configMap to helm -```bash -helm upgrade --install artifactory --set artifactory.license.secret=artifactory-license,artifactory.license.dataKey=art.lic,artifactory.configMapName=my-release-bootstrap-config --namespace artifactory center/jfrog/artifactory -``` -OR -```bash -helm upgrade --install artifactory --set artifactory.license.licenseKey=,artifactory.configMapName=my-release-bootstrap-config --namespace artifactory center/jfrog/artifactory -``` - -### Use custom nginx.conf with Nginx - -Steps to create configMap with nginx.conf -* Create `nginx.conf` file. -```bash -kubectl create configmap nginx-config --from-file=nginx.conf -``` -* Pass configMap to helm install -```bash -helm upgrade --install artifactory --set nginx.customConfigMap=nginx-config --namespace artifactory center/jfrog/artifactory -``` - -### Use an external Database - -**For production grade installations it is recommended to use an external PostgreSQL with a static password** - -#### PostgreSQL -There are cases where you will want to use an external PostgreSQL with a different database name e.g. `my-artifactory-db`, then you need set a custom PostgreSQL connection URL, where `my-artifactory-db` is the name of the database. - -This can be done with the following parameters -```bash -... ---set postgresql.enabled=false \ ---set database.type=postgresql \ ---set database.driver=org.postgresql.Driver \ ---set database.url='jdbc:postgresql://${DB_HOST}:${DB_PORT}/my-artifactory-db' \ ---set database.user=${DB_USER} \ ---set database.password=${DB_PASSWORD} \ -... -``` -**NOTE:** You must set `postgresql.enabled=false` in order for the chart to use the `database.*` parameters. Without it, they will be ignored! - -#### Other DB type -There are cases where you will want to use a different database and not the enclosed **PostgreSQL**. -See more details on [configuring the database](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Database) -> The official Artifactory Docker images include the PostgreSQL database driver. -> For other database types, you will have to add the relevant database driver to Artifactory's tomcat/lib - -This can be done with the following parameters -```bash -# Make sure your Artifactory Docker image has the MySQL database driver in it -... ---set postgresql.enabled=false \ ---set artifactory.preStartCommand="mkdir -p /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib; cd /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib && wget -O /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib/mysql-connector-java-5.1.41.jar https://jcenter.bintray.com/mysql/mysql-connector-java/5.1.41/mysql-connector-java-5.1.41.jar" \ ---set database.type=mysql \ ---set database.driver=com.mysql.jdbc.Driver \ ---set database.url=${DB_URL} \ ---set database.user=${DB_USER} \ ---set database.password=${DB_PASSWORD} \ -... -``` -**NOTE:** You must set `postgresql.enabled=false` in order for the chart to use the `database.*` parameters. Without it, they will be ignored! -##### Configuring Artifactory with external Oracle database -To use artifactory with oracledb the required instant client library files, libaio has to be copied to tomcat lib. Also set LD_LIBRARY_PATH env variable. -1. Create a value file with the configuration -```yaml -postgresql: - enabled: false -database: - type: oracle - driver: oracle.jdbc.OracleDriver - url: - user: - password: -artifactory: - preStartCommand: "mkdir -p /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib; cd /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib && wget -O instantclient-basic-linux.x64-19.6.0.0.0dbru.zip https://download.oracle.com/otn_software/linux/instantclient/19600/instantclient-basic-linux.x64-19.6.0.0.0dbru.zip && unzip -jn instantclient-basic-linux.x64-19.6.0.0.0dbru.zip && wget -O libaio1_0.3.110-3_amd64.deb http://ftp.br.debian.org/debian/pool/main/liba/libaio/libaio1_0.3.110-3_amd64.deb && dpkg-deb -x libaio1_0.3.110-3_amd64.deb . && cp lib/x86_64-linux-gnu/* ." - extraEnvironmentVariables: - - name: LD_LIBRARY_PATH - value: /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib -``` -2. Install Artifactory with the values file you created: -```bash -helm upgrade --install artifactory center/jfrog/artifactory --namespace artifactory -f values-oracle.yaml -``` -**NOTE:** If its an upgrade from 6.x to 7.x, add same `preStartCommand` under `artifactory.migration.preStartCommand` - -#### Using pre-existing Kubernetes Secret -If you store your database credentials in a pre-existing Kubernetes `Secret`, you can specify them via `database.secrets` instead of `database.user` and `database.password`: -```bash -# Create a secret containing the database credentials -kubectl create secret generic my-secret --from-literal=user=${DB_USER} --from-literal=password=${DB_PASSWORD} -... ---set postgresql.enabled=false \ ---set database.secrets.user.name=my-secret \ ---set database.secrets.user.key=user \ ---set database.secrets.password.name=my-secret \ ---set database.secrets.password.key=password \ ---set database.secrets.url.name=my-secret \ ---set database.secrets.url.key=url \ -... -``` - -### Deleting Artifactory -To delete the Artifactory. - -On helm v2: -```bash -helm delete --purge artifactory -``` - -On helm v3: -```bash -helm delete artifactory --namespace artifactory -``` -This will completely delete your Artifactory HA cluster. - -### Custom Docker registry for your images -If you need to pull your Docker images from a private registry, you need to create a -[Kubernetes Docker registry secret](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/) and pass it to helm -```bash -# Create a Docker registry secret called 'regsecret' -kubectl create secret docker-registry regsecret --docker-server= --docker-username= --docker-password= --docker-email= -``` -Once created, you pass it to `helm` -```bash -helm upgrade --install artifactory --set imagePullSecrets=regsecret --namespace artifactory center/jfrog/artifactory -``` - -### Logger sidecars -This chart provides the option to add sidecars to tail various logs from Artifactory. See the available values in [values.yaml](values.yaml) - -Get list of containers in the pod -```bash -kubectl get pods -n -o jsonpath='{.spec.containers[*].name}' | tr ' ' '\n' -``` - -View specific log -```bash -kubectl logs -n -c -``` - -### Custom init containers -There are cases where a special, unsupported init processes is needed like checking something on the file system or testing something before spinning up the main container. - -For this, there is a section for writing a custom init container in the [values.yaml](values.yaml). By default it's commented out -```yaml -artifactory: - ## Add custom init containers - customInitContainers: | - ## Init containers template goes here ## -``` - -### Custom sidecar containers -There are cases where an extra sidecar container is needed. For example monitoring agents or log collection. - -For this, there is a section for writing a custom sidecar container in the [values.yaml](values.yaml). By default it's commented out -```yaml -artifactory: - ## Add custom sidecar containers - customSidecarContainers: | - ## Sidecar containers template goes here ## -``` - -### Custom volumes -If you need to use a custom volume in a custom init or sidecar container, you can use this option. - -For this, there is a section for defining custom volumes in the [values.yaml](values.yaml). By default it's commented out -```yaml -artifactory: - ## Add custom volumes - customVolumes: | - ## Custom volume comes here ## -``` - -### Custom secrets -If you need to add a custom secret in a custom init or sidecar container, you can use this option. - -For this, there is a section for defining custom secrets in the [values.yaml](values.yaml). By default it's commented out -```yaml -artifactory: - # Add custom secrets - secret per file - customSecrets: - - name: custom-secret - key: custom-secret.yaml - data: > - secret data -``` - -To use a custom secret, need to define a custom volume. -```yaml -artifactory: - ## Add custom volumes - customVolumes: | - - name: custom-secret - secret: - secretName: custom-secret -``` - -To use a volume, need to define a volume mount as part of a custom init or sidecar container. -```yaml -artifactory: - customSidecarContainers: - - name: side-car-container - volumeMounts: - - name: custom-secret - mountPath: /opt/custom-secret.yaml - subPath: custom-secret.yaml - readOnly: true -``` - -You can configure the sidecar to run as a custom user if needed by setting the following in the container template -```yaml - # Example of running container as root (id 0) - securityContext: - runAsUser: 0 - fsGroup: 0 -``` - -### Add Artifactory User Plugin during installation -If you need to add [Artifactory User Plugin](https://github.com/jfrog/artifactory-user-plugins), you can use this option. - -Create a secret with [Artifactory User Plugin](https://github.com/jfrog/artifactory-user-plugins) by following command: -```bash -# Secret with single user plugin -kubectl create secret generic archive-old-artifacts --from-file=archiveOldArtifacts.groovy --namespace=artifactory - -# Secret with single user plugin with configuration file -kubectl create secret generic webhook --from-file=webhook.groovy --from-file=webhook.config.json.sample --namespace=artifactory -``` - -Add plugin secret names to `plugins.yaml` as following: -```yaml -artifactory: - userPluginSecrets: - - archive-old-artifacts - - webhook -``` - -You can now pass the created `plugins.yaml` file to helm install command to deploy Artifactory with user plugins as follows: -```bash -helm upgrade --install artifactory -f plugins.yaml --namespace artifactory center/jfrog/artifactory -``` - -Alternatively, you may be in a situation in which you would like to create a secret in a Helm chart that depends on this chart. In this scenario, the name of the secret is likely dynamically generated via template functions, so passing a statically named secret isn't possible. In this case, the chart supports evaluating strings as templates via the [`tpl`](https://helm.sh/docs/charts_tips_and_tricks/#using-the-tpl-function) function - simply pass the raw string containing the templating language used to name your secret as a value instead by adding the following to your chart's `values.yaml` file: -```yaml -artifactory: # Name of the artifactory dependency - artifactory: - userPluginSecrets: - - '{{ template "my-chart.fullname" . }}' -``` -For additional information, please refer [here](https://www.jfrog.com/confluence/display/JFROG/User+Plugins). - -### Provide custom configMaps to Artifactory -If you want to mount a custom file to Artifactory, either an init shell script or a custom configuration file (such as `logback.xml`), you can use this option. - -Create a `configmaps.yaml` file with the following content: -```yaml -artifactory: - configMaps: | - logback.xml: | - - - - - %date [%-5level] \(%-20c{3}:%L\) %message%n - - - - - - - - - - - - - - - my-custom-post-start-hook.sh: | - echo "This is my custom post start hook" - - customVolumeMounts: | - - name: artifactory-configmaps - mountPath: /tmp/my-config-map - - postStartCommand: | - chmod +x /tmp/my-config-map/my-custom-post-start-hook.sh; - /tmp/my-config-map/my-custom-post-start-hook.sh; - - copyOnEveryStartup: - - source: /tmp/my-config-map/logback.xml - target: etc/ - -``` - -and use it with you helm install/upgrade: -```bash -helm upgrade --install artifactory -f configmaps.yaml --namespace artifactory center/jfrog/artifactory -``` - -This will, in turn: -* create a configMap with the files you specified above -* create a volume pointing to the configMap with the name `artifactory-configmaps` -* Mount said configMap onto `/tmp/my-config-map` using a `customVolumeMounts` -* Set the shell script we mounted as the `postStartCommand` -* Copy the `logback.xml` file to its proper location in the `$ARTIFACTORY_HOME/etc` directory. - -### Establishing TLS and Adding certificates -In HTTPS, the communication protocol is encrypted using Transport Layer Security (TLS). By default, TLS between JFrog Platform nodes is disabled. -When TLS is enabled, JFrog Access acts as the Certificate Authority (CA) signs the TLS certificates used by all the different JFrog Platform nodes. - -To establish TLS between JFrog Platform nodes: -Enable TLS by changing the tls entry (under the security section) in the access.config.yaml file. For more info, Please refer [here](https://www.jfrog.com/confluence/display/JFROG/Managing+TLS+Certificates#ManagingTLSCertificates) - -To enable tls in charts, set `tls` to true under `access` in [values.yaml](values.yaml). By default it's false -```yaml -access: - accessConfig: - security: - tls: true -``` - -To add custom tls certificates, create a tls secret from the certificate files. - -```bash -kubectl create secret tls --cert=ca.crt --key=ca.private.key -``` - -For resetting access certificates , you can set `resetAccessCAKeys` to true under access section in [values.yaml](values.yaml) and perform an helm upgrade. -* Note : Once helm upgrade is done, set `resetAccessCAKeys` to false for subsequent upgrades (to avoid resetting access certificates on every helm upgrade) -```yaml -access: - accessConfig: - security: - tls: true - customCertificatesSecretName: - resetAccessCAKeys: true -``` - -### Artifactory filebeat -If you want to collect logs from your Artifactory installation and send them to a central log collection solution like ELK, you can use this option. - -Create a `filebeat.yaml` values file with the following content: -```yaml -filebeat: - enabled: true - logstashUrl: - resources: - requests: - memory: "100Mi" - cpu: "100m" - limits: - memory: "100Mi" - cpu: "100m" -``` - -You can optionally customize the `filebeat.yaml` to send output to a different location like so: -```yaml -filebeat: - enabled: true - filebeatYml: | - -``` - -and use it with you helm install/upgrade: -```bash -helm upgrade --install artifactory -f filebeat.yaml --namespace artifactory center/jfrog/artifactory -``` - -### Install Artifactory with Nginx and Terminate SSL in Nginx Service(LoadBalancer). -To install the helm chart with performing SSL offload in the LoadBalancer layer of Nginx -For Ex: Using AWS ACM certificates to do SSL offload in the loadbalancer layer. -In order to do that, simply add the following to a `artifactory-ssl-values.yaml` file: -```yaml - nginx: - https: - enabled: false - service: - ssloffload: true - annotations: - service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:xx-xxxx:xxxxxxxx:certificate/xxxxxxxxxxxxx" - service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http" - service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https" -``` - -and use it with you helm install/upgrade: -```bash -helm upgrade --install artifactory -f artifactory-ssl-values.yaml --namespace artifactory center/jfrog/artifactory -``` - -### Ingress and TLS -To get Helm to create an ingress object with a hostname, add these below lines to `artifactory-ingress-values.yaml` file -```yaml - ingress: - enabled: true - hosts: - - artifactory.company.com - artifactory: - service: - type: NodePort - nginx - enabled: false -``` - -and use it with you helm install/upgrade: -```bash -helm upgrade --install artifactory -f artifactory-ingress-values.yaml --namespace artifactory center/jfrog/artifactory -``` - -If your cluster allows automatic creation/retrieval of TLS certificates (e.g. [cert-manager](https://github.com/jetstack/cert-manager)), please refer to the documentation for that mechanism. - -To manually configure TLS, first create/retrieve a key & certificate pair for the address(es) you wish to protect. Then create a TLS secret in the namespace: - -```bash -kubectl create secret tls artifactory-tls --cert=path/to/tls.cert --key=path/to/tls.key -``` - -Include the secret's name, along with the desired hostnames, in the Artifactory Ingress TLS section of your custom `values.yaml` file: - -```yaml - ingress: - ## If true, Artifactory Ingress will be created - ## - enabled: true - - ## Artifactory Ingress hostnames - ## Must be provided if Ingress is enabled - ## - hosts: - - artifactory.domain.com - annotations: - kubernetes.io/tls-acme: "true" - ## Artifactory Ingress TLS configuration - ## Secrets must be manually created in the namespace - ## - tls: - - secretName: artifactory-tls - hosts: - - artifactory.domain.com -``` - -### Ingress annotations - -This example specifically enables Artifactory to work as a Docker Registry using the Repository Path method. See [Artifactory as Docker Registry](https://www.jfrog.com/confluence/display/RTF/Getting+Started+with+Artifactory+as+a+Docker+Registry) documentation for more information about this setup. - -```yaml -ingress: - enabled: true - defaultBackend: - enabled: false - hosts: - - myhost.example.com - annotations: - ingress.kubernetes.io/force-ssl-redirect: "true" - ingress.kubernetes.io/proxy-body-size: "0" - ingress.kubernetes.io/proxy-read-timeout: "600" - ingress.kubernetes.io/proxy-send-timeout: "600" - kubernetes.io/ingress.class: nginx - nginx.ingress.kubernetes.io/configuration-snippet: | - rewrite ^/(v2)/token /artifactory/api/docker/null/v2/token; - rewrite ^/(v2)/([^\/]*)/(.*) /artifactory/api/docker/$2/$1/$3; - nginx.ingress.kubernetes.io/proxy-body-size: "0" - tls: - - hosts: - - "myhost.example.com" -``` - -If you're using Artifactory as SSO provider (e.g. with xray), you will need to have the following annotations, and change with your domain: -```yaml -.. - annotations: - kubernetes.io/ingress.class: nginx - nginx.ingress.kubernetes.io/configuration-snippet: | - proxy_pass_header Server; - proxy_set_header X-JFrog-Override-Base-Url https://; -``` - -### Ingress additional rules - -You have the option to add additional ingress rules to the Artifactory ingress. An example for this use case can be routing the /xray path to Xray. -In order to do that, simply add the following to a `artifactory-values.yaml` file: -```yaml -ingress: - enabled: true - - defaultBackend: - enabled: false - - annotations: - kubernetes.io/ingress.class: nginx - nginx.ingress.kubernetes.io/configuration-snippet: | - rewrite "(?i)/xray(/|$)(.*)" /$2 break; - - additionalRules: | - - host: - http: - paths: - - path: / - backend: - serviceName: - servicePort: - - path: /xray - backend: - serviceName: - servicePort: - - path: /artifactory - backend: - serviceName: {{ template "artifactory.nginx.fullname" . }} - servicePort: {{ .Values.nginx.externalPortHttp }} -``` - -and running: -```bash -helm upgrade --install xray center/jfrog/artifactory -f artifactory-values.yaml -``` - -### Dedicated Ingress object for replicator service - -You have the option to add additional ingress object to the Replicator service. An example for this use case can be routing the /replicator/ path to Artifactory. -In order to do that, simply add the following to a `artifactory-values.yaml` file: - -```yaml -artifactory: - replicator: - enabled: true - ingress: - name: - hosts: - - myhost.example.com - annotations: - kubernetes.io/ingress.class: nginx - nginx.ingress.kubernetes.io/proxy-buffering: "off" - nginx.ingress.kubernetes.io/configuration-snippet: | - chunked_transfer_encoding on; - tls: - - hosts: - - "myhost.example.com" - secretName: -``` - -### Ingress behind another load balancer -If you are running a load balancer, that is used to offload the TLS, in front of Nginx Ingress Controller, or if you are setting **X-Forwarded-*** headers, you might want to enable **'use-forwarded-headers=true'** option. Otherwise nginx will be filling those headers with the request information it receives from the external load balancer. - -To enable it with `helm install` -```bash -helm upgrade --install nginx-ingress --namespace nginx-ingress center/kubernetes-ingress-nginx/ingress-nginx --set-string controller.config.use-forwarded-headers=true -``` -or `helm upgrade` -```bash -helm upgrade nginx-ingress --set-string controller.config.use-forwarded-headers=true center/kubernetes-ingress-nginx/ingress-nginx -``` -or create a values.yaml file with the following content: -```yaml -controller: - config: - use-forwarded-headers: "true" -``` -Then install nginx-ingress with the values file you created: -```bash -helm upgrade --install nginx-ingress --namespace nginx-ingress center/kubernetes-ingress-nginx/ingress-nginx -f values.yaml -``` -This will start sending your Artifactory logs to the log aggregator of your choice, based on your configuration in the `filebeatYml` - -### Log Analytics - -#### FluentD, Prometheus and Grafana - -To configure Prometheus and Grafana to gather metrics from Artifactory through the use of FluentD, please refer to the log analytics repo: - -https://github.com/jfrog/log-analytics-prometheus - -That repo contains a file `artifactory-values.yaml` that can be used to deploy Prometheus, Service Monitor, and Grafana with this chart. - - -## Useful links -- https://www.jfrog.com/confluence/display/EP/Getting+Started -- https://www.jfrog.com/confluence/display/RTF/Installing+Artifactory -- https://www.jfrog.com/confluence/ diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/ReverseProxyConfiguration.md b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/ReverseProxyConfiguration.md deleted file mode 100644 index 38c4a9eaa..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/ReverseProxyConfiguration.md +++ /dev/null @@ -1,140 +0,0 @@ -# JFrog Artifactory Reverse Proxy Settings using Nginx - -#### Reverse Proxy -* To use Artifactory as docker registry it's mandatory to use Reverse Proxy. -* Artifactory provides a Reverse Proxy Configuration Generator screen in which you can fill in a set of fields to generate -the required configuration snippet which you can then download and install directly in the corresponding directory of your reverse proxy server. -* To learn about configuring NGINX or Apache for reverse proxy refer to documentation provided on [JFrog wiki](https://www.jfrog.com/confluence/display/RTF/Configuring+a+Reverse+Proxy) -* By default Artifactory helm chart uses Nginx for reverse proxy and load balancing. - -**Note**: Nginx image distributed with Artifactory helm chart is custom image managed and maintained by JFrog. - -#### Features of Artifactory Nginx -* Provides default configuration with self signed SSL certificate generated on each helm install/upgrade. -* Persist configuration and SSL certificate in `/var/opt/jfrog/nginx` directory - -#### Changing the default Artifactory nginx conf -Use a values.yaml file for changing the value of nginx.mainConf or nginx.artifactoryConf -These configuration will be mounted to the nginx container using a configmap. -For example: -1. Create a values file `nginx-values.yaml` with the following values: -```yaml -nginx: - artifactoryConf: | - ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; - ssl_certificate {{ .Values.nginx.persistence.mountPath }}/ssl/tls.crt; - ssl_certificate_key {{ .Values.nginx.persistence.mountPath }}/ssl/tls.key; - ssl_session_cache shared:SSL:1m; - ssl_prefer_server_ciphers on; - ## server configuration - server { - listen {{ .Values.nginx.internalPortHttps }} ssl; - listen {{ .Values.nginx.internalPortHttp }} ; - ## Change to you DNS name you use to access Artifactory - server_name ~(?.+)\.{{ include "artifactory.fullname" . }} {{ include "artifactory.fullname" . }}; - - if ($http_x_forwarded_proto = '') { - set $http_x_forwarded_proto $scheme; - } - ## Application specific logs - ## access_log /var/log/nginx/artifactory-access.log timing; - ## error_log /var/log/nginx/artifactory-error.log; - rewrite ^/$ /artifactory/webapp/ redirect; - rewrite ^/artifactory/?(/webapp)?$ /artifactory/webapp/ redirect; - if ( $repo != "" ) { - rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/$repo/$1/$2 break; - } - rewrite ^/(v1|v2)/([^/]+)(.*)$ /artifactory/api/docker/$2/$1/$3; - rewrite ^/(v1|v2)/ /artifactory/api/docker/$1/; - chunked_transfer_encoding on; - client_max_body_size 0; - location /artifactory/ { - proxy_read_timeout 900; - proxy_pass_header Server; - proxy_cookie_path ~*^/.* /; - if ( $request_uri ~ ^/artifactory/(.*)$ ) { - proxy_pass http://{{ include "artifactory.fullname" . }}:{{ .Values.artifactory.externalPort }}/artifactory/$1; - } - proxy_pass http://{{ include "artifactory.fullname" . }}:{{ .Values.artifactory.externalPort }}/artifactory/; - proxy_set_header X-Artifactory-Override-Base-Url $http_x_forwarded_proto://$host:$server_port/artifactory; - proxy_set_header X-Forwarded-Port $server_port; - proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } - } -``` - -2. Install/upgrade artifactory: -```bash -helm upgrade --install artifactory jfrog/artifactory -f nginx-values.yaml -``` - - -#### Steps to use static configuration for reverse proxy in nginx. -1. Get Artifactory service name using this command `kubectl get svc -n $NAMESPACE` - -2. Create `artifactory.conf` file with nginx configuration. More [nginx configuration examples](https://github.com/jfrog/artifactory-docker-examples/tree/master/files/nginx/conf.d) - - Following is example `artifactory.conf` - - **Note**: - * Create file with name `artifactory.conf` as it's fixed in configMap key. - * Replace `artifactory-artifactory` with service name taken from step 1. - - ```bash - ## add ssl entries when https has been set in config - ssl_certificate /var/opt/jfrog/nginx/ssl/tls.crt; - ssl_certificate_key /var/opt/jfrog/nginx/ssl/tls.key; - ssl_session_cache shared:SSL:1m; - ssl_prefer_server_ciphers on; - ## server configuration - server { - listen 443 ssl; - listen 80; - ## Change to you DNS name you use to access Artifactory - server_name ~(?.+)\.artifactory-artifactory artifactory-artifactory; - - if ($http_x_forwarded_proto = '') { - set $http_x_forwarded_proto $scheme; - } - ## Application specific logs - ## access_log /var/log/nginx/artifactory-access.log timing; - ## error_log /var/log/nginx/artifactory-error.log; - rewrite ^/$ /artifactory/webapp/ redirect; - rewrite ^/artifactory/?(/webapp)?$ /artifactory/webapp/ redirect; - if ( $repo != "" ) { - rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/$repo/$1/$2 break; - } - rewrite ^/(v1|v2)/([^/]+)(.*)$ /artifactory/api/docker/$2/$1/$3; - rewrite ^/(v1|v2)/ /artifactory/api/docker/$1/; - chunked_transfer_encoding on; - client_max_body_size 0; - location /artifactory/ { - proxy_read_timeout 900; - proxy_pass_header Server; - proxy_cookie_path ~*^/.* /; - if ( $request_uri ~ ^/artifactory/(.*)$ ) { - proxy_pass http://artifactory-artifactory:8081/artifactory/$1 break; - } - proxy_pass http://artifactory-artifactory:8081/artifactory/; - proxy_set_header X-Artifactory-Override-Base-Url $http_x_forwarded_proto://$host:$server_port/artifactory; - proxy_set_header X-Forwarded-Port $server_port; - proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } - } - ``` - -3. Create configMap of `artifactory.conf` created with step above. - ```bash - kubectl create configmap art-nginx-conf --from-file=artifactory.conf - ``` -4. Deploy Artifactory using helm chart. - You can achieve this by providing the name of configMap created above to `nginx.customArtifactoryConfigMap` in [values.yaml](values.yaml) - - Following is command to set values at runtime: - ```bash - helm install --name artifactory nginx.customArtifactoryConfigMap=art-nginx-conf jfrog/artifactory - ``` \ No newline at end of file diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/UPGRADE_NOTES.md b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/UPGRADE_NOTES.md deleted file mode 100644 index 4ba17d0c9..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/UPGRADE_NOTES.md +++ /dev/null @@ -1,39 +0,0 @@ -# JFrog Artifactory Chart Upgrade Notes -This file describes special upgrade notes needed at specific versions - -## Upgrade from 8.X to 9.X and above (Chart Versions) - -* If this is a new deployment or you already use an external database (`postgresql.enabled=false`), these changes **do not affect you!** -* To upgrade from a version prior to 8.x, you first need to upgrade to latest version of 8.x as described in https://github.com/jfrog/charts/blob/master/stable/artifactory/CHANGELOG.md. -* Note: If you are upgrading from 8.x to 11.x and above chart versions, please delete the existing statefulset of postgresql before upgrading the chart due to breaking changes in postgresql subchart. -```bash -kubectl delete statefulsets -postgresql -``` - -## Upgrade from 7.X to 8.X (Chart Versions) -**DOWNTIME IS REQUIRED FOR AN UPGRADE!** -* If this is a new deployment or you already use an external database (`postgresql.enabled=false`), these changes **do not affect you!** -* PostgreSQL sub chart was upgraded to version `6.5.x`. This version is not backward compatible with the old version (`0.9.5`)! -* Note the following **PostgreSQL** Helm chart changes - * The chart configuration has changed! See [values.yaml](values.yaml) for the new keys used - * **PostgreSQL** is deployed as a StatefulSet - * See [PostgreSQL helm chart](https://hub.helm.sh/charts/stable/postgresql) for all available configurations -* Upgrade - * Due to breaking changes in the **PostgreSQL** Helm chart, a migration of the database is needed from the old to the new database - * The recommended migration process is the [full system export and import](https://www.jfrog.com/confluence/display/RTF/Importing+and+Exporting) - * **NOTE:** To save time, export only metadata and configuration (check `Exclude Content` in the `System Import & Export`) since the Artifactory filestore is persisted - * Upgrade steps: - 1. Block user access to Artifactory (do not shutdown) - 2. Perform `Export System` from the `Admin` -> `Import & Export` -> `System` -> `Export System` - a. Check `Exclude Content` to save export size (as Artifactory filestore will persist across upgrade) - b. Choose to save the export on the persisted Artifactory volume (`/var/opt/jfrog/artifactory/`) - c. Click `Export` (this can take some time) - 3. Run the `helm upgrade` with the new version. Old PostgreSQL will be removed and new one deployed - a. You must pass explicit "ready for upgrade flag" with `--set databaseUpgradeReady=yes`. Failing to provide this will block the upgrade! - 4. Once ready, open Artifactory UI (you might need to re-enter a valid license). Skip all onboarding wizard steps - a. **NOTE:** Don't worry you can't see the old config and files. It will all restore with the system import in the next step - 5. Perform `Import System` from the `Admin` -> `Import & Export` -> `System` -> `Import System` - a. Browse to where the export was saved Artifactory volume (`/var/opt/jfrog/artifactory/`) - b. Click `Import` (this can take some time) - 6. Restore access to Artifactory - * Artifactory should now be ready to get back to normal operation diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/.helmignore b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/.helmignore deleted file mode 100644 index f0c131944..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/Chart.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/Chart.yaml deleted file mode 100644 index 9bed0aa83..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/Chart.yaml +++ /dev/null @@ -1,24 +0,0 @@ -annotations: - category: Database -apiVersion: v1 -appVersion: 11.9.0 -description: Chart for PostgreSQL, an object-relational database management system - (ORDBMS) with an emphasis on extensibility and on standards-compliance. -home: https://www.postgresql.org/ -icon: https://bitnami.com/assets/stacks/postgresql/img/postgresql-stack-110x117.png -keywords: -- postgresql -- postgres -- database -- sql -- replication -- cluster -maintainers: -- email: containers@bitnami.com - name: Bitnami -- email: cedric@desaintmartin.fr - name: desaintmartin -name: postgresql -sources: -- https://github.com/bitnami/bitnami-docker-postgresql -version: 9.3.4 diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/README.md b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/README.md deleted file mode 100644 index 319291bc6..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/README.md +++ /dev/null @@ -1,680 +0,0 @@ -# PostgreSQL - -[PostgreSQL](https://www.postgresql.org/) is an object-relational database management system (ORDBMS) with an emphasis on extensibility and on standards-compliance. - -For HA, please see [this repo](https://github.com/bitnami/charts/tree/master/bitnami/postgresql-ha) - -## TL;DR - -```console -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release bitnami/postgresql -``` - -## Introduction - -This chart bootstraps a [PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/). - -## Prerequisites - -- Kubernetes 1.12+ -- Helm 2.12+ or Helm 3.0-beta3+ -- PV provisioner support in the underlying infrastructure - -## Installing the Chart -To install the chart with the release name `my-release`: - -```console -$ helm install my-release bitnami/postgresql -``` - -The command deploys PostgreSQL on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `my-release` deployment: - -```console -$ helm delete my-release -``` - -The command removes all the Kubernetes components but PVC's associated with the chart and deletes the release. - -To delete the PVC's associated with `my-release`: - -```console -$ kubectl delete pvc -l release=my-release -``` - -> **Note**: Deleting the PVC's will delete postgresql data as well. Please be cautious before doing it. - -## Parameters - -The following tables lists the configurable parameters of the PostgreSQL chart and their default values. - -| Parameter | Description | Default | -|-----------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------| -| `global.imageRegistry` | Global Docker Image registry | `nil` | -| `global.postgresql.postgresqlDatabase` | PostgreSQL database (overrides `postgresqlDatabase`) | `nil` | -| `global.postgresql.postgresqlUsername` | PostgreSQL username (overrides `postgresqlUsername`) | `nil` | -| `global.postgresql.existingSecret` | Name of existing secret to use for PostgreSQL passwords (overrides `existingSecret`) | `nil` | -| `global.postgresql.postgresqlPassword` | PostgreSQL admin password (overrides `postgresqlPassword`) | `nil` | -| `global.postgresql.servicePort` | PostgreSQL port (overrides `service.port`) | `nil` | -| `global.postgresql.replicationPassword` | Replication user password (overrides `replication.password`) | `nil` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | -| `global.storageClass` | Global storage class for dynamic provisioning | `nil` | -| `image.registry` | PostgreSQL Image registry | `docker.io` | -| `image.repository` | PostgreSQL Image name | `bitnami/postgresql` | -| `image.tag` | PostgreSQL Image tag | `{TAG_NAME}` | -| `image.pullPolicy` | PostgreSQL Image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Specify Image pull secrets | `nil` (does not add image pull secrets to deployed pods) | -| `image.debug` | Specify if debug values should be set | `false` | -| `nameOverride` | String to partially override postgresql.fullname template with a string (will prepend the release name) | `nil` | -| `fullnameOverride` | String to fully override postgresql.fullname template with a string | `nil` | -| `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work) | `false` | -| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | -| `volumePermissions.image.repository` | Init container volume-permissions image name | `bitnami/minideb` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag | `buster` | -| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `Always` | -| `volumePermissions.securityContext.runAsUser` | User ID for the init container (when facing issues in OpenShift or uid unknown, try value "auto") | `0` | -| `usePasswordFile` | Have the secrets mounted as a file instead of env vars | `false` | -| `ldap.enabled` | Enable LDAP support | `false` | -| `ldap.existingSecret` | Name of existing secret to use for LDAP passwords | `nil` | -| `ldap.url` | LDAP URL beginning in the form `ldap[s]://host[:port]/basedn[?[attribute][?[scope][?[filter]]]]` | `nil` | -| `ldap.server` | IP address or name of the LDAP server. | `nil` | -| `ldap.port` | Port number on the LDAP server to connect to | `nil` | -| `ldap.scheme` | Set to `ldaps` to use LDAPS. | `nil` | -| `ldap.tls` | Set to `1` to use TLS encryption | `nil` | -| `ldap.prefix` | String to prepend to the user name when forming the DN to bind | `nil` | -| `ldap.suffix` | String to append to the user name when forming the DN to bind | `nil` | -| `ldap.search_attr` | Attribute to match agains the user name in the search | `nil` | -| `ldap.search_filter` | The search filter to use when doing search+bind authentication | `nil` | -| `ldap.baseDN` | Root DN to begin the search for the user in | `nil` | -| `ldap.bindDN` | DN of user to bind to LDAP | `nil` | -| `ldap.bind_password` | Password for the user to bind to LDAP | `nil` | -| `replication.enabled` | Enable replication | `false` | -| `replication.user` | Replication user | `repl_user` | -| `replication.password` | Replication user password | `repl_password` | -| `replication.slaveReplicas` | Number of slaves replicas | `1` | -| `replication.synchronousCommit` | Set synchronous commit mode. Allowed values: `on`, `remote_apply`, `remote_write`, `local` and `off` | `off` | -| `replication.numSynchronousReplicas` | Number of replicas that will have synchronous replication. Note: Cannot be greater than `replication.slaveReplicas`. | `0` | -| `replication.applicationName` | Cluster application name. Useful for advanced replication settings | `my_application` | -| `existingSecret` | Name of existing secret to use for PostgreSQL passwords. The secret has to contain the keys `postgresql-postgres-password` which is the password for `postgresqlUsername` when it is different of `postgres`, `postgresql-password` which will override `postgresqlPassword`, `postgresql-replication-password` which will override `replication.password` and `postgresql-ldap-password` which will be sed to authenticate on LDAP. The value is evaluated as a template. | `nil` | -| `postgresqlPostgresPassword` | PostgreSQL admin password (used when `postgresqlUsername` is not `postgres`, in which case`postgres` is the admin username). | _random 10 character alphanumeric string_ | -| `postgresqlUsername` | PostgreSQL user (creates a non-admin user when `postgresqlUsername` is not `postgres`) | `postgres` | -| `postgresqlPassword` | PostgreSQL user password | _random 10 character alphanumeric string_ | -| `postgresqlDatabase` | PostgreSQL database | `nil` | -| `postgresqlDataDir` | PostgreSQL data dir folder | `/bitnami/postgresql` (same value as persistence.mountPath) | -| `extraEnv` | Any extra environment variables you would like to pass on to the pod. The value is evaluated as a template. | `[]` | -| `extraEnvVarsCM` | Name of a Config Map containing extra environment variables you would like to pass on to the pod. The value is evaluated as a template. | `nil` | -| `postgresqlInitdbArgs` | PostgreSQL initdb extra arguments | `nil` | -| `postgresqlInitdbWalDir` | PostgreSQL location for transaction log | `nil` | -| `postgresqlConfiguration` | Runtime Config Parameters | `nil` | -| `postgresqlExtendedConf` | Extended Runtime Config Parameters (appended to main or default configuration) | `nil` | -| `pgHbaConfiguration` | Content of pg_hba.conf | `nil (do not create pg_hba.conf)` | -| `configurationConfigMap` | ConfigMap with the PostgreSQL configuration files (Note: Overrides `postgresqlConfiguration` and `pgHbaConfiguration`). The value is evaluated as a template. | `nil` | -| `extendedConfConfigMap` | ConfigMap with the extended PostgreSQL configuration files. The value is evaluated as a template. | `nil` | -| `initdbScripts` | Dictionary of initdb scripts | `nil` | -| `initdbUser` | PostgreSQL user to execute the .sql and sql.gz scripts | `nil` | -| `initdbPassword` | Password for the user specified in `initdbUser` | `nil` | -| `initdbScriptsConfigMap` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`). The value is evaluated as a template. | `nil` | -| `initdbScriptsSecret` | Secret with initdb scripts that contain sensitive information (Note: can be used with `initdbScriptsConfigMap` or `initdbScripts`). The value is evaluated as a template. | `nil` | -| `service.type` | Kubernetes Service type | `ClusterIP` | -| `service.port` | PostgreSQL port | `5432` | -| `service.nodePort` | Kubernetes Service nodePort | `nil` | -| `service.annotations` | Annotations for PostgreSQL service | `{}` (evaluated as a template) | -| `service.loadBalancerIP` | loadBalancerIP if service type is `LoadBalancer` | `nil` | -| `service.loadBalancerSourceRanges` | Address that are allowed when svc is LoadBalancer | `[]` (evaluated as a template) | -| `schedulerName` | Name of the k8s scheduler (other than default) | `nil` | -| `shmVolume.enabled` | Enable emptyDir volume for /dev/shm for master and slave(s) Pod(s) | `true` | -| `shmVolume.chmod.enabled` | Run at init chmod 777 of the /dev/shm (ignored if `volumePermissions.enabled` is `false`) | `true` | -| `persistence.enabled` | Enable persistence using PVC | `true` | -| `persistence.existingClaim` | Provide an existing `PersistentVolumeClaim`, the value is evaluated as a template. | `nil` | -| `persistence.mountPath` | Path to mount the volume at | `/bitnami/postgresql` | -| `persistence.subPath` | Subdirectory of the volume to mount at | `""` | -| `persistence.storageClass` | PVC Storage Class for PostgreSQL volume | `nil` | -| `persistence.accessModes` | PVC Access Mode for PostgreSQL volume | `[ReadWriteOnce]` | -| `persistence.size` | PVC Storage Request for PostgreSQL volume | `8Gi` | -| `persistence.annotations` | Annotations for the PVC | `{}` | -| `commonAnnotations` | Annotations to be added to all deployed resources (rendered as a template) | `{}` | -| `master.nodeSelector` | Node labels for pod assignment (postgresql master) | `{}` | -| `master.affinity` | Affinity labels for pod assignment (postgresql master) | `{}` | -| `master.tolerations` | Toleration labels for pod assignment (postgresql master) | `[]` | -| `master.anotations` | Map of annotations to add to the statefulset (postgresql master) | `{}` | -| `master.labels` | Map of labels to add to the statefulset (postgresql master) | `{}` | -| `master.podAnnotations` | Map of annotations to add to the pods (postgresql master) | `{}` | -| `master.podLabels` | Map of labels to add to the pods (postgresql master) | `{}` | -| `master.priorityClassName` | Priority Class to use for each pod (postgresql master) | `nil` | -| `master.extraInitContainers` | Additional init containers to add to the pods (postgresql master) | `[]` | -| `master.extraVolumeMounts` | Additional volume mounts to add to the pods (postgresql master) | `[]` | -| `master.extraVolumes` | Additional volumes to add to the pods (postgresql master) | `[]` | -| `master.sidecars` | Add additional containers to the pod | `[]` | -| `master.service.type` | Allows using a different service type for Master | `nil` | -| `master.service.nodePort` | Allows using a different nodePort for Master | `nil` | -| `master.service.clusterIP` | Allows using a different clusterIP for Master | `nil` | -| `slave.nodeSelector` | Node labels for pod assignment (postgresql slave) | `{}` | -| `slave.affinity` | Affinity labels for pod assignment (postgresql slave) | `{}` | -| `slave.tolerations` | Toleration labels for pod assignment (postgresql slave) | `[]` | -| `slave.anotations` | Map of annotations to add to the statefulsets (postgresql slave) | `{}` | -| `slave.labels` | Map of labels to add to the statefulsets (postgresql slave) | `{}` | -| `slave.podAnnotations` | Map of annotations to add to the pods (postgresql slave) | `{}` | -| `slave.podLabels` | Map of labels to add to the pods (postgresql slave) | `{}` | -| `slave.priorityClassName` | Priority Class to use for each pod (postgresql slave) | `nil` | -| `slave.extraInitContainers` | Additional init containers to add to the pods (postgresql slave) | `[]` | -| `slave.extraVolumeMounts` | Additional volume mounts to add to the pods (postgresql slave) | `[]` | -| `slave.extraVolumes` | Additional volumes to add to the pods (postgresql slave) | `[]` | -| `slave.sidecars` | Add additional containers to the pod | `[]` | -| `slave.service.type` | Allows using a different service type for Slave | `nil` | -| `slave.service.nodePort` | Allows using a different nodePort for Slave | `nil` | -| `slave.service.clusterIP` | Allows using a different clusterIP for Slave | `nil` | -| `slave.persistence.enabled` | Whether to enable slave replicas persistence | `true` | -| `terminationGracePeriodSeconds` | Seconds the pod needs to terminate gracefully | `nil` | -| `resources` | CPU/Memory resource requests/limits | Memory: `256Mi`, CPU: `250m` | -| `securityContext.enabled` | Enable security context | `true` | -| `securityContext.fsGroup` | Group ID for the container | `1001` | -| `securityContext.runAsUser` | User ID for the container | `1001` | -| `serviceAccount.enabled` | Enable service account (Note: Service Account will only be automatically created if `serviceAccount.name` is not set) | `false` | -| `serviceAccount.name` | Name of existing service account | `nil` | -| `livenessProbe.enabled` | Would you like a livenessProbe to be enabled | `true` | -| `networkPolicy.enabled` | Enable NetworkPolicy | `false` | -| `networkPolicy.allowExternal` | Don't require client label for connections | `true` | -| `networkPolicy.explicitNamespacesSelector` | A Kubernetes LabelSelector to explicitly select namespaces from which ingress traffic could be allowed | `{}` | -| `livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 30 | -| `livenessProbe.periodSeconds` | How often to perform the probe | 10 | -| `livenessProbe.timeoutSeconds` | When the probe times out | 5 | -| `livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | -| `livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | -| `readinessProbe.enabled` | would you like a readinessProbe to be enabled | `true` | -| `readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | 5 | -| `readinessProbe.periodSeconds` | How often to perform the probe | 10 | -| `readinessProbe.timeoutSeconds` | When the probe times out | 5 | -| `readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | -| `readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | -| `tls.enabled` | Enable TLS traffic support | `false` | -| `tls.preferServerCiphers` | Whether to use the server's TLS cipher preferences rather than the client's | `true` | -| `tls.certificatesSecret` | Name of an existing secret that contains the certificates | `nil` | -| `tls.certFilename` | Certificate filename | `""` | -| `tls.certKeyFilename` | Certificate key filename | `""` | -| `tls.certCAFilename` | CA Certificate filename. If provided, PostgreSQL will authenticate TLS/SSL clients by requesting them a certificate. |`nil` | -| `tls.crlFilename` | File containing a Certificate Revocation List |`nil` | -| `metrics.enabled` | Start a prometheus exporter | `false` | -| `metrics.service.type` | Kubernetes Service type | `ClusterIP` | -| `service.clusterIP` | Static clusterIP or None for headless services | `nil` | -| `metrics.service.annotations` | Additional annotations for metrics exporter pod | `{ prometheus.io/scrape: "true", prometheus.io/port: "9187"}` | -| `metrics.service.loadBalancerIP` | loadBalancerIP if redis metrics service type is `LoadBalancer` | `nil` | -| `metrics.serviceMonitor.enabled` | Set this to `true` to create ServiceMonitor for Prometheus operator | `false` | -| `metrics.serviceMonitor.additionalLabels` | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus | `{}` | -| `metrics.serviceMonitor.namespace` | Optional namespace in which to create ServiceMonitor | `nil` | -| `metrics.serviceMonitor.interval` | Scrape interval. If not set, the Prometheus default scrape interval is used | `nil` | -| `metrics.serviceMonitor.scrapeTimeout` | Scrape timeout. If not set, the Prometheus default scrape timeout is used | `nil` | -| `metrics.prometheusRule.enabled` | Set this to true to create prometheusRules for Prometheus operator | `false` | -| `metrics.prometheusRule.additionalLabels` | Additional labels that can be used so prometheusRules will be discovered by Prometheus | `{}` | -| `metrics.prometheusRule.namespace` | namespace where prometheusRules resource should be created | the same namespace as postgresql | -| `metrics.prometheusRule.rules` | [rules](https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/) to be created, check values for an example. | `[]` | -| `metrics.image.registry` | PostgreSQL Exporter Image registry | `docker.io` | -| `metrics.image.repository` | PostgreSQL Exporter Image name | `bitnami/postgres-exporter` | -| `metrics.image.tag` | PostgreSQL Exporter Image tag | `{TAG_NAME}` | -| `metrics.image.pullPolicy` | PostgreSQL Exporter Image pull policy | `IfNotPresent` | -| `metrics.image.pullSecrets` | Specify Image pull secrets | `nil` (does not add image pull secrets to deployed pods) | -| `metrics.customMetrics` | Additional custom metrics | `nil` | -| `metrics.extraEnvVars` | Extra environment variables to add to exporter | `{}` (evaluated as a template) | -| `metrics.securityContext.enabled` | Enable security context for metrics | `false` | -| `metrics.securityContext.runAsUser` | User ID for the container for metrics | `1001` | -| `metrics.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 30 | -| `metrics.livenessProbe.periodSeconds` | How often to perform the probe | 10 | -| `metrics.livenessProbe.timeoutSeconds` | When the probe times out | 5 | -| `metrics.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | -| `metrics.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | -| `metrics.readinessProbe.enabled` | would you like a readinessProbe to be enabled | `true` | -| `metrics.readinessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 5 | -| `metrics.readinessProbe.periodSeconds` | How often to perform the probe | 10 | -| `metrics.readinessProbe.timeoutSeconds` | When the probe times out | 5 | -| `metrics.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | -| `metrics.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | -| `updateStrategy` | Update strategy policy | `{type: "RollingUpdate"}` | -| `psp.create` | Create Pod Security Policy | `false` | -| `rbac.create` | Create Role and RoleBinding (required for PSP to work) | `false` | - - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```console -$ helm install my-release \ - --set postgresqlPassword=secretpassword,postgresqlDatabase=my-database \ - bitnami/postgresql -``` - -The above command sets the PostgreSQL `postgres` account password to `secretpassword`. Additionally it creates a database named `my-database`. - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```console -$ helm install my-release -f values.yaml bitnami/postgresql -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -## Configuration and installation details - -### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) - -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. - -Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. - -### Production configuration and horizontal scaling - -This chart includes a `values-production.yaml` file where you can find some parameters oriented to production configuration in comparison to the regular `values.yaml`. You can use this file instead of the default one. - -- Enable replication: -```diff -- replication.enabled: false -+ replication.enabled: true -``` - -- Number of slaves replicas: -```diff -- replication.slaveReplicas: 1 -+ replication.slaveReplicas: 2 -``` - -- Set synchronous commit mode: -```diff -- replication.synchronousCommit: "off" -+ replication.synchronousCommit: "on" -``` - -- Number of replicas that will have synchronous replication: -```diff -- replication.numSynchronousReplicas: 0 -+ replication.numSynchronousReplicas: 1 -``` - -- Start a prometheus exporter: -```diff -- metrics.enabled: false -+ metrics.enabled: true -``` - -To horizontally scale this chart, you can use the `--replicas` flag to modify the number of nodes in your PostgreSQL deployment. Also you can use the `values-production.yaml` file or modify the parameters shown above. - -### Customizing Master and Slave services in a replicated configuration - -At the top level, there is a service object which defines the services for both master and slave. For deeper customization, there are service objects for both the master and slave types individually. This allows you to override the values in the top level service object so that the master and slave can be of different service types and with different clusterIPs / nodePorts. Also in the case you want the master and slave to be of type nodePort, you will need to set the nodePorts to different values to prevent a collision. The values that are deeper in the master.service or slave.service objects will take precedence over the top level service object. - -### Change PostgreSQL version - -To modify the PostgreSQL version used in this chart you can specify a [valid image tag](https://hub.docker.com/r/bitnami/postgresql/tags/) using the `image.tag` parameter. For example, `image.tag=X.Y.Z`. This approach is also applicable to other images like exporters. - -### postgresql.conf / pg_hba.conf files as configMap - -This helm chart also supports to customize the whole configuration file. - -Add your custom file to "files/postgresql.conf" in your working directory. This file will be mounted as configMap to the containers and it will be used for configuring the PostgreSQL server. - -Alternatively, you can specify PostgreSQL configuration parameters using the `postgresqlConfiguration` parameter as a dict, using camelCase, e.g. {"sharedBuffers": "500MB"}. - -In addition to these options, you can also set an external ConfigMap with all the configuration files. This is done by setting the `configurationConfigMap` parameter. Note that this will override the two previous options. - -### Allow settings to be loaded from files other than the default `postgresql.conf` - -If you don't want to provide the whole PostgreSQL configuration file and only specify certain parameters, you can add your extended `.conf` files to "files/conf.d/" in your working directory. -Those files will be mounted as configMap to the containers adding/overwriting the default configuration using the `include_dir` directive that allows settings to be loaded from files other than the default `postgresql.conf`. - -Alternatively, you can also set an external ConfigMap with all the extra configuration files. This is done by setting the `extendedConfConfigMap` parameter. Note that this will override the previous option. - -### Initialize a fresh instance - -The [Bitnami PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) image allows you to use your custom scripts to initialize a fresh instance. In order to execute the scripts, they must be located inside the chart folder `files/docker-entrypoint-initdb.d` so they can be consumed as a ConfigMap. - -Alternatively, you can specify custom scripts using the `initdbScripts` parameter as dict. - -In addition to these options, you can also set an external ConfigMap with all the initialization scripts. This is done by setting the `initdbScriptsConfigMap` parameter. Note that this will override the two previous options. If your initialization scripts contain sensitive information such as credentials or passwords, you can use the `initdbScriptsSecret` parameter. - -The allowed extensions are `.sh`, `.sql` and `.sql.gz`. - -### Securing traffic using TLS - -TLS support can be enabled in the chart by specifying the `tls.` parameters while creating a release. The following parameters should be configured to properly enable the TLS support in the chart: - -- `tls.enabled`: Enable TLS support. Defaults to `false` -- `tls.certificatesSecret`: Name of an existing secret that contains the certificates. No defaults. -- `tls.certFilename`: Certificate filename. No defaults. -- `tls.certKeyFilename`: Certificate key filename. No defaults. - -For example: - -* First, create the secret with the cetificates files: - - ```console - kubectl create secret generic certificates-tls-secret --from-file=./cert.crt --from-file=./cert.key --from-file=./ca.crt - ``` - -* Then, use the following parameters: - - ```console - volumePermissions.enabled=true - tls.enabled=true - tls.certificatesSecret="certificates-tls-secret" - tls.certFilename="cert.crt" - tls.certKeyFilename="cert.key" - ``` - - > Note TLS and VolumePermissions: PostgreSQL requires certain permissions on sensitive files (such as certificate keys) to start up. Due to an on-going [issue](https://github.com/kubernetes/kubernetes/issues/57923) regarding kubernetes permissions and the use of `securityContext.runAsUser`, you must enable `volumePermissions` to ensure everything works as expected. - -### Sidecars - -If you need additional containers to run within the same pod as PostgreSQL (e.g. an additional metrics or logging exporter), you can do so via the `sidecars` config parameter. Simply define your container according to the Kubernetes container spec. - -```yaml -# For the PostgreSQL master -master: - sidecars: - - name: your-image-name - image: your-image - imagePullPolicy: Always - ports: - - name: portname - containerPort: 1234 -# For the PostgreSQL replicas -slave: - sidecars: - - name: your-image-name - image: your-image - imagePullPolicy: Always - ports: - - name: portname - containerPort: 1234 -``` - -### Metrics - -The chart optionally can start a metrics exporter for [prometheus](https://prometheus.io). The metrics endpoint (port 9187) is not exposed and it is expected that the metrics are collected from inside the k8s cluster using something similar as the described in the [example Prometheus scrape configuration](https://github.com/prometheus/prometheus/blob/master/documentation/examples/prometheus-kubernetes.yml). - -The exporter allows to create custom metrics from additional SQL queries. See the Chart's `values.yaml` for an example and consult the [exporters documentation](https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file) for more details. - -### Use of global variables - -In more complex scenarios, we may have the following tree of dependencies - -``` - +--------------+ - | | - +------------+ Chart 1 +-----------+ - | | | | - | --------+------+ | - | | | - | | | - | | | - | | | - v v v -+-------+------+ +--------+------+ +--------+------+ -| | | | | | -| PostgreSQL | | Sub-chart 1 | | Sub-chart 2 | -| | | | | | -+--------------+ +---------------+ +---------------+ -``` - -The three charts below depend on the parent chart Chart 1. However, subcharts 1 and 2 may need to connect to PostgreSQL as well. In order to do so, subcharts 1 and 2 need to know the PostgreSQL credentials, so one option for deploying could be deploy Chart 1 with the following parameters: - -``` -postgresql.postgresqlPassword=testtest -subchart1.postgresql.postgresqlPassword=testtest -subchart2.postgresql.postgresqlPassword=testtest -postgresql.postgresqlDatabase=db1 -subchart1.postgresql.postgresqlDatabase=db1 -subchart2.postgresql.postgresqlDatabase=db1 -``` - -If the number of dependent sub-charts increases, installing the chart with parameters can become increasingly difficult. An alternative would be to set the credentials using global variables as follows: - -``` -global.postgresql.postgresqlPassword=testtest -global.postgresql.postgresqlDatabase=db1 -``` - -This way, the credentials will be available in all of the subcharts. - -## Persistence - -The [Bitnami PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) image stores the PostgreSQL data and configurations at the `/bitnami/postgresql` path of the container. - -Persistent Volume Claims are used to keep the data across deployments. This is known to work in GCE, AWS, and minikube. -See the [Parameters](#parameters) section to configure the PVC or to disable persistence. - -If you already have data in it, you will fail to sync to standby nodes for all commits, details can refer to [code](https://github.com/bitnami/bitnami-docker-postgresql/blob/8725fe1d7d30ebe8d9a16e9175d05f7ad9260c93/9.6/debian-9/rootfs/libpostgresql.sh#L518-L556). If you need to use those data, please covert them to sql and import after `helm install` finished. - -## NetworkPolicy - -To enable network policy for PostgreSQL, install [a networking plugin that implements the Kubernetes NetworkPolicy spec](https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy#before-you-begin), and set `networkPolicy.enabled` to `true`. - -For Kubernetes v1.5 & v1.6, you must also turn on NetworkPolicy by setting the DefaultDeny namespace annotation. Note: this will enforce policy for _all_ pods in the namespace: - -```console -$ kubectl annotate namespace default "net.beta.kubernetes.io/network-policy={\"ingress\":{\"isolation\":\"DefaultDeny\"}}" -``` - -With NetworkPolicy enabled, traffic will be limited to just port 5432. - -For more precise policy, set `networkPolicy.allowExternal=false`. This will only allow pods with the generated client label to connect to PostgreSQL. -This label will be displayed in the output of a successful install. - -## Differences between Bitnami PostgreSQL image and [Docker Official](https://hub.docker.com/_/postgres) image - -- The Docker Official PostgreSQL image does not support replication. If you pass any replication environment variable, this would be ignored. The only environment variables supported by the Docker Official image are POSTGRES_USER, POSTGRES_DB, POSTGRES_PASSWORD, POSTGRES_INITDB_ARGS, POSTGRES_INITDB_WALDIR and PGDATA. All the remaining environment variables are specific to the Bitnami PostgreSQL image. -- The Bitnami PostgreSQL image is non-root by default. This requires that you run the pod with `securityContext` and updates the permissions of the volume with an `initContainer`. A key benefit of this configuration is that the pod follows security best practices and is prepared to run on Kubernetes distributions with hard security constraints like OpenShift. -- For OpenShift, one may either define the runAsUser and fsGroup accordingly, or try this more dynamic option: volumePermissions.securityContext.runAsUser="auto",securityContext.enabled=false,shmVolume.chmod.enabled=false - -### Deploy chart using Docker Official PostgreSQL Image - -From chart version 4.0.0, it is possible to use this chart with the Docker Official PostgreSQL image. -Besides specifying the new Docker repository and tag, it is important to modify the PostgreSQL data directory and volume mount point. Basically, the PostgreSQL data dir cannot be the mount point directly, it has to be a subdirectory. - -``` -image.repository=postgres -image.tag=10.6 -postgresqlDataDir=/data/pgdata -persistence.mountPath=/data/ -``` - -## Upgrade - -It's necessary to specify the existing passwords while performing an upgrade to ensure the secrets are not updated with invalid randomly generated passwords. Remember to specify the existing values of the `postgresqlPassword` and `replication.password` parameters when upgrading the chart: - -```bash -$ helm upgrade my-release stable/postgresql \ - --set postgresqlPassword=[POSTGRESQL_PASSWORD] \ - --set replication.password=[REPLICATION_PASSWORD] -``` - -> Note: you need to substitute the placeholders _[POSTGRESQL_PASSWORD]_, and _[REPLICATION_PASSWORD]_ with the values obtained from instructions in the installation notes. - -## 9.0.0 - -In this version the chart was adapted to follow the Helm label best practices, see [PR 3021](https://github.com/bitnami/charts/pull/3021). That means the backward compatibility is not guarantee when upgrading the chart to this major version. - -As a workaround, you can delete the existing statefulset (using the `--cascade=false` flag pods are not deleted) before upgrade the chart. For example, this can be a valid workflow: - -- Deploy an old version (8.X.X) -```console -$ helm install postgresql bitnami/postgresql --version 8.10.14 -``` - -- Old version is up and running -```console -$ helm ls -NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION -postgresql default 1 2020-08-04 13:39:54.783480286 +0000 UTC deployed postgresql-8.10.14 11.8.0 - -$ kubectl get pods -NAME READY STATUS RESTARTS AGE -postgresql-postgresql-0 1/1 Running 0 76s -``` - -- The upgrade to the latest one (9.X.X) is going to fail -```console -$ helm upgrade postgresql bitnami/postgresql -Error: UPGRADE FAILED: cannot patch "postgresql-postgresql" with kind StatefulSet: StatefulSet.apps "postgresql-postgresql" is invalid: spec: Forbidden: updates to statefulset spec for fields other than 'replicas', 'template', and 'updateStrategy' are forbidden -``` - -- Delete the statefulset -```console -$ kubectl delete statefulsets.apps --cascade=false postgresql-postgresql -statefulset.apps "postgresql-postgresql" deleted -``` - -- Now the upgrade works -```cosnole -$ helm upgrade postgresql bitnami/postgresql -$ helm ls -NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION -postgresql default 3 2020-08-04 13:42:08.020385884 +0000 UTC deployed postgresql-9.1.2 11.8.0 -``` - -- We can kill the existing pod and the new statefulset is going to create a new one: -```console -$ kubectl delete pod postgresql-postgresql-0 -pod "postgresql-postgresql-0" deleted - -$ kubectl get pods -NAME READY STATUS RESTARTS AGE -postgresql-postgresql-0 1/1 Running 0 19s -``` - -Please, note that without the `--cascade=false` both objects (statefulset and pod) are going to be removed and both objects will be deployed again with the `helm upgrade` command - -## 8.0.0 - -Prefixes the port names with their protocols to comply with Istio conventions. - -If you depend on the port names in your setup, make sure to update them to reflect this change. - -## 7.1.0 - -Adds support for LDAP configuration. - -## 7.0.0 - -Helm performs a lookup for the object based on its group (apps), version (v1), and kind (Deployment). Also known as its GroupVersionKind, or GVK. Changing the GVK is considered a compatibility breaker from Kubernetes' point of view, so you cannot "upgrade" those objects to the new GVK in-place. Earlier versions of Helm 3 did not perform the lookup correctly which has since been fixed to match the spec. - -In https://github.com/helm/charts/pull/17281 the `apiVersion` of the statefulset resources was updated to `apps/v1` in tune with the api's deprecated, resulting in compatibility breakage. - -This major version bump signifies this change. - -## 6.5.7 - -In this version, the chart will use PostgreSQL with the Postgis extension included. The version used with Postgresql version 10, 11 and 12 is Postgis 2.5. It has been compiled with the following dependencies: - -- protobuf -- protobuf-c -- json-c -- geos -- proj - -## 5.0.0 - -In this version, the **chart is using PostgreSQL 11 instead of PostgreSQL 10**. You can find the main difference and notable changes in the following links: [https://www.postgresql.org/about/news/1894/](https://www.postgresql.org/about/news/1894/) and [https://www.postgresql.org/about/featurematrix/](https://www.postgresql.org/about/featurematrix/). - -For major releases of PostgreSQL, the internal data storage format is subject to change, thus complicating upgrades, you can see some errors like the following one in the logs: - -```console -Welcome to the Bitnami postgresql container -Subscribe to project updates by watching https://github.com/bitnami/bitnami-docker-postgresql -Submit issues and feature requests at https://github.com/bitnami/bitnami-docker-postgresql/issues -Send us your feedback at containers@bitnami.com - -INFO ==> ** Starting PostgreSQL setup ** -NFO ==> Validating settings in POSTGRESQL_* env vars.. -INFO ==> Initializing PostgreSQL database... -INFO ==> postgresql.conf file not detected. Generating it... -INFO ==> pg_hba.conf file not detected. Generating it... -INFO ==> Deploying PostgreSQL with persisted data... -INFO ==> Configuring replication parameters -INFO ==> Loading custom scripts... -INFO ==> Enabling remote connections -INFO ==> Stopping PostgreSQL... -INFO ==> ** PostgreSQL setup finished! ** - -INFO ==> ** Starting PostgreSQL ** - [1] FATAL: database files are incompatible with server - [1] DETAIL: The data directory was initialized by PostgreSQL version 10, which is not compatible with this version 11.3. -``` - -In this case, you should migrate the data from the old chart to the new one following an approach similar to that described in [this section](https://www.postgresql.org/docs/current/upgrading.html#UPGRADING-VIA-PGDUMPALL) from the official documentation. Basically, create a database dump in the old chart, move and restore it in the new one. - -### 4.0.0 - -This chart will use by default the Bitnami PostgreSQL container starting from version `10.7.0-r68`. This version moves the initialization logic from node.js to bash. This new version of the chart requires setting the `POSTGRES_PASSWORD` in the slaves as well, in order to properly configure the `pg_hba.conf` file. Users from previous versions of the chart are advised to upgrade immediately. - -IMPORTANT: If you do not want to upgrade the chart version then make sure you use the `10.7.0-r68` version of the container. Otherwise, you will get this error - -``` -The POSTGRESQL_PASSWORD environment variable is empty or not set. Set the environment variable ALLOW_EMPTY_PASSWORD=yes to allow the container to be started with blank passwords. This is recommended only for development -``` - -### 3.0.0 - -This releases make it possible to specify different nodeSelector, affinity and tolerations for master and slave pods. -It also fixes an issue with `postgresql.master.fullname` helper template not obeying fullnameOverride. - -#### Breaking changes - -- `affinty` has been renamed to `master.affinity` and `slave.affinity`. -- `tolerations` has been renamed to `master.tolerations` and `slave.tolerations`. -- `nodeSelector` has been renamed to `master.nodeSelector` and `slave.nodeSelector`. - -### 2.0.0 - -In order to upgrade from the `0.X.X` branch to `1.X.X`, you should follow the below steps: - - - Obtain the service name (`SERVICE_NAME`) and password (`OLD_PASSWORD`) of the existing postgresql chart. You can find the instructions to obtain the password in the NOTES.txt, the service name can be obtained by running - -```console -$ kubectl get svc -``` - -- Install (not upgrade) the new version - -```console -$ helm repo update -$ helm install my-release bitnami/postgresql -``` - -- Connect to the new pod (you can obtain the name by running `kubectl get pods`): - -```console -$ kubectl exec -it NAME bash -``` - -- Once logged in, create a dump file from the previous database using `pg_dump`, for that we should connect to the previous postgresql chart: - -```console -$ pg_dump -h SERVICE_NAME -U postgres DATABASE_NAME > /tmp/backup.sql -``` - -After run above command you should be prompted for a password, this password is the previous chart password (`OLD_PASSWORD`). -This operation could take some time depending on the database size. - -- Once you have the backup file, you can restore it with a command like the one below: - -```console -$ psql -U postgres DATABASE_NAME < /tmp/backup.sql -``` - -In this case, you are accessing to the local postgresql, so the password should be the new one (you can find it in NOTES.txt). - -If you want to restore the database and the database schema does not exist, it is necessary to first follow the steps described below. - -```console -$ psql -U postgres -postgres=# drop database DATABASE_NAME; -postgres=# create database DATABASE_NAME; -postgres=# create user USER_NAME; -postgres=# alter role USER_NAME with password 'BITNAMI_USER_PASSWORD'; -postgres=# grant all privileges on database DATABASE_NAME to USER_NAME; -postgres=# alter database DATABASE_NAME owner to USER_NAME; -``` diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/charts/common/.helmignore b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/charts/common/.helmignore deleted file mode 100644 index 50af03172..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/charts/common/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/charts/common/Chart.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/charts/common/Chart.yaml deleted file mode 100644 index 0044c2232..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/charts/common/Chart.yaml +++ /dev/null @@ -1,21 +0,0 @@ -annotations: - category: Infrastructure -apiVersion: v1 -appVersion: 0.6.2 -description: A Library Helm Chart for grouping common logic between bitnami charts. - This chart is not deployable by itself. -home: http://www.bitnami.com/ -icon: https://bitnami.com/downloads/logos/bitnami-mark.png -keywords: -- common -- helper -- template -- function -- bitnami -maintainers: -- email: containers@bitnami.com - name: Bitnami -name: common -sources: -- https://github.com/bitnami/charts -version: 0.6.2 diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/charts/common/README.md b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/charts/common/README.md deleted file mode 100644 index e04391a3f..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/charts/common/README.md +++ /dev/null @@ -1,274 +0,0 @@ -# Bitnami Common Library Chart - -A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between bitnami charts. - -## TL;DR - -```yaml -dependencies: - - name: common - version: 0.x.x - repository: https://charts.bitnami.com/bitnami -``` - -```bash -$ helm dependency update -``` - -```yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.names.fullname" . }} -data: - myvalue: "Hello World" -``` - -## Introduction - -This chart provides a common template helpers which can be used to develop new charts using [Helm](https://helm.sh) package manager. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This Helm chart has been tested on top of [Bitnami Kubernetes Production Runtime](https://kubeprod.io/) (BKPR). Deploy BKPR to get automated TLS certificates, logging and monitoring for your applications. - -## Prerequisites - -- Kubernetes 1.12+ -- Helm 2.12+ or Helm 3.0-beta3+ - -## Parameters - -The following table lists the helpers available in the library which are scoped in different sections. - -**Names** - -| Helper identifier | Description | Expected Input | -|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.names.name` | Expand the name of the chart or use `.Values.nameOverride` | `.` Chart context | -| `common.names.fullname` | Create a default fully qualified app name. | `.` Chart context | -| `common.names.chart` | Chart name plus version | `.` Chart context | - -**Images** - -| Helper identifier | Description | Expected Input | -|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.images.image` | Return the proper and full image name | `dict "imageRoot" .Values.path.to.the.image "global" $`, see [ImageRoot](#imageroot) for the structure. | -| `common.images.pullSecrets` | Return the proper Docker Image Registry Secret Names | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global` | - -**Labels** - -| Helper identifier | Description | Expected Input | -|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.labels.standard` | Return Kubernetes standard labels | `.` Chart context | -| `common.labels.matchLabels` | Return the proper Docker Image Registry Secret Names | `.` Chart context | - -**Storage** - -| Helper identifier | Description | Expected Input | -|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.storage.class` | Return the proper Storage Class | `dict "persistence" .Values.path.to.the.persistence "global" $`, see [Persistence](#persistence) for the structure. | - -**TplValues** - -| Helper identifier | Description | Expected Input | -|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.tplvalues.render` | Renders a value that contains template | `dict "value" .Values.path.to.the.Value "context" $`, value is the value should rendered as template, context frecuently is the chart context `$` or `.` | - -**Capabilities** - -| Helper identifier | Description | Expected Input | -|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.capabilities.deployment.apiVersion` | Return the appropriate apiVersion for deployment. | `.` Chart context | -| `common.capabilities.ingress.apiVersion` | Return the appropriate apiVersion for ingress. | `.` Chart context | - -**Validations** - -| Helper identifier | Description | Expected Input | -|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.validations.values.single.empty` | Validate a value must not be empty. | `dict "valueKey" "path.to.value" "secret" "secret.name" "field" "my-password" "context" $` secret and field are optional. In case they are given, the helper will generate a how to get instruction. See [ValidateValue](#validatevalue) | -| `common.validations.values.multiple.empty` | Validate a multiple values must not be empty. It returns a shared error for all the values. | `dict "required" (list $validateValueConf00 $validateValueConf01) "context" $`. See [ValidateValue](#validatevalue) | -| `common.validations.values.mariadb.passwords` | When a chart is using `bitnami/mariadb` as subchart you should use this to validate required password are not empty. It returns a shared error for all the values. | `dict "secret" "mariadb-secret" "context" $` | -| `common.validations.values.postgresql.passwords` | This helper will ensure required password are not empty. It returns a shared error for all the values. | `dict "secret" "postgresql-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use postgresql chart and the helper. | - -**Warnings** - -| Helper identifier | Description | Expected Input | -|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.warnings.rollingTag` | Warning about using rolling tag. | `ImageRoot` see [ImageRoot](#imageroot) for the structure. | - -**Errors** - -| Helper identifier | Description | Expected Input | -|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.errors.upgrade.passwords.empty` | It will ensure required passwords are given when we are upgrading a chart. If `validationErrors` is not empty it will throw an error and will stop the upgrade action. | `dict "validationErrors" (list $validationError00 $validationError01) "context" $` | - -**Utils** - -| Helper identifier | Description | Expected Input | -|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.utils.fieldToEnvVar` | Build environment variable name given a field. | `dict "field" "my-password"` | -| `common.utils.secret.getvalue` | Print instructions to get a secret value. | `dict "secret" "secret-name" "field" "secret-value-field" "context" $` | - -**Secrets** - -| Helper identifier | Description | Expected Input | -|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.secrets.name` | Generate the name of the secret. | `dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $` see [ExistingSecret](#existingsecret) for the structure. | -| `common.secrets.key` | Generate secret key. | `dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName"` see [ExistingSecret](#existingsecret) for the structure. | - -## Special input schemas - -### ImageRoot - -```yaml -registry: - type: string - description: Docker registry where the image is located - example: docker.io - -repository: - type: string - description: Repository and image name - example: bitnami/nginx - -tag: - type: string - description: image tag - example: 1.16.1-debian-10-r63 - -pullPolicy: - type: string - description: Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - -pullSecrets: - type: array - items: - type: string - description: Optionally specify an array of imagePullSecrets. - -debug: - type: boolean - description: Set to true if you would like to see extra information on logs - example: false - -## An instance would be: -# registry: docker.io -# repository: bitnami/nginx -# tag: 1.16.1-debian-10-r63 -# pullPolicy: IfNotPresent -# debug: false -``` - -### Persistence - -```yaml -enabled: - type: boolean - description: Whether enable persistence. - example: true - -storageClass: - type: string - description: Ghost data Persistent Volume Storage Class, If set to "-", storageClassName: "" which disables dynamic provisioning. - example: "-" - -accessMode: - type: string - description: Access mode for the Persistent Volume Storage. - example: ReadWriteOnce - -size: - type: string - description: Size the Persistent Volume Storage. - example: 8Gi - -path: - type: string - description: Path to be persisted. - example: /bitnami - -## An instance would be: -# enabled: true -# storageClass: "-" -# accessMode: ReadWriteOnce -# size: 8Gi -# path: /bitnami -``` - -### ExistingSecret -```yaml -name: - type: string - description: Name of the existing secret. - example: mySecret -keyMapping: - description: Mapping between the expected key name and the name of the key in the existing secret. - type: object - -## An instance would be: -# name: mySecret -# keyMapping: -# password: myPasswordKey -``` - -**Example of use** - -When we store sensitive data for a deployment in a secret, some times we want to give to users the possiblity of using theirs existing secrets. - -```yaml -# templates/secret.yaml ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.names.fullname" . }} - labels: - app: {{ include "common.names.fullname" . }} -type: Opaque -data: - password: {{ .Values.password | b64enc | quote }} - -# templates/dpl.yaml ---- -... - env: - - name: PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.secrets.name" (dict "existingSecret" .Values.existingSecret "context" $) }} - key: {{ include "common.secrets.key" (dict "existingSecret" .Values.existingSecret "key" "password") }} -... - -# values.yaml ---- -name: mySecret -keyMapping: - password: myPasswordKey -``` - -### ValidateValue - -**NOTES.txt** - -``` -{{- $validateValueConf00 := (dict "valueKey" "path.to.value00" "secret" "secretName" "field" "password-00") -}} -{{- $validateValueConf01 := (dict "valueKey" "path.to.value01" "secret" "secretName" "field" "password-01") -}} - -{{ include "common.validations.values.multiple.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} -``` - -If we force those values to be empty we will see some alerts - -```console -$ helm install test mychart --set path.to.value00="",path.to.value01="" - 'path.to.value00' must not be empty, please add '--set path.to.value00=$PASSWORD_00' to the command. To get the current value: - - export PASSWORD_00=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-00}" | base64 --decode) - - 'path.to.value01' must not be empty, please add '--set path.to.value01=$PASSWORD_01' to the command. To get the current value: - - export PASSWORD_01=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-01}" | base64 --decode) -``` - -## Notable changes - -N/A diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/charts/common/templates/_capabilities.tpl b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/charts/common/templates/_capabilities.tpl deleted file mode 100644 index c0ea2c70c..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/charts/common/templates/_capabilities.tpl +++ /dev/null @@ -1,22 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Return the appropriate apiVersion for deployment. -*/}} -{{- define "common.capabilities.deployment.apiVersion" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for ingress. -*/}} -{{- define "common.capabilities.ingress.apiVersion" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1beta1" -}} -{{- end -}} -{{- end -}} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/charts/common/templates/_errors.tpl b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/charts/common/templates/_errors.tpl deleted file mode 100644 index d6d3ec65a..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/charts/common/templates/_errors.tpl +++ /dev/null @@ -1,20 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Through error when upgrading using empty passwords values that must not be empty. - -Usage: -{{- $validationError00 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password00" "secret" "secretName" "field" "password-00") -}} -{{- $validationError01 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password01" "secret" "secretName" "field" "password-01") -}} -{{ include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $validationError00 $validationError01) "context" $) }} - -Required password params: - - validationErrors - String - Required. List of validation strings to be return, if it is empty it won't throw error. - - context - Context - Required. Parent context. -*/}} -{{- define "common.errors.upgrade.passwords.empty" -}} - {{- $validationErrors := join "" .validationErrors -}} - {{- if and $validationErrors .context.Release.IsUpgrade -}} - {{- $errorString := "\nPASSWORDS ERROR: you must provide your current passwords when upgrade the release%s" -}} - {{- printf $errorString $validationErrors | fail -}} - {{- end -}} -{{- end -}} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/charts/common/templates/_images.tpl b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/charts/common/templates/_images.tpl deleted file mode 100644 index aafde9f3b..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/charts/common/templates/_images.tpl +++ /dev/null @@ -1,43 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Return the proper image name -{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" $) }} -*/}} -{{- define "common.images.image" -}} -{{- $registryName := .imageRoot.registry -}} -{{- $repositoryName := .imageRoot.repository -}} -{{- $tag := .imageRoot.tag | toString -}} -{{- if .global }} - {{- if .global.imageRegistry }} - {{- $registryName = .global.imageRegistry -}} - {{- end -}} -{{- end -}} -{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -{{ include "common.images.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global) }} -*/}} -{{- define "common.images.pullSecrets" -}} - {{- $pullSecrets := list }} - - {{- if .global }} - {{- range .global.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets . -}} - {{- end -}} - {{- end -}} - - {{- range .images -}} - {{- range .pullSecrets -}} - {{- $pullSecrets = append $pullSecrets . -}} - {{- end -}} - {{- end -}} - - {{- if (not (empty $pullSecrets)) }} -imagePullSecrets: - {{- range $pullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} -{{- end -}} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/charts/common/templates/_labels.tpl b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/charts/common/templates/_labels.tpl deleted file mode 100644 index 252066c7e..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/charts/common/templates/_labels.tpl +++ /dev/null @@ -1,18 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Kubernetes standard labels -*/}} -{{- define "common.labels.standard" -}} -app.kubernetes.io/name: {{ include "common.names.name" . }} -helm.sh/chart: {{ include "common.names.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} - -{{/* -Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector -*/}} -{{- define "common.labels.matchLabels" -}} -app.kubernetes.io/name: {{ include "common.names.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end -}} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/charts/common/templates/_names.tpl b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/charts/common/templates/_names.tpl deleted file mode 100644 index adf2a74f4..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/charts/common/templates/_names.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "common.names.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "common.names.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "common.names.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/charts/common/templates/_secrets.tpl b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/charts/common/templates/_secrets.tpl deleted file mode 100644 index d6165a294..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/charts/common/templates/_secrets.tpl +++ /dev/null @@ -1,49 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Generate secret name. - -Usage: -{{ include "common.secrets.name" (dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $) }} - -Params: - - existingSecret - ExistingSecret - Optional. The path to the existing secrets in the values.yaml given by the user - to be used istead of the default one. +info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret - - defaultNameSuffix - String - Optional. It is used only if we have several secrets in the same deployment. - - context - Dict - Required. The context for the template evaluation. -*/}} -{{- define "common.secrets.name" -}} -{{- $name := (include "common.names.fullname" .context) -}} - -{{- if .defaultNameSuffix -}} -{{- $name = cat $name .defaultNameSuffix -}} -{{- end -}} - -{{- with .existingSecret -}} -{{- $name = .name -}} -{{- end -}} - -{{- printf "%s" $name -}} -{{- end -}} - -{{/* -Generate secret key. - -Usage: -{{ include "common.secrets.key" (dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName") }} - -Params: - - existingSecret - ExistingSecret - Optional. The path to the existing secrets in the values.yaml given by the user - to be used istead of the default one. +info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret - - key - String - Required. Name of the key in the secret. -*/}} -{{- define "common.secrets.key" -}} -{{- $key := .key -}} - -{{- if .existingSecret -}} - {{- if .existingSecret.keyMapping -}} - {{- $key = index .existingSecret.keyMapping $.key -}} - {{- end -}} -{{- end -}} - -{{- printf "%s" $key -}} -{{- end -}} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/charts/common/templates/_storage.tpl b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/charts/common/templates/_storage.tpl deleted file mode 100644 index 60e2a844f..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/charts/common/templates/_storage.tpl +++ /dev/null @@ -1,23 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Return the proper Storage Class -{{ include "common.storage.class" ( dict "persistence" .Values.path.to.the.persistence "global" $) }} -*/}} -{{- define "common.storage.class" -}} - -{{- $storageClass := .persistence.storageClass -}} -{{- if .global -}} - {{- if .global.storageClass -}} - {{- $storageClass = .global.storageClass -}} - {{- end -}} -{{- end -}} - -{{- if $storageClass -}} - {{- if (eq "-" $storageClass) -}} - {{- printf "storageClassName: \"\"" -}} - {{- else }} - {{- printf "storageClassName: %s" $storageClass -}} - {{- end -}} -{{- end -}} - -{{- end -}} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/charts/common/templates/_tplvalues.tpl b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/charts/common/templates/_tplvalues.tpl deleted file mode 100644 index 2db166851..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/charts/common/templates/_tplvalues.tpl +++ /dev/null @@ -1,13 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Renders a value that contains template. -Usage: -{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $) }} -*/}} -{{- define "common.tplvalues.render" -}} - {{- if typeIs "string" .value }} - {{- tpl .value .context }} - {{- else }} - {{- tpl (.value | toYaml) .context }} - {{- end }} -{{- end -}} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/charts/common/templates/_utils.tpl b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/charts/common/templates/_utils.tpl deleted file mode 100644 index 7d02f2ef6..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/charts/common/templates/_utils.tpl +++ /dev/null @@ -1,26 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Print instructions to get a secret value. -Usage: -{{ include "common.utils.secret.getvalue" (dict "secret" "secret-name" "field" "secret-value-field" "context" $) }} -*/}} -{{- define "common.utils.secret.getvalue" -}} -{{- $varname := include "common.utils.fieldToEnvVar" . -}} -export {{ $varname }}=$(kubectl get secret --namespace {{ .context.Release.Namespace }} {{ .secret }} -o jsonpath="{.data.{{ .field }}}" | base64 --decode) -{{- end -}} - -{{/* -Build env var name given a field -Usage: -{{ include "common.utils.fieldToEnvVar" dict "field" "my-password" }} -*/}} -{{- define "common.utils.fieldToEnvVar" -}} - {{- $fieldNameSplit := splitList "-" .field -}} - {{- $upperCaseFieldNameSplit := list -}} - - {{- range $fieldNameSplit -}} - {{- $upperCaseFieldNameSplit = append $upperCaseFieldNameSplit ( upper . ) -}} - {{- end -}} - - {{ join "_" $upperCaseFieldNameSplit }} -{{- end -}} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/charts/common/templates/_validations.tpl b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/charts/common/templates/_validations.tpl deleted file mode 100644 index 62635b30e..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/charts/common/templates/_validations.tpl +++ /dev/null @@ -1,219 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Validate values must not be empty. - -Usage: -{{- $validateValueConf00 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-00") -}} -{{- $validateValueConf01 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-01") -}} -{{ include "common.validations.values.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} - -Validate value params: - - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" - - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" - - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" -*/}} -{{- define "common.validations.values.multiple.empty" -}} - {{- range .required -}} - {{- include "common.validations.values.single.empty" (dict "valueKey" .valueKey "secret" .secret "field" .field "context" $.context) -}} - {{- end -}} -{{- end -}} - - -{{/* -Validate a value must not be empty. - -Usage: -{{ include "common.validations.value.empty" (dict "valueKey" "mariadb.password" "secret" "secretName" "field" "my-password" "context" $) }} - -Validate value params: - - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" - - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" - - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" -*/}} -{{- define "common.validations.values.single.empty" -}} - {{- $valueKeyArray := splitList "." .valueKey -}} - {{- $value := "" -}} - {{- $latestObj := $.context.Values -}} - {{- range $valueKeyArray -}} - {{- if not $latestObj -}} - {{- printf "please review the entire path of '%s' exists in values" $.valueKey | fail -}} - {{- end -}} - - {{- $value = ( index $latestObj . ) -}} - {{- $latestObj = $value -}} - {{- end -}} - - {{- if not $value -}} - {{- $varname := "my-value" -}} - {{- $getCurrentValue := "" -}} - {{- if and .secret .field -}} - {{- $varname = include "common.utils.fieldToEnvVar" . -}} - {{- $getCurrentValue = printf " To get the current value:\n\n %s\n" (include "common.utils.secret.getvalue" .) -}} - {{- end -}} - - {{- printf "\n '%s' must not be empty, please add '--set %s=$%s' to the command.%s" .valueKey .valueKey $varname $getCurrentValue -}} - {{- end -}} -{{- end -}} - -{{/* -Validate a mariadb required password must not be empty. - -Usage: -{{ include "common.validations.values.mariadb.passwords" (dict "secret" "secretName" "context" $) }} - -Validate value params: - - secret - String - Required. Name of the secret where mysql values are stored, e.g: "mysql-passwords-secret" -*/}} -{{- define "common.validations.values.mariadb.passwords" -}} - {{- if and (not .context.Values.mariadb.existingSecret) .context.Values.mariadb.enabled -}} - {{- $requiredPasswords := list -}} - - {{- if .context.Values.mariadb.secret.requirePasswords -}} - {{- $requiredRootMariadbPassword := dict "valueKey" "mariadb.rootUser.password" "secret" .secretName "field" "mariadb-root-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRootMariadbPassword -}} - - {{- if not (empty .context.Values.mariadb.db.user) -}} - {{- $requiredMariadbPassword := dict "valueKey" "mariadb.db.password" "secret" .secretName "field" "mariadb-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredMariadbPassword -}} - {{- end -}} - - {{- if .context.Values.mariadb.replication.enabled -}} - {{- $requiredReplicationPassword := dict "valueKey" "mariadb.replication.password" "secret" .secretName "field" "mariadb-replication-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - {{- end -}} - {{- end -}} -{{- end -}} - -{{/* -Validate a postgresql required password must not be empty. - -Usage: -{{ include "common.validations.values.postgresql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where postgresql values are stored, e.g: "mysql-passwords-secret" - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.postgresql.passwords" -}} - {{- $existingSecret := include "common.postgresql.values.existingSecret" . -}} - {{- $enabled := include "common.postgresql.values.enabled" . -}} - {{- $valueKeyPostgresqlPassword := include "common.postgresql.values.key.postgressPassword" . -}} - {{- $enabledReplication := include "common.postgresql.values.enabled.replication" . -}} - {{- $valueKeyPostgresqlReplicationEnabled := include "common.postgresql.values.key.replicationPassword" . -}} - - {{- if and (not $existingSecret) $enabled -}} - {{- $requiredPasswords := list -}} - - {{- $requiredPostgresqlPassword := dict "valueKey" $valueKeyPostgresqlPassword "secret" .secret "field" "postgresql-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlPassword -}} - - {{- if $enabledReplication -}} - {{- $requiredPostgresqlReplicationPassword := dict "valueKey" $valueKeyPostgresqlReplicationEnabled "secret" .secret "field" "postgresql-replication-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlReplicationPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliar function to decide whether evaluate global values. - -Usage: -{{ include "common.postgresql.values.use.global" (dict "key" "key-of-global" "context" $) }} -Params: - - key - String - Required. Field to be evaluated within global, e.g: "existingSecret" -*/}} -{{- define "common.postgresql.values.use.global" -}} - {{- if .context.Values.global -}} - {{- if .context.Values.global.postgresql -}} - {{- index .context.Values.global.postgresql .key | quote -}} - {{- end -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliar function to get the right value for existingSecret. - -Usage: -{{ include "common.postgresql.values.existingSecret" (dict "context" $) }} -*/}} -{{- define "common.postgresql.values.existingSecret" -}} - {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "existingSecret" "context" .context) -}} - - {{- if .subchart -}} - {{- default (.context.Values.postgresql.existingSecret | quote) $globalValue -}} - {{- else -}} - {{- default (.context.Values.existingSecret | quote) $globalValue -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliar function to get the right value for enabled postgresql. - -Usage: -{{ include "common.postgresql.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.postgresql.values.enabled" -}} - {{- if .subchart -}} - {{- .context.Values.postgresql.enabled | quote -}} - {{- else -}} - true - {{- end -}} -{{- end -}} - -{{/* -Auxiliar function to get the right value for the key postgressPassword. - -Usage: -{{ include "common.postgresql.values.key.postgressPassword" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.postgresql.values.key.postgressPassword" -}} - {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "postgresqlUsername" "context" .context) -}} - - {{- if not $globalValue -}} - {{- if .subchart -}} - postgresql.postgresqlPassword - {{- else -}} - postgresqlPassword - {{- end -}} - {{- else -}} - global.postgresql.postgresqlPassword - {{- end -}} -{{- end -}} - -{{/* -Auxiliar function to get the right value for enabled.replication. - -Usage: -{{ include "common.postgresql.values.enabled.replication" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.postgresql.values.enabled.replication" -}} - {{- if .subchart -}} - {{- .context.Values.postgresql.replication.enabled | quote -}} - {{- else -}} - {{- .context.Values.replication.enabled | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliar function to get the right value for the key replication.password. - -Usage: -{{ include "common.postgresql.values.key.replicationPassword" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.postgresql.values.key.replicationPassword" -}} - {{- if .subchart -}} - postgresql.replication.password - {{- else -}} - replication.password - {{- end -}} -{{- end -}} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/charts/common/templates/_warnings.tpl b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/charts/common/templates/_warnings.tpl deleted file mode 100644 index ae10fa41e..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/charts/common/templates/_warnings.tpl +++ /dev/null @@ -1,14 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Warning about using rolling tag. -Usage: -{{ include "common.warnings.rollingTag" .Values.path.to.the.imageRoot }} -*/}} -{{- define "common.warnings.rollingTag" -}} - -{{- if and (contains "bitnami/" .repository) (not (.tag | toString | regexFind "-r\\d+$|sha256:")) }} -WARNING: Rolling tag detected ({{ .repository }}:{{ .tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment. -+info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/ -{{- end }} - -{{- end -}} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/charts/common/values.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/charts/common/values.yaml deleted file mode 100644 index 9ecdc93f5..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/charts/common/values.yaml +++ /dev/null @@ -1,3 +0,0 @@ -## bitnami/common -## It is required by CI/CD tools and processes. -exampleValue: common-chart diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/ci/commonAnnotations.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/ci/commonAnnotations.yaml deleted file mode 100644 index f6977823c..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/ci/commonAnnotations.yaml +++ /dev/null @@ -1,3 +0,0 @@ -commonAnnotations: - helm.sh/hook: 'pre-install, pre-upgrade' - helm.sh/hook-weight: '-1' diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/ci/default-values.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/ci/default-values.yaml deleted file mode 100644 index fc2ba605a..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/ci/default-values.yaml +++ /dev/null @@ -1 +0,0 @@ -# Leave this file empty to ensure that CI runs builds against the default configuration in values.yaml. diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/ci/shmvolume-disabled-values.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/ci/shmvolume-disabled-values.yaml deleted file mode 100644 index 347d3b40a..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/ci/shmvolume-disabled-values.yaml +++ /dev/null @@ -1,2 +0,0 @@ -shmVolume: - enabled: false diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/files/README.md b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/files/README.md deleted file mode 100644 index 1813a2fea..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/files/README.md +++ /dev/null @@ -1 +0,0 @@ -Copy here your postgresql.conf and/or pg_hba.conf files to use it as a config map. diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/files/conf.d/README.md b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/files/conf.d/README.md deleted file mode 100644 index 184c1875d..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/files/conf.d/README.md +++ /dev/null @@ -1,4 +0,0 @@ -If you don't want to provide the whole configuration file and only specify certain parameters, you can copy here your extended `.conf` files. -These files will be injected as a config maps and add/overwrite the default configuration using the `include_dir` directive that allows settings to be loaded from files other than the default `postgresql.conf`. - -More info in the [bitnami-docker-postgresql README](https://github.com/bitnami/bitnami-docker-postgresql#configuration-file). diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/files/docker-entrypoint-initdb.d/README.md b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/files/docker-entrypoint-initdb.d/README.md deleted file mode 100644 index cba38091e..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/files/docker-entrypoint-initdb.d/README.md +++ /dev/null @@ -1,3 +0,0 @@ -You can copy here your custom `.sh`, `.sql` or `.sql.gz` file so they are executed during the first boot of the image. - -More info in the [bitnami-docker-postgresql](https://github.com/bitnami/bitnami-docker-postgresql#initializing-a-new-instance) repository. \ No newline at end of file diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/requirements.lock b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/requirements.lock deleted file mode 100644 index 72e1642e2..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/requirements.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: common - repository: https://charts.bitnami.com/bitnami - version: 0.6.2 -digest: sha256:740783295d301fdd168fafdbaa760de27ab54b0ff36b513589a5a2515072b885 -generated: "2020-09-01T17:40:02.795096189Z" diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/requirements.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/requirements.yaml deleted file mode 100644 index 2c28bfe14..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/requirements.yaml +++ /dev/null @@ -1,4 +0,0 @@ -dependencies: - - name: common - version: 0.x.x - repository: https://charts.bitnami.com/bitnami diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/NOTES.txt b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/NOTES.txt deleted file mode 100644 index 596e969ce..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/NOTES.txt +++ /dev/null @@ -1,59 +0,0 @@ -** Please be patient while the chart is being deployed ** - -PostgreSQL can be accessed via port {{ template "postgresql.port" . }} on the following DNS name from within your cluster: - - {{ template "postgresql.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local - Read/Write connection -{{- if .Values.replication.enabled }} - {{ template "postgresql.fullname" . }}-read.{{ .Release.Namespace }}.svc.cluster.local - Read only connection -{{- end }} - -{{- if and (not (eq .Values.postgresqlUsername "postgres")) (or .Values.postgresqlPostgresPassword (include "postgresql.useExistingSecret" .)) }} - -To get the password for "postgres" run: - - export POSTGRES_ADMIN_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "postgresql.secretName" . }} -o jsonpath="{.data.postgresql-postgres-password}" | base64 --decode) -{{- end }} - -To get the password for "{{ template "postgresql.username" . }}" run: - - export POSTGRES_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "postgresql.secretName" . }} -o jsonpath="{.data.postgresql-password}" | base64 --decode) - -To connect to your database run the following command: - - kubectl run {{ template "postgresql.fullname" . }}-client --rm --tty -i --restart='Never' --namespace {{ .Release.Namespace }} --image {{ template "postgresql.image" . }} --env="PGPASSWORD=$POSTGRES_PASSWORD" {{- if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }} - --labels="{{ template "postgresql.fullname" . }}-client=true" {{- end }} --command -- psql --host {{ template "postgresql.fullname" . }} -U {{ .Values.postgresqlUsername }} -d {{- if .Values.postgresqlDatabase }} {{ .Values.postgresqlDatabase }}{{- else }} postgres{{- end }} -p {{ template "postgresql.port" . }} - -{{ if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }} -Note: Since NetworkPolicy is enabled, only pods with label {{ template "postgresql.fullname" . }}-client=true" will be able to connect to this PostgreSQL cluster. -{{- end }} - -To connect to your database from outside the cluster execute the following commands: - -{{- if contains "NodePort" .Values.service.type }} - - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "postgresql.fullname" . }}) - {{ if (include "postgresql.password" . ) }}PGPASSWORD="$POSTGRES_PASSWORD" {{ end }}psql --host $NODE_IP --port $NODE_PORT -U {{ .Values.postgresqlUsername }} -d {{- if .Values.postgresqlDatabase }} {{ .Values.postgresqlDatabase }}{{- else }} postgres{{- end }} - -{{- else if contains "LoadBalancer" .Values.service.type }} - - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "postgresql.fullname" . }}' - - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "postgresql.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - {{ if (include "postgresql.password" . ) }}PGPASSWORD="$POSTGRES_PASSWORD" {{ end }}psql --host $SERVICE_IP --port {{ template "postgresql.port" . }} -U {{ .Values.postgresqlUsername }} -d {{- if .Values.postgresqlDatabase }} {{ .Values.postgresqlDatabase }}{{- else }} postgres{{- end }} - -{{- else if contains "ClusterIP" .Values.service.type }} - - kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "postgresql.fullname" . }} {{ template "postgresql.port" . }}:{{ template "postgresql.port" . }} & - {{ if (include "postgresql.password" . ) }}PGPASSWORD="$POSTGRES_PASSWORD" {{ end }}psql --host 127.0.0.1 -U {{ .Values.postgresqlUsername }} -d {{- if .Values.postgresqlDatabase }} {{ .Values.postgresqlDatabase }}{{- else }} postgres{{- end }} -p {{ template "postgresql.port" . }} - -{{- end }} - -{{- include "postgresql.validateValues" . -}} - -{{- include "common.warnings.rollingTag" .Values.image -}} - -{{- $passwordValidationErrors := include "common.validations.values.postgresql.passwords" (dict "secret" (include "postgresql.fullname" .) "context" $) -}} - -{{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $passwordValidationErrors) "context" $) -}} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/_helpers.tpl b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/_helpers.tpl deleted file mode 100644 index 68cd0dc0e..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/_helpers.tpl +++ /dev/null @@ -1,501 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "postgresql.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "postgresql.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "postgresql.master.fullname" -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- $fullname := default (printf "%s-%s" .Release.Name $name) .Values.fullnameOverride -}} -{{- if .Values.replication.enabled -}} -{{- printf "%s-%s" $fullname "master" | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s" $fullname | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for networkpolicy. -*/}} -{{- define "postgresql.networkPolicy.apiVersion" -}} -{{- if semverCompare ">=1.4-0, <1.7-0" .Capabilities.KubeVersion.GitVersion -}} -"extensions/v1beta1" -{{- else if semverCompare "^1.7-0" .Capabilities.KubeVersion.GitVersion -}} -"networking.k8s.io/v1" -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "postgresql.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Return the proper PostgreSQL image name -*/}} -{{- define "postgresql.image" -}} -{{- $registryName := .Values.image.registry -}} -{{- $repositoryName := .Values.image.repository -}} -{{- $tag := .Values.image.tag | toString -}} -{{/* -Helm 2.11 supports the assignment of a value to a variable defined in a different scope, -but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic. -Also, we can't use a single if because lazy evaluation is not an option -*/}} -{{- if .Values.global }} - {{- if .Values.global.imageRegistry }} - {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}} - {{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} - {{- end -}} -{{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} -{{- end -}} -{{- end -}} - -{{/* -Return PostgreSQL postgres user password -*/}} -{{- define "postgresql.postgres.password" -}} -{{- if .Values.global.postgresql.postgresqlPostgresPassword }} - {{- .Values.global.postgresql.postgresqlPostgresPassword -}} -{{- else if .Values.postgresqlPostgresPassword -}} - {{- .Values.postgresqlPostgresPassword -}} -{{- else -}} - {{- randAlphaNum 10 -}} -{{- end -}} -{{- end -}} - -{{/* -Return PostgreSQL password -*/}} -{{- define "postgresql.password" -}} -{{- if .Values.global.postgresql.postgresqlPassword }} - {{- .Values.global.postgresql.postgresqlPassword -}} -{{- else if .Values.postgresqlPassword -}} - {{- .Values.postgresqlPassword -}} -{{- else -}} - {{- randAlphaNum 10 -}} -{{- end -}} -{{- end -}} - -{{/* -Return PostgreSQL replication password -*/}} -{{- define "postgresql.replication.password" -}} -{{- if .Values.global.postgresql.replicationPassword }} - {{- .Values.global.postgresql.replicationPassword -}} -{{- else if .Values.replication.password -}} - {{- .Values.replication.password -}} -{{- else -}} - {{- randAlphaNum 10 -}} -{{- end -}} -{{- end -}} - -{{/* -Return PostgreSQL username -*/}} -{{- define "postgresql.username" -}} -{{- if .Values.global.postgresql.postgresqlUsername }} - {{- .Values.global.postgresql.postgresqlUsername -}} -{{- else -}} - {{- .Values.postgresqlUsername -}} -{{- end -}} -{{- end -}} - - -{{/* -Return PostgreSQL replication username -*/}} -{{- define "postgresql.replication.username" -}} -{{- if .Values.global.postgresql.replicationUser }} - {{- .Values.global.postgresql.replicationUser -}} -{{- else -}} - {{- .Values.replication.user -}} -{{- end -}} -{{- end -}} - -{{/* -Return PostgreSQL port -*/}} -{{- define "postgresql.port" -}} -{{- if .Values.global.postgresql.servicePort }} - {{- .Values.global.postgresql.servicePort -}} -{{- else -}} - {{- .Values.service.port -}} -{{- end -}} -{{- end -}} - -{{/* -Return PostgreSQL created database -*/}} -{{- define "postgresql.database" -}} -{{- if .Values.global.postgresql.postgresqlDatabase }} - {{- .Values.global.postgresql.postgresqlDatabase -}} -{{- else if .Values.postgresqlDatabase -}} - {{- .Values.postgresqlDatabase -}} -{{- end -}} -{{- end -}} - -{{/* -Return the proper image name to change the volume permissions -*/}} -{{- define "postgresql.volumePermissions.image" -}} -{{- $registryName := .Values.volumePermissions.image.registry -}} -{{- $repositoryName := .Values.volumePermissions.image.repository -}} -{{- $tag := .Values.volumePermissions.image.tag | toString -}} -{{/* -Helm 2.11 supports the assignment of a value to a variable defined in a different scope, -but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic. -Also, we can't use a single if because lazy evaluation is not an option -*/}} -{{- if .Values.global }} - {{- if .Values.global.imageRegistry }} - {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}} - {{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} - {{- end -}} -{{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} -{{- end -}} -{{- end -}} - -{{/* -Return the proper PostgreSQL metrics image name -*/}} -{{- define "postgresql.metrics.image" -}} -{{- $registryName := default "docker.io" .Values.metrics.image.registry -}} -{{- $repositoryName := .Values.metrics.image.repository -}} -{{- $tag := default "latest" .Values.metrics.image.tag | toString -}} -{{/* -Helm 2.11 supports the assignment of a value to a variable defined in a different scope, -but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic. -Also, we can't use a single if because lazy evaluation is not an option -*/}} -{{- if .Values.global }} - {{- if .Values.global.imageRegistry }} - {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}} - {{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} - {{- end -}} -{{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} -{{- end -}} -{{- end -}} - -{{/* -Get the password secret. -*/}} -{{- define "postgresql.secretName" -}} -{{- if .Values.global.postgresql.existingSecret }} - {{- printf "%s" (tpl .Values.global.postgresql.existingSecret $) -}} -{{- else if .Values.existingSecret -}} - {{- printf "%s" (tpl .Values.existingSecret $) -}} -{{- else -}} - {{- printf "%s" (include "postgresql.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if we should use an existingSecret. -*/}} -{{- define "postgresql.useExistingSecret" -}} -{{- if or .Values.global.postgresql.existingSecret .Values.existingSecret -}} - {{- true -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if a secret object should be created -*/}} -{{- define "postgresql.createSecret" -}} -{{- if not (include "postgresql.useExistingSecret" .) -}} - {{- true -}} -{{- end -}} -{{- end -}} - -{{/* -Get the configuration ConfigMap name. -*/}} -{{- define "postgresql.configurationCM" -}} -{{- if .Values.configurationConfigMap -}} -{{- printf "%s" (tpl .Values.configurationConfigMap $) -}} -{{- else -}} -{{- printf "%s-configuration" (include "postgresql.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Get the extended configuration ConfigMap name. -*/}} -{{- define "postgresql.extendedConfigurationCM" -}} -{{- if .Values.extendedConfConfigMap -}} -{{- printf "%s" (tpl .Values.extendedConfConfigMap $) -}} -{{- else -}} -{{- printf "%s-extended-configuration" (include "postgresql.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if a configmap should be mounted with PostgreSQL configuration -*/}} -{{- define "postgresql.mountConfigurationCM" -}} -{{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap }} - {{- true -}} -{{- end -}} -{{- end -}} - -{{/* -Get the initialization scripts ConfigMap name. -*/}} -{{- define "postgresql.initdbScriptsCM" -}} -{{- if .Values.initdbScriptsConfigMap -}} -{{- printf "%s" (tpl .Values.initdbScriptsConfigMap $) -}} -{{- else -}} -{{- printf "%s-init-scripts" (include "postgresql.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Get the initialization scripts Secret name. -*/}} -{{- define "postgresql.initdbScriptsSecret" -}} -{{- printf "%s" (tpl .Values.initdbScriptsSecret $) -}} -{{- end -}} - -{{/* -Get the metrics ConfigMap name. -*/}} -{{- define "postgresql.metricsCM" -}} -{{- printf "%s-metrics" (include "postgresql.fullname" .) -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "postgresql.imagePullSecrets" -}} -{{/* -Helm 2.11 supports the assignment of a value to a variable defined in a different scope, -but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic. -Also, we can not use a single if because lazy evaluation is not an option -*/}} -{{- if .Values.global }} -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- else if or .Values.image.pullSecrets .Values.metrics.image.pullSecrets .Values.volumePermissions.image.pullSecrets }} -imagePullSecrets: -{{- range .Values.image.pullSecrets }} - - name: {{ . }} -{{- end }} -{{- range .Values.metrics.image.pullSecrets }} - - name: {{ . }} -{{- end }} -{{- range .Values.volumePermissions.image.pullSecrets }} - - name: {{ . }} -{{- end }} -{{- end -}} -{{- else if or .Values.image.pullSecrets .Values.metrics.image.pullSecrets .Values.volumePermissions.image.pullSecrets }} -imagePullSecrets: -{{- range .Values.image.pullSecrets }} - - name: {{ . }} -{{- end }} -{{- range .Values.metrics.image.pullSecrets }} - - name: {{ . }} -{{- end }} -{{- range .Values.volumePermissions.image.pullSecrets }} - - name: {{ . }} -{{- end }} -{{- end -}} -{{- end -}} - -{{/* -Get the readiness probe command -*/}} -{{- define "postgresql.readinessProbeCommand" -}} -- | -{{- if (include "postgresql.database" .) }} - exec pg_isready -U {{ include "postgresql.username" . | quote }} -d "dbname={{ include "postgresql.database" . }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}{{- end }}" -h 127.0.0.1 -p {{ template "postgresql.port" . }} -{{- else }} - exec pg_isready -U {{ include "postgresql.username" . | quote }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} -d "sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}"{{- end }} -h 127.0.0.1 -p {{ template "postgresql.port" . }} -{{- end }} -{{- if contains "bitnami/" .Values.image.repository }} - [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ] -{{- end -}} -{{- end -}} - -{{/* -Return the proper Storage Class -*/}} -{{- define "postgresql.storageClass" -}} -{{/* -Helm 2.11 supports the assignment of a value to a variable defined in a different scope, -but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic. -*/}} -{{- if .Values.global -}} - {{- if .Values.global.storageClass -}} - {{- if (eq "-" .Values.global.storageClass) -}} - {{- printf "storageClassName: \"\"" -}} - {{- else }} - {{- printf "storageClassName: %s" .Values.global.storageClass -}} - {{- end -}} - {{- else -}} - {{- if .Values.persistence.storageClass -}} - {{- if (eq "-" .Values.persistence.storageClass) -}} - {{- printf "storageClassName: \"\"" -}} - {{- else }} - {{- printf "storageClassName: %s" .Values.persistence.storageClass -}} - {{- end -}} - {{- end -}} - {{- end -}} -{{- else -}} - {{- if .Values.persistence.storageClass -}} - {{- if (eq "-" .Values.persistence.storageClass) -}} - {{- printf "storageClassName: \"\"" -}} - {{- else }} - {{- printf "storageClassName: %s" .Values.persistence.storageClass -}} - {{- end -}} - {{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Renders a value that contains template. -Usage: -{{ include "postgresql.tplValue" ( dict "value" .Values.path.to.the.Value "context" $) }} -*/}} -{{- define "postgresql.tplValue" -}} - {{- if typeIs "string" .value }} - {{- tpl .value .context }} - {{- else }} - {{- tpl (.value | toYaml) .context }} - {{- end }} -{{- end -}} - -{{/* -Return the appropriate apiVersion for statefulset. -*/}} -{{- define "postgresql.statefulset.apiVersion" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "apps/v1beta2" -}} -{{- else -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Compile all warnings into a single message, and call fail. -*/}} -{{- define "postgresql.validateValues" -}} -{{- $messages := list -}} -{{- $messages := append $messages (include "postgresql.validateValues.ldapConfigurationMethod" .) -}} -{{- $messages := append $messages (include "postgresql.validateValues.psp" .) -}} -{{- $messages := append $messages (include "postgresql.validateValues.tls" .) -}} -{{- $messages := without $messages "" -}} -{{- $message := join "\n" $messages -}} - -{{- if $message -}} -{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} -{{- end -}} -{{- end -}} - -{{/* -Validate values of Postgresql - If ldap.url is used then you don't need the other settings for ldap -*/}} -{{- define "postgresql.validateValues.ldapConfigurationMethod" -}} -{{- if and .Values.ldap.enabled (and (not (empty .Values.ldap.url)) (not (empty .Values.ldap.server))) }} -postgresql: ldap.url, ldap.server - You cannot set both `ldap.url` and `ldap.server` at the same time. - Please provide a unique way to configure LDAP. - More info at https://www.postgresql.org/docs/current/auth-ldap.html -{{- end -}} -{{- end -}} - -{{/* -Validate values of Postgresql - If PSP is enabled RBAC should be enabled too -*/}} -{{- define "postgresql.validateValues.psp" -}} -{{- if and .Values.psp.create (not .Values.rbac.create) }} -postgresql: psp.create, rbac.create - RBAC should be enabled if PSP is enabled in order for PSP to work. - More info at https://kubernetes.io/docs/concepts/policy/pod-security-policy/#authorizing-policies -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for podsecuritypolicy. -*/}} -{{- define "podsecuritypolicy.apiVersion" -}} -{{- if semverCompare "<1.10-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} -{{- print "policy/v1beta1" -}} -{{- end -}} -{{- end -}} - -{{/* -Validate values of Postgresql TLS - When TLS is enabled, so must be VolumePermissions -*/}} -{{- define "postgresql.validateValues.tls" -}} -{{- if and .Values.tls.enabled (not .Values.volumePermissions.enabled) }} -postgresql: tls.enabled, volumePermissions.enabled - When TLS is enabled you must enable volumePermissions as well to ensure certificates files have - the right permissions. -{{- end -}} -{{- end -}} - -{{/* -Return the path to the cert file. -*/}} -{{- define "postgresql.tlsCert" -}} -{{- required "Certificate filename is required when TLS in enabled" .Values.tls.certFilename | printf "/opt/bitnami/postgresql/certs/%s" -}} -{{- end -}} - -{{/* -Return the path to the cert key file. -*/}} -{{- define "postgresql.tlsCertKey" -}} -{{- required "Certificate Key filename is required when TLS in enabled" .Values.tls.certKeyFilename | printf "/opt/bitnami/postgresql/certs/%s" -}} -{{- end -}} - -{{/* -Return the path to the CA cert file. -*/}} -{{- define "postgresql.tlsCACert" -}} -{{- printf "/opt/bitnami/postgresql/certs/%s" .Values.tls.certCAFilename -}} -{{- end -}} - -{{/* -Return the path to the CRL file. -*/}} -{{- define "postgresql.tlsCRL" -}} -{{- if .Values.tls.crlFilename -}} -{{- printf "/opt/bitnami/postgresql/certs/%s" .Values.tls.crlFilename -}} -{{- end -}} -{{- end -}} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/configmap.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/configmap.yaml deleted file mode 100644 index b29ef6040..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/configmap.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{ if and (or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration) (not .Values.configurationConfigMap) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "postgresql.fullname" . }}-configuration - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: -{{- if (.Files.Glob "files/postgresql.conf") }} -{{ (.Files.Glob "files/postgresql.conf").AsConfig | indent 2 }} -{{- else if .Values.postgresqlConfiguration }} - postgresql.conf: | -{{- range $key, $value := default dict .Values.postgresqlConfiguration }} - {{ $key | snakecase }}={{ $value }} -{{- end }} -{{- end }} -{{- if (.Files.Glob "files/pg_hba.conf") }} -{{ (.Files.Glob "files/pg_hba.conf").AsConfig | indent 2 }} -{{- else if .Values.pgHbaConfiguration }} - pg_hba.conf: | -{{ .Values.pgHbaConfiguration | indent 4 }} -{{- end }} -{{ end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/extended-config-configmap.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/extended-config-configmap.yaml deleted file mode 100644 index f21a97654..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/extended-config-configmap.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if and (or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf) (not .Values.extendedConfConfigMap)}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "postgresql.fullname" . }}-extended-configuration - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: -{{- with .Files.Glob "files/conf.d/*.conf" }} -{{ .AsConfig | indent 2 }} -{{- end }} -{{ with .Values.postgresqlExtendedConf }} - override.conf: | -{{- range $key, $value := . }} - {{ $key | snakecase }}={{ $value }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/initialization-configmap.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/initialization-configmap.yaml deleted file mode 100644 index 6637867a3..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/initialization-configmap.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if and (or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScripts) (not .Values.initdbScriptsConfigMap) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "postgresql.fullname" . }}-init-scripts - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -{{- with .Files.Glob "files/docker-entrypoint-initdb.d/*.sql.gz" }} -binaryData: -{{- range $path, $bytes := . }} - {{ base $path }}: {{ $.Files.Get $path | b64enc | quote }} -{{- end }} -{{- end }} -data: -{{- with .Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql}" }} -{{ .AsConfig | indent 2 }} -{{- end }} -{{- with .Values.initdbScripts }} -{{ toYaml . | indent 2 }} -{{- end }} -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/metrics-configmap.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/metrics-configmap.yaml deleted file mode 100644 index 6b7a3171e..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/metrics-configmap.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if and .Values.metrics.enabled .Values.metrics.customMetrics }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "postgresql.metricsCM" . }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: - custom-metrics.yaml: {{ toYaml .Values.metrics.customMetrics | quote }} -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/metrics-svc.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/metrics-svc.yaml deleted file mode 100644 index b993c9971..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/metrics-svc.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if .Values.metrics.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "postgresql.fullname" . }}-metrics - labels: - {{- include "common.labels.standard" . | nindent 4 }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- toYaml .Values.metrics.service.annotations | nindent 4 }} -spec: - type: {{ .Values.metrics.service.type }} - {{- if and (eq .Values.metrics.service.type "LoadBalancer") .Values.metrics.service.loadBalancerIP }} - loadBalancerIP: {{ .Values.metrics.service.loadBalancerIP }} - {{- end }} - ports: - - name: http-metrics - port: 9187 - targetPort: http-metrics - selector: - {{- include "common.labels.matchLabels" . | nindent 4 }} - role: master -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/networkpolicy.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/networkpolicy.yaml deleted file mode 100644 index 2a7b372fe..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/networkpolicy.yaml +++ /dev/null @@ -1,36 +0,0 @@ -{{- if .Values.networkPolicy.enabled }} -kind: NetworkPolicy -apiVersion: {{ template "postgresql.networkPolicy.apiVersion" . }} -metadata: - name: {{ template "postgresql.fullname" . }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - podSelector: - matchLabels: - {{- include "common.labels.matchLabels" . | nindent 6 }} - ingress: - # Allow inbound connections - - ports: - - port: {{ template "postgresql.port" . }} - {{- if not .Values.networkPolicy.allowExternal }} - from: - - podSelector: - matchLabels: - {{ template "postgresql.fullname" . }}-client: "true" - {{- if .Values.networkPolicy.explicitNamespacesSelector }} - namespaceSelector: -{{ toYaml .Values.networkPolicy.explicitNamespacesSelector | indent 12 }} - {{- end }} - - podSelector: - matchLabels: - {{- include "common.labels.matchLabels" . | nindent 14 }} - role: slave - {{- end }} - # Allow prometheus scrapes - - ports: - - port: 9187 -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/podsecuritypolicy.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/podsecuritypolicy.yaml deleted file mode 100644 index da0b3ab11..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/podsecuritypolicy.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{- if .Values.psp.create }} -apiVersion: {{ include "podsecuritypolicy.apiVersion" . }} -kind: PodSecurityPolicy -metadata: - name: {{ template "postgresql.fullname" . }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - privileged: false - volumes: - - 'configMap' - - 'secret' - - 'persistentVolumeClaim' - - 'emptyDir' - - 'projected' - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'MustRunAsNonRoot' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - readOnlyRootFilesystem: false -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/prometheusrule.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/prometheusrule.yaml deleted file mode 100644 index b0c41b1a4..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/prometheusrule.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ template "postgresql.fullname" . }} -{{- with .Values.metrics.prometheusRule.namespace }} - namespace: {{ . }} -{{- end }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- with .Values.metrics.prometheusRule.additionalLabels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: -{{- with .Values.metrics.prometheusRule.rules }} - groups: - - name: {{ template "postgresql.name" $ }} - rules: {{ tpl (toYaml .) $ | nindent 8 }} -{{- end }} -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/role.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/role.yaml deleted file mode 100644 index 6d3cf50a4..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/role.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.rbac.create }} -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ template "postgresql.fullname" . }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -rules: - {{- if .Values.psp.create }} - - apiGroups: ["extensions"] - resources: ["podsecuritypolicies"] - verbs: ["use"] - resourceNames: - - {{ template "postgresql.fullname" . }} - {{- end }} -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/rolebinding.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/rolebinding.yaml deleted file mode 100644 index f7837388d..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/rolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.rbac.create }} -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ template "postgresql.fullname" . }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -roleRef: - kind: Role - name: {{ template "postgresql.fullname" . }} - apiGroup: rbac.authorization.k8s.io -subjects: - - kind: ServiceAccount - name: {{ default (include "postgresql.fullname" . ) .Values.serviceAccount.name }} - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/secrets.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/secrets.yaml deleted file mode 100644 index c93dbe0bd..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/secrets.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if (include "postgresql.createSecret" .) }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "postgresql.fullname" . }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: Opaque -data: - {{- if and .Values.postgresqlPostgresPassword (not (eq .Values.postgresqlUsername "postgres")) }} - postgresql-postgres-password: {{ include "postgresql.postgres.password" . | b64enc | quote }} - {{- end }} - postgresql-password: {{ include "postgresql.password" . | b64enc | quote }} - {{- if .Values.replication.enabled }} - postgresql-replication-password: {{ include "postgresql.replication.password" . | b64enc | quote }} - {{- end }} - {{- if (and .Values.ldap.enabled .Values.ldap.bind_password)}} - postgresql-ldap-password: {{ .Values.ldap.bind_password | b64enc | quote }} - {{- end }} -{{- end -}} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/serviceaccount.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/serviceaccount.yaml deleted file mode 100644 index 17f7ff399..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/serviceaccount.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if and (.Values.serviceAccount.enabled) (not .Values.serviceAccount.name) }} -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - {{- include "common.labels.standard" . | nindent 4 }} - name: {{ template "postgresql.fullname" . }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/servicemonitor.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/servicemonitor.yaml deleted file mode 100644 index d57b7fb48..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/servicemonitor.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "postgresql.fullname" . }} - {{- if .Values.metrics.serviceMonitor.namespace }} - namespace: {{ .Values.metrics.serviceMonitor.namespace }} - {{- end }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.metrics.serviceMonitor.additionalLabels }} - {{- toYaml .Values.metrics.serviceMonitor.additionalLabels | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - -spec: - endpoints: - - port: http-metrics - {{- if .Values.metrics.serviceMonitor.interval }} - interval: {{ .Values.metrics.serviceMonitor.interval }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} - {{- end }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} - selector: - matchLabels: - {{- include "common.labels.matchLabels" . | nindent 6 }} -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/statefulset-slaves.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/statefulset-slaves.yaml deleted file mode 100644 index 54d24099f..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/statefulset-slaves.yaml +++ /dev/null @@ -1,345 +0,0 @@ -{{- if .Values.replication.enabled }} -apiVersion: {{ template "postgresql.statefulset.apiVersion" . }} -kind: StatefulSet -metadata: - name: "{{ template "postgresql.fullname" . }}-slave" - labels: - {{- include "common.labels.standard" . | nindent 4 }} -{{- with .Values.slave.labels }} -{{ toYaml . | indent 4 }} -{{- end }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- with .Values.slave.annotations }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - serviceName: {{ template "postgresql.fullname" . }}-headless - replicas: {{ .Values.replication.slaveReplicas }} - selector: - matchLabels: - {{- include "common.labels.matchLabels" . | nindent 6 }} - role: slave - template: - metadata: - name: {{ template "postgresql.fullname" . }} - labels: - {{- include "common.labels.standard" . | nindent 8 }} - role: slave -{{- with .Values.slave.podLabels }} -{{ toYaml . | indent 8 }} -{{- end }} -{{- with .Values.slave.podAnnotations }} - annotations: -{{ toYaml . | indent 8 }} -{{- end }} - spec: - {{- if .Values.schedulerName }} - schedulerName: "{{ .Values.schedulerName }}" - {{- end }} -{{- include "postgresql.imagePullSecrets" . | indent 6 }} - {{- if .Values.slave.nodeSelector }} - nodeSelector: -{{ toYaml .Values.slave.nodeSelector | indent 8 }} - {{- end }} - {{- if .Values.slave.affinity }} - affinity: -{{ toYaml .Values.slave.affinity | indent 8 }} - {{- end }} - {{- if .Values.slave.tolerations }} - tolerations: -{{ toYaml .Values.slave.tolerations | indent 8 }} - {{- end }} - {{- if .Values.terminationGracePeriodSeconds }} - terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} - {{- end }} - {{- if .Values.securityContext.enabled }} - securityContext: - fsGroup: {{ .Values.securityContext.fsGroup }} - {{- end }} - {{- if .Values.serviceAccount.enabled }} - serviceAccountName: {{ default (include "postgresql.fullname" . ) .Values.serviceAccount.name}} - {{- end }} - {{- if or .Values.slave.extraInitContainers (and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled))) }} - initContainers: - {{- if and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled) .Values.tls.enabled) }} - - name: init-chmod-data - image: {{ template "postgresql.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- end }} - command: - - /bin/sh - - -cx - - | - {{- if .Values.persistence.enabled }} - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - chown `id -u`:`id -G | cut -d " " -f2` {{ .Values.persistence.mountPath }} - {{- else }} - chown {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} {{ .Values.persistence.mountPath }} - {{- end }} - mkdir -p {{ .Values.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.persistence.mountPath }}/conf {{- end }} - chmod 700 {{ .Values.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.persistence.mountPath }}/conf {{- end }} - find {{ .Values.persistence.mountPath }} -mindepth 1 -maxdepth 1 {{- if not (include "postgresql.mountConfigurationCM" .) }} -not -name "conf" {{- end }} -not -name ".snapshot" -not -name "lost+found" | \ - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - xargs chown -R `id -u`:`id -G | cut -d " " -f2` - {{- else }} - xargs chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} - {{- end }} - {{- end }} - {{- if and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled }} - chmod -R 777 /dev/shm - {{- end }} - {{- if .Values.tls.enabled }} - cp /tmp/certs/* /opt/bitnami/postgresql/certs/ - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - chown -R `id -u`:`id -G | cut -d " " -f2` /opt/bitnami/postgresql/certs/ - {{- else }} - chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} /opt/bitnami/postgresql/certs/ - {{- end }} - chmod 600 {{ template "postgresql.tlsCertKey" . }} - {{- end }} - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - securityContext: - {{- else }} - securityContext: - runAsUser: {{ .Values.volumePermissions.securityContext.runAsUser }} - {{- end }} - volumeMounts: - {{ if .Values.persistence.enabled }} - - name: data - mountPath: {{ .Values.persistence.mountPath }} - subPath: {{ .Values.persistence.subPath }} - {{- end }} - {{- if .Values.shmVolume.enabled }} - - name: dshm - mountPath: /dev/shm - {{- end }} - {{- if .Values.tls.enabled }} - - name: raw-certificates - mountPath: /tmp/certs - - name: postgresql-certificates - mountPath: /opt/bitnami/postgresql/certs - {{- end }} - {{- end }} - {{- if .Values.slave.extraInitContainers }} -{{ tpl .Values.slave.extraInitContainers . | indent 8 }} - {{- end }} - {{- end }} - {{- if .Values.slave.priorityClassName }} - priorityClassName: {{ .Values.slave.priorityClassName }} - {{- end }} - containers: - - name: {{ template "postgresql.fullname" . }} - image: {{ template "postgresql.image" . }} - imagePullPolicy: "{{ .Values.image.pullPolicy }}" - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- end }} - {{- if .Values.securityContext.enabled }} - securityContext: - runAsUser: {{ .Values.securityContext.runAsUser }} - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" .Values.image.debug | quote }} - - name: POSTGRESQL_VOLUME_DIR - value: "{{ .Values.persistence.mountPath }}" - - name: POSTGRESQL_PORT_NUMBER - value: "{{ template "postgresql.port" . }}" - {{- if .Values.persistence.mountPath }} - - name: PGDATA - value: {{ .Values.postgresqlDataDir | quote }} - {{- end }} - - name: POSTGRES_REPLICATION_MODE - value: "slave" - - name: POSTGRES_REPLICATION_USER - value: {{ include "postgresql.replication.username" . | quote }} - {{- if .Values.usePasswordFile }} - - name: POSTGRES_REPLICATION_PASSWORD_FILE - value: "/opt/bitnami/postgresql/secrets/postgresql-replication-password" - {{- else }} - - name: POSTGRES_REPLICATION_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "postgresql.secretName" . }} - key: postgresql-replication-password - {{- end }} - - name: POSTGRES_CLUSTER_APP_NAME - value: {{ .Values.replication.applicationName }} - - name: POSTGRES_MASTER_HOST - value: {{ template "postgresql.fullname" . }} - - name: POSTGRES_MASTER_PORT_NUMBER - value: {{ include "postgresql.port" . | quote }} - {{- if and (not (eq .Values.postgresqlUsername "postgres")) (or .Values.postgresqlPostgresPassword (include "postgresql.useExistingSecret" .)) }} - {{- if .Values.usePasswordFile }} - - name: POSTGRES_POSTGRES_PASSWORD_FILE - value: "/opt/bitnami/postgresql/secrets/postgresql-postgres-password" - {{- else }} - - name: POSTGRES_POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "postgresql.secretName" . }} - key: postgresql-postgres-password - {{- end }} - {{- end }} - {{- if .Values.usePasswordFile }} - - name: POSTGRES_PASSWORD_FILE - value: "/opt/bitnami/postgresql/secrets/postgresql-password" - {{- else }} - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "postgresql.secretName" . }} - key: postgresql-password - {{- end }} - - name: POSTGRESQL_ENABLE_TLS - value: {{ ternary "yes" "no" .Values.tls.enabled | quote }} - {{- if .Values.tls.enabled }} - - name: POSTGRESQL_TLS_PREFER_SERVER_CIPHERS - value: {{ ternary "yes" "no" .Values.tls.preferServerCiphers | quote }} - - name: POSTGRESQL_TLS_CERT_FILE - value: {{ template "postgresql.tlsCert" . }} - - name: POSTGRESQL_TLS_KEY_FILE - value: {{ template "postgresql.tlsCertKey" . }} - {{- if .Values.tls.certCAFilename }} - - name: POSTGRESQL_TLS_CA_FILE - value: {{ template "postgresql.tlsCACert" . }} - {{- end }} - {{- if .Values.tls.crlFilename }} - - name: POSTGRESQL_TLS_CRL_FILE - value: {{ template "postgresql.tlsCRL" . }} - {{- end }} - {{- end }} - ports: - - name: tcp-postgresql - containerPort: {{ template "postgresql.port" . }} - {{- if .Values.livenessProbe.enabled }} - livenessProbe: - exec: - command: - - /bin/sh - - -c - {{- if (include "postgresql.database" .) }} - - exec pg_isready -U {{ include "postgresql.username" . | quote }} -d "dbname={{ include "postgresql.database" . }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}{{- end }}" -h 127.0.0.1 -p {{ template "postgresql.port" . }} - {{- else }} - - exec pg_isready -U {{ include "postgresql.username" . | quote }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} -d "sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}"{{- end }} -h 127.0.0.1 -p {{ template "postgresql.port" . }} - {{- end }} - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.livenessProbe.failureThreshold }} - {{- end }} - {{- if .Values.readinessProbe.enabled }} - readinessProbe: - exec: - command: - - /bin/sh - - -c - - -e - {{- include "postgresql.readinessProbeCommand" . | nindent 16 }} - initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.readinessProbe.failureThreshold }} - {{- end }} - volumeMounts: - {{- if .Values.usePasswordFile }} - - name: postgresql-password - mountPath: /opt/bitnami/postgresql/secrets/ - {{- end }} - {{- if .Values.shmVolume.enabled }} - - name: dshm - mountPath: /dev/shm - {{- end }} - {{- if .Values.persistence.enabled }} - - name: data - mountPath: {{ .Values.persistence.mountPath }} - subPath: {{ .Values.persistence.subPath }} - {{ end }} - {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }} - - name: postgresql-extended-config - mountPath: /bitnami/postgresql/conf/conf.d/ - {{- end }} - {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap }} - - name: postgresql-config - mountPath: /bitnami/postgresql/conf - {{- end }} - {{- if .Values.tls.enabled }} - - name: postgresql-certificates - mountPath: /opt/bitnami/postgresql/certs - readOnly: true - {{- end }} - {{- if .Values.slave.extraVolumeMounts }} - {{- toYaml .Values.slave.extraVolumeMounts | nindent 12 }} - {{- end }} -{{- if .Values.slave.sidecars }} -{{- include "postgresql.tplValue" ( dict "value" .Values.slave.sidecars "context" $ ) | nindent 8 }} -{{- end }} - volumes: - {{- if .Values.usePasswordFile }} - - name: postgresql-password - secret: - secretName: {{ template "postgresql.secretName" . }} - {{- end }} - {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap}} - - name: postgresql-config - configMap: - name: {{ template "postgresql.configurationCM" . }} - {{- end }} - {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }} - - name: postgresql-extended-config - configMap: - name: {{ template "postgresql.extendedConfigurationCM" . }} - {{- end }} - {{- if .Values.tls.enabled }} - - name: raw-certificates - secret: - secretName: {{ required "A secret containing TLS certificates is required when TLS is enabled" .Values.tls.certificatesSecret }} - - name: postgresql-certificates - emptyDir: {} - {{- end }} - {{- if .Values.shmVolume.enabled }} - - name: dshm - emptyDir: - medium: Memory - sizeLimit: 1Gi - {{- end }} - {{- if or (not .Values.persistence.enabled) (not .Values.slave.persistence.enabled) }} - - name: data - emptyDir: {} - {{- end }} - {{- if .Values.slave.extraVolumes }} - {{- toYaml .Values.slave.extraVolumes | nindent 8 }} - {{- end }} - updateStrategy: - type: {{ .Values.updateStrategy.type }} - {{- if (eq "Recreate" .Values.updateStrategy.type) }} - rollingUpdate: null - {{- end }} -{{- if and .Values.persistence.enabled .Values.slave.persistence.enabled }} - volumeClaimTemplates: - - metadata: - name: data - {{- with .Values.persistence.annotations }} - annotations: - {{- range $key, $value := . }} - {{ $key }}: {{ $value }} - {{- end }} - {{- end }} - spec: - accessModes: - {{- range .Values.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - {{ include "postgresql.storageClass" . }} -{{- end }} -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/statefulset.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/statefulset.yaml deleted file mode 100644 index 0e6eefebb..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/statefulset.yaml +++ /dev/null @@ -1,514 +0,0 @@ -apiVersion: {{ template "postgresql.statefulset.apiVersion" . }} -kind: StatefulSet -metadata: - name: {{ template "postgresql.master.fullname" . }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- with .Values.master.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- with .Values.master.annotations }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - serviceName: {{ template "postgresql.fullname" . }}-headless - replicas: 1 - updateStrategy: - type: {{ .Values.updateStrategy.type }} - {{- if (eq "Recreate" .Values.updateStrategy.type) }} - rollingUpdate: null - {{- end }} - selector: - matchLabels: - {{- include "common.labels.matchLabels" . | nindent 6 }} - role: master - template: - metadata: - name: {{ template "postgresql.fullname" . }} - labels: - {{- include "common.labels.standard" . | nindent 8 }} - role: master - {{- with .Values.master.podLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.master.podAnnotations }} - annotations: {{- toYaml . | nindent 8 }} - {{- end }} - spec: - {{- if .Values.schedulerName }} - schedulerName: "{{ .Values.schedulerName }}" - {{- end }} -{{- include "postgresql.imagePullSecrets" . | indent 6 }} - {{- if .Values.master.nodeSelector }} - nodeSelector: {{- toYaml .Values.master.nodeSelector | nindent 8 }} - {{- end }} - {{- if .Values.master.affinity }} - affinity: {{- toYaml .Values.master.affinity | nindent 8 }} - {{- end }} - {{- if .Values.master.tolerations }} - tolerations: {{- toYaml .Values.master.tolerations | nindent 8 }} - {{- end }} - {{- if .Values.terminationGracePeriodSeconds }} - terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} - {{- end }} - {{- if .Values.securityContext.enabled }} - securityContext: - fsGroup: {{ .Values.securityContext.fsGroup }} - {{- end }} - {{- if .Values.serviceAccount.enabled }} - serviceAccountName: {{ default (include "postgresql.fullname" . ) .Values.serviceAccount.name }} - {{- end }} - {{- if or .Values.master.extraInitContainers (and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled))) }} - initContainers: - {{- if and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled) .Values.tls.enabled) }} - - name: init-chmod-data - image: {{ template "postgresql.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- end }} - command: - - /bin/sh - - -cx - - | - {{- if .Values.persistence.enabled }} - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - chown `id -u`:`id -G | cut -d " " -f2` {{ .Values.persistence.mountPath }} - {{- else }} - chown {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} {{ .Values.persistence.mountPath }} - {{- end }} - mkdir -p {{ .Values.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.persistence.mountPath }}/conf {{- end }} - chmod 700 {{ .Values.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.persistence.mountPath }}/conf {{- end }} - find {{ .Values.persistence.mountPath }} -mindepth 1 -maxdepth 1 {{- if not (include "postgresql.mountConfigurationCM" .) }} -not -name "conf" {{- end }} -not -name ".snapshot" -not -name "lost+found" | \ - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - xargs chown -R `id -u`:`id -G | cut -d " " -f2` - {{- else }} - xargs chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} - {{- end }} - {{- end }} - {{- if and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled }} - chmod -R 777 /dev/shm - {{- end }} - {{- if .Values.tls.enabled }} - cp /tmp/certs/* /opt/bitnami/postgresql/certs/ - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - chown -R `id -u`:`id -G | cut -d " " -f2` /opt/bitnami/postgresql/certs/ - {{- else }} - chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} /opt/bitnami/postgresql/certs/ - {{- end }} - chmod 600 {{ template "postgresql.tlsCertKey" . }} - {{- end }} - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - securityContext: - {{- else }} - securityContext: - runAsUser: {{ .Values.volumePermissions.securityContext.runAsUser }} - {{- end }} - volumeMounts: - {{- if .Values.persistence.enabled }} - - name: data - mountPath: {{ .Values.persistence.mountPath }} - subPath: {{ .Values.persistence.subPath }} - {{- end }} - {{- if .Values.shmVolume.enabled }} - - name: dshm - mountPath: /dev/shm - {{- end }} - {{- if .Values.tls.enabled }} - - name: raw-certificates - mountPath: /tmp/certs - - name: postgresql-certificates - mountPath: /opt/bitnami/postgresql/certs - {{- end }} - {{- end }} - {{- if .Values.master.extraInitContainers }} - {{- include "postgresql.tplValue" ( dict "value" .Values.master.extraInitContainers "context" $ ) | nindent 8 }} - {{- end }} - {{- end }} - {{- if .Values.master.priorityClassName }} - priorityClassName: {{ .Values.master.priorityClassName }} - {{- end }} - containers: - - name: {{ template "postgresql.fullname" . }} - image: {{ template "postgresql.image" . }} - imagePullPolicy: "{{ .Values.image.pullPolicy }}" - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- end }} - {{- if .Values.securityContext.enabled }} - securityContext: - runAsUser: {{ .Values.securityContext.runAsUser }} - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" .Values.image.debug | quote }} - - name: POSTGRESQL_PORT_NUMBER - value: "{{ template "postgresql.port" . }}" - - name: POSTGRESQL_VOLUME_DIR - value: "{{ .Values.persistence.mountPath }}" - {{- if .Values.postgresqlInitdbArgs }} - - name: POSTGRES_INITDB_ARGS - value: {{ .Values.postgresqlInitdbArgs | quote }} - {{- end }} - {{- if .Values.postgresqlInitdbWalDir }} - - name: POSTGRES_INITDB_WALDIR - value: {{ .Values.postgresqlInitdbWalDir | quote }} - {{- end }} - {{- if .Values.initdbUser }} - - name: POSTGRESQL_INITSCRIPTS_USERNAME - value: {{ .Values.initdbUser }} - {{- end }} - {{- if .Values.initdbPassword }} - - name: POSTGRESQL_INITSCRIPTS_PASSWORD - value: {{ .Values.initdbPassword }} - {{- end }} - {{- if .Values.persistence.mountPath }} - - name: PGDATA - value: {{ .Values.postgresqlDataDir | quote }} - {{- end }} - {{- if .Values.replication.enabled }} - - name: POSTGRES_REPLICATION_MODE - value: "master" - - name: POSTGRES_REPLICATION_USER - value: {{ include "postgresql.replication.username" . | quote }} - {{- if .Values.usePasswordFile }} - - name: POSTGRES_REPLICATION_PASSWORD_FILE - value: "/opt/bitnami/postgresql/secrets/postgresql-replication-password" - {{- else }} - - name: POSTGRES_REPLICATION_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "postgresql.secretName" . }} - key: postgresql-replication-password - {{- end }} - {{- if not (eq .Values.replication.synchronousCommit "off")}} - - name: POSTGRES_SYNCHRONOUS_COMMIT_MODE - value: {{ .Values.replication.synchronousCommit | quote }} - - name: POSTGRES_NUM_SYNCHRONOUS_REPLICAS - value: {{ .Values.replication.numSynchronousReplicas | quote }} - {{- end }} - - name: POSTGRES_CLUSTER_APP_NAME - value: {{ .Values.replication.applicationName }} - {{- end }} - {{- if and (not (eq .Values.postgresqlUsername "postgres")) (or .Values.postgresqlPostgresPassword (include "postgresql.useExistingSecret" .)) }} - {{- if .Values.usePasswordFile }} - - name: POSTGRES_POSTGRES_PASSWORD_FILE - value: "/opt/bitnami/postgresql/secrets/postgresql-postgres-password" - {{- else }} - - name: POSTGRES_POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "postgresql.secretName" . }} - key: postgresql-postgres-password - {{- end }} - {{- end }} - - name: POSTGRES_USER - value: {{ include "postgresql.username" . | quote }} - {{- if .Values.usePasswordFile }} - - name: POSTGRES_PASSWORD_FILE - value: "/opt/bitnami/postgresql/secrets/postgresql-password" - {{- else }} - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "postgresql.secretName" . }} - key: postgresql-password - {{- end }} - {{- if (include "postgresql.database" .) }} - - name: POSTGRES_DB - value: {{ (include "postgresql.database" .) | quote }} - {{- end }} - {{- if .Values.extraEnv }} - {{- include "postgresql.tplValue" (dict "value" .Values.extraEnv "context" $) | nindent 12 }} - {{- end }} - - name: POSTGRESQL_ENABLE_LDAP - value: {{ ternary "yes" "no" .Values.ldap.enabled | quote }} - {{- if .Values.ldap.enabled }} - - name: POSTGRESQL_LDAP_SERVER - value: {{ .Values.ldap.server }} - - name: POSTGRESQL_LDAP_PORT - value: {{ .Values.ldap.port | quote }} - - name: POSTGRESQL_LDAP_SCHEME - value: {{ .Values.ldap.scheme }} - {{- if .Values.ldap.tls }} - - name: POSTGRESQL_LDAP_TLS - value: "1" - {{- end}} - - name: POSTGRESQL_LDAP_PREFIX - value: {{ .Values.ldap.prefix | quote }} - - name: POSTGRESQL_LDAP_SUFFIX - value: {{ .Values.ldap.suffix | quote}} - - name: POSTGRESQL_LDAP_BASE_DN - value: {{ .Values.ldap.baseDN }} - - name: POSTGRESQL_LDAP_BIND_DN - value: {{ .Values.ldap.bindDN }} - {{- if (not (empty .Values.ldap.bind_password)) }} - - name: POSTGRESQL_LDAP_BIND_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "postgresql.secretName" . }} - key: postgresql-ldap-password - {{- end}} - - name: POSTGRESQL_LDAP_SEARCH_ATTR - value: {{ .Values.ldap.search_attr }} - - name: POSTGRESQL_LDAP_SEARCH_FILTER - value: {{ .Values.ldap.search_filter }} - - name: POSTGRESQL_LDAP_URL - value: {{ .Values.ldap.url }} - {{- end}} - - name: POSTGRESQL_ENABLE_TLS - value: {{ ternary "yes" "no" .Values.tls.enabled | quote }} - {{- if .Values.tls.enabled }} - - name: POSTGRESQL_TLS_PREFER_SERVER_CIPHERS - value: {{ ternary "yes" "no" .Values.tls.preferServerCiphers | quote }} - - name: POSTGRESQL_TLS_CERT_FILE - value: {{ template "postgresql.tlsCert" . }} - - name: POSTGRESQL_TLS_KEY_FILE - value: {{ template "postgresql.tlsCertKey" . }} - {{- if .Values.tls.certCAFilename }} - - name: POSTGRESQL_TLS_CA_FILE - value: {{ template "postgresql.tlsCACert" . }} - {{- end }} - {{- if .Values.tls.crlFilename }} - - name: POSTGRESQL_TLS_CRL_FILE - value: {{ template "postgresql.tlsCRL" . }} - {{- end }} - {{- end }} - {{- if .Values.extraEnvVarsCM }} - envFrom: - - configMapRef: - name: {{ tpl .Values.extraEnvVarsCM . }} - {{- end }} - ports: - - name: tcp-postgresql - containerPort: {{ template "postgresql.port" . }} - {{- if .Values.livenessProbe.enabled }} - livenessProbe: - exec: - command: - - /bin/sh - - -c - {{- if (include "postgresql.database" .) }} - - exec pg_isready -U {{ include "postgresql.username" . | quote }} -d "dbname={{ include "postgresql.database" . }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}{{- end }}" -h 127.0.0.1 -p {{ template "postgresql.port" . }} - {{- else }} - - exec pg_isready -U {{ include "postgresql.username" . | quote }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} -d "sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}"{{- end }} -h 127.0.0.1 -p {{ template "postgresql.port" . }} - {{- end }} - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.livenessProbe.failureThreshold }} - {{- end }} - {{- if .Values.readinessProbe.enabled }} - readinessProbe: - exec: - command: - - /bin/sh - - -c - - -e - {{- include "postgresql.readinessProbeCommand" . | nindent 16 }} - initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.readinessProbe.failureThreshold }} - {{- end }} - volumeMounts: - {{- if or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScriptsConfigMap .Values.initdbScripts }} - - name: custom-init-scripts - mountPath: /docker-entrypoint-initdb.d/ - {{- end }} - {{- if .Values.initdbScriptsSecret }} - - name: custom-init-scripts-secret - mountPath: /docker-entrypoint-initdb.d/secret - {{- end }} - {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }} - - name: postgresql-extended-config - mountPath: /bitnami/postgresql/conf/conf.d/ - {{- end }} - {{- if .Values.usePasswordFile }} - - name: postgresql-password - mountPath: /opt/bitnami/postgresql/secrets/ - {{- end }} - {{- if .Values.tls.enabled }} - - name: postgresql-certificates - mountPath: /opt/bitnami/postgresql/certs - readOnly: true - {{- end }} - {{- if .Values.shmVolume.enabled }} - - name: dshm - mountPath: /dev/shm - {{- end }} - {{- if .Values.persistence.enabled }} - - name: data - mountPath: {{ .Values.persistence.mountPath }} - subPath: {{ .Values.persistence.subPath }} - {{- end }} - {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap }} - - name: postgresql-config - mountPath: /bitnami/postgresql/conf - {{- end }} - {{- if .Values.master.extraVolumeMounts }} - {{- toYaml .Values.master.extraVolumeMounts | nindent 12 }} - {{- end }} -{{- if .Values.master.sidecars }} -{{- include "postgresql.tplValue" ( dict "value" .Values.master.sidecars "context" $ ) | nindent 8 }} -{{- end }} -{{- if .Values.metrics.enabled }} - - name: metrics - image: {{ template "postgresql.metrics.image" . }} - imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} - {{- if .Values.metrics.securityContext.enabled }} - securityContext: - runAsUser: {{ .Values.metrics.securityContext.runAsUser }} - {{- end }} - env: - {{- $database := required "In order to enable metrics you need to specify a database (.Values.postgresqlDatabase or .Values.global.postgresql.postgresqlDatabase)" (include "postgresql.database" .) }} - {{- $sslmode := ternary "require" "disable" .Values.tls.enabled }} - {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} - - name: DATA_SOURCE_NAME - value: {{ printf "host=127.0.0.1 port=%d user=%s sslmode=%s sslcert=%s sslkey=%s" (int (include "postgresql.port" .)) (include "postgresql.username" .) $sslmode (include "postgresql.tlsCert" .) (include "postgresql.tlsCertKey" .) }} - {{- else }} - - name: DATA_SOURCE_URI - value: {{ printf "127.0.0.1:%d/%s?sslmode=%s" (int (include "postgresql.port" .)) $database $sslmode }} - {{- end }} - {{- if .Values.usePasswordFile }} - - name: DATA_SOURCE_PASS_FILE - value: "/opt/bitnami/postgresql/secrets/postgresql-password" - {{- else }} - - name: DATA_SOURCE_PASS - valueFrom: - secretKeyRef: - name: {{ template "postgresql.secretName" . }} - key: postgresql-password - {{- end }} - - name: DATA_SOURCE_USER - value: {{ template "postgresql.username" . }} - {{- if .Values.metrics.extraEnvVars }} - {{- include "postgresql.tplValue" (dict "value" .Values.metrics.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: / - port: http-metrics - initialDelaySeconds: {{ .Values.metrics.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.metrics.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.metrics.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.metrics.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.metrics.livenessProbe.failureThreshold }} - {{- end }} - {{- if .Values.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: / - port: http-metrics - initialDelaySeconds: {{ .Values.metrics.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.metrics.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.metrics.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.metrics.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.metrics.readinessProbe.failureThreshold }} - {{- end }} - volumeMounts: - {{- if .Values.usePasswordFile }} - - name: postgresql-password - mountPath: /opt/bitnami/postgresql/secrets/ - {{- end }} - {{- if .Values.tls.enabled }} - - name: postgresql-certificates - mountPath: /opt/bitnami/postgresql/certs - readOnly: true - {{- end }} - {{- if .Values.metrics.customMetrics }} - - name: custom-metrics - mountPath: /conf - readOnly: true - args: ["--extend.query-path", "/conf/custom-metrics.yaml"] - {{- end }} - ports: - - name: http-metrics - containerPort: 9187 - {{- if .Values.metrics.resources }} - resources: {{- toYaml .Values.metrics.resources | nindent 12 }} - {{- end }} -{{- end }} - volumes: - {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap}} - - name: postgresql-config - configMap: - name: {{ template "postgresql.configurationCM" . }} - {{- end }} - {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }} - - name: postgresql-extended-config - configMap: - name: {{ template "postgresql.extendedConfigurationCM" . }} - {{- end }} - {{- if .Values.usePasswordFile }} - - name: postgresql-password - secret: - secretName: {{ template "postgresql.secretName" . }} - {{- end }} - {{- if or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScriptsConfigMap .Values.initdbScripts }} - - name: custom-init-scripts - configMap: - name: {{ template "postgresql.initdbScriptsCM" . }} - {{- end }} - {{- if .Values.initdbScriptsSecret }} - - name: custom-init-scripts-secret - secret: - secretName: {{ template "postgresql.initdbScriptsSecret" . }} - {{- end }} - {{- if .Values.tls.enabled }} - - name: raw-certificates - secret: - secretName: {{ required "A secret containing TLS certificates is required when TLS is enabled" .Values.tls.certificatesSecret }} - - name: postgresql-certificates - emptyDir: {} - {{- end }} - {{- if .Values.master.extraVolumes }} - {{- toYaml .Values.master.extraVolumes | nindent 8 }} - {{- end }} - {{- if and .Values.metrics.enabled .Values.metrics.customMetrics }} - - name: custom-metrics - configMap: - name: {{ template "postgresql.metricsCM" . }} - {{- end }} - {{- if .Values.shmVolume.enabled }} - - name: dshm - emptyDir: - medium: Memory - sizeLimit: 1Gi - {{- end }} -{{- if and .Values.persistence.enabled .Values.persistence.existingClaim }} - - name: data - persistentVolumeClaim: -{{- with .Values.persistence.existingClaim }} - claimName: {{ tpl . $ }} -{{- end }} -{{- else if not .Values.persistence.enabled }} - - name: data - emptyDir: {} -{{- else if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} - volumeClaimTemplates: - - metadata: - name: data - {{- with .Values.persistence.annotations }} - annotations: - {{- range $key, $value := . }} - {{ $key }}: {{ $value }} - {{- end }} - {{- end }} - spec: - accessModes: - {{- range .Values.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - {{ include "postgresql.storageClass" . }} -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/svc-headless.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/svc-headless.yaml deleted file mode 100644 index 49131578a..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/svc-headless.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "postgresql.fullname" . }}-headless - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - type: ClusterIP - clusterIP: None - ports: - - name: tcp-postgresql - port: {{ template "postgresql.port" . }} - targetPort: tcp-postgresql - selector: - {{- include "common.labels.matchLabels" . | nindent 4 }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/svc-read.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/svc-read.yaml deleted file mode 100644 index 885c7bb04..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/svc-read.yaml +++ /dev/null @@ -1,42 +0,0 @@ -{{- if .Values.replication.enabled }} -{{- $serviceAnnotations := coalesce .Values.slave.service.annotations .Values.service.annotations -}} -{{- $serviceType := coalesce .Values.slave.service.type .Values.service.type -}} -{{- $serviceLoadBalancerIP := coalesce .Values.slave.service.loadBalancerIP .Values.service.loadBalancerIP -}} -{{- $serviceLoadBalancerSourceRanges := coalesce .Values.slave.service.loadBalancerSourceRanges .Values.service.loadBalancerSourceRanges -}} -{{- $serviceClusterIP := coalesce .Values.slave.service.clusterIP .Values.service.clusterIP -}} -{{- $serviceNodePort := coalesce .Values.slave.service.nodePort .Values.service.nodePort -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "postgresql.fullname" . }}-read - labels: - {{- include "common.labels.standard" . | nindent 4 }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if $serviceAnnotations }} - {{- include "postgresql.tplValue" (dict "value" $serviceAnnotations "context" $) | nindent 4 }} - {{- end }} -spec: - type: {{ $serviceType }} - {{- if and $serviceLoadBalancerIP (eq $serviceType "LoadBalancer") }} - loadBalancerIP: {{ $serviceLoadBalancerIP }} - {{- end }} - {{- if and (eq $serviceType "LoadBalancer") $serviceLoadBalancerSourceRanges }} - loadBalancerSourceRanges: {{- include "postgresql.tplValue" (dict "value" $serviceLoadBalancerSourceRanges "context" $) | nindent 4 }} - {{- end }} - {{- if and (eq $serviceType "ClusterIP") $serviceClusterIP }} - clusterIP: {{ $serviceClusterIP }} - {{- end }} - ports: - - name: tcp-postgresql - port: {{ template "postgresql.port" . }} - targetPort: tcp-postgresql - {{- if $serviceNodePort }} - nodePort: {{ $serviceNodePort }} - {{- end }} - selector: - {{- include "common.labels.matchLabels" . | nindent 4 }} - role: slave -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/svc.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/svc.yaml deleted file mode 100644 index e9fc50456..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/templates/svc.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- $serviceAnnotations := coalesce .Values.master.service.annotations .Values.service.annotations -}} -{{- $serviceType := coalesce .Values.master.service.type .Values.service.type -}} -{{- $serviceLoadBalancerIP := coalesce .Values.master.service.loadBalancerIP .Values.service.loadBalancerIP -}} -{{- $serviceLoadBalancerSourceRanges := coalesce .Values.master.service.loadBalancerSourceRanges .Values.service.loadBalancerSourceRanges -}} -{{- $serviceClusterIP := coalesce .Values.master.service.clusterIP .Values.service.clusterIP -}} -{{- $serviceNodePort := coalesce .Values.master.service.nodePort .Values.service.nodePort -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "postgresql.fullname" . }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if $serviceAnnotations }} - {{- include "postgresql.tplValue" (dict "value" $serviceAnnotations "context" $) | nindent 4 }} - {{- end }} -spec: - type: {{ $serviceType }} - {{- if and $serviceLoadBalancerIP (eq $serviceType "LoadBalancer") }} - loadBalancerIP: {{ $serviceLoadBalancerIP }} - {{- end }} - {{- if and (eq $serviceType "LoadBalancer") $serviceLoadBalancerSourceRanges }} - loadBalancerSourceRanges: {{- include "postgresql.tplValue" (dict "value" $serviceLoadBalancerSourceRanges "context" $) | nindent 4 }} - {{- end }} - {{- if and (eq $serviceType "ClusterIP") $serviceClusterIP }} - clusterIP: {{ $serviceClusterIP }} - {{- end }} - ports: - - name: tcp-postgresql - port: {{ template "postgresql.port" . }} - targetPort: tcp-postgresql - {{- if $serviceNodePort }} - nodePort: {{ $serviceNodePort }} - {{- end }} - selector: - {{- include "common.labels.matchLabels" . | nindent 4 }} - role: master diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/values-production.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/values-production.yaml deleted file mode 100644 index c08014549..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/values-production.yaml +++ /dev/null @@ -1,594 +0,0 @@ -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry and imagePullSecrets -## -global: - postgresql: {} -# imageRegistry: myRegistryName -# imagePullSecrets: -# - myRegistryKeySecretName -# storageClass: myStorageClass - -## Bitnami PostgreSQL image version -## ref: https://hub.docker.com/r/bitnami/postgresql/tags/ -## -image: - registry: docker.io - repository: bitnami/postgresql - tag: 11.9.0-debian-10-r1 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - - ## Set to true if you would like to see extra information on logs - ## It turns BASH and NAMI debugging in minideb - ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging - debug: false - -## String to partially override postgresql.fullname template (will maintain the release name) -## -# nameOverride: - -## String to fully override postgresql.fullname template -## -# fullnameOverride: - -## -## Init containers parameters: -## volumePermissions: Change the owner of the persist volume mountpoint to RunAsUser:fsGroup -## -volumePermissions: - enabled: false - image: - registry: docker.io - repository: bitnami/minideb - tag: buster - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: Always - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - ## Init container Security Context - ## Note: the chown of the data folder is done to securityContext.runAsUser - ## and not the below volumePermissions.securityContext.runAsUser - ## When runAsUser is set to special value "auto", init container will try to chwon the - ## data folder to autodetermined user&group, using commands: `id -u`:`id -G | cut -d" " -f2` - ## "auto" is especially useful for OpenShift which has scc with dynamic userids (and 0 is not allowed). - ## You may want to use this volumePermissions.securityContext.runAsUser="auto" in combination with - ## pod securityContext.enabled=false and shmVolume.chmod.enabled=false - ## - securityContext: - runAsUser: 0 - -## Use an alternate scheduler, e.g. "stork". -## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ -## -# schedulerName: - -## Pod Security Context -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ -## -securityContext: - enabled: true - fsGroup: 1001 - runAsUser: 1001 - -## Pod Service Account -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ -serviceAccount: - enabled: false - ## Name of an already existing service account. Setting this value disables the automatic service account creation. - # name: - -## Pod Security Policy -## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ -psp: - create: false - -## Creates role for ServiceAccount -## Required for PSP -rbac: - create: false - -replication: - enabled: true - user: repl_user - password: repl_password - slaveReplicas: 2 - ## Set synchronous commit mode: on, off, remote_apply, remote_write and local - ## ref: https://www.postgresql.org/docs/9.6/runtime-config-wal.html#GUC-WAL-LEVEL - synchronousCommit: 'on' - ## From the number of `slaveReplicas` defined above, set the number of those that will have synchronous replication - ## NOTE: It cannot be > slaveReplicas - numSynchronousReplicas: 1 - ## Replication Cluster application name. Useful for defining multiple replication policies - applicationName: my_application - -## PostgreSQL admin password (used when `postgresqlUsername` is not `postgres`) -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-user-on-first-run (see note!) -# postgresqlPostgresPassword: - -## PostgreSQL user (has superuser privileges if username is `postgres`) -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run -postgresqlUsername: postgres - -## PostgreSQL password -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run -## -# postgresqlPassword: - -## PostgreSQL password using existing secret -## existingSecret: secret - -## Mount PostgreSQL secret as a file instead of passing environment variable -# usePasswordFile: false - -## Create a database -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-on-first-run -## -# postgresqlDatabase: - -## PostgreSQL data dir -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md -## -postgresqlDataDir: /bitnami/postgresql/data - -## An array to add extra environment variables -## For example: -## extraEnv: -## - name: FOO -## value: "bar" -## -# extraEnv: -extraEnv: [] - -## Name of a ConfigMap containing extra env vars -## -# extraEnvVarsCM: - -## Specify extra initdb args -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md -## -# postgresqlInitdbArgs: - -## Specify a custom location for the PostgreSQL transaction log -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md -## -# postgresqlInitdbWalDir: - -## PostgreSQL configuration -## Specify runtime configuration parameters as a dict, using camelCase, e.g. -## {"sharedBuffers": "500MB"} -## Alternatively, you can put your postgresql.conf under the files/ directory -## ref: https://www.postgresql.org/docs/current/static/runtime-config.html -## -# postgresqlConfiguration: - -## PostgreSQL extended configuration -## As above, but _appended_ to the main configuration -## Alternatively, you can put your *.conf under the files/conf.d/ directory -## https://github.com/bitnami/bitnami-docker-postgresql#allow-settings-to-be-loaded-from-files-other-than-the-default-postgresqlconf -## -# postgresqlExtendedConf: - -## PostgreSQL client authentication configuration -## Specify content for pg_hba.conf -## Default: do not create pg_hba.conf -## Alternatively, you can put your pg_hba.conf under the files/ directory -# pgHbaConfiguration: |- -# local all all trust -# host all all localhost trust -# host mydatabase mysuser 192.168.0.0/24 md5 - -## ConfigMap with PostgreSQL configuration -## NOTE: This will override postgresqlConfiguration and pgHbaConfiguration -# configurationConfigMap: - -## ConfigMap with PostgreSQL extended configuration -# extendedConfConfigMap: - -## initdb scripts -## Specify dictionary of scripts to be run at first boot -## Alternatively, you can put your scripts under the files/docker-entrypoint-initdb.d directory -## -# initdbScripts: -# my_init_script.sh: | -# #!/bin/sh -# echo "Do something." - -## Specify the PostgreSQL username and password to execute the initdb scripts -# initdbUser: -# initdbPassword: - -## ConfigMap with scripts to be run at first boot -## NOTE: This will override initdbScripts -# initdbScriptsConfigMap: - -## Secret with scripts to be run at first boot (in case it contains sensitive information) -## NOTE: This can work along initdbScripts or initdbScriptsConfigMap -# initdbScriptsSecret: - -## Optional duration in seconds the pod needs to terminate gracefully. -## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods -## -# terminationGracePeriodSeconds: 30 - -## LDAP configuration -## -ldap: - enabled: false - url: '' - server: '' - port: '' - prefix: '' - suffix: '' - baseDN: '' - bindDN: '' - bind_password: - search_attr: '' - search_filter: '' - scheme: '' - tls: false - -## PostgreSQL service configuration -service: - ## PosgresSQL service type - type: ClusterIP - # clusterIP: None - port: 5432 - - ## Specify the nodePort value for the LoadBalancer and NodePort service types. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## - # nodePort: - - ## Provide any additional annotations which may be required. Evaluated as a template. - ## - annotations: {} - ## Set the LoadBalancer service type to internal only. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - # loadBalancerIP: - ## Load Balancer sources. Evaluated as a template. - ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## - # loadBalancerSourceRanges: - # - 10.10.10.0/24 - -## Start master and slave(s) pod(s) without limitations on shm memory. -## By default docker and containerd (and possibly other container runtimes) -## limit `/dev/shm` to `64M` (see e.g. the -## [docker issue](https://github.com/docker-library/postgres/issues/416) and the -## [containerd issue](https://github.com/containerd/containerd/issues/3654), -## which could be not enough if PostgreSQL uses parallel workers heavily. -## -shmVolume: - ## Set `shmVolume.enabled` to `true` to mount a new tmpfs volume to remove - ## this limitation. - ## - enabled: true - ## Set to `true` to `chmod 777 /dev/shm` on a initContainer. - ## This option is ingored if `volumePermissions.enabled` is `false` - ## - chmod: - enabled: true - -## PostgreSQL data Persistent Volume Storage Class -## If defined, storageClassName: -## If set to "-", storageClassName: "", which disables dynamic provisioning -## If undefined (the default) or set to null, no storageClassName spec is -## set, choosing the default provisioner. (gp2 on AWS, standard on -## GKE, AWS & OpenStack) -## -persistence: - enabled: true - ## A manually managed Persistent Volume and Claim - ## If defined, PVC must be created manually before volume will be bound - ## The value is evaluated as a template, so, for example, the name can depend on .Release or .Chart - ## - # existingClaim: - - ## The path the volume will be mounted at, useful when using different - ## PostgreSQL images. - ## - mountPath: /bitnami/postgresql - - ## The subdirectory of the volume to mount to, useful in dev environments - ## and one PV for multiple services. - ## - subPath: '' - - # storageClass: "-" - accessModes: - - ReadWriteOnce - size: 8Gi - annotations: {} - -## updateStrategy for PostgreSQL StatefulSet and its slaves StatefulSets -## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies -updateStrategy: - type: RollingUpdate - -## -## PostgreSQL Master parameters -## -master: - ## Node, affinity, tolerations, and priorityclass settings for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature - ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption - nodeSelector: {} - affinity: {} - tolerations: [] - labels: {} - annotations: {} - podLabels: {} - podAnnotations: {} - priorityClassName: '' - ## Additional PostgreSQL Master Volume mounts - ## - extraVolumeMounts: [] - ## Additional PostgreSQL Master Volumes - ## - extraVolumes: [] - ## Add sidecars to the pod - ## - ## For example: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - sidecars: [] - - ## Override the service configuration for master - ## - service: {} - # type: - # nodePort: - # clusterIP: - -## -## PostgreSQL Slave parameters -## -slave: - ## Node, affinity, tolerations, and priorityclass settings for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature - ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption - nodeSelector: {} - affinity: {} - tolerations: [] - labels: {} - annotations: {} - podLabels: {} - podAnnotations: {} - priorityClassName: '' - ## Extra init containers - ## Example - ## - ## extraInitContainers: - ## - name: do-something - ## image: busybox - ## command: ['do', 'something'] - extraInitContainers: [] - ## Additional PostgreSQL Slave Volume mounts - ## - extraVolumeMounts: [] - ## Additional PostgreSQL Slave Volumes - ## - extraVolumes: [] - ## Add sidecars to the pod - ## - ## For example: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - sidecars: [] - - ## Override the service configuration for slave - ## - service: {} - # type: - # nodePort: - # clusterIP: - ## Whether to enable PostgreSQL slave replicas data Persistent - ## - persistence: - enabled: true - -## Configure resource requests and limits -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## -resources: - requests: - memory: 256Mi - cpu: 250m - -## Add annotations to all the deployed resources -## -commonAnnotations: {} - -networkPolicy: - ## Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now. - ## - enabled: false - - ## The Policy model to apply. When set to false, only pods with the correct - ## client label will have network access to the port PostgreSQL is listening - ## on. When true, PostgreSQL will accept connections from any source - ## (with the correct destination port). - ## - allowExternal: true - - ## if explicitNamespacesSelector is missing or set to {}, only client Pods that are in the networkPolicy's namespace - ## and that match other criteria, the ones that have the good label, can reach the DB. - ## But sometimes, we want the DB to be accessible to clients from other namespaces, in this case, we can use this - ## LabelSelector to select these namespaces, note that the networkPolicy's namespace should also be explicitly added. - ## - ## Example: - ## explicitNamespacesSelector: - ## matchLabels: - ## role: frontend - ## matchExpressions: - ## - {key: role, operator: In, values: [frontend]} - explicitNamespacesSelector: {} - -## Configure extra options for liveness and readiness probes -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) -livenessProbe: - enabled: true - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - -readinessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - -## -## TLS configuration -## -tls: - # Enable TLS traffic - enabled: false - # - # Whether to use the server's TLS cipher preferences rather than the client's. - preferServerCiphers: true - # - # Name of the Secret that contains the certificates - certificatesSecret: '' - # - # Certificate filename - certFilename: '' - # - # Certificate Key filename - certKeyFilename: '' - # - # CA Certificate filename - # If provided, PostgreSQL will authenticate TLS/SSL clients by requesting them a certificate - # ref: https://www.postgresql.org/docs/9.6/auth-methods.html - certCAFilename: - # - # File containing a Certificate Revocation List - crlFilename: - -## Configure metrics exporter -## -metrics: - enabled: true - # resources: {} - service: - type: ClusterIP - annotations: - prometheus.io/scrape: 'true' - prometheus.io/port: '9187' - loadBalancerIP: - serviceMonitor: - enabled: false - additionalLabels: {} - # namespace: monitoring - # interval: 30s - # scrapeTimeout: 10s - ## Custom PrometheusRule to be defined - ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart - ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions - prometheusRule: - enabled: false - additionalLabels: {} - namespace: '' - ## These are just examples rules, please adapt them to your needs. - ## Make sure to constraint the rules to the current postgresql service. - ## rules: - ## - alert: HugeReplicationLag - ## expr: pg_replication_lag{service="{{ template "postgresql.fullname" . }}-metrics"} / 3600 > 1 - ## for: 1m - ## labels: - ## severity: critical - ## annotations: - ## description: replication for {{ template "postgresql.fullname" . }} PostgreSQL is lagging by {{ "{{ $value }}" }} hour(s). - ## summary: PostgreSQL replication is lagging by {{ "{{ $value }}" }} hour(s). - rules: [] - - image: - registry: docker.io - repository: bitnami/postgres-exporter - tag: 0.8.0-debian-10-r188 - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - ## Define additional custom metrics - ## ref: https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file - # customMetrics: - # pg_database: - # query: "SELECT d.datname AS name, CASE WHEN pg_catalog.has_database_privilege(d.datname, 'CONNECT') THEN pg_catalog.pg_database_size(d.datname) ELSE 0 END AS size FROM pg_catalog.pg_database d where datname not in ('template0', 'template1', 'postgres')" - # metrics: - # - name: - # usage: "LABEL" - # description: "Name of the database" - # - size_bytes: - # usage: "GAUGE" - # description: "Size of the database in bytes" - ## An array to add extra env vars to configure postgres-exporter - ## see: https://github.com/wrouesnel/postgres_exporter#environment-variables - ## For example: - # extraEnvVars: - # - name: PG_EXPORTER_DISABLE_DEFAULT_METRICS - # value: "true" - extraEnvVars: {} - - ## Pod Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - ## - securityContext: - enabled: false - runAsUser: 1001 - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) - ## Configure extra options for liveness and readiness probes - livenessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - - readinessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/values.schema.json b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/values.schema.json deleted file mode 100644 index 7b5e2efc3..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/values.schema.json +++ /dev/null @@ -1,103 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "type": "object", - "properties": { - "postgresqlUsername": { - "type": "string", - "title": "Admin user", - "form": true - }, - "postgresqlPassword": { - "type": "string", - "title": "Password", - "form": true - }, - "persistence": { - "type": "object", - "properties": { - "size": { - "type": "string", - "title": "Persistent Volume Size", - "form": true, - "render": "slider", - "sliderMin": 1, - "sliderMax": 100, - "sliderUnit": "Gi" - } - } - }, - "resources": { - "type": "object", - "title": "Required Resources", - "description": "Configure resource requests", - "form": true, - "properties": { - "requests": { - "type": "object", - "properties": { - "memory": { - "type": "string", - "form": true, - "render": "slider", - "title": "Memory Request", - "sliderMin": 10, - "sliderMax": 2048, - "sliderUnit": "Mi" - }, - "cpu": { - "type": "string", - "form": true, - "render": "slider", - "title": "CPU Request", - "sliderMin": 10, - "sliderMax": 2000, - "sliderUnit": "m" - } - } - } - } - }, - "replication": { - "type": "object", - "form": true, - "title": "Replication Details", - "properties": { - "enabled": { - "type": "boolean", - "title": "Enable Replication", - "form": true - }, - "slaveReplicas": { - "type": "integer", - "title": "Slave Replicas", - "form": true, - "hidden": { - "value": false, - "path": "replication/enabled" - } - } - } - }, - "volumePermissions": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "form": true, - "title": "Enable Init Containers", - "description": "Change the owner of the persist volume mountpoint to RunAsUser:fsGroup" - } - } - }, - "metrics": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "title": "Configure metrics exporter", - "form": true - } - } - } - } -} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/values.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/values.yaml deleted file mode 100644 index f45c4183d..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/charts/postgresql/values.yaml +++ /dev/null @@ -1,600 +0,0 @@ -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry and imagePullSecrets -## -global: - postgresql: {} -# imageRegistry: myRegistryName -# imagePullSecrets: -# - myRegistryKeySecretName -# storageClass: myStorageClass - -## Bitnami PostgreSQL image version -## ref: https://hub.docker.com/r/bitnami/postgresql/tags/ -## -image: - registry: docker.io - repository: bitnami/postgresql - tag: 11.9.0-debian-10-r1 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - - ## Set to true if you would like to see extra information on logs - ## It turns BASH and NAMI debugging in minideb - ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging - debug: false - -## String to partially override postgresql.fullname template (will maintain the release name) -## -# nameOverride: - -## String to fully override postgresql.fullname template -## -# fullnameOverride: - -## -## Init containers parameters: -## volumePermissions: Change the owner of the persist volume mountpoint to RunAsUser:fsGroup -## -volumePermissions: - enabled: false - image: - registry: docker.io - repository: bitnami/minideb - tag: buster - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: Always - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - ## Init container Security Context - ## Note: the chown of the data folder is done to securityContext.runAsUser - ## and not the below volumePermissions.securityContext.runAsUser - ## When runAsUser is set to special value "auto", init container will try to chwon the - ## data folder to autodetermined user&group, using commands: `id -u`:`id -G | cut -d" " -f2` - ## "auto" is especially useful for OpenShift which has scc with dynamic userids (and 0 is not allowed). - ## You may want to use this volumePermissions.securityContext.runAsUser="auto" in combination with - ## pod securityContext.enabled=false and shmVolume.chmod.enabled=false - ## - securityContext: - runAsUser: 0 - -## Use an alternate scheduler, e.g. "stork". -## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ -## -# schedulerName: - -## Pod Security Context -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ -## -securityContext: - enabled: true - fsGroup: 1001 - runAsUser: 1001 - -## Pod Service Account -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ -serviceAccount: - enabled: false - ## Name of an already existing service account. Setting this value disables the automatic service account creation. - # name: - -## Pod Security Policy -## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ -psp: - create: false - -## Creates role for ServiceAccount -## Required for PSP -rbac: - create: false - -replication: - enabled: false - user: repl_user - password: repl_password - slaveReplicas: 1 - ## Set synchronous commit mode: on, off, remote_apply, remote_write and local - ## ref: https://www.postgresql.org/docs/9.6/runtime-config-wal.html#GUC-WAL-LEVEL - synchronousCommit: 'off' - ## From the number of `slaveReplicas` defined above, set the number of those that will have synchronous replication - ## NOTE: It cannot be > slaveReplicas - numSynchronousReplicas: 0 - ## Replication Cluster application name. Useful for defining multiple replication policies - applicationName: my_application - -## PostgreSQL admin password (used when `postgresqlUsername` is not `postgres`) -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-user-on-first-run (see note!) -# postgresqlPostgresPassword: - -## PostgreSQL user (has superuser privileges if username is `postgres`) -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run -postgresqlUsername: postgres - -## PostgreSQL password -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run -## -# postgresqlPassword: - -## PostgreSQL password using existing secret -## existingSecret: secret - -## Mount PostgreSQL secret as a file instead of passing environment variable -# usePasswordFile: false - -## Create a database -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-on-first-run -## -# postgresqlDatabase: - -## PostgreSQL data dir -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md -## -postgresqlDataDir: /bitnami/postgresql/data - -## An array to add extra environment variables -## For example: -## extraEnv: -## - name: FOO -## value: "bar" -## -# extraEnv: -extraEnv: [] - -## Name of a ConfigMap containing extra env vars -## -# extraEnvVarsCM: - -## Specify extra initdb args -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md -## -# postgresqlInitdbArgs: - -## Specify a custom location for the PostgreSQL transaction log -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md -## -# postgresqlInitdbWalDir: - -## PostgreSQL configuration -## Specify runtime configuration parameters as a dict, using camelCase, e.g. -## {"sharedBuffers": "500MB"} -## Alternatively, you can put your postgresql.conf under the files/ directory -## ref: https://www.postgresql.org/docs/current/static/runtime-config.html -## -# postgresqlConfiguration: - -## PostgreSQL extended configuration -## As above, but _appended_ to the main configuration -## Alternatively, you can put your *.conf under the files/conf.d/ directory -## https://github.com/bitnami/bitnami-docker-postgresql#allow-settings-to-be-loaded-from-files-other-than-the-default-postgresqlconf -## -# postgresqlExtendedConf: - -## PostgreSQL client authentication configuration -## Specify content for pg_hba.conf -## Default: do not create pg_hba.conf -## Alternatively, you can put your pg_hba.conf under the files/ directory -# pgHbaConfiguration: |- -# local all all trust -# host all all localhost trust -# host mydatabase mysuser 192.168.0.0/24 md5 - -## ConfigMap with PostgreSQL configuration -## NOTE: This will override postgresqlConfiguration and pgHbaConfiguration -# configurationConfigMap: - -## ConfigMap with PostgreSQL extended configuration -# extendedConfConfigMap: - -## initdb scripts -## Specify dictionary of scripts to be run at first boot -## Alternatively, you can put your scripts under the files/docker-entrypoint-initdb.d directory -## -# initdbScripts: -# my_init_script.sh: | -# #!/bin/sh -# echo "Do something." - -## ConfigMap with scripts to be run at first boot -## NOTE: This will override initdbScripts -# initdbScriptsConfigMap: - -## Secret with scripts to be run at first boot (in case it contains sensitive information) -## NOTE: This can work along initdbScripts or initdbScriptsConfigMap -# initdbScriptsSecret: - -## Specify the PostgreSQL username and password to execute the initdb scripts -# initdbUser: -# initdbPassword: - -## Optional duration in seconds the pod needs to terminate gracefully. -## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods -## -# terminationGracePeriodSeconds: 30 - -## LDAP configuration -## -ldap: - enabled: false - url: '' - server: '' - port: '' - prefix: '' - suffix: '' - baseDN: '' - bindDN: '' - bind_password: - search_attr: '' - search_filter: '' - scheme: '' - tls: false - -## PostgreSQL service configuration -service: - ## PosgresSQL service type - type: ClusterIP - # clusterIP: None - port: 5432 - - ## Specify the nodePort value for the LoadBalancer and NodePort service types. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## - # nodePort: - - ## Provide any additional annotations which may be required. Evaluated as a template. - ## - annotations: {} - ## Set the LoadBalancer service type to internal only. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - # loadBalancerIP: - ## Load Balancer sources. Evaluated as a template. - ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## - # loadBalancerSourceRanges: - # - 10.10.10.0/24 - -## Start master and slave(s) pod(s) without limitations on shm memory. -## By default docker and containerd (and possibly other container runtimes) -## limit `/dev/shm` to `64M` (see e.g. the -## [docker issue](https://github.com/docker-library/postgres/issues/416) and the -## [containerd issue](https://github.com/containerd/containerd/issues/3654), -## which could be not enough if PostgreSQL uses parallel workers heavily. -## -shmVolume: - ## Set `shmVolume.enabled` to `true` to mount a new tmpfs volume to remove - ## this limitation. - ## - enabled: true - ## Set to `true` to `chmod 777 /dev/shm` on a initContainer. - ## This option is ingored if `volumePermissions.enabled` is `false` - ## - chmod: - enabled: true - -## PostgreSQL data Persistent Volume Storage Class -## If defined, storageClassName: -## If set to "-", storageClassName: "", which disables dynamic provisioning -## If undefined (the default) or set to null, no storageClassName spec is -## set, choosing the default provisioner. (gp2 on AWS, standard on -## GKE, AWS & OpenStack) -## -persistence: - enabled: true - ## A manually managed Persistent Volume and Claim - ## If defined, PVC must be created manually before volume will be bound - ## The value is evaluated as a template, so, for example, the name can depend on .Release or .Chart - ## - # existingClaim: - - ## The path the volume will be mounted at, useful when using different - ## PostgreSQL images. - ## - mountPath: /bitnami/postgresql - - ## The subdirectory of the volume to mount to, useful in dev environments - ## and one PV for multiple services. - ## - subPath: '' - - # storageClass: "-" - accessModes: - - ReadWriteOnce - size: 8Gi - annotations: {} - -## updateStrategy for PostgreSQL StatefulSet and its slaves StatefulSets -## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies -updateStrategy: - type: RollingUpdate - -## -## PostgreSQL Master parameters -## -master: - ## Node, affinity, tolerations, and priorityclass settings for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature - ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption - nodeSelector: {} - affinity: {} - tolerations: [] - labels: {} - annotations: {} - podLabels: {} - podAnnotations: {} - priorityClassName: '' - ## Extra init containers - ## Example - ## - ## extraInitContainers: - ## - name: do-something - ## image: busybox - ## command: ['do', 'something'] - extraInitContainers: [] - - ## Additional PostgreSQL Master Volume mounts - ## - extraVolumeMounts: [] - ## Additional PostgreSQL Master Volumes - ## - extraVolumes: [] - ## Add sidecars to the pod - ## - ## For example: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - sidecars: [] - - ## Override the service configuration for master - ## - service: {} - # type: - # nodePort: - # clusterIP: - -## -## PostgreSQL Slave parameters -## -slave: - ## Node, affinity, tolerations, and priorityclass settings for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature - ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption - nodeSelector: {} - affinity: {} - tolerations: [] - labels: {} - annotations: {} - podLabels: {} - podAnnotations: {} - priorityClassName: '' - extraInitContainers: | - # - name: do-something - # image: busybox - # command: ['do', 'something'] - ## Additional PostgreSQL Slave Volume mounts - ## - extraVolumeMounts: [] - ## Additional PostgreSQL Slave Volumes - ## - extraVolumes: [] - ## Add sidecars to the pod - ## - ## For example: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - sidecars: [] - - ## Override the service configuration for slave - ## - service: {} - # type: - # nodePort: - # clusterIP: - ## Whether to enable PostgreSQL slave replicas data Persistent - ## - persistence: - enabled: true - -## Configure resource requests and limits -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## -resources: - requests: - memory: 256Mi - cpu: 250m - -## Add annotations to all the deployed resources -## -commonAnnotations: {} - -networkPolicy: - ## Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now. - ## - enabled: false - - ## The Policy model to apply. When set to false, only pods with the correct - ## client label will have network access to the port PostgreSQL is listening - ## on. When true, PostgreSQL will accept connections from any source - ## (with the correct destination port). - ## - allowExternal: true - - ## if explicitNamespacesSelector is missing or set to {}, only client Pods that are in the networkPolicy's namespace - ## and that match other criteria, the ones that have the good label, can reach the DB. - ## But sometimes, we want the DB to be accessible to clients from other namespaces, in this case, we can use this - ## LabelSelector to select these namespaces, note that the networkPolicy's namespace should also be explicitly added. - ## - ## Example: - ## explicitNamespacesSelector: - ## matchLabels: - ## role: frontend - ## matchExpressions: - ## - {key: role, operator: In, values: [frontend]} - explicitNamespacesSelector: {} - -## Configure extra options for liveness and readiness probes -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) -livenessProbe: - enabled: true - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - -readinessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - -## -## TLS configuration -## -tls: - # Enable TLS traffic - enabled: false - # - # Whether to use the server's TLS cipher preferences rather than the client's. - preferServerCiphers: true - # - # Name of the Secret that contains the certificates - certificatesSecret: '' - # - # Certificate filename - certFilename: '' - # - # Certificate Key filename - certKeyFilename: '' - # - # CA Certificate filename - # If provided, PostgreSQL will authenticate TLS/SSL clients by requesting them a certificate - # ref: https://www.postgresql.org/docs/9.6/auth-methods.html - certCAFilename: - # - # File containing a Certificate Revocation List - crlFilename: - -## Configure metrics exporter -## -metrics: - enabled: false - # resources: {} - service: - type: ClusterIP - annotations: - prometheus.io/scrape: 'true' - prometheus.io/port: '9187' - loadBalancerIP: - serviceMonitor: - enabled: false - additionalLabels: {} - # namespace: monitoring - # interval: 30s - # scrapeTimeout: 10s - ## Custom PrometheusRule to be defined - ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart - ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions - prometheusRule: - enabled: false - additionalLabels: {} - namespace: '' - ## These are just examples rules, please adapt them to your needs. - ## Make sure to constraint the rules to the current postgresql service. - ## rules: - ## - alert: HugeReplicationLag - ## expr: pg_replication_lag{service="{{ template "postgresql.fullname" . }}-metrics"} / 3600 > 1 - ## for: 1m - ## labels: - ## severity: critical - ## annotations: - ## description: replication for {{ template "postgresql.fullname" . }} PostgreSQL is lagging by {{ "{{ $value }}" }} hour(s). - ## summary: PostgreSQL replication is lagging by {{ "{{ $value }}" }} hour(s). - rules: [] - - image: - registry: docker.io - repository: bitnami/postgres-exporter - tag: 0.8.0-debian-10-r188 - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - ## Define additional custom metrics - ## ref: https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file - # customMetrics: - # pg_database: - # query: "SELECT d.datname AS name, CASE WHEN pg_catalog.has_database_privilege(d.datname, 'CONNECT') THEN pg_catalog.pg_database_size(d.datname) ELSE 0 END AS size_bytes FROM pg_catalog.pg_database d where datname not in ('template0', 'template1', 'postgres')" - # metrics: - # - name: - # usage: "LABEL" - # description: "Name of the database" - # - size_bytes: - # usage: "GAUGE" - # description: "Size of the database in bytes" - # - ## An array to add extra env vars to configure postgres-exporter - ## see: https://github.com/wrouesnel/postgres_exporter#environment-variables - ## For example: - # extraEnvVars: - # - name: PG_EXPORTER_DISABLE_DEFAULT_METRICS - # value: "true" - extraEnvVars: {} - - ## Pod Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - ## - securityContext: - enabled: false - runAsUser: 1001 - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) - ## Configure extra options for liveness and readiness probes - livenessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - - readinessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/ci/access-tls-values.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/ci/access-tls-values.yaml deleted file mode 100644 index 4dabc956e..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/ci/access-tls-values.yaml +++ /dev/null @@ -1,11 +0,0 @@ -databaseUpgradeReady: true -# To Fix ct tool --reuse-values - PASSWORDS ERROR: you must provide your current passwords when upgrade the release -postgresql: - image: - tag: 12.3.0-debian-10-r71 - postgresqlPassword: password -access: - accessConfig: - security: - tls: true - resetAccessCAKeys: true diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/ci/default-values.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/ci/default-values.yaml deleted file mode 100644 index a43d84d26..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/ci/default-values.yaml +++ /dev/null @@ -1,6 +0,0 @@ -# Leave this file empty to ensure that CI runs builds against the default configuration in values.yaml. -databaseUpgradeReady: true - -# To Fix ct tool --reuse-values - PASSWORDS ERROR: you must provide your current passwords when upgrade the release -postgresql: - postgresqlPassword: password diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/ci/derby-test-values.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/ci/derby-test-values.yaml deleted file mode 100644 index cb86aaf54..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/ci/derby-test-values.yaml +++ /dev/null @@ -1,4 +0,0 @@ -databaseUpgradeReady: true - -postgresql: - enabled: false diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/ci/global-values.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/ci/global-values.yaml deleted file mode 100644 index 8c964a822..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/ci/global-values.yaml +++ /dev/null @@ -1,47 +0,0 @@ -databaseUpgradeReady: true -# To Fix ct tool --reuse-values - PASSWORDS ERROR: you must provide your current passwords when upgrade the release -postgresql: - postgresqlPassword: password -global: - versions: - artifactory: 7.11.2 - masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF - joinKey: EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE - customInitContainers: | - - name: "custom-setup" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" - command: - - 'sh' - - '-c' - - 'touch {{ .Values.artifactory.persistence.mountPath }}/example-custom-setup' - volumeMounts: - - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - name: artifactory-volume - # Add custom volumes - customVolumes: | - - name: custom-script - emptyDir: - sizeLimit: 100Mi - # Add custom volumesMounts - customVolumeMounts: | - - name: custom-script - mountPath: "/scripts" - # Add custom sidecar containers - customSidecarContainers: | - - name: "sidecar-list-etc" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" - securityContext: - allowPrivilegeEscalation: false - command: ["sh","-c","echo 'Sidecar is running' >> /scripts/sidecar.txt; cat /scripts/sidecar.txt; while true; do sleep 30; done"] - volumeMounts: - - mountPath: "/scripts" - name: custom-script - resources: - requests: - memory: "32Mi" - cpu: "50m" - limits: - memory: "128Mi" - cpu: "100m" diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/ci/migration-disabled-values.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/ci/migration-disabled-values.yaml deleted file mode 100644 index f79cbc02f..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/ci/migration-disabled-values.yaml +++ /dev/null @@ -1,7 +0,0 @@ -databaseUpgradeReady: true -# To Fix ct tool --reuse-values - PASSWORDS ERROR: you must provide your current passwords when upgrade the release -postgresql: - postgresqlPassword: password -artifactory: - migration: - enabled: false diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/ci/test-values.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/ci/test-values.yaml deleted file mode 100644 index 8adcd943f..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/ci/test-values.yaml +++ /dev/null @@ -1,13 +0,0 @@ -databaseUpgradeReady: true -artifactory: - persistence: - enabled: true - -postgresql: - image: - tag: 9.6.18-debian-10-r7 - postgresqlPassword: password - postgresqlExtendedConf: - maxConnections: 102 - persistence: - enabled: true diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/files/migrate.sh b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/files/migrate.sh deleted file mode 100644 index e35bfdbb2..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/files/migrate.sh +++ /dev/null @@ -1,4339 +0,0 @@ -#!/bin/bash - -# Flags -FLAG_Y="y" -FLAG_N="n" -FLAGS_Y_N="$FLAG_Y $FLAG_N" -FLAG_NOT_APPLICABLE="_NA_" - -CURRENT_VERSION=$1 - -WRAPPER_SCRIPT_TYPE_RPMDEB="RPMDEB" -WRAPPER_SCRIPT_TYPE_DOCKER_COMPOSE="DOCKERCOMPOSE" - -SENSITIVE_KEY_VALUE="__sensitive_key_hidden___" - -# Shared system keys -SYS_KEY_SHARED_JFROGURL="shared.jfrogUrl" -SYS_KEY_SHARED_SECURITY_JOINKEY="shared.security.joinKey" -SYS_KEY_SHARED_SECURITY_MASTERKEY="shared.security.masterKey" - -SYS_KEY_SHARED_NODE_ID="shared.node.id" -SYS_KEY_SHARED_JAVAHOME="shared.javaHome" - -SYS_KEY_SHARED_DATABASE_TYPE="shared.database.type" -SYS_KEY_SHARED_DATABASE_TYPE_VALUE_POSTGRES="postgresql" -SYS_KEY_SHARED_DATABASE_DRIVER="shared.database.driver" -SYS_KEY_SHARED_DATABASE_URL="shared.database.url" -SYS_KEY_SHARED_DATABASE_USERNAME="shared.database.username" -SYS_KEY_SHARED_DATABASE_PASSWORD="shared.database.password" - -SYS_KEY_SHARED_ELASTICSEARCH_URL="shared.elasticsearch.url" -SYS_KEY_SHARED_ELASTICSEARCH_USERNAME="shared.elasticsearch.username" -SYS_KEY_SHARED_ELASTICSEARCH_PASSWORD="shared.elasticsearch.password" -SYS_KEY_SHARED_ELASTICSEARCH_CLUSTERSETUP="shared.elasticsearch.clusterSetup" -SYS_KEY_SHARED_ELASTICSEARCH_UNICASTFILE="shared.elasticsearch.unicastFile" -SYS_KEY_SHARED_ELASTICSEARCH_CLUSTERSETUP_VALUE="YES" - -# Define this in product specific script. Should contain the path to unitcast file -# File used by insight server to write cluster active nodes info. This will be read by elasticsearch -#SYS_KEY_SHARED_ELASTICSEARCH_UNICASTFILE_VALUE="" - -SYS_KEY_RABBITMQ_ACTIVE_NODE_NAME="shared.rabbitMq.active.node.name" -SYS_KEY_RABBITMQ_ACTIVE_NODE_IP="shared.rabbitMq.active.node.ip" - -# Filenames -FILE_NAME_SYSTEM_YAML="system.yaml" -FILE_NAME_JOIN_KEY="join.key" -FILE_NAME_MASTER_KEY="master.key" -FILE_NAME_INSTALLER_YAML="installer.yaml" - -# Global constants used in business logic -NODE_TYPE_STANDALONE="standalone" -NODE_TYPE_CLUSTER_NODE="node" -NODE_TYPE_DATABASE="database" - -# External(isable) databases -DATABASE_POSTGRES="POSTGRES" -DATABASE_ELASTICSEARCH="ELASTICSEARCH" -DATABASE_RABBITMQ="RABBITMQ" - -POSTGRES_LABEL="PostgreSQL" -ELASTICSEARCH_LABEL="Elasticsearch" -RABBITMQ_LABEL="Rabbitmq" - -ARTIFACTORY_LABEL="Artifactory" -JFMC_LABEL="Mission Control" -DISTRIBUTION_LABEL="Distribution" -XRAY_LABEL="Xray" - -POSTGRES_CONTAINER="postgres" -ELASTICSEARCH_CONTAINER="elasticsearch" -RABBITMQ_CONTAINER="rabbitmq" -REDIS_CONTAINER="redis" - -#Adding a small timeout before a read ensures it is positioned correctly in the screen -read_timeout=0.5 - -# Options related to data directory location -PROMPT_DATA_DIR_LOCATION="Installation Directory" -KEY_DATA_DIR_LOCATION="installer.data_dir" - -SYS_KEY_SHARED_NODE_HAENABLED="shared.node.haEnabled" -PROMPT_ADD_TO_CLUSTER="Are you adding an additional node to an existing product cluster?" -KEY_ADD_TO_CLUSTER="installer.ha" -VALID_VALUES_ADD_TO_CLUSTER="$FLAGS_Y_N" - -MESSAGE_POSTGRES_INSTALL="The installer can install a $POSTGRES_LABEL database, or you can connect to an existing compatible $POSTGRES_LABEL database\n(compatible databases: https://www.jfrog.com/confluence/display/JFROG/System+Requirements#SystemRequirements-RequirementsMatrix)" -PROMPT_POSTGRES_INSTALL="Do you want to install $POSTGRES_LABEL?" -KEY_POSTGRES_INSTALL="installer.install_postgresql" -VALID_VALUES_POSTGRES_INSTALL="$FLAGS_Y_N" - -# Postgres connection details -RPM_DEB_POSTGRES_HOME_DEFAULT="/var/opt/jfrog/postgres" -RPM_DEB_MESSAGE_STANDALONE_POSTGRES_DATA="$POSTGRES_LABEL home will have data and its configuration" -RPM_DEB_PROMPT_STANDALONE_POSTGRES_DATA="Type desired $POSTGRES_LABEL home location" -RPM_DEB_KEY_STANDALONE_POSTGRES_DATA="installer.postgresql.home" - -MESSAGE_DATABASE_URL="Provide the database connection details" -PROMPT_DATABASE_URL(){ - local databaseURlExample= - case "$PRODUCT_NAME" in - $ARTIFACTORY_LABEL) - databaseURlExample="jdbc:postgresql://:/artifactory" - ;; - $JFMC_LABEL) - databaseURlExample="postgresql://:/mission_control?sslmode=disable" - ;; - $DISTRIBUTION_LABEL) - databaseURlExample="jdbc:postgresql://:/distribution?sslmode=disable" - ;; - $XRAY_LABEL) - databaseURlExample="postgres://:/xraydb?sslmode=disable" - ;; - esac - if [ -z "$databaseURlExample" ]; then - echo -n "$POSTGRES_LABEL URL" # For consistency with username and password - return - fi - echo -n "$POSTGRES_LABEL url. Example: [$databaseURlExample]" -} -REGEX_DATABASE_URL(){ - local databaseURlExample= - case "$PRODUCT_NAME" in - $ARTIFACTORY_LABEL) - databaseURlExample="jdbc:postgresql://.*/artifactory.*" - ;; - $JFMC_LABEL) - databaseURlExample="postgresql://.*/mission_control.*" - ;; - $DISTRIBUTION_LABEL) - databaseURlExample="jdbc:postgresql://.*/distribution.*" - ;; - $XRAY_LABEL) - databaseURlExample="postgres://.*/xraydb.*" - ;; - esac - echo -n "^$databaseURlExample\$" -} -ERROR_MESSAGE_DATABASE_URL="Invalid $POSTGRES_LABEL URL" -KEY_DATABASE_URL="$SYS_KEY_SHARED_DATABASE_URL" -#NOTE: It is important to display the label. Since the message may be hidden if URL is known -PROMPT_DATABASE_USERNAME="$POSTGRES_LABEL username" -KEY_DATABASE_USERNAME="$SYS_KEY_SHARED_DATABASE_USERNAME" -#NOTE: It is important to display the label. Since the message may be hidden if URL is known -PROMPT_DATABASE_PASSWORD="$POSTGRES_LABEL password" -KEY_DATABASE_PASSWORD="$SYS_KEY_SHARED_DATABASE_PASSWORD" -IS_SENSITIVE_DATABASE_PASSWORD="$FLAG_Y" - -MESSAGE_STANDALONE_ELASTICSEARCH_INSTALL="The installer can install a $ELASTICSEARCH_LABEL database or you can connect to an existing compatible $ELASTICSEARCH_LABEL database" -PROMPT_STANDALONE_ELASTICSEARCH_INSTALL="Do you want to install $ELASTICSEARCH_LABEL?" -KEY_STANDALONE_ELASTICSEARCH_INSTALL="installer.install_elasticsearch" -VALID_VALUES_STANDALONE_ELASTICSEARCH_INSTALL="$FLAGS_Y_N" - -# Elasticsearch connection details -MESSAGE_ELASTICSEARCH_DETAILS="Provide the $ELASTICSEARCH_LABEL connection details" -PROMPT_ELASTICSEARCH_URL="$ELASTICSEARCH_LABEL URL" -KEY_ELASTICSEARCH_URL="$SYS_KEY_SHARED_ELASTICSEARCH_URL" - -PROMPT_ELASTICSEARCH_USERNAME="$ELASTICSEARCH_LABEL username" -KEY_ELASTICSEARCH_USERNAME="$SYS_KEY_SHARED_ELASTICSEARCH_USERNAME" - -PROMPT_ELASTICSEARCH_PASSWORD="$ELASTICSEARCH_LABEL password" -KEY_ELASTICSEARCH_PASSWORD="$SYS_KEY_SHARED_ELASTICSEARCH_PASSWORD" -IS_SENSITIVE_ELASTICSEARCH_PASSWORD="$FLAG_Y" - -# Cluster related questions -MESSAGE_CLUSTER_MASTER_KEY="Provide the cluster's master key. It can be found in the data directory of the first node under /etc/security/master.key" -PROMPT_CLUSTER_MASTER_KEY="Master Key" -KEY_CLUSTER_MASTER_KEY="$SYS_KEY_SHARED_SECURITY_MASTERKEY" -IS_SENSITIVE_CLUSTER_MASTER_KEY="$FLAG_Y" - -MESSAGE_JOIN_KEY="The Join key is the secret key used to establish trust between services in the JFrog Platform.\n(You can copy the Join Key from Admin > Security > Settings)" -PROMPT_JOIN_KEY="Join Key" -KEY_JOIN_KEY="$SYS_KEY_SHARED_SECURITY_JOINKEY" -IS_SENSITIVE_JOIN_KEY="$FLAG_Y" -REGEX_JOIN_KEY="^[a-zA-Z0-9]{16,}\$" -ERROR_MESSAGE_JOIN_KEY="Invalid Join Key" - -# Rabbitmq related cluster information -MESSAGE_RABBITMQ_ACTIVE_NODE_NAME="Provide an active ${RABBITMQ_LABEL} node name. Run the command [ hostname -s ] on any of the existing nodes in the product cluster to get this" -PROMPT_RABBITMQ_ACTIVE_NODE_NAME="${RABBITMQ_LABEL} active node name" -KEY_RABBITMQ_ACTIVE_NODE_NAME="$SYS_KEY_RABBITMQ_ACTIVE_NODE_NAME" - -# Rabbitmq related cluster information (necessary only for docker-compose) -PROMPT_RABBITMQ_ACTIVE_NODE_IP="${RABBITMQ_LABEL} active node ip" -KEY_RABBITMQ_ACTIVE_NODE_IP="$SYS_KEY_RABBITMQ_ACTIVE_NODE_IP" - -MESSAGE_JFROGURL(){ - echo -e "The JFrog URL allows ${PRODUCT_NAME} to connect to a JFrog Platform Instance.\n(You can copy the JFrog URL from Admin > Security > Settings)" -} -PROMPT_JFROGURL="JFrog URL" -KEY_JFROGURL="$SYS_KEY_SHARED_JFROGURL" -REGEX_JFROGURL="^https?://.*:{0,}[0-9]{0,4}\$" -ERROR_MESSAGE_JFROGURL="Invalid JFrog URL" - - -# Set this to FLAG_Y on upgrade -IS_UPGRADE="${FLAG_N}" - -# This belongs in JFMC but is the ONLY one that needs it so keeping it here for now. Can be made into a method and overridden if necessary -MESSAGE_MULTIPLE_PG_SCHEME="Please setup $POSTGRES_LABEL with schema as described in https://www.jfrog.com/confluence/display/JFROG/Installing+Mission+Control" - -_getMethodOutputOrVariableValue() { - unset EFFECTIVE_MESSAGE - local keyToSearch=$1 - local effectiveMessage= - local result="0" - # logSilly "Searching for method: [$keyToSearch]" - LC_ALL=C type "$keyToSearch" > /dev/null 2>&1 || result="$?" - if [[ "$result" == "0" ]]; then - # logSilly "Found method for [$keyToSearch]" - EFFECTIVE_MESSAGE="$($keyToSearch)" - return - fi - eval EFFECTIVE_MESSAGE=\${$keyToSearch} - if [ ! -z "$EFFECTIVE_MESSAGE" ]; then - return - fi - # logSilly "Didn't find method or variable for [$keyToSearch]" -} - - -# REF https://misc.flogisoft.com/bash/tip_colors_and_formatting -cClear="\e[0m" -cBlue="\e[38;5;69m" -cRedDull="\e[1;31m" -cYellow="\e[1;33m" -cRedBright="\e[38;5;197m" -cBold="\e[1m" - - -_loggerGetModeRaw() { - local MODE="$1" - case $MODE in - INFO) - printf "" - ;; - DEBUG) - printf "%s" "[${MODE}] " - ;; - WARN) - printf "${cRedDull}%s%s${cClear}" "[" "${MODE}" "] " - ;; - ERROR) - printf "${cRedBright}%s%s${cClear}" "[" "${MODE}" "] " - ;; - esac -} - - -_loggerGetMode() { - local MODE="$1" - case $MODE in - INFO) - printf "${cBlue}%s%-5s%s${cClear}" "[" "${MODE}" "]" - ;; - DEBUG) - printf "%-7s" "[${MODE}]" - ;; - WARN) - printf "${cRedDull}%s%-5s%s${cClear}" "[" "${MODE}" "]" - ;; - ERROR) - printf "${cRedBright}%s%-5s%s${cClear}" "[" "${MODE}" "]" - ;; - esac -} - -# Capitalises the first letter of the message -_loggerGetMessage() { - local originalMessage="$*" - local firstChar=$(echo "${originalMessage:0:1}" | awk '{ print toupper($0) }') - local resetOfMessage="${originalMessage:1}" - echo "$firstChar$resetOfMessage" -} - -# The spec also says content should be left-trimmed but this is not necessary in our case. We don't reach the limit. -_loggerGetStackTrace() { - printf "%s%-30s%s" "[" "$1:$2" "]" -} - -_loggerGetThread() { - printf "%s" "[main]" -} - -_loggerGetServiceType() { - printf "%s%-5s%s" "[" "shell" "]" -} - -#Trace ID is not applicable to scripts -_loggerGetTraceID() { - printf "%s" "[]" -} - -logRaw() { - echo "" - printf "$1" - echo "" -} - -logBold(){ - echo "" - printf "${cBold}$1${cClear}" - echo "" -} - -# The date binary works differently based on whether it is GNU/BSD -is_date_supported=0 -date --version > /dev/null 2>&1 || is_date_supported=1 -IS_GNU=$(echo $is_date_supported) - -_loggerGetTimestamp() { - if [ "${IS_GNU}" == "0" ]; then - echo -n $(date -u +%FT%T.%3NZ) - else - echo -n $(date -u +%FT%T.000Z) - fi -} - -# https://www.shellscript.sh/tips/spinner/ -_spin() -{ - spinner="/|\\-/|\\-" - while : - do - for i in `seq 0 7` - do - echo -n "${spinner:$i:1}" - echo -en "\010" - sleep 1 - done - done -} - -showSpinner() { - # Start the Spinner: - _spin & - # Make a note of its Process ID (PID): - SPIN_PID=$! - # Kill the spinner on any signal, including our own exit. - trap "kill -9 $SPIN_PID" `seq 0 15` &> /dev/null || return 0 -} - -stopSpinner() { - local occurrences=$(ps -ef | grep -wc "${SPIN_PID}") - let "occurrences+=0" - # validate that it is present (2 since this search itself will show up in the results) - if [ $occurrences -gt 1 ]; then - kill -9 $SPIN_PID &>/dev/null || return 0 - wait $SPIN_ID &>/dev/null - fi -} - -_getEffectiveMessage(){ - local MESSAGE="$1" - local MODE=${2-"INFO"} - - if [ -z "$CONTEXT" ]; then - CONTEXT=$(caller) - fi - - _EFFECTIVE_MESSAGE= - if [ -z "$LOG_BEHAVIOR_ADD_META" ]; then - _EFFECTIVE_MESSAGE="$(_loggerGetModeRaw $MODE)$(_loggerGetMessage $MESSAGE)" - else - local SERVICE_TYPE="script" - local TRACE_ID="" - local THREAD="main" - - local CONTEXT_LINE=$(echo "$CONTEXT" | awk '{print $1}') - local CONTEXT_FILE=$(echo "$CONTEXT" | awk -F"/" '{print $NF}') - - _EFFECTIVE_MESSAGE="$(_loggerGetTimestamp) $(_loggerGetServiceType) $(_loggerGetMode $MODE) $(_loggerGetTraceID) $(_loggerGetStackTrace $CONTEXT_FILE $CONTEXT_LINE) $(_loggerGetThread) - $(_loggerGetMessage $MESSAGE)" - fi - CONTEXT= -} - -# Important - don't call any log method from this method. Will become an infinite loop. Use echo to debug -_logToFile() { - local MODE=${1-"INFO"} - local targetFile="$LOG_BEHAVIOR_ADD_REDIRECTION" - # IF the file isn't passed, abort - if [ -z "$targetFile" ]; then - return - fi - # IF this is not being run in verbose mode and mode is debug or lower, abort - if [ "${VERBOSE_MODE}" != "$FLAG_Y" ] && [ "${VERBOSE_MODE}" != "true" ] && [ "${VERBOSE_MODE}" != "debug" ]; then - if [ "$MODE" == "DEBUG" ] || [ "$MODE" == "SILLY" ]; then - return - fi - fi - - # Create the file if it doesn't exist - if [ ! -f "${targetFile}" ]; then - return - # touch $targetFile > /dev/null 2>&1 || true - fi - # # Make it readable - # chmod 640 $targetFile > /dev/null 2>&1 || true - - # Log contents - printf "%s\n" "$_EFFECTIVE_MESSAGE" >> "$targetFile" || true -} - -logger() { - if [ "$LOG_BEHAVIOR_ADD_NEW_LINE" == "$FLAG_Y" ]; then - echo "" - fi - _getEffectiveMessage "$@" - local MODE=${2-"INFO"} - printf "%s\n" "$_EFFECTIVE_MESSAGE" - _logToFile "$MODE" -} - -logDebug(){ - VERBOSE_MODE=${VERBOSE_MODE-"false"} - CONTEXT=$(caller) - if [ "${VERBOSE_MODE}" == "$FLAG_Y" ] || [ "${VERBOSE_MODE}" == "true" ] || [ "${VERBOSE_MODE}" == "debug" ];then - logger "$1" "DEBUG" - else - logger "$1" "DEBUG" >&6 - fi - CONTEXT= -} - -logSilly(){ - VERBOSE_MODE=${VERBOSE_MODE-"false"} - CONTEXT=$(caller) - if [ "${VERBOSE_MODE}" == "silly" ];then - logger "$1" "DEBUG" - else - logger "$1" "DEBUG" >&6 - fi - CONTEXT= -} - -logError() { - CONTEXT=$(caller) - logger "$1" "ERROR" - CONTEXT= -} - -errorExit () { - CONTEXT=$(caller) - logger "$1" "ERROR" - CONTEXT= - exit 1 -} - -warn () { - CONTEXT=$(caller) - logger "$1" "WARN" - CONTEXT= -} - -note () { - CONTEXT=$(caller) - logger "$1" "NOTE" - CONTEXT= -} - -bannerStart() { - title=$1 - echo - echo -e "\033[1m${title}\033[0m" - echo -} - -bannerSection() { - title=$1 - echo - echo -e "******************************** ${title} ********************************" - echo -} - -bannerSubSection() { - title=$1 - echo - echo -e "************** ${title} *******************" - echo -} - -bannerMessge() { - title=$1 - echo - echo -e "********************************" - echo -e "${title}" - echo -e "********************************" - echo -} - -setRed () { - local input="$1" - echo -e \\033[31m${input}\\033[0m -} -setGreen () { - local input="$1" - echo -e \\033[32m${input}\\033[0m -} -setYellow () { - local input="$1" - echo -e \\033[33m${input}\\033[0m -} - -logger_addLinebreak () { - echo -e "---\n" -} - -bannerImportant() { - title=$1 - local bold="\033[1m" - local noColour="\033[0m" - echo - echo -e "${bold}######################################## IMPORTANT ########################################${noColour}" - echo -e "${bold}${title}${noColour}" - echo -e "${bold}###########################################################################################${noColour}" - echo -} - -bannerEnd() { - #TODO pass a title and calculate length dynamically so that start and end look alike - echo - echo "*****************************************************************************" - echo -} - -banner() { - title=$1 - content=$2 - bannerStart "${title}" - echo -e "$content" -} - -# The logic below helps us redirect content we'd normally hide to the log file. - # - # We have several commands which clutter the console with output and so use - # `cmd > /dev/null` - this redirects the command's output to null. - # - # However, the information we just hid maybe useful for support. Using the code pattern - # `cmd >&6` (instead of `cmd> >/dev/null` ), the command's output is hidden from the console - # but redirected to the installation log file - # - -#Default value of 6 is just null -exec 6>>/dev/null -redirectLogsToFile() { - echo "" - # local file=$1 - - # [ ! -z "${file}" ] || return 0 - - # local logDir=$(dirname "$file") - - # if [ ! -f "${file}" ]; then - # [ -d "${logDir}" ] || mkdir -p ${logDir} || \ - # ( echo "WARNING : Could not create parent directory (${logDir}) to redirect console log : ${file}" ; return 0 ) - # fi - - # #6 now points to the log file - # exec 6>>${file} - # #reference https://unix.stackexchange.com/questions/145651/using-exec-and-tee-to-redirect-logs-to-stdout-and-a-log-file-in-the-same-time - # exec 2>&1 > >(tee -a "${file}") -} - -# Check if a give key contains any sensitive string as part of it -# Based on the result, the caller can decide its value can be displayed or not -# Sample usage : isKeySensitive "${key}" && displayValue="******" || displayValue=${value} -isKeySensitive(){ - local key=$1 - local sensitiveKeys="password|secret|key|token" - - if [ -z "${key}" ]; then - return 1 - else - local lowercaseKey=$(echo "${key}" | tr '[:upper:]' '[:lower:]' 2>/dev/null) - [[ "${lowercaseKey}" =~ ${sensitiveKeys} ]] && return 0 || return 1 - fi -} - -getPrintableValueOfKey(){ - local displayValue= - local key="$1" - if [ -z "$key" ]; then - # This is actually an incorrect usage of this method but any logging will cause unexpected content in the caller - echo -n "" - return - fi - - local value="$2" - isKeySensitive "${key}" && displayValue="$SENSITIVE_KEY_VALUE" || displayValue="${value}" - echo -n $displayValue -} - -_createConsoleLog(){ - if [ -z "${JF_PRODUCT_HOME}" ]; then - return - fi - local targetFile="${JF_PRODUCT_HOME}/var/log/console.log" - mkdir -p "${JF_PRODUCT_HOME}/var/log" || true - if [ ! -f ${targetFile} ]; then - touch $targetFile > /dev/null 2>&1 || true - fi - chmod 640 $targetFile > /dev/null 2>&1 || true -} - -# Output from application's logs are piped to this method. It checks a configuration variable to determine if content should be logged to -# the common console.log file -redirectServiceLogsToFile() { - - local result="0" - # check if the function getSystemValue exists - LC_ALL=C type getSystemValue > /dev/null 2>&1 || result="$?" - if [[ "$result" != "0" ]]; then - warn "Couldn't find the systemYamlHelper. Skipping log redirection" - return 0 - fi - - getSystemValue "shared.consoleLog" "NOT_SET" - if [[ "${YAML_VALUE}" == "false" ]]; then - logger "Redirection is set to false. Skipping log redirection" - return 0; - fi - - if [ -z "${JF_PRODUCT_HOME}" ] || [ "${JF_PRODUCT_HOME}" == "" ]; then - warn "JF_PRODUCT_HOME is unavailable. Skipping log redirection" - return 0 - fi - - local targetFile="${JF_PRODUCT_HOME}/var/log/console.log" - - _createConsoleLog - - while read -r line; do - printf '%s\n' "${line}" >> $targetFile || return 0 # Don't want to log anything - might clutter the screen - done -} - -## Display environment variables starting with JF_ along with its value -## Value of sensitive keys will be displayed as "******" -## -## Sample Display : -## -## ======================== -## JF Environment variables -## ======================== -## -## JF_SHARED_NODE_ID : locahost -## JF_SHARED_JOINKEY : ****** -## -## -displayEnv() { - local JFEnv=$(printenv | grep ^JF_ 2>/dev/null) - local key= - local value= - - if [ -z "${JFEnv}" ]; then - return - fi - - cat << ENV_START_MESSAGE - -======================== -JF Environment variables -======================== -ENV_START_MESSAGE - - for entry in ${JFEnv}; do - key=$(echo "${entry}" | awk -F'=' '{print $1}') - value=$(echo "${entry}" | awk -F'=' '{print $2}') - - isKeySensitive "${key}" && value="******" || value=${value} - - printf "\n%-35s%s" "${key}" " : ${value}" - done - echo; -} - -_addLogRotateConfiguration() { - logDebug "Method ${FUNCNAME[0]}" - # mandatory inputs - local confFile="$1" - local logFile="$2" - - # Method available in _ioOperations.sh - LC_ALL=C type io_setYQPath > /dev/null 2>&1 || return 1 - - io_setYQPath - - # Method available in _systemYamlHelper.sh - LC_ALL=C type getSystemValue > /dev/null 2>&1 || return 1 - - local frequency="daily" - local archiveFolder="archived" - - local compressLogFiles= - getSystemValue "shared.logging.rotation.compress" "true" - if [[ "${YAML_VALUE}" == "true" ]]; then - compressLogFiles="compress" - fi - - getSystemValue "shared.logging.rotation.maxFiles" "10" - local noOfBackupFiles="${YAML_VALUE}" - - getSystemValue "shared.logging.rotation.maxSizeMb" "25" - local sizeOfFile="${YAML_VALUE}M" - - logDebug "Adding logrotate configuration for [$logFile] to [$confFile]" - - # Add configuration to file - local confContent=$(cat << LOGROTATECONF -$logFile { - $frequency - missingok - rotate $noOfBackupFiles - $compressLogFiles - notifempty - olddir $archiveFolder - dateext - extension .log - dateformat -%Y-%m-%d - size ${sizeOfFile} -} -LOGROTATECONF -) - echo "${confContent}" > ${confFile} || return 1 -} - -_operationIsBySameUser() { - local targetUser="$1" - local currentUserID=$(id -u) - local currentUserName=$(id -un) - - if [ $currentUserID == $targetUser ] || [ $currentUserName == $targetUser ]; then - echo -n "yes" - else - echo -n "no" - fi -} - -_addCronJobForLogrotate() { - logDebug "Method ${FUNCNAME[0]}" - - # Abort if logrotate is not available - [ "$(io_commandExists 'crontab')" != "yes" ] && warn "cron is not available" && return 1 - - # mandatory inputs - local productHome="$1" - local confFile="$2" - local cronJobOwner="$3" - - # We want to use our binary if possible. It may be more recent than the one in the OS - local logrotateBinary="$productHome/app/third-party/logrotate/logrotate" - - if [ ! -f "$logrotateBinary" ]; then - logrotateBinary="logrotate" - [ "$(io_commandExists 'logrotate')" != "yes" ] && warn "logrotate is not available" && return 1 - fi - local cmd="$logrotateBinary ${confFile} --state $productHome/var/etc/logrotate/logrotate-state" #--verbose - - id -u $cronJobOwner > /dev/null 2>&1 || { warn "User $cronJobOwner does not exist. Aborting logrotate configuration" && return 1; } - - # Remove the existing line - removeLogRotation "$productHome" "$cronJobOwner" || true - - # Run logrotate daily at 23:55 hours - local cronInterval="55 23 * * * $cmd" - - local standaloneMode=$(_operationIsBySameUser "$cronJobOwner") - - # If this is standalone mode, we cannot use -u - the user running this process may not have the necessary privileges - if [ "$standaloneMode" == "no" ]; then - (crontab -l -u $cronJobOwner 2>/dev/null; echo "$cronInterval") | crontab -u $cronJobOwner - - else - (crontab -l 2>/dev/null; echo "$cronInterval") | crontab - - fi -} - -## Configure logrotate for a product -## Failure conditions: -## If logrotation could not be setup for some reason -## Parameters: -## $1: The product name -## $2: The product home -## Depends on global: none -## Updates global: none -## Returns: NA - -configureLogRotation() { - logDebug "Method ${FUNCNAME[0]}" - - # mandatory inputs - local productName="$1" - if [ -z $productName ]; then - warn "Incorrect usage. A product name is necessary for configuring log rotation" && return 1 - fi - - local productHome="$2" - if [ -z $productHome ]; then - warn "Incorrect usage. A product home folder is necessary for configuring log rotation" && return 1 - fi - - local logFile="${productHome}/var/log/console.log" - if [[ $(uname) == "Darwin" ]]; then - logger "Log rotation for [$logFile] has not been configured. Please setup manually" - return 0 - fi - - local userID="$3" - if [ -z $userID ]; then - warn "Incorrect usage. A userID is necessary for configuring log rotation" && return 1 - fi - - local groupID=${4:-$userID} - local logConfigOwner=${5:-$userID} - - logDebug "Configuring log rotation as user [$userID], group [$groupID], effective cron User [$logConfigOwner]" - - local errorMessage="Could not configure logrotate. Please configure log rotation of the file: [$logFile] manually" - - local confFile="${productHome}/var/etc/logrotate/logrotate.conf" - - # TODO move to recursive method - createDir "${productHome}" "$userID" "$groupID" || { warn "${errorMessage}" && return 1; } - createDir "${productHome}/var" "$userID" "$groupID" || { warn "${errorMessage}" && return 1; } - createDir "${productHome}/var/log" "$userID" "$groupID" || { warn "${errorMessage}" && return 1; } - createDir "${productHome}/var/log/archived" "$userID" "$groupID" || { warn "${errorMessage}" && return 1; } - - # TODO move to recursive method - createDir "${productHome}/var/etc" "$userID" "$groupID" || { warn "${errorMessage}" && return 1; } - createDir "${productHome}/var/etc/logrotate" "$logConfigOwner" || { warn "${errorMessage}" && return 1; } - - # conf file should be owned by the user running the script - createFile "${confFile}" "${logConfigOwner}" || { warn "Could not create configuration file [$confFile]" return 1; } - - _addLogRotateConfiguration "${confFile}" "${logFile}" "$userID" "$groupID" || { warn "${errorMessage}" && return 1; } - _addCronJobForLogrotate "${productHome}" "${confFile}" "${logConfigOwner}" || { warn "${errorMessage}" && return 1; } -} - -_pauseExecution() { - if [ "${VERBOSE_MODE}" == "debug" ]; then - - local breakPoint="$1" - if [ ! -z "$breakPoint" ]; then - printf "${cBlue}Breakpoint${cClear} [$breakPoint] " - echo "" - fi - printf "${cBlue}Press enter once you are ready to continue${cClear}" - read -s choice - echo "" - fi -} - -# removeLogRotation "$productHome" "$cronJobOwner" || true -removeLogRotation() { - logDebug "Method ${FUNCNAME[0]}" - if [[ $(uname) == "Darwin" ]]; then - logDebug "Not implemented for Darwin." - return 0 - fi - local productHome="$1" - local cronJobOwner="$2" - local standaloneMode=$(_operationIsBySameUser "$cronJobOwner") - - local confFile="${productHome}/var/etc/logrotate/logrotate.conf" - - if [ "$standaloneMode" == "no" ]; then - crontab -l -u $cronJobOwner 2>/dev/null | grep -v "$confFile" | crontab -u $cronJobOwner - - else - crontab -l 2>/dev/null | grep -v "$confFile" | crontab - - fi -} - -# NOTE: This method does not check the configuration to see if redirection is necessary. -# This is intentional. If we don't redirect, tomcat logs might get redirected to a folder/file -# that does not exist, causing the service itself to not start -setupTomcatRedirection() { - logDebug "Method ${FUNCNAME[0]}" - local consoleLog="${JF_PRODUCT_HOME}/var/log/console.log" - _createConsoleLog - export CATALINA_OUT="${consoleLog}" -} - -setupScriptLogsRedirection() { - logDebug "Method ${FUNCNAME[0]}" - if [ -z "${JF_PRODUCT_HOME}" ]; then - logDebug "No JF_PRODUCT_HOME. Returning" - return - fi - # Create the console.log file if it is not already present - # _createConsoleLog || true - # # Ensure any logs (logger/logError/warn) also get redirected to the console.log - # # Using installer.log as a temparory fix. Please change this to console.log once INST-291 is fixed - export LOG_BEHAVIOR_ADD_REDIRECTION="${JF_PRODUCT_HOME}/var/log/console.log" - export LOG_BEHAVIOR_ADD_META="$FLAG_Y" -} - -# Returns Y if this method is run inside a container -isRunningInsideAContainer() { - if [ -f "/.dockerenv" ]; then - echo -n "$FLAG_Y" - else - echo -n "$FLAG_N" - fi -} - -POSTGRES_USER=999 -NGINX_USER=104 -NGINX_GROUP=107 -ES_USER=1000 -REDIS_USER=999 -MONGO_USER=999 -RABBITMQ_USER=999 -LOG_FILE_PERMISSION=640 -PID_FILE_PERMISSION=644 - -# Copy file -copyFile(){ - local source=$1 - local target=$2 - local mode=${3:-overwrite} - local enableVerbose=${4:-"${FLAG_N}"} - local verboseFlag="" - - if [ ! -z "${enableVerbose}" ] && [ "${enableVerbose}" == "${FLAG_Y}" ]; then - verboseFlag="-v" - fi - - if [[ ! ( $source && $target ) ]]; then - warn "Source and target is mandatory to copy file" - return 1 - fi - - if [[ -f "${target}" ]]; then - [[ "$mode" = "overwrite" ]] && ( cp ${verboseFlag} -f "$source" "$target" || errorExit "Unable to copy file, command : cp -f ${source} ${target}") || true - else - cp ${verboseFlag} -f "$source" "$target" || errorExit "Unable to copy file, command : cp -f ${source} ${target}" - fi -} - -# Copy files recursively from given source directory to destination directory -# This method wil copy but will NOT overwrite -# Destination will be created if its not available -copyFilesNoOverwrite(){ - local src=$1 - local dest=$2 - local enableVerboseCopy="${3:-${FLAG_Y}}" - - if [[ -z "${src}" || -z "${dest}" ]]; then - return - fi - - if [ -d "${src}" ] && [ "$(ls -A ${src})" ]; then - local relativeFilePath="" - local targetFilePath="" - - for file in $(find ${src} -type f 2>/dev/null) ; do - # Derive relative path and attach it to destination - # Example : - # src=/extra_config - # dest=/var/opt/jfrog/artifactory/etc - # file=/extra_config/config.xml - # relativeFilePath=config.xml - # targetFilePath=/var/opt/jfrog/artifactory/etc/config.xml - relativeFilePath=${file/${src}/} - targetFilePath=${dest}${relativeFilePath} - - createDir "$(dirname "$targetFilePath")" - copyFile "${file}" "${targetFilePath}" "no_overwrite" "${enableVerboseCopy}" - done - fi -} - -# TODO : WINDOWS ? -# Check the max open files and open processes set on the system -checkULimits () { - local minMaxOpenFiles=${1:-32000} - local minMaxOpenProcesses=${2:-1024} - local setValue=${3:-true} - local warningMsgForFiles=${4} - local warningMsgForProcesses=${5} - - logger "Checking open files and processes limits" - - local currentMaxOpenFiles=$(ulimit -n) - logger "Current max open files is $currentMaxOpenFiles" - if [ ${currentMaxOpenFiles} != "unlimited" ] && [ "$currentMaxOpenFiles" -lt "$minMaxOpenFiles" ]; then - if [ "${setValue}" ]; then - ulimit -n "${minMaxOpenFiles}" >/dev/null 2>&1 || warn "Max number of open files $currentMaxOpenFiles is low!" - [ -z "${warningMsgForFiles}" ] || warn "${warningMsgForFiles}" - else - errorExit "Max number of open files $currentMaxOpenFiles, is too low. Cannot run the application!" - fi - fi - - local currentMaxOpenProcesses=$(ulimit -u) - logger "Current max open processes is $currentMaxOpenProcesses" - if [ "$currentMaxOpenProcesses" != "unlimited" ] && [ "$currentMaxOpenProcesses" -lt "$minMaxOpenProcesses" ]; then - if [ "${setValue}" ]; then - ulimit -u "${minMaxOpenProcesses}" >/dev/null 2>&1 || warn "Max number of open files $currentMaxOpenFiles is low!" - [ -z "${warningMsgForProcesses}" ] || warn "${warningMsgForProcesses}" - else - errorExit "Max number of open files $currentMaxOpenProcesses, is too low. Cannot run the application!" - fi - fi -} - -createDirs() { - local appDataDir=$1 - local serviceName=$2 - local folders="backup bootstrap data etc logs work" - - [ -z "${appDataDir}" ] && errorExit "An application directory is mandatory to create its data structure" || true - [ -z "${serviceName}" ] && errorExit "A service name is mandatory to create service data structure" || true - - for folder in ${folders} - do - folder=${appDataDir}/${folder}/${serviceName} - if [ ! -d "${folder}" ]; then - logger "Creating folder : ${folder}" - mkdir -p "${folder}" || errorExit "Failed to create ${folder}" - fi - done -} - - -testReadWritePermissions () { - local dir_to_check=$1 - local error=false - - [ -d ${dir_to_check} ] || errorExit "'${dir_to_check}' is not a directory" - - local test_file=${dir_to_check}/test-permissions - - # Write file - if echo test > ${test_file} 1> /dev/null 2>&1; then - # Write succeeded. Testing read... - if cat ${test_file} > /dev/null; then - rm -f ${test_file} - else - error=true - fi - else - error=true - fi - - if [ ${error} == true ]; then - return 1 - else - return 0 - fi -} - -# Test directory has read/write permissions for current user -testDirectoryPermissions () { - local dir_to_check=$1 - local error=false - - [ -d ${dir_to_check} ] || errorExit "'${dir_to_check}' is not a directory" - - local u_id=$(id -u) - local id_str="id ${u_id}" - - logger "Testing directory ${dir_to_check} has read/write permissions for user ${id_str}" - - if ! testReadWritePermissions ${dir_to_check}; then - error=true - fi - - if [ "${error}" == true ]; then - local stat_data=$(stat -Lc "Directory: %n, permissions: %a, owner: %U, group: %G" ${dir_to_check}) - logger "###########################################################" - logger "${dir_to_check} DOES NOT have proper permissions for user ${id_str}" - logger "${stat_data}" - logger "Mounted directory must have read/write permissions for user ${id_str}" - logger "###########################################################" - errorExit "Directory ${dir_to_check} has bad permissions for user ${id_str}" - fi - logger "Permissions for ${dir_to_check} are good" -} - -# Utility method to create a directory path recursively with chown feature as -# Failure conditions: -## Exits if unable to create a directory -# Parameters: -## $1: Root directory from where the path can be created -## $2: List of recursive child directories seperated by space -## $3: user who should own the directory. Optional -## $4: group who should own the directory. Optional -# Depends on global: none -# Updates global: none -# Returns: NA -# -# Usage: -# createRecursiveDir "/opt/jfrog/product/var" "bootstrap tomcat lib" "user_name" "group_name" -createRecursiveDir(){ - local rootDir=$1 - local pathDirs=$2 - local user=$3 - local group=${4:-${user}} - local fullPath= - - [ ! -z "${rootDir}" ] || return 0 - - createDir "${rootDir}" "${user}" "${group}" - - [ ! -z "${pathDirs}" ] || return 0 - - fullPath=${rootDir} - - for dir in ${pathDirs}; do - fullPath=${fullPath}/${dir} - createDir "${fullPath}" "${user}" "${group}" - done -} - -# Utility method to create a directory -# Failure conditions: -## Exits if unable to create a directory -# Parameters: -## $1: directory to create -## $2: user who should own the directory. Optional -## $3: group who should own the directory. Optional -# Depends on global: none -# Updates global: none -# Returns: NA - -createDir(){ - local dirName="$1" - local printMessage=no - logSilly "Method ${FUNCNAME[0]} invoked with [$dirName]" - [ -z "${dirName}" ] && return - - logDebug "Attempting to create ${dirName}" - mkdir -p "${dirName}" || errorExit "Unable to create directory: [${dirName}]" - local userID="$2" - local groupID=${3:-$userID} - - # If UID/GID is passed, chown the folder - if [ ! -z "$userID" ] && [ ! -z "$groupID" ]; then - # Earlier, this line would have returned 1 if it failed. Now it just warns. - # This is intentional. Earlier, this line would NOT be reached if the folder already existed. - # Since it will always come to this line and the script may be running as a non-root user, this method will just warn if - # setting permissions fails (so as to not affect any existing flows) - io_setOwnershipNonRecursive "$dirName" "$userID" "$groupID" || warn "Could not set owner of [$dirName] to [$userID:$groupID]" - fi - # logging message to print created dir with user and group - local logMessage=${4:-$printMessage} - if [[ "${logMessage}" == "yes" ]]; then - logger "Successfully created directory [${dirName}]. Owner: [${userID}:${groupID}]" - fi -} - -removeSoftLinkAndCreateDir () { - local dirName="$1" - local userID="$2" - local groupID="$3" - local logMessage="$4" - removeSoftLink "${dirName}" - createDir "${dirName}" "${userID}" "${groupID}" "${logMessage}" -} - -# Utility method to remove a soft link -removeSoftLink () { - local dirName="$1" - if [[ -L "${dirName}" ]]; then - targetLink=$(readlink -f "${dirName}") - logger "Removing the symlink [${dirName}] pointing to [${targetLink}]" - rm -f "${dirName}" - fi -} - -# Check Directory exist in the path -checkDirExists () { - local directoryPath="$1" - - [[ -d "${directoryPath}" ]] && echo -n "true" || echo -n "false" -} - - -# Utility method to create a file -# Failure conditions: -# Parameters: -## $1: file to create -# Depends on global: none -# Updates global: none -# Returns: NA - -createFile(){ - local fileName="$1" - logSilly "Method ${FUNCNAME[0]} [$fileName]" - [ -f "${fileName}" ] && return 0 - touch "${fileName}" || return 1 - - local userID="$2" - local groupID=${3:-$userID} - - # If UID/GID is passed, chown the folder - if [ ! -z "$userID" ] && [ ! -z "$groupID" ]; then - io_setOwnership "$fileName" "$userID" "$groupID" || return 1 - fi -} - -# Check File exist in the filePath -# IMPORTANT- DON'T ADD LOGGING to this method -checkFileExists () { - local filePath="$1" - - [[ -f "${filePath}" ]] && echo -n "true" || echo -n "false" -} - -# Check for directories contains any (files or sub directories) -# IMPORTANT- DON'T ADD LOGGING to this method -checkDirContents () { - local directoryPath="$1" - if [[ "$(ls -1 "${directoryPath}" | wc -l)" -gt 0 ]]; then - echo -n "true" - else - echo -n "false" - fi -} - -# Check contents exist in directory -# IMPORTANT- DON'T ADD LOGGING to this method -checkContentExists () { - local source="$1" - - if [[ "$(checkDirContents "${source}")" != "true" ]]; then - echo -n "false" - else - echo -n "true" - fi -} - -# Resolve the variable -# IMPORTANT- DON'T ADD LOGGING to this method -evalVariable () { - local output="$1" - local input="$2" - - eval "${output}"=\${"${input}"} - eval echo \${"${output}"} -} - -# Usage: if [ "$(io_commandExists 'curl')" == "yes" ] -# IMPORTANT- DON'T ADD LOGGING to this method -io_commandExists() { - local commandToExecute="$1" - hash "${commandToExecute}" 2>/dev/null - local rt=$? - if [ "$rt" == 0 ]; then echo -n "yes"; else echo -n "no"; fi -} - -# Usage: if [ "$(io_curlExists)" != "yes" ] -# IMPORTANT- DON'T ADD LOGGING to this method -io_curlExists() { - io_commandExists "curl" -} - - -io_hasMatch() { - logSilly "Method ${FUNCNAME[0]}" - local result=0 - logDebug "Executing [echo \"$1\" | grep \"$2\" >/dev/null 2>&1]" - echo "$1" | grep "$2" >/dev/null 2>&1 || result=1 - return $result -} - -# Utility method to check if the string passed (usually a connection url) corresponds to this machine itself -# Failure conditions: None -# Parameters: -## $1: string to check against -# Depends on global: none -# Updates global: IS_LOCALHOST with value "yes/no" -# Returns: NA - -io_getIsLocalhost() { - logSilly "Method ${FUNCNAME[0]}" - IS_LOCALHOST="$FLAG_N" - local inputString="$1" - logDebug "Parsing [$inputString] to check if we are dealing with this machine itself" - - io_hasMatch "$inputString" "localhost" && { - logDebug "Found localhost. Returning [$FLAG_Y]" - IS_LOCALHOST="$FLAG_Y" && return; - } || logDebug "Did not find match for localhost" - - local hostIP=$(io_getPublicHostIP) - io_hasMatch "$inputString" "$hostIP" && { - logDebug "Found $hostIP. Returning [$FLAG_Y]" - IS_LOCALHOST="$FLAG_Y" && return; - } || logDebug "Did not find match for $hostIP" - - local hostID=$(io_getPublicHostID) - io_hasMatch "$inputString" "$hostID" && { - logDebug "Found $hostID. Returning [$FLAG_Y]" - IS_LOCALHOST="$FLAG_Y" && return; - } || logDebug "Did not find match for $hostID" - - local hostName=$(io_getPublicHostName) - io_hasMatch "$inputString" "$hostName" && { - logDebug "Found $hostName. Returning [$FLAG_Y]" - IS_LOCALHOST="$FLAG_Y" && return; - } || logDebug "Did not find match for $hostName" - -} - -# Usage: if [ "$(io_tarExists)" != "yes" ] -# IMPORTANT- DON'T ADD LOGGING to this method -io_tarExists() { - io_commandExists "tar" -} - -# IMPORTANT- DON'T ADD LOGGING to this method -io_getPublicHostIP() { - local OS_TYPE=$(uname) - local publicHostIP= - if [ "${OS_TYPE}" == "Darwin" ]; then - ipStatus=$(ifconfig en0 | grep "status" | awk '{print$2}') - if [ "${ipStatus}" == "active" ]; then - publicHostIP=$(ifconfig en0 | grep inet | grep -v inet6 | awk '{print $2}') - else - errorExit "Host IP could not be resolved!" - fi - elif [ "${OS_TYPE}" == "Linux" ]; then - publicHostIP=$(hostname -i 2>/dev/null || echo "127.0.0.1") - fi - publicHostIP=$(echo "${publicHostIP}" | awk '{print $1}') - echo -n "${publicHostIP}" -} - -# Will return the short host name (up to the first dot) -# IMPORTANT- DON'T ADD LOGGING to this method -io_getPublicHostName() { - echo -n "$(hostname -s)" -} - -# Will return the full host name (use this as much as possible) -# IMPORTANT- DON'T ADD LOGGING to this method -io_getPublicHostID() { - echo -n "$(hostname)" -} - -# Utility method to backup a file -# Failure conditions: NA -# Parameters: filePath -# Depends on global: none, -# Updates global: none -# Returns: NA -io_backupFile() { - logSilly "Method ${FUNCNAME[0]}" - fileName="$1" - if [ ! -f "${filePath}" ]; then - logDebug "No file: [${filePath}] to backup" - return - fi - dateTime=$(date +"%Y-%m-%d-%H-%M-%S") - targetFileName="${fileName}.backup.${dateTime}" - yes | \cp -f "$fileName" "${targetFileName}" - logger "File [${fileName}] backedup as [${targetFileName}]" -} - -# Reference https://stackoverflow.com/questions/4023830/how-to-compare-two-strings-in-dot-separated-version-format-in-bash/4025065#4025065 -is_number() { - case "$BASH_VERSION" in - 3.1.*) - PATTERN='\^\[0-9\]+\$' - ;; - *) - PATTERN='^[0-9]+$' - ;; - esac - - [[ "$1" =~ $PATTERN ]] -} - -io_compareVersions() { - if [[ $# != 2 ]] - then - echo "Usage: min_version current minimum" - return - fi - - A="${1%%.*}" - B="${2%%.*}" - - if [[ "$A" != "$1" && "$B" != "$2" && "$A" == "$B" ]] - then - io_compareVersions "${1#*.}" "${2#*.}" - else - if is_number "$A" && is_number "$B" - then - if [[ "$A" -eq "$B" ]]; then - echo "0" - elif [[ "$A" -gt "$B" ]]; then - echo "1" - elif [[ "$A" -lt "$B" ]]; then - echo "-1" - fi - fi - fi -} - -# Reference https://stackoverflow.com/questions/369758/how-to-trim-whitespace-from-a-bash-variable -# Strip all leading and trailing spaces -# IMPORTANT- DON'T ADD LOGGING to this method -io_trim() { - local var="$1" - # remove leading whitespace characters - var="${var#"${var%%[![:space:]]*}"}" - # remove trailing whitespace characters - var="${var%"${var##*[![:space:]]}"}" - echo -n "$var" -} - -# temporary function will be removing it ASAP -# search for string and replace text in file -replaceText_migration_hook () { - local regexString="$1" - local replaceText="$2" - local file="$3" - - if [[ "$(checkFileExists "${file}")" != "true" ]]; then - return - fi - if [[ $(uname) == "Darwin" ]]; then - sed -i '' -e "s/${regexString}/${replaceText}/" "${file}" || warn "Failed to replace the text in ${file}" - else - sed -i -e "s/${regexString}/${replaceText}/" "${file}" || warn "Failed to replace the text in ${file}" - fi -} - -# search for string and replace text in file -replaceText () { - local regexString="$1" - local replaceText="$2" - local file="$3" - - if [[ "$(checkFileExists "${file}")" != "true" ]]; then - return - fi - if [[ $(uname) == "Darwin" ]]; then - sed -i '' -e "s#${regexString}#${replaceText}#" "${file}" || warn "Failed to replace the text in ${file}" - else - sed -i -e "s#${regexString}#${replaceText}#" "${file}" || warn "Failed to replace the text in ${file}" - logDebug "Replaced [$regexString] with [$replaceText] in [$file]" - fi -} - -# search for string and prepend text in file -prependText () { - local regexString="$1" - local text="$2" - local file="$3" - - if [[ "$(checkFileExists "${file}")" != "true" ]]; then - return - fi - if [[ $(uname) == "Darwin" ]]; then - sed -i '' -e '/'"${regexString}"'/i\'$'\n\\'"${text}"''$'\n' "${file}" || warn "Failed to prepend the text in ${file}" - else - sed -i -e '/'"${regexString}"'/i\'$'\n\\'"${text}"''$'\n' "${file}" || warn "Failed to prepend the text in ${file}" - fi -} - -# add text to beginning of the file -addText () { - local text="$1" - local file="$2" - - if [[ "$(checkFileExists "${file}")" != "true" ]]; then - return - fi - if [[ $(uname) == "Darwin" ]]; then - sed -i '' -e '1s/^/'"${text}"'\'$'\n/' "${file}" || warn "Failed to add the text in ${file}" - else - sed -i -e '1s/^/'"${text}"'\'$'\n/' "${file}" || warn "Failed to add the text in ${file}" - fi -} - -io_replaceString () { - local value="$1" - local firstString="$2" - local secondString="$3" - local separator=${4:-"/"} - local updateValue= - if [[ $(uname) == "Darwin" ]]; then - updateValue=$(echo "${value}" | sed "s${separator}${firstString}${separator}${secondString}${separator}") - else - updateValue=$(echo "${value}" | sed "s${separator}${firstString}${separator}${secondString}${separator}") - fi - echo -n "${updateValue}" -} - -_findYQ() { - # logSilly "Method ${FUNCNAME[0]}" (Intentionally not logging. Does not add value) - local parentDir="$1" - if [ -z "$parentDir" ]; then - return - fi - logDebug "Executing command [find "${parentDir}" -name third-party -type d]" - local yq=$(find "${parentDir}" -name third-party -type d) - if [ -d "${yq}/yq" ]; then - export YQ_PATH="${yq}/yq" - fi -} - - -io_setYQPath() { - # logSilly "Method ${FUNCNAME[0]}" (Intentionally not logging. Does not add value) - if [ "$(io_commandExists 'yq')" == "yes" ]; then - return - fi - - if [ ! -z "${JF_PRODUCT_HOME}" ] && [ -d "${JF_PRODUCT_HOME}" ]; then - _findYQ "${JF_PRODUCT_HOME}" - fi - - if [ -z "${YQ_PATH}" ] && [ ! -z "${COMPOSE_HOME}" ] && [ -d "${COMPOSE_HOME}" ]; then - _findYQ "${COMPOSE_HOME}" - fi - # TODO We can remove this block after all the code is restructured. - if [ -z "${YQ_PATH}" ] && [ ! -z "${SCRIPT_HOME}" ] && [ -d "${SCRIPT_HOME}" ]; then - _findYQ "${SCRIPT_HOME}" - fi - -} - -io_getLinuxDistribution() { - LINUX_DISTRIBUTION= - - # Make sure running on Linux - [ $(uname -s) != "Linux" ] && return - - # Find out what Linux distribution we are on - - cat /etc/*-release | grep -i Red >/dev/null 2>&1 && LINUX_DISTRIBUTION=RedHat || true - - # OS 6.x - cat /etc/issue.net | grep Red >/dev/null 2>&1 && LINUX_DISTRIBUTION=RedHat || true - - # OS 7.x - cat /etc/*-release | grep -i centos >/dev/null 2>&1 && LINUX_DISTRIBUTION=CentOS && LINUX_DISTRIBUTION_VER="7" || true - - # OS 8.x - grep -q -i "release 8" /etc/redhat-release >/dev/null 2>&1 && LINUX_DISTRIBUTION_VER="8" || true - - # OS 7.x - grep -q -i "release 7" /etc/redhat-release >/dev/null 2>&1 && LINUX_DISTRIBUTION_VER="7" || true - - # OS 6.x - grep -q -i "release 6" /etc/redhat-release >/dev/null 2>&1 && LINUX_DISTRIBUTION_VER="6" || true - - cat /etc/*-release | grep -i Red | grep -i 'VERSION=7' >/dev/null 2>&1 && LINUX_DISTRIBUTION=RedHat && LINUX_DISTRIBUTION_VER="7" || true - - cat /etc/*-release | grep -i debian >/dev/null 2>&1 && LINUX_DISTRIBUTION=Debian || true - - cat /etc/*-release | grep -i ubuntu >/dev/null 2>&1 && LINUX_DISTRIBUTION=Ubuntu || true -} - -## Utility method to check ownership of folders/files -## Failure conditions: - ## If invoked with incorrect inputs - FATAL - ## If file is not owned by the user & group -## Parameters: - ## user - ## group - ## folder to chown -## Globals: none -## Returns: none -## NOTE: The method does NOTHING if the OS is Mac -io_checkOwner () { - logSilly "Method ${FUNCNAME[0]}" - local osType=$(uname) - - if [ "${osType}" != "Linux" ]; then - logDebug "Unsupported OS. Skipping check" - return 0 - fi - - local file_to_check=$1 - local user_id_to_check=$2 - - - if [ -z "$user_id_to_check" ] || [ -z "$file_to_check" ]; then - errorExit "Invalid invocation of method. Missing mandatory inputs" - fi - - local group_id_to_check=${3:-$user_id_to_check} - local check_user_name=${4:-"no"} - - logDebug "Checking permissions on [$file_to_check] for user [$user_id_to_check] & group [$group_id_to_check]" - - local stat= - - if [ "${check_user_name}" == "yes" ]; then - stat=( $(stat -Lc "%U %G" ${file_to_check}) ) - else - stat=( $(stat -Lc "%u %g" ${file_to_check}) ) - fi - - local user_id=${stat[0]} - local group_id=${stat[1]} - - if [[ "${user_id}" != "${user_id_to_check}" ]] || [[ "${group_id}" != "${group_id_to_check}" ]] ; then - logDebug "Ownership mismatch. [${file_to_check}] is not owned by [${user_id_to_check}:${group_id_to_check}]" - return 1 - else - return 0 - fi -} - -## Utility method to change ownership of a file/folder - NON recursive -## Failure conditions: - ## If invoked with incorrect inputs - FATAL - ## If chown operation fails - returns 1 -## Parameters: - ## user - ## group - ## file to chown -## Globals: none -## Returns: none -## NOTE: The method does NOTHING if the OS is Mac - -io_setOwnershipNonRecursive() { - - local osType=$(uname) - if [ "${osType}" != "Linux" ]; then - return - fi - - local targetFile=$1 - local user=$2 - - if [ -z "$user" ] || [ -z "$targetFile" ]; then - errorExit "Invalid invocation of method. Missing mandatory inputs" - fi - - local group=${3:-$user} - logDebug "Method ${FUNCNAME[0]}. Executing [chown ${user}:${group} ${targetFile}]" - chown ${user}:${group} ${targetFile} || return 1 -} - -## Utility method to change ownership of a file. -## IMPORTANT -## If being called on a folder, should ONLY be called for fresh folders or may cause performance issues -## Failure conditions: - ## If invoked with incorrect inputs - FATAL - ## If chown operation fails - returns 1 -## Parameters: - ## user - ## group - ## file to chown -## Globals: none -## Returns: none -## NOTE: The method does NOTHING if the OS is Mac - -io_setOwnership() { - - local osType=$(uname) - if [ "${osType}" != "Linux" ]; then - return - fi - - local targetFile=$1 - local user=$2 - - if [ -z "$user" ] || [ -z "$targetFile" ]; then - errorExit "Invalid invocation of method. Missing mandatory inputs" - fi - - local group=${3:-$user} - logDebug "Method ${FUNCNAME[0]}. Executing [chown -R ${user}:${group} ${targetFile}]" - chown -R ${user}:${group} ${targetFile} || return 1 -} - -## Utility method to create third party folder structure necessary for Postgres -## Failure conditions: -## If creation of directory or assigning permissions fails -## Parameters: none -## Globals: -## POSTGRESQL_DATA_ROOT -## Returns: none -## NOTE: The method does NOTHING if the folder already exists -io_createPostgresDir() { - logDebug "Method ${FUNCNAME[0]}" - [ -z "${POSTGRESQL_DATA_ROOT}" ] && return 0 - - logDebug "Property [${POSTGRESQL_DATA_ROOT}] exists. Proceeding" - - createDir "${POSTGRESQL_DATA_ROOT}/data" - io_setOwnership "${POSTGRESQL_DATA_ROOT}" "${POSTGRES_USER}" "${POSTGRES_USER}" || errorExit "Setting ownership of [${POSTGRESQL_DATA_ROOT}] to [${POSTGRES_USER}:${POSTGRES_USER}] failed" -} - -## Utility method to create third party folder structure necessary for Nginx -## Failure conditions: -## If creation of directory or assigning permissions fails -## Parameters: none -## Globals: -## NGINX_DATA_ROOT -## Returns: none -## NOTE: The method does NOTHING if the folder already exists -io_createNginxDir() { - logDebug "Method ${FUNCNAME[0]}" - [ -z "${NGINX_DATA_ROOT}" ] && return 0 - - logDebug "Property [${NGINX_DATA_ROOT}] exists. Proceeding" - - createDir "${NGINX_DATA_ROOT}" - io_setOwnership "${NGINX_DATA_ROOT}" "${NGINX_USER}" "${NGINX_GROUP}" || errorExit "Setting ownership of [${NGINX_DATA_ROOT}] to [${NGINX_USER}:${NGINX_GROUP}] failed" -} - -## Utility method to create third party folder structure necessary for ElasticSearch -## Failure conditions: -## If creation of directory or assigning permissions fails -## Parameters: none -## Globals: -## ELASTIC_DATA_ROOT -## Returns: none -## NOTE: The method does NOTHING if the folder already exists -io_createElasticSearchDir() { - logDebug "Method ${FUNCNAME[0]}" - [ -z "${ELASTIC_DATA_ROOT}" ] && return 0 - - logDebug "Property [${ELASTIC_DATA_ROOT}] exists. Proceeding" - - createDir "${ELASTIC_DATA_ROOT}/data" - io_setOwnership "${ELASTIC_DATA_ROOT}" "${ES_USER}" "${ES_USER}" || errorExit "Setting ownership of [${ELASTIC_DATA_ROOT}] to [${ES_USER}:${ES_USER}] failed" -} - -## Utility method to create third party folder structure necessary for Redis -## Failure conditions: -## If creation of directory or assigning permissions fails -## Parameters: none -## Globals: -## REDIS_DATA_ROOT -## Returns: none -## NOTE: The method does NOTHING if the folder already exists -io_createRedisDir() { - logDebug "Method ${FUNCNAME[0]}" - [ -z "${REDIS_DATA_ROOT}" ] && return 0 - - logDebug "Property [${REDIS_DATA_ROOT}] exists. Proceeding" - - createDir "${REDIS_DATA_ROOT}" - io_setOwnership "${REDIS_DATA_ROOT}" "${REDIS_USER}" "${REDIS_USER}" || errorExit "Setting ownership of [${REDIS_DATA_ROOT}] to [${REDIS_USER}:${REDIS_USER}] failed" -} - -## Utility method to create third party folder structure necessary for Mongo -## Failure conditions: -## If creation of directory or assigning permissions fails -## Parameters: none -## Globals: -## MONGODB_DATA_ROOT -## Returns: none -## NOTE: The method does NOTHING if the folder already exists -io_createMongoDir() { - logDebug "Method ${FUNCNAME[0]}" - [ -z "${MONGODB_DATA_ROOT}" ] && return 0 - - logDebug "Property [${MONGODB_DATA_ROOT}] exists. Proceeding" - - createDir "${MONGODB_DATA_ROOT}/logs" - createDir "${MONGODB_DATA_ROOT}/configdb" - createDir "${MONGODB_DATA_ROOT}/db" - io_setOwnership "${MONGODB_DATA_ROOT}" "${MONGO_USER}" "${MONGO_USER}" || errorExit "Setting ownership of [${MONGODB_DATA_ROOT}] to [${MONGO_USER}:${MONGO_USER}] failed" -} - -## Utility method to create third party folder structure necessary for RabbitMQ -## Failure conditions: -## If creation of directory or assigning permissions fails -## Parameters: none -## Globals: -## RABBITMQ_DATA_ROOT -## Returns: none -## NOTE: The method does NOTHING if the folder already exists -io_createRabbitMQDir() { - logDebug "Method ${FUNCNAME[0]}" - [ -z "${RABBITMQ_DATA_ROOT}" ] && return 0 - - logDebug "Property [${RABBITMQ_DATA_ROOT}] exists. Proceeding" - - createDir "${RABBITMQ_DATA_ROOT}" - io_setOwnership "${RABBITMQ_DATA_ROOT}" "${RABBITMQ_USER}" "${RABBITMQ_USER}" || errorExit "Setting ownership of [${RABBITMQ_DATA_ROOT}] to [${RABBITMQ_USER}:${RABBITMQ_USER}] failed" -} - -# Add or replace a property in provided properties file -addOrReplaceProperty() { - local propertyName=$1 - local propertyValue=$2 - local propertiesPath=$3 - local delimiter=${4:-"="} - - # Return if any of the inputs are empty - [[ -z "$propertyName" || "$propertyName" == "" ]] && return - [[ -z "$propertyValue" || "$propertyValue" == "" ]] && return - [[ -z "$propertiesPath" || "$propertiesPath" == "" ]] && return - - grep "^${propertyName}\s*${delimiter}.*$" ${propertiesPath} > /dev/null 2>&1 - [ $? -ne 0 ] && echo -e "\n${propertyName}${delimiter}${propertyValue}" >> ${propertiesPath} - sed -i -e "s|^${propertyName}\s*${delimiter}.*$|${propertyName}${delimiter}${propertyValue}|g;" ${propertiesPath} -} - -# Set property only if its not set -io_setPropertyNoOverride(){ - local propertyName=$1 - local propertyValue=$2 - local propertiesPath=$3 - - # Return if any of the inputs are empty - [[ -z "$propertyName" || "$propertyName" == "" ]] && return - [[ -z "$propertyValue" || "$propertyValue" == "" ]] && return - [[ -z "$propertiesPath" || "$propertiesPath" == "" ]] && return - - grep "^${propertyName}:" ${propertiesPath} > /dev/null 2>&1 - if [ $? -ne 0 ]; then - echo -e "${propertyName}: ${propertyValue}" >> ${propertiesPath} || warn "Setting property ${propertyName}: ${propertyValue} in [ ${propertiesPath} ] failed" - else - logger "Skipping update of property : ${propertyName}" >&6 - fi -} - -# Add a line to a file if it doesn't already exist -addLine() { - local line_to_add=$1 - local target_file=$2 - logger "Trying to add line $1 to $2" >&6 2>&1 - cat "$target_file" | grep -F "$line_to_add" -wq >&6 2>&1 - if [ $? != 0 ]; then - logger "Line does not exist and will be added" >&6 2>&1 - echo $line_to_add >> $target_file || errorExit "Could not update $target_file" - fi -} - -# Utility method to check if a value (first paramter) exists in an array (2nd parameter) -# 1st parameter "value to find" -# 2nd parameter "The array to search in. Please pass a string with each value separated by space" -# Example: containsElement "y" "y Y n N" -containsElement () { - local searchElement=$1 - local searchArray=($2) - local found=1 - for elementInIndex in "${searchArray[@]}";do - if [[ $elementInIndex == $searchElement ]]; then - found=0 - fi - done - return $found -} - -# Utility method to get user's choice -# 1st parameter "what to ask the user" -# 2nd parameter "what choices to accept, separated by spaces" -# 3rd parameter "what is the default choice (to use if the user simply presses Enter)" -# Example 'getUserChoice "Are you feeling lucky? Punk!" "y n Y N" "y"' -getUserChoice(){ - configureLogOutput - read_timeout=${read_timeout:-0.5} - local choice="na" - local text_to_display=$1 - local choices=$2 - local default_choice=$3 - users_choice= - - until containsElement "$choice" "$choices"; do - echo "";echo ""; - sleep $read_timeout #This ensures correct placement of the question. - read -p "$text_to_display :" choice - : ${choice:=$default_choice} - done - users_choice=$choice - echo -e "\n$text_to_display: $users_choice" >&6 - sleep $read_timeout #This ensures correct logging -} - -setFilePermission () { - local permission=$1 - local file=$2 - chmod "${permission}" "${file}" || warn "Setting permission ${permission} to file [ ${file} ] failed" -} - - -#setting required paths -setAppDir (){ - SCRIPT_DIR=$(dirname $0) - SCRIPT_HOME="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" - APP_DIR="`cd "${SCRIPT_HOME}";pwd`" -} - -ZIP_TYPE="zip" -COMPOSE_TYPE="compose" -HELM_TYPE="helm" -RPM_TYPE="rpm" -DEB_TYPE="debian" - -sourceScript () { - local file="$1" - - [ ! -z "${file}" ] || errorExit "target file is not passed to source a file" - - if [ ! -f "${file}" ]; then - errorExit "${file} file is not found" - else - source "${file}" || errorExit "Unable to source ${file}, please check if the user ${USER} has permissions to perform this action" - fi -} -# Source required helpers -initHelpers () { - local systemYamlHelper="${APP_DIR}/systemYamlHelper.sh" - local thirdPartyDir=$(find ${APP_DIR}/.. -name third-party -type d) - export YQ_PATH="${thirdPartyDir}/yq" - LIBXML2_PATH="${thirdPartyDir}/libxml2/bin/xmllint" - export LD_LIBRARY_PATH="${thirdPartyDir}/libxml2/lib" - sourceScript "${systemYamlHelper}" -} -# Check migration info yaml file available in the path -checkMigrationInfoYaml () { - - if [[ -f "${APP_DIR}/migrationHelmInfo.yaml" ]]; then - MIGRATION_SYSTEM_YAML_INFO="${APP_DIR}/migrationHelmInfo.yaml" - INSTALLER="${HELM_TYPE}" - elif [[ -f "${APP_DIR}/migrationZipInfo.yaml" ]]; then - MIGRATION_SYSTEM_YAML_INFO="${APP_DIR}/migrationZipInfo.yaml" - INSTALLER="${ZIP_TYPE}" - elif [[ -f "${APP_DIR}/migrationRpmInfo.yaml" ]]; then - MIGRATION_SYSTEM_YAML_INFO="${APP_DIR}/migrationRpmInfo.yaml" - INSTALLER="${RPM_TYPE}" - elif [[ -f "${APP_DIR}/migrationDebInfo.yaml" ]]; then - MIGRATION_SYSTEM_YAML_INFO="${APP_DIR}/migrationDebInfo.yaml" - INSTALLER="${DEB_TYPE}" - elif [[ -f "${APP_DIR}/migrationComposeInfo.yaml" ]]; then - MIGRATION_SYSTEM_YAML_INFO="${APP_DIR}/migrationComposeInfo.yaml" - INSTALLER="${COMPOSE_TYPE}" - else - errorExit "File migration Info yaml does not exist in [${APP_DIR}]" - fi -} - -retrieveYamlValue () { - local yamlPath="$1" - local value="$2" - local output="$3" - local message="$4" - - [[ -z "${yamlPath}" ]] && errorExit "yamlPath is mandatory to get value from ${MIGRATION_SYSTEM_YAML_INFO}" - - getYamlValue "${yamlPath}" "${MIGRATION_SYSTEM_YAML_INFO}" "false" - value="${YAML_VALUE}" - if [[ -z "${value}" ]]; then - if [[ "${output}" == "Warning" ]]; then - warn "Empty value for ${yamlPath} in [${MIGRATION_SYSTEM_YAML_INFO}]" - elif [[ "${output}" == "Skip" ]]; then - return - else - errorExit "${message}" - fi - fi -} - -checkEnv () { - - if [[ "${INSTALLER}" == "${ZIP_TYPE}" ]]; then - # check Environment JF_PRODUCT_HOME is set before migration - NEW_DATA_DIR="$(evalVariable "NEW_DATA_DIR" "JF_PRODUCT_HOME")" - if [[ -z "${NEW_DATA_DIR}" ]]; then - errorExit "Environment variable JF_PRODUCT_HOME is not set, this is required to perform Migration" - fi - # appending var directory to $JF_PRODUCT_HOME - NEW_DATA_DIR="${NEW_DATA_DIR}/var" - elif [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then - getCustomDataDir_hook - NEW_DATA_DIR="${OLD_DATA_DIR}" - if [[ -z "${NEW_DATA_DIR}" ]] && [[ -z "${OLD_DATA_DIR}" ]]; then - errorExit "Could not find ${PROMPT_DATA_DIR_LOCATION} to perform Migration" - fi - else - # check Environment JF_ROOT_DATA_DIR is set before migration - OLD_DATA_DIR="$(evalVariable "OLD_DATA_DIR" "JF_ROOT_DATA_DIR")" - # check Environment JF_ROOT_DATA_DIR is set before migration - NEW_DATA_DIR="$(evalVariable "NEW_DATA_DIR" "JF_ROOT_DATA_DIR")" - if [[ -z "${NEW_DATA_DIR}" ]] && [[ -z "${OLD_DATA_DIR}" ]]; then - errorExit "Could not find ${PROMPT_DATA_DIR_LOCATION} to perform Migration" - fi - # appending var directory to $JF_PRODUCT_HOME - NEW_DATA_DIR="${NEW_DATA_DIR}/var" - fi - -} - -getDataDir () { - - if [[ "${INSTALLER}" == "${ZIP_TYPE}" || "${INSTALLER}" == "${COMPOSE_TYPE}"|| "${INSTALLER}" == "${HELM_TYPE}" ]]; then - checkEnv - else - getCustomDataDir_hook - NEW_DATA_DIR="`cd "${APP_DIR}"/../../;pwd`" - NEW_DATA_DIR="${NEW_DATA_DIR}/var" - fi -} - -# Retrieve Product name from MIGRATION_SYSTEM_YAML_INFO -getProduct () { - retrieveYamlValue "migration.product" "${YAML_VALUE}" "Fail" "Empty value under ${yamlPath} in [${MIGRATION_SYSTEM_YAML_INFO}]" - PRODUCT="${YAML_VALUE}" - PRODUCT=$(echo "${PRODUCT}" | tr '[:upper:]' '[:lower:]' 2>/dev/null) - if [[ "${PRODUCT}" != "artifactory" && "${PRODUCT}" != "distribution" && "${PRODUCT}" != "xray" ]]; then - errorExit "migration.product in [${MIGRATION_SYSTEM_YAML_INFO}] is not correct, please set based on product as ARTIFACTORY or DISTRIBUTION" - fi - if [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then - JF_USER="${PRODUCT}" - fi -} -# Compare product version with minProductVersion and maxProductVersion -migrateCheckVersion () { - local productVersion="$1" - local minProductVersion="$2" - local maxProductVersion="$3" - local productVersion618="6.18.0" - local unSupportedProductVersions7=("7.2.0 7.2.1") - - if [[ "$(io_compareVersions "${productVersion}" "${maxProductVersion}")" -eq 0 || "$(io_compareVersions "${productVersion}" "${maxProductVersion}")" -eq 1 ]]; then - logger "Migration not necessary. ${PRODUCT} is already ${productVersion}" - exit 11 - elif [[ "$(io_compareVersions "${productVersion}" "${minProductVersion}")" -eq 0 || "$(io_compareVersions "${productVersion}" "${minProductVersion}")" -eq 1 ]]; then - if [[ ("$(io_compareVersions "${productVersion}" "${productVersion618}")" -eq 0 || "$(io_compareVersions "${productVersion}" "${productVersion618}")" -eq 1) && " ${unSupportedProductVersions7[@]} " =~ " ${CURRENT_VERSION} " ]]; then - touch /tmp/error; - errorExit "Current ${PRODUCT} version (${productVersion}) does not support migration to ${CURRENT_VERSION}" - else - bannerStart "Detected ${PRODUCT} ${productVersion}, initiating migration" - fi - else - logger "Current ${PRODUCT} ${productVersion} version is not supported for migration" - exit 1 - fi -} - -getProductVersion () { - local minProductVersion="$1" - local maxProductVersion="$2" - local newfilePath="$3" - local oldfilePath="$4" - local propertyInDocker="$5" - local property="$6" - local productVersion= - local status= - - if [[ "$INSTALLER" == "${COMPOSE_TYPE}" ]]; then - if [[ -f "${oldfilePath}" ]]; then - if [[ "${PRODUCT}" == "artifactory" ]]; then - productVersion="$(readKey "${property}" "${oldfilePath}")" - else - productVersion="$(cat "${oldfilePath}")" - fi - status="success" - elif [[ -f "${newfilePath}" ]]; then - productVersion="$(readKey "${propertyInDocker}" "${newfilePath}")" - status="fail" - else - logger "File [${oldfilePath}] or [${newfilePath}] not found to get current version." - exit 0 - fi - elif [[ "$INSTALLER" == "${HELM_TYPE}" ]]; then - if [[ -f "${oldfilePath}" ]]; then - if [[ "${PRODUCT}" == "artifactory" ]]; then - productVersion="$(readKey "${property}" "${oldfilePath}")" - else - productVersion="$(cat "${oldfilePath}")" - fi - status="success" - else - productVersion="${CURRENT_VERSION}" - [[ -z "${productVersion}" || "${productVersion}" == "" ]] && logger "${PRODUCT} CURRENT_VERSION is not set" && exit 0 - fi - else - if [[ -f "${newfilePath}" ]]; then - productVersion="$(readKey "${property}" "${newfilePath}")" - status="fail" - elif [[ -f "${oldfilePath}" ]]; then - productVersion="$(readKey "${property}" "${oldfilePath}")" - status="success" - else - if [[ "${INSTALLER}" == "${ZIP_TYPE}" ]]; then - logger "File [${newfilePath}] not found to get current version." - else - logger "File [${oldfilePath}] or [${newfilePath}] not found to get current version." - fi - exit 0 - fi - fi - if [[ -z "${productVersion}" || "${productVersion}" == "" ]]; then - [[ "${status}" == "success" ]] && logger "No version found in file [${oldfilePath}]." - [[ "${status}" == "fail" ]] && logger "No version found in file [${newfilePath}]." - exit 0 - fi - - migrateCheckVersion "${productVersion}" "${minProductVersion}" "${maxProductVersion}" -} - -readKey () { - local property="$1" - local file="$2" - local version= - - while IFS='=' read -r key value || [ -n "${key}" ]; - do - [[ ! "${key}" =~ \#.* && ! -z "${key}" && ! -z "${value}" ]] - key="$(io_trim "${key}")" - if [[ "${key}" == "${property}" ]]; then - version="${value}" && check=true && break - else - check=false - fi - done < "${file}" - if [[ "${check}" == "false" ]]; then - return - fi - echo "${version}" -} - -# create Log directory -createLogDir () { - if [[ "${INSTALLER}" == "${DEB_TYPE}" || "${INSTALLER}" == "${RPM_TYPE}" ]]; then - getUserAndGroupFromFile - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/log" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" - fi -} - -# Creating migration log file -creationMigrateLog () { - local LOG_FILE_NAME="migration.log" - createLogDir - local MIGRATION_LOG_FILE="${NEW_DATA_DIR}/log/${LOG_FILE_NAME}" - if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then - MIGRATION_LOG_FILE="${SCRIPT_HOME}/${LOG_FILE_NAME}" - fi - touch "${MIGRATION_LOG_FILE}" - setFilePermission "${LOG_FILE_PERMISSION}" "${MIGRATION_LOG_FILE}" - exec &> >(tee -a "${MIGRATION_LOG_FILE}") -} -# Set path where system.yaml should create -setSystemYamlPath () { - SYSTEM_YAML_PATH="${NEW_DATA_DIR}/etc/system.yaml" - if [[ "${INSTALLER}" != "${HELM_TYPE}" ]]; then - logger "system.yaml will be created in path [${SYSTEM_YAML_PATH}]" - fi -} -# Create directory -createDirectory () { - local directory="$1" - local output="$2" - local check=false - local message="Could not create directory ${directory}, please check if the user ${USER} has permissions to perform this action" - removeSoftLink "${directory}" - mkdir -p "${directory}" && check=true || check=false - if [[ "${check}" == "false" ]]; then - if [[ "${output}" == "Warning" ]]; then - warn "${message}" - else - errorExit "${message}" - fi - fi - setOwnershipBasedOnInstaller "${directory}" -} - -setOwnershipBasedOnInstaller () { - local directory="$1" - if [[ "${INSTALLER}" == "${DEB_TYPE}" || "${INSTALLER}" == "${RPM_TYPE}" ]]; then - getUserAndGroupFromFile - chown -R ${USER_TO_CHECK}:${GROUP_TO_CHECK} "${directory}" || warn "Setting ownership on $directory failed" - elif [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then - io_setOwnership "${directory}" "${JF_USER}" "${JF_USER}" - fi -} - -getUserAndGroup () { - local file="$1" - read uid gid <<<$(stat -c '%U %G' ${file}) - USER_TO_CHECK="${uid}" - GROUP_TO_CHECK="${gid}" -} - -# set ownership -getUserAndGroupFromFile () { - case $PRODUCT in - artifactory) - getUserAndGroup "/etc/opt/jfrog/artifactory/artifactory.properties" - ;; - distribution) - getUserAndGroup "${OLD_DATA_DIR}/etc/versions.properties" - ;; - xray) - getUserAndGroup "${OLD_DATA_DIR}/security/master.key" - ;; - esac -} - -# creating required directories -createRequiredDirs () { - bannerSubSection "CREATING REQUIRED DIRECTORIES" - if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/etc/security" "${JF_USER}" "${JF_USER}" "yes" - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/data" "${JF_USER}" "${JF_USER}" "yes" - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/log/archived" "${JF_USER}" "${JF_USER}" "yes" - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/work" "${JF_USER}" "${JF_USER}" "yes" - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/backup" "${JF_USER}" "${JF_USER}" "yes" - io_setOwnership "${NEW_DATA_DIR}" "${JF_USER}" "${JF_USER}" - if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" ]]; then - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/data/postgres" "${POSTGRES_USER}" "${POSTGRES_USER}" "yes" - fi - elif [[ "${INSTALLER}" == "${DEB_TYPE}" || "${INSTALLER}" == "${RPM_TYPE}" ]]; then - getUserAndGroupFromFile - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/etc" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" "yes" - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/etc/security" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" "yes" - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/data" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" "yes" - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/log/archived" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" "yes" - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/work" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" "yes" - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/backup" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" "yes" - fi -} - -# Check entry in map is format -checkMapEntry () { - local entry="$1" - - [[ "${entry}" != *"="* ]] && echo -n "false" || echo -n "true" -} -# Check value Empty and warn -warnIfEmpty () { - local filePath="$1" - local yamlPath="$2" - local check= - - if [[ -z "${filePath}" ]]; then - warn "Empty value in yamlpath [${yamlPath} in [${MIGRATION_SYSTEM_YAML_INFO}]" - check=false - else - check=true - fi - echo "${check}" -} - -logCopyStatus () { - local status="$1" - local logMessage="$2" - local warnMessage="$3" - - [[ "${status}" == "success" ]] && logger "${logMessage}" - [[ "${status}" == "fail" ]] && warn "${warnMessage}" -} -# copy contents from source to destination -copyCmd () { - local source="$1" - local target="$2" - local mode="$3" - local status= - - case $mode in - unique) - cp -up "${source}"/* "${target}"/ && status="success" || status="fail" - logCopyStatus "${status}" "Successfully copied directory contents from [${source}] to [${target}]" "Failed to copy directory contents from [${source}] to [${target}]" - ;; - specific) - cp -pf "${source}" "${target}"/ && status="success" || status="fail" - logCopyStatus "${status}" "Successfully copied file [${source}] to [${target}]" "Failed to copy file [${source}] to [${target}]" - ;; - patternFiles) - cp -pf "${source}"* "${target}"/ && status="success" || status="fail" - logCopyStatus "${status}" "Successfully copied files matching [${source}*] to [${target}]" "Failed to copy files matching [${source}*] to [${target}]" - ;; - full) - cp -prf "${source}"/* "${target}"/ && status="success" || status="fail" - logCopyStatus "${status}" "Successfully copied directory contents from [${source}] to [${target}]" "Failed to copy directory contents from [${source}] to [${target}]" - ;; - esac -} -# Check contents exist in source before copying -copyOnContentExist () { - local source="$1" - local target="$2" - local mode="$3" - - if [[ "$(checkContentExists "${source}")" == "true" ]]; then - copyCmd "${source}" "${target}" "${mode}" - else - logger "No contents to copy from [${source}]" - fi -} - -# move source to destination -moveCmd () { - local source="$1" - local target="$2" - local status= - - mv -f "${source}" "${target}" && status="success" || status="fail" - [[ "${status}" == "success" ]] && logger "Successfully moved directory [${source}] to [${target}]" - [[ "${status}" == "fail" ]] && warn "Failed to move directory [${source}] to [${target}]" -} - -# symlink target to source -symlinkCmd () { - local source="$1" - local target="$2" - local symlinkSubDir="$3" - local check=false - - if [[ "${symlinkSubDir}" == "subDir" ]]; then - ln -sf "${source}"/* "${target}" && check=true || check=false - else - ln -sf "${source}" "${target}" && check=true || check=false - fi - - [[ "${check}" == "true" ]] && logger "Successfully symlinked directory [${target}] to old [${source}]" - [[ "${check}" == "false" ]] && warn "Symlink operation failed" -} -# Check contents exist in source before symlinking -symlinkOnExist () { - local source="$1" - local target="$2" - local symlinkSubDir="$3" - - if [[ "$(checkContentExists "${source}")" == "true" ]]; then - if [[ "${symlinkSubDir}" == "subDir" ]]; then - symlinkCmd "${source}" "${target}" "subDir" - else - symlinkCmd "${source}" "${target}" - fi - else - logger "No contents to symlink from [${source}]" - fi -} - -prependDir () { - local absolutePath="$1" - local fullPath="$2" - local sourcePath= - - if [[ "${absolutePath}" = \/* ]]; then - sourcePath="${absolutePath}" - else - sourcePath="${fullPath}" - fi - echo "${sourcePath}" -} - -getFirstEntry (){ - local entry="$1" - - [[ -z "${entry}" ]] && return - echo "${entry}" | awk -F"=" '{print $1}' -} - -getSecondEntry () { - local entry="$1" - - [[ -z "${entry}" ]] && return - echo "${entry}" | awk -F"=" '{print $2}' -} -# To get absolutePath -pathResolver () { - local directoryPath="$1" - local dataDir= - - if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then - retrieveYamlValue "migration.oldDataDir" "oldDataDir" "Warning" - dataDir="${YAML_VALUE}" - cd "${dataDir}" - else - cd "${OLD_DATA_DIR}" - fi - absoluteDir="`cd "${directoryPath}";pwd`" - echo "${absoluteDir}" -} - -checkPathResolver () { - local value="$1" - - if [[ "${value}" == \/* ]]; then - value="${value}" - else - value="$(pathResolver "${value}")" - fi - echo "${value}" -} - -propertyMigrate () { - local entry="$1" - local filePath="$2" - local fileName="$3" - local check=false - - local yamlPath="$(getFirstEntry "${entry}")" - local property="$(getSecondEntry "${entry}")" - if [[ -z "${property}" ]]; then - warn "Property is empty in map [${entry}] in the file [${MIGRATION_SYSTEM_YAML_INFO}]" - return - fi - if [[ -z "${yamlPath}" ]]; then - warn "yamlPath is empty for [${property}] in [${MIGRATION_SYSTEM_YAML_INFO}]" - return - fi - while IFS='=' read -r key value || [ -n "${key}" ]; - do - [[ ! "${key}" =~ \#.* && ! -z "${key}" && ! -z "${value}" ]] - key="$(io_trim "${key}")" - if [[ "${key}" == "${property}" ]]; then - if [[ "${PRODUCT}" == "artifactory" ]]; then - value="$(migrateResolveDerbyPath "${key}" "${value}")" - value="$(migrateResolveHaDirPath "${key}" "${value}")" - value="$(updatePostgresUrlString_Hook "${yamlPath}" "${value}")" - fi - if [[ "${key}" == "context.url" ]]; then - local ip=$(echo "${value}" | awk -F/ '{print $3}' | sed 's/:.*//') - setSystemValue "shared.node.ip" "${ip}" "${SYSTEM_YAML_PATH}" - logger "Setting [shared.node.ip] with [${ip}] in system.yaml" - fi - setSystemValue "${yamlPath}" "${value}" "${SYSTEM_YAML_PATH}" && logger "Setting [${yamlPath}] with value of the property [${property}] in system.yaml" && check=true && break || check=false - fi - done < "${NEW_DATA_DIR}/${filePath}/${fileName}" - [[ "${check}" == "false" ]] && logger "Property [${property}] not found in file [${fileName}]" -} - -setHaEnabled_hook () { - echo "" -} - -migratePropertiesFiles () { - local fileList= - local filePath= - local fileName= - local map= - - retrieveYamlValue "migration.propertyFiles.files" "fileList" "Skip" - fileList="${YAML_VALUE}" - if [[ -z "${fileList}" ]]; then - return - fi - bannerSection "PROCESSING MIGRATION OF PROPERTY FILES" - for file in ${fileList}; - do - bannerSubSection "Processing Migration of $file" - retrieveYamlValue "migration.propertyFiles.$file.filePath" "filePath" "Warning" - filePath="${YAML_VALUE}" - retrieveYamlValue "migration.propertyFiles.$file.fileName" "fileName" "Warning" - fileName="${YAML_VALUE}" - [[ -z "${filePath}" && -z "${fileName}" ]] && continue - if [[ "$(checkFileExists "${NEW_DATA_DIR}/${filePath}/${fileName}")" == "true" ]]; then - logger "File [${fileName}] found in path [${NEW_DATA_DIR}/${filePath}]" - # setting haEnabled with true only if ha-node.properties is present - setHaEnabled_hook "${filePath}" - retrieveYamlValue "migration.propertyFiles.$file.map" "map" "Warning" - map="${YAML_VALUE}" - [[ -z "${map}" ]] && continue - for entry in $map; - do - if [[ "$(checkMapEntry "${entry}")" == "true" ]]; then - propertyMigrate "${entry}" "${filePath}" "${fileName}" - else - warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e yamlPath=property" - fi - done - else - logger "File [${fileName}] was not found in path [${NEW_DATA_DIR}/${filePath}] to migrate" - fi - done -} - -createTargetDir () { - local mountDir="$1" - local target="$2" - - logger "Target directory not found [${mountDir}/${target}], creating it" - createDirectoryRecursive "${mountDir}" "${target}" "Warning" -} - -createDirectoryRecursive () { - local mountDir="$1" - local target="$2" - local output="$3" - local check=false - local message="Could not create directory ${directory}, please check if the user ${USER} has permissions to perform this action" - removeSoftLink "${mountDir}/${target}" - local directory=$(echo "${target}" | tr '/' ' ' ) - local targetDir="${mountDir}" - for dir in ${directory}; - do - targetDir="${targetDir}/${dir}" - mkdir -p "${targetDir}" && check=true || check=false - setOwnershipBasedOnInstaller "${targetDir}" - done - if [[ "${check}" == "false" ]]; then - if [[ "${output}" == "Warning" ]]; then - warn "${message}" - else - errorExit "${message}" - fi - fi -} - -copyOperation () { - local source="$1" - local target="$2" - local mode="$3" - local check=false - local targetDataDir= - local targetLink= - local date= - - # prepend OLD_DATA_DIR only if source is relative path - source="$(prependDir "${source}" "${OLD_DATA_DIR}/${source}")" - if [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then - targetDataDir="${NEW_DATA_DIR}" - else - targetDataDir="`cd "${NEW_DATA_DIR}"/../;pwd`" - fi - copyLogMessage "${mode}" - #remove source if it is a symlink - if [[ -L "${source}" ]]; then - targetLink=$(readlink -f "${source}") - logger "Removing the symlink [${source}] pointing to [${targetLink}]" - rm -f "${source}" - source=${targetLink} - fi - if [[ "$(checkDirExists "${source}")" != "true" ]]; then - logger "Source [${source}] directory not found in path" - return - fi - if [[ "$(checkDirContents "${source}")" != "true" ]]; then - logger "No contents to copy from [${source}]" - return - fi - if [[ "$(checkDirExists "${targetDataDir}/${target}")" != "true" ]]; then - createTargetDir "${targetDataDir}" "${target}" - fi - copyOnContentExist "${source}" "${targetDataDir}/${target}" "${mode}" -} - -copySpecificFiles () { - local source="$1" - local target="$2" - local mode="$3" - - # prepend OLD_DATA_DIR only if source is relative path - source="$(prependDir "${source}" "${OLD_DATA_DIR}/${source}")" - if [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then - targetDataDir="${NEW_DATA_DIR}" - else - targetDataDir="`cd "${NEW_DATA_DIR}"/../;pwd`" - fi - copyLogMessage "${mode}" - if [[ "$(checkFileExists "${source}")" != "true" ]]; then - logger "Source file [${source}] does not exist in path" - return - fi - if [[ "$(checkDirExists "${targetDataDir}/${target}")" != "true" ]]; then - createTargetDir "${targetDataDir}" "${target}" - fi - copyCmd "${source}" "${targetDataDir}/${target}" "${mode}" -} - -copyPatternMatchingFiles () { - local source="$1" - local target="$2" - local mode="$3" - local sourcePath="${4}" - - # prepend OLD_DATA_DIR only if source is relative path - sourcePath="$(prependDir "${sourcePath}" "${OLD_DATA_DIR}/${sourcePath}")" - if [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then - targetDataDir="${NEW_DATA_DIR}" - else - targetDataDir="`cd "${NEW_DATA_DIR}"/../;pwd`" - fi - copyLogMessage "${mode}" - if [[ "$(checkDirExists "${sourcePath}")" != "true" ]]; then - logger "Source [${sourcePath}] directory not found in path" - return - fi - if ls "${sourcePath}/${source}"* 1> /dev/null 2>&1; then - if [[ "$(checkDirExists "${targetDataDir}/${target}")" != "true" ]]; then - createTargetDir "${targetDataDir}" "${target}" - fi - copyCmd "${sourcePath}/${source}" "${targetDataDir}/${target}" "${mode}" - else - logger "Source file [${sourcePath}/${source}*] does not exist in path" - fi -} - -copyLogMessage () { - local mode="$1" - case $mode in - specific) - logger "Copy file [${source}] to target [${targetDataDir}/${target}]" - ;; - patternFiles) - logger "Copy files matching [${sourcePath}/${source}*] to target [${targetDataDir}/${target}]" - ;; - full) - logger "Copy directory contents from source [${source}] to target [${targetDataDir}/${target}]" - ;; - unique) - logger "Copy directory contents from source [${source}] to target [${targetDataDir}/${target}]" - ;; - esac -} - -copyBannerMessages () { - local mode="$1" - local textMode="$2" - case $mode in - specific) - bannerSection "COPY ${textMode} FILES" - ;; - patternFiles) - bannerSection "COPY MATCHING ${textMode}" - ;; - full) - bannerSection "COPY ${textMode} DIRECTORIES CONTENTS" - ;; - unique) - bannerSection "COPY ${textMode} DIRECTORIES CONTENTS" - ;; - esac -} - -invokeCopyFunctions () { - local mode="$1" - local source="$2" - local target="$3" - - case $mode in - specific) - copySpecificFiles "${source}" "${target}" "${mode}" - ;; - patternFiles) - retrieveYamlValue "migration.${copyFormat}.sourcePath" "map" "Warning" - local sourcePath="${YAML_VALUE}" - copyPatternMatchingFiles "${source}" "${target}" "${mode}" "${sourcePath}" - ;; - full) - copyOperation "${source}" "${target}" "${mode}" - ;; - unique) - copyOperation "${source}" "${target}" "${mode}" - ;; - esac -} -# Copies contents from source directory and target directory -copyDataDirectories () { - local copyFormat="$1" - local mode="$2" - local map= - local source= - local target= - local textMode= - local targetDataDir= - local copyFormatValue= - - retrieveYamlValue "migration.${copyFormat}" "${copyFormat}" "Skip" - copyFormatValue="${YAML_VALUE}" - if [[ -z "${copyFormatValue}" ]]; then - return - fi - textMode=$(echo "${mode}" | tr '[:lower:]' '[:upper:]' 2>/dev/null) - copyBannerMessages "${mode}" "${textMode}" - retrieveYamlValue "migration.${copyFormat}.map" "map" "Warning" - map="${YAML_VALUE}" - if [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then - targetDataDir="${NEW_DATA_DIR}" - else - targetDataDir="`cd "${NEW_DATA_DIR}"/../;pwd`" - fi - for entry in $map; - do - if [[ "$(checkMapEntry "${entry}")" == "true" ]]; then - source="$(getSecondEntry "${entry}")" - target="$(getFirstEntry "${entry}")" - [[ -z "${source}" ]] && warn "source value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue - [[ -z "${target}" ]] && warn "target value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue - invokeCopyFunctions "${mode}" "${source}" "${target}" - else - warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e target=source" - fi - echo ""; - done -} - -invokeMoveFunctions () { - local source="$1" - local target="$2" - local sourceDataDir= - local targetBasename= - # prepend OLD_DATA_DIR only if source is relative path - sourceDataDir=$(prependDir "${source}" "${OLD_DATA_DIR}/${source}") - targetBasename=$(dirname "${target}") - logger "Moving directory source [${sourceDataDir}] to target [${NEW_DATA_DIR}/${target}]" - if [[ "$(checkDirExists "${sourceDataDir}")" != "true" ]]; then - logger "Directory [${sourceDataDir}] not found in path to move" - return - fi - if [[ "$(checkDirExists "${NEW_DATA_DIR}/${targetBasename}")" != "true" ]]; then - createTargetDir "${NEW_DATA_DIR}" "${targetBasename}" - moveCmd "${sourceDataDir}" "${NEW_DATA_DIR}/${target}" - else - moveCmd "${sourceDataDir}" "${NEW_DATA_DIR}/tempDir" - moveCmd "${NEW_DATA_DIR}/tempDir" "${NEW_DATA_DIR}/${target}" - fi -} - -# Move source directory and target directory -moveDirectories () { - local moveDataDirectories= - local map= - local source= - local target= - - retrieveYamlValue "migration.moveDirectories" "moveDirectories" "Skip" - moveDirectories="${YAML_VALUE}" - if [[ -z "${moveDirectories}" ]]; then - return - fi - bannerSection "MOVE DIRECTORIES" - retrieveYamlValue "migration.moveDirectories.map" "map" "Warning" - map="${YAML_VALUE}" - for entry in $map; - do - if [[ "$(checkMapEntry "${entry}")" == "true" ]]; then - source="$(getSecondEntry "${entry}")" - target="$(getFirstEntry "${entry}")" - [[ -z "${source}" ]] && warn "source value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue - [[ -z "${target}" ]] && warn "target value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue - invokeMoveFunctions "${source}" "${target}" - else - warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e target=source" - fi - echo ""; - done -} - -# Trim masterKey if its generated using hex 32 -trimMasterKey () { - local masterKeyDir=/opt/jfrog/artifactory/var/etc/security - local oldMasterKey=$(<${masterKeyDir}/master.key) - local oldMasterKey_Length=$(echo ${#oldMasterKey}) - local newMasterKey= - if [[ ${oldMasterKey_Length} -gt 32 ]]; then - bannerSection "TRIM MASTERKEY" - newMasterKey=$(echo ${oldMasterKey:0:32}) - cp ${masterKeyDir}/master.key ${masterKeyDir}/backup_master.key - logger "Original masterKey is backed up : ${masterKeyDir}/backup_master.key" - rm -rf ${masterKeyDir}/master.key - echo ${newMasterKey} > ${masterKeyDir}/master.key - logger "masterKey is trimmed : ${masterKeyDir}/master.key" - fi -} - -copyDirectories () { - - copyDataDirectories "copyFiles" "full" - copyDataDirectories "copyUniqueFiles" "unique" - copyDataDirectories "copySpecificFiles" "specific" - copyDataDirectories "copyPatternMatchingFiles" "patternFiles" -} - -symlinkDir () { - local source="$1" - local target="$2" - local targetDir= - local basename= - local targetParentDir= - - targetDir="$(dirname "${target}")" - if [[ "${targetDir}" == "${source}" ]]; then - # symlink the sub directories - createDirectory "${NEW_DATA_DIR}/${target}" "Warning" - if [[ "$(checkDirExists "${NEW_DATA_DIR}/${target}")" == "true" ]]; then - symlinkOnExist "${OLD_DATA_DIR}/${source}" "${NEW_DATA_DIR}/${target}" "subDir" - basename="$(basename "${target}")" - cd "${NEW_DATA_DIR}/${target}" && rm -f "${basename}" - fi - else - targetParentDir="$(dirname "${NEW_DATA_DIR}/${target}")" - createDirectory "${targetParentDir}" "Warning" - if [[ "$(checkDirExists "${targetParentDir}")" == "true" ]]; then - symlinkOnExist "${OLD_DATA_DIR}/${source}" "${NEW_DATA_DIR}/${target}" - fi - fi -} - -symlinkOperation () { - local source="$1" - local target="$2" - local check=false - local targetLink= - local date= - - # Check if source is a link and do symlink - if [[ -L "${OLD_DATA_DIR}/${source}" ]]; then - targetLink=$(readlink -f "${OLD_DATA_DIR}/${source}") - symlinkOnExist "${targetLink}" "${NEW_DATA_DIR}/${target}" - else - # check if source is directory and do symlink - if [[ "$(checkDirExists "${OLD_DATA_DIR}/${source}")" != "true" ]]; then - logger "Source [${source}] directory not found in path to symlink" - return - fi - if [[ "$(checkDirContents "${OLD_DATA_DIR}/${source}")" != "true" ]]; then - logger "No contents found in [${OLD_DATA_DIR}/${source}] to symlink" - return - fi - if [[ "$(checkDirExists "${NEW_DATA_DIR}/${target}")" != "true" ]]; then - logger "Target directory [${NEW_DATA_DIR}/${target}] does not exist to create symlink, creating it" - symlinkDir "${source}" "${target}" - else - rm -rf "${NEW_DATA_DIR}/${target}" && check=true || check=false - [[ "${check}" == "false" ]] && warn "Failed to remove contents in [${NEW_DATA_DIR}/${target}/]" - symlinkDir "${source}" "${target}" - fi - fi -} -# Creates a symlink path - Source directory to which the symbolic link should point. -symlinkDirectories () { - local linkFiles= - local map= - local source= - local target= - - retrieveYamlValue "migration.linkFiles" "linkFiles" "Skip" - linkFiles="${YAML_VALUE}" - if [[ -z "${linkFiles}" ]]; then - return - fi - bannerSection "SYMLINK DIRECTORIES" - retrieveYamlValue "migration.linkFiles.map" "map" "Warning" - map="${YAML_VALUE}" - for entry in $map; - do - if [[ "$(checkMapEntry "${entry}")" == "true" ]]; then - source="$(getSecondEntry "${entry}")" - target="$(getFirstEntry "${entry}")" - logger "Symlink directory [${NEW_DATA_DIR}/${target}] to old [${OLD_DATA_DIR}/${source}]" - [[ -z "${source}" ]] && warn "source value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue - [[ -z "${target}" ]] && warn "target value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue - symlinkOperation "${source}" "${target}" - else - warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e target=source" - fi - echo ""; - done -} - -updateConnectionString () { - local yamlPath="$1" - local value="$2" - local mongoPath="shared.mongo.url" - local rabbitmqPath="shared.rabbitMq.url" - local postgresPath="shared.database.url" - local redisPath="shared.redis.connectionString" - local mongoConnectionString="mongo.connectionString" - local sourceKey= - local hostIp=$(io_getPublicHostIP) - local hostKey= - - if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then - # Replace @postgres:,@mongodb:,@rabbitmq:,@redis: to @{hostIp}: (Compose Installer) - hostKey="@${hostIp}:" - case $yamlPath in - ${postgresPath}) - sourceKey="@postgres:" - value=$(io_replaceString "${value}" "${sourceKey}" "${hostKey}") - ;; - ${mongoPath}) - sourceKey="@mongodb:" - value=$(io_replaceString "${value}" "${sourceKey}" "${hostKey}") - ;; - ${rabbitmqPath}) - sourceKey="@rabbitmq:" - value=$(io_replaceString "${value}" "${sourceKey}" "${hostKey}") - ;; - ${redisPath}) - sourceKey="@redis:" - value=$(io_replaceString "${value}" "${sourceKey}" "${hostKey}") - ;; - ${mongoConnectionString}) - sourceKey="@mongodb:" - value=$(io_replaceString "${value}" "${sourceKey}" "${hostKey}") - ;; - esac - fi - echo -n "${value}" -} - -yamlMigrate () { - local entry="$1" - local sourceFile="$2" - local value= - local yamlPath= - local key= - yamlPath="$(getFirstEntry "${entry}")" - key="$(getSecondEntry "${entry}")" - if [[ -z "${key}" ]]; then - warn "key is empty in map [${entry}] in the file [${MIGRATION_SYSTEM_YAML_INFO}]" - return - fi - if [[ -z "${yamlPath}" ]]; then - warn "yamlPath is empty for [${key}] in [${MIGRATION_SYSTEM_YAML_INFO}]" - return - fi - getYamlValue "${key}" "${sourceFile}" "false" - value="${YAML_VALUE}" - if [[ ! -z "${value}" ]]; then - value=$(updateConnectionString "${yamlPath}" "${value}") - fi - if [[ "${PRODUCT}" == "artifactory" ]]; then - replicatorProfiling - fi - if [[ -z "${value}" ]]; then - logger "No value for [${key}] in [${sourceFile}]" - else - setSystemValue "${yamlPath}" "${value}" "${SYSTEM_YAML_PATH}" - logger "Setting [${yamlPath}] with value of the key [${key}] in system.yaml" - fi -} - -migrateYamlFile () { - local files= - local filePath= - local fileName= - local sourceFile= - local map= - retrieveYamlValue "migration.yaml.files" "files" "Skip" - files="${YAML_VALUE}" - if [[ -z "${files}" ]]; then - return - fi - bannerSection "MIGRATION OF YAML FILES" - for file in $files; - do - bannerSubSection "Processing Migration of $file" - retrieveYamlValue "migration.yaml.$file.filePath" "filePath" "Warning" - filePath="${YAML_VALUE}" - retrieveYamlValue "migration.yaml.$file.fileName" "fileName" "Warning" - fileName="${YAML_VALUE}" - [[ -z "${filePath}" && -z "${fileName}" ]] && continue - sourceFile="${NEW_DATA_DIR}/${filePath}/${fileName}" - if [[ "$(checkFileExists "${sourceFile}")" == "true" ]]; then - logger "File [${fileName}] found in path [${NEW_DATA_DIR}/${filePath}]" - retrieveYamlValue "migration.yaml.$file.map" "map" "Warning" - map="${YAML_VALUE}" - [[ -z "${map}" ]] && continue - for entry in $map; - do - if [[ "$(checkMapEntry "${entry}")" == "true" ]]; then - yamlMigrate "${entry}" "${sourceFile}" - else - warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e yamlPath=key" - fi - done - else - logger "File [${fileName}] is not found in path [${NEW_DATA_DIR}/${filePath}] to migrate" - fi - done -} -# updates the key and value in system.yaml -updateYamlKeyValue () { - local entry="$1" - local value= - local yamlPath= - local key= - - yamlPath="$(getFirstEntry "${entry}")" - value="$(getSecondEntry "${entry}")" - if [[ -z "${value}" ]]; then - warn "value is empty in map [${entry}] in the file [${MIGRATION_SYSTEM_YAML_INFO}]" - return - fi - if [[ -z "${yamlPath}" ]]; then - warn "yamlPath is empty for [${key}] in [${MIGRATION_SYSTEM_YAML_INFO}]" - return - fi - setSystemValue "${yamlPath}" "${value}" "${SYSTEM_YAML_PATH}" - logger "Setting [${yamlPath}] with value [${value}] in system.yaml" -} - -updateSystemYamlFile () { - local updateYaml= - local map= - - retrieveYamlValue "migration.updateSystemYaml" "updateYaml" "Skip" - updateSystemYaml="${YAML_VALUE}" - if [[ -z "${updateSystemYaml}" ]]; then - return - fi - bannerSection "UPDATE SYSTEM YAML FILE WITH KEY AND VALUES" - retrieveYamlValue "migration.updateSystemYaml.map" "map" "Warning" - map="${YAML_VALUE}" - if [[ -z "${map}" ]]; then - return - fi - for entry in $map; - do - if [[ "$(checkMapEntry "${entry}")" == "true" ]]; then - updateYamlKeyValue "${entry}" - else - warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e yamlPath=key" - fi - done -} - -backupFiles_hook () { - logSilly "Method ${FUNCNAME[0]}" -} - -backupDirectory () { - local backupDir="$1" - local dir="$2" - local targetDir="$3" - local effectiveUser= - local effectiveGroup= - - if [[ "${dir}" = \/* ]]; then - dir=$(echo "${dir/\//}") - fi - - if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then - effectiveUser="${JF_USER}" - effectiveGroup="${JF_USER}" - elif [[ "${INSTALLER}" == "${DEB_TYPE}" || "${INSTALLER}" == "${RPM_TYPE}" ]]; then - effectiveUser="${USER_TO_CHECK}" - effectiveGroup="${GROUP_TO_CHECK}" - fi - - removeSoftLinkAndCreateDir "${backupDir}" "${effectiveUser}" "${effectiveGroup}" "yes" - local backupDirectory="${backupDir}/${PRODUCT}" - removeSoftLinkAndCreateDir "${backupDirectory}" "${effectiveUser}" "${effectiveGroup}" "yes" - removeSoftLinkAndCreateDir "${backupDirectory}/${dir}" "${effectiveUser}" "${effectiveGroup}" "yes" - local outputCheckDirExists="$(checkDirExists "${backupDirectory}/${dir}")" - if [[ "${outputCheckDirExists}" == "true" ]]; then - copyOnContentExist "${targetDir}" "${backupDirectory}/${dir}" "full" - fi -} - -removeOldDirectory () { - local backupDir="$1" - local entry="$2" - local check=false - - # prepend OLD_DATA_DIR only if entry is relative path - local targetDir="$(prependDir "${entry}" "${OLD_DATA_DIR}/${entry}")" - local outputCheckDirExists="$(checkDirExists "${targetDir}")" - if [[ "${outputCheckDirExists}" != "true" ]]; then - logger "No [${targetDir}] directory found to delete" - echo ""; - return - fi - backupDirectory "${backupDir}" "${entry}" "${targetDir}" - rm -rf "${targetDir}" && check=true || check=false - [[ "${check}" == "true" ]] && logger "Successfully removed directory [${targetDir}]" - [[ "${check}" == "false" ]] && warn "Failed to remove directory [${targetDir}]" - echo ""; -} - -cleanUpOldDataDirectories () { - local cleanUpOldDataDir= - local map= - local entry= - - retrieveYamlValue "migration.cleanUpOldDataDir" "cleanUpOldDataDir" "Skip" - cleanUpOldDataDir="${YAML_VALUE}" - if [[ -z "${cleanUpOldDataDir}" ]]; then - return - fi - bannerSection "CLEAN UP OLD DATA DIRECTORIES" - retrieveYamlValue "migration.cleanUpOldDataDir.map" "map" "Warning" - map="${YAML_VALUE}" - [[ -z "${map}" ]] && continue - date="$(date +%Y%m%d%H%M)" - backupDir="${NEW_DATA_DIR}/backup/backup-${date}" - bannerImportant "****** Old data configurations are backedup in [${backupDir}] directory ******" - backupFiles_hook "${backupDir}/${PRODUCT}" - for entry in $map; - do - removeOldDirectory "${backupDir}" "${entry}" - done -} - -backupFiles () { - local backupDir="$1" - local dir="$2" - local targetDir="$3" - local fileName="$4" - local effectiveUser= - local effectiveGroup= - - if [[ "${dir}" = \/* ]]; then - dir=$(echo "${dir/\//}") - fi - - if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then - effectiveUser="${JF_USER}" - effectiveGroup="${JF_USER}" - elif [[ "${INSTALLER}" == "${DEB_TYPE}" || "${INSTALLER}" == "${RPM_TYPE}" ]]; then - effectiveUser="${USER_TO_CHECK}" - effectiveGroup="${GROUP_TO_CHECK}" - fi - - removeSoftLinkAndCreateDir "${backupDir}" "${effectiveUser}" "${effectiveGroup}" "yes" - local backupDirectory="${backupDir}/${PRODUCT}" - removeSoftLinkAndCreateDir "${backupDirectory}" "${effectiveUser}" "${effectiveGroup}" "yes" - removeSoftLinkAndCreateDir "${backupDirectory}/${dir}" "${effectiveUser}" "${effectiveGroup}" "yes" - local outputCheckDirExists="$(checkDirExists "${backupDirectory}/${dir}")" - if [[ "${outputCheckDirExists}" == "true" ]]; then - copyCmd "${targetDir}/${fileName}" "${backupDirectory}/${dir}" "specific" - fi -} - -removeOldFiles () { - local backupDir="$1" - local directoryName="$2" - local fileName="$3" - local check=false - - # prepend OLD_DATA_DIR only if entry is relative path - local targetDir="$(prependDir "${directoryName}" "${OLD_DATA_DIR}/${directoryName}")" - local outputCheckFileExists="$(checkFileExists "${targetDir}/${fileName}")" - if [[ "${outputCheckFileExists}" != "true" ]]; then - logger "No [${targetDir}/${fileName}] file found to delete" - return - fi - backupFiles "${backupDir}" "${directoryName}" "${targetDir}" "${fileName}" - rm -f "${targetDir}/${fileName}" && check=true || check=false - [[ "${check}" == "true" ]] && logger "Successfully removed file [${targetDir}/${fileName}]" - [[ "${check}" == "false" ]] && warn "Failed to remove file [${targetDir}/${fileName}]" - echo ""; -} - -cleanUpOldFiles () { - local cleanUpFiles= - local map= - local entry= - - retrieveYamlValue "migration.cleanUpOldFiles" "cleanUpOldFiles" "Skip" - cleanUpOldFiles="${YAML_VALUE}" - if [[ -z "${cleanUpOldFiles}" ]]; then - return - fi - bannerSection "CLEAN UP OLD FILES" - retrieveYamlValue "migration.cleanUpOldFiles.map" "map" "Warning" - map="${YAML_VALUE}" - [[ -z "${map}" ]] && continue - date="$(date +%Y%m%d%H%M)" - backupDir="${NEW_DATA_DIR}/backup/backup-${date}" - bannerImportant "****** Old files are backedup in [${backupDir}] directory ******" - for entry in $map; - do - local outputCheckMapEntry="$(checkMapEntry "${entry}")" - if [[ "${outputCheckMapEntry}" != "true" ]]; then - warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e directoryName=fileName" - fi - local fileName="$(getSecondEntry "${entry}")" - local directoryName="$(getFirstEntry "${entry}")" - [[ -z "${fileName}" ]] && warn "File name value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue - [[ -z "${directoryName}" ]] && warn "Directory name value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue - removeOldFiles "${backupDir}" "${directoryName}" "${fileName}" - echo ""; - done -} - -startMigration () { - bannerSection "STARTING MIGRATION" -} - -endMigration () { - bannerSection "MIGRATION COMPLETED SUCCESSFULLY" -} - -initialize () { - setAppDir - _pauseExecution "setAppDir" - initHelpers - _pauseExecution "initHelpers" - checkMigrationInfoYaml - _pauseExecution "checkMigrationInfoYaml" - getProduct - _pauseExecution "getProduct" - getDataDir - _pauseExecution "getDataDir" -} - -main () { - case $PRODUCT in - artifactory) - migrateArtifactory - ;; - distribution) - migrateDistribution - ;; - xray) - migrationXray - ;; - esac - exit 0 -} - -# Ensures meta data is logged -LOG_BEHAVIOR_ADD_META="$FLAG_Y" - - -migrateResolveDerbyPath () { - local key="$1" - local value="$2" - - if [[ "${key}" == "url" && "${value}" == *"db.home"* ]]; then - if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" ]]; then - derbyPath="/opt/jfrog/artifactory/var/data/artifactory/derby" - value=$(echo "${value}" | sed "s|{db.home}|$derbyPath|") - else - derbyPath="${NEW_DATA_DIR}/data/artifactory/derby" - value=$(echo "${value}" | sed "s|{db.home}|$derbyPath|") - fi - fi - echo "${value}" -} - -migrateResolveHaDirPath () { - local key="$1" - local value="$2" - - if [[ "${INSTALLER}" == "${RPM_TYPE}" || "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" || "${INSTALLER}" == "${DEB_TYPE}" ]]; then - if [[ "${key}" == "artifactory.ha.data.dir" || "${key}" == "artifactory.ha.backup.dir" ]]; then - value=$(checkPathResolver "${value}") - fi - fi - echo "${value}" -} -updatePostgresUrlString_Hook () { - local yamlPath="$1" - local value="$2" - local hostIp=$(io_getPublicHostIP) - local sourceKey="//postgresql:" - if [[ "${yamlPath}" == "shared.database.url" ]]; then - value=$(io_replaceString "${value}" "${sourceKey}" "//${hostIp}:" "#") - fi - echo "${value}" -} -# Check Artifactory product version -checkArtifactoryVersion () { - local minProductVersion="6.0.0" - local maxProductVersion="7.0.0" - local propertyInDocker="ARTIFACTORY_VERSION" - local property="artifactory.version" - - if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" ]]; then - local newfilePath="${APP_DIR}/../.env" - local oldfilePath="${OLD_DATA_DIR}/etc/artifactory.properties" - elif [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then - local oldfilePath="${OLD_DATA_DIR}/etc/artifactory.properties" - elif [[ "${INSTALLER}" == "${ZIP_TYPE}" ]]; then - local newfilePath="${NEW_DATA_DIR}/etc/artifactory/artifactory.properties" - local oldfilePath="${OLD_DATA_DIR}/etc/artifactory.properties" - else - local newfilePath="${NEW_DATA_DIR}/etc/artifactory/artifactory.properties" - local oldfilePath="/etc/opt/jfrog/artifactory/artifactory.properties" - fi - - getProductVersion "${minProductVersion}" "${maxProductVersion}" "${newfilePath}" "${oldfilePath}" "${propertyInDocker}" "${property}" -} - -getCustomDataDir_hook () { - retrieveYamlValue "migration.oldDataDir" "oldDataDir" "Fail" - OLD_DATA_DIR="${YAML_VALUE}" -} - -# Get protocol value of connector -getXmlConnectorProtocol () { - local i="$1" - local filePath="$2" - local fileName="$3" - local protocolValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@protocol' ${filePath}/${fileName} 2>/dev/null |awk -F"=" '{print $2}' | tr -d '"') - echo -e "${protocolValue}" -} - -# Get all attributes of connector -getXmlConnectorAttributes () { - local i="$1" - local filePath="$2" - local fileName="$3" - local connectorAttributes=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@*' ${filePath}/${fileName} 2>/dev/null) - # strip leading and trailing spaces - connectorAttributes=$(io_trim "${connectorAttributes}") - echo "${connectorAttributes}" -} - -# Get port value of connector -getXmlConnectorPort () { - local i="$1" - local filePath="$2" - local fileName="$3" - local portValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@port' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') - echo -e "${portValue}" -} - -# Get maxThreads value of connector -getXmlConnectorMaxThreads () { - local i="$1" - local filePath="$2" - local fileName="$3" - local maxThreadValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@maxThreads' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') - echo -e "${maxThreadValue}" -} -# Get sendReasonPhrase value of connector -getXmlConnectorSendReasonPhrase () { - local i="$1" - local filePath="$2" - local fileName="$3" - local sendReasonPhraseValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@sendReasonPhrase' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') - echo -e "${sendReasonPhraseValue}" -} -# Get relaxedPathChars value of connector -getXmlConnectorRelaxedPathChars () { - local i="$1" - local filePath="$2" - local fileName="$3" - local relaxedPathCharsValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@relaxedPathChars' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') - # strip leading and trailing spaces - relaxedPathCharsValue=$(io_trim "${relaxedPathCharsValue}") - echo -e "${relaxedPathCharsValue}" -} -# Get relaxedQueryChars value of connector -getXmlConnectorRelaxedQueryChars () { - local i="$1" - local filePath="$2" - local fileName="$3" - local relaxedQueryCharsValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@relaxedQueryChars' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') - # strip leading and trailing spaces - relaxedQueryCharsValue=$(io_trim "${relaxedQueryCharsValue}") - echo -e "${relaxedQueryCharsValue}" -} - -# Updating system.yaml with Connector port -setConnectorPort () { - local yamlPath="$1" - local valuePort="$2" - local portYamlPath= - if [[ -z "${yamlPath}" ]]; then - return - fi - if [[ -z "${valuePort}" ]]; then - warn "port value is empty, could not migrate to system.yaml" - return - fi - ## Getting port yaml path from migration info yaml - retrieveYamlValue "${yamlPath}" portYamlPath "Warning" - portYamlPath="${YAML_VALUE}" - if [[ -z "${portYamlPath}" ]]; then - return - fi - setSystemValue "${portYamlPath}" "${valuePort}" "${SYSTEM_YAML_PATH}" - logger "Setting [${portYamlPath}] with value [${valuePort}] in system.yaml" -} - -# Updating system.yaml with Connector maxThreads -setConnectorMaxThread () { - local yamlPath="$1" - local threadValue="$2" - local maxThreadYamlPath= - if [[ -z "${yamlPath}" ]]; then - return - fi - if [[ -z "${threadValue}" ]]; then - return - fi - ## Getting max Threads yaml path from migration info yaml - retrieveYamlValue "${yamlPath}" maxThreadYamlPath "Warning" - maxThreadYamlPath="${YAML_VALUE}" - if [[ -z "${maxThreadYamlPath}" ]]; then - return - fi - setSystemValue "${maxThreadYamlPath}" "${threadValue}" "${SYSTEM_YAML_PATH}" - logger "Setting [${maxThreadYamlPath}] with value [${threadValue}] in system.yaml" -} - -# Updating system.yaml with Connector sendReasonPhrase -setConnectorSendReasonPhrase () { - local yamlPath="$1" - local sendReasonPhraseValue="$2" - local sendReasonPhraseYamlPath= - if [[ -z "${yamlPath}" ]]; then - return - fi - if [[ -z "${sendReasonPhraseValue}" ]]; then - return - fi - ## Getting sendReasonPhrase yaml path from migration info yaml - retrieveYamlValue "${yamlPath}" sendReasonPhraseYamlPath "Warning" - sendReasonPhraseYamlPath="${YAML_VALUE}" - if [[ -z "${sendReasonPhraseYamlPath}" ]]; then - return - fi - setSystemValue "${sendReasonPhraseYamlPath}" "${sendReasonPhraseValue}" "${SYSTEM_YAML_PATH}" - logger "Setting [${sendReasonPhraseYamlPath}] with value [${sendReasonPhraseValue}] in system.yaml" -} - -# Updating system.yaml with Connector relaxedPathChars -setConnectorRelaxedPathChars () { - local yamlPath="$1" - local relaxedPathCharsValue="$2" - local relaxedPathCharsYamlPath= - if [[ -z "${yamlPath}" ]]; then - return - fi - if [[ -z "${relaxedPathCharsValue}" ]]; then - return - fi - ## Getting relaxedPathChars yaml path from migration info yaml - retrieveYamlValue "${yamlPath}" relaxedPathCharsYamlPath "Warning" - relaxedPathCharsYamlPath="${YAML_VALUE}" - if [[ -z "${relaxedPathCharsYamlPath}" ]]; then - return - fi - setSystemValue "${relaxedPathCharsYamlPath}" "${relaxedPathCharsValue}" "${SYSTEM_YAML_PATH}" - logger "Setting [${relaxedPathCharsYamlPath}] with value [${relaxedPathCharsValue}] in system.yaml" -} - -# Updating system.yaml with Connector relaxedQueryChars -setConnectorRelaxedQueryChars () { - local yamlPath="$1" - local relaxedQueryCharsValue="$2" - local relaxedQueryCharsYamlPath= - if [[ -z "${yamlPath}" ]]; then - return - fi - if [[ -z "${relaxedQueryCharsValue}" ]]; then - return - fi - ## Getting relaxedQueryChars yaml path from migration info yaml - retrieveYamlValue "${yamlPath}" relaxedQueryCharsYamlPath "Warning" - relaxedQueryCharsYamlPath="${YAML_VALUE}" - if [[ -z "${relaxedQueryCharsYamlPath}" ]]; then - return - fi - setSystemValue "${relaxedQueryCharsYamlPath}" "${relaxedQueryCharsValue}" "${SYSTEM_YAML_PATH}" - logger "Setting [${relaxedQueryCharsYamlPath}] with value [${relaxedQueryCharsValue}] in system.yaml" -} - -# Updating system.yaml with Connectors configurations -setConnectorExtraConfig () { - local yamlPath="$1" - local connectorAttributes="$2" - local extraConfigPath= - if [[ -z "${yamlPath}" ]]; then - return - fi - if [[ -z "${connectorAttributes}" ]]; then - return - fi - ## Getting extraConfig yaml path from migration info yaml - retrieveYamlValue "${yamlPath}" extraConfig "Warning" - extraConfigPath="${YAML_VALUE}" - if [[ -z "${extraConfigPath}" ]]; then - return - fi - # strip leading and trailing spaces - connectorAttributes=$(io_trim "${connectorAttributes}") - setSystemValue "${extraConfigPath}" "${connectorAttributes}" "${SYSTEM_YAML_PATH}" - logger "Setting [${extraConfigPath}] with connector attributes in system.yaml" -} - -# Updating system.yaml with extra Connectors -setExtraConnector () { - local yamlPath="$1" - local extraConnector="$2" - local extraConnectorYamlPath= - if [[ -z "${yamlPath}" ]]; then - return - fi - if [[ -z "${extraConnector}" ]]; then - return - fi - ## Getting extraConnecotr yaml path from migration info yaml - retrieveYamlValue "${yamlPath}" extraConnectorYamlPath "Warning" - extraConnectorYamlPath="${YAML_VALUE}" - if [[ -z "${extraConnectorYamlPath}" ]]; then - return - fi - getYamlValue "${extraConnectorYamlPath}" "${SYSTEM_YAML_PATH}" "false" - local connectorExtra="${YAML_VALUE}" - if [[ -z "${connectorExtra}" ]]; then - setSystemValue "${extraConnectorYamlPath}" "${extraConnector}" "${SYSTEM_YAML_PATH}" - logger "Setting [${extraConnectorYamlPath}] with extra connectors in system.yaml" - else - setSystemValue "${extraConnectorYamlPath}" "\"${connectorExtra} ${extraConnector}\"" "${SYSTEM_YAML_PATH}" - logger "Setting [${extraConnectorYamlPath}] with extra connectors in system.yaml" - fi -} - -# Migrate extra connectors to system.yaml -migrateExtraConnectors () { - local filePath="$1" - local fileName="$2" - local connectorCount="$3" - local excludeDefaultPort="$4" - local i="$5" - local extraConfig= - local extraConnector= - if [[ "${excludeDefaultPort}" == "yes" ]]; then - for ((i = 1 ; i <= "${connectorCount}" ; i++)); - do - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - [[ "${portValue}" != "${DEFAULT_ACCESS_PORT}" && "${portValue}" != "${DEFAULT_RT_PORT}" ]] || continue - extraConnector=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']' ${filePath}/${fileName} 2>/dev/null) - setExtraConnector "${EXTRA_CONFIG_YAMLPATH}" "${extraConnector}" - done - else - extraConnector=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']' ${filePath}/${fileName} 2>/dev/null) - setExtraConnector "${EXTRA_CONFIG_YAMLPATH}" "${extraConnector}" - fi -} - -# Migrate connector configurations -migrateConnectorConfig () { - local i="$1" - local protocolType="$2" - local portValue="$3" - local connectorPortYamlPath="$4" - local connectorMaxThreadYamlPath="$5" - local connectorAttributesYamlPath="$6" - local filePath="$7" - local fileName="$8" - local connectorSendReasonPhraseYamlPath="$9" - local connectorRelaxedPathCharsYamlPath="${10}" - local connectorRelaxedQueryCharsYamlPath="${11}" - - # migrate port - setConnectorPort "${connectorPortYamlPath}" "${portValue}" - - # migrate maxThreads - local maxThreadValue=$(getXmlConnectorMaxThreads "$i" "${filePath}" "${fileName}") - setConnectorMaxThread "${connectorMaxThreadYamlPath}" "${maxThreadValue}" - - # migrate sendReasonPhrase - local sendReasonPhraseValue=$(getXmlConnectorSendReasonPhrase "$i" "${filePath}" "${fileName}") - setConnectorSendReasonPhrase "${connectorSendReasonPhraseYamlPath}" "${sendReasonPhraseValue}" - - # migrate relaxedPathChars - local relaxedPathCharsValue=$(getXmlConnectorRelaxedPathChars "$i" "${filePath}" "${fileName}") - setConnectorRelaxedPathChars "${connectorRelaxedPathCharsYamlPath}" "\"${relaxedPathCharsValue}\"" - # migrate relaxedQueryChars - local relaxedQueryCharsValue=$(getXmlConnectorRelaxedQueryChars "$i" "${filePath}" "${fileName}") - setConnectorRelaxedQueryChars "${connectorRelaxedQueryCharsYamlPath}" "\"${relaxedQueryCharsValue}\"" - - # migrate all attributes to extra config except port , maxThread , sendReasonPhrase ,relaxedPathChars and relaxedQueryChars - local connectorAttributes=$(getXmlConnectorAttributes "$i" "${filePath}" "${fileName}") - connectorAttributes=$(echo "${connectorAttributes}" | sed 's/port="'${portValue}'"//g' | sed 's/maxThreads="'${maxThreadValue}'"//g' | sed 's/sendReasonPhrase="'${sendReasonPhraseValue}'"//g' | sed 's/relaxedPathChars="\'${relaxedPathCharsValue}'\"//g' | sed 's/relaxedQueryChars="\'${relaxedQueryCharsValue}'\"//g') - # strip leading and trailing spaces - connectorAttributes=$(io_trim "${connectorAttributes}") - setConnectorExtraConfig "${connectorAttributesYamlPath}" "${connectorAttributes}" -} - -# Check for default port 8040 and 8081 in connectors and migrate -migrateConnectorPort () { - local filePath="$1" - local fileName="$2" - local connectorCount="$3" - local defaultPort="$4" - local connectorPortYamlPath="$5" - local connectorMaxThreadYamlPath="$6" - local connectorAttributesYamlPath="$7" - local connectorSendReasonPhraseYamlPath="$8" - local connectorRelaxedPathCharsYamlPath="$9" - local connectorRelaxedQueryCharsYamlPath="${10}" - local portYamlPath= - local maxThreadYamlPath= - local status= - for ((i = 1 ; i <= "${connectorCount}" ; i++)); - do - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - local protocolType=$(getXmlConnectorProtocol "$i" "${filePath}" "${fileName}") - [[ "${protocolType}" == *AJP* ]] && continue - [[ "${portValue}" != "${defaultPort}" ]] && continue - if [[ "${portValue}" == "${DEFAULT_RT_PORT}" ]]; then - RT_DEFAULTPORT_STATUS=success - else - AC_DEFAULTPORT_STATUS=success - fi - migrateConnectorConfig "${i}" "${protocolType}" "${portValue}" "${connectorPortYamlPath}" "${connectorMaxThreadYamlPath}" "${connectorAttributesYamlPath}" "${filePath}" "${fileName}" "${connectorSendReasonPhraseYamlPath}" "${connectorRelaxedPathCharsYamlPath}" "${connectorRelaxedQueryCharsYamlPath}" - done -} - -# migrate to extra, connector having default port and protocol is AJP -migrateDefaultPortIfAjp () { - local filePath="$1" - local fileName="$2" - local connectorCount="$3" - local defaultPort="$4" - - for ((i = 1 ; i <= "${connectorCount}" ; i++)); - do - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - local protocolType=$(getXmlConnectorProtocol "$i" "${filePath}" "${fileName}") - [[ "${protocolType}" != *AJP* ]] && continue - [[ "${portValue}" != "${defaultPort}" ]] && continue - migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "no" "${i}" - done - -} - -# Comparing max threads in connectors -compareMaxThreads () { - local firstConnectorMaxThread="$1" - local firstConnectorNode="$2" - local secondConnectorMaxThread="$3" - local secondConnectorNode="$4" - local filePath="$5" - local fileName="$6" - - # choose higher maxThreads connector as Artifactory. - if [[ "${firstConnectorMaxThread}" -gt ${secondConnectorMaxThread} || "${firstConnectorMaxThread}" -eq ${secondConnectorMaxThread} ]]; then - # maxThread is higher in firstConnector, - # Taking firstConnector as Artifactory and SecondConnector as Access - # maxThread is equal in both connector,considering firstConnector as Artifactory and SecondConnector as Access - local rtPortValue=$(getXmlConnectorPort "${firstConnectorNode}" "${filePath}" "${fileName}") - migrateConnectorConfig "${firstConnectorNode}" "${protocolType}" "${rtPortValue}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" - local acPortValue=$(getXmlConnectorPort "${secondConnectorNode}" "${filePath}" "${fileName}") - migrateConnectorConfig "${secondConnectorNode}" "${protocolType}" "${acPortValue}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${AC_SENDREASONPHRASE_YAMLPATH}" - else - # maxThread is higher in SecondConnector, - # Taking SecondConnector as Artifactory and firstConnector as Access - local rtPortValue=$(getXmlConnectorPort "${secondConnectorNode}" "${filePath}" "${fileName}") - migrateConnectorConfig "${secondConnectorNode}" "${protocolType}" "${rtPortValue}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" - local acPortValue=$(getXmlConnectorPort "${firstConnectorNode}" "${filePath}" "${fileName}") - migrateConnectorConfig "${firstConnectorNode}" "${protocolType}" "${acPortValue}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${AC_SENDREASONPHRASE_YAMLPATH}" - fi -} - -# Check max threads exist to compare -maxThreadsExistToCompare () { - local filePath="$1" - local fileName="$2" - local connectorCount="$3" - local firstConnectorMaxThread= - local secondConnectorMaxThread= - local firstConnectorNode= - local secondConnectorNode= - local status=success - local firstnode=fail - - for ((i = 1 ; i <= "${connectorCount}" ; i++)); - do - local protocolType=$(getXmlConnectorProtocol "$i" "${filePath}" "${fileName}") - if [[ ${protocolType} == *AJP* ]]; then - # Migrate Connectors - migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "no" "${i}" - continue - fi - # store maxthreads value of each connector - if [[ ${firstnode} == "fail" ]]; then - firstConnectorMaxThread=$(getXmlConnectorMaxThreads "${i}" "${filePath}" "${fileName}") - firstConnectorNode="${i}" - firstnode=success - else - secondConnectorMaxThread=$(getXmlConnectorMaxThreads "${i}" "${filePath}" "${fileName}") - secondConnectorNode="${i}" - fi - done - [[ -z "${firstConnectorMaxThread}" ]] && status=fail - [[ -z "${secondConnectorMaxThread}" ]] && status=fail - # maxThreads is set, now compare MaxThreads - if [[ "${status}" == "success" ]]; then - compareMaxThreads "${firstConnectorMaxThread}" "${firstConnectorNode}" "${secondConnectorMaxThread}" "${secondConnectorNode}" "${filePath}" "${fileName}" - else - # Assume first connector is RT, maxThreads is not set in both connectors - local rtPortValue=$(getXmlConnectorPort "${firstConnectorNode}" "${filePath}" "${fileName}") - migrateConnectorConfig "${firstConnectorNode}" "${protocolType}" "${rtPortValue}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" - local acPortValue=$(getXmlConnectorPort "${secondConnectorNode}" "${filePath}" "${fileName}") - migrateConnectorConfig "${secondConnectorNode}" "${protocolType}" "${acPortValue}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${AC_SENDREASONPHRASE_YAMLPATH}" - fi -} - -migrateExtraBasedOnNonAjpCount () { - local nonAjpCount="$1" - local filePath="$2" - local fileName="$3" - local connectorCount="$4" - local i="$5" - - local protocolType=$(getXmlConnectorProtocol "$i" "${filePath}" "${fileName}") - if [[ "${protocolType}" == *AJP* ]]; then - if [[ "${nonAjpCount}" -eq 1 ]]; then - # migrateExtraConnectors - migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "no" "${i}" - continue - else - # migrateExtraConnectors - migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "yes" - continue - fi - fi -} - -# find RT and AC Connector -findRtAndAcConnector () { - local filePath="$1" - local fileName="$2" - local connectorCount="$3" - local initialAjpCount=0 - local nonAjpCount=0 - - # get the count of non AJP - for ((i = 1 ; i <= "${connectorCount}" ; i++)); - do - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - local protocolType=$(getXmlConnectorProtocol "$i" "${filePath}" "${fileName}") - [[ "${protocolType}" != *AJP* ]] || continue - nonAjpCount=$((initialAjpCount+1)) - initialAjpCount="${nonAjpCount}" - done - if [[ "${nonAjpCount}" -eq 1 ]]; then - # Add the connector found as access and artifactory connectors - # Mark port as 8040 for access - for ((i = 1 ; i <= "${connectorCount}" ; i++)) - do - migrateExtraBasedOnNonAjpCount "${nonAjpCount}" "${filePath}" "${fileName}" "${connectorCount}" "$i" - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - migrateConnectorConfig "$i" "${protocolType}" "${portValue}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" - migrateConnectorConfig "$i" "${protocolType}" "${portValue}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${AC_SENDREASONPHRASE_YAMLPATH}" - setConnectorPort "${AC_PORT_YAMLPATH}" "${DEFAULT_ACCESS_PORT}" - done - elif [[ "${nonAjpCount}" -eq 2 ]]; then - # compare maxThreads in both connectors - maxThreadsExistToCompare "${filePath}" "${fileName}" "${connectorCount}" - elif [[ "${nonAjpCount}" -gt 2 ]]; then - # migrateExtraConnectors - migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "yes" - elif [[ "${nonAjpCount}" -eq 0 ]]; then - # setting with default port in system.yaml - setConnectorPort "${RT_PORT_YAMLPATH}" "${DEFAULT_RT_PORT}" - setConnectorPort "${AC_PORT_YAMLPATH}" "${DEFAULT_ACCESS_PORT}" - # migrateExtraConnectors - migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "yes" - fi -} - -# get the count of non AJP -getCountOfNonAjp () { - local port="$1" - local connectorCount="$2" - local filePath=$3 - local fileName=$4 - local initialNonAjpCount=0 - - for ((i = 1 ; i <= "${connectorCount}" ; i++)); - do - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - local protocolType=$(getXmlConnectorProtocol "$i" "${filePath}" "${fileName}") - [[ "${portValue}" != "${port}" ]] || continue - [[ "${protocolType}" != *AJP* ]] || continue - local nonAjpCount=$((initialNonAjpCount+1)) - initialNonAjpCount="${nonAjpCount}" - done - echo -e "${nonAjpCount}" -} - -# Find for access connector -findAcConnector () { - local filePath="$1" - local fileName="$2" - local connectorCount="$3" - - # get the count of non AJP - local nonAjpCount=$(getCountOfNonAjp "${DEFAULT_RT_PORT}" "${connectorCount}" "${filePath}" "${fileName}") - if [[ "${nonAjpCount}" -eq 1 ]]; then - # Add the connector found as access connector and mark port as that of connector - for ((i = 1 ; i <= "${connectorCount}" ; i++)) - do - migrateExtraBasedOnNonAjpCount "${nonAjpCount}" "${filePath}" "${fileName}" "${connectorCount}" "$i" - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - if [[ "${portValue}" != "${DEFAULT_RT_PORT}" ]]; then - migrateConnectorConfig "$i" "${protocolType}" "${portValue}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${AC_SENDREASONPHRASE_YAMLPATH}" - fi - done - elif [[ "${nonAjpCount}" -gt 1 ]]; then - # Take RT properties into access with 8040 - for ((i = 1 ; i <= "${connectorCount}" ; i++)) - do - migrateExtraBasedOnNonAjpCount "${nonAjpCount}" "${filePath}" "${fileName}" "${connectorCount}" "$i" - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - if [[ "${portValue}" == "${DEFAULT_RT_PORT}" ]]; then - migrateConnectorConfig "$i" "${protocolType}" "${portValue}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${AC_SENDREASONPHRASE_YAMLPATH}" - setConnectorPort "${AC_PORT_YAMLPATH}" "${DEFAULT_ACCESS_PORT}" - fi - done - elif [[ "${nonAjpCount}" -eq 0 ]]; then - # Add RT connector details as access connector and mark port as 8040 - migrateConnectorPort "${filePath}" "${fileName}" "${connectorCount}" "${DEFAULT_RT_PORT}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${AC_SENDREASONPHRASE_YAMLPATH}" - setConnectorPort "${AC_PORT_YAMLPATH}" "${DEFAULT_ACCESS_PORT}" - # migrateExtraConnectors - migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "yes" - fi -} - -# Find for artifactory connector -findRtConnector () { - local filePath="$1" - local fileName="$2" - local connectorCount="$3" - - # get the count of non AJP - local nonAjpCount=$(getCountOfNonAjp "${DEFAULT_ACCESS_PORT}" "${connectorCount}" "${filePath}" "${fileName}") - if [[ "${nonAjpCount}" -eq 1 ]]; then - # Add the connector found as RT connector - for ((i = 1 ; i <= "${connectorCount}" ; i++)) - do - migrateExtraBasedOnNonAjpCount "${nonAjpCount}" "${filePath}" "${fileName}" "${connectorCount}" "$i" - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - if [[ "${portValue}" != "${DEFAULT_ACCESS_PORT}" ]]; then - migrateConnectorConfig "$i" "${protocolType}" "${portValue}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" - fi - done - elif [[ "${nonAjpCount}" -gt 1 ]]; then - # Take access properties into artifactory with 8081 - for ((i = 1 ; i <= "${connectorCount}" ; i++)) - do - migrateExtraBasedOnNonAjpCount "${nonAjpCount}" "${filePath}" "${fileName}" "${connectorCount}" "$i" - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - if [[ "${portValue}" == "${DEFAULT_ACCESS_PORT}" ]]; then - migrateConnectorConfig "$i" "${protocolType}" "${portValue}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" - setConnectorPort "${RT_PORT_YAMLPATH}" "${DEFAULT_RT_PORT}" - fi - done - elif [[ "${nonAjpCount}" -eq 0 ]]; then - # Add access connector details as RT connector and mark as ${DEFAULT_RT_PORT} - migrateConnectorPort "${filePath}" "${fileName}" "${connectorCount}" "${DEFAULT_ACCESS_PORT}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" - setConnectorPort "${RT_PORT_YAMLPATH}" "${DEFAULT_RT_PORT}" - # migrateExtraConnectors - migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "yes" - fi -} - -checkForTlsConnector () { - local filePath="$1" - local fileName="$2" - local connectorCount="$3" - for ((i = 1 ; i <= "${connectorCount}" ; i++)) - do - local sslProtocolValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@sslProtocol' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') - if [[ "${sslProtocolValue}" == "TLS" ]]; then - bannerImportant "NOTE: Ignoring TLS connector during migration, modify the system yaml to enable TLS. Original server.xml is saved in path [${filePath}/${fileName}]" - TLS_CONNECTOR_EXISTS=${FLAG_Y} - continue - fi - done -} - -# set custom tomcat server Listeners to system.yaml -setListenerConnector () { - local filePath="$1" - local fileName="$2" - local listenerCount="$3" - for ((i = 1 ; i <= "${listenerCount}" ; i++)) - do - local listenerConnector=$($LIBXML2_PATH --xpath '//Server/Listener['$i']' ${filePath}/${fileName} 2>/dev/null) - local listenerClassName=$($LIBXML2_PATH --xpath '//Server/Listener['$i']/@className' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') - if [[ "${listenerClassName}" == *Apr* ]]; then - setExtraConnector "${EXTRA_LISTENER_CONFIG_YAMLPATH}" "${listenerConnector}" - fi - done -} -# add custom tomcat server Listeners -addTomcatServerListeners () { - local filePath="$1" - local fileName="$2" - local listenerCount="$3" - if [[ "${listenerCount}" == "0" ]]; then - logger "No listener connectors found in the [${filePath}/${fileName}],skipping migration of listener connectors" - else - setListenerConnector "${filePath}" "${fileName}" "${listenerCount}" - setSystemValue "${RT_TOMCAT_HTTPSCONNECTOR_ENABLED}" "true" "${SYSTEM_YAML_PATH}" - logger "Setting [${RT_TOMCAT_HTTPSCONNECTOR_ENABLED}] with value [true] in system.yaml" - fi -} - -# server.xml migration operations -xmlMigrateOperation () { - local filePath="$1" - local fileName="$2" - local connectorCount="$3" - local listenerCount="$4" - RT_DEFAULTPORT_STATUS=fail - AC_DEFAULTPORT_STATUS=fail - TLS_CONNECTOR_EXISTS=${FLAG_N} - - # Check for connector with TLS , if found ignore migrating it - checkForTlsConnector "${filePath}" "${fileName}" "${connectorCount}" - if [[ "${TLS_CONNECTOR_EXISTS}" == "${FLAG_Y}" ]]; then - return - fi - addTomcatServerListeners "${filePath}" "${fileName}" "${listenerCount}" - # Migrate RT default port from connectors - migrateConnectorPort "${filePath}" "${fileName}" "${connectorCount}" "${DEFAULT_RT_PORT}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" - # Migrate to extra if RT default ports are AJP - migrateDefaultPortIfAjp "${filePath}" "${fileName}" "${connectorCount}" "${DEFAULT_RT_PORT}" - # Migrate AC default port from connectors - migrateConnectorPort "${filePath}" "${fileName}" "${connectorCount}" "${DEFAULT_ACCESS_PORT}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${AC_SENDREASONPHRASE_YAMLPATH}" - # Migrate to extra if access default ports are AJP - migrateDefaultPortIfAjp "${filePath}" "${fileName}" "${connectorCount}" "${DEFAULT_ACCESS_PORT}" - - if [[ "${AC_DEFAULTPORT_STATUS}" == "success" && "${RT_DEFAULTPORT_STATUS}" == "success" ]]; then - # RT and AC default port found - logger "Artifactory 8081 and Access 8040 default port are found" - migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "yes" - elif [[ "${AC_DEFAULTPORT_STATUS}" == "success" && "${RT_DEFAULTPORT_STATUS}" == "fail" ]]; then - # Only AC default port found,find RT connector - logger "Found Access default 8040 port" - findRtConnector "${filePath}" "${fileName}" "${connectorCount}" - elif [[ "${AC_DEFAULTPORT_STATUS}" == "fail" && "${RT_DEFAULTPORT_STATUS}" == "success" ]]; then - # Only RT default port found,find AC connector - logger "Found Artifactory default 8081 port" - findAcConnector "${filePath}" "${fileName}" "${connectorCount}" - elif [[ "${AC_DEFAULTPORT_STATUS}" == "fail" && "${RT_DEFAULTPORT_STATUS}" == "fail" ]]; then - # RT and AC default port not found, find connector - logger "Artifactory 8081 and Access 8040 default port are not found" - findRtAndAcConnector "${filePath}" "${fileName}" "${connectorCount}" - fi -} - -# get count of connectors -getXmlConnectorCount () { - local filePath="$1" - local fileName="$2" - local count=$($LIBXML2_PATH --xpath 'count(/Server/Service/Connector)' ${filePath}/${fileName}) - echo -e "${count}" -} - -# get count of listener connectors -getTomcatServerListenersCount () { - local filePath="$1" - local fileName="$2" - local count=$($LIBXML2_PATH --xpath 'count(/Server/Listener)' ${filePath}/${fileName}) - echo -e "${count}" -} - -# Migrate server.xml configuration to system.yaml -migrateXmlFile () { - local xmlFiles= - local fileName= - local filePath= - local sourceFilePath= - DEFAULT_ACCESS_PORT="8040" - DEFAULT_RT_PORT="8081" - AC_PORT_YAMLPATH="migration.xmlFiles.serverXml.access.port" - AC_MAXTHREADS_YAMLPATH="migration.xmlFiles.serverXml.access.maxThreads" - AC_SENDREASONPHRASE_YAMLPATH="migration.xmlFiles.serverXml.access.sendReasonPhrase" - AC_EXTRACONFIG_YAMLPATH="migration.xmlFiles.serverXml.access.extraConfig" - RT_PORT_YAMLPATH="migration.xmlFiles.serverXml.artifactory.port" - RT_MAXTHREADS_YAMLPATH="migration.xmlFiles.serverXml.artifactory.maxThreads" - RT_SENDREASONPHRASE_YAMLPATH='migration.xmlFiles.serverXml.artifactory.sendReasonPhrase' - RT_RELAXEDPATHCHARS_YAMLPATH='migration.xmlFiles.serverXml.artifactory.relaxedPathChars' - RT_RELAXEDQUERYCHARS_YAMLPATH='migration.xmlFiles.serverXml.artifactory.relaxedQueryChars' - RT_EXTRACONFIG_YAMLPATH="migration.xmlFiles.serverXml.artifactory.extraConfig" - ROUTER_PORT_YAMLPATH="migration.xmlFiles.serverXml.router.port" - EXTRA_CONFIG_YAMLPATH="migration.xmlFiles.serverXml.extra.config" - EXTRA_LISTENER_CONFIG_YAMLPATH="migration.xmlFiles.serverXml.extra.listener" - RT_TOMCAT_HTTPSCONNECTOR_ENABLED="artifactory.tomcat.httpsConnector.enabled" - - retrieveYamlValue "migration.xmlFiles" "xmlFiles" "Skip" - xmlFiles="${YAML_VALUE}" - if [[ -z "${xmlFiles}" ]]; then - return - fi - bannerSection "PROCESSING MIGRATION OF XML FILES" - retrieveYamlValue "migration.xmlFiles.serverXml.fileName" "fileName" "Warning" - fileName="${YAML_VALUE}" - if [[ -z "${fileName}" ]]; then - return - fi - bannerSubSection "Processing Migration of $fileName" - retrieveYamlValue "migration.xmlFiles.serverXml.filePath" "filePath" "Warning" - filePath="${YAML_VALUE}" - if [[ -z "${filePath}" ]]; then - return - fi - # prepend NEW_DATA_DIR only if filePath is relative path - sourceFilePath=$(prependDir "${filePath}" "${NEW_DATA_DIR}/${filePath}") - if [[ "$(checkFileExists "${sourceFilePath}/${fileName}")" == "true" ]]; then - logger "File [${fileName}] is found in path [${sourceFilePath}]" - local connectorCount=$(getXmlConnectorCount "${sourceFilePath}" "${fileName}") - if [[ "${connectorCount}" == "0" ]]; then - logger "No connectors found in the [${filePath}/${fileName}],skipping migration of xml configuration" - return - fi - local listenerCount=$(getTomcatServerListenersCount "${sourceFilePath}" "${fileName}") - xmlMigrateOperation "${sourceFilePath}" "${fileName}" "${connectorCount}" "${listenerCount}" - else - logger "File [${fileName}] is not found in path [${sourceFilePath}] to migrate" - fi -} - -compareArtifactoryUser () { - local property="$1" - local oldPropertyValue="$2" - local newPropertyValue="$3" - local yamlPath="$4" - local sourceFile="$5" - - if [[ "${oldPropertyValue}" != "${newPropertyValue}" ]]; then - setSystemValue "${yamlPath}" "${oldPropertyValue}" "${SYSTEM_YAML_PATH}" - logger "Setting [${yamlPath}] with value of the property [${property}] in system.yaml" - else - logger "No change in property [${property}] value in [${sourceFile}] to migrate" - fi -} - -migrateReplicator () { - local property="$1" - local oldPropertyValue="$2" - local yamlPath="$3" - - setSystemValue "${yamlPath}" "${oldPropertyValue}" "${SYSTEM_YAML_PATH}" - logger "Setting [${yamlPath}] with value of the property [${property}] in system.yaml" -} - -compareJavaOptions () { - local property="$1" - local oldPropertyValue="$2" - local newPropertyValue="$3" - local yamlPath="$4" - local sourceFile="$5" - local oldJavaOption= - local newJavaOption= - local extraJavaOption= - local check=false - local success=true - local status=true - - oldJavaOption=$(echo "${oldPropertyValue}" | awk 'BEGIN{FS=OFS="\""}{for(i=2;i?{ZA$HxqETC|*rM91T19KmqNu$$X|1YRlo%n3 zS`n+nc3z*~_xy3L^Y8id#FfkCeV+S%@Acg4xkVZ1J*K8)r38UM)S4Qqh9D5w3xgb8WhxZ$y7!lHJ>wj;~wuKHH9WHeEq3jp9ZuE;pLqRwC$gNJ!(mo7B+{+cd}K+&8Pi!_0FjO5@8*ZzD}2r^##exEvognS+-{g{^6tp z?)N?|i<14ZoBG#7@~T5-j~XwSWPM+(3%fg{vsbgSZ!4kOZ9uu&gXi#;nuC`CiY{Sw zV%j!!B^&4HNe(ZP6RMff`7Jr6{@hs0t$fM^OOyG@-73;sCR;V8KQWOo;(z`#;7uN0{C(}fj z5@n%ouSwo25b(_DLVkPxNgzV7HK<<9ra*J8%b2H2?j*W-SA4d-@b|EozhM3J*N`8F zvthBl;e6p4nBymM**1$N){S1%@1+h=syyr@LJ8L_ENqes3Pk((nf;{e&%eUEIZczi zon7kPeF;>CV|2s$T|HjBz;1^>_h3;DI*uid;cNp#N0Qi^b?uMtu#!|D&bSesUd0A2 zN{2{Q2fM3X-Jkcy+AYdfVo{bzHGVT)(mSa7xXT|HQ4WERCViYA-sxNeUajfA`>7|b znNg7W@L^0+35VsKqyacqE^{9_rksZ`!VyLNsCa^+ODjnJ7-&Ji^fZRR+Qyp75u{V2 z&5j12eP5i#%3Sk1a0((z(9|N*cA(qfC$K;3oegg^ntf?qvvM0tmVH8i9>~89)S6+j zaY(#ErYd(rRU5NR4cjKsBlW88`b63V53^=Wbu5PTbOtX-m+D{S8-#D63i0bx=!T2lZ;~EkuE`n^ zhA28GWj_#TN!w zF@{uiw}r|Q<;}Rt1`b;zMDX*2gbnpbu7cqd8MnU|mbO!+GSq6U?*Q|TSi{*SBbku# zVC{ZAF=i4IBl#VF>MBP6YyRC?zu{#s$BMrG-Z=T$nXo?oQvX}Ibi{MnxZOcb zp)Tr}T}o+blPrnnl&xvJtt=gU@Y7UDvf5+78*Ovgo`Sr842uwqVQ7p}ih*_Y=TRlj zAZ2dDd_b@u#siV8w2{??>ZJti?drZ-s%*v4BO9z9q7#A(l?HZFFQ&_tphkV%ckz7ue_fp9I zvvBT2imY?!DVU3NzH50lH1E+?!h8}c79V>5s2mnAUsmeMh4DWqjTERRJ9f<~tZ3uw zcfB)>!K@PXy%LsM;&HCE8b=1>Ug8U=u}mi8|Mt6j_Ux<4?u_AXR;hAt@cVMPM1_F; z8Aj=X6hy~lcZhe8@>A)@l!(xX>gx0_`GV0aEkk;`AA1V3t^PP=6iEyAdn>@Tsr3pQ zv@h75U0Ux(Q0@pKF6&muEFCW4iff^>EiG^mbE>6sEwEoT#M48&1acXBXTLl^$osZ##d`E6CGQha8#$QZp`Oe0h9+a_0Lzxrc<3G4)xYNd;Y-GDfWl^8q5tBLe&sKReV;NS;-bvmh z?rRCPTH}a?R-tE3qsuA!*%5kDOKvDSXO{+6-}XuRxJ#FwbIVf7Lbodc>Hq@VD9G;& z()T{S)f-u|g_(Gvj%@ul;IyH{$x%NGAJkC)$uV@_^1v?BYem9kAYNB|p#8g0fS^I{ zp}O6jir+J9JH~{Kskf9X2UiG%t`O$t&q?;h#Dlhr8hDlOlz^rnonEVZyUu~9zoCVi zjRw%6N>&)@nK@Ug5AUE8Jdfn51}t}OUt~ksck3|Y4cPambR>#%_~0Z zm3J!hyiYUt2fxr$HX^Vd0--b!o&IBZJ4YJ_>UxiA{T7#B4X;y2QXxmK`5ZX2ktLu2 zLckVdrl~mtD~gazwWUGl7$O9S32UYG{SHJs=s@n0*va-+LT#NdCz@@@pUG1yww9!i zd6+PFKKIRTAs^r-@i`Ev!iDZJ*=ECXq-$$m#MoBd^Q1lMadKud`woe)rZmZ8KR!-! z-KO`G|KWA0haH-jd~yHP`!2%nzZ^2E!bp2sb)M2IO3cPgGjo;`^|xiKns2}>CKu1T zF`_!c?Jt`QCewU<$2#oHhv)RAS2>tHhz{RF@50#6zE7Obs~u;O#qjQ3Eo3-+6Eh6=};!U2!uJ`%#i#MyF$_-tb=7v-(;-CXij`(+0CdR{nKqTGQA;WE+hvbzYVmx3dTK4WIqgJHBF}~!dl@H}C zSYW{kC~=;4{MdI9B@F8CAnXnwVpncN){qeN1D@j+$Wo}|x;sR<%|8HHS3-Y9yVZ}C z#ATr_MIs!F6Eg$sQ`cjK`slZm)6mxsv^m>$=7;u&XEs}`#!f6HXX7n?yx;v%#ZbGX z;pK7|I3C&v4gCcPY<=p$)DwItnny)?bR)xLY-pRJmJo^Cv>S@*d`(b`#$2fObA< z)dzn2iLaR)(eaA@*~1cmgTfD|P!AK{zKrg=-Orkm~Ko9}b0&UvrB- z3@WK=O*@C8Ysgm~hYw)JYp2{SLkhneH(X=Tws-e?p8h3_=qzz2E#bgH8Ig$Yn;F0a zb$4)aCw+ofsrnh7GQ4T4zsn_2s}DBXv0Lxt6%)HG#x|&*x)MTz&U2(cj7#d%a~4n*N;-`IFKLEfjkgN!@r4LJD+mDz-4rekj( zlEhc&G<9j!71MCuH|1Au(3GfT@dU?JS`gYFmsZxdVRizFh_53s5@JJWRqsN8h_m`@ zeqlU)WSXpa+ZL}c7u;sC@>nLjxrX(WQ)9{ew>4{@Ak$-VbM2(I_At#7H1PPHl-w2E zv(e}9ZQ_}Yr(PU8>l39)R?`^MC`_kRMfmskTIpYuh%SYyTJ)YR5zHeG5xd{6%l<=Y{uz}Yo)P;Y#h8@53cIO<2FMBa2IN< zX#j&cqrW=qc)u-B{+lRSPVJI0T2&%@A2Mr45KZcXnQl+|l$}r`E;~_X*6&%Zv(dBq zXDegDSHPdHfIpb*_q_@M757;reU(q~|Ctg=+0JH95J?)@+1vZ_)%1d7wMf|_GSLm5 z3H4T2?0q)Do%9L-tQBhe>Y^^<7^a&w&+5bM^)-h@;BeBry2fGf=b!iY@#}m@248`I zV*71NtBtP&mZ<-M)h&Bhg7u0NmAD9?RT_q$h;F>)-Og`z>+XF@By%?Lfuxl~=I+yf zIzA5z+zem@r0KZEe}Hp@hY?LInSJm@@d?aIMt z9!iJr>7}B1_pSj}CO_ytyKm4nPpwm;(kwWKYs<6K^tkr(b!+u%`mc%eh429YWjc$; zY`a@!zCA&BOapKo$hZqTZM%L;r2U2go(6IG-N1A^zxp&8$13m-x_-nIzA%|Lw~KFk zwrC8US+sT_BN4iR{HXG6o@5zpI2CdNPL4!&w%3+p>6 z`n7qjg+9oJ6mt1?8HZHp`;F{>>!qbBdQ{)1f$a9#7pLX0kOs&Qp161M{ zzq66q{kQEDvQnNUvH0Mn4NI9xduYs$S`0-n3pod#Kr&xn_mup+*t%fx9!%3H16sRf zCJDSEwCBt;+iM-YV7*-(l>8Sc`ih)>R?ao^c$Tz%V{uAk=W2CKK;Nt?a1w6*iUv2Z zzY-m6pTdl=ZQ!keB_|t|p810hp;S$Ro+S~~K|^DLEr2?7b&0goO%l-q;f*)^4xQOo zzw2i7Rz_ng-vu1V&4rQ25DO(il7lQScF^bVy9djpIU+#`hihkH@mZ1Q8m+C``-TA14)|81jCN-VGdR^zKz57*U8`+E zQFBqe>_yIN>z!=LTA3kC5F+adzpgewPLes3=Todedy{p2&8D-kYsy=3D;(nMg-foI zXGzjfqLCdzkS-cfSC*+wLmjn0M^z9?qV$_6EB`-5767v&8&0Hrf1;D5jLHlyu+tFd zRn6%b^j-=mNS)-yi&pf(dX!f1TfTwz1cANG!HT=MXQQMIXbujrurA=R)8m@!A%O8z z-}Sx38{~Ny;cV2h2Vi-Kte`-O9esaay%UB60haehEQ>-+><=*RO1zJ2}gty zD=<_IK1p8Ii^h~{v;%q{e<8|LWak5sge2d4<`;5>wM^@ISq%MNke}#|+Lmd3;}zO$ z0BwL-P0{bTUW(@#UHW9LfhxnK?{tb^HkQYQrR27@&i*NQ{xiHfh@pfJV4rhX6GcQM zXhmzq(W;w}_40g=0Y9vT{epaMv$#meqIcq_G#k6gX!B%{x0glPGMA2FXAE#|Aprce z6GJvARBMYj_WI1VWWVIrq8@kS0vmvUduDOXsC%zZvpbmxrFMjSdxqD9w@Y8qLJ*`v zMjBaAJA#0r=oQ|*2bSc6RAztP`ndjUK!?0YO_uC6}4S;7R+NclF4 z634K%mw~jU$x>8cY}HRlaW)=7`Rx#WcbgtfHZ#QGwugHF?m2H(@$AcK_XIFklAHY@ zsw{v2IHrxA?sI_g6h6o7RaJ5(SvLUqK;Y!zYL`8+ACyfInFE@x_Bd%ZzuyLk<0qNM z%De_q$CHUu_K%z>Da{fC+}UYxOly0VbL$*JhwHn!4iU#IsK3gl3zF4XvhrvtViKYL zy0{K}+Fy3gkL>WR zDyTse349IB-md_lD>D+cOgE6vzB92ni~s{(9YAQlRgEateY|SVezW!Qf7oij=(suE z#}T8zpPIbK|7sQ23vmDPPp=@Ypf>xn6K9wbH%a=Tiy5O-PiS|BREaI;W^bg|O>;u;4eS>Tl$0*n7H@O_DX$5JdtNfF>OH-VNw@ z&Ut-9xDW{H{(uw_c+y8uN+nqEU{N>z3C~U7g#|pCHl%|zFWn+rF|L+Zw9nQ>Jx2Zx z7f~uLd~;kKbdy32cw_%g04hdo>aU){M9a;DUhyCqHZuI(!B8_{cth9~)Du) z9CsgPyTqio&khhxwtPL3!A=Fkhyc`F3w%ref^JVDWRF4wQ_72b-3@r^!YdRJgdp;p zRmhZ{|521l-x>7uRjp(0K&4D=JwQMSQy@N-uK z0{WZEJ05NxF4D<}W(5qWMO?tF3VHucfo`Ot_T8&>Ssgw!+iQjUCgskwfDgeh$?5}D z)J;jhXv}8~a^TE7fa?@8)_`}YH>DMupnmb(2Z@38?*odNNM`u0$R2r8s9bgkL`zwU{_kt#qO?iUeU1+jJChByj}fr2jZV~+y_*68;EYC)BIJ! zqxCBPZSV^4A`K#KIb*)Qamy*87_emTxe)p5%awK!nB(`K8RpAN2RPlCmbUd?b1>`Nf$eopTuQ7)S2g=7J)DUku;Y)r zP`x^}Wfr++@sg@l8BJEPXhe z2)4vAsy)(1U6cO^BZ`i^qUSw8PojN1y*s3}=_|3i|* z9!5<5&o7aK=8H-W@BWO%m%-a}Y_Dg(KIM!9qyj|XM9tqDYx$_R$|(zczF`4?XL%(_ zL-Hs~

sCPb@d4#iMxTw1P!CIbM}-ztF`V#Th=K!tjm{;>cl*pcKEIR!oQjpu;>s zhj)RNF2|Y3_cl#5rC*!*XCyC+VJDEDf>cKZzKZm-nk`%nP z$sb!*L1bht!RcS-6b<-YlAiqMn1w1y$`X`Qa%Lx!*%`0cp{s?2LjZT;mY8~oO1ugw zgI_HUUSfX%qz}X_0UDu;IsS%vrEJ=n;n`;%^C>L8fVbi$9K`0QRlLa- zx@v&%NKIl?Wql0@f70NY+VARF@Uv%@` zf05e>>_@f(MELC}-mIw_Z|<-0PIgh0Q@dY<59kVF)_e1cq^6gV?8GUiJF^7g7E`H)~GXO-rm8ok=wCA z-U(e}dL{LyZle^*2eDRktn&Xmc#jMa_;O)7riHKw(*`H|bN6^K3;cUCb7Wd@Wn4yR z#Y9CUnY=U^cC@>U56FW=v$E8ihSZ3-q#bnu9yfrvnf|@bNt0xW5+?POLUI$&PZ*5C zl>Qjr;74pzx6!s2~;RZ}Ej^}&Tm-a|2eH^(qS8L+L*Y|B(A>(z8C($g|lRD2(&bV0ezKnettBuV(U90JTnE(Fq6ZG^(Q3mnB z!#WB&uRG_fCs26fMp`Vzg5`4{;@ww2Wzg^vt|a!TTL8!`HIDZ+`MZMuHSt7e>KRs zx$zo?_>7XgnQtT<=IEPzpq?j{&0F{ah;?jxT#94#m+V*>kkV^TFQG<|&M5BF)ZLCZrheNuS}hZbgx5v! zPCQ)1-$QL%Y;jI2)mJqk;81j(az`z7q3t*QfnxNLc658FrmcQ)W1Xs>*6^0Fau8Mm zA@?ydh_u)Ke}!9l!OwQt6k-ucObo4AoC;9SjXl9DQr6anr-f@D1d?#X-ubUEomAF$ zl0Om+CxfH}s)4tyCrmS0uS(hIpw^;@b~agY&k{1s@$qO)#|OT<@1%eP*~yuqkuAIw zoZ>_@pDqJ5eJZ6Yt>XM7=QYtIA!J;|Pn+-hb^e$27+IR*FmJuZcMPzGqP5)@Uu&)A zMEyp_f|LI-9Nw>u2YZ84ES83kO9KNR+YyB5GOqdqTlg+zrRyiYdtmtXIzN*ourQQg zJAp~o_TmERQCaNIv+AH7Yqs9Ql+`ae=o16y=VHW6SA=;I7oWR_I*2m#51K!pOh*@j`8tT zBP4+%crJ`A^!76Zg6zk$%ufTnj#*yMZ*#SJ^k)wn-mc~eAluQq_3v)u5~}b{j4jhu zj|Wg}P1nx)%9BA+(v96zdl^YZg~I!$@zW$u5+y4w;-^6{b&j9s^W*>Ir+mwcfd*4S z0?@Wp=u$Ra_d{HARyEVC&`2CPJZ`pZZ5wzEh$~(%CXASIB5%%bu9IYr%f| zW+oIXn@MYBS(F$AT20;U1*FE*8kVLoqYZ6_9%{@#gL4tVCrfbDaal?e?RJ*`cjwO= z@Mf5((=gCMAh86~k&vdB`YHp-x$93V3yY0G-oKR)MZF_$(wqj)Gqwop_QpQEZ9&4i ziq&#JVJET3?X!6^eR&Yhdp`Z<;pw-$Jc4MVX4(GF&&~BW#ZPZ~!m@sTLG}FJKo?e@ zGCBDGwlQL#YcQV~c;btlluL&Gj1grQ^XOEoK27PZEA}V}h_1Ik48Z=7OYR_9b?L%H z%v4)1lUy~Mub0kITs(kTb3}7G^4NNa`sVm~9y<&<^mF-^n`JL21xKcZkjOT~6;8xU%8wdR8-ko=*;fr5YgD>q81YU?UF&4FgVI8l#l|`wB3E) zY_+$I+T{LdyS-yw`BX_}!pMf>)JB7uqeu>Dc6IGQmK{7x6vWAy&X*4 zNmr(;JzW-jyC?VSAhHejfW4yy9!Xw zVWiQ88TJdb3H@5}S>*E!YVcAwDLre^|R_=5_o%xG-I5 zJjUZm21o3T3QiwF80&(fmp1P7wnW;xfq8g}jDsV(5fqB(f;bPzX=y3rl*y=oGpMDjb@RD^4ytoVlrU@p@nE@4%@ zs~6L+X7`VI#AO*?M2W>ZnWb^x|H-z%25L<^;q4muN0x9Ssu~Sf$X~8p~ zZB}VA{!=D0T2S47fj*&M&!tNBt}-z9Gb?n=hZQY>c0}h<&iyF~Q`8-|r6qi9?CB8Q zJCi$UbxfaKXI=$8re96CgFYb6Gak@lvs++F5CTX_yTwt6Z%#%#B9-`tbtcCr zo4vzX7FgFd+650o5-!?u7*1*Y;IDq=Ax_ZyK(;01k*lEl-samx~JdR5?x2kd)D zz|jU1`P09&xP`Jeojs+Nyz(K?uCH}-oW>bpw6#9!6< z&HsKCV)^!iolU8gE)}&QpZ7XIpD6((HvoNX7ffNMe)hqb1n*7Q*Emnq5()7!Htn3h zUYaz_098-Nuc9-CaP6pX-Iq9Dtbm4+!l-cz^bktd{~4{c%$@ez9Ir@PD+Ev4ojx*)^P4*=5u0Bb z!o2*=H6OZMUC8|f7p3pgz`?%(SOY%*|ex#JHQd{MJxA67~-h<-;4Ml;G9+ZtB>XoanmQc$`V z;IS6C+Kz%f+5XdzJU7v3??+P~lE9h9aF&gz><%ld_wMQbG*|(wfc2y=u}%51UYq+s|?bjX3dEUD~^tgv}gjk~lS~EkbKn@Ia(Gt<7O)p{fn`?i;=!gG)t@RBS z!knz7$J*0&p7t_9PrZ)f^=s0`9qaVc#w0L8S?+MjmlGmzF=_Z9~C?ByYI8q~iORbkkWwiAf3H`Btx{hPq8qmXJewl)`B=5xfkvk&-5-zzDJUZoN| zetSJd=#Nmiutv;O#JQ+5*<+WG$>k(4f@n43(lxhqy8{iOORxrRSrdu2LbUhI@VVWI zh-YmSve$p~aHh27Qr27JMfI|%=(V?5*2aj2xXpozBk^{0=w!A_+HXIhsCI}fMD}%m z7`qOmakvuFHbHIy(&}5Bn}t@Z0U{PpgxpEc9+oe>y%&4H|KdJnk>B;hk(ZZhyeof= zF(ETTPkADMszkz7v)M6yk&LZva&TVDE!ITvWV*8P3DyQ70=_i9f6!{`=b|K-AT%CX zra}J#7*)L`vp{F_e1{SHqOM)#1&sp99L+`2O_4kGeQ)2-cs(p&xjG98aTlE41SnlT zs3B(NkS1{7)9!(%OciC5K)K23ICVz0#qnRZV5Ukz?xd?B!K4kq=eb95kaS$H9S=7` zny+~;7J9-YhwEufU)frh%xs$+{Bw^5Mr@;0xC*#+D?-%7t0xY{m&9N!=yenrMw&hy zsAvq6+_^RUspOP_!cQiZ|H$DJ>0V z8=dd(f4I}6Cj=5 zP1I*_?dAvN%Q?&zp>HOQqkiN7_a5A$FLnusjSlm-gHoq2P!CZQ@Ix)2e_) zyDet7p7W@@E0(koM37UEMgIokE$Dy4$yvbhxX+ui?D)m0CDPoBxObP7&tP`c=dKt> zDrsFe=jJ{$88F6OQeN1?bOw*i2$%QF*1|~BG6g-hqkXD+mkYQCpXQC$f+ow*2@S;- z{Wcd~rj=gujEO)og1nI!MDUinF!J~QjV0zP3Ut+y3v{QT3nCllIo8_ScV<&N*E=~` zCzow9ZrsBV_>Ygf6)+#wR}c37^z?JqS~{*K%~{FJvIToc&UWoWug%g2%T!^Cq43P! zu#sS0qM2fnYK40H&}$kwyZ5z(6=DrC-UObwBwdPY9Lsf0E|x(iu^lbW>q+sZu1j3W zpT^LH$Er2J^^WRiGjyv|&dBslA({IxGyaS^t5c0`jM{yGj6^^=DnRUg;&WN=(@bCX zinDn;vIk!yBz%>WkV|)MUHmPlY_9tMe^gZq63lT#??66>1R?O39?r;jI)UrTrXCLt zZ>jD9mlQQ!B&dh{|Du0XusjSa(}Vz*r0UO<>4L6vORTTQOF5CByt&KG%`Nc_@C3l; zF5o!dy?ghA7#O0tapOiB3~= 10.1.0" - ## Description / note - description: This CVE needs to be fixed in the alpine base image of nginx container. diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/NOTES.txt b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/NOTES.txt deleted file mode 100644 index 5afe10d1d..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/NOTES.txt +++ /dev/null @@ -1,85 +0,0 @@ -Congratulations. You have just deployed JFrog Artifactory! -{{- if .Values.artifactory.masterKey }} -{{- if and (not .Values.artifactory.masterKeySecretName) (eq .Values.artifactory.masterKey "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF") }} - - -***************************************** WARNING ****************************************** -* Your Artifactory master key is still set to the provided example: * -* artifactory.masterKey=FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF * -* * -* You should change this to your own generated key: * -* $ export MASTER_KEY=$(openssl rand -hex 32) * -* $ echo ${MASTER_KEY} * -* * -* Pass the created master key to helm with '--set artifactory.masterKey=${MASTER_KEY}' * -* * -* Alternatively, you can use a pre-existing secret with a key called master-key with * -* '--set artifactory.masterKeySecretName=${SECRET_NAME}' * -******************************************************************************************** -{{- end }} -{{- end }} - -{{- if .Values.artifactory.joinKey }} -{{- if eq .Values.artifactory.joinKey "EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE" }} - - -***************************************** WARNING ****************************************** -* Your Artifactory join key is still set to the provided example: * -* artifactory.joinKey=EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE * -* * -* You should change this to your own generated key: * -* $ export JOIN_KEY=$(openssl rand -hex 32) * -* $ echo ${JOIN_KEY} * -* * -* Pass the created master key to helm with '--set artifactory.joinKey=${JOIN_KEY}' * -* * -******************************************************************************************** -{{- end }} -{{- end }} - -1. Get the Artifactory URL by running these commands: - - {{- if .Values.ingress.enabled }} - {{- range .Values.ingress.hosts }} - http://{{ . }} - {{- end }} - - {{- else if contains "NodePort" .Values.nginx.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "artifactory.nginx.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT/ - - {{- else if contains "LoadBalancer" .Values.nginx.service.type }} - - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of the service by running 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "artifactory.nginx.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "artifactory.nginx.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP/ - - {{- else if contains "ClusterIP" .Values.nginx.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "component={{ .Values.nginx.name }}" -o jsonpath="{.items[0].metadata.name}") - echo http://127.0.0.1:{{ .Values.nginx.externalPortHttp }} - kubectl port-forward --namespace {{ .Release.Namespace }} $POD_NAME {{ .Values.nginx.externalPortHttp }}:{{ .Values.nginx.internalPortHttp }} - - {{- end }} - -2. Open Artifactory in your browser - Default credential for Artifactory: - user: admin - password: password - -{{ if .Values.artifactory.javaOpts.jmx.enabled }} -JMX configuration: -{{- if not (contains "LoadBalancer" .Values.artifactory.service.type) }} -If you want to access JMX from you computer with jconsole, you should set ".Values.artifactory.service.type=LoadBalancer" !!! -{{ end }} - -1. Get the Artifactory service IP: -export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "artifactory.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - -2. Map the service name to the service IP in /etc/hosts: -sudo sh -c "echo \"${SERVICE_IP} {{ template "artifactory.fullname" . }}\" >> /etc/hosts" - -3. Launch jconsole: -jconsole {{ template "artifactory.fullname" . }}:{{ .Values.artifactory.javaOpts.jmx.port }} -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/_helpers.tpl b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/_helpers.tpl deleted file mode 100644 index 14b571f91..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/_helpers.tpl +++ /dev/null @@ -1,237 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "artifactory.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Expand the name nginx service. -*/}} -{{- define "artifactory.nginx.name" -}} -{{- default .Chart.Name .Values.nginx.name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "artifactory.fullname" -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified replicator app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "artifactory.replicator.fullname" -}} -{{- if .Values.artifactory.replicator.ingress.name -}} -{{- .Values.artifactory.replicator.ingress.name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-replication" .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} - -{{/* -Create a default fully qualified nginx name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "artifactory.nginx.fullname" -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- printf "%s-%s-%s" .Release.Name $name .Values.nginx.name | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "artifactory.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} -{{ default (include "artifactory.fullname" .) .Values.serviceAccount.name }} -{{- else -}} -{{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "artifactory.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Generate SSL certificates -*/}} -{{- define "artifactory.gen-certs" -}} -{{- $altNames := list ( printf "%s.%s" (include "artifactory.name" .) .Release.Namespace ) ( printf "%s.%s.svc" (include "artifactory.name" .) .Release.Namespace ) -}} -{{- $ca := genCA "artifactory-ca" 365 -}} -{{- $cert := genSignedCert ( include "artifactory.name" . ) nil $altNames 365 $ca -}} -tls.crt: {{ $cert.Cert | b64enc }} -tls.key: {{ $cert.Key | b64enc }} -{{- end -}} - -{{/* -Scheme (http/https) based on Access TLS enabled/disabled -*/}} -{{- define "artifactory.scheme" -}} -{{- if .Values.access.accessConfig.security.tls -}} -{{- printf "%s" "https" -}} -{{- else -}} -{{- printf "%s" "http" -}} -{{- end -}} -{{- end -}} - -{{/* -Resolve joinKey value -*/}} -{{- define "artifactory.joinKey" -}} -{{- if .Values.global.joinKey -}} -{{- .Values.global.joinKey -}} -{{- else if .Values.artifactory.joinKey -}} -{{- .Values.artifactory.joinKey -}} -{{- end -}} -{{- end -}} - -{{/* -Resolve masterKey value -*/}} -{{- define "artifactory.masterKey" -}} -{{- if .Values.global.masterKey -}} -{{- .Values.global.masterKey -}} -{{- else if .Values.artifactory.masterKey -}} -{{- .Values.artifactory.masterKey -}} -{{- end -}} -{{- end -}} - -{{/* -Resolve joinKeySecretName value -*/}} -{{- define "artifactory.joinKeySecretName" -}} -{{- if .Values.global.joinKeySecretName -}} -{{- .Values.global.joinKeySecretName -}} -{{- else if .Values.artifactory.joinKeySecretName -}} -{{- .Values.artifactory.joinKeySecretName -}} -{{- else -}} -{{ include "artifactory.fullname" . }} -{{- end -}} -{{- end -}} - -{{/* -Resolve masterKeySecretName value -*/}} -{{- define "artifactory.masterKeySecretName" -}} -{{- if .Values.global.masterKeySecretName -}} -{{- .Values.global.masterKeySecretName -}} -{{- else if .Values.artifactory.masterKeySecretName -}} -{{- .Values.artifactory.masterKeySecretName -}} -{{- else -}} -{{ include "artifactory.fullname" . }} -{{- end -}} -{{- end -}} - -{{/* -Resolve imagePullSecrets value -*/}} -{{- define "artifactory.imagePullSecrets" -}} -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- else if .Values.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end -}} -{{- end -}} - -{{/* -Resolve customInitContainersBegin value -*/}} -{{- define "artifactory.customInitContainersBegin" -}} -{{- if .Values.global.customInitContainersBegin -}} -{{- .Values.global.customInitContainersBegin -}} -{{- else if .Values.artifactory.customInitContainersBegin -}} -{{- .Values.artifactory.customInitContainersBegin -}} -{{- end -}} -{{- end -}} - -{{/* -Resolve customInitContainers value -*/}} -{{- define "artifactory.customInitContainers" -}} -{{- if .Values.global.customInitContainers -}} -{{- .Values.global.customInitContainers -}} -{{- else if .Values.artifactory.customInitContainers -}} -{{- .Values.artifactory.customInitContainers -}} -{{- end -}} -{{- end -}} - -{{/* -Resolve customVolumes value -*/}} -{{- define "artifactory.customVolumes" -}} -{{- if .Values.global.customVolumes -}} -{{- .Values.global.customVolumes -}} -{{- else if .Values.artifactory.customVolumes -}} -{{- .Values.artifactory.customVolumes -}} -{{- end -}} -{{- end -}} - -{{/* -Resolve customVolumeMounts value -*/}} -{{- define "artifactory.customVolumeMounts" -}} -{{- if .Values.global.customVolumeMounts -}} -{{- .Values.global.customVolumeMounts -}} -{{- else if .Values.artifactory.customVolumeMounts -}} -{{- .Values.artifactory.customVolumeMounts -}} -{{- end -}} -{{- end -}} - -{{/* -Resolve customSidecarContainers value -*/}} -{{- define "artifactory.customSidecarContainers" -}} -{{- if .Values.global.customSidecarContainers -}} -{{- .Values.global.customSidecarContainers -}} -{{- else if .Values.artifactory.customSidecarContainers -}} -{{- .Values.artifactory.customSidecarContainers -}} -{{- end -}} -{{- end -}} - -{{/* -Return the proper artifactory chart image names -*/}} -{{- define "artifactory.getImageInfoByValue" -}} -{{- $dot := index . 0 }} -{{- $indexReference := index . 1 }} -{{- $registryName := index $dot.Values $indexReference "image" "registry" -}} -{{- $repositoryName := index $dot.Values $indexReference "image" "repository" -}} -{{- $tag := default $dot.Chart.AppVersion (index $dot.Values $indexReference "image" "tag") | toString -}} -{{- if $dot.Values.global }} - {{- if and $dot.Values.global.versions.artifactory (or (eq $indexReference "artifactory") (eq $indexReference "nginx") ) }} - {{- $tag = $dot.Values.global.versions.artifactory | toString -}} - {{- end -}} - {{- if $dot.Values.global.imageRegistry }} - {{- printf "%s/%s:%s" $dot.Values.global.imageRegistry $repositoryName $tag -}} - {{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} - {{- end -}} -{{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} -{{- end -}} -{{- end -}} - -{{/* -Return the proper artifactory app version -*/}} -{{- define "artifactory.app.version" -}} -{{- $image := split ":" ((include "artifactory.getImageInfoByValue" (list . "artifactory")) | toString) -}} -{{- $tag := $image._1 -}} -{{- printf "%s" $tag -}} -{{- end -}} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/additional-resources.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/additional-resources.yaml deleted file mode 100644 index c4d06f08a..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/additional-resources.yaml +++ /dev/null @@ -1,3 +0,0 @@ -{{ if .Values.additionalResources }} -{{ tpl .Values.additionalResources . }} -{{- end -}} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/admin-bootstrap-creds.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/admin-bootstrap-creds.yaml deleted file mode 100644 index c8bf2eb16..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/admin-bootstrap-creds.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if not (and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey) }} -{{- if .Values.artifactory.admin.password }} -kind: Secret -apiVersion: v1 -metadata: - name: {{ template "artifactory.fullname" . }}-bootstrap-creds - labels: - app: {{ template "artifactory.name" . }} - chart: {{ template "artifactory.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - bootstrap.creds: {{ (printf "%s@%s=%s" .Values.artifactory.admin.username .Values.artifactory.admin.ip .Values.artifactory.admin.password) | b64enc }} -{{- end }} -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/artifactory-access-config.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/artifactory-access-config.yaml deleted file mode 100644 index 304304e4e..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/artifactory-access-config.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if .Values.access.accessConfig }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "artifactory.fullname" . }}-access-config - labels: - app: {{ template "artifactory.name" . }} - chart: {{ template "artifactory.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -type: Opaque -stringData: - access.config.patch.yml: | -{{ tpl (toYaml .Values.access.accessConfig) . | indent 4 }} -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/artifactory-binarystore-secret.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/artifactory-binarystore-secret.yaml deleted file mode 100644 index bbfbdf3be..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/artifactory-binarystore-secret.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if not .Values.artifactory.persistence.customBinarystoreXmlSecret }} -kind: Secret -apiVersion: v1 -metadata: - name: {{ template "artifactory.fullname" . }}-binarystore - labels: - app: {{ template "artifactory.name" . }} - chart: {{ template "artifactory.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -stringData: - binarystore.xml: |- -{{ tpl .Values.artifactory.persistence.binarystoreXml . | indent 4 }} -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/artifactory-configmaps.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/artifactory-configmaps.yaml deleted file mode 100644 index 359fa07d2..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/artifactory-configmaps.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{ if .Values.artifactory.configMaps }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "artifactory.fullname" . }}-configmaps - labels: - app: {{ template "artifactory.fullname" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: -{{ tpl .Values.artifactory.configMaps . | indent 2 }} -{{ end -}} \ No newline at end of file diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/artifactory-custom-secrets.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/artifactory-custom-secrets.yaml deleted file mode 100644 index a2e3895f5..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/artifactory-custom-secrets.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.artifactory.customSecrets }} -{{- range .Values.artifactory.customSecrets }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "artifactory.fullname" $ }}-{{ .name }} - labels: - app: "{{ template "artifactory.name" $ }}" - chart: "{{ template "artifactory.chart" $ }}" - component: "{{ $.Values.artifactory.name }}" - heritage: {{ $.Release.Service | quote }} - release: {{ $.Release.Name | quote }} -type: Opaque -stringData: - {{ .key }}: | -{{ .data | indent 4 -}} -{{- end -}} -{{- end -}} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/artifactory-database-secrets.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/artifactory-database-secrets.yaml deleted file mode 100644 index 9edf87dc1..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/artifactory-database-secrets.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if and (not .Values.database.secrets) (not .Values.postgresql.enabled) }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "artifactory.fullname" . }}-database-creds - labels: - app: {{ template "artifactory.name" . }} - chart: {{ template "artifactory.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -type: Opaque -data: - {{- with .Values.database.url }} - db-url: {{ tpl . $ | b64enc | quote }} - {{- end }} - {{- with .Values.database.user }} - db-user: {{ tpl . $ | b64enc | quote }} - {{- end }} - {{- with .Values.database.password }} - db-password: {{ tpl . $ | b64enc | quote }} - {{- end }} -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/artifactory-installer-info.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/artifactory-installer-info.yaml deleted file mode 100644 index f2e2c0f5b..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/artifactory-installer-info.yaml +++ /dev/null @@ -1,12 +0,0 @@ -kind: ConfigMap -apiVersion: v1 -metadata: - name: {{ template "artifactory.fullname" . }}-installer-info - labels: - app: {{ template "artifactory.name" . }} - chart: {{ template "artifactory.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - installer-info.json: | - {{ tpl .Values.installerInfo . }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/artifactory-license-secret.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/artifactory-license-secret.yaml deleted file mode 100644 index d37ed1e4b..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/artifactory-license-secret.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- with .Values.artifactory.license.licenseKey }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "artifactory.fullname" $ }}-license - labels: - app: {{ template "artifactory.name" $ }} - chart: {{ template "artifactory.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} -type: Opaque -data: - artifactory.lic: {{ . | b64enc | quote }} -{{- end }} \ No newline at end of file diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/artifactory-migration-scripts.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/artifactory-migration-scripts.yaml deleted file mode 100644 index 4b1ba4027..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/artifactory-migration-scripts.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.artifactory.migration.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "artifactory.fullname" . }}-migration-scripts - labels: - app: {{ template "artifactory.name" . }} - chart: {{ template "artifactory.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - migrate.sh: | -{{ .Files.Get "files/migrate.sh" | indent 4 }} - migrationHelmInfo.yaml: | -{{ .Files.Get "files/migrationHelmInfo.yaml" | indent 4 }} - migrationStatus.sh: | -{{ .Files.Get "files/migrationStatus.sh" | indent 4 }} -{{- end }} \ No newline at end of file diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/artifactory-networkpolicy.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/artifactory-networkpolicy.yaml deleted file mode 100644 index da6fd178a..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/artifactory-networkpolicy.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{- range .Values.networkpolicy }} -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ template "artifactory.fullname" $ }}-{{ .name }}-networkpolicy - labels: - app: {{ template "artifactory.name" $ }} - chart: {{ template "artifactory.chart" $ }} - release: {{ $.Release.Name }} - heritage: {{ $.Release.Service }} -spec: -{{- if .podSelector }} - podSelector: -{{ .podSelector | toYaml | trimSuffix "\n" | indent 4 -}} -{{ else }} - podSelector: {} -{{- end }} - policyTypes: - {{- if .ingress }} - - Ingress - {{- end }} - {{- if .egress }} - - Egress - {{- end }} -{{- if .ingress }} - ingress: -{{ .ingress | toYaml | trimSuffix "\n" | indent 2 -}} -{{- end }} -{{- if .egress }} - egress: -{{ .egress | toYaml | trimSuffix "\n" | indent 2 -}} -{{- end }} ---- -{{- end -}} \ No newline at end of file diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/artifactory-priority-class.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/artifactory-priority-class.yaml deleted file mode 100644 index 9eb94b35b..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/artifactory-priority-class.yaml +++ /dev/null @@ -1,9 +0,0 @@ -{{- if .Values.artifactory.priorityClass.create }} -apiVersion: scheduling.k8s.io/v1 -kind: PriorityClass -metadata: - name: {{ default (include "artifactory.fullname" .) .Values.artifactory.priorityClass.name }} -value: {{ .Values.artifactory.priorityClass.value }} -globalDefault: false -description: "Artifactory priority class" -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/artifactory-role.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/artifactory-role.yaml deleted file mode 100644 index db01f235f..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/artifactory-role.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.rbac.create }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app: {{ template "artifactory.name" . }} - chart: {{ template "artifactory.chart" . }} - component: {{ .Values.artifactory.name }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - name: {{ template "artifactory.fullname" . }} -rules: -{{ toYaml .Values.rbac.role.rules }} -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/artifactory-rolebinding.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/artifactory-rolebinding.yaml deleted file mode 100644 index dfb42258f..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/artifactory-rolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.rbac.create }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app: {{ template "artifactory.name" . }} - chart: {{ template "artifactory.chart" . }} - component: {{ .Values.artifactory.name }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - name: {{ template "artifactory.fullname" . }} -subjects: -- kind: ServiceAccount - name: {{ template "artifactory.serviceAccountName" . }} -roleRef: - kind: Role - apiGroup: rbac.authorization.k8s.io - name: {{ template "artifactory.fullname" . }} -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/artifactory-secrets.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/artifactory-secrets.yaml deleted file mode 100644 index 3ac8e3a74..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/artifactory-secrets.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "artifactory.fullname" . }} - labels: - app: {{ template "artifactory.name" . }} - chart: {{ template "artifactory.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -type: Opaque -data: - {{- if or .Values.artifactory.masterKey .Values.global.masterKey }} - {{- if not (or .Values.artifactory.masterKeySecretName .Values.global.masterKeySecretName) }} - master-key: {{ include "artifactory.masterKey" . | b64enc | quote }} - {{- end }} - {{- end }} - {{- if or .Values.artifactory.joinKey .Values.global.joinKey }} - {{- if not (or .Values.artifactory.joinKeySecretName .Values.global.joinKeySecretName) }} - join-key: {{ include "artifactory.joinKey" . | b64enc | quote }} - {{- end }} - {{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/artifactory-service.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/artifactory-service.yaml deleted file mode 100644 index 27f552979..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/artifactory-service.yaml +++ /dev/null @@ -1,50 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "artifactory.fullname" . }} - labels: - app: {{ template "artifactory.name" . }} - chart: {{ template "artifactory.chart" . }} - component: {{ .Values.artifactory.name }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - {{- with .Values.artifactory.labels }} -{{ toYaml . | indent 4 }} - {{- end }} -{{- if .Values.artifactory.service.annotations }} - annotations: -{{ toYaml .Values.artifactory.service.annotations | indent 4 }} -{{- end }} -spec: - type: {{ .Values.artifactory.service.type }} -{{- if .Values.artifactory.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml .Values.artifactory.service.loadBalancerSourceRanges | indent 4 }} -{{- end }} - ports: - - port: {{ .Values.artifactory.externalPort }} - targetPort: {{ .Values.artifactory.internalPort }} - protocol: TCP - name: http-router - - port: {{ .Values.artifactory.externalArtifactoryPort }} - targetPort: {{ .Values.artifactory.internalArtifactoryPort }} - protocol: TCP - name: http-artifactory - {{- if .Values.artifactory.ssh.enabled }} - - port: {{ .Values.artifactory.ssh.externalPort }} - targetPort: {{ .Values.artifactory.ssh.internalPort }} - protocol: TCP - name: tcp-ssh - {{- end }} - {{- with .Values.artifactory.javaOpts.jmx }} - {{- if .enabled }} - - port: {{ .port }} - targetPort: {{ .port }} - protocol: TCP - name: tcp-jmx - {{- end }} - {{- end }} - selector: - app: {{ template "artifactory.name" . }} - component: "{{ .Values.artifactory.name }}" - release: {{ .Release.Name }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/artifactory-serviceaccount.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/artifactory-serviceaccount.yaml deleted file mode 100644 index 4e9c5fbb5..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/artifactory-serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: -{{- with .Values.serviceAccount.annotations }} - annotations: -{{ tpl (toYaml .) $ | indent 4 }} -{{- end }} - labels: - app: {{ template "artifactory.name" . }} - chart: {{ template "artifactory.chart" . }} - component: {{ .Values.artifactory.name }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - name: {{ template "artifactory.serviceAccountName" . }} -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/artifactory-statefulset.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/artifactory-statefulset.yaml deleted file mode 100644 index 524fcbcbf..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/artifactory-statefulset.yaml +++ /dev/null @@ -1,734 +0,0 @@ -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ template "artifactory.fullname" . }} - labels: - app: {{ template "artifactory.name" . }} - chart: {{ template "artifactory.chart" . }} - component: {{ .Values.artifactory.name }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -{{- with .Values.artifactory.labels }} -{{ toYaml . | indent 4 }} -{{- end }} -{{- if and .Release.IsUpgrade .Values.postgresql.enabled }} - databaseUpgradeReady: {{ required "\n\n*********\nIMPORTANT: UPGRADE STOPPED to prevent data loss!\nReview CHANGELOG.md (https://github.com/jfrog/charts/blob/master/stable/artifactory/CHANGELOG.md) \nNote: This applies only when you are using bundled postgresql (postgresql.enabled=true) \nIf you are upgrading from a chart version (< 11.x) that has postgresql.image.tag of 9.x or 10.x, make sure to pass the current postgresql.image.tag and set databaseUpgradeReady=true \nOR \nIf you are upgrading from a chart version (>= 11.x), just set databaseUpgradeReady=true \n" .Values.databaseUpgradeReady | quote }} -{{- end }} -spec: - serviceName: {{ template "artifactory.name" . }} - replicas: 1 - updateStrategy: - type: RollingUpdate - selector: - matchLabels: - app: {{ template "artifactory.name" . }} - role: {{ template "artifactory.name" . }} - release: {{ .Release.Name }} - template: - metadata: - labels: - app: {{ template "artifactory.name" . }} - chart: {{ template "artifactory.chart" . }} - heritage: {{ .Release.Service }} - role: {{ template "artifactory.name" . }} - component: {{ .Values.artifactory.name }} - release: {{ .Release.Name }} - {{- with .Values.artifactory.labels }} -{{ toYaml . | indent 8 }} - {{- end }} - annotations: - checksum/database-secrets: {{ include (print $.Template.BasePath "/artifactory-database-secrets.yaml") . | sha256sum }} - checksum/binarystore: {{ include (print $.Template.BasePath "/artifactory-binarystore-secret.yaml") . | sha256sum }} - checksum/systemyaml: {{ include (print $.Template.BasePath "/artifactory-system-yaml.yaml") . | sha256sum }} - {{- if .Values.access.accessConfig }} - checksum/access-config: {{ include (print $.Template.BasePath "/artifactory-access-config.yaml") . | sha256sum }} - {{- end }} - {{- if not (and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey) }} - checksum/admin-creds: {{ include (print $.Template.BasePath "/admin-bootstrap-creds.yaml") . | sha256sum }} - {{- end }} - {{- range $key, $value := .Values.artifactory.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} - spec: - {{- if .Values.artifactory.priorityClass.existingPriorityClass }} - priorityClassName: {{ .Values.artifactory.priorityClass.existingPriorityClass }} - {{- else -}} - {{- if .Values.artifactory.priorityClass.create }} - priorityClassName: {{ default (include "artifactory.fullname" .) .Values.artifactory.priorityClass.name }} - {{- end }} - {{- end }} - serviceAccountName: {{ template "artifactory.serviceAccountName" . }} - terminationGracePeriodSeconds: {{ .Values.artifactory.terminationGracePeriodSeconds }} - {{- if or .Values.imagePullSecrets .Values.global.imagePullSecrets }} -{{- include "artifactory.imagePullSecrets" . | indent 6 }} - {{- end }} - {{- if .Values.artifactory.setSecurityContext }} - securityContext: - runAsUser: {{ .Values.artifactory.uid }} - fsGroup: {{ .Values.artifactory.gid }} - {{- end }} - initContainers: - {{- if or .Values.artifactory.customInitContainersBegin .Values.global.customInitContainersBegin }} -{{ tpl (include "artifactory.customInitContainersBegin" .) . | indent 6 }} - {{- end }} - {{- if .Values.artifactory.persistence.enabled }} - {{- if .Values.artifactory.deleteDBPropertiesOnStartup }} - - name: "delete-db-properties" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} - resources: -{{ toYaml .Values.initContainers.resources | indent 10 }} - command: - - 'sh' - - '-c' - - 'rm -fv {{ .Values.artifactory.persistence.mountPath }}/etc/db.properties' - volumeMounts: - - name: artifactory-volume - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - {{- end }} - - name: "remove-lost-found" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} - resources: -{{ toYaml .Values.initContainers.resources | indent 10 }} - command: - - 'sh' - - '-c' - - 'rm -rfv {{ .Values.artifactory.persistence.mountPath }}/lost+found {{ .Values.artifactory.persistence.mountPath }}/data/.lock' - volumeMounts: - - name: artifactory-volume - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - {{- end }} - {{- if or (and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey) .Values.artifactory.admin.password }} - - name: "access-bootstrap-creds" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} - resources: -{{ toYaml .Values.initContainers.resources | indent 10 }} - command: - - 'sh' - - '-c' - - > - echo "Preparing {{ .Values.artifactory.persistence.mountPath }}/etc/access/bootstrap.creds"; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/access; - cp -Lrf /tmp/access/bootstrap.creds {{ .Values.artifactory.persistence.mountPath }}/etc/access/bootstrap.creds; - chmod 600 {{ .Values.artifactory.persistence.mountPath }}/etc/access/bootstrap.creds; - volumeMounts: - - name: artifactory-volume - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - - name: access-bootstrap-creds - mountPath: "/tmp/access/bootstrap.creds" - {{- if and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey }} - subPath: {{ .Values.artifactory.admin.dataKey }} - {{- else }} - subPath: bootstrap.creds - {{- end }} - {{- end }} - - name: 'copy-system-yaml' - image: '{{ .Values.initContainerImage }}' - resources: -{{ toYaml .Values.initContainers.resources | indent 10 }} - command: - - '/bin/sh' - - '-c' - - > - echo "Copy system.yaml to {{ .Values.artifactory.persistence.mountPath }}/etc"; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/access/keys/trusted; - {{- if .Values.systemYamlOverride.existingSecret }} - cp -fv /tmp/etc/{{ .Values.systemYamlOverride.dataKey }} {{ .Values.artifactory.persistence.mountPath }}/etc/system.yaml; - {{- else }} - cp -fv /tmp/etc/system.yaml {{ .Values.artifactory.persistence.mountPath }}/etc/system.yaml; - {{- end }} - echo "Remove {{ .Values.artifactory.persistence.mountPath }}/lost+found folder if exists"; - rm -rfv {{ .Values.artifactory.persistence.mountPath }}/lost+found; - {{- if .Values.access.accessConfig }} - echo "Copy access.config.patch.yml to {{ .Values.artifactory.persistence.mountPath }}/etc/access"; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/access; - cp -fv /tmp/etc/access.config.patch.yml {{ .Values.artifactory.persistence.mountPath }}/etc/access/access.config.patch.yml; - {{- end }} - {{- if .Values.access.resetAccessCAKeys }} - echo "Resetting Access CA Keys"; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys; - touch {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys/reset_ca_keys; - {{- end }} - {{- if .Values.access.customCertificatesSecretName }} - echo "Copying custom certificates to {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys"; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys; - cp -fv /tmp/etc/tls.crt {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys/ca.crt; - cp -fv /tmp/etc/tls.key {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys/ca.private.key; - {{- end }} - {{- if or .Values.artifactory.joinKey .Values.global.joinKey .Values.artifactory.joinKeySecretName .Values.global.joinKeySecretName }} - echo "Copy joinKey to {{ .Values.artifactory.persistence.mountPath }}/bootstrap/access/etc/security"; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/bootstrap/access/etc/security; - echo -n ${ARTIFACTORY_JOIN_KEY} > {{ .Values.artifactory.persistence.mountPath }}/bootstrap/access/etc/security/join.key; - {{- end }} - {{- if or .Values.artifactory.masterKey .Values.global.masterKey .Values.artifactory.masterKeySecretName .Values.global.masterKeySecretName }} - echo "Copy masterKey to {{ .Values.artifactory.persistence.mountPath }}/etc/security"; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/security; - echo -n ${ARTIFACTORY_MASTER_KEY} > {{ .Values.artifactory.persistence.mountPath }}/etc/security/master.key; - {{- end }} - env: - {{- if or .Values.artifactory.joinKey .Values.global.joinKey .Values.artifactory.joinKeySecretName .Values.global.joinKeySecretName }} - - name: ARTIFACTORY_JOIN_KEY - valueFrom: - secretKeyRef: - name: {{ include "artifactory.joinKeySecretName" . }} - key: join-key - {{- end }} - {{- if or .Values.artifactory.masterKey .Values.global.masterKey .Values.artifactory.masterKeySecretName .Values.global.masterKeySecretName }} - - name: ARTIFACTORY_MASTER_KEY - valueFrom: - secretKeyRef: - name: {{ include "artifactory.masterKeySecretName" . }} - key: master-key - {{- end }} - volumeMounts: - - name: artifactory-volume - mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} - {{- if or .Values.systemYamlOverride.existingSecret .Values.artifactory.systemYaml }} - - name: systemyaml - {{- if .Values.systemYamlOverride.existingSecret }} - mountPath: "/tmp/etc/{{.Values.systemYamlOverride.dataKey}}" - subPath: {{ .Values.systemYamlOverride.dataKey }} - {{- else if .Values.artifactory.systemYaml }} - mountPath: "/tmp/etc/system.yaml" - subPath: system.yaml - {{- end }} - {{- end }} - {{- if .Values.access.accessConfig }} - - name: access-config - mountPath: "/tmp/etc/access.config.patch.yml" - subPath: access.config.patch.yml - {{- end }} - {{- if .Values.access.customCertificatesSecretName }} - - name: access-certs - mountPath: "/tmp/etc/tls.crt" - subPath: tls.crt - - name: access-certs - mountPath: "/tmp/etc/tls.key" - subPath: tls.key - {{- end }} - {{- if and .Values.artifactory.customPersistentPodVolumeClaim (not .Values.artifactory.customPersistentPodVolumeClaim.skipPrepareContainer) }} - - name: "prepare-custom-persistent-volume" - image: "{{ .Values.initContainerImage }}" - resources: -{{ toYaml .Values.initContainers.resources | indent 10 }} - command: - - 'sh' - - '-c' - - > - echo "Setting ownership {{ .Values.artifactory.uid }}:{{ .Values.artifactory.gid }} on PVC {{ .Values.artifactory.customPersistentPodVolumeClaim.name }}" - chown -Rv {{ .Values.artifactory.uid }}:{{ .Values.artifactory.gid }} {{ .Values.artifactory.customPersistentPodVolumeClaim.mountPath }} - securityContext: - runAsUser: 0 - volumeMounts: - - name: {{ .Values.artifactory.customPersistentPodVolumeClaim.name }} - mountPath: {{ .Values.artifactory.customPersistentPodVolumeClaim.mountPath }} - {{- end }} - {{- if .Values.waitForDatabase }} - {{- if .Values.postgresql.enabled }} - - name: "wait-for-db" - image: "{{ .Values.initContainerImage }}" - resources: -{{ toYaml .Values.initContainers.resources | indent 10 }} - command: - - 'sh' - - '-c' - - > - until nc -z -w 2 {{ .Release.Name }}-postgresql {{ .Values.postgresql.service.port }} && echo database ok; do - sleep 2; - done; - {{- end }} - {{- end }} - {{- if or .Values.artifactory.customInitContainers .Values.global.customInitContainers }} -{{ tpl (include "artifactory.customInitContainers" .) . | indent 6 }} - {{- end }} -{{- if .Values.artifactory.migration.enabled }} - - name: 'migration-artifactory' - image: {{ include "artifactory.getImageInfoByValue" (list . "artifactory") }} - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} - securityContext: - allowPrivilegeEscalation: false - command: - - '/bin/bash' - - '-c' - - > - {{- if .Values.artifactory.migration.preStartCommand }} - echo "Running custom preStartCommand command"; - {{ tpl .Values.artifactory.migration.preStartCommand . }}; - {{- end }} - scriptsPath="/opt/jfrog/artifactory/app/bin"; - mkdir -p $scriptsPath; - echo "Copy migration scripts and Run migration"; - cp -fv /tmp/migrate.sh $scriptsPath/migrate.sh; - cp -fv /tmp/migrationHelmInfo.yaml $scriptsPath/migrationHelmInfo.yaml; - cp -fv /tmp/migrationStatus.sh $scriptsPath/migrationStatus.sh; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/log; - bash $scriptsPath/migrationStatus.sh {{ include "artifactory.app.version" . }} {{ .Values.artifactory.migration.timeoutSeconds }} > >(tee {{ .Values.artifactory.persistence.mountPath }}/log/helm-migration.log) 2>&1; - env: - {{- if and (not .Values.waitForDatabase) (not .Values.postgresql.enabled) }} - - name: SKIP_WAIT_FOR_EXTERNAL_DB - value: "true" - {{- end }} - {{- if or .Values.database.secrets.user .Values.database.user }} - - name: JF_SHARED_DATABASE_USERNAME - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.user }} - name: {{ tpl .Values.database.secrets.user.name . }} - key: {{ tpl .Values.database.secrets.user.key . }} - {{- else if .Values.database.user }} - name: {{ template "artifactory.fullname" . }}-database-creds - key: db-user - {{- end }} - {{- end }} - {{ if or .Values.database.secrets.password .Values.database.password .Values.postgresql.enabled }} - - name: JF_SHARED_DATABASE_PASSWORD - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.password }} - name: {{ tpl .Values.database.secrets.password.name . }} - key: {{ tpl .Values.database.secrets.password.key . }} - {{- else if .Values.database.password }} - name: {{ template "artifactory.fullname" . }}-database-creds - key: db-password - {{- else if .Values.postgresql.enabled }} - name: {{ .Release.Name }}-postgresql - key: postgresql-password - {{- end }} - {{- end }} - {{- if or .Values.database.secrets.url .Values.database.url }} - - name: JF_SHARED_DATABASE_URL - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.url }} - name: {{ tpl .Values.database.secrets.url.name . }} - key: {{ tpl .Values.database.secrets.url.key . }} - {{- else if .Values.database.url }} - name: {{ template "artifactory.fullname" . }}-database-creds - key: db-url - {{- end }} - {{- end }} -{{- with .Values.artifactory.extraEnvironmentVariables }} -{{ tpl (toYaml .) $ | indent 8 }} -{{- end }} - volumeMounts: - - name: migration-scripts - mountPath: "/tmp/migrate.sh" - subPath: migrate.sh - - name: migration-scripts - mountPath: "/tmp/migrationHelmInfo.yaml" - subPath: migrationHelmInfo.yaml - - name: migration-scripts - mountPath: "/tmp/migrationStatus.sh" - subPath: migrationStatus.sh - - name: artifactory-volume - mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} - {{- if eq .Values.artifactory.persistence.type "nfs" }} - - name: artifactory-data - mountPath: "{{ .Values.artifactory.persistence.nfs.dataDir }}" - - name: artifactory-backup - mountPath: "{{ .Values.artifactory.persistence.nfs.backupDir }}" - {{- else }} - - name: binarystore-xml - mountPath: "/artifactory_bootstrap/binarystore.xml" - subPath: binarystore.xml - {{- end }} - {{- if or .Values.artifactory.customVolumeMounts .Values.global.customVolumeMounts }} -{{ tpl (include "artifactory.customVolumeMounts" .) . | indent 8 }} - {{- end }} -{{- end }} - containers: - - name: {{ .Values.artifactory.name }} - image: {{ include "artifactory.getImageInfoByValue" (list . "artifactory") }} - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} - securityContext: - allowPrivilegeEscalation: false - command: - - '/bin/bash' - - '-c' - - > - set -e; - if [ -d /artifactory_extra_conf ] && [ -d /artifactory_bootstrap ]; then - echo "Copying bootstrap config from /artifactory_extra_conf to /artifactory_bootstrap"; - cp -Lrfv /artifactory_extra_conf/ /artifactory_bootstrap/; - fi; - {{- if .Values.artifactory.configMapName }} - echo "Copying bootstrap configs"; - cp -Lrf /bootstrap/* /artifactory_bootstrap/; - {{- end }} - {{- if .Values.artifactory.userPluginSecrets }} - echo "Copying plugins"; - cp -Lrf /tmp/plugin/*/* /artifactory_bootstrap/plugins; - {{- end }} - {{- range .Values.artifactory.copyOnEveryStartup }} - {{- $targetPath := printf "%s/%s" $.Values.artifactory.persistence.mountPath .target }} - {{- $baseDirectory := regexFind ".*/" $targetPath }} - mkdir -p {{ $baseDirectory }}; - cp -Lrf {{ .source }} {{ $.Values.artifactory.persistence.mountPath }}/{{ .target }}; - {{- end }} - {{- if .Values.artifactory.preStartCommand }} - echo "Running custom preStartCommand command"; - {{ tpl .Values.artifactory.preStartCommand . }}; - {{- end }} - exec /entrypoint-artifactory.sh - {{- with .Values.artifactory.postStartCommand }} - lifecycle: - postStart: - exec: - command: - - '/bin/bash' - - '-c' - - > - echo "Running custom postStartCommand command"; - {{ tpl . $ }} - {{- end }} - env: - {{- if and (not .Values.waitForDatabase) (not .Values.postgresql.enabled) }} - - name: SKIP_WAIT_FOR_EXTERNAL_DB - value: "true" - {{- end }} - {{- if or .Values.database.secrets.user .Values.database.user }} - - name: JF_SHARED_DATABASE_USERNAME - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.user }} - name: {{ tpl .Values.database.secrets.user.name . }} - key: {{ tpl .Values.database.secrets.user.key . }} - {{- else if .Values.database.user }} - name: {{ template "artifactory.fullname" . }}-database-creds - key: db-user - {{- end }} - {{- end }} - {{ if or .Values.database.secrets.password .Values.database.password .Values.postgresql.enabled }} - - name: JF_SHARED_DATABASE_PASSWORD - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.password }} - name: {{ tpl .Values.database.secrets.password.name . }} - key: {{ tpl .Values.database.secrets.password.key . }} - {{- else if .Values.database.password }} - name: {{ template "artifactory.fullname" . }}-database-creds - key: db-password - {{- else if .Values.postgresql.enabled }} - name: {{ .Release.Name }}-postgresql - key: postgresql-password - {{- end }} - {{- end }} - {{- if or .Values.database.secrets.url .Values.database.url }} - - name: JF_SHARED_DATABASE_URL - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.url }} - name: {{ tpl .Values.database.secrets.url.name . }} - key: {{ tpl .Values.database.secrets.url.key . }} - {{- else if .Values.database.url }} - name: {{ template "artifactory.fullname" . }}-database-creds - key: db-url - {{- end }} - {{- end }} -{{- with .Values.artifactory.extraEnvironmentVariables }} -{{ tpl (toYaml .) $ | indent 8 }} -{{- end }} - ports: - - containerPort: {{ .Values.artifactory.internalPort }} - name: http - - containerPort: {{ .Values.artifactory.internalArtifactoryPort }} - name: http-internal - {{- if .Values.artifactory.javaOpts.jmx.enabled }} - - containerPort: {{ .Values.artifactory.javaOpts.jmx.port }} - name: tcp-jmx - {{- end }} - {{- if .Values.artifactory.ssh.enabled }} - - containerPort: {{ .Values.artifactory.ssh.internalPort }} - name: tcp-ssh - {{- end }} - volumeMounts: - {{- if .Values.artifactory.userPluginSecrets }} - - name: bootstrap-plugins - mountPath: "/artifactory_bootstrap/plugins/" - {{- range .Values.artifactory.userPluginSecrets }} - - name: {{ tpl . $ }} - mountPath: "/tmp/plugin/{{ tpl . $ }}" - {{- end }} - {{- end }} - - name: artifactory-volume - mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} - {{- if .Values.artifactory.configMapName }} - - name: bootstrap-config - mountPath: "/bootstrap/" - {{- end }} - {{- if eq .Values.artifactory.persistence.type "nfs" }} - - name: artifactory-data - mountPath: "{{ .Values.artifactory.persistence.nfs.dataDir }}" - - name: artifactory-backup - mountPath: "{{ .Values.artifactory.persistence.nfs.backupDir }}" - {{- else }} - - name: binarystore-xml - mountPath: "/artifactory_bootstrap/binarystore.xml" - subPath: binarystore.xml - {{- end }} - {{- if or .Values.artifactory.license.secret .Values.artifactory.license.licenseKey }} - - name: artifactory-license - mountPath: "/artifactory_bootstrap/artifactory.lic" - {{- if .Values.artifactory.license.secret }} - subPath: {{ .Values.artifactory.license.dataKey }} - {{- else if .Values.artifactory.license.licenseKey }} - subPath: artifactory.lic - {{- end }} - {{- end }} - - name: installer-info - mountPath: "/artifactory_bootstrap/info/installer-info.json" - subPath: installer-info.json - {{- if or .Values.artifactory.customVolumeMounts .Values.global.customVolumeMounts }} -{{ tpl (include "artifactory.customVolumeMounts" .) . | indent 8 }} - {{- end }} - resources: -{{ toYaml .Values.artifactory.resources | indent 10 }} - {{- if .Values.artifactory.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: {{ .Values.artifactory.readinessProbe.path }} - scheme: {{ include "artifactory.scheme" . | upper }} - port: {{ .Values.artifactory.internalPort }} - initialDelaySeconds: {{ .Values.artifactory.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.artifactory.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.artifactory.readinessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.artifactory.readinessProbe.failureThreshold }} - successThreshold: {{ .Values.artifactory.readinessProbe.successThreshold }} - {{- end }} - {{- if .Values.artifactory.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: {{ .Values.artifactory.livenessProbe.path }} - scheme: {{ include "artifactory.scheme" . | upper }} - port: {{ .Values.artifactory.internalPort }} - initialDelaySeconds: {{ .Values.artifactory.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.artifactory.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.artifactory.livenessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.artifactory.livenessProbe.failureThreshold }} - successThreshold: {{ .Values.artifactory.livenessProbe.successThreshold }} - {{- end }} - {{- $mountPath := .Values.artifactory.persistence.mountPath }} - {{- range .Values.artifactory.loggers }} - - name: {{ . | replace "_" "-" | replace "." "-" }} - image: {{ include "artifactory.getImageInfoByValue" (list $ "logger") }} - command: - - 'sh' - - '-c' - - 'sh /scripts/tail-log.sh {{ $mountPath }}/log {{ . }}' - volumeMounts: - - name: artifactory-volume - mountPath: {{ $mountPath }} - - name: tail-logger-script - mountPath: /scripts/tail-log.sh - subPath: tail-log.sh - resources: -{{ toYaml $.Values.artifactory.loggersResources | indent 10 }} - {{- end }} - {{ if .Values.artifactory.catalinaLoggers }} - {{- range .Values.artifactory.catalinaLoggers }} - - name: {{ . | replace "_" "-" | replace "." "-" }} - image: {{ include "artifactory.getImageInfoByValue" (list $ "logger") }} - command: - - 'sh' - - '-c' - - 'sh /scripts/tail-log.sh {{ $mountPath }}/log/tomcat {{ . }}' - volumeMounts: - - name: artifactory-volume - mountPath: {{ $mountPath }} - - name: tail-logger-script - mountPath: /scripts/tail-log.sh - subPath: tail-log.sh - resources: -{{ toYaml $.Values.artifactory.catalinaLoggersResources | indent 10 }} - {{- end }} - {{- end }} - {{- if .Values.filebeat.enabled }} - - name: {{ .Values.filebeat.name }} - image: "{{ .Values.filebeat.image.repository }}:{{ .Values.filebeat.image.version }}" - imagePullPolicy: {{ .Values.filebeat.image.pullPolicy }} - args: - - "-e" - - "-E" - - "http.enabled=true" - securityContext: - runAsUser: 0 - volumeMounts: - - name: filebeat-config - mountPath: /usr/share/filebeat/filebeat.yml - readOnly: true - subPath: filebeat.yml - - name: artifactory-volume - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - livenessProbe: -{{ toYaml .Values.filebeat.livenessProbe | indent 10 }} - readinessProbe: -{{ toYaml .Values.filebeat.readinessProbe | indent 10 }} - resources: -{{ toYaml .Values.filebeat.resources | indent 10 }} - terminationGracePeriodSeconds: {{ .Values.terminationGracePeriod }} - {{- end }} - {{- if or .Values.artifactory.customSidecarContainers .Values.global.customSidecarContainers }} -{{ tpl (include "artifactory.customSidecarContainers" .) . | indent 6 }} - {{- end }} - {{- with .Values.artifactory.nodeSelector }} - nodeSelector: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.artifactory.affinity }} - affinity: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.artifactory.tolerations }} - tolerations: -{{ toYaml . | indent 8 }} - {{- end }} - volumes: - - name: binarystore-xml - secret: - {{- if .Values.artifactory.persistence.customBinarystoreXmlSecret }} - secretName: {{ .Values.artifactory.persistence.customBinarystoreXmlSecret }} - {{- else }} - secretName: {{ template "artifactory.fullname" . }}-binarystore - {{- end }} -{{- if .Values.artifactory.migration.enabled }} - - name: migration-scripts - configMap: - name: {{ template "artifactory.fullname" . }}-migration-scripts -{{- end }} - - name: installer-info - configMap: - name: {{ template "artifactory.fullname" . }}-installer-info - {{- if .Values.artifactory.userPluginSecrets }} - - name: bootstrap-plugins - emptyDir: {} - {{- range .Values.artifactory.userPluginSecrets }} - - name: {{ tpl . $ }} - secret: - secretName: {{ tpl . $ }} - {{- end }} - {{- end }} - {{- if and .Values.artifactory.persistence.enabled .Values.artifactory.persistence.existingClaim }} - - name: artifactory-volume - persistentVolumeClaim: - claimName: {{ .Values.artifactory.persistence.existingClaim }} - {{- end }} - {{- if .Values.artifactory.configMapName }} - - name: bootstrap-config - configMap: - name: {{ .Values.artifactory.configMapName }} - {{- end}} - {{- if or .Values.artifactory.loggers .Values.artifactory.catalinaLoggers }} - - name: tail-logger-script - configMap: - name: {{ template "artifactory.fullname" . }}-logger - {{- end }} - {{- if .Values.artifactory.configMaps }} - - name: artifactory-configmaps - configMap: - name: {{ template "artifactory.fullname" . }}-configmaps - {{- end }} - {{- if or .Values.artifactory.license.secret .Values.artifactory.license.licenseKey }} - - name: artifactory-license - secret: - {{- if .Values.artifactory.license.secret }} - secretName: {{ .Values.artifactory.license.secret }} - {{- else if .Values.artifactory.license.licenseKey }} - secretName: {{ template "artifactory.fullname" . }}-license - {{- end }} - {{- end }} - {{- if or (and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey) .Values.artifactory.admin.password }} - - name: access-bootstrap-creds - secret: - {{- if and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey }} - secretName: {{ .Values.artifactory.admin.secret }} - {{- else }} - secretName: {{ template "artifactory.fullname" . }}-bootstrap-creds - {{- end }} - {{- end }} - {{- if eq .Values.artifactory.persistence.type "nfs" }} - - name: artifactory-data - persistentVolumeClaim: - claimName: {{ template "artifactory.fullname" . }}-data-pvc - - name: artifactory-backup - persistentVolumeClaim: - claimName: {{ template "artifactory.fullname" . }}-backup-pvc - {{- end }} - {{- if not .Values.artifactory.persistence.enabled }} - - name: artifactory-volume - emptyDir: - sizeLimit: {{ .Values.artifactory.persistence.size }} - {{- end }} - {{- if or .Values.systemYamlOverride.existingSecret .Values.artifactory.systemYaml }} - - name: systemyaml - secret: - secretName: {{ default (printf "%s-%s" (include "artifactory.fullname" .) "systemyaml") .Values.systemYamlOverride.existingSecret }} - {{- end }} - {{- if .Values.access.accessConfig }} - - name: access-config - secret: - secretName: {{ template "artifactory.fullname" . }}-access-config - {{- end }} - {{- if .Values.access.customCertificatesSecretName }} - - name: access-certs - secret: - secretName: {{ .Values.access.customCertificatesSecretName }} - {{- end }} - {{- if .Values.artifactory.customPersistentVolumeClaim }} - - name: {{ .Values.artifactory.customPersistentVolumeClaim.name }} - persistentVolumeClaim: - claimName: {{ .Values.artifactory.customPersistentVolumeClaim.name }} - {{- end }} - {{- if .Values.filebeat.enabled }} - - name: filebeat-config - configMap: - name: {{ template "artifactory.name" . }}-filebeat-config - {{- end }} - {{- if or .Values.artifactory.customVolumes .Values.global.customVolumes }} -{{ tpl (include "artifactory.customVolumes" .) . | indent 6 }} - {{- end }} - {{- if not .Values.artifactory.persistence.enabled }} - - name: volume - emptyDir: - sizeLimit: {{ .Values.artifactory.persistence.size }} - {{- end }} -{{- with .Values.artifactory.persistence }} - {{- if and .enabled (not .existingClaim) }} - volumeClaimTemplates: - - metadata: - name: artifactory-volume - spec: - {{- if .storageClassName }} - {{- if (eq "-" .storageClassName) }} - storageClassName: "" - {{- else }} - storageClassName: "{{ .storageClassName }}" - {{- end }} - {{- end }} - accessModes: [ "{{ .accessMode }}" ] - resources: - requests: - storage: {{ .size }} - {{- end }} -{{- end }} - {{- if .Values.artifactory.customPersistentPodVolumeClaim }} - - metadata: - name: {{ .Values.artifactory.customPersistentPodVolumeClaim.name }} - spec: - {{- if .Values.artifactory.customPersistentPodVolumeClaim.storageClassName }} - {{- if (eq "-" .Values.artifactory.customPersistentPodVolumeClaim.storageClassName) }} - storageClassName: "" - {{- else }} - storageClassName: "{{ .Values.artifactory.customPersistentPodVolumeClaim.storageClassName }}" - {{- end }} - {{- end }} - accessModes: - {{- range .Values.artifactory.customPersistentPodVolumeClaim.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.artifactory.customPersistentPodVolumeClaim.size }} - {{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/artifactory-system-yaml.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/artifactory-system-yaml.yaml deleted file mode 100644 index f36879218..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/artifactory-system-yaml.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if not .Values.systemYamlOverride.existingSecret }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "artifactory.fullname" . }}-systemyaml - labels: - app: {{ template "artifactory.name" . }} - chart: {{ template "artifactory.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -type: Opaque -stringData: - system.yaml: | -{{ tpl .Values.artifactory.systemYaml . | indent 4 }} -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/filebeat-configmap.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/filebeat-configmap.yaml deleted file mode 100644 index 8ceb67c01..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/filebeat-configmap.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if .Values.filebeat.enabled }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "artifactory.name" . }}-filebeat-config - labels: - app: {{ template "artifactory.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version }} - heritage: {{ .Release.Service | quote }} - release: {{ .Release.Name | quote }} -data: - filebeat.yml: | -{{ tpl .Values.filebeat.filebeatYml . | indent 4 }} -{{- end -}} \ No newline at end of file diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/ingress.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/ingress.yaml deleted file mode 100644 index 6f6bc11d1..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/ingress.yaml +++ /dev/null @@ -1,107 +0,0 @@ -{{- if .Values.ingress.enabled -}} -{{- $serviceName := include "artifactory.fullname" . -}} -{{- $servicePort := .Values.artifactory.externalPort -}} -{{- $artifactoryServicePort := .Values.artifactory.externalArtifactoryPort -}} -{{- $ingressName := default ( include "artifactory.fullname" . ) .Values.ingress.name -}} -{{- if semverCompare ">=v1.14.0-0" .Capabilities.KubeVersion.GitVersion }} -apiVersion: networking.k8s.io/v1beta1 -{{- else }} -apiVersion: extensions/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: {{ $ingressName }} - labels: - app: {{ template "artifactory.name" . }} - chart: {{ template "artifactory.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -{{- if .Values.ingress.labels }} -{{ .Values.ingress.labels | toYaml | trimSuffix "\n"| indent 4 -}} -{{- end}} -{{- if .Values.ingress.annotations }} - annotations: -{{ .Values.ingress.annotations | toYaml | trimSuffix "\n" | indent 4 -}} -{{- end }} -spec: - {{- if .Values.ingress.defaultBackend.enabled }} - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end }} - rules: -{{- if .Values.ingress.hosts }} - {{- range $host := .Values.ingress.hosts }} - - host: {{ $host | quote }} - http: - paths: - - path: {{ $.Values.ingress.routerPath }} - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - - path: {{ $.Values.ingress.artifactoryPath }} - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $artifactoryServicePort }} - {{- end -}} -{{- end -}} - {{- with .Values.ingress.additionalRules }} -{{ tpl . $ | indent 2 }} - {{- end }} - - {{- if .Values.ingress.tls }} - tls: -{{ toYaml .Values.ingress.tls | indent 4 }} - {{- end -}} -{{- if .Values.artifactory.replicator.enabled }} ---- -{{- $replicatorIngressName := default ( include "artifactory.replicator.fullname" . ) .Values.artifactory.replicator.ingress.name -}} - {{- if semverCompare ">=v1.14.0-0" .Capabilities.KubeVersion.GitVersion }} -apiVersion: networking.k8s.io/v1beta1 - {{- else }} -apiVersion: extensions/v1beta1 - {{- end }} -kind: Ingress -metadata: - name: {{ $replicatorIngressName }} - labels: - app: "{{ template "artifactory.name" $ }}" - chart: "{{ template "artifactory.chart" $ }}" - release: {{ $.Release.Name | quote }} - heritage: {{ $.Release.Service | quote }} - {{- if .Values.artifactory.replicator.ingress.annotations }} - annotations: -{{ .Values.artifactory.replicator.ingress.annotations | toYaml | trimSuffix "\n" | indent 4 -}} - {{- end }} -spec: - {{- if .Values.ingress.defaultBackend.enabled }} - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end }} - rules: -{{- if .Values.artifactory.replicator.ingress.hosts }} - {{- range $host := .Values.artifactory.replicator.ingress.hosts }} - - host: {{ $host | quote }} - http: - paths: - - path: /replicator/ - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - - path: /artifactory/api/replication/replicate/file/streaming - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end -}} -{{- end -}} - {{- if .Values.artifactory.replicator.ingress.tls }} - tls: -{{ toYaml .Values.artifactory.replicator.ingress.tls | indent 4 }} - {{- end -}} -{{- end -}} -{{- if .Values.customIngress }} ---- -{{ .Values.customIngress | toYaml | trimSuffix "\n" }} -{{- end -}} -{{- end -}} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/logger-configmap.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/logger-configmap.yaml deleted file mode 100644 index f53f35e48..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/logger-configmap.yaml +++ /dev/null @@ -1,63 +0,0 @@ -{{- if or .Values.artifactory.loggers .Values.artifactory.catalinaLoggers }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "artifactory.fullname" . }}-logger - labels: - app: {{ template "artifactory.name" . }} - chart: {{ template "artifactory.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - tail-log.sh: | - #!/bin/sh - - LOG_DIR=$1 - LOG_NAME=$2 - PID= - - # Wait for log dir to appear - while [ ! -d ${LOG_DIR} ]; do - sleep 1 - done - - cd ${LOG_DIR} - - LOG_PREFIX=$(echo ${LOG_NAME} | sed 's/.log$//g') - - # Find the log to tail - LOG_FILE=$(ls -1t ./${LOG_PREFIX}*.log 2>/dev/null | head -1) - - # Wait for the log file - while [ -z "${LOG_FILE}" ]; do - sleep 1 - LOG_FILE=$(ls -1t ./${LOG_PREFIX}*.log 2>/dev/null | head -1) - done - - echo "Log file ${LOG_FILE} is ready!" - - # Get inode number - INODE_ID=$(ls -i ${LOG_FILE}) - - # echo "Tailing ${LOG_FILE}" - tail -F ${LOG_FILE} & - PID=$! - - # Loop forever to see if a new log was created - while true; do - # Check inode number - NEW_INODE_ID=$(ls -i ${LOG_FILE}) - - # If inode number changed, this means log was rotated and need to start a new tail - if [ "${INODE_ID}" != "${NEW_INODE_ID}" ]; then - kill -9 ${PID} 2>/dev/null - INODE_ID="${NEW_INODE_ID}" - - # Start a new tail - tail -F ${LOG_FILE} & - PID=$! - fi - sleep 1 - done - -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/nginx-artifactory-conf.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/nginx-artifactory-conf.yaml deleted file mode 100644 index bd2ebea96..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/nginx-artifactory-conf.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if and (not .Values.nginx.customArtifactoryConfigMap) .Values.nginx.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "artifactory.fullname" . }}-nginx-artifactory-conf - labels: - app: {{ template "artifactory.name" . }} - chart: {{ template "artifactory.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - artifactory.conf: | -{{ tpl .Values.nginx.artifactoryConf . | indent 4 }} -{{- end }} \ No newline at end of file diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/nginx-certificate-secret.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/nginx-certificate-secret.yaml deleted file mode 100644 index 8d6862903..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/nginx-certificate-secret.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if and (not .Values.nginx.tlsSecretName) .Values.nginx.https.enabled }} -apiVersion: v1 -kind: Secret -type: kubernetes.io/tls -metadata: - name: {{ template "artifactory.fullname" . }}-nginx-certificate - labels: - app: {{ template "artifactory.name" . }} - chart: {{ template "artifactory.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: -{{ ( include "artifactory.gen-certs" . ) | indent 2 }} -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/nginx-conf.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/nginx-conf.yaml deleted file mode 100644 index 851eae247..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/nginx-conf.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if and (not .Values.nginx.customConfigMap) .Values.nginx.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "artifactory.fullname" . }}-nginx-conf - labels: - app: {{ template "artifactory.name" . }} - chart: {{ template "artifactory.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - nginx.conf: | -{{ tpl .Values.nginx.mainConf . | indent 4 }} -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/nginx-deployment.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/nginx-deployment.yaml deleted file mode 100644 index bc53f535b..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/nginx-deployment.yaml +++ /dev/null @@ -1,203 +0,0 @@ -{{- if .Values.nginx.enabled -}} -{{- $serviceName := include "artifactory.fullname" . -}} -{{- $servicePort := .Values.artifactory.externalPort -}} -apiVersion: apps/v1 -kind: {{ .Values.nginx.kind }} -metadata: - name: {{ template "artifactory.nginx.fullname" . }} - labels: - app: {{ template "artifactory.name" . }} - chart: {{ template "artifactory.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - component: {{ .Values.nginx.name }} -{{- if .Values.nginx.labels }} -{{ toYaml .Values.nginx.labels | indent 4 }} -{{- end }} -spec: -{{- if eq .Values.nginx.kind "StatefulSet" }} - serviceName: {{ template "artifactory.nginx.fullname" . }} -{{- end }} -{{- if ne .Values.nginx.kind "DaemonSet" }} - replicas: {{ .Values.nginx.replicaCount }} -{{- end }} - selector: - matchLabels: - app: {{ template "artifactory.name" . }} - release: {{ .Release.Name }} - component: {{ .Values.nginx.name }} - template: - metadata: - annotations: - checksum/nginx-conf: {{ include (print $.Template.BasePath "/nginx-conf.yaml") . | sha256sum }} - checksum/nginx-artifactory-conf: {{ include (print $.Template.BasePath "/nginx-artifactory-conf.yaml") . | sha256sum }} - labels: - app: {{ template "artifactory.name" . }} - chart: {{ template "artifactory.chart" . }} - component: {{ .Values.nginx.name }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - serviceAccountName: {{ template "artifactory.serviceAccountName" . }} - {{- if or .Values.imagePullSecrets .Values.global.imagePullSecrets }} -{{- include "artifactory.imagePullSecrets" . | indent 6 }} - {{- end }} - {{- if .Values.nginx.priorityClassName }} - priorityClassName: {{ .Values.nginx.priorityClassName | quote }} - {{- end }} - initContainers: - - name: "setup" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: {{ .Values.nginx.image.pullPolicy }} - command: - - '/bin/sh' - - '-c' - - > - rm -rfv {{ .Values.nginx.persistence.mountPath }}/lost+found; - mkdir -p {{ .Values.nginx.persistence.mountPath }}/logs; - volumeMounts: - - mountPath: {{ .Values.nginx.persistence.mountPath | quote }} - name: nginx-volume - securityContext: - runAsUser: {{ .Values.nginx.uid }} - fsGroup: {{ .Values.nginx.gid }} - containers: - - name: {{ .Values.nginx.name }} - image: {{ include "artifactory.getImageInfoByValue" (list . "nginx") }} - imagePullPolicy: {{ .Values.nginx.image.pullPolicy }} - command: - - 'nginx' - - '-g' - - 'daemon off;' - ports: - # DEPRECATION NOTE: The following is to maintain support for values pre 1.3.1 and - # will be cleaned up in a later version - {{- if .Values.nginx.http }} - {{- if .Values.nginx.http.enabled }} - - containerPort: {{ .Values.nginx.http.internalPort }} - name: http - {{- end }} - {{- else }} # DEPRECATED - - containerPort: {{ .Values.nginx.internalPortHttp }} - name: http-internal - {{- end }} - {{- if .Values.nginx.https }} - {{- if .Values.nginx.https.enabled }} - - containerPort: {{ .Values.nginx.https.internalPort }} - name: https - {{- end }} - {{- else }} # DEPRECATED - - containerPort: {{ .Values.nginx.internalPortHttps }} - name: https-internal - {{- end }} - {{- if .Values.artifactory.ssh.enabled }} - - containerPort: {{ .Values.nginx.ssh.internalPort }} - name: tcp-ssh - {{- end }} - volumeMounts: - - name: nginx-conf - mountPath: /etc/nginx/nginx.conf - subPath: nginx.conf - - name: nginx-artifactory-conf - mountPath: "{{ .Values.nginx.persistence.mountPath }}/conf.d/" - - name: nginx-volume - mountPath: {{ .Values.nginx.persistence.mountPath | quote }} - {{- if .Values.nginx.https.enabled }} - - name: ssl-certificates - mountPath: "{{ .Values.nginx.persistence.mountPath }}/ssl" - {{- end }} - resources: -{{ toYaml .Values.nginx.resources | indent 10 }} - {{- if .Values.nginx.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: {{ .Values.nginx.readinessProbe.path }} - {{- if .Values.nginx.http.enabled }} - port: {{ .Values.nginx.http.internalPort }} - scheme: HTTP - {{- else }} - port: {{ .Values.nginx.https.internalPort }} - scheme: HTTPS - {{- end }} - initialDelaySeconds: {{ .Values.nginx.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.nginx.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.nginx.readinessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.nginx.readinessProbe.failureThreshold }} - successThreshold: {{ .Values.nginx.readinessProbe.successThreshold }} - {{- end }} - {{- if .Values.nginx.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: {{ .Values.nginx.livenessProbe.path }} - {{- if .Values.nginx.http.enabled }} - port: {{ .Values.nginx.http.internalPort }} - scheme: HTTP - {{- else }} - port: {{ .Values.nginx.https.internalPort }} - scheme: HTTPS - {{- end }} - initialDelaySeconds: {{ .Values.nginx.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.nginx.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.nginx.livenessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.nginx.livenessProbe.failureThreshold }} - successThreshold: {{ .Values.nginx.livenessProbe.successThreshold }} - {{- end }} - {{- $mountPath := .Values.nginx.persistence.mountPath }} - {{- range .Values.nginx.loggers }} - - name: {{ . | replace "_" "-" | replace "." "-" }} - image: {{ include "artifactory.getImageInfoByValue" (list $ "logger") }} - command: - - tail - args: - - '-F' - - '{{ $mountPath }}/logs/{{ . }}' - volumeMounts: - - name: nginx-volume - mountPath: {{ $mountPath }} - resources: -{{ toYaml $.Values.nginx.loggersResources | indent 10 }} - {{- end }} - {{- with .Values.nginx.nodeSelector }} - nodeSelector: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.nginx.affinity }} - affinity: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.nginx.tolerations }} - tolerations: -{{ toYaml . | indent 8 }} - {{- end }} - volumes: - - name: nginx-conf - configMap: - {{- if .Values.nginx.customConfigMap }} - name: {{ .Values.nginx.customConfigMap }} - {{- else }} - name: {{ template "artifactory.fullname" . }}-nginx-conf - {{- end }} - - name: nginx-artifactory-conf - configMap: - {{- if .Values.nginx.customArtifactoryConfigMap }} - name: {{ .Values.nginx.customArtifactoryConfigMap }} - {{- else }} - name: {{ template "artifactory.fullname" . }}-nginx-artifactory-conf - {{- end }} - - name: nginx-volume - {{- if .Values.nginx.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ .Values.nginx.persistence.existingClaim | default (include "artifactory.nginx.fullname" .) }} - {{- else }} - emptyDir: {} - {{- end }} - {{- if .Values.nginx.https.enabled }} - - name: ssl-certificates - secret: - {{- if .Values.nginx.tlsSecretName }} - secretName: {{ .Values.nginx.tlsSecretName }} - {{- else }} - secretName: {{ template "artifactory.fullname" . }}-nginx-certificate - {{- end }} - {{- end }} -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/nginx-pvc.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/nginx-pvc.yaml deleted file mode 100644 index 3394a0ade..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/nginx-pvc.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if and .Values.nginx.persistence.enabled (.Values.nginx.enabled ) }} -{{- if (not .Values.nginx.persistence.existingClaim) }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ template "artifactory.nginx.fullname" . }} - labels: - app: {{ template "artifactory.name" . }} - chart: {{ template "artifactory.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - accessModes: - - {{ .Values.nginx.persistence.accessMode | quote }} - resources: - requests: - storage: {{ .Values.nginx.persistence.size | quote }} -{{- if .Values.nginx.persistence.storageClassName }} -{{- if (eq "-" .Values.nginx.persistence.storageClassName) }} - storageClassName: "" -{{- else }} - storageClassName: "{{ .Values.nginx.persistence.storageClassName }}" -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/nginx-service.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/nginx-service.yaml deleted file mode 100644 index 7f4c8fb66..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/templates/nginx-service.yaml +++ /dev/null @@ -1,73 +0,0 @@ -{{- if .Values.nginx.enabled -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "artifactory.nginx.fullname" . }} - labels: - app: {{ template "artifactory.name" . }} - chart: {{ template "artifactory.chart" . }} - component: {{ .Values.nginx.name }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -{{- if .Values.nginx.service.annotations }} - annotations: -{{ toYaml .Values.nginx.service.annotations | indent 4 }} -{{- end }} -spec: - type: {{ .Values.nginx.service.type }} -{{- if eq .Values.nginx.service.type "LoadBalancer" }} - {{ if .Values.nginx.service.loadBalancerIP -}} - loadBalancerIP: {{ .Values.nginx.service.loadBalancerIP }} - {{ end -}} - {{- if .Values.nginx.service.externalTrafficPolicy }} - externalTrafficPolicy: {{ .Values.nginx.service.externalTrafficPolicy }} - {{- end }} -{{- end }} -{{- if .Values.nginx.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml .Values.nginx.service.loadBalancerSourceRanges | indent 4 }} -{{- end }} - ports: - # DEPRECATION NOTE: The following is to maintain support for values pre 1.3.0 and - # will be cleaned up in a later version - {{- if .Values.nginx.http }} - {{- if .Values.nginx.http.enabled }} - - port: {{ .Values.nginx.http.externalPort }} - targetPort: {{ .Values.nginx.http.internalPort }} - protocol: TCP - name: http - {{- end }} - {{- else }} # DEPRECATED - - port: {{ .Values.nginx.externalPortHttp }} - targetPort: {{ .Values.nginx.internalPortHttp }} - protocol: TCP - name: http - {{- end }} - {{- if .Values.nginx.https }} - {{- if or .Values.nginx.https.enabled .Values.nginx.service.ssloffload }} - - port: {{ .Values.nginx.https.externalPort }} - {{- if .Values.nginx.service.ssloffload }} - targetPort: {{ .Values.nginx.http.internalPort }} - {{- else }} - targetPort: {{ .Values.nginx.https.internalPort}} - {{- end }} - protocol: TCP - name: https - {{- end }} - {{- else }} # DEPRECATED - - port: {{ .Values.nginx.externalPortHttps }} - targetPort: {{ .Values.nginx.internalPortHttps }} - protocol: TCP - name: https - {{- end }} - {{- if .Values.artifactory.ssh.enabled }} - - port: {{ .Values.nginx.ssh.externalPort }} - targetPort: {{ .Values.nginx.ssh.internalPort }} - protocol: TCP - name: tcp-ssh - {{- end }} - selector: - app: {{ template "artifactory.name" . }} - component: {{ .Values.nginx.name }} - release: {{ .Release.Name }} -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/values-large.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/values-large.yaml deleted file mode 100644 index 6399c5b8a..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/values-large.yaml +++ /dev/null @@ -1,11 +0,0 @@ -artifactory: - resources: - requests: - memory: "6Gi" - cpu: "4" - limits: - memory: "10Gi" - cpu: "8" - javaOpts: - xms: "6g" - xmx: "8g" diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/values-medium.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/values-medium.yaml deleted file mode 100644 index 44aff82de..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/values-medium.yaml +++ /dev/null @@ -1,11 +0,0 @@ -artifactory: - resources: - requests: - memory: "4Gi" - cpu: "2" - limits: - memory: "8Gi" - cpu: "6" - javaOpts: - xms: "4g" - xmx: "6g" diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/values-small.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/values-small.yaml deleted file mode 100644 index 04368ae15..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/values-small.yaml +++ /dev/null @@ -1,11 +0,0 @@ -artifactory: - resources: - requests: - memory: "4Gi" - cpu: "2" - limits: - memory: "6Gi" - cpu: "4" - javaOpts: - xms: "4g" - xmx: "4g" diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/values.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/values.yaml deleted file mode 100644 index dcbf72fdb..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/charts/artifactory/values.yaml +++ /dev/null @@ -1,1376 +0,0 @@ -# Default values for artifactory. -# This is a YAML-formatted file. - -# Beware when changing values here. You should know what you are doing! -# Access the values with {{ .Values.key.subkey }} - - -global: - # imageRegistry: docker.bintray.io - # imagePullSecrets: - # - myRegistryKeySecretName - ## Chart.AppVersion can be overidden using global.versions.artifactory or .Values.artifactory.image.tag - ## Note: Order of preference is 1) global.versions 2) .Values.artifactory.image.tag 3) Chart.AppVersion - ## This applies also for nginx images (.Values.nginx.image.tag) - versions: {} - # artifactory: - # joinKey: - # masterKey: - # joinKeySecretName: - # masterKeySecretName: - # customInitContainersBegin: | - - # customInitContainers: | - - # customVolumes: | - - # customVolumeMounts: | - - # customSidecarContainers: | - - -initContainerImage: docker.bintray.io/alpine:3.12.1 - -# Init containers -initContainers: - resources: {} -# requests: -# memory: "64Mi" -# cpu: "10m" -# limits: -# memory: "128Mi" -# cpu: "250m" - -installer: - type: - platform: - -installerInfo: '{"productId": "Helm_artifactory/{{ .Chart.Version }}", "features": [ { "featureId": "Platform/{{ default "kubernetes" .Values.installer.platform }}"}]}' - -# For supporting pulling from private registries -# imagePullSecrets: -# - myRegistryKeySecretName - -## Artifactory systemYaml override -## This is for advanced usecases where users wants to provide their own systemYaml for configuring artifactory -## Refer: https://www.jfrog.com/confluence/display/JFROG/Artifactory+System+YAML -## Note: This will override existing (default) .Values.artifactory.systemYaml in values.yaml -## Alternatively, systemYaml can be overidden via customInitContainers using external sources like vaults, external repositories etc. Please refer customInitContainer section below for an example. -## Note: Order of preference is 1) customInitContainers 2) systemYamlOverride existingSecret 3) default systemYaml in values.yaml -systemYamlOverride: -## You can use a pre-existing secret by specifying existingSecret - existingSecret: -## The dataKey should be the name of the secret data key created. - dataKey: - -## Role Based Access Control -## Ref: https://kubernetes.io/docs/admin/authorization/rbac/ -rbac: - create: true - role: - ## Rules to create. It follows the role specification - rules: - - apiGroups: - - '' - resources: - - services - - endpoints - - pods - verbs: - - get - - watch - - list - -## Service Account -## Ref: https://kubernetes.io/docs/admin/service-accounts-admin/ -## -serviceAccount: - create: true - ## The name of the ServiceAccount to use. - ## If not set and create is true, a name is generated using the fullname template - name: - ## Service Account annotations - annotations: {} - -ingress: - enabled: false - defaultBackend: - enabled: true - # Used to create an Ingress record. - hosts: [] - routerPath: / - artifactoryPath: /artifactory/ - annotations: {} - # kubernetes.io/ingress.class: nginx - # nginx.ingress.kubernetes.io/configuration-snippet: | - # proxy_pass_header Server; - # proxy_set_header X-JFrog-Override-Base-Url https://; - # kubernetes.io/tls-acme: "true" - # nginx.ingress.kubernetes.io/proxy-body-size: "0" - labels: {} - # traffic-type: external - # traffic-type: internal - tls: [] - # Secrets must be manually created in the namespace. - # - secretName: chart-example-tls - # hosts: - # - artifactory.domain.example - - # Additional ingress rules - additionalRules: [] - -## Allows to add custom ingress -customIngress: | - -networkpolicy: - # Allows all ingress and egress - - name: artifactory - podSelector: - matchLabels: - app: artifactory - egress: - - {} - ingress: - - {} - # Uncomment to allow only artifactory pods to communicate with postgresql (if postgresql.enabled is true) - # - name: postgresql - # podSelector: - # matchLabels: - # app: postgresql - # ingress: - # - from: - # - podSelector: - # matchLabels: - # app: artifactory - -logger: - image: - registry: docker.bintray.io - repository: busybox - tag: 1.31.1 - -# Artifactory -artifactory: - name: artifactory - # Note that by default we use appVersion to get image tag/version - image: - registry: docker.bintray.io - repository: jfrog/artifactory-pro - # tag: - pullPolicy: IfNotPresent - labels: {} - - # Create a priority class for the Artifactory pod or use an existing one - # NOTE - Maximum allowed value of a user defined priority is 1000000000 - priorityClass: - create: false - value: 1000000000 - ## Override default name - # name: - ## Use an existing priority class - # existingPriorityClass: - - # Delete the db.properties file in ARTIFACTORY_HOME/etc/db.properties - deleteDBPropertiesOnStartup: true - - database: - maxOpenConnections: 80 - tomcat: - connector: - maxThreads: 200 - extraConfig: 'acceptCount="100"' - - # Support for open metrics is only available for Artifactory 7.7.x (appVersions) and above. - # To enable set `.Values.artifactory.openMetrics.enabled` to `true` - # Refer - https://www.jfrog.com/confluence/display/JFROG/Open+Metrics - openMetrics: - enabled: false - - # Files to copy to ARTIFACTORY_HOME/ on each Artifactory startup - copyOnEveryStartup: - # # Absolute path - # - source: /artifactory_bootstrap/binarystore.xml - # # Relative to ARTIFACTORY_HOME/ - # target: etc/artifactory/ - # # Absolute path - # - source: /artifactory_bootstrap/artifactory.lic - # # Relative to ARTIFACTORY_HOME/ - # target: etc/artifactory/ - - # Sidecar containers for tailing Artifactory logs - loggers: [] - # - access-audit.log - # - access-request.log - # - access-security-audit.log - # - access-service.log - # - artifactory-access.log - # - artifactory-event.log - # - artifactory-import-export.log - # - artifactory-request.log - # - artifactory-service.log - # - frontend-request.log - # - frontend-service.log - # - metadata-request.log - # - metadata-service.log - # - router-request.log - # - router-service.log - # - router-traefik.log - # - derby.log - - # Loggers containers resources - loggersResources: {} - # requests: - # memory: "10Mi" - # cpu: "10m" - # limits: - # memory: "100Mi" - # cpu: "50m" - - # Sidecar containers for tailing Tomcat (catalina) logs - catalinaLoggers: [] - # - tomcat-catalina.log - # - tomcat-localhost.log - - # Tomcat (catalina) loggers resources - catalinaLoggersResources: {} - # requests: - # memory: "10Mi" - # cpu: "10m" - # limits: - # memory: "100Mi" - # cpu: "50m" - - # Migration support from 6.x to 7.x - migration: - enabled: true - timeoutSeconds: 3600 - ## Extra pre-start command in migration Init Container to install JDBC driver for MySql/MariaDb/Oracle - # preStartCommand: "mkdir -p /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib; cd /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib && wget -O /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib/mysql-connector-java-5.1.41.jar https://jcenter.bintray.com/mysql/mysql-connector-java/5.1.41/mysql-connector-java-5.1.41.jar" - - ## Add custom init containers execution before predefined init containers - customInitContainersBegin: | - # - name: "custom-setup" - # image: "{{ .Values.initContainerImage }}" - # imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" - # command: - # - 'sh' - # - '-c' - # - 'touch {{ .Values.artifactory.persistence.mountPath }}/example-custom-setup' - # volumeMounts: - # - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - # name: artifactory-volume - - ## Add custom init containers execution after predefined init containers - customInitContainers: | - # - name: "custom-systemyaml-setup" - # image: "{{ .Values.initContainerImage }}" - # imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" - # command: - # - 'sh' - # - '-c' - # - 'wget -O {{ .Values.artifactory.persistence.mountPath }}/etc/system.yaml https:///systemyaml' - # volumeMounts: - # - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - # name: artifactory-volume - - ## Add custom sidecar containers - # - The provided example uses a custom volume (customVolumes) - # - The provided example shows running container as root (id 0) - customSidecarContainers: | - # - name: "sidecar-list-etc" - # image: "{{ .Values.initContainerImage }}" - # imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" - # securityContext: - # runAsUser: 0 - # fsGroup: 0 - # command: - # - 'sh' - # - '-c' - # - 'sh /scripts/script.sh' - # volumeMounts: - # - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - # name: artifactory-volume - # - mountPath: "/scripts/script.sh" - # name: custom-script - # subPath: script.sh - # resources: - # requests: - # memory: "32Mi" - # cpu: "50m" - # limits: - # memory: "128Mi" - # cpu: "100m" - - ## Add custom volumes - customVolumes: | - # - name: custom-script - # configMap: - # name: custom-script - - ## Add custom volumesMounts - customVolumeMounts: | - # - name: custom-script - # mountPath: "/scripts/script.sh" - # subPath: script.sh - # - name: posthook-start - # mountPath: "/scripts/posthoook-start.sh" - # subPath: posthoook-start.sh - # - name: prehook-start - # mountPath: "/scripts/prehook-start.sh" - # subPath: prehook-start.sh - - # Add custom persistent volume mounts - Available for the pod - # If skipPrepareContainer is set to true , this will skip the prepare-custom-persistent-volume init container - customPersistentPodVolumeClaim: {} - # name: - # mountPath: - # accessModes: - # - "-" - # size: - # storageClassName: - # skipPrepareContainer: false - - # Add custom persistent volume mounts - Available to the entire namespace - customPersistentVolumeClaim: {} - # name: - # mountPath: - # accessModes: - # - "-" - # size: - # storageClassName: - - ## Artifactory license. - license: - ## licenseKey is the license key in plain text. Use either this or the license.secret setting - licenseKey: - ## If artifactory.license.secret is passed, it will be mounted as - ## ARTIFACTORY_HOME/etc/artifactory.lic and loaded at run time. - secret: - ## The dataKey should be the name of the secret data key created. - dataKey: - - ## Create configMap with artifactory.config.import.xml and security.import.xml and pass name of configMap in following parameter - configMapName: - - # Add any list of configmaps to Artifactory - configMaps: | - # posthook-start.sh: |- - # echo "This is a post start script" - # posthook-end.sh: |- - # echo "This is a post end script" - - ## List of secrets for Artifactory user plugins. - ## One Secret per plugin's files. - userPluginSecrets: - # - archive-old-artifacts - # - build-cleanup - # - webhook - # - '{{ template "my-chart.fullname" . }}' - - ## Artifactory requires a unique master key. - ## You can generate one with the command: "openssl rand -hex 32" - ## An initial one is auto generated by Artifactory on first startup. - # masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF - ## Alternatively, you can use a pre-existing secret with a key called master-key by specifying masterKeySecretName - # masterKeySecretName: - - ## Join Key to connect other services to Artifactory - ## IMPORTANT: Setting this value overrides the existing joinKey - ## IMPORTANT: You should NOT use the example joinKey for a production deployment! - # joinKey: EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE - ## Alternatively, you can use a pre-existing secret with a key called join-key by specifying joinKeySecretName - # joinKeySecretName: - - # Add custom secrets - secret per file - customSecrets: - # - name: custom-secret - # key: custom-secret.yaml - # data: > - # custom_secret_config: - # parameter1: value1 - # parameter2: value2 - # - name: custom-secret2 - # key: custom-secret2.config - # data: | - # here the custom secret 2 config - - ## If false, all service console logs will not redirect to a common console.log - consoleLog: false - - binarystore: - enabled: true - - ## admin allows to set the password for the default admin user. - ## See: https://www.jfrog.com/confluence/display/JFROG/Users+and+Groups#UsersandGroups-RecreatingtheDefaultAdminUserrecreate - admin: - ip: "127.0.0.1" - username: "admin" - password: - secret: - dataKey: - - ## Extra pre-start command to install JDBC driver for MySql/MariaDb/Oracle - # preStartCommand: "mkdir -p /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib; cd /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib && wget -O /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib/mysql-connector-java-5.1.41.jar https://jcenter.bintray.com/mysql/mysql-connector-java/5.1.41/mysql-connector-java-5.1.41.jar" - ## Extra post-start command to run extra commands after container starts - # postStartCommand: - - ## Extra environment variables that can be used to tune Artifactory to your needs. - ## Uncomment and set value as needed - extraEnvironmentVariables: - # - name: SERVER_XML_ARTIFACTORY_PORT - # value: "8081" - # - name: SERVER_XML_ARTIFACTORY_MAX_THREADS - # value: "200" - # - name: SERVER_XML_ACCESS_MAX_THREADS - # value: "50" - # - name: SERVER_XML_ARTIFACTORY_EXTRA_CONFIG - # value: "" - # - name: SERVER_XML_ACCESS_EXTRA_CONFIG - # value: "" - # - name: SERVER_XML_EXTRA_CONNECTOR - # value: "" - # - name: DB_POOL_MAX_ACTIVE - # value: "100" - # - name: DB_POOL_MAX_IDLE - # value: "10" - # - name: MY_SECRET_ENV_VAR - # valueFrom: - # secretKeyRef: - # name: my-secret-name - # key: my-secret-key - - systemYaml: | - shared: - logging: - consoleLog: - enabled: {{ .Values.artifactory.consoleLog }} - extraJavaOpts: > - -Dartifactory.access.client.max.connections={{ .Values.access.tomcat.connector.maxThreads }} - {{- with .Values.artifactory.javaOpts }} - -Dartifactory.async.corePoolSize={{ .corePoolSize }} - {{- if .xms }} - -Xms{{ .xms }} - {{- end }} - {{- if .xmx }} - -Xmx{{ .xmx }} - {{- end }} - {{- if .jmx.enabled }} - -Dcom.sun.management.jmxremote - -Dcom.sun.management.jmxremote.port={{ .jmx.port }} - -Dcom.sun.management.jmxremote.rmi.port={{ .jmx.port }} - -Dcom.sun.management.jmxremote.ssl={{ .jmx.ssl }} - {{- if .jmx.host }} - -Djava.rmi.server.hostname={{ tpl .jmx.host $ }} - {{- else }} - -Djava.rmi.server.hostname={{ template "artifactory.fullname" $ }} - {{- end }} - {{- if .jmx.authenticate }} - -Dcom.sun.management.jmxremote.authenticate=true - -Dcom.sun.management.jmxremote.access.file={{ .jmx.accessFile }} - -Dcom.sun.management.jmxremote.password.file={{ .jmx.passwordFile }} - {{- else }} - -Dcom.sun.management.jmxremote.authenticate=false - {{- end }} - {{- end }} - {{- if .other }} - {{ .other }} - {{- end }} - {{- end }} - {{- if or .Values.database.type .Values.postgresql.enabled }} - database: - {{- if .Values.postgresql.enabled }} - type: postgresql - url: "jdbc:postgresql://{{ .Release.Name }}-postgresql:{{ .Values.postgresql.service.port }}/{{ .Values.postgresql.postgresqlDatabase }}" - driver: org.postgresql.Driver - username: "{{ .Values.postgresql.postgresqlUsername }}" - {{- else }} - type: "{{ .Values.database.type }}" - driver: "{{ .Values.database.driver }}" - {{- end }} - {{- end }} - artifactory: - {{- if .Values.artifactory.openMetrics }} - metrics: - enabled: {{ .Values.artifactory.openMetrics.enabled }} - {{- end }} - database: - maxOpenConnections: {{ .Values.artifactory.database.maxOpenConnections }} - tomcat: - connector: - maxThreads: {{ .Values.artifactory.tomcat.connector.maxThreads }} - extraConfig: {{ .Values.artifactory.tomcat.connector.extraConfig }} - frontend: - session: - timeMinutes: {{ .Values.frontend.session.timeoutMinutes | quote }} - access: - database: - maxOpenConnections: {{ .Values.access.database.maxOpenConnections }} - tomcat: - connector: - maxThreads: {{ .Values.access.tomcat.connector.maxThreads }} - extraConfig: {{ .Values.access.tomcat.connector.extraConfig }} - metadata: - database: - maxOpenConnections: {{ .Values.metadata.database.maxOpenConnections }} - {{- if .Values.artifactory.replicator.enabled }} - replicator: - enabled: true - {{- end }} - - annotations: {} - - service: - name: artifactory - type: ClusterIP - ## For supporting whitelist on the Artifactory service (useful if setting service.type=LoadBalancer) - ## Set this to a list of IP CIDR ranges - ## Example: loadBalancerSourceRanges: ['10.10.10.5/32', '10.11.10.5/32'] - ## or pass from helm command line - ## Example: helm install ... --set nginx.service.loadBalancerSourceRanges='{10.10.10.5/32,10.11.10.5/32}' - loadBalancerSourceRanges: [] - annotations: {} - - ## The following setting are to configure a dedicated Ingress object for Replicator service - replicator: - enabled: false - ingress: - name: - hosts: [] - annotations: {} - # kubernetes.io/ingress.class: nginx - # nginx.ingress.kubernetes.io/proxy-buffering: "off" - # nginx.ingress.kubernetes.io/configuration-snippet: | - # chunked_transfer_encoding on; - tls: [] - # Secrets must be manually created in the namespace. - # - hosts: - # - artifactory.domain.example - # secretName: chart-example-tls-secret - - ## IMPORTANT: If overriding artifactory.internalPort: - ## DO NOT use port lower than 1024 as Artifactory runs as non-root and cannot bind to ports lower than 1024! - externalPort: 8082 - internalPort: 8082 - externalArtifactoryPort: 8081 - internalArtifactoryPort: 8081 - uid: 1030 - gid: 1030 - terminationGracePeriodSeconds: 30 - - ## By default, the Artifactory StatefulSet is created with a securityContext that sets the `runAsUser` and the `fsGroup` to the `artifactory.uid` value. - ## If you want to disable the securityContext for the Artifactory StatefulSet, set this tag to false - setSecurityContext: true - - ## The following settings are to configure the frequency of the liveness and readiness probes - livenessProbe: - enabled: true - path: /router/api/v1/system/health - initialDelaySeconds: 180 - failureThreshold: 10 - timeoutSeconds: 10 - periodSeconds: 10 - successThreshold: 1 - - readinessProbe: - enabled: true - path: /router/api/v1/system/health - initialDelaySeconds: 90 - failureThreshold: 10 - timeoutSeconds: 10 - periodSeconds: 10 - successThreshold: 1 - - persistence: - mountPath: "/var/opt/jfrog/artifactory" - enabled: true - ## A manually managed Persistent Volume and Claim - ## Requires persistence.enabled: true - ## If defined, PVC must be created manually before volume will be bound - # existingClaim: - - accessMode: ReadWriteOnce - ## Storage default size. Should be increased for production deployments. - size: 20Gi - - ## Use a custom Secret to be mounted as your binarystore.xml - ## NOTE: This will ignore all settings below that make up binarystore.xml - customBinarystoreXmlSecret: - ## Cache default size. Should be increased for production deployments. - maxCacheSize: 5000000000 - cacheProviderDir: cache - - ## Set the persistence storage type. This will apply the matching binarystore.xml to Artifactory config - ## Supported types are: - ## file-system (default) - ## nfs - ## google-storage - ## aws-s3 - ## aws-s3-v3 - ## azure-blob - type: file-system - - ## Use binarystoreXml to provide a custom binarystore.xml - ## This can be a template or hardcoded. - binarystoreXml: | - {{- if eq .Values.artifactory.persistence.type "file-system" -}} - - - - {{- if .Values.artifactory.persistence.fileSystem.cache.enabled }} - - {{- end }} - - {{- if .Values.artifactory.persistence.fileSystem.cache.enabled }} - - {{- end }} - - - {{- if .Values.artifactory.persistence.fileSystem.cache.enabled }} - - {{ .Values.artifactory.persistence.maxCacheSize }} - {{ .Values.artifactory.persistence.cacheProviderDir }} - - {{- end }} - - {{- end }} - {{- if eq .Values.artifactory.persistence.type "google-storage" }} - - - - - - - - - - - - - - - {{ .Values.artifactory.persistence.maxCacheSize }} - {{ .Values.artifactory.persistence.cacheProviderDir }} - - - - {{ .Values.artifactory.persistence.mountPath }}/data/filestore - /tmp - - - - google-cloud-storage - {{ .Values.artifactory.persistence.googleStorage.endpoint }} - {{ .Values.artifactory.persistence.googleStorage.httpsOnly }} - {{ .Values.artifactory.persistence.googleStorage.bucketName }} - {{ .Values.artifactory.persistence.googleStorage.identity }} - {{ .Values.artifactory.persistence.googleStorage.credential }} - {{ .Values.artifactory.persistence.googleStorage.path }} - {{ .Values.artifactory.persistence.googleStorage.bucketExists }} - - - {{- end }} - {{- if eq .Values.artifactory.persistence.type "aws-s3-v3" }} - - - - - - - - - - - - - - - {{ .Values.artifactory.persistence.maxCacheSize }} - {{ .Values.artifactory.persistence.cacheProviderDir }} - - - {{- with .Values.artifactory.persistence.awsS3V3 }} - - {{ .testConnection }} - {{- if .identity }} - {{ .identity }} - {{- end }} - {{- if .credential }} - {{ .credential }} - {{- end }} - {{ .region }} - {{ .bucketName }} - {{ .path }} - {{ .endpoint }} - {{- with .maxConnections }} - {{ . }} - {{- end }} - {{- with .kmsServerSideEncryptionKeyId }} - {{ . }} - {{- end }} - {{- with .kmsKeyRegion }} - {{ . }} - {{- end }} - {{- with .kmsCryptoMode }} - {{ . }} - {{- end }} - {{- if .useInstanceCredentials }} - true - {{- else }} - false - {{- end }} - {{ .usePresigning }} - {{ .signatureExpirySeconds }} - {{- with .cloudFrontDomainName }} - {{ . }} - {{- end }} - {{- with .cloudFrontKeyPairId }} - {{ .cloudFrontKeyPairId }} - {{- end }} - {{- with .cloudFrontPrivateKey }} - {{ . }} - {{- end }} - {{- with .enableSignedUrlRedirect }} - {{ . }} - {{- end }} - {{- with .enablePathStyleAccess }} - {{ . }} - {{- end }} - - {{- end }} - - {{- end }} - - {{- if eq .Values.artifactory.persistence.type "aws-s3" }} - - - - - - - - - - - - - - - {{ .Values.artifactory.persistence.maxCacheSize }} - {{ .Values.artifactory.persistence.cacheProviderDir }} - - - - {{ .Values.artifactory.persistence.awsS3.endpoint }} - {{- if .Values.artifactory.persistence.awsS3.roleName }} - {{ .Values.artifactory.persistence.awsS3.roleName }} - true - {{- else }} - {{ .Values.artifactory.persistence.awsS3.refreshCredentials }} - {{- end }} - {{ .Values.artifactory.persistence.awsS3.s3AwsVersion }} - {{ .Values.artifactory.persistence.awsS3.testConnection }} - {{ .Values.artifactory.persistence.awsS3.httpsOnly }} - {{ .Values.artifactory.persistence.awsS3.region }} - {{ .Values.artifactory.persistence.awsS3.bucketName }} - {{- if .Values.artifactory.persistence.awsS3.identity }} - {{ .Values.artifactory.persistence.awsS3.identity }} - {{- end }} - {{- if .Values.artifactory.persistence.awsS3.credential }} - {{ .Values.artifactory.persistence.awsS3.credential }} - {{- end }} - {{ .Values.artifactory.persistence.awsS3.path }} - {{- range $key, $value := .Values.artifactory.persistence.awsS3.properties }} - - {{- end }} - - - {{- end }} - {{- if eq .Values.artifactory.persistence.type "azure-blob" }} - - - - - - - - - - - - - - - {{ .Values.artifactory.persistence.maxCacheSize }} - {{ .Values.artifactory.persistence.cacheProviderDir }} - - - - {{ .Values.artifactory.persistence.azureBlob.accountName }} - {{ .Values.artifactory.persistence.azureBlob.accountKey }} - {{ .Values.artifactory.persistence.azureBlob.endpoint }} - {{ .Values.artifactory.persistence.azureBlob.containerName }} - {{ .Values.artifactory.persistence.azureBlob.testConnection }} - - - {{- end }} - - ## For artifactory.persistence.type nfs - ## If using NFS as the shared storage, you must have a running NFS server that is accessible by your Kubernetes - ## cluster nodes. - ## Need to have the following set - nfs: - # Must pass actual IP of NFS server with '--set For artifactory.persistence.nfs.ip=${NFS_IP}' - ip: - haDataMount: "/data" - haBackupMount: "/backup" - dataDir: "/var/opt/jfrog/artifactory" - backupDir: "/var/opt/jfrog/artifactory-backup" - capacity: 200Gi - - ## For artifactory.persistence.type file-system - fileSystem: - cache: - enabled: false - - ## For artifactory.persistence.type google-storage - googleStorage: - endpoint: commondatastorage.googleapis.com - httpsOnly: false - # Set a unique bucket name - bucketName: "artifactory-gcp" - identity: - credential: - path: "artifactory/filestore" - bucketExists: false - - ## For artifactory.persistence.type aws-s3-v3 - awsS3V3: - testConnection: false - identity: - credential: - region: - bucketName: artifactory-aws - path: artifactory/filestore - endpoint: - maxConnections: 50 - kmsServerSideEncryptionKeyId: - kmsKeyRegion: - kmsCryptoMode: - useInstanceCredentials: true - usePresigning: false - signatureExpirySeconds: 300 - cloudFrontDomainName: - cloudFrontKeyPairId: - cloudFrontPrivateKey: - enableSignedUrlRedirect: false - enablePathStyleAccess: false - - ## For artifactory.persistence.type aws-s3 - ## IMPORTANT: Make sure S3 `endpoint` and `region` match! See https://docs.aws.amazon.com/general/latest/gr/rande.html - awsS3: - # Set a unique bucket name - bucketName: "artifactory-aws" - endpoint: - region: - roleName: - identity: - credential: - path: "artifactory/filestore" - refreshCredentials: true - httpsOnly: true - testConnection: false - s3AwsVersion: AWS4-HMAC-SHA256 - ## Additional properties to set on the s3 provider - properties: {} - # httpclient.max-connections: 100 - ## For artifactory.persistence.type azure-blob - azureBlob: - accountName: - accountKey: - endpoint: - containerName: - testConnection: false - ## artifactory data Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - # storageClassName: "-" - ## Annotations for the Persistent Volume Claim - annotations: {} - ## Uncomment the following resources definitions or pass them from command line - ## to control the cpu and memory resources allocated by the Kubernetes cluster - resources: {} - # requests: - # memory: "1Gi" - # cpu: "500m" - # limits: - # memory: "2Gi" - # cpu: "1" - ## The following Java options are passed to the java process running Artifactory. - ## You should set them according to the resources set above - javaOpts: - # xms: "1g" - # xmx: "2g" - jmx: - enabled: false - port: 9010 - host: - ssl: false - # When authenticate is true, accessFile and passwordFile are required - authenticate: false - accessFile: - passwordFile: - corePoolSize: 8 - # other: "" - - nodeSelector: {} - - tolerations: [] - - affinity: {} - - ssh: - enabled: false - internalPort: 1339 - externalPort: 1339 - -frontend: - ## Session settings - session: - ## Time in minutes after which the frontend token will need to be refreshed - timeoutMinutes: '30' - -access: - ## Enable TLS by changing the tls entry (under the security section) in the access.config.yaml file. - ## ref: https://www.jfrog.com/confluence/display/JFROG/Managing+TLS+Certificates#ManagingTLSCertificates - ## When security.tls is set to true, JFrog Access will act as the Certificate Authority (CA) and sign the TLS certificates used by all the different JFrog Platform nodes. - ## This ensures that the node to node communication is done over TLS. - accessConfig: - security: - tls: false - - ## You can use a pre-existing secret by specifying customCertificatesSecretName - ## Example : Create a tls secret using `kubectl create secret tls --cert=ca.crt --key=ca.private.key` - # customCertificatesSecretName: - - ## When resetAccessCAKeys is true, Access will regenerate the CA certificate and matching private key - # resetAccessCAKeys: false - database: - maxOpenConnections: 80 - tomcat: - connector: - maxThreads: 50 - extraConfig: 'acceptCount="100"' - -metadata: - database: - maxOpenConnections: 80 - -# Nginx -nginx: - enabled: true - kind: Deployment - name: nginx - labels: {} - replicaCount: 1 - uid: 104 - gid: 107 - # Note that by default we use appVersion to get image tag/version - image: - registry: docker.bintray.io - repository: jfrog/nginx-artifactory-pro - # tag: - pullPolicy: IfNotPresent - - # Priority Class name to be used in deployment if provided - priorityClassName: - - # Sidecar containers for tailing Nginx logs - loggers: [] - # - access.log - # - error.log - - # Loggers containers resources - loggersResources: {} - # requests: - # memory: "64Mi" - # cpu: "25m" - # limits: - # memory: "128Mi" - # cpu: "50m" - - # Logs options - logs: - stderr: false - level: warn - - mainConf: | - # Main Nginx configuration file - worker_processes 4; - - {{ if .Values.nginx.logs.stderr }} - error_log stderr {{ .Values.nginx.logs.level }}; - {{- else -}} - error_log {{ .Values.nginx.persistence.mountPath }}/logs/error.log {{ .Values.nginx.logs.level }}; - {{- end }} - pid /tmp/nginx.pid; - - {{- if .Values.artifactory.ssh.enabled }} - ## SSH Server Configuration - stream { - server { - listen {{ .Values.nginx.ssh.internalPort }}; - proxy_pass {{ include "artifactory.fullname" . }}:{{ .Values.artifactory.ssh.externalPort }}; - } - } - {{- end }} - - events { - worker_connections 1024; - } - - - http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - - variables_hash_max_size 1024; - variables_hash_bucket_size 64; - server_names_hash_max_size 4096; - server_names_hash_bucket_size 128; - types_hash_max_size 2048; - types_hash_bucket_size 64; - proxy_read_timeout 2400s; - client_header_timeout 2400s; - client_body_timeout 2400s; - proxy_connect_timeout 75s; - proxy_send_timeout 2400s; - proxy_buffer_size 128k; - proxy_buffers 40 128k; - proxy_busy_buffers_size 128k; - proxy_temp_file_write_size 250m; - proxy_http_version 1.1; - client_body_buffer_size 128k; - - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - log_format timing 'ip = $remote_addr ' - 'user = \"$remote_user\" ' - 'local_time = \"$time_local\" ' - 'host = $host ' - 'request = \"$request\" ' - 'status = $status ' - 'bytes = $body_bytes_sent ' - 'upstream = \"$upstream_addr\" ' - 'upstream_time = $upstream_response_time ' - 'request_time = $request_time ' - 'referer = \"$http_referer\" ' - 'UA = \"$http_user_agent\"'; - - access_log {{ .Values.nginx.persistence.mountPath }}/logs/access.log timing; - - sendfile on; - #tcp_nopush on; - - keepalive_timeout 65; - - #gzip on; - - include /etc/nginx/conf.d/*.conf; - - } - - - artifactoryConf: | - {{- if .Values.nginx.https.enabled }} - ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; - ssl_certificate {{ .Values.nginx.persistence.mountPath }}/ssl/tls.crt; - ssl_certificate_key {{ .Values.nginx.persistence.mountPath }}/ssl/tls.key; - ssl_session_cache shared:SSL:1m; - ssl_prefer_server_ciphers on; - {{- end }} - ## server configuration - server { - {{- if .Values.nginx.internalPortHttps }} - listen {{ .Values.nginx.internalPortHttps }} ssl; - {{- else -}} - {{- if .Values.nginx.https.enabled }} - listen {{ .Values.nginx.https.internalPort }} ssl; - {{- end }} - {{- end }} - {{- if .Values.nginx.internalPortHttp }} - listen {{ .Values.nginx.internalPortHttp }}; - {{- else -}} - {{- if .Values.nginx.http.enabled }} - listen {{ .Values.nginx.http.internalPort }}; - {{- end }} - {{- end }} - server_name ~(?.+)\.{{ include "artifactory.fullname" . }} {{ include "artifactory.fullname" . }} - {{- range .Values.ingress.hosts -}} - {{- if contains "." . -}} - {{ "" | indent 0 }} ~(?.+)\.{{ . }} - {{- end -}} - {{- end -}}; - - if ($http_x_forwarded_proto = '') { - set $http_x_forwarded_proto $scheme; - } - ## Application specific logs - ## access_log /var/log/nginx/artifactory-access.log timing; - ## error_log /var/log/nginx/artifactory-error.log; - rewrite ^/artifactory/?$ / redirect; - if ( $repo != "" ) { - rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/$repo/$1/$2 break; - } - chunked_transfer_encoding on; - client_max_body_size 0; - - location / { - proxy_read_timeout 900; - proxy_pass_header Server; - proxy_cookie_path ~*^/.* /; - proxy_pass {{ include "artifactory.scheme" . }}://{{ include "artifactory.fullname" . }}:{{ .Values.artifactory.externalPort }}/; - {{- if .Values.nginx.service.ssloffload}} - proxy_set_header X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host; - {{- else }} - proxy_set_header X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host:$server_port; - proxy_set_header X-Forwarded-Port $server_port; - {{- end }} - proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - location /artifactory/ { - if ( $request_uri ~ ^/artifactory/(.*)$ ) { - proxy_pass {{ include "artifactory.scheme" . }}://{{ include "artifactory.fullname" . }}:{{ .Values.artifactory.externalArtifactoryPort }}/artifactory/$1; - } - proxy_pass {{ include "artifactory.scheme" . }}://{{ include "artifactory.fullname" . }}:{{ .Values.artifactory.externalArtifactoryPort }}/artifactory/; - } - } - } - - service: - ## For minikube, set this to NodePort, elsewhere use LoadBalancer - type: LoadBalancer - ssloffload: false - ## For supporting whitelist on the Nginx LoadBalancer service - ## Set this to a list of IP CIDR ranges - ## Example: loadBalancerSourceRanges: ['10.10.10.5/32', '10.11.10.5/32'] - ## or pass from helm command line - ## Example: helm install ... --set nginx.service.loadBalancerSourceRanges='{10.10.10.5/32,10.11.10.5/32}' - loadBalancerSourceRanges: [] - annotations: {} - ## Provide static ip address - loadBalancerIP: - ## There are two available options: “Cluster” (default) and “Local”. - externalTrafficPolicy: Cluster - - http: - enabled: true - externalPort: 80 - internalPort: 80 - https: - enabled: true - externalPort: 443 - internalPort: 443 - - ssh: - internalPort: 1339 - externalPort: 1339 - - # DEPRECATED: The following will be removed in a future release - # externalPortHttp: 80 - # internalPortHttp: 80 - # externalPortHttps: 443 - # internalPortHttps: 443 - - ## The following settings are to configure the frequency of the liveness and readiness probes - livenessProbe: - enabled: true - path: /router/api/v1/system/health - initialDelaySeconds: 180 - failureThreshold: 10 - timeoutSeconds: 10 - periodSeconds: 10 - successThreshold: 1 - - readinessProbe: - enabled: true - path: /router/api/v1/system/health - initialDelaySeconds: 120 - failureThreshold: 10 - timeoutSeconds: 10 - periodSeconds: 10 - successThreshold: 1 - - ## The SSL secret that will be used by the Nginx pod - # tlsSecretName: chart-example-tls - ## Custom ConfigMap for nginx.conf - customConfigMap: - ## Custom ConfigMap for artifactory-ha.conf - customArtifactoryConfigMap: - persistence: - mountPath: "/var/opt/jfrog/nginx" - enabled: false - ## A manually managed Persistent Volume and Claim - ## Requires persistence.enabled: true - ## If defined, PVC must be created manually before volume will be bound - # existingClaim: - - accessMode: ReadWriteOnce - size: 5Gi - ## nginx data Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - # storageClassName: "-" - resources: {} - # requests: - # memory: "250Mi" - # cpu: "100m" - # limits: - # memory: "250Mi" - # cpu: "500m" - nodeSelector: {} - - tolerations: [] - - affinity: {} - -## Database configurations -## Use the wait-for-db init container. Set to false to skip -waitForDatabase: true - -## Configuration values for the PostgreSQL dependency sub-chart -## ref: https://github.com/bitnami/charts/blob/master/bitnami/postgresql/README.md -postgresql: - enabled: true - image: - registry: docker.bintray.io - repository: bitnami/postgresql - tag: 12.5.0-debian-10-r25 - postgresqlUsername: artifactory - postgresqlPassword: "" - postgresqlDatabase: artifactory - postgresqlExtendedConf: - listenAddresses: "'*'" - maxConnections: "1500" - persistence: - enabled: true - size: 50Gi - service: - port: 5432 - master: - nodeSelector: {} - affinity: {} - tolerations: [] - slave: - nodeSelector: {} - affinity: {} - tolerations: [] - resources: {} - # requests: - # memory: "512Mi" - # cpu: "100m" - # limits: - # memory: "1Gi" - # cpu: "500m" - -## If NOT using the PostgreSQL in this chart (postgresql.enabled=false), -## specify custom database details here or leave empty and Artifactory will use embedded derby -database: - type: - driver: - ## If you set the url, leave host and port empty - url: - ## If you would like this chart to create the secret containing the db - ## password, use these values - user: - password: - ## If you have existing Kubernetes secrets containing db credentials, use - ## these values - secrets: {} - # user: - # name: "rds-artifactory" - # key: "db-user" - # password: - # name: "rds-artifactory" - # key: "db-password" - # url: - # name: "rds-artifactory" - # key: "db-url" - -# Filebeat Sidecar container -## The provided filebeat configuration is for Artifactory logs. It assumes you have a logstash installed and configured properly. -filebeat: - enabled: false - name: artifactory-filebeat - image: - repository: "docker.elastic.co/beats/filebeat" - version: 7.9.2 - logstashUrl: "logstash:5044" - - livenessProbe: - exec: - command: - - sh - - -c - - | - #!/usr/bin/env bash -e - curl --fail 127.0.0.1:5066 - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 5 - - readinessProbe: - exec: - command: - - sh - - -c - - | - #!/usr/bin/env bash -e - filebeat test output - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 5 - - resources: {} -# requests: -# memory: "100Mi" -# cpu: "100m" -# limits: -# memory: "100Mi" -# cpu: "100m" - - filebeatYml: | - logging.level: info - path.data: {{ .Values.artifactory.persistence.mountPath }}/log/filebeat - name: artifactory-filebeat - queue.spool: ~ - filebeat.inputs: - - type: log - enabled: true - close_eof: ${CLOSE:false} - paths: - - {{ .Values.artifactory.persistence.mountPath }}/log/*.log - fields: - service: "jfrt" - log_type: "artifactory" - output: - logstash: - hosts: ["{{ .Values.filebeat.logstashUrl }}"] - -## Allows to add additional kubernetes resources -## Use --- as a separator between multiple resources -## For an example, refer - https://github.com/jfrog/log-analytics-prometheus/blob/master/artifactory-values.yaml -additionalResources: | diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/ci/default-values.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.0/ci/default-values.yaml deleted file mode 100644 index 86355d3b3..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/ci/default-values.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# Leave this file empty to ensure that CI runs builds against the default configuration in values.yaml. -artifactory: - databaseUpgradeReady: true - - # To Fix ct tool --reuse-values - PASSWORDS ERROR: you must provide your current passwords when upgrade the release - postgresql: - postgresqlPassword: password diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/logo/jcr-logo.png b/charts/artifactory-jcr/artifactory-jcr/3.4.0/logo/jcr-logo.png deleted file mode 100644 index e0ed038ca059f73c179a39841d3be9871075b3a3..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 3135 zcmZ`)c{r478-EMg5|gd$S;7$wLYet283r@&7+bOw6-rXJK^@9ch%DiVY>8uE3$s{C zNXv*29ZFd$$J!{A^?TmYxvua0@m<$5&vHNaZ@KUHxvsfMCgBD6B={f*60k7G*?^S> ze$6}_VAhkvn}LP%tTAj1LA6QzYp1xtS?-Lv4Gck7_CrwkbqHDkq3}rvqM#vY$_;|_ zGayLZH=ALNg`n+SWTKrZNFXstFdZf`h%lW%q9Zem%wWL(Y=|(pWf0jpFvtNA@*}bh z4NqbaNHq2>ok(O4fFji*gaC^~*eHtz3p@>vT+xsqxMGtKJek`6D-j+ZPHbjN(+DK$ zFA|VIrjkjG;D{JQfHbg2?2(#CfEn@3AlR4L!;D{sNi+i72wOKFBHK1FWAw;~#IOVmFbxI+vG)%Tp$Rku5d~F1n-Bq@z#ahUL`04qw|{C6ngI4B z2GNXe1~!0jD+kB{doU;&fgs*~MUWDZh2Io0(w$$ew+*1p#$!89)jIJfINEdQ12byhTE!A`Z#GDqyCvo5Qw> zXd$lxNFzP5rdxxqf+O1oJB~DJ>&?KH3`@3cn9zujgKmIKs|KsB=CDcFwIEK2KoQKq zD)`C-c3oRSfO%_JH3BwEm3yJZ!SBblHI;0mZSknc#MBky5zbJK&zV+}m$ z*+3hTEhKT&{dyszYxL`njhT-x>N3MILVN8K9(`(zwh$nX^ro6|?><9YStxhms$X5a zzg==NSfk+kZ8^=FwS2{r6!BegS9Uo5J!mW=?D`FdDr3@%GLmzPc@9O`syW2YzLq~d zue9yJ#o9TJDHC4OdJz9Z&XbStioQB{?`M@%e_E^HyZGlFZzilfS#5j`5A1x?eOkG zs(bGA{TB9i=)_pomm^DmDgWoQbu|TcRyWWw+;4gFCEow)z}ZqQ)5dSIC{Xye(*!(j zuAADc2M*kU7O*MzIKK$5jPA!91=%1HWPvlb3mKZtS$7pNmFg5XAH~_}8)+U?6eb*b zJ%QcTDnx$0fJ$M;)YwL(35nk5f6?Bq_2BD1TLQ1BaBApdTQwb>K4y%Hj_hP>uJ>ll zTzV))8xu?oUdcgpMUvN~zS zonig+Lwnmo=M>Fjo--G!gO_}He7F_NR;)3_vS|%b6V@9GGV6N^sp}U%`aL?Aw0GLk z<0FkFy#Mpi^WWulNygPLa&R9ohRn(*zAsZ#^PU{KQb^2{z;w-C?8_^fJ<-!jnbm$O zh8_3EPct1K!d1)aw~EV7^!IsmbqMFFFVwAO(@k7tWR$wCziZ@tDI2&Nt#t$SO`K-q zI>|DeQ~MPEOy{nDGb89=Rf*yktkvH_Cmy67&(Y|emTWHZn0PtIf6#_?^`@P}C;vPR z*&~-n3+wKvW~4T&8{|D*aQM;L)D%bVdf{NF=;UB8Ebs7$Z~BC#zQ#AL{u{eO5`-8# zzQ41<(aL`dJwd6ckM_N~ccK9xm z^=r&jomKefX`K5RgIBOe{0uUvIp&!^qg&)!C0XyT)00Oczcw&Kg>e-XQOe;TB3cx* zxkH3>vQ((ls4m)%^vW{r&hgB9>#G{`WA#nNx_*apX$jF(xA%3>pVL8{HMm1E zcUg0uY=})XAtyEe%*}rt1vE8 zZroX6Es9U-YD*po?0BtU7%lB5DSxp*Blk>@oB+3Zitg}9ES#bnRXAJOyMz)Po5V*J z^mkBt1(~Fyq|Lg&O4Ze6+JoiCYR=4*#3|(IBt=~56Wx64xF#IkZb%WEZ%;nF;CWim zWK938Up)TKV-!9*R7qPgFsIMHc5Vbup~CGuRK5EK+7If z(mnZITq!5}xm7XUw`k#s7Mm&3EJt%kQOuavxl?@FW0RPDwaS<=+uKK_-?^iP#@_Zc zH#1}T#gluhAGdH=i@U~%=|$)q@rmp)_O%~6D4s8J!Of>(z##4>zJrR^+U_h=;a76G zXy9lZJvL4<0K5Rp0i}MaAAOvrd^OsiO~IS7iSD{v>FH4vk({9OlkdECPekp-$ILt4 zK80zap;~$$AsoZyX?sHBWWTL<8yQnaB=9AHRX$p3Tu&p0KzTSAJTvDiufHon^~X2*w>#XS8R+m}vX z-e74?1$0SH&%g}Hf&Jt0&TN1+m z#AQL=x^%XwN#VSU2@^HlQarBCV1U%m;C7nHI0 zHT_K@^NYVGtw-+4NMuc8`D6;gFoaw;q=}*LxYS!#)rH(vWy{DEF+V>E2y2ZKJ-2rT)DP9&n3z#p(CK0JXYTTKvnH z3l=>(=8_%Ht+J`ix(3}d`Z=)Hlc^5=l$8Qaj|aM+3iQxFf=KlitTyppFy!`(Gr!<~@2LQ;zl!U7~>K6H5h0(N~ diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/questions.yml b/charts/artifactory-jcr/artifactory-jcr/3.4.0/questions.yml deleted file mode 100644 index 9cde42870..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/questions.yml +++ /dev/null @@ -1,271 +0,0 @@ -questions: -# Advance Settings -- variable: artifactory.artifactory.masterKey - default: "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" - description: "Artifactory master key. For security reasons, we strongly recommend you generate your own master key using this command: 'openssl rand -hex 32'" - type: string - label: Artifactory master key - group: "Security Settings" - -# Container Images -- variable: defaultImage - default: true - description: "Use default Docker image" - label: Use Default Image - type: boolean - show_subquestion_if: false - group: "Container Images" - subquestions: - - variable: artifactory.artifactory.image.repository - default: "docker.bintray.io/jfrog/artifactory-jcr" - description: "JFrog Container Registry image name" - type: string - label: JFrog Container Registry Image Name - - variable: artifactory.artifactory.image.version - default: "7.6.3" - description: "JFrog Container Registry image tag" - type: string - label: JFrog Container Registry Image Tag - - variable: artifactory.imagePullSecrets - description: "Image Pull Secret" - type: string - label: Image Pull Secret - -# Services and LoadBalancing Settings -- variable: artifactory.ingress.enabled - default: false - description: "Expose app using Layer 7 Load Balancer - ingress" - type: boolean - label: Expose app using Layer 7 Load Balancer - show_subquestion_if: true - group: "Services and Load Balancing" - required: true - subquestions: - - variable: artifactory.ingress.hosts[0] - default: "xip.io" - description: "Hostname to your artifactory installation" - type: hostname - required: true - label: Hostname - -# Nginx Settings -- variable: artifactory.nginx.enabled - default: true - description: "Enable nginx server" - type: boolean - label: Enable Nginx Server - group: "Services and Load Balancing" - required: true - show_if: "artifactory.ingress.enabled=false" -- variable: artifactory.nginx.service.type - default: "LoadBalancer" - description: "Nginx service type" - type: enum - required: true - label: Nginx Service Type - show_if: "artifactory.nginx.enabled=true&&artifactory.ingress.enabled=false" - group: "Services and Load Balancing" - options: - - "ClusterIP" - - "NodePort" - - "LoadBalancer" -- variable: artifactory.nginx.service.loadBalancerIP - default: "" - description: "Provide Static IP to configure with Nginx" - type: string - label: Config Nginx LoadBalancer IP - show_if: "artifactory.nginx.enabled=true&&artifactory.nginx.service.type=LoadBalancer&&artifactory.ingress.enabled=false" - group: "Services and Load Balancing" -- variable: artifactory.nginx.tlsSecretName - default: "" - description: "Provide SSL Secret name to configure with Nginx" - type: string - label: Config Nginx SSL Secret - show_if: "artifactory.nginx.enabled=true&&artifactory.ingress.enabled=false" - group: "Services and Load Balancing" -- variable: artifactory.nginx.customArtifactoryConfigMap - default: "" - description: "Provide configMap name to configure Nginx with custom `artifactory.conf`" - type: string - label: ConfigMap for Nginx Artifactory Config - show_if: "artifactory.nginx.enabled=true&&artifactory.ingress.enabled=false" - group: "Services and Load Balancing" - -# Database Settings -- variable: artifactory.postgresql.enabled - default: true - description: "Enable PostgreSQL" - type: boolean - required: true - label: Enable PostgreSQL - group: "Database Settings" - show_subquestion_if: true - subquestions: - - variable: artifactory.postgresql.postgresqlPassword - default: "" - description: "PostgreSQL password" - type: password - required: true - label: PostgreSQL Password - group: "Database Settings" - show_if: "artifactory.postgresql.enabled=true" - - variable: artifactory.postgresql.persistence.size - default: 20Gi - description: "PostgreSQL persistent volume size" - type: string - label: PostgreSQL Persistent Volume Size - show_if: "artifactory.postgresql.enabled=true" - - variable: artifactory.postgresql.persistence.storageClass - default: "" - description: "If undefined or null, uses the default StorageClass. Default to null" - type: storageclass - label: Default StorageClass for PostgreSQL - show_if: "artifactory.postgresql.enabled=true" - - variable: artifactory.postgresql.resources.requests.cpu - default: "200m" - description: "PostgreSQL initial cpu request" - type: string - label: PostgreSQL Initial CPU Request - show_if: "artifactory.postgresql.enabled=true" - - variable: artifactory.postgresql.resources.requests.memory - default: "500Mi" - description: "PostgreSQL initial memory request" - type: string - label: PostgreSQL Initial Memory Request - show_if: "artifactory.postgresql.enabled=true" - - variable: artifactory.postgresql.resources.limits.cpu - default: "1" - description: "PostgreSQL cpu limit" - type: string - label: PostgreSQL CPU Limit - show_if: "artifactory.postgresql.enabled=true" - - variable: artifactory.postgresql.resources.limits.memory - default: "1Gi" - description: "PostgreSQL memory limit" - type: string - label: PostgreSQL Memory Limit - show_if: "artifactory.postgresql.enabled=true" -- variable: artifactory.database.type - default: "postgresql" - description: "xternal database type (postgresql, mysql, oracle or mssql)" - type: enum - required: true - label: External Database Type - group: "Database Settings" - show_if: "artifactory.postgresql.enabled=false" - options: - - "postgresql" - - "mysql" - - "oracle" - - "mssql" -- variable: artifactory.database.url - default: "" - description: "External database URL. If you set the url, leave host and port empty" - type: string - label: External Database URL - group: "Database Settings" - show_if: "artifactory.postgresql.enabled=false" -- variable: artifactory.database.host - default: "" - description: "External database hostname" - type: string - label: External Database Hostname - group: "Database Settings" - show_if: "artifactory.postgresql.enabled=false" -- variable: artifactory.database.port - default: "" - description: "External database port" - type: string - label: External Database Port - group: "Database Settings" - show_if: "artifactory.postgresql.enabled=false" -- variable: artifactory.database.user - default: "" - description: "External database username" - type: string - label: External Database Username - group: "Database Settings" - show_if: "artifactory.postgresql.enabled=false" -- variable: artifactory.database.password - default: "" - description: "External database password" - type: password - label: External Database Password - group: "Database Settings" - show_if: "artifactory.postgresql.enabled=false" - -# Advance Settings -- variable: artifactory.advancedOptions - default: false - description: "Show advanced configurations" - label: Show Advanced Configurations - type: boolean - show_subquestion_if: true - group: "Advanced Options" - subquestions: - - variable: artifactory.artifactory.primary.resources.requests.cpu - default: "500m" - description: "Artifactory primary node initial cpu request" - type: string - label: Artifactory Primary Node Initial CPU Request - - variable: artifactory.artifactory.primary.resources.requests.memory - default: "1Gi" - description: "Artifactory primary node initial memory request" - type: string - label: Artifactory Primary Node Initial Memory Request - - variable: artifactory.artifactory.primary.javaOpts.xms - default: "1g" - description: "Artifactory primary node java Xms size" - type: string - label: Artifactory Primary Node Java Xms Size - - variable: artifactory.artifactory.primary.resources.limits.cpu - default: "2" - description: "Artifactory primary node cpu limit" - type: string - label: Artifactory Primary Node CPU Limit - - variable: artifactory.artifactory.primary.resources.limits.memory - default: "4Gi" - description: "Artifactory primary node memory limit" - type: string - label: Artifactory Primary Node Memory Limit - - variable: artifactory.artifactory.primary.javaOpts.xmx - default: "4g" - description: "Artifactory primary node java Xmx size" - type: string - label: Artifactory Primary Node Java Xmx Size - - variable: artifactory.artifactory.node.resources.requests.cpu - default: "500m" - description: "Artifactory member node initial cpu request" - type: string - label: Artifactory Member Node Initial CPU Request - - variable: artifactory.artifactory.node.resources.requests.memory - default: "2Gi" - description: "Artifactory member node initial memory request" - type: string - label: Artifactory Member Node Initial Memory Request - - variable: artifactory.artifactory.node.javaOpts.xms - default: "1g" - description: "Artifactory member node java Xms size" - type: string - label: Artifactory Member Node Java Xms Size - - variable: artifactory.artifactory.node.resources.limits.cpu - default: "2" - description: "Artifactory member node cpu limit" - type: string - label: Artifactory Member Node CPU Limit - - variable: artifactory.artifactory.node.resources.limits.memory - default: "4Gi" - description: "Artifactory member node memory limit" - type: string - label: Artifactory Member Node Memory Limit - - variable: artifactory.artifactory.node.javaOpts.xmx - default: "4g" - description: "Artifactory member node java Xmx size" - type: string - label: Artifactory Member Node Java Xmx Size - -# Internal Settings -- variable: installerInfo - default: '\{\"productId\": \"RancherHelm_artifactory-jcr/7.6.3\", \"features\": \[\{\"featureId\": \"Partner/ACC-007246\"\}\]\}' - type: string - group: "Internal Settings (Do not modify)" diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/requirements.lock b/charts/artifactory-jcr/artifactory-jcr/3.4.0/requirements.lock deleted file mode 100644 index 299d8cefe..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/requirements.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: artifactory - repository: https://charts.jfrog.io/ - version: 11.7.4 -digest: sha256:a4c52f49f154be6434a9a37474eee556de8d97a487be9dec923124a64651aac8 -generated: "2021-01-04T14:56:17.66958+05:30" diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/requirements.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.0/requirements.yaml deleted file mode 100644 index 32402bc49..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/requirements.yaml +++ /dev/null @@ -1,3 +0,0 @@ -dependencies: -- name: artifactory - repository: file://./charts/artifactory diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/templates/NOTES.txt b/charts/artifactory-jcr/artifactory-jcr/3.4.0/templates/NOTES.txt deleted file mode 100644 index 035bf8417..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/templates/NOTES.txt +++ /dev/null @@ -1 +0,0 @@ -Congratulations. You have just deployed JFrog Container Registry! diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.0/values.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.0/values.yaml deleted file mode 100644 index 250485d27..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.0/values.yaml +++ /dev/null @@ -1,75 +0,0 @@ -# Default values for artifactory-jcr. -# This is a YAML-formatted file. - -# Beware when changing values here. You should know what you are doing! -# Access the values with {{ .Values.key.subkey }} - -# This chart is based on the main artifactory chart with some customizations. -# See all supported configuration keys in https://github.com/jfrog/charts/tree/master/stable/artifactory - -## All values are under the 'artifactory' sub chart. -artifactory: - - ## Artifactory - ## See full list of supported Artifactory options and documentation in artifactory chart: https://github.com/jfrog/charts/tree/master/stable/artifactory - artifactory: - ## Default tag is from the artifactory sub-chart in the requirements.yaml - image: - registry: docker.bintray.io - repository: jfrog/artifactory-jcr - # tag: - - ## Uncomment the following resources definitions or pass them from command line - ## to control the cpu and memory resources allocated by the Kubernetes cluster - resources: {} - # requests: - # memory: "1Gi" - # cpu: "500m" - # limits: - # memory: "4Gi" - # cpu: "1" - ## The following Java options are passed to the java process running Artifactory. - ## You should set them according to the resources set above. - ## IMPORTANT: Make sure resources.limits.memory is at least 1G more than Xmx. - javaOpts: {} - # xms: "1g" - # xmx: "3g" - # other: "" - - installer: - platform: jcr-helm - - installerInfo: '{"productId": "Helm_artifactory-jcr/{{ .Chart.Version }}", "features": [ { "featureId": "Platform/{{ default "kubernetes" .Values.installer.platform }}"}]}' - ## Nginx - ## See full list of supported Nginx options and documentation in artifactory chart: https://github.com/jfrog/charts/tree/master/stable/artifactory - nginx: - enabled: true - tlsSecretName: "" - service: - type: LoadBalancer - - ## Ingress - ## See full list of supported Ingress options and documentation in artifactory chart: https://github.com/jfrog/charts/tree/master/stable/artifactory - ingress: - enabled: false - tls: - - ## PostgreSQL - ## See list of supported postgresql options and documentation in artifactory chart: https://github.com/jfrog/charts/tree/master/stable/artifactory - ## Configuration values for the PostgreSQL dependency sub-chart - ## ref: https://github.com/bitnami/charts/blob/master/bitnami/postgresql/README.md - postgresql: - enabled: true - - ## This key is required for upgrades to protect old PostgreSQL chart's breaking changes. - databaseUpgradeReady: "yes" - - ## If NOT using the PostgreSQL in this chart (artifactory.postgresql.enabled=false), - ## specify custom database details here or leave empty and Artifactory will use embedded derby. - ## See full list of database options and documentation in artifactory chart: https://github.com/jfrog/charts/tree/master/stable/artifactory - # database: - - -## Enable the PostgreSQL sub chart -postgresql: - enabled: true diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/CHANGELOG.md b/charts/artifactory-jcr/artifactory-jcr/3.4.000/CHANGELOG.md deleted file mode 100755 index f56a5d644..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/CHANGELOG.md +++ /dev/null @@ -1,151 +0,0 @@ -# JFrog Container Registry Chart Changelog -All changes to this chart will be documented in this file. - -## [3.4.0] - Jan 4, 2020 -* Update dependency Artifactory chart version to 11.7.4 (Artifactory 7.12.5) - -## [3.3.1] - Dec 1, 2020 -* Update dependency Artifactory chart version to 11.5.4 (Artifactory 7.11.5) - -## [3.3.0] - Nov 23, 2020 -* Update dependency Artifactory chart version to 11.5.2 (Artifactory 7.11.2) - -## [3.2.2] - Nov 9, 2020 -* Update dependency Artifactory chart version to 11.4.5 (Artifactory 7.10.6) - -## [3.2.1] - Nov 2, 2020 -* Update dependency Artifactory chart version to 11.4.4 (Artifactory 7.10.5) - -## [3.2.0] - Oct 19, 2020 -* Update dependency Artifactory chart version to 11.4.0 (Artifactory 7.10.2) - -## [3.1.0] - Sep 30, 2020 -* Update dependency Artifactory chart version to 11.1.0 (Artifactory 7.9.0) - -## [3.0.2] - Sep 23, 2020 -* Updates readme - -## [3.0.1] - Sep 15, 2020 -* Update dependency Artifactory chart version to 11.0.1 (Artifactory 7.7.8) - -## [3.0.0] - Sep 14, 2020 -* **Breaking change:** Added `image.registry` and changed `image.version` to `image.tag` for docker images -* Update dependency Artifactory chart version to 11.0.0 (Artifactory 7.7.3) - -## [2.5.1] - Jul 29, 2020 -* Update dependency Artifactory chart version to 10.0.12 (Artifactory 7.6.3) - -## [2.5.0] - Jul 10, 2020 -* Update dependency Artifactory chart version to 10.0.3 (Artifactory 7.6.2) -* **IMPORTANT** -* Added ChartCenter Helm repository in README - -## [2.4.0] - Jun 30, 2020 -* Update dependency Artifactory chart version to 9.6.0 (Artifactory 7.6.1) - -## [2.3.1] - Jun 12, 2020 -* Update dependency Artifactory chart version to 9.5.2 (Artifactory 7.5.7) - -## [2.3.0] - Jun 1, 2020 -* Update dependency Artifactory chart version to 9.5.0 (Artifactory 7.5.5) - -## [2.2.5] - May 27, 2020 -* Update dependency Artifactory chart version to 9.4.9 (Artifactory 7.4.3) - -## [2.2.4] - May 20, 2020 -* Update dependency Artifactory chart version to 9.4.6 (Artifactory 7.4.3) - -## [2.2.3] - May 07, 2020 -* Update dependency Artifactory chart version to 9.4.5 (Artifactory 7.4.3) -* Add `installerInfo` string format - -## [2.2.2] - Apr 28, 2020 -* Update dependency Artifactory chart version to 9.4.4 (Artifactory 7.4.3) - -## [2.2.1] - Apr 27, 2020 -* Update dependency Artifactory chart version to 9.4.3 (Artifactory 7.4.1) - -## [2.2.0] - Apr 14, 2020 -* Update dependency Artifactory chart version to 9.4.0 (Artifactory 7.4.1) - -## [2.2.0] - Apr 14, 2020 -* Update dependency Artifactory chart version to 9.4.0 (Artifactory 7.4.1) - -## [2.1.6] - Apr 13, 2020 -* Update dependency Artifactory chart version to 9.3.1 (Artifactory 7.3.2) - -## [2.1.5] - Apr 8, 2020 -* Update dependency Artifactory chart version to 9.2.8 (Artifactory 7.3.2) - -## [2.1.4] - Mar 30, 2020 -* Update dependency Artifactory chart version to 9.2.3 (Artifactory 7.3.2) - -## [2.1.3] - Mar 30, 2020 -* Update dependency Artifactory chart version to 9.2.1 (Artifactory 7.3.2) - -## [2.1.2] - Mar 26, 2020 -* Update dependency Artifactory chart version to 9.1.5 (Artifactory 7.3.2) - -## [2.1.1] - Mar 25, 2020 -* Update dependency Artifactory chart version to 9.1.4 (Artifactory 7.3.2) - -## [2.1.0] - Mar 23, 2020 -* Update dependency Artifactory chart version to 9.1.3 (Artifactory 7.3.2) - -## [2.0.13] - Mar 19, 2020 -* Update dependency Artifactory chart version to 9.0.28 (Artifactory 7.2.1) - -## [2.0.12] - Mar 17, 2020 -* Update dependency Artifactory chart version to 9.0.26 (Artifactory 7.2.1) - -## [2.0.11] - Mar 11, 2020 -* Unified charts public release - -## [2.0.10] - Mar 8, 2020 -* Update dependency Artifactory chart version to 9.0.20 (Artifactory 7.2.1) - -## [2.0.9] - Feb 26, 2020 -* Update dependency Artifactory chart version to 9.0.15 (Artifactory 7.2.1) - -## [2.0.0] - Feb 12, 2020 -* Update dependency Artifactory chart version to 9.0.0 (Artifactory 7.0.0) - -## [1.1.0] - Jan 19, 2020 -* Update dependency Artifactory chart version to 8.4.1 (Artifactory 6.17.0) - -## [1.1.1] - Feb 3, 2020 -* Update dependency Artifactory chart version to 8.4.4 - -## [1.1.0] - Jan 19, 2020 -* Update dependency Artifactory chart version to 8.4.1 (Artifactory 6.17.0) - -## [1.0.1] - Dec 31, 2019 -* Update dependency Artifactory chart version to 8.3.5 - -## [1.0.0] - Dec 23, 2019 -* Update dependency Artifactory chart version to 8.3.3 - -## [0.2.1] - Dec 12, 2019 -* Update dependency Artifactory chart version to 8.3.1 - -## [0.2.0] - Dec 1, 2019 -* Updated Artifactory version to 6.16.0 - -## [0.1.5] - Nov 28, 2019 -* Update dependency Artifactory chart version to 8.2.6 - -## [0.1.4] - Nov 20, 2019 -* Update Readme - -## [0.1.3] - Nov 20, 2019 -* Fix JCR logo url -* Update dependency to Artifactory 8.2.2 chart - -## [0.1.2] - Nov 20, 2019 -* Update JCR logo - -## [0.1.1] - Nov 20, 2019 -* Add `appVersion` to Chart.yaml - -## [0.1.0] - Nov 20, 2019 -* Initial release of the JFrog Container Registry helm chart diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/Chart.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/Chart.yaml deleted file mode 100755 index c8a00025f..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/Chart.yaml +++ /dev/null @@ -1,22 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: artifactory-jcr -apiVersion: v1 -appVersion: 7.12.5 -description: JFrog Container Registry -home: https://jfrog.com/container-registry/ -icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory-jcr/logo/jcr-logo.png -keywords: -- artifactory -- jfrog -- container -- registry -- devops -- jfrog-container-registry -maintainers: -- email: helm@jfrog.com - name: Chart Maintainers at JFrog -name: artifactory-jcr -sources: -- https://github.com/jfrog/charts -version: 3.4.000 diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/LICENSE b/charts/artifactory-jcr/artifactory-jcr/3.4.000/LICENSE deleted file mode 100755 index 8dada3eda..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/LICENSE +++ /dev/null @@ -1,201 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "{}" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright {yyyy} {name of copyright owner} - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/README.md b/charts/artifactory-jcr/artifactory-jcr/3.4.000/README.md deleted file mode 100755 index f573c93fe..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/README.md +++ /dev/null @@ -1,131 +0,0 @@ -# JFrog Container Registry Helm Chart - -JFrog Container Registry is a free Artifactory edition with Docker and Helm repositories support. - -**Heads up: Our Helm Chart docs are moving to our main documentation site. For Artifactory installers, see [Installing Artifactory](https://www.jfrog.com/confluence/display/JFROG/Installing+Artifactory).** - -## Prerequisites Details - -* Kubernetes 1.12+ - -## Chart Details -This chart will do the following: - -* Deploy JFrog Container Registry -* Deploy an optional Nginx server -* Deploy an optional PostgreSQL Database -* Optionally expose Artifactory with Ingress [Ingress documentation](https://kubernetes.io/docs/concepts/services-networking/ingress/) - -## Installing the Chart - -### Add ChartCenter Helm repository - -Before installing JFrog helm charts, you need to add the [ChartCenter helm repository](https://chartcenter.io) to your helm client. - -```bash -helm repo add center https://repo.chartcenter.io -helm repo update -``` - -### Install Chart -To install the chart with the release name `jfrog-container-registry`: -```bash -helm upgrade --install jfrog-container-registry --set artifactory.postgresql.postgresqlPassword= --namespace artifactory-jcr center/jfrog/artifactory-jcr -``` - -### Accessing JFrog Container Registry -**NOTE:** If using artifactory or nginx service type `LoadBalancer`, it might take a few minutes for JFrog Container Registry's public IP to become available. - -### Updating JFrog Container Registry -Once you have a new chart version, you can upgrade your deployment with -```bash -helm upgrade jfrog-container-registry center/jfrog/artifactory-jcr -``` - -### Special Upgrade Notes -#### Artifactory upgrade from 6.x to 7.x (App Version) -Arifactory 6.x to 7.x upgrade requires a one time migration process. This is done automatically on pod startup if needed. -It's possible to configure the migration timeout with the following configuration in extreme cases. The provided default should be more than enough for completion of the migration. -```yaml -artifactory: - artifactory: - # Migration support from 6.x to 7.x - migration: - enabled: true - timeoutSeconds: 3600 -``` -* Note: If you are upgrading from 1.x to 3.x and above chart versions, please delete the existing statefulset of postgresql before upgrading the chart due to breaking changes in postgresql subchart. -```bash -kubectl delete statefulsets -postgresql -``` -* For more details about artifactory chart upgrades refer [here](https://github.com/jfrog/charts/blob/master/stable/artifactory/UPGRADE_NOTES.md) - -### Deleting JFrog Container Registry - -On helm v2: -```bash -helm delete --purge jfrog-container-registry -``` - -On helm v3: -```bash -helm delete jfrog-container-registry --namespace artifactory-jcr -``` - -This will delete your JFrog Container Registry deployment.
-**NOTE:** You might have left behind persistent volumes. You should explicitly delete them with -```bash -kubectl delete pvc ... -kubectl delete pv ... -``` - -## Database -The JFrog Container Registry chart comes with PostgreSQL deployed by default.
-For details on the PostgreSQL configuration or customising the database, Look at the options described in the [Artifactory helm chart](https://github.com/jfrog/charts/tree/master/stable/artifactory). - -### Ingress and TLS -To get Helm to create an ingress object with a hostname, add these two lines to your Helm command: -```bash -helm upgrade --install jfrog-container-registry \ - --set artifactory.nginx.enabled=false \ - --set artifactory.ingress.enabled=true \ - --set artifactory.ingress.hosts[0]="artifactory.company.com" \ - --set artifactory.artifactory.service.type=NodePort \ - --namespace artifactory-jcr center/jfrog/artifactory-jcr -``` - -To manually configure TLS, first create/retrieve a key & certificate pair for the address(es) you wish to protect. Then create a TLS secret in the namespace: - -```bash -kubectl create secret tls artifactory-tls --cert=path/to/tls.cert --key=path/to/tls.key -``` - -Include the secret's name, along with the desired hostnames, in the Artifactory Ingress TLS section of your custom `values.yaml` file: - -```yaml -artifactory: - artifactory: - ingress: - ## If true, Artifactory Ingress will be created - ## - enabled: true - - ## Artifactory Ingress hostnames - ## Must be provided if Ingress is enabled - ## - hosts: - - jfrog-container-registry.domain.com - annotations: - kubernetes.io/tls-acme: "true" - ## Artifactory Ingress TLS configuration - ## Secrets must be manually created in the namespace - ## - tls: - - secretName: artifactory-tls - hosts: - - jfrog-container-registry.domain.com -``` - -## Useful links -https://www.jfrog.com -https://www.jfrog.com/confluence/ diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/app-readme.md b/charts/artifactory-jcr/artifactory-jcr/3.4.000/app-readme.md deleted file mode 100755 index 9d9b7d85f..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/app-readme.md +++ /dev/null @@ -1,18 +0,0 @@ -# JFrog Container Registry Helm Chart - -Universal Repository Manager supporting all major packaging formats, build tools and CI servers. - -## Chart Details -This chart will do the following: - -* Deploy JFrog Container Registry -* Deploy an optional Nginx server -* Optionally expose Artifactory with Ingress [Ingress documentation](https://kubernetes.io/docs/concepts/services-networking/ingress/) - - -## Useful links -Blog: [Herd Trust Into Your Rancher Labs Multi-Cloud Strategy with Artifactory](https://jfrog.com/blog/herd-trust-into-your-rancher-labs-multi-cloud-strategy-with-artifactory/) - -## Activate Your Artifactory Instance -Don't have a license? Please send an email to [rancher-jfrog-licenses@jfrog.com](mailto:rancher-jfrog-licenses@jfrog.com) to get it. - diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/.helmignore b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/.helmignore deleted file mode 100755 index c7eb1e274..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -OWNERS \ No newline at end of file diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/CHANGELOG.md b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/CHANGELOG.md deleted file mode 100755 index 9a35fa0e6..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/CHANGELOG.md +++ /dev/null @@ -1,905 +0,0 @@ -# JFrog Artifactory Chart Changelog -All changes to this chart will be documented in this file. - -## [11.7.4] - Jan 04, 2020 -* Fixed gid support for statefulset - -## [11.7.3] - Dec 31, 2020 -* Added gid support for statefulset -* Add setSecurityContext flag to allow securityContext block to be removed from artifactory statefulset - -## [11.7.2] - Dec 29, 2020 -* **Important:** Removed `.Values.metrics` and `.Values.fluentd` (Fluentd and Prometheus integrations) -* Add support for creating additional kubernetes resources - [refer here](https://github.com/jfrog/log-analytics-prometheus/blob/master/artifactory-values.yaml) -* Updated Artifactory version to 7.12.5 - -## [11.7.1] - Dec 21, 2020 -* Updated Artifactory version to 7.12.3 - -## [11.7.0] - Dec 18, 2020 -* Updated Artifactory version to 7.12.2 -* Added `.Values.artifactory.openMetrics.enabled` - -## [11.6.1] - Dec 11, 2020 -* Added configurable `.Values.global.versions.artifactory` in values.yaml - -## [11.6.0] - Dec 10, 2020 -* Update postgresql tag version to `12.5.0-debian-10-r25` -* Fixed `artifactory.persistence.googleStorage.endpoint` from `storage.googleapis.com` to `commondatastorage.googleapis.com` -* Updated chart maintainers email - -## [11.5.5] - Dec 4, 2020 -* **Important:** Renamed `.Values.systemYaml` to `.Values.systemYamlOverride` - -## [11.5.4] - Dec 1, 2020 -* Improve error message returned when attempting helm upgrade command - -## [11.5.3] - Nov 30, 2020 -* Updated Artifactory version to 7.11.5 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.11) - -## [11.5.2] - Nov 23, 2020 -* Updated Artifactory version to 7.11.2 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.11) -* Updated port namings on services and pods to allow for istio protocol discovery -* Change semverCompare checks to support hosted Kubernetes -* Add flag to disable creation of ServiceMonitor when enabling prometheus metrics -* Prevent the PostHook command to be executed if the user did not specify a command in the values file -* Fix issue with tls file generation when nginx.https.enabled is false - -## [11.5.1] - Nov 19, 2020 -* Updated Artifactory version to 7.11.2 -* Bugfix - access.config.import.xml override Access Federation configurations - -## [11.5.0] - Nov 17, 2020 -* Updated Artifactory version to 7.11.1 -* Update alpine tag version to `3.12.1` - -## [11.4.6] - Nov 10, 2020 -* Pass system.yaml via external secret for advanced usecases -* Added support for custom ingress -* Bugfix - stateful set not picking up changes to database secrets - -## [11.4.5] - Nov 9, 2020 -* Updated Artifactory version to 7.10.6 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.10.6) - -## [11.4.4] - Nov 2, 2020 -* Add enablePathStyleAccess property for aws-s3-v3 binary provider template - -## [11.4.3] - Nov 2, 2020 -* Updated Artifactory version to 7.10.5 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.10.5) - -## [11.4.2] - Oct 22, 2020 -* Chown bug fix where Linux capability cannot chown all files causing log line warnings -* Fix Frontend timeout linting issue - -## [11.4.1] - Oct 20, 2020 -* Add flag to disable prepare-custom-persistent-volume init container - -## [11.4.0] - Oct 19, 2020 -* Updated Artifactory version to 7.10.2 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.10.2) - -## [11.3.2] - Oct 15, 2020 -* Add support to specify priorityClassName for nginx deployment - -## [11.3.1] - Oct 9, 2020 -* Add support for customInitContainersBegin - -## [11.3.0] - Oct 7, 2020 -* Updated Artifactory version to 7.9.1 -* **Breaking change:** Fix `storageClass` to correct `storageClassName` in values.yaml - -## [11.2.0] - Oct 5, 2020 -* Expose Prometheus metrics via a ServiceMonitor -* Parse log files for metric data with Fluentd - -## [11.1.0] - Sep 30, 2020 -* Updated Artifactory version to 7.9.0 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.9) -* Added support for resources in init container - -## [11.0.11] - Sep 25, 2020 -* Update to use linux capability CAP_CHOWN instead of root base init container to avoid any use of root containers to pass Redhat security requirements - -## [11.0.10] - Sep 28, 2020 -* Setting chart coordinates in migitation yaml - -## [11.0.9] - Sep 25, 2020 -* Update filebeat version to `7.9.2` - -## [11.0.8] - Sep 24, 2020 -* Fixed broken issue - when setting `waitForDatabase: false` container startup still waits for DB - -## [11.0.7] - Sep 22, 2020 -* Readme updates - -## [11.0.6] - Sep 22, 2020 -* Fix lint issue in migitation yaml - -## [11.0.5] - Sep 22, 2020 -* Fix broken migitation yaml - -## [11.0.4] - Sep 21, 2020 -* Added mitigation yaml for Artifactory - [More info](https://github.com/jfrog/chartcenter/blob/master/docs/securitymitigationspec.md) - -## [11.0.3] - Sep 17, 2020 -* Added configurable session(UI) timeout in frontend microservice - -## [11.0.2] - Sep 17, 2020 -* Added proper required text to be shown while postgres upgrades - -## [11.0.1] - Sep 14, 2020 -* Updated Artifactory version to 7.7.8 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.7.8) - -## [11.0.0] - Sep 2, 2020 -* **Breaking change:** Changed `imagePullSecrets`values from string to list. -* **Breaking change:** Added `image.registry` and changed `image.version` to `image.tag` for docker images -* Added support for global values -* Updated maintainers in chart.yaml -* Update postgresql tag version to `12.3.0-debian-10-r71` -* Update postgresql chart version to `9.3.4` in requirements.yaml - [9.x Upgrade Notes](https://github.com/bitnami/charts/tree/master/bitnami/postgresql#900) -* **IMPORTANT** -* If this is a new deployment or you already use an external database (`postgresql.enabled=false`), these changes **do not affect you**! -* If this is an upgrade and you are using the default PostgreSQL (`postgresql.enabled=true`), you need to pass previous 9.x/10.x's postgresql.image.tag and databaseUpgradeReady=true - -## [10.1.0] - Aug 13, 2020 -* Updated Artifactory version to 7.7.3 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.7) - -## [10.0.15] - Aug 10, 2020 -* Added enableSignedUrlRedirect for persistent storage type aws-s3-v3. - -## [10.0.14] - Jul 31, 2020 -* Update the README section on Nginx SSL termination to reflect the actual YAML structure. - -## [10.0.13] - Jul 30, 2020 -* Added condition to disable the migration scripts. - -## [10.0.12] - Jul 28, 2020 -* Document Artifactory node affinity. - -## [10.0.11] - Jul 28, 2020 -* Added maxConnections for persistent storage type aws-s3-v3. - -## [10.0.10] - Jul 28, 2020 -* Bugfix / support for userPluginSecrets with Artifactory 7 - -## [10.0.9] - Jul 27, 2020 -* Add tpl to external database secrets -* Modified `scheme` to `artifactory.scheme` - -## [10.0.8] - Jul 23, 2020 -* Added condition to disable the migration init container. - -## [10.0.7] - Jul 21, 2020 -* Updated Artifactory Chart to add node and primary labels to pods and service objects. - -## [10.0.6] - Jul 20, 2020 -* Support custom CA and certificates - -## [10.0.5] - Jul 13, 2020 -* Updated Artifactory version to 7.6.3 - https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.6.3 -* Fixed Mysql database jar path in `preStartCommand` in README - -## [10.0.4] - Jul 10, 2020 -* Move some postgresql values to where they should be according to the subchart - -## [10.0.3] - Jul 8, 2020 -* Set Artifactory access client connections to the same value as the access threads - -## [10.0.2] - Jul 6, 2020 -* Updated Artifactory version to 7.6.2 -* **IMPORTANT** -* Added ChartCenter Helm repository in README - -## [10.0.1] - Jul 01, 2020 -* Add dedicated ingress object for Replicator service when enabled - -## [10.0.0] - Jun 30, 2020 -* Update postgresql tag version to `10.13.0-debian-10-r38` -* Update alpine tag version to `3.12` -* Update busybox tag version to `1.31.1` -* **IMPORTANT** -* If this is a new deployment or you already use an external database (`postgresql.enabled=false`), these changes **do not affect you**! -* If this is an upgrade and you are using the default PostgreSQL (`postgresql.enabled=true`), you need to pass postgresql.image.tag=9.6.18-debian-10-r7 and databaseUpgradeReady=true - -## [9.6.0] - Jun 29, 2020 -* Updated Artifactory version to 7.6.1 - https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.6.1 -* Add tpl for external database secrets - -## [9.5.5] - Jun 25, 2020 -* Stop loading the Nginx stream module because it is now a core module - -## [9.5.4] - Jun 25, 2020 -* Notes.txt update - add --namespace parameter - -## [9.5.3] - Jun 11, 2020 -* Support list of custom secrets - -## [9.5.2] - Jun 12, 2020 -* Updated Artifactory version to 7.5.7 - https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.5.7 - -## [9.5.1] - Jun 8, 2020 -* Readme update - configuring Artifactory with oracledb - -## [9.5.0] - Jun 1, 2020 -* Updated Artifactory version to 7.5.5 - https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.5 -* Fixes bootstrap configMap permission issue -* Update postgresql tag version to `9.6.18-debian-10-r7` - -## [9.4.9] - May 27, 2020 -* Added Tomcat maxThreads & acceptCount - -## [9.4.8] - May 25, 2020 -* Fixed postgresql README `image` Parameters - -## [9.4.7] - May 24, 2020 -* Fixed typo in README regarding migration timeout - -## [9.4.6] - May 19, 2020 -* Added metadata maxOpenConnections - -## [9.4.5] - May 07, 2020 -* Fix `installerInfo` string format - -## [9.4.4] - Apr 27, 2020 -* Updated Artifactory version to 7.4.3 - -## [9.4.3] - Apr 26, 2020 -* Change order of the customInitContainers to run before the "migration-artifactory" initContainer. - -## [9.4.2] - Apr 24, 2020 -* Fix `artifactory.persistence.awsS3V3.useInstanceCredentials` incorrect conditional logic -* Bump postgresql tag version to `9.6.17-debian-10-r72` in values.yaml - -## [9.4.1] - Apr 16, 2020 -* Custom volumes in migration init container. - -## [9.4.0] - Apr 14, 2020 -* Updated Artifactory version to 7.4.1 - -## [9.3.1] - April 13, 2020 -* Update README with helm v3 commands - -## [9.3.0] - April 10, 2020 -* Use dependency charts from `https://charts.bitnami.com/bitnami` -* Bump postgresql chart version to `8.7.3` in requirements.yaml -* Bump postgresql tag version to `9.6.17-debian-10-r21` in values.yaml - -## [9.2.9] - Apr 8, 2020 -* Added recommended ingress annotation to avoid 413 errors - -## [9.2.8] - Apr 8, 2020 -* Moved migration scripts under `files` directory -* Support preStartCommand in migration Init container as `artifactory.migration.preStartCommand` - -## [9.2.7] - Apr 6, 2020 -* Fix cache size (should be 5gb instead of 50gb since volume claim is only 20gb). - -## [9.2.6] - Apr 1, 2020 -* Support masterKey and joinKey as secrets - -## [9.2.5] - Apr 1, 2020 -* Fix readme use to `-hex 32` instead of `-hex 16` - -## [9.2.4] - Mar 31, 2020 -* Change the way the artifactory `command:` is set so it will properly pass a SIGTERM to java - -## [9.2.3] - Mar 29, 2020 -* Add Nginx log options: stderr as logfile and log level - -## [9.2.2] - Mar 30, 2020 -* Use the same defaulting mechanism used for the artifactory version used elsewhere in the chart - -## [9.2.1] - Mar 29, 2020 -* Fix loggers sidecars configurations to support new file system layout and new log names - -## [9.2.0] - Mar 29, 2020 -* Fix broken admin user bootstrap configuration -* **Breaking change:** renamed `artifactory.accessAdmin` to `artifactory.admin` - -## [9.1.5] - Mar 26, 2020 -* Fix volumeClaimTemplate issue - -## [9.1.4] - Mar 25, 2020 -* Fix volume name used by filebeat container - -## [9.1.3] - Mar 24, 2020 -* Use `postgresqlExtendedConf` for setting custom PostgreSQL configuration (instead of `postgresqlConfiguration`) - -## [9.1.2] - Mar 22, 2020 -* Support for SSL offload in Nginx service(LoadBalancer) layer. Introduced `nginx.service.ssloffload` field with boolean type. - -## [9.1.1] - Mar 23, 2020 -* Moved installer info to values.yaml so it is fully customizable - -## [9.1.0] - Mar 23, 2020 -* Updated Artifactory version to 7.3.2 - -## [9.0.29] - Mar 20, 2020 -* Add support for masterKey trim during 6.x to 7.x migration if 6.x masterKey is 32 hex (64 characters) - -## [9.0.28] - Mar 18, 2020 -* Increased Nginx proxy_buffers size - -## [9.0.27] - Mar 17, 2020 -* Changed all single quotes to double quotes in values files -* useInstanceCredentials variable was declared in S3 settings but not used in chart. Now it is being used. - -## [9.0.26] - Mar 17, 2020 -* Fix rendering of Service Account annotations - -## [9.0.25] - Mar 16, 2020 -* Update Artifactory readme with extra ingress annotations needed for Artifactory to be set as SSO provider - -## [9.0.24] - Mar 16, 2020 -* Add Unsupported message from 6.18 to 7.2.x (migration) - -## [9.0.23] - Mar 12, 2020 -* Fix README.md rendering issue - -## [9.0.22] - Mar 11, 2020 -* Upgrade Docs update - -## [9.0.21] - Mar 11, 2020 -* Unified charts public release - -## [9.0.20] - Mar 6, 2020 -* Fix path to `/artifactory_bootstrap` -* Add support for controlling the name of the ingress and allow to set more than one cname - -## [9.0.19] - Mar 4, 2020 -* Add support for disabling `consoleLog` in `system.yaml` file - -## [9.0.18] - Feb 28, 2020 -* Add support to process `valueFrom` for extraEnvironmentVariables - -## [9.0.17] - Feb 26, 2020 -* Fix join key secret naming - -## [9.0.16] - Feb 26, 2020 -* Store join key to secret - -## [9.0.15] - Feb 26, 2020 -* Updated Artifactory version to 7.2.1 - -## [9.0.10] - Feb 07, 2020 -* Remove protection flag `databaseUpgradeReady` which was added to check internal postgres upgrade - -## [9.0.0] - Feb 07, 2020 -* Updated Artifactory version to 7.0.0 - -## [8.4.8] - Feb 13, 2020 -* Add support for SSH authentication to Artifactory - -## [8.4.7] - Feb 11, 2020 -* Change Artifactory service port name to be hard-coded to `http` instead of using `{{ .Release.Name }}` - -## [8.4.6] - Feb 9, 2020 -* Add support for `tpl` in the `postStartCommand` - -## [8.4.5] - Feb 4, 2020 -* Support customisable Nginx kind - -## [8.4.4] - Feb 2, 2020 -* Add a comment stating that it is recommended to use an external PostgreSQL with a static password for production installations - -## [8.4.3] - Jan 30, 2020 -* Add the option to configure resources for the logger containers - -## [8.4.2] - Jan 26, 2020 -* Improve `database.user` and `database.password` logic in order to support more use cases and make the configuration less repetitive - -## [8.4.1] - Jan 19, 2020 -* Fix replicator port config in nginx replicator configmap - -## [8.4.0] - Jan 19, 2020 -* Updated Artifactory version to 6.17.0 - -## [8.3.6] - Jan 16, 2020 -* Added example for external nginx-ingress - -## [8.3.5] - Dec 30, 2019 -* Fix for nginx probes failing when launched with http disabled - -## [8.3.4] - Dec 24, 2019 -* Better support for custom `artifactory.internalPort` - -## [8.3.3] - Dec 23, 2019 -* Mark empty map values with `{}` - -## [8.3.2] - Dec 16, 2019 -* Fix for toggling nginx service ports - -## [8.3.1] - Dec 12, 2019 -* Add support for toggling nginx service ports - -## [8.3.0] - Dec 1, 2019 -* Updated Artifactory version to 6.16.0 - -## [8.2.6] - Nov 28, 2019 -* Add support for using existing PriorityClass - -## [8.2.5] - Nov 27, 2019 -* Add support for PriorityClass - -## [8.2.4] - Nov 21, 2019 -* Add an option to use a file system cache-fs with the file-system binarystore template - -## [8.2.3] - Nov 20, 2019 -* Update Artifactory Readme - -## [8.2.2] - Nov 20, 2019 -* Update Artfactory logo - -## [8.2.1] - Nov 18, 2019 -* Add the option to provide service account annotations (in order to support stuff like https://docs.aws.amazon.com/eks/latest/userguide/specify-service-account-role.html) - -## [8.2.0] - Nov 18, 2019 -* Updated Artifactory version to 6.15.0 - -## [8.1.11] - Nov 17, 2019 -* Do not provide a default master key. Allow it to be auto generated by Artifactory on first startup - -## [8.1.10] - Nov 17, 2019 -* Fix creation of double slash in nginx artifactory configuration - -## [8.1.9] - Nov 14, 2019 -* Set explicit `postgresql.postgresqlPassword=""` to avoid helm v3 error - -## [8.1.8] - Nov 12, 2019 -* Updated Artifactory version to 6.14.1 - -## [8.1.7] - Nov 9, 2019 -* Additional documentation for masterKey - -## [8.1.6] - Nov 10, 2019 -* Update PostgreSQL chart version to 7.0.1 -* Use formal PostgreSQL configuration format - -## [8.1.5] - Nov 8, 2019 -* Add support `artifactory.service.loadBalancerSourceRanges` for whitelisting when setting `artifactory.service.type=LoadBalancer` - -## [8.1.4] - Nov 6, 2019 -* Add support for any type of environment variable by using `extraEnvironmentVariables` as-is - -## [8.1.3] - Nov 6, 2019 -* Add nodeselector support for Postgresql - -## [8.1.2] - Nov 5, 2019 -* Add support for the aws-s3-v3 filestore, which adds support for pod IAM roles - -## [8.1.1] - Nov 4, 2019 -* When using `copyOnEveryStartup`, make sure that the target base directories are created before copying the files - -## [8.1.0] - Nov 3, 2019 -* Updated Artifactory version to 6.14.0 - -## [8.0.1] - Nov 3, 2019 -* Make sure the artifactory pod exits when one of the pre-start stages fail - -## [8.0.0] - Oct 27, 2019 -**IMPORTANT - BREAKING CHANGES!**
-**DOWNTIME MIGHT BE REQUIRED FOR AN UPGRADE!** -* If this is a new deployment or you already use an external database (`postgresql.enabled=false`), these changes **do not affect you**! -* If this is an upgrade and you are using the default PostgreSQL (`postgresql.enabled=true`), must use the upgrade instructions in [UPGRADE_NOTES.md](UPGRADE_NOTES.md)! -* PostgreSQL sub chart was upgraded to version `6.5.x`. This version is **not backward compatible** with the old version (`0.9.5`)! -* Note the following **PostgreSQL** Helm chart changes - * The chart configuration has changed! See [values.yaml](values.yaml) for the new keys used - * **PostgreSQL** is deployed as a StatefulSet - * See [PostgreSQL helm chart](https://hub.helm.sh/charts/stable/postgresql) for all available configurations - -## [7.18.3] - Oct 24, 2019 -* Change the preStartCommand to support templating - -## [7.18.2] - Oct 21, 2019 -* Add support for setting `artifactory.labels` -* Add support for setting `nginx.labels` - -## [7.18.1] - Oct 10, 2019 -* Updated Artifactory version to 6.13.1 - -## [7.18.0] - Oct 7, 2019 -* Updated Artifactory version to 6.13.0 - -## [7.17.5] - Sep 24, 2019 -* Option to skip wait-for-db init container with '--set waitForDatabase=false' - -## [7.17.4] - Sep 11, 2019 -* Updated Artifactory version to 6.12.2 - -## [7.17.3] - Sep 9, 2019 -* Updated Artifactory version to 6.12.1 - -## [7.17.2] - Aug 22, 2019 -* Fix the nginx server_name directive used with ingress.hosts - -## [7.17.1] - Aug 21, 2019 -* Enable the Artifactory container's liveness and readiness probes - -## [7.17.0] - Aug 21, 2019 -* Updated Artifactory version to 6.12.0 - -## [7.16.11] - Aug 14, 2019 -* Updated Artifactory version to 6.11.6 - -## [7.16.10] - Aug 11, 2019 -* Fix Ingress routing and add an example - -## [7.16.9] - Aug 5, 2019 -* Do not mount `access/etc/bootstrap.creds` unless user specifies a custom password or secret (Access already generates a random password if not provided one) -* If custom `bootstrap.creds` is provided (using keys or custom secret), prepare it with an init container so the temp file does not persist - -## [7.16.8] - Aug 4, 2019 -* Improve binarystore config - 1. Convert to a secret - 2. Move config to values.yaml - 3. Support an external secret - -## [7.16.7] - Jul 29, 2019 -* Don't create the nginx configmaps when nginx.enabled is false - -## [7.16.6] - Jul 24, 2019 -* Simplify nginx setup and shorten initial wait for probes - -## [7.16.5] - Jul 22, 2019 -* Change Ingress API to be compatible with recent kubernetes versions - -## [7.16.4] - Jul 22, 2019 -* Updated Artifactory version to 6.11.3 - -## [7.16.3] - Jul 11, 2019 -* Add ingress.hosts to the Nginx server_name directive when ingress is enabled to help with Docker repository sub domain configuration - -## [7.16.2] - Jul 3, 2019 -* Fix values key in reverse proxy example - -## [7.16.1] - Jul 1, 2019 -* Updated Artifactory version to 6.11.1 - -## [7.16.0] - Jun 27, 2019 -* Update Artifactory version to 6.11 and add restart to Artifactory when bootstrap.creds file has been modified - -## [7.15.8] - Jun 27, 2019 -* Add the option for changing nginx config using values.yaml and remove outdated reverse proxy documentation - -## [7.15.6] - Jun 24, 2019 -* Update chart maintainers - -## [7.15.5] - Jun 24, 2019 -* Change Nginx to point to the artifactory externalPort - -## [7.15.4] - Jun 23, 2019 -* Add the option to provide an IP for the access-admin endpoints - -## [7.15.3] - Jun 23, 2019 -* Add values files for small, medium and large installations - -## [7.15.2] - Jun 20, 2019 -* Add missing terminationGracePeriodSeconds to values.yaml - -## [7.15.1] - Jun 19, 2019 -* Updated Artifactory version to 6.10.4 - -## [7.15.0] - Jun 17, 2019 -* Use configmaps for nginx configuration and remove nginx postStart command - -## [7.14.8] - Jun 18, 2019 -* Add the option to provide additional ingress rules - -## [7.14.7] - Jun 14, 2019 -* Updated readme with improved external database setup example - -## [7.14.6] - Jun 11, 2019 -* Updated Artifactory version to 6.10.3 -* Updated installer-info template - -## [7.14.5] - Jun 6, 2019 -* Updated Google Cloud Storage API URL and https settings - -## [7.14.4] - Jun 5, 2019 -* Delete the db.properties file on Artifactory startup - -## [7.14.3] - Jun 3, 2019 -* Updated Artifactory version to 6.10.2 - -## [7.14.2] - May 21, 2019 -* Updated Artifactory version to 6.10.1 - -## [7.14.1] - May 19, 2019 -* Fix missing logger image tag - -## [7.14.0] - May 7, 2019 -* Updated Artifactory version to 6.10.0 - -## [7.13.21] - May 5, 2019 -* Add support for setting `artifactory.async.corePoolSize` - -## [7.13.20] - May 2, 2019 -* Remove unused property `artifactory.releasebundle.feature.enabled` - -## [7.13.19] - May 1, 2019 -* Fix indentation issue with the replicator system property - -## [7.13.18] - Apr 30, 2019 -* Add support for JMX monitoring - -## [7.13.17] - Apr 25, 2019 -* Added support for `cacheProviderDir` - -## [7.13.16] - Apr 18, 2019 -* Changing API StatefulSet version to `v1` and permission fix for custom `artifactory.conf` for Nginx - -## [7.13.15] - Apr 16, 2019 -* Updated documentation for Reverse Proxy Configuration - -## [7.13.14] - Apr 15, 2019 -* Added support for `customVolumeMounts` - -## [7.13.13] - Aprl 12, 2019 -* Added support for `bucketExists` flag for googleStorage - -## [7.13.12] - Apr 11, 2019 -* Replace `curl` examples with `wget` due to the new base image - -## [7.13.11] - Aprl 07, 2019 -* Add support for providing the Artifactory license as a parameter - -## [7.13.10] - Apr 10, 2019 -* Updated Artifactory version to 6.9.1 - -## [7.13.9] - Aprl 04, 2019 -* Add support for templated extraEnvironmentVariables - -## [7.13.8] - Aprl 07, 2019 -* Change network policy API group - -## [7.13.7] - Aprl 04, 2019 -* Bugfix for userPluginSecrets - -## [7.13.6] - Apr 4, 2019 -* Add information about upgrading Artifactory with auto-generated postgres password - -## [7.13.5] - Aprl 03, 2019 -* Added installer info - -## [7.13.4] - Aprl 03, 2019 -* Allow secret names for user plugins to contain template language - -## [7.13.3] - Apr 02, 2019 -* Allow NetworkPolicy configurations (defaults to allow all) - -## [7.13.2] - Aprl 01, 2019 -* Add support for user plugin secret - -## [7.13.1] - Mar 27, 2019 -* Add the option to copy a list of files to ARTIFACTORY_HOME on startup - -## [7.13.0] - Mar 26, 2019 -* Updated Artifactory version to 6.9.0 - -## [7.12.18] - Mar 25, 2019 -* Add CI tests for persistence, ingress support and nginx - -## [7.12.17] - Mar 22, 2019 -* Add the option to change the default access-admin password - -## [7.12.16] - Mar 22, 2019 -* Added support for `.Probe.path` to customise the paths used for health probes - -## [7.12.15] - Mar 21, 2019 -* Added support for `artifactory.customSidecarContainers` to create custom sidecar containers -* Added support for `artifactory.customVolumes` to create custom volumes - -## [7.12.14] - Mar 21, 2019 -* Make ingress path configurable - -## [7.12.13] - Mar 19, 2019 -* Move the copy of bootstrap config from postStart to preStart - -## [7.12.12] - Mar 19, 2019 -* Fix existingClaim example - -## [7.12.11] - Mar 18, 2019 -* Add information about nginx persistence - -## [7.12.10] - Mar 15, 2019 -* Wait for nginx configuration file before using it - -## [7.12.9] - Mar 15, 2019 -* Revert securityContext changes since they were causing issues - -## [7.12.8] - Mar 15, 2019 -* Fix issue #247 (init container failing to run) - -## [7.12.7] - Mar 14, 2019 -* Updated Artifactory version to 6.8.7 -* Add support for Artifactory-CE for C++ - -## [7.12.6] - Mar 13, 2019 -* Move securityContext to container level - -## [7.12.5] - Mar 11, 2019 -* Updated Artifactory version to 6.8.6 - -## [7.12.4] - Mar 8, 2019 -* Fix existingClaim option - -## [7.12.3] - Mar 5, 2019 -* Updated Artifactory version to 6.8.4 - -## [7.12.2] - Mar 4, 2019 -* Add support for catalina logs sidecars - -## [7.12.1] - Feb 27, 2019 -* Updated Artifactory version to 6.8.3 - -## [7.12.0] - Feb 25, 2019 -* Add nginx support for tail sidecars - -## [7.11.1] - Feb 20, 2019 -* Added support for enterprise storage - -## [7.10.2] - Feb 19, 2019 -* Updated Artifactory version to 6.8.2 - -## [7.10.1] - Feb 17, 2019 -* Updated Artifactory version to 6.8.1 -* Add example of `SERVER_XML_EXTRA_CONNECTOR` usage - -## [7.10.0] - Feb 15, 2019 -* Updated Artifactory version to 6.8.0 - -## [7.9.6] - Feb 13, 2019 -* Updated Artifactory version to 6.7.3 - -## [7.9.5] - Feb 12, 2019 -* Add support for tail sidecars to view logs from k8s api - -## [7.9.4] - Feb 6, 2019 -* Fix support for customizing statefulset `terminationGracePeriodSeconds` - -## [7.9.3] - Feb 5, 2019 -* Add instructions on how to deploy Artifactory with embedded Derby database - -## [7.9.2] - Feb 5, 2019 -* Add support for customizing statefulset `terminationGracePeriodSeconds` - -## [7.9.1] - Feb 3, 2019 -* Updated Artifactory version to 6.7.2 - -## [7.9.0] - Jan 23, 2019 -* Updated Artifactory version to 6.7.0 - -## [7.8.9] - Jan 22, 2019 -* Added support for `artifactory.customInitContainers` to create custom init containers - -## [7.8.8] - Jan 17, 2019 -* Added support of values ingress.labels - -## [7.8.7] - Jan 16, 2019 -* Mount replicator.yaml (config) directly to /replicator_extra_conf - -## [7.8.6] - Jan 13, 2019 -* Fix documentation about nginx group id - -## [7.8.5] - Jan 13, 2019 -* Updated Artifactory version to 6.6.5 - -## [7.8.4] - Jan 8, 2019 -* Make artifactory.replicator.publicUrl required when the replicator is enabled - -## [7.8.3] - Jan 1, 2019 -* Updated Artifactory version to 6.6.3 -* Add support for `artifactory.extraEnvironmentVariables` to pass more environment variables to Artifactory - -## [7.8.2] - Dec 28, 2018 -* Fix location `replicator.yaml` is copied to - -## [7.8.1] - Dec 27, 2018 -* Updated Artifactory version to 6.6.1 - -## [7.8.0] - Dec 20, 2018 -* Updated Artifactory version to 6.6.0 - -## [7.7.13] - Dec 17, 2018 -* Updated Artifactory version to 6.5.13 - -## [7.7.12] - Dec 12, 2018 -* Fix documentation about Artifactory license setup using secret - -## [7.7.11] - Dec 10, 2018 -* Fix issue when using existing claim - -## [7.7.10] - Dec 5, 2018 -* Remove Distribution certificates creation. - -## [7.7.9] - Nov 30, 2018 -* Updated Artifactory version to 6.5.9 - -## [7.7.8] - Nov 29, 2018 -* Updated postgresql version to 9.6.11 - -## [7.7.7] - Nov 27, 2018 -* Updated Artifactory version to 6.5.8 - -## [7.7.6] - Nov 19, 2018 -* Added support for configMap to use custom Reverse Proxy Configuration with Nginx - -## [7.7.5] - Nov 14, 2018 -* Fix location of `nodeSelector`, `affinity` and `tolerations` - -## [7.7.4] - Nov 14, 2018 -* Updated Artifactory version to 6.5.3 - -## [7.7.3] - Nov 12, 2018 -* Support artifactory.preStartCommand for running command before entrypoint starts - -## [7.7.2] - Nov 7, 2018 -* Support database.url parameter (DB_URL) - -## [7.7.1] - Oct 29, 2018 -* Change probes port to 8040 (so they will not be blocked when all tomcat threads on 8081 are exhausted) - -## [7.7.0] - Oct 28, 2018 -* Update postgresql chart to version 0.9.5 to be able and use `postgresConfig` options - -## [7.6.8] - Oct 23, 2018 -* Fix providing external secret for database credentials - -## [7.6.7] - Oct 23, 2018 -* Allow user to configure externalTrafficPolicy for Loadbalancer - -## [7.6.6] - Oct 22, 2018 -* Updated ingress annotation support (with examples) to support docker registry v2 - -## [7.6.5] - Oct 21, 2018 -* Updated Artifactory version to 6.5.2 - -## [7.6.4] - Oct 19, 2018 -* Allow providing pre-existing secret containing master key -* Allow arbitrary annotations on primary and member node pods -* Enforce size limits when using local storage with `emptyDir` -* Allow providing pre-existing secrets containing external database credentials - -## [7.6.3] - Oct 18, 2018 -* Updated Artifactory version to 6.5.1 - -## [7.6.2] - Oct 17, 2018 -* Add Apache 2.0 license - -## [7.6.1] - Oct 11, 2018 -* Supports master-key in the secrets and stateful-set -* Allows ingress default `backend` to be enabled or disabled (defaults to enabled) - -## [7.6.0] - Oct 11, 2018 -* Updated Artifactory version to 6.5.0 - -## [7.5.4] - Oct 9, 2018 -* Quote ingress hosts to support wildcard names - -## [7.5.3] - Oct 4, 2018 -* Add PostgreSQL resources template - -## [7.5.2] - Oct 2, 2018 -* Add `helm repo add jfrog https://charts.jfrog.io` to README - -## [7.5.1] - Oct 2, 2018 -* Set Artifactory to 6.4.1 - -## [7.5.0] - Sep 27, 2018 -* Set Artifactory to 6.4.0 - -## [7.4.3] - Sep 26, 2018 -* Add ci/test-values.yaml - -## [7.4.2] - Sep 2, 2018 -* Updated Artifactory version to 6.3.2 -* Removed unused PVC - -## [7.4.0] - Aug 22, 2018 -* Added support to run as non root -* Updated Artifactory version to 6.2.0 - -## [7.3.0] - Aug 22, 2018 -* Enabled RBAC Support -* Added support for PostStartCommand (To download Database JDBC connector) -* Increased postgresql max_connections -* Added support for `nginx.conf` ConfigMap -* Updated Artifactory version to 6.1.0 diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/Chart.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/Chart.yaml deleted file mode 100755 index 884564cc9..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/Chart.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -appVersion: 7.12.5 -description: Universal Repository Manager supporting all major packaging formats, build tools and CI servers. -home: https://www.jfrog.com/artifactory/ -icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory/logo/artifactory-logo.png -keywords: -- artifactory -- jfrog -- devops -maintainers: -- email: installers@jfrog.com - name: Chart Maintainers at JFrog -name: artifactory -sources: -- https://bintray.com/jfrog/product/JFrog-Artifactory-Pro/view -- https://github.com/jfrog/charts -version: 11.7.4 diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/LICENSE b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/LICENSE deleted file mode 100755 index 8dada3eda..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/LICENSE +++ /dev/null @@ -1,201 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "{}" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright {yyyy} {name of copyright owner} - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/README.md b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/README.md deleted file mode 100755 index 9c7551c92..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/README.md +++ /dev/null @@ -1,1151 +0,0 @@ -# JFrog Artifactory Helm Chart - -**Heads up: Our Helm Chart docs are moving to our main documentation site. For Artifactory installers, see [Installing Artifactory](https://www.jfrog.com/confluence/display/JFROG/Installing+Artifactory).** - -## Prerequisites Details - -* Kubernetes 1.12+ -* Artifactory Pro trial license [get one from here](https://www.jfrog.com/artifactory/free-trial/) - -## Chart Details -This chart will do the following: - -* Deploy Artifactory-Pro/Artifactory-Edge (or OSS/CE if custom image is set) -* Deploy a PostgreSQL database using the stable/postgresql chart (can be changed) **NOTE:** For production grade installations it is recommended to use an external PostgreSQL. -* Deploy an optional Nginx server -* Optionally expose Artifactory with Ingress [Ingress documentation](https://kubernetes.io/docs/concepts/services-networking/ingress/) - -## Installing the Chart - -### Add ChartCenter Helm repository - -Before installing JFrog helm charts, you need to add the [ChartCenter helm repository](https://chartcenter.io) to your helm client - -```bash -helm repo add center https://repo.chartcenter.io -helm repo update -``` - -### Install Chart -To install the chart with the release name `artifactory`: -```bash -helm upgrade --install artifactory --namespace artifactory center/jfrog/artifactory -``` - -### System Configuration -Artifactory uses a common system configuration file - `system.yaml`. See [official documentation](https://www.jfrog.com/confluence/display/JFROG/System+YAML+Configuration+File) on its usage. -In order to override the default `system.yaml` configuration, do the following: -```bash -artifactory: - systemYaml: | - -``` - -### Deploying Artifactory with embedded Derby database -By default, this chart deploys Artifactory with PostgreSQL (running in a separate pod). -It's possible to deploy Artifactory without PostgreSQL (or any other external database), which will default to the embedded [Derby database](https://db.apache.org/derby/). -```bash -# Disable the default postgresql -helm upgrade --install artifactory --set postgresql.enabled=false --namespace artifactory center/jfrog/artifactory -``` -Artifactory will start with it's embedded Derby database. - -### Accessing Artifactory -**NOTE:** It might take a few minutes for Artifactory's public IP to become available. -Follow the instructions outputted by the install command to get the Artifactory IP to access it. - -### Updating Artifactory -Once you have a new chart version, you can update your deployment with -```bash -helm upgrade artifactory --namespace artifactory center/jfrog/artifactory -``` - -If artifactory was installed without providing a value to postgresql.postgresqlPassword (a password was autogenerated), follow these instructions: -1. Get the current password by running: -```bash -POSTGRES_PASSWORD=$(kubectl get secret -n -postgresql -o jsonpath="{.data.postgresql-password}" | base64 --decode) -``` -2. Upgrade the release by passing the previously auto-generated secret: -```bash -helm upgrade center/jfrog/artifactory --set postgresql.postgresqlPassword=${POSTGRES_PASSWORD} --namespace -``` - -This will apply any configuration changes on your existing deployment. - -### Special Upgrade Notes -#### Artifactory upgrade from 6.x to 7.x (App Version) -Arifactory 6.x to 7.x upgrade requires a one time migration process. This is done automatically on pod startup if needed. -It's possible to configure the migration timeout with the following configuration in extreme cases. The provided default should be more than enough for completion of the migration. -```yaml -artifactory: - # Migration support from 6.x to 7.x - migration: - enabled: true - timeoutSeconds: 3600 -``` -* Note: If you are upgrading from 8.x to 11.x and above chart versions, please delete the existing statefulset of postgresql before upgrading the chart due to breaking changes in postgresql subchart. -```bash -kubectl delete statefulsets -postgresql -``` - -### Artifactory memory and CPU resources -The Artifactory Helm chart comes with support for configured resource requests and limits to Artifactory, Nginx and PostgreSQL. By default, these settings are commented out. -It is **highly** recommended to set these so you have full control of the allocated resources and limits. -Artifactory java memory parameters can (and should) also be set to match the allocated resources with `artifactory.javaOpts.xms` and `artifactory.javaOpts.xmx`. -```bash -# Example of setting resource requests and limits to all pods (including passing java memory settings to Artifactory) -helm upgrade --install artifactory \ - --set artifactory.resources.requests.cpu="500m" \ - --set artifactory.resources.limits.cpu="2" \ - --set artifactory.resources.requests.memory="1Gi" \ - --set artifactory.resources.limits.memory="4Gi" \ - --set artifactory.javaOpts.xms="1g" \ - --set artifactory.javaOpts.xmx="4g" \ - --set nginx.resources.requests.cpu="100m" \ - --set nginx.resources.limits.cpu="250m" \ - --set nginx.resources.requests.memory="250Mi" \ - --set nginx.resources.limits.memory="500Mi" \ - --namespace artifactory center/jfrog/artifactory -``` -Get more details on configuring Artifactory in the [official documentation](https://www.jfrog.com/confluence/). - -Although it is possible to set resources limits and requests this way, it is recommended to use the pre-built values files -for small, medium and large installation and change them according to your needs (if necessary), as described [here](#Deploying-Artifactory-for-small/medium/large-installations) - -### Deploying Artifactory for small/medium/large installations -In the chart directory, we have added three values files, one for each installation type - small/medium/large. These values files are recommendations for setting resources requests and limits for your installation. The values are derived from the following [documentation](https://www.jfrog.com/confluence/display/EP/Installing+on+Kubernetes#InstallingonKubernetes-Systemrequirements). You can find them in the corresponding chart directory - values-small.yaml, values-medium.yaml and values-large.yaml - - -### Artifactory storage -When using an enterprise license. Artifactory supports a wide range of storage back ends. You can see more details on [Artifactory Filestore options](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore) - -In this chart, you set the type of storage you want with `artifactory.persistence.type` and pass the required configuration settings. -The default storage in this chart is the `file-system` replication, where the data is replicated to all nodes. - -#### NFS -To use an NFS server as your cluster's storage, you need to -- Setup an NFS server. Get its IP as `NFS_IP` -- Create a `data` and `backup` directories on the NFS exported directory with write permissions to all -- Pass NFS parameters to `helm install` and `helm upgrade` -```bash -... ---set artifactory.persistence.type=nfs \ ---set artifactory.persistence.nfs.ip=${NFS_IP} \ -... -``` - -#### Using a network file system with the file-system persistence type -In some cases, it is not possible for the helm chart to set up your NFS mounts automatically for Artiactory. -In such cases, such as using AWS EFS, you will use the `artifactory.persistnece.type=file-system` even though your underlying persistence is actually a network file system. -The same thing applies when using a slow storage device (such as cheap disks) as your main storage solution for Artifactory. -This means that serving highly used files from the network file system/slow storage can take time, -and that's why you would want a cache filesystem that's stored locally on disk (fast disks like SSD). - -This is how you would configure it: -Create a values file with the following content: -1. Set up your volume mount to your fast storage device -```yaml -artifactory: - ## Set up your volume mount to your fast storage device - customVolumes: | - - name: my-cache-fast-storage - persistentVolumeClaim: - claimName: my-cache-fast-storage-pvc - ## Enable caching and configure the cache directory - customVolumeMounts: | - - name: my-cache-fast-storage - mountPath: /my-fast-cache-mount - ## Install the helm chart with the values file you created - persistence: - cacheProviderDir: /my-fast-cache-mount - fileSystem: - cache: - enabled: true - -``` -2. Install Artifactory with the values file you created: -```bash -helm upgrade --install artifactory center/jfrog/artifactory --namespace artifactory -f values.yaml -``` - -#### Google Storage -To use a Google Storage bucket as the cluster's filestore. See [Google Storage Binary Provider](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore#ConfiguringtheFilestore-GoogleStorageBinaryProvider) -- Pass Google Storage parameters to `helm install` and `helm upgrade` -```bash -... ---set artifactory.persistence.type=google-storage \ ---set artifactory.persistence.googleStorage.identity=${GCP_ID} \ ---set artifactory.persistence.googleStorage.credential=${GCP_KEY} \ -... -``` - -#### AWS S3 -**NOTE** Keep in mind that when using the `aws-s3` persistence type, you will not be able to provide an IAM on the pod level. -In order to grant permissions to Artifactory using an IAM role, you will have to attach the said IAM role to the machine(s) on which Artifactory is running. -This is due to the fact that the `aws-s3` template uses the `JetS3t` library to interact with AWS. If you want to grant an IAM role at the pod level, see the `AWS S3 Vs` section. - -To use an AWS S3 bucket as the cluster's filestore. See [S3 Binary Provider](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore#ConfiguringtheFilestore-S3BinaryProvider) -- Pass AWS S3 parameters to `helm install` and `helm upgrade` -```bash -... -# With explicit credentials: ---set artifactory.persistence.type=aws-s3 \ ---set artifactory.persistence.awsS3.endpoint=${AWS_S3_ENDPOINT} \ ---set artifactory.persistence.awsS3.region=${AWS_REGION} \ ---set artifactory.persistence.awsS3.identity=${AWS_ACCESS_KEY_ID} \ ---set artifactory.persistence.awsS3.credential=${AWS_SECRET_ACCESS_KEY} \ -... - -... -# With using existing IAM role ---set artifactory.persistence.type=aws-s3 \ ---set artifactory.persistence.awsS3.endpoint=${AWS_S3_ENDPOINT} \ ---set artifactory.persistence.awsS3.region=${AWS_REGION} \ ---set artifactory.persistence.awsS3.roleName=${AWS_ROLE_NAME} \ -... -``` -**NOTE:** Make sure S3 `endpoint` and `region` match. See [AWS documentation on endpoint](https://docs.aws.amazon.com/general/latest/gr/rande.html) - -#### AWS S3 V3 -To use an AWS S3 bucket as the cluster's filestore and access it with the official AWS SDK, See [S3 Official SDK Binary Provider](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore#ConfiguringtheFilestore-AmazonS3OfficialSDKTemplate). -This filestore template uses the official AWS SDK, unlike th`aws-s3` implementation that uses the `JetS3t` library. -Use this template if you want to attach an IAM role to the Artifactory pod directly (as opposed to attaching it to the machine/s that Artifactory will run on). - -**NOTE** This will have to be combined with a k8s mechanism for attaching IAM roles to pods, like [kube2iam](https://github.com/helm/charts/tree/master/stable/kube2iam) or anything similar. - -- Pass AWS S3 V3 parameters and the annotation pointing to the IAM role (when using an IAM role. this is kube2iam specific and may vary depending on the implementation) to `helm install` and `helm upgrade` - -```bash -# With explicit credentials: ---set artifactory.persistence.type=aws-s3-v3 \ ---set artifactory.persistence.awsS3V3.region=${AWS_REGION} \ ---set artifactory.persistence.awsS3V3.bucketName=${AWS_S3_BUCKET_NAME} \ ---set artifactory.persistence.awsS3V3.identity=${AWS_ACCESS_KEY_ID} \ ---set artifactory.persistence.awsS3V3.credential=${AWS_SECRET_ACCESS_KEY} \ -... -``` - -```bash -# With using existing IAM role ---set artifactory.persistence.type=aws-s3-v3 \ ---set artifactory.persistence.awsS3V3.region=${AWS_REGION} \ ---set artifactory.persistence.awsS3V3.bucketName=${AWS_S3_BUCKET_NAME} \ ---set artifactory.annotations.'iam\.amazonaws\.com/role'=${AWS_IAM_ROLE_ARN} -... -``` - -To enable [Direct Cloud Storage Download](https://www.jfrog.com/confluence/display/JFROG/Direct+Cloud+Storage+Download#DirectCloudStorageDownload-1.ConfiguretheArtifactoryFilestore) -```bash -... ---set artifactory.persistence.awsS3V3.enableSignedUrlRedirect=true \ -... -``` - -#### Microsoft Azure Blob Storage -To use Azure Blob Storage as the cluster's filestore. See [Azure Blob Storage Binary Provider](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore#ConfiguringtheFilestore-AzureBlobStorageClusterBinaryProvider) -- Pass Azure Blob Storage parameters to `helm install` and `helm upgrade` -```bash -... ---set artifactory.persistence.type=azure-blob \ ---set artifactory.persistence.azureBlob.accountName=${AZURE_ACCOUNT_NAME} \ ---set artifactory.persistence.azureBlob.accountKey=${AZURE_ACCOUNT_KEY} \ ---set artifactory.persistence.azureBlob.endpoint=${AZURE_ENDPOINT} \ ---set artifactory.persistence.azureBlob.containerName=${AZURE_CONTAINER_NAME} \ -... -``` - -* To use a persistent volume claim as cache dir together with Azure Blob Storage, additionally pass the following parameters to `helm install` and `helm upgrade` (make sure `mountPath` and `cacheProviderDir` point to the same location) -```bash -... ---set artifactory.persistence.existingClaim=${YOUR_CLAIM} \ ---set artifactory.persistence.mountPath=/opt/cache-dir \ ---set artifactory.persistence.cacheProviderDir=/opt/cache-dir \ -... -``` - -#### Custom binarystore.xml -You have an option to provide a custom [binarystore.xml](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore).
-There are two options for this - -1. Editing directly in [values.yaml](values.yaml) -```yaml -artifactory: - persistence: - binarystoreXml: | - - - - - -``` - -2. Create your own [Secret](https://kubernetes.io/docs/concepts/configuration/secret/) and pass it to your `helm install` command -```yaml -# Prepare your custom Secret file (custom-binarystore.yaml) -kind: Secret -apiVersion: v1 -metadata: - name: custom-binarystore - labels: - app: artifactory - chart: artifactory -stringData: - binarystore.xml: |- - - - - -``` - -```bash -# Create a secret from the file -kubectl apply -n artifactory -f ./custom-binarystore.yaml - -# Pass it to your helm install command: -helm upgrade --install artifactory --namespace artifactory --set artifactory.persistence.customBinarystoreXmlSecret=custom-binarystore center/jfrog/artifactory -``` - -### Create a unique Master Key -Artifactory requires a unique master key. By default the chart has one set in values.yaml (`artifactory.masterKey`). - -**For production grade installations it is strongly recommended to use a custom master key. If you initially use the default master key it will be very hard to change the master key at a later stage** -**This key is for demo purpose and should not be used in a production environment!** - -You should generate a unique one and pass it to the template at install/upgrade time. -```bash -# Create a key -export MASTER_KEY=$(openssl rand -hex 32) -echo ${MASTER_KEY} - -# Pass the created master key to helm -helm upgrade --install artifactory --set artifactory.masterKey=${MASTER_KEY} --namespace artifactory center/jfrog/artifactory -``` - -Alternatively, you can create a secret containing the master key manually and pass it to the template at install/upgrade time. -```bash -# Create a key -export MASTER_KEY=$(openssl rand -hex 32) -echo ${MASTER_KEY} - -# Create a secret containing the key. The key in the secret must be named master-key -kubectl create secret generic my-secret --from-literal=master-key=${MASTER_KEY} - -# Pass the created secret to helm -helm upgrade --install artifactory --set artifactory.masterKeySecretName=my-secret --namespace artifactory center/jfrog/artifactory -``` -**NOTE:** In either case, make sure to pass the same master key on all future calls to `helm install` and `helm upgrade`! In the first case, this means always passing `--set artifactory.masterKey=${MASTER_KEY}`. In the second, this means always passing `--set artifactory.masterKeySecretName=my-secret` and ensuring the contents of the secret remain unchanged. - -### Special Upgrade Notes -### MasterKey during 6.x to 7.x Migration (App version) - -**NOTE:** 6.x only supports masterKey with 16 hex (32 characters) and if you have set masterKey using `openssl rand -hex 32` (64 characters) in 6.x, only the first 32 characters are used and rest are ignored. Hence, during 6.x to 7.x migration, we trim first 32 characters and set masterkey, which implies 7.x still uses the trimmed masterkey of 6.x. Hence, `artifactory.masterKey` should not be passed during migration from 6.x to 7.x. - -### Create a unique Join Key -Artifactory requires a unique join key. By default the chart has one set in values.yaml (`artifactory.joinKey`). - -**This key is for demo purpose and should not be used in a production environment!** - -You should generate a unique key and pass it to the template at install/upgrade time. -```bash -# Create a key -export JOIN_KEY=$(openssl rand -hex 32) -echo ${JOIN_KEY} - -# Pass the created join key to helm -helm upgrade --install artifactory --set artifactory.joinKey=${JOIN_KEY} --namespace artifactory center/jfrog/artifactory -``` - -Alternatively, you can create a secret containing the join key manually and pass it to the template at install/upgrade time. -```bash -# Create a key -export JOIN_KEY=$(openssl rand -hex 32) -echo ${JOIN_KEY} - -# Create a secret containing the key. The key in the secret must be named join-key -kubectl create secret generic my-secret --from-literal=join-key=${JOIN_KEY} - -# Pass the created secret to helm -helm upgrade --install artifactory --set artifactory.joinKeySecretName=my-secret --namespace artifactory center/jfrog/artifactory -``` -**NOTE:** In either case, make sure to pass the same join key on all future calls to `helm install` and `helm upgrade`! This means always passing `--set artifactory.joinKey=${JOIN_KEY}`. In the second, this means always passing `--set artifactory.joinKeySecretName=my-secret` and ensuring the contents of the secret remain unchanged. - -### Customizing Database password -You can override the specified database password (set in [values.yaml](values.yaml)), by passing it as a parameter in the install command line -```bash -helm upgrade --install artifactory --namespace artifactory --set postgresql.postgresqlPassword=12_hX34qwerQ2 center/jfrog/artifactory -``` - -You can customise other parameters in the same way, by passing them on `helm install` command line. - -### Deleting Artifactory - -On helm v2: -```bash -helm delete --purge artifactory -``` - -On helm v3: -```bash -helm delete artifactory --namespace artifactory -``` -This will completely delete your Artifactory Pro deployment. -**IMPORTANT:** This will also delete your data volumes. You will lose all data! - -### Kubernetes Secret for Artifactory License -##### Use an existing secret -You can deploy the Artifactory license as a [Kubernetes secret](https://kubernetes.io/docs/concepts/configuration/secret/). -Prepare a text file with the license written in it and create a Kubernetes secret from it. -```bash -# Create the Kubernetes secret (assuming the local license file is 'art.lic') -kubectl create secret generic artifactory-license --from-file=./art.lic - -# Pass the license to helm -helm upgrade --install artifactory --set artifactory.license.secret=artifactory-license,artifactory.license.dataKey=art.lic --namespace artifactory center/jfrog/artifactory -``` -**NOTE:** This method is relevant for initial deployment only! Once Artifactory is deployed, you should not keep passing these parameters as the license is already persisted into Artifactory's storage (they will be ignored). -Updating the license should be done via Artifactory UI or REST API. -If you want to keep managing the artifactory license using the same method, you can use the copyOnEveryStartup example shown in the values.yaml file - -##### Create the secret as part of the helm release -values.yaml -```yaml -artifactory: - license: - licenseKey: |- - -``` - -```bash -helm upgrade --install artifactory -f values.yaml --namespace artifactory center/jfrog/artifactory -``` -**NOTE:** This method is relevant for initial deployment only! Once Artifactory is deployed, you should not keep passing these parameters as the license is already persisted into Artifactory's storage (they will be ignored). -Updating the license should be done via Artifactory UI or REST API. -If you want to keep managing the artifactory license using the same method, you can use the copyOnEveryStartup example shown in the values.yaml file - - -### copyOnEveryStartup feature -Files stored in the `/artifactory-extra-conf` directory are only copied to the `ARTIFACTORY_HOME/etc` directory upon the first startup. -In some cases, you want your configuration files to be copied to the `ARTIFACTORY_HOME/etc` directory on every startup. -Two examples for that would be: - -1. the binarstore.xml file. If you use the default behaviour, your binarystore.xml configuration will only be copied on the first startup, -which means that changes you make over time to the `binaryStoreXml` configuration will not be applied. In order to make sure your changes are applied on every startup, do the following: -Create a values file with the following values: -```yaml -artifactory: - copyOnEveryStartup: - - source: /artifactory_bootstrap/binarystore.xml - target: etc/artifactory/ -``` - -Install the helm chart with the values file you created: -```bash -helm upgrade --install artifactory --namespace artifactory center/jfrog/artifactory -f values.yaml -``` - -2. Any custom configuration file you have to configure artifactory, such as `logback.xml`: -Create a config map with your `logback.xml` configuration. - -Create a values file with the following values: -```yaml -artifactory: - ## Create a volume pointing to the config map with your configuration file - customVolumes: | - - name: logback-xml-configmap - configMap: - name: logback-xml-configmap - customVolumeMounts: | - - name: logback-xml-configmap - mountPath: /tmp/artifactory-logback/ - copyOnEveryStartup: - - source: /tmp/artifactory-logback/* - target: etc/ -``` - -Install the helm chart with the values file you created: -```bash -helm upgrade --install artifactory --namespace artifactory center/jfrog/artifactory -f values.yaml -``` - -### Configure NetworkPolicy - -NetworkPolicy specifies what ingress and egress is allowed in this namespace. It is encouraged to be more specific whenever possible to increase security of the system. - -In the `networkpolicy` section of values.yaml you can specify a list of NetworkPolicy objects. - -For podSelector, ingress and egress, if nothing is provided then a default `- {}` is applied which is to allow everything. - -A full (but very wide open) example that results in 2 NetworkPolicy objects being created: -```yaml -networkpolicy: - # Allows all ingress and egress to/from artifactory. - - name: artifactory - podSelector: - matchLabels: - app: artifactory - egress: - - {} - ingress: - - {} - # Allows connectivity from artifactory pods to postgresql pods, but no traffic leaving postgresql pod. - - name: postgres - podSelector: - matchLabels: - app: postgresql - ingress: - - from: - - podSelector: - matchLabels: - app: artifactory -``` -### Artifactory JMX Configuration -** You can see some information about the exposed MBeans here - https://www.jfrog.com/confluence/display/RTF/Artifactory+JMX+MBeans - -Enable JMX in your deployment: -```bash -helm upgrade --install artifactory \ - --set artifactory.javaOpts.jmx.enabled=true \ - --namespace artifactory center/jfrog/artifactory -``` -This will enable access to Artifactory with JMX on the default port (9010). -** You have the option to change the port by setting ```artifactory.javaOpts.jmx.port``` to your choice of port - -In order to connect to Artifactory using JMX with jconsole (or any similar tool) installed on your computer, follow the following steps: -1. Enable JMX as described above and Change the Artifactory service to be of type LoadBalancer: -```bash -helm upgrade --install artifactory \ - --set artifactory.javaOpts.jmx.enabled=true \ - --set artifactory.service.type=LoadBalancer \ - --namespace artifactory center/jfrog/artifactory - -``` -2. The default setting for java.rmi.server.hostname is the service name (this is also configurable with ```artifactory.javaOpts.jmx.host```). -So in order to connect to Artifactory with jconsole you should map the Artifactory kuberentes service IP to the service name using your hosts file as such: -``` - artifactory- -``` -3. Launch jconsole with the service address and port: -```bash -jconsole artifactory-: -``` - -### Bootstrapping Artifactory admin password -You can bootstrap the `admin` user password as described in the [bootstrap Artifactory admin credentials](https://www.jfrog.com/confluence/display/JFROG/Users+and+Groups#UsersandGroups-RecreatingtheDefaultAdminUserrecreate) guide. - -1. Create `admin-creds-values.yaml` and provide the IP (By default 127.0.0.1) and password: -```yaml -artifactory: - admin: - ip: "" # Example: "*" to allow access from anywhere - username: "admin" - password: "" -``` - -2. Apply the `admin-creds-values.yaml` file: -```bash -helm upgrade --install artifactory --namespace artifactory center/jfrog/artifactory -f admin-creds-values.yaml -``` - -3. Restart Artifactory Pod (`Kubectl delete pod `) - -### Bootstrapping Artifactory configuration -**IMPORTANT:** Bootstrapping Artifactory needs license. Pass license as shown in above section. - -* User guide to [bootstrap Artifactory Global Configuration](https://www.jfrog.com/confluence/display/RTF/Configuration+Files#ConfigurationFiles-BootstrappingtheGlobalConfiguration) -* User guide to [bootstrap Artifactory Security Configuration](https://www.jfrog.com/confluence/display/RTF/Configuration+Files#ConfigurationFiles-BootstrappingtheSecurityConfiguration) - -1. Create `bootstrap-config.yaml` with artifactory.config.import.xml and security.import.xml as shown below: -```yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: my-release-bootstrap-config -data: - artifactory.config.import.xml: | - - security.import.xml: | - -``` - -2. Create configMap in Kubernetes: -```bash -kubectl apply -f bootstrap-config.yaml -``` -3. Pass the configMap to helm -```bash -helm upgrade --install artifactory --set artifactory.license.secret=artifactory-license,artifactory.license.dataKey=art.lic,artifactory.configMapName=my-release-bootstrap-config --namespace artifactory center/jfrog/artifactory -``` -OR -```bash -helm upgrade --install artifactory --set artifactory.license.licenseKey=,artifactory.configMapName=my-release-bootstrap-config --namespace artifactory center/jfrog/artifactory -``` - -### Use custom nginx.conf with Nginx - -Steps to create configMap with nginx.conf -* Create `nginx.conf` file. -```bash -kubectl create configmap nginx-config --from-file=nginx.conf -``` -* Pass configMap to helm install -```bash -helm upgrade --install artifactory --set nginx.customConfigMap=nginx-config --namespace artifactory center/jfrog/artifactory -``` - -### Use an external Database - -**For production grade installations it is recommended to use an external PostgreSQL with a static password** - -#### PostgreSQL -There are cases where you will want to use an external PostgreSQL with a different database name e.g. `my-artifactory-db`, then you need set a custom PostgreSQL connection URL, where `my-artifactory-db` is the name of the database. - -This can be done with the following parameters -```bash -... ---set postgresql.enabled=false \ ---set database.type=postgresql \ ---set database.driver=org.postgresql.Driver \ ---set database.url='jdbc:postgresql://${DB_HOST}:${DB_PORT}/my-artifactory-db' \ ---set database.user=${DB_USER} \ ---set database.password=${DB_PASSWORD} \ -... -``` -**NOTE:** You must set `postgresql.enabled=false` in order for the chart to use the `database.*` parameters. Without it, they will be ignored! - -#### Other DB type -There are cases where you will want to use a different database and not the enclosed **PostgreSQL**. -See more details on [configuring the database](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Database) -> The official Artifactory Docker images include the PostgreSQL database driver. -> For other database types, you will have to add the relevant database driver to Artifactory's tomcat/lib - -This can be done with the following parameters -```bash -# Make sure your Artifactory Docker image has the MySQL database driver in it -... ---set postgresql.enabled=false \ ---set artifactory.preStartCommand="mkdir -p /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib; cd /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib && wget -O /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib/mysql-connector-java-5.1.41.jar https://jcenter.bintray.com/mysql/mysql-connector-java/5.1.41/mysql-connector-java-5.1.41.jar" \ ---set database.type=mysql \ ---set database.driver=com.mysql.jdbc.Driver \ ---set database.url=${DB_URL} \ ---set database.user=${DB_USER} \ ---set database.password=${DB_PASSWORD} \ -... -``` -**NOTE:** You must set `postgresql.enabled=false` in order for the chart to use the `database.*` parameters. Without it, they will be ignored! -##### Configuring Artifactory with external Oracle database -To use artifactory with oracledb the required instant client library files, libaio has to be copied to tomcat lib. Also set LD_LIBRARY_PATH env variable. -1. Create a value file with the configuration -```yaml -postgresql: - enabled: false -database: - type: oracle - driver: oracle.jdbc.OracleDriver - url: - user: - password: -artifactory: - preStartCommand: "mkdir -p /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib; cd /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib && wget -O instantclient-basic-linux.x64-19.6.0.0.0dbru.zip https://download.oracle.com/otn_software/linux/instantclient/19600/instantclient-basic-linux.x64-19.6.0.0.0dbru.zip && unzip -jn instantclient-basic-linux.x64-19.6.0.0.0dbru.zip && wget -O libaio1_0.3.110-3_amd64.deb http://ftp.br.debian.org/debian/pool/main/liba/libaio/libaio1_0.3.110-3_amd64.deb && dpkg-deb -x libaio1_0.3.110-3_amd64.deb . && cp lib/x86_64-linux-gnu/* ." - extraEnvironmentVariables: - - name: LD_LIBRARY_PATH - value: /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib -``` -2. Install Artifactory with the values file you created: -```bash -helm upgrade --install artifactory center/jfrog/artifactory --namespace artifactory -f values-oracle.yaml -``` -**NOTE:** If its an upgrade from 6.x to 7.x, add same `preStartCommand` under `artifactory.migration.preStartCommand` - -#### Using pre-existing Kubernetes Secret -If you store your database credentials in a pre-existing Kubernetes `Secret`, you can specify them via `database.secrets` instead of `database.user` and `database.password`: -```bash -# Create a secret containing the database credentials -kubectl create secret generic my-secret --from-literal=user=${DB_USER} --from-literal=password=${DB_PASSWORD} -... ---set postgresql.enabled=false \ ---set database.secrets.user.name=my-secret \ ---set database.secrets.user.key=user \ ---set database.secrets.password.name=my-secret \ ---set database.secrets.password.key=password \ ---set database.secrets.url.name=my-secret \ ---set database.secrets.url.key=url \ -... -``` - -### Deleting Artifactory -To delete the Artifactory. - -On helm v2: -```bash -helm delete --purge artifactory -``` - -On helm v3: -```bash -helm delete artifactory --namespace artifactory -``` -This will completely delete your Artifactory HA cluster. - -### Custom Docker registry for your images -If you need to pull your Docker images from a private registry, you need to create a -[Kubernetes Docker registry secret](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/) and pass it to helm -```bash -# Create a Docker registry secret called 'regsecret' -kubectl create secret docker-registry regsecret --docker-server= --docker-username= --docker-password= --docker-email= -``` -Once created, you pass it to `helm` -```bash -helm upgrade --install artifactory --set imagePullSecrets=regsecret --namespace artifactory center/jfrog/artifactory -``` - -### Logger sidecars -This chart provides the option to add sidecars to tail various logs from Artifactory. See the available values in [values.yaml](values.yaml) - -Get list of containers in the pod -```bash -kubectl get pods -n -o jsonpath='{.spec.containers[*].name}' | tr ' ' '\n' -``` - -View specific log -```bash -kubectl logs -n -c -``` - -### Custom init containers -There are cases where a special, unsupported init processes is needed like checking something on the file system or testing something before spinning up the main container. - -For this, there is a section for writing a custom init container in the [values.yaml](values.yaml). By default it's commented out -```yaml -artifactory: - ## Add custom init containers - customInitContainers: | - ## Init containers template goes here ## -``` - -### Custom sidecar containers -There are cases where an extra sidecar container is needed. For example monitoring agents or log collection. - -For this, there is a section for writing a custom sidecar container in the [values.yaml](values.yaml). By default it's commented out -```yaml -artifactory: - ## Add custom sidecar containers - customSidecarContainers: | - ## Sidecar containers template goes here ## -``` - -### Custom volumes -If you need to use a custom volume in a custom init or sidecar container, you can use this option. - -For this, there is a section for defining custom volumes in the [values.yaml](values.yaml). By default it's commented out -```yaml -artifactory: - ## Add custom volumes - customVolumes: | - ## Custom volume comes here ## -``` - -### Custom secrets -If you need to add a custom secret in a custom init or sidecar container, you can use this option. - -For this, there is a section for defining custom secrets in the [values.yaml](values.yaml). By default it's commented out -```yaml -artifactory: - # Add custom secrets - secret per file - customSecrets: - - name: custom-secret - key: custom-secret.yaml - data: > - secret data -``` - -To use a custom secret, need to define a custom volume. -```yaml -artifactory: - ## Add custom volumes - customVolumes: | - - name: custom-secret - secret: - secretName: custom-secret -``` - -To use a volume, need to define a volume mount as part of a custom init or sidecar container. -```yaml -artifactory: - customSidecarContainers: - - name: side-car-container - volumeMounts: - - name: custom-secret - mountPath: /opt/custom-secret.yaml - subPath: custom-secret.yaml - readOnly: true -``` - -You can configure the sidecar to run as a custom user if needed by setting the following in the container template -```yaml - # Example of running container as root (id 0) - securityContext: - runAsUser: 0 - fsGroup: 0 -``` - -### Add Artifactory User Plugin during installation -If you need to add [Artifactory User Plugin](https://github.com/jfrog/artifactory-user-plugins), you can use this option. - -Create a secret with [Artifactory User Plugin](https://github.com/jfrog/artifactory-user-plugins) by following command: -```bash -# Secret with single user plugin -kubectl create secret generic archive-old-artifacts --from-file=archiveOldArtifacts.groovy --namespace=artifactory - -# Secret with single user plugin with configuration file -kubectl create secret generic webhook --from-file=webhook.groovy --from-file=webhook.config.json.sample --namespace=artifactory -``` - -Add plugin secret names to `plugins.yaml` as following: -```yaml -artifactory: - userPluginSecrets: - - archive-old-artifacts - - webhook -``` - -You can now pass the created `plugins.yaml` file to helm install command to deploy Artifactory with user plugins as follows: -```bash -helm upgrade --install artifactory -f plugins.yaml --namespace artifactory center/jfrog/artifactory -``` - -Alternatively, you may be in a situation in which you would like to create a secret in a Helm chart that depends on this chart. In this scenario, the name of the secret is likely dynamically generated via template functions, so passing a statically named secret isn't possible. In this case, the chart supports evaluating strings as templates via the [`tpl`](https://helm.sh/docs/charts_tips_and_tricks/#using-the-tpl-function) function - simply pass the raw string containing the templating language used to name your secret as a value instead by adding the following to your chart's `values.yaml` file: -```yaml -artifactory: # Name of the artifactory dependency - artifactory: - userPluginSecrets: - - '{{ template "my-chart.fullname" . }}' -``` -For additional information, please refer [here](https://www.jfrog.com/confluence/display/JFROG/User+Plugins). - -### Provide custom configMaps to Artifactory -If you want to mount a custom file to Artifactory, either an init shell script or a custom configuration file (such as `logback.xml`), you can use this option. - -Create a `configmaps.yaml` file with the following content: -```yaml -artifactory: - configMaps: | - logback.xml: | - - - - - %date [%-5level] \(%-20c{3}:%L\) %message%n - - - - - - - - - - - - - - - my-custom-post-start-hook.sh: | - echo "This is my custom post start hook" - - customVolumeMounts: | - - name: artifactory-configmaps - mountPath: /tmp/my-config-map - - postStartCommand: | - chmod +x /tmp/my-config-map/my-custom-post-start-hook.sh; - /tmp/my-config-map/my-custom-post-start-hook.sh; - - copyOnEveryStartup: - - source: /tmp/my-config-map/logback.xml - target: etc/ - -``` - -and use it with you helm install/upgrade: -```bash -helm upgrade --install artifactory -f configmaps.yaml --namespace artifactory center/jfrog/artifactory -``` - -This will, in turn: -* create a configMap with the files you specified above -* create a volume pointing to the configMap with the name `artifactory-configmaps` -* Mount said configMap onto `/tmp/my-config-map` using a `customVolumeMounts` -* Set the shell script we mounted as the `postStartCommand` -* Copy the `logback.xml` file to its proper location in the `$ARTIFACTORY_HOME/etc` directory. - -### Establishing TLS and Adding certificates -In HTTPS, the communication protocol is encrypted using Transport Layer Security (TLS). By default, TLS between JFrog Platform nodes is disabled. -When TLS is enabled, JFrog Access acts as the Certificate Authority (CA) signs the TLS certificates used by all the different JFrog Platform nodes. - -To establish TLS between JFrog Platform nodes: -Enable TLS by changing the tls entry (under the security section) in the access.config.yaml file. For more info, Please refer [here](https://www.jfrog.com/confluence/display/JFROG/Managing+TLS+Certificates#ManagingTLSCertificates) - -To enable tls in charts, set `tls` to true under `access` in [values.yaml](values.yaml). By default it's false -```yaml -access: - accessConfig: - security: - tls: true -``` - -To add custom tls certificates, create a tls secret from the certificate files. - -```bash -kubectl create secret tls --cert=ca.crt --key=ca.private.key -``` - -For resetting access certificates , you can set `resetAccessCAKeys` to true under access section in [values.yaml](values.yaml) and perform an helm upgrade. -* Note : Once helm upgrade is done, set `resetAccessCAKeys` to false for subsequent upgrades (to avoid resetting access certificates on every helm upgrade) -```yaml -access: - accessConfig: - security: - tls: true - customCertificatesSecretName: - resetAccessCAKeys: true -``` - -### Artifactory filebeat -If you want to collect logs from your Artifactory installation and send them to a central log collection solution like ELK, you can use this option. - -Create a `filebeat.yaml` values file with the following content: -```yaml -filebeat: - enabled: true - logstashUrl: - resources: - requests: - memory: "100Mi" - cpu: "100m" - limits: - memory: "100Mi" - cpu: "100m" -``` - -You can optionally customize the `filebeat.yaml` to send output to a different location like so: -```yaml -filebeat: - enabled: true - filebeatYml: | - -``` - -and use it with you helm install/upgrade: -```bash -helm upgrade --install artifactory -f filebeat.yaml --namespace artifactory center/jfrog/artifactory -``` - -### Install Artifactory with Nginx and Terminate SSL in Nginx Service(LoadBalancer). -To install the helm chart with performing SSL offload in the LoadBalancer layer of Nginx -For Ex: Using AWS ACM certificates to do SSL offload in the loadbalancer layer. -In order to do that, simply add the following to a `artifactory-ssl-values.yaml` file: -```yaml - nginx: - https: - enabled: false - service: - ssloffload: true - annotations: - service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:xx-xxxx:xxxxxxxx:certificate/xxxxxxxxxxxxx" - service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http" - service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https" -``` - -and use it with you helm install/upgrade: -```bash -helm upgrade --install artifactory -f artifactory-ssl-values.yaml --namespace artifactory center/jfrog/artifactory -``` - -### Ingress and TLS -To get Helm to create an ingress object with a hostname, add these below lines to `artifactory-ingress-values.yaml` file -```yaml - ingress: - enabled: true - hosts: - - artifactory.company.com - artifactory: - service: - type: NodePort - nginx - enabled: false -``` - -and use it with you helm install/upgrade: -```bash -helm upgrade --install artifactory -f artifactory-ingress-values.yaml --namespace artifactory center/jfrog/artifactory -``` - -If your cluster allows automatic creation/retrieval of TLS certificates (e.g. [cert-manager](https://github.com/jetstack/cert-manager)), please refer to the documentation for that mechanism. - -To manually configure TLS, first create/retrieve a key & certificate pair for the address(es) you wish to protect. Then create a TLS secret in the namespace: - -```bash -kubectl create secret tls artifactory-tls --cert=path/to/tls.cert --key=path/to/tls.key -``` - -Include the secret's name, along with the desired hostnames, in the Artifactory Ingress TLS section of your custom `values.yaml` file: - -```yaml - ingress: - ## If true, Artifactory Ingress will be created - ## - enabled: true - - ## Artifactory Ingress hostnames - ## Must be provided if Ingress is enabled - ## - hosts: - - artifactory.domain.com - annotations: - kubernetes.io/tls-acme: "true" - ## Artifactory Ingress TLS configuration - ## Secrets must be manually created in the namespace - ## - tls: - - secretName: artifactory-tls - hosts: - - artifactory.domain.com -``` - -### Ingress annotations - -This example specifically enables Artifactory to work as a Docker Registry using the Repository Path method. See [Artifactory as Docker Registry](https://www.jfrog.com/confluence/display/RTF/Getting+Started+with+Artifactory+as+a+Docker+Registry) documentation for more information about this setup. - -```yaml -ingress: - enabled: true - defaultBackend: - enabled: false - hosts: - - myhost.example.com - annotations: - ingress.kubernetes.io/force-ssl-redirect: "true" - ingress.kubernetes.io/proxy-body-size: "0" - ingress.kubernetes.io/proxy-read-timeout: "600" - ingress.kubernetes.io/proxy-send-timeout: "600" - kubernetes.io/ingress.class: nginx - nginx.ingress.kubernetes.io/configuration-snippet: | - rewrite ^/(v2)/token /artifactory/api/docker/null/v2/token; - rewrite ^/(v2)/([^\/]*)/(.*) /artifactory/api/docker/$2/$1/$3; - nginx.ingress.kubernetes.io/proxy-body-size: "0" - tls: - - hosts: - - "myhost.example.com" -``` - -If you're using Artifactory as SSO provider (e.g. with xray), you will need to have the following annotations, and change with your domain: -```yaml -.. - annotations: - kubernetes.io/ingress.class: nginx - nginx.ingress.kubernetes.io/configuration-snippet: | - proxy_pass_header Server; - proxy_set_header X-JFrog-Override-Base-Url https://; -``` - -### Ingress additional rules - -You have the option to add additional ingress rules to the Artifactory ingress. An example for this use case can be routing the /xray path to Xray. -In order to do that, simply add the following to a `artifactory-values.yaml` file: -```yaml -ingress: - enabled: true - - defaultBackend: - enabled: false - - annotations: - kubernetes.io/ingress.class: nginx - nginx.ingress.kubernetes.io/configuration-snippet: | - rewrite "(?i)/xray(/|$)(.*)" /$2 break; - - additionalRules: | - - host: - http: - paths: - - path: / - backend: - serviceName: - servicePort: - - path: /xray - backend: - serviceName: - servicePort: - - path: /artifactory - backend: - serviceName: {{ template "artifactory.nginx.fullname" . }} - servicePort: {{ .Values.nginx.externalPortHttp }} -``` - -and running: -```bash -helm upgrade --install xray center/jfrog/artifactory -f artifactory-values.yaml -``` - -### Dedicated Ingress object for replicator service - -You have the option to add additional ingress object to the Replicator service. An example for this use case can be routing the /replicator/ path to Artifactory. -In order to do that, simply add the following to a `artifactory-values.yaml` file: - -```yaml -artifactory: - replicator: - enabled: true - ingress: - name: - hosts: - - myhost.example.com - annotations: - kubernetes.io/ingress.class: nginx - nginx.ingress.kubernetes.io/proxy-buffering: "off" - nginx.ingress.kubernetes.io/configuration-snippet: | - chunked_transfer_encoding on; - tls: - - hosts: - - "myhost.example.com" - secretName: -``` - -### Ingress behind another load balancer -If you are running a load balancer, that is used to offload the TLS, in front of Nginx Ingress Controller, or if you are setting **X-Forwarded-*** headers, you might want to enable **'use-forwarded-headers=true'** option. Otherwise nginx will be filling those headers with the request information it receives from the external load balancer. - -To enable it with `helm install` -```bash -helm upgrade --install nginx-ingress --namespace nginx-ingress center/kubernetes-ingress-nginx/ingress-nginx --set-string controller.config.use-forwarded-headers=true -``` -or `helm upgrade` -```bash -helm upgrade nginx-ingress --set-string controller.config.use-forwarded-headers=true center/kubernetes-ingress-nginx/ingress-nginx -``` -or create a values.yaml file with the following content: -```yaml -controller: - config: - use-forwarded-headers: "true" -``` -Then install nginx-ingress with the values file you created: -```bash -helm upgrade --install nginx-ingress --namespace nginx-ingress center/kubernetes-ingress-nginx/ingress-nginx -f values.yaml -``` -This will start sending your Artifactory logs to the log aggregator of your choice, based on your configuration in the `filebeatYml` - -### Log Analytics - -#### FluentD, Prometheus and Grafana - -To configure Prometheus and Grafana to gather metrics from Artifactory through the use of FluentD, please refer to the log analytics repo: - -https://github.com/jfrog/log-analytics-prometheus - -That repo contains a file `artifactory-values.yaml` that can be used to deploy Prometheus, Service Monitor, and Grafana with this chart. - - -## Useful links -- https://www.jfrog.com/confluence/display/EP/Getting+Started -- https://www.jfrog.com/confluence/display/RTF/Installing+Artifactory -- https://www.jfrog.com/confluence/ diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/ReverseProxyConfiguration.md b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/ReverseProxyConfiguration.md deleted file mode 100755 index 38c4a9eaa..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/ReverseProxyConfiguration.md +++ /dev/null @@ -1,140 +0,0 @@ -# JFrog Artifactory Reverse Proxy Settings using Nginx - -#### Reverse Proxy -* To use Artifactory as docker registry it's mandatory to use Reverse Proxy. -* Artifactory provides a Reverse Proxy Configuration Generator screen in which you can fill in a set of fields to generate -the required configuration snippet which you can then download and install directly in the corresponding directory of your reverse proxy server. -* To learn about configuring NGINX or Apache for reverse proxy refer to documentation provided on [JFrog wiki](https://www.jfrog.com/confluence/display/RTF/Configuring+a+Reverse+Proxy) -* By default Artifactory helm chart uses Nginx for reverse proxy and load balancing. - -**Note**: Nginx image distributed with Artifactory helm chart is custom image managed and maintained by JFrog. - -#### Features of Artifactory Nginx -* Provides default configuration with self signed SSL certificate generated on each helm install/upgrade. -* Persist configuration and SSL certificate in `/var/opt/jfrog/nginx` directory - -#### Changing the default Artifactory nginx conf -Use a values.yaml file for changing the value of nginx.mainConf or nginx.artifactoryConf -These configuration will be mounted to the nginx container using a configmap. -For example: -1. Create a values file `nginx-values.yaml` with the following values: -```yaml -nginx: - artifactoryConf: | - ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; - ssl_certificate {{ .Values.nginx.persistence.mountPath }}/ssl/tls.crt; - ssl_certificate_key {{ .Values.nginx.persistence.mountPath }}/ssl/tls.key; - ssl_session_cache shared:SSL:1m; - ssl_prefer_server_ciphers on; - ## server configuration - server { - listen {{ .Values.nginx.internalPortHttps }} ssl; - listen {{ .Values.nginx.internalPortHttp }} ; - ## Change to you DNS name you use to access Artifactory - server_name ~(?.+)\.{{ include "artifactory.fullname" . }} {{ include "artifactory.fullname" . }}; - - if ($http_x_forwarded_proto = '') { - set $http_x_forwarded_proto $scheme; - } - ## Application specific logs - ## access_log /var/log/nginx/artifactory-access.log timing; - ## error_log /var/log/nginx/artifactory-error.log; - rewrite ^/$ /artifactory/webapp/ redirect; - rewrite ^/artifactory/?(/webapp)?$ /artifactory/webapp/ redirect; - if ( $repo != "" ) { - rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/$repo/$1/$2 break; - } - rewrite ^/(v1|v2)/([^/]+)(.*)$ /artifactory/api/docker/$2/$1/$3; - rewrite ^/(v1|v2)/ /artifactory/api/docker/$1/; - chunked_transfer_encoding on; - client_max_body_size 0; - location /artifactory/ { - proxy_read_timeout 900; - proxy_pass_header Server; - proxy_cookie_path ~*^/.* /; - if ( $request_uri ~ ^/artifactory/(.*)$ ) { - proxy_pass http://{{ include "artifactory.fullname" . }}:{{ .Values.artifactory.externalPort }}/artifactory/$1; - } - proxy_pass http://{{ include "artifactory.fullname" . }}:{{ .Values.artifactory.externalPort }}/artifactory/; - proxy_set_header X-Artifactory-Override-Base-Url $http_x_forwarded_proto://$host:$server_port/artifactory; - proxy_set_header X-Forwarded-Port $server_port; - proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } - } -``` - -2. Install/upgrade artifactory: -```bash -helm upgrade --install artifactory jfrog/artifactory -f nginx-values.yaml -``` - - -#### Steps to use static configuration for reverse proxy in nginx. -1. Get Artifactory service name using this command `kubectl get svc -n $NAMESPACE` - -2. Create `artifactory.conf` file with nginx configuration. More [nginx configuration examples](https://github.com/jfrog/artifactory-docker-examples/tree/master/files/nginx/conf.d) - - Following is example `artifactory.conf` - - **Note**: - * Create file with name `artifactory.conf` as it's fixed in configMap key. - * Replace `artifactory-artifactory` with service name taken from step 1. - - ```bash - ## add ssl entries when https has been set in config - ssl_certificate /var/opt/jfrog/nginx/ssl/tls.crt; - ssl_certificate_key /var/opt/jfrog/nginx/ssl/tls.key; - ssl_session_cache shared:SSL:1m; - ssl_prefer_server_ciphers on; - ## server configuration - server { - listen 443 ssl; - listen 80; - ## Change to you DNS name you use to access Artifactory - server_name ~(?.+)\.artifactory-artifactory artifactory-artifactory; - - if ($http_x_forwarded_proto = '') { - set $http_x_forwarded_proto $scheme; - } - ## Application specific logs - ## access_log /var/log/nginx/artifactory-access.log timing; - ## error_log /var/log/nginx/artifactory-error.log; - rewrite ^/$ /artifactory/webapp/ redirect; - rewrite ^/artifactory/?(/webapp)?$ /artifactory/webapp/ redirect; - if ( $repo != "" ) { - rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/$repo/$1/$2 break; - } - rewrite ^/(v1|v2)/([^/]+)(.*)$ /artifactory/api/docker/$2/$1/$3; - rewrite ^/(v1|v2)/ /artifactory/api/docker/$1/; - chunked_transfer_encoding on; - client_max_body_size 0; - location /artifactory/ { - proxy_read_timeout 900; - proxy_pass_header Server; - proxy_cookie_path ~*^/.* /; - if ( $request_uri ~ ^/artifactory/(.*)$ ) { - proxy_pass http://artifactory-artifactory:8081/artifactory/$1 break; - } - proxy_pass http://artifactory-artifactory:8081/artifactory/; - proxy_set_header X-Artifactory-Override-Base-Url $http_x_forwarded_proto://$host:$server_port/artifactory; - proxy_set_header X-Forwarded-Port $server_port; - proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } - } - ``` - -3. Create configMap of `artifactory.conf` created with step above. - ```bash - kubectl create configmap art-nginx-conf --from-file=artifactory.conf - ``` -4. Deploy Artifactory using helm chart. - You can achieve this by providing the name of configMap created above to `nginx.customArtifactoryConfigMap` in [values.yaml](values.yaml) - - Following is command to set values at runtime: - ```bash - helm install --name artifactory nginx.customArtifactoryConfigMap=art-nginx-conf jfrog/artifactory - ``` \ No newline at end of file diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/UPGRADE_NOTES.md b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/UPGRADE_NOTES.md deleted file mode 100755 index 4ba17d0c9..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/UPGRADE_NOTES.md +++ /dev/null @@ -1,39 +0,0 @@ -# JFrog Artifactory Chart Upgrade Notes -This file describes special upgrade notes needed at specific versions - -## Upgrade from 8.X to 9.X and above (Chart Versions) - -* If this is a new deployment or you already use an external database (`postgresql.enabled=false`), these changes **do not affect you!** -* To upgrade from a version prior to 8.x, you first need to upgrade to latest version of 8.x as described in https://github.com/jfrog/charts/blob/master/stable/artifactory/CHANGELOG.md. -* Note: If you are upgrading from 8.x to 11.x and above chart versions, please delete the existing statefulset of postgresql before upgrading the chart due to breaking changes in postgresql subchart. -```bash -kubectl delete statefulsets -postgresql -``` - -## Upgrade from 7.X to 8.X (Chart Versions) -**DOWNTIME IS REQUIRED FOR AN UPGRADE!** -* If this is a new deployment or you already use an external database (`postgresql.enabled=false`), these changes **do not affect you!** -* PostgreSQL sub chart was upgraded to version `6.5.x`. This version is not backward compatible with the old version (`0.9.5`)! -* Note the following **PostgreSQL** Helm chart changes - * The chart configuration has changed! See [values.yaml](values.yaml) for the new keys used - * **PostgreSQL** is deployed as a StatefulSet - * See [PostgreSQL helm chart](https://hub.helm.sh/charts/stable/postgresql) for all available configurations -* Upgrade - * Due to breaking changes in the **PostgreSQL** Helm chart, a migration of the database is needed from the old to the new database - * The recommended migration process is the [full system export and import](https://www.jfrog.com/confluence/display/RTF/Importing+and+Exporting) - * **NOTE:** To save time, export only metadata and configuration (check `Exclude Content` in the `System Import & Export`) since the Artifactory filestore is persisted - * Upgrade steps: - 1. Block user access to Artifactory (do not shutdown) - 2. Perform `Export System` from the `Admin` -> `Import & Export` -> `System` -> `Export System` - a. Check `Exclude Content` to save export size (as Artifactory filestore will persist across upgrade) - b. Choose to save the export on the persisted Artifactory volume (`/var/opt/jfrog/artifactory/`) - c. Click `Export` (this can take some time) - 3. Run the `helm upgrade` with the new version. Old PostgreSQL will be removed and new one deployed - a. You must pass explicit "ready for upgrade flag" with `--set databaseUpgradeReady=yes`. Failing to provide this will block the upgrade! - 4. Once ready, open Artifactory UI (you might need to re-enter a valid license). Skip all onboarding wizard steps - a. **NOTE:** Don't worry you can't see the old config and files. It will all restore with the system import in the next step - 5. Perform `Import System` from the `Admin` -> `Import & Export` -> `System` -> `Import System` - a. Browse to where the export was saved Artifactory volume (`/var/opt/jfrog/artifactory/`) - b. Click `Import` (this can take some time) - 6. Restore access to Artifactory - * Artifactory should now be ready to get back to normal operation diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/.helmignore b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/.helmignore deleted file mode 100755 index f0c131944..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/Chart.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/Chart.yaml deleted file mode 100755 index 2f858e60e..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/Chart.yaml +++ /dev/null @@ -1,23 +0,0 @@ -annotations: - category: Database -apiVersion: v1 -appVersion: 11.9.0 -description: Chart for PostgreSQL, an object-relational database management system (ORDBMS) with an emphasis on extensibility and on standards-compliance. -home: https://www.postgresql.org/ -icon: https://bitnami.com/assets/stacks/postgresql/img/postgresql-stack-110x117.png -keywords: -- postgresql -- postgres -- database -- sql -- replication -- cluster -maintainers: -- email: containers@bitnami.com - name: Bitnami -- email: cedric@desaintmartin.fr - name: desaintmartin -name: postgresql -sources: -- https://github.com/bitnami/bitnami-docker-postgresql -version: 9.3.4 diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/README.md b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/README.md deleted file mode 100755 index 319291bc6..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/README.md +++ /dev/null @@ -1,680 +0,0 @@ -# PostgreSQL - -[PostgreSQL](https://www.postgresql.org/) is an object-relational database management system (ORDBMS) with an emphasis on extensibility and on standards-compliance. - -For HA, please see [this repo](https://github.com/bitnami/charts/tree/master/bitnami/postgresql-ha) - -## TL;DR - -```console -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release bitnami/postgresql -``` - -## Introduction - -This chart bootstraps a [PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/). - -## Prerequisites - -- Kubernetes 1.12+ -- Helm 2.12+ or Helm 3.0-beta3+ -- PV provisioner support in the underlying infrastructure - -## Installing the Chart -To install the chart with the release name `my-release`: - -```console -$ helm install my-release bitnami/postgresql -``` - -The command deploys PostgreSQL on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `my-release` deployment: - -```console -$ helm delete my-release -``` - -The command removes all the Kubernetes components but PVC's associated with the chart and deletes the release. - -To delete the PVC's associated with `my-release`: - -```console -$ kubectl delete pvc -l release=my-release -``` - -> **Note**: Deleting the PVC's will delete postgresql data as well. Please be cautious before doing it. - -## Parameters - -The following tables lists the configurable parameters of the PostgreSQL chart and their default values. - -| Parameter | Description | Default | -|-----------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------| -| `global.imageRegistry` | Global Docker Image registry | `nil` | -| `global.postgresql.postgresqlDatabase` | PostgreSQL database (overrides `postgresqlDatabase`) | `nil` | -| `global.postgresql.postgresqlUsername` | PostgreSQL username (overrides `postgresqlUsername`) | `nil` | -| `global.postgresql.existingSecret` | Name of existing secret to use for PostgreSQL passwords (overrides `existingSecret`) | `nil` | -| `global.postgresql.postgresqlPassword` | PostgreSQL admin password (overrides `postgresqlPassword`) | `nil` | -| `global.postgresql.servicePort` | PostgreSQL port (overrides `service.port`) | `nil` | -| `global.postgresql.replicationPassword` | Replication user password (overrides `replication.password`) | `nil` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | -| `global.storageClass` | Global storage class for dynamic provisioning | `nil` | -| `image.registry` | PostgreSQL Image registry | `docker.io` | -| `image.repository` | PostgreSQL Image name | `bitnami/postgresql` | -| `image.tag` | PostgreSQL Image tag | `{TAG_NAME}` | -| `image.pullPolicy` | PostgreSQL Image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Specify Image pull secrets | `nil` (does not add image pull secrets to deployed pods) | -| `image.debug` | Specify if debug values should be set | `false` | -| `nameOverride` | String to partially override postgresql.fullname template with a string (will prepend the release name) | `nil` | -| `fullnameOverride` | String to fully override postgresql.fullname template with a string | `nil` | -| `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work) | `false` | -| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | -| `volumePermissions.image.repository` | Init container volume-permissions image name | `bitnami/minideb` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag | `buster` | -| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `Always` | -| `volumePermissions.securityContext.runAsUser` | User ID for the init container (when facing issues in OpenShift or uid unknown, try value "auto") | `0` | -| `usePasswordFile` | Have the secrets mounted as a file instead of env vars | `false` | -| `ldap.enabled` | Enable LDAP support | `false` | -| `ldap.existingSecret` | Name of existing secret to use for LDAP passwords | `nil` | -| `ldap.url` | LDAP URL beginning in the form `ldap[s]://host[:port]/basedn[?[attribute][?[scope][?[filter]]]]` | `nil` | -| `ldap.server` | IP address or name of the LDAP server. | `nil` | -| `ldap.port` | Port number on the LDAP server to connect to | `nil` | -| `ldap.scheme` | Set to `ldaps` to use LDAPS. | `nil` | -| `ldap.tls` | Set to `1` to use TLS encryption | `nil` | -| `ldap.prefix` | String to prepend to the user name when forming the DN to bind | `nil` | -| `ldap.suffix` | String to append to the user name when forming the DN to bind | `nil` | -| `ldap.search_attr` | Attribute to match agains the user name in the search | `nil` | -| `ldap.search_filter` | The search filter to use when doing search+bind authentication | `nil` | -| `ldap.baseDN` | Root DN to begin the search for the user in | `nil` | -| `ldap.bindDN` | DN of user to bind to LDAP | `nil` | -| `ldap.bind_password` | Password for the user to bind to LDAP | `nil` | -| `replication.enabled` | Enable replication | `false` | -| `replication.user` | Replication user | `repl_user` | -| `replication.password` | Replication user password | `repl_password` | -| `replication.slaveReplicas` | Number of slaves replicas | `1` | -| `replication.synchronousCommit` | Set synchronous commit mode. Allowed values: `on`, `remote_apply`, `remote_write`, `local` and `off` | `off` | -| `replication.numSynchronousReplicas` | Number of replicas that will have synchronous replication. Note: Cannot be greater than `replication.slaveReplicas`. | `0` | -| `replication.applicationName` | Cluster application name. Useful for advanced replication settings | `my_application` | -| `existingSecret` | Name of existing secret to use for PostgreSQL passwords. The secret has to contain the keys `postgresql-postgres-password` which is the password for `postgresqlUsername` when it is different of `postgres`, `postgresql-password` which will override `postgresqlPassword`, `postgresql-replication-password` which will override `replication.password` and `postgresql-ldap-password` which will be sed to authenticate on LDAP. The value is evaluated as a template. | `nil` | -| `postgresqlPostgresPassword` | PostgreSQL admin password (used when `postgresqlUsername` is not `postgres`, in which case`postgres` is the admin username). | _random 10 character alphanumeric string_ | -| `postgresqlUsername` | PostgreSQL user (creates a non-admin user when `postgresqlUsername` is not `postgres`) | `postgres` | -| `postgresqlPassword` | PostgreSQL user password | _random 10 character alphanumeric string_ | -| `postgresqlDatabase` | PostgreSQL database | `nil` | -| `postgresqlDataDir` | PostgreSQL data dir folder | `/bitnami/postgresql` (same value as persistence.mountPath) | -| `extraEnv` | Any extra environment variables you would like to pass on to the pod. The value is evaluated as a template. | `[]` | -| `extraEnvVarsCM` | Name of a Config Map containing extra environment variables you would like to pass on to the pod. The value is evaluated as a template. | `nil` | -| `postgresqlInitdbArgs` | PostgreSQL initdb extra arguments | `nil` | -| `postgresqlInitdbWalDir` | PostgreSQL location for transaction log | `nil` | -| `postgresqlConfiguration` | Runtime Config Parameters | `nil` | -| `postgresqlExtendedConf` | Extended Runtime Config Parameters (appended to main or default configuration) | `nil` | -| `pgHbaConfiguration` | Content of pg_hba.conf | `nil (do not create pg_hba.conf)` | -| `configurationConfigMap` | ConfigMap with the PostgreSQL configuration files (Note: Overrides `postgresqlConfiguration` and `pgHbaConfiguration`). The value is evaluated as a template. | `nil` | -| `extendedConfConfigMap` | ConfigMap with the extended PostgreSQL configuration files. The value is evaluated as a template. | `nil` | -| `initdbScripts` | Dictionary of initdb scripts | `nil` | -| `initdbUser` | PostgreSQL user to execute the .sql and sql.gz scripts | `nil` | -| `initdbPassword` | Password for the user specified in `initdbUser` | `nil` | -| `initdbScriptsConfigMap` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`). The value is evaluated as a template. | `nil` | -| `initdbScriptsSecret` | Secret with initdb scripts that contain sensitive information (Note: can be used with `initdbScriptsConfigMap` or `initdbScripts`). The value is evaluated as a template. | `nil` | -| `service.type` | Kubernetes Service type | `ClusterIP` | -| `service.port` | PostgreSQL port | `5432` | -| `service.nodePort` | Kubernetes Service nodePort | `nil` | -| `service.annotations` | Annotations for PostgreSQL service | `{}` (evaluated as a template) | -| `service.loadBalancerIP` | loadBalancerIP if service type is `LoadBalancer` | `nil` | -| `service.loadBalancerSourceRanges` | Address that are allowed when svc is LoadBalancer | `[]` (evaluated as a template) | -| `schedulerName` | Name of the k8s scheduler (other than default) | `nil` | -| `shmVolume.enabled` | Enable emptyDir volume for /dev/shm for master and slave(s) Pod(s) | `true` | -| `shmVolume.chmod.enabled` | Run at init chmod 777 of the /dev/shm (ignored if `volumePermissions.enabled` is `false`) | `true` | -| `persistence.enabled` | Enable persistence using PVC | `true` | -| `persistence.existingClaim` | Provide an existing `PersistentVolumeClaim`, the value is evaluated as a template. | `nil` | -| `persistence.mountPath` | Path to mount the volume at | `/bitnami/postgresql` | -| `persistence.subPath` | Subdirectory of the volume to mount at | `""` | -| `persistence.storageClass` | PVC Storage Class for PostgreSQL volume | `nil` | -| `persistence.accessModes` | PVC Access Mode for PostgreSQL volume | `[ReadWriteOnce]` | -| `persistence.size` | PVC Storage Request for PostgreSQL volume | `8Gi` | -| `persistence.annotations` | Annotations for the PVC | `{}` | -| `commonAnnotations` | Annotations to be added to all deployed resources (rendered as a template) | `{}` | -| `master.nodeSelector` | Node labels for pod assignment (postgresql master) | `{}` | -| `master.affinity` | Affinity labels for pod assignment (postgresql master) | `{}` | -| `master.tolerations` | Toleration labels for pod assignment (postgresql master) | `[]` | -| `master.anotations` | Map of annotations to add to the statefulset (postgresql master) | `{}` | -| `master.labels` | Map of labels to add to the statefulset (postgresql master) | `{}` | -| `master.podAnnotations` | Map of annotations to add to the pods (postgresql master) | `{}` | -| `master.podLabels` | Map of labels to add to the pods (postgresql master) | `{}` | -| `master.priorityClassName` | Priority Class to use for each pod (postgresql master) | `nil` | -| `master.extraInitContainers` | Additional init containers to add to the pods (postgresql master) | `[]` | -| `master.extraVolumeMounts` | Additional volume mounts to add to the pods (postgresql master) | `[]` | -| `master.extraVolumes` | Additional volumes to add to the pods (postgresql master) | `[]` | -| `master.sidecars` | Add additional containers to the pod | `[]` | -| `master.service.type` | Allows using a different service type for Master | `nil` | -| `master.service.nodePort` | Allows using a different nodePort for Master | `nil` | -| `master.service.clusterIP` | Allows using a different clusterIP for Master | `nil` | -| `slave.nodeSelector` | Node labels for pod assignment (postgresql slave) | `{}` | -| `slave.affinity` | Affinity labels for pod assignment (postgresql slave) | `{}` | -| `slave.tolerations` | Toleration labels for pod assignment (postgresql slave) | `[]` | -| `slave.anotations` | Map of annotations to add to the statefulsets (postgresql slave) | `{}` | -| `slave.labels` | Map of labels to add to the statefulsets (postgresql slave) | `{}` | -| `slave.podAnnotations` | Map of annotations to add to the pods (postgresql slave) | `{}` | -| `slave.podLabels` | Map of labels to add to the pods (postgresql slave) | `{}` | -| `slave.priorityClassName` | Priority Class to use for each pod (postgresql slave) | `nil` | -| `slave.extraInitContainers` | Additional init containers to add to the pods (postgresql slave) | `[]` | -| `slave.extraVolumeMounts` | Additional volume mounts to add to the pods (postgresql slave) | `[]` | -| `slave.extraVolumes` | Additional volumes to add to the pods (postgresql slave) | `[]` | -| `slave.sidecars` | Add additional containers to the pod | `[]` | -| `slave.service.type` | Allows using a different service type for Slave | `nil` | -| `slave.service.nodePort` | Allows using a different nodePort for Slave | `nil` | -| `slave.service.clusterIP` | Allows using a different clusterIP for Slave | `nil` | -| `slave.persistence.enabled` | Whether to enable slave replicas persistence | `true` | -| `terminationGracePeriodSeconds` | Seconds the pod needs to terminate gracefully | `nil` | -| `resources` | CPU/Memory resource requests/limits | Memory: `256Mi`, CPU: `250m` | -| `securityContext.enabled` | Enable security context | `true` | -| `securityContext.fsGroup` | Group ID for the container | `1001` | -| `securityContext.runAsUser` | User ID for the container | `1001` | -| `serviceAccount.enabled` | Enable service account (Note: Service Account will only be automatically created if `serviceAccount.name` is not set) | `false` | -| `serviceAccount.name` | Name of existing service account | `nil` | -| `livenessProbe.enabled` | Would you like a livenessProbe to be enabled | `true` | -| `networkPolicy.enabled` | Enable NetworkPolicy | `false` | -| `networkPolicy.allowExternal` | Don't require client label for connections | `true` | -| `networkPolicy.explicitNamespacesSelector` | A Kubernetes LabelSelector to explicitly select namespaces from which ingress traffic could be allowed | `{}` | -| `livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 30 | -| `livenessProbe.periodSeconds` | How often to perform the probe | 10 | -| `livenessProbe.timeoutSeconds` | When the probe times out | 5 | -| `livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | -| `livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | -| `readinessProbe.enabled` | would you like a readinessProbe to be enabled | `true` | -| `readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | 5 | -| `readinessProbe.periodSeconds` | How often to perform the probe | 10 | -| `readinessProbe.timeoutSeconds` | When the probe times out | 5 | -| `readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | -| `readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | -| `tls.enabled` | Enable TLS traffic support | `false` | -| `tls.preferServerCiphers` | Whether to use the server's TLS cipher preferences rather than the client's | `true` | -| `tls.certificatesSecret` | Name of an existing secret that contains the certificates | `nil` | -| `tls.certFilename` | Certificate filename | `""` | -| `tls.certKeyFilename` | Certificate key filename | `""` | -| `tls.certCAFilename` | CA Certificate filename. If provided, PostgreSQL will authenticate TLS/SSL clients by requesting them a certificate. |`nil` | -| `tls.crlFilename` | File containing a Certificate Revocation List |`nil` | -| `metrics.enabled` | Start a prometheus exporter | `false` | -| `metrics.service.type` | Kubernetes Service type | `ClusterIP` | -| `service.clusterIP` | Static clusterIP or None for headless services | `nil` | -| `metrics.service.annotations` | Additional annotations for metrics exporter pod | `{ prometheus.io/scrape: "true", prometheus.io/port: "9187"}` | -| `metrics.service.loadBalancerIP` | loadBalancerIP if redis metrics service type is `LoadBalancer` | `nil` | -| `metrics.serviceMonitor.enabled` | Set this to `true` to create ServiceMonitor for Prometheus operator | `false` | -| `metrics.serviceMonitor.additionalLabels` | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus | `{}` | -| `metrics.serviceMonitor.namespace` | Optional namespace in which to create ServiceMonitor | `nil` | -| `metrics.serviceMonitor.interval` | Scrape interval. If not set, the Prometheus default scrape interval is used | `nil` | -| `metrics.serviceMonitor.scrapeTimeout` | Scrape timeout. If not set, the Prometheus default scrape timeout is used | `nil` | -| `metrics.prometheusRule.enabled` | Set this to true to create prometheusRules for Prometheus operator | `false` | -| `metrics.prometheusRule.additionalLabels` | Additional labels that can be used so prometheusRules will be discovered by Prometheus | `{}` | -| `metrics.prometheusRule.namespace` | namespace where prometheusRules resource should be created | the same namespace as postgresql | -| `metrics.prometheusRule.rules` | [rules](https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/) to be created, check values for an example. | `[]` | -| `metrics.image.registry` | PostgreSQL Exporter Image registry | `docker.io` | -| `metrics.image.repository` | PostgreSQL Exporter Image name | `bitnami/postgres-exporter` | -| `metrics.image.tag` | PostgreSQL Exporter Image tag | `{TAG_NAME}` | -| `metrics.image.pullPolicy` | PostgreSQL Exporter Image pull policy | `IfNotPresent` | -| `metrics.image.pullSecrets` | Specify Image pull secrets | `nil` (does not add image pull secrets to deployed pods) | -| `metrics.customMetrics` | Additional custom metrics | `nil` | -| `metrics.extraEnvVars` | Extra environment variables to add to exporter | `{}` (evaluated as a template) | -| `metrics.securityContext.enabled` | Enable security context for metrics | `false` | -| `metrics.securityContext.runAsUser` | User ID for the container for metrics | `1001` | -| `metrics.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 30 | -| `metrics.livenessProbe.periodSeconds` | How often to perform the probe | 10 | -| `metrics.livenessProbe.timeoutSeconds` | When the probe times out | 5 | -| `metrics.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | -| `metrics.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | -| `metrics.readinessProbe.enabled` | would you like a readinessProbe to be enabled | `true` | -| `metrics.readinessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 5 | -| `metrics.readinessProbe.periodSeconds` | How often to perform the probe | 10 | -| `metrics.readinessProbe.timeoutSeconds` | When the probe times out | 5 | -| `metrics.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | -| `metrics.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | -| `updateStrategy` | Update strategy policy | `{type: "RollingUpdate"}` | -| `psp.create` | Create Pod Security Policy | `false` | -| `rbac.create` | Create Role and RoleBinding (required for PSP to work) | `false` | - - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```console -$ helm install my-release \ - --set postgresqlPassword=secretpassword,postgresqlDatabase=my-database \ - bitnami/postgresql -``` - -The above command sets the PostgreSQL `postgres` account password to `secretpassword`. Additionally it creates a database named `my-database`. - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```console -$ helm install my-release -f values.yaml bitnami/postgresql -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -## Configuration and installation details - -### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) - -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. - -Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. - -### Production configuration and horizontal scaling - -This chart includes a `values-production.yaml` file where you can find some parameters oriented to production configuration in comparison to the regular `values.yaml`. You can use this file instead of the default one. - -- Enable replication: -```diff -- replication.enabled: false -+ replication.enabled: true -``` - -- Number of slaves replicas: -```diff -- replication.slaveReplicas: 1 -+ replication.slaveReplicas: 2 -``` - -- Set synchronous commit mode: -```diff -- replication.synchronousCommit: "off" -+ replication.synchronousCommit: "on" -``` - -- Number of replicas that will have synchronous replication: -```diff -- replication.numSynchronousReplicas: 0 -+ replication.numSynchronousReplicas: 1 -``` - -- Start a prometheus exporter: -```diff -- metrics.enabled: false -+ metrics.enabled: true -``` - -To horizontally scale this chart, you can use the `--replicas` flag to modify the number of nodes in your PostgreSQL deployment. Also you can use the `values-production.yaml` file or modify the parameters shown above. - -### Customizing Master and Slave services in a replicated configuration - -At the top level, there is a service object which defines the services for both master and slave. For deeper customization, there are service objects for both the master and slave types individually. This allows you to override the values in the top level service object so that the master and slave can be of different service types and with different clusterIPs / nodePorts. Also in the case you want the master and slave to be of type nodePort, you will need to set the nodePorts to different values to prevent a collision. The values that are deeper in the master.service or slave.service objects will take precedence over the top level service object. - -### Change PostgreSQL version - -To modify the PostgreSQL version used in this chart you can specify a [valid image tag](https://hub.docker.com/r/bitnami/postgresql/tags/) using the `image.tag` parameter. For example, `image.tag=X.Y.Z`. This approach is also applicable to other images like exporters. - -### postgresql.conf / pg_hba.conf files as configMap - -This helm chart also supports to customize the whole configuration file. - -Add your custom file to "files/postgresql.conf" in your working directory. This file will be mounted as configMap to the containers and it will be used for configuring the PostgreSQL server. - -Alternatively, you can specify PostgreSQL configuration parameters using the `postgresqlConfiguration` parameter as a dict, using camelCase, e.g. {"sharedBuffers": "500MB"}. - -In addition to these options, you can also set an external ConfigMap with all the configuration files. This is done by setting the `configurationConfigMap` parameter. Note that this will override the two previous options. - -### Allow settings to be loaded from files other than the default `postgresql.conf` - -If you don't want to provide the whole PostgreSQL configuration file and only specify certain parameters, you can add your extended `.conf` files to "files/conf.d/" in your working directory. -Those files will be mounted as configMap to the containers adding/overwriting the default configuration using the `include_dir` directive that allows settings to be loaded from files other than the default `postgresql.conf`. - -Alternatively, you can also set an external ConfigMap with all the extra configuration files. This is done by setting the `extendedConfConfigMap` parameter. Note that this will override the previous option. - -### Initialize a fresh instance - -The [Bitnami PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) image allows you to use your custom scripts to initialize a fresh instance. In order to execute the scripts, they must be located inside the chart folder `files/docker-entrypoint-initdb.d` so they can be consumed as a ConfigMap. - -Alternatively, you can specify custom scripts using the `initdbScripts` parameter as dict. - -In addition to these options, you can also set an external ConfigMap with all the initialization scripts. This is done by setting the `initdbScriptsConfigMap` parameter. Note that this will override the two previous options. If your initialization scripts contain sensitive information such as credentials or passwords, you can use the `initdbScriptsSecret` parameter. - -The allowed extensions are `.sh`, `.sql` and `.sql.gz`. - -### Securing traffic using TLS - -TLS support can be enabled in the chart by specifying the `tls.` parameters while creating a release. The following parameters should be configured to properly enable the TLS support in the chart: - -- `tls.enabled`: Enable TLS support. Defaults to `false` -- `tls.certificatesSecret`: Name of an existing secret that contains the certificates. No defaults. -- `tls.certFilename`: Certificate filename. No defaults. -- `tls.certKeyFilename`: Certificate key filename. No defaults. - -For example: - -* First, create the secret with the cetificates files: - - ```console - kubectl create secret generic certificates-tls-secret --from-file=./cert.crt --from-file=./cert.key --from-file=./ca.crt - ``` - -* Then, use the following parameters: - - ```console - volumePermissions.enabled=true - tls.enabled=true - tls.certificatesSecret="certificates-tls-secret" - tls.certFilename="cert.crt" - tls.certKeyFilename="cert.key" - ``` - - > Note TLS and VolumePermissions: PostgreSQL requires certain permissions on sensitive files (such as certificate keys) to start up. Due to an on-going [issue](https://github.com/kubernetes/kubernetes/issues/57923) regarding kubernetes permissions and the use of `securityContext.runAsUser`, you must enable `volumePermissions` to ensure everything works as expected. - -### Sidecars - -If you need additional containers to run within the same pod as PostgreSQL (e.g. an additional metrics or logging exporter), you can do so via the `sidecars` config parameter. Simply define your container according to the Kubernetes container spec. - -```yaml -# For the PostgreSQL master -master: - sidecars: - - name: your-image-name - image: your-image - imagePullPolicy: Always - ports: - - name: portname - containerPort: 1234 -# For the PostgreSQL replicas -slave: - sidecars: - - name: your-image-name - image: your-image - imagePullPolicy: Always - ports: - - name: portname - containerPort: 1234 -``` - -### Metrics - -The chart optionally can start a metrics exporter for [prometheus](https://prometheus.io). The metrics endpoint (port 9187) is not exposed and it is expected that the metrics are collected from inside the k8s cluster using something similar as the described in the [example Prometheus scrape configuration](https://github.com/prometheus/prometheus/blob/master/documentation/examples/prometheus-kubernetes.yml). - -The exporter allows to create custom metrics from additional SQL queries. See the Chart's `values.yaml` for an example and consult the [exporters documentation](https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file) for more details. - -### Use of global variables - -In more complex scenarios, we may have the following tree of dependencies - -``` - +--------------+ - | | - +------------+ Chart 1 +-----------+ - | | | | - | --------+------+ | - | | | - | | | - | | | - | | | - v v v -+-------+------+ +--------+------+ +--------+------+ -| | | | | | -| PostgreSQL | | Sub-chart 1 | | Sub-chart 2 | -| | | | | | -+--------------+ +---------------+ +---------------+ -``` - -The three charts below depend on the parent chart Chart 1. However, subcharts 1 and 2 may need to connect to PostgreSQL as well. In order to do so, subcharts 1 and 2 need to know the PostgreSQL credentials, so one option for deploying could be deploy Chart 1 with the following parameters: - -``` -postgresql.postgresqlPassword=testtest -subchart1.postgresql.postgresqlPassword=testtest -subchart2.postgresql.postgresqlPassword=testtest -postgresql.postgresqlDatabase=db1 -subchart1.postgresql.postgresqlDatabase=db1 -subchart2.postgresql.postgresqlDatabase=db1 -``` - -If the number of dependent sub-charts increases, installing the chart with parameters can become increasingly difficult. An alternative would be to set the credentials using global variables as follows: - -``` -global.postgresql.postgresqlPassword=testtest -global.postgresql.postgresqlDatabase=db1 -``` - -This way, the credentials will be available in all of the subcharts. - -## Persistence - -The [Bitnami PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) image stores the PostgreSQL data and configurations at the `/bitnami/postgresql` path of the container. - -Persistent Volume Claims are used to keep the data across deployments. This is known to work in GCE, AWS, and minikube. -See the [Parameters](#parameters) section to configure the PVC or to disable persistence. - -If you already have data in it, you will fail to sync to standby nodes for all commits, details can refer to [code](https://github.com/bitnami/bitnami-docker-postgresql/blob/8725fe1d7d30ebe8d9a16e9175d05f7ad9260c93/9.6/debian-9/rootfs/libpostgresql.sh#L518-L556). If you need to use those data, please covert them to sql and import after `helm install` finished. - -## NetworkPolicy - -To enable network policy for PostgreSQL, install [a networking plugin that implements the Kubernetes NetworkPolicy spec](https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy#before-you-begin), and set `networkPolicy.enabled` to `true`. - -For Kubernetes v1.5 & v1.6, you must also turn on NetworkPolicy by setting the DefaultDeny namespace annotation. Note: this will enforce policy for _all_ pods in the namespace: - -```console -$ kubectl annotate namespace default "net.beta.kubernetes.io/network-policy={\"ingress\":{\"isolation\":\"DefaultDeny\"}}" -``` - -With NetworkPolicy enabled, traffic will be limited to just port 5432. - -For more precise policy, set `networkPolicy.allowExternal=false`. This will only allow pods with the generated client label to connect to PostgreSQL. -This label will be displayed in the output of a successful install. - -## Differences between Bitnami PostgreSQL image and [Docker Official](https://hub.docker.com/_/postgres) image - -- The Docker Official PostgreSQL image does not support replication. If you pass any replication environment variable, this would be ignored. The only environment variables supported by the Docker Official image are POSTGRES_USER, POSTGRES_DB, POSTGRES_PASSWORD, POSTGRES_INITDB_ARGS, POSTGRES_INITDB_WALDIR and PGDATA. All the remaining environment variables are specific to the Bitnami PostgreSQL image. -- The Bitnami PostgreSQL image is non-root by default. This requires that you run the pod with `securityContext` and updates the permissions of the volume with an `initContainer`. A key benefit of this configuration is that the pod follows security best practices and is prepared to run on Kubernetes distributions with hard security constraints like OpenShift. -- For OpenShift, one may either define the runAsUser and fsGroup accordingly, or try this more dynamic option: volumePermissions.securityContext.runAsUser="auto",securityContext.enabled=false,shmVolume.chmod.enabled=false - -### Deploy chart using Docker Official PostgreSQL Image - -From chart version 4.0.0, it is possible to use this chart with the Docker Official PostgreSQL image. -Besides specifying the new Docker repository and tag, it is important to modify the PostgreSQL data directory and volume mount point. Basically, the PostgreSQL data dir cannot be the mount point directly, it has to be a subdirectory. - -``` -image.repository=postgres -image.tag=10.6 -postgresqlDataDir=/data/pgdata -persistence.mountPath=/data/ -``` - -## Upgrade - -It's necessary to specify the existing passwords while performing an upgrade to ensure the secrets are not updated with invalid randomly generated passwords. Remember to specify the existing values of the `postgresqlPassword` and `replication.password` parameters when upgrading the chart: - -```bash -$ helm upgrade my-release stable/postgresql \ - --set postgresqlPassword=[POSTGRESQL_PASSWORD] \ - --set replication.password=[REPLICATION_PASSWORD] -``` - -> Note: you need to substitute the placeholders _[POSTGRESQL_PASSWORD]_, and _[REPLICATION_PASSWORD]_ with the values obtained from instructions in the installation notes. - -## 9.0.0 - -In this version the chart was adapted to follow the Helm label best practices, see [PR 3021](https://github.com/bitnami/charts/pull/3021). That means the backward compatibility is not guarantee when upgrading the chart to this major version. - -As a workaround, you can delete the existing statefulset (using the `--cascade=false` flag pods are not deleted) before upgrade the chart. For example, this can be a valid workflow: - -- Deploy an old version (8.X.X) -```console -$ helm install postgresql bitnami/postgresql --version 8.10.14 -``` - -- Old version is up and running -```console -$ helm ls -NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION -postgresql default 1 2020-08-04 13:39:54.783480286 +0000 UTC deployed postgresql-8.10.14 11.8.0 - -$ kubectl get pods -NAME READY STATUS RESTARTS AGE -postgresql-postgresql-0 1/1 Running 0 76s -``` - -- The upgrade to the latest one (9.X.X) is going to fail -```console -$ helm upgrade postgresql bitnami/postgresql -Error: UPGRADE FAILED: cannot patch "postgresql-postgresql" with kind StatefulSet: StatefulSet.apps "postgresql-postgresql" is invalid: spec: Forbidden: updates to statefulset spec for fields other than 'replicas', 'template', and 'updateStrategy' are forbidden -``` - -- Delete the statefulset -```console -$ kubectl delete statefulsets.apps --cascade=false postgresql-postgresql -statefulset.apps "postgresql-postgresql" deleted -``` - -- Now the upgrade works -```cosnole -$ helm upgrade postgresql bitnami/postgresql -$ helm ls -NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION -postgresql default 3 2020-08-04 13:42:08.020385884 +0000 UTC deployed postgresql-9.1.2 11.8.0 -``` - -- We can kill the existing pod and the new statefulset is going to create a new one: -```console -$ kubectl delete pod postgresql-postgresql-0 -pod "postgresql-postgresql-0" deleted - -$ kubectl get pods -NAME READY STATUS RESTARTS AGE -postgresql-postgresql-0 1/1 Running 0 19s -``` - -Please, note that without the `--cascade=false` both objects (statefulset and pod) are going to be removed and both objects will be deployed again with the `helm upgrade` command - -## 8.0.0 - -Prefixes the port names with their protocols to comply with Istio conventions. - -If you depend on the port names in your setup, make sure to update them to reflect this change. - -## 7.1.0 - -Adds support for LDAP configuration. - -## 7.0.0 - -Helm performs a lookup for the object based on its group (apps), version (v1), and kind (Deployment). Also known as its GroupVersionKind, or GVK. Changing the GVK is considered a compatibility breaker from Kubernetes' point of view, so you cannot "upgrade" those objects to the new GVK in-place. Earlier versions of Helm 3 did not perform the lookup correctly which has since been fixed to match the spec. - -In https://github.com/helm/charts/pull/17281 the `apiVersion` of the statefulset resources was updated to `apps/v1` in tune with the api's deprecated, resulting in compatibility breakage. - -This major version bump signifies this change. - -## 6.5.7 - -In this version, the chart will use PostgreSQL with the Postgis extension included. The version used with Postgresql version 10, 11 and 12 is Postgis 2.5. It has been compiled with the following dependencies: - -- protobuf -- protobuf-c -- json-c -- geos -- proj - -## 5.0.0 - -In this version, the **chart is using PostgreSQL 11 instead of PostgreSQL 10**. You can find the main difference and notable changes in the following links: [https://www.postgresql.org/about/news/1894/](https://www.postgresql.org/about/news/1894/) and [https://www.postgresql.org/about/featurematrix/](https://www.postgresql.org/about/featurematrix/). - -For major releases of PostgreSQL, the internal data storage format is subject to change, thus complicating upgrades, you can see some errors like the following one in the logs: - -```console -Welcome to the Bitnami postgresql container -Subscribe to project updates by watching https://github.com/bitnami/bitnami-docker-postgresql -Submit issues and feature requests at https://github.com/bitnami/bitnami-docker-postgresql/issues -Send us your feedback at containers@bitnami.com - -INFO ==> ** Starting PostgreSQL setup ** -NFO ==> Validating settings in POSTGRESQL_* env vars.. -INFO ==> Initializing PostgreSQL database... -INFO ==> postgresql.conf file not detected. Generating it... -INFO ==> pg_hba.conf file not detected. Generating it... -INFO ==> Deploying PostgreSQL with persisted data... -INFO ==> Configuring replication parameters -INFO ==> Loading custom scripts... -INFO ==> Enabling remote connections -INFO ==> Stopping PostgreSQL... -INFO ==> ** PostgreSQL setup finished! ** - -INFO ==> ** Starting PostgreSQL ** - [1] FATAL: database files are incompatible with server - [1] DETAIL: The data directory was initialized by PostgreSQL version 10, which is not compatible with this version 11.3. -``` - -In this case, you should migrate the data from the old chart to the new one following an approach similar to that described in [this section](https://www.postgresql.org/docs/current/upgrading.html#UPGRADING-VIA-PGDUMPALL) from the official documentation. Basically, create a database dump in the old chart, move and restore it in the new one. - -### 4.0.0 - -This chart will use by default the Bitnami PostgreSQL container starting from version `10.7.0-r68`. This version moves the initialization logic from node.js to bash. This new version of the chart requires setting the `POSTGRES_PASSWORD` in the slaves as well, in order to properly configure the `pg_hba.conf` file. Users from previous versions of the chart are advised to upgrade immediately. - -IMPORTANT: If you do not want to upgrade the chart version then make sure you use the `10.7.0-r68` version of the container. Otherwise, you will get this error - -``` -The POSTGRESQL_PASSWORD environment variable is empty or not set. Set the environment variable ALLOW_EMPTY_PASSWORD=yes to allow the container to be started with blank passwords. This is recommended only for development -``` - -### 3.0.0 - -This releases make it possible to specify different nodeSelector, affinity and tolerations for master and slave pods. -It also fixes an issue with `postgresql.master.fullname` helper template not obeying fullnameOverride. - -#### Breaking changes - -- `affinty` has been renamed to `master.affinity` and `slave.affinity`. -- `tolerations` has been renamed to `master.tolerations` and `slave.tolerations`. -- `nodeSelector` has been renamed to `master.nodeSelector` and `slave.nodeSelector`. - -### 2.0.0 - -In order to upgrade from the `0.X.X` branch to `1.X.X`, you should follow the below steps: - - - Obtain the service name (`SERVICE_NAME`) and password (`OLD_PASSWORD`) of the existing postgresql chart. You can find the instructions to obtain the password in the NOTES.txt, the service name can be obtained by running - -```console -$ kubectl get svc -``` - -- Install (not upgrade) the new version - -```console -$ helm repo update -$ helm install my-release bitnami/postgresql -``` - -- Connect to the new pod (you can obtain the name by running `kubectl get pods`): - -```console -$ kubectl exec -it NAME bash -``` - -- Once logged in, create a dump file from the previous database using `pg_dump`, for that we should connect to the previous postgresql chart: - -```console -$ pg_dump -h SERVICE_NAME -U postgres DATABASE_NAME > /tmp/backup.sql -``` - -After run above command you should be prompted for a password, this password is the previous chart password (`OLD_PASSWORD`). -This operation could take some time depending on the database size. - -- Once you have the backup file, you can restore it with a command like the one below: - -```console -$ psql -U postgres DATABASE_NAME < /tmp/backup.sql -``` - -In this case, you are accessing to the local postgresql, so the password should be the new one (you can find it in NOTES.txt). - -If you want to restore the database and the database schema does not exist, it is necessary to first follow the steps described below. - -```console -$ psql -U postgres -postgres=# drop database DATABASE_NAME; -postgres=# create database DATABASE_NAME; -postgres=# create user USER_NAME; -postgres=# alter role USER_NAME with password 'BITNAMI_USER_PASSWORD'; -postgres=# grant all privileges on database DATABASE_NAME to USER_NAME; -postgres=# alter database DATABASE_NAME owner to USER_NAME; -``` diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/.helmignore b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/.helmignore deleted file mode 100755 index 50af03172..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/Chart.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/Chart.yaml deleted file mode 100755 index e6bac7873..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/Chart.yaml +++ /dev/null @@ -1,20 +0,0 @@ -annotations: - category: Infrastructure -apiVersion: v1 -appVersion: 0.6.2 -description: A Library Helm Chart for grouping common logic between bitnami charts. This chart is not deployable by itself. -home: http://www.bitnami.com/ -icon: https://bitnami.com/downloads/logos/bitnami-mark.png -keywords: -- common -- helper -- template -- function -- bitnami -maintainers: -- email: containers@bitnami.com - name: Bitnami -name: common -sources: -- https://github.com/bitnami/charts -version: 0.6.2 diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/README.md b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/README.md deleted file mode 100755 index e04391a3f..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/README.md +++ /dev/null @@ -1,274 +0,0 @@ -# Bitnami Common Library Chart - -A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between bitnami charts. - -## TL;DR - -```yaml -dependencies: - - name: common - version: 0.x.x - repository: https://charts.bitnami.com/bitnami -``` - -```bash -$ helm dependency update -``` - -```yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.names.fullname" . }} -data: - myvalue: "Hello World" -``` - -## Introduction - -This chart provides a common template helpers which can be used to develop new charts using [Helm](https://helm.sh) package manager. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This Helm chart has been tested on top of [Bitnami Kubernetes Production Runtime](https://kubeprod.io/) (BKPR). Deploy BKPR to get automated TLS certificates, logging and monitoring for your applications. - -## Prerequisites - -- Kubernetes 1.12+ -- Helm 2.12+ or Helm 3.0-beta3+ - -## Parameters - -The following table lists the helpers available in the library which are scoped in different sections. - -**Names** - -| Helper identifier | Description | Expected Input | -|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.names.name` | Expand the name of the chart or use `.Values.nameOverride` | `.` Chart context | -| `common.names.fullname` | Create a default fully qualified app name. | `.` Chart context | -| `common.names.chart` | Chart name plus version | `.` Chart context | - -**Images** - -| Helper identifier | Description | Expected Input | -|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.images.image` | Return the proper and full image name | `dict "imageRoot" .Values.path.to.the.image "global" $`, see [ImageRoot](#imageroot) for the structure. | -| `common.images.pullSecrets` | Return the proper Docker Image Registry Secret Names | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global` | - -**Labels** - -| Helper identifier | Description | Expected Input | -|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.labels.standard` | Return Kubernetes standard labels | `.` Chart context | -| `common.labels.matchLabels` | Return the proper Docker Image Registry Secret Names | `.` Chart context | - -**Storage** - -| Helper identifier | Description | Expected Input | -|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.storage.class` | Return the proper Storage Class | `dict "persistence" .Values.path.to.the.persistence "global" $`, see [Persistence](#persistence) for the structure. | - -**TplValues** - -| Helper identifier | Description | Expected Input | -|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.tplvalues.render` | Renders a value that contains template | `dict "value" .Values.path.to.the.Value "context" $`, value is the value should rendered as template, context frecuently is the chart context `$` or `.` | - -**Capabilities** - -| Helper identifier | Description | Expected Input | -|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.capabilities.deployment.apiVersion` | Return the appropriate apiVersion for deployment. | `.` Chart context | -| `common.capabilities.ingress.apiVersion` | Return the appropriate apiVersion for ingress. | `.` Chart context | - -**Validations** - -| Helper identifier | Description | Expected Input | -|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.validations.values.single.empty` | Validate a value must not be empty. | `dict "valueKey" "path.to.value" "secret" "secret.name" "field" "my-password" "context" $` secret and field are optional. In case they are given, the helper will generate a how to get instruction. See [ValidateValue](#validatevalue) | -| `common.validations.values.multiple.empty` | Validate a multiple values must not be empty. It returns a shared error for all the values. | `dict "required" (list $validateValueConf00 $validateValueConf01) "context" $`. See [ValidateValue](#validatevalue) | -| `common.validations.values.mariadb.passwords` | When a chart is using `bitnami/mariadb` as subchart you should use this to validate required password are not empty. It returns a shared error for all the values. | `dict "secret" "mariadb-secret" "context" $` | -| `common.validations.values.postgresql.passwords` | This helper will ensure required password are not empty. It returns a shared error for all the values. | `dict "secret" "postgresql-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use postgresql chart and the helper. | - -**Warnings** - -| Helper identifier | Description | Expected Input | -|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.warnings.rollingTag` | Warning about using rolling tag. | `ImageRoot` see [ImageRoot](#imageroot) for the structure. | - -**Errors** - -| Helper identifier | Description | Expected Input | -|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.errors.upgrade.passwords.empty` | It will ensure required passwords are given when we are upgrading a chart. If `validationErrors` is not empty it will throw an error and will stop the upgrade action. | `dict "validationErrors" (list $validationError00 $validationError01) "context" $` | - -**Utils** - -| Helper identifier | Description | Expected Input | -|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.utils.fieldToEnvVar` | Build environment variable name given a field. | `dict "field" "my-password"` | -| `common.utils.secret.getvalue` | Print instructions to get a secret value. | `dict "secret" "secret-name" "field" "secret-value-field" "context" $` | - -**Secrets** - -| Helper identifier | Description | Expected Input | -|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.secrets.name` | Generate the name of the secret. | `dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $` see [ExistingSecret](#existingsecret) for the structure. | -| `common.secrets.key` | Generate secret key. | `dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName"` see [ExistingSecret](#existingsecret) for the structure. | - -## Special input schemas - -### ImageRoot - -```yaml -registry: - type: string - description: Docker registry where the image is located - example: docker.io - -repository: - type: string - description: Repository and image name - example: bitnami/nginx - -tag: - type: string - description: image tag - example: 1.16.1-debian-10-r63 - -pullPolicy: - type: string - description: Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - -pullSecrets: - type: array - items: - type: string - description: Optionally specify an array of imagePullSecrets. - -debug: - type: boolean - description: Set to true if you would like to see extra information on logs - example: false - -## An instance would be: -# registry: docker.io -# repository: bitnami/nginx -# tag: 1.16.1-debian-10-r63 -# pullPolicy: IfNotPresent -# debug: false -``` - -### Persistence - -```yaml -enabled: - type: boolean - description: Whether enable persistence. - example: true - -storageClass: - type: string - description: Ghost data Persistent Volume Storage Class, If set to "-", storageClassName: "" which disables dynamic provisioning. - example: "-" - -accessMode: - type: string - description: Access mode for the Persistent Volume Storage. - example: ReadWriteOnce - -size: - type: string - description: Size the Persistent Volume Storage. - example: 8Gi - -path: - type: string - description: Path to be persisted. - example: /bitnami - -## An instance would be: -# enabled: true -# storageClass: "-" -# accessMode: ReadWriteOnce -# size: 8Gi -# path: /bitnami -``` - -### ExistingSecret -```yaml -name: - type: string - description: Name of the existing secret. - example: mySecret -keyMapping: - description: Mapping between the expected key name and the name of the key in the existing secret. - type: object - -## An instance would be: -# name: mySecret -# keyMapping: -# password: myPasswordKey -``` - -**Example of use** - -When we store sensitive data for a deployment in a secret, some times we want to give to users the possiblity of using theirs existing secrets. - -```yaml -# templates/secret.yaml ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.names.fullname" . }} - labels: - app: {{ include "common.names.fullname" . }} -type: Opaque -data: - password: {{ .Values.password | b64enc | quote }} - -# templates/dpl.yaml ---- -... - env: - - name: PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.secrets.name" (dict "existingSecret" .Values.existingSecret "context" $) }} - key: {{ include "common.secrets.key" (dict "existingSecret" .Values.existingSecret "key" "password") }} -... - -# values.yaml ---- -name: mySecret -keyMapping: - password: myPasswordKey -``` - -### ValidateValue - -**NOTES.txt** - -``` -{{- $validateValueConf00 := (dict "valueKey" "path.to.value00" "secret" "secretName" "field" "password-00") -}} -{{- $validateValueConf01 := (dict "valueKey" "path.to.value01" "secret" "secretName" "field" "password-01") -}} - -{{ include "common.validations.values.multiple.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} -``` - -If we force those values to be empty we will see some alerts - -```console -$ helm install test mychart --set path.to.value00="",path.to.value01="" - 'path.to.value00' must not be empty, please add '--set path.to.value00=$PASSWORD_00' to the command. To get the current value: - - export PASSWORD_00=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-00}" | base64 --decode) - - 'path.to.value01' must not be empty, please add '--set path.to.value01=$PASSWORD_01' to the command. To get the current value: - - export PASSWORD_01=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-01}" | base64 --decode) -``` - -## Notable changes - -N/A diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_capabilities.tpl b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_capabilities.tpl deleted file mode 100755 index c0ea2c70c..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_capabilities.tpl +++ /dev/null @@ -1,22 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Return the appropriate apiVersion for deployment. -*/}} -{{- define "common.capabilities.deployment.apiVersion" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for ingress. -*/}} -{{- define "common.capabilities.ingress.apiVersion" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1beta1" -}} -{{- end -}} -{{- end -}} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_errors.tpl b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_errors.tpl deleted file mode 100755 index d6d3ec65a..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_errors.tpl +++ /dev/null @@ -1,20 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Through error when upgrading using empty passwords values that must not be empty. - -Usage: -{{- $validationError00 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password00" "secret" "secretName" "field" "password-00") -}} -{{- $validationError01 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password01" "secret" "secretName" "field" "password-01") -}} -{{ include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $validationError00 $validationError01) "context" $) }} - -Required password params: - - validationErrors - String - Required. List of validation strings to be return, if it is empty it won't throw error. - - context - Context - Required. Parent context. -*/}} -{{- define "common.errors.upgrade.passwords.empty" -}} - {{- $validationErrors := join "" .validationErrors -}} - {{- if and $validationErrors .context.Release.IsUpgrade -}} - {{- $errorString := "\nPASSWORDS ERROR: you must provide your current passwords when upgrade the release%s" -}} - {{- printf $errorString $validationErrors | fail -}} - {{- end -}} -{{- end -}} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_images.tpl b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_images.tpl deleted file mode 100755 index aafde9f3b..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_images.tpl +++ /dev/null @@ -1,43 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Return the proper image name -{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" $) }} -*/}} -{{- define "common.images.image" -}} -{{- $registryName := .imageRoot.registry -}} -{{- $repositoryName := .imageRoot.repository -}} -{{- $tag := .imageRoot.tag | toString -}} -{{- if .global }} - {{- if .global.imageRegistry }} - {{- $registryName = .global.imageRegistry -}} - {{- end -}} -{{- end -}} -{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -{{ include "common.images.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global) }} -*/}} -{{- define "common.images.pullSecrets" -}} - {{- $pullSecrets := list }} - - {{- if .global }} - {{- range .global.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets . -}} - {{- end -}} - {{- end -}} - - {{- range .images -}} - {{- range .pullSecrets -}} - {{- $pullSecrets = append $pullSecrets . -}} - {{- end -}} - {{- end -}} - - {{- if (not (empty $pullSecrets)) }} -imagePullSecrets: - {{- range $pullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} -{{- end -}} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_labels.tpl b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_labels.tpl deleted file mode 100755 index 252066c7e..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_labels.tpl +++ /dev/null @@ -1,18 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Kubernetes standard labels -*/}} -{{- define "common.labels.standard" -}} -app.kubernetes.io/name: {{ include "common.names.name" . }} -helm.sh/chart: {{ include "common.names.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} - -{{/* -Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector -*/}} -{{- define "common.labels.matchLabels" -}} -app.kubernetes.io/name: {{ include "common.names.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end -}} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_names.tpl b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_names.tpl deleted file mode 100755 index adf2a74f4..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_names.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "common.names.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "common.names.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "common.names.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_secrets.tpl b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_secrets.tpl deleted file mode 100755 index d6165a294..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_secrets.tpl +++ /dev/null @@ -1,49 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Generate secret name. - -Usage: -{{ include "common.secrets.name" (dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $) }} - -Params: - - existingSecret - ExistingSecret - Optional. The path to the existing secrets in the values.yaml given by the user - to be used istead of the default one. +info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret - - defaultNameSuffix - String - Optional. It is used only if we have several secrets in the same deployment. - - context - Dict - Required. The context for the template evaluation. -*/}} -{{- define "common.secrets.name" -}} -{{- $name := (include "common.names.fullname" .context) -}} - -{{- if .defaultNameSuffix -}} -{{- $name = cat $name .defaultNameSuffix -}} -{{- end -}} - -{{- with .existingSecret -}} -{{- $name = .name -}} -{{- end -}} - -{{- printf "%s" $name -}} -{{- end -}} - -{{/* -Generate secret key. - -Usage: -{{ include "common.secrets.key" (dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName") }} - -Params: - - existingSecret - ExistingSecret - Optional. The path to the existing secrets in the values.yaml given by the user - to be used istead of the default one. +info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret - - key - String - Required. Name of the key in the secret. -*/}} -{{- define "common.secrets.key" -}} -{{- $key := .key -}} - -{{- if .existingSecret -}} - {{- if .existingSecret.keyMapping -}} - {{- $key = index .existingSecret.keyMapping $.key -}} - {{- end -}} -{{- end -}} - -{{- printf "%s" $key -}} -{{- end -}} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_storage.tpl b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_storage.tpl deleted file mode 100755 index 60e2a844f..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_storage.tpl +++ /dev/null @@ -1,23 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Return the proper Storage Class -{{ include "common.storage.class" ( dict "persistence" .Values.path.to.the.persistence "global" $) }} -*/}} -{{- define "common.storage.class" -}} - -{{- $storageClass := .persistence.storageClass -}} -{{- if .global -}} - {{- if .global.storageClass -}} - {{- $storageClass = .global.storageClass -}} - {{- end -}} -{{- end -}} - -{{- if $storageClass -}} - {{- if (eq "-" $storageClass) -}} - {{- printf "storageClassName: \"\"" -}} - {{- else }} - {{- printf "storageClassName: %s" $storageClass -}} - {{- end -}} -{{- end -}} - -{{- end -}} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_tplvalues.tpl b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_tplvalues.tpl deleted file mode 100755 index 2db166851..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_tplvalues.tpl +++ /dev/null @@ -1,13 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Renders a value that contains template. -Usage: -{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $) }} -*/}} -{{- define "common.tplvalues.render" -}} - {{- if typeIs "string" .value }} - {{- tpl .value .context }} - {{- else }} - {{- tpl (.value | toYaml) .context }} - {{- end }} -{{- end -}} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_utils.tpl b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_utils.tpl deleted file mode 100755 index 7d02f2ef6..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_utils.tpl +++ /dev/null @@ -1,26 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Print instructions to get a secret value. -Usage: -{{ include "common.utils.secret.getvalue" (dict "secret" "secret-name" "field" "secret-value-field" "context" $) }} -*/}} -{{- define "common.utils.secret.getvalue" -}} -{{- $varname := include "common.utils.fieldToEnvVar" . -}} -export {{ $varname }}=$(kubectl get secret --namespace {{ .context.Release.Namespace }} {{ .secret }} -o jsonpath="{.data.{{ .field }}}" | base64 --decode) -{{- end -}} - -{{/* -Build env var name given a field -Usage: -{{ include "common.utils.fieldToEnvVar" dict "field" "my-password" }} -*/}} -{{- define "common.utils.fieldToEnvVar" -}} - {{- $fieldNameSplit := splitList "-" .field -}} - {{- $upperCaseFieldNameSplit := list -}} - - {{- range $fieldNameSplit -}} - {{- $upperCaseFieldNameSplit = append $upperCaseFieldNameSplit ( upper . ) -}} - {{- end -}} - - {{ join "_" $upperCaseFieldNameSplit }} -{{- end -}} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_validations.tpl b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_validations.tpl deleted file mode 100755 index 62635b30e..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_validations.tpl +++ /dev/null @@ -1,219 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Validate values must not be empty. - -Usage: -{{- $validateValueConf00 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-00") -}} -{{- $validateValueConf01 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-01") -}} -{{ include "common.validations.values.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} - -Validate value params: - - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" - - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" - - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" -*/}} -{{- define "common.validations.values.multiple.empty" -}} - {{- range .required -}} - {{- include "common.validations.values.single.empty" (dict "valueKey" .valueKey "secret" .secret "field" .field "context" $.context) -}} - {{- end -}} -{{- end -}} - - -{{/* -Validate a value must not be empty. - -Usage: -{{ include "common.validations.value.empty" (dict "valueKey" "mariadb.password" "secret" "secretName" "field" "my-password" "context" $) }} - -Validate value params: - - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" - - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" - - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" -*/}} -{{- define "common.validations.values.single.empty" -}} - {{- $valueKeyArray := splitList "." .valueKey -}} - {{- $value := "" -}} - {{- $latestObj := $.context.Values -}} - {{- range $valueKeyArray -}} - {{- if not $latestObj -}} - {{- printf "please review the entire path of '%s' exists in values" $.valueKey | fail -}} - {{- end -}} - - {{- $value = ( index $latestObj . ) -}} - {{- $latestObj = $value -}} - {{- end -}} - - {{- if not $value -}} - {{- $varname := "my-value" -}} - {{- $getCurrentValue := "" -}} - {{- if and .secret .field -}} - {{- $varname = include "common.utils.fieldToEnvVar" . -}} - {{- $getCurrentValue = printf " To get the current value:\n\n %s\n" (include "common.utils.secret.getvalue" .) -}} - {{- end -}} - - {{- printf "\n '%s' must not be empty, please add '--set %s=$%s' to the command.%s" .valueKey .valueKey $varname $getCurrentValue -}} - {{- end -}} -{{- end -}} - -{{/* -Validate a mariadb required password must not be empty. - -Usage: -{{ include "common.validations.values.mariadb.passwords" (dict "secret" "secretName" "context" $) }} - -Validate value params: - - secret - String - Required. Name of the secret where mysql values are stored, e.g: "mysql-passwords-secret" -*/}} -{{- define "common.validations.values.mariadb.passwords" -}} - {{- if and (not .context.Values.mariadb.existingSecret) .context.Values.mariadb.enabled -}} - {{- $requiredPasswords := list -}} - - {{- if .context.Values.mariadb.secret.requirePasswords -}} - {{- $requiredRootMariadbPassword := dict "valueKey" "mariadb.rootUser.password" "secret" .secretName "field" "mariadb-root-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRootMariadbPassword -}} - - {{- if not (empty .context.Values.mariadb.db.user) -}} - {{- $requiredMariadbPassword := dict "valueKey" "mariadb.db.password" "secret" .secretName "field" "mariadb-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredMariadbPassword -}} - {{- end -}} - - {{- if .context.Values.mariadb.replication.enabled -}} - {{- $requiredReplicationPassword := dict "valueKey" "mariadb.replication.password" "secret" .secretName "field" "mariadb-replication-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - {{- end -}} - {{- end -}} -{{- end -}} - -{{/* -Validate a postgresql required password must not be empty. - -Usage: -{{ include "common.validations.values.postgresql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where postgresql values are stored, e.g: "mysql-passwords-secret" - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.postgresql.passwords" -}} - {{- $existingSecret := include "common.postgresql.values.existingSecret" . -}} - {{- $enabled := include "common.postgresql.values.enabled" . -}} - {{- $valueKeyPostgresqlPassword := include "common.postgresql.values.key.postgressPassword" . -}} - {{- $enabledReplication := include "common.postgresql.values.enabled.replication" . -}} - {{- $valueKeyPostgresqlReplicationEnabled := include "common.postgresql.values.key.replicationPassword" . -}} - - {{- if and (not $existingSecret) $enabled -}} - {{- $requiredPasswords := list -}} - - {{- $requiredPostgresqlPassword := dict "valueKey" $valueKeyPostgresqlPassword "secret" .secret "field" "postgresql-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlPassword -}} - - {{- if $enabledReplication -}} - {{- $requiredPostgresqlReplicationPassword := dict "valueKey" $valueKeyPostgresqlReplicationEnabled "secret" .secret "field" "postgresql-replication-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlReplicationPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliar function to decide whether evaluate global values. - -Usage: -{{ include "common.postgresql.values.use.global" (dict "key" "key-of-global" "context" $) }} -Params: - - key - String - Required. Field to be evaluated within global, e.g: "existingSecret" -*/}} -{{- define "common.postgresql.values.use.global" -}} - {{- if .context.Values.global -}} - {{- if .context.Values.global.postgresql -}} - {{- index .context.Values.global.postgresql .key | quote -}} - {{- end -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliar function to get the right value for existingSecret. - -Usage: -{{ include "common.postgresql.values.existingSecret" (dict "context" $) }} -*/}} -{{- define "common.postgresql.values.existingSecret" -}} - {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "existingSecret" "context" .context) -}} - - {{- if .subchart -}} - {{- default (.context.Values.postgresql.existingSecret | quote) $globalValue -}} - {{- else -}} - {{- default (.context.Values.existingSecret | quote) $globalValue -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliar function to get the right value for enabled postgresql. - -Usage: -{{ include "common.postgresql.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.postgresql.values.enabled" -}} - {{- if .subchart -}} - {{- .context.Values.postgresql.enabled | quote -}} - {{- else -}} - true - {{- end -}} -{{- end -}} - -{{/* -Auxiliar function to get the right value for the key postgressPassword. - -Usage: -{{ include "common.postgresql.values.key.postgressPassword" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.postgresql.values.key.postgressPassword" -}} - {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "postgresqlUsername" "context" .context) -}} - - {{- if not $globalValue -}} - {{- if .subchart -}} - postgresql.postgresqlPassword - {{- else -}} - postgresqlPassword - {{- end -}} - {{- else -}} - global.postgresql.postgresqlPassword - {{- end -}} -{{- end -}} - -{{/* -Auxiliar function to get the right value for enabled.replication. - -Usage: -{{ include "common.postgresql.values.enabled.replication" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.postgresql.values.enabled.replication" -}} - {{- if .subchart -}} - {{- .context.Values.postgresql.replication.enabled | quote -}} - {{- else -}} - {{- .context.Values.replication.enabled | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliar function to get the right value for the key replication.password. - -Usage: -{{ include "common.postgresql.values.key.replicationPassword" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.postgresql.values.key.replicationPassword" -}} - {{- if .subchart -}} - postgresql.replication.password - {{- else -}} - replication.password - {{- end -}} -{{- end -}} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_warnings.tpl b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_warnings.tpl deleted file mode 100755 index ae10fa41e..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_warnings.tpl +++ /dev/null @@ -1,14 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Warning about using rolling tag. -Usage: -{{ include "common.warnings.rollingTag" .Values.path.to.the.imageRoot }} -*/}} -{{- define "common.warnings.rollingTag" -}} - -{{- if and (contains "bitnami/" .repository) (not (.tag | toString | regexFind "-r\\d+$|sha256:")) }} -WARNING: Rolling tag detected ({{ .repository }}:{{ .tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment. -+info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/ -{{- end }} - -{{- end -}} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/values.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/values.yaml deleted file mode 100755 index 9ecdc93f5..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/values.yaml +++ /dev/null @@ -1,3 +0,0 @@ -## bitnami/common -## It is required by CI/CD tools and processes. -exampleValue: common-chart diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/ci/commonAnnotations.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/ci/commonAnnotations.yaml deleted file mode 100755 index f6977823c..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/ci/commonAnnotations.yaml +++ /dev/null @@ -1,3 +0,0 @@ -commonAnnotations: - helm.sh/hook: 'pre-install, pre-upgrade' - helm.sh/hook-weight: '-1' diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/ci/default-values.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/ci/default-values.yaml deleted file mode 100755 index fc2ba605a..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/ci/default-values.yaml +++ /dev/null @@ -1 +0,0 @@ -# Leave this file empty to ensure that CI runs builds against the default configuration in values.yaml. diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/ci/shmvolume-disabled-values.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/ci/shmvolume-disabled-values.yaml deleted file mode 100755 index 347d3b40a..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/ci/shmvolume-disabled-values.yaml +++ /dev/null @@ -1,2 +0,0 @@ -shmVolume: - enabled: false diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/files/README.md b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/files/README.md deleted file mode 100755 index 1813a2fea..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/files/README.md +++ /dev/null @@ -1 +0,0 @@ -Copy here your postgresql.conf and/or pg_hba.conf files to use it as a config map. diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/files/conf.d/README.md b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/files/conf.d/README.md deleted file mode 100755 index 184c1875d..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/files/conf.d/README.md +++ /dev/null @@ -1,4 +0,0 @@ -If you don't want to provide the whole configuration file and only specify certain parameters, you can copy here your extended `.conf` files. -These files will be injected as a config maps and add/overwrite the default configuration using the `include_dir` directive that allows settings to be loaded from files other than the default `postgresql.conf`. - -More info in the [bitnami-docker-postgresql README](https://github.com/bitnami/bitnami-docker-postgresql#configuration-file). diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/files/docker-entrypoint-initdb.d/README.md b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/files/docker-entrypoint-initdb.d/README.md deleted file mode 100755 index cba38091e..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/files/docker-entrypoint-initdb.d/README.md +++ /dev/null @@ -1,3 +0,0 @@ -You can copy here your custom `.sh`, `.sql` or `.sql.gz` file so they are executed during the first boot of the image. - -More info in the [bitnami-docker-postgresql](https://github.com/bitnami/bitnami-docker-postgresql#initializing-a-new-instance) repository. \ No newline at end of file diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/requirements.lock b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/requirements.lock deleted file mode 100755 index 72e1642e2..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/requirements.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: common - repository: https://charts.bitnami.com/bitnami - version: 0.6.2 -digest: sha256:740783295d301fdd168fafdbaa760de27ab54b0ff36b513589a5a2515072b885 -generated: "2020-09-01T17:40:02.795096189Z" diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/requirements.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/requirements.yaml deleted file mode 100755 index 2c28bfe14..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/requirements.yaml +++ /dev/null @@ -1,4 +0,0 @@ -dependencies: - - name: common - version: 0.x.x - repository: https://charts.bitnami.com/bitnami diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/NOTES.txt b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/NOTES.txt deleted file mode 100755 index 596e969ce..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/NOTES.txt +++ /dev/null @@ -1,59 +0,0 @@ -** Please be patient while the chart is being deployed ** - -PostgreSQL can be accessed via port {{ template "postgresql.port" . }} on the following DNS name from within your cluster: - - {{ template "postgresql.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local - Read/Write connection -{{- if .Values.replication.enabled }} - {{ template "postgresql.fullname" . }}-read.{{ .Release.Namespace }}.svc.cluster.local - Read only connection -{{- end }} - -{{- if and (not (eq .Values.postgresqlUsername "postgres")) (or .Values.postgresqlPostgresPassword (include "postgresql.useExistingSecret" .)) }} - -To get the password for "postgres" run: - - export POSTGRES_ADMIN_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "postgresql.secretName" . }} -o jsonpath="{.data.postgresql-postgres-password}" | base64 --decode) -{{- end }} - -To get the password for "{{ template "postgresql.username" . }}" run: - - export POSTGRES_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "postgresql.secretName" . }} -o jsonpath="{.data.postgresql-password}" | base64 --decode) - -To connect to your database run the following command: - - kubectl run {{ template "postgresql.fullname" . }}-client --rm --tty -i --restart='Never' --namespace {{ .Release.Namespace }} --image {{ template "postgresql.image" . }} --env="PGPASSWORD=$POSTGRES_PASSWORD" {{- if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }} - --labels="{{ template "postgresql.fullname" . }}-client=true" {{- end }} --command -- psql --host {{ template "postgresql.fullname" . }} -U {{ .Values.postgresqlUsername }} -d {{- if .Values.postgresqlDatabase }} {{ .Values.postgresqlDatabase }}{{- else }} postgres{{- end }} -p {{ template "postgresql.port" . }} - -{{ if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }} -Note: Since NetworkPolicy is enabled, only pods with label {{ template "postgresql.fullname" . }}-client=true" will be able to connect to this PostgreSQL cluster. -{{- end }} - -To connect to your database from outside the cluster execute the following commands: - -{{- if contains "NodePort" .Values.service.type }} - - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "postgresql.fullname" . }}) - {{ if (include "postgresql.password" . ) }}PGPASSWORD="$POSTGRES_PASSWORD" {{ end }}psql --host $NODE_IP --port $NODE_PORT -U {{ .Values.postgresqlUsername }} -d {{- if .Values.postgresqlDatabase }} {{ .Values.postgresqlDatabase }}{{- else }} postgres{{- end }} - -{{- else if contains "LoadBalancer" .Values.service.type }} - - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "postgresql.fullname" . }}' - - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "postgresql.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - {{ if (include "postgresql.password" . ) }}PGPASSWORD="$POSTGRES_PASSWORD" {{ end }}psql --host $SERVICE_IP --port {{ template "postgresql.port" . }} -U {{ .Values.postgresqlUsername }} -d {{- if .Values.postgresqlDatabase }} {{ .Values.postgresqlDatabase }}{{- else }} postgres{{- end }} - -{{- else if contains "ClusterIP" .Values.service.type }} - - kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "postgresql.fullname" . }} {{ template "postgresql.port" . }}:{{ template "postgresql.port" . }} & - {{ if (include "postgresql.password" . ) }}PGPASSWORD="$POSTGRES_PASSWORD" {{ end }}psql --host 127.0.0.1 -U {{ .Values.postgresqlUsername }} -d {{- if .Values.postgresqlDatabase }} {{ .Values.postgresqlDatabase }}{{- else }} postgres{{- end }} -p {{ template "postgresql.port" . }} - -{{- end }} - -{{- include "postgresql.validateValues" . -}} - -{{- include "common.warnings.rollingTag" .Values.image -}} - -{{- $passwordValidationErrors := include "common.validations.values.postgresql.passwords" (dict "secret" (include "postgresql.fullname" .) "context" $) -}} - -{{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $passwordValidationErrors) "context" $) -}} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/_helpers.tpl b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/_helpers.tpl deleted file mode 100755 index 68cd0dc0e..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/_helpers.tpl +++ /dev/null @@ -1,501 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "postgresql.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "postgresql.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "postgresql.master.fullname" -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- $fullname := default (printf "%s-%s" .Release.Name $name) .Values.fullnameOverride -}} -{{- if .Values.replication.enabled -}} -{{- printf "%s-%s" $fullname "master" | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s" $fullname | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for networkpolicy. -*/}} -{{- define "postgresql.networkPolicy.apiVersion" -}} -{{- if semverCompare ">=1.4-0, <1.7-0" .Capabilities.KubeVersion.GitVersion -}} -"extensions/v1beta1" -{{- else if semverCompare "^1.7-0" .Capabilities.KubeVersion.GitVersion -}} -"networking.k8s.io/v1" -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "postgresql.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Return the proper PostgreSQL image name -*/}} -{{- define "postgresql.image" -}} -{{- $registryName := .Values.image.registry -}} -{{- $repositoryName := .Values.image.repository -}} -{{- $tag := .Values.image.tag | toString -}} -{{/* -Helm 2.11 supports the assignment of a value to a variable defined in a different scope, -but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic. -Also, we can't use a single if because lazy evaluation is not an option -*/}} -{{- if .Values.global }} - {{- if .Values.global.imageRegistry }} - {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}} - {{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} - {{- end -}} -{{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} -{{- end -}} -{{- end -}} - -{{/* -Return PostgreSQL postgres user password -*/}} -{{- define "postgresql.postgres.password" -}} -{{- if .Values.global.postgresql.postgresqlPostgresPassword }} - {{- .Values.global.postgresql.postgresqlPostgresPassword -}} -{{- else if .Values.postgresqlPostgresPassword -}} - {{- .Values.postgresqlPostgresPassword -}} -{{- else -}} - {{- randAlphaNum 10 -}} -{{- end -}} -{{- end -}} - -{{/* -Return PostgreSQL password -*/}} -{{- define "postgresql.password" -}} -{{- if .Values.global.postgresql.postgresqlPassword }} - {{- .Values.global.postgresql.postgresqlPassword -}} -{{- else if .Values.postgresqlPassword -}} - {{- .Values.postgresqlPassword -}} -{{- else -}} - {{- randAlphaNum 10 -}} -{{- end -}} -{{- end -}} - -{{/* -Return PostgreSQL replication password -*/}} -{{- define "postgresql.replication.password" -}} -{{- if .Values.global.postgresql.replicationPassword }} - {{- .Values.global.postgresql.replicationPassword -}} -{{- else if .Values.replication.password -}} - {{- .Values.replication.password -}} -{{- else -}} - {{- randAlphaNum 10 -}} -{{- end -}} -{{- end -}} - -{{/* -Return PostgreSQL username -*/}} -{{- define "postgresql.username" -}} -{{- if .Values.global.postgresql.postgresqlUsername }} - {{- .Values.global.postgresql.postgresqlUsername -}} -{{- else -}} - {{- .Values.postgresqlUsername -}} -{{- end -}} -{{- end -}} - - -{{/* -Return PostgreSQL replication username -*/}} -{{- define "postgresql.replication.username" -}} -{{- if .Values.global.postgresql.replicationUser }} - {{- .Values.global.postgresql.replicationUser -}} -{{- else -}} - {{- .Values.replication.user -}} -{{- end -}} -{{- end -}} - -{{/* -Return PostgreSQL port -*/}} -{{- define "postgresql.port" -}} -{{- if .Values.global.postgresql.servicePort }} - {{- .Values.global.postgresql.servicePort -}} -{{- else -}} - {{- .Values.service.port -}} -{{- end -}} -{{- end -}} - -{{/* -Return PostgreSQL created database -*/}} -{{- define "postgresql.database" -}} -{{- if .Values.global.postgresql.postgresqlDatabase }} - {{- .Values.global.postgresql.postgresqlDatabase -}} -{{- else if .Values.postgresqlDatabase -}} - {{- .Values.postgresqlDatabase -}} -{{- end -}} -{{- end -}} - -{{/* -Return the proper image name to change the volume permissions -*/}} -{{- define "postgresql.volumePermissions.image" -}} -{{- $registryName := .Values.volumePermissions.image.registry -}} -{{- $repositoryName := .Values.volumePermissions.image.repository -}} -{{- $tag := .Values.volumePermissions.image.tag | toString -}} -{{/* -Helm 2.11 supports the assignment of a value to a variable defined in a different scope, -but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic. -Also, we can't use a single if because lazy evaluation is not an option -*/}} -{{- if .Values.global }} - {{- if .Values.global.imageRegistry }} - {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}} - {{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} - {{- end -}} -{{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} -{{- end -}} -{{- end -}} - -{{/* -Return the proper PostgreSQL metrics image name -*/}} -{{- define "postgresql.metrics.image" -}} -{{- $registryName := default "docker.io" .Values.metrics.image.registry -}} -{{- $repositoryName := .Values.metrics.image.repository -}} -{{- $tag := default "latest" .Values.metrics.image.tag | toString -}} -{{/* -Helm 2.11 supports the assignment of a value to a variable defined in a different scope, -but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic. -Also, we can't use a single if because lazy evaluation is not an option -*/}} -{{- if .Values.global }} - {{- if .Values.global.imageRegistry }} - {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}} - {{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} - {{- end -}} -{{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} -{{- end -}} -{{- end -}} - -{{/* -Get the password secret. -*/}} -{{- define "postgresql.secretName" -}} -{{- if .Values.global.postgresql.existingSecret }} - {{- printf "%s" (tpl .Values.global.postgresql.existingSecret $) -}} -{{- else if .Values.existingSecret -}} - {{- printf "%s" (tpl .Values.existingSecret $) -}} -{{- else -}} - {{- printf "%s" (include "postgresql.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if we should use an existingSecret. -*/}} -{{- define "postgresql.useExistingSecret" -}} -{{- if or .Values.global.postgresql.existingSecret .Values.existingSecret -}} - {{- true -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if a secret object should be created -*/}} -{{- define "postgresql.createSecret" -}} -{{- if not (include "postgresql.useExistingSecret" .) -}} - {{- true -}} -{{- end -}} -{{- end -}} - -{{/* -Get the configuration ConfigMap name. -*/}} -{{- define "postgresql.configurationCM" -}} -{{- if .Values.configurationConfigMap -}} -{{- printf "%s" (tpl .Values.configurationConfigMap $) -}} -{{- else -}} -{{- printf "%s-configuration" (include "postgresql.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Get the extended configuration ConfigMap name. -*/}} -{{- define "postgresql.extendedConfigurationCM" -}} -{{- if .Values.extendedConfConfigMap -}} -{{- printf "%s" (tpl .Values.extendedConfConfigMap $) -}} -{{- else -}} -{{- printf "%s-extended-configuration" (include "postgresql.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if a configmap should be mounted with PostgreSQL configuration -*/}} -{{- define "postgresql.mountConfigurationCM" -}} -{{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap }} - {{- true -}} -{{- end -}} -{{- end -}} - -{{/* -Get the initialization scripts ConfigMap name. -*/}} -{{- define "postgresql.initdbScriptsCM" -}} -{{- if .Values.initdbScriptsConfigMap -}} -{{- printf "%s" (tpl .Values.initdbScriptsConfigMap $) -}} -{{- else -}} -{{- printf "%s-init-scripts" (include "postgresql.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Get the initialization scripts Secret name. -*/}} -{{- define "postgresql.initdbScriptsSecret" -}} -{{- printf "%s" (tpl .Values.initdbScriptsSecret $) -}} -{{- end -}} - -{{/* -Get the metrics ConfigMap name. -*/}} -{{- define "postgresql.metricsCM" -}} -{{- printf "%s-metrics" (include "postgresql.fullname" .) -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "postgresql.imagePullSecrets" -}} -{{/* -Helm 2.11 supports the assignment of a value to a variable defined in a different scope, -but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic. -Also, we can not use a single if because lazy evaluation is not an option -*/}} -{{- if .Values.global }} -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- else if or .Values.image.pullSecrets .Values.metrics.image.pullSecrets .Values.volumePermissions.image.pullSecrets }} -imagePullSecrets: -{{- range .Values.image.pullSecrets }} - - name: {{ . }} -{{- end }} -{{- range .Values.metrics.image.pullSecrets }} - - name: {{ . }} -{{- end }} -{{- range .Values.volumePermissions.image.pullSecrets }} - - name: {{ . }} -{{- end }} -{{- end -}} -{{- else if or .Values.image.pullSecrets .Values.metrics.image.pullSecrets .Values.volumePermissions.image.pullSecrets }} -imagePullSecrets: -{{- range .Values.image.pullSecrets }} - - name: {{ . }} -{{- end }} -{{- range .Values.metrics.image.pullSecrets }} - - name: {{ . }} -{{- end }} -{{- range .Values.volumePermissions.image.pullSecrets }} - - name: {{ . }} -{{- end }} -{{- end -}} -{{- end -}} - -{{/* -Get the readiness probe command -*/}} -{{- define "postgresql.readinessProbeCommand" -}} -- | -{{- if (include "postgresql.database" .) }} - exec pg_isready -U {{ include "postgresql.username" . | quote }} -d "dbname={{ include "postgresql.database" . }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}{{- end }}" -h 127.0.0.1 -p {{ template "postgresql.port" . }} -{{- else }} - exec pg_isready -U {{ include "postgresql.username" . | quote }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} -d "sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}"{{- end }} -h 127.0.0.1 -p {{ template "postgresql.port" . }} -{{- end }} -{{- if contains "bitnami/" .Values.image.repository }} - [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ] -{{- end -}} -{{- end -}} - -{{/* -Return the proper Storage Class -*/}} -{{- define "postgresql.storageClass" -}} -{{/* -Helm 2.11 supports the assignment of a value to a variable defined in a different scope, -but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic. -*/}} -{{- if .Values.global -}} - {{- if .Values.global.storageClass -}} - {{- if (eq "-" .Values.global.storageClass) -}} - {{- printf "storageClassName: \"\"" -}} - {{- else }} - {{- printf "storageClassName: %s" .Values.global.storageClass -}} - {{- end -}} - {{- else -}} - {{- if .Values.persistence.storageClass -}} - {{- if (eq "-" .Values.persistence.storageClass) -}} - {{- printf "storageClassName: \"\"" -}} - {{- else }} - {{- printf "storageClassName: %s" .Values.persistence.storageClass -}} - {{- end -}} - {{- end -}} - {{- end -}} -{{- else -}} - {{- if .Values.persistence.storageClass -}} - {{- if (eq "-" .Values.persistence.storageClass) -}} - {{- printf "storageClassName: \"\"" -}} - {{- else }} - {{- printf "storageClassName: %s" .Values.persistence.storageClass -}} - {{- end -}} - {{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Renders a value that contains template. -Usage: -{{ include "postgresql.tplValue" ( dict "value" .Values.path.to.the.Value "context" $) }} -*/}} -{{- define "postgresql.tplValue" -}} - {{- if typeIs "string" .value }} - {{- tpl .value .context }} - {{- else }} - {{- tpl (.value | toYaml) .context }} - {{- end }} -{{- end -}} - -{{/* -Return the appropriate apiVersion for statefulset. -*/}} -{{- define "postgresql.statefulset.apiVersion" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "apps/v1beta2" -}} -{{- else -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Compile all warnings into a single message, and call fail. -*/}} -{{- define "postgresql.validateValues" -}} -{{- $messages := list -}} -{{- $messages := append $messages (include "postgresql.validateValues.ldapConfigurationMethod" .) -}} -{{- $messages := append $messages (include "postgresql.validateValues.psp" .) -}} -{{- $messages := append $messages (include "postgresql.validateValues.tls" .) -}} -{{- $messages := without $messages "" -}} -{{- $message := join "\n" $messages -}} - -{{- if $message -}} -{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} -{{- end -}} -{{- end -}} - -{{/* -Validate values of Postgresql - If ldap.url is used then you don't need the other settings for ldap -*/}} -{{- define "postgresql.validateValues.ldapConfigurationMethod" -}} -{{- if and .Values.ldap.enabled (and (not (empty .Values.ldap.url)) (not (empty .Values.ldap.server))) }} -postgresql: ldap.url, ldap.server - You cannot set both `ldap.url` and `ldap.server` at the same time. - Please provide a unique way to configure LDAP. - More info at https://www.postgresql.org/docs/current/auth-ldap.html -{{- end -}} -{{- end -}} - -{{/* -Validate values of Postgresql - If PSP is enabled RBAC should be enabled too -*/}} -{{- define "postgresql.validateValues.psp" -}} -{{- if and .Values.psp.create (not .Values.rbac.create) }} -postgresql: psp.create, rbac.create - RBAC should be enabled if PSP is enabled in order for PSP to work. - More info at https://kubernetes.io/docs/concepts/policy/pod-security-policy/#authorizing-policies -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for podsecuritypolicy. -*/}} -{{- define "podsecuritypolicy.apiVersion" -}} -{{- if semverCompare "<1.10-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} -{{- print "policy/v1beta1" -}} -{{- end -}} -{{- end -}} - -{{/* -Validate values of Postgresql TLS - When TLS is enabled, so must be VolumePermissions -*/}} -{{- define "postgresql.validateValues.tls" -}} -{{- if and .Values.tls.enabled (not .Values.volumePermissions.enabled) }} -postgresql: tls.enabled, volumePermissions.enabled - When TLS is enabled you must enable volumePermissions as well to ensure certificates files have - the right permissions. -{{- end -}} -{{- end -}} - -{{/* -Return the path to the cert file. -*/}} -{{- define "postgresql.tlsCert" -}} -{{- required "Certificate filename is required when TLS in enabled" .Values.tls.certFilename | printf "/opt/bitnami/postgresql/certs/%s" -}} -{{- end -}} - -{{/* -Return the path to the cert key file. -*/}} -{{- define "postgresql.tlsCertKey" -}} -{{- required "Certificate Key filename is required when TLS in enabled" .Values.tls.certKeyFilename | printf "/opt/bitnami/postgresql/certs/%s" -}} -{{- end -}} - -{{/* -Return the path to the CA cert file. -*/}} -{{- define "postgresql.tlsCACert" -}} -{{- printf "/opt/bitnami/postgresql/certs/%s" .Values.tls.certCAFilename -}} -{{- end -}} - -{{/* -Return the path to the CRL file. -*/}} -{{- define "postgresql.tlsCRL" -}} -{{- if .Values.tls.crlFilename -}} -{{- printf "/opt/bitnami/postgresql/certs/%s" .Values.tls.crlFilename -}} -{{- end -}} -{{- end -}} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/configmap.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/configmap.yaml deleted file mode 100755 index b29ef6040..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/configmap.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{ if and (or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration) (not .Values.configurationConfigMap) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "postgresql.fullname" . }}-configuration - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: -{{- if (.Files.Glob "files/postgresql.conf") }} -{{ (.Files.Glob "files/postgresql.conf").AsConfig | indent 2 }} -{{- else if .Values.postgresqlConfiguration }} - postgresql.conf: | -{{- range $key, $value := default dict .Values.postgresqlConfiguration }} - {{ $key | snakecase }}={{ $value }} -{{- end }} -{{- end }} -{{- if (.Files.Glob "files/pg_hba.conf") }} -{{ (.Files.Glob "files/pg_hba.conf").AsConfig | indent 2 }} -{{- else if .Values.pgHbaConfiguration }} - pg_hba.conf: | -{{ .Values.pgHbaConfiguration | indent 4 }} -{{- end }} -{{ end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/extended-config-configmap.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/extended-config-configmap.yaml deleted file mode 100755 index f21a97654..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/extended-config-configmap.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if and (or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf) (not .Values.extendedConfConfigMap)}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "postgresql.fullname" . }}-extended-configuration - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: -{{- with .Files.Glob "files/conf.d/*.conf" }} -{{ .AsConfig | indent 2 }} -{{- end }} -{{ with .Values.postgresqlExtendedConf }} - override.conf: | -{{- range $key, $value := . }} - {{ $key | snakecase }}={{ $value }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/initialization-configmap.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/initialization-configmap.yaml deleted file mode 100755 index 6637867a3..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/initialization-configmap.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if and (or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScripts) (not .Values.initdbScriptsConfigMap) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "postgresql.fullname" . }}-init-scripts - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -{{- with .Files.Glob "files/docker-entrypoint-initdb.d/*.sql.gz" }} -binaryData: -{{- range $path, $bytes := . }} - {{ base $path }}: {{ $.Files.Get $path | b64enc | quote }} -{{- end }} -{{- end }} -data: -{{- with .Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql}" }} -{{ .AsConfig | indent 2 }} -{{- end }} -{{- with .Values.initdbScripts }} -{{ toYaml . | indent 2 }} -{{- end }} -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/metrics-configmap.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/metrics-configmap.yaml deleted file mode 100755 index 6b7a3171e..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/metrics-configmap.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if and .Values.metrics.enabled .Values.metrics.customMetrics }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "postgresql.metricsCM" . }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: - custom-metrics.yaml: {{ toYaml .Values.metrics.customMetrics | quote }} -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/metrics-svc.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/metrics-svc.yaml deleted file mode 100755 index b993c9971..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/metrics-svc.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if .Values.metrics.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "postgresql.fullname" . }}-metrics - labels: - {{- include "common.labels.standard" . | nindent 4 }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- toYaml .Values.metrics.service.annotations | nindent 4 }} -spec: - type: {{ .Values.metrics.service.type }} - {{- if and (eq .Values.metrics.service.type "LoadBalancer") .Values.metrics.service.loadBalancerIP }} - loadBalancerIP: {{ .Values.metrics.service.loadBalancerIP }} - {{- end }} - ports: - - name: http-metrics - port: 9187 - targetPort: http-metrics - selector: - {{- include "common.labels.matchLabels" . | nindent 4 }} - role: master -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/networkpolicy.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/networkpolicy.yaml deleted file mode 100755 index 2a7b372fe..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/networkpolicy.yaml +++ /dev/null @@ -1,36 +0,0 @@ -{{- if .Values.networkPolicy.enabled }} -kind: NetworkPolicy -apiVersion: {{ template "postgresql.networkPolicy.apiVersion" . }} -metadata: - name: {{ template "postgresql.fullname" . }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - podSelector: - matchLabels: - {{- include "common.labels.matchLabels" . | nindent 6 }} - ingress: - # Allow inbound connections - - ports: - - port: {{ template "postgresql.port" . }} - {{- if not .Values.networkPolicy.allowExternal }} - from: - - podSelector: - matchLabels: - {{ template "postgresql.fullname" . }}-client: "true" - {{- if .Values.networkPolicy.explicitNamespacesSelector }} - namespaceSelector: -{{ toYaml .Values.networkPolicy.explicitNamespacesSelector | indent 12 }} - {{- end }} - - podSelector: - matchLabels: - {{- include "common.labels.matchLabels" . | nindent 14 }} - role: slave - {{- end }} - # Allow prometheus scrapes - - ports: - - port: 9187 -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/podsecuritypolicy.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/podsecuritypolicy.yaml deleted file mode 100755 index da0b3ab11..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/podsecuritypolicy.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{- if .Values.psp.create }} -apiVersion: {{ include "podsecuritypolicy.apiVersion" . }} -kind: PodSecurityPolicy -metadata: - name: {{ template "postgresql.fullname" . }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - privileged: false - volumes: - - 'configMap' - - 'secret' - - 'persistentVolumeClaim' - - 'emptyDir' - - 'projected' - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'MustRunAsNonRoot' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - readOnlyRootFilesystem: false -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/prometheusrule.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/prometheusrule.yaml deleted file mode 100755 index b0c41b1a4..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/prometheusrule.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ template "postgresql.fullname" . }} -{{- with .Values.metrics.prometheusRule.namespace }} - namespace: {{ . }} -{{- end }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- with .Values.metrics.prometheusRule.additionalLabels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: -{{- with .Values.metrics.prometheusRule.rules }} - groups: - - name: {{ template "postgresql.name" $ }} - rules: {{ tpl (toYaml .) $ | nindent 8 }} -{{- end }} -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/role.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/role.yaml deleted file mode 100755 index 6d3cf50a4..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/role.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.rbac.create }} -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ template "postgresql.fullname" . }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -rules: - {{- if .Values.psp.create }} - - apiGroups: ["extensions"] - resources: ["podsecuritypolicies"] - verbs: ["use"] - resourceNames: - - {{ template "postgresql.fullname" . }} - {{- end }} -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/rolebinding.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/rolebinding.yaml deleted file mode 100755 index f7837388d..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/rolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.rbac.create }} -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ template "postgresql.fullname" . }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -roleRef: - kind: Role - name: {{ template "postgresql.fullname" . }} - apiGroup: rbac.authorization.k8s.io -subjects: - - kind: ServiceAccount - name: {{ default (include "postgresql.fullname" . ) .Values.serviceAccount.name }} - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/secrets.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/secrets.yaml deleted file mode 100755 index c93dbe0bd..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/secrets.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if (include "postgresql.createSecret" .) }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "postgresql.fullname" . }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: Opaque -data: - {{- if and .Values.postgresqlPostgresPassword (not (eq .Values.postgresqlUsername "postgres")) }} - postgresql-postgres-password: {{ include "postgresql.postgres.password" . | b64enc | quote }} - {{- end }} - postgresql-password: {{ include "postgresql.password" . | b64enc | quote }} - {{- if .Values.replication.enabled }} - postgresql-replication-password: {{ include "postgresql.replication.password" . | b64enc | quote }} - {{- end }} - {{- if (and .Values.ldap.enabled .Values.ldap.bind_password)}} - postgresql-ldap-password: {{ .Values.ldap.bind_password | b64enc | quote }} - {{- end }} -{{- end -}} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/serviceaccount.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/serviceaccount.yaml deleted file mode 100755 index 17f7ff399..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/serviceaccount.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if and (.Values.serviceAccount.enabled) (not .Values.serviceAccount.name) }} -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - {{- include "common.labels.standard" . | nindent 4 }} - name: {{ template "postgresql.fullname" . }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/servicemonitor.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/servicemonitor.yaml deleted file mode 100755 index d57b7fb48..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/servicemonitor.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "postgresql.fullname" . }} - {{- if .Values.metrics.serviceMonitor.namespace }} - namespace: {{ .Values.metrics.serviceMonitor.namespace }} - {{- end }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.metrics.serviceMonitor.additionalLabels }} - {{- toYaml .Values.metrics.serviceMonitor.additionalLabels | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - -spec: - endpoints: - - port: http-metrics - {{- if .Values.metrics.serviceMonitor.interval }} - interval: {{ .Values.metrics.serviceMonitor.interval }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} - {{- end }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} - selector: - matchLabels: - {{- include "common.labels.matchLabels" . | nindent 6 }} -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/statefulset-slaves.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/statefulset-slaves.yaml deleted file mode 100755 index 54d24099f..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/statefulset-slaves.yaml +++ /dev/null @@ -1,345 +0,0 @@ -{{- if .Values.replication.enabled }} -apiVersion: {{ template "postgresql.statefulset.apiVersion" . }} -kind: StatefulSet -metadata: - name: "{{ template "postgresql.fullname" . }}-slave" - labels: - {{- include "common.labels.standard" . | nindent 4 }} -{{- with .Values.slave.labels }} -{{ toYaml . | indent 4 }} -{{- end }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- with .Values.slave.annotations }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - serviceName: {{ template "postgresql.fullname" . }}-headless - replicas: {{ .Values.replication.slaveReplicas }} - selector: - matchLabels: - {{- include "common.labels.matchLabels" . | nindent 6 }} - role: slave - template: - metadata: - name: {{ template "postgresql.fullname" . }} - labels: - {{- include "common.labels.standard" . | nindent 8 }} - role: slave -{{- with .Values.slave.podLabels }} -{{ toYaml . | indent 8 }} -{{- end }} -{{- with .Values.slave.podAnnotations }} - annotations: -{{ toYaml . | indent 8 }} -{{- end }} - spec: - {{- if .Values.schedulerName }} - schedulerName: "{{ .Values.schedulerName }}" - {{- end }} -{{- include "postgresql.imagePullSecrets" . | indent 6 }} - {{- if .Values.slave.nodeSelector }} - nodeSelector: -{{ toYaml .Values.slave.nodeSelector | indent 8 }} - {{- end }} - {{- if .Values.slave.affinity }} - affinity: -{{ toYaml .Values.slave.affinity | indent 8 }} - {{- end }} - {{- if .Values.slave.tolerations }} - tolerations: -{{ toYaml .Values.slave.tolerations | indent 8 }} - {{- end }} - {{- if .Values.terminationGracePeriodSeconds }} - terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} - {{- end }} - {{- if .Values.securityContext.enabled }} - securityContext: - fsGroup: {{ .Values.securityContext.fsGroup }} - {{- end }} - {{- if .Values.serviceAccount.enabled }} - serviceAccountName: {{ default (include "postgresql.fullname" . ) .Values.serviceAccount.name}} - {{- end }} - {{- if or .Values.slave.extraInitContainers (and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled))) }} - initContainers: - {{- if and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled) .Values.tls.enabled) }} - - name: init-chmod-data - image: {{ template "postgresql.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- end }} - command: - - /bin/sh - - -cx - - | - {{- if .Values.persistence.enabled }} - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - chown `id -u`:`id -G | cut -d " " -f2` {{ .Values.persistence.mountPath }} - {{- else }} - chown {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} {{ .Values.persistence.mountPath }} - {{- end }} - mkdir -p {{ .Values.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.persistence.mountPath }}/conf {{- end }} - chmod 700 {{ .Values.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.persistence.mountPath }}/conf {{- end }} - find {{ .Values.persistence.mountPath }} -mindepth 1 -maxdepth 1 {{- if not (include "postgresql.mountConfigurationCM" .) }} -not -name "conf" {{- end }} -not -name ".snapshot" -not -name "lost+found" | \ - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - xargs chown -R `id -u`:`id -G | cut -d " " -f2` - {{- else }} - xargs chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} - {{- end }} - {{- end }} - {{- if and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled }} - chmod -R 777 /dev/shm - {{- end }} - {{- if .Values.tls.enabled }} - cp /tmp/certs/* /opt/bitnami/postgresql/certs/ - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - chown -R `id -u`:`id -G | cut -d " " -f2` /opt/bitnami/postgresql/certs/ - {{- else }} - chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} /opt/bitnami/postgresql/certs/ - {{- end }} - chmod 600 {{ template "postgresql.tlsCertKey" . }} - {{- end }} - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - securityContext: - {{- else }} - securityContext: - runAsUser: {{ .Values.volumePermissions.securityContext.runAsUser }} - {{- end }} - volumeMounts: - {{ if .Values.persistence.enabled }} - - name: data - mountPath: {{ .Values.persistence.mountPath }} - subPath: {{ .Values.persistence.subPath }} - {{- end }} - {{- if .Values.shmVolume.enabled }} - - name: dshm - mountPath: /dev/shm - {{- end }} - {{- if .Values.tls.enabled }} - - name: raw-certificates - mountPath: /tmp/certs - - name: postgresql-certificates - mountPath: /opt/bitnami/postgresql/certs - {{- end }} - {{- end }} - {{- if .Values.slave.extraInitContainers }} -{{ tpl .Values.slave.extraInitContainers . | indent 8 }} - {{- end }} - {{- end }} - {{- if .Values.slave.priorityClassName }} - priorityClassName: {{ .Values.slave.priorityClassName }} - {{- end }} - containers: - - name: {{ template "postgresql.fullname" . }} - image: {{ template "postgresql.image" . }} - imagePullPolicy: "{{ .Values.image.pullPolicy }}" - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- end }} - {{- if .Values.securityContext.enabled }} - securityContext: - runAsUser: {{ .Values.securityContext.runAsUser }} - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" .Values.image.debug | quote }} - - name: POSTGRESQL_VOLUME_DIR - value: "{{ .Values.persistence.mountPath }}" - - name: POSTGRESQL_PORT_NUMBER - value: "{{ template "postgresql.port" . }}" - {{- if .Values.persistence.mountPath }} - - name: PGDATA - value: {{ .Values.postgresqlDataDir | quote }} - {{- end }} - - name: POSTGRES_REPLICATION_MODE - value: "slave" - - name: POSTGRES_REPLICATION_USER - value: {{ include "postgresql.replication.username" . | quote }} - {{- if .Values.usePasswordFile }} - - name: POSTGRES_REPLICATION_PASSWORD_FILE - value: "/opt/bitnami/postgresql/secrets/postgresql-replication-password" - {{- else }} - - name: POSTGRES_REPLICATION_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "postgresql.secretName" . }} - key: postgresql-replication-password - {{- end }} - - name: POSTGRES_CLUSTER_APP_NAME - value: {{ .Values.replication.applicationName }} - - name: POSTGRES_MASTER_HOST - value: {{ template "postgresql.fullname" . }} - - name: POSTGRES_MASTER_PORT_NUMBER - value: {{ include "postgresql.port" . | quote }} - {{- if and (not (eq .Values.postgresqlUsername "postgres")) (or .Values.postgresqlPostgresPassword (include "postgresql.useExistingSecret" .)) }} - {{- if .Values.usePasswordFile }} - - name: POSTGRES_POSTGRES_PASSWORD_FILE - value: "/opt/bitnami/postgresql/secrets/postgresql-postgres-password" - {{- else }} - - name: POSTGRES_POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "postgresql.secretName" . }} - key: postgresql-postgres-password - {{- end }} - {{- end }} - {{- if .Values.usePasswordFile }} - - name: POSTGRES_PASSWORD_FILE - value: "/opt/bitnami/postgresql/secrets/postgresql-password" - {{- else }} - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "postgresql.secretName" . }} - key: postgresql-password - {{- end }} - - name: POSTGRESQL_ENABLE_TLS - value: {{ ternary "yes" "no" .Values.tls.enabled | quote }} - {{- if .Values.tls.enabled }} - - name: POSTGRESQL_TLS_PREFER_SERVER_CIPHERS - value: {{ ternary "yes" "no" .Values.tls.preferServerCiphers | quote }} - - name: POSTGRESQL_TLS_CERT_FILE - value: {{ template "postgresql.tlsCert" . }} - - name: POSTGRESQL_TLS_KEY_FILE - value: {{ template "postgresql.tlsCertKey" . }} - {{- if .Values.tls.certCAFilename }} - - name: POSTGRESQL_TLS_CA_FILE - value: {{ template "postgresql.tlsCACert" . }} - {{- end }} - {{- if .Values.tls.crlFilename }} - - name: POSTGRESQL_TLS_CRL_FILE - value: {{ template "postgresql.tlsCRL" . }} - {{- end }} - {{- end }} - ports: - - name: tcp-postgresql - containerPort: {{ template "postgresql.port" . }} - {{- if .Values.livenessProbe.enabled }} - livenessProbe: - exec: - command: - - /bin/sh - - -c - {{- if (include "postgresql.database" .) }} - - exec pg_isready -U {{ include "postgresql.username" . | quote }} -d "dbname={{ include "postgresql.database" . }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}{{- end }}" -h 127.0.0.1 -p {{ template "postgresql.port" . }} - {{- else }} - - exec pg_isready -U {{ include "postgresql.username" . | quote }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} -d "sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}"{{- end }} -h 127.0.0.1 -p {{ template "postgresql.port" . }} - {{- end }} - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.livenessProbe.failureThreshold }} - {{- end }} - {{- if .Values.readinessProbe.enabled }} - readinessProbe: - exec: - command: - - /bin/sh - - -c - - -e - {{- include "postgresql.readinessProbeCommand" . | nindent 16 }} - initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.readinessProbe.failureThreshold }} - {{- end }} - volumeMounts: - {{- if .Values.usePasswordFile }} - - name: postgresql-password - mountPath: /opt/bitnami/postgresql/secrets/ - {{- end }} - {{- if .Values.shmVolume.enabled }} - - name: dshm - mountPath: /dev/shm - {{- end }} - {{- if .Values.persistence.enabled }} - - name: data - mountPath: {{ .Values.persistence.mountPath }} - subPath: {{ .Values.persistence.subPath }} - {{ end }} - {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }} - - name: postgresql-extended-config - mountPath: /bitnami/postgresql/conf/conf.d/ - {{- end }} - {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap }} - - name: postgresql-config - mountPath: /bitnami/postgresql/conf - {{- end }} - {{- if .Values.tls.enabled }} - - name: postgresql-certificates - mountPath: /opt/bitnami/postgresql/certs - readOnly: true - {{- end }} - {{- if .Values.slave.extraVolumeMounts }} - {{- toYaml .Values.slave.extraVolumeMounts | nindent 12 }} - {{- end }} -{{- if .Values.slave.sidecars }} -{{- include "postgresql.tplValue" ( dict "value" .Values.slave.sidecars "context" $ ) | nindent 8 }} -{{- end }} - volumes: - {{- if .Values.usePasswordFile }} - - name: postgresql-password - secret: - secretName: {{ template "postgresql.secretName" . }} - {{- end }} - {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap}} - - name: postgresql-config - configMap: - name: {{ template "postgresql.configurationCM" . }} - {{- end }} - {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }} - - name: postgresql-extended-config - configMap: - name: {{ template "postgresql.extendedConfigurationCM" . }} - {{- end }} - {{- if .Values.tls.enabled }} - - name: raw-certificates - secret: - secretName: {{ required "A secret containing TLS certificates is required when TLS is enabled" .Values.tls.certificatesSecret }} - - name: postgresql-certificates - emptyDir: {} - {{- end }} - {{- if .Values.shmVolume.enabled }} - - name: dshm - emptyDir: - medium: Memory - sizeLimit: 1Gi - {{- end }} - {{- if or (not .Values.persistence.enabled) (not .Values.slave.persistence.enabled) }} - - name: data - emptyDir: {} - {{- end }} - {{- if .Values.slave.extraVolumes }} - {{- toYaml .Values.slave.extraVolumes | nindent 8 }} - {{- end }} - updateStrategy: - type: {{ .Values.updateStrategy.type }} - {{- if (eq "Recreate" .Values.updateStrategy.type) }} - rollingUpdate: null - {{- end }} -{{- if and .Values.persistence.enabled .Values.slave.persistence.enabled }} - volumeClaimTemplates: - - metadata: - name: data - {{- with .Values.persistence.annotations }} - annotations: - {{- range $key, $value := . }} - {{ $key }}: {{ $value }} - {{- end }} - {{- end }} - spec: - accessModes: - {{- range .Values.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - {{ include "postgresql.storageClass" . }} -{{- end }} -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/statefulset.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/statefulset.yaml deleted file mode 100755 index 0e6eefebb..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/statefulset.yaml +++ /dev/null @@ -1,514 +0,0 @@ -apiVersion: {{ template "postgresql.statefulset.apiVersion" . }} -kind: StatefulSet -metadata: - name: {{ template "postgresql.master.fullname" . }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- with .Values.master.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- with .Values.master.annotations }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - serviceName: {{ template "postgresql.fullname" . }}-headless - replicas: 1 - updateStrategy: - type: {{ .Values.updateStrategy.type }} - {{- if (eq "Recreate" .Values.updateStrategy.type) }} - rollingUpdate: null - {{- end }} - selector: - matchLabels: - {{- include "common.labels.matchLabels" . | nindent 6 }} - role: master - template: - metadata: - name: {{ template "postgresql.fullname" . }} - labels: - {{- include "common.labels.standard" . | nindent 8 }} - role: master - {{- with .Values.master.podLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.master.podAnnotations }} - annotations: {{- toYaml . | nindent 8 }} - {{- end }} - spec: - {{- if .Values.schedulerName }} - schedulerName: "{{ .Values.schedulerName }}" - {{- end }} -{{- include "postgresql.imagePullSecrets" . | indent 6 }} - {{- if .Values.master.nodeSelector }} - nodeSelector: {{- toYaml .Values.master.nodeSelector | nindent 8 }} - {{- end }} - {{- if .Values.master.affinity }} - affinity: {{- toYaml .Values.master.affinity | nindent 8 }} - {{- end }} - {{- if .Values.master.tolerations }} - tolerations: {{- toYaml .Values.master.tolerations | nindent 8 }} - {{- end }} - {{- if .Values.terminationGracePeriodSeconds }} - terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} - {{- end }} - {{- if .Values.securityContext.enabled }} - securityContext: - fsGroup: {{ .Values.securityContext.fsGroup }} - {{- end }} - {{- if .Values.serviceAccount.enabled }} - serviceAccountName: {{ default (include "postgresql.fullname" . ) .Values.serviceAccount.name }} - {{- end }} - {{- if or .Values.master.extraInitContainers (and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled))) }} - initContainers: - {{- if and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled) .Values.tls.enabled) }} - - name: init-chmod-data - image: {{ template "postgresql.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- end }} - command: - - /bin/sh - - -cx - - | - {{- if .Values.persistence.enabled }} - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - chown `id -u`:`id -G | cut -d " " -f2` {{ .Values.persistence.mountPath }} - {{- else }} - chown {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} {{ .Values.persistence.mountPath }} - {{- end }} - mkdir -p {{ .Values.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.persistence.mountPath }}/conf {{- end }} - chmod 700 {{ .Values.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.persistence.mountPath }}/conf {{- end }} - find {{ .Values.persistence.mountPath }} -mindepth 1 -maxdepth 1 {{- if not (include "postgresql.mountConfigurationCM" .) }} -not -name "conf" {{- end }} -not -name ".snapshot" -not -name "lost+found" | \ - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - xargs chown -R `id -u`:`id -G | cut -d " " -f2` - {{- else }} - xargs chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} - {{- end }} - {{- end }} - {{- if and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled }} - chmod -R 777 /dev/shm - {{- end }} - {{- if .Values.tls.enabled }} - cp /tmp/certs/* /opt/bitnami/postgresql/certs/ - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - chown -R `id -u`:`id -G | cut -d " " -f2` /opt/bitnami/postgresql/certs/ - {{- else }} - chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} /opt/bitnami/postgresql/certs/ - {{- end }} - chmod 600 {{ template "postgresql.tlsCertKey" . }} - {{- end }} - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - securityContext: - {{- else }} - securityContext: - runAsUser: {{ .Values.volumePermissions.securityContext.runAsUser }} - {{- end }} - volumeMounts: - {{- if .Values.persistence.enabled }} - - name: data - mountPath: {{ .Values.persistence.mountPath }} - subPath: {{ .Values.persistence.subPath }} - {{- end }} - {{- if .Values.shmVolume.enabled }} - - name: dshm - mountPath: /dev/shm - {{- end }} - {{- if .Values.tls.enabled }} - - name: raw-certificates - mountPath: /tmp/certs - - name: postgresql-certificates - mountPath: /opt/bitnami/postgresql/certs - {{- end }} - {{- end }} - {{- if .Values.master.extraInitContainers }} - {{- include "postgresql.tplValue" ( dict "value" .Values.master.extraInitContainers "context" $ ) | nindent 8 }} - {{- end }} - {{- end }} - {{- if .Values.master.priorityClassName }} - priorityClassName: {{ .Values.master.priorityClassName }} - {{- end }} - containers: - - name: {{ template "postgresql.fullname" . }} - image: {{ template "postgresql.image" . }} - imagePullPolicy: "{{ .Values.image.pullPolicy }}" - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- end }} - {{- if .Values.securityContext.enabled }} - securityContext: - runAsUser: {{ .Values.securityContext.runAsUser }} - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" .Values.image.debug | quote }} - - name: POSTGRESQL_PORT_NUMBER - value: "{{ template "postgresql.port" . }}" - - name: POSTGRESQL_VOLUME_DIR - value: "{{ .Values.persistence.mountPath }}" - {{- if .Values.postgresqlInitdbArgs }} - - name: POSTGRES_INITDB_ARGS - value: {{ .Values.postgresqlInitdbArgs | quote }} - {{- end }} - {{- if .Values.postgresqlInitdbWalDir }} - - name: POSTGRES_INITDB_WALDIR - value: {{ .Values.postgresqlInitdbWalDir | quote }} - {{- end }} - {{- if .Values.initdbUser }} - - name: POSTGRESQL_INITSCRIPTS_USERNAME - value: {{ .Values.initdbUser }} - {{- end }} - {{- if .Values.initdbPassword }} - - name: POSTGRESQL_INITSCRIPTS_PASSWORD - value: {{ .Values.initdbPassword }} - {{- end }} - {{- if .Values.persistence.mountPath }} - - name: PGDATA - value: {{ .Values.postgresqlDataDir | quote }} - {{- end }} - {{- if .Values.replication.enabled }} - - name: POSTGRES_REPLICATION_MODE - value: "master" - - name: POSTGRES_REPLICATION_USER - value: {{ include "postgresql.replication.username" . | quote }} - {{- if .Values.usePasswordFile }} - - name: POSTGRES_REPLICATION_PASSWORD_FILE - value: "/opt/bitnami/postgresql/secrets/postgresql-replication-password" - {{- else }} - - name: POSTGRES_REPLICATION_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "postgresql.secretName" . }} - key: postgresql-replication-password - {{- end }} - {{- if not (eq .Values.replication.synchronousCommit "off")}} - - name: POSTGRES_SYNCHRONOUS_COMMIT_MODE - value: {{ .Values.replication.synchronousCommit | quote }} - - name: POSTGRES_NUM_SYNCHRONOUS_REPLICAS - value: {{ .Values.replication.numSynchronousReplicas | quote }} - {{- end }} - - name: POSTGRES_CLUSTER_APP_NAME - value: {{ .Values.replication.applicationName }} - {{- end }} - {{- if and (not (eq .Values.postgresqlUsername "postgres")) (or .Values.postgresqlPostgresPassword (include "postgresql.useExistingSecret" .)) }} - {{- if .Values.usePasswordFile }} - - name: POSTGRES_POSTGRES_PASSWORD_FILE - value: "/opt/bitnami/postgresql/secrets/postgresql-postgres-password" - {{- else }} - - name: POSTGRES_POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "postgresql.secretName" . }} - key: postgresql-postgres-password - {{- end }} - {{- end }} - - name: POSTGRES_USER - value: {{ include "postgresql.username" . | quote }} - {{- if .Values.usePasswordFile }} - - name: POSTGRES_PASSWORD_FILE - value: "/opt/bitnami/postgresql/secrets/postgresql-password" - {{- else }} - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "postgresql.secretName" . }} - key: postgresql-password - {{- end }} - {{- if (include "postgresql.database" .) }} - - name: POSTGRES_DB - value: {{ (include "postgresql.database" .) | quote }} - {{- end }} - {{- if .Values.extraEnv }} - {{- include "postgresql.tplValue" (dict "value" .Values.extraEnv "context" $) | nindent 12 }} - {{- end }} - - name: POSTGRESQL_ENABLE_LDAP - value: {{ ternary "yes" "no" .Values.ldap.enabled | quote }} - {{- if .Values.ldap.enabled }} - - name: POSTGRESQL_LDAP_SERVER - value: {{ .Values.ldap.server }} - - name: POSTGRESQL_LDAP_PORT - value: {{ .Values.ldap.port | quote }} - - name: POSTGRESQL_LDAP_SCHEME - value: {{ .Values.ldap.scheme }} - {{- if .Values.ldap.tls }} - - name: POSTGRESQL_LDAP_TLS - value: "1" - {{- end}} - - name: POSTGRESQL_LDAP_PREFIX - value: {{ .Values.ldap.prefix | quote }} - - name: POSTGRESQL_LDAP_SUFFIX - value: {{ .Values.ldap.suffix | quote}} - - name: POSTGRESQL_LDAP_BASE_DN - value: {{ .Values.ldap.baseDN }} - - name: POSTGRESQL_LDAP_BIND_DN - value: {{ .Values.ldap.bindDN }} - {{- if (not (empty .Values.ldap.bind_password)) }} - - name: POSTGRESQL_LDAP_BIND_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "postgresql.secretName" . }} - key: postgresql-ldap-password - {{- end}} - - name: POSTGRESQL_LDAP_SEARCH_ATTR - value: {{ .Values.ldap.search_attr }} - - name: POSTGRESQL_LDAP_SEARCH_FILTER - value: {{ .Values.ldap.search_filter }} - - name: POSTGRESQL_LDAP_URL - value: {{ .Values.ldap.url }} - {{- end}} - - name: POSTGRESQL_ENABLE_TLS - value: {{ ternary "yes" "no" .Values.tls.enabled | quote }} - {{- if .Values.tls.enabled }} - - name: POSTGRESQL_TLS_PREFER_SERVER_CIPHERS - value: {{ ternary "yes" "no" .Values.tls.preferServerCiphers | quote }} - - name: POSTGRESQL_TLS_CERT_FILE - value: {{ template "postgresql.tlsCert" . }} - - name: POSTGRESQL_TLS_KEY_FILE - value: {{ template "postgresql.tlsCertKey" . }} - {{- if .Values.tls.certCAFilename }} - - name: POSTGRESQL_TLS_CA_FILE - value: {{ template "postgresql.tlsCACert" . }} - {{- end }} - {{- if .Values.tls.crlFilename }} - - name: POSTGRESQL_TLS_CRL_FILE - value: {{ template "postgresql.tlsCRL" . }} - {{- end }} - {{- end }} - {{- if .Values.extraEnvVarsCM }} - envFrom: - - configMapRef: - name: {{ tpl .Values.extraEnvVarsCM . }} - {{- end }} - ports: - - name: tcp-postgresql - containerPort: {{ template "postgresql.port" . }} - {{- if .Values.livenessProbe.enabled }} - livenessProbe: - exec: - command: - - /bin/sh - - -c - {{- if (include "postgresql.database" .) }} - - exec pg_isready -U {{ include "postgresql.username" . | quote }} -d "dbname={{ include "postgresql.database" . }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}{{- end }}" -h 127.0.0.1 -p {{ template "postgresql.port" . }} - {{- else }} - - exec pg_isready -U {{ include "postgresql.username" . | quote }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} -d "sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}"{{- end }} -h 127.0.0.1 -p {{ template "postgresql.port" . }} - {{- end }} - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.livenessProbe.failureThreshold }} - {{- end }} - {{- if .Values.readinessProbe.enabled }} - readinessProbe: - exec: - command: - - /bin/sh - - -c - - -e - {{- include "postgresql.readinessProbeCommand" . | nindent 16 }} - initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.readinessProbe.failureThreshold }} - {{- end }} - volumeMounts: - {{- if or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScriptsConfigMap .Values.initdbScripts }} - - name: custom-init-scripts - mountPath: /docker-entrypoint-initdb.d/ - {{- end }} - {{- if .Values.initdbScriptsSecret }} - - name: custom-init-scripts-secret - mountPath: /docker-entrypoint-initdb.d/secret - {{- end }} - {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }} - - name: postgresql-extended-config - mountPath: /bitnami/postgresql/conf/conf.d/ - {{- end }} - {{- if .Values.usePasswordFile }} - - name: postgresql-password - mountPath: /opt/bitnami/postgresql/secrets/ - {{- end }} - {{- if .Values.tls.enabled }} - - name: postgresql-certificates - mountPath: /opt/bitnami/postgresql/certs - readOnly: true - {{- end }} - {{- if .Values.shmVolume.enabled }} - - name: dshm - mountPath: /dev/shm - {{- end }} - {{- if .Values.persistence.enabled }} - - name: data - mountPath: {{ .Values.persistence.mountPath }} - subPath: {{ .Values.persistence.subPath }} - {{- end }} - {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap }} - - name: postgresql-config - mountPath: /bitnami/postgresql/conf - {{- end }} - {{- if .Values.master.extraVolumeMounts }} - {{- toYaml .Values.master.extraVolumeMounts | nindent 12 }} - {{- end }} -{{- if .Values.master.sidecars }} -{{- include "postgresql.tplValue" ( dict "value" .Values.master.sidecars "context" $ ) | nindent 8 }} -{{- end }} -{{- if .Values.metrics.enabled }} - - name: metrics - image: {{ template "postgresql.metrics.image" . }} - imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} - {{- if .Values.metrics.securityContext.enabled }} - securityContext: - runAsUser: {{ .Values.metrics.securityContext.runAsUser }} - {{- end }} - env: - {{- $database := required "In order to enable metrics you need to specify a database (.Values.postgresqlDatabase or .Values.global.postgresql.postgresqlDatabase)" (include "postgresql.database" .) }} - {{- $sslmode := ternary "require" "disable" .Values.tls.enabled }} - {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} - - name: DATA_SOURCE_NAME - value: {{ printf "host=127.0.0.1 port=%d user=%s sslmode=%s sslcert=%s sslkey=%s" (int (include "postgresql.port" .)) (include "postgresql.username" .) $sslmode (include "postgresql.tlsCert" .) (include "postgresql.tlsCertKey" .) }} - {{- else }} - - name: DATA_SOURCE_URI - value: {{ printf "127.0.0.1:%d/%s?sslmode=%s" (int (include "postgresql.port" .)) $database $sslmode }} - {{- end }} - {{- if .Values.usePasswordFile }} - - name: DATA_SOURCE_PASS_FILE - value: "/opt/bitnami/postgresql/secrets/postgresql-password" - {{- else }} - - name: DATA_SOURCE_PASS - valueFrom: - secretKeyRef: - name: {{ template "postgresql.secretName" . }} - key: postgresql-password - {{- end }} - - name: DATA_SOURCE_USER - value: {{ template "postgresql.username" . }} - {{- if .Values.metrics.extraEnvVars }} - {{- include "postgresql.tplValue" (dict "value" .Values.metrics.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: / - port: http-metrics - initialDelaySeconds: {{ .Values.metrics.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.metrics.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.metrics.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.metrics.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.metrics.livenessProbe.failureThreshold }} - {{- end }} - {{- if .Values.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: / - port: http-metrics - initialDelaySeconds: {{ .Values.metrics.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.metrics.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.metrics.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.metrics.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.metrics.readinessProbe.failureThreshold }} - {{- end }} - volumeMounts: - {{- if .Values.usePasswordFile }} - - name: postgresql-password - mountPath: /opt/bitnami/postgresql/secrets/ - {{- end }} - {{- if .Values.tls.enabled }} - - name: postgresql-certificates - mountPath: /opt/bitnami/postgresql/certs - readOnly: true - {{- end }} - {{- if .Values.metrics.customMetrics }} - - name: custom-metrics - mountPath: /conf - readOnly: true - args: ["--extend.query-path", "/conf/custom-metrics.yaml"] - {{- end }} - ports: - - name: http-metrics - containerPort: 9187 - {{- if .Values.metrics.resources }} - resources: {{- toYaml .Values.metrics.resources | nindent 12 }} - {{- end }} -{{- end }} - volumes: - {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap}} - - name: postgresql-config - configMap: - name: {{ template "postgresql.configurationCM" . }} - {{- end }} - {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }} - - name: postgresql-extended-config - configMap: - name: {{ template "postgresql.extendedConfigurationCM" . }} - {{- end }} - {{- if .Values.usePasswordFile }} - - name: postgresql-password - secret: - secretName: {{ template "postgresql.secretName" . }} - {{- end }} - {{- if or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScriptsConfigMap .Values.initdbScripts }} - - name: custom-init-scripts - configMap: - name: {{ template "postgresql.initdbScriptsCM" . }} - {{- end }} - {{- if .Values.initdbScriptsSecret }} - - name: custom-init-scripts-secret - secret: - secretName: {{ template "postgresql.initdbScriptsSecret" . }} - {{- end }} - {{- if .Values.tls.enabled }} - - name: raw-certificates - secret: - secretName: {{ required "A secret containing TLS certificates is required when TLS is enabled" .Values.tls.certificatesSecret }} - - name: postgresql-certificates - emptyDir: {} - {{- end }} - {{- if .Values.master.extraVolumes }} - {{- toYaml .Values.master.extraVolumes | nindent 8 }} - {{- end }} - {{- if and .Values.metrics.enabled .Values.metrics.customMetrics }} - - name: custom-metrics - configMap: - name: {{ template "postgresql.metricsCM" . }} - {{- end }} - {{- if .Values.shmVolume.enabled }} - - name: dshm - emptyDir: - medium: Memory - sizeLimit: 1Gi - {{- end }} -{{- if and .Values.persistence.enabled .Values.persistence.existingClaim }} - - name: data - persistentVolumeClaim: -{{- with .Values.persistence.existingClaim }} - claimName: {{ tpl . $ }} -{{- end }} -{{- else if not .Values.persistence.enabled }} - - name: data - emptyDir: {} -{{- else if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} - volumeClaimTemplates: - - metadata: - name: data - {{- with .Values.persistence.annotations }} - annotations: - {{- range $key, $value := . }} - {{ $key }}: {{ $value }} - {{- end }} - {{- end }} - spec: - accessModes: - {{- range .Values.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - {{ include "postgresql.storageClass" . }} -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/svc-headless.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/svc-headless.yaml deleted file mode 100755 index 49131578a..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/svc-headless.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "postgresql.fullname" . }}-headless - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - type: ClusterIP - clusterIP: None - ports: - - name: tcp-postgresql - port: {{ template "postgresql.port" . }} - targetPort: tcp-postgresql - selector: - {{- include "common.labels.matchLabels" . | nindent 4 }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/svc-read.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/svc-read.yaml deleted file mode 100755 index 885c7bb04..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/svc-read.yaml +++ /dev/null @@ -1,42 +0,0 @@ -{{- if .Values.replication.enabled }} -{{- $serviceAnnotations := coalesce .Values.slave.service.annotations .Values.service.annotations -}} -{{- $serviceType := coalesce .Values.slave.service.type .Values.service.type -}} -{{- $serviceLoadBalancerIP := coalesce .Values.slave.service.loadBalancerIP .Values.service.loadBalancerIP -}} -{{- $serviceLoadBalancerSourceRanges := coalesce .Values.slave.service.loadBalancerSourceRanges .Values.service.loadBalancerSourceRanges -}} -{{- $serviceClusterIP := coalesce .Values.slave.service.clusterIP .Values.service.clusterIP -}} -{{- $serviceNodePort := coalesce .Values.slave.service.nodePort .Values.service.nodePort -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "postgresql.fullname" . }}-read - labels: - {{- include "common.labels.standard" . | nindent 4 }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if $serviceAnnotations }} - {{- include "postgresql.tplValue" (dict "value" $serviceAnnotations "context" $) | nindent 4 }} - {{- end }} -spec: - type: {{ $serviceType }} - {{- if and $serviceLoadBalancerIP (eq $serviceType "LoadBalancer") }} - loadBalancerIP: {{ $serviceLoadBalancerIP }} - {{- end }} - {{- if and (eq $serviceType "LoadBalancer") $serviceLoadBalancerSourceRanges }} - loadBalancerSourceRanges: {{- include "postgresql.tplValue" (dict "value" $serviceLoadBalancerSourceRanges "context" $) | nindent 4 }} - {{- end }} - {{- if and (eq $serviceType "ClusterIP") $serviceClusterIP }} - clusterIP: {{ $serviceClusterIP }} - {{- end }} - ports: - - name: tcp-postgresql - port: {{ template "postgresql.port" . }} - targetPort: tcp-postgresql - {{- if $serviceNodePort }} - nodePort: {{ $serviceNodePort }} - {{- end }} - selector: - {{- include "common.labels.matchLabels" . | nindent 4 }} - role: slave -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/svc.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/svc.yaml deleted file mode 100755 index e9fc50456..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/svc.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- $serviceAnnotations := coalesce .Values.master.service.annotations .Values.service.annotations -}} -{{- $serviceType := coalesce .Values.master.service.type .Values.service.type -}} -{{- $serviceLoadBalancerIP := coalesce .Values.master.service.loadBalancerIP .Values.service.loadBalancerIP -}} -{{- $serviceLoadBalancerSourceRanges := coalesce .Values.master.service.loadBalancerSourceRanges .Values.service.loadBalancerSourceRanges -}} -{{- $serviceClusterIP := coalesce .Values.master.service.clusterIP .Values.service.clusterIP -}} -{{- $serviceNodePort := coalesce .Values.master.service.nodePort .Values.service.nodePort -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "postgresql.fullname" . }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if $serviceAnnotations }} - {{- include "postgresql.tplValue" (dict "value" $serviceAnnotations "context" $) | nindent 4 }} - {{- end }} -spec: - type: {{ $serviceType }} - {{- if and $serviceLoadBalancerIP (eq $serviceType "LoadBalancer") }} - loadBalancerIP: {{ $serviceLoadBalancerIP }} - {{- end }} - {{- if and (eq $serviceType "LoadBalancer") $serviceLoadBalancerSourceRanges }} - loadBalancerSourceRanges: {{- include "postgresql.tplValue" (dict "value" $serviceLoadBalancerSourceRanges "context" $) | nindent 4 }} - {{- end }} - {{- if and (eq $serviceType "ClusterIP") $serviceClusterIP }} - clusterIP: {{ $serviceClusterIP }} - {{- end }} - ports: - - name: tcp-postgresql - port: {{ template "postgresql.port" . }} - targetPort: tcp-postgresql - {{- if $serviceNodePort }} - nodePort: {{ $serviceNodePort }} - {{- end }} - selector: - {{- include "common.labels.matchLabels" . | nindent 4 }} - role: master diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/values-production.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/values-production.yaml deleted file mode 100755 index c08014549..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/values-production.yaml +++ /dev/null @@ -1,594 +0,0 @@ -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry and imagePullSecrets -## -global: - postgresql: {} -# imageRegistry: myRegistryName -# imagePullSecrets: -# - myRegistryKeySecretName -# storageClass: myStorageClass - -## Bitnami PostgreSQL image version -## ref: https://hub.docker.com/r/bitnami/postgresql/tags/ -## -image: - registry: docker.io - repository: bitnami/postgresql - tag: 11.9.0-debian-10-r1 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - - ## Set to true if you would like to see extra information on logs - ## It turns BASH and NAMI debugging in minideb - ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging - debug: false - -## String to partially override postgresql.fullname template (will maintain the release name) -## -# nameOverride: - -## String to fully override postgresql.fullname template -## -# fullnameOverride: - -## -## Init containers parameters: -## volumePermissions: Change the owner of the persist volume mountpoint to RunAsUser:fsGroup -## -volumePermissions: - enabled: false - image: - registry: docker.io - repository: bitnami/minideb - tag: buster - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: Always - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - ## Init container Security Context - ## Note: the chown of the data folder is done to securityContext.runAsUser - ## and not the below volumePermissions.securityContext.runAsUser - ## When runAsUser is set to special value "auto", init container will try to chwon the - ## data folder to autodetermined user&group, using commands: `id -u`:`id -G | cut -d" " -f2` - ## "auto" is especially useful for OpenShift which has scc with dynamic userids (and 0 is not allowed). - ## You may want to use this volumePermissions.securityContext.runAsUser="auto" in combination with - ## pod securityContext.enabled=false and shmVolume.chmod.enabled=false - ## - securityContext: - runAsUser: 0 - -## Use an alternate scheduler, e.g. "stork". -## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ -## -# schedulerName: - -## Pod Security Context -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ -## -securityContext: - enabled: true - fsGroup: 1001 - runAsUser: 1001 - -## Pod Service Account -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ -serviceAccount: - enabled: false - ## Name of an already existing service account. Setting this value disables the automatic service account creation. - # name: - -## Pod Security Policy -## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ -psp: - create: false - -## Creates role for ServiceAccount -## Required for PSP -rbac: - create: false - -replication: - enabled: true - user: repl_user - password: repl_password - slaveReplicas: 2 - ## Set synchronous commit mode: on, off, remote_apply, remote_write and local - ## ref: https://www.postgresql.org/docs/9.6/runtime-config-wal.html#GUC-WAL-LEVEL - synchronousCommit: 'on' - ## From the number of `slaveReplicas` defined above, set the number of those that will have synchronous replication - ## NOTE: It cannot be > slaveReplicas - numSynchronousReplicas: 1 - ## Replication Cluster application name. Useful for defining multiple replication policies - applicationName: my_application - -## PostgreSQL admin password (used when `postgresqlUsername` is not `postgres`) -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-user-on-first-run (see note!) -# postgresqlPostgresPassword: - -## PostgreSQL user (has superuser privileges if username is `postgres`) -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run -postgresqlUsername: postgres - -## PostgreSQL password -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run -## -# postgresqlPassword: - -## PostgreSQL password using existing secret -## existingSecret: secret - -## Mount PostgreSQL secret as a file instead of passing environment variable -# usePasswordFile: false - -## Create a database -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-on-first-run -## -# postgresqlDatabase: - -## PostgreSQL data dir -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md -## -postgresqlDataDir: /bitnami/postgresql/data - -## An array to add extra environment variables -## For example: -## extraEnv: -## - name: FOO -## value: "bar" -## -# extraEnv: -extraEnv: [] - -## Name of a ConfigMap containing extra env vars -## -# extraEnvVarsCM: - -## Specify extra initdb args -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md -## -# postgresqlInitdbArgs: - -## Specify a custom location for the PostgreSQL transaction log -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md -## -# postgresqlInitdbWalDir: - -## PostgreSQL configuration -## Specify runtime configuration parameters as a dict, using camelCase, e.g. -## {"sharedBuffers": "500MB"} -## Alternatively, you can put your postgresql.conf under the files/ directory -## ref: https://www.postgresql.org/docs/current/static/runtime-config.html -## -# postgresqlConfiguration: - -## PostgreSQL extended configuration -## As above, but _appended_ to the main configuration -## Alternatively, you can put your *.conf under the files/conf.d/ directory -## https://github.com/bitnami/bitnami-docker-postgresql#allow-settings-to-be-loaded-from-files-other-than-the-default-postgresqlconf -## -# postgresqlExtendedConf: - -## PostgreSQL client authentication configuration -## Specify content for pg_hba.conf -## Default: do not create pg_hba.conf -## Alternatively, you can put your pg_hba.conf under the files/ directory -# pgHbaConfiguration: |- -# local all all trust -# host all all localhost trust -# host mydatabase mysuser 192.168.0.0/24 md5 - -## ConfigMap with PostgreSQL configuration -## NOTE: This will override postgresqlConfiguration and pgHbaConfiguration -# configurationConfigMap: - -## ConfigMap with PostgreSQL extended configuration -# extendedConfConfigMap: - -## initdb scripts -## Specify dictionary of scripts to be run at first boot -## Alternatively, you can put your scripts under the files/docker-entrypoint-initdb.d directory -## -# initdbScripts: -# my_init_script.sh: | -# #!/bin/sh -# echo "Do something." - -## Specify the PostgreSQL username and password to execute the initdb scripts -# initdbUser: -# initdbPassword: - -## ConfigMap with scripts to be run at first boot -## NOTE: This will override initdbScripts -# initdbScriptsConfigMap: - -## Secret with scripts to be run at first boot (in case it contains sensitive information) -## NOTE: This can work along initdbScripts or initdbScriptsConfigMap -# initdbScriptsSecret: - -## Optional duration in seconds the pod needs to terminate gracefully. -## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods -## -# terminationGracePeriodSeconds: 30 - -## LDAP configuration -## -ldap: - enabled: false - url: '' - server: '' - port: '' - prefix: '' - suffix: '' - baseDN: '' - bindDN: '' - bind_password: - search_attr: '' - search_filter: '' - scheme: '' - tls: false - -## PostgreSQL service configuration -service: - ## PosgresSQL service type - type: ClusterIP - # clusterIP: None - port: 5432 - - ## Specify the nodePort value for the LoadBalancer and NodePort service types. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## - # nodePort: - - ## Provide any additional annotations which may be required. Evaluated as a template. - ## - annotations: {} - ## Set the LoadBalancer service type to internal only. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - # loadBalancerIP: - ## Load Balancer sources. Evaluated as a template. - ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## - # loadBalancerSourceRanges: - # - 10.10.10.0/24 - -## Start master and slave(s) pod(s) without limitations on shm memory. -## By default docker and containerd (and possibly other container runtimes) -## limit `/dev/shm` to `64M` (see e.g. the -## [docker issue](https://github.com/docker-library/postgres/issues/416) and the -## [containerd issue](https://github.com/containerd/containerd/issues/3654), -## which could be not enough if PostgreSQL uses parallel workers heavily. -## -shmVolume: - ## Set `shmVolume.enabled` to `true` to mount a new tmpfs volume to remove - ## this limitation. - ## - enabled: true - ## Set to `true` to `chmod 777 /dev/shm` on a initContainer. - ## This option is ingored if `volumePermissions.enabled` is `false` - ## - chmod: - enabled: true - -## PostgreSQL data Persistent Volume Storage Class -## If defined, storageClassName: -## If set to "-", storageClassName: "", which disables dynamic provisioning -## If undefined (the default) or set to null, no storageClassName spec is -## set, choosing the default provisioner. (gp2 on AWS, standard on -## GKE, AWS & OpenStack) -## -persistence: - enabled: true - ## A manually managed Persistent Volume and Claim - ## If defined, PVC must be created manually before volume will be bound - ## The value is evaluated as a template, so, for example, the name can depend on .Release or .Chart - ## - # existingClaim: - - ## The path the volume will be mounted at, useful when using different - ## PostgreSQL images. - ## - mountPath: /bitnami/postgresql - - ## The subdirectory of the volume to mount to, useful in dev environments - ## and one PV for multiple services. - ## - subPath: '' - - # storageClass: "-" - accessModes: - - ReadWriteOnce - size: 8Gi - annotations: {} - -## updateStrategy for PostgreSQL StatefulSet and its slaves StatefulSets -## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies -updateStrategy: - type: RollingUpdate - -## -## PostgreSQL Master parameters -## -master: - ## Node, affinity, tolerations, and priorityclass settings for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature - ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption - nodeSelector: {} - affinity: {} - tolerations: [] - labels: {} - annotations: {} - podLabels: {} - podAnnotations: {} - priorityClassName: '' - ## Additional PostgreSQL Master Volume mounts - ## - extraVolumeMounts: [] - ## Additional PostgreSQL Master Volumes - ## - extraVolumes: [] - ## Add sidecars to the pod - ## - ## For example: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - sidecars: [] - - ## Override the service configuration for master - ## - service: {} - # type: - # nodePort: - # clusterIP: - -## -## PostgreSQL Slave parameters -## -slave: - ## Node, affinity, tolerations, and priorityclass settings for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature - ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption - nodeSelector: {} - affinity: {} - tolerations: [] - labels: {} - annotations: {} - podLabels: {} - podAnnotations: {} - priorityClassName: '' - ## Extra init containers - ## Example - ## - ## extraInitContainers: - ## - name: do-something - ## image: busybox - ## command: ['do', 'something'] - extraInitContainers: [] - ## Additional PostgreSQL Slave Volume mounts - ## - extraVolumeMounts: [] - ## Additional PostgreSQL Slave Volumes - ## - extraVolumes: [] - ## Add sidecars to the pod - ## - ## For example: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - sidecars: [] - - ## Override the service configuration for slave - ## - service: {} - # type: - # nodePort: - # clusterIP: - ## Whether to enable PostgreSQL slave replicas data Persistent - ## - persistence: - enabled: true - -## Configure resource requests and limits -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## -resources: - requests: - memory: 256Mi - cpu: 250m - -## Add annotations to all the deployed resources -## -commonAnnotations: {} - -networkPolicy: - ## Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now. - ## - enabled: false - - ## The Policy model to apply. When set to false, only pods with the correct - ## client label will have network access to the port PostgreSQL is listening - ## on. When true, PostgreSQL will accept connections from any source - ## (with the correct destination port). - ## - allowExternal: true - - ## if explicitNamespacesSelector is missing or set to {}, only client Pods that are in the networkPolicy's namespace - ## and that match other criteria, the ones that have the good label, can reach the DB. - ## But sometimes, we want the DB to be accessible to clients from other namespaces, in this case, we can use this - ## LabelSelector to select these namespaces, note that the networkPolicy's namespace should also be explicitly added. - ## - ## Example: - ## explicitNamespacesSelector: - ## matchLabels: - ## role: frontend - ## matchExpressions: - ## - {key: role, operator: In, values: [frontend]} - explicitNamespacesSelector: {} - -## Configure extra options for liveness and readiness probes -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) -livenessProbe: - enabled: true - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - -readinessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - -## -## TLS configuration -## -tls: - # Enable TLS traffic - enabled: false - # - # Whether to use the server's TLS cipher preferences rather than the client's. - preferServerCiphers: true - # - # Name of the Secret that contains the certificates - certificatesSecret: '' - # - # Certificate filename - certFilename: '' - # - # Certificate Key filename - certKeyFilename: '' - # - # CA Certificate filename - # If provided, PostgreSQL will authenticate TLS/SSL clients by requesting them a certificate - # ref: https://www.postgresql.org/docs/9.6/auth-methods.html - certCAFilename: - # - # File containing a Certificate Revocation List - crlFilename: - -## Configure metrics exporter -## -metrics: - enabled: true - # resources: {} - service: - type: ClusterIP - annotations: - prometheus.io/scrape: 'true' - prometheus.io/port: '9187' - loadBalancerIP: - serviceMonitor: - enabled: false - additionalLabels: {} - # namespace: monitoring - # interval: 30s - # scrapeTimeout: 10s - ## Custom PrometheusRule to be defined - ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart - ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions - prometheusRule: - enabled: false - additionalLabels: {} - namespace: '' - ## These are just examples rules, please adapt them to your needs. - ## Make sure to constraint the rules to the current postgresql service. - ## rules: - ## - alert: HugeReplicationLag - ## expr: pg_replication_lag{service="{{ template "postgresql.fullname" . }}-metrics"} / 3600 > 1 - ## for: 1m - ## labels: - ## severity: critical - ## annotations: - ## description: replication for {{ template "postgresql.fullname" . }} PostgreSQL is lagging by {{ "{{ $value }}" }} hour(s). - ## summary: PostgreSQL replication is lagging by {{ "{{ $value }}" }} hour(s). - rules: [] - - image: - registry: docker.io - repository: bitnami/postgres-exporter - tag: 0.8.0-debian-10-r188 - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - ## Define additional custom metrics - ## ref: https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file - # customMetrics: - # pg_database: - # query: "SELECT d.datname AS name, CASE WHEN pg_catalog.has_database_privilege(d.datname, 'CONNECT') THEN pg_catalog.pg_database_size(d.datname) ELSE 0 END AS size FROM pg_catalog.pg_database d where datname not in ('template0', 'template1', 'postgres')" - # metrics: - # - name: - # usage: "LABEL" - # description: "Name of the database" - # - size_bytes: - # usage: "GAUGE" - # description: "Size of the database in bytes" - ## An array to add extra env vars to configure postgres-exporter - ## see: https://github.com/wrouesnel/postgres_exporter#environment-variables - ## For example: - # extraEnvVars: - # - name: PG_EXPORTER_DISABLE_DEFAULT_METRICS - # value: "true" - extraEnvVars: {} - - ## Pod Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - ## - securityContext: - enabled: false - runAsUser: 1001 - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) - ## Configure extra options for liveness and readiness probes - livenessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - - readinessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/values.schema.json b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/values.schema.json deleted file mode 100755 index 7b5e2efc3..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/values.schema.json +++ /dev/null @@ -1,103 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "type": "object", - "properties": { - "postgresqlUsername": { - "type": "string", - "title": "Admin user", - "form": true - }, - "postgresqlPassword": { - "type": "string", - "title": "Password", - "form": true - }, - "persistence": { - "type": "object", - "properties": { - "size": { - "type": "string", - "title": "Persistent Volume Size", - "form": true, - "render": "slider", - "sliderMin": 1, - "sliderMax": 100, - "sliderUnit": "Gi" - } - } - }, - "resources": { - "type": "object", - "title": "Required Resources", - "description": "Configure resource requests", - "form": true, - "properties": { - "requests": { - "type": "object", - "properties": { - "memory": { - "type": "string", - "form": true, - "render": "slider", - "title": "Memory Request", - "sliderMin": 10, - "sliderMax": 2048, - "sliderUnit": "Mi" - }, - "cpu": { - "type": "string", - "form": true, - "render": "slider", - "title": "CPU Request", - "sliderMin": 10, - "sliderMax": 2000, - "sliderUnit": "m" - } - } - } - } - }, - "replication": { - "type": "object", - "form": true, - "title": "Replication Details", - "properties": { - "enabled": { - "type": "boolean", - "title": "Enable Replication", - "form": true - }, - "slaveReplicas": { - "type": "integer", - "title": "Slave Replicas", - "form": true, - "hidden": { - "value": false, - "path": "replication/enabled" - } - } - } - }, - "volumePermissions": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "form": true, - "title": "Enable Init Containers", - "description": "Change the owner of the persist volume mountpoint to RunAsUser:fsGroup" - } - } - }, - "metrics": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "title": "Configure metrics exporter", - "form": true - } - } - } - } -} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/values.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/values.yaml deleted file mode 100755 index f45c4183d..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/values.yaml +++ /dev/null @@ -1,600 +0,0 @@ -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry and imagePullSecrets -## -global: - postgresql: {} -# imageRegistry: myRegistryName -# imagePullSecrets: -# - myRegistryKeySecretName -# storageClass: myStorageClass - -## Bitnami PostgreSQL image version -## ref: https://hub.docker.com/r/bitnami/postgresql/tags/ -## -image: - registry: docker.io - repository: bitnami/postgresql - tag: 11.9.0-debian-10-r1 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - - ## Set to true if you would like to see extra information on logs - ## It turns BASH and NAMI debugging in minideb - ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging - debug: false - -## String to partially override postgresql.fullname template (will maintain the release name) -## -# nameOverride: - -## String to fully override postgresql.fullname template -## -# fullnameOverride: - -## -## Init containers parameters: -## volumePermissions: Change the owner of the persist volume mountpoint to RunAsUser:fsGroup -## -volumePermissions: - enabled: false - image: - registry: docker.io - repository: bitnami/minideb - tag: buster - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: Always - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - ## Init container Security Context - ## Note: the chown of the data folder is done to securityContext.runAsUser - ## and not the below volumePermissions.securityContext.runAsUser - ## When runAsUser is set to special value "auto", init container will try to chwon the - ## data folder to autodetermined user&group, using commands: `id -u`:`id -G | cut -d" " -f2` - ## "auto" is especially useful for OpenShift which has scc with dynamic userids (and 0 is not allowed). - ## You may want to use this volumePermissions.securityContext.runAsUser="auto" in combination with - ## pod securityContext.enabled=false and shmVolume.chmod.enabled=false - ## - securityContext: - runAsUser: 0 - -## Use an alternate scheduler, e.g. "stork". -## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ -## -# schedulerName: - -## Pod Security Context -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ -## -securityContext: - enabled: true - fsGroup: 1001 - runAsUser: 1001 - -## Pod Service Account -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ -serviceAccount: - enabled: false - ## Name of an already existing service account. Setting this value disables the automatic service account creation. - # name: - -## Pod Security Policy -## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ -psp: - create: false - -## Creates role for ServiceAccount -## Required for PSP -rbac: - create: false - -replication: - enabled: false - user: repl_user - password: repl_password - slaveReplicas: 1 - ## Set synchronous commit mode: on, off, remote_apply, remote_write and local - ## ref: https://www.postgresql.org/docs/9.6/runtime-config-wal.html#GUC-WAL-LEVEL - synchronousCommit: 'off' - ## From the number of `slaveReplicas` defined above, set the number of those that will have synchronous replication - ## NOTE: It cannot be > slaveReplicas - numSynchronousReplicas: 0 - ## Replication Cluster application name. Useful for defining multiple replication policies - applicationName: my_application - -## PostgreSQL admin password (used when `postgresqlUsername` is not `postgres`) -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-user-on-first-run (see note!) -# postgresqlPostgresPassword: - -## PostgreSQL user (has superuser privileges if username is `postgres`) -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run -postgresqlUsername: postgres - -## PostgreSQL password -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run -## -# postgresqlPassword: - -## PostgreSQL password using existing secret -## existingSecret: secret - -## Mount PostgreSQL secret as a file instead of passing environment variable -# usePasswordFile: false - -## Create a database -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-on-first-run -## -# postgresqlDatabase: - -## PostgreSQL data dir -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md -## -postgresqlDataDir: /bitnami/postgresql/data - -## An array to add extra environment variables -## For example: -## extraEnv: -## - name: FOO -## value: "bar" -## -# extraEnv: -extraEnv: [] - -## Name of a ConfigMap containing extra env vars -## -# extraEnvVarsCM: - -## Specify extra initdb args -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md -## -# postgresqlInitdbArgs: - -## Specify a custom location for the PostgreSQL transaction log -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md -## -# postgresqlInitdbWalDir: - -## PostgreSQL configuration -## Specify runtime configuration parameters as a dict, using camelCase, e.g. -## {"sharedBuffers": "500MB"} -## Alternatively, you can put your postgresql.conf under the files/ directory -## ref: https://www.postgresql.org/docs/current/static/runtime-config.html -## -# postgresqlConfiguration: - -## PostgreSQL extended configuration -## As above, but _appended_ to the main configuration -## Alternatively, you can put your *.conf under the files/conf.d/ directory -## https://github.com/bitnami/bitnami-docker-postgresql#allow-settings-to-be-loaded-from-files-other-than-the-default-postgresqlconf -## -# postgresqlExtendedConf: - -## PostgreSQL client authentication configuration -## Specify content for pg_hba.conf -## Default: do not create pg_hba.conf -## Alternatively, you can put your pg_hba.conf under the files/ directory -# pgHbaConfiguration: |- -# local all all trust -# host all all localhost trust -# host mydatabase mysuser 192.168.0.0/24 md5 - -## ConfigMap with PostgreSQL configuration -## NOTE: This will override postgresqlConfiguration and pgHbaConfiguration -# configurationConfigMap: - -## ConfigMap with PostgreSQL extended configuration -# extendedConfConfigMap: - -## initdb scripts -## Specify dictionary of scripts to be run at first boot -## Alternatively, you can put your scripts under the files/docker-entrypoint-initdb.d directory -## -# initdbScripts: -# my_init_script.sh: | -# #!/bin/sh -# echo "Do something." - -## ConfigMap with scripts to be run at first boot -## NOTE: This will override initdbScripts -# initdbScriptsConfigMap: - -## Secret with scripts to be run at first boot (in case it contains sensitive information) -## NOTE: This can work along initdbScripts or initdbScriptsConfigMap -# initdbScriptsSecret: - -## Specify the PostgreSQL username and password to execute the initdb scripts -# initdbUser: -# initdbPassword: - -## Optional duration in seconds the pod needs to terminate gracefully. -## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods -## -# terminationGracePeriodSeconds: 30 - -## LDAP configuration -## -ldap: - enabled: false - url: '' - server: '' - port: '' - prefix: '' - suffix: '' - baseDN: '' - bindDN: '' - bind_password: - search_attr: '' - search_filter: '' - scheme: '' - tls: false - -## PostgreSQL service configuration -service: - ## PosgresSQL service type - type: ClusterIP - # clusterIP: None - port: 5432 - - ## Specify the nodePort value for the LoadBalancer and NodePort service types. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## - # nodePort: - - ## Provide any additional annotations which may be required. Evaluated as a template. - ## - annotations: {} - ## Set the LoadBalancer service type to internal only. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - # loadBalancerIP: - ## Load Balancer sources. Evaluated as a template. - ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## - # loadBalancerSourceRanges: - # - 10.10.10.0/24 - -## Start master and slave(s) pod(s) without limitations on shm memory. -## By default docker and containerd (and possibly other container runtimes) -## limit `/dev/shm` to `64M` (see e.g. the -## [docker issue](https://github.com/docker-library/postgres/issues/416) and the -## [containerd issue](https://github.com/containerd/containerd/issues/3654), -## which could be not enough if PostgreSQL uses parallel workers heavily. -## -shmVolume: - ## Set `shmVolume.enabled` to `true` to mount a new tmpfs volume to remove - ## this limitation. - ## - enabled: true - ## Set to `true` to `chmod 777 /dev/shm` on a initContainer. - ## This option is ingored if `volumePermissions.enabled` is `false` - ## - chmod: - enabled: true - -## PostgreSQL data Persistent Volume Storage Class -## If defined, storageClassName: -## If set to "-", storageClassName: "", which disables dynamic provisioning -## If undefined (the default) or set to null, no storageClassName spec is -## set, choosing the default provisioner. (gp2 on AWS, standard on -## GKE, AWS & OpenStack) -## -persistence: - enabled: true - ## A manually managed Persistent Volume and Claim - ## If defined, PVC must be created manually before volume will be bound - ## The value is evaluated as a template, so, for example, the name can depend on .Release or .Chart - ## - # existingClaim: - - ## The path the volume will be mounted at, useful when using different - ## PostgreSQL images. - ## - mountPath: /bitnami/postgresql - - ## The subdirectory of the volume to mount to, useful in dev environments - ## and one PV for multiple services. - ## - subPath: '' - - # storageClass: "-" - accessModes: - - ReadWriteOnce - size: 8Gi - annotations: {} - -## updateStrategy for PostgreSQL StatefulSet and its slaves StatefulSets -## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies -updateStrategy: - type: RollingUpdate - -## -## PostgreSQL Master parameters -## -master: - ## Node, affinity, tolerations, and priorityclass settings for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature - ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption - nodeSelector: {} - affinity: {} - tolerations: [] - labels: {} - annotations: {} - podLabels: {} - podAnnotations: {} - priorityClassName: '' - ## Extra init containers - ## Example - ## - ## extraInitContainers: - ## - name: do-something - ## image: busybox - ## command: ['do', 'something'] - extraInitContainers: [] - - ## Additional PostgreSQL Master Volume mounts - ## - extraVolumeMounts: [] - ## Additional PostgreSQL Master Volumes - ## - extraVolumes: [] - ## Add sidecars to the pod - ## - ## For example: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - sidecars: [] - - ## Override the service configuration for master - ## - service: {} - # type: - # nodePort: - # clusterIP: - -## -## PostgreSQL Slave parameters -## -slave: - ## Node, affinity, tolerations, and priorityclass settings for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature - ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption - nodeSelector: {} - affinity: {} - tolerations: [] - labels: {} - annotations: {} - podLabels: {} - podAnnotations: {} - priorityClassName: '' - extraInitContainers: | - # - name: do-something - # image: busybox - # command: ['do', 'something'] - ## Additional PostgreSQL Slave Volume mounts - ## - extraVolumeMounts: [] - ## Additional PostgreSQL Slave Volumes - ## - extraVolumes: [] - ## Add sidecars to the pod - ## - ## For example: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - sidecars: [] - - ## Override the service configuration for slave - ## - service: {} - # type: - # nodePort: - # clusterIP: - ## Whether to enable PostgreSQL slave replicas data Persistent - ## - persistence: - enabled: true - -## Configure resource requests and limits -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## -resources: - requests: - memory: 256Mi - cpu: 250m - -## Add annotations to all the deployed resources -## -commonAnnotations: {} - -networkPolicy: - ## Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now. - ## - enabled: false - - ## The Policy model to apply. When set to false, only pods with the correct - ## client label will have network access to the port PostgreSQL is listening - ## on. When true, PostgreSQL will accept connections from any source - ## (with the correct destination port). - ## - allowExternal: true - - ## if explicitNamespacesSelector is missing or set to {}, only client Pods that are in the networkPolicy's namespace - ## and that match other criteria, the ones that have the good label, can reach the DB. - ## But sometimes, we want the DB to be accessible to clients from other namespaces, in this case, we can use this - ## LabelSelector to select these namespaces, note that the networkPolicy's namespace should also be explicitly added. - ## - ## Example: - ## explicitNamespacesSelector: - ## matchLabels: - ## role: frontend - ## matchExpressions: - ## - {key: role, operator: In, values: [frontend]} - explicitNamespacesSelector: {} - -## Configure extra options for liveness and readiness probes -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) -livenessProbe: - enabled: true - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - -readinessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - -## -## TLS configuration -## -tls: - # Enable TLS traffic - enabled: false - # - # Whether to use the server's TLS cipher preferences rather than the client's. - preferServerCiphers: true - # - # Name of the Secret that contains the certificates - certificatesSecret: '' - # - # Certificate filename - certFilename: '' - # - # Certificate Key filename - certKeyFilename: '' - # - # CA Certificate filename - # If provided, PostgreSQL will authenticate TLS/SSL clients by requesting them a certificate - # ref: https://www.postgresql.org/docs/9.6/auth-methods.html - certCAFilename: - # - # File containing a Certificate Revocation List - crlFilename: - -## Configure metrics exporter -## -metrics: - enabled: false - # resources: {} - service: - type: ClusterIP - annotations: - prometheus.io/scrape: 'true' - prometheus.io/port: '9187' - loadBalancerIP: - serviceMonitor: - enabled: false - additionalLabels: {} - # namespace: monitoring - # interval: 30s - # scrapeTimeout: 10s - ## Custom PrometheusRule to be defined - ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart - ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions - prometheusRule: - enabled: false - additionalLabels: {} - namespace: '' - ## These are just examples rules, please adapt them to your needs. - ## Make sure to constraint the rules to the current postgresql service. - ## rules: - ## - alert: HugeReplicationLag - ## expr: pg_replication_lag{service="{{ template "postgresql.fullname" . }}-metrics"} / 3600 > 1 - ## for: 1m - ## labels: - ## severity: critical - ## annotations: - ## description: replication for {{ template "postgresql.fullname" . }} PostgreSQL is lagging by {{ "{{ $value }}" }} hour(s). - ## summary: PostgreSQL replication is lagging by {{ "{{ $value }}" }} hour(s). - rules: [] - - image: - registry: docker.io - repository: bitnami/postgres-exporter - tag: 0.8.0-debian-10-r188 - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - ## Define additional custom metrics - ## ref: https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file - # customMetrics: - # pg_database: - # query: "SELECT d.datname AS name, CASE WHEN pg_catalog.has_database_privilege(d.datname, 'CONNECT') THEN pg_catalog.pg_database_size(d.datname) ELSE 0 END AS size_bytes FROM pg_catalog.pg_database d where datname not in ('template0', 'template1', 'postgres')" - # metrics: - # - name: - # usage: "LABEL" - # description: "Name of the database" - # - size_bytes: - # usage: "GAUGE" - # description: "Size of the database in bytes" - # - ## An array to add extra env vars to configure postgres-exporter - ## see: https://github.com/wrouesnel/postgres_exporter#environment-variables - ## For example: - # extraEnvVars: - # - name: PG_EXPORTER_DISABLE_DEFAULT_METRICS - # value: "true" - extraEnvVars: {} - - ## Pod Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - ## - securityContext: - enabled: false - runAsUser: 1001 - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) - ## Configure extra options for liveness and readiness probes - livenessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - - readinessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/ci/access-tls-values.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/ci/access-tls-values.yaml deleted file mode 100755 index 4dabc956e..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/ci/access-tls-values.yaml +++ /dev/null @@ -1,11 +0,0 @@ -databaseUpgradeReady: true -# To Fix ct tool --reuse-values - PASSWORDS ERROR: you must provide your current passwords when upgrade the release -postgresql: - image: - tag: 12.3.0-debian-10-r71 - postgresqlPassword: password -access: - accessConfig: - security: - tls: true - resetAccessCAKeys: true diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/ci/default-values.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/ci/default-values.yaml deleted file mode 100755 index a43d84d26..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/ci/default-values.yaml +++ /dev/null @@ -1,6 +0,0 @@ -# Leave this file empty to ensure that CI runs builds against the default configuration in values.yaml. -databaseUpgradeReady: true - -# To Fix ct tool --reuse-values - PASSWORDS ERROR: you must provide your current passwords when upgrade the release -postgresql: - postgresqlPassword: password diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/ci/derby-test-values.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/ci/derby-test-values.yaml deleted file mode 100755 index cb86aaf54..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/ci/derby-test-values.yaml +++ /dev/null @@ -1,4 +0,0 @@ -databaseUpgradeReady: true - -postgresql: - enabled: false diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/ci/global-values.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/ci/global-values.yaml deleted file mode 100755 index 8c964a822..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/ci/global-values.yaml +++ /dev/null @@ -1,47 +0,0 @@ -databaseUpgradeReady: true -# To Fix ct tool --reuse-values - PASSWORDS ERROR: you must provide your current passwords when upgrade the release -postgresql: - postgresqlPassword: password -global: - versions: - artifactory: 7.11.2 - masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF - joinKey: EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE - customInitContainers: | - - name: "custom-setup" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" - command: - - 'sh' - - '-c' - - 'touch {{ .Values.artifactory.persistence.mountPath }}/example-custom-setup' - volumeMounts: - - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - name: artifactory-volume - # Add custom volumes - customVolumes: | - - name: custom-script - emptyDir: - sizeLimit: 100Mi - # Add custom volumesMounts - customVolumeMounts: | - - name: custom-script - mountPath: "/scripts" - # Add custom sidecar containers - customSidecarContainers: | - - name: "sidecar-list-etc" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" - securityContext: - allowPrivilegeEscalation: false - command: ["sh","-c","echo 'Sidecar is running' >> /scripts/sidecar.txt; cat /scripts/sidecar.txt; while true; do sleep 30; done"] - volumeMounts: - - mountPath: "/scripts" - name: custom-script - resources: - requests: - memory: "32Mi" - cpu: "50m" - limits: - memory: "128Mi" - cpu: "100m" diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/ci/migration-disabled-values.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/ci/migration-disabled-values.yaml deleted file mode 100755 index f79cbc02f..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/ci/migration-disabled-values.yaml +++ /dev/null @@ -1,7 +0,0 @@ -databaseUpgradeReady: true -# To Fix ct tool --reuse-values - PASSWORDS ERROR: you must provide your current passwords when upgrade the release -postgresql: - postgresqlPassword: password -artifactory: - migration: - enabled: false diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/ci/test-values.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/ci/test-values.yaml deleted file mode 100755 index 8adcd943f..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/ci/test-values.yaml +++ /dev/null @@ -1,13 +0,0 @@ -databaseUpgradeReady: true -artifactory: - persistence: - enabled: true - -postgresql: - image: - tag: 9.6.18-debian-10-r7 - postgresqlPassword: password - postgresqlExtendedConf: - maxConnections: 102 - persistence: - enabled: true diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/files/migrate.sh b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/files/migrate.sh deleted file mode 100755 index e35bfdbb2..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/files/migrate.sh +++ /dev/null @@ -1,4339 +0,0 @@ -#!/bin/bash - -# Flags -FLAG_Y="y" -FLAG_N="n" -FLAGS_Y_N="$FLAG_Y $FLAG_N" -FLAG_NOT_APPLICABLE="_NA_" - -CURRENT_VERSION=$1 - -WRAPPER_SCRIPT_TYPE_RPMDEB="RPMDEB" -WRAPPER_SCRIPT_TYPE_DOCKER_COMPOSE="DOCKERCOMPOSE" - -SENSITIVE_KEY_VALUE="__sensitive_key_hidden___" - -# Shared system keys -SYS_KEY_SHARED_JFROGURL="shared.jfrogUrl" -SYS_KEY_SHARED_SECURITY_JOINKEY="shared.security.joinKey" -SYS_KEY_SHARED_SECURITY_MASTERKEY="shared.security.masterKey" - -SYS_KEY_SHARED_NODE_ID="shared.node.id" -SYS_KEY_SHARED_JAVAHOME="shared.javaHome" - -SYS_KEY_SHARED_DATABASE_TYPE="shared.database.type" -SYS_KEY_SHARED_DATABASE_TYPE_VALUE_POSTGRES="postgresql" -SYS_KEY_SHARED_DATABASE_DRIVER="shared.database.driver" -SYS_KEY_SHARED_DATABASE_URL="shared.database.url" -SYS_KEY_SHARED_DATABASE_USERNAME="shared.database.username" -SYS_KEY_SHARED_DATABASE_PASSWORD="shared.database.password" - -SYS_KEY_SHARED_ELASTICSEARCH_URL="shared.elasticsearch.url" -SYS_KEY_SHARED_ELASTICSEARCH_USERNAME="shared.elasticsearch.username" -SYS_KEY_SHARED_ELASTICSEARCH_PASSWORD="shared.elasticsearch.password" -SYS_KEY_SHARED_ELASTICSEARCH_CLUSTERSETUP="shared.elasticsearch.clusterSetup" -SYS_KEY_SHARED_ELASTICSEARCH_UNICASTFILE="shared.elasticsearch.unicastFile" -SYS_KEY_SHARED_ELASTICSEARCH_CLUSTERSETUP_VALUE="YES" - -# Define this in product specific script. Should contain the path to unitcast file -# File used by insight server to write cluster active nodes info. This will be read by elasticsearch -#SYS_KEY_SHARED_ELASTICSEARCH_UNICASTFILE_VALUE="" - -SYS_KEY_RABBITMQ_ACTIVE_NODE_NAME="shared.rabbitMq.active.node.name" -SYS_KEY_RABBITMQ_ACTIVE_NODE_IP="shared.rabbitMq.active.node.ip" - -# Filenames -FILE_NAME_SYSTEM_YAML="system.yaml" -FILE_NAME_JOIN_KEY="join.key" -FILE_NAME_MASTER_KEY="master.key" -FILE_NAME_INSTALLER_YAML="installer.yaml" - -# Global constants used in business logic -NODE_TYPE_STANDALONE="standalone" -NODE_TYPE_CLUSTER_NODE="node" -NODE_TYPE_DATABASE="database" - -# External(isable) databases -DATABASE_POSTGRES="POSTGRES" -DATABASE_ELASTICSEARCH="ELASTICSEARCH" -DATABASE_RABBITMQ="RABBITMQ" - -POSTGRES_LABEL="PostgreSQL" -ELASTICSEARCH_LABEL="Elasticsearch" -RABBITMQ_LABEL="Rabbitmq" - -ARTIFACTORY_LABEL="Artifactory" -JFMC_LABEL="Mission Control" -DISTRIBUTION_LABEL="Distribution" -XRAY_LABEL="Xray" - -POSTGRES_CONTAINER="postgres" -ELASTICSEARCH_CONTAINER="elasticsearch" -RABBITMQ_CONTAINER="rabbitmq" -REDIS_CONTAINER="redis" - -#Adding a small timeout before a read ensures it is positioned correctly in the screen -read_timeout=0.5 - -# Options related to data directory location -PROMPT_DATA_DIR_LOCATION="Installation Directory" -KEY_DATA_DIR_LOCATION="installer.data_dir" - -SYS_KEY_SHARED_NODE_HAENABLED="shared.node.haEnabled" -PROMPT_ADD_TO_CLUSTER="Are you adding an additional node to an existing product cluster?" -KEY_ADD_TO_CLUSTER="installer.ha" -VALID_VALUES_ADD_TO_CLUSTER="$FLAGS_Y_N" - -MESSAGE_POSTGRES_INSTALL="The installer can install a $POSTGRES_LABEL database, or you can connect to an existing compatible $POSTGRES_LABEL database\n(compatible databases: https://www.jfrog.com/confluence/display/JFROG/System+Requirements#SystemRequirements-RequirementsMatrix)" -PROMPT_POSTGRES_INSTALL="Do you want to install $POSTGRES_LABEL?" -KEY_POSTGRES_INSTALL="installer.install_postgresql" -VALID_VALUES_POSTGRES_INSTALL="$FLAGS_Y_N" - -# Postgres connection details -RPM_DEB_POSTGRES_HOME_DEFAULT="/var/opt/jfrog/postgres" -RPM_DEB_MESSAGE_STANDALONE_POSTGRES_DATA="$POSTGRES_LABEL home will have data and its configuration" -RPM_DEB_PROMPT_STANDALONE_POSTGRES_DATA="Type desired $POSTGRES_LABEL home location" -RPM_DEB_KEY_STANDALONE_POSTGRES_DATA="installer.postgresql.home" - -MESSAGE_DATABASE_URL="Provide the database connection details" -PROMPT_DATABASE_URL(){ - local databaseURlExample= - case "$PRODUCT_NAME" in - $ARTIFACTORY_LABEL) - databaseURlExample="jdbc:postgresql://:/artifactory" - ;; - $JFMC_LABEL) - databaseURlExample="postgresql://:/mission_control?sslmode=disable" - ;; - $DISTRIBUTION_LABEL) - databaseURlExample="jdbc:postgresql://:/distribution?sslmode=disable" - ;; - $XRAY_LABEL) - databaseURlExample="postgres://:/xraydb?sslmode=disable" - ;; - esac - if [ -z "$databaseURlExample" ]; then - echo -n "$POSTGRES_LABEL URL" # For consistency with username and password - return - fi - echo -n "$POSTGRES_LABEL url. Example: [$databaseURlExample]" -} -REGEX_DATABASE_URL(){ - local databaseURlExample= - case "$PRODUCT_NAME" in - $ARTIFACTORY_LABEL) - databaseURlExample="jdbc:postgresql://.*/artifactory.*" - ;; - $JFMC_LABEL) - databaseURlExample="postgresql://.*/mission_control.*" - ;; - $DISTRIBUTION_LABEL) - databaseURlExample="jdbc:postgresql://.*/distribution.*" - ;; - $XRAY_LABEL) - databaseURlExample="postgres://.*/xraydb.*" - ;; - esac - echo -n "^$databaseURlExample\$" -} -ERROR_MESSAGE_DATABASE_URL="Invalid $POSTGRES_LABEL URL" -KEY_DATABASE_URL="$SYS_KEY_SHARED_DATABASE_URL" -#NOTE: It is important to display the label. Since the message may be hidden if URL is known -PROMPT_DATABASE_USERNAME="$POSTGRES_LABEL username" -KEY_DATABASE_USERNAME="$SYS_KEY_SHARED_DATABASE_USERNAME" -#NOTE: It is important to display the label. Since the message may be hidden if URL is known -PROMPT_DATABASE_PASSWORD="$POSTGRES_LABEL password" -KEY_DATABASE_PASSWORD="$SYS_KEY_SHARED_DATABASE_PASSWORD" -IS_SENSITIVE_DATABASE_PASSWORD="$FLAG_Y" - -MESSAGE_STANDALONE_ELASTICSEARCH_INSTALL="The installer can install a $ELASTICSEARCH_LABEL database or you can connect to an existing compatible $ELASTICSEARCH_LABEL database" -PROMPT_STANDALONE_ELASTICSEARCH_INSTALL="Do you want to install $ELASTICSEARCH_LABEL?" -KEY_STANDALONE_ELASTICSEARCH_INSTALL="installer.install_elasticsearch" -VALID_VALUES_STANDALONE_ELASTICSEARCH_INSTALL="$FLAGS_Y_N" - -# Elasticsearch connection details -MESSAGE_ELASTICSEARCH_DETAILS="Provide the $ELASTICSEARCH_LABEL connection details" -PROMPT_ELASTICSEARCH_URL="$ELASTICSEARCH_LABEL URL" -KEY_ELASTICSEARCH_URL="$SYS_KEY_SHARED_ELASTICSEARCH_URL" - -PROMPT_ELASTICSEARCH_USERNAME="$ELASTICSEARCH_LABEL username" -KEY_ELASTICSEARCH_USERNAME="$SYS_KEY_SHARED_ELASTICSEARCH_USERNAME" - -PROMPT_ELASTICSEARCH_PASSWORD="$ELASTICSEARCH_LABEL password" -KEY_ELASTICSEARCH_PASSWORD="$SYS_KEY_SHARED_ELASTICSEARCH_PASSWORD" -IS_SENSITIVE_ELASTICSEARCH_PASSWORD="$FLAG_Y" - -# Cluster related questions -MESSAGE_CLUSTER_MASTER_KEY="Provide the cluster's master key. It can be found in the data directory of the first node under /etc/security/master.key" -PROMPT_CLUSTER_MASTER_KEY="Master Key" -KEY_CLUSTER_MASTER_KEY="$SYS_KEY_SHARED_SECURITY_MASTERKEY" -IS_SENSITIVE_CLUSTER_MASTER_KEY="$FLAG_Y" - -MESSAGE_JOIN_KEY="The Join key is the secret key used to establish trust between services in the JFrog Platform.\n(You can copy the Join Key from Admin > Security > Settings)" -PROMPT_JOIN_KEY="Join Key" -KEY_JOIN_KEY="$SYS_KEY_SHARED_SECURITY_JOINKEY" -IS_SENSITIVE_JOIN_KEY="$FLAG_Y" -REGEX_JOIN_KEY="^[a-zA-Z0-9]{16,}\$" -ERROR_MESSAGE_JOIN_KEY="Invalid Join Key" - -# Rabbitmq related cluster information -MESSAGE_RABBITMQ_ACTIVE_NODE_NAME="Provide an active ${RABBITMQ_LABEL} node name. Run the command [ hostname -s ] on any of the existing nodes in the product cluster to get this" -PROMPT_RABBITMQ_ACTIVE_NODE_NAME="${RABBITMQ_LABEL} active node name" -KEY_RABBITMQ_ACTIVE_NODE_NAME="$SYS_KEY_RABBITMQ_ACTIVE_NODE_NAME" - -# Rabbitmq related cluster information (necessary only for docker-compose) -PROMPT_RABBITMQ_ACTIVE_NODE_IP="${RABBITMQ_LABEL} active node ip" -KEY_RABBITMQ_ACTIVE_NODE_IP="$SYS_KEY_RABBITMQ_ACTIVE_NODE_IP" - -MESSAGE_JFROGURL(){ - echo -e "The JFrog URL allows ${PRODUCT_NAME} to connect to a JFrog Platform Instance.\n(You can copy the JFrog URL from Admin > Security > Settings)" -} -PROMPT_JFROGURL="JFrog URL" -KEY_JFROGURL="$SYS_KEY_SHARED_JFROGURL" -REGEX_JFROGURL="^https?://.*:{0,}[0-9]{0,4}\$" -ERROR_MESSAGE_JFROGURL="Invalid JFrog URL" - - -# Set this to FLAG_Y on upgrade -IS_UPGRADE="${FLAG_N}" - -# This belongs in JFMC but is the ONLY one that needs it so keeping it here for now. Can be made into a method and overridden if necessary -MESSAGE_MULTIPLE_PG_SCHEME="Please setup $POSTGRES_LABEL with schema as described in https://www.jfrog.com/confluence/display/JFROG/Installing+Mission+Control" - -_getMethodOutputOrVariableValue() { - unset EFFECTIVE_MESSAGE - local keyToSearch=$1 - local effectiveMessage= - local result="0" - # logSilly "Searching for method: [$keyToSearch]" - LC_ALL=C type "$keyToSearch" > /dev/null 2>&1 || result="$?" - if [[ "$result" == "0" ]]; then - # logSilly "Found method for [$keyToSearch]" - EFFECTIVE_MESSAGE="$($keyToSearch)" - return - fi - eval EFFECTIVE_MESSAGE=\${$keyToSearch} - if [ ! -z "$EFFECTIVE_MESSAGE" ]; then - return - fi - # logSilly "Didn't find method or variable for [$keyToSearch]" -} - - -# REF https://misc.flogisoft.com/bash/tip_colors_and_formatting -cClear="\e[0m" -cBlue="\e[38;5;69m" -cRedDull="\e[1;31m" -cYellow="\e[1;33m" -cRedBright="\e[38;5;197m" -cBold="\e[1m" - - -_loggerGetModeRaw() { - local MODE="$1" - case $MODE in - INFO) - printf "" - ;; - DEBUG) - printf "%s" "[${MODE}] " - ;; - WARN) - printf "${cRedDull}%s%s${cClear}" "[" "${MODE}" "] " - ;; - ERROR) - printf "${cRedBright}%s%s${cClear}" "[" "${MODE}" "] " - ;; - esac -} - - -_loggerGetMode() { - local MODE="$1" - case $MODE in - INFO) - printf "${cBlue}%s%-5s%s${cClear}" "[" "${MODE}" "]" - ;; - DEBUG) - printf "%-7s" "[${MODE}]" - ;; - WARN) - printf "${cRedDull}%s%-5s%s${cClear}" "[" "${MODE}" "]" - ;; - ERROR) - printf "${cRedBright}%s%-5s%s${cClear}" "[" "${MODE}" "]" - ;; - esac -} - -# Capitalises the first letter of the message -_loggerGetMessage() { - local originalMessage="$*" - local firstChar=$(echo "${originalMessage:0:1}" | awk '{ print toupper($0) }') - local resetOfMessage="${originalMessage:1}" - echo "$firstChar$resetOfMessage" -} - -# The spec also says content should be left-trimmed but this is not necessary in our case. We don't reach the limit. -_loggerGetStackTrace() { - printf "%s%-30s%s" "[" "$1:$2" "]" -} - -_loggerGetThread() { - printf "%s" "[main]" -} - -_loggerGetServiceType() { - printf "%s%-5s%s" "[" "shell" "]" -} - -#Trace ID is not applicable to scripts -_loggerGetTraceID() { - printf "%s" "[]" -} - -logRaw() { - echo "" - printf "$1" - echo "" -} - -logBold(){ - echo "" - printf "${cBold}$1${cClear}" - echo "" -} - -# The date binary works differently based on whether it is GNU/BSD -is_date_supported=0 -date --version > /dev/null 2>&1 || is_date_supported=1 -IS_GNU=$(echo $is_date_supported) - -_loggerGetTimestamp() { - if [ "${IS_GNU}" == "0" ]; then - echo -n $(date -u +%FT%T.%3NZ) - else - echo -n $(date -u +%FT%T.000Z) - fi -} - -# https://www.shellscript.sh/tips/spinner/ -_spin() -{ - spinner="/|\\-/|\\-" - while : - do - for i in `seq 0 7` - do - echo -n "${spinner:$i:1}" - echo -en "\010" - sleep 1 - done - done -} - -showSpinner() { - # Start the Spinner: - _spin & - # Make a note of its Process ID (PID): - SPIN_PID=$! - # Kill the spinner on any signal, including our own exit. - trap "kill -9 $SPIN_PID" `seq 0 15` &> /dev/null || return 0 -} - -stopSpinner() { - local occurrences=$(ps -ef | grep -wc "${SPIN_PID}") - let "occurrences+=0" - # validate that it is present (2 since this search itself will show up in the results) - if [ $occurrences -gt 1 ]; then - kill -9 $SPIN_PID &>/dev/null || return 0 - wait $SPIN_ID &>/dev/null - fi -} - -_getEffectiveMessage(){ - local MESSAGE="$1" - local MODE=${2-"INFO"} - - if [ -z "$CONTEXT" ]; then - CONTEXT=$(caller) - fi - - _EFFECTIVE_MESSAGE= - if [ -z "$LOG_BEHAVIOR_ADD_META" ]; then - _EFFECTIVE_MESSAGE="$(_loggerGetModeRaw $MODE)$(_loggerGetMessage $MESSAGE)" - else - local SERVICE_TYPE="script" - local TRACE_ID="" - local THREAD="main" - - local CONTEXT_LINE=$(echo "$CONTEXT" | awk '{print $1}') - local CONTEXT_FILE=$(echo "$CONTEXT" | awk -F"/" '{print $NF}') - - _EFFECTIVE_MESSAGE="$(_loggerGetTimestamp) $(_loggerGetServiceType) $(_loggerGetMode $MODE) $(_loggerGetTraceID) $(_loggerGetStackTrace $CONTEXT_FILE $CONTEXT_LINE) $(_loggerGetThread) - $(_loggerGetMessage $MESSAGE)" - fi - CONTEXT= -} - -# Important - don't call any log method from this method. Will become an infinite loop. Use echo to debug -_logToFile() { - local MODE=${1-"INFO"} - local targetFile="$LOG_BEHAVIOR_ADD_REDIRECTION" - # IF the file isn't passed, abort - if [ -z "$targetFile" ]; then - return - fi - # IF this is not being run in verbose mode and mode is debug or lower, abort - if [ "${VERBOSE_MODE}" != "$FLAG_Y" ] && [ "${VERBOSE_MODE}" != "true" ] && [ "${VERBOSE_MODE}" != "debug" ]; then - if [ "$MODE" == "DEBUG" ] || [ "$MODE" == "SILLY" ]; then - return - fi - fi - - # Create the file if it doesn't exist - if [ ! -f "${targetFile}" ]; then - return - # touch $targetFile > /dev/null 2>&1 || true - fi - # # Make it readable - # chmod 640 $targetFile > /dev/null 2>&1 || true - - # Log contents - printf "%s\n" "$_EFFECTIVE_MESSAGE" >> "$targetFile" || true -} - -logger() { - if [ "$LOG_BEHAVIOR_ADD_NEW_LINE" == "$FLAG_Y" ]; then - echo "" - fi - _getEffectiveMessage "$@" - local MODE=${2-"INFO"} - printf "%s\n" "$_EFFECTIVE_MESSAGE" - _logToFile "$MODE" -} - -logDebug(){ - VERBOSE_MODE=${VERBOSE_MODE-"false"} - CONTEXT=$(caller) - if [ "${VERBOSE_MODE}" == "$FLAG_Y" ] || [ "${VERBOSE_MODE}" == "true" ] || [ "${VERBOSE_MODE}" == "debug" ];then - logger "$1" "DEBUG" - else - logger "$1" "DEBUG" >&6 - fi - CONTEXT= -} - -logSilly(){ - VERBOSE_MODE=${VERBOSE_MODE-"false"} - CONTEXT=$(caller) - if [ "${VERBOSE_MODE}" == "silly" ];then - logger "$1" "DEBUG" - else - logger "$1" "DEBUG" >&6 - fi - CONTEXT= -} - -logError() { - CONTEXT=$(caller) - logger "$1" "ERROR" - CONTEXT= -} - -errorExit () { - CONTEXT=$(caller) - logger "$1" "ERROR" - CONTEXT= - exit 1 -} - -warn () { - CONTEXT=$(caller) - logger "$1" "WARN" - CONTEXT= -} - -note () { - CONTEXT=$(caller) - logger "$1" "NOTE" - CONTEXT= -} - -bannerStart() { - title=$1 - echo - echo -e "\033[1m${title}\033[0m" - echo -} - -bannerSection() { - title=$1 - echo - echo -e "******************************** ${title} ********************************" - echo -} - -bannerSubSection() { - title=$1 - echo - echo -e "************** ${title} *******************" - echo -} - -bannerMessge() { - title=$1 - echo - echo -e "********************************" - echo -e "${title}" - echo -e "********************************" - echo -} - -setRed () { - local input="$1" - echo -e \\033[31m${input}\\033[0m -} -setGreen () { - local input="$1" - echo -e \\033[32m${input}\\033[0m -} -setYellow () { - local input="$1" - echo -e \\033[33m${input}\\033[0m -} - -logger_addLinebreak () { - echo -e "---\n" -} - -bannerImportant() { - title=$1 - local bold="\033[1m" - local noColour="\033[0m" - echo - echo -e "${bold}######################################## IMPORTANT ########################################${noColour}" - echo -e "${bold}${title}${noColour}" - echo -e "${bold}###########################################################################################${noColour}" - echo -} - -bannerEnd() { - #TODO pass a title and calculate length dynamically so that start and end look alike - echo - echo "*****************************************************************************" - echo -} - -banner() { - title=$1 - content=$2 - bannerStart "${title}" - echo -e "$content" -} - -# The logic below helps us redirect content we'd normally hide to the log file. - # - # We have several commands which clutter the console with output and so use - # `cmd > /dev/null` - this redirects the command's output to null. - # - # However, the information we just hid maybe useful for support. Using the code pattern - # `cmd >&6` (instead of `cmd> >/dev/null` ), the command's output is hidden from the console - # but redirected to the installation log file - # - -#Default value of 6 is just null -exec 6>>/dev/null -redirectLogsToFile() { - echo "" - # local file=$1 - - # [ ! -z "${file}" ] || return 0 - - # local logDir=$(dirname "$file") - - # if [ ! -f "${file}" ]; then - # [ -d "${logDir}" ] || mkdir -p ${logDir} || \ - # ( echo "WARNING : Could not create parent directory (${logDir}) to redirect console log : ${file}" ; return 0 ) - # fi - - # #6 now points to the log file - # exec 6>>${file} - # #reference https://unix.stackexchange.com/questions/145651/using-exec-and-tee-to-redirect-logs-to-stdout-and-a-log-file-in-the-same-time - # exec 2>&1 > >(tee -a "${file}") -} - -# Check if a give key contains any sensitive string as part of it -# Based on the result, the caller can decide its value can be displayed or not -# Sample usage : isKeySensitive "${key}" && displayValue="******" || displayValue=${value} -isKeySensitive(){ - local key=$1 - local sensitiveKeys="password|secret|key|token" - - if [ -z "${key}" ]; then - return 1 - else - local lowercaseKey=$(echo "${key}" | tr '[:upper:]' '[:lower:]' 2>/dev/null) - [[ "${lowercaseKey}" =~ ${sensitiveKeys} ]] && return 0 || return 1 - fi -} - -getPrintableValueOfKey(){ - local displayValue= - local key="$1" - if [ -z "$key" ]; then - # This is actually an incorrect usage of this method but any logging will cause unexpected content in the caller - echo -n "" - return - fi - - local value="$2" - isKeySensitive "${key}" && displayValue="$SENSITIVE_KEY_VALUE" || displayValue="${value}" - echo -n $displayValue -} - -_createConsoleLog(){ - if [ -z "${JF_PRODUCT_HOME}" ]; then - return - fi - local targetFile="${JF_PRODUCT_HOME}/var/log/console.log" - mkdir -p "${JF_PRODUCT_HOME}/var/log" || true - if [ ! -f ${targetFile} ]; then - touch $targetFile > /dev/null 2>&1 || true - fi - chmod 640 $targetFile > /dev/null 2>&1 || true -} - -# Output from application's logs are piped to this method. It checks a configuration variable to determine if content should be logged to -# the common console.log file -redirectServiceLogsToFile() { - - local result="0" - # check if the function getSystemValue exists - LC_ALL=C type getSystemValue > /dev/null 2>&1 || result="$?" - if [[ "$result" != "0" ]]; then - warn "Couldn't find the systemYamlHelper. Skipping log redirection" - return 0 - fi - - getSystemValue "shared.consoleLog" "NOT_SET" - if [[ "${YAML_VALUE}" == "false" ]]; then - logger "Redirection is set to false. Skipping log redirection" - return 0; - fi - - if [ -z "${JF_PRODUCT_HOME}" ] || [ "${JF_PRODUCT_HOME}" == "" ]; then - warn "JF_PRODUCT_HOME is unavailable. Skipping log redirection" - return 0 - fi - - local targetFile="${JF_PRODUCT_HOME}/var/log/console.log" - - _createConsoleLog - - while read -r line; do - printf '%s\n' "${line}" >> $targetFile || return 0 # Don't want to log anything - might clutter the screen - done -} - -## Display environment variables starting with JF_ along with its value -## Value of sensitive keys will be displayed as "******" -## -## Sample Display : -## -## ======================== -## JF Environment variables -## ======================== -## -## JF_SHARED_NODE_ID : locahost -## JF_SHARED_JOINKEY : ****** -## -## -displayEnv() { - local JFEnv=$(printenv | grep ^JF_ 2>/dev/null) - local key= - local value= - - if [ -z "${JFEnv}" ]; then - return - fi - - cat << ENV_START_MESSAGE - -======================== -JF Environment variables -======================== -ENV_START_MESSAGE - - for entry in ${JFEnv}; do - key=$(echo "${entry}" | awk -F'=' '{print $1}') - value=$(echo "${entry}" | awk -F'=' '{print $2}') - - isKeySensitive "${key}" && value="******" || value=${value} - - printf "\n%-35s%s" "${key}" " : ${value}" - done - echo; -} - -_addLogRotateConfiguration() { - logDebug "Method ${FUNCNAME[0]}" - # mandatory inputs - local confFile="$1" - local logFile="$2" - - # Method available in _ioOperations.sh - LC_ALL=C type io_setYQPath > /dev/null 2>&1 || return 1 - - io_setYQPath - - # Method available in _systemYamlHelper.sh - LC_ALL=C type getSystemValue > /dev/null 2>&1 || return 1 - - local frequency="daily" - local archiveFolder="archived" - - local compressLogFiles= - getSystemValue "shared.logging.rotation.compress" "true" - if [[ "${YAML_VALUE}" == "true" ]]; then - compressLogFiles="compress" - fi - - getSystemValue "shared.logging.rotation.maxFiles" "10" - local noOfBackupFiles="${YAML_VALUE}" - - getSystemValue "shared.logging.rotation.maxSizeMb" "25" - local sizeOfFile="${YAML_VALUE}M" - - logDebug "Adding logrotate configuration for [$logFile] to [$confFile]" - - # Add configuration to file - local confContent=$(cat << LOGROTATECONF -$logFile { - $frequency - missingok - rotate $noOfBackupFiles - $compressLogFiles - notifempty - olddir $archiveFolder - dateext - extension .log - dateformat -%Y-%m-%d - size ${sizeOfFile} -} -LOGROTATECONF -) - echo "${confContent}" > ${confFile} || return 1 -} - -_operationIsBySameUser() { - local targetUser="$1" - local currentUserID=$(id -u) - local currentUserName=$(id -un) - - if [ $currentUserID == $targetUser ] || [ $currentUserName == $targetUser ]; then - echo -n "yes" - else - echo -n "no" - fi -} - -_addCronJobForLogrotate() { - logDebug "Method ${FUNCNAME[0]}" - - # Abort if logrotate is not available - [ "$(io_commandExists 'crontab')" != "yes" ] && warn "cron is not available" && return 1 - - # mandatory inputs - local productHome="$1" - local confFile="$2" - local cronJobOwner="$3" - - # We want to use our binary if possible. It may be more recent than the one in the OS - local logrotateBinary="$productHome/app/third-party/logrotate/logrotate" - - if [ ! -f "$logrotateBinary" ]; then - logrotateBinary="logrotate" - [ "$(io_commandExists 'logrotate')" != "yes" ] && warn "logrotate is not available" && return 1 - fi - local cmd="$logrotateBinary ${confFile} --state $productHome/var/etc/logrotate/logrotate-state" #--verbose - - id -u $cronJobOwner > /dev/null 2>&1 || { warn "User $cronJobOwner does not exist. Aborting logrotate configuration" && return 1; } - - # Remove the existing line - removeLogRotation "$productHome" "$cronJobOwner" || true - - # Run logrotate daily at 23:55 hours - local cronInterval="55 23 * * * $cmd" - - local standaloneMode=$(_operationIsBySameUser "$cronJobOwner") - - # If this is standalone mode, we cannot use -u - the user running this process may not have the necessary privileges - if [ "$standaloneMode" == "no" ]; then - (crontab -l -u $cronJobOwner 2>/dev/null; echo "$cronInterval") | crontab -u $cronJobOwner - - else - (crontab -l 2>/dev/null; echo "$cronInterval") | crontab - - fi -} - -## Configure logrotate for a product -## Failure conditions: -## If logrotation could not be setup for some reason -## Parameters: -## $1: The product name -## $2: The product home -## Depends on global: none -## Updates global: none -## Returns: NA - -configureLogRotation() { - logDebug "Method ${FUNCNAME[0]}" - - # mandatory inputs - local productName="$1" - if [ -z $productName ]; then - warn "Incorrect usage. A product name is necessary for configuring log rotation" && return 1 - fi - - local productHome="$2" - if [ -z $productHome ]; then - warn "Incorrect usage. A product home folder is necessary for configuring log rotation" && return 1 - fi - - local logFile="${productHome}/var/log/console.log" - if [[ $(uname) == "Darwin" ]]; then - logger "Log rotation for [$logFile] has not been configured. Please setup manually" - return 0 - fi - - local userID="$3" - if [ -z $userID ]; then - warn "Incorrect usage. A userID is necessary for configuring log rotation" && return 1 - fi - - local groupID=${4:-$userID} - local logConfigOwner=${5:-$userID} - - logDebug "Configuring log rotation as user [$userID], group [$groupID], effective cron User [$logConfigOwner]" - - local errorMessage="Could not configure logrotate. Please configure log rotation of the file: [$logFile] manually" - - local confFile="${productHome}/var/etc/logrotate/logrotate.conf" - - # TODO move to recursive method - createDir "${productHome}" "$userID" "$groupID" || { warn "${errorMessage}" && return 1; } - createDir "${productHome}/var" "$userID" "$groupID" || { warn "${errorMessage}" && return 1; } - createDir "${productHome}/var/log" "$userID" "$groupID" || { warn "${errorMessage}" && return 1; } - createDir "${productHome}/var/log/archived" "$userID" "$groupID" || { warn "${errorMessage}" && return 1; } - - # TODO move to recursive method - createDir "${productHome}/var/etc" "$userID" "$groupID" || { warn "${errorMessage}" && return 1; } - createDir "${productHome}/var/etc/logrotate" "$logConfigOwner" || { warn "${errorMessage}" && return 1; } - - # conf file should be owned by the user running the script - createFile "${confFile}" "${logConfigOwner}" || { warn "Could not create configuration file [$confFile]" return 1; } - - _addLogRotateConfiguration "${confFile}" "${logFile}" "$userID" "$groupID" || { warn "${errorMessage}" && return 1; } - _addCronJobForLogrotate "${productHome}" "${confFile}" "${logConfigOwner}" || { warn "${errorMessage}" && return 1; } -} - -_pauseExecution() { - if [ "${VERBOSE_MODE}" == "debug" ]; then - - local breakPoint="$1" - if [ ! -z "$breakPoint" ]; then - printf "${cBlue}Breakpoint${cClear} [$breakPoint] " - echo "" - fi - printf "${cBlue}Press enter once you are ready to continue${cClear}" - read -s choice - echo "" - fi -} - -# removeLogRotation "$productHome" "$cronJobOwner" || true -removeLogRotation() { - logDebug "Method ${FUNCNAME[0]}" - if [[ $(uname) == "Darwin" ]]; then - logDebug "Not implemented for Darwin." - return 0 - fi - local productHome="$1" - local cronJobOwner="$2" - local standaloneMode=$(_operationIsBySameUser "$cronJobOwner") - - local confFile="${productHome}/var/etc/logrotate/logrotate.conf" - - if [ "$standaloneMode" == "no" ]; then - crontab -l -u $cronJobOwner 2>/dev/null | grep -v "$confFile" | crontab -u $cronJobOwner - - else - crontab -l 2>/dev/null | grep -v "$confFile" | crontab - - fi -} - -# NOTE: This method does not check the configuration to see if redirection is necessary. -# This is intentional. If we don't redirect, tomcat logs might get redirected to a folder/file -# that does not exist, causing the service itself to not start -setupTomcatRedirection() { - logDebug "Method ${FUNCNAME[0]}" - local consoleLog="${JF_PRODUCT_HOME}/var/log/console.log" - _createConsoleLog - export CATALINA_OUT="${consoleLog}" -} - -setupScriptLogsRedirection() { - logDebug "Method ${FUNCNAME[0]}" - if [ -z "${JF_PRODUCT_HOME}" ]; then - logDebug "No JF_PRODUCT_HOME. Returning" - return - fi - # Create the console.log file if it is not already present - # _createConsoleLog || true - # # Ensure any logs (logger/logError/warn) also get redirected to the console.log - # # Using installer.log as a temparory fix. Please change this to console.log once INST-291 is fixed - export LOG_BEHAVIOR_ADD_REDIRECTION="${JF_PRODUCT_HOME}/var/log/console.log" - export LOG_BEHAVIOR_ADD_META="$FLAG_Y" -} - -# Returns Y if this method is run inside a container -isRunningInsideAContainer() { - if [ -f "/.dockerenv" ]; then - echo -n "$FLAG_Y" - else - echo -n "$FLAG_N" - fi -} - -POSTGRES_USER=999 -NGINX_USER=104 -NGINX_GROUP=107 -ES_USER=1000 -REDIS_USER=999 -MONGO_USER=999 -RABBITMQ_USER=999 -LOG_FILE_PERMISSION=640 -PID_FILE_PERMISSION=644 - -# Copy file -copyFile(){ - local source=$1 - local target=$2 - local mode=${3:-overwrite} - local enableVerbose=${4:-"${FLAG_N}"} - local verboseFlag="" - - if [ ! -z "${enableVerbose}" ] && [ "${enableVerbose}" == "${FLAG_Y}" ]; then - verboseFlag="-v" - fi - - if [[ ! ( $source && $target ) ]]; then - warn "Source and target is mandatory to copy file" - return 1 - fi - - if [[ -f "${target}" ]]; then - [[ "$mode" = "overwrite" ]] && ( cp ${verboseFlag} -f "$source" "$target" || errorExit "Unable to copy file, command : cp -f ${source} ${target}") || true - else - cp ${verboseFlag} -f "$source" "$target" || errorExit "Unable to copy file, command : cp -f ${source} ${target}" - fi -} - -# Copy files recursively from given source directory to destination directory -# This method wil copy but will NOT overwrite -# Destination will be created if its not available -copyFilesNoOverwrite(){ - local src=$1 - local dest=$2 - local enableVerboseCopy="${3:-${FLAG_Y}}" - - if [[ -z "${src}" || -z "${dest}" ]]; then - return - fi - - if [ -d "${src}" ] && [ "$(ls -A ${src})" ]; then - local relativeFilePath="" - local targetFilePath="" - - for file in $(find ${src} -type f 2>/dev/null) ; do - # Derive relative path and attach it to destination - # Example : - # src=/extra_config - # dest=/var/opt/jfrog/artifactory/etc - # file=/extra_config/config.xml - # relativeFilePath=config.xml - # targetFilePath=/var/opt/jfrog/artifactory/etc/config.xml - relativeFilePath=${file/${src}/} - targetFilePath=${dest}${relativeFilePath} - - createDir "$(dirname "$targetFilePath")" - copyFile "${file}" "${targetFilePath}" "no_overwrite" "${enableVerboseCopy}" - done - fi -} - -# TODO : WINDOWS ? -# Check the max open files and open processes set on the system -checkULimits () { - local minMaxOpenFiles=${1:-32000} - local minMaxOpenProcesses=${2:-1024} - local setValue=${3:-true} - local warningMsgForFiles=${4} - local warningMsgForProcesses=${5} - - logger "Checking open files and processes limits" - - local currentMaxOpenFiles=$(ulimit -n) - logger "Current max open files is $currentMaxOpenFiles" - if [ ${currentMaxOpenFiles} != "unlimited" ] && [ "$currentMaxOpenFiles" -lt "$minMaxOpenFiles" ]; then - if [ "${setValue}" ]; then - ulimit -n "${minMaxOpenFiles}" >/dev/null 2>&1 || warn "Max number of open files $currentMaxOpenFiles is low!" - [ -z "${warningMsgForFiles}" ] || warn "${warningMsgForFiles}" - else - errorExit "Max number of open files $currentMaxOpenFiles, is too low. Cannot run the application!" - fi - fi - - local currentMaxOpenProcesses=$(ulimit -u) - logger "Current max open processes is $currentMaxOpenProcesses" - if [ "$currentMaxOpenProcesses" != "unlimited" ] && [ "$currentMaxOpenProcesses" -lt "$minMaxOpenProcesses" ]; then - if [ "${setValue}" ]; then - ulimit -u "${minMaxOpenProcesses}" >/dev/null 2>&1 || warn "Max number of open files $currentMaxOpenFiles is low!" - [ -z "${warningMsgForProcesses}" ] || warn "${warningMsgForProcesses}" - else - errorExit "Max number of open files $currentMaxOpenProcesses, is too low. Cannot run the application!" - fi - fi -} - -createDirs() { - local appDataDir=$1 - local serviceName=$2 - local folders="backup bootstrap data etc logs work" - - [ -z "${appDataDir}" ] && errorExit "An application directory is mandatory to create its data structure" || true - [ -z "${serviceName}" ] && errorExit "A service name is mandatory to create service data structure" || true - - for folder in ${folders} - do - folder=${appDataDir}/${folder}/${serviceName} - if [ ! -d "${folder}" ]; then - logger "Creating folder : ${folder}" - mkdir -p "${folder}" || errorExit "Failed to create ${folder}" - fi - done -} - - -testReadWritePermissions () { - local dir_to_check=$1 - local error=false - - [ -d ${dir_to_check} ] || errorExit "'${dir_to_check}' is not a directory" - - local test_file=${dir_to_check}/test-permissions - - # Write file - if echo test > ${test_file} 1> /dev/null 2>&1; then - # Write succeeded. Testing read... - if cat ${test_file} > /dev/null; then - rm -f ${test_file} - else - error=true - fi - else - error=true - fi - - if [ ${error} == true ]; then - return 1 - else - return 0 - fi -} - -# Test directory has read/write permissions for current user -testDirectoryPermissions () { - local dir_to_check=$1 - local error=false - - [ -d ${dir_to_check} ] || errorExit "'${dir_to_check}' is not a directory" - - local u_id=$(id -u) - local id_str="id ${u_id}" - - logger "Testing directory ${dir_to_check} has read/write permissions for user ${id_str}" - - if ! testReadWritePermissions ${dir_to_check}; then - error=true - fi - - if [ "${error}" == true ]; then - local stat_data=$(stat -Lc "Directory: %n, permissions: %a, owner: %U, group: %G" ${dir_to_check}) - logger "###########################################################" - logger "${dir_to_check} DOES NOT have proper permissions for user ${id_str}" - logger "${stat_data}" - logger "Mounted directory must have read/write permissions for user ${id_str}" - logger "###########################################################" - errorExit "Directory ${dir_to_check} has bad permissions for user ${id_str}" - fi - logger "Permissions for ${dir_to_check} are good" -} - -# Utility method to create a directory path recursively with chown feature as -# Failure conditions: -## Exits if unable to create a directory -# Parameters: -## $1: Root directory from where the path can be created -## $2: List of recursive child directories seperated by space -## $3: user who should own the directory. Optional -## $4: group who should own the directory. Optional -# Depends on global: none -# Updates global: none -# Returns: NA -# -# Usage: -# createRecursiveDir "/opt/jfrog/product/var" "bootstrap tomcat lib" "user_name" "group_name" -createRecursiveDir(){ - local rootDir=$1 - local pathDirs=$2 - local user=$3 - local group=${4:-${user}} - local fullPath= - - [ ! -z "${rootDir}" ] || return 0 - - createDir "${rootDir}" "${user}" "${group}" - - [ ! -z "${pathDirs}" ] || return 0 - - fullPath=${rootDir} - - for dir in ${pathDirs}; do - fullPath=${fullPath}/${dir} - createDir "${fullPath}" "${user}" "${group}" - done -} - -# Utility method to create a directory -# Failure conditions: -## Exits if unable to create a directory -# Parameters: -## $1: directory to create -## $2: user who should own the directory. Optional -## $3: group who should own the directory. Optional -# Depends on global: none -# Updates global: none -# Returns: NA - -createDir(){ - local dirName="$1" - local printMessage=no - logSilly "Method ${FUNCNAME[0]} invoked with [$dirName]" - [ -z "${dirName}" ] && return - - logDebug "Attempting to create ${dirName}" - mkdir -p "${dirName}" || errorExit "Unable to create directory: [${dirName}]" - local userID="$2" - local groupID=${3:-$userID} - - # If UID/GID is passed, chown the folder - if [ ! -z "$userID" ] && [ ! -z "$groupID" ]; then - # Earlier, this line would have returned 1 if it failed. Now it just warns. - # This is intentional. Earlier, this line would NOT be reached if the folder already existed. - # Since it will always come to this line and the script may be running as a non-root user, this method will just warn if - # setting permissions fails (so as to not affect any existing flows) - io_setOwnershipNonRecursive "$dirName" "$userID" "$groupID" || warn "Could not set owner of [$dirName] to [$userID:$groupID]" - fi - # logging message to print created dir with user and group - local logMessage=${4:-$printMessage} - if [[ "${logMessage}" == "yes" ]]; then - logger "Successfully created directory [${dirName}]. Owner: [${userID}:${groupID}]" - fi -} - -removeSoftLinkAndCreateDir () { - local dirName="$1" - local userID="$2" - local groupID="$3" - local logMessage="$4" - removeSoftLink "${dirName}" - createDir "${dirName}" "${userID}" "${groupID}" "${logMessage}" -} - -# Utility method to remove a soft link -removeSoftLink () { - local dirName="$1" - if [[ -L "${dirName}" ]]; then - targetLink=$(readlink -f "${dirName}") - logger "Removing the symlink [${dirName}] pointing to [${targetLink}]" - rm -f "${dirName}" - fi -} - -# Check Directory exist in the path -checkDirExists () { - local directoryPath="$1" - - [[ -d "${directoryPath}" ]] && echo -n "true" || echo -n "false" -} - - -# Utility method to create a file -# Failure conditions: -# Parameters: -## $1: file to create -# Depends on global: none -# Updates global: none -# Returns: NA - -createFile(){ - local fileName="$1" - logSilly "Method ${FUNCNAME[0]} [$fileName]" - [ -f "${fileName}" ] && return 0 - touch "${fileName}" || return 1 - - local userID="$2" - local groupID=${3:-$userID} - - # If UID/GID is passed, chown the folder - if [ ! -z "$userID" ] && [ ! -z "$groupID" ]; then - io_setOwnership "$fileName" "$userID" "$groupID" || return 1 - fi -} - -# Check File exist in the filePath -# IMPORTANT- DON'T ADD LOGGING to this method -checkFileExists () { - local filePath="$1" - - [[ -f "${filePath}" ]] && echo -n "true" || echo -n "false" -} - -# Check for directories contains any (files or sub directories) -# IMPORTANT- DON'T ADD LOGGING to this method -checkDirContents () { - local directoryPath="$1" - if [[ "$(ls -1 "${directoryPath}" | wc -l)" -gt 0 ]]; then - echo -n "true" - else - echo -n "false" - fi -} - -# Check contents exist in directory -# IMPORTANT- DON'T ADD LOGGING to this method -checkContentExists () { - local source="$1" - - if [[ "$(checkDirContents "${source}")" != "true" ]]; then - echo -n "false" - else - echo -n "true" - fi -} - -# Resolve the variable -# IMPORTANT- DON'T ADD LOGGING to this method -evalVariable () { - local output="$1" - local input="$2" - - eval "${output}"=\${"${input}"} - eval echo \${"${output}"} -} - -# Usage: if [ "$(io_commandExists 'curl')" == "yes" ] -# IMPORTANT- DON'T ADD LOGGING to this method -io_commandExists() { - local commandToExecute="$1" - hash "${commandToExecute}" 2>/dev/null - local rt=$? - if [ "$rt" == 0 ]; then echo -n "yes"; else echo -n "no"; fi -} - -# Usage: if [ "$(io_curlExists)" != "yes" ] -# IMPORTANT- DON'T ADD LOGGING to this method -io_curlExists() { - io_commandExists "curl" -} - - -io_hasMatch() { - logSilly "Method ${FUNCNAME[0]}" - local result=0 - logDebug "Executing [echo \"$1\" | grep \"$2\" >/dev/null 2>&1]" - echo "$1" | grep "$2" >/dev/null 2>&1 || result=1 - return $result -} - -# Utility method to check if the string passed (usually a connection url) corresponds to this machine itself -# Failure conditions: None -# Parameters: -## $1: string to check against -# Depends on global: none -# Updates global: IS_LOCALHOST with value "yes/no" -# Returns: NA - -io_getIsLocalhost() { - logSilly "Method ${FUNCNAME[0]}" - IS_LOCALHOST="$FLAG_N" - local inputString="$1" - logDebug "Parsing [$inputString] to check if we are dealing with this machine itself" - - io_hasMatch "$inputString" "localhost" && { - logDebug "Found localhost. Returning [$FLAG_Y]" - IS_LOCALHOST="$FLAG_Y" && return; - } || logDebug "Did not find match for localhost" - - local hostIP=$(io_getPublicHostIP) - io_hasMatch "$inputString" "$hostIP" && { - logDebug "Found $hostIP. Returning [$FLAG_Y]" - IS_LOCALHOST="$FLAG_Y" && return; - } || logDebug "Did not find match for $hostIP" - - local hostID=$(io_getPublicHostID) - io_hasMatch "$inputString" "$hostID" && { - logDebug "Found $hostID. Returning [$FLAG_Y]" - IS_LOCALHOST="$FLAG_Y" && return; - } || logDebug "Did not find match for $hostID" - - local hostName=$(io_getPublicHostName) - io_hasMatch "$inputString" "$hostName" && { - logDebug "Found $hostName. Returning [$FLAG_Y]" - IS_LOCALHOST="$FLAG_Y" && return; - } || logDebug "Did not find match for $hostName" - -} - -# Usage: if [ "$(io_tarExists)" != "yes" ] -# IMPORTANT- DON'T ADD LOGGING to this method -io_tarExists() { - io_commandExists "tar" -} - -# IMPORTANT- DON'T ADD LOGGING to this method -io_getPublicHostIP() { - local OS_TYPE=$(uname) - local publicHostIP= - if [ "${OS_TYPE}" == "Darwin" ]; then - ipStatus=$(ifconfig en0 | grep "status" | awk '{print$2}') - if [ "${ipStatus}" == "active" ]; then - publicHostIP=$(ifconfig en0 | grep inet | grep -v inet6 | awk '{print $2}') - else - errorExit "Host IP could not be resolved!" - fi - elif [ "${OS_TYPE}" == "Linux" ]; then - publicHostIP=$(hostname -i 2>/dev/null || echo "127.0.0.1") - fi - publicHostIP=$(echo "${publicHostIP}" | awk '{print $1}') - echo -n "${publicHostIP}" -} - -# Will return the short host name (up to the first dot) -# IMPORTANT- DON'T ADD LOGGING to this method -io_getPublicHostName() { - echo -n "$(hostname -s)" -} - -# Will return the full host name (use this as much as possible) -# IMPORTANT- DON'T ADD LOGGING to this method -io_getPublicHostID() { - echo -n "$(hostname)" -} - -# Utility method to backup a file -# Failure conditions: NA -# Parameters: filePath -# Depends on global: none, -# Updates global: none -# Returns: NA -io_backupFile() { - logSilly "Method ${FUNCNAME[0]}" - fileName="$1" - if [ ! -f "${filePath}" ]; then - logDebug "No file: [${filePath}] to backup" - return - fi - dateTime=$(date +"%Y-%m-%d-%H-%M-%S") - targetFileName="${fileName}.backup.${dateTime}" - yes | \cp -f "$fileName" "${targetFileName}" - logger "File [${fileName}] backedup as [${targetFileName}]" -} - -# Reference https://stackoverflow.com/questions/4023830/how-to-compare-two-strings-in-dot-separated-version-format-in-bash/4025065#4025065 -is_number() { - case "$BASH_VERSION" in - 3.1.*) - PATTERN='\^\[0-9\]+\$' - ;; - *) - PATTERN='^[0-9]+$' - ;; - esac - - [[ "$1" =~ $PATTERN ]] -} - -io_compareVersions() { - if [[ $# != 2 ]] - then - echo "Usage: min_version current minimum" - return - fi - - A="${1%%.*}" - B="${2%%.*}" - - if [[ "$A" != "$1" && "$B" != "$2" && "$A" == "$B" ]] - then - io_compareVersions "${1#*.}" "${2#*.}" - else - if is_number "$A" && is_number "$B" - then - if [[ "$A" -eq "$B" ]]; then - echo "0" - elif [[ "$A" -gt "$B" ]]; then - echo "1" - elif [[ "$A" -lt "$B" ]]; then - echo "-1" - fi - fi - fi -} - -# Reference https://stackoverflow.com/questions/369758/how-to-trim-whitespace-from-a-bash-variable -# Strip all leading and trailing spaces -# IMPORTANT- DON'T ADD LOGGING to this method -io_trim() { - local var="$1" - # remove leading whitespace characters - var="${var#"${var%%[![:space:]]*}"}" - # remove trailing whitespace characters - var="${var%"${var##*[![:space:]]}"}" - echo -n "$var" -} - -# temporary function will be removing it ASAP -# search for string and replace text in file -replaceText_migration_hook () { - local regexString="$1" - local replaceText="$2" - local file="$3" - - if [[ "$(checkFileExists "${file}")" != "true" ]]; then - return - fi - if [[ $(uname) == "Darwin" ]]; then - sed -i '' -e "s/${regexString}/${replaceText}/" "${file}" || warn "Failed to replace the text in ${file}" - else - sed -i -e "s/${regexString}/${replaceText}/" "${file}" || warn "Failed to replace the text in ${file}" - fi -} - -# search for string and replace text in file -replaceText () { - local regexString="$1" - local replaceText="$2" - local file="$3" - - if [[ "$(checkFileExists "${file}")" != "true" ]]; then - return - fi - if [[ $(uname) == "Darwin" ]]; then - sed -i '' -e "s#${regexString}#${replaceText}#" "${file}" || warn "Failed to replace the text in ${file}" - else - sed -i -e "s#${regexString}#${replaceText}#" "${file}" || warn "Failed to replace the text in ${file}" - logDebug "Replaced [$regexString] with [$replaceText] in [$file]" - fi -} - -# search for string and prepend text in file -prependText () { - local regexString="$1" - local text="$2" - local file="$3" - - if [[ "$(checkFileExists "${file}")" != "true" ]]; then - return - fi - if [[ $(uname) == "Darwin" ]]; then - sed -i '' -e '/'"${regexString}"'/i\'$'\n\\'"${text}"''$'\n' "${file}" || warn "Failed to prepend the text in ${file}" - else - sed -i -e '/'"${regexString}"'/i\'$'\n\\'"${text}"''$'\n' "${file}" || warn "Failed to prepend the text in ${file}" - fi -} - -# add text to beginning of the file -addText () { - local text="$1" - local file="$2" - - if [[ "$(checkFileExists "${file}")" != "true" ]]; then - return - fi - if [[ $(uname) == "Darwin" ]]; then - sed -i '' -e '1s/^/'"${text}"'\'$'\n/' "${file}" || warn "Failed to add the text in ${file}" - else - sed -i -e '1s/^/'"${text}"'\'$'\n/' "${file}" || warn "Failed to add the text in ${file}" - fi -} - -io_replaceString () { - local value="$1" - local firstString="$2" - local secondString="$3" - local separator=${4:-"/"} - local updateValue= - if [[ $(uname) == "Darwin" ]]; then - updateValue=$(echo "${value}" | sed "s${separator}${firstString}${separator}${secondString}${separator}") - else - updateValue=$(echo "${value}" | sed "s${separator}${firstString}${separator}${secondString}${separator}") - fi - echo -n "${updateValue}" -} - -_findYQ() { - # logSilly "Method ${FUNCNAME[0]}" (Intentionally not logging. Does not add value) - local parentDir="$1" - if [ -z "$parentDir" ]; then - return - fi - logDebug "Executing command [find "${parentDir}" -name third-party -type d]" - local yq=$(find "${parentDir}" -name third-party -type d) - if [ -d "${yq}/yq" ]; then - export YQ_PATH="${yq}/yq" - fi -} - - -io_setYQPath() { - # logSilly "Method ${FUNCNAME[0]}" (Intentionally not logging. Does not add value) - if [ "$(io_commandExists 'yq')" == "yes" ]; then - return - fi - - if [ ! -z "${JF_PRODUCT_HOME}" ] && [ -d "${JF_PRODUCT_HOME}" ]; then - _findYQ "${JF_PRODUCT_HOME}" - fi - - if [ -z "${YQ_PATH}" ] && [ ! -z "${COMPOSE_HOME}" ] && [ -d "${COMPOSE_HOME}" ]; then - _findYQ "${COMPOSE_HOME}" - fi - # TODO We can remove this block after all the code is restructured. - if [ -z "${YQ_PATH}" ] && [ ! -z "${SCRIPT_HOME}" ] && [ -d "${SCRIPT_HOME}" ]; then - _findYQ "${SCRIPT_HOME}" - fi - -} - -io_getLinuxDistribution() { - LINUX_DISTRIBUTION= - - # Make sure running on Linux - [ $(uname -s) != "Linux" ] && return - - # Find out what Linux distribution we are on - - cat /etc/*-release | grep -i Red >/dev/null 2>&1 && LINUX_DISTRIBUTION=RedHat || true - - # OS 6.x - cat /etc/issue.net | grep Red >/dev/null 2>&1 && LINUX_DISTRIBUTION=RedHat || true - - # OS 7.x - cat /etc/*-release | grep -i centos >/dev/null 2>&1 && LINUX_DISTRIBUTION=CentOS && LINUX_DISTRIBUTION_VER="7" || true - - # OS 8.x - grep -q -i "release 8" /etc/redhat-release >/dev/null 2>&1 && LINUX_DISTRIBUTION_VER="8" || true - - # OS 7.x - grep -q -i "release 7" /etc/redhat-release >/dev/null 2>&1 && LINUX_DISTRIBUTION_VER="7" || true - - # OS 6.x - grep -q -i "release 6" /etc/redhat-release >/dev/null 2>&1 && LINUX_DISTRIBUTION_VER="6" || true - - cat /etc/*-release | grep -i Red | grep -i 'VERSION=7' >/dev/null 2>&1 && LINUX_DISTRIBUTION=RedHat && LINUX_DISTRIBUTION_VER="7" || true - - cat /etc/*-release | grep -i debian >/dev/null 2>&1 && LINUX_DISTRIBUTION=Debian || true - - cat /etc/*-release | grep -i ubuntu >/dev/null 2>&1 && LINUX_DISTRIBUTION=Ubuntu || true -} - -## Utility method to check ownership of folders/files -## Failure conditions: - ## If invoked with incorrect inputs - FATAL - ## If file is not owned by the user & group -## Parameters: - ## user - ## group - ## folder to chown -## Globals: none -## Returns: none -## NOTE: The method does NOTHING if the OS is Mac -io_checkOwner () { - logSilly "Method ${FUNCNAME[0]}" - local osType=$(uname) - - if [ "${osType}" != "Linux" ]; then - logDebug "Unsupported OS. Skipping check" - return 0 - fi - - local file_to_check=$1 - local user_id_to_check=$2 - - - if [ -z "$user_id_to_check" ] || [ -z "$file_to_check" ]; then - errorExit "Invalid invocation of method. Missing mandatory inputs" - fi - - local group_id_to_check=${3:-$user_id_to_check} - local check_user_name=${4:-"no"} - - logDebug "Checking permissions on [$file_to_check] for user [$user_id_to_check] & group [$group_id_to_check]" - - local stat= - - if [ "${check_user_name}" == "yes" ]; then - stat=( $(stat -Lc "%U %G" ${file_to_check}) ) - else - stat=( $(stat -Lc "%u %g" ${file_to_check}) ) - fi - - local user_id=${stat[0]} - local group_id=${stat[1]} - - if [[ "${user_id}" != "${user_id_to_check}" ]] || [[ "${group_id}" != "${group_id_to_check}" ]] ; then - logDebug "Ownership mismatch. [${file_to_check}] is not owned by [${user_id_to_check}:${group_id_to_check}]" - return 1 - else - return 0 - fi -} - -## Utility method to change ownership of a file/folder - NON recursive -## Failure conditions: - ## If invoked with incorrect inputs - FATAL - ## If chown operation fails - returns 1 -## Parameters: - ## user - ## group - ## file to chown -## Globals: none -## Returns: none -## NOTE: The method does NOTHING if the OS is Mac - -io_setOwnershipNonRecursive() { - - local osType=$(uname) - if [ "${osType}" != "Linux" ]; then - return - fi - - local targetFile=$1 - local user=$2 - - if [ -z "$user" ] || [ -z "$targetFile" ]; then - errorExit "Invalid invocation of method. Missing mandatory inputs" - fi - - local group=${3:-$user} - logDebug "Method ${FUNCNAME[0]}. Executing [chown ${user}:${group} ${targetFile}]" - chown ${user}:${group} ${targetFile} || return 1 -} - -## Utility method to change ownership of a file. -## IMPORTANT -## If being called on a folder, should ONLY be called for fresh folders or may cause performance issues -## Failure conditions: - ## If invoked with incorrect inputs - FATAL - ## If chown operation fails - returns 1 -## Parameters: - ## user - ## group - ## file to chown -## Globals: none -## Returns: none -## NOTE: The method does NOTHING if the OS is Mac - -io_setOwnership() { - - local osType=$(uname) - if [ "${osType}" != "Linux" ]; then - return - fi - - local targetFile=$1 - local user=$2 - - if [ -z "$user" ] || [ -z "$targetFile" ]; then - errorExit "Invalid invocation of method. Missing mandatory inputs" - fi - - local group=${3:-$user} - logDebug "Method ${FUNCNAME[0]}. Executing [chown -R ${user}:${group} ${targetFile}]" - chown -R ${user}:${group} ${targetFile} || return 1 -} - -## Utility method to create third party folder structure necessary for Postgres -## Failure conditions: -## If creation of directory or assigning permissions fails -## Parameters: none -## Globals: -## POSTGRESQL_DATA_ROOT -## Returns: none -## NOTE: The method does NOTHING if the folder already exists -io_createPostgresDir() { - logDebug "Method ${FUNCNAME[0]}" - [ -z "${POSTGRESQL_DATA_ROOT}" ] && return 0 - - logDebug "Property [${POSTGRESQL_DATA_ROOT}] exists. Proceeding" - - createDir "${POSTGRESQL_DATA_ROOT}/data" - io_setOwnership "${POSTGRESQL_DATA_ROOT}" "${POSTGRES_USER}" "${POSTGRES_USER}" || errorExit "Setting ownership of [${POSTGRESQL_DATA_ROOT}] to [${POSTGRES_USER}:${POSTGRES_USER}] failed" -} - -## Utility method to create third party folder structure necessary for Nginx -## Failure conditions: -## If creation of directory or assigning permissions fails -## Parameters: none -## Globals: -## NGINX_DATA_ROOT -## Returns: none -## NOTE: The method does NOTHING if the folder already exists -io_createNginxDir() { - logDebug "Method ${FUNCNAME[0]}" - [ -z "${NGINX_DATA_ROOT}" ] && return 0 - - logDebug "Property [${NGINX_DATA_ROOT}] exists. Proceeding" - - createDir "${NGINX_DATA_ROOT}" - io_setOwnership "${NGINX_DATA_ROOT}" "${NGINX_USER}" "${NGINX_GROUP}" || errorExit "Setting ownership of [${NGINX_DATA_ROOT}] to [${NGINX_USER}:${NGINX_GROUP}] failed" -} - -## Utility method to create third party folder structure necessary for ElasticSearch -## Failure conditions: -## If creation of directory or assigning permissions fails -## Parameters: none -## Globals: -## ELASTIC_DATA_ROOT -## Returns: none -## NOTE: The method does NOTHING if the folder already exists -io_createElasticSearchDir() { - logDebug "Method ${FUNCNAME[0]}" - [ -z "${ELASTIC_DATA_ROOT}" ] && return 0 - - logDebug "Property [${ELASTIC_DATA_ROOT}] exists. Proceeding" - - createDir "${ELASTIC_DATA_ROOT}/data" - io_setOwnership "${ELASTIC_DATA_ROOT}" "${ES_USER}" "${ES_USER}" || errorExit "Setting ownership of [${ELASTIC_DATA_ROOT}] to [${ES_USER}:${ES_USER}] failed" -} - -## Utility method to create third party folder structure necessary for Redis -## Failure conditions: -## If creation of directory or assigning permissions fails -## Parameters: none -## Globals: -## REDIS_DATA_ROOT -## Returns: none -## NOTE: The method does NOTHING if the folder already exists -io_createRedisDir() { - logDebug "Method ${FUNCNAME[0]}" - [ -z "${REDIS_DATA_ROOT}" ] && return 0 - - logDebug "Property [${REDIS_DATA_ROOT}] exists. Proceeding" - - createDir "${REDIS_DATA_ROOT}" - io_setOwnership "${REDIS_DATA_ROOT}" "${REDIS_USER}" "${REDIS_USER}" || errorExit "Setting ownership of [${REDIS_DATA_ROOT}] to [${REDIS_USER}:${REDIS_USER}] failed" -} - -## Utility method to create third party folder structure necessary for Mongo -## Failure conditions: -## If creation of directory or assigning permissions fails -## Parameters: none -## Globals: -## MONGODB_DATA_ROOT -## Returns: none -## NOTE: The method does NOTHING if the folder already exists -io_createMongoDir() { - logDebug "Method ${FUNCNAME[0]}" - [ -z "${MONGODB_DATA_ROOT}" ] && return 0 - - logDebug "Property [${MONGODB_DATA_ROOT}] exists. Proceeding" - - createDir "${MONGODB_DATA_ROOT}/logs" - createDir "${MONGODB_DATA_ROOT}/configdb" - createDir "${MONGODB_DATA_ROOT}/db" - io_setOwnership "${MONGODB_DATA_ROOT}" "${MONGO_USER}" "${MONGO_USER}" || errorExit "Setting ownership of [${MONGODB_DATA_ROOT}] to [${MONGO_USER}:${MONGO_USER}] failed" -} - -## Utility method to create third party folder structure necessary for RabbitMQ -## Failure conditions: -## If creation of directory or assigning permissions fails -## Parameters: none -## Globals: -## RABBITMQ_DATA_ROOT -## Returns: none -## NOTE: The method does NOTHING if the folder already exists -io_createRabbitMQDir() { - logDebug "Method ${FUNCNAME[0]}" - [ -z "${RABBITMQ_DATA_ROOT}" ] && return 0 - - logDebug "Property [${RABBITMQ_DATA_ROOT}] exists. Proceeding" - - createDir "${RABBITMQ_DATA_ROOT}" - io_setOwnership "${RABBITMQ_DATA_ROOT}" "${RABBITMQ_USER}" "${RABBITMQ_USER}" || errorExit "Setting ownership of [${RABBITMQ_DATA_ROOT}] to [${RABBITMQ_USER}:${RABBITMQ_USER}] failed" -} - -# Add or replace a property in provided properties file -addOrReplaceProperty() { - local propertyName=$1 - local propertyValue=$2 - local propertiesPath=$3 - local delimiter=${4:-"="} - - # Return if any of the inputs are empty - [[ -z "$propertyName" || "$propertyName" == "" ]] && return - [[ -z "$propertyValue" || "$propertyValue" == "" ]] && return - [[ -z "$propertiesPath" || "$propertiesPath" == "" ]] && return - - grep "^${propertyName}\s*${delimiter}.*$" ${propertiesPath} > /dev/null 2>&1 - [ $? -ne 0 ] && echo -e "\n${propertyName}${delimiter}${propertyValue}" >> ${propertiesPath} - sed -i -e "s|^${propertyName}\s*${delimiter}.*$|${propertyName}${delimiter}${propertyValue}|g;" ${propertiesPath} -} - -# Set property only if its not set -io_setPropertyNoOverride(){ - local propertyName=$1 - local propertyValue=$2 - local propertiesPath=$3 - - # Return if any of the inputs are empty - [[ -z "$propertyName" || "$propertyName" == "" ]] && return - [[ -z "$propertyValue" || "$propertyValue" == "" ]] && return - [[ -z "$propertiesPath" || "$propertiesPath" == "" ]] && return - - grep "^${propertyName}:" ${propertiesPath} > /dev/null 2>&1 - if [ $? -ne 0 ]; then - echo -e "${propertyName}: ${propertyValue}" >> ${propertiesPath} || warn "Setting property ${propertyName}: ${propertyValue} in [ ${propertiesPath} ] failed" - else - logger "Skipping update of property : ${propertyName}" >&6 - fi -} - -# Add a line to a file if it doesn't already exist -addLine() { - local line_to_add=$1 - local target_file=$2 - logger "Trying to add line $1 to $2" >&6 2>&1 - cat "$target_file" | grep -F "$line_to_add" -wq >&6 2>&1 - if [ $? != 0 ]; then - logger "Line does not exist and will be added" >&6 2>&1 - echo $line_to_add >> $target_file || errorExit "Could not update $target_file" - fi -} - -# Utility method to check if a value (first paramter) exists in an array (2nd parameter) -# 1st parameter "value to find" -# 2nd parameter "The array to search in. Please pass a string with each value separated by space" -# Example: containsElement "y" "y Y n N" -containsElement () { - local searchElement=$1 - local searchArray=($2) - local found=1 - for elementInIndex in "${searchArray[@]}";do - if [[ $elementInIndex == $searchElement ]]; then - found=0 - fi - done - return $found -} - -# Utility method to get user's choice -# 1st parameter "what to ask the user" -# 2nd parameter "what choices to accept, separated by spaces" -# 3rd parameter "what is the default choice (to use if the user simply presses Enter)" -# Example 'getUserChoice "Are you feeling lucky? Punk!" "y n Y N" "y"' -getUserChoice(){ - configureLogOutput - read_timeout=${read_timeout:-0.5} - local choice="na" - local text_to_display=$1 - local choices=$2 - local default_choice=$3 - users_choice= - - until containsElement "$choice" "$choices"; do - echo "";echo ""; - sleep $read_timeout #This ensures correct placement of the question. - read -p "$text_to_display :" choice - : ${choice:=$default_choice} - done - users_choice=$choice - echo -e "\n$text_to_display: $users_choice" >&6 - sleep $read_timeout #This ensures correct logging -} - -setFilePermission () { - local permission=$1 - local file=$2 - chmod "${permission}" "${file}" || warn "Setting permission ${permission} to file [ ${file} ] failed" -} - - -#setting required paths -setAppDir (){ - SCRIPT_DIR=$(dirname $0) - SCRIPT_HOME="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" - APP_DIR="`cd "${SCRIPT_HOME}";pwd`" -} - -ZIP_TYPE="zip" -COMPOSE_TYPE="compose" -HELM_TYPE="helm" -RPM_TYPE="rpm" -DEB_TYPE="debian" - -sourceScript () { - local file="$1" - - [ ! -z "${file}" ] || errorExit "target file is not passed to source a file" - - if [ ! -f "${file}" ]; then - errorExit "${file} file is not found" - else - source "${file}" || errorExit "Unable to source ${file}, please check if the user ${USER} has permissions to perform this action" - fi -} -# Source required helpers -initHelpers () { - local systemYamlHelper="${APP_DIR}/systemYamlHelper.sh" - local thirdPartyDir=$(find ${APP_DIR}/.. -name third-party -type d) - export YQ_PATH="${thirdPartyDir}/yq" - LIBXML2_PATH="${thirdPartyDir}/libxml2/bin/xmllint" - export LD_LIBRARY_PATH="${thirdPartyDir}/libxml2/lib" - sourceScript "${systemYamlHelper}" -} -# Check migration info yaml file available in the path -checkMigrationInfoYaml () { - - if [[ -f "${APP_DIR}/migrationHelmInfo.yaml" ]]; then - MIGRATION_SYSTEM_YAML_INFO="${APP_DIR}/migrationHelmInfo.yaml" - INSTALLER="${HELM_TYPE}" - elif [[ -f "${APP_DIR}/migrationZipInfo.yaml" ]]; then - MIGRATION_SYSTEM_YAML_INFO="${APP_DIR}/migrationZipInfo.yaml" - INSTALLER="${ZIP_TYPE}" - elif [[ -f "${APP_DIR}/migrationRpmInfo.yaml" ]]; then - MIGRATION_SYSTEM_YAML_INFO="${APP_DIR}/migrationRpmInfo.yaml" - INSTALLER="${RPM_TYPE}" - elif [[ -f "${APP_DIR}/migrationDebInfo.yaml" ]]; then - MIGRATION_SYSTEM_YAML_INFO="${APP_DIR}/migrationDebInfo.yaml" - INSTALLER="${DEB_TYPE}" - elif [[ -f "${APP_DIR}/migrationComposeInfo.yaml" ]]; then - MIGRATION_SYSTEM_YAML_INFO="${APP_DIR}/migrationComposeInfo.yaml" - INSTALLER="${COMPOSE_TYPE}" - else - errorExit "File migration Info yaml does not exist in [${APP_DIR}]" - fi -} - -retrieveYamlValue () { - local yamlPath="$1" - local value="$2" - local output="$3" - local message="$4" - - [[ -z "${yamlPath}" ]] && errorExit "yamlPath is mandatory to get value from ${MIGRATION_SYSTEM_YAML_INFO}" - - getYamlValue "${yamlPath}" "${MIGRATION_SYSTEM_YAML_INFO}" "false" - value="${YAML_VALUE}" - if [[ -z "${value}" ]]; then - if [[ "${output}" == "Warning" ]]; then - warn "Empty value for ${yamlPath} in [${MIGRATION_SYSTEM_YAML_INFO}]" - elif [[ "${output}" == "Skip" ]]; then - return - else - errorExit "${message}" - fi - fi -} - -checkEnv () { - - if [[ "${INSTALLER}" == "${ZIP_TYPE}" ]]; then - # check Environment JF_PRODUCT_HOME is set before migration - NEW_DATA_DIR="$(evalVariable "NEW_DATA_DIR" "JF_PRODUCT_HOME")" - if [[ -z "${NEW_DATA_DIR}" ]]; then - errorExit "Environment variable JF_PRODUCT_HOME is not set, this is required to perform Migration" - fi - # appending var directory to $JF_PRODUCT_HOME - NEW_DATA_DIR="${NEW_DATA_DIR}/var" - elif [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then - getCustomDataDir_hook - NEW_DATA_DIR="${OLD_DATA_DIR}" - if [[ -z "${NEW_DATA_DIR}" ]] && [[ -z "${OLD_DATA_DIR}" ]]; then - errorExit "Could not find ${PROMPT_DATA_DIR_LOCATION} to perform Migration" - fi - else - # check Environment JF_ROOT_DATA_DIR is set before migration - OLD_DATA_DIR="$(evalVariable "OLD_DATA_DIR" "JF_ROOT_DATA_DIR")" - # check Environment JF_ROOT_DATA_DIR is set before migration - NEW_DATA_DIR="$(evalVariable "NEW_DATA_DIR" "JF_ROOT_DATA_DIR")" - if [[ -z "${NEW_DATA_DIR}" ]] && [[ -z "${OLD_DATA_DIR}" ]]; then - errorExit "Could not find ${PROMPT_DATA_DIR_LOCATION} to perform Migration" - fi - # appending var directory to $JF_PRODUCT_HOME - NEW_DATA_DIR="${NEW_DATA_DIR}/var" - fi - -} - -getDataDir () { - - if [[ "${INSTALLER}" == "${ZIP_TYPE}" || "${INSTALLER}" == "${COMPOSE_TYPE}"|| "${INSTALLER}" == "${HELM_TYPE}" ]]; then - checkEnv - else - getCustomDataDir_hook - NEW_DATA_DIR="`cd "${APP_DIR}"/../../;pwd`" - NEW_DATA_DIR="${NEW_DATA_DIR}/var" - fi -} - -# Retrieve Product name from MIGRATION_SYSTEM_YAML_INFO -getProduct () { - retrieveYamlValue "migration.product" "${YAML_VALUE}" "Fail" "Empty value under ${yamlPath} in [${MIGRATION_SYSTEM_YAML_INFO}]" - PRODUCT="${YAML_VALUE}" - PRODUCT=$(echo "${PRODUCT}" | tr '[:upper:]' '[:lower:]' 2>/dev/null) - if [[ "${PRODUCT}" != "artifactory" && "${PRODUCT}" != "distribution" && "${PRODUCT}" != "xray" ]]; then - errorExit "migration.product in [${MIGRATION_SYSTEM_YAML_INFO}] is not correct, please set based on product as ARTIFACTORY or DISTRIBUTION" - fi - if [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then - JF_USER="${PRODUCT}" - fi -} -# Compare product version with minProductVersion and maxProductVersion -migrateCheckVersion () { - local productVersion="$1" - local minProductVersion="$2" - local maxProductVersion="$3" - local productVersion618="6.18.0" - local unSupportedProductVersions7=("7.2.0 7.2.1") - - if [[ "$(io_compareVersions "${productVersion}" "${maxProductVersion}")" -eq 0 || "$(io_compareVersions "${productVersion}" "${maxProductVersion}")" -eq 1 ]]; then - logger "Migration not necessary. ${PRODUCT} is already ${productVersion}" - exit 11 - elif [[ "$(io_compareVersions "${productVersion}" "${minProductVersion}")" -eq 0 || "$(io_compareVersions "${productVersion}" "${minProductVersion}")" -eq 1 ]]; then - if [[ ("$(io_compareVersions "${productVersion}" "${productVersion618}")" -eq 0 || "$(io_compareVersions "${productVersion}" "${productVersion618}")" -eq 1) && " ${unSupportedProductVersions7[@]} " =~ " ${CURRENT_VERSION} " ]]; then - touch /tmp/error; - errorExit "Current ${PRODUCT} version (${productVersion}) does not support migration to ${CURRENT_VERSION}" - else - bannerStart "Detected ${PRODUCT} ${productVersion}, initiating migration" - fi - else - logger "Current ${PRODUCT} ${productVersion} version is not supported for migration" - exit 1 - fi -} - -getProductVersion () { - local minProductVersion="$1" - local maxProductVersion="$2" - local newfilePath="$3" - local oldfilePath="$4" - local propertyInDocker="$5" - local property="$6" - local productVersion= - local status= - - if [[ "$INSTALLER" == "${COMPOSE_TYPE}" ]]; then - if [[ -f "${oldfilePath}" ]]; then - if [[ "${PRODUCT}" == "artifactory" ]]; then - productVersion="$(readKey "${property}" "${oldfilePath}")" - else - productVersion="$(cat "${oldfilePath}")" - fi - status="success" - elif [[ -f "${newfilePath}" ]]; then - productVersion="$(readKey "${propertyInDocker}" "${newfilePath}")" - status="fail" - else - logger "File [${oldfilePath}] or [${newfilePath}] not found to get current version." - exit 0 - fi - elif [[ "$INSTALLER" == "${HELM_TYPE}" ]]; then - if [[ -f "${oldfilePath}" ]]; then - if [[ "${PRODUCT}" == "artifactory" ]]; then - productVersion="$(readKey "${property}" "${oldfilePath}")" - else - productVersion="$(cat "${oldfilePath}")" - fi - status="success" - else - productVersion="${CURRENT_VERSION}" - [[ -z "${productVersion}" || "${productVersion}" == "" ]] && logger "${PRODUCT} CURRENT_VERSION is not set" && exit 0 - fi - else - if [[ -f "${newfilePath}" ]]; then - productVersion="$(readKey "${property}" "${newfilePath}")" - status="fail" - elif [[ -f "${oldfilePath}" ]]; then - productVersion="$(readKey "${property}" "${oldfilePath}")" - status="success" - else - if [[ "${INSTALLER}" == "${ZIP_TYPE}" ]]; then - logger "File [${newfilePath}] not found to get current version." - else - logger "File [${oldfilePath}] or [${newfilePath}] not found to get current version." - fi - exit 0 - fi - fi - if [[ -z "${productVersion}" || "${productVersion}" == "" ]]; then - [[ "${status}" == "success" ]] && logger "No version found in file [${oldfilePath}]." - [[ "${status}" == "fail" ]] && logger "No version found in file [${newfilePath}]." - exit 0 - fi - - migrateCheckVersion "${productVersion}" "${minProductVersion}" "${maxProductVersion}" -} - -readKey () { - local property="$1" - local file="$2" - local version= - - while IFS='=' read -r key value || [ -n "${key}" ]; - do - [[ ! "${key}" =~ \#.* && ! -z "${key}" && ! -z "${value}" ]] - key="$(io_trim "${key}")" - if [[ "${key}" == "${property}" ]]; then - version="${value}" && check=true && break - else - check=false - fi - done < "${file}" - if [[ "${check}" == "false" ]]; then - return - fi - echo "${version}" -} - -# create Log directory -createLogDir () { - if [[ "${INSTALLER}" == "${DEB_TYPE}" || "${INSTALLER}" == "${RPM_TYPE}" ]]; then - getUserAndGroupFromFile - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/log" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" - fi -} - -# Creating migration log file -creationMigrateLog () { - local LOG_FILE_NAME="migration.log" - createLogDir - local MIGRATION_LOG_FILE="${NEW_DATA_DIR}/log/${LOG_FILE_NAME}" - if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then - MIGRATION_LOG_FILE="${SCRIPT_HOME}/${LOG_FILE_NAME}" - fi - touch "${MIGRATION_LOG_FILE}" - setFilePermission "${LOG_FILE_PERMISSION}" "${MIGRATION_LOG_FILE}" - exec &> >(tee -a "${MIGRATION_LOG_FILE}") -} -# Set path where system.yaml should create -setSystemYamlPath () { - SYSTEM_YAML_PATH="${NEW_DATA_DIR}/etc/system.yaml" - if [[ "${INSTALLER}" != "${HELM_TYPE}" ]]; then - logger "system.yaml will be created in path [${SYSTEM_YAML_PATH}]" - fi -} -# Create directory -createDirectory () { - local directory="$1" - local output="$2" - local check=false - local message="Could not create directory ${directory}, please check if the user ${USER} has permissions to perform this action" - removeSoftLink "${directory}" - mkdir -p "${directory}" && check=true || check=false - if [[ "${check}" == "false" ]]; then - if [[ "${output}" == "Warning" ]]; then - warn "${message}" - else - errorExit "${message}" - fi - fi - setOwnershipBasedOnInstaller "${directory}" -} - -setOwnershipBasedOnInstaller () { - local directory="$1" - if [[ "${INSTALLER}" == "${DEB_TYPE}" || "${INSTALLER}" == "${RPM_TYPE}" ]]; then - getUserAndGroupFromFile - chown -R ${USER_TO_CHECK}:${GROUP_TO_CHECK} "${directory}" || warn "Setting ownership on $directory failed" - elif [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then - io_setOwnership "${directory}" "${JF_USER}" "${JF_USER}" - fi -} - -getUserAndGroup () { - local file="$1" - read uid gid <<<$(stat -c '%U %G' ${file}) - USER_TO_CHECK="${uid}" - GROUP_TO_CHECK="${gid}" -} - -# set ownership -getUserAndGroupFromFile () { - case $PRODUCT in - artifactory) - getUserAndGroup "/etc/opt/jfrog/artifactory/artifactory.properties" - ;; - distribution) - getUserAndGroup "${OLD_DATA_DIR}/etc/versions.properties" - ;; - xray) - getUserAndGroup "${OLD_DATA_DIR}/security/master.key" - ;; - esac -} - -# creating required directories -createRequiredDirs () { - bannerSubSection "CREATING REQUIRED DIRECTORIES" - if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/etc/security" "${JF_USER}" "${JF_USER}" "yes" - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/data" "${JF_USER}" "${JF_USER}" "yes" - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/log/archived" "${JF_USER}" "${JF_USER}" "yes" - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/work" "${JF_USER}" "${JF_USER}" "yes" - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/backup" "${JF_USER}" "${JF_USER}" "yes" - io_setOwnership "${NEW_DATA_DIR}" "${JF_USER}" "${JF_USER}" - if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" ]]; then - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/data/postgres" "${POSTGRES_USER}" "${POSTGRES_USER}" "yes" - fi - elif [[ "${INSTALLER}" == "${DEB_TYPE}" || "${INSTALLER}" == "${RPM_TYPE}" ]]; then - getUserAndGroupFromFile - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/etc" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" "yes" - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/etc/security" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" "yes" - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/data" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" "yes" - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/log/archived" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" "yes" - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/work" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" "yes" - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/backup" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" "yes" - fi -} - -# Check entry in map is format -checkMapEntry () { - local entry="$1" - - [[ "${entry}" != *"="* ]] && echo -n "false" || echo -n "true" -} -# Check value Empty and warn -warnIfEmpty () { - local filePath="$1" - local yamlPath="$2" - local check= - - if [[ -z "${filePath}" ]]; then - warn "Empty value in yamlpath [${yamlPath} in [${MIGRATION_SYSTEM_YAML_INFO}]" - check=false - else - check=true - fi - echo "${check}" -} - -logCopyStatus () { - local status="$1" - local logMessage="$2" - local warnMessage="$3" - - [[ "${status}" == "success" ]] && logger "${logMessage}" - [[ "${status}" == "fail" ]] && warn "${warnMessage}" -} -# copy contents from source to destination -copyCmd () { - local source="$1" - local target="$2" - local mode="$3" - local status= - - case $mode in - unique) - cp -up "${source}"/* "${target}"/ && status="success" || status="fail" - logCopyStatus "${status}" "Successfully copied directory contents from [${source}] to [${target}]" "Failed to copy directory contents from [${source}] to [${target}]" - ;; - specific) - cp -pf "${source}" "${target}"/ && status="success" || status="fail" - logCopyStatus "${status}" "Successfully copied file [${source}] to [${target}]" "Failed to copy file [${source}] to [${target}]" - ;; - patternFiles) - cp -pf "${source}"* "${target}"/ && status="success" || status="fail" - logCopyStatus "${status}" "Successfully copied files matching [${source}*] to [${target}]" "Failed to copy files matching [${source}*] to [${target}]" - ;; - full) - cp -prf "${source}"/* "${target}"/ && status="success" || status="fail" - logCopyStatus "${status}" "Successfully copied directory contents from [${source}] to [${target}]" "Failed to copy directory contents from [${source}] to [${target}]" - ;; - esac -} -# Check contents exist in source before copying -copyOnContentExist () { - local source="$1" - local target="$2" - local mode="$3" - - if [[ "$(checkContentExists "${source}")" == "true" ]]; then - copyCmd "${source}" "${target}" "${mode}" - else - logger "No contents to copy from [${source}]" - fi -} - -# move source to destination -moveCmd () { - local source="$1" - local target="$2" - local status= - - mv -f "${source}" "${target}" && status="success" || status="fail" - [[ "${status}" == "success" ]] && logger "Successfully moved directory [${source}] to [${target}]" - [[ "${status}" == "fail" ]] && warn "Failed to move directory [${source}] to [${target}]" -} - -# symlink target to source -symlinkCmd () { - local source="$1" - local target="$2" - local symlinkSubDir="$3" - local check=false - - if [[ "${symlinkSubDir}" == "subDir" ]]; then - ln -sf "${source}"/* "${target}" && check=true || check=false - else - ln -sf "${source}" "${target}" && check=true || check=false - fi - - [[ "${check}" == "true" ]] && logger "Successfully symlinked directory [${target}] to old [${source}]" - [[ "${check}" == "false" ]] && warn "Symlink operation failed" -} -# Check contents exist in source before symlinking -symlinkOnExist () { - local source="$1" - local target="$2" - local symlinkSubDir="$3" - - if [[ "$(checkContentExists "${source}")" == "true" ]]; then - if [[ "${symlinkSubDir}" == "subDir" ]]; then - symlinkCmd "${source}" "${target}" "subDir" - else - symlinkCmd "${source}" "${target}" - fi - else - logger "No contents to symlink from [${source}]" - fi -} - -prependDir () { - local absolutePath="$1" - local fullPath="$2" - local sourcePath= - - if [[ "${absolutePath}" = \/* ]]; then - sourcePath="${absolutePath}" - else - sourcePath="${fullPath}" - fi - echo "${sourcePath}" -} - -getFirstEntry (){ - local entry="$1" - - [[ -z "${entry}" ]] && return - echo "${entry}" | awk -F"=" '{print $1}' -} - -getSecondEntry () { - local entry="$1" - - [[ -z "${entry}" ]] && return - echo "${entry}" | awk -F"=" '{print $2}' -} -# To get absolutePath -pathResolver () { - local directoryPath="$1" - local dataDir= - - if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then - retrieveYamlValue "migration.oldDataDir" "oldDataDir" "Warning" - dataDir="${YAML_VALUE}" - cd "${dataDir}" - else - cd "${OLD_DATA_DIR}" - fi - absoluteDir="`cd "${directoryPath}";pwd`" - echo "${absoluteDir}" -} - -checkPathResolver () { - local value="$1" - - if [[ "${value}" == \/* ]]; then - value="${value}" - else - value="$(pathResolver "${value}")" - fi - echo "${value}" -} - -propertyMigrate () { - local entry="$1" - local filePath="$2" - local fileName="$3" - local check=false - - local yamlPath="$(getFirstEntry "${entry}")" - local property="$(getSecondEntry "${entry}")" - if [[ -z "${property}" ]]; then - warn "Property is empty in map [${entry}] in the file [${MIGRATION_SYSTEM_YAML_INFO}]" - return - fi - if [[ -z "${yamlPath}" ]]; then - warn "yamlPath is empty for [${property}] in [${MIGRATION_SYSTEM_YAML_INFO}]" - return - fi - while IFS='=' read -r key value || [ -n "${key}" ]; - do - [[ ! "${key}" =~ \#.* && ! -z "${key}" && ! -z "${value}" ]] - key="$(io_trim "${key}")" - if [[ "${key}" == "${property}" ]]; then - if [[ "${PRODUCT}" == "artifactory" ]]; then - value="$(migrateResolveDerbyPath "${key}" "${value}")" - value="$(migrateResolveHaDirPath "${key}" "${value}")" - value="$(updatePostgresUrlString_Hook "${yamlPath}" "${value}")" - fi - if [[ "${key}" == "context.url" ]]; then - local ip=$(echo "${value}" | awk -F/ '{print $3}' | sed 's/:.*//') - setSystemValue "shared.node.ip" "${ip}" "${SYSTEM_YAML_PATH}" - logger "Setting [shared.node.ip] with [${ip}] in system.yaml" - fi - setSystemValue "${yamlPath}" "${value}" "${SYSTEM_YAML_PATH}" && logger "Setting [${yamlPath}] with value of the property [${property}] in system.yaml" && check=true && break || check=false - fi - done < "${NEW_DATA_DIR}/${filePath}/${fileName}" - [[ "${check}" == "false" ]] && logger "Property [${property}] not found in file [${fileName}]" -} - -setHaEnabled_hook () { - echo "" -} - -migratePropertiesFiles () { - local fileList= - local filePath= - local fileName= - local map= - - retrieveYamlValue "migration.propertyFiles.files" "fileList" "Skip" - fileList="${YAML_VALUE}" - if [[ -z "${fileList}" ]]; then - return - fi - bannerSection "PROCESSING MIGRATION OF PROPERTY FILES" - for file in ${fileList}; - do - bannerSubSection "Processing Migration of $file" - retrieveYamlValue "migration.propertyFiles.$file.filePath" "filePath" "Warning" - filePath="${YAML_VALUE}" - retrieveYamlValue "migration.propertyFiles.$file.fileName" "fileName" "Warning" - fileName="${YAML_VALUE}" - [[ -z "${filePath}" && -z "${fileName}" ]] && continue - if [[ "$(checkFileExists "${NEW_DATA_DIR}/${filePath}/${fileName}")" == "true" ]]; then - logger "File [${fileName}] found in path [${NEW_DATA_DIR}/${filePath}]" - # setting haEnabled with true only if ha-node.properties is present - setHaEnabled_hook "${filePath}" - retrieveYamlValue "migration.propertyFiles.$file.map" "map" "Warning" - map="${YAML_VALUE}" - [[ -z "${map}" ]] && continue - for entry in $map; - do - if [[ "$(checkMapEntry "${entry}")" == "true" ]]; then - propertyMigrate "${entry}" "${filePath}" "${fileName}" - else - warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e yamlPath=property" - fi - done - else - logger "File [${fileName}] was not found in path [${NEW_DATA_DIR}/${filePath}] to migrate" - fi - done -} - -createTargetDir () { - local mountDir="$1" - local target="$2" - - logger "Target directory not found [${mountDir}/${target}], creating it" - createDirectoryRecursive "${mountDir}" "${target}" "Warning" -} - -createDirectoryRecursive () { - local mountDir="$1" - local target="$2" - local output="$3" - local check=false - local message="Could not create directory ${directory}, please check if the user ${USER} has permissions to perform this action" - removeSoftLink "${mountDir}/${target}" - local directory=$(echo "${target}" | tr '/' ' ' ) - local targetDir="${mountDir}" - for dir in ${directory}; - do - targetDir="${targetDir}/${dir}" - mkdir -p "${targetDir}" && check=true || check=false - setOwnershipBasedOnInstaller "${targetDir}" - done - if [[ "${check}" == "false" ]]; then - if [[ "${output}" == "Warning" ]]; then - warn "${message}" - else - errorExit "${message}" - fi - fi -} - -copyOperation () { - local source="$1" - local target="$2" - local mode="$3" - local check=false - local targetDataDir= - local targetLink= - local date= - - # prepend OLD_DATA_DIR only if source is relative path - source="$(prependDir "${source}" "${OLD_DATA_DIR}/${source}")" - if [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then - targetDataDir="${NEW_DATA_DIR}" - else - targetDataDir="`cd "${NEW_DATA_DIR}"/../;pwd`" - fi - copyLogMessage "${mode}" - #remove source if it is a symlink - if [[ -L "${source}" ]]; then - targetLink=$(readlink -f "${source}") - logger "Removing the symlink [${source}] pointing to [${targetLink}]" - rm -f "${source}" - source=${targetLink} - fi - if [[ "$(checkDirExists "${source}")" != "true" ]]; then - logger "Source [${source}] directory not found in path" - return - fi - if [[ "$(checkDirContents "${source}")" != "true" ]]; then - logger "No contents to copy from [${source}]" - return - fi - if [[ "$(checkDirExists "${targetDataDir}/${target}")" != "true" ]]; then - createTargetDir "${targetDataDir}" "${target}" - fi - copyOnContentExist "${source}" "${targetDataDir}/${target}" "${mode}" -} - -copySpecificFiles () { - local source="$1" - local target="$2" - local mode="$3" - - # prepend OLD_DATA_DIR only if source is relative path - source="$(prependDir "${source}" "${OLD_DATA_DIR}/${source}")" - if [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then - targetDataDir="${NEW_DATA_DIR}" - else - targetDataDir="`cd "${NEW_DATA_DIR}"/../;pwd`" - fi - copyLogMessage "${mode}" - if [[ "$(checkFileExists "${source}")" != "true" ]]; then - logger "Source file [${source}] does not exist in path" - return - fi - if [[ "$(checkDirExists "${targetDataDir}/${target}")" != "true" ]]; then - createTargetDir "${targetDataDir}" "${target}" - fi - copyCmd "${source}" "${targetDataDir}/${target}" "${mode}" -} - -copyPatternMatchingFiles () { - local source="$1" - local target="$2" - local mode="$3" - local sourcePath="${4}" - - # prepend OLD_DATA_DIR only if source is relative path - sourcePath="$(prependDir "${sourcePath}" "${OLD_DATA_DIR}/${sourcePath}")" - if [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then - targetDataDir="${NEW_DATA_DIR}" - else - targetDataDir="`cd "${NEW_DATA_DIR}"/../;pwd`" - fi - copyLogMessage "${mode}" - if [[ "$(checkDirExists "${sourcePath}")" != "true" ]]; then - logger "Source [${sourcePath}] directory not found in path" - return - fi - if ls "${sourcePath}/${source}"* 1> /dev/null 2>&1; then - if [[ "$(checkDirExists "${targetDataDir}/${target}")" != "true" ]]; then - createTargetDir "${targetDataDir}" "${target}" - fi - copyCmd "${sourcePath}/${source}" "${targetDataDir}/${target}" "${mode}" - else - logger "Source file [${sourcePath}/${source}*] does not exist in path" - fi -} - -copyLogMessage () { - local mode="$1" - case $mode in - specific) - logger "Copy file [${source}] to target [${targetDataDir}/${target}]" - ;; - patternFiles) - logger "Copy files matching [${sourcePath}/${source}*] to target [${targetDataDir}/${target}]" - ;; - full) - logger "Copy directory contents from source [${source}] to target [${targetDataDir}/${target}]" - ;; - unique) - logger "Copy directory contents from source [${source}] to target [${targetDataDir}/${target}]" - ;; - esac -} - -copyBannerMessages () { - local mode="$1" - local textMode="$2" - case $mode in - specific) - bannerSection "COPY ${textMode} FILES" - ;; - patternFiles) - bannerSection "COPY MATCHING ${textMode}" - ;; - full) - bannerSection "COPY ${textMode} DIRECTORIES CONTENTS" - ;; - unique) - bannerSection "COPY ${textMode} DIRECTORIES CONTENTS" - ;; - esac -} - -invokeCopyFunctions () { - local mode="$1" - local source="$2" - local target="$3" - - case $mode in - specific) - copySpecificFiles "${source}" "${target}" "${mode}" - ;; - patternFiles) - retrieveYamlValue "migration.${copyFormat}.sourcePath" "map" "Warning" - local sourcePath="${YAML_VALUE}" - copyPatternMatchingFiles "${source}" "${target}" "${mode}" "${sourcePath}" - ;; - full) - copyOperation "${source}" "${target}" "${mode}" - ;; - unique) - copyOperation "${source}" "${target}" "${mode}" - ;; - esac -} -# Copies contents from source directory and target directory -copyDataDirectories () { - local copyFormat="$1" - local mode="$2" - local map= - local source= - local target= - local textMode= - local targetDataDir= - local copyFormatValue= - - retrieveYamlValue "migration.${copyFormat}" "${copyFormat}" "Skip" - copyFormatValue="${YAML_VALUE}" - if [[ -z "${copyFormatValue}" ]]; then - return - fi - textMode=$(echo "${mode}" | tr '[:lower:]' '[:upper:]' 2>/dev/null) - copyBannerMessages "${mode}" "${textMode}" - retrieveYamlValue "migration.${copyFormat}.map" "map" "Warning" - map="${YAML_VALUE}" - if [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then - targetDataDir="${NEW_DATA_DIR}" - else - targetDataDir="`cd "${NEW_DATA_DIR}"/../;pwd`" - fi - for entry in $map; - do - if [[ "$(checkMapEntry "${entry}")" == "true" ]]; then - source="$(getSecondEntry "${entry}")" - target="$(getFirstEntry "${entry}")" - [[ -z "${source}" ]] && warn "source value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue - [[ -z "${target}" ]] && warn "target value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue - invokeCopyFunctions "${mode}" "${source}" "${target}" - else - warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e target=source" - fi - echo ""; - done -} - -invokeMoveFunctions () { - local source="$1" - local target="$2" - local sourceDataDir= - local targetBasename= - # prepend OLD_DATA_DIR only if source is relative path - sourceDataDir=$(prependDir "${source}" "${OLD_DATA_DIR}/${source}") - targetBasename=$(dirname "${target}") - logger "Moving directory source [${sourceDataDir}] to target [${NEW_DATA_DIR}/${target}]" - if [[ "$(checkDirExists "${sourceDataDir}")" != "true" ]]; then - logger "Directory [${sourceDataDir}] not found in path to move" - return - fi - if [[ "$(checkDirExists "${NEW_DATA_DIR}/${targetBasename}")" != "true" ]]; then - createTargetDir "${NEW_DATA_DIR}" "${targetBasename}" - moveCmd "${sourceDataDir}" "${NEW_DATA_DIR}/${target}" - else - moveCmd "${sourceDataDir}" "${NEW_DATA_DIR}/tempDir" - moveCmd "${NEW_DATA_DIR}/tempDir" "${NEW_DATA_DIR}/${target}" - fi -} - -# Move source directory and target directory -moveDirectories () { - local moveDataDirectories= - local map= - local source= - local target= - - retrieveYamlValue "migration.moveDirectories" "moveDirectories" "Skip" - moveDirectories="${YAML_VALUE}" - if [[ -z "${moveDirectories}" ]]; then - return - fi - bannerSection "MOVE DIRECTORIES" - retrieveYamlValue "migration.moveDirectories.map" "map" "Warning" - map="${YAML_VALUE}" - for entry in $map; - do - if [[ "$(checkMapEntry "${entry}")" == "true" ]]; then - source="$(getSecondEntry "${entry}")" - target="$(getFirstEntry "${entry}")" - [[ -z "${source}" ]] && warn "source value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue - [[ -z "${target}" ]] && warn "target value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue - invokeMoveFunctions "${source}" "${target}" - else - warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e target=source" - fi - echo ""; - done -} - -# Trim masterKey if its generated using hex 32 -trimMasterKey () { - local masterKeyDir=/opt/jfrog/artifactory/var/etc/security - local oldMasterKey=$(<${masterKeyDir}/master.key) - local oldMasterKey_Length=$(echo ${#oldMasterKey}) - local newMasterKey= - if [[ ${oldMasterKey_Length} -gt 32 ]]; then - bannerSection "TRIM MASTERKEY" - newMasterKey=$(echo ${oldMasterKey:0:32}) - cp ${masterKeyDir}/master.key ${masterKeyDir}/backup_master.key - logger "Original masterKey is backed up : ${masterKeyDir}/backup_master.key" - rm -rf ${masterKeyDir}/master.key - echo ${newMasterKey} > ${masterKeyDir}/master.key - logger "masterKey is trimmed : ${masterKeyDir}/master.key" - fi -} - -copyDirectories () { - - copyDataDirectories "copyFiles" "full" - copyDataDirectories "copyUniqueFiles" "unique" - copyDataDirectories "copySpecificFiles" "specific" - copyDataDirectories "copyPatternMatchingFiles" "patternFiles" -} - -symlinkDir () { - local source="$1" - local target="$2" - local targetDir= - local basename= - local targetParentDir= - - targetDir="$(dirname "${target}")" - if [[ "${targetDir}" == "${source}" ]]; then - # symlink the sub directories - createDirectory "${NEW_DATA_DIR}/${target}" "Warning" - if [[ "$(checkDirExists "${NEW_DATA_DIR}/${target}")" == "true" ]]; then - symlinkOnExist "${OLD_DATA_DIR}/${source}" "${NEW_DATA_DIR}/${target}" "subDir" - basename="$(basename "${target}")" - cd "${NEW_DATA_DIR}/${target}" && rm -f "${basename}" - fi - else - targetParentDir="$(dirname "${NEW_DATA_DIR}/${target}")" - createDirectory "${targetParentDir}" "Warning" - if [[ "$(checkDirExists "${targetParentDir}")" == "true" ]]; then - symlinkOnExist "${OLD_DATA_DIR}/${source}" "${NEW_DATA_DIR}/${target}" - fi - fi -} - -symlinkOperation () { - local source="$1" - local target="$2" - local check=false - local targetLink= - local date= - - # Check if source is a link and do symlink - if [[ -L "${OLD_DATA_DIR}/${source}" ]]; then - targetLink=$(readlink -f "${OLD_DATA_DIR}/${source}") - symlinkOnExist "${targetLink}" "${NEW_DATA_DIR}/${target}" - else - # check if source is directory and do symlink - if [[ "$(checkDirExists "${OLD_DATA_DIR}/${source}")" != "true" ]]; then - logger "Source [${source}] directory not found in path to symlink" - return - fi - if [[ "$(checkDirContents "${OLD_DATA_DIR}/${source}")" != "true" ]]; then - logger "No contents found in [${OLD_DATA_DIR}/${source}] to symlink" - return - fi - if [[ "$(checkDirExists "${NEW_DATA_DIR}/${target}")" != "true" ]]; then - logger "Target directory [${NEW_DATA_DIR}/${target}] does not exist to create symlink, creating it" - symlinkDir "${source}" "${target}" - else - rm -rf "${NEW_DATA_DIR}/${target}" && check=true || check=false - [[ "${check}" == "false" ]] && warn "Failed to remove contents in [${NEW_DATA_DIR}/${target}/]" - symlinkDir "${source}" "${target}" - fi - fi -} -# Creates a symlink path - Source directory to which the symbolic link should point. -symlinkDirectories () { - local linkFiles= - local map= - local source= - local target= - - retrieveYamlValue "migration.linkFiles" "linkFiles" "Skip" - linkFiles="${YAML_VALUE}" - if [[ -z "${linkFiles}" ]]; then - return - fi - bannerSection "SYMLINK DIRECTORIES" - retrieveYamlValue "migration.linkFiles.map" "map" "Warning" - map="${YAML_VALUE}" - for entry in $map; - do - if [[ "$(checkMapEntry "${entry}")" == "true" ]]; then - source="$(getSecondEntry "${entry}")" - target="$(getFirstEntry "${entry}")" - logger "Symlink directory [${NEW_DATA_DIR}/${target}] to old [${OLD_DATA_DIR}/${source}]" - [[ -z "${source}" ]] && warn "source value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue - [[ -z "${target}" ]] && warn "target value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue - symlinkOperation "${source}" "${target}" - else - warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e target=source" - fi - echo ""; - done -} - -updateConnectionString () { - local yamlPath="$1" - local value="$2" - local mongoPath="shared.mongo.url" - local rabbitmqPath="shared.rabbitMq.url" - local postgresPath="shared.database.url" - local redisPath="shared.redis.connectionString" - local mongoConnectionString="mongo.connectionString" - local sourceKey= - local hostIp=$(io_getPublicHostIP) - local hostKey= - - if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then - # Replace @postgres:,@mongodb:,@rabbitmq:,@redis: to @{hostIp}: (Compose Installer) - hostKey="@${hostIp}:" - case $yamlPath in - ${postgresPath}) - sourceKey="@postgres:" - value=$(io_replaceString "${value}" "${sourceKey}" "${hostKey}") - ;; - ${mongoPath}) - sourceKey="@mongodb:" - value=$(io_replaceString "${value}" "${sourceKey}" "${hostKey}") - ;; - ${rabbitmqPath}) - sourceKey="@rabbitmq:" - value=$(io_replaceString "${value}" "${sourceKey}" "${hostKey}") - ;; - ${redisPath}) - sourceKey="@redis:" - value=$(io_replaceString "${value}" "${sourceKey}" "${hostKey}") - ;; - ${mongoConnectionString}) - sourceKey="@mongodb:" - value=$(io_replaceString "${value}" "${sourceKey}" "${hostKey}") - ;; - esac - fi - echo -n "${value}" -} - -yamlMigrate () { - local entry="$1" - local sourceFile="$2" - local value= - local yamlPath= - local key= - yamlPath="$(getFirstEntry "${entry}")" - key="$(getSecondEntry "${entry}")" - if [[ -z "${key}" ]]; then - warn "key is empty in map [${entry}] in the file [${MIGRATION_SYSTEM_YAML_INFO}]" - return - fi - if [[ -z "${yamlPath}" ]]; then - warn "yamlPath is empty for [${key}] in [${MIGRATION_SYSTEM_YAML_INFO}]" - return - fi - getYamlValue "${key}" "${sourceFile}" "false" - value="${YAML_VALUE}" - if [[ ! -z "${value}" ]]; then - value=$(updateConnectionString "${yamlPath}" "${value}") - fi - if [[ "${PRODUCT}" == "artifactory" ]]; then - replicatorProfiling - fi - if [[ -z "${value}" ]]; then - logger "No value for [${key}] in [${sourceFile}]" - else - setSystemValue "${yamlPath}" "${value}" "${SYSTEM_YAML_PATH}" - logger "Setting [${yamlPath}] with value of the key [${key}] in system.yaml" - fi -} - -migrateYamlFile () { - local files= - local filePath= - local fileName= - local sourceFile= - local map= - retrieveYamlValue "migration.yaml.files" "files" "Skip" - files="${YAML_VALUE}" - if [[ -z "${files}" ]]; then - return - fi - bannerSection "MIGRATION OF YAML FILES" - for file in $files; - do - bannerSubSection "Processing Migration of $file" - retrieveYamlValue "migration.yaml.$file.filePath" "filePath" "Warning" - filePath="${YAML_VALUE}" - retrieveYamlValue "migration.yaml.$file.fileName" "fileName" "Warning" - fileName="${YAML_VALUE}" - [[ -z "${filePath}" && -z "${fileName}" ]] && continue - sourceFile="${NEW_DATA_DIR}/${filePath}/${fileName}" - if [[ "$(checkFileExists "${sourceFile}")" == "true" ]]; then - logger "File [${fileName}] found in path [${NEW_DATA_DIR}/${filePath}]" - retrieveYamlValue "migration.yaml.$file.map" "map" "Warning" - map="${YAML_VALUE}" - [[ -z "${map}" ]] && continue - for entry in $map; - do - if [[ "$(checkMapEntry "${entry}")" == "true" ]]; then - yamlMigrate "${entry}" "${sourceFile}" - else - warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e yamlPath=key" - fi - done - else - logger "File [${fileName}] is not found in path [${NEW_DATA_DIR}/${filePath}] to migrate" - fi - done -} -# updates the key and value in system.yaml -updateYamlKeyValue () { - local entry="$1" - local value= - local yamlPath= - local key= - - yamlPath="$(getFirstEntry "${entry}")" - value="$(getSecondEntry "${entry}")" - if [[ -z "${value}" ]]; then - warn "value is empty in map [${entry}] in the file [${MIGRATION_SYSTEM_YAML_INFO}]" - return - fi - if [[ -z "${yamlPath}" ]]; then - warn "yamlPath is empty for [${key}] in [${MIGRATION_SYSTEM_YAML_INFO}]" - return - fi - setSystemValue "${yamlPath}" "${value}" "${SYSTEM_YAML_PATH}" - logger "Setting [${yamlPath}] with value [${value}] in system.yaml" -} - -updateSystemYamlFile () { - local updateYaml= - local map= - - retrieveYamlValue "migration.updateSystemYaml" "updateYaml" "Skip" - updateSystemYaml="${YAML_VALUE}" - if [[ -z "${updateSystemYaml}" ]]; then - return - fi - bannerSection "UPDATE SYSTEM YAML FILE WITH KEY AND VALUES" - retrieveYamlValue "migration.updateSystemYaml.map" "map" "Warning" - map="${YAML_VALUE}" - if [[ -z "${map}" ]]; then - return - fi - for entry in $map; - do - if [[ "$(checkMapEntry "${entry}")" == "true" ]]; then - updateYamlKeyValue "${entry}" - else - warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e yamlPath=key" - fi - done -} - -backupFiles_hook () { - logSilly "Method ${FUNCNAME[0]}" -} - -backupDirectory () { - local backupDir="$1" - local dir="$2" - local targetDir="$3" - local effectiveUser= - local effectiveGroup= - - if [[ "${dir}" = \/* ]]; then - dir=$(echo "${dir/\//}") - fi - - if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then - effectiveUser="${JF_USER}" - effectiveGroup="${JF_USER}" - elif [[ "${INSTALLER}" == "${DEB_TYPE}" || "${INSTALLER}" == "${RPM_TYPE}" ]]; then - effectiveUser="${USER_TO_CHECK}" - effectiveGroup="${GROUP_TO_CHECK}" - fi - - removeSoftLinkAndCreateDir "${backupDir}" "${effectiveUser}" "${effectiveGroup}" "yes" - local backupDirectory="${backupDir}/${PRODUCT}" - removeSoftLinkAndCreateDir "${backupDirectory}" "${effectiveUser}" "${effectiveGroup}" "yes" - removeSoftLinkAndCreateDir "${backupDirectory}/${dir}" "${effectiveUser}" "${effectiveGroup}" "yes" - local outputCheckDirExists="$(checkDirExists "${backupDirectory}/${dir}")" - if [[ "${outputCheckDirExists}" == "true" ]]; then - copyOnContentExist "${targetDir}" "${backupDirectory}/${dir}" "full" - fi -} - -removeOldDirectory () { - local backupDir="$1" - local entry="$2" - local check=false - - # prepend OLD_DATA_DIR only if entry is relative path - local targetDir="$(prependDir "${entry}" "${OLD_DATA_DIR}/${entry}")" - local outputCheckDirExists="$(checkDirExists "${targetDir}")" - if [[ "${outputCheckDirExists}" != "true" ]]; then - logger "No [${targetDir}] directory found to delete" - echo ""; - return - fi - backupDirectory "${backupDir}" "${entry}" "${targetDir}" - rm -rf "${targetDir}" && check=true || check=false - [[ "${check}" == "true" ]] && logger "Successfully removed directory [${targetDir}]" - [[ "${check}" == "false" ]] && warn "Failed to remove directory [${targetDir}]" - echo ""; -} - -cleanUpOldDataDirectories () { - local cleanUpOldDataDir= - local map= - local entry= - - retrieveYamlValue "migration.cleanUpOldDataDir" "cleanUpOldDataDir" "Skip" - cleanUpOldDataDir="${YAML_VALUE}" - if [[ -z "${cleanUpOldDataDir}" ]]; then - return - fi - bannerSection "CLEAN UP OLD DATA DIRECTORIES" - retrieveYamlValue "migration.cleanUpOldDataDir.map" "map" "Warning" - map="${YAML_VALUE}" - [[ -z "${map}" ]] && continue - date="$(date +%Y%m%d%H%M)" - backupDir="${NEW_DATA_DIR}/backup/backup-${date}" - bannerImportant "****** Old data configurations are backedup in [${backupDir}] directory ******" - backupFiles_hook "${backupDir}/${PRODUCT}" - for entry in $map; - do - removeOldDirectory "${backupDir}" "${entry}" - done -} - -backupFiles () { - local backupDir="$1" - local dir="$2" - local targetDir="$3" - local fileName="$4" - local effectiveUser= - local effectiveGroup= - - if [[ "${dir}" = \/* ]]; then - dir=$(echo "${dir/\//}") - fi - - if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then - effectiveUser="${JF_USER}" - effectiveGroup="${JF_USER}" - elif [[ "${INSTALLER}" == "${DEB_TYPE}" || "${INSTALLER}" == "${RPM_TYPE}" ]]; then - effectiveUser="${USER_TO_CHECK}" - effectiveGroup="${GROUP_TO_CHECK}" - fi - - removeSoftLinkAndCreateDir "${backupDir}" "${effectiveUser}" "${effectiveGroup}" "yes" - local backupDirectory="${backupDir}/${PRODUCT}" - removeSoftLinkAndCreateDir "${backupDirectory}" "${effectiveUser}" "${effectiveGroup}" "yes" - removeSoftLinkAndCreateDir "${backupDirectory}/${dir}" "${effectiveUser}" "${effectiveGroup}" "yes" - local outputCheckDirExists="$(checkDirExists "${backupDirectory}/${dir}")" - if [[ "${outputCheckDirExists}" == "true" ]]; then - copyCmd "${targetDir}/${fileName}" "${backupDirectory}/${dir}" "specific" - fi -} - -removeOldFiles () { - local backupDir="$1" - local directoryName="$2" - local fileName="$3" - local check=false - - # prepend OLD_DATA_DIR only if entry is relative path - local targetDir="$(prependDir "${directoryName}" "${OLD_DATA_DIR}/${directoryName}")" - local outputCheckFileExists="$(checkFileExists "${targetDir}/${fileName}")" - if [[ "${outputCheckFileExists}" != "true" ]]; then - logger "No [${targetDir}/${fileName}] file found to delete" - return - fi - backupFiles "${backupDir}" "${directoryName}" "${targetDir}" "${fileName}" - rm -f "${targetDir}/${fileName}" && check=true || check=false - [[ "${check}" == "true" ]] && logger "Successfully removed file [${targetDir}/${fileName}]" - [[ "${check}" == "false" ]] && warn "Failed to remove file [${targetDir}/${fileName}]" - echo ""; -} - -cleanUpOldFiles () { - local cleanUpFiles= - local map= - local entry= - - retrieveYamlValue "migration.cleanUpOldFiles" "cleanUpOldFiles" "Skip" - cleanUpOldFiles="${YAML_VALUE}" - if [[ -z "${cleanUpOldFiles}" ]]; then - return - fi - bannerSection "CLEAN UP OLD FILES" - retrieveYamlValue "migration.cleanUpOldFiles.map" "map" "Warning" - map="${YAML_VALUE}" - [[ -z "${map}" ]] && continue - date="$(date +%Y%m%d%H%M)" - backupDir="${NEW_DATA_DIR}/backup/backup-${date}" - bannerImportant "****** Old files are backedup in [${backupDir}] directory ******" - for entry in $map; - do - local outputCheckMapEntry="$(checkMapEntry "${entry}")" - if [[ "${outputCheckMapEntry}" != "true" ]]; then - warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e directoryName=fileName" - fi - local fileName="$(getSecondEntry "${entry}")" - local directoryName="$(getFirstEntry "${entry}")" - [[ -z "${fileName}" ]] && warn "File name value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue - [[ -z "${directoryName}" ]] && warn "Directory name value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue - removeOldFiles "${backupDir}" "${directoryName}" "${fileName}" - echo ""; - done -} - -startMigration () { - bannerSection "STARTING MIGRATION" -} - -endMigration () { - bannerSection "MIGRATION COMPLETED SUCCESSFULLY" -} - -initialize () { - setAppDir - _pauseExecution "setAppDir" - initHelpers - _pauseExecution "initHelpers" - checkMigrationInfoYaml - _pauseExecution "checkMigrationInfoYaml" - getProduct - _pauseExecution "getProduct" - getDataDir - _pauseExecution "getDataDir" -} - -main () { - case $PRODUCT in - artifactory) - migrateArtifactory - ;; - distribution) - migrateDistribution - ;; - xray) - migrationXray - ;; - esac - exit 0 -} - -# Ensures meta data is logged -LOG_BEHAVIOR_ADD_META="$FLAG_Y" - - -migrateResolveDerbyPath () { - local key="$1" - local value="$2" - - if [[ "${key}" == "url" && "${value}" == *"db.home"* ]]; then - if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" ]]; then - derbyPath="/opt/jfrog/artifactory/var/data/artifactory/derby" - value=$(echo "${value}" | sed "s|{db.home}|$derbyPath|") - else - derbyPath="${NEW_DATA_DIR}/data/artifactory/derby" - value=$(echo "${value}" | sed "s|{db.home}|$derbyPath|") - fi - fi - echo "${value}" -} - -migrateResolveHaDirPath () { - local key="$1" - local value="$2" - - if [[ "${INSTALLER}" == "${RPM_TYPE}" || "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" || "${INSTALLER}" == "${DEB_TYPE}" ]]; then - if [[ "${key}" == "artifactory.ha.data.dir" || "${key}" == "artifactory.ha.backup.dir" ]]; then - value=$(checkPathResolver "${value}") - fi - fi - echo "${value}" -} -updatePostgresUrlString_Hook () { - local yamlPath="$1" - local value="$2" - local hostIp=$(io_getPublicHostIP) - local sourceKey="//postgresql:" - if [[ "${yamlPath}" == "shared.database.url" ]]; then - value=$(io_replaceString "${value}" "${sourceKey}" "//${hostIp}:" "#") - fi - echo "${value}" -} -# Check Artifactory product version -checkArtifactoryVersion () { - local minProductVersion="6.0.0" - local maxProductVersion="7.0.0" - local propertyInDocker="ARTIFACTORY_VERSION" - local property="artifactory.version" - - if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" ]]; then - local newfilePath="${APP_DIR}/../.env" - local oldfilePath="${OLD_DATA_DIR}/etc/artifactory.properties" - elif [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then - local oldfilePath="${OLD_DATA_DIR}/etc/artifactory.properties" - elif [[ "${INSTALLER}" == "${ZIP_TYPE}" ]]; then - local newfilePath="${NEW_DATA_DIR}/etc/artifactory/artifactory.properties" - local oldfilePath="${OLD_DATA_DIR}/etc/artifactory.properties" - else - local newfilePath="${NEW_DATA_DIR}/etc/artifactory/artifactory.properties" - local oldfilePath="/etc/opt/jfrog/artifactory/artifactory.properties" - fi - - getProductVersion "${minProductVersion}" "${maxProductVersion}" "${newfilePath}" "${oldfilePath}" "${propertyInDocker}" "${property}" -} - -getCustomDataDir_hook () { - retrieveYamlValue "migration.oldDataDir" "oldDataDir" "Fail" - OLD_DATA_DIR="${YAML_VALUE}" -} - -# Get protocol value of connector -getXmlConnectorProtocol () { - local i="$1" - local filePath="$2" - local fileName="$3" - local protocolValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@protocol' ${filePath}/${fileName} 2>/dev/null |awk -F"=" '{print $2}' | tr -d '"') - echo -e "${protocolValue}" -} - -# Get all attributes of connector -getXmlConnectorAttributes () { - local i="$1" - local filePath="$2" - local fileName="$3" - local connectorAttributes=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@*' ${filePath}/${fileName} 2>/dev/null) - # strip leading and trailing spaces - connectorAttributes=$(io_trim "${connectorAttributes}") - echo "${connectorAttributes}" -} - -# Get port value of connector -getXmlConnectorPort () { - local i="$1" - local filePath="$2" - local fileName="$3" - local portValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@port' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') - echo -e "${portValue}" -} - -# Get maxThreads value of connector -getXmlConnectorMaxThreads () { - local i="$1" - local filePath="$2" - local fileName="$3" - local maxThreadValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@maxThreads' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') - echo -e "${maxThreadValue}" -} -# Get sendReasonPhrase value of connector -getXmlConnectorSendReasonPhrase () { - local i="$1" - local filePath="$2" - local fileName="$3" - local sendReasonPhraseValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@sendReasonPhrase' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') - echo -e "${sendReasonPhraseValue}" -} -# Get relaxedPathChars value of connector -getXmlConnectorRelaxedPathChars () { - local i="$1" - local filePath="$2" - local fileName="$3" - local relaxedPathCharsValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@relaxedPathChars' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') - # strip leading and trailing spaces - relaxedPathCharsValue=$(io_trim "${relaxedPathCharsValue}") - echo -e "${relaxedPathCharsValue}" -} -# Get relaxedQueryChars value of connector -getXmlConnectorRelaxedQueryChars () { - local i="$1" - local filePath="$2" - local fileName="$3" - local relaxedQueryCharsValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@relaxedQueryChars' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') - # strip leading and trailing spaces - relaxedQueryCharsValue=$(io_trim "${relaxedQueryCharsValue}") - echo -e "${relaxedQueryCharsValue}" -} - -# Updating system.yaml with Connector port -setConnectorPort () { - local yamlPath="$1" - local valuePort="$2" - local portYamlPath= - if [[ -z "${yamlPath}" ]]; then - return - fi - if [[ -z "${valuePort}" ]]; then - warn "port value is empty, could not migrate to system.yaml" - return - fi - ## Getting port yaml path from migration info yaml - retrieveYamlValue "${yamlPath}" portYamlPath "Warning" - portYamlPath="${YAML_VALUE}" - if [[ -z "${portYamlPath}" ]]; then - return - fi - setSystemValue "${portYamlPath}" "${valuePort}" "${SYSTEM_YAML_PATH}" - logger "Setting [${portYamlPath}] with value [${valuePort}] in system.yaml" -} - -# Updating system.yaml with Connector maxThreads -setConnectorMaxThread () { - local yamlPath="$1" - local threadValue="$2" - local maxThreadYamlPath= - if [[ -z "${yamlPath}" ]]; then - return - fi - if [[ -z "${threadValue}" ]]; then - return - fi - ## Getting max Threads yaml path from migration info yaml - retrieveYamlValue "${yamlPath}" maxThreadYamlPath "Warning" - maxThreadYamlPath="${YAML_VALUE}" - if [[ -z "${maxThreadYamlPath}" ]]; then - return - fi - setSystemValue "${maxThreadYamlPath}" "${threadValue}" "${SYSTEM_YAML_PATH}" - logger "Setting [${maxThreadYamlPath}] with value [${threadValue}] in system.yaml" -} - -# Updating system.yaml with Connector sendReasonPhrase -setConnectorSendReasonPhrase () { - local yamlPath="$1" - local sendReasonPhraseValue="$2" - local sendReasonPhraseYamlPath= - if [[ -z "${yamlPath}" ]]; then - return - fi - if [[ -z "${sendReasonPhraseValue}" ]]; then - return - fi - ## Getting sendReasonPhrase yaml path from migration info yaml - retrieveYamlValue "${yamlPath}" sendReasonPhraseYamlPath "Warning" - sendReasonPhraseYamlPath="${YAML_VALUE}" - if [[ -z "${sendReasonPhraseYamlPath}" ]]; then - return - fi - setSystemValue "${sendReasonPhraseYamlPath}" "${sendReasonPhraseValue}" "${SYSTEM_YAML_PATH}" - logger "Setting [${sendReasonPhraseYamlPath}] with value [${sendReasonPhraseValue}] in system.yaml" -} - -# Updating system.yaml with Connector relaxedPathChars -setConnectorRelaxedPathChars () { - local yamlPath="$1" - local relaxedPathCharsValue="$2" - local relaxedPathCharsYamlPath= - if [[ -z "${yamlPath}" ]]; then - return - fi - if [[ -z "${relaxedPathCharsValue}" ]]; then - return - fi - ## Getting relaxedPathChars yaml path from migration info yaml - retrieveYamlValue "${yamlPath}" relaxedPathCharsYamlPath "Warning" - relaxedPathCharsYamlPath="${YAML_VALUE}" - if [[ -z "${relaxedPathCharsYamlPath}" ]]; then - return - fi - setSystemValue "${relaxedPathCharsYamlPath}" "${relaxedPathCharsValue}" "${SYSTEM_YAML_PATH}" - logger "Setting [${relaxedPathCharsYamlPath}] with value [${relaxedPathCharsValue}] in system.yaml" -} - -# Updating system.yaml with Connector relaxedQueryChars -setConnectorRelaxedQueryChars () { - local yamlPath="$1" - local relaxedQueryCharsValue="$2" - local relaxedQueryCharsYamlPath= - if [[ -z "${yamlPath}" ]]; then - return - fi - if [[ -z "${relaxedQueryCharsValue}" ]]; then - return - fi - ## Getting relaxedQueryChars yaml path from migration info yaml - retrieveYamlValue "${yamlPath}" relaxedQueryCharsYamlPath "Warning" - relaxedQueryCharsYamlPath="${YAML_VALUE}" - if [[ -z "${relaxedQueryCharsYamlPath}" ]]; then - return - fi - setSystemValue "${relaxedQueryCharsYamlPath}" "${relaxedQueryCharsValue}" "${SYSTEM_YAML_PATH}" - logger "Setting [${relaxedQueryCharsYamlPath}] with value [${relaxedQueryCharsValue}] in system.yaml" -} - -# Updating system.yaml with Connectors configurations -setConnectorExtraConfig () { - local yamlPath="$1" - local connectorAttributes="$2" - local extraConfigPath= - if [[ -z "${yamlPath}" ]]; then - return - fi - if [[ -z "${connectorAttributes}" ]]; then - return - fi - ## Getting extraConfig yaml path from migration info yaml - retrieveYamlValue "${yamlPath}" extraConfig "Warning" - extraConfigPath="${YAML_VALUE}" - if [[ -z "${extraConfigPath}" ]]; then - return - fi - # strip leading and trailing spaces - connectorAttributes=$(io_trim "${connectorAttributes}") - setSystemValue "${extraConfigPath}" "${connectorAttributes}" "${SYSTEM_YAML_PATH}" - logger "Setting [${extraConfigPath}] with connector attributes in system.yaml" -} - -# Updating system.yaml with extra Connectors -setExtraConnector () { - local yamlPath="$1" - local extraConnector="$2" - local extraConnectorYamlPath= - if [[ -z "${yamlPath}" ]]; then - return - fi - if [[ -z "${extraConnector}" ]]; then - return - fi - ## Getting extraConnecotr yaml path from migration info yaml - retrieveYamlValue "${yamlPath}" extraConnectorYamlPath "Warning" - extraConnectorYamlPath="${YAML_VALUE}" - if [[ -z "${extraConnectorYamlPath}" ]]; then - return - fi - getYamlValue "${extraConnectorYamlPath}" "${SYSTEM_YAML_PATH}" "false" - local connectorExtra="${YAML_VALUE}" - if [[ -z "${connectorExtra}" ]]; then - setSystemValue "${extraConnectorYamlPath}" "${extraConnector}" "${SYSTEM_YAML_PATH}" - logger "Setting [${extraConnectorYamlPath}] with extra connectors in system.yaml" - else - setSystemValue "${extraConnectorYamlPath}" "\"${connectorExtra} ${extraConnector}\"" "${SYSTEM_YAML_PATH}" - logger "Setting [${extraConnectorYamlPath}] with extra connectors in system.yaml" - fi -} - -# Migrate extra connectors to system.yaml -migrateExtraConnectors () { - local filePath="$1" - local fileName="$2" - local connectorCount="$3" - local excludeDefaultPort="$4" - local i="$5" - local extraConfig= - local extraConnector= - if [[ "${excludeDefaultPort}" == "yes" ]]; then - for ((i = 1 ; i <= "${connectorCount}" ; i++)); - do - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - [[ "${portValue}" != "${DEFAULT_ACCESS_PORT}" && "${portValue}" != "${DEFAULT_RT_PORT}" ]] || continue - extraConnector=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']' ${filePath}/${fileName} 2>/dev/null) - setExtraConnector "${EXTRA_CONFIG_YAMLPATH}" "${extraConnector}" - done - else - extraConnector=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']' ${filePath}/${fileName} 2>/dev/null) - setExtraConnector "${EXTRA_CONFIG_YAMLPATH}" "${extraConnector}" - fi -} - -# Migrate connector configurations -migrateConnectorConfig () { - local i="$1" - local protocolType="$2" - local portValue="$3" - local connectorPortYamlPath="$4" - local connectorMaxThreadYamlPath="$5" - local connectorAttributesYamlPath="$6" - local filePath="$7" - local fileName="$8" - local connectorSendReasonPhraseYamlPath="$9" - local connectorRelaxedPathCharsYamlPath="${10}" - local connectorRelaxedQueryCharsYamlPath="${11}" - - # migrate port - setConnectorPort "${connectorPortYamlPath}" "${portValue}" - - # migrate maxThreads - local maxThreadValue=$(getXmlConnectorMaxThreads "$i" "${filePath}" "${fileName}") - setConnectorMaxThread "${connectorMaxThreadYamlPath}" "${maxThreadValue}" - - # migrate sendReasonPhrase - local sendReasonPhraseValue=$(getXmlConnectorSendReasonPhrase "$i" "${filePath}" "${fileName}") - setConnectorSendReasonPhrase "${connectorSendReasonPhraseYamlPath}" "${sendReasonPhraseValue}" - - # migrate relaxedPathChars - local relaxedPathCharsValue=$(getXmlConnectorRelaxedPathChars "$i" "${filePath}" "${fileName}") - setConnectorRelaxedPathChars "${connectorRelaxedPathCharsYamlPath}" "\"${relaxedPathCharsValue}\"" - # migrate relaxedQueryChars - local relaxedQueryCharsValue=$(getXmlConnectorRelaxedQueryChars "$i" "${filePath}" "${fileName}") - setConnectorRelaxedQueryChars "${connectorRelaxedQueryCharsYamlPath}" "\"${relaxedQueryCharsValue}\"" - - # migrate all attributes to extra config except port , maxThread , sendReasonPhrase ,relaxedPathChars and relaxedQueryChars - local connectorAttributes=$(getXmlConnectorAttributes "$i" "${filePath}" "${fileName}") - connectorAttributes=$(echo "${connectorAttributes}" | sed 's/port="'${portValue}'"//g' | sed 's/maxThreads="'${maxThreadValue}'"//g' | sed 's/sendReasonPhrase="'${sendReasonPhraseValue}'"//g' | sed 's/relaxedPathChars="\'${relaxedPathCharsValue}'\"//g' | sed 's/relaxedQueryChars="\'${relaxedQueryCharsValue}'\"//g') - # strip leading and trailing spaces - connectorAttributes=$(io_trim "${connectorAttributes}") - setConnectorExtraConfig "${connectorAttributesYamlPath}" "${connectorAttributes}" -} - -# Check for default port 8040 and 8081 in connectors and migrate -migrateConnectorPort () { - local filePath="$1" - local fileName="$2" - local connectorCount="$3" - local defaultPort="$4" - local connectorPortYamlPath="$5" - local connectorMaxThreadYamlPath="$6" - local connectorAttributesYamlPath="$7" - local connectorSendReasonPhraseYamlPath="$8" - local connectorRelaxedPathCharsYamlPath="$9" - local connectorRelaxedQueryCharsYamlPath="${10}" - local portYamlPath= - local maxThreadYamlPath= - local status= - for ((i = 1 ; i <= "${connectorCount}" ; i++)); - do - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - local protocolType=$(getXmlConnectorProtocol "$i" "${filePath}" "${fileName}") - [[ "${protocolType}" == *AJP* ]] && continue - [[ "${portValue}" != "${defaultPort}" ]] && continue - if [[ "${portValue}" == "${DEFAULT_RT_PORT}" ]]; then - RT_DEFAULTPORT_STATUS=success - else - AC_DEFAULTPORT_STATUS=success - fi - migrateConnectorConfig "${i}" "${protocolType}" "${portValue}" "${connectorPortYamlPath}" "${connectorMaxThreadYamlPath}" "${connectorAttributesYamlPath}" "${filePath}" "${fileName}" "${connectorSendReasonPhraseYamlPath}" "${connectorRelaxedPathCharsYamlPath}" "${connectorRelaxedQueryCharsYamlPath}" - done -} - -# migrate to extra, connector having default port and protocol is AJP -migrateDefaultPortIfAjp () { - local filePath="$1" - local fileName="$2" - local connectorCount="$3" - local defaultPort="$4" - - for ((i = 1 ; i <= "${connectorCount}" ; i++)); - do - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - local protocolType=$(getXmlConnectorProtocol "$i" "${filePath}" "${fileName}") - [[ "${protocolType}" != *AJP* ]] && continue - [[ "${portValue}" != "${defaultPort}" ]] && continue - migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "no" "${i}" - done - -} - -# Comparing max threads in connectors -compareMaxThreads () { - local firstConnectorMaxThread="$1" - local firstConnectorNode="$2" - local secondConnectorMaxThread="$3" - local secondConnectorNode="$4" - local filePath="$5" - local fileName="$6" - - # choose higher maxThreads connector as Artifactory. - if [[ "${firstConnectorMaxThread}" -gt ${secondConnectorMaxThread} || "${firstConnectorMaxThread}" -eq ${secondConnectorMaxThread} ]]; then - # maxThread is higher in firstConnector, - # Taking firstConnector as Artifactory and SecondConnector as Access - # maxThread is equal in both connector,considering firstConnector as Artifactory and SecondConnector as Access - local rtPortValue=$(getXmlConnectorPort "${firstConnectorNode}" "${filePath}" "${fileName}") - migrateConnectorConfig "${firstConnectorNode}" "${protocolType}" "${rtPortValue}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" - local acPortValue=$(getXmlConnectorPort "${secondConnectorNode}" "${filePath}" "${fileName}") - migrateConnectorConfig "${secondConnectorNode}" "${protocolType}" "${acPortValue}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${AC_SENDREASONPHRASE_YAMLPATH}" - else - # maxThread is higher in SecondConnector, - # Taking SecondConnector as Artifactory and firstConnector as Access - local rtPortValue=$(getXmlConnectorPort "${secondConnectorNode}" "${filePath}" "${fileName}") - migrateConnectorConfig "${secondConnectorNode}" "${protocolType}" "${rtPortValue}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" - local acPortValue=$(getXmlConnectorPort "${firstConnectorNode}" "${filePath}" "${fileName}") - migrateConnectorConfig "${firstConnectorNode}" "${protocolType}" "${acPortValue}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${AC_SENDREASONPHRASE_YAMLPATH}" - fi -} - -# Check max threads exist to compare -maxThreadsExistToCompare () { - local filePath="$1" - local fileName="$2" - local connectorCount="$3" - local firstConnectorMaxThread= - local secondConnectorMaxThread= - local firstConnectorNode= - local secondConnectorNode= - local status=success - local firstnode=fail - - for ((i = 1 ; i <= "${connectorCount}" ; i++)); - do - local protocolType=$(getXmlConnectorProtocol "$i" "${filePath}" "${fileName}") - if [[ ${protocolType} == *AJP* ]]; then - # Migrate Connectors - migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "no" "${i}" - continue - fi - # store maxthreads value of each connector - if [[ ${firstnode} == "fail" ]]; then - firstConnectorMaxThread=$(getXmlConnectorMaxThreads "${i}" "${filePath}" "${fileName}") - firstConnectorNode="${i}" - firstnode=success - else - secondConnectorMaxThread=$(getXmlConnectorMaxThreads "${i}" "${filePath}" "${fileName}") - secondConnectorNode="${i}" - fi - done - [[ -z "${firstConnectorMaxThread}" ]] && status=fail - [[ -z "${secondConnectorMaxThread}" ]] && status=fail - # maxThreads is set, now compare MaxThreads - if [[ "${status}" == "success" ]]; then - compareMaxThreads "${firstConnectorMaxThread}" "${firstConnectorNode}" "${secondConnectorMaxThread}" "${secondConnectorNode}" "${filePath}" "${fileName}" - else - # Assume first connector is RT, maxThreads is not set in both connectors - local rtPortValue=$(getXmlConnectorPort "${firstConnectorNode}" "${filePath}" "${fileName}") - migrateConnectorConfig "${firstConnectorNode}" "${protocolType}" "${rtPortValue}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" - local acPortValue=$(getXmlConnectorPort "${secondConnectorNode}" "${filePath}" "${fileName}") - migrateConnectorConfig "${secondConnectorNode}" "${protocolType}" "${acPortValue}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${AC_SENDREASONPHRASE_YAMLPATH}" - fi -} - -migrateExtraBasedOnNonAjpCount () { - local nonAjpCount="$1" - local filePath="$2" - local fileName="$3" - local connectorCount="$4" - local i="$5" - - local protocolType=$(getXmlConnectorProtocol "$i" "${filePath}" "${fileName}") - if [[ "${protocolType}" == *AJP* ]]; then - if [[ "${nonAjpCount}" -eq 1 ]]; then - # migrateExtraConnectors - migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "no" "${i}" - continue - else - # migrateExtraConnectors - migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "yes" - continue - fi - fi -} - -# find RT and AC Connector -findRtAndAcConnector () { - local filePath="$1" - local fileName="$2" - local connectorCount="$3" - local initialAjpCount=0 - local nonAjpCount=0 - - # get the count of non AJP - for ((i = 1 ; i <= "${connectorCount}" ; i++)); - do - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - local protocolType=$(getXmlConnectorProtocol "$i" "${filePath}" "${fileName}") - [[ "${protocolType}" != *AJP* ]] || continue - nonAjpCount=$((initialAjpCount+1)) - initialAjpCount="${nonAjpCount}" - done - if [[ "${nonAjpCount}" -eq 1 ]]; then - # Add the connector found as access and artifactory connectors - # Mark port as 8040 for access - for ((i = 1 ; i <= "${connectorCount}" ; i++)) - do - migrateExtraBasedOnNonAjpCount "${nonAjpCount}" "${filePath}" "${fileName}" "${connectorCount}" "$i" - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - migrateConnectorConfig "$i" "${protocolType}" "${portValue}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" - migrateConnectorConfig "$i" "${protocolType}" "${portValue}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${AC_SENDREASONPHRASE_YAMLPATH}" - setConnectorPort "${AC_PORT_YAMLPATH}" "${DEFAULT_ACCESS_PORT}" - done - elif [[ "${nonAjpCount}" -eq 2 ]]; then - # compare maxThreads in both connectors - maxThreadsExistToCompare "${filePath}" "${fileName}" "${connectorCount}" - elif [[ "${nonAjpCount}" -gt 2 ]]; then - # migrateExtraConnectors - migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "yes" - elif [[ "${nonAjpCount}" -eq 0 ]]; then - # setting with default port in system.yaml - setConnectorPort "${RT_PORT_YAMLPATH}" "${DEFAULT_RT_PORT}" - setConnectorPort "${AC_PORT_YAMLPATH}" "${DEFAULT_ACCESS_PORT}" - # migrateExtraConnectors - migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "yes" - fi -} - -# get the count of non AJP -getCountOfNonAjp () { - local port="$1" - local connectorCount="$2" - local filePath=$3 - local fileName=$4 - local initialNonAjpCount=0 - - for ((i = 1 ; i <= "${connectorCount}" ; i++)); - do - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - local protocolType=$(getXmlConnectorProtocol "$i" "${filePath}" "${fileName}") - [[ "${portValue}" != "${port}" ]] || continue - [[ "${protocolType}" != *AJP* ]] || continue - local nonAjpCount=$((initialNonAjpCount+1)) - initialNonAjpCount="${nonAjpCount}" - done - echo -e "${nonAjpCount}" -} - -# Find for access connector -findAcConnector () { - local filePath="$1" - local fileName="$2" - local connectorCount="$3" - - # get the count of non AJP - local nonAjpCount=$(getCountOfNonAjp "${DEFAULT_RT_PORT}" "${connectorCount}" "${filePath}" "${fileName}") - if [[ "${nonAjpCount}" -eq 1 ]]; then - # Add the connector found as access connector and mark port as that of connector - for ((i = 1 ; i <= "${connectorCount}" ; i++)) - do - migrateExtraBasedOnNonAjpCount "${nonAjpCount}" "${filePath}" "${fileName}" "${connectorCount}" "$i" - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - if [[ "${portValue}" != "${DEFAULT_RT_PORT}" ]]; then - migrateConnectorConfig "$i" "${protocolType}" "${portValue}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${AC_SENDREASONPHRASE_YAMLPATH}" - fi - done - elif [[ "${nonAjpCount}" -gt 1 ]]; then - # Take RT properties into access with 8040 - for ((i = 1 ; i <= "${connectorCount}" ; i++)) - do - migrateExtraBasedOnNonAjpCount "${nonAjpCount}" "${filePath}" "${fileName}" "${connectorCount}" "$i" - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - if [[ "${portValue}" == "${DEFAULT_RT_PORT}" ]]; then - migrateConnectorConfig "$i" "${protocolType}" "${portValue}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${AC_SENDREASONPHRASE_YAMLPATH}" - setConnectorPort "${AC_PORT_YAMLPATH}" "${DEFAULT_ACCESS_PORT}" - fi - done - elif [[ "${nonAjpCount}" -eq 0 ]]; then - # Add RT connector details as access connector and mark port as 8040 - migrateConnectorPort "${filePath}" "${fileName}" "${connectorCount}" "${DEFAULT_RT_PORT}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${AC_SENDREASONPHRASE_YAMLPATH}" - setConnectorPort "${AC_PORT_YAMLPATH}" "${DEFAULT_ACCESS_PORT}" - # migrateExtraConnectors - migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "yes" - fi -} - -# Find for artifactory connector -findRtConnector () { - local filePath="$1" - local fileName="$2" - local connectorCount="$3" - - # get the count of non AJP - local nonAjpCount=$(getCountOfNonAjp "${DEFAULT_ACCESS_PORT}" "${connectorCount}" "${filePath}" "${fileName}") - if [[ "${nonAjpCount}" -eq 1 ]]; then - # Add the connector found as RT connector - for ((i = 1 ; i <= "${connectorCount}" ; i++)) - do - migrateExtraBasedOnNonAjpCount "${nonAjpCount}" "${filePath}" "${fileName}" "${connectorCount}" "$i" - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - if [[ "${portValue}" != "${DEFAULT_ACCESS_PORT}" ]]; then - migrateConnectorConfig "$i" "${protocolType}" "${portValue}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" - fi - done - elif [[ "${nonAjpCount}" -gt 1 ]]; then - # Take access properties into artifactory with 8081 - for ((i = 1 ; i <= "${connectorCount}" ; i++)) - do - migrateExtraBasedOnNonAjpCount "${nonAjpCount}" "${filePath}" "${fileName}" "${connectorCount}" "$i" - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - if [[ "${portValue}" == "${DEFAULT_ACCESS_PORT}" ]]; then - migrateConnectorConfig "$i" "${protocolType}" "${portValue}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" - setConnectorPort "${RT_PORT_YAMLPATH}" "${DEFAULT_RT_PORT}" - fi - done - elif [[ "${nonAjpCount}" -eq 0 ]]; then - # Add access connector details as RT connector and mark as ${DEFAULT_RT_PORT} - migrateConnectorPort "${filePath}" "${fileName}" "${connectorCount}" "${DEFAULT_ACCESS_PORT}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" - setConnectorPort "${RT_PORT_YAMLPATH}" "${DEFAULT_RT_PORT}" - # migrateExtraConnectors - migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "yes" - fi -} - -checkForTlsConnector () { - local filePath="$1" - local fileName="$2" - local connectorCount="$3" - for ((i = 1 ; i <= "${connectorCount}" ; i++)) - do - local sslProtocolValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@sslProtocol' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') - if [[ "${sslProtocolValue}" == "TLS" ]]; then - bannerImportant "NOTE: Ignoring TLS connector during migration, modify the system yaml to enable TLS. Original server.xml is saved in path [${filePath}/${fileName}]" - TLS_CONNECTOR_EXISTS=${FLAG_Y} - continue - fi - done -} - -# set custom tomcat server Listeners to system.yaml -setListenerConnector () { - local filePath="$1" - local fileName="$2" - local listenerCount="$3" - for ((i = 1 ; i <= "${listenerCount}" ; i++)) - do - local listenerConnector=$($LIBXML2_PATH --xpath '//Server/Listener['$i']' ${filePath}/${fileName} 2>/dev/null) - local listenerClassName=$($LIBXML2_PATH --xpath '//Server/Listener['$i']/@className' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') - if [[ "${listenerClassName}" == *Apr* ]]; then - setExtraConnector "${EXTRA_LISTENER_CONFIG_YAMLPATH}" "${listenerConnector}" - fi - done -} -# add custom tomcat server Listeners -addTomcatServerListeners () { - local filePath="$1" - local fileName="$2" - local listenerCount="$3" - if [[ "${listenerCount}" == "0" ]]; then - logger "No listener connectors found in the [${filePath}/${fileName}],skipping migration of listener connectors" - else - setListenerConnector "${filePath}" "${fileName}" "${listenerCount}" - setSystemValue "${RT_TOMCAT_HTTPSCONNECTOR_ENABLED}" "true" "${SYSTEM_YAML_PATH}" - logger "Setting [${RT_TOMCAT_HTTPSCONNECTOR_ENABLED}] with value [true] in system.yaml" - fi -} - -# server.xml migration operations -xmlMigrateOperation () { - local filePath="$1" - local fileName="$2" - local connectorCount="$3" - local listenerCount="$4" - RT_DEFAULTPORT_STATUS=fail - AC_DEFAULTPORT_STATUS=fail - TLS_CONNECTOR_EXISTS=${FLAG_N} - - # Check for connector with TLS , if found ignore migrating it - checkForTlsConnector "${filePath}" "${fileName}" "${connectorCount}" - if [[ "${TLS_CONNECTOR_EXISTS}" == "${FLAG_Y}" ]]; then - return - fi - addTomcatServerListeners "${filePath}" "${fileName}" "${listenerCount}" - # Migrate RT default port from connectors - migrateConnectorPort "${filePath}" "${fileName}" "${connectorCount}" "${DEFAULT_RT_PORT}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" - # Migrate to extra if RT default ports are AJP - migrateDefaultPortIfAjp "${filePath}" "${fileName}" "${connectorCount}" "${DEFAULT_RT_PORT}" - # Migrate AC default port from connectors - migrateConnectorPort "${filePath}" "${fileName}" "${connectorCount}" "${DEFAULT_ACCESS_PORT}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${AC_SENDREASONPHRASE_YAMLPATH}" - # Migrate to extra if access default ports are AJP - migrateDefaultPortIfAjp "${filePath}" "${fileName}" "${connectorCount}" "${DEFAULT_ACCESS_PORT}" - - if [[ "${AC_DEFAULTPORT_STATUS}" == "success" && "${RT_DEFAULTPORT_STATUS}" == "success" ]]; then - # RT and AC default port found - logger "Artifactory 8081 and Access 8040 default port are found" - migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "yes" - elif [[ "${AC_DEFAULTPORT_STATUS}" == "success" && "${RT_DEFAULTPORT_STATUS}" == "fail" ]]; then - # Only AC default port found,find RT connector - logger "Found Access default 8040 port" - findRtConnector "${filePath}" "${fileName}" "${connectorCount}" - elif [[ "${AC_DEFAULTPORT_STATUS}" == "fail" && "${RT_DEFAULTPORT_STATUS}" == "success" ]]; then - # Only RT default port found,find AC connector - logger "Found Artifactory default 8081 port" - findAcConnector "${filePath}" "${fileName}" "${connectorCount}" - elif [[ "${AC_DEFAULTPORT_STATUS}" == "fail" && "${RT_DEFAULTPORT_STATUS}" == "fail" ]]; then - # RT and AC default port not found, find connector - logger "Artifactory 8081 and Access 8040 default port are not found" - findRtAndAcConnector "${filePath}" "${fileName}" "${connectorCount}" - fi -} - -# get count of connectors -getXmlConnectorCount () { - local filePath="$1" - local fileName="$2" - local count=$($LIBXML2_PATH --xpath 'count(/Server/Service/Connector)' ${filePath}/${fileName}) - echo -e "${count}" -} - -# get count of listener connectors -getTomcatServerListenersCount () { - local filePath="$1" - local fileName="$2" - local count=$($LIBXML2_PATH --xpath 'count(/Server/Listener)' ${filePath}/${fileName}) - echo -e "${count}" -} - -# Migrate server.xml configuration to system.yaml -migrateXmlFile () { - local xmlFiles= - local fileName= - local filePath= - local sourceFilePath= - DEFAULT_ACCESS_PORT="8040" - DEFAULT_RT_PORT="8081" - AC_PORT_YAMLPATH="migration.xmlFiles.serverXml.access.port" - AC_MAXTHREADS_YAMLPATH="migration.xmlFiles.serverXml.access.maxThreads" - AC_SENDREASONPHRASE_YAMLPATH="migration.xmlFiles.serverXml.access.sendReasonPhrase" - AC_EXTRACONFIG_YAMLPATH="migration.xmlFiles.serverXml.access.extraConfig" - RT_PORT_YAMLPATH="migration.xmlFiles.serverXml.artifactory.port" - RT_MAXTHREADS_YAMLPATH="migration.xmlFiles.serverXml.artifactory.maxThreads" - RT_SENDREASONPHRASE_YAMLPATH='migration.xmlFiles.serverXml.artifactory.sendReasonPhrase' - RT_RELAXEDPATHCHARS_YAMLPATH='migration.xmlFiles.serverXml.artifactory.relaxedPathChars' - RT_RELAXEDQUERYCHARS_YAMLPATH='migration.xmlFiles.serverXml.artifactory.relaxedQueryChars' - RT_EXTRACONFIG_YAMLPATH="migration.xmlFiles.serverXml.artifactory.extraConfig" - ROUTER_PORT_YAMLPATH="migration.xmlFiles.serverXml.router.port" - EXTRA_CONFIG_YAMLPATH="migration.xmlFiles.serverXml.extra.config" - EXTRA_LISTENER_CONFIG_YAMLPATH="migration.xmlFiles.serverXml.extra.listener" - RT_TOMCAT_HTTPSCONNECTOR_ENABLED="artifactory.tomcat.httpsConnector.enabled" - - retrieveYamlValue "migration.xmlFiles" "xmlFiles" "Skip" - xmlFiles="${YAML_VALUE}" - if [[ -z "${xmlFiles}" ]]; then - return - fi - bannerSection "PROCESSING MIGRATION OF XML FILES" - retrieveYamlValue "migration.xmlFiles.serverXml.fileName" "fileName" "Warning" - fileName="${YAML_VALUE}" - if [[ -z "${fileName}" ]]; then - return - fi - bannerSubSection "Processing Migration of $fileName" - retrieveYamlValue "migration.xmlFiles.serverXml.filePath" "filePath" "Warning" - filePath="${YAML_VALUE}" - if [[ -z "${filePath}" ]]; then - return - fi - # prepend NEW_DATA_DIR only if filePath is relative path - sourceFilePath=$(prependDir "${filePath}" "${NEW_DATA_DIR}/${filePath}") - if [[ "$(checkFileExists "${sourceFilePath}/${fileName}")" == "true" ]]; then - logger "File [${fileName}] is found in path [${sourceFilePath}]" - local connectorCount=$(getXmlConnectorCount "${sourceFilePath}" "${fileName}") - if [[ "${connectorCount}" == "0" ]]; then - logger "No connectors found in the [${filePath}/${fileName}],skipping migration of xml configuration" - return - fi - local listenerCount=$(getTomcatServerListenersCount "${sourceFilePath}" "${fileName}") - xmlMigrateOperation "${sourceFilePath}" "${fileName}" "${connectorCount}" "${listenerCount}" - else - logger "File [${fileName}] is not found in path [${sourceFilePath}] to migrate" - fi -} - -compareArtifactoryUser () { - local property="$1" - local oldPropertyValue="$2" - local newPropertyValue="$3" - local yamlPath="$4" - local sourceFile="$5" - - if [[ "${oldPropertyValue}" != "${newPropertyValue}" ]]; then - setSystemValue "${yamlPath}" "${oldPropertyValue}" "${SYSTEM_YAML_PATH}" - logger "Setting [${yamlPath}] with value of the property [${property}] in system.yaml" - else - logger "No change in property [${property}] value in [${sourceFile}] to migrate" - fi -} - -migrateReplicator () { - local property="$1" - local oldPropertyValue="$2" - local yamlPath="$3" - - setSystemValue "${yamlPath}" "${oldPropertyValue}" "${SYSTEM_YAML_PATH}" - logger "Setting [${yamlPath}] with value of the property [${property}] in system.yaml" -} - -compareJavaOptions () { - local property="$1" - local oldPropertyValue="$2" - local newPropertyValue="$3" - local yamlPath="$4" - local sourceFile="$5" - local oldJavaOption= - local newJavaOption= - local extraJavaOption= - local check=false - local success=true - local status=true - - oldJavaOption=$(echo "${oldPropertyValue}" | awk 'BEGIN{FS=OFS="\""}{for(i=2;i?{ZA$HxqETC|*rM91T19KmqNu$$X|1YRlo%n3 zS`n+nc3z*~_xy3L^Y8id#FfkCeV+S%@Acg4xkVZ1J*K8)r38UM)S4Qqh9D5w3xgb8WhxZ$y7!lHJ>wj;~wuKHH9WHeEq3jp9ZuE;pLqRwC$gNJ!(mo7B+{+cd}K+&8Pi!_0FjO5@8*ZzD}2r^##exEvognS+-{g{^6tp z?)N?|i<14ZoBG#7@~T5-j~XwSWPM+(3%fg{vsbgSZ!4kOZ9uu&gXi#;nuC`CiY{Sw zV%j!!B^&4HNe(ZP6RMff`7Jr6{@hs0t$fM^OOyG@-73;sCR;V8KQWOo;(z`#;7uN0{C(}fj z5@n%ouSwo25b(_DLVkPxNgzV7HK<<9ra*J8%b2H2?j*W-SA4d-@b|EozhM3J*N`8F zvthBl;e6p4nBymM**1$N){S1%@1+h=syyr@LJ8L_ENqes3Pk((nf;{e&%eUEIZczi zon7kPeF;>CV|2s$T|HjBz;1^>_h3;DI*uid;cNp#N0Qi^b?uMtu#!|D&bSesUd0A2 zN{2{Q2fM3X-Jkcy+AYdfVo{bzHGVT)(mSa7xXT|HQ4WERCViYA-sxNeUajfA`>7|b znNg7W@L^0+35VsKqyacqE^{9_rksZ`!VyLNsCa^+ODjnJ7-&Ji^fZRR+Qyp75u{V2 z&5j12eP5i#%3Sk1a0((z(9|N*cA(qfC$K;3oegg^ntf?qvvM0tmVH8i9>~89)S6+j zaY(#ErYd(rRU5NR4cjKsBlW88`b63V53^=Wbu5PTbOtX-m+D{S8-#D63i0bx=!T2lZ;~EkuE`n^ zhA28GWj_#TN!w zF@{uiw}r|Q<;}Rt1`b;zMDX*2gbnpbu7cqd8MnU|mbO!+GSq6U?*Q|TSi{*SBbku# zVC{ZAF=i4IBl#VF>MBP6YyRC?zu{#s$BMrG-Z=T$nXo?oQvX}Ibi{MnxZOcb zp)Tr}T}o+blPrnnl&xvJtt=gU@Y7UDvf5+78*Ovgo`Sr842uwqVQ7p}ih*_Y=TRlj zAZ2dDd_b@u#siV8w2{??>ZJti?drZ-s%*v4BO9z9q7#A(l?HZFFQ&_tphkV%ckz7ue_fp9I zvvBT2imY?!DVU3NzH50lH1E+?!h8}c79V>5s2mnAUsmeMh4DWqjTERRJ9f<~tZ3uw zcfB)>!K@PXy%LsM;&HCE8b=1>Ug8U=u}mi8|Mt6j_Ux<4?u_AXR;hAt@cVMPM1_F; z8Aj=X6hy~lcZhe8@>A)@l!(xX>gx0_`GV0aEkk;`AA1V3t^PP=6iEyAdn>@Tsr3pQ zv@h75U0Ux(Q0@pKF6&muEFCW4iff^>EiG^mbE>6sEwEoT#M48&1acXBXTLl^$osZ##d`E6CGQha8#$QZp`Oe0h9+a_0Lzxrc<3G4)xYNd;Y-GDfWl^8q5tBLe&sKReV;NS;-bvmh z?rRCPTH}a?R-tE3qsuA!*%5kDOKvDSXO{+6-}XuRxJ#FwbIVf7Lbodc>Hq@VD9G;& z()T{S)f-u|g_(Gvj%@ul;IyH{$x%NGAJkC)$uV@_^1v?BYem9kAYNB|p#8g0fS^I{ zp}O6jir+J9JH~{Kskf9X2UiG%t`O$t&q?;h#Dlhr8hDlOlz^rnonEVZyUu~9zoCVi zjRw%6N>&)@nK@Ug5AUE8Jdfn51}t}OUt~ksck3|Y4cPambR>#%_~0Z zm3J!hyiYUt2fxr$HX^Vd0--b!o&IBZJ4YJ_>UxiA{T7#B4X;y2QXxmK`5ZX2ktLu2 zLckVdrl~mtD~gazwWUGl7$O9S32UYG{SHJs=s@n0*va-+LT#NdCz@@@pUG1yww9!i zd6+PFKKIRTAs^r-@i`Ev!iDZJ*=ECXq-$$m#MoBd^Q1lMadKud`woe)rZmZ8KR!-! z-KO`G|KWA0haH-jd~yHP`!2%nzZ^2E!bp2sb)M2IO3cPgGjo;`^|xiKns2}>CKu1T zF`_!c?Jt`QCewU<$2#oHhv)RAS2>tHhz{RF@50#6zE7Obs~u;O#qjQ3Eo3-+6Eh6=};!U2!uJ`%#i#MyF$_-tb=7v-(;-CXij`(+0CdR{nKqTGQA;WE+hvbzYVmx3dTK4WIqgJHBF}~!dl@H}C zSYW{kC~=;4{MdI9B@F8CAnXnwVpncN){qeN1D@j+$Wo}|x;sR<%|8HHS3-Y9yVZ}C z#ATr_MIs!F6Eg$sQ`cjK`slZm)6mxsv^m>$=7;u&XEs}`#!f6HXX7n?yx;v%#ZbGX z;pK7|I3C&v4gCcPY<=p$)DwItnny)?bR)xLY-pRJmJo^Cv>S@*d`(b`#$2fObA< z)dzn2iLaR)(eaA@*~1cmgTfD|P!AK{zKrg=-Orkm~Ko9}b0&UvrB- z3@WK=O*@C8Ysgm~hYw)JYp2{SLkhneH(X=Tws-e?p8h3_=qzz2E#bgH8Ig$Yn;F0a zb$4)aCw+ofsrnh7GQ4T4zsn_2s}DBXv0Lxt6%)HG#x|&*x)MTz&U2(cj7#d%a~4n*N;-`IFKLEfjkgN!@r4LJD+mDz-4rekj( zlEhc&G<9j!71MCuH|1Au(3GfT@dU?JS`gYFmsZxdVRizFh_53s5@JJWRqsN8h_m`@ zeqlU)WSXpa+ZL}c7u;sC@>nLjxrX(WQ)9{ew>4{@Ak$-VbM2(I_At#7H1PPHl-w2E zv(e}9ZQ_}Yr(PU8>l39)R?`^MC`_kRMfmskTIpYuh%SYyTJ)YR5zHeG5xd{6%l<=Y{uz}Yo)P;Y#h8@53cIO<2FMBa2IN< zX#j&cqrW=qc)u-B{+lRSPVJI0T2&%@A2Mr45KZcXnQl+|l$}r`E;~_X*6&%Zv(dBq zXDegDSHPdHfIpb*_q_@M757;reU(q~|Ctg=+0JH95J?)@+1vZ_)%1d7wMf|_GSLm5 z3H4T2?0q)Do%9L-tQBhe>Y^^<7^a&w&+5bM^)-h@;BeBry2fGf=b!iY@#}m@248`I zV*71NtBtP&mZ<-M)h&Bhg7u0NmAD9?RT_q$h;F>)-Og`z>+XF@By%?Lfuxl~=I+yf zIzA5z+zem@r0KZEe}Hp@hY?LInSJm@@d?aIMt z9!iJr>7}B1_pSj}CO_ytyKm4nPpwm;(kwWKYs<6K^tkr(b!+u%`mc%eh429YWjc$; zY`a@!zCA&BOapKo$hZqTZM%L;r2U2go(6IG-N1A^zxp&8$13m-x_-nIzA%|Lw~KFk zwrC8US+sT_BN4iR{HXG6o@5zpI2CdNPL4!&w%3+p>6 z`n7qjg+9oJ6mt1?8HZHp`;F{>>!qbBdQ{)1f$a9#7pLX0kOs&Qp161M{ zzq66q{kQEDvQnNUvH0Mn4NI9xduYs$S`0-n3pod#Kr&xn_mup+*t%fx9!%3H16sRf zCJDSEwCBt;+iM-YV7*-(l>8Sc`ih)>R?ao^c$Tz%V{uAk=W2CKK;Nt?a1w6*iUv2Z zzY-m6pTdl=ZQ!keB_|t|p810hp;S$Ro+S~~K|^DLEr2?7b&0goO%l-q;f*)^4xQOo zzw2i7Rz_ng-vu1V&4rQ25DO(il7lQScF^bVy9djpIU+#`hihkH@mZ1Q8m+C``-TA14)|81jCN-VGdR^zKz57*U8`+E zQFBqe>_yIN>z!=LTA3kC5F+adzpgewPLes3=Todedy{p2&8D-kYsy=3D;(nMg-foI zXGzjfqLCdzkS-cfSC*+wLmjn0M^z9?qV$_6EB`-5767v&8&0Hrf1;D5jLHlyu+tFd zRn6%b^j-=mNS)-yi&pf(dX!f1TfTwz1cANG!HT=MXQQMIXbujrurA=R)8m@!A%O8z z-}Sx38{~Ny;cV2h2Vi-Kte`-O9esaay%UB60haehEQ>-+><=*RO1zJ2}gty zD=<_IK1p8Ii^h~{v;%q{e<8|LWak5sge2d4<`;5>wM^@ISq%MNke}#|+Lmd3;}zO$ z0BwL-P0{bTUW(@#UHW9LfhxnK?{tb^HkQYQrR27@&i*NQ{xiHfh@pfJV4rhX6GcQM zXhmzq(W;w}_40g=0Y9vT{epaMv$#meqIcq_G#k6gX!B%{x0glPGMA2FXAE#|Aprce z6GJvARBMYj_WI1VWWVIrq8@kS0vmvUduDOXsC%zZvpbmxrFMjSdxqD9w@Y8qLJ*`v zMjBaAJA#0r=oQ|*2bSc6RAztP`ndjUK!?0YO_uC6}4S;7R+NclF4 z634K%mw~jU$x>8cY}HRlaW)=7`Rx#WcbgtfHZ#QGwugHF?m2H(@$AcK_XIFklAHY@ zsw{v2IHrxA?sI_g6h6o7RaJ5(SvLUqK;Y!zYL`8+ACyfInFE@x_Bd%ZzuyLk<0qNM z%De_q$CHUu_K%z>Da{fC+}UYxOly0VbL$*JhwHn!4iU#IsK3gl3zF4XvhrvtViKYL zy0{K}+Fy3gkL>WR zDyTse349IB-md_lD>D+cOgE6vzB92ni~s{(9YAQlRgEateY|SVezW!Qf7oij=(suE z#}T8zpPIbK|7sQ23vmDPPp=@Ypf>xn6K9wbH%a=Tiy5O-PiS|BREaI;W^bg|O>;u;4eS>Tl$0*n7H@O_DX$5JdtNfF>OH-VNw@ z&Ut-9xDW{H{(uw_c+y8uN+nqEU{N>z3C~U7g#|pCHl%|zFWn+rF|L+Zw9nQ>Jx2Zx z7f~uLd~;kKbdy32cw_%g04hdo>aU){M9a;DUhyCqHZuI(!B8_{cth9~)Du) z9CsgPyTqio&khhxwtPL3!A=Fkhyc`F3w%ref^JVDWRF4wQ_72b-3@r^!YdRJgdp;p zRmhZ{|521l-x>7uRjp(0K&4D=JwQMSQy@N-uK z0{WZEJ05NxF4D<}W(5qWMO?tF3VHucfo`Ot_T8&>Ssgw!+iQjUCgskwfDgeh$?5}D z)J;jhXv}8~a^TE7fa?@8)_`}YH>DMupnmb(2Z@38?*odNNM`u0$R2r8s9bgkL`zwU{_kt#qO?iUeU1+jJChByj}fr2jZV~+y_*68;EYC)BIJ! zqxCBPZSV^4A`K#KIb*)Qamy*87_emTxe)p5%awK!nB(`K8RpAN2RPlCmbUd?b1>`Nf$eopTuQ7)S2g=7J)DUku;Y)r zP`x^}Wfr++@sg@l8BJEPXhe z2)4vAsy)(1U6cO^BZ`i^qUSw8PojN1y*s3}=_|3i|* z9!5<5&o7aK=8H-W@BWO%m%-a}Y_Dg(KIM!9qyj|XM9tqDYx$_R$|(zczF`4?XL%(_ zL-Hs~

sCPb@d4#iMxTw1P!CIbM}-ztF`V#Th=K!tjm{;>cl*pcKEIR!oQjpu;>s zhj)RNF2|Y3_cl#5rC*!*XCyC+VJDEDf>cKZzKZm-nk`%nP z$sb!*L1bht!RcS-6b<-YlAiqMn1w1y$`X`Qa%Lx!*%`0cp{s?2LjZT;mY8~oO1ugw zgI_HUUSfX%qz}X_0UDu;IsS%vrEJ=n;n`;%^C>L8fVbi$9K`0QRlLa- zx@v&%NKIl?Wql0@f70NY+VARF@Uv%@` zf05e>>_@f(MELC}-mIw_Z|<-0PIgh0Q@dY<59kVF)_e1cq^6gV?8GUiJF^7g7E`H)~GXO-rm8ok=wCA z-U(e}dL{LyZle^*2eDRktn&Xmc#jMa_;O)7riHKw(*`H|bN6^K3;cUCb7Wd@Wn4yR z#Y9CUnY=U^cC@>U56FW=v$E8ihSZ3-q#bnu9yfrvnf|@bNt0xW5+?POLUI$&PZ*5C zl>Qjr;74pzx6!s2~;RZ}Ej^}&Tm-a|2eH^(qS8L+L*Y|B(A>(z8C($g|lRD2(&bV0ezKnettBuV(U90JTnE(Fq6ZG^(Q3mnB z!#WB&uRG_fCs26fMp`Vzg5`4{;@ww2Wzg^vt|a!TTL8!`HIDZ+`MZMuHSt7e>KRs zx$zo?_>7XgnQtT<=IEPzpq?j{&0F{ah;?jxT#94#m+V*>kkV^TFQG<|&M5BF)ZLCZrheNuS}hZbgx5v! zPCQ)1-$QL%Y;jI2)mJqk;81j(az`z7q3t*QfnxNLc658FrmcQ)W1Xs>*6^0Fau8Mm zA@?ydh_u)Ke}!9l!OwQt6k-ucObo4AoC;9SjXl9DQr6anr-f@D1d?#X-ubUEomAF$ zl0Om+CxfH}s)4tyCrmS0uS(hIpw^;@b~agY&k{1s@$qO)#|OT<@1%eP*~yuqkuAIw zoZ>_@pDqJ5eJZ6Yt>XM7=QYtIA!J;|Pn+-hb^e$27+IR*FmJuZcMPzGqP5)@Uu&)A zMEyp_f|LI-9Nw>u2YZ84ES83kO9KNR+YyB5GOqdqTlg+zrRyiYdtmtXIzN*ourQQg zJAp~o_TmERQCaNIv+AH7Yqs9Ql+`ae=o16y=VHW6SA=;I7oWR_I*2m#51K!pOh*@j`8tT zBP4+%crJ`A^!76Zg6zk$%ufTnj#*yMZ*#SJ^k)wn-mc~eAluQq_3v)u5~}b{j4jhu zj|Wg}P1nx)%9BA+(v96zdl^YZg~I!$@zW$u5+y4w;-^6{b&j9s^W*>Ir+mwcfd*4S z0?@Wp=u$Ra_d{HARyEVC&`2CPJZ`pZZ5wzEh$~(%CXASIB5%%bu9IYr%f| zW+oIXn@MYBS(F$AT20;U1*FE*8kVLoqYZ6_9%{@#gL4tVCrfbDaal?e?RJ*`cjwO= z@Mf5((=gCMAh86~k&vdB`YHp-x$93V3yY0G-oKR)MZF_$(wqj)Gqwop_QpQEZ9&4i ziq&#JVJET3?X!6^eR&Yhdp`Z<;pw-$Jc4MVX4(GF&&~BW#ZPZ~!m@sTLG}FJKo?e@ zGCBDGwlQL#YcQV~c;btlluL&Gj1grQ^XOEoK27PZEA}V}h_1Ik48Z=7OYR_9b?L%H z%v4)1lUy~Mub0kITs(kTb3}7G^4NNa`sVm~9y<&<^mF-^n`JL21xKcZkjOT~6;8xU%8wdR8-ko=*;fr5YgD>q81YU?UF&4FgVI8l#l|`wB3E) zY_+$I+T{LdyS-yw`BX_}!pMf>)JB7uqeu>Dc6IGQmK{7x6vWAy&X*4 zNmr(;JzW-jyC?VSAhHejfW4yy9!Xw zVWiQ88TJdb3H@5}S>*E!YVcAwDLre^|R_=5_o%xG-I5 zJjUZm21o3T3QiwF80&(fmp1P7wnW;xfq8g}jDsV(5fqB(f;bPzX=y3rl*y=oGpMDjb@RD^4ytoVlrU@p@nE@4%@ zs~6L+X7`VI#AO*?M2W>ZnWb^x|H-z%25L<^;q4muN0x9Ssu~Sf$X~8p~ zZB}VA{!=D0T2S47fj*&M&!tNBt}-z9Gb?n=hZQY>c0}h<&iyF~Q`8-|r6qi9?CB8Q zJCi$UbxfaKXI=$8re96CgFYb6Gak@lvs++F5CTX_yTwt6Z%#%#B9-`tbtcCr zo4vzX7FgFd+650o5-!?u7*1*Y;IDq=Ax_ZyK(;01k*lEl-samx~JdR5?x2kd)D zz|jU1`P09&xP`Jeojs+Nyz(K?uCH}-oW>bpw6#9!6< z&HsKCV)^!iolU8gE)}&QpZ7XIpD6((HvoNX7ffNMe)hqb1n*7Q*Emnq5()7!Htn3h zUYaz_098-Nuc9-CaP6pX-Iq9Dtbm4+!l-cz^bktd{~4{c%$@ez9Ir@PD+Ev4ojx*)^P4*=5u0Bb z!o2*=H6OZMUC8|f7p3pgz`?%(SOY%*|ex#JHQd{MJxA67~-h<-;4Ml;G9+ZtB>XoanmQc$`V z;IS6C+Kz%f+5XdzJU7v3??+P~lE9h9aF&gz><%ld_wMQbG*|(wfc2y=u}%51UYq+s|?bjX3dEUD~^tgv}gjk~lS~EkbKn@Ia(Gt<7O)p{fn`?i;=!gG)t@RBS z!knz7$J*0&p7t_9PrZ)f^=s0`9qaVc#w0L8S?+MjmlGmzF=_Z9~C?ByYI8q~iORbkkWwiAf3H`Btx{hPq8qmXJewl)`B=5xfkvk&-5-zzDJUZoN| zetSJd=#Nmiutv;O#JQ+5*<+WG$>k(4f@n43(lxhqy8{iOORxrRSrdu2LbUhI@VVWI zh-YmSve$p~aHh27Qr27JMfI|%=(V?5*2aj2xXpozBk^{0=w!A_+HXIhsCI}fMD}%m z7`qOmakvuFHbHIy(&}5Bn}t@Z0U{PpgxpEc9+oe>y%&4H|KdJnk>B;hk(ZZhyeof= zF(ETTPkADMszkz7v)M6yk&LZva&TVDE!ITvWV*8P3DyQ70=_i9f6!{`=b|K-AT%CX zra}J#7*)L`vp{F_e1{SHqOM)#1&sp99L+`2O_4kGeQ)2-cs(p&xjG98aTlE41SnlT zs3B(NkS1{7)9!(%OciC5K)K23ICVz0#qnRZV5Ukz?xd?B!K4kq=eb95kaS$H9S=7` zny+~;7J9-YhwEufU)frh%xs$+{Bw^5Mr@;0xC*#+D?-%7t0xY{m&9N!=yenrMw&hy zsAvq6+_^RUspOP_!cQiZ|H$DJ>0V z8=dd(f4I}6Cj=5 zP1I*_?dAvN%Q?&zp>HOQqkiN7_a5A$FLnusjSlm-gHoq2P!CZQ@Ix)2e_) zyDet7p7W@@E0(koM37UEMgIokE$Dy4$yvbhxX+ui?D)m0CDPoBxObP7&tP`c=dKt> zDrsFe=jJ{$88F6OQeN1?bOw*i2$%QF*1|~BG6g-hqkXD+mkYQCpXQC$f+ow*2@S;- z{Wcd~rj=gujEO)og1nI!MDUinF!J~QjV0zP3Ut+y3v{QT3nCllIo8_ScV<&N*E=~` zCzow9ZrsBV_>Ygf6)+#wR}c37^z?JqS~{*K%~{FJvIToc&UWoWug%g2%T!^Cq43P! zu#sS0qM2fnYK40H&}$kwyZ5z(6=DrC-UObwBwdPY9Lsf0E|x(iu^lbW>q+sZu1j3W zpT^LH$Er2J^^WRiGjyv|&dBslA({IxGyaS^t5c0`jM{yGj6^^=DnRUg;&WN=(@bCX zinDn;vIk!yBz%>WkV|)MUHmPlY_9tMe^gZq63lT#??66>1R?O39?r;jI)UrTrXCLt zZ>jD9mlQQ!B&dh{|Du0XusjSa(}Vz*r0UO<>4L6vORTTQOF5CByt&KG%`Nc_@C3l; zF5o!dy?ghA7#O0tapOiB3~= 10.1.0" - ## Description / note - description: This CVE needs to be fixed in the alpine base image of nginx container. diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/NOTES.txt b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/NOTES.txt deleted file mode 100755 index 5afe10d1d..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/NOTES.txt +++ /dev/null @@ -1,85 +0,0 @@ -Congratulations. You have just deployed JFrog Artifactory! -{{- if .Values.artifactory.masterKey }} -{{- if and (not .Values.artifactory.masterKeySecretName) (eq .Values.artifactory.masterKey "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF") }} - - -***************************************** WARNING ****************************************** -* Your Artifactory master key is still set to the provided example: * -* artifactory.masterKey=FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF * -* * -* You should change this to your own generated key: * -* $ export MASTER_KEY=$(openssl rand -hex 32) * -* $ echo ${MASTER_KEY} * -* * -* Pass the created master key to helm with '--set artifactory.masterKey=${MASTER_KEY}' * -* * -* Alternatively, you can use a pre-existing secret with a key called master-key with * -* '--set artifactory.masterKeySecretName=${SECRET_NAME}' * -******************************************************************************************** -{{- end }} -{{- end }} - -{{- if .Values.artifactory.joinKey }} -{{- if eq .Values.artifactory.joinKey "EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE" }} - - -***************************************** WARNING ****************************************** -* Your Artifactory join key is still set to the provided example: * -* artifactory.joinKey=EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE * -* * -* You should change this to your own generated key: * -* $ export JOIN_KEY=$(openssl rand -hex 32) * -* $ echo ${JOIN_KEY} * -* * -* Pass the created master key to helm with '--set artifactory.joinKey=${JOIN_KEY}' * -* * -******************************************************************************************** -{{- end }} -{{- end }} - -1. Get the Artifactory URL by running these commands: - - {{- if .Values.ingress.enabled }} - {{- range .Values.ingress.hosts }} - http://{{ . }} - {{- end }} - - {{- else if contains "NodePort" .Values.nginx.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "artifactory.nginx.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT/ - - {{- else if contains "LoadBalancer" .Values.nginx.service.type }} - - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of the service by running 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "artifactory.nginx.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "artifactory.nginx.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP/ - - {{- else if contains "ClusterIP" .Values.nginx.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "component={{ .Values.nginx.name }}" -o jsonpath="{.items[0].metadata.name}") - echo http://127.0.0.1:{{ .Values.nginx.externalPortHttp }} - kubectl port-forward --namespace {{ .Release.Namespace }} $POD_NAME {{ .Values.nginx.externalPortHttp }}:{{ .Values.nginx.internalPortHttp }} - - {{- end }} - -2. Open Artifactory in your browser - Default credential for Artifactory: - user: admin - password: password - -{{ if .Values.artifactory.javaOpts.jmx.enabled }} -JMX configuration: -{{- if not (contains "LoadBalancer" .Values.artifactory.service.type) }} -If you want to access JMX from you computer with jconsole, you should set ".Values.artifactory.service.type=LoadBalancer" !!! -{{ end }} - -1. Get the Artifactory service IP: -export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "artifactory.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - -2. Map the service name to the service IP in /etc/hosts: -sudo sh -c "echo \"${SERVICE_IP} {{ template "artifactory.fullname" . }}\" >> /etc/hosts" - -3. Launch jconsole: -jconsole {{ template "artifactory.fullname" . }}:{{ .Values.artifactory.javaOpts.jmx.port }} -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/_helpers.tpl b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/_helpers.tpl deleted file mode 100755 index 14b571f91..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/_helpers.tpl +++ /dev/null @@ -1,237 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "artifactory.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Expand the name nginx service. -*/}} -{{- define "artifactory.nginx.name" -}} -{{- default .Chart.Name .Values.nginx.name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "artifactory.fullname" -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified replicator app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "artifactory.replicator.fullname" -}} -{{- if .Values.artifactory.replicator.ingress.name -}} -{{- .Values.artifactory.replicator.ingress.name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-replication" .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} - -{{/* -Create a default fully qualified nginx name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "artifactory.nginx.fullname" -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- printf "%s-%s-%s" .Release.Name $name .Values.nginx.name | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "artifactory.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} -{{ default (include "artifactory.fullname" .) .Values.serviceAccount.name }} -{{- else -}} -{{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "artifactory.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Generate SSL certificates -*/}} -{{- define "artifactory.gen-certs" -}} -{{- $altNames := list ( printf "%s.%s" (include "artifactory.name" .) .Release.Namespace ) ( printf "%s.%s.svc" (include "artifactory.name" .) .Release.Namespace ) -}} -{{- $ca := genCA "artifactory-ca" 365 -}} -{{- $cert := genSignedCert ( include "artifactory.name" . ) nil $altNames 365 $ca -}} -tls.crt: {{ $cert.Cert | b64enc }} -tls.key: {{ $cert.Key | b64enc }} -{{- end -}} - -{{/* -Scheme (http/https) based on Access TLS enabled/disabled -*/}} -{{- define "artifactory.scheme" -}} -{{- if .Values.access.accessConfig.security.tls -}} -{{- printf "%s" "https" -}} -{{- else -}} -{{- printf "%s" "http" -}} -{{- end -}} -{{- end -}} - -{{/* -Resolve joinKey value -*/}} -{{- define "artifactory.joinKey" -}} -{{- if .Values.global.joinKey -}} -{{- .Values.global.joinKey -}} -{{- else if .Values.artifactory.joinKey -}} -{{- .Values.artifactory.joinKey -}} -{{- end -}} -{{- end -}} - -{{/* -Resolve masterKey value -*/}} -{{- define "artifactory.masterKey" -}} -{{- if .Values.global.masterKey -}} -{{- .Values.global.masterKey -}} -{{- else if .Values.artifactory.masterKey -}} -{{- .Values.artifactory.masterKey -}} -{{- end -}} -{{- end -}} - -{{/* -Resolve joinKeySecretName value -*/}} -{{- define "artifactory.joinKeySecretName" -}} -{{- if .Values.global.joinKeySecretName -}} -{{- .Values.global.joinKeySecretName -}} -{{- else if .Values.artifactory.joinKeySecretName -}} -{{- .Values.artifactory.joinKeySecretName -}} -{{- else -}} -{{ include "artifactory.fullname" . }} -{{- end -}} -{{- end -}} - -{{/* -Resolve masterKeySecretName value -*/}} -{{- define "artifactory.masterKeySecretName" -}} -{{- if .Values.global.masterKeySecretName -}} -{{- .Values.global.masterKeySecretName -}} -{{- else if .Values.artifactory.masterKeySecretName -}} -{{- .Values.artifactory.masterKeySecretName -}} -{{- else -}} -{{ include "artifactory.fullname" . }} -{{- end -}} -{{- end -}} - -{{/* -Resolve imagePullSecrets value -*/}} -{{- define "artifactory.imagePullSecrets" -}} -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- else if .Values.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end -}} -{{- end -}} - -{{/* -Resolve customInitContainersBegin value -*/}} -{{- define "artifactory.customInitContainersBegin" -}} -{{- if .Values.global.customInitContainersBegin -}} -{{- .Values.global.customInitContainersBegin -}} -{{- else if .Values.artifactory.customInitContainersBegin -}} -{{- .Values.artifactory.customInitContainersBegin -}} -{{- end -}} -{{- end -}} - -{{/* -Resolve customInitContainers value -*/}} -{{- define "artifactory.customInitContainers" -}} -{{- if .Values.global.customInitContainers -}} -{{- .Values.global.customInitContainers -}} -{{- else if .Values.artifactory.customInitContainers -}} -{{- .Values.artifactory.customInitContainers -}} -{{- end -}} -{{- end -}} - -{{/* -Resolve customVolumes value -*/}} -{{- define "artifactory.customVolumes" -}} -{{- if .Values.global.customVolumes -}} -{{- .Values.global.customVolumes -}} -{{- else if .Values.artifactory.customVolumes -}} -{{- .Values.artifactory.customVolumes -}} -{{- end -}} -{{- end -}} - -{{/* -Resolve customVolumeMounts value -*/}} -{{- define "artifactory.customVolumeMounts" -}} -{{- if .Values.global.customVolumeMounts -}} -{{- .Values.global.customVolumeMounts -}} -{{- else if .Values.artifactory.customVolumeMounts -}} -{{- .Values.artifactory.customVolumeMounts -}} -{{- end -}} -{{- end -}} - -{{/* -Resolve customSidecarContainers value -*/}} -{{- define "artifactory.customSidecarContainers" -}} -{{- if .Values.global.customSidecarContainers -}} -{{- .Values.global.customSidecarContainers -}} -{{- else if .Values.artifactory.customSidecarContainers -}} -{{- .Values.artifactory.customSidecarContainers -}} -{{- end -}} -{{- end -}} - -{{/* -Return the proper artifactory chart image names -*/}} -{{- define "artifactory.getImageInfoByValue" -}} -{{- $dot := index . 0 }} -{{- $indexReference := index . 1 }} -{{- $registryName := index $dot.Values $indexReference "image" "registry" -}} -{{- $repositoryName := index $dot.Values $indexReference "image" "repository" -}} -{{- $tag := default $dot.Chart.AppVersion (index $dot.Values $indexReference "image" "tag") | toString -}} -{{- if $dot.Values.global }} - {{- if and $dot.Values.global.versions.artifactory (or (eq $indexReference "artifactory") (eq $indexReference "nginx") ) }} - {{- $tag = $dot.Values.global.versions.artifactory | toString -}} - {{- end -}} - {{- if $dot.Values.global.imageRegistry }} - {{- printf "%s/%s:%s" $dot.Values.global.imageRegistry $repositoryName $tag -}} - {{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} - {{- end -}} -{{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} -{{- end -}} -{{- end -}} - -{{/* -Return the proper artifactory app version -*/}} -{{- define "artifactory.app.version" -}} -{{- $image := split ":" ((include "artifactory.getImageInfoByValue" (list . "artifactory")) | toString) -}} -{{- $tag := $image._1 -}} -{{- printf "%s" $tag -}} -{{- end -}} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/additional-resources.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/additional-resources.yaml deleted file mode 100755 index c4d06f08a..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/additional-resources.yaml +++ /dev/null @@ -1,3 +0,0 @@ -{{ if .Values.additionalResources }} -{{ tpl .Values.additionalResources . }} -{{- end -}} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/admin-bootstrap-creds.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/admin-bootstrap-creds.yaml deleted file mode 100755 index c8bf2eb16..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/admin-bootstrap-creds.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if not (and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey) }} -{{- if .Values.artifactory.admin.password }} -kind: Secret -apiVersion: v1 -metadata: - name: {{ template "artifactory.fullname" . }}-bootstrap-creds - labels: - app: {{ template "artifactory.name" . }} - chart: {{ template "artifactory.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - bootstrap.creds: {{ (printf "%s@%s=%s" .Values.artifactory.admin.username .Values.artifactory.admin.ip .Values.artifactory.admin.password) | b64enc }} -{{- end }} -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-access-config.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-access-config.yaml deleted file mode 100755 index 304304e4e..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-access-config.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if .Values.access.accessConfig }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "artifactory.fullname" . }}-access-config - labels: - app: {{ template "artifactory.name" . }} - chart: {{ template "artifactory.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -type: Opaque -stringData: - access.config.patch.yml: | -{{ tpl (toYaml .Values.access.accessConfig) . | indent 4 }} -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-binarystore-secret.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-binarystore-secret.yaml deleted file mode 100755 index bbfbdf3be..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-binarystore-secret.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if not .Values.artifactory.persistence.customBinarystoreXmlSecret }} -kind: Secret -apiVersion: v1 -metadata: - name: {{ template "artifactory.fullname" . }}-binarystore - labels: - app: {{ template "artifactory.name" . }} - chart: {{ template "artifactory.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -stringData: - binarystore.xml: |- -{{ tpl .Values.artifactory.persistence.binarystoreXml . | indent 4 }} -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-configmaps.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-configmaps.yaml deleted file mode 100755 index 359fa07d2..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-configmaps.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{ if .Values.artifactory.configMaps }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "artifactory.fullname" . }}-configmaps - labels: - app: {{ template "artifactory.fullname" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: -{{ tpl .Values.artifactory.configMaps . | indent 2 }} -{{ end -}} \ No newline at end of file diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-custom-secrets.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-custom-secrets.yaml deleted file mode 100755 index a2e3895f5..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-custom-secrets.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.artifactory.customSecrets }} -{{- range .Values.artifactory.customSecrets }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "artifactory.fullname" $ }}-{{ .name }} - labels: - app: "{{ template "artifactory.name" $ }}" - chart: "{{ template "artifactory.chart" $ }}" - component: "{{ $.Values.artifactory.name }}" - heritage: {{ $.Release.Service | quote }} - release: {{ $.Release.Name | quote }} -type: Opaque -stringData: - {{ .key }}: | -{{ .data | indent 4 -}} -{{- end -}} -{{- end -}} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-database-secrets.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-database-secrets.yaml deleted file mode 100755 index 9edf87dc1..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-database-secrets.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if and (not .Values.database.secrets) (not .Values.postgresql.enabled) }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "artifactory.fullname" . }}-database-creds - labels: - app: {{ template "artifactory.name" . }} - chart: {{ template "artifactory.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -type: Opaque -data: - {{- with .Values.database.url }} - db-url: {{ tpl . $ | b64enc | quote }} - {{- end }} - {{- with .Values.database.user }} - db-user: {{ tpl . $ | b64enc | quote }} - {{- end }} - {{- with .Values.database.password }} - db-password: {{ tpl . $ | b64enc | quote }} - {{- end }} -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-installer-info.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-installer-info.yaml deleted file mode 100755 index f2e2c0f5b..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-installer-info.yaml +++ /dev/null @@ -1,12 +0,0 @@ -kind: ConfigMap -apiVersion: v1 -metadata: - name: {{ template "artifactory.fullname" . }}-installer-info - labels: - app: {{ template "artifactory.name" . }} - chart: {{ template "artifactory.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - installer-info.json: | - {{ tpl .Values.installerInfo . }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-license-secret.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-license-secret.yaml deleted file mode 100755 index d37ed1e4b..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-license-secret.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- with .Values.artifactory.license.licenseKey }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "artifactory.fullname" $ }}-license - labels: - app: {{ template "artifactory.name" $ }} - chart: {{ template "artifactory.chart" $ }} - heritage: {{ $.Release.Service }} - release: {{ $.Release.Name }} -type: Opaque -data: - artifactory.lic: {{ . | b64enc | quote }} -{{- end }} \ No newline at end of file diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-migration-scripts.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-migration-scripts.yaml deleted file mode 100755 index 4b1ba4027..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-migration-scripts.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.artifactory.migration.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "artifactory.fullname" . }}-migration-scripts - labels: - app: {{ template "artifactory.name" . }} - chart: {{ template "artifactory.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - migrate.sh: | -{{ .Files.Get "files/migrate.sh" | indent 4 }} - migrationHelmInfo.yaml: | -{{ .Files.Get "files/migrationHelmInfo.yaml" | indent 4 }} - migrationStatus.sh: | -{{ .Files.Get "files/migrationStatus.sh" | indent 4 }} -{{- end }} \ No newline at end of file diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-networkpolicy.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-networkpolicy.yaml deleted file mode 100755 index da6fd178a..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-networkpolicy.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{- range .Values.networkpolicy }} -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ template "artifactory.fullname" $ }}-{{ .name }}-networkpolicy - labels: - app: {{ template "artifactory.name" $ }} - chart: {{ template "artifactory.chart" $ }} - release: {{ $.Release.Name }} - heritage: {{ $.Release.Service }} -spec: -{{- if .podSelector }} - podSelector: -{{ .podSelector | toYaml | trimSuffix "\n" | indent 4 -}} -{{ else }} - podSelector: {} -{{- end }} - policyTypes: - {{- if .ingress }} - - Ingress - {{- end }} - {{- if .egress }} - - Egress - {{- end }} -{{- if .ingress }} - ingress: -{{ .ingress | toYaml | trimSuffix "\n" | indent 2 -}} -{{- end }} -{{- if .egress }} - egress: -{{ .egress | toYaml | trimSuffix "\n" | indent 2 -}} -{{- end }} ---- -{{- end -}} \ No newline at end of file diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-priority-class.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-priority-class.yaml deleted file mode 100755 index 9eb94b35b..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-priority-class.yaml +++ /dev/null @@ -1,9 +0,0 @@ -{{- if .Values.artifactory.priorityClass.create }} -apiVersion: scheduling.k8s.io/v1 -kind: PriorityClass -metadata: - name: {{ default (include "artifactory.fullname" .) .Values.artifactory.priorityClass.name }} -value: {{ .Values.artifactory.priorityClass.value }} -globalDefault: false -description: "Artifactory priority class" -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-role.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-role.yaml deleted file mode 100755 index db01f235f..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-role.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.rbac.create }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app: {{ template "artifactory.name" . }} - chart: {{ template "artifactory.chart" . }} - component: {{ .Values.artifactory.name }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - name: {{ template "artifactory.fullname" . }} -rules: -{{ toYaml .Values.rbac.role.rules }} -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-rolebinding.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-rolebinding.yaml deleted file mode 100755 index dfb42258f..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-rolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.rbac.create }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app: {{ template "artifactory.name" . }} - chart: {{ template "artifactory.chart" . }} - component: {{ .Values.artifactory.name }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - name: {{ template "artifactory.fullname" . }} -subjects: -- kind: ServiceAccount - name: {{ template "artifactory.serviceAccountName" . }} -roleRef: - kind: Role - apiGroup: rbac.authorization.k8s.io - name: {{ template "artifactory.fullname" . }} -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-secrets.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-secrets.yaml deleted file mode 100755 index 3ac8e3a74..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-secrets.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "artifactory.fullname" . }} - labels: - app: {{ template "artifactory.name" . }} - chart: {{ template "artifactory.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -type: Opaque -data: - {{- if or .Values.artifactory.masterKey .Values.global.masterKey }} - {{- if not (or .Values.artifactory.masterKeySecretName .Values.global.masterKeySecretName) }} - master-key: {{ include "artifactory.masterKey" . | b64enc | quote }} - {{- end }} - {{- end }} - {{- if or .Values.artifactory.joinKey .Values.global.joinKey }} - {{- if not (or .Values.artifactory.joinKeySecretName .Values.global.joinKeySecretName) }} - join-key: {{ include "artifactory.joinKey" . | b64enc | quote }} - {{- end }} - {{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-service.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-service.yaml deleted file mode 100755 index 27f552979..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-service.yaml +++ /dev/null @@ -1,50 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "artifactory.fullname" . }} - labels: - app: {{ template "artifactory.name" . }} - chart: {{ template "artifactory.chart" . }} - component: {{ .Values.artifactory.name }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - {{- with .Values.artifactory.labels }} -{{ toYaml . | indent 4 }} - {{- end }} -{{- if .Values.artifactory.service.annotations }} - annotations: -{{ toYaml .Values.artifactory.service.annotations | indent 4 }} -{{- end }} -spec: - type: {{ .Values.artifactory.service.type }} -{{- if .Values.artifactory.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml .Values.artifactory.service.loadBalancerSourceRanges | indent 4 }} -{{- end }} - ports: - - port: {{ .Values.artifactory.externalPort }} - targetPort: {{ .Values.artifactory.internalPort }} - protocol: TCP - name: http-router - - port: {{ .Values.artifactory.externalArtifactoryPort }} - targetPort: {{ .Values.artifactory.internalArtifactoryPort }} - protocol: TCP - name: http-artifactory - {{- if .Values.artifactory.ssh.enabled }} - - port: {{ .Values.artifactory.ssh.externalPort }} - targetPort: {{ .Values.artifactory.ssh.internalPort }} - protocol: TCP - name: tcp-ssh - {{- end }} - {{- with .Values.artifactory.javaOpts.jmx }} - {{- if .enabled }} - - port: {{ .port }} - targetPort: {{ .port }} - protocol: TCP - name: tcp-jmx - {{- end }} - {{- end }} - selector: - app: {{ template "artifactory.name" . }} - component: "{{ .Values.artifactory.name }}" - release: {{ .Release.Name }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-serviceaccount.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-serviceaccount.yaml deleted file mode 100755 index 4e9c5fbb5..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: -{{- with .Values.serviceAccount.annotations }} - annotations: -{{ tpl (toYaml .) $ | indent 4 }} -{{- end }} - labels: - app: {{ template "artifactory.name" . }} - chart: {{ template "artifactory.chart" . }} - component: {{ .Values.artifactory.name }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - name: {{ template "artifactory.serviceAccountName" . }} -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-statefulset.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-statefulset.yaml deleted file mode 100755 index 524fcbcbf..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-statefulset.yaml +++ /dev/null @@ -1,734 +0,0 @@ -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ template "artifactory.fullname" . }} - labels: - app: {{ template "artifactory.name" . }} - chart: {{ template "artifactory.chart" . }} - component: {{ .Values.artifactory.name }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -{{- with .Values.artifactory.labels }} -{{ toYaml . | indent 4 }} -{{- end }} -{{- if and .Release.IsUpgrade .Values.postgresql.enabled }} - databaseUpgradeReady: {{ required "\n\n*********\nIMPORTANT: UPGRADE STOPPED to prevent data loss!\nReview CHANGELOG.md (https://github.com/jfrog/charts/blob/master/stable/artifactory/CHANGELOG.md) \nNote: This applies only when you are using bundled postgresql (postgresql.enabled=true) \nIf you are upgrading from a chart version (< 11.x) that has postgresql.image.tag of 9.x or 10.x, make sure to pass the current postgresql.image.tag and set databaseUpgradeReady=true \nOR \nIf you are upgrading from a chart version (>= 11.x), just set databaseUpgradeReady=true \n" .Values.databaseUpgradeReady | quote }} -{{- end }} -spec: - serviceName: {{ template "artifactory.name" . }} - replicas: 1 - updateStrategy: - type: RollingUpdate - selector: - matchLabels: - app: {{ template "artifactory.name" . }} - role: {{ template "artifactory.name" . }} - release: {{ .Release.Name }} - template: - metadata: - labels: - app: {{ template "artifactory.name" . }} - chart: {{ template "artifactory.chart" . }} - heritage: {{ .Release.Service }} - role: {{ template "artifactory.name" . }} - component: {{ .Values.artifactory.name }} - release: {{ .Release.Name }} - {{- with .Values.artifactory.labels }} -{{ toYaml . | indent 8 }} - {{- end }} - annotations: - checksum/database-secrets: {{ include (print $.Template.BasePath "/artifactory-database-secrets.yaml") . | sha256sum }} - checksum/binarystore: {{ include (print $.Template.BasePath "/artifactory-binarystore-secret.yaml") . | sha256sum }} - checksum/systemyaml: {{ include (print $.Template.BasePath "/artifactory-system-yaml.yaml") . | sha256sum }} - {{- if .Values.access.accessConfig }} - checksum/access-config: {{ include (print $.Template.BasePath "/artifactory-access-config.yaml") . | sha256sum }} - {{- end }} - {{- if not (and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey) }} - checksum/admin-creds: {{ include (print $.Template.BasePath "/admin-bootstrap-creds.yaml") . | sha256sum }} - {{- end }} - {{- range $key, $value := .Values.artifactory.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} - spec: - {{- if .Values.artifactory.priorityClass.existingPriorityClass }} - priorityClassName: {{ .Values.artifactory.priorityClass.existingPriorityClass }} - {{- else -}} - {{- if .Values.artifactory.priorityClass.create }} - priorityClassName: {{ default (include "artifactory.fullname" .) .Values.artifactory.priorityClass.name }} - {{- end }} - {{- end }} - serviceAccountName: {{ template "artifactory.serviceAccountName" . }} - terminationGracePeriodSeconds: {{ .Values.artifactory.terminationGracePeriodSeconds }} - {{- if or .Values.imagePullSecrets .Values.global.imagePullSecrets }} -{{- include "artifactory.imagePullSecrets" . | indent 6 }} - {{- end }} - {{- if .Values.artifactory.setSecurityContext }} - securityContext: - runAsUser: {{ .Values.artifactory.uid }} - fsGroup: {{ .Values.artifactory.gid }} - {{- end }} - initContainers: - {{- if or .Values.artifactory.customInitContainersBegin .Values.global.customInitContainersBegin }} -{{ tpl (include "artifactory.customInitContainersBegin" .) . | indent 6 }} - {{- end }} - {{- if .Values.artifactory.persistence.enabled }} - {{- if .Values.artifactory.deleteDBPropertiesOnStartup }} - - name: "delete-db-properties" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} - resources: -{{ toYaml .Values.initContainers.resources | indent 10 }} - command: - - 'sh' - - '-c' - - 'rm -fv {{ .Values.artifactory.persistence.mountPath }}/etc/db.properties' - volumeMounts: - - name: artifactory-volume - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - {{- end }} - - name: "remove-lost-found" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} - resources: -{{ toYaml .Values.initContainers.resources | indent 10 }} - command: - - 'sh' - - '-c' - - 'rm -rfv {{ .Values.artifactory.persistence.mountPath }}/lost+found {{ .Values.artifactory.persistence.mountPath }}/data/.lock' - volumeMounts: - - name: artifactory-volume - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - {{- end }} - {{- if or (and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey) .Values.artifactory.admin.password }} - - name: "access-bootstrap-creds" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} - resources: -{{ toYaml .Values.initContainers.resources | indent 10 }} - command: - - 'sh' - - '-c' - - > - echo "Preparing {{ .Values.artifactory.persistence.mountPath }}/etc/access/bootstrap.creds"; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/access; - cp -Lrf /tmp/access/bootstrap.creds {{ .Values.artifactory.persistence.mountPath }}/etc/access/bootstrap.creds; - chmod 600 {{ .Values.artifactory.persistence.mountPath }}/etc/access/bootstrap.creds; - volumeMounts: - - name: artifactory-volume - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - - name: access-bootstrap-creds - mountPath: "/tmp/access/bootstrap.creds" - {{- if and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey }} - subPath: {{ .Values.artifactory.admin.dataKey }} - {{- else }} - subPath: bootstrap.creds - {{- end }} - {{- end }} - - name: 'copy-system-yaml' - image: '{{ .Values.initContainerImage }}' - resources: -{{ toYaml .Values.initContainers.resources | indent 10 }} - command: - - '/bin/sh' - - '-c' - - > - echo "Copy system.yaml to {{ .Values.artifactory.persistence.mountPath }}/etc"; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/access/keys/trusted; - {{- if .Values.systemYamlOverride.existingSecret }} - cp -fv /tmp/etc/{{ .Values.systemYamlOverride.dataKey }} {{ .Values.artifactory.persistence.mountPath }}/etc/system.yaml; - {{- else }} - cp -fv /tmp/etc/system.yaml {{ .Values.artifactory.persistence.mountPath }}/etc/system.yaml; - {{- end }} - echo "Remove {{ .Values.artifactory.persistence.mountPath }}/lost+found folder if exists"; - rm -rfv {{ .Values.artifactory.persistence.mountPath }}/lost+found; - {{- if .Values.access.accessConfig }} - echo "Copy access.config.patch.yml to {{ .Values.artifactory.persistence.mountPath }}/etc/access"; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/access; - cp -fv /tmp/etc/access.config.patch.yml {{ .Values.artifactory.persistence.mountPath }}/etc/access/access.config.patch.yml; - {{- end }} - {{- if .Values.access.resetAccessCAKeys }} - echo "Resetting Access CA Keys"; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys; - touch {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys/reset_ca_keys; - {{- end }} - {{- if .Values.access.customCertificatesSecretName }} - echo "Copying custom certificates to {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys"; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys; - cp -fv /tmp/etc/tls.crt {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys/ca.crt; - cp -fv /tmp/etc/tls.key {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys/ca.private.key; - {{- end }} - {{- if or .Values.artifactory.joinKey .Values.global.joinKey .Values.artifactory.joinKeySecretName .Values.global.joinKeySecretName }} - echo "Copy joinKey to {{ .Values.artifactory.persistence.mountPath }}/bootstrap/access/etc/security"; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/bootstrap/access/etc/security; - echo -n ${ARTIFACTORY_JOIN_KEY} > {{ .Values.artifactory.persistence.mountPath }}/bootstrap/access/etc/security/join.key; - {{- end }} - {{- if or .Values.artifactory.masterKey .Values.global.masterKey .Values.artifactory.masterKeySecretName .Values.global.masterKeySecretName }} - echo "Copy masterKey to {{ .Values.artifactory.persistence.mountPath }}/etc/security"; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/security; - echo -n ${ARTIFACTORY_MASTER_KEY} > {{ .Values.artifactory.persistence.mountPath }}/etc/security/master.key; - {{- end }} - env: - {{- if or .Values.artifactory.joinKey .Values.global.joinKey .Values.artifactory.joinKeySecretName .Values.global.joinKeySecretName }} - - name: ARTIFACTORY_JOIN_KEY - valueFrom: - secretKeyRef: - name: {{ include "artifactory.joinKeySecretName" . }} - key: join-key - {{- end }} - {{- if or .Values.artifactory.masterKey .Values.global.masterKey .Values.artifactory.masterKeySecretName .Values.global.masterKeySecretName }} - - name: ARTIFACTORY_MASTER_KEY - valueFrom: - secretKeyRef: - name: {{ include "artifactory.masterKeySecretName" . }} - key: master-key - {{- end }} - volumeMounts: - - name: artifactory-volume - mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} - {{- if or .Values.systemYamlOverride.existingSecret .Values.artifactory.systemYaml }} - - name: systemyaml - {{- if .Values.systemYamlOverride.existingSecret }} - mountPath: "/tmp/etc/{{.Values.systemYamlOverride.dataKey}}" - subPath: {{ .Values.systemYamlOverride.dataKey }} - {{- else if .Values.artifactory.systemYaml }} - mountPath: "/tmp/etc/system.yaml" - subPath: system.yaml - {{- end }} - {{- end }} - {{- if .Values.access.accessConfig }} - - name: access-config - mountPath: "/tmp/etc/access.config.patch.yml" - subPath: access.config.patch.yml - {{- end }} - {{- if .Values.access.customCertificatesSecretName }} - - name: access-certs - mountPath: "/tmp/etc/tls.crt" - subPath: tls.crt - - name: access-certs - mountPath: "/tmp/etc/tls.key" - subPath: tls.key - {{- end }} - {{- if and .Values.artifactory.customPersistentPodVolumeClaim (not .Values.artifactory.customPersistentPodVolumeClaim.skipPrepareContainer) }} - - name: "prepare-custom-persistent-volume" - image: "{{ .Values.initContainerImage }}" - resources: -{{ toYaml .Values.initContainers.resources | indent 10 }} - command: - - 'sh' - - '-c' - - > - echo "Setting ownership {{ .Values.artifactory.uid }}:{{ .Values.artifactory.gid }} on PVC {{ .Values.artifactory.customPersistentPodVolumeClaim.name }}" - chown -Rv {{ .Values.artifactory.uid }}:{{ .Values.artifactory.gid }} {{ .Values.artifactory.customPersistentPodVolumeClaim.mountPath }} - securityContext: - runAsUser: 0 - volumeMounts: - - name: {{ .Values.artifactory.customPersistentPodVolumeClaim.name }} - mountPath: {{ .Values.artifactory.customPersistentPodVolumeClaim.mountPath }} - {{- end }} - {{- if .Values.waitForDatabase }} - {{- if .Values.postgresql.enabled }} - - name: "wait-for-db" - image: "{{ .Values.initContainerImage }}" - resources: -{{ toYaml .Values.initContainers.resources | indent 10 }} - command: - - 'sh' - - '-c' - - > - until nc -z -w 2 {{ .Release.Name }}-postgresql {{ .Values.postgresql.service.port }} && echo database ok; do - sleep 2; - done; - {{- end }} - {{- end }} - {{- if or .Values.artifactory.customInitContainers .Values.global.customInitContainers }} -{{ tpl (include "artifactory.customInitContainers" .) . | indent 6 }} - {{- end }} -{{- if .Values.artifactory.migration.enabled }} - - name: 'migration-artifactory' - image: {{ include "artifactory.getImageInfoByValue" (list . "artifactory") }} - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} - securityContext: - allowPrivilegeEscalation: false - command: - - '/bin/bash' - - '-c' - - > - {{- if .Values.artifactory.migration.preStartCommand }} - echo "Running custom preStartCommand command"; - {{ tpl .Values.artifactory.migration.preStartCommand . }}; - {{- end }} - scriptsPath="/opt/jfrog/artifactory/app/bin"; - mkdir -p $scriptsPath; - echo "Copy migration scripts and Run migration"; - cp -fv /tmp/migrate.sh $scriptsPath/migrate.sh; - cp -fv /tmp/migrationHelmInfo.yaml $scriptsPath/migrationHelmInfo.yaml; - cp -fv /tmp/migrationStatus.sh $scriptsPath/migrationStatus.sh; - mkdir -p {{ .Values.artifactory.persistence.mountPath }}/log; - bash $scriptsPath/migrationStatus.sh {{ include "artifactory.app.version" . }} {{ .Values.artifactory.migration.timeoutSeconds }} > >(tee {{ .Values.artifactory.persistence.mountPath }}/log/helm-migration.log) 2>&1; - env: - {{- if and (not .Values.waitForDatabase) (not .Values.postgresql.enabled) }} - - name: SKIP_WAIT_FOR_EXTERNAL_DB - value: "true" - {{- end }} - {{- if or .Values.database.secrets.user .Values.database.user }} - - name: JF_SHARED_DATABASE_USERNAME - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.user }} - name: {{ tpl .Values.database.secrets.user.name . }} - key: {{ tpl .Values.database.secrets.user.key . }} - {{- else if .Values.database.user }} - name: {{ template "artifactory.fullname" . }}-database-creds - key: db-user - {{- end }} - {{- end }} - {{ if or .Values.database.secrets.password .Values.database.password .Values.postgresql.enabled }} - - name: JF_SHARED_DATABASE_PASSWORD - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.password }} - name: {{ tpl .Values.database.secrets.password.name . }} - key: {{ tpl .Values.database.secrets.password.key . }} - {{- else if .Values.database.password }} - name: {{ template "artifactory.fullname" . }}-database-creds - key: db-password - {{- else if .Values.postgresql.enabled }} - name: {{ .Release.Name }}-postgresql - key: postgresql-password - {{- end }} - {{- end }} - {{- if or .Values.database.secrets.url .Values.database.url }} - - name: JF_SHARED_DATABASE_URL - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.url }} - name: {{ tpl .Values.database.secrets.url.name . }} - key: {{ tpl .Values.database.secrets.url.key . }} - {{- else if .Values.database.url }} - name: {{ template "artifactory.fullname" . }}-database-creds - key: db-url - {{- end }} - {{- end }} -{{- with .Values.artifactory.extraEnvironmentVariables }} -{{ tpl (toYaml .) $ | indent 8 }} -{{- end }} - volumeMounts: - - name: migration-scripts - mountPath: "/tmp/migrate.sh" - subPath: migrate.sh - - name: migration-scripts - mountPath: "/tmp/migrationHelmInfo.yaml" - subPath: migrationHelmInfo.yaml - - name: migration-scripts - mountPath: "/tmp/migrationStatus.sh" - subPath: migrationStatus.sh - - name: artifactory-volume - mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} - {{- if eq .Values.artifactory.persistence.type "nfs" }} - - name: artifactory-data - mountPath: "{{ .Values.artifactory.persistence.nfs.dataDir }}" - - name: artifactory-backup - mountPath: "{{ .Values.artifactory.persistence.nfs.backupDir }}" - {{- else }} - - name: binarystore-xml - mountPath: "/artifactory_bootstrap/binarystore.xml" - subPath: binarystore.xml - {{- end }} - {{- if or .Values.artifactory.customVolumeMounts .Values.global.customVolumeMounts }} -{{ tpl (include "artifactory.customVolumeMounts" .) . | indent 8 }} - {{- end }} -{{- end }} - containers: - - name: {{ .Values.artifactory.name }} - image: {{ include "artifactory.getImageInfoByValue" (list . "artifactory") }} - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} - securityContext: - allowPrivilegeEscalation: false - command: - - '/bin/bash' - - '-c' - - > - set -e; - if [ -d /artifactory_extra_conf ] && [ -d /artifactory_bootstrap ]; then - echo "Copying bootstrap config from /artifactory_extra_conf to /artifactory_bootstrap"; - cp -Lrfv /artifactory_extra_conf/ /artifactory_bootstrap/; - fi; - {{- if .Values.artifactory.configMapName }} - echo "Copying bootstrap configs"; - cp -Lrf /bootstrap/* /artifactory_bootstrap/; - {{- end }} - {{- if .Values.artifactory.userPluginSecrets }} - echo "Copying plugins"; - cp -Lrf /tmp/plugin/*/* /artifactory_bootstrap/plugins; - {{- end }} - {{- range .Values.artifactory.copyOnEveryStartup }} - {{- $targetPath := printf "%s/%s" $.Values.artifactory.persistence.mountPath .target }} - {{- $baseDirectory := regexFind ".*/" $targetPath }} - mkdir -p {{ $baseDirectory }}; - cp -Lrf {{ .source }} {{ $.Values.artifactory.persistence.mountPath }}/{{ .target }}; - {{- end }} - {{- if .Values.artifactory.preStartCommand }} - echo "Running custom preStartCommand command"; - {{ tpl .Values.artifactory.preStartCommand . }}; - {{- end }} - exec /entrypoint-artifactory.sh - {{- with .Values.artifactory.postStartCommand }} - lifecycle: - postStart: - exec: - command: - - '/bin/bash' - - '-c' - - > - echo "Running custom postStartCommand command"; - {{ tpl . $ }} - {{- end }} - env: - {{- if and (not .Values.waitForDatabase) (not .Values.postgresql.enabled) }} - - name: SKIP_WAIT_FOR_EXTERNAL_DB - value: "true" - {{- end }} - {{- if or .Values.database.secrets.user .Values.database.user }} - - name: JF_SHARED_DATABASE_USERNAME - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.user }} - name: {{ tpl .Values.database.secrets.user.name . }} - key: {{ tpl .Values.database.secrets.user.key . }} - {{- else if .Values.database.user }} - name: {{ template "artifactory.fullname" . }}-database-creds - key: db-user - {{- end }} - {{- end }} - {{ if or .Values.database.secrets.password .Values.database.password .Values.postgresql.enabled }} - - name: JF_SHARED_DATABASE_PASSWORD - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.password }} - name: {{ tpl .Values.database.secrets.password.name . }} - key: {{ tpl .Values.database.secrets.password.key . }} - {{- else if .Values.database.password }} - name: {{ template "artifactory.fullname" . }}-database-creds - key: db-password - {{- else if .Values.postgresql.enabled }} - name: {{ .Release.Name }}-postgresql - key: postgresql-password - {{- end }} - {{- end }} - {{- if or .Values.database.secrets.url .Values.database.url }} - - name: JF_SHARED_DATABASE_URL - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.url }} - name: {{ tpl .Values.database.secrets.url.name . }} - key: {{ tpl .Values.database.secrets.url.key . }} - {{- else if .Values.database.url }} - name: {{ template "artifactory.fullname" . }}-database-creds - key: db-url - {{- end }} - {{- end }} -{{- with .Values.artifactory.extraEnvironmentVariables }} -{{ tpl (toYaml .) $ | indent 8 }} -{{- end }} - ports: - - containerPort: {{ .Values.artifactory.internalPort }} - name: http - - containerPort: {{ .Values.artifactory.internalArtifactoryPort }} - name: http-internal - {{- if .Values.artifactory.javaOpts.jmx.enabled }} - - containerPort: {{ .Values.artifactory.javaOpts.jmx.port }} - name: tcp-jmx - {{- end }} - {{- if .Values.artifactory.ssh.enabled }} - - containerPort: {{ .Values.artifactory.ssh.internalPort }} - name: tcp-ssh - {{- end }} - volumeMounts: - {{- if .Values.artifactory.userPluginSecrets }} - - name: bootstrap-plugins - mountPath: "/artifactory_bootstrap/plugins/" - {{- range .Values.artifactory.userPluginSecrets }} - - name: {{ tpl . $ }} - mountPath: "/tmp/plugin/{{ tpl . $ }}" - {{- end }} - {{- end }} - - name: artifactory-volume - mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} - {{- if .Values.artifactory.configMapName }} - - name: bootstrap-config - mountPath: "/bootstrap/" - {{- end }} - {{- if eq .Values.artifactory.persistence.type "nfs" }} - - name: artifactory-data - mountPath: "{{ .Values.artifactory.persistence.nfs.dataDir }}" - - name: artifactory-backup - mountPath: "{{ .Values.artifactory.persistence.nfs.backupDir }}" - {{- else }} - - name: binarystore-xml - mountPath: "/artifactory_bootstrap/binarystore.xml" - subPath: binarystore.xml - {{- end }} - {{- if or .Values.artifactory.license.secret .Values.artifactory.license.licenseKey }} - - name: artifactory-license - mountPath: "/artifactory_bootstrap/artifactory.lic" - {{- if .Values.artifactory.license.secret }} - subPath: {{ .Values.artifactory.license.dataKey }} - {{- else if .Values.artifactory.license.licenseKey }} - subPath: artifactory.lic - {{- end }} - {{- end }} - - name: installer-info - mountPath: "/artifactory_bootstrap/info/installer-info.json" - subPath: installer-info.json - {{- if or .Values.artifactory.customVolumeMounts .Values.global.customVolumeMounts }} -{{ tpl (include "artifactory.customVolumeMounts" .) . | indent 8 }} - {{- end }} - resources: -{{ toYaml .Values.artifactory.resources | indent 10 }} - {{- if .Values.artifactory.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: {{ .Values.artifactory.readinessProbe.path }} - scheme: {{ include "artifactory.scheme" . | upper }} - port: {{ .Values.artifactory.internalPort }} - initialDelaySeconds: {{ .Values.artifactory.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.artifactory.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.artifactory.readinessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.artifactory.readinessProbe.failureThreshold }} - successThreshold: {{ .Values.artifactory.readinessProbe.successThreshold }} - {{- end }} - {{- if .Values.artifactory.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: {{ .Values.artifactory.livenessProbe.path }} - scheme: {{ include "artifactory.scheme" . | upper }} - port: {{ .Values.artifactory.internalPort }} - initialDelaySeconds: {{ .Values.artifactory.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.artifactory.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.artifactory.livenessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.artifactory.livenessProbe.failureThreshold }} - successThreshold: {{ .Values.artifactory.livenessProbe.successThreshold }} - {{- end }} - {{- $mountPath := .Values.artifactory.persistence.mountPath }} - {{- range .Values.artifactory.loggers }} - - name: {{ . | replace "_" "-" | replace "." "-" }} - image: {{ include "artifactory.getImageInfoByValue" (list $ "logger") }} - command: - - 'sh' - - '-c' - - 'sh /scripts/tail-log.sh {{ $mountPath }}/log {{ . }}' - volumeMounts: - - name: artifactory-volume - mountPath: {{ $mountPath }} - - name: tail-logger-script - mountPath: /scripts/tail-log.sh - subPath: tail-log.sh - resources: -{{ toYaml $.Values.artifactory.loggersResources | indent 10 }} - {{- end }} - {{ if .Values.artifactory.catalinaLoggers }} - {{- range .Values.artifactory.catalinaLoggers }} - - name: {{ . | replace "_" "-" | replace "." "-" }} - image: {{ include "artifactory.getImageInfoByValue" (list $ "logger") }} - command: - - 'sh' - - '-c' - - 'sh /scripts/tail-log.sh {{ $mountPath }}/log/tomcat {{ . }}' - volumeMounts: - - name: artifactory-volume - mountPath: {{ $mountPath }} - - name: tail-logger-script - mountPath: /scripts/tail-log.sh - subPath: tail-log.sh - resources: -{{ toYaml $.Values.artifactory.catalinaLoggersResources | indent 10 }} - {{- end }} - {{- end }} - {{- if .Values.filebeat.enabled }} - - name: {{ .Values.filebeat.name }} - image: "{{ .Values.filebeat.image.repository }}:{{ .Values.filebeat.image.version }}" - imagePullPolicy: {{ .Values.filebeat.image.pullPolicy }} - args: - - "-e" - - "-E" - - "http.enabled=true" - securityContext: - runAsUser: 0 - volumeMounts: - - name: filebeat-config - mountPath: /usr/share/filebeat/filebeat.yml - readOnly: true - subPath: filebeat.yml - - name: artifactory-volume - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - livenessProbe: -{{ toYaml .Values.filebeat.livenessProbe | indent 10 }} - readinessProbe: -{{ toYaml .Values.filebeat.readinessProbe | indent 10 }} - resources: -{{ toYaml .Values.filebeat.resources | indent 10 }} - terminationGracePeriodSeconds: {{ .Values.terminationGracePeriod }} - {{- end }} - {{- if or .Values.artifactory.customSidecarContainers .Values.global.customSidecarContainers }} -{{ tpl (include "artifactory.customSidecarContainers" .) . | indent 6 }} - {{- end }} - {{- with .Values.artifactory.nodeSelector }} - nodeSelector: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.artifactory.affinity }} - affinity: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.artifactory.tolerations }} - tolerations: -{{ toYaml . | indent 8 }} - {{- end }} - volumes: - - name: binarystore-xml - secret: - {{- if .Values.artifactory.persistence.customBinarystoreXmlSecret }} - secretName: {{ .Values.artifactory.persistence.customBinarystoreXmlSecret }} - {{- else }} - secretName: {{ template "artifactory.fullname" . }}-binarystore - {{- end }} -{{- if .Values.artifactory.migration.enabled }} - - name: migration-scripts - configMap: - name: {{ template "artifactory.fullname" . }}-migration-scripts -{{- end }} - - name: installer-info - configMap: - name: {{ template "artifactory.fullname" . }}-installer-info - {{- if .Values.artifactory.userPluginSecrets }} - - name: bootstrap-plugins - emptyDir: {} - {{- range .Values.artifactory.userPluginSecrets }} - - name: {{ tpl . $ }} - secret: - secretName: {{ tpl . $ }} - {{- end }} - {{- end }} - {{- if and .Values.artifactory.persistence.enabled .Values.artifactory.persistence.existingClaim }} - - name: artifactory-volume - persistentVolumeClaim: - claimName: {{ .Values.artifactory.persistence.existingClaim }} - {{- end }} - {{- if .Values.artifactory.configMapName }} - - name: bootstrap-config - configMap: - name: {{ .Values.artifactory.configMapName }} - {{- end}} - {{- if or .Values.artifactory.loggers .Values.artifactory.catalinaLoggers }} - - name: tail-logger-script - configMap: - name: {{ template "artifactory.fullname" . }}-logger - {{- end }} - {{- if .Values.artifactory.configMaps }} - - name: artifactory-configmaps - configMap: - name: {{ template "artifactory.fullname" . }}-configmaps - {{- end }} - {{- if or .Values.artifactory.license.secret .Values.artifactory.license.licenseKey }} - - name: artifactory-license - secret: - {{- if .Values.artifactory.license.secret }} - secretName: {{ .Values.artifactory.license.secret }} - {{- else if .Values.artifactory.license.licenseKey }} - secretName: {{ template "artifactory.fullname" . }}-license - {{- end }} - {{- end }} - {{- if or (and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey) .Values.artifactory.admin.password }} - - name: access-bootstrap-creds - secret: - {{- if and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey }} - secretName: {{ .Values.artifactory.admin.secret }} - {{- else }} - secretName: {{ template "artifactory.fullname" . }}-bootstrap-creds - {{- end }} - {{- end }} - {{- if eq .Values.artifactory.persistence.type "nfs" }} - - name: artifactory-data - persistentVolumeClaim: - claimName: {{ template "artifactory.fullname" . }}-data-pvc - - name: artifactory-backup - persistentVolumeClaim: - claimName: {{ template "artifactory.fullname" . }}-backup-pvc - {{- end }} - {{- if not .Values.artifactory.persistence.enabled }} - - name: artifactory-volume - emptyDir: - sizeLimit: {{ .Values.artifactory.persistence.size }} - {{- end }} - {{- if or .Values.systemYamlOverride.existingSecret .Values.artifactory.systemYaml }} - - name: systemyaml - secret: - secretName: {{ default (printf "%s-%s" (include "artifactory.fullname" .) "systemyaml") .Values.systemYamlOverride.existingSecret }} - {{- end }} - {{- if .Values.access.accessConfig }} - - name: access-config - secret: - secretName: {{ template "artifactory.fullname" . }}-access-config - {{- end }} - {{- if .Values.access.customCertificatesSecretName }} - - name: access-certs - secret: - secretName: {{ .Values.access.customCertificatesSecretName }} - {{- end }} - {{- if .Values.artifactory.customPersistentVolumeClaim }} - - name: {{ .Values.artifactory.customPersistentVolumeClaim.name }} - persistentVolumeClaim: - claimName: {{ .Values.artifactory.customPersistentVolumeClaim.name }} - {{- end }} - {{- if .Values.filebeat.enabled }} - - name: filebeat-config - configMap: - name: {{ template "artifactory.name" . }}-filebeat-config - {{- end }} - {{- if or .Values.artifactory.customVolumes .Values.global.customVolumes }} -{{ tpl (include "artifactory.customVolumes" .) . | indent 6 }} - {{- end }} - {{- if not .Values.artifactory.persistence.enabled }} - - name: volume - emptyDir: - sizeLimit: {{ .Values.artifactory.persistence.size }} - {{- end }} -{{- with .Values.artifactory.persistence }} - {{- if and .enabled (not .existingClaim) }} - volumeClaimTemplates: - - metadata: - name: artifactory-volume - spec: - {{- if .storageClassName }} - {{- if (eq "-" .storageClassName) }} - storageClassName: "" - {{- else }} - storageClassName: "{{ .storageClassName }}" - {{- end }} - {{- end }} - accessModes: [ "{{ .accessMode }}" ] - resources: - requests: - storage: {{ .size }} - {{- end }} -{{- end }} - {{- if .Values.artifactory.customPersistentPodVolumeClaim }} - - metadata: - name: {{ .Values.artifactory.customPersistentPodVolumeClaim.name }} - spec: - {{- if .Values.artifactory.customPersistentPodVolumeClaim.storageClassName }} - {{- if (eq "-" .Values.artifactory.customPersistentPodVolumeClaim.storageClassName) }} - storageClassName: "" - {{- else }} - storageClassName: "{{ .Values.artifactory.customPersistentPodVolumeClaim.storageClassName }}" - {{- end }} - {{- end }} - accessModes: - {{- range .Values.artifactory.customPersistentPodVolumeClaim.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.artifactory.customPersistentPodVolumeClaim.size }} - {{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-system-yaml.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-system-yaml.yaml deleted file mode 100755 index f36879218..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-system-yaml.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if not .Values.systemYamlOverride.existingSecret }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "artifactory.fullname" . }}-systemyaml - labels: - app: {{ template "artifactory.name" . }} - chart: {{ template "artifactory.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -type: Opaque -stringData: - system.yaml: | -{{ tpl .Values.artifactory.systemYaml . | indent 4 }} -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/filebeat-configmap.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/filebeat-configmap.yaml deleted file mode 100755 index 8ceb67c01..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/filebeat-configmap.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if .Values.filebeat.enabled }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "artifactory.name" . }}-filebeat-config - labels: - app: {{ template "artifactory.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version }} - heritage: {{ .Release.Service | quote }} - release: {{ .Release.Name | quote }} -data: - filebeat.yml: | -{{ tpl .Values.filebeat.filebeatYml . | indent 4 }} -{{- end -}} \ No newline at end of file diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/ingress.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/ingress.yaml deleted file mode 100755 index 6f6bc11d1..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/ingress.yaml +++ /dev/null @@ -1,107 +0,0 @@ -{{- if .Values.ingress.enabled -}} -{{- $serviceName := include "artifactory.fullname" . -}} -{{- $servicePort := .Values.artifactory.externalPort -}} -{{- $artifactoryServicePort := .Values.artifactory.externalArtifactoryPort -}} -{{- $ingressName := default ( include "artifactory.fullname" . ) .Values.ingress.name -}} -{{- if semverCompare ">=v1.14.0-0" .Capabilities.KubeVersion.GitVersion }} -apiVersion: networking.k8s.io/v1beta1 -{{- else }} -apiVersion: extensions/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: {{ $ingressName }} - labels: - app: {{ template "artifactory.name" . }} - chart: {{ template "artifactory.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -{{- if .Values.ingress.labels }} -{{ .Values.ingress.labels | toYaml | trimSuffix "\n"| indent 4 -}} -{{- end}} -{{- if .Values.ingress.annotations }} - annotations: -{{ .Values.ingress.annotations | toYaml | trimSuffix "\n" | indent 4 -}} -{{- end }} -spec: - {{- if .Values.ingress.defaultBackend.enabled }} - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end }} - rules: -{{- if .Values.ingress.hosts }} - {{- range $host := .Values.ingress.hosts }} - - host: {{ $host | quote }} - http: - paths: - - path: {{ $.Values.ingress.routerPath }} - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - - path: {{ $.Values.ingress.artifactoryPath }} - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $artifactoryServicePort }} - {{- end -}} -{{- end -}} - {{- with .Values.ingress.additionalRules }} -{{ tpl . $ | indent 2 }} - {{- end }} - - {{- if .Values.ingress.tls }} - tls: -{{ toYaml .Values.ingress.tls | indent 4 }} - {{- end -}} -{{- if .Values.artifactory.replicator.enabled }} ---- -{{- $replicatorIngressName := default ( include "artifactory.replicator.fullname" . ) .Values.artifactory.replicator.ingress.name -}} - {{- if semverCompare ">=v1.14.0-0" .Capabilities.KubeVersion.GitVersion }} -apiVersion: networking.k8s.io/v1beta1 - {{- else }} -apiVersion: extensions/v1beta1 - {{- end }} -kind: Ingress -metadata: - name: {{ $replicatorIngressName }} - labels: - app: "{{ template "artifactory.name" $ }}" - chart: "{{ template "artifactory.chart" $ }}" - release: {{ $.Release.Name | quote }} - heritage: {{ $.Release.Service | quote }} - {{- if .Values.artifactory.replicator.ingress.annotations }} - annotations: -{{ .Values.artifactory.replicator.ingress.annotations | toYaml | trimSuffix "\n" | indent 4 -}} - {{- end }} -spec: - {{- if .Values.ingress.defaultBackend.enabled }} - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end }} - rules: -{{- if .Values.artifactory.replicator.ingress.hosts }} - {{- range $host := .Values.artifactory.replicator.ingress.hosts }} - - host: {{ $host | quote }} - http: - paths: - - path: /replicator/ - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - - path: /artifactory/api/replication/replicate/file/streaming - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end -}} -{{- end -}} - {{- if .Values.artifactory.replicator.ingress.tls }} - tls: -{{ toYaml .Values.artifactory.replicator.ingress.tls | indent 4 }} - {{- end -}} -{{- end -}} -{{- if .Values.customIngress }} ---- -{{ .Values.customIngress | toYaml | trimSuffix "\n" }} -{{- end -}} -{{- end -}} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/logger-configmap.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/logger-configmap.yaml deleted file mode 100755 index f53f35e48..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/logger-configmap.yaml +++ /dev/null @@ -1,63 +0,0 @@ -{{- if or .Values.artifactory.loggers .Values.artifactory.catalinaLoggers }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "artifactory.fullname" . }}-logger - labels: - app: {{ template "artifactory.name" . }} - chart: {{ template "artifactory.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - tail-log.sh: | - #!/bin/sh - - LOG_DIR=$1 - LOG_NAME=$2 - PID= - - # Wait for log dir to appear - while [ ! -d ${LOG_DIR} ]; do - sleep 1 - done - - cd ${LOG_DIR} - - LOG_PREFIX=$(echo ${LOG_NAME} | sed 's/.log$//g') - - # Find the log to tail - LOG_FILE=$(ls -1t ./${LOG_PREFIX}*.log 2>/dev/null | head -1) - - # Wait for the log file - while [ -z "${LOG_FILE}" ]; do - sleep 1 - LOG_FILE=$(ls -1t ./${LOG_PREFIX}*.log 2>/dev/null | head -1) - done - - echo "Log file ${LOG_FILE} is ready!" - - # Get inode number - INODE_ID=$(ls -i ${LOG_FILE}) - - # echo "Tailing ${LOG_FILE}" - tail -F ${LOG_FILE} & - PID=$! - - # Loop forever to see if a new log was created - while true; do - # Check inode number - NEW_INODE_ID=$(ls -i ${LOG_FILE}) - - # If inode number changed, this means log was rotated and need to start a new tail - if [ "${INODE_ID}" != "${NEW_INODE_ID}" ]; then - kill -9 ${PID} 2>/dev/null - INODE_ID="${NEW_INODE_ID}" - - # Start a new tail - tail -F ${LOG_FILE} & - PID=$! - fi - sleep 1 - done - -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/nginx-artifactory-conf.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/nginx-artifactory-conf.yaml deleted file mode 100755 index bd2ebea96..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/nginx-artifactory-conf.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if and (not .Values.nginx.customArtifactoryConfigMap) .Values.nginx.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "artifactory.fullname" . }}-nginx-artifactory-conf - labels: - app: {{ template "artifactory.name" . }} - chart: {{ template "artifactory.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - artifactory.conf: | -{{ tpl .Values.nginx.artifactoryConf . | indent 4 }} -{{- end }} \ No newline at end of file diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/nginx-certificate-secret.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/nginx-certificate-secret.yaml deleted file mode 100755 index 8d6862903..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/nginx-certificate-secret.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if and (not .Values.nginx.tlsSecretName) .Values.nginx.https.enabled }} -apiVersion: v1 -kind: Secret -type: kubernetes.io/tls -metadata: - name: {{ template "artifactory.fullname" . }}-nginx-certificate - labels: - app: {{ template "artifactory.name" . }} - chart: {{ template "artifactory.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: -{{ ( include "artifactory.gen-certs" . ) | indent 2 }} -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/nginx-conf.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/nginx-conf.yaml deleted file mode 100755 index 851eae247..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/nginx-conf.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if and (not .Values.nginx.customConfigMap) .Values.nginx.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "artifactory.fullname" . }}-nginx-conf - labels: - app: {{ template "artifactory.name" . }} - chart: {{ template "artifactory.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - nginx.conf: | -{{ tpl .Values.nginx.mainConf . | indent 4 }} -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/nginx-deployment.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/nginx-deployment.yaml deleted file mode 100755 index bc53f535b..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/nginx-deployment.yaml +++ /dev/null @@ -1,203 +0,0 @@ -{{- if .Values.nginx.enabled -}} -{{- $serviceName := include "artifactory.fullname" . -}} -{{- $servicePort := .Values.artifactory.externalPort -}} -apiVersion: apps/v1 -kind: {{ .Values.nginx.kind }} -metadata: - name: {{ template "artifactory.nginx.fullname" . }} - labels: - app: {{ template "artifactory.name" . }} - chart: {{ template "artifactory.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - component: {{ .Values.nginx.name }} -{{- if .Values.nginx.labels }} -{{ toYaml .Values.nginx.labels | indent 4 }} -{{- end }} -spec: -{{- if eq .Values.nginx.kind "StatefulSet" }} - serviceName: {{ template "artifactory.nginx.fullname" . }} -{{- end }} -{{- if ne .Values.nginx.kind "DaemonSet" }} - replicas: {{ .Values.nginx.replicaCount }} -{{- end }} - selector: - matchLabels: - app: {{ template "artifactory.name" . }} - release: {{ .Release.Name }} - component: {{ .Values.nginx.name }} - template: - metadata: - annotations: - checksum/nginx-conf: {{ include (print $.Template.BasePath "/nginx-conf.yaml") . | sha256sum }} - checksum/nginx-artifactory-conf: {{ include (print $.Template.BasePath "/nginx-artifactory-conf.yaml") . | sha256sum }} - labels: - app: {{ template "artifactory.name" . }} - chart: {{ template "artifactory.chart" . }} - component: {{ .Values.nginx.name }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - serviceAccountName: {{ template "artifactory.serviceAccountName" . }} - {{- if or .Values.imagePullSecrets .Values.global.imagePullSecrets }} -{{- include "artifactory.imagePullSecrets" . | indent 6 }} - {{- end }} - {{- if .Values.nginx.priorityClassName }} - priorityClassName: {{ .Values.nginx.priorityClassName | quote }} - {{- end }} - initContainers: - - name: "setup" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: {{ .Values.nginx.image.pullPolicy }} - command: - - '/bin/sh' - - '-c' - - > - rm -rfv {{ .Values.nginx.persistence.mountPath }}/lost+found; - mkdir -p {{ .Values.nginx.persistence.mountPath }}/logs; - volumeMounts: - - mountPath: {{ .Values.nginx.persistence.mountPath | quote }} - name: nginx-volume - securityContext: - runAsUser: {{ .Values.nginx.uid }} - fsGroup: {{ .Values.nginx.gid }} - containers: - - name: {{ .Values.nginx.name }} - image: {{ include "artifactory.getImageInfoByValue" (list . "nginx") }} - imagePullPolicy: {{ .Values.nginx.image.pullPolicy }} - command: - - 'nginx' - - '-g' - - 'daemon off;' - ports: - # DEPRECATION NOTE: The following is to maintain support for values pre 1.3.1 and - # will be cleaned up in a later version - {{- if .Values.nginx.http }} - {{- if .Values.nginx.http.enabled }} - - containerPort: {{ .Values.nginx.http.internalPort }} - name: http - {{- end }} - {{- else }} # DEPRECATED - - containerPort: {{ .Values.nginx.internalPortHttp }} - name: http-internal - {{- end }} - {{- if .Values.nginx.https }} - {{- if .Values.nginx.https.enabled }} - - containerPort: {{ .Values.nginx.https.internalPort }} - name: https - {{- end }} - {{- else }} # DEPRECATED - - containerPort: {{ .Values.nginx.internalPortHttps }} - name: https-internal - {{- end }} - {{- if .Values.artifactory.ssh.enabled }} - - containerPort: {{ .Values.nginx.ssh.internalPort }} - name: tcp-ssh - {{- end }} - volumeMounts: - - name: nginx-conf - mountPath: /etc/nginx/nginx.conf - subPath: nginx.conf - - name: nginx-artifactory-conf - mountPath: "{{ .Values.nginx.persistence.mountPath }}/conf.d/" - - name: nginx-volume - mountPath: {{ .Values.nginx.persistence.mountPath | quote }} - {{- if .Values.nginx.https.enabled }} - - name: ssl-certificates - mountPath: "{{ .Values.nginx.persistence.mountPath }}/ssl" - {{- end }} - resources: -{{ toYaml .Values.nginx.resources | indent 10 }} - {{- if .Values.nginx.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: {{ .Values.nginx.readinessProbe.path }} - {{- if .Values.nginx.http.enabled }} - port: {{ .Values.nginx.http.internalPort }} - scheme: HTTP - {{- else }} - port: {{ .Values.nginx.https.internalPort }} - scheme: HTTPS - {{- end }} - initialDelaySeconds: {{ .Values.nginx.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.nginx.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.nginx.readinessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.nginx.readinessProbe.failureThreshold }} - successThreshold: {{ .Values.nginx.readinessProbe.successThreshold }} - {{- end }} - {{- if .Values.nginx.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: {{ .Values.nginx.livenessProbe.path }} - {{- if .Values.nginx.http.enabled }} - port: {{ .Values.nginx.http.internalPort }} - scheme: HTTP - {{- else }} - port: {{ .Values.nginx.https.internalPort }} - scheme: HTTPS - {{- end }} - initialDelaySeconds: {{ .Values.nginx.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.nginx.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.nginx.livenessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.nginx.livenessProbe.failureThreshold }} - successThreshold: {{ .Values.nginx.livenessProbe.successThreshold }} - {{- end }} - {{- $mountPath := .Values.nginx.persistence.mountPath }} - {{- range .Values.nginx.loggers }} - - name: {{ . | replace "_" "-" | replace "." "-" }} - image: {{ include "artifactory.getImageInfoByValue" (list $ "logger") }} - command: - - tail - args: - - '-F' - - '{{ $mountPath }}/logs/{{ . }}' - volumeMounts: - - name: nginx-volume - mountPath: {{ $mountPath }} - resources: -{{ toYaml $.Values.nginx.loggersResources | indent 10 }} - {{- end }} - {{- with .Values.nginx.nodeSelector }} - nodeSelector: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.nginx.affinity }} - affinity: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.nginx.tolerations }} - tolerations: -{{ toYaml . | indent 8 }} - {{- end }} - volumes: - - name: nginx-conf - configMap: - {{- if .Values.nginx.customConfigMap }} - name: {{ .Values.nginx.customConfigMap }} - {{- else }} - name: {{ template "artifactory.fullname" . }}-nginx-conf - {{- end }} - - name: nginx-artifactory-conf - configMap: - {{- if .Values.nginx.customArtifactoryConfigMap }} - name: {{ .Values.nginx.customArtifactoryConfigMap }} - {{- else }} - name: {{ template "artifactory.fullname" . }}-nginx-artifactory-conf - {{- end }} - - name: nginx-volume - {{- if .Values.nginx.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ .Values.nginx.persistence.existingClaim | default (include "artifactory.nginx.fullname" .) }} - {{- else }} - emptyDir: {} - {{- end }} - {{- if .Values.nginx.https.enabled }} - - name: ssl-certificates - secret: - {{- if .Values.nginx.tlsSecretName }} - secretName: {{ .Values.nginx.tlsSecretName }} - {{- else }} - secretName: {{ template "artifactory.fullname" . }}-nginx-certificate - {{- end }} - {{- end }} -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/nginx-pvc.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/nginx-pvc.yaml deleted file mode 100755 index 3394a0ade..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/nginx-pvc.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if and .Values.nginx.persistence.enabled (.Values.nginx.enabled ) }} -{{- if (not .Values.nginx.persistence.existingClaim) }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ template "artifactory.nginx.fullname" . }} - labels: - app: {{ template "artifactory.name" . }} - chart: {{ template "artifactory.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - accessModes: - - {{ .Values.nginx.persistence.accessMode | quote }} - resources: - requests: - storage: {{ .Values.nginx.persistence.size | quote }} -{{- if .Values.nginx.persistence.storageClassName }} -{{- if (eq "-" .Values.nginx.persistence.storageClassName) }} - storageClassName: "" -{{- else }} - storageClassName: "{{ .Values.nginx.persistence.storageClassName }}" -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/nginx-service.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/nginx-service.yaml deleted file mode 100755 index 7f4c8fb66..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/nginx-service.yaml +++ /dev/null @@ -1,73 +0,0 @@ -{{- if .Values.nginx.enabled -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "artifactory.nginx.fullname" . }} - labels: - app: {{ template "artifactory.name" . }} - chart: {{ template "artifactory.chart" . }} - component: {{ .Values.nginx.name }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -{{- if .Values.nginx.service.annotations }} - annotations: -{{ toYaml .Values.nginx.service.annotations | indent 4 }} -{{- end }} -spec: - type: {{ .Values.nginx.service.type }} -{{- if eq .Values.nginx.service.type "LoadBalancer" }} - {{ if .Values.nginx.service.loadBalancerIP -}} - loadBalancerIP: {{ .Values.nginx.service.loadBalancerIP }} - {{ end -}} - {{- if .Values.nginx.service.externalTrafficPolicy }} - externalTrafficPolicy: {{ .Values.nginx.service.externalTrafficPolicy }} - {{- end }} -{{- end }} -{{- if .Values.nginx.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml .Values.nginx.service.loadBalancerSourceRanges | indent 4 }} -{{- end }} - ports: - # DEPRECATION NOTE: The following is to maintain support for values pre 1.3.0 and - # will be cleaned up in a later version - {{- if .Values.nginx.http }} - {{- if .Values.nginx.http.enabled }} - - port: {{ .Values.nginx.http.externalPort }} - targetPort: {{ .Values.nginx.http.internalPort }} - protocol: TCP - name: http - {{- end }} - {{- else }} # DEPRECATED - - port: {{ .Values.nginx.externalPortHttp }} - targetPort: {{ .Values.nginx.internalPortHttp }} - protocol: TCP - name: http - {{- end }} - {{- if .Values.nginx.https }} - {{- if or .Values.nginx.https.enabled .Values.nginx.service.ssloffload }} - - port: {{ .Values.nginx.https.externalPort }} - {{- if .Values.nginx.service.ssloffload }} - targetPort: {{ .Values.nginx.http.internalPort }} - {{- else }} - targetPort: {{ .Values.nginx.https.internalPort}} - {{- end }} - protocol: TCP - name: https - {{- end }} - {{- else }} # DEPRECATED - - port: {{ .Values.nginx.externalPortHttps }} - targetPort: {{ .Values.nginx.internalPortHttps }} - protocol: TCP - name: https - {{- end }} - {{- if .Values.artifactory.ssh.enabled }} - - port: {{ .Values.nginx.ssh.externalPort }} - targetPort: {{ .Values.nginx.ssh.internalPort }} - protocol: TCP - name: tcp-ssh - {{- end }} - selector: - app: {{ template "artifactory.name" . }} - component: {{ .Values.nginx.name }} - release: {{ .Release.Name }} -{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/values-large.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/values-large.yaml deleted file mode 100755 index 6399c5b8a..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/values-large.yaml +++ /dev/null @@ -1,11 +0,0 @@ -artifactory: - resources: - requests: - memory: "6Gi" - cpu: "4" - limits: - memory: "10Gi" - cpu: "8" - javaOpts: - xms: "6g" - xmx: "8g" diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/values-medium.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/values-medium.yaml deleted file mode 100755 index 44aff82de..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/values-medium.yaml +++ /dev/null @@ -1,11 +0,0 @@ -artifactory: - resources: - requests: - memory: "4Gi" - cpu: "2" - limits: - memory: "8Gi" - cpu: "6" - javaOpts: - xms: "4g" - xmx: "6g" diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/values-small.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/values-small.yaml deleted file mode 100755 index 04368ae15..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/values-small.yaml +++ /dev/null @@ -1,11 +0,0 @@ -artifactory: - resources: - requests: - memory: "4Gi" - cpu: "2" - limits: - memory: "6Gi" - cpu: "4" - javaOpts: - xms: "4g" - xmx: "4g" diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/values.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/values.yaml deleted file mode 100755 index dcbf72fdb..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/values.yaml +++ /dev/null @@ -1,1376 +0,0 @@ -# Default values for artifactory. -# This is a YAML-formatted file. - -# Beware when changing values here. You should know what you are doing! -# Access the values with {{ .Values.key.subkey }} - - -global: - # imageRegistry: docker.bintray.io - # imagePullSecrets: - # - myRegistryKeySecretName - ## Chart.AppVersion can be overidden using global.versions.artifactory or .Values.artifactory.image.tag - ## Note: Order of preference is 1) global.versions 2) .Values.artifactory.image.tag 3) Chart.AppVersion - ## This applies also for nginx images (.Values.nginx.image.tag) - versions: {} - # artifactory: - # joinKey: - # masterKey: - # joinKeySecretName: - # masterKeySecretName: - # customInitContainersBegin: | - - # customInitContainers: | - - # customVolumes: | - - # customVolumeMounts: | - - # customSidecarContainers: | - - -initContainerImage: docker.bintray.io/alpine:3.12.1 - -# Init containers -initContainers: - resources: {} -# requests: -# memory: "64Mi" -# cpu: "10m" -# limits: -# memory: "128Mi" -# cpu: "250m" - -installer: - type: - platform: - -installerInfo: '{"productId": "Helm_artifactory/{{ .Chart.Version }}", "features": [ { "featureId": "Platform/{{ default "kubernetes" .Values.installer.platform }}"}]}' - -# For supporting pulling from private registries -# imagePullSecrets: -# - myRegistryKeySecretName - -## Artifactory systemYaml override -## This is for advanced usecases where users wants to provide their own systemYaml for configuring artifactory -## Refer: https://www.jfrog.com/confluence/display/JFROG/Artifactory+System+YAML -## Note: This will override existing (default) .Values.artifactory.systemYaml in values.yaml -## Alternatively, systemYaml can be overidden via customInitContainers using external sources like vaults, external repositories etc. Please refer customInitContainer section below for an example. -## Note: Order of preference is 1) customInitContainers 2) systemYamlOverride existingSecret 3) default systemYaml in values.yaml -systemYamlOverride: -## You can use a pre-existing secret by specifying existingSecret - existingSecret: -## The dataKey should be the name of the secret data key created. - dataKey: - -## Role Based Access Control -## Ref: https://kubernetes.io/docs/admin/authorization/rbac/ -rbac: - create: true - role: - ## Rules to create. It follows the role specification - rules: - - apiGroups: - - '' - resources: - - services - - endpoints - - pods - verbs: - - get - - watch - - list - -## Service Account -## Ref: https://kubernetes.io/docs/admin/service-accounts-admin/ -## -serviceAccount: - create: true - ## The name of the ServiceAccount to use. - ## If not set and create is true, a name is generated using the fullname template - name: - ## Service Account annotations - annotations: {} - -ingress: - enabled: false - defaultBackend: - enabled: true - # Used to create an Ingress record. - hosts: [] - routerPath: / - artifactoryPath: /artifactory/ - annotations: {} - # kubernetes.io/ingress.class: nginx - # nginx.ingress.kubernetes.io/configuration-snippet: | - # proxy_pass_header Server; - # proxy_set_header X-JFrog-Override-Base-Url https://; - # kubernetes.io/tls-acme: "true" - # nginx.ingress.kubernetes.io/proxy-body-size: "0" - labels: {} - # traffic-type: external - # traffic-type: internal - tls: [] - # Secrets must be manually created in the namespace. - # - secretName: chart-example-tls - # hosts: - # - artifactory.domain.example - - # Additional ingress rules - additionalRules: [] - -## Allows to add custom ingress -customIngress: | - -networkpolicy: - # Allows all ingress and egress - - name: artifactory - podSelector: - matchLabels: - app: artifactory - egress: - - {} - ingress: - - {} - # Uncomment to allow only artifactory pods to communicate with postgresql (if postgresql.enabled is true) - # - name: postgresql - # podSelector: - # matchLabels: - # app: postgresql - # ingress: - # - from: - # - podSelector: - # matchLabels: - # app: artifactory - -logger: - image: - registry: docker.bintray.io - repository: busybox - tag: 1.31.1 - -# Artifactory -artifactory: - name: artifactory - # Note that by default we use appVersion to get image tag/version - image: - registry: docker.bintray.io - repository: jfrog/artifactory-pro - # tag: - pullPolicy: IfNotPresent - labels: {} - - # Create a priority class for the Artifactory pod or use an existing one - # NOTE - Maximum allowed value of a user defined priority is 1000000000 - priorityClass: - create: false - value: 1000000000 - ## Override default name - # name: - ## Use an existing priority class - # existingPriorityClass: - - # Delete the db.properties file in ARTIFACTORY_HOME/etc/db.properties - deleteDBPropertiesOnStartup: true - - database: - maxOpenConnections: 80 - tomcat: - connector: - maxThreads: 200 - extraConfig: 'acceptCount="100"' - - # Support for open metrics is only available for Artifactory 7.7.x (appVersions) and above. - # To enable set `.Values.artifactory.openMetrics.enabled` to `true` - # Refer - https://www.jfrog.com/confluence/display/JFROG/Open+Metrics - openMetrics: - enabled: false - - # Files to copy to ARTIFACTORY_HOME/ on each Artifactory startup - copyOnEveryStartup: - # # Absolute path - # - source: /artifactory_bootstrap/binarystore.xml - # # Relative to ARTIFACTORY_HOME/ - # target: etc/artifactory/ - # # Absolute path - # - source: /artifactory_bootstrap/artifactory.lic - # # Relative to ARTIFACTORY_HOME/ - # target: etc/artifactory/ - - # Sidecar containers for tailing Artifactory logs - loggers: [] - # - access-audit.log - # - access-request.log - # - access-security-audit.log - # - access-service.log - # - artifactory-access.log - # - artifactory-event.log - # - artifactory-import-export.log - # - artifactory-request.log - # - artifactory-service.log - # - frontend-request.log - # - frontend-service.log - # - metadata-request.log - # - metadata-service.log - # - router-request.log - # - router-service.log - # - router-traefik.log - # - derby.log - - # Loggers containers resources - loggersResources: {} - # requests: - # memory: "10Mi" - # cpu: "10m" - # limits: - # memory: "100Mi" - # cpu: "50m" - - # Sidecar containers for tailing Tomcat (catalina) logs - catalinaLoggers: [] - # - tomcat-catalina.log - # - tomcat-localhost.log - - # Tomcat (catalina) loggers resources - catalinaLoggersResources: {} - # requests: - # memory: "10Mi" - # cpu: "10m" - # limits: - # memory: "100Mi" - # cpu: "50m" - - # Migration support from 6.x to 7.x - migration: - enabled: true - timeoutSeconds: 3600 - ## Extra pre-start command in migration Init Container to install JDBC driver for MySql/MariaDb/Oracle - # preStartCommand: "mkdir -p /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib; cd /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib && wget -O /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib/mysql-connector-java-5.1.41.jar https://jcenter.bintray.com/mysql/mysql-connector-java/5.1.41/mysql-connector-java-5.1.41.jar" - - ## Add custom init containers execution before predefined init containers - customInitContainersBegin: | - # - name: "custom-setup" - # image: "{{ .Values.initContainerImage }}" - # imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" - # command: - # - 'sh' - # - '-c' - # - 'touch {{ .Values.artifactory.persistence.mountPath }}/example-custom-setup' - # volumeMounts: - # - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - # name: artifactory-volume - - ## Add custom init containers execution after predefined init containers - customInitContainers: | - # - name: "custom-systemyaml-setup" - # image: "{{ .Values.initContainerImage }}" - # imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" - # command: - # - 'sh' - # - '-c' - # - 'wget -O {{ .Values.artifactory.persistence.mountPath }}/etc/system.yaml https:///systemyaml' - # volumeMounts: - # - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - # name: artifactory-volume - - ## Add custom sidecar containers - # - The provided example uses a custom volume (customVolumes) - # - The provided example shows running container as root (id 0) - customSidecarContainers: | - # - name: "sidecar-list-etc" - # image: "{{ .Values.initContainerImage }}" - # imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" - # securityContext: - # runAsUser: 0 - # fsGroup: 0 - # command: - # - 'sh' - # - '-c' - # - 'sh /scripts/script.sh' - # volumeMounts: - # - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - # name: artifactory-volume - # - mountPath: "/scripts/script.sh" - # name: custom-script - # subPath: script.sh - # resources: - # requests: - # memory: "32Mi" - # cpu: "50m" - # limits: - # memory: "128Mi" - # cpu: "100m" - - ## Add custom volumes - customVolumes: | - # - name: custom-script - # configMap: - # name: custom-script - - ## Add custom volumesMounts - customVolumeMounts: | - # - name: custom-script - # mountPath: "/scripts/script.sh" - # subPath: script.sh - # - name: posthook-start - # mountPath: "/scripts/posthoook-start.sh" - # subPath: posthoook-start.sh - # - name: prehook-start - # mountPath: "/scripts/prehook-start.sh" - # subPath: prehook-start.sh - - # Add custom persistent volume mounts - Available for the pod - # If skipPrepareContainer is set to true , this will skip the prepare-custom-persistent-volume init container - customPersistentPodVolumeClaim: {} - # name: - # mountPath: - # accessModes: - # - "-" - # size: - # storageClassName: - # skipPrepareContainer: false - - # Add custom persistent volume mounts - Available to the entire namespace - customPersistentVolumeClaim: {} - # name: - # mountPath: - # accessModes: - # - "-" - # size: - # storageClassName: - - ## Artifactory license. - license: - ## licenseKey is the license key in plain text. Use either this or the license.secret setting - licenseKey: - ## If artifactory.license.secret is passed, it will be mounted as - ## ARTIFACTORY_HOME/etc/artifactory.lic and loaded at run time. - secret: - ## The dataKey should be the name of the secret data key created. - dataKey: - - ## Create configMap with artifactory.config.import.xml and security.import.xml and pass name of configMap in following parameter - configMapName: - - # Add any list of configmaps to Artifactory - configMaps: | - # posthook-start.sh: |- - # echo "This is a post start script" - # posthook-end.sh: |- - # echo "This is a post end script" - - ## List of secrets for Artifactory user plugins. - ## One Secret per plugin's files. - userPluginSecrets: - # - archive-old-artifacts - # - build-cleanup - # - webhook - # - '{{ template "my-chart.fullname" . }}' - - ## Artifactory requires a unique master key. - ## You can generate one with the command: "openssl rand -hex 32" - ## An initial one is auto generated by Artifactory on first startup. - # masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF - ## Alternatively, you can use a pre-existing secret with a key called master-key by specifying masterKeySecretName - # masterKeySecretName: - - ## Join Key to connect other services to Artifactory - ## IMPORTANT: Setting this value overrides the existing joinKey - ## IMPORTANT: You should NOT use the example joinKey for a production deployment! - # joinKey: EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE - ## Alternatively, you can use a pre-existing secret with a key called join-key by specifying joinKeySecretName - # joinKeySecretName: - - # Add custom secrets - secret per file - customSecrets: - # - name: custom-secret - # key: custom-secret.yaml - # data: > - # custom_secret_config: - # parameter1: value1 - # parameter2: value2 - # - name: custom-secret2 - # key: custom-secret2.config - # data: | - # here the custom secret 2 config - - ## If false, all service console logs will not redirect to a common console.log - consoleLog: false - - binarystore: - enabled: true - - ## admin allows to set the password for the default admin user. - ## See: https://www.jfrog.com/confluence/display/JFROG/Users+and+Groups#UsersandGroups-RecreatingtheDefaultAdminUserrecreate - admin: - ip: "127.0.0.1" - username: "admin" - password: - secret: - dataKey: - - ## Extra pre-start command to install JDBC driver for MySql/MariaDb/Oracle - # preStartCommand: "mkdir -p /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib; cd /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib && wget -O /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib/mysql-connector-java-5.1.41.jar https://jcenter.bintray.com/mysql/mysql-connector-java/5.1.41/mysql-connector-java-5.1.41.jar" - ## Extra post-start command to run extra commands after container starts - # postStartCommand: - - ## Extra environment variables that can be used to tune Artifactory to your needs. - ## Uncomment and set value as needed - extraEnvironmentVariables: - # - name: SERVER_XML_ARTIFACTORY_PORT - # value: "8081" - # - name: SERVER_XML_ARTIFACTORY_MAX_THREADS - # value: "200" - # - name: SERVER_XML_ACCESS_MAX_THREADS - # value: "50" - # - name: SERVER_XML_ARTIFACTORY_EXTRA_CONFIG - # value: "" - # - name: SERVER_XML_ACCESS_EXTRA_CONFIG - # value: "" - # - name: SERVER_XML_EXTRA_CONNECTOR - # value: "" - # - name: DB_POOL_MAX_ACTIVE - # value: "100" - # - name: DB_POOL_MAX_IDLE - # value: "10" - # - name: MY_SECRET_ENV_VAR - # valueFrom: - # secretKeyRef: - # name: my-secret-name - # key: my-secret-key - - systemYaml: | - shared: - logging: - consoleLog: - enabled: {{ .Values.artifactory.consoleLog }} - extraJavaOpts: > - -Dartifactory.access.client.max.connections={{ .Values.access.tomcat.connector.maxThreads }} - {{- with .Values.artifactory.javaOpts }} - -Dartifactory.async.corePoolSize={{ .corePoolSize }} - {{- if .xms }} - -Xms{{ .xms }} - {{- end }} - {{- if .xmx }} - -Xmx{{ .xmx }} - {{- end }} - {{- if .jmx.enabled }} - -Dcom.sun.management.jmxremote - -Dcom.sun.management.jmxremote.port={{ .jmx.port }} - -Dcom.sun.management.jmxremote.rmi.port={{ .jmx.port }} - -Dcom.sun.management.jmxremote.ssl={{ .jmx.ssl }} - {{- if .jmx.host }} - -Djava.rmi.server.hostname={{ tpl .jmx.host $ }} - {{- else }} - -Djava.rmi.server.hostname={{ template "artifactory.fullname" $ }} - {{- end }} - {{- if .jmx.authenticate }} - -Dcom.sun.management.jmxremote.authenticate=true - -Dcom.sun.management.jmxremote.access.file={{ .jmx.accessFile }} - -Dcom.sun.management.jmxremote.password.file={{ .jmx.passwordFile }} - {{- else }} - -Dcom.sun.management.jmxremote.authenticate=false - {{- end }} - {{- end }} - {{- if .other }} - {{ .other }} - {{- end }} - {{- end }} - {{- if or .Values.database.type .Values.postgresql.enabled }} - database: - {{- if .Values.postgresql.enabled }} - type: postgresql - url: "jdbc:postgresql://{{ .Release.Name }}-postgresql:{{ .Values.postgresql.service.port }}/{{ .Values.postgresql.postgresqlDatabase }}" - driver: org.postgresql.Driver - username: "{{ .Values.postgresql.postgresqlUsername }}" - {{- else }} - type: "{{ .Values.database.type }}" - driver: "{{ .Values.database.driver }}" - {{- end }} - {{- end }} - artifactory: - {{- if .Values.artifactory.openMetrics }} - metrics: - enabled: {{ .Values.artifactory.openMetrics.enabled }} - {{- end }} - database: - maxOpenConnections: {{ .Values.artifactory.database.maxOpenConnections }} - tomcat: - connector: - maxThreads: {{ .Values.artifactory.tomcat.connector.maxThreads }} - extraConfig: {{ .Values.artifactory.tomcat.connector.extraConfig }} - frontend: - session: - timeMinutes: {{ .Values.frontend.session.timeoutMinutes | quote }} - access: - database: - maxOpenConnections: {{ .Values.access.database.maxOpenConnections }} - tomcat: - connector: - maxThreads: {{ .Values.access.tomcat.connector.maxThreads }} - extraConfig: {{ .Values.access.tomcat.connector.extraConfig }} - metadata: - database: - maxOpenConnections: {{ .Values.metadata.database.maxOpenConnections }} - {{- if .Values.artifactory.replicator.enabled }} - replicator: - enabled: true - {{- end }} - - annotations: {} - - service: - name: artifactory - type: ClusterIP - ## For supporting whitelist on the Artifactory service (useful if setting service.type=LoadBalancer) - ## Set this to a list of IP CIDR ranges - ## Example: loadBalancerSourceRanges: ['10.10.10.5/32', '10.11.10.5/32'] - ## or pass from helm command line - ## Example: helm install ... --set nginx.service.loadBalancerSourceRanges='{10.10.10.5/32,10.11.10.5/32}' - loadBalancerSourceRanges: [] - annotations: {} - - ## The following setting are to configure a dedicated Ingress object for Replicator service - replicator: - enabled: false - ingress: - name: - hosts: [] - annotations: {} - # kubernetes.io/ingress.class: nginx - # nginx.ingress.kubernetes.io/proxy-buffering: "off" - # nginx.ingress.kubernetes.io/configuration-snippet: | - # chunked_transfer_encoding on; - tls: [] - # Secrets must be manually created in the namespace. - # - hosts: - # - artifactory.domain.example - # secretName: chart-example-tls-secret - - ## IMPORTANT: If overriding artifactory.internalPort: - ## DO NOT use port lower than 1024 as Artifactory runs as non-root and cannot bind to ports lower than 1024! - externalPort: 8082 - internalPort: 8082 - externalArtifactoryPort: 8081 - internalArtifactoryPort: 8081 - uid: 1030 - gid: 1030 - terminationGracePeriodSeconds: 30 - - ## By default, the Artifactory StatefulSet is created with a securityContext that sets the `runAsUser` and the `fsGroup` to the `artifactory.uid` value. - ## If you want to disable the securityContext for the Artifactory StatefulSet, set this tag to false - setSecurityContext: true - - ## The following settings are to configure the frequency of the liveness and readiness probes - livenessProbe: - enabled: true - path: /router/api/v1/system/health - initialDelaySeconds: 180 - failureThreshold: 10 - timeoutSeconds: 10 - periodSeconds: 10 - successThreshold: 1 - - readinessProbe: - enabled: true - path: /router/api/v1/system/health - initialDelaySeconds: 90 - failureThreshold: 10 - timeoutSeconds: 10 - periodSeconds: 10 - successThreshold: 1 - - persistence: - mountPath: "/var/opt/jfrog/artifactory" - enabled: true - ## A manually managed Persistent Volume and Claim - ## Requires persistence.enabled: true - ## If defined, PVC must be created manually before volume will be bound - # existingClaim: - - accessMode: ReadWriteOnce - ## Storage default size. Should be increased for production deployments. - size: 20Gi - - ## Use a custom Secret to be mounted as your binarystore.xml - ## NOTE: This will ignore all settings below that make up binarystore.xml - customBinarystoreXmlSecret: - ## Cache default size. Should be increased for production deployments. - maxCacheSize: 5000000000 - cacheProviderDir: cache - - ## Set the persistence storage type. This will apply the matching binarystore.xml to Artifactory config - ## Supported types are: - ## file-system (default) - ## nfs - ## google-storage - ## aws-s3 - ## aws-s3-v3 - ## azure-blob - type: file-system - - ## Use binarystoreXml to provide a custom binarystore.xml - ## This can be a template or hardcoded. - binarystoreXml: | - {{- if eq .Values.artifactory.persistence.type "file-system" -}} - - - - {{- if .Values.artifactory.persistence.fileSystem.cache.enabled }} - - {{- end }} - - {{- if .Values.artifactory.persistence.fileSystem.cache.enabled }} - - {{- end }} - - - {{- if .Values.artifactory.persistence.fileSystem.cache.enabled }} - - {{ .Values.artifactory.persistence.maxCacheSize }} - {{ .Values.artifactory.persistence.cacheProviderDir }} - - {{- end }} - - {{- end }} - {{- if eq .Values.artifactory.persistence.type "google-storage" }} - - - - - - - - - - - - - - - {{ .Values.artifactory.persistence.maxCacheSize }} - {{ .Values.artifactory.persistence.cacheProviderDir }} - - - - {{ .Values.artifactory.persistence.mountPath }}/data/filestore - /tmp - - - - google-cloud-storage - {{ .Values.artifactory.persistence.googleStorage.endpoint }} - {{ .Values.artifactory.persistence.googleStorage.httpsOnly }} - {{ .Values.artifactory.persistence.googleStorage.bucketName }} - {{ .Values.artifactory.persistence.googleStorage.identity }} - {{ .Values.artifactory.persistence.googleStorage.credential }} - {{ .Values.artifactory.persistence.googleStorage.path }} - {{ .Values.artifactory.persistence.googleStorage.bucketExists }} - - - {{- end }} - {{- if eq .Values.artifactory.persistence.type "aws-s3-v3" }} - - - - - - - - - - - - - - - {{ .Values.artifactory.persistence.maxCacheSize }} - {{ .Values.artifactory.persistence.cacheProviderDir }} - - - {{- with .Values.artifactory.persistence.awsS3V3 }} - - {{ .testConnection }} - {{- if .identity }} - {{ .identity }} - {{- end }} - {{- if .credential }} - {{ .credential }} - {{- end }} - {{ .region }} - {{ .bucketName }} - {{ .path }} - {{ .endpoint }} - {{- with .maxConnections }} - {{ . }} - {{- end }} - {{- with .kmsServerSideEncryptionKeyId }} - {{ . }} - {{- end }} - {{- with .kmsKeyRegion }} - {{ . }} - {{- end }} - {{- with .kmsCryptoMode }} - {{ . }} - {{- end }} - {{- if .useInstanceCredentials }} - true - {{- else }} - false - {{- end }} - {{ .usePresigning }} - {{ .signatureExpirySeconds }} - {{- with .cloudFrontDomainName }} - {{ . }} - {{- end }} - {{- with .cloudFrontKeyPairId }} - {{ .cloudFrontKeyPairId }} - {{- end }} - {{- with .cloudFrontPrivateKey }} - {{ . }} - {{- end }} - {{- with .enableSignedUrlRedirect }} - {{ . }} - {{- end }} - {{- with .enablePathStyleAccess }} - {{ . }} - {{- end }} - - {{- end }} - - {{- end }} - - {{- if eq .Values.artifactory.persistence.type "aws-s3" }} - - - - - - - - - - - - - - - {{ .Values.artifactory.persistence.maxCacheSize }} - {{ .Values.artifactory.persistence.cacheProviderDir }} - - - - {{ .Values.artifactory.persistence.awsS3.endpoint }} - {{- if .Values.artifactory.persistence.awsS3.roleName }} - {{ .Values.artifactory.persistence.awsS3.roleName }} - true - {{- else }} - {{ .Values.artifactory.persistence.awsS3.refreshCredentials }} - {{- end }} - {{ .Values.artifactory.persistence.awsS3.s3AwsVersion }} - {{ .Values.artifactory.persistence.awsS3.testConnection }} - {{ .Values.artifactory.persistence.awsS3.httpsOnly }} - {{ .Values.artifactory.persistence.awsS3.region }} - {{ .Values.artifactory.persistence.awsS3.bucketName }} - {{- if .Values.artifactory.persistence.awsS3.identity }} - {{ .Values.artifactory.persistence.awsS3.identity }} - {{- end }} - {{- if .Values.artifactory.persistence.awsS3.credential }} - {{ .Values.artifactory.persistence.awsS3.credential }} - {{- end }} - {{ .Values.artifactory.persistence.awsS3.path }} - {{- range $key, $value := .Values.artifactory.persistence.awsS3.properties }} - - {{- end }} - - - {{- end }} - {{- if eq .Values.artifactory.persistence.type "azure-blob" }} - - - - - - - - - - - - - - - {{ .Values.artifactory.persistence.maxCacheSize }} - {{ .Values.artifactory.persistence.cacheProviderDir }} - - - - {{ .Values.artifactory.persistence.azureBlob.accountName }} - {{ .Values.artifactory.persistence.azureBlob.accountKey }} - {{ .Values.artifactory.persistence.azureBlob.endpoint }} - {{ .Values.artifactory.persistence.azureBlob.containerName }} - {{ .Values.artifactory.persistence.azureBlob.testConnection }} - - - {{- end }} - - ## For artifactory.persistence.type nfs - ## If using NFS as the shared storage, you must have a running NFS server that is accessible by your Kubernetes - ## cluster nodes. - ## Need to have the following set - nfs: - # Must pass actual IP of NFS server with '--set For artifactory.persistence.nfs.ip=${NFS_IP}' - ip: - haDataMount: "/data" - haBackupMount: "/backup" - dataDir: "/var/opt/jfrog/artifactory" - backupDir: "/var/opt/jfrog/artifactory-backup" - capacity: 200Gi - - ## For artifactory.persistence.type file-system - fileSystem: - cache: - enabled: false - - ## For artifactory.persistence.type google-storage - googleStorage: - endpoint: commondatastorage.googleapis.com - httpsOnly: false - # Set a unique bucket name - bucketName: "artifactory-gcp" - identity: - credential: - path: "artifactory/filestore" - bucketExists: false - - ## For artifactory.persistence.type aws-s3-v3 - awsS3V3: - testConnection: false - identity: - credential: - region: - bucketName: artifactory-aws - path: artifactory/filestore - endpoint: - maxConnections: 50 - kmsServerSideEncryptionKeyId: - kmsKeyRegion: - kmsCryptoMode: - useInstanceCredentials: true - usePresigning: false - signatureExpirySeconds: 300 - cloudFrontDomainName: - cloudFrontKeyPairId: - cloudFrontPrivateKey: - enableSignedUrlRedirect: false - enablePathStyleAccess: false - - ## For artifactory.persistence.type aws-s3 - ## IMPORTANT: Make sure S3 `endpoint` and `region` match! See https://docs.aws.amazon.com/general/latest/gr/rande.html - awsS3: - # Set a unique bucket name - bucketName: "artifactory-aws" - endpoint: - region: - roleName: - identity: - credential: - path: "artifactory/filestore" - refreshCredentials: true - httpsOnly: true - testConnection: false - s3AwsVersion: AWS4-HMAC-SHA256 - ## Additional properties to set on the s3 provider - properties: {} - # httpclient.max-connections: 100 - ## For artifactory.persistence.type azure-blob - azureBlob: - accountName: - accountKey: - endpoint: - containerName: - testConnection: false - ## artifactory data Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - # storageClassName: "-" - ## Annotations for the Persistent Volume Claim - annotations: {} - ## Uncomment the following resources definitions or pass them from command line - ## to control the cpu and memory resources allocated by the Kubernetes cluster - resources: {} - # requests: - # memory: "1Gi" - # cpu: "500m" - # limits: - # memory: "2Gi" - # cpu: "1" - ## The following Java options are passed to the java process running Artifactory. - ## You should set them according to the resources set above - javaOpts: - # xms: "1g" - # xmx: "2g" - jmx: - enabled: false - port: 9010 - host: - ssl: false - # When authenticate is true, accessFile and passwordFile are required - authenticate: false - accessFile: - passwordFile: - corePoolSize: 8 - # other: "" - - nodeSelector: {} - - tolerations: [] - - affinity: {} - - ssh: - enabled: false - internalPort: 1339 - externalPort: 1339 - -frontend: - ## Session settings - session: - ## Time in minutes after which the frontend token will need to be refreshed - timeoutMinutes: '30' - -access: - ## Enable TLS by changing the tls entry (under the security section) in the access.config.yaml file. - ## ref: https://www.jfrog.com/confluence/display/JFROG/Managing+TLS+Certificates#ManagingTLSCertificates - ## When security.tls is set to true, JFrog Access will act as the Certificate Authority (CA) and sign the TLS certificates used by all the different JFrog Platform nodes. - ## This ensures that the node to node communication is done over TLS. - accessConfig: - security: - tls: false - - ## You can use a pre-existing secret by specifying customCertificatesSecretName - ## Example : Create a tls secret using `kubectl create secret tls --cert=ca.crt --key=ca.private.key` - # customCertificatesSecretName: - - ## When resetAccessCAKeys is true, Access will regenerate the CA certificate and matching private key - # resetAccessCAKeys: false - database: - maxOpenConnections: 80 - tomcat: - connector: - maxThreads: 50 - extraConfig: 'acceptCount="100"' - -metadata: - database: - maxOpenConnections: 80 - -# Nginx -nginx: - enabled: true - kind: Deployment - name: nginx - labels: {} - replicaCount: 1 - uid: 104 - gid: 107 - # Note that by default we use appVersion to get image tag/version - image: - registry: docker.bintray.io - repository: jfrog/nginx-artifactory-pro - # tag: - pullPolicy: IfNotPresent - - # Priority Class name to be used in deployment if provided - priorityClassName: - - # Sidecar containers for tailing Nginx logs - loggers: [] - # - access.log - # - error.log - - # Loggers containers resources - loggersResources: {} - # requests: - # memory: "64Mi" - # cpu: "25m" - # limits: - # memory: "128Mi" - # cpu: "50m" - - # Logs options - logs: - stderr: false - level: warn - - mainConf: | - # Main Nginx configuration file - worker_processes 4; - - {{ if .Values.nginx.logs.stderr }} - error_log stderr {{ .Values.nginx.logs.level }}; - {{- else -}} - error_log {{ .Values.nginx.persistence.mountPath }}/logs/error.log {{ .Values.nginx.logs.level }}; - {{- end }} - pid /tmp/nginx.pid; - - {{- if .Values.artifactory.ssh.enabled }} - ## SSH Server Configuration - stream { - server { - listen {{ .Values.nginx.ssh.internalPort }}; - proxy_pass {{ include "artifactory.fullname" . }}:{{ .Values.artifactory.ssh.externalPort }}; - } - } - {{- end }} - - events { - worker_connections 1024; - } - - - http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - - variables_hash_max_size 1024; - variables_hash_bucket_size 64; - server_names_hash_max_size 4096; - server_names_hash_bucket_size 128; - types_hash_max_size 2048; - types_hash_bucket_size 64; - proxy_read_timeout 2400s; - client_header_timeout 2400s; - client_body_timeout 2400s; - proxy_connect_timeout 75s; - proxy_send_timeout 2400s; - proxy_buffer_size 128k; - proxy_buffers 40 128k; - proxy_busy_buffers_size 128k; - proxy_temp_file_write_size 250m; - proxy_http_version 1.1; - client_body_buffer_size 128k; - - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - log_format timing 'ip = $remote_addr ' - 'user = \"$remote_user\" ' - 'local_time = \"$time_local\" ' - 'host = $host ' - 'request = \"$request\" ' - 'status = $status ' - 'bytes = $body_bytes_sent ' - 'upstream = \"$upstream_addr\" ' - 'upstream_time = $upstream_response_time ' - 'request_time = $request_time ' - 'referer = \"$http_referer\" ' - 'UA = \"$http_user_agent\"'; - - access_log {{ .Values.nginx.persistence.mountPath }}/logs/access.log timing; - - sendfile on; - #tcp_nopush on; - - keepalive_timeout 65; - - #gzip on; - - include /etc/nginx/conf.d/*.conf; - - } - - - artifactoryConf: | - {{- if .Values.nginx.https.enabled }} - ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; - ssl_certificate {{ .Values.nginx.persistence.mountPath }}/ssl/tls.crt; - ssl_certificate_key {{ .Values.nginx.persistence.mountPath }}/ssl/tls.key; - ssl_session_cache shared:SSL:1m; - ssl_prefer_server_ciphers on; - {{- end }} - ## server configuration - server { - {{- if .Values.nginx.internalPortHttps }} - listen {{ .Values.nginx.internalPortHttps }} ssl; - {{- else -}} - {{- if .Values.nginx.https.enabled }} - listen {{ .Values.nginx.https.internalPort }} ssl; - {{- end }} - {{- end }} - {{- if .Values.nginx.internalPortHttp }} - listen {{ .Values.nginx.internalPortHttp }}; - {{- else -}} - {{- if .Values.nginx.http.enabled }} - listen {{ .Values.nginx.http.internalPort }}; - {{- end }} - {{- end }} - server_name ~(?.+)\.{{ include "artifactory.fullname" . }} {{ include "artifactory.fullname" . }} - {{- range .Values.ingress.hosts -}} - {{- if contains "." . -}} - {{ "" | indent 0 }} ~(?.+)\.{{ . }} - {{- end -}} - {{- end -}}; - - if ($http_x_forwarded_proto = '') { - set $http_x_forwarded_proto $scheme; - } - ## Application specific logs - ## access_log /var/log/nginx/artifactory-access.log timing; - ## error_log /var/log/nginx/artifactory-error.log; - rewrite ^/artifactory/?$ / redirect; - if ( $repo != "" ) { - rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/$repo/$1/$2 break; - } - chunked_transfer_encoding on; - client_max_body_size 0; - - location / { - proxy_read_timeout 900; - proxy_pass_header Server; - proxy_cookie_path ~*^/.* /; - proxy_pass {{ include "artifactory.scheme" . }}://{{ include "artifactory.fullname" . }}:{{ .Values.artifactory.externalPort }}/; - {{- if .Values.nginx.service.ssloffload}} - proxy_set_header X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host; - {{- else }} - proxy_set_header X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host:$server_port; - proxy_set_header X-Forwarded-Port $server_port; - {{- end }} - proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - location /artifactory/ { - if ( $request_uri ~ ^/artifactory/(.*)$ ) { - proxy_pass {{ include "artifactory.scheme" . }}://{{ include "artifactory.fullname" . }}:{{ .Values.artifactory.externalArtifactoryPort }}/artifactory/$1; - } - proxy_pass {{ include "artifactory.scheme" . }}://{{ include "artifactory.fullname" . }}:{{ .Values.artifactory.externalArtifactoryPort }}/artifactory/; - } - } - } - - service: - ## For minikube, set this to NodePort, elsewhere use LoadBalancer - type: LoadBalancer - ssloffload: false - ## For supporting whitelist on the Nginx LoadBalancer service - ## Set this to a list of IP CIDR ranges - ## Example: loadBalancerSourceRanges: ['10.10.10.5/32', '10.11.10.5/32'] - ## or pass from helm command line - ## Example: helm install ... --set nginx.service.loadBalancerSourceRanges='{10.10.10.5/32,10.11.10.5/32}' - loadBalancerSourceRanges: [] - annotations: {} - ## Provide static ip address - loadBalancerIP: - ## There are two available options: “Cluster” (default) and “Local”. - externalTrafficPolicy: Cluster - - http: - enabled: true - externalPort: 80 - internalPort: 80 - https: - enabled: true - externalPort: 443 - internalPort: 443 - - ssh: - internalPort: 1339 - externalPort: 1339 - - # DEPRECATED: The following will be removed in a future release - # externalPortHttp: 80 - # internalPortHttp: 80 - # externalPortHttps: 443 - # internalPortHttps: 443 - - ## The following settings are to configure the frequency of the liveness and readiness probes - livenessProbe: - enabled: true - path: /router/api/v1/system/health - initialDelaySeconds: 180 - failureThreshold: 10 - timeoutSeconds: 10 - periodSeconds: 10 - successThreshold: 1 - - readinessProbe: - enabled: true - path: /router/api/v1/system/health - initialDelaySeconds: 120 - failureThreshold: 10 - timeoutSeconds: 10 - periodSeconds: 10 - successThreshold: 1 - - ## The SSL secret that will be used by the Nginx pod - # tlsSecretName: chart-example-tls - ## Custom ConfigMap for nginx.conf - customConfigMap: - ## Custom ConfigMap for artifactory-ha.conf - customArtifactoryConfigMap: - persistence: - mountPath: "/var/opt/jfrog/nginx" - enabled: false - ## A manually managed Persistent Volume and Claim - ## Requires persistence.enabled: true - ## If defined, PVC must be created manually before volume will be bound - # existingClaim: - - accessMode: ReadWriteOnce - size: 5Gi - ## nginx data Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - # storageClassName: "-" - resources: {} - # requests: - # memory: "250Mi" - # cpu: "100m" - # limits: - # memory: "250Mi" - # cpu: "500m" - nodeSelector: {} - - tolerations: [] - - affinity: {} - -## Database configurations -## Use the wait-for-db init container. Set to false to skip -waitForDatabase: true - -## Configuration values for the PostgreSQL dependency sub-chart -## ref: https://github.com/bitnami/charts/blob/master/bitnami/postgresql/README.md -postgresql: - enabled: true - image: - registry: docker.bintray.io - repository: bitnami/postgresql - tag: 12.5.0-debian-10-r25 - postgresqlUsername: artifactory - postgresqlPassword: "" - postgresqlDatabase: artifactory - postgresqlExtendedConf: - listenAddresses: "'*'" - maxConnections: "1500" - persistence: - enabled: true - size: 50Gi - service: - port: 5432 - master: - nodeSelector: {} - affinity: {} - tolerations: [] - slave: - nodeSelector: {} - affinity: {} - tolerations: [] - resources: {} - # requests: - # memory: "512Mi" - # cpu: "100m" - # limits: - # memory: "1Gi" - # cpu: "500m" - -## If NOT using the PostgreSQL in this chart (postgresql.enabled=false), -## specify custom database details here or leave empty and Artifactory will use embedded derby -database: - type: - driver: - ## If you set the url, leave host and port empty - url: - ## If you would like this chart to create the secret containing the db - ## password, use these values - user: - password: - ## If you have existing Kubernetes secrets containing db credentials, use - ## these values - secrets: {} - # user: - # name: "rds-artifactory" - # key: "db-user" - # password: - # name: "rds-artifactory" - # key: "db-password" - # url: - # name: "rds-artifactory" - # key: "db-url" - -# Filebeat Sidecar container -## The provided filebeat configuration is for Artifactory logs. It assumes you have a logstash installed and configured properly. -filebeat: - enabled: false - name: artifactory-filebeat - image: - repository: "docker.elastic.co/beats/filebeat" - version: 7.9.2 - logstashUrl: "logstash:5044" - - livenessProbe: - exec: - command: - - sh - - -c - - | - #!/usr/bin/env bash -e - curl --fail 127.0.0.1:5066 - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 5 - - readinessProbe: - exec: - command: - - sh - - -c - - | - #!/usr/bin/env bash -e - filebeat test output - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 5 - - resources: {} -# requests: -# memory: "100Mi" -# cpu: "100m" -# limits: -# memory: "100Mi" -# cpu: "100m" - - filebeatYml: | - logging.level: info - path.data: {{ .Values.artifactory.persistence.mountPath }}/log/filebeat - name: artifactory-filebeat - queue.spool: ~ - filebeat.inputs: - - type: log - enabled: true - close_eof: ${CLOSE:false} - paths: - - {{ .Values.artifactory.persistence.mountPath }}/log/*.log - fields: - service: "jfrt" - log_type: "artifactory" - output: - logstash: - hosts: ["{{ .Values.filebeat.logstashUrl }}"] - -## Allows to add additional kubernetes resources -## Use --- as a separator between multiple resources -## For an example, refer - https://github.com/jfrog/log-analytics-prometheus/blob/master/artifactory-values.yaml -additionalResources: | diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/ci/default-values.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/ci/default-values.yaml deleted file mode 100755 index 86355d3b3..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/ci/default-values.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# Leave this file empty to ensure that CI runs builds against the default configuration in values.yaml. -artifactory: - databaseUpgradeReady: true - - # To Fix ct tool --reuse-values - PASSWORDS ERROR: you must provide your current passwords when upgrade the release - postgresql: - postgresqlPassword: password diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/logo/jcr-logo.png b/charts/artifactory-jcr/artifactory-jcr/3.4.000/logo/jcr-logo.png deleted file mode 100755 index e0ed038ca059f73c179a39841d3be9871075b3a3..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 3135 zcmZ`)c{r478-EMg5|gd$S;7$wLYet283r@&7+bOw6-rXJK^@9ch%DiVY>8uE3$s{C zNXv*29ZFd$$J!{A^?TmYxvua0@m<$5&vHNaZ@KUHxvsfMCgBD6B={f*60k7G*?^S> ze$6}_VAhkvn}LP%tTAj1LA6QzYp1xtS?-Lv4Gck7_CrwkbqHDkq3}rvqM#vY$_;|_ zGayLZH=ALNg`n+SWTKrZNFXstFdZf`h%lW%q9Zem%wWL(Y=|(pWf0jpFvtNA@*}bh z4NqbaNHq2>ok(O4fFji*gaC^~*eHtz3p@>vT+xsqxMGtKJek`6D-j+ZPHbjN(+DK$ zFA|VIrjkjG;D{JQfHbg2?2(#CfEn@3AlR4L!;D{sNi+i72wOKFBHK1FWAw;~#IOVmFbxI+vG)%Tp$Rku5d~F1n-Bq@z#ahUL`04qw|{C6ngI4B z2GNXe1~!0jD+kB{doU;&fgs*~MUWDZh2Io0(w$$ew+*1p#$!89)jIJfINEdQ12byhTE!A`Z#GDqyCvo5Qw> zXd$lxNFzP5rdxxqf+O1oJB~DJ>&?KH3`@3cn9zujgKmIKs|KsB=CDcFwIEK2KoQKq zD)`C-c3oRSfO%_JH3BwEm3yJZ!SBblHI;0mZSknc#MBky5zbJK&zV+}m$ z*+3hTEhKT&{dyszYxL`njhT-x>N3MILVN8K9(`(zwh$nX^ro6|?><9YStxhms$X5a zzg==NSfk+kZ8^=FwS2{r6!BegS9Uo5J!mW=?D`FdDr3@%GLmzPc@9O`syW2YzLq~d zue9yJ#o9TJDHC4OdJz9Z&XbStioQB{?`M@%e_E^HyZGlFZzilfS#5j`5A1x?eOkG zs(bGA{TB9i=)_pomm^DmDgWoQbu|TcRyWWw+;4gFCEow)z}ZqQ)5dSIC{Xye(*!(j zuAADc2M*kU7O*MzIKK$5jPA!91=%1HWPvlb3mKZtS$7pNmFg5XAH~_}8)+U?6eb*b zJ%QcTDnx$0fJ$M;)YwL(35nk5f6?Bq_2BD1TLQ1BaBApdTQwb>K4y%Hj_hP>uJ>ll zTzV))8xu?oUdcgpMUvN~zS zonig+Lwnmo=M>Fjo--G!gO_}He7F_NR;)3_vS|%b6V@9GGV6N^sp}U%`aL?Aw0GLk z<0FkFy#Mpi^WWulNygPLa&R9ohRn(*zAsZ#^PU{KQb^2{z;w-C?8_^fJ<-!jnbm$O zh8_3EPct1K!d1)aw~EV7^!IsmbqMFFFVwAO(@k7tWR$wCziZ@tDI2&Nt#t$SO`K-q zI>|DeQ~MPEOy{nDGb89=Rf*yktkvH_Cmy67&(Y|emTWHZn0PtIf6#_?^`@P}C;vPR z*&~-n3+wKvW~4T&8{|D*aQM;L)D%bVdf{NF=;UB8Ebs7$Z~BC#zQ#AL{u{eO5`-8# zzQ41<(aL`dJwd6ckM_N~ccK9xm z^=r&jomKefX`K5RgIBOe{0uUvIp&!^qg&)!C0XyT)00Oczcw&Kg>e-XQOe;TB3cx* zxkH3>vQ((ls4m)%^vW{r&hgB9>#G{`WA#nNx_*apX$jF(xA%3>pVL8{HMm1E zcUg0uY=})XAtyEe%*}rt1vE8 zZroX6Es9U-YD*po?0BtU7%lB5DSxp*Blk>@oB+3Zitg}9ES#bnRXAJOyMz)Po5V*J z^mkBt1(~Fyq|Lg&O4Ze6+JoiCYR=4*#3|(IBt=~56Wx64xF#IkZb%WEZ%;nF;CWim zWK938Up)TKV-!9*R7qPgFsIMHc5Vbup~CGuRK5EK+7If z(mnZITq!5}xm7XUw`k#s7Mm&3EJt%kQOuavxl?@FW0RPDwaS<=+uKK_-?^iP#@_Zc zH#1}T#gluhAGdH=i@U~%=|$)q@rmp)_O%~6D4s8J!Of>(z##4>zJrR^+U_h=;a76G zXy9lZJvL4<0K5Rp0i}MaAAOvrd^OsiO~IS7iSD{v>FH4vk({9OlkdECPekp-$ILt4 zK80zap;~$$AsoZyX?sHBWWTL<8yQnaB=9AHRX$p3Tu&p0KzTSAJTvDiufHon^~X2*w>#XS8R+m}vX z-e74?1$0SH&%g}Hf&Jt0&TN1+m z#AQL=x^%XwN#VSU2@^HlQarBCV1U%m;C7nHI0 zHT_K@^NYVGtw-+4NMuc8`D6;gFoaw;q=}*LxYS!#)rH(vWy{DEF+V>E2y2ZKJ-2rT)DP9&n3z#p(CK0JXYTTKvnH z3l=>(=8_%Ht+J`ix(3}d`Z=)Hlc^5=l$8Qaj|aM+3iQxFf=KlitTyppFy!`(Gr!<~@2LQ;zl!U7~>K6H5h0(N~ diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/questions.yml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/questions.yml deleted file mode 100755 index 9cde42870..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/questions.yml +++ /dev/null @@ -1,271 +0,0 @@ -questions: -# Advance Settings -- variable: artifactory.artifactory.masterKey - default: "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" - description: "Artifactory master key. For security reasons, we strongly recommend you generate your own master key using this command: 'openssl rand -hex 32'" - type: string - label: Artifactory master key - group: "Security Settings" - -# Container Images -- variable: defaultImage - default: true - description: "Use default Docker image" - label: Use Default Image - type: boolean - show_subquestion_if: false - group: "Container Images" - subquestions: - - variable: artifactory.artifactory.image.repository - default: "docker.bintray.io/jfrog/artifactory-jcr" - description: "JFrog Container Registry image name" - type: string - label: JFrog Container Registry Image Name - - variable: artifactory.artifactory.image.version - default: "7.6.3" - description: "JFrog Container Registry image tag" - type: string - label: JFrog Container Registry Image Tag - - variable: artifactory.imagePullSecrets - description: "Image Pull Secret" - type: string - label: Image Pull Secret - -# Services and LoadBalancing Settings -- variable: artifactory.ingress.enabled - default: false - description: "Expose app using Layer 7 Load Balancer - ingress" - type: boolean - label: Expose app using Layer 7 Load Balancer - show_subquestion_if: true - group: "Services and Load Balancing" - required: true - subquestions: - - variable: artifactory.ingress.hosts[0] - default: "xip.io" - description: "Hostname to your artifactory installation" - type: hostname - required: true - label: Hostname - -# Nginx Settings -- variable: artifactory.nginx.enabled - default: true - description: "Enable nginx server" - type: boolean - label: Enable Nginx Server - group: "Services and Load Balancing" - required: true - show_if: "artifactory.ingress.enabled=false" -- variable: artifactory.nginx.service.type - default: "LoadBalancer" - description: "Nginx service type" - type: enum - required: true - label: Nginx Service Type - show_if: "artifactory.nginx.enabled=true&&artifactory.ingress.enabled=false" - group: "Services and Load Balancing" - options: - - "ClusterIP" - - "NodePort" - - "LoadBalancer" -- variable: artifactory.nginx.service.loadBalancerIP - default: "" - description: "Provide Static IP to configure with Nginx" - type: string - label: Config Nginx LoadBalancer IP - show_if: "artifactory.nginx.enabled=true&&artifactory.nginx.service.type=LoadBalancer&&artifactory.ingress.enabled=false" - group: "Services and Load Balancing" -- variable: artifactory.nginx.tlsSecretName - default: "" - description: "Provide SSL Secret name to configure with Nginx" - type: string - label: Config Nginx SSL Secret - show_if: "artifactory.nginx.enabled=true&&artifactory.ingress.enabled=false" - group: "Services and Load Balancing" -- variable: artifactory.nginx.customArtifactoryConfigMap - default: "" - description: "Provide configMap name to configure Nginx with custom `artifactory.conf`" - type: string - label: ConfigMap for Nginx Artifactory Config - show_if: "artifactory.nginx.enabled=true&&artifactory.ingress.enabled=false" - group: "Services and Load Balancing" - -# Database Settings -- variable: artifactory.postgresql.enabled - default: true - description: "Enable PostgreSQL" - type: boolean - required: true - label: Enable PostgreSQL - group: "Database Settings" - show_subquestion_if: true - subquestions: - - variable: artifactory.postgresql.postgresqlPassword - default: "" - description: "PostgreSQL password" - type: password - required: true - label: PostgreSQL Password - group: "Database Settings" - show_if: "artifactory.postgresql.enabled=true" - - variable: artifactory.postgresql.persistence.size - default: 20Gi - description: "PostgreSQL persistent volume size" - type: string - label: PostgreSQL Persistent Volume Size - show_if: "artifactory.postgresql.enabled=true" - - variable: artifactory.postgresql.persistence.storageClass - default: "" - description: "If undefined or null, uses the default StorageClass. Default to null" - type: storageclass - label: Default StorageClass for PostgreSQL - show_if: "artifactory.postgresql.enabled=true" - - variable: artifactory.postgresql.resources.requests.cpu - default: "200m" - description: "PostgreSQL initial cpu request" - type: string - label: PostgreSQL Initial CPU Request - show_if: "artifactory.postgresql.enabled=true" - - variable: artifactory.postgresql.resources.requests.memory - default: "500Mi" - description: "PostgreSQL initial memory request" - type: string - label: PostgreSQL Initial Memory Request - show_if: "artifactory.postgresql.enabled=true" - - variable: artifactory.postgresql.resources.limits.cpu - default: "1" - description: "PostgreSQL cpu limit" - type: string - label: PostgreSQL CPU Limit - show_if: "artifactory.postgresql.enabled=true" - - variable: artifactory.postgresql.resources.limits.memory - default: "1Gi" - description: "PostgreSQL memory limit" - type: string - label: PostgreSQL Memory Limit - show_if: "artifactory.postgresql.enabled=true" -- variable: artifactory.database.type - default: "postgresql" - description: "xternal database type (postgresql, mysql, oracle or mssql)" - type: enum - required: true - label: External Database Type - group: "Database Settings" - show_if: "artifactory.postgresql.enabled=false" - options: - - "postgresql" - - "mysql" - - "oracle" - - "mssql" -- variable: artifactory.database.url - default: "" - description: "External database URL. If you set the url, leave host and port empty" - type: string - label: External Database URL - group: "Database Settings" - show_if: "artifactory.postgresql.enabled=false" -- variable: artifactory.database.host - default: "" - description: "External database hostname" - type: string - label: External Database Hostname - group: "Database Settings" - show_if: "artifactory.postgresql.enabled=false" -- variable: artifactory.database.port - default: "" - description: "External database port" - type: string - label: External Database Port - group: "Database Settings" - show_if: "artifactory.postgresql.enabled=false" -- variable: artifactory.database.user - default: "" - description: "External database username" - type: string - label: External Database Username - group: "Database Settings" - show_if: "artifactory.postgresql.enabled=false" -- variable: artifactory.database.password - default: "" - description: "External database password" - type: password - label: External Database Password - group: "Database Settings" - show_if: "artifactory.postgresql.enabled=false" - -# Advance Settings -- variable: artifactory.advancedOptions - default: false - description: "Show advanced configurations" - label: Show Advanced Configurations - type: boolean - show_subquestion_if: true - group: "Advanced Options" - subquestions: - - variable: artifactory.artifactory.primary.resources.requests.cpu - default: "500m" - description: "Artifactory primary node initial cpu request" - type: string - label: Artifactory Primary Node Initial CPU Request - - variable: artifactory.artifactory.primary.resources.requests.memory - default: "1Gi" - description: "Artifactory primary node initial memory request" - type: string - label: Artifactory Primary Node Initial Memory Request - - variable: artifactory.artifactory.primary.javaOpts.xms - default: "1g" - description: "Artifactory primary node java Xms size" - type: string - label: Artifactory Primary Node Java Xms Size - - variable: artifactory.artifactory.primary.resources.limits.cpu - default: "2" - description: "Artifactory primary node cpu limit" - type: string - label: Artifactory Primary Node CPU Limit - - variable: artifactory.artifactory.primary.resources.limits.memory - default: "4Gi" - description: "Artifactory primary node memory limit" - type: string - label: Artifactory Primary Node Memory Limit - - variable: artifactory.artifactory.primary.javaOpts.xmx - default: "4g" - description: "Artifactory primary node java Xmx size" - type: string - label: Artifactory Primary Node Java Xmx Size - - variable: artifactory.artifactory.node.resources.requests.cpu - default: "500m" - description: "Artifactory member node initial cpu request" - type: string - label: Artifactory Member Node Initial CPU Request - - variable: artifactory.artifactory.node.resources.requests.memory - default: "2Gi" - description: "Artifactory member node initial memory request" - type: string - label: Artifactory Member Node Initial Memory Request - - variable: artifactory.artifactory.node.javaOpts.xms - default: "1g" - description: "Artifactory member node java Xms size" - type: string - label: Artifactory Member Node Java Xms Size - - variable: artifactory.artifactory.node.resources.limits.cpu - default: "2" - description: "Artifactory member node cpu limit" - type: string - label: Artifactory Member Node CPU Limit - - variable: artifactory.artifactory.node.resources.limits.memory - default: "4Gi" - description: "Artifactory member node memory limit" - type: string - label: Artifactory Member Node Memory Limit - - variable: artifactory.artifactory.node.javaOpts.xmx - default: "4g" - description: "Artifactory member node java Xmx size" - type: string - label: Artifactory Member Node Java Xmx Size - -# Internal Settings -- variable: installerInfo - default: '\{\"productId\": \"RancherHelm_artifactory-jcr/7.6.3\", \"features\": \[\{\"featureId\": \"Partner/ACC-007246\"\}\]\}' - type: string - group: "Internal Settings (Do not modify)" diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/requirements.lock b/charts/artifactory-jcr/artifactory-jcr/3.4.000/requirements.lock deleted file mode 100755 index 299d8cefe..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/requirements.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: artifactory - repository: https://charts.jfrog.io/ - version: 11.7.4 -digest: sha256:a4c52f49f154be6434a9a37474eee556de8d97a487be9dec923124a64651aac8 -generated: "2021-01-04T14:56:17.66958+05:30" diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/requirements.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/requirements.yaml deleted file mode 100755 index 4ad868b8a..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/requirements.yaml +++ /dev/null @@ -1,4 +0,0 @@ -dependencies: - - name: artifactory - version: 11.7.4 - repository: https://charts.jfrog.io/ diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/templates/NOTES.txt b/charts/artifactory-jcr/artifactory-jcr/3.4.000/templates/NOTES.txt deleted file mode 100755 index 035bf8417..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/templates/NOTES.txt +++ /dev/null @@ -1 +0,0 @@ -Congratulations. You have just deployed JFrog Container Registry! diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/values.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/values.yaml deleted file mode 100755 index 250485d27..000000000 --- a/charts/artifactory-jcr/artifactory-jcr/3.4.000/values.yaml +++ /dev/null @@ -1,75 +0,0 @@ -# Default values for artifactory-jcr. -# This is a YAML-formatted file. - -# Beware when changing values here. You should know what you are doing! -# Access the values with {{ .Values.key.subkey }} - -# This chart is based on the main artifactory chart with some customizations. -# See all supported configuration keys in https://github.com/jfrog/charts/tree/master/stable/artifactory - -## All values are under the 'artifactory' sub chart. -artifactory: - - ## Artifactory - ## See full list of supported Artifactory options and documentation in artifactory chart: https://github.com/jfrog/charts/tree/master/stable/artifactory - artifactory: - ## Default tag is from the artifactory sub-chart in the requirements.yaml - image: - registry: docker.bintray.io - repository: jfrog/artifactory-jcr - # tag: - - ## Uncomment the following resources definitions or pass them from command line - ## to control the cpu and memory resources allocated by the Kubernetes cluster - resources: {} - # requests: - # memory: "1Gi" - # cpu: "500m" - # limits: - # memory: "4Gi" - # cpu: "1" - ## The following Java options are passed to the java process running Artifactory. - ## You should set them according to the resources set above. - ## IMPORTANT: Make sure resources.limits.memory is at least 1G more than Xmx. - javaOpts: {} - # xms: "1g" - # xmx: "3g" - # other: "" - - installer: - platform: jcr-helm - - installerInfo: '{"productId": "Helm_artifactory-jcr/{{ .Chart.Version }}", "features": [ { "featureId": "Platform/{{ default "kubernetes" .Values.installer.platform }}"}]}' - ## Nginx - ## See full list of supported Nginx options and documentation in artifactory chart: https://github.com/jfrog/charts/tree/master/stable/artifactory - nginx: - enabled: true - tlsSecretName: "" - service: - type: LoadBalancer - - ## Ingress - ## See full list of supported Ingress options and documentation in artifactory chart: https://github.com/jfrog/charts/tree/master/stable/artifactory - ingress: - enabled: false - tls: - - ## PostgreSQL - ## See list of supported postgresql options and documentation in artifactory chart: https://github.com/jfrog/charts/tree/master/stable/artifactory - ## Configuration values for the PostgreSQL dependency sub-chart - ## ref: https://github.com/bitnami/charts/blob/master/bitnami/postgresql/README.md - postgresql: - enabled: true - - ## This key is required for upgrades to protect old PostgreSQL chart's breaking changes. - databaseUpgradeReady: "yes" - - ## If NOT using the PostgreSQL in this chart (artifactory.postgresql.enabled=false), - ## specify custom database details here or leave empty and Artifactory will use embedded derby. - ## See full list of database options and documentation in artifactory chart: https://github.com/jfrog/charts/tree/master/stable/artifactory - # database: - - -## Enable the PostgreSQL sub chart -postgresql: - enabled: true diff --git a/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100+up1.2.1/.helmignore b/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100+up1.2.1/.helmignore deleted file mode 100644 index 50af03172..000000000 --- a/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100+up1.2.1/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100+up1.2.1/Chart.yaml b/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100+up1.2.1/Chart.yaml deleted file mode 100644 index 519757d14..000000000 --- a/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100+up1.2.1/Chart.yaml +++ /dev/null @@ -1,18 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: citrix-adc-istio-ingress-gateway -apiVersion: v1 -appVersion: 1.2.1 -description: A Helm chart for Citrix ADC as Ingress Gateway installation in Istio - Service Mesh on Kubernetes platform -home: https://www.citrix.com -icon: https://raw.githubusercontent.com/citrix/citrix-helm-charts/gh-pages/icon.png -maintainers: -- email: dhiraj.gedam@citrix.com - name: dheerajng -- email: subash.dangol@citrix.com - name: subashd -name: citrix-adc-istio-ingress-gateway -sources: -- https://github.com/citrix/citrix-istio-adaptor -version: 1.2.100+up1.2.1 diff --git a/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100+up1.2.1/README.md b/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100+up1.2.1/README.md deleted file mode 100644 index 0362e7b1f..000000000 --- a/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100+up1.2.1/README.md +++ /dev/null @@ -1,220 +0,0 @@ -# Deploy Citrix ADC as an Ingress Gateway in Istio environment using Helm charts - -Citrix Application Delivery Controller (ADC) can be deployed as an Istio Ingress Gateway to control the ingress traffic to Istio service mesh. - -# Table of Contents -1. [TL; DR;](#tldr) -2. [Introduction](#introduction) -3. [Deploy Citrix ADC VPX or MPX as an Ingress Gateway](#deploy-citrix-adc-vpx-or-mpx-as-an-ingress-gateway) -4. [Deploy Citrix ADC CPX as an Ingress Gateway](#deploy-citrix-adc-cpx-as-an-ingress-gateway) -5. [Using Existing Certificates to deploy Citrix ADC as an Ingress Gateway](#using-existing-certificates-to-deploy-citrix-adc-as-an-ingress-gateway) -6. [Segregating traffic with multiple Ingress Gateways](#segregating-traffic-with-multiple-ingress-gateways) -7. [Visualizing statistics of Citrix ADC Ingress Gateway with Metrics Exporter](#visualizing-statistics-of-citrix-adc-ingress-gateway-with-metrics-exporter) -8. [Exposing services running on non-HTTP ports](#exposing-services-running-on-non-http-ports) -9. [Citrix ADC as Ingress Gateway: a sample deployment](#citrix-adc-as-ingress-gateway-a-sample-deployment) -10. [Uninstalling the Helm chart](#uninstalling-the-helm-chart) -11. [Configuration Parameters](#configuration-parameters) - - -## TL; DR; - -### To deploy Citrix ADC VPX or MPX as an Ingress Gateway: - - kubectl create secret generic nslogin --from-literal=username= --from-literal=password= -n citrix-system - - helm repo add citrix https://citrix.github.io/citrix-helm-charts/ - - helm install citrix-adc-istio-ingress-gateway citrix/citrix-adc-istio-ingress-gateway --namespace citrix-system --set ingressGateway.EULA=YES --set istioAdaptor.netscalerUrl=https://[:port] --set istioAdaptor.vserverIP= - -### To deploy Citrix ADC CPX as an Ingress Gateway: - - helm repo add citrix https://citrix.github.io/citrix-helm-charts/ - - helm install citrix-adc-istio-ingress-gateway citrix/citrix-adc-istio-ingress-gateway --namespace citrix-system --set ingressGateway.EULA=YES --set citrixCPX=true - - -## Introduction - -This chart deploys Citrix ADC VPX, MPX, or CPX as an Ingress Gateway in the Istio service mesh using the Helm package manager. For detailed information on different deployment options, see [Deployment Architecture](https://github.com/citrix/citrix-istio-adaptor/blob/master/docs/architecture.md). - -### Prerequisites - -The following prerequisites are required for deploying Citrix ADC as an Ingress Gateway in Istio service mesh: - -- Ensure that **Istio version 1.3.0** is installed -- Ensure that Helm with version 3.x is installed. Follow this [step](https://github.com/citrix/citrix-helm-charts/blob/master/Helm_Installation_version_3.md) to install the same. -- Ensure that your cluster has Kubernetes version 1.14.0 or later and the `admissionregistration.k8s.io/v1beta1` API is enabled -- **For deploying Citrix ADC VPX or MPX as an Ingress gateway:** - - Create a Kubernetes secret for the Citrix ADC user name and password using the following command: - - kubectl create secret generic nslogin --from-literal=username= --from-literal=password= -n citrix-system - -You can verify the API by using the following command: - - kubectl api-versions | grep admissionregistration.k8s.io/v1beta1 - -The following output indicates that the API is enabled: - - admissionregistration.k8s.io/v1beta1 - -- **Important Note:** For deploying Citrix ADC VPX or MPX as ingress gateway, you should establish the connectivity between Citrix ADC VPX or MPX and cluster nodes. This connectivity can be established by configuring routes on Citrix ADC as mentioned [here](https://github.com/citrix/citrix-k8s-ingress-controller/blob/master/docs/network/staticrouting.md) or by deploying [Citrix Node Controller](https://github.com/citrix/citrix-k8s-node-controller). - - -## Deploy Citrix ADC VPX or MPX as an Ingress Gateway - - To deploy Citrix ADC VPX or MPX as an Ingress Gateway in the Istio service mesh, do the following step. In this example, release name is specified as `citrix-adc-istio-ingress-gateway` and namespace as `citrix-system`. - - kubectl create secret generic nslogin --from-literal=username= --from-literal=password= -n citrix-system - - helm repo add citrix https://citrix.github.io/citrix-helm-charts/ - - helm install citrix-adc-istio-ingress-gateway citrix/citrix-adc-istio-ingress-gateway --namespace citrix-system --set ingressGateway.EULA=YES,istioAdaptor.netscalerUrl=https://[:port],istioAdaptor.vserverIP= - -## Deploy Citrix ADC CPX as an Ingress Gateway - - To deploy Citrix ADC CPX as an Ingress Gateway, do the following step. In this example, release name is specified as `my-release` and namespace is used as `citrix-system`. - - helm repo add citrix https://citrix.github.io/citrix-helm-charts/ - - helm install my-release citrix/citrix-adc-istio-ingress-gateway --namespace citrix-system --set ingressGateway.EULA=YES,citrixCPX=true - - -## Using Existing Certificates to deploy Citrix ADC as an Ingress Gateway - -You may want to use the existing certificate and key for authenticating access to an application using Citrix ADC Ingress Gateway. In that case, you can create a Kubernetes secret from the existing certificate and key. You can mount the Kubernetes secret as data volumes in Citrix ADC Ingress Gateway. - -To create a Kubernetes secret using an existing key named `test_key.pem` and a certificate named `test.pem`, use the following command: - - kubectl create -n citrix-system secret tls citrix-ingressgateway-certs --key test_key.pem --cert test.pem - -Note: Ensure that Kubernetes secret is created in the same namespace where Citrix ADC Ingress Gateway is deployed. - -To deploy Citrix ADC VPX or MPX with secret volume, do the following step: - - kubectl create secret generic nslogin --from-literal=username= --from-literal=password= -n citrix-system - - helm repo add citrix https://citrix.github.io/citrix-helm-charts/ - - helm install my-release citrix/citrix-adc-istio-ingress-gateway --namespace citrix-system --set ingressGateway.EULA=YES,istioAdaptor.netscalerUrl=https://[:port],istioAdaptor.vserverIP=,ingressGateway.secretVolumes[0].name=test-ingressgateway-certs,ingressGateway.secretVolumes[0].secretName=test-ingressgateway-certs,ingressGateway.secretVolumes[0].mountPath=/etc/istio/test-ingressgateway-certs - -To deploy Citrix ADC CPX with secret volume, do the following step: - - helm repo add citrix https://citrix.github.io/citrix-helm-charts/ - - helm install my-release citrix/citrix-adc-istio-ingress-gateway --namespace citrix-system --set ingressGateway.EULA=YES,citrixCPX=true,ingressGateway.secretVolumes[0].name=test-ingressgateway-certs,ingressGateway.secretVolumes[0].secretName=test-ingressgateway-certs,ingressGateway.secretVolumes[0].mountPath=/etc/istio/test-ingressgateway-certs - -## Segregating traffic with multiple Ingress Gateways - -You can deploy multiple Citrix ADC Ingress Gateway devices and segregate traffic to various deployments in the Istio service mesh. This can be achieved with *custom labels*. By default, Citrix ADC Ingress Gateway service comes up with the `app: citrix-ingressgateway` label. This label is used as a selector while deploying the Ingress Gateway or virtual service resources. If you want to deploy Ingress Gateway with the custom label, you can do it using the `ingressGateway.label` option in the Helm chart. - -To deploy Citrix ADC CPX Ingress Gateway with the label `my_custom_ingressgateway`, do the following step: - - kubectl create secret generic nslogin --from-literal=username= --from-literal=password= -n citrix-system - - helm repo add citrix https://citrix.github.io/citrix-helm-charts/ - - helm install my-release citrix/citrix-adc-istio-ingress-gateway --namespace citrix-system --set ingressGateway.EULA=YES,citrixCPX=true,ingressGateway.lightWeightCPX=NO,ingressGateway.label=my_custom_ingressgateway - -To deploy Citrix ADC VPX or MPX as an Ingress Gateway with the label `my_custom_ingressgateway`, do the following step: - - helm repo add citrix https://citrix.github.io/citrix-helm-charts/ - - helm install my-release citrix/citrix-adc-istio-ingress-gateway --namespace citrix-system --set ingressGateway.EULA=YES,istioAdaptor.netscalerUrl=https://[:port],istioAdaptor.vserverIP=,ingressGateway.label=my_custom_ingressgateway - -## Visualizing statistics of Citrix ADC Ingress Gateway with Metrics Exporter - -By default, [Citrix ADC Metrics Exporter](https://github.com/citrix/citrix-adc-metrics-exporter) is also deployed along with Citrix ADC Ingress Gateway. Citrix ADC Metrics Exporter fetches statistical data from Citrix ADC and exports it to Prometheus running in Istio service mesh. When you add Prometheus as a data source in Grafana, you can visualize this statistical data in the Grafana dashboard. - -Metrics Exporter requires the IP address of Citrix ADC CPX or VPX Ingress Gateway. It is retrieved from the value specified for `istioAdaptor.netscalerUrl`. - -When Citrix ADC CPX is deployed as Ingress Gateway, Metrics Exporter runs along with Citrix CPX Ingress Gateway in the same pod and specifying IP address is optional. - -To deploy Citrix ADC as Ingress Gateway without Metrics Exporter, set the value of `metricExporter.required` as false. - - - kubectl create secret generic nslogin --from-literal=username= --from-literal=password= -n citrix-system - - helm repo add citrix https://citrix.github.io/citrix-helm-charts/ - - helm install citrix-adc-istio-ingress-gateway citrix/citrix-adc-istio-ingress-gateway --namespace citrix-system --set ingressGateway.EULA=YES,istioAdaptor.netscalerUrl=https://[:port],istioAdaptor.vserverIP=,metricExporter.required=false - -"Note:" To remotely access telemetry addons such as Prometheus and Grafana, see [Remotely Accessing Telemetry Addons](https://istio.io/docs/tasks/telemetry/gateways/). - -## Exposing services running on non-HTTP ports - -By default, services running on HTTP ports (80 & 443) are exposed through Citrix ADC Ingress Gateway. Similarly, you can expose services that are deployed on non-HTTP ports through the Citrix ADC Ingress Gateway device. - -To deploy Citrix ADC MPX or VPX, and expose a service running on a TCP port, do the following step. - -In this example, a service running on TCP port 5000 is exposed using port 10000 on Citrix ADC. - - kubectl create secret generic nslogin --from-literal=username= --from-literal=password= -n citrix-system - - helm repo add citrix https://citrix.github.io/citrix-helm-charts/ - - helm install my-release citrix/citrix-adc-istio-ingress-gateway --namespace citrix-system --set ingressGateway.EULA=YES,istioAdaptor.netscalerUrl=https://[:port],istioAdaptor.vserverIP=,ingressGateway.tcpPort[0].name=tcp1,ingressGateway.tcpPort[0].port=10000,ingressGateway.tcpPort[0].targetPort=5000 - - To deploy Citrix ADC CPX and expose a service running on a TCP port, do the following step. - In this example, port 10000 on the Citrix ADC CPX instance is exposed using TCP port 30000 (node port configuration) on the host machine. - - helm repo add citrix https://citrix.github.io/citrix-helm-charts/ - - helm install my-release citrix/citrix-adc-istio-ingress-gateway --namespace citrix-system --set ingressGateway.EULA=YES,citrixCPX=true,ingressGateway.tcpPort[0].name=tcp1,ingressGateway.tcpPort[0].nodePort=30000,ingressGateway.tcpPort[0].port=10000,ingressGateway.tcpPort[0].targetPort=5000 - - -## Citrix ADC as Ingress Gateway: a sample deployment - -A sample deployment of Citrix ADC as an Ingress gateway for the Bookinfo application is provided [here](https://github.com/citrix/citrix-helm-charts/tree/master/examples/citrix-adc-in-istio). - -## Uninstalling the Helm chart - -To uninstall or delete a chart with release name as `my-release`, do the following step. - - helm delete my-release - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Configuration parameters - -The following table lists the configurable parameters in the Helm chart and their default values. - - -| Parameter | Description | Default | Optional/Mandatory | -|--------------------------------|-------------------------------|---------------------------|---------------------------| -| `citrixCPX` | Citrix ADC CPX | FALSE | Mandatory for Citrix ADC CPX | -| `istioAdaptor.image` | Image of the Citrix Istio-adaptor container |quay.io/citrix/citrix-istio-adaptor| Mandatory| -| `istioAdaptor.tag` | Tag of the Istio adaptor image | 1.2.0 | Mandatory| -| `istioAdaptor.imagePullPolicy` | Image pull policy for Istio-adaptor | IfNotPresent | Optional| -| `istioAdaptor.vserverIP` | Virtual server IP address on Citrix ADC (Mandatory if citrixCPX=false) | null | Mandatory for Citrix ADC MPX or VPX| -| `istioAdaptor.netscalerUrl` | URL or IP address of the Citrix ADC which Istio-adaptor configures (Mandatory if citrixCPX=false)| null |Mandatory for Citrix ADC MPX or VPX| -| `istioAdaptor.secureConnect` | If this value is set to true, Istio-adaptor establishes secure gRPC channel with Istio Pilot | TRUE | Optional| -| `istioAdaptor.netProfile ` | Network profile name used by [CNC](https://github.com/citrix/citrix-k8s-node-controller) to configure Citrix ADC VPX or MPX which is deployed as Ingress Gateway | null | Optional| -| `istioAdaptor.coeURL` | Name of [Citrix Observability Exporter](https://github.com/citrix/citrix-observability-exporter) Service in the form of "." | null | Optional| -| `istioAdaptor.ADMIP ` | Citrix Application Delivery Management (ADM) IP address | NIL | Mandatory for Citrix ADC CPX | -| `istioAdaptor.ADMFingerPrint ` | Citrix Application Delivery Management (ADM) Finger Print. For more information, see [this](https://docs.citrix.com/en-us/citrix-application-delivery-management-service/application-analytics-and-management/service-graph.html) | NIL | Optional| -| `ingressGateway.image` | Image of Citrix ADC CPX designated to run as Ingress Gateway |quay.io/citrix/citrix-k8s-cpx-ingress| Mandatory for Citrix ADC CPX | -| `ingressGateway.tag` | Version of Citrix ADC CPX | 13.0-47.22 | Mandatory for Citrix ADC CPX | -| `ingressGateway.imagePullPolicy` | Image pull policy | IfNotPresent | Optional| -| `ingressGateway.EULA` | End User License Agreement(EULA) terms and conditions. If yes, then user agrees to EULA terms and conditions. | NO | Mandatory for Citrix ADC CPX -| `ingressGateway.mgmtHttpPort` | Management port of the Citrix ADC CPX | 9080 | Optional| -| `ingressGateway.mgmtHttpsPort` | Secure management port of Citrix ADC CPX | 9443 | Optional| -| `ingressGateway.httpNodePort` | Port on host machine which is used to expose HTTP port (80) of Citrix ADC CPX | 30180 |Optional| -| `ingressGateway.httpsNodePort` | Port on host machine which is used to expose HTTPS port (443) of Citrix ADC CPX | 31443 |Optional| -| `ingressGateway.secretVolume` | A map of user defined volumes to be mounted using Kubernetes secrets | null |Optional| -| `ingressGateway.licenseServerPort` | Citrix ADM port if a non-default port is used | 27000 | Optional| -| `ingressGateway.label` | Custom label for the Ingress Gateway service | citrix-ingressgateway |Optional| -| `ingressGateway.tcpPort` | For exposing multiple TCP ingress | NIL |Optional| -| `istioPilot.name` | Name of the Istio Pilot service | istio-pilot |Optional| -| `istioPilot.namespace` | Namespace where Istio Pilot is running | istio-system |Optional| -| `istioPilot.secureGrpcPort` | Secure GRPC port where Istio Pilot is listening (default setting) | 15011 |Optional| -| `istioPilot.insecureGrpcPort` | Insecure GRPC port where Istio Pilot is listening | 15010 |Optional| -| `istioPilot.SAN` | Subject alternative name for Istio Pilot which is the secure production identity framework for everyone (SPIFFE) ID of Istio Pilot | spiffe://cluster.local/ns/istio-system/sa/istio-pilot-service-account |Optional| -| `metricExporter.required` | Metrics exporter for Citrix ADC | TRUE |Optional| -| `metricExporter.image` | Image of the Citrix ADC Metrics Exporter | quay.io/citrix/citrix-adc-metrics-exporter |Optional| -| `metricExporter.version` | Version of the Citrix ADC Metrics Exporter image | 1.4.0 |Optional| -| `metricExporter.port` | Port over which Citrix ADC Metrics Exporter collects metrics of Citrix ADC. | 8888 |Optional| -| `metricExporter.secure` | Enables collecting metrics over TLS | YES |Optional| -| `metricExporter.logLevel` | Level of logging in Citrix ADC Metrics Exporter. Possible values are: DEBUG, INFO, WARNING, ERROR, CRITICAL | ERROR |Optional| -| `metricExporter.imagePullPolicy` | Image pull policy for Citrix ADC Metrics Exporter | IfNotPresent |Optional| - diff --git a/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100+up1.2.1/app-readme.md b/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100+up1.2.1/app-readme.md deleted file mode 100644 index 15e4cb6fe..000000000 --- a/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100+up1.2.1/app-readme.md +++ /dev/null @@ -1,18 +0,0 @@ -# Citrix ADC as an Ingress Gateway for Istio - -An [Istio](https://istio.io/) ingress gateway acts as an entry point for the incoming traffic and secures and controls access to the service mesh. It also performs routing and load balancing. Citrix ADC [CPX](https://docs.citrix.com/en-us/citrix-adc-cpx), MPX, or [VPX](https://docs.citrix.com/en-us/citrix-adc.html), can be deployed as an ingress gateway to the Istio service mesh. - -### Prerequisites - -The following prerequisites are required for deploying Citrix ADC as an Ingress Gateway in Istio service mesh: - -- Ensure that **Istio** is enabled. -- Ensure that your cluster has Kubernetes version 1.14.0 or later. -- Ensure to create secret named **nslogin** with username and password in same namespace in case of VPX/MPX . Choose the **Resources > Secrets** in the navigation bar. - -### Important NOTE: -- Follow this [link](https://github.com/citrix/citrix-helm-charts/blob/master/examples/citrix-adc-in-istio/README.md -) to deploy Citrix ADC as an ingress gateway for application. -- For deploying Citrix ADC VPX or MPX as ingress gateway, you should establish the connectivity between Citrix ADC VPX or MPX and cluster nodes. This connectivity can be established by configuring routes on Citrix ADC as mentioned [here](https://github.com/citrix/citrix-k8s-ingress-controller/blob/master/docs/network/staticrouting.md) or by deploying [Citrix Node Controller](https://github.com/citrix/citrix-k8s-node-controller). - -This catalog deploys Citrix ADC VPX, MPX, or CPX as an Ingress Gateway in the Istio service mesh. For detailed information on various deployment options,checkout this [link](https://github.com/citrix/citrix-istio-adaptor). diff --git a/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100+up1.2.1/questions.yml b/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100+up1.2.1/questions.yml deleted file mode 100644 index 1ee110b95..000000000 --- a/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100+up1.2.1/questions.yml +++ /dev/null @@ -1,300 +0,0 @@ -questions: -- variable: citrixCPX - required: true - type: boolean - default: true - description: "Set true to use Citrix ADC CPX as ingress device. Set false to use VPX/MPX as ingress device" - label: citrixCPX - group: "Deployment Settings" -- variable: secrets.name - required: true - type: string - default: "nslogin" - description: "Ensure to create nslogin secret in same namespace" - show_if: "citrixCPX=false" - group: "nslogin Settings" -- variable: istioAdaptor.image - required: true - type: string - default: "quay.io/citrix/citrix-istio-adaptor" - label: istioAdaptor Image - description: "Istio-adaptor Image to be used" - group: "Istio-adaptor Settings" -- variable: istioAdaptor.tag - required: true - type: string - default: "1.2.1" - label: istioAdaptor tag - group: "Istio-adaptor Settings" -- variable: istioAdaptor.imagePullPolicy - required: true - type: enum - default: IfNotPresent - label: istioAdaptor imagePullPolicy - description: "Istio-adaptor Image pull policy" - options: - - "Always" - - "IfNotPresent" - - "Never" - group: "Istio-adaptor Settings" -- variable: istioAdaptor.netscalerUrl - required: true - type: string - default: null - label: istioAdaptor netscalerUrl - description: "URL or IP address of the Citrix ADC which Istio-adaptor configures" - show_if: "citrixCPX=false" - group: "Istio-adaptor Settings" -- variable: istioAdaptor.secureConnect - type: boolean - default: true - label: istioAdaptor secureConnect - description: "If this value is set to true, Istio-adaptor establishes secure gRPC channel with Istio Pilot" - group: "Istio-adaptor Settings" -- variable: istioAdaptor.vserverIP - required: true - type: string - label: istioAdaptor vserverIP - show_if: "citrixCPX=false" - descriptions: "Virtual server IP address on Citrix ADC" - group: "Istio-adaptor Settings" -- variable: istioAdaptor.netProfile - type: string - label: istioAdaptor netProfile - description: "profile name used by CNC to configure VPX/MPX" - show_if: "citrixCPX=false" - group: "Istio-adaptor Settings" -- variable: istioAdaptor.ADMIP - type: string - label: istioAdaptor ADMIP - description: "Citrix Application Delivery Management (ADM) IP address" - group: "Istio-adaptor Settings" -- variable: istioAdaptor.ADMFingerPrint - type: string - label: istioAdaptor ADMFingerPrint - description: "Citrix Application Delivery Management (ADM) Finger Print." - group: "Istio-adaptor Settings" -- variable: istioAdaptor.coeURL - type: string - label: istioAdaptor coeURL - description: "Name of Citrix Observability Exporter Service" - group: "Istio-adaptor Settings" -- variable: istioPilot.name - required: true - type: string - default: istio-pilot - label: istio-pilot name - group: "istio-pilot Settings" - description: "Name of the Istio Pilot service" -- variable: istioPilot.namespace - required: true - type: string - default: istio-system - label: istio-pilot namespace - description: "Namespace where Istio Pilot is running" - group: "istio-pilot Settings" -- variable: istioPilot.secureGrpcPort - required: true - type: int - default: 15011 - label: istio-pilot secureGrpcPort - show_if: "istioAdaptor.secureConnect=true" - description: "Secure GRPC port where Istio Pilot is listening" - group: "istio-pilot Settings" -- variable: istioPilot.insecureGrpcPort - required: true - type: int - default: 15010 - show_if: "istioAdaptor.secureConnect=false" - label: istio-pilot insecureGrpcPort - description: "Insecure GRPC port where Istio Pilot is listening" - group: "istio-pilot Settings" -- variable: istioPilot.SAN - required: true - type: string - default: "spiffe://cluster.local/ns/istio-system/sa/istio-pilot-service-account" - label: istio-pilot SAN - description: "Subject alternative name for Istio Pilot which is (SPIFFE) ID of Istio Pilot" - show_if: "istioAdaptor.secureConnect=true" - group: "istio-pilot Settings" -- variable: ingressGateway.image - required: true - type: string - default: "quay.io/citrix/citrix-k8s-cpx-ingress" - label: ingressGateway Image - description: "ingressGateway image to be used" - group: "ingressGateway Settings" -- variable: ingressGateway.tag - required: true - type: string - default: "13.0-47.22" - label: ingressGateway tag - group: "ingressGateway Settings" -- variable: ingressGateway.imagePullPolicy - required: true - type: enum - default: IfNotPresent - label: ingressGateway imagePullPolicy - description: Ingress-gateway Image pull policy - group: "ingressGateway Settings" - options: - - "Always" - - "IfNotPresent" - - "Never" -- variable: ingressGateway.EULA - required: true - type: enum - description: "End user license agreement (read EULA before accepting it yes)" - label: ingressGateway EULA - options: - - "YES" - - "NO" - group: "ingressGateway Settings" -- variable: ingressGateway.mgmtHttpPort - required: true - type: int - default: 10080 - label: ingressGateway mgmtHttpPort - description: "Management port of the Citrix ADC CPX" - show_if: "citrixCPX=true" - group: "ingressGateway Settings" -- variable: ingressGateway.mgmtHttpsPort - required: true - type: int - default: 10443 - show_if: "citrixCPX=true" - label: ingressGateway mgmtHttpsPort - description: "Secure management port of Citrix ADC CPX" - group: "ingressGateway Settings" -- variable: ingressGateway.httpNodePort - required: true - type: int - default: 30180 - show_if: "citrixCPX=true" - label: ingressGateway httpNodePort - description: "Port on host machine which is used to expose HTTP port of Citrix ADC CPX" - group: "ingressGateway Settings" -- variable: ingressGateway.httpsNodePort - required: true - type: int - default: 31443 - show_if: "citrixCPX=true" - label: ingressGateway httpsNodePort - description: "Port on host machine which is used to expose HTTPS port of Citrix ADC CPX" - group: "ingressGateway Settings" -- variable: ingressGateway.exposeMutipleApps - required: true - type: boolean - default: false - description: "By default, only one service is exposed via ingress gateway. To expose another service, select it TRUE, and then specify a set of secret, volume name, mount path in subsequent fields" - label: exposeMutipleApps - group: "ingressGateway Settings" -- variable: ingressGateway.secretVolumes[0].name - required: true - type: string - show_if: "ingressGateway.exposeMutipleApps=true" - label: ingressGateway secretVolumes name - group: "ingressGateway Settings" -- variable: ingressGateway.secretVolumes[0].secretName - required: true - type: string - show_if: "ingressGateway.exposeMutipleApps=true" - label: ingressGateway secretVolumes secretName - description: "user defined volumes to be mounted using Kubernetes secrets name" - group: "ingressGateway Settings" -- variable: ingressGateway.secretVolumes[0].mountPath - required: true - type: string - show_if: "ingressGateway.exposeMutipleApps=true" - label: ingressGateway secretVolumes mountPath - group: "ingressGateway Settings" -- variable: ingressGateway.licenseServerPort - type: int - default: 27000 - label: ingressGateway licenseServerPort - description: "Citrix ADM port if a non-default port is used" - group: "ingressGateway Settings" -- variable: ingressGateway.label - required: true - type: string - default: "citrix-ingressgateway" - label: ingressGateway label - description: "Custom label for the Ingress Gateway service" - group: "ingressGateway Settings" -- variable: ingressGateway.exposeNonHttpService - required: true - type: boolean - default: false - description: "By default, gateway is configured to expose HTTP(S) services. To expose non-HTTP services, select exposeNonHttpService to True, and then specify a set of port, port-name, target-port, nodeport (if applicable) in subsequent field." - label: exposeNonHttpService - group: "ingressGateway Settings" -- variable: ingressGateway.tcpPort[0].name - required: true - type: string - default: - label: Services runing on tcpPort name - show_if: "ingressGateway.exposeNonHttpService=true" - group: "ingressGateway Settings" -- variable: ingressGateway.tcpPort[0].nodePort - required: true - type: int - min: 30000 - max: 32767 - label: Citrix ADC CPX exposed using nodePort - show_if: "citrixCPX=true && ingressGateway.exposeNonHttpService=true" - description: "NodePort (to set explicitly, choose port between 30000-32767)" - group: "ingressGateway Settings" -- variable: ingressGateway.tcpPort[0].port - required: true - type: int - label: Services exposed using Port on Citrix ADC - show_if: "ingressGateway.exposeNonHttpService=true" - group: "ingressGateway Settings" -- variable: ingressGateway.tcpPort[0].targetPort - required: true - type: int - label: Services running on targetPort - show_if: "ingressGateway.exposeNonHttpService=true" - group: "ingressGateway Settings" -- variable: metricExporter.image - required: true - type: string - default: "quay.io/citrix/citrix-adc-metrics-exporter" - label: Exporter Image - description: "Exporter Image to be used" - group: "metricExporter Settings" -- variable: metricExporter.version - required: true - type: string - default: "1.4.0" - label: metricExporter Version - group: "metricExporter Settings" -- variable: metricExporter.port - required: true - type: int - default: 8888 - label: metricExporter Port - group: "metricExporter Settings" -- variable: metricExporter.logLevel - required: true - type: enum - default: ERROR - label: metricExporter logLevel - group: "metricExporter Settings" - options: - - "DEBUG" - - "INFO" - - "WARNING" - - "ERROR" - - "TRACE" -- variable: metricExporter.imagePullPolicy - required: true - type: enum - default: IfNotPresent - label: metricExporter imagePullPolicy - description: "Exporter Image pull policy" - group: "metricExporter Settings" - options: - - "Always" - - "IfNotPresent" - - "Never" diff --git a/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100+up1.2.1/templates/_helpers.tpl b/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100+up1.2.1/templates/_helpers.tpl deleted file mode 100644 index 91374c7bd..000000000 --- a/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100+up1.2.1/templates/_helpers.tpl +++ /dev/null @@ -1,4 +0,0 @@ -{{- define "exporter_nsip" -}} -{{- $match := .Values.istioAdaptor.netscalerUrl | toString | regexFind "//.*[:]*" -}} -{{- $match | trimAll ":" | trimAll "/" -}} -{{- end -}} diff --git a/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100+up1.2.1/templates/citrix-adc-ingressgateway-deployment.yaml b/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100+up1.2.1/templates/citrix-adc-ingressgateway-deployment.yaml deleted file mode 100644 index fcf187f55..000000000 --- a/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100+up1.2.1/templates/citrix-adc-ingressgateway-deployment.yaml +++ /dev/null @@ -1,330 +0,0 @@ -{{- if eq .Values.citrixCPX true }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: citrix-ingressgateway - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.ingressGateway.label | default "citrix-ingressgateway" }} -spec: - replicas: 1 - selector: - matchLabels: - app: {{ .Values.ingressGateway.label | default "citrix-ingressgateway" }} - template: - metadata: - labels: - app: {{ .Values.ingressGateway.label | default "citrix-ingressgateway" }} - annotations: - scheduler.alpha.kubernetes.io/critical-pod: "" - prometheus.io/port: "{{ .Values.metricExporter.port }}" - prometheus.io/scrape: "true" - spec: - volumes: - - name: nslogin - secret: - secretName: nslogin - - name: istio-certs - secret: - optional: true - secretName: istio.default - - name: citrix-ingressgateway-certs - secret: - optional: true - secretName: "citrix-ingressgateway-certs" # IMPORTANT: This secret MUST BE created before deploying gateway and ingress-gateway - - name: citrix-ingressgateway-ca-certs - secret: - optional: true - secretName: "citrix-ingressgateway-ca-certs" # IMPORTANT: This secret MUST BE created before deploying gateway and ingress-gateway - {{- range .Values.ingressGateway.secretVolumes }} - - name: {{ .name }} - secret: - secretName: {{ .secretName | quote }} - optional: true - {{- end }} - - name: cpx-conf - emptyDir: {} - containers: -{{- if eq .Values.metricExporter.required true }} - - name: exporter - image: {{ .Values.metricExporter.image }}:{{ .Values.metricExporter.version }} - imagePullPolicy: IfNotPresent - args: - - "--target-nsip=127.0.0.1" - - "--port={{ .Values.metricExporter.port }}" - - "--log-level={{ .Values.metricExporter.logLevel }}" - env: - - name: NS_USER - valueFrom: - secretKeyRef: - name: nslogin - key: username - - name: NS_PASSWORD - valueFrom: - secretKeyRef: - name: nslogin - key: password -{{- end }} - - name: istio-adaptor - image: {{ .Values.istioAdaptor.image }}:{{ .Values.istioAdaptor.tag }} - imagePullPolicy: {{ .Values.istioAdaptor.imagePullPolicy }} - args: - - -pilot-location -{{- if eq .Values.istioAdaptor.secureConnect true }} - - {{ .Values.istioPilot.name}}.{{.Values.istioPilot.namespace }}:{{ .Values.istioPilot.secureGrpcPort }} # istio-pilot.istio-system:15011 -{{- else }} - - {{ .Values.istioPilot.name}}.{{.Values.istioPilot.namespace }}:{{ .Values.istioPilot.insecureGrpcPort }} # istio-pilot.istio-system:15010 -{{- end }} - - -proxy-type - - {{ .Values.istioAdaptor.proxyType | default "router" | quote }} - - -pilot-SAN - - {{ .Values.istioPilot.SAN }} - - -netscaler-url - - "http://127.0.0.1" - - -secure-connect={{ .Values.istioAdaptor.secureConnect}} - - -adm-ip -{{- if .Values.istioAdaptor.ADMIP }} - - {{ .Values.istioAdaptor.ADMIP }} -{{- else }} - - "" -{{- end }} -{{- if .Values.istioAdaptor.coeURL }} - - -coe-url - - {{ .Values.istioAdaptor.coeURL }} -{{- end }} - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: APPLICATION_NAME - valueFrom: - fieldRef: - fieldPath: metadata.labels['app'] - securityContext: - readOnlyRootFilesystem: true - runAsUser: 32024 # UID of istio-adaptor container's user - volumeMounts: - - mountPath: /etc/certs - name: istio-certs - readOnly: true - - mountPath: /etc/nslogin - name: nslogin - readOnly: true - - mountPath: /etc/istio/ingressgateway-certs # Make sure that Gateway definition has this path mentioned in server.tls section for SIMPLE TLS - name: citrix-ingressgateway-certs - readOnly: true - - mountPath: /etc/istio/ingressgateway-ca-certs # Make sure that Gateway definition has this path mentioned in server.tls section for MUTUAL TLS - name: citrix-ingressgateway-ca-certs - readOnly: true - {{- range .Values.ingressGateway.secretVolumes }} - - name: {{ .name }} - mountPath: {{ .mountPath | quote }} - readOnly: true - {{- end }} - - name: citrix-ingressgateway - image: "{{ .Values.ingressGateway.image }}:{{ .Values.ingressGateway.tag }}" - imagePullPolicy: {{ .Values.ingressGateway.imagePullPolicy }} - securityContext: - privileged: true - ports: - - containerPort: 80 - - containerPort: 443 -{{- if .Values.ingressGateway.mgmtHttpPort }} - - containerPort: {{ .Values.ingressGateway.mgmtHttpPort }} -{{- end }} -{{- if .Values.ingressGateway.mgmtHttpsPort }} - - containerPort: {{ .Values.ingressGateway.mgmtHttpsPort }} -{{- end }} -{{- range .Values.ingressGateway.tcpPort }} - - containerPort: {{ .port }} -{{- end }} - volumeMounts: - - mountPath: /cpx/conf/ - name: cpx-conf - env: - - name: "EULA" - value: "{{ .Values.ingressGateway.EULA }}" - - name: "MGMT_HTTP_PORT" - value: "{{ .Values.ingressGateway.mgmtHttpPort }}" - - name: "MGMT_HTTPS_PORT" - value: "{{ .Values.ingressGateway.mgmtHttpsPort }}" - - name: "NS_CPX_LITE" - value: "{{ .Values.ingressGateway.lightWeightCPX }}" -{{- if or .Values.istioAdaptor.coeURL .Values.istioAdaptor.ADMIP }} - - name: "NS_ENABLE_NEWNSLOG" - value: "1" -{{- end }} - - name: "KUBERNETES_TASK_ID" - value: "" - - name: "LS_IP" - value: {{ .Values.istioAdaptor.ADMIP | default "" }} - - name: "LS_PORT" - value: "{{ .Values.ingressGateway.licenseServerPort}}" -{{- if .Values.istioAdaptor.ADMFingerPrint }} - - name: "NS_MGMT_SERVER" - value: {{ .Values.istioAdaptor.ADMIP }} - - name: "NS_MGMT_FINGER_PRINT" - value: {{ .Values.istioAdaptor.ADMFingerPrint | quote }} - - name: "NS_HTTP_PORT" - value: {{ .Values.ingressGateway.mgmtHttpPort | quote }} - - name: "NS_HTTPS_PORT" - value: {{ .Values.ingressGateway.mgmtHttpsPort | quote }} -{{- end }} - - name: "LOGSTREAM_COLLECTOR_IP" - value: {{ .Values.istioAdaptor.ADMIP | default ""}} - ---- -{{ else }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: citrix-ingressgateway - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.ingressGateway.label | default "citrix-ingressgateway" }} -spec: - replicas: 1 - selector: - matchLabels: - app: {{ .Values.ingressGateway.label | default "citrix-ingressgateway" }} - template: - metadata: - labels: - app: {{ .Values.ingressGateway.label | default "citrix-ingressgateway" }} - annotations: - scheduler.alpha.kubernetes.io/critical-pod: "" - prometheus.io/port: "{{ .Values.metricExporter.port }}" - prometheus.io/scrape: "true" - spec: - containers: -{{- if eq .Values.metricExporter.required true }} - - name: exporter - image: {{ .Values.metricExporter.image }}:{{ .Values.metricExporter.version }} - imagePullPolicy: {{ .Values.metricExporter.imagePullPolicy }} - args: - - "--target-nsip={{- include "exporter_nsip" . -}}" - - "--port={{ .Values.metricExporter.port }}" - - "--secure={{ .Values.metricExporter.secure | lower}}" - - "--log-level={{ .Values.metricExporter.logLevel }}" - env: - - name: NS_USER - valueFrom: - secretKeyRef: - name: nslogin - key: username - - name: NS_PASSWORD - valueFrom: - secretKeyRef: - name: nslogin - key: password -{{- end }} - - name: istio-adaptor - image: {{ .Values.istioAdaptor.image }}:{{ .Values.istioAdaptor.tag }} - imagePullPolicy: {{ .Values.istioAdaptor.imagePullPolicy }} - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: APPLICATION_NAME - valueFrom: - fieldRef: - fieldPath: metadata.labels['app'] - args: - - -pilot-location -{{- if eq .Values.istioAdaptor.secureConnect true }} - - {{ .Values.istioPilot.name}}.{{.Values.istioPilot.namespace }}:{{ .Values.istioPilot.secureGrpcPort }} # istio-pilot.istio-system:15011 -{{- else }} - - {{ .Values.istioPilot.name}}.{{.Values.istioPilot.namespace }}:{{ .Values.istioPilot.insecureGrpcPort }} # istio-pilot.istio-system:15010 -{{- end }} - - -proxy-type - - {{ .Values.istioAdaptor.proxyType | default "router" | quote }} - - -pilot-SAN - - {{ .Values.istioPilot.SAN }} - - -netscaler-url - - {{ required "Mention Citrix ADC IP/URL in https://[:port] format" .Values.istioAdaptor.netscalerUrl }} - - -vserver-ip - - {{ required "Mention Vserver IP to be configured on Citrix ADC" .Values.istioAdaptor.vserverIP }} - - -secure-connect={{ .Values.istioAdaptor.secureConnect | default true }} - # If using VPX/MPX as Ingress gateway, then specify the network profile name - # which was provided to Citrix Node Controller (CNC) -{{- if .Values.istioAdaptor.netProfile }} - - -net-profile - - {{ .Values.istioAdaptor.netProfile }} -{{- end }} - - -adm-ip - - "" -{{- if .Values.istioAdaptor.coeURL }} - - -coe-url - - {{ .Values.istioAdaptor.coeURL }} -{{- end }} - securityContext: - readOnlyRootFilesystem: true - runAsUser: 32024 # UID of istio-adaptor container's user - volumeMounts: - - mountPath: /etc/certs - name: istio-certs - readOnly: true - - mountPath: /etc/nslogin - name: nslogin - readOnly: true - - mountPath: /etc/istio/ingressgateway-certs # Make sure that Gateway definition has this path mentioned in server.tls section for SIMPLE TLS - name: citrix-ingressgateway-certs - readOnly: true - - mountPath: /etc/istio/ingressgateway-ca-certs # Make sure that Gateway definition has this path mentioned in server.tls section for MUTUAL TLS - name: citrix-ingressgateway-ca-certs - readOnly: true - {{- range .Values.ingressGateway.secretVolumes }} - - name: {{ .name }} - mountPath: {{ .mountPath | quote }} - readOnly: true - {{- end }} - volumes: - - name: nslogin - secret: - secretName: nslogin - - name: istio-certs - secret: - optional: true - secretName: istio.default - - name: citrix-ingressgateway-certs - secret: - optional: true - secretName: "citrix-ingressgateway-certs" # IMPORTANT: This secret MUST BE created before deploying gateway and ingress-gateway - - name: citrix-ingressgateway-ca-certs - secret: - optional: true - secretName: "citrix-ingressgateway-ca-certs" # IMPORTANT: This secret MUST BE created before deploying gateway and ingress-gateway - {{- range .Values.ingressGateway.secretVolumes }} - - name: {{ .name }} - secret: - secretName: {{ .secretName | quote }} - optional: true - {{- end }} ---- -{{- end}} diff --git a/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100+up1.2.1/templates/ingressgateway-service.yaml b/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100+up1.2.1/templates/ingressgateway-service.yaml deleted file mode 100644 index ba18349b3..000000000 --- a/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100+up1.2.1/templates/ingressgateway-service.yaml +++ /dev/null @@ -1,60 +0,0 @@ -{{- if eq .Values.citrixCPX true }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: citrix-ingressgateway - namespace: {{ .Release.Namespace }} -spec: - maxReplicas: 1 - minReplicas: 1 - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: citrix-ingressgateway - metrics: - - type: Resource - resource: - name: cpu - targetAverageUtilization: 60 ---- -{{- end }} -apiVersion: v1 -kind: Service -metadata: - name: citrix-ingressgateway - namespace: {{ .Release.Namespace }} - annotations: - labels: - app: {{ .Values.ingressGateway.label | default "citrix-ingressgateway" }} -spec: -{{- if eq .Values.citrixCPX true }} - type: LoadBalancer -{{- end }} - selector: - app: {{ .Values.ingressGateway.label | default "citrix-ingressgateway" }} - ports: - - - name: http2 -{{- if eq .Values.citrixCPX true }} - nodePort: {{ .Values.ingressGateway.httpNodePort }} -{{- end }} - port: 80 - targetPort: 80 - - - name: https -{{- if eq .Values.citrixCPX true }} - nodePort: {{ .Values.ingressGateway.httpsNodePort }} -{{- end }} - port: 443 - targetPort: 443 -{{- $isCPX := .Values.citrixCPX }} -{{- range .Values.ingressGateway.tcpPort }} - - - name: {{ .name }} -{{- if eq $isCPX true }} - nodePort: {{ .nodePort }} -{{- end }} - port: {{ .port }} - targetPort: {{ .targetPort }} -{{- end }} ---- diff --git a/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100+up1.2.1/templates/metrics-exporter-service.yaml b/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100+up1.2.1/templates/metrics-exporter-service.yaml deleted file mode 100644 index ad77e2374..000000000 --- a/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100+up1.2.1/templates/metrics-exporter-service.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if eq .Values.metricExporter.required true }} -kind: Service -apiVersion: v1 -metadata: - name: exporter - annotations: - labels: - service-type: citrix-adc-monitor -spec: - selector: - app: {{ .Values.ingressGateway.label | default "citrix-ingressgateway" }} - ports: - - name: exporter-port - port: {{ .Values.metricExporter.port }} - targetPort: {{ .Values.metricExporter.port }} ---- -{{- end }} diff --git a/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100+up1.2.1/templates/secret.yaml b/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100+up1.2.1/templates/secret.yaml deleted file mode 100644 index 0201c116d..000000000 --- a/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100+up1.2.1/templates/secret.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if eq .Values.citrixCPX true }} -apiVersion: v1 -kind: Secret -metadata: - name: nslogin - namespace: {{ .Release.Namespace }} -type: Opaque -data: - username: "bnNyb290" - password: "bnNyb290" -{{- end }} diff --git a/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100+up1.2.1/values.yaml b/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100+up1.2.1/values.yaml deleted file mode 100644 index ba929f218..000000000 --- a/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100+up1.2.1/values.yaml +++ /dev/null @@ -1,50 +0,0 @@ -# Default values for citrix-adc-istio-ingress-gateway -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -citrixCPX: false - -metricExporter: - required: true - image: quay.io/citrix/citrix-adc-metrics-exporter - version: 1.4.0 - port: 8888 - secure: "YES" - logLevel: ERROR - imagePullPolicy: IfNotPresent - -istioAdaptor: - image: quay.io/citrix/citrix-istio-adaptor - tag: 1.2.1 - imagePullPolicy: IfNotPresent - netscalerUrl: null - proxyType: router - secureConnect: true - vserverIP: - netProfile: - ADMIP: - ADMFingerPrint: - coeURL: - -istioPilot: - name: istio-pilot - namespace: istio-system - secureGrpcPort: 15011 - insecureGrpcPort: 15010 - SAN: spiffe://cluster.local/ns/istio-system/sa/istio-pilot-service-account - -ingressGateway: - image: quay.io/citrix/citrix-k8s-cpx-ingress - tag: 13.0-47.22 - imagePullPolicy: IfNotPresent - EULA: NO - mgmtHttpPort: 10080 - mgmtHttpsPort: 10443 - httpNodePort: 30180 - httpsNodePort: 31443 - lightWeightCPX: 1 - secretVolumes: - #licenseServerIP: this value will be taken from istioAdaptor.ADMIP - licenseServerPort: 27000 - label: citrix-ingressgateway - tcpPort: diff --git a/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/.helmignore b/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/.helmignore deleted file mode 100755 index 50af03172..000000000 --- a/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/Chart.yaml b/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/Chart.yaml deleted file mode 100755 index 10b3cf005..000000000 --- a/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/Chart.yaml +++ /dev/null @@ -1,18 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: citrix-adc-istio-ingress-gateway -apiVersion: v1 -appVersion: 1.2.1 -description: A Helm chart for Citrix ADC as Ingress Gateway installation in Istio - Service Mesh on Kubernetes platform -home: https://www.citrix.com -icon: https://raw.githubusercontent.com/citrix/citrix-helm-charts/gh-pages/icon.png -maintainers: -- email: dhiraj.gedam@citrix.com - name: dheerajng -- email: subash.dangol@citrix.com - name: subashd -name: citrix-adc-istio-ingress-gateway -sources: -- https://github.com/citrix/citrix-istio-adaptor -version: 1.2.100 diff --git a/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/README.md b/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/README.md deleted file mode 100755 index 0362e7b1f..000000000 --- a/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/README.md +++ /dev/null @@ -1,220 +0,0 @@ -# Deploy Citrix ADC as an Ingress Gateway in Istio environment using Helm charts - -Citrix Application Delivery Controller (ADC) can be deployed as an Istio Ingress Gateway to control the ingress traffic to Istio service mesh. - -# Table of Contents -1. [TL; DR;](#tldr) -2. [Introduction](#introduction) -3. [Deploy Citrix ADC VPX or MPX as an Ingress Gateway](#deploy-citrix-adc-vpx-or-mpx-as-an-ingress-gateway) -4. [Deploy Citrix ADC CPX as an Ingress Gateway](#deploy-citrix-adc-cpx-as-an-ingress-gateway) -5. [Using Existing Certificates to deploy Citrix ADC as an Ingress Gateway](#using-existing-certificates-to-deploy-citrix-adc-as-an-ingress-gateway) -6. [Segregating traffic with multiple Ingress Gateways](#segregating-traffic-with-multiple-ingress-gateways) -7. [Visualizing statistics of Citrix ADC Ingress Gateway with Metrics Exporter](#visualizing-statistics-of-citrix-adc-ingress-gateway-with-metrics-exporter) -8. [Exposing services running on non-HTTP ports](#exposing-services-running-on-non-http-ports) -9. [Citrix ADC as Ingress Gateway: a sample deployment](#citrix-adc-as-ingress-gateway-a-sample-deployment) -10. [Uninstalling the Helm chart](#uninstalling-the-helm-chart) -11. [Configuration Parameters](#configuration-parameters) - - -## TL; DR; - -### To deploy Citrix ADC VPX or MPX as an Ingress Gateway: - - kubectl create secret generic nslogin --from-literal=username= --from-literal=password= -n citrix-system - - helm repo add citrix https://citrix.github.io/citrix-helm-charts/ - - helm install citrix-adc-istio-ingress-gateway citrix/citrix-adc-istio-ingress-gateway --namespace citrix-system --set ingressGateway.EULA=YES --set istioAdaptor.netscalerUrl=https://[:port] --set istioAdaptor.vserverIP= - -### To deploy Citrix ADC CPX as an Ingress Gateway: - - helm repo add citrix https://citrix.github.io/citrix-helm-charts/ - - helm install citrix-adc-istio-ingress-gateway citrix/citrix-adc-istio-ingress-gateway --namespace citrix-system --set ingressGateway.EULA=YES --set citrixCPX=true - - -## Introduction - -This chart deploys Citrix ADC VPX, MPX, or CPX as an Ingress Gateway in the Istio service mesh using the Helm package manager. For detailed information on different deployment options, see [Deployment Architecture](https://github.com/citrix/citrix-istio-adaptor/blob/master/docs/architecture.md). - -### Prerequisites - -The following prerequisites are required for deploying Citrix ADC as an Ingress Gateway in Istio service mesh: - -- Ensure that **Istio version 1.3.0** is installed -- Ensure that Helm with version 3.x is installed. Follow this [step](https://github.com/citrix/citrix-helm-charts/blob/master/Helm_Installation_version_3.md) to install the same. -- Ensure that your cluster has Kubernetes version 1.14.0 or later and the `admissionregistration.k8s.io/v1beta1` API is enabled -- **For deploying Citrix ADC VPX or MPX as an Ingress gateway:** - - Create a Kubernetes secret for the Citrix ADC user name and password using the following command: - - kubectl create secret generic nslogin --from-literal=username= --from-literal=password= -n citrix-system - -You can verify the API by using the following command: - - kubectl api-versions | grep admissionregistration.k8s.io/v1beta1 - -The following output indicates that the API is enabled: - - admissionregistration.k8s.io/v1beta1 - -- **Important Note:** For deploying Citrix ADC VPX or MPX as ingress gateway, you should establish the connectivity between Citrix ADC VPX or MPX and cluster nodes. This connectivity can be established by configuring routes on Citrix ADC as mentioned [here](https://github.com/citrix/citrix-k8s-ingress-controller/blob/master/docs/network/staticrouting.md) or by deploying [Citrix Node Controller](https://github.com/citrix/citrix-k8s-node-controller). - - -## Deploy Citrix ADC VPX or MPX as an Ingress Gateway - - To deploy Citrix ADC VPX or MPX as an Ingress Gateway in the Istio service mesh, do the following step. In this example, release name is specified as `citrix-adc-istio-ingress-gateway` and namespace as `citrix-system`. - - kubectl create secret generic nslogin --from-literal=username= --from-literal=password= -n citrix-system - - helm repo add citrix https://citrix.github.io/citrix-helm-charts/ - - helm install citrix-adc-istio-ingress-gateway citrix/citrix-adc-istio-ingress-gateway --namespace citrix-system --set ingressGateway.EULA=YES,istioAdaptor.netscalerUrl=https://[:port],istioAdaptor.vserverIP= - -## Deploy Citrix ADC CPX as an Ingress Gateway - - To deploy Citrix ADC CPX as an Ingress Gateway, do the following step. In this example, release name is specified as `my-release` and namespace is used as `citrix-system`. - - helm repo add citrix https://citrix.github.io/citrix-helm-charts/ - - helm install my-release citrix/citrix-adc-istio-ingress-gateway --namespace citrix-system --set ingressGateway.EULA=YES,citrixCPX=true - - -## Using Existing Certificates to deploy Citrix ADC as an Ingress Gateway - -You may want to use the existing certificate and key for authenticating access to an application using Citrix ADC Ingress Gateway. In that case, you can create a Kubernetes secret from the existing certificate and key. You can mount the Kubernetes secret as data volumes in Citrix ADC Ingress Gateway. - -To create a Kubernetes secret using an existing key named `test_key.pem` and a certificate named `test.pem`, use the following command: - - kubectl create -n citrix-system secret tls citrix-ingressgateway-certs --key test_key.pem --cert test.pem - -Note: Ensure that Kubernetes secret is created in the same namespace where Citrix ADC Ingress Gateway is deployed. - -To deploy Citrix ADC VPX or MPX with secret volume, do the following step: - - kubectl create secret generic nslogin --from-literal=username= --from-literal=password= -n citrix-system - - helm repo add citrix https://citrix.github.io/citrix-helm-charts/ - - helm install my-release citrix/citrix-adc-istio-ingress-gateway --namespace citrix-system --set ingressGateway.EULA=YES,istioAdaptor.netscalerUrl=https://[:port],istioAdaptor.vserverIP=,ingressGateway.secretVolumes[0].name=test-ingressgateway-certs,ingressGateway.secretVolumes[0].secretName=test-ingressgateway-certs,ingressGateway.secretVolumes[0].mountPath=/etc/istio/test-ingressgateway-certs - -To deploy Citrix ADC CPX with secret volume, do the following step: - - helm repo add citrix https://citrix.github.io/citrix-helm-charts/ - - helm install my-release citrix/citrix-adc-istio-ingress-gateway --namespace citrix-system --set ingressGateway.EULA=YES,citrixCPX=true,ingressGateway.secretVolumes[0].name=test-ingressgateway-certs,ingressGateway.secretVolumes[0].secretName=test-ingressgateway-certs,ingressGateway.secretVolumes[0].mountPath=/etc/istio/test-ingressgateway-certs - -## Segregating traffic with multiple Ingress Gateways - -You can deploy multiple Citrix ADC Ingress Gateway devices and segregate traffic to various deployments in the Istio service mesh. This can be achieved with *custom labels*. By default, Citrix ADC Ingress Gateway service comes up with the `app: citrix-ingressgateway` label. This label is used as a selector while deploying the Ingress Gateway or virtual service resources. If you want to deploy Ingress Gateway with the custom label, you can do it using the `ingressGateway.label` option in the Helm chart. - -To deploy Citrix ADC CPX Ingress Gateway with the label `my_custom_ingressgateway`, do the following step: - - kubectl create secret generic nslogin --from-literal=username= --from-literal=password= -n citrix-system - - helm repo add citrix https://citrix.github.io/citrix-helm-charts/ - - helm install my-release citrix/citrix-adc-istio-ingress-gateway --namespace citrix-system --set ingressGateway.EULA=YES,citrixCPX=true,ingressGateway.lightWeightCPX=NO,ingressGateway.label=my_custom_ingressgateway - -To deploy Citrix ADC VPX or MPX as an Ingress Gateway with the label `my_custom_ingressgateway`, do the following step: - - helm repo add citrix https://citrix.github.io/citrix-helm-charts/ - - helm install my-release citrix/citrix-adc-istio-ingress-gateway --namespace citrix-system --set ingressGateway.EULA=YES,istioAdaptor.netscalerUrl=https://[:port],istioAdaptor.vserverIP=,ingressGateway.label=my_custom_ingressgateway - -## Visualizing statistics of Citrix ADC Ingress Gateway with Metrics Exporter - -By default, [Citrix ADC Metrics Exporter](https://github.com/citrix/citrix-adc-metrics-exporter) is also deployed along with Citrix ADC Ingress Gateway. Citrix ADC Metrics Exporter fetches statistical data from Citrix ADC and exports it to Prometheus running in Istio service mesh. When you add Prometheus as a data source in Grafana, you can visualize this statistical data in the Grafana dashboard. - -Metrics Exporter requires the IP address of Citrix ADC CPX or VPX Ingress Gateway. It is retrieved from the value specified for `istioAdaptor.netscalerUrl`. - -When Citrix ADC CPX is deployed as Ingress Gateway, Metrics Exporter runs along with Citrix CPX Ingress Gateway in the same pod and specifying IP address is optional. - -To deploy Citrix ADC as Ingress Gateway without Metrics Exporter, set the value of `metricExporter.required` as false. - - - kubectl create secret generic nslogin --from-literal=username= --from-literal=password= -n citrix-system - - helm repo add citrix https://citrix.github.io/citrix-helm-charts/ - - helm install citrix-adc-istio-ingress-gateway citrix/citrix-adc-istio-ingress-gateway --namespace citrix-system --set ingressGateway.EULA=YES,istioAdaptor.netscalerUrl=https://[:port],istioAdaptor.vserverIP=,metricExporter.required=false - -"Note:" To remotely access telemetry addons such as Prometheus and Grafana, see [Remotely Accessing Telemetry Addons](https://istio.io/docs/tasks/telemetry/gateways/). - -## Exposing services running on non-HTTP ports - -By default, services running on HTTP ports (80 & 443) are exposed through Citrix ADC Ingress Gateway. Similarly, you can expose services that are deployed on non-HTTP ports through the Citrix ADC Ingress Gateway device. - -To deploy Citrix ADC MPX or VPX, and expose a service running on a TCP port, do the following step. - -In this example, a service running on TCP port 5000 is exposed using port 10000 on Citrix ADC. - - kubectl create secret generic nslogin --from-literal=username= --from-literal=password= -n citrix-system - - helm repo add citrix https://citrix.github.io/citrix-helm-charts/ - - helm install my-release citrix/citrix-adc-istio-ingress-gateway --namespace citrix-system --set ingressGateway.EULA=YES,istioAdaptor.netscalerUrl=https://[:port],istioAdaptor.vserverIP=,ingressGateway.tcpPort[0].name=tcp1,ingressGateway.tcpPort[0].port=10000,ingressGateway.tcpPort[0].targetPort=5000 - - To deploy Citrix ADC CPX and expose a service running on a TCP port, do the following step. - In this example, port 10000 on the Citrix ADC CPX instance is exposed using TCP port 30000 (node port configuration) on the host machine. - - helm repo add citrix https://citrix.github.io/citrix-helm-charts/ - - helm install my-release citrix/citrix-adc-istio-ingress-gateway --namespace citrix-system --set ingressGateway.EULA=YES,citrixCPX=true,ingressGateway.tcpPort[0].name=tcp1,ingressGateway.tcpPort[0].nodePort=30000,ingressGateway.tcpPort[0].port=10000,ingressGateway.tcpPort[0].targetPort=5000 - - -## Citrix ADC as Ingress Gateway: a sample deployment - -A sample deployment of Citrix ADC as an Ingress gateway for the Bookinfo application is provided [here](https://github.com/citrix/citrix-helm-charts/tree/master/examples/citrix-adc-in-istio). - -## Uninstalling the Helm chart - -To uninstall or delete a chart with release name as `my-release`, do the following step. - - helm delete my-release - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Configuration parameters - -The following table lists the configurable parameters in the Helm chart and their default values. - - -| Parameter | Description | Default | Optional/Mandatory | -|--------------------------------|-------------------------------|---------------------------|---------------------------| -| `citrixCPX` | Citrix ADC CPX | FALSE | Mandatory for Citrix ADC CPX | -| `istioAdaptor.image` | Image of the Citrix Istio-adaptor container |quay.io/citrix/citrix-istio-adaptor| Mandatory| -| `istioAdaptor.tag` | Tag of the Istio adaptor image | 1.2.0 | Mandatory| -| `istioAdaptor.imagePullPolicy` | Image pull policy for Istio-adaptor | IfNotPresent | Optional| -| `istioAdaptor.vserverIP` | Virtual server IP address on Citrix ADC (Mandatory if citrixCPX=false) | null | Mandatory for Citrix ADC MPX or VPX| -| `istioAdaptor.netscalerUrl` | URL or IP address of the Citrix ADC which Istio-adaptor configures (Mandatory if citrixCPX=false)| null |Mandatory for Citrix ADC MPX or VPX| -| `istioAdaptor.secureConnect` | If this value is set to true, Istio-adaptor establishes secure gRPC channel with Istio Pilot | TRUE | Optional| -| `istioAdaptor.netProfile ` | Network profile name used by [CNC](https://github.com/citrix/citrix-k8s-node-controller) to configure Citrix ADC VPX or MPX which is deployed as Ingress Gateway | null | Optional| -| `istioAdaptor.coeURL` | Name of [Citrix Observability Exporter](https://github.com/citrix/citrix-observability-exporter) Service in the form of "." | null | Optional| -| `istioAdaptor.ADMIP ` | Citrix Application Delivery Management (ADM) IP address | NIL | Mandatory for Citrix ADC CPX | -| `istioAdaptor.ADMFingerPrint ` | Citrix Application Delivery Management (ADM) Finger Print. For more information, see [this](https://docs.citrix.com/en-us/citrix-application-delivery-management-service/application-analytics-and-management/service-graph.html) | NIL | Optional| -| `ingressGateway.image` | Image of Citrix ADC CPX designated to run as Ingress Gateway |quay.io/citrix/citrix-k8s-cpx-ingress| Mandatory for Citrix ADC CPX | -| `ingressGateway.tag` | Version of Citrix ADC CPX | 13.0-47.22 | Mandatory for Citrix ADC CPX | -| `ingressGateway.imagePullPolicy` | Image pull policy | IfNotPresent | Optional| -| `ingressGateway.EULA` | End User License Agreement(EULA) terms and conditions. If yes, then user agrees to EULA terms and conditions. | NO | Mandatory for Citrix ADC CPX -| `ingressGateway.mgmtHttpPort` | Management port of the Citrix ADC CPX | 9080 | Optional| -| `ingressGateway.mgmtHttpsPort` | Secure management port of Citrix ADC CPX | 9443 | Optional| -| `ingressGateway.httpNodePort` | Port on host machine which is used to expose HTTP port (80) of Citrix ADC CPX | 30180 |Optional| -| `ingressGateway.httpsNodePort` | Port on host machine which is used to expose HTTPS port (443) of Citrix ADC CPX | 31443 |Optional| -| `ingressGateway.secretVolume` | A map of user defined volumes to be mounted using Kubernetes secrets | null |Optional| -| `ingressGateway.licenseServerPort` | Citrix ADM port if a non-default port is used | 27000 | Optional| -| `ingressGateway.label` | Custom label for the Ingress Gateway service | citrix-ingressgateway |Optional| -| `ingressGateway.tcpPort` | For exposing multiple TCP ingress | NIL |Optional| -| `istioPilot.name` | Name of the Istio Pilot service | istio-pilot |Optional| -| `istioPilot.namespace` | Namespace where Istio Pilot is running | istio-system |Optional| -| `istioPilot.secureGrpcPort` | Secure GRPC port where Istio Pilot is listening (default setting) | 15011 |Optional| -| `istioPilot.insecureGrpcPort` | Insecure GRPC port where Istio Pilot is listening | 15010 |Optional| -| `istioPilot.SAN` | Subject alternative name for Istio Pilot which is the secure production identity framework for everyone (SPIFFE) ID of Istio Pilot | spiffe://cluster.local/ns/istio-system/sa/istio-pilot-service-account |Optional| -| `metricExporter.required` | Metrics exporter for Citrix ADC | TRUE |Optional| -| `metricExporter.image` | Image of the Citrix ADC Metrics Exporter | quay.io/citrix/citrix-adc-metrics-exporter |Optional| -| `metricExporter.version` | Version of the Citrix ADC Metrics Exporter image | 1.4.0 |Optional| -| `metricExporter.port` | Port over which Citrix ADC Metrics Exporter collects metrics of Citrix ADC. | 8888 |Optional| -| `metricExporter.secure` | Enables collecting metrics over TLS | YES |Optional| -| `metricExporter.logLevel` | Level of logging in Citrix ADC Metrics Exporter. Possible values are: DEBUG, INFO, WARNING, ERROR, CRITICAL | ERROR |Optional| -| `metricExporter.imagePullPolicy` | Image pull policy for Citrix ADC Metrics Exporter | IfNotPresent |Optional| - diff --git a/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/app-readme.md b/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/app-readme.md deleted file mode 100755 index 15e4cb6fe..000000000 --- a/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/app-readme.md +++ /dev/null @@ -1,18 +0,0 @@ -# Citrix ADC as an Ingress Gateway for Istio - -An [Istio](https://istio.io/) ingress gateway acts as an entry point for the incoming traffic and secures and controls access to the service mesh. It also performs routing and load balancing. Citrix ADC [CPX](https://docs.citrix.com/en-us/citrix-adc-cpx), MPX, or [VPX](https://docs.citrix.com/en-us/citrix-adc.html), can be deployed as an ingress gateway to the Istio service mesh. - -### Prerequisites - -The following prerequisites are required for deploying Citrix ADC as an Ingress Gateway in Istio service mesh: - -- Ensure that **Istio** is enabled. -- Ensure that your cluster has Kubernetes version 1.14.0 or later. -- Ensure to create secret named **nslogin** with username and password in same namespace in case of VPX/MPX . Choose the **Resources > Secrets** in the navigation bar. - -### Important NOTE: -- Follow this [link](https://github.com/citrix/citrix-helm-charts/blob/master/examples/citrix-adc-in-istio/README.md -) to deploy Citrix ADC as an ingress gateway for application. -- For deploying Citrix ADC VPX or MPX as ingress gateway, you should establish the connectivity between Citrix ADC VPX or MPX and cluster nodes. This connectivity can be established by configuring routes on Citrix ADC as mentioned [here](https://github.com/citrix/citrix-k8s-ingress-controller/blob/master/docs/network/staticrouting.md) or by deploying [Citrix Node Controller](https://github.com/citrix/citrix-k8s-node-controller). - -This catalog deploys Citrix ADC VPX, MPX, or CPX as an Ingress Gateway in the Istio service mesh. For detailed information on various deployment options,checkout this [link](https://github.com/citrix/citrix-istio-adaptor). diff --git a/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/questions.yml b/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/questions.yml deleted file mode 100755 index 1ee110b95..000000000 --- a/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/questions.yml +++ /dev/null @@ -1,300 +0,0 @@ -questions: -- variable: citrixCPX - required: true - type: boolean - default: true - description: "Set true to use Citrix ADC CPX as ingress device. Set false to use VPX/MPX as ingress device" - label: citrixCPX - group: "Deployment Settings" -- variable: secrets.name - required: true - type: string - default: "nslogin" - description: "Ensure to create nslogin secret in same namespace" - show_if: "citrixCPX=false" - group: "nslogin Settings" -- variable: istioAdaptor.image - required: true - type: string - default: "quay.io/citrix/citrix-istio-adaptor" - label: istioAdaptor Image - description: "Istio-adaptor Image to be used" - group: "Istio-adaptor Settings" -- variable: istioAdaptor.tag - required: true - type: string - default: "1.2.1" - label: istioAdaptor tag - group: "Istio-adaptor Settings" -- variable: istioAdaptor.imagePullPolicy - required: true - type: enum - default: IfNotPresent - label: istioAdaptor imagePullPolicy - description: "Istio-adaptor Image pull policy" - options: - - "Always" - - "IfNotPresent" - - "Never" - group: "Istio-adaptor Settings" -- variable: istioAdaptor.netscalerUrl - required: true - type: string - default: null - label: istioAdaptor netscalerUrl - description: "URL or IP address of the Citrix ADC which Istio-adaptor configures" - show_if: "citrixCPX=false" - group: "Istio-adaptor Settings" -- variable: istioAdaptor.secureConnect - type: boolean - default: true - label: istioAdaptor secureConnect - description: "If this value is set to true, Istio-adaptor establishes secure gRPC channel with Istio Pilot" - group: "Istio-adaptor Settings" -- variable: istioAdaptor.vserverIP - required: true - type: string - label: istioAdaptor vserverIP - show_if: "citrixCPX=false" - descriptions: "Virtual server IP address on Citrix ADC" - group: "Istio-adaptor Settings" -- variable: istioAdaptor.netProfile - type: string - label: istioAdaptor netProfile - description: "profile name used by CNC to configure VPX/MPX" - show_if: "citrixCPX=false" - group: "Istio-adaptor Settings" -- variable: istioAdaptor.ADMIP - type: string - label: istioAdaptor ADMIP - description: "Citrix Application Delivery Management (ADM) IP address" - group: "Istio-adaptor Settings" -- variable: istioAdaptor.ADMFingerPrint - type: string - label: istioAdaptor ADMFingerPrint - description: "Citrix Application Delivery Management (ADM) Finger Print." - group: "Istio-adaptor Settings" -- variable: istioAdaptor.coeURL - type: string - label: istioAdaptor coeURL - description: "Name of Citrix Observability Exporter Service" - group: "Istio-adaptor Settings" -- variable: istioPilot.name - required: true - type: string - default: istio-pilot - label: istio-pilot name - group: "istio-pilot Settings" - description: "Name of the Istio Pilot service" -- variable: istioPilot.namespace - required: true - type: string - default: istio-system - label: istio-pilot namespace - description: "Namespace where Istio Pilot is running" - group: "istio-pilot Settings" -- variable: istioPilot.secureGrpcPort - required: true - type: int - default: 15011 - label: istio-pilot secureGrpcPort - show_if: "istioAdaptor.secureConnect=true" - description: "Secure GRPC port where Istio Pilot is listening" - group: "istio-pilot Settings" -- variable: istioPilot.insecureGrpcPort - required: true - type: int - default: 15010 - show_if: "istioAdaptor.secureConnect=false" - label: istio-pilot insecureGrpcPort - description: "Insecure GRPC port where Istio Pilot is listening" - group: "istio-pilot Settings" -- variable: istioPilot.SAN - required: true - type: string - default: "spiffe://cluster.local/ns/istio-system/sa/istio-pilot-service-account" - label: istio-pilot SAN - description: "Subject alternative name for Istio Pilot which is (SPIFFE) ID of Istio Pilot" - show_if: "istioAdaptor.secureConnect=true" - group: "istio-pilot Settings" -- variable: ingressGateway.image - required: true - type: string - default: "quay.io/citrix/citrix-k8s-cpx-ingress" - label: ingressGateway Image - description: "ingressGateway image to be used" - group: "ingressGateway Settings" -- variable: ingressGateway.tag - required: true - type: string - default: "13.0-47.22" - label: ingressGateway tag - group: "ingressGateway Settings" -- variable: ingressGateway.imagePullPolicy - required: true - type: enum - default: IfNotPresent - label: ingressGateway imagePullPolicy - description: Ingress-gateway Image pull policy - group: "ingressGateway Settings" - options: - - "Always" - - "IfNotPresent" - - "Never" -- variable: ingressGateway.EULA - required: true - type: enum - description: "End user license agreement (read EULA before accepting it yes)" - label: ingressGateway EULA - options: - - "YES" - - "NO" - group: "ingressGateway Settings" -- variable: ingressGateway.mgmtHttpPort - required: true - type: int - default: 10080 - label: ingressGateway mgmtHttpPort - description: "Management port of the Citrix ADC CPX" - show_if: "citrixCPX=true" - group: "ingressGateway Settings" -- variable: ingressGateway.mgmtHttpsPort - required: true - type: int - default: 10443 - show_if: "citrixCPX=true" - label: ingressGateway mgmtHttpsPort - description: "Secure management port of Citrix ADC CPX" - group: "ingressGateway Settings" -- variable: ingressGateway.httpNodePort - required: true - type: int - default: 30180 - show_if: "citrixCPX=true" - label: ingressGateway httpNodePort - description: "Port on host machine which is used to expose HTTP port of Citrix ADC CPX" - group: "ingressGateway Settings" -- variable: ingressGateway.httpsNodePort - required: true - type: int - default: 31443 - show_if: "citrixCPX=true" - label: ingressGateway httpsNodePort - description: "Port on host machine which is used to expose HTTPS port of Citrix ADC CPX" - group: "ingressGateway Settings" -- variable: ingressGateway.exposeMutipleApps - required: true - type: boolean - default: false - description: "By default, only one service is exposed via ingress gateway. To expose another service, select it TRUE, and then specify a set of secret, volume name, mount path in subsequent fields" - label: exposeMutipleApps - group: "ingressGateway Settings" -- variable: ingressGateway.secretVolumes[0].name - required: true - type: string - show_if: "ingressGateway.exposeMutipleApps=true" - label: ingressGateway secretVolumes name - group: "ingressGateway Settings" -- variable: ingressGateway.secretVolumes[0].secretName - required: true - type: string - show_if: "ingressGateway.exposeMutipleApps=true" - label: ingressGateway secretVolumes secretName - description: "user defined volumes to be mounted using Kubernetes secrets name" - group: "ingressGateway Settings" -- variable: ingressGateway.secretVolumes[0].mountPath - required: true - type: string - show_if: "ingressGateway.exposeMutipleApps=true" - label: ingressGateway secretVolumes mountPath - group: "ingressGateway Settings" -- variable: ingressGateway.licenseServerPort - type: int - default: 27000 - label: ingressGateway licenseServerPort - description: "Citrix ADM port if a non-default port is used" - group: "ingressGateway Settings" -- variable: ingressGateway.label - required: true - type: string - default: "citrix-ingressgateway" - label: ingressGateway label - description: "Custom label for the Ingress Gateway service" - group: "ingressGateway Settings" -- variable: ingressGateway.exposeNonHttpService - required: true - type: boolean - default: false - description: "By default, gateway is configured to expose HTTP(S) services. To expose non-HTTP services, select exposeNonHttpService to True, and then specify a set of port, port-name, target-port, nodeport (if applicable) in subsequent field." - label: exposeNonHttpService - group: "ingressGateway Settings" -- variable: ingressGateway.tcpPort[0].name - required: true - type: string - default: - label: Services runing on tcpPort name - show_if: "ingressGateway.exposeNonHttpService=true" - group: "ingressGateway Settings" -- variable: ingressGateway.tcpPort[0].nodePort - required: true - type: int - min: 30000 - max: 32767 - label: Citrix ADC CPX exposed using nodePort - show_if: "citrixCPX=true && ingressGateway.exposeNonHttpService=true" - description: "NodePort (to set explicitly, choose port between 30000-32767)" - group: "ingressGateway Settings" -- variable: ingressGateway.tcpPort[0].port - required: true - type: int - label: Services exposed using Port on Citrix ADC - show_if: "ingressGateway.exposeNonHttpService=true" - group: "ingressGateway Settings" -- variable: ingressGateway.tcpPort[0].targetPort - required: true - type: int - label: Services running on targetPort - show_if: "ingressGateway.exposeNonHttpService=true" - group: "ingressGateway Settings" -- variable: metricExporter.image - required: true - type: string - default: "quay.io/citrix/citrix-adc-metrics-exporter" - label: Exporter Image - description: "Exporter Image to be used" - group: "metricExporter Settings" -- variable: metricExporter.version - required: true - type: string - default: "1.4.0" - label: metricExporter Version - group: "metricExporter Settings" -- variable: metricExporter.port - required: true - type: int - default: 8888 - label: metricExporter Port - group: "metricExporter Settings" -- variable: metricExporter.logLevel - required: true - type: enum - default: ERROR - label: metricExporter logLevel - group: "metricExporter Settings" - options: - - "DEBUG" - - "INFO" - - "WARNING" - - "ERROR" - - "TRACE" -- variable: metricExporter.imagePullPolicy - required: true - type: enum - default: IfNotPresent - label: metricExporter imagePullPolicy - description: "Exporter Image pull policy" - group: "metricExporter Settings" - options: - - "Always" - - "IfNotPresent" - - "Never" diff --git a/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/templates/_helpers.tpl b/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/templates/_helpers.tpl deleted file mode 100755 index 91374c7bd..000000000 --- a/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/templates/_helpers.tpl +++ /dev/null @@ -1,4 +0,0 @@ -{{- define "exporter_nsip" -}} -{{- $match := .Values.istioAdaptor.netscalerUrl | toString | regexFind "//.*[:]*" -}} -{{- $match | trimAll ":" | trimAll "/" -}} -{{- end -}} diff --git a/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/templates/citrix-adc-ingressgateway-deployment.yaml b/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/templates/citrix-adc-ingressgateway-deployment.yaml deleted file mode 100755 index fcf187f55..000000000 --- a/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/templates/citrix-adc-ingressgateway-deployment.yaml +++ /dev/null @@ -1,330 +0,0 @@ -{{- if eq .Values.citrixCPX true }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: citrix-ingressgateway - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.ingressGateway.label | default "citrix-ingressgateway" }} -spec: - replicas: 1 - selector: - matchLabels: - app: {{ .Values.ingressGateway.label | default "citrix-ingressgateway" }} - template: - metadata: - labels: - app: {{ .Values.ingressGateway.label | default "citrix-ingressgateway" }} - annotations: - scheduler.alpha.kubernetes.io/critical-pod: "" - prometheus.io/port: "{{ .Values.metricExporter.port }}" - prometheus.io/scrape: "true" - spec: - volumes: - - name: nslogin - secret: - secretName: nslogin - - name: istio-certs - secret: - optional: true - secretName: istio.default - - name: citrix-ingressgateway-certs - secret: - optional: true - secretName: "citrix-ingressgateway-certs" # IMPORTANT: This secret MUST BE created before deploying gateway and ingress-gateway - - name: citrix-ingressgateway-ca-certs - secret: - optional: true - secretName: "citrix-ingressgateway-ca-certs" # IMPORTANT: This secret MUST BE created before deploying gateway and ingress-gateway - {{- range .Values.ingressGateway.secretVolumes }} - - name: {{ .name }} - secret: - secretName: {{ .secretName | quote }} - optional: true - {{- end }} - - name: cpx-conf - emptyDir: {} - containers: -{{- if eq .Values.metricExporter.required true }} - - name: exporter - image: {{ .Values.metricExporter.image }}:{{ .Values.metricExporter.version }} - imagePullPolicy: IfNotPresent - args: - - "--target-nsip=127.0.0.1" - - "--port={{ .Values.metricExporter.port }}" - - "--log-level={{ .Values.metricExporter.logLevel }}" - env: - - name: NS_USER - valueFrom: - secretKeyRef: - name: nslogin - key: username - - name: NS_PASSWORD - valueFrom: - secretKeyRef: - name: nslogin - key: password -{{- end }} - - name: istio-adaptor - image: {{ .Values.istioAdaptor.image }}:{{ .Values.istioAdaptor.tag }} - imagePullPolicy: {{ .Values.istioAdaptor.imagePullPolicy }} - args: - - -pilot-location -{{- if eq .Values.istioAdaptor.secureConnect true }} - - {{ .Values.istioPilot.name}}.{{.Values.istioPilot.namespace }}:{{ .Values.istioPilot.secureGrpcPort }} # istio-pilot.istio-system:15011 -{{- else }} - - {{ .Values.istioPilot.name}}.{{.Values.istioPilot.namespace }}:{{ .Values.istioPilot.insecureGrpcPort }} # istio-pilot.istio-system:15010 -{{- end }} - - -proxy-type - - {{ .Values.istioAdaptor.proxyType | default "router" | quote }} - - -pilot-SAN - - {{ .Values.istioPilot.SAN }} - - -netscaler-url - - "http://127.0.0.1" - - -secure-connect={{ .Values.istioAdaptor.secureConnect}} - - -adm-ip -{{- if .Values.istioAdaptor.ADMIP }} - - {{ .Values.istioAdaptor.ADMIP }} -{{- else }} - - "" -{{- end }} -{{- if .Values.istioAdaptor.coeURL }} - - -coe-url - - {{ .Values.istioAdaptor.coeURL }} -{{- end }} - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: APPLICATION_NAME - valueFrom: - fieldRef: - fieldPath: metadata.labels['app'] - securityContext: - readOnlyRootFilesystem: true - runAsUser: 32024 # UID of istio-adaptor container's user - volumeMounts: - - mountPath: /etc/certs - name: istio-certs - readOnly: true - - mountPath: /etc/nslogin - name: nslogin - readOnly: true - - mountPath: /etc/istio/ingressgateway-certs # Make sure that Gateway definition has this path mentioned in server.tls section for SIMPLE TLS - name: citrix-ingressgateway-certs - readOnly: true - - mountPath: /etc/istio/ingressgateway-ca-certs # Make sure that Gateway definition has this path mentioned in server.tls section for MUTUAL TLS - name: citrix-ingressgateway-ca-certs - readOnly: true - {{- range .Values.ingressGateway.secretVolumes }} - - name: {{ .name }} - mountPath: {{ .mountPath | quote }} - readOnly: true - {{- end }} - - name: citrix-ingressgateway - image: "{{ .Values.ingressGateway.image }}:{{ .Values.ingressGateway.tag }}" - imagePullPolicy: {{ .Values.ingressGateway.imagePullPolicy }} - securityContext: - privileged: true - ports: - - containerPort: 80 - - containerPort: 443 -{{- if .Values.ingressGateway.mgmtHttpPort }} - - containerPort: {{ .Values.ingressGateway.mgmtHttpPort }} -{{- end }} -{{- if .Values.ingressGateway.mgmtHttpsPort }} - - containerPort: {{ .Values.ingressGateway.mgmtHttpsPort }} -{{- end }} -{{- range .Values.ingressGateway.tcpPort }} - - containerPort: {{ .port }} -{{- end }} - volumeMounts: - - mountPath: /cpx/conf/ - name: cpx-conf - env: - - name: "EULA" - value: "{{ .Values.ingressGateway.EULA }}" - - name: "MGMT_HTTP_PORT" - value: "{{ .Values.ingressGateway.mgmtHttpPort }}" - - name: "MGMT_HTTPS_PORT" - value: "{{ .Values.ingressGateway.mgmtHttpsPort }}" - - name: "NS_CPX_LITE" - value: "{{ .Values.ingressGateway.lightWeightCPX }}" -{{- if or .Values.istioAdaptor.coeURL .Values.istioAdaptor.ADMIP }} - - name: "NS_ENABLE_NEWNSLOG" - value: "1" -{{- end }} - - name: "KUBERNETES_TASK_ID" - value: "" - - name: "LS_IP" - value: {{ .Values.istioAdaptor.ADMIP | default "" }} - - name: "LS_PORT" - value: "{{ .Values.ingressGateway.licenseServerPort}}" -{{- if .Values.istioAdaptor.ADMFingerPrint }} - - name: "NS_MGMT_SERVER" - value: {{ .Values.istioAdaptor.ADMIP }} - - name: "NS_MGMT_FINGER_PRINT" - value: {{ .Values.istioAdaptor.ADMFingerPrint | quote }} - - name: "NS_HTTP_PORT" - value: {{ .Values.ingressGateway.mgmtHttpPort | quote }} - - name: "NS_HTTPS_PORT" - value: {{ .Values.ingressGateway.mgmtHttpsPort | quote }} -{{- end }} - - name: "LOGSTREAM_COLLECTOR_IP" - value: {{ .Values.istioAdaptor.ADMIP | default ""}} - ---- -{{ else }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: citrix-ingressgateway - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.ingressGateway.label | default "citrix-ingressgateway" }} -spec: - replicas: 1 - selector: - matchLabels: - app: {{ .Values.ingressGateway.label | default "citrix-ingressgateway" }} - template: - metadata: - labels: - app: {{ .Values.ingressGateway.label | default "citrix-ingressgateway" }} - annotations: - scheduler.alpha.kubernetes.io/critical-pod: "" - prometheus.io/port: "{{ .Values.metricExporter.port }}" - prometheus.io/scrape: "true" - spec: - containers: -{{- if eq .Values.metricExporter.required true }} - - name: exporter - image: {{ .Values.metricExporter.image }}:{{ .Values.metricExporter.version }} - imagePullPolicy: {{ .Values.metricExporter.imagePullPolicy }} - args: - - "--target-nsip={{- include "exporter_nsip" . -}}" - - "--port={{ .Values.metricExporter.port }}" - - "--secure={{ .Values.metricExporter.secure | lower}}" - - "--log-level={{ .Values.metricExporter.logLevel }}" - env: - - name: NS_USER - valueFrom: - secretKeyRef: - name: nslogin - key: username - - name: NS_PASSWORD - valueFrom: - secretKeyRef: - name: nslogin - key: password -{{- end }} - - name: istio-adaptor - image: {{ .Values.istioAdaptor.image }}:{{ .Values.istioAdaptor.tag }} - imagePullPolicy: {{ .Values.istioAdaptor.imagePullPolicy }} - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: APPLICATION_NAME - valueFrom: - fieldRef: - fieldPath: metadata.labels['app'] - args: - - -pilot-location -{{- if eq .Values.istioAdaptor.secureConnect true }} - - {{ .Values.istioPilot.name}}.{{.Values.istioPilot.namespace }}:{{ .Values.istioPilot.secureGrpcPort }} # istio-pilot.istio-system:15011 -{{- else }} - - {{ .Values.istioPilot.name}}.{{.Values.istioPilot.namespace }}:{{ .Values.istioPilot.insecureGrpcPort }} # istio-pilot.istio-system:15010 -{{- end }} - - -proxy-type - - {{ .Values.istioAdaptor.proxyType | default "router" | quote }} - - -pilot-SAN - - {{ .Values.istioPilot.SAN }} - - -netscaler-url - - {{ required "Mention Citrix ADC IP/URL in https://[:port] format" .Values.istioAdaptor.netscalerUrl }} - - -vserver-ip - - {{ required "Mention Vserver IP to be configured on Citrix ADC" .Values.istioAdaptor.vserverIP }} - - -secure-connect={{ .Values.istioAdaptor.secureConnect | default true }} - # If using VPX/MPX as Ingress gateway, then specify the network profile name - # which was provided to Citrix Node Controller (CNC) -{{- if .Values.istioAdaptor.netProfile }} - - -net-profile - - {{ .Values.istioAdaptor.netProfile }} -{{- end }} - - -adm-ip - - "" -{{- if .Values.istioAdaptor.coeURL }} - - -coe-url - - {{ .Values.istioAdaptor.coeURL }} -{{- end }} - securityContext: - readOnlyRootFilesystem: true - runAsUser: 32024 # UID of istio-adaptor container's user - volumeMounts: - - mountPath: /etc/certs - name: istio-certs - readOnly: true - - mountPath: /etc/nslogin - name: nslogin - readOnly: true - - mountPath: /etc/istio/ingressgateway-certs # Make sure that Gateway definition has this path mentioned in server.tls section for SIMPLE TLS - name: citrix-ingressgateway-certs - readOnly: true - - mountPath: /etc/istio/ingressgateway-ca-certs # Make sure that Gateway definition has this path mentioned in server.tls section for MUTUAL TLS - name: citrix-ingressgateway-ca-certs - readOnly: true - {{- range .Values.ingressGateway.secretVolumes }} - - name: {{ .name }} - mountPath: {{ .mountPath | quote }} - readOnly: true - {{- end }} - volumes: - - name: nslogin - secret: - secretName: nslogin - - name: istio-certs - secret: - optional: true - secretName: istio.default - - name: citrix-ingressgateway-certs - secret: - optional: true - secretName: "citrix-ingressgateway-certs" # IMPORTANT: This secret MUST BE created before deploying gateway and ingress-gateway - - name: citrix-ingressgateway-ca-certs - secret: - optional: true - secretName: "citrix-ingressgateway-ca-certs" # IMPORTANT: This secret MUST BE created before deploying gateway and ingress-gateway - {{- range .Values.ingressGateway.secretVolumes }} - - name: {{ .name }} - secret: - secretName: {{ .secretName | quote }} - optional: true - {{- end }} ---- -{{- end}} diff --git a/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/templates/ingressgateway-service.yaml b/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/templates/ingressgateway-service.yaml deleted file mode 100755 index ba18349b3..000000000 --- a/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/templates/ingressgateway-service.yaml +++ /dev/null @@ -1,60 +0,0 @@ -{{- if eq .Values.citrixCPX true }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: citrix-ingressgateway - namespace: {{ .Release.Namespace }} -spec: - maxReplicas: 1 - minReplicas: 1 - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: citrix-ingressgateway - metrics: - - type: Resource - resource: - name: cpu - targetAverageUtilization: 60 ---- -{{- end }} -apiVersion: v1 -kind: Service -metadata: - name: citrix-ingressgateway - namespace: {{ .Release.Namespace }} - annotations: - labels: - app: {{ .Values.ingressGateway.label | default "citrix-ingressgateway" }} -spec: -{{- if eq .Values.citrixCPX true }} - type: LoadBalancer -{{- end }} - selector: - app: {{ .Values.ingressGateway.label | default "citrix-ingressgateway" }} - ports: - - - name: http2 -{{- if eq .Values.citrixCPX true }} - nodePort: {{ .Values.ingressGateway.httpNodePort }} -{{- end }} - port: 80 - targetPort: 80 - - - name: https -{{- if eq .Values.citrixCPX true }} - nodePort: {{ .Values.ingressGateway.httpsNodePort }} -{{- end }} - port: 443 - targetPort: 443 -{{- $isCPX := .Values.citrixCPX }} -{{- range .Values.ingressGateway.tcpPort }} - - - name: {{ .name }} -{{- if eq $isCPX true }} - nodePort: {{ .nodePort }} -{{- end }} - port: {{ .port }} - targetPort: {{ .targetPort }} -{{- end }} ---- diff --git a/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/templates/metrics-exporter-service.yaml b/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/templates/metrics-exporter-service.yaml deleted file mode 100755 index ad77e2374..000000000 --- a/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/templates/metrics-exporter-service.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if eq .Values.metricExporter.required true }} -kind: Service -apiVersion: v1 -metadata: - name: exporter - annotations: - labels: - service-type: citrix-adc-monitor -spec: - selector: - app: {{ .Values.ingressGateway.label | default "citrix-ingressgateway" }} - ports: - - name: exporter-port - port: {{ .Values.metricExporter.port }} - targetPort: {{ .Values.metricExporter.port }} ---- -{{- end }} diff --git a/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/templates/secret.yaml b/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/templates/secret.yaml deleted file mode 100755 index 0201c116d..000000000 --- a/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/templates/secret.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if eq .Values.citrixCPX true }} -apiVersion: v1 -kind: Secret -metadata: - name: nslogin - namespace: {{ .Release.Namespace }} -type: Opaque -data: - username: "bnNyb290" - password: "bnNyb290" -{{- end }} diff --git a/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/values.yaml b/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/values.yaml deleted file mode 100755 index ba929f218..000000000 --- a/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/values.yaml +++ /dev/null @@ -1,50 +0,0 @@ -# Default values for citrix-adc-istio-ingress-gateway -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -citrixCPX: false - -metricExporter: - required: true - image: quay.io/citrix/citrix-adc-metrics-exporter - version: 1.4.0 - port: 8888 - secure: "YES" - logLevel: ERROR - imagePullPolicy: IfNotPresent - -istioAdaptor: - image: quay.io/citrix/citrix-istio-adaptor - tag: 1.2.1 - imagePullPolicy: IfNotPresent - netscalerUrl: null - proxyType: router - secureConnect: true - vserverIP: - netProfile: - ADMIP: - ADMFingerPrint: - coeURL: - -istioPilot: - name: istio-pilot - namespace: istio-system - secureGrpcPort: 15011 - insecureGrpcPort: 15010 - SAN: spiffe://cluster.local/ns/istio-system/sa/istio-pilot-service-account - -ingressGateway: - image: quay.io/citrix/citrix-k8s-cpx-ingress - tag: 13.0-47.22 - imagePullPolicy: IfNotPresent - EULA: NO - mgmtHttpPort: 10080 - mgmtHttpsPort: 10443 - httpNodePort: 30180 - httpsNodePort: 31443 - lightWeightCPX: 1 - secretVolumes: - #licenseServerIP: this value will be taken from istioAdaptor.ADMIP - licenseServerPort: 27000 - label: citrix-ingressgateway - tcpPort: diff --git a/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800+up1.8.28/Chart.yaml b/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800+up1.8.28/Chart.yaml deleted file mode 100644 index f3a2f9320..000000000 --- a/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800+up1.8.28/Chart.yaml +++ /dev/null @@ -1,18 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: citrix-cpx-with-ingress-controller -apiVersion: v1 -appVersion: 1.8.28 -description: A Helm chart for Citrix ADC CPX with Citrix ingress Controller running - as sidecar. -home: https://www.citrix.com -icon: https://raw.githubusercontent.com/citrix/citrix-helm-charts/gh-pages/icon.png -maintainers: -- email: priyanka.sharma@citrix.com - name: priyankash-citrix -- email: subash.dangol@citrix.com - name: subashd -name: citrix-cpx-with-ingress-controller -sources: -- https://github.com/citrix/citrix-k8s-ingress-controller -version: 1.8.2800+up1.8.28 diff --git a/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800+up1.8.28/README.md b/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800+up1.8.28/README.md deleted file mode 100644 index f3cee100f..000000000 --- a/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800+up1.8.28/README.md +++ /dev/null @@ -1,234 +0,0 @@ -# Citrix ADC CPX with Citrix Ingress Controller running as sidecar. - -In a [Kubernetes](https://kubernetes.io/) or [OpenShift](https://www.openshift.com) cluster, you can deploy [Citrix ADC CPX](https://docs.citrix.com/en-us/citrix-adc-cpx) with Citrix ingress controller as a [sidecar](https://kubernetes.io/docs/concepts/workloads/pods/pod-overview/). The Citrix ADC CPX instance is used for load balancing the North-South traffic to the microservices in your cluster. And, the sidecar Citrix ingress controller configures the Citrix ADC CPX. - -## TL;DR; - -### For Kubernetes - ``` - helm repo add citrix https://citrix.github.io/citrix-helm-charts/ - - helm install cpx citrix/citrix-cpx-with-ingress-controller --set license.accept=yes - ``` - -### For OpenShift - - ``` - helm repo add citrix https://citrix.github.io/citrix-helm-charts/ - - helm install cpx citrix/citrix-cpx-with-ingress-controller --set license.accept=yes,openshift=true - ``` - -> **Important:** -> -> The "license.accept" is a mandatory argument and should be set to "yes" to accept the terms of the Citrix license. - - -## Introduction -This Helm chart deploys a Citrix ADC CPX with Citrix ingress controller as a sidecar in the [Kubernetes](https://kubernetes.io/) or in the [Openshift](https://www.openshift.com) cluster using the [Helm](https://helm.sh/) package manager. - -### Prerequisites - -- The [Kubernetes](https://kubernetes.io/) version is 1.6 or later if using Kubernetes environment. -- The [Openshift](https://www.openshift.com) version 3.11.x or later if using OpenShift platform. -- The [Helm](https://helm.sh/) version 3.x or later. You can follow instruction given [here](https://github.com/citrix/citrix-helm-charts/blob/master/Helm_Installation_version_3.md) to install the same. -- You have installed [Prometheus Operator](https://github.com/coreos/prometheus-operator), if you want to view the metrics of the Citrix ADC CPX collected by the [metrics exporter](https://github.com/citrix/citrix-k8s-ingress-controller/tree/master/metrics-visualizer#visualization-of-metrics). -- Registration of Citrix ADC CPX in ADM: You may want to register your CPX in ADM for licensing or to obtain [servicegraph](https://docs.citrix.com/en-us/citrix-application-delivery-management-service/application-analytics-and-management/service-graph.html). For this you will have to create a Kubernetes secret using ADM credentials and provide it while install the chart. Create a Kubernetes secret for the user name and password using the following command: - - ``` - kubectl create secret generic admlogin --from-literal=username= --from-literal=password= -n citrix-system - ``` - -## Installing the Chart -Add the Citrix Ingress Controller helm chart repository using command: - - ``` - helm repo add citrix https://citrix.github.io/citrix-helm-charts/ - ``` - -### For Kubernetes: -#### 1. Citrix ADC CPX with Citrix Ingress Controller running as side car. -To install the chart with the release name ``` my-release```: - - ``` - helm install my-release citrix/citrix-cpx-with-ingress-controller --set license.accept=yes,ingressClass[0]= - ``` - -> **Note:** -> -> By default the chart installs the recommended [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/) roles and role bindings. - -The command deploys Citrix ADC CPX with Citrix ingress controller as a sidecar on the Kubernetes cluster with the default configuration. The [configuration](#configuration) section lists the mandatory and optional parameters that you can configure during installation. - -#### 2. Citrix ADC CPX with Citrix Ingress Controller and Exporter running as side car. -[Metrics exporter](https://github.com/citrix/citrix-k8s-ingress-controller/tree/master/metrics-visualizer#visualization-of-metrics) can be deployed as sidecar to the Citrix ADC CPX and collects metrics from the Citrix ADC CPX instance. You can then [visualize these metrics](https://developer-docs.citrix.com/projects/citrix-k8s-ingress-controller/en/latest/metrics/promotheus-grafana/) using Prometheus Operator and Grafana. -> **Note:** -> -> Ensure that you have installed [Prometheus Operator](https://github.com/coreos/prometheus-operator). - -Use the following command for this: - ``` - helm install my-release citrix/citrix-cpx-with-ingress-controller --set license.accept=yes,ingressClass[0]=,exporter.required=true - ``` - -### For OpenShift: -Add the service account named "cpx-ingress-k8s-role" to the privileged Security Context Constraints of OpenShift: - - ``` - oc adm policy add-scc-to-user privileged system:serviceaccount::cpx-ingress-k8s-role - ``` - -#### 1. Citrix ADC CPX with Citrix Ingress Controller running as side car. -To install the chart with the release name, `my-release`, use the following command: - ``` - helm install my-release citrix/citrix-cpx-with-ingress-controller --set license.accept=yes,openshift=true - ``` - -#### 2. Citrix ADC CPX with Citrix Ingress Controller and Exporter running as side car. -[Metrics exporter](https://github.com/citrix/citrix-k8s-ingress-controller/tree/master/metrics-visualizer#visualization-of-metrics) can be deployed as sidecar to the Citrix ADC CPX and collects metrics from the Citrix ADC CPX instance. You can then [visualize these metrics](https://developer-docs.citrix.com/projects/citrix-k8s-ingress-controller/en/latest/metrics/promotheus-grafana/) using Prometheus Operator and Grafana. -> **Note:** -> -> Ensure that you have installed [Prometheus Operator](https://github.com/coreos/prometheus-operator). - -Use the following command for this: - ``` - helm install my-release citrix/citrix-k8s-ingress-controller --set license.accept=yes,openshift=true,exporter.required=true - ``` - -### Installed components - -The following components are installed: - -- [Citrix ADC CPX](https://docs.citrix.com/en-us/citrix-adc-cpx/netscaler-cpx.html) -- [Citrix ingress controller](https://github.com/citrix/citrix-k8s-ingress-controller) (if enabled) -- [Exporter](https://github.com/citrix/citrix-adc-metrics-exporter) (if enabled) - - -## CRDs configuration - -CRDs gets installed/upgraded automatically when we install/upgrade Citrix ADC CPX with Citrix ingress controller using Helm. If you do not want to install CRDs, then set the option `crds.install` to `false`. By default, CRDs too get deleted if you uninstall through Helm. This means, even the CustomResource objects created by the customer will get deleted. If you want to avoid this data loss set `crds.retainOnDelete` to `true`. - -> **Note:** -> Installing again may fail due to the presence of CRDs. Make sure that you back up all CustomResource objects and clean up CRDs before re-installing Citrix ADC CPX with Citrix ingress controller. - -There are a few examples of how to use these CRDs, which are placed in the folder: [Example-CRDs](https://github.com/citrix/citrix-helm-charts/tree/master/example-crds). Refer to them and install as needed, using the following command: -```kubectl create -f ``` - -### Details of the supported CRDs: - -#### authpolicies CRD: - -Authentication policies are used to enforce access restrictions to resources hosted by an application or an API server. - -Citrix provides a Kubernetes CustomResourceDefinitions (CRDs) called the [Auth CRD](https://github.com/citrix/citrix-k8s-ingress-controller/tree/master/crd/auth) that you can use with the Citrix ingress controller to define authentication policies on the ingress Citrix ADC. - -Example file: [auth_example.yaml](https://github.com/citrix/citrix-helm-charts/tree/master/example-crds/auth_example.yaml) - -#### continuousdeployments CRD for canary: - -Canary release is a technique to reduce the risk of introducing a new software version in production by first rolling out the change to a small subset of users. After user validation, the application is rolled out to the larger set of users. Citrix ADC-Integrated [Canary Deployment solution](https://github.com/citrix/citrix-k8s-ingress-controller/tree/master/crd/canary) stitches together all components of continuous delivery (CD) and makes canary deployment easier for the application developers. - -#### httproutes and listeners CRDs for contentrouting: - -[Content Routing (CR)](https://github.com/citrix/citrix-k8s-ingress-controller/tree/master/crd/contentrouting) is the execution of defined rules that determine the placement and configuration of network traffic between users and web applications, based on the content being sent. For example, a pattern in the URL or header fields of the request. - -Example files: [HTTPRoute_crd.yaml](https://github.com/citrix/citrix-helm-charts/tree/master/example-crds/HTTPRoute_crd.yaml), [Listener_crd.yaml](https://github.com/citrix/citrix-helm-charts/tree/master/example-crds/Listener_crd.yaml) - -#### ratelimits CRD: - -In a Kubernetes deployment, you can [rate limit the requests](https://github.com/citrix/citrix-k8s-ingress-controller/tree/master/crd/ratelimit) to the resources on the back end server or services using rate limiting feature provided by the ingress Citrix ADC. - -Example files: [ratelimit-example1.yaml](https://github.com/citrix/citrix-helm-charts/tree/master/example-crds/ratelimit-example1.yaml), [ratelimit-example2.yaml](https://github.com/citrix/citrix-helm-charts/tree/master/example-crds/ratelimit-example2.yaml) - -#### vips CRD: - -Citrix provides a CustomResourceDefinitions (CRD) called [VIP](https://github.com/citrix/citrix-k8s-ingress-controller/tree/master/crd/vip) for asynchronous communication between the IPAM controller and Citrix ingress controller. - -The IPAM controller is provided by Citrix for IP address management. It allocates IP address to the service from a defined IP address range. The Citrix ingress controller configures the IP address allocated to the service as virtual IP (VIP) in Citrix ADX VPX. And, the service is exposed using the IP address. - -When a new service is created, the Citrix ingress controller creates a CRD object for the service with an empty IP address field. The IPAM Controller listens to addition, deletion, or modification of the CRD and updates it with an IP address to the CRD. Once the CRD object is updated, the Citrix ingress controller automatically configures Citrix ADC-specfic configuration in the tier-1 Citrix ADC VPX. - -#### rewritepolicies CRD: - -In kubernetes environment, to deploy specific layer 7 policies to handle scenarios such as, redirecting HTTP traffic to a specific URL, blocking a set of IP addresses to mitigate DDoS attacks, imposing HTTP to HTTPS and so on, requires you to add appropriate libraries within the microservices and manually configure the policies. Instead, you can use the [Rewrite and Responder features](https://github.com/citrix/citrix-k8s-ingress-controller/blob/master/crd/rewrite-responder-policies-deployment.yaml) provided by the Ingress Citrix ADC device to deploy these policies. - -Example files: [target-url-rewrite.yaml](https://github.com/citrix/citrix-helm-charts/tree/master/example-crds/target-url-rewrite.yaml) - - -## Configuration -The following table lists the configurable parameters of the Citrix ADC CPX with Citrix ingress controller as side car chart and their default values. - -| Parameters | Mandatory or Optional | Default value | Description | -| ---------- | --------------------- | ------------- | ----------- | -| license.accept | Mandatory | no | Set `yes` to accept the Citrix ingress controller end user license agreement. | -| image | Mandatory | `quay.io/citrix/citrix-k8s-cpx-ingress:13.0-58.30` | The Citrix ADC CPX image. | -| pullPolicy | Mandatory | IfNotPresent | The Citrix ADC CPX image pull policy. | -| cic.image | Mandatory | `quay.io/citrix/citrix-k8s-ingress-controller:1.8.28` | The Citrix ingress controller image. | -| cic.pullPolicy | Mandatory | IfNotPresent | The Citrix ingress controller image pull policy. | -| cic.required | Mandatory | true | CIC to be run as sidecar with Citrix ADC CPX | -| logLevel | Optional | DEBUG | The loglevel to control the logs generated by CIC. The supported loglevels are: CRITICAL, ERROR, WARNING, INFO, DEBUG and TRACE. For more information, see [Logging](https://github.com/citrix/citrix-k8s-ingress-controller/blob/master/docs/configure/log-levels.md).| -| defaultSSLCert | Optional | N/A | Default SSL certificate that needs to be used as a non-SNI certificate in Citrix ADC. | -| http2ServerSide | Optional | OFF | Enables HTTP2 for Citrix ADC service group configurations. | -| logProxy | Optional | N/A | Provide Elasticsearch or Kafka or Zipkin endpoint for Citrix observability exporter. | -| nsNamespace | Optional | k8s | The prefix for the resources on the Citrix ADC CPX. | -| ingressClass | Optional | N/A | If multiple ingress load balancers are used to load balance different ingress resources. You can use this parameter to specify Citrix ingress controller to configure Citrix ADC associated with specific ingress class.| -| openshift | Optional | false | Set this argument if OpenShift environment is being used. | -| nodeSelector.key | Optional | N/A | Node label key to be used for nodeSelector option for CPX-CIC deployment. | -| nodeSelector.value | Optional | N/A | Node label value to be used for nodeSelector option in CPX-CIC deployment. | - -| ADMSettings.licenseServerIP | Optional | N/A | Provide the Citrix Application Delivery Management (ADM) IP address to license Citrix ADC CPX. For more information, see [Licensing](https://developer-docs.citrix.com/projects/citrix-k8s-ingress-controller/en/latest/licensing/)| -| ADMSettings.licenseServerPort | Optional | 27000 | Citrix ADM port if non-default port is used. | -| ADMSettings.ADMIP | Optional | | Citrix Application Delivery Management (ADM) IP address. | -| ADMSettings.ADMFingerPrint | Optional | N/A | Citrix Application Delivery Management (ADM) Finger Print. For more information, see [this](https://docs.citrix.com/en-us/citrix-application-delivery-management-service/application-analytics-and-management/service-graph.html). | -| ADMSettings.loginSecret | Optional | N/A | The secret key to log on to the ADM. For information on how to create the secret keys, see [Prerequisites](#prerequistes). | -| ADMSettings.bandWidthLicense | Optional | False | Set to true if you want to use bandwidth based licensing for Citrix ADC CPX. | -| ADMSettings.bandWidth | Optional | N/A | Desired bandwidth capacity to be set for Citrix ADC CPX in Mbps. | -| ADMSettings.vCPULicense | Optional | N/A | Set to true if you want to use vCPU based licensing for Citrix ADC CPX. | -| ADMSettings.cpxCores | Optional | 1 | Desired number of vCPU to be set for Citrix ADC CPX. | - -| exporter.required | Optional | false | Use the argument if you want to run the [Exporter for Citrix ADC Stats](https://github.com/citrix/citrix-adc-metrics-exporter) along with Citrix ingress controller to pull metrics for the Citrix ADC CPX| -| exporter.image | Optional | `quay.io/citrix/citrix-adc-metrics-exporter:1.4.5` | The Exporter for Citrix ADC Stats image. | -| exporter.pullPolicy | Optional | IfNotPresent | The Exporter for Citrix ADC Stats image pull policy. | -| exporter.ports.containerPort | Optional | 8888 | The Exporter for Citrix ADC Stats container port. | - -| coeConfig.required | Mandatory | false | Set this to true if you want to configure Citrix ADC to send metrics and transaction records to COE. | -| coeConfig.distributedTracing.enable | Optional | false | Set this value to true to enable OpenTracing in Citrix ADC. | -| coeConfig.distributedTracing.samplingrate | Optional | 100 | Specifies the OpenTracing sampling rate in percentage. | -| coeConfig.endpoint.server | Optional | N/A | Set this value as the IP address or DNS address of the analytics server. | -| coeConfig.timeseries.port | Optional | 5563 | Specify the port used to expose COE service for timeseries endpoint. | -| coeConfig.timeseries.metrics.enable | Optional | Set this value to true to enable sending metrics from Citrix ADC. | -| coeConfig.timeseries.metrics.mode | Optional | avro | Specifies the mode of metric endpoint. | -| coeConfig.timeseries.auditlogs.enable | Optional | false | Set this value to true to export audit log data from Citrix ADC. | -| coeConfig.timeseries.events.enable | Optional | false | Set this value to true to export events from the Citrix ADC. | -| coeConfig.transactions.enable | Optional | false | Set this value to true to export transactions from Citrix ADC. | -| coeConfig.transactions.port | Optional | 5557 | Specify the port used to expose COE service for transaction endpoint. | - -| crds.install | Optional | true | Unset this argument if you don't want to install CustomResourceDefinitions which are consumed by CIC. | -| crds.retainOnDelete | Optional | false | Set this argument if you want to retain CustomResourceDefinitions even after uninstalling CIC. This will avoid data-loss of Custom Resource Objects created before uninstallation. | - -> **Note:** -> -> If Citrix ADM related information is not provided during installation, Citrix ADC CPX will come up with the default license. - -Alternatively, you can define a YAML file with the values for the parameters and pass the values while installing the chart. - -For example: - ``` - helm install my-release citrix/citrix-cpx-with-ingress-controller -f values.yaml - ``` - -> **Tip:** -> -> The [values.yaml](https://github.com/citrix/citrix-helm-charts/blob/master/citrix-cpx-with-ingress-controller/values.yaml) contains the default values of the parameters. - -## Uninstalling the Chart -To uninstall/delete the ```my-release``` deployment: - ``` - helm delete my-release - ``` - -## Related documentation - -- [Citrix ADC CPX Documentation](https://docs.citrix.com/en-us/citrix-adc-cpx/12-1/cpx-architecture-and-traffic-flow.html) -- [Citrix ingress controller Documentation](https://developer-docs.citrix.com/projects/citrix-k8s-ingress-controller/en/latest/) -- [Citrix ingress controller GitHub](https://github.com/citrix/citrix-k8s-ingress-controller) diff --git a/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800+up1.8.28/app-readme.md b/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800+up1.8.28/app-readme.md deleted file mode 100644 index ef45a3d90..000000000 --- a/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800+up1.8.28/app-readme.md +++ /dev/null @@ -1,5 +0,0 @@ -# Citrix ADC CPX with Citrix Ingress Controller running as sidecar. - -In a [Kubernetes](https://kubernetes.io/) or [OpenShift](https://www.openshift.com) cluster, you can deploy [Citrix ADC CPX](https://docs.citrix.com/en-us/citrix-adc-cpx) with Citrix ingress controller as a [sidecar](https://kubernetes.io/docs/concepts/workloads/pods/pod-overview/). The Citrix ADC CPX instance is used for load balancing the North-South traffic to the microservices in your cluster. And, the sidecar Citrix ingress controller configures the Citrix ADC CPX. - -This Chart bootstraps deployment of Citrix ADC CPX with Citrix Ingress Controller as sidecar. diff --git a/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800+up1.8.28/questions.yml b/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800+up1.8.28/questions.yml deleted file mode 100644 index 0c8714413..000000000 --- a/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800+up1.8.28/questions.yml +++ /dev/null @@ -1,211 +0,0 @@ -questions: -- variable: license.accept - required: true - default: "no" - type: enum - description: "Set to yes to accept the terms and conditions of the Citrix license." - label: Accept License - group: "Deployment Settings" - options: - - "yes" - - "no" -- variable: openshift - default: false - type: boolean - description: "openshift is set to true if charts are being deployed in OpenShift environment" - label: Openshift flag - group: "Deployment Settings" -- variable: nsNamespace - type: string - description: "Prefix for the resources on Citrix ADC" - label: Resource Prefix - group: "Deployment Settings" -- variable: ingressClass[0] - type: string - description: "ingressClass is the name of the Ingress Class" - label: Ingress Class - group: "Deployment Settings" -- variable: logLevel - default: "DEBUG" - type: enum - options: - - "TRACE" - - "DEBUG" - - "INFO" - - "WARNING" - - "ERROR" - description: "logLevel of Citrix Ingress Controller pod" - label: LogLevel - group: "Deployment Settings" -- variable: defaultSSLCert - type: string - description: "Secret containing the default ceritifcate for SSL vservers" - label: Default SSLCert - group: "ADC Settings" -- variable: logProxy - type: string - description: "Elasticsearch or Kafka or Zipkin endpoint for Citrix observability exporte" - label: LogProxy - group: "Deployment Settings" -- variable: http2ServerSide - default: "OFF" - type: enum - options: - - "ON" - - "OFF" - description: "Set to ON to enable HTTP2 for Citrix ADC service group configurations" - label: HTTP2 on ADC - group: "ADC Settings" -- variable: nodeSelector.key - type: string - label: NodeSelector Key - group: "Deployment Settings" -- variable: nodeSelector.value - type: string - label: NodeSelector Value - group: "Deployment Settings" - - -- variable: ADMSettings.licenseServerIP - type: string - label: ADM LicenseServerIP - group: "ADM Settings" -- variable: ADMSettings.licenseServerPort - default: 27000 - type: int - label: ADM LicenseServerPort - group: "ADM Settings" -- variable: ADMSettings.ADMIP - type: string - label: ADM IP - group: "ADM Settings" -- variable: ADMSettings.ADMFingerPrint - type: string - label: ADM FingerPrint - group: "ADM Settings" -- variable: ADMSettings.loginSecret - type: string - label: ADM Login Secret - group: "ADM Settings" -- variable: ADMSettings.bandWidthLicense - type: boolean - label: CPX Bandwidth License - group: "ADM Settings" -- variable: ADMSettings.bandWidth - type: int - label: CPX Bandwidth - group: "ADM Settings" -- variable: ADMSettings.vCPULicense - type: boolean - label: CPX vCPU License - group: "ADM Settings" -- variable: ADMSettings.cpxCores - type: int - label: CPX Cores - group: "ADM Settings" -- variable: cic.pullpolicy - default: "IfNotPresent" - type: enum - label: CIC Image Pullpolicy - group: "CIC/CPX Image Settings" - options: - - "Always" - - "IfNotPresent" - - "Never" -- variable: pullpolicy - default: "IfNotPresent" - type: enum - label: CPX Image Pullpolicy - group: "CIC/CPX Image Settings" - options: - - "Always" - - "IfNotPresent" - - "Never" -- variable: cic.image - default: "quay.io/citrix/citrix-k8s-ingress-controller:1.8.28" - type: string - label: CIC Image - group: "CIC/CPX Image Settings" -- variable: image - type: string - default: "quay.io/citrix/citrix-k8s-cpx-ingress:13.0-58.30" - label: CPX Image - group: "CIC/CPX Image Settings" -- variable: exporter.image - default: "quay.io/citrix/citrix-adc-metrics-exporter:1.4.5" - type: string - description: "Exporter Image to be used" - label: Exporter Image - group: "Exporter Settings" -- variable: exporter.pullPolicy - default: "IfNotPresent" - type: string - description: "Exporter Image pull policy" - label: Exporter Image PullPolicy - group: "Exporter Settings" -- variable: exporter.ports.containerPort - default: 8888 - type: int - label: Exporter ContainerPort - group: "Exporter Settings" -- variable: coeConfig.distributedTracing.enable - default: false - type: boolean - label: Enable distributedTracing - group: "COE Settings" -- variable: coeConfig.distributedTracing.samplingrate - default: 100 - type: int - label: COE Sampling Rate - group: "COE Settings" -- variable: coeConfig.endpoint.server - type: string - label: COE Endpoint Server - group: "COE Settings" -- variable: coeConfig.timeseries.port - default: 5563 - type: int - label: COE timeseries port - group: "COE Settings" -- variable: coeConfig.timeseries.metrics.enable - default: false - type: boolean - label: Enable timeseries metrics - group: "COE Settings" -- variable: coeConfig.timeseries.metrics.mode - default: 'avro' - type: string - label: COE timeseries metrics Mode - group: "COE Settings" -- variable: coeConfig.timeseries.auditlogs.enable - default: false - type: string - label: Enable timeseries auditlogs - group: "COE Settings" -- variable: coeConfig.timeseries.events.enable - default: false - type: string - label: Enable timeseries events - group: "COE Settings" -- variable: coeConfig.transactions.enable - default: false - type: string - label: Enable transactions - group: "COE Settings" -- variable: coeConfig.transactions.port - default: 5557 - type: int - label: COE transactions port - group: "COE Settings" -- variable: crds.install - default: true - type: boolean - description: "If set to true the charts will install CustomResourceDefinitions which are consumed by CIC." - label: CRD flag - group: "Deployment Settings" -- variable: crds.retainOnDelete - default: false - type: boolean - description: "Set this argument to true if you want to retain CustomResourceDefinitions even after uninstalling CIC. This will avoid data-loss of Custom Resource Objects created before uninstallation." - label: CRD retainOnDelete flag - group: "Deployment Settings" diff --git a/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800+up1.8.28/templates/NOTES.txt b/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800+up1.8.28/templates/NOTES.txt deleted file mode 100644 index bccfdf69a..000000000 --- a/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800+up1.8.28/templates/NOTES.txt +++ /dev/null @@ -1,14 +0,0 @@ -Thank you for installing {{ .Chart.Name }}. - -Your release is named {{ .Release.Name }}. - - -To learn more about the release, try: - - $ helm status {{ .Release.Name }} - $ helm get {{ .Release.Name }} - - -To delete : - helm delete {{ .Release.Name }} - diff --git a/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800+up1.8.28/templates/_helpers.tpl b/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800+up1.8.28/templates/_helpers.tpl deleted file mode 100644 index 5fd1f1d61..000000000 --- a/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800+up1.8.28/templates/_helpers.tpl +++ /dev/null @@ -1,11 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Analytics Server IP or DNS -*/}} -{{- define "analytics.server" -}} -{{- if .Values.coeConfig.endpoint.server -}} -{{- printf .Values.coeConfig.endpoint.server -}} -{{- else -}} -{{- printf "coe.%s.svc.cluster.local" .Release.Namespace -}} -{{- end -}} -{{- end -}} diff --git a/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800+up1.8.28/templates/cic_crds.yaml b/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800+up1.8.28/templates/cic_crds.yaml deleted file mode 100644 index 2ca841373..000000000 --- a/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800+up1.8.28/templates/cic_crds.yaml +++ /dev/null @@ -1,1009 +0,0 @@ -{{- if .Values.crds.install }} -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: rewritepolicies.citrix.com -{{- if .Values.crds.retainOnDelete }} - annotations: - "helm.sh/resource-policy": keep -{{- end }} -spec: - group: citrix.com - version: v1 - names: - kind: rewritepolicy - plural: rewritepolicies - singular: rewritepolicy - scope: Namespaced - subresources: - status: {} - additionalPrinterColumns: - - name: Status - type: string - description: "Current Status of the CRD" - JSONPath: .status.state - - name: Message - type: string - description: "Status Message" - JSONPath: .status.status_message - validation: - openAPIV3Schema: - properties: - spec: - properties: - rewrite-policies: - type: array - items: - properties: - servicenames: - description: 'Name of the services that needs to be binded to rewrite policy.' - type: array - items: - type: string - maxLength: 127 - goto-priority-expression: - description: 'Expression or other value specifying the next policy to be - evaluated if the current policy evaluates to TRUE. - Specify one of the following values: - * NEXT - Evaluate the policy with the next higher priority number. - * END - End policy evaluation. - Default value of goto-priority-expression: END' - type: string - maxLength: 1499 - logpackets: - description: 'Adds an audit message action. - The action specifies whether to log the message, and to which log.' - properties: - logexpression: - description: 'Default-syntax expression that defines the format and content of the log message.' - type: string - maxLength: 7991 - loglevel: - description: 'Audit log level, which specifies the severity level of the log message being generated.' - type: string - enum: ["EMERGENCY", "ALERT", "CRITICAL", "ERROR", "WARNING", "NOTICE", "INFORMATIONAL", "DEBUG"] - required: [logexpression, loglevel] - rewrite-policy: - properties: - rewrite-criteria: - description: 'Expression against which traffic is evaluated.' - type: string - maxLength: 1299 - default-action: - description: 'Action to perform if the result of policy evaluation is undefined (UNDEF). - An UNDEF event indicates an internal error condition.' - type: string - maxLength: 77 - enum: ['NOREWRITE', 'RESET', 'DROP'] - operation: - description: 'Type of user-defined rewrite action.' - type: string - enum: ["noop", "delete", "insert_http_header", "delete_http_header", - "corrupt_http_header", "insert_before", "insert_after", "replace", - "replace_http_res", "delete_all", "replace_all", "insert_before_all", - "insert_after_all", "clientless_vpn_encode", "clientless_vpn_encode_all", - "clientless_vpn_decode", "clientless_vpn_decode_all", "insert_sip_header", - "delete_sip_header", "corrupt_sip_header", "replace_sip_res", "replace_diameter_header_field", - "replace_dns_header_field", "replace_dns_answer_section"] - target: - description: 'Default syntax expression that specifies which part of the request or response to rewrite.' - type: string - maxLength: 1229 - modify-expression: - description: 'Default syntax expression that specifies the content to insert into the request - or response at the specified location, or that replaces the specified string.' - type: string - maxLength: 7991 - multiple-occurence-modify: - description: 'Search facility that is used to match multiple strings in the request or response.' - type: string - maxLength: 171 - additional-multiple-occurence-modify: - description: 'Specify additional criteria to refine the results of the search. - Always starts with the "extend(m,n)" operation, where "m" specifies number of bytes to the left of selected data - and "n" specifies number of bytes to the right of selected data. - You can use refineSearch only on body expressions, and only when rewrite-criteria is any one of this: - INSERT_BEFORE_ALL, INSERT_AFTER_ALL, REPLACE_ALL, and DELETE_ALL.' - type: string - maxLength: 1299 - direction: - description: 'Bind point to which to bind the policy.' - type: string - enum: ["REQUEST","RESPONSE"] - comment: - description: 'Any comments to preserve information about this rewrite policy.' - type: string - maxLength: 255 - required: [rewrite-criteria, operation, target, direction] - required: [servicenames, rewrite-policy] - - responder-policies: - type: array - items: - properties: - servicenames: - description: 'Name of the services that needs to be binded to responder policy.' - type: array - items: - type: string - maxLength: 127 - goto-priority-expression: - description: 'Expression or other value specifying the next policy to be - evaluated if the current policy evaluates to TRUE. - Specify one of the following values: - * NEXT - Evaluate the policy with the next higher priority number. - * END - End policy evaluation. - Default value of goto-priority-expression: END' - type: string - maxLength: 1499 - logpackets: - description: 'Adds an audit message action. - The action specifies whether to log the message, and to which log.' - properties: - logexpression: - description: 'Default-syntax expression that defines the format and content of the log message.' - type: string - maxLength: 7991 - loglevel: - description: 'Audit log level, which specifies the severity level of the log message being generated.' - type: string - enum: ["EMERGENCY", "ALERT", "CRITICAL", "ERROR", "WARNING", - "NOTICE", "INFORMATIONAL", "DEBUG"] - required: [logexpression, loglevel] - responder-policy: - properties: - redirect: - description: 'Use this option when you want to Redirect the request when request matches to policy.' - properties: - url: - description: 'URL on which you want to redirect the request.' - type: string - maxLength: 7991 - redirect-status-code: - description: 'HTTP response status code, for example 200, 302, 404, etc.' - type: integer - minimum: 100 - maximum: 599 - redirect-reason: - description: 'Expression specifying the reason for redirecting the request.' - type: string - maxLength: 7991 - required: [url] - respondwith: - description: 'Use this parameter when you want to respond to the request when request matches to policy.' - properties: - http-payload-string: - description: 'Expression that you want to sent as response to the request.' - type: string - maxLength: 7991 - required: [http-payload-string] - noop: - description: 'Use this option when you want to send the request to the protected server instead of - responding to it when request matches to policy.' - properties: - target: - description: 'Default syntax expression that specifies to perform noop operation on' - type: string - maxLength: 1229 - reset: - description: 'Use this option when you want to Reset the client connection by closing it when request matches to policy.' - properties: - drop: - description: 'Use this option when you want to drop the request without sending a response to the user when request matches to policy.' - properties: - respond-criteria: - description: 'Default syntax expression that the policy uses to determine whether to respond to the specified request.' - type: string - maxLength: 1299 - default-action: - description: 'Action to perform if the result of policy evaluation is undefined (UNDEF). - An UNDEF event indicates an internal error condition.' - type: string - maxLength: 77 - enum: ['NOOP', 'RESET', 'DROP'] - comment: - description: 'Any comments to preserve information about this responder policy.' - type: string - maxLength: 255 - required: [respond-criteria] - oneOf: [required: [redirect], required: [respondwith], required: [noop], required: [reset], required: [drop]] - required: [servicenames, responder-policy] - - dataset: - type: array - items: - properties: - name: - description: 'Name of the dataset.' - type: string - maxLength: 32 - type: - description: 'Type of value to bind to the dataset.' - type: string - enum: ["ipv4", "number", "ipv6", "ulong", "double", "mac"] - comment: - description: 'Any comments to preserve information about this dataset.' - type: string - maxLength: 255 - values: - description: 'Value of the specified type that is associated with this dataset.' - type: array - required: [name, type, values] - - patset: - type: array - items: - properties: - name: - description: 'Name of the Patset.' - type: string - maxLength: 32 - comment: - description: 'Any comments to preserve information about this patset.' - type: string - maxLength: 255 - values: - description: 'String of characters that constitutes a pattern and is associated with this patset.' - type: array - required: [name, values] - - stringmap: - type: array - items: - properties: - name: - description: 'Name of the Stringmap.' - type: string - maxLength: 32 - comment: - description: 'Any comments to preserve information about this stringmap.' - type: string - maxLength: 255 - values: - description: 'List of (key,value) pairs to be bound to this string map.' - type: array - items: - properties: - key: - description: 'Character string constituting the key to be bound to this string map.' - type: string - maxLength: 2047 - value: - description: 'Character string constituting the value associated with the key.' - type: string - maxLength: 2047 - required: [name, values] - ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: ratelimits.citrix.com -{{- if .Values.crds.retainOnDelete }} - annotations: - "helm.sh/resource-policy": keep -{{- end }} -spec: - group: citrix.com - version: v1beta1 - names: - kind: ratelimit - plural: ratelimits - singular: ratelimit - scope: Namespaced - subresources: - status: {} - additionalPrinterColumns: - - name: Status - type: string - description: "Current Status of the CRD" - JSONPath: .status.state - - name: Message - type: string - description: "Status Message" - JSONPath: .status.status_message - validation: - openAPIV3Schema: - properties: - spec: - properties: - servicenames: - description: 'Name of the services to which the ratelimit policies are applied.' - type: array - items: - type: string - maxLength: 127 - selector_keys: - description: 'Traffic match criteria to which apply above rate-limit/throttling. All keys are applied as AND condition. If no keys are specified, rate-limit applies at service level' - properties: - basic: - description: "Basic traffic stream selection criteria to which to apply the ratelimit" - properties: - path: - type: array - description: "api resource path prefix match. e.g. /api/v1/products" - items: - type: string - method: - type: array - items: - type: string - enum: ['GET', 'PUT', 'POST','DELETE'] - header_name: - description: "HTTP header that identifies the unique API client for e.g. X-apikey" - type: string - per_client_ip: - description: "Setting this applies the throttling limit to each unique Client IP address accessing the API resource" - type: boolean - req_threshold: - description: 'Max requests per timeslice units to be allowed' - type: integer - timeslice: - description: 'Timeslice in miliseconds in multiple of 10. Defaults to 1000 miliseconds' - type: integer - limittype: - description: "Burst mode or smooth. Defaults to burst mode if the limittype is not specified" - type: string - enum: ['BURSTY','SMOOTH'] - throttle_action: - type: string - enum: ['DROP', 'RESET','REDIRECT', 'RESPOND'] - description: "Drop will drop the requests exceeding limits, RESET will reset the client connection, Redirect will redirect to specified URL, respond will respond with 429 'Exceeded allowed rate of requests'" - redirect_url: - type: string - description: "Redirect-URL" - required: [servicenames, req_threshold] ---- -#Sample CRD instance - -#apiVersion: citrix.com/v1 -#description: VIP for apache service -#kind: vip -#metadata: -# name: service-apache -# namespace: default -#spec: -# description: VIP for the apache Service -# ipaddress: 10.99.98.90 -# kind: service -# name: apache - -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: vips.citrix.com -{{- if .Values.crds.retainOnDelete }} - annotations: - "helm.sh/resource-policy": keep -{{- end }} -spec: - group: citrix.com - version: v1 - names: - kind: vip - plural: vips - singular: vip - scope: Namespaced - subresources: - status: {} - additionalPrinterColumns: - - name: Status - type: string - description: "Current Status of the CRD" - JSONPath: .status.state - - name: Message - type: string - description: "Status Message" - JSONPath: .status.status_message - additionalPrinterColumns: - - JSONPath: .spec.ipaddress - name: VIP - type: string - - name: Age - type: date - JSONPath: .metadata.creationTimestamp - validation: - openAPIV3Schema: - properties: - spec: - properties: - ipaddress: - type: string - name: - type: string - kind: - type: string - enum: ["service", "ingress"] - description: - type: string ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: authpolicies.citrix.com -{{- if .Values.crds.retainOnDelete }} - annotations: - "helm.sh/resource-policy": keep -{{- end }} -spec: - group: citrix.com - version: v1beta1 - names: - kind: authpolicy - plural: authpolicies - singular: authpolicy - scope: Namespaced - subresources: - status: {} - additionalPrinterColumns: - - name: Status - type: string - description: "Current Status of the CRD" - JSONPath: .status.state - - name: Message - type: string - description: "Status Message" - JSONPath: .status.status_message - validation: - openAPIV3Schema: - properties: - spec: - properties: - servicenames: - description: 'Name of the services that needs to be binded to rewrite policy.' - type: array - items: - type: string - maxLength: 127 - auth_providers: - description: 'Auth Config for required auth providers, one or more of these can be created' - type: array - items: - description: " create config for a single auth provider of a particular type" - properties: - name: - description: 'Name for this provider, has to be unique, referenced by auth policies' - type: string - - oauth: - description: 'Auth provided by external oAuth provider' - properties: - issuer: - description: 'Identity of the server whose tokens are to be accepted' - type: string - jwks_uri: - description: 'URL of the endpoint that contains JWKs (Json Web Key) for JWT (Json Web Token) verification' - type: string - audience: - description: 'Audience for which token sent by Authorization server is applicable' - type: array - items: - type: string - token_in_hdr: - description: 'custom header name where token is present, default is Authorization header' - type: array - items: - type: string - token_in_param: - description: 'query parameter name where token is present' - type: array - items: - type: string - - basic_local_db: - description: 'Basic HTTP authentication, user data in local DB' - - required: - - name - - auth_policies: - description: "Auth policies" - type: array - items: - description: "Auth policy" - properties: - resource: - description: " endpoint/resource selection criteria" - properties: - path: - description: "api resource path e.g. /products. " - type: array - items: - type: string - method: - type: array - items: - type: string - enum: ['GET', 'PUT', 'POST','DELETE'] - required: - - path - provider: - description: "name of the auth provider for the policy, empty if no authentication required" - type: array - items: - type: string - required: - - resource - - provider - - required: - - servicenames - ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: listeners.citrix.com -{{- if .Values.crds.retainOnDelete }} - annotations: - "helm.sh/resource-policy": keep -{{- end }} -status: -spec: - group: citrix.com - version: v1alpha1 - names: - kind: Listener - plural: listeners - singular: listener - scope: Namespaced - subresources: - status: {} - additionalPrinterColumns: - - name: Status - type: string - description: "Current Status of the CRD" - JSONPath: .status.state - - name: Message - type: string - description: "Status Message" - JSONPath: .status.status_message - validation: - openAPIV3Schema: - required: [spec] - properties: - spec: - type: object - required: [protocol] - properties: - protocol: - type: string - enum: ["https", "http"] - description: "Protocol for this listener" - vip: - type: string - description: "Endpoint IP address, Optional for CPX, required for Tier-1 deployments" - port: - type: integer - minimum: 1 - maximum: 65535 - certificates: - type: array - description: "certificates attached to the endpoints - Not applicable for HTTP" - minItems: 1 - items: - type: object - properties: - preconfigured: - type: string - description: "Preconfigured Certificate name on ADC " - secret: - type: object - description: "Kuberentes secret object" - required: [name] - properties: - name: - type: string - description: "name of the Kubernetes Secret object where Cert is located" - pattern: '^[a-z0-9]([-a-z0-9]*[a-z0-9])?$' - namespace: - type: string - description: "Namespace of the kubernetes secret object; Default is same namespace where the Listener object is located" - pattern: '^[a-z0-9]([-a-z0-9]*[a-z0-9])?$' - default: - type: boolean - description: "Only one of the certificate can be marked as default which will be presented if none of the cert matches with the hostname" - routes: - type: array - description: "List of route objects attached to the listener" - minItems: 1 - items: - type: object - properties: - name: - type: string - description: "Name of the HTTPRoute object" - pattern: '^[a-z0-9]([-a-z0-9]*[a-z0-9])?$' - namespace: - type: string - description: "Namespace of the HTTPRoute object" - pattern: '^[a-z0-9]([-a-z0-9]*[a-z0-9])?$' - labelSelector: - description: "Labels key value pair, if the route carries the same labels, it is automatically attached" - type: object - additionalProperties: - type: string - oneOf: - - required: [name, namespace] - - required: [labelSelector] - defaultAction: - type: object - description: "Default action for the listener: One of Backend or Redirect" - properties: - backend: - type: object - oneOf: - - required: [kube] - properties: - kube: - type: object - required: [service, port] - properties: - service: - description: "Name of the backend service" - type: string - pattern: '^[a-z0-9]([-a-z0-9]*[a-z0-9])?$' - port: - description: "Service port" - type: integer - minimum: 1 - maximum: 65535 - namespace: - description: "Service namespace" - type: string - pattern: '^[a-z0-9]([-a-z0-9]*[a-z0-9])?$' - backendConfig: - description: "General backend service options" - properties: - secure_backend: - description: "Use Secure communications to the backends" - type: boolean - lbConfig: - description: "Citrix ADC LB vserver configurations for the backend. Refer: https://developer-docs.citrix.com/projects/netscaler-nitro-api/en/12.0/configuration/load-balancing/lbvserver/lbvserver/ for all configurations" - type: object - additionalProperties: - type: string - servicegroupConfig: - description: "Citrix ADC service group configurations for the backend; Refer: https://developer-docs.citrix.com/projects/netscaler-nitro-api/en/12.0/configuration/basic/servicegroup/servicegroup/ for all configurations" - type: object - additionalProperties: - type: string - redirect: - type: object - oneOf: - - required: [targetExpression] - - required: [hostRedirect] - - required: [httpsRedirect] - properties: - httpsRedirect: - description: "Change the scheme from http to https keeping URL intact" - type: boolean - hostRedirect: - description: "Host name specified is used for redirection with URL intact" - type: string - targetExpression: - description: "A target can be specified using Citrix ADC policy expression" - type: string - responseCode: - description: "Default response code is 302, which can be customised using this attribute" - type: integer - minimum: 100 - maximum: 599 - oneOf: - - required: ["backend"] - - required: ["redirect"] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: httproutes.citrix.com -{{- if .Values.crds.retainOnDelete }} - annotations: - "helm.sh/resource-policy": keep -{{- end }} -spec: - group: citrix.com - version: v1alpha1 - names: - kind: HTTPRoute - plural: httproutes - singular: httproute - scope: Namespaced - subresources: - status: {} - additionalPrinterColumns: - - name: Status - type: string - description: "Current Status of the CRD" - JSONPath: .status.state - - name: Message - type: string - description: "Status Message" - JSONPath: .status.status_message - validation: - openAPIV3Schema: - required: [spec] - properties: - spec: - type: object - required: [rules] - properties: - hostname: - type: array - description: "List of domain names that share the same route, default is '*'" - minItems: 1 - items: - type: string - description: "Domain name" - rules: - type: array - description: "List Content routing rules with an action defined" - minItems: 1 - items: - type: object - required: [name, action] - properties: - name: - type: string - description: "A name to represent the rule, this is used as an identifier in content routing policy name in ADC" - minLength: 1 - maxLength: 20 - pattern: '^[a-z0-9]([-a-z0-9]*[a-z0-9])?$' - match: - type: array - description: "List of rules with same action" - minItems: 1 - items: - type: object - anyOf: - - required: [path] - - required: [headers] - - required: [cookies] - - required: [queryParams] - - required: [method] - - required: [policyExpression] - properties: - path: - type: object - description: "URL Path based content routing" - properties: - prefix: - type: string - description: "URL path matches the prefix expression" - exact: - type: string - description: "URL Path must match exact path" - regex: - type: string - description: "PCRE based regex expression for path matching" - headers: - type: array - description: "List of header for content routing - Must match all the rules- Treated as AND condition if more than 1 rule" - minItems: 1 - items: - type: object - description: "Header details for content routing, Check for existence of a header or header name-value match" - properties: - headerName: - type: object - description: "Header name based content routing, Here existence of header is used for routing" - properties: - exact: - type: string - description: "Header Name - treated as exact must exist" - contains: - type: string - description: "Header Name - A header must exist that contain the string the name" - regex: - type: string - description: "header Name - treated as PCRE regex expression" - not: - type: boolean - description: "Default False, if present, rules are inverted. I.e header name must not exist" - oneOf: - - required: [exact] - - required: [contains] - - required: [regex] - headerValue: - type: object - description: "Header Name and Value based match" - properties: - name: - type: string - description: "Header name that must match the value" - exact: - type: string - description: "Header value - treated as exact" - contains: - type: string - description: "Header value - treated as contains" - regex: - type: string - description: "header value - treated as PCRE regex expression" - not: - type: boolean - description: "Default False, if present, rules are inverted. I.e header if present must not match the value" - oneOf: - - required: [name, exact] - - required: [name, contains] - - required: [name, regex] - queryParams: - type: array - description: "List of Query parameters for content routing - Must match all the rules- Treated as AND condition if more than 1 rule" - minItems: 1 - items: - type: object - description: "Query parameters Name and Value based match" - properties: - name: - type: string - description: "Query name that must match the value. If no value is specified, matches with any value" - exact: - type: string - description: "Query value - Exact match" - contains: - type: string - description: "Query value - value must have the string(substring)" - regex: - type: string - description: "Query value - Value must match this regex patterm" - not: - type: boolean - description: "Default False, if present, rules are inverted. I.e query if present must not match the value" - anyOf: - - required: [name] - - oneOf: - - required: [name, exact] - - required: [name, contains] - - required: [name, regex] - cookies: - type: array - description: "List of Cookie params for content routing - Must match all the rules- Treated as AND condition if more than 1 rule" - minItems: 1 - items: - type: object - description: "Cookie based routing" - properties: - name: - type: string - description: "cookie name that must match the value. If no value specified, it matches with any value" - exact: - type: string - description: "cookie value - treated as exact" - contains: - type: string - description: "cookie value - treated as substring" - regex: - type: string - description: "cookie value - treated as PCRE regex expression" - not: - type: boolean - description: "Default False, if present, rules are inverted. I.e cookie if present must not match the value" - anyOf: - - required: [name] - - oneOf: - - required: [name, exact] - - required: [name, contains] - - required: [name, regex] - method: - type: string - description: "HTTP method for content routing eg: POST, PUT, DELETE etc" - policyExpression: - type: string - description: "Citrix ADC policy expressions; refer: https://docs.citrix.com/en-us/netscaler/media/expression-prefix.pdf" - action: - type: object - description: "Action for the matched rule" - properties: - backend: - type: object - oneOf: - - required: [kube] - properties: - kube: - type: object - required: [service, port] - properties: - service: - description: "Name of the backend service" - type: string - pattern: '^[a-z0-9]([-a-z0-9]*[a-z0-9])?$' - port: - description: "Service port" - type: integer - minimum: 1 - maximum: 65535 - backendConfig: - description: "General backend service options" - properties: - secure_backend: - description: "Use Secure communications to the backends" - type: boolean - lbConfig: - description: "Citrix ADC LB vserver configurations for the backend. Refer: https://developer-docs.citrix.com/projects/netscaler-nitro-api/en/12.0/configuration/load-balancing/lbvserver/lbvserver/ for all configurations" - type: object - additionalProperties: - type: string - servicegroupConfig: - description: "Citrix ADC service group configurations for the backend; Refer: https://developer-docs.citrix.com/projects/netscaler-nitro-api/en/12.0/configuration/basic/servicegroup/servicegroup/ for all configurations" - type: object - additionalProperties: - type: string - redirect: - type: object - oneOf: - - required: [targetExpression] - - required: [hostRedirect] - - required: [httpsRedirect] - properties: - httpsRedirect: - description: "Change the scheme from http to https keeping URL intact" - type: boolean - hostRedirect: - description: "Host name specified is used for redirection with URL intact" - type: string - targetExpression: - description: "A target can be specified using Citrix ADC policy expression" - type: string - responseCode: - description: "Default response code is 302, which can be customised using this attribute" - type: integer - minimum: 100 - maximum: 599 - oneOf: - - required: ["backend"] - - required: ["redirect"] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - # name must match the spec fields below, and be in the form: . - name: continuousdeployments.citrix.com -{{- if .Values.crds.retainOnDelete }} - annotations: - "helm.sh/resource-policy": keep -{{- end }} -spec: - # group name to use for REST API: /apis// - group: citrix.com - # list of versions supported by this CustomResourceDefinition - version: v1 - # - name: v1 - # Each version can be enabled/disabled by Served flag. - # served: true - # One and only one version must be marked as the storage version. - #storage: true - # either Namespaced or Cluster - scope: Namespaced - subresources: - status: {} - additionalPrinterColumns: - - name: Status - type: string - description: "Current Status of the CRD" - JSONPath: .status.state - - name: Message - type: string - description: "Status Message" - JSONPath: .status.status_message - names: - # plural name to be used in the URL: /apis/// - plural: continuousdeployments - # singular name to be used as an alias on the CLI and for display - singular: continuousdeployment - # kind is normally the CamelCased singular type. Your resource manifests use this. - kind: continuousDeploymentCustomConfig - # shortNames allow shorter string to match your resource on the CLI - shortNames: - - crd - - validation: - # openAPIV3Schema is the schema for validating custom objects. - openAPIV3Schema: - properties: - spec: - properties: - cronSpec: - type: integer ---- -{{- end }} \ No newline at end of file diff --git a/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800+up1.8.28/templates/citrix-k8s-cpx-ingress.yaml b/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800+up1.8.28/templates/citrix-k8s-cpx-ingress.yaml deleted file mode 100644 index d920cb67c..000000000 --- a/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800+up1.8.28/templates/citrix-k8s-cpx-ingress.yaml +++ /dev/null @@ -1,221 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: cpx-ingress -spec: - selector: - matchLabels: - app: cpx-ingress - replicas: 1 - template: - metadata: - name: cpx-ingress - labels: - app: cpx-ingress - annotations: - spec: - serviceAccountName: cpx-ingress-k8s-role - containers: - - name: cpx-ingress - image: "{{ .Values.image }}" - imagePullPolicy: {{ .Values.pullPolicy }} - securityContext: - privileged: true - env: - - name: "EULA" - value: "{{ .Values.license.accept }}" - - name: "KUBERNETES_TASK_ID" - value: "" -{{- if .Values.ADMSettings.licenseServerIP }} - - name: "LS_IP" - value: {{ .Values.ADMSettings.licenseServerIP | quote }} -{{- end }} -{{- if .Values.ADMSettings.licenseServerPort }} - - name: "LS_PORT" - value: {{ .Values.ADMSettings.licenseServerPort | quote }} -{{- end }} - - name: "MGMT_HTTP_PORT" - value: {{ .Values.mgmtHttpPort | quote }} - - name: "MGMT_HTTPS_PORT" - value: {{ .Values.mgmtHttpsPort | quote }} -{{- if .Values.ADMSettings.ADMIP }} - - name: "NS_MGMT_SERVER" - value: {{ .Values.ADMSettings.ADMIP | quote }} - - name: "NS_MGMT_FINGER_PRINT" - value: {{ .Values.ADMSettings.ADMFingerPrint | quote }} - - name: "NS_HTTP_PORT" - value: {{ .Values.mgmtHttpPort | quote }} - - name: "NS_HTTPS_PORT" - value: {{ .Values.mgmtHttpsPort | quote }} - - name: "LOGSTREAM_COLLECTOR_IP" - value: {{ .Values.ADMSettings.ADMIP | quote }} -{{- end }} -#To povision bandwidth based licensing to Citrix ADC CPX from ADM, needs bandwidth -{{- if and ( .Values.ADMSettings.licenseServerIP ) (eq .Values.ADMSettings.bandWidthLicense true) }} - - name: "BANDWIDTH" - value: {{ required "Mention bandwidth for bandwidth based licensing" .Values.ADMSettings.bandWidth | quote }} -{{- end }} -#for multiple-PE support, need to set CPX_CORES -{{- if .Values.ADMSettings.licenseServerIP }} -{{- if or (eq .Values.ADMSettings.vCPULicense true) (eq .Values.ADMSettings.bandWidthLicense true) }} - - name: "CPX_CORES" - value: {{ .Values.ADMSettings.cpxCores | default 1 | quote }} -{{- end }} -{{- end }} -{{- if or (.Values.ADMSettings.ADMIP) (.Values.ADMSettings.licenseServerIP) }} - - name: NS_MGMT_USER - valueFrom: - secretKeyRef: - name: {{ required "Provide Secret for ADM/LicenseServer credentials" .Values.ADMSettings.loginSecret }} - key: username - - name: NS_MGMT_PASS - valueFrom: - secretKeyRef: - name: {{ required "Provide Secret for ADM/LicenseServer credentials" .Values.ADMSettings.loginSecret }} - key: password -{{- end }} - volumeMounts: - - mountPath: /cpx/conf/ - name: cpx-volume1 - - mountPath: /cpx/crash/ - name: cpx-volume2 -{{- if .Values.cic.required }} - # Add cic as a sidecar - - name: cic - image: "{{ .Values.cic.image }}" - imagePullPolicy: {{ .Values.cic.pullPolicy }} - env: - - name: "EULA" - value: "{{ .Values.license.accept }}" - - name: "NS_IP" - value: "127.0.0.1" - - name: "NS_APPS_NAME_PREFIX" - value: {{ .Values.nsNamespace | default "k8s"}} - - name: "NS_DEPLOYMENT_MODE" - value: "SIDECAR" - - name: "NS_ENABLE_MONITORING" - value: "YES" - - name: "NS_USER" - valueFrom: - secretKeyRef: - name: cpxlogin - key: username - - name: "NS_PASSWORD" - valueFrom: - secretKeyRef: - name: cpxlogin - key: password -{{- if .Values.logProxy }} - - name: "NS_LOGPROXY" - value: {{ .Values.logProxy | quote }} -{{- end }} - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace -{{- if .Values.kubernetesURL }} - - name: "kubernetes_url" - value: "{{ .Values.kubernetesURL }}" -{{- end }} - args: - - --configmap - {{ .Release.Namespace }}/cpx-cic-configmap -{{- if .Values.ingressClass }} - - --ingress-class -{{- range .Values.ingressClass}} - {{.}} -{{- end }} -{{- end }} -{{- if .Values.defaultSSLCert }} - - --default-ssl-certificate - {{ .Release.Namespace }}/{{ .Values.defaultSSLCert }} -{{- end }} -{{- end }} -{{- if .Values.exporter.required }} - - name: exporter - image: "{{ .Values.exporter.image }}" - imagePullPolicy: {{ .Values.exporter.pullPolicy }} - args: - - "--secure=no" - - "--target-nsip=127.0.0.1" - - "--port={{ .Values.exporter.ports.containerPort }}" - env: - - name: "NS_USER" - valueFrom: - secretKeyRef: - name: cpxlogin - key: username - - name: "NS_PASSWORD" - valueFrom: - secretKeyRef: - name: cpxlogin - key: password - securityContext: - readOnlyRootFilesystem: true -{{- end }} - volumes: - - name: cpx-volume1 - emptyDir: {} - - name: cpx-volume2 - emptyDir: {} -{{- if and .Values.nodeSelector.key .Values.nodeSelector.value }} - nodeSelector: - {{ .Values.nodeSelector.key }}: {{ .Values.nodeSelector.value }} -{{- end }} - ---- - -apiVersion: v1 -kind: Service -metadata: - name: cpx-service - labels: - app: cpx-service - service-type: citrix-adc-cpx-monitor -spec: - type: NodePort - ports: - - port: 80 - protocol: TCP - name: http - - port: 443 - protocol: TCP - name: https -{{- if .Values.exporter.required }} - - port: {{ .Values.exporter.ports.containerPort }} - targetPort: {{ .Values.exporter.ports.containerPort }} - name: exporter-port -{{- end }} - selector: - app: cpx-ingress - ---- - -{{- if .Values.exporter.required }} - -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: citrix-adc-cpx-servicemonitor - labels: - servicemonitor: citrix-adc-cpx -spec: - endpoints: - - interval: 30s - port: exporter-port - selector: - matchLabels: - service-type: citrix-adc-cpx-monitor - namespaceSelector: - matchNames: - - monitoring - - default - - {{ .Release.Namespace }} - -{{- end }} diff --git a/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800+up1.8.28/templates/configmap.yaml b/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800+up1.8.28/templates/configmap.yaml deleted file mode 100644 index dd0c1bbee..000000000 --- a/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800+up1.8.28/templates/configmap.yaml +++ /dev/null @@ -1,31 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: cpx-cic-configmap - labels: - app: citrix-ingress-controller -data: - LOGLEVEL: {{ .Values.logLevel | quote | lower }} - NS_PROTOCOL: "http" - NS_PORT: "80" - NS_HTTP2_SERVER_SIDE: {{ .Values.http2ServerSide | quote | upper }} -{{- if .Values.coeConfig.required }} - NS_ANALYTICS_CONFIG: | - distributed_tracing: - enable: {{ .Values.coeConfig.distributedTracing.enable | quote }} - samplingrate: {{ .Values.coeConfig.distributedTracing.samplingrate }} - endpoint: - server: {{ include "analytics.server" . | quote }} - timeseries: - port: {{ .Values.coeConfig.timeseries.port }} - metrics: - enable: {{ .Values.coeConfig.timeseries.metrics.enable | quote }} - mode: {{ .Values.coeConfig.timeseries.metrics.mode | quote }} - auditlogs: - enable: {{ .Values.coeConfig.timeseries.auditlogs.enable | quote }} - events: - enable: {{ .Values.coeConfig.timeseries.events.enable | quote }} - transactions: - enable: {{ .Values.coeConfig.transactions.enable | quote }} - port: {{ .Values.coeConfig.transactions.port }} -{{- end }} diff --git a/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800+up1.8.28/templates/login_credentials.yaml b/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800+up1.8.28/templates/login_credentials.yaml deleted file mode 100644 index 0e22ef9dd..000000000 --- a/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800+up1.8.28/templates/login_credentials.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: cpxlogin -type: Opaque -data: - username: bnNyb290 - password: bnNyb290 diff --git a/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800+up1.8.28/templates/rbac.yaml b/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800+up1.8.28/templates/rbac.yaml deleted file mode 100644 index 66482380d..000000000 --- a/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800+up1.8.28/templates/rbac.yaml +++ /dev/null @@ -1,73 +0,0 @@ -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1beta1 -metadata: - name: cpx-ingress-k8s-role -rules: - - apiGroups: [""] -{{- if .Values.openshift }} - resources: ["endpoints", "ingresses", "pods", "secrets", "routes", "tokenreviews", "subjectaccessreviews", "nodes", "namespaces", "configmaps"] -{{- else }} - resources: ["endpoints", "ingresses", "pods", "secrets", "routes", "nodes", "namespaces", "configmaps"] -{{- end}} - verbs: ["get", "list", "watch"] - # services/status is needed to update the loadbalancer IP in service status for integrating - # service of type LoadBalancer with external-dns - - apiGroups: [""] - resources: ["services/status"] - verbs: ["patch"] - - apiGroups: [""] - resources: ["services"] - verbs: ["get", "list", "watch", "patch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["create"] - - apiGroups: ["extensions","networking.k8s.io"] - resources: ["ingresses"] - verbs: ["get", "list", "watch"] - - apiGroups: ["extensions","networking.k8s.io"] - resources: ["ingresses/status"] - verbs: ["patch"] - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] - - apiGroups: ["apps"] - resources: ["deployments"] - verbs: ["get", "list", "watch"] - - apiGroups: ["citrix.com"] - resources: ["rewritepolicies", "continuousdeployments", "authpolicies", "ratelimits", "listeners", "httproutes"] - verbs: ["get", "list", "watch"] - - apiGroups: ["citrix.com"] - resources: ["rewritepolicies/status", "continuousdeployments/status", "authpolicies/status", "ratelimits/status", "listeners/status", "httproutes/status"] - verbs: ["get", "list", "patch"] - - apiGroups: ["citrix.com"] - resources: ["vips"] - verbs: ["get", "list", "watch", "create", "delete"] - - apiGroups: ["route.openshift.io"] - resources: ["routes"] - verbs: ["get", "list", "watch"] - ---- - -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1beta1 -metadata: - name: cpx-ingress-k8s-role -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cpx-ingress-k8s-role -subjects: -- kind: ServiceAccount - name: cpx-ingress-k8s-role - namespace: {{ .Release.Namespace }} -apiVersion: rbac.authorization.k8s.io/v1 - ---- - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: cpx-ingress-k8s-role - namespace: {{ .Release.Namespace }} - ---- diff --git a/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800+up1.8.28/values.yaml b/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800+up1.8.28/values.yaml deleted file mode 100644 index cda67583c..000000000 --- a/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800+up1.8.28/values.yaml +++ /dev/null @@ -1,81 +0,0 @@ -# Default values for citrix-cpx-with-ingress-controller. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -# cpximage contains information needed to fetch CPX image -image: quay.io/citrix/citrix-k8s-cpx-ingress:13.0-58.30 -pullPolicy: IfNotPresent -# cicimage contains information needed to fetch CIC image -cic: - image: quay.io/citrix/citrix-k8s-ingress-controller:1.8.28 - pullPolicy: IfNotPresent - required: true - -mgmtHttpPort: 9080 - -mgmtHttpsPort: 9443 -# openshift is set to true if charts are being deployed in OpenShift environment. -openshift: false -# nsNamespace is the prefix for the resources on the Citrix ADC -nsNamespace: -# license is used accept the terms of the Citrix license -license: - accept: no -# ingressClass is the name of the Ingress Class -ingressClass: -# logLevel is to set level of CIC Logs -logLevel: DEBUG -# Default SSL certificate -defaultSSLCert: -# Elasticsearch or Kafka or Zipkin endpoint for Citrix observability exporter -logProxy: -# Set to ON to enables HTTP2 for Citrix ADC service group configurations -http2ServerSide: "OFF" -nodeSelector: - key: - value: - -ADMSettings: - licenseServerIP: - licenseServerPort: 27000 - ADMIP: - ADMFingerPrint: - loginSecret: - bandWidthLicense: false - bandWidth: - vCPULicense: false - cpxCores: - -# exporter conatins information of prometheus-exporter -exporter: - required: false - image: quay.io/citrix/citrix-adc-metrics-exporter:1.4.4 - pullPolicy: IfNotPresent - ports: - containerPort: 8888 - -coeConfig: - required: false - distributedTracing: - enable: false - samplingrate: 100 - endpoint: - server: - timeseries: - port: 5563 - metrics: - enable: false - mode: 'avro' - auditlogs: - enable: false - events: - enable: false - transactions: - enable: false - port: 5557 - -crds: -# If false, CustomResourceDefinitions will not be installed. - install: true -# if set to true, then CustomResourceDefinitions will not be deleted during helm delete. This way, CustomResourceObjects will not be deleted from the database. - retainOnDelete: false diff --git a/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/Chart.yaml b/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/Chart.yaml deleted file mode 100755 index 1d7bcc0e8..000000000 --- a/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/Chart.yaml +++ /dev/null @@ -1,18 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: citrix-cpx-with-ingress-controller -apiVersion: v1 -appVersion: 1.8.28 -description: A Helm chart for Citrix ADC CPX with Citrix ingress Controller running - as sidecar. -home: https://www.citrix.com -icon: https://raw.githubusercontent.com/citrix/citrix-helm-charts/gh-pages/icon.png -maintainers: -- email: priyanka.sharma@citrix.com - name: priyankash-citrix -- email: subash.dangol@citrix.com - name: subashd -name: citrix-cpx-with-ingress-controller -sources: -- https://github.com/citrix/citrix-k8s-ingress-controller -version: 1.8.2800 diff --git a/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/README.md b/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/README.md deleted file mode 100755 index f3cee100f..000000000 --- a/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/README.md +++ /dev/null @@ -1,234 +0,0 @@ -# Citrix ADC CPX with Citrix Ingress Controller running as sidecar. - -In a [Kubernetes](https://kubernetes.io/) or [OpenShift](https://www.openshift.com) cluster, you can deploy [Citrix ADC CPX](https://docs.citrix.com/en-us/citrix-adc-cpx) with Citrix ingress controller as a [sidecar](https://kubernetes.io/docs/concepts/workloads/pods/pod-overview/). The Citrix ADC CPX instance is used for load balancing the North-South traffic to the microservices in your cluster. And, the sidecar Citrix ingress controller configures the Citrix ADC CPX. - -## TL;DR; - -### For Kubernetes - ``` - helm repo add citrix https://citrix.github.io/citrix-helm-charts/ - - helm install cpx citrix/citrix-cpx-with-ingress-controller --set license.accept=yes - ``` - -### For OpenShift - - ``` - helm repo add citrix https://citrix.github.io/citrix-helm-charts/ - - helm install cpx citrix/citrix-cpx-with-ingress-controller --set license.accept=yes,openshift=true - ``` - -> **Important:** -> -> The "license.accept" is a mandatory argument and should be set to "yes" to accept the terms of the Citrix license. - - -## Introduction -This Helm chart deploys a Citrix ADC CPX with Citrix ingress controller as a sidecar in the [Kubernetes](https://kubernetes.io/) or in the [Openshift](https://www.openshift.com) cluster using the [Helm](https://helm.sh/) package manager. - -### Prerequisites - -- The [Kubernetes](https://kubernetes.io/) version is 1.6 or later if using Kubernetes environment. -- The [Openshift](https://www.openshift.com) version 3.11.x or later if using OpenShift platform. -- The [Helm](https://helm.sh/) version 3.x or later. You can follow instruction given [here](https://github.com/citrix/citrix-helm-charts/blob/master/Helm_Installation_version_3.md) to install the same. -- You have installed [Prometheus Operator](https://github.com/coreos/prometheus-operator), if you want to view the metrics of the Citrix ADC CPX collected by the [metrics exporter](https://github.com/citrix/citrix-k8s-ingress-controller/tree/master/metrics-visualizer#visualization-of-metrics). -- Registration of Citrix ADC CPX in ADM: You may want to register your CPX in ADM for licensing or to obtain [servicegraph](https://docs.citrix.com/en-us/citrix-application-delivery-management-service/application-analytics-and-management/service-graph.html). For this you will have to create a Kubernetes secret using ADM credentials and provide it while install the chart. Create a Kubernetes secret for the user name and password using the following command: - - ``` - kubectl create secret generic admlogin --from-literal=username= --from-literal=password= -n citrix-system - ``` - -## Installing the Chart -Add the Citrix Ingress Controller helm chart repository using command: - - ``` - helm repo add citrix https://citrix.github.io/citrix-helm-charts/ - ``` - -### For Kubernetes: -#### 1. Citrix ADC CPX with Citrix Ingress Controller running as side car. -To install the chart with the release name ``` my-release```: - - ``` - helm install my-release citrix/citrix-cpx-with-ingress-controller --set license.accept=yes,ingressClass[0]= - ``` - -> **Note:** -> -> By default the chart installs the recommended [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/) roles and role bindings. - -The command deploys Citrix ADC CPX with Citrix ingress controller as a sidecar on the Kubernetes cluster with the default configuration. The [configuration](#configuration) section lists the mandatory and optional parameters that you can configure during installation. - -#### 2. Citrix ADC CPX with Citrix Ingress Controller and Exporter running as side car. -[Metrics exporter](https://github.com/citrix/citrix-k8s-ingress-controller/tree/master/metrics-visualizer#visualization-of-metrics) can be deployed as sidecar to the Citrix ADC CPX and collects metrics from the Citrix ADC CPX instance. You can then [visualize these metrics](https://developer-docs.citrix.com/projects/citrix-k8s-ingress-controller/en/latest/metrics/promotheus-grafana/) using Prometheus Operator and Grafana. -> **Note:** -> -> Ensure that you have installed [Prometheus Operator](https://github.com/coreos/prometheus-operator). - -Use the following command for this: - ``` - helm install my-release citrix/citrix-cpx-with-ingress-controller --set license.accept=yes,ingressClass[0]=,exporter.required=true - ``` - -### For OpenShift: -Add the service account named "cpx-ingress-k8s-role" to the privileged Security Context Constraints of OpenShift: - - ``` - oc adm policy add-scc-to-user privileged system:serviceaccount::cpx-ingress-k8s-role - ``` - -#### 1. Citrix ADC CPX with Citrix Ingress Controller running as side car. -To install the chart with the release name, `my-release`, use the following command: - ``` - helm install my-release citrix/citrix-cpx-with-ingress-controller --set license.accept=yes,openshift=true - ``` - -#### 2. Citrix ADC CPX with Citrix Ingress Controller and Exporter running as side car. -[Metrics exporter](https://github.com/citrix/citrix-k8s-ingress-controller/tree/master/metrics-visualizer#visualization-of-metrics) can be deployed as sidecar to the Citrix ADC CPX and collects metrics from the Citrix ADC CPX instance. You can then [visualize these metrics](https://developer-docs.citrix.com/projects/citrix-k8s-ingress-controller/en/latest/metrics/promotheus-grafana/) using Prometheus Operator and Grafana. -> **Note:** -> -> Ensure that you have installed [Prometheus Operator](https://github.com/coreos/prometheus-operator). - -Use the following command for this: - ``` - helm install my-release citrix/citrix-k8s-ingress-controller --set license.accept=yes,openshift=true,exporter.required=true - ``` - -### Installed components - -The following components are installed: - -- [Citrix ADC CPX](https://docs.citrix.com/en-us/citrix-adc-cpx/netscaler-cpx.html) -- [Citrix ingress controller](https://github.com/citrix/citrix-k8s-ingress-controller) (if enabled) -- [Exporter](https://github.com/citrix/citrix-adc-metrics-exporter) (if enabled) - - -## CRDs configuration - -CRDs gets installed/upgraded automatically when we install/upgrade Citrix ADC CPX with Citrix ingress controller using Helm. If you do not want to install CRDs, then set the option `crds.install` to `false`. By default, CRDs too get deleted if you uninstall through Helm. This means, even the CustomResource objects created by the customer will get deleted. If you want to avoid this data loss set `crds.retainOnDelete` to `true`. - -> **Note:** -> Installing again may fail due to the presence of CRDs. Make sure that you back up all CustomResource objects and clean up CRDs before re-installing Citrix ADC CPX with Citrix ingress controller. - -There are a few examples of how to use these CRDs, which are placed in the folder: [Example-CRDs](https://github.com/citrix/citrix-helm-charts/tree/master/example-crds). Refer to them and install as needed, using the following command: -```kubectl create -f ``` - -### Details of the supported CRDs: - -#### authpolicies CRD: - -Authentication policies are used to enforce access restrictions to resources hosted by an application or an API server. - -Citrix provides a Kubernetes CustomResourceDefinitions (CRDs) called the [Auth CRD](https://github.com/citrix/citrix-k8s-ingress-controller/tree/master/crd/auth) that you can use with the Citrix ingress controller to define authentication policies on the ingress Citrix ADC. - -Example file: [auth_example.yaml](https://github.com/citrix/citrix-helm-charts/tree/master/example-crds/auth_example.yaml) - -#### continuousdeployments CRD for canary: - -Canary release is a technique to reduce the risk of introducing a new software version in production by first rolling out the change to a small subset of users. After user validation, the application is rolled out to the larger set of users. Citrix ADC-Integrated [Canary Deployment solution](https://github.com/citrix/citrix-k8s-ingress-controller/tree/master/crd/canary) stitches together all components of continuous delivery (CD) and makes canary deployment easier for the application developers. - -#### httproutes and listeners CRDs for contentrouting: - -[Content Routing (CR)](https://github.com/citrix/citrix-k8s-ingress-controller/tree/master/crd/contentrouting) is the execution of defined rules that determine the placement and configuration of network traffic between users and web applications, based on the content being sent. For example, a pattern in the URL or header fields of the request. - -Example files: [HTTPRoute_crd.yaml](https://github.com/citrix/citrix-helm-charts/tree/master/example-crds/HTTPRoute_crd.yaml), [Listener_crd.yaml](https://github.com/citrix/citrix-helm-charts/tree/master/example-crds/Listener_crd.yaml) - -#### ratelimits CRD: - -In a Kubernetes deployment, you can [rate limit the requests](https://github.com/citrix/citrix-k8s-ingress-controller/tree/master/crd/ratelimit) to the resources on the back end server or services using rate limiting feature provided by the ingress Citrix ADC. - -Example files: [ratelimit-example1.yaml](https://github.com/citrix/citrix-helm-charts/tree/master/example-crds/ratelimit-example1.yaml), [ratelimit-example2.yaml](https://github.com/citrix/citrix-helm-charts/tree/master/example-crds/ratelimit-example2.yaml) - -#### vips CRD: - -Citrix provides a CustomResourceDefinitions (CRD) called [VIP](https://github.com/citrix/citrix-k8s-ingress-controller/tree/master/crd/vip) for asynchronous communication between the IPAM controller and Citrix ingress controller. - -The IPAM controller is provided by Citrix for IP address management. It allocates IP address to the service from a defined IP address range. The Citrix ingress controller configures the IP address allocated to the service as virtual IP (VIP) in Citrix ADX VPX. And, the service is exposed using the IP address. - -When a new service is created, the Citrix ingress controller creates a CRD object for the service with an empty IP address field. The IPAM Controller listens to addition, deletion, or modification of the CRD and updates it with an IP address to the CRD. Once the CRD object is updated, the Citrix ingress controller automatically configures Citrix ADC-specfic configuration in the tier-1 Citrix ADC VPX. - -#### rewritepolicies CRD: - -In kubernetes environment, to deploy specific layer 7 policies to handle scenarios such as, redirecting HTTP traffic to a specific URL, blocking a set of IP addresses to mitigate DDoS attacks, imposing HTTP to HTTPS and so on, requires you to add appropriate libraries within the microservices and manually configure the policies. Instead, you can use the [Rewrite and Responder features](https://github.com/citrix/citrix-k8s-ingress-controller/blob/master/crd/rewrite-responder-policies-deployment.yaml) provided by the Ingress Citrix ADC device to deploy these policies. - -Example files: [target-url-rewrite.yaml](https://github.com/citrix/citrix-helm-charts/tree/master/example-crds/target-url-rewrite.yaml) - - -## Configuration -The following table lists the configurable parameters of the Citrix ADC CPX with Citrix ingress controller as side car chart and their default values. - -| Parameters | Mandatory or Optional | Default value | Description | -| ---------- | --------------------- | ------------- | ----------- | -| license.accept | Mandatory | no | Set `yes` to accept the Citrix ingress controller end user license agreement. | -| image | Mandatory | `quay.io/citrix/citrix-k8s-cpx-ingress:13.0-58.30` | The Citrix ADC CPX image. | -| pullPolicy | Mandatory | IfNotPresent | The Citrix ADC CPX image pull policy. | -| cic.image | Mandatory | `quay.io/citrix/citrix-k8s-ingress-controller:1.8.28` | The Citrix ingress controller image. | -| cic.pullPolicy | Mandatory | IfNotPresent | The Citrix ingress controller image pull policy. | -| cic.required | Mandatory | true | CIC to be run as sidecar with Citrix ADC CPX | -| logLevel | Optional | DEBUG | The loglevel to control the logs generated by CIC. The supported loglevels are: CRITICAL, ERROR, WARNING, INFO, DEBUG and TRACE. For more information, see [Logging](https://github.com/citrix/citrix-k8s-ingress-controller/blob/master/docs/configure/log-levels.md).| -| defaultSSLCert | Optional | N/A | Default SSL certificate that needs to be used as a non-SNI certificate in Citrix ADC. | -| http2ServerSide | Optional | OFF | Enables HTTP2 for Citrix ADC service group configurations. | -| logProxy | Optional | N/A | Provide Elasticsearch or Kafka or Zipkin endpoint for Citrix observability exporter. | -| nsNamespace | Optional | k8s | The prefix for the resources on the Citrix ADC CPX. | -| ingressClass | Optional | N/A | If multiple ingress load balancers are used to load balance different ingress resources. You can use this parameter to specify Citrix ingress controller to configure Citrix ADC associated with specific ingress class.| -| openshift | Optional | false | Set this argument if OpenShift environment is being used. | -| nodeSelector.key | Optional | N/A | Node label key to be used for nodeSelector option for CPX-CIC deployment. | -| nodeSelector.value | Optional | N/A | Node label value to be used for nodeSelector option in CPX-CIC deployment. | - -| ADMSettings.licenseServerIP | Optional | N/A | Provide the Citrix Application Delivery Management (ADM) IP address to license Citrix ADC CPX. For more information, see [Licensing](https://developer-docs.citrix.com/projects/citrix-k8s-ingress-controller/en/latest/licensing/)| -| ADMSettings.licenseServerPort | Optional | 27000 | Citrix ADM port if non-default port is used. | -| ADMSettings.ADMIP | Optional | | Citrix Application Delivery Management (ADM) IP address. | -| ADMSettings.ADMFingerPrint | Optional | N/A | Citrix Application Delivery Management (ADM) Finger Print. For more information, see [this](https://docs.citrix.com/en-us/citrix-application-delivery-management-service/application-analytics-and-management/service-graph.html). | -| ADMSettings.loginSecret | Optional | N/A | The secret key to log on to the ADM. For information on how to create the secret keys, see [Prerequisites](#prerequistes). | -| ADMSettings.bandWidthLicense | Optional | False | Set to true if you want to use bandwidth based licensing for Citrix ADC CPX. | -| ADMSettings.bandWidth | Optional | N/A | Desired bandwidth capacity to be set for Citrix ADC CPX in Mbps. | -| ADMSettings.vCPULicense | Optional | N/A | Set to true if you want to use vCPU based licensing for Citrix ADC CPX. | -| ADMSettings.cpxCores | Optional | 1 | Desired number of vCPU to be set for Citrix ADC CPX. | - -| exporter.required | Optional | false | Use the argument if you want to run the [Exporter for Citrix ADC Stats](https://github.com/citrix/citrix-adc-metrics-exporter) along with Citrix ingress controller to pull metrics for the Citrix ADC CPX| -| exporter.image | Optional | `quay.io/citrix/citrix-adc-metrics-exporter:1.4.5` | The Exporter for Citrix ADC Stats image. | -| exporter.pullPolicy | Optional | IfNotPresent | The Exporter for Citrix ADC Stats image pull policy. | -| exporter.ports.containerPort | Optional | 8888 | The Exporter for Citrix ADC Stats container port. | - -| coeConfig.required | Mandatory | false | Set this to true if you want to configure Citrix ADC to send metrics and transaction records to COE. | -| coeConfig.distributedTracing.enable | Optional | false | Set this value to true to enable OpenTracing in Citrix ADC. | -| coeConfig.distributedTracing.samplingrate | Optional | 100 | Specifies the OpenTracing sampling rate in percentage. | -| coeConfig.endpoint.server | Optional | N/A | Set this value as the IP address or DNS address of the analytics server. | -| coeConfig.timeseries.port | Optional | 5563 | Specify the port used to expose COE service for timeseries endpoint. | -| coeConfig.timeseries.metrics.enable | Optional | Set this value to true to enable sending metrics from Citrix ADC. | -| coeConfig.timeseries.metrics.mode | Optional | avro | Specifies the mode of metric endpoint. | -| coeConfig.timeseries.auditlogs.enable | Optional | false | Set this value to true to export audit log data from Citrix ADC. | -| coeConfig.timeseries.events.enable | Optional | false | Set this value to true to export events from the Citrix ADC. | -| coeConfig.transactions.enable | Optional | false | Set this value to true to export transactions from Citrix ADC. | -| coeConfig.transactions.port | Optional | 5557 | Specify the port used to expose COE service for transaction endpoint. | - -| crds.install | Optional | true | Unset this argument if you don't want to install CustomResourceDefinitions which are consumed by CIC. | -| crds.retainOnDelete | Optional | false | Set this argument if you want to retain CustomResourceDefinitions even after uninstalling CIC. This will avoid data-loss of Custom Resource Objects created before uninstallation. | - -> **Note:** -> -> If Citrix ADM related information is not provided during installation, Citrix ADC CPX will come up with the default license. - -Alternatively, you can define a YAML file with the values for the parameters and pass the values while installing the chart. - -For example: - ``` - helm install my-release citrix/citrix-cpx-with-ingress-controller -f values.yaml - ``` - -> **Tip:** -> -> The [values.yaml](https://github.com/citrix/citrix-helm-charts/blob/master/citrix-cpx-with-ingress-controller/values.yaml) contains the default values of the parameters. - -## Uninstalling the Chart -To uninstall/delete the ```my-release``` deployment: - ``` - helm delete my-release - ``` - -## Related documentation - -- [Citrix ADC CPX Documentation](https://docs.citrix.com/en-us/citrix-adc-cpx/12-1/cpx-architecture-and-traffic-flow.html) -- [Citrix ingress controller Documentation](https://developer-docs.citrix.com/projects/citrix-k8s-ingress-controller/en/latest/) -- [Citrix ingress controller GitHub](https://github.com/citrix/citrix-k8s-ingress-controller) diff --git a/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/app-readme.md b/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/app-readme.md deleted file mode 100755 index ef45a3d90..000000000 --- a/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/app-readme.md +++ /dev/null @@ -1,5 +0,0 @@ -# Citrix ADC CPX with Citrix Ingress Controller running as sidecar. - -In a [Kubernetes](https://kubernetes.io/) or [OpenShift](https://www.openshift.com) cluster, you can deploy [Citrix ADC CPX](https://docs.citrix.com/en-us/citrix-adc-cpx) with Citrix ingress controller as a [sidecar](https://kubernetes.io/docs/concepts/workloads/pods/pod-overview/). The Citrix ADC CPX instance is used for load balancing the North-South traffic to the microservices in your cluster. And, the sidecar Citrix ingress controller configures the Citrix ADC CPX. - -This Chart bootstraps deployment of Citrix ADC CPX with Citrix Ingress Controller as sidecar. diff --git a/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/questions.yml b/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/questions.yml deleted file mode 100755 index 0c8714413..000000000 --- a/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/questions.yml +++ /dev/null @@ -1,211 +0,0 @@ -questions: -- variable: license.accept - required: true - default: "no" - type: enum - description: "Set to yes to accept the terms and conditions of the Citrix license." - label: Accept License - group: "Deployment Settings" - options: - - "yes" - - "no" -- variable: openshift - default: false - type: boolean - description: "openshift is set to true if charts are being deployed in OpenShift environment" - label: Openshift flag - group: "Deployment Settings" -- variable: nsNamespace - type: string - description: "Prefix for the resources on Citrix ADC" - label: Resource Prefix - group: "Deployment Settings" -- variable: ingressClass[0] - type: string - description: "ingressClass is the name of the Ingress Class" - label: Ingress Class - group: "Deployment Settings" -- variable: logLevel - default: "DEBUG" - type: enum - options: - - "TRACE" - - "DEBUG" - - "INFO" - - "WARNING" - - "ERROR" - description: "logLevel of Citrix Ingress Controller pod" - label: LogLevel - group: "Deployment Settings" -- variable: defaultSSLCert - type: string - description: "Secret containing the default ceritifcate for SSL vservers" - label: Default SSLCert - group: "ADC Settings" -- variable: logProxy - type: string - description: "Elasticsearch or Kafka or Zipkin endpoint for Citrix observability exporte" - label: LogProxy - group: "Deployment Settings" -- variable: http2ServerSide - default: "OFF" - type: enum - options: - - "ON" - - "OFF" - description: "Set to ON to enable HTTP2 for Citrix ADC service group configurations" - label: HTTP2 on ADC - group: "ADC Settings" -- variable: nodeSelector.key - type: string - label: NodeSelector Key - group: "Deployment Settings" -- variable: nodeSelector.value - type: string - label: NodeSelector Value - group: "Deployment Settings" - - -- variable: ADMSettings.licenseServerIP - type: string - label: ADM LicenseServerIP - group: "ADM Settings" -- variable: ADMSettings.licenseServerPort - default: 27000 - type: int - label: ADM LicenseServerPort - group: "ADM Settings" -- variable: ADMSettings.ADMIP - type: string - label: ADM IP - group: "ADM Settings" -- variable: ADMSettings.ADMFingerPrint - type: string - label: ADM FingerPrint - group: "ADM Settings" -- variable: ADMSettings.loginSecret - type: string - label: ADM Login Secret - group: "ADM Settings" -- variable: ADMSettings.bandWidthLicense - type: boolean - label: CPX Bandwidth License - group: "ADM Settings" -- variable: ADMSettings.bandWidth - type: int - label: CPX Bandwidth - group: "ADM Settings" -- variable: ADMSettings.vCPULicense - type: boolean - label: CPX vCPU License - group: "ADM Settings" -- variable: ADMSettings.cpxCores - type: int - label: CPX Cores - group: "ADM Settings" -- variable: cic.pullpolicy - default: "IfNotPresent" - type: enum - label: CIC Image Pullpolicy - group: "CIC/CPX Image Settings" - options: - - "Always" - - "IfNotPresent" - - "Never" -- variable: pullpolicy - default: "IfNotPresent" - type: enum - label: CPX Image Pullpolicy - group: "CIC/CPX Image Settings" - options: - - "Always" - - "IfNotPresent" - - "Never" -- variable: cic.image - default: "quay.io/citrix/citrix-k8s-ingress-controller:1.8.28" - type: string - label: CIC Image - group: "CIC/CPX Image Settings" -- variable: image - type: string - default: "quay.io/citrix/citrix-k8s-cpx-ingress:13.0-58.30" - label: CPX Image - group: "CIC/CPX Image Settings" -- variable: exporter.image - default: "quay.io/citrix/citrix-adc-metrics-exporter:1.4.5" - type: string - description: "Exporter Image to be used" - label: Exporter Image - group: "Exporter Settings" -- variable: exporter.pullPolicy - default: "IfNotPresent" - type: string - description: "Exporter Image pull policy" - label: Exporter Image PullPolicy - group: "Exporter Settings" -- variable: exporter.ports.containerPort - default: 8888 - type: int - label: Exporter ContainerPort - group: "Exporter Settings" -- variable: coeConfig.distributedTracing.enable - default: false - type: boolean - label: Enable distributedTracing - group: "COE Settings" -- variable: coeConfig.distributedTracing.samplingrate - default: 100 - type: int - label: COE Sampling Rate - group: "COE Settings" -- variable: coeConfig.endpoint.server - type: string - label: COE Endpoint Server - group: "COE Settings" -- variable: coeConfig.timeseries.port - default: 5563 - type: int - label: COE timeseries port - group: "COE Settings" -- variable: coeConfig.timeseries.metrics.enable - default: false - type: boolean - label: Enable timeseries metrics - group: "COE Settings" -- variable: coeConfig.timeseries.metrics.mode - default: 'avro' - type: string - label: COE timeseries metrics Mode - group: "COE Settings" -- variable: coeConfig.timeseries.auditlogs.enable - default: false - type: string - label: Enable timeseries auditlogs - group: "COE Settings" -- variable: coeConfig.timeseries.events.enable - default: false - type: string - label: Enable timeseries events - group: "COE Settings" -- variable: coeConfig.transactions.enable - default: false - type: string - label: Enable transactions - group: "COE Settings" -- variable: coeConfig.transactions.port - default: 5557 - type: int - label: COE transactions port - group: "COE Settings" -- variable: crds.install - default: true - type: boolean - description: "If set to true the charts will install CustomResourceDefinitions which are consumed by CIC." - label: CRD flag - group: "Deployment Settings" -- variable: crds.retainOnDelete - default: false - type: boolean - description: "Set this argument to true if you want to retain CustomResourceDefinitions even after uninstalling CIC. This will avoid data-loss of Custom Resource Objects created before uninstallation." - label: CRD retainOnDelete flag - group: "Deployment Settings" diff --git a/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/templates/NOTES.txt b/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/templates/NOTES.txt deleted file mode 100755 index bccfdf69a..000000000 --- a/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/templates/NOTES.txt +++ /dev/null @@ -1,14 +0,0 @@ -Thank you for installing {{ .Chart.Name }}. - -Your release is named {{ .Release.Name }}. - - -To learn more about the release, try: - - $ helm status {{ .Release.Name }} - $ helm get {{ .Release.Name }} - - -To delete : - helm delete {{ .Release.Name }} - diff --git a/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/templates/_helpers.tpl b/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/templates/_helpers.tpl deleted file mode 100755 index 5fd1f1d61..000000000 --- a/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/templates/_helpers.tpl +++ /dev/null @@ -1,11 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Analytics Server IP or DNS -*/}} -{{- define "analytics.server" -}} -{{- if .Values.coeConfig.endpoint.server -}} -{{- printf .Values.coeConfig.endpoint.server -}} -{{- else -}} -{{- printf "coe.%s.svc.cluster.local" .Release.Namespace -}} -{{- end -}} -{{- end -}} diff --git a/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/templates/cic_crds.yaml b/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/templates/cic_crds.yaml deleted file mode 100755 index 2ca841373..000000000 --- a/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/templates/cic_crds.yaml +++ /dev/null @@ -1,1009 +0,0 @@ -{{- if .Values.crds.install }} -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: rewritepolicies.citrix.com -{{- if .Values.crds.retainOnDelete }} - annotations: - "helm.sh/resource-policy": keep -{{- end }} -spec: - group: citrix.com - version: v1 - names: - kind: rewritepolicy - plural: rewritepolicies - singular: rewritepolicy - scope: Namespaced - subresources: - status: {} - additionalPrinterColumns: - - name: Status - type: string - description: "Current Status of the CRD" - JSONPath: .status.state - - name: Message - type: string - description: "Status Message" - JSONPath: .status.status_message - validation: - openAPIV3Schema: - properties: - spec: - properties: - rewrite-policies: - type: array - items: - properties: - servicenames: - description: 'Name of the services that needs to be binded to rewrite policy.' - type: array - items: - type: string - maxLength: 127 - goto-priority-expression: - description: 'Expression or other value specifying the next policy to be - evaluated if the current policy evaluates to TRUE. - Specify one of the following values: - * NEXT - Evaluate the policy with the next higher priority number. - * END - End policy evaluation. - Default value of goto-priority-expression: END' - type: string - maxLength: 1499 - logpackets: - description: 'Adds an audit message action. - The action specifies whether to log the message, and to which log.' - properties: - logexpression: - description: 'Default-syntax expression that defines the format and content of the log message.' - type: string - maxLength: 7991 - loglevel: - description: 'Audit log level, which specifies the severity level of the log message being generated.' - type: string - enum: ["EMERGENCY", "ALERT", "CRITICAL", "ERROR", "WARNING", "NOTICE", "INFORMATIONAL", "DEBUG"] - required: [logexpression, loglevel] - rewrite-policy: - properties: - rewrite-criteria: - description: 'Expression against which traffic is evaluated.' - type: string - maxLength: 1299 - default-action: - description: 'Action to perform if the result of policy evaluation is undefined (UNDEF). - An UNDEF event indicates an internal error condition.' - type: string - maxLength: 77 - enum: ['NOREWRITE', 'RESET', 'DROP'] - operation: - description: 'Type of user-defined rewrite action.' - type: string - enum: ["noop", "delete", "insert_http_header", "delete_http_header", - "corrupt_http_header", "insert_before", "insert_after", "replace", - "replace_http_res", "delete_all", "replace_all", "insert_before_all", - "insert_after_all", "clientless_vpn_encode", "clientless_vpn_encode_all", - "clientless_vpn_decode", "clientless_vpn_decode_all", "insert_sip_header", - "delete_sip_header", "corrupt_sip_header", "replace_sip_res", "replace_diameter_header_field", - "replace_dns_header_field", "replace_dns_answer_section"] - target: - description: 'Default syntax expression that specifies which part of the request or response to rewrite.' - type: string - maxLength: 1229 - modify-expression: - description: 'Default syntax expression that specifies the content to insert into the request - or response at the specified location, or that replaces the specified string.' - type: string - maxLength: 7991 - multiple-occurence-modify: - description: 'Search facility that is used to match multiple strings in the request or response.' - type: string - maxLength: 171 - additional-multiple-occurence-modify: - description: 'Specify additional criteria to refine the results of the search. - Always starts with the "extend(m,n)" operation, where "m" specifies number of bytes to the left of selected data - and "n" specifies number of bytes to the right of selected data. - You can use refineSearch only on body expressions, and only when rewrite-criteria is any one of this: - INSERT_BEFORE_ALL, INSERT_AFTER_ALL, REPLACE_ALL, and DELETE_ALL.' - type: string - maxLength: 1299 - direction: - description: 'Bind point to which to bind the policy.' - type: string - enum: ["REQUEST","RESPONSE"] - comment: - description: 'Any comments to preserve information about this rewrite policy.' - type: string - maxLength: 255 - required: [rewrite-criteria, operation, target, direction] - required: [servicenames, rewrite-policy] - - responder-policies: - type: array - items: - properties: - servicenames: - description: 'Name of the services that needs to be binded to responder policy.' - type: array - items: - type: string - maxLength: 127 - goto-priority-expression: - description: 'Expression or other value specifying the next policy to be - evaluated if the current policy evaluates to TRUE. - Specify one of the following values: - * NEXT - Evaluate the policy with the next higher priority number. - * END - End policy evaluation. - Default value of goto-priority-expression: END' - type: string - maxLength: 1499 - logpackets: - description: 'Adds an audit message action. - The action specifies whether to log the message, and to which log.' - properties: - logexpression: - description: 'Default-syntax expression that defines the format and content of the log message.' - type: string - maxLength: 7991 - loglevel: - description: 'Audit log level, which specifies the severity level of the log message being generated.' - type: string - enum: ["EMERGENCY", "ALERT", "CRITICAL", "ERROR", "WARNING", - "NOTICE", "INFORMATIONAL", "DEBUG"] - required: [logexpression, loglevel] - responder-policy: - properties: - redirect: - description: 'Use this option when you want to Redirect the request when request matches to policy.' - properties: - url: - description: 'URL on which you want to redirect the request.' - type: string - maxLength: 7991 - redirect-status-code: - description: 'HTTP response status code, for example 200, 302, 404, etc.' - type: integer - minimum: 100 - maximum: 599 - redirect-reason: - description: 'Expression specifying the reason for redirecting the request.' - type: string - maxLength: 7991 - required: [url] - respondwith: - description: 'Use this parameter when you want to respond to the request when request matches to policy.' - properties: - http-payload-string: - description: 'Expression that you want to sent as response to the request.' - type: string - maxLength: 7991 - required: [http-payload-string] - noop: - description: 'Use this option when you want to send the request to the protected server instead of - responding to it when request matches to policy.' - properties: - target: - description: 'Default syntax expression that specifies to perform noop operation on' - type: string - maxLength: 1229 - reset: - description: 'Use this option when you want to Reset the client connection by closing it when request matches to policy.' - properties: - drop: - description: 'Use this option when you want to drop the request without sending a response to the user when request matches to policy.' - properties: - respond-criteria: - description: 'Default syntax expression that the policy uses to determine whether to respond to the specified request.' - type: string - maxLength: 1299 - default-action: - description: 'Action to perform if the result of policy evaluation is undefined (UNDEF). - An UNDEF event indicates an internal error condition.' - type: string - maxLength: 77 - enum: ['NOOP', 'RESET', 'DROP'] - comment: - description: 'Any comments to preserve information about this responder policy.' - type: string - maxLength: 255 - required: [respond-criteria] - oneOf: [required: [redirect], required: [respondwith], required: [noop], required: [reset], required: [drop]] - required: [servicenames, responder-policy] - - dataset: - type: array - items: - properties: - name: - description: 'Name of the dataset.' - type: string - maxLength: 32 - type: - description: 'Type of value to bind to the dataset.' - type: string - enum: ["ipv4", "number", "ipv6", "ulong", "double", "mac"] - comment: - description: 'Any comments to preserve information about this dataset.' - type: string - maxLength: 255 - values: - description: 'Value of the specified type that is associated with this dataset.' - type: array - required: [name, type, values] - - patset: - type: array - items: - properties: - name: - description: 'Name of the Patset.' - type: string - maxLength: 32 - comment: - description: 'Any comments to preserve information about this patset.' - type: string - maxLength: 255 - values: - description: 'String of characters that constitutes a pattern and is associated with this patset.' - type: array - required: [name, values] - - stringmap: - type: array - items: - properties: - name: - description: 'Name of the Stringmap.' - type: string - maxLength: 32 - comment: - description: 'Any comments to preserve information about this stringmap.' - type: string - maxLength: 255 - values: - description: 'List of (key,value) pairs to be bound to this string map.' - type: array - items: - properties: - key: - description: 'Character string constituting the key to be bound to this string map.' - type: string - maxLength: 2047 - value: - description: 'Character string constituting the value associated with the key.' - type: string - maxLength: 2047 - required: [name, values] - ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: ratelimits.citrix.com -{{- if .Values.crds.retainOnDelete }} - annotations: - "helm.sh/resource-policy": keep -{{- end }} -spec: - group: citrix.com - version: v1beta1 - names: - kind: ratelimit - plural: ratelimits - singular: ratelimit - scope: Namespaced - subresources: - status: {} - additionalPrinterColumns: - - name: Status - type: string - description: "Current Status of the CRD" - JSONPath: .status.state - - name: Message - type: string - description: "Status Message" - JSONPath: .status.status_message - validation: - openAPIV3Schema: - properties: - spec: - properties: - servicenames: - description: 'Name of the services to which the ratelimit policies are applied.' - type: array - items: - type: string - maxLength: 127 - selector_keys: - description: 'Traffic match criteria to which apply above rate-limit/throttling. All keys are applied as AND condition. If no keys are specified, rate-limit applies at service level' - properties: - basic: - description: "Basic traffic stream selection criteria to which to apply the ratelimit" - properties: - path: - type: array - description: "api resource path prefix match. e.g. /api/v1/products" - items: - type: string - method: - type: array - items: - type: string - enum: ['GET', 'PUT', 'POST','DELETE'] - header_name: - description: "HTTP header that identifies the unique API client for e.g. X-apikey" - type: string - per_client_ip: - description: "Setting this applies the throttling limit to each unique Client IP address accessing the API resource" - type: boolean - req_threshold: - description: 'Max requests per timeslice units to be allowed' - type: integer - timeslice: - description: 'Timeslice in miliseconds in multiple of 10. Defaults to 1000 miliseconds' - type: integer - limittype: - description: "Burst mode or smooth. Defaults to burst mode if the limittype is not specified" - type: string - enum: ['BURSTY','SMOOTH'] - throttle_action: - type: string - enum: ['DROP', 'RESET','REDIRECT', 'RESPOND'] - description: "Drop will drop the requests exceeding limits, RESET will reset the client connection, Redirect will redirect to specified URL, respond will respond with 429 'Exceeded allowed rate of requests'" - redirect_url: - type: string - description: "Redirect-URL" - required: [servicenames, req_threshold] ---- -#Sample CRD instance - -#apiVersion: citrix.com/v1 -#description: VIP for apache service -#kind: vip -#metadata: -# name: service-apache -# namespace: default -#spec: -# description: VIP for the apache Service -# ipaddress: 10.99.98.90 -# kind: service -# name: apache - -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: vips.citrix.com -{{- if .Values.crds.retainOnDelete }} - annotations: - "helm.sh/resource-policy": keep -{{- end }} -spec: - group: citrix.com - version: v1 - names: - kind: vip - plural: vips - singular: vip - scope: Namespaced - subresources: - status: {} - additionalPrinterColumns: - - name: Status - type: string - description: "Current Status of the CRD" - JSONPath: .status.state - - name: Message - type: string - description: "Status Message" - JSONPath: .status.status_message - additionalPrinterColumns: - - JSONPath: .spec.ipaddress - name: VIP - type: string - - name: Age - type: date - JSONPath: .metadata.creationTimestamp - validation: - openAPIV3Schema: - properties: - spec: - properties: - ipaddress: - type: string - name: - type: string - kind: - type: string - enum: ["service", "ingress"] - description: - type: string ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: authpolicies.citrix.com -{{- if .Values.crds.retainOnDelete }} - annotations: - "helm.sh/resource-policy": keep -{{- end }} -spec: - group: citrix.com - version: v1beta1 - names: - kind: authpolicy - plural: authpolicies - singular: authpolicy - scope: Namespaced - subresources: - status: {} - additionalPrinterColumns: - - name: Status - type: string - description: "Current Status of the CRD" - JSONPath: .status.state - - name: Message - type: string - description: "Status Message" - JSONPath: .status.status_message - validation: - openAPIV3Schema: - properties: - spec: - properties: - servicenames: - description: 'Name of the services that needs to be binded to rewrite policy.' - type: array - items: - type: string - maxLength: 127 - auth_providers: - description: 'Auth Config for required auth providers, one or more of these can be created' - type: array - items: - description: " create config for a single auth provider of a particular type" - properties: - name: - description: 'Name for this provider, has to be unique, referenced by auth policies' - type: string - - oauth: - description: 'Auth provided by external oAuth provider' - properties: - issuer: - description: 'Identity of the server whose tokens are to be accepted' - type: string - jwks_uri: - description: 'URL of the endpoint that contains JWKs (Json Web Key) for JWT (Json Web Token) verification' - type: string - audience: - description: 'Audience for which token sent by Authorization server is applicable' - type: array - items: - type: string - token_in_hdr: - description: 'custom header name where token is present, default is Authorization header' - type: array - items: - type: string - token_in_param: - description: 'query parameter name where token is present' - type: array - items: - type: string - - basic_local_db: - description: 'Basic HTTP authentication, user data in local DB' - - required: - - name - - auth_policies: - description: "Auth policies" - type: array - items: - description: "Auth policy" - properties: - resource: - description: " endpoint/resource selection criteria" - properties: - path: - description: "api resource path e.g. /products. " - type: array - items: - type: string - method: - type: array - items: - type: string - enum: ['GET', 'PUT', 'POST','DELETE'] - required: - - path - provider: - description: "name of the auth provider for the policy, empty if no authentication required" - type: array - items: - type: string - required: - - resource - - provider - - required: - - servicenames - ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: listeners.citrix.com -{{- if .Values.crds.retainOnDelete }} - annotations: - "helm.sh/resource-policy": keep -{{- end }} -status: -spec: - group: citrix.com - version: v1alpha1 - names: - kind: Listener - plural: listeners - singular: listener - scope: Namespaced - subresources: - status: {} - additionalPrinterColumns: - - name: Status - type: string - description: "Current Status of the CRD" - JSONPath: .status.state - - name: Message - type: string - description: "Status Message" - JSONPath: .status.status_message - validation: - openAPIV3Schema: - required: [spec] - properties: - spec: - type: object - required: [protocol] - properties: - protocol: - type: string - enum: ["https", "http"] - description: "Protocol for this listener" - vip: - type: string - description: "Endpoint IP address, Optional for CPX, required for Tier-1 deployments" - port: - type: integer - minimum: 1 - maximum: 65535 - certificates: - type: array - description: "certificates attached to the endpoints - Not applicable for HTTP" - minItems: 1 - items: - type: object - properties: - preconfigured: - type: string - description: "Preconfigured Certificate name on ADC " - secret: - type: object - description: "Kuberentes secret object" - required: [name] - properties: - name: - type: string - description: "name of the Kubernetes Secret object where Cert is located" - pattern: '^[a-z0-9]([-a-z0-9]*[a-z0-9])?$' - namespace: - type: string - description: "Namespace of the kubernetes secret object; Default is same namespace where the Listener object is located" - pattern: '^[a-z0-9]([-a-z0-9]*[a-z0-9])?$' - default: - type: boolean - description: "Only one of the certificate can be marked as default which will be presented if none of the cert matches with the hostname" - routes: - type: array - description: "List of route objects attached to the listener" - minItems: 1 - items: - type: object - properties: - name: - type: string - description: "Name of the HTTPRoute object" - pattern: '^[a-z0-9]([-a-z0-9]*[a-z0-9])?$' - namespace: - type: string - description: "Namespace of the HTTPRoute object" - pattern: '^[a-z0-9]([-a-z0-9]*[a-z0-9])?$' - labelSelector: - description: "Labels key value pair, if the route carries the same labels, it is automatically attached" - type: object - additionalProperties: - type: string - oneOf: - - required: [name, namespace] - - required: [labelSelector] - defaultAction: - type: object - description: "Default action for the listener: One of Backend or Redirect" - properties: - backend: - type: object - oneOf: - - required: [kube] - properties: - kube: - type: object - required: [service, port] - properties: - service: - description: "Name of the backend service" - type: string - pattern: '^[a-z0-9]([-a-z0-9]*[a-z0-9])?$' - port: - description: "Service port" - type: integer - minimum: 1 - maximum: 65535 - namespace: - description: "Service namespace" - type: string - pattern: '^[a-z0-9]([-a-z0-9]*[a-z0-9])?$' - backendConfig: - description: "General backend service options" - properties: - secure_backend: - description: "Use Secure communications to the backends" - type: boolean - lbConfig: - description: "Citrix ADC LB vserver configurations for the backend. Refer: https://developer-docs.citrix.com/projects/netscaler-nitro-api/en/12.0/configuration/load-balancing/lbvserver/lbvserver/ for all configurations" - type: object - additionalProperties: - type: string - servicegroupConfig: - description: "Citrix ADC service group configurations for the backend; Refer: https://developer-docs.citrix.com/projects/netscaler-nitro-api/en/12.0/configuration/basic/servicegroup/servicegroup/ for all configurations" - type: object - additionalProperties: - type: string - redirect: - type: object - oneOf: - - required: [targetExpression] - - required: [hostRedirect] - - required: [httpsRedirect] - properties: - httpsRedirect: - description: "Change the scheme from http to https keeping URL intact" - type: boolean - hostRedirect: - description: "Host name specified is used for redirection with URL intact" - type: string - targetExpression: - description: "A target can be specified using Citrix ADC policy expression" - type: string - responseCode: - description: "Default response code is 302, which can be customised using this attribute" - type: integer - minimum: 100 - maximum: 599 - oneOf: - - required: ["backend"] - - required: ["redirect"] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: httproutes.citrix.com -{{- if .Values.crds.retainOnDelete }} - annotations: - "helm.sh/resource-policy": keep -{{- end }} -spec: - group: citrix.com - version: v1alpha1 - names: - kind: HTTPRoute - plural: httproutes - singular: httproute - scope: Namespaced - subresources: - status: {} - additionalPrinterColumns: - - name: Status - type: string - description: "Current Status of the CRD" - JSONPath: .status.state - - name: Message - type: string - description: "Status Message" - JSONPath: .status.status_message - validation: - openAPIV3Schema: - required: [spec] - properties: - spec: - type: object - required: [rules] - properties: - hostname: - type: array - description: "List of domain names that share the same route, default is '*'" - minItems: 1 - items: - type: string - description: "Domain name" - rules: - type: array - description: "List Content routing rules with an action defined" - minItems: 1 - items: - type: object - required: [name, action] - properties: - name: - type: string - description: "A name to represent the rule, this is used as an identifier in content routing policy name in ADC" - minLength: 1 - maxLength: 20 - pattern: '^[a-z0-9]([-a-z0-9]*[a-z0-9])?$' - match: - type: array - description: "List of rules with same action" - minItems: 1 - items: - type: object - anyOf: - - required: [path] - - required: [headers] - - required: [cookies] - - required: [queryParams] - - required: [method] - - required: [policyExpression] - properties: - path: - type: object - description: "URL Path based content routing" - properties: - prefix: - type: string - description: "URL path matches the prefix expression" - exact: - type: string - description: "URL Path must match exact path" - regex: - type: string - description: "PCRE based regex expression for path matching" - headers: - type: array - description: "List of header for content routing - Must match all the rules- Treated as AND condition if more than 1 rule" - minItems: 1 - items: - type: object - description: "Header details for content routing, Check for existence of a header or header name-value match" - properties: - headerName: - type: object - description: "Header name based content routing, Here existence of header is used for routing" - properties: - exact: - type: string - description: "Header Name - treated as exact must exist" - contains: - type: string - description: "Header Name - A header must exist that contain the string the name" - regex: - type: string - description: "header Name - treated as PCRE regex expression" - not: - type: boolean - description: "Default False, if present, rules are inverted. I.e header name must not exist" - oneOf: - - required: [exact] - - required: [contains] - - required: [regex] - headerValue: - type: object - description: "Header Name and Value based match" - properties: - name: - type: string - description: "Header name that must match the value" - exact: - type: string - description: "Header value - treated as exact" - contains: - type: string - description: "Header value - treated as contains" - regex: - type: string - description: "header value - treated as PCRE regex expression" - not: - type: boolean - description: "Default False, if present, rules are inverted. I.e header if present must not match the value" - oneOf: - - required: [name, exact] - - required: [name, contains] - - required: [name, regex] - queryParams: - type: array - description: "List of Query parameters for content routing - Must match all the rules- Treated as AND condition if more than 1 rule" - minItems: 1 - items: - type: object - description: "Query parameters Name and Value based match" - properties: - name: - type: string - description: "Query name that must match the value. If no value is specified, matches with any value" - exact: - type: string - description: "Query value - Exact match" - contains: - type: string - description: "Query value - value must have the string(substring)" - regex: - type: string - description: "Query value - Value must match this regex patterm" - not: - type: boolean - description: "Default False, if present, rules are inverted. I.e query if present must not match the value" - anyOf: - - required: [name] - - oneOf: - - required: [name, exact] - - required: [name, contains] - - required: [name, regex] - cookies: - type: array - description: "List of Cookie params for content routing - Must match all the rules- Treated as AND condition if more than 1 rule" - minItems: 1 - items: - type: object - description: "Cookie based routing" - properties: - name: - type: string - description: "cookie name that must match the value. If no value specified, it matches with any value" - exact: - type: string - description: "cookie value - treated as exact" - contains: - type: string - description: "cookie value - treated as substring" - regex: - type: string - description: "cookie value - treated as PCRE regex expression" - not: - type: boolean - description: "Default False, if present, rules are inverted. I.e cookie if present must not match the value" - anyOf: - - required: [name] - - oneOf: - - required: [name, exact] - - required: [name, contains] - - required: [name, regex] - method: - type: string - description: "HTTP method for content routing eg: POST, PUT, DELETE etc" - policyExpression: - type: string - description: "Citrix ADC policy expressions; refer: https://docs.citrix.com/en-us/netscaler/media/expression-prefix.pdf" - action: - type: object - description: "Action for the matched rule" - properties: - backend: - type: object - oneOf: - - required: [kube] - properties: - kube: - type: object - required: [service, port] - properties: - service: - description: "Name of the backend service" - type: string - pattern: '^[a-z0-9]([-a-z0-9]*[a-z0-9])?$' - port: - description: "Service port" - type: integer - minimum: 1 - maximum: 65535 - backendConfig: - description: "General backend service options" - properties: - secure_backend: - description: "Use Secure communications to the backends" - type: boolean - lbConfig: - description: "Citrix ADC LB vserver configurations for the backend. Refer: https://developer-docs.citrix.com/projects/netscaler-nitro-api/en/12.0/configuration/load-balancing/lbvserver/lbvserver/ for all configurations" - type: object - additionalProperties: - type: string - servicegroupConfig: - description: "Citrix ADC service group configurations for the backend; Refer: https://developer-docs.citrix.com/projects/netscaler-nitro-api/en/12.0/configuration/basic/servicegroup/servicegroup/ for all configurations" - type: object - additionalProperties: - type: string - redirect: - type: object - oneOf: - - required: [targetExpression] - - required: [hostRedirect] - - required: [httpsRedirect] - properties: - httpsRedirect: - description: "Change the scheme from http to https keeping URL intact" - type: boolean - hostRedirect: - description: "Host name specified is used for redirection with URL intact" - type: string - targetExpression: - description: "A target can be specified using Citrix ADC policy expression" - type: string - responseCode: - description: "Default response code is 302, which can be customised using this attribute" - type: integer - minimum: 100 - maximum: 599 - oneOf: - - required: ["backend"] - - required: ["redirect"] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - # name must match the spec fields below, and be in the form: . - name: continuousdeployments.citrix.com -{{- if .Values.crds.retainOnDelete }} - annotations: - "helm.sh/resource-policy": keep -{{- end }} -spec: - # group name to use for REST API: /apis// - group: citrix.com - # list of versions supported by this CustomResourceDefinition - version: v1 - # - name: v1 - # Each version can be enabled/disabled by Served flag. - # served: true - # One and only one version must be marked as the storage version. - #storage: true - # either Namespaced or Cluster - scope: Namespaced - subresources: - status: {} - additionalPrinterColumns: - - name: Status - type: string - description: "Current Status of the CRD" - JSONPath: .status.state - - name: Message - type: string - description: "Status Message" - JSONPath: .status.status_message - names: - # plural name to be used in the URL: /apis/// - plural: continuousdeployments - # singular name to be used as an alias on the CLI and for display - singular: continuousdeployment - # kind is normally the CamelCased singular type. Your resource manifests use this. - kind: continuousDeploymentCustomConfig - # shortNames allow shorter string to match your resource on the CLI - shortNames: - - crd - - validation: - # openAPIV3Schema is the schema for validating custom objects. - openAPIV3Schema: - properties: - spec: - properties: - cronSpec: - type: integer ---- -{{- end }} \ No newline at end of file diff --git a/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/templates/citrix-k8s-cpx-ingress.yaml b/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/templates/citrix-k8s-cpx-ingress.yaml deleted file mode 100755 index d920cb67c..000000000 --- a/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/templates/citrix-k8s-cpx-ingress.yaml +++ /dev/null @@ -1,221 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: cpx-ingress -spec: - selector: - matchLabels: - app: cpx-ingress - replicas: 1 - template: - metadata: - name: cpx-ingress - labels: - app: cpx-ingress - annotations: - spec: - serviceAccountName: cpx-ingress-k8s-role - containers: - - name: cpx-ingress - image: "{{ .Values.image }}" - imagePullPolicy: {{ .Values.pullPolicy }} - securityContext: - privileged: true - env: - - name: "EULA" - value: "{{ .Values.license.accept }}" - - name: "KUBERNETES_TASK_ID" - value: "" -{{- if .Values.ADMSettings.licenseServerIP }} - - name: "LS_IP" - value: {{ .Values.ADMSettings.licenseServerIP | quote }} -{{- end }} -{{- if .Values.ADMSettings.licenseServerPort }} - - name: "LS_PORT" - value: {{ .Values.ADMSettings.licenseServerPort | quote }} -{{- end }} - - name: "MGMT_HTTP_PORT" - value: {{ .Values.mgmtHttpPort | quote }} - - name: "MGMT_HTTPS_PORT" - value: {{ .Values.mgmtHttpsPort | quote }} -{{- if .Values.ADMSettings.ADMIP }} - - name: "NS_MGMT_SERVER" - value: {{ .Values.ADMSettings.ADMIP | quote }} - - name: "NS_MGMT_FINGER_PRINT" - value: {{ .Values.ADMSettings.ADMFingerPrint | quote }} - - name: "NS_HTTP_PORT" - value: {{ .Values.mgmtHttpPort | quote }} - - name: "NS_HTTPS_PORT" - value: {{ .Values.mgmtHttpsPort | quote }} - - name: "LOGSTREAM_COLLECTOR_IP" - value: {{ .Values.ADMSettings.ADMIP | quote }} -{{- end }} -#To povision bandwidth based licensing to Citrix ADC CPX from ADM, needs bandwidth -{{- if and ( .Values.ADMSettings.licenseServerIP ) (eq .Values.ADMSettings.bandWidthLicense true) }} - - name: "BANDWIDTH" - value: {{ required "Mention bandwidth for bandwidth based licensing" .Values.ADMSettings.bandWidth | quote }} -{{- end }} -#for multiple-PE support, need to set CPX_CORES -{{- if .Values.ADMSettings.licenseServerIP }} -{{- if or (eq .Values.ADMSettings.vCPULicense true) (eq .Values.ADMSettings.bandWidthLicense true) }} - - name: "CPX_CORES" - value: {{ .Values.ADMSettings.cpxCores | default 1 | quote }} -{{- end }} -{{- end }} -{{- if or (.Values.ADMSettings.ADMIP) (.Values.ADMSettings.licenseServerIP) }} - - name: NS_MGMT_USER - valueFrom: - secretKeyRef: - name: {{ required "Provide Secret for ADM/LicenseServer credentials" .Values.ADMSettings.loginSecret }} - key: username - - name: NS_MGMT_PASS - valueFrom: - secretKeyRef: - name: {{ required "Provide Secret for ADM/LicenseServer credentials" .Values.ADMSettings.loginSecret }} - key: password -{{- end }} - volumeMounts: - - mountPath: /cpx/conf/ - name: cpx-volume1 - - mountPath: /cpx/crash/ - name: cpx-volume2 -{{- if .Values.cic.required }} - # Add cic as a sidecar - - name: cic - image: "{{ .Values.cic.image }}" - imagePullPolicy: {{ .Values.cic.pullPolicy }} - env: - - name: "EULA" - value: "{{ .Values.license.accept }}" - - name: "NS_IP" - value: "127.0.0.1" - - name: "NS_APPS_NAME_PREFIX" - value: {{ .Values.nsNamespace | default "k8s"}} - - name: "NS_DEPLOYMENT_MODE" - value: "SIDECAR" - - name: "NS_ENABLE_MONITORING" - value: "YES" - - name: "NS_USER" - valueFrom: - secretKeyRef: - name: cpxlogin - key: username - - name: "NS_PASSWORD" - valueFrom: - secretKeyRef: - name: cpxlogin - key: password -{{- if .Values.logProxy }} - - name: "NS_LOGPROXY" - value: {{ .Values.logProxy | quote }} -{{- end }} - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace -{{- if .Values.kubernetesURL }} - - name: "kubernetes_url" - value: "{{ .Values.kubernetesURL }}" -{{- end }} - args: - - --configmap - {{ .Release.Namespace }}/cpx-cic-configmap -{{- if .Values.ingressClass }} - - --ingress-class -{{- range .Values.ingressClass}} - {{.}} -{{- end }} -{{- end }} -{{- if .Values.defaultSSLCert }} - - --default-ssl-certificate - {{ .Release.Namespace }}/{{ .Values.defaultSSLCert }} -{{- end }} -{{- end }} -{{- if .Values.exporter.required }} - - name: exporter - image: "{{ .Values.exporter.image }}" - imagePullPolicy: {{ .Values.exporter.pullPolicy }} - args: - - "--secure=no" - - "--target-nsip=127.0.0.1" - - "--port={{ .Values.exporter.ports.containerPort }}" - env: - - name: "NS_USER" - valueFrom: - secretKeyRef: - name: cpxlogin - key: username - - name: "NS_PASSWORD" - valueFrom: - secretKeyRef: - name: cpxlogin - key: password - securityContext: - readOnlyRootFilesystem: true -{{- end }} - volumes: - - name: cpx-volume1 - emptyDir: {} - - name: cpx-volume2 - emptyDir: {} -{{- if and .Values.nodeSelector.key .Values.nodeSelector.value }} - nodeSelector: - {{ .Values.nodeSelector.key }}: {{ .Values.nodeSelector.value }} -{{- end }} - ---- - -apiVersion: v1 -kind: Service -metadata: - name: cpx-service - labels: - app: cpx-service - service-type: citrix-adc-cpx-monitor -spec: - type: NodePort - ports: - - port: 80 - protocol: TCP - name: http - - port: 443 - protocol: TCP - name: https -{{- if .Values.exporter.required }} - - port: {{ .Values.exporter.ports.containerPort }} - targetPort: {{ .Values.exporter.ports.containerPort }} - name: exporter-port -{{- end }} - selector: - app: cpx-ingress - ---- - -{{- if .Values.exporter.required }} - -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: citrix-adc-cpx-servicemonitor - labels: - servicemonitor: citrix-adc-cpx -spec: - endpoints: - - interval: 30s - port: exporter-port - selector: - matchLabels: - service-type: citrix-adc-cpx-monitor - namespaceSelector: - matchNames: - - monitoring - - default - - {{ .Release.Namespace }} - -{{- end }} diff --git a/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/templates/configmap.yaml b/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/templates/configmap.yaml deleted file mode 100755 index dd0c1bbee..000000000 --- a/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/templates/configmap.yaml +++ /dev/null @@ -1,31 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: cpx-cic-configmap - labels: - app: citrix-ingress-controller -data: - LOGLEVEL: {{ .Values.logLevel | quote | lower }} - NS_PROTOCOL: "http" - NS_PORT: "80" - NS_HTTP2_SERVER_SIDE: {{ .Values.http2ServerSide | quote | upper }} -{{- if .Values.coeConfig.required }} - NS_ANALYTICS_CONFIG: | - distributed_tracing: - enable: {{ .Values.coeConfig.distributedTracing.enable | quote }} - samplingrate: {{ .Values.coeConfig.distributedTracing.samplingrate }} - endpoint: - server: {{ include "analytics.server" . | quote }} - timeseries: - port: {{ .Values.coeConfig.timeseries.port }} - metrics: - enable: {{ .Values.coeConfig.timeseries.metrics.enable | quote }} - mode: {{ .Values.coeConfig.timeseries.metrics.mode | quote }} - auditlogs: - enable: {{ .Values.coeConfig.timeseries.auditlogs.enable | quote }} - events: - enable: {{ .Values.coeConfig.timeseries.events.enable | quote }} - transactions: - enable: {{ .Values.coeConfig.transactions.enable | quote }} - port: {{ .Values.coeConfig.transactions.port }} -{{- end }} diff --git a/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/templates/login_credentials.yaml b/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/templates/login_credentials.yaml deleted file mode 100755 index 0e22ef9dd..000000000 --- a/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/templates/login_credentials.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: cpxlogin -type: Opaque -data: - username: bnNyb290 - password: bnNyb290 diff --git a/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/templates/rbac.yaml b/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/templates/rbac.yaml deleted file mode 100755 index 66482380d..000000000 --- a/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/templates/rbac.yaml +++ /dev/null @@ -1,73 +0,0 @@ -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1beta1 -metadata: - name: cpx-ingress-k8s-role -rules: - - apiGroups: [""] -{{- if .Values.openshift }} - resources: ["endpoints", "ingresses", "pods", "secrets", "routes", "tokenreviews", "subjectaccessreviews", "nodes", "namespaces", "configmaps"] -{{- else }} - resources: ["endpoints", "ingresses", "pods", "secrets", "routes", "nodes", "namespaces", "configmaps"] -{{- end}} - verbs: ["get", "list", "watch"] - # services/status is needed to update the loadbalancer IP in service status for integrating - # service of type LoadBalancer with external-dns - - apiGroups: [""] - resources: ["services/status"] - verbs: ["patch"] - - apiGroups: [""] - resources: ["services"] - verbs: ["get", "list", "watch", "patch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["create"] - - apiGroups: ["extensions","networking.k8s.io"] - resources: ["ingresses"] - verbs: ["get", "list", "watch"] - - apiGroups: ["extensions","networking.k8s.io"] - resources: ["ingresses/status"] - verbs: ["patch"] - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] - - apiGroups: ["apps"] - resources: ["deployments"] - verbs: ["get", "list", "watch"] - - apiGroups: ["citrix.com"] - resources: ["rewritepolicies", "continuousdeployments", "authpolicies", "ratelimits", "listeners", "httproutes"] - verbs: ["get", "list", "watch"] - - apiGroups: ["citrix.com"] - resources: ["rewritepolicies/status", "continuousdeployments/status", "authpolicies/status", "ratelimits/status", "listeners/status", "httproutes/status"] - verbs: ["get", "list", "patch"] - - apiGroups: ["citrix.com"] - resources: ["vips"] - verbs: ["get", "list", "watch", "create", "delete"] - - apiGroups: ["route.openshift.io"] - resources: ["routes"] - verbs: ["get", "list", "watch"] - ---- - -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1beta1 -metadata: - name: cpx-ingress-k8s-role -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cpx-ingress-k8s-role -subjects: -- kind: ServiceAccount - name: cpx-ingress-k8s-role - namespace: {{ .Release.Namespace }} -apiVersion: rbac.authorization.k8s.io/v1 - ---- - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: cpx-ingress-k8s-role - namespace: {{ .Release.Namespace }} - ---- diff --git a/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/values.yaml b/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/values.yaml deleted file mode 100755 index cda67583c..000000000 --- a/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/values.yaml +++ /dev/null @@ -1,81 +0,0 @@ -# Default values for citrix-cpx-with-ingress-controller. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -# cpximage contains information needed to fetch CPX image -image: quay.io/citrix/citrix-k8s-cpx-ingress:13.0-58.30 -pullPolicy: IfNotPresent -# cicimage contains information needed to fetch CIC image -cic: - image: quay.io/citrix/citrix-k8s-ingress-controller:1.8.28 - pullPolicy: IfNotPresent - required: true - -mgmtHttpPort: 9080 - -mgmtHttpsPort: 9443 -# openshift is set to true if charts are being deployed in OpenShift environment. -openshift: false -# nsNamespace is the prefix for the resources on the Citrix ADC -nsNamespace: -# license is used accept the terms of the Citrix license -license: - accept: no -# ingressClass is the name of the Ingress Class -ingressClass: -# logLevel is to set level of CIC Logs -logLevel: DEBUG -# Default SSL certificate -defaultSSLCert: -# Elasticsearch or Kafka or Zipkin endpoint for Citrix observability exporter -logProxy: -# Set to ON to enables HTTP2 for Citrix ADC service group configurations -http2ServerSide: "OFF" -nodeSelector: - key: - value: - -ADMSettings: - licenseServerIP: - licenseServerPort: 27000 - ADMIP: - ADMFingerPrint: - loginSecret: - bandWidthLicense: false - bandWidth: - vCPULicense: false - cpxCores: - -# exporter conatins information of prometheus-exporter -exporter: - required: false - image: quay.io/citrix/citrix-adc-metrics-exporter:1.4.4 - pullPolicy: IfNotPresent - ports: - containerPort: 8888 - -coeConfig: - required: false - distributedTracing: - enable: false - samplingrate: 100 - endpoint: - server: - timeseries: - port: 5563 - metrics: - enable: false - mode: 'avro' - auditlogs: - enable: false - events: - enable: false - transactions: - enable: false - port: 5557 - -crds: -# If false, CustomResourceDefinitions will not be installed. - install: true -# if set to true, then CustomResourceDefinitions will not be deleted during helm delete. This way, CustomResourceObjects will not be deleted from the database. - retainOnDelete: false diff --git a/charts/cloudcasa/cloudcasa/0.1.000/Chart.yaml b/charts/cloudcasa/cloudcasa/0.1.000/Chart.yaml deleted file mode 100755 index 3eaf82672..000000000 --- a/charts/cloudcasa/cloudcasa/0.1.000/Chart.yaml +++ /dev/null @@ -1,19 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/namespace: cloudcasa-io - catalog.cattle.io/release-name: cloudcasa -apiVersion: v2 -appVersion: 0.1.0 -description: CloudCasa backup service for Kubernetes and cloud native applications -home: https://cloudcasa.io -icon: https://partner-charts.rancher.io/assets/logos/cloudcasa.png -keywords: -- backup -- Catalogic -- CloudCasa -kubeVersion: '>=1.13.0-0' -maintainers: -- email: info@catalogicsoftware.com - name: catalogicsoftware -name: cloudcasa -version: 0.1.000 diff --git a/charts/cloudcasa/cloudcasa/0.1.000/README.md b/charts/cloudcasa/cloudcasa/0.1.000/README.md deleted file mode 100755 index f829ec17e..000000000 --- a/charts/cloudcasa/cloudcasa/0.1.000/README.md +++ /dev/null @@ -1,51 +0,0 @@ -# CloudCasa Kubernetes Agent - -[CloudCasa](https://cloudcasa.io) - A Smart Home in the Cloud for Kubernetes Backups - -# Introduction - -CloudCasa is a SaaS solution that provides class-leading data protection services for Kubernetes and cloud native applications. -Configuration is quick and easy, and basic service is free. - -This Helm chart installs and configures the CloudCasa agent on a Kubernetes cluster. -See the CloudCasa [Getting Started Guide](https://cloudcasa.io/get-started) for more information. - -## Prerequisites - -1. Kubernetes 1.17+ -2. Helm 3.0+ - -## Installation - -### Rancher Installation (Apps & Marketplace) - -1. Log in to https://home.cloudcasa.io and add your Kubernetes cluster under the Setup tab. Note the returned cluster ID. -2. Go to Apps & Marketplace in the Rancher UI. In the Deploy Chart section, check the Partners checkbox and click on the cloudcasa chart. -3. Provide a Name (e.g. CloudCasa) and optional description. -4. In the CloudCasa Configuration section, provide the Cluster ID obtained above. -5. Click on the Install button to complete installation of the agent. - -### Helm CLI Installation - -1. Log in to https://home.cloudcasa.io and add your Kubernetes cluster under the Setup tab. Note the returned cluster ID. -2. Execute the following helm commands, replacing `````` with the Cluster ID obtained above: -``` -$ helm repo add cloudcasa-repo https://catalogicsoftware.github.io/cloudcasa-helmchart -$ helm install cloudcasa.io cloudcasa-repo/cloudcasa-helmchart --set cluster_id= -``` -This will install the CloudCasa agent and complete registration of the cluster with the CloudCasa service. - -## Updating the CloudCasa Agent -1. Log in to https://home.cloudcasa.io and obtain the cluster ID for your cluster by selecting it under the Setup tab. -2. Execute the following commands to update the agent: -``` -$ helm repo update -$ helm upgrade cloudcasa.io cloudcasa-repo/cloudcasa-helmchart --set cluster_id= -``` - -## Uninstalling the CloudCasa Agent -``` -$ helm uninstall cloudcasa.io -``` - -*CloudCasa is a trademark of Catalogic Software Inc.* diff --git a/charts/cloudcasa/cloudcasa/0.1.000/app-readme.md b/charts/cloudcasa/cloudcasa/0.1.000/app-readme.md deleted file mode 100755 index bae0de627..000000000 --- a/charts/cloudcasa/cloudcasa/0.1.000/app-readme.md +++ /dev/null @@ -1,6 +0,0 @@ -# CloudCasa Kubernetes Agent - -### [CloudCasa](https://cloudcasa.io) - A Smart Home in the Cloud for Kubernetes Backups - -CloudCasa is a SaaS solution that provides class-leading data protection services for Kubernetes and cloud native applications. -Configuration is quick and easy, and basic service is free. See the CloudCasa [Getting Started Guide](https://cloudcasa.io/get-started) for more information. diff --git a/charts/cloudcasa/cloudcasa/0.1.000/questions.yaml b/charts/cloudcasa/cloudcasa/0.1.000/questions.yaml deleted file mode 100755 index d4443f94f..000000000 --- a/charts/cloudcasa/cloudcasa/0.1.000/questions.yaml +++ /dev/null @@ -1,13 +0,0 @@ -namespace: cloudcasa-io -labels: - io.rancher.certified: partner -categories: -- Application -questions: -- variable: cluster_id - default: "" - description: "CloudCasa Cluster ID" - type: string - required: true - label: CLUSTER ID - group: "CloudCasa Configuration" diff --git a/charts/cloudcasa/cloudcasa/0.1.000/templates/NOTES.txt b/charts/cloudcasa/cloudcasa/0.1.000/templates/NOTES.txt deleted file mode 100755 index e30a0df5a..000000000 --- a/charts/cloudcasa/cloudcasa/0.1.000/templates/NOTES.txt +++ /dev/null @@ -1,5 +0,0 @@ ---------Please be patient while the chart is being deployed-------- - -Tip: Watch the App deployment status using the command: kubectl get pods -n cloudcasa-io - -Monitor the Cloudcasa UI, the regsitered cluster state should be moved to Ready State. If the clutser state is still in Pendingstate, wrong ClusterID would have been provided. diff --git a/charts/cloudcasa/cloudcasa/0.1.000/templates/_helpers.tpl b/charts/cloudcasa/cloudcasa/0.1.000/templates/_helpers.tpl deleted file mode 100755 index 75bf8467f..000000000 --- a/charts/cloudcasa/cloudcasa/0.1.000/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "cloudcasa.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "cloudcasa.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "cloudcasa.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/cloudcasa/cloudcasa/0.1.000/templates/cluster-register.yaml b/charts/cloudcasa/cloudcasa/0.1.000/templates/cluster-register.yaml deleted file mode 100755 index 57552aa2e..000000000 --- a/charts/cloudcasa/cloudcasa/0.1.000/templates/cluster-register.yaml +++ /dev/null @@ -1,2982 +0,0 @@ -# -# The velero part of the agent spec has been generated using the following -# command: -# -# velero install \ -# --features=EnableCSI \ -# --no-default-backup-location=true \ -# --namespace=cloudcasa-io \ -# --use-volume-snapshots=false \ -# --no-secret \ -# --plugins velero/velero-plugin-for-aws \ -# --dry-run -o yaml > ./intermediate-template.yaml -# ----------------------------------------------------------------------- -# Steps to delete the agent deployment are: -# ----------------------------------------------------------------------- -# kubectl delete namespace/cloudcasa-io clusterrolebinding/cloudcasa-io -# kubectl delete crds -l component=kubeagent_backup_helper - -{{ if not (lookup "v1" "Namespace" .Values.namespace "cloudcasa-io") }} - -apiVersion: v1 -kind: Namespace -metadata: - name: cloudcasa-io - -{{ end }} ---- -apiVersion: v1 -items: -- apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null - labels: - component: kubeagent-backup-helper - name: backups.velero.io - spec: - group: velero.io - names: - kind: Backup - listKind: BackupList - plural: backups - singular: backup - preserveUnknownFields: false - scope: Namespaced - validation: - openAPIV3Schema: - description: Backup is a Velero resource that respresents the capture of Kubernetes cluster state at a point in time (API objects and associated volume state). - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: BackupSpec defines the specification for a Velero backup. - properties: - defaultVolumesToRestic: - description: DefaultVolumesToRestic specifies whether restic should be used to take a backup of all pod volumes by default. - type: boolean - excludedNamespaces: - description: ExcludedNamespaces contains a list of namespaces that are not included in the backup. - items: - type: string - nullable: true - type: array - excludedResources: - description: ExcludedResources is a slice of resource names that are not included in the backup. - items: - type: string - nullable: true - type: array - hooks: - description: Hooks represent custom behaviors that should be executed at different phases of the backup. - properties: - resources: - description: Resources are hooks that should be executed when backing up individual instances of a resource. - items: - description: BackupResourceHookSpec defines one or more BackupResourceHooks that should be executed based on the rules defined for namespaces, resources, and label selector. - properties: - excludedNamespaces: - description: ExcludedNamespaces specifies the namespaces to which this hook spec does not apply. - items: - type: string - nullable: true - type: array - excludedResources: - description: ExcludedResources specifies the resources to which this hook spec does not apply. - items: - type: string - nullable: true - type: array - includedNamespaces: - description: IncludedNamespaces specifies the namespaces to which this hook spec applies. If empty, it applies to all namespaces. - items: - type: string - nullable: true - type: array - includedResources: - description: IncludedResources specifies the resources to which this hook spec applies. If empty, it applies to all resources. - items: - type: string - nullable: true - type: array - labelSelector: - description: LabelSelector, if specified, filters the resources to which this hook spec applies. - nullable: true - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - name: - description: Name is the name of this hook. - type: string - post: - description: PostHooks is a list of BackupResourceHooks to execute after storing the item in the backup. These are executed after all "additional items" from item actions are processed. - items: - description: BackupResourceHook defines a hook for a resource. - properties: - exec: - description: Exec defines an exec hook. - properties: - command: - description: Command is the command and arguments to execute. - items: - type: string - minItems: 1 - type: array - container: - description: Container is the container in the pod where the command should be executed. If not specified, the pod's first container is used. - type: string - onError: - description: OnError specifies how Velero should behave if it encounters an error executing this hook. - enum: - - Continue - - Fail - type: string - timeout: - description: Timeout defines the maximum amount of time Velero should wait for the hook to complete before considering the execution a failure. - type: string - required: - - command - type: object - required: - - exec - type: object - type: array - pre: - description: PreHooks is a list of BackupResourceHooks to execute prior to storing the item in the backup. These are executed before any "additional items" from item actions are processed. - items: - description: BackupResourceHook defines a hook for a resource. - properties: - exec: - description: Exec defines an exec hook. - properties: - command: - description: Command is the command and arguments to execute. - items: - type: string - minItems: 1 - type: array - container: - description: Container is the container in the pod where the command should be executed. If not specified, the pod's first container is used. - type: string - onError: - description: OnError specifies how Velero should behave if it encounters an error executing this hook. - enum: - - Continue - - Fail - type: string - timeout: - description: Timeout defines the maximum amount of time Velero should wait for the hook to complete before considering the execution a failure. - type: string - required: - - command - type: object - required: - - exec - type: object - type: array - required: - - name - type: object - nullable: true - type: array - type: object - includeClusterResources: - description: IncludeClusterResources specifies whether cluster-scoped resources should be included for consideration in the backup. - nullable: true - type: boolean - includedNamespaces: - description: IncludedNamespaces is a slice of namespace names to include objects from. If empty, all namespaces are included. - items: - type: string - nullable: true - type: array - includedResources: - description: IncludedResources is a slice of resource names to include in the backup. If empty, all resources are included. - items: - type: string - nullable: true - type: array - labelSelector: - description: LabelSelector is a metav1.LabelSelector to filter with when adding individual objects to the backup. If empty or nil, all objects are included. Optional. - nullable: true - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - orderedResources: - additionalProperties: - type: string - description: OrderedResources specifies the backup order of resources of specific Kind. The map key is the Kind name and value is a list of resource names separeted by commas. Each resource name has format "namespace/resourcename". For cluster resources, simply use "resourcename". - nullable: true - type: object - snapshotVolumes: - description: SnapshotVolumes specifies whether to take cloud snapshots of any PV's referenced in the set of objects included in the Backup. - nullable: true - type: boolean - storageLocation: - description: StorageLocation is a string containing the name of a BackupStorageLocation where the backup should be stored. - type: string - ttl: - description: TTL is a time.Duration-parseable string describing how long the Backup should be retained for. - type: string - volumeSnapshotLocations: - description: VolumeSnapshotLocations is a list containing names of VolumeSnapshotLocations associated with this backup. - items: - type: string - type: array - type: object - status: - description: BackupStatus captures the current status of a Velero backup. - properties: - completionTimestamp: - description: CompletionTimestamp records the time a backup was completed. Completion time is recorded even on failed backups. Completion time is recorded before uploading the backup object. The server's time is used for CompletionTimestamps - format: date-time - nullable: true - type: string - errors: - description: Errors is a count of all error messages that were generated during execution of the backup. The actual errors are in the backup's log file in object storage. - type: integer - expiration: - description: Expiration is when this Backup is eligible for garbage-collection. - format: date-time - nullable: true - type: string - formatVersion: - description: FormatVersion is the backup format version, including major, minor, and patch version. - type: string - phase: - description: Phase is the current state of the Backup. - enum: - - New - - FailedValidation - - InProgress - - Completed - - PartiallyFailed - - Failed - - Deleting - type: string - progress: - description: Progress contains information about the backup's execution progress. Note that this information is best-effort only -- if Velero fails to update it during a backup for any reason, it may be inaccurate/stale. - nullable: true - properties: - itemsBackedUp: - description: ItemsBackedUp is the number of items that have actually been written to the backup tarball so far. - type: integer - totalItems: - description: TotalItems is the total number of items to be backed up. This number may change throughout the execution of the backup due to plugins that return additional related items to back up, the velero.io/exclude-from-backup label, and various other filters that happen as items are processed. - type: integer - type: object - startTimestamp: - description: StartTimestamp records the time a backup was started. Separate from CreationTimestamp, since that value changes on restores. The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - validationErrors: - description: ValidationErrors is a slice of all validation errors (if applicable). - items: - type: string - nullable: true - type: array - version: - description: 'Version is the backup format major version. Deprecated: Please see FormatVersion' - type: integer - volumeSnapshotsAttempted: - description: VolumeSnapshotsAttempted is the total number of attempted volume snapshots for this backup. - type: integer - volumeSnapshotsCompleted: - description: VolumeSnapshotsCompleted is the total number of successfully completed volume snapshots for this backup. - type: integer - warnings: - description: Warnings is a count of all warning messages that were generated during execution of the backup. The actual warnings are in the backup's log file in object storage. - type: integer - type: object - type: object - version: v1 - versions: - - name: v1 - served: true - storage: true -- apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null - labels: - component: kubeagent-backup-helper - name: backupstoragelocations.velero.io - spec: - additionalPrinterColumns: - - JSONPath: .status.phase - description: Backup Storage Location status such as Available/Unavailable - name: Phase - type: string - - JSONPath: .status.lastValidationTime - description: LastValidationTime is the last time the backup store location was validated - name: Last Validated - type: date - - JSONPath: .metadata.creationTimestamp - name: Age - type: date - group: velero.io - names: - kind: BackupStorageLocation - listKind: BackupStorageLocationList - plural: backupstoragelocations - shortNames: - - bsl - singular: backupstoragelocation - preserveUnknownFields: false - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: BackupStorageLocation is a location where Velero stores backup objects - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: BackupStorageLocationSpec defines the desired state of a Velero BackupStorageLocation - properties: - accessMode: - description: AccessMode defines the permissions for the backup storage location. - enum: - - ReadOnly - - ReadWrite - type: string - backupSyncPeriod: - description: BackupSyncPeriod defines how frequently to sync backup API objects from object storage. A value of 0 disables sync. - nullable: true - type: string - config: - additionalProperties: - type: string - description: Config is for provider-specific configuration fields. - type: object - objectStorage: - description: ObjectStorageLocation specifies the settings necessary to connect to a provider's object storage. - properties: - bucket: - description: Bucket is the bucket to use for object storage. - type: string - caCert: - description: CACert defines a CA bundle to use when verifying TLS connections to the provider. - format: byte - type: string - prefix: - description: Prefix is the path inside a bucket to use for Velero storage. Optional. - type: string - required: - - bucket - type: object - provider: - description: Provider is the provider of the backup storage. - type: string - validationFrequency: - description: ValidationFrequency defines how frequently to validate the corresponding object storage. A value of 0 disables validation. - nullable: true - type: string - required: - - objectStorage - - provider - type: object - status: - description: BackupStorageLocationStatus defines the observed state of BackupStorageLocation - properties: - accessMode: - description: "AccessMode is an unused field. \n Deprecated: there is now an AccessMode field on the Spec and this field will be removed entirely as of v2.0." - enum: - - ReadOnly - - ReadWrite - type: string - lastSyncedRevision: - description: "LastSyncedRevision is the value of the `metadata/revision` file in the backup storage location the last time the BSL's contents were synced into the cluster. \n Deprecated: this field is no longer updated or used for detecting changes to the location's contents and will be removed entirely in v2.0." - type: string - lastSyncedTime: - description: LastSyncedTime is the last time the contents of the location were synced into the cluster. - format: date-time - nullable: true - type: string - lastValidationTime: - description: LastValidationTime is the last time the backup store location was validated the cluster. - format: date-time - nullable: true - type: string - phase: - description: Phase is the current state of the BackupStorageLocation. - enum: - - Available - - Unavailable - type: string - type: object - type: object - version: v1 - versions: - - name: v1 - served: true - storage: true -- apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null - labels: - component: kubeagent-backup-helper - name: deletebackuprequests.velero.io - spec: - group: velero.io - names: - kind: DeleteBackupRequest - listKind: DeleteBackupRequestList - plural: deletebackuprequests - singular: deletebackuprequest - preserveUnknownFields: false - scope: Namespaced - validation: - openAPIV3Schema: - description: DeleteBackupRequest is a request to delete one or more backups. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: DeleteBackupRequestSpec is the specification for which backups to delete. - properties: - backupName: - type: string - required: - - backupName - type: object - status: - description: DeleteBackupRequestStatus is the current status of a DeleteBackupRequest. - properties: - errors: - description: Errors contains any errors that were encountered during the deletion process. - items: - type: string - nullable: true - type: array - phase: - description: Phase is the current state of the DeleteBackupRequest. - enum: - - New - - InProgress - - Processed - type: string - type: object - type: object - version: v1 - versions: - - name: v1 - served: true - storage: true -- apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null - labels: - component: kubeagent-backup-helper - name: downloadrequests.velero.io - spec: - group: velero.io - names: - kind: DownloadRequest - listKind: DownloadRequestList - plural: downloadrequests - singular: downloadrequest - preserveUnknownFields: false - scope: Namespaced - validation: - openAPIV3Schema: - description: DownloadRequest is a request to download an artifact from backup object storage, such as a backup log file. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: DownloadRequestSpec is the specification for a download request. - properties: - target: - description: Target is what to download (e.g. logs for a backup). - properties: - kind: - description: Kind is the type of file to download. - enum: - - BackupLog - - BackupContents - - BackupVolumeSnapshots - - BackupResourceList - - RestoreLog - - RestoreResults - type: string - name: - description: Name is the name of the kubernetes resource with which the file is associated. - type: string - required: - - kind - - name - type: object - required: - - target - type: object - status: - description: DownloadRequestStatus is the current status of a DownloadRequest. - properties: - downloadURL: - description: DownloadURL contains the pre-signed URL for the target file. - type: string - expiration: - description: Expiration is when this DownloadRequest expires and can be deleted by the system. - format: date-time - nullable: true - type: string - phase: - description: Phase is the current state of the DownloadRequest. - enum: - - New - - Processed - type: string - type: object - type: object - version: v1 - versions: - - name: v1 - served: true - storage: true -- apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null - labels: - component: kubeagent-backup-helper - name: podvolumebackups.velero.io - spec: - group: velero.io - names: - kind: PodVolumeBackup - listKind: PodVolumeBackupList - plural: podvolumebackups - singular: podvolumebackup - preserveUnknownFields: false - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: PodVolumeBackupSpec is the specification for a PodVolumeBackup. - properties: - backupStorageLocation: - description: BackupStorageLocation is the name of the backup storage location where the restic repository is stored. - type: string - node: - description: Node is the name of the node that the Pod is running on. - type: string - pod: - description: Pod is a reference to the pod containing the volume to be backed up. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - type: object - repoIdentifier: - description: RepoIdentifier is the restic repository identifier. - type: string - tags: - additionalProperties: - type: string - description: Tags are a map of key-value pairs that should be applied to the volume backup as tags. - type: object - volume: - description: Volume is the name of the volume within the Pod to be backed up. - type: string - required: - - backupStorageLocation - - node - - pod - - repoIdentifier - - volume - type: object - status: - description: PodVolumeBackupStatus is the current status of a PodVolumeBackup. - properties: - completionTimestamp: - description: CompletionTimestamp records the time a backup was completed. Completion time is recorded even on failed backups. Completion time is recorded before uploading the backup object. The server's time is used for CompletionTimestamps - format: date-time - nullable: true - type: string - message: - description: Message is a message about the pod volume backup's status. - type: string - path: - description: Path is the full path within the controller pod being backed up. - type: string - phase: - description: Phase is the current state of the PodVolumeBackup. - enum: - - New - - InProgress - - Completed - - Failed - type: string - progress: - description: Progress holds the total number of bytes of the volume and the current number of backed up bytes. This can be used to display progress information about the backup operation. - properties: - bytesDone: - format: int64 - type: integer - totalBytes: - format: int64 - type: integer - type: object - snapshotID: - description: SnapshotID is the identifier for the snapshot of the pod volume. - type: string - startTimestamp: - description: StartTimestamp records the time a backup was started. Separate from CreationTimestamp, since that value changes on restores. The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - type: object - type: object - version: v1 - versions: - - name: v1 - served: true - storage: true -- apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null - labels: - component: kubeagent-backup-helper - name: podvolumerestores.velero.io - spec: - group: velero.io - names: - kind: PodVolumeRestore - listKind: PodVolumeRestoreList - plural: podvolumerestores - singular: podvolumerestore - preserveUnknownFields: false - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: PodVolumeRestoreSpec is the specification for a PodVolumeRestore. - properties: - backupStorageLocation: - description: BackupStorageLocation is the name of the backup storage location where the restic repository is stored. - type: string - pod: - description: Pod is a reference to the pod containing the volume to be restored. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - type: object - repoIdentifier: - description: RepoIdentifier is the restic repository identifier. - type: string - snapshotID: - description: SnapshotID is the ID of the volume snapshot to be restored. - type: string - volume: - description: Volume is the name of the volume within the Pod to be restored. - type: string - required: - - backupStorageLocation - - pod - - repoIdentifier - - snapshotID - - volume - type: object - status: - description: PodVolumeRestoreStatus is the current status of a PodVolumeRestore. - properties: - completionTimestamp: - description: CompletionTimestamp records the time a restore was completed. Completion time is recorded even on failed restores. The server's time is used for CompletionTimestamps - format: date-time - nullable: true - type: string - message: - description: Message is a message about the pod volume restore's status. - type: string - phase: - description: Phase is the current state of the PodVolumeRestore. - enum: - - New - - InProgress - - Completed - - Failed - type: string - progress: - description: Progress holds the total number of bytes of the snapshot and the current number of restored bytes. This can be used to display progress information about the restore operation. - properties: - bytesDone: - format: int64 - type: integer - totalBytes: - format: int64 - type: integer - type: object - startTimestamp: - description: StartTimestamp records the time a restore was started. The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - type: object - type: object - version: v1 - versions: - - name: v1 - served: true - storage: true -- apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null - labels: - component: kubeagent-backup-helper - name: resticrepositories.velero.io - spec: - group: velero.io - names: - kind: ResticRepository - listKind: ResticRepositoryList - plural: resticrepositories - singular: resticrepository - preserveUnknownFields: false - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ResticRepositorySpec is the specification for a ResticRepository. - properties: - backupStorageLocation: - description: BackupStorageLocation is the name of the BackupStorageLocation that should contain this repository. - type: string - maintenanceFrequency: - description: MaintenanceFrequency is how often maintenance should be run. - type: string - resticIdentifier: - description: ResticIdentifier is the full restic-compatible string for identifying this repository. - type: string - volumeNamespace: - description: VolumeNamespace is the namespace this restic repository contains pod volume backups for. - type: string - required: - - backupStorageLocation - - maintenanceFrequency - - resticIdentifier - - volumeNamespace - type: object - status: - description: ResticRepositoryStatus is the current status of a ResticRepository. - properties: - lastMaintenanceTime: - description: LastMaintenanceTime is the last time maintenance was run. - format: date-time - nullable: true - type: string - message: - description: Message is a message about the current status of the ResticRepository. - type: string - phase: - description: Phase is the current state of the ResticRepository. - enum: - - New - - Ready - - NotReady - type: string - type: object - type: object - version: v1 - versions: - - name: v1 - served: true - storage: true -- apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null - labels: - component: kubeagent-backup-helper - name: restores.velero.io - spec: - group: velero.io - names: - kind: Restore - listKind: RestoreList - plural: restores - singular: restore - preserveUnknownFields: false - scope: Namespaced - validation: - openAPIV3Schema: - description: Restore is a Velero resource that represents the application of resources from a Velero backup to a target Kubernetes cluster. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: RestoreSpec defines the specification for a Velero restore. - properties: - backupName: - description: BackupName is the unique name of the Velero backup to restore from. - type: string - excludedNamespaces: - description: ExcludedNamespaces contains a list of namespaces that are not included in the restore. - items: - type: string - nullable: true - type: array - excludedResources: - description: ExcludedResources is a slice of resource names that are not included in the restore. - items: - type: string - nullable: true - type: array - hooks: - description: Hooks represent custom behaviors that should be executed during or post restore. - properties: - resources: - items: - description: RestoreResourceHookSpec defines one or more RestoreResrouceHooks that should be executed based on the rules defined for namespaces, resources, and label selector. - properties: - excludedNamespaces: - description: ExcludedNamespaces specifies the namespaces to which this hook spec does not apply. - items: - type: string - nullable: true - type: array - excludedResources: - description: ExcludedResources specifies the resources to which this hook spec does not apply. - items: - type: string - nullable: true - type: array - includedNamespaces: - description: IncludedNamespaces specifies the namespaces to which this hook spec applies. If empty, it applies to all namespaces. - items: - type: string - nullable: true - type: array - includedResources: - description: IncludedResources specifies the resources to which this hook spec applies. If empty, it applies to all resources. - items: - type: string - nullable: true - type: array - labelSelector: - description: LabelSelector, if specified, filters the resources to which this hook spec applies. - nullable: true - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - name: - description: Name is the name of this hook. - type: string - postHooks: - description: PostHooks is a list of RestoreResourceHooks to execute during and after restoring a resource. - items: - description: RestoreResourceHook defines a restore hook for a resource. - properties: - exec: - description: Exec defines an exec restore hook. - properties: - command: - description: Command is the command and arguments to execute from within a container after a pod has been restored. - items: - type: string - minItems: 1 - type: array - container: - description: Container is the container in the pod where the command should be executed. If not specified, the pod's first container is used. - type: string - execTimeout: - description: ExecTimeout defines the maximum amount of time Velero should wait for the hook to complete before considering the execution a failure. - type: string - onError: - description: OnError specifies how Velero should behave if it encounters an error executing this hook. - enum: - - Continue - - Fail - type: string - waitTimeout: - description: WaitTimeout defines the maximum amount of time Velero should wait for the container to be Ready before attempting to run the command. - type: string - required: - - command - type: object - init: - description: Init defines an init restore hook. - properties: - initContainers: - description: InitContainers is list of init containers to be added to a pod during its restore. - items: - description: A single application container that you want to run within a pod. - properties: - args: - description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - command: - description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - env: - description: List of environment variables to set in the container. Cannot be updated. - items: - description: EnvVar represents an environment variable present in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. - items: - description: EnvFromSource represents the source of a set of ConfigMaps - properties: - configMapRef: - description: The ConfigMap to select from - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - type: object - prefix: - description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - type: object - type: object - type: array - image: - description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - lifecycle: - description: Actions that the management system should take in response to container lifecycle events. Cannot be updated. - properties: - postStart: - description: 'PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - description: 'PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod''s termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod''s termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - name: - description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. - type: string - ports: - description: List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. - items: - description: ContainerPort represents a network port in a single container. - properties: - containerPort: - description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. - format: int32 - type: integer - hostIP: - description: What host IP to bind the external port to. - type: string - hostPort: - description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. - format: int32 - type: integer - name: - description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. - type: string - protocol: - description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". - type: string - required: - - containerPort - - protocol - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - resources: - description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - securityContext: - description: 'Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN' - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX capabilities type - type: string - type: array - drop: - description: Removed capabilities - items: - description: Capability represent POSIX capabilities type - type: string - type: array - type: object - privileged: - description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. - type: boolean - procMount: - description: procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default is false. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - properties: - level: - description: Level is SELinux level label that applies to the container. - type: string - role: - description: Role is a SELinux role label that applies to the container. - type: string - type: - description: Type is a SELinux type label that applies to the container. - type: string - user: - description: User is a SELinux user label that applies to the container. - type: string - type: object - windowsOptions: - description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA credential spec to use. - type: string - runAsUserName: - description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: string - type: object - type: object - startupProbe: - description: 'StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod''s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. This is a beta feature enabled by the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - stdin: - description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. - type: boolean - stdinOnce: - description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false - type: boolean - terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. - type: string - tty: - description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the list of block devices to be used by the container. - items: - description: volumeDevice describes a mapping of a raw block device within a container. - properties: - devicePath: - description: devicePath is the path inside of the container that the device will be mapped to. - type: string - name: - description: name must match the name of a persistentVolumeClaim in the pod - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - description: Pod volumes to mount into the container's filesystem. Cannot be updated. - items: - description: VolumeMount describes a mounting of a Volume within a container. - properties: - mountPath: - description: Path within the container at which the volume should be mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. - type: string - required: - - name - type: object - type: array - timeout: - description: Timeout defines the maximum amount of time Velero should wait for the initContainers to complete. - type: string - type: object - type: object - type: array - required: - - name - type: object - type: array - type: object - includeClusterResources: - description: IncludeClusterResources specifies whether cluster-scoped resources should be included for consideration in the restore. If null, defaults to true. - nullable: true - type: boolean - includedNamespaces: - description: IncludedNamespaces is a slice of namespace names to include objects from. If empty, all namespaces are included. - items: - type: string - nullable: true - type: array - includedResources: - description: IncludedResources is a slice of resource names to include in the restore. If empty, all resources in the backup are included. - items: - type: string - nullable: true - type: array - labelSelector: - description: LabelSelector is a metav1.LabelSelector to filter with when restoring individual objects from the backup. If empty or nil, all objects are included. Optional. - nullable: true - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - namespaceMapping: - additionalProperties: - type: string - description: NamespaceMapping is a map of source namespace names to target namespace names to restore into. Any source namespaces not included in the map will be restored into namespaces of the same name. - type: object - restorePVs: - description: RestorePVs specifies whether to restore all included PVs from snapshot (via the cloudprovider). - nullable: true - type: boolean - scheduleName: - description: ScheduleName is the unique name of the Velero schedule to restore from. If specified, and BackupName is empty, Velero will restore from the most recent successful backup created from this schedule. - type: string - required: - - backupName - type: object - status: - description: RestoreStatus captures the current status of a Velero restore - properties: - completionTimestamp: - description: CompletionTimestamp records the time the restore operation was completed. Completion time is recorded even on failed restore. The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - errors: - description: Errors is a count of all error messages that were generated during execution of the restore. The actual errors are stored in object storage. - type: integer - failureReason: - description: FailureReason is an error that caused the entire restore to fail. - type: string - phase: - description: Phase is the current state of the Restore - enum: - - New - - FailedValidation - - InProgress - - Completed - - PartiallyFailed - - Failed - type: string - startTimestamp: - description: StartTimestamp records the time the restore operation was started. The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - validationErrors: - description: ValidationErrors is a slice of all validation errors (if applicable) - items: - type: string - nullable: true - type: array - warnings: - description: Warnings is a count of all warning messages that were generated during execution of the restore. The actual warnings are stored in object storage. - type: integer - type: object - type: object - version: v1 - versions: - - name: v1 - served: true - storage: true -- apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null - labels: - component: kubeagent-backup-helper - name: schedules.velero.io - spec: - group: velero.io - names: - kind: Schedule - listKind: ScheduleList - plural: schedules - singular: schedule - preserveUnknownFields: false - scope: Namespaced - validation: - openAPIV3Schema: - description: Schedule is a Velero resource that represents a pre-scheduled or periodic Backup that should be run. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ScheduleSpec defines the specification for a Velero schedule - properties: - schedule: - description: Schedule is a Cron expression defining when to run the Backup. - type: string - template: - description: Template is the definition of the Backup to be run on the provided schedule - properties: - defaultVolumesToRestic: - description: DefaultVolumesToRestic specifies whether restic should be used to take a backup of all pod volumes by default. - type: boolean - excludedNamespaces: - description: ExcludedNamespaces contains a list of namespaces that are not included in the backup. - items: - type: string - nullable: true - type: array - excludedResources: - description: ExcludedResources is a slice of resource names that are not included in the backup. - items: - type: string - nullable: true - type: array - hooks: - description: Hooks represent custom behaviors that should be executed at different phases of the backup. - properties: - resources: - description: Resources are hooks that should be executed when backing up individual instances of a resource. - items: - description: BackupResourceHookSpec defines one or more BackupResourceHooks that should be executed based on the rules defined for namespaces, resources, and label selector. - properties: - excludedNamespaces: - description: ExcludedNamespaces specifies the namespaces to which this hook spec does not apply. - items: - type: string - nullable: true - type: array - excludedResources: - description: ExcludedResources specifies the resources to which this hook spec does not apply. - items: - type: string - nullable: true - type: array - includedNamespaces: - description: IncludedNamespaces specifies the namespaces to which this hook spec applies. If empty, it applies to all namespaces. - items: - type: string - nullable: true - type: array - includedResources: - description: IncludedResources specifies the resources to which this hook spec applies. If empty, it applies to all resources. - items: - type: string - nullable: true - type: array - labelSelector: - description: LabelSelector, if specified, filters the resources to which this hook spec applies. - nullable: true - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - name: - description: Name is the name of this hook. - type: string - post: - description: PostHooks is a list of BackupResourceHooks to execute after storing the item in the backup. These are executed after all "additional items" from item actions are processed. - items: - description: BackupResourceHook defines a hook for a resource. - properties: - exec: - description: Exec defines an exec hook. - properties: - command: - description: Command is the command and arguments to execute. - items: - type: string - minItems: 1 - type: array - container: - description: Container is the container in the pod where the command should be executed. If not specified, the pod's first container is used. - type: string - onError: - description: OnError specifies how Velero should behave if it encounters an error executing this hook. - enum: - - Continue - - Fail - type: string - timeout: - description: Timeout defines the maximum amount of time Velero should wait for the hook to complete before considering the execution a failure. - type: string - required: - - command - type: object - required: - - exec - type: object - type: array - pre: - description: PreHooks is a list of BackupResourceHooks to execute prior to storing the item in the backup. These are executed before any "additional items" from item actions are processed. - items: - description: BackupResourceHook defines a hook for a resource. - properties: - exec: - description: Exec defines an exec hook. - properties: - command: - description: Command is the command and arguments to execute. - items: - type: string - minItems: 1 - type: array - container: - description: Container is the container in the pod where the command should be executed. If not specified, the pod's first container is used. - type: string - onError: - description: OnError specifies how Velero should behave if it encounters an error executing this hook. - enum: - - Continue - - Fail - type: string - timeout: - description: Timeout defines the maximum amount of time Velero should wait for the hook to complete before considering the execution a failure. - type: string - required: - - command - type: object - required: - - exec - type: object - type: array - required: - - name - type: object - nullable: true - type: array - type: object - includeClusterResources: - description: IncludeClusterResources specifies whether cluster-scoped resources should be included for consideration in the backup. - nullable: true - type: boolean - includedNamespaces: - description: IncludedNamespaces is a slice of namespace names to include objects from. If empty, all namespaces are included. - items: - type: string - nullable: true - type: array - includedResources: - description: IncludedResources is a slice of resource names to include in the backup. If empty, all resources are included. - items: - type: string - nullable: true - type: array - labelSelector: - description: LabelSelector is a metav1.LabelSelector to filter with when adding individual objects to the backup. If empty or nil, all objects are included. Optional. - nullable: true - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - orderedResources: - additionalProperties: - type: string - description: OrderedResources specifies the backup order of resources of specific Kind. The map key is the Kind name and value is a list of resource names separeted by commas. Each resource name has format "namespace/resourcename". For cluster resources, simply use "resourcename". - nullable: true - type: object - snapshotVolumes: - description: SnapshotVolumes specifies whether to take cloud snapshots of any PV's referenced in the set of objects included in the Backup. - nullable: true - type: boolean - storageLocation: - description: StorageLocation is a string containing the name of a BackupStorageLocation where the backup should be stored. - type: string - ttl: - description: TTL is a time.Duration-parseable string describing how long the Backup should be retained for. - type: string - volumeSnapshotLocations: - description: VolumeSnapshotLocations is a list containing names of VolumeSnapshotLocations associated with this backup. - items: - type: string - type: array - type: object - required: - - schedule - - template - type: object - status: - description: ScheduleStatus captures the current state of a Velero schedule - properties: - lastBackup: - description: LastBackup is the last time a Backup was run for this Schedule schedule - format: date-time - nullable: true - type: string - phase: - description: Phase is the current phase of the Schedule - enum: - - New - - Enabled - - FailedValidation - type: string - validationErrors: - description: ValidationErrors is a slice of all validation errors (if applicable) - items: - type: string - type: array - type: object - type: object - version: v1 - versions: - - name: v1 - served: true - storage: true -- apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null - labels: - component: kubeagent-backup-helper - name: serverstatusrequests.velero.io - spec: - group: velero.io - names: - kind: ServerStatusRequest - listKind: ServerStatusRequestList - plural: serverstatusrequests - shortNames: - - ssr - singular: serverstatusrequest - preserveUnknownFields: false - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: ServerStatusRequest is a request to access current status information about the Velero server. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ServerStatusRequestSpec is the specification for a ServerStatusRequest. - type: object - status: - description: ServerStatusRequestStatus is the current status of a ServerStatusRequest. - properties: - phase: - description: Phase is the current lifecycle phase of the ServerStatusRequest. - enum: - - New - - Processed - type: string - plugins: - description: Plugins list information about the plugins running on the Velero server - items: - description: PluginInfo contains attributes of a Velero plugin - properties: - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - nullable: true - type: array - processedTimestamp: - description: ProcessedTimestamp is when the ServerStatusRequest was processed by the ServerStatusRequestController. - format: date-time - nullable: true - type: string - serverVersion: - description: ServerVersion is the Velero server version. - type: string - type: object - type: object - version: v1 - versions: - - name: v1 - served: true - storage: true -- apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null - labels: - component: kubeagent-backup-helper - name: volumesnapshotlocations.velero.io - spec: - group: velero.io - names: - kind: VolumeSnapshotLocation - listKind: VolumeSnapshotLocationList - plural: volumesnapshotlocations - singular: volumesnapshotlocation - preserveUnknownFields: false - scope: Namespaced - validation: - openAPIV3Schema: - description: VolumeSnapshotLocation is a location where Velero stores volume snapshots. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: VolumeSnapshotLocationSpec defines the specification for a Velero VolumeSnapshotLocation. - properties: - config: - additionalProperties: - type: string - description: Config is for provider-specific configuration fields. - type: object - provider: - description: Provider is the provider of the volume storage. - type: string - required: - - provider - type: object - status: - description: VolumeSnapshotLocationStatus describes the current status of a Velero VolumeSnapshotLocation. - properties: - phase: - description: VolumeSnapshotLocationPhase is the lifecyle phase of a Velero VolumeSnapshotLocation. - enum: - - Available - - Unavailable - type: string - type: object - type: object - version: v1 - versions: - - name: v1 - served: true - storage: true -- apiVersion: v1 - kind: ServiceAccount - metadata: - creationTimestamp: null - labels: - component: kubeagent-backup-helper - name: {{ .Release.Name }} - namespace: {{ .Values.namespace }} -- apiVersion: rbac.authorization.k8s.io/v1beta1 - kind: ClusterRoleBinding - metadata: - creationTimestamp: null - labels: - component: kubeagent-backup-helper - name: {{ .Release.Name }} - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-admin - subjects: - - kind: ServiceAccount - name: {{ .Release.Name }} - namespace: {{ .Values.namespace }} -kind: List ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - api-approved.kubernetes.io: "https://github.com/kubernetes-csi/external-snapshotter/pull/139" - creationTimestamp: null - name: volumesnapshotclasses.snapshot.storage.k8s.io -spec: - additionalPrinterColumns: - - JSONPath: .driver - name: Driver - type: string - - JSONPath: .deletionPolicy - description: Determines whether a VolumeSnapshotContent created through the VolumeSnapshotClass - should be deleted when its bound VolumeSnapshot is deleted. - name: DeletionPolicy - type: string - - JSONPath: .metadata.creationTimestamp - name: Age - type: date - group: snapshot.storage.k8s.io - names: - kind: VolumeSnapshotClass - listKind: VolumeSnapshotClassList - plural: volumesnapshotclasses - singular: volumesnapshotclass - preserveUnknownFields: false - scope: Cluster - subresources: {} - validation: - openAPIV3Schema: - description: VolumeSnapshotClass specifies parameters that a underlying storage - system uses when creating a volume snapshot. A specific VolumeSnapshotClass - is used by specifying its name in a VolumeSnapshot object. VolumeSnapshotClasses - are non-namespaced - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - deletionPolicy: - description: deletionPolicy determines whether a VolumeSnapshotContent created - through the VolumeSnapshotClass should be deleted when its bound VolumeSnapshot - is deleted. Supported values are "Retain" and "Delete". "Retain" means - that the VolumeSnapshotContent and its physical snapshot on underlying - storage system are kept. "Delete" means that the VolumeSnapshotContent - and its physical snapshot on underlying storage system are deleted. Required. - enum: - - Delete - - Retain - type: string - driver: - description: driver is the name of the storage driver that handles this - VolumeSnapshotClass. Required. - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - parameters: - additionalProperties: - type: string - description: parameters is a key-value map with storage driver specific - parameters for creating snapshots. These values are opaque to Kubernetes. - type: object - required: - - deletionPolicy - - driver - type: object - version: v1beta1 - versions: - - name: v1beta1 - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - api-approved.kubernetes.io: "https://github.com/kubernetes-csi/external-snapshotter/pull/139" - creationTimestamp: null - name: volumesnapshotcontents.snapshot.storage.k8s.io -spec: - additionalPrinterColumns: - - JSONPath: .status.readyToUse - description: Indicates if a snapshot is ready to be used to restore a volume. - name: ReadyToUse - type: boolean - - JSONPath: .status.restoreSize - description: Represents the complete size of the snapshot in bytes - name: RestoreSize - type: integer - - JSONPath: .spec.deletionPolicy - description: Determines whether this VolumeSnapshotContent and its physical snapshot - on the underlying storage system should be deleted when its bound VolumeSnapshot - is deleted. - name: DeletionPolicy - type: string - - JSONPath: .spec.driver - description: Name of the CSI driver used to create the physical snapshot on the - underlying storage system. - name: Driver - type: string - - JSONPath: .spec.volumeSnapshotClassName - description: Name of the VolumeSnapshotClass to which this snapshot belongs. - name: VolumeSnapshotClass - type: string - - JSONPath: .spec.volumeSnapshotRef.name - description: Name of the VolumeSnapshot object to which this VolumeSnapshotContent - object is bound. - name: VolumeSnapshot - type: string - - JSONPath: .metadata.creationTimestamp - name: Age - type: date - group: snapshot.storage.k8s.io - names: - kind: VolumeSnapshotContent - listKind: VolumeSnapshotContentList - plural: volumesnapshotcontents - singular: volumesnapshotcontent - preserveUnknownFields: false - scope: Cluster - subresources: - status: {} - validation: - openAPIV3Schema: - description: VolumeSnapshotContent represents the actual "on-disk" snapshot - object in the underlying storage system - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: spec defines properties of a VolumeSnapshotContent created - by the underlying storage system. Required. - properties: - deletionPolicy: - description: deletionPolicy determines whether this VolumeSnapshotContent - and its physical snapshot on the underlying storage system should - be deleted when its bound VolumeSnapshot is deleted. Supported values - are "Retain" and "Delete". "Retain" means that the VolumeSnapshotContent - and its physical snapshot on underlying storage system are kept. "Delete" - means that the VolumeSnapshotContent and its physical snapshot on - underlying storage system are deleted. In dynamic snapshot creation - case, this field will be filled in with the "DeletionPolicy" field - defined in the VolumeSnapshotClass the VolumeSnapshot refers to. For - pre-existing snapshots, users MUST specify this field when creating - the VolumeSnapshotContent object. Required. - enum: - - Delete - - Retain - type: string - driver: - description: driver is the name of the CSI driver used to create the - physical snapshot on the underlying storage system. This MUST be the - same as the name returned by the CSI GetPluginName() call for that - driver. Required. - type: string - source: - description: source specifies from where a snapshot will be created. - This field is immutable after creation. Required. - properties: - snapshotHandle: - description: snapshotHandle specifies the CSI "snapshot_id" of a - pre-existing snapshot on the underlying storage system. This field - is immutable. - type: string - volumeHandle: - description: volumeHandle specifies the CSI "volume_id" of the volume - from which a snapshot should be dynamically taken from. This field - is immutable. - type: string - type: object - volumeSnapshotClassName: - description: name of the VolumeSnapshotClass to which this snapshot - belongs. - type: string - volumeSnapshotRef: - description: volumeSnapshotRef specifies the VolumeSnapshot object to - which this VolumeSnapshotContent object is bound. VolumeSnapshot.Spec.VolumeSnapshotContentName - field must reference to this VolumeSnapshotContent's name for the - bidirectional binding to be valid. For a pre-existing VolumeSnapshotContent - object, name and namespace of the VolumeSnapshot object MUST be provided - for binding to happen. This field is immutable after creation. Required. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an - entire object, this string should contain a valid JSON/Go field - access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen only - to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change - in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is - made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - type: object - required: - - deletionPolicy - - driver - - source - - volumeSnapshotRef - type: object - status: - description: status represents the current information of a snapshot. - properties: - creationTime: - description: creationTime is the timestamp when the point-in-time snapshot - is taken by the underlying storage system. In dynamic snapshot creation - case, this field will be filled in with the "creation_time" value - returned from CSI "CreateSnapshotRequest" gRPC call. For a pre-existing - snapshot, this field will be filled with the "creation_time" value - returned from the CSI "ListSnapshots" gRPC call if the driver supports - it. If not specified, it indicates the creation time is unknown. The - format of this field is a Unix nanoseconds time encoded as an int64. - On Unix, the command `date +%s%N` returns the current time in nanoseconds - since 1970-01-01 00:00:00 UTC. - format: int64 - type: integer - error: - description: error is the latest observed error during snapshot creation, - if any. - properties: - message: - description: 'message is a string detailing the encountered error - during snapshot creation if specified. NOTE: message may be logged, - and it should not contain sensitive information.' - type: string - time: - description: time is the timestamp when the error was encountered. - format: date-time - type: string - type: object - readyToUse: - description: readyToUse indicates if a snapshot is ready to be used - to restore a volume. In dynamic snapshot creation case, this field - will be filled in with the "ready_to_use" value returned from CSI - "CreateSnapshotRequest" gRPC call. For a pre-existing snapshot, this - field will be filled with the "ready_to_use" value returned from the - CSI "ListSnapshots" gRPC call if the driver supports it, otherwise, - this field will be set to "True". If not specified, it means the readiness - of a snapshot is unknown. - type: boolean - restoreSize: - description: restoreSize represents the complete size of the snapshot - in bytes. In dynamic snapshot creation case, this field will be filled - in with the "size_bytes" value returned from CSI "CreateSnapshotRequest" - gRPC call. For a pre-existing snapshot, this field will be filled - with the "size_bytes" value returned from the CSI "ListSnapshots" - gRPC call if the driver supports it. When restoring a volume from - this snapshot, the size of the volume MUST NOT be smaller than the - restoreSize if it is specified, otherwise the restoration will fail. - If not specified, it indicates that the size is unknown. - format: int64 - minimum: 0 - type: integer - snapshotHandle: - description: snapshotHandle is the CSI "snapshot_id" of a snapshot on - the underlying storage system. If not specified, it indicates that - dynamic snapshot creation has either failed or it is still in progress. - type: string - type: object - required: - - spec - type: object - version: v1beta1 - versions: - - name: v1beta1 - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - api-approved.kubernetes.io: "https://github.com/kubernetes-csi/external-snapshotter/pull/139" - creationTimestamp: null - name: volumesnapshots.snapshot.storage.k8s.io -spec: - additionalPrinterColumns: - - JSONPath: .status.readyToUse - description: Indicates if a snapshot is ready to be used to restore a volume. - name: ReadyToUse - type: boolean - - JSONPath: .spec.source.persistentVolumeClaimName - description: Name of the source PVC from where a dynamically taken snapshot will - be created. - name: SourcePVC - type: string - - JSONPath: .spec.source.volumeSnapshotContentName - description: Name of the VolumeSnapshotContent which represents a pre-provisioned - snapshot. - name: SourceSnapshotContent - type: string - - JSONPath: .status.restoreSize - description: Represents the complete size of the snapshot. - name: RestoreSize - type: string - - JSONPath: .spec.volumeSnapshotClassName - description: The name of the VolumeSnapshotClass requested by the VolumeSnapshot. - name: SnapshotClass - type: string - - JSONPath: .status.boundVolumeSnapshotContentName - description: The name of the VolumeSnapshotContent to which this VolumeSnapshot - is bound. - name: SnapshotContent - type: string - - JSONPath: .status.creationTime - description: Timestamp when the point-in-time snapshot is taken by the underlying - storage system. - name: CreationTime - type: date - - JSONPath: .metadata.creationTimestamp - name: Age - type: date - group: snapshot.storage.k8s.io - names: - kind: VolumeSnapshot - listKind: VolumeSnapshotList - plural: volumesnapshots - singular: volumesnapshot - preserveUnknownFields: false - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: VolumeSnapshot is a user's request for either creating a point-in-time - snapshot of a persistent volume, or binding to a pre-existing snapshot. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: 'spec defines the desired characteristics of a snapshot requested - by a user. More info: https://kubernetes.io/docs/concepts/storage/volume-snapshots#volumesnapshots - Required.' - properties: - source: - description: source specifies where a snapshot will be created from. - This field is immutable after creation. Required. - properties: - persistentVolumeClaimName: - description: persistentVolumeClaimName specifies the name of the - PersistentVolumeClaim object in the same namespace as the VolumeSnapshot - object where the snapshot should be dynamically taken from. This - field is immutable. - type: string - volumeSnapshotContentName: - description: volumeSnapshotContentName specifies the name of a pre-existing - VolumeSnapshotContent object. This field is immutable. - type: string - type: object - volumeSnapshotClassName: - description: 'volumeSnapshotClassName is the name of the VolumeSnapshotClass - requested by the VolumeSnapshot. If not specified, the default snapshot - class will be used if one exists. If not specified, and there is no - default snapshot class, dynamic snapshot creation will fail. Empty - string is not allowed for this field. TODO(xiangqian): a webhook validation - on empty string. More info: https://kubernetes.io/docs/concepts/storage/volume-snapshot-classes' - type: string - required: - - source - type: object - status: - description: 'status represents the current information of a snapshot. NOTE: - status can be modified by sources other than system controllers, and must - not be depended upon for accuracy. Controllers should only use information - from the VolumeSnapshotContent object after verifying that the binding - is accurate and complete.' - properties: - boundVolumeSnapshotContentName: - description: 'boundVolumeSnapshotContentName represents the name of - the VolumeSnapshotContent object to which the VolumeSnapshot object - is bound. If not specified, it indicates that the VolumeSnapshot object - has not been successfully bound to a VolumeSnapshotContent object - yet. NOTE: Specified boundVolumeSnapshotContentName alone does not - mean binding is valid. Controllers MUST always verify bidirectional - binding between VolumeSnapshot and VolumeSnapshotContent to - avoid possible security issues.' - type: string - creationTime: - description: creationTime is the timestamp when the point-in-time snapshot - is taken by the underlying storage system. In dynamic snapshot creation - case, this field will be filled in with the "creation_time" value - returned from CSI "CreateSnapshotRequest" gRPC call. For a pre-existing - snapshot, this field will be filled with the "creation_time" value - returned from the CSI "ListSnapshots" gRPC call if the driver supports - it. If not specified, it indicates that the creation time of the snapshot - is unknown. - format: date-time - type: string - error: - description: error is the last observed error during snapshot creation, - if any. This field could be helpful to upper level controllers(i.e., - application controller) to decide whether they should continue on - waiting for the snapshot to be created based on the type of error - reported. - properties: - message: - description: 'message is a string detailing the encountered error - during snapshot creation if specified. NOTE: message may be logged, - and it should not contain sensitive information.' - type: string - time: - description: time is the timestamp when the error was encountered. - format: date-time - type: string - type: object - readyToUse: - description: readyToUse indicates if a snapshot is ready to be used - to restore a volume. In dynamic snapshot creation case, this field - will be filled in with the "ready_to_use" value returned from CSI - "CreateSnapshotRequest" gRPC call. For a pre-existing snapshot, this - field will be filled with the "ready_to_use" value returned from the - CSI "ListSnapshots" gRPC call if the driver supports it, otherwise, - this field will be set to "True". If not specified, it means the readiness - of a snapshot is unknown. - type: boolean - restoreSize: - type: string - description: restoreSize represents the complete size of the snapshot - in bytes. In dynamic snapshot creation case, this field will be filled - in with the "size_bytes" value returned from CSI "CreateSnapshotRequest" - gRPC call. For a pre-existing snapshot, this field will be filled - with the "size_bytes" value returned from the CSI "ListSnapshots" - gRPC call if the driver supports it. When restoring a volume from - this snapshot, the size of the volume MUST NOT be smaller than the - restoreSize if it is specified, otherwise the restoration will fail. - If not specified, it indicates that the size is unknown. - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - required: - - spec - type: object - version: v1beta1 - versions: - - name: v1beta1 - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: kubeagent - namespace: {{ .Values.namespace }} -spec: - selector: - matchLabels: - app: kubeagent - strategy: {} - replicas: 1 - template: - metadata: - labels: - app: kubeagent - annotations: - prometheus.io/path: /metrics - prometheus.io/port: "8085" - prometheus.io/scrape: "true" - spec: - containers: - - image: "{{ .Values.kagent_image.repository }}:{{ .Values.kagent_image.tag }}" - args: ["/usr/local/bin/kubeagent", "--server_addr", "agent.cloudcasa.io:443", "--tls", "true"] - name: kubeagent - resources: - requests: - memory: "{{ .Values.request_kubeagent_memory }}" - cpu: "{{ .Values.request_kubeagent_cpu }}" - limits: - memory: "{{ .Values.limit_kubeagent_memory }}" - cpu: "{{ .Values.limit_kubeagent_cpu }}" - env: - - name: AMDS_CLUSTER_ID - value: "{{ .Values.cluster_id }}" - volumeMounts: - - mountPath: /credentials - name: cloud-credentials - - mountPath: /plugins - name: plugins - - mountPath: /scratch - name: scratch - - image: "{{ .Values.velero_image.repository }}:{{ .Values.velero_image.tag }}" - imagePullPolicy: IfNotPresent - name: kubeagent-backup-helper - args: - - server - - --features=EnableCSI,EnableAPIGroupVersions - - --backup-sync-period=0s - - --store-validation-frequency=0s - # (24 hours * 365 days * 10 years) + (2 * 24 hours[for leap years]) = 87648 hours - - --default-backup-ttl=87648h0m0s - - --disable-controllers=backup-sync,schedule,gc,download-request,restic-repo,server-status-request - - --log-format=json - - --log-level=info - command: - - /velero - env: - - name: VELERO_SCRATCH_DIR - value: /scratch - - name: VELERO_NAMESPACE - value: {{ .Values.namespace }} - - name: LD_LIBRARY_PATH - value: /plugins - - name: AWS_SHARED_CREDENTIALS_FILE - value: /credentials/s3/cloud - ports: - - containerPort: 8085 - name: metrics - resources: - limits: - cpu: "{{ .Values.limit_velero_cpu }}" - memory: "{{ .Values.limit_velero_memory }}" - requests: - cpu: "{{ .Values.request_velero_cpu }}" - memory: "{{ .Values.request_velero_memory }}" - volumeMounts: - - mountPath: /plugins - name: plugins - - mountPath: /scratch - name: scratch - - mountPath: /credentials - name: cloud-credentials - initContainers: - - image: "{{ .Values.velero_aws_plugin_image.repository }}:{{ .Values.velero_aws_plugin_image.tag }}" - imagePullPolicy: IfNotPresent - name: velero-plugin-for-aws - resources: {} - volumeMounts: - - mountPath: /target - name: plugins - - image: "{{ .Values.velero_csi_plugin_image.repository }}:{{ .Values.velero_csi_plugin_image.tag }}" - imagePullPolicy: IfNotPresent - name: velero-plugin-for-csi - resources: {} - volumeMounts: - - mountPath: /target - name: plugins - restartPolicy: Always - serviceAccountName: {{ .Release.Name }} - volumes: - - emptyDir: {} - name: plugins - - emptyDir: {} - name: scratch - - emptyDir: {} - name: cloud-credentials diff --git a/charts/cloudcasa/cloudcasa/0.1.000/values.yaml b/charts/cloudcasa/cloudcasa/0.1.000/values.yaml deleted file mode 100755 index 8ce3850b6..000000000 --- a/charts/cloudcasa/cloudcasa/0.1.000/values.yaml +++ /dev/null @@ -1,92 +0,0 @@ -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry -## - -## Required namespace -namespace: cloudcasa-io - -## Velero csi plugin image -## ref: https://hub.docker.com/r/velero/velero-plugin-for-csi/tags/ -velero_csi_plugin_image: - registry: docker.io - repository: catalogicsoftware/velero-plugin-for-csi - tag: v0.1.2.1 - pullPolicy: IfNotPresent - debug: false -## - -## Velero aws plugin image -## ref: https://hub.docker.com/r/velero/velero-plugin-for-aws/tags/ -velero_aws_plugin_image: - registry: docker.io - repository: velero/velero-plugin-for-aws - tag: v1.1.0 - pullPolicy: IfNotPresent - debug: false -## - -## Velero image -## ref: https://hub.docker.com/r/velero/velero/tags -velero_image: - registry: docker.io - repository: velero/velero - tag: v1.5.3 - pullPolicy: IfNotPresent - debug: false -## - -## Cloudcasa kubeagent image -## ref: https://hub.docker.com/r/catalogicsoftware/amds-kagent/tags/ -kagent_image: - registry: docker.io - repository: catalogicsoftware/amds-kagent - tag: 0.1.0-rc.515 - pullPolicy: IfNotPresent - debug: false -## - -## Cloudcasa AMDS Cluster ID. To be provided by the user -cluster_id: "" - -## Resources to be used by velero and kubeagent pods -request_velero_memory: 128Mi -request_velero_cpu: 500m -limit_velero_memory: 512Mi -limit_velero_cpu: 1 -request_kubeagent_memory: 32Mi -request_kubeagent_cpu: 250m -limit_kubeagent_memory: 64Mi -limit_kubeagent_cpu: 500m - -## Placeholder configuration below this line ## -imagePullSecrets: [] -nameOverride: "" -fullnameOverride: "" - -serviceAccount: - create: true - annotations: {} - name: "" - -podAnnotations: {} - -podSecurityContext: {} - -securityContext: {} - -resources: {} - -autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 1 - targetCPUUtilizationPercentage: 80 - targetMemoryUtilizationPercentage: 80 - -nodeSelector: {} - -tolerations: [] - -affinity: {} -## diff --git a/charts/cloudcasa/cloudcasa/1.0.0/Chart.yaml b/charts/cloudcasa/cloudcasa/1.0.0/Chart.yaml deleted file mode 100644 index 0f492400c..000000000 --- a/charts/cloudcasa/cloudcasa/1.0.0/Chart.yaml +++ /dev/null @@ -1,20 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: CloudCasa - catalog.cattle.io/namespace: cloudcasa-io - catalog.cattle.io/release-name: cloudcasa -apiVersion: v2 -appVersion: 1.0.0 -description: CloudCasa backup service for Kubernetes and cloud native applications -home: https://cloudcasa.io -icon: https://partner-charts.rancher.io/assets/logos/cloudcasa.png -keywords: -- backup -- Catalogic -- CloudCasa -kubeVersion: '>=1.13.0-0' -maintainers: -- email: info@catalogicsoftware.com - name: catalogicsoftware -name: cloudcasa -version: 1.0.0 diff --git a/charts/cloudcasa/cloudcasa/1.0.0/README.md b/charts/cloudcasa/cloudcasa/1.0.0/README.md deleted file mode 100644 index f829ec17e..000000000 --- a/charts/cloudcasa/cloudcasa/1.0.0/README.md +++ /dev/null @@ -1,51 +0,0 @@ -# CloudCasa Kubernetes Agent - -[CloudCasa](https://cloudcasa.io) - A Smart Home in the Cloud for Kubernetes Backups - -# Introduction - -CloudCasa is a SaaS solution that provides class-leading data protection services for Kubernetes and cloud native applications. -Configuration is quick and easy, and basic service is free. - -This Helm chart installs and configures the CloudCasa agent on a Kubernetes cluster. -See the CloudCasa [Getting Started Guide](https://cloudcasa.io/get-started) for more information. - -## Prerequisites - -1. Kubernetes 1.17+ -2. Helm 3.0+ - -## Installation - -### Rancher Installation (Apps & Marketplace) - -1. Log in to https://home.cloudcasa.io and add your Kubernetes cluster under the Setup tab. Note the returned cluster ID. -2. Go to Apps & Marketplace in the Rancher UI. In the Deploy Chart section, check the Partners checkbox and click on the cloudcasa chart. -3. Provide a Name (e.g. CloudCasa) and optional description. -4. In the CloudCasa Configuration section, provide the Cluster ID obtained above. -5. Click on the Install button to complete installation of the agent. - -### Helm CLI Installation - -1. Log in to https://home.cloudcasa.io and add your Kubernetes cluster under the Setup tab. Note the returned cluster ID. -2. Execute the following helm commands, replacing `````` with the Cluster ID obtained above: -``` -$ helm repo add cloudcasa-repo https://catalogicsoftware.github.io/cloudcasa-helmchart -$ helm install cloudcasa.io cloudcasa-repo/cloudcasa-helmchart --set cluster_id= -``` -This will install the CloudCasa agent and complete registration of the cluster with the CloudCasa service. - -## Updating the CloudCasa Agent -1. Log in to https://home.cloudcasa.io and obtain the cluster ID for your cluster by selecting it under the Setup tab. -2. Execute the following commands to update the agent: -``` -$ helm repo update -$ helm upgrade cloudcasa.io cloudcasa-repo/cloudcasa-helmchart --set cluster_id= -``` - -## Uninstalling the CloudCasa Agent -``` -$ helm uninstall cloudcasa.io -``` - -*CloudCasa is a trademark of Catalogic Software Inc.* diff --git a/charts/cloudcasa/cloudcasa/1.0.0/app-readme.md b/charts/cloudcasa/cloudcasa/1.0.0/app-readme.md deleted file mode 100644 index bae0de627..000000000 --- a/charts/cloudcasa/cloudcasa/1.0.0/app-readme.md +++ /dev/null @@ -1,6 +0,0 @@ -# CloudCasa Kubernetes Agent - -### [CloudCasa](https://cloudcasa.io) - A Smart Home in the Cloud for Kubernetes Backups - -CloudCasa is a SaaS solution that provides class-leading data protection services for Kubernetes and cloud native applications. -Configuration is quick and easy, and basic service is free. See the CloudCasa [Getting Started Guide](https://cloudcasa.io/get-started) for more information. diff --git a/charts/cloudcasa/cloudcasa/1.0.0/questions.yaml b/charts/cloudcasa/cloudcasa/1.0.0/questions.yaml deleted file mode 100644 index d4443f94f..000000000 --- a/charts/cloudcasa/cloudcasa/1.0.0/questions.yaml +++ /dev/null @@ -1,13 +0,0 @@ -namespace: cloudcasa-io -labels: - io.rancher.certified: partner -categories: -- Application -questions: -- variable: cluster_id - default: "" - description: "CloudCasa Cluster ID" - type: string - required: true - label: CLUSTER ID - group: "CloudCasa Configuration" diff --git a/charts/cloudcasa/cloudcasa/1.0.0/templates/NOTES.txt b/charts/cloudcasa/cloudcasa/1.0.0/templates/NOTES.txt deleted file mode 100644 index e30a0df5a..000000000 --- a/charts/cloudcasa/cloudcasa/1.0.0/templates/NOTES.txt +++ /dev/null @@ -1,5 +0,0 @@ ---------Please be patient while the chart is being deployed-------- - -Tip: Watch the App deployment status using the command: kubectl get pods -n cloudcasa-io - -Monitor the Cloudcasa UI, the regsitered cluster state should be moved to Ready State. If the clutser state is still in Pendingstate, wrong ClusterID would have been provided. diff --git a/charts/cloudcasa/cloudcasa/1.0.0/templates/_helpers.tpl b/charts/cloudcasa/cloudcasa/1.0.0/templates/_helpers.tpl deleted file mode 100644 index 75bf8467f..000000000 --- a/charts/cloudcasa/cloudcasa/1.0.0/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "cloudcasa.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "cloudcasa.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "cloudcasa.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/cloudcasa/cloudcasa/1.0.0/templates/cluster-register.yaml b/charts/cloudcasa/cloudcasa/1.0.0/templates/cluster-register.yaml deleted file mode 100644 index 419d8ca2a..000000000 --- a/charts/cloudcasa/cloudcasa/1.0.0/templates/cluster-register.yaml +++ /dev/null @@ -1,2984 +0,0 @@ -# ----------------------------------------------------------------------- -# Steps to delete the agent deployment are: -# ----------------------------------------------------------------------- -# kubectl delete namespace/cloudcasa-io clusterrolebinding/cloudcasa-io -# kubectl delete crds -l component=kubeagent_backup_helper - -{{ if not (lookup "v1" "Namespace" .Values.namespace "cloudcasa-io") }} -apiVersion: v1 -kind: Namespace -metadata: - name: cloudcasa-io - annotations: - "helm.sh/resource-policy": keep -{{ end }} ---- -apiVersion: v1 -kind: List -items: -- apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null - labels: - component: kubeagent-backup-helper - name: backups.velero.io - spec: - group: velero.io - names: - kind: Backup - listKind: BackupList - plural: backups - singular: backup - preserveUnknownFields: false - scope: Namespaced - validation: - openAPIV3Schema: - description: Backup is a Velero resource that respresents the capture of Kubernetes cluster state at a point in time (API objects and associated volume state). - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: BackupSpec defines the specification for a Velero backup. - properties: - defaultVolumesToRestic: - description: DefaultVolumesToRestic specifies whether restic should be used to take a backup of all pod volumes by default. - type: boolean - excludedNamespaces: - description: ExcludedNamespaces contains a list of namespaces that are not included in the backup. - items: - type: string - nullable: true - type: array - excludedResources: - description: ExcludedResources is a slice of resource names that are not included in the backup. - items: - type: string - nullable: true - type: array - hooks: - description: Hooks represent custom behaviors that should be executed at different phases of the backup. - properties: - resources: - description: Resources are hooks that should be executed when backing up individual instances of a resource. - items: - description: BackupResourceHookSpec defines one or more BackupResourceHooks that should be executed based on the rules defined for namespaces, resources, and label selector. - properties: - excludedNamespaces: - description: ExcludedNamespaces specifies the namespaces to which this hook spec does not apply. - items: - type: string - nullable: true - type: array - excludedResources: - description: ExcludedResources specifies the resources to which this hook spec does not apply. - items: - type: string - nullable: true - type: array - includedNamespaces: - description: IncludedNamespaces specifies the namespaces to which this hook spec applies. If empty, it applies to all namespaces. - items: - type: string - nullable: true - type: array - includedResources: - description: IncludedResources specifies the resources to which this hook spec applies. If empty, it applies to all resources. - items: - type: string - nullable: true - type: array - labelSelector: - description: LabelSelector, if specified, filters the resources to which this hook spec applies. - nullable: true - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - name: - description: Name is the name of this hook. - type: string - post: - description: PostHooks is a list of BackupResourceHooks to execute after storing the item in the backup. These are executed after all "additional items" from item actions are processed. - items: - description: BackupResourceHook defines a hook for a resource. - properties: - exec: - description: Exec defines an exec hook. - properties: - command: - description: Command is the command and arguments to execute. - items: - type: string - minItems: 1 - type: array - container: - description: Container is the container in the pod where the command should be executed. If not specified, the pod's first container is used. - type: string - onError: - description: OnError specifies how Velero should behave if it encounters an error executing this hook. - enum: - - Continue - - Fail - type: string - timeout: - description: Timeout defines the maximum amount of time Velero should wait for the hook to complete before considering the execution a failure. - type: string - required: - - command - type: object - required: - - exec - type: object - type: array - pre: - description: PreHooks is a list of BackupResourceHooks to execute prior to storing the item in the backup. These are executed before any "additional items" from item actions are processed. - items: - description: BackupResourceHook defines a hook for a resource. - properties: - exec: - description: Exec defines an exec hook. - properties: - command: - description: Command is the command and arguments to execute. - items: - type: string - minItems: 1 - type: array - container: - description: Container is the container in the pod where the command should be executed. If not specified, the pod's first container is used. - type: string - onError: - description: OnError specifies how Velero should behave if it encounters an error executing this hook. - enum: - - Continue - - Fail - type: string - timeout: - description: Timeout defines the maximum amount of time Velero should wait for the hook to complete before considering the execution a failure. - type: string - required: - - command - type: object - required: - - exec - type: object - type: array - required: - - name - type: object - nullable: true - type: array - type: object - includeClusterResources: - description: IncludeClusterResources specifies whether cluster-scoped resources should be included for consideration in the backup. - nullable: true - type: boolean - includedNamespaces: - description: IncludedNamespaces is a slice of namespace names to include objects from. If empty, all namespaces are included. - items: - type: string - nullable: true - type: array - includedResources: - description: IncludedResources is a slice of resource names to include in the backup. If empty, all resources are included. - items: - type: string - nullable: true - type: array - labelSelector: - description: LabelSelector is a metav1.LabelSelector to filter with when adding individual objects to the backup. If empty or nil, all objects are included. Optional. - nullable: true - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - orderedResources: - additionalProperties: - type: string - description: OrderedResources specifies the backup order of resources of specific Kind. The map key is the Kind name and value is a list of resource names separeted by commas. Each resource name has format "namespace/resourcename". For cluster resources, simply use "resourcename". - nullable: true - type: object - snapshotVolumes: - description: SnapshotVolumes specifies whether to take cloud snapshots of any PV's referenced in the set of objects included in the Backup. - nullable: true - type: boolean - storageLocation: - description: StorageLocation is a string containing the name of a BackupStorageLocation where the backup should be stored. - type: string - ttl: - description: TTL is a time.Duration-parseable string describing how long the Backup should be retained for. - type: string - volumeSnapshotLocations: - description: VolumeSnapshotLocations is a list containing names of VolumeSnapshotLocations associated with this backup. - items: - type: string - type: array - type: object - status: - description: BackupStatus captures the current status of a Velero backup. - properties: - completionTimestamp: - description: CompletionTimestamp records the time a backup was completed. Completion time is recorded even on failed backups. Completion time is recorded before uploading the backup object. The server's time is used for CompletionTimestamps - format: date-time - nullable: true - type: string - errors: - description: Errors is a count of all error messages that were generated during execution of the backup. The actual errors are in the backup's log file in object storage. - type: integer - expiration: - description: Expiration is when this Backup is eligible for garbage-collection. - format: date-time - nullable: true - type: string - formatVersion: - description: FormatVersion is the backup format version, including major, minor, and patch version. - type: string - phase: - description: Phase is the current state of the Backup. - enum: - - New - - FailedValidation - - InProgress - - Completed - - PartiallyFailed - - Failed - - Deleting - type: string - progress: - description: Progress contains information about the backup's execution progress. Note that this information is best-effort only -- if Velero fails to update it during a backup for any reason, it may be inaccurate/stale. - nullable: true - properties: - itemsBackedUp: - description: ItemsBackedUp is the number of items that have actually been written to the backup tarball so far. - type: integer - totalItems: - description: TotalItems is the total number of items to be backed up. This number may change throughout the execution of the backup due to plugins that return additional related items to back up, the velero.io/exclude-from-backup label, and various other filters that happen as items are processed. - type: integer - type: object - startTimestamp: - description: StartTimestamp records the time a backup was started. Separate from CreationTimestamp, since that value changes on restores. The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - validationErrors: - description: ValidationErrors is a slice of all validation errors (if applicable). - items: - type: string - nullable: true - type: array - version: - description: 'Version is the backup format major version. Deprecated: Please see FormatVersion' - type: integer - volumeSnapshotsAttempted: - description: VolumeSnapshotsAttempted is the total number of attempted volume snapshots for this backup. - type: integer - volumeSnapshotsCompleted: - description: VolumeSnapshotsCompleted is the total number of successfully completed volume snapshots for this backup. - type: integer - warnings: - description: Warnings is a count of all warning messages that were generated during execution of the backup. The actual warnings are in the backup's log file in object storage. - type: integer - type: object - type: object - version: v1 - versions: - - name: v1 - served: true - storage: true -- apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null - labels: - component: kubeagent-backup-helper - name: backupstoragelocations.velero.io - spec: - additionalPrinterColumns: - - JSONPath: .status.phase - description: Backup Storage Location status such as Available/Unavailable - name: Phase - type: string - - JSONPath: .status.lastValidationTime - description: LastValidationTime is the last time the backup store location was validated - name: Last Validated - type: date - - JSONPath: .metadata.creationTimestamp - name: Age - type: date - group: velero.io - names: - kind: BackupStorageLocation - listKind: BackupStorageLocationList - plural: backupstoragelocations - shortNames: - - bsl - singular: backupstoragelocation - preserveUnknownFields: false - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: BackupStorageLocation is a location where Velero stores backup objects - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: BackupStorageLocationSpec defines the desired state of a Velero BackupStorageLocation - properties: - accessMode: - description: AccessMode defines the permissions for the backup storage location. - enum: - - ReadOnly - - ReadWrite - type: string - backupSyncPeriod: - description: BackupSyncPeriod defines how frequently to sync backup API objects from object storage. A value of 0 disables sync. - nullable: true - type: string - config: - additionalProperties: - type: string - description: Config is for provider-specific configuration fields. - type: object - objectStorage: - description: ObjectStorageLocation specifies the settings necessary to connect to a provider's object storage. - properties: - bucket: - description: Bucket is the bucket to use for object storage. - type: string - caCert: - description: CACert defines a CA bundle to use when verifying TLS connections to the provider. - format: byte - type: string - prefix: - description: Prefix is the path inside a bucket to use for Velero storage. Optional. - type: string - required: - - bucket - type: object - provider: - description: Provider is the provider of the backup storage. - type: string - validationFrequency: - description: ValidationFrequency defines how frequently to validate the corresponding object storage. A value of 0 disables validation. - nullable: true - type: string - required: - - objectStorage - - provider - type: object - status: - description: BackupStorageLocationStatus defines the observed state of BackupStorageLocation - properties: - accessMode: - description: "AccessMode is an unused field. \n Deprecated: there is now an AccessMode field on the Spec and this field will be removed entirely as of v2.0." - enum: - - ReadOnly - - ReadWrite - type: string - lastSyncedRevision: - description: "LastSyncedRevision is the value of the `metadata/revision` file in the backup storage location the last time the BSL's contents were synced into the cluster. \n Deprecated: this field is no longer updated or used for detecting changes to the location's contents and will be removed entirely in v2.0." - type: string - lastSyncedTime: - description: LastSyncedTime is the last time the contents of the location were synced into the cluster. - format: date-time - nullable: true - type: string - lastValidationTime: - description: LastValidationTime is the last time the backup store location was validated the cluster. - format: date-time - nullable: true - type: string - phase: - description: Phase is the current state of the BackupStorageLocation. - enum: - - Available - - Unavailable - type: string - type: object - type: object - version: v1 - versions: - - name: v1 - served: true - storage: true -- apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null - labels: - component: kubeagent-backup-helper - name: deletebackuprequests.velero.io - spec: - group: velero.io - names: - kind: DeleteBackupRequest - listKind: DeleteBackupRequestList - plural: deletebackuprequests - singular: deletebackuprequest - preserveUnknownFields: false - scope: Namespaced - validation: - openAPIV3Schema: - description: DeleteBackupRequest is a request to delete one or more backups. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: DeleteBackupRequestSpec is the specification for which backups to delete. - properties: - backupName: - type: string - required: - - backupName - type: object - status: - description: DeleteBackupRequestStatus is the current status of a DeleteBackupRequest. - properties: - errors: - description: Errors contains any errors that were encountered during the deletion process. - items: - type: string - nullable: true - type: array - phase: - description: Phase is the current state of the DeleteBackupRequest. - enum: - - New - - InProgress - - Processed - type: string - type: object - type: object - version: v1 - versions: - - name: v1 - served: true - storage: true -- apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null - labels: - component: kubeagent-backup-helper - name: downloadrequests.velero.io - spec: - group: velero.io - names: - kind: DownloadRequest - listKind: DownloadRequestList - plural: downloadrequests - singular: downloadrequest - preserveUnknownFields: false - scope: Namespaced - validation: - openAPIV3Schema: - description: DownloadRequest is a request to download an artifact from backup object storage, such as a backup log file. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: DownloadRequestSpec is the specification for a download request. - properties: - target: - description: Target is what to download (e.g. logs for a backup). - properties: - kind: - description: Kind is the type of file to download. - enum: - - BackupLog - - BackupContents - - BackupVolumeSnapshots - - BackupResourceList - - RestoreLog - - RestoreResults - type: string - name: - description: Name is the name of the kubernetes resource with which the file is associated. - type: string - required: - - kind - - name - type: object - required: - - target - type: object - status: - description: DownloadRequestStatus is the current status of a DownloadRequest. - properties: - downloadURL: - description: DownloadURL contains the pre-signed URL for the target file. - type: string - expiration: - description: Expiration is when this DownloadRequest expires and can be deleted by the system. - format: date-time - nullable: true - type: string - phase: - description: Phase is the current state of the DownloadRequest. - enum: - - New - - Processed - type: string - type: object - type: object - version: v1 - versions: - - name: v1 - served: true - storage: true -- apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null - labels: - component: kubeagent-backup-helper - name: podvolumebackups.velero.io - spec: - group: velero.io - names: - kind: PodVolumeBackup - listKind: PodVolumeBackupList - plural: podvolumebackups - singular: podvolumebackup - preserveUnknownFields: false - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: PodVolumeBackupSpec is the specification for a PodVolumeBackup. - properties: - backupStorageLocation: - description: BackupStorageLocation is the name of the backup storage location where the restic repository is stored. - type: string - node: - description: Node is the name of the node that the Pod is running on. - type: string - pod: - description: Pod is a reference to the pod containing the volume to be backed up. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - type: object - repoIdentifier: - description: RepoIdentifier is the restic repository identifier. - type: string - tags: - additionalProperties: - type: string - description: Tags are a map of key-value pairs that should be applied to the volume backup as tags. - type: object - volume: - description: Volume is the name of the volume within the Pod to be backed up. - type: string - required: - - backupStorageLocation - - node - - pod - - repoIdentifier - - volume - type: object - status: - description: PodVolumeBackupStatus is the current status of a PodVolumeBackup. - properties: - completionTimestamp: - description: CompletionTimestamp records the time a backup was completed. Completion time is recorded even on failed backups. Completion time is recorded before uploading the backup object. The server's time is used for CompletionTimestamps - format: date-time - nullable: true - type: string - message: - description: Message is a message about the pod volume backup's status. - type: string - path: - description: Path is the full path within the controller pod being backed up. - type: string - phase: - description: Phase is the current state of the PodVolumeBackup. - enum: - - New - - InProgress - - Completed - - Failed - type: string - progress: - description: Progress holds the total number of bytes of the volume and the current number of backed up bytes. This can be used to display progress information about the backup operation. - properties: - bytesDone: - format: int64 - type: integer - totalBytes: - format: int64 - type: integer - type: object - snapshotID: - description: SnapshotID is the identifier for the snapshot of the pod volume. - type: string - startTimestamp: - description: StartTimestamp records the time a backup was started. Separate from CreationTimestamp, since that value changes on restores. The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - type: object - type: object - version: v1 - versions: - - name: v1 - served: true - storage: true -- apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null - labels: - component: kubeagent-backup-helper - name: podvolumerestores.velero.io - spec: - group: velero.io - names: - kind: PodVolumeRestore - listKind: PodVolumeRestoreList - plural: podvolumerestores - singular: podvolumerestore - preserveUnknownFields: false - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: PodVolumeRestoreSpec is the specification for a PodVolumeRestore. - properties: - backupStorageLocation: - description: BackupStorageLocation is the name of the backup storage location where the restic repository is stored. - type: string - pod: - description: Pod is a reference to the pod containing the volume to be restored. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - type: object - repoIdentifier: - description: RepoIdentifier is the restic repository identifier. - type: string - snapshotID: - description: SnapshotID is the ID of the volume snapshot to be restored. - type: string - volume: - description: Volume is the name of the volume within the Pod to be restored. - type: string - required: - - backupStorageLocation - - pod - - repoIdentifier - - snapshotID - - volume - type: object - status: - description: PodVolumeRestoreStatus is the current status of a PodVolumeRestore. - properties: - completionTimestamp: - description: CompletionTimestamp records the time a restore was completed. Completion time is recorded even on failed restores. The server's time is used for CompletionTimestamps - format: date-time - nullable: true - type: string - message: - description: Message is a message about the pod volume restore's status. - type: string - phase: - description: Phase is the current state of the PodVolumeRestore. - enum: - - New - - InProgress - - Completed - - Failed - type: string - progress: - description: Progress holds the total number of bytes of the snapshot and the current number of restored bytes. This can be used to display progress information about the restore operation. - properties: - bytesDone: - format: int64 - type: integer - totalBytes: - format: int64 - type: integer - type: object - startTimestamp: - description: StartTimestamp records the time a restore was started. The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - type: object - type: object - version: v1 - versions: - - name: v1 - served: true - storage: true -- apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null - labels: - component: kubeagent-backup-helper - name: resticrepositories.velero.io - spec: - group: velero.io - names: - kind: ResticRepository - listKind: ResticRepositoryList - plural: resticrepositories - singular: resticrepository - preserveUnknownFields: false - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ResticRepositorySpec is the specification for a ResticRepository. - properties: - backupStorageLocation: - description: BackupStorageLocation is the name of the BackupStorageLocation that should contain this repository. - type: string - maintenanceFrequency: - description: MaintenanceFrequency is how often maintenance should be run. - type: string - resticIdentifier: - description: ResticIdentifier is the full restic-compatible string for identifying this repository. - type: string - volumeNamespace: - description: VolumeNamespace is the namespace this restic repository contains pod volume backups for. - type: string - required: - - backupStorageLocation - - maintenanceFrequency - - resticIdentifier - - volumeNamespace - type: object - status: - description: ResticRepositoryStatus is the current status of a ResticRepository. - properties: - lastMaintenanceTime: - description: LastMaintenanceTime is the last time maintenance was run. - format: date-time - nullable: true - type: string - message: - description: Message is a message about the current status of the ResticRepository. - type: string - phase: - description: Phase is the current state of the ResticRepository. - enum: - - New - - Ready - - NotReady - type: string - type: object - type: object - version: v1 - versions: - - name: v1 - served: true - storage: true -- apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null - labels: - component: kubeagent-backup-helper - name: restores.velero.io - spec: - group: velero.io - names: - kind: Restore - listKind: RestoreList - plural: restores - singular: restore - preserveUnknownFields: false - scope: Namespaced - validation: - openAPIV3Schema: - description: Restore is a Velero resource that represents the application of resources from a Velero backup to a target Kubernetes cluster. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: RestoreSpec defines the specification for a Velero restore. - properties: - backupName: - description: BackupName is the unique name of the Velero backup to restore from. - type: string - excludedNamespaces: - description: ExcludedNamespaces contains a list of namespaces that are not included in the restore. - items: - type: string - nullable: true - type: array - excludedResources: - description: ExcludedResources is a slice of resource names that are not included in the restore. - items: - type: string - nullable: true - type: array - hooks: - description: Hooks represent custom behaviors that should be executed during or post restore. - properties: - resources: - items: - description: RestoreResourceHookSpec defines one or more RestoreResrouceHooks that should be executed based on the rules defined for namespaces, resources, and label selector. - properties: - excludedNamespaces: - description: ExcludedNamespaces specifies the namespaces to which this hook spec does not apply. - items: - type: string - nullable: true - type: array - excludedResources: - description: ExcludedResources specifies the resources to which this hook spec does not apply. - items: - type: string - nullable: true - type: array - includedNamespaces: - description: IncludedNamespaces specifies the namespaces to which this hook spec applies. If empty, it applies to all namespaces. - items: - type: string - nullable: true - type: array - includedResources: - description: IncludedResources specifies the resources to which this hook spec applies. If empty, it applies to all resources. - items: - type: string - nullable: true - type: array - labelSelector: - description: LabelSelector, if specified, filters the resources to which this hook spec applies. - nullable: true - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - name: - description: Name is the name of this hook. - type: string - postHooks: - description: PostHooks is a list of RestoreResourceHooks to execute during and after restoring a resource. - items: - description: RestoreResourceHook defines a restore hook for a resource. - properties: - exec: - description: Exec defines an exec restore hook. - properties: - command: - description: Command is the command and arguments to execute from within a container after a pod has been restored. - items: - type: string - minItems: 1 - type: array - container: - description: Container is the container in the pod where the command should be executed. If not specified, the pod's first container is used. - type: string - execTimeout: - description: ExecTimeout defines the maximum amount of time Velero should wait for the hook to complete before considering the execution a failure. - type: string - onError: - description: OnError specifies how Velero should behave if it encounters an error executing this hook. - enum: - - Continue - - Fail - type: string - waitTimeout: - description: WaitTimeout defines the maximum amount of time Velero should wait for the container to be Ready before attempting to run the command. - type: string - required: - - command - type: object - init: - description: Init defines an init restore hook. - properties: - initContainers: - description: InitContainers is list of init containers to be added to a pod during its restore. - items: - description: A single application container that you want to run within a pod. - properties: - args: - description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - command: - description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - env: - description: List of environment variables to set in the container. Cannot be updated. - items: - description: EnvVar represents an environment variable present in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. - items: - description: EnvFromSource represents the source of a set of ConfigMaps - properties: - configMapRef: - description: The ConfigMap to select from - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - type: object - prefix: - description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - type: object - type: object - type: array - image: - description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - lifecycle: - description: Actions that the management system should take in response to container lifecycle events. Cannot be updated. - properties: - postStart: - description: 'PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - description: 'PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod''s termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod''s termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - name: - description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. - type: string - ports: - description: List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. - items: - description: ContainerPort represents a network port in a single container. - properties: - containerPort: - description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. - format: int32 - type: integer - hostIP: - description: What host IP to bind the external port to. - type: string - hostPort: - description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. - format: int32 - type: integer - name: - description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. - type: string - protocol: - description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". - type: string - required: - - containerPort - - protocol - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - resources: - description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - securityContext: - description: 'Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN' - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX capabilities type - type: string - type: array - drop: - description: Removed capabilities - items: - description: Capability represent POSIX capabilities type - type: string - type: array - type: object - privileged: - description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. - type: boolean - procMount: - description: procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default is false. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - properties: - level: - description: Level is SELinux level label that applies to the container. - type: string - role: - description: Role is a SELinux role label that applies to the container. - type: string - type: - description: Type is a SELinux type label that applies to the container. - type: string - user: - description: User is a SELinux user label that applies to the container. - type: string - type: object - windowsOptions: - description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA credential spec to use. - type: string - runAsUserName: - description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: string - type: object - type: object - startupProbe: - description: 'StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod''s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. This is a beta feature enabled by the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - stdin: - description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. - type: boolean - stdinOnce: - description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false - type: boolean - terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. - type: string - tty: - description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the list of block devices to be used by the container. - items: - description: volumeDevice describes a mapping of a raw block device within a container. - properties: - devicePath: - description: devicePath is the path inside of the container that the device will be mapped to. - type: string - name: - description: name must match the name of a persistentVolumeClaim in the pod - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - description: Pod volumes to mount into the container's filesystem. Cannot be updated. - items: - description: VolumeMount describes a mounting of a Volume within a container. - properties: - mountPath: - description: Path within the container at which the volume should be mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. - type: string - required: - - name - type: object - type: array - timeout: - description: Timeout defines the maximum amount of time Velero should wait for the initContainers to complete. - type: string - type: object - type: object - type: array - required: - - name - type: object - type: array - type: object - includeClusterResources: - description: IncludeClusterResources specifies whether cluster-scoped resources should be included for consideration in the restore. If null, defaults to true. - nullable: true - type: boolean - includedNamespaces: - description: IncludedNamespaces is a slice of namespace names to include objects from. If empty, all namespaces are included. - items: - type: string - nullable: true - type: array - includedResources: - description: IncludedResources is a slice of resource names to include in the restore. If empty, all resources in the backup are included. - items: - type: string - nullable: true - type: array - labelSelector: - description: LabelSelector is a metav1.LabelSelector to filter with when restoring individual objects from the backup. If empty or nil, all objects are included. Optional. - nullable: true - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - namespaceMapping: - additionalProperties: - type: string - description: NamespaceMapping is a map of source namespace names to target namespace names to restore into. Any source namespaces not included in the map will be restored into namespaces of the same name. - type: object - restorePVs: - description: RestorePVs specifies whether to restore all included PVs from snapshot (via the cloudprovider). - nullable: true - type: boolean - scheduleName: - description: ScheduleName is the unique name of the Velero schedule to restore from. If specified, and BackupName is empty, Velero will restore from the most recent successful backup created from this schedule. - type: string - required: - - backupName - type: object - status: - description: RestoreStatus captures the current status of a Velero restore - properties: - completionTimestamp: - description: CompletionTimestamp records the time the restore operation was completed. Completion time is recorded even on failed restore. The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - errors: - description: Errors is a count of all error messages that were generated during execution of the restore. The actual errors are stored in object storage. - type: integer - failureReason: - description: FailureReason is an error that caused the entire restore to fail. - type: string - phase: - description: Phase is the current state of the Restore - enum: - - New - - FailedValidation - - InProgress - - Completed - - PartiallyFailed - - Failed - type: string - startTimestamp: - description: StartTimestamp records the time the restore operation was started. The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - validationErrors: - description: ValidationErrors is a slice of all validation errors (if applicable) - items: - type: string - nullable: true - type: array - warnings: - description: Warnings is a count of all warning messages that were generated during execution of the restore. The actual warnings are stored in object storage. - type: integer - type: object - type: object - version: v1 - versions: - - name: v1 - served: true - storage: true -- apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null - labels: - component: kubeagent-backup-helper - name: schedules.velero.io - spec: - group: velero.io - names: - kind: Schedule - listKind: ScheduleList - plural: schedules - singular: schedule - preserveUnknownFields: false - scope: Namespaced - validation: - openAPIV3Schema: - description: Schedule is a Velero resource that represents a pre-scheduled or periodic Backup that should be run. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ScheduleSpec defines the specification for a Velero schedule - properties: - schedule: - description: Schedule is a Cron expression defining when to run the Backup. - type: string - template: - description: Template is the definition of the Backup to be run on the provided schedule - properties: - defaultVolumesToRestic: - description: DefaultVolumesToRestic specifies whether restic should be used to take a backup of all pod volumes by default. - type: boolean - excludedNamespaces: - description: ExcludedNamespaces contains a list of namespaces that are not included in the backup. - items: - type: string - nullable: true - type: array - excludedResources: - description: ExcludedResources is a slice of resource names that are not included in the backup. - items: - type: string - nullable: true - type: array - hooks: - description: Hooks represent custom behaviors that should be executed at different phases of the backup. - properties: - resources: - description: Resources are hooks that should be executed when backing up individual instances of a resource. - items: - description: BackupResourceHookSpec defines one or more BackupResourceHooks that should be executed based on the rules defined for namespaces, resources, and label selector. - properties: - excludedNamespaces: - description: ExcludedNamespaces specifies the namespaces to which this hook spec does not apply. - items: - type: string - nullable: true - type: array - excludedResources: - description: ExcludedResources specifies the resources to which this hook spec does not apply. - items: - type: string - nullable: true - type: array - includedNamespaces: - description: IncludedNamespaces specifies the namespaces to which this hook spec applies. If empty, it applies to all namespaces. - items: - type: string - nullable: true - type: array - includedResources: - description: IncludedResources specifies the resources to which this hook spec applies. If empty, it applies to all resources. - items: - type: string - nullable: true - type: array - labelSelector: - description: LabelSelector, if specified, filters the resources to which this hook spec applies. - nullable: true - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - name: - description: Name is the name of this hook. - type: string - post: - description: PostHooks is a list of BackupResourceHooks to execute after storing the item in the backup. These are executed after all "additional items" from item actions are processed. - items: - description: BackupResourceHook defines a hook for a resource. - properties: - exec: - description: Exec defines an exec hook. - properties: - command: - description: Command is the command and arguments to execute. - items: - type: string - minItems: 1 - type: array - container: - description: Container is the container in the pod where the command should be executed. If not specified, the pod's first container is used. - type: string - onError: - description: OnError specifies how Velero should behave if it encounters an error executing this hook. - enum: - - Continue - - Fail - type: string - timeout: - description: Timeout defines the maximum amount of time Velero should wait for the hook to complete before considering the execution a failure. - type: string - required: - - command - type: object - required: - - exec - type: object - type: array - pre: - description: PreHooks is a list of BackupResourceHooks to execute prior to storing the item in the backup. These are executed before any "additional items" from item actions are processed. - items: - description: BackupResourceHook defines a hook for a resource. - properties: - exec: - description: Exec defines an exec hook. - properties: - command: - description: Command is the command and arguments to execute. - items: - type: string - minItems: 1 - type: array - container: - description: Container is the container in the pod where the command should be executed. If not specified, the pod's first container is used. - type: string - onError: - description: OnError specifies how Velero should behave if it encounters an error executing this hook. - enum: - - Continue - - Fail - type: string - timeout: - description: Timeout defines the maximum amount of time Velero should wait for the hook to complete before considering the execution a failure. - type: string - required: - - command - type: object - required: - - exec - type: object - type: array - required: - - name - type: object - nullable: true - type: array - type: object - includeClusterResources: - description: IncludeClusterResources specifies whether cluster-scoped resources should be included for consideration in the backup. - nullable: true - type: boolean - includedNamespaces: - description: IncludedNamespaces is a slice of namespace names to include objects from. If empty, all namespaces are included. - items: - type: string - nullable: true - type: array - includedResources: - description: IncludedResources is a slice of resource names to include in the backup. If empty, all resources are included. - items: - type: string - nullable: true - type: array - labelSelector: - description: LabelSelector is a metav1.LabelSelector to filter with when adding individual objects to the backup. If empty or nil, all objects are included. Optional. - nullable: true - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - orderedResources: - additionalProperties: - type: string - description: OrderedResources specifies the backup order of resources of specific Kind. The map key is the Kind name and value is a list of resource names separeted by commas. Each resource name has format "namespace/resourcename". For cluster resources, simply use "resourcename". - nullable: true - type: object - snapshotVolumes: - description: SnapshotVolumes specifies whether to take cloud snapshots of any PV's referenced in the set of objects included in the Backup. - nullable: true - type: boolean - storageLocation: - description: StorageLocation is a string containing the name of a BackupStorageLocation where the backup should be stored. - type: string - ttl: - description: TTL is a time.Duration-parseable string describing how long the Backup should be retained for. - type: string - volumeSnapshotLocations: - description: VolumeSnapshotLocations is a list containing names of VolumeSnapshotLocations associated with this backup. - items: - type: string - type: array - type: object - required: - - schedule - - template - type: object - status: - description: ScheduleStatus captures the current state of a Velero schedule - properties: - lastBackup: - description: LastBackup is the last time a Backup was run for this Schedule schedule - format: date-time - nullable: true - type: string - phase: - description: Phase is the current phase of the Schedule - enum: - - New - - Enabled - - FailedValidation - type: string - validationErrors: - description: ValidationErrors is a slice of all validation errors (if applicable) - items: - type: string - type: array - type: object - type: object - version: v1 - versions: - - name: v1 - served: true - storage: true -- apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null - labels: - component: kubeagent-backup-helper - name: serverstatusrequests.velero.io - spec: - group: velero.io - names: - kind: ServerStatusRequest - listKind: ServerStatusRequestList - plural: serverstatusrequests - shortNames: - - ssr - singular: serverstatusrequest - preserveUnknownFields: false - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: ServerStatusRequest is a request to access current status information about the Velero server. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ServerStatusRequestSpec is the specification for a ServerStatusRequest. - type: object - status: - description: ServerStatusRequestStatus is the current status of a ServerStatusRequest. - properties: - phase: - description: Phase is the current lifecycle phase of the ServerStatusRequest. - enum: - - New - - Processed - type: string - plugins: - description: Plugins list information about the plugins running on the Velero server - items: - description: PluginInfo contains attributes of a Velero plugin - properties: - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - nullable: true - type: array - processedTimestamp: - description: ProcessedTimestamp is when the ServerStatusRequest was processed by the ServerStatusRequestController. - format: date-time - nullable: true - type: string - serverVersion: - description: ServerVersion is the Velero server version. - type: string - type: object - type: object - version: v1 - versions: - - name: v1 - served: true - storage: true -{{- if not (lookup "apiextensions.k8s.io/v1" "CustomResourceDefinition" "" "volumesnapshotlocations.velero.io") }} -- apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - "helm.sh/resource-policy": keep - creationTimestamp: null - labels: - component: kubeagent-backup-helper - name: volumesnapshotlocations.velero.io - spec: - group: velero.io - names: - kind: VolumeSnapshotLocation - listKind: VolumeSnapshotLocationList - plural: volumesnapshotlocations - singular: volumesnapshotlocation - preserveUnknownFields: false - scope: Namespaced - validation: - openAPIV3Schema: - description: VolumeSnapshotLocation is a location where Velero stores volume snapshots. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: VolumeSnapshotLocationSpec defines the specification for a Velero VolumeSnapshotLocation. - properties: - config: - additionalProperties: - type: string - description: Config is for provider-specific configuration fields. - type: object - provider: - description: Provider is the provider of the volume storage. - type: string - required: - - provider - type: object - status: - description: VolumeSnapshotLocationStatus describes the current status of a Velero VolumeSnapshotLocation. - properties: - phase: - description: VolumeSnapshotLocationPhase is the lifecyle phase of a Velero VolumeSnapshotLocation. - enum: - - Available - - Unavailable - type: string - type: object - type: object - version: v1 - versions: - - name: v1 - served: true - storage: true -{{- end }} -- apiVersion: v1 - kind: ServiceAccount - metadata: - creationTimestamp: null - labels: - component: kubeagent-backup-helper - name: {{ .Values.namespace }} - namespace: {{ .Values.namespace }} -- apiVersion: rbac.authorization.k8s.io/v1beta1 - kind: ClusterRoleBinding - metadata: - creationTimestamp: null - labels: - component: kubeagent-backup-helper - name: {{ .Values.namespace }} - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-admin - subjects: - - kind: ServiceAccount - name: {{ .Values.namespace }} - namespace: {{ .Values.namespace }} -{{- if not (lookup "apiextensions.k8s.io/v1" "CustomResourceDefinition" "" "volumesnapshotclasses.snapshot.storage.k8s.io") }} -- apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - api-approved.kubernetes.io: "https://github.com/kubernetes-csi/external-snapshotter/pull/139" - "helm.sh/resource-policy": keep - creationTimestamp: null - name: volumesnapshotclasses.snapshot.storage.k8s.io - spec: - additionalPrinterColumns: - - JSONPath: .driver - name: Driver - type: string - - JSONPath: .deletionPolicy - description: Determines whether a VolumeSnapshotContent created through the VolumeSnapshotClass - should be deleted when its bound VolumeSnapshot is deleted. - name: DeletionPolicy - type: string - - JSONPath: .metadata.creationTimestamp - name: Age - type: date - group: snapshot.storage.k8s.io - names: - kind: VolumeSnapshotClass - listKind: VolumeSnapshotClassList - plural: volumesnapshotclasses - singular: volumesnapshotclass - preserveUnknownFields: false - scope: Cluster - subresources: {} - validation: - openAPIV3Schema: - description: VolumeSnapshotClass specifies parameters that a underlying storage - system uses when creating a volume snapshot. A specific VolumeSnapshotClass - is used by specifying its name in a VolumeSnapshot object. VolumeSnapshotClasses - are non-namespaced - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - deletionPolicy: - description: deletionPolicy determines whether a VolumeSnapshotContent created - through the VolumeSnapshotClass should be deleted when its bound VolumeSnapshot - is deleted. Supported values are "Retain" and "Delete". "Retain" means - that the VolumeSnapshotContent and its physical snapshot on underlying - storage system are kept. "Delete" means that the VolumeSnapshotContent - and its physical snapshot on underlying storage system are deleted. Required. - enum: - - Delete - - Retain - type: string - driver: - description: driver is the name of the storage driver that handles this - VolumeSnapshotClass. Required. - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - parameters: - additionalProperties: - type: string - description: parameters is a key-value map with storage driver specific - parameters for creating snapshots. These values are opaque to Kubernetes. - type: object - required: - - deletionPolicy - - driver - type: object - version: v1beta1 - versions: - - name: v1beta1 - served: true - storage: true - status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] -{{- end }} -{{- if not (lookup "apiextensions.k8s.io/v1" "CustomResourceDefinition" "" "volumesnapshotcontents.snapshot.storage.k8s.io") }} -- apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - api-approved.kubernetes.io: "https://github.com/kubernetes-csi/external-snapshotter/pull/139" - "helm.sh/resource-policy": keep - creationTimestamp: null - name: volumesnapshotcontents.snapshot.storage.k8s.io - spec: - additionalPrinterColumns: - - JSONPath: .status.readyToUse - description: Indicates if a snapshot is ready to be used to restore a volume. - name: ReadyToUse - type: boolean - - JSONPath: .status.restoreSize - description: Represents the complete size of the snapshot in bytes - name: RestoreSize - type: integer - - JSONPath: .spec.deletionPolicy - description: Determines whether this VolumeSnapshotContent and its physical snapshot - on the underlying storage system should be deleted when its bound VolumeSnapshot - is deleted. - name: DeletionPolicy - type: string - - JSONPath: .spec.driver - description: Name of the CSI driver used to create the physical snapshot on the - underlying storage system. - name: Driver - type: string - - JSONPath: .spec.volumeSnapshotClassName - description: Name of the VolumeSnapshotClass to which this snapshot belongs. - name: VolumeSnapshotClass - type: string - - JSONPath: .spec.volumeSnapshotRef.name - description: Name of the VolumeSnapshot object to which this VolumeSnapshotContent - object is bound. - name: VolumeSnapshot - type: string - - JSONPath: .metadata.creationTimestamp - name: Age - type: date - group: snapshot.storage.k8s.io - names: - kind: VolumeSnapshotContent - listKind: VolumeSnapshotContentList - plural: volumesnapshotcontents - singular: volumesnapshotcontent - preserveUnknownFields: false - scope: Cluster - subresources: - status: {} - validation: - openAPIV3Schema: - description: VolumeSnapshotContent represents the actual "on-disk" snapshot - object in the underlying storage system - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: spec defines properties of a VolumeSnapshotContent created - by the underlying storage system. Required. - properties: - deletionPolicy: - description: deletionPolicy determines whether this VolumeSnapshotContent - and its physical snapshot on the underlying storage system should - be deleted when its bound VolumeSnapshot is deleted. Supported values - are "Retain" and "Delete". "Retain" means that the VolumeSnapshotContent - and its physical snapshot on underlying storage system are kept. "Delete" - means that the VolumeSnapshotContent and its physical snapshot on - underlying storage system are deleted. In dynamic snapshot creation - case, this field will be filled in with the "DeletionPolicy" field - defined in the VolumeSnapshotClass the VolumeSnapshot refers to. For - pre-existing snapshots, users MUST specify this field when creating - the VolumeSnapshotContent object. Required. - enum: - - Delete - - Retain - type: string - driver: - description: driver is the name of the CSI driver used to create the - physical snapshot on the underlying storage system. This MUST be the - same as the name returned by the CSI GetPluginName() call for that - driver. Required. - type: string - source: - description: source specifies from where a snapshot will be created. - This field is immutable after creation. Required. - properties: - snapshotHandle: - description: snapshotHandle specifies the CSI "snapshot_id" of a - pre-existing snapshot on the underlying storage system. This field - is immutable. - type: string - volumeHandle: - description: volumeHandle specifies the CSI "volume_id" of the volume - from which a snapshot should be dynamically taken from. This field - is immutable. - type: string - type: object - volumeSnapshotClassName: - description: name of the VolumeSnapshotClass to which this snapshot - belongs. - type: string - volumeSnapshotRef: - description: volumeSnapshotRef specifies the VolumeSnapshot object to - which this VolumeSnapshotContent object is bound. VolumeSnapshot.Spec.VolumeSnapshotContentName - field must reference to this VolumeSnapshotContent's name for the - bidirectional binding to be valid. For a pre-existing VolumeSnapshotContent - object, name and namespace of the VolumeSnapshot object MUST be provided - for binding to happen. This field is immutable after creation. Required. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an - entire object, this string should contain a valid JSON/Go field - access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen only - to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change - in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is - made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - type: object - required: - - deletionPolicy - - driver - - source - - volumeSnapshotRef - type: object - status: - description: status represents the current information of a snapshot. - properties: - creationTime: - description: creationTime is the timestamp when the point-in-time snapshot - is taken by the underlying storage system. In dynamic snapshot creation - case, this field will be filled in with the "creation_time" value - returned from CSI "CreateSnapshotRequest" gRPC call. For a pre-existing - snapshot, this field will be filled with the "creation_time" value - returned from the CSI "ListSnapshots" gRPC call if the driver supports - it. If not specified, it indicates the creation time is unknown. The - format of this field is a Unix nanoseconds time encoded as an int64. - On Unix, the command `date +%s%N` returns the current time in nanoseconds - since 1970-01-01 00:00:00 UTC. - format: int64 - type: integer - error: - description: error is the latest observed error during snapshot creation, - if any. - properties: - message: - description: 'message is a string detailing the encountered error - during snapshot creation if specified. NOTE: message may be logged, - and it should not contain sensitive information.' - type: string - time: - description: time is the timestamp when the error was encountered. - format: date-time - type: string - type: object - readyToUse: - description: readyToUse indicates if a snapshot is ready to be used - to restore a volume. In dynamic snapshot creation case, this field - will be filled in with the "ready_to_use" value returned from CSI - "CreateSnapshotRequest" gRPC call. For a pre-existing snapshot, this - field will be filled with the "ready_to_use" value returned from the - CSI "ListSnapshots" gRPC call if the driver supports it, otherwise, - this field will be set to "True". If not specified, it means the readiness - of a snapshot is unknown. - type: boolean - restoreSize: - description: restoreSize represents the complete size of the snapshot - in bytes. In dynamic snapshot creation case, this field will be filled - in with the "size_bytes" value returned from CSI "CreateSnapshotRequest" - gRPC call. For a pre-existing snapshot, this field will be filled - with the "size_bytes" value returned from the CSI "ListSnapshots" - gRPC call if the driver supports it. When restoring a volume from - this snapshot, the size of the volume MUST NOT be smaller than the - restoreSize if it is specified, otherwise the restoration will fail. - If not specified, it indicates that the size is unknown. - format: int64 - minimum: 0 - type: integer - snapshotHandle: - description: snapshotHandle is the CSI "snapshot_id" of a snapshot on - the underlying storage system. If not specified, it indicates that - dynamic snapshot creation has either failed or it is still in progress. - type: string - type: object - required: - - spec - type: object - version: v1beta1 - versions: - - name: v1beta1 - served: true - storage: true - status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] -{{- end }} -{{- if not (lookup "apiextensions.k8s.io/v1" "CustomResourceDefinition" "" "volumesnapshots.snapshot.storage.k8s.io") }} -- apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - api-approved.kubernetes.io: "https://github.com/kubernetes-csi/external-snapshotter/pull/139" - "helm.sh/resource-policy": keep - creationTimestamp: null - name: volumesnapshots.snapshot.storage.k8s.io - spec: - additionalPrinterColumns: - - JSONPath: .status.readyToUse - description: Indicates if a snapshot is ready to be used to restore a volume. - name: ReadyToUse - type: boolean - - JSONPath: .spec.source.persistentVolumeClaimName - description: Name of the source PVC from where a dynamically taken snapshot will - be created. - name: SourcePVC - type: string - - JSONPath: .spec.source.volumeSnapshotContentName - description: Name of the VolumeSnapshotContent which represents a pre-provisioned - snapshot. - name: SourceSnapshotContent - type: string - - JSONPath: .status.restoreSize - description: Represents the complete size of the snapshot. - name: RestoreSize - type: string - - JSONPath: .spec.volumeSnapshotClassName - description: The name of the VolumeSnapshotClass requested by the VolumeSnapshot. - name: SnapshotClass - type: string - - JSONPath: .status.boundVolumeSnapshotContentName - description: The name of the VolumeSnapshotContent to which this VolumeSnapshot - is bound. - name: SnapshotContent - type: string - - JSONPath: .status.creationTime - description: Timestamp when the point-in-time snapshot is taken by the underlying - storage system. - name: CreationTime - type: date - - JSONPath: .metadata.creationTimestamp - name: Age - type: date - group: snapshot.storage.k8s.io - names: - kind: VolumeSnapshot - listKind: VolumeSnapshotList - plural: volumesnapshots - singular: volumesnapshot - preserveUnknownFields: false - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: VolumeSnapshot is a user's request for either creating a point-in-time - snapshot of a persistent volume, or binding to a pre-existing snapshot. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: 'spec defines the desired characteristics of a snapshot requested - by a user. More info: https://kubernetes.io/docs/concepts/storage/volume-snapshots#volumesnapshots - Required.' - properties: - source: - description: source specifies where a snapshot will be created from. - This field is immutable after creation. Required. - properties: - persistentVolumeClaimName: - description: persistentVolumeClaimName specifies the name of the - PersistentVolumeClaim object in the same namespace as the VolumeSnapshot - object where the snapshot should be dynamically taken from. This - field is immutable. - type: string - volumeSnapshotContentName: - description: volumeSnapshotContentName specifies the name of a pre-existing - VolumeSnapshotContent object. This field is immutable. - type: string - type: object - volumeSnapshotClassName: - description: 'volumeSnapshotClassName is the name of the VolumeSnapshotClass - requested by the VolumeSnapshot. If not specified, the default snapshot - class will be used if one exists. If not specified, and there is no - default snapshot class, dynamic snapshot creation will fail. Empty - string is not allowed for this field. TODO(xiangqian): a webhook validation - on empty string. More info: https://kubernetes.io/docs/concepts/storage/volume-snapshot-classes' - type: string - required: - - source - type: object - status: - description: 'status represents the current information of a snapshot. NOTE: - status can be modified by sources other than system controllers, and must - not be depended upon for accuracy. Controllers should only use information - from the VolumeSnapshotContent object after verifying that the binding - is accurate and complete.' - properties: - boundVolumeSnapshotContentName: - description: 'boundVolumeSnapshotContentName represents the name of - the VolumeSnapshotContent object to which the VolumeSnapshot object - is bound. If not specified, it indicates that the VolumeSnapshot object - has not been successfully bound to a VolumeSnapshotContent object - yet. NOTE: Specified boundVolumeSnapshotContentName alone does not - mean binding is valid. Controllers MUST always verify bidirectional - binding between VolumeSnapshot and VolumeSnapshotContent to - avoid possible security issues.' - type: string - creationTime: - description: creationTime is the timestamp when the point-in-time snapshot - is taken by the underlying storage system. In dynamic snapshot creation - case, this field will be filled in with the "creation_time" value - returned from CSI "CreateSnapshotRequest" gRPC call. For a pre-existing - snapshot, this field will be filled with the "creation_time" value - returned from the CSI "ListSnapshots" gRPC call if the driver supports - it. If not specified, it indicates that the creation time of the snapshot - is unknown. - format: date-time - type: string - error: - description: error is the last observed error during snapshot creation, - if any. This field could be helpful to upper level controllers(i.e., - application controller) to decide whether they should continue on - waiting for the snapshot to be created based on the type of error - reported. - properties: - message: - description: 'message is a string detailing the encountered error - during snapshot creation if specified. NOTE: message may be logged, - and it should not contain sensitive information.' - type: string - time: - description: time is the timestamp when the error was encountered. - format: date-time - type: string - type: object - readyToUse: - description: readyToUse indicates if a snapshot is ready to be used - to restore a volume. In dynamic snapshot creation case, this field - will be filled in with the "ready_to_use" value returned from CSI - "CreateSnapshotRequest" gRPC call. For a pre-existing snapshot, this - field will be filled with the "ready_to_use" value returned from the - CSI "ListSnapshots" gRPC call if the driver supports it, otherwise, - this field will be set to "True". If not specified, it means the readiness - of a snapshot is unknown. - type: boolean - restoreSize: - type: string - description: restoreSize represents the complete size of the snapshot - in bytes. In dynamic snapshot creation case, this field will be filled - in with the "size_bytes" value returned from CSI "CreateSnapshotRequest" - gRPC call. For a pre-existing snapshot, this field will be filled - with the "size_bytes" value returned from the CSI "ListSnapshots" - gRPC call if the driver supports it. When restoring a volume from - this snapshot, the size of the volume MUST NOT be smaller than the - restoreSize if it is specified, otherwise the restoration will fail. - If not specified, it indicates that the size is unknown. - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - required: - - spec - type: object - version: v1beta1 - versions: - - name: v1beta1 - served: true - storage: true - status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] -{{- end }} -- apiVersion: apps/v1 - kind: Deployment - metadata: - name: kubeagent - namespace: {{ .Values.namespace }} - spec: - selector: - matchLabels: - app: kubeagent - strategy: {} - replicas: 1 - template: - metadata: - labels: - app: kubeagent - annotations: - prometheus.io/path: /metrics - prometheus.io/port: "8085" - prometheus.io/scrape: "true" - spec: - containers: - - image: "{{ .Values.kagent_image.repository }}:{{ .Values.kagent_image.tag }}" - args: ["/usr/local/bin/kubeagent", "--server_addr", "agent.cloudcasa.io:443", "--tls", "true"] - name: kubeagent - resources: - requests: - memory: "{{ .Values.request_kubeagent_memory }}" - cpu: "{{ .Values.request_kubeagent_cpu }}" - limits: - memory: "{{ .Values.limit_kubeagent_memory }}" - cpu: "{{ .Values.limit_kubeagent_cpu }}" - env: - - name: AMDS_CLUSTER_ID - value: "{{ .Values.cluster_id }}" - - name: KUBEMOVER_IMAGE - value: "{{ .Values.kagent_image.repository }}:{{ .Values.kagent_image.tag }}" - volumeMounts: - - mountPath: /credentials - name: cloud-credentials - - mountPath: /plugins - name: plugins - - mountPath: /scratch - name: scratch - - image: "{{ .Values.velero_image.repository }}:{{ .Values.velero_image.tag }}" - imagePullPolicy: IfNotPresent - name: kubeagent-backup-helper - args: - - server - - --features=EnableCSI,EnableAPIGroupVersions - - --backup-sync-period=0s - - --store-validation-frequency=0s - # (24 hours * 365 days * 10 years) + (2 * 24 hours[for leap years]) = 87648 hours - - --default-backup-ttl=87648h0m0s - - --disable-controllers=backup-sync,schedule,gc,download-request,restic-repo,server-status-request - - --log-format=json - - --log-level=info - command: - - /velero - env: - - name: VELERO_SCRATCH_DIR - value: /scratch - - name: VELERO_NAMESPACE - value: {{ .Values.namespace }} - - name: LD_LIBRARY_PATH - value: /plugins - - name: AWS_SHARED_CREDENTIALS_FILE - value: /credentials/s3/cloud - - name: GOOGLE_APPLICATION_CREDENTIALS - value: /credentials/gcp/cloud - - name: AZURE_CREDENTIALS_FILE - value: /credentials/azure/cloud - ports: - - containerPort: 8085 - name: metrics - resources: - limits: - cpu: "{{ .Values.limit_velero_cpu }}" - memory: "{{ .Values.limit_velero_memory }}" - requests: - cpu: "{{ .Values.request_velero_cpu }}" - memory: "{{ .Values.request_velero_memory }}" - volumeMounts: - - mountPath: /plugins - name: plugins - - mountPath: /scratch - name: scratch - - mountPath: /credentials - name: cloud-credentials - initContainers: - - image: "{{ .Values.velero_aws_plugin_image.repository }}:{{ .Values.velero_aws_plugin_image.tag }}" - imagePullPolicy: IfNotPresent - name: velero-plugin-for-aws - resources: {} - volumeMounts: - - mountPath: /target - name: plugins - - image: "{{ .Values.velero_csi_plugin_image.repository }}:{{ .Values.velero_csi_plugin_image.tag }}" - imagePullPolicy: IfNotPresent - name: velero-plugin-for-csi - resources: {} - volumeMounts: - - mountPath: /target - name: plugins - restartPolicy: Always - serviceAccountName: {{ .Values.namespace }} - volumes: - - emptyDir: {} - name: plugins - - emptyDir: {} - name: scratch - - emptyDir: {} - name: cloud-credentials diff --git a/charts/cloudcasa/cloudcasa/1.0.0/values.yaml b/charts/cloudcasa/cloudcasa/1.0.0/values.yaml deleted file mode 100644 index e51d6a8d3..000000000 --- a/charts/cloudcasa/cloudcasa/1.0.0/values.yaml +++ /dev/null @@ -1,92 +0,0 @@ -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry -## - -## Required namespace -namespace: cloudcasa-io - -## Velero csi plugin image -## ref: https://hub.docker.com/r/velero/velero-plugin-for-csi/tags/ -velero_csi_plugin_image: - registry: docker.io - repository: catalogicsoftware/velero-plugin-for-csi - tag: v0.1.2.3 - pullPolicy: IfNotPresent - debug: false -## - -## Velero aws plugin image -## ref: https://hub.docker.com/r/velero/velero-plugin-for-aws/tags/ -velero_aws_plugin_image: - registry: docker.io - repository: velero/velero-plugin-for-aws - tag: v1.1.0 - pullPolicy: IfNotPresent - debug: false -## - -## Velero image -## ref: https://hub.docker.com/r/velero/velero/tags -velero_image: - registry: docker.io - repository: velero/velero - tag: v1.5.3 - pullPolicy: IfNotPresent - debug: false -## - -## Cloudcasa kubeagent image -## ref: https://hub.docker.com/r/catalogicsoftware/amds-kagent/tags/ -kagent_image: - registry: docker.io - repository: catalogicsoftware/amds-kagent - tag: 0.1.0-prod.47 - pullPolicy: IfNotPresent - debug: false -## - -## Cloudcasa AMDS Cluster ID. To be provided by the user -cluster_id: "" - -## Resources to be used by velero and kubeagent pods -request_velero_memory: 128Mi -request_velero_cpu: 500m -limit_velero_memory: 512Mi -limit_velero_cpu: 1 -request_kubeagent_memory: 32Mi -request_kubeagent_cpu: 250m -limit_kubeagent_memory: 64Mi -limit_kubeagent_cpu: 500m - -## Placeholder configuration below this line ## -imagePullSecrets: [] -nameOverride: "" -fullnameOverride: "" - -serviceAccount: - create: true - annotations: {} - name: "" - -podAnnotations: {} - -podSecurityContext: {} - -securityContext: {} - -resources: {} - -autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 1 - targetCPUUtilizationPercentage: 80 - targetMemoryUtilizationPercentage: 80 - -nodeSelector: {} - -tolerations: [] - -affinity: {} -## diff --git a/charts/cloudcasa/cloudcasa/1/Chart.yaml b/charts/cloudcasa/cloudcasa/1/Chart.yaml deleted file mode 100755 index e3f23b798..000000000 --- a/charts/cloudcasa/cloudcasa/1/Chart.yaml +++ /dev/null @@ -1,20 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: Cloudcasa - catalog.cattle.io/namespace: cloudcasa-io - catalog.cattle.io/release-name: cloudcasa -apiVersion: v2 -appVersion: "1.0" -description: CloudCasa backup service for Kubernetes and cloud native applications -home: https://cloudcasa.io -icon: https://partner-charts.rancher.io/assets/logos/cloudcasa.png -keywords: -- backup -- Catalogic -- CloudCasa -kubeVersion: '>=1.13.0-0' -maintainers: -- email: info@catalogicsoftware.com - name: catalogicsoftware -name: cloudcasa -version: "1" diff --git a/charts/cloudcasa/cloudcasa/1/README.md b/charts/cloudcasa/cloudcasa/1/README.md deleted file mode 100755 index f829ec17e..000000000 --- a/charts/cloudcasa/cloudcasa/1/README.md +++ /dev/null @@ -1,51 +0,0 @@ -# CloudCasa Kubernetes Agent - -[CloudCasa](https://cloudcasa.io) - A Smart Home in the Cloud for Kubernetes Backups - -# Introduction - -CloudCasa is a SaaS solution that provides class-leading data protection services for Kubernetes and cloud native applications. -Configuration is quick and easy, and basic service is free. - -This Helm chart installs and configures the CloudCasa agent on a Kubernetes cluster. -See the CloudCasa [Getting Started Guide](https://cloudcasa.io/get-started) for more information. - -## Prerequisites - -1. Kubernetes 1.17+ -2. Helm 3.0+ - -## Installation - -### Rancher Installation (Apps & Marketplace) - -1. Log in to https://home.cloudcasa.io and add your Kubernetes cluster under the Setup tab. Note the returned cluster ID. -2. Go to Apps & Marketplace in the Rancher UI. In the Deploy Chart section, check the Partners checkbox and click on the cloudcasa chart. -3. Provide a Name (e.g. CloudCasa) and optional description. -4. In the CloudCasa Configuration section, provide the Cluster ID obtained above. -5. Click on the Install button to complete installation of the agent. - -### Helm CLI Installation - -1. Log in to https://home.cloudcasa.io and add your Kubernetes cluster under the Setup tab. Note the returned cluster ID. -2. Execute the following helm commands, replacing `````` with the Cluster ID obtained above: -``` -$ helm repo add cloudcasa-repo https://catalogicsoftware.github.io/cloudcasa-helmchart -$ helm install cloudcasa.io cloudcasa-repo/cloudcasa-helmchart --set cluster_id= -``` -This will install the CloudCasa agent and complete registration of the cluster with the CloudCasa service. - -## Updating the CloudCasa Agent -1. Log in to https://home.cloudcasa.io and obtain the cluster ID for your cluster by selecting it under the Setup tab. -2. Execute the following commands to update the agent: -``` -$ helm repo update -$ helm upgrade cloudcasa.io cloudcasa-repo/cloudcasa-helmchart --set cluster_id= -``` - -## Uninstalling the CloudCasa Agent -``` -$ helm uninstall cloudcasa.io -``` - -*CloudCasa is a trademark of Catalogic Software Inc.* diff --git a/charts/cloudcasa/cloudcasa/1/app-readme.md b/charts/cloudcasa/cloudcasa/1/app-readme.md deleted file mode 100755 index bae0de627..000000000 --- a/charts/cloudcasa/cloudcasa/1/app-readme.md +++ /dev/null @@ -1,6 +0,0 @@ -# CloudCasa Kubernetes Agent - -### [CloudCasa](https://cloudcasa.io) - A Smart Home in the Cloud for Kubernetes Backups - -CloudCasa is a SaaS solution that provides class-leading data protection services for Kubernetes and cloud native applications. -Configuration is quick and easy, and basic service is free. See the CloudCasa [Getting Started Guide](https://cloudcasa.io/get-started) for more information. diff --git a/charts/cloudcasa/cloudcasa/1/questions.yaml b/charts/cloudcasa/cloudcasa/1/questions.yaml deleted file mode 100755 index f2f1f51de..000000000 --- a/charts/cloudcasa/cloudcasa/1/questions.yaml +++ /dev/null @@ -1,13 +0,0 @@ -namespace: cloudcasa-io -labels: - io.rancher.certified: partner -categories: -- Application -questions: -- variable: cluster_id - default: "default" - description: "CloudCasa Cluster ID" - type: string - required: true - label: CLUSTER ID - group: "CloudCasa Configuration" diff --git a/charts/cloudcasa/cloudcasa/1/templates/NOTES.txt b/charts/cloudcasa/cloudcasa/1/templates/NOTES.txt deleted file mode 100755 index e30a0df5a..000000000 --- a/charts/cloudcasa/cloudcasa/1/templates/NOTES.txt +++ /dev/null @@ -1,5 +0,0 @@ ---------Please be patient while the chart is being deployed-------- - -Tip: Watch the App deployment status using the command: kubectl get pods -n cloudcasa-io - -Monitor the Cloudcasa UI, the regsitered cluster state should be moved to Ready State. If the clutser state is still in Pendingstate, wrong ClusterID would have been provided. diff --git a/charts/cloudcasa/cloudcasa/1/templates/_helpers.tpl b/charts/cloudcasa/cloudcasa/1/templates/_helpers.tpl deleted file mode 100755 index 75bf8467f..000000000 --- a/charts/cloudcasa/cloudcasa/1/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "cloudcasa.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "cloudcasa.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "cloudcasa.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/cloudcasa/cloudcasa/1/templates/cluster-register.yaml b/charts/cloudcasa/cloudcasa/1/templates/cluster-register.yaml deleted file mode 100755 index aae09c659..000000000 --- a/charts/cloudcasa/cloudcasa/1/templates/cluster-register.yaml +++ /dev/null @@ -1,2984 +0,0 @@ -# ----------------------------------------------------------------------- -# Steps to delete the agent deployment are: -# ----------------------------------------------------------------------- -# kubectl delete namespace/cloudcasa-io clusterrolebinding/cloudcasa-io -# kubectl delete crds -l component=kubeagent_backup_helper - -{{ if not (lookup "v1" "Namespace" .Values.namespace "cloudcasa-io") }} -apiVersion: v1 -kind: Namespace -metadata: - name: cloudcasa-io - annotations: - "helm.sh/resource-policy": keep -{{ end }} ---- -apiVersion: v1 -kind: List -items: -- apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null - labels: - component: kubeagent-backup-helper - name: backups.velero.io - spec: - group: velero.io - names: - kind: Backup - listKind: BackupList - plural: backups - singular: backup - preserveUnknownFields: false - scope: Namespaced - validation: - openAPIV3Schema: - description: Backup is a Velero resource that respresents the capture of Kubernetes cluster state at a point in time (API objects and associated volume state). - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: BackupSpec defines the specification for a Velero backup. - properties: - defaultVolumesToRestic: - description: DefaultVolumesToRestic specifies whether restic should be used to take a backup of all pod volumes by default. - type: boolean - excludedNamespaces: - description: ExcludedNamespaces contains a list of namespaces that are not included in the backup. - items: - type: string - nullable: true - type: array - excludedResources: - description: ExcludedResources is a slice of resource names that are not included in the backup. - items: - type: string - nullable: true - type: array - hooks: - description: Hooks represent custom behaviors that should be executed at different phases of the backup. - properties: - resources: - description: Resources are hooks that should be executed when backing up individual instances of a resource. - items: - description: BackupResourceHookSpec defines one or more BackupResourceHooks that should be executed based on the rules defined for namespaces, resources, and label selector. - properties: - excludedNamespaces: - description: ExcludedNamespaces specifies the namespaces to which this hook spec does not apply. - items: - type: string - nullable: true - type: array - excludedResources: - description: ExcludedResources specifies the resources to which this hook spec does not apply. - items: - type: string - nullable: true - type: array - includedNamespaces: - description: IncludedNamespaces specifies the namespaces to which this hook spec applies. If empty, it applies to all namespaces. - items: - type: string - nullable: true - type: array - includedResources: - description: IncludedResources specifies the resources to which this hook spec applies. If empty, it applies to all resources. - items: - type: string - nullable: true - type: array - labelSelector: - description: LabelSelector, if specified, filters the resources to which this hook spec applies. - nullable: true - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - name: - description: Name is the name of this hook. - type: string - post: - description: PostHooks is a list of BackupResourceHooks to execute after storing the item in the backup. These are executed after all "additional items" from item actions are processed. - items: - description: BackupResourceHook defines a hook for a resource. - properties: - exec: - description: Exec defines an exec hook. - properties: - command: - description: Command is the command and arguments to execute. - items: - type: string - minItems: 1 - type: array - container: - description: Container is the container in the pod where the command should be executed. If not specified, the pod's first container is used. - type: string - onError: - description: OnError specifies how Velero should behave if it encounters an error executing this hook. - enum: - - Continue - - Fail - type: string - timeout: - description: Timeout defines the maximum amount of time Velero should wait for the hook to complete before considering the execution a failure. - type: string - required: - - command - type: object - required: - - exec - type: object - type: array - pre: - description: PreHooks is a list of BackupResourceHooks to execute prior to storing the item in the backup. These are executed before any "additional items" from item actions are processed. - items: - description: BackupResourceHook defines a hook for a resource. - properties: - exec: - description: Exec defines an exec hook. - properties: - command: - description: Command is the command and arguments to execute. - items: - type: string - minItems: 1 - type: array - container: - description: Container is the container in the pod where the command should be executed. If not specified, the pod's first container is used. - type: string - onError: - description: OnError specifies how Velero should behave if it encounters an error executing this hook. - enum: - - Continue - - Fail - type: string - timeout: - description: Timeout defines the maximum amount of time Velero should wait for the hook to complete before considering the execution a failure. - type: string - required: - - command - type: object - required: - - exec - type: object - type: array - required: - - name - type: object - nullable: true - type: array - type: object - includeClusterResources: - description: IncludeClusterResources specifies whether cluster-scoped resources should be included for consideration in the backup. - nullable: true - type: boolean - includedNamespaces: - description: IncludedNamespaces is a slice of namespace names to include objects from. If empty, all namespaces are included. - items: - type: string - nullable: true - type: array - includedResources: - description: IncludedResources is a slice of resource names to include in the backup. If empty, all resources are included. - items: - type: string - nullable: true - type: array - labelSelector: - description: LabelSelector is a metav1.LabelSelector to filter with when adding individual objects to the backup. If empty or nil, all objects are included. Optional. - nullable: true - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - orderedResources: - additionalProperties: - type: string - description: OrderedResources specifies the backup order of resources of specific Kind. The map key is the Kind name and value is a list of resource names separeted by commas. Each resource name has format "namespace/resourcename". For cluster resources, simply use "resourcename". - nullable: true - type: object - snapshotVolumes: - description: SnapshotVolumes specifies whether to take cloud snapshots of any PV's referenced in the set of objects included in the Backup. - nullable: true - type: boolean - storageLocation: - description: StorageLocation is a string containing the name of a BackupStorageLocation where the backup should be stored. - type: string - ttl: - description: TTL is a time.Duration-parseable string describing how long the Backup should be retained for. - type: string - volumeSnapshotLocations: - description: VolumeSnapshotLocations is a list containing names of VolumeSnapshotLocations associated with this backup. - items: - type: string - type: array - type: object - status: - description: BackupStatus captures the current status of a Velero backup. - properties: - completionTimestamp: - description: CompletionTimestamp records the time a backup was completed. Completion time is recorded even on failed backups. Completion time is recorded before uploading the backup object. The server's time is used for CompletionTimestamps - format: date-time - nullable: true - type: string - errors: - description: Errors is a count of all error messages that were generated during execution of the backup. The actual errors are in the backup's log file in object storage. - type: integer - expiration: - description: Expiration is when this Backup is eligible for garbage-collection. - format: date-time - nullable: true - type: string - formatVersion: - description: FormatVersion is the backup format version, including major, minor, and patch version. - type: string - phase: - description: Phase is the current state of the Backup. - enum: - - New - - FailedValidation - - InProgress - - Completed - - PartiallyFailed - - Failed - - Deleting - type: string - progress: - description: Progress contains information about the backup's execution progress. Note that this information is best-effort only -- if Velero fails to update it during a backup for any reason, it may be inaccurate/stale. - nullable: true - properties: - itemsBackedUp: - description: ItemsBackedUp is the number of items that have actually been written to the backup tarball so far. - type: integer - totalItems: - description: TotalItems is the total number of items to be backed up. This number may change throughout the execution of the backup due to plugins that return additional related items to back up, the velero.io/exclude-from-backup label, and various other filters that happen as items are processed. - type: integer - type: object - startTimestamp: - description: StartTimestamp records the time a backup was started. Separate from CreationTimestamp, since that value changes on restores. The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - validationErrors: - description: ValidationErrors is a slice of all validation errors (if applicable). - items: - type: string - nullable: true - type: array - version: - description: 'Version is the backup format major version. Deprecated: Please see FormatVersion' - type: integer - volumeSnapshotsAttempted: - description: VolumeSnapshotsAttempted is the total number of attempted volume snapshots for this backup. - type: integer - volumeSnapshotsCompleted: - description: VolumeSnapshotsCompleted is the total number of successfully completed volume snapshots for this backup. - type: integer - warnings: - description: Warnings is a count of all warning messages that were generated during execution of the backup. The actual warnings are in the backup's log file in object storage. - type: integer - type: object - type: object - version: v1 - versions: - - name: v1 - served: true - storage: true -- apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null - labels: - component: kubeagent-backup-helper - name: backupstoragelocations.velero.io - spec: - additionalPrinterColumns: - - JSONPath: .status.phase - description: Backup Storage Location status such as Available/Unavailable - name: Phase - type: string - - JSONPath: .status.lastValidationTime - description: LastValidationTime is the last time the backup store location was validated - name: Last Validated - type: date - - JSONPath: .metadata.creationTimestamp - name: Age - type: date - group: velero.io - names: - kind: BackupStorageLocation - listKind: BackupStorageLocationList - plural: backupstoragelocations - shortNames: - - bsl - singular: backupstoragelocation - preserveUnknownFields: false - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: BackupStorageLocation is a location where Velero stores backup objects - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: BackupStorageLocationSpec defines the desired state of a Velero BackupStorageLocation - properties: - accessMode: - description: AccessMode defines the permissions for the backup storage location. - enum: - - ReadOnly - - ReadWrite - type: string - backupSyncPeriod: - description: BackupSyncPeriod defines how frequently to sync backup API objects from object storage. A value of 0 disables sync. - nullable: true - type: string - config: - additionalProperties: - type: string - description: Config is for provider-specific configuration fields. - type: object - objectStorage: - description: ObjectStorageLocation specifies the settings necessary to connect to a provider's object storage. - properties: - bucket: - description: Bucket is the bucket to use for object storage. - type: string - caCert: - description: CACert defines a CA bundle to use when verifying TLS connections to the provider. - format: byte - type: string - prefix: - description: Prefix is the path inside a bucket to use for Velero storage. Optional. - type: string - required: - - bucket - type: object - provider: - description: Provider is the provider of the backup storage. - type: string - validationFrequency: - description: ValidationFrequency defines how frequently to validate the corresponding object storage. A value of 0 disables validation. - nullable: true - type: string - required: - - objectStorage - - provider - type: object - status: - description: BackupStorageLocationStatus defines the observed state of BackupStorageLocation - properties: - accessMode: - description: "AccessMode is an unused field. \n Deprecated: there is now an AccessMode field on the Spec and this field will be removed entirely as of v2.0." - enum: - - ReadOnly - - ReadWrite - type: string - lastSyncedRevision: - description: "LastSyncedRevision is the value of the `metadata/revision` file in the backup storage location the last time the BSL's contents were synced into the cluster. \n Deprecated: this field is no longer updated or used for detecting changes to the location's contents and will be removed entirely in v2.0." - type: string - lastSyncedTime: - description: LastSyncedTime is the last time the contents of the location were synced into the cluster. - format: date-time - nullable: true - type: string - lastValidationTime: - description: LastValidationTime is the last time the backup store location was validated the cluster. - format: date-time - nullable: true - type: string - phase: - description: Phase is the current state of the BackupStorageLocation. - enum: - - Available - - Unavailable - type: string - type: object - type: object - version: v1 - versions: - - name: v1 - served: true - storage: true -- apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null - labels: - component: kubeagent-backup-helper - name: deletebackuprequests.velero.io - spec: - group: velero.io - names: - kind: DeleteBackupRequest - listKind: DeleteBackupRequestList - plural: deletebackuprequests - singular: deletebackuprequest - preserveUnknownFields: false - scope: Namespaced - validation: - openAPIV3Schema: - description: DeleteBackupRequest is a request to delete one or more backups. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: DeleteBackupRequestSpec is the specification for which backups to delete. - properties: - backupName: - type: string - required: - - backupName - type: object - status: - description: DeleteBackupRequestStatus is the current status of a DeleteBackupRequest. - properties: - errors: - description: Errors contains any errors that were encountered during the deletion process. - items: - type: string - nullable: true - type: array - phase: - description: Phase is the current state of the DeleteBackupRequest. - enum: - - New - - InProgress - - Processed - type: string - type: object - type: object - version: v1 - versions: - - name: v1 - served: true - storage: true -- apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null - labels: - component: kubeagent-backup-helper - name: downloadrequests.velero.io - spec: - group: velero.io - names: - kind: DownloadRequest - listKind: DownloadRequestList - plural: downloadrequests - singular: downloadrequest - preserveUnknownFields: false - scope: Namespaced - validation: - openAPIV3Schema: - description: DownloadRequest is a request to download an artifact from backup object storage, such as a backup log file. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: DownloadRequestSpec is the specification for a download request. - properties: - target: - description: Target is what to download (e.g. logs for a backup). - properties: - kind: - description: Kind is the type of file to download. - enum: - - BackupLog - - BackupContents - - BackupVolumeSnapshots - - BackupResourceList - - RestoreLog - - RestoreResults - type: string - name: - description: Name is the name of the kubernetes resource with which the file is associated. - type: string - required: - - kind - - name - type: object - required: - - target - type: object - status: - description: DownloadRequestStatus is the current status of a DownloadRequest. - properties: - downloadURL: - description: DownloadURL contains the pre-signed URL for the target file. - type: string - expiration: - description: Expiration is when this DownloadRequest expires and can be deleted by the system. - format: date-time - nullable: true - type: string - phase: - description: Phase is the current state of the DownloadRequest. - enum: - - New - - Processed - type: string - type: object - type: object - version: v1 - versions: - - name: v1 - served: true - storage: true -- apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null - labels: - component: kubeagent-backup-helper - name: podvolumebackups.velero.io - spec: - group: velero.io - names: - kind: PodVolumeBackup - listKind: PodVolumeBackupList - plural: podvolumebackups - singular: podvolumebackup - preserveUnknownFields: false - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: PodVolumeBackupSpec is the specification for a PodVolumeBackup. - properties: - backupStorageLocation: - description: BackupStorageLocation is the name of the backup storage location where the restic repository is stored. - type: string - node: - description: Node is the name of the node that the Pod is running on. - type: string - pod: - description: Pod is a reference to the pod containing the volume to be backed up. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - type: object - repoIdentifier: - description: RepoIdentifier is the restic repository identifier. - type: string - tags: - additionalProperties: - type: string - description: Tags are a map of key-value pairs that should be applied to the volume backup as tags. - type: object - volume: - description: Volume is the name of the volume within the Pod to be backed up. - type: string - required: - - backupStorageLocation - - node - - pod - - repoIdentifier - - volume - type: object - status: - description: PodVolumeBackupStatus is the current status of a PodVolumeBackup. - properties: - completionTimestamp: - description: CompletionTimestamp records the time a backup was completed. Completion time is recorded even on failed backups. Completion time is recorded before uploading the backup object. The server's time is used for CompletionTimestamps - format: date-time - nullable: true - type: string - message: - description: Message is a message about the pod volume backup's status. - type: string - path: - description: Path is the full path within the controller pod being backed up. - type: string - phase: - description: Phase is the current state of the PodVolumeBackup. - enum: - - New - - InProgress - - Completed - - Failed - type: string - progress: - description: Progress holds the total number of bytes of the volume and the current number of backed up bytes. This can be used to display progress information about the backup operation. - properties: - bytesDone: - format: int64 - type: integer - totalBytes: - format: int64 - type: integer - type: object - snapshotID: - description: SnapshotID is the identifier for the snapshot of the pod volume. - type: string - startTimestamp: - description: StartTimestamp records the time a backup was started. Separate from CreationTimestamp, since that value changes on restores. The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - type: object - type: object - version: v1 - versions: - - name: v1 - served: true - storage: true -- apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null - labels: - component: kubeagent-backup-helper - name: podvolumerestores.velero.io - spec: - group: velero.io - names: - kind: PodVolumeRestore - listKind: PodVolumeRestoreList - plural: podvolumerestores - singular: podvolumerestore - preserveUnknownFields: false - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: PodVolumeRestoreSpec is the specification for a PodVolumeRestore. - properties: - backupStorageLocation: - description: BackupStorageLocation is the name of the backup storage location where the restic repository is stored. - type: string - pod: - description: Pod is a reference to the pod containing the volume to be restored. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - type: object - repoIdentifier: - description: RepoIdentifier is the restic repository identifier. - type: string - snapshotID: - description: SnapshotID is the ID of the volume snapshot to be restored. - type: string - volume: - description: Volume is the name of the volume within the Pod to be restored. - type: string - required: - - backupStorageLocation - - pod - - repoIdentifier - - snapshotID - - volume - type: object - status: - description: PodVolumeRestoreStatus is the current status of a PodVolumeRestore. - properties: - completionTimestamp: - description: CompletionTimestamp records the time a restore was completed. Completion time is recorded even on failed restores. The server's time is used for CompletionTimestamps - format: date-time - nullable: true - type: string - message: - description: Message is a message about the pod volume restore's status. - type: string - phase: - description: Phase is the current state of the PodVolumeRestore. - enum: - - New - - InProgress - - Completed - - Failed - type: string - progress: - description: Progress holds the total number of bytes of the snapshot and the current number of restored bytes. This can be used to display progress information about the restore operation. - properties: - bytesDone: - format: int64 - type: integer - totalBytes: - format: int64 - type: integer - type: object - startTimestamp: - description: StartTimestamp records the time a restore was started. The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - type: object - type: object - version: v1 - versions: - - name: v1 - served: true - storage: true -- apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null - labels: - component: kubeagent-backup-helper - name: resticrepositories.velero.io - spec: - group: velero.io - names: - kind: ResticRepository - listKind: ResticRepositoryList - plural: resticrepositories - singular: resticrepository - preserveUnknownFields: false - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ResticRepositorySpec is the specification for a ResticRepository. - properties: - backupStorageLocation: - description: BackupStorageLocation is the name of the BackupStorageLocation that should contain this repository. - type: string - maintenanceFrequency: - description: MaintenanceFrequency is how often maintenance should be run. - type: string - resticIdentifier: - description: ResticIdentifier is the full restic-compatible string for identifying this repository. - type: string - volumeNamespace: - description: VolumeNamespace is the namespace this restic repository contains pod volume backups for. - type: string - required: - - backupStorageLocation - - maintenanceFrequency - - resticIdentifier - - volumeNamespace - type: object - status: - description: ResticRepositoryStatus is the current status of a ResticRepository. - properties: - lastMaintenanceTime: - description: LastMaintenanceTime is the last time maintenance was run. - format: date-time - nullable: true - type: string - message: - description: Message is a message about the current status of the ResticRepository. - type: string - phase: - description: Phase is the current state of the ResticRepository. - enum: - - New - - Ready - - NotReady - type: string - type: object - type: object - version: v1 - versions: - - name: v1 - served: true - storage: true -- apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null - labels: - component: kubeagent-backup-helper - name: restores.velero.io - spec: - group: velero.io - names: - kind: Restore - listKind: RestoreList - plural: restores - singular: restore - preserveUnknownFields: false - scope: Namespaced - validation: - openAPIV3Schema: - description: Restore is a Velero resource that represents the application of resources from a Velero backup to a target Kubernetes cluster. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: RestoreSpec defines the specification for a Velero restore. - properties: - backupName: - description: BackupName is the unique name of the Velero backup to restore from. - type: string - excludedNamespaces: - description: ExcludedNamespaces contains a list of namespaces that are not included in the restore. - items: - type: string - nullable: true - type: array - excludedResources: - description: ExcludedResources is a slice of resource names that are not included in the restore. - items: - type: string - nullable: true - type: array - hooks: - description: Hooks represent custom behaviors that should be executed during or post restore. - properties: - resources: - items: - description: RestoreResourceHookSpec defines one or more RestoreResrouceHooks that should be executed based on the rules defined for namespaces, resources, and label selector. - properties: - excludedNamespaces: - description: ExcludedNamespaces specifies the namespaces to which this hook spec does not apply. - items: - type: string - nullable: true - type: array - excludedResources: - description: ExcludedResources specifies the resources to which this hook spec does not apply. - items: - type: string - nullable: true - type: array - includedNamespaces: - description: IncludedNamespaces specifies the namespaces to which this hook spec applies. If empty, it applies to all namespaces. - items: - type: string - nullable: true - type: array - includedResources: - description: IncludedResources specifies the resources to which this hook spec applies. If empty, it applies to all resources. - items: - type: string - nullable: true - type: array - labelSelector: - description: LabelSelector, if specified, filters the resources to which this hook spec applies. - nullable: true - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - name: - description: Name is the name of this hook. - type: string - postHooks: - description: PostHooks is a list of RestoreResourceHooks to execute during and after restoring a resource. - items: - description: RestoreResourceHook defines a restore hook for a resource. - properties: - exec: - description: Exec defines an exec restore hook. - properties: - command: - description: Command is the command and arguments to execute from within a container after a pod has been restored. - items: - type: string - minItems: 1 - type: array - container: - description: Container is the container in the pod where the command should be executed. If not specified, the pod's first container is used. - type: string - execTimeout: - description: ExecTimeout defines the maximum amount of time Velero should wait for the hook to complete before considering the execution a failure. - type: string - onError: - description: OnError specifies how Velero should behave if it encounters an error executing this hook. - enum: - - Continue - - Fail - type: string - waitTimeout: - description: WaitTimeout defines the maximum amount of time Velero should wait for the container to be Ready before attempting to run the command. - type: string - required: - - command - type: object - init: - description: Init defines an init restore hook. - properties: - initContainers: - description: InitContainers is list of init containers to be added to a pod during its restore. - items: - description: A single application container that you want to run within a pod. - properties: - args: - description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - command: - description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - env: - description: List of environment variables to set in the container. Cannot be updated. - items: - description: EnvVar represents an environment variable present in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. - items: - description: EnvFromSource represents the source of a set of ConfigMaps - properties: - configMapRef: - description: The ConfigMap to select from - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - type: object - prefix: - description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - type: object - type: object - type: array - image: - description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - lifecycle: - description: Actions that the management system should take in response to container lifecycle events. Cannot be updated. - properties: - postStart: - description: 'PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - description: 'PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod''s termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod''s termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - name: - description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. - type: string - ports: - description: List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. - items: - description: ContainerPort represents a network port in a single container. - properties: - containerPort: - description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. - format: int32 - type: integer - hostIP: - description: What host IP to bind the external port to. - type: string - hostPort: - description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. - format: int32 - type: integer - name: - description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. - type: string - protocol: - description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". - type: string - required: - - containerPort - - protocol - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - resources: - description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - securityContext: - description: 'Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN' - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX capabilities type - type: string - type: array - drop: - description: Removed capabilities - items: - description: Capability represent POSIX capabilities type - type: string - type: array - type: object - privileged: - description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. - type: boolean - procMount: - description: procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default is false. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - properties: - level: - description: Level is SELinux level label that applies to the container. - type: string - role: - description: Role is a SELinux role label that applies to the container. - type: string - type: - description: Type is a SELinux type label that applies to the container. - type: string - user: - description: User is a SELinux user label that applies to the container. - type: string - type: object - windowsOptions: - description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA credential spec to use. - type: string - runAsUserName: - description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: string - type: object - type: object - startupProbe: - description: 'StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod''s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. This is a beta feature enabled by the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - stdin: - description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. - type: boolean - stdinOnce: - description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false - type: boolean - terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. - type: string - tty: - description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the list of block devices to be used by the container. - items: - description: volumeDevice describes a mapping of a raw block device within a container. - properties: - devicePath: - description: devicePath is the path inside of the container that the device will be mapped to. - type: string - name: - description: name must match the name of a persistentVolumeClaim in the pod - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - description: Pod volumes to mount into the container's filesystem. Cannot be updated. - items: - description: VolumeMount describes a mounting of a Volume within a container. - properties: - mountPath: - description: Path within the container at which the volume should be mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. - type: string - required: - - name - type: object - type: array - timeout: - description: Timeout defines the maximum amount of time Velero should wait for the initContainers to complete. - type: string - type: object - type: object - type: array - required: - - name - type: object - type: array - type: object - includeClusterResources: - description: IncludeClusterResources specifies whether cluster-scoped resources should be included for consideration in the restore. If null, defaults to true. - nullable: true - type: boolean - includedNamespaces: - description: IncludedNamespaces is a slice of namespace names to include objects from. If empty, all namespaces are included. - items: - type: string - nullable: true - type: array - includedResources: - description: IncludedResources is a slice of resource names to include in the restore. If empty, all resources in the backup are included. - items: - type: string - nullable: true - type: array - labelSelector: - description: LabelSelector is a metav1.LabelSelector to filter with when restoring individual objects from the backup. If empty or nil, all objects are included. Optional. - nullable: true - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - namespaceMapping: - additionalProperties: - type: string - description: NamespaceMapping is a map of source namespace names to target namespace names to restore into. Any source namespaces not included in the map will be restored into namespaces of the same name. - type: object - restorePVs: - description: RestorePVs specifies whether to restore all included PVs from snapshot (via the cloudprovider). - nullable: true - type: boolean - scheduleName: - description: ScheduleName is the unique name of the Velero schedule to restore from. If specified, and BackupName is empty, Velero will restore from the most recent successful backup created from this schedule. - type: string - required: - - backupName - type: object - status: - description: RestoreStatus captures the current status of a Velero restore - properties: - completionTimestamp: - description: CompletionTimestamp records the time the restore operation was completed. Completion time is recorded even on failed restore. The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - errors: - description: Errors is a count of all error messages that were generated during execution of the restore. The actual errors are stored in object storage. - type: integer - failureReason: - description: FailureReason is an error that caused the entire restore to fail. - type: string - phase: - description: Phase is the current state of the Restore - enum: - - New - - FailedValidation - - InProgress - - Completed - - PartiallyFailed - - Failed - type: string - startTimestamp: - description: StartTimestamp records the time the restore operation was started. The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - validationErrors: - description: ValidationErrors is a slice of all validation errors (if applicable) - items: - type: string - nullable: true - type: array - warnings: - description: Warnings is a count of all warning messages that were generated during execution of the restore. The actual warnings are stored in object storage. - type: integer - type: object - type: object - version: v1 - versions: - - name: v1 - served: true - storage: true -- apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null - labels: - component: kubeagent-backup-helper - name: schedules.velero.io - spec: - group: velero.io - names: - kind: Schedule - listKind: ScheduleList - plural: schedules - singular: schedule - preserveUnknownFields: false - scope: Namespaced - validation: - openAPIV3Schema: - description: Schedule is a Velero resource that represents a pre-scheduled or periodic Backup that should be run. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ScheduleSpec defines the specification for a Velero schedule - properties: - schedule: - description: Schedule is a Cron expression defining when to run the Backup. - type: string - template: - description: Template is the definition of the Backup to be run on the provided schedule - properties: - defaultVolumesToRestic: - description: DefaultVolumesToRestic specifies whether restic should be used to take a backup of all pod volumes by default. - type: boolean - excludedNamespaces: - description: ExcludedNamespaces contains a list of namespaces that are not included in the backup. - items: - type: string - nullable: true - type: array - excludedResources: - description: ExcludedResources is a slice of resource names that are not included in the backup. - items: - type: string - nullable: true - type: array - hooks: - description: Hooks represent custom behaviors that should be executed at different phases of the backup. - properties: - resources: - description: Resources are hooks that should be executed when backing up individual instances of a resource. - items: - description: BackupResourceHookSpec defines one or more BackupResourceHooks that should be executed based on the rules defined for namespaces, resources, and label selector. - properties: - excludedNamespaces: - description: ExcludedNamespaces specifies the namespaces to which this hook spec does not apply. - items: - type: string - nullable: true - type: array - excludedResources: - description: ExcludedResources specifies the resources to which this hook spec does not apply. - items: - type: string - nullable: true - type: array - includedNamespaces: - description: IncludedNamespaces specifies the namespaces to which this hook spec applies. If empty, it applies to all namespaces. - items: - type: string - nullable: true - type: array - includedResources: - description: IncludedResources specifies the resources to which this hook spec applies. If empty, it applies to all resources. - items: - type: string - nullable: true - type: array - labelSelector: - description: LabelSelector, if specified, filters the resources to which this hook spec applies. - nullable: true - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - name: - description: Name is the name of this hook. - type: string - post: - description: PostHooks is a list of BackupResourceHooks to execute after storing the item in the backup. These are executed after all "additional items" from item actions are processed. - items: - description: BackupResourceHook defines a hook for a resource. - properties: - exec: - description: Exec defines an exec hook. - properties: - command: - description: Command is the command and arguments to execute. - items: - type: string - minItems: 1 - type: array - container: - description: Container is the container in the pod where the command should be executed. If not specified, the pod's first container is used. - type: string - onError: - description: OnError specifies how Velero should behave if it encounters an error executing this hook. - enum: - - Continue - - Fail - type: string - timeout: - description: Timeout defines the maximum amount of time Velero should wait for the hook to complete before considering the execution a failure. - type: string - required: - - command - type: object - required: - - exec - type: object - type: array - pre: - description: PreHooks is a list of BackupResourceHooks to execute prior to storing the item in the backup. These are executed before any "additional items" from item actions are processed. - items: - description: BackupResourceHook defines a hook for a resource. - properties: - exec: - description: Exec defines an exec hook. - properties: - command: - description: Command is the command and arguments to execute. - items: - type: string - minItems: 1 - type: array - container: - description: Container is the container in the pod where the command should be executed. If not specified, the pod's first container is used. - type: string - onError: - description: OnError specifies how Velero should behave if it encounters an error executing this hook. - enum: - - Continue - - Fail - type: string - timeout: - description: Timeout defines the maximum amount of time Velero should wait for the hook to complete before considering the execution a failure. - type: string - required: - - command - type: object - required: - - exec - type: object - type: array - required: - - name - type: object - nullable: true - type: array - type: object - includeClusterResources: - description: IncludeClusterResources specifies whether cluster-scoped resources should be included for consideration in the backup. - nullable: true - type: boolean - includedNamespaces: - description: IncludedNamespaces is a slice of namespace names to include objects from. If empty, all namespaces are included. - items: - type: string - nullable: true - type: array - includedResources: - description: IncludedResources is a slice of resource names to include in the backup. If empty, all resources are included. - items: - type: string - nullable: true - type: array - labelSelector: - description: LabelSelector is a metav1.LabelSelector to filter with when adding individual objects to the backup. If empty or nil, all objects are included. Optional. - nullable: true - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - orderedResources: - additionalProperties: - type: string - description: OrderedResources specifies the backup order of resources of specific Kind. The map key is the Kind name and value is a list of resource names separeted by commas. Each resource name has format "namespace/resourcename". For cluster resources, simply use "resourcename". - nullable: true - type: object - snapshotVolumes: - description: SnapshotVolumes specifies whether to take cloud snapshots of any PV's referenced in the set of objects included in the Backup. - nullable: true - type: boolean - storageLocation: - description: StorageLocation is a string containing the name of a BackupStorageLocation where the backup should be stored. - type: string - ttl: - description: TTL is a time.Duration-parseable string describing how long the Backup should be retained for. - type: string - volumeSnapshotLocations: - description: VolumeSnapshotLocations is a list containing names of VolumeSnapshotLocations associated with this backup. - items: - type: string - type: array - type: object - required: - - schedule - - template - type: object - status: - description: ScheduleStatus captures the current state of a Velero schedule - properties: - lastBackup: - description: LastBackup is the last time a Backup was run for this Schedule schedule - format: date-time - nullable: true - type: string - phase: - description: Phase is the current phase of the Schedule - enum: - - New - - Enabled - - FailedValidation - type: string - validationErrors: - description: ValidationErrors is a slice of all validation errors (if applicable) - items: - type: string - type: array - type: object - type: object - version: v1 - versions: - - name: v1 - served: true - storage: true -- apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null - labels: - component: kubeagent-backup-helper - name: serverstatusrequests.velero.io - spec: - group: velero.io - names: - kind: ServerStatusRequest - listKind: ServerStatusRequestList - plural: serverstatusrequests - shortNames: - - ssr - singular: serverstatusrequest - preserveUnknownFields: false - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: ServerStatusRequest is a request to access current status information about the Velero server. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ServerStatusRequestSpec is the specification for a ServerStatusRequest. - type: object - status: - description: ServerStatusRequestStatus is the current status of a ServerStatusRequest. - properties: - phase: - description: Phase is the current lifecycle phase of the ServerStatusRequest. - enum: - - New - - Processed - type: string - plugins: - description: Plugins list information about the plugins running on the Velero server - items: - description: PluginInfo contains attributes of a Velero plugin - properties: - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - nullable: true - type: array - processedTimestamp: - description: ProcessedTimestamp is when the ServerStatusRequest was processed by the ServerStatusRequestController. - format: date-time - nullable: true - type: string - serverVersion: - description: ServerVersion is the Velero server version. - type: string - type: object - type: object - version: v1 - versions: - - name: v1 - served: true - storage: true -{{- if not (lookup "apiextensions.k8s.io/v1" "CustomResourceDefinition" "" "volumesnapshotlocations.velero.io") }} -- apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - "helm.sh/resource-policy": keep - creationTimestamp: null - labels: - component: kubeagent-backup-helper - name: volumesnapshotlocations.velero.io - spec: - group: velero.io - names: - kind: VolumeSnapshotLocation - listKind: VolumeSnapshotLocationList - plural: volumesnapshotlocations - singular: volumesnapshotlocation - preserveUnknownFields: false - scope: Namespaced - validation: - openAPIV3Schema: - description: VolumeSnapshotLocation is a location where Velero stores volume snapshots. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: VolumeSnapshotLocationSpec defines the specification for a Velero VolumeSnapshotLocation. - properties: - config: - additionalProperties: - type: string - description: Config is for provider-specific configuration fields. - type: object - provider: - description: Provider is the provider of the volume storage. - type: string - required: - - provider - type: object - status: - description: VolumeSnapshotLocationStatus describes the current status of a Velero VolumeSnapshotLocation. - properties: - phase: - description: VolumeSnapshotLocationPhase is the lifecyle phase of a Velero VolumeSnapshotLocation. - enum: - - Available - - Unavailable - type: string - type: object - type: object - version: v1 - versions: - - name: v1 - served: true - storage: true -{{- end }} -- apiVersion: v1 - kind: ServiceAccount - metadata: - creationTimestamp: null - labels: - component: kubeagent-backup-helper - name: {{ .Values.namespace }} - namespace: {{ .Values.namespace }} -- apiVersion: rbac.authorization.k8s.io/v1beta1 - kind: ClusterRoleBinding - metadata: - creationTimestamp: null - labels: - component: kubeagent-backup-helper - name: {{ .Values.namespace }} - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-admin - subjects: - - kind: ServiceAccount - name: {{ .Values.namespace }} - namespace: {{ .Values.namespace }} -{{- if not (lookup "apiextensions.k8s.io/v1" "CustomResourceDefinition" "" "volumesnapshotclasses.snapshot.storage.k8s.io") }} -- apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - api-approved.kubernetes.io: "https://github.com/kubernetes-csi/external-snapshotter/pull/139" - "helm.sh/resource-policy": keep - creationTimestamp: null - name: volumesnapshotclasses.snapshot.storage.k8s.io - spec: - additionalPrinterColumns: - - JSONPath: .driver - name: Driver - type: string - - JSONPath: .deletionPolicy - description: Determines whether a VolumeSnapshotContent created through the VolumeSnapshotClass - should be deleted when its bound VolumeSnapshot is deleted. - name: DeletionPolicy - type: string - - JSONPath: .metadata.creationTimestamp - name: Age - type: date - group: snapshot.storage.k8s.io - names: - kind: VolumeSnapshotClass - listKind: VolumeSnapshotClassList - plural: volumesnapshotclasses - singular: volumesnapshotclass - preserveUnknownFields: false - scope: Cluster - subresources: {} - validation: - openAPIV3Schema: - description: VolumeSnapshotClass specifies parameters that a underlying storage - system uses when creating a volume snapshot. A specific VolumeSnapshotClass - is used by specifying its name in a VolumeSnapshot object. VolumeSnapshotClasses - are non-namespaced - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - deletionPolicy: - description: deletionPolicy determines whether a VolumeSnapshotContent created - through the VolumeSnapshotClass should be deleted when its bound VolumeSnapshot - is deleted. Supported values are "Retain" and "Delete". "Retain" means - that the VolumeSnapshotContent and its physical snapshot on underlying - storage system are kept. "Delete" means that the VolumeSnapshotContent - and its physical snapshot on underlying storage system are deleted. Required. - enum: - - Delete - - Retain - type: string - driver: - description: driver is the name of the storage driver that handles this - VolumeSnapshotClass. Required. - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - parameters: - additionalProperties: - type: string - description: parameters is a key-value map with storage driver specific - parameters for creating snapshots. These values are opaque to Kubernetes. - type: object - required: - - deletionPolicy - - driver - type: object - version: v1beta1 - versions: - - name: v1beta1 - served: true - storage: true - status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] -{{- end }} -{{- if not (lookup "apiextensions.k8s.io/v1" "CustomResourceDefinition" "" "volumesnapshotcontents.snapshot.storage.k8s.io") }} -- apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - api-approved.kubernetes.io: "https://github.com/kubernetes-csi/external-snapshotter/pull/139" - "helm.sh/resource-policy": keep - creationTimestamp: null - name: volumesnapshotcontents.snapshot.storage.k8s.io - spec: - additionalPrinterColumns: - - JSONPath: .status.readyToUse - description: Indicates if a snapshot is ready to be used to restore a volume. - name: ReadyToUse - type: boolean - - JSONPath: .status.restoreSize - description: Represents the complete size of the snapshot in bytes - name: RestoreSize - type: integer - - JSONPath: .spec.deletionPolicy - description: Determines whether this VolumeSnapshotContent and its physical snapshot - on the underlying storage system should be deleted when its bound VolumeSnapshot - is deleted. - name: DeletionPolicy - type: string - - JSONPath: .spec.driver - description: Name of the CSI driver used to create the physical snapshot on the - underlying storage system. - name: Driver - type: string - - JSONPath: .spec.volumeSnapshotClassName - description: Name of the VolumeSnapshotClass to which this snapshot belongs. - name: VolumeSnapshotClass - type: string - - JSONPath: .spec.volumeSnapshotRef.name - description: Name of the VolumeSnapshot object to which this VolumeSnapshotContent - object is bound. - name: VolumeSnapshot - type: string - - JSONPath: .metadata.creationTimestamp - name: Age - type: date - group: snapshot.storage.k8s.io - names: - kind: VolumeSnapshotContent - listKind: VolumeSnapshotContentList - plural: volumesnapshotcontents - singular: volumesnapshotcontent - preserveUnknownFields: false - scope: Cluster - subresources: - status: {} - validation: - openAPIV3Schema: - description: VolumeSnapshotContent represents the actual "on-disk" snapshot - object in the underlying storage system - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: spec defines properties of a VolumeSnapshotContent created - by the underlying storage system. Required. - properties: - deletionPolicy: - description: deletionPolicy determines whether this VolumeSnapshotContent - and its physical snapshot on the underlying storage system should - be deleted when its bound VolumeSnapshot is deleted. Supported values - are "Retain" and "Delete". "Retain" means that the VolumeSnapshotContent - and its physical snapshot on underlying storage system are kept. "Delete" - means that the VolumeSnapshotContent and its physical snapshot on - underlying storage system are deleted. In dynamic snapshot creation - case, this field will be filled in with the "DeletionPolicy" field - defined in the VolumeSnapshotClass the VolumeSnapshot refers to. For - pre-existing snapshots, users MUST specify this field when creating - the VolumeSnapshotContent object. Required. - enum: - - Delete - - Retain - type: string - driver: - description: driver is the name of the CSI driver used to create the - physical snapshot on the underlying storage system. This MUST be the - same as the name returned by the CSI GetPluginName() call for that - driver. Required. - type: string - source: - description: source specifies from where a snapshot will be created. - This field is immutable after creation. Required. - properties: - snapshotHandle: - description: snapshotHandle specifies the CSI "snapshot_id" of a - pre-existing snapshot on the underlying storage system. This field - is immutable. - type: string - volumeHandle: - description: volumeHandle specifies the CSI "volume_id" of the volume - from which a snapshot should be dynamically taken from. This field - is immutable. - type: string - type: object - volumeSnapshotClassName: - description: name of the VolumeSnapshotClass to which this snapshot - belongs. - type: string - volumeSnapshotRef: - description: volumeSnapshotRef specifies the VolumeSnapshot object to - which this VolumeSnapshotContent object is bound. VolumeSnapshot.Spec.VolumeSnapshotContentName - field must reference to this VolumeSnapshotContent's name for the - bidirectional binding to be valid. For a pre-existing VolumeSnapshotContent - object, name and namespace of the VolumeSnapshot object MUST be provided - for binding to happen. This field is immutable after creation. Required. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an - entire object, this string should contain a valid JSON/Go field - access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen only - to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change - in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is - made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - type: object - required: - - deletionPolicy - - driver - - source - - volumeSnapshotRef - type: object - status: - description: status represents the current information of a snapshot. - properties: - creationTime: - description: creationTime is the timestamp when the point-in-time snapshot - is taken by the underlying storage system. In dynamic snapshot creation - case, this field will be filled in with the "creation_time" value - returned from CSI "CreateSnapshotRequest" gRPC call. For a pre-existing - snapshot, this field will be filled with the "creation_time" value - returned from the CSI "ListSnapshots" gRPC call if the driver supports - it. If not specified, it indicates the creation time is unknown. The - format of this field is a Unix nanoseconds time encoded as an int64. - On Unix, the command `date +%s%N` returns the current time in nanoseconds - since 1970-01-01 00:00:00 UTC. - format: int64 - type: integer - error: - description: error is the latest observed error during snapshot creation, - if any. - properties: - message: - description: 'message is a string detailing the encountered error - during snapshot creation if specified. NOTE: message may be logged, - and it should not contain sensitive information.' - type: string - time: - description: time is the timestamp when the error was encountered. - format: date-time - type: string - type: object - readyToUse: - description: readyToUse indicates if a snapshot is ready to be used - to restore a volume. In dynamic snapshot creation case, this field - will be filled in with the "ready_to_use" value returned from CSI - "CreateSnapshotRequest" gRPC call. For a pre-existing snapshot, this - field will be filled with the "ready_to_use" value returned from the - CSI "ListSnapshots" gRPC call if the driver supports it, otherwise, - this field will be set to "True". If not specified, it means the readiness - of a snapshot is unknown. - type: boolean - restoreSize: - description: restoreSize represents the complete size of the snapshot - in bytes. In dynamic snapshot creation case, this field will be filled - in with the "size_bytes" value returned from CSI "CreateSnapshotRequest" - gRPC call. For a pre-existing snapshot, this field will be filled - with the "size_bytes" value returned from the CSI "ListSnapshots" - gRPC call if the driver supports it. When restoring a volume from - this snapshot, the size of the volume MUST NOT be smaller than the - restoreSize if it is specified, otherwise the restoration will fail. - If not specified, it indicates that the size is unknown. - format: int64 - minimum: 0 - type: integer - snapshotHandle: - description: snapshotHandle is the CSI "snapshot_id" of a snapshot on - the underlying storage system. If not specified, it indicates that - dynamic snapshot creation has either failed or it is still in progress. - type: string - type: object - required: - - spec - type: object - version: v1beta1 - versions: - - name: v1beta1 - served: true - storage: true - status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] -{{- end }} -{{- if not (lookup "apiextensions.k8s.io/v1" "CustomResourceDefinition" "" "volumesnapshots.snapshot.storage.k8s.io") }} -- apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - api-approved.kubernetes.io: "https://github.com/kubernetes-csi/external-snapshotter/pull/139" - "helm.sh/resource-policy": keep - creationTimestamp: null - name: volumesnapshots.snapshot.storage.k8s.io - spec: - additionalPrinterColumns: - - JSONPath: .status.readyToUse - description: Indicates if a snapshot is ready to be used to restore a volume. - name: ReadyToUse - type: boolean - - JSONPath: .spec.source.persistentVolumeClaimName - description: Name of the source PVC from where a dynamically taken snapshot will - be created. - name: SourcePVC - type: string - - JSONPath: .spec.source.volumeSnapshotContentName - description: Name of the VolumeSnapshotContent which represents a pre-provisioned - snapshot. - name: SourceSnapshotContent - type: string - - JSONPath: .status.restoreSize - description: Represents the complete size of the snapshot. - name: RestoreSize - type: string - - JSONPath: .spec.volumeSnapshotClassName - description: The name of the VolumeSnapshotClass requested by the VolumeSnapshot. - name: SnapshotClass - type: string - - JSONPath: .status.boundVolumeSnapshotContentName - description: The name of the VolumeSnapshotContent to which this VolumeSnapshot - is bound. - name: SnapshotContent - type: string - - JSONPath: .status.creationTime - description: Timestamp when the point-in-time snapshot is taken by the underlying - storage system. - name: CreationTime - type: date - - JSONPath: .metadata.creationTimestamp - name: Age - type: date - group: snapshot.storage.k8s.io - names: - kind: VolumeSnapshot - listKind: VolumeSnapshotList - plural: volumesnapshots - singular: volumesnapshot - preserveUnknownFields: false - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: VolumeSnapshot is a user's request for either creating a point-in-time - snapshot of a persistent volume, or binding to a pre-existing snapshot. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: 'spec defines the desired characteristics of a snapshot requested - by a user. More info: https://kubernetes.io/docs/concepts/storage/volume-snapshots#volumesnapshots - Required.' - properties: - source: - description: source specifies where a snapshot will be created from. - This field is immutable after creation. Required. - properties: - persistentVolumeClaimName: - description: persistentVolumeClaimName specifies the name of the - PersistentVolumeClaim object in the same namespace as the VolumeSnapshot - object where the snapshot should be dynamically taken from. This - field is immutable. - type: string - volumeSnapshotContentName: - description: volumeSnapshotContentName specifies the name of a pre-existing - VolumeSnapshotContent object. This field is immutable. - type: string - type: object - volumeSnapshotClassName: - description: 'volumeSnapshotClassName is the name of the VolumeSnapshotClass - requested by the VolumeSnapshot. If not specified, the default snapshot - class will be used if one exists. If not specified, and there is no - default snapshot class, dynamic snapshot creation will fail. Empty - string is not allowed for this field. TODO(xiangqian): a webhook validation - on empty string. More info: https://kubernetes.io/docs/concepts/storage/volume-snapshot-classes' - type: string - required: - - source - type: object - status: - description: 'status represents the current information of a snapshot. NOTE: - status can be modified by sources other than system controllers, and must - not be depended upon for accuracy. Controllers should only use information - from the VolumeSnapshotContent object after verifying that the binding - is accurate and complete.' - properties: - boundVolumeSnapshotContentName: - description: 'boundVolumeSnapshotContentName represents the name of - the VolumeSnapshotContent object to which the VolumeSnapshot object - is bound. If not specified, it indicates that the VolumeSnapshot object - has not been successfully bound to a VolumeSnapshotContent object - yet. NOTE: Specified boundVolumeSnapshotContentName alone does not - mean binding is valid. Controllers MUST always verify bidirectional - binding between VolumeSnapshot and VolumeSnapshotContent to - avoid possible security issues.' - type: string - creationTime: - description: creationTime is the timestamp when the point-in-time snapshot - is taken by the underlying storage system. In dynamic snapshot creation - case, this field will be filled in with the "creation_time" value - returned from CSI "CreateSnapshotRequest" gRPC call. For a pre-existing - snapshot, this field will be filled with the "creation_time" value - returned from the CSI "ListSnapshots" gRPC call if the driver supports - it. If not specified, it indicates that the creation time of the snapshot - is unknown. - format: date-time - type: string - error: - description: error is the last observed error during snapshot creation, - if any. This field could be helpful to upper level controllers(i.e., - application controller) to decide whether they should continue on - waiting for the snapshot to be created based on the type of error - reported. - properties: - message: - description: 'message is a string detailing the encountered error - during snapshot creation if specified. NOTE: message may be logged, - and it should not contain sensitive information.' - type: string - time: - description: time is the timestamp when the error was encountered. - format: date-time - type: string - type: object - readyToUse: - description: readyToUse indicates if a snapshot is ready to be used - to restore a volume. In dynamic snapshot creation case, this field - will be filled in with the "ready_to_use" value returned from CSI - "CreateSnapshotRequest" gRPC call. For a pre-existing snapshot, this - field will be filled with the "ready_to_use" value returned from the - CSI "ListSnapshots" gRPC call if the driver supports it, otherwise, - this field will be set to "True". If not specified, it means the readiness - of a snapshot is unknown. - type: boolean - restoreSize: - type: string - description: restoreSize represents the complete size of the snapshot - in bytes. In dynamic snapshot creation case, this field will be filled - in with the "size_bytes" value returned from CSI "CreateSnapshotRequest" - gRPC call. For a pre-existing snapshot, this field will be filled - with the "size_bytes" value returned from the CSI "ListSnapshots" - gRPC call if the driver supports it. When restoring a volume from - this snapshot, the size of the volume MUST NOT be smaller than the - restoreSize if it is specified, otherwise the restoration will fail. - If not specified, it indicates that the size is unknown. - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - required: - - spec - type: object - version: v1beta1 - versions: - - name: v1beta1 - served: true - storage: true - status: - # acceptedNames: - # kind: "" - # plural: "" - conditions: [] - # storedVersions: [] -{{- end }} -- apiVersion: apps/v1 - kind: Deployment - metadata: - name: kubeagent - namespace: {{ .Values.namespace }} - spec: - selector: - matchLabels: - app: kubeagent - strategy: {} - replicas: 1 - template: - metadata: - labels: - app: kubeagent - annotations: - prometheus.io/path: /metrics - prometheus.io/port: "8085" - prometheus.io/scrape: "true" - spec: - containers: - - image: "{{ .Values.kagent_image.repository }}:{{ .Values.kagent_image.tag }}" - args: ["/usr/local/bin/kubeagent", "--server_addr", "agent.cloudcasa.io:443", "--tls", "true"] - name: kubeagent - resources: - requests: - memory: "{{ .Values.request_kubeagent_memory }}" - cpu: "{{ .Values.request_kubeagent_cpu }}" - limits: - memory: "{{ .Values.limit_kubeagent_memory }}" - cpu: "{{ .Values.limit_kubeagent_cpu }}" - env: - - name: AMDS_CLUSTER_ID - value: "{{ .Values.cluster_id }}" - - name: KUBEMOVER_IMAGE - value: "{{ .Values.kagent_image.repository }}:{{ .Values.kagent_image.tag }}" - volumeMounts: - - mountPath: /credentials - name: cloud-credentials - - mountPath: /plugins - name: plugins - - mountPath: /scratch - name: scratch - - image: "{{ .Values.velero_image.repository }}:{{ .Values.velero_image.tag }}" - imagePullPolicy: IfNotPresent - name: kubeagent-backup-helper - args: - - server - - --features=EnableCSI,EnableAPIGroupVersions - - --backup-sync-period=0s - - --store-validation-frequency=0s - # (24 hours * 365 days * 10 years) + (2 * 24 hours[for leap years]) = 87648 hours - - --default-backup-ttl=87648h0m0s - - --disable-controllers=backup-sync,schedule,gc,download-request,restic-repo,server-status-request - - --log-format=json - - --log-level=info - command: - - /velero - env: - - name: VELERO_SCRATCH_DIR - value: /scratch - - name: VELERO_NAMESPACE - value: {{ .Values.namespace }} - - name: LD_LIBRARY_PATH - value: /plugins - - name: AWS_SHARED_CREDENTIALS_FILE - value: /credentials/s3/cloud - - name: GOOGLE_APPLICATION_CREDENTIALS - value: /credentials/gcp/cloud - - name: AZURE_CREDENTIALS_FILE - value: /credentials/azure/cloud - ports: - - containerPort: 8085 - name: metrics - resources: - limits: - cpu: "{{ .Values.limit_velero_cpu }}" - memory: "{{ .Values.limit_velero_memory }}" - requests: - cpu: "{{ .Values.request_velero_cpu }}" - memory: "{{ .Values.request_velero_memory }}" - volumeMounts: - - mountPath: /plugins - name: plugins - - mountPath: /scratch - name: scratch - - mountPath: /credentials - name: cloud-credentials - initContainers: - - image: "{{ .Values.velero_aws_plugin_image.repository }}:{{ .Values.velero_aws_plugin_image.tag }}" - imagePullPolicy: IfNotPresent - name: velero-plugin-for-aws - resources: {} - volumeMounts: - - mountPath: /target - name: plugins - - image: "{{ .Values.velero_csi_plugin_image.repository }}:{{ .Values.velero_csi_plugin_image.tag }}" - imagePullPolicy: IfNotPresent - name: velero-plugin-for-csi - resources: {} - volumeMounts: - - mountPath: /target - name: plugins - restartPolicy: Always - serviceAccountName: {{ .Values.namespace }} - volumes: - - emptyDir: {} - name: plugins - - emptyDir: {} - name: scratch - - emptyDir: {} - name: cloud-credentials \ No newline at end of file diff --git a/charts/cloudcasa/cloudcasa/1/values.yaml b/charts/cloudcasa/cloudcasa/1/values.yaml deleted file mode 100755 index e51d6a8d3..000000000 --- a/charts/cloudcasa/cloudcasa/1/values.yaml +++ /dev/null @@ -1,92 +0,0 @@ -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry -## - -## Required namespace -namespace: cloudcasa-io - -## Velero csi plugin image -## ref: https://hub.docker.com/r/velero/velero-plugin-for-csi/tags/ -velero_csi_plugin_image: - registry: docker.io - repository: catalogicsoftware/velero-plugin-for-csi - tag: v0.1.2.3 - pullPolicy: IfNotPresent - debug: false -## - -## Velero aws plugin image -## ref: https://hub.docker.com/r/velero/velero-plugin-for-aws/tags/ -velero_aws_plugin_image: - registry: docker.io - repository: velero/velero-plugin-for-aws - tag: v1.1.0 - pullPolicy: IfNotPresent - debug: false -## - -## Velero image -## ref: https://hub.docker.com/r/velero/velero/tags -velero_image: - registry: docker.io - repository: velero/velero - tag: v1.5.3 - pullPolicy: IfNotPresent - debug: false -## - -## Cloudcasa kubeagent image -## ref: https://hub.docker.com/r/catalogicsoftware/amds-kagent/tags/ -kagent_image: - registry: docker.io - repository: catalogicsoftware/amds-kagent - tag: 0.1.0-prod.47 - pullPolicy: IfNotPresent - debug: false -## - -## Cloudcasa AMDS Cluster ID. To be provided by the user -cluster_id: "" - -## Resources to be used by velero and kubeagent pods -request_velero_memory: 128Mi -request_velero_cpu: 500m -limit_velero_memory: 512Mi -limit_velero_cpu: 1 -request_kubeagent_memory: 32Mi -request_kubeagent_cpu: 250m -limit_kubeagent_memory: 64Mi -limit_kubeagent_cpu: 500m - -## Placeholder configuration below this line ## -imagePullSecrets: [] -nameOverride: "" -fullnameOverride: "" - -serviceAccount: - create: true - annotations: {} - name: "" - -podAnnotations: {} - -podSecurityContext: {} - -securityContext: {} - -resources: {} - -autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 1 - targetCPUUtilizationPercentage: 80 - targetMemoryUtilizationPercentage: 80 - -nodeSelector: {} - -tolerations: [] - -affinity: {} -## diff --git a/charts/cloudcasa/cloudcasa/2.0.0/Chart.yaml b/charts/cloudcasa/cloudcasa/2.0.0/Chart.yaml deleted file mode 100644 index 4242c79d2..000000000 --- a/charts/cloudcasa/cloudcasa/2.0.0/Chart.yaml +++ /dev/null @@ -1,20 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: CloudCasa - catalog.cattle.io/namespace: cloudcasa-io - catalog.cattle.io/release-name: cloudcasa -apiVersion: v2 -appVersion: 2.0.0 -description: CloudCasa backup service for Kubernetes and cloud native applications -home: https://cloudcasa.io -icon: https://partner-charts.rancher.io/assets/logos/cloudcasa.png -keywords: -- backup -- Catalogic -- CloudCasa -kubeVersion: '>=1.13.0-0' -maintainers: -- email: info@catalogicsoftware.com - name: catalogicsoftware -name: cloudcasa -version: 2.0.0 diff --git a/charts/cloudcasa/cloudcasa/2.0.0/README.md b/charts/cloudcasa/cloudcasa/2.0.0/README.md deleted file mode 100644 index 8f74059b9..000000000 --- a/charts/cloudcasa/cloudcasa/2.0.0/README.md +++ /dev/null @@ -1,51 +0,0 @@ -# CloudCasa Kubernetes Agent - -[CloudCasa](https://cloudcasa.io) - A Smart Home in the Cloud for Kubernetes Backups - -# Introduction - -CloudCasa is a SaaS solution that provides class-leading data protection services for Kubernetes and cloud native applications. -Configuration is quick and easy, and basic service is free. - -This Helm chart installs and configures the CloudCasa agent on a Kubernetes cluster. -See the CloudCasa [Getting Started Guide](https://cloudcasa.io/get-started) for more information. - -## Prerequisites - -1. Kubernetes 1.17+ -2. Helm 3.0+ - -## Installation - -### Rancher Installation (Apps & Marketplace) - -1. Log in to https://home.cloudcasa.io and add your Kubernetes cluster under the Setup tab. Note the returned cluster ID. -2. Go to Apps & Marketplace in the Rancher UI. In the Deploy Chart section, check the Partners checkbox and click on the cloudcasa chart. -3. Provide a Name (e.g. CloudCasa) and optional description. -4. In the CloudCasa Configuration section, provide the Cluster ID obtained above. -5. Click on the Install button to complete installation of the agent. - -### Helm CLI Installation - -1. Log in to https://home.cloudcasa.io and add your Kubernetes cluster under the Setup tab. Note the returned cluster ID. -2. Execute the following helm commands, replacing `````` with the Cluster ID obtained above: -``` -$ helm repo add cloudcasa-repo https://catalogicsoftware.github.io/cloudcasa-helmchart -$ helm install cloudcasa.io cloudcasa-repo/cloudcasa --set cluster_id= -``` -This will install the CloudCasa agent and complete registration of the cluster with the CloudCasa service. - -## Updating the CloudCasa Agent -1. Log in to https://home.cloudcasa.io and obtain the cluster ID for your cluster by selecting it under the Setup tab. -2. Execute the following commands to update the agent: -``` -$ helm repo update -$ helm upgrade cloudcasa.io cloudcasa-repo/cloudcasa --set cluster_id= -``` - -## Uninstalling the CloudCasa Agent -``` -$ helm uninstall cloudcasa.io -``` - -*CloudCasa is a trademark of Catalogic Software Inc.* diff --git a/charts/cloudcasa/cloudcasa/2.0.0/app-readme.md b/charts/cloudcasa/cloudcasa/2.0.0/app-readme.md deleted file mode 100644 index bae0de627..000000000 --- a/charts/cloudcasa/cloudcasa/2.0.0/app-readme.md +++ /dev/null @@ -1,6 +0,0 @@ -# CloudCasa Kubernetes Agent - -### [CloudCasa](https://cloudcasa.io) - A Smart Home in the Cloud for Kubernetes Backups - -CloudCasa is a SaaS solution that provides class-leading data protection services for Kubernetes and cloud native applications. -Configuration is quick and easy, and basic service is free. See the CloudCasa [Getting Started Guide](https://cloudcasa.io/get-started) for more information. diff --git a/charts/cloudcasa/cloudcasa/2.0.0/questions.yaml b/charts/cloudcasa/cloudcasa/2.0.0/questions.yaml deleted file mode 100644 index d4443f94f..000000000 --- a/charts/cloudcasa/cloudcasa/2.0.0/questions.yaml +++ /dev/null @@ -1,13 +0,0 @@ -namespace: cloudcasa-io -labels: - io.rancher.certified: partner -categories: -- Application -questions: -- variable: cluster_id - default: "" - description: "CloudCasa Cluster ID" - type: string - required: true - label: CLUSTER ID - group: "CloudCasa Configuration" diff --git a/charts/cloudcasa/cloudcasa/2.0.0/templates/NOTES.txt b/charts/cloudcasa/cloudcasa/2.0.0/templates/NOTES.txt deleted file mode 100644 index e30a0df5a..000000000 --- a/charts/cloudcasa/cloudcasa/2.0.0/templates/NOTES.txt +++ /dev/null @@ -1,5 +0,0 @@ ---------Please be patient while the chart is being deployed-------- - -Tip: Watch the App deployment status using the command: kubectl get pods -n cloudcasa-io - -Monitor the Cloudcasa UI, the regsitered cluster state should be moved to Ready State. If the clutser state is still in Pendingstate, wrong ClusterID would have been provided. diff --git a/charts/cloudcasa/cloudcasa/2.0.0/templates/_helpers.tpl b/charts/cloudcasa/cloudcasa/2.0.0/templates/_helpers.tpl deleted file mode 100644 index 75bf8467f..000000000 --- a/charts/cloudcasa/cloudcasa/2.0.0/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "cloudcasa.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "cloudcasa.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "cloudcasa.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/cloudcasa/cloudcasa/2.0.0/templates/cluster-register.yaml b/charts/cloudcasa/cloudcasa/2.0.0/templates/cluster-register.yaml deleted file mode 100644 index af5ddcce1..000000000 --- a/charts/cloudcasa/cloudcasa/2.0.0/templates/cluster-register.yaml +++ /dev/null @@ -1,3073 +0,0 @@ -# ----------------------------------------------------------------------- -# Steps to delete CloudCasa from the cluster are: -# ----------------------------------------------------------------------- -# kubectl delete namespace/cloudcasa-io clusterrolebinding/cloudcasa-io -# kubectl delete crds -l component=kubeagent_backup_helper -# ----------------------------------------------------------------------- - -apiVersion: v1 -kind: List -# This list contains Custom Resource Definitons for Backup & Restore Operations -items: -- apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null - labels: - component: kubeagent-backup-helper - name: backups.velero.io - spec: - group: velero.io - names: - kind: Backup - listKind: BackupList - plural: backups - singular: backup - preserveUnknownFields: false - scope: Namespaced - validation: - openAPIV3Schema: - description: Backup is a Velero resource that represents the capture of Kubernetes cluster state at a point in time (API objects and associated volume state). - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: BackupSpec defines the specification for a Velero backup. - properties: - defaultVolumesToRestic: - description: DefaultVolumesToRestic specifies whether restic should be used to take a backup of all pod volumes by default. - type: boolean - excludedNamespaces: - description: ExcludedNamespaces contains a list of namespaces that are not included in the backup. - items: - type: string - nullable: true - type: array - excludedResources: - description: ExcludedResources is a slice of resource names that are not included in the backup. - items: - type: string - nullable: true - type: array - hooks: - description: Hooks represent custom behaviors that should be executed at different phases of the backup. - properties: - resources: - description: Resources are hooks that should be executed when backing up individual instances of a resource. - items: - description: BackupResourceHookSpec defines one or more BackupResourceHooks that should be executed based on the rules defined for namespaces, resources, and label selector. - properties: - excludedNamespaces: - description: ExcludedNamespaces specifies the namespaces to which this hook spec does not apply. - items: - type: string - nullable: true - type: array - excludedResources: - description: ExcludedResources specifies the resources to which this hook spec does not apply. - items: - type: string - nullable: true - type: array - includedNamespaces: - description: IncludedNamespaces specifies the namespaces to which this hook spec applies. If empty, it applies to all namespaces. - items: - type: string - nullable: true - type: array - includedResources: - description: IncludedResources specifies the resources to which this hook spec applies. If empty, it applies to all resources. - items: - type: string - nullable: true - type: array - labelSelector: - description: LabelSelector, if specified, filters the resources to which this hook spec applies. - nullable: true - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - name: - description: Name is the name of this hook. - type: string - post: - description: PostHooks is a list of BackupResourceHooks to execute after storing the item in the backup. These are executed after all "additional items" from item actions are processed. - items: - description: BackupResourceHook defines a hook for a resource. - properties: - exec: - description: Exec defines an exec hook. - properties: - command: - description: Command is the command and arguments to execute. - items: - type: string - minItems: 1 - type: array - container: - description: Container is the container in the pod where the command should be executed. If not specified, the pod's first container is used. - type: string - onError: - description: OnError specifies how Velero should behave if it encounters an error executing this hook. - enum: - - Continue - - Fail - type: string - timeout: - description: Timeout defines the maximum amount of time Velero should wait for the hook to complete before considering the execution a failure. - type: string - required: - - command - type: object - required: - - exec - type: object - type: array - pre: - description: PreHooks is a list of BackupResourceHooks to execute prior to storing the item in the backup. These are executed before any "additional items" from item actions are processed. - items: - description: BackupResourceHook defines a hook for a resource. - properties: - exec: - description: Exec defines an exec hook. - properties: - command: - description: Command is the command and arguments to execute. - items: - type: string - minItems: 1 - type: array - container: - description: Container is the container in the pod where the command should be executed. If not specified, the pod's first container is used. - type: string - onError: - description: OnError specifies how Velero should behave if it encounters an error executing this hook. - enum: - - Continue - - Fail - type: string - timeout: - description: Timeout defines the maximum amount of time Velero should wait for the hook to complete before considering the execution a failure. - type: string - required: - - command - type: object - required: - - exec - type: object - type: array - required: - - name - type: object - nullable: true - type: array - type: object - includeClusterResources: - description: IncludeClusterResources specifies whether cluster-scoped resources should be included for consideration in the backup. - nullable: true - type: boolean - includedNamespaces: - description: IncludedNamespaces is a slice of namespace names to include objects from. If empty, all namespaces are included. - items: - type: string - nullable: true - type: array - includedResources: - description: IncludedResources is a slice of resource names to include in the backup. If empty, all resources are included. - items: - type: string - nullable: true - type: array - labelSelector: - description: LabelSelector is a metav1.LabelSelector to filter with when adding individual objects to the backup. If empty or nil, all objects are included. Optional. - nullable: true - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - orderedResources: - additionalProperties: - type: string - description: OrderedResources specifies the backup order of resources of specific Kind. The map key is the Kind name and value is a list of resource names separated by commas. Each resource name has format "namespace/resourcename". For cluster resources, simply use "resourcename". - nullable: true - type: object - snapshotVolumes: - description: SnapshotVolumes specifies whether to take cloud snapshots of any PV's referenced in the set of objects included in the Backup. - nullable: true - type: boolean - storageLocation: - description: StorageLocation is a string containing the name of a BackupStorageLocation where the backup should be stored. - type: string - ttl: - description: TTL is a time.Duration-parseable string describing how long the Backup should be retained for. - type: string - volumeSnapshotLocations: - description: VolumeSnapshotLocations is a list containing names of VolumeSnapshotLocations associated with this backup. - items: - type: string - type: array - type: object - status: - description: BackupStatus captures the current status of a Velero backup. - properties: - completionTimestamp: - description: CompletionTimestamp records the time a backup was completed. Completion time is recorded even on failed backups. Completion time is recorded before uploading the backup object. The server's time is used for CompletionTimestamps - format: date-time - nullable: true - type: string - errors: - description: Errors is a count of all error messages that were generated during execution of the backup. The actual errors are in the backup's log file in object storage. - type: integer - expiration: - description: Expiration is when this Backup is eligible for garbage-collection. - format: date-time - nullable: true - type: string - formatVersion: - description: FormatVersion is the backup format version, including major, minor, and patch version. - type: string - phase: - description: Phase is the current state of the Backup. - enum: - - New - - FailedValidation - - InProgress - - Completed - - PartiallyFailed - - Failed - - Deleting - type: string - progress: - description: Progress contains information about the backup's execution progress. Note that this information is best-effort only -- if Velero fails to update it during a backup for any reason, it may be inaccurate/stale. - nullable: true - properties: - itemsBackedUp: - description: ItemsBackedUp is the number of items that have actually been written to the backup tarball so far. - type: integer - totalItems: - description: TotalItems is the total number of items to be backed up. This number may change throughout the execution of the backup due to plugins that return additional related items to back up, the velero.io/exclude-from-backup label, and various other filters that happen as items are processed. - type: integer - type: object - startTimestamp: - description: StartTimestamp records the time a backup was started. Separate from CreationTimestamp, since that value changes on restores. The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - validationErrors: - description: ValidationErrors is a slice of all validation errors (if applicable). - items: - type: string - nullable: true - type: array - version: - description: 'Version is the backup format major version. Deprecated: Please see FormatVersion' - type: integer - volumeSnapshotsAttempted: - description: VolumeSnapshotsAttempted is the total number of attempted volume snapshots for this backup. - type: integer - volumeSnapshotsCompleted: - description: VolumeSnapshotsCompleted is the total number of successfully completed volume snapshots for this backup. - type: integer - warnings: - description: Warnings is a count of all warning messages that were generated during execution of the backup. The actual warnings are in the backup's log file in object storage. - type: integer - type: object - type: object - version: v1 - versions: - - name: v1 - served: true - storage: true -- apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null - labels: - component: kubeagent-backup-helper - name: backupstoragelocations.velero.io - spec: - additionalPrinterColumns: - - JSONPath: .status.phase - description: Backup Storage Location status such as Available/Unavailable - name: Phase - type: string - - JSONPath: .status.lastValidationTime - description: LastValidationTime is the last time the backup store location was validated - name: Last Validated - type: date - - JSONPath: .metadata.creationTimestamp - name: Age - type: date - - JSONPath: .spec.default - description: Default backup storage location - name: Default - type: boolean - group: velero.io - names: - kind: BackupStorageLocation - listKind: BackupStorageLocationList - plural: backupstoragelocations - shortNames: - - bsl - singular: backupstoragelocation - preserveUnknownFields: false - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: BackupStorageLocation is a location where Velero stores backup objects - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: BackupStorageLocationSpec defines the desired state of a Velero BackupStorageLocation - properties: - accessMode: - description: AccessMode defines the permissions for the backup storage location. - enum: - - ReadOnly - - ReadWrite - type: string - backupSyncPeriod: - description: BackupSyncPeriod defines how frequently to sync backup API objects from object storage. A value of 0 disables sync. - nullable: true - type: string - config: - additionalProperties: - type: string - description: Config is for provider-specific configuration fields. - type: object - credential: - description: Credential contains the credential information intended to be used with this location - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - default: - description: Default indicates this location is the default backup storage location. - type: boolean - objectStorage: - description: ObjectStorageLocation specifies the settings necessary to connect to a provider's object storage. - properties: - bucket: - description: Bucket is the bucket to use for object storage. - type: string - caCert: - description: CACert defines a CA bundle to use when verifying TLS connections to the provider. - format: byte - type: string - prefix: - description: Prefix is the path inside a bucket to use for Velero storage. Optional. - type: string - required: - - bucket - type: object - provider: - description: Provider is the provider of the backup storage. - type: string - validationFrequency: - description: ValidationFrequency defines how frequently to validate the corresponding object storage. A value of 0 disables validation. - nullable: true - type: string - required: - - objectStorage - - provider - type: object - status: - description: BackupStorageLocationStatus defines the observed state of BackupStorageLocation - properties: - accessMode: - description: "AccessMode is an unused field. \n Deprecated: there is now an AccessMode field on the Spec and this field will be removed entirely as of v2.0." - enum: - - ReadOnly - - ReadWrite - type: string - lastSyncedRevision: - description: "LastSyncedRevision is the value of the `metadata/revision` file in the backup storage location the last time the BSL's contents were synced into the cluster. \n Deprecated: this field is no longer updated or used for detecting changes to the location's contents and will be removed entirely in v2.0." - type: string - lastSyncedTime: - description: LastSyncedTime is the last time the contents of the location were synced into the cluster. - format: date-time - nullable: true - type: string - lastValidationTime: - description: LastValidationTime is the last time the backup store location was validated the cluster. - format: date-time - nullable: true - type: string - phase: - description: Phase is the current state of the BackupStorageLocation. - enum: - - Available - - Unavailable - type: string - type: object - type: object - version: v1 - versions: - - name: v1 - served: true - storage: true -- apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null - labels: - component: kubeagent-backup-helper - name: deletebackuprequests.velero.io - spec: - group: velero.io - names: - kind: DeleteBackupRequest - listKind: DeleteBackupRequestList - plural: deletebackuprequests - singular: deletebackuprequest - preserveUnknownFields: false - scope: Namespaced - validation: - openAPIV3Schema: - description: DeleteBackupRequest is a request to delete one or more backups. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: DeleteBackupRequestSpec is the specification for which backups to delete. - properties: - backupName: - type: string - required: - - backupName - type: object - status: - description: DeleteBackupRequestStatus is the current status of a DeleteBackupRequest. - properties: - errors: - description: Errors contains any errors that were encountered during the deletion process. - items: - type: string - nullable: true - type: array - phase: - description: Phase is the current state of the DeleteBackupRequest. - enum: - - New - - InProgress - - Processed - type: string - type: object - type: object - version: v1 - versions: - - name: v1 - served: true - storage: true -- apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null - labels: - component: kubeagent-backup-helper - name: downloadrequests.velero.io - spec: - group: velero.io - names: - kind: DownloadRequest - listKind: DownloadRequestList - plural: downloadrequests - singular: downloadrequest - preserveUnknownFields: false - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: DownloadRequest is a request to download an artifact from backup object storage, such as a backup log file. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: DownloadRequestSpec is the specification for a download request. - properties: - target: - description: Target is what to download (e.g. logs for a backup). - properties: - kind: - description: Kind is the type of file to download. - enum: - - BackupLog - - BackupContents - - BackupVolumeSnapshots - - BackupResourceList - - RestoreLog - - RestoreResults - type: string - name: - description: Name is the name of the kubernetes resource with which the file is associated. - type: string - required: - - kind - - name - type: object - required: - - target - type: object - status: - description: DownloadRequestStatus is the current status of a DownloadRequest. - properties: - downloadURL: - description: DownloadURL contains the pre-signed URL for the target file. - type: string - expiration: - description: Expiration is when this DownloadRequest expires and can be deleted by the system. - format: date-time - nullable: true - type: string - phase: - description: Phase is the current state of the DownloadRequest. - enum: - - New - - Processed - type: string - type: object - type: object - version: v1 - versions: - - name: v1 - served: true - storage: true -- apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null - labels: - component: kubeagent-backup-helper - name: podvolumebackups.velero.io - spec: - group: velero.io - names: - kind: PodVolumeBackup - listKind: PodVolumeBackupList - plural: podvolumebackups - singular: podvolumebackup - preserveUnknownFields: false - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: PodVolumeBackupSpec is the specification for a PodVolumeBackup. - properties: - backupStorageLocation: - description: BackupStorageLocation is the name of the backup storage location where the restic repository is stored. - type: string - node: - description: Node is the name of the node that the Pod is running on. - type: string - pod: - description: Pod is a reference to the pod containing the volume to be backed up. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - type: object - repoIdentifier: - description: RepoIdentifier is the restic repository identifier. - type: string - tags: - additionalProperties: - type: string - description: Tags are a map of key-value pairs that should be applied to the volume backup as tags. - type: object - volume: - description: Volume is the name of the volume within the Pod to be backed up. - type: string - required: - - backupStorageLocation - - node - - pod - - repoIdentifier - - volume - type: object - status: - description: PodVolumeBackupStatus is the current status of a PodVolumeBackup. - properties: - completionTimestamp: - description: CompletionTimestamp records the time a backup was completed. Completion time is recorded even on failed backups. Completion time is recorded before uploading the backup object. The server's time is used for CompletionTimestamps - format: date-time - nullable: true - type: string - message: - description: Message is a message about the pod volume backup's status. - type: string - path: - description: Path is the full path within the controller pod being backed up. - type: string - phase: - description: Phase is the current state of the PodVolumeBackup. - enum: - - New - - InProgress - - Completed - - Failed - type: string - progress: - description: Progress holds the total number of bytes of the volume and the current number of backed up bytes. This can be used to display progress information about the backup operation. - properties: - bytesDone: - format: int64 - type: integer - totalBytes: - format: int64 - type: integer - type: object - snapshotID: - description: SnapshotID is the identifier for the snapshot of the pod volume. - type: string - startTimestamp: - description: StartTimestamp records the time a backup was started. Separate from CreationTimestamp, since that value changes on restores. The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - type: object - type: object - version: v1 - versions: - - name: v1 - served: true - storage: true -- apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null - labels: - component: kubeagent-backup-helper - name: podvolumerestores.velero.io - spec: - group: velero.io - names: - kind: PodVolumeRestore - listKind: PodVolumeRestoreList - plural: podvolumerestores - singular: podvolumerestore - preserveUnknownFields: false - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: PodVolumeRestoreSpec is the specification for a PodVolumeRestore. - properties: - backupStorageLocation: - description: BackupStorageLocation is the name of the backup storage location where the restic repository is stored. - type: string - pod: - description: Pod is a reference to the pod containing the volume to be restored. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - type: object - repoIdentifier: - description: RepoIdentifier is the restic repository identifier. - type: string - snapshotID: - description: SnapshotID is the ID of the volume snapshot to be restored. - type: string - volume: - description: Volume is the name of the volume within the Pod to be restored. - type: string - required: - - backupStorageLocation - - pod - - repoIdentifier - - snapshotID - - volume - type: object - status: - description: PodVolumeRestoreStatus is the current status of a PodVolumeRestore. - properties: - completionTimestamp: - description: CompletionTimestamp records the time a restore was completed. Completion time is recorded even on failed restores. The server's time is used for CompletionTimestamps - format: date-time - nullable: true - type: string - message: - description: Message is a message about the pod volume restore's status. - type: string - phase: - description: Phase is the current state of the PodVolumeRestore. - enum: - - New - - InProgress - - Completed - - Failed - type: string - progress: - description: Progress holds the total number of bytes of the snapshot and the current number of restored bytes. This can be used to display progress information about the restore operation. - properties: - bytesDone: - format: int64 - type: integer - totalBytes: - format: int64 - type: integer - type: object - startTimestamp: - description: StartTimestamp records the time a restore was started. The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - type: object - type: object - version: v1 - versions: - - name: v1 - served: true - storage: true -- apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null - labels: - component: kubeagent-backup-helper - name: resticrepositories.velero.io - spec: - group: velero.io - names: - kind: ResticRepository - listKind: ResticRepositoryList - plural: resticrepositories - singular: resticrepository - preserveUnknownFields: false - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ResticRepositorySpec is the specification for a ResticRepository. - properties: - backupStorageLocation: - description: BackupStorageLocation is the name of the BackupStorageLocation that should contain this repository. - type: string - maintenanceFrequency: - description: MaintenanceFrequency is how often maintenance should be run. - type: string - resticIdentifier: - description: ResticIdentifier is the full restic-compatible string for identifying this repository. - type: string - volumeNamespace: - description: VolumeNamespace is the namespace this restic repository contains pod volume backups for. - type: string - required: - - backupStorageLocation - - maintenanceFrequency - - resticIdentifier - - volumeNamespace - type: object - status: - description: ResticRepositoryStatus is the current status of a ResticRepository. - properties: - lastMaintenanceTime: - description: LastMaintenanceTime is the last time maintenance was run. - format: date-time - nullable: true - type: string - message: - description: Message is a message about the current status of the ResticRepository. - type: string - phase: - description: Phase is the current state of the ResticRepository. - enum: - - New - - Ready - - NotReady - type: string - type: object - type: object - version: v1 - versions: - - name: v1 - served: true - storage: true -- apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null - labels: - component: kubeagent-backup-helper - name: restores.velero.io - spec: - group: velero.io - names: - kind: Restore - listKind: RestoreList - plural: restores - singular: restore - preserveUnknownFields: false - scope: Namespaced - validation: - openAPIV3Schema: - description: Restore is a Velero resource that represents the application of resources from a Velero backup to a target Kubernetes cluster. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: RestoreSpec defines the specification for a Velero restore. - properties: - backupName: - description: BackupName is the unique name of the Velero backup to restore from. - type: string - excludedNamespaces: - description: ExcludedNamespaces contains a list of namespaces that are not included in the restore. - items: - type: string - nullable: true - type: array - excludedResources: - description: ExcludedResources is a slice of resource names that are not included in the restore. - items: - type: string - nullable: true - type: array - hooks: - description: Hooks represent custom behaviors that should be executed during or post restore. - properties: - resources: - items: - description: RestoreResourceHookSpec defines one or more RestoreResrouceHooks that should be executed based on the rules defined for namespaces, resources, and label selector. - properties: - excludedNamespaces: - description: ExcludedNamespaces specifies the namespaces to which this hook spec does not apply. - items: - type: string - nullable: true - type: array - excludedResources: - description: ExcludedResources specifies the resources to which this hook spec does not apply. - items: - type: string - nullable: true - type: array - includedNamespaces: - description: IncludedNamespaces specifies the namespaces to which this hook spec applies. If empty, it applies to all namespaces. - items: - type: string - nullable: true - type: array - includedResources: - description: IncludedResources specifies the resources to which this hook spec applies. If empty, it applies to all resources. - items: - type: string - nullable: true - type: array - labelSelector: - description: LabelSelector, if specified, filters the resources to which this hook spec applies. - nullable: true - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - name: - description: Name is the name of this hook. - type: string - postHooks: - description: PostHooks is a list of RestoreResourceHooks to execute during and after restoring a resource. - items: - description: RestoreResourceHook defines a restore hook for a resource. - properties: - exec: - description: Exec defines an exec restore hook. - properties: - command: - description: Command is the command and arguments to execute from within a container after a pod has been restored. - items: - type: string - minItems: 1 - type: array - container: - description: Container is the container in the pod where the command should be executed. If not specified, the pod's first container is used. - type: string - execTimeout: - description: ExecTimeout defines the maximum amount of time Velero should wait for the hook to complete before considering the execution a failure. - type: string - onError: - description: OnError specifies how Velero should behave if it encounters an error executing this hook. - enum: - - Continue - - Fail - type: string - waitTimeout: - description: WaitTimeout defines the maximum amount of time Velero should wait for the container to be Ready before attempting to run the command. - type: string - required: - - command - type: object - init: - description: Init defines an init restore hook. - properties: - initContainers: - description: InitContainers is list of init containers to be added to a pod during its restore. - items: - description: A single application container that you want to run within a pod. - properties: - args: - description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - command: - description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - env: - description: List of environment variables to set in the container. Cannot be updated. - items: - description: EnvVar represents an environment variable present in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. - items: - description: EnvFromSource represents the source of a set of ConfigMaps - properties: - configMapRef: - description: The ConfigMap to select from - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - type: object - prefix: - description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - type: object - type: object - type: array - image: - description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - lifecycle: - description: Actions that the management system should take in response to container lifecycle events. Cannot be updated. - properties: - postStart: - description: 'PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - description: 'PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod''s termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod''s termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - name: - description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. - type: string - ports: - description: List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. - items: - description: ContainerPort represents a network port in a single container. - properties: - containerPort: - description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. - format: int32 - type: integer - hostIP: - description: What host IP to bind the external port to. - type: string - hostPort: - description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. - format: int32 - type: integer - name: - description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. - type: string - protocol: - description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". - type: string - required: - - containerPort - - protocol - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - resources: - description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - securityContext: - description: 'Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN' - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX capabilities type - type: string - type: array - drop: - description: Removed capabilities - items: - description: Capability represent POSIX capabilities type - type: string - type: array - type: object - privileged: - description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. - type: boolean - procMount: - description: procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default is false. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - properties: - level: - description: Level is SELinux level label that applies to the container. - type: string - role: - description: Role is a SELinux role label that applies to the container. - type: string - type: - description: Type is a SELinux type label that applies to the container. - type: string - user: - description: User is a SELinux user label that applies to the container. - type: string - type: object - seccompProfile: - description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". - type: string - type: - description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." - type: string - required: - - type - type: object - windowsOptions: - description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA credential spec to use. - type: string - runAsUserName: - description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: string - type: object - type: object - startupProbe: - description: 'StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod''s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. This is a beta feature enabled by the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - stdin: - description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. - type: boolean - stdinOnce: - description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false - type: boolean - terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. - type: string - tty: - description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the list of block devices to be used by the container. - items: - description: volumeDevice describes a mapping of a raw block device within a container. - properties: - devicePath: - description: devicePath is the path inside of the container that the device will be mapped to. - type: string - name: - description: name must match the name of a persistentVolumeClaim in the pod - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - description: Pod volumes to mount into the container's filesystem. Cannot be updated. - items: - description: VolumeMount describes a mounting of a Volume within a container. - properties: - mountPath: - description: Path within the container at which the volume should be mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. - type: string - required: - - name - type: object - type: array - timeout: - description: Timeout defines the maximum amount of time Velero should wait for the initContainers to complete. - type: string - type: object - type: object - type: array - required: - - name - type: object - type: array - type: object - includeClusterResources: - description: IncludeClusterResources specifies whether cluster-scoped resources should be included for consideration in the restore. If null, defaults to true. - nullable: true - type: boolean - includedNamespaces: - description: IncludedNamespaces is a slice of namespace names to include objects from. If empty, all namespaces are included. - items: - type: string - nullable: true - type: array - includedResources: - description: IncludedResources is a slice of resource names to include in the restore. If empty, all resources in the backup are included. - items: - type: string - nullable: true - type: array - labelSelector: - description: LabelSelector is a metav1.LabelSelector to filter with when restoring individual objects from the backup. If empty or nil, all objects are included. Optional. - nullable: true - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - namespaceMapping: - additionalProperties: - type: string - description: NamespaceMapping is a map of source namespace names to target namespace names to restore into. Any source namespaces not included in the map will be restored into namespaces of the same name. - type: object - preserveNodePorts: - description: PreserveNodePorts specifies whether to restore old nodePorts from backup. - nullable: true - type: boolean - restorePVs: - description: RestorePVs specifies whether to restore all included PVs from snapshot (via the cloudprovider). - nullable: true - type: boolean - scheduleName: - description: ScheduleName is the unique name of the Velero schedule to restore from. If specified, and BackupName is empty, Velero will restore from the most recent successful backup created from this schedule. - type: string - required: - - backupName - type: object - status: - description: RestoreStatus captures the current status of a Velero restore - properties: - completionTimestamp: - description: CompletionTimestamp records the time the restore operation was completed. Completion time is recorded even on failed restore. The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - errors: - description: Errors is a count of all error messages that were generated during execution of the restore. The actual errors are stored in object storage. - type: integer - failureReason: - description: FailureReason is an error that caused the entire restore to fail. - type: string - phase: - description: Phase is the current state of the Restore - enum: - - New - - FailedValidation - - InProgress - - Completed - - PartiallyFailed - - Failed - type: string - progress: - description: Progress contains information about the restore's execution progress. Note that this information is best-effort only -- if Velero fails to update it during a restore for any reason, it may be inaccurate/stale. - nullable: true - properties: - itemsRestored: - description: ItemsRestored is the number of items that have actually been restored so far - type: integer - totalItems: - description: TotalItems is the total number of items to be restored. This number may change throughout the execution of the restore due to plugins that return additional related items to restore - type: integer - type: object - startTimestamp: - description: StartTimestamp records the time the restore operation was started. The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - validationErrors: - description: ValidationErrors is a slice of all validation errors (if applicable) - items: - type: string - nullable: true - type: array - warnings: - description: Warnings is a count of all warning messages that were generated during execution of the restore. The actual warnings are stored in object storage. - type: integer - type: object - type: object - version: v1 - versions: - - name: v1 - served: true - storage: true -- apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null - labels: - component: kubeagent-backup-helper - name: schedules.velero.io - spec: - group: velero.io - names: - kind: Schedule - listKind: ScheduleList - plural: schedules - singular: schedule - preserveUnknownFields: false - scope: Namespaced - validation: - openAPIV3Schema: - description: Schedule is a Velero resource that represents a pre-scheduled or periodic Backup that should be run. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ScheduleSpec defines the specification for a Velero schedule - properties: - schedule: - description: Schedule is a Cron expression defining when to run the Backup. - type: string - template: - description: Template is the definition of the Backup to be run on the provided schedule - properties: - defaultVolumesToRestic: - description: DefaultVolumesToRestic specifies whether restic should be used to take a backup of all pod volumes by default. - type: boolean - excludedNamespaces: - description: ExcludedNamespaces contains a list of namespaces that are not included in the backup. - items: - type: string - nullable: true - type: array - excludedResources: - description: ExcludedResources is a slice of resource names that are not included in the backup. - items: - type: string - nullable: true - type: array - hooks: - description: Hooks represent custom behaviors that should be executed at different phases of the backup. - properties: - resources: - description: Resources are hooks that should be executed when backing up individual instances of a resource. - items: - description: BackupResourceHookSpec defines one or more BackupResourceHooks that should be executed based on the rules defined for namespaces, resources, and label selector. - properties: - excludedNamespaces: - description: ExcludedNamespaces specifies the namespaces to which this hook spec does not apply. - items: - type: string - nullable: true - type: array - excludedResources: - description: ExcludedResources specifies the resources to which this hook spec does not apply. - items: - type: string - nullable: true - type: array - includedNamespaces: - description: IncludedNamespaces specifies the namespaces to which this hook spec applies. If empty, it applies to all namespaces. - items: - type: string - nullable: true - type: array - includedResources: - description: IncludedResources specifies the resources to which this hook spec applies. If empty, it applies to all resources. - items: - type: string - nullable: true - type: array - labelSelector: - description: LabelSelector, if specified, filters the resources to which this hook spec applies. - nullable: true - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - name: - description: Name is the name of this hook. - type: string - post: - description: PostHooks is a list of BackupResourceHooks to execute after storing the item in the backup. These are executed after all "additional items" from item actions are processed. - items: - description: BackupResourceHook defines a hook for a resource. - properties: - exec: - description: Exec defines an exec hook. - properties: - command: - description: Command is the command and arguments to execute. - items: - type: string - minItems: 1 - type: array - container: - description: Container is the container in the pod where the command should be executed. If not specified, the pod's first container is used. - type: string - onError: - description: OnError specifies how Velero should behave if it encounters an error executing this hook. - enum: - - Continue - - Fail - type: string - timeout: - description: Timeout defines the maximum amount of time Velero should wait for the hook to complete before considering the execution a failure. - type: string - required: - - command - type: object - required: - - exec - type: object - type: array - pre: - description: PreHooks is a list of BackupResourceHooks to execute prior to storing the item in the backup. These are executed before any "additional items" from item actions are processed. - items: - description: BackupResourceHook defines a hook for a resource. - properties: - exec: - description: Exec defines an exec hook. - properties: - command: - description: Command is the command and arguments to execute. - items: - type: string - minItems: 1 - type: array - container: - description: Container is the container in the pod where the command should be executed. If not specified, the pod's first container is used. - type: string - onError: - description: OnError specifies how Velero should behave if it encounters an error executing this hook. - enum: - - Continue - - Fail - type: string - timeout: - description: Timeout defines the maximum amount of time Velero should wait for the hook to complete before considering the execution a failure. - type: string - required: - - command - type: object - required: - - exec - type: object - type: array - required: - - name - type: object - nullable: true - type: array - type: object - includeClusterResources: - description: IncludeClusterResources specifies whether cluster-scoped resources should be included for consideration in the backup. - nullable: true - type: boolean - includedNamespaces: - description: IncludedNamespaces is a slice of namespace names to include objects from. If empty, all namespaces are included. - items: - type: string - nullable: true - type: array - includedResources: - description: IncludedResources is a slice of resource names to include in the backup. If empty, all resources are included. - items: - type: string - nullable: true - type: array - labelSelector: - description: LabelSelector is a metav1.LabelSelector to filter with when adding individual objects to the backup. If empty or nil, all objects are included. Optional. - nullable: true - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - orderedResources: - additionalProperties: - type: string - description: OrderedResources specifies the backup order of resources of specific Kind. The map key is the Kind name and value is a list of resource names separated by commas. Each resource name has format "namespace/resourcename". For cluster resources, simply use "resourcename". - nullable: true - type: object - snapshotVolumes: - description: SnapshotVolumes specifies whether to take cloud snapshots of any PV's referenced in the set of objects included in the Backup. - nullable: true - type: boolean - storageLocation: - description: StorageLocation is a string containing the name of a BackupStorageLocation where the backup should be stored. - type: string - ttl: - description: TTL is a time.Duration-parseable string describing how long the Backup should be retained for. - type: string - volumeSnapshotLocations: - description: VolumeSnapshotLocations is a list containing names of VolumeSnapshotLocations associated with this backup. - items: - type: string - type: array - type: object - useOwnerReferencesInBackup: - description: UseOwnerReferencesBackup specifies whether to use OwnerReferences on backups created by this Schedule. - nullable: true - type: boolean - required: - - schedule - - template - type: object - status: - description: ScheduleStatus captures the current state of a Velero schedule - properties: - lastBackup: - description: LastBackup is the last time a Backup was run for this Schedule schedule - format: date-time - nullable: true - type: string - phase: - description: Phase is the current phase of the Schedule - enum: - - New - - Enabled - - FailedValidation - type: string - validationErrors: - description: ValidationErrors is a slice of all validation errors (if applicable) - items: - type: string - type: array - type: object - type: object - version: v1 - versions: - - name: v1 - served: true - storage: true -- apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null - labels: - component: kubeagent-backup-helper - name: serverstatusrequests.velero.io - spec: - group: velero.io - names: - kind: ServerStatusRequest - listKind: ServerStatusRequestList - plural: serverstatusrequests - shortNames: - - ssr - singular: serverstatusrequest - preserveUnknownFields: false - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: ServerStatusRequest is a request to access current status information about the Velero server. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ServerStatusRequestSpec is the specification for a ServerStatusRequest. - type: object - status: - description: ServerStatusRequestStatus is the current status of a ServerStatusRequest. - properties: - phase: - description: Phase is the current lifecycle phase of the ServerStatusRequest. - enum: - - New - - Processed - type: string - plugins: - description: Plugins list information about the plugins running on the Velero server - items: - description: PluginInfo contains attributes of a Velero plugin - properties: - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - nullable: true - type: array - processedTimestamp: - description: ProcessedTimestamp is when the ServerStatusRequest was processed by the ServerStatusRequestController. - format: date-time - nullable: true - type: string - serverVersion: - description: ServerVersion is the Velero server version. - type: string - type: object - type: object - version: v1 - versions: - - name: v1 - served: true - storage: true -{{- if not (lookup "apiextensions.k8s.io/v1" "CustomResourceDefinition" "" "volumesnapshotlocations.velero.io") }} -- apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - "helm.sh/resource-policy": keep - creationTimestamp: null - labels: - component: kubeagent-backup-helper - name: volumesnapshotlocations.velero.io - spec: - group: velero.io - names: - kind: VolumeSnapshotLocation - listKind: VolumeSnapshotLocationList - plural: volumesnapshotlocations - singular: volumesnapshotlocation - preserveUnknownFields: false - scope: Namespaced - validation: - openAPIV3Schema: - description: VolumeSnapshotLocation is a location where Velero stores volume snapshots. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: VolumeSnapshotLocationSpec defines the specification for a Velero VolumeSnapshotLocation. - properties: - config: - additionalProperties: - type: string - description: Config is for provider-specific configuration fields. - type: object - provider: - description: Provider is the provider of the volume storage. - type: string - required: - - provider - type: object - status: - description: VolumeSnapshotLocationStatus describes the current status of a Velero VolumeSnapshotLocation. - properties: - phase: - description: VolumeSnapshotLocationPhase is the lifecycle phase of a Velero VolumeSnapshotLocation. - enum: - - Available - - Unavailable - type: string - type: object - type: object - version: v1 - versions: - - name: v1 - served: true - storage: true -{{- end }} -{{- if not (lookup "v1" "Namespace" .Values.namespace "cloudcasa-io") }} -- apiVersion: v1 - kind: Namespace - metadata: - annotations: - "helm.sh/resource-policy": keep - creationTimestamp: null - labels: - component: kubeagent-backup-helper - name: cloudcasa-io - spec: {} -{{- end }} -- apiVersion: v1 - kind: ServiceAccount - metadata: - creationTimestamp: null - labels: - component: kubeagent-backup-helper - name: {{ .Values.namespace }} - namespace: {{ .Values.namespace }} -- apiVersion: rbac.authorization.k8s.io/v1beta1 - kind: ClusterRoleBinding - metadata: - creationTimestamp: null - labels: - component: kubeagent-backup-helper - name: {{ .Values.namespace }} - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-admin - subjects: - - kind: ServiceAccount - name: {{ .Values.namespace }} - namespace: {{ .Values.namespace }} -- apiVersion: apps/v1 - kind: Deployment - metadata: - name: kubeagent - namespace: {{ .Values.namespace }} - labels: - component: kubeagent-backup-helper - spec: - selector: - matchLabels: - app: kubeagent - strategy: {} - replicas: 1 - template: - metadata: - labels: - app: kubeagent - annotations: - prometheus.io/path: /metrics - prometheus.io/port: "8085" - prometheus.io/scrape: "true" - spec: - containers: - - image: {{ .Values.kagent_image.repository }}:{{ .Values.kagent_image.tag }} - args: ["/usr/local/bin/kubeagent", "--server_addr", "agent.cloudcasa.io:443", "--tls", "true"] - name: kubeagent - resources: - requests: - memory: "{{ .Values.request_kubeagent_memory }}" - cpu: "{{ .Values.request_kubeagent_cpu }}" - limits: - memory: "{{ .Values.limit_kubeagent_memory }}" - cpu: "{{ .Values.limit_kubeagent_cpu }}" - env: - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: AMDS_CLUSTER_ID - value: {{ .Values.cluster_id }} - - name: KUBEMOVER_IMAGE - value: {{ .Values.kagent_image.repository }}:{{ .Values.kagent_image.tag }} - - name: DEPLOYMENT_PLATFORM - {{ if (lookup "v1" "Namespace" "" "cattle-system") }} - value: "rancher" - {{ else if (lookup "v1" "Namespace" "" "nirmata") }} - value: "nirmata" - {{ else }} - value: "helm" - {{ end }} - volumeMounts: - - mountPath: /credentials - name: cloud-credentials - - mountPath: /plugins - name: plugins - - mountPath: /scratch - name: scratch - - image: {{ .Values.velero_image.repository }}:{{ .Values.velero_image.tag }} - imagePullPolicy: IfNotPresent - name: kubeagent-backup-helper - args: - - server - - --features=EnableCSI,EnableAPIGroupVersions - - --backup-sync-period=0s - - --store-validation-frequency=0s - # (24 hours * 365 days * 10 years) + (2 * 24 hours[for leap years]) = 87648 hours - - --default-backup-ttl=87648h0m0s - - --disable-controllers=backup-sync,schedule,gc,download-request,restic-repo,server-status-request - - --log-format=json - - --log-level=info - command: - - /velero - env: - - name: VELERO_SCRATCH_DIR - value: /scratch - - name: VELERO_NAMESPACE - value: {{ .Values.namespace }} - - name: LD_LIBRARY_PATH - value: /plugins - - name: AWS_SHARED_CREDENTIALS_FILE - value: /credentials/s3/cloud - - name: GOOGLE_APPLICATION_CREDENTIALS - value: /credentials/gcp/cloud - - name: AZURE_CREDENTIALS_FILE - value: /credentials/azure/cloud - ports: - - containerPort: 8085 - name: metrics - resources: - limits: - cpu: "{{ .Values.limit_velero_cpu }}" - memory: "{{ .Values.limit_velero_memory }}" - requests: - cpu: "{{ .Values.request_velero_cpu }}" - memory: "{{ .Values.request_velero_memory }}" - volumeMounts: - - mountPath: /plugins - name: plugins - - mountPath: /scratch - name: scratch - - mountPath: /credentials - name: cloud-credentials - initContainers: - - image: "{{ .Values.velero_aws_plugin_image.repository }}:{{ .Values.velero_aws_plugin_image.tag }}" - imagePullPolicy: IfNotPresent - name: velero-plugin-for-aws - resources: {} - volumeMounts: - - mountPath: /target - name: plugins - - image: "{{ .Values.velero_azure_plugin_image.repository }}:{{ .Values.velero_azure_plugin_image.tag }}" - imagePullPolicy: IfNotPresent - name: velero-plugin-for-microsoft-azure - resources: {} - volumeMounts: - - mountPath: /target - name: plugins - - image: "{{ .Values.velero_csi_plugin_image.repository }}:{{ .Values.velero_csi_plugin_image.tag }}" - imagePullPolicy: IfNotPresent - name: velero-plugin-for-csi - resources: {} - volumeMounts: - - mountPath: /target - name: plugins - - image: "{{ .Values.velero_plugin_image.repository }}:{{ .Values.velero_plugin_image.tag }}" - imagePullPolicy: IfNotPresent - name: backup-helper-plugin - resources: {} - volumeMounts: - - mountPath: /target - name: plugins - restartPolicy: Always - serviceAccountName: {{ .Values.namespace }} - volumes: - - emptyDir: {} - name: plugins - - emptyDir: {} - name: scratch - - emptyDir: {} - name: cloud-credentials -{{- if not (lookup "apiextensions.k8s.io/v1" "CustomResourceDefinition" "" "volumesnapshotclasses.snapshot.storage.k8s.io") }} -- apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - api-approved.kubernetes.io: "https://github.com/kubernetes-csi/external-snapshotter/pull/139" - "helm.sh/resource-policy": keep - creationTimestamp: null - name: volumesnapshotclasses.snapshot.storage.k8s.io - spec: - additionalPrinterColumns: - - JSONPath: .driver - name: Driver - type: string - - JSONPath: .deletionPolicy - description: Determines whether a VolumeSnapshotContent created through the VolumeSnapshotClass - should be deleted when its bound VolumeSnapshot is deleted. - name: DeletionPolicy - type: string - - JSONPath: .metadata.creationTimestamp - name: Age - type: date - group: snapshot.storage.k8s.io - names: - kind: VolumeSnapshotClass - listKind: VolumeSnapshotClassList - plural: volumesnapshotclasses - singular: volumesnapshotclass - preserveUnknownFields: false - scope: Cluster - subresources: {} - validation: - openAPIV3Schema: - description: VolumeSnapshotClass specifies parameters that a underlying storage - system uses when creating a volume snapshot. A specific VolumeSnapshotClass - is used by specifying its name in a VolumeSnapshot object. VolumeSnapshotClasses - are non-namespaced - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - deletionPolicy: - description: deletionPolicy determines whether a VolumeSnapshotContent created - through the VolumeSnapshotClass should be deleted when its bound VolumeSnapshot - is deleted. Supported values are "Retain" and "Delete". "Retain" means - that the VolumeSnapshotContent and its physical snapshot on underlying - storage system are kept. "Delete" means that the VolumeSnapshotContent - and its physical snapshot on underlying storage system are deleted. Required. - enum: - - Delete - - Retain - type: string - driver: - description: driver is the name of the storage driver that handles this - VolumeSnapshotClass. Required. - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - parameters: - additionalProperties: - type: string - description: parameters is a key-value map with storage driver specific - parameters for creating snapshots. These values are opaque to Kubernetes. - type: object - required: - - deletionPolicy - - driver - type: object - version: v1beta1 - versions: - - name: v1beta1 - served: true - storage: true - status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] -{{- end }} -{{- if not (lookup "apiextensions.k8s.io/v1" "CustomResourceDefinition" "" "volumesnapshotcontents.snapshot.storage.k8s.io") }} -- apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - api-approved.kubernetes.io: "https://github.com/kubernetes-csi/external-snapshotter/pull/139" - "helm.sh/resource-policy": keep - creationTimestamp: null - name: volumesnapshotcontents.snapshot.storage.k8s.io - spec: - additionalPrinterColumns: - - JSONPath: .status.readyToUse - description: Indicates if a snapshot is ready to be used to restore a volume. - name: ReadyToUse - type: boolean - - JSONPath: .status.restoreSize - description: Represents the complete size of the snapshot in bytes - name: RestoreSize - type: integer - - JSONPath: .spec.deletionPolicy - description: Determines whether this VolumeSnapshotContent and its physical snapshot - on the underlying storage system should be deleted when its bound VolumeSnapshot - is deleted. - name: DeletionPolicy - type: string - - JSONPath: .spec.driver - description: Name of the CSI driver used to create the physical snapshot on the - underlying storage system. - name: Driver - type: string - - JSONPath: .spec.volumeSnapshotClassName - description: Name of the VolumeSnapshotClass to which this snapshot belongs. - name: VolumeSnapshotClass - type: string - - JSONPath: .spec.volumeSnapshotRef.name - description: Name of the VolumeSnapshot object to which this VolumeSnapshotContent - object is bound. - name: VolumeSnapshot - type: string - - JSONPath: .metadata.creationTimestamp - name: Age - type: date - group: snapshot.storage.k8s.io - names: - kind: VolumeSnapshotContent - listKind: VolumeSnapshotContentList - plural: volumesnapshotcontents - singular: volumesnapshotcontent - preserveUnknownFields: false - scope: Cluster - subresources: - status: {} - validation: - openAPIV3Schema: - description: VolumeSnapshotContent represents the actual "on-disk" snapshot - object in the underlying storage system - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: spec defines properties of a VolumeSnapshotContent created - by the underlying storage system. Required. - properties: - deletionPolicy: - description: deletionPolicy determines whether this VolumeSnapshotContent - and its physical snapshot on the underlying storage system should - be deleted when its bound VolumeSnapshot is deleted. Supported values - are "Retain" and "Delete". "Retain" means that the VolumeSnapshotContent - and its physical snapshot on underlying storage system are kept. "Delete" - means that the VolumeSnapshotContent and its physical snapshot on - underlying storage system are deleted. In dynamic snapshot creation - case, this field will be filled in with the "DeletionPolicy" field - defined in the VolumeSnapshotClass the VolumeSnapshot refers to. For - pre-existing snapshots, users MUST specify this field when creating - the VolumeSnapshotContent object. Required. - enum: - - Delete - - Retain - type: string - driver: - description: driver is the name of the CSI driver used to create the - physical snapshot on the underlying storage system. This MUST be the - same as the name returned by the CSI GetPluginName() call for that - driver. Required. - type: string - source: - description: source specifies from where a snapshot will be created. - This field is immutable after creation. Required. - properties: - snapshotHandle: - description: snapshotHandle specifies the CSI "snapshot_id" of a - pre-existing snapshot on the underlying storage system. This field - is immutable. - type: string - volumeHandle: - description: volumeHandle specifies the CSI "volume_id" of the volume - from which a snapshot should be dynamically taken from. This field - is immutable. - type: string - type: object - volumeSnapshotClassName: - description: name of the VolumeSnapshotClass to which this snapshot - belongs. - type: string - volumeSnapshotRef: - description: volumeSnapshotRef specifies the VolumeSnapshot object to - which this VolumeSnapshotContent object is bound. VolumeSnapshot.Spec.VolumeSnapshotContentName - field must reference to this VolumeSnapshotContent's name for the - bidirectional binding to be valid. For a pre-existing VolumeSnapshotContent - object, name and namespace of the VolumeSnapshot object MUST be provided - for binding to happen. This field is immutable after creation. Required. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an - entire object, this string should contain a valid JSON/Go field - access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen only - to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change - in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is - made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - type: object - required: - - deletionPolicy - - driver - - source - - volumeSnapshotRef - type: object - status: - description: status represents the current information of a snapshot. - properties: - creationTime: - description: creationTime is the timestamp when the point-in-time snapshot - is taken by the underlying storage system. In dynamic snapshot creation - case, this field will be filled in with the "creation_time" value - returned from CSI "CreateSnapshotRequest" gRPC call. For a pre-existing - snapshot, this field will be filled with the "creation_time" value - returned from the CSI "ListSnapshots" gRPC call if the driver supports - it. If not specified, it indicates the creation time is unknown. The - format of this field is a Unix nanoseconds time encoded as an int64. - On Unix, the command `date +%s%N` returns the current time in nanoseconds - since 1970-01-01 00:00:00 UTC. - format: int64 - type: integer - error: - description: error is the latest observed error during snapshot creation, - if any. - properties: - message: - description: 'message is a string detailing the encountered error - during snapshot creation if specified. NOTE: message may be logged, - and it should not contain sensitive information.' - type: string - time: - description: time is the timestamp when the error was encountered. - format: date-time - type: string - type: object - readyToUse: - description: readyToUse indicates if a snapshot is ready to be used - to restore a volume. In dynamic snapshot creation case, this field - will be filled in with the "ready_to_use" value returned from CSI - "CreateSnapshotRequest" gRPC call. For a pre-existing snapshot, this - field will be filled with the "ready_to_use" value returned from the - CSI "ListSnapshots" gRPC call if the driver supports it, otherwise, - this field will be set to "True". If not specified, it means the readiness - of a snapshot is unknown. - type: boolean - restoreSize: - description: restoreSize represents the complete size of the snapshot - in bytes. In dynamic snapshot creation case, this field will be filled - in with the "size_bytes" value returned from CSI "CreateSnapshotRequest" - gRPC call. For a pre-existing snapshot, this field will be filled - with the "size_bytes" value returned from the CSI "ListSnapshots" - gRPC call if the driver supports it. When restoring a volume from - this snapshot, the size of the volume MUST NOT be smaller than the - restoreSize if it is specified, otherwise the restoration will fail. - If not specified, it indicates that the size is unknown. - format: int64 - minimum: 0 - type: integer - snapshotHandle: - description: snapshotHandle is the CSI "snapshot_id" of a snapshot on - the underlying storage system. If not specified, it indicates that - dynamic snapshot creation has either failed or it is still in progress. - type: string - type: object - required: - - spec - type: object - version: v1beta1 - versions: - - name: v1beta1 - served: true - storage: true - status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] -{{- end }} -{{- if not (lookup "apiextensions.k8s.io/v1" "CustomResourceDefinition" "" "volumesnapshots.snapshot.storage.k8s.io") }} -- apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - api-approved.kubernetes.io: "https://github.com/kubernetes-csi/external-snapshotter/pull/139" - "helm.sh/resource-policy": delete - creationTimestamp: null - name: volumesnapshots.snapshot.storage.k8s.io - spec: - additionalPrinterColumns: - - JSONPath: .status.readyToUse - description: Indicates if a snapshot is ready to be used to restore a volume. - name: ReadyToUse - type: boolean - - JSONPath: .spec.source.persistentVolumeClaimName - description: Name of the source PVC from where a dynamically taken snapshot will - be created. - name: SourcePVC - type: string - - JSONPath: .spec.source.volumeSnapshotContentName - description: Name of the VolumeSnapshotContent which represents a pre-provisioned - snapshot. - name: SourceSnapshotContent - type: string - - JSONPath: .status.restoreSize - description: Represents the complete size of the snapshot. - name: RestoreSize - type: string - - JSONPath: .spec.volumeSnapshotClassName - description: The name of the VolumeSnapshotClass requested by the VolumeSnapshot. - name: SnapshotClass - type: string - - JSONPath: .status.boundVolumeSnapshotContentName - description: The name of the VolumeSnapshotContent to which this VolumeSnapshot - is bound. - name: SnapshotContent - type: string - - JSONPath: .status.creationTime - description: Timestamp when the point-in-time snapshot is taken by the underlying - storage system. - name: CreationTime - type: date - - JSONPath: .metadata.creationTimestamp - name: Age - type: date - group: snapshot.storage.k8s.io - names: - kind: VolumeSnapshot - listKind: VolumeSnapshotList - plural: volumesnapshots - singular: volumesnapshot - preserveUnknownFields: false - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: VolumeSnapshot is a user's request for either creating a point-in-time - snapshot of a persistent volume, or binding to a pre-existing snapshot. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: 'spec defines the desired characteristics of a snapshot requested - by a user. More info: https://kubernetes.io/docs/concepts/storage/volume-snapshots#volumesnapshots - Required.' - properties: - source: - description: source specifies where a snapshot will be created from. - This field is immutable after creation. Required. - properties: - persistentVolumeClaimName: - description: persistentVolumeClaimName specifies the name of the - PersistentVolumeClaim object in the same namespace as the VolumeSnapshot - object where the snapshot should be dynamically taken from. This - field is immutable. - type: string - volumeSnapshotContentName: - description: volumeSnapshotContentName specifies the name of a pre-existing - VolumeSnapshotContent object. This field is immutable. - type: string - type: object - volumeSnapshotClassName: - description: 'volumeSnapshotClassName is the name of the VolumeSnapshotClass - requested by the VolumeSnapshot. If not specified, the default snapshot - class will be used if one exists. If not specified, and there is no - default snapshot class, dynamic snapshot creation will fail. Empty - string is not allowed for this field. TODO(xiangqian): a webhook validation - on empty string. More info: https://kubernetes.io/docs/concepts/storage/volume-snapshot-classes' - type: string - required: - - source - type: object - status: - description: 'status represents the current information of a snapshot. NOTE: - status can be modified by sources other than system controllers, and must - not be depended upon for accuracy. Controllers should only use information - from the VolumeSnapshotContent object after verifying that the binding - is accurate and complete.' - properties: - boundVolumeSnapshotContentName: - description: 'boundVolumeSnapshotContentName represents the name of - the VolumeSnapshotContent object to which the VolumeSnapshot object - is bound. If not specified, it indicates that the VolumeSnapshot object - has not been successfully bound to a VolumeSnapshotContent object - yet. NOTE: Specified boundVolumeSnapshotContentName alone does not - mean binding is valid. Controllers MUST always verify bidirectional - binding between VolumeSnapshot and VolumeSnapshotContent to - avoid possible security issues.' - type: string - creationTime: - description: creationTime is the timestamp when the point-in-time snapshot - is taken by the underlying storage system. In dynamic snapshot creation - case, this field will be filled in with the "creation_time" value - returned from CSI "CreateSnapshotRequest" gRPC call. For a pre-existing - snapshot, this field will be filled with the "creation_time" value - returned from the CSI "ListSnapshots" gRPC call if the driver supports - it. If not specified, it indicates that the creation time of the snapshot - is unknown. - format: date-time - type: string - error: - description: error is the last observed error during snapshot creation, - if any. This field could be helpful to upper level controllers(i.e., - application controller) to decide whether they should continue on - waiting for the snapshot to be created based on the type of error - reported. - properties: - message: - description: 'message is a string detailing the encountered error - during snapshot creation if specified. NOTE: message may be logged, - and it should not contain sensitive information.' - type: string - time: - description: time is the timestamp when the error was encountered. - format: date-time - type: string - type: object - readyToUse: - description: readyToUse indicates if a snapshot is ready to be used - to restore a volume. In dynamic snapshot creation case, this field - will be filled in with the "ready_to_use" value returned from CSI - "CreateSnapshotRequest" gRPC call. For a pre-existing snapshot, this - field will be filled with the "ready_to_use" value returned from the - CSI "ListSnapshots" gRPC call if the driver supports it, otherwise, - this field will be set to "True". If not specified, it means the readiness - of a snapshot is unknown. - type: boolean - restoreSize: - type: string - description: restoreSize represents the complete size of the snapshot - in bytes. In dynamic snapshot creation case, this field will be filled - in with the "size_bytes" value returned from CSI "CreateSnapshotRequest" - gRPC call. For a pre-existing snapshot, this field will be filled - with the "size_bytes" value returned from the CSI "ListSnapshots" - gRPC call if the driver supports it. When restoring a volume from - this snapshot, the size of the volume MUST NOT be smaller than the - restoreSize if it is specified, otherwise the restoration will fail. - If not specified, it indicates that the size is unknown. - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - required: - - spec - type: object - version: v1beta1 - versions: - - name: v1beta1 - served: true - storage: true - status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] -{{- end }} ---- diff --git a/charts/cloudcasa/cloudcasa/2.0.0/values.yaml b/charts/cloudcasa/cloudcasa/2.0.0/values.yaml deleted file mode 100644 index 20a501459..000000000 --- a/charts/cloudcasa/cloudcasa/2.0.0/values.yaml +++ /dev/null @@ -1,110 +0,0 @@ -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry -## - -## Required namespace -namespace: cloudcasa-io - -## Velero csi plugin image -## ref: https://hub.docker.com/r/velero/velero-plugin-for-csi/tags/ -velero_csi_plugin_image: - registry: docker.io - repository: catalogicsoftware/velero-plugin-for-csi - tag: v0.1.2.3 - pullPolicy: IfNotPresent - debug: false -## - -## Velero plugin image -velero_plugin_image: - registry: docker.io - repository: catalogicsoftware/amds-veleroplugin - tag: 0.0.1-rc.251 - pullPolicy: IfNotPresent - debug: false -## - -## Velero aws plugin image -## ref: https://hub.docker.com/r/velero/velero-plugin-for-aws/tags/ -velero_aws_plugin_image: - registry: docker.io - repository: velero/velero-plugin-for-aws - tag: v1.2.0 - pullPolicy: IfNotPresent - debug: false -## - -## Velero azure plugin image -velero_azure_plugin_image: - registry: docker.io - repository: velero/velero-plugin-for-microsoft-azure - tag: v1.2.0 - pullPolicy: IfNotPresent - debug: false -## - -## Velero image -## ref: https://hub.docker.com/r/velero/velero/tags -velero_image: - registry: docker.io - repository: velero/velero - tag: v1.6.0 - pullPolicy: IfNotPresent - debug: false -## - -## Cloudcasa kubeagent image -## ref: https://hub.docker.com/r/catalogicsoftware/amds-kagent/tags/ -kagent_image: - registry: docker.io - repository: catalogicsoftware/amds-kagent - tag: 0.1.0-prod.83 - pullPolicy: IfNotPresent - debug: false -## - -## Cloudcasa AMDS Cluster ID. To be provided by the user -cluster_id: "" - -## Resources to be used by velero and kubeagent pods -request_velero_memory: 128Mi -request_velero_cpu: 500m -limit_velero_memory: 512Mi -limit_velero_cpu: 1 -request_kubeagent_memory: 32Mi -request_kubeagent_cpu: 250m -limit_kubeagent_memory: 64Mi -limit_kubeagent_cpu: 500m - -## Placeholder configuration below this line ## -imagePullSecrets: [] -nameOverride: "" -fullnameOverride: "" - -serviceAccount: - create: true - annotations: {} - name: "" - -podAnnotations: {} - -podSecurityContext: {} - -securityContext: {} - -resources: {} - -autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 1 - targetCPUUtilizationPercentage: 80 - targetMemoryUtilizationPercentage: 80 - -nodeSelector: {} - -tolerations: [] - -affinity: {} -## diff --git a/charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/Chart.yaml b/charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/Chart.yaml deleted file mode 100644 index cae3f8d6a..000000000 --- a/charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/Chart.yaml +++ /dev/null @@ -1,15 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: cockroachdb -apiVersion: v1 -appVersion: 20.1.3 -description: CockroachDB is a scalable, survivable, strongly-consistent SQL database. -home: https://www.cockroachlabs.com -icon: https://raw.githubusercontent.com/cockroachdb/cockroach/master/docs/media/cockroach_db.png -maintainers: -- email: helm-charts@cockroachlabs.com - name: cockroachlabs -name: cockroachdb -sources: -- https://github.com/cockroachdb/cockroach -version: 4.1.200+up4.1.2 diff --git a/charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/README.md b/charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/README.md deleted file mode 100644 index cbb90aa27..000000000 --- a/charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/README.md +++ /dev/null @@ -1,477 +0,0 @@ -# CockroachDB Helm Chart - -[CockroachDB](https://github.com/cockroachdb/cockroach) - the open source, cloud-native distributed SQL database. - -## Documentation - -Below is a brief overview of operating the CockroachDB Helm Chart and some specific implementation details. For additional information on deploying CockroachDB, please see: -> - -Note that the documentation requires Helm 3.0 or higher. - -## Prerequisites Details - -* Kubernetes 1.8 -* PV support on the underlying infrastructure (only if using `storage.persistentVolume`). [Docker for windows hostpath provisioner is not supported](https://github.com/cockroachdb/docs/issues/3184). -* If you want to secure your cluster to use TLS certificates for all network communication, [Helm must be installed with RBAC privileges](https://helm.sh/docs/topics/rbac/) or else you will get an "attempt to grant extra privileges" error. - -## StatefulSet Details - -* - -## StatefulSet Caveats - -* - -## Chart Details - -This chart will do the following: - -* Set up a dynamically scalable CockroachDB cluster using a Kubernetes StatefulSet. - -## Add the CockroachDB Repository - -```shell -helm repo add cockroachdb https://charts.cockroachdb.com/ -``` - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```shell -helm install my-release cockroachdb/cockroachdb -``` - -Note that for a production cluster, you will likely want to override the following parameters in [`values.yaml`](values.yaml) with your own values. - -- `statefulset.resources.requests.memory` and `statefulset.resources.limits.memory` allocate memory resources to CockroachDB pods in your cluster. -- `conf.cache` and `conf.max-sql-memory` are memory limits that we recommend setting to 1/4 of the above resource allocation. When running CockroachDB, you must set these limits explicitly to avoid running out of memory. -- `storage.persistentVolume.size` defaults to `100Gi` of disk space per pod, which you may increase or decrease for your use case. -- `storage.persistentVolume.storageClass` uses the default storage class for your environment. We strongly recommend that you specify a storage class which uses an SSD. -- `tls.enabled` must be set to `yes`/`true` to deploy in secure mode. - -For more information on overriding the `values.yaml` parameters, please see: -> - -If you are running in secure mode (with configuration parameter `tls.enabled` set to `yes`/`true`) and `tls.certs.provided` set to `no`/`false`), then you will have to manually approve the cluster's security certificates as the pods are created. You can see the pending CSRs (certificate signing requests) by running `kubectl get csr`, and approve them by running `kubectl certificate approve `. You'll have to approve one certificate for each CockroachDB node (e.g., `default.node.my-release-cockroachdb-0` and one client certificate for the job that initializes the cluster (e.g., `default.node.root`). - -When `tls.certs.provided` is set to `yes`/`true`, this chart will use certificates created outside of Kubernetes. You may want to use this if you want to use a different certificate authority from the one being used by Kubernetes or if your Kubernetes cluster doesn't fully support certificate-signing requests. To use this, first set up your certificates and load them into your Kubernetes cluster as Secrets using the commands below: - -``` -mkdir certs -mkdir my-safe-directory -cockroach cert create-ca --certs-dir=certs --ca-key=my-safe-directory/ca.key -cockroach cert create-client root --certs-dir=certs --ca-key=my-safe-directory/ca.key -kubectl create secret generic cockroachdb-root --from-file=certs -cockroach cert create-node --certs-dir=certs --ca-key=my-safe-directory/ca.key localhost 127.0.0.1 eerie-horse-cockroachdb-public eerie-horse-cockroachdb-public.default eerie-horse-cockroachdb-public.default.svc.cluster.local *.eerie-horse-cockroachdb *.eerie-horse-cockroachdb.default *.eerie-horse-cockroachdb.default.svc.cluster.local -kubectl create secret generic cockroachdb-node --from-file=certs -``` - -Set `tls.certs.tlsSecret` to `yes/true` if you make use of [cert-manager][3] in your cluster. - -[cert-manager][3] stores generated certificates in dedicated TLS secrets. Thus, they are always named: - -* `ca.crt` -* `tls.crt` -* `tls.key` - -On the other hand, CockroachDB also demands dedicated certificate filenames: - -* `ca.crt` -* `node.crt` -* `node.key` -* `client.root.crt` -* `client.root.key` - -By activating `tls.certs.tlsSecret` we benefit from projected secrets and convert the TLS secret filenames to their according CockroachDB filenames. - -If you are running in secure mode, then you will have to manually approve the cluster's security certificates as the pods are created. You can see the pending CSRs (certificate signing requests) by running `kubectl get csr`, and approve them by running `kubectl certificate approve `. You'll have to approve one certificate for each CockroachDB node (e.g., `default.node.my-release-cockroachdb-0` and one client certificate for the job that initializes the cluster (e.g., `default.node.root`). - -Confirm that all pods are `Running` successfully and init has been completed: - -```shell -kubectl get pods -``` - -``` -NAME READY STATUS RESTARTS AGE -my-release-cockroachdb-0 1/1 Running 0 1m -my-release-cockroachdb-1 1/1 Running 0 1m -my-release-cockroachdb-2 1/1 Running 0 1m -my-release-cockroachdb-init-k6jcr 0/1 Completed 0 1m -``` - -Confirm that persistent volumes are created and claimed for each pod: - -```shell -kubectl get pv -``` - -``` -NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE -pvc-64878ebf-f3f0-11e8-ab5b-42010a8e0035 100Gi RWO Delete Bound default/datadir-my-release-cockroachdb-0 standard 51s -pvc-64945b4f-f3f0-11e8-ab5b-42010a8e0035 100Gi RWO Delete Bound default/datadir-my-release-cockroachdb-1 standard 51s -pvc-649d920d-f3f0-11e8-ab5b-42010a8e0035 100Gi RWO Delete Bound default/datadir-my-release-cockroachdb-2 standard 51s -``` - -## Upgrading the cluster - -### Chart version 3.0.0 and after - -Launch a temporary interactive pod and start the built-in SQL client: - -```shell -kubectl run cockroachdb --rm -it \ ---image=cockroachdb/cockroach \ ---restart=Never \ --- sql --insecure --host=my-release-cockroachdb-public -``` - -> If you are running in secure mode, you will have to provide a client certificate to the cluster in order to authenticate, so the above command will not work. See [here](https://github.com/cockroachdb/cockroach/blob/master/cloud/kubernetes/client-secure.yaml) for an example of how to set up an interactive SQL shell against a secure cluster or [here](https://github.com/cockroachdb/cockroach/blob/master/cloud/kubernetes/example-app-secure.yaml) for an example application connecting to a secure cluster. - -Set `cluster.preserve_downgrade_option`, where `$current_version` is the CockroachDB version currently running (e.g., `19.2`): - -```sql -> SET CLUSTER SETTING cluster.preserve_downgrade_option = '$current_version'; -``` - -Exit the shell and delete the temporary pod: - -```sql -> \q -``` - -Kick off the upgrade process by changing the new Docker image, where `$new_version` is the CockroachDB version to which you are upgrading: - -```shell -kubectl delete job my-release-cockroachdb-init -``` - -```shell -helm upgrade my-release cockroachdb/cockroachdb \ ---set image.tag=$new_version \ ---reuse-values -``` - -Kubernetes will carry out a safe [rolling upgrade](https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#updating-statefulsets) of your CockroachDB nodes one-by-one. Monitor the cluster's pods until all have been successfully restarted: - -```shell -kubectl get pods -``` - -``` -NAME READY STATUS RESTARTS AGE -my-release-cockroachdb-0 1/1 Running 0 2m -my-release-cockroachdb-1 1/1 Running 0 3m -my-release-cockroachdb-2 1/1 Running 0 3m -my-release-cockroachdb-3 0/1 ContainerCreating 0 25s -my-release-cockroachdb-init-nwjkh 0/1 ContainerCreating 0 6s -``` - -```shell -kubectl get pods \ --o jsonpath='{range .items[*]}{.metadata.name}{"\t"}{.spec.containers[0].image}{"\n"}' -``` - -``` -my-release-cockroachdb-0 cockroachdb/cockroach:v20.1.3 -my-release-cockroachdb-1 cockroachdb/cockroach:v20.1.3 -my-release-cockroachdb-2 cockroachdb/cockroach:v20.1.3 -my-release-cockroachdb-3 cockroachdb/cockroach:v20.1.3 -``` - -Resume normal operations. Once you are comfortable that the stability and performance of the cluster is what you'd expect post-upgrade, finalize the upgrade: - -```shell -kubectl run cockroachdb --rm -it \ ---image=cockroachdb/cockroach \ ---restart=Never \ --- sql --insecure --host=my-release-cockroachdb-public -``` - -```sql -> RESET CLUSTER SETTING cluster.preserve_downgrade_option; -> \q -``` - -### Chart versions prior to 3.0.0 - -Due to a change in the label format in version 3.0.0 of this chart, upgrading requires that you delete the StatefulSet. Luckily there is a way to do it without actually deleting all the resources managed by the StatefulSet. Use the workaround below to upgrade from charts versions previous to 3.0.0: - -Get the new labels from the specs rendered by Helm: - -```shell -helm template -f deploy.vals.yml cockroachdb/cockroachdb -x templates/statefulset.yaml \ -| yq r - spec.template.metadata.labels -``` - -``` -app.kubernetes.io/name: cockroachdb -app.kubernetes.io/instance: my-release -app.kubernetes.io/component: cockroachdb -``` - -Place the new labels on all pods of the StatefulSet (change `my-release-cockroachdb-0` to the name of each pod): - -```shell -kubectl label pods my-release-cockroachdb-0 \ -app.kubernetes.io/name=cockroachdb \ -app.kubernetes.io/instance=my-release \ -app.kubernetes.io/component=cockroachdb -``` - -Delete the StatefulSet without deleting pods: - -```shell -kubectl delete statefulset my-release-cockroachdb --cascade=false -``` - -Verify that no pod is deleted and then upgrade as normal. A new StatefulSet will be created, taking over the management of the existing pods and upgrading them if needed. - -### See also - -For more information about upgrading a cluster to the latest major release of CockroachDB, see [Upgrade to CockroachDB v20.1](https://www.cockroachlabs.com/docs/stable/upgrade-cockroach-version.html). - -Note that there are some backward-incompatible changes to SQL features between versions 19.2 and 20.1. For details, see the [CockroachDB v20.1.0 release notes](https://www.cockroachlabs.com/docs/releases/v20.1.0.html#backward-incompatible-changes). - -## Configuration - -The following table lists the configurable parameters of the CockroachDB chart and their default values. -For details see the [`values.yaml`](values.yaml) file. - -| Parameter | Description | Default | -| --------- | ----------- | ------- | -| `clusterDomain` | Cluster's default DNS domain | `cluster.local` | -| `conf.attrs` | CockroachDB node attributes | `[]` | -| `conf.cache` | Size of CockroachDB's in-memory cache | `25%` | -| `conf.cluster-name` | Name of CockroachDB cluster | `""` | -| `conf.disable-cluster-name-verification` | Disable CockroachDB cluster name verification | `no` | -| `conf.join` | List of already-existing CockroachDB instances | `[]` | -| `conf.max-disk-temp-storage` | Max storage capacity for temp data | `0` | -| `conf.max-offset` | Max allowed clock offset for CockroachDB cluster | `500ms` | -| `conf.max-sql-memory` | Max memory to use processing SQL querie | `25%` | -| `conf.locality` | Locality attribute for this deployment | `""` | -| `conf.single-node` | Disable CockroachDB clustering (standalone mode) | `no` | -| `conf.sql-audit-dir` | Directory for SQL audit log | `""` | -| `conf.port` | CockroachDB primary serving port in Pods | `26257` | -| `conf.http-port` | CockroachDB HTTP port in Pods | `8080` | -| `image.repository` | Container image name | `cockroachdb/cockroach` | -| `image.tag` | Container image tag | `v20.1.3` | -| `image.pullPolicy` | Container pull policy | `IfNotPresent` | -| `image.credentials` | `registry`, `user` and `pass` credentials to pull private image | `{}` | -| `statefulset.replicas` | StatefulSet replicas number | `3` | -| `statefulset.updateStrategy` | Update strategy for StatefulSet Pods | `{"type": "RollingUpdate"}` | -| `statefulset.podManagementPolicy` | `OrderedReady`/`Parallel` Pods creation/deletion order | `Parallel` | -| `statefulset.budget.maxUnavailable` | k8s PodDisruptionBudget parameter | `1` | -| `statefulset.args` | Extra command-line arguments | `[]` | -| `statefulset.env` | Extra env vars | `[]` | -| `statefulset.secretMounts` | Additional Secrets to mount at cluster members | `[]` | -| `statefulset.labels` | Additional labels of StatefulSet and its Pods | `{"app.kubernetes.io/component": "cockroachdb"}` | -| `statefulset.annotations` | Additional annotations of StatefulSet Pods | `{}` | -| `statefulset.nodeAffinity` | [Node affinity rules][2] of StatefulSet Pods | `{}` | -| `statefulset.podAffinity` | [Inter-Pod affinity rules][1] of StatefulSet Pods | `{}` | -| `statefulset.podAntiAffinity` | [Anti-affinity rules][1] of StatefulSet Pods | auto | -| `statefulset.podAntiAffinity.type` | Type of auto [anti-affinity rules][1] | `soft` | -| `statefulset.podAntiAffinity.weight` | Weight for `soft` auto [anti-affinity rules][1] | `100` | -| `statefulset.nodeSelector` | Node labels for StatefulSet Pods assignment | `{}` | -| `statefulset.priorityClassName` | [PriorityClassName][4] for StatefulSet Pods | `""` | -| `statefulset.tolerations` | Node taints to tolerate by StatefulSet Pods | `[]` | -| `statefulset.resources` | Resource requests and limits for StatefulSet Pods | `{}` | -| `service.ports.grpc.external.port` | CockroachDB primary serving port in Services | `26257` | -| `service.ports.grpc.external.name` | CockroachDB primary serving port name in Services | `grpc` | -| `service.ports.grpc.internal.port` | CockroachDB inter-communication port in Services | `26257` | -| `service.ports.grpc.internal.name` | CockroachDB inter-communication port name in Services | `grpc-internal` | -| `service.ports.http.port` | CockroachDB HTTP port in Services | `8080` | -| `service.ports.http.name` | CockroachDB HTTP port name in Services | `http` | -| `service.public.type` | Public Service type | `ClusterIP` | -| `service.public.labels` | Additional labels of public Service | `{"app.kubernetes.io/component": "cockroachdb"}` | -| `service.public.annotations` | Additional annotations of public Service | `{}` | -| `service.discovery.labels` | Additional labels of discovery Service | `{"app.kubernetes.io/component": "cockroachdb"}` | -| `service.discovery.annotations` | Additional annotations of discovery Service | `{}` | -| `storage.hostPath` | Absolute path on host to store data | `""` | -| `storage.persistentVolume.enabled` | Whether to use PersistentVolume to store data | `yes` | -| `storage.persistentVolume.size` | PersistentVolume size | `100Gi` | -| `storage.persistentVolume.storageClass` | PersistentVolume class | `""` | -| `storage.persistentVolume.labels` | Additional labels of PersistentVolumeClaim | `{}` | -| `storage.persistentVolume.annotations` | Additional annotations of PersistentVolumeClaim | `{}` | -| `init.labels` | Additional labels of init Job and its Pod | `{"app.kubernetes.io/component": "init"}` | -| `init.annotations` | Additional labels of the Pod of init Job | `{}` | -| `init.affinity` | [Affinity rules][2] of init Job Pod | `{}` | -| `init.nodeSelector` | Node labels for init Job Pod assignment | `{}` | -| `init.tolerations` | Node taints to tolerate by init Job Pod | `[]` | -| `init.resources` | Resource requests and limits for the Pod of init Job | `{}` | -| `tls.enabled` | Whether to run securely using TLS certificates | `no` | -| `tls.serviceAccount.create` | Whether to create a new RBAC service account | `yes` | -| `tls.serviceAccount.name` | Name of RBAC service account to use | `""` | -| `tls.certs.provided` | Bring your own certs scenario, i.e certificates are provided | `no` | -| `tls.certs.clientRootSecret` | If certs are provided, secret name for client root cert | `cockroachdb-root` | -| `tls.certs.nodeSecret` | If certs are provided, secret name for node cert | `cockroachdb-node` | -| `tls.certs.tlsSecret` | Own certs are stored in TLS secret | `no` | -| `tls.init.image.repository` | Image to use for requesting TLS certificates | `cockroachdb/cockroach-k8s-request-cert` | -| `tls.init.image.tag` | Image tag to use for requesting TLS certificates | `0.4` | -| `tls.init.image.pullPolicy` | Requesting TLS certificates container pull policy | `IfNotPresent` | -| `tls.init.image.credentials` | `registry`, `user` and `pass` credentials to pull private image | `{}` | -| `networkPolicy.enabled` | Enable NetworkPolicy for CockroachDB's Pods | `no` | -| `networkPolicy.ingress.grpc` | Whitelist resources to access gRPC port of CockroachDB's Pods | `[]` | -| `networkPolicy.ingress.http` | Whitelist resources to access gRPC port of CockroachDB's Pods | `[]` | - -Override the default parameters using the `--set key=value[,key=value]` argument to `helm install`. - -Alternatively, a YAML file that specifies custom values for the parameters can be provided while installing the chart. For example: - -```shell -helm install my-release -f my-values.yaml cockroachdb/cockroachdb -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -## Deep dive - -### Connecting to the CockroachDB cluster - -Once you've created the cluster, you can start talking to it by connecting to its `-public` Service. CockroachDB is PostgreSQL wire protocol compatible, so there's a [wide variety of supported clients](https://www.cockroachlabs.com/docs/install-client-drivers.html). As an example, we'll open up a SQL shell using CockroachDB's built-in shell and play around with it a bit, like this (likely needing to replace `my-release-cockroachdb-public` with the name of the `-public` Service that was created with your installed chart): - -```shell -kubectl run cockroach-client --rm -it \ ---image=cockroachdb/cockroach \ ---restart=Never \ --- sql --insecure --host my-release-cockroachdb-public -``` - -``` -Waiting for pod default/cockroach-client to be running, status is Pending, -pod ready: false -If you don't see a command prompt, try pressing enter. -root@my-release-cockroachdb-public:26257> SHOW DATABASES; -+--------------------+ -| Database | -+--------------------+ -| information_schema | -| pg_catalog | -| system | -+--------------------+ -(3 rows) -root@my-release-cockroachdb-public:26257> CREATE DATABASE bank; -CREATE DATABASE -root@my-release-cockroachdb-public:26257> CREATE TABLE bank.accounts (id INT -PRIMARY KEY, balance DECIMAL); -CREATE TABLE -root@my-release-cockroachdb-public:26257> INSERT INTO bank.accounts VALUES -(1234, 10000.50); -INSERT 1 -root@my-release-cockroachdb-public:26257> SELECT * FROM bank.accounts; -+------+---------+ -| id | balance | -+------+---------+ -| 1234 | 10000.5 | -+------+---------+ -(1 row) -root@my-release-cockroachdb-public:26257> \q -Waiting for pod default/cockroach-client to terminate, status is Running -pod "cockroach-client" deleted -``` - -> If you are running in secure mode, you will have to provide a client certificate to the cluster in order to authenticate, so the above command will not work. See [here](https://github.com/cockroachdb/cockroach/blob/master/cloud/kubernetes/client-secure.yaml) for an example of how to set up an interactive SQL shell against a secure cluster or [here](https://github.com/cockroachdb/cockroach/blob/master/cloud/kubernetes/example-app-secure.yaml) for an example application connecting to a secure cluster. - -### Cluster health - -Because our pod spec includes regular health checks of the CockroachDB processes, simply running `kubectl get pods` and looking at the `STATUS` column is sufficient to determine the health of each instance in the cluster. - -If you want more detailed information about the cluster, the best place to look is the Admin UI. - -### Accessing the Admin UI - -If you want to see information about how the cluster is doing, you can try pulling up the CockroachDB Admin UI by port-forwarding from your local machine to one of the pods (replacing `my-release-cockroachdb-0` with the name of one of your pods: - -```shell -kubectl port-forward my-release-cockroachdb-0 8080 -``` - -You should then be able to access the Admin UI by visiting in your web browser. - -### Failover - -If any CockroachDB member fails, it is restarted or recreated automatically by the Kubernetes infrastructure, and will re-join the cluster automatically when it comes back up. You can test this scenario by killing any of the CockroachDB pods: - -```shell -kubectl delete pod my-release-cockroachdb-1 -``` - -```shell -kubectl get pods -l "app.kubernetes.io/instance=my-release,app.kubernetes.io/component=cockroachdb" -``` - -``` -NAME READY STATUS RESTARTS AGE -my-release-cockroachdb-0 1/1 Running 0 5m -my-release-cockroachdb-2 1/1 Running 0 5m -``` - -After a while: - -```shell -kubectl get pods -l "app.kubernetes.io/instance=my-release,app.kubernetes.io/component=cockroachdb" -``` - -``` -NAME READY STATUS RESTARTS AGE -my-release-cockroachdb-0 1/1 Running 0 5m -my-release-cockroachdb-1 1/1 Running 0 20s -my-release-cockroachdb-2 1/1 Running 0 5m -``` - -You can check the state of re-joining from the new pod's logs: - -```shell -kubectl logs my-release-cockroachdb-1 -``` - -``` -[...] -I161028 19:32:09.754026 1 server/node.go:586 [n1] node connected via gossip and -verified as part of cluster {"35ecbc27-3f67-4e7d-9b8f-27c31aae17d6"} -[...] -cockroachdb-0.my-release-cockroachdb.default.svc.cluster.local:26257 -build: beta-20161027-55-gd2d3c7f @ 2016/10/28 19:27:25 (go1.7.3) -admin: http://0.0.0.0:8080 -sql: -postgresql://root@my-release-cockroachdb-1.my-release-cockroachdb.default.svc.cluster.local:26257?sslmode=disable -logs: cockroach-data/logs -store[0]: path=cockroach-data -status: restarted pre-existing node -clusterID: {35ecbc27-3f67-4e7d-9b8f-27c31aae17d6} -nodeID: 2 -[...] -``` - -### NetworkPolicy - -To enable NetworkPolicy for CockroachDB, install [a networking plugin that implements the Kubernetes NetworkPolicy spec](https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy#before-you-begin), and set `networkPolicy.enabled` to `yes`/`true`. - -For Kubernetes v1.5 & v1.6, you must also turn on NetworkPolicy by setting the `DefaultDeny` Namespace annotation. Note: this will enforce policy for _all_ pods in the Namespace: - -```shell -kubectl annotate namespace default "net.beta.kubernetes.io/network-policy={\"ingress\":{\"isolation\":\"DefaultDeny\"}}" -``` - -For more precise policy, set `networkPolicy.ingress.grpc` and `networkPolicy.ingress.http` rules. This will only allow pods that match the provided rules to connect to CockroachDB. - -### Scaling - -Scaling should be managed via the `helm upgrade` command. After resizing your cluster on your cloud environment (e.g., GKE or EKS), run the following command to add a pod. This assumes you scaled from 3 to 4 nodes: - -```shell -helm upgrade \ -my-release \ -cockroachdb/cockroachdb \ ---set statefulset.replicas=4 \ ---reuse-values -``` - -Note, that if you are running in secure mode (`tls.enabled` is `yes`/`true`) and increase the size of your cluster, you will also have to approve the CSR (certificate-signing request) of each new node (using `kubectl get csr` and `kubectl certificate approve`). - -[1]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#inter-pod-affinity-and-anti-affinity -[2]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-affinity -[3]: https://cert-manager.io/ -[4]: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass diff --git a/charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/app-readme.md b/charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/app-readme.md deleted file mode 100644 index 8fcc1fd6f..000000000 --- a/charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/app-readme.md +++ /dev/null @@ -1,9 +0,0 @@ -# CockroachDB Chart - -CockroachDB is a Distributed SQL database that runs natively in Kubernetes. It gives you resilient, horizontal scale across multiple clouds with always-on availability and data partitioned by location. - -CockroachDB scales horizontally without reconfiguration or need for a massive architectural overhaul. Simply add a new node to the cluster and CockroachDB takes care of the underlying complexity. - - - Scale by simply adding new nodes to a CockroachDB cluster - - Automate balancing and distribution of ranges, not shards - - Optimize server utilization evenly across all nodes diff --git a/charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/questions.yml b/charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/questions.yml deleted file mode 100644 index 729c1fd58..000000000 --- a/charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/questions.yml +++ /dev/null @@ -1,8 +0,0 @@ -questions: -- default: 100Gi - variable: Storage - description: "Size of volume for each CockroachDB Node/Pod" - group: Config - label: "Storage per Node/Pod" - required: true - type: string diff --git a/charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/templates/NOTES.txt b/charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/templates/NOTES.txt deleted file mode 100644 index 797d5292d..000000000 --- a/charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/templates/NOTES.txt +++ /dev/null @@ -1,50 +0,0 @@ -CockroachDB can be accessed via port {{ .Values.service.ports.grpc.external.port }} at the -following DNS name from within your cluster: - -{{ template "cockroachdb.fullname" . }}-public.{{ .Release.Namespace }}.svc.cluster.local - -Because CockroachDB supports the PostgreSQL wire protocol, you can connect to -the cluster using any available PostgreSQL client. - -{{- if not .Values.tls.enabled }} - -For example, you can open up a SQL shell to the cluster by running: - - kubectl run -it --rm cockroach-client \ - --image=cockroachdb/cockroach \ - --restart=Never \ - {{- if .Values.networkPolicy.enabled }} - --labels="{{ template "cockroachdb.fullname" . }}-client=true" \ - {{- end }} - --command -- \ - ./cockroach sql --insecure --host={{ template "cockroachdb.fullname" . }}-public.{{ .Release.Namespace }} - -From there, you can interact with the SQL shell as you would any other SQL -shell, confident that any data you write will be safe and available even if -parts of your cluster fail. -{{- else }} - -Note that because the cluster is running in secure mode, any client application -that you attempt to connect will either need to have a valid client certificate -or a valid username and password. -{{- end }} - -{{- if and (.Values.networkPolicy.enabled) (not (empty .Values.networkPolicy.ingress.grpc)) }} - -Note: Since NetworkPolicy is enabled, the only Pods allowed to connect to this -CockroachDB cluster are: - -1. Having the label: "{{ template "cockroachdb.fullname" . }}-client=true" - -2. Matching the following rules: {{- toYaml .Values.networkPolicy.ingress.grpc | nindent 0 }} -{{- end }} - -Finally, to open up the CockroachDB admin UI, you can port-forward from your -local machine into one of the instances in the cluster: - - kubectl port-forward {{ template "cockroachdb.fullname" . }}-0 {{ index .Values.conf `http-port` | int64 }} - -Then you can access the admin UI at http{{ if .Values.tls.enabled }}s{{ end }}://localhost:{{ index .Values.conf `http-port` | int64 }}/ in your web browser. - -For more information on using CockroachDB, please see the project's docs at: -https://www.cockroachlabs.com/docs/ diff --git a/charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/templates/_helpers.tpl b/charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/templates/_helpers.tpl deleted file mode 100644 index 5de031357..000000000 --- a/charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/templates/_helpers.tpl +++ /dev/null @@ -1,64 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "cockroachdb.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 56 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "cockroachdb.fullname" -}} -{{- if .Values.fullnameOverride -}} - {{- .Values.fullnameOverride | trunc 56 | trimSuffix "-" -}} -{{- else -}} - {{- $name := default .Chart.Name .Values.nameOverride -}} - {{- if contains $name .Release.Name -}} - {{- .Release.Name | trunc 56 | trimSuffix "-" -}} - {{- else -}} - {{- printf "%s-%s" .Release.Name $name | trunc 56 | trimSuffix "-" -}} - {{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "cockroachdb.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 56 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create the name of the ServiceAccount to use. -*/}} -{{- define "cockroachdb.tls.serviceAccount.name" -}} -{{- if .Values.tls.serviceAccount.create -}} - {{- default (include "cockroachdb.fullname" .) .Values.tls.serviceAccount.name -}} -{{- else -}} - {{- default "default" .Values.tls.serviceAccount.name -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for NetworkPolicy. -*/}} -{{- define "cockroachdb.networkPolicy.apiVersion" -}} -{{- if semverCompare ">=1.4-0, <=1.7-0" .Capabilities.KubeVersion.GitVersion -}} - {{- print "extensions/v1beta1" -}} -{{- else if semverCompare "^1.7-0" .Capabilities.KubeVersion.GitVersion -}} - {{- print "networking.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for StatefulSets -*/}} -{{- define "cockroachdb.statefulset.apiVersion" -}} -{{- if semverCompare "<1.12-0" .Capabilities.KubeVersion.GitVersion -}} - {{- print "apps/v1beta1" -}} -{{- else -}} - {{- print "apps/v1" -}} -{{- end -}} -{{- end -}} diff --git a/charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/templates/clusterrole.yaml b/charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/templates/clusterrole.yaml deleted file mode 100644 index 77f1ffea1..000000000 --- a/charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/templates/clusterrole.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if and .Values.tls.enabled (not .Values.tls.certs.provided) }} -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ template "cockroachdb.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: - helm.sh/chart: {{ template "cockroachdb.chart" . }} - app.kubernetes.io/name: {{ template "cockroachdb.name" . }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - {{- with .Values.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} -rules: - - apiGroups: ["certificates.k8s.io"] - resources: ["certificatesigningrequests"] - verbs: ["create", "get", "watch"] -{{- end }} \ No newline at end of file diff --git a/charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/templates/clusterrolebinding.yaml b/charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/templates/clusterrolebinding.yaml deleted file mode 100644 index 3222317ff..000000000 --- a/charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if and .Values.tls.enabled (not .Values.tls.certs.provided) }} -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ template "cockroachdb.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: - helm.sh/chart: {{ template "cockroachdb.chart" . }} - app.kubernetes.io/name: {{ template "cockroachdb.name" . }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - {{- with .Values.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "cockroachdb.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ template "cockroachdb.tls.serviceAccount.name" . }} - namespace: {{ .Release.Namespace | quote }} -{{- end }} \ No newline at end of file diff --git a/charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/templates/ingress.yaml b/charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/templates/ingress.yaml deleted file mode 100644 index a4e7389c9..000000000 --- a/charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/templates/ingress.yaml +++ /dev/null @@ -1,52 +0,0 @@ -{{- if .Values.ingress.enabled -}} -{{- $paths := .Values.ingress.paths -}} -{{- $ports := .Values.service.ports -}} -{{- $fullName := include "cockroachdb.fullname" . -}} -apiVersion: networking.k8s.io/v1beta1 -kind: Ingress -metadata: -{{- if .Values.ingress.annotations }} - annotations: - {{- range $key, $value := .Values.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -{{- end }} - name: {{ $fullName }}-ingress - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ template "cockroachdb.chart" . }} - app.kubernetes.io/name: {{ template "cockroachdb.name" . }} - app.kubernetes.io/instance: {{ $.Release.Name | quote }} - app.kubernetes.io/managed-by: {{ $.Release.Service | quote }} -{{- if .Values.ingress.labels }} -{{- toYaml .Values.ingress.labels | nindent 4 }} -{{- end }} -spec: - rules: - {{- if .Values.ingress.hosts }} - {{- range $host := .Values.ingress.hosts }} - - host: {{ $host }} - http: - paths: - {{- range $path := $paths }} - - path: {{ $path }} - backend: - serviceName: {{ $fullName }}-public - servicePort: {{ $ports.http.name | quote }} - {{- end -}} - {{- end -}} - {{- else }} - - http: - paths: - {{- range $path := $paths }} - - path: {{ $path }} - backend: - serviceName: {{ $fullName }}-public - servicePort: {{ $ports.http.name | quote }} - {{- end -}} - {{- end -}} - {{- if .Values.ingress.tls }} - tls: -{{- toYaml .Values.ingress.tls | nindent 4 }} - {{- end -}} -{{- end -}} \ No newline at end of file diff --git a/charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/templates/job.init.yaml b/charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/templates/job.init.yaml deleted file mode 100644 index e0901f88d..000000000 --- a/charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/templates/job.init.yaml +++ /dev/null @@ -1,157 +0,0 @@ -{{- if not (index .Values.conf `single-node`) }} -kind: Job -apiVersion: batch/v1 -metadata: - name: {{ template "cockroachdb.fullname" . }}-init - namespace: {{ .Release.Namespace | quote }} - labels: - helm.sh/chart: {{ template "cockroachdb.chart" . }} - app.kubernetes.io/name: {{ template "cockroachdb.name" . }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - {{- with .Values.init.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- with .Values.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - template: - metadata: - labels: - app.kubernetes.io/name: {{ template "cockroachdb.name" . }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - {{- with .Values.init.labels }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.init.annotations }} - annotations: {{- toYaml . | nindent 8 }} - {{- end }} - spec: - restartPolicy: OnFailure - terminationGracePeriodSeconds: 0 - {{- if or .Values.image.credentials (and .Values.tls.enabled .Values.tls.init.image.credentials (not .Values.tls.certs.provided)) }} - imagePullSecrets: - {{- if .Values.image.credentials }} - - name: {{ template "cockroachdb.fullname" . }}.db.registry - {{- end }} - {{- if and .Values.tls.enabled .Values.tls.init.image.credentials (not .Values.tls.certs.provided) }} - - name: {{ template "cockroachdb.fullname" . }}.init-certs.registry - {{- end }} - {{- end }} - {{- if and .Values.tls.enabled (not .Values.tls.certs.provided)}} - serviceAccountName: {{ template "cockroachdb.tls.serviceAccount.name" . }} - initContainers: - # The init-certs container sends a CSR (certificate signing request) to - # the Kubernetes cluster. - # You can see pending requests using: - # kubectl get csr - # CSRs can be approved using: - # kubectl certificate approve - # - # In addition to the Node certificate and key, the init-certs entrypoint - # will symlink the cluster CA to the certs directory. - - name: init-certs - image: "{{ .Values.tls.init.image.repository }}:{{ .Values.tls.init.image.tag }}" - imagePullPolicy: {{ .Values.tls.init.image.pullPolicy | quote }} - command: - - /bin/ash - - -ecx - - >- - /request-cert - -namespace=${POD_NAMESPACE} - -certs-dir=/cockroach-certs/ - -symlink-ca-from=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt - -type=client - -user=root - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - volumeMounts: - - name: client-certs - mountPath: /cockroach-certs/ - {{- end }} - {{- with .Values.init.affinity }} - affinity: {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.init.nodeSelector }} - nodeSelector: {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.init.tolerations }} - tolerations: {{- toYaml . | nindent 8 }} - {{- end }} - containers: - - name: cluster-init - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - # Run the command in an `while true` loop because this Job is bound - # to come up before the CockroachDB Pods (due to the time needed to - # get PersistentVolumes attached to Nodes), and sleeping 5 seconds - # between attempts is much better than letting the Pod fail when - # the init command does and waiting out Kubernetes' non-configurable - # exponential back-off for Pod restarts. - # Command completes either when cluster initialization succeeds, - # or when cluster has been initialized already. - command: - - /bin/bash - - -c - - >- - while true; do - initOUT=$(set -x; - /cockroach/cockroach init - {{- if .Values.tls.enabled }} - --certs-dir=/cockroach-certs/ - {{- else }} - --insecure - {{- end }} - {{- with index .Values.conf "cluster-name" }} - --cluster-name={{.}} - {{- end }} - --host={{ template "cockroachdb.fullname" . }}-0.{{ template "cockroachdb.fullname" . -}} - :{{ .Values.service.ports.grpc.internal.port | int64 }} - 2>&1); - initRC="$?"; - echo $initOUT; - [[ "$initRC" == "0" ]] && exit 0; - [[ "$initOUT" == *"cluster has already been initialized"* ]] && exit 0; - sleep 5; - done - {{- if .Values.tls.enabled }} - volumeMounts: - - name: client-certs - mountPath: /cockroach-certs/ - {{- end }} - {{- with .Values.init.resources }} - resources: {{- toYaml . | nindent 12 }} - {{- end }} - {{- if .Values.tls.enabled }} - volumes: - - name: client-certs - {{- if .Values.tls.certs.provided }} - {{- if .Values.tls.certs.tlsSecret }} - projected: - sources: - - secret: - name: {{ .Values.tls.certs.clientRootSecret }} - items: - - key: ca.crt - path: ca.crt - mode: 0400 - - key: tls.crt - path: client.root.crt - mode: 0400 - - key: tls.key - path: client.root.key - mode: 0400 - {{- else }} - secret: - secretName: {{ .Values.tls.certs.clientRootSecret }} - defaultMode: 0400 - {{- end }} - {{- else }} - emptyDir: {} - {{- end }} - {{- end }} -{{- end }} diff --git a/charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/templates/networkpolicy.yaml b/charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/templates/networkpolicy.yaml deleted file mode 100644 index 1739c45e5..000000000 --- a/charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/templates/networkpolicy.yaml +++ /dev/null @@ -1,59 +0,0 @@ -{{- if .Values.networkPolicy.enabled }} -kind: NetworkPolicy -apiVersion: {{ template "cockroachdb.networkPolicy.apiVersion" . }} -metadata: - name: {{ template "cockroachdb.tls.serviceAccount.name" . }} - namespace: {{ .Release.Namespace | quote }} - labels: - helm.sh/chart: {{ template "cockroachdb.chart" . }} - app.kubernetes.io/name: {{ template "cockroachdb.name" . }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - {{- with .Values.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - podSelector: - matchLabels: - app.kubernetes.io/name: {{ template "cockroachdb.name" . }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - {{- with .Values.statefulset.labels }} - {{- toYaml . | nindent 6 }} - {{- end }} - ingress: - - ports: - - port: grpc - {{- with .Values.networkPolicy.ingress.grpc }} - from: - # Allow connections via custom rules. - {{- toYaml . | nindent 8 }} - # Allow client connection via pre-considered label. - - podSelector: - matchLabels: - {{ template "cockroachdb.fullname" . }}-client: "true" - # Allow other CockroachDBs to connect to form a cluster. - - podSelector: - matchLabels: - app.kubernetes.io/name: {{ template "cockroachdb.name" . }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - {{- with .Values.statefulset.labels }} - {{- toYaml . | nindent 14 }} - {{- end }} - {{- if gt (.Values.statefulset.replicas | int64) 1 }} - # Allow init Job to connect to bootstrap a cluster. - - podSelector: - matchLabels: - app.kubernetes.io/name: {{ template "cockroachdb.name" . }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - {{- with .Values.init.labels }} - {{- toYaml . | nindent 14 }} - {{- end }} - {{- end }} - {{- end }} - # Allow connections to admin UI and for Prometheus. - - ports: - - port: http - {{- with .Values.networkPolicy.ingress.http }} - from: {{- toYaml . | nindent 8 }} - {{- end }} -{{- end }} diff --git a/charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/templates/poddisruptionbudget.yaml b/charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/templates/poddisruptionbudget.yaml deleted file mode 100644 index e49431f89..000000000 --- a/charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,22 +0,0 @@ -kind: PodDisruptionBudget -apiVersion: policy/v1beta1 -metadata: - name: {{ template "cockroachdb.fullname" . }}-budget - namespace: {{ .Release.Namespace | quote }} - labels: - helm.sh/chart: {{ template "cockroachdb.chart" . }} - app.kubernetes.io/name: {{ template "cockroachdb.name" . }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - {{- with .Values.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: {{ template "cockroachdb.name" . }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - {{- with .Values.statefulset.labels }} - {{- toYaml . | nindent 6 }} - {{- end }} - maxUnavailable: {{ .Values.statefulset.budget.maxUnavailable | int64 }} diff --git a/charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/templates/role.yaml b/charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/templates/role.yaml deleted file mode 100644 index 62a044ddc..000000000 --- a/charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/templates/role.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.tls.enabled }} -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ template "cockroachdb.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: - helm.sh/chart: {{ template "cockroachdb.chart" . }} - app.kubernetes.io/name: {{ template "cockroachdb.name" . }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - {{- with .Values.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} -rules: - - apiGroups: [""] - resources: ["secrets"] - {{- if .Values.tls.certs.provided }} - verbs: ["get"] - {{- else }} - verbs: ["create", "get"] - {{- end }} -{{- end }} diff --git a/charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/templates/rolebinding.yaml b/charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/templates/rolebinding.yaml deleted file mode 100644 index c65441b42..000000000 --- a/charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/templates/rolebinding.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.tls.enabled }} -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ template "cockroachdb.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: - helm.sh/chart: {{ template "cockroachdb.chart" . }} - app.kubernetes.io/name: {{ template "cockroachdb.name" . }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - {{- with .Values.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "cockroachdb.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ template "cockroachdb.tls.serviceAccount.name" . }} - namespace: {{ .Release.Namespace | quote }} -{{- end }} diff --git a/charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/templates/secret.registry.yaml b/charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/templates/secret.registry.yaml deleted file mode 100644 index 3dc34f386..000000000 --- a/charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/templates/secret.registry.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- range $name, $cred := dict "db" (.Values.image.credentials) "init-certs" (.Values.tls.init.image.credentials) }} -{{- if not (empty $cred) }} -{{- if or (and (eq $name "init-certs") $.Values.tls.enabled) (ne $name "init-certs") }} ---- -kind: Secret -apiVersion: v1 -metadata: - name: {{ template "cockroachdb.fullname" $ }}.{{ $name }}.registry - namespace: {{ $.Release.Namespace | quote }} - labels: - helm.sh/chart: {{ template "cockroachdb.chart" $ }} - app.kubernetes.io/name: {{ template "cockroachdb.name" $ }} - app.kubernetes.io/instance: {{ $.Release.Name | quote }} - app.kubernetes.io/managed-by: {{ $.Release.Service | quote }} - {{- with $.Values.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} -type: kubernetes.io/dockerconfigjson -data: - .dockerconfigjson: {{ printf `{"auths":{%s:{"auth":"%s"}}}` ($cred.registry | quote) (printf "%s:%s" $cred.username $cred.password | b64enc) | b64enc | quote }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/templates/service.discovery.yaml b/charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/templates/service.discovery.yaml deleted file mode 100644 index 3b7f5d0e7..000000000 --- a/charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/templates/service.discovery.yaml +++ /dev/null @@ -1,62 +0,0 @@ -# This service only exists to create DNS entries for each pod in -# the StatefulSet such that they can resolve each other's IP addresses. -# It does not create a load-balanced ClusterIP and should not be used directly -# by clients in most circumstances. -kind: Service -apiVersion: v1 -metadata: - name: {{ template "cockroachdb.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: - helm.sh/chart: {{ template "cockroachdb.chart" . }} - app.kubernetes.io/name: {{ template "cockroachdb.name" . }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - {{- with .Values.service.discovery.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- with .Values.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - annotations: - # Use this annotation in addition to the actual field below because the - # annotation will stop being respected soon, but the field is broken in - # some versions of Kubernetes: - # https://github.com/kubernetes/kubernetes/issues/58662 - service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" - # Enable automatic monitoring of all instances when Prometheus is running - # in the cluster. - prometheus.io/scrape: "true" - prometheus.io/path: _status/vars - prometheus.io/port: {{ .Values.service.ports.http.port | quote }} - {{- with .Values.service.discovery.annotations }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - clusterIP: None - # We want all Pods in the StatefulSet to have their addresses published for - # the sake of the other CockroachDB Pods even before they're ready, since they - # have to be able to talk to each other in order to become ready. - publishNotReadyAddresses: true - ports: - {{- $ports := .Values.service.ports }} - # The main port, served by gRPC, serves Postgres-flavor SQL, inter-node - # traffic and the CLI. - - name: {{ $ports.grpc.external.name | quote }} - port: {{ $ports.grpc.external.port | int64 }} - targetPort: grpc - {{- if ne ($ports.grpc.internal.port | int64) ($ports.grpc.external.port | int64) }} - - name: {{ $ports.grpc.internal.name | quote }} - port: {{ $ports.grpc.internal.port | int64 }} - targetPort: grpc - {{- end }} - # The secondary port serves the UI as well as health and debug endpoints. - - name: {{ $ports.http.name | quote }} - port: {{ $ports.http.port | int64 }} - targetPort: http - selector: - app.kubernetes.io/name: {{ template "cockroachdb.name" . }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - {{- with .Values.statefulset.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} diff --git a/charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/templates/service.public.yaml b/charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/templates/service.public.yaml deleted file mode 100644 index 529b89d83..000000000 --- a/charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/templates/service.public.yaml +++ /dev/null @@ -1,46 +0,0 @@ -# This Service is meant to be used by clients of the database. -# It exposes a ClusterIP that will automatically load balance connections -# to the different database Pods. -kind: Service -apiVersion: v1 -metadata: - name: {{ template "cockroachdb.fullname" . }}-public - namespace: {{ .Release.Namespace | quote }} - labels: - helm.sh/chart: {{ template "cockroachdb.chart" . }} - app.kubernetes.io/name: {{ template "cockroachdb.name" . }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - {{- with .Values.service.public.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- with .Values.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} -{{- with .Values.service.public.annotations }} - annotations: {{- toYaml . | nindent 4 }} -{{- end }} -spec: - type: {{ .Values.service.public.type | quote }} - ports: - {{- $ports := .Values.service.ports }} - # The main port, served by gRPC, serves Postgres-flavor SQL, inter-node - # traffic and the CLI. - - name: {{ $ports.grpc.external.name | quote }} - port: {{ $ports.grpc.external.port | int64 }} - targetPort: grpc - {{- if ne ($ports.grpc.internal.port | int64) ($ports.grpc.external.port | int64) }} - - name: {{ $ports.grpc.internal.name | quote }} - port: {{ $ports.grpc.internal.port | int64 }} - targetPort: grpc - {{- end }} - # The secondary port serves the UI as well as health and debug endpoints. - - name: {{ $ports.http.name | quote }} - port: {{ $ports.http.port | int64 }} - targetPort: http - selector: - app.kubernetes.io/name: {{ template "cockroachdb.name" . }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - {{- with .Values.statefulset.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} diff --git a/charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/templates/serviceaccount.yaml b/charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/templates/serviceaccount.yaml deleted file mode 100644 index 45c3fe09c..000000000 --- a/charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/templates/serviceaccount.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if and .Values.tls.enabled .Values.tls.serviceAccount.create }} -kind: ServiceAccount -apiVersion: v1 -metadata: - name: {{ template "cockroachdb.tls.serviceAccount.name" . }} - namespace: {{ .Release.Namespace | quote }} - labels: - helm.sh/chart: {{ template "cockroachdb.chart" . }} - app.kubernetes.io/name: {{ template "cockroachdb.name" . }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - {{- with .Values.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} diff --git a/charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/templates/statefulset.yaml b/charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/templates/statefulset.yaml deleted file mode 100644 index adb116788..000000000 --- a/charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/templates/statefulset.yaml +++ /dev/null @@ -1,334 +0,0 @@ -kind: StatefulSet -apiVersion: {{ template "cockroachdb.statefulset.apiVersion" . }} -metadata: - name: {{ template "cockroachdb.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: - helm.sh/chart: {{ template "cockroachdb.chart" . }} - app.kubernetes.io/name: {{ template "cockroachdb.name" . }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - {{- with .Values.statefulset.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- with .Values.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - serviceName: {{ template "cockroachdb.fullname" . }} - replicas: {{ .Values.statefulset.replicas | int64 }} - updateStrategy: {{- toYaml .Values.statefulset.updateStrategy | nindent 4 }} - podManagementPolicy: {{ .Values.statefulset.podManagementPolicy | quote }} - selector: - matchLabels: - app.kubernetes.io/name: {{ template "cockroachdb.name" . }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - {{- with .Values.statefulset.labels }} - {{- toYaml . | nindent 6 }} - {{- end }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ template "cockroachdb.name" . }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - {{- with .Values.statefulset.labels }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.labels }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.statefulset.annotations }} - annotations: {{- toYaml . | nindent 8 }} - {{- end }} - spec: - {{- if or .Values.image.credentials (and .Values.tls.enabled .Values.tls.init.image.credentials (not .Values.tls.certs.provided)) }} - imagePullSecrets: - {{- if .Values.image.credentials }} - - name: {{ template "cockroachdb.fullname" . }}.db.registry - {{- end }} - {{- if and .Values.tls.enabled .Values.tls.init.image.credentials (not .Values.tls.certs.provided) }} - - name: {{ template "cockroachdb.fullname" . }}.init-certs.registry - {{- end }} - {{- end }} - {{- if .Values.tls.enabled }} - serviceAccountName: {{ template "cockroachdb.tls.serviceAccount.name" . }} - {{- if not .Values.tls.certs.provided }} - initContainers: - # The init-certs container sends a CSR (certificate signing request) to - # the Kubernetes cluster. - # You can see pending requests using: - # kubectl get csr - # CSRs can be approved using: - # kubectl certificate approve - # - # All addresses used to contact a Node must be specified in the - # `--addresses` arg. - # - # In addition to the Node certificate and key, the init-certs entrypoint - # will symlink the cluster CA to the certs directory. - - name: init-certs - image: "{{ .Values.tls.init.image.repository }}:{{ .Values.tls.init.image.tag }}" - imagePullPolicy: {{ .Values.tls.init.image.pullPolicy | quote }} - command: - - /bin/ash - - -ecx - - >- - /request-cert - -namespace=${POD_NAMESPACE} - -certs-dir=/cockroach-certs/ - -symlink-ca-from=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt - -type=node - -addresses=localhost,127.0.0.1,$(hostname -f),$(hostname -f|cut -f 1-2 -d '.'),{{ template "cockroachdb.fullname" . }}-public,{{ template "cockroachdb.fullname" . }}-public.$(hostname -f|cut -f 3- -d '.') - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - volumeMounts: - - name: certs - mountPath: /cockroach-certs/ - {{- end }} - {{- end }} - {{- if or .Values.statefulset.nodeAffinity .Values.statefulset.podAffinity .Values.statefulset.podAntiAffinity }} - affinity: - {{- with .Values.statefulset.nodeAffinity }} - nodeAffinity: {{- toYaml . | nindent 10 }} - {{- end }} - {{- with .Values.statefulset.podAffinity }} - podAffinity: {{- toYaml . | nindent 10 }} - {{- end }} - {{- if .Values.statefulset.podAntiAffinity }} - podAntiAffinity: - {{- if .Values.statefulset.podAntiAffinity.type }} - {{- if eq .Values.statefulset.podAntiAffinity.type "hard" }} - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app.kubernetes.io/name: {{ template "cockroachdb.name" . }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - {{- with .Values.statefulset.labels }} - {{- toYaml . | nindent 18 }} - {{- end }} - {{- else if eq .Values.statefulset.podAntiAffinity.type "soft" }} - preferredDuringSchedulingIgnoredDuringExecution: - - weight: {{ .Values.statefulset.podAntiAffinity.weight | int64 }} - podAffinityTerm: - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app.kubernetes.io/name: {{ template "cockroachdb.name" . }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - {{- with .Values.statefulset.labels }} - {{- toYaml . | nindent 20 }} - {{- end }} - {{- end }} - {{- else }} - {{- toYaml .Values.statefulset.podAntiAffinity | nindent 10 }} - {{- end }} - {{- end }} - {{- end }} - {{- with .Values.statefulset.nodeSelector }} - nodeSelector: {{- toYaml . | nindent 8 }} - {{- end }} - {{- if .Values.statefulset.priorityClassName }} - priorityClassName: {{ .Values.statefulset.priorityClassName }} - {{- end }} - {{- with .Values.statefulset.tolerations }} - tolerations: {{- toYaml . | nindent 8 }} - {{- end }} - # No pre-stop hook is required, a SIGTERM plus some time is all that's - # needed for graceful shutdown of a node. - terminationGracePeriodSeconds: 60 - containers: - - name: db - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - args: - - shell - - -ecx - # The use of qualified `hostname -f` is crucial: - # Other nodes aren't able to look up the unqualified hostname. - # - # `--join` CLI flag is hardcoded to exactly 3 Pods, because: - # 1. Having `--join` value depending on `statefulset.replicas` - # will trigger undesired restart of existing Pods when - # StatefulSet is scaled up/down. We want to scale without - # restarting existing Pods. - # 2. At least one Pod in `--join` is enough to successfully - # join CockroachDB cluster and gossip with all other existing - # Pods, even if there are 3 or more Pods. - # 3. It's harmless for `--join` to have 3 Pods even for 1-Pod - # clusters, while it gives us opportunity to scale up even if - # some Pods of existing cluster are down (for whatever reason). - # See details explained here: - # https://github.com/helm/charts/pull/18993#issuecomment-558795102 - - >- - exec /cockroach/cockroach - {{- if index .Values.conf `single-node` }} - start-single-node - {{- else }} - start --join= - {{- if .Values.conf.join }} - {{- join `,` .Values.conf.join -}} - {{- else }} - {{- range $i, $_ := until 3 -}} - {{- if gt $i 0 -}},{{- end -}} - ${STATEFULSET_NAME}-{{ $i }}.${STATEFULSET_FQDN}:{{ $.Values.service.ports.grpc.internal.port | int64 -}} - {{- end -}} - {{- end }} - --advertise-host=$(hostname).${STATEFULSET_FQDN} - {{- with index .Values.conf `cluster-name` }} - --cluster-name={{ . }} - {{- if index $.Values.conf `disable-cluster-name-verification` }} - --disable-cluster-name-verification - {{- end }} - {{- end }} - {{- end }} - --logtostderr={{ .Values.conf.logtostderr }} - {{- if .Values.tls.enabled }} - --certs-dir=/cockroach/cockroach-certs/ - {{- else }} - --insecure - {{- end }} - {{- with .Values.conf.attrs }} - --attrs={{ join `:` . }} - {{- end }} - --http-port={{ index .Values.conf `http-port` | int64 }} - --port={{ .Values.conf.port | int64 }} - --cache={{ .Values.conf.cache }} - --max-disk-temp-storage={{ index .Values.conf `max-disk-temp-storage` }} - --max-offset={{ index .Values.conf `max-offset` }} - --max-sql-memory={{ index .Values.conf `max-sql-memory` }} - {{- with .Values.conf.locality }} - --locality={{ . }} - {{- end }} - {{- with index .Values.conf `sql-audit-dir` }} - --sql-audit-dir={{ . }} - {{- end }} - {{- range .Values.statefulset.args }} - {{ . }} - {{- end }} - env: - - name: STATEFULSET_NAME - value: {{ template "cockroachdb.fullname" . }} - - name: STATEFULSET_FQDN - value: {{ template "cockroachdb.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} - - name: COCKROACH_CHANNEL - value: kubernetes-helm - {{- with .Values.statefulset.env }} - {{- toYaml . | nindent 12 }} - {{- end }} - ports: - - name: grpc - containerPort: {{ .Values.conf.port | int64 }} - protocol: TCP - - name: http - containerPort: {{ index .Values.conf `http-port` | int64 }} - protocol: TCP - volumeMounts: - - name: datadir - mountPath: /cockroach/cockroach-data/ - {{- if .Values.tls.enabled }} - - name: certs - mountPath: /cockroach/cockroach-certs/ - {{- end }} - {{- range .Values.statefulset.secretMounts }} - - name: {{ printf "secret-%s" . | quote }} - mountPath: {{ printf "/etc/cockroach/secrets/%s" . | quote }} - readOnly: true - {{- end }} - livenessProbe: - httpGet: - path: /health - port: http - {{- if .Values.tls.enabled }} - scheme: HTTPS - {{- end }} - initialDelaySeconds: 30 - periodSeconds: 5 - readinessProbe: - httpGet: - path: /health?ready=1 - port: http - {{- if .Values.tls.enabled }} - scheme: HTTPS - {{- end }} - initialDelaySeconds: 10 - periodSeconds: 5 - failureThreshold: 2 - {{- with .Values.statefulset.resources }} - resources: {{- toYaml . | nindent 12 }} - {{- end }} - volumes: - - name: datadir - {{- if .Values.storage.persistentVolume.enabled }} - persistentVolumeClaim: - claimName: datadir - {{- else if .Values.storage.hostPath }} - hostPath: - path: {{ .Values.storage.hostPath | quote }} - {{- else }} - emptyDir: {} - {{- end }} - {{- if .Values.tls.enabled }} - - name: certs - {{- if .Values.tls.certs.provided }} - {{- if .Values.tls.certs.tlsSecret }} - projected: - sources: - - secret: - name: {{ .Values.tls.certs.nodeSecret }} - items: - - key: ca.crt - path: ca.crt - mode: 0400 - - key: tls.crt - path: node.crt - mode: 0400 - - key: tls.key - path: node.key - mode: 0400 - {{- else }} - secret: - secretName: {{ .Values.tls.certs.nodeSecret }} - defaultMode: 0400 - {{- end }} - {{- else }} - emptyDir: {} - {{- end }} - {{- end }} - {{- range .Values.statefulset.secretMounts }} - - name: {{ printf "secret-%s" . | quote }} - secret: - secretName: {{ . | quote }} - {{- end }} -{{- if .Values.storage.persistentVolume.enabled }} - volumeClaimTemplates: - - metadata: - name: datadir - labels: - app.kubernetes.io/name: {{ template "cockroachdb.name" . }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - {{- with .Values.storage.persistentVolume.labels }} - {{- toYaml . | nindent 10 }} - {{- end }} - {{- with .Values.labels }} - {{- toYaml . | nindent 10 }} - {{- end }} - {{- with .Values.storage.persistentVolume.annotations }} - annotations: {{- toYaml . | nindent 10 }} - {{- end }} - spec: - accessModes: ["ReadWriteOnce"] - {{- if .Values.storage.persistentVolume.storageClass }} - {{- if (eq "-" .Values.storage.persistentVolume.storageClass) }} - storageClassName: "" - {{- else }} - storageClassName: {{ .Values.storage.persistentVolume.storageClass | quote}} - {{- end }} - {{- end }} - resources: - requests: - storage: {{ .Values.storage.persistentVolume.size | quote }} -{{- end }} diff --git a/charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/templates/tests/client.yaml b/charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/templates/tests/client.yaml deleted file mode 100644 index 8c8f96be7..000000000 --- a/charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/templates/tests/client.yaml +++ /dev/null @@ -1,65 +0,0 @@ -kind: Pod -apiVersion: v1 -metadata: - name: {{ template "cockroachdb.fullname" . }}-test - namespace: {{ .Release.Namespace | quote }} -{{- if .Values.networkPolicy.enabled }} - labels: - {{ template "cockroachdb.fullname" . }}-client: "true" -{{- end }} - annotations: - helm.sh/hook: test-success -spec: - restartPolicy: Never -{{- if .Values.image.credentials }} - imagePullSecrets: - - name: {{ template "cockroachdb.fullname" . }}.db.registry -{{- end }} - {{- if .Values.tls.certs.provided }} - volumes: - - name: client-certs - {{- if .Values.tls.certs.tlsSecret }} - projected: - sources: - - secret: - name: {{ .Values.tls.certs.clientRootSecret }} - items: - - key: ca.crt - path: ca.crt - mode: 0400 - - key: tls.crt - path: client.root.crt - mode: 0400 - - key: tls.key - path: client.root.key - mode: 0400 - {{- else }} - secret: - secretName: {{ .Values.tls.certs.clientRootSecret }} - defaultMode: 0400 - {{- end }} - {{- end }} - containers: - - name: client-test - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if .Values.tls.certs.provided }} - volumeMounts: - - name: client-certs - mountPath: /cockroach-certs - {{- end }} - command: - - /cockroach/cockroach - - sql - {{- if .Values.tls.certs.provided }} - - --certs-dir - - /cockroach-certs - {{- else }} - - --insecure - {{- end}} - - --host - - {{ template "cockroachdb.fullname" . }}-public.{{ .Release.Namespace }} - - --port - - {{ .Values.service.ports.grpc.external.port | quote }} - - -e - - SHOW DATABASES; diff --git a/charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/values.yaml b/charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/values.yaml deleted file mode 100644 index 0ed532d7e..000000000 --- a/charts/cockroachdb/cockroachdb/4.1.200+up4.1.2/values.yaml +++ /dev/null @@ -1,382 +0,0 @@ -image: - repository: cockroachdb/cockroach - tag: v20.1.3 - pullPolicy: IfNotPresent - credentials: {} - # registry: docker.io - # username: john_doe - # password: changeme - - -# Additional labels to apply to all Kubernetes resources created by this chart. -labels: {} - # app.kubernetes.io/part-of: my-app - - -# Cluster's default DNS domain. -# You should overwrite it if you're using a different one, -# otherwise CockroachDB nodes discovery won't work. -clusterDomain: cluster.local - - -conf: - # An ordered list of CockroachDB node attributes. - # Attributes are arbitrary strings specifying machine capabilities. - # Machine capabilities might include specialized hardware or number of cores - # (e.g. "gpu", "x16c"). - attrs: [] - # - x16c - # - gpu - - # Total size in bytes for caches, shared evenly if there are multiple - # storage devices. Size suffixes are supported (e.g. `1GB` and `1GiB`). - # A percentage of physical memory can also be specified (e.g. `.25`). - cache: 25% - - # Sets a name to verify the identity of a cluster. - # The value must match between all nodes specified via `conf.join`. - # This can be used as an additional verification when either the node or - # cluster, or both, have not yet been initialized and do not yet know their - # cluster ID. - # To introduce a cluster name into an already-initialized cluster, pair this - # option with `conf.disable-cluster-name-verification: yes`. - cluster-name: "" - - # Tell the server to ignore `conf.cluster-name` mismatches. - # This is meant for use when opting an existing cluster into starting to use - # cluster name verification, or when changing the cluster name. - # The cluster should be restarted once with `conf.cluster-name` and - # `conf.disable-cluster-name-verification: yes` combined, and once all nodes - # have been updated to know the new cluster name, the cluster can be restarted - # again with `conf.disable-cluster-name-verification: no`. - # This option has no effect if `conf.cluster-name` is not specified. - disable-cluster-name-verification: false - - # The addresses for connecting a CockroachDB nodes to an existing cluster. - # If you are deploying a second CockroachDB instance that should join a first - # one, use the below list to join to the existing instance. - # Each item in the array should be a FQDN (and port if needed) resolvable by - # new Pods. - join: [] - - # Logs at or above this threshold to STDERR. - logtostderr: INFO - - # Maximum storage capacity available to store temporary disk-based data for - # SQL queries that exceed the memory budget (e.g. join, sorts, etc are - # sometimes able to spill intermediate results to disk). - # Accepts numbers interpreted as bytes, size suffixes (e.g. `32GB` and - # `32GiB`) or a percentage of disk size (e.g. `10%`). - # The location of the temporary files is within the first store dir. - # If expressed as a percentage, `max-disk-temp-storage` is interpreted - # relative to the size of the storage device on which the first store is - # placed. The temp space usage is never counted towards any store usage - # (although it does share the device with the first store) so, when - # configuring this, make sure that the size of this temp storage plus the size - # of the first store don't exceed the capacity of the storage device. - # If the first store is an in-memory one (i.e. `type=mem`), then this - # temporary "disk" data is also kept in-memory. - # A percentage value is interpreted as a percentage of the available internal - # memory. - max-disk-temp-storage: 0 - - # Maximum allowed clock offset for the cluster. If observed clock offsets - # exceed this limit, servers will crash to minimize the likelihood of - # reading inconsistent data. Increasing this value will increase the time - # to recovery of failures as well as the frequency of uncertainty-based - # read restarts. - # Note, that this value must be the same on all nodes in the cluster. - # In order to change it, all nodes in the cluster must be stopped - # simultaneously and restarted with the new value. - max-offset: 500ms - - # Maximum memory capacity available to store temporary data for SQL clients, - # including prepared queries and intermediate data rows during query - # execution. Accepts numbers interpreted as bytes, size suffixes - # (e.g. `1GB` and `1GiB`) or a percentage of physical memory (e.g. `.25`). - max-sql-memory: 25% - - # An ordered, comma-separated list of key-value pairs that describe the - # topography of the machine. Topography might include country, datacenter - # or rack designations. Data is automatically replicated to maximize - # diversities of each tier. The order of tiers is used to determine - # the priority of the diversity, so the more inclusive localities like - # country should come before less inclusive localities like datacenter. - # The tiers and order must be the same on all nodes. Including more tiers - # is better than including fewer. For example: - # locality: country=us,region=us-west,datacenter=us-west-1b,rack=12 - # locality: country=ca,region=ca-east,datacenter=ca-east-2,rack=4 - # locality: planet=earth,province=manitoba,colo=secondary,power=3 - locality: "" - - # Run CockroachDB instances in standalone mode with replication disabled - # (replication factor = 1). - # Enabling this option makes the following values to be ignored: - # - `conf.cluster-name` - # - `conf.disable-cluster-name-verification` - # - `conf.join` - # - # WARNING: Enabling this option makes each deployed Pod as a STANDALONE - # CockroachDB instance, so the StatefulSet does NOT FORM A CLUSTER. - # Don't use this option for production deployments unless you clearly - # understand what you're doing. - # Usually, this option is intended to be used in conjunction with - # `statefulset.replicas: 1` for temporary one-time deployments (like - # running E2E tests, for example). - single-node: false - - # If non-empty, create a SQL audit log in the specified directory. - sql-audit-dir: "" - - # CockroachDB's port to listen to inter-communications and client connections. - port: 26257 - - # CockroachDB's port to listen to HTTP requests. - http-port: 8080 - - -statefulset: - replicas: 3 - updateStrategy: - type: RollingUpdate - podManagementPolicy: Parallel - budget: - maxUnavailable: 1 - - # List of additional command-line arguments you want to pass to the - # `cockroach start` command. - args: [] - # - --disable-cluster-name-verification - - # List of extra environment variables to pass into container - env: [] - # - name: COCKROACH_ENGINE_MAX_SYNC_DURATION - # value: "24h" - - # List of Secrets names in the same Namespace as the CockroachDB cluster, - # which shall be mounted into `/etc/cockroach/secrets/` for every cluster - # member. - secretMounts: [] - - # Additional labels to apply to this StatefulSet and all its Pods. - labels: - app.kubernetes.io/component: cockroachdb - - # Additional annotations to apply to the Pods of this StatefulSet. - annotations: {} - - # Affinity rules for scheduling Pods of this StatefulSet on Nodes. - # https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-affinity - nodeAffinity: {} - # Inter-Pod Affinity rules for scheduling Pods of this StatefulSet. - # https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#inter-pod-affinity-and-anti-affinity - podAffinity: {} - # Anti-affinity rules for scheduling Pods of this StatefulSet. - # https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#inter-pod-affinity-and-anti-affinity - # You may either toggle options below for default anti-affinity rules, - # or specify the whole set of anti-affinity rules instead of them. - podAntiAffinity: - # Type of anti-affinity rules: either `soft`, `hard` or empty value (which - # disables anti-affinity rules). - type: soft - # Weight for `soft` anti-affinity rules. - # Does not apply for other anti-affinity types. - weight: 100 - - # Node selection constraints for scheduling Pods of this StatefulSet. - # https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - nodeSelector: {} - - # PriorityClassName given to Pods of this StatefulSet - # https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass - priorityClassName: "" - - # Taints to be tolerated by Pods of this StatefulSet. - # https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - tolerations: [] - - - # Uncomment the following resources definitions or pass them from - # command line to control the CPU and memory resources allocated - # by Pods of this StatefulSet. - resources: {} - # limits: - # cpu: 100m - # memory: 512Mi - # requests: - # cpu: 100m - # memory: 512Mi - - -service: - ports: - # You can set a different external and internal gRPC ports and their name. - grpc: - external: - port: 26257 - name: grpc - # If the port number is different than `external.port`, then it will be - # named as `internal.name` in Service. - internal: - port: 26257 - # If using Istio set it to `cockroach`. - name: grpc-internal - http: - port: 8080 - name: http - - # This Service is meant to be used by clients of the database. - # It exposes a ClusterIP that will automatically load balance connections - # to the different database Pods. - public: - type: ClusterIP - # Additional labels to apply to this Service. - labels: - app.kubernetes.io/component: cockroachdb - # Additional annotations to apply to this Service. - annotations: {} - - # This service only exists to create DNS entries for each pod in - # the StatefulSet such that they can resolve each other's IP addresses. - # It does not create a load-balanced ClusterIP and should not be used directly - # by clients in most circumstances. - discovery: - # Additional labels to apply to this Service. - labels: - app.kubernetes.io/component: cockroachdb - # Additional annotations to apply to this Service. - annotations: {} - -# CockroachDB's ingress for web ui. -ingress: - enabled: false - labels: {} - annotations: {} - # kubernetes.io/ingress.class: nginx - # cert-manager.io/cluster-issuer: letsencrypt - paths: [/] - hosts: [] - # - cockroachlabs.com - tls: [] - # - hosts: [cockroachlabs.com] - # secretName: cockroachlabs-tls - -# CockroachDB's data persistence. -# If neither `persistentVolume` nor `hostPath` is used, then data will be -# persisted in ad-hoc `emptyDir`. -storage: - # Absolute path on host to store CockroachDB's data. - # If not specified, then `emptyDir` will be used instead. - # If specified, but `persistentVolume.enabled` is `true`, then has no effect. - hostPath: "" - - # If `enabled` is `true` then a PersistentVolumeClaim will be created and - # used to store CockroachDB's data, otherwise `hostPath` is used. - persistentVolume: - enabled: true - - size: 100Gi - - # If defined, then `storageClassName: `. - # If set to "-", then `storageClassName: ""`, which disables dynamic - # provisioning. - # If undefined or empty (default), then no `storageClassName` spec is set, - # so the default provisioner will be chosen (gp2 on AWS, standard on - # GKE, AWS & OpenStack). - storageClass: "" - - # Additional labels to apply to the created PersistentVolumeClaims. - labels: {} - # Additional annotations to apply to the created PersistentVolumeClaims. - annotations: {} - - -# Kubernetes Job which initializes multi-node CockroachDB cluster. -# It's not created if `statefulset.replicas` is `1`. -init: - # Additional labels to apply to this Job and its Pod. - labels: - app.kubernetes.io/component: init - - # Additional annotations to apply to the Pod of this Job. - annotations: {} - - # Affinity rules for scheduling the Pod of this Job. - # https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-affinity - affinity: {} - - # Node selection constraints for scheduling the Pod of this Job. - # https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - nodeSelector: {} - - # Taints to be tolerated by the Pod of this Job. - # https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - tolerations: [] - - # The init Pod runs at cluster creation to initialize CockroachDB. It finishes - # quickly and doesn't continue to consume resources in the Kubernetes - # cluster. Normally, you should leave this section commented out, but if your - # Kubernetes cluster uses Resource Quotas and requires all pods to specify - # resource requests or limits, you can set those here. - resources: {} - # requests: - # cpu: "10m" - # memory: "128Mi" - # limits: - # cpu: "10m" - # memory: "128Mi" - - -# Whether to run securely using TLS certificates. -tls: - enabled: false - serviceAccount: - # Specifies whether this ServiceAccount should be created. - create: true - # The name of this ServiceAccount to use. - # If not set and `create` is `true`, then a name is auto-generated. - name: "" - certs: - # Bring your own certs scenario. If provided, tls.init section will be ignored. - provided: false - # Secret name for the client root cert. - clientRootSecret: cockroachdb-root - # Secret name for node cert. - nodeSecret: cockroachdb-node - # Enable if the secret is a dedicated TLS. - # TLS secrets are created by cert-mananger, for example. - tlsSecret: false - - init: - # Image to use for requesting TLS certificates. - image: - repository: cockroachdb/cockroach-k8s-request-cert - tag: "0.4" - pullPolicy: IfNotPresent - credentials: {} - # registry: docker.io - # username: john_doe - # password: changeme - - -networkPolicy: - enabled: false - - ingress: - # List of sources which should be able to access the CockroachDB Pods via - # gRPC port. Items in this list are combined using a logical OR operation. - # Rules for allowing inter-communication are applied automatically. - # If empty, then connections from any Pod is allowed. - grpc: [] - # - podSelector: - # matchLabels: - # app.kubernetes.io/name: my-app-django - # app.kubernetes.io/instance: my-app - - # List of sources which should be able to access the CockroachDB Pods via - # HTTP port. Items in this list are combined using a logical OR operation. - # If empty, then connections from any Pod is allowed. - http: [] - # - namespaceSelector: - # matchLabels: - # project: my-project diff --git a/charts/cockroachdb/cockroachdb/4.1.200/Chart.yaml b/charts/cockroachdb/cockroachdb/4.1.200/Chart.yaml deleted file mode 100755 index b8ce2f514..000000000 --- a/charts/cockroachdb/cockroachdb/4.1.200/Chart.yaml +++ /dev/null @@ -1,15 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: cockroachdb -apiVersion: v1 -appVersion: 20.1.3 -description: CockroachDB is a scalable, survivable, strongly-consistent SQL database. -home: https://www.cockroachlabs.com -icon: https://raw.githubusercontent.com/cockroachdb/cockroach/master/docs/media/cockroach_db.png -maintainers: -- email: helm-charts@cockroachlabs.com - name: cockroachlabs -name: cockroachdb -sources: -- https://github.com/cockroachdb/cockroach -version: 4.1.200 diff --git a/charts/cockroachdb/cockroachdb/4.1.200/README.md b/charts/cockroachdb/cockroachdb/4.1.200/README.md deleted file mode 100755 index cbb90aa27..000000000 --- a/charts/cockroachdb/cockroachdb/4.1.200/README.md +++ /dev/null @@ -1,477 +0,0 @@ -# CockroachDB Helm Chart - -[CockroachDB](https://github.com/cockroachdb/cockroach) - the open source, cloud-native distributed SQL database. - -## Documentation - -Below is a brief overview of operating the CockroachDB Helm Chart and some specific implementation details. For additional information on deploying CockroachDB, please see: -> - -Note that the documentation requires Helm 3.0 or higher. - -## Prerequisites Details - -* Kubernetes 1.8 -* PV support on the underlying infrastructure (only if using `storage.persistentVolume`). [Docker for windows hostpath provisioner is not supported](https://github.com/cockroachdb/docs/issues/3184). -* If you want to secure your cluster to use TLS certificates for all network communication, [Helm must be installed with RBAC privileges](https://helm.sh/docs/topics/rbac/) or else you will get an "attempt to grant extra privileges" error. - -## StatefulSet Details - -* - -## StatefulSet Caveats - -* - -## Chart Details - -This chart will do the following: - -* Set up a dynamically scalable CockroachDB cluster using a Kubernetes StatefulSet. - -## Add the CockroachDB Repository - -```shell -helm repo add cockroachdb https://charts.cockroachdb.com/ -``` - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```shell -helm install my-release cockroachdb/cockroachdb -``` - -Note that for a production cluster, you will likely want to override the following parameters in [`values.yaml`](values.yaml) with your own values. - -- `statefulset.resources.requests.memory` and `statefulset.resources.limits.memory` allocate memory resources to CockroachDB pods in your cluster. -- `conf.cache` and `conf.max-sql-memory` are memory limits that we recommend setting to 1/4 of the above resource allocation. When running CockroachDB, you must set these limits explicitly to avoid running out of memory. -- `storage.persistentVolume.size` defaults to `100Gi` of disk space per pod, which you may increase or decrease for your use case. -- `storage.persistentVolume.storageClass` uses the default storage class for your environment. We strongly recommend that you specify a storage class which uses an SSD. -- `tls.enabled` must be set to `yes`/`true` to deploy in secure mode. - -For more information on overriding the `values.yaml` parameters, please see: -> - -If you are running in secure mode (with configuration parameter `tls.enabled` set to `yes`/`true`) and `tls.certs.provided` set to `no`/`false`), then you will have to manually approve the cluster's security certificates as the pods are created. You can see the pending CSRs (certificate signing requests) by running `kubectl get csr`, and approve them by running `kubectl certificate approve `. You'll have to approve one certificate for each CockroachDB node (e.g., `default.node.my-release-cockroachdb-0` and one client certificate for the job that initializes the cluster (e.g., `default.node.root`). - -When `tls.certs.provided` is set to `yes`/`true`, this chart will use certificates created outside of Kubernetes. You may want to use this if you want to use a different certificate authority from the one being used by Kubernetes or if your Kubernetes cluster doesn't fully support certificate-signing requests. To use this, first set up your certificates and load them into your Kubernetes cluster as Secrets using the commands below: - -``` -mkdir certs -mkdir my-safe-directory -cockroach cert create-ca --certs-dir=certs --ca-key=my-safe-directory/ca.key -cockroach cert create-client root --certs-dir=certs --ca-key=my-safe-directory/ca.key -kubectl create secret generic cockroachdb-root --from-file=certs -cockroach cert create-node --certs-dir=certs --ca-key=my-safe-directory/ca.key localhost 127.0.0.1 eerie-horse-cockroachdb-public eerie-horse-cockroachdb-public.default eerie-horse-cockroachdb-public.default.svc.cluster.local *.eerie-horse-cockroachdb *.eerie-horse-cockroachdb.default *.eerie-horse-cockroachdb.default.svc.cluster.local -kubectl create secret generic cockroachdb-node --from-file=certs -``` - -Set `tls.certs.tlsSecret` to `yes/true` if you make use of [cert-manager][3] in your cluster. - -[cert-manager][3] stores generated certificates in dedicated TLS secrets. Thus, they are always named: - -* `ca.crt` -* `tls.crt` -* `tls.key` - -On the other hand, CockroachDB also demands dedicated certificate filenames: - -* `ca.crt` -* `node.crt` -* `node.key` -* `client.root.crt` -* `client.root.key` - -By activating `tls.certs.tlsSecret` we benefit from projected secrets and convert the TLS secret filenames to their according CockroachDB filenames. - -If you are running in secure mode, then you will have to manually approve the cluster's security certificates as the pods are created. You can see the pending CSRs (certificate signing requests) by running `kubectl get csr`, and approve them by running `kubectl certificate approve `. You'll have to approve one certificate for each CockroachDB node (e.g., `default.node.my-release-cockroachdb-0` and one client certificate for the job that initializes the cluster (e.g., `default.node.root`). - -Confirm that all pods are `Running` successfully and init has been completed: - -```shell -kubectl get pods -``` - -``` -NAME READY STATUS RESTARTS AGE -my-release-cockroachdb-0 1/1 Running 0 1m -my-release-cockroachdb-1 1/1 Running 0 1m -my-release-cockroachdb-2 1/1 Running 0 1m -my-release-cockroachdb-init-k6jcr 0/1 Completed 0 1m -``` - -Confirm that persistent volumes are created and claimed for each pod: - -```shell -kubectl get pv -``` - -``` -NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE -pvc-64878ebf-f3f0-11e8-ab5b-42010a8e0035 100Gi RWO Delete Bound default/datadir-my-release-cockroachdb-0 standard 51s -pvc-64945b4f-f3f0-11e8-ab5b-42010a8e0035 100Gi RWO Delete Bound default/datadir-my-release-cockroachdb-1 standard 51s -pvc-649d920d-f3f0-11e8-ab5b-42010a8e0035 100Gi RWO Delete Bound default/datadir-my-release-cockroachdb-2 standard 51s -``` - -## Upgrading the cluster - -### Chart version 3.0.0 and after - -Launch a temporary interactive pod and start the built-in SQL client: - -```shell -kubectl run cockroachdb --rm -it \ ---image=cockroachdb/cockroach \ ---restart=Never \ --- sql --insecure --host=my-release-cockroachdb-public -``` - -> If you are running in secure mode, you will have to provide a client certificate to the cluster in order to authenticate, so the above command will not work. See [here](https://github.com/cockroachdb/cockroach/blob/master/cloud/kubernetes/client-secure.yaml) for an example of how to set up an interactive SQL shell against a secure cluster or [here](https://github.com/cockroachdb/cockroach/blob/master/cloud/kubernetes/example-app-secure.yaml) for an example application connecting to a secure cluster. - -Set `cluster.preserve_downgrade_option`, where `$current_version` is the CockroachDB version currently running (e.g., `19.2`): - -```sql -> SET CLUSTER SETTING cluster.preserve_downgrade_option = '$current_version'; -``` - -Exit the shell and delete the temporary pod: - -```sql -> \q -``` - -Kick off the upgrade process by changing the new Docker image, where `$new_version` is the CockroachDB version to which you are upgrading: - -```shell -kubectl delete job my-release-cockroachdb-init -``` - -```shell -helm upgrade my-release cockroachdb/cockroachdb \ ---set image.tag=$new_version \ ---reuse-values -``` - -Kubernetes will carry out a safe [rolling upgrade](https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#updating-statefulsets) of your CockroachDB nodes one-by-one. Monitor the cluster's pods until all have been successfully restarted: - -```shell -kubectl get pods -``` - -``` -NAME READY STATUS RESTARTS AGE -my-release-cockroachdb-0 1/1 Running 0 2m -my-release-cockroachdb-1 1/1 Running 0 3m -my-release-cockroachdb-2 1/1 Running 0 3m -my-release-cockroachdb-3 0/1 ContainerCreating 0 25s -my-release-cockroachdb-init-nwjkh 0/1 ContainerCreating 0 6s -``` - -```shell -kubectl get pods \ --o jsonpath='{range .items[*]}{.metadata.name}{"\t"}{.spec.containers[0].image}{"\n"}' -``` - -``` -my-release-cockroachdb-0 cockroachdb/cockroach:v20.1.3 -my-release-cockroachdb-1 cockroachdb/cockroach:v20.1.3 -my-release-cockroachdb-2 cockroachdb/cockroach:v20.1.3 -my-release-cockroachdb-3 cockroachdb/cockroach:v20.1.3 -``` - -Resume normal operations. Once you are comfortable that the stability and performance of the cluster is what you'd expect post-upgrade, finalize the upgrade: - -```shell -kubectl run cockroachdb --rm -it \ ---image=cockroachdb/cockroach \ ---restart=Never \ --- sql --insecure --host=my-release-cockroachdb-public -``` - -```sql -> RESET CLUSTER SETTING cluster.preserve_downgrade_option; -> \q -``` - -### Chart versions prior to 3.0.0 - -Due to a change in the label format in version 3.0.0 of this chart, upgrading requires that you delete the StatefulSet. Luckily there is a way to do it without actually deleting all the resources managed by the StatefulSet. Use the workaround below to upgrade from charts versions previous to 3.0.0: - -Get the new labels from the specs rendered by Helm: - -```shell -helm template -f deploy.vals.yml cockroachdb/cockroachdb -x templates/statefulset.yaml \ -| yq r - spec.template.metadata.labels -``` - -``` -app.kubernetes.io/name: cockroachdb -app.kubernetes.io/instance: my-release -app.kubernetes.io/component: cockroachdb -``` - -Place the new labels on all pods of the StatefulSet (change `my-release-cockroachdb-0` to the name of each pod): - -```shell -kubectl label pods my-release-cockroachdb-0 \ -app.kubernetes.io/name=cockroachdb \ -app.kubernetes.io/instance=my-release \ -app.kubernetes.io/component=cockroachdb -``` - -Delete the StatefulSet without deleting pods: - -```shell -kubectl delete statefulset my-release-cockroachdb --cascade=false -``` - -Verify that no pod is deleted and then upgrade as normal. A new StatefulSet will be created, taking over the management of the existing pods and upgrading them if needed. - -### See also - -For more information about upgrading a cluster to the latest major release of CockroachDB, see [Upgrade to CockroachDB v20.1](https://www.cockroachlabs.com/docs/stable/upgrade-cockroach-version.html). - -Note that there are some backward-incompatible changes to SQL features between versions 19.2 and 20.1. For details, see the [CockroachDB v20.1.0 release notes](https://www.cockroachlabs.com/docs/releases/v20.1.0.html#backward-incompatible-changes). - -## Configuration - -The following table lists the configurable parameters of the CockroachDB chart and their default values. -For details see the [`values.yaml`](values.yaml) file. - -| Parameter | Description | Default | -| --------- | ----------- | ------- | -| `clusterDomain` | Cluster's default DNS domain | `cluster.local` | -| `conf.attrs` | CockroachDB node attributes | `[]` | -| `conf.cache` | Size of CockroachDB's in-memory cache | `25%` | -| `conf.cluster-name` | Name of CockroachDB cluster | `""` | -| `conf.disable-cluster-name-verification` | Disable CockroachDB cluster name verification | `no` | -| `conf.join` | List of already-existing CockroachDB instances | `[]` | -| `conf.max-disk-temp-storage` | Max storage capacity for temp data | `0` | -| `conf.max-offset` | Max allowed clock offset for CockroachDB cluster | `500ms` | -| `conf.max-sql-memory` | Max memory to use processing SQL querie | `25%` | -| `conf.locality` | Locality attribute for this deployment | `""` | -| `conf.single-node` | Disable CockroachDB clustering (standalone mode) | `no` | -| `conf.sql-audit-dir` | Directory for SQL audit log | `""` | -| `conf.port` | CockroachDB primary serving port in Pods | `26257` | -| `conf.http-port` | CockroachDB HTTP port in Pods | `8080` | -| `image.repository` | Container image name | `cockroachdb/cockroach` | -| `image.tag` | Container image tag | `v20.1.3` | -| `image.pullPolicy` | Container pull policy | `IfNotPresent` | -| `image.credentials` | `registry`, `user` and `pass` credentials to pull private image | `{}` | -| `statefulset.replicas` | StatefulSet replicas number | `3` | -| `statefulset.updateStrategy` | Update strategy for StatefulSet Pods | `{"type": "RollingUpdate"}` | -| `statefulset.podManagementPolicy` | `OrderedReady`/`Parallel` Pods creation/deletion order | `Parallel` | -| `statefulset.budget.maxUnavailable` | k8s PodDisruptionBudget parameter | `1` | -| `statefulset.args` | Extra command-line arguments | `[]` | -| `statefulset.env` | Extra env vars | `[]` | -| `statefulset.secretMounts` | Additional Secrets to mount at cluster members | `[]` | -| `statefulset.labels` | Additional labels of StatefulSet and its Pods | `{"app.kubernetes.io/component": "cockroachdb"}` | -| `statefulset.annotations` | Additional annotations of StatefulSet Pods | `{}` | -| `statefulset.nodeAffinity` | [Node affinity rules][2] of StatefulSet Pods | `{}` | -| `statefulset.podAffinity` | [Inter-Pod affinity rules][1] of StatefulSet Pods | `{}` | -| `statefulset.podAntiAffinity` | [Anti-affinity rules][1] of StatefulSet Pods | auto | -| `statefulset.podAntiAffinity.type` | Type of auto [anti-affinity rules][1] | `soft` | -| `statefulset.podAntiAffinity.weight` | Weight for `soft` auto [anti-affinity rules][1] | `100` | -| `statefulset.nodeSelector` | Node labels for StatefulSet Pods assignment | `{}` | -| `statefulset.priorityClassName` | [PriorityClassName][4] for StatefulSet Pods | `""` | -| `statefulset.tolerations` | Node taints to tolerate by StatefulSet Pods | `[]` | -| `statefulset.resources` | Resource requests and limits for StatefulSet Pods | `{}` | -| `service.ports.grpc.external.port` | CockroachDB primary serving port in Services | `26257` | -| `service.ports.grpc.external.name` | CockroachDB primary serving port name in Services | `grpc` | -| `service.ports.grpc.internal.port` | CockroachDB inter-communication port in Services | `26257` | -| `service.ports.grpc.internal.name` | CockroachDB inter-communication port name in Services | `grpc-internal` | -| `service.ports.http.port` | CockroachDB HTTP port in Services | `8080` | -| `service.ports.http.name` | CockroachDB HTTP port name in Services | `http` | -| `service.public.type` | Public Service type | `ClusterIP` | -| `service.public.labels` | Additional labels of public Service | `{"app.kubernetes.io/component": "cockroachdb"}` | -| `service.public.annotations` | Additional annotations of public Service | `{}` | -| `service.discovery.labels` | Additional labels of discovery Service | `{"app.kubernetes.io/component": "cockroachdb"}` | -| `service.discovery.annotations` | Additional annotations of discovery Service | `{}` | -| `storage.hostPath` | Absolute path on host to store data | `""` | -| `storage.persistentVolume.enabled` | Whether to use PersistentVolume to store data | `yes` | -| `storage.persistentVolume.size` | PersistentVolume size | `100Gi` | -| `storage.persistentVolume.storageClass` | PersistentVolume class | `""` | -| `storage.persistentVolume.labels` | Additional labels of PersistentVolumeClaim | `{}` | -| `storage.persistentVolume.annotations` | Additional annotations of PersistentVolumeClaim | `{}` | -| `init.labels` | Additional labels of init Job and its Pod | `{"app.kubernetes.io/component": "init"}` | -| `init.annotations` | Additional labels of the Pod of init Job | `{}` | -| `init.affinity` | [Affinity rules][2] of init Job Pod | `{}` | -| `init.nodeSelector` | Node labels for init Job Pod assignment | `{}` | -| `init.tolerations` | Node taints to tolerate by init Job Pod | `[]` | -| `init.resources` | Resource requests and limits for the Pod of init Job | `{}` | -| `tls.enabled` | Whether to run securely using TLS certificates | `no` | -| `tls.serviceAccount.create` | Whether to create a new RBAC service account | `yes` | -| `tls.serviceAccount.name` | Name of RBAC service account to use | `""` | -| `tls.certs.provided` | Bring your own certs scenario, i.e certificates are provided | `no` | -| `tls.certs.clientRootSecret` | If certs are provided, secret name for client root cert | `cockroachdb-root` | -| `tls.certs.nodeSecret` | If certs are provided, secret name for node cert | `cockroachdb-node` | -| `tls.certs.tlsSecret` | Own certs are stored in TLS secret | `no` | -| `tls.init.image.repository` | Image to use for requesting TLS certificates | `cockroachdb/cockroach-k8s-request-cert` | -| `tls.init.image.tag` | Image tag to use for requesting TLS certificates | `0.4` | -| `tls.init.image.pullPolicy` | Requesting TLS certificates container pull policy | `IfNotPresent` | -| `tls.init.image.credentials` | `registry`, `user` and `pass` credentials to pull private image | `{}` | -| `networkPolicy.enabled` | Enable NetworkPolicy for CockroachDB's Pods | `no` | -| `networkPolicy.ingress.grpc` | Whitelist resources to access gRPC port of CockroachDB's Pods | `[]` | -| `networkPolicy.ingress.http` | Whitelist resources to access gRPC port of CockroachDB's Pods | `[]` | - -Override the default parameters using the `--set key=value[,key=value]` argument to `helm install`. - -Alternatively, a YAML file that specifies custom values for the parameters can be provided while installing the chart. For example: - -```shell -helm install my-release -f my-values.yaml cockroachdb/cockroachdb -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -## Deep dive - -### Connecting to the CockroachDB cluster - -Once you've created the cluster, you can start talking to it by connecting to its `-public` Service. CockroachDB is PostgreSQL wire protocol compatible, so there's a [wide variety of supported clients](https://www.cockroachlabs.com/docs/install-client-drivers.html). As an example, we'll open up a SQL shell using CockroachDB's built-in shell and play around with it a bit, like this (likely needing to replace `my-release-cockroachdb-public` with the name of the `-public` Service that was created with your installed chart): - -```shell -kubectl run cockroach-client --rm -it \ ---image=cockroachdb/cockroach \ ---restart=Never \ --- sql --insecure --host my-release-cockroachdb-public -``` - -``` -Waiting for pod default/cockroach-client to be running, status is Pending, -pod ready: false -If you don't see a command prompt, try pressing enter. -root@my-release-cockroachdb-public:26257> SHOW DATABASES; -+--------------------+ -| Database | -+--------------------+ -| information_schema | -| pg_catalog | -| system | -+--------------------+ -(3 rows) -root@my-release-cockroachdb-public:26257> CREATE DATABASE bank; -CREATE DATABASE -root@my-release-cockroachdb-public:26257> CREATE TABLE bank.accounts (id INT -PRIMARY KEY, balance DECIMAL); -CREATE TABLE -root@my-release-cockroachdb-public:26257> INSERT INTO bank.accounts VALUES -(1234, 10000.50); -INSERT 1 -root@my-release-cockroachdb-public:26257> SELECT * FROM bank.accounts; -+------+---------+ -| id | balance | -+------+---------+ -| 1234 | 10000.5 | -+------+---------+ -(1 row) -root@my-release-cockroachdb-public:26257> \q -Waiting for pod default/cockroach-client to terminate, status is Running -pod "cockroach-client" deleted -``` - -> If you are running in secure mode, you will have to provide a client certificate to the cluster in order to authenticate, so the above command will not work. See [here](https://github.com/cockroachdb/cockroach/blob/master/cloud/kubernetes/client-secure.yaml) for an example of how to set up an interactive SQL shell against a secure cluster or [here](https://github.com/cockroachdb/cockroach/blob/master/cloud/kubernetes/example-app-secure.yaml) for an example application connecting to a secure cluster. - -### Cluster health - -Because our pod spec includes regular health checks of the CockroachDB processes, simply running `kubectl get pods` and looking at the `STATUS` column is sufficient to determine the health of each instance in the cluster. - -If you want more detailed information about the cluster, the best place to look is the Admin UI. - -### Accessing the Admin UI - -If you want to see information about how the cluster is doing, you can try pulling up the CockroachDB Admin UI by port-forwarding from your local machine to one of the pods (replacing `my-release-cockroachdb-0` with the name of one of your pods: - -```shell -kubectl port-forward my-release-cockroachdb-0 8080 -``` - -You should then be able to access the Admin UI by visiting in your web browser. - -### Failover - -If any CockroachDB member fails, it is restarted or recreated automatically by the Kubernetes infrastructure, and will re-join the cluster automatically when it comes back up. You can test this scenario by killing any of the CockroachDB pods: - -```shell -kubectl delete pod my-release-cockroachdb-1 -``` - -```shell -kubectl get pods -l "app.kubernetes.io/instance=my-release,app.kubernetes.io/component=cockroachdb" -``` - -``` -NAME READY STATUS RESTARTS AGE -my-release-cockroachdb-0 1/1 Running 0 5m -my-release-cockroachdb-2 1/1 Running 0 5m -``` - -After a while: - -```shell -kubectl get pods -l "app.kubernetes.io/instance=my-release,app.kubernetes.io/component=cockroachdb" -``` - -``` -NAME READY STATUS RESTARTS AGE -my-release-cockroachdb-0 1/1 Running 0 5m -my-release-cockroachdb-1 1/1 Running 0 20s -my-release-cockroachdb-2 1/1 Running 0 5m -``` - -You can check the state of re-joining from the new pod's logs: - -```shell -kubectl logs my-release-cockroachdb-1 -``` - -``` -[...] -I161028 19:32:09.754026 1 server/node.go:586 [n1] node connected via gossip and -verified as part of cluster {"35ecbc27-3f67-4e7d-9b8f-27c31aae17d6"} -[...] -cockroachdb-0.my-release-cockroachdb.default.svc.cluster.local:26257 -build: beta-20161027-55-gd2d3c7f @ 2016/10/28 19:27:25 (go1.7.3) -admin: http://0.0.0.0:8080 -sql: -postgresql://root@my-release-cockroachdb-1.my-release-cockroachdb.default.svc.cluster.local:26257?sslmode=disable -logs: cockroach-data/logs -store[0]: path=cockroach-data -status: restarted pre-existing node -clusterID: {35ecbc27-3f67-4e7d-9b8f-27c31aae17d6} -nodeID: 2 -[...] -``` - -### NetworkPolicy - -To enable NetworkPolicy for CockroachDB, install [a networking plugin that implements the Kubernetes NetworkPolicy spec](https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy#before-you-begin), and set `networkPolicy.enabled` to `yes`/`true`. - -For Kubernetes v1.5 & v1.6, you must also turn on NetworkPolicy by setting the `DefaultDeny` Namespace annotation. Note: this will enforce policy for _all_ pods in the Namespace: - -```shell -kubectl annotate namespace default "net.beta.kubernetes.io/network-policy={\"ingress\":{\"isolation\":\"DefaultDeny\"}}" -``` - -For more precise policy, set `networkPolicy.ingress.grpc` and `networkPolicy.ingress.http` rules. This will only allow pods that match the provided rules to connect to CockroachDB. - -### Scaling - -Scaling should be managed via the `helm upgrade` command. After resizing your cluster on your cloud environment (e.g., GKE or EKS), run the following command to add a pod. This assumes you scaled from 3 to 4 nodes: - -```shell -helm upgrade \ -my-release \ -cockroachdb/cockroachdb \ ---set statefulset.replicas=4 \ ---reuse-values -``` - -Note, that if you are running in secure mode (`tls.enabled` is `yes`/`true`) and increase the size of your cluster, you will also have to approve the CSR (certificate-signing request) of each new node (using `kubectl get csr` and `kubectl certificate approve`). - -[1]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#inter-pod-affinity-and-anti-affinity -[2]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-affinity -[3]: https://cert-manager.io/ -[4]: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass diff --git a/charts/cockroachdb/cockroachdb/4.1.200/app-readme.md b/charts/cockroachdb/cockroachdb/4.1.200/app-readme.md deleted file mode 100755 index 8fcc1fd6f..000000000 --- a/charts/cockroachdb/cockroachdb/4.1.200/app-readme.md +++ /dev/null @@ -1,9 +0,0 @@ -# CockroachDB Chart - -CockroachDB is a Distributed SQL database that runs natively in Kubernetes. It gives you resilient, horizontal scale across multiple clouds with always-on availability and data partitioned by location. - -CockroachDB scales horizontally without reconfiguration or need for a massive architectural overhaul. Simply add a new node to the cluster and CockroachDB takes care of the underlying complexity. - - - Scale by simply adding new nodes to a CockroachDB cluster - - Automate balancing and distribution of ranges, not shards - - Optimize server utilization evenly across all nodes diff --git a/charts/cockroachdb/cockroachdb/4.1.200/questions.yml b/charts/cockroachdb/cockroachdb/4.1.200/questions.yml deleted file mode 100755 index 729c1fd58..000000000 --- a/charts/cockroachdb/cockroachdb/4.1.200/questions.yml +++ /dev/null @@ -1,8 +0,0 @@ -questions: -- default: 100Gi - variable: Storage - description: "Size of volume for each CockroachDB Node/Pod" - group: Config - label: "Storage per Node/Pod" - required: true - type: string diff --git a/charts/cockroachdb/cockroachdb/4.1.200/templates/NOTES.txt b/charts/cockroachdb/cockroachdb/4.1.200/templates/NOTES.txt deleted file mode 100755 index 797d5292d..000000000 --- a/charts/cockroachdb/cockroachdb/4.1.200/templates/NOTES.txt +++ /dev/null @@ -1,50 +0,0 @@ -CockroachDB can be accessed via port {{ .Values.service.ports.grpc.external.port }} at the -following DNS name from within your cluster: - -{{ template "cockroachdb.fullname" . }}-public.{{ .Release.Namespace }}.svc.cluster.local - -Because CockroachDB supports the PostgreSQL wire protocol, you can connect to -the cluster using any available PostgreSQL client. - -{{- if not .Values.tls.enabled }} - -For example, you can open up a SQL shell to the cluster by running: - - kubectl run -it --rm cockroach-client \ - --image=cockroachdb/cockroach \ - --restart=Never \ - {{- if .Values.networkPolicy.enabled }} - --labels="{{ template "cockroachdb.fullname" . }}-client=true" \ - {{- end }} - --command -- \ - ./cockroach sql --insecure --host={{ template "cockroachdb.fullname" . }}-public.{{ .Release.Namespace }} - -From there, you can interact with the SQL shell as you would any other SQL -shell, confident that any data you write will be safe and available even if -parts of your cluster fail. -{{- else }} - -Note that because the cluster is running in secure mode, any client application -that you attempt to connect will either need to have a valid client certificate -or a valid username and password. -{{- end }} - -{{- if and (.Values.networkPolicy.enabled) (not (empty .Values.networkPolicy.ingress.grpc)) }} - -Note: Since NetworkPolicy is enabled, the only Pods allowed to connect to this -CockroachDB cluster are: - -1. Having the label: "{{ template "cockroachdb.fullname" . }}-client=true" - -2. Matching the following rules: {{- toYaml .Values.networkPolicy.ingress.grpc | nindent 0 }} -{{- end }} - -Finally, to open up the CockroachDB admin UI, you can port-forward from your -local machine into one of the instances in the cluster: - - kubectl port-forward {{ template "cockroachdb.fullname" . }}-0 {{ index .Values.conf `http-port` | int64 }} - -Then you can access the admin UI at http{{ if .Values.tls.enabled }}s{{ end }}://localhost:{{ index .Values.conf `http-port` | int64 }}/ in your web browser. - -For more information on using CockroachDB, please see the project's docs at: -https://www.cockroachlabs.com/docs/ diff --git a/charts/cockroachdb/cockroachdb/4.1.200/templates/_helpers.tpl b/charts/cockroachdb/cockroachdb/4.1.200/templates/_helpers.tpl deleted file mode 100755 index 5de031357..000000000 --- a/charts/cockroachdb/cockroachdb/4.1.200/templates/_helpers.tpl +++ /dev/null @@ -1,64 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "cockroachdb.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 56 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "cockroachdb.fullname" -}} -{{- if .Values.fullnameOverride -}} - {{- .Values.fullnameOverride | trunc 56 | trimSuffix "-" -}} -{{- else -}} - {{- $name := default .Chart.Name .Values.nameOverride -}} - {{- if contains $name .Release.Name -}} - {{- .Release.Name | trunc 56 | trimSuffix "-" -}} - {{- else -}} - {{- printf "%s-%s" .Release.Name $name | trunc 56 | trimSuffix "-" -}} - {{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "cockroachdb.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 56 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create the name of the ServiceAccount to use. -*/}} -{{- define "cockroachdb.tls.serviceAccount.name" -}} -{{- if .Values.tls.serviceAccount.create -}} - {{- default (include "cockroachdb.fullname" .) .Values.tls.serviceAccount.name -}} -{{- else -}} - {{- default "default" .Values.tls.serviceAccount.name -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for NetworkPolicy. -*/}} -{{- define "cockroachdb.networkPolicy.apiVersion" -}} -{{- if semverCompare ">=1.4-0, <=1.7-0" .Capabilities.KubeVersion.GitVersion -}} - {{- print "extensions/v1beta1" -}} -{{- else if semverCompare "^1.7-0" .Capabilities.KubeVersion.GitVersion -}} - {{- print "networking.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for StatefulSets -*/}} -{{- define "cockroachdb.statefulset.apiVersion" -}} -{{- if semverCompare "<1.12-0" .Capabilities.KubeVersion.GitVersion -}} - {{- print "apps/v1beta1" -}} -{{- else -}} - {{- print "apps/v1" -}} -{{- end -}} -{{- end -}} diff --git a/charts/cockroachdb/cockroachdb/4.1.200/templates/clusterrole.yaml b/charts/cockroachdb/cockroachdb/4.1.200/templates/clusterrole.yaml deleted file mode 100755 index 77f1ffea1..000000000 --- a/charts/cockroachdb/cockroachdb/4.1.200/templates/clusterrole.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if and .Values.tls.enabled (not .Values.tls.certs.provided) }} -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ template "cockroachdb.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: - helm.sh/chart: {{ template "cockroachdb.chart" . }} - app.kubernetes.io/name: {{ template "cockroachdb.name" . }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - {{- with .Values.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} -rules: - - apiGroups: ["certificates.k8s.io"] - resources: ["certificatesigningrequests"] - verbs: ["create", "get", "watch"] -{{- end }} \ No newline at end of file diff --git a/charts/cockroachdb/cockroachdb/4.1.200/templates/clusterrolebinding.yaml b/charts/cockroachdb/cockroachdb/4.1.200/templates/clusterrolebinding.yaml deleted file mode 100755 index 3222317ff..000000000 --- a/charts/cockroachdb/cockroachdb/4.1.200/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if and .Values.tls.enabled (not .Values.tls.certs.provided) }} -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ template "cockroachdb.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: - helm.sh/chart: {{ template "cockroachdb.chart" . }} - app.kubernetes.io/name: {{ template "cockroachdb.name" . }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - {{- with .Values.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "cockroachdb.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ template "cockroachdb.tls.serviceAccount.name" . }} - namespace: {{ .Release.Namespace | quote }} -{{- end }} \ No newline at end of file diff --git a/charts/cockroachdb/cockroachdb/4.1.200/templates/ingress.yaml b/charts/cockroachdb/cockroachdb/4.1.200/templates/ingress.yaml deleted file mode 100755 index a4e7389c9..000000000 --- a/charts/cockroachdb/cockroachdb/4.1.200/templates/ingress.yaml +++ /dev/null @@ -1,52 +0,0 @@ -{{- if .Values.ingress.enabled -}} -{{- $paths := .Values.ingress.paths -}} -{{- $ports := .Values.service.ports -}} -{{- $fullName := include "cockroachdb.fullname" . -}} -apiVersion: networking.k8s.io/v1beta1 -kind: Ingress -metadata: -{{- if .Values.ingress.annotations }} - annotations: - {{- range $key, $value := .Values.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -{{- end }} - name: {{ $fullName }}-ingress - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ template "cockroachdb.chart" . }} - app.kubernetes.io/name: {{ template "cockroachdb.name" . }} - app.kubernetes.io/instance: {{ $.Release.Name | quote }} - app.kubernetes.io/managed-by: {{ $.Release.Service | quote }} -{{- if .Values.ingress.labels }} -{{- toYaml .Values.ingress.labels | nindent 4 }} -{{- end }} -spec: - rules: - {{- if .Values.ingress.hosts }} - {{- range $host := .Values.ingress.hosts }} - - host: {{ $host }} - http: - paths: - {{- range $path := $paths }} - - path: {{ $path }} - backend: - serviceName: {{ $fullName }}-public - servicePort: {{ $ports.http.name | quote }} - {{- end -}} - {{- end -}} - {{- else }} - - http: - paths: - {{- range $path := $paths }} - - path: {{ $path }} - backend: - serviceName: {{ $fullName }}-public - servicePort: {{ $ports.http.name | quote }} - {{- end -}} - {{- end -}} - {{- if .Values.ingress.tls }} - tls: -{{- toYaml .Values.ingress.tls | nindent 4 }} - {{- end -}} -{{- end -}} \ No newline at end of file diff --git a/charts/cockroachdb/cockroachdb/4.1.200/templates/job.init.yaml b/charts/cockroachdb/cockroachdb/4.1.200/templates/job.init.yaml deleted file mode 100755 index e0901f88d..000000000 --- a/charts/cockroachdb/cockroachdb/4.1.200/templates/job.init.yaml +++ /dev/null @@ -1,157 +0,0 @@ -{{- if not (index .Values.conf `single-node`) }} -kind: Job -apiVersion: batch/v1 -metadata: - name: {{ template "cockroachdb.fullname" . }}-init - namespace: {{ .Release.Namespace | quote }} - labels: - helm.sh/chart: {{ template "cockroachdb.chart" . }} - app.kubernetes.io/name: {{ template "cockroachdb.name" . }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - {{- with .Values.init.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- with .Values.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - template: - metadata: - labels: - app.kubernetes.io/name: {{ template "cockroachdb.name" . }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - {{- with .Values.init.labels }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.init.annotations }} - annotations: {{- toYaml . | nindent 8 }} - {{- end }} - spec: - restartPolicy: OnFailure - terminationGracePeriodSeconds: 0 - {{- if or .Values.image.credentials (and .Values.tls.enabled .Values.tls.init.image.credentials (not .Values.tls.certs.provided)) }} - imagePullSecrets: - {{- if .Values.image.credentials }} - - name: {{ template "cockroachdb.fullname" . }}.db.registry - {{- end }} - {{- if and .Values.tls.enabled .Values.tls.init.image.credentials (not .Values.tls.certs.provided) }} - - name: {{ template "cockroachdb.fullname" . }}.init-certs.registry - {{- end }} - {{- end }} - {{- if and .Values.tls.enabled (not .Values.tls.certs.provided)}} - serviceAccountName: {{ template "cockroachdb.tls.serviceAccount.name" . }} - initContainers: - # The init-certs container sends a CSR (certificate signing request) to - # the Kubernetes cluster. - # You can see pending requests using: - # kubectl get csr - # CSRs can be approved using: - # kubectl certificate approve - # - # In addition to the Node certificate and key, the init-certs entrypoint - # will symlink the cluster CA to the certs directory. - - name: init-certs - image: "{{ .Values.tls.init.image.repository }}:{{ .Values.tls.init.image.tag }}" - imagePullPolicy: {{ .Values.tls.init.image.pullPolicy | quote }} - command: - - /bin/ash - - -ecx - - >- - /request-cert - -namespace=${POD_NAMESPACE} - -certs-dir=/cockroach-certs/ - -symlink-ca-from=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt - -type=client - -user=root - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - volumeMounts: - - name: client-certs - mountPath: /cockroach-certs/ - {{- end }} - {{- with .Values.init.affinity }} - affinity: {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.init.nodeSelector }} - nodeSelector: {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.init.tolerations }} - tolerations: {{- toYaml . | nindent 8 }} - {{- end }} - containers: - - name: cluster-init - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - # Run the command in an `while true` loop because this Job is bound - # to come up before the CockroachDB Pods (due to the time needed to - # get PersistentVolumes attached to Nodes), and sleeping 5 seconds - # between attempts is much better than letting the Pod fail when - # the init command does and waiting out Kubernetes' non-configurable - # exponential back-off for Pod restarts. - # Command completes either when cluster initialization succeeds, - # or when cluster has been initialized already. - command: - - /bin/bash - - -c - - >- - while true; do - initOUT=$(set -x; - /cockroach/cockroach init - {{- if .Values.tls.enabled }} - --certs-dir=/cockroach-certs/ - {{- else }} - --insecure - {{- end }} - {{- with index .Values.conf "cluster-name" }} - --cluster-name={{.}} - {{- end }} - --host={{ template "cockroachdb.fullname" . }}-0.{{ template "cockroachdb.fullname" . -}} - :{{ .Values.service.ports.grpc.internal.port | int64 }} - 2>&1); - initRC="$?"; - echo $initOUT; - [[ "$initRC" == "0" ]] && exit 0; - [[ "$initOUT" == *"cluster has already been initialized"* ]] && exit 0; - sleep 5; - done - {{- if .Values.tls.enabled }} - volumeMounts: - - name: client-certs - mountPath: /cockroach-certs/ - {{- end }} - {{- with .Values.init.resources }} - resources: {{- toYaml . | nindent 12 }} - {{- end }} - {{- if .Values.tls.enabled }} - volumes: - - name: client-certs - {{- if .Values.tls.certs.provided }} - {{- if .Values.tls.certs.tlsSecret }} - projected: - sources: - - secret: - name: {{ .Values.tls.certs.clientRootSecret }} - items: - - key: ca.crt - path: ca.crt - mode: 0400 - - key: tls.crt - path: client.root.crt - mode: 0400 - - key: tls.key - path: client.root.key - mode: 0400 - {{- else }} - secret: - secretName: {{ .Values.tls.certs.clientRootSecret }} - defaultMode: 0400 - {{- end }} - {{- else }} - emptyDir: {} - {{- end }} - {{- end }} -{{- end }} diff --git a/charts/cockroachdb/cockroachdb/4.1.200/templates/networkpolicy.yaml b/charts/cockroachdb/cockroachdb/4.1.200/templates/networkpolicy.yaml deleted file mode 100755 index 1739c45e5..000000000 --- a/charts/cockroachdb/cockroachdb/4.1.200/templates/networkpolicy.yaml +++ /dev/null @@ -1,59 +0,0 @@ -{{- if .Values.networkPolicy.enabled }} -kind: NetworkPolicy -apiVersion: {{ template "cockroachdb.networkPolicy.apiVersion" . }} -metadata: - name: {{ template "cockroachdb.tls.serviceAccount.name" . }} - namespace: {{ .Release.Namespace | quote }} - labels: - helm.sh/chart: {{ template "cockroachdb.chart" . }} - app.kubernetes.io/name: {{ template "cockroachdb.name" . }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - {{- with .Values.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - podSelector: - matchLabels: - app.kubernetes.io/name: {{ template "cockroachdb.name" . }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - {{- with .Values.statefulset.labels }} - {{- toYaml . | nindent 6 }} - {{- end }} - ingress: - - ports: - - port: grpc - {{- with .Values.networkPolicy.ingress.grpc }} - from: - # Allow connections via custom rules. - {{- toYaml . | nindent 8 }} - # Allow client connection via pre-considered label. - - podSelector: - matchLabels: - {{ template "cockroachdb.fullname" . }}-client: "true" - # Allow other CockroachDBs to connect to form a cluster. - - podSelector: - matchLabels: - app.kubernetes.io/name: {{ template "cockroachdb.name" . }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - {{- with .Values.statefulset.labels }} - {{- toYaml . | nindent 14 }} - {{- end }} - {{- if gt (.Values.statefulset.replicas | int64) 1 }} - # Allow init Job to connect to bootstrap a cluster. - - podSelector: - matchLabels: - app.kubernetes.io/name: {{ template "cockroachdb.name" . }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - {{- with .Values.init.labels }} - {{- toYaml . | nindent 14 }} - {{- end }} - {{- end }} - {{- end }} - # Allow connections to admin UI and for Prometheus. - - ports: - - port: http - {{- with .Values.networkPolicy.ingress.http }} - from: {{- toYaml . | nindent 8 }} - {{- end }} -{{- end }} diff --git a/charts/cockroachdb/cockroachdb/4.1.200/templates/poddisruptionbudget.yaml b/charts/cockroachdb/cockroachdb/4.1.200/templates/poddisruptionbudget.yaml deleted file mode 100755 index e49431f89..000000000 --- a/charts/cockroachdb/cockroachdb/4.1.200/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,22 +0,0 @@ -kind: PodDisruptionBudget -apiVersion: policy/v1beta1 -metadata: - name: {{ template "cockroachdb.fullname" . }}-budget - namespace: {{ .Release.Namespace | quote }} - labels: - helm.sh/chart: {{ template "cockroachdb.chart" . }} - app.kubernetes.io/name: {{ template "cockroachdb.name" . }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - {{- with .Values.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: {{ template "cockroachdb.name" . }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - {{- with .Values.statefulset.labels }} - {{- toYaml . | nindent 6 }} - {{- end }} - maxUnavailable: {{ .Values.statefulset.budget.maxUnavailable | int64 }} diff --git a/charts/cockroachdb/cockroachdb/4.1.200/templates/role.yaml b/charts/cockroachdb/cockroachdb/4.1.200/templates/role.yaml deleted file mode 100755 index 62a044ddc..000000000 --- a/charts/cockroachdb/cockroachdb/4.1.200/templates/role.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.tls.enabled }} -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ template "cockroachdb.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: - helm.sh/chart: {{ template "cockroachdb.chart" . }} - app.kubernetes.io/name: {{ template "cockroachdb.name" . }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - {{- with .Values.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} -rules: - - apiGroups: [""] - resources: ["secrets"] - {{- if .Values.tls.certs.provided }} - verbs: ["get"] - {{- else }} - verbs: ["create", "get"] - {{- end }} -{{- end }} diff --git a/charts/cockroachdb/cockroachdb/4.1.200/templates/rolebinding.yaml b/charts/cockroachdb/cockroachdb/4.1.200/templates/rolebinding.yaml deleted file mode 100755 index c65441b42..000000000 --- a/charts/cockroachdb/cockroachdb/4.1.200/templates/rolebinding.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.tls.enabled }} -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ template "cockroachdb.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: - helm.sh/chart: {{ template "cockroachdb.chart" . }} - app.kubernetes.io/name: {{ template "cockroachdb.name" . }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - {{- with .Values.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "cockroachdb.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ template "cockroachdb.tls.serviceAccount.name" . }} - namespace: {{ .Release.Namespace | quote }} -{{- end }} diff --git a/charts/cockroachdb/cockroachdb/4.1.200/templates/secret.registry.yaml b/charts/cockroachdb/cockroachdb/4.1.200/templates/secret.registry.yaml deleted file mode 100755 index 3dc34f386..000000000 --- a/charts/cockroachdb/cockroachdb/4.1.200/templates/secret.registry.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- range $name, $cred := dict "db" (.Values.image.credentials) "init-certs" (.Values.tls.init.image.credentials) }} -{{- if not (empty $cred) }} -{{- if or (and (eq $name "init-certs") $.Values.tls.enabled) (ne $name "init-certs") }} ---- -kind: Secret -apiVersion: v1 -metadata: - name: {{ template "cockroachdb.fullname" $ }}.{{ $name }}.registry - namespace: {{ $.Release.Namespace | quote }} - labels: - helm.sh/chart: {{ template "cockroachdb.chart" $ }} - app.kubernetes.io/name: {{ template "cockroachdb.name" $ }} - app.kubernetes.io/instance: {{ $.Release.Name | quote }} - app.kubernetes.io/managed-by: {{ $.Release.Service | quote }} - {{- with $.Values.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} -type: kubernetes.io/dockerconfigjson -data: - .dockerconfigjson: {{ printf `{"auths":{%s:{"auth":"%s"}}}` ($cred.registry | quote) (printf "%s:%s" $cred.username $cred.password | b64enc) | b64enc | quote }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/cockroachdb/cockroachdb/4.1.200/templates/service.discovery.yaml b/charts/cockroachdb/cockroachdb/4.1.200/templates/service.discovery.yaml deleted file mode 100755 index 3b7f5d0e7..000000000 --- a/charts/cockroachdb/cockroachdb/4.1.200/templates/service.discovery.yaml +++ /dev/null @@ -1,62 +0,0 @@ -# This service only exists to create DNS entries for each pod in -# the StatefulSet such that they can resolve each other's IP addresses. -# It does not create a load-balanced ClusterIP and should not be used directly -# by clients in most circumstances. -kind: Service -apiVersion: v1 -metadata: - name: {{ template "cockroachdb.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: - helm.sh/chart: {{ template "cockroachdb.chart" . }} - app.kubernetes.io/name: {{ template "cockroachdb.name" . }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - {{- with .Values.service.discovery.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- with .Values.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - annotations: - # Use this annotation in addition to the actual field below because the - # annotation will stop being respected soon, but the field is broken in - # some versions of Kubernetes: - # https://github.com/kubernetes/kubernetes/issues/58662 - service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" - # Enable automatic monitoring of all instances when Prometheus is running - # in the cluster. - prometheus.io/scrape: "true" - prometheus.io/path: _status/vars - prometheus.io/port: {{ .Values.service.ports.http.port | quote }} - {{- with .Values.service.discovery.annotations }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - clusterIP: None - # We want all Pods in the StatefulSet to have their addresses published for - # the sake of the other CockroachDB Pods even before they're ready, since they - # have to be able to talk to each other in order to become ready. - publishNotReadyAddresses: true - ports: - {{- $ports := .Values.service.ports }} - # The main port, served by gRPC, serves Postgres-flavor SQL, inter-node - # traffic and the CLI. - - name: {{ $ports.grpc.external.name | quote }} - port: {{ $ports.grpc.external.port | int64 }} - targetPort: grpc - {{- if ne ($ports.grpc.internal.port | int64) ($ports.grpc.external.port | int64) }} - - name: {{ $ports.grpc.internal.name | quote }} - port: {{ $ports.grpc.internal.port | int64 }} - targetPort: grpc - {{- end }} - # The secondary port serves the UI as well as health and debug endpoints. - - name: {{ $ports.http.name | quote }} - port: {{ $ports.http.port | int64 }} - targetPort: http - selector: - app.kubernetes.io/name: {{ template "cockroachdb.name" . }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - {{- with .Values.statefulset.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} diff --git a/charts/cockroachdb/cockroachdb/4.1.200/templates/service.public.yaml b/charts/cockroachdb/cockroachdb/4.1.200/templates/service.public.yaml deleted file mode 100755 index 529b89d83..000000000 --- a/charts/cockroachdb/cockroachdb/4.1.200/templates/service.public.yaml +++ /dev/null @@ -1,46 +0,0 @@ -# This Service is meant to be used by clients of the database. -# It exposes a ClusterIP that will automatically load balance connections -# to the different database Pods. -kind: Service -apiVersion: v1 -metadata: - name: {{ template "cockroachdb.fullname" . }}-public - namespace: {{ .Release.Namespace | quote }} - labels: - helm.sh/chart: {{ template "cockroachdb.chart" . }} - app.kubernetes.io/name: {{ template "cockroachdb.name" . }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - {{- with .Values.service.public.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- with .Values.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} -{{- with .Values.service.public.annotations }} - annotations: {{- toYaml . | nindent 4 }} -{{- end }} -spec: - type: {{ .Values.service.public.type | quote }} - ports: - {{- $ports := .Values.service.ports }} - # The main port, served by gRPC, serves Postgres-flavor SQL, inter-node - # traffic and the CLI. - - name: {{ $ports.grpc.external.name | quote }} - port: {{ $ports.grpc.external.port | int64 }} - targetPort: grpc - {{- if ne ($ports.grpc.internal.port | int64) ($ports.grpc.external.port | int64) }} - - name: {{ $ports.grpc.internal.name | quote }} - port: {{ $ports.grpc.internal.port | int64 }} - targetPort: grpc - {{- end }} - # The secondary port serves the UI as well as health and debug endpoints. - - name: {{ $ports.http.name | quote }} - port: {{ $ports.http.port | int64 }} - targetPort: http - selector: - app.kubernetes.io/name: {{ template "cockroachdb.name" . }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - {{- with .Values.statefulset.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} diff --git a/charts/cockroachdb/cockroachdb/4.1.200/templates/serviceaccount.yaml b/charts/cockroachdb/cockroachdb/4.1.200/templates/serviceaccount.yaml deleted file mode 100755 index 45c3fe09c..000000000 --- a/charts/cockroachdb/cockroachdb/4.1.200/templates/serviceaccount.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if and .Values.tls.enabled .Values.tls.serviceAccount.create }} -kind: ServiceAccount -apiVersion: v1 -metadata: - name: {{ template "cockroachdb.tls.serviceAccount.name" . }} - namespace: {{ .Release.Namespace | quote }} - labels: - helm.sh/chart: {{ template "cockroachdb.chart" . }} - app.kubernetes.io/name: {{ template "cockroachdb.name" . }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - {{- with .Values.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} diff --git a/charts/cockroachdb/cockroachdb/4.1.200/templates/statefulset.yaml b/charts/cockroachdb/cockroachdb/4.1.200/templates/statefulset.yaml deleted file mode 100755 index adb116788..000000000 --- a/charts/cockroachdb/cockroachdb/4.1.200/templates/statefulset.yaml +++ /dev/null @@ -1,334 +0,0 @@ -kind: StatefulSet -apiVersion: {{ template "cockroachdb.statefulset.apiVersion" . }} -metadata: - name: {{ template "cockroachdb.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: - helm.sh/chart: {{ template "cockroachdb.chart" . }} - app.kubernetes.io/name: {{ template "cockroachdb.name" . }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - {{- with .Values.statefulset.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- with .Values.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - serviceName: {{ template "cockroachdb.fullname" . }} - replicas: {{ .Values.statefulset.replicas | int64 }} - updateStrategy: {{- toYaml .Values.statefulset.updateStrategy | nindent 4 }} - podManagementPolicy: {{ .Values.statefulset.podManagementPolicy | quote }} - selector: - matchLabels: - app.kubernetes.io/name: {{ template "cockroachdb.name" . }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - {{- with .Values.statefulset.labels }} - {{- toYaml . | nindent 6 }} - {{- end }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ template "cockroachdb.name" . }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - {{- with .Values.statefulset.labels }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.labels }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.statefulset.annotations }} - annotations: {{- toYaml . | nindent 8 }} - {{- end }} - spec: - {{- if or .Values.image.credentials (and .Values.tls.enabled .Values.tls.init.image.credentials (not .Values.tls.certs.provided)) }} - imagePullSecrets: - {{- if .Values.image.credentials }} - - name: {{ template "cockroachdb.fullname" . }}.db.registry - {{- end }} - {{- if and .Values.tls.enabled .Values.tls.init.image.credentials (not .Values.tls.certs.provided) }} - - name: {{ template "cockroachdb.fullname" . }}.init-certs.registry - {{- end }} - {{- end }} - {{- if .Values.tls.enabled }} - serviceAccountName: {{ template "cockroachdb.tls.serviceAccount.name" . }} - {{- if not .Values.tls.certs.provided }} - initContainers: - # The init-certs container sends a CSR (certificate signing request) to - # the Kubernetes cluster. - # You can see pending requests using: - # kubectl get csr - # CSRs can be approved using: - # kubectl certificate approve - # - # All addresses used to contact a Node must be specified in the - # `--addresses` arg. - # - # In addition to the Node certificate and key, the init-certs entrypoint - # will symlink the cluster CA to the certs directory. - - name: init-certs - image: "{{ .Values.tls.init.image.repository }}:{{ .Values.tls.init.image.tag }}" - imagePullPolicy: {{ .Values.tls.init.image.pullPolicy | quote }} - command: - - /bin/ash - - -ecx - - >- - /request-cert - -namespace=${POD_NAMESPACE} - -certs-dir=/cockroach-certs/ - -symlink-ca-from=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt - -type=node - -addresses=localhost,127.0.0.1,$(hostname -f),$(hostname -f|cut -f 1-2 -d '.'),{{ template "cockroachdb.fullname" . }}-public,{{ template "cockroachdb.fullname" . }}-public.$(hostname -f|cut -f 3- -d '.') - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - volumeMounts: - - name: certs - mountPath: /cockroach-certs/ - {{- end }} - {{- end }} - {{- if or .Values.statefulset.nodeAffinity .Values.statefulset.podAffinity .Values.statefulset.podAntiAffinity }} - affinity: - {{- with .Values.statefulset.nodeAffinity }} - nodeAffinity: {{- toYaml . | nindent 10 }} - {{- end }} - {{- with .Values.statefulset.podAffinity }} - podAffinity: {{- toYaml . | nindent 10 }} - {{- end }} - {{- if .Values.statefulset.podAntiAffinity }} - podAntiAffinity: - {{- if .Values.statefulset.podAntiAffinity.type }} - {{- if eq .Values.statefulset.podAntiAffinity.type "hard" }} - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app.kubernetes.io/name: {{ template "cockroachdb.name" . }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - {{- with .Values.statefulset.labels }} - {{- toYaml . | nindent 18 }} - {{- end }} - {{- else if eq .Values.statefulset.podAntiAffinity.type "soft" }} - preferredDuringSchedulingIgnoredDuringExecution: - - weight: {{ .Values.statefulset.podAntiAffinity.weight | int64 }} - podAffinityTerm: - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - app.kubernetes.io/name: {{ template "cockroachdb.name" . }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - {{- with .Values.statefulset.labels }} - {{- toYaml . | nindent 20 }} - {{- end }} - {{- end }} - {{- else }} - {{- toYaml .Values.statefulset.podAntiAffinity | nindent 10 }} - {{- end }} - {{- end }} - {{- end }} - {{- with .Values.statefulset.nodeSelector }} - nodeSelector: {{- toYaml . | nindent 8 }} - {{- end }} - {{- if .Values.statefulset.priorityClassName }} - priorityClassName: {{ .Values.statefulset.priorityClassName }} - {{- end }} - {{- with .Values.statefulset.tolerations }} - tolerations: {{- toYaml . | nindent 8 }} - {{- end }} - # No pre-stop hook is required, a SIGTERM plus some time is all that's - # needed for graceful shutdown of a node. - terminationGracePeriodSeconds: 60 - containers: - - name: db - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - args: - - shell - - -ecx - # The use of qualified `hostname -f` is crucial: - # Other nodes aren't able to look up the unqualified hostname. - # - # `--join` CLI flag is hardcoded to exactly 3 Pods, because: - # 1. Having `--join` value depending on `statefulset.replicas` - # will trigger undesired restart of existing Pods when - # StatefulSet is scaled up/down. We want to scale without - # restarting existing Pods. - # 2. At least one Pod in `--join` is enough to successfully - # join CockroachDB cluster and gossip with all other existing - # Pods, even if there are 3 or more Pods. - # 3. It's harmless for `--join` to have 3 Pods even for 1-Pod - # clusters, while it gives us opportunity to scale up even if - # some Pods of existing cluster are down (for whatever reason). - # See details explained here: - # https://github.com/helm/charts/pull/18993#issuecomment-558795102 - - >- - exec /cockroach/cockroach - {{- if index .Values.conf `single-node` }} - start-single-node - {{- else }} - start --join= - {{- if .Values.conf.join }} - {{- join `,` .Values.conf.join -}} - {{- else }} - {{- range $i, $_ := until 3 -}} - {{- if gt $i 0 -}},{{- end -}} - ${STATEFULSET_NAME}-{{ $i }}.${STATEFULSET_FQDN}:{{ $.Values.service.ports.grpc.internal.port | int64 -}} - {{- end -}} - {{- end }} - --advertise-host=$(hostname).${STATEFULSET_FQDN} - {{- with index .Values.conf `cluster-name` }} - --cluster-name={{ . }} - {{- if index $.Values.conf `disable-cluster-name-verification` }} - --disable-cluster-name-verification - {{- end }} - {{- end }} - {{- end }} - --logtostderr={{ .Values.conf.logtostderr }} - {{- if .Values.tls.enabled }} - --certs-dir=/cockroach/cockroach-certs/ - {{- else }} - --insecure - {{- end }} - {{- with .Values.conf.attrs }} - --attrs={{ join `:` . }} - {{- end }} - --http-port={{ index .Values.conf `http-port` | int64 }} - --port={{ .Values.conf.port | int64 }} - --cache={{ .Values.conf.cache }} - --max-disk-temp-storage={{ index .Values.conf `max-disk-temp-storage` }} - --max-offset={{ index .Values.conf `max-offset` }} - --max-sql-memory={{ index .Values.conf `max-sql-memory` }} - {{- with .Values.conf.locality }} - --locality={{ . }} - {{- end }} - {{- with index .Values.conf `sql-audit-dir` }} - --sql-audit-dir={{ . }} - {{- end }} - {{- range .Values.statefulset.args }} - {{ . }} - {{- end }} - env: - - name: STATEFULSET_NAME - value: {{ template "cockroachdb.fullname" . }} - - name: STATEFULSET_FQDN - value: {{ template "cockroachdb.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} - - name: COCKROACH_CHANNEL - value: kubernetes-helm - {{- with .Values.statefulset.env }} - {{- toYaml . | nindent 12 }} - {{- end }} - ports: - - name: grpc - containerPort: {{ .Values.conf.port | int64 }} - protocol: TCP - - name: http - containerPort: {{ index .Values.conf `http-port` | int64 }} - protocol: TCP - volumeMounts: - - name: datadir - mountPath: /cockroach/cockroach-data/ - {{- if .Values.tls.enabled }} - - name: certs - mountPath: /cockroach/cockroach-certs/ - {{- end }} - {{- range .Values.statefulset.secretMounts }} - - name: {{ printf "secret-%s" . | quote }} - mountPath: {{ printf "/etc/cockroach/secrets/%s" . | quote }} - readOnly: true - {{- end }} - livenessProbe: - httpGet: - path: /health - port: http - {{- if .Values.tls.enabled }} - scheme: HTTPS - {{- end }} - initialDelaySeconds: 30 - periodSeconds: 5 - readinessProbe: - httpGet: - path: /health?ready=1 - port: http - {{- if .Values.tls.enabled }} - scheme: HTTPS - {{- end }} - initialDelaySeconds: 10 - periodSeconds: 5 - failureThreshold: 2 - {{- with .Values.statefulset.resources }} - resources: {{- toYaml . | nindent 12 }} - {{- end }} - volumes: - - name: datadir - {{- if .Values.storage.persistentVolume.enabled }} - persistentVolumeClaim: - claimName: datadir - {{- else if .Values.storage.hostPath }} - hostPath: - path: {{ .Values.storage.hostPath | quote }} - {{- else }} - emptyDir: {} - {{- end }} - {{- if .Values.tls.enabled }} - - name: certs - {{- if .Values.tls.certs.provided }} - {{- if .Values.tls.certs.tlsSecret }} - projected: - sources: - - secret: - name: {{ .Values.tls.certs.nodeSecret }} - items: - - key: ca.crt - path: ca.crt - mode: 0400 - - key: tls.crt - path: node.crt - mode: 0400 - - key: tls.key - path: node.key - mode: 0400 - {{- else }} - secret: - secretName: {{ .Values.tls.certs.nodeSecret }} - defaultMode: 0400 - {{- end }} - {{- else }} - emptyDir: {} - {{- end }} - {{- end }} - {{- range .Values.statefulset.secretMounts }} - - name: {{ printf "secret-%s" . | quote }} - secret: - secretName: {{ . | quote }} - {{- end }} -{{- if .Values.storage.persistentVolume.enabled }} - volumeClaimTemplates: - - metadata: - name: datadir - labels: - app.kubernetes.io/name: {{ template "cockroachdb.name" . }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - {{- with .Values.storage.persistentVolume.labels }} - {{- toYaml . | nindent 10 }} - {{- end }} - {{- with .Values.labels }} - {{- toYaml . | nindent 10 }} - {{- end }} - {{- with .Values.storage.persistentVolume.annotations }} - annotations: {{- toYaml . | nindent 10 }} - {{- end }} - spec: - accessModes: ["ReadWriteOnce"] - {{- if .Values.storage.persistentVolume.storageClass }} - {{- if (eq "-" .Values.storage.persistentVolume.storageClass) }} - storageClassName: "" - {{- else }} - storageClassName: {{ .Values.storage.persistentVolume.storageClass | quote}} - {{- end }} - {{- end }} - resources: - requests: - storage: {{ .Values.storage.persistentVolume.size | quote }} -{{- end }} diff --git a/charts/cockroachdb/cockroachdb/4.1.200/templates/tests/client.yaml b/charts/cockroachdb/cockroachdb/4.1.200/templates/tests/client.yaml deleted file mode 100755 index 8c8f96be7..000000000 --- a/charts/cockroachdb/cockroachdb/4.1.200/templates/tests/client.yaml +++ /dev/null @@ -1,65 +0,0 @@ -kind: Pod -apiVersion: v1 -metadata: - name: {{ template "cockroachdb.fullname" . }}-test - namespace: {{ .Release.Namespace | quote }} -{{- if .Values.networkPolicy.enabled }} - labels: - {{ template "cockroachdb.fullname" . }}-client: "true" -{{- end }} - annotations: - helm.sh/hook: test-success -spec: - restartPolicy: Never -{{- if .Values.image.credentials }} - imagePullSecrets: - - name: {{ template "cockroachdb.fullname" . }}.db.registry -{{- end }} - {{- if .Values.tls.certs.provided }} - volumes: - - name: client-certs - {{- if .Values.tls.certs.tlsSecret }} - projected: - sources: - - secret: - name: {{ .Values.tls.certs.clientRootSecret }} - items: - - key: ca.crt - path: ca.crt - mode: 0400 - - key: tls.crt - path: client.root.crt - mode: 0400 - - key: tls.key - path: client.root.key - mode: 0400 - {{- else }} - secret: - secretName: {{ .Values.tls.certs.clientRootSecret }} - defaultMode: 0400 - {{- end }} - {{- end }} - containers: - - name: client-test - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if .Values.tls.certs.provided }} - volumeMounts: - - name: client-certs - mountPath: /cockroach-certs - {{- end }} - command: - - /cockroach/cockroach - - sql - {{- if .Values.tls.certs.provided }} - - --certs-dir - - /cockroach-certs - {{- else }} - - --insecure - {{- end}} - - --host - - {{ template "cockroachdb.fullname" . }}-public.{{ .Release.Namespace }} - - --port - - {{ .Values.service.ports.grpc.external.port | quote }} - - -e - - SHOW DATABASES; diff --git a/charts/cockroachdb/cockroachdb/4.1.200/values.yaml b/charts/cockroachdb/cockroachdb/4.1.200/values.yaml deleted file mode 100755 index 0ed532d7e..000000000 --- a/charts/cockroachdb/cockroachdb/4.1.200/values.yaml +++ /dev/null @@ -1,382 +0,0 @@ -image: - repository: cockroachdb/cockroach - tag: v20.1.3 - pullPolicy: IfNotPresent - credentials: {} - # registry: docker.io - # username: john_doe - # password: changeme - - -# Additional labels to apply to all Kubernetes resources created by this chart. -labels: {} - # app.kubernetes.io/part-of: my-app - - -# Cluster's default DNS domain. -# You should overwrite it if you're using a different one, -# otherwise CockroachDB nodes discovery won't work. -clusterDomain: cluster.local - - -conf: - # An ordered list of CockroachDB node attributes. - # Attributes are arbitrary strings specifying machine capabilities. - # Machine capabilities might include specialized hardware or number of cores - # (e.g. "gpu", "x16c"). - attrs: [] - # - x16c - # - gpu - - # Total size in bytes for caches, shared evenly if there are multiple - # storage devices. Size suffixes are supported (e.g. `1GB` and `1GiB`). - # A percentage of physical memory can also be specified (e.g. `.25`). - cache: 25% - - # Sets a name to verify the identity of a cluster. - # The value must match between all nodes specified via `conf.join`. - # This can be used as an additional verification when either the node or - # cluster, or both, have not yet been initialized and do not yet know their - # cluster ID. - # To introduce a cluster name into an already-initialized cluster, pair this - # option with `conf.disable-cluster-name-verification: yes`. - cluster-name: "" - - # Tell the server to ignore `conf.cluster-name` mismatches. - # This is meant for use when opting an existing cluster into starting to use - # cluster name verification, or when changing the cluster name. - # The cluster should be restarted once with `conf.cluster-name` and - # `conf.disable-cluster-name-verification: yes` combined, and once all nodes - # have been updated to know the new cluster name, the cluster can be restarted - # again with `conf.disable-cluster-name-verification: no`. - # This option has no effect if `conf.cluster-name` is not specified. - disable-cluster-name-verification: false - - # The addresses for connecting a CockroachDB nodes to an existing cluster. - # If you are deploying a second CockroachDB instance that should join a first - # one, use the below list to join to the existing instance. - # Each item in the array should be a FQDN (and port if needed) resolvable by - # new Pods. - join: [] - - # Logs at or above this threshold to STDERR. - logtostderr: INFO - - # Maximum storage capacity available to store temporary disk-based data for - # SQL queries that exceed the memory budget (e.g. join, sorts, etc are - # sometimes able to spill intermediate results to disk). - # Accepts numbers interpreted as bytes, size suffixes (e.g. `32GB` and - # `32GiB`) or a percentage of disk size (e.g. `10%`). - # The location of the temporary files is within the first store dir. - # If expressed as a percentage, `max-disk-temp-storage` is interpreted - # relative to the size of the storage device on which the first store is - # placed. The temp space usage is never counted towards any store usage - # (although it does share the device with the first store) so, when - # configuring this, make sure that the size of this temp storage plus the size - # of the first store don't exceed the capacity of the storage device. - # If the first store is an in-memory one (i.e. `type=mem`), then this - # temporary "disk" data is also kept in-memory. - # A percentage value is interpreted as a percentage of the available internal - # memory. - max-disk-temp-storage: 0 - - # Maximum allowed clock offset for the cluster. If observed clock offsets - # exceed this limit, servers will crash to minimize the likelihood of - # reading inconsistent data. Increasing this value will increase the time - # to recovery of failures as well as the frequency of uncertainty-based - # read restarts. - # Note, that this value must be the same on all nodes in the cluster. - # In order to change it, all nodes in the cluster must be stopped - # simultaneously and restarted with the new value. - max-offset: 500ms - - # Maximum memory capacity available to store temporary data for SQL clients, - # including prepared queries and intermediate data rows during query - # execution. Accepts numbers interpreted as bytes, size suffixes - # (e.g. `1GB` and `1GiB`) or a percentage of physical memory (e.g. `.25`). - max-sql-memory: 25% - - # An ordered, comma-separated list of key-value pairs that describe the - # topography of the machine. Topography might include country, datacenter - # or rack designations. Data is automatically replicated to maximize - # diversities of each tier. The order of tiers is used to determine - # the priority of the diversity, so the more inclusive localities like - # country should come before less inclusive localities like datacenter. - # The tiers and order must be the same on all nodes. Including more tiers - # is better than including fewer. For example: - # locality: country=us,region=us-west,datacenter=us-west-1b,rack=12 - # locality: country=ca,region=ca-east,datacenter=ca-east-2,rack=4 - # locality: planet=earth,province=manitoba,colo=secondary,power=3 - locality: "" - - # Run CockroachDB instances in standalone mode with replication disabled - # (replication factor = 1). - # Enabling this option makes the following values to be ignored: - # - `conf.cluster-name` - # - `conf.disable-cluster-name-verification` - # - `conf.join` - # - # WARNING: Enabling this option makes each deployed Pod as a STANDALONE - # CockroachDB instance, so the StatefulSet does NOT FORM A CLUSTER. - # Don't use this option for production deployments unless you clearly - # understand what you're doing. - # Usually, this option is intended to be used in conjunction with - # `statefulset.replicas: 1` for temporary one-time deployments (like - # running E2E tests, for example). - single-node: false - - # If non-empty, create a SQL audit log in the specified directory. - sql-audit-dir: "" - - # CockroachDB's port to listen to inter-communications and client connections. - port: 26257 - - # CockroachDB's port to listen to HTTP requests. - http-port: 8080 - - -statefulset: - replicas: 3 - updateStrategy: - type: RollingUpdate - podManagementPolicy: Parallel - budget: - maxUnavailable: 1 - - # List of additional command-line arguments you want to pass to the - # `cockroach start` command. - args: [] - # - --disable-cluster-name-verification - - # List of extra environment variables to pass into container - env: [] - # - name: COCKROACH_ENGINE_MAX_SYNC_DURATION - # value: "24h" - - # List of Secrets names in the same Namespace as the CockroachDB cluster, - # which shall be mounted into `/etc/cockroach/secrets/` for every cluster - # member. - secretMounts: [] - - # Additional labels to apply to this StatefulSet and all its Pods. - labels: - app.kubernetes.io/component: cockroachdb - - # Additional annotations to apply to the Pods of this StatefulSet. - annotations: {} - - # Affinity rules for scheduling Pods of this StatefulSet on Nodes. - # https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-affinity - nodeAffinity: {} - # Inter-Pod Affinity rules for scheduling Pods of this StatefulSet. - # https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#inter-pod-affinity-and-anti-affinity - podAffinity: {} - # Anti-affinity rules for scheduling Pods of this StatefulSet. - # https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#inter-pod-affinity-and-anti-affinity - # You may either toggle options below for default anti-affinity rules, - # or specify the whole set of anti-affinity rules instead of them. - podAntiAffinity: - # Type of anti-affinity rules: either `soft`, `hard` or empty value (which - # disables anti-affinity rules). - type: soft - # Weight for `soft` anti-affinity rules. - # Does not apply for other anti-affinity types. - weight: 100 - - # Node selection constraints for scheduling Pods of this StatefulSet. - # https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - nodeSelector: {} - - # PriorityClassName given to Pods of this StatefulSet - # https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass - priorityClassName: "" - - # Taints to be tolerated by Pods of this StatefulSet. - # https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - tolerations: [] - - - # Uncomment the following resources definitions or pass them from - # command line to control the CPU and memory resources allocated - # by Pods of this StatefulSet. - resources: {} - # limits: - # cpu: 100m - # memory: 512Mi - # requests: - # cpu: 100m - # memory: 512Mi - - -service: - ports: - # You can set a different external and internal gRPC ports and their name. - grpc: - external: - port: 26257 - name: grpc - # If the port number is different than `external.port`, then it will be - # named as `internal.name` in Service. - internal: - port: 26257 - # If using Istio set it to `cockroach`. - name: grpc-internal - http: - port: 8080 - name: http - - # This Service is meant to be used by clients of the database. - # It exposes a ClusterIP that will automatically load balance connections - # to the different database Pods. - public: - type: ClusterIP - # Additional labels to apply to this Service. - labels: - app.kubernetes.io/component: cockroachdb - # Additional annotations to apply to this Service. - annotations: {} - - # This service only exists to create DNS entries for each pod in - # the StatefulSet such that they can resolve each other's IP addresses. - # It does not create a load-balanced ClusterIP and should not be used directly - # by clients in most circumstances. - discovery: - # Additional labels to apply to this Service. - labels: - app.kubernetes.io/component: cockroachdb - # Additional annotations to apply to this Service. - annotations: {} - -# CockroachDB's ingress for web ui. -ingress: - enabled: false - labels: {} - annotations: {} - # kubernetes.io/ingress.class: nginx - # cert-manager.io/cluster-issuer: letsencrypt - paths: [/] - hosts: [] - # - cockroachlabs.com - tls: [] - # - hosts: [cockroachlabs.com] - # secretName: cockroachlabs-tls - -# CockroachDB's data persistence. -# If neither `persistentVolume` nor `hostPath` is used, then data will be -# persisted in ad-hoc `emptyDir`. -storage: - # Absolute path on host to store CockroachDB's data. - # If not specified, then `emptyDir` will be used instead. - # If specified, but `persistentVolume.enabled` is `true`, then has no effect. - hostPath: "" - - # If `enabled` is `true` then a PersistentVolumeClaim will be created and - # used to store CockroachDB's data, otherwise `hostPath` is used. - persistentVolume: - enabled: true - - size: 100Gi - - # If defined, then `storageClassName: `. - # If set to "-", then `storageClassName: ""`, which disables dynamic - # provisioning. - # If undefined or empty (default), then no `storageClassName` spec is set, - # so the default provisioner will be chosen (gp2 on AWS, standard on - # GKE, AWS & OpenStack). - storageClass: "" - - # Additional labels to apply to the created PersistentVolumeClaims. - labels: {} - # Additional annotations to apply to the created PersistentVolumeClaims. - annotations: {} - - -# Kubernetes Job which initializes multi-node CockroachDB cluster. -# It's not created if `statefulset.replicas` is `1`. -init: - # Additional labels to apply to this Job and its Pod. - labels: - app.kubernetes.io/component: init - - # Additional annotations to apply to the Pod of this Job. - annotations: {} - - # Affinity rules for scheduling the Pod of this Job. - # https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-affinity - affinity: {} - - # Node selection constraints for scheduling the Pod of this Job. - # https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - nodeSelector: {} - - # Taints to be tolerated by the Pod of this Job. - # https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - tolerations: [] - - # The init Pod runs at cluster creation to initialize CockroachDB. It finishes - # quickly and doesn't continue to consume resources in the Kubernetes - # cluster. Normally, you should leave this section commented out, but if your - # Kubernetes cluster uses Resource Quotas and requires all pods to specify - # resource requests or limits, you can set those here. - resources: {} - # requests: - # cpu: "10m" - # memory: "128Mi" - # limits: - # cpu: "10m" - # memory: "128Mi" - - -# Whether to run securely using TLS certificates. -tls: - enabled: false - serviceAccount: - # Specifies whether this ServiceAccount should be created. - create: true - # The name of this ServiceAccount to use. - # If not set and `create` is `true`, then a name is auto-generated. - name: "" - certs: - # Bring your own certs scenario. If provided, tls.init section will be ignored. - provided: false - # Secret name for the client root cert. - clientRootSecret: cockroachdb-root - # Secret name for node cert. - nodeSecret: cockroachdb-node - # Enable if the secret is a dedicated TLS. - # TLS secrets are created by cert-mananger, for example. - tlsSecret: false - - init: - # Image to use for requesting TLS certificates. - image: - repository: cockroachdb/cockroach-k8s-request-cert - tag: "0.4" - pullPolicy: IfNotPresent - credentials: {} - # registry: docker.io - # username: john_doe - # password: changeme - - -networkPolicy: - enabled: false - - ingress: - # List of sources which should be able to access the CockroachDB Pods via - # gRPC port. Items in this list are combined using a logical OR operation. - # Rules for allowing inter-communication are applied automatically. - # If empty, then connections from any Pod is allowed. - grpc: [] - # - podSelector: - # matchLabels: - # app.kubernetes.io/name: my-app-django - # app.kubernetes.io/instance: my-app - - # List of sources which should be able to access the CockroachDB Pods via - # HTTP port. Items in this list are combined using a logical OR operation. - # If empty, then connections from any Pod is allowed. - http: [] - # - namespaceSelector: - # matchLabels: - # project: my-project diff --git a/charts/csi-wekafs/csi-wekafsplugin/0.6.400+up0.6.4/.helmignore b/charts/csi-wekafs/csi-wekafsplugin/0.6.400+up0.6.4/.helmignore deleted file mode 100644 index 50af03172..000000000 --- a/charts/csi-wekafs/csi-wekafsplugin/0.6.400+up0.6.4/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/csi-wekafs/csi-wekafsplugin/0.6.400+up0.6.4/Chart.yaml b/charts/csi-wekafs/csi-wekafsplugin/0.6.400+up0.6.4/Chart.yaml deleted file mode 100644 index ec82541e9..000000000 --- a/charts/csi-wekafs/csi-wekafsplugin/0.6.400+up0.6.4/Chart.yaml +++ /dev/null @@ -1,14 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: csi-wekafsplugin -apiVersion: v2 -appVersion: 0.6.4 -description: Helm chart for Deployment of WekaIO Container Storage Interface (CSI) - plugin for WekaFS - the world fastest filesystem -home: https://github.com/weka/csi-wekafs -icon: https://weka.github.io/csi-wekafs/logo.png -name: csi-wekafsplugin -sources: -- https://github.com/weka/csi-wekafs/tree/v0.6.4/deploy/helm/csi-wekafsplugin -type: application -version: 0.6.400+up0.6.4 diff --git a/charts/csi-wekafs/csi-wekafsplugin/0.6.400+up0.6.4/LOCAL.md b/charts/csi-wekafs/csi-wekafsplugin/0.6.400+up0.6.4/LOCAL.md deleted file mode 100644 index de09f09f3..000000000 --- a/charts/csi-wekafs/csi-wekafsplugin/0.6.400+up0.6.4/LOCAL.md +++ /dev/null @@ -1,28 +0,0 @@ -# Overview -Helm Chart for Weka wekafs CSI driver deployment - -# Usage -## Install driver - - - Optionally modify values.yaml - - Create a name space for CSI driver deployment by issuing - ``` - kubectl create namespace csi-wekafsplugin - ``` - - Install the driver: - ``` - helm install csi-wekafsplugin --namespace csi-wekafsplugin -n=csi-wekafsplugin ./ - ``` - -## Uninstall driver -To uninstall a driver, issue the following command -``` -helm uninstall csi-wekafsplugin --namespace csi-wekafsplugin -n=csi-wekafsplugin -``` - -# Upgrade -To upgrade from versions before v0.6.0, first uninstall the previous version using cleanup script: -``` -./deploy/kubernetes-latest/cleanup.sh -``` -Then install as usual. \ No newline at end of file diff --git a/charts/csi-wekafs/csi-wekafsplugin/0.6.400+up0.6.4/README.md b/charts/csi-wekafs/csi-wekafsplugin/0.6.400+up0.6.4/README.md deleted file mode 100644 index d24f05dd7..000000000 --- a/charts/csi-wekafs/csi-wekafsplugin/0.6.400+up0.6.4/README.md +++ /dev/null @@ -1,23 +0,0 @@ -[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0) -[![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/csi-wekafs)](https://artifacthub.io/packages/search?repo=csi-wekafs) -# CSI WekaFS Driver - -This repository hosts the CSI WekaFS driver and all of its build and dependent configuration files to deploy the driver. - -## Pre-requisite -- Kubernetes cluster of version 1.18 and up, 1.19 and up recommended, 1.13 and up should work but were not tested. -- Helm v3 must be installed and configured properly -- Weka system pre-configured and Weka client installed and registered in cluster for each Kubernetes node - -## Deployment -```shell -helm repo add csi-wekafs https://weka.github.io/csi-wekafs -helm install csi-wekafsplugin csi-wekafs/csi-wekafsplugin --namespace csi-wekafsplugin --create-namespace -``` - -## Usage -- [Deploy an Example application](https://github.com/weka/csi-wekafs/blob/master/docs/usage.md) - -## Additional Documentation -- [Official Weka CSI Plugin documentation](https://docs.weka.io/appendix/weka-csi-plugin) - diff --git a/charts/csi-wekafs/csi-wekafsplugin/0.6.400+up0.6.4/app-readme.md b/charts/csi-wekafs/csi-wekafsplugin/0.6.400+up0.6.4/app-readme.md deleted file mode 100644 index 880868b3e..000000000 --- a/charts/csi-wekafs/csi-wekafsplugin/0.6.400+up0.6.4/app-readme.md +++ /dev/null @@ -1,20 +0,0 @@ -# WekaIO CSI Plugin -[Weka's](https://weka.io) parallel file system delivers the highest performance for the most data-intensive workloads, -powering solutions to problems the world has never seen before. - -This repository hosts the CSI WekaFS driver and all of its build and dependent configuration files to deploy the driver. - -## Pre-requisite -- Kubernetes cluster -- Helm v3 -- Running version 1.18 or later. Although older versions from 1.13 and up should work, they were not tested -- Weka system pre-configured and Weka client installed and registered in cluster for each Kubernetes node -## Deployment -```shell -helm repo add csi-wekafs https://weka.github.io/csi-wekafs -helm install csi-wekafsplugin csi-wekafs/csi-wekafsplugin --namespace csi-wekafsplugin --create-namespace -``` -## Usage -- [Deploy an Example application](https://github.com/weka/csi-wekafs/blob/master/docs/usage.md) -## Additional Documentation -- [Official Weka CSI Plugin documentation](https://docs.weka.io/appendix/weka-csi-plugin) diff --git a/charts/csi-wekafs/csi-wekafsplugin/0.6.400+up0.6.4/questions.yaml b/charts/csi-wekafs/csi-wekafsplugin/0.6.400+up0.6.4/questions.yaml deleted file mode 100644 index fd0d25dd8..000000000 --- a/charts/csi-wekafs/csi-wekafsplugin/0.6.400+up0.6.4/questions.yaml +++ /dev/null @@ -1,6 +0,0 @@ -questions: - - variable: dynamicProvisionPath - default: "csi-volumes" - required: false - label: Path for creation of dynamic volumes (relative to filesystem root) - group: "Global Settings" diff --git a/charts/csi-wekafs/csi-wekafsplugin/0.6.400+up0.6.4/templates/NOTES.txt b/charts/csi-wekafs/csi-wekafsplugin/0.6.400+up0.6.4/templates/NOTES.txt deleted file mode 100644 index 426acbc08..000000000 --- a/charts/csi-wekafs/csi-wekafsplugin/0.6.400+up0.6.4/templates/NOTES.txt +++ /dev/null @@ -1,10 +0,0 @@ -Thank you for installing {{ .Chart.Name }}. - -Your release is named {{ .Release.Name }}. - -To learn more about the release, try: - - $ helm status {{ .Release.Name }} - $ helm get all {{ .Release.Name }} - -Official Weka CSI Plugin documentation can be found here: https://docs.weka.io/appendix/weka-csi-plugin diff --git a/charts/csi-wekafs/csi-wekafsplugin/0.6.400+up0.6.4/templates/controllerserver.yaml b/charts/csi-wekafs/csi-wekafsplugin/0.6.400+up0.6.4/templates/controllerserver.yaml deleted file mode 100644 index 48f385f99..000000000 --- a/charts/csi-wekafs/csi-wekafsplugin/0.6.400+up0.6.4/templates/controllerserver.yaml +++ /dev/null @@ -1,242 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -imagePullSecrets: -- name: {{ .Release.Name }}-creds -metadata: - name: {{ .Release.Name }}-controller - namespace: {{ .Release.Namespace }} - ---- -# cluster role ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ .Release.Name }}-controller -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete", "update", "patch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch", "update", "patch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims/status"] - verbs: ["update", "patch"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] - - apiGroups: ["storage.k8s.io"] - resources: ["csinodes"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list", "watch"] - - apiGroups: ["storage.k8s.io"] - resources: ["volumeattachments"] - verbs: ["get", "list", "watch", "update", "patch"] - - apiGroups: ["storage.k8s.io"] - resources: ["volumeattachments/status"] - verbs: ["patch"] - - apiGroups: [""] - resources: ["pods"] - verbs: ["get", "list", "watch"] - - apiGroups: ["storage.k8s.io"] - resources: ["csinodeinfos"] - verbs: ["get", "list", "watch"] - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["create", "list", "watch", "delete", "get", "update"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents"] - verbs: ["create", "get", "list", "watch", "update", "delete", "patch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents/status"] - verbs: ["update", "create", "get", "list", "watch", "delete", "patch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots"] - verbs: ["get", "list", "watch", "update", "create", "delete", "patch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots/status"] - verbs: ["get", "list", "watch", "update", "create", "delete", "patch"] - ---- -# cluster role binding ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ .Release.Name }}-controller -subjects: - - kind: ServiceAccount - name: {{ .Release.Name }}-controller - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: {{ .Release.Name }}-controller - apiGroup: rbac.authorization.k8s.io - ---- -# stateful set of controller ---- -kind: StatefulSet -apiVersion: apps/v1 -metadata: - name: {{ .Release.Name }}-controller - namespace: {{ .Release.Namespace }} -spec: - selector: - matchLabels: - app: {{ .Release.Name }}-controller - serviceName: {{ .Release.Name }}-controller - replicas: 1 - template: - metadata: - labels: - app: {{ .Release.Name }}-controller - spec: - serviceAccountName: {{ .Release.Name }}-controller - containers: - - name: csi-attacher - image: {{ required "csi attacher sidercar image." .Values.images.attachersidecar }} - securityContext: - privileged: true - args: - - "--csi-address=$(ADDRESS)" - - "--v=5" - env: - - name: ADDRESS - value: unix:///csi/csi.sock - volumeMounts: - - name: socket-dir - mountPath: /csi - - name: csi-provisioner - image: {{ required "csi provisioner sidecar container image." .Values.images.provisionersidecar }} - args: - - "--v=5" - - "--csi-address=$(ADDRESS)" - - "--feature-gates=Topology=true" - env: - - name: ADDRESS - value: unix:///csi/csi.sock - volumeMounts: - - name: socket-dir - mountPath: "/csi" - - name: csi-resizer - image: {{ required "csi attacher sidercar image." .Values.images.resizersidecar }} - args: - - "--v=5" - - "--csi-address=$(ADDRESS)" - env: - - name: ADDRESS - value: unix:///csi/csi.sock - volumeMounts: - - name: socket-dir - mountPath: /csi - - - name: wekafs - securityContext: - privileged: true - image: {{ .Values.images.csidriver }}:v{{ .Values.images.csidriverTag }} - imagePullPolicy: Always - args: - - "--drivername=$(CSI_DRIVER_NAME)" - - "--v=5" - - "--endpoint=$(CSI_ENDPOINT)" - - "--nodeid=$(KUBE_NODE_NAME)" - - "--dynamic-path=$(CSI_DYNAMIC_PATH)" - - "--csimode=$(X_CSI_MODE)" - ports: - - containerPort: 9898 - name: healthz - protocol: TCP - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: healthz - initialDelaySeconds: 10 - timeoutSeconds: 3 - periodSeconds: 2 - env: - - name: CSI_ENDPOINT - value: unix:///csi/csi.sock - - name: CSI_DRIVER_NAME - value: {{ required "Provide CSI Driver Name" .Values.csiDriverName }} - - name: CSI_DRIVER_VERSION - value: {{ required "Provide CSI Driver version" .Values.csiDriverVersion }} - - name: X_CSI_MODE - value: controller - - name: CSI_DYNAMIC_PATH - value: {{ required "Provide CSI Driver Dynamic Volume Creation Path" .Values.dynamicProvisionPath }} - - name: X_CSI_DEBUG - value: "false" - - name: KUBE_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - volumeMounts: - - mountPath: /csi - name: socket-dir - - mountPath: /var/lib/kubelet/pods - mountPropagation: Bidirectional - name: mountpoint-dir - - mountPath: /var/lib/kubelet/plugins - mountPropagation: Bidirectional - name: plugins-dir - - mountPath: /var/lib/csi-wekafs-data - name: csi-data-dir - - mountPath: /dev - name: dev-dir - - - name: liveness-probe - volumeMounts: - - mountPath: /csi - name: socket-dir - image: {{ required "Provide Liveness Probe image." .Values.images.livenessprobesidecar }} - args: - - "--v=5" - - "--csi-address=$(ADDRESS)" - - "--health-port=$(HEALTH_PORT)" - env: - - name: ADDRESS - value: unix:///csi/csi.sock - - name: HEALTH_PORT - value: "9898" - {{- with .Values.controllerPluginTolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - hostPath: - path: /var/lib/kubelet/plugins/csi-wekafs - type: DirectoryOrCreate - name: socket-dir - - hostPath: - path: /var/lib/kubelet/pods - type: DirectoryOrCreate - name: mountpoint-dir - - hostPath: - path: /var/lib/kubelet/plugins_registry - type: Directory - name: registration-dir - - hostPath: - path: /var/lib/kubelet/plugins - type: Directory - name: plugins-dir - - hostPath: - # 'path' is where PV data is persisted on host. - # using /tmp is also possible while the PVs will not available after plugin container recreation or host reboot - path: /var/lib/csi-wekafs-data/ - type: DirectoryOrCreate - name: csi-data-dir - - hostPath: - path: /dev - type: Directory - name: dev-dir diff --git a/charts/csi-wekafs/csi-wekafsplugin/0.6.400+up0.6.4/templates/driver.yaml b/charts/csi-wekafs/csi-wekafsplugin/0.6.400+up0.6.4/templates/driver.yaml deleted file mode 100644 index 83e1d8689..000000000 --- a/charts/csi-wekafs/csi-wekafsplugin/0.6.400+up0.6.4/templates/driver.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: storage.k8s.io/v1 -kind: CSIDriver -metadata: - name: {{ required "Provide CSI Driver Name" .Values.csiDriverName }} -spec: - attachRequired: true - podInfoOnMount: true - volumeLifecycleModes: - - Persistent diff --git a/charts/csi-wekafs/csi-wekafsplugin/0.6.400+up0.6.4/templates/nodeserver.yaml b/charts/csi-wekafs/csi-wekafsplugin/0.6.400+up0.6.4/templates/nodeserver.yaml deleted file mode 100644 index 76ce743d5..000000000 --- a/charts/csi-wekafs/csi-wekafsplugin/0.6.400+up0.6.4/templates/nodeserver.yaml +++ /dev/null @@ -1,182 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -imagePullSecrets: -- name: {{ .Release.Name }}-creds -metadata: - name: {{ .Release.Name }}-node - namespace: {{ .Release.Namespace }} - ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ .Release.Name }}-node -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["create", "delete", "get", "list", "watch", "update"] - - apiGroups: [""] - resources: ["persistentvolumesclaims"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: [""] - resources: ["events"] - verbs: ["get", "list", "watch", "create", "update", "patch"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list", "watch", "update", "patch"] - - apiGroups: ["storage.k8s.io"] - resources: ["volumeattachments"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: ["storage.k8s.io"] - resources: ["volumeattachments"] - verbs: ["get", "list", "watch", "update"] - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ .Release.Name }}-node -subjects: - - kind: ServiceAccount - name: {{ .Release.Name }}-node - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: {{ .Release.Name }}-node - apiGroup: rbac.authorization.k8s.io ---- -kind: DaemonSet -apiVersion: apps/v1 -metadata: - name: {{ .Release.Name }}-node - namespace: {{ .Release.Namespace }} -spec: - selector: - matchLabels: - app: {{ .Release.Name }}-node - template: - metadata: - labels: - app: {{ .Release.Name }}-node - spec: - serviceAccountName: {{ .Release.Name }}-node - hostNetwork: true - containers: - - name: wekafs - securityContext: - privileged: true - image: {{ .Values.images.csidriver }}:v{{ .Values.images.csidriverTag }} - imagePullPolicy: Always - args: - - "--v=5" - - "--drivername=$(CSI_DRIVER_NAME)" - - "--endpoint=$(CSI_ENDPOINT)" - - "--nodeid=$(KUBE_NODE_NAME)" - - "--dynamic-path=$(CSI_DYNAMIC_PATH)" - - "--csimode=$(X_CSI_MODE)" - ports: - - containerPort: 9898 - name: healthz - protocol: TCP - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: healthz - initialDelaySeconds: 10 - timeoutSeconds: 3 - periodSeconds: 2 - env: - - name: CSI_DRIVER_NAME - value: {{ required "Provide CSI Driver Name" .Values.csiDriverName }} - - name: CSI_ENDPOINT - value: unix:///csi/csi.sock - - name: KUBE_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: CSI_DYNAMIC_PATH - value: {{ required "Provide CSI Driver Dynamic Volume Creation Path" .Values.dynamicProvisionPath }} - - name: X_CSI_MODE - value: node - volumeMounts: - - mountPath: /csi - name: socket-dir - - mountPath: /var/lib/kubelet/pods - mountPropagation: Bidirectional - name: mountpoint-dir - - mountPath: /var/lib/kubelet/plugins - mountPropagation: Bidirectional - name: plugins-dir - - mountPath: /var/lib/csi-wekafs-data - name: csi-data-dir - - mountPath: /dev - name: dev-dir - - - name: liveness-probe - volumeMounts: - - mountPath: /csi - name: socket-dir - image: {{ required "Provide Liveness Probe image." .Values.images.livenessprobesidecar }} - args: - - "--v=5" - - "--csi-address=$(ADDRESS)" - - "--health-port=$(HEALTH_PORT)" - env: - - name: ADDRESS - value: unix:///csi/csi.sock - - name: HEALTH_PORT - value: "9898" - - - name: csi-registrar - image: {{ required "Provide the csi node registrar sidecar container image." .Values.images.registrarsidecar }} - args: - - "--v=5" - - "--csi-address=$(ADDRESS)" - - "--kubelet-registration-path=/var/lib/kubelet/plugins/csi-wekafs/csi.sock" - securityContext: - privileged: true - env: - - name: ADDRESS - value: unix:///csi/csi.sock - volumeMounts: - - mountPath: /csi - name: socket-dir - - mountPath: /registration - name: registration-dir - - mountPath: /var/lib/csi-wekafs-data - name: csi-data-dir - {{- with .Values.nodePluginTolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - hostPath: - path: /var/lib/kubelet/plugins/csi-wekafs - type: DirectoryOrCreate - name: socket-dir - - hostPath: - path: /var/lib/kubelet/pods - type: DirectoryOrCreate - name: mountpoint-dir - - hostPath: - path: /var/lib/kubelet/plugins_registry - type: Directory - name: registration-dir - - hostPath: - path: /var/lib/kubelet/plugins - type: Directory - name: plugins-dir - - hostPath: - # 'path' is where PV data is persisted on host. - # using /tmp is also possible while the PVs will not available after plugin container recreation or host reboot - path: /var/lib/csi-wekafs-data/ - type: DirectoryOrCreate - name: csi-data-dir - - hostPath: - path: /dev - type: Directory - name: dev-dir diff --git a/charts/csi-wekafs/csi-wekafsplugin/0.6.400+up0.6.4/values.schema.json b/charts/csi-wekafs/csi-wekafsplugin/0.6.400+up0.6.4/values.schema.json deleted file mode 100644 index 763641204..000000000 --- a/charts/csi-wekafs/csi-wekafsplugin/0.6.400+up0.6.4/values.schema.json +++ /dev/null @@ -1,104 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "type": "object", - "properties": { - "controllerPluginTolerations": { - "type": "array", - "description": "CSI Controller component tolerations", - "items": { - "type": "object", - "properties": { - "effect": { - "type": "string" - }, - "key": { - "type": "string" - }, - "operator": { - "type": "string" - } - } - } - }, - "csiDriverName": { - "type": "string", - "description": "Override name of CSI driver" - }, - "csiDriverVersion": { - "type": "string" - }, - "dynamicProvisionPath": { - "type": "string", - "description": "Root path of dynamic volumes (relative to filesystem root)" - }, - "globalPluginTolerations": { - "type": "array", - "description": "Global tolerations for all plugin components", - "items": { - "type": "object", - "properties": { - "effect": { - "type": "string" - }, - "key": { - "type": "string" - }, - "operator": { - "type": "string" - } - } - } - }, - "images": { - "type": "object", - "properties": { - "attachersidecar": { - "type": "string", - "description": "Path to Docker image of attachersidecar container" - }, - "csidriver": { - "type": "string", - "description": "Path to Docker image of csidriver container" - }, - "csidriverTag": { - "type": "string", - "description": "Path to Docker image of csidriverTag container" - }, - "livenessprobesidecar": { - "type": "string", - "description": "Path to Docker image of livenessprobesidecar container" - }, - "provisionersidecar": { - "type": "string", - "description": "Path to Docker image of provisionersidecar container" - }, - "registrarsidecar": { - "type": "string", - "description": "Path to Docker image of registrarsidecar container" - }, - "resizersidecar": { - "type": "string", - "description": "Path to Docker image of resizersidecar container" - } - } - }, - "nodePluginTolerations": { - "type": "array", - "description": "CSI Node component tolerations", - "items": { - "type": "object", - "properties": { - "effect": { - "type": "string" - }, - "key": { - "type": "string" - }, - "operator": { - "type": "string" - } - } - } - } - } -} diff --git a/charts/csi-wekafs/csi-wekafsplugin/0.6.400+up0.6.4/values.yaml b/charts/csi-wekafs/csi-wekafsplugin/0.6.400+up0.6.4/values.yaml deleted file mode 100644 index caf492e31..000000000 --- a/charts/csi-wekafs/csi-wekafsplugin/0.6.400+up0.6.4/values.yaml +++ /dev/null @@ -1,40 +0,0 @@ -# Default values for csi-wekafsplugin. - -# directory in root of file system where dynamic volumes are provisioned -dynamicProvisionPath: "csi-volumes" - -# name of the driver -# note same name will be used for provisioner name -csiDriverName : "csi.weka.io" -csiDriverVersion : &csiDriverVersion "0.6.4" - -# Image paths -images: - # "images.liveness-probe-sidecar" defines the container image used for the csi liveness probe sidecar - livenessprobesidecar: quay.io/k8scsi/livenessprobe:v1.1.0 - - # "images.attacher-sidercar" defines the container image used for the csi attacher sidecar - attachersidecar: quay.io/k8scsi/csi-attacher:v3.0.0-rc1 - - # "images.provisioner-sidercar" defines the container image used for the csi provisioner sidecar - provisionersidecar: quay.io/k8scsi/csi-provisioner:v1.6.0 - - # "images.registrar-sidercar" defines the container images used for the csi registrar sidercar - registrarsidecar: quay.io/k8scsi/csi-node-driver-registrar:v1.3.0 - - # "images.resizer-sidercar" defines the container image used for the csi provisioner sidecar - resizersidecar: quay.io/k8scsi/csi-resizer:v0.5.0 - - # images.csidriver defines csidriver image used for external provisioning - csidriver: quay.io/weka.io/csi-wekafs - csidriverTag: *csiDriverVersion - -globalPluginTolerations: &globalPluginTolerations - - key: node-role.kubernetes.io/master - operator: Exists - effect: NoSchedule - -controllerPluginTolerations: *globalPluginTolerations - -nodePluginTolerations: *globalPluginTolerations - diff --git a/charts/csi-wekafs/csi-wekafsplugin/0.6.400/.helmignore b/charts/csi-wekafs/csi-wekafsplugin/0.6.400/.helmignore deleted file mode 100755 index 50af03172..000000000 --- a/charts/csi-wekafs/csi-wekafsplugin/0.6.400/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/csi-wekafs/csi-wekafsplugin/0.6.400/Chart.yaml b/charts/csi-wekafs/csi-wekafsplugin/0.6.400/Chart.yaml deleted file mode 100755 index 2831183b3..000000000 --- a/charts/csi-wekafs/csi-wekafsplugin/0.6.400/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: csi-wekafsplugin -apiVersion: v2 -appVersion: 0.6.4 -description: Helm chart for Deployment of WekaIO Container Storage Interface (CSI) plugin for WekaFS - the world fastest filesystem -home: https://github.com/weka/csi-wekafs -icon: https://weka.github.io/csi-wekafs/logo.png -name: csi-wekafsplugin -sources: -- https://github.com/weka/csi-wekafs/tree/v0.6.4/deploy/helm/csi-wekafsplugin -type: application -version: 0.6.400 diff --git a/charts/csi-wekafs/csi-wekafsplugin/0.6.400/LOCAL.md b/charts/csi-wekafs/csi-wekafsplugin/0.6.400/LOCAL.md deleted file mode 100755 index de09f09f3..000000000 --- a/charts/csi-wekafs/csi-wekafsplugin/0.6.400/LOCAL.md +++ /dev/null @@ -1,28 +0,0 @@ -# Overview -Helm Chart for Weka wekafs CSI driver deployment - -# Usage -## Install driver - - - Optionally modify values.yaml - - Create a name space for CSI driver deployment by issuing - ``` - kubectl create namespace csi-wekafsplugin - ``` - - Install the driver: - ``` - helm install csi-wekafsplugin --namespace csi-wekafsplugin -n=csi-wekafsplugin ./ - ``` - -## Uninstall driver -To uninstall a driver, issue the following command -``` -helm uninstall csi-wekafsplugin --namespace csi-wekafsplugin -n=csi-wekafsplugin -``` - -# Upgrade -To upgrade from versions before v0.6.0, first uninstall the previous version using cleanup script: -``` -./deploy/kubernetes-latest/cleanup.sh -``` -Then install as usual. \ No newline at end of file diff --git a/charts/csi-wekafs/csi-wekafsplugin/0.6.400/README.md b/charts/csi-wekafs/csi-wekafsplugin/0.6.400/README.md deleted file mode 100755 index d24f05dd7..000000000 --- a/charts/csi-wekafs/csi-wekafsplugin/0.6.400/README.md +++ /dev/null @@ -1,23 +0,0 @@ -[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0) -[![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/csi-wekafs)](https://artifacthub.io/packages/search?repo=csi-wekafs) -# CSI WekaFS Driver - -This repository hosts the CSI WekaFS driver and all of its build and dependent configuration files to deploy the driver. - -## Pre-requisite -- Kubernetes cluster of version 1.18 and up, 1.19 and up recommended, 1.13 and up should work but were not tested. -- Helm v3 must be installed and configured properly -- Weka system pre-configured and Weka client installed and registered in cluster for each Kubernetes node - -## Deployment -```shell -helm repo add csi-wekafs https://weka.github.io/csi-wekafs -helm install csi-wekafsplugin csi-wekafs/csi-wekafsplugin --namespace csi-wekafsplugin --create-namespace -``` - -## Usage -- [Deploy an Example application](https://github.com/weka/csi-wekafs/blob/master/docs/usage.md) - -## Additional Documentation -- [Official Weka CSI Plugin documentation](https://docs.weka.io/appendix/weka-csi-plugin) - diff --git a/charts/csi-wekafs/csi-wekafsplugin/0.6.400/app-readme.md b/charts/csi-wekafs/csi-wekafsplugin/0.6.400/app-readme.md deleted file mode 100755 index 880868b3e..000000000 --- a/charts/csi-wekafs/csi-wekafsplugin/0.6.400/app-readme.md +++ /dev/null @@ -1,20 +0,0 @@ -# WekaIO CSI Plugin -[Weka's](https://weka.io) parallel file system delivers the highest performance for the most data-intensive workloads, -powering solutions to problems the world has never seen before. - -This repository hosts the CSI WekaFS driver and all of its build and dependent configuration files to deploy the driver. - -## Pre-requisite -- Kubernetes cluster -- Helm v3 -- Running version 1.18 or later. Although older versions from 1.13 and up should work, they were not tested -- Weka system pre-configured and Weka client installed and registered in cluster for each Kubernetes node -## Deployment -```shell -helm repo add csi-wekafs https://weka.github.io/csi-wekafs -helm install csi-wekafsplugin csi-wekafs/csi-wekafsplugin --namespace csi-wekafsplugin --create-namespace -``` -## Usage -- [Deploy an Example application](https://github.com/weka/csi-wekafs/blob/master/docs/usage.md) -## Additional Documentation -- [Official Weka CSI Plugin documentation](https://docs.weka.io/appendix/weka-csi-plugin) diff --git a/charts/csi-wekafs/csi-wekafsplugin/0.6.400/questions.yaml b/charts/csi-wekafs/csi-wekafsplugin/0.6.400/questions.yaml deleted file mode 100755 index fd0d25dd8..000000000 --- a/charts/csi-wekafs/csi-wekafsplugin/0.6.400/questions.yaml +++ /dev/null @@ -1,6 +0,0 @@ -questions: - - variable: dynamicProvisionPath - default: "csi-volumes" - required: false - label: Path for creation of dynamic volumes (relative to filesystem root) - group: "Global Settings" diff --git a/charts/csi-wekafs/csi-wekafsplugin/0.6.400/templates/NOTES.txt b/charts/csi-wekafs/csi-wekafsplugin/0.6.400/templates/NOTES.txt deleted file mode 100755 index 426acbc08..000000000 --- a/charts/csi-wekafs/csi-wekafsplugin/0.6.400/templates/NOTES.txt +++ /dev/null @@ -1,10 +0,0 @@ -Thank you for installing {{ .Chart.Name }}. - -Your release is named {{ .Release.Name }}. - -To learn more about the release, try: - - $ helm status {{ .Release.Name }} - $ helm get all {{ .Release.Name }} - -Official Weka CSI Plugin documentation can be found here: https://docs.weka.io/appendix/weka-csi-plugin diff --git a/charts/csi-wekafs/csi-wekafsplugin/0.6.400/templates/controllerserver.yaml b/charts/csi-wekafs/csi-wekafsplugin/0.6.400/templates/controllerserver.yaml deleted file mode 100755 index 48f385f99..000000000 --- a/charts/csi-wekafs/csi-wekafsplugin/0.6.400/templates/controllerserver.yaml +++ /dev/null @@ -1,242 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -imagePullSecrets: -- name: {{ .Release.Name }}-creds -metadata: - name: {{ .Release.Name }}-controller - namespace: {{ .Release.Namespace }} - ---- -# cluster role ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ .Release.Name }}-controller -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete", "update", "patch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch", "update", "patch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims/status"] - verbs: ["update", "patch"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] - - apiGroups: ["storage.k8s.io"] - resources: ["csinodes"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list", "watch"] - - apiGroups: ["storage.k8s.io"] - resources: ["volumeattachments"] - verbs: ["get", "list", "watch", "update", "patch"] - - apiGroups: ["storage.k8s.io"] - resources: ["volumeattachments/status"] - verbs: ["patch"] - - apiGroups: [""] - resources: ["pods"] - verbs: ["get", "list", "watch"] - - apiGroups: ["storage.k8s.io"] - resources: ["csinodeinfos"] - verbs: ["get", "list", "watch"] - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["create", "list", "watch", "delete", "get", "update"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents"] - verbs: ["create", "get", "list", "watch", "update", "delete", "patch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents/status"] - verbs: ["update", "create", "get", "list", "watch", "delete", "patch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots"] - verbs: ["get", "list", "watch", "update", "create", "delete", "patch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots/status"] - verbs: ["get", "list", "watch", "update", "create", "delete", "patch"] - ---- -# cluster role binding ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ .Release.Name }}-controller -subjects: - - kind: ServiceAccount - name: {{ .Release.Name }}-controller - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: {{ .Release.Name }}-controller - apiGroup: rbac.authorization.k8s.io - ---- -# stateful set of controller ---- -kind: StatefulSet -apiVersion: apps/v1 -metadata: - name: {{ .Release.Name }}-controller - namespace: {{ .Release.Namespace }} -spec: - selector: - matchLabels: - app: {{ .Release.Name }}-controller - serviceName: {{ .Release.Name }}-controller - replicas: 1 - template: - metadata: - labels: - app: {{ .Release.Name }}-controller - spec: - serviceAccountName: {{ .Release.Name }}-controller - containers: - - name: csi-attacher - image: {{ required "csi attacher sidercar image." .Values.images.attachersidecar }} - securityContext: - privileged: true - args: - - "--csi-address=$(ADDRESS)" - - "--v=5" - env: - - name: ADDRESS - value: unix:///csi/csi.sock - volumeMounts: - - name: socket-dir - mountPath: /csi - - name: csi-provisioner - image: {{ required "csi provisioner sidecar container image." .Values.images.provisionersidecar }} - args: - - "--v=5" - - "--csi-address=$(ADDRESS)" - - "--feature-gates=Topology=true" - env: - - name: ADDRESS - value: unix:///csi/csi.sock - volumeMounts: - - name: socket-dir - mountPath: "/csi" - - name: csi-resizer - image: {{ required "csi attacher sidercar image." .Values.images.resizersidecar }} - args: - - "--v=5" - - "--csi-address=$(ADDRESS)" - env: - - name: ADDRESS - value: unix:///csi/csi.sock - volumeMounts: - - name: socket-dir - mountPath: /csi - - - name: wekafs - securityContext: - privileged: true - image: {{ .Values.images.csidriver }}:v{{ .Values.images.csidriverTag }} - imagePullPolicy: Always - args: - - "--drivername=$(CSI_DRIVER_NAME)" - - "--v=5" - - "--endpoint=$(CSI_ENDPOINT)" - - "--nodeid=$(KUBE_NODE_NAME)" - - "--dynamic-path=$(CSI_DYNAMIC_PATH)" - - "--csimode=$(X_CSI_MODE)" - ports: - - containerPort: 9898 - name: healthz - protocol: TCP - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: healthz - initialDelaySeconds: 10 - timeoutSeconds: 3 - periodSeconds: 2 - env: - - name: CSI_ENDPOINT - value: unix:///csi/csi.sock - - name: CSI_DRIVER_NAME - value: {{ required "Provide CSI Driver Name" .Values.csiDriverName }} - - name: CSI_DRIVER_VERSION - value: {{ required "Provide CSI Driver version" .Values.csiDriverVersion }} - - name: X_CSI_MODE - value: controller - - name: CSI_DYNAMIC_PATH - value: {{ required "Provide CSI Driver Dynamic Volume Creation Path" .Values.dynamicProvisionPath }} - - name: X_CSI_DEBUG - value: "false" - - name: KUBE_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - volumeMounts: - - mountPath: /csi - name: socket-dir - - mountPath: /var/lib/kubelet/pods - mountPropagation: Bidirectional - name: mountpoint-dir - - mountPath: /var/lib/kubelet/plugins - mountPropagation: Bidirectional - name: plugins-dir - - mountPath: /var/lib/csi-wekafs-data - name: csi-data-dir - - mountPath: /dev - name: dev-dir - - - name: liveness-probe - volumeMounts: - - mountPath: /csi - name: socket-dir - image: {{ required "Provide Liveness Probe image." .Values.images.livenessprobesidecar }} - args: - - "--v=5" - - "--csi-address=$(ADDRESS)" - - "--health-port=$(HEALTH_PORT)" - env: - - name: ADDRESS - value: unix:///csi/csi.sock - - name: HEALTH_PORT - value: "9898" - {{- with .Values.controllerPluginTolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - hostPath: - path: /var/lib/kubelet/plugins/csi-wekafs - type: DirectoryOrCreate - name: socket-dir - - hostPath: - path: /var/lib/kubelet/pods - type: DirectoryOrCreate - name: mountpoint-dir - - hostPath: - path: /var/lib/kubelet/plugins_registry - type: Directory - name: registration-dir - - hostPath: - path: /var/lib/kubelet/plugins - type: Directory - name: plugins-dir - - hostPath: - # 'path' is where PV data is persisted on host. - # using /tmp is also possible while the PVs will not available after plugin container recreation or host reboot - path: /var/lib/csi-wekafs-data/ - type: DirectoryOrCreate - name: csi-data-dir - - hostPath: - path: /dev - type: Directory - name: dev-dir diff --git a/charts/csi-wekafs/csi-wekafsplugin/0.6.400/templates/driver.yaml b/charts/csi-wekafs/csi-wekafsplugin/0.6.400/templates/driver.yaml deleted file mode 100755 index 83e1d8689..000000000 --- a/charts/csi-wekafs/csi-wekafsplugin/0.6.400/templates/driver.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: storage.k8s.io/v1 -kind: CSIDriver -metadata: - name: {{ required "Provide CSI Driver Name" .Values.csiDriverName }} -spec: - attachRequired: true - podInfoOnMount: true - volumeLifecycleModes: - - Persistent diff --git a/charts/csi-wekafs/csi-wekafsplugin/0.6.400/templates/nodeserver.yaml b/charts/csi-wekafs/csi-wekafsplugin/0.6.400/templates/nodeserver.yaml deleted file mode 100755 index 76ce743d5..000000000 --- a/charts/csi-wekafs/csi-wekafsplugin/0.6.400/templates/nodeserver.yaml +++ /dev/null @@ -1,182 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -imagePullSecrets: -- name: {{ .Release.Name }}-creds -metadata: - name: {{ .Release.Name }}-node - namespace: {{ .Release.Namespace }} - ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ .Release.Name }}-node -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["create", "delete", "get", "list", "watch", "update"] - - apiGroups: [""] - resources: ["persistentvolumesclaims"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: [""] - resources: ["events"] - verbs: ["get", "list", "watch", "create", "update", "patch"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list", "watch", "update", "patch"] - - apiGroups: ["storage.k8s.io"] - resources: ["volumeattachments"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: ["storage.k8s.io"] - resources: ["volumeattachments"] - verbs: ["get", "list", "watch", "update"] - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ .Release.Name }}-node -subjects: - - kind: ServiceAccount - name: {{ .Release.Name }}-node - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: {{ .Release.Name }}-node - apiGroup: rbac.authorization.k8s.io ---- -kind: DaemonSet -apiVersion: apps/v1 -metadata: - name: {{ .Release.Name }}-node - namespace: {{ .Release.Namespace }} -spec: - selector: - matchLabels: - app: {{ .Release.Name }}-node - template: - metadata: - labels: - app: {{ .Release.Name }}-node - spec: - serviceAccountName: {{ .Release.Name }}-node - hostNetwork: true - containers: - - name: wekafs - securityContext: - privileged: true - image: {{ .Values.images.csidriver }}:v{{ .Values.images.csidriverTag }} - imagePullPolicy: Always - args: - - "--v=5" - - "--drivername=$(CSI_DRIVER_NAME)" - - "--endpoint=$(CSI_ENDPOINT)" - - "--nodeid=$(KUBE_NODE_NAME)" - - "--dynamic-path=$(CSI_DYNAMIC_PATH)" - - "--csimode=$(X_CSI_MODE)" - ports: - - containerPort: 9898 - name: healthz - protocol: TCP - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: healthz - initialDelaySeconds: 10 - timeoutSeconds: 3 - periodSeconds: 2 - env: - - name: CSI_DRIVER_NAME - value: {{ required "Provide CSI Driver Name" .Values.csiDriverName }} - - name: CSI_ENDPOINT - value: unix:///csi/csi.sock - - name: KUBE_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: CSI_DYNAMIC_PATH - value: {{ required "Provide CSI Driver Dynamic Volume Creation Path" .Values.dynamicProvisionPath }} - - name: X_CSI_MODE - value: node - volumeMounts: - - mountPath: /csi - name: socket-dir - - mountPath: /var/lib/kubelet/pods - mountPropagation: Bidirectional - name: mountpoint-dir - - mountPath: /var/lib/kubelet/plugins - mountPropagation: Bidirectional - name: plugins-dir - - mountPath: /var/lib/csi-wekafs-data - name: csi-data-dir - - mountPath: /dev - name: dev-dir - - - name: liveness-probe - volumeMounts: - - mountPath: /csi - name: socket-dir - image: {{ required "Provide Liveness Probe image." .Values.images.livenessprobesidecar }} - args: - - "--v=5" - - "--csi-address=$(ADDRESS)" - - "--health-port=$(HEALTH_PORT)" - env: - - name: ADDRESS - value: unix:///csi/csi.sock - - name: HEALTH_PORT - value: "9898" - - - name: csi-registrar - image: {{ required "Provide the csi node registrar sidecar container image." .Values.images.registrarsidecar }} - args: - - "--v=5" - - "--csi-address=$(ADDRESS)" - - "--kubelet-registration-path=/var/lib/kubelet/plugins/csi-wekafs/csi.sock" - securityContext: - privileged: true - env: - - name: ADDRESS - value: unix:///csi/csi.sock - volumeMounts: - - mountPath: /csi - name: socket-dir - - mountPath: /registration - name: registration-dir - - mountPath: /var/lib/csi-wekafs-data - name: csi-data-dir - {{- with .Values.nodePluginTolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - hostPath: - path: /var/lib/kubelet/plugins/csi-wekafs - type: DirectoryOrCreate - name: socket-dir - - hostPath: - path: /var/lib/kubelet/pods - type: DirectoryOrCreate - name: mountpoint-dir - - hostPath: - path: /var/lib/kubelet/plugins_registry - type: Directory - name: registration-dir - - hostPath: - path: /var/lib/kubelet/plugins - type: Directory - name: plugins-dir - - hostPath: - # 'path' is where PV data is persisted on host. - # using /tmp is also possible while the PVs will not available after plugin container recreation or host reboot - path: /var/lib/csi-wekafs-data/ - type: DirectoryOrCreate - name: csi-data-dir - - hostPath: - path: /dev - type: Directory - name: dev-dir diff --git a/charts/csi-wekafs/csi-wekafsplugin/0.6.400/values.schema.json b/charts/csi-wekafs/csi-wekafsplugin/0.6.400/values.schema.json deleted file mode 100755 index 763641204..000000000 --- a/charts/csi-wekafs/csi-wekafsplugin/0.6.400/values.schema.json +++ /dev/null @@ -1,104 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "type": "object", - "properties": { - "controllerPluginTolerations": { - "type": "array", - "description": "CSI Controller component tolerations", - "items": { - "type": "object", - "properties": { - "effect": { - "type": "string" - }, - "key": { - "type": "string" - }, - "operator": { - "type": "string" - } - } - } - }, - "csiDriverName": { - "type": "string", - "description": "Override name of CSI driver" - }, - "csiDriverVersion": { - "type": "string" - }, - "dynamicProvisionPath": { - "type": "string", - "description": "Root path of dynamic volumes (relative to filesystem root)" - }, - "globalPluginTolerations": { - "type": "array", - "description": "Global tolerations for all plugin components", - "items": { - "type": "object", - "properties": { - "effect": { - "type": "string" - }, - "key": { - "type": "string" - }, - "operator": { - "type": "string" - } - } - } - }, - "images": { - "type": "object", - "properties": { - "attachersidecar": { - "type": "string", - "description": "Path to Docker image of attachersidecar container" - }, - "csidriver": { - "type": "string", - "description": "Path to Docker image of csidriver container" - }, - "csidriverTag": { - "type": "string", - "description": "Path to Docker image of csidriverTag container" - }, - "livenessprobesidecar": { - "type": "string", - "description": "Path to Docker image of livenessprobesidecar container" - }, - "provisionersidecar": { - "type": "string", - "description": "Path to Docker image of provisionersidecar container" - }, - "registrarsidecar": { - "type": "string", - "description": "Path to Docker image of registrarsidecar container" - }, - "resizersidecar": { - "type": "string", - "description": "Path to Docker image of resizersidecar container" - } - } - }, - "nodePluginTolerations": { - "type": "array", - "description": "CSI Node component tolerations", - "items": { - "type": "object", - "properties": { - "effect": { - "type": "string" - }, - "key": { - "type": "string" - }, - "operator": { - "type": "string" - } - } - } - } - } -} diff --git a/charts/csi-wekafs/csi-wekafsplugin/0.6.400/values.yaml b/charts/csi-wekafs/csi-wekafsplugin/0.6.400/values.yaml deleted file mode 100755 index caf492e31..000000000 --- a/charts/csi-wekafs/csi-wekafsplugin/0.6.400/values.yaml +++ /dev/null @@ -1,40 +0,0 @@ -# Default values for csi-wekafsplugin. - -# directory in root of file system where dynamic volumes are provisioned -dynamicProvisionPath: "csi-volumes" - -# name of the driver -# note same name will be used for provisioner name -csiDriverName : "csi.weka.io" -csiDriverVersion : &csiDriverVersion "0.6.4" - -# Image paths -images: - # "images.liveness-probe-sidecar" defines the container image used for the csi liveness probe sidecar - livenessprobesidecar: quay.io/k8scsi/livenessprobe:v1.1.0 - - # "images.attacher-sidercar" defines the container image used for the csi attacher sidecar - attachersidecar: quay.io/k8scsi/csi-attacher:v3.0.0-rc1 - - # "images.provisioner-sidercar" defines the container image used for the csi provisioner sidecar - provisionersidecar: quay.io/k8scsi/csi-provisioner:v1.6.0 - - # "images.registrar-sidercar" defines the container images used for the csi registrar sidercar - registrarsidecar: quay.io/k8scsi/csi-node-driver-registrar:v1.3.0 - - # "images.resizer-sidercar" defines the container image used for the csi provisioner sidecar - resizersidecar: quay.io/k8scsi/csi-resizer:v0.5.0 - - # images.csidriver defines csidriver image used for external provisioning - csidriver: quay.io/weka.io/csi-wekafs - csidriverTag: *csiDriverVersion - -globalPluginTolerations: &globalPluginTolerations - - key: node-role.kubernetes.io/master - operator: Exists - effect: NoSchedule - -controllerPluginTolerations: *globalPluginTolerations - -nodePluginTolerations: *globalPluginTolerations - diff --git a/charts/datadog/datadog/2.4.200+up2.4.2/.helmignore b/charts/datadog/datadog/2.4.200+up2.4.2/.helmignore deleted file mode 100644 index 46fd89965..000000000 --- a/charts/datadog/datadog/2.4.200+up2.4.2/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -# OWNERS file for Kubernetes -OWNERS diff --git a/charts/datadog/datadog/2.4.200+up2.4.2/CHANGELOG.md b/charts/datadog/datadog/2.4.200+up2.4.2/CHANGELOG.md deleted file mode 100644 index fe4209075..000000000 --- a/charts/datadog/datadog/2.4.200+up2.4.2/CHANGELOG.md +++ /dev/null @@ -1,328 +0,0 @@ -# Datadog changelog - -## Changelog is now available through Git history/GitHub tags, previous tags kept as reference - -## 2.3.41 - -* Fix issue with Kubernetes <= 1.14 and Cluster Agent's External Metrics Provider (must be 443) - -## 2.3.40 - -* Update documentation for resource requests & limits default values. - -## 2.3.39 - -* Propagate `datadog.checksd` to the clusterchecks runner to support custom checks there. - -## 2.3.38 - -* Add support of DD\_CONTAINER\_{INCLUDE,EXCLUDE}\_{METRICS,LOGS} - -## 2.3.37 - -* Add NET\_BROADCAST capability - -## 2.3.36 - -* Bump default Agent version to `7.21.1` - -## 2.3.35 - -* Add support for configuring the Datadog Admission Controller - -## 2.3.34 - -* Add support for scaling based on `DatadogMetric` CRD - -## 2.3.33 - -* Create new `datadog.podSecurity.securityContext` field to fix windows agent daemonset config. - -## 2.3.32 - -* Always add os in nodeSelector based on `targetSystem` - -## 2.3.31 - -* Fixed daemonset template for go 1.14 - -## 2.3.29 - -* Change the default port for the Cluster Agent's External Metrics Provider - from 443 to 8443. -* Document usage of `clusterAgent.env` - -## 2.3.28 - -* fix daemonset template generation if `datadog.securityContext` is set to `nil` - -## 2.3.27 - -* add systemProbe.collectDNSStats option - -## 2.3.26 - -* fix PodSecurityContext configuration - -## 2.3.25 - -* Use directly .env var YAML block for all agents (was already the case for Cluster Agent) - -## 2.3.24 - -* Allow enabling Orchestrator Explorer data collection from the process-agent - -## 2.3.23 - -* Add the possibility to create a `PodSecurityPolicy` or a `SecurityContextConstraints` (Openshift) for the Agent's Daemonset Pods. - -## 2.3.22 - -* Remove duplicate imagePullSecrets -* Fix DataDog location to useConfigMap in docs -* Adding explanation for metricsProvider.enabled - -## 2.3.21 - -* Fix additional default values in `values.yaml` to prevent errors with Helm 2.x - -## 2.3.20 - -* Fix process-agent <> system-probe communication - -## 2.3.19 - -* Fix the container-trace-agent.yaml template creates invalid yaml when `useSocketVolume` is enabled. - -## 2.3.18 - -* Support arguments in the cluster-agent container `command` value - -## 2.3.17 - -* grammar edits to datadog helm docs! -* Typo in log config - -## 2.3.16 - -* Add parameter `clusterChecksRunner.rbac.serviceAccountAnnotations` for specifying annotations for dedicated ServiceAccount for Cluster Checks runners. -* Add parameters `clusterChecksRunner.volumes` and `clusterChecksRunner.volumeMounts` that can be used for providing a secret backend to Cluster Checks runners. - -## 2.3.15 - -* Mount kernel headers in system-probe container -* Fix the mount of the `system-probe` socket in core agent -* Add parameters to enable eBPF based checks - -## 2.3.14 - -* Allow overriding the `command` to run in the cluster-agent container - -## 2.3.13 - -* Use two distinct health endpoints for liveness and readiness probes. - -## 2.3.12 - -* Fix endpoints checks scheduling between agent and cluster check runners -* Cluster Check Runner now runs without s6 (similar to other agents) - -## 2.3.11 - -* Bump the default version of the agent docker images - -## 2.3.10 - -* Add dnsConfig options to all containers - -## 2.3.9 - -* Add `clusterAgent.podLabels` variable to add labels to the Cluster Agent Pod(s) - -## 2.3.8 - -* Fix templating errors when `clusterAgent.datadog_cluster_yaml` is being used. - -## 2.3.7 - -* Fix an agent warning at startup because of a deprecated parameter - -## 2.3.6 - -* Add `affinity` parameter in `values.yaml` for cluster agent deployment - -## 2.3.5 - -* Add `DD_AC_INCLUDE` and `DD_AC_EXCLUDE` to all containers -* Add "Unix Domain Socket" support in trace-agent -* Add new parameter to specify the dogstatsd socket path on the host -* Fix typos in values.yaml -* Update "tags:" example in values.yaml -* Add "rate_limit_queries_*" in the datadog.cluster-agent prometheus check configuration - -## 2.3.4 - -* Fix default values in `values.yaml` to prevent warnings with Helm 2.x - -## 2.3.3 - -* Allow pre-release versions as docker image tag - -## 2.3.2 - -* Update the DCA RBAC to allow it to create events in the HPA - -## 2.3.1 - -* Update the example for `datadog.securityContext` - -## 2.3.0 - -* Mount the directory containing the CRI socket instead of the socket itself - This is to handle the cases where the docker daemon is restarted. - In this case, the docker daemon will recreate its docker socket and, - if the container bind-mounted directly the socket, the container would - still have access to the old socket instead of the one of the new docker - daemon. - ⚠ This version of the chart requires an agent image 7.19.0 or more recent - -## 2.2.12 - -* Adding resources for `system-probe` init container - -## 2.2.11 - -* Add documentations around secret management in the datadog helm chart. It is to upstream - requested changes in the IBM charts repository: https://github.com/IBM/charts/pull/690#discussion_r411702458 -* update `kube-state-metrics` dependency -* uncomment every values.yaml parameters for IBM chart compliancy - -## 2.2.10 - -* Remove `kubeStateMetrics` section from `values.yaml` as not used anymore - -## 2.2.9 - -* Fixing variables description in README and Migration documentation (#22031) -* Avoid volumes mount conflict between `system-probe` and `logs` volumes in the `agent`. - -## 2.2.8 - -* Mount `system-probe` socket in `agent` container when system-probe is enabled - -## 2.2.7 - -* Add "Cluster-Agent" `Event` `create` RBAC permission - -## 2.2.6 - -* Ensure the `trace-agent` computes the same hostname as the core `agent`. - by giving it access to all the elements that might be used to compute the hostname: - the `DD_CLUSTER_NAME` environment variable and the docker socket. - -## 2.2.5 - -* Fix RBAC - -## 2.2.4 - -* Move several EnvVars to `common-env-vars` to be accessible by the `trace-agent` #21991. -* Fix discrepancies migration-guide and readme reporded in #21806 and #21920. -* Fix EnvVars with integer value due to yaml. serialization, reported by #21853. -* Fix .Values.datadog.tags encoding, reported by #21663. -* Add Checksum to `xxx-cluster-agent-config` config map, reported by #21622 and contribution #21656. - -## 2.2.3 - -* Fix `datadog.dockerOrCriSocketPath` helper #21992 - -## 2.2.2 - -* Fix indentation for `clusterAgent.volumes`. - -## 2.2.1 - -* Updating `agents.useConfigMap` and `agents.customAgentConfig` parameter descriptions in the chart and main readme. - -## 2.2.0 - -* Add Windows support -* Update documentation to reflect some changes that were made default -* Enable endpoint checks by default in DCA/Agent - -## 2.1.2 - -* Fixed a bug where `DD_LEADER_ELECTION` was not set in the config init container, leading to a failure to adapt -config to this environment variable. - -## 2.1.1 - -* Add option to enable WPA in the Cluster Agent. - -## 2.1.0 - -* Changed the default for `processAgent.enabled` to `true`. - -## 2.0.14 - -* Fixed a bug where the `trace-agent` runs in the same container as `dd-agent` - -## 2.0.13 - -* Fix `system-probe` startup on latest versions of containerd. - Here is the error that this change fixes: - ``` State: Waiting - Reason: CrashLoopBackOff - Last State: Terminated - Reason: StartError - Message: failed to create containerd task: OCI runtime create failed: container_linux.go:349: starting container process caused "close exec fds: ensure /proc/self/fd is on procfs: operation not permitted": unknown - Exit Code: 128 - ``` - -## 2.0.11 - -* Add missing syscalls in the `system-probe` seccomp profile - -## 2.0.10 - -* Do not enable the `cri` check when running on a `docker` setup. - -## 2.0.7 - -* Pass expected `DD_DOGSTATSD_PORT` to datadog-agent rather than invalid `DD_DOGSTATD_PORT` - -## 2.0.6 - -* Introduces `procesAgent.processCollection` to correctly configure `DD_PROCESS_AGENT_ENABLED` for the process agent. - -## 2.0.5 - -* Honor the `datadog.env` parameter in all containers. - -## 2.0.4 - -* Honor the image pull policy in init containers. -* Pass the `DD_CRI_SOCKET_PATH` environment variable to the config init container so that it can adapt the agent config based on the CRI. - -## 2.0.3 - -* Fix templating error when `agents.useConfigMap` is set to true. -* Add DD\_APM\_ENABLED environment variable to trace agent container. - -## 2.0.2 - -* Revert the docker socket path inside the agent container to its standard location to fix #21223. - -## 2.0.1 - -* Add parameters `datadog.logs.enabled` and `datadog.logs.containerCollectAll` to replace `datadog.logsEnabled` and `datadog.logsConfigContainerCollectAll`. -* Update the migration document link in the `Readme.md`. - -### 2.0.0 - -* Remove Datadog agent deployment configuration. -* Cleanup resources labels, to fit with recommended labels. -* Cleanup useless or unused values parameters. -* each component have its own RBAC configuration (create,configuration). -* container runtime socket update values configuration simplification. -* `nameOverride` `fullnameOverride` is now optional in values.yaml. diff --git a/charts/datadog/datadog/2.4.200+up2.4.2/Chart.yaml b/charts/datadog/datadog/2.4.200+up2.4.2/Chart.yaml deleted file mode 100644 index 189952316..000000000 --- a/charts/datadog/datadog/2.4.200+up2.4.2/Chart.yaml +++ /dev/null @@ -1,20 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: datadog -apiVersion: v1 -appVersion: "7" -description: Datadog Agent -home: https://www.datadoghq.com -icon: https://datadog-live.imgix.net/img/dd_logo_70x75.png -keywords: -- monitoring -- alerting -- metric -maintainers: -- email: support@datadoghq.com - name: Datadog -name: datadog -sources: -- https://app.datadoghq.com/account/settings#agent/kubernetes -- https://github.com/DataDog/datadog-agent -version: 2.4.200+up2.4.2 diff --git a/charts/datadog/datadog/2.4.200+up2.4.2/README.md b/charts/datadog/datadog/2.4.200+up2.4.2/README.md deleted file mode 100644 index d36ee5f2e..000000000 --- a/charts/datadog/datadog/2.4.200+up2.4.2/README.md +++ /dev/null @@ -1,481 +0,0 @@ -# Datadog - -[Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/kubernetes/charts/tree/master/stable/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). - -Datadog [offers two variants](https://hub.docker.com/r/datadog/agent/tags/), switch to a `-jmx` tag if you need to run JMX/java integrations. The chart also supports running [the standalone dogstatsd image](https://hub.docker.com/r/datadog/dogstatsd/tags/). - -See the [Datadog JMX integration](https://docs.datadoghq.com/integrations/java/) to learn more. - -## How to use Datadog Helm repository - -You need to add this repository to your Helm repositories: - -``` -helm repo add datadog https://helm.datadoghq.com -helm repo update -``` - -## Prerequisites - -Kubernetes 1.4+ or OpenShift 3.4+, note that: - -- the Datadog Agent supports Kubernetes 1.4+ -- The Datadog chart's defaults are tailored to Kubernetes 1.7.6+, see [Datadog Agent legacy Kubernetes versions documentation](https://github.com/DataDog/datadog-agent/tree/master/Dockerfiles/agent#legacy-kubernetes-versions) for adjustments you might need to make for older versions - -## Quick start - -By default, the Datadog Agent runs in a DaemonSet. It can alternatively run inside a Deployment for special use cases. - -**Note:** simultaneous DaemonSet + Deployment installation within a single release will be deprecated in a future version, requiring two releases to achieve this. - -### Installing the Datadog Chart - -To install the chart with the release name ``, retrieve your Datadog API key from your [Agent Installation Instructions](https://app.datadoghq.com/account/settings#agent/kubernetes) and run: - -```bash -helm install --name \ - --set datadog.apiKey= datadog/datadog -``` - -By default, this Chart creates a Secret and puts an API key in that Secret. -However, you can use manually created secret by setting the `datadog.apiKeyExistingSecret` value. After a few minutes, you should see hosts and metrics being reported in Datadog. - -#### Create and provide a secret that contains your Datadog API Key - -To create a secret that contains your Datadog API key, replace the below with the API key for your organization. This secret is used in the manifest to deploy the Datadog Agent. - -```bash -DATADOG_SECRET_NAME=datadog-secret -kubectl create secret generic $DATADOG_SECRET_NAME --from-literal api-key="" --namespace="default" -``` - -**Note**: This creates a secret in the default namespace. If you are in a custom namespace, update the namespace parameter of the command before running it. - -Now, the installation command contains the reference to the secret. - -```bash -helm install --name \ - --set datadog.apiKeyExistingSecret=$DATADOG_SECRET_NAME datadog/datadog -``` - -**Note**: Provide a secret for the application key (AppKey) using the `datadog.appKeyExistingSecret` chart variable. - -### Enabling the Datadog Cluster Agent - -Read about the Datadog Cluster Agent in the [official documentation](https://docs.datadoghq.com/agent/kubernetes/cluster/). - -Run the following if you want to deploy the chart with the Datadog Cluster Agent: - -```bash -helm install --name datadog-monitoring \ - --set datadog.apiKey= \ - --set datadog.appKey= \ - --set clusterAgent.enabled=true \ - --set clusterAgent.metricsProvider.enabled=true \ - datadog/datadog -``` - -**Note**: Specifying `clusterAgent.metricsProvider.enabled=true` enables the External Metrics Server. -If you want to learn to use this feature, you can check out this [Datadog Cluster Agent walkthrough](https://github.com/DataDog/datadog-agent/blob/master/docs/cluster-agent/CUSTOM_METRICS_SERVER.md). - -The Leader Election is enabled by default in the chart for the Cluster Agent. Only the Cluster Agent(s) participate in the election, in case you have several replicas configured (using `clusterAgent.replicas`. - -#### Cluster Agent Token - -You can specify the Datadog Cluster Agent token used to secure the communication between the Cluster Agent(s) and the Agents with `clusterAgent.token`. - -**If you don't specify a token, a random one is generated at each deployment so you must use `--recreate-pods` to ensure all pod use the same token.** see[Datadog Chart notes](https://github.com/helm/charts/blob/57d3030941ad2ec2d6f97c86afdf36666658a884/datadog/datadog/templates/NOTES.txt#L49-L59) to learn more. - -### Upgrading - -#### From 1.x to 2.x - -⚠️ Migrating from 1.x to 2.x requires a manual action. - -The `datadog` chart has been refactored to regroup the `values.yaml` parameters in a more logical way. -Please follow the [migration guide](https://github.com/helm/charts/blob/master/datadog/datadog/docs/Migration_1.x_to_2.x.md) to update you `values.yaml` file. - -#### From 1.19.0 onwards - -Version `1.19.0` introduces the use of release name as full name if it contains the chart name(`datadog` in this case). -E.g. with a release name of `datadog`, this renames the `DaemonSet` from `datadog-datadog` to `datadog`. -The suggested approach is to delete the release and reinstall it. - -#### From 1.0.0 onwards - -Starting with version 1.0.0, this chart does not support deploying Agent 5.x anymore. If you cannot upgrade to Agent 6.x or later, you can use a previous version of the chart by calling helm install with `--version 0.18.0`. - -See [0.18.1's README](https://github.com/helm/charts/blob/847f737479bb78d89f8fb650db25627558fbe1f0/datadog/datadog/README.md) to see which options were supported at the time. - -### Uninstalling the Chart - -To uninstall/delete the `` deployment: - -```bash -helm delete --purge -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Configuration - -As a best practice, a YAML file that specifies the values for the chart parameters should be provided to configure the chart: - -1. **Copy the default [`datadog-values.yaml`](values.yaml) value file.** -2. Set the `apiKey` parameter with your [Datadog API key](https://app.datadoghq.com/account/settings#api). -3. Upgrade the Datadog Helm chart with the new `datadog-values.yaml` file: - -```bash -helm upgrade -f datadog-values.yaml datadog/datadog --recreate-pods -``` - -See the [All configuration options](#all-configuration-options) section to discover all possibilities offered by the Datadog chart. - -### Enabling Log Collection - -Update your [datadog-values.yaml](values.yaml) file with the following log collection configuration: - -```yaml -datadog: - # (...) - logs: - enabled: true - containerCollectAll: true -``` - -then upgrade your Datadog Helm chart: - -```bash -helm upgrade -f datadog-values.yaml datadog/datadog --recreate-pods -``` - -### Enabling Process Collection - -Update your [datadog-values.yaml](values.yaml) file with the process collection configuration: - -```yaml -datadog: - # (...) - processAgent: - enabled: true - processCollection: true -``` - -then upgrade your Datadog Helm chart: - -```bash -helm upgrade -f datadog-values.yaml datadog/datadog --recreate-pods -``` - -### Enabling System Probe Collection - -The system-probe agent only runs in dedicated container environment. Update your [datadog-values.yaml](values.yaml) file with the system-probe collection configuration: - -```yaml -datadog: - # (...) - systemProbe: - # (...) - enabled: true - -# (...) -``` - -then upgrade your Datadog Helm chart: - -```bash -helm upgrade -f datadog-values.yaml datadog/datadog --recreate-pods -``` - -### Kubernetes event collection - -Use the [Datadog Cluster Agent](#enabling-the-datadog-cluster-agent) to collect Kubernetes events. Please read [the official documentation](https://docs.datadoghq.com/agent/kubernetes/event_collection/) for more context. - -Alternatively set the `datadog.leaderElection`, `datadog.collectEvents` and `rbac.create` options to `true` in order to enable Kubernetes event collection. - -### conf.d and checks.d - -The Datadog [entrypoint](https://github.com/DataDog/datadog-agent/blob/master/Dockerfiles/agent/entrypoint/89-copy-customfiles.sh) copies files with a `.yaml` extension found in `/conf.d` and files with `.py` extension in `/checks.d` to `/etc/datadog-agent/conf.d` and `/etc/datadog-agent/checks.d` respectively. - -The keys for `datadog.confd` and `datadog.checksd` should mirror the content found in their respective ConfigMaps. Update your [datadog-values.yaml](values.yaml) file with the check configurations: - -```yaml -datadog: - confd: - redisdb.yaml: |- - ad_identifiers: - - redis - - bitnami/redis - init_config: - instances: - - host: "%%host%%" - port: "%%port%%" - jmx.yaml: |- - ad_identifiers: - - openjdk - instance_config: - instances: - - host: "%%host%%" - port: "%%port_0%%" - redisdb.yaml: |- - init_config: - instances: - - host: "outside-k8s.example.com" - port: 6379 -``` - -then upgrade your Datadog Helm chart: - -```bash -helm upgrade -f datadog-values.yaml datadog/datadog --recreate-pods -``` - -For more details, please refer to [the documentation](https://docs.datadoghq.com/agent/kubernetes/integrations/). - -### Kubernetes Labels and Annotations - -To map Kubernetes node labels and pod labels and annotations to Datadog tags, provide a dictionary with kubernetes labels/annotations as keys and Datadog tags key as values in your [datadog-values.yaml](values.yaml) file: - -```yaml -nodeLabelsAsTags: - beta.kubernetes.io/instance-type: aws_instance_type - kubernetes.io/role: kube_role -``` - -```yaml -podAnnotationsAsTags: - iam.amazonaws.com/role: kube_iamrole -``` - -```yaml -podLabelsAsTags: - app: kube_app - release: helm_release -``` - -then upgrade your Datadog Helm chart: - -```bash -helm upgrade -f datadog-values.yaml datadog/datadog --recreate-pods -``` - -### CRI integration - -As of the version 6.6.0, the Datadog Agent supports collecting metrics from any container runtime interface used in your cluster. Configure the location path of the socket with `datadog.criSocketPath`; default is the Docker container runtime socket. To deactivate this support, you just need to unset the `datadog.criSocketPath` setting. -Standard paths are: - -- Docker socket: `/var/run/docker.sock` -- Containerd socket: `/var/run/containerd/containerd.sock` -- Cri-o socket: `/var/run/crio/crio.sock` - -## All configuration options - -The following table lists the configurable parameters of the Datadog chart and their default values. Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```bash -helm install --name \ - --set datadog.apiKey=,datadog.logLevel=DEBUG \ - datadog/datadog -``` - -| Parameter | Description | Default | -|--------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------| -| `targetSystem` | Target OS of this installation (supported: `linux`, `windows`) | `linux` | -| `datadog.apiKey` | Your Datadog API key | `nil` You must provide your own key | -| `datadog.apiKeyExistingSecret` | If set, use the secret with a provided name instead of creating a new one | `nil` | -| `datadog.appKey` | Datadog APP key required to use metricsProvider | `nil` You must provide your own key | -| `datadog.appKeyExistingSecret` | If set, use the secret with a provided name instead of creating a new one | `nil` | -| `agents.image.repository` | The image repository to pull from | `datadog/agent` | -| `agents.image.tag` | The image tag to pull | `7.19.0` | -| `agents.image.doNotCheckTag` | By default, the helm chart will check that the version provided in `agents.image.tag` is superior to the minimal version requested by the chart. If `doNotCheckTag` is explicitly set to `true`, this check is skipped. This is useful for custom tags that are not respecting semantic versioning. | `false` | -| `agents.image.pullPolicy` | Image pull policy | `IfNotPresent` | -| `agents.image.pullSecrets` | Image pull secrets | `nil` | -| `nameOverride` | Override name of app | `""` | -| `fullnameOverride` | Override full name of app | `""` | -| `agents.rbac.create` | If true, create & use RBAC resources | `true` | -| `agents.rbac.serviceAccountName` | existing ServiceAccount to use (ignored if rbac.create=true) | `default` | -| `datadog.site` | Site ('datadoghq.com' or 'datadoghq.eu') | `nil` | -| `datadog.dd_url` | Datadog intake server | `nil` | -| `datadog.env` | Additional Datadog environment variables | `nil` | -| `datadog.logLevel` | Agent log verbosity (possible values: trace, debug, info, warn, error, critical, and off) | `INFO` | -| `datadog.logs.enabled` | Enable log collection | `nil` | -| `datadog.logs.containerCollectAll` | Collect logs from all containers | `nil` | -| `datadog.logs.containerCollectUsingFiles` | Collect container logs from files on disk instead of container runtime API | `true` | -| `datadog.apm.enabled` | Enable tracing from the host | `false` | -| `datadog.apm.port` | Used to override the default agent APM Port | `8126` | -| `datadog.apm.useSocketVolume` | Enable APM over Unix Domain Socket | `False` | -| `datadog.apm.socketPath` | Custom path to the socket, has to be located in the `/var/run/datadog/` folder path | `/var/run/datadog/apm.socket` | -| `datadog.apm.hostPath` | host directory that contains the trace-agent socket path | `/var/run/datadog/` | -| `datadog.clusterChecks.enabled` | Enable Cluster Checks on both the Cluster Agent and the Agent daemonset | `false` | -| `datadog.processAgent.enabled` | Enable live process and container monitoring agent. Possible values: `true` enable process-agent, `false` disable process-agent | `true` | -| `datadog.processAgent.processCollection` | Enable live process collection. Possible values: `true` enable process collection, `false` disable process collection | `false` | -| `datadog.checksd` | Additional custom checks as python code | `nil` | -| `datadog.confd` | Additional check configurations (static and Autodiscovery) | `nil` | -| `datadog.dockerSocketPath` | Path to the docker socket | `/var/run/docker.sock` | -| `datadog.criSocketPath` | Path to the container runtime socket (default is Docker runtime) | `nil` | -| `datadog.tags` | Set host tags | `nil` | -| `datadog.dogstatsd.originDetection` | Enable origin detection for container tagging | `False` | -| `datadog.dogstatsd.port` | Used to override the default agent DogStatsD Port | `8125` | -| `datadog.dogstatsd.useHostPID` | If true, use the host's PID namespace | `nil` | -| `datadog.dogstatsd.useHostPort` | If true, use the same ports for both host and container | `nil` | -| `datadog.dogstatsd.nonLocalTraffic` | Enable statsd reporting from any external ip | `False` | -| `datadog.dogstatsd.useSocketVolume` | Enable dogstatsd over Unix Domain Socket | `False` | -| `datadog.dogstatsd.socketPath` | Custom path to the socket, has to be located in the `/var/run/datadog/` folder path | `/var/run/datadog/dsd.socket` | -| `datadog.dogstatsd.hostPath` | host directory that contains the dogstatsd socket | `/var/run/datadog/` | -| `datadog.nodeLabelsAsTags` | Kubernetes Node Labels to Datadog Tags mapping | `nil` | -| `datadog.podAnnotationsAsTags` | Kubernetes Annotations to Datadog Tags mapping | `nil` | -| `datadog.podLabelsAsTags` | Kubernetes Labels to Datadog Tags mapping | `nil` | -| `datadog.securityContext` | Allows you to overwrite the default securityContext applied to the container | `nil` | -| `datadog.acInclude` | (Deprecated) Include containers based on image name | `nil` | -| `datadog.acExclude` | (Deprecated) Exclude containers based on image name | `nil` | -| `datadog.containerInclude` | Include containers based on image name, container name or kubernetes namespace | `nil` | -| `datadog.containerExclude` | Exclude containers based on image name, container name or kubernetes namespace | `nil` | -| `datadog.containerIncludeMetrics` | Include containers for metrics collection based on image name, container name or kubernetes namespace | `nil` | -| `datadog.containerExcludeMetrics` | Exclude containers from metrics based on image name, container name or kubernetes namespace | `nil` | -| `datadog.containerIncludeLogs` | Include containers for logs collection based on image name, container name or kubernetes namespace | `nil` | -| `datadog.containerExcludeLogs` | Exclude containers from logs based on image name, container name or kubernetes namespace | `nil` | -| `datadog.systemProbe.enabled` | enable system probe collection | `false` | -| `datadog.systemProbe.seccomp` | Apply an ad-hoc seccomp profile to system-probe to restrict its privileges | `localhost/system-probe` | -| `datadog.systemProbe.seccompRoot` | Seccomp root directory for system-probe | `/var/lib/kubelet/seccomp` | -| `datadog.systemProbe.debugPort` | The port to expose pprof and expvar for system-probe agent, it is not enabled if the value is set to 0 | `0` | -| `datadog.systemProbe.enableConntrack` | If true, system-probe connects to the netlink/conntrack subsystem to add NAT information to connection data. Ref: http://conntrack-tools.netfilter.org/ | `true` | -| `datadog.systemProbe.bpfDebug` | If true, system-probe writes debug logs to /sys/kernel/debug/tracing/trace_pipe | `false` | -| `datadog.systemProbe.apparmor` | Apparmor profile for system-probe | `unconfined` | -| `datadog.systemProbe.enableTCPQueueLength` | Enable the TCP queue length eBPF-based check | `false` | -| `datadog.systemProbe.enableOOMKill` | Enable the OOM kill eBPF-based check | `false` | -| `datadog.orchestratorExplorer.enabled` | Enable the Orchestrator Explorer data collection | `false` | -| `agents.podAnnotations` | Annotations to add to the DaemonSet's Pods | `nil` | -| `agents.podLabels` | labels to add to each pod | `nil` | -| `agents.tolerations` | List of node taints to tolerate (requires Kubernetes >= 1.6) | `nil` | -| `agents.nodeSelector` | Node selectors | `nil` | -| `agents.affinity` | Node affinities | `nil` | -| `agents.useHostNetwork` | If true, use the host's network | `nil` | -| `agents.dnsConfig` | If set, configure dnsConfig options in datadog agent containers | `nil` | -| `agents.containers.agent.env` | Additional list of environment variables to use in the agent container | `nil` | -| `agents.containers.agent.logLevel` | Agent log verbosity | `INFO` | -| `agents.containers.agent.resources.limits.cpu` | CPU resource limits for the agent container | not set | -| `agents.containers.agent.resources.requests.cpu` | CPU resource requests for the agent container | not set | -| `agents.containers.agent.resources.limits.memory` | Memory resource limits for the agent container | not set | -| `agents.containers.agent.resources.requests.memory` | Memory resource requests for the agent container | not set | -| `agents.containers.agent.livenessProbe` | Overrides the default liveness probe | http check on /live with port 5555 | -| `agents.containers.agent.readinessProbe` | Overrides the default readiness probe | http check on /ready with port 5555 | -| `agents.containers.processAgent.env` | Additional list of environment variables to use in the process-agent container | `nil` | -| `agents.containers.processAgent.logLevel` | Process agent log verbosity | `INFO` | -| `agents.containers.processAgent.resources.limits.cpu` | CPU resource limits for the process-agent container | `100m` | -| `agents.containers.processAgent.resources.requests.cpu` | CPU resource requests for the process-agent container | `100m` | -| `agents.containers.processAgent.resources.limits.memory` | Memory resource limits for the process-agent container | `200Mi` | -| `agents.containers.processAgent.resources.requests.memory` | Memory resource requests for the process-agent container | `200Mi` | -| `agents.containers.traceAgent.env` | Additional list of environment variables to use in the trace-agent container | `nil` | -| `agents.containers.traceAgent.logLevel` | Trace agent log verbosity | `INFO` | -| `agents.containers.traceAgent.resources.limits.cpu` | CPU resource limits for the trace-agent container | `100m` | -| `agents.containers.traceAgent.resources.requests.cpu` | CPU resource requests for the trace-agent container | `100m` | -| `agents.containers.traceAgent.resources.limits.memory` | Memory resource limits for the trace-agent container | `200Mi` | -| `agents.containers.traceAgent.resources.requests.memory` | Memory resource requests for the trace-agent container | `200Mi` | -| `agents.containers.systemProbe.env` | Additional list of environment variables to use in the system-probe container | `nil` | -| `agents.containers.systemProbe.logLevel` | System probe log verbosity | `INFO` | -| `agents.containers.systemProbe.resources.limits.cpu` | CPU resource limits for the system-probe container | `100m` | -| `agents.containers.systemProbe.resources.requests.cpu` | CPU resource requests for the system-probe container | `100m` | -| `agents.containers.systemProbe.resources.limits.memory` | Memory resource limits for the system-probe container | `200Mi` | -| `agents.containers.systemProbe.resources.requests.memory` | Memory resource requests for the system-probe container | `200Mi` | -| `agents.containers.initContainers.resources.limits.cpu` | CPU resource limits for the init containers container | not set | -| `agents.containers.initContainers.resources.requests.cpu` | CPU resource requests for the init containers container | not set | -| `agents.containers.initContainers.resources.limits.memory` | Memory resource limits for the init containers container | not set | -| `agents.containers.initContainers.resources.requests.memory` | Memory resource requests for the init containers container | not set | -| `agents.priorityClassName` | Which Priority Class to associate with the daemonset | `nil` | -| `agents.useConfigMap` | Configures a configmap to provide the agent configuration. Use this in combination with the `agent.customAgentConfig` parameter. | `false` | -| `agents.customAgentConfig` | Specify custom contents for the datadog agent config (datadog.yaml). Note the `agents.useConfigMap` parameter needs to be set to `true` for this parameter to be taken into account. | `{}` | -| `agents.updateStrategy` | Which update strategy to deploy the daemonset | RollingUpdate with 10% maxUnavailable | -| `agents.volumes` | Additional volumes for the daemonset or deployment | `nil` | -| `agents.volumeMounts` | Additional volumeMounts for the daemonset or deployment | `nil` | -| `agents.podSecurity.podSecurityPolicy.create` | If true, create a PodSecurityPolicy resource for the Agent's Pods. Supported only for Linux agent's daemonset. | `False` | -| `agents.podSecurity.securityContextConstraints.create` | If true, create a SecurityContextConstraints resource for the Agent's Pods. Supported only for Linux agent's daemonset. | `False` | -| `datadog.podSecurity.securityContext` | Allows you to overwrite the default securityContext applied to the container | default security context configuration | -| `agents.podSecurity.privileged` | If true, allowed privileged containers | `False` | -| `agents.podSecurity.capabilites` | list of allowed capabilities | `[SYS_ADMIN, SYS_RESOURCE, SYS_ADMIN, IPC_LOCK]` | -| `agents.podSecurity.volumes` | list of allowed volumes types | `[configMap,downwardAPI,emptyDir,ostPath,secret]` | -| `agents.podSecurity.seccompProfiles` | List of allowed seccomp profiles | `["*"]` | -| `agents.podSecurity.apparmorProfiles` | List of allowed apparmor profiles | `["*"]` | -| `datadog.leaderElection` | Enable the leader Election feature | `false` | -| `datadog.leaderLeaseDuration` | The duration for which a leader stays elected. | 60 sec, 15 if Cluster Checks enabled | -| `datadog.collectEvents` | Enable Kubernetes event collection. Requires leader election. | `false` | -| `datadog.kubeStateMetricsEnabled` | If true, create kube-state-metrics | `true` | -| `clusterAgent.enabled` | Use the cluster-agent for cluster metrics (Kubernetes 1.10+ only) | `false` | -| `clusterAgent.token` | A cluster-internal secret for agent-to-agent communication. Must be 32+ characters a-zA-Z | Generates a random value | -| `clusterAgent.tokenExistingSecret` | If set, use the secret with a provided name instead of creating a new one | `nil` | -| `clusterAgent.image.repository` | The image repository for the cluster-agent | `datadog/cluster-agent` | -| `clusterAgent.image.tag` | The image tag to pull | `1.2.0` | -| `clusterAgent.image.pullPolicy` | Image pull policy | `IfNotPresent` | -| `clusterAgent.image.pullSecrets` | Image pull secrets | `nil` | -| `clusterAgent.command` | Override the default command to run in the container | `nil` | -| `clusterAgent.rbac.create` | If true, create & use RBAC resources for cluster agent's pods | `true` | -| `clusterAgent.rbac.serviceAccount` | existing ServiceAccount to use (ignored if rbac.create=true) for cluster agent's pods | `default` | -| `clusterAgent.metricsProvider.enabled` | Enable Datadog metrics as a source for HPA scaling | `false` | -| `clusterAgent.metricsProvider.service.type` | The type of service to use for the clusterAgent metrics server | `ClusterIP` | -| `clusterAgent.metricsProvider.service.port` | The port for service to use for the clusterAgent metrics server (Kubernetes >= 1.15) | `8443` | -| `clusterAgent.metricsProvider.wpaController` | Allows metricsProvider to work with WatermarkPodAutoscaler (requires WPA CRD) | `false` | -| `clusterAgent.metricsProvider.useDatadogMetrics` | Enable usage of DatadogMetric CRD to autoscale on arbitrary Datadog queries (requires DatadogMetric CRD) | `false` | -| `clusterAgent.metricsProvider.createReaderRbac` | Create `external-metrics-reader` RBAC automatically (to allow HPA to read data from Cluster Agent) | `true` | -| `clusterAgent.env` | Additional Datadog environment variables for the cluster-agent | `nil` | -| `clusterAgent.confd` | Additional check configurations (static and Autodiscovery) | `nil` | -| `clusterAgent.podAnnotations` | Annotations to add to the Cluster Agent Pod(s) | `nil` | -| `clusterAgent.podLabels` | Labels to add to the Cluster Agent Pod(s) | `nil` | -| `clusterAgent.createPodDisruptionBudget` | Enable a pod disruption budget to apply to the Cluster Agent pods | `false` | -| `clusterAgent.priorityClassName` | Name of the priorityClass to apply to the Cluster Agent | `nil` | -| `clusterAgent.nodeSelector` | Node selectors to apply to the Cluster Agent deployment | `nil` | -| `clusterAgent.affinity` | Node affinities to apply to the Cluster Agent deployment | `nil` | -| `clusterAgent.resources.requests.cpu` | CPU resource requests | not set | -| `clusterAgent.resources.limits.cpu` | CPU resource limits | not set | -| `clusterAgent.resources.requests.memory` | Memory resource requests | not set | -| `clusterAgent.resources.limits.memory` | Memory resource limits | not set | -| `clusterAgent.tolerations` | List of node taints to tolerate | `[]` | -| `clusterAgent.healthPort` | Overrides the default health port used by the liveness and readiness endpoint | `5555` | -| `clusterAgent.livenessProbe` | Overrides the default liveness probe | `http check on /live with port 5555` | -| `clusterAgent.readinessProbe` | Overrides the default readiness probe | `http check on /ready with port 5555` | -| `clusterAgent.strategy` | Which update strategy to deploy the cluster-agent | RollingUpdate with 0 maxUnavailable, 1 maxSurge | -| `clusterAgent.useHostNetwork` | If true, use the host's network | `nil` | -| `clusterAgent.dnsConfig` | If set, configure dnsConfig options in datadog cluster agent containers | `nil` | -| `clusterAgent.volumes` | Additional volumes for the cluster-agent deployment | `nil` | -| `clusterAgent.volumeMounts` | Additional volumeMounts for the cluster-agent deployment | `nil` | -| `clusterChecksRunner.enabled` | Enable Datadog agent deployment dedicated for running Cluster Checks. It allows having different resources (Request/Limit) for Cluster Checks agent pods. | `false` | -| `clusterChecksRunner.env` | Additional Datadog environment variables for Cluster Checks Deployment | `nil` | -| `clusterChecksRunner.createPodDisruptionBudget` | Enable a pod disruption budget to apply to the Cluster Checks pods | `false` | -| `clusterChecksRunner.resources.requests.cpu` | CPU resource requests | not set | -| `clusterChecksRunner.resources.limits.cpu` | CPU resource limits | not set | -| `clusterChecksRunner.resources.requests.memory` | Memory resource requests | not set | -| `clusterChecksRunner.resources.limits.memory` | Memory resource limits | not set | -| `clusterChecksRunner.nodeSelector` | Node selectors | `nil` | -| `clusterChecksRunner.tolerations` | List of node taints to tolerate | `nil` | -| `clusterChecksRunner.affinity` | Node affinities | avoid running pods on the same node | -| `clusterChecksRunner.livenessProbe` | Overrides the default liveness probe | http check on /live with port 5555 | -| `clusterChecksRunner.readinessProbe` | Overrides the default readiness probe | http check on /ready with port 5555 | -| `clusterChecksRunner.rbac.create` | If true, create & use RBAC resources for clusterchecks agent's pods | `true` | -| `clusterChecksRunner.rbac.dedicated` | If true, use dedicated RBAC resources for clusterchecks agent's pods | `false` | -| `clusterChecksRunner.rbac.serviceAccount` | existing ServiceAccount to use (ignored if rbac.create=true) for clusterchecks agent's pods | `default` | -| `clusterChecksRunner.rbac.serviceAccountAnnotations` | Annotations to add to the ServiceAccount if `clusterChecksRunner.rbac.dedicated` is `true` | `{}` | -| `clusterChecksRunner.strategy` | Which update strategy to deploy the Cluster Checks Deployment | RollingUpdate with 0 maxUnavailable, 1 maxSurge | -| `clusterChecksRunner.volumes` | Additional volumes for the Cluster Checks deployment | `nil` | -| `clusterChecksRunner.volumeMounts` | Additional volumeMounts for the Cluster Checks deployment | `nil` | -| `clusterChecksRunner.dnsConfig` | If set, configure dnsConfig options in datadog cluster agent clusterChecks containers | `nil` | -| `kube-state-metrics.rbac.create` | If true, create & use RBAC resources for kube-state-metrics | `true` | -| `kube-state-metrics.serviceAccount.create` | If true, create & use serviceAccount | `true` | -| `kube-state-metrics.serviceAccount.name` | If not set & create is true, use template fullname | | -| `kube-state-metrics.resources` | Overwrite the default kube-state-metrics container resources (Optional) | | - -## Configuration options for Windows deployments - -Some options above are not working/not available on Windows, here is the list of **unsupported** options: - -| Parameter | Reason | -|------------------------------------------|--------------------------------------------------| -| `datadog.dogstatsd.useHostPID` | Host PID not supported by Windows Containers | -| `datadog.dogstatsd.useSocketVolume` | Unix sockets not supported on Windows | -| `datadog.dogstatsd.socketPath` | Unix sockets not supported on Windows | -| `datadog.processAgent.processCollection` | Unable to access host/other containers processes | -| `datadog.systemProbe.enabled` | System probe is not available for Windows | -| `datadog.systemProbe.seccomp` | System probe is not available for Windows | -| `datadog.systemProbe.seccompRoot` | System probe is not available for Windows | -| `datadog.systemProbe.debugPort` | System probe is not available for Windows | -| `datadog.systemProbe.enableConntrack` | System probe is not available for Windows | -| `datadog.systemProbe.bpfDebug` | System probe is not available for Windows | -| `datadog.systemProbe.apparmor` | System probe is not available for Windows | -| `agents.useHostNetwork` | Host network not supported by Windows Containers | diff --git a/charts/datadog/datadog/2.4.200+up2.4.2/app-readme.md b/charts/datadog/datadog/2.4.200+up2.4.2/app-readme.md deleted file mode 100644 index 4adcb1d9f..000000000 --- a/charts/datadog/datadog/2.4.200+up2.4.2/app-readme.md +++ /dev/null @@ -1,32 +0,0 @@ -# Datadog - -[Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/kubernetes/charts/tree/master/stable/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). - -Datadog [offers two variants](https://hub.docker.com/r/datadog/agent/tags/), switch to a `-jmx` tag if you need to run JMX/java integrations. The chart also supports running [the standalone dogstatsd image](https://hub.docker.com/r/datadog/dogstatsd/tags/). - -See the [Datadog JMX integration](https://docs.datadoghq.com/integrations/java/) to learn more. - -## Prerequisites - -Kubernetes 1.4+ or OpenShift 3.4+, note that: - -* the Datadog Agent supports Kubernetes 1.3+ -* The Datadog chart's defaults are tailored to Kubernetes 1.7.6+, see [Datadog Agent legacy Kubernetes versions documentation](https://github.com/DataDog/datadog-agent/tree/master/Dockerfiles/agent#legacy-kubernetes-versions) for adjustments you might need to make for older versions - -## Quick start - -By default, the Datadog Agent runs in a DaemonSet. It can alternatively run inside a Deployment for special use cases. - -**Note:** simultaneous DaemonSet + Deployment installation within a single release will be deprecated in a future version, requiring two releases to achieve this. - -### Installing the Datadog Chart - -To install the chart with the release name ``, retrieve your Datadog API key from your [Agent Installation Instructions](https://app.datadoghq.com/account/settings#agent/kubernetes) and run: - -```bash -helm install --name \ - --set datadog.apiKey= stable/datadog -``` - -By default, this Chart creates a Secret and puts an API key in that Secret. -However, you can use manually created secret by setting the `datadog.apiKeyExistingSecret` value. After a few minutes, you should see hosts and metrics being reported in Datadog. diff --git a/charts/datadog/datadog/2.4.200+up2.4.2/charts/kube-state-metrics/.helmignore b/charts/datadog/datadog/2.4.200+up2.4.2/charts/kube-state-metrics/.helmignore deleted file mode 100644 index f0c131944..000000000 --- a/charts/datadog/datadog/2.4.200+up2.4.2/charts/kube-state-metrics/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/datadog/datadog/2.4.200+up2.4.2/charts/kube-state-metrics/Chart.yaml b/charts/datadog/datadog/2.4.200+up2.4.2/charts/kube-state-metrics/Chart.yaml deleted file mode 100644 index 4ef688395..000000000 --- a/charts/datadog/datadog/2.4.200+up2.4.2/charts/kube-state-metrics/Chart.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v1 -appVersion: 1.9.7 -description: Install kube-state-metrics to generate and expose cluster-level metrics -home: https://github.com/kubernetes/kube-state-metrics/ -keywords: -- metric -- monitoring -- prometheus -- kubernetes -maintainers: -- email: jose@armesto.net - name: fiunchinho -- email: tariq.ibrahim@mulesoft.com - name: tariq1890 -- email: manuel@rueg.eu - name: mrueg -name: kube-state-metrics -sources: -- https://github.com/kubernetes/kube-state-metrics/ -version: 2.8.11 diff --git a/charts/datadog/datadog/2.4.200+up2.4.2/charts/kube-state-metrics/README.md b/charts/datadog/datadog/2.4.200+up2.4.2/charts/kube-state-metrics/README.md deleted file mode 100644 index 7d5cee525..000000000 --- a/charts/datadog/datadog/2.4.200+up2.4.2/charts/kube-state-metrics/README.md +++ /dev/null @@ -1,79 +0,0 @@ -# kube-state-metrics Helm Chart - -* Installs the [kube-state-metrics agent](https://github.com/kubernetes/kube-state-metrics). - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```bash -$ helm install stable/kube-state-metrics -``` - -## Configuration - -| Parameter | Description | Default | -|:---------------------------------------------|:--------------------------------------------------------------------------------------|:-------------------------------------------| -| `image.repository` | The image repository to pull from | `quay.io/coreos/kube-state-metrics` | -| `image.tag` | The image tag to pull from | `v1.9.7` | -| `image.pullPolicy` | Image pull policy | `IfNotPresent` | -| `imagePullSecrets` | List of container registry secrets | `[]` | -| `replicas` | Number of replicas | `1` | -| `autosharding.enabled` | Set to `true` to automatically shard data across `replicas` pods. EXPERIMENTAL | `false` | -| `service.port` | The port of the container | `8080` | -| `service.annotations` | Annotations to be added to the service | `{}` | -| `customLabels` | Custom labels to apply to service, deployment and pods | `{}` | -| `hostNetwork` | Whether or not to use the host network | `false` | -| `prometheusScrape` | Whether or not enable prom scrape | `true` | -| `rbac.create` | If true, create & use RBAC resources | `true` | -| `serviceAccount.create` | If true, create & use serviceAccount | `true` | -| `serviceAccount.name` | If not set & create is true, use template fullname | | -| `serviceAccount.imagePullSecrets` | Specify image pull secrets field | `[]` | -| `podSecurityPolicy.enabled` | If true, create & use PodSecurityPolicy resources. Note that related RBACs are created only if `rbac.enabled` is `true`. | `false` | -| `podSecurityPolicy.annotations` | Specify pod annotations in the pod security policy | `{}` | -| `podSecurityPolicy.additionalVolumes` | Specify allowed volumes in the pod security policy (`secret` is always allowed) | `[]` | -| `securityContext.enabled` | Enable security context | `true` | -| `securityContext.fsGroup` | Group ID for the filesystem | `65534` | -| `securityContext.runAsGroup` | Group ID for the container | `65534` | -| `securityContext.runAsUser` | User ID for the container | `65534` | -| `priorityClassName` | Name of Priority Class to assign pods | `nil` | -| `nodeSelector` | Node labels for pod assignment | `{}` | -| `affinity` | Affinity settings for pod assignment | `{}` | -| `tolerations` | Tolerations for pod assignment | `[]` | -| `podAnnotations` | Annotations to be added to the pod | `{}` | -| `podDisruptionBudget` | Optional PodDisruptionBudget | `{}` | -| `resources` | kube-state-metrics resource requests and limits | `{}` | -| `collectors.certificatesigningrequests` | Enable the certificatesigningrequests collector. | `true` | -| `collectors.configmaps` | Enable the configmaps collector. | `true` | -| `collectors.cronjobs` | Enable the cronjobs collector. | `true` | -| `collectors.daemonsets` | Enable the daemonsets collector. | `true` | -| `collectors.deployments` | Enable the deployments collector. | `true` | -| `collectors.endpoints` | Enable the endpoints collector. | `true` | -| `collectors.horizontalpodautoscalers` | Enable the horizontalpodautoscalers collector. | `true` | -| `collectors.ingresses` | Enable the ingresses collector. | `true` | -| `collectors.jobs` | Enable the jobs collector. | `true` | -| `collectors.limitranges` | Enable the limitranges collector. | `true` | -| `collectors.mutatingwebhookconfigurations` | Enable the mutatingwebhookconfigurations collector. | `true` | -| `collectors.namespaces` | Enable the namespaces collector. | `true` | -| `collectors.networkpolicies` | Enable the networkpolicies collector. | `true` | -| `collectors.nodes` | Enable the nodes collector. | `true` | -| `collectors.persistentvolumeclaims` | Enable the persistentvolumeclaims collector. | `true` | -| `collectors.persistentvolumes` | Enable the persistentvolumes collector. | `true` | -| `collectors.poddisruptionbudgets` | Enable the poddisruptionbudgets collector. | `true` | -| `collectors.pods` | Enable the pods collector. | `true` | -| `collectors.replicasets` | Enable the replicasets collector. | `true` | -| `collectors.replicationcontrollers` | Enable the replicationcontrollers collector. | `true` | -| `collectors.resourcequotas` | Enable the resourcequotas collector. | `true` | -| `collectors.secrets` | Enable the secrets collector. | `true` | -| `collectors.services` | Enable the services collector. | `true` | -| `collectors.statefulsets` | Enable the statefulsets collector. | `true` | -| `collectors.storageclasses` | Enable the storageclasses collector. | `true` | -| `collectors.validatingwebhookconfigurations` | Enable the validatingwebhookconfigurations collector. | `true` | -| `collectors.verticalpodautoscalers` | Enable the verticalpodautoscalers collector. | `true` | -| `collectors.volumeattachments` | Enable the volumeattachments collector. | `true` | -| `prometheus.monitor.enabled` | Set this to `true` to create ServiceMonitor for Prometheus operator | `false` | -| `prometheus.monitor.additionalLabels` | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus | `{}` | -| `prometheus.monitor.namespace` | Namespace where servicemonitor resource should be created | `the same namespace as kube-state-metrics` | -| `prometheus.monitor.honorLabels` | Honor metric labels | `false` | -| `namespaceOverride` | Override the deployment namespace | `""` (`Release.Namespace`) | -| `kubeTargetVersionOverride` | Override the k8s version of the target cluster | `""` | diff --git a/charts/datadog/datadog/2.4.200+up2.4.2/charts/kube-state-metrics/templates/NOTES.txt b/charts/datadog/datadog/2.4.200+up2.4.2/charts/kube-state-metrics/templates/NOTES.txt deleted file mode 100644 index 5a646e0cc..000000000 --- a/charts/datadog/datadog/2.4.200+up2.4.2/charts/kube-state-metrics/templates/NOTES.txt +++ /dev/null @@ -1,10 +0,0 @@ -kube-state-metrics is a simple service that listens to the Kubernetes API server and generates metrics about the state of the objects. -The exposed metrics can be found here: -https://github.com/kubernetes/kube-state-metrics/blob/master/docs/README.md#exposed-metrics - -The metrics are exported on the HTTP endpoint /metrics on the listening port. -In your case, {{ template "kube-state-metrics.fullname" . }}.{{ template "kube-state-metrics.namespace" . }}.svc.cluster.local:{{ .Values.service.port }}/metrics - -They are served either as plaintext or protobuf depending on the Accept header. -They are designed to be consumed either by Prometheus itself or by a scraper that is compatible with scraping a Prometheus client endpoint. - diff --git a/charts/datadog/datadog/2.4.200+up2.4.2/charts/kube-state-metrics/templates/_helpers.tpl b/charts/datadog/datadog/2.4.200+up2.4.2/charts/kube-state-metrics/templates/_helpers.tpl deleted file mode 100644 index 6ae0e647f..000000000 --- a/charts/datadog/datadog/2.4.200+up2.4.2/charts/kube-state-metrics/templates/_helpers.tpl +++ /dev/null @@ -1,47 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "kube-state-metrics.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "kube-state-metrics.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "kube-state-metrics.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "kube-state-metrics.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Allow the release namespace to be overridden for multi-namespace deployments in combined charts -*/}} -{{- define "kube-state-metrics.namespace" -}} - {{- if .Values.namespaceOverride -}} - {{- .Values.namespaceOverride -}} - {{- else -}} - {{- .Release.Namespace -}} - {{- end -}} -{{- end -}} diff --git a/charts/datadog/datadog/2.4.200+up2.4.2/charts/kube-state-metrics/templates/clusterrole.yaml b/charts/datadog/datadog/2.4.200+up2.4.2/charts/kube-state-metrics/templates/clusterrole.yaml deleted file mode 100644 index 319aec16c..000000000 --- a/charts/datadog/datadog/2.4.200+up2.4.2/charts/kube-state-metrics/templates/clusterrole.yaml +++ /dev/null @@ -1,180 +0,0 @@ -{{- if .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - name: {{ template "kube-state-metrics.fullname" . }} -rules: -{{ if .Values.collectors.certificatesigningrequests }} -- apiGroups: ["certificates.k8s.io"] - resources: - - certificatesigningrequests - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.configmaps }} -- apiGroups: [""] - resources: - - configmaps - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.cronjobs }} -- apiGroups: ["batch"] - resources: - - cronjobs - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.daemonsets }} -- apiGroups: ["extensions", "apps"] - resources: - - daemonsets - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.deployments }} -- apiGroups: ["extensions", "apps"] - resources: - - deployments - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.endpoints }} -- apiGroups: [""] - resources: - - endpoints - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.horizontalpodautoscalers }} -- apiGroups: ["autoscaling"] - resources: - - horizontalpodautoscalers - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.ingresses }} -- apiGroups: ["extensions", "networking.k8s.io"] - resources: - - ingresses - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.jobs }} -- apiGroups: ["batch"] - resources: - - jobs - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.limitranges }} -- apiGroups: [""] - resources: - - limitranges - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.mutatingwebhookconfigurations }} -- apiGroups: ["admissionregistration.k8s.io"] - resources: - - mutatingwebhookconfigurations - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.namespaces }} -- apiGroups: [""] - resources: - - namespaces - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.networkpolicies }} -- apiGroups: ["networking.k8s.io"] - resources: - - networkpolicies - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.nodes }} -- apiGroups: [""] - resources: - - nodes - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.persistentvolumeclaims }} -- apiGroups: [""] - resources: - - persistentvolumeclaims - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.persistentvolumes }} -- apiGroups: [""] - resources: - - persistentvolumes - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.poddisruptionbudgets }} -- apiGroups: ["policy"] - resources: - - poddisruptionbudgets - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.pods }} -- apiGroups: [""] - resources: - - pods - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.replicasets }} -- apiGroups: ["extensions", "apps"] - resources: - - replicasets - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.replicationcontrollers }} -- apiGroups: [""] - resources: - - replicationcontrollers - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.resourcequotas }} -- apiGroups: [""] - resources: - - resourcequotas - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.secrets }} -- apiGroups: [""] - resources: - - secrets - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.services }} -- apiGroups: [""] - resources: - - services - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.statefulsets }} -- apiGroups: ["apps"] - resources: - - statefulsets - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.storageclasses }} -- apiGroups: ["storage.k8s.io"] - resources: - - storageclasses - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.validatingwebhookconfigurations }} -- apiGroups: ["admissionregistration.k8s.io"] - resources: - - validatingwebhookconfigurations - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.volumeattachments }} -- apiGroups: ["storage.k8s.io"] - resources: - - volumeattachments - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.verticalpodautoscalers }} -- apiGroups: ["autoscaling.k8s.io"] - resources: - - verticalpodautoscalers - verbs: ["list", "watch"] -{{ end -}} -{{- end -}} diff --git a/charts/datadog/datadog/2.4.200+up2.4.2/charts/kube-state-metrics/templates/clusterrolebinding.yaml b/charts/datadog/datadog/2.4.200+up2.4.2/charts/kube-state-metrics/templates/clusterrolebinding.yaml deleted file mode 100644 index 4635985aa..000000000 --- a/charts/datadog/datadog/2.4.200+up2.4.2/charts/kube-state-metrics/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - name: {{ template "kube-state-metrics.fullname" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kube-state-metrics.fullname" . }} -subjects: -- kind: ServiceAccount - name: {{ template "kube-state-metrics.fullname" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} -{{- end -}} diff --git a/charts/datadog/datadog/2.4.200+up2.4.2/charts/kube-state-metrics/templates/deployment.yaml b/charts/datadog/datadog/2.4.200+up2.4.2/charts/kube-state-metrics/templates/deployment.yaml deleted file mode 100644 index 99656046c..000000000 --- a/charts/datadog/datadog/2.4.200+up2.4.2/charts/kube-state-metrics/templates/deployment.yaml +++ /dev/null @@ -1,191 +0,0 @@ -apiVersion: apps/v1 -{{- if .Values.autosharding.enabled }} -kind: StatefulSet -{{- else }} -kind: Deployment -{{- end }} -metadata: - name: {{ template "kube-state-metrics.fullname" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} - labels: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - app.kubernetes.io/instance: "{{ .Release.Name }}" - app.kubernetes.io/managed-by: "{{ .Release.Service }}" -{{- if .Values.customLabels }} -{{ toYaml .Values.customLabels | indent 4 }} -{{- end }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} - replicas: {{ .Values.replicas }} -{{- if .Values.autosharding.enabled }} - serviceName: {{ template "kube-state-metrics.fullname" . }} - volumeClaimTemplates: [] -{{- end }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} - app.kubernetes.io/instance: "{{ .Release.Name }}" -{{- if .Values.customLabels }} -{{ toYaml .Values.customLabels | indent 8 }} -{{- end }} -{{- if .Values.podAnnotations }} - annotations: -{{ toYaml .Values.podAnnotations | indent 8 }} -{{- end }} - spec: - hostNetwork: {{ .Values.hostNetwork }} - serviceAccountName: {{ template "kube-state-metrics.serviceAccountName" . }} - {{- if .Values.securityContext.enabled }} - securityContext: - fsGroup: {{ .Values.securityContext.fsGroup }} - runAsGroup: {{ .Values.securityContext.runAsGroup }} - runAsUser: {{ .Values.securityContext.runAsUser }} - {{- end }} - {{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName }} - {{- end }} - containers: - - name: {{ .Chart.Name }} -{{- if .Values.autosharding.enabled }} - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace -{{- end }} - args: -{{ if .Values.collectors.certificatesigningrequests }} - - --collectors=certificatesigningrequests -{{ end }} -{{ if .Values.collectors.configmaps }} - - --collectors=configmaps -{{ end }} -{{ if .Values.collectors.cronjobs }} - - --collectors=cronjobs -{{ end }} -{{ if .Values.collectors.daemonsets }} - - --collectors=daemonsets -{{ end }} -{{ if .Values.collectors.deployments }} - - --collectors=deployments -{{ end }} -{{ if .Values.collectors.endpoints }} - - --collectors=endpoints -{{ end }} -{{ if .Values.collectors.horizontalpodautoscalers }} - - --collectors=horizontalpodautoscalers -{{ end }} -{{ if .Values.collectors.ingresses }} - - --collectors=ingresses -{{ end }} -{{ if .Values.collectors.jobs }} - - --collectors=jobs -{{ end }} -{{ if .Values.collectors.limitranges }} - - --collectors=limitranges -{{ end }} -{{ if .Values.collectors.mutatingwebhookconfigurations }} - - --collectors=mutatingwebhookconfigurations -{{ end }} -{{ if .Values.collectors.namespaces }} - - --collectors=namespaces -{{ end }} -{{ if .Values.collectors.networkpolicies }} - - --collectors=networkpolicies -{{ end }} -{{ if .Values.collectors.nodes }} - - --collectors=nodes -{{ end }} -{{ if .Values.collectors.persistentvolumeclaims }} - - --collectors=persistentvolumeclaims -{{ end }} -{{ if .Values.collectors.persistentvolumes }} - - --collectors=persistentvolumes -{{ end }} -{{ if .Values.collectors.poddisruptionbudgets }} - - --collectors=poddisruptionbudgets -{{ end }} -{{ if .Values.collectors.pods }} - - --collectors=pods -{{ end }} -{{ if .Values.collectors.replicasets }} - - --collectors=replicasets -{{ end }} -{{ if .Values.collectors.replicationcontrollers }} - - --collectors=replicationcontrollers -{{ end }} -{{ if .Values.collectors.resourcequotas }} - - --collectors=resourcequotas -{{ end }} -{{ if .Values.collectors.secrets }} - - --collectors=secrets -{{ end }} -{{ if .Values.collectors.services }} - - --collectors=services -{{ end }} -{{ if .Values.collectors.statefulsets }} - - --collectors=statefulsets -{{ end }} -{{ if .Values.collectors.storageclasses }} - - --collectors=storageclasses -{{ end }} -{{ if .Values.collectors.validatingwebhookconfigurations }} - - --collectors=validatingwebhookconfigurations -{{ end }} -{{ if .Values.collectors.verticalpodautoscalers }} - - --collectors=verticalpodautoscalers -{{ end }} -{{ if .Values.collectors.volumeattachments }} - - --collectors=volumeattachments -{{ end }} -{{ if .Values.namespace }} - - --namespace={{ .Values.namespace }} -{{ end }} -{{ if .Values.autosharding.enabled }} - - --pod=$(POD_NAME) - - --pod-namespace=$(POD_NAMESPACE) -{{ end }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - ports: - - containerPort: 8080 - livenessProbe: - httpGet: - path: /healthz - port: 8080 - initialDelaySeconds: 5 - timeoutSeconds: 5 - readinessProbe: - httpGet: - path: / - port: 8080 - initialDelaySeconds: 5 - timeoutSeconds: 5 -{{- if .Values.resources }} - resources: -{{ toYaml .Values.resources | indent 10 }} -{{- end }} -{{- if .Values.imagePullSecrets }} - imagePullSecrets: -{{ toYaml .Values.imagePullSecrets | indent 8 }} -{{- end }} -{{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 8 }} -{{- end }} -{{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 8 }} -{{- end }} -{{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 8 }} -{{- end }} diff --git a/charts/datadog/datadog/2.4.200+up2.4.2/charts/kube-state-metrics/templates/pdb.yaml b/charts/datadog/datadog/2.4.200+up2.4.2/charts/kube-state-metrics/templates/pdb.yaml deleted file mode 100644 index 6adb50d79..000000000 --- a/charts/datadog/datadog/2.4.200+up2.4.2/charts/kube-state-metrics/templates/pdb.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.podDisruptionBudget -}} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ template "kube-state-metrics.fullname" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} - labels: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - app.kubernetes.io/instance: "{{ .Release.Name }}" - app.kubernetes.io/managed-by: "{{ .Release.Service }}" -spec: - selector: - matchLabels: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} -{{ toYaml .Values.podDisruptionBudget | indent 2 }} -{{- end -}} \ No newline at end of file diff --git a/charts/datadog/datadog/2.4.200+up2.4.2/charts/kube-state-metrics/templates/podsecuritypolicy.yaml b/charts/datadog/datadog/2.4.200+up2.4.2/charts/kube-state-metrics/templates/podsecuritypolicy.yaml deleted file mode 100644 index e822ba0e7..000000000 --- a/charts/datadog/datadog/2.4.200+up2.4.2/charts/kube-state-metrics/templates/podsecuritypolicy.yaml +++ /dev/null @@ -1,42 +0,0 @@ -{{- if .Values.podSecurityPolicy.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "kube-state-metrics.fullname" . }} - labels: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} -{{- if .Values.podSecurityPolicy.annotations }} - annotations: -{{ toYaml .Values.podSecurityPolicy.annotations | indent 4 }} -{{- end }} -spec: - privileged: false - volumes: - - 'secret' -{{- if .Values.podSecurityPolicy.additionalVolumes }} -{{ toYaml .Values.podSecurityPolicy.additionalVolumes | indent 4 }} -{{- end }} - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'MustRunAsNonRoot' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - readOnlyRootFilesystem: false -{{- end }} diff --git a/charts/datadog/datadog/2.4.200+up2.4.2/charts/kube-state-metrics/templates/psp-clusterrole.yaml b/charts/datadog/datadog/2.4.200+up2.4.2/charts/kube-state-metrics/templates/psp-clusterrole.yaml deleted file mode 100644 index 217abc950..000000000 --- a/charts/datadog/datadog/2.4.200+up2.4.2/charts/kube-state-metrics/templates/psp-clusterrole.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if and .Values.podSecurityPolicy.enabled .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - name: psp-{{ template "kube-state-metrics.fullname" . }} -rules: -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if semverCompare "> 1.15.0-0" $kubeTargetVersion }} -- apiGroups: ['policy'] -{{- else }} -- apiGroups: ['extensions'] -{{- end }} - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "kube-state-metrics.fullname" . }} -{{- end }} diff --git a/charts/datadog/datadog/2.4.200+up2.4.2/charts/kube-state-metrics/templates/psp-clusterrolebinding.yaml b/charts/datadog/datadog/2.4.200+up2.4.2/charts/kube-state-metrics/templates/psp-clusterrolebinding.yaml deleted file mode 100644 index feb97f228..000000000 --- a/charts/datadog/datadog/2.4.200+up2.4.2/charts/kube-state-metrics/templates/psp-clusterrolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if and .Values.podSecurityPolicy.enabled .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - name: psp-{{ template "kube-state-metrics.fullname" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: psp-{{ template "kube-state-metrics.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ template "kube-state-metrics.fullname" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} -{{- end }} diff --git a/charts/datadog/datadog/2.4.200+up2.4.2/charts/kube-state-metrics/templates/service.yaml b/charts/datadog/datadog/2.4.200+up2.4.2/charts/kube-state-metrics/templates/service.yaml deleted file mode 100644 index 5dacf5217..000000000 --- a/charts/datadog/datadog/2.4.200+up2.4.2/charts/kube-state-metrics/templates/service.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "kube-state-metrics.fullname" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} - labels: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - app.kubernetes.io/instance: "{{ .Release.Name }}" - app.kubernetes.io/managed-by: "{{ .Release.Service }}" -{{- if .Values.customLabels }} -{{ toYaml .Values.customLabels | indent 4 }} -{{- end }} - annotations: - {{- if .Values.prometheusScrape }} - prometheus.io/scrape: '{{ .Values.prometheusScrape }}' - {{- end }} - {{- if .Values.service.annotations }} - {{- toYaml .Values.service.annotations | nindent 4 }} - {{- end }} -spec: - type: "{{ .Values.service.type }}" - ports: - - name: "http" - protocol: TCP - port: {{ .Values.service.port }} - {{- if .Values.service.nodePort }} - nodePort: {{ .Values.service.nodePort }} - {{- end }} - targetPort: 8080 -{{- if .Values.service.loadBalancerIP }} - loadBalancerIP: "{{ .Values.service.loadBalancerIP }}" -{{- end }} - selector: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/charts/datadog/datadog/2.4.200+up2.4.2/charts/kube-state-metrics/templates/serviceaccount.yaml b/charts/datadog/datadog/2.4.200+up2.4.2/charts/kube-state-metrics/templates/serviceaccount.yaml deleted file mode 100644 index 32bb1640f..000000000 --- a/charts/datadog/datadog/2.4.200+up2.4.2/charts/kube-state-metrics/templates/serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - name: {{ template "kube-state-metrics.fullname" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} -imagePullSecrets: -{{ toYaml .Values.serviceAccount.imagePullSecrets | indent 2 }} -{{- end -}} diff --git a/charts/datadog/datadog/2.4.200+up2.4.2/charts/kube-state-metrics/templates/servicemonitor.yaml b/charts/datadog/datadog/2.4.200+up2.4.2/charts/kube-state-metrics/templates/servicemonitor.yaml deleted file mode 100644 index 54cde362d..000000000 --- a/charts/datadog/datadog/2.4.200+up2.4.2/charts/kube-state-metrics/templates/servicemonitor.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if .Values.prometheus.monitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "kube-state-metrics.fullname" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} - labels: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - app.kubernetes.io/instance: "{{ .Release.Name }}" - app.kubernetes.io/managed-by: "{{ .Release.Service }}" - {{- if .Values.prometheus.monitor.additionalLabels }} -{{ toYaml .Values.prometheus.monitor.additionalLabels | indent 4 }} - {{- end }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - endpoints: - - port: http - {{- if .Values.prometheus.monitor.honorLabels }} - honorLabels: true - {{- end }} -{{- end }} diff --git a/charts/datadog/datadog/2.4.200+up2.4.2/charts/kube-state-metrics/templates/stsdiscovery-role.yaml b/charts/datadog/datadog/2.4.200+up2.4.2/charts/kube-state-metrics/templates/stsdiscovery-role.yaml deleted file mode 100644 index bf5396072..000000000 --- a/charts/datadog/datadog/2.4.200+up2.4.2/charts/kube-state-metrics/templates/stsdiscovery-role.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{- if and .Values.autosharding.enabled .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} - labels: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} -rules: -- apiGroups: - - "" - resources: - - pods - verbs: - - get -- apiGroups: - - apps - resourceNames: - - kube-state-metrics - resources: - - statefulsets - verbs: - - get -{{- end }} diff --git a/charts/datadog/datadog/2.4.200+up2.4.2/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml b/charts/datadog/datadog/2.4.200+up2.4.2/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml deleted file mode 100644 index 6a2e5bfe7..000000000 --- a/charts/datadog/datadog/2.4.200+up2.4.2/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if and .Values.autosharding.enabled .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} - labels: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ template "kube-state-metrics.fullname" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} -{{- end }} diff --git a/charts/datadog/datadog/2.4.200+up2.4.2/charts/kube-state-metrics/values.yaml b/charts/datadog/datadog/2.4.200+up2.4.2/charts/kube-state-metrics/values.yaml deleted file mode 100644 index 11f48fb77..000000000 --- a/charts/datadog/datadog/2.4.200+up2.4.2/charts/kube-state-metrics/values.yaml +++ /dev/null @@ -1,139 +0,0 @@ -# Default values for kube-state-metrics. -prometheusScrape: true -image: - repository: quay.io/coreos/kube-state-metrics - tag: v1.9.7 - pullPolicy: IfNotPresent - -imagePullSecrets: [] -# - name: "image-pull-secret" - -# If set to true, this will deploy kube-state-metrics as a StatefulSet and the data -# will be automatically sharded across <.Values.replicas> pods using the built-in -# autodiscovery feature: https://github.com/kubernetes/kube-state-metrics#automated-sharding -# This is an experimental feature and there are no stability guarantees. -autosharding: - enabled: false - -replicas: 1 - -service: - port: 8080 - # Default to clusterIP for backward compatibility - type: ClusterIP - nodePort: 0 - loadBalancerIP: "" - annotations: {} - -customLabels: {} - -hostNetwork: false - -rbac: - # If true, create & use RBAC resources - create: true - -serviceAccount: - # Specifies whether a ServiceAccount should be created, require rbac true - create: true - # The name of the ServiceAccount to use. - # If not set and create is true, a name is generated using the fullname template - name: - # Reference to one or more secrets to be used when pulling images - # ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - imagePullSecrets: [] - -prometheus: - monitor: - enabled: false - additionalLabels: {} - namespace: "" - honorLabels: false - -## Specify if a Pod Security Policy for kube-state-metrics must be created -## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ -## -podSecurityPolicy: - enabled: false - annotations: {} - ## Specify pod annotations - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl - ## - # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' - # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' - # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' - - additionalVolumes: [] - -securityContext: - enabled: true - runAsGroup: 65534 - runAsUser: 65534 - fsGroup: 65534 - -## Node labels for pod assignment -## Ref: https://kubernetes.io/docs/user-guide/node-selection/ -nodeSelector: {} - -## Affinity settings for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ -affinity: {} - -## Tolerations for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -tolerations: [] - -# Annotations to be added to the pod -podAnnotations: {} - -## Assign a PriorityClassName to pods if set -# priorityClassName: "" - -# Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ -podDisruptionBudget: {} - -# Available collectors for kube-state-metrics. By default all available -# collectors are enabled. -collectors: - certificatesigningrequests: true - configmaps: true - cronjobs: true - daemonsets: true - deployments: true - endpoints: true - horizontalpodautoscalers: true - ingresses: true - jobs: true - limitranges: true - mutatingwebhookconfigurations: true - namespaces: true - networkpolicies: true - nodes: true - persistentvolumeclaims: true - persistentvolumes: true - poddisruptionbudgets: true - pods: true - replicasets: true - replicationcontrollers: true - resourcequotas: true - secrets: true - services: true - statefulsets: true - storageclasses: true - validatingwebhookconfigurations: true - verticalpodautoscalers: false - volumeattachments: true - -# Namespace to be enabled for collecting resources. By default all namespaces are collected. -# namespace: "" - -## Override the deployment namespace -## -namespaceOverride: "" - -## Provide a k8s version to define apiGroups for podSecurityPolicy Cluster Role. -## For example: kubeTargetVersionOverride: 1.14.9 -## -kubeTargetVersionOverride: "" diff --git a/charts/datadog/datadog/2.4.200+up2.4.2/ci/cluster-agent-and-worker-with-dedicated-rbac-values.yaml b/charts/datadog/datadog/2.4.200+up2.4.2/ci/cluster-agent-and-worker-with-dedicated-rbac-values.yaml deleted file mode 100644 index d290ace8a..000000000 --- a/charts/datadog/datadog/2.4.200+up2.4.2/ci/cluster-agent-and-worker-with-dedicated-rbac-values.yaml +++ /dev/null @@ -1,17 +0,0 @@ -datadog: - apiKey: "00000000000000000000000000000000" - appKey: "0000000000000000000000000000000000000000" - kubeStateMetricsEnabled: false - clusterChecks: - enabled: true - -clusterAgent: - enabled: true - -clusterChecksRunner: - enabled: true - replicas: 1 - rbac: - dedicated: true - serviceAccountAnnotations: - "eks.amazonaws.com/role-arn": "arn:aws:iam::123456789012:role/datadog-clusterchecker" diff --git a/charts/datadog/datadog/2.4.200+up2.4.2/ci/cluster-agent-metrics-server-service-port-values.yaml b/charts/datadog/datadog/2.4.200+up2.4.2/ci/cluster-agent-metrics-server-service-port-values.yaml deleted file mode 100644 index 2006b81a4..000000000 --- a/charts/datadog/datadog/2.4.200+up2.4.2/ci/cluster-agent-metrics-server-service-port-values.yaml +++ /dev/null @@ -1,13 +0,0 @@ -datadog: - apiKey: "00000000000000000000000000000000" - appKey: "0000000000000000000000000000000000000000" - kubeStateMetricsEnabled: false - -clusterAgent: - enabled: true - - metricsProvider: - enabled: true - - service: - port: 4443 diff --git a/charts/datadog/datadog/2.4.200+up2.4.2/ci/cluster-agent-values.yaml b/charts/datadog/datadog/2.4.200+up2.4.2/ci/cluster-agent-values.yaml deleted file mode 100644 index 7a5aeb66a..000000000 --- a/charts/datadog/datadog/2.4.200+up2.4.2/ci/cluster-agent-values.yaml +++ /dev/null @@ -1,25 +0,0 @@ -datadog: - clusterName: kubernetes-cluster.example.com - apiKey: "00000000000000000000000000000000" - appKey: "0000000000000000000000000000000000000000" - kubeStateMetricsEnabled: false - clusterChecks: - enabled: true - -clusterAgent: - enabled: true - wpaController: true - -clusterChecksRunner: - enabled: true - replicas: 1 - - volumes: - - name: tmp - hostPath: - path: /tmp - - volumeMounts: - - name: tmp - mountPath: /etc/tmp - readOnly: true diff --git a/charts/datadog/datadog/2.4.200+up2.4.2/ci/default-values.yaml b/charts/datadog/datadog/2.4.200+up2.4.2/ci/default-values.yaml deleted file mode 100644 index ff92bd38a..000000000 --- a/charts/datadog/datadog/2.4.200+up2.4.2/ci/default-values.yaml +++ /dev/null @@ -1,4 +0,0 @@ -# Empty values file for testing default parameters. -datadog: - apiKey: "00000000000000000000000000000000" - appKey: "0000000000000000000000000000000000000000" diff --git a/charts/datadog/datadog/2.4.200+up2.4.2/ci/dogstastd-socket-values.yaml b/charts/datadog/datadog/2.4.200+up2.4.2/ci/dogstastd-socket-values.yaml deleted file mode 100644 index a514bea92..000000000 --- a/charts/datadog/datadog/2.4.200+up2.4.2/ci/dogstastd-socket-values.yaml +++ /dev/null @@ -1,12 +0,0 @@ -# Empty values file for testing default parameters. -datadog: - apiKey: "00000000000000000000000000000000" - appKey: "0000000000000000000000000000000000000000" - kubeStateMetricsEnabled: false - - dogstatsd: - useSocketVolume: true - - apm: - enabled: true - useSocketVolume: true diff --git a/charts/datadog/datadog/2.4.200+up2.4.2/ci/kubeval.yaml b/charts/datadog/datadog/2.4.200+up2.4.2/ci/kubeval.yaml deleted file mode 100644 index c1723ded6..000000000 --- a/charts/datadog/datadog/2.4.200+up2.4.2/ci/kubeval.yaml +++ /dev/null @@ -1,46 +0,0 @@ -datadog: - apiKey: "00000000000000000000000000000000" - appKey: "0000000000000000000000000000000000000000" - env: - - name: "DD_KUBELET_TLS_VERIFY" - value: "false" - logs: - enabled: true - containerCollectAll: true - apm: - enabled: true - processAgent: - enabled: true - processCollection: true - systemProbe: - enabled: true - enableConntrack: true - enableTCPQueueLength: true - enableOOMKill: true - collectDNSStats: true - orchestratorExplorer: - enabled: true - clusterChecks: - enabled: true - kubeStateMetricsEnabled: true -clusterAgent: - enabled: true - createPodDisruptionBudget: true - nodeSelector: - kubernetes.io/os: linux - metricsProvider: - enabled: false - admissionController: - enabled: true - mutateUnlabelled: true -clusterChecksRunner: - enabled: true - createPodDisruptionBudget: true - nodeSelector: - kubernetes.io/os: linux -agents: - nodeSelector: - kubernetes.io/os: linux - podSecurity: - podSecurityPolicy: - create: true diff --git a/charts/datadog/datadog/2.4.200+up2.4.2/ci/no_hardened_seccomp-values.yaml b/charts/datadog/datadog/2.4.200+up2.4.2/ci/no_hardened_seccomp-values.yaml deleted file mode 100644 index bafa362ef..000000000 --- a/charts/datadog/datadog/2.4.200+up2.4.2/ci/no_hardened_seccomp-values.yaml +++ /dev/null @@ -1,7 +0,0 @@ -datadog: - apiKey: "00000000000000000000000000000000" - appKey: "0000000000000000000000000000000000000000" - kubeStateMetricsEnabled: false - systemProbe: - enabled: true - seccomp: runtime/default diff --git a/charts/datadog/datadog/2.4.200+up2.4.2/ci/psp-test-values.yaml b/charts/datadog/datadog/2.4.200+up2.4.2/ci/psp-test-values.yaml deleted file mode 100644 index f0bb23a43..000000000 --- a/charts/datadog/datadog/2.4.200+up2.4.2/ci/psp-test-values.yaml +++ /dev/null @@ -1,9 +0,0 @@ -# Empty values file for testing default parameters. -datadog: - apiKey: "00000000000000000000000000000000" - appKey: "0000000000000000000000000000000000000000" - kubeStateMetricsEnabled: false -agents: - podSecurity: - podSecurityPolicy: - create: true diff --git a/charts/datadog/datadog/2.4.200+up2.4.2/ci/securitycontext-nil-values.yaml b/charts/datadog/datadog/2.4.200+up2.4.2/ci/securitycontext-nil-values.yaml deleted file mode 100644 index 155e92a35..000000000 --- a/charts/datadog/datadog/2.4.200+up2.4.2/ci/securitycontext-nil-values.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# Test the support of `securitContext` set to `nil` -datadog: - apiKey: "00000000000000000000000000000000" - appKey: "0000000000000000000000000000000000000000" - kubeStateMetricsEnabled: false - - securityContext: diff --git a/charts/datadog/datadog/2.4.200+up2.4.2/docs/Migration_1.x_to_2.x.md b/charts/datadog/datadog/2.4.200+up2.4.2/docs/Migration_1.x_to_2.x.md deleted file mode 100644 index 062bcc5c5..000000000 --- a/charts/datadog/datadog/2.4.200+up2.4.2/docs/Migration_1.x_to_2.x.md +++ /dev/null @@ -1,72 +0,0 @@ -# Chart 1.x to 2.x migration guide - -The `datadog` chart has been refactored to regroup the `values.yaml` parameters in a more logical way. -Migrating from chart v1 to chart v2 hence requires that you restructure the `values.yaml` file. -For all the parameters in the existing `values.yaml` file that applied to chart v1, you’ll -find the parameters to which they correspond to in v2 in the following table. -Parameters that are not listed in the table below haven’t been touched and are at the same -location in v1 and v2. - -| Old parameter | New location | comment | -| ------------- | ------------ | ------- | -| `image.repository` | `agents.image.repository` and `clusterCheckRunner.image.repository` | | -| `image.tag` | `agents.image.tag` and `clusterCheckRunner.image.tag` | | -| `image.pullPolicy` | `agents.image.pullPolicy` and `clusterCheckRunner.image.pullPolicy` | | -| `image.pullSecrets` | `agents.image.pullSecrets` and `clusterCheckRunner.image.pullSecrets` | | -| `datadog.name` | ∅ | The name of the container inside the Agent and Cluster Agent pod isn’t configurable anymore | -| `datadog.useCriSocketVolume` | ∅ | If `datadog.criSocketPath` is defined, the socket will be mounted inside the container without needing to set `datadog.useCriSocketVolume` in addition. | -| `datadog.containerLogsPath` | ∅ | Not needed anymore because the chart automatically detects if the CRI is `docker` based on `criSocketPath` and mounts the path accordingly | -| `datadog.apmEnabled` | `datadog.apm.enabled` | | -| `datadog.processAgentEnabled` | `datadog.processAgent.enabled` and `datadog.processAgent.processCollection:true` | | -| `datadog.volumes` | `agent.volumes` | | -| `datadog.volumeMounts` | `agent.VolumeMounts` | | -| `datadog.livenessProbe` | `agents.containers.agent.livenessProbe` | | -| `datadog.resources` | `agents.containers.agent.resources` | | -| `datadog.dogstatsdOriginDetection` | `datadog.dogstatsd.originDetection` | | -| `datadog.useDogStatsDSocketVolume` | `datadog.dogstatsd.useSocketVolume` | | -| `systemProbe.enabled` | `datadog.systemProbe.enabled` | | -| `systemProbe.debugPort` | `datadog.systemProbe.debugPort` | | -| `systemProbe.enableConntrack` | `datadog.systemProbe.enableConntrack` | | -| `systemProbe.seccomp` | `datadog.systemProbe.seccomp` | | -| `systemProbe.seccompRoot` | `datadog.systemProbe.seccompRoot` | | -| `systemProbe.bpfDebug` | `datadog.systemProbe.bpfDebug` | | -| `systemProbe.apparmor` | `datadog.systemProbe.apparmor` | | -| `clusterAgent.containerName` | ∅ | The name of the container inside the Cluster Agent pod isn’t configurable anymore | -| `clusterAgent.clusterChecks.enabled` | `datadog.clusterChecks.enabled` | | -| `rbac.create` | `agents.rbac.create` and `clusterAgent.rbac.create` | | -| `rbac.serviceAccountName` | `agents.rbac.serviceAccountName` and `clusterAgent.rabc.serviceAccountName` | | -| `toleration` | `agents.toleration` | | -| `kubeStateMetrics.enabled` | `datadog.kubeStateMetricsEnabled` | | -| `daemonset.enabled` | `agents.enabled` | | -| `daemonset.containers.agent.*` | `agents.containers.agent.*` | | -| `daemonset.containers.processAgent.*` | `agents.containers.processAgent.*` | | -| `daemonset.containers.traceAgent.*` | `agents.containers.traceAgent.*` | | -| `daemonset.containers.systemProbe.*` | `agents.containers.systemProbe.*` | | -| `daemonset.useHostNetwork` | `agents.useHostNetwork` | | -| `daemonset.dogstatsdPort` | `datadog.dogstatsd.port` | | -| `daemonset.useHostPort` | `datadog.dogstatsd.useHostPort` | | -| `daemonset.useHostPID` | `datadog.dogstatsd.useHostPID` | | -| `daemonset.nonLocalTraffic` | `datadog.dogstatsd.nonLocalTraffic` | | -| `daemonset.podAnnotations` | `agents.podAnnotations` | | -| `daemonset.tolerations` | `agents.tolerations` | | -| `daemonset.nodeSelector` | `agents.nodeSelector` | | -| `daemonset.affinity` | `agents.affinity` | | -| `daemonset.updateStrategy` | `agents.updateStrategy` | | -| `daemonset.priorityClassName` | `agents.priorityClassName` | | -| `daemonset.podLabels` | `agents.podLabels` | | -| `daemonset.useConfigMap` | `agents.useConfigMap` | | -| `daemonset.customAgentConfig.*` | `agents.customAgentConfig.*` | | -| `daemonset.useDedicatedContainers` | ∅ | | -| `deployment.*` | ∅ | | -| `clusterchecksDeployment.enabled` | `clusterChecksRunner.enabled` | | -| `clusterchecksDeployment.rbac.*` | `clusterChecksRunner.rbac.*` | | -| `clusterchecksDeployment.replicas` | `clusterChecksRunner.replicas` | | -| `clusterchecksDeployment.resources.*` | `clusterChecksRunner.resources.*` | | -| `clusterchecksDeployment.affinity` | `clusterChecksRunner.affinity` | | -| `clusterchecksDeployment.strategy` | `clusterChecksRunner.strategy` | | -| `clusterchecksDeployment.nodeSelector` | `clusterChecksRunner.nodeSelector` | | -| `clusterchecksDeployment.tolerations` | `clusterChecksRunner.tolerations` | | -| `clusterchecksDeployment.livenessProbe` | `clusterChecksRunner.livenessProbe` | | -| `clusterchecksDeployment.env` | `clusterChecksRunner.env` | | -| `logsEnabled` | `datadog.logs.enabled` | | -| `logsConfigContainerCollectAll` | `datadog.logs.containerCollectAll` | | diff --git a/charts/datadog/datadog/2.4.200+up2.4.2/questions.yml b/charts/datadog/datadog/2.4.200+up2.4.2/questions.yml deleted file mode 100644 index 4305c70e0..000000000 --- a/charts/datadog/datadog/2.4.200+up2.4.2/questions.yml +++ /dev/null @@ -1,221 +0,0 @@ -questions: -#image configurations -- variable: defaultImage - default: true - description: "Use default Datadog image or specify a custom one" - label: Use Default Datadog Image - type: boolean - show_subquestion_if: false - group: "Container Images" - subquestions: - - variable: agents.image.repository - default: "datadog/agent" - description: "Datadog image name" - type: string - label: Datadog Image Name - - variable: agents.image.tag - default: "7.21.1" - description: "Datadog Image Tag" - type: string - label: Datadog Image Tag - - variable: clusterAgent.image.repository - default: "datadog/cluster-agent" - description: "Datadog clusterAgent image name" - type: string - label: Datadog ClusterAgent Image Name - - variable: clusterAgent.image.tag - default: "1.7.0" - description: "Datadog ClusterAgent Image Tag" - type: string - label: Datadog ClusterAgent Image Tag - - variable: clusterChecksRunner.image.repository - default: "datadog/agent" - description: "Datadog clusterChecksRunner image name" - type: string - label: Datadog Cluster Checks Runner Image Name - show_if: "clusterChecksRunner.enabled=true&&defaultImage=false" - - variable: clusterChecksRunner.image.tag - default: "7.21.1" - description: "Datadog Cluster Checks Runner Image Tag" - type: string - label: Datadog Cluster Checks Runner Image Tag - show_if: "clusterChecksRunner.enabled=true&&defaultImage=false" - - variable: kube-state-metrics.image.repository - default: "quay.io/coreos/kube-state-metrics" - description: "KubeState image name" - type: string - label: KubeState Image Name - show_if: "kubeStateMetrics.enabled=true&&defaultImage=false" - - variable: kube-state-metrics.image.tag - default: "v1.9.7" - description: "KubeState Image Tag" - type: string - label: KubeState Image Tag - show_if: "kubeStateMetrics.enabled=true&&defaultImage=false" -#cluster agent configurations -- variable: clusterAgent.enabled - default: false - description: "Use the cluster-agent for cluster metrics (Kubernetes 1.10+ only), https://docs.datadoghq.com/agent/kubernetes/cluster/" - type: boolean - label: Enable Cluster Agent Metrics(Kubernetes 1.10+ only) - group: "Cluster Agent" -- variable: clusterAgent.metricsProvider.enabled - default: true - description: "Enable the metricsProvider to be able to scale based on metrics in Datadog" - type: boolean - label: Enable the metricsProvider - show_if: "clusterAgent.enabled=true" - group: "Cluster Agent" -- variable: datadog.appKey - default: "" - description: "Datadog App key required to use metricsProvider" - type: string - required: true - label: Datadog Metrics App Key - group: "Cluster Agent" - show_if: "clusterAgent.enabled=true&&clusterAgent.metricsProvider.enabled=true&&datadog.appKeyExistingSecret=" -- variable: datadog.appKeyExistingSecret - default: "" - description: "If set, use the secret with a provided name instead of creating a new appKey secret." - type: secret - label: Select Existing Datadog App Key(Secret) - group: "Cluster Agent" - show_if: "clusterAgent.enabled=true&&clusterAgent.metricsProvider.enabled=true&&datadog.appKey=" -#datadog agent configurations -- variable: datadog.apiKey - default: "" - description: "Enter your Datadog API Key." - type: string - label: Datadog API Key - group: "Agent Configuration" - required: true - show_if: "datadog.apiKeyExistingSecret=" -- variable: datadog.apiKeyExistingSecret - default: "" - description: "If set, use the secret with a provided name instead of creating a new apiKey secret." - type: secret - label: Select Existing Datadog API Key(Secret) - group: "Agent Configuration" - show_if: "datadog.apiKey=" -- variable: datadog.site - default: "datadoghq.com" - description: "The site of the Datadog intake to send Agent data to" - type: enum - label: Datadog Site URL - group: "Agent Configuration" - required: true - options: - - "datadoghq.com" - - "datadoghq.eu" - - "custom" -- variable: datadog.dd_url - required: true - default: "" - description: "The host of the Datadog intake server to send Agent data to, only set this option if you need the Agent to send data to a custom URL" - type: string - label: Datadog Custom Site URL - group: "Agent Configuration" - show_if: "datadog.site=custom" -- variable: datadog.logLevel - default: "warn" - description: "Set Agent logging verbosity" - type: enum - options: - - "trace" - - "debug" - - "info" - - "warn" - - "error" - - "critical" - - "off" - label: Log Level - group: "Agent Configuration" -- variable: datadog.tags - default: "" - description: "Host tags, separated by spaces. For example: 'simple-tag-0 tag-key-1:tag-value-1'" - type: string - label: Host Tags - group: "Agent Configuration" -- variable: datadog.criSocketPath - default: "" - description: "Path to the container runtime socket (if different from Docker), default to `/var/run/docker.sock`" - type: string - label: Path To The Container Runtime Socket(Optional) - group: "Agent Configuration" -- variable: datadog.dogstatsd.nonLocalTraffic - default: false - description: "Whether DogStatsD should listen to non local UDP traffic, required to send custom metrics" - type: boolean - label: DogStatsD Non-Local Traffic - group: "Agent Configuration" -- variable: datadog.collectEvents - default: false - description: "Enable event collection from the kubernetes API" - type: boolean - label: Collect Events - group: "Agent Configuration" -# Datadog Tagging -- variable: datadog.podLabelsAsTags - default: "" - description: "Specify a JSON map, where the map key is the source label name and the map value the datadog tag name. E.g: '{\"app\":\"kube_app\",\"release\":\"helm_release\"}'" - type: string - label: Extract Pod Labels as Tags - group: "Datadog Tagging" -- variable: datadog.podAnnotationsAsTags - default: "" - description: "Specify a JSON map, where the map key is the source label name and the map value the datadog tag name. E.g: '{\"app\":\"kube_app\",\"release\":\"helm_release\"}'" - type: string - label: Extract Pod Annotations as Tags - group: "Datadog Tagging" -- variable: datadog.nodeLabelsAsTags - default: "" - description: "Specify a JSON map, where the map key is the source label name and the map value the datadog tag name. E.g: '{\"app\":\"kube_app\",\"release\":\"helm_release\"}'" - type: string - label: Extract Node Labels As Tags - group: "Datadog Tagging" -# DaemonSet configurations -- variable: agents.useHostNetwork - default: false - description: "Bind ports on the hostNetwork. Useful for CNI networking where hostPort might not be supported. The ports will need to be available on all hosts" - type: boolean - label: Use HostNetwork - group: "Daemonset Configuration" -- variable: agents.dogstatsd.useHostPort - default: false - description: "Sets the hostPort to the same value of the container port" - type: boolean - label: Use HostPort - group: "Daemonset Configuration" -- variable: agents.useHostPID - default: false - description: "Run the agent in the host's PID namespace" - type: boolean - label: Use HostPID - group: "Daemonset Configuration" -# Optional Collection agents -- variable: datadog.apm.enabled - default: false - description: "Run the trace-agent along with the infrastructure agent, allowing the container to accept traces on 8126/tcp" - type: boolean - label: Enable APM - group: "Optional Collection Agents" -- variable: datadog.processAgent.enabled - default: false - description: "Enable live process collection in the process-agent" - type: boolean - label: Enable Live Process Agent - group: "Optional Collection Agents" -- variable: datadog.logs.enabled - default: false - description: "Run the log-agent along with the infrastructure agent" - type: boolean - label: Collect Logs - group: "Optional Collection Agents" - -#Kube State Metrics -- variable: kubeStateMetrics.enabled - default: true - description: "Create a kube-state-metrics deployment" - type: boolean - label: Deployment KubeState Metrics Deployment - group: "Kube-State-Metrics" diff --git a/charts/datadog/datadog/2.4.200+up2.4.2/requirements.lock b/charts/datadog/datadog/2.4.200+up2.4.2/requirements.lock deleted file mode 100644 index cc7ddfb40..000000000 --- a/charts/datadog/datadog/2.4.200+up2.4.2/requirements.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: kube-state-metrics - repository: https://kubernetes-charts.storage.googleapis.com/ - version: =2.8.11 -digest: sha256:35a0ae8724925c531b15f2eb8f78adee8d688bd1ac2e06289edb3e4238e3d037 -generated: "2020-08-04T09:21:38.189722549Z" diff --git a/charts/datadog/datadog/2.4.200+up2.4.2/requirements.yaml b/charts/datadog/datadog/2.4.200+up2.4.2/requirements.yaml deleted file mode 100644 index 8c0cd7ead..000000000 --- a/charts/datadog/datadog/2.4.200+up2.4.2/requirements.yaml +++ /dev/null @@ -1,4 +0,0 @@ -dependencies: -- condition: datadog.kubeStateMetricsEnabled - name: kube-state-metrics - repository: file://./charts/kube-state-metrics diff --git a/charts/datadog/datadog/2.4.200+up2.4.2/templates/NOTES.txt b/charts/datadog/datadog/2.4.200+up2.4.2/templates/NOTES.txt deleted file mode 100644 index ba3dac236..000000000 --- a/charts/datadog/datadog/2.4.200+up2.4.2/templates/NOTES.txt +++ /dev/null @@ -1,76 +0,0 @@ -{{- if (or (.Values.datadog.apiKeyExistingSecret) (not (eq .Values.datadog.apiKey ""))) }} -Datadog agents are spinning up on each node in your cluster. After a few -minutes, you should see your agents starting in your event stream: - https://app.datadoghq.com/event/stream - - {{- if .Values.datadog.apiKeyExistingSecret }} -You disabled creation of Secret containing API key, therefore it is expected -that you create Secret named '{{ .Values.datadog.apiKeyExistingSecret }}' which includes a key called 'api-key' containing the API key. - {{- else if not (eq .Values.datadog.apiKey "") }} - {{- end }} -{{- else }} -############################################################################## -#### ERROR: You did not set a datadog.apiKey. #### -############################################################################## - -This deployment will be incomplete until you get your API key from Datadog. -One can sign up for a free Datadog trial at https://app.datadoghq.com/signup - -Once registered you can request an API key at: - - https://app.datadoghq.com/account/settings#agent/kubernetes - -Then run: - - helm upgrade {{ .Release.Name }} \ - --set datadog.apiKey=YOUR-KEY-HERE stable/datadog -{{- end }} - -{{- if .Values.clusterAgent.enabled }} - - {{- if .Values.clusterAgent.metricsProvider.enabled }} - {{- if .Values.datadog.appKeyExistingSecret }} -You disabled creation of Secret containing APP key, therefore it is expected -that you create a Secret named '{{ .Values.datadog.appKeyExistingSecret }}' which includes a key called 'app-key' containing the APP key. - {{- else if (.Values.datadog.appKey) }} - {{- else }} - -############################################################################## -#### ERROR: You did not set a datadog.appKey. #### -############################################################################## - -This deployment will be incomplete until you get your APP key from Datadog. -Create an application key at https://app.datadoghq.com/account/settings#api - {{- end }} - {{- end }} - -{{- end }} - -{{- if .Values.datadog.apm.enabled }} -The Datadog Agent is listening on port {{ .Values.datadog.apm.port }} for APM service. -{{- end }} - -{{- if .Values.datadog.autoconf }} - -################################################################# -#### WARNING: Deprecation notice #### -################################################################# - -The autoconf value is deprecated, Autodiscovery templates can now -be safely moved to the confd value. As a temporary measure, both -values were merged into the {{ template "datadog.fullname" . }}-confd configmap, -but this will be removed in a future chart release. -Please note that duplicate file names may have conflicted during -the merge. In that case, the confd entry will take precedence. -{{- end }} - -{{- if eq .Values.agents.image.repository "datadog/docker-dd-agent" }} - -###################################################################### -#### ERROR: Unsupported agent version #### -###################################################################### - -This version of the chart does not support deploying Agent 5.x. -If you cannot upgrade to Agent 6.x or later, you can use a previous version -of the chart by calling helm install with `--version 0.18.0`. -{{- end }} diff --git a/charts/datadog/datadog/2.4.200+up2.4.2/templates/_helpers.tpl b/charts/datadog/datadog/2.4.200+up2.4.2/templates/_helpers.tpl deleted file mode 100644 index 07035db99..000000000 --- a/charts/datadog/datadog/2.4.200+up2.4.2/templates/_helpers.tpl +++ /dev/null @@ -1,137 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{- define "check-version" -}} -{{- if not .Values.agents.image.doNotCheckTag -}} -{{- $version := .Values.agents.image.tag | toString | trimSuffix "-jmx" -}} -{{- $length := len (split "." $version) -}} -{{- if and (eq $length 1) (eq $version "6") -}} -{{- $version = "6.19.0" -}} -{{- end -}} -{{- if and (eq $length 1) (eq $version "7") -}} -{{- $version = "7.19.0" -}} -{{- end -}} -{{- if and (eq $length 1) (eq $version "latest") -}} -{{- $version = "7.19.0" -}} -{{- end -}} -{{- if not (semverCompare "^6.19.0-0 || ^7.19.0-0" $version) -}} -{{- fail "This version of the chart requires an agent image 7.19.0 or greater. If you want to force and skip this check, use `--set agents.image.doNotCheckTag=true`" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Expand the name of the chart. -*/}} -{{- define "datadog.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -And depending on the resources the name is completed with an extension. -If release name contains chart name it will be used as a full name. -*/}} -{{- define "datadog.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "datadog.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Return secret name to be used based on provided values. -*/}} -{{- define "datadog.apiSecretName" -}} -{{- $fullName := include "datadog.fullname" . -}} -{{- default $fullName .Values.datadog.apiKeyExistingSecret | quote -}} -{{- end -}} - -{{/* -Return secret name to be used based on provided values. -*/}} -{{- define "datadog.appKeySecretName" -}} -{{- $fullName := printf "%s-appkey" (include "datadog.fullname" .) -}} -{{- default $fullName .Values.datadog.appKeyExistingSecret | quote -}} -{{- end -}} - -{{/* -Return secret name to be used based on provided values. -*/}} -{{- define "clusterAgent.tokenSecretName" -}} -{{- if not .Values.clusterAgent.tokenExistingSecret -}} -{{- include "datadog.fullname" . -}}-cluster-agent -{{- else -}} -{{- .Values.clusterAgent.tokenExistingSecret -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for RBAC APIs. -*/}} -{{- define "rbac.apiVersion" -}} -{{- if semverCompare "^1.8-0" .Capabilities.KubeVersion.GitVersion -}} -"rbac.authorization.k8s.io/v1" -{{- else -}} -"rbac.authorization.k8s.io/v1beta1" -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate os label -*/}} -{{- define "label.os" -}} -{{- if semverCompare "^1.14-0" .Capabilities.KubeVersion.GitVersion -}} -kubernetes.io/os -{{- else -}} -beta.kubernetes.io/os -{{- end -}} -{{- end -}} - -{{/* -Correct `clusterAgent.metricsProvider.service.port` if Kubernetes <= 1.15 -*/}} -{{- define "clusterAgent.metricsProvider.port" -}} -{{- if semverCompare "^1.15-0" .Capabilities.KubeVersion.GitVersion -}} -{{- .Values.clusterAgent.metricsProvider.service.port -}} -{{- else -}} -443 -{{- end -}} -{{- end -}} - -{{/* -Return the container runtime socket -*/}} -{{- define "datadog.dockerOrCriSocketPath" -}} -{{- if eq .Values.targetSystem "linux" -}} -{{- .Values.datadog.dockerSocketPath | default .Values.datadog.criSocketPath | default "/var/run/docker.sock" -}} -{{- end -}} -{{- if eq .Values.targetSystem "windows" -}} -\\.\pipe\docker_engine -{{- end -}} -{{- end -}} - -{{/* -Return agent config path -*/}} -{{- define "datadog.confPath" -}} -{{- if eq .Values.targetSystem "linux" -}} -/etc/datadog-agent -{{- end -}} -{{- if eq .Values.targetSystem "windows" -}} -C:/ProgramData/Datadog -{{- end -}} -{{- end -}} diff --git a/charts/datadog/datadog/2.4.200+up2.4.2/templates/agent-apiservice.yaml b/charts/datadog/datadog/2.4.200+up2.4.2/templates/agent-apiservice.yaml deleted file mode 100644 index 2a7ab8331..000000000 --- a/charts/datadog/datadog/2.4.200+up2.4.2/templates/agent-apiservice.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if and .Values.clusterAgent.rbac.create .Values.clusterAgent.enabled .Values.clusterAgent.metricsProvider.enabled -}} -apiVersion: apiregistration.k8s.io/v1 -kind: APIService -metadata: - name: v1beta1.external.metrics.k8s.io - labels: - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -spec: - service: - name: {{ template "datadog.fullname" . }}-cluster-agent-metrics-api - namespace: {{ .Release.Namespace }} -{{- if semverCompare "^1.15-0" .Capabilities.KubeVersion.GitVersion }} - port: {{ template "clusterAgent.metricsProvider.port" . }} -{{- end }} - version: v1beta1 - insecureSkipTLSVerify: true - group: external.metrics.k8s.io - groupPriorityMinimum: 100 - versionPriority: 100 -{{- end -}} diff --git a/charts/datadog/datadog/2.4.200+up2.4.2/templates/agent-clusterchecks-deployment.yaml b/charts/datadog/datadog/2.4.200+up2.4.2/templates/agent-clusterchecks-deployment.yaml deleted file mode 100644 index 55020526a..000000000 --- a/charts/datadog/datadog/2.4.200+up2.4.2/templates/agent-clusterchecks-deployment.yaml +++ /dev/null @@ -1,191 +0,0 @@ -{{- if and .Values.clusterAgent.enabled .Values.datadog.clusterChecks.enabled .Values.clusterChecksRunner.enabled -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "datadog.fullname" . }}-clusterchecks - labels: - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -spec: - replicas: {{ .Values.clusterChecksRunner.replicas }} - strategy: -{{ toYaml .Values.clusterChecksRunner.strategy | indent 4 }} - selector: - matchLabels: - app: {{ template "datadog.fullname" . }}-clusterchecks - template: - metadata: - labels: - app: {{ template "datadog.fullname" . }}-clusterchecks - name: {{ template "datadog.fullname" . }}-clusterchecks - annotations: - checksum/install_info: {{ printf "%s-%s" .Chart.Name .Chart.Version | sha256sum }} - {{- if .Values.datadog.checksd }} - checksum/checksd-config: {{ tpl (toYaml .Values.datadog.checksd) . | sha256sum }} - {{- end }} - spec: - {{- if .Values.clusterChecksRunner.rbac.dedicated }} - serviceAccountName: {{ if .Values.clusterChecksRunner.rbac.create }}{{ template "datadog.fullname" . }}-cluster-checks{{ else }}"{{ .Values.clusterChecksRunner.rbac.serviceAccountName }}"{{ end }} - {{- else }} - serviceAccountName: {{ if .Values.clusterChecksRunner.rbac.create }}{{ template "datadog.fullname" . }}{{ else }}"{{ .Values.clusterChecksRunner.rbac.serviceAccountName }}"{{ end }} - {{- end }} - imagePullSecrets: -{{ toYaml .Values.clusterChecksRunner.image.pullSecrets | indent 8 }} - {{- if .Values.clusterChecksRunner.dnsConfig }} - dnsConfig: -{{ toYaml .Values.clusterChecksRunner.dnsConfig | indent 8 }} - {{- end }} - initContainers: - - name: init-volume - image: "{{ .Values.agents.image.repository }}:{{ .Values.agents.image.tag }}" - imagePullPolicy: {{ .Values.agents.image.pullPolicy }} - command: ["bash", "-c"] - args: - - cp -r /etc/datadog-agent /opt - volumeMounts: - - name: config - mountPath: /opt/datadog-agent - resources: -{{ toYaml .Values.agents.containers.initContainers.resources | indent 10 }} - - name: init-config - image: "{{ .Values.agents.image.repository }}:{{ .Values.agents.image.tag }}" - imagePullPolicy: {{ .Values.agents.image.pullPolicy }} - command: ["bash", "-c"] - args: - - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done - volumeMounts: - - name: config - mountPath: /etc/datadog-agent - {{- if .Values.datadog.checksd }} - - name: checksd - mountPath: /checks.d - readOnly: true - {{- end }} - resources: -{{ toYaml .Values.agents.containers.initContainers.resources | indent 10 }} - containers: - - name: agent - image: "{{ .Values.clusterChecksRunner.image.repository }}:{{ .Values.clusterChecksRunner.image.tag }}" - command: ["bash", "-c"] - args: - - rm -rf /etc/datadog-agent/conf.d && touch /etc/datadog-agent/datadog.yaml && exec agent run - imagePullPolicy: {{ .Values.clusterChecksRunner.image.pullPolicy }} - env: - - name: DD_API_KEY - valueFrom: - secretKeyRef: - name: {{ template "datadog.apiSecretName" . }} - key: api-key - - name: KUBERNETES - value: "yes" - {{- if .Values.datadog.site }} - - name: DD_SITE - value: {{ .Values.datadog.site | quote }} - {{- end }} - {{- if .Values.datadog.dd_url }} - - name: DD_DD_URL - value: {{ .Values.datadog.dd_url | quote }} - {{- end }} - {{- if .Values.datadog.logLevel }} - - name: DD_LOG_LEVEL - value: {{ .Values.datadog.logLevel | quote }} - {{- end }} - - name: DD_EXTRA_CONFIG_PROVIDERS - value: "clusterchecks" - - name: DD_HEALTH_PORT - value: "5555" - # Cluster checks - - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: {{ template "datadog.fullname" . }}-cluster-agent - - name: DD_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: {{ template "clusterAgent.tokenSecretName" . }} - key: token - - name: DD_CLUSTER_AGENT_ENABLED - value: {{ .Values.clusterAgent.enabled | quote }} - # Safely run alongside the daemonset - - name: DD_ENABLE_METADATA_COLLECTION - value: "false" - # Expose CLC stats - - name: DD_CLC_RUNNER_ENABLED - value: "true" - - name: DD_CLC_RUNNER_HOST - valueFrom: - fieldRef: - fieldPath: status.podIP - # Remove unused features - - name: DD_USE_DOGSTATSD - value: "false" - - name: DD_PROCESS_AGENT_ENABLED - value: "false" - - name: DD_LOGS_ENABLED - value: "false" - - name: DD_APM_ENABLED - value: "false" - - name: DD_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName -{{- if .Values.clusterChecksRunner.env }} -{{ toYaml .Values.clusterChecksRunner.env | indent 10 }} -{{- end }} - resources: -{{ toYaml .Values.clusterChecksRunner.resources | indent 10 }} - volumeMounts: - - name: installinfo - subPath: install_info - {{- if eq .Values.targetSystem "windows" }} - mountPath: C:/ProgramData/Datadog/install_info - {{- else }} - mountPath: /etc/datadog-agent/install_info - {{- end }} - readOnly: true -{{- if .Values.clusterChecksRunner.volumeMounts }} - - name: config - mountPath: {{ template "datadog.confPath" . }} -{{ toYaml .Values.clusterChecksRunner.volumeMounts | indent 10 }} -{{- end }} - livenessProbe: -{{ toYaml .Values.clusterChecksRunner.livenessProbe | indent 10 }} - readinessProbe: -{{ toYaml .Values.clusterChecksRunner.readinessProbe | indent 10 }} - volumes: - - name: installinfo - configMap: - name: {{ template "datadog.fullname" . }}-installinfo -{{- if .Values.clusterChecksRunner.volumes }} -{{ toYaml .Values.clusterChecksRunner.volumes | indent 8 }} -{{- end }} - - name: config - emptyDir: {} -{{- if .Values.datadog.checksd }} - - name: checksd - configMap: - name: {{ template "datadog.fullname" . }}-checksd -{{- end }} - affinity: -{{- if .Values.clusterChecksRunner.affinity }} -{{ toYaml .Values.clusterChecksRunner.affinity | indent 8 }} -{{- else }} - # Ensure we only run one worker per node, to avoid name collisions - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app: {{ template "datadog.fullname" . }}-clusterchecks - topologyKey: kubernetes.io/hostname -{{- end }} - nodeSelector: - {{ template "label.os" . }}: {{ .Values.targetSystem }} - {{- if .Values.clusterChecksRunner.nodeSelector }} -{{ toYaml .Values.clusterChecksRunner.nodeSelector | indent 8 }} - {{- end }} - {{- if .Values.clusterChecksRunner.tolerations }} - tolerations: -{{ toYaml .Values.clusterChecksRunner.tolerations | indent 8 }} - {{- end }} -{{ end }} diff --git a/charts/datadog/datadog/2.4.200+up2.4.2/templates/agent-clusterchecks-pdb.yaml b/charts/datadog/datadog/2.4.200+up2.4.2/templates/agent-clusterchecks-pdb.yaml deleted file mode 100644 index 3acb7a752..000000000 --- a/charts/datadog/datadog/2.4.200+up2.4.2/templates/agent-clusterchecks-pdb.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.clusterChecksRunner.createPodDisruptionBudget -}} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ template "datadog.fullname" . }}-clusterchecks - labels: - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -spec: - maxUnavailable: 1 - selector: - matchLabels: - app: {{ template "datadog.fullname" . }}-clusterchecks -{{- end -}} diff --git a/charts/datadog/datadog/2.4.200+up2.4.2/templates/agent-clusterchecks-rbac.yaml b/charts/datadog/datadog/2.4.200+up2.4.2/templates/agent-clusterchecks-rbac.yaml deleted file mode 100644 index 46ff0f9cf..000000000 --- a/charts/datadog/datadog/2.4.200+up2.4.2/templates/agent-clusterchecks-rbac.yaml +++ /dev/null @@ -1,38 +0,0 @@ -{{- if and .Values.clusterChecksRunner.rbac.create .Values.clusterAgent.enabled .Values.datadog.clusterChecks.enabled .Values.clusterChecksRunner.enabled .Values.clusterChecksRunner.rbac.dedicated -}} -apiVersion: {{ template "rbac.apiVersion" . }} -kind: ClusterRoleBinding -metadata: - labels: - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - name: {{ template "datadog.fullname" . }}-cluster-checks -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "datadog.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ template "datadog.fullname" . }}-cluster-checks - namespace: {{ .Release.Namespace }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app: "{{ template "datadog.fullname" . }}" - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - heritage: {{ .Release.Service | quote }} - release: {{ .Release.Name | quote }} - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - name: {{ template "datadog.fullname" . }}-cluster-checks - {{- if .Values.clusterChecksRunner.rbac.serviceAccountAnnotations }} - annotations: {{ toYaml .Values.clusterChecksRunner.rbac.serviceAccountAnnotations | nindent 4 }} - {{- end }} -{{- end -}} diff --git a/charts/datadog/datadog/2.4.200+up2.4.2/templates/agent-psp.yaml b/charts/datadog/datadog/2.4.200+up2.4.2/templates/agent-psp.yaml deleted file mode 100644 index 719c5a1db..000000000 --- a/charts/datadog/datadog/2.4.200+up2.4.2/templates/agent-psp.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- if .Values.agents.podSecurity.podSecurityPolicy.create}} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "datadog.fullname" . }} - labels: - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - annotations: - seccomp.security.alpha.kubernetes.io/allowedProfileNames: {{ join "," .Values.agents.podSecurity.seccompProfiles | quote }} - apparmor.security.beta.kubernetes.io/allowedProfileNames: {{ join "," .Values.agents.podSecurity.apparmorProfiles | quote }} - seccomp.security.alpha.kubernetes.io/defaultProfileName: "runtime/default" - apparmor.security.beta.kubernetes.io/defaultProfileName: "runtime/default" -spec: - privileged: {{ .Values.agents.podSecurity.privileged }} - hostNetwork: {{ .Values.agents.useHostNetwork }} - hostPID: {{ .Values.datadog.dogstatsd.useHostPID }} - allowedCapabilities: -{{ toYaml .Values.agents.podSecurity.capabilites | indent 4 }} - volumes: -{{ toYaml .Values.agents.podSecurity.volumes | indent 4 }} - fsGroup: - rule: RunAsAny - runAsUser: - rule: RunAsAny - seLinux: -{{ toYaml .Values.agents.podSecurity.securityContext | indent 4 }} - supplementalGroups: - rule: RunAsAny -{{- end }} diff --git a/charts/datadog/datadog/2.4.200+up2.4.2/templates/agent-scc.yaml b/charts/datadog/datadog/2.4.200+up2.4.2/templates/agent-scc.yaml deleted file mode 100644 index 10edb45e1..000000000 --- a/charts/datadog/datadog/2.4.200+up2.4.2/templates/agent-scc.yaml +++ /dev/null @@ -1,56 +0,0 @@ -{{- if .Values.agents.podSecurity.securityContextConstraints.create }} -kind: SecurityContextConstraints -apiVersion: security.openshift.io/v1 -metadata: - name: {{ template "datadog.fullname" . }} - labels: - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -users: -- system:serviceaccount:{{ .Release.Namespace }}:{{ template "datadog.fullname" . }} -priority: 10 -# Allow host ports for dsd / trace intake -+allowHostPorts: {{ or .Values.datadog.dogstatsd.useHostPort .Values.datadog.apm.enabled }} -# Allow host PID for dogstatsd origin detection -allowHostPID: {{ .Values.datadog.dogstatsd.useHostPID }} -# Allow host network for the CRIO check to reach Prometheus through localhost -allowHostNetwork: {{ .Values.agents.useHostNetwork }} -# Allow hostPath for docker / process metrics -volumes: -{{ toYaml .Values.agents.podSecurity.volumes | indent 2 }} -# Use the `spc_t` selinux type to access the -# docker/cri socket + proc and cgroup stats -seLinuxContext: -{{ toYaml .Values.agents.podSecurity.securityContext | indent 2 }} -# system-probe requires some specific seccomp and capabilities -seccompProfiles: -{{ toYaml .Values.agents.podSecurity.seccompProfiles | indent 2 }} -allowedCapabilities: -{{ toYaml .Values.agents.podSecurity.capabilites | indent 2 }} -# -# The rest is copied from restricted SCC -# -allowHostDirVolumePlugin: true -allowHostIPC: false -allowPrivilegedContainer: {{ .Values.agents.podSecurity.privileged }} -allowedFlexVolumes: [] -defaultAddCapabilities: [] -fsGroup: - type: MustRunAs -readOnlyRootFilesystem: false -runAsUser: - type: RunAsAny -supplementalGroups: - type: RunAsAny -# If your environment restricts user access to the Docker socket or journald (for logging) -# create or use an existing group that has access and add the GID to -# the lines below (also remove the previous line, `type: RunAsAny`) -# type: MustRunAs -# ranges: -# - min: -# - max: -requiredDropCapabilities: [] -{{- end }} diff --git a/charts/datadog/datadog/2.4.200+up2.4.2/templates/agent-secret.yaml b/charts/datadog/datadog/2.4.200+up2.4.2/templates/agent-secret.yaml deleted file mode 100644 index 33e13d1bb..000000000 --- a/charts/datadog/datadog/2.4.200+up2.4.2/templates/agent-secret.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if not .Values.clusterAgent.tokenExistingSecret }} -{{- if .Values.clusterAgent.enabled -}} - -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "datadog.fullname" . }}-cluster-agent - labels: - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -type: Opaque -data: - {{ if .Values.clusterAgent.token -}} - token: {{ .Values.clusterAgent.token | b64enc | quote }} - {{ else -}} - token: {{ randAlphaNum 32 | b64enc | quote }} - {{ end }} -{{- end }} - -{{ end }} \ No newline at end of file diff --git a/charts/datadog/datadog/2.4.200+up2.4.2/templates/agent-services.yaml b/charts/datadog/datadog/2.4.200+up2.4.2/templates/agent-services.yaml deleted file mode 100644 index 52954571d..000000000 --- a/charts/datadog/datadog/2.4.200+up2.4.2/templates/agent-services.yaml +++ /dev/null @@ -1,70 +0,0 @@ -{{- if .Values.clusterAgent.enabled -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "datadog.fullname" . }}-cluster-agent - labels: - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -spec: - type: ClusterIP - selector: - app: {{ template "datadog.fullname" . }}-cluster-agent - ports: - - port: 5005 - name: agentport - protocol: TCP -{{ end }} - -{{- if and .Values.clusterAgent.enabled .Values.clusterAgent.metricsProvider.enabled -}} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ template "datadog.fullname" . }}-cluster-agent-metrics-api - labels: - app: "{{ template "datadog.fullname" . }}" - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -spec: - type: {{ .Values.clusterAgent.metricsProvider.service.type }} - selector: - app: {{ template "datadog.fullname" . }}-cluster-agent - ports: - - port: {{ template "clusterAgent.metricsProvider.port" . }} - name: metricsapi - protocol: TCP -{{ end }} - -{{- if and .Values.clusterAgent.enabled .Values.clusterAgent.admissionController.enabled -}} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ template "datadog.fullname" . }}-cluster-agent-admission-controller - labels: - app: "{{ template "datadog.fullname" . }}" - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -spec: - selector: - app: {{ template "datadog.fullname" . }}-cluster-agent - ports: - - port: 443 - targetPort: 8000 -{{ end }} diff --git a/charts/datadog/datadog/2.4.200+up2.4.2/templates/checksd-configmap.yaml b/charts/datadog/datadog/2.4.200+up2.4.2/templates/checksd-configmap.yaml deleted file mode 100644 index 486b5f649..000000000 --- a/charts/datadog/datadog/2.4.200+up2.4.2/templates/checksd-configmap.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.datadog.checksd }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "datadog.fullname" . }}-checksd - labels: - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - annotations: - checksum/checksd-config: {{ tpl (toYaml .Values.datadog.checksd) . | sha256sum }} -data: -{{ tpl (toYaml .Values.datadog.checksd) . | indent 2 }} -{{- end -}} diff --git a/charts/datadog/datadog/2.4.200+up2.4.2/templates/cluster-agent-confd-configmap.yaml b/charts/datadog/datadog/2.4.200+up2.4.2/templates/cluster-agent-confd-configmap.yaml deleted file mode 100644 index b39963055..000000000 --- a/charts/datadog/datadog/2.4.200+up2.4.2/templates/cluster-agent-confd-configmap.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.clusterAgent.confd }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "datadog.fullname" . }}-cluster-agent-confd - labels: - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - annotations: - checksum/confd-config: {{ tpl (toYaml .Values.clusterAgent.confd) . | sha256sum }} -data: -{{ tpl (toYaml .Values.clusterAgent.confd) . | indent 2 }} -{{- end -}} diff --git a/charts/datadog/datadog/2.4.200+up2.4.2/templates/cluster-agent-config-configmap.yaml b/charts/datadog/datadog/2.4.200+up2.4.2/templates/cluster-agent-config-configmap.yaml deleted file mode 100644 index 6bfc98bde..000000000 --- a/charts/datadog/datadog/2.4.200+up2.4.2/templates/cluster-agent-config-configmap.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.clusterAgent.datadog_cluster_yaml }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "datadog.fullname" . }}-cluster-agent-config - labels: - app: "{{ template "datadog.fullname" . }}" - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - annotations: - checksum/clusteragent-config: {{ tpl (toYaml .Values.clusterAgent.datadog_cluster_yaml) . | sha256sum }} -data: - datadog-cluster.yaml: | -{{ tpl (toYaml .Values.clusterAgent.datadog_cluster_yaml) . | indent 4 }} -{{- end }} diff --git a/charts/datadog/datadog/2.4.200+up2.4.2/templates/cluster-agent-deployment.yaml b/charts/datadog/datadog/2.4.200+up2.4.2/templates/cluster-agent-deployment.yaml deleted file mode 100644 index 2f7d0bd56..000000000 --- a/charts/datadog/datadog/2.4.200+up2.4.2/templates/cluster-agent-deployment.yaml +++ /dev/null @@ -1,245 +0,0 @@ -{{- if .Values.clusterAgent.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "datadog.fullname" . }}-cluster-agent - labels: - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -spec: - replicas: {{ .Values.clusterAgent.replicas }} - strategy: -{{- if .Values.clusterAgent.strategy }} -{{ toYaml .Values.clusterAgent.strategy | indent 4 }} -{{- else }} - type: RollingUpdate - rollingUpdate: - maxSurge: 1 - maxUnavailable: 0 -{{- end }} - selector: - matchLabels: - app: {{ template "datadog.fullname" . }}-cluster-agent - {{- if .Values.clusterAgent.podLabels }} -{{ toYaml .Values.clusterAgent.podLabels | indent 6 }} - {{- end }} - template: - metadata: - labels: - app: {{ template "datadog.fullname" . }}-cluster-agent - {{- if .Values.clusterAgent.podLabels }} -{{ toYaml .Values.clusterAgent.podLabels | indent 8 }} - {{- end }} - name: {{ template "datadog.fullname" . }}-cluster-agent - annotations: - checksum/install_info: {{ printf "%s-%s" .Chart.Name .Chart.Version | sha256sum }} - {{- if .Values.clusterAgent.datadog_cluster_yaml }} - checksum/clusteragent-config: {{ tpl (toYaml .Values.clusterAgent.datadog_cluster_yaml) . | sha256sum }} - {{- end }} - {{- if .Values.clusterAgent.confd }} - checksum/confd-config: {{ tpl (toYaml .Values.clusterAgent.confd) . | sha256sum }} - {{- end }} - ad.datadoghq.com/cluster-agent.check_names: '["prometheus"]' - ad.datadoghq.com/cluster-agent.init_configs: '[{}]' - ad.datadoghq.com/cluster-agent.instances: | - [{ - "prometheus_url": "http://%%host%%:5000/metrics", - "namespace": "datadog.cluster_agent", - "metrics": [ - "go_goroutines", "go_memstats_*", "process_*", - "api_requests", - "datadog_requests", "external_metrics", "rate_limit_queries_*", - "cluster_checks_*" - ] - }] - {{- if .Values.clusterAgent.podAnnotations }} -{{ toYaml .Values.clusterAgent.podAnnotations | indent 8 }} - {{- end }} - - spec: - {{- if .Values.clusterAgent.priorityClassName }} - priorityClassName: "{{ .Values.clusterAgent.priorityClassName }}" - {{- end }} - {{- if .Values.clusterAgent.image.pullSecrets }} - imagePullSecrets: -{{ toYaml .Values.clusterAgent.image.pullSecrets | indent 8 }} - {{- end }} - serviceAccountName: {{ if .Values.clusterAgent.rbac.create }}{{ template "datadog.fullname" . }}-cluster-agent{{ else }}"{{ .Values.clusterAgent.rbac.serviceAccountName }}"{{ end }} - {{- if .Values.clusterAgent.useHostNetwork }} - hostNetwork: {{ .Values.clusterAgent.useHostNetwork }} - dnsPolicy: ClusterFirstWithHostNet - {{- end }} - {{- if .Values.clusterAgent.dnsConfig }} - dnsConfig: -{{ toYaml .Values.clusterAgent.dnsConfig | indent 8 }} - {{- end }} - containers: - - name: cluster-agent - image: "{{ .Values.clusterAgent.image.repository }}:{{ .Values.clusterAgent.image.tag }}" - {{- with .Values.clusterAgent.command }} - command: {{ range . }} - - {{ . | quote }} - {{- end }} - {{- end }} - imagePullPolicy: {{ .Values.clusterAgent.image.pullPolicy }} - resources: -{{ toYaml .Values.clusterAgent.resources | indent 10 }} - ports: - - containerPort: 5005 - name: agentport - protocol: TCP - {{- if .Values.clusterAgent.metricsProvider.enabled }} - - containerPort: {{ template "clusterAgent.metricsProvider.port" . }} - name: metricsapi - protocol: TCP - {{- end }} - env: - - name: DD_HEALTH_PORT - value: {{ .Values.clusterAgent.healthPort | quote }} - - name: DD_API_KEY - valueFrom: - secretKeyRef: - name: {{ template "datadog.apiSecretName" . }} - key: api-key - optional: true - {{- if .Values.clusterAgent.metricsProvider.enabled }} - - name: DD_APP_KEY - valueFrom: - secretKeyRef: - name: {{ template "datadog.appKeySecretName" . }} - key: app-key - - name: DD_EXTERNAL_METRICS_PROVIDER_ENABLED - value: {{ .Values.clusterAgent.metricsProvider.enabled | quote }} - - name: DD_EXTERNAL_METRICS_PROVIDER_PORT - value: {{ include "clusterAgent.metricsProvider.port" . | quote }} - - name: DD_EXTERNAL_METRICS_PROVIDER_WPA_CONTROLLER - value: {{ .Values.clusterAgent.metricsProvider.wpaController | quote }} - - name: DD_EXTERNAL_METRICS_PROVIDER_USE_DATADOGMETRIC_CRD - value: {{ .Values.clusterAgent.metricsProvider.useDatadogMetrics | quote }} - {{- end }} - {{- if .Values.clusterAgent.admissionController.enabled }} - - name: DD_ADMISSION_CONTROLLER_ENABLED - value: {{ .Values.clusterAgent.admissionController.enabled | quote }} - - name: DD_ADMISSION_CONTROLLER_MUTATE_UNLABELLED - value: {{ .Values.clusterAgent.admissionController.mutateUnlabelled | quote }} - - name: DD_ADMISSION_CONTROLLER_SERVICE_NAME - value: {{ template "datadog.fullname" . }}-cluster-agent-admission-controller - {{- end }} - {{- if .Values.datadog.clusterChecks.enabled }} - - name: DD_CLUSTER_CHECKS_ENABLED - value: {{ .Values.datadog.clusterChecks.enabled | quote }} - - name: DD_EXTRA_CONFIG_PROVIDERS - value: "kube_endpoints kube_services" - - name: DD_EXTRA_LISTENERS - value: "kube_endpoints kube_services" - {{- end }} - {{- if .Values.datadog.clusterName }} - {{- if not (regexMatch "^([a-z]([a-z0-9\\-]{0,38}[a-z0-9])?\\.)*([a-z]([a-z0-9\\-]{0,38}[a-z0-9])?)$" .Values.datadog.clusterName) }} - {{- fail "Your `clusterName` isn’t valid. It must be dot-separated tokens where a token start with a lowercase letter followed by up to 39 lowercase letters, numbers, or hyphens and cannot end with a hyphen."}} - {{- end}} - - name: DD_CLUSTER_NAME - value: {{ .Values.datadog.clusterName | quote }} - {{- end }} - {{- if .Values.datadog.site }} - - name: DD_SITE - value: {{ .Values.datadog.site | quote }} - {{- end }} - {{- if .Values.datadog.dd_url }} - - name: DD_DD_URL - value: {{ .Values.datadog.dd_url | quote }} - {{- end }} - {{- if .Values.datadog.logLevel }} - - name: DD_LOG_LEVEL - value: {{ .Values.datadog.logLevel | quote }} - {{- end }} - - name: DD_LEADER_ELECTION - value: {{ default "true" .Values.datadog.leaderElection | quote}} - {{- if .Values.datadog.leaderLeaseDuration }} - - name: DD_LEADER_LEASE_DURATION - value: {{ .Values.datadog.leaderLeaseDuration | quote }} - {{- else if .Values.datadog.clusterChecks.enabled }} - - name: DD_LEADER_LEASE_DURATION - value: "15" - {{- end }} - {{- if .Values.datadog.collectEvents }} - - name: DD_COLLECT_KUBERNETES_EVENTS - value: {{ .Values.datadog.collectEvents | quote}} - {{- end }} - - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: {{ template "datadog.fullname" . }}-cluster-agent - - name: DD_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: {{ template "clusterAgent.tokenSecretName" . }} - key: token - - name: DD_KUBE_RESOURCES_NAMESPACE - value: {{ .Release.Namespace }} - {{- if .Values.datadog.orchestratorExplorer.enabled }} - - name: DD_ORCHESTRATOR_EXPLORER_ENABLED - value: "true" - {{- end }} -{{- if .Values.clusterAgent.env }} -{{ toYaml .Values.clusterAgent.env | indent 10 }} -{{- end }} - livenessProbe: -{{ toYaml .Values.clusterAgent.livenessProbe | indent 10 }} - readinessProbe: -{{ toYaml .Values.clusterAgent.readinessProbe | indent 10 }} - volumeMounts: - - name: installinfo - subPath: install_info - {{- if eq .Values.targetSystem "windows" }} - mountPath: C:/ProgramData/Datadog/install_info - {{- else }} - mountPath: /etc/datadog-agent/install_info - {{- end }} - readOnly: true -{{- if .Values.clusterAgent.volumeMounts }} -{{ toYaml .Values.clusterAgent.volumeMounts | indent 10 }} -{{- end }} -{{- if .Values.clusterAgent.confd }} - - name: confd - mountPath: /conf.d - readOnly: true -{{- end }} -{{- if .Values.clusterAgent.datadog_cluster_yaml }} - - name: cluster-agent-yaml - mountPath: /etc/datadog-agent/datadog-cluster.yaml - subPath: datadog-cluster.yaml - readOnly: true -{{- end}} - volumes: - - name: installinfo - configMap: - name: {{ template "datadog.fullname" . }}-installinfo -{{- if .Values.clusterAgent.confd }} - - name: confd - configMap: - name: {{ template "datadog.fullname" . }}-cluster-agent-confd -{{- end }} -{{- if .Values.clusterAgent.datadog_cluster_yaml }} - - name: cluster-agent-yaml - configMap: - name: {{ template "datadog.fullname" . }}-cluster-agent-config -{{- end}} - -{{- if .Values.clusterAgent.volumes }} -{{ toYaml .Values.clusterAgent.volumes | indent 8 }} -{{- end }} - {{- if .Values.clusterAgent.tolerations }} - tolerations: -{{ toYaml .Values.clusterAgent.tolerations | indent 8 }} - {{- end }} - {{- if .Values.clusterAgent.affinity }} - affinity: -{{ toYaml .Values.clusterAgent.affinity | indent 8 }} - {{- end }} - nodeSelector: - {{ template "label.os" . }}: {{ .Values.targetSystem }} - {{- if .Values.clusterAgent.nodeSelector }} -{{ toYaml .Values.clusterAgent.nodeSelector | indent 8 }} - {{- end }} -{{ end }} diff --git a/charts/datadog/datadog/2.4.200+up2.4.2/templates/cluster-agent-pdb.yaml b/charts/datadog/datadog/2.4.200+up2.4.2/templates/cluster-agent-pdb.yaml deleted file mode 100644 index 3d341f0de..000000000 --- a/charts/datadog/datadog/2.4.200+up2.4.2/templates/cluster-agent-pdb.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.clusterAgent.createPodDisruptionBudget -}} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ template "datadog.fullname" . }}-cluster-agent - labels: - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -spec: - minAvailable: 1 - selector: - matchLabels: - app: {{ template "datadog.fullname" . }}-cluster-agent -{{- end -}} diff --git a/charts/datadog/datadog/2.4.200+up2.4.2/templates/cluster-agent-rbac.yaml b/charts/datadog/datadog/2.4.200+up2.4.2/templates/cluster-agent-rbac.yaml deleted file mode 100644 index 5b722750d..000000000 --- a/charts/datadog/datadog/2.4.200+up2.4.2/templates/cluster-agent-rbac.yaml +++ /dev/null @@ -1,225 +0,0 @@ -{{- if and .Values.clusterAgent.enabled .Values.clusterAgent.rbac.create -}} -apiVersion: {{ template "rbac.apiVersion" . }} -kind: ClusterRole -metadata: - labels: - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - name: {{ template "datadog.fullname" . }}-cluster-agent -rules: -- apiGroups: - - "" - resources: - - services - - endpoints - - pods - - nodes - - componentstatuses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - get - - list - - watch - - create -- apiGroups: ["quota.openshift.io"] - resources: - - clusterresourcequotas - verbs: - - get - - list -- apiGroups: - - "autoscaling" - resources: - - horizontalpodautoscalers - verbs: - - list - - watch -{{- if .Values.datadog.collectEvents }} -- apiGroups: - - "" - resources: - - configmaps - resourceNames: - - datadogtoken # Kubernetes event collection state - verbs: - - get - - update -{{- end }} -- apiGroups: - - "" - resources: - - configmaps - resourceNames: - - datadog-leader-election # Leader election token -{{- if .Values.clusterAgent.metricsProvider.enabled }} - - datadog-custom-metrics - - extension-apiserver-authentication -{{- end }} - verbs: - - get - - update -- apiGroups: # To create the leader election token and hpa events - - "" - resources: - - configmaps - - events - verbs: - - create -- nonResourceURLs: - - "/version" - - "/healthz" - verbs: - - get -{{- if and .Values.clusterAgent.metricsProvider.enabled .Values.clusterAgent.metricsProvider.wpaController }} -- apiGroups: - - "datadoghq.com" - resources: - - "watermarkpodautoscalers" - verbs: - - "list" - - "get" - - "watch" -{{- end }} -{{- if .Values.datadog.orchestratorExplorer.enabled }} -- apiGroups: # to get the kube-system namespace UID and generate a cluster ID - - "" - resources: - - namespaces - resourceNames: - - "kube-system" - verbs: - - get -- apiGroups: # To create the cluster-id configmap - - "" - resources: - - configmaps - resourceNames: - - "datadog-cluster-id" - verbs: - - create - - get - - update -{{- end }} -{{- if and .Values.clusterAgent.metricsProvider.enabled .Values.clusterAgent.metricsProvider.useDatadogMetrics }} -- apiGroups: - - "datadoghq.com" - resources: - - "datadogmetrics" - verbs: - - "list" - - "create" - - "delete" - - "watch" -- apiGroups: - - "datadoghq.com" - resources: - - "datadogmetrics/status" - verbs: - - "update" -{{- end }} -{{- if .Values.clusterAgent.admissionController.enabled }} -- apiGroups: - - admissionregistration.k8s.io - resources: - - mutatingwebhookconfigurations - verbs: ["get", "list", "watch", "update", "create"] -- apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list", "watch", "update", "create"] -- apiGroups: ["batch"] - resources: ["jobs", "cronjobs"] - verbs: ["get"] -- apiGroups: ["apps"] - resources: ["statefulsets", "replicasets", "deployments"] - verbs: ["get"] -{{- end }} ---- -apiVersion: {{ template "rbac.apiVersion" . }} -kind: ClusterRoleBinding -metadata: - labels: - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - name: {{ template "datadog.fullname" . }}-cluster-agent -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "datadog.fullname" . }}-cluster-agent -subjects: - - kind: ServiceAccount - name: {{ template "datadog.fullname" . }}-cluster-agent - namespace: {{ .Release.Namespace }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app: "{{ template "datadog.fullname" . }}" - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - heritage: {{ .Release.Service | quote }} - release: {{ .Release.Name | quote }} - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - name: {{ template "datadog.fullname" . }}-cluster-agent -{{- end }} - -{{- if and .Values.clusterAgent.enabled .Values.clusterAgent.rbac.create .Values.clusterAgent.metricsProvider.enabled }} ---- -apiVersion: {{ template "rbac.apiVersion" . }} -kind: ClusterRoleBinding -metadata: - labels: - app: "{{ template "datadog.fullname" . }}" - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - name: {{ template "datadog.fullname" . }}-cluster-agent:system:auth-delegator -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:auth-delegator -subjects: - - kind: ServiceAccount - name: {{ template "datadog.fullname" . }}-cluster-agent - namespace: {{ .Release.Namespace }} ---- -apiVersion: {{ template "rbac.apiVersion" . }} -kind: RoleBinding -metadata: - labels: - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - name: "{{ template "datadog.fullname" . }}-cluster-agent" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: extension-apiserver-authentication-reader -subjects: - - kind: ServiceAccount - name: {{ template "datadog.fullname" . }}-cluster-agent - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/charts/datadog/datadog/2.4.200+up2.4.2/templates/confd-configmap.yaml b/charts/datadog/datadog/2.4.200+up2.4.2/templates/confd-configmap.yaml deleted file mode 100644 index 44d64966c..000000000 --- a/charts/datadog/datadog/2.4.200+up2.4.2/templates/confd-configmap.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if (or (.Values.datadog.confd) (.Values.datadog.autoconf)) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "datadog.fullname" . }}-confd - labels: - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - annotations: - checksum/confd-config: {{ tpl (toYaml .Values.datadog.confd) . | sha256sum }} - checksum/autoconf-config: {{ tpl (toYaml .Values.datadog.autoconf) . | sha256sum }} -data: -{{/* -Merge the legacy autoconf dict before so confd static configurations -override duplicates -*/}} -{{- if .Values.datadog.autoconf }} -{{ tpl (toYaml .Values.datadog.autoconf) . | indent 2 }} -{{- end }} -{{- if .Values.datadog.confd }} -{{ tpl (toYaml .Values.datadog.confd) . | indent 2 }} -{{- end }} -{{- end -}} diff --git a/charts/datadog/datadog/2.4.200+up2.4.2/templates/container-agent.yaml b/charts/datadog/datadog/2.4.200+up2.4.2/templates/container-agent.yaml deleted file mode 100644 index 99ac7e2a2..000000000 --- a/charts/datadog/datadog/2.4.200+up2.4.2/templates/container-agent.yaml +++ /dev/null @@ -1,161 +0,0 @@ -{{- define "container-agent" -}} -- name: agent - image: "{{ .Values.agents.image.repository }}:{{ .Values.agents.image.tag }}" - imagePullPolicy: {{ .Values.agents.image.pullPolicy }} - command: ["agent", "run"] - resources: -{{ toYaml .Values.agents.containers.agent.resources | indent 4 }} - ports: - - containerPort: {{ .Values.datadog.dogstatsd.port }} - {{- if .Values.datadog.dogstatsd.useHostPort }} - hostPort: {{ .Values.datadog.dogstatsd.port }} - {{- end }} - name: dogstatsdport - protocol: UDP - env: - {{- include "containers-common-env" . | nindent 4 }} - {{- if .Values.datadog.logLevel }} - - name: DD_LOG_LEVEL - value: {{ .Values.agents.containers.agent.logLevel | default .Values.datadog.logLevel | quote }} - {{- end }} - {{- if .Values.datadog.dogstatsd.port }} - - name: DD_DOGSTATSD_PORT - value: {{ .Values.datadog.dogstatsd.port | quote }} - {{- end }} - {{- if .Values.datadog.dogstatsd.nonLocalTraffic }} - - name: DD_DOGSTATSD_NON_LOCAL_TRAFFIC - value: {{ .Values.datadog.dogstatsd.nonLocalTraffic | quote }} - {{- end }} - {{- if .Values.datadog.dogstatsd.originDetection }} - - name: DD_DOGSTATSD_ORIGIN_DETECTION - value: {{ .Values.datadog.dogstatsd.originDetection | quote }} - {{- end }} - {{- if not .Values.clusterAgent.enabled }} - {{- if .Values.datadog.leaderElection }} - - name: DD_LEADER_ELECTION - value: {{ .Values.datadog.leaderElection | quote}} - {{- end }} - {{- if .Values.datadog.leaderLeaseDuration }} - - name: DD_LEADER_LEASE_DURATION - value: {{ .Values.datadog.leaderLeaseDuration | quote }} - {{- end }} - {{- if .Values.datadog.collectEvents }} - - name: DD_COLLECT_KUBERNETES_EVENTS - value: {{.Values.datadog.collectEvents | quote}} - {{- end }} - {{- else }} - - name: DD_CLUSTER_AGENT_ENABLED - value: {{ .Values.clusterAgent.enabled | quote }} - - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: {{ template "datadog.fullname" . }}-cluster-agent - - name: DD_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: {{ template "clusterAgent.tokenSecretName" . }} - key: token - {{- end }} - - name: DD_APM_ENABLED - value: "false" - - name: DD_LOGS_ENABLED - value: {{ (default false (or .Values.datadog.logs.enabled .Values.datadog.logsEnabled)) | quote}} - - name: DD_LOGS_CONFIG_CONTAINER_COLLECT_ALL - value: {{ (default false (or .Values.datadog.logs.containerCollectAll .Values.datadog.logsConfigContainerCollectAll)) | quote}} - - name: DD_LOGS_CONFIG_K8S_CONTAINER_USE_FILE - value: {{ .Values.datadog.logs.containerCollectUsingFiles | quote }} - {{- if not .Values.datadog.livenessProbe }} - - name: DD_HEALTH_PORT - value: "5555" - {{- end }} - {{- if .Values.datadog.dogstatsd.useSocketVolume }} - - name: DD_DOGSTATSD_SOCKET - value: {{ .Values.datadog.dogstatsd.socketPath | quote }} - {{- end }} - {{- if .Values.datadog.clusterChecks.enabled }} - {{- if .Values.clusterChecksRunner.enabled }} - - name: DD_EXTRA_CONFIG_PROVIDERS - value: "endpointschecks" - {{ else }} - - name: DD_EXTRA_CONFIG_PROVIDERS - value: "clusterchecks endpointschecks" - {{- end }} - {{- end }} -{{- if .Values.agents.containers.agent.env }} -{{ toYaml .Values.agents.containers.agent.env | indent 4 }} -{{- end }} - volumeMounts: - - name: installinfo - subPath: install_info - {{- if eq .Values.targetSystem "windows" }} - mountPath: C:/ProgramData/Datadog/install_info - {{- else }} - mountPath: /etc/datadog-agent/install_info - {{- end }} - readOnly: true - - name: config - mountPath: {{ template "datadog.confPath" . }} - {{- if eq .Values.targetSystem "linux" }} - - name: runtimesocketdir - mountPath: {{ print "/host/" (dir (include "datadog.dockerOrCriSocketPath" .)) | clean }} - readOnly: true - {{- end }} - {{- if eq .Values.targetSystem "windows" }} - - name: runtimesocket - mountPath: {{ template "datadog.dockerOrCriSocketPath" . }} - {{- end }} - {{- if .Values.agents.useConfigMap }} - - name: {{ template "datadog.fullname" . }}-datadog-yaml - mountPath: {{ template "datadog.confPath" . }}/datadog.yaml - subPath: datadog.yaml - {{- end }} - {{- if eq .Values.targetSystem "linux" }} - {{- if .Values.datadog.dogstatsd.useSocketVolume }} - - name: dsdsocket - mountPath: {{ (dir .Values.datadog.dogstatsd.socketPath) }} - {{- end }} - {{- if .Values.datadog.systemProbe.enabled }} - - name: sysprobe-socket-dir - mountPath: /var/run/sysprobe - readOnly: true - - name: sysprobe-config - mountPath: /etc/datadog-agent/system-probe.yaml - subPath: system-probe.yaml - {{- end }} - - name: procdir - mountPath: /host/proc - readOnly: true - - name: cgroups - mountPath: /host/sys/fs/cgroup - readOnly: true - {{- if or .Values.datadog.logs.enabled .Values.datadog.logsEnabled }} - - name: pointerdir - mountPath: /opt/datadog-agent/run - - name: logpodpath - mountPath: /var/log/pods - readOnly: true - {{- if not .Values.datadog.criSocketPath }} - - name: logdockercontainerpath - mountPath: /var/lib/docker/containers - readOnly: true - {{- end }} - {{- end }} - {{- end }} - {{- if eq .Values.targetSystem "windows" }} - {{- if or .Values.datadog.logs.enabled .Values.datadog.logsEnabled }} - - name: pointerdir - mountPath: C:/var/log - - name: logpodpath - mountPath: C:/var/log/pods - readOnly: true - - name: logdockercontainerpath - mountPath: C:/ProgramData/docker/containers - readOnly: true - {{- end }} - {{- end }} -{{- if .Values.agents.volumeMounts }} -{{ toYaml .Values.agents.volumeMounts | indent 4 }} -{{- end }} - livenessProbe: -{{ toYaml .Values.agents.containers.agent.livenessProbe | indent 4 }} - readinessProbe: -{{ toYaml .Values.agents.containers.agent.readinessProbe | indent 4 }} -{{- end -}} diff --git a/charts/datadog/datadog/2.4.200+up2.4.2/templates/container-process-agent.yaml b/charts/datadog/datadog/2.4.200+up2.4.2/templates/container-process-agent.yaml deleted file mode 100644 index d0c60c54f..000000000 --- a/charts/datadog/datadog/2.4.200+up2.4.2/templates/container-process-agent.yaml +++ /dev/null @@ -1,72 +0,0 @@ -{{- define "container-process-agent" -}} -- name: process-agent - image: "{{ .Values.agents.image.repository }}:{{ .Values.agents.image.tag }}" - imagePullPolicy: {{ .Values.agents.image.pullPolicy }} - {{- if eq .Values.targetSystem "linux" }} - command: ["process-agent", "-config={{ template "datadog.confPath" . }}/datadog.yaml"] - {{- end }} - {{- if eq .Values.targetSystem "windows" }} - command: ["process-agent", "-foreground", "-config={{ template "datadog.confPath" . }}/datadog.yaml"] - {{- end }} - resources: -{{ toYaml .Values.agents.containers.processAgent.resources | indent 4 }} - env: - {{- include "containers-common-env" . | nindent 4 }} - {{- if .Values.datadog.processAgent.processCollection }} - - name: DD_PROCESS_AGENT_ENABLED - value: "true" - {{- end }} - - name: DD_LOG_LEVEL - value: {{ .Values.agents.containers.processAgent.logLevel | default .Values.datadog.logLevel | quote }} - {{- if .Values.datadog.systemProbe.enabled }} - - name: DD_SYSTEM_PROBE_ENABLED - value: {{ .Values.datadog.systemProbe.enabled | quote }} - {{- end }} - {{- if .Values.datadog.orchestratorExplorer.enabled }} - - name: DD_ORCHESTRATOR_EXPLORER_ENABLED - value: "true" - - name: DD_ORCHESTRATOR_CLUSTER_ID - valueFrom: - configMapKeyRef: - name: datadog-cluster-id - key: id - {{- end }} -{{- if .Values.agents.containers.processAgent.env }} -{{ toYaml .Values.agents.containers.processAgent.env | indent 4 }} -{{- end }} - volumeMounts: - - name: config - mountPath: {{ template "datadog.confPath" . }} - {{- if eq .Values.targetSystem "linux" }} - - name: runtimesocketdir - mountPath: {{ print "/host/" (dir (include "datadog.dockerOrCriSocketPath" .)) | clean }} - readOnly: true - {{- end }} - {{- if eq .Values.targetSystem "windows" }} - - name: runtimesocket - mountPath: {{ template "datadog.dockerOrCriSocketPath" . }} - {{- end }} - {{- if .Values.agents.useConfigMap }} - - name: {{ template "datadog.fullname" . }}-datadog-yaml - mountPath: {{ template "datadog.confPath" . }}/datadog.yaml - subPath: datadog.yaml - {{- end }} - {{- if eq .Values.targetSystem "linux" }} - - name: cgroups - mountPath: /host/sys/fs/cgroup - readOnly: true - - name: passwd - mountPath: /etc/passwd - - name: procdir - mountPath: /host/proc - readOnly: true - {{- if .Values.datadog.systemProbe.enabled }} - - name: sysprobe-socket-dir - mountPath: /var/run/sysprobe - readOnly: true - - name: sysprobe-config - mountPath: /etc/datadog-agent/system-probe.yaml - subPath: system-probe.yaml - {{- end }} - {{- end }} -{{- end -}} diff --git a/charts/datadog/datadog/2.4.200+up2.4.2/templates/container-system-probe.yaml b/charts/datadog/datadog/2.4.200+up2.4.2/templates/container-system-probe.yaml deleted file mode 100644 index e56b3f6b6..000000000 --- a/charts/datadog/datadog/2.4.200+up2.4.2/templates/container-system-probe.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- define "container-system-probe" -}} -- name: system-probe - image: "{{ .Values.agents.image.repository }}:{{ .Values.agents.image.tag }}" - imagePullPolicy: {{ .Values.agents.image.pullPolicy }} - securityContext: - capabilities: - add: ["SYS_ADMIN", "SYS_RESOURCE", "SYS_PTRACE", "NET_ADMIN", "IPC_LOCK"] - command: ["/opt/datadog-agent/embedded/bin/system-probe", "--config=/etc/datadog-agent/system-probe.yaml"] - env: - - name: DD_LOG_LEVEL - value: {{ .Values.agents.containers.systemProbe.logLevel | default .Values.datadog.logLevel | quote }} -{{- if .Values.agents.containers.systemProbe.env }} -{{ toYaml .Values.agents.containers.systemProbe.env | indent 4 }} -{{- end }} - resources: -{{ toYaml .Values.agents.containers.systemProbe.resources | indent 4 }} - volumeMounts: - - name: debugfs - mountPath: /sys/kernel/debug - - name: sysprobe-config - mountPath: /etc/datadog-agent - - name: sysprobe-socket-dir - mountPath: /var/run/sysprobe - - name: procdir - mountPath: /host/proc - readOnly: true - - name: modules - mountPath: /lib/modules - readOnly: true - - name: src - mountPath: /usr/src - readOnly: true -{{- end -}} diff --git a/charts/datadog/datadog/2.4.200+up2.4.2/templates/container-trace-agent.yaml b/charts/datadog/datadog/2.4.200+up2.4.2/templates/container-trace-agent.yaml deleted file mode 100644 index ff64c5113..000000000 --- a/charts/datadog/datadog/2.4.200+up2.4.2/templates/container-trace-agent.yaml +++ /dev/null @@ -1,58 +0,0 @@ -{{- define "container-trace-agent" -}} -- name: trace-agent - image: "{{ .Values.agents.image.repository }}:{{ .Values.agents.image.tag }}" - imagePullPolicy: {{ .Values.agents.image.pullPolicy }} - {{- if eq .Values.targetSystem "linux" }} - command: ["trace-agent", "-config={{ template "datadog.confPath" . }}/datadog.yaml"] - {{- end }} - {{- if eq .Values.targetSystem "windows" }} - command: ["trace-agent", "-foreground", "-config={{ template "datadog.confPath" . }}/datadog.yaml"] - {{- end }} - resources: -{{ toYaml .Values.agents.containers.traceAgent.resources | indent 4 }} - ports: - - containerPort: {{ .Values.datadog.apm.port }} - hostPort: {{ .Values.datadog.apm.port }} - name: traceport - protocol: TCP - env: - {{- include "containers-common-env" . | nindent 4 }} - - name: DD_LOG_LEVEL - value: {{ .Values.agents.containers.traceAgent.logLevel | default .Values.datadog.logLevel | quote }} - - name: DD_APM_ENABLED - value: "true" - - name: DD_APM_NON_LOCAL_TRAFFIC - value: "true" - - name: DD_APM_RECEIVER_PORT - value: {{ .Values.datadog.apm.port | quote }} - {{- if .Values.datadog.apm.useSocketVolume }} - - name: DD_APM_RECEIVER_SOCKET - value: {{ .Values.datadog.apm.socketPath | quote }} - {{- end }} -{{- if .Values.agents.containers.traceAgent.env }} -{{ toYaml .Values.agents.containers.traceAgent.env | indent 4 }} -{{- end }} - volumeMounts: - - name: config - mountPath: {{ template "datadog.confPath" . }} - {{- if .Values.agents.useConfigMap }} - - name: {{ template "datadog.fullname" . }}-datadog-yaml - mountPath: {{ template "datadog.confPath" . }}/datadog.yaml - subPath: datadog.yaml - {{- end }} - {{- if eq .Values.targetSystem "linux" }} - - name: runtimesocketdir - mountPath: {{ print "/host/" (dir (include "datadog.dockerOrCriSocketPath" .)) | clean }} - readOnly: true - {{- end }} - {{- if eq .Values.targetSystem "windows" }} - - name: runtimesocket - mountPath: {{ template "datadog.dockerOrCriSocketPath" . }} - {{- end }} - {{- if .Values.datadog.apm.useSocketVolume }} - - name: apmsocket - mountPath: {{ (dir .Values.datadog.apm.socketPath) }} - {{- end }} - livenessProbe: -{{ toYaml .Values.agents.containers.traceAgent.livenessProbe | indent 4 }} -{{- end -}} diff --git a/charts/datadog/datadog/2.4.200+up2.4.2/templates/containers-common-env.yaml b/charts/datadog/datadog/2.4.200+up2.4.2/templates/containers-common-env.yaml deleted file mode 100644 index d8dd0fba6..000000000 --- a/charts/datadog/datadog/2.4.200+up2.4.2/templates/containers-common-env.yaml +++ /dev/null @@ -1,95 +0,0 @@ -# The purpose of this template is to define a minimal set of environment -# variables required to operate dedicated containers in the daemonset -{{- define "containers-common-env" -}} -- name: DD_API_KEY - valueFrom: - secretKeyRef: - name: {{ template "datadog.apiSecretName" . }} - key: api-key -{{- if semverCompare "^1.7-0" .Capabilities.KubeVersion.GitVersion }} -- name: DD_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP -{{- end }} -{{- if .Values.datadog.clusterName }} -{{- if not (regexMatch "^([a-z]([a-z0-9\\-]{0,38}[a-z0-9])?\\.)*([a-z]([a-z0-9\\-]{0,38}[a-z0-9])?)$" .Values.datadog.clusterName) }} -{{- fail "Your `clusterName` isn’t valid. It must be dot-separated tokens where a token start with a lowercase letter followed by up to 39 lowercase letters, numbers, or hyphens and cannot end with a hyphen."}} -{{- end}} -- name: DD_CLUSTER_NAME - value: {{ .Values.datadog.clusterName | quote }} -{{- end }} -{{- if .Values.datadog.tags }} -- name: DD_TAGS - value: {{ .Values.datadog.tags | join " " | quote }} -{{- end }} -{{- if .Values.datadog.nodeLabelsAsTags }} -- name: DD_KUBERNETES_NODE_LABELS_AS_TAGS - value: '{{ toJson .Values.datadog.nodeLabelsAsTags }}' -{{- end }} -{{- if .Values.datadog.podLabelsAsTags }} -- name: DD_KUBERNETES_POD_LABELS_AS_TAGS - value: '{{ toJson .Values.datadog.podLabelsAsTags }}' -{{- end }} -{{- if .Values.datadog.podAnnotationsAsTags }} -- name: DD_KUBERNETES_POD_ANNOTATIONS_AS_TAGS - value: '{{ toJson .Values.datadog.podAnnotationsAsTags }}' -{{- end }} -- name: KUBERNETES - value: "yes" -{{- if .Values.datadog.site }} -- name: DD_SITE - value: {{ .Values.datadog.site | quote }} -{{- end }} -{{- if .Values.datadog.dd_url }} -- name: DD_DD_URL - value: {{ .Values.datadog.dd_url | quote }} -{{- end }} -{{- if .Values.datadog.env }} -{{ toYaml .Values.datadog.env }} -{{- end }} -{{- if .Values.datadog.acInclude }} -- name: DD_AC_INCLUDE - value: {{ .Values.datadog.acInclude | quote }} -{{- end }} -{{- if .Values.datadog.acExclude }} -- name: DD_AC_EXCLUDE - value: {{ .Values.datadog.acExclude | quote }} -{{- end }} -{{- if .Values.datadog.containerInclude }} -- name: DD_CONTAINER_INCLUDE - value: {{ .Values.datadog.containerInclude | quote }} -{{- end }} -{{- if .Values.datadog.containerExclude }} -- name: DD_CONTAINER_EXCLUDE - value: {{ .Values.datadog.containerExclude | quote }} -{{- end }} -{{- if .Values.datadog.containerIncludeMetrics }} -- name: DD_CONTAINER_INCLUDE_METRICS - value: {{ .Values.datadog.containerIncludeMetrics | quote }} -{{- end }} -{{- if .Values.datadog.containerExcludeMetrics }} -- name: DD_CONTAINER_EXCLUDE_METRICS - value: {{ .Values.datadog.containerExcludeMetrics | quote }} -{{- end }} -{{- if .Values.datadog.containerIncludeLogs }} -- name: DD_CONTAINER_INCLUDE_LOGS - value: {{ .Values.datadog.containerIncludeLogs | quote }} -{{- end }} -{{- if .Values.datadog.containerExcludeLogs }} -- name: DD_CONTAINER_EXCLUDE_LOGS - value: {{ .Values.datadog.containerExcludeLogs | quote }} -{{- end }} -{{- if .Values.datadog.criSocketPath }} -- name: DD_CRI_SOCKET_PATH - value: {{ print "/host/" .Values.datadog.criSocketPath | clean }} -{{- else }} -- name: DOCKER_HOST -{{- if eq .Values.targetSystem "linux" }} - value: unix://{{ print "/host/" (include "datadog.dockerOrCriSocketPath" .) | clean }} -{{- end }} -{{- if eq .Values.targetSystem "windows" }} - value: npipe://{{ (include "datadog.dockerOrCriSocketPath" .) | replace "\\" "/" }} -{{- end }} -{{- end }} -{{- end -}} diff --git a/charts/datadog/datadog/2.4.200+up2.4.2/templates/containers-init-linux.yaml b/charts/datadog/datadog/2.4.200+up2.4.2/templates/containers-init-linux.yaml deleted file mode 100644 index bfb0ef1ea..000000000 --- a/charts/datadog/datadog/2.4.200+up2.4.2/templates/containers-init-linux.yaml +++ /dev/null @@ -1,51 +0,0 @@ -{{- define "containers-init-linux" -}} -- name: init-volume - image: "{{ .Values.agents.image.repository }}:{{ .Values.agents.image.tag }}" - imagePullPolicy: {{ .Values.agents.image.pullPolicy }} - command: ["bash", "-c"] - args: - - cp -r /etc/datadog-agent /opt - volumeMounts: - - name: config - mountPath: /opt/datadog-agent - resources: -{{ toYaml .Values.agents.containers.initContainers.resources | indent 4 }} -- name: init-config - image: "{{ .Values.agents.image.repository }}:{{ .Values.agents.image.tag }}" - imagePullPolicy: {{ .Values.agents.image.pullPolicy }} - command: ["bash", "-c"] - args: - - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done - volumeMounts: - - name: config - mountPath: /etc/datadog-agent - {{- if (or (.Values.datadog.confd) (.Values.datadog.autoconf)) }} - - name: confd - mountPath: /conf.d - readOnly: true - {{- end }} - {{- if .Values.datadog.checksd }} - - name: checksd - mountPath: /checks.d - readOnly: true - {{- end }} - - name: procdir - mountPath: /host/proc - readOnly: true - - name: runtimesocketdir - mountPath: {{ print "/host/" (dir (include "datadog.dockerOrCriSocketPath" .)) | clean }} - readOnly: true - {{- if .Values.datadog.systemProbe.enabled }} - - name: sysprobe-config - mountPath: /etc/datadog-agent/system-probe.yaml - subPath: system-probe.yaml - {{- end }} - env: - {{- include "containers-common-env" . | nindent 4 }} - {{- if and (not .Values.clusterAgent.enabled) .Values.datadog.leaderElection }} - - name: DD_LEADER_ELECTION - value: {{ .Values.datadog.leaderElection | quote }} - {{- end }} - resources: -{{ toYaml .Values.agents.containers.initContainers.resources | indent 4 }} -{{- end -}} diff --git a/charts/datadog/datadog/2.4.200+up2.4.2/templates/containers-init-windows.yaml b/charts/datadog/datadog/2.4.200+up2.4.2/templates/containers-init-windows.yaml deleted file mode 100644 index e5ae9ec88..000000000 --- a/charts/datadog/datadog/2.4.200+up2.4.2/templates/containers-init-windows.yaml +++ /dev/null @@ -1,38 +0,0 @@ -{{- define "containers-init-windows" -}} -- name: init-volume - image: "{{ .Values.agents.image.repository }}:{{ .Values.agents.image.tag }}" - imagePullPolicy: {{ .Values.agents.image.pullPolicy }} - command: ["pwsh", "-Command"] - args: - - Copy-Item -Recurse -Force {{ template "datadog.confPath" . }} C:/Temp - volumeMounts: - - name: config - mountPath: C:/Temp/Datadog - resources: -{{ toYaml .Values.agents.containers.initContainers.resources | indent 4 }} -- name: init-config - image: "{{ .Values.agents.image.repository }}:{{ .Values.agents.image.tag }}" - imagePullPolicy: {{ .Values.agents.image.pullPolicy }} - command: ["pwsh", "-Command"] - args: - - Get-ChildItem 'entrypoint-ps1' | ForEach-Object { & $_.FullName if (-Not $?) { exit 1 } } - volumeMounts: - - name: config - mountPath: {{ template "datadog.confPath" . }} - {{- if (or (.Values.datadog.confd) (.Values.datadog.autoconf)) }} - - name: confd - mountPath: C:/conf.d - readOnly: true - {{- end }} - {{- if .Values.datadog.checksd }} - - name: checksd - mountPath: C:/checks.d - readOnly: true - {{- end }} - - name: runtimesocket - mountPath: {{ template "datadog.dockerOrCriSocketPath" . }} - env: - {{- include "containers-common-env" . | nindent 4 }} - resources: -{{ toYaml .Values.agents.containers.initContainers.resources | indent 4 }} -{{- end -}} diff --git a/charts/datadog/datadog/2.4.200+up2.4.2/templates/daemonset-volumes-linux.yaml b/charts/datadog/datadog/2.4.200+up2.4.2/templates/daemonset-volumes-linux.yaml deleted file mode 100644 index 17529c31b..000000000 --- a/charts/datadog/datadog/2.4.200+up2.4.2/templates/daemonset-volumes-linux.yaml +++ /dev/null @@ -1,69 +0,0 @@ -{{- define "daemonset-volumes-linux" -}} -- hostPath: - path: /proc - name: procdir -- hostPath: - path: /sys/fs/cgroup - name: cgroups -{{- if .Values.datadog.dogstatsd.useSocketVolume }} -- hostPath: - path: {{ .Values.datadog.dogstatsd.hostSocketPath }} - type: DirectoryOrCreate - name: dsdsocket -{{- end }} -{{- if .Values.datadog.apm.useSocketVolume }} -- hostPath: - path: {{ .Values.datadog.apm.hostSocketPath }} - type: DirectoryOrCreate - name: apmsocket -{{- end }} -- name: s6-run - emptyDir: {} -{{- if (or (.Values.datadog.confd) (.Values.datadog.autoconf)) }} -- name: confd - configMap: - name: {{ template "datadog.fullname" . }}-confd -{{- end }} -{{- if .Values.datadog.systemProbe.enabled }} -- name: sysprobe-config - configMap: - name: {{ template "datadog.fullname" . }}-system-probe-config -{{- if eq .Values.datadog.systemProbe.seccomp "localhost/system-probe" }} -- name: datadog-agent-security - configMap: - name: {{ template "datadog.fullname" . }}-security -- hostPath: - path: {{ .Values.datadog.systemProbe.seccompRoot }} - name: seccomp-root -{{- end }} -- hostPath: - path: /sys/kernel/debug - name: debugfs -- name: sysprobe-socket-dir - emptyDir: {} -- hostPath: - path: /lib/modules - name: modules -- hostPath: - path: /usr/src - name: src -{{- end }} -{{- if or .Values.datadog.processAgent.enabled .Values.datadog.systemProbe.enabled }} -- hostPath: - path: /etc/passwd - name: passwd -{{- end }} -{{- if or .Values.datadog.logs.enabled .Values.datadog.logsEnabled }} -- hostPath: - path: "/var/lib/datadog-agent/logs" - name: pointerdir -- hostPath: - path: /var/log/pods - name: logpodpath -{{- if not .Values.datadog.criSocketPath }} -- hostPath: - path: /var/lib/docker/containers - name: logdockercontainerpath -{{- end }} -{{- end }} -{{- end -}} diff --git a/charts/datadog/datadog/2.4.200+up2.4.2/templates/daemonset-volumes-windows.yaml b/charts/datadog/datadog/2.4.200+up2.4.2/templates/daemonset-volumes-windows.yaml deleted file mode 100644 index eb9e0fd52..000000000 --- a/charts/datadog/datadog/2.4.200+up2.4.2/templates/daemonset-volumes-windows.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- define "daemonset-volumes-windows" -}} -{{- if or .Values.datadog.logs.enabled .Values.datadog.logsEnabled }} -- hostPath: - path: C:/var/log - name: pointerdir -- hostPath: - path: C:/var/log/pods - name: logpodpath -- hostPath: - path: C:/ProgramData/docker/containers - name: logdockercontainerpath -{{- end }} -{{- end -}} diff --git a/charts/datadog/datadog/2.4.200+up2.4.2/templates/daemonset.yaml b/charts/datadog/datadog/2.4.200+up2.4.2/templates/daemonset.yaml deleted file mode 100644 index 5f3e3a90b..000000000 --- a/charts/datadog/datadog/2.4.200+up2.4.2/templates/daemonset.yaml +++ /dev/null @@ -1,150 +0,0 @@ -{{- template "check-version" . }} -{{- if .Values.agents.enabled }} -{{- if (or (.Values.datadog.apiKeyExistingSecret) (.Values.datadog.apiKey)) }} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ template "datadog.fullname" . }} - labels: - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -spec: - selector: - matchLabels: - app: {{ template "datadog.fullname" . }} - {{- if .Values.agents.podLabels }} -{{ toYaml .Values.agents.podLabels | indent 6 }} - {{- end }} - template: - metadata: - labels: - app: {{ template "datadog.fullname" . }} - {{- if .Values.agents.podLabels }} -{{ toYaml .Values.agents.podLabels | indent 8 }} - {{- end }} - name: {{ template "datadog.fullname" . }} - annotations: - checksum/install_info: {{ printf "%s-%s" .Chart.Name .Chart.Version | sha256sum }} - checksum/autoconf-config: {{ tpl (toYaml .Values.datadog.autoconf) . | sha256sum }} - checksum/confd-config: {{ tpl (toYaml .Values.datadog.confd) . | sha256sum }} - checksum/checksd-config: {{ tpl (toYaml .Values.datadog.checksd) . | sha256sum }} - {{- if .Values.agents.customAgentConfig }} - checksum/agent-config: {{ tpl (toYaml .Values.agents.customAgentConfig) . | sha256sum }} - {{- end }} - {{- if .Values.datadog.systemProbe.enabled }} - container.apparmor.security.beta.kubernetes.io/system-probe: {{ .Values.datadog.systemProbe.apparmor }} - container.seccomp.security.alpha.kubernetes.io/system-probe: {{ .Values.datadog.systemProbe.seccomp }} - {{- end }} - {{- if .Values.agents.podAnnotations }} -{{ toYaml .Values.agents.podAnnotations | indent 8 }} - {{- end }} - spec: - {{- if .Values.datadog.securityContext }} - securityContext: -{{ toYaml .Values.datadog.securityContext| indent 8 }} - {{- else if or .Values.agents.podSecurity.podSecurityPolicy.create .Values.agents.podSecurity.securityContextConstraints.create -}} - {{- if and (.Values.agents.podSecurity.securityContext) .Values.agents.podSecurity.securityContext.seLinuxOptions }} - securityContext: - seLinuxOptions: -{{ toYaml .Values.agents.podSecurity.securityContext.seLinuxOptions | indent 10 }} - {{- end }} - {{- end }} - {{- if .Values.agents.useHostNetwork }} - hostNetwork: {{ .Values.agents.useHostNetwork }} - dnsPolicy: ClusterFirstWithHostNet - {{- end }} - {{- if .Values.agents.dnsConfig }} - dnsConfig: -{{ toYaml .Values.agents.dnsConfig | indent 8 }} - {{- end }} - {{- if .Values.datadog.dogstatsd.useHostPID }} - hostPID: {{ .Values.datadog.dogstatsd.useHostPID }} - {{- end }} - {{- if .Values.agents.image.pullSecrets }} - imagePullSecrets: -{{ toYaml .Values.agents.image.pullSecrets | indent 8 }} - {{- end }} - {{- if .Values.agents.priorityClassName }} - priorityClassName: {{ .Values.agents.priorityClassName }} - {{- end }} - containers: - {{- include "container-agent" . | nindent 6 }} - {{- if .Values.datadog.apm.enabled }} - {{- include "container-trace-agent" . | nindent 6 }} - {{- end }} - {{- if .Values.datadog.processAgent.enabled }} - {{- include "container-process-agent" . | nindent 6 }} - {{- end }} - {{- if .Values.datadog.systemProbe.enabled }} - {{- include "container-system-probe" . | nindent 6 }} - {{- end }} - initContainers: - {{- if eq .Values.targetSystem "windows" }} - {{ include "containers-init-windows" . | nindent 6 }} - {{- end }} - {{- if eq .Values.targetSystem "linux" }} - {{ include "containers-init-linux" . | nindent 6 }} - {{- end }} - {{- if and .Values.datadog.systemProbe.enabled (eq .Values.datadog.systemProbe.seccomp "localhost/system-probe") }} - {{ include "system-probe-init" . | nindent 6 }} - {{- end }} - volumes: - - name: installinfo - configMap: - name: {{ template "datadog.fullname" . }}-installinfo - - name: config - emptyDir: {} - {{- if eq .Values.targetSystem "linux" }} - - hostPath: - path: {{ dir (include "datadog.dockerOrCriSocketPath" .) }} - name: runtimesocketdir - {{- end }} - {{- if eq .Values.targetSystem "windows" }} - - hostPath: - path: {{ template "datadog.dockerOrCriSocketPath" . }} - name: runtimesocket - {{- end }} - {{- if .Values.datadog.checksd }} - - name: checksd - configMap: - name: {{ template "datadog.fullname" . }}-checksd - {{- end }} - {{- if .Values.agents.useConfigMap }} - - name: {{ template "datadog.fullname" . }}-datadog-yaml - configMap: - name: {{ template "datadog.fullname" . }}-datadog-yaml - {{- end }} - {{- if eq .Values.targetSystem "windows" }} - {{ include "daemonset-volumes-windows" . | nindent 6 }} - {{- end }} - {{- if eq .Values.targetSystem "linux" }} - {{ include "daemonset-volumes-linux" . | nindent 6 }} - {{- end }} -{{- if .Values.agents.volumes }} -{{ toYaml .Values.agents.volumes | indent 6 }} -{{- end }} - tolerations: - {{- if eq .Values.targetSystem "windows" }} - - effect: NoSchedule - key: node.kubernetes.io/os - value: windows - operator: Equal - {{- end }} - {{- if .Values.agents.tolerations }} -{{ toYaml .Values.agents.tolerations | indent 6 }} - {{- end }} - affinity: -{{ toYaml .Values.agents.affinity | indent 8 }} - serviceAccountName: {{ if .Values.agents.rbac.create }}{{ template "datadog.fullname" . }}{{ else }}"{{ .Values.agents.rbac.serviceAccountName }}"{{ end }} - nodeSelector: - {{ template "label.os" . }}: {{ .Values.targetSystem }} - {{- if .Values.agents.nodeSelector }} -{{ toYaml .Values.agents.nodeSelector | indent 8 }} - {{- end }} - updateStrategy: -{{ toYaml .Values.agents.updateStrategy | indent 4 }} -{{ end }} -{{ end }} diff --git a/charts/datadog/datadog/2.4.200+up2.4.2/templates/datadog-yaml-configmap.yaml b/charts/datadog/datadog/2.4.200+up2.4.2/templates/datadog-yaml-configmap.yaml deleted file mode 100644 index cfb827dfe..000000000 --- a/charts/datadog/datadog/2.4.200+up2.4.2/templates/datadog-yaml-configmap.yaml +++ /dev/null @@ -1,51 +0,0 @@ -{{- if .Values.agents.useConfigMap }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "datadog.fullname" . }}-datadog-yaml - labels: - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - annotations: - {{- if .Values.agents.customAgentConfig }} - checksum/agent-config: {{ tpl (toYaml .Values.agents.customAgentConfig) . | sha256sum }} - {{- end }} -data: - datadog.yaml: | - {{- if .Values.agents.customAgentConfig }} -{{ tpl (toYaml .Values.agents.customAgentConfig) . | indent 4 }} - {{- else }} - ## Provides autodetected defaults, for kubernetes environments, - ## please see datadog.yaml.example for all supported options - - # Autodiscovery for Kubernetes - listeners: - - name: kubelet - config_providers: - - name: kubelet - polling: true - - # Enable APM by setting the DD_APM_ENABLED envvar to true, or override this configuration - apm_config: - enabled: true - apm_non_local_traffic: true - max_memory: 0 - max_cpu_percent: 0 - - {{- $version := (.Values.agents.image.tag | toString | trimSuffix "-jmx") }} - {{- $length := len (split "." $version ) -}} - {{- if and (eq $length 1) (ge $version "6") -}} - {{- $version := "6.15" }} - {{- end -}} - {{ if semverCompare ">=6.15" $version }} - # Enable java container awareness (agent version >= 6.15) - jmx_use_container_support: true - {{ else }} - # Enable java cgroup memory awareness (agent version < 6.15) - jmx_use_cgroup_memory_limit: true - {{ end }} - {{- end }} -{{- end }} diff --git a/charts/datadog/datadog/2.4.200+up2.4.2/templates/hpa-external-metrics-rbac.yaml b/charts/datadog/datadog/2.4.200+up2.4.2/templates/hpa-external-metrics-rbac.yaml deleted file mode 100644 index 4ba6c9557..000000000 --- a/charts/datadog/datadog/2.4.200+up2.4.2/templates/hpa-external-metrics-rbac.yaml +++ /dev/null @@ -1,52 +0,0 @@ -{{- if and .Values.clusterAgent.enabled .Values.clusterAgent.rbac.create .Values.clusterAgent.metricsProvider.enabled .Values.clusterAgent.metricsProvider.createReaderRbac -}} -apiVersion: {{ template "rbac.apiVersion" . }} -kind: ClusterRole -metadata: - labels: - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- if contains "-gke." .Capabilities.KubeVersion.GitVersion }} - name: external-metrics-reader -{{- else }} - name: {{ template "datadog.fullname" . }}-cluster-agent-external-metrics-reader -{{- end }} -rules: -- apiGroups: - - "external.metrics.k8s.io" - resources: - - "*" - verbs: - - list - - get - - watch ---- -apiVersion: {{ template "rbac.apiVersion" . }} -kind: ClusterRoleBinding -metadata: - labels: - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- if contains "-gke." .Capabilities.KubeVersion.GitVersion }} - name: external-metrics-reader -{{- else }} - name: {{ template "datadog.fullname" . }}-cluster-agent-external-metrics-reader -{{- end }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole -{{- if contains "-gke." .Capabilities.KubeVersion.GitVersion }} - name: external-metrics-reader -{{- else }} - name: {{ template "datadog.fullname" . }}-cluster-agent-external-metrics-reader -{{- end }} -subjects: -- kind: ServiceAccount - name: horizontal-pod-autoscaler - namespace: kube-system -{{- end -}} diff --git a/charts/datadog/datadog/2.4.200+up2.4.2/templates/install_info-configmap.yaml b/charts/datadog/datadog/2.4.200+up2.4.2/templates/install_info-configmap.yaml deleted file mode 100644 index 52059f8ae..000000000 --- a/charts/datadog/datadog/2.4.200+up2.4.2/templates/install_info-configmap.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "datadog.fullname" . }}-installinfo - labels: - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - annotations: - checksum/install_info: {{ printf "%s-%s" .Chart.Name .Chart.Version | sha256sum }} -data: - install_info: | - --- - install_method: - tool: helm - tool_version: {{ .Release.Service }} - installer_version: {{ .Chart.Name }}-{{ .Chart.Version }} diff --git a/charts/datadog/datadog/2.4.200+up2.4.2/templates/rbac.yaml b/charts/datadog/datadog/2.4.200+up2.4.2/templates/rbac.yaml deleted file mode 100644 index 74a5b044c..000000000 --- a/charts/datadog/datadog/2.4.200+up2.4.2/templates/rbac.yaml +++ /dev/null @@ -1,116 +0,0 @@ -{{- if .Values.agents.rbac.create -}} -apiVersion: {{ template "rbac.apiVersion" . }} -kind: ClusterRole -metadata: - labels: - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - name: {{ template "datadog.fullname" . }} -rules: -{{- if not .Values.clusterAgent.enabled }} -- apiGroups: - - "" - resources: - - services - - events - - endpoints - - pods - - nodes - - componentstatuses - verbs: - - get - - list - - watch -- apiGroups: ["quota.openshift.io"] - resources: - - clusterresourcequotas - verbs: - - get - - list -{{- if .Values.datadog.collectEvents }} -- apiGroups: - - "" - resources: - - configmaps - resourceNames: - - datadogtoken # Kubernetes event collection state - verbs: - - get - - update -{{- end }} -{{- if .Values.datadog.leaderElection }} -- apiGroups: - - "" - resources: - - configmaps - resourceNames: - - datadog-leader-election # Leader election token - verbs: - - get - - update -- apiGroups: # To create the leader election token - - "" - resources: - - configmaps - verbs: - - create -{{- end }} -- nonResourceURLs: - - "/version" - - "/healthz" - verbs: - - get -{{- end }} -- nonResourceURLs: - - "/metrics" - verbs: - - get -- apiGroups: # Kubelet connectivity - - "" - resources: - - nodes/metrics - - nodes/spec - - nodes/proxy - - nodes/stats - verbs: - - get -- apiGroups: # leader election check - - "" - resources: - - endpoints - verbs: - - get ---- -apiVersion: {{ template "rbac.apiVersion" . }} -kind: ClusterRoleBinding -metadata: - labels: - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - name: {{ template "datadog.fullname" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "datadog.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ template "datadog.fullname" . }} - namespace: {{ .Release.Namespace }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - name: {{ template "datadog.fullname" . }} -{{- end -}} diff --git a/charts/datadog/datadog/2.4.200+up2.4.2/templates/secrets.yaml b/charts/datadog/datadog/2.4.200+up2.4.2/templates/secrets.yaml deleted file mode 100644 index c386893bb..000000000 --- a/charts/datadog/datadog/2.4.200+up2.4.2/templates/secrets.yaml +++ /dev/null @@ -1,38 +0,0 @@ -# API Key -{{- if not .Values.datadog.apiKeyExistingSecret }} - -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "datadog.fullname" . }} - labels: - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -type: Opaque -data: - api-key: {{ default "MISSING" .Values.datadog.apiKey | b64enc | quote }} - -{{- end }} - -# APP Key -{{- if not .Values.datadog.appKeyExistingSecret }} -{{- if and .Values.clusterAgent.enabled .Values.clusterAgent.metricsProvider.enabled }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "datadog.appKeySecretName" . }} - labels: - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -type: Opaque -data: - app-key: {{ default "MISSING" .Values.datadog.appKey | b64enc | quote }} -{{- end }} -{{- end }} diff --git a/charts/datadog/datadog/2.4.200+up2.4.2/templates/system-probe-configmap.yaml b/charts/datadog/datadog/2.4.200+up2.4.2/templates/system-probe-configmap.yaml deleted file mode 100644 index 40059e149..000000000 --- a/charts/datadog/datadog/2.4.200+up2.4.2/templates/system-probe-configmap.yaml +++ /dev/null @@ -1,218 +0,0 @@ -{{- if .Values.datadog.systemProbe.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "datadog.fullname" . }}-system-probe-config - namespace: {{ $.Release.Namespace }} - labels: - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -data: - system-probe.yaml: | - system_probe_config: - enabled: {{ $.Values.datadog.systemProbe.enabled }} - debug_port: {{ $.Values.datadog.systemProbe.debugPort }} - sysprobe_socket: /var/run/sysprobe/sysprobe.sock - enable_conntrack: {{ $.Values.datadog.systemProbe.enableConntrack }} - bpf_debug: {{ $.Values.datadog.systemProbe.bpfDebug }} - enable_tcp_queue_length: {{ $.Values.datadog.systemProbe.enableTCPQueueLength }} - enable_oom_kill: {{ $.Values.datadog.systemProbe.enableOOMKill }} - collect_dns_stats: {{ $.Values.datadog.systemProbe.collectDNSStats }} - -{{- if eq .Values.datadog.systemProbe.seccomp "localhost/system-probe" }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "datadog.fullname" . }}-security - namespace: {{ $.Release.Namespace }} - labels: - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -data: - system-probe-seccomp.json: | - { - "defaultAction": "SCMP_ACT_ERRNO", - "syscalls": [ - { - "names": [ - "accept4", - "access", - "arch_prctl", - "bind", - "bpf", - "brk", - "capget", - "capset", - "chdir", - "clock_gettime", - "clone", - "close", - "connect", - "copy_file_range", - "creat", - "dup", - "dup2", - "dup3", - "epoll_create", - "epoll_create1", - "epoll_ctl", - "epoll_ctl_old", - "epoll_pwait", - "epoll_wait", - "epoll_wait", - "epoll_wait_old", - "execve", - "execveat", - "exit", - "exit_group", - "fchmod", - "fchmodat", - "fchown", - "fchown32", - "fchownat", - "fcntl", - "fcntl64", - "fstat", - "fstat64", - "fstatfs", - "fsync", - "futex", - "getcwd", - "getdents", - "getdents64", - "getegid", - "geteuid", - "getgid", - "getpeername", - "getpid", - "getppid", - "getpriority", - "getrandom", - "getresgid", - "getresgid32", - "getresuid", - "getresuid32", - "getrlimit", - "getrusage", - "getsid", - "getsockname", - "getsockopt", - "gettid", - "gettimeofday", - "getuid", - "getxattr", - "ioctl", - "ipc", - "listen", - "lseek", - "lstat", - "lstat64", - "madvise", - "mkdir", - "mkdirat", - "mmap", - "mmap2", - "mprotect", - "mremap", - "munmap", - "nanosleep", - "newfstatat", - "open", - "openat", - "pause", - "perf_event_open", - "pipe", - "pipe2", - "poll", - "ppoll", - "prctl", - "pread64", - "prlimit64", - "pselect6", - "read", - "readlink", - "readlinkat", - "recvfrom", - "recvmmsg", - "recvmsg", - "rename", - "restart_syscall", - "rmdir", - "rt_sigaction", - "rt_sigpending", - "rt_sigprocmask", - "rt_sigqueueinfo", - "rt_sigreturn", - "rt_sigsuspend", - "rt_sigtimedwait", - "rt_tgsigqueueinfo", - "sched_getaffinity", - "sched_yield", - "seccomp", - "select", - "semtimedop", - "send", - "sendmmsg", - "sendmsg", - "sendto", - "set_robust_list", - "set_tid_address", - "setgid", - "setgid32", - "setgroups", - "setgroups32", - "setns", - "setrlimit", - "setsid", - "setsidaccept4", - "setsockopt", - "setuid", - "setuid32", - "sigaltstack", - "socket", - "socketcall", - "socketpair", - "stat", - "stat64", - "statfs", - "sysinfo", - "umask", - "uname", - "unlink", - "unlinkat", - "wait4", - "waitid", - "waitpid", - "write" - ], - "action": "SCMP_ACT_ALLOW", - "args": null - }, - { - "names": [ - "setns" - ], - "action": "SCMP_ACT_ALLOW", - "args": [ - { - "index": 1, - "value": 1073741824, - "valueTwo": 0, - "op": "SCMP_CMP_EQ" - } - ], - "comment": "", - "includes": {}, - "excludes": {} - } - ] - } -{{- end }} -{{- end }} diff --git a/charts/datadog/datadog/2.4.200+up2.4.2/templates/system-probe-init.yaml b/charts/datadog/datadog/2.4.200+up2.4.2/templates/system-probe-init.yaml deleted file mode 100644 index 3507c7192..000000000 --- a/charts/datadog/datadog/2.4.200+up2.4.2/templates/system-probe-init.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- define "system-probe-init" -}} -- name: seccomp-setup - image: "{{ .Values.agents.image.repository }}:{{ .Values.agents.image.tag }}" - command: - - cp - - /etc/config/system-probe-seccomp.json - - /host/var/lib/kubelet/seccomp/system-probe - volumeMounts: - - name: datadog-agent-security - mountPath: /etc/config - - name: seccomp-root - mountPath: /host/var/lib/kubelet/seccomp - resources: -{{ toYaml .Values.agents.containers.initContainers.resources | indent 4 }} -{{- end -}} diff --git a/charts/datadog/datadog/2.4.200+up2.4.2/values.yaml b/charts/datadog/datadog/2.4.200+up2.4.2/values.yaml deleted file mode 100644 index 8ab4ac1be..000000000 --- a/charts/datadog/datadog/2.4.200+up2.4.2/values.yaml +++ /dev/null @@ -1,1254 +0,0 @@ -## Default values for Datadog Agent -## See Datadog helm documentation to learn more: -## https://docs.datadoghq.com/agent/kubernetes/helm/ - -## @param nameOverride - string - optional -## Override name of app. -# -nameOverride: # "" - -## @param fullnameOverride - string - optional -## Override the full qualified app name. -# -fullnameOverride: # "" - -## @param targetSystem - string - required -## Set the target OS for this deployment -## Possible values: linux, windows -# -targetSystem: "linux" - -datadog: - ## @param apiKey - string - required - ## Set this to your Datadog API key before the Agent runs. - ## ref: https://app.datadoghq.com/account/settings#agent/kubernetes - # - apiKey: - - ## @param apiKeyExistingSecret - string - optional - ## Use existing Secret which stores API key instead of creating a new one. - ## If set, this parameter takes precedence over "apiKey". - # - apiKeyExistingSecret: # - - ## @param appKey - string - optional - ## If you are using clusterAgent.metricsProvider.enabled = true, you must set - ## a Datadog application key for read access to your metrics. - # - appKey: # - - ## @param appKeyExistingSecret - string - optional - ## Use existing Secret which stores APP key instead of creating a new one - ## If set, this parameter takes precedence over "appKey". - # - appKeyExistingSecret: # - - ## @param securityContext - object - optional - ## You can modify the security context used to run the containers by - ## modifying the label type below: - # - securityContext: {} - # seLinuxOptions: - # user: "system_u" - # role: "system_r" - # type: "spc_t" - # level: "s0" - - ## @param clusterName - string - optional - ## Set a unique cluster name to allow scoping hosts and Cluster Checks easily - ## The name must be unique and must be dot-separated tokens where a token can be up to 40 characters with the following restrictions: - ## * Lowercase letters, numbers, and hyphens only. - ## * Must start with a letter. - ## * Must end with a number or a letter. - ## Compared to the rules of GKE, dots are allowed whereas they are not allowed on GKE: - ## https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#Cluster.FIELDS.name - # - clusterName: # - - ## @param site - string - optional - default: 'datadoghq.com' - ## The site of the Datadog intake to send Agent data to. - ## Set to 'datadoghq.eu' to send data to the EU site. - # - site: # datadoghq.com - - ## @param dd_url - string - optional - default: 'https://app.datadoghq.com' - ## The host of the Datadog intake server to send Agent data to, only set this option - ## if you need the Agent to send data to a custom URL. - ## Overrides the site setting defined in "site". - # - dd_url: # https://app.datadoghq.com - - ## @param logLevel - string - required - ## Set logging verbosity, valid log levels are: - ## trace, debug, info, warn, error, critical, and off - # - logLevel: INFO - - ## @param kubeStateMetricsEnabled - boolean - required - ## If true, deploys the kube-state-metrics deployment. - ## ref: https://github.com/kubernetes/charts/tree/master/stable/kube-state-metrics - # - kubeStateMetricsEnabled: true - - ## @param clusterChecks - object - required - ## Enable the Cluster Checks feature on both the cluster-agents and the daemonset - ## ref: https://docs.datadoghq.com/agent/autodiscovery/clusterchecks/ - ## Autodiscovery via Kube Service annotations is automatically enabled - # - clusterChecks: - enabled: false - - ## @param nodeLabelsAsTags - list of key:value strings - optional - ## Provide a mapping of Kubernetes Node Labels to Datadog Tags. - # - nodeLabelsAsTags: {} - # beta.kubernetes.io/instance-type: aws-instance-type - # kubernetes.io/role: kube_role - # : - - ## @param podLabelsAsTags - list of key:value strings - optional - ## Provide a mapping of Kubernetes Labels to Datadog Tags. - # - podLabelsAsTags: {} - # app: kube_app - # release: helm_release - # : - - ## @param podAnnotationsAsTags - list of key:value strings - optional - ## Provide a mapping of Kubernetes Annotations to Datadog Tags - # - podAnnotationsAsTags: {} - # iam.amazonaws.com/role: kube_iamrole - # : - - ## @param tags - list of key:value elements - optional - ## List of tags to attach to every metric, event and service check collected by this Agent. - ## - ## Learn more about tagging: https://docs.datadoghq.com/tagging/ - # - tags: [] - # - ":" - # - ":" - - ## @param dogstatsd - object - required - ## dogstatsd configuration - ## ref: https://docs.datadoghq.com/agent/kubernetes/dogstatsd/ - ## To emit custom metrics from your Kubernetes application, use DogStatsD. - # - dogstatsd: - ## @param port - integer - optional - default: 8125 - ## Override the Agent DogStatsD port. - ## Note: Make sure your client is sending to the same UDP port. - # - port: 8125 - - ## @param originDetection - boolean - optional - ## Enable origin detection for container tagging - ## https://docs.datadoghq.com/developers/dogstatsd/unix_socket/#using-origin-detection-for-container-tagging - # - originDetection: false - - ## @param useSocketVolume - boolean - optional - ## Enable dogstatsd over Unix Domain Socket - ## ref: https://docs.datadoghq.com/developers/dogstatsd/unix_socket/ - # - useSocketVolume: false - - ## @param socketPath - string - optional - ## Path to the DogStatsD socket - # - socketPath: /var/run/datadog/dsd.socket - - ## @param hostSocketPath - string - optional - ## host path to the DogStatsD socket - # - hostSocketPath: /var/run/datadog/ - - ## @param useHostPort - boolean - optional - ## Sets the hostPort to the same value of the container port. Needs to be used - ## for sending custom metrics. - ## The ports need to be available on all hosts. - ## - ## WARNING: Make sure that hosts using this are properly firewalled otherwise - ## metrics and traces are accepted from any host able to connect to this host. - # - useHostPort: false - - ## @param useHostPID - boolean - optional - ## Run the agent in the host's PID namespace. This is required for Dogstatsd origin - ## detection to work. See https://docs.datadoghq.com/developers/dogstatsd/unix_socket/ - # - useHostPID: false - - ## @param nonLocalTraffic - boolean - optional - default: false - ## Enable this to make each node accept non-local statsd traffic. - ## ref: https://github.com/DataDog/docker-dd-agent#environment-variables - # - nonLocalTraffic: false - - ## @param collectEvents - boolean - optional - default: false - ## Enables this to start event collection from the kubernetes API - ## ref: https://docs.datadoghq.com/agent/kubernetes/event_collection/ - # - collectEvents: false - - ## @param leaderElection - boolean - optional - default: false - ## Enables leader election mechanism for event collection. - # - leaderElection: false - - ## @param leaderLeaseDuration - integer - optional - default: 60 - ## Set the lease time for leader election in second. - # - leaderLeaseDuration: # 60 - - ## @param logs - object - required - ## Enable logs agent and provide custom configs - # - logs: - ## @param enabled - boolean - optional - default: false - ## Enables this to activate Datadog Agent log collection. - ## ref: https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/#log-collection-setup - # - enabled: false - - ## @param containerCollectAll - boolean - optional - default: false - ## Enable this to allow log collection for all containers. - ## ref: https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/#log-collection-setup - # - containerCollectAll: false - - ## @param containerUseFiles - boolean - optional - default: true - ## Collect logs from files in /var/log/pods instead of using container runtime API. - ## It's usually the most efficient way of collecting logs. - ## ref: https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/#log-collection-setup - # - containerCollectUsingFiles: true - - ## @param apm - object - required - ## Enable apm agent and provide custom configs - # - apm: - ## @param enabled - boolean - optional - default: false - ## Enable this to enable APM and tracing, on port 8126 - ## ref: https://github.com/DataDog/docker-dd-agent#tracing-from-the-host - # - enabled: false - - ## @param port - integer - optional - default: 8126 - ## Override the trace Agent port. - ## Note: Make sure your client is sending to the same UDP port. - # - port: 8126 - - ## @param useSocketVolume - boolean - optional - ## Enable APM over Unix Domain Socket - ## ref: https://docs.datadoghq.com/agent/kubernetes/apm/ - # - useSocketVolume: false - - ## @param socketPath - string - optional - ## Path to the trace-agent socket - # - socketPath: /var/run/datadog/apm.socket - - ## @param hostSocketPath - string - optional - ## host path to the trace-agent socket - # - hostSocketPath: /var/run/datadog/ - - ## @param env - list of object - optional - ## The dd-agent supports many environment variables - ## ref: https://docs.datadoghq.com/agent/docker/?tab=standard#environment-variables - # - env: [] - # - name: - # value: - - ## @param confd - list of objects - optional - ## Provide additional check configurations (static and Autodiscovery) - ## Each key becomes a file in /conf.d - ## ref: https://github.com/DataDog/datadog-agent/tree/master/Dockerfiles/agent#optional-volumes - ## ref: https://docs.datadoghq.com/agent/autodiscovery/ - # - confd: {} - # redisdb.yaml: |- - # init_config: - # instances: - # - host: "name" - # port: "6379" - # kubernetes_state.yaml: |- - # ad_identifiers: - # - kube-state-metrics - # init_config: - # instances: - # - kube_state_url: http://%%host%%:8080/metrics - - ## @param checksd - list of key:value strings - optional - ## Provide additional custom checks as python code - ## Each key becomes a file in /checks.d - ## ref: https://github.com/DataDog/datadog-agent/tree/master/Dockerfiles/agent#optional-volumes - # - checksd: {} - # service.py: |- - - ## @param dockerSocketPath - string - optional - ## Path to the docker socket - # - dockerSocketPath: # /var/run/docker.sock - - ## @param criSocketPath - string - optional - ## Path to the container runtime socket (if different from Docker) - ## This is supported starting from agent 6.6.0 - # - criSocketPath: # /var/run/containerd/containerd.sock - - ## @param processAgent - object - required - ## Enable process agent and provide custom configs - # - processAgent: - ## @param enabled - boolean - required - ## Set this to true to enable live process monitoring agent - ## Note: /etc/passwd is automatically mounted to allow username resolution. - ## ref: https://docs.datadoghq.com/graphing/infrastructure/process/#kubernetes-daemonset - # - enabled: true - - ## @param processCollection - boolean - required - ## Set this to true to enable process collection in process monitoring agent - ## Requires processAgent.enabled to be set to true to have any effect - # - processCollection: false - - ## @param systemProbe - object - required - ## Enable systemProbe agent and provide custom configs - # - systemProbe: - ## @param enabled - boolean - required - ## Set this to true to enable system-probe agent - # - enabled: false - - ## @param debugPort - integer - required - ## Specify the port to expose pprof and expvar for system-probe agent - # - debugPort: 0 - - ## @param enableConntrack - boolean - required - ## Enable the system-probe agent to connect to the netlink/conntrack subsystem to add NAT information to connection data - ## Ref: http://conntrack-tools.netfilter.org/ - # - enableConntrack: true - - ## @param seccomp - string - required - ## Apply an ad-hoc seccomp profile to the system-probe agent to restrict its privileges - ## Note that this will break `kubectl exec … -c system-probe -- /bin/bash` - # - seccomp: localhost/system-probe - - ## @param seccompRoot - string - required - ## Specify the seccomp profile root directory - # - seccompRoot: /var/lib/kubelet/seccomp - - ## @param bpfDebug - boolean - required - ## Enable logging for kernel debug - # - bpfDebug: false - - ## @param apparmor profile - string - required - ## specify a apparmor profile for system-probe - # - apparmor: unconfined - - ## @param enableTCPQueueLength - boolean - optional - ## Enable the TCP queue length eBPF-based check - # - enableTCPQueueLength: false - - ## @param enableOOMKill - boolean - optional - ## Enable the OOM kill eBPF-based check - # - enableOOMKill: false - - ## @param collectDNSStats - boolean - optional - ## Enable DNS stat collection - # - collectDNSStats: false - - orchestratorExplorer: - ## @param enabled - boolean - required - ## Set this to true to enable the orchestrator explorer. - ## This requires processAgent.enabled and clusterAgent.enabled to be set to true - ## ref: TODO - add doc link - # - enabled: false - -## @param clusterAgent - object - required -## This is the Datadog Cluster Agent implementation that handles cluster-wide -## metrics more cleanly, separates concerns for better rbac, and implements -## the external metrics API so you can autoscale HPAs based on datadog metrics -## ref: https://docs.datadoghq.com/agent/kubernetes/cluster/ -# -clusterAgent: - ## @param enabled - boolean - required - ## Set this to true to enable Datadog Cluster Agent - # - enabled: false - - ## @param image - object - required - ## Define the Datadog Cluster-Agent image to work with. - # - image: - ## @param repository - string - required - ## Define the repository to use: - # - repository: datadog/cluster-agent - - ## @param tag - string - required - ## Define the Cluster-Agent version to use. - # - tag: 1.7.0 - - ## @param pullPolicy - string - required - ## The Kubernetes pull policy. - # - pullPolicy: IfNotPresent - - ## @param pullSecrets - list of key:value strings - optional - ## It is possible to specify docker registry credentials - ## See https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod - # - pullSecrets: [] - # - name: "" - - ## @param command - array - optional - ## Command to run in the Cluster Agent container - # - command: [] - - ## @param token - string - required - ## This needs to be at least 32 characters a-zA-z - ## It is a preshared key between the node agents and the cluster agent - ## ref: - # - token: "" - - ## @param replicas - integer - required - ## Specify the of cluster agent replicas, if > 1 it allow the cluster agent to - ## work in HA mode. - # - replicas: 1 - - ## @param rbac - object - required - ## Provide Cluster Agent Deployment pod(s) RBAC configuration - rbac: - ## @param created - boolean - required - ## If true, create & use RBAC resources - # - create: true - - ## @param serviceAccountName - string - required - ## Ignored if clusterAgentrbac.create is true - # - serviceAccountName: default - - ## @param metricsProvider - object - required - ## Enable the metricsProvider to be able to scale based on metrics in Datadog - # - metricsProvider: - ## @param enabled - boolean - required - default: false - ## Set this to true to enable Metrics Provider - # - enabled: false - - ## @param wpaController - boolean - optional - ## Enable informer and controller of the watermark pod autoscaler - ## NOTE: You need to install the `WatermarkPodAutoscaler` CRD before - # - wpaController: false - - ## @param useDatadogMetrics - boolean - optional - ## Enable usage of DatadogMetric CRD to autoscale on arbitrary Datadog queries - ## NOTE: You need to install the `DatadogMetric` CRD before - # - useDatadogMetrics: false - - ## @param createReaderRbac - boolean - optional - ## Create `external-metrics-reader` RBAC automatically (to allow HPA to read data from Cluster Agent) - # - createReaderRbac: true - - ## Configuration for the service for the cluster-agent metrics server - # - service: - ## @param type - string - optional - ## - # - type: ClusterIP - ## @param port - int - optional - ## - port: 8443 - - ## @param env - list of object - optional - ## The Cluster-Agent supports many additional environment variables that can - ## be passed literally. - ## ref: https://docs.datadoghq.com/agent/cluster_agent/commands/#cluster-agent-options - # - env: [] - - ## @param admissionController - object - required - ## Enable the admissionController to be able to inject APM/Dogstatsd config - ## and standard tags (env, service, version) automatically into your pods - # - admissionController: - enabled: false - - ## @param mutateUnlabelled - boolean - optional - ## Enable injecting config without having the pod label 'admission.datadoghq.com/enabled="true"' - # - mutateUnlabelled: false - - ## @param confd - list of objects - optional - ## Provide additional cluster check configurations - ## Each key will become a file in /conf.d - ## ref: https://docs.datadoghq.com/agent/autodiscovery/ - # - confd: {} - # mysql.yaml: |- - # cluster_check: true - # instances: - # - server: '' - # port: 3306 - # user: datadog - # pass: '' - - ## @param resources - object -required - ## Datadog cluster-agent resource requests and limits. - # - resources: {} - # requests: - # cpu: 200m - # memory: 256Mi - # limits: - # cpu: 200m - # memory: 256Mi - - ## @param priorityclassName - string - optional - ## Name of the priorityClass to apply to the Cluster Agent - # - priorityClassName: # system-cluster-critical - - ## @param nodeSelector - object - optional - ## Allow the Cluster Agent Deployment to schedule on selected nodes - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ - # - nodeSelector: {} - - ## @param affinity - object - optional - ## Allow the Cluster Agent Deployment to schedule using affinity rules - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - # - affinity: {} - - ## @param healthPort - integer - optional - default: 5555 - ## Port number use the cluster-agent to server healthz endpoint - healthPort: 5555 - - ## @param livenessProbe - object - required - ## Override the agent's liveness probe logic from the default: - ## In case of issues with the probe, you can disable it with the - ## following values, to allow easier investigating: - # - livenessProbe: - httpGet: - port: 5555 - path: /live - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 6 - - ## @param readinessProbe - object - required - ## Override the cluster-agent's readiness probe logic from the default: - # - readinessProbe: - httpGet: - port: 5555 - path: /ready - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 6 - - ## @param strategy - string - required - ## Allow the Cluster Agent deployment to perform a rolling update on helm update - ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy - # - strategy: - type: RollingUpdate - rollingUpdate: - maxSurge: 1 - maxUnavailable: 0 - - ## @param podAnnotations - list of key:value strings - optional - ## Annotations to add to the cluster-agents's pod(s) - # - podAnnotations: {} - # key: "value" - - ## @param useHostNetwork - boolean - optional - ## Bind ports on the hostNetwork. Useful for CNI networking where hostPort might - ## not be supported. The ports need to be available on all hosts. It can be - ## used for custom metrics instead of a service endpoint. - ## - ## WARNING: Make sure that hosts using this are properly firewalled otherwise - ## metrics and traces are accepted from any host able to connect to this host. - # - useHostNetwork: # true - - ## @param dnsConfig - list of objects - optional - ## specify dns configuration options for datadog cluster agent containers e.g ndots - ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config - dnsConfig: {} - # options: - # - name: ndots - # value: "1" - - ## @param volumes - list of objects - optional - ## Specify additional volumes to mount in the cluster-agent container - # - volumes: [] - # - hostPath: - # path: - # name: - - ## @param volumeMounts - list of objects - optional - ## Specify additional volumes to mount in the cluster-agent container - # - volumeMounts: [] - # - name: - # mountPath: - # readOnly: true - - ## @param datadog-cluster.yaml - object - optional - ## Specify custom contents for the datadog cluster agent config (datadog-cluster.yaml). - # - datadog_cluster_yaml: {} - - ## @param createPodDisruptionBudget - boolean - optional - ## Specify the pod disruption budget to apply to the cluster agents - # - createPodDisruptionBudget: false - -agents: - ## @param enabled - boolean - required - ## You should keep Datadog DaemonSet enabled! - ## The exceptional case could be a situation when you need to run - ## single Datadog pod per every namespace, but you do not need to - ## re-create a DaemonSet for every non-default namespace install. - ## Note: StatsD and DogStatsD work over UDP, so you may not - ## get guaranteed delivery of the metrics in Datadog-per-namespace setup! - # - enabled: true - - ## @param image - object - required - ## Define the Datadog image to work with. - # - image: - ## @param repository - string - required - ## Define the repository to use: - ## use "datadog/agent" for Datadog Agent 7 - ## use "datadog/dogstatsd" for Standalone Datadog Agent DogStatsD 7 - # - repository: datadog/agent - - ## @param tag - string - required - ## Define the Agent version to use. - ## Use 7-jmx to enable jmx fetch collection - # - tag: 7.21.1 - - ## @param doNotCheckTag - boolean - optional - ## By default, the version passed in agents.image.tag is checked - ## for compatibility with the version of the chart. - ## This boolean permits to completely skip this check. - ## This is useful, for example, for custom tags that are not - ## respecting semantic versioning - # - doNotCheckTag: # false - - ## @param pullPolicy - string - required - ## The Kubernetes pull policy. - # - pullPolicy: IfNotPresent - - ## @param pullSecrets - list of key:value strings - optional - ## It is possible to specify docker registry credentials - ## See https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod - # - pullSecrets: [] - # - name: "" - - ## @param rbac - object - required - ## Provide Daemonset RBAC configuration - rbac: - - ## @param created - boolean - required - ## If true, create & use RBAC resources - # - create: true - - ## @param serviceAccountName - string - required - ## Ignored if daemonset.rbac.create is true - # - serviceAccountName: default - - ## @param podSecurity - object - optional - ## Provide Daemonset PodSecurityPolicy configuration - podSecurity: - - ## @param podSecurityPolicy - object - required - ## Provide Daemonset PodSecurityPolicy configuration - podSecurityPolicy: - - ## @param created - boolean - optional - ## If true, create a PodSecurityPolicy resource for Agent pods - # - create: false - - ## @param securityContextConstraints - object - required - ## Provide Daemonset securityContextConstraints configuration - securityContextConstraints: - - ## @param created - boolean - optional - ## If true, create a SecurityContextConstraints resource for Agent pods - # - create: false - - ## @param securityContext - object - required - ## Provide securityContext configuration - # - securityContext: - rule: MustRunAs - seLinuxOptions: - user: system_u - role: system_r - type: spc_t - level: s0 - - ## @param privileged - boolean - optional - ## If true, Allow to run privileged containers - # - privileged: false - - ## @param capabilites - list - optional - ## Allowed capabilites - # - capabilites: - - SYS_ADMIN - - SYS_RESOURCE - - SYS_PTRACE - - NET_ADMIN - - NET_BROADCAST - - IPC_LOCK - - ## @param volumes - list - optional - ## Allowed volumes types - # - volumes: - - configMap - - downwardAPI - - emptyDir - - hostPath - - secret - - ## @param seccompProfiles - list - optional - ## Allowed seccomp profiles - # - seccompProfiles: - - "runtime/default" - - "localhost/system-probe" - - ## @param apparmorProfiles - list - optional - ## Allowed apparmor profiles - # - apparmorProfiles: - - "runtime/default" - - containers: - agent: - ## @param env - list - required - ## Additional environment variables for the agent container. - # - env: [] - - ## @param logLevel - string - optional - ## Set logging verbosity, valid log levels are: - ## trace, debug, info, warn, error, critical, and off. - ## If not set, fall back to the value of datadog.logLevel. - # - logLevel: # INFO - - ## @param resources - object - required - ## Resource requests and limits for the agent container. - # - resources: {} - # requests: - # cpu: 200m - # memory: 256Mi - # limits: - # cpu: 200m - # memory: 256Mi - - ## @param livenessProbe - object - required - ## Override the agent's liveness probe logic from the default: - ## In case of issues with the probe, you can disable it with the - ## following values, to allow easier investigating: - # - livenessProbe: - httpGet: - path: /live - port: 5555 - initialDelaySeconds: 15 - periodSeconds: 15 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 6 - - ## @param readinessProbe - object - required - ## Override the agent's readiness probe logic from the default: - ## In case of issues with the probe, you can disable it with the - ## following values, to allow easier investigating: - # - readinessProbe: - httpGet: - path: /ready - port: 5555 - initialDelaySeconds: 15 - periodSeconds: 15 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 6 - - processAgent: - ## @param env - list - required - ## Additional environment variables for the process-agent container. - # - env: [] - - ## @param logLevel - string - optional - ## Set logging verbosity, valid log levels are: - ## trace, debug, info, warn, error, critical, and off. - ## If not set, fall back to the value of datadog.logLevel. - # - logLevel: # INFO - - ## @param resources - object - required - ## Resource requests and limits for the process-agent container. - # - resources: {} - # requests: - # cpu: 100m - # memory: 200Mi - # limits: - # cpu: 100m - # memory: 200Mi - - traceAgent: - ## @param env - list - required - ## Additional environment variables for the trace-agent container. - # - env: - - ## @param logLevel - string - optional - ## Set logging verbosity, valid log levels are: - ## trace, debug, info, warn, error, critical, and off. - ## If not set, fall back to the value of datadog.logLevel. - # - logLevel: # INFO - - ## @param resources - object - required - ## Resource requests and limits for the trace-agent container. - # - resources: {} - # requests: - # cpu: 100m - # memory: 200Mi - # limits: - # cpu: 100m - # memory: 200Mi - - ## @param livenessProbe - object - optional - ## Override the trace agent's liveness probe logic from the default: - ## In case of issues with the probe, you can disable it with the - ## following values, to allow easier investigating: - # - livenessProbe: - tcpSocket: - port: 8126 - initialDelaySeconds: 15 - periodSeconds: 15 - timeoutSeconds: 5 - - systemProbe: - ## @param env - list - required - ## Additional environment variables for the system-probe container. - # - env: [] - - ## @param logLevel - string - optional - ## Set logging verbosity, valid log levels are: - ## trace, debug, info, warn, error, critical, and off. - ## If not set, fall back to the value of datadog.logLevel. - # - logLevel: # INFO - - ## @param resources - object - required - ## Resource requests and limits for the system-probe container. - # - resources: {} - # requests: - # cpu: 100m - # memory: 200Mi - # limits: - # cpu: 100m - # memory: 200Mi - - initContainers: - ## @param resources - object - required - ## Resource requests and limits for the init containers. - # - resources: {} - # requests: - # cpu: 100m - # memory: 200Mi - # limits: - # cpu: 100m - # memory: 200Mi - - ## @param volumes - list of objects - optional - ## Specify additional volumes to mount in the dd-agent container - # - volumes: [] - # - hostPath: - # path: - # name: - - ## @param volumeMounts - list of objects - optional - ## Specify additional volumes to mount in the dd-agent container - # - volumeMounts: [] - # - name: - # mountPath: - # readOnly: true - - ## @param useHostNetwork - boolean - optional - ## Bind ports on the hostNetwork. Useful for CNI networking where hostPort might - ## not be supported. The ports need to be available on all hosts. It Can be - ## used for custom metrics instead of a service endpoint. - ## - ## WARNING: Make sure that hosts using this are properly firewalled otherwise - ## metrics and traces are accepted from any host able to connect to this host. - # - useHostNetwork: false - - ## @param dnsConfig - list of objects - optional - ## specify dns configuration options for datadog cluster agent containers e.g ndots - ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config - dnsConfig: {} - # options: - # - name: ndots - # value: "1" - - ## @param podAnnotations - list of key:value strings - optional - ## Annotations to add to the DaemonSet's Pods - # - podAnnotations: {} - # : '[{"key": "", "value": ""}]' - - ## @param tolerations - array - optional - ## Allow the DaemonSet to schedule on tainted nodes (requires Kubernetes >= 1.6) - # - tolerations: [] - - ## @param nodeSelector - object - optional - ## Allow the DaemonSet to schedule on selected nodes - ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ - # - nodeSelector: {} - - ## @param affinity - object - optional - ## Allow the DaemonSet to schedule using affinity rules - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - # - affinity: {} - - ## @param updateStrategy - string - optional - ## Allow the DaemonSet to perform a rolling update on helm update - ## ref: https://kubernetes.io/docs/tasks/manage-daemon/update-daemon-set/ - # - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: "10%" - - ## @param priorityClassName - string - optional - ## Sets PriorityClassName if defined. - # - priorityClassName: - - ## @param podLabels - object - optional - ## Sets podLabels if defined. - # - podLabels: {} - - ## @param useConfigMap - boolean - optional - ## Configures a configmap to provide the agent configuration - ## Use this in combination with the `agent.customAgentConfig` parameter. - # - useConfigMap: # false - - ## @param customAgentConfig - object - optional - ## Specify custom contents for the datadog agent config (datadog.yaml). - ## ref: https://docs.datadoghq.com/agent/guide/agent-configuration-files/?tab=agentv6 - ## ref: https://github.com/DataDog/datadog-agent/blob/master/pkg/config/config_template.yaml - ## Note the `agents.useConfigMap` needs to be set to `true` for this parameter to be taken into account. - # - customAgentConfig: {} - # # Autodiscovery for Kubernetes - # listeners: - # - name: kubelet - # config_providers: - # - name: kubelet - # polling: true - # # needed to support legacy docker label config templates - # - name: docker - # polling: true - # - # # Enable APM by setting the DD_APM_ENABLED envvar to true, or override this configuration - # apm_config: - # enabled: false - # apm_non_local_traffic: true - # - # # Enable java cgroup handling. Only one of those options should be enabled, - # # depending on the agent version you are using along that chart. - # - # # agent version < 6.15 - # # jmx_use_cgroup_memory_limit: true - # - # # agent version >= 6.15 - # # jmx_use_container_support: true - -clusterChecksRunner: - ## @param enabled - boolean - required - ## If true, deploys agent dedicated for running the Cluster Checks instead of running in the Daemonset's agents. - ## ref: https://docs.datadoghq.com/agent/autodiscovery/clusterchecks/ - # - enabled: false - - ## @param image - object - required - ## Define the Datadog image to work with. - # - image: - - ## @param repository - string - required - ## Define the repository to use: - ## use "datadog/agent" for Datadog Agent 7 - ## use "datadog/dogstatsd" for Standalone Datadog Agent DogStatsD 7 - # - repository: datadog/agent - - ## @param tag - string - required - ## Define the Agent version to use. - ## Use 7-jmx to enable jmx fetch collection - # - tag: 7.21.1 - - ## @param pullPolicy - string - required - ## The Kubernetes pull policy. - # - pullPolicy: IfNotPresent - - ## @param pullSecrets - list of key:value strings - optional - ## It is possible to specify docker registry credentials - ## See https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod - # - pullSecrets: [] - # - name: "" - - ## @param createPodDisruptionBudget - boolean - optional - ## Specify the pod disruption budget to apply to the cluster checks agents - # - createPodDisruptionBudget: false - - ## @param rbac - object - required - ## Provide Cluster Checks Deployment pods RBAC configuration - rbac: - ## @param created - boolean - required - ## If true, create & use RBAC resources - # - create: true - - ## @param dedicated - boolean - required - ## If true, use a dedicated RBAC resource for the cluster checks agent(s) - # - dedicated: false - - ## @param serviceAccountAnnotations - object - required - ## Annotations to add to the ServiceAccount if clusterChecksRunner.rbac.dedicated is true - # - serviceAccountAnnotations: {} - - ## @param serviceAccountName - string - required - ## Ignored if clusterChecksRunner.rbac.create is true - # - serviceAccountName: default - - ## @param replicas - integer - required - ## If you want to deploy the clusterChecks agent in HA, keep at least clusterChecksRunner.replicas set to 2. - ## And increase the clusterChecksRunner.replicas according to the number of Cluster Checks. - # - replicas: 2 - - ## @param resources - object -required - ## Datadog clusterchecks-agent resource requests and limits. - # - resources: {} - # requests: - # cpu: 200m - # memory: 500Mi - # limits: - # cpu: 200m - # memory: 500Mi - - ## @param affinity - object - optional - ## Allow the ClusterChecks Deployment to schedule using affinity rules. - ## By default, ClusterChecks Deployment Pods are forced to run on different Nodes. - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - # - affinity: {} - - ## @param strategy - string - optional - ## Allow the ClusterChecks deployment to perform a rolling update on helm update - ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy - # - strategy: - type: RollingUpdate - rollingUpdate: - maxSurge: 1 - maxUnavailable: 0 - - ## @param dnsConfig - list of objects - optional - ## specify dns configuration options for datadog cluster agent containers e.g ndots - ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config - dnsConfig: {} - # options: - # - name: ndots - # value: "1" - - ## @param nodeSelector - object - optional - ## Allow the ClusterChecks Deployment to schedule on selected nodes - ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ - # - nodeSelector: {} - - ## @param tolerations - array - required - ## Tolerations for pod assignment - ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - # - tolerations: [] - - ## @param livenessProbe - object - required - ## In case of issues with the probe, you can disable it with the - ## following values, to allow easier investigating: - # - # livenessProbe: - # exec: - # command: ["/bin/true"] - # - livenessProbe: - httpGet: - path: /live - port: 5555 - initialDelaySeconds: 15 - periodSeconds: 15 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 6 - - ## @param readinessProbe - object - required - ## In case of issues with the probe, you can disable it with the - ## following values, to allow easier investigating: - # - # readinessProbe: - # exec: - # command: ["/bin/true"] - # - readinessProbe: - httpGet: - path: /ready - port: 5555 - initialDelaySeconds: 15 - periodSeconds: 15 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 6 - - ## @param env - list of object - optional - ## The dd-agent supports many environment variables - ## ref: https://github.com/DataDog/datadog-agent/tree/master/Dockerfiles/agent#environment-variables - # - env: [] - # - name: - # value: - - ## @param volumes - list of objects - optional - ## Specify additional volumes to mount in the cluster checks container - # - volumes: [] - # - hostPath: - # path: - # name: - - ## @param volumeMounts - list of objects - optional - ## Specify additional volumes to mount in the cluster checks container - # - volumeMounts: [] - # - name: - # mountPath: - # readOnly: true - -kube-state-metrics: - rbac: - ## @param created - boolean - required - ## If true, create & use RBAC resources - # - create: true - - serviceAccount: - ## @param created - boolean - required - ## If true, create ServiceAccount, require rbac kube-state-metrics.rbac.create true - # - create: true - ## @param name - string - required - ## The name of the ServiceAccount to use. - ## If not set and create is true, a name is generated using the fullname template - # - name: - - ## @param resources - object - optional - ## Resource requests and limits for the kube-state-metrics container. - # - resources: {} - # requests: - # cpu: 200m - # memory: 256Mi - # limits: - # cpu: 200m - # memory: 256Mi diff --git a/charts/datadog/datadog/2.4.200/.helmignore b/charts/datadog/datadog/2.4.200/.helmignore deleted file mode 100755 index 46fd89965..000000000 --- a/charts/datadog/datadog/2.4.200/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -# OWNERS file for Kubernetes -OWNERS diff --git a/charts/datadog/datadog/2.4.200/CHANGELOG.md b/charts/datadog/datadog/2.4.200/CHANGELOG.md deleted file mode 100755 index fe4209075..000000000 --- a/charts/datadog/datadog/2.4.200/CHANGELOG.md +++ /dev/null @@ -1,328 +0,0 @@ -# Datadog changelog - -## Changelog is now available through Git history/GitHub tags, previous tags kept as reference - -## 2.3.41 - -* Fix issue with Kubernetes <= 1.14 and Cluster Agent's External Metrics Provider (must be 443) - -## 2.3.40 - -* Update documentation for resource requests & limits default values. - -## 2.3.39 - -* Propagate `datadog.checksd` to the clusterchecks runner to support custom checks there. - -## 2.3.38 - -* Add support of DD\_CONTAINER\_{INCLUDE,EXCLUDE}\_{METRICS,LOGS} - -## 2.3.37 - -* Add NET\_BROADCAST capability - -## 2.3.36 - -* Bump default Agent version to `7.21.1` - -## 2.3.35 - -* Add support for configuring the Datadog Admission Controller - -## 2.3.34 - -* Add support for scaling based on `DatadogMetric` CRD - -## 2.3.33 - -* Create new `datadog.podSecurity.securityContext` field to fix windows agent daemonset config. - -## 2.3.32 - -* Always add os in nodeSelector based on `targetSystem` - -## 2.3.31 - -* Fixed daemonset template for go 1.14 - -## 2.3.29 - -* Change the default port for the Cluster Agent's External Metrics Provider - from 443 to 8443. -* Document usage of `clusterAgent.env` - -## 2.3.28 - -* fix daemonset template generation if `datadog.securityContext` is set to `nil` - -## 2.3.27 - -* add systemProbe.collectDNSStats option - -## 2.3.26 - -* fix PodSecurityContext configuration - -## 2.3.25 - -* Use directly .env var YAML block for all agents (was already the case for Cluster Agent) - -## 2.3.24 - -* Allow enabling Orchestrator Explorer data collection from the process-agent - -## 2.3.23 - -* Add the possibility to create a `PodSecurityPolicy` or a `SecurityContextConstraints` (Openshift) for the Agent's Daemonset Pods. - -## 2.3.22 - -* Remove duplicate imagePullSecrets -* Fix DataDog location to useConfigMap in docs -* Adding explanation for metricsProvider.enabled - -## 2.3.21 - -* Fix additional default values in `values.yaml` to prevent errors with Helm 2.x - -## 2.3.20 - -* Fix process-agent <> system-probe communication - -## 2.3.19 - -* Fix the container-trace-agent.yaml template creates invalid yaml when `useSocketVolume` is enabled. - -## 2.3.18 - -* Support arguments in the cluster-agent container `command` value - -## 2.3.17 - -* grammar edits to datadog helm docs! -* Typo in log config - -## 2.3.16 - -* Add parameter `clusterChecksRunner.rbac.serviceAccountAnnotations` for specifying annotations for dedicated ServiceAccount for Cluster Checks runners. -* Add parameters `clusterChecksRunner.volumes` and `clusterChecksRunner.volumeMounts` that can be used for providing a secret backend to Cluster Checks runners. - -## 2.3.15 - -* Mount kernel headers in system-probe container -* Fix the mount of the `system-probe` socket in core agent -* Add parameters to enable eBPF based checks - -## 2.3.14 - -* Allow overriding the `command` to run in the cluster-agent container - -## 2.3.13 - -* Use two distinct health endpoints for liveness and readiness probes. - -## 2.3.12 - -* Fix endpoints checks scheduling between agent and cluster check runners -* Cluster Check Runner now runs without s6 (similar to other agents) - -## 2.3.11 - -* Bump the default version of the agent docker images - -## 2.3.10 - -* Add dnsConfig options to all containers - -## 2.3.9 - -* Add `clusterAgent.podLabels` variable to add labels to the Cluster Agent Pod(s) - -## 2.3.8 - -* Fix templating errors when `clusterAgent.datadog_cluster_yaml` is being used. - -## 2.3.7 - -* Fix an agent warning at startup because of a deprecated parameter - -## 2.3.6 - -* Add `affinity` parameter in `values.yaml` for cluster agent deployment - -## 2.3.5 - -* Add `DD_AC_INCLUDE` and `DD_AC_EXCLUDE` to all containers -* Add "Unix Domain Socket" support in trace-agent -* Add new parameter to specify the dogstatsd socket path on the host -* Fix typos in values.yaml -* Update "tags:" example in values.yaml -* Add "rate_limit_queries_*" in the datadog.cluster-agent prometheus check configuration - -## 2.3.4 - -* Fix default values in `values.yaml` to prevent warnings with Helm 2.x - -## 2.3.3 - -* Allow pre-release versions as docker image tag - -## 2.3.2 - -* Update the DCA RBAC to allow it to create events in the HPA - -## 2.3.1 - -* Update the example for `datadog.securityContext` - -## 2.3.0 - -* Mount the directory containing the CRI socket instead of the socket itself - This is to handle the cases where the docker daemon is restarted. - In this case, the docker daemon will recreate its docker socket and, - if the container bind-mounted directly the socket, the container would - still have access to the old socket instead of the one of the new docker - daemon. - ⚠ This version of the chart requires an agent image 7.19.0 or more recent - -## 2.2.12 - -* Adding resources for `system-probe` init container - -## 2.2.11 - -* Add documentations around secret management in the datadog helm chart. It is to upstream - requested changes in the IBM charts repository: https://github.com/IBM/charts/pull/690#discussion_r411702458 -* update `kube-state-metrics` dependency -* uncomment every values.yaml parameters for IBM chart compliancy - -## 2.2.10 - -* Remove `kubeStateMetrics` section from `values.yaml` as not used anymore - -## 2.2.9 - -* Fixing variables description in README and Migration documentation (#22031) -* Avoid volumes mount conflict between `system-probe` and `logs` volumes in the `agent`. - -## 2.2.8 - -* Mount `system-probe` socket in `agent` container when system-probe is enabled - -## 2.2.7 - -* Add "Cluster-Agent" `Event` `create` RBAC permission - -## 2.2.6 - -* Ensure the `trace-agent` computes the same hostname as the core `agent`. - by giving it access to all the elements that might be used to compute the hostname: - the `DD_CLUSTER_NAME` environment variable and the docker socket. - -## 2.2.5 - -* Fix RBAC - -## 2.2.4 - -* Move several EnvVars to `common-env-vars` to be accessible by the `trace-agent` #21991. -* Fix discrepancies migration-guide and readme reporded in #21806 and #21920. -* Fix EnvVars with integer value due to yaml. serialization, reported by #21853. -* Fix .Values.datadog.tags encoding, reported by #21663. -* Add Checksum to `xxx-cluster-agent-config` config map, reported by #21622 and contribution #21656. - -## 2.2.3 - -* Fix `datadog.dockerOrCriSocketPath` helper #21992 - -## 2.2.2 - -* Fix indentation for `clusterAgent.volumes`. - -## 2.2.1 - -* Updating `agents.useConfigMap` and `agents.customAgentConfig` parameter descriptions in the chart and main readme. - -## 2.2.0 - -* Add Windows support -* Update documentation to reflect some changes that were made default -* Enable endpoint checks by default in DCA/Agent - -## 2.1.2 - -* Fixed a bug where `DD_LEADER_ELECTION` was not set in the config init container, leading to a failure to adapt -config to this environment variable. - -## 2.1.1 - -* Add option to enable WPA in the Cluster Agent. - -## 2.1.0 - -* Changed the default for `processAgent.enabled` to `true`. - -## 2.0.14 - -* Fixed a bug where the `trace-agent` runs in the same container as `dd-agent` - -## 2.0.13 - -* Fix `system-probe` startup on latest versions of containerd. - Here is the error that this change fixes: - ``` State: Waiting - Reason: CrashLoopBackOff - Last State: Terminated - Reason: StartError - Message: failed to create containerd task: OCI runtime create failed: container_linux.go:349: starting container process caused "close exec fds: ensure /proc/self/fd is on procfs: operation not permitted": unknown - Exit Code: 128 - ``` - -## 2.0.11 - -* Add missing syscalls in the `system-probe` seccomp profile - -## 2.0.10 - -* Do not enable the `cri` check when running on a `docker` setup. - -## 2.0.7 - -* Pass expected `DD_DOGSTATSD_PORT` to datadog-agent rather than invalid `DD_DOGSTATD_PORT` - -## 2.0.6 - -* Introduces `procesAgent.processCollection` to correctly configure `DD_PROCESS_AGENT_ENABLED` for the process agent. - -## 2.0.5 - -* Honor the `datadog.env` parameter in all containers. - -## 2.0.4 - -* Honor the image pull policy in init containers. -* Pass the `DD_CRI_SOCKET_PATH` environment variable to the config init container so that it can adapt the agent config based on the CRI. - -## 2.0.3 - -* Fix templating error when `agents.useConfigMap` is set to true. -* Add DD\_APM\_ENABLED environment variable to trace agent container. - -## 2.0.2 - -* Revert the docker socket path inside the agent container to its standard location to fix #21223. - -## 2.0.1 - -* Add parameters `datadog.logs.enabled` and `datadog.logs.containerCollectAll` to replace `datadog.logsEnabled` and `datadog.logsConfigContainerCollectAll`. -* Update the migration document link in the `Readme.md`. - -### 2.0.0 - -* Remove Datadog agent deployment configuration. -* Cleanup resources labels, to fit with recommended labels. -* Cleanup useless or unused values parameters. -* each component have its own RBAC configuration (create,configuration). -* container runtime socket update values configuration simplification. -* `nameOverride` `fullnameOverride` is now optional in values.yaml. diff --git a/charts/datadog/datadog/2.4.200/Chart.yaml b/charts/datadog/datadog/2.4.200/Chart.yaml deleted file mode 100755 index 3a8c3bf85..000000000 --- a/charts/datadog/datadog/2.4.200/Chart.yaml +++ /dev/null @@ -1,20 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: datadog -apiVersion: v1 -appVersion: "7" -description: Datadog Agent -home: https://www.datadoghq.com -icon: https://datadog-live.imgix.net/img/dd_logo_70x75.png -keywords: -- monitoring -- alerting -- metric -maintainers: -- email: support@datadoghq.com - name: Datadog -name: datadog -sources: -- https://app.datadoghq.com/account/settings#agent/kubernetes -- https://github.com/DataDog/datadog-agent -version: 2.4.200 diff --git a/charts/datadog/datadog/2.4.200/README.md b/charts/datadog/datadog/2.4.200/README.md deleted file mode 100755 index d36ee5f2e..000000000 --- a/charts/datadog/datadog/2.4.200/README.md +++ /dev/null @@ -1,481 +0,0 @@ -# Datadog - -[Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/kubernetes/charts/tree/master/stable/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). - -Datadog [offers two variants](https://hub.docker.com/r/datadog/agent/tags/), switch to a `-jmx` tag if you need to run JMX/java integrations. The chart also supports running [the standalone dogstatsd image](https://hub.docker.com/r/datadog/dogstatsd/tags/). - -See the [Datadog JMX integration](https://docs.datadoghq.com/integrations/java/) to learn more. - -## How to use Datadog Helm repository - -You need to add this repository to your Helm repositories: - -``` -helm repo add datadog https://helm.datadoghq.com -helm repo update -``` - -## Prerequisites - -Kubernetes 1.4+ or OpenShift 3.4+, note that: - -- the Datadog Agent supports Kubernetes 1.4+ -- The Datadog chart's defaults are tailored to Kubernetes 1.7.6+, see [Datadog Agent legacy Kubernetes versions documentation](https://github.com/DataDog/datadog-agent/tree/master/Dockerfiles/agent#legacy-kubernetes-versions) for adjustments you might need to make for older versions - -## Quick start - -By default, the Datadog Agent runs in a DaemonSet. It can alternatively run inside a Deployment for special use cases. - -**Note:** simultaneous DaemonSet + Deployment installation within a single release will be deprecated in a future version, requiring two releases to achieve this. - -### Installing the Datadog Chart - -To install the chart with the release name ``, retrieve your Datadog API key from your [Agent Installation Instructions](https://app.datadoghq.com/account/settings#agent/kubernetes) and run: - -```bash -helm install --name \ - --set datadog.apiKey= datadog/datadog -``` - -By default, this Chart creates a Secret and puts an API key in that Secret. -However, you can use manually created secret by setting the `datadog.apiKeyExistingSecret` value. After a few minutes, you should see hosts and metrics being reported in Datadog. - -#### Create and provide a secret that contains your Datadog API Key - -To create a secret that contains your Datadog API key, replace the below with the API key for your organization. This secret is used in the manifest to deploy the Datadog Agent. - -```bash -DATADOG_SECRET_NAME=datadog-secret -kubectl create secret generic $DATADOG_SECRET_NAME --from-literal api-key="" --namespace="default" -``` - -**Note**: This creates a secret in the default namespace. If you are in a custom namespace, update the namespace parameter of the command before running it. - -Now, the installation command contains the reference to the secret. - -```bash -helm install --name \ - --set datadog.apiKeyExistingSecret=$DATADOG_SECRET_NAME datadog/datadog -``` - -**Note**: Provide a secret for the application key (AppKey) using the `datadog.appKeyExistingSecret` chart variable. - -### Enabling the Datadog Cluster Agent - -Read about the Datadog Cluster Agent in the [official documentation](https://docs.datadoghq.com/agent/kubernetes/cluster/). - -Run the following if you want to deploy the chart with the Datadog Cluster Agent: - -```bash -helm install --name datadog-monitoring \ - --set datadog.apiKey= \ - --set datadog.appKey= \ - --set clusterAgent.enabled=true \ - --set clusterAgent.metricsProvider.enabled=true \ - datadog/datadog -``` - -**Note**: Specifying `clusterAgent.metricsProvider.enabled=true` enables the External Metrics Server. -If you want to learn to use this feature, you can check out this [Datadog Cluster Agent walkthrough](https://github.com/DataDog/datadog-agent/blob/master/docs/cluster-agent/CUSTOM_METRICS_SERVER.md). - -The Leader Election is enabled by default in the chart for the Cluster Agent. Only the Cluster Agent(s) participate in the election, in case you have several replicas configured (using `clusterAgent.replicas`. - -#### Cluster Agent Token - -You can specify the Datadog Cluster Agent token used to secure the communication between the Cluster Agent(s) and the Agents with `clusterAgent.token`. - -**If you don't specify a token, a random one is generated at each deployment so you must use `--recreate-pods` to ensure all pod use the same token.** see[Datadog Chart notes](https://github.com/helm/charts/blob/57d3030941ad2ec2d6f97c86afdf36666658a884/datadog/datadog/templates/NOTES.txt#L49-L59) to learn more. - -### Upgrading - -#### From 1.x to 2.x - -⚠️ Migrating from 1.x to 2.x requires a manual action. - -The `datadog` chart has been refactored to regroup the `values.yaml` parameters in a more logical way. -Please follow the [migration guide](https://github.com/helm/charts/blob/master/datadog/datadog/docs/Migration_1.x_to_2.x.md) to update you `values.yaml` file. - -#### From 1.19.0 onwards - -Version `1.19.0` introduces the use of release name as full name if it contains the chart name(`datadog` in this case). -E.g. with a release name of `datadog`, this renames the `DaemonSet` from `datadog-datadog` to `datadog`. -The suggested approach is to delete the release and reinstall it. - -#### From 1.0.0 onwards - -Starting with version 1.0.0, this chart does not support deploying Agent 5.x anymore. If you cannot upgrade to Agent 6.x or later, you can use a previous version of the chart by calling helm install with `--version 0.18.0`. - -See [0.18.1's README](https://github.com/helm/charts/blob/847f737479bb78d89f8fb650db25627558fbe1f0/datadog/datadog/README.md) to see which options were supported at the time. - -### Uninstalling the Chart - -To uninstall/delete the `` deployment: - -```bash -helm delete --purge -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Configuration - -As a best practice, a YAML file that specifies the values for the chart parameters should be provided to configure the chart: - -1. **Copy the default [`datadog-values.yaml`](values.yaml) value file.** -2. Set the `apiKey` parameter with your [Datadog API key](https://app.datadoghq.com/account/settings#api). -3. Upgrade the Datadog Helm chart with the new `datadog-values.yaml` file: - -```bash -helm upgrade -f datadog-values.yaml datadog/datadog --recreate-pods -``` - -See the [All configuration options](#all-configuration-options) section to discover all possibilities offered by the Datadog chart. - -### Enabling Log Collection - -Update your [datadog-values.yaml](values.yaml) file with the following log collection configuration: - -```yaml -datadog: - # (...) - logs: - enabled: true - containerCollectAll: true -``` - -then upgrade your Datadog Helm chart: - -```bash -helm upgrade -f datadog-values.yaml datadog/datadog --recreate-pods -``` - -### Enabling Process Collection - -Update your [datadog-values.yaml](values.yaml) file with the process collection configuration: - -```yaml -datadog: - # (...) - processAgent: - enabled: true - processCollection: true -``` - -then upgrade your Datadog Helm chart: - -```bash -helm upgrade -f datadog-values.yaml datadog/datadog --recreate-pods -``` - -### Enabling System Probe Collection - -The system-probe agent only runs in dedicated container environment. Update your [datadog-values.yaml](values.yaml) file with the system-probe collection configuration: - -```yaml -datadog: - # (...) - systemProbe: - # (...) - enabled: true - -# (...) -``` - -then upgrade your Datadog Helm chart: - -```bash -helm upgrade -f datadog-values.yaml datadog/datadog --recreate-pods -``` - -### Kubernetes event collection - -Use the [Datadog Cluster Agent](#enabling-the-datadog-cluster-agent) to collect Kubernetes events. Please read [the official documentation](https://docs.datadoghq.com/agent/kubernetes/event_collection/) for more context. - -Alternatively set the `datadog.leaderElection`, `datadog.collectEvents` and `rbac.create` options to `true` in order to enable Kubernetes event collection. - -### conf.d and checks.d - -The Datadog [entrypoint](https://github.com/DataDog/datadog-agent/blob/master/Dockerfiles/agent/entrypoint/89-copy-customfiles.sh) copies files with a `.yaml` extension found in `/conf.d` and files with `.py` extension in `/checks.d` to `/etc/datadog-agent/conf.d` and `/etc/datadog-agent/checks.d` respectively. - -The keys for `datadog.confd` and `datadog.checksd` should mirror the content found in their respective ConfigMaps. Update your [datadog-values.yaml](values.yaml) file with the check configurations: - -```yaml -datadog: - confd: - redisdb.yaml: |- - ad_identifiers: - - redis - - bitnami/redis - init_config: - instances: - - host: "%%host%%" - port: "%%port%%" - jmx.yaml: |- - ad_identifiers: - - openjdk - instance_config: - instances: - - host: "%%host%%" - port: "%%port_0%%" - redisdb.yaml: |- - init_config: - instances: - - host: "outside-k8s.example.com" - port: 6379 -``` - -then upgrade your Datadog Helm chart: - -```bash -helm upgrade -f datadog-values.yaml datadog/datadog --recreate-pods -``` - -For more details, please refer to [the documentation](https://docs.datadoghq.com/agent/kubernetes/integrations/). - -### Kubernetes Labels and Annotations - -To map Kubernetes node labels and pod labels and annotations to Datadog tags, provide a dictionary with kubernetes labels/annotations as keys and Datadog tags key as values in your [datadog-values.yaml](values.yaml) file: - -```yaml -nodeLabelsAsTags: - beta.kubernetes.io/instance-type: aws_instance_type - kubernetes.io/role: kube_role -``` - -```yaml -podAnnotationsAsTags: - iam.amazonaws.com/role: kube_iamrole -``` - -```yaml -podLabelsAsTags: - app: kube_app - release: helm_release -``` - -then upgrade your Datadog Helm chart: - -```bash -helm upgrade -f datadog-values.yaml datadog/datadog --recreate-pods -``` - -### CRI integration - -As of the version 6.6.0, the Datadog Agent supports collecting metrics from any container runtime interface used in your cluster. Configure the location path of the socket with `datadog.criSocketPath`; default is the Docker container runtime socket. To deactivate this support, you just need to unset the `datadog.criSocketPath` setting. -Standard paths are: - -- Docker socket: `/var/run/docker.sock` -- Containerd socket: `/var/run/containerd/containerd.sock` -- Cri-o socket: `/var/run/crio/crio.sock` - -## All configuration options - -The following table lists the configurable parameters of the Datadog chart and their default values. Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```bash -helm install --name \ - --set datadog.apiKey=,datadog.logLevel=DEBUG \ - datadog/datadog -``` - -| Parameter | Description | Default | -|--------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------| -| `targetSystem` | Target OS of this installation (supported: `linux`, `windows`) | `linux` | -| `datadog.apiKey` | Your Datadog API key | `nil` You must provide your own key | -| `datadog.apiKeyExistingSecret` | If set, use the secret with a provided name instead of creating a new one | `nil` | -| `datadog.appKey` | Datadog APP key required to use metricsProvider | `nil` You must provide your own key | -| `datadog.appKeyExistingSecret` | If set, use the secret with a provided name instead of creating a new one | `nil` | -| `agents.image.repository` | The image repository to pull from | `datadog/agent` | -| `agents.image.tag` | The image tag to pull | `7.19.0` | -| `agents.image.doNotCheckTag` | By default, the helm chart will check that the version provided in `agents.image.tag` is superior to the minimal version requested by the chart. If `doNotCheckTag` is explicitly set to `true`, this check is skipped. This is useful for custom tags that are not respecting semantic versioning. | `false` | -| `agents.image.pullPolicy` | Image pull policy | `IfNotPresent` | -| `agents.image.pullSecrets` | Image pull secrets | `nil` | -| `nameOverride` | Override name of app | `""` | -| `fullnameOverride` | Override full name of app | `""` | -| `agents.rbac.create` | If true, create & use RBAC resources | `true` | -| `agents.rbac.serviceAccountName` | existing ServiceAccount to use (ignored if rbac.create=true) | `default` | -| `datadog.site` | Site ('datadoghq.com' or 'datadoghq.eu') | `nil` | -| `datadog.dd_url` | Datadog intake server | `nil` | -| `datadog.env` | Additional Datadog environment variables | `nil` | -| `datadog.logLevel` | Agent log verbosity (possible values: trace, debug, info, warn, error, critical, and off) | `INFO` | -| `datadog.logs.enabled` | Enable log collection | `nil` | -| `datadog.logs.containerCollectAll` | Collect logs from all containers | `nil` | -| `datadog.logs.containerCollectUsingFiles` | Collect container logs from files on disk instead of container runtime API | `true` | -| `datadog.apm.enabled` | Enable tracing from the host | `false` | -| `datadog.apm.port` | Used to override the default agent APM Port | `8126` | -| `datadog.apm.useSocketVolume` | Enable APM over Unix Domain Socket | `False` | -| `datadog.apm.socketPath` | Custom path to the socket, has to be located in the `/var/run/datadog/` folder path | `/var/run/datadog/apm.socket` | -| `datadog.apm.hostPath` | host directory that contains the trace-agent socket path | `/var/run/datadog/` | -| `datadog.clusterChecks.enabled` | Enable Cluster Checks on both the Cluster Agent and the Agent daemonset | `false` | -| `datadog.processAgent.enabled` | Enable live process and container monitoring agent. Possible values: `true` enable process-agent, `false` disable process-agent | `true` | -| `datadog.processAgent.processCollection` | Enable live process collection. Possible values: `true` enable process collection, `false` disable process collection | `false` | -| `datadog.checksd` | Additional custom checks as python code | `nil` | -| `datadog.confd` | Additional check configurations (static and Autodiscovery) | `nil` | -| `datadog.dockerSocketPath` | Path to the docker socket | `/var/run/docker.sock` | -| `datadog.criSocketPath` | Path to the container runtime socket (default is Docker runtime) | `nil` | -| `datadog.tags` | Set host tags | `nil` | -| `datadog.dogstatsd.originDetection` | Enable origin detection for container tagging | `False` | -| `datadog.dogstatsd.port` | Used to override the default agent DogStatsD Port | `8125` | -| `datadog.dogstatsd.useHostPID` | If true, use the host's PID namespace | `nil` | -| `datadog.dogstatsd.useHostPort` | If true, use the same ports for both host and container | `nil` | -| `datadog.dogstatsd.nonLocalTraffic` | Enable statsd reporting from any external ip | `False` | -| `datadog.dogstatsd.useSocketVolume` | Enable dogstatsd over Unix Domain Socket | `False` | -| `datadog.dogstatsd.socketPath` | Custom path to the socket, has to be located in the `/var/run/datadog/` folder path | `/var/run/datadog/dsd.socket` | -| `datadog.dogstatsd.hostPath` | host directory that contains the dogstatsd socket | `/var/run/datadog/` | -| `datadog.nodeLabelsAsTags` | Kubernetes Node Labels to Datadog Tags mapping | `nil` | -| `datadog.podAnnotationsAsTags` | Kubernetes Annotations to Datadog Tags mapping | `nil` | -| `datadog.podLabelsAsTags` | Kubernetes Labels to Datadog Tags mapping | `nil` | -| `datadog.securityContext` | Allows you to overwrite the default securityContext applied to the container | `nil` | -| `datadog.acInclude` | (Deprecated) Include containers based on image name | `nil` | -| `datadog.acExclude` | (Deprecated) Exclude containers based on image name | `nil` | -| `datadog.containerInclude` | Include containers based on image name, container name or kubernetes namespace | `nil` | -| `datadog.containerExclude` | Exclude containers based on image name, container name or kubernetes namespace | `nil` | -| `datadog.containerIncludeMetrics` | Include containers for metrics collection based on image name, container name or kubernetes namespace | `nil` | -| `datadog.containerExcludeMetrics` | Exclude containers from metrics based on image name, container name or kubernetes namespace | `nil` | -| `datadog.containerIncludeLogs` | Include containers for logs collection based on image name, container name or kubernetes namespace | `nil` | -| `datadog.containerExcludeLogs` | Exclude containers from logs based on image name, container name or kubernetes namespace | `nil` | -| `datadog.systemProbe.enabled` | enable system probe collection | `false` | -| `datadog.systemProbe.seccomp` | Apply an ad-hoc seccomp profile to system-probe to restrict its privileges | `localhost/system-probe` | -| `datadog.systemProbe.seccompRoot` | Seccomp root directory for system-probe | `/var/lib/kubelet/seccomp` | -| `datadog.systemProbe.debugPort` | The port to expose pprof and expvar for system-probe agent, it is not enabled if the value is set to 0 | `0` | -| `datadog.systemProbe.enableConntrack` | If true, system-probe connects to the netlink/conntrack subsystem to add NAT information to connection data. Ref: http://conntrack-tools.netfilter.org/ | `true` | -| `datadog.systemProbe.bpfDebug` | If true, system-probe writes debug logs to /sys/kernel/debug/tracing/trace_pipe | `false` | -| `datadog.systemProbe.apparmor` | Apparmor profile for system-probe | `unconfined` | -| `datadog.systemProbe.enableTCPQueueLength` | Enable the TCP queue length eBPF-based check | `false` | -| `datadog.systemProbe.enableOOMKill` | Enable the OOM kill eBPF-based check | `false` | -| `datadog.orchestratorExplorer.enabled` | Enable the Orchestrator Explorer data collection | `false` | -| `agents.podAnnotations` | Annotations to add to the DaemonSet's Pods | `nil` | -| `agents.podLabels` | labels to add to each pod | `nil` | -| `agents.tolerations` | List of node taints to tolerate (requires Kubernetes >= 1.6) | `nil` | -| `agents.nodeSelector` | Node selectors | `nil` | -| `agents.affinity` | Node affinities | `nil` | -| `agents.useHostNetwork` | If true, use the host's network | `nil` | -| `agents.dnsConfig` | If set, configure dnsConfig options in datadog agent containers | `nil` | -| `agents.containers.agent.env` | Additional list of environment variables to use in the agent container | `nil` | -| `agents.containers.agent.logLevel` | Agent log verbosity | `INFO` | -| `agents.containers.agent.resources.limits.cpu` | CPU resource limits for the agent container | not set | -| `agents.containers.agent.resources.requests.cpu` | CPU resource requests for the agent container | not set | -| `agents.containers.agent.resources.limits.memory` | Memory resource limits for the agent container | not set | -| `agents.containers.agent.resources.requests.memory` | Memory resource requests for the agent container | not set | -| `agents.containers.agent.livenessProbe` | Overrides the default liveness probe | http check on /live with port 5555 | -| `agents.containers.agent.readinessProbe` | Overrides the default readiness probe | http check on /ready with port 5555 | -| `agents.containers.processAgent.env` | Additional list of environment variables to use in the process-agent container | `nil` | -| `agents.containers.processAgent.logLevel` | Process agent log verbosity | `INFO` | -| `agents.containers.processAgent.resources.limits.cpu` | CPU resource limits for the process-agent container | `100m` | -| `agents.containers.processAgent.resources.requests.cpu` | CPU resource requests for the process-agent container | `100m` | -| `agents.containers.processAgent.resources.limits.memory` | Memory resource limits for the process-agent container | `200Mi` | -| `agents.containers.processAgent.resources.requests.memory` | Memory resource requests for the process-agent container | `200Mi` | -| `agents.containers.traceAgent.env` | Additional list of environment variables to use in the trace-agent container | `nil` | -| `agents.containers.traceAgent.logLevel` | Trace agent log verbosity | `INFO` | -| `agents.containers.traceAgent.resources.limits.cpu` | CPU resource limits for the trace-agent container | `100m` | -| `agents.containers.traceAgent.resources.requests.cpu` | CPU resource requests for the trace-agent container | `100m` | -| `agents.containers.traceAgent.resources.limits.memory` | Memory resource limits for the trace-agent container | `200Mi` | -| `agents.containers.traceAgent.resources.requests.memory` | Memory resource requests for the trace-agent container | `200Mi` | -| `agents.containers.systemProbe.env` | Additional list of environment variables to use in the system-probe container | `nil` | -| `agents.containers.systemProbe.logLevel` | System probe log verbosity | `INFO` | -| `agents.containers.systemProbe.resources.limits.cpu` | CPU resource limits for the system-probe container | `100m` | -| `agents.containers.systemProbe.resources.requests.cpu` | CPU resource requests for the system-probe container | `100m` | -| `agents.containers.systemProbe.resources.limits.memory` | Memory resource limits for the system-probe container | `200Mi` | -| `agents.containers.systemProbe.resources.requests.memory` | Memory resource requests for the system-probe container | `200Mi` | -| `agents.containers.initContainers.resources.limits.cpu` | CPU resource limits for the init containers container | not set | -| `agents.containers.initContainers.resources.requests.cpu` | CPU resource requests for the init containers container | not set | -| `agents.containers.initContainers.resources.limits.memory` | Memory resource limits for the init containers container | not set | -| `agents.containers.initContainers.resources.requests.memory` | Memory resource requests for the init containers container | not set | -| `agents.priorityClassName` | Which Priority Class to associate with the daemonset | `nil` | -| `agents.useConfigMap` | Configures a configmap to provide the agent configuration. Use this in combination with the `agent.customAgentConfig` parameter. | `false` | -| `agents.customAgentConfig` | Specify custom contents for the datadog agent config (datadog.yaml). Note the `agents.useConfigMap` parameter needs to be set to `true` for this parameter to be taken into account. | `{}` | -| `agents.updateStrategy` | Which update strategy to deploy the daemonset | RollingUpdate with 10% maxUnavailable | -| `agents.volumes` | Additional volumes for the daemonset or deployment | `nil` | -| `agents.volumeMounts` | Additional volumeMounts for the daemonset or deployment | `nil` | -| `agents.podSecurity.podSecurityPolicy.create` | If true, create a PodSecurityPolicy resource for the Agent's Pods. Supported only for Linux agent's daemonset. | `False` | -| `agents.podSecurity.securityContextConstraints.create` | If true, create a SecurityContextConstraints resource for the Agent's Pods. Supported only for Linux agent's daemonset. | `False` | -| `datadog.podSecurity.securityContext` | Allows you to overwrite the default securityContext applied to the container | default security context configuration | -| `agents.podSecurity.privileged` | If true, allowed privileged containers | `False` | -| `agents.podSecurity.capabilites` | list of allowed capabilities | `[SYS_ADMIN, SYS_RESOURCE, SYS_ADMIN, IPC_LOCK]` | -| `agents.podSecurity.volumes` | list of allowed volumes types | `[configMap,downwardAPI,emptyDir,ostPath,secret]` | -| `agents.podSecurity.seccompProfiles` | List of allowed seccomp profiles | `["*"]` | -| `agents.podSecurity.apparmorProfiles` | List of allowed apparmor profiles | `["*"]` | -| `datadog.leaderElection` | Enable the leader Election feature | `false` | -| `datadog.leaderLeaseDuration` | The duration for which a leader stays elected. | 60 sec, 15 if Cluster Checks enabled | -| `datadog.collectEvents` | Enable Kubernetes event collection. Requires leader election. | `false` | -| `datadog.kubeStateMetricsEnabled` | If true, create kube-state-metrics | `true` | -| `clusterAgent.enabled` | Use the cluster-agent for cluster metrics (Kubernetes 1.10+ only) | `false` | -| `clusterAgent.token` | A cluster-internal secret for agent-to-agent communication. Must be 32+ characters a-zA-Z | Generates a random value | -| `clusterAgent.tokenExistingSecret` | If set, use the secret with a provided name instead of creating a new one | `nil` | -| `clusterAgent.image.repository` | The image repository for the cluster-agent | `datadog/cluster-agent` | -| `clusterAgent.image.tag` | The image tag to pull | `1.2.0` | -| `clusterAgent.image.pullPolicy` | Image pull policy | `IfNotPresent` | -| `clusterAgent.image.pullSecrets` | Image pull secrets | `nil` | -| `clusterAgent.command` | Override the default command to run in the container | `nil` | -| `clusterAgent.rbac.create` | If true, create & use RBAC resources for cluster agent's pods | `true` | -| `clusterAgent.rbac.serviceAccount` | existing ServiceAccount to use (ignored if rbac.create=true) for cluster agent's pods | `default` | -| `clusterAgent.metricsProvider.enabled` | Enable Datadog metrics as a source for HPA scaling | `false` | -| `clusterAgent.metricsProvider.service.type` | The type of service to use for the clusterAgent metrics server | `ClusterIP` | -| `clusterAgent.metricsProvider.service.port` | The port for service to use for the clusterAgent metrics server (Kubernetes >= 1.15) | `8443` | -| `clusterAgent.metricsProvider.wpaController` | Allows metricsProvider to work with WatermarkPodAutoscaler (requires WPA CRD) | `false` | -| `clusterAgent.metricsProvider.useDatadogMetrics` | Enable usage of DatadogMetric CRD to autoscale on arbitrary Datadog queries (requires DatadogMetric CRD) | `false` | -| `clusterAgent.metricsProvider.createReaderRbac` | Create `external-metrics-reader` RBAC automatically (to allow HPA to read data from Cluster Agent) | `true` | -| `clusterAgent.env` | Additional Datadog environment variables for the cluster-agent | `nil` | -| `clusterAgent.confd` | Additional check configurations (static and Autodiscovery) | `nil` | -| `clusterAgent.podAnnotations` | Annotations to add to the Cluster Agent Pod(s) | `nil` | -| `clusterAgent.podLabels` | Labels to add to the Cluster Agent Pod(s) | `nil` | -| `clusterAgent.createPodDisruptionBudget` | Enable a pod disruption budget to apply to the Cluster Agent pods | `false` | -| `clusterAgent.priorityClassName` | Name of the priorityClass to apply to the Cluster Agent | `nil` | -| `clusterAgent.nodeSelector` | Node selectors to apply to the Cluster Agent deployment | `nil` | -| `clusterAgent.affinity` | Node affinities to apply to the Cluster Agent deployment | `nil` | -| `clusterAgent.resources.requests.cpu` | CPU resource requests | not set | -| `clusterAgent.resources.limits.cpu` | CPU resource limits | not set | -| `clusterAgent.resources.requests.memory` | Memory resource requests | not set | -| `clusterAgent.resources.limits.memory` | Memory resource limits | not set | -| `clusterAgent.tolerations` | List of node taints to tolerate | `[]` | -| `clusterAgent.healthPort` | Overrides the default health port used by the liveness and readiness endpoint | `5555` | -| `clusterAgent.livenessProbe` | Overrides the default liveness probe | `http check on /live with port 5555` | -| `clusterAgent.readinessProbe` | Overrides the default readiness probe | `http check on /ready with port 5555` | -| `clusterAgent.strategy` | Which update strategy to deploy the cluster-agent | RollingUpdate with 0 maxUnavailable, 1 maxSurge | -| `clusterAgent.useHostNetwork` | If true, use the host's network | `nil` | -| `clusterAgent.dnsConfig` | If set, configure dnsConfig options in datadog cluster agent containers | `nil` | -| `clusterAgent.volumes` | Additional volumes for the cluster-agent deployment | `nil` | -| `clusterAgent.volumeMounts` | Additional volumeMounts for the cluster-agent deployment | `nil` | -| `clusterChecksRunner.enabled` | Enable Datadog agent deployment dedicated for running Cluster Checks. It allows having different resources (Request/Limit) for Cluster Checks agent pods. | `false` | -| `clusterChecksRunner.env` | Additional Datadog environment variables for Cluster Checks Deployment | `nil` | -| `clusterChecksRunner.createPodDisruptionBudget` | Enable a pod disruption budget to apply to the Cluster Checks pods | `false` | -| `clusterChecksRunner.resources.requests.cpu` | CPU resource requests | not set | -| `clusterChecksRunner.resources.limits.cpu` | CPU resource limits | not set | -| `clusterChecksRunner.resources.requests.memory` | Memory resource requests | not set | -| `clusterChecksRunner.resources.limits.memory` | Memory resource limits | not set | -| `clusterChecksRunner.nodeSelector` | Node selectors | `nil` | -| `clusterChecksRunner.tolerations` | List of node taints to tolerate | `nil` | -| `clusterChecksRunner.affinity` | Node affinities | avoid running pods on the same node | -| `clusterChecksRunner.livenessProbe` | Overrides the default liveness probe | http check on /live with port 5555 | -| `clusterChecksRunner.readinessProbe` | Overrides the default readiness probe | http check on /ready with port 5555 | -| `clusterChecksRunner.rbac.create` | If true, create & use RBAC resources for clusterchecks agent's pods | `true` | -| `clusterChecksRunner.rbac.dedicated` | If true, use dedicated RBAC resources for clusterchecks agent's pods | `false` | -| `clusterChecksRunner.rbac.serviceAccount` | existing ServiceAccount to use (ignored if rbac.create=true) for clusterchecks agent's pods | `default` | -| `clusterChecksRunner.rbac.serviceAccountAnnotations` | Annotations to add to the ServiceAccount if `clusterChecksRunner.rbac.dedicated` is `true` | `{}` | -| `clusterChecksRunner.strategy` | Which update strategy to deploy the Cluster Checks Deployment | RollingUpdate with 0 maxUnavailable, 1 maxSurge | -| `clusterChecksRunner.volumes` | Additional volumes for the Cluster Checks deployment | `nil` | -| `clusterChecksRunner.volumeMounts` | Additional volumeMounts for the Cluster Checks deployment | `nil` | -| `clusterChecksRunner.dnsConfig` | If set, configure dnsConfig options in datadog cluster agent clusterChecks containers | `nil` | -| `kube-state-metrics.rbac.create` | If true, create & use RBAC resources for kube-state-metrics | `true` | -| `kube-state-metrics.serviceAccount.create` | If true, create & use serviceAccount | `true` | -| `kube-state-metrics.serviceAccount.name` | If not set & create is true, use template fullname | | -| `kube-state-metrics.resources` | Overwrite the default kube-state-metrics container resources (Optional) | | - -## Configuration options for Windows deployments - -Some options above are not working/not available on Windows, here is the list of **unsupported** options: - -| Parameter | Reason | -|------------------------------------------|--------------------------------------------------| -| `datadog.dogstatsd.useHostPID` | Host PID not supported by Windows Containers | -| `datadog.dogstatsd.useSocketVolume` | Unix sockets not supported on Windows | -| `datadog.dogstatsd.socketPath` | Unix sockets not supported on Windows | -| `datadog.processAgent.processCollection` | Unable to access host/other containers processes | -| `datadog.systemProbe.enabled` | System probe is not available for Windows | -| `datadog.systemProbe.seccomp` | System probe is not available for Windows | -| `datadog.systemProbe.seccompRoot` | System probe is not available for Windows | -| `datadog.systemProbe.debugPort` | System probe is not available for Windows | -| `datadog.systemProbe.enableConntrack` | System probe is not available for Windows | -| `datadog.systemProbe.bpfDebug` | System probe is not available for Windows | -| `datadog.systemProbe.apparmor` | System probe is not available for Windows | -| `agents.useHostNetwork` | Host network not supported by Windows Containers | diff --git a/charts/datadog/datadog/2.4.200/app-readme.md b/charts/datadog/datadog/2.4.200/app-readme.md deleted file mode 100755 index 4adcb1d9f..000000000 --- a/charts/datadog/datadog/2.4.200/app-readme.md +++ /dev/null @@ -1,32 +0,0 @@ -# Datadog - -[Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/kubernetes/charts/tree/master/stable/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). - -Datadog [offers two variants](https://hub.docker.com/r/datadog/agent/tags/), switch to a `-jmx` tag if you need to run JMX/java integrations. The chart also supports running [the standalone dogstatsd image](https://hub.docker.com/r/datadog/dogstatsd/tags/). - -See the [Datadog JMX integration](https://docs.datadoghq.com/integrations/java/) to learn more. - -## Prerequisites - -Kubernetes 1.4+ or OpenShift 3.4+, note that: - -* the Datadog Agent supports Kubernetes 1.3+ -* The Datadog chart's defaults are tailored to Kubernetes 1.7.6+, see [Datadog Agent legacy Kubernetes versions documentation](https://github.com/DataDog/datadog-agent/tree/master/Dockerfiles/agent#legacy-kubernetes-versions) for adjustments you might need to make for older versions - -## Quick start - -By default, the Datadog Agent runs in a DaemonSet. It can alternatively run inside a Deployment for special use cases. - -**Note:** simultaneous DaemonSet + Deployment installation within a single release will be deprecated in a future version, requiring two releases to achieve this. - -### Installing the Datadog Chart - -To install the chart with the release name ``, retrieve your Datadog API key from your [Agent Installation Instructions](https://app.datadoghq.com/account/settings#agent/kubernetes) and run: - -```bash -helm install --name \ - --set datadog.apiKey= stable/datadog -``` - -By default, this Chart creates a Secret and puts an API key in that Secret. -However, you can use manually created secret by setting the `datadog.apiKeyExistingSecret` value. After a few minutes, you should see hosts and metrics being reported in Datadog. diff --git a/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/.helmignore b/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/.helmignore deleted file mode 100755 index f0c131944..000000000 --- a/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/Chart.yaml b/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/Chart.yaml deleted file mode 100755 index 4ef688395..000000000 --- a/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/Chart.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v1 -appVersion: 1.9.7 -description: Install kube-state-metrics to generate and expose cluster-level metrics -home: https://github.com/kubernetes/kube-state-metrics/ -keywords: -- metric -- monitoring -- prometheus -- kubernetes -maintainers: -- email: jose@armesto.net - name: fiunchinho -- email: tariq.ibrahim@mulesoft.com - name: tariq1890 -- email: manuel@rueg.eu - name: mrueg -name: kube-state-metrics -sources: -- https://github.com/kubernetes/kube-state-metrics/ -version: 2.8.11 diff --git a/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/OWNERS b/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/OWNERS deleted file mode 100755 index 6ffd97d74..000000000 --- a/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -approvers: -- fiunchinho -- tariq1890 -- mrueg -reviewers: -- fiunchinho -- tariq1890 -- mrueg diff --git a/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/README.md b/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/README.md deleted file mode 100755 index 7d5cee525..000000000 --- a/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/README.md +++ /dev/null @@ -1,79 +0,0 @@ -# kube-state-metrics Helm Chart - -* Installs the [kube-state-metrics agent](https://github.com/kubernetes/kube-state-metrics). - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```bash -$ helm install stable/kube-state-metrics -``` - -## Configuration - -| Parameter | Description | Default | -|:---------------------------------------------|:--------------------------------------------------------------------------------------|:-------------------------------------------| -| `image.repository` | The image repository to pull from | `quay.io/coreos/kube-state-metrics` | -| `image.tag` | The image tag to pull from | `v1.9.7` | -| `image.pullPolicy` | Image pull policy | `IfNotPresent` | -| `imagePullSecrets` | List of container registry secrets | `[]` | -| `replicas` | Number of replicas | `1` | -| `autosharding.enabled` | Set to `true` to automatically shard data across `replicas` pods. EXPERIMENTAL | `false` | -| `service.port` | The port of the container | `8080` | -| `service.annotations` | Annotations to be added to the service | `{}` | -| `customLabels` | Custom labels to apply to service, deployment and pods | `{}` | -| `hostNetwork` | Whether or not to use the host network | `false` | -| `prometheusScrape` | Whether or not enable prom scrape | `true` | -| `rbac.create` | If true, create & use RBAC resources | `true` | -| `serviceAccount.create` | If true, create & use serviceAccount | `true` | -| `serviceAccount.name` | If not set & create is true, use template fullname | | -| `serviceAccount.imagePullSecrets` | Specify image pull secrets field | `[]` | -| `podSecurityPolicy.enabled` | If true, create & use PodSecurityPolicy resources. Note that related RBACs are created only if `rbac.enabled` is `true`. | `false` | -| `podSecurityPolicy.annotations` | Specify pod annotations in the pod security policy | `{}` | -| `podSecurityPolicy.additionalVolumes` | Specify allowed volumes in the pod security policy (`secret` is always allowed) | `[]` | -| `securityContext.enabled` | Enable security context | `true` | -| `securityContext.fsGroup` | Group ID for the filesystem | `65534` | -| `securityContext.runAsGroup` | Group ID for the container | `65534` | -| `securityContext.runAsUser` | User ID for the container | `65534` | -| `priorityClassName` | Name of Priority Class to assign pods | `nil` | -| `nodeSelector` | Node labels for pod assignment | `{}` | -| `affinity` | Affinity settings for pod assignment | `{}` | -| `tolerations` | Tolerations for pod assignment | `[]` | -| `podAnnotations` | Annotations to be added to the pod | `{}` | -| `podDisruptionBudget` | Optional PodDisruptionBudget | `{}` | -| `resources` | kube-state-metrics resource requests and limits | `{}` | -| `collectors.certificatesigningrequests` | Enable the certificatesigningrequests collector. | `true` | -| `collectors.configmaps` | Enable the configmaps collector. | `true` | -| `collectors.cronjobs` | Enable the cronjobs collector. | `true` | -| `collectors.daemonsets` | Enable the daemonsets collector. | `true` | -| `collectors.deployments` | Enable the deployments collector. | `true` | -| `collectors.endpoints` | Enable the endpoints collector. | `true` | -| `collectors.horizontalpodautoscalers` | Enable the horizontalpodautoscalers collector. | `true` | -| `collectors.ingresses` | Enable the ingresses collector. | `true` | -| `collectors.jobs` | Enable the jobs collector. | `true` | -| `collectors.limitranges` | Enable the limitranges collector. | `true` | -| `collectors.mutatingwebhookconfigurations` | Enable the mutatingwebhookconfigurations collector. | `true` | -| `collectors.namespaces` | Enable the namespaces collector. | `true` | -| `collectors.networkpolicies` | Enable the networkpolicies collector. | `true` | -| `collectors.nodes` | Enable the nodes collector. | `true` | -| `collectors.persistentvolumeclaims` | Enable the persistentvolumeclaims collector. | `true` | -| `collectors.persistentvolumes` | Enable the persistentvolumes collector. | `true` | -| `collectors.poddisruptionbudgets` | Enable the poddisruptionbudgets collector. | `true` | -| `collectors.pods` | Enable the pods collector. | `true` | -| `collectors.replicasets` | Enable the replicasets collector. | `true` | -| `collectors.replicationcontrollers` | Enable the replicationcontrollers collector. | `true` | -| `collectors.resourcequotas` | Enable the resourcequotas collector. | `true` | -| `collectors.secrets` | Enable the secrets collector. | `true` | -| `collectors.services` | Enable the services collector. | `true` | -| `collectors.statefulsets` | Enable the statefulsets collector. | `true` | -| `collectors.storageclasses` | Enable the storageclasses collector. | `true` | -| `collectors.validatingwebhookconfigurations` | Enable the validatingwebhookconfigurations collector. | `true` | -| `collectors.verticalpodautoscalers` | Enable the verticalpodautoscalers collector. | `true` | -| `collectors.volumeattachments` | Enable the volumeattachments collector. | `true` | -| `prometheus.monitor.enabled` | Set this to `true` to create ServiceMonitor for Prometheus operator | `false` | -| `prometheus.monitor.additionalLabels` | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus | `{}` | -| `prometheus.monitor.namespace` | Namespace where servicemonitor resource should be created | `the same namespace as kube-state-metrics` | -| `prometheus.monitor.honorLabels` | Honor metric labels | `false` | -| `namespaceOverride` | Override the deployment namespace | `""` (`Release.Namespace`) | -| `kubeTargetVersionOverride` | Override the k8s version of the target cluster | `""` | diff --git a/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/NOTES.txt b/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/NOTES.txt deleted file mode 100755 index 5a646e0cc..000000000 --- a/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/NOTES.txt +++ /dev/null @@ -1,10 +0,0 @@ -kube-state-metrics is a simple service that listens to the Kubernetes API server and generates metrics about the state of the objects. -The exposed metrics can be found here: -https://github.com/kubernetes/kube-state-metrics/blob/master/docs/README.md#exposed-metrics - -The metrics are exported on the HTTP endpoint /metrics on the listening port. -In your case, {{ template "kube-state-metrics.fullname" . }}.{{ template "kube-state-metrics.namespace" . }}.svc.cluster.local:{{ .Values.service.port }}/metrics - -They are served either as plaintext or protobuf depending on the Accept header. -They are designed to be consumed either by Prometheus itself or by a scraper that is compatible with scraping a Prometheus client endpoint. - diff --git a/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/_helpers.tpl b/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/_helpers.tpl deleted file mode 100755 index 6ae0e647f..000000000 --- a/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/_helpers.tpl +++ /dev/null @@ -1,47 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "kube-state-metrics.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "kube-state-metrics.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "kube-state-metrics.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "kube-state-metrics.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Allow the release namespace to be overridden for multi-namespace deployments in combined charts -*/}} -{{- define "kube-state-metrics.namespace" -}} - {{- if .Values.namespaceOverride -}} - {{- .Values.namespaceOverride -}} - {{- else -}} - {{- .Release.Namespace -}} - {{- end -}} -{{- end -}} diff --git a/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/clusterrole.yaml b/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/clusterrole.yaml deleted file mode 100755 index 319aec16c..000000000 --- a/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/clusterrole.yaml +++ /dev/null @@ -1,180 +0,0 @@ -{{- if .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - name: {{ template "kube-state-metrics.fullname" . }} -rules: -{{ if .Values.collectors.certificatesigningrequests }} -- apiGroups: ["certificates.k8s.io"] - resources: - - certificatesigningrequests - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.configmaps }} -- apiGroups: [""] - resources: - - configmaps - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.cronjobs }} -- apiGroups: ["batch"] - resources: - - cronjobs - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.daemonsets }} -- apiGroups: ["extensions", "apps"] - resources: - - daemonsets - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.deployments }} -- apiGroups: ["extensions", "apps"] - resources: - - deployments - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.endpoints }} -- apiGroups: [""] - resources: - - endpoints - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.horizontalpodautoscalers }} -- apiGroups: ["autoscaling"] - resources: - - horizontalpodautoscalers - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.ingresses }} -- apiGroups: ["extensions", "networking.k8s.io"] - resources: - - ingresses - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.jobs }} -- apiGroups: ["batch"] - resources: - - jobs - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.limitranges }} -- apiGroups: [""] - resources: - - limitranges - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.mutatingwebhookconfigurations }} -- apiGroups: ["admissionregistration.k8s.io"] - resources: - - mutatingwebhookconfigurations - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.namespaces }} -- apiGroups: [""] - resources: - - namespaces - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.networkpolicies }} -- apiGroups: ["networking.k8s.io"] - resources: - - networkpolicies - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.nodes }} -- apiGroups: [""] - resources: - - nodes - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.persistentvolumeclaims }} -- apiGroups: [""] - resources: - - persistentvolumeclaims - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.persistentvolumes }} -- apiGroups: [""] - resources: - - persistentvolumes - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.poddisruptionbudgets }} -- apiGroups: ["policy"] - resources: - - poddisruptionbudgets - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.pods }} -- apiGroups: [""] - resources: - - pods - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.replicasets }} -- apiGroups: ["extensions", "apps"] - resources: - - replicasets - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.replicationcontrollers }} -- apiGroups: [""] - resources: - - replicationcontrollers - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.resourcequotas }} -- apiGroups: [""] - resources: - - resourcequotas - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.secrets }} -- apiGroups: [""] - resources: - - secrets - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.services }} -- apiGroups: [""] - resources: - - services - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.statefulsets }} -- apiGroups: ["apps"] - resources: - - statefulsets - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.storageclasses }} -- apiGroups: ["storage.k8s.io"] - resources: - - storageclasses - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.validatingwebhookconfigurations }} -- apiGroups: ["admissionregistration.k8s.io"] - resources: - - validatingwebhookconfigurations - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.volumeattachments }} -- apiGroups: ["storage.k8s.io"] - resources: - - volumeattachments - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.verticalpodautoscalers }} -- apiGroups: ["autoscaling.k8s.io"] - resources: - - verticalpodautoscalers - verbs: ["list", "watch"] -{{ end -}} -{{- end -}} diff --git a/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/clusterrolebinding.yaml b/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/clusterrolebinding.yaml deleted file mode 100755 index 4635985aa..000000000 --- a/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - name: {{ template "kube-state-metrics.fullname" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kube-state-metrics.fullname" . }} -subjects: -- kind: ServiceAccount - name: {{ template "kube-state-metrics.fullname" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} -{{- end -}} diff --git a/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/deployment.yaml b/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/deployment.yaml deleted file mode 100755 index 99656046c..000000000 --- a/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/deployment.yaml +++ /dev/null @@ -1,191 +0,0 @@ -apiVersion: apps/v1 -{{- if .Values.autosharding.enabled }} -kind: StatefulSet -{{- else }} -kind: Deployment -{{- end }} -metadata: - name: {{ template "kube-state-metrics.fullname" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} - labels: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - app.kubernetes.io/instance: "{{ .Release.Name }}" - app.kubernetes.io/managed-by: "{{ .Release.Service }}" -{{- if .Values.customLabels }} -{{ toYaml .Values.customLabels | indent 4 }} -{{- end }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} - replicas: {{ .Values.replicas }} -{{- if .Values.autosharding.enabled }} - serviceName: {{ template "kube-state-metrics.fullname" . }} - volumeClaimTemplates: [] -{{- end }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} - app.kubernetes.io/instance: "{{ .Release.Name }}" -{{- if .Values.customLabels }} -{{ toYaml .Values.customLabels | indent 8 }} -{{- end }} -{{- if .Values.podAnnotations }} - annotations: -{{ toYaml .Values.podAnnotations | indent 8 }} -{{- end }} - spec: - hostNetwork: {{ .Values.hostNetwork }} - serviceAccountName: {{ template "kube-state-metrics.serviceAccountName" . }} - {{- if .Values.securityContext.enabled }} - securityContext: - fsGroup: {{ .Values.securityContext.fsGroup }} - runAsGroup: {{ .Values.securityContext.runAsGroup }} - runAsUser: {{ .Values.securityContext.runAsUser }} - {{- end }} - {{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName }} - {{- end }} - containers: - - name: {{ .Chart.Name }} -{{- if .Values.autosharding.enabled }} - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace -{{- end }} - args: -{{ if .Values.collectors.certificatesigningrequests }} - - --collectors=certificatesigningrequests -{{ end }} -{{ if .Values.collectors.configmaps }} - - --collectors=configmaps -{{ end }} -{{ if .Values.collectors.cronjobs }} - - --collectors=cronjobs -{{ end }} -{{ if .Values.collectors.daemonsets }} - - --collectors=daemonsets -{{ end }} -{{ if .Values.collectors.deployments }} - - --collectors=deployments -{{ end }} -{{ if .Values.collectors.endpoints }} - - --collectors=endpoints -{{ end }} -{{ if .Values.collectors.horizontalpodautoscalers }} - - --collectors=horizontalpodautoscalers -{{ end }} -{{ if .Values.collectors.ingresses }} - - --collectors=ingresses -{{ end }} -{{ if .Values.collectors.jobs }} - - --collectors=jobs -{{ end }} -{{ if .Values.collectors.limitranges }} - - --collectors=limitranges -{{ end }} -{{ if .Values.collectors.mutatingwebhookconfigurations }} - - --collectors=mutatingwebhookconfigurations -{{ end }} -{{ if .Values.collectors.namespaces }} - - --collectors=namespaces -{{ end }} -{{ if .Values.collectors.networkpolicies }} - - --collectors=networkpolicies -{{ end }} -{{ if .Values.collectors.nodes }} - - --collectors=nodes -{{ end }} -{{ if .Values.collectors.persistentvolumeclaims }} - - --collectors=persistentvolumeclaims -{{ end }} -{{ if .Values.collectors.persistentvolumes }} - - --collectors=persistentvolumes -{{ end }} -{{ if .Values.collectors.poddisruptionbudgets }} - - --collectors=poddisruptionbudgets -{{ end }} -{{ if .Values.collectors.pods }} - - --collectors=pods -{{ end }} -{{ if .Values.collectors.replicasets }} - - --collectors=replicasets -{{ end }} -{{ if .Values.collectors.replicationcontrollers }} - - --collectors=replicationcontrollers -{{ end }} -{{ if .Values.collectors.resourcequotas }} - - --collectors=resourcequotas -{{ end }} -{{ if .Values.collectors.secrets }} - - --collectors=secrets -{{ end }} -{{ if .Values.collectors.services }} - - --collectors=services -{{ end }} -{{ if .Values.collectors.statefulsets }} - - --collectors=statefulsets -{{ end }} -{{ if .Values.collectors.storageclasses }} - - --collectors=storageclasses -{{ end }} -{{ if .Values.collectors.validatingwebhookconfigurations }} - - --collectors=validatingwebhookconfigurations -{{ end }} -{{ if .Values.collectors.verticalpodautoscalers }} - - --collectors=verticalpodautoscalers -{{ end }} -{{ if .Values.collectors.volumeattachments }} - - --collectors=volumeattachments -{{ end }} -{{ if .Values.namespace }} - - --namespace={{ .Values.namespace }} -{{ end }} -{{ if .Values.autosharding.enabled }} - - --pod=$(POD_NAME) - - --pod-namespace=$(POD_NAMESPACE) -{{ end }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - ports: - - containerPort: 8080 - livenessProbe: - httpGet: - path: /healthz - port: 8080 - initialDelaySeconds: 5 - timeoutSeconds: 5 - readinessProbe: - httpGet: - path: / - port: 8080 - initialDelaySeconds: 5 - timeoutSeconds: 5 -{{- if .Values.resources }} - resources: -{{ toYaml .Values.resources | indent 10 }} -{{- end }} -{{- if .Values.imagePullSecrets }} - imagePullSecrets: -{{ toYaml .Values.imagePullSecrets | indent 8 }} -{{- end }} -{{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 8 }} -{{- end }} -{{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 8 }} -{{- end }} -{{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 8 }} -{{- end }} diff --git a/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/pdb.yaml b/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/pdb.yaml deleted file mode 100755 index 6adb50d79..000000000 --- a/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/pdb.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.podDisruptionBudget -}} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ template "kube-state-metrics.fullname" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} - labels: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - app.kubernetes.io/instance: "{{ .Release.Name }}" - app.kubernetes.io/managed-by: "{{ .Release.Service }}" -spec: - selector: - matchLabels: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} -{{ toYaml .Values.podDisruptionBudget | indent 2 }} -{{- end -}} \ No newline at end of file diff --git a/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/podsecuritypolicy.yaml b/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/podsecuritypolicy.yaml deleted file mode 100755 index e822ba0e7..000000000 --- a/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/podsecuritypolicy.yaml +++ /dev/null @@ -1,42 +0,0 @@ -{{- if .Values.podSecurityPolicy.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "kube-state-metrics.fullname" . }} - labels: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} -{{- if .Values.podSecurityPolicy.annotations }} - annotations: -{{ toYaml .Values.podSecurityPolicy.annotations | indent 4 }} -{{- end }} -spec: - privileged: false - volumes: - - 'secret' -{{- if .Values.podSecurityPolicy.additionalVolumes }} -{{ toYaml .Values.podSecurityPolicy.additionalVolumes | indent 4 }} -{{- end }} - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'MustRunAsNonRoot' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - readOnlyRootFilesystem: false -{{- end }} diff --git a/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/psp-clusterrole.yaml b/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/psp-clusterrole.yaml deleted file mode 100755 index 217abc950..000000000 --- a/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/psp-clusterrole.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if and .Values.podSecurityPolicy.enabled .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - name: psp-{{ template "kube-state-metrics.fullname" . }} -rules: -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if semverCompare "> 1.15.0-0" $kubeTargetVersion }} -- apiGroups: ['policy'] -{{- else }} -- apiGroups: ['extensions'] -{{- end }} - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "kube-state-metrics.fullname" . }} -{{- end }} diff --git a/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/psp-clusterrolebinding.yaml b/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/psp-clusterrolebinding.yaml deleted file mode 100755 index feb97f228..000000000 --- a/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/psp-clusterrolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if and .Values.podSecurityPolicy.enabled .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - name: psp-{{ template "kube-state-metrics.fullname" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: psp-{{ template "kube-state-metrics.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ template "kube-state-metrics.fullname" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} -{{- end }} diff --git a/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/service.yaml b/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/service.yaml deleted file mode 100755 index 5dacf5217..000000000 --- a/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/service.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "kube-state-metrics.fullname" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} - labels: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - app.kubernetes.io/instance: "{{ .Release.Name }}" - app.kubernetes.io/managed-by: "{{ .Release.Service }}" -{{- if .Values.customLabels }} -{{ toYaml .Values.customLabels | indent 4 }} -{{- end }} - annotations: - {{- if .Values.prometheusScrape }} - prometheus.io/scrape: '{{ .Values.prometheusScrape }}' - {{- end }} - {{- if .Values.service.annotations }} - {{- toYaml .Values.service.annotations | nindent 4 }} - {{- end }} -spec: - type: "{{ .Values.service.type }}" - ports: - - name: "http" - protocol: TCP - port: {{ .Values.service.port }} - {{- if .Values.service.nodePort }} - nodePort: {{ .Values.service.nodePort }} - {{- end }} - targetPort: 8080 -{{- if .Values.service.loadBalancerIP }} - loadBalancerIP: "{{ .Values.service.loadBalancerIP }}" -{{- end }} - selector: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/serviceaccount.yaml b/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/serviceaccount.yaml deleted file mode 100755 index 32bb1640f..000000000 --- a/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - name: {{ template "kube-state-metrics.fullname" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} -imagePullSecrets: -{{ toYaml .Values.serviceAccount.imagePullSecrets | indent 2 }} -{{- end -}} diff --git a/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/servicemonitor.yaml b/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/servicemonitor.yaml deleted file mode 100755 index 54cde362d..000000000 --- a/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/servicemonitor.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if .Values.prometheus.monitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "kube-state-metrics.fullname" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} - labels: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - app.kubernetes.io/instance: "{{ .Release.Name }}" - app.kubernetes.io/managed-by: "{{ .Release.Service }}" - {{- if .Values.prometheus.monitor.additionalLabels }} -{{ toYaml .Values.prometheus.monitor.additionalLabels | indent 4 }} - {{- end }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - endpoints: - - port: http - {{- if .Values.prometheus.monitor.honorLabels }} - honorLabels: true - {{- end }} -{{- end }} diff --git a/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/stsdiscovery-role.yaml b/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/stsdiscovery-role.yaml deleted file mode 100755 index bf5396072..000000000 --- a/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/stsdiscovery-role.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{- if and .Values.autosharding.enabled .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} - labels: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} -rules: -- apiGroups: - - "" - resources: - - pods - verbs: - - get -- apiGroups: - - apps - resourceNames: - - kube-state-metrics - resources: - - statefulsets - verbs: - - get -{{- end }} diff --git a/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml b/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml deleted file mode 100755 index 6a2e5bfe7..000000000 --- a/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if and .Values.autosharding.enabled .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} - labels: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ template "kube-state-metrics.fullname" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} -{{- end }} diff --git a/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/values.yaml b/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/values.yaml deleted file mode 100755 index 11f48fb77..000000000 --- a/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/values.yaml +++ /dev/null @@ -1,139 +0,0 @@ -# Default values for kube-state-metrics. -prometheusScrape: true -image: - repository: quay.io/coreos/kube-state-metrics - tag: v1.9.7 - pullPolicy: IfNotPresent - -imagePullSecrets: [] -# - name: "image-pull-secret" - -# If set to true, this will deploy kube-state-metrics as a StatefulSet and the data -# will be automatically sharded across <.Values.replicas> pods using the built-in -# autodiscovery feature: https://github.com/kubernetes/kube-state-metrics#automated-sharding -# This is an experimental feature and there are no stability guarantees. -autosharding: - enabled: false - -replicas: 1 - -service: - port: 8080 - # Default to clusterIP for backward compatibility - type: ClusterIP - nodePort: 0 - loadBalancerIP: "" - annotations: {} - -customLabels: {} - -hostNetwork: false - -rbac: - # If true, create & use RBAC resources - create: true - -serviceAccount: - # Specifies whether a ServiceAccount should be created, require rbac true - create: true - # The name of the ServiceAccount to use. - # If not set and create is true, a name is generated using the fullname template - name: - # Reference to one or more secrets to be used when pulling images - # ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - imagePullSecrets: [] - -prometheus: - monitor: - enabled: false - additionalLabels: {} - namespace: "" - honorLabels: false - -## Specify if a Pod Security Policy for kube-state-metrics must be created -## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ -## -podSecurityPolicy: - enabled: false - annotations: {} - ## Specify pod annotations - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl - ## - # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' - # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' - # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' - - additionalVolumes: [] - -securityContext: - enabled: true - runAsGroup: 65534 - runAsUser: 65534 - fsGroup: 65534 - -## Node labels for pod assignment -## Ref: https://kubernetes.io/docs/user-guide/node-selection/ -nodeSelector: {} - -## Affinity settings for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ -affinity: {} - -## Tolerations for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -tolerations: [] - -# Annotations to be added to the pod -podAnnotations: {} - -## Assign a PriorityClassName to pods if set -# priorityClassName: "" - -# Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ -podDisruptionBudget: {} - -# Available collectors for kube-state-metrics. By default all available -# collectors are enabled. -collectors: - certificatesigningrequests: true - configmaps: true - cronjobs: true - daemonsets: true - deployments: true - endpoints: true - horizontalpodautoscalers: true - ingresses: true - jobs: true - limitranges: true - mutatingwebhookconfigurations: true - namespaces: true - networkpolicies: true - nodes: true - persistentvolumeclaims: true - persistentvolumes: true - poddisruptionbudgets: true - pods: true - replicasets: true - replicationcontrollers: true - resourcequotas: true - secrets: true - services: true - statefulsets: true - storageclasses: true - validatingwebhookconfigurations: true - verticalpodautoscalers: false - volumeattachments: true - -# Namespace to be enabled for collecting resources. By default all namespaces are collected. -# namespace: "" - -## Override the deployment namespace -## -namespaceOverride: "" - -## Provide a k8s version to define apiGroups for podSecurityPolicy Cluster Role. -## For example: kubeTargetVersionOverride: 1.14.9 -## -kubeTargetVersionOverride: "" diff --git a/charts/datadog/datadog/2.4.200/ci/cluster-agent-and-worker-with-dedicated-rbac-values.yaml b/charts/datadog/datadog/2.4.200/ci/cluster-agent-and-worker-with-dedicated-rbac-values.yaml deleted file mode 100755 index d290ace8a..000000000 --- a/charts/datadog/datadog/2.4.200/ci/cluster-agent-and-worker-with-dedicated-rbac-values.yaml +++ /dev/null @@ -1,17 +0,0 @@ -datadog: - apiKey: "00000000000000000000000000000000" - appKey: "0000000000000000000000000000000000000000" - kubeStateMetricsEnabled: false - clusterChecks: - enabled: true - -clusterAgent: - enabled: true - -clusterChecksRunner: - enabled: true - replicas: 1 - rbac: - dedicated: true - serviceAccountAnnotations: - "eks.amazonaws.com/role-arn": "arn:aws:iam::123456789012:role/datadog-clusterchecker" diff --git a/charts/datadog/datadog/2.4.200/ci/cluster-agent-metrics-server-service-port-values.yaml b/charts/datadog/datadog/2.4.200/ci/cluster-agent-metrics-server-service-port-values.yaml deleted file mode 100755 index 2006b81a4..000000000 --- a/charts/datadog/datadog/2.4.200/ci/cluster-agent-metrics-server-service-port-values.yaml +++ /dev/null @@ -1,13 +0,0 @@ -datadog: - apiKey: "00000000000000000000000000000000" - appKey: "0000000000000000000000000000000000000000" - kubeStateMetricsEnabled: false - -clusterAgent: - enabled: true - - metricsProvider: - enabled: true - - service: - port: 4443 diff --git a/charts/datadog/datadog/2.4.200/ci/cluster-agent-values.yaml b/charts/datadog/datadog/2.4.200/ci/cluster-agent-values.yaml deleted file mode 100755 index 7a5aeb66a..000000000 --- a/charts/datadog/datadog/2.4.200/ci/cluster-agent-values.yaml +++ /dev/null @@ -1,25 +0,0 @@ -datadog: - clusterName: kubernetes-cluster.example.com - apiKey: "00000000000000000000000000000000" - appKey: "0000000000000000000000000000000000000000" - kubeStateMetricsEnabled: false - clusterChecks: - enabled: true - -clusterAgent: - enabled: true - wpaController: true - -clusterChecksRunner: - enabled: true - replicas: 1 - - volumes: - - name: tmp - hostPath: - path: /tmp - - volumeMounts: - - name: tmp - mountPath: /etc/tmp - readOnly: true diff --git a/charts/datadog/datadog/2.4.200/ci/default-values.yaml b/charts/datadog/datadog/2.4.200/ci/default-values.yaml deleted file mode 100755 index ff92bd38a..000000000 --- a/charts/datadog/datadog/2.4.200/ci/default-values.yaml +++ /dev/null @@ -1,4 +0,0 @@ -# Empty values file for testing default parameters. -datadog: - apiKey: "00000000000000000000000000000000" - appKey: "0000000000000000000000000000000000000000" diff --git a/charts/datadog/datadog/2.4.200/ci/dogstastd-socket-values.yaml b/charts/datadog/datadog/2.4.200/ci/dogstastd-socket-values.yaml deleted file mode 100755 index a514bea92..000000000 --- a/charts/datadog/datadog/2.4.200/ci/dogstastd-socket-values.yaml +++ /dev/null @@ -1,12 +0,0 @@ -# Empty values file for testing default parameters. -datadog: - apiKey: "00000000000000000000000000000000" - appKey: "0000000000000000000000000000000000000000" - kubeStateMetricsEnabled: false - - dogstatsd: - useSocketVolume: true - - apm: - enabled: true - useSocketVolume: true diff --git a/charts/datadog/datadog/2.4.200/ci/kubeval.yaml b/charts/datadog/datadog/2.4.200/ci/kubeval.yaml deleted file mode 100755 index c1723ded6..000000000 --- a/charts/datadog/datadog/2.4.200/ci/kubeval.yaml +++ /dev/null @@ -1,46 +0,0 @@ -datadog: - apiKey: "00000000000000000000000000000000" - appKey: "0000000000000000000000000000000000000000" - env: - - name: "DD_KUBELET_TLS_VERIFY" - value: "false" - logs: - enabled: true - containerCollectAll: true - apm: - enabled: true - processAgent: - enabled: true - processCollection: true - systemProbe: - enabled: true - enableConntrack: true - enableTCPQueueLength: true - enableOOMKill: true - collectDNSStats: true - orchestratorExplorer: - enabled: true - clusterChecks: - enabled: true - kubeStateMetricsEnabled: true -clusterAgent: - enabled: true - createPodDisruptionBudget: true - nodeSelector: - kubernetes.io/os: linux - metricsProvider: - enabled: false - admissionController: - enabled: true - mutateUnlabelled: true -clusterChecksRunner: - enabled: true - createPodDisruptionBudget: true - nodeSelector: - kubernetes.io/os: linux -agents: - nodeSelector: - kubernetes.io/os: linux - podSecurity: - podSecurityPolicy: - create: true diff --git a/charts/datadog/datadog/2.4.200/ci/no_hardened_seccomp-values.yaml b/charts/datadog/datadog/2.4.200/ci/no_hardened_seccomp-values.yaml deleted file mode 100755 index bafa362ef..000000000 --- a/charts/datadog/datadog/2.4.200/ci/no_hardened_seccomp-values.yaml +++ /dev/null @@ -1,7 +0,0 @@ -datadog: - apiKey: "00000000000000000000000000000000" - appKey: "0000000000000000000000000000000000000000" - kubeStateMetricsEnabled: false - systemProbe: - enabled: true - seccomp: runtime/default diff --git a/charts/datadog/datadog/2.4.200/ci/psp-test-values.yaml b/charts/datadog/datadog/2.4.200/ci/psp-test-values.yaml deleted file mode 100755 index f0bb23a43..000000000 --- a/charts/datadog/datadog/2.4.200/ci/psp-test-values.yaml +++ /dev/null @@ -1,9 +0,0 @@ -# Empty values file for testing default parameters. -datadog: - apiKey: "00000000000000000000000000000000" - appKey: "0000000000000000000000000000000000000000" - kubeStateMetricsEnabled: false -agents: - podSecurity: - podSecurityPolicy: - create: true diff --git a/charts/datadog/datadog/2.4.200/ci/securitycontext-nil-values.yaml b/charts/datadog/datadog/2.4.200/ci/securitycontext-nil-values.yaml deleted file mode 100755 index 155e92a35..000000000 --- a/charts/datadog/datadog/2.4.200/ci/securitycontext-nil-values.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# Test the support of `securitContext` set to `nil` -datadog: - apiKey: "00000000000000000000000000000000" - appKey: "0000000000000000000000000000000000000000" - kubeStateMetricsEnabled: false - - securityContext: diff --git a/charts/datadog/datadog/2.4.200/docs/Migration_1.x_to_2.x.md b/charts/datadog/datadog/2.4.200/docs/Migration_1.x_to_2.x.md deleted file mode 100755 index 062bcc5c5..000000000 --- a/charts/datadog/datadog/2.4.200/docs/Migration_1.x_to_2.x.md +++ /dev/null @@ -1,72 +0,0 @@ -# Chart 1.x to 2.x migration guide - -The `datadog` chart has been refactored to regroup the `values.yaml` parameters in a more logical way. -Migrating from chart v1 to chart v2 hence requires that you restructure the `values.yaml` file. -For all the parameters in the existing `values.yaml` file that applied to chart v1, you’ll -find the parameters to which they correspond to in v2 in the following table. -Parameters that are not listed in the table below haven’t been touched and are at the same -location in v1 and v2. - -| Old parameter | New location | comment | -| ------------- | ------------ | ------- | -| `image.repository` | `agents.image.repository` and `clusterCheckRunner.image.repository` | | -| `image.tag` | `agents.image.tag` and `clusterCheckRunner.image.tag` | | -| `image.pullPolicy` | `agents.image.pullPolicy` and `clusterCheckRunner.image.pullPolicy` | | -| `image.pullSecrets` | `agents.image.pullSecrets` and `clusterCheckRunner.image.pullSecrets` | | -| `datadog.name` | ∅ | The name of the container inside the Agent and Cluster Agent pod isn’t configurable anymore | -| `datadog.useCriSocketVolume` | ∅ | If `datadog.criSocketPath` is defined, the socket will be mounted inside the container without needing to set `datadog.useCriSocketVolume` in addition. | -| `datadog.containerLogsPath` | ∅ | Not needed anymore because the chart automatically detects if the CRI is `docker` based on `criSocketPath` and mounts the path accordingly | -| `datadog.apmEnabled` | `datadog.apm.enabled` | | -| `datadog.processAgentEnabled` | `datadog.processAgent.enabled` and `datadog.processAgent.processCollection:true` | | -| `datadog.volumes` | `agent.volumes` | | -| `datadog.volumeMounts` | `agent.VolumeMounts` | | -| `datadog.livenessProbe` | `agents.containers.agent.livenessProbe` | | -| `datadog.resources` | `agents.containers.agent.resources` | | -| `datadog.dogstatsdOriginDetection` | `datadog.dogstatsd.originDetection` | | -| `datadog.useDogStatsDSocketVolume` | `datadog.dogstatsd.useSocketVolume` | | -| `systemProbe.enabled` | `datadog.systemProbe.enabled` | | -| `systemProbe.debugPort` | `datadog.systemProbe.debugPort` | | -| `systemProbe.enableConntrack` | `datadog.systemProbe.enableConntrack` | | -| `systemProbe.seccomp` | `datadog.systemProbe.seccomp` | | -| `systemProbe.seccompRoot` | `datadog.systemProbe.seccompRoot` | | -| `systemProbe.bpfDebug` | `datadog.systemProbe.bpfDebug` | | -| `systemProbe.apparmor` | `datadog.systemProbe.apparmor` | | -| `clusterAgent.containerName` | ∅ | The name of the container inside the Cluster Agent pod isn’t configurable anymore | -| `clusterAgent.clusterChecks.enabled` | `datadog.clusterChecks.enabled` | | -| `rbac.create` | `agents.rbac.create` and `clusterAgent.rbac.create` | | -| `rbac.serviceAccountName` | `agents.rbac.serviceAccountName` and `clusterAgent.rabc.serviceAccountName` | | -| `toleration` | `agents.toleration` | | -| `kubeStateMetrics.enabled` | `datadog.kubeStateMetricsEnabled` | | -| `daemonset.enabled` | `agents.enabled` | | -| `daemonset.containers.agent.*` | `agents.containers.agent.*` | | -| `daemonset.containers.processAgent.*` | `agents.containers.processAgent.*` | | -| `daemonset.containers.traceAgent.*` | `agents.containers.traceAgent.*` | | -| `daemonset.containers.systemProbe.*` | `agents.containers.systemProbe.*` | | -| `daemonset.useHostNetwork` | `agents.useHostNetwork` | | -| `daemonset.dogstatsdPort` | `datadog.dogstatsd.port` | | -| `daemonset.useHostPort` | `datadog.dogstatsd.useHostPort` | | -| `daemonset.useHostPID` | `datadog.dogstatsd.useHostPID` | | -| `daemonset.nonLocalTraffic` | `datadog.dogstatsd.nonLocalTraffic` | | -| `daemonset.podAnnotations` | `agents.podAnnotations` | | -| `daemonset.tolerations` | `agents.tolerations` | | -| `daemonset.nodeSelector` | `agents.nodeSelector` | | -| `daemonset.affinity` | `agents.affinity` | | -| `daemonset.updateStrategy` | `agents.updateStrategy` | | -| `daemonset.priorityClassName` | `agents.priorityClassName` | | -| `daemonset.podLabels` | `agents.podLabels` | | -| `daemonset.useConfigMap` | `agents.useConfigMap` | | -| `daemonset.customAgentConfig.*` | `agents.customAgentConfig.*` | | -| `daemonset.useDedicatedContainers` | ∅ | | -| `deployment.*` | ∅ | | -| `clusterchecksDeployment.enabled` | `clusterChecksRunner.enabled` | | -| `clusterchecksDeployment.rbac.*` | `clusterChecksRunner.rbac.*` | | -| `clusterchecksDeployment.replicas` | `clusterChecksRunner.replicas` | | -| `clusterchecksDeployment.resources.*` | `clusterChecksRunner.resources.*` | | -| `clusterchecksDeployment.affinity` | `clusterChecksRunner.affinity` | | -| `clusterchecksDeployment.strategy` | `clusterChecksRunner.strategy` | | -| `clusterchecksDeployment.nodeSelector` | `clusterChecksRunner.nodeSelector` | | -| `clusterchecksDeployment.tolerations` | `clusterChecksRunner.tolerations` | | -| `clusterchecksDeployment.livenessProbe` | `clusterChecksRunner.livenessProbe` | | -| `clusterchecksDeployment.env` | `clusterChecksRunner.env` | | -| `logsEnabled` | `datadog.logs.enabled` | | -| `logsConfigContainerCollectAll` | `datadog.logs.containerCollectAll` | | diff --git a/charts/datadog/datadog/2.4.200/questions.yml b/charts/datadog/datadog/2.4.200/questions.yml deleted file mode 100755 index 4305c70e0..000000000 --- a/charts/datadog/datadog/2.4.200/questions.yml +++ /dev/null @@ -1,221 +0,0 @@ -questions: -#image configurations -- variable: defaultImage - default: true - description: "Use default Datadog image or specify a custom one" - label: Use Default Datadog Image - type: boolean - show_subquestion_if: false - group: "Container Images" - subquestions: - - variable: agents.image.repository - default: "datadog/agent" - description: "Datadog image name" - type: string - label: Datadog Image Name - - variable: agents.image.tag - default: "7.21.1" - description: "Datadog Image Tag" - type: string - label: Datadog Image Tag - - variable: clusterAgent.image.repository - default: "datadog/cluster-agent" - description: "Datadog clusterAgent image name" - type: string - label: Datadog ClusterAgent Image Name - - variable: clusterAgent.image.tag - default: "1.7.0" - description: "Datadog ClusterAgent Image Tag" - type: string - label: Datadog ClusterAgent Image Tag - - variable: clusterChecksRunner.image.repository - default: "datadog/agent" - description: "Datadog clusterChecksRunner image name" - type: string - label: Datadog Cluster Checks Runner Image Name - show_if: "clusterChecksRunner.enabled=true&&defaultImage=false" - - variable: clusterChecksRunner.image.tag - default: "7.21.1" - description: "Datadog Cluster Checks Runner Image Tag" - type: string - label: Datadog Cluster Checks Runner Image Tag - show_if: "clusterChecksRunner.enabled=true&&defaultImage=false" - - variable: kube-state-metrics.image.repository - default: "quay.io/coreos/kube-state-metrics" - description: "KubeState image name" - type: string - label: KubeState Image Name - show_if: "kubeStateMetrics.enabled=true&&defaultImage=false" - - variable: kube-state-metrics.image.tag - default: "v1.9.7" - description: "KubeState Image Tag" - type: string - label: KubeState Image Tag - show_if: "kubeStateMetrics.enabled=true&&defaultImage=false" -#cluster agent configurations -- variable: clusterAgent.enabled - default: false - description: "Use the cluster-agent for cluster metrics (Kubernetes 1.10+ only), https://docs.datadoghq.com/agent/kubernetes/cluster/" - type: boolean - label: Enable Cluster Agent Metrics(Kubernetes 1.10+ only) - group: "Cluster Agent" -- variable: clusterAgent.metricsProvider.enabled - default: true - description: "Enable the metricsProvider to be able to scale based on metrics in Datadog" - type: boolean - label: Enable the metricsProvider - show_if: "clusterAgent.enabled=true" - group: "Cluster Agent" -- variable: datadog.appKey - default: "" - description: "Datadog App key required to use metricsProvider" - type: string - required: true - label: Datadog Metrics App Key - group: "Cluster Agent" - show_if: "clusterAgent.enabled=true&&clusterAgent.metricsProvider.enabled=true&&datadog.appKeyExistingSecret=" -- variable: datadog.appKeyExistingSecret - default: "" - description: "If set, use the secret with a provided name instead of creating a new appKey secret." - type: secret - label: Select Existing Datadog App Key(Secret) - group: "Cluster Agent" - show_if: "clusterAgent.enabled=true&&clusterAgent.metricsProvider.enabled=true&&datadog.appKey=" -#datadog agent configurations -- variable: datadog.apiKey - default: "" - description: "Enter your Datadog API Key." - type: string - label: Datadog API Key - group: "Agent Configuration" - required: true - show_if: "datadog.apiKeyExistingSecret=" -- variable: datadog.apiKeyExistingSecret - default: "" - description: "If set, use the secret with a provided name instead of creating a new apiKey secret." - type: secret - label: Select Existing Datadog API Key(Secret) - group: "Agent Configuration" - show_if: "datadog.apiKey=" -- variable: datadog.site - default: "datadoghq.com" - description: "The site of the Datadog intake to send Agent data to" - type: enum - label: Datadog Site URL - group: "Agent Configuration" - required: true - options: - - "datadoghq.com" - - "datadoghq.eu" - - "custom" -- variable: datadog.dd_url - required: true - default: "" - description: "The host of the Datadog intake server to send Agent data to, only set this option if you need the Agent to send data to a custom URL" - type: string - label: Datadog Custom Site URL - group: "Agent Configuration" - show_if: "datadog.site=custom" -- variable: datadog.logLevel - default: "warn" - description: "Set Agent logging verbosity" - type: enum - options: - - "trace" - - "debug" - - "info" - - "warn" - - "error" - - "critical" - - "off" - label: Log Level - group: "Agent Configuration" -- variable: datadog.tags - default: "" - description: "Host tags, separated by spaces. For example: 'simple-tag-0 tag-key-1:tag-value-1'" - type: string - label: Host Tags - group: "Agent Configuration" -- variable: datadog.criSocketPath - default: "" - description: "Path to the container runtime socket (if different from Docker), default to `/var/run/docker.sock`" - type: string - label: Path To The Container Runtime Socket(Optional) - group: "Agent Configuration" -- variable: datadog.dogstatsd.nonLocalTraffic - default: false - description: "Whether DogStatsD should listen to non local UDP traffic, required to send custom metrics" - type: boolean - label: DogStatsD Non-Local Traffic - group: "Agent Configuration" -- variable: datadog.collectEvents - default: false - description: "Enable event collection from the kubernetes API" - type: boolean - label: Collect Events - group: "Agent Configuration" -# Datadog Tagging -- variable: datadog.podLabelsAsTags - default: "" - description: "Specify a JSON map, where the map key is the source label name and the map value the datadog tag name. E.g: '{\"app\":\"kube_app\",\"release\":\"helm_release\"}'" - type: string - label: Extract Pod Labels as Tags - group: "Datadog Tagging" -- variable: datadog.podAnnotationsAsTags - default: "" - description: "Specify a JSON map, where the map key is the source label name and the map value the datadog tag name. E.g: '{\"app\":\"kube_app\",\"release\":\"helm_release\"}'" - type: string - label: Extract Pod Annotations as Tags - group: "Datadog Tagging" -- variable: datadog.nodeLabelsAsTags - default: "" - description: "Specify a JSON map, where the map key is the source label name and the map value the datadog tag name. E.g: '{\"app\":\"kube_app\",\"release\":\"helm_release\"}'" - type: string - label: Extract Node Labels As Tags - group: "Datadog Tagging" -# DaemonSet configurations -- variable: agents.useHostNetwork - default: false - description: "Bind ports on the hostNetwork. Useful for CNI networking where hostPort might not be supported. The ports will need to be available on all hosts" - type: boolean - label: Use HostNetwork - group: "Daemonset Configuration" -- variable: agents.dogstatsd.useHostPort - default: false - description: "Sets the hostPort to the same value of the container port" - type: boolean - label: Use HostPort - group: "Daemonset Configuration" -- variable: agents.useHostPID - default: false - description: "Run the agent in the host's PID namespace" - type: boolean - label: Use HostPID - group: "Daemonset Configuration" -# Optional Collection agents -- variable: datadog.apm.enabled - default: false - description: "Run the trace-agent along with the infrastructure agent, allowing the container to accept traces on 8126/tcp" - type: boolean - label: Enable APM - group: "Optional Collection Agents" -- variable: datadog.processAgent.enabled - default: false - description: "Enable live process collection in the process-agent" - type: boolean - label: Enable Live Process Agent - group: "Optional Collection Agents" -- variable: datadog.logs.enabled - default: false - description: "Run the log-agent along with the infrastructure agent" - type: boolean - label: Collect Logs - group: "Optional Collection Agents" - -#Kube State Metrics -- variable: kubeStateMetrics.enabled - default: true - description: "Create a kube-state-metrics deployment" - type: boolean - label: Deployment KubeState Metrics Deployment - group: "Kube-State-Metrics" diff --git a/charts/datadog/datadog/2.4.200/requirements.lock b/charts/datadog/datadog/2.4.200/requirements.lock deleted file mode 100755 index 2ffda047e..000000000 --- a/charts/datadog/datadog/2.4.200/requirements.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: kube-state-metrics - repository: https://charts.helm.sh/stable - version: 2.8.11 -digest: sha256:2ba76abd3b45ad9c43b7bef2126e96240281172e58135223393b749bf235e6b6 -generated: "2020-12-21T19:54:44.539642454Z" diff --git a/charts/datadog/datadog/2.4.200/requirements.yaml b/charts/datadog/datadog/2.4.200/requirements.yaml deleted file mode 100755 index 30a43801a..000000000 --- a/charts/datadog/datadog/2.4.200/requirements.yaml +++ /dev/null @@ -1,5 +0,0 @@ -dependencies: - - name: kube-state-metrics - version: "=2.8.11" - repository: https://charts.helm.sh/stable - condition: datadog.kubeStateMetricsEnabled diff --git a/charts/datadog/datadog/2.4.200/templates/NOTES.txt b/charts/datadog/datadog/2.4.200/templates/NOTES.txt deleted file mode 100755 index ba3dac236..000000000 --- a/charts/datadog/datadog/2.4.200/templates/NOTES.txt +++ /dev/null @@ -1,76 +0,0 @@ -{{- if (or (.Values.datadog.apiKeyExistingSecret) (not (eq .Values.datadog.apiKey ""))) }} -Datadog agents are spinning up on each node in your cluster. After a few -minutes, you should see your agents starting in your event stream: - https://app.datadoghq.com/event/stream - - {{- if .Values.datadog.apiKeyExistingSecret }} -You disabled creation of Secret containing API key, therefore it is expected -that you create Secret named '{{ .Values.datadog.apiKeyExistingSecret }}' which includes a key called 'api-key' containing the API key. - {{- else if not (eq .Values.datadog.apiKey "") }} - {{- end }} -{{- else }} -############################################################################## -#### ERROR: You did not set a datadog.apiKey. #### -############################################################################## - -This deployment will be incomplete until you get your API key from Datadog. -One can sign up for a free Datadog trial at https://app.datadoghq.com/signup - -Once registered you can request an API key at: - - https://app.datadoghq.com/account/settings#agent/kubernetes - -Then run: - - helm upgrade {{ .Release.Name }} \ - --set datadog.apiKey=YOUR-KEY-HERE stable/datadog -{{- end }} - -{{- if .Values.clusterAgent.enabled }} - - {{- if .Values.clusterAgent.metricsProvider.enabled }} - {{- if .Values.datadog.appKeyExistingSecret }} -You disabled creation of Secret containing APP key, therefore it is expected -that you create a Secret named '{{ .Values.datadog.appKeyExistingSecret }}' which includes a key called 'app-key' containing the APP key. - {{- else if (.Values.datadog.appKey) }} - {{- else }} - -############################################################################## -#### ERROR: You did not set a datadog.appKey. #### -############################################################################## - -This deployment will be incomplete until you get your APP key from Datadog. -Create an application key at https://app.datadoghq.com/account/settings#api - {{- end }} - {{- end }} - -{{- end }} - -{{- if .Values.datadog.apm.enabled }} -The Datadog Agent is listening on port {{ .Values.datadog.apm.port }} for APM service. -{{- end }} - -{{- if .Values.datadog.autoconf }} - -################################################################# -#### WARNING: Deprecation notice #### -################################################################# - -The autoconf value is deprecated, Autodiscovery templates can now -be safely moved to the confd value. As a temporary measure, both -values were merged into the {{ template "datadog.fullname" . }}-confd configmap, -but this will be removed in a future chart release. -Please note that duplicate file names may have conflicted during -the merge. In that case, the confd entry will take precedence. -{{- end }} - -{{- if eq .Values.agents.image.repository "datadog/docker-dd-agent" }} - -###################################################################### -#### ERROR: Unsupported agent version #### -###################################################################### - -This version of the chart does not support deploying Agent 5.x. -If you cannot upgrade to Agent 6.x or later, you can use a previous version -of the chart by calling helm install with `--version 0.18.0`. -{{- end }} diff --git a/charts/datadog/datadog/2.4.200/templates/_helpers.tpl b/charts/datadog/datadog/2.4.200/templates/_helpers.tpl deleted file mode 100755 index 07035db99..000000000 --- a/charts/datadog/datadog/2.4.200/templates/_helpers.tpl +++ /dev/null @@ -1,137 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{- define "check-version" -}} -{{- if not .Values.agents.image.doNotCheckTag -}} -{{- $version := .Values.agents.image.tag | toString | trimSuffix "-jmx" -}} -{{- $length := len (split "." $version) -}} -{{- if and (eq $length 1) (eq $version "6") -}} -{{- $version = "6.19.0" -}} -{{- end -}} -{{- if and (eq $length 1) (eq $version "7") -}} -{{- $version = "7.19.0" -}} -{{- end -}} -{{- if and (eq $length 1) (eq $version "latest") -}} -{{- $version = "7.19.0" -}} -{{- end -}} -{{- if not (semverCompare "^6.19.0-0 || ^7.19.0-0" $version) -}} -{{- fail "This version of the chart requires an agent image 7.19.0 or greater. If you want to force and skip this check, use `--set agents.image.doNotCheckTag=true`" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Expand the name of the chart. -*/}} -{{- define "datadog.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -And depending on the resources the name is completed with an extension. -If release name contains chart name it will be used as a full name. -*/}} -{{- define "datadog.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "datadog.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Return secret name to be used based on provided values. -*/}} -{{- define "datadog.apiSecretName" -}} -{{- $fullName := include "datadog.fullname" . -}} -{{- default $fullName .Values.datadog.apiKeyExistingSecret | quote -}} -{{- end -}} - -{{/* -Return secret name to be used based on provided values. -*/}} -{{- define "datadog.appKeySecretName" -}} -{{- $fullName := printf "%s-appkey" (include "datadog.fullname" .) -}} -{{- default $fullName .Values.datadog.appKeyExistingSecret | quote -}} -{{- end -}} - -{{/* -Return secret name to be used based on provided values. -*/}} -{{- define "clusterAgent.tokenSecretName" -}} -{{- if not .Values.clusterAgent.tokenExistingSecret -}} -{{- include "datadog.fullname" . -}}-cluster-agent -{{- else -}} -{{- .Values.clusterAgent.tokenExistingSecret -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for RBAC APIs. -*/}} -{{- define "rbac.apiVersion" -}} -{{- if semverCompare "^1.8-0" .Capabilities.KubeVersion.GitVersion -}} -"rbac.authorization.k8s.io/v1" -{{- else -}} -"rbac.authorization.k8s.io/v1beta1" -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate os label -*/}} -{{- define "label.os" -}} -{{- if semverCompare "^1.14-0" .Capabilities.KubeVersion.GitVersion -}} -kubernetes.io/os -{{- else -}} -beta.kubernetes.io/os -{{- end -}} -{{- end -}} - -{{/* -Correct `clusterAgent.metricsProvider.service.port` if Kubernetes <= 1.15 -*/}} -{{- define "clusterAgent.metricsProvider.port" -}} -{{- if semverCompare "^1.15-0" .Capabilities.KubeVersion.GitVersion -}} -{{- .Values.clusterAgent.metricsProvider.service.port -}} -{{- else -}} -443 -{{- end -}} -{{- end -}} - -{{/* -Return the container runtime socket -*/}} -{{- define "datadog.dockerOrCriSocketPath" -}} -{{- if eq .Values.targetSystem "linux" -}} -{{- .Values.datadog.dockerSocketPath | default .Values.datadog.criSocketPath | default "/var/run/docker.sock" -}} -{{- end -}} -{{- if eq .Values.targetSystem "windows" -}} -\\.\pipe\docker_engine -{{- end -}} -{{- end -}} - -{{/* -Return agent config path -*/}} -{{- define "datadog.confPath" -}} -{{- if eq .Values.targetSystem "linux" -}} -/etc/datadog-agent -{{- end -}} -{{- if eq .Values.targetSystem "windows" -}} -C:/ProgramData/Datadog -{{- end -}} -{{- end -}} diff --git a/charts/datadog/datadog/2.4.200/templates/agent-apiservice.yaml b/charts/datadog/datadog/2.4.200/templates/agent-apiservice.yaml deleted file mode 100755 index 2a7ab8331..000000000 --- a/charts/datadog/datadog/2.4.200/templates/agent-apiservice.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if and .Values.clusterAgent.rbac.create .Values.clusterAgent.enabled .Values.clusterAgent.metricsProvider.enabled -}} -apiVersion: apiregistration.k8s.io/v1 -kind: APIService -metadata: - name: v1beta1.external.metrics.k8s.io - labels: - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -spec: - service: - name: {{ template "datadog.fullname" . }}-cluster-agent-metrics-api - namespace: {{ .Release.Namespace }} -{{- if semverCompare "^1.15-0" .Capabilities.KubeVersion.GitVersion }} - port: {{ template "clusterAgent.metricsProvider.port" . }} -{{- end }} - version: v1beta1 - insecureSkipTLSVerify: true - group: external.metrics.k8s.io - groupPriorityMinimum: 100 - versionPriority: 100 -{{- end -}} diff --git a/charts/datadog/datadog/2.4.200/templates/agent-clusterchecks-deployment.yaml b/charts/datadog/datadog/2.4.200/templates/agent-clusterchecks-deployment.yaml deleted file mode 100755 index 55020526a..000000000 --- a/charts/datadog/datadog/2.4.200/templates/agent-clusterchecks-deployment.yaml +++ /dev/null @@ -1,191 +0,0 @@ -{{- if and .Values.clusterAgent.enabled .Values.datadog.clusterChecks.enabled .Values.clusterChecksRunner.enabled -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "datadog.fullname" . }}-clusterchecks - labels: - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -spec: - replicas: {{ .Values.clusterChecksRunner.replicas }} - strategy: -{{ toYaml .Values.clusterChecksRunner.strategy | indent 4 }} - selector: - matchLabels: - app: {{ template "datadog.fullname" . }}-clusterchecks - template: - metadata: - labels: - app: {{ template "datadog.fullname" . }}-clusterchecks - name: {{ template "datadog.fullname" . }}-clusterchecks - annotations: - checksum/install_info: {{ printf "%s-%s" .Chart.Name .Chart.Version | sha256sum }} - {{- if .Values.datadog.checksd }} - checksum/checksd-config: {{ tpl (toYaml .Values.datadog.checksd) . | sha256sum }} - {{- end }} - spec: - {{- if .Values.clusterChecksRunner.rbac.dedicated }} - serviceAccountName: {{ if .Values.clusterChecksRunner.rbac.create }}{{ template "datadog.fullname" . }}-cluster-checks{{ else }}"{{ .Values.clusterChecksRunner.rbac.serviceAccountName }}"{{ end }} - {{- else }} - serviceAccountName: {{ if .Values.clusterChecksRunner.rbac.create }}{{ template "datadog.fullname" . }}{{ else }}"{{ .Values.clusterChecksRunner.rbac.serviceAccountName }}"{{ end }} - {{- end }} - imagePullSecrets: -{{ toYaml .Values.clusterChecksRunner.image.pullSecrets | indent 8 }} - {{- if .Values.clusterChecksRunner.dnsConfig }} - dnsConfig: -{{ toYaml .Values.clusterChecksRunner.dnsConfig | indent 8 }} - {{- end }} - initContainers: - - name: init-volume - image: "{{ .Values.agents.image.repository }}:{{ .Values.agents.image.tag }}" - imagePullPolicy: {{ .Values.agents.image.pullPolicy }} - command: ["bash", "-c"] - args: - - cp -r /etc/datadog-agent /opt - volumeMounts: - - name: config - mountPath: /opt/datadog-agent - resources: -{{ toYaml .Values.agents.containers.initContainers.resources | indent 10 }} - - name: init-config - image: "{{ .Values.agents.image.repository }}:{{ .Values.agents.image.tag }}" - imagePullPolicy: {{ .Values.agents.image.pullPolicy }} - command: ["bash", "-c"] - args: - - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done - volumeMounts: - - name: config - mountPath: /etc/datadog-agent - {{- if .Values.datadog.checksd }} - - name: checksd - mountPath: /checks.d - readOnly: true - {{- end }} - resources: -{{ toYaml .Values.agents.containers.initContainers.resources | indent 10 }} - containers: - - name: agent - image: "{{ .Values.clusterChecksRunner.image.repository }}:{{ .Values.clusterChecksRunner.image.tag }}" - command: ["bash", "-c"] - args: - - rm -rf /etc/datadog-agent/conf.d && touch /etc/datadog-agent/datadog.yaml && exec agent run - imagePullPolicy: {{ .Values.clusterChecksRunner.image.pullPolicy }} - env: - - name: DD_API_KEY - valueFrom: - secretKeyRef: - name: {{ template "datadog.apiSecretName" . }} - key: api-key - - name: KUBERNETES - value: "yes" - {{- if .Values.datadog.site }} - - name: DD_SITE - value: {{ .Values.datadog.site | quote }} - {{- end }} - {{- if .Values.datadog.dd_url }} - - name: DD_DD_URL - value: {{ .Values.datadog.dd_url | quote }} - {{- end }} - {{- if .Values.datadog.logLevel }} - - name: DD_LOG_LEVEL - value: {{ .Values.datadog.logLevel | quote }} - {{- end }} - - name: DD_EXTRA_CONFIG_PROVIDERS - value: "clusterchecks" - - name: DD_HEALTH_PORT - value: "5555" - # Cluster checks - - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: {{ template "datadog.fullname" . }}-cluster-agent - - name: DD_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: {{ template "clusterAgent.tokenSecretName" . }} - key: token - - name: DD_CLUSTER_AGENT_ENABLED - value: {{ .Values.clusterAgent.enabled | quote }} - # Safely run alongside the daemonset - - name: DD_ENABLE_METADATA_COLLECTION - value: "false" - # Expose CLC stats - - name: DD_CLC_RUNNER_ENABLED - value: "true" - - name: DD_CLC_RUNNER_HOST - valueFrom: - fieldRef: - fieldPath: status.podIP - # Remove unused features - - name: DD_USE_DOGSTATSD - value: "false" - - name: DD_PROCESS_AGENT_ENABLED - value: "false" - - name: DD_LOGS_ENABLED - value: "false" - - name: DD_APM_ENABLED - value: "false" - - name: DD_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName -{{- if .Values.clusterChecksRunner.env }} -{{ toYaml .Values.clusterChecksRunner.env | indent 10 }} -{{- end }} - resources: -{{ toYaml .Values.clusterChecksRunner.resources | indent 10 }} - volumeMounts: - - name: installinfo - subPath: install_info - {{- if eq .Values.targetSystem "windows" }} - mountPath: C:/ProgramData/Datadog/install_info - {{- else }} - mountPath: /etc/datadog-agent/install_info - {{- end }} - readOnly: true -{{- if .Values.clusterChecksRunner.volumeMounts }} - - name: config - mountPath: {{ template "datadog.confPath" . }} -{{ toYaml .Values.clusterChecksRunner.volumeMounts | indent 10 }} -{{- end }} - livenessProbe: -{{ toYaml .Values.clusterChecksRunner.livenessProbe | indent 10 }} - readinessProbe: -{{ toYaml .Values.clusterChecksRunner.readinessProbe | indent 10 }} - volumes: - - name: installinfo - configMap: - name: {{ template "datadog.fullname" . }}-installinfo -{{- if .Values.clusterChecksRunner.volumes }} -{{ toYaml .Values.clusterChecksRunner.volumes | indent 8 }} -{{- end }} - - name: config - emptyDir: {} -{{- if .Values.datadog.checksd }} - - name: checksd - configMap: - name: {{ template "datadog.fullname" . }}-checksd -{{- end }} - affinity: -{{- if .Values.clusterChecksRunner.affinity }} -{{ toYaml .Values.clusterChecksRunner.affinity | indent 8 }} -{{- else }} - # Ensure we only run one worker per node, to avoid name collisions - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app: {{ template "datadog.fullname" . }}-clusterchecks - topologyKey: kubernetes.io/hostname -{{- end }} - nodeSelector: - {{ template "label.os" . }}: {{ .Values.targetSystem }} - {{- if .Values.clusterChecksRunner.nodeSelector }} -{{ toYaml .Values.clusterChecksRunner.nodeSelector | indent 8 }} - {{- end }} - {{- if .Values.clusterChecksRunner.tolerations }} - tolerations: -{{ toYaml .Values.clusterChecksRunner.tolerations | indent 8 }} - {{- end }} -{{ end }} diff --git a/charts/datadog/datadog/2.4.200/templates/agent-clusterchecks-pdb.yaml b/charts/datadog/datadog/2.4.200/templates/agent-clusterchecks-pdb.yaml deleted file mode 100755 index 3acb7a752..000000000 --- a/charts/datadog/datadog/2.4.200/templates/agent-clusterchecks-pdb.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.clusterChecksRunner.createPodDisruptionBudget -}} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ template "datadog.fullname" . }}-clusterchecks - labels: - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -spec: - maxUnavailable: 1 - selector: - matchLabels: - app: {{ template "datadog.fullname" . }}-clusterchecks -{{- end -}} diff --git a/charts/datadog/datadog/2.4.200/templates/agent-clusterchecks-rbac.yaml b/charts/datadog/datadog/2.4.200/templates/agent-clusterchecks-rbac.yaml deleted file mode 100755 index 46ff0f9cf..000000000 --- a/charts/datadog/datadog/2.4.200/templates/agent-clusterchecks-rbac.yaml +++ /dev/null @@ -1,38 +0,0 @@ -{{- if and .Values.clusterChecksRunner.rbac.create .Values.clusterAgent.enabled .Values.datadog.clusterChecks.enabled .Values.clusterChecksRunner.enabled .Values.clusterChecksRunner.rbac.dedicated -}} -apiVersion: {{ template "rbac.apiVersion" . }} -kind: ClusterRoleBinding -metadata: - labels: - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - name: {{ template "datadog.fullname" . }}-cluster-checks -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "datadog.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ template "datadog.fullname" . }}-cluster-checks - namespace: {{ .Release.Namespace }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app: "{{ template "datadog.fullname" . }}" - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - heritage: {{ .Release.Service | quote }} - release: {{ .Release.Name | quote }} - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - name: {{ template "datadog.fullname" . }}-cluster-checks - {{- if .Values.clusterChecksRunner.rbac.serviceAccountAnnotations }} - annotations: {{ toYaml .Values.clusterChecksRunner.rbac.serviceAccountAnnotations | nindent 4 }} - {{- end }} -{{- end -}} diff --git a/charts/datadog/datadog/2.4.200/templates/agent-psp.yaml b/charts/datadog/datadog/2.4.200/templates/agent-psp.yaml deleted file mode 100755 index 719c5a1db..000000000 --- a/charts/datadog/datadog/2.4.200/templates/agent-psp.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- if .Values.agents.podSecurity.podSecurityPolicy.create}} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "datadog.fullname" . }} - labels: - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - annotations: - seccomp.security.alpha.kubernetes.io/allowedProfileNames: {{ join "," .Values.agents.podSecurity.seccompProfiles | quote }} - apparmor.security.beta.kubernetes.io/allowedProfileNames: {{ join "," .Values.agents.podSecurity.apparmorProfiles | quote }} - seccomp.security.alpha.kubernetes.io/defaultProfileName: "runtime/default" - apparmor.security.beta.kubernetes.io/defaultProfileName: "runtime/default" -spec: - privileged: {{ .Values.agents.podSecurity.privileged }} - hostNetwork: {{ .Values.agents.useHostNetwork }} - hostPID: {{ .Values.datadog.dogstatsd.useHostPID }} - allowedCapabilities: -{{ toYaml .Values.agents.podSecurity.capabilites | indent 4 }} - volumes: -{{ toYaml .Values.agents.podSecurity.volumes | indent 4 }} - fsGroup: - rule: RunAsAny - runAsUser: - rule: RunAsAny - seLinux: -{{ toYaml .Values.agents.podSecurity.securityContext | indent 4 }} - supplementalGroups: - rule: RunAsAny -{{- end }} diff --git a/charts/datadog/datadog/2.4.200/templates/agent-scc.yaml b/charts/datadog/datadog/2.4.200/templates/agent-scc.yaml deleted file mode 100755 index 10edb45e1..000000000 --- a/charts/datadog/datadog/2.4.200/templates/agent-scc.yaml +++ /dev/null @@ -1,56 +0,0 @@ -{{- if .Values.agents.podSecurity.securityContextConstraints.create }} -kind: SecurityContextConstraints -apiVersion: security.openshift.io/v1 -metadata: - name: {{ template "datadog.fullname" . }} - labels: - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -users: -- system:serviceaccount:{{ .Release.Namespace }}:{{ template "datadog.fullname" . }} -priority: 10 -# Allow host ports for dsd / trace intake -+allowHostPorts: {{ or .Values.datadog.dogstatsd.useHostPort .Values.datadog.apm.enabled }} -# Allow host PID for dogstatsd origin detection -allowHostPID: {{ .Values.datadog.dogstatsd.useHostPID }} -# Allow host network for the CRIO check to reach Prometheus through localhost -allowHostNetwork: {{ .Values.agents.useHostNetwork }} -# Allow hostPath for docker / process metrics -volumes: -{{ toYaml .Values.agents.podSecurity.volumes | indent 2 }} -# Use the `spc_t` selinux type to access the -# docker/cri socket + proc and cgroup stats -seLinuxContext: -{{ toYaml .Values.agents.podSecurity.securityContext | indent 2 }} -# system-probe requires some specific seccomp and capabilities -seccompProfiles: -{{ toYaml .Values.agents.podSecurity.seccompProfiles | indent 2 }} -allowedCapabilities: -{{ toYaml .Values.agents.podSecurity.capabilites | indent 2 }} -# -# The rest is copied from restricted SCC -# -allowHostDirVolumePlugin: true -allowHostIPC: false -allowPrivilegedContainer: {{ .Values.agents.podSecurity.privileged }} -allowedFlexVolumes: [] -defaultAddCapabilities: [] -fsGroup: - type: MustRunAs -readOnlyRootFilesystem: false -runAsUser: - type: RunAsAny -supplementalGroups: - type: RunAsAny -# If your environment restricts user access to the Docker socket or journald (for logging) -# create or use an existing group that has access and add the GID to -# the lines below (also remove the previous line, `type: RunAsAny`) -# type: MustRunAs -# ranges: -# - min: -# - max: -requiredDropCapabilities: [] -{{- end }} diff --git a/charts/datadog/datadog/2.4.200/templates/agent-secret.yaml b/charts/datadog/datadog/2.4.200/templates/agent-secret.yaml deleted file mode 100755 index 33e13d1bb..000000000 --- a/charts/datadog/datadog/2.4.200/templates/agent-secret.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if not .Values.clusterAgent.tokenExistingSecret }} -{{- if .Values.clusterAgent.enabled -}} - -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "datadog.fullname" . }}-cluster-agent - labels: - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -type: Opaque -data: - {{ if .Values.clusterAgent.token -}} - token: {{ .Values.clusterAgent.token | b64enc | quote }} - {{ else -}} - token: {{ randAlphaNum 32 | b64enc | quote }} - {{ end }} -{{- end }} - -{{ end }} \ No newline at end of file diff --git a/charts/datadog/datadog/2.4.200/templates/agent-services.yaml b/charts/datadog/datadog/2.4.200/templates/agent-services.yaml deleted file mode 100755 index 52954571d..000000000 --- a/charts/datadog/datadog/2.4.200/templates/agent-services.yaml +++ /dev/null @@ -1,70 +0,0 @@ -{{- if .Values.clusterAgent.enabled -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "datadog.fullname" . }}-cluster-agent - labels: - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -spec: - type: ClusterIP - selector: - app: {{ template "datadog.fullname" . }}-cluster-agent - ports: - - port: 5005 - name: agentport - protocol: TCP -{{ end }} - -{{- if and .Values.clusterAgent.enabled .Values.clusterAgent.metricsProvider.enabled -}} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ template "datadog.fullname" . }}-cluster-agent-metrics-api - labels: - app: "{{ template "datadog.fullname" . }}" - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -spec: - type: {{ .Values.clusterAgent.metricsProvider.service.type }} - selector: - app: {{ template "datadog.fullname" . }}-cluster-agent - ports: - - port: {{ template "clusterAgent.metricsProvider.port" . }} - name: metricsapi - protocol: TCP -{{ end }} - -{{- if and .Values.clusterAgent.enabled .Values.clusterAgent.admissionController.enabled -}} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ template "datadog.fullname" . }}-cluster-agent-admission-controller - labels: - app: "{{ template "datadog.fullname" . }}" - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -spec: - selector: - app: {{ template "datadog.fullname" . }}-cluster-agent - ports: - - port: 443 - targetPort: 8000 -{{ end }} diff --git a/charts/datadog/datadog/2.4.200/templates/checksd-configmap.yaml b/charts/datadog/datadog/2.4.200/templates/checksd-configmap.yaml deleted file mode 100755 index 486b5f649..000000000 --- a/charts/datadog/datadog/2.4.200/templates/checksd-configmap.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.datadog.checksd }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "datadog.fullname" . }}-checksd - labels: - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - annotations: - checksum/checksd-config: {{ tpl (toYaml .Values.datadog.checksd) . | sha256sum }} -data: -{{ tpl (toYaml .Values.datadog.checksd) . | indent 2 }} -{{- end -}} diff --git a/charts/datadog/datadog/2.4.200/templates/cluster-agent-confd-configmap.yaml b/charts/datadog/datadog/2.4.200/templates/cluster-agent-confd-configmap.yaml deleted file mode 100755 index b39963055..000000000 --- a/charts/datadog/datadog/2.4.200/templates/cluster-agent-confd-configmap.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.clusterAgent.confd }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "datadog.fullname" . }}-cluster-agent-confd - labels: - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - annotations: - checksum/confd-config: {{ tpl (toYaml .Values.clusterAgent.confd) . | sha256sum }} -data: -{{ tpl (toYaml .Values.clusterAgent.confd) . | indent 2 }} -{{- end -}} diff --git a/charts/datadog/datadog/2.4.200/templates/cluster-agent-config-configmap.yaml b/charts/datadog/datadog/2.4.200/templates/cluster-agent-config-configmap.yaml deleted file mode 100755 index 6bfc98bde..000000000 --- a/charts/datadog/datadog/2.4.200/templates/cluster-agent-config-configmap.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.clusterAgent.datadog_cluster_yaml }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "datadog.fullname" . }}-cluster-agent-config - labels: - app: "{{ template "datadog.fullname" . }}" - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - annotations: - checksum/clusteragent-config: {{ tpl (toYaml .Values.clusterAgent.datadog_cluster_yaml) . | sha256sum }} -data: - datadog-cluster.yaml: | -{{ tpl (toYaml .Values.clusterAgent.datadog_cluster_yaml) . | indent 4 }} -{{- end }} diff --git a/charts/datadog/datadog/2.4.200/templates/cluster-agent-deployment.yaml b/charts/datadog/datadog/2.4.200/templates/cluster-agent-deployment.yaml deleted file mode 100755 index 2f7d0bd56..000000000 --- a/charts/datadog/datadog/2.4.200/templates/cluster-agent-deployment.yaml +++ /dev/null @@ -1,245 +0,0 @@ -{{- if .Values.clusterAgent.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "datadog.fullname" . }}-cluster-agent - labels: - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -spec: - replicas: {{ .Values.clusterAgent.replicas }} - strategy: -{{- if .Values.clusterAgent.strategy }} -{{ toYaml .Values.clusterAgent.strategy | indent 4 }} -{{- else }} - type: RollingUpdate - rollingUpdate: - maxSurge: 1 - maxUnavailable: 0 -{{- end }} - selector: - matchLabels: - app: {{ template "datadog.fullname" . }}-cluster-agent - {{- if .Values.clusterAgent.podLabels }} -{{ toYaml .Values.clusterAgent.podLabels | indent 6 }} - {{- end }} - template: - metadata: - labels: - app: {{ template "datadog.fullname" . }}-cluster-agent - {{- if .Values.clusterAgent.podLabels }} -{{ toYaml .Values.clusterAgent.podLabels | indent 8 }} - {{- end }} - name: {{ template "datadog.fullname" . }}-cluster-agent - annotations: - checksum/install_info: {{ printf "%s-%s" .Chart.Name .Chart.Version | sha256sum }} - {{- if .Values.clusterAgent.datadog_cluster_yaml }} - checksum/clusteragent-config: {{ tpl (toYaml .Values.clusterAgent.datadog_cluster_yaml) . | sha256sum }} - {{- end }} - {{- if .Values.clusterAgent.confd }} - checksum/confd-config: {{ tpl (toYaml .Values.clusterAgent.confd) . | sha256sum }} - {{- end }} - ad.datadoghq.com/cluster-agent.check_names: '["prometheus"]' - ad.datadoghq.com/cluster-agent.init_configs: '[{}]' - ad.datadoghq.com/cluster-agent.instances: | - [{ - "prometheus_url": "http://%%host%%:5000/metrics", - "namespace": "datadog.cluster_agent", - "metrics": [ - "go_goroutines", "go_memstats_*", "process_*", - "api_requests", - "datadog_requests", "external_metrics", "rate_limit_queries_*", - "cluster_checks_*" - ] - }] - {{- if .Values.clusterAgent.podAnnotations }} -{{ toYaml .Values.clusterAgent.podAnnotations | indent 8 }} - {{- end }} - - spec: - {{- if .Values.clusterAgent.priorityClassName }} - priorityClassName: "{{ .Values.clusterAgent.priorityClassName }}" - {{- end }} - {{- if .Values.clusterAgent.image.pullSecrets }} - imagePullSecrets: -{{ toYaml .Values.clusterAgent.image.pullSecrets | indent 8 }} - {{- end }} - serviceAccountName: {{ if .Values.clusterAgent.rbac.create }}{{ template "datadog.fullname" . }}-cluster-agent{{ else }}"{{ .Values.clusterAgent.rbac.serviceAccountName }}"{{ end }} - {{- if .Values.clusterAgent.useHostNetwork }} - hostNetwork: {{ .Values.clusterAgent.useHostNetwork }} - dnsPolicy: ClusterFirstWithHostNet - {{- end }} - {{- if .Values.clusterAgent.dnsConfig }} - dnsConfig: -{{ toYaml .Values.clusterAgent.dnsConfig | indent 8 }} - {{- end }} - containers: - - name: cluster-agent - image: "{{ .Values.clusterAgent.image.repository }}:{{ .Values.clusterAgent.image.tag }}" - {{- with .Values.clusterAgent.command }} - command: {{ range . }} - - {{ . | quote }} - {{- end }} - {{- end }} - imagePullPolicy: {{ .Values.clusterAgent.image.pullPolicy }} - resources: -{{ toYaml .Values.clusterAgent.resources | indent 10 }} - ports: - - containerPort: 5005 - name: agentport - protocol: TCP - {{- if .Values.clusterAgent.metricsProvider.enabled }} - - containerPort: {{ template "clusterAgent.metricsProvider.port" . }} - name: metricsapi - protocol: TCP - {{- end }} - env: - - name: DD_HEALTH_PORT - value: {{ .Values.clusterAgent.healthPort | quote }} - - name: DD_API_KEY - valueFrom: - secretKeyRef: - name: {{ template "datadog.apiSecretName" . }} - key: api-key - optional: true - {{- if .Values.clusterAgent.metricsProvider.enabled }} - - name: DD_APP_KEY - valueFrom: - secretKeyRef: - name: {{ template "datadog.appKeySecretName" . }} - key: app-key - - name: DD_EXTERNAL_METRICS_PROVIDER_ENABLED - value: {{ .Values.clusterAgent.metricsProvider.enabled | quote }} - - name: DD_EXTERNAL_METRICS_PROVIDER_PORT - value: {{ include "clusterAgent.metricsProvider.port" . | quote }} - - name: DD_EXTERNAL_METRICS_PROVIDER_WPA_CONTROLLER - value: {{ .Values.clusterAgent.metricsProvider.wpaController | quote }} - - name: DD_EXTERNAL_METRICS_PROVIDER_USE_DATADOGMETRIC_CRD - value: {{ .Values.clusterAgent.metricsProvider.useDatadogMetrics | quote }} - {{- end }} - {{- if .Values.clusterAgent.admissionController.enabled }} - - name: DD_ADMISSION_CONTROLLER_ENABLED - value: {{ .Values.clusterAgent.admissionController.enabled | quote }} - - name: DD_ADMISSION_CONTROLLER_MUTATE_UNLABELLED - value: {{ .Values.clusterAgent.admissionController.mutateUnlabelled | quote }} - - name: DD_ADMISSION_CONTROLLER_SERVICE_NAME - value: {{ template "datadog.fullname" . }}-cluster-agent-admission-controller - {{- end }} - {{- if .Values.datadog.clusterChecks.enabled }} - - name: DD_CLUSTER_CHECKS_ENABLED - value: {{ .Values.datadog.clusterChecks.enabled | quote }} - - name: DD_EXTRA_CONFIG_PROVIDERS - value: "kube_endpoints kube_services" - - name: DD_EXTRA_LISTENERS - value: "kube_endpoints kube_services" - {{- end }} - {{- if .Values.datadog.clusterName }} - {{- if not (regexMatch "^([a-z]([a-z0-9\\-]{0,38}[a-z0-9])?\\.)*([a-z]([a-z0-9\\-]{0,38}[a-z0-9])?)$" .Values.datadog.clusterName) }} - {{- fail "Your `clusterName` isn’t valid. It must be dot-separated tokens where a token start with a lowercase letter followed by up to 39 lowercase letters, numbers, or hyphens and cannot end with a hyphen."}} - {{- end}} - - name: DD_CLUSTER_NAME - value: {{ .Values.datadog.clusterName | quote }} - {{- end }} - {{- if .Values.datadog.site }} - - name: DD_SITE - value: {{ .Values.datadog.site | quote }} - {{- end }} - {{- if .Values.datadog.dd_url }} - - name: DD_DD_URL - value: {{ .Values.datadog.dd_url | quote }} - {{- end }} - {{- if .Values.datadog.logLevel }} - - name: DD_LOG_LEVEL - value: {{ .Values.datadog.logLevel | quote }} - {{- end }} - - name: DD_LEADER_ELECTION - value: {{ default "true" .Values.datadog.leaderElection | quote}} - {{- if .Values.datadog.leaderLeaseDuration }} - - name: DD_LEADER_LEASE_DURATION - value: {{ .Values.datadog.leaderLeaseDuration | quote }} - {{- else if .Values.datadog.clusterChecks.enabled }} - - name: DD_LEADER_LEASE_DURATION - value: "15" - {{- end }} - {{- if .Values.datadog.collectEvents }} - - name: DD_COLLECT_KUBERNETES_EVENTS - value: {{ .Values.datadog.collectEvents | quote}} - {{- end }} - - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: {{ template "datadog.fullname" . }}-cluster-agent - - name: DD_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: {{ template "clusterAgent.tokenSecretName" . }} - key: token - - name: DD_KUBE_RESOURCES_NAMESPACE - value: {{ .Release.Namespace }} - {{- if .Values.datadog.orchestratorExplorer.enabled }} - - name: DD_ORCHESTRATOR_EXPLORER_ENABLED - value: "true" - {{- end }} -{{- if .Values.clusterAgent.env }} -{{ toYaml .Values.clusterAgent.env | indent 10 }} -{{- end }} - livenessProbe: -{{ toYaml .Values.clusterAgent.livenessProbe | indent 10 }} - readinessProbe: -{{ toYaml .Values.clusterAgent.readinessProbe | indent 10 }} - volumeMounts: - - name: installinfo - subPath: install_info - {{- if eq .Values.targetSystem "windows" }} - mountPath: C:/ProgramData/Datadog/install_info - {{- else }} - mountPath: /etc/datadog-agent/install_info - {{- end }} - readOnly: true -{{- if .Values.clusterAgent.volumeMounts }} -{{ toYaml .Values.clusterAgent.volumeMounts | indent 10 }} -{{- end }} -{{- if .Values.clusterAgent.confd }} - - name: confd - mountPath: /conf.d - readOnly: true -{{- end }} -{{- if .Values.clusterAgent.datadog_cluster_yaml }} - - name: cluster-agent-yaml - mountPath: /etc/datadog-agent/datadog-cluster.yaml - subPath: datadog-cluster.yaml - readOnly: true -{{- end}} - volumes: - - name: installinfo - configMap: - name: {{ template "datadog.fullname" . }}-installinfo -{{- if .Values.clusterAgent.confd }} - - name: confd - configMap: - name: {{ template "datadog.fullname" . }}-cluster-agent-confd -{{- end }} -{{- if .Values.clusterAgent.datadog_cluster_yaml }} - - name: cluster-agent-yaml - configMap: - name: {{ template "datadog.fullname" . }}-cluster-agent-config -{{- end}} - -{{- if .Values.clusterAgent.volumes }} -{{ toYaml .Values.clusterAgent.volumes | indent 8 }} -{{- end }} - {{- if .Values.clusterAgent.tolerations }} - tolerations: -{{ toYaml .Values.clusterAgent.tolerations | indent 8 }} - {{- end }} - {{- if .Values.clusterAgent.affinity }} - affinity: -{{ toYaml .Values.clusterAgent.affinity | indent 8 }} - {{- end }} - nodeSelector: - {{ template "label.os" . }}: {{ .Values.targetSystem }} - {{- if .Values.clusterAgent.nodeSelector }} -{{ toYaml .Values.clusterAgent.nodeSelector | indent 8 }} - {{- end }} -{{ end }} diff --git a/charts/datadog/datadog/2.4.200/templates/cluster-agent-pdb.yaml b/charts/datadog/datadog/2.4.200/templates/cluster-agent-pdb.yaml deleted file mode 100755 index 3d341f0de..000000000 --- a/charts/datadog/datadog/2.4.200/templates/cluster-agent-pdb.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.clusterAgent.createPodDisruptionBudget -}} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ template "datadog.fullname" . }}-cluster-agent - labels: - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -spec: - minAvailable: 1 - selector: - matchLabels: - app: {{ template "datadog.fullname" . }}-cluster-agent -{{- end -}} diff --git a/charts/datadog/datadog/2.4.200/templates/cluster-agent-rbac.yaml b/charts/datadog/datadog/2.4.200/templates/cluster-agent-rbac.yaml deleted file mode 100755 index 5b722750d..000000000 --- a/charts/datadog/datadog/2.4.200/templates/cluster-agent-rbac.yaml +++ /dev/null @@ -1,225 +0,0 @@ -{{- if and .Values.clusterAgent.enabled .Values.clusterAgent.rbac.create -}} -apiVersion: {{ template "rbac.apiVersion" . }} -kind: ClusterRole -metadata: - labels: - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - name: {{ template "datadog.fullname" . }}-cluster-agent -rules: -- apiGroups: - - "" - resources: - - services - - endpoints - - pods - - nodes - - componentstatuses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - get - - list - - watch - - create -- apiGroups: ["quota.openshift.io"] - resources: - - clusterresourcequotas - verbs: - - get - - list -- apiGroups: - - "autoscaling" - resources: - - horizontalpodautoscalers - verbs: - - list - - watch -{{- if .Values.datadog.collectEvents }} -- apiGroups: - - "" - resources: - - configmaps - resourceNames: - - datadogtoken # Kubernetes event collection state - verbs: - - get - - update -{{- end }} -- apiGroups: - - "" - resources: - - configmaps - resourceNames: - - datadog-leader-election # Leader election token -{{- if .Values.clusterAgent.metricsProvider.enabled }} - - datadog-custom-metrics - - extension-apiserver-authentication -{{- end }} - verbs: - - get - - update -- apiGroups: # To create the leader election token and hpa events - - "" - resources: - - configmaps - - events - verbs: - - create -- nonResourceURLs: - - "/version" - - "/healthz" - verbs: - - get -{{- if and .Values.clusterAgent.metricsProvider.enabled .Values.clusterAgent.metricsProvider.wpaController }} -- apiGroups: - - "datadoghq.com" - resources: - - "watermarkpodautoscalers" - verbs: - - "list" - - "get" - - "watch" -{{- end }} -{{- if .Values.datadog.orchestratorExplorer.enabled }} -- apiGroups: # to get the kube-system namespace UID and generate a cluster ID - - "" - resources: - - namespaces - resourceNames: - - "kube-system" - verbs: - - get -- apiGroups: # To create the cluster-id configmap - - "" - resources: - - configmaps - resourceNames: - - "datadog-cluster-id" - verbs: - - create - - get - - update -{{- end }} -{{- if and .Values.clusterAgent.metricsProvider.enabled .Values.clusterAgent.metricsProvider.useDatadogMetrics }} -- apiGroups: - - "datadoghq.com" - resources: - - "datadogmetrics" - verbs: - - "list" - - "create" - - "delete" - - "watch" -- apiGroups: - - "datadoghq.com" - resources: - - "datadogmetrics/status" - verbs: - - "update" -{{- end }} -{{- if .Values.clusterAgent.admissionController.enabled }} -- apiGroups: - - admissionregistration.k8s.io - resources: - - mutatingwebhookconfigurations - verbs: ["get", "list", "watch", "update", "create"] -- apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list", "watch", "update", "create"] -- apiGroups: ["batch"] - resources: ["jobs", "cronjobs"] - verbs: ["get"] -- apiGroups: ["apps"] - resources: ["statefulsets", "replicasets", "deployments"] - verbs: ["get"] -{{- end }} ---- -apiVersion: {{ template "rbac.apiVersion" . }} -kind: ClusterRoleBinding -metadata: - labels: - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - name: {{ template "datadog.fullname" . }}-cluster-agent -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "datadog.fullname" . }}-cluster-agent -subjects: - - kind: ServiceAccount - name: {{ template "datadog.fullname" . }}-cluster-agent - namespace: {{ .Release.Namespace }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app: "{{ template "datadog.fullname" . }}" - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - heritage: {{ .Release.Service | quote }} - release: {{ .Release.Name | quote }} - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - name: {{ template "datadog.fullname" . }}-cluster-agent -{{- end }} - -{{- if and .Values.clusterAgent.enabled .Values.clusterAgent.rbac.create .Values.clusterAgent.metricsProvider.enabled }} ---- -apiVersion: {{ template "rbac.apiVersion" . }} -kind: ClusterRoleBinding -metadata: - labels: - app: "{{ template "datadog.fullname" . }}" - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - name: {{ template "datadog.fullname" . }}-cluster-agent:system:auth-delegator -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:auth-delegator -subjects: - - kind: ServiceAccount - name: {{ template "datadog.fullname" . }}-cluster-agent - namespace: {{ .Release.Namespace }} ---- -apiVersion: {{ template "rbac.apiVersion" . }} -kind: RoleBinding -metadata: - labels: - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - name: "{{ template "datadog.fullname" . }}-cluster-agent" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: extension-apiserver-authentication-reader -subjects: - - kind: ServiceAccount - name: {{ template "datadog.fullname" . }}-cluster-agent - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/charts/datadog/datadog/2.4.200/templates/confd-configmap.yaml b/charts/datadog/datadog/2.4.200/templates/confd-configmap.yaml deleted file mode 100755 index 44d64966c..000000000 --- a/charts/datadog/datadog/2.4.200/templates/confd-configmap.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if (or (.Values.datadog.confd) (.Values.datadog.autoconf)) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "datadog.fullname" . }}-confd - labels: - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - annotations: - checksum/confd-config: {{ tpl (toYaml .Values.datadog.confd) . | sha256sum }} - checksum/autoconf-config: {{ tpl (toYaml .Values.datadog.autoconf) . | sha256sum }} -data: -{{/* -Merge the legacy autoconf dict before so confd static configurations -override duplicates -*/}} -{{- if .Values.datadog.autoconf }} -{{ tpl (toYaml .Values.datadog.autoconf) . | indent 2 }} -{{- end }} -{{- if .Values.datadog.confd }} -{{ tpl (toYaml .Values.datadog.confd) . | indent 2 }} -{{- end }} -{{- end -}} diff --git a/charts/datadog/datadog/2.4.200/templates/container-agent.yaml b/charts/datadog/datadog/2.4.200/templates/container-agent.yaml deleted file mode 100755 index 99ac7e2a2..000000000 --- a/charts/datadog/datadog/2.4.200/templates/container-agent.yaml +++ /dev/null @@ -1,161 +0,0 @@ -{{- define "container-agent" -}} -- name: agent - image: "{{ .Values.agents.image.repository }}:{{ .Values.agents.image.tag }}" - imagePullPolicy: {{ .Values.agents.image.pullPolicy }} - command: ["agent", "run"] - resources: -{{ toYaml .Values.agents.containers.agent.resources | indent 4 }} - ports: - - containerPort: {{ .Values.datadog.dogstatsd.port }} - {{- if .Values.datadog.dogstatsd.useHostPort }} - hostPort: {{ .Values.datadog.dogstatsd.port }} - {{- end }} - name: dogstatsdport - protocol: UDP - env: - {{- include "containers-common-env" . | nindent 4 }} - {{- if .Values.datadog.logLevel }} - - name: DD_LOG_LEVEL - value: {{ .Values.agents.containers.agent.logLevel | default .Values.datadog.logLevel | quote }} - {{- end }} - {{- if .Values.datadog.dogstatsd.port }} - - name: DD_DOGSTATSD_PORT - value: {{ .Values.datadog.dogstatsd.port | quote }} - {{- end }} - {{- if .Values.datadog.dogstatsd.nonLocalTraffic }} - - name: DD_DOGSTATSD_NON_LOCAL_TRAFFIC - value: {{ .Values.datadog.dogstatsd.nonLocalTraffic | quote }} - {{- end }} - {{- if .Values.datadog.dogstatsd.originDetection }} - - name: DD_DOGSTATSD_ORIGIN_DETECTION - value: {{ .Values.datadog.dogstatsd.originDetection | quote }} - {{- end }} - {{- if not .Values.clusterAgent.enabled }} - {{- if .Values.datadog.leaderElection }} - - name: DD_LEADER_ELECTION - value: {{ .Values.datadog.leaderElection | quote}} - {{- end }} - {{- if .Values.datadog.leaderLeaseDuration }} - - name: DD_LEADER_LEASE_DURATION - value: {{ .Values.datadog.leaderLeaseDuration | quote }} - {{- end }} - {{- if .Values.datadog.collectEvents }} - - name: DD_COLLECT_KUBERNETES_EVENTS - value: {{.Values.datadog.collectEvents | quote}} - {{- end }} - {{- else }} - - name: DD_CLUSTER_AGENT_ENABLED - value: {{ .Values.clusterAgent.enabled | quote }} - - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: {{ template "datadog.fullname" . }}-cluster-agent - - name: DD_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: {{ template "clusterAgent.tokenSecretName" . }} - key: token - {{- end }} - - name: DD_APM_ENABLED - value: "false" - - name: DD_LOGS_ENABLED - value: {{ (default false (or .Values.datadog.logs.enabled .Values.datadog.logsEnabled)) | quote}} - - name: DD_LOGS_CONFIG_CONTAINER_COLLECT_ALL - value: {{ (default false (or .Values.datadog.logs.containerCollectAll .Values.datadog.logsConfigContainerCollectAll)) | quote}} - - name: DD_LOGS_CONFIG_K8S_CONTAINER_USE_FILE - value: {{ .Values.datadog.logs.containerCollectUsingFiles | quote }} - {{- if not .Values.datadog.livenessProbe }} - - name: DD_HEALTH_PORT - value: "5555" - {{- end }} - {{- if .Values.datadog.dogstatsd.useSocketVolume }} - - name: DD_DOGSTATSD_SOCKET - value: {{ .Values.datadog.dogstatsd.socketPath | quote }} - {{- end }} - {{- if .Values.datadog.clusterChecks.enabled }} - {{- if .Values.clusterChecksRunner.enabled }} - - name: DD_EXTRA_CONFIG_PROVIDERS - value: "endpointschecks" - {{ else }} - - name: DD_EXTRA_CONFIG_PROVIDERS - value: "clusterchecks endpointschecks" - {{- end }} - {{- end }} -{{- if .Values.agents.containers.agent.env }} -{{ toYaml .Values.agents.containers.agent.env | indent 4 }} -{{- end }} - volumeMounts: - - name: installinfo - subPath: install_info - {{- if eq .Values.targetSystem "windows" }} - mountPath: C:/ProgramData/Datadog/install_info - {{- else }} - mountPath: /etc/datadog-agent/install_info - {{- end }} - readOnly: true - - name: config - mountPath: {{ template "datadog.confPath" . }} - {{- if eq .Values.targetSystem "linux" }} - - name: runtimesocketdir - mountPath: {{ print "/host/" (dir (include "datadog.dockerOrCriSocketPath" .)) | clean }} - readOnly: true - {{- end }} - {{- if eq .Values.targetSystem "windows" }} - - name: runtimesocket - mountPath: {{ template "datadog.dockerOrCriSocketPath" . }} - {{- end }} - {{- if .Values.agents.useConfigMap }} - - name: {{ template "datadog.fullname" . }}-datadog-yaml - mountPath: {{ template "datadog.confPath" . }}/datadog.yaml - subPath: datadog.yaml - {{- end }} - {{- if eq .Values.targetSystem "linux" }} - {{- if .Values.datadog.dogstatsd.useSocketVolume }} - - name: dsdsocket - mountPath: {{ (dir .Values.datadog.dogstatsd.socketPath) }} - {{- end }} - {{- if .Values.datadog.systemProbe.enabled }} - - name: sysprobe-socket-dir - mountPath: /var/run/sysprobe - readOnly: true - - name: sysprobe-config - mountPath: /etc/datadog-agent/system-probe.yaml - subPath: system-probe.yaml - {{- end }} - - name: procdir - mountPath: /host/proc - readOnly: true - - name: cgroups - mountPath: /host/sys/fs/cgroup - readOnly: true - {{- if or .Values.datadog.logs.enabled .Values.datadog.logsEnabled }} - - name: pointerdir - mountPath: /opt/datadog-agent/run - - name: logpodpath - mountPath: /var/log/pods - readOnly: true - {{- if not .Values.datadog.criSocketPath }} - - name: logdockercontainerpath - mountPath: /var/lib/docker/containers - readOnly: true - {{- end }} - {{- end }} - {{- end }} - {{- if eq .Values.targetSystem "windows" }} - {{- if or .Values.datadog.logs.enabled .Values.datadog.logsEnabled }} - - name: pointerdir - mountPath: C:/var/log - - name: logpodpath - mountPath: C:/var/log/pods - readOnly: true - - name: logdockercontainerpath - mountPath: C:/ProgramData/docker/containers - readOnly: true - {{- end }} - {{- end }} -{{- if .Values.agents.volumeMounts }} -{{ toYaml .Values.agents.volumeMounts | indent 4 }} -{{- end }} - livenessProbe: -{{ toYaml .Values.agents.containers.agent.livenessProbe | indent 4 }} - readinessProbe: -{{ toYaml .Values.agents.containers.agent.readinessProbe | indent 4 }} -{{- end -}} diff --git a/charts/datadog/datadog/2.4.200/templates/container-process-agent.yaml b/charts/datadog/datadog/2.4.200/templates/container-process-agent.yaml deleted file mode 100755 index d0c60c54f..000000000 --- a/charts/datadog/datadog/2.4.200/templates/container-process-agent.yaml +++ /dev/null @@ -1,72 +0,0 @@ -{{- define "container-process-agent" -}} -- name: process-agent - image: "{{ .Values.agents.image.repository }}:{{ .Values.agents.image.tag }}" - imagePullPolicy: {{ .Values.agents.image.pullPolicy }} - {{- if eq .Values.targetSystem "linux" }} - command: ["process-agent", "-config={{ template "datadog.confPath" . }}/datadog.yaml"] - {{- end }} - {{- if eq .Values.targetSystem "windows" }} - command: ["process-agent", "-foreground", "-config={{ template "datadog.confPath" . }}/datadog.yaml"] - {{- end }} - resources: -{{ toYaml .Values.agents.containers.processAgent.resources | indent 4 }} - env: - {{- include "containers-common-env" . | nindent 4 }} - {{- if .Values.datadog.processAgent.processCollection }} - - name: DD_PROCESS_AGENT_ENABLED - value: "true" - {{- end }} - - name: DD_LOG_LEVEL - value: {{ .Values.agents.containers.processAgent.logLevel | default .Values.datadog.logLevel | quote }} - {{- if .Values.datadog.systemProbe.enabled }} - - name: DD_SYSTEM_PROBE_ENABLED - value: {{ .Values.datadog.systemProbe.enabled | quote }} - {{- end }} - {{- if .Values.datadog.orchestratorExplorer.enabled }} - - name: DD_ORCHESTRATOR_EXPLORER_ENABLED - value: "true" - - name: DD_ORCHESTRATOR_CLUSTER_ID - valueFrom: - configMapKeyRef: - name: datadog-cluster-id - key: id - {{- end }} -{{- if .Values.agents.containers.processAgent.env }} -{{ toYaml .Values.agents.containers.processAgent.env | indent 4 }} -{{- end }} - volumeMounts: - - name: config - mountPath: {{ template "datadog.confPath" . }} - {{- if eq .Values.targetSystem "linux" }} - - name: runtimesocketdir - mountPath: {{ print "/host/" (dir (include "datadog.dockerOrCriSocketPath" .)) | clean }} - readOnly: true - {{- end }} - {{- if eq .Values.targetSystem "windows" }} - - name: runtimesocket - mountPath: {{ template "datadog.dockerOrCriSocketPath" . }} - {{- end }} - {{- if .Values.agents.useConfigMap }} - - name: {{ template "datadog.fullname" . }}-datadog-yaml - mountPath: {{ template "datadog.confPath" . }}/datadog.yaml - subPath: datadog.yaml - {{- end }} - {{- if eq .Values.targetSystem "linux" }} - - name: cgroups - mountPath: /host/sys/fs/cgroup - readOnly: true - - name: passwd - mountPath: /etc/passwd - - name: procdir - mountPath: /host/proc - readOnly: true - {{- if .Values.datadog.systemProbe.enabled }} - - name: sysprobe-socket-dir - mountPath: /var/run/sysprobe - readOnly: true - - name: sysprobe-config - mountPath: /etc/datadog-agent/system-probe.yaml - subPath: system-probe.yaml - {{- end }} - {{- end }} -{{- end -}} diff --git a/charts/datadog/datadog/2.4.200/templates/container-system-probe.yaml b/charts/datadog/datadog/2.4.200/templates/container-system-probe.yaml deleted file mode 100755 index e56b3f6b6..000000000 --- a/charts/datadog/datadog/2.4.200/templates/container-system-probe.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- define "container-system-probe" -}} -- name: system-probe - image: "{{ .Values.agents.image.repository }}:{{ .Values.agents.image.tag }}" - imagePullPolicy: {{ .Values.agents.image.pullPolicy }} - securityContext: - capabilities: - add: ["SYS_ADMIN", "SYS_RESOURCE", "SYS_PTRACE", "NET_ADMIN", "IPC_LOCK"] - command: ["/opt/datadog-agent/embedded/bin/system-probe", "--config=/etc/datadog-agent/system-probe.yaml"] - env: - - name: DD_LOG_LEVEL - value: {{ .Values.agents.containers.systemProbe.logLevel | default .Values.datadog.logLevel | quote }} -{{- if .Values.agents.containers.systemProbe.env }} -{{ toYaml .Values.agents.containers.systemProbe.env | indent 4 }} -{{- end }} - resources: -{{ toYaml .Values.agents.containers.systemProbe.resources | indent 4 }} - volumeMounts: - - name: debugfs - mountPath: /sys/kernel/debug - - name: sysprobe-config - mountPath: /etc/datadog-agent - - name: sysprobe-socket-dir - mountPath: /var/run/sysprobe - - name: procdir - mountPath: /host/proc - readOnly: true - - name: modules - mountPath: /lib/modules - readOnly: true - - name: src - mountPath: /usr/src - readOnly: true -{{- end -}} diff --git a/charts/datadog/datadog/2.4.200/templates/container-trace-agent.yaml b/charts/datadog/datadog/2.4.200/templates/container-trace-agent.yaml deleted file mode 100755 index ff64c5113..000000000 --- a/charts/datadog/datadog/2.4.200/templates/container-trace-agent.yaml +++ /dev/null @@ -1,58 +0,0 @@ -{{- define "container-trace-agent" -}} -- name: trace-agent - image: "{{ .Values.agents.image.repository }}:{{ .Values.agents.image.tag }}" - imagePullPolicy: {{ .Values.agents.image.pullPolicy }} - {{- if eq .Values.targetSystem "linux" }} - command: ["trace-agent", "-config={{ template "datadog.confPath" . }}/datadog.yaml"] - {{- end }} - {{- if eq .Values.targetSystem "windows" }} - command: ["trace-agent", "-foreground", "-config={{ template "datadog.confPath" . }}/datadog.yaml"] - {{- end }} - resources: -{{ toYaml .Values.agents.containers.traceAgent.resources | indent 4 }} - ports: - - containerPort: {{ .Values.datadog.apm.port }} - hostPort: {{ .Values.datadog.apm.port }} - name: traceport - protocol: TCP - env: - {{- include "containers-common-env" . | nindent 4 }} - - name: DD_LOG_LEVEL - value: {{ .Values.agents.containers.traceAgent.logLevel | default .Values.datadog.logLevel | quote }} - - name: DD_APM_ENABLED - value: "true" - - name: DD_APM_NON_LOCAL_TRAFFIC - value: "true" - - name: DD_APM_RECEIVER_PORT - value: {{ .Values.datadog.apm.port | quote }} - {{- if .Values.datadog.apm.useSocketVolume }} - - name: DD_APM_RECEIVER_SOCKET - value: {{ .Values.datadog.apm.socketPath | quote }} - {{- end }} -{{- if .Values.agents.containers.traceAgent.env }} -{{ toYaml .Values.agents.containers.traceAgent.env | indent 4 }} -{{- end }} - volumeMounts: - - name: config - mountPath: {{ template "datadog.confPath" . }} - {{- if .Values.agents.useConfigMap }} - - name: {{ template "datadog.fullname" . }}-datadog-yaml - mountPath: {{ template "datadog.confPath" . }}/datadog.yaml - subPath: datadog.yaml - {{- end }} - {{- if eq .Values.targetSystem "linux" }} - - name: runtimesocketdir - mountPath: {{ print "/host/" (dir (include "datadog.dockerOrCriSocketPath" .)) | clean }} - readOnly: true - {{- end }} - {{- if eq .Values.targetSystem "windows" }} - - name: runtimesocket - mountPath: {{ template "datadog.dockerOrCriSocketPath" . }} - {{- end }} - {{- if .Values.datadog.apm.useSocketVolume }} - - name: apmsocket - mountPath: {{ (dir .Values.datadog.apm.socketPath) }} - {{- end }} - livenessProbe: -{{ toYaml .Values.agents.containers.traceAgent.livenessProbe | indent 4 }} -{{- end -}} diff --git a/charts/datadog/datadog/2.4.200/templates/containers-common-env.yaml b/charts/datadog/datadog/2.4.200/templates/containers-common-env.yaml deleted file mode 100755 index d8dd0fba6..000000000 --- a/charts/datadog/datadog/2.4.200/templates/containers-common-env.yaml +++ /dev/null @@ -1,95 +0,0 @@ -# The purpose of this template is to define a minimal set of environment -# variables required to operate dedicated containers in the daemonset -{{- define "containers-common-env" -}} -- name: DD_API_KEY - valueFrom: - secretKeyRef: - name: {{ template "datadog.apiSecretName" . }} - key: api-key -{{- if semverCompare "^1.7-0" .Capabilities.KubeVersion.GitVersion }} -- name: DD_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP -{{- end }} -{{- if .Values.datadog.clusterName }} -{{- if not (regexMatch "^([a-z]([a-z0-9\\-]{0,38}[a-z0-9])?\\.)*([a-z]([a-z0-9\\-]{0,38}[a-z0-9])?)$" .Values.datadog.clusterName) }} -{{- fail "Your `clusterName` isn’t valid. It must be dot-separated tokens where a token start with a lowercase letter followed by up to 39 lowercase letters, numbers, or hyphens and cannot end with a hyphen."}} -{{- end}} -- name: DD_CLUSTER_NAME - value: {{ .Values.datadog.clusterName | quote }} -{{- end }} -{{- if .Values.datadog.tags }} -- name: DD_TAGS - value: {{ .Values.datadog.tags | join " " | quote }} -{{- end }} -{{- if .Values.datadog.nodeLabelsAsTags }} -- name: DD_KUBERNETES_NODE_LABELS_AS_TAGS - value: '{{ toJson .Values.datadog.nodeLabelsAsTags }}' -{{- end }} -{{- if .Values.datadog.podLabelsAsTags }} -- name: DD_KUBERNETES_POD_LABELS_AS_TAGS - value: '{{ toJson .Values.datadog.podLabelsAsTags }}' -{{- end }} -{{- if .Values.datadog.podAnnotationsAsTags }} -- name: DD_KUBERNETES_POD_ANNOTATIONS_AS_TAGS - value: '{{ toJson .Values.datadog.podAnnotationsAsTags }}' -{{- end }} -- name: KUBERNETES - value: "yes" -{{- if .Values.datadog.site }} -- name: DD_SITE - value: {{ .Values.datadog.site | quote }} -{{- end }} -{{- if .Values.datadog.dd_url }} -- name: DD_DD_URL - value: {{ .Values.datadog.dd_url | quote }} -{{- end }} -{{- if .Values.datadog.env }} -{{ toYaml .Values.datadog.env }} -{{- end }} -{{- if .Values.datadog.acInclude }} -- name: DD_AC_INCLUDE - value: {{ .Values.datadog.acInclude | quote }} -{{- end }} -{{- if .Values.datadog.acExclude }} -- name: DD_AC_EXCLUDE - value: {{ .Values.datadog.acExclude | quote }} -{{- end }} -{{- if .Values.datadog.containerInclude }} -- name: DD_CONTAINER_INCLUDE - value: {{ .Values.datadog.containerInclude | quote }} -{{- end }} -{{- if .Values.datadog.containerExclude }} -- name: DD_CONTAINER_EXCLUDE - value: {{ .Values.datadog.containerExclude | quote }} -{{- end }} -{{- if .Values.datadog.containerIncludeMetrics }} -- name: DD_CONTAINER_INCLUDE_METRICS - value: {{ .Values.datadog.containerIncludeMetrics | quote }} -{{- end }} -{{- if .Values.datadog.containerExcludeMetrics }} -- name: DD_CONTAINER_EXCLUDE_METRICS - value: {{ .Values.datadog.containerExcludeMetrics | quote }} -{{- end }} -{{- if .Values.datadog.containerIncludeLogs }} -- name: DD_CONTAINER_INCLUDE_LOGS - value: {{ .Values.datadog.containerIncludeLogs | quote }} -{{- end }} -{{- if .Values.datadog.containerExcludeLogs }} -- name: DD_CONTAINER_EXCLUDE_LOGS - value: {{ .Values.datadog.containerExcludeLogs | quote }} -{{- end }} -{{- if .Values.datadog.criSocketPath }} -- name: DD_CRI_SOCKET_PATH - value: {{ print "/host/" .Values.datadog.criSocketPath | clean }} -{{- else }} -- name: DOCKER_HOST -{{- if eq .Values.targetSystem "linux" }} - value: unix://{{ print "/host/" (include "datadog.dockerOrCriSocketPath" .) | clean }} -{{- end }} -{{- if eq .Values.targetSystem "windows" }} - value: npipe://{{ (include "datadog.dockerOrCriSocketPath" .) | replace "\\" "/" }} -{{- end }} -{{- end }} -{{- end -}} diff --git a/charts/datadog/datadog/2.4.200/templates/containers-init-linux.yaml b/charts/datadog/datadog/2.4.200/templates/containers-init-linux.yaml deleted file mode 100755 index bfb0ef1ea..000000000 --- a/charts/datadog/datadog/2.4.200/templates/containers-init-linux.yaml +++ /dev/null @@ -1,51 +0,0 @@ -{{- define "containers-init-linux" -}} -- name: init-volume - image: "{{ .Values.agents.image.repository }}:{{ .Values.agents.image.tag }}" - imagePullPolicy: {{ .Values.agents.image.pullPolicy }} - command: ["bash", "-c"] - args: - - cp -r /etc/datadog-agent /opt - volumeMounts: - - name: config - mountPath: /opt/datadog-agent - resources: -{{ toYaml .Values.agents.containers.initContainers.resources | indent 4 }} -- name: init-config - image: "{{ .Values.agents.image.repository }}:{{ .Values.agents.image.tag }}" - imagePullPolicy: {{ .Values.agents.image.pullPolicy }} - command: ["bash", "-c"] - args: - - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done - volumeMounts: - - name: config - mountPath: /etc/datadog-agent - {{- if (or (.Values.datadog.confd) (.Values.datadog.autoconf)) }} - - name: confd - mountPath: /conf.d - readOnly: true - {{- end }} - {{- if .Values.datadog.checksd }} - - name: checksd - mountPath: /checks.d - readOnly: true - {{- end }} - - name: procdir - mountPath: /host/proc - readOnly: true - - name: runtimesocketdir - mountPath: {{ print "/host/" (dir (include "datadog.dockerOrCriSocketPath" .)) | clean }} - readOnly: true - {{- if .Values.datadog.systemProbe.enabled }} - - name: sysprobe-config - mountPath: /etc/datadog-agent/system-probe.yaml - subPath: system-probe.yaml - {{- end }} - env: - {{- include "containers-common-env" . | nindent 4 }} - {{- if and (not .Values.clusterAgent.enabled) .Values.datadog.leaderElection }} - - name: DD_LEADER_ELECTION - value: {{ .Values.datadog.leaderElection | quote }} - {{- end }} - resources: -{{ toYaml .Values.agents.containers.initContainers.resources | indent 4 }} -{{- end -}} diff --git a/charts/datadog/datadog/2.4.200/templates/containers-init-windows.yaml b/charts/datadog/datadog/2.4.200/templates/containers-init-windows.yaml deleted file mode 100755 index e5ae9ec88..000000000 --- a/charts/datadog/datadog/2.4.200/templates/containers-init-windows.yaml +++ /dev/null @@ -1,38 +0,0 @@ -{{- define "containers-init-windows" -}} -- name: init-volume - image: "{{ .Values.agents.image.repository }}:{{ .Values.agents.image.tag }}" - imagePullPolicy: {{ .Values.agents.image.pullPolicy }} - command: ["pwsh", "-Command"] - args: - - Copy-Item -Recurse -Force {{ template "datadog.confPath" . }} C:/Temp - volumeMounts: - - name: config - mountPath: C:/Temp/Datadog - resources: -{{ toYaml .Values.agents.containers.initContainers.resources | indent 4 }} -- name: init-config - image: "{{ .Values.agents.image.repository }}:{{ .Values.agents.image.tag }}" - imagePullPolicy: {{ .Values.agents.image.pullPolicy }} - command: ["pwsh", "-Command"] - args: - - Get-ChildItem 'entrypoint-ps1' | ForEach-Object { & $_.FullName if (-Not $?) { exit 1 } } - volumeMounts: - - name: config - mountPath: {{ template "datadog.confPath" . }} - {{- if (or (.Values.datadog.confd) (.Values.datadog.autoconf)) }} - - name: confd - mountPath: C:/conf.d - readOnly: true - {{- end }} - {{- if .Values.datadog.checksd }} - - name: checksd - mountPath: C:/checks.d - readOnly: true - {{- end }} - - name: runtimesocket - mountPath: {{ template "datadog.dockerOrCriSocketPath" . }} - env: - {{- include "containers-common-env" . | nindent 4 }} - resources: -{{ toYaml .Values.agents.containers.initContainers.resources | indent 4 }} -{{- end -}} diff --git a/charts/datadog/datadog/2.4.200/templates/daemonset-volumes-linux.yaml b/charts/datadog/datadog/2.4.200/templates/daemonset-volumes-linux.yaml deleted file mode 100755 index 17529c31b..000000000 --- a/charts/datadog/datadog/2.4.200/templates/daemonset-volumes-linux.yaml +++ /dev/null @@ -1,69 +0,0 @@ -{{- define "daemonset-volumes-linux" -}} -- hostPath: - path: /proc - name: procdir -- hostPath: - path: /sys/fs/cgroup - name: cgroups -{{- if .Values.datadog.dogstatsd.useSocketVolume }} -- hostPath: - path: {{ .Values.datadog.dogstatsd.hostSocketPath }} - type: DirectoryOrCreate - name: dsdsocket -{{- end }} -{{- if .Values.datadog.apm.useSocketVolume }} -- hostPath: - path: {{ .Values.datadog.apm.hostSocketPath }} - type: DirectoryOrCreate - name: apmsocket -{{- end }} -- name: s6-run - emptyDir: {} -{{- if (or (.Values.datadog.confd) (.Values.datadog.autoconf)) }} -- name: confd - configMap: - name: {{ template "datadog.fullname" . }}-confd -{{- end }} -{{- if .Values.datadog.systemProbe.enabled }} -- name: sysprobe-config - configMap: - name: {{ template "datadog.fullname" . }}-system-probe-config -{{- if eq .Values.datadog.systemProbe.seccomp "localhost/system-probe" }} -- name: datadog-agent-security - configMap: - name: {{ template "datadog.fullname" . }}-security -- hostPath: - path: {{ .Values.datadog.systemProbe.seccompRoot }} - name: seccomp-root -{{- end }} -- hostPath: - path: /sys/kernel/debug - name: debugfs -- name: sysprobe-socket-dir - emptyDir: {} -- hostPath: - path: /lib/modules - name: modules -- hostPath: - path: /usr/src - name: src -{{- end }} -{{- if or .Values.datadog.processAgent.enabled .Values.datadog.systemProbe.enabled }} -- hostPath: - path: /etc/passwd - name: passwd -{{- end }} -{{- if or .Values.datadog.logs.enabled .Values.datadog.logsEnabled }} -- hostPath: - path: "/var/lib/datadog-agent/logs" - name: pointerdir -- hostPath: - path: /var/log/pods - name: logpodpath -{{- if not .Values.datadog.criSocketPath }} -- hostPath: - path: /var/lib/docker/containers - name: logdockercontainerpath -{{- end }} -{{- end }} -{{- end -}} diff --git a/charts/datadog/datadog/2.4.200/templates/daemonset-volumes-windows.yaml b/charts/datadog/datadog/2.4.200/templates/daemonset-volumes-windows.yaml deleted file mode 100755 index eb9e0fd52..000000000 --- a/charts/datadog/datadog/2.4.200/templates/daemonset-volumes-windows.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- define "daemonset-volumes-windows" -}} -{{- if or .Values.datadog.logs.enabled .Values.datadog.logsEnabled }} -- hostPath: - path: C:/var/log - name: pointerdir -- hostPath: - path: C:/var/log/pods - name: logpodpath -- hostPath: - path: C:/ProgramData/docker/containers - name: logdockercontainerpath -{{- end }} -{{- end -}} diff --git a/charts/datadog/datadog/2.4.200/templates/daemonset.yaml b/charts/datadog/datadog/2.4.200/templates/daemonset.yaml deleted file mode 100755 index 5f3e3a90b..000000000 --- a/charts/datadog/datadog/2.4.200/templates/daemonset.yaml +++ /dev/null @@ -1,150 +0,0 @@ -{{- template "check-version" . }} -{{- if .Values.agents.enabled }} -{{- if (or (.Values.datadog.apiKeyExistingSecret) (.Values.datadog.apiKey)) }} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ template "datadog.fullname" . }} - labels: - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -spec: - selector: - matchLabels: - app: {{ template "datadog.fullname" . }} - {{- if .Values.agents.podLabels }} -{{ toYaml .Values.agents.podLabels | indent 6 }} - {{- end }} - template: - metadata: - labels: - app: {{ template "datadog.fullname" . }} - {{- if .Values.agents.podLabels }} -{{ toYaml .Values.agents.podLabels | indent 8 }} - {{- end }} - name: {{ template "datadog.fullname" . }} - annotations: - checksum/install_info: {{ printf "%s-%s" .Chart.Name .Chart.Version | sha256sum }} - checksum/autoconf-config: {{ tpl (toYaml .Values.datadog.autoconf) . | sha256sum }} - checksum/confd-config: {{ tpl (toYaml .Values.datadog.confd) . | sha256sum }} - checksum/checksd-config: {{ tpl (toYaml .Values.datadog.checksd) . | sha256sum }} - {{- if .Values.agents.customAgentConfig }} - checksum/agent-config: {{ tpl (toYaml .Values.agents.customAgentConfig) . | sha256sum }} - {{- end }} - {{- if .Values.datadog.systemProbe.enabled }} - container.apparmor.security.beta.kubernetes.io/system-probe: {{ .Values.datadog.systemProbe.apparmor }} - container.seccomp.security.alpha.kubernetes.io/system-probe: {{ .Values.datadog.systemProbe.seccomp }} - {{- end }} - {{- if .Values.agents.podAnnotations }} -{{ toYaml .Values.agents.podAnnotations | indent 8 }} - {{- end }} - spec: - {{- if .Values.datadog.securityContext }} - securityContext: -{{ toYaml .Values.datadog.securityContext| indent 8 }} - {{- else if or .Values.agents.podSecurity.podSecurityPolicy.create .Values.agents.podSecurity.securityContextConstraints.create -}} - {{- if and (.Values.agents.podSecurity.securityContext) .Values.agents.podSecurity.securityContext.seLinuxOptions }} - securityContext: - seLinuxOptions: -{{ toYaml .Values.agents.podSecurity.securityContext.seLinuxOptions | indent 10 }} - {{- end }} - {{- end }} - {{- if .Values.agents.useHostNetwork }} - hostNetwork: {{ .Values.agents.useHostNetwork }} - dnsPolicy: ClusterFirstWithHostNet - {{- end }} - {{- if .Values.agents.dnsConfig }} - dnsConfig: -{{ toYaml .Values.agents.dnsConfig | indent 8 }} - {{- end }} - {{- if .Values.datadog.dogstatsd.useHostPID }} - hostPID: {{ .Values.datadog.dogstatsd.useHostPID }} - {{- end }} - {{- if .Values.agents.image.pullSecrets }} - imagePullSecrets: -{{ toYaml .Values.agents.image.pullSecrets | indent 8 }} - {{- end }} - {{- if .Values.agents.priorityClassName }} - priorityClassName: {{ .Values.agents.priorityClassName }} - {{- end }} - containers: - {{- include "container-agent" . | nindent 6 }} - {{- if .Values.datadog.apm.enabled }} - {{- include "container-trace-agent" . | nindent 6 }} - {{- end }} - {{- if .Values.datadog.processAgent.enabled }} - {{- include "container-process-agent" . | nindent 6 }} - {{- end }} - {{- if .Values.datadog.systemProbe.enabled }} - {{- include "container-system-probe" . | nindent 6 }} - {{- end }} - initContainers: - {{- if eq .Values.targetSystem "windows" }} - {{ include "containers-init-windows" . | nindent 6 }} - {{- end }} - {{- if eq .Values.targetSystem "linux" }} - {{ include "containers-init-linux" . | nindent 6 }} - {{- end }} - {{- if and .Values.datadog.systemProbe.enabled (eq .Values.datadog.systemProbe.seccomp "localhost/system-probe") }} - {{ include "system-probe-init" . | nindent 6 }} - {{- end }} - volumes: - - name: installinfo - configMap: - name: {{ template "datadog.fullname" . }}-installinfo - - name: config - emptyDir: {} - {{- if eq .Values.targetSystem "linux" }} - - hostPath: - path: {{ dir (include "datadog.dockerOrCriSocketPath" .) }} - name: runtimesocketdir - {{- end }} - {{- if eq .Values.targetSystem "windows" }} - - hostPath: - path: {{ template "datadog.dockerOrCriSocketPath" . }} - name: runtimesocket - {{- end }} - {{- if .Values.datadog.checksd }} - - name: checksd - configMap: - name: {{ template "datadog.fullname" . }}-checksd - {{- end }} - {{- if .Values.agents.useConfigMap }} - - name: {{ template "datadog.fullname" . }}-datadog-yaml - configMap: - name: {{ template "datadog.fullname" . }}-datadog-yaml - {{- end }} - {{- if eq .Values.targetSystem "windows" }} - {{ include "daemonset-volumes-windows" . | nindent 6 }} - {{- end }} - {{- if eq .Values.targetSystem "linux" }} - {{ include "daemonset-volumes-linux" . | nindent 6 }} - {{- end }} -{{- if .Values.agents.volumes }} -{{ toYaml .Values.agents.volumes | indent 6 }} -{{- end }} - tolerations: - {{- if eq .Values.targetSystem "windows" }} - - effect: NoSchedule - key: node.kubernetes.io/os - value: windows - operator: Equal - {{- end }} - {{- if .Values.agents.tolerations }} -{{ toYaml .Values.agents.tolerations | indent 6 }} - {{- end }} - affinity: -{{ toYaml .Values.agents.affinity | indent 8 }} - serviceAccountName: {{ if .Values.agents.rbac.create }}{{ template "datadog.fullname" . }}{{ else }}"{{ .Values.agents.rbac.serviceAccountName }}"{{ end }} - nodeSelector: - {{ template "label.os" . }}: {{ .Values.targetSystem }} - {{- if .Values.agents.nodeSelector }} -{{ toYaml .Values.agents.nodeSelector | indent 8 }} - {{- end }} - updateStrategy: -{{ toYaml .Values.agents.updateStrategy | indent 4 }} -{{ end }} -{{ end }} diff --git a/charts/datadog/datadog/2.4.200/templates/datadog-yaml-configmap.yaml b/charts/datadog/datadog/2.4.200/templates/datadog-yaml-configmap.yaml deleted file mode 100755 index cfb827dfe..000000000 --- a/charts/datadog/datadog/2.4.200/templates/datadog-yaml-configmap.yaml +++ /dev/null @@ -1,51 +0,0 @@ -{{- if .Values.agents.useConfigMap }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "datadog.fullname" . }}-datadog-yaml - labels: - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - annotations: - {{- if .Values.agents.customAgentConfig }} - checksum/agent-config: {{ tpl (toYaml .Values.agents.customAgentConfig) . | sha256sum }} - {{- end }} -data: - datadog.yaml: | - {{- if .Values.agents.customAgentConfig }} -{{ tpl (toYaml .Values.agents.customAgentConfig) . | indent 4 }} - {{- else }} - ## Provides autodetected defaults, for kubernetes environments, - ## please see datadog.yaml.example for all supported options - - # Autodiscovery for Kubernetes - listeners: - - name: kubelet - config_providers: - - name: kubelet - polling: true - - # Enable APM by setting the DD_APM_ENABLED envvar to true, or override this configuration - apm_config: - enabled: true - apm_non_local_traffic: true - max_memory: 0 - max_cpu_percent: 0 - - {{- $version := (.Values.agents.image.tag | toString | trimSuffix "-jmx") }} - {{- $length := len (split "." $version ) -}} - {{- if and (eq $length 1) (ge $version "6") -}} - {{- $version := "6.15" }} - {{- end -}} - {{ if semverCompare ">=6.15" $version }} - # Enable java container awareness (agent version >= 6.15) - jmx_use_container_support: true - {{ else }} - # Enable java cgroup memory awareness (agent version < 6.15) - jmx_use_cgroup_memory_limit: true - {{ end }} - {{- end }} -{{- end }} diff --git a/charts/datadog/datadog/2.4.200/templates/hpa-external-metrics-rbac.yaml b/charts/datadog/datadog/2.4.200/templates/hpa-external-metrics-rbac.yaml deleted file mode 100755 index 4ba6c9557..000000000 --- a/charts/datadog/datadog/2.4.200/templates/hpa-external-metrics-rbac.yaml +++ /dev/null @@ -1,52 +0,0 @@ -{{- if and .Values.clusterAgent.enabled .Values.clusterAgent.rbac.create .Values.clusterAgent.metricsProvider.enabled .Values.clusterAgent.metricsProvider.createReaderRbac -}} -apiVersion: {{ template "rbac.apiVersion" . }} -kind: ClusterRole -metadata: - labels: - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- if contains "-gke." .Capabilities.KubeVersion.GitVersion }} - name: external-metrics-reader -{{- else }} - name: {{ template "datadog.fullname" . }}-cluster-agent-external-metrics-reader -{{- end }} -rules: -- apiGroups: - - "external.metrics.k8s.io" - resources: - - "*" - verbs: - - list - - get - - watch ---- -apiVersion: {{ template "rbac.apiVersion" . }} -kind: ClusterRoleBinding -metadata: - labels: - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- if contains "-gke." .Capabilities.KubeVersion.GitVersion }} - name: external-metrics-reader -{{- else }} - name: {{ template "datadog.fullname" . }}-cluster-agent-external-metrics-reader -{{- end }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole -{{- if contains "-gke." .Capabilities.KubeVersion.GitVersion }} - name: external-metrics-reader -{{- else }} - name: {{ template "datadog.fullname" . }}-cluster-agent-external-metrics-reader -{{- end }} -subjects: -- kind: ServiceAccount - name: horizontal-pod-autoscaler - namespace: kube-system -{{- end -}} diff --git a/charts/datadog/datadog/2.4.200/templates/install_info-configmap.yaml b/charts/datadog/datadog/2.4.200/templates/install_info-configmap.yaml deleted file mode 100755 index 52059f8ae..000000000 --- a/charts/datadog/datadog/2.4.200/templates/install_info-configmap.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "datadog.fullname" . }}-installinfo - labels: - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - annotations: - checksum/install_info: {{ printf "%s-%s" .Chart.Name .Chart.Version | sha256sum }} -data: - install_info: | - --- - install_method: - tool: helm - tool_version: {{ .Release.Service }} - installer_version: {{ .Chart.Name }}-{{ .Chart.Version }} diff --git a/charts/datadog/datadog/2.4.200/templates/rbac.yaml b/charts/datadog/datadog/2.4.200/templates/rbac.yaml deleted file mode 100755 index 74a5b044c..000000000 --- a/charts/datadog/datadog/2.4.200/templates/rbac.yaml +++ /dev/null @@ -1,116 +0,0 @@ -{{- if .Values.agents.rbac.create -}} -apiVersion: {{ template "rbac.apiVersion" . }} -kind: ClusterRole -metadata: - labels: - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - name: {{ template "datadog.fullname" . }} -rules: -{{- if not .Values.clusterAgent.enabled }} -- apiGroups: - - "" - resources: - - services - - events - - endpoints - - pods - - nodes - - componentstatuses - verbs: - - get - - list - - watch -- apiGroups: ["quota.openshift.io"] - resources: - - clusterresourcequotas - verbs: - - get - - list -{{- if .Values.datadog.collectEvents }} -- apiGroups: - - "" - resources: - - configmaps - resourceNames: - - datadogtoken # Kubernetes event collection state - verbs: - - get - - update -{{- end }} -{{- if .Values.datadog.leaderElection }} -- apiGroups: - - "" - resources: - - configmaps - resourceNames: - - datadog-leader-election # Leader election token - verbs: - - get - - update -- apiGroups: # To create the leader election token - - "" - resources: - - configmaps - verbs: - - create -{{- end }} -- nonResourceURLs: - - "/version" - - "/healthz" - verbs: - - get -{{- end }} -- nonResourceURLs: - - "/metrics" - verbs: - - get -- apiGroups: # Kubelet connectivity - - "" - resources: - - nodes/metrics - - nodes/spec - - nodes/proxy - - nodes/stats - verbs: - - get -- apiGroups: # leader election check - - "" - resources: - - endpoints - verbs: - - get ---- -apiVersion: {{ template "rbac.apiVersion" . }} -kind: ClusterRoleBinding -metadata: - labels: - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - name: {{ template "datadog.fullname" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "datadog.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ template "datadog.fullname" . }} - namespace: {{ .Release.Namespace }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - name: {{ template "datadog.fullname" . }} -{{- end -}} diff --git a/charts/datadog/datadog/2.4.200/templates/secrets.yaml b/charts/datadog/datadog/2.4.200/templates/secrets.yaml deleted file mode 100755 index c386893bb..000000000 --- a/charts/datadog/datadog/2.4.200/templates/secrets.yaml +++ /dev/null @@ -1,38 +0,0 @@ -# API Key -{{- if not .Values.datadog.apiKeyExistingSecret }} - -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "datadog.fullname" . }} - labels: - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -type: Opaque -data: - api-key: {{ default "MISSING" .Values.datadog.apiKey | b64enc | quote }} - -{{- end }} - -# APP Key -{{- if not .Values.datadog.appKeyExistingSecret }} -{{- if and .Values.clusterAgent.enabled .Values.clusterAgent.metricsProvider.enabled }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "datadog.appKeySecretName" . }} - labels: - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -type: Opaque -data: - app-key: {{ default "MISSING" .Values.datadog.appKey | b64enc | quote }} -{{- end }} -{{- end }} diff --git a/charts/datadog/datadog/2.4.200/templates/system-probe-configmap.yaml b/charts/datadog/datadog/2.4.200/templates/system-probe-configmap.yaml deleted file mode 100755 index 40059e149..000000000 --- a/charts/datadog/datadog/2.4.200/templates/system-probe-configmap.yaml +++ /dev/null @@ -1,218 +0,0 @@ -{{- if .Values.datadog.systemProbe.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "datadog.fullname" . }}-system-probe-config - namespace: {{ $.Release.Namespace }} - labels: - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -data: - system-probe.yaml: | - system_probe_config: - enabled: {{ $.Values.datadog.systemProbe.enabled }} - debug_port: {{ $.Values.datadog.systemProbe.debugPort }} - sysprobe_socket: /var/run/sysprobe/sysprobe.sock - enable_conntrack: {{ $.Values.datadog.systemProbe.enableConntrack }} - bpf_debug: {{ $.Values.datadog.systemProbe.bpfDebug }} - enable_tcp_queue_length: {{ $.Values.datadog.systemProbe.enableTCPQueueLength }} - enable_oom_kill: {{ $.Values.datadog.systemProbe.enableOOMKill }} - collect_dns_stats: {{ $.Values.datadog.systemProbe.collectDNSStats }} - -{{- if eq .Values.datadog.systemProbe.seccomp "localhost/system-probe" }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "datadog.fullname" . }}-security - namespace: {{ $.Release.Namespace }} - labels: - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -data: - system-probe-seccomp.json: | - { - "defaultAction": "SCMP_ACT_ERRNO", - "syscalls": [ - { - "names": [ - "accept4", - "access", - "arch_prctl", - "bind", - "bpf", - "brk", - "capget", - "capset", - "chdir", - "clock_gettime", - "clone", - "close", - "connect", - "copy_file_range", - "creat", - "dup", - "dup2", - "dup3", - "epoll_create", - "epoll_create1", - "epoll_ctl", - "epoll_ctl_old", - "epoll_pwait", - "epoll_wait", - "epoll_wait", - "epoll_wait_old", - "execve", - "execveat", - "exit", - "exit_group", - "fchmod", - "fchmodat", - "fchown", - "fchown32", - "fchownat", - "fcntl", - "fcntl64", - "fstat", - "fstat64", - "fstatfs", - "fsync", - "futex", - "getcwd", - "getdents", - "getdents64", - "getegid", - "geteuid", - "getgid", - "getpeername", - "getpid", - "getppid", - "getpriority", - "getrandom", - "getresgid", - "getresgid32", - "getresuid", - "getresuid32", - "getrlimit", - "getrusage", - "getsid", - "getsockname", - "getsockopt", - "gettid", - "gettimeofday", - "getuid", - "getxattr", - "ioctl", - "ipc", - "listen", - "lseek", - "lstat", - "lstat64", - "madvise", - "mkdir", - "mkdirat", - "mmap", - "mmap2", - "mprotect", - "mremap", - "munmap", - "nanosleep", - "newfstatat", - "open", - "openat", - "pause", - "perf_event_open", - "pipe", - "pipe2", - "poll", - "ppoll", - "prctl", - "pread64", - "prlimit64", - "pselect6", - "read", - "readlink", - "readlinkat", - "recvfrom", - "recvmmsg", - "recvmsg", - "rename", - "restart_syscall", - "rmdir", - "rt_sigaction", - "rt_sigpending", - "rt_sigprocmask", - "rt_sigqueueinfo", - "rt_sigreturn", - "rt_sigsuspend", - "rt_sigtimedwait", - "rt_tgsigqueueinfo", - "sched_getaffinity", - "sched_yield", - "seccomp", - "select", - "semtimedop", - "send", - "sendmmsg", - "sendmsg", - "sendto", - "set_robust_list", - "set_tid_address", - "setgid", - "setgid32", - "setgroups", - "setgroups32", - "setns", - "setrlimit", - "setsid", - "setsidaccept4", - "setsockopt", - "setuid", - "setuid32", - "sigaltstack", - "socket", - "socketcall", - "socketpair", - "stat", - "stat64", - "statfs", - "sysinfo", - "umask", - "uname", - "unlink", - "unlinkat", - "wait4", - "waitid", - "waitpid", - "write" - ], - "action": "SCMP_ACT_ALLOW", - "args": null - }, - { - "names": [ - "setns" - ], - "action": "SCMP_ACT_ALLOW", - "args": [ - { - "index": 1, - "value": 1073741824, - "valueTwo": 0, - "op": "SCMP_CMP_EQ" - } - ], - "comment": "", - "includes": {}, - "excludes": {} - } - ] - } -{{- end }} -{{- end }} diff --git a/charts/datadog/datadog/2.4.200/templates/system-probe-init.yaml b/charts/datadog/datadog/2.4.200/templates/system-probe-init.yaml deleted file mode 100755 index 3507c7192..000000000 --- a/charts/datadog/datadog/2.4.200/templates/system-probe-init.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- define "system-probe-init" -}} -- name: seccomp-setup - image: "{{ .Values.agents.image.repository }}:{{ .Values.agents.image.tag }}" - command: - - cp - - /etc/config/system-probe-seccomp.json - - /host/var/lib/kubelet/seccomp/system-probe - volumeMounts: - - name: datadog-agent-security - mountPath: /etc/config - - name: seccomp-root - mountPath: /host/var/lib/kubelet/seccomp - resources: -{{ toYaml .Values.agents.containers.initContainers.resources | indent 4 }} -{{- end -}} diff --git a/charts/datadog/datadog/2.4.200/values.yaml b/charts/datadog/datadog/2.4.200/values.yaml deleted file mode 100755 index 8ab4ac1be..000000000 --- a/charts/datadog/datadog/2.4.200/values.yaml +++ /dev/null @@ -1,1254 +0,0 @@ -## Default values for Datadog Agent -## See Datadog helm documentation to learn more: -## https://docs.datadoghq.com/agent/kubernetes/helm/ - -## @param nameOverride - string - optional -## Override name of app. -# -nameOverride: # "" - -## @param fullnameOverride - string - optional -## Override the full qualified app name. -# -fullnameOverride: # "" - -## @param targetSystem - string - required -## Set the target OS for this deployment -## Possible values: linux, windows -# -targetSystem: "linux" - -datadog: - ## @param apiKey - string - required - ## Set this to your Datadog API key before the Agent runs. - ## ref: https://app.datadoghq.com/account/settings#agent/kubernetes - # - apiKey: - - ## @param apiKeyExistingSecret - string - optional - ## Use existing Secret which stores API key instead of creating a new one. - ## If set, this parameter takes precedence over "apiKey". - # - apiKeyExistingSecret: # - - ## @param appKey - string - optional - ## If you are using clusterAgent.metricsProvider.enabled = true, you must set - ## a Datadog application key for read access to your metrics. - # - appKey: # - - ## @param appKeyExistingSecret - string - optional - ## Use existing Secret which stores APP key instead of creating a new one - ## If set, this parameter takes precedence over "appKey". - # - appKeyExistingSecret: # - - ## @param securityContext - object - optional - ## You can modify the security context used to run the containers by - ## modifying the label type below: - # - securityContext: {} - # seLinuxOptions: - # user: "system_u" - # role: "system_r" - # type: "spc_t" - # level: "s0" - - ## @param clusterName - string - optional - ## Set a unique cluster name to allow scoping hosts and Cluster Checks easily - ## The name must be unique and must be dot-separated tokens where a token can be up to 40 characters with the following restrictions: - ## * Lowercase letters, numbers, and hyphens only. - ## * Must start with a letter. - ## * Must end with a number or a letter. - ## Compared to the rules of GKE, dots are allowed whereas they are not allowed on GKE: - ## https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#Cluster.FIELDS.name - # - clusterName: # - - ## @param site - string - optional - default: 'datadoghq.com' - ## The site of the Datadog intake to send Agent data to. - ## Set to 'datadoghq.eu' to send data to the EU site. - # - site: # datadoghq.com - - ## @param dd_url - string - optional - default: 'https://app.datadoghq.com' - ## The host of the Datadog intake server to send Agent data to, only set this option - ## if you need the Agent to send data to a custom URL. - ## Overrides the site setting defined in "site". - # - dd_url: # https://app.datadoghq.com - - ## @param logLevel - string - required - ## Set logging verbosity, valid log levels are: - ## trace, debug, info, warn, error, critical, and off - # - logLevel: INFO - - ## @param kubeStateMetricsEnabled - boolean - required - ## If true, deploys the kube-state-metrics deployment. - ## ref: https://github.com/kubernetes/charts/tree/master/stable/kube-state-metrics - # - kubeStateMetricsEnabled: true - - ## @param clusterChecks - object - required - ## Enable the Cluster Checks feature on both the cluster-agents and the daemonset - ## ref: https://docs.datadoghq.com/agent/autodiscovery/clusterchecks/ - ## Autodiscovery via Kube Service annotations is automatically enabled - # - clusterChecks: - enabled: false - - ## @param nodeLabelsAsTags - list of key:value strings - optional - ## Provide a mapping of Kubernetes Node Labels to Datadog Tags. - # - nodeLabelsAsTags: {} - # beta.kubernetes.io/instance-type: aws-instance-type - # kubernetes.io/role: kube_role - # : - - ## @param podLabelsAsTags - list of key:value strings - optional - ## Provide a mapping of Kubernetes Labels to Datadog Tags. - # - podLabelsAsTags: {} - # app: kube_app - # release: helm_release - # : - - ## @param podAnnotationsAsTags - list of key:value strings - optional - ## Provide a mapping of Kubernetes Annotations to Datadog Tags - # - podAnnotationsAsTags: {} - # iam.amazonaws.com/role: kube_iamrole - # : - - ## @param tags - list of key:value elements - optional - ## List of tags to attach to every metric, event and service check collected by this Agent. - ## - ## Learn more about tagging: https://docs.datadoghq.com/tagging/ - # - tags: [] - # - ":" - # - ":" - - ## @param dogstatsd - object - required - ## dogstatsd configuration - ## ref: https://docs.datadoghq.com/agent/kubernetes/dogstatsd/ - ## To emit custom metrics from your Kubernetes application, use DogStatsD. - # - dogstatsd: - ## @param port - integer - optional - default: 8125 - ## Override the Agent DogStatsD port. - ## Note: Make sure your client is sending to the same UDP port. - # - port: 8125 - - ## @param originDetection - boolean - optional - ## Enable origin detection for container tagging - ## https://docs.datadoghq.com/developers/dogstatsd/unix_socket/#using-origin-detection-for-container-tagging - # - originDetection: false - - ## @param useSocketVolume - boolean - optional - ## Enable dogstatsd over Unix Domain Socket - ## ref: https://docs.datadoghq.com/developers/dogstatsd/unix_socket/ - # - useSocketVolume: false - - ## @param socketPath - string - optional - ## Path to the DogStatsD socket - # - socketPath: /var/run/datadog/dsd.socket - - ## @param hostSocketPath - string - optional - ## host path to the DogStatsD socket - # - hostSocketPath: /var/run/datadog/ - - ## @param useHostPort - boolean - optional - ## Sets the hostPort to the same value of the container port. Needs to be used - ## for sending custom metrics. - ## The ports need to be available on all hosts. - ## - ## WARNING: Make sure that hosts using this are properly firewalled otherwise - ## metrics and traces are accepted from any host able to connect to this host. - # - useHostPort: false - - ## @param useHostPID - boolean - optional - ## Run the agent in the host's PID namespace. This is required for Dogstatsd origin - ## detection to work. See https://docs.datadoghq.com/developers/dogstatsd/unix_socket/ - # - useHostPID: false - - ## @param nonLocalTraffic - boolean - optional - default: false - ## Enable this to make each node accept non-local statsd traffic. - ## ref: https://github.com/DataDog/docker-dd-agent#environment-variables - # - nonLocalTraffic: false - - ## @param collectEvents - boolean - optional - default: false - ## Enables this to start event collection from the kubernetes API - ## ref: https://docs.datadoghq.com/agent/kubernetes/event_collection/ - # - collectEvents: false - - ## @param leaderElection - boolean - optional - default: false - ## Enables leader election mechanism for event collection. - # - leaderElection: false - - ## @param leaderLeaseDuration - integer - optional - default: 60 - ## Set the lease time for leader election in second. - # - leaderLeaseDuration: # 60 - - ## @param logs - object - required - ## Enable logs agent and provide custom configs - # - logs: - ## @param enabled - boolean - optional - default: false - ## Enables this to activate Datadog Agent log collection. - ## ref: https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/#log-collection-setup - # - enabled: false - - ## @param containerCollectAll - boolean - optional - default: false - ## Enable this to allow log collection for all containers. - ## ref: https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/#log-collection-setup - # - containerCollectAll: false - - ## @param containerUseFiles - boolean - optional - default: true - ## Collect logs from files in /var/log/pods instead of using container runtime API. - ## It's usually the most efficient way of collecting logs. - ## ref: https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/#log-collection-setup - # - containerCollectUsingFiles: true - - ## @param apm - object - required - ## Enable apm agent and provide custom configs - # - apm: - ## @param enabled - boolean - optional - default: false - ## Enable this to enable APM and tracing, on port 8126 - ## ref: https://github.com/DataDog/docker-dd-agent#tracing-from-the-host - # - enabled: false - - ## @param port - integer - optional - default: 8126 - ## Override the trace Agent port. - ## Note: Make sure your client is sending to the same UDP port. - # - port: 8126 - - ## @param useSocketVolume - boolean - optional - ## Enable APM over Unix Domain Socket - ## ref: https://docs.datadoghq.com/agent/kubernetes/apm/ - # - useSocketVolume: false - - ## @param socketPath - string - optional - ## Path to the trace-agent socket - # - socketPath: /var/run/datadog/apm.socket - - ## @param hostSocketPath - string - optional - ## host path to the trace-agent socket - # - hostSocketPath: /var/run/datadog/ - - ## @param env - list of object - optional - ## The dd-agent supports many environment variables - ## ref: https://docs.datadoghq.com/agent/docker/?tab=standard#environment-variables - # - env: [] - # - name: - # value: - - ## @param confd - list of objects - optional - ## Provide additional check configurations (static and Autodiscovery) - ## Each key becomes a file in /conf.d - ## ref: https://github.com/DataDog/datadog-agent/tree/master/Dockerfiles/agent#optional-volumes - ## ref: https://docs.datadoghq.com/agent/autodiscovery/ - # - confd: {} - # redisdb.yaml: |- - # init_config: - # instances: - # - host: "name" - # port: "6379" - # kubernetes_state.yaml: |- - # ad_identifiers: - # - kube-state-metrics - # init_config: - # instances: - # - kube_state_url: http://%%host%%:8080/metrics - - ## @param checksd - list of key:value strings - optional - ## Provide additional custom checks as python code - ## Each key becomes a file in /checks.d - ## ref: https://github.com/DataDog/datadog-agent/tree/master/Dockerfiles/agent#optional-volumes - # - checksd: {} - # service.py: |- - - ## @param dockerSocketPath - string - optional - ## Path to the docker socket - # - dockerSocketPath: # /var/run/docker.sock - - ## @param criSocketPath - string - optional - ## Path to the container runtime socket (if different from Docker) - ## This is supported starting from agent 6.6.0 - # - criSocketPath: # /var/run/containerd/containerd.sock - - ## @param processAgent - object - required - ## Enable process agent and provide custom configs - # - processAgent: - ## @param enabled - boolean - required - ## Set this to true to enable live process monitoring agent - ## Note: /etc/passwd is automatically mounted to allow username resolution. - ## ref: https://docs.datadoghq.com/graphing/infrastructure/process/#kubernetes-daemonset - # - enabled: true - - ## @param processCollection - boolean - required - ## Set this to true to enable process collection in process monitoring agent - ## Requires processAgent.enabled to be set to true to have any effect - # - processCollection: false - - ## @param systemProbe - object - required - ## Enable systemProbe agent and provide custom configs - # - systemProbe: - ## @param enabled - boolean - required - ## Set this to true to enable system-probe agent - # - enabled: false - - ## @param debugPort - integer - required - ## Specify the port to expose pprof and expvar for system-probe agent - # - debugPort: 0 - - ## @param enableConntrack - boolean - required - ## Enable the system-probe agent to connect to the netlink/conntrack subsystem to add NAT information to connection data - ## Ref: http://conntrack-tools.netfilter.org/ - # - enableConntrack: true - - ## @param seccomp - string - required - ## Apply an ad-hoc seccomp profile to the system-probe agent to restrict its privileges - ## Note that this will break `kubectl exec … -c system-probe -- /bin/bash` - # - seccomp: localhost/system-probe - - ## @param seccompRoot - string - required - ## Specify the seccomp profile root directory - # - seccompRoot: /var/lib/kubelet/seccomp - - ## @param bpfDebug - boolean - required - ## Enable logging for kernel debug - # - bpfDebug: false - - ## @param apparmor profile - string - required - ## specify a apparmor profile for system-probe - # - apparmor: unconfined - - ## @param enableTCPQueueLength - boolean - optional - ## Enable the TCP queue length eBPF-based check - # - enableTCPQueueLength: false - - ## @param enableOOMKill - boolean - optional - ## Enable the OOM kill eBPF-based check - # - enableOOMKill: false - - ## @param collectDNSStats - boolean - optional - ## Enable DNS stat collection - # - collectDNSStats: false - - orchestratorExplorer: - ## @param enabled - boolean - required - ## Set this to true to enable the orchestrator explorer. - ## This requires processAgent.enabled and clusterAgent.enabled to be set to true - ## ref: TODO - add doc link - # - enabled: false - -## @param clusterAgent - object - required -## This is the Datadog Cluster Agent implementation that handles cluster-wide -## metrics more cleanly, separates concerns for better rbac, and implements -## the external metrics API so you can autoscale HPAs based on datadog metrics -## ref: https://docs.datadoghq.com/agent/kubernetes/cluster/ -# -clusterAgent: - ## @param enabled - boolean - required - ## Set this to true to enable Datadog Cluster Agent - # - enabled: false - - ## @param image - object - required - ## Define the Datadog Cluster-Agent image to work with. - # - image: - ## @param repository - string - required - ## Define the repository to use: - # - repository: datadog/cluster-agent - - ## @param tag - string - required - ## Define the Cluster-Agent version to use. - # - tag: 1.7.0 - - ## @param pullPolicy - string - required - ## The Kubernetes pull policy. - # - pullPolicy: IfNotPresent - - ## @param pullSecrets - list of key:value strings - optional - ## It is possible to specify docker registry credentials - ## See https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod - # - pullSecrets: [] - # - name: "" - - ## @param command - array - optional - ## Command to run in the Cluster Agent container - # - command: [] - - ## @param token - string - required - ## This needs to be at least 32 characters a-zA-z - ## It is a preshared key between the node agents and the cluster agent - ## ref: - # - token: "" - - ## @param replicas - integer - required - ## Specify the of cluster agent replicas, if > 1 it allow the cluster agent to - ## work in HA mode. - # - replicas: 1 - - ## @param rbac - object - required - ## Provide Cluster Agent Deployment pod(s) RBAC configuration - rbac: - ## @param created - boolean - required - ## If true, create & use RBAC resources - # - create: true - - ## @param serviceAccountName - string - required - ## Ignored if clusterAgentrbac.create is true - # - serviceAccountName: default - - ## @param metricsProvider - object - required - ## Enable the metricsProvider to be able to scale based on metrics in Datadog - # - metricsProvider: - ## @param enabled - boolean - required - default: false - ## Set this to true to enable Metrics Provider - # - enabled: false - - ## @param wpaController - boolean - optional - ## Enable informer and controller of the watermark pod autoscaler - ## NOTE: You need to install the `WatermarkPodAutoscaler` CRD before - # - wpaController: false - - ## @param useDatadogMetrics - boolean - optional - ## Enable usage of DatadogMetric CRD to autoscale on arbitrary Datadog queries - ## NOTE: You need to install the `DatadogMetric` CRD before - # - useDatadogMetrics: false - - ## @param createReaderRbac - boolean - optional - ## Create `external-metrics-reader` RBAC automatically (to allow HPA to read data from Cluster Agent) - # - createReaderRbac: true - - ## Configuration for the service for the cluster-agent metrics server - # - service: - ## @param type - string - optional - ## - # - type: ClusterIP - ## @param port - int - optional - ## - port: 8443 - - ## @param env - list of object - optional - ## The Cluster-Agent supports many additional environment variables that can - ## be passed literally. - ## ref: https://docs.datadoghq.com/agent/cluster_agent/commands/#cluster-agent-options - # - env: [] - - ## @param admissionController - object - required - ## Enable the admissionController to be able to inject APM/Dogstatsd config - ## and standard tags (env, service, version) automatically into your pods - # - admissionController: - enabled: false - - ## @param mutateUnlabelled - boolean - optional - ## Enable injecting config without having the pod label 'admission.datadoghq.com/enabled="true"' - # - mutateUnlabelled: false - - ## @param confd - list of objects - optional - ## Provide additional cluster check configurations - ## Each key will become a file in /conf.d - ## ref: https://docs.datadoghq.com/agent/autodiscovery/ - # - confd: {} - # mysql.yaml: |- - # cluster_check: true - # instances: - # - server: '' - # port: 3306 - # user: datadog - # pass: '' - - ## @param resources - object -required - ## Datadog cluster-agent resource requests and limits. - # - resources: {} - # requests: - # cpu: 200m - # memory: 256Mi - # limits: - # cpu: 200m - # memory: 256Mi - - ## @param priorityclassName - string - optional - ## Name of the priorityClass to apply to the Cluster Agent - # - priorityClassName: # system-cluster-critical - - ## @param nodeSelector - object - optional - ## Allow the Cluster Agent Deployment to schedule on selected nodes - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ - # - nodeSelector: {} - - ## @param affinity - object - optional - ## Allow the Cluster Agent Deployment to schedule using affinity rules - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - # - affinity: {} - - ## @param healthPort - integer - optional - default: 5555 - ## Port number use the cluster-agent to server healthz endpoint - healthPort: 5555 - - ## @param livenessProbe - object - required - ## Override the agent's liveness probe logic from the default: - ## In case of issues with the probe, you can disable it with the - ## following values, to allow easier investigating: - # - livenessProbe: - httpGet: - port: 5555 - path: /live - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 6 - - ## @param readinessProbe - object - required - ## Override the cluster-agent's readiness probe logic from the default: - # - readinessProbe: - httpGet: - port: 5555 - path: /ready - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 6 - - ## @param strategy - string - required - ## Allow the Cluster Agent deployment to perform a rolling update on helm update - ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy - # - strategy: - type: RollingUpdate - rollingUpdate: - maxSurge: 1 - maxUnavailable: 0 - - ## @param podAnnotations - list of key:value strings - optional - ## Annotations to add to the cluster-agents's pod(s) - # - podAnnotations: {} - # key: "value" - - ## @param useHostNetwork - boolean - optional - ## Bind ports on the hostNetwork. Useful for CNI networking where hostPort might - ## not be supported. The ports need to be available on all hosts. It can be - ## used for custom metrics instead of a service endpoint. - ## - ## WARNING: Make sure that hosts using this are properly firewalled otherwise - ## metrics and traces are accepted from any host able to connect to this host. - # - useHostNetwork: # true - - ## @param dnsConfig - list of objects - optional - ## specify dns configuration options for datadog cluster agent containers e.g ndots - ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config - dnsConfig: {} - # options: - # - name: ndots - # value: "1" - - ## @param volumes - list of objects - optional - ## Specify additional volumes to mount in the cluster-agent container - # - volumes: [] - # - hostPath: - # path: - # name: - - ## @param volumeMounts - list of objects - optional - ## Specify additional volumes to mount in the cluster-agent container - # - volumeMounts: [] - # - name: - # mountPath: - # readOnly: true - - ## @param datadog-cluster.yaml - object - optional - ## Specify custom contents for the datadog cluster agent config (datadog-cluster.yaml). - # - datadog_cluster_yaml: {} - - ## @param createPodDisruptionBudget - boolean - optional - ## Specify the pod disruption budget to apply to the cluster agents - # - createPodDisruptionBudget: false - -agents: - ## @param enabled - boolean - required - ## You should keep Datadog DaemonSet enabled! - ## The exceptional case could be a situation when you need to run - ## single Datadog pod per every namespace, but you do not need to - ## re-create a DaemonSet for every non-default namespace install. - ## Note: StatsD and DogStatsD work over UDP, so you may not - ## get guaranteed delivery of the metrics in Datadog-per-namespace setup! - # - enabled: true - - ## @param image - object - required - ## Define the Datadog image to work with. - # - image: - ## @param repository - string - required - ## Define the repository to use: - ## use "datadog/agent" for Datadog Agent 7 - ## use "datadog/dogstatsd" for Standalone Datadog Agent DogStatsD 7 - # - repository: datadog/agent - - ## @param tag - string - required - ## Define the Agent version to use. - ## Use 7-jmx to enable jmx fetch collection - # - tag: 7.21.1 - - ## @param doNotCheckTag - boolean - optional - ## By default, the version passed in agents.image.tag is checked - ## for compatibility with the version of the chart. - ## This boolean permits to completely skip this check. - ## This is useful, for example, for custom tags that are not - ## respecting semantic versioning - # - doNotCheckTag: # false - - ## @param pullPolicy - string - required - ## The Kubernetes pull policy. - # - pullPolicy: IfNotPresent - - ## @param pullSecrets - list of key:value strings - optional - ## It is possible to specify docker registry credentials - ## See https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod - # - pullSecrets: [] - # - name: "" - - ## @param rbac - object - required - ## Provide Daemonset RBAC configuration - rbac: - - ## @param created - boolean - required - ## If true, create & use RBAC resources - # - create: true - - ## @param serviceAccountName - string - required - ## Ignored if daemonset.rbac.create is true - # - serviceAccountName: default - - ## @param podSecurity - object - optional - ## Provide Daemonset PodSecurityPolicy configuration - podSecurity: - - ## @param podSecurityPolicy - object - required - ## Provide Daemonset PodSecurityPolicy configuration - podSecurityPolicy: - - ## @param created - boolean - optional - ## If true, create a PodSecurityPolicy resource for Agent pods - # - create: false - - ## @param securityContextConstraints - object - required - ## Provide Daemonset securityContextConstraints configuration - securityContextConstraints: - - ## @param created - boolean - optional - ## If true, create a SecurityContextConstraints resource for Agent pods - # - create: false - - ## @param securityContext - object - required - ## Provide securityContext configuration - # - securityContext: - rule: MustRunAs - seLinuxOptions: - user: system_u - role: system_r - type: spc_t - level: s0 - - ## @param privileged - boolean - optional - ## If true, Allow to run privileged containers - # - privileged: false - - ## @param capabilites - list - optional - ## Allowed capabilites - # - capabilites: - - SYS_ADMIN - - SYS_RESOURCE - - SYS_PTRACE - - NET_ADMIN - - NET_BROADCAST - - IPC_LOCK - - ## @param volumes - list - optional - ## Allowed volumes types - # - volumes: - - configMap - - downwardAPI - - emptyDir - - hostPath - - secret - - ## @param seccompProfiles - list - optional - ## Allowed seccomp profiles - # - seccompProfiles: - - "runtime/default" - - "localhost/system-probe" - - ## @param apparmorProfiles - list - optional - ## Allowed apparmor profiles - # - apparmorProfiles: - - "runtime/default" - - containers: - agent: - ## @param env - list - required - ## Additional environment variables for the agent container. - # - env: [] - - ## @param logLevel - string - optional - ## Set logging verbosity, valid log levels are: - ## trace, debug, info, warn, error, critical, and off. - ## If not set, fall back to the value of datadog.logLevel. - # - logLevel: # INFO - - ## @param resources - object - required - ## Resource requests and limits for the agent container. - # - resources: {} - # requests: - # cpu: 200m - # memory: 256Mi - # limits: - # cpu: 200m - # memory: 256Mi - - ## @param livenessProbe - object - required - ## Override the agent's liveness probe logic from the default: - ## In case of issues with the probe, you can disable it with the - ## following values, to allow easier investigating: - # - livenessProbe: - httpGet: - path: /live - port: 5555 - initialDelaySeconds: 15 - periodSeconds: 15 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 6 - - ## @param readinessProbe - object - required - ## Override the agent's readiness probe logic from the default: - ## In case of issues with the probe, you can disable it with the - ## following values, to allow easier investigating: - # - readinessProbe: - httpGet: - path: /ready - port: 5555 - initialDelaySeconds: 15 - periodSeconds: 15 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 6 - - processAgent: - ## @param env - list - required - ## Additional environment variables for the process-agent container. - # - env: [] - - ## @param logLevel - string - optional - ## Set logging verbosity, valid log levels are: - ## trace, debug, info, warn, error, critical, and off. - ## If not set, fall back to the value of datadog.logLevel. - # - logLevel: # INFO - - ## @param resources - object - required - ## Resource requests and limits for the process-agent container. - # - resources: {} - # requests: - # cpu: 100m - # memory: 200Mi - # limits: - # cpu: 100m - # memory: 200Mi - - traceAgent: - ## @param env - list - required - ## Additional environment variables for the trace-agent container. - # - env: - - ## @param logLevel - string - optional - ## Set logging verbosity, valid log levels are: - ## trace, debug, info, warn, error, critical, and off. - ## If not set, fall back to the value of datadog.logLevel. - # - logLevel: # INFO - - ## @param resources - object - required - ## Resource requests and limits for the trace-agent container. - # - resources: {} - # requests: - # cpu: 100m - # memory: 200Mi - # limits: - # cpu: 100m - # memory: 200Mi - - ## @param livenessProbe - object - optional - ## Override the trace agent's liveness probe logic from the default: - ## In case of issues with the probe, you can disable it with the - ## following values, to allow easier investigating: - # - livenessProbe: - tcpSocket: - port: 8126 - initialDelaySeconds: 15 - periodSeconds: 15 - timeoutSeconds: 5 - - systemProbe: - ## @param env - list - required - ## Additional environment variables for the system-probe container. - # - env: [] - - ## @param logLevel - string - optional - ## Set logging verbosity, valid log levels are: - ## trace, debug, info, warn, error, critical, and off. - ## If not set, fall back to the value of datadog.logLevel. - # - logLevel: # INFO - - ## @param resources - object - required - ## Resource requests and limits for the system-probe container. - # - resources: {} - # requests: - # cpu: 100m - # memory: 200Mi - # limits: - # cpu: 100m - # memory: 200Mi - - initContainers: - ## @param resources - object - required - ## Resource requests and limits for the init containers. - # - resources: {} - # requests: - # cpu: 100m - # memory: 200Mi - # limits: - # cpu: 100m - # memory: 200Mi - - ## @param volumes - list of objects - optional - ## Specify additional volumes to mount in the dd-agent container - # - volumes: [] - # - hostPath: - # path: - # name: - - ## @param volumeMounts - list of objects - optional - ## Specify additional volumes to mount in the dd-agent container - # - volumeMounts: [] - # - name: - # mountPath: - # readOnly: true - - ## @param useHostNetwork - boolean - optional - ## Bind ports on the hostNetwork. Useful for CNI networking where hostPort might - ## not be supported. The ports need to be available on all hosts. It Can be - ## used for custom metrics instead of a service endpoint. - ## - ## WARNING: Make sure that hosts using this are properly firewalled otherwise - ## metrics and traces are accepted from any host able to connect to this host. - # - useHostNetwork: false - - ## @param dnsConfig - list of objects - optional - ## specify dns configuration options for datadog cluster agent containers e.g ndots - ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config - dnsConfig: {} - # options: - # - name: ndots - # value: "1" - - ## @param podAnnotations - list of key:value strings - optional - ## Annotations to add to the DaemonSet's Pods - # - podAnnotations: {} - # : '[{"key": "", "value": ""}]' - - ## @param tolerations - array - optional - ## Allow the DaemonSet to schedule on tainted nodes (requires Kubernetes >= 1.6) - # - tolerations: [] - - ## @param nodeSelector - object - optional - ## Allow the DaemonSet to schedule on selected nodes - ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ - # - nodeSelector: {} - - ## @param affinity - object - optional - ## Allow the DaemonSet to schedule using affinity rules - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - # - affinity: {} - - ## @param updateStrategy - string - optional - ## Allow the DaemonSet to perform a rolling update on helm update - ## ref: https://kubernetes.io/docs/tasks/manage-daemon/update-daemon-set/ - # - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: "10%" - - ## @param priorityClassName - string - optional - ## Sets PriorityClassName if defined. - # - priorityClassName: - - ## @param podLabels - object - optional - ## Sets podLabels if defined. - # - podLabels: {} - - ## @param useConfigMap - boolean - optional - ## Configures a configmap to provide the agent configuration - ## Use this in combination with the `agent.customAgentConfig` parameter. - # - useConfigMap: # false - - ## @param customAgentConfig - object - optional - ## Specify custom contents for the datadog agent config (datadog.yaml). - ## ref: https://docs.datadoghq.com/agent/guide/agent-configuration-files/?tab=agentv6 - ## ref: https://github.com/DataDog/datadog-agent/blob/master/pkg/config/config_template.yaml - ## Note the `agents.useConfigMap` needs to be set to `true` for this parameter to be taken into account. - # - customAgentConfig: {} - # # Autodiscovery for Kubernetes - # listeners: - # - name: kubelet - # config_providers: - # - name: kubelet - # polling: true - # # needed to support legacy docker label config templates - # - name: docker - # polling: true - # - # # Enable APM by setting the DD_APM_ENABLED envvar to true, or override this configuration - # apm_config: - # enabled: false - # apm_non_local_traffic: true - # - # # Enable java cgroup handling. Only one of those options should be enabled, - # # depending on the agent version you are using along that chart. - # - # # agent version < 6.15 - # # jmx_use_cgroup_memory_limit: true - # - # # agent version >= 6.15 - # # jmx_use_container_support: true - -clusterChecksRunner: - ## @param enabled - boolean - required - ## If true, deploys agent dedicated for running the Cluster Checks instead of running in the Daemonset's agents. - ## ref: https://docs.datadoghq.com/agent/autodiscovery/clusterchecks/ - # - enabled: false - - ## @param image - object - required - ## Define the Datadog image to work with. - # - image: - - ## @param repository - string - required - ## Define the repository to use: - ## use "datadog/agent" for Datadog Agent 7 - ## use "datadog/dogstatsd" for Standalone Datadog Agent DogStatsD 7 - # - repository: datadog/agent - - ## @param tag - string - required - ## Define the Agent version to use. - ## Use 7-jmx to enable jmx fetch collection - # - tag: 7.21.1 - - ## @param pullPolicy - string - required - ## The Kubernetes pull policy. - # - pullPolicy: IfNotPresent - - ## @param pullSecrets - list of key:value strings - optional - ## It is possible to specify docker registry credentials - ## See https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod - # - pullSecrets: [] - # - name: "" - - ## @param createPodDisruptionBudget - boolean - optional - ## Specify the pod disruption budget to apply to the cluster checks agents - # - createPodDisruptionBudget: false - - ## @param rbac - object - required - ## Provide Cluster Checks Deployment pods RBAC configuration - rbac: - ## @param created - boolean - required - ## If true, create & use RBAC resources - # - create: true - - ## @param dedicated - boolean - required - ## If true, use a dedicated RBAC resource for the cluster checks agent(s) - # - dedicated: false - - ## @param serviceAccountAnnotations - object - required - ## Annotations to add to the ServiceAccount if clusterChecksRunner.rbac.dedicated is true - # - serviceAccountAnnotations: {} - - ## @param serviceAccountName - string - required - ## Ignored if clusterChecksRunner.rbac.create is true - # - serviceAccountName: default - - ## @param replicas - integer - required - ## If you want to deploy the clusterChecks agent in HA, keep at least clusterChecksRunner.replicas set to 2. - ## And increase the clusterChecksRunner.replicas according to the number of Cluster Checks. - # - replicas: 2 - - ## @param resources - object -required - ## Datadog clusterchecks-agent resource requests and limits. - # - resources: {} - # requests: - # cpu: 200m - # memory: 500Mi - # limits: - # cpu: 200m - # memory: 500Mi - - ## @param affinity - object - optional - ## Allow the ClusterChecks Deployment to schedule using affinity rules. - ## By default, ClusterChecks Deployment Pods are forced to run on different Nodes. - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - # - affinity: {} - - ## @param strategy - string - optional - ## Allow the ClusterChecks deployment to perform a rolling update on helm update - ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy - # - strategy: - type: RollingUpdate - rollingUpdate: - maxSurge: 1 - maxUnavailable: 0 - - ## @param dnsConfig - list of objects - optional - ## specify dns configuration options for datadog cluster agent containers e.g ndots - ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config - dnsConfig: {} - # options: - # - name: ndots - # value: "1" - - ## @param nodeSelector - object - optional - ## Allow the ClusterChecks Deployment to schedule on selected nodes - ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ - # - nodeSelector: {} - - ## @param tolerations - array - required - ## Tolerations for pod assignment - ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - # - tolerations: [] - - ## @param livenessProbe - object - required - ## In case of issues with the probe, you can disable it with the - ## following values, to allow easier investigating: - # - # livenessProbe: - # exec: - # command: ["/bin/true"] - # - livenessProbe: - httpGet: - path: /live - port: 5555 - initialDelaySeconds: 15 - periodSeconds: 15 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 6 - - ## @param readinessProbe - object - required - ## In case of issues with the probe, you can disable it with the - ## following values, to allow easier investigating: - # - # readinessProbe: - # exec: - # command: ["/bin/true"] - # - readinessProbe: - httpGet: - path: /ready - port: 5555 - initialDelaySeconds: 15 - periodSeconds: 15 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 6 - - ## @param env - list of object - optional - ## The dd-agent supports many environment variables - ## ref: https://github.com/DataDog/datadog-agent/tree/master/Dockerfiles/agent#environment-variables - # - env: [] - # - name: - # value: - - ## @param volumes - list of objects - optional - ## Specify additional volumes to mount in the cluster checks container - # - volumes: [] - # - hostPath: - # path: - # name: - - ## @param volumeMounts - list of objects - optional - ## Specify additional volumes to mount in the cluster checks container - # - volumeMounts: [] - # - name: - # mountPath: - # readOnly: true - -kube-state-metrics: - rbac: - ## @param created - boolean - required - ## If true, create & use RBAC resources - # - create: true - - serviceAccount: - ## @param created - boolean - required - ## If true, create ServiceAccount, require rbac kube-state-metrics.rbac.create true - # - create: true - ## @param name - string - required - ## The name of the ServiceAccount to use. - ## If not set and create is true, a name is generated using the fullname template - # - name: - - ## @param resources - object - optional - ## Resource requests and limits for the kube-state-metrics container. - # - resources: {} - # requests: - # cpu: 200m - # memory: 256Mi - # limits: - # cpu: 200m - # memory: 256Mi diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/.helmignore b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/.helmignore deleted file mode 100644 index 50af03172..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/Chart.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/Chart.yaml deleted file mode 100644 index 75d800c2e..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/Chart.yaml +++ /dev/null @@ -1,20 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: dynatrace-oneagent-operator -apiVersion: v2 -appVersion: 0.8.0 -description: The Dynatrace OneAgent Operator Helm chart for Kubernetes and Openshift -home: https://www.dynatrace.com/ -icon: https://assets.dynatrace.com/global/resources/Signet_Logo_RGB_CP_512x512px.png -maintainers: -- email: marco.mader@dynatrace.com - name: DTMad -- email: luis.garcia@dynatrace.com - name: lrgar -- email: michael.mayr@dynatrace.com - name: mmayr-at -name: dynatrace-oneagent-operator -sources: -- https://github.com/Dynatrace/helm-charts -type: application -version: 0.8.0 diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/README.md b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/README.md deleted file mode 100644 index 1f45987fb..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/README.md +++ /dev/null @@ -1,86 +0,0 @@ -# Welcome - -Dynatrace automatically discovers, baselines, and intelligently monitors Kubernetes clusters and workloads. Learn more about Dynatrace at [our website](https://www.dynatrace.com/platform/). - -# Dynatrace OneAgent Operator Helm Chart - -The Dynatrace OneAgent Operator Helm Chart which supports the rollout and lifecycle of [Dynatrace OneAgent](https://www.dynatrace.com/support/help/get-started/introduction/what-is-oneagent/) in Kubernetes and OpenShift clusters. - -This Helm Chart requires Helm 3. - -### Platforms -Depending of the version of the Dynatrace OneAgent Operator, it supports the following platforms: - -| Dynatrace OneAgent Operator Helm Chart version | Kubernetes | OpenShift Container Platform | -| ---------------------------------------------- | ---------- | ---------------------------- | -| v0.8.0 | 1.14+ | 3.11+ | -| v0.7.1 | 1.14+ | 3.11+ | -| v0.6.0 | 1.11+ | 3.11+ | -| v0.5.4 | 1.11+ | 3.11+ | - - -## Quick Start - -The Dynatrace OneAgent Operator acts on its separate namespace `dynatrace`. -It holds the operator deployment and all dependent objects like permissions, custom resources and -corresponding DaemonSets. -To install the Dynatrace OneAgent Operator via Helm run the following command: - -### Adding Dynatrace OneAgent Helm repository -``` -$ helm repo add dynatrace https://raw.githubusercontent.com/Dynatrace/helm-charts/master/repos/stable -``` - -### Prepare tokens - -Generate an API and a PaaS token in your Dynatrace environment. - -https://www.dynatrace.com/support/help/reference/dynatrace-concepts/why-do-i-need-an-environment-id/#create-user-generated-access-tokens - -To install the Dynatrace OneAgent Operator replace the APIUrl, the API token and the PaaS token in command and execute it - -#### Kubernetes -``` -$ kubectl create namespace dynatrace -$ helm install dynatrace-oneagent-operator dynatrace/dynatrace-oneagent-operator -n dynatrace --set platform="kubernetes",oneagent.apiUrl="https://ENVIRONMENTID.live.dynatrace.com/api",secret.apiToken="DYNATRACE_API_TOKEN",secret.paasToken="PLATFORM_AS_A_SERVICE_TOKEN" -``` - -#### OpenShift -``` -$ oc adm new-project --node-selector="" dynatrace -$ helm install dynatrace-oneagent-operator dynatrace/dynatrace-oneagent-operator -n dynatrace --set platform="openshift",oneagent.apiUrl="https://ENVIRONMENTID.live.dynatrace.com/api",secret.apiToken="DYNATRACE_API_TOKEN",secret.paasToken="PLATFORM_AS_A_SERVICE_TOKEN" -``` - -This will automatically install the Dynatrace OneAgent Operator and create OneAgents for every of your nodes. - -## Update procedure - -To update simply update your helm repositories and check the latest version - -``` -$ helm repo update -``` - -You can then check for the latest version by searching your Helm repositories for the Dynatrace OneAgent Operator - -``` -$ helm search repo dynatrace-oneagent-operator -``` - -To then update to the latest version run this command and do not forget to add the `reuse-values` flag to keep your configuration - -``` -$ helm upgrade dynatrace-oneagent-operator dynatrace/dynatrace-oneagent-operator -n dynatrace --reuse-values -``` - -## Uninstall dynatrace-oneagent-operator -Remove OneAgent custom resources and clean-up all remaining OneAgent Operator specific objects: - - -```sh -$ helm uninstall dynatrace-oneagent-operator -n dynatrace -``` - -## License - -Dynatrace OneAgent Operator Helm Chart is under Apache 2.0 license. See [LICENSE](../LICENSE) for details. diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/app-readme.md b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/app-readme.md deleted file mode 100644 index 9376a87ed..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/app-readme.md +++ /dev/null @@ -1,6 +0,0 @@ -# Dynatrace OneAgent Operator - -This is the home of the Dynatrace OneAgent Operator's Helm Chart which supports the rollout and lifecycle of [Dynatrace OneAgent](https://www.dynatrace.com/support/help/get-started/introduction/what-is-oneagent/) in Kubernetes and OpenShift clusters. -Rolling out Dynatrace OneAgent via DaemonSet on a cluster is straightforward. -Maintaining its lifecycle places a burden on the operational team. -Dynatrace OneAgent Operator closes this gap by automating the repetitive steps involved in keeping Dynatrace OneAgent at its latest desired version. diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/crds/dynatrace.com_oneagentapms_crd.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/crds/dynatrace.com_oneagentapms_crd.yaml deleted file mode 100644 index a3fefe9ef..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/crds/dynatrace.com_oneagentapms_crd.yaml +++ /dev/null @@ -1,145 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: oneagentapms.dynatrace.com -spec: - additionalPrinterColumns: - - JSONPath: .spec.apiUrl - name: ApiUrl - type: string - - JSONPath: .spec.tokens - name: Tokens - type: string - - JSONPath: .metadata.creationTimestamp - name: Age - type: date - group: dynatrace.com - names: - categories: - - dynatrace - kind: OneAgentAPM - listKind: OneAgentAPMList - plural: oneagentapms - singular: oneagentapm - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: OneAgentAPM configures the Dynatrace OneAgent for application monitoring - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: OneAgentAPMSpec defines the desired state of OneAgentAPM - properties: - apiUrl: - description: Location of the Dynatrace API to connect to, including - your specific environment ID - type: string - enableIstio: - description: If enabled, Istio on the cluster will be configured automatically - to allow access to the Dynatrace environment - type: boolean - networkZone: - description: 'Optional: Adds the OneAgent to the given NetworkZone' - type: string - proxy: - description: 'Optional: Set custom proxy settings either directly or - from a secret with the field ''proxy''' - properties: - value: - type: string - valueFrom: - type: string - type: object - skipCertCheck: - description: Disable certificate validation checks for installer download - and API communication - type: boolean - tokens: - description: Credentials for the OneAgent to connect back to Dynatrace. - type: string - trustedCAs: - description: 'Optional: Adds custom RootCAs from a configmap' - type: string - required: - - apiUrl - type: object - status: - description: OneAgentAPMStatus defines the observed state of OneAgentAPM - properties: - conditions: - description: Conditions includes status about the current state of the - instance - items: - description: "Condition represents an observation of an object's state. - Conditions are an extension mechanism intended to be used when the - details of an observation are not a priori known or would not apply - to all instances of a given Kind. \n Conditions should be added - to explicitly convey properties that users and components care about - rather than requiring those properties to be inferred from other - observations. Once defined, the meaning of a Condition can not be - changed arbitrarily - it becomes part of the API, and has the same - backwards- and forwards-compatibility concerns of any other part - of the API." - properties: - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - description: ConditionReason is intended to be a one-word, CamelCase - representation of the category of cause of the current status. - It is intended to be used in concise output, such as one-line - kubectl get output, and in summarizing occurrences of causes. - type: string - status: - type: string - type: - description: "ConditionType is the type of the condition and is - typically a CamelCased word or short phrase. \n Condition types - should indicate state in the \"abnormal-true\" polarity. For - example, if the condition indicates when a policy is invalid, - the \"is valid\" case is probably the norm, so the condition - should be called \"Invalid\"." - type: string - required: - - status - - type - type: object - type: array - lastAPITokenProbeTimestamp: - description: LastAPITokenProbeTimestamp tracks when the last request - for the API token validity was sent - format: date-time - type: string - lastPaaSTokenProbeTimestamp: - description: LastPaaSTokenProbeTimestamp tracks when the last request - for the PaaS token validity was sent - format: date-time - type: string - updatedTimestamp: - description: UpdatedTimestamp indicates when the instance was last updated - format: date-time - type: string - type: object - required: - - spec - type: object - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/crds/dynatrace.com_oneagents_crd.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/crds/dynatrace.com_oneagents_crd.yaml deleted file mode 100644 index f2a47603d..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/crds/dynatrace.com_oneagents_crd.yaml +++ /dev/null @@ -1,368 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: oneagents.dynatrace.com -spec: - additionalPrinterColumns: - - JSONPath: .spec.apiUrl - name: ApiUrl - type: string - - JSONPath: .spec.tokens - name: Tokens - type: string - - JSONPath: .status.version - name: Version - type: string - - JSONPath: .status.phase - name: Phase - type: string - - JSONPath: .metadata.creationTimestamp - name: Age - type: date - group: dynatrace.com - names: - categories: - - dynatrace - kind: OneAgent - listKind: OneAgentList - plural: oneagents - singular: oneagent - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: OneAgent configures the Dynatrace OneAgent for full-stack monitoring - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: OneAgentSpec defines the desired state of OneAgent - properties: - apiUrl: - description: Location of the Dynatrace API to connect to, including - your specific environment ID - type: string - args: - description: 'Optional: Arguments to the OneAgent installer' - items: - type: string - type: array - disableAgentUpdate: - description: Disable automatic restarts of OneAgent pods in case a new - version is available - type: boolean - dnsPolicy: - description: 'Optional: Sets DNS Policy for the OneAgent pods' - type: string - enableIstio: - description: If enabled, Istio on the cluster will be configured automatically - to allow access to the Dynatrace environment - type: boolean - env: - description: 'Optional: List of environment variables to set for the - installer' - items: - description: EnvVar represents an environment variable present in - a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded using - the previous defined environment variables in the container - and any service environment variables. If a variable cannot - be resolved, the reference in the input string will be unchanged. - The $(VAR_NAME) syntax can be escaped with a double $$, ie: - $$(VAR_NAME). Escaped references will never be expanded, regardless - of whether the variable exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. Cannot - be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its key - must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is written - in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only resources - limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, - requests.cpu, requests.memory and requests.ephemeral-storage) - are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, optional - for env vars' - type: string - divisor: - description: Specifies the output format of the exposed - resources, defaults to "1" - type: string - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - image: - description: 'Optional: the Dynatrace installer container image Defaults - to docker.io/dynatrace/oneagent:latest for Kubernetes and to registry.connect.redhat.com/dynatrace/oneagent - for OpenShift' - type: string - labels: - additionalProperties: - type: string - description: 'Optional: Adds additional labels for the OneAgent pods' - type: object - networkZone: - description: 'Optional: Adds the OneAgent to the given NetworkZone' - type: string - nodeSelector: - additionalProperties: - type: string - description: Node selector to control the selection of nodes (optional) - type: object - priorityClassName: - description: 'Optional: If specified, indicates the pod''s priority. - Name must be defined by creating a PriorityClass object with that - name. If not specified the setting will be removed from the DaemonSet.' - type: string - proxy: - description: 'Optional: Set custom proxy settings either directly or - from a secret with the field ''proxy''' - properties: - value: - type: string - valueFrom: - type: string - type: object - resources: - description: 'Optional: define resources requests and limits for single - pods' - properties: - limits: - additionalProperties: - type: string - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - type: string - description: 'Requests describes the minimum amount of compute resources - required. If Requests is omitted for a container, it defaults - to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - serviceAccountName: - description: 'Optional: set custom Service Account Name used with OneAgent - pods' - type: string - skipCertCheck: - description: Disable certificate validation checks for installer download - and API communication - type: boolean - tokens: - description: Credentials for the OneAgent to connect back to Dynatrace. - type: string - tolerations: - description: 'Optional: set tolerations for the OneAgent pods' - items: - description: The pod this Toleration is attached to tolerates any - taint that matches the triple using the matching - operator . - properties: - effect: - description: Effect indicates the taint effect to match. Empty - means match all taint effects. When specified, allowed values - are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, operator - must be Exists; this combination means to match all values and - all keys. - type: string - operator: - description: Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. Exists - is equivalent to wildcard for value, so that a pod can tolerate - all taints of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time the - toleration (which must be of effect NoExecute, otherwise this - field is ignored) tolerates the taint. By default, it is not - set, which means tolerate the taint forever (do not evict). - Zero and negative values will be treated as 0 (evict immediately) - by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise - just a regular string. - type: string - type: object - type: array - trustedCAs: - description: 'Optional: Adds custom RootCAs from a configmap' - type: string - waitReadySeconds: - description: 'Optional: Defines the time to wait until OneAgent pod - is ready after update - default 300 sec' - minimum: 0 - type: integer - required: - - apiUrl - type: object - status: - description: OneAgentStatus defines the observed state of OneAgent - properties: - conditions: - description: Conditions includes status about the current state of the - instance - items: - description: "Condition represents an observation of an object's state. - Conditions are an extension mechanism intended to be used when the - details of an observation are not a priori known or would not apply - to all instances of a given Kind. \n Conditions should be added - to explicitly convey properties that users and components care about - rather than requiring those properties to be inferred from other - observations. Once defined, the meaning of a Condition can not be - changed arbitrarily - it becomes part of the API, and has the same - backwards- and forwards-compatibility concerns of any other part - of the API." - properties: - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - description: ConditionReason is intended to be a one-word, CamelCase - representation of the category of cause of the current status. - It is intended to be used in concise output, such as one-line - kubectl get output, and in summarizing occurrences of causes. - type: string - status: - type: string - type: - description: "ConditionType is the type of the condition and is - typically a CamelCased word or short phrase. \n Condition types - should indicate state in the \"abnormal-true\" polarity. For - example, if the condition indicates when a policy is invalid, - the \"is valid\" case is probably the norm, so the condition - should be called \"Invalid\"." - type: string - required: - - status - - type - type: object - type: array - instances: - additionalProperties: - properties: - ipAddress: - type: string - podName: - type: string - version: - type: string - type: object - type: object - lastAPITokenProbeTimestamp: - description: LastAPITokenProbeTimestamp tracks when the last request - for the API token validity was sent - format: date-time - type: string - lastPaaSTokenProbeTimestamp: - description: LastPaaSTokenProbeTimestamp tracks when the last request - for the PaaS token validity was sent - format: date-time - type: string - phase: - description: Defines the current state (Running, Updating, Error, ...) - type: string - updatedTimestamp: - description: UpdatedTimestamp indicates when the instance was last updated - format: date-time - type: string - version: - description: Dynatrace version being used. - type: string - type: object - required: - - spec - type: object - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/logo.png b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/logo.png deleted file mode 100644 index 6714eb8a59509d9513133b43b2de290f73be9c18..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 9908 zcmYj%c|27A_y22#u?!l?E=H*kp(IM0@s_kAN~kOqDnhHhJ7sHEy(=UQZ6sT~C83!{ zsqAU7r7>k+r)-1k-tX(`^Lspgf8@^0z305nd7kBUU(eG;M|(RtsyY<_Ah%`nMkfHs z@FN*WNx;ik=$C1Dkq+MMb`k)Y1;jrRxO-0({-}1!*7cNgkngDw?-M@2`cTjTAMGv2 zy#0Kfe7p~Z9slUF9)M-mTQ*wn3T+*1-+yIalQ&&hT8duR+q=)!<+Ju3i@@m3F{vjs z$DXdN@;)bV`m#%;^FqZ2g&qDl!7q(F9R#1M=tJmAHp5=__ujmogst%Pp^KO4e(*uuGQNdfaJ6RFPqenFM$+onoTezZ9RIp1K^;W{2e6tv5qD^H|haSJlChGx{0Ac;) zH4)of{SrA1T;C)r9?j^gIfYbxD=5uSdu6F8vB#Q4W{OoX7LFq=n@wV{0A9z^f44%> zFNUI?2)kJa4Y{rVMJ-Fm^I7vLV6hY)>mg#BsBdo`*Yu^mxSwMOo$jw-L^f!dsc-Br zIL{)3t~kUJd8LOQVOsa**}R+_R1~9v!G+l6sn3@;osSzZ-ZjV=zAb)PaVL<+ye7PY zC%EMrj_~vKd`w9;wdN^B5yUXAM+G1CKApcrPf`!ORmHp+NZT~;l<&NIE{?!!xqx$z zVdcL>`_hR9_S)VFB*6Ls8SvEGt}OcGNh z_I+fUyWJXjk@gV4n~keO)zkm|8hTQP!dg{>R-Bnxd`{FJe+4WmVV}k6$2W&Aq>|@WsT0zav!+dzU=X#@U$VHD z2N9Un#;8hRx%t6o0TSHBTwe)J+Z6ff-s)i^(ZD7xY-a!MuTF$(74eA0AJ2qwjfJaF zgB9R^2K$K&00dOLf{__u3@B-80=@#q5+-aw6AQ?e&$~H!H{IaRn1Ih;i*PP zWbF4YkbZ*LIun(y^p zfM?$T3a70~OH27jJK7#J< z{|1pc8SXYuH2unf0ux7su?%&!Z%N^r!bReAc)1u-+-}|FMw}0CzvVIB>-eGX@m3y?%vxaTt zQ@c;Nr)tMJ!dH_^Md)+KXkpNwvxbii#dpCv5LSVFGq>B5!l8MQsU>mwc=Tusi%sBL64HB)rOC!iPF+Y0 zdvcX2fVrcMYCK`M#4dSGtSf~m7{KyMQx+iZqJ-=mqMF;YziOi@qZvU`_{XDz>a6wX z-l@;FM7`CHyK>%mh}y2?B;6qgBO=QLaR_1_7)(E&F=v>=Th|crfL(-LMN;@EkE3`n z^=IIA;(NhphV&k7U8SKHl*Wn9lEI_N=6B0>^{+-n>%Yseq(Eo$@;%Nv(?3bf|{on9t>N1Fhpz1y+GV}orH&H5I zj_T$LL+#2X(n2ixu+=OX{Qr6`d)D>nlGaoZA>e;ncJ6HjBVedheZX7~edu`DoU7+B z*URf0s5xR6a_5TK;lNy#E=E;ikzLdwiu?|e>Pr|INv9&^4K@Dqm@yTfzWj4J>zr^h zj_fp#=mZ|o!uLd`$Ya~xX1~p;sXw)SE5W#}m>M{5UY^*FX zD|y-L1zyHz(H8AKVSO~RvO6eW1$*J0mtbdf@6{@&hp+tAX8)q)77cqvfCSq&&HKv4HvUuI_B*lKb`qU3)^-h9+9G1KL6JAA%e8a z9m?OJM&!^6zxGdG$34D!9xQ&rV01SfrcI?UR;)a^jE4IN90HcZ9Ahg~gcZvVO=wMi zWCUBv(KGb0vr|Y<4*JyWpEpVM!=Bk+I&UsQlW$FAas*6UIu&k+^flL1eP!2bD zbM$lEi`PHOe*Z>)zb$WgJw1{4ea0^@2U#95(p@om_H5TxPlJidh>kb>(9z5EsaKzT z$)*e1{4^yl+la=OuUT^03LSdey51j_kXoM;w~@+(=zf%nn!L&>IOs)-oBEnVcNi}0 z$U&x?uk4BYu(hJ&)uoAfUEWCr^7h`T*TQ_aiOlzSfKAi;tQ;E=3m$S_BBN0x`R zM91T}Ja(&p0W_%3{)B|r77-13``S5Q#VWyr-@116bqGZY+1gZf#`D(RKvI4y9{q6Q z&ASt`Cx@R1LaOnW;w$9shNy~ZTfVa|sds3I-zyxUm&i;uYH(??WGMvhrkO9mm`n9H zY{z)(v~KY~W%TaZBUAaAxeP0~Y3>9C5tlKeZ!0@yo^@)LJG2ZA+D60h_AOr}mVb|N z?VYf8vYsOo3Iq;o8aFX@lvrplernC*{TQ!gQhrcyFA`6Fb$9B;O4e2$V_{lLoYj7v zcI|*(vPpjJ$i|qync%SR1`JU^c;ZL1?{K?dm=f9g!}-%^ocpGR6b+Y9A>h(fid*=^Lb>Fj^H*5?PxGeyo9Z_I0qPbIk;&6LXa zjB%!B>wD~G*yA^0nJx?9N02)0@FBF%$qnhK&f8FU`oEE~vstD<5+BSluEo!vV?965 zw{mT+%`k=q^hNGzTr$bR^V@vf9P42yqfgE2T3SZbDDv1Y-(CaKyup)W{3^Enwb9g= zlc?v+zle7he0N!JW7Zc`uA9cYC-FDmc5-%vsV0#{BNC(-#_c}-)bmhM@BT^TRqsxG zWcCwhWqbWRiuTM6Yu1el&h7U0^ZP}GY$tnCjF3LnFngPhT^;0i2}UyMX}4hLK2143 z-Zi7dx)C|#fVoZ7jzs;)EO=(l5#3ly09PejuGVmkl4d^3XuOYeChhR>fj=8y-8!32 z=(ExjFn;NH@Pskmalk65&eT#Ra7P5+xV~lx9k|`v{9(<=_m(MktS6^Xa7^xqn*z4$ zNHMt~cfW{k5o%s$6C4jXGykIR>8O(5yiUgbYiksTwLo+=)$QtDRDH*VQO4p+ga1;49gy+r=PPc znBGY({$~U~j$BNxmXJ?#_x_wIlaV_ZQFXeLEI%=Zw;JGO9iO_>X|WqF))+-PD!%sj z0?W<61hQam=l2Hnb=?+lVohQZJ=$z^JY)S=S+M=9J;kfZU#j8(Cn`iV5R26aBo}rS z?td@OZE%qz{c8j)>%d@$0YBL$zR(Z}uo5#dO00F-WoZyf?Rag2Hhp81>;`9KF?2K1 z{YFPwNMhFdf#C&#!#X0hrlOvEWRSUoB$bFp9WG>xNfx%mZ}^FB0B?_EYLJJLe|mq# zJHFsGHxdq+($*h7Ov>_;1GaLfZPKhpLKoyt^4-T7mWj1mQ5!|3*UW4{MQL#VrDq`X zORgyh`XLgvw`1M&4i(bs+pekDnF9S95IH)-R>6QHLzk+;3LeJy=AAW4neDCMu?tSg zk(lex7=k>sqp-z+#tjiz$i_^-JZcJzIlm|6G{Bd(UVo6b_{l2L z;s?NFe$)Nx0Do#406^)eJ^*Pz4{U$8+Xl$1P*_`f)yaBqTh*Wq;w9m65B5n&0qJ$_ zk3e(8-Gbyw@e4Kf6z;7BKBM=^neb!`js|k}k_`Z8*bWa}pTC)jgX24aBY>~Pp%=8;ceEIU^Q*9H?0^pjZy-3eWx3ds)ESd9j}0IyvuD6FS1C+a~3ktqOXmM6q0tme~lq$^!XiWYaJ%sB#;{?=M##blY@uW7K=$FJ@^-@ zsf7sr)eNq#0DI)-gD)QbU&sw+zTn@}!;QaR?DT3SlxP!5SToJCQb55FtPvw8mEBo1 zcZ&kxEh1AkDYLFEIv~5k2E@Y9)qpg>3|E$gOauG`z*iM80|0Y2b>UO6FQU$#1y)A7 zRy=~iBjh(f2H9%MSRXAy`d(Ur3r~QnBrsV!0krRuf$iFxFp$AZ#F(j6=6e&;_U+a3 zUJ?YXP%vp9DOd@BC9dE*4S1a}yuTDma64Z{DpOdkCv6t6)Kvfs+OiBEsS6Ll%cUmV zjhd$7Z&!&y8F!GYu^ep9gNrd2B}9F_S;1i$o~NMu zcXLebNx=+o>8Ki6^{zA6B{(1;f?!E<+T8q4_(v0N!!>ns6}IqoaDP?5g(+}cg0@xZ zFeB~ohswZQ{DAA8SjLrZSVvFrr#vS$3O9ajh1ARrV<|*6*#PLxdIc2s;X7r3EIfmM z;6K>O>a*lDF$khYKK{j`w2gxQX5SS+>_Qi#q@&(_@Z2%r3o;vh1hmKb60B7T*krl* z4D0v-S%Wa4vATp_>@$$m{0YxA1)2vh2_-MIehv5_*L;u66xl3vk7Fs^)9mi`guI2# z`fFHgi6+d%k^2ay35Ru<3J$Jmy zI&=&-dRET%3)|Tn`t;(h{UG_UNRnU{Z1C!YsM7=Mzb?(Qei+lR@5*|#VkdriDbi9c z#?Ug9n55e1m4zK~41f9s=2OKn7JrSx_EqR*MG*9*I~LMQ2^0O-F7Y^58ci&!^FP`)fDx>kk&+TyC@meVDSv09Cn1rW1#s7iP?xSEqUJJ9|9F0MaY7R8~3oIlrn|UqI_hO73vsLOKIq z4JkcH1n!;LwD*Gq56?`L*-*2F%j3&JUc$)`BrFHgp^GYobUz91Ea9W19X>cj6wmXs zCm~Ld^x^Cgv6Zp>`cH}Q1n=(-dAOu&IVrXqwFsu&Jcd!UVI4d58CoB_KwH2VSLi>T zwObUggCF+u3>V-J5-+_v#ZxrMDUz8=k4%7@)FeF0~m@cVhx*jkBD`k zNKTH~A~gEAJ>(~)V-YQMbn5dv^myYo+ff;Az++Fo5-6hKn>yLf;JE0Yxd^5|I`6IF zCGZ?o169Z2(Yp)M0@B7xx5nN)15)@pNGqj({e52^W5L5E+m&EgDKgxLROXI-fk#D> zzwVP?-ep`1OIU4$suYyUU}Y~ldKtTk99%PHY!OK6rCz)du-{UBYA8}Ae2#|P9of4a z($@-5G*~}PD7i@=7?Bh)Ie4KcVq87?t2HDA;;R(mCH{h>jP1||nj^`r@%RIwq$#*) z`LDZ3at%4F&RrQFimcGUY>kz+*QM)vnoIqT#ZTPyIaR~wkN=pDu^u9X#UI4%A(h0v zeh*i{cHAXN(iFL_ozWm00%`*N7=#Om70P9V@^N#{0$Sx#us%9Yy9v zVD)KkUK1qY3Q7k|Vi<4tL6eA$$+N@C?WZjFvz#oRUljCTp+@-}fnI)l(VvGa5`l}) zQW|DkVN$NfTBbDxHx0!(%q`qD$SqSKnd1z6*6N_YQb@h=hxb=-G*4cfk2wa# z-~Uf4|B=vhjqGt{*19^#A#gu&;LxP z20tpRL)3XWX#aqng`^*xmUv5e z6$m(idi@MB`EAh)VB9o9s`LTuU&vO9cAUzp31N^lvbll;6X`vQ1vJPqT{jja#pCZT zR3Pap1ZOWzv>&z;De0TctD^I(|Flg}kd{HYd7$7A&v$oeBKZPNXD zSE7JIyBJf{l#}T)b~>*+;o#E9)VWYMonTJ24oe4VdcCK8?RLOr5Q>+Bt;-<$V+9e#BFypF zgc9I!th3z3O!`x7L}Jb%qZ6W@VU0)%_b$xW3A3MOGd%j?I$5Tv3=96S=|l-hz|lq* zX{NMf8OJ6|k8=Q|F z6VO%#1NT3Rd5Uy18>@kTupL7{3n($`UdoEUKb;QAWu~SS(qUr?T3*Tk z{}M^A8YJ=`DP!Asbk)_v%a|wW5gFG6oWa`;P3OK~JV@7@qlF&fgv2iovM4l%7)8K? z5^U|}#g)zCnZ8XB@r|RqRXM7b*56C60P&JhFmC>Hhm})6)i7@ADOigOe)-r0erU&5Y3O->#nJuEo zh!s+Fugb1=xG{OPO@n~coUqU*+XL~qR6o^x*t7i z8Vk%o_eD*KknZ^g=_O=rf8 zAz%vn5;-+b#gi_X|CrhtV22ayd^*rzEH-rRKu4B%Ci6x$-i-{<3UoLVR)PdF_wA)O z9lNDR#VCTLPv;KsO7MIMFV}c>xK+g1He+c-5j@bB9P-dtHI%Z~P2L-f{P+(FW9nI5cy*cz$ew@Qr5#GCNwAsXeJQ^K4XUpU$^ z$>Qc72dYhaFas)5JZcO7zm8H2rXQPDKGdQld$HNS3wilvqzC(iRL`@T3QtB3HMg1% z4mYiw)&ugmAm=^g7z1tV9W08uZ)W-%}AB4&Bmg>@Ld*wE8E8 z*VEcIG8_6#JYe$EXXIYgSYJ@$tle2?@aQHj3TQN-4jt?Aitsi`F|oF6{~ZKRK;3q; zc+sHTS>8_kLFrUF01>xi-Z(X|-K1K@IKG>_w_COgGtNK6f^+dmEp*$ag%qGyXgKDl zAR)t>Ag3D+!t;LI1{&U7?L!~uz>#6;G*t5GR&44en+8$4iev?2`(*sysSU!uJ=Lg= zOZXf9c&-fz^t-A`Tz=D$P^@yXHG6Nb=dg;)Bx7uVuRr<L#ryU768OY`g zMvqgYGZwu_j1!J*AN%iZZJT+a#>pUGNeA@EnNCx_!N6TC_$+=Pv@;#~WCuV5;ZBpWEW~XNS2uF<4d~6b9PTxF?GQu78W$e<0Z| R5fVsXi>>{}+<&~z{~v%ki3tDz diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/overview.svg b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/overview.svg deleted file mode 100644 index 5e1092df4..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/overview.svg +++ /dev/null @@ -1,2 +0,0 @@ - -
OneAgent Pods
[Not supported by viewer]
trigger
rollout
[Not supported by viewer]
query
version
query<br>version
trigger
update
[Not supported by viewer]
OneAgent
CustomResource
[Not supported by viewer]
DaemonSet
DaemonSet
watch
changes
watch<br>changes
DynatraceOneAgentOperatorDynatrace Cluster
\ No newline at end of file diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/questions.yml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/questions.yml deleted file mode 100644 index 561642772..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/questions.yml +++ /dev/null @@ -1,175 +0,0 @@ -questions: - -#################### Agent Configuration (REQUIRED) #################### -- variable: mode - label: "Monitoring mode" - description: "Either fullstack for full monitoring or apm for application only monitoring" - default: "fullstack" - type: enum - group: "Agent Configuration (REQUIRED)" - options: - - "fullstack" - - "apm" - -- variable: oneagent.apiUrl - label: "Dynatrace API URL" - description: "Dynatrace API URL including `/api` path at the end" - default: "https://ENVIRONMENTID.live.dynatrace.com/api" - type: string - required: true - group: "Agent Configuration (REQUIRED)" - -- variable: secret.apiToken - label: "Dynatrace API token" - description: "Your Dynatrace API token - You can generate this token in your Dynatrace environment" - default: "" - type: string - required: true - group: "Agent Configuration (REQUIRED)" - -- variable: secret.paasToken - label: "Dynatrace PaaS token" - description: "Your Dynatrace Platform as a Service token - You can generate this token in your Dynatrace environment" - default: "" - type: string - required: true - group: "Agent Configuration (REQUIRED)" - -#################### Advanced Agent Configuration (OPTIONAL) #################### -- variable: show_advanced_config - label: "Show advanced configuration" - description: "Show advanced configuration options for the Dynatrace OneAgent Operator" - default: false - type: boolean - group: "Advanced Agent Configuration (OPTIONAL)" - -- variable: operator.image - label: "Custom Operator image location" - description: "The location from where to grab the Dynatrace OneAgent operator image - default is quay.io/dynatrace/dynatrace-oneagent-operator" - default: "" - type: string - group: "Advanced Agent Configuration (OPTIONAL)" - show_if: "show_advanced_config=true" - -- variable: oneagent.name - label: "OneAgent CustomResource name" - default: "oneagent" - type: string - group: "Advanced Agent Configuration (OPTIONAL)" - show_if: "show_advanced_config=true && mode=fullstack" - -- variable: oneagent.disableAgentUpdate - label: "Disable automatic OneAgent updates" - description: "Disables automatic restarts of oneagent pods in case a new version is available" - default: false - type: boolean - group: "Advanced Agent Configuration (OPTIONAL)" - show_if: "show_advanced_config=true && mode=fullstack" - -- variable: oneagent.dnsPolicy - label: "Set custom DNS Policy" - description: "DNS Policy for OneAgent pods. Empty for default (ClusterFirst), more at https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy" - default: "" - type: string - group: "Advanced Agent Configuration (OPTIONAL)" - show_if: "show_advanced_config=true && mode=fullstack" - -- variable: oneagent.enableIstio - label: "Enable istio" - description: "When enabled, and if Istio is installed on the Kubernetes environment, then the Operator will create the corresponding VirtualService and ServiceEntries objects to allow access to the Dynatrace cluster from the agent." - default: false - type: boolean - group: "Advanced Agent Configuration (OPTIONAL)" - show_if: "show_advanced_config=true" - -- variable: oneagent.image - label: "Custom OneAgent image location" - description: "The location from where to grab the Dynatrace OneAgent image - default for Kubernetes is docker.io/dynatrace/oneagent" - default: "" - type: string - group: "Advanced Agent Configuration (OPTIONAL)" - show_if: "show_advanced_config=true && mode=fullstack" - -- variable: oneagent.skipCertCheck - label: "Skip certificate check" - description: "Disable certificate validation checks for installer download and API communication" - default: false - type: boolean - group: "Advanced Agent Configuration (OPTIONAL)" - show_if: "show_advanced_config=true" - -- variable: oneagent.priorityClassName - label: "Assign priority class to OneAgent pods" - description: "Priority class to assign to OneAgent pods, more at https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/" - default: "" - type: string - group: "Advanced Agent Configuration (OPTIONAL)" - show_if: "show_advanced_config=true && mode=fullstack" - -- variable: oneagent.proxy - label: "Define a proxy" - description: "Configures a proxy for the Agent, AgentDownload and the Operator. Provide the proxy here" - default: "" - type: string - group: "Advanced Agent Configuration (OPTIONAL)" - show_if: "show_advanced_config=true" - -- variable: oneagent.trustedCAs - label: "Add custom CA certificates" - description: "Adds the provided CA certficates to the Operator and the OneAgent. Provide your custom certificates here. If this is not set the default embedded certificates on the images will be used" - default: "" - type: multiline - group: "Advanced Agent Configuration (OPTIONAL)" - show_if: "show_advanced_config=true" - -- variable: oneagent.waitReadySeconds - label: "Wait seconds until ready" - description: "Define the time to wait until OneAgent pod is ready after update - defaults to 300s" - default: "" - type: int - group: "Advanced Agent Configuration (OPTIONAL)" - show_if: "show_advanced_config=true && mode=fullstack" - -- variable: oneagent.args - label: "Arguments to OneAgent installer" - description: "Defines additional arguments which get passed to the OneAgent installer - Please edit as Yaml for the best experience. The expected format is YAML and not a string" - default: "" - type: string - group: "Advanced Agent Configuration (OPTIONAL)" - show_if: "show_advanced_config=true && mode=fullstack" - -- variable: oneagent.env - label: "Environment variables for OneAgent" - description: "Defines additional environment variables which get passed to the OneAgent - Please edit as Yaml for the best experience" - type: string - group: "Advanced Agent Configuration (OPTIONAL)" - show_if: "show_advanced_config=true && mode=fullstack" - -- variable: oneagent.nodeSelector - label: "Node selector to control the selection of nodes" - description: "Defines a NodeSelector to customize to which nodes the OneAgent will be rolled out - Please edit as Yaml for the best experience" - type: string - group: "Advanced Agent Configuration (OPTIONAL)" - show_if: "show_advanced_config=true && mode=fullstack" - -- variable: oneagent.labels - label: "Custom labels for the OneAgent pods" - description: "Defines labels for OneAgent pods to structure workloads as desired - Please edit as Yaml for the best experience" - type: string - group: "Advanced Agent Configuration (OPTIONAL)" - show_if: "show_advanced_config=true && mode=fullstack" - -- variable: oneagent.resources - label: "Resource definition for the OneAgent pods" - description: "Defines the resources the OneAgent pods can use - Please edit as Yaml for the best experience" - type: string - group: "Advanced Agent Configuration (OPTIONAL)" - show_if: "show_advanced_config=true && mode=fullstack" - -- variable: oneagent.tolerations - label: "Custom tolerations for the OneAgent" - description: "Defines custom tolerations to the OneAgent - Please edit as Yaml for the best experience - see https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/" - default: "" - type: string - group: "Advanced Agent Configuration (OPTIONAL)" - show_if: "show_advanced_config=true && mode=fullstack" diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Common/clusterrole-operator.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Common/clusterrole-operator.yaml deleted file mode 100644 index aedff9f83..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Common/clusterrole-operator.yaml +++ /dev/null @@ -1,47 +0,0 @@ -# Copyright 2019 Dynatrace LLC - -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at - -# http://www.apache.org/licenses/LICENSE-2.0 - -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ .Release.Name }} - labels: - {{- include "dynatrace-oneagent-operator.commonlabels" . | nindent 4 }} -rules: - - apiGroups: - - "" # "" indicates the core API group - resources: - - nodes - - namespaces - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - secrets - verbs: - - create - - apiGroups: - - "" - resources: - - secrets - resourceNames: - - dynatrace-oneagent-config - verbs: - - get - - update - - delete diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Common/clusterrole-webhook.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Common/clusterrole-webhook.yaml deleted file mode 100644 index 661399f81..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Common/clusterrole-webhook.yaml +++ /dev/null @@ -1,47 +0,0 @@ -# Copyright 2019 Dynatrace LLC - -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at - -# http://www.apache.org/licenses/LICENSE-2.0 - -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: dynatrace-oneagent-webhook - labels: - {{- include "dynatrace-oneagent-operator.commonlabelswebhook" . | nindent 4 }} -rules: - - apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - list - - watch - - apiGroups: - - admissionregistration.k8s.io - resources: - - mutatingwebhookconfigurations - verbs: - - list - - create - - watch - - apiGroups: - - admissionregistration.k8s.io - resources: - - mutatingwebhookconfigurations - resourceNames: - - dynatrace-oneagent-webhook - verbs: - - get - - update diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Common/clusterrolebinding-operator.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Common/clusterrolebinding-operator.yaml deleted file mode 100644 index cca2b78f8..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Common/clusterrolebinding-operator.yaml +++ /dev/null @@ -1,29 +0,0 @@ -# Copyright 2019 Dynatrace LLC - -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at - -# http://www.apache.org/licenses/LICENSE-2.0 - -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }} - labels: - {{- include "dynatrace-oneagent-operator.commonlabels" . | nindent 4 }} -subjects: - - kind: ServiceAccount - name: {{ .Release.Name }} - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: {{ .Release.Name }} - apiGroup: rbac.authorization.k8s.io diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Common/clusterrolebinding-webhook.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Common/clusterrolebinding-webhook.yaml deleted file mode 100644 index b2305a81f..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Common/clusterrolebinding-webhook.yaml +++ /dev/null @@ -1,29 +0,0 @@ -# Copyright 2019 Dynatrace LLC - -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at - -# http://www.apache.org/licenses/LICENSE-2.0 - -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: dynatrace-oneagent-webhook - labels: - {{- include "dynatrace-oneagent-operator.commonlabelswebhook" . | nindent 4 }} -subjects: - - kind: ServiceAccount - name: dynatrace-oneagent-webhook - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: dynatrace-oneagent-webhook - apiGroup: rbac.authorization.k8s.io diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Common/configmap.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Common/configmap.yaml deleted file mode 100644 index 10d35fcf3..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Common/configmap.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# Copyright 2020 Dynatrace LLC - -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at - -# http://www.apache.org/licenses/LICENSE-2.0 - -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} -{{- if .Values.oneagent.trustedCAs }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Values.oneagent.name }} - namespace: {{ .Release.Namespace }} -data: - certs: | -{{ .Values.oneagent.trustedCAs | indent 4 }} -{{- end }} diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Common/customresource-oneagent.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Common/customresource-oneagent.yaml deleted file mode 100644 index 64229cfb0..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Common/customresource-oneagent.yaml +++ /dev/null @@ -1,99 +0,0 @@ -# Copyright 2019 Dynatrace LLC - -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at - -# http://www.apache.org/licenses/LICENSE-2.0 - -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} -{{- if eq .Values.mode "fullstack" }} -apiVersion: dynatrace.com/v1alpha1 -kind: OneAgent -metadata: - name: {{ .Values.oneagent.name }} - namespace: {{ .Release.Namespace }} -spec: - apiUrl: {{ required "ApiUrl needs to be set!" .Values.oneagent.apiUrl }} - tokens: {{ .Values.oneagent.name }} - image: {{ include "dynatrace-oneagent.image" . }} - - {{- if ne (printf "%T" .Values.oneagent.args) "string" }} - args: {{- toYaml .Values.oneagent.args | nindent 4 }} - {{- else }} - args: - - --set-app-log-content-access=true - {{- end }} - - {{- if .Values.oneagent.env }} - env: {{- toYaml .Values.oneagent.env | nindent 4 }} - {{- end }} - - {{- if .Values.oneagent.labels }} - labels: {{- toYaml .Values.oneagent.labels | nindent 4 }} - {{- end }} - - {{- if .Values.oneagent.nodeSelector }} - nodeSelector: {{- toYaml .Values.oneagent.nodeSelector | nindent 4 }} - {{- end }} - - {{- if .Values.oneagent.proxy }} - proxy: - valueFrom: {{ .Values.oneagent.name }} - {{- end }} - - {{- if ne (printf "%T" .Values.oneagent.tolerations) "string" }} - tolerations: {{- toYaml .Values.oneagent.tolerations | nindent 4 }} - {{- else }} - tolerations: - - effect: NoSchedule - key: node-role.kubernetes.io/master - operator: Exists - {{- end }} - - {{- if .Values.oneagent.resources }} - resources: {{- toYaml .Values.oneagent.resources | nindent 4 }} - {{- end }} - - {{- if .Values.oneagent.dnsPolicy }} - dnsPolicy: {{ .Values.oneagent.dnsPolicy }} - {{- end }} - - {{- if .Values.oneagent.enableIstio }} - enableIstio: {{ .Values.oneagent.enableIstio }} - {{- end }} - - {{- if .Values.oneagent.disableAgentUpdate }} - disableAgentUpdate: {{ .Values.oneagent.disableAgentUpdate }} - {{- end }} - - {{- if .Values.oneagent.skipCertCheck }} - skipCertCheck: {{ .Values.oneagent.skipCertCheck }} - {{- end }} - - {{- if .Values.oneagent.waitReadySeconds }} - waitReadySeconds: {{ .Values.oneagent.waitReadySeconds }} - {{- end }} - - {{- if .Values.oneagent.priorityClassName }} - priorityClassName: {{ .Values.oneagent.priorityClassName }} - {{- end }} - - {{- if .Values.oneagent.serviceAccountName }} - serviceAccountName: {{ .Values.oneagent.serviceAccountName }} - {{- end }} - - {{- if .Values.oneagent.trustedCAs }} - trustedCAs: {{ .Values.oneagent.name }} - {{- end }} - - {{- if .Values.oneagent.networkZone }} - networkZone: {{ .Values.oneagent.networkZone }} - {{- end }} -{{ end }} diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Common/customresource-oneagentapm.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Common/customresource-oneagentapm.yaml deleted file mode 100644 index 74d88a980..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Common/customresource-oneagentapm.yaml +++ /dev/null @@ -1,46 +0,0 @@ -# Copyright 2019 Dynatrace LLC - -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at - -# http://www.apache.org/licenses/LICENSE-2.0 - -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} -{{- if eq .Values.mode "apm" }} -apiVersion: dynatrace.com/v1alpha1 -kind: OneAgentAPM -metadata: - name: {{ include "oneagentapm.name" . }} - namespace: {{ .Release.Namespace }} -spec: - apiUrl: {{ .Values.oneagent.apiUrl }} - tokens: {{ .Values.oneagent.name }} - - {{- if .Values.oneagent.skipCertCheck }} - skipCertCheck: {{ .Values.oneagent.skipCertCheck }} - {{- end }} - - {{- if .Values.oneagent.enableIstio }} - enableIstio: {{ .Values.oneagent.enableIstio }} - {{- end }} - - {{- if .Values.oneagent.proxy }} - proxy: - valueFrom: {{ .Values.oneagent.name }} - {{- end }} - - {{- if .Values.oneagent.trustedCAs }} - trustedCAs: {{ .Values.oneagent.name }} - {{- end }} - - {{- if .Values.oneagent.networkZone }} - networkZone: {{ .Values.oneagent.networkZone }} - {{- end }} -{{ end }} diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Common/deployment-operator.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Common/deployment-operator.yaml deleted file mode 100644 index 159ec6410..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Common/deployment-operator.yaml +++ /dev/null @@ -1,86 +0,0 @@ -# Copyright 2019 Dynatrace LLC - -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at - -# http://www.apache.org/licenses/LICENSE-2.0 - -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "dynatrace-oneagent-operator.commonlabels" . | nindent 4 }} -spec: - replicas: 1 - revisionHistoryLimit: 1 - selector: - matchLabels: - name: {{ .Release.Name }} - strategy: - type: Recreate - template: - metadata: - labels: - name: {{ .Release.Name }} - {{- include "dynatrace-oneagent-operator.commonlabels" . | nindent 8 }} - spec: - containers: - - name: {{ .Release.Name }} - args: - - operator - image: {{ include "dynatrace-oneagent-operator.image" . }} - imagePullPolicy: Always - env: - - name: WATCH_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - ports: - - containerPort: 60000 - name: metrics - resources: - requests: - cpu: 10m - memory: 64Mi - limits: - cpu: 100m - memory: 256Mi - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: beta.kubernetes.io/arch - operator: In - values: - - amd64 - - arm64 - - key: beta.kubernetes.io/os - operator: In - values: - - linux - - matchExpressions: - - key: kubernetes.io/arch - operator: In - values: - - amd64 - - arm64 - - key: kubernetes.io/os - operator: In - values: - - linux - serviceAccountName: {{ .Release.Name }} diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Common/deployment-webhook.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Common/deployment-webhook.yaml deleted file mode 100644 index de3143983..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Common/deployment-webhook.yaml +++ /dev/null @@ -1,125 +0,0 @@ -# Copyright 2019 Dynatrace LLC - -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at - -# http://www.apache.org/licenses/LICENSE-2.0 - -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: dynatrace-oneagent-webhook - namespace: {{ .Release.Namespace }} - labels: - dynatrace.com/operator: oneagent -spec: - replicas: 1 - revisionHistoryLimit: 1 - selector: - matchLabels: - internal.oneagent.dynatrace.com/component: webhook - internal.oneagent.dynatrace.com/app: webhook - strategy: - type: Recreate - template: - metadata: - labels: - dynatrace.com/operator: oneagent - internal.oneagent.dynatrace.com/component: webhook - internal.oneagent.dynatrace.com/app: webhook - spec: - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: beta.kubernetes.io/arch - operator: In - values: - - amd64 - - arm64 - - key: beta.kubernetes.io/os - operator: In - values: - - linux - - matchExpressions: - - key: kubernetes.io/arch - operator: In - values: - - amd64 - - arm64 - - key: kubernetes.io/os - operator: In - values: - - linux - containers: - - name: webhook - args: - - webhook-server - image: {{ include "dynatrace-oneagent-operator.image" . }} - imagePullPolicy: Always - env: - - name: WATCH_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - readinessProbe: - httpGet: - path: /healthz - port: server-port - scheme: HTTPS - initialDelaySeconds: 15 - periodSeconds: 10 - ports: - - name: server-port - containerPort: 8443 - resources: - requests: - cpu: 10m - memory: 64Mi - limits: - cpu: 100m - memory: 256Mi - volumeMounts: - - name: certs-volume - mountPath: /mnt/webhook-certs - - name: bootstrapper - args: - - webhook-bootstrapper - image: {{ include "dynatrace-oneagent-operator.image" . }} - imagePullPolicy: Always - env: - - name: WATCH_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - resources: - requests: - cpu: 10m - memory: 64Mi - limits: - cpu: 100m - memory: 256Mi - volumeMounts: - - name: certs-volume - mountPath: /mnt/webhook-certs - serviceAccountName: dynatrace-oneagent-webhook - volumes: - - name: certs-volume - emptyDir: {} diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Common/mutatingwebhookconfiguration.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Common/mutatingwebhookconfiguration.yaml deleted file mode 100644 index 9248d5217..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Common/mutatingwebhookconfiguration.yaml +++ /dev/null @@ -1,39 +0,0 @@ -# Copyright 2019 Dynatrace LLC - -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at - -# http://www.apache.org/licenses/LICENSE-2.0 - -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: MutatingWebhookConfiguration -metadata: - name: dynatrace-oneagent-webhook - labels: - {{- include "dynatrace-oneagent-operator.commonlabelswebhook" . | nindent 4 }} -webhooks: -- name: webhook.oneagent.dynatrace.com - rules: - - apiGroups: [""] - apiVersions: ["v1"] - operations: ["CREATE"] - resources: ["pods"] - scope: Namespaced - namespaceSelector: - matchExpressions: - - key: oneagent.dynatrace.com/instance - operator: Exists - clientConfig: - service: - name: dynatrace-oneagent-webhook - namespace: {{ .Release.Namespace }} - path: /inject - admissionReviewVersions: ["v1beta1"] diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Common/rolebinding-operator.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Common/rolebinding-operator.yaml deleted file mode 100644 index 82df3260e..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Common/rolebinding-operator.yaml +++ /dev/null @@ -1,29 +0,0 @@ -# Copyright 2019 Dynatrace LLC - -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at - -# http://www.apache.org/licenses/LICENSE-2.0 - -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ .Release.Name }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "dynatrace-oneagent-operator.commonlabels" . | nindent 4 }} -subjects: - - kind: ServiceAccount - name: {{ .Release.Name }} -roleRef: - kind: Role - name: {{ .Release.Name }} - apiGroup: rbac.authorization.k8s.io diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Common/rolebinding-webhook.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Common/rolebinding-webhook.yaml deleted file mode 100644 index f16fb26b1..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Common/rolebinding-webhook.yaml +++ /dev/null @@ -1,30 +0,0 @@ -# Copyright 2019 Dynatrace LLC - -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at - -# http://www.apache.org/licenses/LICENSE-2.0 - -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: dynatrace-oneagent-webhook - namespace: {{ .Release.Namespace }} - labels: - {{- include "dynatrace-oneagent-operator.commonlabelswebhook" . | nindent 4 }} -subjects: - - kind: ServiceAccount - name: dynatrace-oneagent-webhook - namespace: {{ .Release.Namespace }} -roleRef: - kind: Role - name: dynatrace-oneagent-webhook - apiGroup: rbac.authorization.k8s.io diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Common/secret.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Common/secret.yaml deleted file mode 100644 index 7449e6b65..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Common/secret.yaml +++ /dev/null @@ -1,29 +0,0 @@ -# Copyright 2019 Dynatrace LLC - -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at - -# http://www.apache.org/licenses/LICENSE-2.0 - -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} -{{- if .Values.secret.autoCreate }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Values.oneagent.name }} - namespace: {{ .Release.Namespace }} -data: - apiToken: {{ .Values.secret.apiToken | b64enc }} - paasToken: {{ .Values.secret.paasToken | b64enc }} - {{- if .Values.oneagent.proxy }} - proxy: {{ .Values.oneagent.proxy | b64enc }} - {{- end }} -type: Opaque -{{- end }} diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Common/service.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Common/service.yaml deleted file mode 100644 index cd280bb0f..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Common/service.yaml +++ /dev/null @@ -1,31 +0,0 @@ - -# Copyright 2019 Dynatrace LLC - -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at - -# http://www.apache.org/licenses/LICENSE-2.0 - -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} -apiVersion: v1 -kind: Service -metadata: - name: dynatrace-oneagent-webhook - namespace: {{ .Release.Namespace }} - labels: - {{- include "dynatrace-oneagent-operator.commonlabelswebhook" . | nindent 4 }} -spec: - selector: - internal.oneagent.dynatrace.com/app: webhook - internal.oneagent.dynatrace.com/component: webhook - ports: - - port: 443 - protocol: TCP - targetPort: server-port diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Common/serviceaccount-webhook.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Common/serviceaccount-webhook.yaml deleted file mode 100644 index 21e17344a..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Common/serviceaccount-webhook.yaml +++ /dev/null @@ -1,20 +0,0 @@ -# Copyright 2019 Dynatrace LLC - -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at - -# http://www.apache.org/licenses/LICENSE-2.0 - -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: dynatrace-oneagent-webhook - namespace: {{ .Release.Namespace }} diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Kubernetes/podsecuritypolicy-oneagent.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Kubernetes/podsecuritypolicy-oneagent.yaml deleted file mode 100644 index f17e25282..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Kubernetes/podsecuritypolicy-oneagent.yaml +++ /dev/null @@ -1,44 +0,0 @@ -# Copyright 2019 Dynatrace LLC - -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at - -# http://www.apache.org/licenses/LICENSE-2.0 - -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} -{{- if eq .Values.platform "kubernetes" }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: dynatrace-oneagent - annotations: - seccomp.security.alpha.kubernetes.io/allowedProfileNames: "*" -spec: - privileged: true - allowPrivilegeEscalation: true - allowedCapabilities: - - "*" - volumes: - - "*" - hostNetwork: true - hostIPC: true - hostPID: true - hostPorts: - - min: 0 - max: 65535 - runAsUser: - rule: "RunAsAny" - seLinux: - rule: "RunAsAny" - supplementalGroups: - rule: "RunAsAny" - fsGroup: - rule: "RunAsAny" -{{ end }} diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Kubernetes/podsecuritypolicy-operator.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Kubernetes/podsecuritypolicy-operator.yaml deleted file mode 100644 index 7d792073c..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Kubernetes/podsecuritypolicy-operator.yaml +++ /dev/null @@ -1,50 +0,0 @@ -# Copyright 2019 Dynatrace LLC - -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at - -# http://www.apache.org/licenses/LICENSE-2.0 - -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} -{{- if eq .Values.platform "kubernetes" }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: dynatrace-oneagent-operator - annotations: - seccomp.security.alpha.kubernetes.io/allowedProfileNames: "docker/default" - apparmor.security.beta.kubernetes.io/allowedProfileNames: "runtime/default" - seccomp.security.alpha.kubernetes.io/defaultProfileName: "docker/default" - apparmor.security.beta.kubernetes.io/defaultProfileName: "runtime/default" -spec: - privileged: false - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - requiredDropCapabilities: - - ALL - volumes: - - "configMap" - - "emptyDir" - - "projected" - - "secret" - - "downwardAPI" - - "persistentVolumeClaim" - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: "MustRunAsNonRoot" - seLinux: - rule: "RunAsAny" - supplementalGroups: - rule: "RunAsAny" - fsGroup: - rule: "RunAsAny" -{{ end }} diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Kubernetes/podsecuritypolicy-webhook.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Kubernetes/podsecuritypolicy-webhook.yaml deleted file mode 100644 index a8cb0925f..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Kubernetes/podsecuritypolicy-webhook.yaml +++ /dev/null @@ -1,50 +0,0 @@ -# Copyright 2019 Dynatrace LLC - -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at - -# http://www.apache.org/licenses/LICENSE-2.0 - -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} -{{- if eq .Values.platform "kubernetes" }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: dynatrace-oneagent-webhook - annotations: - seccomp.security.alpha.kubernetes.io/allowedProfileNames: "docker/default" - apparmor.security.beta.kubernetes.io/allowedProfileNames: "runtime/default" - seccomp.security.alpha.kubernetes.io/defaultProfileName: "docker/default" - apparmor.security.beta.kubernetes.io/defaultProfileName: "runtime/default" -spec: - privileged: false - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - requiredDropCapabilities: - - ALL - volumes: - - "configMap" - - "emptyDir" - - "projected" - - "secret" - - "downwardAPI" - - "persistentVolumeClaim" - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: "MustRunAsNonRoot" - seLinux: - rule: "RunAsAny" - supplementalGroups: - rule: "RunAsAny" - fsGroup: - rule: "RunAsAny" -{{ end }} diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Kubernetes/role-oneagent.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Kubernetes/role-oneagent.yaml deleted file mode 100644 index f20b85ea8..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Kubernetes/role-oneagent.yaml +++ /dev/null @@ -1,31 +0,0 @@ -# Copyright 2019 Dynatrace LLC - -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at - -# http://www.apache.org/licenses/LICENSE-2.0 - -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} -{{- if eq .Values.platform "kubernetes" }} -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: dynatrace-oneagent - namespace: {{ .Release.Namespace }} -rules: - - apiGroups: - - policy - resources: - - podsecuritypolicies - resourceNames: - - dynatrace-oneagent - verbs: - - use -{{ end }} diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Kubernetes/role-operator.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Kubernetes/role-operator.yaml deleted file mode 100644 index 2b7a7866b..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Kubernetes/role-operator.yaml +++ /dev/null @@ -1,124 +0,0 @@ -# Copyright 2019 Dynatrace LLC - -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at - -# http://www.apache.org/licenses/LICENSE-2.0 - -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} -{{- if eq .Values.platform "kubernetes" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ .Release.Name }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "dynatrace-oneagent-operator.commonlabels" . | nindent 4 }} -rules: - - apiGroups: - - dynatrace.com - resources: - - oneagents - - oneagentapms - verbs: - - get - - list - - watch - - update - - apiGroups: - - apps - resources: - - daemonsets - verbs: - - get - - list - - watch - - create - - update - - delete - - apiGroups: - - apps - resources: - - replicasets - - deployments - verbs: - - get - - list - - watch - - apiGroups: - - apps - resources: - - deployments/finalizers - verbs: - - update - - apiGroups: - - "" # "" indicates the core API group - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - delete - - apiGroups: - - "" # "" indicates the core API group - resources: - - pods - verbs: - - get - - list - - watch - - delete - - apiGroups: - - "" # "" indicates the core API group - resources: - - secrets - verbs: - - get - - list - - watch - - apiGroups: - - monitoring.coreos.com - resources: - - servicemonitors - verbs: - - get - - create - - apiGroups: - - dynatrace.com - resources: - - oneagents/finalizers - - oneagents/status - - oneagentapms/finalizers - - oneagentapms/status - verbs: - - update - - apiGroups: - - networking.istio.io - resources: - - serviceentries - - virtualservices - verbs: - - get - - list - - create - - update - - delete - - apiGroups: - - policy - resources: - - podsecuritypolicies - resourceNames: - - dynatrace-oneagent-operator - verbs: - - use -{{ end }} diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Kubernetes/role-webhook.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Kubernetes/role-webhook.yaml deleted file mode 100644 index e3fb9c037..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Kubernetes/role-webhook.yaml +++ /dev/null @@ -1,61 +0,0 @@ -# Copyright 2019 Dynatrace LLC - -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at - -# http://www.apache.org/licenses/LICENSE-2.0 - -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} -{{- if eq .Values.platform "kubernetes" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: dynatrace-oneagent-webhook - namespace: {{ .Release.Namespace }} - labels: - {{- include "dynatrace-oneagent-operator.commonlabelswebhook" . | nindent 4 }} -rules: - - apiGroups: - - "" - resources: - - services - - configmaps - - secrets - verbs: - - get - - list - - watch - - create - - update - - apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - watch - - apiGroups: - - dynatrace.com - resources: - - oneagentapms - verbs: - - get - - list - - watch - - apiGroups: - - policy - resources: - - podsecuritypolicies - resourceNames: - - dynatrace-oneagent-webhook - verbs: - - use -{{ end }} diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Kubernetes/rolebinding-oneagent.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Kubernetes/rolebinding-oneagent.yaml deleted file mode 100644 index a16c6ce73..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Kubernetes/rolebinding-oneagent.yaml +++ /dev/null @@ -1,30 +0,0 @@ -# Copyright 2019 Dynatrace LLC - -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at - -# http://www.apache.org/licenses/LICENSE-2.0 - -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} -{{- if eq .Values.platform "kubernetes" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: dynatrace-oneagent - namespace: {{ .Release.Namespace }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: dynatrace-oneagent -subjects: - - kind: ServiceAccount - name: dynatrace-oneagent - namespace: {{ .Release.Namespace }} -{{ end }} diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Kubernetes/serviceaccount-oneagent.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Kubernetes/serviceaccount-oneagent.yaml deleted file mode 100644 index 4b958ab6f..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Kubernetes/serviceaccount-oneagent.yaml +++ /dev/null @@ -1,22 +0,0 @@ -# Copyright 2019 Dynatrace LLC - -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at - -# http://www.apache.org/licenses/LICENSE-2.0 - -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} -{{- if eq .Values.platform "kubernetes" }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: dynatrace-oneagent - namespace: {{ .Release.Namespace }} -{{ end }} diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Kubernetes/serviceaccount-operator.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Kubernetes/serviceaccount-operator.yaml deleted file mode 100644 index 5477dd8fb..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Kubernetes/serviceaccount-operator.yaml +++ /dev/null @@ -1,22 +0,0 @@ -# Copyright 2019 Dynatrace LLC - -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at - -# http://www.apache.org/licenses/LICENSE-2.0 - -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} -{{- if eq .Values.platform "kubernetes" }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Release.Name }} - namespace: {{ .Release.Namespace }} -{{ end }} diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/NOTES.txt b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/NOTES.txt deleted file mode 100644 index 288d31baa..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/NOTES.txt +++ /dev/null @@ -1,58 +0,0 @@ -Thank you for installing {{ .Chart.Name }}. - -Your release is named {{ .Release.Name }}. - -To find more information about the Dynatrace OneAgent Operator, try: -https://github.com/Dynatrace/dynatrace-oneagent-operator - -To verify the current state of the OneAgent deployment, try: - $ kubectl get pods -n {{ .Release.Namespace }} - $ kubectl logs -f deployment/{{ .Release.Name }} -n {{ .Release.Namespace }} - $ kubectl get oneagent {{ .Values.oneagent.name }} -n {{ .Release.Namespace }} - -{{- if eq .Values.mode "apm" -}} - {{- if .Values.oneagent.image -}} -WARNING: -The following argument did not get applied since it can only be used with fullstack: oneagent.image - {{- end -}} - {{- if .Values.oneagent.args -}} -WARNING: -The following argument did not get applied since it can only be used with fullstack: oneagent.args - {{- end -}} - {{- if .Values.oneagent.env -}} -WARNING: -The following argument did not get applied since it can only be used with fullstack: oneagent.env - {{- end -}} - {{- if .Values.oneagent.nodeSelector -}} -WARNING: -The following argument did not get applied since it can only be used with fullstack: oneagent.nodeSelector - {{- end -}} - {{- if .Values.oneagent.labels -}} -WARNING: -The following argument did not get applied since it can only be used with fullstack: oneagent.labels - {{- end -}} - {{- if .Values.oneagent.disableAgentUpdate -}} -WARNING: -The following argument did not get applied since it can only be used with fullstack: oneagent.disableAgentUpdate - {{- end -}} - {{- if .Values.oneagent.dnsPolicy -}} -WARNING: -The following argument did not get applied since it can only be used with fullstack: oneagent.dnsPolicy - {{- end -}} - {{- if .Values.oneagent.resources -}} -WARNING: -The following argument did not get applied since it can only be used with fullstack: oneagent.resources - {{- end -}} - {{- if .Values.oneagent.tolerations -}} -WARNING: -The following argument did not get applied since it can only be used with fullstack: oneagent.tolerations - {{- end -}} - {{- if .Values.oneagent.waitReadySeconds -}} -WARNING: -The following argument did not get applied since it can only be used with fullstack: oneagent.waitReadySeconds - {{- end -}} - {{- if .Values.oneagent.priorityClassName -}} -WARNING: -The following argument did not get applied since it can only be used with fullstack: oneagent.priorityClassName - {{- end -}} -{{- end -}} diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Openshift/role-operator.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Openshift/role-operator.yaml deleted file mode 100644 index 7f02c04d4..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Openshift/role-operator.yaml +++ /dev/null @@ -1,116 +0,0 @@ -# Copyright 2019 Dynatrace LLC - -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at - -# http://www.apache.org/licenses/LICENSE-2.0 - -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} -{{- if eq .Values.platform "openshift" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ .Release.Name }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "dynatrace-oneagent-operator.commonlabels" . | nindent 4 }} -rules: - - apiGroups: - - dynatrace.com - resources: - - oneagents - - oneagentapms - verbs: - - get - - list - - watch - - update - - apiGroups: - - apps - resources: - - daemonsets - verbs: - - get - - list - - watch - - create - - update - - delete - - apiGroups: - - apps - resources: - - replicasets - - deployments - verbs: - - get - - list - - watch - - apiGroups: - - apps - resources: - - deployments/finalizers - verbs: - - update - - apiGroups: - - "" # "" indicates the core API group - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - delete - - apiGroups: - - "" # "" indicates the core API group - resources: - - pods - verbs: - - get - - list - - watch - - delete - - apiGroups: - - "" # "" indicates the core API group - resources: - - secrets - verbs: - - get - - list - - watch - - apiGroups: - - monitoring.coreos.com - resources: - - servicemonitors - verbs: - - get - - create - - apiGroups: - - dynatrace.com - resources: - - oneagents/finalizers - - oneagents/status - - oneagentapms/finalizers - - oneagentapms/status - verbs: - - update - - apiGroups: - - networking.istio.io - resources: - - serviceentries - - virtualservices - verbs: - - get - - list - - create - - update - - delete -{{ end }} diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Openshift/role-webhook.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Openshift/role-webhook.yaml deleted file mode 100644 index 39ce2371b..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Openshift/role-webhook.yaml +++ /dev/null @@ -1,53 +0,0 @@ -# Copyright 2019 Dynatrace LLC - -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at - -# http://www.apache.org/licenses/LICENSE-2.0 - -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} -{{- if eq .Values.platform "openshift" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: dynatrace-oneagent-webhook - namespace: {{ .Release.Namespace }} - labels: - {{- include "dynatrace-oneagent-operator.commonlabelswebhook" . | nindent 4 }} -rules: - - apiGroups: - - "" - resources: - - services - - configmaps - - secrets - verbs: - - get - - list - - watch - - create - - update - - apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - watch - - apiGroups: - - dynatrace.com - resources: - - oneagentapms - verbs: - - get - - list - - watch -{{ end }} diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Openshift/securitycontextconstraints.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Openshift/securitycontextconstraints.yaml deleted file mode 100644 index 86a76840d..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Openshift/securitycontextconstraints.yaml +++ /dev/null @@ -1,50 +0,0 @@ -# Copyright 2019 Dynatrace LLC - -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at - -# http://www.apache.org/licenses/LICENSE-2.0 - -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} -{{- if eq .Values.platform "openshift" }} -apiVersion: security.openshift.io/v1 -kind: SecurityContextConstraints -metadata: - annotations: - kubernetes.io/description: "dynatrace-oneagent-privileged allows access to all privileged and host features and the ability to run as any user, any group, any fsGroup, and with any SELinux context. This is a copy of privileged scc." - name: dynatrace-oneagent-privileged -allowHostDirVolumePlugin: true -allowHostIPC: true -allowHostNetwork: true -allowHostPID: true -allowHostPorts: true -allowPrivilegedContainer: true -allowedCapabilities: - - "*" -allowedFlexVolumes: null -defaultAddCapabilities: [] -fsGroup: - type: RunAsAny -priority: 1 -readOnlyRootFilesystem: false -requiredDropCapabilities: [] -runAsUser: - type: RunAsAny -seLinuxContext: - type: RunAsAny -seccompProfiles: - - "*" -supplementalGroups: - type: RunAsAny -users: - - system:serviceaccount:dynatrace:dynatrace-oneagent -volumes: - - "*" -{{ end }} diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Openshift/serviceaccount-oneagent.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Openshift/serviceaccount-oneagent.yaml deleted file mode 100644 index 100b93ecc..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Openshift/serviceaccount-oneagent.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# Copyright 2019 Dynatrace LLC - -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at - -# http://www.apache.org/licenses/LICENSE-2.0 - -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} -{{- if eq .Values.platform "openshift" }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: dynatrace-oneagent - namespace: {{ .Release.Namespace }} -imagePullSecrets: - - name: redhat-connect - - name: redhat-connect-sso -{{ end }} diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Openshift/serviceaccount-operator.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Openshift/serviceaccount-operator.yaml deleted file mode 100644 index d80abab71..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/Openshift/serviceaccount-operator.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# Copyright 2019 Dynatrace LLC - -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at - -# http://www.apache.org/licenses/LICENSE-2.0 - -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} -{{- if eq .Values.platform "openshift" }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: dynatrace-oneagent-operator - namespace: {{ .Release.Namespace }} -imagePullSecrets: - - name: redhat-connect - - name: redhat-connect-sso -{{ end }} diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/_helpers.tpl b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/_helpers.tpl deleted file mode 100644 index 1ad8117c3..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/templates/_helpers.tpl +++ /dev/null @@ -1,113 +0,0 @@ -// Copyright 2019 Dynatrace LLC - -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 - -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "dynatrace-oneagent-operator.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "dynatrace-oneagent-operator.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "dynatrace-oneagent-operator.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "dynatrace-oneagent-operator.commonlabels" -}} -dynatrace: operator -operator: oneagent -helm.sh/chart: {{ include "dynatrace-oneagent-operator.chart" . }} -{{- end -}} - -{{/* -Common labels webhook -*/}} -{{- define "dynatrace-oneagent-operator.commonlabelswebhook" -}} -dynatrace.com/operator: oneagent -internal.oneagent.dynatrace.com/component: webhook -helm.sh/chart: {{ include "dynatrace-oneagent-operator.chart" . }} -{{- end -}} - -{{/* -Check if platform is set -*/}} -{{- define "dynatrace-oneagent-operator.platformSet" -}} -{{- if or (eq .Values.platform "kubernetes") (eq .Values.platform "openshift") -}} - {{ default "set" }} -{{- end -}} -{{- end -}} - -{{/* -Check if default oneagent image is used -*/}} -{{- define "dynatrace-oneagent.image" -}} -{{- if .Values.oneagent.image -}} - {{- printf "%s" .Values.oneagent.image -}} -{{- else -}} - {{- if eq .Values.platform "kubernetes" -}} - {{- printf "docker.io/dynatrace/oneagent" }} - {{- end -}} - {{- if eq .Values.platform "openshift" -}} - {{- printf "registry.connect.redhat.com/dynatrace/oneagent" }} - {{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Check if default operator image is used -*/}} -{{- define "dynatrace-oneagent-operator.image" -}} -{{- if .Values.operator.image -}} - {{- printf "%s" .Values.operator.image -}} -{{- else -}} - {{- printf "%s:v%s" "docker.io/dynatrace/dynatrace-oneagent-operator" .Chart.AppVersion }} -{{- end -}} -{{- end -}} - -{{/* -Check for correct oneagentapm name -*/}} -{{- define "oneagentapm.name" -}} -{{- if eq .Values.mode "apm" }} - {{- if eq .Values.oneagent.name "oneagent" -}} - {{- printf "oneagentapm" -}} - {{- else -}} - {{- printf "%s" .Values.oneagent.name -}} - {{- end -}} -{{- end -}} -{{- end -}} diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/values.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/values.yaml deleted file mode 100644 index 2636c7880..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.0/values.yaml +++ /dev/null @@ -1,51 +0,0 @@ -# Copyright 2019 Dynatrace LLC - -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at - -# http://www.apache.org/licenses/LICENSE-2.0 - -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -platform: "kubernetes" -mode: "fullstack" - -operator: - image: "" - -oneagent: - name: "oneagent" - apiUrl: "" - image: "" - # The expected format is YAML and not a string - args: "" - # The expected format is YAML and not a string - env: "" - # The expected format is YAML and not a string - nodeSelector: "" - # The expected format is YAML and not a string - labels: "" - skipCertCheck: false - disableAgentUpdate: false - enableIstio: false - dnsPolicy: "" - # The expected format is YAML and not a string - resources: "" - # The expected format is YAML and not a string - tolerations: "" - waitReadySeconds: null - priorityClassName: "" - serviceAccountName: "" - proxy: "" - trustedCAs: "" - networkZone: "" - -secret: - autoCreate: true - apiToken: "" - paasToken: "" diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/.helmignore b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/.helmignore deleted file mode 100755 index 50af03172..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/Chart.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/Chart.yaml deleted file mode 100755 index 5cb97fa16..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/Chart.yaml +++ /dev/null @@ -1,20 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: dynatrace-oneagent-operator -apiVersion: v2 -appVersion: 0.8.0 -description: The Dynatrace OneAgent Operator Helm chart for Kubernetes and Openshift -home: https://www.dynatrace.com/ -icon: https://assets.dynatrace.com/global/resources/Signet_Logo_RGB_CP_512x512px.png -maintainers: -- email: marco.mader@dynatrace.com - name: DTMad -- email: luis.garcia@dynatrace.com - name: lrgar -- email: michael.mayr@dynatrace.com - name: mmayr-at -name: dynatrace-oneagent-operator -sources: -- https://github.com/Dynatrace/helm-charts -type: application -version: 0.8.000 diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/README.md b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/README.md deleted file mode 100755 index 1f45987fb..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/README.md +++ /dev/null @@ -1,86 +0,0 @@ -# Welcome - -Dynatrace automatically discovers, baselines, and intelligently monitors Kubernetes clusters and workloads. Learn more about Dynatrace at [our website](https://www.dynatrace.com/platform/). - -# Dynatrace OneAgent Operator Helm Chart - -The Dynatrace OneAgent Operator Helm Chart which supports the rollout and lifecycle of [Dynatrace OneAgent](https://www.dynatrace.com/support/help/get-started/introduction/what-is-oneagent/) in Kubernetes and OpenShift clusters. - -This Helm Chart requires Helm 3. - -### Platforms -Depending of the version of the Dynatrace OneAgent Operator, it supports the following platforms: - -| Dynatrace OneAgent Operator Helm Chart version | Kubernetes | OpenShift Container Platform | -| ---------------------------------------------- | ---------- | ---------------------------- | -| v0.8.0 | 1.14+ | 3.11+ | -| v0.7.1 | 1.14+ | 3.11+ | -| v0.6.0 | 1.11+ | 3.11+ | -| v0.5.4 | 1.11+ | 3.11+ | - - -## Quick Start - -The Dynatrace OneAgent Operator acts on its separate namespace `dynatrace`. -It holds the operator deployment and all dependent objects like permissions, custom resources and -corresponding DaemonSets. -To install the Dynatrace OneAgent Operator via Helm run the following command: - -### Adding Dynatrace OneAgent Helm repository -``` -$ helm repo add dynatrace https://raw.githubusercontent.com/Dynatrace/helm-charts/master/repos/stable -``` - -### Prepare tokens - -Generate an API and a PaaS token in your Dynatrace environment. - -https://www.dynatrace.com/support/help/reference/dynatrace-concepts/why-do-i-need-an-environment-id/#create-user-generated-access-tokens - -To install the Dynatrace OneAgent Operator replace the APIUrl, the API token and the PaaS token in command and execute it - -#### Kubernetes -``` -$ kubectl create namespace dynatrace -$ helm install dynatrace-oneagent-operator dynatrace/dynatrace-oneagent-operator -n dynatrace --set platform="kubernetes",oneagent.apiUrl="https://ENVIRONMENTID.live.dynatrace.com/api",secret.apiToken="DYNATRACE_API_TOKEN",secret.paasToken="PLATFORM_AS_A_SERVICE_TOKEN" -``` - -#### OpenShift -``` -$ oc adm new-project --node-selector="" dynatrace -$ helm install dynatrace-oneagent-operator dynatrace/dynatrace-oneagent-operator -n dynatrace --set platform="openshift",oneagent.apiUrl="https://ENVIRONMENTID.live.dynatrace.com/api",secret.apiToken="DYNATRACE_API_TOKEN",secret.paasToken="PLATFORM_AS_A_SERVICE_TOKEN" -``` - -This will automatically install the Dynatrace OneAgent Operator and create OneAgents for every of your nodes. - -## Update procedure - -To update simply update your helm repositories and check the latest version - -``` -$ helm repo update -``` - -You can then check for the latest version by searching your Helm repositories for the Dynatrace OneAgent Operator - -``` -$ helm search repo dynatrace-oneagent-operator -``` - -To then update to the latest version run this command and do not forget to add the `reuse-values` flag to keep your configuration - -``` -$ helm upgrade dynatrace-oneagent-operator dynatrace/dynatrace-oneagent-operator -n dynatrace --reuse-values -``` - -## Uninstall dynatrace-oneagent-operator -Remove OneAgent custom resources and clean-up all remaining OneAgent Operator specific objects: - - -```sh -$ helm uninstall dynatrace-oneagent-operator -n dynatrace -``` - -## License - -Dynatrace OneAgent Operator Helm Chart is under Apache 2.0 license. See [LICENSE](../LICENSE) for details. diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/app-readme.md b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/app-readme.md deleted file mode 100755 index 9376a87ed..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/app-readme.md +++ /dev/null @@ -1,6 +0,0 @@ -# Dynatrace OneAgent Operator - -This is the home of the Dynatrace OneAgent Operator's Helm Chart which supports the rollout and lifecycle of [Dynatrace OneAgent](https://www.dynatrace.com/support/help/get-started/introduction/what-is-oneagent/) in Kubernetes and OpenShift clusters. -Rolling out Dynatrace OneAgent via DaemonSet on a cluster is straightforward. -Maintaining its lifecycle places a burden on the operational team. -Dynatrace OneAgent Operator closes this gap by automating the repetitive steps involved in keeping Dynatrace OneAgent at its latest desired version. diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/crds/dynatrace.com_oneagentapms_crd.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/crds/dynatrace.com_oneagentapms_crd.yaml deleted file mode 100755 index a3fefe9ef..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/crds/dynatrace.com_oneagentapms_crd.yaml +++ /dev/null @@ -1,145 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: oneagentapms.dynatrace.com -spec: - additionalPrinterColumns: - - JSONPath: .spec.apiUrl - name: ApiUrl - type: string - - JSONPath: .spec.tokens - name: Tokens - type: string - - JSONPath: .metadata.creationTimestamp - name: Age - type: date - group: dynatrace.com - names: - categories: - - dynatrace - kind: OneAgentAPM - listKind: OneAgentAPMList - plural: oneagentapms - singular: oneagentapm - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: OneAgentAPM configures the Dynatrace OneAgent for application monitoring - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: OneAgentAPMSpec defines the desired state of OneAgentAPM - properties: - apiUrl: - description: Location of the Dynatrace API to connect to, including - your specific environment ID - type: string - enableIstio: - description: If enabled, Istio on the cluster will be configured automatically - to allow access to the Dynatrace environment - type: boolean - networkZone: - description: 'Optional: Adds the OneAgent to the given NetworkZone' - type: string - proxy: - description: 'Optional: Set custom proxy settings either directly or - from a secret with the field ''proxy''' - properties: - value: - type: string - valueFrom: - type: string - type: object - skipCertCheck: - description: Disable certificate validation checks for installer download - and API communication - type: boolean - tokens: - description: Credentials for the OneAgent to connect back to Dynatrace. - type: string - trustedCAs: - description: 'Optional: Adds custom RootCAs from a configmap' - type: string - required: - - apiUrl - type: object - status: - description: OneAgentAPMStatus defines the observed state of OneAgentAPM - properties: - conditions: - description: Conditions includes status about the current state of the - instance - items: - description: "Condition represents an observation of an object's state. - Conditions are an extension mechanism intended to be used when the - details of an observation are not a priori known or would not apply - to all instances of a given Kind. \n Conditions should be added - to explicitly convey properties that users and components care about - rather than requiring those properties to be inferred from other - observations. Once defined, the meaning of a Condition can not be - changed arbitrarily - it becomes part of the API, and has the same - backwards- and forwards-compatibility concerns of any other part - of the API." - properties: - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - description: ConditionReason is intended to be a one-word, CamelCase - representation of the category of cause of the current status. - It is intended to be used in concise output, such as one-line - kubectl get output, and in summarizing occurrences of causes. - type: string - status: - type: string - type: - description: "ConditionType is the type of the condition and is - typically a CamelCased word or short phrase. \n Condition types - should indicate state in the \"abnormal-true\" polarity. For - example, if the condition indicates when a policy is invalid, - the \"is valid\" case is probably the norm, so the condition - should be called \"Invalid\"." - type: string - required: - - status - - type - type: object - type: array - lastAPITokenProbeTimestamp: - description: LastAPITokenProbeTimestamp tracks when the last request - for the API token validity was sent - format: date-time - type: string - lastPaaSTokenProbeTimestamp: - description: LastPaaSTokenProbeTimestamp tracks when the last request - for the PaaS token validity was sent - format: date-time - type: string - updatedTimestamp: - description: UpdatedTimestamp indicates when the instance was last updated - format: date-time - type: string - type: object - required: - - spec - type: object - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/crds/dynatrace.com_oneagents_crd.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/crds/dynatrace.com_oneagents_crd.yaml deleted file mode 100755 index f2a47603d..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/crds/dynatrace.com_oneagents_crd.yaml +++ /dev/null @@ -1,368 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: oneagents.dynatrace.com -spec: - additionalPrinterColumns: - - JSONPath: .spec.apiUrl - name: ApiUrl - type: string - - JSONPath: .spec.tokens - name: Tokens - type: string - - JSONPath: .status.version - name: Version - type: string - - JSONPath: .status.phase - name: Phase - type: string - - JSONPath: .metadata.creationTimestamp - name: Age - type: date - group: dynatrace.com - names: - categories: - - dynatrace - kind: OneAgent - listKind: OneAgentList - plural: oneagents - singular: oneagent - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: OneAgent configures the Dynatrace OneAgent for full-stack monitoring - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: OneAgentSpec defines the desired state of OneAgent - properties: - apiUrl: - description: Location of the Dynatrace API to connect to, including - your specific environment ID - type: string - args: - description: 'Optional: Arguments to the OneAgent installer' - items: - type: string - type: array - disableAgentUpdate: - description: Disable automatic restarts of OneAgent pods in case a new - version is available - type: boolean - dnsPolicy: - description: 'Optional: Sets DNS Policy for the OneAgent pods' - type: string - enableIstio: - description: If enabled, Istio on the cluster will be configured automatically - to allow access to the Dynatrace environment - type: boolean - env: - description: 'Optional: List of environment variables to set for the - installer' - items: - description: EnvVar represents an environment variable present in - a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded using - the previous defined environment variables in the container - and any service environment variables. If a variable cannot - be resolved, the reference in the input string will be unchanged. - The $(VAR_NAME) syntax can be escaped with a double $$, ie: - $$(VAR_NAME). Escaped references will never be expanded, regardless - of whether the variable exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. Cannot - be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its key - must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is written - in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only resources - limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, - requests.cpu, requests.memory and requests.ephemeral-storage) - are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, optional - for env vars' - type: string - divisor: - description: Specifies the output format of the exposed - resources, defaults to "1" - type: string - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - image: - description: 'Optional: the Dynatrace installer container image Defaults - to docker.io/dynatrace/oneagent:latest for Kubernetes and to registry.connect.redhat.com/dynatrace/oneagent - for OpenShift' - type: string - labels: - additionalProperties: - type: string - description: 'Optional: Adds additional labels for the OneAgent pods' - type: object - networkZone: - description: 'Optional: Adds the OneAgent to the given NetworkZone' - type: string - nodeSelector: - additionalProperties: - type: string - description: Node selector to control the selection of nodes (optional) - type: object - priorityClassName: - description: 'Optional: If specified, indicates the pod''s priority. - Name must be defined by creating a PriorityClass object with that - name. If not specified the setting will be removed from the DaemonSet.' - type: string - proxy: - description: 'Optional: Set custom proxy settings either directly or - from a secret with the field ''proxy''' - properties: - value: - type: string - valueFrom: - type: string - type: object - resources: - description: 'Optional: define resources requests and limits for single - pods' - properties: - limits: - additionalProperties: - type: string - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - type: string - description: 'Requests describes the minimum amount of compute resources - required. If Requests is omitted for a container, it defaults - to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - serviceAccountName: - description: 'Optional: set custom Service Account Name used with OneAgent - pods' - type: string - skipCertCheck: - description: Disable certificate validation checks for installer download - and API communication - type: boolean - tokens: - description: Credentials for the OneAgent to connect back to Dynatrace. - type: string - tolerations: - description: 'Optional: set tolerations for the OneAgent pods' - items: - description: The pod this Toleration is attached to tolerates any - taint that matches the triple using the matching - operator . - properties: - effect: - description: Effect indicates the taint effect to match. Empty - means match all taint effects. When specified, allowed values - are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, operator - must be Exists; this combination means to match all values and - all keys. - type: string - operator: - description: Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. Exists - is equivalent to wildcard for value, so that a pod can tolerate - all taints of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time the - toleration (which must be of effect NoExecute, otherwise this - field is ignored) tolerates the taint. By default, it is not - set, which means tolerate the taint forever (do not evict). - Zero and negative values will be treated as 0 (evict immediately) - by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise - just a regular string. - type: string - type: object - type: array - trustedCAs: - description: 'Optional: Adds custom RootCAs from a configmap' - type: string - waitReadySeconds: - description: 'Optional: Defines the time to wait until OneAgent pod - is ready after update - default 300 sec' - minimum: 0 - type: integer - required: - - apiUrl - type: object - status: - description: OneAgentStatus defines the observed state of OneAgent - properties: - conditions: - description: Conditions includes status about the current state of the - instance - items: - description: "Condition represents an observation of an object's state. - Conditions are an extension mechanism intended to be used when the - details of an observation are not a priori known or would not apply - to all instances of a given Kind. \n Conditions should be added - to explicitly convey properties that users and components care about - rather than requiring those properties to be inferred from other - observations. Once defined, the meaning of a Condition can not be - changed arbitrarily - it becomes part of the API, and has the same - backwards- and forwards-compatibility concerns of any other part - of the API." - properties: - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - description: ConditionReason is intended to be a one-word, CamelCase - representation of the category of cause of the current status. - It is intended to be used in concise output, such as one-line - kubectl get output, and in summarizing occurrences of causes. - type: string - status: - type: string - type: - description: "ConditionType is the type of the condition and is - typically a CamelCased word or short phrase. \n Condition types - should indicate state in the \"abnormal-true\" polarity. For - example, if the condition indicates when a policy is invalid, - the \"is valid\" case is probably the norm, so the condition - should be called \"Invalid\"." - type: string - required: - - status - - type - type: object - type: array - instances: - additionalProperties: - properties: - ipAddress: - type: string - podName: - type: string - version: - type: string - type: object - type: object - lastAPITokenProbeTimestamp: - description: LastAPITokenProbeTimestamp tracks when the last request - for the API token validity was sent - format: date-time - type: string - lastPaaSTokenProbeTimestamp: - description: LastPaaSTokenProbeTimestamp tracks when the last request - for the PaaS token validity was sent - format: date-time - type: string - phase: - description: Defines the current state (Running, Updating, Error, ...) - type: string - updatedTimestamp: - description: UpdatedTimestamp indicates when the instance was last updated - format: date-time - type: string - version: - description: Dynatrace version being used. - type: string - type: object - required: - - spec - type: object - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/logo.png b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/logo.png deleted file mode 100755 index 6714eb8a59509d9513133b43b2de290f73be9c18..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 9908 zcmYj%c|27A_y22#u?!l?E=H*kp(IM0@s_kAN~kOqDnhHhJ7sHEy(=UQZ6sT~C83!{ zsqAU7r7>k+r)-1k-tX(`^Lspgf8@^0z305nd7kBUU(eG;M|(RtsyY<_Ah%`nMkfHs z@FN*WNx;ik=$C1Dkq+MMb`k)Y1;jrRxO-0({-}1!*7cNgkngDw?-M@2`cTjTAMGv2 zy#0Kfe7p~Z9slUF9)M-mTQ*wn3T+*1-+yIalQ&&hT8duR+q=)!<+Ju3i@@m3F{vjs z$DXdN@;)bV`m#%;^FqZ2g&qDl!7q(F9R#1M=tJmAHp5=__ujmogst%Pp^KO4e(*uuGQNdfaJ6RFPqenFM$+onoTezZ9RIp1K^;W{2e6tv5qD^H|haSJlChGx{0Ac;) zH4)of{SrA1T;C)r9?j^gIfYbxD=5uSdu6F8vB#Q4W{OoX7LFq=n@wV{0A9z^f44%> zFNUI?2)kJa4Y{rVMJ-Fm^I7vLV6hY)>mg#BsBdo`*Yu^mxSwMOo$jw-L^f!dsc-Br zIL{)3t~kUJd8LOQVOsa**}R+_R1~9v!G+l6sn3@;osSzZ-ZjV=zAb)PaVL<+ye7PY zC%EMrj_~vKd`w9;wdN^B5yUXAM+G1CKApcrPf`!ORmHp+NZT~;l<&NIE{?!!xqx$z zVdcL>`_hR9_S)VFB*6Ls8SvEGt}OcGNh z_I+fUyWJXjk@gV4n~keO)zkm|8hTQP!dg{>R-Bnxd`{FJe+4WmVV}k6$2W&Aq>|@WsT0zav!+dzU=X#@U$VHD z2N9Un#;8hRx%t6o0TSHBTwe)J+Z6ff-s)i^(ZD7xY-a!MuTF$(74eA0AJ2qwjfJaF zgB9R^2K$K&00dOLf{__u3@B-80=@#q5+-aw6AQ?e&$~H!H{IaRn1Ih;i*PP zWbF4YkbZ*LIun(y^p zfM?$T3a70~OH27jJK7#J< z{|1pc8SXYuH2unf0ux7su?%&!Z%N^r!bReAc)1u-+-}|FMw}0CzvVIB>-eGX@m3y?%vxaTt zQ@c;Nr)tMJ!dH_^Md)+KXkpNwvxbii#dpCv5LSVFGq>B5!l8MQsU>mwc=Tusi%sBL64HB)rOC!iPF+Y0 zdvcX2fVrcMYCK`M#4dSGtSf~m7{KyMQx+iZqJ-=mqMF;YziOi@qZvU`_{XDz>a6wX z-l@;FM7`CHyK>%mh}y2?B;6qgBO=QLaR_1_7)(E&F=v>=Th|crfL(-LMN;@EkE3`n z^=IIA;(NhphV&k7U8SKHl*Wn9lEI_N=6B0>^{+-n>%Yseq(Eo$@;%Nv(?3bf|{on9t>N1Fhpz1y+GV}orH&H5I zj_T$LL+#2X(n2ixu+=OX{Qr6`d)D>nlGaoZA>e;ncJ6HjBVedheZX7~edu`DoU7+B z*URf0s5xR6a_5TK;lNy#E=E;ikzLdwiu?|e>Pr|INv9&^4K@Dqm@yTfzWj4J>zr^h zj_fp#=mZ|o!uLd`$Ya~xX1~p;sXw)SE5W#}m>M{5UY^*FX zD|y-L1zyHz(H8AKVSO~RvO6eW1$*J0mtbdf@6{@&hp+tAX8)q)77cqvfCSq&&HKv4HvUuI_B*lKb`qU3)^-h9+9G1KL6JAA%e8a z9m?OJM&!^6zxGdG$34D!9xQ&rV01SfrcI?UR;)a^jE4IN90HcZ9Ahg~gcZvVO=wMi zWCUBv(KGb0vr|Y<4*JyWpEpVM!=Bk+I&UsQlW$FAas*6UIu&k+^flL1eP!2bD zbM$lEi`PHOe*Z>)zb$WgJw1{4ea0^@2U#95(p@om_H5TxPlJidh>kb>(9z5EsaKzT z$)*e1{4^yl+la=OuUT^03LSdey51j_kXoM;w~@+(=zf%nn!L&>IOs)-oBEnVcNi}0 z$U&x?uk4BYu(hJ&)uoAfUEWCr^7h`T*TQ_aiOlzSfKAi;tQ;E=3m$S_BBN0x`R zM91T}Ja(&p0W_%3{)B|r77-13``S5Q#VWyr-@116bqGZY+1gZf#`D(RKvI4y9{q6Q z&ASt`Cx@R1LaOnW;w$9shNy~ZTfVa|sds3I-zyxUm&i;uYH(??WGMvhrkO9mm`n9H zY{z)(v~KY~W%TaZBUAaAxeP0~Y3>9C5tlKeZ!0@yo^@)LJG2ZA+D60h_AOr}mVb|N z?VYf8vYsOo3Iq;o8aFX@lvrplernC*{TQ!gQhrcyFA`6Fb$9B;O4e2$V_{lLoYj7v zcI|*(vPpjJ$i|qync%SR1`JU^c;ZL1?{K?dm=f9g!}-%^ocpGR6b+Y9A>h(fid*=^Lb>Fj^H*5?PxGeyo9Z_I0qPbIk;&6LXa zjB%!B>wD~G*yA^0nJx?9N02)0@FBF%$qnhK&f8FU`oEE~vstD<5+BSluEo!vV?965 zw{mT+%`k=q^hNGzTr$bR^V@vf9P42yqfgE2T3SZbDDv1Y-(CaKyup)W{3^Enwb9g= zlc?v+zle7he0N!JW7Zc`uA9cYC-FDmc5-%vsV0#{BNC(-#_c}-)bmhM@BT^TRqsxG zWcCwhWqbWRiuTM6Yu1el&h7U0^ZP}GY$tnCjF3LnFngPhT^;0i2}UyMX}4hLK2143 z-Zi7dx)C|#fVoZ7jzs;)EO=(l5#3ly09PejuGVmkl4d^3XuOYeChhR>fj=8y-8!32 z=(ExjFn;NH@Pskmalk65&eT#Ra7P5+xV~lx9k|`v{9(<=_m(MktS6^Xa7^xqn*z4$ zNHMt~cfW{k5o%s$6C4jXGykIR>8O(5yiUgbYiksTwLo+=)$QtDRDH*VQO4p+ga1;49gy+r=PPc znBGY({$~U~j$BNxmXJ?#_x_wIlaV_ZQFXeLEI%=Zw;JGO9iO_>X|WqF))+-PD!%sj z0?W<61hQam=l2Hnb=?+lVohQZJ=$z^JY)S=S+M=9J;kfZU#j8(Cn`iV5R26aBo}rS z?td@OZE%qz{c8j)>%d@$0YBL$zR(Z}uo5#dO00F-WoZyf?Rag2Hhp81>;`9KF?2K1 z{YFPwNMhFdf#C&#!#X0hrlOvEWRSUoB$bFp9WG>xNfx%mZ}^FB0B?_EYLJJLe|mq# zJHFsGHxdq+($*h7Ov>_;1GaLfZPKhpLKoyt^4-T7mWj1mQ5!|3*UW4{MQL#VrDq`X zORgyh`XLgvw`1M&4i(bs+pekDnF9S95IH)-R>6QHLzk+;3LeJy=AAW4neDCMu?tSg zk(lex7=k>sqp-z+#tjiz$i_^-JZcJzIlm|6G{Bd(UVo6b_{l2L z;s?NFe$)Nx0Do#406^)eJ^*Pz4{U$8+Xl$1P*_`f)yaBqTh*Wq;w9m65B5n&0qJ$_ zk3e(8-Gbyw@e4Kf6z;7BKBM=^neb!`js|k}k_`Z8*bWa}pTC)jgX24aBY>~Pp%=8;ceEIU^Q*9H?0^pjZy-3eWx3ds)ESd9j}0IyvuD6FS1C+a~3ktqOXmM6q0tme~lq$^!XiWYaJ%sB#;{?=M##blY@uW7K=$FJ@^-@ zsf7sr)eNq#0DI)-gD)QbU&sw+zTn@}!;QaR?DT3SlxP!5SToJCQb55FtPvw8mEBo1 zcZ&kxEh1AkDYLFEIv~5k2E@Y9)qpg>3|E$gOauG`z*iM80|0Y2b>UO6FQU$#1y)A7 zRy=~iBjh(f2H9%MSRXAy`d(Ur3r~QnBrsV!0krRuf$iFxFp$AZ#F(j6=6e&;_U+a3 zUJ?YXP%vp9DOd@BC9dE*4S1a}yuTDma64Z{DpOdkCv6t6)Kvfs+OiBEsS6Ll%cUmV zjhd$7Z&!&y8F!GYu^ep9gNrd2B}9F_S;1i$o~NMu zcXLebNx=+o>8Ki6^{zA6B{(1;f?!E<+T8q4_(v0N!!>ns6}IqoaDP?5g(+}cg0@xZ zFeB~ohswZQ{DAA8SjLrZSVvFrr#vS$3O9ajh1ARrV<|*6*#PLxdIc2s;X7r3EIfmM z;6K>O>a*lDF$khYKK{j`w2gxQX5SS+>_Qi#q@&(_@Z2%r3o;vh1hmKb60B7T*krl* z4D0v-S%Wa4vATp_>@$$m{0YxA1)2vh2_-MIehv5_*L;u66xl3vk7Fs^)9mi`guI2# z`fFHgi6+d%k^2ay35Ru<3J$Jmy zI&=&-dRET%3)|Tn`t;(h{UG_UNRnU{Z1C!YsM7=Mzb?(Qei+lR@5*|#VkdriDbi9c z#?Ug9n55e1m4zK~41f9s=2OKn7JrSx_EqR*MG*9*I~LMQ2^0O-F7Y^58ci&!^FP`)fDx>kk&+TyC@meVDSv09Cn1rW1#s7iP?xSEqUJJ9|9F0MaY7R8~3oIlrn|UqI_hO73vsLOKIq z4JkcH1n!;LwD*Gq56?`L*-*2F%j3&JUc$)`BrFHgp^GYobUz91Ea9W19X>cj6wmXs zCm~Ld^x^Cgv6Zp>`cH}Q1n=(-dAOu&IVrXqwFsu&Jcd!UVI4d58CoB_KwH2VSLi>T zwObUggCF+u3>V-J5-+_v#ZxrMDUz8=k4%7@)FeF0~m@cVhx*jkBD`k zNKTH~A~gEAJ>(~)V-YQMbn5dv^myYo+ff;Az++Fo5-6hKn>yLf;JE0Yxd^5|I`6IF zCGZ?o169Z2(Yp)M0@B7xx5nN)15)@pNGqj({e52^W5L5E+m&EgDKgxLROXI-fk#D> zzwVP?-ep`1OIU4$suYyUU}Y~ldKtTk99%PHY!OK6rCz)du-{UBYA8}Ae2#|P9of4a z($@-5G*~}PD7i@=7?Bh)Ie4KcVq87?t2HDA;;R(mCH{h>jP1||nj^`r@%RIwq$#*) z`LDZ3at%4F&RrQFimcGUY>kz+*QM)vnoIqT#ZTPyIaR~wkN=pDu^u9X#UI4%A(h0v zeh*i{cHAXN(iFL_ozWm00%`*N7=#Om70P9V@^N#{0$Sx#us%9Yy9v zVD)KkUK1qY3Q7k|Vi<4tL6eA$$+N@C?WZjFvz#oRUljCTp+@-}fnI)l(VvGa5`l}) zQW|DkVN$NfTBbDxHx0!(%q`qD$SqSKnd1z6*6N_YQb@h=hxb=-G*4cfk2wa# z-~Uf4|B=vhjqGt{*19^#A#gu&;LxP z20tpRL)3XWX#aqng`^*xmUv5e z6$m(idi@MB`EAh)VB9o9s`LTuU&vO9cAUzp31N^lvbll;6X`vQ1vJPqT{jja#pCZT zR3Pap1ZOWzv>&z;De0TctD^I(|Flg}kd{HYd7$7A&v$oeBKZPNXD zSE7JIyBJf{l#}T)b~>*+;o#E9)VWYMonTJ24oe4VdcCK8?RLOr5Q>+Bt;-<$V+9e#BFypF zgc9I!th3z3O!`x7L}Jb%qZ6W@VU0)%_b$xW3A3MOGd%j?I$5Tv3=96S=|l-hz|lq* zX{NMf8OJ6|k8=Q|F z6VO%#1NT3Rd5Uy18>@kTupL7{3n($`UdoEUKb;QAWu~SS(qUr?T3*Tk z{}M^A8YJ=`DP!Asbk)_v%a|wW5gFG6oWa`;P3OK~JV@7@qlF&fgv2iovM4l%7)8K? z5^U|}#g)zCnZ8XB@r|RqRXM7b*56C60P&JhFmC>Hhm})6)i7@ADOigOe)-r0erU&5Y3O->#nJuEo zh!s+Fugb1=xG{OPO@n~coUqU*+XL~qR6o^x*t7i z8Vk%o_eD*KknZ^g=_O=rf8 zAz%vn5;-+b#gi_X|CrhtV22ayd^*rzEH-rRKu4B%Ci6x$-i-{<3UoLVR)PdF_wA)O z9lNDR#VCTLPv;KsO7MIMFV}c>xK+g1He+c-5j@bB9P-dtHI%Z~P2L-f{P+(FW9nI5cy*cz$ew@Qr5#GCNwAsXeJQ^K4XUpU$^ z$>Qc72dYhaFas)5JZcO7zm8H2rXQPDKGdQld$HNS3wilvqzC(iRL`@T3QtB3HMg1% z4mYiw)&ugmAm=^g7z1tV9W08uZ)W-%}AB4&Bmg>@Ld*wE8E8 z*VEcIG8_6#JYe$EXXIYgSYJ@$tle2?@aQHj3TQN-4jt?Aitsi`F|oF6{~ZKRK;3q; zc+sHTS>8_kLFrUF01>xi-Z(X|-K1K@IKG>_w_COgGtNK6f^+dmEp*$ag%qGyXgKDl zAR)t>Ag3D+!t;LI1{&U7?L!~uz>#6;G*t5GR&44en+8$4iev?2`(*sysSU!uJ=Lg= zOZXf9c&-fz^t-A`Tz=D$P^@yXHG6Nb=dg;)Bx7uVuRr<L#ryU768OY`g zMvqgYGZwu_j1!J*AN%iZZJT+a#>pUGNeA@EnNCx_!N6TC_$+=Pv@;#~WCuV5;ZBpWEW~XNS2uF<4d~6b9PTxF?GQu78W$e<0Z| R5fVsXi>>{}+<&~z{~v%ki3tDz diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/overview.svg b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/overview.svg deleted file mode 100755 index 5e1092df4..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/overview.svg +++ /dev/null @@ -1,2 +0,0 @@ - -
OneAgent Pods
[Not supported by viewer]
trigger
rollout
[Not supported by viewer]
query
version
query<br>version
trigger
update
[Not supported by viewer]
OneAgent
CustomResource
[Not supported by viewer]
DaemonSet
DaemonSet
watch
changes
watch<br>changes
DynatraceOneAgentOperatorDynatrace Cluster
\ No newline at end of file diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/questions.yml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/questions.yml deleted file mode 100755 index 561642772..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/questions.yml +++ /dev/null @@ -1,175 +0,0 @@ -questions: - -#################### Agent Configuration (REQUIRED) #################### -- variable: mode - label: "Monitoring mode" - description: "Either fullstack for full monitoring or apm for application only monitoring" - default: "fullstack" - type: enum - group: "Agent Configuration (REQUIRED)" - options: - - "fullstack" - - "apm" - -- variable: oneagent.apiUrl - label: "Dynatrace API URL" - description: "Dynatrace API URL including `/api` path at the end" - default: "https://ENVIRONMENTID.live.dynatrace.com/api" - type: string - required: true - group: "Agent Configuration (REQUIRED)" - -- variable: secret.apiToken - label: "Dynatrace API token" - description: "Your Dynatrace API token - You can generate this token in your Dynatrace environment" - default: "" - type: string - required: true - group: "Agent Configuration (REQUIRED)" - -- variable: secret.paasToken - label: "Dynatrace PaaS token" - description: "Your Dynatrace Platform as a Service token - You can generate this token in your Dynatrace environment" - default: "" - type: string - required: true - group: "Agent Configuration (REQUIRED)" - -#################### Advanced Agent Configuration (OPTIONAL) #################### -- variable: show_advanced_config - label: "Show advanced configuration" - description: "Show advanced configuration options for the Dynatrace OneAgent Operator" - default: false - type: boolean - group: "Advanced Agent Configuration (OPTIONAL)" - -- variable: operator.image - label: "Custom Operator image location" - description: "The location from where to grab the Dynatrace OneAgent operator image - default is quay.io/dynatrace/dynatrace-oneagent-operator" - default: "" - type: string - group: "Advanced Agent Configuration (OPTIONAL)" - show_if: "show_advanced_config=true" - -- variable: oneagent.name - label: "OneAgent CustomResource name" - default: "oneagent" - type: string - group: "Advanced Agent Configuration (OPTIONAL)" - show_if: "show_advanced_config=true && mode=fullstack" - -- variable: oneagent.disableAgentUpdate - label: "Disable automatic OneAgent updates" - description: "Disables automatic restarts of oneagent pods in case a new version is available" - default: false - type: boolean - group: "Advanced Agent Configuration (OPTIONAL)" - show_if: "show_advanced_config=true && mode=fullstack" - -- variable: oneagent.dnsPolicy - label: "Set custom DNS Policy" - description: "DNS Policy for OneAgent pods. Empty for default (ClusterFirst), more at https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy" - default: "" - type: string - group: "Advanced Agent Configuration (OPTIONAL)" - show_if: "show_advanced_config=true && mode=fullstack" - -- variable: oneagent.enableIstio - label: "Enable istio" - description: "When enabled, and if Istio is installed on the Kubernetes environment, then the Operator will create the corresponding VirtualService and ServiceEntries objects to allow access to the Dynatrace cluster from the agent." - default: false - type: boolean - group: "Advanced Agent Configuration (OPTIONAL)" - show_if: "show_advanced_config=true" - -- variable: oneagent.image - label: "Custom OneAgent image location" - description: "The location from where to grab the Dynatrace OneAgent image - default for Kubernetes is docker.io/dynatrace/oneagent" - default: "" - type: string - group: "Advanced Agent Configuration (OPTIONAL)" - show_if: "show_advanced_config=true && mode=fullstack" - -- variable: oneagent.skipCertCheck - label: "Skip certificate check" - description: "Disable certificate validation checks for installer download and API communication" - default: false - type: boolean - group: "Advanced Agent Configuration (OPTIONAL)" - show_if: "show_advanced_config=true" - -- variable: oneagent.priorityClassName - label: "Assign priority class to OneAgent pods" - description: "Priority class to assign to OneAgent pods, more at https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/" - default: "" - type: string - group: "Advanced Agent Configuration (OPTIONAL)" - show_if: "show_advanced_config=true && mode=fullstack" - -- variable: oneagent.proxy - label: "Define a proxy" - description: "Configures a proxy for the Agent, AgentDownload and the Operator. Provide the proxy here" - default: "" - type: string - group: "Advanced Agent Configuration (OPTIONAL)" - show_if: "show_advanced_config=true" - -- variable: oneagent.trustedCAs - label: "Add custom CA certificates" - description: "Adds the provided CA certficates to the Operator and the OneAgent. Provide your custom certificates here. If this is not set the default embedded certificates on the images will be used" - default: "" - type: multiline - group: "Advanced Agent Configuration (OPTIONAL)" - show_if: "show_advanced_config=true" - -- variable: oneagent.waitReadySeconds - label: "Wait seconds until ready" - description: "Define the time to wait until OneAgent pod is ready after update - defaults to 300s" - default: "" - type: int - group: "Advanced Agent Configuration (OPTIONAL)" - show_if: "show_advanced_config=true && mode=fullstack" - -- variable: oneagent.args - label: "Arguments to OneAgent installer" - description: "Defines additional arguments which get passed to the OneAgent installer - Please edit as Yaml for the best experience. The expected format is YAML and not a string" - default: "" - type: string - group: "Advanced Agent Configuration (OPTIONAL)" - show_if: "show_advanced_config=true && mode=fullstack" - -- variable: oneagent.env - label: "Environment variables for OneAgent" - description: "Defines additional environment variables which get passed to the OneAgent - Please edit as Yaml for the best experience" - type: string - group: "Advanced Agent Configuration (OPTIONAL)" - show_if: "show_advanced_config=true && mode=fullstack" - -- variable: oneagent.nodeSelector - label: "Node selector to control the selection of nodes" - description: "Defines a NodeSelector to customize to which nodes the OneAgent will be rolled out - Please edit as Yaml for the best experience" - type: string - group: "Advanced Agent Configuration (OPTIONAL)" - show_if: "show_advanced_config=true && mode=fullstack" - -- variable: oneagent.labels - label: "Custom labels for the OneAgent pods" - description: "Defines labels for OneAgent pods to structure workloads as desired - Please edit as Yaml for the best experience" - type: string - group: "Advanced Agent Configuration (OPTIONAL)" - show_if: "show_advanced_config=true && mode=fullstack" - -- variable: oneagent.resources - label: "Resource definition for the OneAgent pods" - description: "Defines the resources the OneAgent pods can use - Please edit as Yaml for the best experience" - type: string - group: "Advanced Agent Configuration (OPTIONAL)" - show_if: "show_advanced_config=true && mode=fullstack" - -- variable: oneagent.tolerations - label: "Custom tolerations for the OneAgent" - description: "Defines custom tolerations to the OneAgent - Please edit as Yaml for the best experience - see https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/" - default: "" - type: string - group: "Advanced Agent Configuration (OPTIONAL)" - show_if: "show_advanced_config=true && mode=fullstack" diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/clusterrole-operator.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/clusterrole-operator.yaml deleted file mode 100755 index aedff9f83..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/clusterrole-operator.yaml +++ /dev/null @@ -1,47 +0,0 @@ -# Copyright 2019 Dynatrace LLC - -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at - -# http://www.apache.org/licenses/LICENSE-2.0 - -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ .Release.Name }} - labels: - {{- include "dynatrace-oneagent-operator.commonlabels" . | nindent 4 }} -rules: - - apiGroups: - - "" # "" indicates the core API group - resources: - - nodes - - namespaces - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - secrets - verbs: - - create - - apiGroups: - - "" - resources: - - secrets - resourceNames: - - dynatrace-oneagent-config - verbs: - - get - - update - - delete diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/clusterrole-webhook.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/clusterrole-webhook.yaml deleted file mode 100755 index 661399f81..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/clusterrole-webhook.yaml +++ /dev/null @@ -1,47 +0,0 @@ -# Copyright 2019 Dynatrace LLC - -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at - -# http://www.apache.org/licenses/LICENSE-2.0 - -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: dynatrace-oneagent-webhook - labels: - {{- include "dynatrace-oneagent-operator.commonlabelswebhook" . | nindent 4 }} -rules: - - apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - list - - watch - - apiGroups: - - admissionregistration.k8s.io - resources: - - mutatingwebhookconfigurations - verbs: - - list - - create - - watch - - apiGroups: - - admissionregistration.k8s.io - resources: - - mutatingwebhookconfigurations - resourceNames: - - dynatrace-oneagent-webhook - verbs: - - get - - update diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/clusterrolebinding-operator.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/clusterrolebinding-operator.yaml deleted file mode 100755 index cca2b78f8..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/clusterrolebinding-operator.yaml +++ /dev/null @@ -1,29 +0,0 @@ -# Copyright 2019 Dynatrace LLC - -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at - -# http://www.apache.org/licenses/LICENSE-2.0 - -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }} - labels: - {{- include "dynatrace-oneagent-operator.commonlabels" . | nindent 4 }} -subjects: - - kind: ServiceAccount - name: {{ .Release.Name }} - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: {{ .Release.Name }} - apiGroup: rbac.authorization.k8s.io diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/clusterrolebinding-webhook.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/clusterrolebinding-webhook.yaml deleted file mode 100755 index b2305a81f..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/clusterrolebinding-webhook.yaml +++ /dev/null @@ -1,29 +0,0 @@ -# Copyright 2019 Dynatrace LLC - -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at - -# http://www.apache.org/licenses/LICENSE-2.0 - -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: dynatrace-oneagent-webhook - labels: - {{- include "dynatrace-oneagent-operator.commonlabelswebhook" . | nindent 4 }} -subjects: - - kind: ServiceAccount - name: dynatrace-oneagent-webhook - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: dynatrace-oneagent-webhook - apiGroup: rbac.authorization.k8s.io diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/configmap.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/configmap.yaml deleted file mode 100755 index 10d35fcf3..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/configmap.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# Copyright 2020 Dynatrace LLC - -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at - -# http://www.apache.org/licenses/LICENSE-2.0 - -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} -{{- if .Values.oneagent.trustedCAs }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Values.oneagent.name }} - namespace: {{ .Release.Namespace }} -data: - certs: | -{{ .Values.oneagent.trustedCAs | indent 4 }} -{{- end }} diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/customresource-oneagent.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/customresource-oneagent.yaml deleted file mode 100755 index 64229cfb0..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/customresource-oneagent.yaml +++ /dev/null @@ -1,99 +0,0 @@ -# Copyright 2019 Dynatrace LLC - -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at - -# http://www.apache.org/licenses/LICENSE-2.0 - -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} -{{- if eq .Values.mode "fullstack" }} -apiVersion: dynatrace.com/v1alpha1 -kind: OneAgent -metadata: - name: {{ .Values.oneagent.name }} - namespace: {{ .Release.Namespace }} -spec: - apiUrl: {{ required "ApiUrl needs to be set!" .Values.oneagent.apiUrl }} - tokens: {{ .Values.oneagent.name }} - image: {{ include "dynatrace-oneagent.image" . }} - - {{- if ne (printf "%T" .Values.oneagent.args) "string" }} - args: {{- toYaml .Values.oneagent.args | nindent 4 }} - {{- else }} - args: - - --set-app-log-content-access=true - {{- end }} - - {{- if .Values.oneagent.env }} - env: {{- toYaml .Values.oneagent.env | nindent 4 }} - {{- end }} - - {{- if .Values.oneagent.labels }} - labels: {{- toYaml .Values.oneagent.labels | nindent 4 }} - {{- end }} - - {{- if .Values.oneagent.nodeSelector }} - nodeSelector: {{- toYaml .Values.oneagent.nodeSelector | nindent 4 }} - {{- end }} - - {{- if .Values.oneagent.proxy }} - proxy: - valueFrom: {{ .Values.oneagent.name }} - {{- end }} - - {{- if ne (printf "%T" .Values.oneagent.tolerations) "string" }} - tolerations: {{- toYaml .Values.oneagent.tolerations | nindent 4 }} - {{- else }} - tolerations: - - effect: NoSchedule - key: node-role.kubernetes.io/master - operator: Exists - {{- end }} - - {{- if .Values.oneagent.resources }} - resources: {{- toYaml .Values.oneagent.resources | nindent 4 }} - {{- end }} - - {{- if .Values.oneagent.dnsPolicy }} - dnsPolicy: {{ .Values.oneagent.dnsPolicy }} - {{- end }} - - {{- if .Values.oneagent.enableIstio }} - enableIstio: {{ .Values.oneagent.enableIstio }} - {{- end }} - - {{- if .Values.oneagent.disableAgentUpdate }} - disableAgentUpdate: {{ .Values.oneagent.disableAgentUpdate }} - {{- end }} - - {{- if .Values.oneagent.skipCertCheck }} - skipCertCheck: {{ .Values.oneagent.skipCertCheck }} - {{- end }} - - {{- if .Values.oneagent.waitReadySeconds }} - waitReadySeconds: {{ .Values.oneagent.waitReadySeconds }} - {{- end }} - - {{- if .Values.oneagent.priorityClassName }} - priorityClassName: {{ .Values.oneagent.priorityClassName }} - {{- end }} - - {{- if .Values.oneagent.serviceAccountName }} - serviceAccountName: {{ .Values.oneagent.serviceAccountName }} - {{- end }} - - {{- if .Values.oneagent.trustedCAs }} - trustedCAs: {{ .Values.oneagent.name }} - {{- end }} - - {{- if .Values.oneagent.networkZone }} - networkZone: {{ .Values.oneagent.networkZone }} - {{- end }} -{{ end }} diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/customresource-oneagentapm.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/customresource-oneagentapm.yaml deleted file mode 100755 index 74d88a980..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/customresource-oneagentapm.yaml +++ /dev/null @@ -1,46 +0,0 @@ -# Copyright 2019 Dynatrace LLC - -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at - -# http://www.apache.org/licenses/LICENSE-2.0 - -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} -{{- if eq .Values.mode "apm" }} -apiVersion: dynatrace.com/v1alpha1 -kind: OneAgentAPM -metadata: - name: {{ include "oneagentapm.name" . }} - namespace: {{ .Release.Namespace }} -spec: - apiUrl: {{ .Values.oneagent.apiUrl }} - tokens: {{ .Values.oneagent.name }} - - {{- if .Values.oneagent.skipCertCheck }} - skipCertCheck: {{ .Values.oneagent.skipCertCheck }} - {{- end }} - - {{- if .Values.oneagent.enableIstio }} - enableIstio: {{ .Values.oneagent.enableIstio }} - {{- end }} - - {{- if .Values.oneagent.proxy }} - proxy: - valueFrom: {{ .Values.oneagent.name }} - {{- end }} - - {{- if .Values.oneagent.trustedCAs }} - trustedCAs: {{ .Values.oneagent.name }} - {{- end }} - - {{- if .Values.oneagent.networkZone }} - networkZone: {{ .Values.oneagent.networkZone }} - {{- end }} -{{ end }} diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/deployment-operator.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/deployment-operator.yaml deleted file mode 100755 index 159ec6410..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/deployment-operator.yaml +++ /dev/null @@ -1,86 +0,0 @@ -# Copyright 2019 Dynatrace LLC - -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at - -# http://www.apache.org/licenses/LICENSE-2.0 - -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "dynatrace-oneagent-operator.commonlabels" . | nindent 4 }} -spec: - replicas: 1 - revisionHistoryLimit: 1 - selector: - matchLabels: - name: {{ .Release.Name }} - strategy: - type: Recreate - template: - metadata: - labels: - name: {{ .Release.Name }} - {{- include "dynatrace-oneagent-operator.commonlabels" . | nindent 8 }} - spec: - containers: - - name: {{ .Release.Name }} - args: - - operator - image: {{ include "dynatrace-oneagent-operator.image" . }} - imagePullPolicy: Always - env: - - name: WATCH_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - ports: - - containerPort: 60000 - name: metrics - resources: - requests: - cpu: 10m - memory: 64Mi - limits: - cpu: 100m - memory: 256Mi - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: beta.kubernetes.io/arch - operator: In - values: - - amd64 - - arm64 - - key: beta.kubernetes.io/os - operator: In - values: - - linux - - matchExpressions: - - key: kubernetes.io/arch - operator: In - values: - - amd64 - - arm64 - - key: kubernetes.io/os - operator: In - values: - - linux - serviceAccountName: {{ .Release.Name }} diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/deployment-webhook.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/deployment-webhook.yaml deleted file mode 100755 index de3143983..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/deployment-webhook.yaml +++ /dev/null @@ -1,125 +0,0 @@ -# Copyright 2019 Dynatrace LLC - -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at - -# http://www.apache.org/licenses/LICENSE-2.0 - -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: dynatrace-oneagent-webhook - namespace: {{ .Release.Namespace }} - labels: - dynatrace.com/operator: oneagent -spec: - replicas: 1 - revisionHistoryLimit: 1 - selector: - matchLabels: - internal.oneagent.dynatrace.com/component: webhook - internal.oneagent.dynatrace.com/app: webhook - strategy: - type: Recreate - template: - metadata: - labels: - dynatrace.com/operator: oneagent - internal.oneagent.dynatrace.com/component: webhook - internal.oneagent.dynatrace.com/app: webhook - spec: - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: beta.kubernetes.io/arch - operator: In - values: - - amd64 - - arm64 - - key: beta.kubernetes.io/os - operator: In - values: - - linux - - matchExpressions: - - key: kubernetes.io/arch - operator: In - values: - - amd64 - - arm64 - - key: kubernetes.io/os - operator: In - values: - - linux - containers: - - name: webhook - args: - - webhook-server - image: {{ include "dynatrace-oneagent-operator.image" . }} - imagePullPolicy: Always - env: - - name: WATCH_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - readinessProbe: - httpGet: - path: /healthz - port: server-port - scheme: HTTPS - initialDelaySeconds: 15 - periodSeconds: 10 - ports: - - name: server-port - containerPort: 8443 - resources: - requests: - cpu: 10m - memory: 64Mi - limits: - cpu: 100m - memory: 256Mi - volumeMounts: - - name: certs-volume - mountPath: /mnt/webhook-certs - - name: bootstrapper - args: - - webhook-bootstrapper - image: {{ include "dynatrace-oneagent-operator.image" . }} - imagePullPolicy: Always - env: - - name: WATCH_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - resources: - requests: - cpu: 10m - memory: 64Mi - limits: - cpu: 100m - memory: 256Mi - volumeMounts: - - name: certs-volume - mountPath: /mnt/webhook-certs - serviceAccountName: dynatrace-oneagent-webhook - volumes: - - name: certs-volume - emptyDir: {} diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/mutatingwebhookconfiguration.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/mutatingwebhookconfiguration.yaml deleted file mode 100755 index 9248d5217..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/mutatingwebhookconfiguration.yaml +++ /dev/null @@ -1,39 +0,0 @@ -# Copyright 2019 Dynatrace LLC - -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at - -# http://www.apache.org/licenses/LICENSE-2.0 - -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: MutatingWebhookConfiguration -metadata: - name: dynatrace-oneagent-webhook - labels: - {{- include "dynatrace-oneagent-operator.commonlabelswebhook" . | nindent 4 }} -webhooks: -- name: webhook.oneagent.dynatrace.com - rules: - - apiGroups: [""] - apiVersions: ["v1"] - operations: ["CREATE"] - resources: ["pods"] - scope: Namespaced - namespaceSelector: - matchExpressions: - - key: oneagent.dynatrace.com/instance - operator: Exists - clientConfig: - service: - name: dynatrace-oneagent-webhook - namespace: {{ .Release.Namespace }} - path: /inject - admissionReviewVersions: ["v1beta1"] diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/rolebinding-operator.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/rolebinding-operator.yaml deleted file mode 100755 index 82df3260e..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/rolebinding-operator.yaml +++ /dev/null @@ -1,29 +0,0 @@ -# Copyright 2019 Dynatrace LLC - -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at - -# http://www.apache.org/licenses/LICENSE-2.0 - -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ .Release.Name }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "dynatrace-oneagent-operator.commonlabels" . | nindent 4 }} -subjects: - - kind: ServiceAccount - name: {{ .Release.Name }} -roleRef: - kind: Role - name: {{ .Release.Name }} - apiGroup: rbac.authorization.k8s.io diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/rolebinding-webhook.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/rolebinding-webhook.yaml deleted file mode 100755 index f16fb26b1..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/rolebinding-webhook.yaml +++ /dev/null @@ -1,30 +0,0 @@ -# Copyright 2019 Dynatrace LLC - -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at - -# http://www.apache.org/licenses/LICENSE-2.0 - -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: dynatrace-oneagent-webhook - namespace: {{ .Release.Namespace }} - labels: - {{- include "dynatrace-oneagent-operator.commonlabelswebhook" . | nindent 4 }} -subjects: - - kind: ServiceAccount - name: dynatrace-oneagent-webhook - namespace: {{ .Release.Namespace }} -roleRef: - kind: Role - name: dynatrace-oneagent-webhook - apiGroup: rbac.authorization.k8s.io diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/secret.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/secret.yaml deleted file mode 100755 index 7449e6b65..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/secret.yaml +++ /dev/null @@ -1,29 +0,0 @@ -# Copyright 2019 Dynatrace LLC - -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at - -# http://www.apache.org/licenses/LICENSE-2.0 - -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} -{{- if .Values.secret.autoCreate }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Values.oneagent.name }} - namespace: {{ .Release.Namespace }} -data: - apiToken: {{ .Values.secret.apiToken | b64enc }} - paasToken: {{ .Values.secret.paasToken | b64enc }} - {{- if .Values.oneagent.proxy }} - proxy: {{ .Values.oneagent.proxy | b64enc }} - {{- end }} -type: Opaque -{{- end }} diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/service.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/service.yaml deleted file mode 100755 index cd280bb0f..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/service.yaml +++ /dev/null @@ -1,31 +0,0 @@ - -# Copyright 2019 Dynatrace LLC - -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at - -# http://www.apache.org/licenses/LICENSE-2.0 - -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} -apiVersion: v1 -kind: Service -metadata: - name: dynatrace-oneagent-webhook - namespace: {{ .Release.Namespace }} - labels: - {{- include "dynatrace-oneagent-operator.commonlabelswebhook" . | nindent 4 }} -spec: - selector: - internal.oneagent.dynatrace.com/app: webhook - internal.oneagent.dynatrace.com/component: webhook - ports: - - port: 443 - protocol: TCP - targetPort: server-port diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/serviceaccount-webhook.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/serviceaccount-webhook.yaml deleted file mode 100755 index 21e17344a..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/serviceaccount-webhook.yaml +++ /dev/null @@ -1,20 +0,0 @@ -# Copyright 2019 Dynatrace LLC - -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at - -# http://www.apache.org/licenses/LICENSE-2.0 - -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: dynatrace-oneagent-webhook - namespace: {{ .Release.Namespace }} diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Kubernetes/podsecuritypolicy-oneagent.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Kubernetes/podsecuritypolicy-oneagent.yaml deleted file mode 100755 index f17e25282..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Kubernetes/podsecuritypolicy-oneagent.yaml +++ /dev/null @@ -1,44 +0,0 @@ -# Copyright 2019 Dynatrace LLC - -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at - -# http://www.apache.org/licenses/LICENSE-2.0 - -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} -{{- if eq .Values.platform "kubernetes" }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: dynatrace-oneagent - annotations: - seccomp.security.alpha.kubernetes.io/allowedProfileNames: "*" -spec: - privileged: true - allowPrivilegeEscalation: true - allowedCapabilities: - - "*" - volumes: - - "*" - hostNetwork: true - hostIPC: true - hostPID: true - hostPorts: - - min: 0 - max: 65535 - runAsUser: - rule: "RunAsAny" - seLinux: - rule: "RunAsAny" - supplementalGroups: - rule: "RunAsAny" - fsGroup: - rule: "RunAsAny" -{{ end }} diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Kubernetes/podsecuritypolicy-operator.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Kubernetes/podsecuritypolicy-operator.yaml deleted file mode 100755 index 7d792073c..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Kubernetes/podsecuritypolicy-operator.yaml +++ /dev/null @@ -1,50 +0,0 @@ -# Copyright 2019 Dynatrace LLC - -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at - -# http://www.apache.org/licenses/LICENSE-2.0 - -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} -{{- if eq .Values.platform "kubernetes" }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: dynatrace-oneagent-operator - annotations: - seccomp.security.alpha.kubernetes.io/allowedProfileNames: "docker/default" - apparmor.security.beta.kubernetes.io/allowedProfileNames: "runtime/default" - seccomp.security.alpha.kubernetes.io/defaultProfileName: "docker/default" - apparmor.security.beta.kubernetes.io/defaultProfileName: "runtime/default" -spec: - privileged: false - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - requiredDropCapabilities: - - ALL - volumes: - - "configMap" - - "emptyDir" - - "projected" - - "secret" - - "downwardAPI" - - "persistentVolumeClaim" - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: "MustRunAsNonRoot" - seLinux: - rule: "RunAsAny" - supplementalGroups: - rule: "RunAsAny" - fsGroup: - rule: "RunAsAny" -{{ end }} diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Kubernetes/podsecuritypolicy-webhook.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Kubernetes/podsecuritypolicy-webhook.yaml deleted file mode 100755 index a8cb0925f..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Kubernetes/podsecuritypolicy-webhook.yaml +++ /dev/null @@ -1,50 +0,0 @@ -# Copyright 2019 Dynatrace LLC - -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at - -# http://www.apache.org/licenses/LICENSE-2.0 - -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} -{{- if eq .Values.platform "kubernetes" }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: dynatrace-oneagent-webhook - annotations: - seccomp.security.alpha.kubernetes.io/allowedProfileNames: "docker/default" - apparmor.security.beta.kubernetes.io/allowedProfileNames: "runtime/default" - seccomp.security.alpha.kubernetes.io/defaultProfileName: "docker/default" - apparmor.security.beta.kubernetes.io/defaultProfileName: "runtime/default" -spec: - privileged: false - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - requiredDropCapabilities: - - ALL - volumes: - - "configMap" - - "emptyDir" - - "projected" - - "secret" - - "downwardAPI" - - "persistentVolumeClaim" - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: "MustRunAsNonRoot" - seLinux: - rule: "RunAsAny" - supplementalGroups: - rule: "RunAsAny" - fsGroup: - rule: "RunAsAny" -{{ end }} diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Kubernetes/role-oneagent.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Kubernetes/role-oneagent.yaml deleted file mode 100755 index f20b85ea8..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Kubernetes/role-oneagent.yaml +++ /dev/null @@ -1,31 +0,0 @@ -# Copyright 2019 Dynatrace LLC - -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at - -# http://www.apache.org/licenses/LICENSE-2.0 - -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} -{{- if eq .Values.platform "kubernetes" }} -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: dynatrace-oneagent - namespace: {{ .Release.Namespace }} -rules: - - apiGroups: - - policy - resources: - - podsecuritypolicies - resourceNames: - - dynatrace-oneagent - verbs: - - use -{{ end }} diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Kubernetes/role-operator.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Kubernetes/role-operator.yaml deleted file mode 100755 index 2b7a7866b..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Kubernetes/role-operator.yaml +++ /dev/null @@ -1,124 +0,0 @@ -# Copyright 2019 Dynatrace LLC - -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at - -# http://www.apache.org/licenses/LICENSE-2.0 - -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} -{{- if eq .Values.platform "kubernetes" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ .Release.Name }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "dynatrace-oneagent-operator.commonlabels" . | nindent 4 }} -rules: - - apiGroups: - - dynatrace.com - resources: - - oneagents - - oneagentapms - verbs: - - get - - list - - watch - - update - - apiGroups: - - apps - resources: - - daemonsets - verbs: - - get - - list - - watch - - create - - update - - delete - - apiGroups: - - apps - resources: - - replicasets - - deployments - verbs: - - get - - list - - watch - - apiGroups: - - apps - resources: - - deployments/finalizers - verbs: - - update - - apiGroups: - - "" # "" indicates the core API group - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - delete - - apiGroups: - - "" # "" indicates the core API group - resources: - - pods - verbs: - - get - - list - - watch - - delete - - apiGroups: - - "" # "" indicates the core API group - resources: - - secrets - verbs: - - get - - list - - watch - - apiGroups: - - monitoring.coreos.com - resources: - - servicemonitors - verbs: - - get - - create - - apiGroups: - - dynatrace.com - resources: - - oneagents/finalizers - - oneagents/status - - oneagentapms/finalizers - - oneagentapms/status - verbs: - - update - - apiGroups: - - networking.istio.io - resources: - - serviceentries - - virtualservices - verbs: - - get - - list - - create - - update - - delete - - apiGroups: - - policy - resources: - - podsecuritypolicies - resourceNames: - - dynatrace-oneagent-operator - verbs: - - use -{{ end }} diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Kubernetes/role-webhook.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Kubernetes/role-webhook.yaml deleted file mode 100755 index e3fb9c037..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Kubernetes/role-webhook.yaml +++ /dev/null @@ -1,61 +0,0 @@ -# Copyright 2019 Dynatrace LLC - -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at - -# http://www.apache.org/licenses/LICENSE-2.0 - -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} -{{- if eq .Values.platform "kubernetes" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: dynatrace-oneagent-webhook - namespace: {{ .Release.Namespace }} - labels: - {{- include "dynatrace-oneagent-operator.commonlabelswebhook" . | nindent 4 }} -rules: - - apiGroups: - - "" - resources: - - services - - configmaps - - secrets - verbs: - - get - - list - - watch - - create - - update - - apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - watch - - apiGroups: - - dynatrace.com - resources: - - oneagentapms - verbs: - - get - - list - - watch - - apiGroups: - - policy - resources: - - podsecuritypolicies - resourceNames: - - dynatrace-oneagent-webhook - verbs: - - use -{{ end }} diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Kubernetes/rolebinding-oneagent.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Kubernetes/rolebinding-oneagent.yaml deleted file mode 100755 index a16c6ce73..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Kubernetes/rolebinding-oneagent.yaml +++ /dev/null @@ -1,30 +0,0 @@ -# Copyright 2019 Dynatrace LLC - -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at - -# http://www.apache.org/licenses/LICENSE-2.0 - -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} -{{- if eq .Values.platform "kubernetes" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: dynatrace-oneagent - namespace: {{ .Release.Namespace }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: dynatrace-oneagent -subjects: - - kind: ServiceAccount - name: dynatrace-oneagent - namespace: {{ .Release.Namespace }} -{{ end }} diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Kubernetes/serviceaccount-oneagent.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Kubernetes/serviceaccount-oneagent.yaml deleted file mode 100755 index 4b958ab6f..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Kubernetes/serviceaccount-oneagent.yaml +++ /dev/null @@ -1,22 +0,0 @@ -# Copyright 2019 Dynatrace LLC - -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at - -# http://www.apache.org/licenses/LICENSE-2.0 - -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} -{{- if eq .Values.platform "kubernetes" }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: dynatrace-oneagent - namespace: {{ .Release.Namespace }} -{{ end }} diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Kubernetes/serviceaccount-operator.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Kubernetes/serviceaccount-operator.yaml deleted file mode 100755 index 5477dd8fb..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Kubernetes/serviceaccount-operator.yaml +++ /dev/null @@ -1,22 +0,0 @@ -# Copyright 2019 Dynatrace LLC - -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at - -# http://www.apache.org/licenses/LICENSE-2.0 - -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} -{{- if eq .Values.platform "kubernetes" }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Release.Name }} - namespace: {{ .Release.Namespace }} -{{ end }} diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/NOTES.txt b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/NOTES.txt deleted file mode 100755 index 288d31baa..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/NOTES.txt +++ /dev/null @@ -1,58 +0,0 @@ -Thank you for installing {{ .Chart.Name }}. - -Your release is named {{ .Release.Name }}. - -To find more information about the Dynatrace OneAgent Operator, try: -https://github.com/Dynatrace/dynatrace-oneagent-operator - -To verify the current state of the OneAgent deployment, try: - $ kubectl get pods -n {{ .Release.Namespace }} - $ kubectl logs -f deployment/{{ .Release.Name }} -n {{ .Release.Namespace }} - $ kubectl get oneagent {{ .Values.oneagent.name }} -n {{ .Release.Namespace }} - -{{- if eq .Values.mode "apm" -}} - {{- if .Values.oneagent.image -}} -WARNING: -The following argument did not get applied since it can only be used with fullstack: oneagent.image - {{- end -}} - {{- if .Values.oneagent.args -}} -WARNING: -The following argument did not get applied since it can only be used with fullstack: oneagent.args - {{- end -}} - {{- if .Values.oneagent.env -}} -WARNING: -The following argument did not get applied since it can only be used with fullstack: oneagent.env - {{- end -}} - {{- if .Values.oneagent.nodeSelector -}} -WARNING: -The following argument did not get applied since it can only be used with fullstack: oneagent.nodeSelector - {{- end -}} - {{- if .Values.oneagent.labels -}} -WARNING: -The following argument did not get applied since it can only be used with fullstack: oneagent.labels - {{- end -}} - {{- if .Values.oneagent.disableAgentUpdate -}} -WARNING: -The following argument did not get applied since it can only be used with fullstack: oneagent.disableAgentUpdate - {{- end -}} - {{- if .Values.oneagent.dnsPolicy -}} -WARNING: -The following argument did not get applied since it can only be used with fullstack: oneagent.dnsPolicy - {{- end -}} - {{- if .Values.oneagent.resources -}} -WARNING: -The following argument did not get applied since it can only be used with fullstack: oneagent.resources - {{- end -}} - {{- if .Values.oneagent.tolerations -}} -WARNING: -The following argument did not get applied since it can only be used with fullstack: oneagent.tolerations - {{- end -}} - {{- if .Values.oneagent.waitReadySeconds -}} -WARNING: -The following argument did not get applied since it can only be used with fullstack: oneagent.waitReadySeconds - {{- end -}} - {{- if .Values.oneagent.priorityClassName -}} -WARNING: -The following argument did not get applied since it can only be used with fullstack: oneagent.priorityClassName - {{- end -}} -{{- end -}} diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Openshift/role-operator.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Openshift/role-operator.yaml deleted file mode 100755 index 7f02c04d4..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Openshift/role-operator.yaml +++ /dev/null @@ -1,116 +0,0 @@ -# Copyright 2019 Dynatrace LLC - -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at - -# http://www.apache.org/licenses/LICENSE-2.0 - -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} -{{- if eq .Values.platform "openshift" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ .Release.Name }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "dynatrace-oneagent-operator.commonlabels" . | nindent 4 }} -rules: - - apiGroups: - - dynatrace.com - resources: - - oneagents - - oneagentapms - verbs: - - get - - list - - watch - - update - - apiGroups: - - apps - resources: - - daemonsets - verbs: - - get - - list - - watch - - create - - update - - delete - - apiGroups: - - apps - resources: - - replicasets - - deployments - verbs: - - get - - list - - watch - - apiGroups: - - apps - resources: - - deployments/finalizers - verbs: - - update - - apiGroups: - - "" # "" indicates the core API group - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - delete - - apiGroups: - - "" # "" indicates the core API group - resources: - - pods - verbs: - - get - - list - - watch - - delete - - apiGroups: - - "" # "" indicates the core API group - resources: - - secrets - verbs: - - get - - list - - watch - - apiGroups: - - monitoring.coreos.com - resources: - - servicemonitors - verbs: - - get - - create - - apiGroups: - - dynatrace.com - resources: - - oneagents/finalizers - - oneagents/status - - oneagentapms/finalizers - - oneagentapms/status - verbs: - - update - - apiGroups: - - networking.istio.io - resources: - - serviceentries - - virtualservices - verbs: - - get - - list - - create - - update - - delete -{{ end }} diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Openshift/role-webhook.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Openshift/role-webhook.yaml deleted file mode 100755 index 39ce2371b..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Openshift/role-webhook.yaml +++ /dev/null @@ -1,53 +0,0 @@ -# Copyright 2019 Dynatrace LLC - -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at - -# http://www.apache.org/licenses/LICENSE-2.0 - -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} -{{- if eq .Values.platform "openshift" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: dynatrace-oneagent-webhook - namespace: {{ .Release.Namespace }} - labels: - {{- include "dynatrace-oneagent-operator.commonlabelswebhook" . | nindent 4 }} -rules: - - apiGroups: - - "" - resources: - - services - - configmaps - - secrets - verbs: - - get - - list - - watch - - create - - update - - apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - watch - - apiGroups: - - dynatrace.com - resources: - - oneagentapms - verbs: - - get - - list - - watch -{{ end }} diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Openshift/securitycontextconstraints.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Openshift/securitycontextconstraints.yaml deleted file mode 100755 index 86a76840d..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Openshift/securitycontextconstraints.yaml +++ /dev/null @@ -1,50 +0,0 @@ -# Copyright 2019 Dynatrace LLC - -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at - -# http://www.apache.org/licenses/LICENSE-2.0 - -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} -{{- if eq .Values.platform "openshift" }} -apiVersion: security.openshift.io/v1 -kind: SecurityContextConstraints -metadata: - annotations: - kubernetes.io/description: "dynatrace-oneagent-privileged allows access to all privileged and host features and the ability to run as any user, any group, any fsGroup, and with any SELinux context. This is a copy of privileged scc." - name: dynatrace-oneagent-privileged -allowHostDirVolumePlugin: true -allowHostIPC: true -allowHostNetwork: true -allowHostPID: true -allowHostPorts: true -allowPrivilegedContainer: true -allowedCapabilities: - - "*" -allowedFlexVolumes: null -defaultAddCapabilities: [] -fsGroup: - type: RunAsAny -priority: 1 -readOnlyRootFilesystem: false -requiredDropCapabilities: [] -runAsUser: - type: RunAsAny -seLinuxContext: - type: RunAsAny -seccompProfiles: - - "*" -supplementalGroups: - type: RunAsAny -users: - - system:serviceaccount:dynatrace:dynatrace-oneagent -volumes: - - "*" -{{ end }} diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Openshift/serviceaccount-oneagent.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Openshift/serviceaccount-oneagent.yaml deleted file mode 100755 index 100b93ecc..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Openshift/serviceaccount-oneagent.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# Copyright 2019 Dynatrace LLC - -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at - -# http://www.apache.org/licenses/LICENSE-2.0 - -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} -{{- if eq .Values.platform "openshift" }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: dynatrace-oneagent - namespace: {{ .Release.Namespace }} -imagePullSecrets: - - name: redhat-connect - - name: redhat-connect-sso -{{ end }} diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Openshift/serviceaccount-operator.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Openshift/serviceaccount-operator.yaml deleted file mode 100755 index d80abab71..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Openshift/serviceaccount-operator.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# Copyright 2019 Dynatrace LLC - -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at - -# http://www.apache.org/licenses/LICENSE-2.0 - -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} -{{- if eq .Values.platform "openshift" }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: dynatrace-oneagent-operator - namespace: {{ .Release.Namespace }} -imagePullSecrets: - - name: redhat-connect - - name: redhat-connect-sso -{{ end }} diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/_helpers.tpl b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/_helpers.tpl deleted file mode 100755 index 1ad8117c3..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/_helpers.tpl +++ /dev/null @@ -1,113 +0,0 @@ -// Copyright 2019 Dynatrace LLC - -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 - -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "dynatrace-oneagent-operator.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "dynatrace-oneagent-operator.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "dynatrace-oneagent-operator.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "dynatrace-oneagent-operator.commonlabels" -}} -dynatrace: operator -operator: oneagent -helm.sh/chart: {{ include "dynatrace-oneagent-operator.chart" . }} -{{- end -}} - -{{/* -Common labels webhook -*/}} -{{- define "dynatrace-oneagent-operator.commonlabelswebhook" -}} -dynatrace.com/operator: oneagent -internal.oneagent.dynatrace.com/component: webhook -helm.sh/chart: {{ include "dynatrace-oneagent-operator.chart" . }} -{{- end -}} - -{{/* -Check if platform is set -*/}} -{{- define "dynatrace-oneagent-operator.platformSet" -}} -{{- if or (eq .Values.platform "kubernetes") (eq .Values.platform "openshift") -}} - {{ default "set" }} -{{- end -}} -{{- end -}} - -{{/* -Check if default oneagent image is used -*/}} -{{- define "dynatrace-oneagent.image" -}} -{{- if .Values.oneagent.image -}} - {{- printf "%s" .Values.oneagent.image -}} -{{- else -}} - {{- if eq .Values.platform "kubernetes" -}} - {{- printf "docker.io/dynatrace/oneagent" }} - {{- end -}} - {{- if eq .Values.platform "openshift" -}} - {{- printf "registry.connect.redhat.com/dynatrace/oneagent" }} - {{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Check if default operator image is used -*/}} -{{- define "dynatrace-oneagent-operator.image" -}} -{{- if .Values.operator.image -}} - {{- printf "%s" .Values.operator.image -}} -{{- else -}} - {{- printf "%s:v%s" "docker.io/dynatrace/dynatrace-oneagent-operator" .Chart.AppVersion }} -{{- end -}} -{{- end -}} - -{{/* -Check for correct oneagentapm name -*/}} -{{- define "oneagentapm.name" -}} -{{- if eq .Values.mode "apm" }} - {{- if eq .Values.oneagent.name "oneagent" -}} - {{- printf "oneagentapm" -}} - {{- else -}} - {{- printf "%s" .Values.oneagent.name -}} - {{- end -}} -{{- end -}} -{{- end -}} diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/values.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/values.yaml deleted file mode 100755 index 2636c7880..000000000 --- a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/values.yaml +++ /dev/null @@ -1,51 +0,0 @@ -# Copyright 2019 Dynatrace LLC - -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at - -# http://www.apache.org/licenses/LICENSE-2.0 - -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -platform: "kubernetes" -mode: "fullstack" - -operator: - image: "" - -oneagent: - name: "oneagent" - apiUrl: "" - image: "" - # The expected format is YAML and not a string - args: "" - # The expected format is YAML and not a string - env: "" - # The expected format is YAML and not a string - nodeSelector: "" - # The expected format is YAML and not a string - labels: "" - skipCertCheck: false - disableAgentUpdate: false - enableIstio: false - dnsPolicy: "" - # The expected format is YAML and not a string - resources: "" - # The expected format is YAML and not a string - tolerations: "" - waitReadySeconds: null - priorityClassName: "" - serviceAccountName: "" - proxy: "" - trustedCAs: "" - networkZone: "" - -secret: - autoCreate: true - apiToken: "" - paasToken: "" diff --git a/charts/falcon-sensor/falcon-sensor/0.9.300+up0.9.3/.helmignore b/charts/falcon-sensor/falcon-sensor/0.9.300+up0.9.3/.helmignore deleted file mode 100644 index 0e8a0eb36..000000000 --- a/charts/falcon-sensor/falcon-sensor/0.9.300+up0.9.3/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/falcon-sensor/falcon-sensor/0.9.300+up0.9.3/Chart.yaml b/charts/falcon-sensor/falcon-sensor/0.9.300+up0.9.3/Chart.yaml deleted file mode 100644 index 3216b7674..000000000 --- a/charts/falcon-sensor/falcon-sensor/0.9.300+up0.9.3/Chart.yaml +++ /dev/null @@ -1,26 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: CrowdStrike Falcon Platform - catalog.cattle.io/release-name: falcon-helm -apiVersion: v2 -appVersion: 0.9.3 -description: A Helm chart to deploy CrowdStrike Falcon sensors into Kubernetes clusters. -home: https://crowdstrike.com -icon: https://raw.githubusercontent.com/CrowdStrike/falcon-helm/main/images/crowdstrike-logo.svg -keywords: -- CrowdStrike -- Falcon -- EDR -- kubernetes -- security -- monitoring -- alerting -maintainers: -- name: CrowdStrike Solution Architecture -- email: gabriel.alford@crowdstrike.com - name: Gabe Alford -name: falcon-sensor -sources: -- https://github.com/CrowdStrike/falcon-helm -type: application -version: 0.9.300+up0.9.3 diff --git a/charts/falcon-sensor/falcon-sensor/0.9.300+up0.9.3/README.md b/charts/falcon-sensor/falcon-sensor/0.9.300+up0.9.3/README.md deleted file mode 100644 index b8b5925aa..000000000 --- a/charts/falcon-sensor/falcon-sensor/0.9.300+up0.9.3/README.md +++ /dev/null @@ -1,90 +0,0 @@ -# CrowdStrike Falcon Helm Chart - -[Falcon](https://www.crowdstrike.com/) is the [CrowdStrike](https://www.crowdstrike.com/) -platform purpose-built to stop breaches via a unified set of cloud-delivered -technologies that prevent all types of attacks — including malware and much -more. - -# Kubernetes Cluster Compatability - -The Falcon Helm chart has been tested to deploy on the following Kubernetes distributions: - -* Amazon Elastic Kubernetes Service (EKS) -* Azure Kubernetes Service (AKS) - Linux Nodes Only -* Google Kubernetes Engine (GKE) -* Rancher K3s - * Nodes must be Linux distributions supported by CrowdStrike. See [https://falcon.crowdstrike.com/support/documentation/20/falcon-sensor-for-linux#operating-systems](https://falcon.crowdstrike.com/support/documentation/20/falcon-sensor-for-linux#operating-systems) for supported Linux distributions and kernels. -* Red Hat OpenShift Container Platform 4.6+ - -# Dependencies - -1. Requires a x86_64 Kubernetes cluster -1. Must be a CrowdStrike customer with access to the Falcon Linux Sensor and Falcon Container downloads. -1. Before deploying the Helm chart, you should have a Falcon Linux Sensor in the container registry before installing the Helm Chart. See the Deployment Considerations for more. -1. Helm 3.x is installed and supported by the Kubernetes vendor. - -# Deployment Considerations - -To ensure a successful deployment, you will want to ensure that: -1. By default, the Helm Chart installs in the `default` namespace. Best practices for deploying to Kubernetes is to create a new namespace. This can be done by adding `-n falcon-system --create-namespace` to your `helm install` command. -1. You have access to a containerized falcon sensor image. This is most likely through a private image registry on your network or cloud provider. See [https://github.com/CrowdStrike/Dockerfiles](https://github.com/CrowdStrike/Dockerfiles) as an example of how to build a Falcon sensor for your registry. -1. The Falcon Linux Sensor (not the Falcon Container) should be used in the container image to deploy to Kubernetes nodes. -1. When deploying the Falcon Linux Sensor to a node, the container image should match the node's operating system. For example, if the node is running Red Hat Enterprise Linux 8.2, the container image should be based on Red Hat Enterprise Linux 8.2, etc. This is important to ensure sensor and image compatibility with the base node operating system. -1. You must have sufficient permissions to deploy Helm Charts to the cluster. This is often received through cluster admin privileges. -1. Only deploying to Kubernetes nodes are supported at this time. -1. When deploying the Falcon Linux Sensor as a container to Kubernetes nodes, it is a requirement that the Falcon Sensor run as a privileged container so that the Sensor can properly work with the kernel. If this is unacceptable, you can install the Falcon Linux Sensor (still runs with privileges) using an RPM or DEB package on the nodes themselves. This assumes that you have the capability to actually install RPM or DEB packages on the nodes. If you do not have this capability and you want to protect the nodes, you have to install using a privileged container. -1. CrowdStrike's Helm Operator is a project, not a product, and released to the community as a way to automate sensor deployment to kubernetes clusters. The upstream repository for this project is [https://github.com/CrowdStrike/falcon-helm](https://github.com/CrowdStrike/falcon-helm). - -# Installation - -### Add the CrowdStrike Falcon Helm repository - -``` -helm repo add crowdstrike https://crowdstrike.github.io/falcon-helm -``` - -### Install CrowdStrike Falcon Helm Chart - -``` -helm upgrade --install falcon-helm crowdstrike/falcon-sensor \ - --set falcon.cid="" \ - --set node.image.repository="/falcon-node-sensor" -``` - -Above command will install the CrowdStrike Falcon Helm Chart with the release name `falcon-helm` in the namespace your `kubectl` context is currently set to. -You can install also install into a customized namespace by running the following: - -``` -helm upgrade --install falcon-helm crowdstrike/falcon-sensor \ - -n falcon-system --create-namespace \ - --set falcon.cid="" \ - --set node.image.repository="/falcon-node-sensor" -``` - -For more details please see the [falcon-helm](https://github.com/CrowdStrike/falcon-helm) repository. - -## Node Configuration - -The following tables lists the more common configurable parameters of the chart and their default values for installing on a Kubernetes node. - -| Parameter | Description | Default | -|:--------------------------------|:---------------------------------------------------------------------|:----------------------------------------- | -| `node.enabled` | Enable installation on the Kubernetes node | `true` | -| `node.image.repository` | Falcon Sensor Node registry/image name | `falcon-node-sensor` | -| `node.image.tag` | The version of the official image to use | `latest` | -| `node.image.pullPolicy` | Policy for updating images | `Always` | -| `node.image.pullSecrets` | Pull secrets for private registry | `{}` | -| `falcon.cid` | CrowdStrike Customer ID (CID) | None (Required) | - -`falcon.cid` and `node.image.repository` are required values. - -### Uninstall Helm Chart -To uninstall, run the following command: -``` -helm uninstall falcon-helm -``` - -To uninstall from a custom namespace, run the following command: -``` -helm uninstall falcon-helm -n falcon-system -``` diff --git a/charts/falcon-sensor/falcon-sensor/0.9.300+up0.9.3/app-readme.md b/charts/falcon-sensor/falcon-sensor/0.9.300+up0.9.3/app-readme.md deleted file mode 100644 index 7f653f423..000000000 --- a/charts/falcon-sensor/falcon-sensor/0.9.300+up0.9.3/app-readme.md +++ /dev/null @@ -1,9 +0,0 @@ -# CrowdStrike Falcon - -[CrowdStrike](https://www.crowdstrike.com/) [Container Security](https://www.crowdstrike.com/cloud-security-products/falcon-cloud-workload-protection/) -comes complete with vulnerability management, continuous -threat detection and response, and runtime protection, combined with compliance -enforcement and automated continuous integration/continuous delivery (CI/CD) pipeline security, enabling -DevOps teams to stay secure while building in the cloud. - -For more information, please visit [https://www.crowdstrike.com/cloud-security-products/falcon-cloud-workload-protection/](https://www.crowdstrike.com/cloud-security-products/falcon-cloud-workload-protection/) diff --git a/charts/falcon-sensor/falcon-sensor/0.9.300+up0.9.3/ci/cid-values.yaml b/charts/falcon-sensor/falcon-sensor/0.9.300+up0.9.3/ci/cid-values.yaml deleted file mode 100644 index 8e93d8809..000000000 --- a/charts/falcon-sensor/falcon-sensor/0.9.300+up0.9.3/ci/cid-values.yaml +++ /dev/null @@ -1,2 +0,0 @@ -falcon: - cid: 123456789TESTS-00 diff --git a/charts/falcon-sensor/falcon-sensor/0.9.300+up0.9.3/questions.yaml b/charts/falcon-sensor/falcon-sensor/0.9.300+up0.9.3/questions.yaml deleted file mode 100644 index 9fa523a3a..000000000 --- a/charts/falcon-sensor/falcon-sensor/0.9.300+up0.9.3/questions.yaml +++ /dev/null @@ -1,97 +0,0 @@ -questions: - - variable: node.image.repository - description: "URL of container image repository holding containerized Falcon sensor. Defaults to 'falcon-node-sensor'." - required: true - type: string - default: falcon-node-sensor - label: Container Image Repository - group: "Node Container Images" - - - variable: node.image.tag - description: "Container registry image tag. Defaults to 'latest'." - required: true - type: string - default: "latest" - label: Container Image Tag - group: "Node Container Images" - - - variable: falcon.cid - description: "Passed to falconctl as \"--cid=\"{uuid string}\"\"" - required: true - type: string - label: CrowdStrike Customer ID (CID) - group: "Falcon Sensor Node Settings" - - - variable: falcon.apd - description: "App Proxy Disable. Passed to falconctl as \"--apt=true\" or \"--apt=false\"." - required: false - type: boolean - default: false - label: Disable using a proxy - group: "Falcon Sensor Node Settings" - - - variable: falcon.aph - description: "App Proxy Hostname (APH). Uncommon in container-based deployments. Passed to falconctl as \"--aph \"" - required: false - type: string - label: Configure Proxy Host - group: "Falcon Sensor Node Settings" - - - variable: falcon.app - description: "App Proxy Port (APP). Uncommon in container-based deployments. Passed to falconctl as \"--app=\"" - required: false - type: string - label: Configure Proxy Port - group: "Falcon Sensor Node Settings" - - - variable: falcon.trace - description: "Options are [none|err|warn|info|debug]. Passed to falconctl as \"--trace=[none|err|warn|info|debug]\"" - required: false - type: string - label: Set logging trace level - default: "none" - group: "Falcon Sensor Node Settings" - - - variable: falcon.feature - description: "Options to pass to the \"--feature\" flag. Options are [none,[enableLog[,disableLogBuffer[,disableOsfm[,emulateUpdate]]]]]" - required: false - type: string - label: Enable or disable certain sensor features - group: "Falcon Sensor Node Settings" - - - variable: falcon.update - description: "SIGHUP the sensor for immediate trace/feature update." - required: false - type: boolean - default: false - label: Update sensor immediately - group: "Falcon Sensor Node Settings" - - - variable: falcon.message_log - description: "Enable message log (true/false)" - required: false - type: boolean - default: false - label: Enable logging - group: "Falcon Sensor Node Settings" - - - variable: falcon.billing - description: "Utilize default or metered billing. Should only be configured when needing to switch between the two. Options are: [default|metered]" - required: false - type: string - label: Configure Billing - group: "Falcon Sensor Node Settings" - - - variable: falcon.tags - description: "Comma separated list of tags for sensor grouping. Allowed characters: all alphanumerics, '/', '-', '_', and ','." - required: false - type: string - label: Configure tags for sensor grouping - group: "Falcon Sensor Node Settings" - - - variable: falcon.provisioning_token - description: "Used to protect the CID. Provisioning token value." - required: false - type: string - label: Set a provisioning installation token - group: "Falcon Sensor Node Settings" diff --git a/charts/falcon-sensor/falcon-sensor/0.9.300+up0.9.3/templates/NOTES.txt b/charts/falcon-sensor/falcon-sensor/0.9.300+up0.9.3/templates/NOTES.txt deleted file mode 100644 index 4c3c475f2..000000000 --- a/charts/falcon-sensor/falcon-sensor/0.9.300+up0.9.3/templates/NOTES.txt +++ /dev/null @@ -1,10 +0,0 @@ -Thank you for installing the CrowdStrike Falcon Helm Chart! - -Access to the Falcon Linux and Container Sensor downloads at https://falcon.crowdstrike.com/hosts/sensor-downloads are -required to complete the install of this Helm chart. This is provided automatically to all active CrowdStrike customers. -Additionally, a containerized sensor must be present in a container registry accessible from Kubernetes installation. -Sample Dockerfiles are available at https://github.com/CrowdStrike/Dockerfiles. -CrowdStrike Falcon sensors will deploy across all nodes in your Kubernetes cluster after -installing this Helm chart. An extremely common error on installation is accidentally -forgetting to add your containerized sensor to your local image registry prior to executing -`helm install`. The default image name to deploy a kernel sensor to a node is `falcon-node-sensor`. diff --git a/charts/falcon-sensor/falcon-sensor/0.9.300+up0.9.3/templates/_helpers.tpl b/charts/falcon-sensor/falcon-sensor/0.9.300+up0.9.3/templates/_helpers.tpl deleted file mode 100644 index 316fee125..000000000 --- a/charts/falcon-sensor/falcon-sensor/0.9.300+up0.9.3/templates/_helpers.tpl +++ /dev/null @@ -1,62 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "falcon-sensor.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "falcon-sensor.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "falcon-sensor.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "falcon-sensor.labels" -}} -helm.sh/chart: {{ include "falcon-sensor.chart" . }} -{{ include "falcon-sensor.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "falcon-sensor.selectorLabels" -}} -app.kubernetes.io/name: {{ include "falcon-sensor.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "falcon-sensor.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "falcon-sensor.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} diff --git a/charts/falcon-sensor/falcon-sensor/0.9.300+up0.9.3/templates/configmap.yaml b/charts/falcon-sensor/falcon-sensor/0.9.300+up0.9.3/templates/configmap.yaml deleted file mode 100644 index 69fba2e22..000000000 --- a/charts/falcon-sensor/falcon-sensor/0.9.300+up0.9.3/templates/configmap.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "falcon-sensor.fullname" . }}-config - namespace: {{ .Release.Namespace }} - labels: - app: "{{ include "falcon-sensor.fullname" . }}" - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - heritage: {{ .Release.Service | quote }} - release: {{ .Release.Name | quote }} -data: - FALCONCTL_OPT_CID: {{ .Values.falcon.cid }} - {{- range $key, $value := .Values.falcon }} - {{- if and ($value) (ne $key "cid") }} - FALCONCTL_OPT_{{ $key | upper }}: {{ $value | quote }} - {{- end }} - {{- end }} diff --git a/charts/falcon-sensor/falcon-sensor/0.9.300+up0.9.3/templates/daemonset.yaml b/charts/falcon-sensor/falcon-sensor/0.9.300+up0.9.3/templates/daemonset.yaml deleted file mode 100644 index 79da7e17c..000000000 --- a/charts/falcon-sensor/falcon-sensor/0.9.300+up0.9.3/templates/daemonset.yaml +++ /dev/null @@ -1,134 +0,0 @@ -{{- if .Values.node.enabled }} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ include "falcon-sensor.fullname" . }} - labels: - name: {{ include "falcon-sensor.fullname" . }} - app: {{ include "falcon-sensor.fullname" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - heritage: {{ .Release.Service | quote }} - release: {{ .Release.Name | quote }} - {{- if .Values.node.daemonset.labels }} - {{- range $key, $value := .Values.node.daemonset.labels }} - {{ $key }}: {{ $value | quote }} - {{- end }} - {{- end }} - {{- if .Values.node.daemonset.annotations }} - annotations: - {{- range $key, $value := .Values.node.daemonset.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} - {{- end }} - namespace: {{ .Release.Namespace }} -spec: - selector: - matchLabels: - name: {{ include "falcon-sensor.fullname" . }} - app: {{ include "falcon-sensor.fullname" . }} - release: {{ .Release.Name | quote }} - updateStrategy: - type: {{ .Values.node.daemonset.updateStrategy }} - template: - metadata: - annotations: - sensor.falcon-system.crowdstrike.com/injection: disabled - {{- range $key, $value := .Values.node.podAnnotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} - labels: - name: {{ include "falcon-sensor.fullname" . }} - app: {{ include "falcon-sensor.fullname" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - heritage: {{ .Release.Service | quote }} - release: {{ .Release.Name | quote }} - {{- if .Values.node.daemonset.labels }} - {{- range $key, $value := .Values.node.daemonset.labels }} - {{ $key }}: {{ $value | quote }} - {{- end }} - {{- end }} - spec: - {{- with .Values.node.image.pullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - tolerations: - # this toleration is to have the daemonset runnable on master nodes - - key: node-role.kubernetes.io/master - effect: NoSchedule - nodeSelector: - beta.kubernetes.io/os: linux - initContainers: - # This init container creates empty falconstore file so that when - # it's mounted into the sensor-node-container, k8s would just use it - # rather than creating a directory. Mounting falconstore file as - # a file volume ensures that AID is preserved across container - # restarts. - - name: init-falconstore - image: busybox - args: [/bin/sh, -c, 'touch /var/lib/crowdstrike/falconstore'] - volumeMounts: - - name: falconstore-dir - mountPath: /var/lib/crowdstrike - containers: - - name: falcon-node-sensor - image: "{{ .Values.node.image.repository }}:{{ .Values.node.image.tag }}" - imagePullPolicy: "{{ .Values.node.image.pullPolicy }}" - volumeMounts: - - name: dev - mountPath: /dev - - name: var-run - mountPath: /var/run - - name: etc - mountPath: /etc - - name: var-log - mountPath: /var/log - - name: falconstore - mountPath: /opt/CrowdStrike/falconstore - # Various pod security context settings. Bear in mind that many of these have an impact - # on the Falcon Sensor working correctly. - # - # - User that the container will execute as. Typically necessary to run as root (0). - # - Runs the Falcon Sensor containers as privileged containers. This is required when - # running the Falcon Linux Sensor on Kubernetes nodes to properly run in the node's - # kernel and to actually protect the node. - securityContext: - runAsUser: 0 - privileged: true - readOnlyRootFilesystem: false - allowPrivilegeEscalation: true - envFrom: - - configMapRef: - name: {{ include "falcon-sensor.fullname" . }}-config - # This spits out logs from sensor-node-container to stdout so that they - # are routed through k8s log driver. - - name: log - image: busybox - args: [/bin/sh, -c, 'tail -n1 -f /var/log/falcon-sensor.log'] - volumeMounts: - - name: var-log - mountPath: /var/log - readOnly: True - volumes: - - name: dev - hostPath: - path: /dev - - name: etc - hostPath: - path: /etc - - name: var-run - hostPath: - path: /var/run - - name: var-log - emptyDir: {} - - name: falconstore - hostPath: - path: /var/lib/crowdstrike/falconstore - - name: falconstore-dir - hostPath: - path: /var/lib/crowdstrike - terminationGracePeriodSeconds: {{ .Values.node.terminationGracePeriod }} - hostNetwork: true - hostPID: true - hostIPC: true -{{- end }} diff --git a/charts/falcon-sensor/falcon-sensor/0.9.300+up0.9.3/values.yaml b/charts/falcon-sensor/falcon-sensor/0.9.300+up0.9.3/values.yaml deleted file mode 100644 index 1c1c8c1fe..000000000 --- a/charts/falcon-sensor/falcon-sensor/0.9.300+up0.9.3/values.yaml +++ /dev/null @@ -1,50 +0,0 @@ -# Default values for falcon-sensor. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -node: - # When enabled, Helm chart deploys the Falcon Senors to Kubernetes nodes - enabled: true - - daemonset: - # Annotations to apply to the daemonset - annotations: {} - - # additionals labels - labels: {} - - updateStrategy: RollingUpdate - - image: - repository: falcon-node-sensor - pullPolicy: Always - pullSecrets: {} - # Overrides the image tag whose default is the chart appVersion. - tag: "latest" - - # Override various naming aspects of this chart - # Only edit these if you know what you're doing - nameOverride: "" - fullnameOverride: "" - - podAnnotations: {} - - # How long to wait for Falcon pods to stop gracefully - terminationGracePeriod: 10 - -falcon: - cid: - aid: - apd: - aph: - app: - trace: - feature: - update: - message_log: - billing: - tags: - assert: - memfail_grace_period: - memfail_every_n: - provisioning_token: diff --git a/charts/falcon-sensor/falcon-sensor/0.9.300/.helmignore b/charts/falcon-sensor/falcon-sensor/0.9.300/.helmignore deleted file mode 100755 index 0e8a0eb36..000000000 --- a/charts/falcon-sensor/falcon-sensor/0.9.300/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/falcon-sensor/falcon-sensor/0.9.300/Chart.yaml b/charts/falcon-sensor/falcon-sensor/0.9.300/Chart.yaml deleted file mode 100755 index f00d7c5e8..000000000 --- a/charts/falcon-sensor/falcon-sensor/0.9.300/Chart.yaml +++ /dev/null @@ -1,26 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: CrowdStrike Falcon Platform - catalog.cattle.io/release-name: falcon-helm -apiVersion: v2 -appVersion: 0.9.3 -description: A Helm chart to deploy CrowdStrike Falcon sensors into Kubernetes clusters. -home: https://crowdstrike.com -icon: https://raw.githubusercontent.com/CrowdStrike/falcon-helm/main/images/crowdstrike-logo.svg -keywords: -- CrowdStrike -- Falcon -- EDR -- kubernetes -- security -- monitoring -- alerting -maintainers: -- name: CrowdStrike Solution Architecture -- email: gabriel.alford@crowdstrike.com - name: Gabe Alford -name: falcon-sensor -sources: -- https://github.com/CrowdStrike/falcon-helm -type: application -version: 0.9.300 diff --git a/charts/falcon-sensor/falcon-sensor/0.9.300/README.md b/charts/falcon-sensor/falcon-sensor/0.9.300/README.md deleted file mode 100755 index b8b5925aa..000000000 --- a/charts/falcon-sensor/falcon-sensor/0.9.300/README.md +++ /dev/null @@ -1,90 +0,0 @@ -# CrowdStrike Falcon Helm Chart - -[Falcon](https://www.crowdstrike.com/) is the [CrowdStrike](https://www.crowdstrike.com/) -platform purpose-built to stop breaches via a unified set of cloud-delivered -technologies that prevent all types of attacks — including malware and much -more. - -# Kubernetes Cluster Compatability - -The Falcon Helm chart has been tested to deploy on the following Kubernetes distributions: - -* Amazon Elastic Kubernetes Service (EKS) -* Azure Kubernetes Service (AKS) - Linux Nodes Only -* Google Kubernetes Engine (GKE) -* Rancher K3s - * Nodes must be Linux distributions supported by CrowdStrike. See [https://falcon.crowdstrike.com/support/documentation/20/falcon-sensor-for-linux#operating-systems](https://falcon.crowdstrike.com/support/documentation/20/falcon-sensor-for-linux#operating-systems) for supported Linux distributions and kernels. -* Red Hat OpenShift Container Platform 4.6+ - -# Dependencies - -1. Requires a x86_64 Kubernetes cluster -1. Must be a CrowdStrike customer with access to the Falcon Linux Sensor and Falcon Container downloads. -1. Before deploying the Helm chart, you should have a Falcon Linux Sensor in the container registry before installing the Helm Chart. See the Deployment Considerations for more. -1. Helm 3.x is installed and supported by the Kubernetes vendor. - -# Deployment Considerations - -To ensure a successful deployment, you will want to ensure that: -1. By default, the Helm Chart installs in the `default` namespace. Best practices for deploying to Kubernetes is to create a new namespace. This can be done by adding `-n falcon-system --create-namespace` to your `helm install` command. -1. You have access to a containerized falcon sensor image. This is most likely through a private image registry on your network or cloud provider. See [https://github.com/CrowdStrike/Dockerfiles](https://github.com/CrowdStrike/Dockerfiles) as an example of how to build a Falcon sensor for your registry. -1. The Falcon Linux Sensor (not the Falcon Container) should be used in the container image to deploy to Kubernetes nodes. -1. When deploying the Falcon Linux Sensor to a node, the container image should match the node's operating system. For example, if the node is running Red Hat Enterprise Linux 8.2, the container image should be based on Red Hat Enterprise Linux 8.2, etc. This is important to ensure sensor and image compatibility with the base node operating system. -1. You must have sufficient permissions to deploy Helm Charts to the cluster. This is often received through cluster admin privileges. -1. Only deploying to Kubernetes nodes are supported at this time. -1. When deploying the Falcon Linux Sensor as a container to Kubernetes nodes, it is a requirement that the Falcon Sensor run as a privileged container so that the Sensor can properly work with the kernel. If this is unacceptable, you can install the Falcon Linux Sensor (still runs with privileges) using an RPM or DEB package on the nodes themselves. This assumes that you have the capability to actually install RPM or DEB packages on the nodes. If you do not have this capability and you want to protect the nodes, you have to install using a privileged container. -1. CrowdStrike's Helm Operator is a project, not a product, and released to the community as a way to automate sensor deployment to kubernetes clusters. The upstream repository for this project is [https://github.com/CrowdStrike/falcon-helm](https://github.com/CrowdStrike/falcon-helm). - -# Installation - -### Add the CrowdStrike Falcon Helm repository - -``` -helm repo add crowdstrike https://crowdstrike.github.io/falcon-helm -``` - -### Install CrowdStrike Falcon Helm Chart - -``` -helm upgrade --install falcon-helm crowdstrike/falcon-sensor \ - --set falcon.cid="" \ - --set node.image.repository="/falcon-node-sensor" -``` - -Above command will install the CrowdStrike Falcon Helm Chart with the release name `falcon-helm` in the namespace your `kubectl` context is currently set to. -You can install also install into a customized namespace by running the following: - -``` -helm upgrade --install falcon-helm crowdstrike/falcon-sensor \ - -n falcon-system --create-namespace \ - --set falcon.cid="" \ - --set node.image.repository="/falcon-node-sensor" -``` - -For more details please see the [falcon-helm](https://github.com/CrowdStrike/falcon-helm) repository. - -## Node Configuration - -The following tables lists the more common configurable parameters of the chart and their default values for installing on a Kubernetes node. - -| Parameter | Description | Default | -|:--------------------------------|:---------------------------------------------------------------------|:----------------------------------------- | -| `node.enabled` | Enable installation on the Kubernetes node | `true` | -| `node.image.repository` | Falcon Sensor Node registry/image name | `falcon-node-sensor` | -| `node.image.tag` | The version of the official image to use | `latest` | -| `node.image.pullPolicy` | Policy for updating images | `Always` | -| `node.image.pullSecrets` | Pull secrets for private registry | `{}` | -| `falcon.cid` | CrowdStrike Customer ID (CID) | None (Required) | - -`falcon.cid` and `node.image.repository` are required values. - -### Uninstall Helm Chart -To uninstall, run the following command: -``` -helm uninstall falcon-helm -``` - -To uninstall from a custom namespace, run the following command: -``` -helm uninstall falcon-helm -n falcon-system -``` diff --git a/charts/falcon-sensor/falcon-sensor/0.9.300/app-readme.md b/charts/falcon-sensor/falcon-sensor/0.9.300/app-readme.md deleted file mode 100755 index 7f653f423..000000000 --- a/charts/falcon-sensor/falcon-sensor/0.9.300/app-readme.md +++ /dev/null @@ -1,9 +0,0 @@ -# CrowdStrike Falcon - -[CrowdStrike](https://www.crowdstrike.com/) [Container Security](https://www.crowdstrike.com/cloud-security-products/falcon-cloud-workload-protection/) -comes complete with vulnerability management, continuous -threat detection and response, and runtime protection, combined with compliance -enforcement and automated continuous integration/continuous delivery (CI/CD) pipeline security, enabling -DevOps teams to stay secure while building in the cloud. - -For more information, please visit [https://www.crowdstrike.com/cloud-security-products/falcon-cloud-workload-protection/](https://www.crowdstrike.com/cloud-security-products/falcon-cloud-workload-protection/) diff --git a/charts/falcon-sensor/falcon-sensor/0.9.300/ci/cid-values.yaml b/charts/falcon-sensor/falcon-sensor/0.9.300/ci/cid-values.yaml deleted file mode 100755 index 8e93d8809..000000000 --- a/charts/falcon-sensor/falcon-sensor/0.9.300/ci/cid-values.yaml +++ /dev/null @@ -1,2 +0,0 @@ -falcon: - cid: 123456789TESTS-00 diff --git a/charts/falcon-sensor/falcon-sensor/0.9.300/questions.yaml b/charts/falcon-sensor/falcon-sensor/0.9.300/questions.yaml deleted file mode 100755 index 9fa523a3a..000000000 --- a/charts/falcon-sensor/falcon-sensor/0.9.300/questions.yaml +++ /dev/null @@ -1,97 +0,0 @@ -questions: - - variable: node.image.repository - description: "URL of container image repository holding containerized Falcon sensor. Defaults to 'falcon-node-sensor'." - required: true - type: string - default: falcon-node-sensor - label: Container Image Repository - group: "Node Container Images" - - - variable: node.image.tag - description: "Container registry image tag. Defaults to 'latest'." - required: true - type: string - default: "latest" - label: Container Image Tag - group: "Node Container Images" - - - variable: falcon.cid - description: "Passed to falconctl as \"--cid=\"{uuid string}\"\"" - required: true - type: string - label: CrowdStrike Customer ID (CID) - group: "Falcon Sensor Node Settings" - - - variable: falcon.apd - description: "App Proxy Disable. Passed to falconctl as \"--apt=true\" or \"--apt=false\"." - required: false - type: boolean - default: false - label: Disable using a proxy - group: "Falcon Sensor Node Settings" - - - variable: falcon.aph - description: "App Proxy Hostname (APH). Uncommon in container-based deployments. Passed to falconctl as \"--aph \"" - required: false - type: string - label: Configure Proxy Host - group: "Falcon Sensor Node Settings" - - - variable: falcon.app - description: "App Proxy Port (APP). Uncommon in container-based deployments. Passed to falconctl as \"--app=\"" - required: false - type: string - label: Configure Proxy Port - group: "Falcon Sensor Node Settings" - - - variable: falcon.trace - description: "Options are [none|err|warn|info|debug]. Passed to falconctl as \"--trace=[none|err|warn|info|debug]\"" - required: false - type: string - label: Set logging trace level - default: "none" - group: "Falcon Sensor Node Settings" - - - variable: falcon.feature - description: "Options to pass to the \"--feature\" flag. Options are [none,[enableLog[,disableLogBuffer[,disableOsfm[,emulateUpdate]]]]]" - required: false - type: string - label: Enable or disable certain sensor features - group: "Falcon Sensor Node Settings" - - - variable: falcon.update - description: "SIGHUP the sensor for immediate trace/feature update." - required: false - type: boolean - default: false - label: Update sensor immediately - group: "Falcon Sensor Node Settings" - - - variable: falcon.message_log - description: "Enable message log (true/false)" - required: false - type: boolean - default: false - label: Enable logging - group: "Falcon Sensor Node Settings" - - - variable: falcon.billing - description: "Utilize default or metered billing. Should only be configured when needing to switch between the two. Options are: [default|metered]" - required: false - type: string - label: Configure Billing - group: "Falcon Sensor Node Settings" - - - variable: falcon.tags - description: "Comma separated list of tags for sensor grouping. Allowed characters: all alphanumerics, '/', '-', '_', and ','." - required: false - type: string - label: Configure tags for sensor grouping - group: "Falcon Sensor Node Settings" - - - variable: falcon.provisioning_token - description: "Used to protect the CID. Provisioning token value." - required: false - type: string - label: Set a provisioning installation token - group: "Falcon Sensor Node Settings" diff --git a/charts/falcon-sensor/falcon-sensor/0.9.300/templates/NOTES.txt b/charts/falcon-sensor/falcon-sensor/0.9.300/templates/NOTES.txt deleted file mode 100755 index 4c3c475f2..000000000 --- a/charts/falcon-sensor/falcon-sensor/0.9.300/templates/NOTES.txt +++ /dev/null @@ -1,10 +0,0 @@ -Thank you for installing the CrowdStrike Falcon Helm Chart! - -Access to the Falcon Linux and Container Sensor downloads at https://falcon.crowdstrike.com/hosts/sensor-downloads are -required to complete the install of this Helm chart. This is provided automatically to all active CrowdStrike customers. -Additionally, a containerized sensor must be present in a container registry accessible from Kubernetes installation. -Sample Dockerfiles are available at https://github.com/CrowdStrike/Dockerfiles. -CrowdStrike Falcon sensors will deploy across all nodes in your Kubernetes cluster after -installing this Helm chart. An extremely common error on installation is accidentally -forgetting to add your containerized sensor to your local image registry prior to executing -`helm install`. The default image name to deploy a kernel sensor to a node is `falcon-node-sensor`. diff --git a/charts/falcon-sensor/falcon-sensor/0.9.300/templates/_helpers.tpl b/charts/falcon-sensor/falcon-sensor/0.9.300/templates/_helpers.tpl deleted file mode 100755 index 316fee125..000000000 --- a/charts/falcon-sensor/falcon-sensor/0.9.300/templates/_helpers.tpl +++ /dev/null @@ -1,62 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "falcon-sensor.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "falcon-sensor.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "falcon-sensor.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "falcon-sensor.labels" -}} -helm.sh/chart: {{ include "falcon-sensor.chart" . }} -{{ include "falcon-sensor.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "falcon-sensor.selectorLabels" -}} -app.kubernetes.io/name: {{ include "falcon-sensor.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "falcon-sensor.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "falcon-sensor.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} diff --git a/charts/falcon-sensor/falcon-sensor/0.9.300/templates/configmap.yaml b/charts/falcon-sensor/falcon-sensor/0.9.300/templates/configmap.yaml deleted file mode 100755 index 69fba2e22..000000000 --- a/charts/falcon-sensor/falcon-sensor/0.9.300/templates/configmap.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "falcon-sensor.fullname" . }}-config - namespace: {{ .Release.Namespace }} - labels: - app: "{{ include "falcon-sensor.fullname" . }}" - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - heritage: {{ .Release.Service | quote }} - release: {{ .Release.Name | quote }} -data: - FALCONCTL_OPT_CID: {{ .Values.falcon.cid }} - {{- range $key, $value := .Values.falcon }} - {{- if and ($value) (ne $key "cid") }} - FALCONCTL_OPT_{{ $key | upper }}: {{ $value | quote }} - {{- end }} - {{- end }} diff --git a/charts/falcon-sensor/falcon-sensor/0.9.300/templates/daemonset.yaml b/charts/falcon-sensor/falcon-sensor/0.9.300/templates/daemonset.yaml deleted file mode 100755 index 79da7e17c..000000000 --- a/charts/falcon-sensor/falcon-sensor/0.9.300/templates/daemonset.yaml +++ /dev/null @@ -1,134 +0,0 @@ -{{- if .Values.node.enabled }} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ include "falcon-sensor.fullname" . }} - labels: - name: {{ include "falcon-sensor.fullname" . }} - app: {{ include "falcon-sensor.fullname" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - heritage: {{ .Release.Service | quote }} - release: {{ .Release.Name | quote }} - {{- if .Values.node.daemonset.labels }} - {{- range $key, $value := .Values.node.daemonset.labels }} - {{ $key }}: {{ $value | quote }} - {{- end }} - {{- end }} - {{- if .Values.node.daemonset.annotations }} - annotations: - {{- range $key, $value := .Values.node.daemonset.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} - {{- end }} - namespace: {{ .Release.Namespace }} -spec: - selector: - matchLabels: - name: {{ include "falcon-sensor.fullname" . }} - app: {{ include "falcon-sensor.fullname" . }} - release: {{ .Release.Name | quote }} - updateStrategy: - type: {{ .Values.node.daemonset.updateStrategy }} - template: - metadata: - annotations: - sensor.falcon-system.crowdstrike.com/injection: disabled - {{- range $key, $value := .Values.node.podAnnotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} - labels: - name: {{ include "falcon-sensor.fullname" . }} - app: {{ include "falcon-sensor.fullname" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - heritage: {{ .Release.Service | quote }} - release: {{ .Release.Name | quote }} - {{- if .Values.node.daemonset.labels }} - {{- range $key, $value := .Values.node.daemonset.labels }} - {{ $key }}: {{ $value | quote }} - {{- end }} - {{- end }} - spec: - {{- with .Values.node.image.pullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - tolerations: - # this toleration is to have the daemonset runnable on master nodes - - key: node-role.kubernetes.io/master - effect: NoSchedule - nodeSelector: - beta.kubernetes.io/os: linux - initContainers: - # This init container creates empty falconstore file so that when - # it's mounted into the sensor-node-container, k8s would just use it - # rather than creating a directory. Mounting falconstore file as - # a file volume ensures that AID is preserved across container - # restarts. - - name: init-falconstore - image: busybox - args: [/bin/sh, -c, 'touch /var/lib/crowdstrike/falconstore'] - volumeMounts: - - name: falconstore-dir - mountPath: /var/lib/crowdstrike - containers: - - name: falcon-node-sensor - image: "{{ .Values.node.image.repository }}:{{ .Values.node.image.tag }}" - imagePullPolicy: "{{ .Values.node.image.pullPolicy }}" - volumeMounts: - - name: dev - mountPath: /dev - - name: var-run - mountPath: /var/run - - name: etc - mountPath: /etc - - name: var-log - mountPath: /var/log - - name: falconstore - mountPath: /opt/CrowdStrike/falconstore - # Various pod security context settings. Bear in mind that many of these have an impact - # on the Falcon Sensor working correctly. - # - # - User that the container will execute as. Typically necessary to run as root (0). - # - Runs the Falcon Sensor containers as privileged containers. This is required when - # running the Falcon Linux Sensor on Kubernetes nodes to properly run in the node's - # kernel and to actually protect the node. - securityContext: - runAsUser: 0 - privileged: true - readOnlyRootFilesystem: false - allowPrivilegeEscalation: true - envFrom: - - configMapRef: - name: {{ include "falcon-sensor.fullname" . }}-config - # This spits out logs from sensor-node-container to stdout so that they - # are routed through k8s log driver. - - name: log - image: busybox - args: [/bin/sh, -c, 'tail -n1 -f /var/log/falcon-sensor.log'] - volumeMounts: - - name: var-log - mountPath: /var/log - readOnly: True - volumes: - - name: dev - hostPath: - path: /dev - - name: etc - hostPath: - path: /etc - - name: var-run - hostPath: - path: /var/run - - name: var-log - emptyDir: {} - - name: falconstore - hostPath: - path: /var/lib/crowdstrike/falconstore - - name: falconstore-dir - hostPath: - path: /var/lib/crowdstrike - terminationGracePeriodSeconds: {{ .Values.node.terminationGracePeriod }} - hostNetwork: true - hostPID: true - hostIPC: true -{{- end }} diff --git a/charts/falcon-sensor/falcon-sensor/0.9.300/values.yaml b/charts/falcon-sensor/falcon-sensor/0.9.300/values.yaml deleted file mode 100755 index 1c1c8c1fe..000000000 --- a/charts/falcon-sensor/falcon-sensor/0.9.300/values.yaml +++ /dev/null @@ -1,50 +0,0 @@ -# Default values for falcon-sensor. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -node: - # When enabled, Helm chart deploys the Falcon Senors to Kubernetes nodes - enabled: true - - daemonset: - # Annotations to apply to the daemonset - annotations: {} - - # additionals labels - labels: {} - - updateStrategy: RollingUpdate - - image: - repository: falcon-node-sensor - pullPolicy: Always - pullSecrets: {} - # Overrides the image tag whose default is the chart appVersion. - tag: "latest" - - # Override various naming aspects of this chart - # Only edit these if you know what you're doing - nameOverride: "" - fullnameOverride: "" - - podAnnotations: {} - - # How long to wait for Falcon pods to stop gracefully - terminationGracePeriod: 10 - -falcon: - cid: - aid: - apd: - aph: - app: - trace: - feature: - update: - message_log: - billing: - tags: - assert: - memfail_grace_period: - memfail_every_n: - provisioning_token: diff --git a/charts/federatorai/federatorai/4.5.100+up4.5.1/.helmignore b/charts/federatorai/federatorai/4.5.100+up4.5.1/.helmignore deleted file mode 100644 index 50af03172..000000000 --- a/charts/federatorai/federatorai/4.5.100+up4.5.1/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/federatorai/federatorai/4.5.100+up4.5.1/Chart.yaml b/charts/federatorai/federatorai/4.5.100+up4.5.1/Chart.yaml deleted file mode 100644 index ef53efa35..000000000 --- a/charts/federatorai/federatorai/4.5.100+up4.5.1/Chart.yaml +++ /dev/null @@ -1,25 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: Federator.ai - catalog.cattle.io/release-name: federatorai -apiVersion: v1 -appVersion: 4.5.1-ga -description: Federator.ai helps enterprises optimize cloud resources, maximize application - performance, and save significant cost without excessive over-provisioning or under-provisioning - of resources, meeting the service-level requirements of their applications. -home: https://www.prophetstor.com -icon: https://raw.githubusercontent.com/prophetstor-ai/public/master/images/logo.png -keywords: -- AI -- Resource Orchestration -- NoOps -- AIOps -- Intelligent Workload Management -- Cost Optimization -maintainers: -- email: support@prophetstor.com - name: ProphetStor Data Services, Inc. -name: federatorai -sources: -- https://www.prophetstor.com -version: 4.5.100+up4.5.1 diff --git a/charts/federatorai/federatorai/4.5.100+up4.5.1/README.md b/charts/federatorai/federatorai/4.5.100+up4.5.1/README.md deleted file mode 100644 index 6e13bf0bb..000000000 --- a/charts/federatorai/federatorai/4.5.100+up4.5.1/README.md +++ /dev/null @@ -1,96 +0,0 @@ -# Federator.ai Operator -Federator.ai helps enterprises optimize cloud resources, maximize application performance, and save significant cost without excessive over-provisioning or under-provisioning of resources, meeting the service-level requirements of their applications. - -Enterprises often lack understanding of the resources needed to support their applications. This leads to either excessive over-provisioning or under-provisioning of resources (CPU, memory, storage). Using machine learning, Federator.ai determines the optimal cloud resources needed to support any workload on OpenShift and helps users find the best-cost instances from cloud providers for their applications. - - -**Multi-layer workload prediction** - -Using machine learning and math-based algorithms, Federator.ai predicts containerized application and cluster node resource usage as the basis for resource recommendations at application level as well as at cluster node level. Federator.ai supports prediction for both physical/virtual CPUs and memories. - - -**Auto-scaling via resource recommendation** - -Federator.ai utilizes the predicted resource usage to recommend the right number and size of pods for applications. Integrated with Datadog's WPA, applications are automatically scaled to meet the predicted resource usage. - - -**Application-aware recommendation execution** - -Optimizing the resource usage and performance goals, Federator.ai uses application specific metrics for workload prediction and pod capacity estimation to auto-scale the right number of pods for best performance without overprovisioning. - - -**Multi-cloud Cost Analysis** - -With resource usage prediction, Federator.ai analyzes potential cost of a cluster on different public cloud providers. It also recommend appropriate cluster nodes and instance types based on resource usage. - - -**Custom Datadog/Sysdig Dashboards** - -Predefined custom Datadog/Sysdig Dashboards for workload prediction/recommendation visualization for cluster nodes and applications. - - -**Additional resources** - -Want more product information? Explore detailed information about using this product and where to find additional help. - -* [Federator.ai Datasheet](https://www.prophetstor.com/wp-content/uploads/2021/02/Federator.ai%C2%AE_202102ver.pdf) -* [Quick Start Guide](https://www.prophetstor.com/wp-content/uploads/2021/04/ProphetStor-Federator.ai-v4.5.1-Quick-Installation-Guide.pdf) -* [Federator.ai User Guide](https://www.prophetstor.com/wp-content/uploads/2021/04/Federator.ai-4.5.1-User-Guide.pdf) -* [Company Information](https://www.prophetstor.com/) - -## Prerequisites -- The [Kubernetes](https://kubernetes.io/) version 1.18 or later if using Kubernetes environment. -- The [Openshift](https://www.openshift.com) version 4.x.x or later if using OpenShift platform. -- The [Helm](https://helm.sh/) version is 3.x.x or later. - -## Add Helm chart repository -``` -helm repo add prophetstor https://prophetstor-ai.github.io/federatorai-operator-helm/ -``` - -## Test the Helm chart repository -``` -helm search repo federatorai -``` - -## Installing with the release name `my-name`: -``` -helm install `my-name` prophetstor/federatorai --namespace=federatorai --create-namespace -``` - -## To uninstall/delete the `my-name` deployment: -``` -helm ls --all-namespaces -helm delete `my-name` --namespace=federatorai -``` - - -## Configuration - -The following table lists the configurable parameters of the chart and their default values are specfied insde values.yaml. - -| Parameter | Description | -| -------------------------------------------------------------- | --------------------------------------------- | -| `image.pullPolicy` | Container pull policy | -| `image.repository` | Image for Federator.ai operator | -| `image.tag` | Image Tag for Federator.ai operator | -| `federatorai.imageLocation` | Image Location for services containers | -| `federatorai.version` | Image Tag for services containers | -| `federatorai.persistence.enabled` | Enable persistent volumes | -| `federatorai.persistence.storageClass` | Storage Class Name of persistent volumes | -| `federatorai.persistence.storages.logStorage.size` | Log volume size | -| `federatorai.persistence.aiCore.dataStorage.size` | AICore data volume size | -| `federatorai.persistence.influxdb.dataStorage.size` | Influxdb data volume size | -| `federatorai.persistence.fedemeterInfluxdb.dataStorage.size` | Fedemeter influxdb data volume size | -| `services.dashboardFrontend.nodePort` | Port of the Dashboard service | -| `services.rest.nodePort` | Port of the REST service | - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```shell -helm install `my-name` prophetstor/federatorai -f values.yaml --namespace=federatorai --create-namespace -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) diff --git a/charts/federatorai/federatorai/4.5.100+up4.5.1/app-readme.md b/charts/federatorai/federatorai/4.5.100+up4.5.1/app-readme.md deleted file mode 100644 index a7612f8f4..000000000 --- a/charts/federatorai/federatorai/4.5.100+up4.5.1/app-readme.md +++ /dev/null @@ -1,39 +0,0 @@ -# Federator.ai Operator -Federator.ai helps enterprises optimize cloud resources, maximize application performance, and save significant cost without excessive over-provisioning or under-provisioning of resources, meeting the service-level requirements of their applications. - -Enterprises often lack understanding of the resources needed to support their applications. This leads to either excessive over-provisioning or under-provisioning of resources (CPU, memory, storage). Using machine learning, Federator.ai determines the optimal cloud resources needed to support any workload on OpenShift and helps users find the best-cost instances from cloud providers for their applications. - - -**Multi-layer workload prediction** - -Using machine learning and math-based algorithms, Federator.ai predicts containerized application and cluster node resource usage as the basis for resource recommendations at application level as well as at cluster node level. Federator.ai supports prediction for both physical/virtual CPUs and memories. - - -**Auto-scaling via resource recommendation** - -Federator.ai utilizes the predicted resource usage to recommend the right number and size of pods for applications. Integrated with Datadog's WPA, applications are automatically scaled to meet the predicted resource usage. - - -**Application-aware recommendation execution** - -Optimizing the resource usage and performance goals, Federator.ai uses application specific metrics for workload prediction and pod capacity estimation to auto-scale the right number of pods for best performance without overprovisioning. - - -**Multi-cloud Cost Analysis** - -With resource usage prediction, Federator.ai analyzes potential cost of a cluster on different public cloud providers. It also recommend appropriate cluster nodes and instance types based on resource usage. - - -**Custom Datadog/Sysdig Dashboards** - -Predefined custom Datadog/Sysdig Dashboards for workload prediction/recommendation visualization for cluster nodes and applications. - - -**Additional resources** - -Want more product information? Explore detailed information about using this product and where to find additional help. - -* [Federator.ai Datasheet](https://www.prophetstor.com/wp-content/uploads/2021/02/Federator.ai%C2%AE_202102ver.pdf) -* [Quick Start Guide](https://www.prophetstor.com/wp-content/uploads/2021/04/ProphetStor-Federator.ai-v4.5.1-Quick-Installation-Guide.pdf) -* [Federator.ai User Guide](https://www.prophetstor.com/wp-content/uploads/2021/04/Federator.ai-4.5.1-User-Guide.pdf) -* [Company Information](https://www.prophetstor.com/) diff --git a/charts/federatorai/federatorai/4.5.100+up4.5.1/crds/02-alamedaservice.crd.yaml b/charts/federatorai/federatorai/4.5.100+up4.5.1/crds/02-alamedaservice.crd.yaml deleted file mode 100644 index 7afa71628..000000000 --- a/charts/federatorai/federatorai/4.5.100+up4.5.1/crds/02-alamedaservice.crd.yaml +++ /dev/null @@ -1,5009 +0,0 @@ - ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - helm.sh/hook: crd-install - creationTimestamp: null - name: alamedaservices.federatorai.containers.ai -spec: - additionalPrinterColumns: - - JSONPath: .spec.enableExecution - name: Execution - type: boolean - - JSONPath: .spec.version - name: Version - type: string - - JSONPath: .metadata.creationTimestamp - name: Age - type: date - group: federatorai.containers.ai - names: - kind: AlamedaService - listKind: AlamedaServiceList - plural: alamedaservices - singular: alamedaservice - scope: Namespaced - subresources: {} - validation: - openAPIV3Schema: - description: AlamedaService is the Schema for the alamedaservices API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: AlamedaServiceSpec defines the desired state of AlamedaService - properties: - alameda-analyzer: - properties: - bootstrap: - properties: - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull - a container image - type: string - version: - type: string - type: object - env: - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a variable - cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull a - container image - type: string - replicas: - format: int32 - minimum: 0 - type: integer - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - storages: - items: - properties: - accessModes: - items: - type: string - type: array - class: - type: string - size: - type: string - type: - enum: - - pvc - - ephemeral - type: string - usage: - enum: - - log - - data - type: string - required: - - type - - usage - type: object - type: array - version: - type: string - type: object - alameda-dispatcher: - properties: - bootstrap: - properties: - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull - a container image - type: string - version: - type: string - type: object - env: - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a variable - cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull a - container image - type: string - replicas: - format: int32 - minimum: 0 - type: integer - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - storages: - items: - properties: - accessModes: - items: - type: string - type: array - class: - type: string - size: - type: string - type: - enum: - - pvc - - ephemeral - type: string - usage: - enum: - - log - - data - type: string - required: - - type - - usage - type: object - type: array - version: - type: string - type: object - alameda-weavescope: - properties: - bootstrap: - properties: - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull - a container image - type: string - version: - type: string - type: object - env: - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a variable - cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull a - container image - type: string - replicas: - format: int32 - minimum: 0 - type: integer - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - storages: - items: - properties: - accessModes: - items: - type: string - type: array - class: - type: string - size: - type: string - type: - enum: - - pvc - - ephemeral - type: string - usage: - enum: - - log - - data - type: string - required: - - type - - usage - type: object - type: array - version: - type: string - type: object - alamedaAdmissionController: - properties: - bootstrap: - properties: - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull - a container image - type: string - version: - type: string - type: object - env: - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a variable - cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull a - container image - type: string - replicas: - format: int32 - minimum: 0 - type: integer - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - storages: - items: - properties: - accessModes: - items: - type: string - type: array - class: - type: string - size: - type: string - type: - enum: - - pvc - - ephemeral - type: string - usage: - enum: - - log - - data - type: string - required: - - type - - usage - type: object - type: array - version: - type: string - type: object - alamedaAi: - properties: - bootstrap: - properties: - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull - a container image - type: string - version: - type: string - type: object - env: - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a variable - cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull a - container image - type: string - replicas: - format: int32 - minimum: 0 - type: integer - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - storages: - items: - properties: - accessModes: - items: - type: string - type: array - class: - type: string - size: - type: string - type: - enum: - - pvc - - ephemeral - type: string - usage: - enum: - - log - - data - type: string - required: - - type - - usage - type: object - type: array - version: - type: string - type: object - alamedaDatahub: - properties: - bootstrap: - properties: - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull - a container image - type: string - version: - type: string - type: object - env: - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a variable - cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull a - container image - type: string - replicas: - format: int32 - minimum: 0 - type: integer - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - storages: - items: - properties: - accessModes: - items: - type: string - type: array - class: - type: string - size: - type: string - type: - enum: - - pvc - - ephemeral - type: string - usage: - enum: - - log - - data - type: string - required: - - type - - usage - type: object - type: array - version: - type: string - type: object - alamedaEvictioner: - properties: - bootstrap: - properties: - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull - a container image - type: string - version: - type: string - type: object - env: - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a variable - cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull a - container image - type: string - replicas: - format: int32 - minimum: 0 - type: integer - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - storages: - items: - properties: - accessModes: - items: - type: string - type: array - class: - type: string - size: - type: string - type: - enum: - - pvc - - ephemeral - type: string - usage: - enum: - - log - - data - type: string - required: - - type - - usage - type: object - type: array - version: - type: string - type: object - alamedaExecutor: - properties: - bootstrap: - properties: - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull - a container image - type: string - version: - type: string - type: object - env: - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a variable - cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull a - container image - type: string - replicas: - format: int32 - minimum: 0 - type: integer - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - storages: - items: - properties: - accessModes: - items: - type: string - type: array - class: - type: string - size: - type: string - type: - enum: - - pvc - - ephemeral - type: string - usage: - enum: - - log - - data - type: string - required: - - type - - usage - type: object - type: array - version: - type: string - type: object - alamedaInfluxdb: - description: Component Section Schema - properties: - bootstrap: - properties: - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull - a container image - type: string - version: - type: string - type: object - env: - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a variable - cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull a - container image - type: string - replicas: - format: int32 - minimum: 0 - type: integer - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - storages: - items: - properties: - accessModes: - items: - type: string - type: array - class: - type: string - size: - type: string - type: - enum: - - pvc - - ephemeral - type: string - usage: - enum: - - log - - data - type: string - required: - - type - - usage - type: object - type: array - version: - type: string - type: object - alamedaNotifier: - properties: - bootstrap: - properties: - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull - a container image - type: string - version: - type: string - type: object - env: - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a variable - cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull a - container image - type: string - replicas: - format: int32 - minimum: 0 - type: integer - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - storages: - items: - properties: - accessModes: - items: - type: string - type: array - class: - type: string - size: - type: string - type: - enum: - - pvc - - ephemeral - type: string - usage: - enum: - - log - - data - type: string - required: - - type - - usage - type: object - type: array - version: - type: string - type: object - alamedaOperator: - properties: - bootstrap: - properties: - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull - a container image - type: string - version: - type: string - type: object - env: - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a variable - cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull a - container image - type: string - replicas: - format: int32 - minimum: 0 - type: integer - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - storages: - items: - properties: - accessModes: - items: - type: string - type: array - class: - type: string - size: - type: string - type: - enum: - - pvc - - ephemeral - type: string - usage: - enum: - - log - - data - type: string - required: - - type - - usage - type: object - type: array - version: - type: string - type: object - alamedaRabbitMQ: - properties: - bootstrap: - properties: - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull - a container image - type: string - version: - type: string - type: object - env: - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a variable - cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull a - container image - type: string - replicas: - format: int32 - minimum: 0 - type: integer - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - storages: - items: - properties: - accessModes: - items: - type: string - type: array - class: - type: string - size: - type: string - type: - enum: - - pvc - - ephemeral - type: string - usage: - enum: - - log - - data - type: string - required: - - type - - usage - type: object - type: array - version: - type: string - type: object - alamedaRecommender: - properties: - bootstrap: - properties: - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull - a container image - type: string - version: - type: string - type: object - env: - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a variable - cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull a - container image - type: string - replicas: - format: int32 - minimum: 0 - type: integer - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - storages: - items: - properties: - accessModes: - items: - type: string - type: array - class: - type: string - size: - type: string - type: - enum: - - pvc - - ephemeral - type: string - usage: - enum: - - log - - data - type: string - required: - - type - - usage - type: object - type: array - version: - type: string - type: object - autoPatchPrometheusRules: - type: boolean - enableAgentApp: - type: boolean - enableExecution: - type: boolean - enableGPU: - type: boolean - enablePreloader: - type: boolean - enableWeavescope: - type: boolean - env: - items: - description: EnvVar represents an environment variable present in - a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded using - the previous defined environment variables in the container - and any service environment variables. If a variable cannot - be resolved, the reference in the input string will be unchanged. - The $(VAR_NAME) syntax can be escaped with a double $$, ie: - $$(VAR_NAME). Escaped references will never be expanded, regardless - of whether the variable exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. Cannot - be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its key - must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is written - in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only resources - limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, - requests.cpu, requests.memory and requests.ephemeral-storage) - are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, optional - for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - fedemeter: - properties: - bootstrap: - properties: - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull - a container image - type: string - version: - type: string - type: object - env: - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a variable - cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull a - container image - type: string - replicas: - format: int32 - minimum: 0 - type: integer - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - storages: - items: - properties: - accessModes: - items: - type: string - type: array - class: - type: string - size: - type: string - type: - enum: - - pvc - - ephemeral - type: string - usage: - enum: - - log - - data - type: string - required: - - type - - usage - type: object - type: array - version: - type: string - type: object - fedemeterInfluxdb: - properties: - bootstrap: - properties: - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull - a container image - type: string - version: - type: string - type: object - env: - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a variable - cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull a - container image - type: string - replicas: - format: int32 - minimum: 0 - type: integer - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - storages: - items: - properties: - accessModes: - items: - type: string - type: array - class: - type: string - size: - type: string - type: - enum: - - pvc - - ephemeral - type: string - usage: - enum: - - log - - data - type: string - required: - - type - - usage - type: object - type: array - version: - type: string - type: object - federatoraiAgent: - properties: - bootstrap: - properties: - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull - a container image - type: string - version: - type: string - type: object - env: - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a variable - cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull a - container image - type: string - replicas: - format: int32 - minimum: 0 - type: integer - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - storages: - items: - properties: - accessModes: - items: - type: string - type: array - class: - type: string - size: - type: string - type: - enum: - - pvc - - ephemeral - type: string - usage: - enum: - - log - - data - type: string - required: - - type - - usage - type: object - type: array - version: - type: string - type: object - federatoraiAgentApp: - properties: - bootstrap: - properties: - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull - a container image - type: string - version: - type: string - type: object - env: - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a variable - cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull a - container image - type: string - replicas: - format: int32 - minimum: 0 - type: integer - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - storages: - items: - properties: - accessModes: - items: - type: string - type: array - class: - type: string - size: - type: string - type: - enum: - - pvc - - ephemeral - type: string - usage: - enum: - - log - - data - type: string - required: - - type - - usage - type: object - type: array - version: - type: string - type: object - federatoraiAgentGPU: - properties: - bootstrap: - properties: - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull - a container image - type: string - version: - type: string - type: object - env: - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a variable - cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull a - container image - type: string - influxDB: - properties: - address: - type: string - password: - type: string - username: - type: string - required: - - address - - password - - username - type: object - prometheus: - properties: - address: - type: string - password: - type: string - username: - type: string - required: - - address - - password - - username - type: object - replicas: - format: int32 - minimum: 0 - type: integer - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - storages: - items: - properties: - accessModes: - items: - type: string - type: array - class: - type: string - size: - type: string - type: - enum: - - pvc - - ephemeral - type: string - usage: - enum: - - log - - data - type: string - required: - - type - - usage - type: object - type: array - version: - type: string - type: object - federatoraiAgentPreloader: - properties: - bootstrap: - properties: - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull - a container image - type: string - version: - type: string - type: object - env: - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a variable - cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull a - container image - type: string - replicas: - format: int32 - minimum: 0 - type: integer - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - storages: - items: - properties: - accessModes: - items: - type: string - type: array - class: - type: string - size: - type: string - type: - enum: - - pvc - - ephemeral - type: string - usage: - enum: - - log - - data - type: string - required: - - type - - usage - type: object - type: array - version: - type: string - type: object - federatoraiBackend: - properties: - bootstrap: - properties: - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull - a container image - type: string - version: - type: string - type: object - env: - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a variable - cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull a - container image - type: string - replicas: - format: int32 - minimum: 0 - type: integer - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - storages: - items: - properties: - accessModes: - items: - type: string - type: array - class: - type: string - size: - type: string - type: - enum: - - pvc - - ephemeral - type: string - usage: - enum: - - log - - data - type: string - required: - - type - - usage - type: object - type: array - version: - type: string - type: object - federatoraiDataAdapter: - properties: - bootstrap: - properties: - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull - a container image - type: string - version: - type: string - type: object - env: - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a variable - cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull a - container image - type: string - replicas: - format: int32 - minimum: 0 - type: integer - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - storages: - items: - properties: - accessModes: - items: - type: string - type: array - class: - type: string - size: - type: string - type: - enum: - - pvc - - ephemeral - type: string - usage: - enum: - - log - - data - type: string - required: - - type - - usage - type: object - type: array - version: - type: string - type: object - federatoraiFrontend: - properties: - bootstrap: - properties: - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull - a container image - type: string - version: - type: string - type: object - env: - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a variable - cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull a - container image - type: string - replicas: - format: int32 - minimum: 0 - type: integer - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - storages: - items: - properties: - accessModes: - items: - type: string - type: array - class: - type: string - size: - type: string - type: - enum: - - pvc - - ephemeral - type: string - usage: - enum: - - log - - data - type: string - required: - - type - - usage - type: object - type: array - version: - type: string - type: object - federatoraiRecommendDispatcher: - properties: - bootstrap: - properties: - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull - a container image - type: string - version: - type: string - type: object - env: - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a variable - cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull a - container image - type: string - replicas: - format: int32 - minimum: 0 - type: integer - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - storages: - items: - properties: - accessModes: - items: - type: string - type: array - class: - type: string - size: - type: string - type: - enum: - - pvc - - ephemeral - type: string - usage: - enum: - - log - - data - type: string - required: - - type - - usage - type: object - type: array - version: - type: string - type: object - federatoraiRecommendWorker: - properties: - bootstrap: - properties: - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull - a container image - type: string - version: - type: string - type: object - env: - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a variable - cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull a - container image - type: string - replicas: - format: int32 - minimum: 0 - type: integer - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - storages: - items: - properties: - accessModes: - items: - type: string - type: array - class: - type: string - size: - type: string - type: - enum: - - pvc - - ephemeral - type: string - usage: - enum: - - log - - data - type: string - required: - - type - - usage - type: object - type: array - version: - type: string - type: object - federatoraiRest: - properties: - bootstrap: - properties: - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull - a container image - type: string - version: - type: string - type: object - env: - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a variable - cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull a - container image - type: string - replicas: - format: int32 - minimum: 0 - type: integer - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - storages: - items: - properties: - accessModes: - items: - type: string - type: array - class: - type: string - size: - type: string - type: - enum: - - pvc - - ephemeral - type: string - usage: - enum: - - log - - data - type: string - required: - - type - - usage - type: object - type: array - version: - type: string - type: object - imageLocation: - type: string - kafka: - properties: - brokerAddresses: - items: - type: string - type: array - sasl: - properties: - enabled: - type: boolean - password: - type: string - username: - type: string - type: object - tls: - description: Version string `json:"version,omitempty"` - properties: - enabled: - type: boolean - insecureSkipVerify: - type: boolean - type: object - type: object - keycode: - description: KeycodeSpec contains data for keycode check - properties: - codeNumber: - description: CodeNumber provides user to apply keycode to Federator.ai - type: string - signatureData: - description: SignatureData provides user to apply signature data - type: string - required: - - codeNumber - type: object - platform: - enum: - - openshift3.9 - type: string - prometheusService: - type: string - resources: - description: ResourceRequirements describes the compute resource requirements. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources - required. If Requests is omitted for a container, it defaults - to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - selfDriving: - type: boolean - serviceExposures: - items: - description: ServiceExposureSpec defines the service to be exposed - properties: - name: - type: string - nodePort: - description: NodePortSpec defines the ports to be proxied from - node to service - properties: - ports: - items: - description: PortSpec defines the service port - properties: - nodePort: - format: int32 - maximum: 65535 - minimum: 0 - type: integer - port: - format: int32 - maximum: 65535 - minimum: 0 - type: integer - required: - - nodePort - - port - type: object - type: array - required: - - ports - type: object - type: - description: ServiceExposureType defines the type of the service - to be exposed - enum: - - NodePort - type: string - required: - - name - - type - type: object - type: array - storages: - items: - properties: - accessModes: - items: - type: string - type: array - class: - type: string - size: - type: string - type: - enum: - - pvc - - ephemeral - type: string - usage: - enum: - - log - - data - type: string - required: - - type - - usage - type: object - type: array - version: - type: string - required: - - keycode - - version - type: object - status: - description: AlamedaServiceStatus defines the observed state of AlamedaService - properties: - conditions: - items: - properties: - message: - type: string - paused: - description: Represents whether any actions on the underlaying - managed objects are being performed. Only delete actions will - be performed. - type: boolean - required: - - message - - paused - type: object - type: array - crdversion: - properties: - crdname: - type: string - scalerversion: - type: string - required: - - crdname - - scalerversion - type: object - keycodeStatus: - description: KeycodeStatus contains current keycode information - properties: - codeNumber: - description: CodeNumber represents the last keycode user successfully - applied - type: string - lastErrorMessage: - description: LastErrorMessage stores the error message that happend - when Federatorai-Operator handled keycode - type: string - registrationData: - description: RegistrationData contains data needs to be sent for - activating keycode - type: string - state: - description: State represents the state of keycode processing - type: string - summary: - description: Summary stores the summary of the keycode - type: string - required: - - codeNumber - - lastErrorMessage - - registrationData - - state - - summary - type: object - required: - - conditions - - crdversion - - keycodeStatus - type: object - type: object - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/federatorai/federatorai/4.5.100+up4.5.1/logo.png b/charts/federatorai/federatorai/4.5.100+up4.5.1/logo.png deleted file mode 100644 index fc33e50090d9dc92ba5496ae3db538a91846dd29..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2838 zcmai$c{CJUAII;EED^G2&yX!K%5Jib%pkIqY-6%3>&P}$#P>V41i$NR^7-h0mPe!jooJ?D4N_xHy=H|>(8DJQ!KI{<(ajY8TS zl6)9;Y%GU+?Ck#1A&z((UNi*Y36W#>8uMX((j8@U5r9Zp00@Zy{5mWVW&sF=1MnRS zfX-n9p&&|wHRAAq#m(FldC0@HZTvd!5J!Vh4j}+2OaBf?M45gV0PK-yq@i8J=weY+ z=H<8I9W5<0&ugKTSJDwMq9C&BR+;?0%kzTO4XOgW9jHY~GhcIGw=~~@VOb4-H5+rK zYCEHL*!?tqzY&`!<0}FFBG!s9jv4ET_sW08tPJmM5ew*hiwpR%rXLdT$H%v23X9II z@AT|?^)6Ei&UyDb8$#{u)Rmc640!P`6C8%}%l>-kXMCqT%4nMl^l8pCl({ss8la7~ zi_KrV0g(X>YAz)Kj{uDcc;3Ht$#T}eMcFxB@&kWDd5G@SmS>zRGMe0faE3q@KwmX= zJH6UIG(B|vYX8kzp~t7qxy!~uu?PBThFDJ6%z4^CK?k-NM*XMJ+ux!;I{jE#0Iky+ z)Ij?v?t-Vl^)88V7rI2*zO6m+2wcf(ok(#Ap4D3KnbsQgPa@#QH zz#5A-COnt@q+EZZ>oyJ!+n-iwe>;@y77DkLd-GqWevj$j?*5NBrNAnBH_4&|vH7Lb zGp-iGEFT_pc5GS%?Ct6%xa{hbyZ~tFr1z2O&-opY}q~m9tVkN4yhMBMu{Z4RsU|9;^$-^Tgh#g;6BmRL) zmh$H3Gc*iXN-n_G2;_wN(g#O)NZeGVNB$Qw+J=~ZzD!*(qf?EH)*L~~;^(703hfyF zlEiUakeR%FZ%4-|3YXTn5-$f(d8V#xQ!W6)c@MoW&Q8$0GnW~GW#lmKNYhNz*09k6|XpaC(t20F%R;O`c-wbHd+i;{Gty;fKVRfH)J{jkJGx2ER{KRzC zrgxQ$m)CdYdxozTt@9V$s zWvxkt>NYE!Twhh(yH3g-TAg7l#c&GSBZO=VQt}ppNbj|OU6d&|ot;-+QzsFbhijp# z*%TDcw3GZ?3Hc4Jz8`{@HP~0r*E`)STc&ATWP691C-Uh?)-;(J{v|4-r(r0837^>ix6%W=n~C2dcCp%hJrw);C$F zMYptm>8I9St8ia-B#92KP8x4q(eiXYiEkfOl{VOyGYb=<#XIN>yOmQiWQe1u3C8J{N_ES6L`bJUAkX#_(is-}dWPLFrkn6@zW|Q{mZ+ zlcM@vS72?!*+T#|PXNi4_(8OWq1n+nQSLE`>;E+{ z=8MKTr8duFt0fR-lodfTy3rnZh#bh&?cCe2h1JPl@FKGxyhZO6vb&~4Jl=>ex{2`Q z{tE(^zi>cE-Hj``I-gyBE=5Y`3zlUQT=G__4c-c@>Ob&HZC+w_yHiPz-}3>H&RS3^ zFR3N{(vVd}uvK?><%(eW?m2jOJp`-dPvkS?BS_A%{U{}3dcnQ=({JPJEXzqD1_eN9ImcIRedb2{6UEl<*7&8Z^N!jpo@y}*WNcx|y^-j9H;++IkSo91)`nRBQLN}(Xo9h4X`gGFo_F5} z33iK-b5((H&x|?Nub%-#r=4z&>=Hdzd)5c@#n?a#jDN$ID-vk$yD$h>#Y(m1-C`E) zViSx&)}p6Ra4ick<*hw955D>T{3^Dwd6aG3I>lqK$jJ4?wI)LIuuA*zGfYxK1NGY0 zfilm?E|YZX^=ZDn_eoXT;T zTRIt;Z-P^%Ns<~dZ#N+;XB{a@3rTx;0f}kG{6xL|{jwWTm-HP58ZF+Bz4^!(^vNXq z^cdM&*|zJ2ITeNH_v+lmm&JX5#pV(&ktyRUwVlkTsfyI!@YJLgtMQR!>g8IKgDo8b zNzus+#0v|Uec~);X13-5zH;?J)bvQ?TKH*NOWkI>Cfbrspse*ye=b%%#`#P1kZxh&AMuzBAv97gkzkUWue;+^E*2 zV={BA#5=%|k=+yToG1O^1CmYt!s=z)j0&b-LX$_QcI!H;f5OwV<`o^L-dj!!3KEnthe3`|4d=Y^e)MP0|c o&HC&l3^8eWw~f5pin93{7w|&HX1`Ql>h~8FZDNV6F~Z*Z7cBZPT>t<8 diff --git a/charts/federatorai/federatorai/4.5.100+up4.5.1/questions.yaml b/charts/federatorai/federatorai/4.5.100+up4.5.1/questions.yaml deleted file mode 100644 index ab341a49c..000000000 --- a/charts/federatorai/federatorai/4.5.100+up4.5.1/questions.yaml +++ /dev/null @@ -1,90 +0,0 @@ -questions: -#image configurations -- variable: defaultImage - default: true - description: "Use default Federator.ai image or specify a custom one" - label: Use Default Federator.ai Image - type: boolean - show_subquestion_if: false - group: "Container Images" - subquestions: - - variable: image.repository - default: "quay.io/prophetstor/federatorai-operator-ubi" - description: "Federator.ai Operator image name" - type: string - group: "Container Images" - label: Federator.ai Operator Image Name - - variable: image.tag - default: "v4.5.1-ga" - description: "Federator.ai Operator image tag" - type: string - group: "Container Images" - label: Federator.ai Operator Image Tag -#service configurations -- variable: federatorai.imageLocation - default: "quay.io/prophetstor" - description: "Service containers image location" - type: string - required: true - group: "Container Images" - label: Federator.ai imageLocation -- variable: federatorai.version - default: "v4.5.1-ga" - description: "Service containers version" - type: string - required: true - group: "Container Images" - label: Service Containers Image Tag -- variable: services.dashboardFrontend.nodePort - required: true - default: "31012" - description: "The port where the Federator.ai Dashboard listens to" - type: string - group: "Service Settings" - label: Federator.ai Dashboard Port -- variable: services.rest.nodePort - required: true - default: "31011" - description: "The port where the Federator.ai REST listens to" - type: string - group: "Service Settings" - label: Federator.ai REST Port -- variable: federatorai.persistence.enabled - default: true - description: "Enable persistent volume for Federator.ai" - type: boolean - required: true - label: Federator.ai Persistent Volume Enabled - show_subquestion_if: true - group: "PV Settings" - subquestions: - - variable: federatorai.persistence.storageClass - default: "" - description: "If undefined or set to null, using the default storageClass. Defaults to null." - type: storageclass - group: "PV Settings" - label: Storage Class for Federator.ai - - variable: federatorai.persistence.storages.logStorage.size - default: "2Gi" - description: "Log volume size" - type: string - group: "PV Settings" - label: Log Volume Size - - variable: federatorai.persistence.aiCore.dataStorage.size - default: "10Gi" - description: "AICore data volume Size" - type: string - group: "PV Settings" - label: AICore Data Volume Size - - variable: federatorai.persistence.influxdb.dataStorage.size - default: "100Gi" - description: "Influxdb data volume Size" - type: string - group: "PV Settings" - label: Influxdb Data Volume Size - - variable: federatorai.persistence.fedemeterInfluxdb.dataStorage.size - default: "10Gi" - description: "Fedemeter influxdb data volume Size" - type: string - group: "PV Settings" - label: Fedemeter Influxdb Data Volume Size diff --git a/charts/federatorai/federatorai/4.5.100+up4.5.1/requirements.yaml b/charts/federatorai/federatorai/4.5.100+up4.5.1/requirements.yaml deleted file mode 100644 index e69de29bb..000000000 diff --git a/charts/federatorai/federatorai/4.5.100+up4.5.1/templates/01-serviceaccount.yaml b/charts/federatorai/federatorai/4.5.100+up4.5.1/templates/01-serviceaccount.yaml deleted file mode 100644 index 937627cd3..000000000 --- a/charts/federatorai/federatorai/4.5.100+up4.5.1/templates/01-serviceaccount.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: federatorai-operator - namespace: {{ .Release.Namespace }} diff --git a/charts/federatorai/federatorai/4.5.100+up4.5.1/templates/03-federatorai-operator.deployment.yaml b/charts/federatorai/federatorai/4.5.100+up4.5.1/templates/03-federatorai-operator.deployment.yaml deleted file mode 100644 index d7ca3e7f3..000000000 --- a/charts/federatorai/federatorai/4.5.100+up4.5.1/templates/03-federatorai-operator.deployment.yaml +++ /dev/null @@ -1,99 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: federatorai-operator - namespace: {{ .Release.Namespace }} - labels: - name: federatorai-operator - app: Federator.ai - annotations: - "helm.sh/hook-weight": "1000" -spec: - replicas: 1 - strategy: - rollingUpdate: - maxSurge: 1 - maxUnavailable: 0 - type: RollingUpdate - selector: - matchLabels: - name: federatorai-operator - template: - metadata: - labels: - name: federatorai-operator - app: Federator.ai - spec: - securityContext: - fsGroup: 1001 - serviceAccountName: federatorai-operator - initContainers: - - name: upgrader - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - command: - - federatorai-operator - args: - - "upgrade" - env: - - name: NAMESPACE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: FEDERATORAI_OPERATOR_INFLUXDB_ADDRESS - value: "" - - name: FEDERATORAI_OPERATOR_INFLUXDB_SERVICE_NAME - value: alameda-influxdb - - name: FEDERATORAI_OPERATOR_INFLUXDB_SERVICE_PORT - value: "8086" - - name: FEDERATORAI_OPERATOR_INFLUXDB_USERNAME - value: admin - - name: FEDERATORAI_OPERATOR_INFLUXDB_PASSWORD - value: adminpass - volumeMounts: - - mountPath: /var/log/alameda - name: log - - mountPath: /tmp/k8s-webhook-server/serving-certs - name: cert - readOnly: true - containers: - - name: federatorai-operator - # Replace this with the built image name - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: "{{ .Values.image.pullPolicy }}" - command: - - federatorai-operator - env: - - name: NAMESPACE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: OPERATOR_NAME - value: "federatorai-operator" - - name: DISABLE_OPERAND_RESOURCE_PROTECTION - value: "false" - readinessProbe: - failureThreshold: 20 - httpGet: - path: /readyz - port: 8083 - initialDelaySeconds: 5 - periodSeconds: 60 - successThreshold: 1 - timeoutSeconds: 5 - volumeMounts: - - mountPath: /var/log/alameda - name: log - - mountPath: /tmp/k8s-webhook-server/serving-certs - name: cert - readOnly: true - volumes: - - name: log - emptyDir: {} - - name: cert - secret: - defaultMode: 420 - secretName: federatorai-operator-service-cert diff --git a/charts/federatorai/federatorai/4.5.100+up4.5.1/templates/04-clusterrole.yaml b/charts/federatorai/federatorai/4.5.100+up4.5.1/templates/04-clusterrole.yaml deleted file mode 100644 index 2703f91a2..000000000 --- a/charts/federatorai/federatorai/4.5.100+up4.5.1/templates/04-clusterrole.yaml +++ /dev/null @@ -1,257 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - name: federatorai-operator -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - delete - - get - - list - - update - - watch -- apiGroups: - - "" - resources: - - endpoints - - pods - verbs: - - delete - - get - - list - - patch - - watch -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - nodes - - persistentvolumeclaims - - serviceaccounts - verbs: - - create - - delete - - get - - list - - watch -- apiGroups: - - "" - resources: - - persistentvolumes - - pods/log - - replicationcontrollers - - services - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - secrets - verbs: - - create - - delete - - list - - watch -- apiGroups: - - "" - resources: - - serviceaccounts - verbs: - - create - - delete - - update -- apiGroups: - - "" - resources: - - services - verbs: - - create - - delete - - list - - update - - watch -- apiGroups: - - "" - - extensions - resources: - - replicationcontrollers - verbs: - - '*' -- apiGroups: - - admissionregistration.k8s.io - resources: - - mutatingwebhookconfigurations - - validatingwebhookconfigurations - verbs: - - create - - delete - - get - - list - - update - - watch -- apiGroups: - - analysis.containers.ai - - autoscaling.containers.ai - - federatorai.containers.ai - - notifying.containers.ai - - tenant.containers.ai - resources: - - '*' - verbs: - - '*' -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - create - - delete - - get - - update -- apiGroups: - - apps - - extensions - resources: - - daemonsets - - deployments/scale - verbs: - - create - - delete - - get - - list - - update - - watch -- apiGroups: - - apps - - extensions - resources: - - deployments - - replicasets - - statefulsets - verbs: - - '*' -- apiGroups: - - apps.openshift.io - resources: - - deploymentconfigs - verbs: - - '*' -- apiGroups: - - autoscaling - resources: - - horizontalpodautoscalers - verbs: - - list -- apiGroups: - - batch - resources: - - cronjobs - - jobs - verbs: - - get - - list - - watch -- apiGroups: - - extensions - - policy - resources: - - podsecuritypolicies - verbs: - - '*' -- apiGroups: - - extensions - - policy - resourceNames: - - federatorai-alameda-weave-scope - resources: - - podsecuritypolicies - verbs: - - use -- apiGroups: - - monitoring.coreos.com - resources: - - prometheuses - verbs: - - list -- apiGroups: - - monitoring.coreos.com - resources: - - prometheusrules - verbs: - - create - - delete - - get - - list - - update -- apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterrolebindings - - clusterroles - - clusterroles/finalizers - - rolebindings - - roles - verbs: - - create - - delete - - get - - list - - update - - watch -- apiGroups: - - route.openshift.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - security.openshift.io - resources: - - securitycontextconstraints - verbs: - - create - - delete - - get - - list - - update - - use - - watch -- apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - list - - watch -- apiGroups: - - volumesnapshot.external-storage.k8s.io - resources: - - volumesnapshotdatas - - volumesnapshots - verbs: - - list - - watch - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: alameda-gc - annotations: - "helm.sh/hook-weight": "5000" - "helm.sh/hook": post-install,post-delete -rules: [] diff --git a/charts/federatorai/federatorai/4.5.100+up4.5.1/templates/05-clusterrolebinding.yaml b/charts/federatorai/federatorai/4.5.100+up4.5.1/templates/05-clusterrolebinding.yaml deleted file mode 100644 index 7c55d4828..000000000 --- a/charts/federatorai/federatorai/4.5.100+up4.5.1/templates/05-clusterrolebinding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: federatorai-operator -subjects: -- kind: ServiceAccount - name: federatorai-operator - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: federatorai-operator - apiGroup: rbac.authorization.k8s.io diff --git a/charts/federatorai/federatorai/4.5.100+up4.5.1/templates/06-role.yaml b/charts/federatorai/federatorai/4.5.100+up4.5.1/templates/06-role.yaml deleted file mode 100644 index 6e53fba0b..000000000 --- a/charts/federatorai/federatorai/4.5.100+up4.5.1/templates/06-role.yaml +++ /dev/null @@ -1,107 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - creationTimestamp: null - name: federatorai-operator - namespace: {{ .Release.Namespace }} -rules: -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - events - - persistentvolumeclaims - - pods - - secrets - - services - verbs: - - '*' -- apiGroups: - - "" - resources: - - nodes - - persistentvolumeclaims - - persistentvolumes - - pods/log - - replicationcontrollers - - services - verbs: - - get - - list - - watch -- apiGroups: - - apps - resources: - - daemonsets - - statefulsets - verbs: - - '*' -- apiGroups: - - apps - resources: - - deployments/finalizers - verbs: - - update -- apiGroups: - - apps - - extensions - resources: - - deployments - - deployments/scale - - replicasets - verbs: - - get - - list - - watch -- apiGroups: - - batch - resources: - - cronjobs - - jobs - verbs: - - get - - list - - watch -- apiGroups: - - extensions - resources: - - deployments/scale - verbs: - - update -- apiGroups: - - extensions - resources: - - podsecuritypolicies - verbs: - - '*' -- apiGroups: - - extensions - resourceNames: - - federatorai-alameda-weave-scope - resources: - - podsecuritypolicies - verbs: - - use -- apiGroups: - - monitoring.coreos.com - resources: - - servicemonitors - verbs: - - create - - get -- apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - list - - watch -- apiGroups: - - volumesnapshot.external-storage.k8s.io - resources: - - volumesnapshotdatas - - volumesnapshots - verbs: - - list - - watch diff --git a/charts/federatorai/federatorai/4.5.100+up4.5.1/templates/07-rolebinding.yaml b/charts/federatorai/federatorai/4.5.100+up4.5.1/templates/07-rolebinding.yaml deleted file mode 100644 index e72f197b5..000000000 --- a/charts/federatorai/federatorai/4.5.100+up4.5.1/templates/07-rolebinding.yaml +++ /dev/null @@ -1,13 +0,0 @@ -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: federatorai-operator - namespace: {{ .Release.Namespace }} -subjects: -- kind: ServiceAccount - name: federatorai-operator - namespace: {{ .Release.Namespace }} -roleRef: - kind: Role - name: federatorai-operator - apiGroup: rbac.authorization.k8s.io diff --git a/charts/federatorai/federatorai/4.5.100+up4.5.1/templates/08-service.yaml b/charts/federatorai/federatorai/4.5.100+up4.5.1/templates/08-service.yaml deleted file mode 100644 index 843abc896..000000000 --- a/charts/federatorai/federatorai/4.5.100+up4.5.1/templates/08-service.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - component: federatorai-operator - name: federatorai-operator-service - namespace: {{ .Release.Namespace }} -spec: - ports: - - port: 443 - targetPort: 50443 - selector: - name: federatorai-operator - app: Federator.ai diff --git a/charts/federatorai/federatorai/4.5.100+up4.5.1/templates/09-secret.yaml b/charts/federatorai/federatorai/4.5.100+up4.5.1/templates/09-secret.yaml deleted file mode 100644 index e4beb366a..000000000 --- a/charts/federatorai/federatorai/4.5.100+up4.5.1/templates/09-secret.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: federatorai-operator-service-cert - namespace: {{ .Release.Namespace }} -data: -type: Opaque \ No newline at end of file diff --git a/charts/federatorai/federatorai/4.5.100+up4.5.1/templates/10-mutatingwebhook.yaml b/charts/federatorai/federatorai/4.5.100+up4.5.1/templates/10-mutatingwebhook.yaml deleted file mode 100644 index 71d502abe..000000000 --- a/charts/federatorai/federatorai/4.5.100+up4.5.1/templates/10-mutatingwebhook.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: MutatingWebhookConfiguration -metadata: - creationTimestamp: null - name: federatorai-operator-servicesmutation -webhooks: -- clientConfig: - caBundle: Cg== - service: - name: federatorai-operator-service - namespace: {{ .Release.Namespace }} - path: /mutate-federatorai-containers-ai-v1alpha1-alamedaservice - failurePolicy: Ignore - name: alamedaservicemutate.federatorai.containers.ai - rules: - - apiGroups: - - federatorai.containers.ai - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - alamedaservices \ No newline at end of file diff --git a/charts/federatorai/federatorai/4.5.100+up4.5.1/templates/11-validatingwebhook.yaml b/charts/federatorai/federatorai/4.5.100+up4.5.1/templates/11-validatingwebhook.yaml deleted file mode 100644 index bf568d17d..000000000 --- a/charts/federatorai/federatorai/4.5.100+up4.5.1/templates/11-validatingwebhook.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: ValidatingWebhookConfiguration -metadata: - creationTimestamp: null - name: federatorai-operator-servicesvalidation -webhooks: -- clientConfig: - caBundle: Cg== - service: - name: federatorai-operator-service - namespace: {{ .Release.Namespace }} - path: /validate-federatorai-containers-ai-v1alpha1-alamedaservice - failurePolicy: Ignore - name: alamedaservicevalidate.federatorai.containers.ai - rules: - - apiGroups: - - federatorai.containers.ai - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - alamedaservices \ No newline at end of file diff --git a/charts/federatorai/federatorai/4.5.100+up4.5.1/templates/NOTES.txt b/charts/federatorai/federatorai/4.5.100+up4.5.1/templates/NOTES.txt deleted file mode 100644 index b381d6fed..000000000 --- a/charts/federatorai/federatorai/4.5.100+up4.5.1/templates/NOTES.txt +++ /dev/null @@ -1,3 +0,0 @@ - -Get the Federator.ai pods by running the following command: - kubectl --namespace {{ .Release.Namespace }} get pods diff --git a/charts/federatorai/federatorai/4.5.100+up4.5.1/templates/_helpers.tpl b/charts/federatorai/federatorai/4.5.100+up4.5.1/templates/_helpers.tpl deleted file mode 100644 index 66323e843..000000000 --- a/charts/federatorai/federatorai/4.5.100+up4.5.1/templates/_helpers.tpl +++ /dev/null @@ -1,45 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "federatorai-operator.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "federatorai-operator.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "federatorai-operator.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "federatorai-operator.labels" -}} -app.kubernetes.io/name: {{ include "federatorai-operator.name" . }} -helm.sh/chart: {{ include "federatorai-operator.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} diff --git a/charts/federatorai/federatorai/4.5.100+up4.5.1/templates/alamedaservice.yaml b/charts/federatorai/federatorai/4.5.100+up4.5.1/templates/alamedaservice.yaml deleted file mode 100644 index 6fc00b321..000000000 --- a/charts/federatorai/federatorai/4.5.100+up4.5.1/templates/alamedaservice.yaml +++ /dev/null @@ -1,87 +0,0 @@ -apiVersion: federatorai.containers.ai/v1alpha1 -kind: AlamedaService -metadata: - name: my-alamedaservice - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": post-install - "helm.sh/hook-weight": "3000" -spec: -{{ if .Values.federatorai.persistence.enabled }} - env: - - name: FEDERATORAI_MAXIMUM_LOG_SIZE - ## Use about 90% of 2Gi - value: "1931476992" -{{ end }} - keycode: - codeNumber: FFSFM-RGBTF-F7I7O-UFKPM-LL6VI-QVFNQ - version: {{ .Values.federatorai.version }} -{{ if .Values.federatorai.imageLocation }} - imageLocation: {{ .Values.federatorai.imageLocation }} -{{ else }} - imageLocation: quay.io/prophetstor -{{ end }} -{{ if .Values.federatorai.persistence.enabled }} - storages: - - accessModes: - - ReadWriteOnce - {{ if .Values.federatorai.persistence.storageClass }} - class: {{ .Values.federatorai.persistence.storageClass }} - {{ end }} - size: {{ .Values.federatorai.persistence.storages.logStorage.size }} - type: pvc - usage: log - alamedaAi: - storages: - - accessModes: - - ReadWriteOnce - {{ if .Values.federatorai.persistence.storageClass }} - class: {{ .Values.federatorai.persistence.storageClass }} - {{ end }} - size: {{ .Values.federatorai.persistence.aiCore.dataStorage.size }} - type: pvc - usage: data - alamedaInfluxdb: - storages: - - accessModes: - - ReadWriteOnce - {{ if .Values.federatorai.persistence.storageClass }} - class: {{ .Values.federatorai.persistence.storageClass }} - {{ end }} - size: {{ .Values.federatorai.persistence.influxdb.dataStorage.size }} - type: pvc - usage: data - fedemeterInfluxdb: - storages: - - accessModes: - - ReadWriteOnce - {{ if .Values.federatorai.persistence.storageClass }} - class: {{ .Values.federatorai.persistence.storageClass }} - {{ end }} - size: {{ .Values.federatorai.persistence.fedemeterInfluxdb.dataStorage.size }} - type: pvc - usage: data -{{ else }} - storages: - - type: ephemeral - usage: data - - type: ephemeral - usage: log -{{ end }} - serviceExposures: -{{ if .Values.services.dashboardFrontend.nodePort }} - - name: federatorai-dashboard-frontend - nodePort: - ports: - - nodePort: {{ .Values.services.dashboardFrontend.nodePort }} - port: 9001 - type: NodePort -{{ end }} -{{ if .Values.services.rest.nodePort }} - - name: federatorai-rest - nodePort: - ports: - - nodePort: {{ .Values.services.rest.nodePort }} - port: 5056 - type: NodePort -{{ end }} diff --git a/charts/federatorai/federatorai/4.5.100+up4.5.1/values.yaml b/charts/federatorai/federatorai/4.5.100+up4.5.1/values.yaml deleted file mode 100644 index 40414637a..000000000 --- a/charts/federatorai/federatorai/4.5.100+up4.5.1/values.yaml +++ /dev/null @@ -1,41 +0,0 @@ -## Default values for Federator.ai -## This is a YAML-formatted file. -## Declare variables to be passed into your templates. -## -image: - pullPolicy: IfNotPresent - repository: quay.io/prophetstor/federatorai-operator-ubi - tag: v4.5.1-ga - -## Set default values -## -federatorai: - imageLocation: quay.io/prophetstor - version: v4.5.1-ga - ## If thhe persistence is enabled, a default StorageClass - ## is needed in the k8s cluster to provision volumes. - persistence: - enabled: true - storageClass: "" - storages: - logStorage: - size: 2Gi - aiCore: - dataStorage: - size: 10Gi - influxdb: - dataStorage: - size: 100Gi - fedemeterInfluxdb: - dataStorage: - size: 10Gi - -services: - dashboardFrontend: - ## Specify the nodePort value for the dashboard frontend - ## Comment out the following line to disable nodePort service - nodePort: 31012 - rest: - ## Specify the nodePort value for the REST service - ## Comment out the following line to disable nodePort service - nodePort: 31011 diff --git a/charts/federatorai/federatorai/4.5.100/.helmignore b/charts/federatorai/federatorai/4.5.100/.helmignore deleted file mode 100755 index 50af03172..000000000 --- a/charts/federatorai/federatorai/4.5.100/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/federatorai/federatorai/4.5.100/Chart.yaml b/charts/federatorai/federatorai/4.5.100/Chart.yaml deleted file mode 100755 index dd2812c46..000000000 --- a/charts/federatorai/federatorai/4.5.100/Chart.yaml +++ /dev/null @@ -1,25 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: Federator.ai - catalog.cattle.io/release-name: federatorai -apiVersion: v1 -appVersion: 4.5.1-ga -description: Federator.ai helps enterprises optimize cloud resources, maximize application - performance, and save significant cost without excessive over-provisioning or under-provisioning - of resources, meeting the service-level requirements of their applications. -home: https://www.prophetstor.com -icon: https://raw.githubusercontent.com/prophetstor-ai/public/master/images/logo.png -keywords: -- AI -- Resource Orchestration -- NoOps -- AIOps -- Intelligent Workload Management -- Cost Optimization -maintainers: -- email: support@prophetstor.com - name: ProphetStor Data Services, Inc. -name: federatorai -sources: -- https://www.prophetstor.com -version: 4.5.100 diff --git a/charts/federatorai/federatorai/4.5.100/README.md b/charts/federatorai/federatorai/4.5.100/README.md deleted file mode 100755 index 6e13bf0bb..000000000 --- a/charts/federatorai/federatorai/4.5.100/README.md +++ /dev/null @@ -1,96 +0,0 @@ -# Federator.ai Operator -Federator.ai helps enterprises optimize cloud resources, maximize application performance, and save significant cost without excessive over-provisioning or under-provisioning of resources, meeting the service-level requirements of their applications. - -Enterprises often lack understanding of the resources needed to support their applications. This leads to either excessive over-provisioning or under-provisioning of resources (CPU, memory, storage). Using machine learning, Federator.ai determines the optimal cloud resources needed to support any workload on OpenShift and helps users find the best-cost instances from cloud providers for their applications. - - -**Multi-layer workload prediction** - -Using machine learning and math-based algorithms, Federator.ai predicts containerized application and cluster node resource usage as the basis for resource recommendations at application level as well as at cluster node level. Federator.ai supports prediction for both physical/virtual CPUs and memories. - - -**Auto-scaling via resource recommendation** - -Federator.ai utilizes the predicted resource usage to recommend the right number and size of pods for applications. Integrated with Datadog's WPA, applications are automatically scaled to meet the predicted resource usage. - - -**Application-aware recommendation execution** - -Optimizing the resource usage and performance goals, Federator.ai uses application specific metrics for workload prediction and pod capacity estimation to auto-scale the right number of pods for best performance without overprovisioning. - - -**Multi-cloud Cost Analysis** - -With resource usage prediction, Federator.ai analyzes potential cost of a cluster on different public cloud providers. It also recommend appropriate cluster nodes and instance types based on resource usage. - - -**Custom Datadog/Sysdig Dashboards** - -Predefined custom Datadog/Sysdig Dashboards for workload prediction/recommendation visualization for cluster nodes and applications. - - -**Additional resources** - -Want more product information? Explore detailed information about using this product and where to find additional help. - -* [Federator.ai Datasheet](https://www.prophetstor.com/wp-content/uploads/2021/02/Federator.ai%C2%AE_202102ver.pdf) -* [Quick Start Guide](https://www.prophetstor.com/wp-content/uploads/2021/04/ProphetStor-Federator.ai-v4.5.1-Quick-Installation-Guide.pdf) -* [Federator.ai User Guide](https://www.prophetstor.com/wp-content/uploads/2021/04/Federator.ai-4.5.1-User-Guide.pdf) -* [Company Information](https://www.prophetstor.com/) - -## Prerequisites -- The [Kubernetes](https://kubernetes.io/) version 1.18 or later if using Kubernetes environment. -- The [Openshift](https://www.openshift.com) version 4.x.x or later if using OpenShift platform. -- The [Helm](https://helm.sh/) version is 3.x.x or later. - -## Add Helm chart repository -``` -helm repo add prophetstor https://prophetstor-ai.github.io/federatorai-operator-helm/ -``` - -## Test the Helm chart repository -``` -helm search repo federatorai -``` - -## Installing with the release name `my-name`: -``` -helm install `my-name` prophetstor/federatorai --namespace=federatorai --create-namespace -``` - -## To uninstall/delete the `my-name` deployment: -``` -helm ls --all-namespaces -helm delete `my-name` --namespace=federatorai -``` - - -## Configuration - -The following table lists the configurable parameters of the chart and their default values are specfied insde values.yaml. - -| Parameter | Description | -| -------------------------------------------------------------- | --------------------------------------------- | -| `image.pullPolicy` | Container pull policy | -| `image.repository` | Image for Federator.ai operator | -| `image.tag` | Image Tag for Federator.ai operator | -| `federatorai.imageLocation` | Image Location for services containers | -| `federatorai.version` | Image Tag for services containers | -| `federatorai.persistence.enabled` | Enable persistent volumes | -| `federatorai.persistence.storageClass` | Storage Class Name of persistent volumes | -| `federatorai.persistence.storages.logStorage.size` | Log volume size | -| `federatorai.persistence.aiCore.dataStorage.size` | AICore data volume size | -| `federatorai.persistence.influxdb.dataStorage.size` | Influxdb data volume size | -| `federatorai.persistence.fedemeterInfluxdb.dataStorage.size` | Fedemeter influxdb data volume size | -| `services.dashboardFrontend.nodePort` | Port of the Dashboard service | -| `services.rest.nodePort` | Port of the REST service | - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```shell -helm install `my-name` prophetstor/federatorai -f values.yaml --namespace=federatorai --create-namespace -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) diff --git a/charts/federatorai/federatorai/4.5.100/app-readme.md b/charts/federatorai/federatorai/4.5.100/app-readme.md deleted file mode 100755 index a7612f8f4..000000000 --- a/charts/federatorai/federatorai/4.5.100/app-readme.md +++ /dev/null @@ -1,39 +0,0 @@ -# Federator.ai Operator -Federator.ai helps enterprises optimize cloud resources, maximize application performance, and save significant cost without excessive over-provisioning or under-provisioning of resources, meeting the service-level requirements of their applications. - -Enterprises often lack understanding of the resources needed to support their applications. This leads to either excessive over-provisioning or under-provisioning of resources (CPU, memory, storage). Using machine learning, Federator.ai determines the optimal cloud resources needed to support any workload on OpenShift and helps users find the best-cost instances from cloud providers for their applications. - - -**Multi-layer workload prediction** - -Using machine learning and math-based algorithms, Federator.ai predicts containerized application and cluster node resource usage as the basis for resource recommendations at application level as well as at cluster node level. Federator.ai supports prediction for both physical/virtual CPUs and memories. - - -**Auto-scaling via resource recommendation** - -Federator.ai utilizes the predicted resource usage to recommend the right number and size of pods for applications. Integrated with Datadog's WPA, applications are automatically scaled to meet the predicted resource usage. - - -**Application-aware recommendation execution** - -Optimizing the resource usage and performance goals, Federator.ai uses application specific metrics for workload prediction and pod capacity estimation to auto-scale the right number of pods for best performance without overprovisioning. - - -**Multi-cloud Cost Analysis** - -With resource usage prediction, Federator.ai analyzes potential cost of a cluster on different public cloud providers. It also recommend appropriate cluster nodes and instance types based on resource usage. - - -**Custom Datadog/Sysdig Dashboards** - -Predefined custom Datadog/Sysdig Dashboards for workload prediction/recommendation visualization for cluster nodes and applications. - - -**Additional resources** - -Want more product information? Explore detailed information about using this product and where to find additional help. - -* [Federator.ai Datasheet](https://www.prophetstor.com/wp-content/uploads/2021/02/Federator.ai%C2%AE_202102ver.pdf) -* [Quick Start Guide](https://www.prophetstor.com/wp-content/uploads/2021/04/ProphetStor-Federator.ai-v4.5.1-Quick-Installation-Guide.pdf) -* [Federator.ai User Guide](https://www.prophetstor.com/wp-content/uploads/2021/04/Federator.ai-4.5.1-User-Guide.pdf) -* [Company Information](https://www.prophetstor.com/) diff --git a/charts/federatorai/federatorai/4.5.100/crds/02-alamedaservice.crd.yaml b/charts/federatorai/federatorai/4.5.100/crds/02-alamedaservice.crd.yaml deleted file mode 100755 index 7afa71628..000000000 --- a/charts/federatorai/federatorai/4.5.100/crds/02-alamedaservice.crd.yaml +++ /dev/null @@ -1,5009 +0,0 @@ - ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - helm.sh/hook: crd-install - creationTimestamp: null - name: alamedaservices.federatorai.containers.ai -spec: - additionalPrinterColumns: - - JSONPath: .spec.enableExecution - name: Execution - type: boolean - - JSONPath: .spec.version - name: Version - type: string - - JSONPath: .metadata.creationTimestamp - name: Age - type: date - group: federatorai.containers.ai - names: - kind: AlamedaService - listKind: AlamedaServiceList - plural: alamedaservices - singular: alamedaservice - scope: Namespaced - subresources: {} - validation: - openAPIV3Schema: - description: AlamedaService is the Schema for the alamedaservices API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: AlamedaServiceSpec defines the desired state of AlamedaService - properties: - alameda-analyzer: - properties: - bootstrap: - properties: - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull - a container image - type: string - version: - type: string - type: object - env: - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a variable - cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull a - container image - type: string - replicas: - format: int32 - minimum: 0 - type: integer - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - storages: - items: - properties: - accessModes: - items: - type: string - type: array - class: - type: string - size: - type: string - type: - enum: - - pvc - - ephemeral - type: string - usage: - enum: - - log - - data - type: string - required: - - type - - usage - type: object - type: array - version: - type: string - type: object - alameda-dispatcher: - properties: - bootstrap: - properties: - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull - a container image - type: string - version: - type: string - type: object - env: - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a variable - cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull a - container image - type: string - replicas: - format: int32 - minimum: 0 - type: integer - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - storages: - items: - properties: - accessModes: - items: - type: string - type: array - class: - type: string - size: - type: string - type: - enum: - - pvc - - ephemeral - type: string - usage: - enum: - - log - - data - type: string - required: - - type - - usage - type: object - type: array - version: - type: string - type: object - alameda-weavescope: - properties: - bootstrap: - properties: - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull - a container image - type: string - version: - type: string - type: object - env: - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a variable - cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull a - container image - type: string - replicas: - format: int32 - minimum: 0 - type: integer - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - storages: - items: - properties: - accessModes: - items: - type: string - type: array - class: - type: string - size: - type: string - type: - enum: - - pvc - - ephemeral - type: string - usage: - enum: - - log - - data - type: string - required: - - type - - usage - type: object - type: array - version: - type: string - type: object - alamedaAdmissionController: - properties: - bootstrap: - properties: - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull - a container image - type: string - version: - type: string - type: object - env: - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a variable - cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull a - container image - type: string - replicas: - format: int32 - minimum: 0 - type: integer - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - storages: - items: - properties: - accessModes: - items: - type: string - type: array - class: - type: string - size: - type: string - type: - enum: - - pvc - - ephemeral - type: string - usage: - enum: - - log - - data - type: string - required: - - type - - usage - type: object - type: array - version: - type: string - type: object - alamedaAi: - properties: - bootstrap: - properties: - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull - a container image - type: string - version: - type: string - type: object - env: - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a variable - cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull a - container image - type: string - replicas: - format: int32 - minimum: 0 - type: integer - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - storages: - items: - properties: - accessModes: - items: - type: string - type: array - class: - type: string - size: - type: string - type: - enum: - - pvc - - ephemeral - type: string - usage: - enum: - - log - - data - type: string - required: - - type - - usage - type: object - type: array - version: - type: string - type: object - alamedaDatahub: - properties: - bootstrap: - properties: - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull - a container image - type: string - version: - type: string - type: object - env: - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a variable - cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull a - container image - type: string - replicas: - format: int32 - minimum: 0 - type: integer - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - storages: - items: - properties: - accessModes: - items: - type: string - type: array - class: - type: string - size: - type: string - type: - enum: - - pvc - - ephemeral - type: string - usage: - enum: - - log - - data - type: string - required: - - type - - usage - type: object - type: array - version: - type: string - type: object - alamedaEvictioner: - properties: - bootstrap: - properties: - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull - a container image - type: string - version: - type: string - type: object - env: - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a variable - cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull a - container image - type: string - replicas: - format: int32 - minimum: 0 - type: integer - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - storages: - items: - properties: - accessModes: - items: - type: string - type: array - class: - type: string - size: - type: string - type: - enum: - - pvc - - ephemeral - type: string - usage: - enum: - - log - - data - type: string - required: - - type - - usage - type: object - type: array - version: - type: string - type: object - alamedaExecutor: - properties: - bootstrap: - properties: - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull - a container image - type: string - version: - type: string - type: object - env: - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a variable - cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull a - container image - type: string - replicas: - format: int32 - minimum: 0 - type: integer - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - storages: - items: - properties: - accessModes: - items: - type: string - type: array - class: - type: string - size: - type: string - type: - enum: - - pvc - - ephemeral - type: string - usage: - enum: - - log - - data - type: string - required: - - type - - usage - type: object - type: array - version: - type: string - type: object - alamedaInfluxdb: - description: Component Section Schema - properties: - bootstrap: - properties: - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull - a container image - type: string - version: - type: string - type: object - env: - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a variable - cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull a - container image - type: string - replicas: - format: int32 - minimum: 0 - type: integer - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - storages: - items: - properties: - accessModes: - items: - type: string - type: array - class: - type: string - size: - type: string - type: - enum: - - pvc - - ephemeral - type: string - usage: - enum: - - log - - data - type: string - required: - - type - - usage - type: object - type: array - version: - type: string - type: object - alamedaNotifier: - properties: - bootstrap: - properties: - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull - a container image - type: string - version: - type: string - type: object - env: - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a variable - cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull a - container image - type: string - replicas: - format: int32 - minimum: 0 - type: integer - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - storages: - items: - properties: - accessModes: - items: - type: string - type: array - class: - type: string - size: - type: string - type: - enum: - - pvc - - ephemeral - type: string - usage: - enum: - - log - - data - type: string - required: - - type - - usage - type: object - type: array - version: - type: string - type: object - alamedaOperator: - properties: - bootstrap: - properties: - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull - a container image - type: string - version: - type: string - type: object - env: - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a variable - cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull a - container image - type: string - replicas: - format: int32 - minimum: 0 - type: integer - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - storages: - items: - properties: - accessModes: - items: - type: string - type: array - class: - type: string - size: - type: string - type: - enum: - - pvc - - ephemeral - type: string - usage: - enum: - - log - - data - type: string - required: - - type - - usage - type: object - type: array - version: - type: string - type: object - alamedaRabbitMQ: - properties: - bootstrap: - properties: - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull - a container image - type: string - version: - type: string - type: object - env: - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a variable - cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull a - container image - type: string - replicas: - format: int32 - minimum: 0 - type: integer - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - storages: - items: - properties: - accessModes: - items: - type: string - type: array - class: - type: string - size: - type: string - type: - enum: - - pvc - - ephemeral - type: string - usage: - enum: - - log - - data - type: string - required: - - type - - usage - type: object - type: array - version: - type: string - type: object - alamedaRecommender: - properties: - bootstrap: - properties: - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull - a container image - type: string - version: - type: string - type: object - env: - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a variable - cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull a - container image - type: string - replicas: - format: int32 - minimum: 0 - type: integer - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - storages: - items: - properties: - accessModes: - items: - type: string - type: array - class: - type: string - size: - type: string - type: - enum: - - pvc - - ephemeral - type: string - usage: - enum: - - log - - data - type: string - required: - - type - - usage - type: object - type: array - version: - type: string - type: object - autoPatchPrometheusRules: - type: boolean - enableAgentApp: - type: boolean - enableExecution: - type: boolean - enableGPU: - type: boolean - enablePreloader: - type: boolean - enableWeavescope: - type: boolean - env: - items: - description: EnvVar represents an environment variable present in - a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded using - the previous defined environment variables in the container - and any service environment variables. If a variable cannot - be resolved, the reference in the input string will be unchanged. - The $(VAR_NAME) syntax can be escaped with a double $$, ie: - $$(VAR_NAME). Escaped references will never be expanded, regardless - of whether the variable exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. Cannot - be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its key - must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is written - in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only resources - limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, - requests.cpu, requests.memory and requests.ephemeral-storage) - are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, optional - for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - fedemeter: - properties: - bootstrap: - properties: - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull - a container image - type: string - version: - type: string - type: object - env: - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a variable - cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull a - container image - type: string - replicas: - format: int32 - minimum: 0 - type: integer - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - storages: - items: - properties: - accessModes: - items: - type: string - type: array - class: - type: string - size: - type: string - type: - enum: - - pvc - - ephemeral - type: string - usage: - enum: - - log - - data - type: string - required: - - type - - usage - type: object - type: array - version: - type: string - type: object - fedemeterInfluxdb: - properties: - bootstrap: - properties: - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull - a container image - type: string - version: - type: string - type: object - env: - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a variable - cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull a - container image - type: string - replicas: - format: int32 - minimum: 0 - type: integer - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - storages: - items: - properties: - accessModes: - items: - type: string - type: array - class: - type: string - size: - type: string - type: - enum: - - pvc - - ephemeral - type: string - usage: - enum: - - log - - data - type: string - required: - - type - - usage - type: object - type: array - version: - type: string - type: object - federatoraiAgent: - properties: - bootstrap: - properties: - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull - a container image - type: string - version: - type: string - type: object - env: - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a variable - cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull a - container image - type: string - replicas: - format: int32 - minimum: 0 - type: integer - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - storages: - items: - properties: - accessModes: - items: - type: string - type: array - class: - type: string - size: - type: string - type: - enum: - - pvc - - ephemeral - type: string - usage: - enum: - - log - - data - type: string - required: - - type - - usage - type: object - type: array - version: - type: string - type: object - federatoraiAgentApp: - properties: - bootstrap: - properties: - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull - a container image - type: string - version: - type: string - type: object - env: - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a variable - cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull a - container image - type: string - replicas: - format: int32 - minimum: 0 - type: integer - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - storages: - items: - properties: - accessModes: - items: - type: string - type: array - class: - type: string - size: - type: string - type: - enum: - - pvc - - ephemeral - type: string - usage: - enum: - - log - - data - type: string - required: - - type - - usage - type: object - type: array - version: - type: string - type: object - federatoraiAgentGPU: - properties: - bootstrap: - properties: - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull - a container image - type: string - version: - type: string - type: object - env: - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a variable - cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull a - container image - type: string - influxDB: - properties: - address: - type: string - password: - type: string - username: - type: string - required: - - address - - password - - username - type: object - prometheus: - properties: - address: - type: string - password: - type: string - username: - type: string - required: - - address - - password - - username - type: object - replicas: - format: int32 - minimum: 0 - type: integer - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - storages: - items: - properties: - accessModes: - items: - type: string - type: array - class: - type: string - size: - type: string - type: - enum: - - pvc - - ephemeral - type: string - usage: - enum: - - log - - data - type: string - required: - - type - - usage - type: object - type: array - version: - type: string - type: object - federatoraiAgentPreloader: - properties: - bootstrap: - properties: - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull - a container image - type: string - version: - type: string - type: object - env: - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a variable - cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull a - container image - type: string - replicas: - format: int32 - minimum: 0 - type: integer - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - storages: - items: - properties: - accessModes: - items: - type: string - type: array - class: - type: string - size: - type: string - type: - enum: - - pvc - - ephemeral - type: string - usage: - enum: - - log - - data - type: string - required: - - type - - usage - type: object - type: array - version: - type: string - type: object - federatoraiBackend: - properties: - bootstrap: - properties: - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull - a container image - type: string - version: - type: string - type: object - env: - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a variable - cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull a - container image - type: string - replicas: - format: int32 - minimum: 0 - type: integer - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - storages: - items: - properties: - accessModes: - items: - type: string - type: array - class: - type: string - size: - type: string - type: - enum: - - pvc - - ephemeral - type: string - usage: - enum: - - log - - data - type: string - required: - - type - - usage - type: object - type: array - version: - type: string - type: object - federatoraiDataAdapter: - properties: - bootstrap: - properties: - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull - a container image - type: string - version: - type: string - type: object - env: - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a variable - cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull a - container image - type: string - replicas: - format: int32 - minimum: 0 - type: integer - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - storages: - items: - properties: - accessModes: - items: - type: string - type: array - class: - type: string - size: - type: string - type: - enum: - - pvc - - ephemeral - type: string - usage: - enum: - - log - - data - type: string - required: - - type - - usage - type: object - type: array - version: - type: string - type: object - federatoraiFrontend: - properties: - bootstrap: - properties: - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull - a container image - type: string - version: - type: string - type: object - env: - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a variable - cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull a - container image - type: string - replicas: - format: int32 - minimum: 0 - type: integer - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - storages: - items: - properties: - accessModes: - items: - type: string - type: array - class: - type: string - size: - type: string - type: - enum: - - pvc - - ephemeral - type: string - usage: - enum: - - log - - data - type: string - required: - - type - - usage - type: object - type: array - version: - type: string - type: object - federatoraiRecommendDispatcher: - properties: - bootstrap: - properties: - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull - a container image - type: string - version: - type: string - type: object - env: - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a variable - cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull a - container image - type: string - replicas: - format: int32 - minimum: 0 - type: integer - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - storages: - items: - properties: - accessModes: - items: - type: string - type: array - class: - type: string - size: - type: string - type: - enum: - - pvc - - ephemeral - type: string - usage: - enum: - - log - - data - type: string - required: - - type - - usage - type: object - type: array - version: - type: string - type: object - federatoraiRecommendWorker: - properties: - bootstrap: - properties: - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull - a container image - type: string - version: - type: string - type: object - env: - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a variable - cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull a - container image - type: string - replicas: - format: int32 - minimum: 0 - type: integer - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - storages: - items: - properties: - accessModes: - items: - type: string - type: array - class: - type: string - size: - type: string - type: - enum: - - pvc - - ephemeral - type: string - usage: - enum: - - log - - data - type: string - required: - - type - - usage - type: object - type: array - version: - type: string - type: object - federatoraiRest: - properties: - bootstrap: - properties: - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull - a container image - type: string - version: - type: string - type: object - env: - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a variable - cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - image: - type: string - imagepullpolicy: - description: PullPolicy describes a policy for if/when to pull a - container image - type: string - replicas: - format: int32 - minimum: 0 - type: integer - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - storages: - items: - properties: - accessModes: - items: - type: string - type: array - class: - type: string - size: - type: string - type: - enum: - - pvc - - ephemeral - type: string - usage: - enum: - - log - - data - type: string - required: - - type - - usage - type: object - type: array - version: - type: string - type: object - imageLocation: - type: string - kafka: - properties: - brokerAddresses: - items: - type: string - type: array - sasl: - properties: - enabled: - type: boolean - password: - type: string - username: - type: string - type: object - tls: - description: Version string `json:"version,omitempty"` - properties: - enabled: - type: boolean - insecureSkipVerify: - type: boolean - type: object - type: object - keycode: - description: KeycodeSpec contains data for keycode check - properties: - codeNumber: - description: CodeNumber provides user to apply keycode to Federator.ai - type: string - signatureData: - description: SignatureData provides user to apply signature data - type: string - required: - - codeNumber - type: object - platform: - enum: - - openshift3.9 - type: string - prometheusService: - type: string - resources: - description: ResourceRequirements describes the compute resource requirements. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources - required. If Requests is omitted for a container, it defaults - to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - selfDriving: - type: boolean - serviceExposures: - items: - description: ServiceExposureSpec defines the service to be exposed - properties: - name: - type: string - nodePort: - description: NodePortSpec defines the ports to be proxied from - node to service - properties: - ports: - items: - description: PortSpec defines the service port - properties: - nodePort: - format: int32 - maximum: 65535 - minimum: 0 - type: integer - port: - format: int32 - maximum: 65535 - minimum: 0 - type: integer - required: - - nodePort - - port - type: object - type: array - required: - - ports - type: object - type: - description: ServiceExposureType defines the type of the service - to be exposed - enum: - - NodePort - type: string - required: - - name - - type - type: object - type: array - storages: - items: - properties: - accessModes: - items: - type: string - type: array - class: - type: string - size: - type: string - type: - enum: - - pvc - - ephemeral - type: string - usage: - enum: - - log - - data - type: string - required: - - type - - usage - type: object - type: array - version: - type: string - required: - - keycode - - version - type: object - status: - description: AlamedaServiceStatus defines the observed state of AlamedaService - properties: - conditions: - items: - properties: - message: - type: string - paused: - description: Represents whether any actions on the underlaying - managed objects are being performed. Only delete actions will - be performed. - type: boolean - required: - - message - - paused - type: object - type: array - crdversion: - properties: - crdname: - type: string - scalerversion: - type: string - required: - - crdname - - scalerversion - type: object - keycodeStatus: - description: KeycodeStatus contains current keycode information - properties: - codeNumber: - description: CodeNumber represents the last keycode user successfully - applied - type: string - lastErrorMessage: - description: LastErrorMessage stores the error message that happend - when Federatorai-Operator handled keycode - type: string - registrationData: - description: RegistrationData contains data needs to be sent for - activating keycode - type: string - state: - description: State represents the state of keycode processing - type: string - summary: - description: Summary stores the summary of the keycode - type: string - required: - - codeNumber - - lastErrorMessage - - registrationData - - state - - summary - type: object - required: - - conditions - - crdversion - - keycodeStatus - type: object - type: object - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/federatorai/federatorai/4.5.100/logo.png b/charts/federatorai/federatorai/4.5.100/logo.png deleted file mode 100755 index fc33e50090d9dc92ba5496ae3db538a91846dd29..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2838 zcmai$c{CJUAII;EED^G2&yX!K%5Jib%pkIqY-6%3>&P}$#P>V41i$NR^7-h0mPe!jooJ?D4N_xHy=H|>(8DJQ!KI{<(ajY8TS zl6)9;Y%GU+?Ck#1A&z((UNi*Y36W#>8uMX((j8@U5r9Zp00@Zy{5mWVW&sF=1MnRS zfX-n9p&&|wHRAAq#m(FldC0@HZTvd!5J!Vh4j}+2OaBf?M45gV0PK-yq@i8J=weY+ z=H<8I9W5<0&ugKTSJDwMq9C&BR+;?0%kzTO4XOgW9jHY~GhcIGw=~~@VOb4-H5+rK zYCEHL*!?tqzY&`!<0}FFBG!s9jv4ET_sW08tPJmM5ew*hiwpR%rXLdT$H%v23X9II z@AT|?^)6Ei&UyDb8$#{u)Rmc640!P`6C8%}%l>-kXMCqT%4nMl^l8pCl({ss8la7~ zi_KrV0g(X>YAz)Kj{uDcc;3Ht$#T}eMcFxB@&kWDd5G@SmS>zRGMe0faE3q@KwmX= zJH6UIG(B|vYX8kzp~t7qxy!~uu?PBThFDJ6%z4^CK?k-NM*XMJ+ux!;I{jE#0Iky+ z)Ij?v?t-Vl^)88V7rI2*zO6m+2wcf(ok(#Ap4D3KnbsQgPa@#QH zz#5A-COnt@q+EZZ>oyJ!+n-iwe>;@y77DkLd-GqWevj$j?*5NBrNAnBH_4&|vH7Lb zGp-iGEFT_pc5GS%?Ct6%xa{hbyZ~tFr1z2O&-opY}q~m9tVkN4yhMBMu{Z4RsU|9;^$-^Tgh#g;6BmRL) zmh$H3Gc*iXN-n_G2;_wN(g#O)NZeGVNB$Qw+J=~ZzD!*(qf?EH)*L~~;^(703hfyF zlEiUakeR%FZ%4-|3YXTn5-$f(d8V#xQ!W6)c@MoW&Q8$0GnW~GW#lmKNYhNz*09k6|XpaC(t20F%R;O`c-wbHd+i;{Gty;fKVRfH)J{jkJGx2ER{KRzC zrgxQ$m)CdYdxozTt@9V$s zWvxkt>NYE!Twhh(yH3g-TAg7l#c&GSBZO=VQt}ppNbj|OU6d&|ot;-+QzsFbhijp# z*%TDcw3GZ?3Hc4Jz8`{@HP~0r*E`)STc&ATWP691C-Uh?)-;(J{v|4-r(r0837^>ix6%W=n~C2dcCp%hJrw);C$F zMYptm>8I9St8ia-B#92KP8x4q(eiXYiEkfOl{VOyGYb=<#XIN>yOmQiWQe1u3C8J{N_ES6L`bJUAkX#_(is-}dWPLFrkn6@zW|Q{mZ+ zlcM@vS72?!*+T#|PXNi4_(8OWq1n+nQSLE`>;E+{ z=8MKTr8duFt0fR-lodfTy3rnZh#bh&?cCe2h1JPl@FKGxyhZO6vb&~4Jl=>ex{2`Q z{tE(^zi>cE-Hj``I-gyBE=5Y`3zlUQT=G__4c-c@>Ob&HZC+w_yHiPz-}3>H&RS3^ zFR3N{(vVd}uvK?><%(eW?m2jOJp`-dPvkS?BS_A%{U{}3dcnQ=({JPJEXzqD1_eN9ImcIRedb2{6UEl<*7&8Z^N!jpo@y}*WNcx|y^-j9H;++IkSo91)`nRBQLN}(Xo9h4X`gGFo_F5} z33iK-b5((H&x|?Nub%-#r=4z&>=Hdzd)5c@#n?a#jDN$ID-vk$yD$h>#Y(m1-C`E) zViSx&)}p6Ra4ick<*hw955D>T{3^Dwd6aG3I>lqK$jJ4?wI)LIuuA*zGfYxK1NGY0 zfilm?E|YZX^=ZDn_eoXT;T zTRIt;Z-P^%Ns<~dZ#N+;XB{a@3rTx;0f}kG{6xL|{jwWTm-HP58ZF+Bz4^!(^vNXq z^cdM&*|zJ2ITeNH_v+lmm&JX5#pV(&ktyRUwVlkTsfyI!@YJLgtMQR!>g8IKgDo8b zNzus+#0v|Uec~);X13-5zH;?J)bvQ?TKH*NOWkI>Cfbrspse*ye=b%%#`#P1kZxh&AMuzBAv97gkzkUWue;+^E*2 zV={BA#5=%|k=+yToG1O^1CmYt!s=z)j0&b-LX$_QcI!H;f5OwV<`o^L-dj!!3KEnthe3`|4d=Y^e)MP0|c o&HC&l3^8eWw~f5pin93{7w|&HX1`Ql>h~8FZDNV6F~Z*Z7cBZPT>t<8 diff --git a/charts/federatorai/federatorai/4.5.100/questions.yaml b/charts/federatorai/federatorai/4.5.100/questions.yaml deleted file mode 100755 index ab341a49c..000000000 --- a/charts/federatorai/federatorai/4.5.100/questions.yaml +++ /dev/null @@ -1,90 +0,0 @@ -questions: -#image configurations -- variable: defaultImage - default: true - description: "Use default Federator.ai image or specify a custom one" - label: Use Default Federator.ai Image - type: boolean - show_subquestion_if: false - group: "Container Images" - subquestions: - - variable: image.repository - default: "quay.io/prophetstor/federatorai-operator-ubi" - description: "Federator.ai Operator image name" - type: string - group: "Container Images" - label: Federator.ai Operator Image Name - - variable: image.tag - default: "v4.5.1-ga" - description: "Federator.ai Operator image tag" - type: string - group: "Container Images" - label: Federator.ai Operator Image Tag -#service configurations -- variable: federatorai.imageLocation - default: "quay.io/prophetstor" - description: "Service containers image location" - type: string - required: true - group: "Container Images" - label: Federator.ai imageLocation -- variable: federatorai.version - default: "v4.5.1-ga" - description: "Service containers version" - type: string - required: true - group: "Container Images" - label: Service Containers Image Tag -- variable: services.dashboardFrontend.nodePort - required: true - default: "31012" - description: "The port where the Federator.ai Dashboard listens to" - type: string - group: "Service Settings" - label: Federator.ai Dashboard Port -- variable: services.rest.nodePort - required: true - default: "31011" - description: "The port where the Federator.ai REST listens to" - type: string - group: "Service Settings" - label: Federator.ai REST Port -- variable: federatorai.persistence.enabled - default: true - description: "Enable persistent volume for Federator.ai" - type: boolean - required: true - label: Federator.ai Persistent Volume Enabled - show_subquestion_if: true - group: "PV Settings" - subquestions: - - variable: federatorai.persistence.storageClass - default: "" - description: "If undefined or set to null, using the default storageClass. Defaults to null." - type: storageclass - group: "PV Settings" - label: Storage Class for Federator.ai - - variable: federatorai.persistence.storages.logStorage.size - default: "2Gi" - description: "Log volume size" - type: string - group: "PV Settings" - label: Log Volume Size - - variable: federatorai.persistence.aiCore.dataStorage.size - default: "10Gi" - description: "AICore data volume Size" - type: string - group: "PV Settings" - label: AICore Data Volume Size - - variable: federatorai.persistence.influxdb.dataStorage.size - default: "100Gi" - description: "Influxdb data volume Size" - type: string - group: "PV Settings" - label: Influxdb Data Volume Size - - variable: federatorai.persistence.fedemeterInfluxdb.dataStorage.size - default: "10Gi" - description: "Fedemeter influxdb data volume Size" - type: string - group: "PV Settings" - label: Fedemeter Influxdb Data Volume Size diff --git a/charts/federatorai/federatorai/4.5.100/requirements.yaml b/charts/federatorai/federatorai/4.5.100/requirements.yaml deleted file mode 100755 index e69de29bb..000000000 diff --git a/charts/federatorai/federatorai/4.5.100/templates/01-serviceaccount.yaml b/charts/federatorai/federatorai/4.5.100/templates/01-serviceaccount.yaml deleted file mode 100755 index 937627cd3..000000000 --- a/charts/federatorai/federatorai/4.5.100/templates/01-serviceaccount.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: federatorai-operator - namespace: {{ .Release.Namespace }} diff --git a/charts/federatorai/federatorai/4.5.100/templates/03-federatorai-operator.deployment.yaml b/charts/federatorai/federatorai/4.5.100/templates/03-federatorai-operator.deployment.yaml deleted file mode 100755 index d7ca3e7f3..000000000 --- a/charts/federatorai/federatorai/4.5.100/templates/03-federatorai-operator.deployment.yaml +++ /dev/null @@ -1,99 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: federatorai-operator - namespace: {{ .Release.Namespace }} - labels: - name: federatorai-operator - app: Federator.ai - annotations: - "helm.sh/hook-weight": "1000" -spec: - replicas: 1 - strategy: - rollingUpdate: - maxSurge: 1 - maxUnavailable: 0 - type: RollingUpdate - selector: - matchLabels: - name: federatorai-operator - template: - metadata: - labels: - name: federatorai-operator - app: Federator.ai - spec: - securityContext: - fsGroup: 1001 - serviceAccountName: federatorai-operator - initContainers: - - name: upgrader - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - command: - - federatorai-operator - args: - - "upgrade" - env: - - name: NAMESPACE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: FEDERATORAI_OPERATOR_INFLUXDB_ADDRESS - value: "" - - name: FEDERATORAI_OPERATOR_INFLUXDB_SERVICE_NAME - value: alameda-influxdb - - name: FEDERATORAI_OPERATOR_INFLUXDB_SERVICE_PORT - value: "8086" - - name: FEDERATORAI_OPERATOR_INFLUXDB_USERNAME - value: admin - - name: FEDERATORAI_OPERATOR_INFLUXDB_PASSWORD - value: adminpass - volumeMounts: - - mountPath: /var/log/alameda - name: log - - mountPath: /tmp/k8s-webhook-server/serving-certs - name: cert - readOnly: true - containers: - - name: federatorai-operator - # Replace this with the built image name - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: "{{ .Values.image.pullPolicy }}" - command: - - federatorai-operator - env: - - name: NAMESPACE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: OPERATOR_NAME - value: "federatorai-operator" - - name: DISABLE_OPERAND_RESOURCE_PROTECTION - value: "false" - readinessProbe: - failureThreshold: 20 - httpGet: - path: /readyz - port: 8083 - initialDelaySeconds: 5 - periodSeconds: 60 - successThreshold: 1 - timeoutSeconds: 5 - volumeMounts: - - mountPath: /var/log/alameda - name: log - - mountPath: /tmp/k8s-webhook-server/serving-certs - name: cert - readOnly: true - volumes: - - name: log - emptyDir: {} - - name: cert - secret: - defaultMode: 420 - secretName: federatorai-operator-service-cert diff --git a/charts/federatorai/federatorai/4.5.100/templates/04-clusterrole.yaml b/charts/federatorai/federatorai/4.5.100/templates/04-clusterrole.yaml deleted file mode 100755 index 2703f91a2..000000000 --- a/charts/federatorai/federatorai/4.5.100/templates/04-clusterrole.yaml +++ /dev/null @@ -1,257 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - name: federatorai-operator -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - delete - - get - - list - - update - - watch -- apiGroups: - - "" - resources: - - endpoints - - pods - verbs: - - delete - - get - - list - - patch - - watch -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - nodes - - persistentvolumeclaims - - serviceaccounts - verbs: - - create - - delete - - get - - list - - watch -- apiGroups: - - "" - resources: - - persistentvolumes - - pods/log - - replicationcontrollers - - services - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - secrets - verbs: - - create - - delete - - list - - watch -- apiGroups: - - "" - resources: - - serviceaccounts - verbs: - - create - - delete - - update -- apiGroups: - - "" - resources: - - services - verbs: - - create - - delete - - list - - update - - watch -- apiGroups: - - "" - - extensions - resources: - - replicationcontrollers - verbs: - - '*' -- apiGroups: - - admissionregistration.k8s.io - resources: - - mutatingwebhookconfigurations - - validatingwebhookconfigurations - verbs: - - create - - delete - - get - - list - - update - - watch -- apiGroups: - - analysis.containers.ai - - autoscaling.containers.ai - - federatorai.containers.ai - - notifying.containers.ai - - tenant.containers.ai - resources: - - '*' - verbs: - - '*' -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - create - - delete - - get - - update -- apiGroups: - - apps - - extensions - resources: - - daemonsets - - deployments/scale - verbs: - - create - - delete - - get - - list - - update - - watch -- apiGroups: - - apps - - extensions - resources: - - deployments - - replicasets - - statefulsets - verbs: - - '*' -- apiGroups: - - apps.openshift.io - resources: - - deploymentconfigs - verbs: - - '*' -- apiGroups: - - autoscaling - resources: - - horizontalpodautoscalers - verbs: - - list -- apiGroups: - - batch - resources: - - cronjobs - - jobs - verbs: - - get - - list - - watch -- apiGroups: - - extensions - - policy - resources: - - podsecuritypolicies - verbs: - - '*' -- apiGroups: - - extensions - - policy - resourceNames: - - federatorai-alameda-weave-scope - resources: - - podsecuritypolicies - verbs: - - use -- apiGroups: - - monitoring.coreos.com - resources: - - prometheuses - verbs: - - list -- apiGroups: - - monitoring.coreos.com - resources: - - prometheusrules - verbs: - - create - - delete - - get - - list - - update -- apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterrolebindings - - clusterroles - - clusterroles/finalizers - - rolebindings - - roles - verbs: - - create - - delete - - get - - list - - update - - watch -- apiGroups: - - route.openshift.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - security.openshift.io - resources: - - securitycontextconstraints - verbs: - - create - - delete - - get - - list - - update - - use - - watch -- apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - list - - watch -- apiGroups: - - volumesnapshot.external-storage.k8s.io - resources: - - volumesnapshotdatas - - volumesnapshots - verbs: - - list - - watch - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: alameda-gc - annotations: - "helm.sh/hook-weight": "5000" - "helm.sh/hook": post-install,post-delete -rules: [] diff --git a/charts/federatorai/federatorai/4.5.100/templates/05-clusterrolebinding.yaml b/charts/federatorai/federatorai/4.5.100/templates/05-clusterrolebinding.yaml deleted file mode 100755 index 7c55d4828..000000000 --- a/charts/federatorai/federatorai/4.5.100/templates/05-clusterrolebinding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: federatorai-operator -subjects: -- kind: ServiceAccount - name: federatorai-operator - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: federatorai-operator - apiGroup: rbac.authorization.k8s.io diff --git a/charts/federatorai/federatorai/4.5.100/templates/06-role.yaml b/charts/federatorai/federatorai/4.5.100/templates/06-role.yaml deleted file mode 100755 index 6e53fba0b..000000000 --- a/charts/federatorai/federatorai/4.5.100/templates/06-role.yaml +++ /dev/null @@ -1,107 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - creationTimestamp: null - name: federatorai-operator - namespace: {{ .Release.Namespace }} -rules: -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - events - - persistentvolumeclaims - - pods - - secrets - - services - verbs: - - '*' -- apiGroups: - - "" - resources: - - nodes - - persistentvolumeclaims - - persistentvolumes - - pods/log - - replicationcontrollers - - services - verbs: - - get - - list - - watch -- apiGroups: - - apps - resources: - - daemonsets - - statefulsets - verbs: - - '*' -- apiGroups: - - apps - resources: - - deployments/finalizers - verbs: - - update -- apiGroups: - - apps - - extensions - resources: - - deployments - - deployments/scale - - replicasets - verbs: - - get - - list - - watch -- apiGroups: - - batch - resources: - - cronjobs - - jobs - verbs: - - get - - list - - watch -- apiGroups: - - extensions - resources: - - deployments/scale - verbs: - - update -- apiGroups: - - extensions - resources: - - podsecuritypolicies - verbs: - - '*' -- apiGroups: - - extensions - resourceNames: - - federatorai-alameda-weave-scope - resources: - - podsecuritypolicies - verbs: - - use -- apiGroups: - - monitoring.coreos.com - resources: - - servicemonitors - verbs: - - create - - get -- apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - list - - watch -- apiGroups: - - volumesnapshot.external-storage.k8s.io - resources: - - volumesnapshotdatas - - volumesnapshots - verbs: - - list - - watch diff --git a/charts/federatorai/federatorai/4.5.100/templates/07-rolebinding.yaml b/charts/federatorai/federatorai/4.5.100/templates/07-rolebinding.yaml deleted file mode 100755 index e72f197b5..000000000 --- a/charts/federatorai/federatorai/4.5.100/templates/07-rolebinding.yaml +++ /dev/null @@ -1,13 +0,0 @@ -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: federatorai-operator - namespace: {{ .Release.Namespace }} -subjects: -- kind: ServiceAccount - name: federatorai-operator - namespace: {{ .Release.Namespace }} -roleRef: - kind: Role - name: federatorai-operator - apiGroup: rbac.authorization.k8s.io diff --git a/charts/federatorai/federatorai/4.5.100/templates/08-service.yaml b/charts/federatorai/federatorai/4.5.100/templates/08-service.yaml deleted file mode 100755 index 843abc896..000000000 --- a/charts/federatorai/federatorai/4.5.100/templates/08-service.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - component: federatorai-operator - name: federatorai-operator-service - namespace: {{ .Release.Namespace }} -spec: - ports: - - port: 443 - targetPort: 50443 - selector: - name: federatorai-operator - app: Federator.ai diff --git a/charts/federatorai/federatorai/4.5.100/templates/09-secret.yaml b/charts/federatorai/federatorai/4.5.100/templates/09-secret.yaml deleted file mode 100755 index e4beb366a..000000000 --- a/charts/federatorai/federatorai/4.5.100/templates/09-secret.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: federatorai-operator-service-cert - namespace: {{ .Release.Namespace }} -data: -type: Opaque \ No newline at end of file diff --git a/charts/federatorai/federatorai/4.5.100/templates/10-mutatingwebhook.yaml b/charts/federatorai/federatorai/4.5.100/templates/10-mutatingwebhook.yaml deleted file mode 100755 index 71d502abe..000000000 --- a/charts/federatorai/federatorai/4.5.100/templates/10-mutatingwebhook.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: MutatingWebhookConfiguration -metadata: - creationTimestamp: null - name: federatorai-operator-servicesmutation -webhooks: -- clientConfig: - caBundle: Cg== - service: - name: federatorai-operator-service - namespace: {{ .Release.Namespace }} - path: /mutate-federatorai-containers-ai-v1alpha1-alamedaservice - failurePolicy: Ignore - name: alamedaservicemutate.federatorai.containers.ai - rules: - - apiGroups: - - federatorai.containers.ai - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - alamedaservices \ No newline at end of file diff --git a/charts/federatorai/federatorai/4.5.100/templates/11-validatingwebhook.yaml b/charts/federatorai/federatorai/4.5.100/templates/11-validatingwebhook.yaml deleted file mode 100755 index bf568d17d..000000000 --- a/charts/federatorai/federatorai/4.5.100/templates/11-validatingwebhook.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: ValidatingWebhookConfiguration -metadata: - creationTimestamp: null - name: federatorai-operator-servicesvalidation -webhooks: -- clientConfig: - caBundle: Cg== - service: - name: federatorai-operator-service - namespace: {{ .Release.Namespace }} - path: /validate-federatorai-containers-ai-v1alpha1-alamedaservice - failurePolicy: Ignore - name: alamedaservicevalidate.federatorai.containers.ai - rules: - - apiGroups: - - federatorai.containers.ai - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - alamedaservices \ No newline at end of file diff --git a/charts/federatorai/federatorai/4.5.100/templates/NOTES.txt b/charts/federatorai/federatorai/4.5.100/templates/NOTES.txt deleted file mode 100755 index b381d6fed..000000000 --- a/charts/federatorai/federatorai/4.5.100/templates/NOTES.txt +++ /dev/null @@ -1,3 +0,0 @@ - -Get the Federator.ai pods by running the following command: - kubectl --namespace {{ .Release.Namespace }} get pods diff --git a/charts/federatorai/federatorai/4.5.100/templates/_helpers.tpl b/charts/federatorai/federatorai/4.5.100/templates/_helpers.tpl deleted file mode 100755 index 66323e843..000000000 --- a/charts/federatorai/federatorai/4.5.100/templates/_helpers.tpl +++ /dev/null @@ -1,45 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "federatorai-operator.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "federatorai-operator.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "federatorai-operator.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "federatorai-operator.labels" -}} -app.kubernetes.io/name: {{ include "federatorai-operator.name" . }} -helm.sh/chart: {{ include "federatorai-operator.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} diff --git a/charts/federatorai/federatorai/4.5.100/templates/alamedaservice.yaml b/charts/federatorai/federatorai/4.5.100/templates/alamedaservice.yaml deleted file mode 100755 index 6fc00b321..000000000 --- a/charts/federatorai/federatorai/4.5.100/templates/alamedaservice.yaml +++ /dev/null @@ -1,87 +0,0 @@ -apiVersion: federatorai.containers.ai/v1alpha1 -kind: AlamedaService -metadata: - name: my-alamedaservice - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": post-install - "helm.sh/hook-weight": "3000" -spec: -{{ if .Values.federatorai.persistence.enabled }} - env: - - name: FEDERATORAI_MAXIMUM_LOG_SIZE - ## Use about 90% of 2Gi - value: "1931476992" -{{ end }} - keycode: - codeNumber: FFSFM-RGBTF-F7I7O-UFKPM-LL6VI-QVFNQ - version: {{ .Values.federatorai.version }} -{{ if .Values.federatorai.imageLocation }} - imageLocation: {{ .Values.federatorai.imageLocation }} -{{ else }} - imageLocation: quay.io/prophetstor -{{ end }} -{{ if .Values.federatorai.persistence.enabled }} - storages: - - accessModes: - - ReadWriteOnce - {{ if .Values.federatorai.persistence.storageClass }} - class: {{ .Values.federatorai.persistence.storageClass }} - {{ end }} - size: {{ .Values.federatorai.persistence.storages.logStorage.size }} - type: pvc - usage: log - alamedaAi: - storages: - - accessModes: - - ReadWriteOnce - {{ if .Values.federatorai.persistence.storageClass }} - class: {{ .Values.federatorai.persistence.storageClass }} - {{ end }} - size: {{ .Values.federatorai.persistence.aiCore.dataStorage.size }} - type: pvc - usage: data - alamedaInfluxdb: - storages: - - accessModes: - - ReadWriteOnce - {{ if .Values.federatorai.persistence.storageClass }} - class: {{ .Values.federatorai.persistence.storageClass }} - {{ end }} - size: {{ .Values.federatorai.persistence.influxdb.dataStorage.size }} - type: pvc - usage: data - fedemeterInfluxdb: - storages: - - accessModes: - - ReadWriteOnce - {{ if .Values.federatorai.persistence.storageClass }} - class: {{ .Values.federatorai.persistence.storageClass }} - {{ end }} - size: {{ .Values.federatorai.persistence.fedemeterInfluxdb.dataStorage.size }} - type: pvc - usage: data -{{ else }} - storages: - - type: ephemeral - usage: data - - type: ephemeral - usage: log -{{ end }} - serviceExposures: -{{ if .Values.services.dashboardFrontend.nodePort }} - - name: federatorai-dashboard-frontend - nodePort: - ports: - - nodePort: {{ .Values.services.dashboardFrontend.nodePort }} - port: 9001 - type: NodePort -{{ end }} -{{ if .Values.services.rest.nodePort }} - - name: federatorai-rest - nodePort: - ports: - - nodePort: {{ .Values.services.rest.nodePort }} - port: 5056 - type: NodePort -{{ end }} diff --git a/charts/federatorai/federatorai/4.5.100/values.yaml b/charts/federatorai/federatorai/4.5.100/values.yaml deleted file mode 100755 index 40414637a..000000000 --- a/charts/federatorai/federatorai/4.5.100/values.yaml +++ /dev/null @@ -1,41 +0,0 @@ -## Default values for Federator.ai -## This is a YAML-formatted file. -## Declare variables to be passed into your templates. -## -image: - pullPolicy: IfNotPresent - repository: quay.io/prophetstor/federatorai-operator-ubi - tag: v4.5.1-ga - -## Set default values -## -federatorai: - imageLocation: quay.io/prophetstor - version: v4.5.1-ga - ## If thhe persistence is enabled, a default StorageClass - ## is needed in the k8s cluster to provision volumes. - persistence: - enabled: true - storageClass: "" - storages: - logStorage: - size: 2Gi - aiCore: - dataStorage: - size: 10Gi - influxdb: - dataStorage: - size: 100Gi - fedemeterInfluxdb: - dataStorage: - size: 10Gi - -services: - dashboardFrontend: - ## Specify the nodePort value for the dashboard frontend - ## Comment out the following line to disable nodePort service - nodePort: 31012 - rest: - ## Specify the nodePort value for the REST service - ## Comment out the following line to disable nodePort service - nodePort: 31011 diff --git a/charts/haproxy/haproxy/1.12.100/.helmignore b/charts/haproxy/haproxy/1.12.100/.helmignore deleted file mode 100755 index f0c131944..000000000 --- a/charts/haproxy/haproxy/1.12.100/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/haproxy/haproxy/1.12.100/Chart.yaml b/charts/haproxy/haproxy/1.12.100/Chart.yaml deleted file mode 100755 index f29ee9c29..000000000 --- a/charts/haproxy/haproxy/1.12.100/Chart.yaml +++ /dev/null @@ -1,23 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: haproxy -apiVersion: v1 -appVersion: 1.5.1 -description: A Helm chart for HAProxy Kubernetes Ingress Controller -home: https://github.com/haproxytech/helm-charts/tree/master/kubernetes-ingress -icon: http://www.haproxy.org/img/HAProxyCommunityEdition_60px.png -keywords: -- ingress -- haproxy -kubeVersion: '>=1.12.0-0' -maintainers: -- email: mmhedhbi@haproxy.com - name: Moemen Mhedhbi -- email: bassmann@haproxy.com - name: Baptiste Assmann -- email: dkorunic@haproxy.com - name: Dinko Korunic -name: haproxy -sources: -- https://github.com/haproxytech/kubernetes-ingress -version: 1.12.100 diff --git a/charts/haproxy/haproxy/1.12.100/README.md b/charts/haproxy/haproxy/1.12.100/README.md deleted file mode 100755 index d4f04dbb8..000000000 --- a/charts/haproxy/haproxy/1.12.100/README.md +++ /dev/null @@ -1,199 +0,0 @@ -# ![HAProxy](https://github.com/haproxytech/kubernetes-ingress/raw/master/assets/images/haproxy-weblogo-210x49.png "HAProxy") - -## HAProxy Kubernetes Ingress Controller - -An ingress controller is a Kubernetes resource that routes traffic from outside your cluster to services within the cluster. HAProxy Kubernetes Ingress Controller uses ConfigMap to store the haproxy configuration. - -Detailed documentation can be found within the [Official Documentation](https://www.haproxy.com/documentation/hapee/2-0r1/traffic-management/kubernetes-ingress-controller/). - -Additional configuration details can be found in [annotation reference](https://github.com/haproxytech/kubernetes-ingress/tree/master/documentation) and in image [arguments reference](https://github.com/haproxytech/kubernetes-ingress/blob/master/documentation/controller.md). - -## Introduction - -This chart bootstraps an HAProxy kubernetes-ingress deployment/daemonset on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -### Prerequisites - -- Kubernetes 1.12+ -- Helm 2.9+ - -## Before you begin - -### Setup a Kubernetes Cluster - -The quickest way to setup a Kubernetes cluster is with [Azure Kubernetes Service](https://azure.microsoft.com/en-us/services/kubernetes-service/), [AWS Elastic Kubernetes Service](https://aws.amazon.com/eks/) or [Google Kubernetes Engine](https://cloud.google.com/kubernetes-engine/) using their respective quick-start guides. - -For setting up Kubernetes on other cloud platforms or bare-metal servers refer to the Kubernetes [getting started guide](http://kubernetes.io/docs/getting-started-guides/). - -### Install Helm - -Get the latest [Helm release](https://github.com/helm/helm#install). - -### Add Helm chart repo - -Once you have Helm installed, add the repo as follows: - -```console -helm repo add haproxytech https://haproxytech.github.io/helm-charts -helm repo update -``` - -## Install the chart - -To install the chart with Helm v3 as *my-release* deployment: - -```console -helm install my-release haproxytech/kubernetes-ingress -``` - -***NOTE***: To install the chart with Helm v2 (legacy Helm) the syntax requires adding deployment name to `--name` parameter: - -```console -helm install haproxytech/kubernetes-ingress \ - --name my-release -``` - -### Installing with unique name - -To auto-generate controller and its resources names when installing, use the following: - -```console -helm install haproxytech/kubernetes-ingress \ - --generate-name -``` - -### Installing from a private registry - -To install the chart using a private registry for controller into a separate namespace *prod*. - -***NOTE***: Helm v3 requires namespace to be precreated (eg. with ```kubectl create namespace prod```) - -```console -helm install my-ingress haproxytech/kubernetes-ingress \ - --namespace prod \ - --set controller.image.tag=SOMETAG \ - --set controller.imageCredentials.registry=myregistry.domain.com \ - --set controller.imageCredentials.username=MYUSERNAME \ - --set controller.imageCredentials.password=MYPASSWORD -``` - -### Installing as DaemonSet - -Default controller mode is [Deployment](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/), but it is possible to use [DaemonSet](https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/) as well: - -```console -helm install my-ingress2 haproxytech/kubernetes-ingress \ - --set controller.kind=DaemonSet -``` - -### Installing in multi-ingress environment - -It is also possible to set controller ingress class to be used in [multi-ingress environments](https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/#using-multiple-ingress-controllers): - -```console -helm install my-ingress3 haproxytech/kubernetes-ingress \ - --set controller.kind=DaemonSet \ - --set controller.ingressClass=haproxy -``` - -***NOTE***: make sure your Ingress routes have corresponding `ingress.class: haproxy` annotation. - -### Installing with service annotations - -On some environments like EKS and GKE there might be a need to pass service annotations. Syntax can become a little tedious however: - -```console -helm install my-ingress3 haproxytech/kubernetes-ingress \ - --set controller.kind=DaemonSet \ - --set controller.ingressClass=haproxy \ - --set controller.service.type=LoadBalancer \ - --set controller.service.annotations."service\.beta\.kubernetes\.io/aws-load-balancer-internal"="0.0.0.0/0" \ - --set controller.service.annotations."service\.beta\.kubernetes\.io/aws-load-balancer-cross-zone-load-balancing-enabled"="true" -``` - -***NOTE***: With helm `--set` it is needed to put quotes and escape dots in the annotation key and commas in the value string. - -### Installing with Horizontal Pod Autoscaler - -[HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) automatically scales number of replicas in Deployment or Replication Controller and adjusts replica count. Therefore we want to unset default replicaCount for controller and defaultBackend by setting corresponding key values to null: - -```console -helm install my-ingress4 haproxytech/kubernetes-ingress \ - --set controller.replicaCount=null \ - --set defaultBackend.replicaCount=null -``` - -### Installing the ServiceMonitor - -If you're using the [Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator), you can automatically install the `ServiceMonitor` definition in order to automate the scraping options according to your needs. - -```console -helm install my-ingress5 haproxytech/kubernetes-ingress \ - --set "controller.serviceMonitor.enabled=true" -``` - -### Using values from YAML file - -As opposed to using many `--set` invocations, much simpler approach is to define value overrides in a separate YAML file and specify them when invoking Helm: - -*mylb.yaml*: - -```yaml -controller: - kind: DaemonSet - ingressClass: haproxy - service: - type: LoadBalancer - annotations: - service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: 'true' - service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0 -``` - -And invoking Helm becomes (compare to the previous example): - -```console -helm install my-ingress4 -f mylb.yml haproxytech/kubernetes-ingress -``` - -A typical YAML file for TCP services looks like (provided that configmap "[default/tcp](https://github.com/haproxytech/kubernetes-ingress/blob/master/documentation/controller.md)" was created) : - -```yaml -controller: - service: - tcpPorts: - - name: mysql - port: 3306 - targetPort: 3306 - extraArgs: - - --configmap-tcp-services=default/tcp -``` - -## Upgrading the chart - -To upgrade the *my-release* deployment: - -```console -helm upgrade my-release haproxytech/kubernetes-ingress -``` - -## Uninstalling the chart - -To uninstall/delete the *my-release* deployment: - -```console -helm delete my-release -``` - -## Debugging - -It is possible to generate a set of YAML files for testing/debugging: - -```console -helm install my-release haproxytech/kubernetes-ingress \ - --debug \ - --dry-run -``` - -## Contributing - -We welcome all contributions. Please refer to [guidelines](../CONTRIBUTING.md) on how to make a contribution. diff --git a/charts/haproxy/haproxy/1.12.100/app-readme.md b/charts/haproxy/haproxy/1.12.100/app-readme.md deleted file mode 100755 index aae3d1bd8..000000000 --- a/charts/haproxy/haproxy/1.12.100/app-readme.md +++ /dev/null @@ -1,8 +0,0 @@ -# HAProxy -[HAProxy](https://www.haproxy.org/) is the world's fastest and most widely used software load balancer. HAProxy allows organizations to deliver websites and applications with the utmost performance, observability, and security at any scale and in any environment. - -# HAProxy Enterprise -[HAProxy Enterprise](https://www.haproxy.com/products/haproxy-enterprise-edition/) is an enterprise-class version of HAProxy providing a robust and reliable code base with cutting edge features, an enterprise suite of add-ons, expert support, and professional services. At its core, it incorporates feature backports from the HAProxy development branch for customers who require immediate access to the latest functionality in a hardened version of code. - -## Introduction -This chart bootstraps the [HAProxy Ingress Controller](https://github.com/haproxytech/kubernetes-ingress) or the [HAProxy Enterprise Ingress Controller](https://www.haproxy.com/products/haproxy-enterprise-kubernetes-ingress-controller/) using the [Helm](https://helm.sh) package manager. diff --git a/charts/haproxy/haproxy/1.12.100/ci/daemonset-customconfig-values.yaml b/charts/haproxy/haproxy/1.12.100/ci/daemonset-customconfig-values.yaml deleted file mode 100755 index 116158a14..000000000 --- a/charts/haproxy/haproxy/1.12.100/ci/daemonset-customconfig-values.yaml +++ /dev/null @@ -1,4 +0,0 @@ -controller: - kind: DaemonSet - config: - rate-limit: "ON" diff --git a/charts/haproxy/haproxy/1.12.100/ci/daemonset-customnodeport-values.yaml b/charts/haproxy/haproxy/1.12.100/ci/daemonset-customnodeport-values.yaml deleted file mode 100755 index c9de04c16..000000000 --- a/charts/haproxy/haproxy/1.12.100/ci/daemonset-customnodeport-values.yaml +++ /dev/null @@ -1,7 +0,0 @@ -controller: - kind: DaemonSet - service: - type: NodePort - ports: - 8000: 10000 - 8001: 10001 diff --git a/charts/haproxy/haproxy/1.12.100/ci/daemonset-default-values.yaml b/charts/haproxy/haproxy/1.12.100/ci/daemonset-default-values.yaml deleted file mode 100755 index ddb25623a..000000000 --- a/charts/haproxy/haproxy/1.12.100/ci/daemonset-default-values.yaml +++ /dev/null @@ -1,2 +0,0 @@ -controller: - kind: DaemonSet diff --git a/charts/haproxy/haproxy/1.12.100/ci/daemonset-disableddefaultbackend-values.yaml b/charts/haproxy/haproxy/1.12.100/ci/daemonset-disableddefaultbackend-values.yaml deleted file mode 100755 index 3a1687a33..000000000 --- a/charts/haproxy/haproxy/1.12.100/ci/daemonset-disableddefaultbackend-values.yaml +++ /dev/null @@ -1,4 +0,0 @@ -controller: - kind: DaemonSet -defaultBackend: - enabled: false diff --git a/charts/haproxy/haproxy/1.12.100/ci/daemonset-disabledsecretconfig-values.yaml b/charts/haproxy/haproxy/1.12.100/ci/daemonset-disabledsecretconfig-values.yaml deleted file mode 100755 index 362fbb982..000000000 --- a/charts/haproxy/haproxy/1.12.100/ci/daemonset-disabledsecretconfig-values.yaml +++ /dev/null @@ -1,4 +0,0 @@ -controller: - kind: DaemonSet - defaultTLSSecret: - enabled: false diff --git a/charts/haproxy/haproxy/1.12.100/ci/daemonset-enableports-values.yaml b/charts/haproxy/haproxy/1.12.100/ci/daemonset-enableports-values.yaml deleted file mode 100755 index 9a41dac52..000000000 --- a/charts/haproxy/haproxy/1.12.100/ci/daemonset-enableports-values.yaml +++ /dev/null @@ -1,7 +0,0 @@ -controller: - kind: DaemonSet - service: - enablePorts: - http: false - https: true - stat: false diff --git a/charts/haproxy/haproxy/1.12.100/ci/daemonset-extraargs-values.yaml b/charts/haproxy/haproxy/1.12.100/ci/daemonset-extraargs-values.yaml deleted file mode 100755 index 691acbc44..000000000 --- a/charts/haproxy/haproxy/1.12.100/ci/daemonset-extraargs-values.yaml +++ /dev/null @@ -1,4 +0,0 @@ -controller: - kind: DaemonSet - extraArgs: - - --namespace-whitelist=default diff --git a/charts/haproxy/haproxy/1.12.100/ci/daemonset-hostport-values.yaml b/charts/haproxy/haproxy/1.12.100/ci/daemonset-hostport-values.yaml deleted file mode 100755 index 45042ea50..000000000 --- a/charts/haproxy/haproxy/1.12.100/ci/daemonset-hostport-values.yaml +++ /dev/null @@ -1,8 +0,0 @@ -controller: - kind: DaemonSet - daemonset: - useHostPort: true - hostPorts: - http: 80 - https: 443 - stat: 1024 diff --git a/charts/haproxy/haproxy/1.12.100/ci/daemonset-nodeport-values.yaml b/charts/haproxy/haproxy/1.12.100/ci/daemonset-nodeport-values.yaml deleted file mode 100755 index ebc8f1020..000000000 --- a/charts/haproxy/haproxy/1.12.100/ci/daemonset-nodeport-values.yaml +++ /dev/null @@ -1,4 +0,0 @@ -controller: - kind: DaemonSet - service: - type: NodePort diff --git a/charts/haproxy/haproxy/1.12.100/ci/daemonset-publishservice-values.yaml b/charts/haproxy/haproxy/1.12.100/ci/daemonset-publishservice-values.yaml deleted file mode 100755 index b538cb542..000000000 --- a/charts/haproxy/haproxy/1.12.100/ci/daemonset-publishservice-values.yaml +++ /dev/null @@ -1,5 +0,0 @@ -controller: - kind: DaemonSet - service: - annotations: - service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0 diff --git a/charts/haproxy/haproxy/1.12.100/ci/daemonset-serviceannotation-values.yaml b/charts/haproxy/haproxy/1.12.100/ci/daemonset-serviceannotation-values.yaml deleted file mode 100755 index b538cb542..000000000 --- a/charts/haproxy/haproxy/1.12.100/ci/daemonset-serviceannotation-values.yaml +++ /dev/null @@ -1,5 +0,0 @@ -controller: - kind: DaemonSet - service: - annotations: - service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0 diff --git a/charts/haproxy/haproxy/1.12.100/ci/deployment-customconfig-values.yaml b/charts/haproxy/haproxy/1.12.100/ci/deployment-customconfig-values.yaml deleted file mode 100755 index 12c48d22d..000000000 --- a/charts/haproxy/haproxy/1.12.100/ci/deployment-customconfig-values.yaml +++ /dev/null @@ -1,3 +0,0 @@ -controller: - config: - rate-limit: "ON" diff --git a/charts/haproxy/haproxy/1.12.100/ci/deployment-customnodeport-values.yaml b/charts/haproxy/haproxy/1.12.100/ci/deployment-customnodeport-values.yaml deleted file mode 100755 index f044362aa..000000000 --- a/charts/haproxy/haproxy/1.12.100/ci/deployment-customnodeport-values.yaml +++ /dev/null @@ -1,6 +0,0 @@ -controller: - service: - type: NodePort - ports: - 8000: 10000 - 8001: 10001 diff --git a/charts/haproxy/haproxy/1.12.100/ci/deployment-default-values.yaml b/charts/haproxy/haproxy/1.12.100/ci/deployment-default-values.yaml deleted file mode 100755 index 792d60054..000000000 --- a/charts/haproxy/haproxy/1.12.100/ci/deployment-default-values.yaml +++ /dev/null @@ -1 +0,0 @@ -# diff --git a/charts/haproxy/haproxy/1.12.100/ci/deployment-disableddefaultbackend-values.yaml b/charts/haproxy/haproxy/1.12.100/ci/deployment-disableddefaultbackend-values.yaml deleted file mode 100755 index ba2a61ebe..000000000 --- a/charts/haproxy/haproxy/1.12.100/ci/deployment-disableddefaultbackend-values.yaml +++ /dev/null @@ -1,2 +0,0 @@ -defaultBackend: - enabled: false diff --git a/charts/haproxy/haproxy/1.12.100/ci/deployment-disabledsecretconfig-values.yaml b/charts/haproxy/haproxy/1.12.100/ci/deployment-disabledsecretconfig-values.yaml deleted file mode 100755 index 767645997..000000000 --- a/charts/haproxy/haproxy/1.12.100/ci/deployment-disabledsecretconfig-values.yaml +++ /dev/null @@ -1,3 +0,0 @@ -controller: - defaultTLSSecret: - enabled: false diff --git a/charts/haproxy/haproxy/1.12.100/ci/deployment-enableports-values.yaml b/charts/haproxy/haproxy/1.12.100/ci/deployment-enableports-values.yaml deleted file mode 100755 index 03ff297b4..000000000 --- a/charts/haproxy/haproxy/1.12.100/ci/deployment-enableports-values.yaml +++ /dev/null @@ -1,6 +0,0 @@ -controller: - service: - enablePorts: - http: false - https: true - stat: false diff --git a/charts/haproxy/haproxy/1.12.100/ci/deployment-extraargs-values.yaml b/charts/haproxy/haproxy/1.12.100/ci/deployment-extraargs-values.yaml deleted file mode 100755 index d0e1dbe73..000000000 --- a/charts/haproxy/haproxy/1.12.100/ci/deployment-extraargs-values.yaml +++ /dev/null @@ -1,3 +0,0 @@ -controller: - extraArgs: - - --namespace-whitelist=default diff --git a/charts/haproxy/haproxy/1.12.100/ci/deployment-hpa-values.yaml b/charts/haproxy/haproxy/1.12.100/ci/deployment-hpa-values.yaml deleted file mode 100755 index 0c8326236..000000000 --- a/charts/haproxy/haproxy/1.12.100/ci/deployment-hpa-values.yaml +++ /dev/null @@ -1,14 +0,0 @@ -controller: - kind: Deployment - autoscaling: - enabled: true - minReplicas: 1 - maxReplicas: 5 - targetCPUUtilizationPercentage: 80 - -defaultBackend: - autoscaling: - enabled: true - minReplicas: 1 - maxReplicas: 2 - targetCPUUtilizationPercentage: 50 diff --git a/charts/haproxy/haproxy/1.12.100/ci/deployment-nodeport-values.yaml b/charts/haproxy/haproxy/1.12.100/ci/deployment-nodeport-values.yaml deleted file mode 100755 index ffdc47b2d..000000000 --- a/charts/haproxy/haproxy/1.12.100/ci/deployment-nodeport-values.yaml +++ /dev/null @@ -1,3 +0,0 @@ -controller: - service: - type: NodePort diff --git a/charts/haproxy/haproxy/1.12.100/ci/deployment-psp-values.yaml b/charts/haproxy/haproxy/1.12.100/ci/deployment-psp-values.yaml deleted file mode 100755 index 7aae8605d..000000000 --- a/charts/haproxy/haproxy/1.12.100/ci/deployment-psp-values.yaml +++ /dev/null @@ -1,2 +0,0 @@ -podSecurityPolicy: - enabled: true diff --git a/charts/haproxy/haproxy/1.12.100/ci/deployment-publishservice-values.yaml b/charts/haproxy/haproxy/1.12.100/ci/deployment-publishservice-values.yaml deleted file mode 100755 index 6d8bf9bf7..000000000 --- a/charts/haproxy/haproxy/1.12.100/ci/deployment-publishservice-values.yaml +++ /dev/null @@ -1,4 +0,0 @@ -controller: - kind: DaemonSet - publishService: - enabled: true diff --git a/charts/haproxy/haproxy/1.12.100/ci/deployment-replicacount-unset.yaml b/charts/haproxy/haproxy/1.12.100/ci/deployment-replicacount-unset.yaml deleted file mode 100755 index 78ee30060..000000000 --- a/charts/haproxy/haproxy/1.12.100/ci/deployment-replicacount-unset.yaml +++ /dev/null @@ -1,5 +0,0 @@ -controller: - replicaCount: null - -defaultBackend: - replicaCount: null diff --git a/charts/haproxy/haproxy/1.12.100/questions.yml b/charts/haproxy/haproxy/1.12.100/questions.yml deleted file mode 100755 index 27ff89e72..000000000 --- a/charts/haproxy/haproxy/1.12.100/questions.yml +++ /dev/null @@ -1,73 +0,0 @@ -questions: -- variable: imageDefault - default: true - description: "Use default Docker image" - label: Use Default Image - type: boolean - group: "Settings" - show_subquestion_if: false - subquestions: - - variable: controller.image.tag - default: "1.4.6" - description: "HAProxy Ingress Controller Tag" - type: string - label: HAProxy Ingress Controller Tag -- variable: controller.kind - type: enum - options: - - "DaemonSet" - - "Deployment" - default: "Deployment" - description: "Deployment Type" - label: Deployment Type - group: "Settings" -- variable: controller.service.type - type: enum - options: - - "LoadBalancer" - - "NodePort" - default: "NodePort" - description: "Service Type for HAProxy Ingress Controller" - label: Service Type - group: "Settings" -- variable: controller.ingressClass - default: "" - description: "Ingress Class for targeting this controller" - label: Ingress Class - type: string - group: "Settings" -- variable: controller.defaultTLSSecret.secret - default: "" - description: "Default TLS certificate secret" - label: TLS Certificate Secret - type: string - group: "Settings" -- variable: enableEnterprise - default: false - description: "Use HAProxy Enterprise" - label: Enable - type: boolean - group: "HAProxy Enterprise" - show_subquestion_if: true - subquestions: - - variable: controller.imageCredentials.registry - type: string - default: "kubernetes-registry.haproxy.com" - description: "HAProxy Enterprise Registtry" - label: Registry - - variable: controller.image.repository - type: string - default: "kubernetes-registry.haproxy.com/hapee-ingress" - description: "HAProxy Enterprise Registry" - label: Repository - - variable: controller.imageCredentials.username - type: string - default: "MYUSERNAME" - description: "HAProxy Enterprise Username" - label: Username - - variable: controller.imageCredentials.password - type: string - default: "MYPASSWORD" - description: "HAProxy Enterprise Password" - label: Password - diff --git a/charts/haproxy/haproxy/1.12.100/templates/NOTES.txt b/charts/haproxy/haproxy/1.12.100/templates/NOTES.txt deleted file mode 100755 index 522e23017..000000000 --- a/charts/haproxy/haproxy/1.12.100/templates/NOTES.txt +++ /dev/null @@ -1,67 +0,0 @@ -HAProxy Kubernetes Ingress Controller has been successfully installed. - -Controller image deployed is: "{{ .Values.controller.image.repository }}:{{ tpl .Values.controller.image.tag . }}". -Your controller is of a "{{ .Values.controller.kind }}" kind. Your controller service is running as a "{{ .Values.controller.service.type }}" type. -{{- if and .Values.rbac.create}} -RBAC authorization is enabled. -{{- else}} -RBAC authorization is disabled. -{{- end}} -{{- if .Values.controller.ingressClass}} -Controller ingress.class is set to "{{ .Values.controller.ingressClass }}" so make sure to use same annotation for -Ingress resource. -{{- end}} - -Service ports mapped are: -{{- if eq .Values.controller.kind "Deployment" }} -{{- range $key, $value := .Values.controller.containerPort }} - - name: {{ $key }} - containerPort: {{ $value }} - protocol: TCP -{{- end }} -{{- end }} -{{- if eq .Values.controller.kind "DaemonSet" }} -{{- $hostPorts := .Values.controller.daemonset.hostPorts -}} -{{- range $key, $value := .Values.controller.containerPort }} - - name: {{ $key }} - containerPort: {{ $value }} - protocol: TCP - hostPort: {{ index $hostPorts $key | default $value }} -{{- end }} -{{- end }} - -Node IP can be found with: - $ kubectl --namespace {{ .Release.Namespace }} get nodes -o jsonpath="{.items[0].status.addresses[1].address}" - -The following ingress resource routes traffic to pods that match the following: - * service name: web - * client's Host header: webdemo.com - * path begins with / - - --- - apiVersion: networking.k8s.io/v1beta1 - kind: Ingress - metadata: - name: web-ingress - namespace: default - spec: - rules: - - host: webdemo.com - http: - paths: - - path: / - backend: - serviceName: web - servicePort: 80 - -In case that you are using multi-ingress controller environment, make sure to use ingress.class annotation and match it -with helm chart option controller.ingressClass. - -For more examples and up to date documentation, please visit: - * Helm chart documentation: https://github.com/haproxytech/helm-charts/tree/master/kubernetes-ingress - * Controller documentation: https://www.haproxy.com/documentation/hapee/2-0r1/traffic-management/kubernetes-ingress-controller/ - * Annotation reference: https://github.com/haproxytech/kubernetes-ingress/tree/master/documentation - * Image parameters reference: https://github.com/haproxytech/kubernetes-ingress/blob/master/documentation/controller.md - - - diff --git a/charts/haproxy/haproxy/1.12.100/templates/_helpers.tpl b/charts/haproxy/haproxy/1.12.100/templates/_helpers.tpl deleted file mode 100755 index 5a1e28588..000000000 --- a/charts/haproxy/haproxy/1.12.100/templates/_helpers.tpl +++ /dev/null @@ -1,130 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{/* -Expand the name of the chart. -*/}} -{{- define "kubernetes-ingress.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "kubernetes-ingress.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "kubernetes-ingress.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Encode an imagePullSecret string. -*/}} -{{- define "kubernetes-ingress.imagePullSecret" }} -{{- printf "{\"auths\": {\"%s\": {\"auth\": \"%s\"}}}" .Values.controller.imageCredentials.registry (printf "%s:%s" .Values.controller.imageCredentials.username .Values.controller.imageCredentials.password | b64enc) | b64enc }} -{{- end }} - -{{/* -Generate default certificate for HAProxy. -*/}} -{{- define "kubernetes-ingress.gen-certs" -}} -{{- $ca := genCA "kubernetes-ingress-ca" 365 -}} -{{- $cn := printf "%s.%s" .Release.Name .Release.Namespace -}} -{{- $cert := genSignedCert $cn nil nil 365 $ca -}} -tls.crt: {{ $cert.Cert | b64enc }} -tls.key: {{ $cert.Key | b64enc }} -{{- end -}} - -{{/* -Create the name of the controller service account to use. -*/}} -{{- define "kubernetes-ingress.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "kubernetes-ingress.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the backend service account to use - only used when podsecuritypolicy is also enabled -*/}} -{{- define "kubernetes-ingress.defaultBackend.serviceAccountName" -}} -{{- if or .Values.serviceAccount.create .Values.defaultBackend.serviceAccount.create -}} - {{ default (printf "%s-%s" (include "kubernetes-ingress.fullname" .) .Values.defaultBackend.name) .Values.defaultBackend.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.defaultBackend.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Create a default fully qualified default backend name. -*/}} -{{- define "kubernetes-ingress.defaultBackend.fullname" -}} -{{- printf "%s-%s" (include "kubernetes-ingress.fullname" .) .Values.defaultBackend.name | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified default cert secret name. -*/}} -{{- define "kubernetes-ingress.defaultTLSSecret.fullname" -}} -{{- printf "%s-%s" (include "kubernetes-ingress.fullname" .) "default-cert" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Construct the path for the publish-service. -By default this will use the / matching the controller's service name. -Users can provide an override for an explicit service they want to use via `.Values.controller.publishService.pathOverride` -*/}} -{{- define "kubernetes-ingress.publishServicePath" -}} -{{- $defServicePath := printf "%s/%s" .Release.Namespace (include "kubernetes-ingress.fullname" .) -}} -{{- $servicePath := default $defServicePath .Values.controller.publishService.pathOverride }} -{{- print $servicePath | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Construct the syslog-server annotation -*/}} -{{- define "kubernetes-ingress.syslogServer" -}} -{{- range $key, $val := .Values.controller.logging.traffic -}} -{{- printf "%s:%s, " $key $val }} -{{- end -}} -{{- end -}} - -{{/* -Create a default fully qualified ServiceMonitor name. -*/}} -{{- define "kubernetes-ingress.serviceMonitorName" -}} -{{- default (include "kubernetes-ingress.fullname" .) .Values.controller.serviceMonitor.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* vim: set filetype=mustache: */}} diff --git a/charts/haproxy/haproxy/1.12.100/templates/clusterrole.yaml b/charts/haproxy/haproxy/1.12.100/templates/clusterrole.yaml deleted file mode 100755 index 4f9b4734a..000000000 --- a/charts/haproxy/haproxy/1.12.100/templates/clusterrole.yaml +++ /dev/null @@ -1,60 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if and .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "kubernetes-ingress.fullname" . }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} -rules: -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - services - - namespaces - - events - - secrets - verbs: - - get - - list - - watch -- apiGroups: - - "extensions" - - "networking.k8s.io" - resources: - - ingresses - - ingresses/status - - ingressclasses - verbs: - - get - - list - - watch -- apiGroups: - - "extensions" - - "networking.k8s.io" - resources: - - ingresses/status - verbs: - - update -{{- end -}} diff --git a/charts/haproxy/haproxy/1.12.100/templates/clusterrolebinding.yaml b/charts/haproxy/haproxy/1.12.100/templates/clusterrolebinding.yaml deleted file mode 100755 index cfd226083..000000000 --- a/charts/haproxy/haproxy/1.12.100/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if and .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "kubernetes-ingress.fullname" . }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kubernetes-ingress.fullname" . }} -subjects: -- kind: ServiceAccount - name: {{ template "kubernetes-ingress.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end -}} - diff --git a/charts/haproxy/haproxy/1.12.100/templates/controller-configmap.yaml b/charts/haproxy/haproxy/1.12.100/templates/controller-configmap.yaml deleted file mode 100755 index 94aa9c554..000000000 --- a/charts/haproxy/haproxy/1.12.100/templates/controller-configmap.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "kubernetes-ingress.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} -data: -{{- if .Values.controller.logging.traffic }} - syslog-server: {{ template "kubernetes-ingress.syslogServer" . }} -{{- end }} -{{- if .Values.controller.config }} -{{ toYaml .Values.controller.config | indent 2 }} -{{- end }} diff --git a/charts/haproxy/haproxy/1.12.100/templates/controller-daemonset.yaml b/charts/haproxy/haproxy/1.12.100/templates/controller-daemonset.yaml deleted file mode 100755 index e892c4b8d..000000000 --- a/charts/haproxy/haproxy/1.12.100/templates/controller-daemonset.yaml +++ /dev/null @@ -1,234 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if eq .Values.controller.kind "DaemonSet" }} -{{- $useHostNetwork := .Values.controller.daemonset.useHostNetwork -}} -{{- $useHostPort := .Values.controller.daemonset.useHostPort -}} -{{- $hostPorts := .Values.controller.daemonset.hostPorts -}} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ template "kubernetes-ingress.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - {{- if .Values.controller.extraLabels }} -{{ toYaml .Values.controller.extraLabels | indent 4 }} - {{- end }} -spec: - minReadySeconds: 0 - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 1 - selector: - matchLabels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.controller.podLabels }} -{{ toYaml .Values.controller.podLabels | indent 8 }} - {{- end }} - {{- if .Values.controller.podAnnotations }} - annotations: -{{ toYaml .Values.controller.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: {{ template "kubernetes-ingress.serviceAccountName" . }} - terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }} - {{- if $useHostNetwork }} - hostNetwork: true - {{- end }} -{{- if .Values.controller.dnsConfig }} - dnsConfig: -{{ toYaml .Values.controller.dnsConfig | indent 8 }} -{{- end }} - dnsPolicy: {{ .Values.controller.dnsPolicy }} -{{- if .Values.controller.imageCredentials.registry }} - imagePullSecrets: - - name: {{ template "kubernetes-ingress.fullname" . }} -{{- end }} -{{- if .Values.controller.priorityClassName }} - priorityClassName: {{ .Values.controller.priorityClassName }} -{{- end }} - containers: - - name: {{ template "kubernetes-ingress.name" . }}-{{ .Values.controller.name }} - image: "{{ .Values.controller.image.repository }}:{{ tpl .Values.controller.image.tag . }}" - imagePullPolicy: {{ .Values.controller.image.pullPolicy }} - args: -{{- if and .Values.controller.defaultTLSSecret.enabled -}} -{{- if .Values.controller.defaultTLSSecret.secret }} - - --default-ssl-certificate={{ .Release.Namespace }}/{{ .Values.controller.defaultTLSSecret.secret }} -{{- else }} - - --default-ssl-certificate={{ .Release.Namespace }}/{{ template "kubernetes-ingress.defaultTLSSecret.fullname" . }} -{{- end }} -{{- end }} - - --configmap={{ .Release.Namespace }}/{{ template "kubernetes-ingress.fullname" . }} -{{- if .Values.defaultBackend.enabled }} - - --default-backend-service={{ .Release.Namespace }}/{{ template "kubernetes-ingress.defaultBackend.fullname" . }} -{{- end }} -{{- if .Values.controller.ingressClass }} - - --ingress.class={{ .Values.controller.ingressClass }} -{{- end }} -{{- if .Values.controller.publishService.enabled }} - - --publish-service={{ template "kubernetes-ingress.publishServicePath" . }} -{{- end }} -{{- if .Values.controller.logging.level }} - - --log={{ .Values.controller.logging.level }} -{{- end }} -{{- range .Values.controller.extraArgs }} - - {{ . }} -{{- end }} - {{- if .Values.controller.unprivileged }} - securityContext: - runAsUser: 1000 - runAsGroup: 1000 - capabilities: - drop: - - ALL - add: - - NET_BIND_SERVICE - {{- end }} - ports: - {{- range $key, $value := .Values.controller.containerPort }} - - name: {{ $key }} - containerPort: {{ $value }} - protocol: TCP - {{- if $useHostPort }} - hostPort: {{ index $hostPorts $key | default $value }} - {{- end }} - {{- end }} - {{- range .Values.controller.service.tcpPorts }} - - name: {{ .name }}-tcp - containerPort: {{ .port }} - protocol: TCP - {{- if $useHostPort }} - hostPort: {{ .port }} - {{- end }} - {{- end }} - livenessProbe: - failureThreshold: {{ .Values.controller.livenessProbe.failureThreshold }} - httpGet: - path: {{ .Values.controller.livenessProbe.path }} - port: {{ .Values.controller.livenessProbe.port }} - scheme: {{ .Values.controller.livenessProbe.scheme }} - initialDelaySeconds: {{ .Values.controller.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.controller.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.controller.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.controller.livenessProbe.timeoutSeconds }} - readinessProbe: - failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }} - httpGet: - path: {{ .Values.controller.readinessProbe.path }} - port: {{ .Values.controller.readinessProbe.port }} - scheme: {{ .Values.controller.readinessProbe.scheme }} - initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.controller.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }} - startupProbe: - failureThreshold: {{ .Values.controller.startupProbe.failureThreshold }} - httpGet: - path: {{ .Values.controller.startupProbe.path }} - port: {{ .Values.controller.startupProbe.port }} - scheme: {{ .Values.controller.startupProbe.scheme }} - initialDelaySeconds: {{ .Values.controller.startupProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.controller.startupProbe.periodSeconds }} - successThreshold: {{ .Values.controller.startupProbe.successThreshold }} - timeoutSeconds: {{ .Values.controller.startupProbe.timeoutSeconds }} - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - {{- range .Values.controller.extraEnvs }} - - name: "{{ .name }}" - value: "{{ .value }}" - {{- end }} - resources: - {{- toYaml .Values.controller.resources | nindent 12 }} - {{- if .Values.controller.lifecycle }} - lifecycle: - {{- if eq "string" (printf "%T" .Values.controller.lifecycle) }} -{{ tpl .Values.controller.lifecycle . | indent 12 }} - {{- else }} -{{ toYaml .Values.controller.lifecycle | indent 12 }} - {{- end }} - {{- end }} - {{- if .Values.controller.extraVolumeMounts }} - volumeMounts: - {{- if eq "string" (printf "%T" .Values.controller.extraVolumeMounts) }} -{{ tpl .Values.controller.extraVolumeMounts . | indent 12 }} - {{- else }} -{{ toYaml .Values.controller.extraVolumeMounts | indent 12 }} - {{- end }} - {{- end}} - {{- if .Values.controller.extraContainers }} - {{- if eq "string" (printf "%T" .Values.controller.extraContainers) }} -{{ tpl .Values.controller.extraContainers . | indent 8 }} - {{- else }} -{{ toYaml .Values.controller.extraContainers | indent 8 }} - {{- end }} - {{- end }} - {{- if .Values.controller.extraVolumes }} - volumes: - {{- if eq "string" (printf "%T" .Values.controller.extraVolumes) }} -{{ tpl .Values.controller.extraVolumes . | indent 8 }} - {{- else }} -{{ toYaml .Values.controller.extraVolumes | indent 8 }} - {{- end }} - {{- end }} - {{- if or .Values.controller.unprivileged .Values.controller.initContainers }} - initContainers: - {{- if .Values.controller.unprivileged }} - - name: sysctl - image: busybox:musl - command: - - /bin/sh - - -c - - sysctl -w net.ipv4.ip_unprivileged_port_start=0 - securityContext: - privileged: true - {{- end }} - {{- with.Values.controller.initContainers }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- end }} - {{- with .Values.controller.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.controller.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.controller.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} -{{- end }} diff --git a/charts/haproxy/haproxy/1.12.100/templates/controller-defaultcertsecret.yaml b/charts/haproxy/haproxy/1.12.100/templates/controller-defaultcertsecret.yaml deleted file mode 100755 index b409c7b25..000000000 --- a/charts/haproxy/haproxy/1.12.100/templates/controller-defaultcertsecret.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if .Values.controller.defaultTLSSecret.enabled }} -apiVersion: v1 -kind: Secret -type: kubernetes.io/tls -metadata: - name: {{ template "kubernetes-ingress.defaultTLSSecret.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - annotations: - "helm.sh/hook": "pre-install" - "helm.sh/hook-delete-policy": "before-hook-creation" -data: -{{ ( include "kubernetes-ingress.gen-certs" . ) | indent 2 }} -{{- end }} \ No newline at end of file diff --git a/charts/haproxy/haproxy/1.12.100/templates/controller-deployment.yaml b/charts/haproxy/haproxy/1.12.100/templates/controller-deployment.yaml deleted file mode 100755 index 2868add91..000000000 --- a/charts/haproxy/haproxy/1.12.100/templates/controller-deployment.yaml +++ /dev/null @@ -1,222 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if eq .Values.controller.kind "Deployment" }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "kubernetes-ingress.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - {{- if .Values.controller.extraLabels }} -{{ toYaml .Values.controller.extraLabels | indent 4 }} - {{- end }} -spec: - {{- if not .Values.controller.autoscaling.enabled }} - replicas: {{ .Values.controller.replicaCount }} - {{- end }} - selector: - matchLabels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- with .Values.controller.strategy }} - strategy: - {{- toYaml . | nindent 4 }} - {{- end }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.controller.podLabels }} -{{ toYaml .Values.controller.podLabels | indent 8 }} - {{- end }} - {{- if .Values.controller.podAnnotations }} - annotations: -{{ toYaml .Values.controller.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: {{ template "kubernetes-ingress.serviceAccountName" . }} - terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }} -{{- if .Values.controller.dnsConfig }} - dnsConfig: -{{ toYaml .Values.controller.dnsConfig | indent 8 }} -{{- end }} - dnsPolicy: {{ .Values.controller.dnsPolicy }} -{{- if .Values.controller.imageCredentials.registry }} - imagePullSecrets: - - name: {{ template "kubernetes-ingress.fullname" . }} -{{- end }} -{{- if .Values.controller.priorityClassName }} - priorityClassName: {{ .Values.controller.priorityClassName }} -{{- end }} - containers: - - name: {{ template "kubernetes-ingress.name" . }}-{{ .Values.controller.name }} - image: "{{ .Values.controller.image.repository }}:{{ tpl .Values.controller.image.tag . }}" - imagePullPolicy: {{ .Values.controller.image.pullPolicy }} - args: -{{- if .Values.controller.defaultTLSSecret.secret }} - - --default-ssl-certificate={{ .Release.Namespace }}/{{ .Values.controller.defaultTLSSecret.secret }} -{{- else }} - - --default-ssl-certificate={{ .Release.Namespace }}/{{ template "kubernetes-ingress.defaultTLSSecret.fullname" . }} -{{- end }} - - --configmap={{ .Release.Namespace }}/{{ template "kubernetes-ingress.fullname" . }} -{{- if .Values.defaultBackend.enabled }} - - --default-backend-service={{ .Release.Namespace }}/{{ template "kubernetes-ingress.defaultBackend.fullname" . }} -{{- end }} -{{- if .Values.controller.ingressClass }} - - --ingress.class={{ .Values.controller.ingressClass }} -{{- end }} -{{- if .Values.controller.publishService.enabled }} - - --publish-service={{ template "kubernetes-ingress.publishServicePath" . }} -{{- end }} -{{- if .Values.controller.logging.level }} - - --log={{ .Values.controller.logging.level }} -{{- end }} -{{- range .Values.controller.extraArgs }} - - {{ . }} -{{- end }} - {{- if .Values.controller.unprivileged }} - securityContext: - runAsUser: 1000 - runAsGroup: 1000 - capabilities: - drop: - - ALL - add: - - NET_BIND_SERVICE - {{- end }} - ports: - {{- range $key, $value := .Values.controller.containerPort }} - - name: {{ $key }} - containerPort: {{ $value }} - protocol: TCP - {{- end }} - {{- range .Values.controller.service.tcpPorts }} - - name: {{ .name }}-tcp - containerPort: {{ .targetPort }} - protocol: TCP - {{- end }} - livenessProbe: - failureThreshold: {{ .Values.controller.livenessProbe.failureThreshold }} - httpGet: - path: {{ .Values.controller.livenessProbe.path }} - port: {{ .Values.controller.livenessProbe.port }} - scheme: {{ .Values.controller.livenessProbe.scheme }} - initialDelaySeconds: {{ .Values.controller.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.controller.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.controller.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.controller.livenessProbe.timeoutSeconds }} - readinessProbe: - failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }} - httpGet: - path: {{ .Values.controller.readinessProbe.path }} - port: {{ .Values.controller.readinessProbe.port }} - scheme: {{ .Values.controller.readinessProbe.scheme }} - initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.controller.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }} - startupProbe: - failureThreshold: {{ .Values.controller.startupProbe.failureThreshold }} - httpGet: - path: {{ .Values.controller.startupProbe.path }} - port: {{ .Values.controller.startupProbe.port }} - scheme: {{ .Values.controller.startupProbe.scheme }} - initialDelaySeconds: {{ .Values.controller.startupProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.controller.startupProbe.periodSeconds }} - successThreshold: {{ .Values.controller.startupProbe.successThreshold }} - timeoutSeconds: {{ .Values.controller.startupProbe.timeoutSeconds }} - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - {{- range .Values.controller.extraEnvs }} - - name: {{ .name }} - value: {{ .value }} - {{- end }} - resources: - {{- toYaml .Values.controller.resources | nindent 12 }} - {{- if .Values.controller.lifecycle }} - lifecycle: - {{- if eq "string" (printf "%T" .Values.controller.lifecycle) }} -{{ tpl .Values.controller.lifecycle . | indent 12 }} - {{- else }} -{{ toYaml .Values.controller.lifecycle | indent 12 }} - {{- end }} - {{- end }} - {{- if .Values.controller.extraVolumeMounts }} - volumeMounts: - {{- if eq "string" (printf "%T" .Values.controller.extraVolumeMounts) }} -{{ tpl .Values.controller.extraVolumeMounts . | indent 12 }} - {{- else }} -{{ toYaml .Values.controller.extraVolumeMounts | indent 12 }} - {{- end }} - {{- end}} - {{- if .Values.controller.extraContainers }} - {{- if eq "string" (printf "%T" .Values.controller.extraContainers) }} -{{ tpl .Values.controller.extraContainers . | indent 8 }} - {{- else }} -{{ toYaml .Values.controller.extraContainers | indent 8 }} - {{- end }} - {{- end }} - {{- if .Values.controller.extraVolumes }} - volumes: - {{- if eq "string" (printf "%T" .Values.controller.extraVolumes) }} -{{ tpl .Values.controller.extraVolumes . | indent 8 }} - {{- else }} -{{ toYaml .Values.controller.extraVolumes | indent 8 }} - {{- end }} - {{- end }} - {{- if or .Values.controller.unprivileged .Values.controller.initContainers }} - initContainers: - {{- if .Values.controller.unprivileged }} - - name: sysctl - image: busybox:musl - command: - - /bin/sh - - -c - - sysctl -w net.ipv4.ip_unprivileged_port_start=0 - securityContext: - privileged: true - {{- end }} - {{- with.Values.controller.initContainers }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- end }} - {{- with .Values.controller.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.controller.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.controller.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} -{{- end }} diff --git a/charts/haproxy/haproxy/1.12.100/templates/controller-hpa.yaml b/charts/haproxy/haproxy/1.12.100/templates/controller-hpa.yaml deleted file mode 100755 index 102b23439..000000000 --- a/charts/haproxy/haproxy/1.12.100/templates/controller-hpa.yaml +++ /dev/null @@ -1,49 +0,0 @@ -{{/* -Copyright 2020 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if and (eq .Values.controller.kind "Deployment") .Values.controller.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: {{ template "kubernetes-ingress.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ template "kubernetes-ingress.fullname" . }} - minReplicas: {{ .Values.controller.autoscaling.minReplicas }} - maxReplicas: {{ .Values.controller.autoscaling.maxReplicas }} - metrics: - {{- if .Values.controller.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ .Values.controller.autoscaling.targetCPUUtilizationPercentage }} - {{- end }} - {{- if .Values.controller.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - targetAverageUtilization: {{ .Values.controller.autoscaling.targetMemoryUtilizationPercentage }} - {{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/haproxy/haproxy/1.12.100/templates/controller-podsecuritypolicy.yaml b/charts/haproxy/haproxy/1.12.100/templates/controller-podsecuritypolicy.yaml deleted file mode 100755 index 7851e2acf..000000000 --- a/charts/haproxy/haproxy/1.12.100/templates/controller-podsecuritypolicy.yaml +++ /dev/null @@ -1,80 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled }} -{{- $useHostNetwork := .Values.controller.daemonset.useHostNetwork }} -{{- $useHostPort := .Values.controller.daemonset.useHostPort }} -{{- $hostPorts := .Values.controller.daemonset.hostPorts -}} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: -{{- if .Values.podSecurityPolicy.annotations }} - annotations: -{{ toYaml .Values.podSecurityPolicy.annotations | indent 4 }} -{{- end }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - name: {{ template "kubernetes-ingress.fullname" . }} - annotations: - seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default,runtime/default' - apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default' - seccomp.security.alpha.kubernetes.io/defaultProfileName: 'runtime/default' - apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' -spec: - allowPrivilegeEscalation: false - allowedCapabilities: - - NET_BIND_SERVICE - defaultAllowPrivilegeEscalation: false - fsGroup: - rule: MustRunAs - ranges: - - max: 65535 - min: 1 -{{- if $useHostNetwork }} - hostNetwork: true -{{- end }} -{{- if or $useHostPort $useHostNetwork }} - hostPorts: -{{- range $key, $value := .Values.controller.containerPort }} - - min: {{ $value }} - max: {{ $value }} -{{- end }} -{{- range .Values.controller.service.tcpPorts }} - - min: {{ .port }} - max: {{ .port }} -{{- end }} -{{- end }} - hostIPC: false - hostPID: false - privileged: false - runAsUser: - rule: RunAsAny - seLinux: - rule: RunAsAny - supplementalGroups: - rule: MustRunAs - ranges: - - max: 65535 - min: 1 - volumes: - - configMap - - downwardAPI - - secret -{{- end }} diff --git a/charts/haproxy/haproxy/1.12.100/templates/controller-pullsecret.yaml b/charts/haproxy/haproxy/1.12.100/templates/controller-pullsecret.yaml deleted file mode 100755 index 88252394c..000000000 --- a/charts/haproxy/haproxy/1.12.100/templates/controller-pullsecret.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if .Values.controller.imageCredentials.registry }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "kubernetes-ingress.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} -type: kubernetes.io/dockerconfigjson -data: - .dockerconfigjson: {{ template "kubernetes-ingress.imagePullSecret" . }} -{{- end }} diff --git a/charts/haproxy/haproxy/1.12.100/templates/controller-role.yaml b/charts/haproxy/haproxy/1.12.100/templates/controller-role.yaml deleted file mode 100755 index 3e41df6e4..000000000 --- a/charts/haproxy/haproxy/1.12.100/templates/controller-role.yaml +++ /dev/null @@ -1,38 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "kubernetes-ingress.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} -rules: -- apiGroups: - - "policy" - resources: - - podsecuritypolicies - verbs: - - use - resourceNames: - - {{ template "kubernetes-ingress.fullname" . }} -{{- end -}} diff --git a/charts/haproxy/haproxy/1.12.100/templates/controller-rolebinding.yaml b/charts/haproxy/haproxy/1.12.100/templates/controller-rolebinding.yaml deleted file mode 100755 index 40404a401..000000000 --- a/charts/haproxy/haproxy/1.12.100/templates/controller-rolebinding.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "kubernetes-ingress.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "kubernetes-ingress.fullname" . }} -subjects: -- kind: ServiceAccount - name: {{ template "kubernetes-ingress.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/charts/haproxy/haproxy/1.12.100/templates/controller-service.yaml b/charts/haproxy/haproxy/1.12.100/templates/controller-service.yaml deleted file mode 100755 index eb2eea381..000000000 --- a/charts/haproxy/haproxy/1.12.100/templates/controller-service.yaml +++ /dev/null @@ -1,101 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if .Values.controller.service.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "kubernetes-ingress.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} -{{- if .Values.controller.service.labels }} -{{ toYaml .Values.controller.service.labels | indent 4 }} -{{- end }} - annotations: -{{- range $key, $value := .Values.controller.service.annotations }} - {{ $key }}: {{ $value | quote }} -{{- end }} -spec: - {{ with .Values.controller.service.clusterIP }}clusterIP: {{ . }}{{ end }} - type: {{ .Values.controller.service.type }} - {{- if .Values.controller.service.externalTrafficPolicy }} - externalTrafficPolicy: {{ .Values.controller.service.externalTrafficPolicy }} - {{- end }} - {{- if .Values.controller.service.healthCheckNodePort }} - healthCheckNodePort: {{ .Values.controller.service.healthCheckNodePort }} - {{- end }} - ports: - {{- if .Values.controller.service.enablePorts.http }} - - name: http - port: {{ .Values.controller.service.ports.http }} - protocol: TCP - targetPort: {{ .Values.controller.service.targetPorts.http }} - {{- if .Values.controller.service.nodePorts.http }} - nodePort: {{ .Values.controller.service.nodePorts.http }} - {{- end }} - {{- end }} - {{- if .Values.controller.service.enablePorts.https }} - - name: https - port: {{ .Values.controller.service.ports.https }} - protocol: TCP - targetPort: {{ .Values.controller.service.targetPorts.https }} - {{- if .Values.controller.service.nodePorts.https }} - nodePort: {{ .Values.controller.service.nodePorts.https }} - {{- end }} - {{- end }} - {{- if .Values.controller.service.enablePorts.stat }} - - name: stat - port: {{ .Values.controller.service.ports.stat }} - protocol: TCP - targetPort: {{ .Values.controller.service.targetPorts.stat }} - {{- if .Values.controller.service.nodePorts.stat }} - nodePort: {{ .Values.controller.service.nodePorts.stat }} - {{- end }} - {{- end }} - {{- range .Values.controller.service.tcpPorts }} - - name: {{ .name }}-tcp - port: {{ .port }} - protocol: TCP - targetPort: {{ .targetPort }} - {{- if .nodePort }} - nodePort: {{ .nodePort }} - {{- end }} - {{- end }} - selector: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.controller.service.sessionAffinity }} - sessionAffinity: {{ .Values.controller.service.sessionAffinity }} - {{- end }} - externalIPs: -{{- if .Values.controller.service.externalIPs }} -{{ toYaml .Values.controller.service.externalIPs | indent 4 }} -{{- end -}} -{{- if (eq .Values.controller.service.type "LoadBalancer") }} -{{- if .Values.controller.service.loadBalancerIP }} - loadBalancerIP: "{{ .Values.controller.service.loadBalancerIP }}" -{{- end }} -{{- if .Values.controller.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml .Values.controller.service.loadBalancerSourceRanges | indent 4 }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/haproxy/haproxy/1.12.100/templates/controller-serviceaccount.yaml b/charts/haproxy/haproxy/1.12.100/templates/controller-serviceaccount.yaml deleted file mode 100755 index c90710990..000000000 --- a/charts/haproxy/haproxy/1.12.100/templates/controller-serviceaccount.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if or .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "kubernetes-ingress.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} -{{- end -}} diff --git a/charts/haproxy/haproxy/1.12.100/templates/controller-servicemonitor.yaml b/charts/haproxy/haproxy/1.12.100/templates/controller-servicemonitor.yaml deleted file mode 100755 index 0f4c2c3af..000000000 --- a/charts/haproxy/haproxy/1.12.100/templates/controller-servicemonitor.yaml +++ /dev/null @@ -1,41 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if .Values.controller.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "kubernetes-ingress.serviceMonitorName" . }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - {{- if .Values.controller.serviceMonitor.extraLabels }} - {{ toYaml .Values.controller.serviceMonitor.extraLabels | nindent 4 }} - {{- end }} -spec: - endpoints: - {{ .Values.controller.serviceMonitor.endpoints | toYaml | nindent 4 }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} - selector: - matchLabels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} diff --git a/charts/haproxy/haproxy/1.12.100/templates/default-backend-deployment.yaml b/charts/haproxy/haproxy/1.12.100/templates/default-backend-deployment.yaml deleted file mode 100755 index 9331f5f35..000000000 --- a/charts/haproxy/haproxy/1.12.100/templates/default-backend-deployment.yaml +++ /dev/null @@ -1,84 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if .Values.defaultBackend.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} -spec: - {{- if not .Values.defaultBackend.autoscaling.enabled }} - replicas: {{ .Values.defaultBackend.replicaCount }} - {{- end }} - selector: - matchLabels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.defaultBackend.podLabels }} -{{ toYaml .Values.defaultBackend.podLabels | indent 8 }} - {{- end }} - {{- if .Values.defaultBackend.podAnnotations }} - annotations: -{{ toYaml .Values.defaultBackend.podAnnotations | indent 8 }} - {{- end }} - spec: -{{- if .Values.controller.priorityClassName }} - priorityClassName: {{ .Values.controller.priorityClassName }} -{{- end }} - containers: - - name: {{ template "kubernetes-ingress.name" . }}-{{ .Values.defaultBackend.name }} - image: "{{ .Values.defaultBackend.image.repository }}:{{ .Values.defaultBackend.image.tag }}" - imagePullPolicy: {{ .Values.defaultBackend.image.pullPolicy }} - ports: - - name: http - containerPort: {{ .Values.defaultBackend.containerPort }} - protocol: TCP - {{- if .Values.defaultBackend.extraEnvs }} - env: - {{- range .Values.defaultBackend.extraEnvs }} - - name: "{{ .name }}" - value: "{{ .value }}" - {{- end }} - {{- end }} - resources: - {{- toYaml .Values.defaultBackend.resources | nindent 12 }} - {{- with .Values.defaultBackend.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.defaultBackend.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ template "kubernetes-ingress.defaultBackend.serviceAccountName" . }} - terminationGracePeriodSeconds: 60 - {{- with .Values.defaultBackend.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} -{{- end }} diff --git a/charts/haproxy/haproxy/1.12.100/templates/default-backend-hpa.yaml b/charts/haproxy/haproxy/1.12.100/templates/default-backend-hpa.yaml deleted file mode 100755 index 0fd8a65b7..000000000 --- a/charts/haproxy/haproxy/1.12.100/templates/default-backend-hpa.yaml +++ /dev/null @@ -1,49 +0,0 @@ -{{/* -Copyright 2020 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if and .Values.defaultBackend.autoscaling.enabled .Values.defaultBackend.enabled }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }} - minReplicas: {{ .Values.defaultBackend.autoscaling.minReplicas }} - maxReplicas: {{ .Values.defaultBackend.autoscaling.maxReplicas }} - metrics: - {{- if .Values.defaultBackend.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ .Values.defaultBackend.autoscaling.targetCPUUtilizationPercentage }} - {{- end }} - {{- if .Values.defaultBackend.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - targetAverageUtilization: {{ .Values.defaultBackend.autoscaling.targetMemoryUtilizationPercentage }} - {{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/haproxy/haproxy/1.12.100/templates/default-backend-podsecuritypolicy.yaml b/charts/haproxy/haproxy/1.12.100/templates/default-backend-podsecuritypolicy.yaml deleted file mode 100755 index 82397b57b..000000000 --- a/charts/haproxy/haproxy/1.12.100/templates/default-backend-podsecuritypolicy.yaml +++ /dev/null @@ -1,64 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: -{{- if .Values.podSecurityPolicy.annotations }} - annotations: -{{ toYaml .Values.podSecurityPolicy.annotations | indent 4 }} -{{- end }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }} - annotations: - seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default,runtime/default' - apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default' - seccomp.security.alpha.kubernetes.io/defaultProfileName: 'runtime/default' - apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' -spec: - allowPrivilegeEscalation: false - allowedCapabilities: - - NET_BIND_SERVICE - defaultAllowPrivilegeEscalation: false - fsGroup: - rule: MustRunAs - ranges: - - max: 65535 - min: 1 - hostNetwork: false - hostIPC: false - hostPID: false - privileged: false - runAsUser: - rule: RunAsAny - seLinux: - rule: RunAsAny - supplementalGroups: - rule: MustRunAs - ranges: - - max: 65535 - min: 1 - volumes: - - configMap - - downwardAPI - - secret -{{- end }} diff --git a/charts/haproxy/haproxy/1.12.100/templates/default-backend-role.yaml b/charts/haproxy/haproxy/1.12.100/templates/default-backend-role.yaml deleted file mode 100755 index 8475d04fc..000000000 --- a/charts/haproxy/haproxy/1.12.100/templates/default-backend-role.yaml +++ /dev/null @@ -1,38 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} -rules: -- apiGroups: - - "policy" - resources: - - podsecuritypolicies - verbs: - - use - resourceNames: - - {{ template "kubernetes-ingress.defaultBackend.fullname" . }} -{{- end -}} diff --git a/charts/haproxy/haproxy/1.12.100/templates/default-backend-rolebinding.yaml b/charts/haproxy/haproxy/1.12.100/templates/default-backend-rolebinding.yaml deleted file mode 100755 index 3a94e9418..000000000 --- a/charts/haproxy/haproxy/1.12.100/templates/default-backend-rolebinding.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }} -subjects: -- kind: ServiceAccount - name: {{ template "kubernetes-ingress.defaultBackend.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/charts/haproxy/haproxy/1.12.100/templates/default-backend-service.yaml b/charts/haproxy/haproxy/1.12.100/templates/default-backend-service.yaml deleted file mode 100755 index 6e0cf0e98..000000000 --- a/charts/haproxy/haproxy/1.12.100/templates/default-backend-service.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if .Values.defaultBackend.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} -spec: - type: ClusterIP - clusterIP: None - ports: - - name: http - port: {{ .Values.defaultBackend.service.port }} - protocol: TCP - targetPort: http - selector: - app.kubernetes.io/name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }} - app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} diff --git a/charts/haproxy/haproxy/1.12.100/templates/default-backend-serviceaccount.yaml b/charts/haproxy/haproxy/1.12.100/templates/default-backend-serviceaccount.yaml deleted file mode 100755 index 3c0853b14..000000000 --- a/charts/haproxy/haproxy/1.12.100/templates/default-backend-serviceaccount.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if and .Values.serviceAccount.create .Values.defaultBackend.serviceAccount.create .Values.defaultBackend.enabled -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "kubernetes-ingress.defaultBackend.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} -{{- end -}} diff --git a/charts/haproxy/haproxy/1.12.100/values.yaml b/charts/haproxy/haproxy/1.12.100/values.yaml deleted file mode 100755 index 0ca2b7932..000000000 --- a/charts/haproxy/haproxy/1.12.100/values.yaml +++ /dev/null @@ -1,157 +0,0 @@ -controller: - affinity: {} - autoscaling: - enabled: false - maxReplicas: 20 - minReplicas: 2 - targetCPUUtilizationPercentage: 80 - config: {} - containerPort: - http: 80 - https: 443 - stat: 1024 - daemonset: - hostPorts: - http: 80 - https: 443 - stat: 1024 - useHostNetwork: false - useHostPort: false - defaultTLSSecret: - enabled: true - secret: null - dnsConfig: {} - dnsPolicy: ClusterFirst - extraArgs: [] - extraContainers: [] - extraEnvs: [] - extraLabels: {} - extraVolumeMounts: [] - extraVolumes: [] - image: - pullPolicy: IfNotPresent - repository: haproxytech/kubernetes-ingress - tag: '{{ .Chart.AppVersion }}' - imageCredentials: - password: null - registry: null - username: null - ingressClass: null - initContainers: [] - kind: Deployment - lifecycle: {} - livenessProbe: - failureThreshold: 3 - initialDelaySeconds: 0 - path: /healthz - periodSeconds: 10 - port: 1042 - scheme: HTTP - successThreshold: 1 - timeoutSeconds: 1 - logging: - level: info - traffic: {} - name: controller - nodeSelector: {} - podAnnotations: {} - podLabels: {} - priorityClassName: "" - publishService: - enabled: false - pathOverride: "" - readinessProbe: - failureThreshold: 3 - initialDelaySeconds: 0 - path: /healthz - periodSeconds: 10 - port: 1042 - scheme: HTTP - successThreshold: 1 - timeoutSeconds: 1 - replicaCount: 2 - resources: - requests: - cpu: 100m - memory: 64Mi - service: - annotations: {} - enablePorts: - http: true - https: true - stat: true - enabled: true - externalIPs: [] - healthCheckNodePort: 0 - labels: {} - loadBalancerIP: "" - loadBalancerSourceRanges: [] - nodePorts: {} - ports: - http: 80 - https: 443 - stat: 1024 - targetPorts: - http: http - https: https - stat: stat - tcpPorts: [] - type: NodePort - serviceMonitor: - enabled: false - endpoints: - - path: /metrics - port: stat - scheme: http - extraLabels: {} - startupProbe: - failureThreshold: 20 - initialDelaySeconds: 0 - path: /healthz - periodSeconds: 1 - port: 1042 - scheme: HTTP - successThreshold: 1 - timeoutSeconds: 1 - strategy: {} - terminationGracePeriodSeconds: 60 - tolerations: [] - unprivileged: false -defaultBackend: - affinity: {} - autoscaling: - enabled: false - maxReplicas: 2 - minReplicas: 1 - targetCPUUtilizationPercentage: 80 - containerPort: 8080 - enabled: true - extraEnvs: [] - image: - pullPolicy: IfNotPresent - repository: k8s.gcr.io/defaultbackend-amd64 - runAsUser: 65534 - tag: 1.5 - name: default-backend - nodeSelector: {} - podAnnotations: {} - podLabels: {} - priorityClassName: "" - replicaCount: 2 - resources: - requests: - cpu: 10m - memory: 16Mi - service: - port: 8080 - serviceAccount: - create: true - tolerations: [] -podSecurityPolicy: - annotations: {} - enabled: false -rbac: - create: true -serviceAccount: - create: true - name: null diff --git a/charts/haproxy/haproxy/1.12.500+up1.12.5/.helmignore b/charts/haproxy/haproxy/1.12.500+up1.12.5/.helmignore deleted file mode 100644 index f0c131944..000000000 --- a/charts/haproxy/haproxy/1.12.500+up1.12.5/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/haproxy/haproxy/1.12.500+up1.12.5/Chart.yaml b/charts/haproxy/haproxy/1.12.500+up1.12.5/Chart.yaml deleted file mode 100644 index d5a0b69b2..000000000 --- a/charts/haproxy/haproxy/1.12.500+up1.12.5/Chart.yaml +++ /dev/null @@ -1,23 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: haproxy -apiVersion: v1 -appVersion: 1.5.4 -description: A Helm chart for HAProxy Kubernetes Ingress Controller -home: https://github.com/haproxytech/helm-charts/tree/master/kubernetes-ingress -icon: http://www.haproxy.org/img/HAProxyCommunityEdition_60px.png -keywords: -- ingress -- haproxy -kubeVersion: '>=1.12.0-0' -maintainers: -- email: mmhedhbi@haproxy.com - name: Moemen Mhedhbi -- email: bassmann@haproxy.com - name: Baptiste Assmann -- email: dkorunic@haproxy.com - name: Dinko Korunic -name: haproxy -sources: -- https://github.com/haproxytech/kubernetes-ingress -version: 1.12.500+up1.12.5 diff --git a/charts/haproxy/haproxy/1.12.500+up1.12.5/README.md b/charts/haproxy/haproxy/1.12.500+up1.12.5/README.md deleted file mode 100644 index c7534e846..000000000 --- a/charts/haproxy/haproxy/1.12.500+up1.12.5/README.md +++ /dev/null @@ -1,208 +0,0 @@ -# ![HAProxy](https://github.com/haproxytech/kubernetes-ingress/raw/master/assets/images/haproxy-weblogo-210x49.png "HAProxy") - -## HAProxy Kubernetes Ingress Controller - -An ingress controller is a Kubernetes resource that routes traffic from outside your cluster to services within the cluster. HAProxy Kubernetes Ingress Controller uses ConfigMap to store the haproxy configuration. - -Detailed documentation can be found within the [Official Documentation](https://www.haproxy.com/documentation/hapee/2-0r1/traffic-management/kubernetes-ingress-controller/). - -Additional configuration details can be found in [annotation reference](https://github.com/haproxytech/kubernetes-ingress/tree/master/documentation) and in image [arguments reference](https://github.com/haproxytech/kubernetes-ingress/blob/master/documentation/controller.md). - -## Introduction - -This chart bootstraps an HAProxy kubernetes-ingress deployment/daemonset on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -### Prerequisites - -- Kubernetes 1.12+ -- Helm 2.9+ - -## Before you begin - -### Setup a Kubernetes Cluster - -The quickest way to setup a Kubernetes cluster is with [Azure Kubernetes Service](https://azure.microsoft.com/en-us/services/kubernetes-service/), [AWS Elastic Kubernetes Service](https://aws.amazon.com/eks/) or [Google Kubernetes Engine](https://cloud.google.com/kubernetes-engine/) using their respective quick-start guides. - -For setting up Kubernetes on other cloud platforms or bare-metal servers refer to the Kubernetes [getting started guide](http://kubernetes.io/docs/getting-started-guides/). - -### Install Helm - -Get the latest [Helm release](https://github.com/helm/helm#install). - -### Add Helm chart repo - -Once you have Helm installed, add the repo as follows: - -```console -helm repo add haproxytech https://haproxytech.github.io/helm-charts -helm repo update -``` - -## Install the chart - -To install the chart with Helm v3 as *my-release* deployment: - -```console -helm install my-release haproxytech/kubernetes-ingress -``` - -***NOTE***: To install the chart with Helm v2 (legacy Helm) the syntax requires adding deployment name to `--name` parameter: - -```console -helm install haproxytech/kubernetes-ingress \ - --name my-release -``` - -### Installing with unique name - -To auto-generate controller and its resources names when installing, use the following: - -```console -helm install haproxytech/kubernetes-ingress \ - --generate-name -``` - -### Installing from a private registry - -To install the chart using a private registry for controller into a separate namespace *prod*. - -***NOTE***: Helm v3 requires namespace to be precreated (eg. with ```kubectl create namespace prod```) - -```console -helm install my-ingress haproxytech/kubernetes-ingress \ - --namespace prod \ - --set controller.image.tag=SOMETAG \ - --set controller.imageCredentials.registry=myregistry.domain.com \ - --set controller.imageCredentials.username=MYUSERNAME \ - --set controller.imageCredentials.password=MYPASSWORD -``` - -Alternatively, use a pre-configured (existing) imagePullSecret in the same namespace: - -```console -helm install my-ingress haproxytech/kubernetes-ingress \ - --namespace prod \ - --set controller.image.tag=SOMETAG \ - --set controller.existingImagePullSecret name-of-existing-image-pull-secret -``` - -### Installing as DaemonSet - -Default controller mode is [Deployment](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/), but it is possible to use [DaemonSet](https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/) as well: - -```console -helm install my-ingress2 haproxytech/kubernetes-ingress \ - --set controller.kind=DaemonSet -``` - -### Installing in multi-ingress environment - -It is also possible to set controller ingress class to be used in [multi-ingress environments](https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/#using-multiple-ingress-controllers): - -```console -helm install my-ingress3 haproxytech/kubernetes-ingress \ - --set controller.kind=DaemonSet \ - --set controller.ingressClass=haproxy -``` - -***NOTE***: make sure your Ingress routes have corresponding `ingress.class: haproxy` annotation. - -### Installing with service annotations - -On some environments like EKS and GKE there might be a need to pass service annotations. Syntax can become a little tedious however: - -```console -helm install my-ingress3 haproxytech/kubernetes-ingress \ - --set controller.kind=DaemonSet \ - --set controller.ingressClass=haproxy \ - --set controller.service.type=LoadBalancer \ - --set controller.service.annotations."service\.beta\.kubernetes\.io/aws-load-balancer-internal"="0.0.0.0/0" \ - --set controller.service.annotations."service\.beta\.kubernetes\.io/aws-load-balancer-cross-zone-load-balancing-enabled"="true" -``` - -***NOTE***: With helm `--set` it is needed to put quotes and escape dots in the annotation key and commas in the value string. - -### Installing with Horizontal Pod Autoscaler - -[HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) automatically scales number of replicas in Deployment or Replication Controller and adjusts replica count. Therefore we want to unset default replicaCount for controller and defaultBackend by setting corresponding key values to null: - -```console -helm install my-ingress4 haproxytech/kubernetes-ingress \ - --set controller.replicaCount=null \ - --set defaultBackend.replicaCount=null -``` - -### Installing the ServiceMonitor - -If you're using the [Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator), you can automatically install the `ServiceMonitor` definition in order to automate the scraping options according to your needs. - -```console -helm install my-ingress5 haproxytech/kubernetes-ingress \ - --set "controller.serviceMonitor.enabled=true" -``` - -### Using values from YAML file - -As opposed to using many `--set` invocations, much simpler approach is to define value overrides in a separate YAML file and specify them when invoking Helm: - -*mylb.yaml*: - -```yaml -controller: - kind: DaemonSet - ingressClass: haproxy - service: - type: LoadBalancer - annotations: - service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: 'true' - service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0 -``` - -And invoking Helm becomes (compare to the previous example): - -```console -helm install my-ingress4 -f mylb.yml haproxytech/kubernetes-ingress -``` - -A typical YAML file for TCP services looks like (provided that configmap "[default/tcp](https://github.com/haproxytech/kubernetes-ingress/blob/master/documentation/controller.md)" was created) : - -```yaml -controller: - service: - tcpPorts: - - name: mysql - port: 3306 - targetPort: 3306 - extraArgs: - - --configmap-tcp-services=default/tcp -``` - -## Upgrading the chart - -To upgrade the *my-release* deployment: - -```console -helm upgrade my-release haproxytech/kubernetes-ingress -``` - -## Uninstalling the chart - -To uninstall/delete the *my-release* deployment: - -```console -helm delete my-release -``` - -## Debugging - -It is possible to generate a set of YAML files for testing/debugging: - -```console -helm install my-release haproxytech/kubernetes-ingress \ - --debug \ - --dry-run -``` - -## Contributing - -We welcome all contributions. Please refer to [guidelines](../CONTRIBUTING.md) on how to make a contribution. diff --git a/charts/haproxy/haproxy/1.12.500+up1.12.5/app-readme.md b/charts/haproxy/haproxy/1.12.500+up1.12.5/app-readme.md deleted file mode 100644 index aae3d1bd8..000000000 --- a/charts/haproxy/haproxy/1.12.500+up1.12.5/app-readme.md +++ /dev/null @@ -1,8 +0,0 @@ -# HAProxy -[HAProxy](https://www.haproxy.org/) is the world's fastest and most widely used software load balancer. HAProxy allows organizations to deliver websites and applications with the utmost performance, observability, and security at any scale and in any environment. - -# HAProxy Enterprise -[HAProxy Enterprise](https://www.haproxy.com/products/haproxy-enterprise-edition/) is an enterprise-class version of HAProxy providing a robust and reliable code base with cutting edge features, an enterprise suite of add-ons, expert support, and professional services. At its core, it incorporates feature backports from the HAProxy development branch for customers who require immediate access to the latest functionality in a hardened version of code. - -## Introduction -This chart bootstraps the [HAProxy Ingress Controller](https://github.com/haproxytech/kubernetes-ingress) or the [HAProxy Enterprise Ingress Controller](https://www.haproxy.com/products/haproxy-enterprise-kubernetes-ingress-controller/) using the [Helm](https://helm.sh) package manager. diff --git a/charts/haproxy/haproxy/1.12.500+up1.12.5/ci/daemonset-customconfig-values.yaml b/charts/haproxy/haproxy/1.12.500+up1.12.5/ci/daemonset-customconfig-values.yaml deleted file mode 100644 index 116158a14..000000000 --- a/charts/haproxy/haproxy/1.12.500+up1.12.5/ci/daemonset-customconfig-values.yaml +++ /dev/null @@ -1,4 +0,0 @@ -controller: - kind: DaemonSet - config: - rate-limit: "ON" diff --git a/charts/haproxy/haproxy/1.12.500+up1.12.5/ci/daemonset-customnodeport-values.yaml b/charts/haproxy/haproxy/1.12.500+up1.12.5/ci/daemonset-customnodeport-values.yaml deleted file mode 100644 index c9de04c16..000000000 --- a/charts/haproxy/haproxy/1.12.500+up1.12.5/ci/daemonset-customnodeport-values.yaml +++ /dev/null @@ -1,7 +0,0 @@ -controller: - kind: DaemonSet - service: - type: NodePort - ports: - 8000: 10000 - 8001: 10001 diff --git a/charts/haproxy/haproxy/1.12.500+up1.12.5/ci/daemonset-default-values.yaml b/charts/haproxy/haproxy/1.12.500+up1.12.5/ci/daemonset-default-values.yaml deleted file mode 100644 index ddb25623a..000000000 --- a/charts/haproxy/haproxy/1.12.500+up1.12.5/ci/daemonset-default-values.yaml +++ /dev/null @@ -1,2 +0,0 @@ -controller: - kind: DaemonSet diff --git a/charts/haproxy/haproxy/1.12.500+up1.12.5/ci/daemonset-disableddefaultbackend-values.yaml b/charts/haproxy/haproxy/1.12.500+up1.12.5/ci/daemonset-disableddefaultbackend-values.yaml deleted file mode 100644 index 3a1687a33..000000000 --- a/charts/haproxy/haproxy/1.12.500+up1.12.5/ci/daemonset-disableddefaultbackend-values.yaml +++ /dev/null @@ -1,4 +0,0 @@ -controller: - kind: DaemonSet -defaultBackend: - enabled: false diff --git a/charts/haproxy/haproxy/1.12.500+up1.12.5/ci/daemonset-disabledsecretconfig-values.yaml b/charts/haproxy/haproxy/1.12.500+up1.12.5/ci/daemonset-disabledsecretconfig-values.yaml deleted file mode 100644 index 362fbb982..000000000 --- a/charts/haproxy/haproxy/1.12.500+up1.12.5/ci/daemonset-disabledsecretconfig-values.yaml +++ /dev/null @@ -1,4 +0,0 @@ -controller: - kind: DaemonSet - defaultTLSSecret: - enabled: false diff --git a/charts/haproxy/haproxy/1.12.500+up1.12.5/ci/daemonset-enableports-values.yaml b/charts/haproxy/haproxy/1.12.500+up1.12.5/ci/daemonset-enableports-values.yaml deleted file mode 100644 index 9a41dac52..000000000 --- a/charts/haproxy/haproxy/1.12.500+up1.12.5/ci/daemonset-enableports-values.yaml +++ /dev/null @@ -1,7 +0,0 @@ -controller: - kind: DaemonSet - service: - enablePorts: - http: false - https: true - stat: false diff --git a/charts/haproxy/haproxy/1.12.500+up1.12.5/ci/daemonset-extraargs-values.yaml b/charts/haproxy/haproxy/1.12.500+up1.12.5/ci/daemonset-extraargs-values.yaml deleted file mode 100644 index 691acbc44..000000000 --- a/charts/haproxy/haproxy/1.12.500+up1.12.5/ci/daemonset-extraargs-values.yaml +++ /dev/null @@ -1,4 +0,0 @@ -controller: - kind: DaemonSet - extraArgs: - - --namespace-whitelist=default diff --git a/charts/haproxy/haproxy/1.12.500+up1.12.5/ci/daemonset-hostport-values.yaml b/charts/haproxy/haproxy/1.12.500+up1.12.5/ci/daemonset-hostport-values.yaml deleted file mode 100644 index 45042ea50..000000000 --- a/charts/haproxy/haproxy/1.12.500+up1.12.5/ci/daemonset-hostport-values.yaml +++ /dev/null @@ -1,8 +0,0 @@ -controller: - kind: DaemonSet - daemonset: - useHostPort: true - hostPorts: - http: 80 - https: 443 - stat: 1024 diff --git a/charts/haproxy/haproxy/1.12.500+up1.12.5/ci/daemonset-nodeport-values.yaml b/charts/haproxy/haproxy/1.12.500+up1.12.5/ci/daemonset-nodeport-values.yaml deleted file mode 100644 index ebc8f1020..000000000 --- a/charts/haproxy/haproxy/1.12.500+up1.12.5/ci/daemonset-nodeport-values.yaml +++ /dev/null @@ -1,4 +0,0 @@ -controller: - kind: DaemonSet - service: - type: NodePort diff --git a/charts/haproxy/haproxy/1.12.500+up1.12.5/ci/daemonset-publishservice-values.yaml b/charts/haproxy/haproxy/1.12.500+up1.12.5/ci/daemonset-publishservice-values.yaml deleted file mode 100644 index b538cb542..000000000 --- a/charts/haproxy/haproxy/1.12.500+up1.12.5/ci/daemonset-publishservice-values.yaml +++ /dev/null @@ -1,5 +0,0 @@ -controller: - kind: DaemonSet - service: - annotations: - service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0 diff --git a/charts/haproxy/haproxy/1.12.500+up1.12.5/ci/daemonset-serviceannotation-values.yaml b/charts/haproxy/haproxy/1.12.500+up1.12.5/ci/daemonset-serviceannotation-values.yaml deleted file mode 100644 index b538cb542..000000000 --- a/charts/haproxy/haproxy/1.12.500+up1.12.5/ci/daemonset-serviceannotation-values.yaml +++ /dev/null @@ -1,5 +0,0 @@ -controller: - kind: DaemonSet - service: - annotations: - service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0 diff --git a/charts/haproxy/haproxy/1.12.500+up1.12.5/ci/deployment-customconfig-values.yaml b/charts/haproxy/haproxy/1.12.500+up1.12.5/ci/deployment-customconfig-values.yaml deleted file mode 100644 index 12c48d22d..000000000 --- a/charts/haproxy/haproxy/1.12.500+up1.12.5/ci/deployment-customconfig-values.yaml +++ /dev/null @@ -1,3 +0,0 @@ -controller: - config: - rate-limit: "ON" diff --git a/charts/haproxy/haproxy/1.12.500+up1.12.5/ci/deployment-customnodeport-values.yaml b/charts/haproxy/haproxy/1.12.500+up1.12.5/ci/deployment-customnodeport-values.yaml deleted file mode 100644 index f044362aa..000000000 --- a/charts/haproxy/haproxy/1.12.500+up1.12.5/ci/deployment-customnodeport-values.yaml +++ /dev/null @@ -1,6 +0,0 @@ -controller: - service: - type: NodePort - ports: - 8000: 10000 - 8001: 10001 diff --git a/charts/haproxy/haproxy/1.12.500+up1.12.5/ci/deployment-default-values.yaml b/charts/haproxy/haproxy/1.12.500+up1.12.5/ci/deployment-default-values.yaml deleted file mode 100644 index 792d60054..000000000 --- a/charts/haproxy/haproxy/1.12.500+up1.12.5/ci/deployment-default-values.yaml +++ /dev/null @@ -1 +0,0 @@ -# diff --git a/charts/haproxy/haproxy/1.12.500+up1.12.5/ci/deployment-disableddefaultbackend-values.yaml b/charts/haproxy/haproxy/1.12.500+up1.12.5/ci/deployment-disableddefaultbackend-values.yaml deleted file mode 100644 index ba2a61ebe..000000000 --- a/charts/haproxy/haproxy/1.12.500+up1.12.5/ci/deployment-disableddefaultbackend-values.yaml +++ /dev/null @@ -1,2 +0,0 @@ -defaultBackend: - enabled: false diff --git a/charts/haproxy/haproxy/1.12.500+up1.12.5/ci/deployment-disabledsecretconfig-values.yaml b/charts/haproxy/haproxy/1.12.500+up1.12.5/ci/deployment-disabledsecretconfig-values.yaml deleted file mode 100644 index 767645997..000000000 --- a/charts/haproxy/haproxy/1.12.500+up1.12.5/ci/deployment-disabledsecretconfig-values.yaml +++ /dev/null @@ -1,3 +0,0 @@ -controller: - defaultTLSSecret: - enabled: false diff --git a/charts/haproxy/haproxy/1.12.500+up1.12.5/ci/deployment-enableports-values.yaml b/charts/haproxy/haproxy/1.12.500+up1.12.5/ci/deployment-enableports-values.yaml deleted file mode 100644 index 03ff297b4..000000000 --- a/charts/haproxy/haproxy/1.12.500+up1.12.5/ci/deployment-enableports-values.yaml +++ /dev/null @@ -1,6 +0,0 @@ -controller: - service: - enablePorts: - http: false - https: true - stat: false diff --git a/charts/haproxy/haproxy/1.12.500+up1.12.5/ci/deployment-extraargs-values.yaml b/charts/haproxy/haproxy/1.12.500+up1.12.5/ci/deployment-extraargs-values.yaml deleted file mode 100644 index d0e1dbe73..000000000 --- a/charts/haproxy/haproxy/1.12.500+up1.12.5/ci/deployment-extraargs-values.yaml +++ /dev/null @@ -1,3 +0,0 @@ -controller: - extraArgs: - - --namespace-whitelist=default diff --git a/charts/haproxy/haproxy/1.12.500+up1.12.5/ci/deployment-hpa-values.yaml b/charts/haproxy/haproxy/1.12.500+up1.12.5/ci/deployment-hpa-values.yaml deleted file mode 100644 index 0c8326236..000000000 --- a/charts/haproxy/haproxy/1.12.500+up1.12.5/ci/deployment-hpa-values.yaml +++ /dev/null @@ -1,14 +0,0 @@ -controller: - kind: Deployment - autoscaling: - enabled: true - minReplicas: 1 - maxReplicas: 5 - targetCPUUtilizationPercentage: 80 - -defaultBackend: - autoscaling: - enabled: true - minReplicas: 1 - maxReplicas: 2 - targetCPUUtilizationPercentage: 50 diff --git a/charts/haproxy/haproxy/1.12.500+up1.12.5/ci/deployment-nodeport-values.yaml b/charts/haproxy/haproxy/1.12.500+up1.12.5/ci/deployment-nodeport-values.yaml deleted file mode 100644 index ffdc47b2d..000000000 --- a/charts/haproxy/haproxy/1.12.500+up1.12.5/ci/deployment-nodeport-values.yaml +++ /dev/null @@ -1,3 +0,0 @@ -controller: - service: - type: NodePort diff --git a/charts/haproxy/haproxy/1.12.500+up1.12.5/ci/deployment-psp-values.yaml b/charts/haproxy/haproxy/1.12.500+up1.12.5/ci/deployment-psp-values.yaml deleted file mode 100644 index 7aae8605d..000000000 --- a/charts/haproxy/haproxy/1.12.500+up1.12.5/ci/deployment-psp-values.yaml +++ /dev/null @@ -1,2 +0,0 @@ -podSecurityPolicy: - enabled: true diff --git a/charts/haproxy/haproxy/1.12.500+up1.12.5/ci/deployment-publishservice-values.yaml b/charts/haproxy/haproxy/1.12.500+up1.12.5/ci/deployment-publishservice-values.yaml deleted file mode 100644 index 6d8bf9bf7..000000000 --- a/charts/haproxy/haproxy/1.12.500+up1.12.5/ci/deployment-publishservice-values.yaml +++ /dev/null @@ -1,4 +0,0 @@ -controller: - kind: DaemonSet - publishService: - enabled: true diff --git a/charts/haproxy/haproxy/1.12.500+up1.12.5/ci/deployment-replicacount-unset.yaml b/charts/haproxy/haproxy/1.12.500+up1.12.5/ci/deployment-replicacount-unset.yaml deleted file mode 100644 index 78ee30060..000000000 --- a/charts/haproxy/haproxy/1.12.500+up1.12.5/ci/deployment-replicacount-unset.yaml +++ /dev/null @@ -1,5 +0,0 @@ -controller: - replicaCount: null - -defaultBackend: - replicaCount: null diff --git a/charts/haproxy/haproxy/1.12.500+up1.12.5/questions.yml b/charts/haproxy/haproxy/1.12.500+up1.12.5/questions.yml deleted file mode 100644 index 298326086..000000000 --- a/charts/haproxy/haproxy/1.12.500+up1.12.5/questions.yml +++ /dev/null @@ -1,73 +0,0 @@ -questions: -- variable: imageDefault - default: true - description: "Use default Docker image" - label: Use Default Image - type: boolean - group: "Settings" - show_subquestion_if: false - subquestions: - - variable: controller.image.tag - default: "1.5.4" - description: "HAProxy Ingress Controller Tag" - type: string - label: HAProxy Ingress Controller Tag -- variable: controller.kind - type: enum - options: - - "DaemonSet" - - "Deployment" - default: "Deployment" - description: "Deployment Type" - label: Deployment Type - group: "Settings" -- variable: controller.service.type - type: enum - options: - - "LoadBalancer" - - "NodePort" - default: "NodePort" - description: "Service Type for HAProxy Ingress Controller" - label: Service Type - group: "Settings" -- variable: controller.ingressClass - default: "" - description: "Ingress Class for targeting this controller" - label: Ingress Class - type: string - group: "Settings" -- variable: controller.defaultTLSSecret.secret - default: "" - description: "Default TLS certificate secret" - label: TLS Certificate Secret - type: string - group: "Settings" -- variable: enableEnterprise - default: false - description: "Use HAProxy Enterprise" - label: Enable - type: boolean - group: "HAProxy Enterprise" - show_subquestion_if: true - subquestions: - - variable: controller.imageCredentials.registry - type: string - default: "kubernetes-registry.haproxy.com" - description: "HAProxy Enterprise Registtry" - label: Registry - - variable: controller.image.repository - type: string - default: "kubernetes-registry.haproxy.com/hapee-ingress" - description: "HAProxy Enterprise Registry" - label: Repository - - variable: controller.imageCredentials.username - type: string - default: "MYUSERNAME" - description: "HAProxy Enterprise Username" - label: Username - - variable: controller.imageCredentials.password - type: string - default: "MYPASSWORD" - description: "HAProxy Enterprise Password" - label: Password - diff --git a/charts/haproxy/haproxy/1.12.500+up1.12.5/templates/NOTES.txt b/charts/haproxy/haproxy/1.12.500+up1.12.5/templates/NOTES.txt deleted file mode 100644 index 522e23017..000000000 --- a/charts/haproxy/haproxy/1.12.500+up1.12.5/templates/NOTES.txt +++ /dev/null @@ -1,67 +0,0 @@ -HAProxy Kubernetes Ingress Controller has been successfully installed. - -Controller image deployed is: "{{ .Values.controller.image.repository }}:{{ tpl .Values.controller.image.tag . }}". -Your controller is of a "{{ .Values.controller.kind }}" kind. Your controller service is running as a "{{ .Values.controller.service.type }}" type. -{{- if and .Values.rbac.create}} -RBAC authorization is enabled. -{{- else}} -RBAC authorization is disabled. -{{- end}} -{{- if .Values.controller.ingressClass}} -Controller ingress.class is set to "{{ .Values.controller.ingressClass }}" so make sure to use same annotation for -Ingress resource. -{{- end}} - -Service ports mapped are: -{{- if eq .Values.controller.kind "Deployment" }} -{{- range $key, $value := .Values.controller.containerPort }} - - name: {{ $key }} - containerPort: {{ $value }} - protocol: TCP -{{- end }} -{{- end }} -{{- if eq .Values.controller.kind "DaemonSet" }} -{{- $hostPorts := .Values.controller.daemonset.hostPorts -}} -{{- range $key, $value := .Values.controller.containerPort }} - - name: {{ $key }} - containerPort: {{ $value }} - protocol: TCP - hostPort: {{ index $hostPorts $key | default $value }} -{{- end }} -{{- end }} - -Node IP can be found with: - $ kubectl --namespace {{ .Release.Namespace }} get nodes -o jsonpath="{.items[0].status.addresses[1].address}" - -The following ingress resource routes traffic to pods that match the following: - * service name: web - * client's Host header: webdemo.com - * path begins with / - - --- - apiVersion: networking.k8s.io/v1beta1 - kind: Ingress - metadata: - name: web-ingress - namespace: default - spec: - rules: - - host: webdemo.com - http: - paths: - - path: / - backend: - serviceName: web - servicePort: 80 - -In case that you are using multi-ingress controller environment, make sure to use ingress.class annotation and match it -with helm chart option controller.ingressClass. - -For more examples and up to date documentation, please visit: - * Helm chart documentation: https://github.com/haproxytech/helm-charts/tree/master/kubernetes-ingress - * Controller documentation: https://www.haproxy.com/documentation/hapee/2-0r1/traffic-management/kubernetes-ingress-controller/ - * Annotation reference: https://github.com/haproxytech/kubernetes-ingress/tree/master/documentation - * Image parameters reference: https://github.com/haproxytech/kubernetes-ingress/blob/master/documentation/controller.md - - - diff --git a/charts/haproxy/haproxy/1.12.500+up1.12.5/templates/_helpers.tpl b/charts/haproxy/haproxy/1.12.500+up1.12.5/templates/_helpers.tpl deleted file mode 100644 index 5a1e28588..000000000 --- a/charts/haproxy/haproxy/1.12.500+up1.12.5/templates/_helpers.tpl +++ /dev/null @@ -1,130 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{/* -Expand the name of the chart. -*/}} -{{- define "kubernetes-ingress.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "kubernetes-ingress.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "kubernetes-ingress.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Encode an imagePullSecret string. -*/}} -{{- define "kubernetes-ingress.imagePullSecret" }} -{{- printf "{\"auths\": {\"%s\": {\"auth\": \"%s\"}}}" .Values.controller.imageCredentials.registry (printf "%s:%s" .Values.controller.imageCredentials.username .Values.controller.imageCredentials.password | b64enc) | b64enc }} -{{- end }} - -{{/* -Generate default certificate for HAProxy. -*/}} -{{- define "kubernetes-ingress.gen-certs" -}} -{{- $ca := genCA "kubernetes-ingress-ca" 365 -}} -{{- $cn := printf "%s.%s" .Release.Name .Release.Namespace -}} -{{- $cert := genSignedCert $cn nil nil 365 $ca -}} -tls.crt: {{ $cert.Cert | b64enc }} -tls.key: {{ $cert.Key | b64enc }} -{{- end -}} - -{{/* -Create the name of the controller service account to use. -*/}} -{{- define "kubernetes-ingress.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "kubernetes-ingress.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the backend service account to use - only used when podsecuritypolicy is also enabled -*/}} -{{- define "kubernetes-ingress.defaultBackend.serviceAccountName" -}} -{{- if or .Values.serviceAccount.create .Values.defaultBackend.serviceAccount.create -}} - {{ default (printf "%s-%s" (include "kubernetes-ingress.fullname" .) .Values.defaultBackend.name) .Values.defaultBackend.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.defaultBackend.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Create a default fully qualified default backend name. -*/}} -{{- define "kubernetes-ingress.defaultBackend.fullname" -}} -{{- printf "%s-%s" (include "kubernetes-ingress.fullname" .) .Values.defaultBackend.name | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified default cert secret name. -*/}} -{{- define "kubernetes-ingress.defaultTLSSecret.fullname" -}} -{{- printf "%s-%s" (include "kubernetes-ingress.fullname" .) "default-cert" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Construct the path for the publish-service. -By default this will use the / matching the controller's service name. -Users can provide an override for an explicit service they want to use via `.Values.controller.publishService.pathOverride` -*/}} -{{- define "kubernetes-ingress.publishServicePath" -}} -{{- $defServicePath := printf "%s/%s" .Release.Namespace (include "kubernetes-ingress.fullname" .) -}} -{{- $servicePath := default $defServicePath .Values.controller.publishService.pathOverride }} -{{- print $servicePath | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Construct the syslog-server annotation -*/}} -{{- define "kubernetes-ingress.syslogServer" -}} -{{- range $key, $val := .Values.controller.logging.traffic -}} -{{- printf "%s:%s, " $key $val }} -{{- end -}} -{{- end -}} - -{{/* -Create a default fully qualified ServiceMonitor name. -*/}} -{{- define "kubernetes-ingress.serviceMonitorName" -}} -{{- default (include "kubernetes-ingress.fullname" .) .Values.controller.serviceMonitor.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* vim: set filetype=mustache: */}} diff --git a/charts/haproxy/haproxy/1.12.500+up1.12.5/templates/clusterrole.yaml b/charts/haproxy/haproxy/1.12.500+up1.12.5/templates/clusterrole.yaml deleted file mode 100644 index 4f9b4734a..000000000 --- a/charts/haproxy/haproxy/1.12.500+up1.12.5/templates/clusterrole.yaml +++ /dev/null @@ -1,60 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if and .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "kubernetes-ingress.fullname" . }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} -rules: -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - services - - namespaces - - events - - secrets - verbs: - - get - - list - - watch -- apiGroups: - - "extensions" - - "networking.k8s.io" - resources: - - ingresses - - ingresses/status - - ingressclasses - verbs: - - get - - list - - watch -- apiGroups: - - "extensions" - - "networking.k8s.io" - resources: - - ingresses/status - verbs: - - update -{{- end -}} diff --git a/charts/haproxy/haproxy/1.12.500+up1.12.5/templates/clusterrolebinding.yaml b/charts/haproxy/haproxy/1.12.500+up1.12.5/templates/clusterrolebinding.yaml deleted file mode 100644 index cfd226083..000000000 --- a/charts/haproxy/haproxy/1.12.500+up1.12.5/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if and .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "kubernetes-ingress.fullname" . }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kubernetes-ingress.fullname" . }} -subjects: -- kind: ServiceAccount - name: {{ template "kubernetes-ingress.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end -}} - diff --git a/charts/haproxy/haproxy/1.12.500+up1.12.5/templates/controller-configmap.yaml b/charts/haproxy/haproxy/1.12.500+up1.12.5/templates/controller-configmap.yaml deleted file mode 100644 index 94aa9c554..000000000 --- a/charts/haproxy/haproxy/1.12.500+up1.12.5/templates/controller-configmap.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "kubernetes-ingress.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} -data: -{{- if .Values.controller.logging.traffic }} - syslog-server: {{ template "kubernetes-ingress.syslogServer" . }} -{{- end }} -{{- if .Values.controller.config }} -{{ toYaml .Values.controller.config | indent 2 }} -{{- end }} diff --git a/charts/haproxy/haproxy/1.12.500+up1.12.5/templates/controller-daemonset.yaml b/charts/haproxy/haproxy/1.12.500+up1.12.5/templates/controller-daemonset.yaml deleted file mode 100644 index 5d2ae478a..000000000 --- a/charts/haproxy/haproxy/1.12.500+up1.12.5/templates/controller-daemonset.yaml +++ /dev/null @@ -1,237 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if eq .Values.controller.kind "DaemonSet" }} -{{- $useHostNetwork := .Values.controller.daemonset.useHostNetwork -}} -{{- $useHostPort := .Values.controller.daemonset.useHostPort -}} -{{- $hostPorts := .Values.controller.daemonset.hostPorts -}} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ template "kubernetes-ingress.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - {{- if .Values.controller.extraLabels }} -{{ toYaml .Values.controller.extraLabels | indent 4 }} - {{- end }} -spec: - minReadySeconds: 0 - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 1 - selector: - matchLabels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.controller.podLabels }} -{{ toYaml .Values.controller.podLabels | indent 8 }} - {{- end }} - {{- if .Values.controller.podAnnotations }} - annotations: -{{ toYaml .Values.controller.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: {{ template "kubernetes-ingress.serviceAccountName" . }} - terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }} - {{- if $useHostNetwork }} - hostNetwork: true - {{- end }} -{{- if .Values.controller.dnsConfig }} - dnsConfig: -{{ toYaml .Values.controller.dnsConfig | indent 8 }} -{{- end }} - dnsPolicy: {{ .Values.controller.dnsPolicy }} -{{- if .Values.controller.imageCredentials.registry }} - imagePullSecrets: - - name: {{ template "kubernetes-ingress.fullname" . }} -{{- else if .Values.controller.existingImagePullSecret }} - imagePullSecrets: - - name: {{ .Values.controller.existingImagePullSecret }} -{{- end }} -{{- if .Values.controller.priorityClassName }} - priorityClassName: {{ .Values.controller.priorityClassName }} -{{- end }} - containers: - - name: {{ template "kubernetes-ingress.name" . }}-{{ .Values.controller.name }} - image: "{{ .Values.controller.image.repository }}:{{ tpl .Values.controller.image.tag . }}" - imagePullPolicy: {{ .Values.controller.image.pullPolicy }} - args: -{{- if and .Values.controller.defaultTLSSecret.enabled -}} -{{- if .Values.controller.defaultTLSSecret.secret }} - - --default-ssl-certificate={{ .Release.Namespace }}/{{ .Values.controller.defaultTLSSecret.secret }} -{{- else }} - - --default-ssl-certificate={{ .Release.Namespace }}/{{ template "kubernetes-ingress.defaultTLSSecret.fullname" . }} -{{- end }} -{{- end }} - - --configmap={{ .Release.Namespace }}/{{ template "kubernetes-ingress.fullname" . }} -{{- if .Values.defaultBackend.enabled }} - - --default-backend-service={{ .Release.Namespace }}/{{ template "kubernetes-ingress.defaultBackend.fullname" . }} -{{- end }} -{{- if .Values.controller.ingressClass }} - - --ingress.class={{ .Values.controller.ingressClass }} -{{- end }} -{{- if .Values.controller.publishService.enabled }} - - --publish-service={{ template "kubernetes-ingress.publishServicePath" . }} -{{- end }} -{{- if .Values.controller.logging.level }} - - --log={{ .Values.controller.logging.level }} -{{- end }} -{{- range .Values.controller.extraArgs }} - - {{ . }} -{{- end }} - {{- if .Values.controller.unprivileged }} - securityContext: - runAsUser: 1000 - runAsGroup: 1000 - capabilities: - drop: - - ALL - add: - - NET_BIND_SERVICE - {{- end }} - ports: - {{- range $key, $value := .Values.controller.containerPort }} - - name: {{ $key }} - containerPort: {{ $value }} - protocol: TCP - {{- if $useHostPort }} - hostPort: {{ index $hostPorts $key | default $value }} - {{- end }} - {{- end }} - {{- range .Values.controller.service.tcpPorts }} - - name: {{ .name }}-tcp - containerPort: {{ .port }} - protocol: TCP - {{- if $useHostPort }} - hostPort: {{ .port }} - {{- end }} - {{- end }} - livenessProbe: - failureThreshold: {{ .Values.controller.livenessProbe.failureThreshold }} - httpGet: - path: {{ .Values.controller.livenessProbe.path }} - port: {{ .Values.controller.livenessProbe.port }} - scheme: {{ .Values.controller.livenessProbe.scheme }} - initialDelaySeconds: {{ .Values.controller.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.controller.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.controller.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.controller.livenessProbe.timeoutSeconds }} - readinessProbe: - failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }} - httpGet: - path: {{ .Values.controller.readinessProbe.path }} - port: {{ .Values.controller.readinessProbe.port }} - scheme: {{ .Values.controller.readinessProbe.scheme }} - initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.controller.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }} - startupProbe: - failureThreshold: {{ .Values.controller.startupProbe.failureThreshold }} - httpGet: - path: {{ .Values.controller.startupProbe.path }} - port: {{ .Values.controller.startupProbe.port }} - scheme: {{ .Values.controller.startupProbe.scheme }} - initialDelaySeconds: {{ .Values.controller.startupProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.controller.startupProbe.periodSeconds }} - successThreshold: {{ .Values.controller.startupProbe.successThreshold }} - timeoutSeconds: {{ .Values.controller.startupProbe.timeoutSeconds }} - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - {{- range .Values.controller.extraEnvs }} - - name: "{{ .name }}" - value: "{{ .value }}" - {{- end }} - resources: - {{- toYaml .Values.controller.resources | nindent 12 }} - {{- if .Values.controller.lifecycle }} - lifecycle: - {{- if eq "string" (printf "%T" .Values.controller.lifecycle) }} -{{ tpl .Values.controller.lifecycle . | indent 12 }} - {{- else }} -{{ toYaml .Values.controller.lifecycle | indent 12 }} - {{- end }} - {{- end }} - {{- if .Values.controller.extraVolumeMounts }} - volumeMounts: - {{- if eq "string" (printf "%T" .Values.controller.extraVolumeMounts) }} -{{ tpl .Values.controller.extraVolumeMounts . | indent 12 }} - {{- else }} -{{ toYaml .Values.controller.extraVolumeMounts | indent 12 }} - {{- end }} - {{- end}} - {{- if .Values.controller.extraContainers }} - {{- if eq "string" (printf "%T" .Values.controller.extraContainers) }} -{{ tpl .Values.controller.extraContainers . | indent 8 }} - {{- else }} -{{ toYaml .Values.controller.extraContainers | indent 8 }} - {{- end }} - {{- end }} - {{- if .Values.controller.extraVolumes }} - volumes: - {{- if eq "string" (printf "%T" .Values.controller.extraVolumes) }} -{{ tpl .Values.controller.extraVolumes . | indent 8 }} - {{- else }} -{{ toYaml .Values.controller.extraVolumes | indent 8 }} - {{- end }} - {{- end }} - {{- if or .Values.controller.unprivileged .Values.controller.initContainers }} - initContainers: - {{- if .Values.controller.unprivileged }} - - name: sysctl - image: busybox:musl - command: - - /bin/sh - - -c - - sysctl -w net.ipv4.ip_unprivileged_port_start=0 - securityContext: - privileged: true - {{- end }} - {{- with.Values.controller.initContainers }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- end }} - {{- with .Values.controller.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.controller.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.controller.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} -{{- end }} diff --git a/charts/haproxy/haproxy/1.12.500+up1.12.5/templates/controller-defaultcertsecret.yaml b/charts/haproxy/haproxy/1.12.500+up1.12.5/templates/controller-defaultcertsecret.yaml deleted file mode 100644 index b409c7b25..000000000 --- a/charts/haproxy/haproxy/1.12.500+up1.12.5/templates/controller-defaultcertsecret.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if .Values.controller.defaultTLSSecret.enabled }} -apiVersion: v1 -kind: Secret -type: kubernetes.io/tls -metadata: - name: {{ template "kubernetes-ingress.defaultTLSSecret.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - annotations: - "helm.sh/hook": "pre-install" - "helm.sh/hook-delete-policy": "before-hook-creation" -data: -{{ ( include "kubernetes-ingress.gen-certs" . ) | indent 2 }} -{{- end }} \ No newline at end of file diff --git a/charts/haproxy/haproxy/1.12.500+up1.12.5/templates/controller-deployment.yaml b/charts/haproxy/haproxy/1.12.500+up1.12.5/templates/controller-deployment.yaml deleted file mode 100644 index 53568e1d9..000000000 --- a/charts/haproxy/haproxy/1.12.500+up1.12.5/templates/controller-deployment.yaml +++ /dev/null @@ -1,229 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if eq .Values.controller.kind "Deployment" }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "kubernetes-ingress.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - {{- if .Values.controller.extraLabels }} -{{ toYaml .Values.controller.extraLabels | indent 4 }} - {{- end }} -spec: - {{- if not .Values.controller.autoscaling.enabled }} - replicas: {{ .Values.controller.replicaCount }} - {{- end }} - selector: - matchLabels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- with .Values.controller.strategy }} - strategy: - {{- toYaml . | nindent 4 }} - {{- end }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.controller.podLabels }} -{{ toYaml .Values.controller.podLabels | indent 8 }} - {{- end }} - {{- if .Values.controller.podAnnotations }} - annotations: -{{ toYaml .Values.controller.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: {{ template "kubernetes-ingress.serviceAccountName" . }} - terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }} -{{- with .Values.controller.topologySpreadConstraints }} - topologySpreadConstraints: - {{- toYaml . | nindent 8 }} -{{- end }} -{{- if .Values.controller.dnsConfig }} - dnsConfig: -{{ toYaml .Values.controller.dnsConfig | indent 8 }} -{{- end }} - dnsPolicy: {{ .Values.controller.dnsPolicy }} -{{- if .Values.controller.imageCredentials.registry }} - imagePullSecrets: - - name: {{ template "kubernetes-ingress.fullname" . }} -{{- else if .Values.controller.existingImagePullSecret }} - imagePullSecrets: - - name: {{ .Values.controller.existingImagePullSecret }} -{{- end }} -{{- if .Values.controller.priorityClassName }} - priorityClassName: {{ .Values.controller.priorityClassName }} -{{- end }} - containers: - - name: {{ template "kubernetes-ingress.name" . }}-{{ .Values.controller.name }} - image: "{{ .Values.controller.image.repository }}:{{ tpl .Values.controller.image.tag . }}" - imagePullPolicy: {{ .Values.controller.image.pullPolicy }} - args: -{{- if .Values.controller.defaultTLSSecret.secret }} - - --default-ssl-certificate={{ .Release.Namespace }}/{{ .Values.controller.defaultTLSSecret.secret }} -{{- else }} - - --default-ssl-certificate={{ .Release.Namespace }}/{{ template "kubernetes-ingress.defaultTLSSecret.fullname" . }} -{{- end }} - - --configmap={{ .Release.Namespace }}/{{ template "kubernetes-ingress.fullname" . }} -{{- if .Values.defaultBackend.enabled }} - - --default-backend-service={{ .Release.Namespace }}/{{ template "kubernetes-ingress.defaultBackend.fullname" . }} -{{- end }} -{{- if .Values.controller.ingressClass }} - - --ingress.class={{ .Values.controller.ingressClass }} -{{- end }} -{{- if .Values.controller.publishService.enabled }} - - --publish-service={{ template "kubernetes-ingress.publishServicePath" . }} -{{- end }} -{{- if .Values.controller.logging.level }} - - --log={{ .Values.controller.logging.level }} -{{- end }} -{{- range .Values.controller.extraArgs }} - - {{ . }} -{{- end }} - {{- if .Values.controller.unprivileged }} - securityContext: - runAsUser: 1000 - runAsGroup: 1000 - capabilities: - drop: - - ALL - add: - - NET_BIND_SERVICE - {{- end }} - ports: - {{- range $key, $value := .Values.controller.containerPort }} - - name: {{ $key }} - containerPort: {{ $value }} - protocol: TCP - {{- end }} - {{- range .Values.controller.service.tcpPorts }} - - name: {{ .name }}-tcp - containerPort: {{ .targetPort }} - protocol: TCP - {{- end }} - livenessProbe: - failureThreshold: {{ .Values.controller.livenessProbe.failureThreshold }} - httpGet: - path: {{ .Values.controller.livenessProbe.path }} - port: {{ .Values.controller.livenessProbe.port }} - scheme: {{ .Values.controller.livenessProbe.scheme }} - initialDelaySeconds: {{ .Values.controller.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.controller.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.controller.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.controller.livenessProbe.timeoutSeconds }} - readinessProbe: - failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }} - httpGet: - path: {{ .Values.controller.readinessProbe.path }} - port: {{ .Values.controller.readinessProbe.port }} - scheme: {{ .Values.controller.readinessProbe.scheme }} - initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.controller.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }} - startupProbe: - failureThreshold: {{ .Values.controller.startupProbe.failureThreshold }} - httpGet: - path: {{ .Values.controller.startupProbe.path }} - port: {{ .Values.controller.startupProbe.port }} - scheme: {{ .Values.controller.startupProbe.scheme }} - initialDelaySeconds: {{ .Values.controller.startupProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.controller.startupProbe.periodSeconds }} - successThreshold: {{ .Values.controller.startupProbe.successThreshold }} - timeoutSeconds: {{ .Values.controller.startupProbe.timeoutSeconds }} - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - {{- range .Values.controller.extraEnvs }} - - name: {{ .name }} - value: {{ .value }} - {{- end }} - resources: - {{- toYaml .Values.controller.resources | nindent 12 }} - {{- if .Values.controller.lifecycle }} - lifecycle: - {{- if eq "string" (printf "%T" .Values.controller.lifecycle) }} -{{ tpl .Values.controller.lifecycle . | indent 12 }} - {{- else }} -{{ toYaml .Values.controller.lifecycle | indent 12 }} - {{- end }} - {{- end }} - {{- if .Values.controller.extraVolumeMounts }} - volumeMounts: - {{- if eq "string" (printf "%T" .Values.controller.extraVolumeMounts) }} -{{ tpl .Values.controller.extraVolumeMounts . | indent 12 }} - {{- else }} -{{ toYaml .Values.controller.extraVolumeMounts | indent 12 }} - {{- end }} - {{- end}} - {{- if .Values.controller.extraContainers }} - {{- if eq "string" (printf "%T" .Values.controller.extraContainers) }} -{{ tpl .Values.controller.extraContainers . | indent 8 }} - {{- else }} -{{ toYaml .Values.controller.extraContainers | indent 8 }} - {{- end }} - {{- end }} - {{- if .Values.controller.extraVolumes }} - volumes: - {{- if eq "string" (printf "%T" .Values.controller.extraVolumes) }} -{{ tpl .Values.controller.extraVolumes . | indent 8 }} - {{- else }} -{{ toYaml .Values.controller.extraVolumes | indent 8 }} - {{- end }} - {{- end }} - {{- if or .Values.controller.unprivileged .Values.controller.initContainers }} - initContainers: - {{- if .Values.controller.unprivileged }} - - name: sysctl - image: busybox:musl - command: - - /bin/sh - - -c - - sysctl -w net.ipv4.ip_unprivileged_port_start=0 - securityContext: - privileged: true - {{- end }} - {{- with.Values.controller.initContainers }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- end }} - {{- with .Values.controller.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.controller.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.controller.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} -{{- end }} diff --git a/charts/haproxy/haproxy/1.12.500+up1.12.5/templates/controller-hpa.yaml b/charts/haproxy/haproxy/1.12.500+up1.12.5/templates/controller-hpa.yaml deleted file mode 100644 index 102b23439..000000000 --- a/charts/haproxy/haproxy/1.12.500+up1.12.5/templates/controller-hpa.yaml +++ /dev/null @@ -1,49 +0,0 @@ -{{/* -Copyright 2020 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if and (eq .Values.controller.kind "Deployment") .Values.controller.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: {{ template "kubernetes-ingress.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ template "kubernetes-ingress.fullname" . }} - minReplicas: {{ .Values.controller.autoscaling.minReplicas }} - maxReplicas: {{ .Values.controller.autoscaling.maxReplicas }} - metrics: - {{- if .Values.controller.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ .Values.controller.autoscaling.targetCPUUtilizationPercentage }} - {{- end }} - {{- if .Values.controller.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - targetAverageUtilization: {{ .Values.controller.autoscaling.targetMemoryUtilizationPercentage }} - {{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/haproxy/haproxy/1.12.500+up1.12.5/templates/controller-poddisruptionbudget.yaml b/charts/haproxy/haproxy/1.12.500+up1.12.5/templates/controller-poddisruptionbudget.yaml deleted file mode 100644 index e08d25cc7..000000000 --- a/charts/haproxy/haproxy/1.12.500+up1.12.5/templates/controller-poddisruptionbudget.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if .Values.controller.PodDisruptionBudget.enable }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ template "kubernetes-ingress.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} -spec: - {{- if .Values.controller.PodDisruptionBudget.maxUnavailable }} - maxUnavailable: {{ .Values.controller.PodDisruptionBudget.maxUnavailable }} - {{- end }} - {{- if .Values.controller.PodDisruptionBudget.minAvailable }} - minAvailable: {{ .Values.controller.PodDisruptionBudget.minAvailable }} - {{- end }} - selector: - matchLabels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} \ No newline at end of file diff --git a/charts/haproxy/haproxy/1.12.500+up1.12.5/templates/controller-podsecuritypolicy.yaml b/charts/haproxy/haproxy/1.12.500+up1.12.5/templates/controller-podsecuritypolicy.yaml deleted file mode 100644 index 7851e2acf..000000000 --- a/charts/haproxy/haproxy/1.12.500+up1.12.5/templates/controller-podsecuritypolicy.yaml +++ /dev/null @@ -1,80 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled }} -{{- $useHostNetwork := .Values.controller.daemonset.useHostNetwork }} -{{- $useHostPort := .Values.controller.daemonset.useHostPort }} -{{- $hostPorts := .Values.controller.daemonset.hostPorts -}} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: -{{- if .Values.podSecurityPolicy.annotations }} - annotations: -{{ toYaml .Values.podSecurityPolicy.annotations | indent 4 }} -{{- end }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - name: {{ template "kubernetes-ingress.fullname" . }} - annotations: - seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default,runtime/default' - apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default' - seccomp.security.alpha.kubernetes.io/defaultProfileName: 'runtime/default' - apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' -spec: - allowPrivilegeEscalation: false - allowedCapabilities: - - NET_BIND_SERVICE - defaultAllowPrivilegeEscalation: false - fsGroup: - rule: MustRunAs - ranges: - - max: 65535 - min: 1 -{{- if $useHostNetwork }} - hostNetwork: true -{{- end }} -{{- if or $useHostPort $useHostNetwork }} - hostPorts: -{{- range $key, $value := .Values.controller.containerPort }} - - min: {{ $value }} - max: {{ $value }} -{{- end }} -{{- range .Values.controller.service.tcpPorts }} - - min: {{ .port }} - max: {{ .port }} -{{- end }} -{{- end }} - hostIPC: false - hostPID: false - privileged: false - runAsUser: - rule: RunAsAny - seLinux: - rule: RunAsAny - supplementalGroups: - rule: MustRunAs - ranges: - - max: 65535 - min: 1 - volumes: - - configMap - - downwardAPI - - secret -{{- end }} diff --git a/charts/haproxy/haproxy/1.12.500+up1.12.5/templates/controller-pullsecret.yaml b/charts/haproxy/haproxy/1.12.500+up1.12.5/templates/controller-pullsecret.yaml deleted file mode 100644 index 88252394c..000000000 --- a/charts/haproxy/haproxy/1.12.500+up1.12.5/templates/controller-pullsecret.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if .Values.controller.imageCredentials.registry }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "kubernetes-ingress.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} -type: kubernetes.io/dockerconfigjson -data: - .dockerconfigjson: {{ template "kubernetes-ingress.imagePullSecret" . }} -{{- end }} diff --git a/charts/haproxy/haproxy/1.12.500+up1.12.5/templates/controller-role.yaml b/charts/haproxy/haproxy/1.12.500+up1.12.5/templates/controller-role.yaml deleted file mode 100644 index 3e41df6e4..000000000 --- a/charts/haproxy/haproxy/1.12.500+up1.12.5/templates/controller-role.yaml +++ /dev/null @@ -1,38 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "kubernetes-ingress.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} -rules: -- apiGroups: - - "policy" - resources: - - podsecuritypolicies - verbs: - - use - resourceNames: - - {{ template "kubernetes-ingress.fullname" . }} -{{- end -}} diff --git a/charts/haproxy/haproxy/1.12.500+up1.12.5/templates/controller-rolebinding.yaml b/charts/haproxy/haproxy/1.12.500+up1.12.5/templates/controller-rolebinding.yaml deleted file mode 100644 index 40404a401..000000000 --- a/charts/haproxy/haproxy/1.12.500+up1.12.5/templates/controller-rolebinding.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "kubernetes-ingress.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "kubernetes-ingress.fullname" . }} -subjects: -- kind: ServiceAccount - name: {{ template "kubernetes-ingress.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/charts/haproxy/haproxy/1.12.500+up1.12.5/templates/controller-service.yaml b/charts/haproxy/haproxy/1.12.500+up1.12.5/templates/controller-service.yaml deleted file mode 100644 index eb2eea381..000000000 --- a/charts/haproxy/haproxy/1.12.500+up1.12.5/templates/controller-service.yaml +++ /dev/null @@ -1,101 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if .Values.controller.service.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "kubernetes-ingress.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} -{{- if .Values.controller.service.labels }} -{{ toYaml .Values.controller.service.labels | indent 4 }} -{{- end }} - annotations: -{{- range $key, $value := .Values.controller.service.annotations }} - {{ $key }}: {{ $value | quote }} -{{- end }} -spec: - {{ with .Values.controller.service.clusterIP }}clusterIP: {{ . }}{{ end }} - type: {{ .Values.controller.service.type }} - {{- if .Values.controller.service.externalTrafficPolicy }} - externalTrafficPolicy: {{ .Values.controller.service.externalTrafficPolicy }} - {{- end }} - {{- if .Values.controller.service.healthCheckNodePort }} - healthCheckNodePort: {{ .Values.controller.service.healthCheckNodePort }} - {{- end }} - ports: - {{- if .Values.controller.service.enablePorts.http }} - - name: http - port: {{ .Values.controller.service.ports.http }} - protocol: TCP - targetPort: {{ .Values.controller.service.targetPorts.http }} - {{- if .Values.controller.service.nodePorts.http }} - nodePort: {{ .Values.controller.service.nodePorts.http }} - {{- end }} - {{- end }} - {{- if .Values.controller.service.enablePorts.https }} - - name: https - port: {{ .Values.controller.service.ports.https }} - protocol: TCP - targetPort: {{ .Values.controller.service.targetPorts.https }} - {{- if .Values.controller.service.nodePorts.https }} - nodePort: {{ .Values.controller.service.nodePorts.https }} - {{- end }} - {{- end }} - {{- if .Values.controller.service.enablePorts.stat }} - - name: stat - port: {{ .Values.controller.service.ports.stat }} - protocol: TCP - targetPort: {{ .Values.controller.service.targetPorts.stat }} - {{- if .Values.controller.service.nodePorts.stat }} - nodePort: {{ .Values.controller.service.nodePorts.stat }} - {{- end }} - {{- end }} - {{- range .Values.controller.service.tcpPorts }} - - name: {{ .name }}-tcp - port: {{ .port }} - protocol: TCP - targetPort: {{ .targetPort }} - {{- if .nodePort }} - nodePort: {{ .nodePort }} - {{- end }} - {{- end }} - selector: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.controller.service.sessionAffinity }} - sessionAffinity: {{ .Values.controller.service.sessionAffinity }} - {{- end }} - externalIPs: -{{- if .Values.controller.service.externalIPs }} -{{ toYaml .Values.controller.service.externalIPs | indent 4 }} -{{- end -}} -{{- if (eq .Values.controller.service.type "LoadBalancer") }} -{{- if .Values.controller.service.loadBalancerIP }} - loadBalancerIP: "{{ .Values.controller.service.loadBalancerIP }}" -{{- end }} -{{- if .Values.controller.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml .Values.controller.service.loadBalancerSourceRanges | indent 4 }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/haproxy/haproxy/1.12.500+up1.12.5/templates/controller-serviceaccount.yaml b/charts/haproxy/haproxy/1.12.500+up1.12.5/templates/controller-serviceaccount.yaml deleted file mode 100644 index c90710990..000000000 --- a/charts/haproxy/haproxy/1.12.500+up1.12.5/templates/controller-serviceaccount.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if or .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "kubernetes-ingress.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} -{{- end -}} diff --git a/charts/haproxy/haproxy/1.12.500+up1.12.5/templates/controller-servicemonitor.yaml b/charts/haproxy/haproxy/1.12.500+up1.12.5/templates/controller-servicemonitor.yaml deleted file mode 100644 index 0f4c2c3af..000000000 --- a/charts/haproxy/haproxy/1.12.500+up1.12.5/templates/controller-servicemonitor.yaml +++ /dev/null @@ -1,41 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if .Values.controller.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "kubernetes-ingress.serviceMonitorName" . }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - {{- if .Values.controller.serviceMonitor.extraLabels }} - {{ toYaml .Values.controller.serviceMonitor.extraLabels | nindent 4 }} - {{- end }} -spec: - endpoints: - {{ .Values.controller.serviceMonitor.endpoints | toYaml | nindent 4 }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} - selector: - matchLabels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} diff --git a/charts/haproxy/haproxy/1.12.500+up1.12.5/templates/default-backend-deployment.yaml b/charts/haproxy/haproxy/1.12.500+up1.12.5/templates/default-backend-deployment.yaml deleted file mode 100644 index af9930dc3..000000000 --- a/charts/haproxy/haproxy/1.12.500+up1.12.5/templates/default-backend-deployment.yaml +++ /dev/null @@ -1,88 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if .Values.defaultBackend.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} -spec: - {{- if not .Values.defaultBackend.autoscaling.enabled }} - replicas: {{ .Values.defaultBackend.replicaCount }} - {{- end }} - selector: - matchLabels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.defaultBackend.podLabels }} -{{ toYaml .Values.defaultBackend.podLabels | indent 8 }} - {{- end }} - {{- if .Values.defaultBackend.podAnnotations }} - annotations: -{{ toYaml .Values.defaultBackend.podAnnotations | indent 8 }} - {{- end }} - spec: -{{- with .Values.defaultBackend.topologySpreadConstraints }} - topologySpreadConstraints: - {{- toYaml . | nindent 8 }} -{{- end }} -{{- if .Values.controller.priorityClassName }} - priorityClassName: {{ .Values.controller.priorityClassName }} -{{- end }} - containers: - - name: {{ template "kubernetes-ingress.name" . }}-{{ .Values.defaultBackend.name }} - image: "{{ .Values.defaultBackend.image.repository }}:{{ .Values.defaultBackend.image.tag }}" - imagePullPolicy: {{ .Values.defaultBackend.image.pullPolicy }} - ports: - - name: http - containerPort: {{ .Values.defaultBackend.containerPort }} - protocol: TCP - {{- if .Values.defaultBackend.extraEnvs }} - env: - {{- range .Values.defaultBackend.extraEnvs }} - - name: "{{ .name }}" - value: "{{ .value }}" - {{- end }} - {{- end }} - resources: - {{- toYaml .Values.defaultBackend.resources | nindent 12 }} - {{- with .Values.defaultBackend.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.defaultBackend.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ template "kubernetes-ingress.defaultBackend.serviceAccountName" . }} - terminationGracePeriodSeconds: 60 - {{- with .Values.defaultBackend.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} -{{- end }} diff --git a/charts/haproxy/haproxy/1.12.500+up1.12.5/templates/default-backend-hpa.yaml b/charts/haproxy/haproxy/1.12.500+up1.12.5/templates/default-backend-hpa.yaml deleted file mode 100644 index 0fd8a65b7..000000000 --- a/charts/haproxy/haproxy/1.12.500+up1.12.5/templates/default-backend-hpa.yaml +++ /dev/null @@ -1,49 +0,0 @@ -{{/* -Copyright 2020 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if and .Values.defaultBackend.autoscaling.enabled .Values.defaultBackend.enabled }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }} - minReplicas: {{ .Values.defaultBackend.autoscaling.minReplicas }} - maxReplicas: {{ .Values.defaultBackend.autoscaling.maxReplicas }} - metrics: - {{- if .Values.defaultBackend.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ .Values.defaultBackend.autoscaling.targetCPUUtilizationPercentage }} - {{- end }} - {{- if .Values.defaultBackend.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - targetAverageUtilization: {{ .Values.defaultBackend.autoscaling.targetMemoryUtilizationPercentage }} - {{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/haproxy/haproxy/1.12.500+up1.12.5/templates/default-backend-podsecuritypolicy.yaml b/charts/haproxy/haproxy/1.12.500+up1.12.5/templates/default-backend-podsecuritypolicy.yaml deleted file mode 100644 index 82397b57b..000000000 --- a/charts/haproxy/haproxy/1.12.500+up1.12.5/templates/default-backend-podsecuritypolicy.yaml +++ /dev/null @@ -1,64 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: -{{- if .Values.podSecurityPolicy.annotations }} - annotations: -{{ toYaml .Values.podSecurityPolicy.annotations | indent 4 }} -{{- end }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }} - annotations: - seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default,runtime/default' - apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default' - seccomp.security.alpha.kubernetes.io/defaultProfileName: 'runtime/default' - apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' -spec: - allowPrivilegeEscalation: false - allowedCapabilities: - - NET_BIND_SERVICE - defaultAllowPrivilegeEscalation: false - fsGroup: - rule: MustRunAs - ranges: - - max: 65535 - min: 1 - hostNetwork: false - hostIPC: false - hostPID: false - privileged: false - runAsUser: - rule: RunAsAny - seLinux: - rule: RunAsAny - supplementalGroups: - rule: MustRunAs - ranges: - - max: 65535 - min: 1 - volumes: - - configMap - - downwardAPI - - secret -{{- end }} diff --git a/charts/haproxy/haproxy/1.12.500+up1.12.5/templates/default-backend-role.yaml b/charts/haproxy/haproxy/1.12.500+up1.12.5/templates/default-backend-role.yaml deleted file mode 100644 index 8475d04fc..000000000 --- a/charts/haproxy/haproxy/1.12.500+up1.12.5/templates/default-backend-role.yaml +++ /dev/null @@ -1,38 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} -rules: -- apiGroups: - - "policy" - resources: - - podsecuritypolicies - verbs: - - use - resourceNames: - - {{ template "kubernetes-ingress.defaultBackend.fullname" . }} -{{- end -}} diff --git a/charts/haproxy/haproxy/1.12.500+up1.12.5/templates/default-backend-rolebinding.yaml b/charts/haproxy/haproxy/1.12.500+up1.12.5/templates/default-backend-rolebinding.yaml deleted file mode 100644 index 3a94e9418..000000000 --- a/charts/haproxy/haproxy/1.12.500+up1.12.5/templates/default-backend-rolebinding.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }} -subjects: -- kind: ServiceAccount - name: {{ template "kubernetes-ingress.defaultBackend.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/charts/haproxy/haproxy/1.12.500+up1.12.5/templates/default-backend-service.yaml b/charts/haproxy/haproxy/1.12.500+up1.12.5/templates/default-backend-service.yaml deleted file mode 100644 index 6e0cf0e98..000000000 --- a/charts/haproxy/haproxy/1.12.500+up1.12.5/templates/default-backend-service.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if .Values.defaultBackend.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} -spec: - type: ClusterIP - clusterIP: None - ports: - - name: http - port: {{ .Values.defaultBackend.service.port }} - protocol: TCP - targetPort: http - selector: - app.kubernetes.io/name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }} - app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} diff --git a/charts/haproxy/haproxy/1.12.500+up1.12.5/templates/default-backend-serviceaccount.yaml b/charts/haproxy/haproxy/1.12.500+up1.12.5/templates/default-backend-serviceaccount.yaml deleted file mode 100644 index 3c0853b14..000000000 --- a/charts/haproxy/haproxy/1.12.500+up1.12.5/templates/default-backend-serviceaccount.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if and .Values.serviceAccount.create .Values.defaultBackend.serviceAccount.create .Values.defaultBackend.enabled -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "kubernetes-ingress.defaultBackend.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} -{{- end -}} diff --git a/charts/haproxy/haproxy/1.12.500+up1.12.5/values.yaml b/charts/haproxy/haproxy/1.12.500+up1.12.5/values.yaml deleted file mode 100644 index 98b3e74a9..000000000 --- a/charts/haproxy/haproxy/1.12.500+up1.12.5/values.yaml +++ /dev/null @@ -1,162 +0,0 @@ -controller: - PodDisruptionBudget: - enable: false - affinity: {} - autoscaling: - enabled: false - maxReplicas: 20 - minReplicas: 2 - targetCPUUtilizationPercentage: 80 - config: {} - containerPort: - http: 80 - https: 443 - stat: 1024 - daemonset: - hostPorts: - http: 80 - https: 443 - stat: 1024 - useHostNetwork: false - useHostPort: false - defaultTLSSecret: - enabled: true - secret: null - dnsConfig: {} - dnsPolicy: ClusterFirst - existingImagePullSecret: null - extraArgs: [] - extraContainers: [] - extraEnvs: [] - extraLabels: {} - extraVolumeMounts: [] - extraVolumes: [] - image: - pullPolicy: IfNotPresent - repository: haproxytech/kubernetes-ingress - tag: '{{ .Chart.AppVersion }}' - imageCredentials: - password: null - registry: null - username: null - ingressClass: null - initContainers: [] - kind: Deployment - lifecycle: {} - livenessProbe: - failureThreshold: 3 - initialDelaySeconds: 0 - path: /healthz - periodSeconds: 10 - port: 1042 - scheme: HTTP - successThreshold: 1 - timeoutSeconds: 1 - logging: - level: info - traffic: {} - name: controller - nodeSelector: {} - podAnnotations: {} - podLabels: {} - priorityClassName: "" - publishService: - enabled: false - pathOverride: "" - readinessProbe: - failureThreshold: 3 - initialDelaySeconds: 0 - path: /healthz - periodSeconds: 10 - port: 1042 - scheme: HTTP - successThreshold: 1 - timeoutSeconds: 1 - replicaCount: 2 - resources: - requests: - cpu: 100m - memory: 64Mi - service: - annotations: {} - enablePorts: - http: true - https: true - stat: true - enabled: true - externalIPs: [] - healthCheckNodePort: 0 - labels: {} - loadBalancerIP: "" - loadBalancerSourceRanges: [] - nodePorts: {} - ports: - http: 80 - https: 443 - stat: 1024 - targetPorts: - http: http - https: https - stat: stat - tcpPorts: [] - type: NodePort - serviceMonitor: - enabled: false - endpoints: - - path: /metrics - port: stat - scheme: http - extraLabels: {} - startupProbe: - failureThreshold: 20 - initialDelaySeconds: 0 - path: /healthz - periodSeconds: 1 - port: 1042 - scheme: HTTP - successThreshold: 1 - timeoutSeconds: 1 - strategy: {} - terminationGracePeriodSeconds: 60 - tolerations: [] - topologySpreadConstraints: [] - unprivileged: false -defaultBackend: - affinity: {} - autoscaling: - enabled: false - maxReplicas: 2 - minReplicas: 1 - targetCPUUtilizationPercentage: 80 - containerPort: 8080 - enabled: true - extraEnvs: [] - image: - pullPolicy: IfNotPresent - repository: k8s.gcr.io/defaultbackend-amd64 - runAsUser: 65534 - tag: 1.5 - name: default-backend - nodeSelector: {} - podAnnotations: {} - podLabels: {} - priorityClassName: "" - replicaCount: 2 - resources: - requests: - cpu: 10m - memory: 16Mi - service: - port: 8080 - serviceAccount: - create: true - tolerations: [] - topologySpreadConstraints: [] -podSecurityPolicy: - annotations: {} - enabled: false -rbac: - create: true -serviceAccount: - create: true - name: null diff --git a/charts/haproxy/haproxy/1.12.500/.helmignore b/charts/haproxy/haproxy/1.12.500/.helmignore deleted file mode 100755 index f0c131944..000000000 --- a/charts/haproxy/haproxy/1.12.500/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/haproxy/haproxy/1.12.500/Chart.yaml b/charts/haproxy/haproxy/1.12.500/Chart.yaml deleted file mode 100755 index 323874d61..000000000 --- a/charts/haproxy/haproxy/1.12.500/Chart.yaml +++ /dev/null @@ -1,23 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: haproxy -apiVersion: v1 -appVersion: 1.5.4 -description: A Helm chart for HAProxy Kubernetes Ingress Controller -home: https://github.com/haproxytech/helm-charts/tree/master/kubernetes-ingress -icon: http://www.haproxy.org/img/HAProxyCommunityEdition_60px.png -keywords: -- ingress -- haproxy -kubeVersion: '>=1.12.0-0' -maintainers: -- email: mmhedhbi@haproxy.com - name: Moemen Mhedhbi -- email: bassmann@haproxy.com - name: Baptiste Assmann -- email: dkorunic@haproxy.com - name: Dinko Korunic -name: haproxy -sources: -- https://github.com/haproxytech/kubernetes-ingress -version: 1.12.500 diff --git a/charts/haproxy/haproxy/1.12.500/README.md b/charts/haproxy/haproxy/1.12.500/README.md deleted file mode 100755 index c7534e846..000000000 --- a/charts/haproxy/haproxy/1.12.500/README.md +++ /dev/null @@ -1,208 +0,0 @@ -# ![HAProxy](https://github.com/haproxytech/kubernetes-ingress/raw/master/assets/images/haproxy-weblogo-210x49.png "HAProxy") - -## HAProxy Kubernetes Ingress Controller - -An ingress controller is a Kubernetes resource that routes traffic from outside your cluster to services within the cluster. HAProxy Kubernetes Ingress Controller uses ConfigMap to store the haproxy configuration. - -Detailed documentation can be found within the [Official Documentation](https://www.haproxy.com/documentation/hapee/2-0r1/traffic-management/kubernetes-ingress-controller/). - -Additional configuration details can be found in [annotation reference](https://github.com/haproxytech/kubernetes-ingress/tree/master/documentation) and in image [arguments reference](https://github.com/haproxytech/kubernetes-ingress/blob/master/documentation/controller.md). - -## Introduction - -This chart bootstraps an HAProxy kubernetes-ingress deployment/daemonset on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -### Prerequisites - -- Kubernetes 1.12+ -- Helm 2.9+ - -## Before you begin - -### Setup a Kubernetes Cluster - -The quickest way to setup a Kubernetes cluster is with [Azure Kubernetes Service](https://azure.microsoft.com/en-us/services/kubernetes-service/), [AWS Elastic Kubernetes Service](https://aws.amazon.com/eks/) or [Google Kubernetes Engine](https://cloud.google.com/kubernetes-engine/) using their respective quick-start guides. - -For setting up Kubernetes on other cloud platforms or bare-metal servers refer to the Kubernetes [getting started guide](http://kubernetes.io/docs/getting-started-guides/). - -### Install Helm - -Get the latest [Helm release](https://github.com/helm/helm#install). - -### Add Helm chart repo - -Once you have Helm installed, add the repo as follows: - -```console -helm repo add haproxytech https://haproxytech.github.io/helm-charts -helm repo update -``` - -## Install the chart - -To install the chart with Helm v3 as *my-release* deployment: - -```console -helm install my-release haproxytech/kubernetes-ingress -``` - -***NOTE***: To install the chart with Helm v2 (legacy Helm) the syntax requires adding deployment name to `--name` parameter: - -```console -helm install haproxytech/kubernetes-ingress \ - --name my-release -``` - -### Installing with unique name - -To auto-generate controller and its resources names when installing, use the following: - -```console -helm install haproxytech/kubernetes-ingress \ - --generate-name -``` - -### Installing from a private registry - -To install the chart using a private registry for controller into a separate namespace *prod*. - -***NOTE***: Helm v3 requires namespace to be precreated (eg. with ```kubectl create namespace prod```) - -```console -helm install my-ingress haproxytech/kubernetes-ingress \ - --namespace prod \ - --set controller.image.tag=SOMETAG \ - --set controller.imageCredentials.registry=myregistry.domain.com \ - --set controller.imageCredentials.username=MYUSERNAME \ - --set controller.imageCredentials.password=MYPASSWORD -``` - -Alternatively, use a pre-configured (existing) imagePullSecret in the same namespace: - -```console -helm install my-ingress haproxytech/kubernetes-ingress \ - --namespace prod \ - --set controller.image.tag=SOMETAG \ - --set controller.existingImagePullSecret name-of-existing-image-pull-secret -``` - -### Installing as DaemonSet - -Default controller mode is [Deployment](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/), but it is possible to use [DaemonSet](https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/) as well: - -```console -helm install my-ingress2 haproxytech/kubernetes-ingress \ - --set controller.kind=DaemonSet -``` - -### Installing in multi-ingress environment - -It is also possible to set controller ingress class to be used in [multi-ingress environments](https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/#using-multiple-ingress-controllers): - -```console -helm install my-ingress3 haproxytech/kubernetes-ingress \ - --set controller.kind=DaemonSet \ - --set controller.ingressClass=haproxy -``` - -***NOTE***: make sure your Ingress routes have corresponding `ingress.class: haproxy` annotation. - -### Installing with service annotations - -On some environments like EKS and GKE there might be a need to pass service annotations. Syntax can become a little tedious however: - -```console -helm install my-ingress3 haproxytech/kubernetes-ingress \ - --set controller.kind=DaemonSet \ - --set controller.ingressClass=haproxy \ - --set controller.service.type=LoadBalancer \ - --set controller.service.annotations."service\.beta\.kubernetes\.io/aws-load-balancer-internal"="0.0.0.0/0" \ - --set controller.service.annotations."service\.beta\.kubernetes\.io/aws-load-balancer-cross-zone-load-balancing-enabled"="true" -``` - -***NOTE***: With helm `--set` it is needed to put quotes and escape dots in the annotation key and commas in the value string. - -### Installing with Horizontal Pod Autoscaler - -[HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) automatically scales number of replicas in Deployment or Replication Controller and adjusts replica count. Therefore we want to unset default replicaCount for controller and defaultBackend by setting corresponding key values to null: - -```console -helm install my-ingress4 haproxytech/kubernetes-ingress \ - --set controller.replicaCount=null \ - --set defaultBackend.replicaCount=null -``` - -### Installing the ServiceMonitor - -If you're using the [Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator), you can automatically install the `ServiceMonitor` definition in order to automate the scraping options according to your needs. - -```console -helm install my-ingress5 haproxytech/kubernetes-ingress \ - --set "controller.serviceMonitor.enabled=true" -``` - -### Using values from YAML file - -As opposed to using many `--set` invocations, much simpler approach is to define value overrides in a separate YAML file and specify them when invoking Helm: - -*mylb.yaml*: - -```yaml -controller: - kind: DaemonSet - ingressClass: haproxy - service: - type: LoadBalancer - annotations: - service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: 'true' - service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0 -``` - -And invoking Helm becomes (compare to the previous example): - -```console -helm install my-ingress4 -f mylb.yml haproxytech/kubernetes-ingress -``` - -A typical YAML file for TCP services looks like (provided that configmap "[default/tcp](https://github.com/haproxytech/kubernetes-ingress/blob/master/documentation/controller.md)" was created) : - -```yaml -controller: - service: - tcpPorts: - - name: mysql - port: 3306 - targetPort: 3306 - extraArgs: - - --configmap-tcp-services=default/tcp -``` - -## Upgrading the chart - -To upgrade the *my-release* deployment: - -```console -helm upgrade my-release haproxytech/kubernetes-ingress -``` - -## Uninstalling the chart - -To uninstall/delete the *my-release* deployment: - -```console -helm delete my-release -``` - -## Debugging - -It is possible to generate a set of YAML files for testing/debugging: - -```console -helm install my-release haproxytech/kubernetes-ingress \ - --debug \ - --dry-run -``` - -## Contributing - -We welcome all contributions. Please refer to [guidelines](../CONTRIBUTING.md) on how to make a contribution. diff --git a/charts/haproxy/haproxy/1.12.500/app-readme.md b/charts/haproxy/haproxy/1.12.500/app-readme.md deleted file mode 100755 index aae3d1bd8..000000000 --- a/charts/haproxy/haproxy/1.12.500/app-readme.md +++ /dev/null @@ -1,8 +0,0 @@ -# HAProxy -[HAProxy](https://www.haproxy.org/) is the world's fastest and most widely used software load balancer. HAProxy allows organizations to deliver websites and applications with the utmost performance, observability, and security at any scale and in any environment. - -# HAProxy Enterprise -[HAProxy Enterprise](https://www.haproxy.com/products/haproxy-enterprise-edition/) is an enterprise-class version of HAProxy providing a robust and reliable code base with cutting edge features, an enterprise suite of add-ons, expert support, and professional services. At its core, it incorporates feature backports from the HAProxy development branch for customers who require immediate access to the latest functionality in a hardened version of code. - -## Introduction -This chart bootstraps the [HAProxy Ingress Controller](https://github.com/haproxytech/kubernetes-ingress) or the [HAProxy Enterprise Ingress Controller](https://www.haproxy.com/products/haproxy-enterprise-kubernetes-ingress-controller/) using the [Helm](https://helm.sh) package manager. diff --git a/charts/haproxy/haproxy/1.12.500/ci/daemonset-customconfig-values.yaml b/charts/haproxy/haproxy/1.12.500/ci/daemonset-customconfig-values.yaml deleted file mode 100755 index 116158a14..000000000 --- a/charts/haproxy/haproxy/1.12.500/ci/daemonset-customconfig-values.yaml +++ /dev/null @@ -1,4 +0,0 @@ -controller: - kind: DaemonSet - config: - rate-limit: "ON" diff --git a/charts/haproxy/haproxy/1.12.500/ci/daemonset-customnodeport-values.yaml b/charts/haproxy/haproxy/1.12.500/ci/daemonset-customnodeport-values.yaml deleted file mode 100755 index c9de04c16..000000000 --- a/charts/haproxy/haproxy/1.12.500/ci/daemonset-customnodeport-values.yaml +++ /dev/null @@ -1,7 +0,0 @@ -controller: - kind: DaemonSet - service: - type: NodePort - ports: - 8000: 10000 - 8001: 10001 diff --git a/charts/haproxy/haproxy/1.12.500/ci/daemonset-default-values.yaml b/charts/haproxy/haproxy/1.12.500/ci/daemonset-default-values.yaml deleted file mode 100755 index ddb25623a..000000000 --- a/charts/haproxy/haproxy/1.12.500/ci/daemonset-default-values.yaml +++ /dev/null @@ -1,2 +0,0 @@ -controller: - kind: DaemonSet diff --git a/charts/haproxy/haproxy/1.12.500/ci/daemonset-disableddefaultbackend-values.yaml b/charts/haproxy/haproxy/1.12.500/ci/daemonset-disableddefaultbackend-values.yaml deleted file mode 100755 index 3a1687a33..000000000 --- a/charts/haproxy/haproxy/1.12.500/ci/daemonset-disableddefaultbackend-values.yaml +++ /dev/null @@ -1,4 +0,0 @@ -controller: - kind: DaemonSet -defaultBackend: - enabled: false diff --git a/charts/haproxy/haproxy/1.12.500/ci/daemonset-disabledsecretconfig-values.yaml b/charts/haproxy/haproxy/1.12.500/ci/daemonset-disabledsecretconfig-values.yaml deleted file mode 100755 index 362fbb982..000000000 --- a/charts/haproxy/haproxy/1.12.500/ci/daemonset-disabledsecretconfig-values.yaml +++ /dev/null @@ -1,4 +0,0 @@ -controller: - kind: DaemonSet - defaultTLSSecret: - enabled: false diff --git a/charts/haproxy/haproxy/1.12.500/ci/daemonset-enableports-values.yaml b/charts/haproxy/haproxy/1.12.500/ci/daemonset-enableports-values.yaml deleted file mode 100755 index 9a41dac52..000000000 --- a/charts/haproxy/haproxy/1.12.500/ci/daemonset-enableports-values.yaml +++ /dev/null @@ -1,7 +0,0 @@ -controller: - kind: DaemonSet - service: - enablePorts: - http: false - https: true - stat: false diff --git a/charts/haproxy/haproxy/1.12.500/ci/daemonset-extraargs-values.yaml b/charts/haproxy/haproxy/1.12.500/ci/daemonset-extraargs-values.yaml deleted file mode 100755 index 691acbc44..000000000 --- a/charts/haproxy/haproxy/1.12.500/ci/daemonset-extraargs-values.yaml +++ /dev/null @@ -1,4 +0,0 @@ -controller: - kind: DaemonSet - extraArgs: - - --namespace-whitelist=default diff --git a/charts/haproxy/haproxy/1.12.500/ci/daemonset-hostport-values.yaml b/charts/haproxy/haproxy/1.12.500/ci/daemonset-hostport-values.yaml deleted file mode 100755 index 45042ea50..000000000 --- a/charts/haproxy/haproxy/1.12.500/ci/daemonset-hostport-values.yaml +++ /dev/null @@ -1,8 +0,0 @@ -controller: - kind: DaemonSet - daemonset: - useHostPort: true - hostPorts: - http: 80 - https: 443 - stat: 1024 diff --git a/charts/haproxy/haproxy/1.12.500/ci/daemonset-nodeport-values.yaml b/charts/haproxy/haproxy/1.12.500/ci/daemonset-nodeport-values.yaml deleted file mode 100755 index ebc8f1020..000000000 --- a/charts/haproxy/haproxy/1.12.500/ci/daemonset-nodeport-values.yaml +++ /dev/null @@ -1,4 +0,0 @@ -controller: - kind: DaemonSet - service: - type: NodePort diff --git a/charts/haproxy/haproxy/1.12.500/ci/daemonset-publishservice-values.yaml b/charts/haproxy/haproxy/1.12.500/ci/daemonset-publishservice-values.yaml deleted file mode 100755 index b538cb542..000000000 --- a/charts/haproxy/haproxy/1.12.500/ci/daemonset-publishservice-values.yaml +++ /dev/null @@ -1,5 +0,0 @@ -controller: - kind: DaemonSet - service: - annotations: - service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0 diff --git a/charts/haproxy/haproxy/1.12.500/ci/daemonset-serviceannotation-values.yaml b/charts/haproxy/haproxy/1.12.500/ci/daemonset-serviceannotation-values.yaml deleted file mode 100755 index b538cb542..000000000 --- a/charts/haproxy/haproxy/1.12.500/ci/daemonset-serviceannotation-values.yaml +++ /dev/null @@ -1,5 +0,0 @@ -controller: - kind: DaemonSet - service: - annotations: - service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0 diff --git a/charts/haproxy/haproxy/1.12.500/ci/deployment-customconfig-values.yaml b/charts/haproxy/haproxy/1.12.500/ci/deployment-customconfig-values.yaml deleted file mode 100755 index 12c48d22d..000000000 --- a/charts/haproxy/haproxy/1.12.500/ci/deployment-customconfig-values.yaml +++ /dev/null @@ -1,3 +0,0 @@ -controller: - config: - rate-limit: "ON" diff --git a/charts/haproxy/haproxy/1.12.500/ci/deployment-customnodeport-values.yaml b/charts/haproxy/haproxy/1.12.500/ci/deployment-customnodeport-values.yaml deleted file mode 100755 index f044362aa..000000000 --- a/charts/haproxy/haproxy/1.12.500/ci/deployment-customnodeport-values.yaml +++ /dev/null @@ -1,6 +0,0 @@ -controller: - service: - type: NodePort - ports: - 8000: 10000 - 8001: 10001 diff --git a/charts/haproxy/haproxy/1.12.500/ci/deployment-default-values.yaml b/charts/haproxy/haproxy/1.12.500/ci/deployment-default-values.yaml deleted file mode 100755 index 792d60054..000000000 --- a/charts/haproxy/haproxy/1.12.500/ci/deployment-default-values.yaml +++ /dev/null @@ -1 +0,0 @@ -# diff --git a/charts/haproxy/haproxy/1.12.500/ci/deployment-disableddefaultbackend-values.yaml b/charts/haproxy/haproxy/1.12.500/ci/deployment-disableddefaultbackend-values.yaml deleted file mode 100755 index ba2a61ebe..000000000 --- a/charts/haproxy/haproxy/1.12.500/ci/deployment-disableddefaultbackend-values.yaml +++ /dev/null @@ -1,2 +0,0 @@ -defaultBackend: - enabled: false diff --git a/charts/haproxy/haproxy/1.12.500/ci/deployment-disabledsecretconfig-values.yaml b/charts/haproxy/haproxy/1.12.500/ci/deployment-disabledsecretconfig-values.yaml deleted file mode 100755 index 767645997..000000000 --- a/charts/haproxy/haproxy/1.12.500/ci/deployment-disabledsecretconfig-values.yaml +++ /dev/null @@ -1,3 +0,0 @@ -controller: - defaultTLSSecret: - enabled: false diff --git a/charts/haproxy/haproxy/1.12.500/ci/deployment-enableports-values.yaml b/charts/haproxy/haproxy/1.12.500/ci/deployment-enableports-values.yaml deleted file mode 100755 index 03ff297b4..000000000 --- a/charts/haproxy/haproxy/1.12.500/ci/deployment-enableports-values.yaml +++ /dev/null @@ -1,6 +0,0 @@ -controller: - service: - enablePorts: - http: false - https: true - stat: false diff --git a/charts/haproxy/haproxy/1.12.500/ci/deployment-extraargs-values.yaml b/charts/haproxy/haproxy/1.12.500/ci/deployment-extraargs-values.yaml deleted file mode 100755 index d0e1dbe73..000000000 --- a/charts/haproxy/haproxy/1.12.500/ci/deployment-extraargs-values.yaml +++ /dev/null @@ -1,3 +0,0 @@ -controller: - extraArgs: - - --namespace-whitelist=default diff --git a/charts/haproxy/haproxy/1.12.500/ci/deployment-hpa-values.yaml b/charts/haproxy/haproxy/1.12.500/ci/deployment-hpa-values.yaml deleted file mode 100755 index 0c8326236..000000000 --- a/charts/haproxy/haproxy/1.12.500/ci/deployment-hpa-values.yaml +++ /dev/null @@ -1,14 +0,0 @@ -controller: - kind: Deployment - autoscaling: - enabled: true - minReplicas: 1 - maxReplicas: 5 - targetCPUUtilizationPercentage: 80 - -defaultBackend: - autoscaling: - enabled: true - minReplicas: 1 - maxReplicas: 2 - targetCPUUtilizationPercentage: 50 diff --git a/charts/haproxy/haproxy/1.12.500/ci/deployment-nodeport-values.yaml b/charts/haproxy/haproxy/1.12.500/ci/deployment-nodeport-values.yaml deleted file mode 100755 index ffdc47b2d..000000000 --- a/charts/haproxy/haproxy/1.12.500/ci/deployment-nodeport-values.yaml +++ /dev/null @@ -1,3 +0,0 @@ -controller: - service: - type: NodePort diff --git a/charts/haproxy/haproxy/1.12.500/ci/deployment-psp-values.yaml b/charts/haproxy/haproxy/1.12.500/ci/deployment-psp-values.yaml deleted file mode 100755 index 7aae8605d..000000000 --- a/charts/haproxy/haproxy/1.12.500/ci/deployment-psp-values.yaml +++ /dev/null @@ -1,2 +0,0 @@ -podSecurityPolicy: - enabled: true diff --git a/charts/haproxy/haproxy/1.12.500/ci/deployment-publishservice-values.yaml b/charts/haproxy/haproxy/1.12.500/ci/deployment-publishservice-values.yaml deleted file mode 100755 index 6d8bf9bf7..000000000 --- a/charts/haproxy/haproxy/1.12.500/ci/deployment-publishservice-values.yaml +++ /dev/null @@ -1,4 +0,0 @@ -controller: - kind: DaemonSet - publishService: - enabled: true diff --git a/charts/haproxy/haproxy/1.12.500/ci/deployment-replicacount-unset.yaml b/charts/haproxy/haproxy/1.12.500/ci/deployment-replicacount-unset.yaml deleted file mode 100755 index 78ee30060..000000000 --- a/charts/haproxy/haproxy/1.12.500/ci/deployment-replicacount-unset.yaml +++ /dev/null @@ -1,5 +0,0 @@ -controller: - replicaCount: null - -defaultBackend: - replicaCount: null diff --git a/charts/haproxy/haproxy/1.12.500/questions.yml b/charts/haproxy/haproxy/1.12.500/questions.yml deleted file mode 100755 index 298326086..000000000 --- a/charts/haproxy/haproxy/1.12.500/questions.yml +++ /dev/null @@ -1,73 +0,0 @@ -questions: -- variable: imageDefault - default: true - description: "Use default Docker image" - label: Use Default Image - type: boolean - group: "Settings" - show_subquestion_if: false - subquestions: - - variable: controller.image.tag - default: "1.5.4" - description: "HAProxy Ingress Controller Tag" - type: string - label: HAProxy Ingress Controller Tag -- variable: controller.kind - type: enum - options: - - "DaemonSet" - - "Deployment" - default: "Deployment" - description: "Deployment Type" - label: Deployment Type - group: "Settings" -- variable: controller.service.type - type: enum - options: - - "LoadBalancer" - - "NodePort" - default: "NodePort" - description: "Service Type for HAProxy Ingress Controller" - label: Service Type - group: "Settings" -- variable: controller.ingressClass - default: "" - description: "Ingress Class for targeting this controller" - label: Ingress Class - type: string - group: "Settings" -- variable: controller.defaultTLSSecret.secret - default: "" - description: "Default TLS certificate secret" - label: TLS Certificate Secret - type: string - group: "Settings" -- variable: enableEnterprise - default: false - description: "Use HAProxy Enterprise" - label: Enable - type: boolean - group: "HAProxy Enterprise" - show_subquestion_if: true - subquestions: - - variable: controller.imageCredentials.registry - type: string - default: "kubernetes-registry.haproxy.com" - description: "HAProxy Enterprise Registtry" - label: Registry - - variable: controller.image.repository - type: string - default: "kubernetes-registry.haproxy.com/hapee-ingress" - description: "HAProxy Enterprise Registry" - label: Repository - - variable: controller.imageCredentials.username - type: string - default: "MYUSERNAME" - description: "HAProxy Enterprise Username" - label: Username - - variable: controller.imageCredentials.password - type: string - default: "MYPASSWORD" - description: "HAProxy Enterprise Password" - label: Password - diff --git a/charts/haproxy/haproxy/1.12.500/templates/NOTES.txt b/charts/haproxy/haproxy/1.12.500/templates/NOTES.txt deleted file mode 100755 index 522e23017..000000000 --- a/charts/haproxy/haproxy/1.12.500/templates/NOTES.txt +++ /dev/null @@ -1,67 +0,0 @@ -HAProxy Kubernetes Ingress Controller has been successfully installed. - -Controller image deployed is: "{{ .Values.controller.image.repository }}:{{ tpl .Values.controller.image.tag . }}". -Your controller is of a "{{ .Values.controller.kind }}" kind. Your controller service is running as a "{{ .Values.controller.service.type }}" type. -{{- if and .Values.rbac.create}} -RBAC authorization is enabled. -{{- else}} -RBAC authorization is disabled. -{{- end}} -{{- if .Values.controller.ingressClass}} -Controller ingress.class is set to "{{ .Values.controller.ingressClass }}" so make sure to use same annotation for -Ingress resource. -{{- end}} - -Service ports mapped are: -{{- if eq .Values.controller.kind "Deployment" }} -{{- range $key, $value := .Values.controller.containerPort }} - - name: {{ $key }} - containerPort: {{ $value }} - protocol: TCP -{{- end }} -{{- end }} -{{- if eq .Values.controller.kind "DaemonSet" }} -{{- $hostPorts := .Values.controller.daemonset.hostPorts -}} -{{- range $key, $value := .Values.controller.containerPort }} - - name: {{ $key }} - containerPort: {{ $value }} - protocol: TCP - hostPort: {{ index $hostPorts $key | default $value }} -{{- end }} -{{- end }} - -Node IP can be found with: - $ kubectl --namespace {{ .Release.Namespace }} get nodes -o jsonpath="{.items[0].status.addresses[1].address}" - -The following ingress resource routes traffic to pods that match the following: - * service name: web - * client's Host header: webdemo.com - * path begins with / - - --- - apiVersion: networking.k8s.io/v1beta1 - kind: Ingress - metadata: - name: web-ingress - namespace: default - spec: - rules: - - host: webdemo.com - http: - paths: - - path: / - backend: - serviceName: web - servicePort: 80 - -In case that you are using multi-ingress controller environment, make sure to use ingress.class annotation and match it -with helm chart option controller.ingressClass. - -For more examples and up to date documentation, please visit: - * Helm chart documentation: https://github.com/haproxytech/helm-charts/tree/master/kubernetes-ingress - * Controller documentation: https://www.haproxy.com/documentation/hapee/2-0r1/traffic-management/kubernetes-ingress-controller/ - * Annotation reference: https://github.com/haproxytech/kubernetes-ingress/tree/master/documentation - * Image parameters reference: https://github.com/haproxytech/kubernetes-ingress/blob/master/documentation/controller.md - - - diff --git a/charts/haproxy/haproxy/1.12.500/templates/_helpers.tpl b/charts/haproxy/haproxy/1.12.500/templates/_helpers.tpl deleted file mode 100755 index 5a1e28588..000000000 --- a/charts/haproxy/haproxy/1.12.500/templates/_helpers.tpl +++ /dev/null @@ -1,130 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{/* -Expand the name of the chart. -*/}} -{{- define "kubernetes-ingress.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "kubernetes-ingress.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "kubernetes-ingress.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Encode an imagePullSecret string. -*/}} -{{- define "kubernetes-ingress.imagePullSecret" }} -{{- printf "{\"auths\": {\"%s\": {\"auth\": \"%s\"}}}" .Values.controller.imageCredentials.registry (printf "%s:%s" .Values.controller.imageCredentials.username .Values.controller.imageCredentials.password | b64enc) | b64enc }} -{{- end }} - -{{/* -Generate default certificate for HAProxy. -*/}} -{{- define "kubernetes-ingress.gen-certs" -}} -{{- $ca := genCA "kubernetes-ingress-ca" 365 -}} -{{- $cn := printf "%s.%s" .Release.Name .Release.Namespace -}} -{{- $cert := genSignedCert $cn nil nil 365 $ca -}} -tls.crt: {{ $cert.Cert | b64enc }} -tls.key: {{ $cert.Key | b64enc }} -{{- end -}} - -{{/* -Create the name of the controller service account to use. -*/}} -{{- define "kubernetes-ingress.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "kubernetes-ingress.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the backend service account to use - only used when podsecuritypolicy is also enabled -*/}} -{{- define "kubernetes-ingress.defaultBackend.serviceAccountName" -}} -{{- if or .Values.serviceAccount.create .Values.defaultBackend.serviceAccount.create -}} - {{ default (printf "%s-%s" (include "kubernetes-ingress.fullname" .) .Values.defaultBackend.name) .Values.defaultBackend.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.defaultBackend.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Create a default fully qualified default backend name. -*/}} -{{- define "kubernetes-ingress.defaultBackend.fullname" -}} -{{- printf "%s-%s" (include "kubernetes-ingress.fullname" .) .Values.defaultBackend.name | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified default cert secret name. -*/}} -{{- define "kubernetes-ingress.defaultTLSSecret.fullname" -}} -{{- printf "%s-%s" (include "kubernetes-ingress.fullname" .) "default-cert" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Construct the path for the publish-service. -By default this will use the / matching the controller's service name. -Users can provide an override for an explicit service they want to use via `.Values.controller.publishService.pathOverride` -*/}} -{{- define "kubernetes-ingress.publishServicePath" -}} -{{- $defServicePath := printf "%s/%s" .Release.Namespace (include "kubernetes-ingress.fullname" .) -}} -{{- $servicePath := default $defServicePath .Values.controller.publishService.pathOverride }} -{{- print $servicePath | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Construct the syslog-server annotation -*/}} -{{- define "kubernetes-ingress.syslogServer" -}} -{{- range $key, $val := .Values.controller.logging.traffic -}} -{{- printf "%s:%s, " $key $val }} -{{- end -}} -{{- end -}} - -{{/* -Create a default fully qualified ServiceMonitor name. -*/}} -{{- define "kubernetes-ingress.serviceMonitorName" -}} -{{- default (include "kubernetes-ingress.fullname" .) .Values.controller.serviceMonitor.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* vim: set filetype=mustache: */}} diff --git a/charts/haproxy/haproxy/1.12.500/templates/clusterrole.yaml b/charts/haproxy/haproxy/1.12.500/templates/clusterrole.yaml deleted file mode 100755 index 4f9b4734a..000000000 --- a/charts/haproxy/haproxy/1.12.500/templates/clusterrole.yaml +++ /dev/null @@ -1,60 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if and .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "kubernetes-ingress.fullname" . }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} -rules: -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - services - - namespaces - - events - - secrets - verbs: - - get - - list - - watch -- apiGroups: - - "extensions" - - "networking.k8s.io" - resources: - - ingresses - - ingresses/status - - ingressclasses - verbs: - - get - - list - - watch -- apiGroups: - - "extensions" - - "networking.k8s.io" - resources: - - ingresses/status - verbs: - - update -{{- end -}} diff --git a/charts/haproxy/haproxy/1.12.500/templates/clusterrolebinding.yaml b/charts/haproxy/haproxy/1.12.500/templates/clusterrolebinding.yaml deleted file mode 100755 index cfd226083..000000000 --- a/charts/haproxy/haproxy/1.12.500/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if and .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "kubernetes-ingress.fullname" . }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kubernetes-ingress.fullname" . }} -subjects: -- kind: ServiceAccount - name: {{ template "kubernetes-ingress.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end -}} - diff --git a/charts/haproxy/haproxy/1.12.500/templates/controller-configmap.yaml b/charts/haproxy/haproxy/1.12.500/templates/controller-configmap.yaml deleted file mode 100755 index 94aa9c554..000000000 --- a/charts/haproxy/haproxy/1.12.500/templates/controller-configmap.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "kubernetes-ingress.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} -data: -{{- if .Values.controller.logging.traffic }} - syslog-server: {{ template "kubernetes-ingress.syslogServer" . }} -{{- end }} -{{- if .Values.controller.config }} -{{ toYaml .Values.controller.config | indent 2 }} -{{- end }} diff --git a/charts/haproxy/haproxy/1.12.500/templates/controller-daemonset.yaml b/charts/haproxy/haproxy/1.12.500/templates/controller-daemonset.yaml deleted file mode 100755 index 5d2ae478a..000000000 --- a/charts/haproxy/haproxy/1.12.500/templates/controller-daemonset.yaml +++ /dev/null @@ -1,237 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if eq .Values.controller.kind "DaemonSet" }} -{{- $useHostNetwork := .Values.controller.daemonset.useHostNetwork -}} -{{- $useHostPort := .Values.controller.daemonset.useHostPort -}} -{{- $hostPorts := .Values.controller.daemonset.hostPorts -}} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ template "kubernetes-ingress.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - {{- if .Values.controller.extraLabels }} -{{ toYaml .Values.controller.extraLabels | indent 4 }} - {{- end }} -spec: - minReadySeconds: 0 - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 1 - selector: - matchLabels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.controller.podLabels }} -{{ toYaml .Values.controller.podLabels | indent 8 }} - {{- end }} - {{- if .Values.controller.podAnnotations }} - annotations: -{{ toYaml .Values.controller.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: {{ template "kubernetes-ingress.serviceAccountName" . }} - terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }} - {{- if $useHostNetwork }} - hostNetwork: true - {{- end }} -{{- if .Values.controller.dnsConfig }} - dnsConfig: -{{ toYaml .Values.controller.dnsConfig | indent 8 }} -{{- end }} - dnsPolicy: {{ .Values.controller.dnsPolicy }} -{{- if .Values.controller.imageCredentials.registry }} - imagePullSecrets: - - name: {{ template "kubernetes-ingress.fullname" . }} -{{- else if .Values.controller.existingImagePullSecret }} - imagePullSecrets: - - name: {{ .Values.controller.existingImagePullSecret }} -{{- end }} -{{- if .Values.controller.priorityClassName }} - priorityClassName: {{ .Values.controller.priorityClassName }} -{{- end }} - containers: - - name: {{ template "kubernetes-ingress.name" . }}-{{ .Values.controller.name }} - image: "{{ .Values.controller.image.repository }}:{{ tpl .Values.controller.image.tag . }}" - imagePullPolicy: {{ .Values.controller.image.pullPolicy }} - args: -{{- if and .Values.controller.defaultTLSSecret.enabled -}} -{{- if .Values.controller.defaultTLSSecret.secret }} - - --default-ssl-certificate={{ .Release.Namespace }}/{{ .Values.controller.defaultTLSSecret.secret }} -{{- else }} - - --default-ssl-certificate={{ .Release.Namespace }}/{{ template "kubernetes-ingress.defaultTLSSecret.fullname" . }} -{{- end }} -{{- end }} - - --configmap={{ .Release.Namespace }}/{{ template "kubernetes-ingress.fullname" . }} -{{- if .Values.defaultBackend.enabled }} - - --default-backend-service={{ .Release.Namespace }}/{{ template "kubernetes-ingress.defaultBackend.fullname" . }} -{{- end }} -{{- if .Values.controller.ingressClass }} - - --ingress.class={{ .Values.controller.ingressClass }} -{{- end }} -{{- if .Values.controller.publishService.enabled }} - - --publish-service={{ template "kubernetes-ingress.publishServicePath" . }} -{{- end }} -{{- if .Values.controller.logging.level }} - - --log={{ .Values.controller.logging.level }} -{{- end }} -{{- range .Values.controller.extraArgs }} - - {{ . }} -{{- end }} - {{- if .Values.controller.unprivileged }} - securityContext: - runAsUser: 1000 - runAsGroup: 1000 - capabilities: - drop: - - ALL - add: - - NET_BIND_SERVICE - {{- end }} - ports: - {{- range $key, $value := .Values.controller.containerPort }} - - name: {{ $key }} - containerPort: {{ $value }} - protocol: TCP - {{- if $useHostPort }} - hostPort: {{ index $hostPorts $key | default $value }} - {{- end }} - {{- end }} - {{- range .Values.controller.service.tcpPorts }} - - name: {{ .name }}-tcp - containerPort: {{ .port }} - protocol: TCP - {{- if $useHostPort }} - hostPort: {{ .port }} - {{- end }} - {{- end }} - livenessProbe: - failureThreshold: {{ .Values.controller.livenessProbe.failureThreshold }} - httpGet: - path: {{ .Values.controller.livenessProbe.path }} - port: {{ .Values.controller.livenessProbe.port }} - scheme: {{ .Values.controller.livenessProbe.scheme }} - initialDelaySeconds: {{ .Values.controller.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.controller.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.controller.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.controller.livenessProbe.timeoutSeconds }} - readinessProbe: - failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }} - httpGet: - path: {{ .Values.controller.readinessProbe.path }} - port: {{ .Values.controller.readinessProbe.port }} - scheme: {{ .Values.controller.readinessProbe.scheme }} - initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.controller.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }} - startupProbe: - failureThreshold: {{ .Values.controller.startupProbe.failureThreshold }} - httpGet: - path: {{ .Values.controller.startupProbe.path }} - port: {{ .Values.controller.startupProbe.port }} - scheme: {{ .Values.controller.startupProbe.scheme }} - initialDelaySeconds: {{ .Values.controller.startupProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.controller.startupProbe.periodSeconds }} - successThreshold: {{ .Values.controller.startupProbe.successThreshold }} - timeoutSeconds: {{ .Values.controller.startupProbe.timeoutSeconds }} - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - {{- range .Values.controller.extraEnvs }} - - name: "{{ .name }}" - value: "{{ .value }}" - {{- end }} - resources: - {{- toYaml .Values.controller.resources | nindent 12 }} - {{- if .Values.controller.lifecycle }} - lifecycle: - {{- if eq "string" (printf "%T" .Values.controller.lifecycle) }} -{{ tpl .Values.controller.lifecycle . | indent 12 }} - {{- else }} -{{ toYaml .Values.controller.lifecycle | indent 12 }} - {{- end }} - {{- end }} - {{- if .Values.controller.extraVolumeMounts }} - volumeMounts: - {{- if eq "string" (printf "%T" .Values.controller.extraVolumeMounts) }} -{{ tpl .Values.controller.extraVolumeMounts . | indent 12 }} - {{- else }} -{{ toYaml .Values.controller.extraVolumeMounts | indent 12 }} - {{- end }} - {{- end}} - {{- if .Values.controller.extraContainers }} - {{- if eq "string" (printf "%T" .Values.controller.extraContainers) }} -{{ tpl .Values.controller.extraContainers . | indent 8 }} - {{- else }} -{{ toYaml .Values.controller.extraContainers | indent 8 }} - {{- end }} - {{- end }} - {{- if .Values.controller.extraVolumes }} - volumes: - {{- if eq "string" (printf "%T" .Values.controller.extraVolumes) }} -{{ tpl .Values.controller.extraVolumes . | indent 8 }} - {{- else }} -{{ toYaml .Values.controller.extraVolumes | indent 8 }} - {{- end }} - {{- end }} - {{- if or .Values.controller.unprivileged .Values.controller.initContainers }} - initContainers: - {{- if .Values.controller.unprivileged }} - - name: sysctl - image: busybox:musl - command: - - /bin/sh - - -c - - sysctl -w net.ipv4.ip_unprivileged_port_start=0 - securityContext: - privileged: true - {{- end }} - {{- with.Values.controller.initContainers }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- end }} - {{- with .Values.controller.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.controller.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.controller.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} -{{- end }} diff --git a/charts/haproxy/haproxy/1.12.500/templates/controller-defaultcertsecret.yaml b/charts/haproxy/haproxy/1.12.500/templates/controller-defaultcertsecret.yaml deleted file mode 100755 index b409c7b25..000000000 --- a/charts/haproxy/haproxy/1.12.500/templates/controller-defaultcertsecret.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if .Values.controller.defaultTLSSecret.enabled }} -apiVersion: v1 -kind: Secret -type: kubernetes.io/tls -metadata: - name: {{ template "kubernetes-ingress.defaultTLSSecret.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - annotations: - "helm.sh/hook": "pre-install" - "helm.sh/hook-delete-policy": "before-hook-creation" -data: -{{ ( include "kubernetes-ingress.gen-certs" . ) | indent 2 }} -{{- end }} \ No newline at end of file diff --git a/charts/haproxy/haproxy/1.12.500/templates/controller-deployment.yaml b/charts/haproxy/haproxy/1.12.500/templates/controller-deployment.yaml deleted file mode 100755 index 53568e1d9..000000000 --- a/charts/haproxy/haproxy/1.12.500/templates/controller-deployment.yaml +++ /dev/null @@ -1,229 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if eq .Values.controller.kind "Deployment" }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "kubernetes-ingress.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - {{- if .Values.controller.extraLabels }} -{{ toYaml .Values.controller.extraLabels | indent 4 }} - {{- end }} -spec: - {{- if not .Values.controller.autoscaling.enabled }} - replicas: {{ .Values.controller.replicaCount }} - {{- end }} - selector: - matchLabels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- with .Values.controller.strategy }} - strategy: - {{- toYaml . | nindent 4 }} - {{- end }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.controller.podLabels }} -{{ toYaml .Values.controller.podLabels | indent 8 }} - {{- end }} - {{- if .Values.controller.podAnnotations }} - annotations: -{{ toYaml .Values.controller.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: {{ template "kubernetes-ingress.serviceAccountName" . }} - terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }} -{{- with .Values.controller.topologySpreadConstraints }} - topologySpreadConstraints: - {{- toYaml . | nindent 8 }} -{{- end }} -{{- if .Values.controller.dnsConfig }} - dnsConfig: -{{ toYaml .Values.controller.dnsConfig | indent 8 }} -{{- end }} - dnsPolicy: {{ .Values.controller.dnsPolicy }} -{{- if .Values.controller.imageCredentials.registry }} - imagePullSecrets: - - name: {{ template "kubernetes-ingress.fullname" . }} -{{- else if .Values.controller.existingImagePullSecret }} - imagePullSecrets: - - name: {{ .Values.controller.existingImagePullSecret }} -{{- end }} -{{- if .Values.controller.priorityClassName }} - priorityClassName: {{ .Values.controller.priorityClassName }} -{{- end }} - containers: - - name: {{ template "kubernetes-ingress.name" . }}-{{ .Values.controller.name }} - image: "{{ .Values.controller.image.repository }}:{{ tpl .Values.controller.image.tag . }}" - imagePullPolicy: {{ .Values.controller.image.pullPolicy }} - args: -{{- if .Values.controller.defaultTLSSecret.secret }} - - --default-ssl-certificate={{ .Release.Namespace }}/{{ .Values.controller.defaultTLSSecret.secret }} -{{- else }} - - --default-ssl-certificate={{ .Release.Namespace }}/{{ template "kubernetes-ingress.defaultTLSSecret.fullname" . }} -{{- end }} - - --configmap={{ .Release.Namespace }}/{{ template "kubernetes-ingress.fullname" . }} -{{- if .Values.defaultBackend.enabled }} - - --default-backend-service={{ .Release.Namespace }}/{{ template "kubernetes-ingress.defaultBackend.fullname" . }} -{{- end }} -{{- if .Values.controller.ingressClass }} - - --ingress.class={{ .Values.controller.ingressClass }} -{{- end }} -{{- if .Values.controller.publishService.enabled }} - - --publish-service={{ template "kubernetes-ingress.publishServicePath" . }} -{{- end }} -{{- if .Values.controller.logging.level }} - - --log={{ .Values.controller.logging.level }} -{{- end }} -{{- range .Values.controller.extraArgs }} - - {{ . }} -{{- end }} - {{- if .Values.controller.unprivileged }} - securityContext: - runAsUser: 1000 - runAsGroup: 1000 - capabilities: - drop: - - ALL - add: - - NET_BIND_SERVICE - {{- end }} - ports: - {{- range $key, $value := .Values.controller.containerPort }} - - name: {{ $key }} - containerPort: {{ $value }} - protocol: TCP - {{- end }} - {{- range .Values.controller.service.tcpPorts }} - - name: {{ .name }}-tcp - containerPort: {{ .targetPort }} - protocol: TCP - {{- end }} - livenessProbe: - failureThreshold: {{ .Values.controller.livenessProbe.failureThreshold }} - httpGet: - path: {{ .Values.controller.livenessProbe.path }} - port: {{ .Values.controller.livenessProbe.port }} - scheme: {{ .Values.controller.livenessProbe.scheme }} - initialDelaySeconds: {{ .Values.controller.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.controller.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.controller.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.controller.livenessProbe.timeoutSeconds }} - readinessProbe: - failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }} - httpGet: - path: {{ .Values.controller.readinessProbe.path }} - port: {{ .Values.controller.readinessProbe.port }} - scheme: {{ .Values.controller.readinessProbe.scheme }} - initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.controller.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }} - startupProbe: - failureThreshold: {{ .Values.controller.startupProbe.failureThreshold }} - httpGet: - path: {{ .Values.controller.startupProbe.path }} - port: {{ .Values.controller.startupProbe.port }} - scheme: {{ .Values.controller.startupProbe.scheme }} - initialDelaySeconds: {{ .Values.controller.startupProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.controller.startupProbe.periodSeconds }} - successThreshold: {{ .Values.controller.startupProbe.successThreshold }} - timeoutSeconds: {{ .Values.controller.startupProbe.timeoutSeconds }} - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - {{- range .Values.controller.extraEnvs }} - - name: {{ .name }} - value: {{ .value }} - {{- end }} - resources: - {{- toYaml .Values.controller.resources | nindent 12 }} - {{- if .Values.controller.lifecycle }} - lifecycle: - {{- if eq "string" (printf "%T" .Values.controller.lifecycle) }} -{{ tpl .Values.controller.lifecycle . | indent 12 }} - {{- else }} -{{ toYaml .Values.controller.lifecycle | indent 12 }} - {{- end }} - {{- end }} - {{- if .Values.controller.extraVolumeMounts }} - volumeMounts: - {{- if eq "string" (printf "%T" .Values.controller.extraVolumeMounts) }} -{{ tpl .Values.controller.extraVolumeMounts . | indent 12 }} - {{- else }} -{{ toYaml .Values.controller.extraVolumeMounts | indent 12 }} - {{- end }} - {{- end}} - {{- if .Values.controller.extraContainers }} - {{- if eq "string" (printf "%T" .Values.controller.extraContainers) }} -{{ tpl .Values.controller.extraContainers . | indent 8 }} - {{- else }} -{{ toYaml .Values.controller.extraContainers | indent 8 }} - {{- end }} - {{- end }} - {{- if .Values.controller.extraVolumes }} - volumes: - {{- if eq "string" (printf "%T" .Values.controller.extraVolumes) }} -{{ tpl .Values.controller.extraVolumes . | indent 8 }} - {{- else }} -{{ toYaml .Values.controller.extraVolumes | indent 8 }} - {{- end }} - {{- end }} - {{- if or .Values.controller.unprivileged .Values.controller.initContainers }} - initContainers: - {{- if .Values.controller.unprivileged }} - - name: sysctl - image: busybox:musl - command: - - /bin/sh - - -c - - sysctl -w net.ipv4.ip_unprivileged_port_start=0 - securityContext: - privileged: true - {{- end }} - {{- with.Values.controller.initContainers }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- end }} - {{- with .Values.controller.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.controller.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.controller.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} -{{- end }} diff --git a/charts/haproxy/haproxy/1.12.500/templates/controller-hpa.yaml b/charts/haproxy/haproxy/1.12.500/templates/controller-hpa.yaml deleted file mode 100755 index 102b23439..000000000 --- a/charts/haproxy/haproxy/1.12.500/templates/controller-hpa.yaml +++ /dev/null @@ -1,49 +0,0 @@ -{{/* -Copyright 2020 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if and (eq .Values.controller.kind "Deployment") .Values.controller.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: {{ template "kubernetes-ingress.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ template "kubernetes-ingress.fullname" . }} - minReplicas: {{ .Values.controller.autoscaling.minReplicas }} - maxReplicas: {{ .Values.controller.autoscaling.maxReplicas }} - metrics: - {{- if .Values.controller.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ .Values.controller.autoscaling.targetCPUUtilizationPercentage }} - {{- end }} - {{- if .Values.controller.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - targetAverageUtilization: {{ .Values.controller.autoscaling.targetMemoryUtilizationPercentage }} - {{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/haproxy/haproxy/1.12.500/templates/controller-poddisruptionbudget.yaml b/charts/haproxy/haproxy/1.12.500/templates/controller-poddisruptionbudget.yaml deleted file mode 100755 index e08d25cc7..000000000 --- a/charts/haproxy/haproxy/1.12.500/templates/controller-poddisruptionbudget.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if .Values.controller.PodDisruptionBudget.enable }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ template "kubernetes-ingress.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} -spec: - {{- if .Values.controller.PodDisruptionBudget.maxUnavailable }} - maxUnavailable: {{ .Values.controller.PodDisruptionBudget.maxUnavailable }} - {{- end }} - {{- if .Values.controller.PodDisruptionBudget.minAvailable }} - minAvailable: {{ .Values.controller.PodDisruptionBudget.minAvailable }} - {{- end }} - selector: - matchLabels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} \ No newline at end of file diff --git a/charts/haproxy/haproxy/1.12.500/templates/controller-podsecuritypolicy.yaml b/charts/haproxy/haproxy/1.12.500/templates/controller-podsecuritypolicy.yaml deleted file mode 100755 index 7851e2acf..000000000 --- a/charts/haproxy/haproxy/1.12.500/templates/controller-podsecuritypolicy.yaml +++ /dev/null @@ -1,80 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled }} -{{- $useHostNetwork := .Values.controller.daemonset.useHostNetwork }} -{{- $useHostPort := .Values.controller.daemonset.useHostPort }} -{{- $hostPorts := .Values.controller.daemonset.hostPorts -}} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: -{{- if .Values.podSecurityPolicy.annotations }} - annotations: -{{ toYaml .Values.podSecurityPolicy.annotations | indent 4 }} -{{- end }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - name: {{ template "kubernetes-ingress.fullname" . }} - annotations: - seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default,runtime/default' - apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default' - seccomp.security.alpha.kubernetes.io/defaultProfileName: 'runtime/default' - apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' -spec: - allowPrivilegeEscalation: false - allowedCapabilities: - - NET_BIND_SERVICE - defaultAllowPrivilegeEscalation: false - fsGroup: - rule: MustRunAs - ranges: - - max: 65535 - min: 1 -{{- if $useHostNetwork }} - hostNetwork: true -{{- end }} -{{- if or $useHostPort $useHostNetwork }} - hostPorts: -{{- range $key, $value := .Values.controller.containerPort }} - - min: {{ $value }} - max: {{ $value }} -{{- end }} -{{- range .Values.controller.service.tcpPorts }} - - min: {{ .port }} - max: {{ .port }} -{{- end }} -{{- end }} - hostIPC: false - hostPID: false - privileged: false - runAsUser: - rule: RunAsAny - seLinux: - rule: RunAsAny - supplementalGroups: - rule: MustRunAs - ranges: - - max: 65535 - min: 1 - volumes: - - configMap - - downwardAPI - - secret -{{- end }} diff --git a/charts/haproxy/haproxy/1.12.500/templates/controller-pullsecret.yaml b/charts/haproxy/haproxy/1.12.500/templates/controller-pullsecret.yaml deleted file mode 100755 index 88252394c..000000000 --- a/charts/haproxy/haproxy/1.12.500/templates/controller-pullsecret.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if .Values.controller.imageCredentials.registry }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "kubernetes-ingress.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} -type: kubernetes.io/dockerconfigjson -data: - .dockerconfigjson: {{ template "kubernetes-ingress.imagePullSecret" . }} -{{- end }} diff --git a/charts/haproxy/haproxy/1.12.500/templates/controller-role.yaml b/charts/haproxy/haproxy/1.12.500/templates/controller-role.yaml deleted file mode 100755 index 3e41df6e4..000000000 --- a/charts/haproxy/haproxy/1.12.500/templates/controller-role.yaml +++ /dev/null @@ -1,38 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "kubernetes-ingress.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} -rules: -- apiGroups: - - "policy" - resources: - - podsecuritypolicies - verbs: - - use - resourceNames: - - {{ template "kubernetes-ingress.fullname" . }} -{{- end -}} diff --git a/charts/haproxy/haproxy/1.12.500/templates/controller-rolebinding.yaml b/charts/haproxy/haproxy/1.12.500/templates/controller-rolebinding.yaml deleted file mode 100755 index 40404a401..000000000 --- a/charts/haproxy/haproxy/1.12.500/templates/controller-rolebinding.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "kubernetes-ingress.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "kubernetes-ingress.fullname" . }} -subjects: -- kind: ServiceAccount - name: {{ template "kubernetes-ingress.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/charts/haproxy/haproxy/1.12.500/templates/controller-service.yaml b/charts/haproxy/haproxy/1.12.500/templates/controller-service.yaml deleted file mode 100755 index eb2eea381..000000000 --- a/charts/haproxy/haproxy/1.12.500/templates/controller-service.yaml +++ /dev/null @@ -1,101 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if .Values.controller.service.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "kubernetes-ingress.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} -{{- if .Values.controller.service.labels }} -{{ toYaml .Values.controller.service.labels | indent 4 }} -{{- end }} - annotations: -{{- range $key, $value := .Values.controller.service.annotations }} - {{ $key }}: {{ $value | quote }} -{{- end }} -spec: - {{ with .Values.controller.service.clusterIP }}clusterIP: {{ . }}{{ end }} - type: {{ .Values.controller.service.type }} - {{- if .Values.controller.service.externalTrafficPolicy }} - externalTrafficPolicy: {{ .Values.controller.service.externalTrafficPolicy }} - {{- end }} - {{- if .Values.controller.service.healthCheckNodePort }} - healthCheckNodePort: {{ .Values.controller.service.healthCheckNodePort }} - {{- end }} - ports: - {{- if .Values.controller.service.enablePorts.http }} - - name: http - port: {{ .Values.controller.service.ports.http }} - protocol: TCP - targetPort: {{ .Values.controller.service.targetPorts.http }} - {{- if .Values.controller.service.nodePorts.http }} - nodePort: {{ .Values.controller.service.nodePorts.http }} - {{- end }} - {{- end }} - {{- if .Values.controller.service.enablePorts.https }} - - name: https - port: {{ .Values.controller.service.ports.https }} - protocol: TCP - targetPort: {{ .Values.controller.service.targetPorts.https }} - {{- if .Values.controller.service.nodePorts.https }} - nodePort: {{ .Values.controller.service.nodePorts.https }} - {{- end }} - {{- end }} - {{- if .Values.controller.service.enablePorts.stat }} - - name: stat - port: {{ .Values.controller.service.ports.stat }} - protocol: TCP - targetPort: {{ .Values.controller.service.targetPorts.stat }} - {{- if .Values.controller.service.nodePorts.stat }} - nodePort: {{ .Values.controller.service.nodePorts.stat }} - {{- end }} - {{- end }} - {{- range .Values.controller.service.tcpPorts }} - - name: {{ .name }}-tcp - port: {{ .port }} - protocol: TCP - targetPort: {{ .targetPort }} - {{- if .nodePort }} - nodePort: {{ .nodePort }} - {{- end }} - {{- end }} - selector: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.controller.service.sessionAffinity }} - sessionAffinity: {{ .Values.controller.service.sessionAffinity }} - {{- end }} - externalIPs: -{{- if .Values.controller.service.externalIPs }} -{{ toYaml .Values.controller.service.externalIPs | indent 4 }} -{{- end -}} -{{- if (eq .Values.controller.service.type "LoadBalancer") }} -{{- if .Values.controller.service.loadBalancerIP }} - loadBalancerIP: "{{ .Values.controller.service.loadBalancerIP }}" -{{- end }} -{{- if .Values.controller.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml .Values.controller.service.loadBalancerSourceRanges | indent 4 }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/haproxy/haproxy/1.12.500/templates/controller-serviceaccount.yaml b/charts/haproxy/haproxy/1.12.500/templates/controller-serviceaccount.yaml deleted file mode 100755 index c90710990..000000000 --- a/charts/haproxy/haproxy/1.12.500/templates/controller-serviceaccount.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if or .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "kubernetes-ingress.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} -{{- end -}} diff --git a/charts/haproxy/haproxy/1.12.500/templates/controller-servicemonitor.yaml b/charts/haproxy/haproxy/1.12.500/templates/controller-servicemonitor.yaml deleted file mode 100755 index 0f4c2c3af..000000000 --- a/charts/haproxy/haproxy/1.12.500/templates/controller-servicemonitor.yaml +++ /dev/null @@ -1,41 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if .Values.controller.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "kubernetes-ingress.serviceMonitorName" . }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - {{- if .Values.controller.serviceMonitor.extraLabels }} - {{ toYaml .Values.controller.serviceMonitor.extraLabels | nindent 4 }} - {{- end }} -spec: - endpoints: - {{ .Values.controller.serviceMonitor.endpoints | toYaml | nindent 4 }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} - selector: - matchLabels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} diff --git a/charts/haproxy/haproxy/1.12.500/templates/default-backend-deployment.yaml b/charts/haproxy/haproxy/1.12.500/templates/default-backend-deployment.yaml deleted file mode 100755 index af9930dc3..000000000 --- a/charts/haproxy/haproxy/1.12.500/templates/default-backend-deployment.yaml +++ /dev/null @@ -1,88 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if .Values.defaultBackend.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} -spec: - {{- if not .Values.defaultBackend.autoscaling.enabled }} - replicas: {{ .Values.defaultBackend.replicaCount }} - {{- end }} - selector: - matchLabels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.defaultBackend.podLabels }} -{{ toYaml .Values.defaultBackend.podLabels | indent 8 }} - {{- end }} - {{- if .Values.defaultBackend.podAnnotations }} - annotations: -{{ toYaml .Values.defaultBackend.podAnnotations | indent 8 }} - {{- end }} - spec: -{{- with .Values.defaultBackend.topologySpreadConstraints }} - topologySpreadConstraints: - {{- toYaml . | nindent 8 }} -{{- end }} -{{- if .Values.controller.priorityClassName }} - priorityClassName: {{ .Values.controller.priorityClassName }} -{{- end }} - containers: - - name: {{ template "kubernetes-ingress.name" . }}-{{ .Values.defaultBackend.name }} - image: "{{ .Values.defaultBackend.image.repository }}:{{ .Values.defaultBackend.image.tag }}" - imagePullPolicy: {{ .Values.defaultBackend.image.pullPolicy }} - ports: - - name: http - containerPort: {{ .Values.defaultBackend.containerPort }} - protocol: TCP - {{- if .Values.defaultBackend.extraEnvs }} - env: - {{- range .Values.defaultBackend.extraEnvs }} - - name: "{{ .name }}" - value: "{{ .value }}" - {{- end }} - {{- end }} - resources: - {{- toYaml .Values.defaultBackend.resources | nindent 12 }} - {{- with .Values.defaultBackend.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.defaultBackend.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ template "kubernetes-ingress.defaultBackend.serviceAccountName" . }} - terminationGracePeriodSeconds: 60 - {{- with .Values.defaultBackend.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} -{{- end }} diff --git a/charts/haproxy/haproxy/1.12.500/templates/default-backend-hpa.yaml b/charts/haproxy/haproxy/1.12.500/templates/default-backend-hpa.yaml deleted file mode 100755 index 0fd8a65b7..000000000 --- a/charts/haproxy/haproxy/1.12.500/templates/default-backend-hpa.yaml +++ /dev/null @@ -1,49 +0,0 @@ -{{/* -Copyright 2020 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if and .Values.defaultBackend.autoscaling.enabled .Values.defaultBackend.enabled }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }} - minReplicas: {{ .Values.defaultBackend.autoscaling.minReplicas }} - maxReplicas: {{ .Values.defaultBackend.autoscaling.maxReplicas }} - metrics: - {{- if .Values.defaultBackend.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ .Values.defaultBackend.autoscaling.targetCPUUtilizationPercentage }} - {{- end }} - {{- if .Values.defaultBackend.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - targetAverageUtilization: {{ .Values.defaultBackend.autoscaling.targetMemoryUtilizationPercentage }} - {{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/haproxy/haproxy/1.12.500/templates/default-backend-podsecuritypolicy.yaml b/charts/haproxy/haproxy/1.12.500/templates/default-backend-podsecuritypolicy.yaml deleted file mode 100755 index 82397b57b..000000000 --- a/charts/haproxy/haproxy/1.12.500/templates/default-backend-podsecuritypolicy.yaml +++ /dev/null @@ -1,64 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: -{{- if .Values.podSecurityPolicy.annotations }} - annotations: -{{ toYaml .Values.podSecurityPolicy.annotations | indent 4 }} -{{- end }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }} - annotations: - seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default,runtime/default' - apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default' - seccomp.security.alpha.kubernetes.io/defaultProfileName: 'runtime/default' - apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' -spec: - allowPrivilegeEscalation: false - allowedCapabilities: - - NET_BIND_SERVICE - defaultAllowPrivilegeEscalation: false - fsGroup: - rule: MustRunAs - ranges: - - max: 65535 - min: 1 - hostNetwork: false - hostIPC: false - hostPID: false - privileged: false - runAsUser: - rule: RunAsAny - seLinux: - rule: RunAsAny - supplementalGroups: - rule: MustRunAs - ranges: - - max: 65535 - min: 1 - volumes: - - configMap - - downwardAPI - - secret -{{- end }} diff --git a/charts/haproxy/haproxy/1.12.500/templates/default-backend-role.yaml b/charts/haproxy/haproxy/1.12.500/templates/default-backend-role.yaml deleted file mode 100755 index 8475d04fc..000000000 --- a/charts/haproxy/haproxy/1.12.500/templates/default-backend-role.yaml +++ /dev/null @@ -1,38 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} -rules: -- apiGroups: - - "policy" - resources: - - podsecuritypolicies - verbs: - - use - resourceNames: - - {{ template "kubernetes-ingress.defaultBackend.fullname" . }} -{{- end -}} diff --git a/charts/haproxy/haproxy/1.12.500/templates/default-backend-rolebinding.yaml b/charts/haproxy/haproxy/1.12.500/templates/default-backend-rolebinding.yaml deleted file mode 100755 index 3a94e9418..000000000 --- a/charts/haproxy/haproxy/1.12.500/templates/default-backend-rolebinding.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }} -subjects: -- kind: ServiceAccount - name: {{ template "kubernetes-ingress.defaultBackend.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/charts/haproxy/haproxy/1.12.500/templates/default-backend-service.yaml b/charts/haproxy/haproxy/1.12.500/templates/default-backend-service.yaml deleted file mode 100755 index 6e0cf0e98..000000000 --- a/charts/haproxy/haproxy/1.12.500/templates/default-backend-service.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if .Values.defaultBackend.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} -spec: - type: ClusterIP - clusterIP: None - ports: - - name: http - port: {{ .Values.defaultBackend.service.port }} - protocol: TCP - targetPort: http - selector: - app.kubernetes.io/name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }} - app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} diff --git a/charts/haproxy/haproxy/1.12.500/templates/default-backend-serviceaccount.yaml b/charts/haproxy/haproxy/1.12.500/templates/default-backend-serviceaccount.yaml deleted file mode 100755 index 3c0853b14..000000000 --- a/charts/haproxy/haproxy/1.12.500/templates/default-backend-serviceaccount.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if and .Values.serviceAccount.create .Values.defaultBackend.serviceAccount.create .Values.defaultBackend.enabled -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "kubernetes-ingress.defaultBackend.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} -{{- end -}} diff --git a/charts/haproxy/haproxy/1.12.500/values.yaml b/charts/haproxy/haproxy/1.12.500/values.yaml deleted file mode 100755 index 98b3e74a9..000000000 --- a/charts/haproxy/haproxy/1.12.500/values.yaml +++ /dev/null @@ -1,162 +0,0 @@ -controller: - PodDisruptionBudget: - enable: false - affinity: {} - autoscaling: - enabled: false - maxReplicas: 20 - minReplicas: 2 - targetCPUUtilizationPercentage: 80 - config: {} - containerPort: - http: 80 - https: 443 - stat: 1024 - daemonset: - hostPorts: - http: 80 - https: 443 - stat: 1024 - useHostNetwork: false - useHostPort: false - defaultTLSSecret: - enabled: true - secret: null - dnsConfig: {} - dnsPolicy: ClusterFirst - existingImagePullSecret: null - extraArgs: [] - extraContainers: [] - extraEnvs: [] - extraLabels: {} - extraVolumeMounts: [] - extraVolumes: [] - image: - pullPolicy: IfNotPresent - repository: haproxytech/kubernetes-ingress - tag: '{{ .Chart.AppVersion }}' - imageCredentials: - password: null - registry: null - username: null - ingressClass: null - initContainers: [] - kind: Deployment - lifecycle: {} - livenessProbe: - failureThreshold: 3 - initialDelaySeconds: 0 - path: /healthz - periodSeconds: 10 - port: 1042 - scheme: HTTP - successThreshold: 1 - timeoutSeconds: 1 - logging: - level: info - traffic: {} - name: controller - nodeSelector: {} - podAnnotations: {} - podLabels: {} - priorityClassName: "" - publishService: - enabled: false - pathOverride: "" - readinessProbe: - failureThreshold: 3 - initialDelaySeconds: 0 - path: /healthz - periodSeconds: 10 - port: 1042 - scheme: HTTP - successThreshold: 1 - timeoutSeconds: 1 - replicaCount: 2 - resources: - requests: - cpu: 100m - memory: 64Mi - service: - annotations: {} - enablePorts: - http: true - https: true - stat: true - enabled: true - externalIPs: [] - healthCheckNodePort: 0 - labels: {} - loadBalancerIP: "" - loadBalancerSourceRanges: [] - nodePorts: {} - ports: - http: 80 - https: 443 - stat: 1024 - targetPorts: - http: http - https: https - stat: stat - tcpPorts: [] - type: NodePort - serviceMonitor: - enabled: false - endpoints: - - path: /metrics - port: stat - scheme: http - extraLabels: {} - startupProbe: - failureThreshold: 20 - initialDelaySeconds: 0 - path: /healthz - periodSeconds: 1 - port: 1042 - scheme: HTTP - successThreshold: 1 - timeoutSeconds: 1 - strategy: {} - terminationGracePeriodSeconds: 60 - tolerations: [] - topologySpreadConstraints: [] - unprivileged: false -defaultBackend: - affinity: {} - autoscaling: - enabled: false - maxReplicas: 2 - minReplicas: 1 - targetCPUUtilizationPercentage: 80 - containerPort: 8080 - enabled: true - extraEnvs: [] - image: - pullPolicy: IfNotPresent - repository: k8s.gcr.io/defaultbackend-amd64 - runAsUser: 65534 - tag: 1.5 - name: default-backend - nodeSelector: {} - podAnnotations: {} - podLabels: {} - priorityClassName: "" - replicaCount: 2 - resources: - requests: - cpu: 10m - memory: 16Mi - service: - port: 8080 - serviceAccount: - create: true - tolerations: [] - topologySpreadConstraints: [] -podSecurityPolicy: - annotations: {} - enabled: false -rbac: - create: true -serviceAccount: - create: true - name: null diff --git a/charts/haproxy/haproxy/1.4.300/.helmignore b/charts/haproxy/haproxy/1.4.300/.helmignore deleted file mode 100755 index f0c131944..000000000 --- a/charts/haproxy/haproxy/1.4.300/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/haproxy/haproxy/1.4.300/Chart.yaml b/charts/haproxy/haproxy/1.4.300/Chart.yaml deleted file mode 100755 index 82f44ba5e..000000000 --- a/charts/haproxy/haproxy/1.4.300/Chart.yaml +++ /dev/null @@ -1,23 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: haproxy -apiVersion: v1 -appVersion: 1.4.6 -description: A Helm chart for HAProxy Kubernetes Ingress Controller -home: https://github.com/haproxytech/helm-charts/tree/master/kubernetes-ingress -icon: http://www.haproxy.org/img/HAProxyCommunityEdition_60px.png -keywords: -- ingress -- haproxy -kubeVersion: '>=1.12.0-0' -maintainers: -- email: mmhedhbi@haproxy.com - name: Moemen Mhedhbi -- email: bassmann@haproxy.com - name: Baptiste Assmann -- email: dkorunic@haproxy.com - name: Dinko Korunic -name: haproxy -sources: -- https://github.com/haproxytech/kubernetes-ingress -version: 1.4.300 diff --git a/charts/haproxy/haproxy/1.4.300/README.md b/charts/haproxy/haproxy/1.4.300/README.md deleted file mode 100755 index 73e4e2fcb..000000000 --- a/charts/haproxy/haproxy/1.4.300/README.md +++ /dev/null @@ -1,190 +0,0 @@ -# ![HAProxy](https://github.com/haproxytech/kubernetes-ingress/raw/master/assets/images/haproxy-weblogo-210x49.png "HAProxy") - -## HAProxy Kubernetes Ingress Controller - -An ingress controller is a Kubernetes resource that routes traffic from outside your cluster to services within the cluster. HAProxy Kubernetes Ingress Controller uses ConfigMap to store the haproxy configuration. - -Detailed documentation can be found within the [Official Documentation](https://www.haproxy.com/documentation/hapee/2-0r1/traffic-management/kubernetes-ingress-controller/). - -Additional configuration details can be found in [annotation reference](https://github.com/haproxytech/kubernetes-ingress/tree/master/documentation) and in image [arguments reference](https://github.com/haproxytech/kubernetes-ingress/blob/master/documentation/controller.md). - -## Introduction - -This chart bootstraps an HAProxy kubernetes-ingress deployment/daemonset on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -### Prerequisites - - - Kubernetes 1.12+ - - Helm 2.9+ - -## Before you begin - -### Setup a Kubernetes Cluster - -The quickest way to setup a Kubernetes cluster is with [Azure Kubernetes Service](https://azure.microsoft.com/en-us/services/kubernetes-service/), [AWS Elastic Kubernetes Service](https://aws.amazon.com/eks/) or [Google Kubernetes Engine](https://cloud.google.com/kubernetes-engine/) using their respective quick-start guides. - -For setting up Kubernetes on other cloud platforms or bare-metal servers refer to the Kubernetes [getting started guide](http://kubernetes.io/docs/getting-started-guides/). - -### Install Helm - -Get the latest [Helm release](https://github.com/helm/helm#install). - -### Add Helm chart repo - -Once you have Helm installed, add the repo as follows: - -```console -helm repo add haproxytech https://haproxytech.github.io/helm-charts -helm repo update -``` - -## Install the chart - -To install the chart with Helm v3 as *my-release* deployment: - -```console -helm install my-release haproxytech/kubernetes-ingress -``` - -***NOTE***: To install the chart with Helm v2 (legacy Helm) the syntax requires adding deployment name to `--name` parameter: - -```console -helm install haproxytech/kubernetes-ingress \ - --name my-release -``` - -### Installing with unique name - -To auto-generate controller and its resources names when installing, use the following: - -```console -helm install haproxytech/kubernetes-ingress \ - --generate-name -``` - -### Installing from a private registry - -To install the chart using a private registry for controller into a separate namespace *prod*. - -***NOTE***: Helm v3 requires namespace to be precreated (eg. with ```kubectl create namespace prod```) - -```console -helm install my-ingress haproxytech/kubernetes-ingress \ - --namespace prod \ - --set controller.image.tag=SOMETAG \ - --set controller.imageCredentials.registry=myregistry.domain.com \ - --set controller.imageCredentials.username=MYUSERNAME \ - --set controller.imageCredentials.password=MYPASSWORD -``` - -### Installing as DaemonSet - -Default controller mode is [Deployment](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/), but it is possible to use [DaemonSet](https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/) as well: - -```console -helm install my-ingress2 haproxytech/kubernetes-ingress \ - --set controller.kind=DaemonSet -``` - -### Installing in multi-ingress environment - -It is also possible to set controller ingress class to be used in [multi-ingress environments](https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/#using-multiple-ingress-controllers): - -```console -helm install my-ingress3 haproxytech/kubernetes-ingress \ - --set controller.kind=DaemonSet \ - --set controller.ingressClass=haproxy -``` - -***NOTE***: make sure your Ingress routes have corresponding `ingress.class: haproxy` annotation. - -### Installing with service annotations - -On some environments like EKS and GKE there might be a need to pass service annotations. Syntax can become a little tedious however: - -```console -helm install my-ingress3 haproxytech/kubernetes-ingress \ - --set controller.kind=DaemonSet \ - --set controller.ingressClass=haproxy \ - --set controller.service.type=LoadBalancer \ - --set controller.service.annotations."service\.beta\.kubernetes\.io/aws-load-balancer-internal"="0.0.0.0/0" \ - --set controller.service.annotations."service\.beta\.kubernetes\.io/aws-load-balancer-cross-zone-load-balancing-enabled"="true" -``` - -***NOTE***: With helm `--set` it is needed to put quotes and escape dots in the annotation key and commas in the value string. - -### Installing with Horizontal Pod Autoscaler - -[HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) automatically scales number of replicas in Deployment or Replication Controller and adjusts replica count. Therefore we want to unset default replicaCount for controller and defaultBackend by setting corresponding key values to null: - -```console -helm install my-ingress4 haproxytech/kubernetes-ingress \ - --set controller.replicaCount=null \ - --set defaultBackend.replicaCount=null -``` - -### Using values from YAML file - -As opposed to using many `--set` invocations, much simpler approach is to define value overrides in a separate YAML file and specify them when invoking Helm: - -*mylb.yaml*: - -```yaml -controller: - kind: DaemonSet - ingressClass: haproxy - service: - type: LoadBalancer - annotations: - service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: 'true' - service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0 -``` - -And invoking Helm becomes (compare to the previous example): - -```console -helm install my-ingress4 -f mylb.yml haproxytech/kubernetes-ingress -``` - -A typical YAML file for TCP services looks like (provided that configmap "[default/tcp](https://github.com/haproxytech/kubernetes-ingress/blob/master/documentation/controller.md)" was created) : - -```yaml -controller: - service: - tcpPorts: - - name: mysql - port: 3306 - targetPort: 3306 - extraArgs: - - --configmap-tcp-services=default/tcp -``` - -## Upgrading the chart - -To upgrade the *my-release* deployment: - -```console -helm upgrade my-release haproxytech/kubernetes-ingress -``` - -## Uninstalling the chart - -To uninstall/delete the *my-release* deployment: - -```console -helm delete kubernetes-ingress -``` - -## Debugging - -It is possible to generate a set of YAML files for testing/debugging: - -```console -helm install my-release haproxytech/kubernetes-ingress \ - --debug \ - --dry-run -``` - -## Contributing - -We welcome all contributions. Please refer to [guidelines](../CONTRIBUTING.md) on how to make a contribution. diff --git a/charts/haproxy/haproxy/1.4.300/app-readme.md b/charts/haproxy/haproxy/1.4.300/app-readme.md deleted file mode 100755 index aae3d1bd8..000000000 --- a/charts/haproxy/haproxy/1.4.300/app-readme.md +++ /dev/null @@ -1,8 +0,0 @@ -# HAProxy -[HAProxy](https://www.haproxy.org/) is the world's fastest and most widely used software load balancer. HAProxy allows organizations to deliver websites and applications with the utmost performance, observability, and security at any scale and in any environment. - -# HAProxy Enterprise -[HAProxy Enterprise](https://www.haproxy.com/products/haproxy-enterprise-edition/) is an enterprise-class version of HAProxy providing a robust and reliable code base with cutting edge features, an enterprise suite of add-ons, expert support, and professional services. At its core, it incorporates feature backports from the HAProxy development branch for customers who require immediate access to the latest functionality in a hardened version of code. - -## Introduction -This chart bootstraps the [HAProxy Ingress Controller](https://github.com/haproxytech/kubernetes-ingress) or the [HAProxy Enterprise Ingress Controller](https://www.haproxy.com/products/haproxy-enterprise-kubernetes-ingress-controller/) using the [Helm](https://helm.sh) package manager. diff --git a/charts/haproxy/haproxy/1.4.300/ci/daemonset-customconfig-values.yaml b/charts/haproxy/haproxy/1.4.300/ci/daemonset-customconfig-values.yaml deleted file mode 100755 index 116158a14..000000000 --- a/charts/haproxy/haproxy/1.4.300/ci/daemonset-customconfig-values.yaml +++ /dev/null @@ -1,4 +0,0 @@ -controller: - kind: DaemonSet - config: - rate-limit: "ON" diff --git a/charts/haproxy/haproxy/1.4.300/ci/daemonset-customnodeport-values.yaml b/charts/haproxy/haproxy/1.4.300/ci/daemonset-customnodeport-values.yaml deleted file mode 100755 index c9de04c16..000000000 --- a/charts/haproxy/haproxy/1.4.300/ci/daemonset-customnodeport-values.yaml +++ /dev/null @@ -1,7 +0,0 @@ -controller: - kind: DaemonSet - service: - type: NodePort - ports: - 8000: 10000 - 8001: 10001 diff --git a/charts/haproxy/haproxy/1.4.300/ci/daemonset-default-values.yaml b/charts/haproxy/haproxy/1.4.300/ci/daemonset-default-values.yaml deleted file mode 100755 index ddb25623a..000000000 --- a/charts/haproxy/haproxy/1.4.300/ci/daemonset-default-values.yaml +++ /dev/null @@ -1,2 +0,0 @@ -controller: - kind: DaemonSet diff --git a/charts/haproxy/haproxy/1.4.300/ci/daemonset-disabledsecretconfig-values.yaml b/charts/haproxy/haproxy/1.4.300/ci/daemonset-disabledsecretconfig-values.yaml deleted file mode 100755 index 362fbb982..000000000 --- a/charts/haproxy/haproxy/1.4.300/ci/daemonset-disabledsecretconfig-values.yaml +++ /dev/null @@ -1,4 +0,0 @@ -controller: - kind: DaemonSet - defaultTLSSecret: - enabled: false diff --git a/charts/haproxy/haproxy/1.4.300/ci/daemonset-enableports-values.yaml b/charts/haproxy/haproxy/1.4.300/ci/daemonset-enableports-values.yaml deleted file mode 100755 index 9a41dac52..000000000 --- a/charts/haproxy/haproxy/1.4.300/ci/daemonset-enableports-values.yaml +++ /dev/null @@ -1,7 +0,0 @@ -controller: - kind: DaemonSet - service: - enablePorts: - http: false - https: true - stat: false diff --git a/charts/haproxy/haproxy/1.4.300/ci/daemonset-extraargs-values.yaml b/charts/haproxy/haproxy/1.4.300/ci/daemonset-extraargs-values.yaml deleted file mode 100755 index 691acbc44..000000000 --- a/charts/haproxy/haproxy/1.4.300/ci/daemonset-extraargs-values.yaml +++ /dev/null @@ -1,4 +0,0 @@ -controller: - kind: DaemonSet - extraArgs: - - --namespace-whitelist=default diff --git a/charts/haproxy/haproxy/1.4.300/ci/daemonset-hostport-values.yaml b/charts/haproxy/haproxy/1.4.300/ci/daemonset-hostport-values.yaml deleted file mode 100755 index 45042ea50..000000000 --- a/charts/haproxy/haproxy/1.4.300/ci/daemonset-hostport-values.yaml +++ /dev/null @@ -1,8 +0,0 @@ -controller: - kind: DaemonSet - daemonset: - useHostPort: true - hostPorts: - http: 80 - https: 443 - stat: 1024 diff --git a/charts/haproxy/haproxy/1.4.300/ci/daemonset-nodeport-values.yaml b/charts/haproxy/haproxy/1.4.300/ci/daemonset-nodeport-values.yaml deleted file mode 100755 index ebc8f1020..000000000 --- a/charts/haproxy/haproxy/1.4.300/ci/daemonset-nodeport-values.yaml +++ /dev/null @@ -1,4 +0,0 @@ -controller: - kind: DaemonSet - service: - type: NodePort diff --git a/charts/haproxy/haproxy/1.4.300/ci/daemonset-publishservice-values.yaml b/charts/haproxy/haproxy/1.4.300/ci/daemonset-publishservice-values.yaml deleted file mode 100755 index b538cb542..000000000 --- a/charts/haproxy/haproxy/1.4.300/ci/daemonset-publishservice-values.yaml +++ /dev/null @@ -1,5 +0,0 @@ -controller: - kind: DaemonSet - service: - annotations: - service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0 diff --git a/charts/haproxy/haproxy/1.4.300/ci/daemonset-serviceannotation-values.yaml b/charts/haproxy/haproxy/1.4.300/ci/daemonset-serviceannotation-values.yaml deleted file mode 100755 index b538cb542..000000000 --- a/charts/haproxy/haproxy/1.4.300/ci/daemonset-serviceannotation-values.yaml +++ /dev/null @@ -1,5 +0,0 @@ -controller: - kind: DaemonSet - service: - annotations: - service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0 diff --git a/charts/haproxy/haproxy/1.4.300/ci/deployment-customconfig-values.yaml b/charts/haproxy/haproxy/1.4.300/ci/deployment-customconfig-values.yaml deleted file mode 100755 index 12c48d22d..000000000 --- a/charts/haproxy/haproxy/1.4.300/ci/deployment-customconfig-values.yaml +++ /dev/null @@ -1,3 +0,0 @@ -controller: - config: - rate-limit: "ON" diff --git a/charts/haproxy/haproxy/1.4.300/ci/deployment-customnodeport-values.yaml b/charts/haproxy/haproxy/1.4.300/ci/deployment-customnodeport-values.yaml deleted file mode 100755 index f044362aa..000000000 --- a/charts/haproxy/haproxy/1.4.300/ci/deployment-customnodeport-values.yaml +++ /dev/null @@ -1,6 +0,0 @@ -controller: - service: - type: NodePort - ports: - 8000: 10000 - 8001: 10001 diff --git a/charts/haproxy/haproxy/1.4.300/ci/deployment-default-values.yaml b/charts/haproxy/haproxy/1.4.300/ci/deployment-default-values.yaml deleted file mode 100755 index 792d60054..000000000 --- a/charts/haproxy/haproxy/1.4.300/ci/deployment-default-values.yaml +++ /dev/null @@ -1 +0,0 @@ -# diff --git a/charts/haproxy/haproxy/1.4.300/ci/deployment-disabledsecretconfig-values.yaml b/charts/haproxy/haproxy/1.4.300/ci/deployment-disabledsecretconfig-values.yaml deleted file mode 100755 index 767645997..000000000 --- a/charts/haproxy/haproxy/1.4.300/ci/deployment-disabledsecretconfig-values.yaml +++ /dev/null @@ -1,3 +0,0 @@ -controller: - defaultTLSSecret: - enabled: false diff --git a/charts/haproxy/haproxy/1.4.300/ci/deployment-enableports-values.yaml b/charts/haproxy/haproxy/1.4.300/ci/deployment-enableports-values.yaml deleted file mode 100755 index 03ff297b4..000000000 --- a/charts/haproxy/haproxy/1.4.300/ci/deployment-enableports-values.yaml +++ /dev/null @@ -1,6 +0,0 @@ -controller: - service: - enablePorts: - http: false - https: true - stat: false diff --git a/charts/haproxy/haproxy/1.4.300/ci/deployment-extraargs-values.yaml b/charts/haproxy/haproxy/1.4.300/ci/deployment-extraargs-values.yaml deleted file mode 100755 index d0e1dbe73..000000000 --- a/charts/haproxy/haproxy/1.4.300/ci/deployment-extraargs-values.yaml +++ /dev/null @@ -1,3 +0,0 @@ -controller: - extraArgs: - - --namespace-whitelist=default diff --git a/charts/haproxy/haproxy/1.4.300/ci/deployment-nodeport-values.yaml b/charts/haproxy/haproxy/1.4.300/ci/deployment-nodeport-values.yaml deleted file mode 100755 index ffdc47b2d..000000000 --- a/charts/haproxy/haproxy/1.4.300/ci/deployment-nodeport-values.yaml +++ /dev/null @@ -1,3 +0,0 @@ -controller: - service: - type: NodePort diff --git a/charts/haproxy/haproxy/1.4.300/ci/deployment-publishservice-values.yaml b/charts/haproxy/haproxy/1.4.300/ci/deployment-publishservice-values.yaml deleted file mode 100755 index 6d8bf9bf7..000000000 --- a/charts/haproxy/haproxy/1.4.300/ci/deployment-publishservice-values.yaml +++ /dev/null @@ -1,4 +0,0 @@ -controller: - kind: DaemonSet - publishService: - enabled: true diff --git a/charts/haproxy/haproxy/1.4.300/ci/deployment-replicacount-unset.yaml b/charts/haproxy/haproxy/1.4.300/ci/deployment-replicacount-unset.yaml deleted file mode 100755 index 78ee30060..000000000 --- a/charts/haproxy/haproxy/1.4.300/ci/deployment-replicacount-unset.yaml +++ /dev/null @@ -1,5 +0,0 @@ -controller: - replicaCount: null - -defaultBackend: - replicaCount: null diff --git a/charts/haproxy/haproxy/1.4.300/ci/deployment-serviceannotation-values.yaml b/charts/haproxy/haproxy/1.4.300/ci/deployment-serviceannotation-values.yaml deleted file mode 100755 index c103bd6c9..000000000 --- a/charts/haproxy/haproxy/1.4.300/ci/deployment-serviceannotation-values.yaml +++ /dev/null @@ -1,4 +0,0 @@ -controller: - service: - annotations: - service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0 diff --git a/charts/haproxy/haproxy/1.4.300/questions.yml b/charts/haproxy/haproxy/1.4.300/questions.yml deleted file mode 100755 index 27ff89e72..000000000 --- a/charts/haproxy/haproxy/1.4.300/questions.yml +++ /dev/null @@ -1,73 +0,0 @@ -questions: -- variable: imageDefault - default: true - description: "Use default Docker image" - label: Use Default Image - type: boolean - group: "Settings" - show_subquestion_if: false - subquestions: - - variable: controller.image.tag - default: "1.4.6" - description: "HAProxy Ingress Controller Tag" - type: string - label: HAProxy Ingress Controller Tag -- variable: controller.kind - type: enum - options: - - "DaemonSet" - - "Deployment" - default: "Deployment" - description: "Deployment Type" - label: Deployment Type - group: "Settings" -- variable: controller.service.type - type: enum - options: - - "LoadBalancer" - - "NodePort" - default: "NodePort" - description: "Service Type for HAProxy Ingress Controller" - label: Service Type - group: "Settings" -- variable: controller.ingressClass - default: "" - description: "Ingress Class for targeting this controller" - label: Ingress Class - type: string - group: "Settings" -- variable: controller.defaultTLSSecret.secret - default: "" - description: "Default TLS certificate secret" - label: TLS Certificate Secret - type: string - group: "Settings" -- variable: enableEnterprise - default: false - description: "Use HAProxy Enterprise" - label: Enable - type: boolean - group: "HAProxy Enterprise" - show_subquestion_if: true - subquestions: - - variable: controller.imageCredentials.registry - type: string - default: "kubernetes-registry.haproxy.com" - description: "HAProxy Enterprise Registtry" - label: Registry - - variable: controller.image.repository - type: string - default: "kubernetes-registry.haproxy.com/hapee-ingress" - description: "HAProxy Enterprise Registry" - label: Repository - - variable: controller.imageCredentials.username - type: string - default: "MYUSERNAME" - description: "HAProxy Enterprise Username" - label: Username - - variable: controller.imageCredentials.password - type: string - default: "MYPASSWORD" - description: "HAProxy Enterprise Password" - label: Password - diff --git a/charts/haproxy/haproxy/1.4.300/templates/NOTES.txt b/charts/haproxy/haproxy/1.4.300/templates/NOTES.txt deleted file mode 100755 index 522e23017..000000000 --- a/charts/haproxy/haproxy/1.4.300/templates/NOTES.txt +++ /dev/null @@ -1,67 +0,0 @@ -HAProxy Kubernetes Ingress Controller has been successfully installed. - -Controller image deployed is: "{{ .Values.controller.image.repository }}:{{ tpl .Values.controller.image.tag . }}". -Your controller is of a "{{ .Values.controller.kind }}" kind. Your controller service is running as a "{{ .Values.controller.service.type }}" type. -{{- if and .Values.rbac.create}} -RBAC authorization is enabled. -{{- else}} -RBAC authorization is disabled. -{{- end}} -{{- if .Values.controller.ingressClass}} -Controller ingress.class is set to "{{ .Values.controller.ingressClass }}" so make sure to use same annotation for -Ingress resource. -{{- end}} - -Service ports mapped are: -{{- if eq .Values.controller.kind "Deployment" }} -{{- range $key, $value := .Values.controller.containerPort }} - - name: {{ $key }} - containerPort: {{ $value }} - protocol: TCP -{{- end }} -{{- end }} -{{- if eq .Values.controller.kind "DaemonSet" }} -{{- $hostPorts := .Values.controller.daemonset.hostPorts -}} -{{- range $key, $value := .Values.controller.containerPort }} - - name: {{ $key }} - containerPort: {{ $value }} - protocol: TCP - hostPort: {{ index $hostPorts $key | default $value }} -{{- end }} -{{- end }} - -Node IP can be found with: - $ kubectl --namespace {{ .Release.Namespace }} get nodes -o jsonpath="{.items[0].status.addresses[1].address}" - -The following ingress resource routes traffic to pods that match the following: - * service name: web - * client's Host header: webdemo.com - * path begins with / - - --- - apiVersion: networking.k8s.io/v1beta1 - kind: Ingress - metadata: - name: web-ingress - namespace: default - spec: - rules: - - host: webdemo.com - http: - paths: - - path: / - backend: - serviceName: web - servicePort: 80 - -In case that you are using multi-ingress controller environment, make sure to use ingress.class annotation and match it -with helm chart option controller.ingressClass. - -For more examples and up to date documentation, please visit: - * Helm chart documentation: https://github.com/haproxytech/helm-charts/tree/master/kubernetes-ingress - * Controller documentation: https://www.haproxy.com/documentation/hapee/2-0r1/traffic-management/kubernetes-ingress-controller/ - * Annotation reference: https://github.com/haproxytech/kubernetes-ingress/tree/master/documentation - * Image parameters reference: https://github.com/haproxytech/kubernetes-ingress/blob/master/documentation/controller.md - - - diff --git a/charts/haproxy/haproxy/1.4.300/templates/_helpers.tpl b/charts/haproxy/haproxy/1.4.300/templates/_helpers.tpl deleted file mode 100755 index 23a9063ef..000000000 --- a/charts/haproxy/haproxy/1.4.300/templates/_helpers.tpl +++ /dev/null @@ -1,123 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{/* -Expand the name of the chart. -*/}} -{{- define "kubernetes-ingress.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "kubernetes-ingress.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "kubernetes-ingress.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{kubernetes-ingress.publishServicePath{/* -Encode an imagePullSecret string. -*/}} -{{- define "kubernetes-ingress.imagePullSecret" }} -{{- printf "{\"auths\": {\"%s\": {\"auth\": \"%s\"}}}" .Values.controller.imageCredentials.registry (printf "%s:%s" .Values.controller.imageCredentials.username .Values.controller.imageCredentials.password | b64enc) | b64enc }} -{{- end }} - -{{/* -Generate default certificate for HAProxy. -*/}} -{{- define "kubernetes-ingress.gen-certs" -}} -{{- $ca := genCA "kubernetes-ingress-ca" 365 -}} -{{- $cn := printf "%s.%s" .Release.Name .Release.Namespace -}} -{{- $cert := genSignedCert $cn nil nil 365 $ca -}} -tls.crt: {{ $cert.Cert | b64enc }} -tls.key: {{ $cert.Key | b64enc }} -{{- end -}} - -{{/* -Create the name of the controller service account to use. -*/}} -{{- define "kubernetes-ingress.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "kubernetes-ingress.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the backend service account to use - only used when podsecuritypolicy is also enabled -*/}} -{{- define "kubernetes-ingress.defaultBackend.serviceAccountName" -}} -{{- if or .Values.serviceAccount.create .Values.defaultBackend.serviceAccount.create -}} - {{ default (printf "%s-%s" (include "kubernetes-ingress.fullname" .) .Values.defaultBackend.name) .Values.defaultBackend.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.defaultBackend.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Create a default fully qualified default backend name. -*/}} -{{- define "kubernetes-ingress.defaultBackend.fullname" -}} -{{- printf "%s-%s" (include "kubernetes-ingress.fullname" .) .Values.defaultBackend.name | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified default cert secret name. -*/}} -{{- define "kubernetes-ingress.defaultTLSSecret.fullname" -}} -{{- printf "%s-%s" (include "kubernetes-ingress.fullname" .) "default-cert" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Construct the path for the publish-service. -By default this will use the / matching the controller's service name. -Users can provide an override for an explicit service they want to use via `.Values.controller.publishService.pathOverride` -*/}} -{{- define "kubernetes-ingress.publishServicePath" -}} -{{- $defServicePath := printf "%s/%s" .Release.Namespace (include "kubernetes-ingress.fullname" .) -}} -{{- $servicePath := default $defServicePath .Values.controller.publishService.pathOverride }} -{{- print $servicePath | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Construct the syslog-server annotation -*/}} -{{- define "kubernetes-ingress.syslogServer" -}} -{{- range $key, $val := .Values.controller.logging.traffic -}} -{{- printf "%s:%s, " $key $val }} -{{- end -}} -{{- end -}} - -{{/* vim: set filetype=mustache: */}} diff --git a/charts/haproxy/haproxy/1.4.300/templates/clusterrole.yaml b/charts/haproxy/haproxy/1.4.300/templates/clusterrole.yaml deleted file mode 100755 index 89cb9f829..000000000 --- a/charts/haproxy/haproxy/1.4.300/templates/clusterrole.yaml +++ /dev/null @@ -1,61 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if and .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "kubernetes-ingress.fullname" . }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} -rules: -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - services - - namespaces - - events - - secrets - verbs: - - get - - list - - watch -- apiGroups: - - "extensions" - resources: - - ingresses - - ingresses/status - verbs: - - get - - list - - watch - - update -- apiGroups: - - "networking.k8s.io/v1beta1" - resources: - - ingresses - - ingresses/status - verbs: - - get - - list - - watch -{{- end -}} diff --git a/charts/haproxy/haproxy/1.4.300/templates/clusterrolebinding.yaml b/charts/haproxy/haproxy/1.4.300/templates/clusterrolebinding.yaml deleted file mode 100755 index cfd226083..000000000 --- a/charts/haproxy/haproxy/1.4.300/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if and .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "kubernetes-ingress.fullname" . }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kubernetes-ingress.fullname" . }} -subjects: -- kind: ServiceAccount - name: {{ template "kubernetes-ingress.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end -}} - diff --git a/charts/haproxy/haproxy/1.4.300/templates/controller-configmap.yaml b/charts/haproxy/haproxy/1.4.300/templates/controller-configmap.yaml deleted file mode 100755 index 94aa9c554..000000000 --- a/charts/haproxy/haproxy/1.4.300/templates/controller-configmap.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "kubernetes-ingress.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} -data: -{{- if .Values.controller.logging.traffic }} - syslog-server: {{ template "kubernetes-ingress.syslogServer" . }} -{{- end }} -{{- if .Values.controller.config }} -{{ toYaml .Values.controller.config | indent 2 }} -{{- end }} diff --git a/charts/haproxy/haproxy/1.4.300/templates/controller-daemonset.yaml b/charts/haproxy/haproxy/1.4.300/templates/controller-daemonset.yaml deleted file mode 100755 index 7260d3227..000000000 --- a/charts/haproxy/haproxy/1.4.300/templates/controller-daemonset.yaml +++ /dev/null @@ -1,153 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if eq .Values.controller.kind "DaemonSet" }} -{{- $useHostNetwork := .Values.controller.daemonset.useHostNetwork -}} -{{- $useHostPort := .Values.controller.daemonset.useHostPort -}} -{{- $hostPorts := .Values.controller.daemonset.hostPorts -}} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ template "kubernetes-ingress.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} -spec: - minReadySeconds: 0 - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 1 - selector: - matchLabels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.controller.podLabels }} -{{ toYaml .Values.controller.podLabels | indent 8 }} - {{- end }} - {{- if .Values.controller.podAnnotations }} - annotations: -{{ toYaml .Values.controller.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: {{ template "kubernetes-ingress.serviceAccountName" . }} - {{- if $useHostNetwork }} - hostNetwork: true - {{- end }} -{{- if .Values.controller.imageCredentials.registry }} - imagePullSecrets: - - name: {{ template "kubernetes-ingress.fullname" . }} -{{- end }} - containers: - - name: {{ template "kubernetes-ingress.name" . }}-{{ .Values.controller.name }} - image: "{{ .Values.controller.image.repository }}:{{ tpl .Values.controller.image.tag . }}" - imagePullPolicy: {{ .Values.controller.image.pullPolicy }} - args: -{{- if and .Values.controller.defaultTLSSecret.enabled -}} -{{- if .Values.controller.defaultTLSSecret.secret }} - - --default-ssl-certificate={{ .Values.controller.defaultTLSSecret.secret }} -{{- else }} - - --default-ssl-certificate={{ .Release.Namespace }}/{{ template "kubernetes-ingress.defaultTLSSecret.fullname" . }} -{{- end }} -{{- end }} - - --configmap={{ .Release.Namespace }}/{{ template "kubernetes-ingress.fullname" . }} - - --default-backend-service={{ .Release.Namespace }}/{{ template "kubernetes-ingress.defaultBackend.fullname" . }} -{{- if .Values.controller.ingressClass }} - - --ingress.class={{ .Values.controller.ingressClass }} -{{- end }} -{{- if .Values.controller.publishService.enabled }} - - --publish-service={{ template "kubernetes-ingress.publishServicePath" . }} -{{- end }} -{{- if .Values.controller.logging.level }} - - --log={{ .Values.controller.logging.level }} -{{- end }} -{{- range .Values.controller.extraArgs }} - - {{ . }} -{{- end }} - ports: - {{- range $key, $value := .Values.controller.containerPort }} - - name: {{ $key }} - containerPort: {{ $value }} - protocol: TCP - {{- if $useHostPort }} - hostPort: {{ index $hostPorts $key | default $value }} - {{- end }} - {{- end }} - {{- range .Values.controller.service.tcpPorts }} - - name: {{ .name }}-tcp - containerPort: {{ .port }} - protocol: TCP - {{- if $useHostPort }} - hostPort: {{ .port }} - {{- end }} - {{- end }} - livenessProbe: - failureThreshold: {{ .Values.controller.livenessProbe.failureThreshold }} - httpGet: - path: {{ .Values.controller.livenessProbe.path }} - port: {{ .Values.controller.livenessProbe.port }} - scheme: {{ .Values.controller.livenessProbe.scheme }} - initialDelaySeconds: {{ .Values.controller.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.controller.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.controller.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.controller.livenessProbe.timeoutSeconds }} - readinessProbe: - failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }} - httpGet: - path: {{ .Values.controller.readinessProbe.path }} - port: {{ .Values.controller.readinessProbe.port }} - scheme: {{ .Values.controller.readinessProbe.scheme }} - initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.controller.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }} - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - resources: - {{- toYaml .Values.controller.resources | nindent 12 }} - {{- with.Values.controller.initContainers }} - initContainers: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.controller.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.controller.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.controller.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} -{{- end }} diff --git a/charts/haproxy/haproxy/1.4.300/templates/controller-defaultcertsecret.yaml b/charts/haproxy/haproxy/1.4.300/templates/controller-defaultcertsecret.yaml deleted file mode 100755 index bb97b1e05..000000000 --- a/charts/haproxy/haproxy/1.4.300/templates/controller-defaultcertsecret.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -apiVersion: v1 -kind: Secret -type: kubernetes.io/tls -metadata: - name: {{ template "kubernetes-ingress.defaultTLSSecret.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - annotations: - "helm.sh/hook": "pre-install" - "helm.sh/hook-delete-policy": "before-hook-creation" -data: -{{ ( include "kubernetes-ingress.gen-certs" . ) | indent 2 }} diff --git a/charts/haproxy/haproxy/1.4.300/templates/controller-deployment.yaml b/charts/haproxy/haproxy/1.4.300/templates/controller-deployment.yaml deleted file mode 100755 index 7fd2aae2e..000000000 --- a/charts/haproxy/haproxy/1.4.300/templates/controller-deployment.yaml +++ /dev/null @@ -1,141 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if eq .Values.controller.kind "Deployment" }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "kubernetes-ingress.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} -spec: - {{- if not ( kindIs "invalid" .Values.controller.replicaCount) }} - replicas: {{ .Values.controller.replicaCount }} - {{- end }} - selector: - matchLabels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- with .Values.controller.strategy }} - strategy: - {{- toYaml . | nindent 4 }} - {{- end }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.controller.podLabels }} -{{ toYaml .Values.controller.podLabels | indent 8 }} - {{- end }} - {{- if .Values.controller.podAnnotations }} - annotations: -{{ toYaml .Values.controller.podAnnotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: {{ template "kubernetes-ingress.serviceAccountName" . }} -{{- if .Values.controller.imageCredentials.registry }} - imagePullSecrets: - - name: {{ template "kubernetes-ingress.fullname" . }} -{{- end }} - containers: - - name: {{ template "kubernetes-ingress.name" . }}-{{ .Values.controller.name }} - image: "{{ .Values.controller.image.repository }}:{{ tpl .Values.controller.image.tag . }}" - imagePullPolicy: {{ .Values.controller.image.pullPolicy }} - args: -{{- if .Values.controller.defaultTLSSecret.secret }} - - --default-ssl-certificate={{ .Values.controller.defaultTLSSecret.secret }} -{{- else }} - - --default-ssl-certificate={{ .Release.Namespace }}/{{ template "kubernetes-ingress.defaultTLSSecret.fullname" . }} -{{- end }} - - --configmap={{ .Release.Namespace }}/{{ template "kubernetes-ingress.fullname" . }} - - --default-backend-service={{ .Release.Namespace }}/{{ template "kubernetes-ingress.defaultBackend.fullname" . }} -{{- if .Values.controller.ingressClass }} - - --ingress.class={{ .Values.controller.ingressClass }} -{{- end }} -{{- if .Values.controller.publishService.enabled }} - - --publish-service={{ template "kubernetes-ingress.publishServicePath" . }} -{{- end }} -{{- if .Values.controller.logging.level }} - - --log={{ .Values.controller.logging.level }} -{{- end }} -{{- range .Values.controller.extraArgs }} - - {{ . }} -{{- end }} - ports: - {{- range $key, $value := .Values.controller.containerPort }} - - name: {{ $key }} - containerPort: {{ $value }} - protocol: TCP - {{- end }} - {{- range .Values.controller.service.tcpPorts }} - - name: {{ .name }}-tcp - containerPort: {{ .port }} - protocol: TCP - {{- end }} - livenessProbe: - failureThreshold: {{ .Values.controller.livenessProbe.failureThreshold }} - httpGet: - path: {{ .Values.controller.livenessProbe.path }} - port: {{ .Values.controller.livenessProbe.port }} - scheme: {{ .Values.controller.livenessProbe.scheme }} - initialDelaySeconds: {{ .Values.controller.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.controller.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.controller.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.controller.livenessProbe.timeoutSeconds }} - readinessProbe: - failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }} - httpGet: - path: {{ .Values.controller.readinessProbe.path }} - port: {{ .Values.controller.readinessProbe.port }} - scheme: {{ .Values.controller.readinessProbe.scheme }} - initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.controller.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }} - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - resources: - {{- toYaml .Values.controller.resources | nindent 12 }} - {{- with.Values.controller.initContainers }} - initContainers: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.controller.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.controller.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.controller.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} -{{- end }} diff --git a/charts/haproxy/haproxy/1.4.300/templates/controller-podsecuritypolicy.yaml b/charts/haproxy/haproxy/1.4.300/templates/controller-podsecuritypolicy.yaml deleted file mode 100755 index 77d220f3a..000000000 --- a/charts/haproxy/haproxy/1.4.300/templates/controller-podsecuritypolicy.yaml +++ /dev/null @@ -1,75 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled }} -{{- $useHostNetwork := .Values.controller.daemonset.useHostNetwork }} -{{- $useHostPort := .Values.controller.daemonset.useHostPort }} -{{- $hostPorts := .Values.controller.daemonset.hostPorts -}} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: -{{- if .Values.podSecurityPolicy.annotations }} - annotations: -{{ toYaml .Values.podSecurityPolicy.annotations | indent 4 }} -{{- end }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - name: {{ template "kubernetes-ingress.fullname" . }} -spec: - allowPrivilegeEscalation: false - allowedCapabilities: - - NET_BIND_SERVICE - defaultAllowPrivilegeEscalation: false - fsGroup: - ranges: - - max: 65535 - min: 1 - rule: MustRunAs -{{- if $useHostNetwork }} - hostNetwork: true -{{- end }} -{{- if or $useHostPort $useHostNetwork }} - hostPorts: -{{- range $key, $value := .Values.controller.containerPort }} - - min: {{ $value }} - max: {{ $value }} -{{- end }} -{{- range .Values.controller.service.tcpPorts }} - - min: {{ .port }} - max: {{ .port }} -{{- end }} -{{- end }} - hostIPC: false - hostPID: false - privileged: false - runAsUser: - rule: RunAsAny - seLinux: - rule: RunAsAny - supplementalGroups: - ranges: - - max: 65535 - min: 1 - rule: MustRunAs - volumes: - - configMap - - downwardAPI - - secret -{{- end }} diff --git a/charts/haproxy/haproxy/1.4.300/templates/controller-pullsecret.yaml b/charts/haproxy/haproxy/1.4.300/templates/controller-pullsecret.yaml deleted file mode 100755 index 88252394c..000000000 --- a/charts/haproxy/haproxy/1.4.300/templates/controller-pullsecret.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if .Values.controller.imageCredentials.registry }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "kubernetes-ingress.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} -type: kubernetes.io/dockerconfigjson -data: - .dockerconfigjson: {{ template "kubernetes-ingress.imagePullSecret" . }} -{{- end }} diff --git a/charts/haproxy/haproxy/1.4.300/templates/controller-role.yaml b/charts/haproxy/haproxy/1.4.300/templates/controller-role.yaml deleted file mode 100755 index 3e41df6e4..000000000 --- a/charts/haproxy/haproxy/1.4.300/templates/controller-role.yaml +++ /dev/null @@ -1,38 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "kubernetes-ingress.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} -rules: -- apiGroups: - - "policy" - resources: - - podsecuritypolicies - verbs: - - use - resourceNames: - - {{ template "kubernetes-ingress.fullname" . }} -{{- end -}} diff --git a/charts/haproxy/haproxy/1.4.300/templates/controller-rolebinding.yaml b/charts/haproxy/haproxy/1.4.300/templates/controller-rolebinding.yaml deleted file mode 100755 index 40404a401..000000000 --- a/charts/haproxy/haproxy/1.4.300/templates/controller-rolebinding.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "kubernetes-ingress.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "kubernetes-ingress.fullname" . }} -subjects: -- kind: ServiceAccount - name: {{ template "kubernetes-ingress.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/charts/haproxy/haproxy/1.4.300/templates/controller-service.yaml b/charts/haproxy/haproxy/1.4.300/templates/controller-service.yaml deleted file mode 100755 index 2fa164137..000000000 --- a/charts/haproxy/haproxy/1.4.300/templates/controller-service.yaml +++ /dev/null @@ -1,100 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -apiVersion: v1 -kind: Service -metadata: - name: {{ template "kubernetes-ingress.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} -{{- if .Values.controller.service.labels }} -{{ toYaml .Values.controller.service.labels | indent 4 }} -{{- end }} - annotations: -{{- range $key, $value := .Values.controller.service.annotations }} - {{ $key }}: {{ $value | quote }} -{{- end }} -spec: - {{ with .Values.controller.service.clusterIP }}clusterIP: {{ . }}{{ end }} - type: {{ .Values.controller.service.type }} - {{- if .Values.controller.service.externalTrafficPolicy }} - externalTrafficPolicy: {{ .Values.controller.service.externalTrafficPolicy }} - {{- end }} - {{- if .Values.controller.service.healthCheckNodePort }} - healthCheckNodePort: {{ .Values.controller.service.healthCheckNodePort }} - {{- end }} - ports: - {{- if .Values.controller.service.enablePorts.http }} - - name: http - port: {{ .Values.controller.service.ports.http }} - protocol: TCP - targetPort: {{ .Values.controller.service.targetPorts.http }} - {{- if .Values.controller.service.nodePorts.http }} - nodePort: {{ .Values.controller.service.nodePorts.http }} - {{- end }} - {{- end }} - {{- if .Values.controller.service.enablePorts.https }} - - name: https - port: {{ .Values.controller.service.ports.https }} - protocol: TCP - targetPort: {{ .Values.controller.service.targetPorts.https }} - {{- if .Values.controller.service.nodePorts.https }} - nodePort: {{ .Values.controller.service.nodePorts.https }} - {{- end }} - {{- end }} - {{- if .Values.controller.service.enablePorts.stat }} - - name: stat - port: {{ .Values.controller.service.ports.stat }} - protocol: TCP - targetPort: {{ .Values.controller.service.targetPorts.stat }} - {{- if .Values.controller.service.nodePorts.stat }} - nodePort: {{ .Values.controller.service.nodePorts.stat }} - {{- end }} - {{- end }} - {{- range .Values.controller.service.tcpPorts }} - - name: {{ .name }}-tcp - port: {{ .port }} - protocol: TCP - targetPort: {{ .targetPort }} - {{- if .nodePort }} - nodePort: {{ .nodePort }} - {{- end }} - {{- end }} - selector: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.controller.service.sessionAffinity }} - sessionAffinity: {{ .Values.controller.service.sessionAffinity }} - {{- end }} - externalIPs: -{{- if .Values.controller.service.externalIPs }} -{{ toYaml .Values.controller.service.externalIPs | indent 4 }} -{{- end -}} -{{- if (eq .Values.controller.service.type "LoadBalancer") }} -{{- if .Values.controller.service.loadBalancerIP }} - loadBalancerIP: "{{ .Values.controller.service.loadBalancerIP }}" -{{- end }} -{{- if .Values.controller.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml .Values.controller.service.loadBalancerSourceRanges | indent 4 }} -{{- end }} -{{- end }} - diff --git a/charts/haproxy/haproxy/1.4.300/templates/controller-serviceaccount.yaml b/charts/haproxy/haproxy/1.4.300/templates/controller-serviceaccount.yaml deleted file mode 100755 index c90710990..000000000 --- a/charts/haproxy/haproxy/1.4.300/templates/controller-serviceaccount.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if or .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "kubernetes-ingress.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} -{{- end -}} diff --git a/charts/haproxy/haproxy/1.4.300/templates/default-backend-deployment.yaml b/charts/haproxy/haproxy/1.4.300/templates/default-backend-deployment.yaml deleted file mode 100755 index 3dd04e012..000000000 --- a/charts/haproxy/haproxy/1.4.300/templates/default-backend-deployment.yaml +++ /dev/null @@ -1,71 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} -spec: - {{- if not (kindIs "invalid" .Values.defaultBackend.replicaCount) }} - replicas: {{ .Values.defaultBackend.replicaCount }} - {{- end }} - selector: - matchLabels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.defaultBackend.podLabels }} -{{ toYaml .Values.defaultBackend.podLabels | indent 8 }} - {{- end }} - {{- if .Values.defaultBackend.podAnnotations }} - annotations: -{{ toYaml .Values.defaultBackend.podAnnotations | indent 8 }} - {{- end }} - spec: - containers: - - name: {{ template "kubernetes-ingress.name" . }}-{{ .Values.defaultBackend.name }} - image: "{{ .Values.defaultBackend.image.repository }}:{{ .Values.defaultBackend.image.tag }}" - imagePullPolicy: {{ .Values.defaultBackend.image.pullPolicy }} - ports: - - name: http - containerPort: {{ .Values.defaultBackend.containerPort }} - protocol: TCP - resources: - {{- toYaml .Values.defaultBackend.resources | nindent 12 }} - {{- with .Values.defaultBackend.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.defaultBackend.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ template "kubernetes-ingress.defaultBackend.serviceAccountName" . }} - {{- with .Values.defaultBackend.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/charts/haproxy/haproxy/1.4.300/templates/default-backend-podsecuritypolicy.yaml b/charts/haproxy/haproxy/1.4.300/templates/default-backend-podsecuritypolicy.yaml deleted file mode 100755 index a31d60e8f..000000000 --- a/charts/haproxy/haproxy/1.4.300/templates/default-backend-podsecuritypolicy.yaml +++ /dev/null @@ -1,59 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: -{{- if .Values.podSecurityPolicy.annotations }} - annotations: -{{ toYaml .Values.podSecurityPolicy.annotations | indent 4 }} -{{- end }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }} -spec: - allowPrivilegeEscalation: false - allowedCapabilities: - - NET_BIND_SERVICE - defaultAllowPrivilegeEscalation: false - fsGroup: - ranges: - - max: 65535 - min: 1 - rule: MustRunAs - hostNetwork: false - hostIPC: false - hostPID: false - privileged: false - runAsUser: - rule: RunAsAny - seLinux: - rule: RunAsAny - supplementalGroups: - ranges: - - max: 65535 - min: 1 - rule: MustRunAs - volumes: - - configMap - - downwardAPI - - secret -{{- end }} diff --git a/charts/haproxy/haproxy/1.4.300/templates/default-backend-role.yaml b/charts/haproxy/haproxy/1.4.300/templates/default-backend-role.yaml deleted file mode 100755 index 8ca2416ae..000000000 --- a/charts/haproxy/haproxy/1.4.300/templates/default-backend-role.yaml +++ /dev/null @@ -1,38 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} -rules: -- apiGroups: - - "policy" - resources: - - podsecuritypolicies - verbs: - - use - resourceNames: - - {{ template "kubernetes-ingress.defaultBackend.fullname" . }} -{{- end -}} diff --git a/charts/haproxy/haproxy/1.4.300/templates/default-backend-rolebinding.yaml b/charts/haproxy/haproxy/1.4.300/templates/default-backend-rolebinding.yaml deleted file mode 100755 index a27f80465..000000000 --- a/charts/haproxy/haproxy/1.4.300/templates/default-backend-rolebinding.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }} -subjects: -- kind: ServiceAccount - name: {{ template "kubernetes-ingress.defaultBackend.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/charts/haproxy/haproxy/1.4.300/templates/default-backend-service.yaml b/charts/haproxy/haproxy/1.4.300/templates/default-backend-service.yaml deleted file mode 100755 index b3108ad61..000000000 --- a/charts/haproxy/haproxy/1.4.300/templates/default-backend-service.yaml +++ /dev/null @@ -1,38 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -apiVersion: v1 -kind: Service -metadata: - name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} -spec: - type: ClusterIP - clusterIP: None - ports: - - name: http - port: {{ .Values.defaultBackend.service.port }} - protocol: TCP - targetPort: http - selector: - app.kubernetes.io/name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }} - app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/charts/haproxy/haproxy/1.4.300/templates/default-backend-serviceaccount.yaml b/charts/haproxy/haproxy/1.4.300/templates/default-backend-serviceaccount.yaml deleted file mode 100755 index 9a5e8169f..000000000 --- a/charts/haproxy/haproxy/1.4.300/templates/default-backend-serviceaccount.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{/* -Copyright 2019 HAProxy Technologies LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if and .Values.serviceAccount.create .Values.defaultBackend.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "kubernetes-ingress.defaultBackend.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} - helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} -{{- end -}} diff --git a/charts/haproxy/haproxy/1.4.300/values.yaml b/charts/haproxy/haproxy/1.4.300/values.yaml deleted file mode 100755 index addf65446..000000000 --- a/charts/haproxy/haproxy/1.4.300/values.yaml +++ /dev/null @@ -1,116 +0,0 @@ -controller: - affinity: {} - config: {} - containerPort: - http: 80 - https: 443 - stat: 1024 - daemonset: - hostPorts: - http: 80 - https: 443 - stat: 1024 - useHostNetwork: false - useHostPort: false - defaultTLSSecret: - enabled: true - secret: null - extraArgs: [] - image: - pullPolicy: IfNotPresent - repository: haproxytech/kubernetes-ingress - tag: '{{ .Chart.AppVersion }}' - imageCredentials: - password: null - registry: null - username: null - ingressClass: null - initContainers: [] - kind: Deployment - livenessProbe: - failureThreshold: 3 - initialDelaySeconds: 0 - path: /healthz - periodSeconds: 10 - port: 1042 - scheme: HTTP - successThreshold: 1 - timeoutSeconds: 1 - logging: - level: info - traffic: {} - name: controller - nodeSelector: {} - podAnnotations: {} - podLabels: {} - publishService: - enabled: false - pathOverride: "" - readinessProbe: - failureThreshold: 3 - initialDelaySeconds: 0 - path: /healthz - periodSeconds: 10 - port: 1042 - scheme: HTTP - successThreshold: 1 - timeoutSeconds: 1 - replicaCount: 2 - resources: - requests: - cpu: 100m - memory: 64Mi - service: - annotations: {} - enablePorts: - http: true - https: true - stat: true - externalIPs: [] - healthCheckNodePort: 0 - labels: {} - loadBalancerIP: "" - loadBalancerSourceRanges: [] - nodePorts: {} - ports: - http: 80 - https: 443 - stat: 1024 - targetPorts: - http: http - https: https - stat: stat - tcpPorts: [] - type: NodePort - strategy: {} - tolerations: [] -defaultBackend: - affinity: {} - containerPort: 8080 - image: - pullPolicy: IfNotPresent - repository: k8s.gcr.io/defaultbackend-amd64 - runAsUser: 65534 - tag: 1.5 - name: default-backend - nodeSelector: {} - podAnnotations: {} - podLabels: {} - replicaCount: 2 - resources: - requests: - cpu: 10m - memory: 16Mi - service: - port: 8080 - serviceAccount: - create: true - tolerations: [] -podSecurityPolicy: - annotations: {} - enabled: false -rbac: - create: true -serviceAccount: - create: true - name: null diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/Chart.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/Chart.yaml deleted file mode 100755 index cb4b7dd2f..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/Chart.yaml +++ /dev/null @@ -1,22 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: hpe-csi-driver -apiVersion: v1 -appVersion: 1.3.0 -description: A Helm chart for installing the HPE CSI Driver for Kubernetes -home: https://hpe.com/storage/containers -icon: https://raw.githubusercontent.com/hpe-storage/co-deployments/master/docs/assets/hpedev.png -keywords: -- HPE -- Storage -- StorageClass -- CentOS -- Ubuntu -- RHEL -maintainers: -- email: hpe-containers-dev@hpe.com - name: shivamerla -name: hpe-csi-driver -sources: -- https://scod.hpedev.io/csi_driver -version: 1.3.000 diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/README.md b/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/README.md deleted file mode 100755 index 4cdf3f49d..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/README.md +++ /dev/null @@ -1,110 +0,0 @@ -# HPE CSI Driver for Kubernetes Helm chart - -The [HPE CSI Driver for Kubernetes](https://scod.hpedev.io/csi_driver/index.html) leverages HPE storage platforms to provide scalable and persistent storage for stateful applications. - -## Prerequisites - -- Upstream Kubernetes version >= 1.15 -- Most Kubernetes distributions are supported -- Recent Ubuntu, SLES, CentOS or RHEL compute nodes connected to their respective official package repositories -- Helm 3 (Version >= 3.2.0 required) - -Depending on which [Container Storage Provider](https://scod.hpedev.io/container_storage_provider/index.html) (CSP) is being used, other prerequisites and requirements may apply, such as storage platform OS and features. - -- [HPE Nimble Storage](https://scod.hpedev.io/container_storage_provider/hpe_nimble_storage/index.html) -- [HPE 3PAR and Primera](https://scod.hpedev.io/container_storage_provider/hpe_3par_primera/index.html) - -## Configuration and installation - -The following table lists the configurable parameters of the HPE-CSI chart and their default values. - -| Parameter | Description | Default | -|---------------------------|------------------------------------------------------------------------|--------------| -| logLevel | Log level. Can be one of `info`, `debug`, `trace`, `warn` and `error`. | info | -| imagePullPolicy | Image pull policy (`Always`, `IfNotPresent`, `Never`). | IfNotPresent | -| disableNodeConformance | Disable automatic installation of iSCSI/Multipath Packages. | false | -| iscsi.chapUser | Username for iSCSI CHAP authentication. | "" | -| iscsi.chapPassword | Password for iSCSI CHAP authentication. | "" | - -It's recommended to create a [values.yaml](https://github.com/hpe-storage/co-deployments/blob/master/helm/values/csi-driver) file from the corresponding release of the chart and edit it to fit the environment the chart is being deployed to. Download and edit [a sample file](https://github.com/hpe-storage/co-deployments/blob/master/helm/values/csi-driver). - -These are the bare minimum required parameters for a successful deployment to an iSCSI environment if CHAP authentication is required. - -``` -iscsi: - chapUser: - chapPassword: -``` - -Tweak any additional parameters to suit the environment or as prescribed by HPE. - -### Installing the chart - -To install the chart with the name `hpe-csi`: - -Add HPE helm repo: - -``` -helm repo add hpe https://hpe-storage.github.io/co-deployments -helm repo update -``` - -Install the latest chart: - -``` -helm install hpe-csi hpe/hpe-csi-driver --namespace kube-system -f myvalues.yaml -``` - -**Note**: values.yaml is optional if no parameters are overridden from defaults. - -### Upgrading the Chart - -To upgrade the chart, specify the version you want to upgrade to as below. Please do NOT re-use a full blown `values.yaml` from prior versions to upgrade to later versions. Always use `values.yaml` from corresponding release from [values.yaml](https://github.com/hpe-storage/co-deployments/blob/master/helm/values/csi-driver) - -List the avaiable version of the plugin: - -``` -helm repo update -helm search repo hpe-csi-driver -l -``` - -Select the target version to upgrade as below: - -``` -helm upgrade hpe-csi hpe/hpe-csi-driver --namespace kube-system --version=x.x.x.x -f myvalues.yaml -``` - -### Uninstalling the Chart - -To uninstall the `hpe-csi` chart: - -``` -helm uninstall hpe-csi --namespace kube-system -``` - -**Note**: Due to a limitation in Helm, CRDs are not deleted as part of the chart uninstall. - -### Alternative install method - -In some cases it's more practical to provide the local configuration via the `helm` CLI directly. Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. These will take precedence over entries in [values.yaml](https://github.com/hpe-storage/co-deployments/blob/master/helm/values/csi-driver). For example: - -``` -helm install hpe-csi hpe/hpe-csi-driver --namespace kube-system --set iscsi.chapUsername=admin \ ---set iscsi.chapPassword=xxxxxxxx -``` - -## Using persistent storage with Kubernetes - -Enable dynamic provisioning of persistent storage by creating a `StorageClass` API object that references a `Secret` which maps to a supported HPE primary storage backend. Refer to the [HPE CSI Driver for Kubernetes](https://scod.hpedev.io/csi_driver/using.html) documentation on [HPE Storage Container Orchestration Documentation](https://scod.hpedev.io/). Also, it's helpful to be familiar with [persistent storage concepts](https://kubernetes.io/docs/concepts/storage/volumes/) in Kubernetes prior to deploying stateful workloads. - -## Support - -The HPE CSI Driver for Kubernetes Helm chart is covered by your HPE support contract. Please file any issues, questions or feature requests [here](https://github.com/hpe-storage/co-deployments/issues) or contact HPE through the regular support channels. You may also join our Slack community to chat with HPE folks close to this project. We hang out in `#NimbleStorage`, `#3par-primera` and `#Kubernetes` at [hpedev.slack.com](https://hpedev.slack.com), sign up here: [slack.hpedev.io](https://slack.hpedev.io/). - -## Contributing - -We value all feedback and contributions. If you find any issues or want to contribute, please feel free to open an issue or file a PR. More details in [CONTRIBUTING.md](https://github.com/hpe-storage/co-deployments/blob/master/CONTRIBUTING.md) - -## License - -This is open source software licensed using the Apache License 2.0. Please see [LICENSE](https://github.com/hpe-storage/co-deployments/blob/master/LICENSE) for details. diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/app-readme.md b/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/app-readme.md deleted file mode 100755 index 29ca912cb..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/app-readme.md +++ /dev/null @@ -1,3 +0,0 @@ -# HPE CSI Driver for Kubernetes - -The [HPE CSI Driver for Kubernetes](https://github.com/hpe-storage/csi-driver) leverages HPE storage platforms to provide scalable and persistent storage for stateful applications. diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/crds/hpe-nodeinfo-crd.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/crds/hpe-nodeinfo-crd.yaml deleted file mode 100755 index e63caf45c..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/crds/hpe-nodeinfo-crd.yaml +++ /dev/null @@ -1,54 +0,0 @@ ---- -############################################# -############ HPE Node Info CRD ############ -############################################# -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - creationTimestamp: null - name: hpenodeinfos.storage.hpe.com -spec: - group: storage.hpe.com - names: - kind: HPENodeInfo - plural: hpenodeinfos - scope: Cluster - validation: - openAPIV3Schema: - properties: - hpeNodes: - description: List of HPE nodes configured for storage access. - items: - properties: - uuid: - description: The UUID of the node. - type: string - iqns: - description: List of IQNs configured on the node. - items: - type: string - type: array - chapUser: - description: The CHAP User Name - type: string - chapPassword: - description: The CHAP Password - type: string - networks: - description: List of networks configured on the node. - items: - type: string - type: array - wwpns: - description: List of WWPNs configured on the node. - items: - type: string - type: array - type: array - version: v1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] \ No newline at end of file diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/crds/hpe-replicated-device-info-crd.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/crds/hpe-replicated-device-info-crd.yaml deleted file mode 100755 index 846d76edd..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/crds/hpe-replicated-device-info-crd.yaml +++ /dev/null @@ -1,57 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - creationTimestamp: null - name: hpereplicationdeviceinfos.storage.hpe.com -spec: - group: storage.hpe.com - names: - kind: HPEReplicationDeviceInfo - plural: hpereplicationdeviceinfos - shortNames: - - hperdi - - scope: Cluster - validation: - openAPIV3Schema: - properties: - hpeReplicationDeviceInfos: - description: List of HPE Replicated Arrays configured for 3PAR/Primera arrays. - items: - properties: - targets: - description: Target Array Details - type: array - items: - properties: - targetName: - description: Target Name of the array - type: string - targetCpg: - description: Target CPG of the array - type: string - targetSnapCpg: - description: Target Snap CPG of the array - type: string - targetSecret: - description: Secret of the replicated array - type: string - targetMode: - description: Replication Mode - type: string - targetSecretNamespace: - description: Namespace of secret - type: string - required: - - targetName - - targetCpg - - targetSecret - - targetSecretNamespace - type: array - version: v1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/crds/hpe-volumeinfo-crd.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/crds/hpe-volumeinfo-crd.yaml deleted file mode 100755 index 417f4f4f3..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/crds/hpe-volumeinfo-crd.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - creationTimestamp: null - name: hpevolumeinfos.storage.hpe.com -spec: - group: storage.hpe.com - names: - kind: HPEVolumeInfo - plural: hpevolumeinfos - scope: Cluster - validation: - openAPIV3Schema: - properties: - hpeVolumes: - description: List of HPE volumes configured for 3PAR/Primera arrays. - items: - properties: - uuid: - description: The UUID of the volume. - type: string - record: - description: Metadata for the volume. - type: map[string]string - type: array - version: v1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/files/config.json b/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/files/config.json deleted file mode 100755 index d00650184..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/files/config.json +++ /dev/null @@ -1,128 +0,0 @@ -[ - { - "category": "iscsi", - "severity": "warning", - "description": "Manual startup of iSCSI nodes on boot. Can be set in /etc/iscsi/iscsid.conf", - "parameter": "startup", - "recommendation": "manual" - }, - { - "category": "iscsi", - "severity": "warning", - "description": "Replacement_timeout of 10 seconds is recommended for faster failover of I/O by multipath on path failures. Can be set in /etc/iscsi/iscsid.conf", - "parameter": "replacement_timeout", - "recommendation": "10" - }, - { - "category": "iscsi", - "severity": "warning", - "description": "Minimum login timeout of 15 seconds is recommended with iSCSI. Can be set in /etc/iscsi/iscsid.conf", - "parameter": "login_timeout", - "recommendation": "15" - }, - { - "category": "iscsi", - "severity": "warning", - "description": "Minimum timeout of 10 seconds is recommended with noop requests. Can be set in /etc/iscsi/iscsid.conf", - "parameter": "noop_out_timeout", - "recommendation": "10" - }, - { - "category": "iscsi", - "severity": "info", - "description": "Minimum cmds_max of 512 is recommended for each session if handling multiple LUN's. Can be set in /etc/iscsi/iscsid.conf", - "parameter": "cmds_max", - "recommendation": "512" - }, - { - "category": "iscsi", - "severity": "warning", - "description": "Minimum queue_depth of 256 is recommended for each iSCSI session/path. Can be set in /etc/iscsi/iscsid.conf", - "parameter": "queue_depth", - "recommendation": "256" - }, - { - "category": "iscsi", - "severity": "info", - "description": "Minimum number of sessions per iSCSI login is recommended to be 1 by default. If additional sessions are needed this can be set in /etc/iscsi/iscsid.conf. If NCM is running, please change min_session_per_array in /etc/ncm.conf and restart nlt service instead", - "parameter": "nr_sessions", - "recommendation": "1" - }, - { - "category": "multipath", - "severity": "critical", - "description": "product attribute recommended to be set to Server in /etc/multipath.conf", - "parameter": "product", - "recommendation": "\"Server\"" - }, - { - "category": "multipath", - "severity": "critical", - "description": "alua prioritizer is recommended. Can be set in /etc/multipath.conf", - "parameter": "prio", - "recommendation": "alua" - }, - { - "category": "multipath", - "severity": "critical", - "description": "scsi_dh_alua device handler is recommended. Can be set in /etc/multipath.conf", - "parameter": "hardware_handler", - "recommendation": "\"1 alua\"" - }, - { - "category": "multipath", - "severity": "warning", - "description": "immediate failback setting is recommended. Can be set in /etc/multipath.conf", - "parameter": "failback", - "recommendation": "immediate" - }, - { - "category": "multipath", - "severity": "critical", - "description": "immediately fail i/o on transient path failures to retry on other paths, value=1. Can be set in /etc/multipath.conf", - "parameter": "fast_io_fail_tmo", - "recommendation": "5" - }, - { - "category": "multipath", - "severity": "critical", - "description": "queueing is recommended for 150 seconds, with no_path_retry value of 30. Can be set in /etc/multipath.conf", - "parameter": "no_path_retry", - "recommendation": "30" - }, - { - "category": "multipath", - "severity": "warning", - "description": "service-time path selector is recommended. Can be set in /etc/multipath.conf", - "parameter": "path_selector", - "recommendation": "\"service-time 0\"" - }, - { - "category": "multipath", - "severity": "critical", - "description": "vendor attribute recommended to be set to Nimble in /etc/multipath.conf", - "parameter": "vendor", - "recommendation": "\"Nimble\"" - }, - { - "category": "multipath", - "severity": "critical", - "description": "group paths according to ALUA path priority of active/standby. Recommended to be set to group_by_prio in /etc/multipath.conf", - "parameter": "path_grouping_policy", - "recommendation": "group_by_prio" - }, - { - "category": "multipath", - "severity": "critical", - "description": "tur path checker is recommended. Can be set in /etc/multipath.conf", - "parameter": "path_checker", - "recommendation": "tur" - }, - { - "category": "multipath", - "severity": "critical", - "description": "infinite value is recommended for timeout in cases of device loss for FC. Can be set in /etc/multipath.conf", - "parameter": "dev_loss_tmo", - "recommendation": "infinity" - } -] \ No newline at end of file diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/questions.yml b/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/questions.yml deleted file mode 100755 index ac34ad76f..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/questions.yml +++ /dev/null @@ -1,29 +0,0 @@ -questions: -- variable: imagePullPolicy - label: "ImagePullPolicy" - default: "IfNotPresent" - type: enum - options: - - "IfNotPresent" - - "Always" - - "Never" - description: "ImagePullPolicy for all CSI driver images" - group: "HPE CSI Driver settings" -- variable: disableNodeConformance - label: "Disable automatic installation of iSCSI/Multipath Packages" - type: boolean - default: false - description: "Disable automatic installation of iSCSI/Multipath Packages" - group: "HPE CSI Driver settings" -- variable: iscsi.chapUser - label: "iSCSI CHAP Username" - type: string - required: true - description: "Specify username for iSCSI CHAP authentication" - group: "HPE iSCSI settings" -- variable: iscsi.chapPassword - label: "iSCSI CHAP Password" - type: password - required: true - description: "Specify password for iSCSI CHAP authentication" - group: "HPE iSCSI settings" diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/NOTES.txt b/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/NOTES.txt deleted file mode 100755 index e69de29bb..000000000 diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/_helpers.tpl b/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/_helpers.tpl deleted file mode 100755 index 165840d52..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "hpe-csi-storage.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "hpe-csi-storage.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "hpe-csi-storage.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/csi-driver-crd.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/csi-driver-crd.yaml deleted file mode 100755 index 39fbe4292..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/csi-driver-crd.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if semverCompare ">=1.14.0" .Capabilities.KubeVersion.GitVersion }} ---- - -################# CSI Driver ########### -apiVersion: storage.k8s.io/v1beta1 -kind: CSIDriver -metadata: - name: csi.hpe.com -spec: - podInfoOnMount: true - {{- if semverCompare ">=1.16.0" .Capabilities.KubeVersion.GitVersion }} - volumeLifecycleModes: - - Persistent - - Ephemeral - {{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/hpe-csi-controller.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/hpe-csi-controller.yaml deleted file mode 100755 index 61705ec11..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/hpe-csi-controller.yaml +++ /dev/null @@ -1,171 +0,0 @@ ---- - -############################################# -############ Controller driver ############ -############################################# - -kind: Deployment -apiVersion: apps/v1 -metadata: - name: hpe-csi-controller - namespace: {{ .Release.Namespace }} -spec: - replicas: 1 - selector: - matchLabels: - app: hpe-csi-controller - template: - metadata: - labels: - app: hpe-csi-controller - role: hpe-csi - spec: - serviceAccount: hpe-csi-controller-sa - {{- if semverCompare ">=1.17.0" .Capabilities.KubeVersion.GitVersion }} - priorityClassName: system-cluster-critical - {{- end }} - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - dnsConfig: - options: - - name: ndots - value: "1" - containers: - - name: csi-provisioner - {{- if semverCompare "<=1.16.0" .Capabilities.KubeVersion.GitVersion }} - image: quay.io/k8scsi/csi-provisioner:v1.4.0 - {{- else }} - image: quay.io/k8scsi/csi-provisioner:v1.5.0 - {{- end }} - args: - - "--csi-address=$(ADDRESS)" - - "--v=5" - {{- if semverCompare ">= 1.13.0" .Capabilities.KubeVersion.GitVersion }} - - "--timeout=30s" - - "--worker-threads=16" - {{- end }} - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi.sock - imagePullPolicy: {{ .Values.imagePullPolicy | quote }} - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy - - name: csi-attacher - {{- if semverCompare "~1.13.0" .Capabilities.KubeVersion.GitVersion }} - image: quay.io/k8scsi/csi-attacher:v1.1.0 - {{- else }} - image: quay.io/k8scsi/csi-attacher:v2.1.1 - {{- end }} - args: - - "--v=5" - - "--csi-address=$(ADDRESS)" - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi.sock - imagePullPolicy: {{ .Values.imagePullPolicy | quote }} - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy - {{- if semverCompare ">=1.17.0" .Capabilities.KubeVersion.GitVersion }} - - name: csi-snapshotter - image: quay.io/k8scsi/csi-snapshotter:v2.0.1 - args: - - "--v=5" - - "--csi-address=$(ADDRESS)" - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi.sock - imagePullPolicy: "Always" - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy/ - {{- end }} - {{- if semverCompare ">=1.15.0" .Capabilities.KubeVersion.GitVersion }} - - name: csi-resizer - image: quay.io/k8scsi/csi-resizer:v0.4.0 - args: - - "--csi-address=$(ADDRESS)" - - "--v=5" - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi.sock - imagePullPolicy: {{ .Values.imagePullPolicy | quote }} - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy - {{- end }} - - name: hpe-csi-driver - image: hpestorage/csi-driver:v1.3.0 - args : - - "--endpoint=$(CSI_ENDPOINT)" - - "--flavor=kubernetes" - - "--pod-monitor" - - "--pod-monitor-interval=30" - env: - - name: CSI_ENDPOINT - value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock - - name: LOG_LEVEL - value: {{ .Values.logLevel }} - imagePullPolicy: {{ .Values.imagePullPolicy | quote }} - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy - - name: log-dir - mountPath: /var/log - - name: k8s - mountPath: /etc/kubernetes - - name: hpeconfig - mountPath: /etc/hpe-storage - - name: root-dir - mountPath: /host - - name: csi-volume-mutator - image: quay.io/hpestorage/volume-mutator:v1.0.0 - args: - - "--v=5" - - "--csi-address=$(ADDRESS)" - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi-extensions.sock - imagePullPolicy: {{ .Values.imagePullPolicy | quote }} - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy/ - - name: csi-extensions - image: quay.io/hpestorage/csi-extensions:v1.0.0 - args: - - "--v=5" - - "--endpoint=$(CSI_ENDPOINT)" - env: - - name: CSI_ENDPOINT - value: unix:///var/lib/csi/sockets/pluginproxy/csi-extensions.sock - - name: LOG_LEVEL - value: {{ .Values.logLevel }} - imagePullPolicy: {{ .Values.imagePullPolicy | quote }} - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy/ - volumes: - - name: socket-dir - emptyDir: {} - - name: log-dir - hostPath: - path: /var/log - - name: k8s - hostPath: - path: /etc/kubernetes - - name: hpeconfig - hostPath: - path: /etc/hpe-storage - - name: root-dir - hostPath: - path: / - tolerations: - - effect: NoExecute - key: node.kubernetes.io/not-ready - operator: Exists - tolerationSeconds: 30 - - effect: NoExecute - key: node.kubernetes.io/unreachable - operator: Exists - tolerationSeconds: 30 diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/hpe-csi-node.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/hpe-csi-node.yaml deleted file mode 100755 index 8a3953638..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/hpe-csi-node.yaml +++ /dev/null @@ -1,165 +0,0 @@ ---- - -####################################### -############ Node driver ############ -####################################### - -kind: DaemonSet -apiVersion: apps/v1 -metadata: - name: hpe-csi-node - namespace: {{ .Release.Namespace }} -spec: - selector: - matchLabels: - app: hpe-csi-node - template: - metadata: - labels: - app: hpe-csi-node - role: hpe-csi - spec: - serviceAccount: hpe-csi-node-sa - {{- if semverCompare ">=1.17.0" .Capabilities.KubeVersion.GitVersion }} - priorityClassName: system-node-critical - {{- end }} - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - dnsConfig: - options: - - name: ndots - value: "1" - containers: - - name: csi-node-driver-registrar - image: quay.io/k8scsi/csi-node-driver-registrar:v1.1.0 - args: - - "--csi-address=$(ADDRESS)" - - "--kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)" - - "--v=5" - lifecycle: - preStop: - exec: - command: ["/bin/sh", "-c", "rm -rf /registration/csi.hpe.com /registration/csi.hpe.com-reg.sock"] - env: - - name: ADDRESS - value: /csi/csi.sock - - name: DRIVER_REG_SOCK_PATH - value: /var/lib/kubelet/plugins/csi.hpe.com/csi.sock - {{- if semverCompare "~1.12.0" .Capabilities.KubeVersion.GitVersion }} - - name: KUBE_NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - {{- end }} - imagePullPolicy: "Always" - volumeMounts: - - name: plugin-dir - mountPath: /csi/ - - name: registration-dir - mountPath: /registration - - name: hpe-csi-driver - image: hpestorage/csi-driver:v1.3.0 - args : - - "--endpoint=$(CSI_ENDPOINT)" - - "--node-service" - - "--flavor=kubernetes" - env: - - name: CSI_ENDPOINT - value: unix:///csi/csi.sock - - name: LOG_LEVEL - value: {{ .Values.logLevel }} - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - {{ if and .Values.iscsi.chapUser .Values.iscsi.chapPassword }} - - name: CHAP_USER - value: {{ .Values.iscsi.chapUser }} - - name: CHAP_PASSWORD - value: {{ .Values.iscsi.chapPassword }} - {{- end }} - {{ if .Values.disableNodeConformance -}} - - name: DISABLE_NODE_CONFORMANCE - value: "true" - {{- end }} - imagePullPolicy: {{ .Values.imagePullPolicy | quote }} - securityContext: - privileged: true - capabilities: - add: ["SYS_ADMIN"] - allowPrivilegeEscalation: true - volumeMounts: - - name: plugin-dir - mountPath: /csi - - name: pods-mount-dir - mountPath: /var/lib/kubelet - # needed so that any mounts setup inside this container are - # propagated back to the host machine. - mountPropagation: "Bidirectional" - - name: root-dir - mountPath: /host - mountPropagation: "Bidirectional" - - name: device-dir - mountPath: /dev - - name: log-dir - mountPath: /var/log - - name: etc-hpe-storage-dir - mountPath: /etc/hpe-storage - - name: etc-kubernetes - mountPath: /etc/kubernetes - - name: sys - mountPath: /sys - - name: runsystemd - mountPath: /run/systemd - - name: etcsystemd - mountPath: /etc/systemd/system - - name: linux-config-file - mountPath: /opt/hpe-storage/nimbletune/config.json - subPath: config.json - volumes: - - name: registration-dir - hostPath: - path: /var/lib/kubelet/plugins_registry - - name: plugin-dir - hostPath: - path: /var/lib/kubelet/plugins/csi.hpe.com - - name: pods-mount-dir - hostPath: - path: /var/lib/kubelet - - name: root-dir - hostPath: - path: / - - name: device-dir - hostPath: - path: /dev - - name: log-dir - hostPath: - path: /var/log - - name: etc-hpe-storage-dir - hostPath: - path: /etc/hpe-storage - - name: etc-kubernetes - hostPath: - path: /etc/kubernetes - - name: runsystemd - hostPath: - path: /run/systemd - - name: etcsystemd - hostPath: - path: /etc/systemd/system - - name: sys - hostPath: - path: /sys - - name: linux-config-file - configMap: - name: hpe-linux-config - tolerations: - - effect: NoExecute - key: node.kubernetes.io/not-ready - operator: Exists - tolerationSeconds: 30 - - effect: NoExecute - key: node.kubernetes.io/unreachable - operator: Exists - tolerationSeconds: 30 diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/hpe-csi-rbac.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/hpe-csi-rbac.yaml deleted file mode 100755 index bbde8540e..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/hpe-csi-rbac.yaml +++ /dev/null @@ -1,408 +0,0 @@ ---- - -kind: ServiceAccount -apiVersion: v1 -metadata: - name: hpe-csi-controller-sa - namespace: {{ .Release.Namespace }} - ---- - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: hpe-csi-provisioner-role -rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list"] - - apiGroups: [""] - resources: ["namespaces"] - verbs: ["get", "list", "create"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list"] - - apiGroups: [""] - resources: ["serviceaccounts"] - verbs: ["get", "list", "create"] - - apiGroups: [""] - resources: ["configmaps"] - verbs: ["get", "create"] - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete", "update"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["create", "get", "list", "watch", "update", "delete"] - - apiGroups: [""] - resources: ["services"] - verbs: ["create", "get", "list", "watch", "update", "delete"] - - apiGroups: ["apps"] - resources: ["deployments"] - verbs: ["create", "get", "list", "watch", "update", "delete"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] -{{- if semverCompare ">=1.17.0" .Capabilities.KubeVersion.GitVersion }} - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots"] - verbs: ["get", "list"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents"] - verbs: ["get", "list"] -{{- end }} - - apiGroups: [""] - resources: ["pods"] - verbs: ["get", "list", "delete"] - - apiGroups: ["storage.k8s.io"] - resources: ["volumeattachments"] - verbs: ["get", "list", "watch", "update", "patch", "delete"] - ---- - -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: hpe-csi-provisioner-binding -subjects: - - kind: ServiceAccount - name: hpe-csi-controller-sa - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: hpe-csi-provisioner-role - apiGroup: rbac.authorization.k8s.io - ---- - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: hpe-csi-attacher-role -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "update", "patch"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list", "watch"] - - apiGroups: ["storage.k8s.io"] - resources: ["volumeattachments"] - verbs: ["get", "list", "watch", "update", "patch"] - - apiGroups: ["storage.k8s.io"] - resources: ["volumeattachments/status"] - verbs: ["get", "list", "watch", "update", "create", "delete"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "watch", "list"] - {{- if semverCompare "~1.12.0" .Capabilities.KubeVersion.GitVersion }} - resources: ["csinodeinfos"] - verbs: ["get", "list", "watch"] - {{- else if semverCompare "~1.13.0" .Capabilities.KubeVersion.GitVersion }} - - apiGroups: ["csi.storage.k8s.io"] - resources: ["csinodeinfos"] - verbs: ["get", "list", "watch"] - {{ else }} - - apiGroups: ["storage.k8s.io"] - resources: ["csinodes"] - verbs: ["get", "list", "watch"] - {{- end }} - ---- - -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: hpe-csi-attacher-binding -subjects: - - kind: ServiceAccount - name: hpe-csi-controller-sa - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: hpe-csi-attacher-role - apiGroup: rbac.authorization.k8s.io - - -{{- if semverCompare ">=1.17.0" .Capabilities.KubeVersion.GitVersion }} ---- - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: hpe-csi-snapshotter-role -rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list"] - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots"] - verbs: ["create", "update", "delete", "get", "list", "watch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots/status"] - verbs: ["update"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents"] - verbs: ["create", "update", "delete", "get", "list", "watch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents/status"] - verbs: ["create", "get", "list", "watch", "update", "delete"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch", "create", "delete", "update"] - ---- - -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: hpe-csi-snapshotter-binding -subjects: - - kind: ServiceAccount - name: hpe-csi-controller-sa - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: hpe-csi-snapshotter-role - apiGroup: rbac.authorization.k8s.io - -{{- end }} - - -{{- if semverCompare ">=1.15.0" .Capabilities.KubeVersion.GitVersion }} ---- -# Resizer must be able to work with PVCs, PVs, SCs. -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: external-resizer-role -rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "update", "patch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims/status"] - verbs: ["update", "patch"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] - ---- - -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-resizer-role -subjects: - - kind: ServiceAccount - name: hpe-csi-controller-sa - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: external-resizer-role - apiGroup: rbac.authorization.k8s.io - ---- - -# Resizer must be able to work with end point in current namespace -# if (and only if) leadership election is enabled -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - namespace: {{ .Release.Namespace }} - name: external-resizer-cfg -rules: - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "watch", "list", "delete", "update", "create"] - ---- - -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-resizer-role-cfg - namespace: {{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: hpe-csi-controller-sa - namespace: {{ .Release.Namespace }} -roleRef: - kind: Role - name: external-resizer-cfg - apiGroup: rbac.authorization.k8s.io - - ---- -# mutator must be able to work with PVCs, PVs, SCs. -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-mutator-role -rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "update", "patch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims/status"] - verbs: ["update", "patch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-mutator-binding -subjects: - - kind: ServiceAccount - name: hpe-csi-controller-sa - # replace with non-default namespace name - namespace: kube-system -roleRef: - kind: ClusterRole - name: csi-mutator-role - apiGroup: rbac.authorization.k8s.io - ---- -# mutator must be able to work with end point in current namespace -# if (and only if) leadership election is enabled -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - namespace: kube-system - name: csi-mutator-cfg -rules: -- apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "watch", "list", "delete", "update", "create"] - ---- -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-mutator-role-cfg - namespace: kube-system -subjects: - - kind: ServiceAccount - name: hpe-csi-controller-sa - namespace: kube-system -roleRef: - kind: Role - name: csi-mutator-cfg - apiGroup: rbac.authorization.k8s.io -{{- end }} - ---- - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: hpe-csi-driver-role - namespace: {{ .Release.Namespace }} -rules: - - apiGroups: ["storage.hpe.com"] - resources: ["hpenodeinfos"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - - apiGroups: ["storage.hpe.com"] - resources: ["hpevolumeinfos"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - - apiGroups: ["storage.hpe.com"] - resources: ["hpereplicationdeviceinfos"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - - apiGroups: [""] - resources: ["pods"] - verbs: ["get", "list"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list"] - - apiGroups: [""] - resources: ["services"] - verbs: ["get"] - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list"] - - apiGroups: [""] - resources: ["namespaces"] - verbs: ["get", "list"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - ---- - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: hpe-csi-node-sa - namespace: {{ .Release.Namespace }} - ---- - -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: hpe-csi-driver-binding -subjects: - - kind: ServiceAccount - name: hpe-csi-controller-sa - namespace: {{ .Release.Namespace }} - - kind: ServiceAccount - name: hpe-csi-node-sa - namespace: {{ .Release.Namespace }} - - kind: ServiceAccount - name: hpe-csp-sa - namespace: {{ .Release.Namespace }} - -roleRef: - kind: ClusterRole - name: hpe-csi-driver-role - apiGroup: rbac.authorization.k8s.io - ---- - -kind: ServiceAccount -apiVersion: v1 -metadata: - name: hpe-csp-sa - namespace: {{ .Release.Namespace }} diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/hpe-linux-config.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/hpe-linux-config.yaml deleted file mode 100755 index 5e4c4944a..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/hpe-linux-config.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -kind: ConfigMap -apiVersion: v1 -metadata: - name: hpe-linux-config - namespace: {{ .Release.Namespace }} -data: -{{ if and .Values.iscsi.chapUser .Values.iscsi.chapPassword }} - CHAP_USER: {{ .Values.iscsi.chapUser | quote }} - CHAP_PASSWORD: {{ .Values.iscsi.chapPassword | quote }} -{{- end }} - config.json: |- -{{ (.Files.Get "files/config.json") | indent 4 }} \ No newline at end of file diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/hpe-secret.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/hpe-secret.yaml deleted file mode 100755 index f5b252758..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/hpe-secret.yaml +++ /dev/null @@ -1,47 +0,0 @@ -{{ if $secret := (lookup "v1" "Secret" .Release.Namespace "nimble-secret") -}} -# This is required to maintain backward compatibility of resources(secret) -# created with previous releases as we no longer create a secret with CSI driver install. -# Annotation "helm.sh/resource-policy": keep" should help to remove this file altogether -# in future. -# Also, manage the secret only if created by previous versions of helm with below check. ---- -apiVersion: v1 -kind: Secret -metadata: - name: nimble-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/managed-by: Helm - annotations: - helm.sh/resource-policy: keep - meta.helm.sh/release-name: {{ .Release.Name }} - meta.helm.sh/release-namespace: {{ .Release.Namespace }} -data: - username: {{ $secret.data.username }} - password: {{ $secret.data.password }} - servicePort: {{ $secret.data.servicePort }} - backend: {{ $secret.data.backend }} - serviceName: {{ $secret.data.serviceName }} -{{- end }} - -{{ if $secret := (lookup "v1" "Secret" .Release.Namespace "primera3par-secret") -}} ---- -apiVersion: v1 -kind: Secret -metadata: - name: primera3par-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/managed-by: Helm - annotations: - helm.sh/resource-policy: keep - meta.helm.sh/release-name: {{ .Release.Name }} - meta.helm.sh/release-namespace: {{ .Release.Namespace }} -data: - username: {{ $secret.data.username }} - password: {{ $secret.data.password }} - servicePort: {{ $secret.data.servicePort }} - backend: {{ $secret.data.backend }} - serviceName: {{ $secret.data.serviceName }} -{{- end }} - diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/nimble-csp.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/nimble-csp.yaml deleted file mode 100755 index a2efbe5fb..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/nimble-csp.yaml +++ /dev/null @@ -1,60 +0,0 @@ ---- -### CSP Service ### -kind: Service -apiVersion: v1 -metadata: - name: nimble-csp-svc - namespace: {{ .Release.Namespace }} - labels: - app: nimble-csp-svc -spec: - ports: - - port: 8080 - protocol: TCP - selector: - app: nimble-csp - ---- -### CSP deployment ### -kind: Deployment -apiVersion: apps/v1 -metadata: - name: nimble-csp - namespace: {{ .Release.Namespace }} -spec: - selector: - matchLabels: - app: nimble-csp - replicas: 1 - template: - metadata: - labels: - app: nimble-csp - spec: - serviceAccount: hpe-csp-sa - {{- if semverCompare ">=1.17.0" .Capabilities.KubeVersion.GitVersion }} - priorityClassName: system-cluster-critical - {{- end }} - containers: - - name: nimble-csp - image: hpestorage/nimble-csp:v1.3.0 - imagePullPolicy: {{ .Values.imagePullPolicy | quote }} - ports: - - containerPort: 8080 - volumeMounts: - - name: log-dir - mountPath: /var/log - volumes: - - name: log-dir - hostPath: - path: /var/log - tolerations: - - effect: NoExecute - key: node.kubernetes.io/not-ready - operator: Exists - tolerationSeconds: 30 - - effect: NoExecute - key: node.kubernetes.io/unreachable - operator: Exists - tolerationSeconds: 30 - diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/primera-3par-csp.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/primera-3par-csp.yaml deleted file mode 100755 index 2e13db55e..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/primera-3par-csp.yaml +++ /dev/null @@ -1,61 +0,0 @@ ---- -### CSP Service ### -kind: Service -apiVersion: v1 -metadata: - name: primera3par-csp-svc - namespace: {{ .Release.Namespace }} - labels: - app: primera3par-csp-svc -spec: - ports: - - port: 8080 - protocol: TCP - selector: - app: primera3par-csp - ---- -### CSP deployment ### -kind: Deployment -apiVersion: apps/v1 -metadata: - name: primera3par-csp - labels: - app: primera3par-csp - namespace: {{ .Release.Namespace }} -spec: - selector: - matchLabels: - app: primera3par-csp - replicas: 1 - template: - metadata: - labels: - app: primera3par-csp - spec: - serviceAccount: hpe-csp-sa - {{- if semverCompare ">=1.17.0" .Capabilities.KubeVersion.GitVersion }} - priorityClassName: system-cluster-critical - {{- end }} - containers: - - name: primera3par-csp - image: hpestorage/hpe3parprimera-csp:v1.1.0 - imagePullPolicy: {{ .Values.imagePullPolicy | quote }} - ports: - - containerPort: 8080 - volumeMounts: - - name: log-dir - mountPath: /var/log - volumes: - - name: log-dir - hostPath: - path: /var/log - tolerations: - - effect: NoExecute - key: node.kubernetes.io/not-ready - operator: Exists - tolerationSeconds: 30 - - effect: NoExecute - key: node.kubernetes.io/unreachable - operator: Exists - tolerationSeconds: 30 \ No newline at end of file diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/sc.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/sc.yaml deleted file mode 100755 index 8d34426d8..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/sc.yaml +++ /dev/null @@ -1,38 +0,0 @@ -{{ if $sc := (lookup "storage.k8s.io/v1" "StorageClass" "" "hpe-standard") -}} -# This is required to maintain backward compatibility of resources(storageclass) -# created with previous releases as we no longer create a storageclass with CSI driver install. -# Annotation "helm.sh/resource-policy": keep" should help to remove this file altogether -# in future. -# Also, manage the storageClass only if created by previous versions of helm with below check. ---- -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - name: hpe-standard - labels: - plugin: {{ $.Release.Name }} - app.kubernetes.io/managed-by: Helm - annotations: - helm.sh/resource-policy: keep - meta.helm.sh/release-name: {{ .Release.Name }} - meta.helm.sh/release-namespace: {{ .Release.Namespace }} - {{- range $k, $v := $sc.metadata.annotations }} - {{- if or (eq $v "true") (eq $v "false")}} - {{ $k }}: {{ $v | quote }} - {{- else }} - {{ $k }}: {{ $v }} - {{- end }} - {{- end }} -provisioner: csi.hpe.com -{{- if semverCompare ">=1.15.0" .Capabilities.KubeVersion.GitVersion }} -allowVolumeExpansion: {{ $sc.allowVolumeExpansion }} -{{- end }} -parameters: - {{- range $k, $v := $sc.parameters }} - {{- if or (eq $v "true") (eq $v "false")}} - {{ $k }}: {{ $v | quote }} - {{- else }} - {{ $k }}: {{ $v }} - {{- end }} - {{- end }} -{{- end }} diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/values.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/values.yaml deleted file mode 100755 index a05ed5b12..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/values.yaml +++ /dev/null @@ -1,20 +0,0 @@ -# Default values for hpe-csi-storage. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -# image pull policy for all images in csi deployment -imagePullPolicy: 'IfNotPresent' - -# flavor -flavor: kubernetes - -# log level for all csi driver components -logLevel: info - -## For controlling automatic iscsi/multipath package installation (default: false) -disableNodeConformance: false - -# values for CHAP Authentication -iscsi: - chapUser: "" - chapPassword: "" \ No newline at end of file diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/Chart.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/Chart.yaml deleted file mode 100644 index 3219eab19..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/Chart.yaml +++ /dev/null @@ -1,19 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: hpe-csi-driver -apiVersion: v1 -appVersion: 1.4.0 -description: A Helm chart for installing the HPE CSI Driver for Kubernetes -home: https://hpe.com/storage/containers -icon: https://raw.githubusercontent.com/hpe-storage/co-deployments/master/docs/assets/hpedev.png -keywords: -- HPE -- Storage -- StorageClass -maintainers: -- email: hpe-containers-dev@hpe.com - name: raunakkumar -name: hpe-csi-driver -sources: -- https://scod.hpedev.io/csi_driver -version: 1.4.200+up1.4.2 diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/README.md b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/README.md deleted file mode 100644 index 3ffbdd953..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/README.md +++ /dev/null @@ -1,101 +0,0 @@ -# HPE CSI Driver for Kubernetes Helm chart - -The [HPE CSI Driver for Kubernetes](https://scod.hpedev.io/csi_driver/index.html) leverages HPE storage platforms to provide scalable and persistent storage for stateful applications. - -## Prerequisites - -- Upstream Kubernetes version >= 1.15 -- Most Kubernetes distributions are supported -- Recent Ubuntu, SLES, CentOS or RHEL compute nodes connected to their respective official package repositories -- Helm 3 (Version >= 3.2.0 required) - -Depending on which [Container Storage Provider](https://scod.hpedev.io/container_storage_provider/index.html) (CSP) is being used, other prerequisites and requirements may apply, such as storage platform OS and features. - -- [HPE Nimble Storage](https://scod.hpedev.io/container_storage_provider/hpe_nimble_storage/index.html) -- [HPE 3PAR and Primera](https://scod.hpedev.io/container_storage_provider/hpe_3par_primera/index.html) - -## Configuration and installation - -The following table lists the configurable parameters of the HPE-CSI chart and their default values. - -| Parameter | Description | Default | -|---------------------------|------------------------------------------------------------------------|--------------| -| logLevel | Log level. Can be one of `info`, `debug`, `trace`, `warn` and `error`. | info | -| imagePullPolicy | Image pull policy (`Always`, `IfNotPresent`, `Never`). | IfNotPresent | -| disableNodeConformance | Disable automatic installation of iSCSI/Multipath Packages. | false | -| iscsi.chapUser | Username for iSCSI CHAP authentication. | "" | -| iscsi.chapPassword | Password for iSCSI CHAP authentication. | "" | -| registry | Registry to pull HPE CSI Driver container images from. | quay.io | - -It's recommended to create a [values.yaml](https://github.com/hpe-storage/co-deployments/blob/master/helm/values/csi-driver) file from the corresponding release of the chart and edit it to fit the environment the chart is being deployed to. Download and edit [a sample file](https://github.com/hpe-storage/co-deployments/blob/master/helm/values/csi-driver). - -These are the bare minimum required parameters for a successful deployment to an iSCSI environment if CHAP authentication is required. - -``` -iscsi: - chapUser: "" - chapPassword: "" -``` - -Tweak any additional parameters to suit the environment or as prescribed by HPE. - -### Installing the chart - -To install the chart with the name `my-hpe-csi-driver`: - -Add HPE helm repo: - -``` -helm repo add hpe-storage https://hpe-storage.github.io/co-deployments/ -helm repo update -``` - -Install the latest chart: - -``` -kubectl create ns hpe-storage -helm install my-hpe-csi-driver hpe-storage/hpe-csi-driver -n hpe-storage -f myvalues.yaml -``` - -**Note**: `values.yaml` is optional if no parameters are overridden from defaults. - -### Upgrading the chart - -Due to the [helm limitation](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/#some-caveats-and-explanations) to not support upgrade of CRDs between different chart versions, `hpe-csi-driver` helm chart upgrade is not supported. -Our recommendation is to uninstall the existing chart and install the chart with the desired version. CRDs will be preserved between uninstall and install. - -### Uninstalling the chart - -To uninstall the `my-hpe-csi-driver` chart: - -``` -helm uninstall my-hpe-csi-driver -n hpe-storage -``` - -**Note**: Due to a limitation in Helm, CRDs are not deleted as part of the chart uninstall. - -### Alternative install method - -In some cases it's more practical to provide the local configuration via the `helm` CLI directly. Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. These will take precedence over entries in [values.yaml](https://github.com/hpe-storage/co-deployments/blob/master/helm/values/csi-driver). For example: - -``` -helm install my-hpe-csi-driver hpe-storage/hpe-csi-driver -n hpe-storage \ - --set iscsi.chapUsername=admin \ - --set iscsi.chapPassword=xxxxxxxx -``` - -## Using persistent storage with Kubernetes - -Enable dynamic provisioning of persistent storage by creating a `StorageClass` API object that references a `Secret` which maps to a supported HPE primary storage backend. Refer to the [HPE CSI Driver for Kubernetes](https://scod.hpedev.io/csi_driver/using.html) documentation on [HPE Storage Container Orchestration Documentation](https://scod.hpedev.io/). Also, it's helpful to be familiar with [persistent storage concepts](https://kubernetes.io/docs/concepts/storage/volumes/) in Kubernetes prior to deploying stateful workloads. - -## Support - -The HPE CSI Driver for Kubernetes Helm chart is covered by your HPE support contract. Please file any issues, questions or feature requests [here](https://github.com/hpe-storage/co-deployments/issues) or contact HPE through the regular support channels. You may also join our Slack community to chat with HPE folks close to this project. We hang out in `#NimbleStorage`, `#3par-primera` and `#Kubernetes` at [hpedev.slack.com](https://hpedev.slack.com), sign up here: [slack.hpedev.io](https://slack.hpedev.io/). - -## Contributing - -We value all feedback and contributions. If you find any issues or want to contribute, please feel free to open an issue or file a PR. More details in [CONTRIBUTING.md](https://github.com/hpe-storage/co-deployments/blob/master/CONTRIBUTING.md) - -## License - -This is open source software licensed using the Apache License 2.0. Please see [LICENSE](https://github.com/hpe-storage/co-deployments/blob/master/LICENSE) for details. diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/app-readme.md b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/app-readme.md deleted file mode 100644 index 29ca912cb..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/app-readme.md +++ /dev/null @@ -1,3 +0,0 @@ -# HPE CSI Driver for Kubernetes - -The [HPE CSI Driver for Kubernetes](https://github.com/hpe-storage/csi-driver) leverages HPE storage platforms to provide scalable and persistent storage for stateful applications. diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/crds/hpe-nodeinfo-crd.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/crds/hpe-nodeinfo-crd.yaml deleted file mode 100644 index 86c60cf34..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/crds/hpe-nodeinfo-crd.yaml +++ /dev/null @@ -1,70 +0,0 @@ ---- -############################################# -############ HPE Node Info CRD ############ -############################################# -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - creationTimestamp: null - name: hpenodeinfos.storage.hpe.com -spec: - group: storage.hpe.com - names: - kind: HPENodeInfo - plural: hpenodeinfos - scope: Cluster - versions: - - name: v1 - # Each version can be enabled/disabled by Served flag. - served: true - # One and only one version must be marked as the storage version. - storage: true - schema: - openAPIV3Schema: - properties: - apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object." - type: string - kind: - description: "Kind is a string value representing the REST resource this object represents" - type: string - spec: - description: "spec defines the desired characteristics of a HPE nodeinfo requested by a user." - properties: - chapPassword: - description: "The CHAP Password" - type: string - chapUser: - description: "The CHAP User Name" - type: string - iqns: - description: "List of IQNs configured on the node." - items: - type: string - type: array - networks: - description: "List of networks configured on the node." - items: - type: string - type: array - uuid: - description: "The UUID of the node." - type: string - wwpns: - description: "List of WWPNs configured on the node." - items: - type: string - type: array - required: - - uuid - - networks - type: object - required: - - spec - type: object -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] \ No newline at end of file diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/crds/hpe-replicated-device-info-crd.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/crds/hpe-replicated-device-info-crd.yaml deleted file mode 100644 index 253d87d05..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/crds/hpe-replicated-device-info-crd.yaml +++ /dev/null @@ -1,57 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - creationTimestamp: null - name: hpereplicationdeviceinfos.storage.hpe.com -spec: - group: storage.hpe.com - names: - kind: HPEReplicationDeviceInfo - plural: hpereplicationdeviceinfos - shortNames: - - hperdi - - scope: Cluster - validation: - openAPIV3Schema: - properties: - hpeReplicationDeviceInfos: - description: List of HPE Replicated Arrays configured for 3PAR/Primera arrays. - items: - properties: - targets: - description: Target Array Details - type: array - items: - properties: - targetName: - description: Target Name of the array - type: string - targetCpg: - description: Target CPG of the array - type: string - targetSnapCpg: - description: Target Snap CPG of the array - type: string - targetSecret: - description: Secret of the replicated array - type: string - targetMode: - description: Replication Mode - type: string - targetSecretNamespace: - description: Namespace of secret - type: string - required: - - targetName - - targetCpg - - targetSecret - - targetSecretNamespace - type: array - version: v1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/crds/hpe-snapshotgroupinfo-crd.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/crds/hpe-snapshotgroupinfo-crd.yaml deleted file mode 100644 index 76789eda9..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/crds/hpe-snapshotgroupinfo-crd.yaml +++ /dev/null @@ -1,57 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - creationTimestamp: null - name: hpesnapshotgroupinfos.storage.hpe.com -spec: - group: storage.hpe.com - names: - kind: HPESnapshotGroupInfo - plural: hpesnapshotgroupinfos - shortNames: - - hpesgi - scope: Cluster - version: v1 - validation: - openAPIV3Schema: - properties: - hpeSnapshotGroupInfos: - description: List of HPE snapshot groups created for 3PAR/Primera arrays. - type: array - items: - properties: - uuid: - description: The UUID of the node. - type: string - - record: - description: Metadata for the volume group - type: map[string]string - - snapshotVolumes: - description: Snapshot volumes that are part of this snapshot group - type: array - items: - properties: - srcVolumeId: - description: ID of the volume that is the source of this snapshot volume - type: string - - srcVolumeName: - description: Name of the volume that is the source of this snapshot volume - type: string - - snapshotId: - description: Snapshot volume Id - type: string - - snapshotName: - description: Snapshot volume name - type: string - -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/crds/hpe-volumegroupinfo-crd.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/crds/hpe-volumegroupinfo-crd.yaml deleted file mode 100644 index c9e58e415..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/crds/hpe-volumegroupinfo-crd.yaml +++ /dev/null @@ -1,64 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - creationTimestamp: null - name: hpevolumegroupinfos.storage.hpe.com -spec: - group: storage.hpe.com - names: - kind: HPEVolumeGroupInfo - plural: hpevolumegroupinfos - shortNames: - - hpevgi - scope: Cluster - version: v1 - validation: - openAPIV3Schema: - properties: - hpeVolumeGroupInfos: - description: List of HPE volume groups configured for 3PAR/Primera arrays. - type: array - items: - properties: - uuid: - description: The UUID of the node. - type: string - - record: - description: Metadata for the volume group - type: map[string]string - - snapshotGroups: - description: Snapshot groups that are linked to this volume group - type: array - items: - properties: - id: - description: ID of the snapshot group - type: string - - name: - description: Name of the snapshot group - type: string - - volumes: - description: Volumes that are members in this volume group - type: array - items: - properties: - volumeId: - description: ID of the member volume - type: string - - volumeName: - description: Name of the member volume - type: string - - - -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/crds/hpe-volumeinfo-crd.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/crds/hpe-volumeinfo-crd.yaml deleted file mode 100644 index 417f4f4f3..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/crds/hpe-volumeinfo-crd.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - creationTimestamp: null - name: hpevolumeinfos.storage.hpe.com -spec: - group: storage.hpe.com - names: - kind: HPEVolumeInfo - plural: hpevolumeinfos - scope: Cluster - validation: - openAPIV3Schema: - properties: - hpeVolumes: - description: List of HPE volumes configured for 3PAR/Primera arrays. - items: - properties: - uuid: - description: The UUID of the volume. - type: string - record: - description: Metadata for the volume. - type: map[string]string - type: array - version: v1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/crds/storage.hpe.com_snapshotgroupclasses.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/crds/storage.hpe.com_snapshotgroupclasses.yaml deleted file mode 100644 index b58878471..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/crds/storage.hpe.com_snapshotgroupclasses.yaml +++ /dev/null @@ -1,60 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: snapshotgroupclasses.storage.hpe.com -spec: - conversion: - strategy: None - group: storage.hpe.com - names: - kind: SnapshotGroupClass - listKind: SnapshotGroupClassList - plural: snapshotgroupclasses - singular: snapshotgroupclass - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: SnapshotGroupClass specifies parameters that a underlying - storage system uses when creating a volumegroup snapshot. A specific SnapshotGroupClass - is used by specifying its name in a VolumeGroupSnapshot object. SnapshotGroupClasses - are non-namespaced - properties: - apiVersion: - description: APIVersion defines the versioned schema of this representation - of an object. - type: string - deletionPolicy: - description: deletionPolicy determines whether a SnapshotGroupContent - created through the SnapshotGroupClass should be deleted when its - bound SnapshotGroup is deleted. Supported values are "Retain" and - "Delete". "Retain" means that the SnapshotGroupContent and its physical - snapshotGroup on underlying storage system are kept. "Delete" means that - the SnapshotGroupContent and its physical snapshotGroup on underlying - storage system are deleted. Required. - enum: - - Delete - - Retain - type: string - snapshotter: - description: snapshotter is the name of the storage driver that handles this - SnapshotGroupClass. Required. - type: string - kind: - description: Kind is a string value representing the REST resource - this object represents. - type: string - parameters: - additionalProperties: - type: string - description: parameters is a key-value map with storage driver specific - parameters for creating snapshotGroups. These values are opaque to Kubernetes. - type: object - required: - - deletionPolicy - - snapshotter - type: object - served: true - storage: true \ No newline at end of file diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/crds/storage.hpe.com_snapshotgroupcontents.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/crds/storage.hpe.com_snapshotgroupcontents.yaml deleted file mode 100644 index a7132c59e..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/crds/storage.hpe.com_snapshotgroupcontents.yaml +++ /dev/null @@ -1,104 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: snapshotgroupcontents.storage.hpe.com -spec: - conversion: - strategy: None - group: storage.hpe.com - names: - kind: SnapshotGroupContent - listKind: SnapshotGroupContentList - plural: snapshotgroupcontents - singular: snapshotgroupcontent - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: SnapshotGroupContent represents the actual "on-disk" snapshotGroup - object in the underlying storage system - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource - this object represents. Servers may infer this from the endpoint the - client submits requests to. Cannot be updated. In CamelCase. More - info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - spec: - description: spec defines properties of a SnapshotGroupContent created - by the underlying storage system. Required. - properties: - deletionPolicy: - description: deletionPolicy determines whether this SnapshotGroupContent - and its physical snapshotgroup on the underlying storage system should - be deleted when its bound SnapshotGroup is deleted. Supported - values are "Retain" and "Delete". "Retain" means that the SnapshotGroupContent - and its physical snapshotGroup on underlying storage system are kept. - "Delete" means that the SnapshotGroupContent and its physical - snapshotGroup on underlying storage system are deleted. - Required. - enum: - - Delete - - Retain - type: string - source: - description: source specifies from where a snapshotGroup will be created.Required. - properties: - snapshotGroupHandle: - description: snapshotGroupHandle specifies the snapshotGroup Id - of a pre-existing snapshotGroup on the underlying storage system. - This field is immutable. - type: string - type: object - snapshotGroupClassName: - description: name of the SnapshotGroupClass to which this snapshotGroup belongs. - type: string - snapshotGroupRef: - description: snapshotGroupRef specifies the SnapshotGroup object - to which this SnapshotGroupContent object is bound. SnapshotGroup.Spec.SnapshotGroupContentName - field must reference to this SnapshotGroupContent's name for - the bidirectional binding to be valid. - Required. - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - type: object - volumeSnapshotContentNames: - description: list of volumeSnapshotContentNames associated with this snapshotGroups - type: array - items: - type: string - required: - - deletionPolicy - - source - - snapshotGroupClassName - type: object - required: - - spec - type: object - served: true - storage: true \ No newline at end of file diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/crds/storage.hpe.com_snapshotgroups.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/crds/storage.hpe.com_snapshotgroups.yaml deleted file mode 100644 index 3372a7db7..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/crds/storage.hpe.com_snapshotgroups.yaml +++ /dev/null @@ -1,83 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: snapshotgroups.storage.hpe.com -spec: - conversion: - strategy: None - group: storage.hpe.com - names: - kind: SnapshotGroup - listKind: SnapshotGroupList - plural: snapshotgroups - singular: snapshotgroup - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - description: SnapshotGroup is a user's request for creating a snapshotgroup - properties: - apiVersion: - description: APIVersion defines the versioned schema of this representation - of an object. - type: string - kind: - description: 'Kind is a string value representing the REST resource - this object represents' - type: string - spec: - description: spec defines the desired characteristics of a snapshotGroup - requested by a user. - Required. - properties: - source: - description: source specifies where a snapshotGroup will be created. - This field is immutable after creation. Required. - properties: - kind: - description: kind of the source (VolumeGroup) is the only supported one. - type: string - apiGroup: - description: apiGroup of the source. Current supported is storage.hpe.com - type: string - name: - description: name specifies the volumeGroupName of the VolumeGroup object in the same namespace as the SnapshotGroup object where the snapshotGroup should be dynamically taken from. This field is immutable. - type: string - type: object - volumeSnapshotClassName: - description: name of the volumeSnapshotClass to create pre-provisioned snapshots - type: string - snapshotGroupClassName: - description: snapshotGroupClassName is the name of the SnapshotGroupClass requested by the SnapshotGroup. - type: string - snapshotGroupContentName: - description: snapshotGroupContentName is the name of the snapshotGroupContent the snapshotGroup is bound. - type: string - required: - - source - - volumeSnapshotClassName - - snapshotGroupClassName - type: object - status: - description: status represents the current information of a snapshotGroup. - properties: - creationTime: - description: creationTime is the timestamp when the point-in-time - snapshotGroup is taken by the underlying storage system. - format: date-time - type: string - phase: - description: the state of the snapshotgroup - enum: - - Pending - - Ready - - Failed - type: string - type: object - required: - - spec - type: object - served: true - storage: true \ No newline at end of file diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/crds/storage.hpe.com_volumegroupclasses.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/crds/storage.hpe.com_volumegroupclasses.yaml deleted file mode 100644 index e201ec94e..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/crds/storage.hpe.com_volumegroupclasses.yaml +++ /dev/null @@ -1,60 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: volumegroupclasses.storage.hpe.com -spec: - conversion: - strategy: None - group: storage.hpe.com - names: - kind: VolumeGroupClass - listKind: VolumeGroupClassList - plural: volumegroupclasses - singular: volumegroupclass - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: VolumeGroupClass specifies parameters that a underlying - storage system uses when creating a volumegroup. A specific VolumeGroupClass - is used by specifying its name in a VolumeGroup object. VolumeGroupClasses - are non-namespaced - properties: - apiVersion: - description: APIVersion defines the versioned schema of this representation - of an object. - type: string - deletionPolicy: - description: deletionPolicy determines whether a VolumeGroupContent - created through the VolumeGroupClass should be deleted when its - bound VolumeGroup is deleted. Supported values are "Retain" and - "Delete". "Retain" means that the VolumeGroupContent and its physical - volumeGroup on underlying storage system are kept. "Delete" means that - the VolumeGroupContent and its physical volumeGroup on underlying - storage system are deleted. Required. - enum: - - Delete - - Retain - type: string - provisioner: - description: provisioner is the name of the storage driver that handles this - VolumeGroupClass. Required. - type: string - kind: - description: Kind is a string value representing the REST resource - this object represents. - type: string - parameters: - additionalProperties: - type: string - description: parameters is a key-value map with storage driver specific - parameters for creating volumeGroups. These values are opaque to Kubernetes. - type: object - required: - - deletionPolicy - - provisioner - type: object - served: true - storage: true \ No newline at end of file diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/crds/storage.hpe.com_volumegroupcontents.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/crds/storage.hpe.com_volumegroupcontents.yaml deleted file mode 100644 index d944909eb..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/crds/storage.hpe.com_volumegroupcontents.yaml +++ /dev/null @@ -1,96 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: volumegroupcontents.storage.hpe.com -spec: - conversion: - strategy: None - group: storage.hpe.com - names: - kind: VolumeGroupContent - listKind: VolumeGroupContentList - plural: volumegroupcontents - singular: volumegroupcontent - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: VolumeGroupContent represents the actual "on-disk" volumeGroup - object in the underlying storage system - properties: - apiVersion: - description: APIVersion defines the versioned schema of this representation - of an object. - type: string - kind: - description: Kind is a string value representing the REST resource - this object represents. - type: string - spec: - description: spec defines properties of a VolumeGroupContent created - by the underlying storage system. Required. - properties: - deletionPolicy: - description: deletionPolicy determines whether this VolumeGroupContent - and its physical volumegroup on the underlying storage system should - be deleted when its bound VolumeGroup is deleted. Supported - values are "Retain" and "Delete". "Retain" means that the VolumeGroupContent - and its physical volumeGroup on underlying storage system are kept. - "Delete" means that the VolumeGroupContent and its physical - volumeGroup on underlying storage system are deleted. - Required. - enum: - - Delete - - Retain - type: string - source: - description: source specifies from where a volumeGroup will be created.Required. - properties: - volumeGroupHandle: - description: volumeGroupHandle specifies the volumeGroup Id - of a pre-existing volumeGroup on the underlying storage system. - This field is immutable. - type: string - type: object - volumeGroupClassName: - description: name of the VolumeGroupClass to which this volumeGroup belongs. - type: string - volumeGroupRef: - description: volumeGroupRef specifies the VolumeGroup object - to which this VolumeGroupContent object is bound. VolumeGroup.Spec.VolumeGroupContentName - field must reference to this VolumeGroupContent's name for - the bidirectional binding to be valid. - Required. - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - type: object - required: - - deletionPolicy - - source - - volumeGroupClassName - type: object - required: - - spec - type: object - served: true - storage: true \ No newline at end of file diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/crds/storage.hpe.com_volumegroups.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/crds/storage.hpe.com_volumegroups.yaml deleted file mode 100644 index 862b4398a..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/crds/storage.hpe.com_volumegroups.yaml +++ /dev/null @@ -1,69 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: volumegroups.storage.hpe.com -spec: - conversion: - strategy: None - group: storage.hpe.com - names: - kind: VolumeGroup - listKind: VolumeGroupList - plural: volumegroups - singular: volumegroup - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - description: VolumeGroup is a user's request for creating a volumegroup - properties: - apiVersion: - description: APIVersion defines the versioned schema of this representation - of an object. - type: string - kind: - description: 'Kind is a string value representing the REST resource - this object represents' - type: string - spec: - description: spec defines the desired characteristics of a volumeGroup - requested by a user. - Required. - properties: - volumeGroupClassName: - description: name of the volumeGroupClassName to create volumeGroups - type: string - persistentVolumeClaimNames: - description: persistentVolumeClaimNames are the name of the PVC associated with this volumeGroup. - type: array - items: - type: string - volumeGroupContentName: - description: volumeGroupContentName is the name of the volumeGroupContent to which the volumeGroup is bound. - type: string - required: - - volumeGroupClassName - type: object - status: - description: status represents the current information of a volumeGroup. - properties: - creationTime: - description: creationTime is the timestamp when the point-in-time - volumeGroup is taken by the underlying storage system. - format: date-time - type: string - phase: - description: the state of the volumegroup - enum: - - Pending - - Ready - - Failed - type: string - type: object - required: - - spec - type: object - served: true - storage: true \ No newline at end of file diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/files/config.json b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/files/config.json deleted file mode 100644 index d00650184..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/files/config.json +++ /dev/null @@ -1,128 +0,0 @@ -[ - { - "category": "iscsi", - "severity": "warning", - "description": "Manual startup of iSCSI nodes on boot. Can be set in /etc/iscsi/iscsid.conf", - "parameter": "startup", - "recommendation": "manual" - }, - { - "category": "iscsi", - "severity": "warning", - "description": "Replacement_timeout of 10 seconds is recommended for faster failover of I/O by multipath on path failures. Can be set in /etc/iscsi/iscsid.conf", - "parameter": "replacement_timeout", - "recommendation": "10" - }, - { - "category": "iscsi", - "severity": "warning", - "description": "Minimum login timeout of 15 seconds is recommended with iSCSI. Can be set in /etc/iscsi/iscsid.conf", - "parameter": "login_timeout", - "recommendation": "15" - }, - { - "category": "iscsi", - "severity": "warning", - "description": "Minimum timeout of 10 seconds is recommended with noop requests. Can be set in /etc/iscsi/iscsid.conf", - "parameter": "noop_out_timeout", - "recommendation": "10" - }, - { - "category": "iscsi", - "severity": "info", - "description": "Minimum cmds_max of 512 is recommended for each session if handling multiple LUN's. Can be set in /etc/iscsi/iscsid.conf", - "parameter": "cmds_max", - "recommendation": "512" - }, - { - "category": "iscsi", - "severity": "warning", - "description": "Minimum queue_depth of 256 is recommended for each iSCSI session/path. Can be set in /etc/iscsi/iscsid.conf", - "parameter": "queue_depth", - "recommendation": "256" - }, - { - "category": "iscsi", - "severity": "info", - "description": "Minimum number of sessions per iSCSI login is recommended to be 1 by default. If additional sessions are needed this can be set in /etc/iscsi/iscsid.conf. If NCM is running, please change min_session_per_array in /etc/ncm.conf and restart nlt service instead", - "parameter": "nr_sessions", - "recommendation": "1" - }, - { - "category": "multipath", - "severity": "critical", - "description": "product attribute recommended to be set to Server in /etc/multipath.conf", - "parameter": "product", - "recommendation": "\"Server\"" - }, - { - "category": "multipath", - "severity": "critical", - "description": "alua prioritizer is recommended. Can be set in /etc/multipath.conf", - "parameter": "prio", - "recommendation": "alua" - }, - { - "category": "multipath", - "severity": "critical", - "description": "scsi_dh_alua device handler is recommended. Can be set in /etc/multipath.conf", - "parameter": "hardware_handler", - "recommendation": "\"1 alua\"" - }, - { - "category": "multipath", - "severity": "warning", - "description": "immediate failback setting is recommended. Can be set in /etc/multipath.conf", - "parameter": "failback", - "recommendation": "immediate" - }, - { - "category": "multipath", - "severity": "critical", - "description": "immediately fail i/o on transient path failures to retry on other paths, value=1. Can be set in /etc/multipath.conf", - "parameter": "fast_io_fail_tmo", - "recommendation": "5" - }, - { - "category": "multipath", - "severity": "critical", - "description": "queueing is recommended for 150 seconds, with no_path_retry value of 30. Can be set in /etc/multipath.conf", - "parameter": "no_path_retry", - "recommendation": "30" - }, - { - "category": "multipath", - "severity": "warning", - "description": "service-time path selector is recommended. Can be set in /etc/multipath.conf", - "parameter": "path_selector", - "recommendation": "\"service-time 0\"" - }, - { - "category": "multipath", - "severity": "critical", - "description": "vendor attribute recommended to be set to Nimble in /etc/multipath.conf", - "parameter": "vendor", - "recommendation": "\"Nimble\"" - }, - { - "category": "multipath", - "severity": "critical", - "description": "group paths according to ALUA path priority of active/standby. Recommended to be set to group_by_prio in /etc/multipath.conf", - "parameter": "path_grouping_policy", - "recommendation": "group_by_prio" - }, - { - "category": "multipath", - "severity": "critical", - "description": "tur path checker is recommended. Can be set in /etc/multipath.conf", - "parameter": "path_checker", - "recommendation": "tur" - }, - { - "category": "multipath", - "severity": "critical", - "description": "infinite value is recommended for timeout in cases of device loss for FC. Can be set in /etc/multipath.conf", - "parameter": "dev_loss_tmo", - "recommendation": "infinity" - } -] \ No newline at end of file diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/questions.yml b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/questions.yml deleted file mode 100644 index dee65bb8e..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/questions.yml +++ /dev/null @@ -1,37 +0,0 @@ -labels: - io.rancher.certified: partner -questions: -- variable: imagePullPolicy - label: "ImagePullPolicy" - default: "IfNotPresent" - type: enum - options: - - "IfNotPresent" - - "Always" - - "Never" - description: "ImagePullPolicy for all CSI driver images" - group: "HPE CSI Driver settings" -- variable: disableNodeConformance - label: "Disable automatic installation of iSCSI/Multipath Packages" - type: boolean - default: false - description: "Disable automatic installation of iSCSI/Multipath Packages" - group: "HPE CSI Driver settings" -- variable: iscsi.chapUser - label: "iSCSI CHAP Username" - type: string - required: false - description: "Specify username for iSCSI CHAP authentication" - group: "HPE iSCSI settings" -- variable: iscsi.chapPassword - label: "iSCSI CHAP Password" - type: password - required: false - description: "Specify password for iSCSI CHAP authentication" - group: "HPE iSCSI settings" -- variable: registry - label: "Registry" - type: string - default: "quay.io" - description: "Specify registry prefix (hostname[:port]) for CSI driver images" - group: "HPE CSI Driver settings" diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/templates/NOTES.txt b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/templates/NOTES.txt deleted file mode 100644 index e69de29bb..000000000 diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/templates/_helpers.tpl b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/templates/_helpers.tpl deleted file mode 100644 index 165840d52..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "hpe-csi-storage.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "hpe-csi-storage.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "hpe-csi-storage.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/templates/csi-driver-crd.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/templates/csi-driver-crd.yaml deleted file mode 100644 index 61275fffa..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/templates/csi-driver-crd.yaml +++ /dev/null @@ -1,24 +0,0 @@ - - - ---- - -################# CSI Driver ########### -{{- if and (eq .Capabilities.KubeVersion.Major "1") ( ge ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "18") }} -apiVersion: storage.k8s.io/v1 -{{- else if and (eq .Capabilities.KubeVersion.Major "1") ( ge ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "14") }} -apiVersion: storage.k8s.io/v1beta1 -{{- end }} - -{{- if and (eq .Capabilities.KubeVersion.Major "1") ( ge ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "14") }} -kind: CSIDriver -metadata: - name: csi.hpe.com -spec: - podInfoOnMount: true - {{- if and (eq .Capabilities.KubeVersion.Major "1") ( ge ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "16") }} - volumeLifecycleModes: - - Persistent - - Ephemeral - {{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/templates/hpe-csi-controller.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/templates/hpe-csi-controller.yaml deleted file mode 100644 index c1a3e3e39..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/templates/hpe-csi-controller.yaml +++ /dev/null @@ -1,223 +0,0 @@ ---- - -############################################# -############ Controller driver ############ -############################################# - -kind: Deployment -apiVersion: apps/v1 -metadata: - name: hpe-csi-controller - namespace: {{ .Release.Namespace }} -spec: - replicas: 1 - selector: - matchLabels: - app: hpe-csi-controller - template: - metadata: - labels: - app: hpe-csi-controller - role: hpe-csi - spec: - serviceAccount: hpe-csi-controller-sa - {{- if and (eq .Capabilities.KubeVersion.Major "1") ( ge ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "17") }} - priorityClassName: system-cluster-critical - {{- end }} - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - dnsConfig: - options: - - name: ndots - value: "1" - containers: - - name: csi-provisioner - {{- if .Values.registry }} - image: {{ .Values.registry }}/k8scsi/csi-provisioner:v1.5.0 - {{- else }} - image: quay.io/k8scsi/csi-provisioner:v1.5.0 - {{- end }} - args: - - "--csi-address=$(ADDRESS)" - - "--v=5" - {{- if and (eq .Capabilities.KubeVersion.Major "1") ( ge ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "13") }} - - "--timeout=30s" - - "--worker-threads=16" - {{- end }} - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi.sock - imagePullPolicy: {{ .Values.imagePullPolicy | quote }} - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy - - name: csi-attacher - {{- if .Values.registry }} - image: {{ .Values.registry }}/k8scsi/csi-attacher:v2.1.1 - {{- else }} - image: quay.io/k8scsi/csi-attacher:v2.1.1 - {{- end }} - args: - - "--v=5" - - "--csi-address=$(ADDRESS)" - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi.sock - imagePullPolicy: {{ .Values.imagePullPolicy | quote }} - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy - {{- if and (eq .Capabilities.KubeVersion.Major "1") ( ge ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "17") }} - - name: csi-snapshotter - {{- if .Values.registry }} - image: {{ .Values.registry }}/k8scsi/csi-snapshotter:v3.0.2 - {{- else }} - image: quay.io/k8scsi/csi-snapshotter:v3.0.2 - {{- end }} - args: - - "--v=5" - - "--csi-address=$(ADDRESS)" - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi.sock - imagePullPolicy: {{ .Values.imagePullPolicy | quote }} - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy/ - {{- end }} - {{- if and (eq .Capabilities.KubeVersion.Major "1") ( ge ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "15") }} - - name: csi-resizer - {{- if .Values.registry }} - image: {{ .Values.registry }}/k8scsi/csi-resizer:v0.4.0 - {{- else }} - image: quay.io/k8scsi/csi-resizer:v0.4.0 - {{- end }} - args: - - "--csi-address=$(ADDRESS)" - - "--v=5" - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi.sock - imagePullPolicy: {{ .Values.imagePullPolicy | quote }} - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy - {{- end }} - - name: hpe-csi-driver - {{- if .Values.registry }} - image: {{ .Values.registry }}/hpestorage/csi-driver:v1.4.0 - {{- else }} - image: quay.io/hpestorage/csi-driver:v1.4.0 - {{- end }} - args : - - "--endpoint=$(CSI_ENDPOINT)" - - "--flavor=kubernetes" - - "--pod-monitor" - - "--pod-monitor-interval=30" - env: - - name: CSI_ENDPOINT - value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock - - name: LOG_LEVEL - value: {{ .Values.logLevel }} - imagePullPolicy: {{ .Values.imagePullPolicy | quote }} - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy - - name: log-dir - mountPath: /var/log - - name: k8s - mountPath: /etc/kubernetes - - name: hpeconfig - mountPath: /etc/hpe-storage - - name: root-dir - mountPath: /host - - name: csi-volume-mutator - {{- if .Values.registry }} - image: {{ .Values.registry }}/hpestorage/volume-mutator:v1.2.0 - {{- else }} - image: quay.io/hpestorage/volume-mutator:v1.2.0 - {{- end }} - args: - - "--v=5" - - "--csi-address=$(ADDRESS)" - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi-extensions.sock - imagePullPolicy: {{ .Values.imagePullPolicy | quote }} - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy/ - - name: csi-volume-group-snapshotter - {{- if .Values.registry }} - image: {{ .Values.registry }}/hpestorage/volume-group-snapshotter:v1.0.0 - {{- else }} - image: quay.io/hpestorage/volume-group-snapshotter:v1.0.0 - {{- end }} - args: - - "--v=5" - - "--csi-address=$(ADDRESS)" - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi-extensions.sock - imagePullPolicy: {{ .Values.imagePullPolicy | quote }} - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy/ - - name: csi-volume-group-provisioner - {{- if .Values.registry }} - image: {{ .Values.registry }}/hpestorage/volume-group-provisioner:v1.0.0 - {{- else }} - image: quay.io/hpestorage/volume-group-provisioner:v1.0.0 - {{- end }} - args: - - "--v=5" - - "--csi-address=$(ADDRESS)" - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi-extensions.sock - imagePullPolicy: {{ .Values.imagePullPolicy | quote }} - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy/ - - name: csi-extensions - {{- if .Values.registry }} - image: {{ .Values.registry }}/hpestorage/csi-extensions:v1.2.0 - {{- else }} - image: quay.io/hpestorage/csi-extensions:v1.2.0 - {{- end }} - args: - - "--v=5" - - "--endpoint=$(CSI_ENDPOINT)" - env: - - name: CSI_ENDPOINT - value: unix:///var/lib/csi/sockets/pluginproxy/csi-extensions.sock - - name: LOG_LEVEL - value: {{ .Values.logLevel }} - imagePullPolicy: {{ .Values.imagePullPolicy | quote }} - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy/ - volumes: - - name: socket-dir - emptyDir: {} - - name: log-dir - hostPath: - path: /var/log - - name: k8s - hostPath: - path: /etc/kubernetes - - name: hpeconfig - hostPath: - path: /etc/hpe-storage - - name: root-dir - hostPath: - path: / - tolerations: - - effect: NoExecute - key: node.kubernetes.io/not-ready - operator: Exists - tolerationSeconds: 30 - - effect: NoExecute - key: node.kubernetes.io/unreachable - operator: Exists - tolerationSeconds: 30 diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/templates/hpe-csi-node.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/templates/hpe-csi-node.yaml deleted file mode 100644 index d6657199b..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/templates/hpe-csi-node.yaml +++ /dev/null @@ -1,171 +0,0 @@ ---- - -####################################### -############ Node driver ############ -####################################### - -kind: DaemonSet -apiVersion: apps/v1 -metadata: - name: hpe-csi-node - namespace: {{ .Release.Namespace }} -spec: - selector: - matchLabels: - app: hpe-csi-node - template: - metadata: - labels: - app: hpe-csi-node - role: hpe-csi - spec: - serviceAccount: hpe-csi-node-sa - {{- if and (eq .Capabilities.KubeVersion.Major "1") ( ge ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "17") }} - priorityClassName: system-node-critical - {{- end }} - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - dnsConfig: - options: - - name: ndots - value: "1" - containers: - - name: csi-node-driver-registrar - {{- if .Values.registry }} - image: {{ .Values.registry }}/k8scsi/csi-node-driver-registrar:v2.0.1 - {{- else }} - image: quay.io/k8scsi/csi-node-driver-registrar:v2.0.1 - {{- end}} - args: - - "--csi-address=$(ADDRESS)" - - "--kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)" - - "--v=5" - env: - - name: ADDRESS - value: /csi/csi.sock - - name: DRIVER_REG_SOCK_PATH - value: /var/lib/kubelet/plugins/csi.hpe.com/csi.sock - {{- if and (eq .Capabilities.KubeVersion.Major "1") ( eq ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "12") }} - - name: KUBE_NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - {{- end }} - imagePullPolicy: "Always" - volumeMounts: - - name: plugin-dir - mountPath: /csi - - name: registration-dir - mountPath: /registration - - name: hpe-csi-driver - {{- if .Values.registry }} - image: {{ .Values.registry }}/hpestorage/csi-driver:v1.4.0 - {{- else }} - image: quay.io/hpestorage/csi-driver:v1.4.0 - {{- end}} - args : - - "--endpoint=$(CSI_ENDPOINT)" - - "--node-service" - - "--flavor=kubernetes" - env: - - name: CSI_ENDPOINT - value: unix:///csi/csi.sock - - name: LOG_LEVEL - value: {{ .Values.logLevel }} - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - {{ if and .Values.iscsi.chapUser .Values.iscsi.chapPassword }} - - name: CHAP_USER - value: {{ .Values.iscsi.chapUser }} - - name: CHAP_PASSWORD - value: {{ .Values.iscsi.chapPassword }} - {{- end }} - {{ if .Values.disableNodeConformance -}} - - name: DISABLE_NODE_CONFORMANCE - value: "true" - {{- end }} - imagePullPolicy: {{ .Values.imagePullPolicy | quote }} - securityContext: - privileged: true - capabilities: - add: ["SYS_ADMIN"] - allowPrivilegeEscalation: true - volumeMounts: - - name: plugin-dir - mountPath: /csi - - name: pods-mount-dir - mountPath: /var/lib/kubelet - # needed so that any mounts setup inside this container are - # propagated back to the host machine. - mountPropagation: "Bidirectional" - - name: root-dir - mountPath: /host - mountPropagation: "Bidirectional" - - name: device-dir - mountPath: /dev - - name: log-dir - mountPath: /var/log - - name: etc-hpe-storage-dir - mountPath: /etc/hpe-storage - - name: etc-kubernetes - mountPath: /etc/kubernetes - - name: sys - mountPath: /sys - - name: runsystemd - mountPath: /run/systemd - - name: etcsystemd - mountPath: /etc/systemd/system - - name: linux-config-file - mountPath: /opt/hpe-storage/nimbletune/config.json - subPath: config.json - volumes: - - name: registration-dir - hostPath: - path: /var/lib/kubelet/plugins_registry - type: Directory - - name: plugin-dir - hostPath: - path: /var/lib/kubelet/plugins/csi.hpe.com - type: DirectoryOrCreate - - name: pods-mount-dir - hostPath: - path: /var/lib/kubelet - - name: root-dir - hostPath: - path: / - - name: device-dir - hostPath: - path: /dev - - name: log-dir - hostPath: - path: /var/log - - name: etc-hpe-storage-dir - hostPath: - path: /etc/hpe-storage - - name: etc-kubernetes - hostPath: - path: /etc/kubernetes - - name: runsystemd - hostPath: - path: /run/systemd - - name: etcsystemd - hostPath: - path: /etc/systemd/system - - name: sys - hostPath: - path: /sys - - name: linux-config-file - configMap: - name: hpe-linux-config - tolerations: - - effect: NoExecute - key: node.kubernetes.io/not-ready - operator: Exists - tolerationSeconds: 30 - - effect: NoExecute - key: node.kubernetes.io/unreachable - operator: Exists - tolerationSeconds: 30 diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/templates/hpe-csi-rbac.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/templates/hpe-csi-rbac.yaml deleted file mode 100644 index 1da7d7c2e..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/templates/hpe-csi-rbac.yaml +++ /dev/null @@ -1,563 +0,0 @@ ---- - -kind: ServiceAccount -apiVersion: v1 -metadata: - name: hpe-csi-controller-sa - namespace: {{ .Release.Namespace }} - ---- - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: hpe-csi-provisioner-role -rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list"] - - apiGroups: [""] - resources: ["namespaces"] - verbs: ["get", "list", "create"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list"] - - apiGroups: [""] - resources: ["serviceaccounts"] - verbs: ["get", "list", "create"] - - apiGroups: [""] - resources: ["configmaps"] - verbs: ["get", "create"] - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete", "update"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["create", "get", "list", "watch", "update", "delete"] - - apiGroups: [""] - resources: ["services"] - verbs: ["create", "get", "list", "watch", "update", "delete"] - - apiGroups: ["apps"] - resources: ["deployments"] - verbs: ["create", "get", "list", "watch", "update", "delete"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] -{{- if and (eq .Capabilities.KubeVersion.Major "1") ( ge ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "17") }} - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots"] - verbs: ["get", "list"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents"] - verbs: ["get", "list"] -{{- end }} - - apiGroups: [""] - resources: ["pods"] - verbs: ["get", "list", "delete"] - - apiGroups: ["storage.k8s.io"] - resources: ["volumeattachments"] - verbs: ["get", "list", "watch", "update", "patch", "delete"] - ---- - -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: hpe-csi-provisioner-binding -subjects: - - kind: ServiceAccount - name: hpe-csi-controller-sa - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: hpe-csi-provisioner-role - apiGroup: rbac.authorization.k8s.io - ---- - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: hpe-csi-attacher-role -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "update", "patch"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list", "watch"] - - apiGroups: ["storage.k8s.io"] - resources: ["volumeattachments"] - verbs: ["get", "list", "watch", "update", "patch"] - - apiGroups: ["storage.k8s.io"] - resources: ["volumeattachments/status"] - verbs: ["get", "list", "watch", "update", "create", "delete"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "watch", "list"] - {{- if and (eq .Capabilities.KubeVersion.Major "1") ( eq ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "12") }} - resources: ["csinodeinfos"] - verbs: ["get", "list", "watch"] - {{- else if and (eq .Capabilities.KubeVersion.Major "1") ( eq ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "13") }} - - apiGroups: ["csi.storage.k8s.io"] - resources: ["csinodeinfos"] - verbs: ["get", "list", "watch"] - {{ else }} - - apiGroups: ["storage.k8s.io"] - resources: ["csinodes"] - verbs: ["get", "list", "watch"] - {{- end }} - ---- - -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: hpe-csi-attacher-binding -subjects: - - kind: ServiceAccount - name: hpe-csi-controller-sa - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: hpe-csi-attacher-role - apiGroup: rbac.authorization.k8s.io - - -{{- if and (eq .Capabilities.KubeVersion.Major "1") ( ge ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "17") }} ---- - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: hpe-csi-snapshotter-role -rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list"] - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots"] - verbs: ["create", "update", "delete", "get", "list", "watch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots/status"] - verbs: ["update"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents"] - verbs: ["create", "update", "delete", "get", "list", "watch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents/status"] - verbs: ["create", "get", "list", "watch", "update", "delete"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch", "create", "delete", "update"] - ---- - -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: hpe-csi-snapshotter-binding -subjects: - - kind: ServiceAccount - name: hpe-csi-controller-sa - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: hpe-csi-snapshotter-role - apiGroup: rbac.authorization.k8s.io - -{{- end }} - -{{- if and (eq .Capabilities.KubeVersion.Major "1") ( ge ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "15") }} ---- -# Resizer must be able to work with PVCs, PVs, SCs. -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: external-resizer-role -rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "update", "patch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims/status"] - verbs: ["update", "patch"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] - ---- - -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-resizer-role -subjects: - - kind: ServiceAccount - name: hpe-csi-controller-sa - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: external-resizer-role - apiGroup: rbac.authorization.k8s.io - ---- - -# Resizer must be able to work with end point in current namespace -# if (and only if) leadership election is enabled -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - namespace: {{ .Release.Namespace }} - name: external-resizer-cfg -rules: - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "watch", "list", "delete", "update", "create"] - ---- - -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-resizer-role-cfg - namespace: {{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: hpe-csi-controller-sa - namespace: {{ .Release.Namespace }} -roleRef: - kind: Role - name: external-resizer-cfg - apiGroup: rbac.authorization.k8s.io - - ---- -# cluster role to support volumegroup -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: hpe-csi-volumegroup-role -rules: - - apiGroups: ["storage.hpe.com"] - resources: ["volumegroups"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - - apiGroups: ["storage.hpe.com"] - resources: ["volumegroupcontents"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - - apiGroups: ["storage.hpe.com"] - resources: ["volumegroupclasses"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - - apiGroups: ["storage.hpe.com"] - resources: ["volumegroups/status"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - - apiGroups: ["storage.hpe.com"] - resources: ["volumegroupcontents/status"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - - apiGroups: [""] - resources: ["namespaces"] - verbs: ["get", "list", "create"] - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["create", "get", "list", "watch", "update", "delete"] - - apiGroups: [""] - resources: ["persistentvolumeclaims/status"] - verbs: ["update", "patch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get"] - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["create", "list", "watch", "delete", "get", "update"] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "watch", "list", "delete", "update", "create"] - ---- - -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: hpe-csi-volumegroup-binding -subjects: - - kind: ServiceAccount - name: hpe-csi-controller-sa - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: hpe-csi-volumegroup-role - apiGroup: rbac.authorization.k8s.io - ---- -# cluster role to support snapshotgroup -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: hpe-csi-snapshotgroup-role -rules: - - apiGroups: ["storage.hpe.com"] - resources: ["snapshotgroups"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - - apiGroups: ["storage.hpe.com"] - resources: ["snapshotgroupcontents"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - - apiGroups: ["storage.hpe.com"] - resources: ["snapshotgroupclasses"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - - apiGroups: ["storage.hpe.com"] - resources: ["snapshotgroups/status"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - - apiGroups: ["storage.hpe.com"] - resources: ["snapshotgroupcontents/status"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - - apiGroups: [""] - resources: ["namespaces"] - verbs: ["get", "list", "create"] - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["create", "get", "list", "watch", "update", "delete"] - - apiGroups: [""] - resources: ["persistentvolumeclaims/status"] - verbs: ["update", "patch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get"] - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["create", "list", "watch", "delete", "get", "update"] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "watch", "list", "delete", "update", "create"] - - apiGroups: ["storage.hpe.com"] - resources: ["volumegroups"] - verbs: ["get", "list", "watch"] - - apiGroups: ["storage.hpe.com"] - resources: ["volumegroupcontents"] - verbs: ["get", "list", "watch"] - - apiGroups: ["storage.hpe.com"] - resources: ["volumegroupclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents"] - verbs: ["create", "get", "list", "watch", "update", "delete"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents/status"] - verbs: ["create", "get", "list", "watch", "update", "delete"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots"] - verbs: ["create", "get", "list", "watch", "update", "delete"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots/status"] - verbs: ["update"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotclasses"] - verbs: ["get", "list"] - ---- - -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: hpe-csi-snapshotgroup-binding -subjects: - - kind: ServiceAccount - name: hpe-csi-controller-sa - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: hpe-csi-snapshotgroup-role - apiGroup: rbac.authorization.k8s.io - ---- -# mutator must be able to work with PVCs, PVs, SCs. -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-mutator-role -rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "update", "patch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims/status"] - verbs: ["update", "patch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-mutator-binding -subjects: - - kind: ServiceAccount - name: hpe-csi-controller-sa - # replace with non-default namespace name - namespace: {{ .Release.Namespace }} - -roleRef: - kind: ClusterRole - name: csi-mutator-role - apiGroup: rbac.authorization.k8s.io - ---- -# mutator must be able to work with end point in current namespace -# if (and only if) leadership election is enabled -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - namespace: {{ .Release.Namespace }} - name: csi-mutator-cfg -rules: -- apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "watch", "list", "delete", "update", "create"] - ---- -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-mutator-role-cfg - namespace: {{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: hpe-csi-controller-sa - namespace: {{ .Release.Namespace }} - -roleRef: - kind: Role - name: csi-mutator-cfg - apiGroup: rbac.authorization.k8s.io -{{- end }} - ---- - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: hpe-csi-driver-role - namespace: {{ .Release.Namespace }} -rules: - - apiGroups: ["storage.hpe.com"] - resources: ["hpenodeinfos"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - - apiGroups: ["storage.hpe.com"] - resources: ["hpevolumeinfos"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - - apiGroups: ["storage.hpe.com"] - resources: ["hpereplicationdeviceinfos"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - - apiGroups: ["storage.hpe.com"] - resources: ["hpevolumegroupinfos"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - - apiGroups: ["storage.hpe.com"] - resources: ["hpesnapshotgroupinfos"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - - apiGroups: [""] - resources: ["pods"] - verbs: ["get", "list"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list"] - - apiGroups: [""] - resources: ["services"] - verbs: ["get"] - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list"] - - apiGroups: [""] - resources: ["namespaces"] - verbs: ["get", "list"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - ---- - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: hpe-csi-node-sa - namespace: {{ .Release.Namespace }} - ---- - -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: hpe-csi-driver-binding -subjects: - - kind: ServiceAccount - name: hpe-csi-controller-sa - namespace: {{ .Release.Namespace }} - - kind: ServiceAccount - name: hpe-csi-node-sa - namespace: {{ .Release.Namespace }} - - kind: ServiceAccount - name: hpe-csp-sa - namespace: {{ .Release.Namespace }} - -roleRef: - kind: ClusterRole - name: hpe-csi-driver-role - apiGroup: rbac.authorization.k8s.io - ---- - -kind: ServiceAccount -apiVersion: v1 -metadata: - name: hpe-csp-sa - namespace: {{ .Release.Namespace }} diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/templates/hpe-linux-config.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/templates/hpe-linux-config.yaml deleted file mode 100644 index 5e4c4944a..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/templates/hpe-linux-config.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -kind: ConfigMap -apiVersion: v1 -metadata: - name: hpe-linux-config - namespace: {{ .Release.Namespace }} -data: -{{ if and .Values.iscsi.chapUser .Values.iscsi.chapPassword }} - CHAP_USER: {{ .Values.iscsi.chapUser | quote }} - CHAP_PASSWORD: {{ .Values.iscsi.chapPassword | quote }} -{{- end }} - config.json: |- -{{ (.Files.Get "files/config.json") | indent 4 }} \ No newline at end of file diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/templates/hpe-secret.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/templates/hpe-secret.yaml deleted file mode 100644 index f5b252758..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/templates/hpe-secret.yaml +++ /dev/null @@ -1,47 +0,0 @@ -{{ if $secret := (lookup "v1" "Secret" .Release.Namespace "nimble-secret") -}} -# This is required to maintain backward compatibility of resources(secret) -# created with previous releases as we no longer create a secret with CSI driver install. -# Annotation "helm.sh/resource-policy": keep" should help to remove this file altogether -# in future. -# Also, manage the secret only if created by previous versions of helm with below check. ---- -apiVersion: v1 -kind: Secret -metadata: - name: nimble-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/managed-by: Helm - annotations: - helm.sh/resource-policy: keep - meta.helm.sh/release-name: {{ .Release.Name }} - meta.helm.sh/release-namespace: {{ .Release.Namespace }} -data: - username: {{ $secret.data.username }} - password: {{ $secret.data.password }} - servicePort: {{ $secret.data.servicePort }} - backend: {{ $secret.data.backend }} - serviceName: {{ $secret.data.serviceName }} -{{- end }} - -{{ if $secret := (lookup "v1" "Secret" .Release.Namespace "primera3par-secret") -}} ---- -apiVersion: v1 -kind: Secret -metadata: - name: primera3par-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/managed-by: Helm - annotations: - helm.sh/resource-policy: keep - meta.helm.sh/release-name: {{ .Release.Name }} - meta.helm.sh/release-namespace: {{ .Release.Namespace }} -data: - username: {{ $secret.data.username }} - password: {{ $secret.data.password }} - servicePort: {{ $secret.data.servicePort }} - backend: {{ $secret.data.backend }} - serviceName: {{ $secret.data.serviceName }} -{{- end }} - diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/templates/nimble-csp.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/templates/nimble-csp.yaml deleted file mode 100644 index 332b95d5b..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/templates/nimble-csp.yaml +++ /dev/null @@ -1,64 +0,0 @@ ---- -### CSP Service ### -kind: Service -apiVersion: v1 -metadata: - name: nimble-csp-svc - namespace: {{ .Release.Namespace }} - labels: - app: nimble-csp-svc -spec: - ports: - - port: 8080 - protocol: TCP - selector: - app: nimble-csp - ---- -### CSP deployment ### -kind: Deployment -apiVersion: apps/v1 -metadata: - name: nimble-csp - namespace: {{ .Release.Namespace }} -spec: - selector: - matchLabels: - app: nimble-csp - replicas: 1 - template: - metadata: - labels: - app: nimble-csp - spec: - serviceAccount: hpe-csp-sa - {{- if and (eq .Capabilities.KubeVersion.Major "1") ( ge ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "17") }} - priorityClassName: system-cluster-critical - {{- end }} - containers: - - name: nimble-csp - {{- if .Values.registry }} - image: {{ .Values.registry }}/hpestorage/nimble-csp:v1.4.0 - {{- else }} - image: quay.io/hpestorage/nimble-csp:v1.4.0 - {{- end }} - imagePullPolicy: {{ .Values.imagePullPolicy | quote }} - ports: - - containerPort: 8080 - volumeMounts: - - name: log-dir - mountPath: /var/log - volumes: - - name: log-dir - hostPath: - path: /var/log - tolerations: - - effect: NoExecute - key: node.kubernetes.io/not-ready - operator: Exists - tolerationSeconds: 30 - - effect: NoExecute - key: node.kubernetes.io/unreachable - operator: Exists - tolerationSeconds: 30 - diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/templates/primera-3par-csp.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/templates/primera-3par-csp.yaml deleted file mode 100644 index 5b1c65e2d..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/templates/primera-3par-csp.yaml +++ /dev/null @@ -1,65 +0,0 @@ ---- -### CSP Service ### -kind: Service -apiVersion: v1 -metadata: - name: primera3par-csp-svc - namespace: {{ .Release.Namespace }} - labels: - app: primera3par-csp-svc -spec: - ports: - - port: 8080 - protocol: TCP - selector: - app: primera3par-csp - ---- -### CSP deployment ### -kind: Deployment -apiVersion: apps/v1 -metadata: - name: primera3par-csp - labels: - app: primera3par-csp - namespace: {{ .Release.Namespace }} -spec: - selector: - matchLabels: - app: primera3par-csp - replicas: 1 - template: - metadata: - labels: - app: primera3par-csp - spec: - serviceAccount: hpe-csp-sa - {{- if and (eq .Capabilities.KubeVersion.Major "1") ( ge ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "17") }} - priorityClassName: system-cluster-critical - {{- end }} - containers: - - name: primera3par-csp - {{- if .Values.registry }} - image: {{ .Values.registry }}/hpestorage/hpe3parprimera-csp:v1.2.0 - {{- else }} - image: quay.io/hpestorage/hpe3parprimera-csp:v1.2.0 - {{- end }} - imagePullPolicy: {{ .Values.imagePullPolicy | quote }} - ports: - - containerPort: 8080 - volumeMounts: - - name: log-dir - mountPath: /var/log - volumes: - - name: log-dir - hostPath: - path: /var/log - tolerations: - - effect: NoExecute - key: node.kubernetes.io/not-ready - operator: Exists - tolerationSeconds: 30 - - effect: NoExecute - key: node.kubernetes.io/unreachable - operator: Exists - tolerationSeconds: 30 diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/templates/sc.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/templates/sc.yaml deleted file mode 100644 index a864865bf..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/templates/sc.yaml +++ /dev/null @@ -1,38 +0,0 @@ -{{ if $sc := (lookup "storage.k8s.io/v1" "StorageClass" "" "hpe-standard") -}} -# This is required to maintain backward compatibility of resources(storageclass) -# created with previous releases as we no longer create a storageclass with CSI driver install. -# Annotation "helm.sh/resource-policy": keep" should help to remove this file altogether -# in future. -# Also, manage the storageClass only if created by previous versions of helm with below check. ---- -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - name: hpe-standard - labels: - plugin: {{ $.Release.Name }} - app.kubernetes.io/managed-by: Helm - annotations: - helm.sh/resource-policy: keep - meta.helm.sh/release-name: {{ .Release.Name }} - meta.helm.sh/release-namespace: {{ .Release.Namespace }} - {{- range $k, $v := $sc.metadata.annotations }} - {{- if or (eq $v "true") (eq $v "false")}} - {{ $k }}: {{ $v | quote }} - {{- else }} - {{ $k }}: {{ $v }} - {{- end }} - {{- end }} -provisioner: csi.hpe.com -{{- if and (eq .Capabilities.KubeVersion.Major "1") ( ge ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "15") }} -allowVolumeExpansion: {{ $sc.allowVolumeExpansion }} -{{- end }} -parameters: - {{- range $k, $v := $sc.parameters }} - {{- if or (eq $v "true") (eq $v "false")}} - {{ $k }}: {{ $v | quote }} - {{- else }} - {{ $k }}: {{ $v }} - {{- end }} - {{- end }} -{{- end }} diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/values.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/values.yaml deleted file mode 100644 index edf47eaee..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200+up1.4.2/values.yaml +++ /dev/null @@ -1,24 +0,0 @@ -# Default values for hpe-csi-storage. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -# image pull policy for all images in csi deployment -imagePullPolicy: 'IfNotPresent' - -# flavor -flavor: kubernetes - -# log level for all csi driver components -logLevel: info - -## For controlling automatic iscsi/multipath package installation (default: false) -disableNodeConformance: false - -# values for CHAP Authentication -iscsi: - chapUser: "" - chapPassword: "" - -# registry prefix for hpe csi images -registry: "quay.io" - diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/Chart.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/Chart.yaml deleted file mode 100755 index 796edcf93..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/Chart.yaml +++ /dev/null @@ -1,19 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: hpe-csi-driver -apiVersion: v1 -appVersion: 1.4.0 -description: A Helm chart for installing the HPE CSI Driver for Kubernetes -home: https://hpe.com/storage/containers -icon: https://raw.githubusercontent.com/hpe-storage/co-deployments/master/docs/assets/hpedev.png -keywords: -- HPE -- Storage -- StorageClass -maintainers: -- email: hpe-containers-dev@hpe.com - name: raunakkumar -name: hpe-csi-driver -sources: -- https://scod.hpedev.io/csi_driver -version: 1.4.200 diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/README.md b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/README.md deleted file mode 100755 index 3ffbdd953..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/README.md +++ /dev/null @@ -1,101 +0,0 @@ -# HPE CSI Driver for Kubernetes Helm chart - -The [HPE CSI Driver for Kubernetes](https://scod.hpedev.io/csi_driver/index.html) leverages HPE storage platforms to provide scalable and persistent storage for stateful applications. - -## Prerequisites - -- Upstream Kubernetes version >= 1.15 -- Most Kubernetes distributions are supported -- Recent Ubuntu, SLES, CentOS or RHEL compute nodes connected to their respective official package repositories -- Helm 3 (Version >= 3.2.0 required) - -Depending on which [Container Storage Provider](https://scod.hpedev.io/container_storage_provider/index.html) (CSP) is being used, other prerequisites and requirements may apply, such as storage platform OS and features. - -- [HPE Nimble Storage](https://scod.hpedev.io/container_storage_provider/hpe_nimble_storage/index.html) -- [HPE 3PAR and Primera](https://scod.hpedev.io/container_storage_provider/hpe_3par_primera/index.html) - -## Configuration and installation - -The following table lists the configurable parameters of the HPE-CSI chart and their default values. - -| Parameter | Description | Default | -|---------------------------|------------------------------------------------------------------------|--------------| -| logLevel | Log level. Can be one of `info`, `debug`, `trace`, `warn` and `error`. | info | -| imagePullPolicy | Image pull policy (`Always`, `IfNotPresent`, `Never`). | IfNotPresent | -| disableNodeConformance | Disable automatic installation of iSCSI/Multipath Packages. | false | -| iscsi.chapUser | Username for iSCSI CHAP authentication. | "" | -| iscsi.chapPassword | Password for iSCSI CHAP authentication. | "" | -| registry | Registry to pull HPE CSI Driver container images from. | quay.io | - -It's recommended to create a [values.yaml](https://github.com/hpe-storage/co-deployments/blob/master/helm/values/csi-driver) file from the corresponding release of the chart and edit it to fit the environment the chart is being deployed to. Download and edit [a sample file](https://github.com/hpe-storage/co-deployments/blob/master/helm/values/csi-driver). - -These are the bare minimum required parameters for a successful deployment to an iSCSI environment if CHAP authentication is required. - -``` -iscsi: - chapUser: "" - chapPassword: "" -``` - -Tweak any additional parameters to suit the environment or as prescribed by HPE. - -### Installing the chart - -To install the chart with the name `my-hpe-csi-driver`: - -Add HPE helm repo: - -``` -helm repo add hpe-storage https://hpe-storage.github.io/co-deployments/ -helm repo update -``` - -Install the latest chart: - -``` -kubectl create ns hpe-storage -helm install my-hpe-csi-driver hpe-storage/hpe-csi-driver -n hpe-storage -f myvalues.yaml -``` - -**Note**: `values.yaml` is optional if no parameters are overridden from defaults. - -### Upgrading the chart - -Due to the [helm limitation](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/#some-caveats-and-explanations) to not support upgrade of CRDs between different chart versions, `hpe-csi-driver` helm chart upgrade is not supported. -Our recommendation is to uninstall the existing chart and install the chart with the desired version. CRDs will be preserved between uninstall and install. - -### Uninstalling the chart - -To uninstall the `my-hpe-csi-driver` chart: - -``` -helm uninstall my-hpe-csi-driver -n hpe-storage -``` - -**Note**: Due to a limitation in Helm, CRDs are not deleted as part of the chart uninstall. - -### Alternative install method - -In some cases it's more practical to provide the local configuration via the `helm` CLI directly. Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. These will take precedence over entries in [values.yaml](https://github.com/hpe-storage/co-deployments/blob/master/helm/values/csi-driver). For example: - -``` -helm install my-hpe-csi-driver hpe-storage/hpe-csi-driver -n hpe-storage \ - --set iscsi.chapUsername=admin \ - --set iscsi.chapPassword=xxxxxxxx -``` - -## Using persistent storage with Kubernetes - -Enable dynamic provisioning of persistent storage by creating a `StorageClass` API object that references a `Secret` which maps to a supported HPE primary storage backend. Refer to the [HPE CSI Driver for Kubernetes](https://scod.hpedev.io/csi_driver/using.html) documentation on [HPE Storage Container Orchestration Documentation](https://scod.hpedev.io/). Also, it's helpful to be familiar with [persistent storage concepts](https://kubernetes.io/docs/concepts/storage/volumes/) in Kubernetes prior to deploying stateful workloads. - -## Support - -The HPE CSI Driver for Kubernetes Helm chart is covered by your HPE support contract. Please file any issues, questions or feature requests [here](https://github.com/hpe-storage/co-deployments/issues) or contact HPE through the regular support channels. You may also join our Slack community to chat with HPE folks close to this project. We hang out in `#NimbleStorage`, `#3par-primera` and `#Kubernetes` at [hpedev.slack.com](https://hpedev.slack.com), sign up here: [slack.hpedev.io](https://slack.hpedev.io/). - -## Contributing - -We value all feedback and contributions. If you find any issues or want to contribute, please feel free to open an issue or file a PR. More details in [CONTRIBUTING.md](https://github.com/hpe-storage/co-deployments/blob/master/CONTRIBUTING.md) - -## License - -This is open source software licensed using the Apache License 2.0. Please see [LICENSE](https://github.com/hpe-storage/co-deployments/blob/master/LICENSE) for details. diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/app-readme.md b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/app-readme.md deleted file mode 100755 index 29ca912cb..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/app-readme.md +++ /dev/null @@ -1,3 +0,0 @@ -# HPE CSI Driver for Kubernetes - -The [HPE CSI Driver for Kubernetes](https://github.com/hpe-storage/csi-driver) leverages HPE storage platforms to provide scalable and persistent storage for stateful applications. diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/hpe-nodeinfo-crd.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/hpe-nodeinfo-crd.yaml deleted file mode 100755 index 86c60cf34..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/hpe-nodeinfo-crd.yaml +++ /dev/null @@ -1,70 +0,0 @@ ---- -############################################# -############ HPE Node Info CRD ############ -############################################# -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - creationTimestamp: null - name: hpenodeinfos.storage.hpe.com -spec: - group: storage.hpe.com - names: - kind: HPENodeInfo - plural: hpenodeinfos - scope: Cluster - versions: - - name: v1 - # Each version can be enabled/disabled by Served flag. - served: true - # One and only one version must be marked as the storage version. - storage: true - schema: - openAPIV3Schema: - properties: - apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object." - type: string - kind: - description: "Kind is a string value representing the REST resource this object represents" - type: string - spec: - description: "spec defines the desired characteristics of a HPE nodeinfo requested by a user." - properties: - chapPassword: - description: "The CHAP Password" - type: string - chapUser: - description: "The CHAP User Name" - type: string - iqns: - description: "List of IQNs configured on the node." - items: - type: string - type: array - networks: - description: "List of networks configured on the node." - items: - type: string - type: array - uuid: - description: "The UUID of the node." - type: string - wwpns: - description: "List of WWPNs configured on the node." - items: - type: string - type: array - required: - - uuid - - networks - type: object - required: - - spec - type: object -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] \ No newline at end of file diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/hpe-replicated-device-info-crd.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/hpe-replicated-device-info-crd.yaml deleted file mode 100755 index 253d87d05..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/hpe-replicated-device-info-crd.yaml +++ /dev/null @@ -1,57 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - creationTimestamp: null - name: hpereplicationdeviceinfos.storage.hpe.com -spec: - group: storage.hpe.com - names: - kind: HPEReplicationDeviceInfo - plural: hpereplicationdeviceinfos - shortNames: - - hperdi - - scope: Cluster - validation: - openAPIV3Schema: - properties: - hpeReplicationDeviceInfos: - description: List of HPE Replicated Arrays configured for 3PAR/Primera arrays. - items: - properties: - targets: - description: Target Array Details - type: array - items: - properties: - targetName: - description: Target Name of the array - type: string - targetCpg: - description: Target CPG of the array - type: string - targetSnapCpg: - description: Target Snap CPG of the array - type: string - targetSecret: - description: Secret of the replicated array - type: string - targetMode: - description: Replication Mode - type: string - targetSecretNamespace: - description: Namespace of secret - type: string - required: - - targetName - - targetCpg - - targetSecret - - targetSecretNamespace - type: array - version: v1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/hpe-snapshotgroupinfo-crd.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/hpe-snapshotgroupinfo-crd.yaml deleted file mode 100755 index 76789eda9..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/hpe-snapshotgroupinfo-crd.yaml +++ /dev/null @@ -1,57 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - creationTimestamp: null - name: hpesnapshotgroupinfos.storage.hpe.com -spec: - group: storage.hpe.com - names: - kind: HPESnapshotGroupInfo - plural: hpesnapshotgroupinfos - shortNames: - - hpesgi - scope: Cluster - version: v1 - validation: - openAPIV3Schema: - properties: - hpeSnapshotGroupInfos: - description: List of HPE snapshot groups created for 3PAR/Primera arrays. - type: array - items: - properties: - uuid: - description: The UUID of the node. - type: string - - record: - description: Metadata for the volume group - type: map[string]string - - snapshotVolumes: - description: Snapshot volumes that are part of this snapshot group - type: array - items: - properties: - srcVolumeId: - description: ID of the volume that is the source of this snapshot volume - type: string - - srcVolumeName: - description: Name of the volume that is the source of this snapshot volume - type: string - - snapshotId: - description: Snapshot volume Id - type: string - - snapshotName: - description: Snapshot volume name - type: string - -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/hpe-volumegroupinfo-crd.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/hpe-volumegroupinfo-crd.yaml deleted file mode 100755 index c9e58e415..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/hpe-volumegroupinfo-crd.yaml +++ /dev/null @@ -1,64 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - creationTimestamp: null - name: hpevolumegroupinfos.storage.hpe.com -spec: - group: storage.hpe.com - names: - kind: HPEVolumeGroupInfo - plural: hpevolumegroupinfos - shortNames: - - hpevgi - scope: Cluster - version: v1 - validation: - openAPIV3Schema: - properties: - hpeVolumeGroupInfos: - description: List of HPE volume groups configured for 3PAR/Primera arrays. - type: array - items: - properties: - uuid: - description: The UUID of the node. - type: string - - record: - description: Metadata for the volume group - type: map[string]string - - snapshotGroups: - description: Snapshot groups that are linked to this volume group - type: array - items: - properties: - id: - description: ID of the snapshot group - type: string - - name: - description: Name of the snapshot group - type: string - - volumes: - description: Volumes that are members in this volume group - type: array - items: - properties: - volumeId: - description: ID of the member volume - type: string - - volumeName: - description: Name of the member volume - type: string - - - -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/hpe-volumeinfo-crd.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/hpe-volumeinfo-crd.yaml deleted file mode 100755 index 417f4f4f3..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/hpe-volumeinfo-crd.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - creationTimestamp: null - name: hpevolumeinfos.storage.hpe.com -spec: - group: storage.hpe.com - names: - kind: HPEVolumeInfo - plural: hpevolumeinfos - scope: Cluster - validation: - openAPIV3Schema: - properties: - hpeVolumes: - description: List of HPE volumes configured for 3PAR/Primera arrays. - items: - properties: - uuid: - description: The UUID of the volume. - type: string - record: - description: Metadata for the volume. - type: map[string]string - type: array - version: v1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/storage.hpe.com_snapshotgroupclasses.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/storage.hpe.com_snapshotgroupclasses.yaml deleted file mode 100755 index b58878471..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/storage.hpe.com_snapshotgroupclasses.yaml +++ /dev/null @@ -1,60 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: snapshotgroupclasses.storage.hpe.com -spec: - conversion: - strategy: None - group: storage.hpe.com - names: - kind: SnapshotGroupClass - listKind: SnapshotGroupClassList - plural: snapshotgroupclasses - singular: snapshotgroupclass - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: SnapshotGroupClass specifies parameters that a underlying - storage system uses when creating a volumegroup snapshot. A specific SnapshotGroupClass - is used by specifying its name in a VolumeGroupSnapshot object. SnapshotGroupClasses - are non-namespaced - properties: - apiVersion: - description: APIVersion defines the versioned schema of this representation - of an object. - type: string - deletionPolicy: - description: deletionPolicy determines whether a SnapshotGroupContent - created through the SnapshotGroupClass should be deleted when its - bound SnapshotGroup is deleted. Supported values are "Retain" and - "Delete". "Retain" means that the SnapshotGroupContent and its physical - snapshotGroup on underlying storage system are kept. "Delete" means that - the SnapshotGroupContent and its physical snapshotGroup on underlying - storage system are deleted. Required. - enum: - - Delete - - Retain - type: string - snapshotter: - description: snapshotter is the name of the storage driver that handles this - SnapshotGroupClass. Required. - type: string - kind: - description: Kind is a string value representing the REST resource - this object represents. - type: string - parameters: - additionalProperties: - type: string - description: parameters is a key-value map with storage driver specific - parameters for creating snapshotGroups. These values are opaque to Kubernetes. - type: object - required: - - deletionPolicy - - snapshotter - type: object - served: true - storage: true \ No newline at end of file diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/storage.hpe.com_snapshotgroupcontents.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/storage.hpe.com_snapshotgroupcontents.yaml deleted file mode 100755 index a7132c59e..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/storage.hpe.com_snapshotgroupcontents.yaml +++ /dev/null @@ -1,104 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: snapshotgroupcontents.storage.hpe.com -spec: - conversion: - strategy: None - group: storage.hpe.com - names: - kind: SnapshotGroupContent - listKind: SnapshotGroupContentList - plural: snapshotgroupcontents - singular: snapshotgroupcontent - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: SnapshotGroupContent represents the actual "on-disk" snapshotGroup - object in the underlying storage system - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource - this object represents. Servers may infer this from the endpoint the - client submits requests to. Cannot be updated. In CamelCase. More - info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - spec: - description: spec defines properties of a SnapshotGroupContent created - by the underlying storage system. Required. - properties: - deletionPolicy: - description: deletionPolicy determines whether this SnapshotGroupContent - and its physical snapshotgroup on the underlying storage system should - be deleted when its bound SnapshotGroup is deleted. Supported - values are "Retain" and "Delete". "Retain" means that the SnapshotGroupContent - and its physical snapshotGroup on underlying storage system are kept. - "Delete" means that the SnapshotGroupContent and its physical - snapshotGroup on underlying storage system are deleted. - Required. - enum: - - Delete - - Retain - type: string - source: - description: source specifies from where a snapshotGroup will be created.Required. - properties: - snapshotGroupHandle: - description: snapshotGroupHandle specifies the snapshotGroup Id - of a pre-existing snapshotGroup on the underlying storage system. - This field is immutable. - type: string - type: object - snapshotGroupClassName: - description: name of the SnapshotGroupClass to which this snapshotGroup belongs. - type: string - snapshotGroupRef: - description: snapshotGroupRef specifies the SnapshotGroup object - to which this SnapshotGroupContent object is bound. SnapshotGroup.Spec.SnapshotGroupContentName - field must reference to this SnapshotGroupContent's name for - the bidirectional binding to be valid. - Required. - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - type: object - volumeSnapshotContentNames: - description: list of volumeSnapshotContentNames associated with this snapshotGroups - type: array - items: - type: string - required: - - deletionPolicy - - source - - snapshotGroupClassName - type: object - required: - - spec - type: object - served: true - storage: true \ No newline at end of file diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/storage.hpe.com_snapshotgroups.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/storage.hpe.com_snapshotgroups.yaml deleted file mode 100755 index 3372a7db7..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/storage.hpe.com_snapshotgroups.yaml +++ /dev/null @@ -1,83 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: snapshotgroups.storage.hpe.com -spec: - conversion: - strategy: None - group: storage.hpe.com - names: - kind: SnapshotGroup - listKind: SnapshotGroupList - plural: snapshotgroups - singular: snapshotgroup - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - description: SnapshotGroup is a user's request for creating a snapshotgroup - properties: - apiVersion: - description: APIVersion defines the versioned schema of this representation - of an object. - type: string - kind: - description: 'Kind is a string value representing the REST resource - this object represents' - type: string - spec: - description: spec defines the desired characteristics of a snapshotGroup - requested by a user. - Required. - properties: - source: - description: source specifies where a snapshotGroup will be created. - This field is immutable after creation. Required. - properties: - kind: - description: kind of the source (VolumeGroup) is the only supported one. - type: string - apiGroup: - description: apiGroup of the source. Current supported is storage.hpe.com - type: string - name: - description: name specifies the volumeGroupName of the VolumeGroup object in the same namespace as the SnapshotGroup object where the snapshotGroup should be dynamically taken from. This field is immutable. - type: string - type: object - volumeSnapshotClassName: - description: name of the volumeSnapshotClass to create pre-provisioned snapshots - type: string - snapshotGroupClassName: - description: snapshotGroupClassName is the name of the SnapshotGroupClass requested by the SnapshotGroup. - type: string - snapshotGroupContentName: - description: snapshotGroupContentName is the name of the snapshotGroupContent the snapshotGroup is bound. - type: string - required: - - source - - volumeSnapshotClassName - - snapshotGroupClassName - type: object - status: - description: status represents the current information of a snapshotGroup. - properties: - creationTime: - description: creationTime is the timestamp when the point-in-time - snapshotGroup is taken by the underlying storage system. - format: date-time - type: string - phase: - description: the state of the snapshotgroup - enum: - - Pending - - Ready - - Failed - type: string - type: object - required: - - spec - type: object - served: true - storage: true \ No newline at end of file diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/storage.hpe.com_volumegroupclasses.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/storage.hpe.com_volumegroupclasses.yaml deleted file mode 100755 index e201ec94e..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/storage.hpe.com_volumegroupclasses.yaml +++ /dev/null @@ -1,60 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: volumegroupclasses.storage.hpe.com -spec: - conversion: - strategy: None - group: storage.hpe.com - names: - kind: VolumeGroupClass - listKind: VolumeGroupClassList - plural: volumegroupclasses - singular: volumegroupclass - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: VolumeGroupClass specifies parameters that a underlying - storage system uses when creating a volumegroup. A specific VolumeGroupClass - is used by specifying its name in a VolumeGroup object. VolumeGroupClasses - are non-namespaced - properties: - apiVersion: - description: APIVersion defines the versioned schema of this representation - of an object. - type: string - deletionPolicy: - description: deletionPolicy determines whether a VolumeGroupContent - created through the VolumeGroupClass should be deleted when its - bound VolumeGroup is deleted. Supported values are "Retain" and - "Delete". "Retain" means that the VolumeGroupContent and its physical - volumeGroup on underlying storage system are kept. "Delete" means that - the VolumeGroupContent and its physical volumeGroup on underlying - storage system are deleted. Required. - enum: - - Delete - - Retain - type: string - provisioner: - description: provisioner is the name of the storage driver that handles this - VolumeGroupClass. Required. - type: string - kind: - description: Kind is a string value representing the REST resource - this object represents. - type: string - parameters: - additionalProperties: - type: string - description: parameters is a key-value map with storage driver specific - parameters for creating volumeGroups. These values are opaque to Kubernetes. - type: object - required: - - deletionPolicy - - provisioner - type: object - served: true - storage: true \ No newline at end of file diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/storage.hpe.com_volumegroupcontents.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/storage.hpe.com_volumegroupcontents.yaml deleted file mode 100755 index d944909eb..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/storage.hpe.com_volumegroupcontents.yaml +++ /dev/null @@ -1,96 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: volumegroupcontents.storage.hpe.com -spec: - conversion: - strategy: None - group: storage.hpe.com - names: - kind: VolumeGroupContent - listKind: VolumeGroupContentList - plural: volumegroupcontents - singular: volumegroupcontent - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: VolumeGroupContent represents the actual "on-disk" volumeGroup - object in the underlying storage system - properties: - apiVersion: - description: APIVersion defines the versioned schema of this representation - of an object. - type: string - kind: - description: Kind is a string value representing the REST resource - this object represents. - type: string - spec: - description: spec defines properties of a VolumeGroupContent created - by the underlying storage system. Required. - properties: - deletionPolicy: - description: deletionPolicy determines whether this VolumeGroupContent - and its physical volumegroup on the underlying storage system should - be deleted when its bound VolumeGroup is deleted. Supported - values are "Retain" and "Delete". "Retain" means that the VolumeGroupContent - and its physical volumeGroup on underlying storage system are kept. - "Delete" means that the VolumeGroupContent and its physical - volumeGroup on underlying storage system are deleted. - Required. - enum: - - Delete - - Retain - type: string - source: - description: source specifies from where a volumeGroup will be created.Required. - properties: - volumeGroupHandle: - description: volumeGroupHandle specifies the volumeGroup Id - of a pre-existing volumeGroup on the underlying storage system. - This field is immutable. - type: string - type: object - volumeGroupClassName: - description: name of the VolumeGroupClass to which this volumeGroup belongs. - type: string - volumeGroupRef: - description: volumeGroupRef specifies the VolumeGroup object - to which this VolumeGroupContent object is bound. VolumeGroup.Spec.VolumeGroupContentName - field must reference to this VolumeGroupContent's name for - the bidirectional binding to be valid. - Required. - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - type: object - required: - - deletionPolicy - - source - - volumeGroupClassName - type: object - required: - - spec - type: object - served: true - storage: true \ No newline at end of file diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/storage.hpe.com_volumegroups.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/storage.hpe.com_volumegroups.yaml deleted file mode 100755 index 862b4398a..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/storage.hpe.com_volumegroups.yaml +++ /dev/null @@ -1,69 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: volumegroups.storage.hpe.com -spec: - conversion: - strategy: None - group: storage.hpe.com - names: - kind: VolumeGroup - listKind: VolumeGroupList - plural: volumegroups - singular: volumegroup - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - description: VolumeGroup is a user's request for creating a volumegroup - properties: - apiVersion: - description: APIVersion defines the versioned schema of this representation - of an object. - type: string - kind: - description: 'Kind is a string value representing the REST resource - this object represents' - type: string - spec: - description: spec defines the desired characteristics of a volumeGroup - requested by a user. - Required. - properties: - volumeGroupClassName: - description: name of the volumeGroupClassName to create volumeGroups - type: string - persistentVolumeClaimNames: - description: persistentVolumeClaimNames are the name of the PVC associated with this volumeGroup. - type: array - items: - type: string - volumeGroupContentName: - description: volumeGroupContentName is the name of the volumeGroupContent to which the volumeGroup is bound. - type: string - required: - - volumeGroupClassName - type: object - status: - description: status represents the current information of a volumeGroup. - properties: - creationTime: - description: creationTime is the timestamp when the point-in-time - volumeGroup is taken by the underlying storage system. - format: date-time - type: string - phase: - description: the state of the volumegroup - enum: - - Pending - - Ready - - Failed - type: string - type: object - required: - - spec - type: object - served: true - storage: true \ No newline at end of file diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/files/config.json b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/files/config.json deleted file mode 100755 index d00650184..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/files/config.json +++ /dev/null @@ -1,128 +0,0 @@ -[ - { - "category": "iscsi", - "severity": "warning", - "description": "Manual startup of iSCSI nodes on boot. Can be set in /etc/iscsi/iscsid.conf", - "parameter": "startup", - "recommendation": "manual" - }, - { - "category": "iscsi", - "severity": "warning", - "description": "Replacement_timeout of 10 seconds is recommended for faster failover of I/O by multipath on path failures. Can be set in /etc/iscsi/iscsid.conf", - "parameter": "replacement_timeout", - "recommendation": "10" - }, - { - "category": "iscsi", - "severity": "warning", - "description": "Minimum login timeout of 15 seconds is recommended with iSCSI. Can be set in /etc/iscsi/iscsid.conf", - "parameter": "login_timeout", - "recommendation": "15" - }, - { - "category": "iscsi", - "severity": "warning", - "description": "Minimum timeout of 10 seconds is recommended with noop requests. Can be set in /etc/iscsi/iscsid.conf", - "parameter": "noop_out_timeout", - "recommendation": "10" - }, - { - "category": "iscsi", - "severity": "info", - "description": "Minimum cmds_max of 512 is recommended for each session if handling multiple LUN's. Can be set in /etc/iscsi/iscsid.conf", - "parameter": "cmds_max", - "recommendation": "512" - }, - { - "category": "iscsi", - "severity": "warning", - "description": "Minimum queue_depth of 256 is recommended for each iSCSI session/path. Can be set in /etc/iscsi/iscsid.conf", - "parameter": "queue_depth", - "recommendation": "256" - }, - { - "category": "iscsi", - "severity": "info", - "description": "Minimum number of sessions per iSCSI login is recommended to be 1 by default. If additional sessions are needed this can be set in /etc/iscsi/iscsid.conf. If NCM is running, please change min_session_per_array in /etc/ncm.conf and restart nlt service instead", - "parameter": "nr_sessions", - "recommendation": "1" - }, - { - "category": "multipath", - "severity": "critical", - "description": "product attribute recommended to be set to Server in /etc/multipath.conf", - "parameter": "product", - "recommendation": "\"Server\"" - }, - { - "category": "multipath", - "severity": "critical", - "description": "alua prioritizer is recommended. Can be set in /etc/multipath.conf", - "parameter": "prio", - "recommendation": "alua" - }, - { - "category": "multipath", - "severity": "critical", - "description": "scsi_dh_alua device handler is recommended. Can be set in /etc/multipath.conf", - "parameter": "hardware_handler", - "recommendation": "\"1 alua\"" - }, - { - "category": "multipath", - "severity": "warning", - "description": "immediate failback setting is recommended. Can be set in /etc/multipath.conf", - "parameter": "failback", - "recommendation": "immediate" - }, - { - "category": "multipath", - "severity": "critical", - "description": "immediately fail i/o on transient path failures to retry on other paths, value=1. Can be set in /etc/multipath.conf", - "parameter": "fast_io_fail_tmo", - "recommendation": "5" - }, - { - "category": "multipath", - "severity": "critical", - "description": "queueing is recommended for 150 seconds, with no_path_retry value of 30. Can be set in /etc/multipath.conf", - "parameter": "no_path_retry", - "recommendation": "30" - }, - { - "category": "multipath", - "severity": "warning", - "description": "service-time path selector is recommended. Can be set in /etc/multipath.conf", - "parameter": "path_selector", - "recommendation": "\"service-time 0\"" - }, - { - "category": "multipath", - "severity": "critical", - "description": "vendor attribute recommended to be set to Nimble in /etc/multipath.conf", - "parameter": "vendor", - "recommendation": "\"Nimble\"" - }, - { - "category": "multipath", - "severity": "critical", - "description": "group paths according to ALUA path priority of active/standby. Recommended to be set to group_by_prio in /etc/multipath.conf", - "parameter": "path_grouping_policy", - "recommendation": "group_by_prio" - }, - { - "category": "multipath", - "severity": "critical", - "description": "tur path checker is recommended. Can be set in /etc/multipath.conf", - "parameter": "path_checker", - "recommendation": "tur" - }, - { - "category": "multipath", - "severity": "critical", - "description": "infinite value is recommended for timeout in cases of device loss for FC. Can be set in /etc/multipath.conf", - "parameter": "dev_loss_tmo", - "recommendation": "infinity" - } -] \ No newline at end of file diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/questions.yml b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/questions.yml deleted file mode 100755 index dee65bb8e..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/questions.yml +++ /dev/null @@ -1,37 +0,0 @@ -labels: - io.rancher.certified: partner -questions: -- variable: imagePullPolicy - label: "ImagePullPolicy" - default: "IfNotPresent" - type: enum - options: - - "IfNotPresent" - - "Always" - - "Never" - description: "ImagePullPolicy for all CSI driver images" - group: "HPE CSI Driver settings" -- variable: disableNodeConformance - label: "Disable automatic installation of iSCSI/Multipath Packages" - type: boolean - default: false - description: "Disable automatic installation of iSCSI/Multipath Packages" - group: "HPE CSI Driver settings" -- variable: iscsi.chapUser - label: "iSCSI CHAP Username" - type: string - required: false - description: "Specify username for iSCSI CHAP authentication" - group: "HPE iSCSI settings" -- variable: iscsi.chapPassword - label: "iSCSI CHAP Password" - type: password - required: false - description: "Specify password for iSCSI CHAP authentication" - group: "HPE iSCSI settings" -- variable: registry - label: "Registry" - type: string - default: "quay.io" - description: "Specify registry prefix (hostname[:port]) for CSI driver images" - group: "HPE CSI Driver settings" diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/NOTES.txt b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/NOTES.txt deleted file mode 100755 index e69de29bb..000000000 diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/_helpers.tpl b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/_helpers.tpl deleted file mode 100755 index 165840d52..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "hpe-csi-storage.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "hpe-csi-storage.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "hpe-csi-storage.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/csi-driver-crd.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/csi-driver-crd.yaml deleted file mode 100755 index 61275fffa..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/csi-driver-crd.yaml +++ /dev/null @@ -1,24 +0,0 @@ - - - ---- - -################# CSI Driver ########### -{{- if and (eq .Capabilities.KubeVersion.Major "1") ( ge ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "18") }} -apiVersion: storage.k8s.io/v1 -{{- else if and (eq .Capabilities.KubeVersion.Major "1") ( ge ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "14") }} -apiVersion: storage.k8s.io/v1beta1 -{{- end }} - -{{- if and (eq .Capabilities.KubeVersion.Major "1") ( ge ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "14") }} -kind: CSIDriver -metadata: - name: csi.hpe.com -spec: - podInfoOnMount: true - {{- if and (eq .Capabilities.KubeVersion.Major "1") ( ge ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "16") }} - volumeLifecycleModes: - - Persistent - - Ephemeral - {{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/hpe-csi-controller.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/hpe-csi-controller.yaml deleted file mode 100755 index c1a3e3e39..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/hpe-csi-controller.yaml +++ /dev/null @@ -1,223 +0,0 @@ ---- - -############################################# -############ Controller driver ############ -############################################# - -kind: Deployment -apiVersion: apps/v1 -metadata: - name: hpe-csi-controller - namespace: {{ .Release.Namespace }} -spec: - replicas: 1 - selector: - matchLabels: - app: hpe-csi-controller - template: - metadata: - labels: - app: hpe-csi-controller - role: hpe-csi - spec: - serviceAccount: hpe-csi-controller-sa - {{- if and (eq .Capabilities.KubeVersion.Major "1") ( ge ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "17") }} - priorityClassName: system-cluster-critical - {{- end }} - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - dnsConfig: - options: - - name: ndots - value: "1" - containers: - - name: csi-provisioner - {{- if .Values.registry }} - image: {{ .Values.registry }}/k8scsi/csi-provisioner:v1.5.0 - {{- else }} - image: quay.io/k8scsi/csi-provisioner:v1.5.0 - {{- end }} - args: - - "--csi-address=$(ADDRESS)" - - "--v=5" - {{- if and (eq .Capabilities.KubeVersion.Major "1") ( ge ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "13") }} - - "--timeout=30s" - - "--worker-threads=16" - {{- end }} - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi.sock - imagePullPolicy: {{ .Values.imagePullPolicy | quote }} - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy - - name: csi-attacher - {{- if .Values.registry }} - image: {{ .Values.registry }}/k8scsi/csi-attacher:v2.1.1 - {{- else }} - image: quay.io/k8scsi/csi-attacher:v2.1.1 - {{- end }} - args: - - "--v=5" - - "--csi-address=$(ADDRESS)" - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi.sock - imagePullPolicy: {{ .Values.imagePullPolicy | quote }} - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy - {{- if and (eq .Capabilities.KubeVersion.Major "1") ( ge ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "17") }} - - name: csi-snapshotter - {{- if .Values.registry }} - image: {{ .Values.registry }}/k8scsi/csi-snapshotter:v3.0.2 - {{- else }} - image: quay.io/k8scsi/csi-snapshotter:v3.0.2 - {{- end }} - args: - - "--v=5" - - "--csi-address=$(ADDRESS)" - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi.sock - imagePullPolicy: {{ .Values.imagePullPolicy | quote }} - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy/ - {{- end }} - {{- if and (eq .Capabilities.KubeVersion.Major "1") ( ge ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "15") }} - - name: csi-resizer - {{- if .Values.registry }} - image: {{ .Values.registry }}/k8scsi/csi-resizer:v0.4.0 - {{- else }} - image: quay.io/k8scsi/csi-resizer:v0.4.0 - {{- end }} - args: - - "--csi-address=$(ADDRESS)" - - "--v=5" - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi.sock - imagePullPolicy: {{ .Values.imagePullPolicy | quote }} - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy - {{- end }} - - name: hpe-csi-driver - {{- if .Values.registry }} - image: {{ .Values.registry }}/hpestorage/csi-driver:v1.4.0 - {{- else }} - image: quay.io/hpestorage/csi-driver:v1.4.0 - {{- end }} - args : - - "--endpoint=$(CSI_ENDPOINT)" - - "--flavor=kubernetes" - - "--pod-monitor" - - "--pod-monitor-interval=30" - env: - - name: CSI_ENDPOINT - value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock - - name: LOG_LEVEL - value: {{ .Values.logLevel }} - imagePullPolicy: {{ .Values.imagePullPolicy | quote }} - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy - - name: log-dir - mountPath: /var/log - - name: k8s - mountPath: /etc/kubernetes - - name: hpeconfig - mountPath: /etc/hpe-storage - - name: root-dir - mountPath: /host - - name: csi-volume-mutator - {{- if .Values.registry }} - image: {{ .Values.registry }}/hpestorage/volume-mutator:v1.2.0 - {{- else }} - image: quay.io/hpestorage/volume-mutator:v1.2.0 - {{- end }} - args: - - "--v=5" - - "--csi-address=$(ADDRESS)" - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi-extensions.sock - imagePullPolicy: {{ .Values.imagePullPolicy | quote }} - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy/ - - name: csi-volume-group-snapshotter - {{- if .Values.registry }} - image: {{ .Values.registry }}/hpestorage/volume-group-snapshotter:v1.0.0 - {{- else }} - image: quay.io/hpestorage/volume-group-snapshotter:v1.0.0 - {{- end }} - args: - - "--v=5" - - "--csi-address=$(ADDRESS)" - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi-extensions.sock - imagePullPolicy: {{ .Values.imagePullPolicy | quote }} - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy/ - - name: csi-volume-group-provisioner - {{- if .Values.registry }} - image: {{ .Values.registry }}/hpestorage/volume-group-provisioner:v1.0.0 - {{- else }} - image: quay.io/hpestorage/volume-group-provisioner:v1.0.0 - {{- end }} - args: - - "--v=5" - - "--csi-address=$(ADDRESS)" - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi-extensions.sock - imagePullPolicy: {{ .Values.imagePullPolicy | quote }} - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy/ - - name: csi-extensions - {{- if .Values.registry }} - image: {{ .Values.registry }}/hpestorage/csi-extensions:v1.2.0 - {{- else }} - image: quay.io/hpestorage/csi-extensions:v1.2.0 - {{- end }} - args: - - "--v=5" - - "--endpoint=$(CSI_ENDPOINT)" - env: - - name: CSI_ENDPOINT - value: unix:///var/lib/csi/sockets/pluginproxy/csi-extensions.sock - - name: LOG_LEVEL - value: {{ .Values.logLevel }} - imagePullPolicy: {{ .Values.imagePullPolicy | quote }} - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy/ - volumes: - - name: socket-dir - emptyDir: {} - - name: log-dir - hostPath: - path: /var/log - - name: k8s - hostPath: - path: /etc/kubernetes - - name: hpeconfig - hostPath: - path: /etc/hpe-storage - - name: root-dir - hostPath: - path: / - tolerations: - - effect: NoExecute - key: node.kubernetes.io/not-ready - operator: Exists - tolerationSeconds: 30 - - effect: NoExecute - key: node.kubernetes.io/unreachable - operator: Exists - tolerationSeconds: 30 diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/hpe-csi-node.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/hpe-csi-node.yaml deleted file mode 100755 index d6657199b..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/hpe-csi-node.yaml +++ /dev/null @@ -1,171 +0,0 @@ ---- - -####################################### -############ Node driver ############ -####################################### - -kind: DaemonSet -apiVersion: apps/v1 -metadata: - name: hpe-csi-node - namespace: {{ .Release.Namespace }} -spec: - selector: - matchLabels: - app: hpe-csi-node - template: - metadata: - labels: - app: hpe-csi-node - role: hpe-csi - spec: - serviceAccount: hpe-csi-node-sa - {{- if and (eq .Capabilities.KubeVersion.Major "1") ( ge ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "17") }} - priorityClassName: system-node-critical - {{- end }} - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - dnsConfig: - options: - - name: ndots - value: "1" - containers: - - name: csi-node-driver-registrar - {{- if .Values.registry }} - image: {{ .Values.registry }}/k8scsi/csi-node-driver-registrar:v2.0.1 - {{- else }} - image: quay.io/k8scsi/csi-node-driver-registrar:v2.0.1 - {{- end}} - args: - - "--csi-address=$(ADDRESS)" - - "--kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)" - - "--v=5" - env: - - name: ADDRESS - value: /csi/csi.sock - - name: DRIVER_REG_SOCK_PATH - value: /var/lib/kubelet/plugins/csi.hpe.com/csi.sock - {{- if and (eq .Capabilities.KubeVersion.Major "1") ( eq ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "12") }} - - name: KUBE_NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - {{- end }} - imagePullPolicy: "Always" - volumeMounts: - - name: plugin-dir - mountPath: /csi - - name: registration-dir - mountPath: /registration - - name: hpe-csi-driver - {{- if .Values.registry }} - image: {{ .Values.registry }}/hpestorage/csi-driver:v1.4.0 - {{- else }} - image: quay.io/hpestorage/csi-driver:v1.4.0 - {{- end}} - args : - - "--endpoint=$(CSI_ENDPOINT)" - - "--node-service" - - "--flavor=kubernetes" - env: - - name: CSI_ENDPOINT - value: unix:///csi/csi.sock - - name: LOG_LEVEL - value: {{ .Values.logLevel }} - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - {{ if and .Values.iscsi.chapUser .Values.iscsi.chapPassword }} - - name: CHAP_USER - value: {{ .Values.iscsi.chapUser }} - - name: CHAP_PASSWORD - value: {{ .Values.iscsi.chapPassword }} - {{- end }} - {{ if .Values.disableNodeConformance -}} - - name: DISABLE_NODE_CONFORMANCE - value: "true" - {{- end }} - imagePullPolicy: {{ .Values.imagePullPolicy | quote }} - securityContext: - privileged: true - capabilities: - add: ["SYS_ADMIN"] - allowPrivilegeEscalation: true - volumeMounts: - - name: plugin-dir - mountPath: /csi - - name: pods-mount-dir - mountPath: /var/lib/kubelet - # needed so that any mounts setup inside this container are - # propagated back to the host machine. - mountPropagation: "Bidirectional" - - name: root-dir - mountPath: /host - mountPropagation: "Bidirectional" - - name: device-dir - mountPath: /dev - - name: log-dir - mountPath: /var/log - - name: etc-hpe-storage-dir - mountPath: /etc/hpe-storage - - name: etc-kubernetes - mountPath: /etc/kubernetes - - name: sys - mountPath: /sys - - name: runsystemd - mountPath: /run/systemd - - name: etcsystemd - mountPath: /etc/systemd/system - - name: linux-config-file - mountPath: /opt/hpe-storage/nimbletune/config.json - subPath: config.json - volumes: - - name: registration-dir - hostPath: - path: /var/lib/kubelet/plugins_registry - type: Directory - - name: plugin-dir - hostPath: - path: /var/lib/kubelet/plugins/csi.hpe.com - type: DirectoryOrCreate - - name: pods-mount-dir - hostPath: - path: /var/lib/kubelet - - name: root-dir - hostPath: - path: / - - name: device-dir - hostPath: - path: /dev - - name: log-dir - hostPath: - path: /var/log - - name: etc-hpe-storage-dir - hostPath: - path: /etc/hpe-storage - - name: etc-kubernetes - hostPath: - path: /etc/kubernetes - - name: runsystemd - hostPath: - path: /run/systemd - - name: etcsystemd - hostPath: - path: /etc/systemd/system - - name: sys - hostPath: - path: /sys - - name: linux-config-file - configMap: - name: hpe-linux-config - tolerations: - - effect: NoExecute - key: node.kubernetes.io/not-ready - operator: Exists - tolerationSeconds: 30 - - effect: NoExecute - key: node.kubernetes.io/unreachable - operator: Exists - tolerationSeconds: 30 diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/hpe-csi-rbac.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/hpe-csi-rbac.yaml deleted file mode 100755 index 1da7d7c2e..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/hpe-csi-rbac.yaml +++ /dev/null @@ -1,563 +0,0 @@ ---- - -kind: ServiceAccount -apiVersion: v1 -metadata: - name: hpe-csi-controller-sa - namespace: {{ .Release.Namespace }} - ---- - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: hpe-csi-provisioner-role -rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list"] - - apiGroups: [""] - resources: ["namespaces"] - verbs: ["get", "list", "create"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list"] - - apiGroups: [""] - resources: ["serviceaccounts"] - verbs: ["get", "list", "create"] - - apiGroups: [""] - resources: ["configmaps"] - verbs: ["get", "create"] - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete", "update"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["create", "get", "list", "watch", "update", "delete"] - - apiGroups: [""] - resources: ["services"] - verbs: ["create", "get", "list", "watch", "update", "delete"] - - apiGroups: ["apps"] - resources: ["deployments"] - verbs: ["create", "get", "list", "watch", "update", "delete"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] -{{- if and (eq .Capabilities.KubeVersion.Major "1") ( ge ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "17") }} - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots"] - verbs: ["get", "list"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents"] - verbs: ["get", "list"] -{{- end }} - - apiGroups: [""] - resources: ["pods"] - verbs: ["get", "list", "delete"] - - apiGroups: ["storage.k8s.io"] - resources: ["volumeattachments"] - verbs: ["get", "list", "watch", "update", "patch", "delete"] - ---- - -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: hpe-csi-provisioner-binding -subjects: - - kind: ServiceAccount - name: hpe-csi-controller-sa - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: hpe-csi-provisioner-role - apiGroup: rbac.authorization.k8s.io - ---- - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: hpe-csi-attacher-role -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "update", "patch"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list", "watch"] - - apiGroups: ["storage.k8s.io"] - resources: ["volumeattachments"] - verbs: ["get", "list", "watch", "update", "patch"] - - apiGroups: ["storage.k8s.io"] - resources: ["volumeattachments/status"] - verbs: ["get", "list", "watch", "update", "create", "delete"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "watch", "list"] - {{- if and (eq .Capabilities.KubeVersion.Major "1") ( eq ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "12") }} - resources: ["csinodeinfos"] - verbs: ["get", "list", "watch"] - {{- else if and (eq .Capabilities.KubeVersion.Major "1") ( eq ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "13") }} - - apiGroups: ["csi.storage.k8s.io"] - resources: ["csinodeinfos"] - verbs: ["get", "list", "watch"] - {{ else }} - - apiGroups: ["storage.k8s.io"] - resources: ["csinodes"] - verbs: ["get", "list", "watch"] - {{- end }} - ---- - -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: hpe-csi-attacher-binding -subjects: - - kind: ServiceAccount - name: hpe-csi-controller-sa - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: hpe-csi-attacher-role - apiGroup: rbac.authorization.k8s.io - - -{{- if and (eq .Capabilities.KubeVersion.Major "1") ( ge ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "17") }} ---- - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: hpe-csi-snapshotter-role -rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list"] - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots"] - verbs: ["create", "update", "delete", "get", "list", "watch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots/status"] - verbs: ["update"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents"] - verbs: ["create", "update", "delete", "get", "list", "watch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents/status"] - verbs: ["create", "get", "list", "watch", "update", "delete"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch", "create", "delete", "update"] - ---- - -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: hpe-csi-snapshotter-binding -subjects: - - kind: ServiceAccount - name: hpe-csi-controller-sa - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: hpe-csi-snapshotter-role - apiGroup: rbac.authorization.k8s.io - -{{- end }} - -{{- if and (eq .Capabilities.KubeVersion.Major "1") ( ge ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "15") }} ---- -# Resizer must be able to work with PVCs, PVs, SCs. -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: external-resizer-role -rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "update", "patch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims/status"] - verbs: ["update", "patch"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] - ---- - -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-resizer-role -subjects: - - kind: ServiceAccount - name: hpe-csi-controller-sa - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: external-resizer-role - apiGroup: rbac.authorization.k8s.io - ---- - -# Resizer must be able to work with end point in current namespace -# if (and only if) leadership election is enabled -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - namespace: {{ .Release.Namespace }} - name: external-resizer-cfg -rules: - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "watch", "list", "delete", "update", "create"] - ---- - -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-resizer-role-cfg - namespace: {{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: hpe-csi-controller-sa - namespace: {{ .Release.Namespace }} -roleRef: - kind: Role - name: external-resizer-cfg - apiGroup: rbac.authorization.k8s.io - - ---- -# cluster role to support volumegroup -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: hpe-csi-volumegroup-role -rules: - - apiGroups: ["storage.hpe.com"] - resources: ["volumegroups"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - - apiGroups: ["storage.hpe.com"] - resources: ["volumegroupcontents"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - - apiGroups: ["storage.hpe.com"] - resources: ["volumegroupclasses"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - - apiGroups: ["storage.hpe.com"] - resources: ["volumegroups/status"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - - apiGroups: ["storage.hpe.com"] - resources: ["volumegroupcontents/status"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - - apiGroups: [""] - resources: ["namespaces"] - verbs: ["get", "list", "create"] - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["create", "get", "list", "watch", "update", "delete"] - - apiGroups: [""] - resources: ["persistentvolumeclaims/status"] - verbs: ["update", "patch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get"] - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["create", "list", "watch", "delete", "get", "update"] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "watch", "list", "delete", "update", "create"] - ---- - -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: hpe-csi-volumegroup-binding -subjects: - - kind: ServiceAccount - name: hpe-csi-controller-sa - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: hpe-csi-volumegroup-role - apiGroup: rbac.authorization.k8s.io - ---- -# cluster role to support snapshotgroup -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: hpe-csi-snapshotgroup-role -rules: - - apiGroups: ["storage.hpe.com"] - resources: ["snapshotgroups"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - - apiGroups: ["storage.hpe.com"] - resources: ["snapshotgroupcontents"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - - apiGroups: ["storage.hpe.com"] - resources: ["snapshotgroupclasses"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - - apiGroups: ["storage.hpe.com"] - resources: ["snapshotgroups/status"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - - apiGroups: ["storage.hpe.com"] - resources: ["snapshotgroupcontents/status"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - - apiGroups: [""] - resources: ["namespaces"] - verbs: ["get", "list", "create"] - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["create", "get", "list", "watch", "update", "delete"] - - apiGroups: [""] - resources: ["persistentvolumeclaims/status"] - verbs: ["update", "patch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get"] - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["create", "list", "watch", "delete", "get", "update"] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "watch", "list", "delete", "update", "create"] - - apiGroups: ["storage.hpe.com"] - resources: ["volumegroups"] - verbs: ["get", "list", "watch"] - - apiGroups: ["storage.hpe.com"] - resources: ["volumegroupcontents"] - verbs: ["get", "list", "watch"] - - apiGroups: ["storage.hpe.com"] - resources: ["volumegroupclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents"] - verbs: ["create", "get", "list", "watch", "update", "delete"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents/status"] - verbs: ["create", "get", "list", "watch", "update", "delete"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots"] - verbs: ["create", "get", "list", "watch", "update", "delete"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots/status"] - verbs: ["update"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotclasses"] - verbs: ["get", "list"] - ---- - -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: hpe-csi-snapshotgroup-binding -subjects: - - kind: ServiceAccount - name: hpe-csi-controller-sa - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: hpe-csi-snapshotgroup-role - apiGroup: rbac.authorization.k8s.io - ---- -# mutator must be able to work with PVCs, PVs, SCs. -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-mutator-role -rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "update", "patch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims/status"] - verbs: ["update", "patch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-mutator-binding -subjects: - - kind: ServiceAccount - name: hpe-csi-controller-sa - # replace with non-default namespace name - namespace: {{ .Release.Namespace }} - -roleRef: - kind: ClusterRole - name: csi-mutator-role - apiGroup: rbac.authorization.k8s.io - ---- -# mutator must be able to work with end point in current namespace -# if (and only if) leadership election is enabled -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - namespace: {{ .Release.Namespace }} - name: csi-mutator-cfg -rules: -- apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "watch", "list", "delete", "update", "create"] - ---- -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-mutator-role-cfg - namespace: {{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: hpe-csi-controller-sa - namespace: {{ .Release.Namespace }} - -roleRef: - kind: Role - name: csi-mutator-cfg - apiGroup: rbac.authorization.k8s.io -{{- end }} - ---- - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: hpe-csi-driver-role - namespace: {{ .Release.Namespace }} -rules: - - apiGroups: ["storage.hpe.com"] - resources: ["hpenodeinfos"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - - apiGroups: ["storage.hpe.com"] - resources: ["hpevolumeinfos"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - - apiGroups: ["storage.hpe.com"] - resources: ["hpereplicationdeviceinfos"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - - apiGroups: ["storage.hpe.com"] - resources: ["hpevolumegroupinfos"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - - apiGroups: ["storage.hpe.com"] - resources: ["hpesnapshotgroupinfos"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - - apiGroups: [""] - resources: ["pods"] - verbs: ["get", "list"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list"] - - apiGroups: [""] - resources: ["services"] - verbs: ["get"] - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list"] - - apiGroups: [""] - resources: ["namespaces"] - verbs: ["get", "list"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - ---- - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: hpe-csi-node-sa - namespace: {{ .Release.Namespace }} - ---- - -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: hpe-csi-driver-binding -subjects: - - kind: ServiceAccount - name: hpe-csi-controller-sa - namespace: {{ .Release.Namespace }} - - kind: ServiceAccount - name: hpe-csi-node-sa - namespace: {{ .Release.Namespace }} - - kind: ServiceAccount - name: hpe-csp-sa - namespace: {{ .Release.Namespace }} - -roleRef: - kind: ClusterRole - name: hpe-csi-driver-role - apiGroup: rbac.authorization.k8s.io - ---- - -kind: ServiceAccount -apiVersion: v1 -metadata: - name: hpe-csp-sa - namespace: {{ .Release.Namespace }} diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/hpe-linux-config.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/hpe-linux-config.yaml deleted file mode 100755 index 5e4c4944a..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/hpe-linux-config.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -kind: ConfigMap -apiVersion: v1 -metadata: - name: hpe-linux-config - namespace: {{ .Release.Namespace }} -data: -{{ if and .Values.iscsi.chapUser .Values.iscsi.chapPassword }} - CHAP_USER: {{ .Values.iscsi.chapUser | quote }} - CHAP_PASSWORD: {{ .Values.iscsi.chapPassword | quote }} -{{- end }} - config.json: |- -{{ (.Files.Get "files/config.json") | indent 4 }} \ No newline at end of file diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/hpe-secret.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/hpe-secret.yaml deleted file mode 100755 index f5b252758..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/hpe-secret.yaml +++ /dev/null @@ -1,47 +0,0 @@ -{{ if $secret := (lookup "v1" "Secret" .Release.Namespace "nimble-secret") -}} -# This is required to maintain backward compatibility of resources(secret) -# created with previous releases as we no longer create a secret with CSI driver install. -# Annotation "helm.sh/resource-policy": keep" should help to remove this file altogether -# in future. -# Also, manage the secret only if created by previous versions of helm with below check. ---- -apiVersion: v1 -kind: Secret -metadata: - name: nimble-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/managed-by: Helm - annotations: - helm.sh/resource-policy: keep - meta.helm.sh/release-name: {{ .Release.Name }} - meta.helm.sh/release-namespace: {{ .Release.Namespace }} -data: - username: {{ $secret.data.username }} - password: {{ $secret.data.password }} - servicePort: {{ $secret.data.servicePort }} - backend: {{ $secret.data.backend }} - serviceName: {{ $secret.data.serviceName }} -{{- end }} - -{{ if $secret := (lookup "v1" "Secret" .Release.Namespace "primera3par-secret") -}} ---- -apiVersion: v1 -kind: Secret -metadata: - name: primera3par-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/managed-by: Helm - annotations: - helm.sh/resource-policy: keep - meta.helm.sh/release-name: {{ .Release.Name }} - meta.helm.sh/release-namespace: {{ .Release.Namespace }} -data: - username: {{ $secret.data.username }} - password: {{ $secret.data.password }} - servicePort: {{ $secret.data.servicePort }} - backend: {{ $secret.data.backend }} - serviceName: {{ $secret.data.serviceName }} -{{- end }} - diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/nimble-csp.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/nimble-csp.yaml deleted file mode 100755 index 332b95d5b..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/nimble-csp.yaml +++ /dev/null @@ -1,64 +0,0 @@ ---- -### CSP Service ### -kind: Service -apiVersion: v1 -metadata: - name: nimble-csp-svc - namespace: {{ .Release.Namespace }} - labels: - app: nimble-csp-svc -spec: - ports: - - port: 8080 - protocol: TCP - selector: - app: nimble-csp - ---- -### CSP deployment ### -kind: Deployment -apiVersion: apps/v1 -metadata: - name: nimble-csp - namespace: {{ .Release.Namespace }} -spec: - selector: - matchLabels: - app: nimble-csp - replicas: 1 - template: - metadata: - labels: - app: nimble-csp - spec: - serviceAccount: hpe-csp-sa - {{- if and (eq .Capabilities.KubeVersion.Major "1") ( ge ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "17") }} - priorityClassName: system-cluster-critical - {{- end }} - containers: - - name: nimble-csp - {{- if .Values.registry }} - image: {{ .Values.registry }}/hpestorage/nimble-csp:v1.4.0 - {{- else }} - image: quay.io/hpestorage/nimble-csp:v1.4.0 - {{- end }} - imagePullPolicy: {{ .Values.imagePullPolicy | quote }} - ports: - - containerPort: 8080 - volumeMounts: - - name: log-dir - mountPath: /var/log - volumes: - - name: log-dir - hostPath: - path: /var/log - tolerations: - - effect: NoExecute - key: node.kubernetes.io/not-ready - operator: Exists - tolerationSeconds: 30 - - effect: NoExecute - key: node.kubernetes.io/unreachable - operator: Exists - tolerationSeconds: 30 - diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/primera-3par-csp.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/primera-3par-csp.yaml deleted file mode 100755 index 5b1c65e2d..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/primera-3par-csp.yaml +++ /dev/null @@ -1,65 +0,0 @@ ---- -### CSP Service ### -kind: Service -apiVersion: v1 -metadata: - name: primera3par-csp-svc - namespace: {{ .Release.Namespace }} - labels: - app: primera3par-csp-svc -spec: - ports: - - port: 8080 - protocol: TCP - selector: - app: primera3par-csp - ---- -### CSP deployment ### -kind: Deployment -apiVersion: apps/v1 -metadata: - name: primera3par-csp - labels: - app: primera3par-csp - namespace: {{ .Release.Namespace }} -spec: - selector: - matchLabels: - app: primera3par-csp - replicas: 1 - template: - metadata: - labels: - app: primera3par-csp - spec: - serviceAccount: hpe-csp-sa - {{- if and (eq .Capabilities.KubeVersion.Major "1") ( ge ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "17") }} - priorityClassName: system-cluster-critical - {{- end }} - containers: - - name: primera3par-csp - {{- if .Values.registry }} - image: {{ .Values.registry }}/hpestorage/hpe3parprimera-csp:v1.2.0 - {{- else }} - image: quay.io/hpestorage/hpe3parprimera-csp:v1.2.0 - {{- end }} - imagePullPolicy: {{ .Values.imagePullPolicy | quote }} - ports: - - containerPort: 8080 - volumeMounts: - - name: log-dir - mountPath: /var/log - volumes: - - name: log-dir - hostPath: - path: /var/log - tolerations: - - effect: NoExecute - key: node.kubernetes.io/not-ready - operator: Exists - tolerationSeconds: 30 - - effect: NoExecute - key: node.kubernetes.io/unreachable - operator: Exists - tolerationSeconds: 30 diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/sc.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/sc.yaml deleted file mode 100755 index a864865bf..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/sc.yaml +++ /dev/null @@ -1,38 +0,0 @@ -{{ if $sc := (lookup "storage.k8s.io/v1" "StorageClass" "" "hpe-standard") -}} -# This is required to maintain backward compatibility of resources(storageclass) -# created with previous releases as we no longer create a storageclass with CSI driver install. -# Annotation "helm.sh/resource-policy": keep" should help to remove this file altogether -# in future. -# Also, manage the storageClass only if created by previous versions of helm with below check. ---- -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - name: hpe-standard - labels: - plugin: {{ $.Release.Name }} - app.kubernetes.io/managed-by: Helm - annotations: - helm.sh/resource-policy: keep - meta.helm.sh/release-name: {{ .Release.Name }} - meta.helm.sh/release-namespace: {{ .Release.Namespace }} - {{- range $k, $v := $sc.metadata.annotations }} - {{- if or (eq $v "true") (eq $v "false")}} - {{ $k }}: {{ $v | quote }} - {{- else }} - {{ $k }}: {{ $v }} - {{- end }} - {{- end }} -provisioner: csi.hpe.com -{{- if and (eq .Capabilities.KubeVersion.Major "1") ( ge ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "15") }} -allowVolumeExpansion: {{ $sc.allowVolumeExpansion }} -{{- end }} -parameters: - {{- range $k, $v := $sc.parameters }} - {{- if or (eq $v "true") (eq $v "false")}} - {{ $k }}: {{ $v | quote }} - {{- else }} - {{ $k }}: {{ $v }} - {{- end }} - {{- end }} -{{- end }} diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/values.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/values.yaml deleted file mode 100755 index edf47eaee..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/values.yaml +++ /dev/null @@ -1,24 +0,0 @@ -# Default values for hpe-csi-storage. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -# image pull policy for all images in csi deployment -imagePullPolicy: 'IfNotPresent' - -# flavor -flavor: kubernetes - -# log level for all csi driver components -logLevel: info - -## For controlling automatic iscsi/multipath package installation (default: false) -disableNodeConformance: false - -# values for CHAP Authentication -iscsi: - chapUser: "" - chapPassword: "" - -# registry prefix for hpe csi images -registry: "quay.io" - diff --git a/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/Chart.yaml b/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/Chart.yaml deleted file mode 100644 index 0b0a39891..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/Chart.yaml +++ /dev/null @@ -1,27 +0,0 @@ -annotations: - artifacthub.io/license: Apache-2.0 - artifacthub.io/links: | - - name: Documentation - url: https://scod.hpedev.io/csi_driver - artifacthub.io/prerelease: "false" - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: HPE CSI Driver for Kubernetes - catalog.cattle.io/release-name: hpe-csi-driver -apiVersion: v1 -appVersion: 2.0.0 -description: A Helm chart for installing the HPE CSI Driver for Kubernetes -home: https://hpe.com/storage/containers -icon: https://raw.githubusercontent.com/hpe-storage/co-deployments/master/docs/assets/hpedev.png -keywords: -- HPE -- Storage -- CSI -kubeVersion: 1.18 - 1.21 -maintainers: -- email: datamattsson@hpe.com - name: datamattsson -name: hpe-csi-driver -sources: -- https://github.com/hpe-storage/co-deployments -- https://github.com/hpe-storage/csi-driver -version: 2.0.0 diff --git a/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/README.md b/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/README.md deleted file mode 100644 index 4986dcb2c..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/README.md +++ /dev/null @@ -1,115 +0,0 @@ -# HPE CSI Driver for Kubernetes Helm chart - -The [HPE CSI Driver for Kubernetes](https://scod.hpedev.io/csi_driver/index.html) leverages Hewlett Packard Enterprise storage platforms to provide scalable and persistent storage for stateful applications. - -## Prerequisites - -- Upstream Kubernetes version >= 1.18 -- Most Kubernetes distributions are supported -- Recent Ubuntu, SLES, CentOS or RHEL compute nodes connected to their respective official package repositories -- Helm 3 (Version >= 3.2.0 required) - -Depending on which [Container Storage Provider](https://scod.hpedev.io/container_storage_provider/index.html) (CSP) is being used, other prerequisites and requirements may apply, such as storage platform OS and features. - -- [HPE Alletra 6000 and Nimble Storage](https://scod.hpedev.io/container_storage_provider/hpe_nimble_storage/index.html) -- [HPE Alletra 9000, Primera and 3PAR](https://scod.hpedev.io/container_storage_provider/hpe_3par_primera/index.html) - -## Configuration and installation - -The following table lists the configurable parameters of the chart and their default values. - -| Parameter | Description | Default | -|---------------------------|------------------------------------------------------------------------|------------------| -| disable.nimble | Disable HPE Nimble Storage CSP `Service`. | false | -| disable.primera | Disable HPE Primera (and 3PAR) CSP `Service`. | false | -| disable.alletra6000 | Disable HPE Alletra 6000 CSP `Service`. | false | -| disable.alletra9000 | Disable HPE Alletra 9000 CSP `Service`. | false | -| disableNodeConformance | Disable automatic installation of iSCSI/Multipath Packages. | false | -| disableNodeGetVolumeStats | Disable NodeGetVolumeStats call to CSI driver. | false | -| imagePullPolicy | Image pull policy (`Always`, `IfNotPresent`, `Never`). | IfNotPresent | -| iscsi.chapUser | Username for iSCSI CHAP authentication. | "" | -| iscsi.chapPassword | Password for iSCSI CHAP authentication. | "" | -| logLevel | Log level. Can be one of `info`, `debug`, `trace`, `warn` and `error`. | info | -| registry | Registry to pull HPE CSI Driver container images from. | quay.io | -| kubeletRootDir | The kubelet root directory path. | /var/lib/kubelet | -| cspClientTimeout | CSP client timeout for HPE Alletra 9000, Primera and 3PAR (60-360 sec).| 60 | - -It's recommended to create a [values.yaml](https://github.com/hpe-storage/co-deployments/blob/master/helm/values/csi-driver) file from the corresponding release of the chart and edit it to fit the environment the chart is being deployed to. Download and edit [a sample file](https://github.com/hpe-storage/co-deployments/blob/master/helm/values/csi-driver). - -These are the bare minimum required parameters for a successful deployment to an iSCSI environment if CHAP authentication is required. - -``` -iscsi: - chapUser: "" - chapPassword: "" -``` - -Tweak any additional parameters to suit the environment or as prescribed by HPE. - -### Installing the chart - -To install the chart with the name `my-hpe-csi-driver`: - -Add HPE helm repo: - -``` -helm repo add hpe-storage https://hpe-storage.github.io/co-deployments/ -helm repo update -``` - -Install the latest chart: - -``` -kubectl create ns hpe-storage -helm install my-hpe-csi-driver hpe-storage/hpe-csi-driver -n hpe-storage -f myvalues.yaml -``` - -**Note**: `myvalues.yaml` is optional if no parameters are overridden from defaults. Also pay attention to what the latest version of the chart is. If it's labeled with `pre-prelease` and a "beta" tag, add `--version X.Y.Z` to install a "stable" chart. - -### Upgrading the chart - -Due to the [helm limitation](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/#some-caveats-and-explanations) to not support upgrade of CRDs between different chart versions, helm chart upgrade is not supported. - -Our recommendation is to uninstall the existing chart and install the chart with the desired version. CRDs will be preserved between uninstall and install. - -### Uninstalling the chart - -To uninstall the `my-hpe-csi-driver` chart: - -``` -helm uninstall my-hpe-csi-driver -n hpe-storage -``` - -**Note**: Due to a limitation in Helm, CRDs are not deleted as part of the chart uninstall. - -### Alternative install method - -In some cases it's more practical to provide the local configuration via the `helm` CLI directly. Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. These will take precedence over entries in [values.yaml](https://github.com/hpe-storage/co-deployments/blob/master/helm/values/csi-driver). For example: - -``` -helm install my-hpe-csi-driver hpe-storage/hpe-csi-driver -n hpe-storage \ - --set iscsi.chapUsername=admin \ - --set iscsi.chapPassword=xxxxxxxx -``` - -## Using persistent storage with Kubernetes - -Enable dynamic provisioning of persistent storage by creating a `StorageClass` API object that references a `Secret` which maps to a supported HPE primary storage backend. Refer to the [HPE CSI Driver for Kubernetes](https://scod.hpedev.io/csi_driver/deployment.html#add_a_hpe_storage_backend) documentation on [HPE Storage Container Orchestration Documentation](https://scod.hpedev.io/). Also, it's helpful to be familiar with [persistent storage concepts](https://kubernetes.io/docs/concepts/storage/volumes/) in Kubernetes prior to deploying stateful workloads. - -## Support - -The HPE CSI Driver for Kubernetes Helm chart is fully supported by HPE. - -Formal support statements for each HPE supported CSP is [available on SCOD](https://scod.hpedev.io/legal/support). Use this facility for formal support of your HPE storage products, including the Helm chart. - -## Community - -Please file any issues, questions or feature requests you may have [here](https://github.com/hpe-storage/co-deployments/issues) (do not use this facility for support inquiries of your HPE storage product, see [SCOD](https://scod.hpedev.io/legal/support) for support). You may also join our Slack community to chat with HPE folks close to this project. We hang out in `#NimbleStorage`, `#3par-primera`, and `#Kubernetes`. Sign up at [slack.hpedev.io](https://slack.hpedev.io/) and login at [hpedev.slack.com](https://hpedev.slack.com/) - -## Contributing - -We value all feedback and contributions. If you find any issues or want to contribute, please feel free to open an issue or file a PR. More details in [CONTRIBUTING.md](https://github.com/hpe-storage/co-deployments/blob/master/CONTRIBUTING.md) - -## License - -This is open source software licensed using the Apache License 2.0. Please see [LICENSE](https://github.com/hpe-storage/co-deployments/blob/master/LICENSE) for details. diff --git a/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/app-readme.md b/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/app-readme.md deleted file mode 100644 index 29ca912cb..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/app-readme.md +++ /dev/null @@ -1,3 +0,0 @@ -# HPE CSI Driver for Kubernetes - -The [HPE CSI Driver for Kubernetes](https://github.com/hpe-storage/csi-driver) leverages HPE storage platforms to provide scalable and persistent storage for stateful applications. diff --git a/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/crds/hpe-nodeinfo-crd.yaml b/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/crds/hpe-nodeinfo-crd.yaml deleted file mode 100644 index 86c60cf34..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/crds/hpe-nodeinfo-crd.yaml +++ /dev/null @@ -1,70 +0,0 @@ ---- -############################################# -############ HPE Node Info CRD ############ -############################################# -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - creationTimestamp: null - name: hpenodeinfos.storage.hpe.com -spec: - group: storage.hpe.com - names: - kind: HPENodeInfo - plural: hpenodeinfos - scope: Cluster - versions: - - name: v1 - # Each version can be enabled/disabled by Served flag. - served: true - # One and only one version must be marked as the storage version. - storage: true - schema: - openAPIV3Schema: - properties: - apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object." - type: string - kind: - description: "Kind is a string value representing the REST resource this object represents" - type: string - spec: - description: "spec defines the desired characteristics of a HPE nodeinfo requested by a user." - properties: - chapPassword: - description: "The CHAP Password" - type: string - chapUser: - description: "The CHAP User Name" - type: string - iqns: - description: "List of IQNs configured on the node." - items: - type: string - type: array - networks: - description: "List of networks configured on the node." - items: - type: string - type: array - uuid: - description: "The UUID of the node." - type: string - wwpns: - description: "List of WWPNs configured on the node." - items: - type: string - type: array - required: - - uuid - - networks - type: object - required: - - spec - type: object -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] \ No newline at end of file diff --git a/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/crds/hpe-replicated-device-info-crd.yaml b/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/crds/hpe-replicated-device-info-crd.yaml deleted file mode 100644 index 253d87d05..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/crds/hpe-replicated-device-info-crd.yaml +++ /dev/null @@ -1,57 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - creationTimestamp: null - name: hpereplicationdeviceinfos.storage.hpe.com -spec: - group: storage.hpe.com - names: - kind: HPEReplicationDeviceInfo - plural: hpereplicationdeviceinfos - shortNames: - - hperdi - - scope: Cluster - validation: - openAPIV3Schema: - properties: - hpeReplicationDeviceInfos: - description: List of HPE Replicated Arrays configured for 3PAR/Primera arrays. - items: - properties: - targets: - description: Target Array Details - type: array - items: - properties: - targetName: - description: Target Name of the array - type: string - targetCpg: - description: Target CPG of the array - type: string - targetSnapCpg: - description: Target Snap CPG of the array - type: string - targetSecret: - description: Secret of the replicated array - type: string - targetMode: - description: Replication Mode - type: string - targetSecretNamespace: - description: Namespace of secret - type: string - required: - - targetName - - targetCpg - - targetSecret - - targetSecretNamespace - type: array - version: v1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/crds/hpe-snapshotgroupinfo-crd.yaml b/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/crds/hpe-snapshotgroupinfo-crd.yaml deleted file mode 100644 index 76789eda9..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/crds/hpe-snapshotgroupinfo-crd.yaml +++ /dev/null @@ -1,57 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - creationTimestamp: null - name: hpesnapshotgroupinfos.storage.hpe.com -spec: - group: storage.hpe.com - names: - kind: HPESnapshotGroupInfo - plural: hpesnapshotgroupinfos - shortNames: - - hpesgi - scope: Cluster - version: v1 - validation: - openAPIV3Schema: - properties: - hpeSnapshotGroupInfos: - description: List of HPE snapshot groups created for 3PAR/Primera arrays. - type: array - items: - properties: - uuid: - description: The UUID of the node. - type: string - - record: - description: Metadata for the volume group - type: map[string]string - - snapshotVolumes: - description: Snapshot volumes that are part of this snapshot group - type: array - items: - properties: - srcVolumeId: - description: ID of the volume that is the source of this snapshot volume - type: string - - srcVolumeName: - description: Name of the volume that is the source of this snapshot volume - type: string - - snapshotId: - description: Snapshot volume Id - type: string - - snapshotName: - description: Snapshot volume name - type: string - -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/crds/hpe-volumegroupinfo-crd.yaml b/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/crds/hpe-volumegroupinfo-crd.yaml deleted file mode 100644 index c9e58e415..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/crds/hpe-volumegroupinfo-crd.yaml +++ /dev/null @@ -1,64 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - creationTimestamp: null - name: hpevolumegroupinfos.storage.hpe.com -spec: - group: storage.hpe.com - names: - kind: HPEVolumeGroupInfo - plural: hpevolumegroupinfos - shortNames: - - hpevgi - scope: Cluster - version: v1 - validation: - openAPIV3Schema: - properties: - hpeVolumeGroupInfos: - description: List of HPE volume groups configured for 3PAR/Primera arrays. - type: array - items: - properties: - uuid: - description: The UUID of the node. - type: string - - record: - description: Metadata for the volume group - type: map[string]string - - snapshotGroups: - description: Snapshot groups that are linked to this volume group - type: array - items: - properties: - id: - description: ID of the snapshot group - type: string - - name: - description: Name of the snapshot group - type: string - - volumes: - description: Volumes that are members in this volume group - type: array - items: - properties: - volumeId: - description: ID of the member volume - type: string - - volumeName: - description: Name of the member volume - type: string - - - -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/crds/hpe-volumeinfo-crd.yaml b/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/crds/hpe-volumeinfo-crd.yaml deleted file mode 100644 index 417f4f4f3..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/crds/hpe-volumeinfo-crd.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - creationTimestamp: null - name: hpevolumeinfos.storage.hpe.com -spec: - group: storage.hpe.com - names: - kind: HPEVolumeInfo - plural: hpevolumeinfos - scope: Cluster - validation: - openAPIV3Schema: - properties: - hpeVolumes: - description: List of HPE volumes configured for 3PAR/Primera arrays. - items: - properties: - uuid: - description: The UUID of the volume. - type: string - record: - description: Metadata for the volume. - type: map[string]string - type: array - version: v1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/crds/storage.hpe.com_snapshotgroupclasses.yaml b/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/crds/storage.hpe.com_snapshotgroupclasses.yaml deleted file mode 100644 index b58878471..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/crds/storage.hpe.com_snapshotgroupclasses.yaml +++ /dev/null @@ -1,60 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: snapshotgroupclasses.storage.hpe.com -spec: - conversion: - strategy: None - group: storage.hpe.com - names: - kind: SnapshotGroupClass - listKind: SnapshotGroupClassList - plural: snapshotgroupclasses - singular: snapshotgroupclass - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: SnapshotGroupClass specifies parameters that a underlying - storage system uses when creating a volumegroup snapshot. A specific SnapshotGroupClass - is used by specifying its name in a VolumeGroupSnapshot object. SnapshotGroupClasses - are non-namespaced - properties: - apiVersion: - description: APIVersion defines the versioned schema of this representation - of an object. - type: string - deletionPolicy: - description: deletionPolicy determines whether a SnapshotGroupContent - created through the SnapshotGroupClass should be deleted when its - bound SnapshotGroup is deleted. Supported values are "Retain" and - "Delete". "Retain" means that the SnapshotGroupContent and its physical - snapshotGroup on underlying storage system are kept. "Delete" means that - the SnapshotGroupContent and its physical snapshotGroup on underlying - storage system are deleted. Required. - enum: - - Delete - - Retain - type: string - snapshotter: - description: snapshotter is the name of the storage driver that handles this - SnapshotGroupClass. Required. - type: string - kind: - description: Kind is a string value representing the REST resource - this object represents. - type: string - parameters: - additionalProperties: - type: string - description: parameters is a key-value map with storage driver specific - parameters for creating snapshotGroups. These values are opaque to Kubernetes. - type: object - required: - - deletionPolicy - - snapshotter - type: object - served: true - storage: true \ No newline at end of file diff --git a/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/crds/storage.hpe.com_snapshotgroupcontents.yaml b/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/crds/storage.hpe.com_snapshotgroupcontents.yaml deleted file mode 100644 index a7132c59e..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/crds/storage.hpe.com_snapshotgroupcontents.yaml +++ /dev/null @@ -1,104 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: snapshotgroupcontents.storage.hpe.com -spec: - conversion: - strategy: None - group: storage.hpe.com - names: - kind: SnapshotGroupContent - listKind: SnapshotGroupContentList - plural: snapshotgroupcontents - singular: snapshotgroupcontent - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: SnapshotGroupContent represents the actual "on-disk" snapshotGroup - object in the underlying storage system - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource - this object represents. Servers may infer this from the endpoint the - client submits requests to. Cannot be updated. In CamelCase. More - info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - spec: - description: spec defines properties of a SnapshotGroupContent created - by the underlying storage system. Required. - properties: - deletionPolicy: - description: deletionPolicy determines whether this SnapshotGroupContent - and its physical snapshotgroup on the underlying storage system should - be deleted when its bound SnapshotGroup is deleted. Supported - values are "Retain" and "Delete". "Retain" means that the SnapshotGroupContent - and its physical snapshotGroup on underlying storage system are kept. - "Delete" means that the SnapshotGroupContent and its physical - snapshotGroup on underlying storage system are deleted. - Required. - enum: - - Delete - - Retain - type: string - source: - description: source specifies from where a snapshotGroup will be created.Required. - properties: - snapshotGroupHandle: - description: snapshotGroupHandle specifies the snapshotGroup Id - of a pre-existing snapshotGroup on the underlying storage system. - This field is immutable. - type: string - type: object - snapshotGroupClassName: - description: name of the SnapshotGroupClass to which this snapshotGroup belongs. - type: string - snapshotGroupRef: - description: snapshotGroupRef specifies the SnapshotGroup object - to which this SnapshotGroupContent object is bound. SnapshotGroup.Spec.SnapshotGroupContentName - field must reference to this SnapshotGroupContent's name for - the bidirectional binding to be valid. - Required. - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - type: object - volumeSnapshotContentNames: - description: list of volumeSnapshotContentNames associated with this snapshotGroups - type: array - items: - type: string - required: - - deletionPolicy - - source - - snapshotGroupClassName - type: object - required: - - spec - type: object - served: true - storage: true \ No newline at end of file diff --git a/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/crds/storage.hpe.com_snapshotgroups.yaml b/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/crds/storage.hpe.com_snapshotgroups.yaml deleted file mode 100644 index 3372a7db7..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/crds/storage.hpe.com_snapshotgroups.yaml +++ /dev/null @@ -1,83 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: snapshotgroups.storage.hpe.com -spec: - conversion: - strategy: None - group: storage.hpe.com - names: - kind: SnapshotGroup - listKind: SnapshotGroupList - plural: snapshotgroups - singular: snapshotgroup - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - description: SnapshotGroup is a user's request for creating a snapshotgroup - properties: - apiVersion: - description: APIVersion defines the versioned schema of this representation - of an object. - type: string - kind: - description: 'Kind is a string value representing the REST resource - this object represents' - type: string - spec: - description: spec defines the desired characteristics of a snapshotGroup - requested by a user. - Required. - properties: - source: - description: source specifies where a snapshotGroup will be created. - This field is immutable after creation. Required. - properties: - kind: - description: kind of the source (VolumeGroup) is the only supported one. - type: string - apiGroup: - description: apiGroup of the source. Current supported is storage.hpe.com - type: string - name: - description: name specifies the volumeGroupName of the VolumeGroup object in the same namespace as the SnapshotGroup object where the snapshotGroup should be dynamically taken from. This field is immutable. - type: string - type: object - volumeSnapshotClassName: - description: name of the volumeSnapshotClass to create pre-provisioned snapshots - type: string - snapshotGroupClassName: - description: snapshotGroupClassName is the name of the SnapshotGroupClass requested by the SnapshotGroup. - type: string - snapshotGroupContentName: - description: snapshotGroupContentName is the name of the snapshotGroupContent the snapshotGroup is bound. - type: string - required: - - source - - volumeSnapshotClassName - - snapshotGroupClassName - type: object - status: - description: status represents the current information of a snapshotGroup. - properties: - creationTime: - description: creationTime is the timestamp when the point-in-time - snapshotGroup is taken by the underlying storage system. - format: date-time - type: string - phase: - description: the state of the snapshotgroup - enum: - - Pending - - Ready - - Failed - type: string - type: object - required: - - spec - type: object - served: true - storage: true \ No newline at end of file diff --git a/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/crds/storage.hpe.com_volumegroupclasses.yaml b/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/crds/storage.hpe.com_volumegroupclasses.yaml deleted file mode 100644 index e201ec94e..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/crds/storage.hpe.com_volumegroupclasses.yaml +++ /dev/null @@ -1,60 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: volumegroupclasses.storage.hpe.com -spec: - conversion: - strategy: None - group: storage.hpe.com - names: - kind: VolumeGroupClass - listKind: VolumeGroupClassList - plural: volumegroupclasses - singular: volumegroupclass - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: VolumeGroupClass specifies parameters that a underlying - storage system uses when creating a volumegroup. A specific VolumeGroupClass - is used by specifying its name in a VolumeGroup object. VolumeGroupClasses - are non-namespaced - properties: - apiVersion: - description: APIVersion defines the versioned schema of this representation - of an object. - type: string - deletionPolicy: - description: deletionPolicy determines whether a VolumeGroupContent - created through the VolumeGroupClass should be deleted when its - bound VolumeGroup is deleted. Supported values are "Retain" and - "Delete". "Retain" means that the VolumeGroupContent and its physical - volumeGroup on underlying storage system are kept. "Delete" means that - the VolumeGroupContent and its physical volumeGroup on underlying - storage system are deleted. Required. - enum: - - Delete - - Retain - type: string - provisioner: - description: provisioner is the name of the storage driver that handles this - VolumeGroupClass. Required. - type: string - kind: - description: Kind is a string value representing the REST resource - this object represents. - type: string - parameters: - additionalProperties: - type: string - description: parameters is a key-value map with storage driver specific - parameters for creating volumeGroups. These values are opaque to Kubernetes. - type: object - required: - - deletionPolicy - - provisioner - type: object - served: true - storage: true \ No newline at end of file diff --git a/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/crds/storage.hpe.com_volumegroupcontents.yaml b/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/crds/storage.hpe.com_volumegroupcontents.yaml deleted file mode 100644 index d944909eb..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/crds/storage.hpe.com_volumegroupcontents.yaml +++ /dev/null @@ -1,96 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: volumegroupcontents.storage.hpe.com -spec: - conversion: - strategy: None - group: storage.hpe.com - names: - kind: VolumeGroupContent - listKind: VolumeGroupContentList - plural: volumegroupcontents - singular: volumegroupcontent - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: VolumeGroupContent represents the actual "on-disk" volumeGroup - object in the underlying storage system - properties: - apiVersion: - description: APIVersion defines the versioned schema of this representation - of an object. - type: string - kind: - description: Kind is a string value representing the REST resource - this object represents. - type: string - spec: - description: spec defines properties of a VolumeGroupContent created - by the underlying storage system. Required. - properties: - deletionPolicy: - description: deletionPolicy determines whether this VolumeGroupContent - and its physical volumegroup on the underlying storage system should - be deleted when its bound VolumeGroup is deleted. Supported - values are "Retain" and "Delete". "Retain" means that the VolumeGroupContent - and its physical volumeGroup on underlying storage system are kept. - "Delete" means that the VolumeGroupContent and its physical - volumeGroup on underlying storage system are deleted. - Required. - enum: - - Delete - - Retain - type: string - source: - description: source specifies from where a volumeGroup will be created.Required. - properties: - volumeGroupHandle: - description: volumeGroupHandle specifies the volumeGroup Id - of a pre-existing volumeGroup on the underlying storage system. - This field is immutable. - type: string - type: object - volumeGroupClassName: - description: name of the VolumeGroupClass to which this volumeGroup belongs. - type: string - volumeGroupRef: - description: volumeGroupRef specifies the VolumeGroup object - to which this VolumeGroupContent object is bound. VolumeGroup.Spec.VolumeGroupContentName - field must reference to this VolumeGroupContent's name for - the bidirectional binding to be valid. - Required. - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - type: object - required: - - deletionPolicy - - source - - volumeGroupClassName - type: object - required: - - spec - type: object - served: true - storage: true \ No newline at end of file diff --git a/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/crds/storage.hpe.com_volumegroups.yaml b/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/crds/storage.hpe.com_volumegroups.yaml deleted file mode 100644 index 862b4398a..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/crds/storage.hpe.com_volumegroups.yaml +++ /dev/null @@ -1,69 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: volumegroups.storage.hpe.com -spec: - conversion: - strategy: None - group: storage.hpe.com - names: - kind: VolumeGroup - listKind: VolumeGroupList - plural: volumegroups - singular: volumegroup - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - description: VolumeGroup is a user's request for creating a volumegroup - properties: - apiVersion: - description: APIVersion defines the versioned schema of this representation - of an object. - type: string - kind: - description: 'Kind is a string value representing the REST resource - this object represents' - type: string - spec: - description: spec defines the desired characteristics of a volumeGroup - requested by a user. - Required. - properties: - volumeGroupClassName: - description: name of the volumeGroupClassName to create volumeGroups - type: string - persistentVolumeClaimNames: - description: persistentVolumeClaimNames are the name of the PVC associated with this volumeGroup. - type: array - items: - type: string - volumeGroupContentName: - description: volumeGroupContentName is the name of the volumeGroupContent to which the volumeGroup is bound. - type: string - required: - - volumeGroupClassName - type: object - status: - description: status represents the current information of a volumeGroup. - properties: - creationTime: - description: creationTime is the timestamp when the point-in-time - volumeGroup is taken by the underlying storage system. - format: date-time - type: string - phase: - description: the state of the volumegroup - enum: - - Pending - - Ready - - Failed - type: string - type: object - required: - - spec - type: object - served: true - storage: true \ No newline at end of file diff --git a/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/files/config.json b/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/files/config.json deleted file mode 100644 index d00650184..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/files/config.json +++ /dev/null @@ -1,128 +0,0 @@ -[ - { - "category": "iscsi", - "severity": "warning", - "description": "Manual startup of iSCSI nodes on boot. Can be set in /etc/iscsi/iscsid.conf", - "parameter": "startup", - "recommendation": "manual" - }, - { - "category": "iscsi", - "severity": "warning", - "description": "Replacement_timeout of 10 seconds is recommended for faster failover of I/O by multipath on path failures. Can be set in /etc/iscsi/iscsid.conf", - "parameter": "replacement_timeout", - "recommendation": "10" - }, - { - "category": "iscsi", - "severity": "warning", - "description": "Minimum login timeout of 15 seconds is recommended with iSCSI. Can be set in /etc/iscsi/iscsid.conf", - "parameter": "login_timeout", - "recommendation": "15" - }, - { - "category": "iscsi", - "severity": "warning", - "description": "Minimum timeout of 10 seconds is recommended with noop requests. Can be set in /etc/iscsi/iscsid.conf", - "parameter": "noop_out_timeout", - "recommendation": "10" - }, - { - "category": "iscsi", - "severity": "info", - "description": "Minimum cmds_max of 512 is recommended for each session if handling multiple LUN's. Can be set in /etc/iscsi/iscsid.conf", - "parameter": "cmds_max", - "recommendation": "512" - }, - { - "category": "iscsi", - "severity": "warning", - "description": "Minimum queue_depth of 256 is recommended for each iSCSI session/path. Can be set in /etc/iscsi/iscsid.conf", - "parameter": "queue_depth", - "recommendation": "256" - }, - { - "category": "iscsi", - "severity": "info", - "description": "Minimum number of sessions per iSCSI login is recommended to be 1 by default. If additional sessions are needed this can be set in /etc/iscsi/iscsid.conf. If NCM is running, please change min_session_per_array in /etc/ncm.conf and restart nlt service instead", - "parameter": "nr_sessions", - "recommendation": "1" - }, - { - "category": "multipath", - "severity": "critical", - "description": "product attribute recommended to be set to Server in /etc/multipath.conf", - "parameter": "product", - "recommendation": "\"Server\"" - }, - { - "category": "multipath", - "severity": "critical", - "description": "alua prioritizer is recommended. Can be set in /etc/multipath.conf", - "parameter": "prio", - "recommendation": "alua" - }, - { - "category": "multipath", - "severity": "critical", - "description": "scsi_dh_alua device handler is recommended. Can be set in /etc/multipath.conf", - "parameter": "hardware_handler", - "recommendation": "\"1 alua\"" - }, - { - "category": "multipath", - "severity": "warning", - "description": "immediate failback setting is recommended. Can be set in /etc/multipath.conf", - "parameter": "failback", - "recommendation": "immediate" - }, - { - "category": "multipath", - "severity": "critical", - "description": "immediately fail i/o on transient path failures to retry on other paths, value=1. Can be set in /etc/multipath.conf", - "parameter": "fast_io_fail_tmo", - "recommendation": "5" - }, - { - "category": "multipath", - "severity": "critical", - "description": "queueing is recommended for 150 seconds, with no_path_retry value of 30. Can be set in /etc/multipath.conf", - "parameter": "no_path_retry", - "recommendation": "30" - }, - { - "category": "multipath", - "severity": "warning", - "description": "service-time path selector is recommended. Can be set in /etc/multipath.conf", - "parameter": "path_selector", - "recommendation": "\"service-time 0\"" - }, - { - "category": "multipath", - "severity": "critical", - "description": "vendor attribute recommended to be set to Nimble in /etc/multipath.conf", - "parameter": "vendor", - "recommendation": "\"Nimble\"" - }, - { - "category": "multipath", - "severity": "critical", - "description": "group paths according to ALUA path priority of active/standby. Recommended to be set to group_by_prio in /etc/multipath.conf", - "parameter": "path_grouping_policy", - "recommendation": "group_by_prio" - }, - { - "category": "multipath", - "severity": "critical", - "description": "tur path checker is recommended. Can be set in /etc/multipath.conf", - "parameter": "path_checker", - "recommendation": "tur" - }, - { - "category": "multipath", - "severity": "critical", - "description": "infinite value is recommended for timeout in cases of device loss for FC. Can be set in /etc/multipath.conf", - "parameter": "dev_loss_tmo", - "recommendation": "infinity" - } -] \ No newline at end of file diff --git a/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/questions.yml b/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/questions.yml deleted file mode 100644 index d30af1a26..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/questions.yml +++ /dev/null @@ -1,83 +0,0 @@ -labels: - io.rancher.certified: partner -questions: -- variable: imagePullPolicy - label: "ImagePullPolicy" - default: "IfNotPresent" - type: enum - options: - - "IfNotPresent" - - "Always" - - "Never" - description: "ImagePullPolicy for all CSI driver images" - group: "HPE CSI Driver settings" -- variable: disableNodeConformance - label: "Disable automatic installation of iSCSI/Multipath Packages" - type: boolean - default: false - description: "Disable automatic installation of iSCSI/Multipath Packages" - group: "HPE CSI Driver settings" -- variable: iscsi.chapUser - label: "iSCSI CHAP Username" - type: string - required: false - description: "Specify username for iSCSI CHAP authentication" - group: "HPE iSCSI settings" -- variable: iscsi.chapPassword - label: "iSCSI CHAP Password" - type: password - min_length: 12 - max_length: 16 - required: false - description: "Specify password for iSCSI CHAP authentication" - group: "HPE iSCSI settings" -- variable: registry - label: "Registry" - type: string - default: "quay.io" - description: "Specify registry prefix (hostname[:port]) for CSI driver images" - group: "HPE CSI Driver settings" -- variable: disable.nimble - label: "Disable Nimble" - type: boolean - default: false - description: "Disable HPE Nimble Storage CSP Service" - group: "Disable Container Storage Providers" -- variable: disable.primera - label: "Disable Primera" - type: boolean - default: false - description: "Disable HPE Primera (and 3PAR) CSP Service" - group: "Disable Container Storage Providers" -- variable: disable.alletra6000 - label: "Disable Alletra 6000" - type: boolean - default: false - description: "Disable HPE Alletra 6000 CSP Service" - group: "Disable Container Storage Providers" -- variable: disable.alletra9000 - label: "Disable Alletra 9000" - type: boolean - default: false - description: "Disable HPE Alletra 9000 CSP Service" - group: "Disable Container Storage Providers" -- variable: disableNodeGetVolumeStats - label: "Disable NoteGetVolumeStats" - type: boolean - default: false - description: "Disable NodeGetVolumeStats call to CSI driver" - group: "HPE CSI Driver settings" -- variable: kubeletRootDir - label: "Set kubeletRootDir" - type: string - default: "/var/lib/kubelet" - description: "The kubelet root directory path" - group: "HPE CSI Driver settings" -- variable: cspClientTimeout - label: "Set cspClientTimeout" - type: int - default: 60 - min: 60 - max: 360 - description: "CSP client timeout for HPE Alletra 9000, Primera and 3PAR (60-360 sec)" - group: "HPE CSI Driver settings" diff --git a/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/templates/NOTES.txt b/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/templates/NOTES.txt deleted file mode 100644 index e69de29bb..000000000 diff --git a/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/templates/_helpers.tpl b/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/templates/_helpers.tpl deleted file mode 100644 index 165840d52..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "hpe-csi-storage.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "hpe-csi-storage.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "hpe-csi-storage.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/templates/csi-driver-crd.yaml b/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/templates/csi-driver-crd.yaml deleted file mode 100644 index 61275fffa..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/templates/csi-driver-crd.yaml +++ /dev/null @@ -1,24 +0,0 @@ - - - ---- - -################# CSI Driver ########### -{{- if and (eq .Capabilities.KubeVersion.Major "1") ( ge ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "18") }} -apiVersion: storage.k8s.io/v1 -{{- else if and (eq .Capabilities.KubeVersion.Major "1") ( ge ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "14") }} -apiVersion: storage.k8s.io/v1beta1 -{{- end }} - -{{- if and (eq .Capabilities.KubeVersion.Major "1") ( ge ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "14") }} -kind: CSIDriver -metadata: - name: csi.hpe.com -spec: - podInfoOnMount: true - {{- if and (eq .Capabilities.KubeVersion.Major "1") ( ge ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "16") }} - volumeLifecycleModes: - - Persistent - - Ephemeral - {{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/templates/hpe-csi-controller.yaml b/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/templates/hpe-csi-controller.yaml deleted file mode 100644 index 8126295d5..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/templates/hpe-csi-controller.yaml +++ /dev/null @@ -1,240 +0,0 @@ ---- - -############################################# -############ Controller driver ############ -############################################# - -kind: Deployment -apiVersion: apps/v1 -metadata: - name: hpe-csi-controller - namespace: {{ .Release.Namespace }} -spec: - replicas: 1 - selector: - matchLabels: - app: hpe-csi-controller - template: - metadata: - labels: - app: hpe-csi-controller - role: hpe-csi - spec: - serviceAccountName: hpe-csi-controller-sa - {{- if and (eq .Capabilities.KubeVersion.Major "1") ( ge ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "17") }} - priorityClassName: system-cluster-critical - {{- end }} - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - dnsConfig: - options: - - name: ndots - value: "1" - containers: - - name: csi-provisioner - {{- if and (.Values.registry) (eq .Values.registry "quay.io") }} - image: k8s.gcr.io/sig-storage/csi-provisioner:v1.5.0 - {{- else if .Values.registry }} - image: {{ .Values.registry }}/sig-storage/csi-provisioner:v1.5.0 - {{- else }} - image: k8s.gcr.io/sig-storage/csi-provisioner:v1.5.0 - {{- end }} - args: - - "--csi-address=$(ADDRESS)" - - "--v=5" - {{- if and (eq .Capabilities.KubeVersion.Major "1") ( ge ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "13") }} - - "--timeout=30s" - - "--worker-threads=16" - {{- end }} - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi.sock - imagePullPolicy: {{ .Values.imagePullPolicy | quote }} - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy - - name: csi-attacher - {{- if and (.Values.registry) (eq .Values.registry "quay.io") }} - image: k8s.gcr.io/sig-storage/csi-attacher:v2.2.0 - {{- else if .Values.registry }} - image: {{ .Values.registry }}/sig-storage/csi-attacher:v2.2.0 - {{- else }} - image: k8s.gcr.io/sig-storage/csi-attacher:v2.2.0 - {{- end }} - args: - - "--v=5" - - "--csi-address=$(ADDRESS)" - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi.sock - imagePullPolicy: {{ .Values.imagePullPolicy | quote }} - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy - - name: csi-snapshotter - {{- if and (eq .Capabilities.KubeVersion.Major "1") ( ge ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "20") }} - {{- if and (.Values.registry) (eq .Values.registry "quay.io") }} - image: k8s.gcr.io/sig-storage/csi-snapshotter:v4.0.0 - {{- else if .Values.registry }} - image: {{ .Values.registry }}/k8scsi/csi-snapshotter:v4.0.0 - {{- else }} - image: k8s.gcr.io/sig-storage/csi-snapshotter:v4.0.0 - {{- end }} - {{- else if and (eq .Capabilities.KubeVersion.Major "1") ( ge ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "17") }} - {{- if .Values.registry }} - image: {{ .Values.registry }}/k8scsi/csi-snapshotter:v3.0.3 - {{- else }} - image: quay.io/k8scsi/csi-snapshotter:v3.0.3 - {{- end }} - {{- end }} - args: - - "--v=5" - - "--csi-address=$(ADDRESS)" - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi.sock - imagePullPolicy: {{ .Values.imagePullPolicy | quote }} - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy/ - {{- if and (eq .Capabilities.KubeVersion.Major "1") ( ge ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "15") }} - - name: csi-resizer - {{- if and (.Values.registry) (eq .Values.registry "quay.io") }} - image: k8s.gcr.io/sig-storage/csi-resizer:v0.4.0 - {{- else if .Values.registry }} - image: {{ .Values.registry }}/sig-storage/csi-resizer:v0.4.0 - {{- else }} - image: k8s.gcr.io/sig-storage/csi-resizer:v0.4.0 - {{- end }} - args: - - "--csi-address=$(ADDRESS)" - - "--v=5" - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi.sock - imagePullPolicy: {{ .Values.imagePullPolicy | quote }} - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy - {{- end }} - - name: hpe-csi-driver - {{- if .Values.registry }} - image: {{ .Values.registry }}/hpestorage/csi-driver:v2.0.0 - {{- else }} - image: quay.io/hpestorage/csi-driver:v2.0.0 - {{- end }} - args : - - "--endpoint=$(CSI_ENDPOINT)" - - "--flavor=kubernetes" - - "--pod-monitor" - - "--pod-monitor-interval=30" - {{- if .Values.cspClientTimeout }} - - "--csp-client-timeout={{ .Values.cspClientTimeout }}s" - {{- end }} - env: - - name: CSI_ENDPOINT - value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock - - name: LOG_LEVEL - value: {{ .Values.logLevel }} - imagePullPolicy: {{ .Values.imagePullPolicy | quote }} - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy - - name: log-dir - mountPath: /var/log - - name: k8s - mountPath: /etc/kubernetes - - name: hpeconfig - mountPath: /etc/hpe-storage - - name: root-dir - mountPath: /host - - name: csi-volume-mutator - {{- if .Values.registry }} - image: {{ .Values.registry }}/hpestorage/volume-mutator:v1.2.0 - {{- else }} - image: quay.io/hpestorage/volume-mutator:v1.2.0 - {{- end }} - args: - - "--v=5" - - "--csi-address=$(ADDRESS)" - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi-extensions.sock - imagePullPolicy: {{ .Values.imagePullPolicy | quote }} - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy/ - - name: csi-volume-group-snapshotter - {{- if .Values.registry }} - image: {{ .Values.registry }}/hpestorage/volume-group-snapshotter:v1.0.0 - {{- else }} - image: quay.io/hpestorage/volume-group-snapshotter:v1.0.0 - {{- end }} - args: - - "--v=5" - - "--csi-address=$(ADDRESS)" - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi-extensions.sock - imagePullPolicy: {{ .Values.imagePullPolicy | quote }} - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy/ - - name: csi-volume-group-provisioner - {{- if .Values.registry }} - image: {{ .Values.registry }}/hpestorage/volume-group-provisioner:v1.0.0 - {{- else }} - image: quay.io/hpestorage/volume-group-provisioner:v1.0.0 - {{- end }} - args: - - "--v=5" - - "--csi-address=$(ADDRESS)" - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi-extensions.sock - imagePullPolicy: {{ .Values.imagePullPolicy | quote }} - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy/ - - name: csi-extensions - {{- if .Values.registry }} - image: {{ .Values.registry }}/hpestorage/csi-extensions:v1.2.0 - {{- else }} - image: quay.io/hpestorage/csi-extensions:v1.2.0 - {{- end }} - args: - - "--v=5" - - "--endpoint=$(CSI_ENDPOINT)" - env: - - name: CSI_ENDPOINT - value: unix:///var/lib/csi/sockets/pluginproxy/csi-extensions.sock - - name: LOG_LEVEL - value: {{ .Values.logLevel }} - imagePullPolicy: {{ .Values.imagePullPolicy | quote }} - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy/ - volumes: - - name: socket-dir - emptyDir: {} - - name: log-dir - hostPath: - path: /var/log - - name: k8s - hostPath: - path: /etc/kubernetes - - name: hpeconfig - hostPath: - path: /etc/hpe-storage - - name: root-dir - hostPath: - path: / - tolerations: - - effect: NoExecute - key: node.kubernetes.io/not-ready - operator: Exists - tolerationSeconds: 30 - - effect: NoExecute - key: node.kubernetes.io/unreachable - operator: Exists - tolerationSeconds: 30 diff --git a/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/templates/hpe-csi-node.yaml b/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/templates/hpe-csi-node.yaml deleted file mode 100644 index a721428d2..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/templates/hpe-csi-node.yaml +++ /dev/null @@ -1,204 +0,0 @@ ---- - -####################################### -############ Node driver ############ -####################################### - -kind: DaemonSet -apiVersion: apps/v1 -metadata: - name: hpe-csi-node - namespace: {{ .Release.Namespace }} -spec: - selector: - matchLabels: - app: hpe-csi-node - template: - metadata: - labels: - app: hpe-csi-node - role: hpe-csi - spec: - serviceAccountName: hpe-csi-node-sa - {{- if and (eq .Capabilities.KubeVersion.Major "1") ( ge ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "17") }} - priorityClassName: system-node-critical - {{- end }} - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - dnsConfig: - options: - - name: ndots - value: "1" - containers: - - name: csi-node-driver-registrar - {{- if and (.Values.registry) (eq .Values.registry "quay.io") }} - image: k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.0.1 - {{- else if .Values.registry }} - image: {{ .Values.registry }}/sig-storage/csi-node-driver-registrar:v2.0.1 - {{- else }} - image: k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.0.1 - {{- end}} - args: - - "--csi-address=$(ADDRESS)" - - "--kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)" - - "--v=5" - env: - - name: ADDRESS - value: /csi/csi.sock - - name: DRIVER_REG_SOCK_PATH - {{- if .Values.kubeletRootDir }} - value: {{ .Values.kubeletRootDir }}/plugins/csi.hpe.com/csi.sock - {{- else }} - value: /var/lib/kubelet/plugins/csi.hpe.com/csi.sock - {{- end }} - {{- if and (eq .Capabilities.KubeVersion.Major "1") ( eq ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "12") }} - - name: KUBE_NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - {{- end }} - imagePullPolicy: "Always" - volumeMounts: - - name: plugin-dir - mountPath: /csi - - name: registration-dir - mountPath: /registration - - name: hpe-csi-driver - {{- if .Values.registry }} - image: {{ .Values.registry }}/hpestorage/csi-driver:v2.0.0 - {{- else }} - image: quay.io/hpestorage/csi-driver:v2.0.0 - {{- end}} - args : - - "--endpoint=$(CSI_ENDPOINT)" - - "--node-service" - - "--flavor=kubernetes" - {{- if .Values.cspClientTimeout }} - - "--csp-client-timeout={{ .Values.cspClientTimeout }}s" - {{- end }} - env: - - name: CSI_ENDPOINT - value: unix:///csi/csi.sock - - name: LOG_LEVEL - value: {{ .Values.logLevel }} - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - {{ if and .Values.iscsi.chapUser .Values.iscsi.chapPassword }} - - name: CHAP_USER - value: {{ .Values.iscsi.chapUser }} - - name: CHAP_PASSWORD - value: {{ .Values.iscsi.chapPassword }} - {{- end }} - {{ if .Values.disableNodeConformance -}} - - name: DISABLE_NODE_CONFORMANCE - value: "true" - {{- end }} - {{- if .Values.kubeletRootDir }} - - name: KUBELET_ROOT_DIR - value: {{ .Values.kubeletRootDir }} - {{- end }} - {{ if .Values.disableNodeGetVolumeStats -}} - - name: DISABLE_NODE_GET_VOLUMESTATS - value: "true" - {{- end }} - imagePullPolicy: {{ .Values.imagePullPolicy | quote }} - securityContext: - privileged: true - capabilities: - add: ["SYS_ADMIN"] - allowPrivilegeEscalation: true - volumeMounts: - - name: plugin-dir - mountPath: /csi - - name: pods-mount-dir - {{- if .Values.kubeletRootDir }} - mountPath: {{ .Values.kubeletRootDir }} - {{- else }} - mountPath: /var/lib/kubelet - {{- end }} - # needed so that any mounts setup inside this container are - # propagated back to the host machine. - mountPropagation: "Bidirectional" - - name: root-dir - mountPath: /host - mountPropagation: "Bidirectional" - - name: device-dir - mountPath: /dev - - name: log-dir - mountPath: /var/log - - name: etc-hpe-storage-dir - mountPath: /etc/hpe-storage - - name: etc-kubernetes - mountPath: /etc/kubernetes - - name: sys - mountPath: /sys - - name: runsystemd - mountPath: /run/systemd - - name: etcsystemd - mountPath: /etc/systemd/system - - name: linux-config-file - mountPath: /opt/hpe-storage/nimbletune/config.json - subPath: config.json - volumes: - - name: registration-dir - hostPath: - {{ if .Values.kubeletRootDir }} - path: {{ .Values.kubeletRootDir }}/plugins_registry - {{- else }} - path: /var/lib/kubelet/plugins_registry - {{- end }} - type: Directory - - name: plugin-dir - hostPath: - {{ if .Values.kubeletRootDir }} - path: {{ .Values.kubeletRootDir }}/plugins/csi.hpe.com - {{- else }} - path: /var/lib/kubelet/plugins/csi.hpe.com - {{- end }} - type: DirectoryOrCreate - - name: pods-mount-dir - hostPath: - {{ if .Values.kubeletRootDir }} - path: {{ .Values.kubeletRootDir }} - {{- else }} - path: /var/lib/kubelet - {{- end }} - - name: root-dir - hostPath: - path: / - - name: device-dir - hostPath: - path: /dev - - name: log-dir - hostPath: - path: /var/log - - name: etc-hpe-storage-dir - hostPath: - path: /etc/hpe-storage - - name: etc-kubernetes - hostPath: - path: /etc/kubernetes - - name: runsystemd - hostPath: - path: /run/systemd - - name: etcsystemd - hostPath: - path: /etc/systemd/system - - name: sys - hostPath: - path: /sys - - name: linux-config-file - configMap: - name: hpe-linux-config - tolerations: - - effect: NoExecute - key: node.kubernetes.io/not-ready - operator: Exists - tolerationSeconds: 30 - - effect: NoExecute - key: node.kubernetes.io/unreachable - operator: Exists - tolerationSeconds: 30 diff --git a/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/templates/hpe-csi-rbac.yaml b/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/templates/hpe-csi-rbac.yaml deleted file mode 100644 index d6a3509f2..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/templates/hpe-csi-rbac.yaml +++ /dev/null @@ -1,566 +0,0 @@ ---- - -kind: ServiceAccount -apiVersion: v1 -metadata: - name: hpe-csi-controller-sa - namespace: {{ .Release.Namespace }} - ---- - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: hpe-csi-provisioner-role -rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list"] - - apiGroups: [""] - resources: ["namespaces"] - verbs: ["get", "list", "create"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list"] - - apiGroups: [""] - resources: ["serviceaccounts"] - verbs: ["get", "list", "create"] - - apiGroups: [""] - resources: ["configmaps"] - verbs: ["get", "create"] - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete", "update"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["create", "get", "list", "watch", "update", "delete"] - - apiGroups: [""] - resources: ["services"] - verbs: ["create", "get", "list", "watch", "update", "delete"] - - apiGroups: ["apps"] - resources: ["deployments"] - verbs: ["create", "get", "list", "watch", "update", "delete"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] -{{- if and (eq .Capabilities.KubeVersion.Major "1") ( ge ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "17") }} - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots"] - verbs: ["get", "list"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents"] - verbs: ["get", "list"] -{{- end }} - - apiGroups: [""] - resources: ["pods"] - verbs: ["get", "list", "delete"] - - apiGroups: ["storage.k8s.io"] - resources: ["volumeattachments"] - verbs: ["get", "list", "watch", "update", "patch", "delete"] - ---- - -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: hpe-csi-provisioner-binding -subjects: - - kind: ServiceAccount - name: hpe-csi-controller-sa - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: hpe-csi-provisioner-role - apiGroup: rbac.authorization.k8s.io - ---- - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: hpe-csi-attacher-role -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "update", "patch"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list", "watch"] - - apiGroups: ["storage.k8s.io"] - resources: ["volumeattachments"] - verbs: ["get", "list", "watch", "update", "patch"] - - apiGroups: ["storage.k8s.io"] - resources: ["volumeattachments/status"] - verbs: ["get", "list", "watch", "update", "create", "delete"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "watch", "list"] - {{- if and (eq .Capabilities.KubeVersion.Major "1") ( eq ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "12") }} - resources: ["csinodeinfos"] - verbs: ["get", "list", "watch"] - {{- else if and (eq .Capabilities.KubeVersion.Major "1") ( eq ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "13") }} - - apiGroups: ["csi.storage.k8s.io"] - resources: ["csinodeinfos"] - verbs: ["get", "list", "watch"] - {{ else }} - - apiGroups: ["storage.k8s.io"] - resources: ["csinodes"] - verbs: ["get", "list", "watch"] - {{- end }} - ---- - -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: hpe-csi-attacher-binding -subjects: - - kind: ServiceAccount - name: hpe-csi-controller-sa - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: hpe-csi-attacher-role - apiGroup: rbac.authorization.k8s.io - - -{{- if and (eq .Capabilities.KubeVersion.Major "1") ( ge ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "17") }} ---- - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: hpe-csi-snapshotter-role -rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list"] - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots"] - verbs: ["create", "update", "delete", "get", "list", "watch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots/status"] - verbs: ["update"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents"] - verbs: ["create", "update", "delete", "get", "list", "watch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents/status"] - verbs: ["create", "get", "list", "watch", "update", "delete"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch", "create", "delete", "update"] - ---- - -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: hpe-csi-snapshotter-binding -subjects: - - kind: ServiceAccount - name: hpe-csi-controller-sa - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: hpe-csi-snapshotter-role - apiGroup: rbac.authorization.k8s.io - -{{- end }} - -{{- if and (eq .Capabilities.KubeVersion.Major "1") ( ge ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "15") }} ---- -# Resizer must be able to work with PVCs, PVs, SCs. -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: external-resizer-role -rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "update", "patch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims/status"] - verbs: ["update", "patch"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] - ---- - -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-resizer-role -subjects: - - kind: ServiceAccount - name: hpe-csi-controller-sa - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: external-resizer-role - apiGroup: rbac.authorization.k8s.io - ---- - -# Resizer must be able to work with end point in current namespace -# if (and only if) leadership election is enabled -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - namespace: {{ .Release.Namespace }} - name: external-resizer-cfg -rules: - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "watch", "list", "delete", "update", "create"] - ---- - -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-resizer-role-cfg - namespace: {{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: hpe-csi-controller-sa - namespace: {{ .Release.Namespace }} -roleRef: - kind: Role - name: external-resizer-cfg - apiGroup: rbac.authorization.k8s.io - - ---- -# cluster role to support volumegroup -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: hpe-csi-volumegroup-role -rules: - - apiGroups: ["storage.hpe.com"] - resources: ["volumegroups"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - - apiGroups: ["storage.hpe.com"] - resources: ["volumegroupcontents"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - - apiGroups: ["storage.hpe.com"] - resources: ["volumegroupclasses"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - - apiGroups: ["storage.hpe.com"] - resources: ["volumegroups/status"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - - apiGroups: ["storage.hpe.com"] - resources: ["volumegroupcontents/status"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - - apiGroups: [""] - resources: ["namespaces"] - verbs: ["get", "list", "create"] - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["create", "get", "list", "watch", "update", "delete"] - - apiGroups: [""] - resources: ["persistentvolumeclaims/status"] - verbs: ["update", "patch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get"] - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["create", "list", "watch", "delete", "get", "update"] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "watch", "list", "delete", "update", "create"] - ---- - -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: hpe-csi-volumegroup-binding -subjects: - - kind: ServiceAccount - name: hpe-csi-controller-sa - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: hpe-csi-volumegroup-role - apiGroup: rbac.authorization.k8s.io - ---- -# cluster role to support snapshotgroup -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: hpe-csi-snapshotgroup-role -rules: - - apiGroups: ["storage.hpe.com"] - resources: ["snapshotgroups"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - - apiGroups: ["storage.hpe.com"] - resources: ["snapshotgroupcontents"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - - apiGroups: ["storage.hpe.com"] - resources: ["snapshotgroupclasses"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - - apiGroups: ["storage.hpe.com"] - resources: ["snapshotgroups/status"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - - apiGroups: ["storage.hpe.com"] - resources: ["snapshotgroupcontents/status"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - - apiGroups: [""] - resources: ["namespaces"] - verbs: ["get", "list", "create"] - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["create", "get", "list", "watch", "update", "delete"] - - apiGroups: [""] - resources: ["persistentvolumeclaims/status"] - verbs: ["update", "patch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get"] - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["create", "list", "watch", "delete", "get", "update"] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "watch", "list", "delete", "update", "create"] - - apiGroups: ["storage.hpe.com"] - resources: ["volumegroups"] - verbs: ["get", "list", "watch"] - - apiGroups: ["storage.hpe.com"] - resources: ["volumegroupcontents"] - verbs: ["get", "list", "watch"] - - apiGroups: ["storage.hpe.com"] - resources: ["volumegroupclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents"] - verbs: ["create", "get", "list", "watch", "update", "delete"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents/status"] - verbs: ["create", "get", "list", "watch", "update", "delete"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots"] - verbs: ["create", "get", "list", "watch", "update", "delete"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots/status"] - verbs: ["update"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotclasses"] - verbs: ["get", "list"] - ---- - -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: hpe-csi-snapshotgroup-binding -subjects: - - kind: ServiceAccount - name: hpe-csi-controller-sa - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: hpe-csi-snapshotgroup-role - apiGroup: rbac.authorization.k8s.io - ---- -# mutator must be able to work with PVCs, PVs, SCs. -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-mutator-role -rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "update", "patch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims/status"] - verbs: ["update", "patch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-mutator-binding -subjects: - - kind: ServiceAccount - name: hpe-csi-controller-sa - # replace with non-default namespace name - namespace: {{ .Release.Namespace }} - -roleRef: - kind: ClusterRole - name: csi-mutator-role - apiGroup: rbac.authorization.k8s.io - ---- -# mutator must be able to work with end point in current namespace -# if (and only if) leadership election is enabled -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - namespace: {{ .Release.Namespace }} - name: csi-mutator-cfg -rules: - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "watch", "list", "delete", "update", "create"] - ---- -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-mutator-role-cfg - namespace: {{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: hpe-csi-controller-sa - namespace: {{ .Release.Namespace }} - -roleRef: - kind: Role - name: csi-mutator-cfg - apiGroup: rbac.authorization.k8s.io -{{- end }} - ---- - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: hpe-csi-driver-role - namespace: {{ .Release.Namespace }} -rules: - - apiGroups: ["storage.hpe.com"] - resources: ["hpenodeinfos"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - - apiGroups: ["storage.hpe.com"] - resources: ["hpevolumeinfos"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - - apiGroups: ["storage.hpe.com"] - resources: ["hpereplicationdeviceinfos"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - - apiGroups: ["storage.hpe.com"] - resources: ["hpevolumegroupinfos"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - - apiGroups: ["storage.hpe.com"] - resources: ["hpesnapshotgroupinfos"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - - apiGroups: [""] - resources: ["pods"] - verbs: ["get", "list"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list"] - - apiGroups: [""] - resources: ["services"] - verbs: ["get"] - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list"] - - apiGroups: [""] - resources: ["namespaces"] - verbs: ["get", "list"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - ---- - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: hpe-csi-node-sa - namespace: {{ .Release.Namespace }} - ---- - -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: hpe-csi-driver-binding -subjects: - - kind: ServiceAccount - name: hpe-csi-controller-sa - namespace: {{ .Release.Namespace }} - - kind: ServiceAccount - name: hpe-csi-node-sa - namespace: {{ .Release.Namespace }} - - kind: ServiceAccount - name: hpe-csp-sa - namespace: {{ .Release.Namespace }} - -roleRef: - kind: ClusterRole - name: hpe-csi-driver-role - apiGroup: rbac.authorization.k8s.io - ---- - -kind: ServiceAccount -apiVersion: v1 -metadata: - name: hpe-csp-sa - namespace: {{ .Release.Namespace }} diff --git a/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/templates/hpe-linux-config.yaml b/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/templates/hpe-linux-config.yaml deleted file mode 100644 index 5e4c4944a..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/templates/hpe-linux-config.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -kind: ConfigMap -apiVersion: v1 -metadata: - name: hpe-linux-config - namespace: {{ .Release.Namespace }} -data: -{{ if and .Values.iscsi.chapUser .Values.iscsi.chapPassword }} - CHAP_USER: {{ .Values.iscsi.chapUser | quote }} - CHAP_PASSWORD: {{ .Values.iscsi.chapPassword | quote }} -{{- end }} - config.json: |- -{{ (.Files.Get "files/config.json") | indent 4 }} \ No newline at end of file diff --git a/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/templates/nimble-csp.yaml b/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/templates/nimble-csp.yaml deleted file mode 100644 index f3d90b368..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/templates/nimble-csp.yaml +++ /dev/null @@ -1,87 +0,0 @@ -{{- if not .Values.disable.alletra6000 }} - ---- -### Alletra 6000 CSP Service ### -kind: Service -apiVersion: v1 -metadata: - name: alletra6000-csp-svc - namespace: {{ .Release.Namespace }} - labels: - app: alletra6000-csp-svc -spec: - ports: - - port: 8080 - protocol: TCP - selector: - app: nimble-csp -{{- end }} - -{{- if not .Values.disable.nimble }} ---- -### Nimble CSP Service ### -kind: Service -apiVersion: v1 -metadata: - name: nimble-csp-svc - namespace: {{ .Release.Namespace }} - labels: - app: nimble-csp-svc -spec: - ports: - - port: 8080 - protocol: TCP - selector: - app: nimble-csp -{{- end }} - - -{{- if or (not .Values.disable.alletra6000) (not .Values.disable.nimble) }} ---- -### CSP deployment ### -kind: Deployment -apiVersion: apps/v1 -metadata: - name: nimble-csp - namespace: {{ .Release.Namespace }} -spec: - selector: - matchLabels: - app: nimble-csp - replicas: 1 - template: - metadata: - labels: - app: nimble-csp - spec: - serviceAccountName: hpe-csp-sa - {{- if and (eq .Capabilities.KubeVersion.Major "1") ( ge ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "17") }} - priorityClassName: system-cluster-critical - {{- end }} - containers: - - name: nimble-csp - {{- if .Values.registry }} - image: {{ .Values.registry }}/hpestorage/alletra-6000-and-nimble-csp:v2.0.0 - {{- else }} - image: quay.io/hpestorage/alletra-6000-and-nimble-csp:v2.0.0 - {{- end }} - imagePullPolicy: {{ .Values.imagePullPolicy | quote }} - ports: - - containerPort: 8080 - volumeMounts: - - name: log-dir - mountPath: /var/log - volumes: - - name: log-dir - hostPath: - path: /var/log - tolerations: - - effect: NoExecute - key: node.kubernetes.io/not-ready - operator: Exists - tolerationSeconds: 30 - - effect: NoExecute - key: node.kubernetes.io/unreachable - operator: Exists - tolerationSeconds: 30 -{{- end }} diff --git a/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/templates/primera-3par-csp.yaml b/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/templates/primera-3par-csp.yaml deleted file mode 100644 index 5e69342ee..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/templates/primera-3par-csp.yaml +++ /dev/null @@ -1,89 +0,0 @@ -{{- if not .Values.disable.alletra9000 }} ---- -### Alletra9000 CSP Service ### -kind: Service -apiVersion: v1 -metadata: - name: alletra9000-csp-svc - namespace: {{ .Release.Namespace }} - labels: - app: alletra9000-csp-svc -spec: - ports: - - port: 8080 - protocol: TCP - selector: - app: primera3par-csp - -{{- end }} - -{{- if not .Values.disable.primera }} ---- -### Primera3par CSP Service ### -kind: Service -apiVersion: v1 -metadata: - name: primera3par-csp-svc - namespace: {{ .Release.Namespace }} - labels: - app: primera3par-csp-svc -spec: - ports: - - port: 8080 - protocol: TCP - selector: - app: primera3par-csp -{{- end }} - -{{- if or (not .Values.disable.alletra9000) (not .Values.disable.primera) }} - ---- -### CSP deployment ### -kind: Deployment -apiVersion: apps/v1 -metadata: - name: primera3par-csp - labels: - app: primera3par-csp - namespace: {{ .Release.Namespace }} -spec: - selector: - matchLabels: - app: primera3par-csp - replicas: 1 - template: - metadata: - labels: - app: primera3par-csp - spec: - serviceAccountName: hpe-csp-sa - {{- if and (eq .Capabilities.KubeVersion.Major "1") ( ge ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "17") }} - priorityClassName: system-cluster-critical - {{- end }} - containers: - - name: primera3par-csp - {{- if .Values.registry }} - image: {{ .Values.registry }}/hpestorage/alletra-9000-primera-and-3par-csp:v2.0.0 - {{- else }} - image: quay.io/hpestorage/alletra-9000-primera-and-3par-csp:v2.0.0 - {{- end }} - imagePullPolicy: {{ .Values.imagePullPolicy | quote }} - ports: - - containerPort: 8080 - volumeMounts: - - name: log-dir - mountPath: /var/log - volumes: - - name: log-dir - hostPath: - path: /var/log - tolerations: - - effect: NoExecute - key: node.kubernetes.io/not-ready - operator: Exists - tolerationSeconds: 30 - - effect: NoExecute - key: node.kubernetes.io/unreachable - operator: Exists - tolerationSeconds: 30 -{{- end }} diff --git a/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/values.schema.json b/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/values.schema.json deleted file mode 100644 index c254fc83b..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/values.schema.json +++ /dev/null @@ -1,170 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema", - "$id": "http://example.com/example.json", - "title": "HPE CSI Driver for Kubernetes Helm Chart JSON Schema", - "type": "object", - "default": - { - "disable": { - "nimble": false, - "primera": false, - "alletra6000": false, - "alletra9000": false - }, - "disableNodeConformance": false, - "imagePullPolicy": "IfNotPresent", - "iscsi": { - "chapUser": "", - "chapPassword": "" - }, - "logLevel": "info", - "registry": "quay.io", - "kubeletRootDir": "/var/lib/kubelet/", - "disableNodeGetVolumeStats": false, - "cspClientTimeout": 60 - }, - "required": [ - "disable", - "disableNodeConformance", - "imagePullPolicy", - "iscsi", - "logLevel", - "registry", - "kubeletRootDir", - "disableNodeGetVolumeStats", - "cspClientTimeout" - ], - "properties": { - "disable": { - "$id": "#/properties/disable", - "title": "CSP Deployment and Service backend exclusion", - "description": "All backend Deployments and Services are installed by default.", - "type": "object", - "default": - { - "nimble": false, - "primera": false, - "alletra6000": false, - "alletra9000": false - }, - "required": [ - "nimble", - "primera", - "alletra6000", - "alletra9000" - ], - "properties": { - "nimble": { - "$id": "#/properties/disable/properties/nimble", - "title": "HPE Nimble Storage", - "type": "boolean", - "default": false - }, - "primera": { - "$id": "#/properties/disable/properties/primera", - "title": "HPE Primera", - "type": "boolean", - "default": false - }, - "alletra6000": { - "$id": "#/properties/disable/properties/alletra6000", - "title": "HPE Alletra 6000", - "type": "boolean", - "default": false - }, - "alletra9000": { - "$id": "#/properties/disable/properties/alletra9000", - "title": "HPE Alletra 9000", - "type": "boolean", - "default": false - } - }, - "additionalProperties": false - }, - "disableNodeConformance": { - "$id": "#/properties/disableNodeConformance", - "title": "Disable node conformance", - "description": "Disabling node conformance forces the cluster administrator to install required packages and ensure the correct node services are started to use external block storage.", - "type": "boolean", - "default": false - }, - "imagePullPolicy": { - "$id": "#/properties/imagePullPolicy", - "title": "CSI driver image pull policy", - "type": "string", - "default": "IfNotPresent", - "enum": [ "Always", "IfNotPresent", "Never" ] - }, - "iscsi": { - "$id": "#/properties/iscsi", - "title": "iSCSI CHAP credentials", - "type": "object", - "default": - { - "chapUser": "", - "chapPassword": "" - }, - "required": [ - "chapUser", - "chapPassword" - ], - "properties": { - "chapUser": { - "$id": "#/properties/iscsi/properties/chapUser", - "title": "CHAP username", - "type": "string", - "default": "" - }, - "chapPassword": { - "$id": "#/properties/iscsi/properties/chapPassword", - "title": "CHAP password", - "description": "Between 12 and 16 characters", - "type": "string", - "default": "", - "pattern": "^$|^[a-zA-Z0-9+_)(*^%$#@!]{12,16}$" - } - }, - "additionalProperties": false - }, - "logLevel": { - "$id": "#/properties/logLevel", - "title": "Set the log level of the HPE CSI Driver images", - "type": "string", - "default": "info", - "enum": [ "info", "debug", "trace", "warn", "error" ] - }, - "registry": { - "$id": "#/properties/registry", - "title": "Pull images from a different registry than default", - "description": "SIG Storage images needs to be mirrored from k8s.gcr.io to this registry if this parameter is changed.", - "type": "string", - "default": "quay.io" - }, - "kubeletRootDir": { - "$id": "#/properties/kubeletRootDir", - "title": "Kubelet root directory", - "description": "Only change this if the kubelet root dir has been altered by the Kubernetes platform installer.", - "type": "string", - "default": "/var/lib/kubelet", - "pattern": "^/" - }, - "disableNodeGetVolumeStats": { - "$id": "#/properties/disableNodeGetVolumeStats", - "title": "Disable the CSI nodeGetVolumeStats call", - "description": "In very large environments, disabling this feature may alleviate pressure on the CSP.", - "type": "boolean", - "default": false - }, - "cspClientTimeout": { - "$id": "#/properties/cspClientTimeout", - "title": "CSP client timeout", - "description": "Change the CSP client timeout for HPE Alletra 9000, Primera and 3PAR systems", - "type": "integer", - "default": 60, - "minimum": 60, - "maximum": 360 - }, - "global": {} - }, - "additionalProperties": false -} diff --git a/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/values.yaml b/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/values.yaml deleted file mode 100644 index b40dfce6a..000000000 --- a/charts/hpe-csi-driver/hpe-csi-driver/2.0.0/values.yaml +++ /dev/null @@ -1,36 +0,0 @@ -# Default values for hpe-csi-driver Helm chart -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -# Control CSP Service and Deployments for HPE storage products -disable: - nimble: false - primera: false - alletra6000: false - alletra9000: false - -# For controlling automatic iscsi/multipath package installation -disableNodeConformance: false - -# imagePullPolicy applied for all hpe-csi-driver images -imagePullPolicy: "IfNotPresent" - -# Cluster wide values for CHAP authentication -iscsi: - chapUser: "" - chapPassword: "" - -# Log level for all hpe-csi-driver components -logLevel: "info" - -# Registry prefix for hpe-csi-driver images -registry: "quay.io" - -# Kubelet root directory path -kubeletRootDir: "/var/lib/kubelet/" - -# NodeGetVolumestats will be called by default, set true to disable the call -disableNodeGetVolumeStats: false - -# CSP client timeout for HPE Alletra 9000, Primera and 3PAR (60-360 seconds) -cspClientTimeout: 60 diff --git a/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.0/Chart.yaml b/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.0/Chart.yaml deleted file mode 100644 index d38ebf855..000000000 --- a/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.0/Chart.yaml +++ /dev/null @@ -1,23 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: hpe-flexvolume-driver -apiVersion: v1 -appVersion: "3.1" -description: A Helm chart for installing the HPE Volume Driver for Kubernetes FlexVolume - plugin -home: https://hpe.com/storage/containers -icon: https://raw.githubusercontent.com/hpe-storage/co-deployments/master/docs/assets/hpedev.png -keywords: -- HPE -- Storage -- StorageClass -- CentOS -- Ubuntu -- CloudVolumes -maintainers: -- email: hpe-containers-dev@hpe.com - name: shivamerla -name: hpe-flexvolume-driver -sources: -- https://github.com/hpe-storage/flexvolume-driver -version: 3.1.0 diff --git a/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.0/README.md b/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.0/README.md deleted file mode 100644 index 6cf393897..000000000 --- a/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.0/README.md +++ /dev/null @@ -1,173 +0,0 @@ -# HPE Volume Driver for Kubernetes FlexVolume Plugin Helm chart -The [HPE Volume Driver for Kubernetes FlexVolume Plugin](https://github.com/hpe-storage/flexvolume-driver) leverages HPE storage platforms to provide scalable and persistent storage for stateful applications. This chart also deploys the [HPE Dynamic Provisioner for Kubernetes](https://github.com/hpe-storage/k8s-dynamic-provisioner). - -## Prerequisites - -- Upstream Kubernetes version 1.11 or later -- Other Kubernetes distributions supported -- Rancher 2.x -- OpenShift 3.10, 3.11 (4.x will not be supported, see [CSI Driver Helm chart](https://github.com/hpe-storage/co-deployments/tree/master/helm/charts/hpe-csi-driver)) -- More distributions will be listed as tests are ongoing -- Recent Ubuntu, CentOS or RHEL compute nodes connected to their respective official package repositories - -Depending on which `pluginType` is being used, other prerequisites and requirements may apply. - -### HPE Nimble Storage (nimble) - -- NimbleOS 5.0.8 or later -- NimbleOS 5.1.3 or later - -### HPE Cloud Volumes - -- Amazon EKS 1.12.x/1.13.x -- Microsoft AKS 1.12.x/1.13.x -- US Regions Only - -## Configuration & Installation -The following table lists the configurable parameters of the FlexVolume driver chart and their default values. - -| Parameter | Description | Default | -|---------------------------|----------------------------------------------------------------------------------------------------|------------ | -| backend | HPE storage platform API endpoint. | 192.168.1.1 | -| pluginType | Backend plugin type to use. Currently `nimble` and `cv` are supported. | nimble | -| username | Username for the backend. Access key for HPE Cloud Volumes. | admin | -| password | Password for the backend. Access secret for HPE Cloud Volumes. | admin | -| protocol | Data plane protocol (`fc`, `iscsi`). | iscsi | -| fsType | Type of file to format volumes with (ext4, ext3, xfs, btrfs). | xfs | -| logLevel | Log level. Can be one of `info`, `debug`, `trace`, `warn` and `error` | info | -| mountConflictDelay | Wait this long (in seconds) before forcefully taking over a volume from an isolated or crashed node. | 120 | -| flavor | Kubernetes distribution specific tweaks. Supported flavors include `k8s`, `ocp`, `eks`, `aks` and `rke`. | k8s | -| podsMountDir | This is the directory where the kubelet bind mounts the volume for pods. May differ between Kubernetes distributions. | /var/lib/kubelet/pods | -| storageClass.name | The name to assign the created StorageClass. | hpe-standard | -| storageClass.create | Enables creation of StorageClass to consume this hpe-flexvolume-driver instance. | true | -| storageClass.defaultClass | Whether to set the created StorageClass as the clusters default StorageClass. | false | -| nimble.config | HPE Nimble Storage volume config parameters. | - | -| cv.config | HPE Cloud Volumes volume config parameters. | - | - -It's recommended to create a `values.yaml` file and edit it to fit the environment the chart is being deployed to. - -Example `values.yaml` using a Nimble backend: - -``` ---- -backend: 192.168.1.1 -username: admin -password: admin -pluginType: nimble -fsType: xfs -storageClass: - defaultClass: true -``` - -This will connect the driver to a Nimble based backend with management IP address of `192.168.1.1` and format new volumes with a XFS filesystem. - -The `nimble.config` or `cv.config` stanza will be hosted in a `ConfigMap` and can be used to tweak default parmaters and also override `StorageClass` parameters. More information on these stanzas can be found in the [ADVANCED.md](https://github.com/hpe-storage/flexvolume-driver/blob/master/ADVANCED.md) documentation. - -Example `nimble.config` stanza: - -``` -nimble: - config: - limitIOPS: "-1" - limitMBPS: "-1" - perfPolicy: DockerDefault -``` - -Example `cv.config` stanza: - -``` -cv: - config: - snapPrefix: BaseFor - automatedConnection: true - existingCloudSubnet: 10.1.0.0/24 - region: us-east-1 - privateCloud: vpc-data - cloudComputeProvider: "Amazon AWS" - perfPolicy: Other - volumeType: PF - encryption: true - protectionTemplate: twicedaily:4 - destroyOnRm: true - limitIOPS: "1000" - initiators: - - '"eth0"' - privateCloudResourceGroup: "" -``` - -**Note:** Storage class parameters will override the settings in `defaults` and `global` section. - -### Platform notes -Certain distributions demand certain tweaks to the variables for the driver and dynamic provisioner to operate correctly. See each platform for details. - -#### Upstream Kubernetes -This is the default operating mode, no tweaks are needed. - -#### Red Hat OpenShift and OKD -Applicable to Red Hat OpenShift 3.10 and 3.11. 4.x is not supported*. - -| Key | Value | Description | -|------------|---------------------------|------------------------------------------------------------------------------------| -| podsMountDir | /var/lib/origin/openshift.local.volumes | This is the directory where the kubelet bind mounts the volume for pods. | - -* = If experimentation is desirable with OpenShift 4.x, set `flexVolumeExec` default path for ocp to `/etc/kubernetes/kubelet-plugins/volume/exec`. The driver will only work on RHEL 7.x nodes. - -#### Rancher -Applicable to installing the Helm Chart via the Rancher catalog system. - -| Key | Value | Description | -|------------|---------------------------|------------------------------------------------------------------------------------| -| flavor | rke | Required and prepopulated by default. | -| podsMountDir | /var/lib/kubelet/volumeplugins | This is the directory where the kubelet bind mounts the volume for pods. Required and prepopulated by default.| - -## Installing the Chart -To install the chart with the name `hpe-flexvolume`: - -``` -helm repo add hpe-storage https://hpe-storage.github.io/co-deployments/ -helm install hpe-storage/hpe-flexvolume-driver --namespace kube-system --name hpe-flexvolume -f values.yaml -``` - -**Note:** Omitting the `--name` flag will generate a human readable name. - -## Check status of the Chart -To check status of the `hpe-flexvolume` deployment: - -``` -helm status hpe-flexvolume -``` - -## Uninstalling the Chart -To uninstall/delete the `hpe-flexvolume` deployment: - -``` -helm delete hpe-flexvolume --purge -``` - -## Alternative install method -In some cases it's more practical provide the local configuration via the `helm` command directly. Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example: - -``` -helm install --name hpe-flexvolume hpe/hpe-flexvolume-driver \ ---set backend=X.X.X.X --set username=admin --set password=xxxxxxxxx \ ---set protocol=iscsi --set fsType=xfs -``` - -## Using the HPE Volume Driver for Kubernetes FlexVolume Plugin -To enable dynamic provisioning of `PersistentVolume` through the use of `PersistentVolumeClaim` API objects, a `StorageClass` needs to be declared on the cluster. Please see the [HPE Volume Driver for Kubernetes FlexVolume Plugin](https://github.com/hpe-storage/flexvolume-driver) repository for the official documentation for this Helm chart. Also, it's helpful to be familar with [persistent storage concepts](https://kubernetes.io/docs/concepts/storage/volumes/) in Kubernetes prior to deploying stateful workloads. - -## Support -The HPE Volume Driver for Kubernetes FlexVolume Plugin Helm chart is supported by the respective platform team. Currently supported platforms: - -- HPE Nimble Storage -- HPE Cloud Volumes - -Please file issues through the regular support channels for the particular platform. Feature requests or general questions to developers may be filed through the [GitHub issue tracker](https://github.com/hpe-storage/co-deployments) for this project. - -You may also join our Slack community to chat with HPE folks close to this project for inquiries not requring our immediate response. We hang out in `#NimbleStorage` and `#Kubernetes` at [slack.hpedev.io](https://slack.hpedev.io/). - -## Contributing -We value all feedback and contributions. If you find any issues or want to contribute, please feel free to open an issue or file a PR. More details in [CONTRIBUTING.md](https://github.com/hpe-storage/co-deployments/blob/master/CONTRIBUTING.md) - -## License -This is open source software licensed using the Apache License 2.0. Please see [LICENSE](https://github.com/hpe-storage/co-deployments/blob/master/LICENSE) for details. diff --git a/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.0/app-readme.md b/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.0/app-readme.md deleted file mode 100644 index 4d8e79cf5..000000000 --- a/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.0/app-readme.md +++ /dev/null @@ -1,3 +0,0 @@ -# HPE Volume Driver for Kubernetes FlexVolume Plugin - -The [HPE Volume Driver for Kubernetes FlexVolume plugin](https://github.com/hpe-storage/flexvolume-driver) leverages HPE storage platforms to provide scalable and persistent storage for stateful applications. This chart also deploys the [HPE Dynamic Provisioner for Kubernetes](https://github.com/hpe-storage/k8s-dynamic-provisioner). diff --git a/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.0/questions.yml b/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.0/questions.yml deleted file mode 100644 index 034718811..000000000 --- a/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.0/questions.yml +++ /dev/null @@ -1,172 +0,0 @@ -questions: -- variable: flavor - label: "Kubernetes flavor" - type: enum - default: "rke" - required: true - options: - - "rke" - - "eks" - - "ocp" - - "aks" - - "gke" - - "gkeop" - - "k8s" - description: "Tweak Helm chart behavior." - group: "Rancher specific settings" -- variable: pluginType - label: "HPE platform" - type: enum - options: - - "nimble" - - "cv" - - "simplivity" - default: "nimble" - description: "HPE platform type for the deployment." - group: "HPE backend settings" -- variable: backend - label: "IP address" - type: string - required: true - description: "Please specify HPE backend IP address." - group: "HPE backend settings" -- variable: username - label: "Username" - type: string - required: true - description: "Specify username with backend storage admin permissions." - group: "HPE backend settings" -- variable: password - label: "Password" - type: password - required: true - description: "Specify password for the backend user." - group: "HPE backend settings" -- variable: fsType - label: "Filesystem" - default: "xfs" - type: enum - options: - - "xfs" - - "ext4" - - "ext3" - - "btrfs" - description: "Select the filesystem for Persistent Volumes, defaults to xfs." - group: "HPE StorageClass and volume settings" -- variable: protocol - label: "HPE storage protocol" - type: enum - default: "iscsi" - options: - - "iscsi" - - "fc" - description: "Specify storage protocol for HPE backend connectivity." - group: "HPE StorageClass and volume settings" -- variable: storageClass.create - label: "Create a StorageClass" - type: boolean - default: true - required: true - description: "If specified as 'true', a StorageClass named 'hpe-standard' will be created with the HPE Volume Driver for Kubernetes FlexVolume Plugin as provisioner." - group: "HPE StorageClass and volume settings" -- variable: storageClass.defaultClass - label: "Mark StorageClass 'hpe-standard' as 'default'." - type: boolean - default: false - description: "If specified as 'true', the 'hpe-standard' StorageClass will be annotated as 'default'. This option is ignored if 'Create a StorageClass' is set to 'false'." - group: "HPE StorageClass and volume settings" -- variable: cv.config.existingCloudSubnet - show_if: "pluginType=cv" - label: "Cloud subnet" - type: string - default: "" - required: true - description: "Cloud subnet of the cluster for connection provisioning" - group: "Cloud instance settings" -- variable: cv.config.privateCloud - show_if: "pluginType=cv" - label: "Virtual private cloud" - type: string - required: true - description: "Virtual private cloud of the cluster" - group: "Cloud instance settings" -- variable: cv.config.region - show_if: "pluginType=cv" - label: "Public cloud region" - type: string - required: true - description: "Public cloud provider region in which cluster resides" - group: "Cloud instance settings" -- variable: cv.config.cloudComputeProvider - show_if: "pluginType=cv" - label: "Public cloud provider" - type: enum - default: "Amazon AWS" - options: - - "Amazon AWS" - - "Microsoft Azure" - description: "Public cloud provider name" - group: "Cloud instance settings" -- variable: cv.config.privateCloudResourceGroup - show_if: "cv.config.cloudComputeProvider=Microsoft Azure" - label: "Azure Resource Group" - type: string - required: true - description: "Azure resource group for the cluster" - group: "Cloud instance settings" -- variable: cv.config.volumeType - show_if: "pluginType=cv" - label: "Volume type" - type: enum - default: "PF" - options: - - "PF" - - "GPF" - description: "HPE Cloud Volume type" - group: "HPE Cloud Volumes settings" -- variable: cv.config.encryption - show_if: "pluginType=cv" - label: "Volume Encryption" - type: boolean - default: true - required: true - description: "Encryption for HPE Cloud Volume" - group: "HPE Cloud Volumes settings" -- variable: cv.config.protectionTemplate - show_if: "pluginType=cv" - label: "Protection template" - type: enum - default: "twicedaily:4" - options: - - "daily:3" - - "daily:7" - - "daily:14" - - "hourly:6" - - "hourly:12" - - "hourly:24" - - "twicedaily:4" - - "twicedaily:8" - - "twicedaily:14" - - "weekly:2" - - "weekly:4" - - "weekly:8" - - "monthly:3" - - "monthly:6" - - "monthly:12" - - "none" - description: "Protection Template" - group: "HPE Cloud Volumes settings" -- variable: cv.config.perfPolicy - show_if: "pluginType=cv" - label: "Performance policy" - type: enum - default: "Other" - options: - - "Other" - - "Exchange" - - "Oracle" - - "SharePoint" - - "SQL" - - "Windows File Server" - description: "Performance policy" - group: "HPE Cloud Volumes settings" diff --git a/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.0/templates/NOTES.txt b/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.0/templates/NOTES.txt deleted file mode 100644 index e69de29bb..000000000 diff --git a/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.0/templates/_helpers.tpl b/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.0/templates/_helpers.tpl deleted file mode 100644 index d0a095b72..000000000 --- a/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.0/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "hpe-flexvolume-driver.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "hpe-flexvolume-driver.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "hpe-flexvolume-driver.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.0/templates/hpe-config.yaml b/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.0/templates/hpe-config.yaml deleted file mode 100644 index c65a2a576..000000000 --- a/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.0/templates/hpe-config.yaml +++ /dev/null @@ -1,58 +0,0 @@ ---- -kind: ConfigMap -apiVersion: v1 -metadata: - name: hpe-config - namespace: {{ .Release.Namespace }} -data: - volume-driver.json: |- - {{- if eq .Values.pluginType "nimble"}} - { - "global": {}, - "defaults": { - "limitIOPS": {{ .Values.nimble.config.limitIOPS | quote }}, - "limitMBPS": {{ .Values.nimble.config.limitMBPS | quote }}, - "perfPolicy": {{ .Values.nimble.config.perfPolicy | quote }} - }, - "overrides": {} - } - {{- else if eq .Values.pluginType "cv"}} - { - "global": { - "snapPrefix": {{ .Values.cv.config.snapPrefix | quote }}, - "automatedConnection": {{ .Values.cv.config.automatedConnection }}, - "initiators": [{{- join "," .Values.cv.config.initiators }}], - "automatedConnection": {{ .Values.cv.config.automatedConnection }}, - "existingCloudSubnet": {{ .Values.cv.config.existingCloudSubnet | quote }}, - "region": {{ .Values.cv.config.region | quote }}, - "privateCloud": {{ .Values.cv.config.privateCloud | quote }}, - {{- if and .Values.cv.config.privateCloudResourceGroup (ne .Values.cv.config.privateCloudResourceGroup "") }} - "privateCloudResourceGroup": {{ .Values.cv.config.privateCloudResourceGroup | quote }}, - {{- end }} - "cloudComputeProvider": {{ .Values.cv.config.cloudComputeProvider | quote }} - }, - "defaults": { - "perfPolicy": {{ .Values.cv.config.perfPolicy | quote }}, - "limitIOPS": {{ .Values.cv.config.limitIOPS | quote }}, - "volumeType": {{ .Values.cv.config.volumeType | quote }}, - "encryption": {{ .Values.cv.config.encryption }}, - "protectionTemplate": {{ .Values.cv.config.protectionTemplate | quote }}, - "destroyOnRm": {{ .Values.cv.config.destroyOnRm }} - }, - "overrides": {} - } - {{- else }} - { - "global": {}, - "defaults": {}, - "overrides": {} - } - {{- end }} - - {{- if eq .Values.flavor "rke"}} - {{ .Values.pluginType }}.json: |- - { - "dockerVolumePluginSocketPath": "/host/etc/hpe-storage/{{ .Values.pluginType }}.sock" - } - {{- end }} - diff --git a/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.0/templates/hpe-doryd-rbac.yaml b/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.0/templates/hpe-doryd-rbac.yaml deleted file mode 100644 index 788ed97ac..000000000 --- a/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.0/templates/hpe-doryd-rbac.yaml +++ /dev/null @@ -1,40 +0,0 @@ ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: hpe-dynamic-provisioner-role - namespace: {{ .Release.Namespace }} -rules: - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete", "update"] - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: hpe-dynamic-provisioner-binding -subjects: - - kind: ServiceAccount - name: hpe-flexvolume-sa - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: hpe-dynamic-provisioner-role - apiGroup: rbac.authorization.k8s.io - ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: hpe-flexvolume-sa - namespace: {{ .Release.Namespace }} \ No newline at end of file diff --git a/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.0/templates/hpe-doryd.yaml b/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.0/templates/hpe-doryd.yaml deleted file mode 100644 index eff543acc..000000000 --- a/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.0/templates/hpe-doryd.yaml +++ /dev/null @@ -1,67 +0,0 @@ -#### HPE Dynamic Provisioner ### ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: hpe-dynamic-provisioner - namespace: {{ .Release.Namespace }} - labels: - app: hpe-dynamic-provisioner -spec: - selector: - matchLabels: - daemon: hpe-dynamic-provisioner-daemon - strategy: - type: RollingUpdate - template: - metadata: - labels: - daemon: hpe-dynamic-provisioner-daemon - name: hpe-dynamic-provisioner - spec: - restartPolicy: Always - serviceAccountName: hpe-flexvolume-sa - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - containers: - - - image: {{ .Values.dynamicProvisionerImage}}: {{- .Values.dynamicProvisionerTag}} - imagePullPolicy: Always - name: hpe-dynamic-provisioner - env: - - name: LOG_LEVEL - value: {{ .Values.logLevel }} - volumeMounts: - - name: k8s - mountPath: /etc/kubernetes - - name: flexvolumedriver - mountPath: /usr/libexec/kubernetes/kubelet-plugins/volume/exec - - name: varlog - mountPath: /var/log - {{- if eq .Values.flavor "rke"}} - - name: hpeconfig - mountPath: /host/etc/hpe-storage - {{- else }} - - name: hpeconfig - mountPath: /etc/hpe-storage - {{- end }} - securityContext: - privileged: true - volumes: - - name: k8s - hostPath: - path: /etc/kubernetes - - name: flexvolumedriver - hostPath: - {{- $flavor := .Values.flavor -}} - {{- range .Values.flexVolumeExec }} - {{- if eq .name $flavor }} - path: {{ .value }} - {{- end }} - {{- end }} - - name: hpeconfig - hostPath: - path: /etc/hpe-storage - - name: varlog - hostPath: - path: /var/log diff --git a/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.0/templates/hpe-flexvolume-plugin.yaml b/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.0/templates/hpe-flexvolume-plugin.yaml deleted file mode 100644 index af86aae33..000000000 --- a/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.0/templates/hpe-flexvolume-plugin.yaml +++ /dev/null @@ -1,216 +0,0 @@ - #### Flexvolume Driver ### ---- -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: hpe-flexvolume-driver - namespace: {{ .Release.Namespace }} - labels: - k8s-app: hpe-flexvolume-driver -spec: - selector: - matchLabels: - name: hpe-flexvolume-driver - template: - metadata: - labels: - name: hpe-flexvolume-driver - spec: - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - serviceAccountName: hpe-flexvolume-sa - containers: - - name: flexvolume - image: {{ .Values.flexVolumeDriverImage}}: {{- .Values.flexVolumeDriverTag}} - imagePullPolicy: "Always" - lifecycle: - preStop: - # create empty file to let plugin signal handler to perform cleanup of config/cert/dory files - exec: - command: [ "/bin/sh", "-c", "touch /etc/hpe-storage/remove" ] - {{- if eq .Values.flavor "rke"}} - postStart: - exec: - command: [ "/bin/bash", "-c", - "while [[ ! -d /var/lib/kubelet/volumeplugins/hpe.com~{{ .Values.pluginType }} ]] || [[ ! -f /etc/hpe-storage/{{ .Values.pluginType }}.json ]]; do sleep 1; done; cp -a /etc/hpe-storage/{{ .Values.pluginType }}.json /var/lib/kubelet/volumeplugins/hpe.com~{{ .Values.pluginType }}/{{ .Values.pluginType }}.json" ] - {{- end }} - env: - - name: LOG_LEVEL - value: {{ .Values.logLevel }} - - name: FLAVOR - value: {{ .Values.flavor }} - - name: PROVIDER_IP - valueFrom: - secretKeyRef: - name: hpe-secret - key: backend - - name: PROVIDER_USERNAME - valueFrom: - secretKeyRef: - name: hpe-secret - key: username - - name: PROVIDER_PASSWORD - valueFrom: - secretKeyRef: - name: hpe-secret - key: password - - name: PROTOCOL - valueFrom: - secretKeyRef: - name: hpe-secret - key: protocol - {{- if eq .Values.pluginType "cv"}} - - name: PROVIDER_PORT - valueFrom: - secretKeyRef: - name: hpe-secret - key: servicePort - - name: PROVIDER_SERVICE - valueFrom: - secretKeyRef: - name: hpe-secret - key: serviceName - {{- end }} - - name: SCOPE - value: global - - name: PLUGIN_TYPE - value: {{ .Values.pluginType }} - volumeMounts: - - name: pluginmountdir - mountPath: /var/lib/kubelet - mountPropagation: Bidirectional - - name: bindmountdir - mountPath: {{ .Values.podsMountDir }} - mountPropagation: Bidirectional - - name: legacymounts - mountPath: /opt/nimble - mountPropagation: Bidirectional - - name: dev - mountPath: /dev - - name: libmodules - mountPath: /lib/modules - - name: var-log - mountPath: /var/log - - name: var-lib-iscsi - mountPath: /var/lib/iscsi - - name: exec - mountPath: /usr/libexec/kubernetes/kubelet-plugins/volume/exec - - name: runlock - mountPath: /run/lock - - name: etc-iscsi - mountPath: /etc/iscsi - - name: etc-multipath - mountPath: /etc/multipath - {{- if ne .Values.flavor "rke"}} - - name: etc-multipath-conf - mountPath: /etc/multipath.conf - {{- end }} - - name: etc-redhat-release - mountPath: /etc/redhat-release - - name: etc-os-release - mountPath: /etc/os-release - - name: etc-hpe-storage-dir - mountPath: /etc/hpe-storage - {{- if eq .Values.flavor "rke"}} - - name: etc-hpe-storage-dir - mountPath: /host/etc/hpe-storage - {{- end }} - - name: sys - mountPath: /sys - - name: iscsiadm - mountPath: /sbin/iscsiadm - - name: config-file - mountPath: /etc/hpe-storage/volume-driver.json - subPath: volume-driver.json - {{- if eq .Values.flavor "rke"}} - - name: config-file - mountPath: /etc/hpe-storage/{{ .Values.pluginType }}.json - subPath: {{ .Values.pluginType }}.json - {{- end }} - - name: runsystemd - mountPath: /run/systemd - - name: libsystemd - mountPath: /lib/systemd/system - - name: usrlocal - mountPath: /usr_local - securityContext: - privileged: true - capabilities: - add: ["SYS_ADMIN"] - allowPrivilegeEscalation: true - volumes: - - name: pluginmountdir - hostPath: - path: /var/lib/kubelet - - name: bindmountdir - hostPath: - path: {{ .Values.podsMountDir }} - # required to handle legacy mounts from NLT based plugin. Remove this for CoreOS - - name: legacymounts - hostPath: - path: /opt/nimble/ - - name: dev - hostPath: - path: /dev - - name: libmodules - hostPath: - path: /lib/modules - - name: var-log - hostPath: - path: /var/log - - name: var-lib-iscsi - hostPath: - path: /var/lib/iscsi/ - - name: exec - hostPath: - {{- $flavor := .Values.flavor -}} - {{- range .Values.flexVolumeExec }} - {{- if eq .name $flavor }} - path: {{ .value }} - {{- end }} - {{- end }} - - name: runlock - hostPath: - path: /run/lock - - name: etc-iscsi - hostPath: - path: /etc/iscsi/ - - name: etc-multipath - hostPath: - path: /etc/multipath/ - {{- if ne .Values.flavor "rke"}} - - name: etc-multipath-conf - hostPath: - path: /etc/multipath.conf - type: FileOrCreate - {{- end }} - - name: etc-redhat-release - hostPath: - path: /etc/redhat-release - type: FileOrCreate - - name: etc-os-release - hostPath: - path: /etc/os-release - type: FileOrCreate - - name: etc-hpe-storage-dir - hostPath: - path: /etc/hpe-storage/ - - name: sys - hostPath: - path: /sys - - name: iscsiadm - hostPath: - path: /sbin/iscsiadm - type: FileOrCreate - - name: config-file - configMap: - name: hpe-config - - name: runsystemd - hostPath: - path: /run/systemd - - name: libsystemd - hostPath: - path: /lib/systemd/system - - name: usrlocal - hostPath: - path: /usr diff --git a/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.0/templates/hpe-secret.yaml b/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.0/templates/hpe-secret.yaml deleted file mode 100644 index 7aaee67e9..000000000 --- a/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.0/templates/hpe-secret.yaml +++ /dev/null @@ -1,18 +0,0 @@ ---- -apiVersion: v1 -kind: Secret -metadata: - name: hpe-secret - namespace: {{ .Release.Namespace }} -stringData: - username: {{ .Values.username }} - password: {{ .Values.password }} - {{- if eq .Values.pluginType "cv"}} - backend: {{ .Values.backend }} - servicePort: {{ .Values.servicePort | quote }} - serviceName: {{ .Values.serviceName }} - protocol: "iscsi" - {{- else }} - backend: {{ .Values.backend }} - protocol: {{ .Values.protocol }} - {{- end }} diff --git a/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.0/templates/hpecv-cp.yaml b/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.0/templates/hpecv-cp.yaml deleted file mode 100644 index fd28355ee..000000000 --- a/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.0/templates/hpecv-cp.yaml +++ /dev/null @@ -1,66 +0,0 @@ -{{- if eq .Values.pluginType "cv"}} -# Configuration to deploy the HPE Nimble Storage Container Provider service -# -# example usage: kubectl create -f - ---- - -####################################### -############ CP Service ############ -####################################### -kind: Service -apiVersion: v1 -metadata: - name: {{ .Values.serviceName }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.serviceName }} -spec: - ports: - - port: {{ .Values.servicePort }} - protocol: TCP - selector: - app: cv-cp - ---- - -########################################## -############ CP Deployment ############ -########################################## -kind: Deployment -apiVersion: apps/v1 -metadata: - name: cv-cp - namespace: {{ .Release.Namespace }} -spec: - selector: - matchLabels: - app: cv-cp - replicas: 1 - template: - metadata: - labels: - app: cv-cp - spec: - serviceAccountName: hpe-flexvolume-sa - containers: - - name: cv-cp - image: {{ .Values.containerProviderImage}}: {{- .Values.containerProviderTag}} - imagePullPolicy: Always - env: - - name: CLOUDVOLUMES_PORTAL_SERVER - value: {{ .Values.backend }} - - name: CLOUDVOLUMES_PORT - value: {{ .Values.servicePort | quote }} - - name: LOG_LEVEL - value: {{ .Values.logLevel }} - ports: - - containerPort: {{ .Values.servicePort }} - volumeMounts: - - name: log-dir - mountPath: /var/log - volumes: - - name: log-dir - hostPath: - path: /var/log -{{- end }} diff --git a/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.0/templates/post-install.yaml b/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.0/templates/post-install.yaml deleted file mode 100644 index 60dfa8559..000000000 --- a/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.0/templates/post-install.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: batch/v1 -kind: Job -metadata: - name: "{{.Release.Name}}" - labels: - app.kubernetes.io/managed-by: {{.Release.Service | quote}} - app.kubernetes.io/instance: {{.Release.Name | quote}} - app.kubernetes.io/version: {{.Chart.AppVersion | quote}} - helm.sh/chart: "{{.Chart.Name}}-{{.Chart.Version}}" - annotations: - "helm.sh/hook": post-install - "helm.sh/hook-weight": "-5" - "helm.sh/hook-delete-policy": hook-succeeded -spec: - template: - metadata: - name: "{{.Release.Name}}" - labels: - app.kubernetes.io/managed-by: {{.Release.Service | quote }} - app.kubernetes.io/instance: {{.Release.Name | quote }} - helm.sh/chart: "{{.Chart.Name}}-{{.Chart.Version}}" - spec: - restartPolicy: Never - containers: - - name: post-install-job - image: "alpine:3.3" - command: ["/bin/sleep","{{default "10" .Values.serviceWaitTime}}"] - diff --git a/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.0/templates/sc.yaml b/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.0/templates/sc.yaml deleted file mode 100644 index 3dc98eb48..000000000 --- a/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.0/templates/sc.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{ if .Values.storageClass.create -}} ---- -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - name: {{ .Values.storageClass.name }} - labels: - plugin: {{ .Release.Name }} - {{- if .Values.storageClass.defaultClass }} - annotations: - storageclass.kubernetes.io/is-default-class: "true" - {{- end }} -provisioner: hpe.com/{{ .Values.pluginType }} -parameters: - description: {{ .Values.volumeDescription }} -{{- end }} diff --git a/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.0/values.yaml b/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.0/values.yaml deleted file mode 100644 index 77d2762c2..000000000 --- a/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.0/values.yaml +++ /dev/null @@ -1,97 +0,0 @@ -# Default values for hpe-flexvolume-driver -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -#doryd image -dynamicProvisionerTag: v3.1.0 -dynamicProvisionerImage: store/hpestorage/k8s-dynamic-provisioner - -#flexvolume plugin image -flexVolumeDriverTag: v3.1.0 -flexVolumeDriverImage: store/hpestorage/flexvolume-driver - -#container-provider image -containerProviderTag: v3.1.0 -containerProviderImage: store/hpestorage/cv-cp - -#parameters -backend: 192.168.1.1 -username: admin -password: admin -protocol: iscsi -servicePort: "8080" -serviceName: cv-cp-svc - -#storage class parameters -fsType: xfs -volumeDescription: "Volume created by HPE Volume Driver for Kubernetes FlexVolume Plugin" - -#service parameters -# wait seconds for doryd/flexvolume node plugins to start -serviceWaitTime: "10" - -#flavor -flavor: k8s - -#platform for which plugin is being deployed.i.e nimble or cv -pluginType: nimble - -#bindMountPath where kubelet bindmounts volume to pod namespace -podsMountDir: /var/lib/kubelet/pods - -#volumePluginDir volume plugin directory where kubelet watches for flexvolume plugin -flexVolumeExec: - - name: eks - value: /usr/libexec/kubernetes/kubelet-plugins/volume/exec - - name: k8s - value: /usr/libexec/kubernetes/kubelet-plugins/volume/exec - - name: ocp - value: /etc/kubernetes/kubelet-plugins/volume/exec - - name: gkeop - value: /usr/libexec/kubernetes/kubelet-plugins/volume/exec - - name: gke - value: /home/kubernetes/flexvolume - - name: aks - value: /etc/kubernetes/volumeplugins - - name: rke - value: /var/lib/kubelet/volumeplugins - -#log level for flexvolume driver and dynamic provisioner -logLevel: info - -## For creating the StorageClass automatically: -storageClass: - create: true - - ## Set StorageClass as the default StorageClass - ## Ignored if storageClass.create is false - defaultClass: false - - ## Set a StorageClass name - ## Ignored if storageClass.create is false - name: hpe-standard - -nimble: - config: - limitIOPS: "-1" - limitMBPS: "-1" - perfPolicy: DockerDefault - -cv: - config: - snapPrefix: BaseFor - automatedConnection: true - existingCloudSubnet: 10.1.0.0/24 - region: us-east-1 - privateCloud: vpc-data - cloudComputeProvider: "Amazon AWS" - perfPolicy: Other - volumeType: PF - encryption: true - protectionTemplate: twicedaily:4 - destroyOnRm: true - limitIOPS: "1000" - # In case of multiple initiators, add one per line and escape double quotes as below - initiators: - - '"eth0"' - privateCloudResourceGroup: "" diff --git a/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/Chart.yaml b/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/Chart.yaml deleted file mode 100755 index 3a61ef6be..000000000 --- a/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/Chart.yaml +++ /dev/null @@ -1,23 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: hpe-flexvolume-driver -apiVersion: v1 -appVersion: "3.1" -description: A Helm chart for installing the HPE Volume Driver for Kubernetes FlexVolume - plugin -home: https://hpe.com/storage/containers -icon: https://raw.githubusercontent.com/hpe-storage/co-deployments/master/docs/assets/hpedev.png -keywords: -- HPE -- Storage -- StorageClass -- CentOS -- Ubuntu -- CloudVolumes -maintainers: -- email: hpe-containers-dev@hpe.com - name: shivamerla -name: hpe-flexvolume-driver -sources: -- https://github.com/hpe-storage/flexvolume-driver -version: 3.1.000 diff --git a/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/README.md b/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/README.md deleted file mode 100755 index 6cf393897..000000000 --- a/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/README.md +++ /dev/null @@ -1,173 +0,0 @@ -# HPE Volume Driver for Kubernetes FlexVolume Plugin Helm chart -The [HPE Volume Driver for Kubernetes FlexVolume Plugin](https://github.com/hpe-storage/flexvolume-driver) leverages HPE storage platforms to provide scalable and persistent storage for stateful applications. This chart also deploys the [HPE Dynamic Provisioner for Kubernetes](https://github.com/hpe-storage/k8s-dynamic-provisioner). - -## Prerequisites - -- Upstream Kubernetes version 1.11 or later -- Other Kubernetes distributions supported -- Rancher 2.x -- OpenShift 3.10, 3.11 (4.x will not be supported, see [CSI Driver Helm chart](https://github.com/hpe-storage/co-deployments/tree/master/helm/charts/hpe-csi-driver)) -- More distributions will be listed as tests are ongoing -- Recent Ubuntu, CentOS or RHEL compute nodes connected to their respective official package repositories - -Depending on which `pluginType` is being used, other prerequisites and requirements may apply. - -### HPE Nimble Storage (nimble) - -- NimbleOS 5.0.8 or later -- NimbleOS 5.1.3 or later - -### HPE Cloud Volumes - -- Amazon EKS 1.12.x/1.13.x -- Microsoft AKS 1.12.x/1.13.x -- US Regions Only - -## Configuration & Installation -The following table lists the configurable parameters of the FlexVolume driver chart and their default values. - -| Parameter | Description | Default | -|---------------------------|----------------------------------------------------------------------------------------------------|------------ | -| backend | HPE storage platform API endpoint. | 192.168.1.1 | -| pluginType | Backend plugin type to use. Currently `nimble` and `cv` are supported. | nimble | -| username | Username for the backend. Access key for HPE Cloud Volumes. | admin | -| password | Password for the backend. Access secret for HPE Cloud Volumes. | admin | -| protocol | Data plane protocol (`fc`, `iscsi`). | iscsi | -| fsType | Type of file to format volumes with (ext4, ext3, xfs, btrfs). | xfs | -| logLevel | Log level. Can be one of `info`, `debug`, `trace`, `warn` and `error` | info | -| mountConflictDelay | Wait this long (in seconds) before forcefully taking over a volume from an isolated or crashed node. | 120 | -| flavor | Kubernetes distribution specific tweaks. Supported flavors include `k8s`, `ocp`, `eks`, `aks` and `rke`. | k8s | -| podsMountDir | This is the directory where the kubelet bind mounts the volume for pods. May differ between Kubernetes distributions. | /var/lib/kubelet/pods | -| storageClass.name | The name to assign the created StorageClass. | hpe-standard | -| storageClass.create | Enables creation of StorageClass to consume this hpe-flexvolume-driver instance. | true | -| storageClass.defaultClass | Whether to set the created StorageClass as the clusters default StorageClass. | false | -| nimble.config | HPE Nimble Storage volume config parameters. | - | -| cv.config | HPE Cloud Volumes volume config parameters. | - | - -It's recommended to create a `values.yaml` file and edit it to fit the environment the chart is being deployed to. - -Example `values.yaml` using a Nimble backend: - -``` ---- -backend: 192.168.1.1 -username: admin -password: admin -pluginType: nimble -fsType: xfs -storageClass: - defaultClass: true -``` - -This will connect the driver to a Nimble based backend with management IP address of `192.168.1.1` and format new volumes with a XFS filesystem. - -The `nimble.config` or `cv.config` stanza will be hosted in a `ConfigMap` and can be used to tweak default parmaters and also override `StorageClass` parameters. More information on these stanzas can be found in the [ADVANCED.md](https://github.com/hpe-storage/flexvolume-driver/blob/master/ADVANCED.md) documentation. - -Example `nimble.config` stanza: - -``` -nimble: - config: - limitIOPS: "-1" - limitMBPS: "-1" - perfPolicy: DockerDefault -``` - -Example `cv.config` stanza: - -``` -cv: - config: - snapPrefix: BaseFor - automatedConnection: true - existingCloudSubnet: 10.1.0.0/24 - region: us-east-1 - privateCloud: vpc-data - cloudComputeProvider: "Amazon AWS" - perfPolicy: Other - volumeType: PF - encryption: true - protectionTemplate: twicedaily:4 - destroyOnRm: true - limitIOPS: "1000" - initiators: - - '"eth0"' - privateCloudResourceGroup: "" -``` - -**Note:** Storage class parameters will override the settings in `defaults` and `global` section. - -### Platform notes -Certain distributions demand certain tweaks to the variables for the driver and dynamic provisioner to operate correctly. See each platform for details. - -#### Upstream Kubernetes -This is the default operating mode, no tweaks are needed. - -#### Red Hat OpenShift and OKD -Applicable to Red Hat OpenShift 3.10 and 3.11. 4.x is not supported*. - -| Key | Value | Description | -|------------|---------------------------|------------------------------------------------------------------------------------| -| podsMountDir | /var/lib/origin/openshift.local.volumes | This is the directory where the kubelet bind mounts the volume for pods. | - -* = If experimentation is desirable with OpenShift 4.x, set `flexVolumeExec` default path for ocp to `/etc/kubernetes/kubelet-plugins/volume/exec`. The driver will only work on RHEL 7.x nodes. - -#### Rancher -Applicable to installing the Helm Chart via the Rancher catalog system. - -| Key | Value | Description | -|------------|---------------------------|------------------------------------------------------------------------------------| -| flavor | rke | Required and prepopulated by default. | -| podsMountDir | /var/lib/kubelet/volumeplugins | This is the directory where the kubelet bind mounts the volume for pods. Required and prepopulated by default.| - -## Installing the Chart -To install the chart with the name `hpe-flexvolume`: - -``` -helm repo add hpe-storage https://hpe-storage.github.io/co-deployments/ -helm install hpe-storage/hpe-flexvolume-driver --namespace kube-system --name hpe-flexvolume -f values.yaml -``` - -**Note:** Omitting the `--name` flag will generate a human readable name. - -## Check status of the Chart -To check status of the `hpe-flexvolume` deployment: - -``` -helm status hpe-flexvolume -``` - -## Uninstalling the Chart -To uninstall/delete the `hpe-flexvolume` deployment: - -``` -helm delete hpe-flexvolume --purge -``` - -## Alternative install method -In some cases it's more practical provide the local configuration via the `helm` command directly. Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example: - -``` -helm install --name hpe-flexvolume hpe/hpe-flexvolume-driver \ ---set backend=X.X.X.X --set username=admin --set password=xxxxxxxxx \ ---set protocol=iscsi --set fsType=xfs -``` - -## Using the HPE Volume Driver for Kubernetes FlexVolume Plugin -To enable dynamic provisioning of `PersistentVolume` through the use of `PersistentVolumeClaim` API objects, a `StorageClass` needs to be declared on the cluster. Please see the [HPE Volume Driver for Kubernetes FlexVolume Plugin](https://github.com/hpe-storage/flexvolume-driver) repository for the official documentation for this Helm chart. Also, it's helpful to be familar with [persistent storage concepts](https://kubernetes.io/docs/concepts/storage/volumes/) in Kubernetes prior to deploying stateful workloads. - -## Support -The HPE Volume Driver for Kubernetes FlexVolume Plugin Helm chart is supported by the respective platform team. Currently supported platforms: - -- HPE Nimble Storage -- HPE Cloud Volumes - -Please file issues through the regular support channels for the particular platform. Feature requests or general questions to developers may be filed through the [GitHub issue tracker](https://github.com/hpe-storage/co-deployments) for this project. - -You may also join our Slack community to chat with HPE folks close to this project for inquiries not requring our immediate response. We hang out in `#NimbleStorage` and `#Kubernetes` at [slack.hpedev.io](https://slack.hpedev.io/). - -## Contributing -We value all feedback and contributions. If you find any issues or want to contribute, please feel free to open an issue or file a PR. More details in [CONTRIBUTING.md](https://github.com/hpe-storage/co-deployments/blob/master/CONTRIBUTING.md) - -## License -This is open source software licensed using the Apache License 2.0. Please see [LICENSE](https://github.com/hpe-storage/co-deployments/blob/master/LICENSE) for details. diff --git a/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/app-readme.md b/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/app-readme.md deleted file mode 100755 index 4d8e79cf5..000000000 --- a/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/app-readme.md +++ /dev/null @@ -1,3 +0,0 @@ -# HPE Volume Driver for Kubernetes FlexVolume Plugin - -The [HPE Volume Driver for Kubernetes FlexVolume plugin](https://github.com/hpe-storage/flexvolume-driver) leverages HPE storage platforms to provide scalable and persistent storage for stateful applications. This chart also deploys the [HPE Dynamic Provisioner for Kubernetes](https://github.com/hpe-storage/k8s-dynamic-provisioner). diff --git a/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/questions.yml b/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/questions.yml deleted file mode 100755 index 034718811..000000000 --- a/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/questions.yml +++ /dev/null @@ -1,172 +0,0 @@ -questions: -- variable: flavor - label: "Kubernetes flavor" - type: enum - default: "rke" - required: true - options: - - "rke" - - "eks" - - "ocp" - - "aks" - - "gke" - - "gkeop" - - "k8s" - description: "Tweak Helm chart behavior." - group: "Rancher specific settings" -- variable: pluginType - label: "HPE platform" - type: enum - options: - - "nimble" - - "cv" - - "simplivity" - default: "nimble" - description: "HPE platform type for the deployment." - group: "HPE backend settings" -- variable: backend - label: "IP address" - type: string - required: true - description: "Please specify HPE backend IP address." - group: "HPE backend settings" -- variable: username - label: "Username" - type: string - required: true - description: "Specify username with backend storage admin permissions." - group: "HPE backend settings" -- variable: password - label: "Password" - type: password - required: true - description: "Specify password for the backend user." - group: "HPE backend settings" -- variable: fsType - label: "Filesystem" - default: "xfs" - type: enum - options: - - "xfs" - - "ext4" - - "ext3" - - "btrfs" - description: "Select the filesystem for Persistent Volumes, defaults to xfs." - group: "HPE StorageClass and volume settings" -- variable: protocol - label: "HPE storage protocol" - type: enum - default: "iscsi" - options: - - "iscsi" - - "fc" - description: "Specify storage protocol for HPE backend connectivity." - group: "HPE StorageClass and volume settings" -- variable: storageClass.create - label: "Create a StorageClass" - type: boolean - default: true - required: true - description: "If specified as 'true', a StorageClass named 'hpe-standard' will be created with the HPE Volume Driver for Kubernetes FlexVolume Plugin as provisioner." - group: "HPE StorageClass and volume settings" -- variable: storageClass.defaultClass - label: "Mark StorageClass 'hpe-standard' as 'default'." - type: boolean - default: false - description: "If specified as 'true', the 'hpe-standard' StorageClass will be annotated as 'default'. This option is ignored if 'Create a StorageClass' is set to 'false'." - group: "HPE StorageClass and volume settings" -- variable: cv.config.existingCloudSubnet - show_if: "pluginType=cv" - label: "Cloud subnet" - type: string - default: "" - required: true - description: "Cloud subnet of the cluster for connection provisioning" - group: "Cloud instance settings" -- variable: cv.config.privateCloud - show_if: "pluginType=cv" - label: "Virtual private cloud" - type: string - required: true - description: "Virtual private cloud of the cluster" - group: "Cloud instance settings" -- variable: cv.config.region - show_if: "pluginType=cv" - label: "Public cloud region" - type: string - required: true - description: "Public cloud provider region in which cluster resides" - group: "Cloud instance settings" -- variable: cv.config.cloudComputeProvider - show_if: "pluginType=cv" - label: "Public cloud provider" - type: enum - default: "Amazon AWS" - options: - - "Amazon AWS" - - "Microsoft Azure" - description: "Public cloud provider name" - group: "Cloud instance settings" -- variable: cv.config.privateCloudResourceGroup - show_if: "cv.config.cloudComputeProvider=Microsoft Azure" - label: "Azure Resource Group" - type: string - required: true - description: "Azure resource group for the cluster" - group: "Cloud instance settings" -- variable: cv.config.volumeType - show_if: "pluginType=cv" - label: "Volume type" - type: enum - default: "PF" - options: - - "PF" - - "GPF" - description: "HPE Cloud Volume type" - group: "HPE Cloud Volumes settings" -- variable: cv.config.encryption - show_if: "pluginType=cv" - label: "Volume Encryption" - type: boolean - default: true - required: true - description: "Encryption for HPE Cloud Volume" - group: "HPE Cloud Volumes settings" -- variable: cv.config.protectionTemplate - show_if: "pluginType=cv" - label: "Protection template" - type: enum - default: "twicedaily:4" - options: - - "daily:3" - - "daily:7" - - "daily:14" - - "hourly:6" - - "hourly:12" - - "hourly:24" - - "twicedaily:4" - - "twicedaily:8" - - "twicedaily:14" - - "weekly:2" - - "weekly:4" - - "weekly:8" - - "monthly:3" - - "monthly:6" - - "monthly:12" - - "none" - description: "Protection Template" - group: "HPE Cloud Volumes settings" -- variable: cv.config.perfPolicy - show_if: "pluginType=cv" - label: "Performance policy" - type: enum - default: "Other" - options: - - "Other" - - "Exchange" - - "Oracle" - - "SharePoint" - - "SQL" - - "Windows File Server" - description: "Performance policy" - group: "HPE Cloud Volumes settings" diff --git a/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/templates/NOTES.txt b/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/templates/NOTES.txt deleted file mode 100755 index e69de29bb..000000000 diff --git a/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/templates/_helpers.tpl b/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/templates/_helpers.tpl deleted file mode 100755 index d0a095b72..000000000 --- a/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "hpe-flexvolume-driver.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "hpe-flexvolume-driver.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "hpe-flexvolume-driver.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/templates/hpe-config.yaml b/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/templates/hpe-config.yaml deleted file mode 100755 index c65a2a576..000000000 --- a/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/templates/hpe-config.yaml +++ /dev/null @@ -1,58 +0,0 @@ ---- -kind: ConfigMap -apiVersion: v1 -metadata: - name: hpe-config - namespace: {{ .Release.Namespace }} -data: - volume-driver.json: |- - {{- if eq .Values.pluginType "nimble"}} - { - "global": {}, - "defaults": { - "limitIOPS": {{ .Values.nimble.config.limitIOPS | quote }}, - "limitMBPS": {{ .Values.nimble.config.limitMBPS | quote }}, - "perfPolicy": {{ .Values.nimble.config.perfPolicy | quote }} - }, - "overrides": {} - } - {{- else if eq .Values.pluginType "cv"}} - { - "global": { - "snapPrefix": {{ .Values.cv.config.snapPrefix | quote }}, - "automatedConnection": {{ .Values.cv.config.automatedConnection }}, - "initiators": [{{- join "," .Values.cv.config.initiators }}], - "automatedConnection": {{ .Values.cv.config.automatedConnection }}, - "existingCloudSubnet": {{ .Values.cv.config.existingCloudSubnet | quote }}, - "region": {{ .Values.cv.config.region | quote }}, - "privateCloud": {{ .Values.cv.config.privateCloud | quote }}, - {{- if and .Values.cv.config.privateCloudResourceGroup (ne .Values.cv.config.privateCloudResourceGroup "") }} - "privateCloudResourceGroup": {{ .Values.cv.config.privateCloudResourceGroup | quote }}, - {{- end }} - "cloudComputeProvider": {{ .Values.cv.config.cloudComputeProvider | quote }} - }, - "defaults": { - "perfPolicy": {{ .Values.cv.config.perfPolicy | quote }}, - "limitIOPS": {{ .Values.cv.config.limitIOPS | quote }}, - "volumeType": {{ .Values.cv.config.volumeType | quote }}, - "encryption": {{ .Values.cv.config.encryption }}, - "protectionTemplate": {{ .Values.cv.config.protectionTemplate | quote }}, - "destroyOnRm": {{ .Values.cv.config.destroyOnRm }} - }, - "overrides": {} - } - {{- else }} - { - "global": {}, - "defaults": {}, - "overrides": {} - } - {{- end }} - - {{- if eq .Values.flavor "rke"}} - {{ .Values.pluginType }}.json: |- - { - "dockerVolumePluginSocketPath": "/host/etc/hpe-storage/{{ .Values.pluginType }}.sock" - } - {{- end }} - diff --git a/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/templates/hpe-doryd-rbac.yaml b/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/templates/hpe-doryd-rbac.yaml deleted file mode 100755 index 788ed97ac..000000000 --- a/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/templates/hpe-doryd-rbac.yaml +++ /dev/null @@ -1,40 +0,0 @@ ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: hpe-dynamic-provisioner-role - namespace: {{ .Release.Namespace }} -rules: - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete", "update"] - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: hpe-dynamic-provisioner-binding -subjects: - - kind: ServiceAccount - name: hpe-flexvolume-sa - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: hpe-dynamic-provisioner-role - apiGroup: rbac.authorization.k8s.io - ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: hpe-flexvolume-sa - namespace: {{ .Release.Namespace }} \ No newline at end of file diff --git a/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/templates/hpe-doryd.yaml b/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/templates/hpe-doryd.yaml deleted file mode 100755 index eff543acc..000000000 --- a/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/templates/hpe-doryd.yaml +++ /dev/null @@ -1,67 +0,0 @@ -#### HPE Dynamic Provisioner ### ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: hpe-dynamic-provisioner - namespace: {{ .Release.Namespace }} - labels: - app: hpe-dynamic-provisioner -spec: - selector: - matchLabels: - daemon: hpe-dynamic-provisioner-daemon - strategy: - type: RollingUpdate - template: - metadata: - labels: - daemon: hpe-dynamic-provisioner-daemon - name: hpe-dynamic-provisioner - spec: - restartPolicy: Always - serviceAccountName: hpe-flexvolume-sa - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - containers: - - - image: {{ .Values.dynamicProvisionerImage}}: {{- .Values.dynamicProvisionerTag}} - imagePullPolicy: Always - name: hpe-dynamic-provisioner - env: - - name: LOG_LEVEL - value: {{ .Values.logLevel }} - volumeMounts: - - name: k8s - mountPath: /etc/kubernetes - - name: flexvolumedriver - mountPath: /usr/libexec/kubernetes/kubelet-plugins/volume/exec - - name: varlog - mountPath: /var/log - {{- if eq .Values.flavor "rke"}} - - name: hpeconfig - mountPath: /host/etc/hpe-storage - {{- else }} - - name: hpeconfig - mountPath: /etc/hpe-storage - {{- end }} - securityContext: - privileged: true - volumes: - - name: k8s - hostPath: - path: /etc/kubernetes - - name: flexvolumedriver - hostPath: - {{- $flavor := .Values.flavor -}} - {{- range .Values.flexVolumeExec }} - {{- if eq .name $flavor }} - path: {{ .value }} - {{- end }} - {{- end }} - - name: hpeconfig - hostPath: - path: /etc/hpe-storage - - name: varlog - hostPath: - path: /var/log diff --git a/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/templates/hpe-flexvolume-plugin.yaml b/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/templates/hpe-flexvolume-plugin.yaml deleted file mode 100755 index af86aae33..000000000 --- a/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/templates/hpe-flexvolume-plugin.yaml +++ /dev/null @@ -1,216 +0,0 @@ - #### Flexvolume Driver ### ---- -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: hpe-flexvolume-driver - namespace: {{ .Release.Namespace }} - labels: - k8s-app: hpe-flexvolume-driver -spec: - selector: - matchLabels: - name: hpe-flexvolume-driver - template: - metadata: - labels: - name: hpe-flexvolume-driver - spec: - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - serviceAccountName: hpe-flexvolume-sa - containers: - - name: flexvolume - image: {{ .Values.flexVolumeDriverImage}}: {{- .Values.flexVolumeDriverTag}} - imagePullPolicy: "Always" - lifecycle: - preStop: - # create empty file to let plugin signal handler to perform cleanup of config/cert/dory files - exec: - command: [ "/bin/sh", "-c", "touch /etc/hpe-storage/remove" ] - {{- if eq .Values.flavor "rke"}} - postStart: - exec: - command: [ "/bin/bash", "-c", - "while [[ ! -d /var/lib/kubelet/volumeplugins/hpe.com~{{ .Values.pluginType }} ]] || [[ ! -f /etc/hpe-storage/{{ .Values.pluginType }}.json ]]; do sleep 1; done; cp -a /etc/hpe-storage/{{ .Values.pluginType }}.json /var/lib/kubelet/volumeplugins/hpe.com~{{ .Values.pluginType }}/{{ .Values.pluginType }}.json" ] - {{- end }} - env: - - name: LOG_LEVEL - value: {{ .Values.logLevel }} - - name: FLAVOR - value: {{ .Values.flavor }} - - name: PROVIDER_IP - valueFrom: - secretKeyRef: - name: hpe-secret - key: backend - - name: PROVIDER_USERNAME - valueFrom: - secretKeyRef: - name: hpe-secret - key: username - - name: PROVIDER_PASSWORD - valueFrom: - secretKeyRef: - name: hpe-secret - key: password - - name: PROTOCOL - valueFrom: - secretKeyRef: - name: hpe-secret - key: protocol - {{- if eq .Values.pluginType "cv"}} - - name: PROVIDER_PORT - valueFrom: - secretKeyRef: - name: hpe-secret - key: servicePort - - name: PROVIDER_SERVICE - valueFrom: - secretKeyRef: - name: hpe-secret - key: serviceName - {{- end }} - - name: SCOPE - value: global - - name: PLUGIN_TYPE - value: {{ .Values.pluginType }} - volumeMounts: - - name: pluginmountdir - mountPath: /var/lib/kubelet - mountPropagation: Bidirectional - - name: bindmountdir - mountPath: {{ .Values.podsMountDir }} - mountPropagation: Bidirectional - - name: legacymounts - mountPath: /opt/nimble - mountPropagation: Bidirectional - - name: dev - mountPath: /dev - - name: libmodules - mountPath: /lib/modules - - name: var-log - mountPath: /var/log - - name: var-lib-iscsi - mountPath: /var/lib/iscsi - - name: exec - mountPath: /usr/libexec/kubernetes/kubelet-plugins/volume/exec - - name: runlock - mountPath: /run/lock - - name: etc-iscsi - mountPath: /etc/iscsi - - name: etc-multipath - mountPath: /etc/multipath - {{- if ne .Values.flavor "rke"}} - - name: etc-multipath-conf - mountPath: /etc/multipath.conf - {{- end }} - - name: etc-redhat-release - mountPath: /etc/redhat-release - - name: etc-os-release - mountPath: /etc/os-release - - name: etc-hpe-storage-dir - mountPath: /etc/hpe-storage - {{- if eq .Values.flavor "rke"}} - - name: etc-hpe-storage-dir - mountPath: /host/etc/hpe-storage - {{- end }} - - name: sys - mountPath: /sys - - name: iscsiadm - mountPath: /sbin/iscsiadm - - name: config-file - mountPath: /etc/hpe-storage/volume-driver.json - subPath: volume-driver.json - {{- if eq .Values.flavor "rke"}} - - name: config-file - mountPath: /etc/hpe-storage/{{ .Values.pluginType }}.json - subPath: {{ .Values.pluginType }}.json - {{- end }} - - name: runsystemd - mountPath: /run/systemd - - name: libsystemd - mountPath: /lib/systemd/system - - name: usrlocal - mountPath: /usr_local - securityContext: - privileged: true - capabilities: - add: ["SYS_ADMIN"] - allowPrivilegeEscalation: true - volumes: - - name: pluginmountdir - hostPath: - path: /var/lib/kubelet - - name: bindmountdir - hostPath: - path: {{ .Values.podsMountDir }} - # required to handle legacy mounts from NLT based plugin. Remove this for CoreOS - - name: legacymounts - hostPath: - path: /opt/nimble/ - - name: dev - hostPath: - path: /dev - - name: libmodules - hostPath: - path: /lib/modules - - name: var-log - hostPath: - path: /var/log - - name: var-lib-iscsi - hostPath: - path: /var/lib/iscsi/ - - name: exec - hostPath: - {{- $flavor := .Values.flavor -}} - {{- range .Values.flexVolumeExec }} - {{- if eq .name $flavor }} - path: {{ .value }} - {{- end }} - {{- end }} - - name: runlock - hostPath: - path: /run/lock - - name: etc-iscsi - hostPath: - path: /etc/iscsi/ - - name: etc-multipath - hostPath: - path: /etc/multipath/ - {{- if ne .Values.flavor "rke"}} - - name: etc-multipath-conf - hostPath: - path: /etc/multipath.conf - type: FileOrCreate - {{- end }} - - name: etc-redhat-release - hostPath: - path: /etc/redhat-release - type: FileOrCreate - - name: etc-os-release - hostPath: - path: /etc/os-release - type: FileOrCreate - - name: etc-hpe-storage-dir - hostPath: - path: /etc/hpe-storage/ - - name: sys - hostPath: - path: /sys - - name: iscsiadm - hostPath: - path: /sbin/iscsiadm - type: FileOrCreate - - name: config-file - configMap: - name: hpe-config - - name: runsystemd - hostPath: - path: /run/systemd - - name: libsystemd - hostPath: - path: /lib/systemd/system - - name: usrlocal - hostPath: - path: /usr diff --git a/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/templates/hpe-secret.yaml b/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/templates/hpe-secret.yaml deleted file mode 100755 index 7aaee67e9..000000000 --- a/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/templates/hpe-secret.yaml +++ /dev/null @@ -1,18 +0,0 @@ ---- -apiVersion: v1 -kind: Secret -metadata: - name: hpe-secret - namespace: {{ .Release.Namespace }} -stringData: - username: {{ .Values.username }} - password: {{ .Values.password }} - {{- if eq .Values.pluginType "cv"}} - backend: {{ .Values.backend }} - servicePort: {{ .Values.servicePort | quote }} - serviceName: {{ .Values.serviceName }} - protocol: "iscsi" - {{- else }} - backend: {{ .Values.backend }} - protocol: {{ .Values.protocol }} - {{- end }} diff --git a/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/templates/hpecv-cp.yaml b/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/templates/hpecv-cp.yaml deleted file mode 100755 index fd28355ee..000000000 --- a/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/templates/hpecv-cp.yaml +++ /dev/null @@ -1,66 +0,0 @@ -{{- if eq .Values.pluginType "cv"}} -# Configuration to deploy the HPE Nimble Storage Container Provider service -# -# example usage: kubectl create -f - ---- - -####################################### -############ CP Service ############ -####################################### -kind: Service -apiVersion: v1 -metadata: - name: {{ .Values.serviceName }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Values.serviceName }} -spec: - ports: - - port: {{ .Values.servicePort }} - protocol: TCP - selector: - app: cv-cp - ---- - -########################################## -############ CP Deployment ############ -########################################## -kind: Deployment -apiVersion: apps/v1 -metadata: - name: cv-cp - namespace: {{ .Release.Namespace }} -spec: - selector: - matchLabels: - app: cv-cp - replicas: 1 - template: - metadata: - labels: - app: cv-cp - spec: - serviceAccountName: hpe-flexvolume-sa - containers: - - name: cv-cp - image: {{ .Values.containerProviderImage}}: {{- .Values.containerProviderTag}} - imagePullPolicy: Always - env: - - name: CLOUDVOLUMES_PORTAL_SERVER - value: {{ .Values.backend }} - - name: CLOUDVOLUMES_PORT - value: {{ .Values.servicePort | quote }} - - name: LOG_LEVEL - value: {{ .Values.logLevel }} - ports: - - containerPort: {{ .Values.servicePort }} - volumeMounts: - - name: log-dir - mountPath: /var/log - volumes: - - name: log-dir - hostPath: - path: /var/log -{{- end }} diff --git a/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/templates/post-install.yaml b/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/templates/post-install.yaml deleted file mode 100755 index 60dfa8559..000000000 --- a/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/templates/post-install.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: batch/v1 -kind: Job -metadata: - name: "{{.Release.Name}}" - labels: - app.kubernetes.io/managed-by: {{.Release.Service | quote}} - app.kubernetes.io/instance: {{.Release.Name | quote}} - app.kubernetes.io/version: {{.Chart.AppVersion | quote}} - helm.sh/chart: "{{.Chart.Name}}-{{.Chart.Version}}" - annotations: - "helm.sh/hook": post-install - "helm.sh/hook-weight": "-5" - "helm.sh/hook-delete-policy": hook-succeeded -spec: - template: - metadata: - name: "{{.Release.Name}}" - labels: - app.kubernetes.io/managed-by: {{.Release.Service | quote }} - app.kubernetes.io/instance: {{.Release.Name | quote }} - helm.sh/chart: "{{.Chart.Name}}-{{.Chart.Version}}" - spec: - restartPolicy: Never - containers: - - name: post-install-job - image: "alpine:3.3" - command: ["/bin/sleep","{{default "10" .Values.serviceWaitTime}}"] - diff --git a/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/templates/sc.yaml b/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/templates/sc.yaml deleted file mode 100755 index 3dc98eb48..000000000 --- a/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/templates/sc.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{ if .Values.storageClass.create -}} ---- -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - name: {{ .Values.storageClass.name }} - labels: - plugin: {{ .Release.Name }} - {{- if .Values.storageClass.defaultClass }} - annotations: - storageclass.kubernetes.io/is-default-class: "true" - {{- end }} -provisioner: hpe.com/{{ .Values.pluginType }} -parameters: - description: {{ .Values.volumeDescription }} -{{- end }} diff --git a/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/values.yaml b/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/values.yaml deleted file mode 100755 index 77d2762c2..000000000 --- a/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/values.yaml +++ /dev/null @@ -1,97 +0,0 @@ -# Default values for hpe-flexvolume-driver -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -#doryd image -dynamicProvisionerTag: v3.1.0 -dynamicProvisionerImage: store/hpestorage/k8s-dynamic-provisioner - -#flexvolume plugin image -flexVolumeDriverTag: v3.1.0 -flexVolumeDriverImage: store/hpestorage/flexvolume-driver - -#container-provider image -containerProviderTag: v3.1.0 -containerProviderImage: store/hpestorage/cv-cp - -#parameters -backend: 192.168.1.1 -username: admin -password: admin -protocol: iscsi -servicePort: "8080" -serviceName: cv-cp-svc - -#storage class parameters -fsType: xfs -volumeDescription: "Volume created by HPE Volume Driver for Kubernetes FlexVolume Plugin" - -#service parameters -# wait seconds for doryd/flexvolume node plugins to start -serviceWaitTime: "10" - -#flavor -flavor: k8s - -#platform for which plugin is being deployed.i.e nimble or cv -pluginType: nimble - -#bindMountPath where kubelet bindmounts volume to pod namespace -podsMountDir: /var/lib/kubelet/pods - -#volumePluginDir volume plugin directory where kubelet watches for flexvolume plugin -flexVolumeExec: - - name: eks - value: /usr/libexec/kubernetes/kubelet-plugins/volume/exec - - name: k8s - value: /usr/libexec/kubernetes/kubelet-plugins/volume/exec - - name: ocp - value: /etc/kubernetes/kubelet-plugins/volume/exec - - name: gkeop - value: /usr/libexec/kubernetes/kubelet-plugins/volume/exec - - name: gke - value: /home/kubernetes/flexvolume - - name: aks - value: /etc/kubernetes/volumeplugins - - name: rke - value: /var/lib/kubelet/volumeplugins - -#log level for flexvolume driver and dynamic provisioner -logLevel: info - -## For creating the StorageClass automatically: -storageClass: - create: true - - ## Set StorageClass as the default StorageClass - ## Ignored if storageClass.create is false - defaultClass: false - - ## Set a StorageClass name - ## Ignored if storageClass.create is false - name: hpe-standard - -nimble: - config: - limitIOPS: "-1" - limitMBPS: "-1" - perfPolicy: DockerDefault - -cv: - config: - snapPrefix: BaseFor - automatedConnection: true - existingCloudSubnet: 10.1.0.0/24 - region: us-east-1 - privateCloud: vpc-data - cloudComputeProvider: "Amazon AWS" - perfPolicy: Other - volumeType: PF - encryption: true - protectionTemplate: twicedaily:4 - destroyOnRm: true - limitIOPS: "1000" - # In case of multiple initiators, add one per line and escape double quotes as below - initiators: - - '"eth0"' - privateCloudResourceGroup: "" diff --git a/charts/instana-agent/instana-agent/1.0.2900+up1.0.29/.helmignore b/charts/instana-agent/instana-agent/1.0.2900+up1.0.29/.helmignore deleted file mode 100644 index b4fa6cb0d..000000000 --- a/charts/instana-agent/instana-agent/1.0.2900+up1.0.29/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -# OWNERS file for helm -OWNERS diff --git a/charts/instana-agent/instana-agent/1.0.2900+up1.0.29/Chart.yaml b/charts/instana-agent/instana-agent/1.0.2900+up1.0.29/Chart.yaml deleted file mode 100644 index 01591c4c2..000000000 --- a/charts/instana-agent/instana-agent/1.0.2900+up1.0.29/Chart.yaml +++ /dev/null @@ -1,27 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: instana-agent -apiVersion: v1 -appVersion: "1.1" -description: Instana Agent for Kubernetes -home: https://www.instana.com/ -icon: https://instana-management-assets.s3-eu-west-1.amazonaws.com/stan-logo-2020.png -maintainers: -- email: jon.brisbin@instana.com - name: jbrisbin -- email: william.james@instana.com - name: wiggzz -- email: jeroen.soeters@instana.com - name: JeroenSoeters -- email: fabian.staeber@instana.com - name: fstab -- email: miel.donkers@instana.com - name: mdonkers -- email: dahlia.bock@instana.com - name: dlbock -- email: nathan.fisher@instana.com - name: nfisher -name: instana-agent -sources: -- https://github.com/instana/instana-agent-docker -version: 1.0.2900+up1.0.29 diff --git a/charts/instana-agent/instana-agent/1.0.2900+up1.0.29/README.md b/charts/instana-agent/instana-agent/1.0.2900+up1.0.29/README.md deleted file mode 100644 index dd17e51d6..000000000 --- a/charts/instana-agent/instana-agent/1.0.2900+up1.0.29/README.md +++ /dev/null @@ -1,164 +0,0 @@ -# Instana - -Instana is an [APM solution](https://www.instana.com/) built for microservices that enables IT Ops to build applications faster and deliver higher quality services by automating monitoring, tracing and root cause analysis. This solution is optimized for [Kubernetes](https://www.instana.com/automatic-kubernetes-monitoring/). - -## Introduction - -This chart adds the Instana Agent to all schedulable nodes in your cluster via a `DaemonSet`. - -## Prerequisites - -Kubernetes 1.9.x - 1.18.x - -#### Helm 3 prerequisites - -Working `helm` with the `stable` repo added to your helm client. - -#### Helm 2 prerequisites - -Working `helm` and `tiller`. - -_Note:_ Tiller may need a service account and role binding if RBAC is enabled in your cluster. - -## Installing the Chart - -To configure the installation you can either specify the options on the command line using the **--set** switch, or you can edit **values.yaml**. Either way you should ensure that you set values for: - -* agent.key -* zone.name or cluster.name - -For most users, setting the `zone.name` is sufficient. However, if you would like to be able group your hosts based on the availability zone rather than cluster name, then you can specify the cluster name using the `cluster.name` instead of the `zone.name` setting. If you omit the `zone.name` the host zone will be automatically determined by the availability zone information on the host. - -If you're in the EU, you'll probably also want to set the regional equivalent values for: - -* agent.endpointHost -* agent.endpointPort - -_Note:_ You can find the options mentioned in the [configuration section below](#configuration) - -Optionally, if your infrastructure uses a proxy, you should ensure that you set values for: - -* agent.pod.proxyHost -* agent.pod.proxyPort -* agent.pod.proxyProtocol -* agent.pod.proxyUser -* agent.pod.proxyPassword -* agent.pod.proxyUseDNS - -Optionally, if your infrastructure has multiple networks defined, you might need to allow the agent to listen on all addresses (typically with value set to '*'): - -* agent.listenAddress - -If your agent requires download key, you should ensure that you set values for it: - -* agent.downloadKey - -Agent can have APM, INFRASTRUCTURE or AWS mode. Default is APM and if you want to override that, ensure you set value: - -* agent.mode - -#### Installing with Helm 3 - -First, create a namespace for the instana-agent - -```bash -$ kubectl create namespace instana-agent -``` - -To install the chart with the release name `instana-agent` and set the values on the command line run: - -```bash -$ helm install instana-agent --namespace instana-agent \ ---set agent.key=INSTANA_AGENT_KEY \ ---set agent.endpointHost=HOST \ ---set zone.name=ZONE_NAME \ -stable/instana-agent -``` - -#### Installing with Helm 2 - -To install the chart with the release name `instana-agent` and set the values on the command line run: - -```bash -$ helm install --name instana-agent --namespace instana-agent \ ---set agent.key=INSTANA_AGENT_KEY \ ---set agent.endpointHost=HOST \ ---set zone.name=ZONE_NAME \ -stable/instana-agent -``` - -## Uninstalling the Chart - -To uninstall/delete the `instana-agent` release: - -#### Uninstalling with Helm 2 - -```bash -$ helm del --purge instana-agent -``` - -#### Uninstalling with Helm 3 - -```bash -$ helm del instana-agent -n instana-agent -``` - -## Configuration - -### Helm Chart - -The following table lists the configurable parameters of the Instana chart and their default values. - -| Parameter | Description | Default | -|------------------------------------|-------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------| -| `agent.configuration_yaml` | Custom content for the agent configuration.yaml file | `nil` See [below](#agent) for more details | -| `agent.downloadKey` | Your Instana Download key | `nil` Usually not required | -| `agent.endpointHost` | Instana Agent backend endpoint host | `ingress-red-saas.instana.io` (US and ROW). If in Europe, please override with `ingress-blue-saas.instana.io` | -| `agent.endpointPort` | Instana Agent backend endpoint port | `443` | -| `agent.image.name` | The image name to pull | `instana/agent` | -| `agent.image.tag` | The image tag to pull | `latest` | -| `agent.image.pullPolicy` | Image pull policy | `Always` | -| `agent.key` | Your Instana Agent key | `nil` You must provide your own key | -| `agent.listenAddress` | List of addresses to listen on, or "*" for all interfaces | `nil` | -| `agent.mode` | Agent mode (Supported values are APM, INFRASTRUCTURE, AWS) | `APM` | -| `agent.pod.annotations` | Additional annotations to apply to the pod | `{}` | -| `agent.pod.limits.cpu` | Container cpu limits in cpu cores | `1.5` | -| `agent.pod.limits.memory` | Container memory limits in MiB | `512` | -| `agent.pod.proxyHost` | Hostname/address of a proxy | `nil` | -| `agent.pod.proxyPort` | Port of a proxy | `nil` | -| `agent.pod.proxyProtocol` | Proxy protocol (Supported proxy types are "http", "socks4", "socks5") | `nil` | -| `agent.pod.proxyUser` | Username of the proxy auth | `nil` | -| `agent.pod.proxyPassword` | Password of the proxy auth | `nil` | -| `agent.pod.proxyUseDNS` | Boolean if proxy also does DNS | `nil` | -| `agent.pod.requests.memory` | Container memory requests in MiB | `512` | -| `agent.pod.requests.cpu` | Container cpu requests in cpu cores | `0.5` | -| `agent.pod.tolerations` | Tolerations for pod assignment | `[]` | -| `agent.env` | Additional environment variables for the agent | `{}` | -| `agent.redactKubernetesSecrets` | Enable additional secrets redaction for selected Kubernetes resources | `nil` See [Kubernetes secrets](https://docs.instana.io/setup_and_manage/host_agent/on/kubernetes/#secrets) for more details. | -| `cluster.name` | Display name of the monitored cluster | Value of `zone.name` | -| `leaderElector.port` | Instana leader elector sidecar port | `42655` | -| `leaderElector.image.name` | The elector image name to pull | `instana/leader-elector` | -| `leaderElector.image.tag` | The elector image tag to pull | `0.5.4` | -| `podSecurityPolicy.enable` | Whether a PodSecurityPolicy should be authorized for the Instana Agent pods. Requires `rbac.create` to be `true` as well. | `false` See [PodSecurityPolicy](https://docs.instana.io/setup_and_manage/host_agent/on/kubernetes/#podsecuritypolicy) for more details. | -| `podSecurityPolicy.name` | Name of an _existing_ PodSecurityPolicy to authorize for the Instana Agent pods. If not provided and `podSecurityPolicy.enable` is `true`, a PodSecurityPolicy will be created for you. | `nil` | -| `rbac.create` | Whether RBAC resources should be created | `true` | -| `serviceAccount.create` | Whether a ServiceAccount should be created | `true` | -| `serviceAccount.name` | Name of the ServiceAccount to use | `instana-agent` | -| `zone.name` | Zone that detected technologies will be assigned to | `nil` You must provide either `zone.name` or `cluster.name`, see [above](#installing-the-chart) for details | - -#### Development and debugging options - -These options will be rarely used outside of development or debugging of the agent. - -| Parameter | Description | Default | -|------------------------------------|-------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------| -| `agent.host.repository` | Host path to mount as the agent maven repository | `nil` | - -### Agent - -To configure the agent, you can either: - -- edit the [config map](templates/configmap.yaml), or -- provide the configuration via the `agent.configuration_yaml` parameter in [values.yaml](values.yaml) - -This configuration will be used for all Instana Agents on all nodes. Visit the [agent configuration documentation](https://docs.instana.io/setup_and_manage/host_agent/#agent-configuration-file) for more details on configuration options. diff --git a/charts/instana-agent/instana-agent/1.0.2900+up1.0.29/app-readme.md b/charts/instana-agent/instana-agent/1.0.2900+up1.0.29/app-readme.md deleted file mode 100644 index 0e26c8623..000000000 --- a/charts/instana-agent/instana-agent/1.0.2900+up1.0.29/app-readme.md +++ /dev/null @@ -1,5 +0,0 @@ -# Instana - -Instana is an [APM solution(https://www.instana.com/) built for microservices that enables IT Ops to build applications faster and deliver higher quality services by automating monitoring tracing and root cause analysis. This solution is optimized for [Rancher](https://www.instana.com/rancher/). - -This chart adds the Instana Agent to all schedulable nodes in your cluster via a `DaemonSet`. diff --git a/charts/instana-agent/instana-agent/1.0.2900+up1.0.29/questions.yml b/charts/instana-agent/instana-agent/1.0.2900+up1.0.29/questions.yml deleted file mode 100644 index bf9d1a46d..000000000 --- a/charts/instana-agent/instana-agent/1.0.2900+up1.0.29/questions.yml +++ /dev/null @@ -1,236 +0,0 @@ -questions: -# Basic agent configuration -- variable: agent.key - label: agent.key - description: "Your Instana Agent key is the secret token which your agent uses to authenticate to Instana's servers" - type: string - required: true - group: "Agent Configuration" -- variable: agent.endpointHost - label: agent.endpointHost - description: "The hostname of the Instana server your agents will connect to. Defaults to ingress-red-saas.instana.io for US and ROW. If in Europe, please use ingress-blue-saas.instana.io" - type: string - required: true - default: "ingress-red-saas.instana.io" - group: "Agent Configuration" -- variable: zone.name - label: zone.name - description: "Custom zone that detected technologies will be assigned to" - type: string - required: true - group: "Agent Configuration" -# Advanced agent configuration -- variable: advancedAgentConfiguration - description: "Show advanced configuration for the Instana Agent" - label: Show advanced configuration - type: boolean - default: false - show_subquestion_if: true - group: "Advanced Agent Configuration" - subquestions: - - variable: agent.configuration_yaml - label: agent.configuration_yaml (Optional) - description: "Custom content for the agent configuration.yaml file in YAML format. Please use the 'Edit as YAML' feature in the Rancher UI for the best editing experience." - type: string - required: false - group: "Advanced Agent Configuration" - - variable: agent.downloadKey - label: agent.downloadKey (Optional) - description: "Your Instana download key" - type: string - required: false - group: "Advanced Agent Configuration" - - variable: agent.endpointPort - label: agent.endpointPort - description: "The Agent backend port number (as a string) of the Instana server your agents will connect to" - type: string - required: true - default: "443" - group: "Advanced Agent Configuration" - - variable: agent.image.name - label: agent.image.name - description: "The name of the Instana Agent container image" - type: string - required: true - default: "instana/agent" - group: "Advanced Agent Configuration" - - variable: agent.image.tag - label: agent.image.tag - description: "The tag name of the Instana Agent container image" - type: string - required: true - default: "latest" - group: "Advanced Agent Configuration" - - variable: agent.image.pullPolicy - label: agent.image.pullPolicy - description: "Specifies when to pull the Instana Agent image container" - type: string - required: true - default: "Always" - group: "Advanced Agent Configuration" - - variable: agent.listenAddress - label: agent.listenAddress (Optional) - description: "The IP address the agent HTTP server will listen to, or '*' for all interfaces" - type: string - required: false - group: "Advanced Agent Configuration" - - variable: agent.mode - label: agent.mode (Optional) - description: "Agent mode. Possible options are: APM, INFRASTRUCTURE or AWS" - type: enum - options: - - "APM" - - "INFRASTRUCTURE" - - "AWS" - required: false - group: "Advanced Agent Configuration" - - variable: agent.pod.annotations - label: agent.pod.annotations (Optional) - description: "Additional annotations to be added to the agent pods in YAML format. Please use the 'Edit as YAML' feature in the Rancher UI for the best editing experience." - type: string - required: false - group: "Advanced Agent Configuration" - - variable: agent.pod.limits.cpu - label: agent.pod.limits.cpu - description: "CPU units allocation limits for the agent pods" - type: string - required: true - default: "1.5" - group: "Advanced Agent Configuration" - - variable: agent.pod.limits.memory - label: agent.pod.limits.memory - description: "Memory allocation limits in MiB for the agent pods" - type: int - required: true - default: 512 - group: "Advanced Agent Configuration" - - variable: agent.pod.proxyHost - label: agent.pod.proxyHost (Optional) - description: "Hostname/address of a proxy. Sets the INSTANA_AGENT_PROXY_HOST environment variable" - type: string - required: false - group: "Advanced Agent Configuration" - - variable: agent.pod.proxyPort - label: agent.pod.proxyPort (Optional) - description: "Port of a proxy. Sets the INSTANA_AGENT_PROXY_PORT environment variable" - type: string - required: false - group: "Advanced Agent Configuration" - - variable: agent.pod.proxyProtocol - label: agent.pod.proxyProtocol (Optional) - description: "Proxy protocol. Sets the INSTANA_AGENT_PROXY_PROTOCOL environment variable. Supported proxy types are http, socks4, socks5" - type: string - required: false - group: "Advanced Agent Configuration" - - variable: agent.pod.proxyUser - label: agent.pod.proxyUser (Optional) - description: "Username of the proxy auth. Sets the INSTANA_AGENT_PROXY_USER environment variable" - type: string - required: false - group: "Advanced Agent Configuration" - - variable: agent.pod.proxyPassword - label: agent.pod.proxyPassword (Optional) - description: "Password of the proxy auth. Sets the INSTANA_AGENT_PROXY_PASSWORD environment variable" - type: string - required: false - group: "Advanced Agent Configuration" - - variable: agent.pod.proxyUseDNS - label: agent.pod.proxyUseDNS. (Optional) - description: "Boolean if proxy also does DNS. Sets the INSTANA_AGENT_PROXY_USE_DNS environment variable" - type: enum - options: - - "true" - - "false" - required: false - group: "Advanced Agent Configuration" - - variable: agent.pod.requests.cpu - label: agent.pod.requests.cpu - description: "Requested CPU units allocation for the agent pods" - type: string - required: true - default: "0.5" - group: "Advanced Agent Configuration" - - variable: agent.pod.requests.memory - label: agent.pod.requests.memory - description: "Requested memory allocation in MiB for the agent pods" - type: int - required: true - default: 512 - group: "Advanced Agent Configuration" - - variable: agent.pod.tolerations - label: agent.pod.tolerations (Optional) - description: "Tolerations to influence agent pod assignment in YAML format. Please use the 'Edit as YAML' feature in the Rancher UI for the best editing experience." - type: string - required: false - group: "Advanced Agent Configuration" - - variable: agent.redactKubernetesSecrets - label: agent.redactKubernetesSecrets (Optional) - description: "Enable additional secrets redaction for selected Kubernetes resources" - type: boolean - required: false - default: false - group: "Advanced Agent Configuration" - - variable: cluster.name - label: cluster.name (Optional) - description: "The name that will be assigned to this cluster in Instana. See the 'Installing the Chart' section in the 'Detailed Descriptions' tab for more details" - type: string - required: false - group: "Advanced Agent Configuration" - - variable: leaderElector.image.name - label: leaderElector.image.name - description: "The name of the leader elector container image" - type: string - required: true - default: "instana/leader-elector" - group: "Advanced Agent Configuration" - - variable: leaderElector.image.tag - label: leaderElector.image.tag - description: "The tag name of the leader elector container image" - type: string - required: true - default: "0.5.4" - group: "Advanced Agent Configuration" - - variable: leaderElector.port - label: leaderElector.port - description: "The port on which the leader elector sidecar is exposed" - type: int - required: true - default: 42655 - group: "Advanced Agent Configuration" -- variable: podSecurityPolicy.enable - label: podSecurityPolicy.enable (Optional) - description: "Specifies whether a PodSecurityPolicy should be authorized for the Instana Agent pods. Requires `rbac.create` to also be `true`" - type: boolean - show_if: "rbac.create=true" - required: false - default: false - group: "Pod Security Policy Configuration" -- variable: podSecurityPolicy.name - label: podSecurityPolicy.name (Optional) - description: "The name of an existing PodSecurityPolicy you would like to authorize for the Instana Agent pods. If not set and `podSecurityPolicy.enable` is `true`, a PodSecurityPolicy will be created with a name generated using the fullname template" - type: string - show_if: "rbac.create=true&&podSecurityPolicy.enable=true" - required: false - group: "Pod Security Policy Configuration" -- variable: rbac.create - label: rbac.create - description: "Specifies whether RBAC resources should be created" - type: boolean - required: true - default: true - group: "RBAC Configuration" -- variable: serviceAccount.create - label: serviceAccount.create - description: "Specifies whether a ServiceAccount should be created" - type: boolean - required: true - default: true - show_subquestion_if: true - group: "RBAC Configuration" - subquestions: - - variable: serviceAccount.name - label: Name of the ServiceAccount (Optional) - description: "The name of the ServiceAccount to use. If not set and `serviceAccount.create` is true, a name is generated using the fullname template." - type: string - required: false - group: "RBAC Configuration" diff --git a/charts/instana-agent/instana-agent/1.0.2900+up1.0.29/templates/NOTES.txt b/charts/instana-agent/instana-agent/1.0.2900+up1.0.29/templates/NOTES.txt deleted file mode 100644 index 8e05968f1..000000000 --- a/charts/instana-agent/instana-agent/1.0.2900+up1.0.29/templates/NOTES.txt +++ /dev/null @@ -1,66 +0,0 @@ -{{- if (and (not .Values.agent.key) (and (not .Values.zone.name) (not .Values.cluster.name))) }} -############################################################################## -#### ERROR: You did not specify your secret agent key. #### -#### ERROR: You also did not specify a zone or name for this cluster. #### -############################################################################## - -This agent deployment will be incomplete until you set your agent key and zone or name for this cluster: - - helm upgrade {{ .Release.Name }} --reuse-values \ - --set agent.key=$(YOUR_SECRET_AGENT_KEY) \ - --set zone.name=$(YOUR_ZONE_NAME) stable/instana-agent - -Alternatively, you may specify a cluster name and the zone will be detected from availability zone information on the host: - - helm upgrade {{ .Release.Name }} --reuse-values \ - --set agent.key=$(YOUR_SECRET_AGENT_KEY) \ - --set cluster.name=$(YOUR_CLUSTER_NAME) stable/instana-agent - -- YOUR_SECRET_AGENT_KEY can be obtained from the Management Portal section of your Instana installation. -- YOUR_ZONE_NAME should be the zone that detected technologies will be assigned to. -- YOUR_CLUSTER_NAME should be the custom name of your cluster. - -At least one of zone.name or cluster.name is required. This cluster will be reported with the name of the zone unless you specify a cluster name. - -{{- else if (and (not .Values.zone.name) (not .Values.cluster.name)) }} -############################################################################## -#### ERROR: You did not specify a zone or name for this cluster. #### -############################################################################## - -This agent deployment will be incomplete until you set a zone for this cluster: - - helm upgrade {{ .Release.Name }} --reuse-values \ - --set zone.name=$(YOUR_ZONE_NAME) stable/instana-agent - -Alternatively, you may specify a cluster name and the zone will be detected from availability zone information on the host: - - helm upgrade {{ .Release.Name }} --reuse-values \ - --set cluster.name=$(YOUR_CLUSTER_NAME) stable/instana-agent - -- YOUR_ZONE_NAME should be the zone that detected technologies will be assigned to. -- YOUR_CLUSTER_NAME should be the custom name of your cluster. - -At least one of zone.name or cluster.name is required. This cluster will be reported with the name of the zone unless you specify a cluster name. - -{{- else if not .Values.agent.key }} -############################################################################## -#### ERROR: You did not specify your secret agent key. #### -############################################################################## - -This agent deployment will be incomplete until you set your agent key: - - helm upgrade {{ .Release.Name }} --reuse-values \ - --set agent.key=$(YOUR_SECRET_AGENT_KEY) stable/instana-agent - -- YOUR_SECRET_AGENT_KEY can be obtained from the Management Portal section of your Instana installation. - -{{- else -}} -It may take a few moments for the agents to fully deploy. You can see what agents are running by listing resources in the {{ .Release.Namespace }} namespace: - - kubectl get all -n {{ .Release.Namespace }} - -You can get the logs for all of the agents with `kubectl logs`: - - kubectl logs -l app.kubernetes.io/name={{ .Release.Name }} -n {{ .Release.Namespace }} -c instana-agent - -{{- end }} diff --git a/charts/instana-agent/instana-agent/1.0.2900+up1.0.29/templates/_helpers.tpl b/charts/instana-agent/instana-agent/1.0.2900+up1.0.29/templates/_helpers.tpl deleted file mode 100644 index 674e730f2..000000000 --- a/charts/instana-agent/instana-agent/1.0.2900+up1.0.29/templates/_helpers.tpl +++ /dev/null @@ -1,76 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "instana-agent.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "instana-agent.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "instana-agent.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -The name of the ServiceAccount used. -*/}} -{{- define "instana-agent.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "instana-agent.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -The name of the PodSecurityPolicy used. -*/}} -{{- define "instana-agent.podSecurityPolicyName" -}} -{{- if .Values.podSecurityPolicy.enable -}} -{{ default (include "instana-agent.fullname" .) .Values.podSecurityPolicy.name }} -{{- end -}} -{{- end -}} - -{{/* -Add Helm metadata to resource labels. -*/}} -{{- define "instana-agent.commonLabels" -}} -app.kubernetes.io/name: {{ include "instana-agent.name" . }} -{{ if .Values.templating -}} -app.kubernetes.io/version: {{ .Chart.Version }} -{{- else -}} -app.kubernetes.io/instance: {{ .Release.Name }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -helm.sh/chart: {{ include "instana-agent.chart" . }} -{{- end -}} -{{- end -}} - -{{/* -Add Helm metadata to selector labels specifically for deployments/daemonsets/statefulsets. -*/}} -{{- define "instana-agent.selectorLabels" -}} -app.kubernetes.io/name: {{ include "instana-agent.name" . }} -{{ if not .Values.templating -}} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end -}} -{{- end -}} diff --git a/charts/instana-agent/instana-agent/1.0.2900+up1.0.29/templates/agentsecret.yaml b/charts/instana-agent/instana-agent/1.0.2900+up1.0.29/templates/agentsecret.yaml deleted file mode 100644 index 2e378276c..000000000 --- a/charts/instana-agent/instana-agent/1.0.2900+up1.0.29/templates/agentsecret.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if or .Values.agent.key .Values.agent.downloadKey }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "instana-agent.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "instana-agent.commonLabels" . | nindent 4 }} -type: Opaque -data: -{{- if .Values.templating }} - key: {{ .Values.agent.key }} -{{- else }} - key: {{ .Values.agent.key | b64enc | quote }} -{{- end }} -{{- if .Values.agent.downloadKey }} - downloadKey: {{ .Values.agent.downloadKey | b64enc | quote }} -{{- end }} -{{- end }} diff --git a/charts/instana-agent/instana-agent/1.0.2900+up1.0.29/templates/clusterrole.yaml b/charts/instana-agent/instana-agent/1.0.2900+up1.0.29/templates/clusterrole.yaml deleted file mode 100644 index 91b3ad026..000000000 --- a/charts/instana-agent/instana-agent/1.0.2900+up1.0.29/templates/clusterrole.yaml +++ /dev/null @@ -1,68 +0,0 @@ -{{- if .Values.rbac.create -}} -kind: ClusterRole -{{- if .Values.agent.supportOpenshift }} -apiVersion: v1 -{{- else }} -apiVersion: rbac.authorization.k8s.io/v1 -{{- end }} -metadata: - name: {{ template "instana-agent.fullname" . }} - labels: - {{- include "instana-agent.commonLabels" . | nindent 4 }} -rules: -- nonResourceURLs: - - "/version" - - "/healthz" - verbs: ["get"] -- apiGroups: ["batch"] - resources: - - "jobs" - - "cronjobs" - verbs: ["get", "list", "watch"] -- apiGroups: ["extensions"] - resources: - - "deployments" - - "replicasets" - - "ingresses" - verbs: ["get", "list", "watch"] -- apiGroups: ["apps"] - resources: - - "deployments" - - "replicasets" - - "daemonsets" - - "statefulsets" - verbs: ["get", "list", "watch"] -- apiGroups: [""] - resources: - - "namespaces" - - "events" - - "services" - - "endpoints" - - "nodes" - - "pods" - - "replicationcontrollers" - - "componentstatuses" - - "resourcequotas" - verbs: ["get", "list", "watch"] -- apiGroups: [""] - resources: - - "endpoints" - verbs: ["create", "update", "patch"] -- apiGroups: ["networking.k8s.io"] - resources: - - "ingresses" - verbs: ["get", "list", "watch"] -{{- if .Values.agent.supportOpenshift }} -- apiGroups: ["apps.openshift.io"] - resources: - - "deploymentconfigs" - verbs: ["get", "list", "watch"] -{{- end -}} -{{- if .Values.podSecurityPolicy.enable}} -- apiGroups: ["policy"] - resources: ["podsecuritypolicies"] - verbs: ["use"] - resourceNames: - - {{ template "instana-agent.podSecurityPolicyName" . }} -{{- end -}} -{{- end -}} diff --git a/charts/instana-agent/instana-agent/1.0.2900+up1.0.29/templates/clusterrolebinding.yaml b/charts/instana-agent/instana-agent/1.0.2900+up1.0.29/templates/clusterrolebinding.yaml deleted file mode 100644 index 4d8ab6adb..000000000 --- a/charts/instana-agent/instana-agent/1.0.2900+up1.0.29/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if .Values.rbac.create -}} -kind: ClusterRoleBinding -{{- if .Values.agent.supportOpenshift }} -apiVersion: v1 -{{- else }} -apiVersion: rbac.authorization.k8s.io/v1 -{{- end }} -metadata: - name: {{ template "instana-agent.fullname" . }} - labels: - {{- include "instana-agent.commonLabels" . | nindent 4 }} -subjects: -- kind: ServiceAccount - name: {{ template "instana-agent.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: {{ template "instana-agent.fullname" . }} - {{- if not .Values.agent.supportOpenshift }} - apiGroup: rbac.authorization.k8s.io - {{- end -}} -{{- end -}} diff --git a/charts/instana-agent/instana-agent/1.0.2900+up1.0.29/templates/configmap.yaml b/charts/instana-agent/instana-agent/1.0.2900+up1.0.29/templates/configmap.yaml deleted file mode 100644 index 11334323d..000000000 --- a/charts/instana-agent/instana-agent/1.0.2900+up1.0.29/templates/configmap.yaml +++ /dev/null @@ -1,44 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "instana-agent.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "instana-agent.commonLabels" . | nindent 4 }} -data: - configuration.yaml: | - # Manual a-priori configuration. Configuration will be only used when the sensor - # is actually installed by the agent. - # The commented out example values represent example configuration and are not - # necessarily defaults. Defaults are usually 'absent' or mentioned separately. - # Changes are hot reloaded unless otherwise mentioned. - - # It is possible to create files called 'configuration-abc.yaml' which are - # merged with this file in file system order. So 'configuration-cde.yaml' comes - # after 'configuration-abc.yaml'. Only nested structures are merged, values are - # overwritten by subsequent configurations. - - # Secrets - # To filter sensitive data from collection by the agent, all sensors respect - # the following secrets configuration. If a key collected by a sensor matches - # an entry from the list, the value is redacted. - #com.instana.secrets: - # matcher: 'contains-ignore-case' # 'contains-ignore-case', 'contains', 'regex' - # list: - # - 'key' - # - 'password' - # - 'secret' - - # Host - #com.instana.plugin.host: - # tags: - # - 'dev' - # - 'app1' - - # Hardware & Zone - #com.instana.plugin.generic.hardware: - # enabled: true # disabled by default - # availability-zone: 'zone' - {{- if .Values.agent.configuration_yaml -}} - {{ .Values.agent.configuration_yaml | nindent 4 }} - {{- end }} diff --git a/charts/instana-agent/instana-agent/1.0.2900+up1.0.29/templates/daemonset.yaml b/charts/instana-agent/instana-agent/1.0.2900+up1.0.29/templates/daemonset.yaml deleted file mode 100644 index 7918ec7a1..000000000 --- a/charts/instana-agent/instana-agent/1.0.2900+up1.0.29/templates/daemonset.yaml +++ /dev/null @@ -1,210 +0,0 @@ -{{- if .Values.agent.key -}} -{{- if or .Values.zone.name .Values.cluster.name -}} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ template "instana-agent.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "instana-agent.commonLabels" . | nindent 4 }} -spec: - selector: - matchLabels: - {{- include "instana-agent.selectorLabels" . | nindent 6 }} - template: - metadata: - labels: - {{- include "instana-agent.commonLabels" . | nindent 8 }} - {{- if .Values.agent.pod.annotations }} - annotations: - {{- toYaml .Values.agent.pod.annotations | nindent 8 }} - {{- end }} - spec: - {{- if .Values.agent.pod.nodeSelector }} - nodeSelector: - {{- range $key, $value := .Values.agent.pod.nodeSelector }} - {{ $key }}: {{ $value | quote }} - {{- end }} - {{- end }} - serviceAccountName: {{ template "instana-agent.serviceAccountName" . }} - hostIPC: true - hostNetwork: true - hostPID: true - containers: - - name: instana-agent - image: "{{ .Values.agent.image.name }}:{{ .Values.agent.image.tag }}" - imagePullPolicy: {{ .Values.agent.image.pullPolicy }} - env: - - name: INSTANA_AGENT_LEADER_ELECTOR_PORT - value: {{ .Values.leaderElector.port | quote }} - - name: INSTANA_ZONE - value: {{ .Values.zone.name | quote }} - {{- if .Values.cluster.name }} - - name: INSTANA_KUBERNETES_CLUSTER_NAME - value: {{ .Values.cluster.name | quote }} - {{- end }} - - name: INSTANA_AGENT_ENDPOINT - value: {{ .Values.agent.endpointHost | quote }} - - name: INSTANA_AGENT_ENDPOINT_PORT - value: {{ .Values.agent.endpointPort | quote }} - - name: INSTANA_AGENT_KEY - valueFrom: - secretKeyRef: - name: {{ template "instana-agent.fullname" . }} - key: key - {{- if .Values.agent.mode }} - - name: INSTANA_AGENT_MODE - value: {{ .Values.agent.mode | quote }} - {{- end }} - {{- if .Values.agent.downloadKey }} - - name: INSTANA_DOWNLOAD_KEY - valueFrom: - secretKeyRef: - name: {{ template "instana-agent.fullname" . }} - key: downloadKey - {{- end }} - {{- if .Values.agent.proxyHost }} - - name: INSTANA_AGENT_PROXY_HOST - value: {{ .Values.agent.proxyHost | quote }} - {{- end }} - {{- if .Values.agent.proxyPort }} - - name: INSTANA_AGENT_PROXY_PORT - value: {{ .Values.agent.proxyPort | quote }} - {{- end }} - {{- if .Values.agent.proxyProtocol }} - - name: INSTANA_AGENT_PROXY_PROTOCOL - value: {{ .Values.agent.proxyProtocol | quote }} - {{- end }} - {{- if .Values.agent.proxyUser }} - - name: INSTANA_AGENT_PROXY_USER - value: {{ .Values.agent.proxyUser | quote }} - {{- end }} - {{- if .Values.agent.proxyPassword }} - - name: INSTANA_AGENT_PROXY_PASSWORD - value: {{ .Values.agent.proxyPassword | quote }} - {{- end }} - {{- if .Values.agent.proxyUseDNS }} - - name: INSTANA_AGENT_PROXY_USE_DNS - value: {{ .Values.agent.proxyUseDNS | quote }} - {{- end }} - {{- if .Values.agent.listenAddress }} - - name: INSTANA_AGENT_HTTP_LISTEN - value: {{ .Values.agent.listenAddress | quote }} - {{- end }} - {{- if .Values.agent.redactKubernetesSecrets }} - - name: INSTANA_KUBERNETES_REDACT_SECRETS - value: {{ .Values.agent.redactKubernetesSecrets | quote }} - {{- end }} - - name: JAVA_OPTS - # Approximately 1/3 of container memory requests to allow for direct-buffer memory usage and JVM overhead - value: "-Xmx{{ div (default 512 .Values.agent.pod.requests.memory) 3 }}M -XX:+ExitOnOutOfMemoryError" - - name: INSTANA_AGENT_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - {{- range $key, $value := .Values.agent.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - securityContext: - privileged: true - volumeMounts: - - name: dev - mountPath: /dev - - name: run - mountPath: /run - - name: var-run - mountPath: /var/run - - name: sys - mountPath: /sys - - name: var-log - mountPath: /var/log - - name: var-lib - mountPath: /var/lib/containers/storage - - name: machine-id - mountPath: /etc/machine-id - - name: configuration - subPath: configuration.yaml - mountPath: /root/configuration.yaml - {{- if .Values.agent.host.repository }} - - name: repo - mountPath: /opt/instana/agent/data/repo - {{- end }} - livenessProbe: - httpGet: - path: /status - port: 42699 - initialDelaySeconds: 300 - timeoutSeconds: 3 - resources: - requests: - memory: "{{ default 512 .Values.agent.pod.requests.memory }}Mi" - cpu: {{ default 0.5 .Values.agent.pod.requests.cpu }} - limits: - memory: "{{ default 512 .Values.agent.pod.limits.memory }}Mi" - cpu: {{ default 1.5 .Values.agent.pod.limits.cpu }} - ports: - - containerPort: 42699 - - name: instana-agent-leader-elector - image: "{{ .Values.leaderElector.image.name }}:{{ .Values.leaderElector.image.tag }}" - env: - - name: INSTANA_AGENT_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - command: - - "/busybox/sh" - - "-c" - - "sleep 12 && /app/server --election=instana --http=localhost:{{ .Values.leaderElector.port }} --id=$(INSTANA_AGENT_POD_NAME)" - resources: - requests: - cpu: 0.1 - memory: 64Mi - livenessProbe: - httpGet: # Leader elector liveness is tied to agent, published on localhost:42699 - path: /com.instana.agent.coordination.sidecar/health - port: 42699 - initialDelaySeconds: 300 - timeoutSeconds: 3 - ports: - - containerPort: {{ .Values.leaderElector.port }} - {{- if .Values.agent.pod.tolerations }} - tolerations: - {{- toYaml .Values.agent.pod.tolerations | nindent 8 }} - {{- end }} - volumes: - - name: dev - hostPath: - path: /dev - - name: run - hostPath: - path: /run - - name: var-run - hostPath: - path: /var/run - - name: sys - hostPath: - path: /sys - - name: var-log - hostPath: - path: /var/log - - name: var-lib - hostPath: - path: /var/lib/containers/storage - - name: machine-id - hostPath: - path: /etc/machine-id - - name: configuration - configMap: - name: {{ template "instana-agent.fullname" . }} - {{- if .Values.agent.host.repository }} - - name: repo - hostPath: - path: {{ .Values.agent.host.repository }} - {{- end }} -{{- end -}} -{{- end -}} diff --git a/charts/instana-agent/instana-agent/1.0.2900+up1.0.29/templates/namespace.yaml b/charts/instana-agent/instana-agent/1.0.2900+up1.0.29/templates/namespace.yaml deleted file mode 100644 index 98f3d61b3..000000000 --- a/charts/instana-agent/instana-agent/1.0.2900+up1.0.29/templates/namespace.yaml +++ /dev/null @@ -1,8 +0,0 @@ -{{- if .Values.templating }} -apiVersion: v1 -kind: Namespace -metadata: - name: {{ .Release.Namespace }} - labels: - {{- include "instana-agent.commonLabels" . | nindent 4 }} -{{- end }} diff --git a/charts/instana-agent/instana-agent/1.0.2900+up1.0.29/templates/podsecuritypolicy.yaml b/charts/instana-agent/instana-agent/1.0.2900+up1.0.29/templates/podsecuritypolicy.yaml deleted file mode 100644 index 6ade65a5f..000000000 --- a/charts/instana-agent/instana-agent/1.0.2900+up1.0.29/templates/podsecuritypolicy.yaml +++ /dev/null @@ -1,55 +0,0 @@ -{{- if .Values.rbac.create -}} -{{- if (and .Values.podSecurityPolicy.enable (not .Values.podSecurityPolicy.name)) -}} -kind: PodSecurityPolicy -apiVersion: policy/v1beta1 -metadata: - name: {{ template "instana-agent.podSecurityPolicyName" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "instana-agent.commonLabels" . | nindent 4 }} -spec: - privileged: true - allowPrivilegeEscalation: true - volumes: - - configMap - - downwardAPI - - emptyDir - - persistentVolumeClaim - - secret - - projected - - hostPath - allowedHostPaths: - - pathPrefix: "/dev" - readOnly: false - - pathPrefix: "/run" - readOnly: false - - pathPrefix: "/var/run" - readOnly: false - - pathPrefix: "/sys" - readOnly: false - - pathPrefix: "/var/log" - readOnly: false - - pathPrefix: "/etc/machine-id" - readOnly: false - - pathPrefix: "/var/lib/containers/storage" - readOnly: false - {{- if .Values.agent.host.repository }} - - pathPrefix: {{ .Values.agent.host.repository }} - readOnly: false - {{- end }} - hostNetwork: true - hostPorts: - - min: 0 - max: 65535 - hostIPC: true - hostPID: true - runAsUser: - rule: "RunAsAny" - seLinux: - rule: "RunAsAny" - supplementalGroups: - rule: "RunAsAny" - fsGroup: - rule: "RunAsAny" -{{- end -}} -{{- end -}} diff --git a/charts/instana-agent/instana-agent/1.0.2900+up1.0.29/templates/serviceaccount.yaml b/charts/instana-agent/instana-agent/1.0.2900+up1.0.29/templates/serviceaccount.yaml deleted file mode 100644 index 0a0b52f8a..000000000 --- a/charts/instana-agent/instana-agent/1.0.2900+up1.0.29/templates/serviceaccount.yaml +++ /dev/null @@ -1,9 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "instana-agent.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "instana-agent.commonLabels" . | nindent 4 }} -{{- end -}} diff --git a/charts/instana-agent/instana-agent/1.0.2900+up1.0.29/values.yaml b/charts/instana-agent/instana-agent/1.0.2900+up1.0.29/values.yaml deleted file mode 100644 index 3b23ad868..000000000 --- a/charts/instana-agent/instana-agent/1.0.2900+up1.0.29/values.yaml +++ /dev/null @@ -1,111 +0,0 @@ -# name is the value which will be used as the base resource name for various resources associated with the agent. -# name: instana-agent - -agent: - # agent.key is the secret token which your agent uses to authenticate to Instana's servers. - key: null - # agent.mode is used to set agent mode and it can be APM, INFRASTRUCTURE or AWS - # mode: APM - # agent.downloadKey is optional, if used it doesn't have to match agent.key - # downloadKey: null - # agent.listenAddress is the IP address the agent HTTP server will listen to. - # listenAddress: * - - # agent.endpointHost is the hostname of the Instana server your agents will connect to. - endpointHost: ingress-red-saas.instana.io - # agent.endpointPort is the port number (as a String) of the Instana server your agents will connect to. - endpointPort: 443 - - image: - # agent.image.name is the name of the container image of the Instana agent. - name: instana/agent - # agent.image.tag is the tag name of the agent container image. - tag: latest - # agent.image.pullPolicy specifies when to pull the image container. - pullPolicy: Always - - pod: - # agent.pod.annotations are additional annotations to be added to the agent pods. - annotations: {} - - # agent.pod.tolerations are tolerations to influence agent pod assignment. - # https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - tolerations: [] - - requests: - # agent.pod.requests.memory is the requested memory allocation in MiB for the agent pods. - memory: 512 - # agent.pod.requests.cpu are the requested CPU units allocation for the agent pods. - cpu: 0.5 - limits: - # agent.pod.limits.memory set the memory allocation limits in MiB for the agent pods. - memory: 512 - # agent.pod.limits.cpu sets the CPU units allocation limits for the agent pods. - cpu: 1.5 - - # agent.proxyHost sets the INSTANA_AGENT_PROXY_HOST environment variable. - # proxyHost: null - # agent.proxyPort sets the INSTANA_AGENT_PROXY_PORT environment variable. - # proxyPort: null - # agent.proxyProtocol sets the INSTANA_AGENT_PROXY_PROTOCOL environment variable. - # proxyProtocol: null - # agent.proxyUser sets the INSTANA_AGENT_PROXY_USER environment variable. - # proxyUser: null - # agent.proxyPassword sets the INSTANA_AGENT_PROXY_PASSWORD environment variable. - # proxyPassword: null - # agent.proxyUseDNS sets the INSTANA_AGENT_PROXY_USE_DNS environment variable. - # proxyUseDNS: null - - # use this to set additional environment variables for the instana agent - # for example: - # env: - # INSTANA_AGENT_TAGS: dev - env: {} - - configuration_yaml: | - # Place agent configuration here - - # agent.redactKubernetesSecrets sets the INSTANA_KUBERNETES_REDACT_SECRETS environment variable. - # redactKubernetesSecrets: null - - # agent.host.repository sets a host path to be mounted as the agent maven repository (for debugging or development purposes) - host: - repository: null - - # agent.supportOpenshift specifies whether the cluster role should include openshift permissions - # supportOpenshift: true - -cluster: - # cluster.name represents the name that will be assigned to this cluster in Instana - name: null - -leaderElector: - image: - # leaderElector.image.name is the name of the container image of the leader elector. - name: instana/leader-elector - # leaderElector.image.tag is the tag name of the agent container image. - tag: 0.5.4 - port: 42655 - -rbac: - # Specifies whether RBAC resources should be created - create: true - -serviceAccount: - # Specifies whether a ServiceAccount should be created - create: true - # The name of the ServiceAccount to use. - # If not set and `create` is true, a name is generated using the fullname template - # name: instana-agent - -podSecurityPolicy: - # Specifies whether a PodSecurityPolicy should be authorized for the Instana Agent pods. - # Requires `rbac.create` to be `true` as well. - enable: false - # The name of an existing PodSecurityPolicy you would like to authorize for the Instana Agent pods. - # If not set and `enable` is true, a PodSecurityPolicy will be created with a name generated using the fullname template. - name: null - -zone: - # zone.name is the custom zone that detected technologies will be assigned to - name: null diff --git a/charts/instana-agent/instana-agent/1.0.2900/.helmignore b/charts/instana-agent/instana-agent/1.0.2900/.helmignore deleted file mode 100755 index b4fa6cb0d..000000000 --- a/charts/instana-agent/instana-agent/1.0.2900/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -# OWNERS file for helm -OWNERS diff --git a/charts/instana-agent/instana-agent/1.0.2900/Chart.yaml b/charts/instana-agent/instana-agent/1.0.2900/Chart.yaml deleted file mode 100755 index 6b52668cd..000000000 --- a/charts/instana-agent/instana-agent/1.0.2900/Chart.yaml +++ /dev/null @@ -1,27 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: instana-agent -apiVersion: v1 -appVersion: "1.1" -description: Instana Agent for Kubernetes -home: https://www.instana.com/ -icon: https://instana-management-assets.s3-eu-west-1.amazonaws.com/stan-logo-2020.png -maintainers: -- email: jon.brisbin@instana.com - name: jbrisbin -- email: william.james@instana.com - name: wiggzz -- email: jeroen.soeters@instana.com - name: JeroenSoeters -- email: fabian.staeber@instana.com - name: fstab -- email: miel.donkers@instana.com - name: mdonkers -- email: dahlia.bock@instana.com - name: dlbock -- email: nathan.fisher@instana.com - name: nfisher -name: instana-agent -sources: -- https://github.com/instana/instana-agent-docker -version: 1.0.2900 diff --git a/charts/instana-agent/instana-agent/1.0.2900/README.md b/charts/instana-agent/instana-agent/1.0.2900/README.md deleted file mode 100755 index dd17e51d6..000000000 --- a/charts/instana-agent/instana-agent/1.0.2900/README.md +++ /dev/null @@ -1,164 +0,0 @@ -# Instana - -Instana is an [APM solution](https://www.instana.com/) built for microservices that enables IT Ops to build applications faster and deliver higher quality services by automating monitoring, tracing and root cause analysis. This solution is optimized for [Kubernetes](https://www.instana.com/automatic-kubernetes-monitoring/). - -## Introduction - -This chart adds the Instana Agent to all schedulable nodes in your cluster via a `DaemonSet`. - -## Prerequisites - -Kubernetes 1.9.x - 1.18.x - -#### Helm 3 prerequisites - -Working `helm` with the `stable` repo added to your helm client. - -#### Helm 2 prerequisites - -Working `helm` and `tiller`. - -_Note:_ Tiller may need a service account and role binding if RBAC is enabled in your cluster. - -## Installing the Chart - -To configure the installation you can either specify the options on the command line using the **--set** switch, or you can edit **values.yaml**. Either way you should ensure that you set values for: - -* agent.key -* zone.name or cluster.name - -For most users, setting the `zone.name` is sufficient. However, if you would like to be able group your hosts based on the availability zone rather than cluster name, then you can specify the cluster name using the `cluster.name` instead of the `zone.name` setting. If you omit the `zone.name` the host zone will be automatically determined by the availability zone information on the host. - -If you're in the EU, you'll probably also want to set the regional equivalent values for: - -* agent.endpointHost -* agent.endpointPort - -_Note:_ You can find the options mentioned in the [configuration section below](#configuration) - -Optionally, if your infrastructure uses a proxy, you should ensure that you set values for: - -* agent.pod.proxyHost -* agent.pod.proxyPort -* agent.pod.proxyProtocol -* agent.pod.proxyUser -* agent.pod.proxyPassword -* agent.pod.proxyUseDNS - -Optionally, if your infrastructure has multiple networks defined, you might need to allow the agent to listen on all addresses (typically with value set to '*'): - -* agent.listenAddress - -If your agent requires download key, you should ensure that you set values for it: - -* agent.downloadKey - -Agent can have APM, INFRASTRUCTURE or AWS mode. Default is APM and if you want to override that, ensure you set value: - -* agent.mode - -#### Installing with Helm 3 - -First, create a namespace for the instana-agent - -```bash -$ kubectl create namespace instana-agent -``` - -To install the chart with the release name `instana-agent` and set the values on the command line run: - -```bash -$ helm install instana-agent --namespace instana-agent \ ---set agent.key=INSTANA_AGENT_KEY \ ---set agent.endpointHost=HOST \ ---set zone.name=ZONE_NAME \ -stable/instana-agent -``` - -#### Installing with Helm 2 - -To install the chart with the release name `instana-agent` and set the values on the command line run: - -```bash -$ helm install --name instana-agent --namespace instana-agent \ ---set agent.key=INSTANA_AGENT_KEY \ ---set agent.endpointHost=HOST \ ---set zone.name=ZONE_NAME \ -stable/instana-agent -``` - -## Uninstalling the Chart - -To uninstall/delete the `instana-agent` release: - -#### Uninstalling with Helm 2 - -```bash -$ helm del --purge instana-agent -``` - -#### Uninstalling with Helm 3 - -```bash -$ helm del instana-agent -n instana-agent -``` - -## Configuration - -### Helm Chart - -The following table lists the configurable parameters of the Instana chart and their default values. - -| Parameter | Description | Default | -|------------------------------------|-------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------| -| `agent.configuration_yaml` | Custom content for the agent configuration.yaml file | `nil` See [below](#agent) for more details | -| `agent.downloadKey` | Your Instana Download key | `nil` Usually not required | -| `agent.endpointHost` | Instana Agent backend endpoint host | `ingress-red-saas.instana.io` (US and ROW). If in Europe, please override with `ingress-blue-saas.instana.io` | -| `agent.endpointPort` | Instana Agent backend endpoint port | `443` | -| `agent.image.name` | The image name to pull | `instana/agent` | -| `agent.image.tag` | The image tag to pull | `latest` | -| `agent.image.pullPolicy` | Image pull policy | `Always` | -| `agent.key` | Your Instana Agent key | `nil` You must provide your own key | -| `agent.listenAddress` | List of addresses to listen on, or "*" for all interfaces | `nil` | -| `agent.mode` | Agent mode (Supported values are APM, INFRASTRUCTURE, AWS) | `APM` | -| `agent.pod.annotations` | Additional annotations to apply to the pod | `{}` | -| `agent.pod.limits.cpu` | Container cpu limits in cpu cores | `1.5` | -| `agent.pod.limits.memory` | Container memory limits in MiB | `512` | -| `agent.pod.proxyHost` | Hostname/address of a proxy | `nil` | -| `agent.pod.proxyPort` | Port of a proxy | `nil` | -| `agent.pod.proxyProtocol` | Proxy protocol (Supported proxy types are "http", "socks4", "socks5") | `nil` | -| `agent.pod.proxyUser` | Username of the proxy auth | `nil` | -| `agent.pod.proxyPassword` | Password of the proxy auth | `nil` | -| `agent.pod.proxyUseDNS` | Boolean if proxy also does DNS | `nil` | -| `agent.pod.requests.memory` | Container memory requests in MiB | `512` | -| `agent.pod.requests.cpu` | Container cpu requests in cpu cores | `0.5` | -| `agent.pod.tolerations` | Tolerations for pod assignment | `[]` | -| `agent.env` | Additional environment variables for the agent | `{}` | -| `agent.redactKubernetesSecrets` | Enable additional secrets redaction for selected Kubernetes resources | `nil` See [Kubernetes secrets](https://docs.instana.io/setup_and_manage/host_agent/on/kubernetes/#secrets) for more details. | -| `cluster.name` | Display name of the monitored cluster | Value of `zone.name` | -| `leaderElector.port` | Instana leader elector sidecar port | `42655` | -| `leaderElector.image.name` | The elector image name to pull | `instana/leader-elector` | -| `leaderElector.image.tag` | The elector image tag to pull | `0.5.4` | -| `podSecurityPolicy.enable` | Whether a PodSecurityPolicy should be authorized for the Instana Agent pods. Requires `rbac.create` to be `true` as well. | `false` See [PodSecurityPolicy](https://docs.instana.io/setup_and_manage/host_agent/on/kubernetes/#podsecuritypolicy) for more details. | -| `podSecurityPolicy.name` | Name of an _existing_ PodSecurityPolicy to authorize for the Instana Agent pods. If not provided and `podSecurityPolicy.enable` is `true`, a PodSecurityPolicy will be created for you. | `nil` | -| `rbac.create` | Whether RBAC resources should be created | `true` | -| `serviceAccount.create` | Whether a ServiceAccount should be created | `true` | -| `serviceAccount.name` | Name of the ServiceAccount to use | `instana-agent` | -| `zone.name` | Zone that detected technologies will be assigned to | `nil` You must provide either `zone.name` or `cluster.name`, see [above](#installing-the-chart) for details | - -#### Development and debugging options - -These options will be rarely used outside of development or debugging of the agent. - -| Parameter | Description | Default | -|------------------------------------|-------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------| -| `agent.host.repository` | Host path to mount as the agent maven repository | `nil` | - -### Agent - -To configure the agent, you can either: - -- edit the [config map](templates/configmap.yaml), or -- provide the configuration via the `agent.configuration_yaml` parameter in [values.yaml](values.yaml) - -This configuration will be used for all Instana Agents on all nodes. Visit the [agent configuration documentation](https://docs.instana.io/setup_and_manage/host_agent/#agent-configuration-file) for more details on configuration options. diff --git a/charts/instana-agent/instana-agent/1.0.2900/app-readme.md b/charts/instana-agent/instana-agent/1.0.2900/app-readme.md deleted file mode 100755 index 0e26c8623..000000000 --- a/charts/instana-agent/instana-agent/1.0.2900/app-readme.md +++ /dev/null @@ -1,5 +0,0 @@ -# Instana - -Instana is an [APM solution(https://www.instana.com/) built for microservices that enables IT Ops to build applications faster and deliver higher quality services by automating monitoring tracing and root cause analysis. This solution is optimized for [Rancher](https://www.instana.com/rancher/). - -This chart adds the Instana Agent to all schedulable nodes in your cluster via a `DaemonSet`. diff --git a/charts/instana-agent/instana-agent/1.0.2900/questions.yml b/charts/instana-agent/instana-agent/1.0.2900/questions.yml deleted file mode 100755 index bf9d1a46d..000000000 --- a/charts/instana-agent/instana-agent/1.0.2900/questions.yml +++ /dev/null @@ -1,236 +0,0 @@ -questions: -# Basic agent configuration -- variable: agent.key - label: agent.key - description: "Your Instana Agent key is the secret token which your agent uses to authenticate to Instana's servers" - type: string - required: true - group: "Agent Configuration" -- variable: agent.endpointHost - label: agent.endpointHost - description: "The hostname of the Instana server your agents will connect to. Defaults to ingress-red-saas.instana.io for US and ROW. If in Europe, please use ingress-blue-saas.instana.io" - type: string - required: true - default: "ingress-red-saas.instana.io" - group: "Agent Configuration" -- variable: zone.name - label: zone.name - description: "Custom zone that detected technologies will be assigned to" - type: string - required: true - group: "Agent Configuration" -# Advanced agent configuration -- variable: advancedAgentConfiguration - description: "Show advanced configuration for the Instana Agent" - label: Show advanced configuration - type: boolean - default: false - show_subquestion_if: true - group: "Advanced Agent Configuration" - subquestions: - - variable: agent.configuration_yaml - label: agent.configuration_yaml (Optional) - description: "Custom content for the agent configuration.yaml file in YAML format. Please use the 'Edit as YAML' feature in the Rancher UI for the best editing experience." - type: string - required: false - group: "Advanced Agent Configuration" - - variable: agent.downloadKey - label: agent.downloadKey (Optional) - description: "Your Instana download key" - type: string - required: false - group: "Advanced Agent Configuration" - - variable: agent.endpointPort - label: agent.endpointPort - description: "The Agent backend port number (as a string) of the Instana server your agents will connect to" - type: string - required: true - default: "443" - group: "Advanced Agent Configuration" - - variable: agent.image.name - label: agent.image.name - description: "The name of the Instana Agent container image" - type: string - required: true - default: "instana/agent" - group: "Advanced Agent Configuration" - - variable: agent.image.tag - label: agent.image.tag - description: "The tag name of the Instana Agent container image" - type: string - required: true - default: "latest" - group: "Advanced Agent Configuration" - - variable: agent.image.pullPolicy - label: agent.image.pullPolicy - description: "Specifies when to pull the Instana Agent image container" - type: string - required: true - default: "Always" - group: "Advanced Agent Configuration" - - variable: agent.listenAddress - label: agent.listenAddress (Optional) - description: "The IP address the agent HTTP server will listen to, or '*' for all interfaces" - type: string - required: false - group: "Advanced Agent Configuration" - - variable: agent.mode - label: agent.mode (Optional) - description: "Agent mode. Possible options are: APM, INFRASTRUCTURE or AWS" - type: enum - options: - - "APM" - - "INFRASTRUCTURE" - - "AWS" - required: false - group: "Advanced Agent Configuration" - - variable: agent.pod.annotations - label: agent.pod.annotations (Optional) - description: "Additional annotations to be added to the agent pods in YAML format. Please use the 'Edit as YAML' feature in the Rancher UI for the best editing experience." - type: string - required: false - group: "Advanced Agent Configuration" - - variable: agent.pod.limits.cpu - label: agent.pod.limits.cpu - description: "CPU units allocation limits for the agent pods" - type: string - required: true - default: "1.5" - group: "Advanced Agent Configuration" - - variable: agent.pod.limits.memory - label: agent.pod.limits.memory - description: "Memory allocation limits in MiB for the agent pods" - type: int - required: true - default: 512 - group: "Advanced Agent Configuration" - - variable: agent.pod.proxyHost - label: agent.pod.proxyHost (Optional) - description: "Hostname/address of a proxy. Sets the INSTANA_AGENT_PROXY_HOST environment variable" - type: string - required: false - group: "Advanced Agent Configuration" - - variable: agent.pod.proxyPort - label: agent.pod.proxyPort (Optional) - description: "Port of a proxy. Sets the INSTANA_AGENT_PROXY_PORT environment variable" - type: string - required: false - group: "Advanced Agent Configuration" - - variable: agent.pod.proxyProtocol - label: agent.pod.proxyProtocol (Optional) - description: "Proxy protocol. Sets the INSTANA_AGENT_PROXY_PROTOCOL environment variable. Supported proxy types are http, socks4, socks5" - type: string - required: false - group: "Advanced Agent Configuration" - - variable: agent.pod.proxyUser - label: agent.pod.proxyUser (Optional) - description: "Username of the proxy auth. Sets the INSTANA_AGENT_PROXY_USER environment variable" - type: string - required: false - group: "Advanced Agent Configuration" - - variable: agent.pod.proxyPassword - label: agent.pod.proxyPassword (Optional) - description: "Password of the proxy auth. Sets the INSTANA_AGENT_PROXY_PASSWORD environment variable" - type: string - required: false - group: "Advanced Agent Configuration" - - variable: agent.pod.proxyUseDNS - label: agent.pod.proxyUseDNS. (Optional) - description: "Boolean if proxy also does DNS. Sets the INSTANA_AGENT_PROXY_USE_DNS environment variable" - type: enum - options: - - "true" - - "false" - required: false - group: "Advanced Agent Configuration" - - variable: agent.pod.requests.cpu - label: agent.pod.requests.cpu - description: "Requested CPU units allocation for the agent pods" - type: string - required: true - default: "0.5" - group: "Advanced Agent Configuration" - - variable: agent.pod.requests.memory - label: agent.pod.requests.memory - description: "Requested memory allocation in MiB for the agent pods" - type: int - required: true - default: 512 - group: "Advanced Agent Configuration" - - variable: agent.pod.tolerations - label: agent.pod.tolerations (Optional) - description: "Tolerations to influence agent pod assignment in YAML format. Please use the 'Edit as YAML' feature in the Rancher UI for the best editing experience." - type: string - required: false - group: "Advanced Agent Configuration" - - variable: agent.redactKubernetesSecrets - label: agent.redactKubernetesSecrets (Optional) - description: "Enable additional secrets redaction for selected Kubernetes resources" - type: boolean - required: false - default: false - group: "Advanced Agent Configuration" - - variable: cluster.name - label: cluster.name (Optional) - description: "The name that will be assigned to this cluster in Instana. See the 'Installing the Chart' section in the 'Detailed Descriptions' tab for more details" - type: string - required: false - group: "Advanced Agent Configuration" - - variable: leaderElector.image.name - label: leaderElector.image.name - description: "The name of the leader elector container image" - type: string - required: true - default: "instana/leader-elector" - group: "Advanced Agent Configuration" - - variable: leaderElector.image.tag - label: leaderElector.image.tag - description: "The tag name of the leader elector container image" - type: string - required: true - default: "0.5.4" - group: "Advanced Agent Configuration" - - variable: leaderElector.port - label: leaderElector.port - description: "The port on which the leader elector sidecar is exposed" - type: int - required: true - default: 42655 - group: "Advanced Agent Configuration" -- variable: podSecurityPolicy.enable - label: podSecurityPolicy.enable (Optional) - description: "Specifies whether a PodSecurityPolicy should be authorized for the Instana Agent pods. Requires `rbac.create` to also be `true`" - type: boolean - show_if: "rbac.create=true" - required: false - default: false - group: "Pod Security Policy Configuration" -- variable: podSecurityPolicy.name - label: podSecurityPolicy.name (Optional) - description: "The name of an existing PodSecurityPolicy you would like to authorize for the Instana Agent pods. If not set and `podSecurityPolicy.enable` is `true`, a PodSecurityPolicy will be created with a name generated using the fullname template" - type: string - show_if: "rbac.create=true&&podSecurityPolicy.enable=true" - required: false - group: "Pod Security Policy Configuration" -- variable: rbac.create - label: rbac.create - description: "Specifies whether RBAC resources should be created" - type: boolean - required: true - default: true - group: "RBAC Configuration" -- variable: serviceAccount.create - label: serviceAccount.create - description: "Specifies whether a ServiceAccount should be created" - type: boolean - required: true - default: true - show_subquestion_if: true - group: "RBAC Configuration" - subquestions: - - variable: serviceAccount.name - label: Name of the ServiceAccount (Optional) - description: "The name of the ServiceAccount to use. If not set and `serviceAccount.create` is true, a name is generated using the fullname template." - type: string - required: false - group: "RBAC Configuration" diff --git a/charts/instana-agent/instana-agent/1.0.2900/templates/NOTES.txt b/charts/instana-agent/instana-agent/1.0.2900/templates/NOTES.txt deleted file mode 100755 index 8e05968f1..000000000 --- a/charts/instana-agent/instana-agent/1.0.2900/templates/NOTES.txt +++ /dev/null @@ -1,66 +0,0 @@ -{{- if (and (not .Values.agent.key) (and (not .Values.zone.name) (not .Values.cluster.name))) }} -############################################################################## -#### ERROR: You did not specify your secret agent key. #### -#### ERROR: You also did not specify a zone or name for this cluster. #### -############################################################################## - -This agent deployment will be incomplete until you set your agent key and zone or name for this cluster: - - helm upgrade {{ .Release.Name }} --reuse-values \ - --set agent.key=$(YOUR_SECRET_AGENT_KEY) \ - --set zone.name=$(YOUR_ZONE_NAME) stable/instana-agent - -Alternatively, you may specify a cluster name and the zone will be detected from availability zone information on the host: - - helm upgrade {{ .Release.Name }} --reuse-values \ - --set agent.key=$(YOUR_SECRET_AGENT_KEY) \ - --set cluster.name=$(YOUR_CLUSTER_NAME) stable/instana-agent - -- YOUR_SECRET_AGENT_KEY can be obtained from the Management Portal section of your Instana installation. -- YOUR_ZONE_NAME should be the zone that detected technologies will be assigned to. -- YOUR_CLUSTER_NAME should be the custom name of your cluster. - -At least one of zone.name or cluster.name is required. This cluster will be reported with the name of the zone unless you specify a cluster name. - -{{- else if (and (not .Values.zone.name) (not .Values.cluster.name)) }} -############################################################################## -#### ERROR: You did not specify a zone or name for this cluster. #### -############################################################################## - -This agent deployment will be incomplete until you set a zone for this cluster: - - helm upgrade {{ .Release.Name }} --reuse-values \ - --set zone.name=$(YOUR_ZONE_NAME) stable/instana-agent - -Alternatively, you may specify a cluster name and the zone will be detected from availability zone information on the host: - - helm upgrade {{ .Release.Name }} --reuse-values \ - --set cluster.name=$(YOUR_CLUSTER_NAME) stable/instana-agent - -- YOUR_ZONE_NAME should be the zone that detected technologies will be assigned to. -- YOUR_CLUSTER_NAME should be the custom name of your cluster. - -At least one of zone.name or cluster.name is required. This cluster will be reported with the name of the zone unless you specify a cluster name. - -{{- else if not .Values.agent.key }} -############################################################################## -#### ERROR: You did not specify your secret agent key. #### -############################################################################## - -This agent deployment will be incomplete until you set your agent key: - - helm upgrade {{ .Release.Name }} --reuse-values \ - --set agent.key=$(YOUR_SECRET_AGENT_KEY) stable/instana-agent - -- YOUR_SECRET_AGENT_KEY can be obtained from the Management Portal section of your Instana installation. - -{{- else -}} -It may take a few moments for the agents to fully deploy. You can see what agents are running by listing resources in the {{ .Release.Namespace }} namespace: - - kubectl get all -n {{ .Release.Namespace }} - -You can get the logs for all of the agents with `kubectl logs`: - - kubectl logs -l app.kubernetes.io/name={{ .Release.Name }} -n {{ .Release.Namespace }} -c instana-agent - -{{- end }} diff --git a/charts/instana-agent/instana-agent/1.0.2900/templates/_helpers.tpl b/charts/instana-agent/instana-agent/1.0.2900/templates/_helpers.tpl deleted file mode 100755 index 674e730f2..000000000 --- a/charts/instana-agent/instana-agent/1.0.2900/templates/_helpers.tpl +++ /dev/null @@ -1,76 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "instana-agent.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "instana-agent.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "instana-agent.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -The name of the ServiceAccount used. -*/}} -{{- define "instana-agent.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "instana-agent.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -The name of the PodSecurityPolicy used. -*/}} -{{- define "instana-agent.podSecurityPolicyName" -}} -{{- if .Values.podSecurityPolicy.enable -}} -{{ default (include "instana-agent.fullname" .) .Values.podSecurityPolicy.name }} -{{- end -}} -{{- end -}} - -{{/* -Add Helm metadata to resource labels. -*/}} -{{- define "instana-agent.commonLabels" -}} -app.kubernetes.io/name: {{ include "instana-agent.name" . }} -{{ if .Values.templating -}} -app.kubernetes.io/version: {{ .Chart.Version }} -{{- else -}} -app.kubernetes.io/instance: {{ .Release.Name }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -helm.sh/chart: {{ include "instana-agent.chart" . }} -{{- end -}} -{{- end -}} - -{{/* -Add Helm metadata to selector labels specifically for deployments/daemonsets/statefulsets. -*/}} -{{- define "instana-agent.selectorLabels" -}} -app.kubernetes.io/name: {{ include "instana-agent.name" . }} -{{ if not .Values.templating -}} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end -}} -{{- end -}} diff --git a/charts/instana-agent/instana-agent/1.0.2900/templates/agentsecret.yaml b/charts/instana-agent/instana-agent/1.0.2900/templates/agentsecret.yaml deleted file mode 100755 index 2e378276c..000000000 --- a/charts/instana-agent/instana-agent/1.0.2900/templates/agentsecret.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if or .Values.agent.key .Values.agent.downloadKey }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "instana-agent.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "instana-agent.commonLabels" . | nindent 4 }} -type: Opaque -data: -{{- if .Values.templating }} - key: {{ .Values.agent.key }} -{{- else }} - key: {{ .Values.agent.key | b64enc | quote }} -{{- end }} -{{- if .Values.agent.downloadKey }} - downloadKey: {{ .Values.agent.downloadKey | b64enc | quote }} -{{- end }} -{{- end }} diff --git a/charts/instana-agent/instana-agent/1.0.2900/templates/clusterrole.yaml b/charts/instana-agent/instana-agent/1.0.2900/templates/clusterrole.yaml deleted file mode 100755 index 91b3ad026..000000000 --- a/charts/instana-agent/instana-agent/1.0.2900/templates/clusterrole.yaml +++ /dev/null @@ -1,68 +0,0 @@ -{{- if .Values.rbac.create -}} -kind: ClusterRole -{{- if .Values.agent.supportOpenshift }} -apiVersion: v1 -{{- else }} -apiVersion: rbac.authorization.k8s.io/v1 -{{- end }} -metadata: - name: {{ template "instana-agent.fullname" . }} - labels: - {{- include "instana-agent.commonLabels" . | nindent 4 }} -rules: -- nonResourceURLs: - - "/version" - - "/healthz" - verbs: ["get"] -- apiGroups: ["batch"] - resources: - - "jobs" - - "cronjobs" - verbs: ["get", "list", "watch"] -- apiGroups: ["extensions"] - resources: - - "deployments" - - "replicasets" - - "ingresses" - verbs: ["get", "list", "watch"] -- apiGroups: ["apps"] - resources: - - "deployments" - - "replicasets" - - "daemonsets" - - "statefulsets" - verbs: ["get", "list", "watch"] -- apiGroups: [""] - resources: - - "namespaces" - - "events" - - "services" - - "endpoints" - - "nodes" - - "pods" - - "replicationcontrollers" - - "componentstatuses" - - "resourcequotas" - verbs: ["get", "list", "watch"] -- apiGroups: [""] - resources: - - "endpoints" - verbs: ["create", "update", "patch"] -- apiGroups: ["networking.k8s.io"] - resources: - - "ingresses" - verbs: ["get", "list", "watch"] -{{- if .Values.agent.supportOpenshift }} -- apiGroups: ["apps.openshift.io"] - resources: - - "deploymentconfigs" - verbs: ["get", "list", "watch"] -{{- end -}} -{{- if .Values.podSecurityPolicy.enable}} -- apiGroups: ["policy"] - resources: ["podsecuritypolicies"] - verbs: ["use"] - resourceNames: - - {{ template "instana-agent.podSecurityPolicyName" . }} -{{- end -}} -{{- end -}} diff --git a/charts/instana-agent/instana-agent/1.0.2900/templates/clusterrolebinding.yaml b/charts/instana-agent/instana-agent/1.0.2900/templates/clusterrolebinding.yaml deleted file mode 100755 index 4d8ab6adb..000000000 --- a/charts/instana-agent/instana-agent/1.0.2900/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if .Values.rbac.create -}} -kind: ClusterRoleBinding -{{- if .Values.agent.supportOpenshift }} -apiVersion: v1 -{{- else }} -apiVersion: rbac.authorization.k8s.io/v1 -{{- end }} -metadata: - name: {{ template "instana-agent.fullname" . }} - labels: - {{- include "instana-agent.commonLabels" . | nindent 4 }} -subjects: -- kind: ServiceAccount - name: {{ template "instana-agent.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: {{ template "instana-agent.fullname" . }} - {{- if not .Values.agent.supportOpenshift }} - apiGroup: rbac.authorization.k8s.io - {{- end -}} -{{- end -}} diff --git a/charts/instana-agent/instana-agent/1.0.2900/templates/configmap.yaml b/charts/instana-agent/instana-agent/1.0.2900/templates/configmap.yaml deleted file mode 100755 index 11334323d..000000000 --- a/charts/instana-agent/instana-agent/1.0.2900/templates/configmap.yaml +++ /dev/null @@ -1,44 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "instana-agent.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "instana-agent.commonLabels" . | nindent 4 }} -data: - configuration.yaml: | - # Manual a-priori configuration. Configuration will be only used when the sensor - # is actually installed by the agent. - # The commented out example values represent example configuration and are not - # necessarily defaults. Defaults are usually 'absent' or mentioned separately. - # Changes are hot reloaded unless otherwise mentioned. - - # It is possible to create files called 'configuration-abc.yaml' which are - # merged with this file in file system order. So 'configuration-cde.yaml' comes - # after 'configuration-abc.yaml'. Only nested structures are merged, values are - # overwritten by subsequent configurations. - - # Secrets - # To filter sensitive data from collection by the agent, all sensors respect - # the following secrets configuration. If a key collected by a sensor matches - # an entry from the list, the value is redacted. - #com.instana.secrets: - # matcher: 'contains-ignore-case' # 'contains-ignore-case', 'contains', 'regex' - # list: - # - 'key' - # - 'password' - # - 'secret' - - # Host - #com.instana.plugin.host: - # tags: - # - 'dev' - # - 'app1' - - # Hardware & Zone - #com.instana.plugin.generic.hardware: - # enabled: true # disabled by default - # availability-zone: 'zone' - {{- if .Values.agent.configuration_yaml -}} - {{ .Values.agent.configuration_yaml | nindent 4 }} - {{- end }} diff --git a/charts/instana-agent/instana-agent/1.0.2900/templates/daemonset.yaml b/charts/instana-agent/instana-agent/1.0.2900/templates/daemonset.yaml deleted file mode 100755 index 7918ec7a1..000000000 --- a/charts/instana-agent/instana-agent/1.0.2900/templates/daemonset.yaml +++ /dev/null @@ -1,210 +0,0 @@ -{{- if .Values.agent.key -}} -{{- if or .Values.zone.name .Values.cluster.name -}} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ template "instana-agent.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "instana-agent.commonLabels" . | nindent 4 }} -spec: - selector: - matchLabels: - {{- include "instana-agent.selectorLabels" . | nindent 6 }} - template: - metadata: - labels: - {{- include "instana-agent.commonLabels" . | nindent 8 }} - {{- if .Values.agent.pod.annotations }} - annotations: - {{- toYaml .Values.agent.pod.annotations | nindent 8 }} - {{- end }} - spec: - {{- if .Values.agent.pod.nodeSelector }} - nodeSelector: - {{- range $key, $value := .Values.agent.pod.nodeSelector }} - {{ $key }}: {{ $value | quote }} - {{- end }} - {{- end }} - serviceAccountName: {{ template "instana-agent.serviceAccountName" . }} - hostIPC: true - hostNetwork: true - hostPID: true - containers: - - name: instana-agent - image: "{{ .Values.agent.image.name }}:{{ .Values.agent.image.tag }}" - imagePullPolicy: {{ .Values.agent.image.pullPolicy }} - env: - - name: INSTANA_AGENT_LEADER_ELECTOR_PORT - value: {{ .Values.leaderElector.port | quote }} - - name: INSTANA_ZONE - value: {{ .Values.zone.name | quote }} - {{- if .Values.cluster.name }} - - name: INSTANA_KUBERNETES_CLUSTER_NAME - value: {{ .Values.cluster.name | quote }} - {{- end }} - - name: INSTANA_AGENT_ENDPOINT - value: {{ .Values.agent.endpointHost | quote }} - - name: INSTANA_AGENT_ENDPOINT_PORT - value: {{ .Values.agent.endpointPort | quote }} - - name: INSTANA_AGENT_KEY - valueFrom: - secretKeyRef: - name: {{ template "instana-agent.fullname" . }} - key: key - {{- if .Values.agent.mode }} - - name: INSTANA_AGENT_MODE - value: {{ .Values.agent.mode | quote }} - {{- end }} - {{- if .Values.agent.downloadKey }} - - name: INSTANA_DOWNLOAD_KEY - valueFrom: - secretKeyRef: - name: {{ template "instana-agent.fullname" . }} - key: downloadKey - {{- end }} - {{- if .Values.agent.proxyHost }} - - name: INSTANA_AGENT_PROXY_HOST - value: {{ .Values.agent.proxyHost | quote }} - {{- end }} - {{- if .Values.agent.proxyPort }} - - name: INSTANA_AGENT_PROXY_PORT - value: {{ .Values.agent.proxyPort | quote }} - {{- end }} - {{- if .Values.agent.proxyProtocol }} - - name: INSTANA_AGENT_PROXY_PROTOCOL - value: {{ .Values.agent.proxyProtocol | quote }} - {{- end }} - {{- if .Values.agent.proxyUser }} - - name: INSTANA_AGENT_PROXY_USER - value: {{ .Values.agent.proxyUser | quote }} - {{- end }} - {{- if .Values.agent.proxyPassword }} - - name: INSTANA_AGENT_PROXY_PASSWORD - value: {{ .Values.agent.proxyPassword | quote }} - {{- end }} - {{- if .Values.agent.proxyUseDNS }} - - name: INSTANA_AGENT_PROXY_USE_DNS - value: {{ .Values.agent.proxyUseDNS | quote }} - {{- end }} - {{- if .Values.agent.listenAddress }} - - name: INSTANA_AGENT_HTTP_LISTEN - value: {{ .Values.agent.listenAddress | quote }} - {{- end }} - {{- if .Values.agent.redactKubernetesSecrets }} - - name: INSTANA_KUBERNETES_REDACT_SECRETS - value: {{ .Values.agent.redactKubernetesSecrets | quote }} - {{- end }} - - name: JAVA_OPTS - # Approximately 1/3 of container memory requests to allow for direct-buffer memory usage and JVM overhead - value: "-Xmx{{ div (default 512 .Values.agent.pod.requests.memory) 3 }}M -XX:+ExitOnOutOfMemoryError" - - name: INSTANA_AGENT_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - {{- range $key, $value := .Values.agent.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - securityContext: - privileged: true - volumeMounts: - - name: dev - mountPath: /dev - - name: run - mountPath: /run - - name: var-run - mountPath: /var/run - - name: sys - mountPath: /sys - - name: var-log - mountPath: /var/log - - name: var-lib - mountPath: /var/lib/containers/storage - - name: machine-id - mountPath: /etc/machine-id - - name: configuration - subPath: configuration.yaml - mountPath: /root/configuration.yaml - {{- if .Values.agent.host.repository }} - - name: repo - mountPath: /opt/instana/agent/data/repo - {{- end }} - livenessProbe: - httpGet: - path: /status - port: 42699 - initialDelaySeconds: 300 - timeoutSeconds: 3 - resources: - requests: - memory: "{{ default 512 .Values.agent.pod.requests.memory }}Mi" - cpu: {{ default 0.5 .Values.agent.pod.requests.cpu }} - limits: - memory: "{{ default 512 .Values.agent.pod.limits.memory }}Mi" - cpu: {{ default 1.5 .Values.agent.pod.limits.cpu }} - ports: - - containerPort: 42699 - - name: instana-agent-leader-elector - image: "{{ .Values.leaderElector.image.name }}:{{ .Values.leaderElector.image.tag }}" - env: - - name: INSTANA_AGENT_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - command: - - "/busybox/sh" - - "-c" - - "sleep 12 && /app/server --election=instana --http=localhost:{{ .Values.leaderElector.port }} --id=$(INSTANA_AGENT_POD_NAME)" - resources: - requests: - cpu: 0.1 - memory: 64Mi - livenessProbe: - httpGet: # Leader elector liveness is tied to agent, published on localhost:42699 - path: /com.instana.agent.coordination.sidecar/health - port: 42699 - initialDelaySeconds: 300 - timeoutSeconds: 3 - ports: - - containerPort: {{ .Values.leaderElector.port }} - {{- if .Values.agent.pod.tolerations }} - tolerations: - {{- toYaml .Values.agent.pod.tolerations | nindent 8 }} - {{- end }} - volumes: - - name: dev - hostPath: - path: /dev - - name: run - hostPath: - path: /run - - name: var-run - hostPath: - path: /var/run - - name: sys - hostPath: - path: /sys - - name: var-log - hostPath: - path: /var/log - - name: var-lib - hostPath: - path: /var/lib/containers/storage - - name: machine-id - hostPath: - path: /etc/machine-id - - name: configuration - configMap: - name: {{ template "instana-agent.fullname" . }} - {{- if .Values.agent.host.repository }} - - name: repo - hostPath: - path: {{ .Values.agent.host.repository }} - {{- end }} -{{- end -}} -{{- end -}} diff --git a/charts/instana-agent/instana-agent/1.0.2900/templates/namespace.yaml b/charts/instana-agent/instana-agent/1.0.2900/templates/namespace.yaml deleted file mode 100755 index 98f3d61b3..000000000 --- a/charts/instana-agent/instana-agent/1.0.2900/templates/namespace.yaml +++ /dev/null @@ -1,8 +0,0 @@ -{{- if .Values.templating }} -apiVersion: v1 -kind: Namespace -metadata: - name: {{ .Release.Namespace }} - labels: - {{- include "instana-agent.commonLabels" . | nindent 4 }} -{{- end }} diff --git a/charts/instana-agent/instana-agent/1.0.2900/templates/podsecuritypolicy.yaml b/charts/instana-agent/instana-agent/1.0.2900/templates/podsecuritypolicy.yaml deleted file mode 100755 index 6ade65a5f..000000000 --- a/charts/instana-agent/instana-agent/1.0.2900/templates/podsecuritypolicy.yaml +++ /dev/null @@ -1,55 +0,0 @@ -{{- if .Values.rbac.create -}} -{{- if (and .Values.podSecurityPolicy.enable (not .Values.podSecurityPolicy.name)) -}} -kind: PodSecurityPolicy -apiVersion: policy/v1beta1 -metadata: - name: {{ template "instana-agent.podSecurityPolicyName" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "instana-agent.commonLabels" . | nindent 4 }} -spec: - privileged: true - allowPrivilegeEscalation: true - volumes: - - configMap - - downwardAPI - - emptyDir - - persistentVolumeClaim - - secret - - projected - - hostPath - allowedHostPaths: - - pathPrefix: "/dev" - readOnly: false - - pathPrefix: "/run" - readOnly: false - - pathPrefix: "/var/run" - readOnly: false - - pathPrefix: "/sys" - readOnly: false - - pathPrefix: "/var/log" - readOnly: false - - pathPrefix: "/etc/machine-id" - readOnly: false - - pathPrefix: "/var/lib/containers/storage" - readOnly: false - {{- if .Values.agent.host.repository }} - - pathPrefix: {{ .Values.agent.host.repository }} - readOnly: false - {{- end }} - hostNetwork: true - hostPorts: - - min: 0 - max: 65535 - hostIPC: true - hostPID: true - runAsUser: - rule: "RunAsAny" - seLinux: - rule: "RunAsAny" - supplementalGroups: - rule: "RunAsAny" - fsGroup: - rule: "RunAsAny" -{{- end -}} -{{- end -}} diff --git a/charts/instana-agent/instana-agent/1.0.2900/templates/serviceaccount.yaml b/charts/instana-agent/instana-agent/1.0.2900/templates/serviceaccount.yaml deleted file mode 100755 index 0a0b52f8a..000000000 --- a/charts/instana-agent/instana-agent/1.0.2900/templates/serviceaccount.yaml +++ /dev/null @@ -1,9 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "instana-agent.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "instana-agent.commonLabels" . | nindent 4 }} -{{- end -}} diff --git a/charts/instana-agent/instana-agent/1.0.2900/values.yaml b/charts/instana-agent/instana-agent/1.0.2900/values.yaml deleted file mode 100755 index 3b23ad868..000000000 --- a/charts/instana-agent/instana-agent/1.0.2900/values.yaml +++ /dev/null @@ -1,111 +0,0 @@ -# name is the value which will be used as the base resource name for various resources associated with the agent. -# name: instana-agent - -agent: - # agent.key is the secret token which your agent uses to authenticate to Instana's servers. - key: null - # agent.mode is used to set agent mode and it can be APM, INFRASTRUCTURE or AWS - # mode: APM - # agent.downloadKey is optional, if used it doesn't have to match agent.key - # downloadKey: null - # agent.listenAddress is the IP address the agent HTTP server will listen to. - # listenAddress: * - - # agent.endpointHost is the hostname of the Instana server your agents will connect to. - endpointHost: ingress-red-saas.instana.io - # agent.endpointPort is the port number (as a String) of the Instana server your agents will connect to. - endpointPort: 443 - - image: - # agent.image.name is the name of the container image of the Instana agent. - name: instana/agent - # agent.image.tag is the tag name of the agent container image. - tag: latest - # agent.image.pullPolicy specifies when to pull the image container. - pullPolicy: Always - - pod: - # agent.pod.annotations are additional annotations to be added to the agent pods. - annotations: {} - - # agent.pod.tolerations are tolerations to influence agent pod assignment. - # https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - tolerations: [] - - requests: - # agent.pod.requests.memory is the requested memory allocation in MiB for the agent pods. - memory: 512 - # agent.pod.requests.cpu are the requested CPU units allocation for the agent pods. - cpu: 0.5 - limits: - # agent.pod.limits.memory set the memory allocation limits in MiB for the agent pods. - memory: 512 - # agent.pod.limits.cpu sets the CPU units allocation limits for the agent pods. - cpu: 1.5 - - # agent.proxyHost sets the INSTANA_AGENT_PROXY_HOST environment variable. - # proxyHost: null - # agent.proxyPort sets the INSTANA_AGENT_PROXY_PORT environment variable. - # proxyPort: null - # agent.proxyProtocol sets the INSTANA_AGENT_PROXY_PROTOCOL environment variable. - # proxyProtocol: null - # agent.proxyUser sets the INSTANA_AGENT_PROXY_USER environment variable. - # proxyUser: null - # agent.proxyPassword sets the INSTANA_AGENT_PROXY_PASSWORD environment variable. - # proxyPassword: null - # agent.proxyUseDNS sets the INSTANA_AGENT_PROXY_USE_DNS environment variable. - # proxyUseDNS: null - - # use this to set additional environment variables for the instana agent - # for example: - # env: - # INSTANA_AGENT_TAGS: dev - env: {} - - configuration_yaml: | - # Place agent configuration here - - # agent.redactKubernetesSecrets sets the INSTANA_KUBERNETES_REDACT_SECRETS environment variable. - # redactKubernetesSecrets: null - - # agent.host.repository sets a host path to be mounted as the agent maven repository (for debugging or development purposes) - host: - repository: null - - # agent.supportOpenshift specifies whether the cluster role should include openshift permissions - # supportOpenshift: true - -cluster: - # cluster.name represents the name that will be assigned to this cluster in Instana - name: null - -leaderElector: - image: - # leaderElector.image.name is the name of the container image of the leader elector. - name: instana/leader-elector - # leaderElector.image.tag is the tag name of the agent container image. - tag: 0.5.4 - port: 42655 - -rbac: - # Specifies whether RBAC resources should be created - create: true - -serviceAccount: - # Specifies whether a ServiceAccount should be created - create: true - # The name of the ServiceAccount to use. - # If not set and `create` is true, a name is generated using the fullname template - # name: instana-agent - -podSecurityPolicy: - # Specifies whether a PodSecurityPolicy should be authorized for the Instana Agent pods. - # Requires `rbac.create` to be `true` as well. - enable: false - # The name of an existing PodSecurityPolicy you would like to authorize for the Instana Agent pods. - # If not set and `enable` is true, a PodSecurityPolicy will be created with a name generated using the fullname template. - name: null - -zone: - # zone.name is the custom zone that detected technologies will be assigned to - name: null diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500+upv2.0.5/.helmignore b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500+upv2.0.5/.helmignore deleted file mode 100644 index be86b789d..000000000 --- a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500+upv2.0.5/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -# Helm files -OWNERS diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500+upv2.0.5/Chart.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500+upv2.0.5/Chart.yaml deleted file mode 100644 index 6dd85e4cd..000000000 --- a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500+upv2.0.5/Chart.yaml +++ /dev/null @@ -1,17 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: TrilioVault for Kubernetes Operator - catalog.cattle.io/release-name: k8s-triliovault-operator -apiVersion: v1 -appVersion: v2.0.5 -description: K8s-TrilioVault-Operator is an operator designed to manage the K8s-TrilioVault - Application Lifecycle. -home: https://github.com/trilioData/k8s-triliovault-operator -icon: https://www.trilio.io/wp-content/uploads/2021/01/Trilio-2020-logo-RGB-gray-green.png -maintainers: -- email: prafull.ladha@trilio.io - name: prafull11 -name: k8s-triliovault-operator -sources: -- https://github.com/trilioData/k8s-triliovault-operator -version: 2.0.500+upv2.0.5 diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500+upv2.0.5/LICENSE b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500+upv2.0.5/LICENSE deleted file mode 100644 index 76b559d3b..000000000 --- a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500+upv2.0.5/LICENSE +++ /dev/null @@ -1 +0,0 @@ -# Placeholder for the License if we decide to provide one diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500+upv2.0.5/README.md b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500+upv2.0.5/README.md deleted file mode 100644 index 600ce8dfd..000000000 --- a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500+upv2.0.5/README.md +++ /dev/null @@ -1,41 +0,0 @@ -# K8s-TrilioVault-Operator -This operator is to manage the lifecycle of TrilioVault Backup/Recovery solution. This operator install, updates and manage the TrilioVault application. - -## Introduction - -## Prerequisites - -- Kubernetes 1.13+ -- Alpha feature gates should be enabled -- PV provisioner support -- CSI driver should be installed - -## Installation - -To install the chart with the operator name `trilio`: - -```bash -# For helm version 2 -helm install --name trilio k8s-triliovault-operator - -# For helm version 3 -helm install --name-template trilio k8s-triliovault-operator -``` - -The command deploys the K8s-triliovault-operator with the default configuration. - -## Uninstall - -To uninstall/delete the chart `trilio` : - -```bash -# For helm version 2 -helm delete trilio --purge - -# For helm version 3 -helm uninstall trilio -``` - -## Configuration - -TODO: Add possible configuration in helm chart. diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500+upv2.0.5/app-readme.md b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500+upv2.0.5/app-readme.md deleted file mode 100644 index 65a2b3495..000000000 --- a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500+upv2.0.5/app-readme.md +++ /dev/null @@ -1,37 +0,0 @@ -# TrilioVault for Kubernetes - -[K8s-TrilioVault-Operator](https://trilio.io) is an operator designed to manage -the K8s-TrilioVault Application Lifecycle. - -This operator is to manage the lifecycle of TrilioVault Backup/Recovery solution. This operator install, updates and manage the TrilioVault application. - -Introduction: - -Prerequisites: - -Kubernetes 1.17+ -Alpha feature gates should be enabled -PV provisioner support -CSI driver should be installed - -Installation: - -To install the chart with the operator name trilio: - -helm install k8s-triliovault-operator triliovault-operator/k8s-triliovault-operator - -# For helm version 3 - -helm install triliovault-operator triliovault-operator/k8s-triliovault-operator - -The command deploys the Triliovault for Kubernetes Operator with the default configuration. - -Uninstall: - -To uninstall/delete the chart trilio : - -# For helm version 3 -helm uninstall k8s-triliovault-operator - -For more information around TVM manager installation, please follow below link: -https://docs.trilio.io/kubernetes/use-triliovault/installing-triliovault diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500+upv2.0.5/templates/NOTES.txt b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500+upv2.0.5/templates/NOTES.txt deleted file mode 100644 index 19cd282d3..000000000 --- a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500+upv2.0.5/templates/NOTES.txt +++ /dev/null @@ -1,3 +0,0 @@ -To verify that TrilioVault Operator has started, run: - - kubectl --namespace={{ .Release.Namespace }} get deployments -l "release={{ .Release.Name }}" \ No newline at end of file diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500+upv2.0.5/templates/_helpers.tpl b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500+upv2.0.5/templates/_helpers.tpl deleted file mode 100644 index 7cea76a18..000000000 --- a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500+upv2.0.5/templates/_helpers.tpl +++ /dev/null @@ -1,33 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "k8s-triliovault-operator.name" -}} -{{- default .Release.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "k8s-triliovault-operator.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Return the proper TrilioVault Operator image name -*/}} -{{- define "k8s-triliovault-operator.image" -}} -{{- $registryName := .Values.image.registry -}} -{{- $repositoryName := .Values.image.repository -}} -{{- $tag := .Values.image.tag | toString -}} -{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} -{{- end -}} diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500+upv2.0.5/templates/clusterrole.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500+upv2.0.5/templates/clusterrole.yaml deleted file mode 100644 index 47e151e09..000000000 --- a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500+upv2.0.5/templates/clusterrole.yaml +++ /dev/null @@ -1,53 +0,0 @@ - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{template "k8s-triliovault-operator.name" .}}-{{.Release.Namespace}}-manager-role -rules: -- apiGroups: - - triliovault.trilio.io - resources: - - triliovaulthpas - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - triliovault.trilio.io - resources: - - triliovaulthpas/status - verbs: - - get - - patch - - update -- apiGroups: - - triliovault.trilio.io - resources: - - triliovaultmanagers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - triliovault.trilio.io - resources: - - triliovaultmanagers/status - verbs: - - get - - patch - - update -- apiGroups: - - "*" - resources: - - "*" - verbs: - - "*" diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500+upv2.0.5/templates/clusterrole_binding.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500+upv2.0.5/templates/clusterrole_binding.yaml deleted file mode 100644 index 6b69f7acf..000000000 --- a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500+upv2.0.5/templates/clusterrole_binding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "k8s-triliovault-operator.name" . }}-{{ .Release.Namespace }}-manager-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "k8s-triliovault-operator.name" . }}-{{ .Release.Namespace }}-manager-role -subjects: -- kind: ServiceAccount - name: default - namespace: {{ .Release.Namespace }} diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500+upv2.0.5/templates/deployment.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500+upv2.0.5/templates/deployment.yaml deleted file mode 100644 index c0a850409..000000000 --- a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500+upv2.0.5/templates/deployment.yaml +++ /dev/null @@ -1,101 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "k8s-triliovault-operator.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app: k8s-triliovault-operator - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" -spec: - selector: - matchLabels: - app: {{ template "k8s-triliovault-operator.fullname" . }} - release: "{{ .Release.Name }}" - replicas: {{ .Values.replicaCount }} - template: - metadata: - labels: - app: {{ template "k8s-triliovault-operator.fullname" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" - spec: - containers: - - name: k8s-triliovault-operator - image: {{ .Values.registry }}/{{ index .Values "k8s-triliovault-operator" "repository" }}:{{ .Values.tag }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - env: - - name: TVK_ENV - value: {{ .Values.tvkEnv }} - - name: REGISTRY - value: {{ .Values.registry }} - - name: ADMISSION_MUTATION_CONFIG - value: {{ template "k8s-triliovault-operator.name" . }}-mutating-webhook-configuration - - name: ADMISSION_VALIDATION_CONFIG - value: {{ template "k8s-triliovault-operator.name" . }}-validating-webhook-configuration - - name: NAMESPACE_VALIDATION_CONFIG - value: {{ template "k8s-triliovault-operator.name" . }}-ns-validating-webhook-configuration - volumeMounts: - {{- if .Values.tls.enable }} - - name: helm-tls-certs - mountPath: /root/.helm - readOnly: true - {{- if .Values.tls.verify }} - - name: helm-tls-ca - mountPath: /root/.helm/ca.crt - readOnly: true - {{- end }} - {{- end }} - - mountPath: /tmp/k8s-webhook-server/serving-certs - name: webhook-certs - readOnly: true - resources: - limits: - cpu: 200m - memory: 512Mi - requests: - cpu: 10m - memory: 10Mi - initContainers: - - name: webhook-init - image: {{ .Values.registry }}/{{ index .Values "operator-webhook-init" "repository" }}:{{ .Values.tag }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - env: - - name: ADMISSION_MUTATION_CONFIG - value: {{ template "k8s-triliovault-operator.name" . }}-mutating-webhook-configuration - - name: ADMISSION_VALIDATION_CONFIG - value: {{ template "k8s-triliovault-operator.name" . }}-validating-webhook-configuration - - name: NAMESPACE_VALIDATION_CONFIG - value: {{ template "k8s-triliovault-operator.name" . }}-ns-validating-webhook-configuration - - name: WEBHOOK_SERVICE - value: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-service - - name: WEBHOOK_NAMESPACE - value: {{ .Release.Namespace }} - - name: SECRET_NAME - value: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-certs - {{- if .Values.nodeSelector }} - nodeSelector: {{- .Values.nodeSelector | toYaml | nindent 8 }} - {{- end }} - {{- if .Values.affinity }} - affinity: - {{- toYaml .Values.affinity | nindent 8 }} - {{- end }} - volumes: - {{- if .Values.tls.enable }} - - name: helm-tls-certs - secret: - secretName: {{ .Values.tls.secretName }} - defaultMode: 0400 - {{- if .Values.tls.verify }} - - name: helm-tls-ca - configMap: - name: {{ template "helm-operator.fullname" . }}-helm-tls-ca-config - defaultMode: 0600 - {{- end }} - {{- end }} - - name: webhook-certs - secret: - defaultMode: 420 - secretName: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-certs diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500+upv2.0.5/templates/mutating-webhook.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500+upv2.0.5/templates/mutating-webhook.yaml deleted file mode 100644 index 6a17a0e1e..000000000 --- a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500+upv2.0.5/templates/mutating-webhook.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: MutatingWebhookConfiguration -metadata: - name: {{ template "k8s-triliovault-operator.name" . }}-mutating-webhook-configuration -webhooks: -- clientConfig: - caBundle: Cg== - service: - name: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-service - namespace: {{ .Release.Namespace }} - path: /mutate-triliovault-trilio-io-v1-triliovaultmanager - failurePolicy: Fail - name: v1-tvm-mutation.trilio.io - rules: - - apiGroups: - - triliovault.trilio.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - triliovaultmanagers - sideEffects: None diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500+upv2.0.5/templates/ns-validating-webhook.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500+upv2.0.5/templates/ns-validating-webhook.yaml deleted file mode 100644 index a51d3f375..000000000 --- a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500+upv2.0.5/templates/ns-validating-webhook.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: ValidatingWebhookConfiguration -metadata: - name: {{ template "k8s-triliovault-operator.name" . }}-ns-validating-webhook-configuration -webhooks: -- clientConfig: - caBundle: Cg== - service: - name: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-service - namespace: {{ .Release.Namespace }} - path: /validate-core-v1-namespace - failurePolicy: Fail - name: v1-tvm-ns-validation.trilio.io - namespaceSelector: - matchExpressions: - - key: trilio-operator-label - operator: In - values: - - {{ .Release.Namespace }} - rules: - - apiGroups: - - "" - apiVersions: - - v1 - operations: - - DELETE - resources: - - namespaces - scope: '*' - sideEffects: None diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500+upv2.0.5/templates/secret.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500+upv2.0.5/templates/secret.yaml deleted file mode 100644 index ea1faf3e1..000000000 --- a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500+upv2.0.5/templates/secret.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-certs - namespace: {{ .Release.Namespace }} -type: Opaque diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500+upv2.0.5/templates/triliovault.trilio.io_triliovaultmanagers.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500+upv2.0.5/templates/triliovault.trilio.io_triliovaultmanagers.yaml deleted file mode 100644 index c1e40f2e7..000000000 --- a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500+upv2.0.5/templates/triliovault.trilio.io_triliovaultmanagers.yaml +++ /dev/null @@ -1,826 +0,0 @@ - ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null - name: triliovaultmanagers.triliovault.trilio.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.trilioVaultAppVersion - name: TrilioVault-Version - type: string - - JSONPath: .spec.applicationScope - name: Scope - type: string - - JSONPath: .status.conditions.type - name: Status - type: string - - JSONPath: .spec.restoreNamespaces - name: Restore-Namespaces - type: string - group: triliovault.trilio.io - names: - kind: TrilioVaultManager - listKind: TrilioVaultManagerList - plural: triliovaultmanagers - shortNames: - - tvm - singular: triliovaultmanager - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: TrilioVaultManager is the Schema for the triliovaultmanagers API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: TrilioVaultManagerSpec defines the desired state of TrilioVaultManager - properties: - affinity: - description: The scheduling constraints on application pods. - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes - that satisfy the affinity expressions specified by this field, - but it may choose a node that violates one or more of the - expressions. The node that is most preferred is the one with - the greatest sum of weights, i.e. for each node that meets - all of the scheduling requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating through - the elements of this field and adding "weight" to the sum - if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: An empty preferred scheduling term matches all - objects with implicit weight 0 (i.e. it's a no-op). A null - preferred scheduling term matches no objects (i.e. is also - a no-op). - properties: - preference: - description: A node selector term, associated with the - corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be - empty. If the operator is Gt or Lt, the values - array must have a single element, which will - be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be - empty. If the operator is Gt or Lt, the values - array must have a single element, which will - be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - description: Weight associated with matching the corresponding - nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to an update), the system may or may not try to - eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. The - terms are ORed. - items: - description: A null or empty node selector term matches - no objects. The requirements of them are ANDed. The - TopologySelectorTerm type implements a subset of the - NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be - empty. If the operator is Gt or Lt, the values - array must have a single element, which will - be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be - empty. If the operator is Gt or Lt, the values - array must have a single element, which will - be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate - this pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes - that satisfy the affinity expressions specified by this field, - but it may choose a node that violates one or more of the - expressions. The node that is most preferred is the one with - the greatest sum of weights, i.e. for each node that meets - all of the scheduling requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating through - the elements of this field and adding "weight" to the sum - if the node has pods which matches the corresponding podAffinityTerm; - the node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey matches - that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to a pod label update), the system may or may not - try to eventually evict the pod from its node. When there - are multiple elements, the lists of nodes corresponding to - each podAffinityTerm are intersected, i.e. all terms must - be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) that - this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of pods - is running - properties: - labelSelector: - description: A label query over a set of resources, in - this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator is - Exists or DoesNotExist, the values array must - be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces the - labelSelector applies to (matches against); null or - empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of any - node on which any of the selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. - avoid putting this pod in the same node, zone, etc. as some other - pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes - that satisfy the anti-affinity expressions specified by this - field, but it may choose a node that violates one or more - of the expressions. The node that is most preferred is the - one with the greatest sum of weights, i.e. for each node that - meets all of the scheduling requirements (resource request, - requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field - and adding "weight" to the sum if the node has pods which - matches the corresponding podAffinityTerm; the node(s) with - the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey matches - that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by - this field are not met at scheduling time, the pod will not - be scheduled onto the node. If the anti-affinity requirements - specified by this field cease to be met at some point during - pod execution (e.g. due to a pod label update), the system - may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding - to each podAffinityTerm are intersected, i.e. all terms must - be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) that - this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of pods - is running - properties: - labelSelector: - description: A label query over a set of resources, in - this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator is - Exists or DoesNotExist, the values array must - be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces the - labelSelector applies to (matches against); null or - empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of any - node on which any of the selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - applicationScope: - description: Scope for the application which will be installed in the - cluster NamespaceScope or ClusterScope - enum: - - Cluster - - Namespaced - type: string - dataJobLimits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: DataJobLimits are the resource limits for all the data - processing jobs. - type: object - deploymentLimits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: DeploymentLimits are the resource limits for all the deployments. - type: object - helmValues: - description: HelmValues holds all the additional fields in the values.yaml - of TVK helm chart. - type: object - helmVersion: - description: 'Deprecated: Helm Version' - properties: - tillerNamespace: - type: string - version: - enum: - - v3 - type: string - required: - - version - type: object - metadataJobLimits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: MetadataJobLimits are the resource limits for all the meta - processing jobs. - type: object - nodeSelector: - additionalProperties: - type: string - description: NodeSelector specifies a map of key-value pairs. For the - pod to be eligible to run on a node, the node must have each of the - indicated key-value pairs as labels. - type: object - resources: - description: 'Deprecated: Resources are the resource requirements for - the containers.' - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources - required. If Requests is omitted for a container, it defaults - to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - restoreNamespaces: - description: 'Deprecated: RestoreNamespaces are the namespace where - you want to restore your applications. Restore Namespaces depends - on your k8s RBAC' - items: - type: string - type: array - tolerations: - description: The toleration of application against the specific taints - on the nodes - items: - description: The pod this Toleration is attached to tolerates any - taint that matches the triple using the matching - operator . - properties: - effect: - description: Effect indicates the taint effect to match. Empty - means match all taint effects. When specified, allowed values - are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, operator - must be Exists; this combination means to match all values and - all keys. - type: string - operator: - description: Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. Exists - is equivalent to wildcard for value, so that a pod can tolerate - all taints of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time the - toleration (which must be of effect NoExecute, otherwise this - field is ignored) tolerates the taint. By default, it is not - set, which means tolerate the taint forever (do not evict). - Zero and negative values will be treated as 0 (evict immediately) - by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise - just a regular string. - type: string - type: object - type: array - trilioVaultAppVersion: - description: Helm Chart version - type: string - required: - - applicationScope - type: object - status: - description: TrilioVaultManagerStatus defines the observed state of TrilioVaultManager - properties: - conditions: - properties: - lastTransitionTime: - format: date-time - nullable: true - type: string - message: - minLength: 0 - type: string - reason: - enum: - - InstallSuccessful - - UpdateSuccessful - - UninstallSuccessful - - InstallError - - UpdateError - - ReconcileError - - UninstallError - type: string - status: - enum: - - "True" - - "False" - - Unknown - type: string - type: - enum: - - Initialized - - Deployed - - Updated - - ReleaseFailed - - Irreconcilable - type: string - type: object - deployedRelease: - properties: - manifest: - type: string - name: - type: string - type: object - releaseVersion: - type: string - required: - - conditions - type: object - type: object - version: v1 - versions: - - name: v1 - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500+upv2.0.5/templates/validating-webhook.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500+upv2.0.5/templates/validating-webhook.yaml deleted file mode 100644 index fe001ffe9..000000000 --- a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500+upv2.0.5/templates/validating-webhook.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: ValidatingWebhookConfiguration -metadata: - name: {{ template "k8s-triliovault-operator.name" . }}-validating-webhook-configuration -webhooks: -- clientConfig: - caBundle: Cg== - service: - name: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-service - namespace: {{ .Release.Namespace }} - path: /validate-triliovault-trilio-io-v1-triliovaultmanager - failurePolicy: Fail - name: v1-tvm-validation.trilio.io - rules: - - apiGroups: - - triliovault.trilio.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - triliovaultmanagers - sideEffects: None diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500+upv2.0.5/templates/webhook-service.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500+upv2.0.5/templates/webhook-service.yaml deleted file mode 100644 index 68f7a53c6..000000000 --- a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500+upv2.0.5/templates/webhook-service.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-service - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "k8s-triliovault-operator.fullname" . }} - release: "{{ .Release.Name }}" -spec: - ports: - - port: 443 - targetPort: 9443 - selector: - app: {{ template "k8s-triliovault-operator.fullname" . }} - release: "{{ .Release.Name }}" \ No newline at end of file diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500+upv2.0.5/values.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500+upv2.0.5/values.yaml deleted file mode 100644 index c95368c61..000000000 --- a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500+upv2.0.5/values.yaml +++ /dev/null @@ -1,33 +0,0 @@ -## TrilioVault Operator -registry: "eu.gcr.io/amazing-chalice-243510" - -operator-webhook-init: - repository: operator-webhook-init - -k8s-triliovault-operator: - repository: k8s-triliovault-operator - -tag: "v2.0.5" - -affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: kubernetes.io/arch - operator: In - values: - - amd64 - -image: - pullPolicy: Always -tls: - secretName: "helm-client-certs" - verify: false - enable: false - keyFile: "tls.key" - certFile: "tls.crt" - caContent: "" - hostname: "" - -nameOverride: "" diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/.helmignore b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/.helmignore deleted file mode 100755 index be86b789d..000000000 --- a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -# Helm files -OWNERS diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/Chart.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/Chart.yaml deleted file mode 100755 index 21103e362..000000000 --- a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/Chart.yaml +++ /dev/null @@ -1,17 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: TrilioVault for Kubernetes Operator - catalog.cattle.io/release-name: k8s-triliovault-operator -apiVersion: v1 -appVersion: v2.0.5 -description: K8s-TrilioVault-Operator is an operator designed to manage the K8s-TrilioVault - Application Lifecycle. -home: https://github.com/trilioData/k8s-triliovault-operator -icon: https://www.trilio.io/wp-content/uploads/2021/01/Trilio-2020-logo-RGB-gray-green.png -maintainers: -- email: prafull.ladha@trilio.io - name: prafull11 -name: k8s-triliovault-operator -sources: -- https://github.com/trilioData/k8s-triliovault-operator -version: 2.0.500 diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/LICENSE b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/LICENSE deleted file mode 100755 index 76b559d3b..000000000 --- a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/LICENSE +++ /dev/null @@ -1 +0,0 @@ -# Placeholder for the License if we decide to provide one diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/README.md b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/README.md deleted file mode 100755 index 600ce8dfd..000000000 --- a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/README.md +++ /dev/null @@ -1,41 +0,0 @@ -# K8s-TrilioVault-Operator -This operator is to manage the lifecycle of TrilioVault Backup/Recovery solution. This operator install, updates and manage the TrilioVault application. - -## Introduction - -## Prerequisites - -- Kubernetes 1.13+ -- Alpha feature gates should be enabled -- PV provisioner support -- CSI driver should be installed - -## Installation - -To install the chart with the operator name `trilio`: - -```bash -# For helm version 2 -helm install --name trilio k8s-triliovault-operator - -# For helm version 3 -helm install --name-template trilio k8s-triliovault-operator -``` - -The command deploys the K8s-triliovault-operator with the default configuration. - -## Uninstall - -To uninstall/delete the chart `trilio` : - -```bash -# For helm version 2 -helm delete trilio --purge - -# For helm version 3 -helm uninstall trilio -``` - -## Configuration - -TODO: Add possible configuration in helm chart. diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/app-readme.md b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/app-readme.md deleted file mode 100755 index 65a2b3495..000000000 --- a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/app-readme.md +++ /dev/null @@ -1,37 +0,0 @@ -# TrilioVault for Kubernetes - -[K8s-TrilioVault-Operator](https://trilio.io) is an operator designed to manage -the K8s-TrilioVault Application Lifecycle. - -This operator is to manage the lifecycle of TrilioVault Backup/Recovery solution. This operator install, updates and manage the TrilioVault application. - -Introduction: - -Prerequisites: - -Kubernetes 1.17+ -Alpha feature gates should be enabled -PV provisioner support -CSI driver should be installed - -Installation: - -To install the chart with the operator name trilio: - -helm install k8s-triliovault-operator triliovault-operator/k8s-triliovault-operator - -# For helm version 3 - -helm install triliovault-operator triliovault-operator/k8s-triliovault-operator - -The command deploys the Triliovault for Kubernetes Operator with the default configuration. - -Uninstall: - -To uninstall/delete the chart trilio : - -# For helm version 3 -helm uninstall k8s-triliovault-operator - -For more information around TVM manager installation, please follow below link: -https://docs.trilio.io/kubernetes/use-triliovault/installing-triliovault diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/NOTES.txt b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/NOTES.txt deleted file mode 100755 index 19cd282d3..000000000 --- a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/NOTES.txt +++ /dev/null @@ -1,3 +0,0 @@ -To verify that TrilioVault Operator has started, run: - - kubectl --namespace={{ .Release.Namespace }} get deployments -l "release={{ .Release.Name }}" \ No newline at end of file diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/_helpers.tpl b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/_helpers.tpl deleted file mode 100755 index 7cea76a18..000000000 --- a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/_helpers.tpl +++ /dev/null @@ -1,33 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "k8s-triliovault-operator.name" -}} -{{- default .Release.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "k8s-triliovault-operator.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Return the proper TrilioVault Operator image name -*/}} -{{- define "k8s-triliovault-operator.image" -}} -{{- $registryName := .Values.image.registry -}} -{{- $repositoryName := .Values.image.repository -}} -{{- $tag := .Values.image.tag | toString -}} -{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} -{{- end -}} diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/clusterrole.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/clusterrole.yaml deleted file mode 100755 index 47e151e09..000000000 --- a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/clusterrole.yaml +++ /dev/null @@ -1,53 +0,0 @@ - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{template "k8s-triliovault-operator.name" .}}-{{.Release.Namespace}}-manager-role -rules: -- apiGroups: - - triliovault.trilio.io - resources: - - triliovaulthpas - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - triliovault.trilio.io - resources: - - triliovaulthpas/status - verbs: - - get - - patch - - update -- apiGroups: - - triliovault.trilio.io - resources: - - triliovaultmanagers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - triliovault.trilio.io - resources: - - triliovaultmanagers/status - verbs: - - get - - patch - - update -- apiGroups: - - "*" - resources: - - "*" - verbs: - - "*" diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/clusterrole_binding.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/clusterrole_binding.yaml deleted file mode 100755 index 6b69f7acf..000000000 --- a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/clusterrole_binding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "k8s-triliovault-operator.name" . }}-{{ .Release.Namespace }}-manager-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "k8s-triliovault-operator.name" . }}-{{ .Release.Namespace }}-manager-role -subjects: -- kind: ServiceAccount - name: default - namespace: {{ .Release.Namespace }} diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/deployment.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/deployment.yaml deleted file mode 100755 index c0a850409..000000000 --- a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/deployment.yaml +++ /dev/null @@ -1,101 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "k8s-triliovault-operator.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app: k8s-triliovault-operator - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" -spec: - selector: - matchLabels: - app: {{ template "k8s-triliovault-operator.fullname" . }} - release: "{{ .Release.Name }}" - replicas: {{ .Values.replicaCount }} - template: - metadata: - labels: - app: {{ template "k8s-triliovault-operator.fullname" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" - spec: - containers: - - name: k8s-triliovault-operator - image: {{ .Values.registry }}/{{ index .Values "k8s-triliovault-operator" "repository" }}:{{ .Values.tag }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - env: - - name: TVK_ENV - value: {{ .Values.tvkEnv }} - - name: REGISTRY - value: {{ .Values.registry }} - - name: ADMISSION_MUTATION_CONFIG - value: {{ template "k8s-triliovault-operator.name" . }}-mutating-webhook-configuration - - name: ADMISSION_VALIDATION_CONFIG - value: {{ template "k8s-triliovault-operator.name" . }}-validating-webhook-configuration - - name: NAMESPACE_VALIDATION_CONFIG - value: {{ template "k8s-triliovault-operator.name" . }}-ns-validating-webhook-configuration - volumeMounts: - {{- if .Values.tls.enable }} - - name: helm-tls-certs - mountPath: /root/.helm - readOnly: true - {{- if .Values.tls.verify }} - - name: helm-tls-ca - mountPath: /root/.helm/ca.crt - readOnly: true - {{- end }} - {{- end }} - - mountPath: /tmp/k8s-webhook-server/serving-certs - name: webhook-certs - readOnly: true - resources: - limits: - cpu: 200m - memory: 512Mi - requests: - cpu: 10m - memory: 10Mi - initContainers: - - name: webhook-init - image: {{ .Values.registry }}/{{ index .Values "operator-webhook-init" "repository" }}:{{ .Values.tag }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - env: - - name: ADMISSION_MUTATION_CONFIG - value: {{ template "k8s-triliovault-operator.name" . }}-mutating-webhook-configuration - - name: ADMISSION_VALIDATION_CONFIG - value: {{ template "k8s-triliovault-operator.name" . }}-validating-webhook-configuration - - name: NAMESPACE_VALIDATION_CONFIG - value: {{ template "k8s-triliovault-operator.name" . }}-ns-validating-webhook-configuration - - name: WEBHOOK_SERVICE - value: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-service - - name: WEBHOOK_NAMESPACE - value: {{ .Release.Namespace }} - - name: SECRET_NAME - value: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-certs - {{- if .Values.nodeSelector }} - nodeSelector: {{- .Values.nodeSelector | toYaml | nindent 8 }} - {{- end }} - {{- if .Values.affinity }} - affinity: - {{- toYaml .Values.affinity | nindent 8 }} - {{- end }} - volumes: - {{- if .Values.tls.enable }} - - name: helm-tls-certs - secret: - secretName: {{ .Values.tls.secretName }} - defaultMode: 0400 - {{- if .Values.tls.verify }} - - name: helm-tls-ca - configMap: - name: {{ template "helm-operator.fullname" . }}-helm-tls-ca-config - defaultMode: 0600 - {{- end }} - {{- end }} - - name: webhook-certs - secret: - defaultMode: 420 - secretName: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-certs diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/mutating-webhook.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/mutating-webhook.yaml deleted file mode 100755 index 6a17a0e1e..000000000 --- a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/mutating-webhook.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: MutatingWebhookConfiguration -metadata: - name: {{ template "k8s-triliovault-operator.name" . }}-mutating-webhook-configuration -webhooks: -- clientConfig: - caBundle: Cg== - service: - name: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-service - namespace: {{ .Release.Namespace }} - path: /mutate-triliovault-trilio-io-v1-triliovaultmanager - failurePolicy: Fail - name: v1-tvm-mutation.trilio.io - rules: - - apiGroups: - - triliovault.trilio.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - triliovaultmanagers - sideEffects: None diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/ns-validating-webhook.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/ns-validating-webhook.yaml deleted file mode 100755 index a51d3f375..000000000 --- a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/ns-validating-webhook.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: ValidatingWebhookConfiguration -metadata: - name: {{ template "k8s-triliovault-operator.name" . }}-ns-validating-webhook-configuration -webhooks: -- clientConfig: - caBundle: Cg== - service: - name: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-service - namespace: {{ .Release.Namespace }} - path: /validate-core-v1-namespace - failurePolicy: Fail - name: v1-tvm-ns-validation.trilio.io - namespaceSelector: - matchExpressions: - - key: trilio-operator-label - operator: In - values: - - {{ .Release.Namespace }} - rules: - - apiGroups: - - "" - apiVersions: - - v1 - operations: - - DELETE - resources: - - namespaces - scope: '*' - sideEffects: None diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/secret.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/secret.yaml deleted file mode 100755 index ea1faf3e1..000000000 --- a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/secret.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-certs - namespace: {{ .Release.Namespace }} -type: Opaque diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/triliovault.trilio.io_triliovaultmanagers.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/triliovault.trilio.io_triliovaultmanagers.yaml deleted file mode 100755 index c1e40f2e7..000000000 --- a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/triliovault.trilio.io_triliovaultmanagers.yaml +++ /dev/null @@ -1,826 +0,0 @@ - ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null - name: triliovaultmanagers.triliovault.trilio.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.trilioVaultAppVersion - name: TrilioVault-Version - type: string - - JSONPath: .spec.applicationScope - name: Scope - type: string - - JSONPath: .status.conditions.type - name: Status - type: string - - JSONPath: .spec.restoreNamespaces - name: Restore-Namespaces - type: string - group: triliovault.trilio.io - names: - kind: TrilioVaultManager - listKind: TrilioVaultManagerList - plural: triliovaultmanagers - shortNames: - - tvm - singular: triliovaultmanager - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: TrilioVaultManager is the Schema for the triliovaultmanagers API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: TrilioVaultManagerSpec defines the desired state of TrilioVaultManager - properties: - affinity: - description: The scheduling constraints on application pods. - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes - that satisfy the affinity expressions specified by this field, - but it may choose a node that violates one or more of the - expressions. The node that is most preferred is the one with - the greatest sum of weights, i.e. for each node that meets - all of the scheduling requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating through - the elements of this field and adding "weight" to the sum - if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: An empty preferred scheduling term matches all - objects with implicit weight 0 (i.e. it's a no-op). A null - preferred scheduling term matches no objects (i.e. is also - a no-op). - properties: - preference: - description: A node selector term, associated with the - corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be - empty. If the operator is Gt or Lt, the values - array must have a single element, which will - be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be - empty. If the operator is Gt or Lt, the values - array must have a single element, which will - be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - description: Weight associated with matching the corresponding - nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to an update), the system may or may not try to - eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. The - terms are ORed. - items: - description: A null or empty node selector term matches - no objects. The requirements of them are ANDed. The - TopologySelectorTerm type implements a subset of the - NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be - empty. If the operator is Gt or Lt, the values - array must have a single element, which will - be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be - empty. If the operator is Gt or Lt, the values - array must have a single element, which will - be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate - this pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes - that satisfy the affinity expressions specified by this field, - but it may choose a node that violates one or more of the - expressions. The node that is most preferred is the one with - the greatest sum of weights, i.e. for each node that meets - all of the scheduling requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating through - the elements of this field and adding "weight" to the sum - if the node has pods which matches the corresponding podAffinityTerm; - the node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey matches - that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to a pod label update), the system may or may not - try to eventually evict the pod from its node. When there - are multiple elements, the lists of nodes corresponding to - each podAffinityTerm are intersected, i.e. all terms must - be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) that - this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of pods - is running - properties: - labelSelector: - description: A label query over a set of resources, in - this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator is - Exists or DoesNotExist, the values array must - be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces the - labelSelector applies to (matches against); null or - empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of any - node on which any of the selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. - avoid putting this pod in the same node, zone, etc. as some other - pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes - that satisfy the anti-affinity expressions specified by this - field, but it may choose a node that violates one or more - of the expressions. The node that is most preferred is the - one with the greatest sum of weights, i.e. for each node that - meets all of the scheduling requirements (resource request, - requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field - and adding "weight" to the sum if the node has pods which - matches the corresponding podAffinityTerm; the node(s) with - the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey matches - that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by - this field are not met at scheduling time, the pod will not - be scheduled onto the node. If the anti-affinity requirements - specified by this field cease to be met at some point during - pod execution (e.g. due to a pod label update), the system - may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding - to each podAffinityTerm are intersected, i.e. all terms must - be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) that - this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of pods - is running - properties: - labelSelector: - description: A label query over a set of resources, in - this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator is - Exists or DoesNotExist, the values array must - be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces the - labelSelector applies to (matches against); null or - empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of any - node on which any of the selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - applicationScope: - description: Scope for the application which will be installed in the - cluster NamespaceScope or ClusterScope - enum: - - Cluster - - Namespaced - type: string - dataJobLimits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: DataJobLimits are the resource limits for all the data - processing jobs. - type: object - deploymentLimits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: DeploymentLimits are the resource limits for all the deployments. - type: object - helmValues: - description: HelmValues holds all the additional fields in the values.yaml - of TVK helm chart. - type: object - helmVersion: - description: 'Deprecated: Helm Version' - properties: - tillerNamespace: - type: string - version: - enum: - - v3 - type: string - required: - - version - type: object - metadataJobLimits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: MetadataJobLimits are the resource limits for all the meta - processing jobs. - type: object - nodeSelector: - additionalProperties: - type: string - description: NodeSelector specifies a map of key-value pairs. For the - pod to be eligible to run on a node, the node must have each of the - indicated key-value pairs as labels. - type: object - resources: - description: 'Deprecated: Resources are the resource requirements for - the containers.' - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources - required. If Requests is omitted for a container, it defaults - to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - restoreNamespaces: - description: 'Deprecated: RestoreNamespaces are the namespace where - you want to restore your applications. Restore Namespaces depends - on your k8s RBAC' - items: - type: string - type: array - tolerations: - description: The toleration of application against the specific taints - on the nodes - items: - description: The pod this Toleration is attached to tolerates any - taint that matches the triple using the matching - operator . - properties: - effect: - description: Effect indicates the taint effect to match. Empty - means match all taint effects. When specified, allowed values - are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, operator - must be Exists; this combination means to match all values and - all keys. - type: string - operator: - description: Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. Exists - is equivalent to wildcard for value, so that a pod can tolerate - all taints of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time the - toleration (which must be of effect NoExecute, otherwise this - field is ignored) tolerates the taint. By default, it is not - set, which means tolerate the taint forever (do not evict). - Zero and negative values will be treated as 0 (evict immediately) - by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise - just a regular string. - type: string - type: object - type: array - trilioVaultAppVersion: - description: Helm Chart version - type: string - required: - - applicationScope - type: object - status: - description: TrilioVaultManagerStatus defines the observed state of TrilioVaultManager - properties: - conditions: - properties: - lastTransitionTime: - format: date-time - nullable: true - type: string - message: - minLength: 0 - type: string - reason: - enum: - - InstallSuccessful - - UpdateSuccessful - - UninstallSuccessful - - InstallError - - UpdateError - - ReconcileError - - UninstallError - type: string - status: - enum: - - "True" - - "False" - - Unknown - type: string - type: - enum: - - Initialized - - Deployed - - Updated - - ReleaseFailed - - Irreconcilable - type: string - type: object - deployedRelease: - properties: - manifest: - type: string - name: - type: string - type: object - releaseVersion: - type: string - required: - - conditions - type: object - type: object - version: v1 - versions: - - name: v1 - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/validating-webhook.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/validating-webhook.yaml deleted file mode 100755 index fe001ffe9..000000000 --- a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/validating-webhook.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: ValidatingWebhookConfiguration -metadata: - name: {{ template "k8s-triliovault-operator.name" . }}-validating-webhook-configuration -webhooks: -- clientConfig: - caBundle: Cg== - service: - name: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-service - namespace: {{ .Release.Namespace }} - path: /validate-triliovault-trilio-io-v1-triliovaultmanager - failurePolicy: Fail - name: v1-tvm-validation.trilio.io - rules: - - apiGroups: - - triliovault.trilio.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - triliovaultmanagers - sideEffects: None diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/webhook-service.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/webhook-service.yaml deleted file mode 100755 index 68f7a53c6..000000000 --- a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/webhook-service.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-service - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "k8s-triliovault-operator.fullname" . }} - release: "{{ .Release.Name }}" -spec: - ports: - - port: 443 - targetPort: 9443 - selector: - app: {{ template "k8s-triliovault-operator.fullname" . }} - release: "{{ .Release.Name }}" \ No newline at end of file diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/values.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/values.yaml deleted file mode 100755 index c95368c61..000000000 --- a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/values.yaml +++ /dev/null @@ -1,33 +0,0 @@ -## TrilioVault Operator -registry: "eu.gcr.io/amazing-chalice-243510" - -operator-webhook-init: - repository: operator-webhook-init - -k8s-triliovault-operator: - repository: k8s-triliovault-operator - -tag: "v2.0.5" - -affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: kubernetes.io/arch - operator: In - values: - - amd64 - -image: - pullPolicy: Always -tls: - secretName: "helm-client-certs" - verify: false - enable: false - keyFile: "tls.key" - certFile: "tls.crt" - caContent: "" - hostname: "" - -nameOverride: "" diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/.helmignore b/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/.helmignore deleted file mode 100755 index be86b789d..000000000 --- a/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -# Helm files -OWNERS diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/Chart.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/Chart.yaml deleted file mode 100755 index 1fdd56a76..000000000 --- a/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/Chart.yaml +++ /dev/null @@ -1,15 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: k8s-triliovault-operator -apiVersion: v1 -appVersion: v2.0.2 -description: K8s-TrilioVault-Operator is an operator designed to manage the K8s-TrilioVault Application Lifecycle. -home: https://github.com/trilioData/k8s-triliovault-operator -icon: https://www.trilio.io/wp-content/uploads/2021/01/Trilio-2020-logo-RGB-gray-green.png -maintainers: -- email: prafull.ladha@trilio.io - name: prafull11 -name: k8s-triliovault-operator -sources: -- https://github.com/trilioData/k8s-triliovault-operator -version: v2.0.200 diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/LICENSE b/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/LICENSE deleted file mode 100755 index 76b559d3b..000000000 --- a/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/LICENSE +++ /dev/null @@ -1 +0,0 @@ -# Placeholder for the License if we decide to provide one diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/README.md b/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/README.md deleted file mode 100755 index 600ce8dfd..000000000 --- a/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/README.md +++ /dev/null @@ -1,41 +0,0 @@ -# K8s-TrilioVault-Operator -This operator is to manage the lifecycle of TrilioVault Backup/Recovery solution. This operator install, updates and manage the TrilioVault application. - -## Introduction - -## Prerequisites - -- Kubernetes 1.13+ -- Alpha feature gates should be enabled -- PV provisioner support -- CSI driver should be installed - -## Installation - -To install the chart with the operator name `trilio`: - -```bash -# For helm version 2 -helm install --name trilio k8s-triliovault-operator - -# For helm version 3 -helm install --name-template trilio k8s-triliovault-operator -``` - -The command deploys the K8s-triliovault-operator with the default configuration. - -## Uninstall - -To uninstall/delete the chart `trilio` : - -```bash -# For helm version 2 -helm delete trilio --purge - -# For helm version 3 -helm uninstall trilio -``` - -## Configuration - -TODO: Add possible configuration in helm chart. diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/app-readme.md b/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/app-readme.md deleted file mode 100755 index 2836184dd..000000000 --- a/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/app-readme.md +++ /dev/null @@ -1,4 +0,0 @@ -# TrilioVault for Kubernetes - -[K8s-TrilioVault-Operator](https://trilio.io) is an operator designed to manage the K8s-TrilioVault Application -Lifecycle. diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/NOTES.txt b/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/NOTES.txt deleted file mode 100755 index 19cd282d3..000000000 --- a/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/NOTES.txt +++ /dev/null @@ -1,3 +0,0 @@ -To verify that TrilioVault Operator has started, run: - - kubectl --namespace={{ .Release.Namespace }} get deployments -l "release={{ .Release.Name }}" \ No newline at end of file diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/_helpers.tpl b/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/_helpers.tpl deleted file mode 100755 index 7cea76a18..000000000 --- a/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/_helpers.tpl +++ /dev/null @@ -1,33 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "k8s-triliovault-operator.name" -}} -{{- default .Release.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "k8s-triliovault-operator.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Return the proper TrilioVault Operator image name -*/}} -{{- define "k8s-triliovault-operator.image" -}} -{{- $registryName := .Values.image.registry -}} -{{- $repositoryName := .Values.image.repository -}} -{{- $tag := .Values.image.tag | toString -}} -{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} -{{- end -}} diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/clusterrole.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/clusterrole.yaml deleted file mode 100755 index 47e151e09..000000000 --- a/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/clusterrole.yaml +++ /dev/null @@ -1,53 +0,0 @@ - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{template "k8s-triliovault-operator.name" .}}-{{.Release.Namespace}}-manager-role -rules: -- apiGroups: - - triliovault.trilio.io - resources: - - triliovaulthpas - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - triliovault.trilio.io - resources: - - triliovaulthpas/status - verbs: - - get - - patch - - update -- apiGroups: - - triliovault.trilio.io - resources: - - triliovaultmanagers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - triliovault.trilio.io - resources: - - triliovaultmanagers/status - verbs: - - get - - patch - - update -- apiGroups: - - "*" - resources: - - "*" - verbs: - - "*" diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/clusterrole_binding.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/clusterrole_binding.yaml deleted file mode 100755 index 6b69f7acf..000000000 --- a/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/clusterrole_binding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "k8s-triliovault-operator.name" . }}-{{ .Release.Namespace }}-manager-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "k8s-triliovault-operator.name" . }}-{{ .Release.Namespace }}-manager-role -subjects: -- kind: ServiceAccount - name: default - namespace: {{ .Release.Namespace }} diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/deployment.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/deployment.yaml deleted file mode 100755 index a57ad1025..000000000 --- a/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/deployment.yaml +++ /dev/null @@ -1,84 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "k8s-triliovault-operator.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app: k8s-triliovault-operator - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" -spec: - selector: - matchLabels: - app: {{ template "k8s-triliovault-operator.fullname" . }} - release: "{{ .Release.Name }}" - replicas: {{ .Values.replicaCount }} - template: - metadata: - labels: - app: {{ template "k8s-triliovault-operator.fullname" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" - spec: - containers: - - name: k8s-triliovault-operator - image: {{ .Values.registry }}/{{ index .Values "k8s-triliovault-operator" "repository" }}:{{ .Values.tag }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - env: - - name: TVK_ENV - value: {{ .Values.tvkEnv }} - volumeMounts: - {{- if .Values.tls.enable }} - - name: helm-tls-certs - mountPath: /root/.helm - readOnly: true - {{- if .Values.tls.verify }} - - name: helm-tls-ca - mountPath: /root/.helm/ca.crt - readOnly: true - {{- end }} - {{- end }} - - mountPath: /tmp/k8s-webhook-server/serving-certs - name: webhook-certs - readOnly: true - resources: - limits: - cpu: 200m - memory: 512Mi - requests: - cpu: 10m - memory: 10Mi - initContainers: - - name: webhook-init - image: {{ .Values.registry }}/{{ index .Values "operator-webhook-init" "repository" }}:{{ .Values.tag }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - env: - - name: MUTATE_CONFIG - value: {{ template "k8s-triliovault-operator.name" . }}-mutating-webhook-configuration - - name: VALIDATE_CONFIG - value: {{ template "k8s-triliovault-operator.name" . }}-validating-webhook-configuration - - name: WEBHOOK_SERVICE - value: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-service - - name: WEBHOOK_NAMESPACE - value: {{ .Release.Namespace }} - - name: SECRET_NAME - value: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-certs - volumes: - {{- if .Values.tls.enable }} - - name: helm-tls-certs - secret: - secretName: {{ .Values.tls.secretName }} - defaultMode: 0400 - {{- if .Values.tls.verify }} - - name: helm-tls-ca - configMap: - name: {{ template "helm-operator.fullname" . }}-helm-tls-ca-config - defaultMode: 0600 - {{- end }} - {{- end }} - - name: webhook-certs - secret: - defaultMode: 420 - secretName: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-certs diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/mutating-webhook.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/mutating-webhook.yaml deleted file mode 100755 index 466916239..000000000 --- a/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/mutating-webhook.yaml +++ /dev/null @@ -1,41 +0,0 @@ -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: MutatingWebhookConfiguration -metadata: - name: {{ template "k8s-triliovault-operator.name" . }}-mutating-webhook-configuration -webhooks: -- clientConfig: - caBundle: Cg== - service: - name: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-service - namespace: {{ .Release.Namespace }} - path: /mutate-triliovault-trilio-io-v1-triliovaultmanager - failurePolicy: Fail - name: v1-tvm-mutation.trilio.io - rules: - - apiGroups: - - triliovault.trilio.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - triliovaultmanagers -- clientConfig: - caBundle: Cg== - service: - name: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-service - namespace: {{ .Release.Namespace }} - path: /mutate-triliovault-trilio-io-v1alpha1-triliovaultmanager - failurePolicy: Fail - name: v1alpha1-tvm-mutation.trilio.io - rules: - - apiGroups: - - triliovault.trilio.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - triliovaultmanagers diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/secret.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/secret.yaml deleted file mode 100755 index ea1faf3e1..000000000 --- a/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/secret.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-certs - namespace: {{ .Release.Namespace }} -type: Opaque diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/triliovault.trilio.io_triliovaultmanagers.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/triliovault.trilio.io_triliovaultmanagers.yaml deleted file mode 100755 index 6e9ae260e..000000000 --- a/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/triliovault.trilio.io_triliovaultmanagers.yaml +++ /dev/null @@ -1,1605 +0,0 @@ - ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null - name: triliovaultmanagers.triliovault.trilio.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.trilioVaultAppVersion - name: TrilioVault-Version - type: string - - JSONPath: .spec.applicationScope - name: Scope - type: string - - JSONPath: .status.conditions.type - name: Status - type: string - - JSONPath: .spec.restoreNamespaces - name: Restore-Namespaces - type: string - group: triliovault.trilio.io - names: - kind: TrilioVaultManager - listKind: TrilioVaultManagerList - plural: triliovaultmanagers - singular: triliovaultmanager - scope: Namespaced - subresources: - status: {} - version: v1 - versions: - - name: v1 - schema: - openAPIV3Schema: - description: TrilioVaultManager is the Schema for the triliovaultmanagers - API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: TrilioVaultManagerSpec defines the desired state of TrilioVaultManager - properties: - affinity: - description: The scheduling constraints on application pods. - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for the - pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to - nodes that satisfy the affinity expressions specified by - this field, but it may choose a node that violates one or - more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node matches - the corresponding matchExpressions; the node(s) with the - highest sum are the most preferred. - items: - description: An empty preferred scheduling term matches - all objects with implicit weight 0 (i.e. it's a no-op). - A null preferred scheduling term matches no objects (i.e. - is also a no-op). - properties: - preference: - description: A node selector term, associated with the - corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - description: Weight associated with matching the corresponding - nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to an update), the system may or may not try to - eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. - items: - description: A null or empty node selector term matches - no objects. The requirements of them are ANDed. The - TopologySelectorTerm type implements a subset of the - NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate - this pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to - nodes that satisfy the affinity expressions specified by - this field, but it may choose a node that violates one or - more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node has - pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to a pod label update), the system may or may - not try to eventually evict the pod from its node. When - there are multiple elements, the lists of nodes corresponding - to each podAffinityTerm are intersected, i.e. all terms - must be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of - pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces the - labelSelector applies to (matches against); null or - empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of - any node on which any of the selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. - avoid putting this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to - nodes that satisfy the anti-affinity expressions specified - by this field, but it may choose a node that violates one - or more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node has - pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by - this field are not met at scheduling time, the pod will - not be scheduled onto the node. If the anti-affinity requirements - specified by this field cease to be met at some point during - pod execution (e.g. due to a pod label update), the system - may or may not try to eventually evict the pod from its - node. When there are multiple elements, the lists of nodes - corresponding to each podAffinityTerm are intersected, i.e. - all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of - pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces the - labelSelector applies to (matches against); null or - empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of - any node on which any of the selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - applicationScope: - description: Scope for the application which will be installed in - the cluster NamespaceScope or ClusterScope - enum: - - Cluster - - Namespaced - type: string - dataJobLimits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: DataJobLimits are the resource limits for all the data - processing jobs. - type: object - deploymentLimits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: DeploymentLimits are the resource limits for all the - deployments. - type: object - helmVersion: - description: Helm Version - properties: - tillerNamespace: - type: string - version: - enum: - - v2 - - v3 - type: string - required: - - version - type: object - metadataJobLimits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: MetadataJobLimits are the resource limits for all the - meta processing jobs. - type: object - nodeSelector: - additionalProperties: - type: string - description: NodeSelector specifies a map of key-value pairs. For - the pod to be eligible to run on a node, the node must have each - of the indicated key-value pairs as labels. - type: object - resources: - description: 'Deprecated: Resources are the resource requirements - for the containers.' - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - restoreNamespaces: - description: ResourceNamespaces are the namespace where you want to - restore your applications - items: - type: string - type: array - tolerations: - description: The toleration of application against the specific taints - on the nodes - items: - description: The pod this Toleration is attached to tolerates any - taint that matches the triple using the matching - operator . - properties: - effect: - description: Effect indicates the taint effect to match. Empty - means match all taint effects. When specified, allowed values - are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match all - values and all keys. - type: string - operator: - description: Operator represents a key's relationship to the - value. Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod - can tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time - the toleration (which must be of effect NoExecute, otherwise - this field is ignored) tolerates the taint. By default, it - is not set, which means tolerate the taint forever (do not - evict). Zero and negative values will be treated as 0 (evict - immediately) by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. - type: string - type: object - type: array - trilioVaultAppVersion: - description: Helm Chart version - type: string - required: - - applicationScope - - helmVersion - type: object - status: - description: TrilioVaultManagerStatus defines the observed state of TrilioVaultManager - properties: - conditions: - properties: - lastTransitionTime: - format: date-time - nullable: true - type: string - message: - minLength: 0 - type: string - reason: - enum: - - InstallSuccessful - - UpdateSuccessful - - UninstallSuccessful - - InstallError - - UpdateError - - ReconcileError - - UninstallError - type: string - status: - enum: - - "True" - - "False" - - Unknown - type: string - type: - enum: - - Initialized - - Deployed - - ReleaseFailed - - Irreconcilable - type: string - type: object - deployedRelease: - properties: - manifest: - type: string - name: - type: string - type: object - required: - - conditions - type: object - type: object - served: true - storage: true - - name: v1alpha1 - schema: - openAPIV3Schema: - description: TrilioVaultManager is the Schema for the triliovaultmanagers - API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: TrilioVaultManagerSpec defines the desired state of TrilioVaultManager - properties: - affinity: - description: The scheduling constraints on application pods. - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for the - pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to - nodes that satisfy the affinity expressions specified by - this field, but it may choose a node that violates one or - more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node matches - the corresponding matchExpressions; the node(s) with the - highest sum are the most preferred. - items: - description: An empty preferred scheduling term matches - all objects with implicit weight 0 (i.e. it's a no-op). - A null preferred scheduling term matches no objects (i.e. - is also a no-op). - properties: - preference: - description: A node selector term, associated with the - corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - description: Weight associated with matching the corresponding - nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to an update), the system may or may not try to - eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. - items: - description: A null or empty node selector term matches - no objects. The requirements of them are ANDed. The - TopologySelectorTerm type implements a subset of the - NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate - this pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to - nodes that satisfy the affinity expressions specified by - this field, but it may choose a node that violates one or - more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node has - pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to a pod label update), the system may or may - not try to eventually evict the pod from its node. When - there are multiple elements, the lists of nodes corresponding - to each podAffinityTerm are intersected, i.e. all terms - must be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of - pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces the - labelSelector applies to (matches against); null or - empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of - any node on which any of the selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. - avoid putting this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to - nodes that satisfy the anti-affinity expressions specified - by this field, but it may choose a node that violates one - or more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node has - pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by - this field are not met at scheduling time, the pod will - not be scheduled onto the node. If the anti-affinity requirements - specified by this field cease to be met at some point during - pod execution (e.g. due to a pod label update), the system - may or may not try to eventually evict the pod from its - node. When there are multiple elements, the lists of nodes - corresponding to each podAffinityTerm are intersected, i.e. - all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of - pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces the - labelSelector applies to (matches against); null or - empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of - any node on which any of the selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - applicationScope: - description: Scope for the application which will be installed in - the cluster NamespaceScope or ClusterScope - enum: - - Cluster - - Namespaced - type: string - helmVersion: - description: Helm Version - properties: - tillerNamespace: - type: string - version: - enum: - - v2 - - v3 - type: string - required: - - version - type: object - nodeSelector: - additionalProperties: - type: string - description: NodeSelector specifies a map of key-value pairs. For - the pod to be eligible to run on a node, the node must have each - of the indicated key-value pairs as labels. - type: object - resources: - description: Resources is the resource requirements for the containers. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - restoreNamespaces: - description: ResourceNamespaces are the namespace where you want to - restore your applications - items: - type: string - type: array - tolerations: - description: The toleration of application against the specific taints - on the nodes - items: - description: The pod this Toleration is attached to tolerates any - taint that matches the triple using the matching - operator . - properties: - effect: - description: Effect indicates the taint effect to match. Empty - means match all taint effects. When specified, allowed values - are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match all - values and all keys. - type: string - operator: - description: Operator represents a key's relationship to the - value. Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod - can tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time - the toleration (which must be of effect NoExecute, otherwise - this field is ignored) tolerates the taint. By default, it - is not set, which means tolerate the taint forever (do not - evict). Zero and negative values will be treated as 0 (evict - immediately) by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. - type: string - type: object - type: array - trilioVaultAppVersion: - description: Helm Chart version - type: string - required: - - applicationScope - - helmVersion - type: object - status: - properties: - conditions: - properties: - lastTransitionTime: - format: date-time - type: string - message: - minLength: 0 - type: string - reason: - enum: - - InstallSuccessful - - UpdateSuccessful - - UninstallSuccessful - - InstallError - - UpdateError - - ReconcileError - - UninstallError - type: string - status: - enum: - - "True" - - "False" - - Unknown - type: string - type: - enum: - - Initialized - - Deployed - - ReleaseFailed - - Irreconcilable - type: string - type: object - deployedRelease: - properties: - manifest: - type: string - name: - type: string - type: object - required: - - conditions - type: object - type: object - served: true - storage: false -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/validating-webhook.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/validating-webhook.yaml deleted file mode 100755 index 41bd41dcc..000000000 --- a/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/validating-webhook.yaml +++ /dev/null @@ -1,41 +0,0 @@ -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: ValidatingWebhookConfiguration -metadata: - name: {{ template "k8s-triliovault-operator.name" . }}-validating-webhook-configuration -webhooks: -- clientConfig: - caBundle: Cg== - service: - name: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-service - namespace: {{ .Release.Namespace }} - path: /validate-triliovault-trilio-io-v1-triliovaultmanager - failurePolicy: Fail - name: v1-tvm-validation.trilio.io - rules: - - apiGroups: - - triliovault.trilio.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - triliovaultmanagers -- clientConfig: - caBundle: Cg== - service: - name: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-service - namespace: {{ .Release.Namespace }} - path: /validate-triliovault-trilio-io-v1alpha1-triliovaultmanager - failurePolicy: Fail - name: v1alpha1-tvm-validation.trilio.io - rules: - - apiGroups: - - triliovault.trilio.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - triliovaultmanagers diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/webhook-service.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/webhook-service.yaml deleted file mode 100755 index 68f7a53c6..000000000 --- a/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/webhook-service.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-service - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "k8s-triliovault-operator.fullname" . }} - release: "{{ .Release.Name }}" -spec: - ports: - - port: 443 - targetPort: 9443 - selector: - app: {{ template "k8s-triliovault-operator.fullname" . }} - release: "{{ .Release.Name }}" \ No newline at end of file diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/values.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/values.yaml deleted file mode 100755 index e8bfb211d..000000000 --- a/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/values.yaml +++ /dev/null @@ -1,23 +0,0 @@ -## TrilioVault Operator -registry: "eu.gcr.io/amazing-chalice-243510" - -operator-webhook-init: - repository: operator-webhook-init - -k8s-triliovault-operator: - repository: k8s-triliovault-operator - -tag: "v2.0.2" - -image: - pullPolicy: Always -tls: - secretName: "helm-client-certs" - verify: false - enable: false - keyFile: "tls.key" - certFile: "tls.crt" - caContent: "" - hostname: "" - -nameOverride: "" diff --git a/charts/kubecost/cost-analyzer/1.70.0/Chart.yaml b/charts/kubecost/cost-analyzer/1.70.0/Chart.yaml deleted file mode 100644 index e4c95d5ab..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/Chart.yaml +++ /dev/null @@ -1,10 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: kubecost -apiVersion: v1 -appVersion: 1.70.0 -description: A Helm chart that sets up Kubecost, Prometheus, and Grafana to monitor - cloud costs. -icon: https://kubecost.com/images/logo-white.png -name: cost-analyzer -version: 1.70.0 diff --git a/charts/kubecost/cost-analyzer/1.70.0/app-readme.md b/charts/kubecost/cost-analyzer/1.70.0/app-readme.md deleted file mode 100644 index dfb1e5854..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/app-readme.md +++ /dev/null @@ -1,23 +0,0 @@ -# Kubecost -[Kubecost](https://kubecost.com/) is an open-source Kubernetes cost monitoring solution. - -Kubecost gives teams visibility into current and historical Kubernetes spend and resource allocation. These models provide cost transparency in Kubernetes environments that support multiple applications, teams, departments, etc. - -To see more on the functionality of the full Kubecost product, please visit the [features page](https://kubecost.com/#features) on our website. - -Here is a summary of features enabled by this cost model: - -- Real-time cost allocation by Kubernetes service, deployment, namespace, label, statefulset, daemonset, pod, and container -- Dynamic asset pricing enabled by integrations with AWS, Azure, and GCP billing APIs -- Supports on-prem k8s clusters with custom pricing sheets -- Allocation for in-cluster resources like CPU, GPU, memory, and persistent volumes. -- Allocation for AWS & GCP out-of-cluster resources like RDS instances and S3 buckets with key (optional) -- Easily export pricing data to Prometheus with /metrics endpoint ([learn more](PROMETHEUS.md)) -- Free and open source distribution (Apache2 license) - -## Requirements -- Kubernetes 1.8+ -- kube-state-metrics -- Grafana -- Prometheus -- Node Exporter diff --git a/charts/kubecost/cost-analyzer/1.70.0/attached-disks.json b/charts/kubecost/cost-analyzer/1.70.0/attached-disks.json deleted file mode 100644 index 0ae9d4411..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/attached-disks.json +++ /dev/null @@ -1,425 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "id": 10, - "iteration": 1589748792557, - "links": [], - "panels": [ - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "fill": 1, - "gridPos": { - "h": 9, - "w": 12, - "x": 0, - "y": 0 - }, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(container_fs_limit_bytes{instance=~'$disk', device!=\"tmpfs\", id=\"/\"}) by (instance)", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Disk Size", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "fill": 1, - "gridPos": { - "h": 9, - "w": 12, - "x": 12, - "y": 0 - }, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(container_fs_usage_bytes{instance=~'$disk',id=\"/\"}) by (instance) / sum(container_fs_limit_bytes{instance=~'$disk',device!=\"tmpfs\", id=\"/\"}) by (instance)", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Disk Utilization", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "percentunit", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "fill": 1, - "gridPos": { - "h": 9, - "w": 12, - "x": 0, - "y": 9 - }, - "id": 5, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "1 - sum(container_fs_inodes_free{instance=~'$disk',id=\"/\"}) by (instance) / sum(container_fs_inodes_total{instance=~'$disk',id=\"/\"}) by (instance)", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "iNode Utilization", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "percentunit", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "fill": 1, - "gridPos": { - "h": 9, - "w": 12, - "x": 12, - "y": 9 - }, - "id": 3, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(container_fs_usage_bytes{instance=~'$disk',id=\"/\"}) by (instance)", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Disk Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "schemaVersion": 16, - "style": "dark", - "tags": [ - "cost", - "utilization", - "metrics" - ], - "templating": { - "list": [ - { - "allValue": null, - "current": { - "text": "All", - "value": "$__all" - }, - "datasource": "default-kubecost", - "hide": 0, - "includeAll": true, - "label": null, - "multi": false, - "name": "disk", - "options": [], - "query": "query_result(sum(container_fs_limit_bytes{device!=\"tmpfs\", id=\"/\"}) by (instance))", - "refresh": 1, - "regex": "/instance=\\\"(.*?)(\\\")/", - "skipUrlSync": false, - "sort": 0, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-7d", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Attached disk metrics", - "uid": "nBH7qBgMk", - "version": 2 -} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/grafana/Chart.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/grafana/Chart.yaml deleted file mode 100644 index eb46b5995..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/grafana/Chart.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -appVersion: 6.0.0 -description: The leading tool for querying and visualizing time series and metrics. -home: https://grafana.net -icon: https://raw.githubusercontent.com/grafana/grafana/master/public/img/logo_transparent_400x.png -kubeVersion: ^1.8.0-0 -maintainers: -- email: zanhsieh@gmail.com - name: zanhsieh -- email: rluckie@cisco.com - name: rtluckie -name: grafana -sources: -- https://github.com/grafana/grafana -version: 1.17.2 diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/grafana/README.md b/charts/kubecost/cost-analyzer/1.70.0/charts/grafana/README.md deleted file mode 100644 index 03c70b520..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/grafana/README.md +++ /dev/null @@ -1,162 +0,0 @@ -# Grafana Helm Chart - -* Installs the web dashboarding system [Grafana](http://grafana.org/) - -## TL;DR; - -```console -$ helm install stable/grafana -``` - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```console -$ helm install --name my-release stable/grafana -``` - -## Uninstalling the Chart - -To uninstall/delete the my-release deployment: - -```console -$ helm delete my-release -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - - -## Configuration - -| Parameter | Description | Default | -|---------------------------------|-----------------------------------------------|---------------------------------------------------------| -| `replicas` | Number of nodes | `1` | -| `deploymentStrategy` | Deployment strategy | `RollingUpdate` | -| `livenessProbe` | Liveness Probe settings | `{ "httpGet": { "path": "/api/health", "port": 3000 } "initialDelaySeconds": 60, "timeoutSeconds": 30, "failureThreshold": 10 }` | -| `readinessProbe` | Rediness Probe settings | `{ "httpGet": { "path": "/api/health", "port": 3000 } }`| -| `securityContext` | Deployment securityContext | `{"runAsUser": 472, "fsGroup": 472}` | -| `image.repository` | Image repository | `grafana/grafana` | -| `image.tag` | Image tag. (`Must be >= 5.0.0`) | `5.3.1` | -| `image.pullPolicy` | Image pull policy | `IfNotPresent` | -| `service.type` | Kubernetes service type | `ClusterIP` | -| `service.port` | Kubernetes port where service is exposed | `80` | -| `service.annotations` | Service annotations | `{}` | -| `service.labels` | Custom labels | `{}` | -| `ingress.enabled` | Enables Ingress | `false` | -| `ingress.annotations` | Ingress annotations | `{}` | -| `ingress.labels` | Custom labels | `{}` | -| `ingress.hosts` | Ingress accepted hostnames | `[]` | -| `ingress.tls` | Ingress TLS configuration | `[]` | -| `resources` | CPU/Memory resource requests/limits | `{}` | -| `nodeSelector` | Node labels for pod assignment | `{}` | -| `tolerations` | Toleration labels for pod assignment | `[]` | -| `affinity` | Affinity settings for pod assignment | `{}` | -| `persistence.enabled` | Use persistent volume to store data | `false` | -| `persistence.size` | Size of persistent volume claim | `10Gi` | -| `persistence.existingClaim` | Use an existing PVC to persist data | `nil` | -| `persistence.storageClassName` | Type of persistent volume claim | `nil` | -| `persistence.accessModes` | Persistence access modes | `[]` | -| `persistence.subPath` | Mount a sub dir of the persistent volume | `""` | -| `schedulerName` | Alternate scheduler name | `nil` | -| `env` | Extra environment variables passed to pods | `{}` | -| `envFromSecret` | Name of a Kubenretes secret (must be manually created in the same namespace) containing values to be added to the environment | `""` | -| `extraSecretMounts` | Additional grafana server secret mounts | `[]` | -| `plugins` | Plugins to be loaded along with Grafana | `[]` | -| `datasources` | Configure grafana datasources | `{}` | -| `dashboardProviders` | Configure grafana dashboard providers | `{}` | -| `dashboards` | Dashboards to import | `{}` | -| `dashboardsConfigMaps` | ConfigMaps reference that contains dashboards | `{}` | -| `grafana.ini` | Grafana's primary configuration | `{}` | -| `ldap.existingSecret` | The name of an existing secret containing the `ldap.toml` file, this must have the key `ldap-toml`. | `""` | -| `ldap.config ` | Grafana's LDAP configuration | `""` | -| `annotations` | Deployment annotations | `{}` | -| `podAnnotations` | Pod annotations | `{}` | -| `sidecar.dashboards.enabled` | Enabled the cluster wide search for dashboards and adds/updates/deletes them in grafana | `false` | -| `sidecar.dashboards.label` | Label that config maps with dashboards should have to be added | `false` | -| `sidecar.datasources.enabled` | Enabled the cluster wide search for datasources and adds/updates/deletes them in grafana |`false` | -| `sidecar.datasources.label` | Label that config maps with datasources should have to be added | `false` | -| `smtp.existingSecret` | The name of an existing secret containing the SMTP credentials, this must have the keys `user` and `password`. | `""` | - -## Sidecar for dashboards - -If the parameter `sidecar.dashboards.enabled` is set, a sidecar container is deployed in the grafana pod. This container watches all config maps in the cluster and filters out the ones with a label as defined in `sidecar.dashboards.label`. The files defined in those configmaps are written to a folder and accessed by grafana. Changes to the configmaps are monitored and the imported dashboards are deleted/updated. A recommendation is to use one configmap per dashboard, as an reduction of multiple dashboards inside one configmap is currently not properly mirrored in grafana. -Example dashboard config: -``` -apiVersion: v1 -kind: ConfigMap -metadata: - name: sample-grafana-dashboard - labels: - grafana_dashboard: 1 -data: - k8s-dashboard.json: |- - [...] -``` - -## Sidecar for datasources - -If the parameter `sidecar.datasource.enabled` is set, a sidecar container is deployed in the grafana pod. This container watches all config maps in the cluster and filters out the ones with a label as defined in `sidecar.datasources.label`. The files defined in those configmaps are written to a folder and accessed by grafana on startup. Using these yaml files, the data sources in grafana can be modified. - -Example datasource config adapted from [Grafana](http://docs.grafana.org/administration/provisioning/#example-datasource-config-file): -``` -apiVersion: v1 -kind: ConfigMap -metadata: - name: sample-grafana-datasource - labels: - grafana_datasource: 1 -data: - datasource.yaml: |- - # config file version - apiVersion: 1 - - # list of datasources that should be deleted from the database - deleteDatasources: - - name: Graphite - orgId: 1 - - # list of datasources to insert/update depending - # whats available in the database - datasources: - # name of the datasource. Required - - name: Graphite - # datasource type. Required - type: graphite - # access mode. proxy or direct (Server or Browser in the UI). Required - access: proxy - # org id. will default to orgId 1 if not specified - orgId: 1 - # url - url: http://localhost:8080 - # database password, if used - password: - # database user, if used - user: - # database name, if used - database: - # enable/disable basic auth - basicAuth: - # basic auth username - basicAuthUser: - # basic auth password - basicAuthPassword: - # enable/disable with credentials headers - withCredentials: - # mark as default datasource. Max one per org - isDefault: - # fields that will be converted to json and stored in json_data - jsonData: - graphiteVersion: "1.1" - tlsAuth: true - tlsAuthWithCACert: true - # json object of data that will be encrypted. - secureJsonData: - tlsCACert: "..." - tlsClientCert: "..." - tlsClientKey: "..." - version: 1 - # allow users to edit datasources from the UI. - editable: false - -``` diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/grafana/templates/NOTES.txt b/charts/kubecost/cost-analyzer/1.70.0/charts/grafana/templates/NOTES.txt deleted file mode 100644 index 57e84cd69..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/grafana/templates/NOTES.txt +++ /dev/null @@ -1,37 +0,0 @@ -1. Get your '{{ .Values.adminUser }}' user password by running: - - kubectl get secret --namespace {{ .Release.Namespace }} {{ template "grafana.fullname" . }} -o jsonpath="{.data.admin-password}" | base64 --decode ; echo - -2. The Grafana server can be accessed via port {{ .Values.service.port }} on the following DNS name from within your cluster: - - {{ template "grafana.fullname" . }}.{{ .Release.Namespace }}.svc -{{ if .Values.ingress.enabled }} - From outside the cluster, the server URL(s) are: -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{ else }} - Get the Grafana URL to visit by running these commands in the same shell: -{{ if contains "NodePort" .Values.service.type -}} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "grafana.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{ else if contains "LoadBalancer" .Values.service.type -}} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "grafana.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "grafana.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - http://$SERVICE_IP:{{ .Values.service.port -}} -{{ else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "grafana.fullname" . }},component={{ .Values.name }}" -o jsonpath="{.items[0].metadata.name}") - kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 3000 -{{- end }} -{{- end }} - -3. Login with the password from step 1 and the username: {{ .Values.adminUser }} - -{{- if not .Values.persistence.enabled }} -################################################################################# -###### WARNING: Persistence is disabled!!! You will lose your data when ##### -###### the Grafana pod is terminated. ##### -################################################################################# -{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/grafana/templates/_helpers.tpl b/charts/kubecost/cost-analyzer/1.70.0/charts/grafana/templates/_helpers.tpl deleted file mode 100644 index 3a3ebd3ec..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/grafana/templates/_helpers.tpl +++ /dev/null @@ -1,43 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "grafana.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "grafana.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "grafana.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create the name of the service account -*/}} -{{- define "grafana.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "grafana.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/grafana/templates/clusterrole.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/grafana/templates/clusterrole.yaml deleted file mode 100644 index d49193651..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/grafana/templates/clusterrole.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{ if .Values.global.grafana.enabled }} -{{- if .Values.rbac.create }} -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -{{- with .Values.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} - name: {{ template "grafana.fullname" . }}-clusterrole -{{- if or .Values.sidecar.dashboards.enabled .Values.sidecar.datasources.enabled }} -rules: -- apiGroups: [""] # "" indicates the core API group - resources: ["configmaps"] - verbs: ["get", "watch", "list"] -{{- else }} -rules: [] -{{- end}} -{{- end}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/grafana/templates/clusterrolebinding.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/grafana/templates/clusterrolebinding.yaml deleted file mode 100644 index 99dada9f4..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/grafana/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{ if .Values.global.grafana.enabled }} -{{- if .Values.rbac.create }} -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ template "grafana.fullname" . }}-clusterrolebinding - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -{{- with .Values.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} -subjects: - - kind: ServiceAccount - name: {{ template "grafana.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: {{ template "grafana.fullname" . }}-clusterrole - apiGroup: rbac.authorization.k8s.io -{{- end}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/grafana/templates/configmap-dashboard-provider.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/grafana/templates/configmap-dashboard-provider.yaml deleted file mode 100644 index 1765e9aff..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/grafana/templates/configmap-dashboard-provider.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{ if .Values.global.grafana.enabled }} -{{- if .Values.sidecar.dashboards.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -{{- with .Values.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} - name: {{ template "grafana.fullname" . }}-config-dashboards -data: - provider.yaml: |- - apiVersion: 1 - providers: - - name: 'default' - orgId: 1 - folder: '' - type: file - disableDeletion: false - options: - path: {{ .Values.sidecar.dashboards.folder }} -{{- end}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/grafana/templates/configmap.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/grafana/templates/configmap.yaml deleted file mode 100644 index d283d04c0..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/grafana/templates/configmap.yaml +++ /dev/null @@ -1,76 +0,0 @@ -{{ if .Values.global.grafana.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "grafana.fullname" . }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -data: -{{- if .Values.plugins }} - plugins: {{ join "," .Values.plugins }} -{{- end }} - grafana.ini: | -{{- range $key, $value := index .Values "grafana.ini" }} - [{{ $key }}] - {{- range $elem, $elemVal := $value }} - {{ $elem }} = {{ $elemVal }} - {{- end }} -{{- end }} - -{{- if .Values.datasources }} - {{- range $key, $value := .Values.datasources }} - {{ $key }}: | -{{ toYaml $value | trim | indent 4 }} - {{- end -}} -{{- end -}} -{{- if .Values.global.prometheus.enabled }} - - access: proxy - isDefault: true - name: Prometheus - type: prometheus - url: http://{{ template "cost-analyzer.prometheus.server.name" . }}.{{ .Release.Namespace }}.svc -{{ else }} - - access: proxy - isDefault: true - name: Prometheus - type: prometheus - url: {{ .Values.global.prometheus.fqdn }} -{{- end -}} - -{{- if .Values.dashboardProviders }} - {{- range $key, $value := .Values.dashboardProviders }} - {{ $key }}: | -{{ toYaml $value | indent 4 }} - {{- end -}} -{{- end -}} - -{{- if .Values.dashboards }} - download_dashboards.sh: | - #!/usr/bin/env sh - set -euf - {{- if .Values.dashboardProviders }} - {{- range $key, $value := .Values.dashboardProviders }} - {{- range $value.providers }} - mkdir -p {{ .options.path }} - {{- end }} - {{- end }} - {{- end }} - - {{- range $provider, $dashboards := .Values.dashboards }} - {{- range $key, $value := $dashboards }} - {{- if (or (hasKey $value "gnetId") (hasKey $value "url")) }} - curl -sk \ - --connect-timeout 60 \ - --max-time 60 \ - -H "Accept: application/json" \ - -H "Content-Type: application/json;charset=UTF-8" \ - {{- if $value.url -}}{{ $value.url }}{{- else -}} https://grafana.com/api/dashboards/{{ $value.gnetId }}/revisions/{{- if $value.revision -}}{{ $value.revision }}{{- else -}}1{{- end -}}/download{{- end -}}{{ if $value.datasource }}| sed 's|\"datasource\":[^,]*|\"datasource\": \"{{ $value.datasource }}\"|g'{{ end }} \ - > /var/lib/grafana/dashboards/{{ $provider }}/{{ $key }}.json - {{- end }} - {{- end }} - {{- end }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/grafana/templates/dashboards-json-configmap.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/grafana/templates/dashboards-json-configmap.yaml deleted file mode 100644 index c1ab8c4ba..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/grafana/templates/dashboards-json-configmap.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{ if .Values.global.grafana.enabled }} -{{- if .Values.dashboards }} - {{- range $provider, $dashboards := .Values.dashboards }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "grafana.fullname" $ }}-dashboards-{{ $provider }} - labels: - app: {{ template "grafana.name" $ }} - chart: {{ template "grafana.chart" $ }} - release: {{ $.Release.Name }} - heritage: {{ $.Release.Service }} - dashboard-provider: {{ $provider }} -data: - {{- range $key, $value := $dashboards }} - {{- if hasKey $value "json" }} - {{ $key }}.json: | -{{ $value.json | indent 4 }} - {{- end }} - {{- end }} - {{- end }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/grafana/templates/deployment.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/grafana/templates/deployment.yaml deleted file mode 100644 index ea8e814f3..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/grafana/templates/deployment.yaml +++ /dev/null @@ -1,272 +0,0 @@ -{{ if .Values.global.grafana.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "grafana.fullname" . }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -{{- with .Values.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} -spec: - replicas: {{ .Values.replicas }} - selector: - matchLabels: - app: {{ template "grafana.name" . }} - release: {{ .Release.Name }} - strategy: - type: {{ .Values.deploymentStrategy }} - {{- if ne .Values.deploymentStrategy "RollingUpdate" }} - rollingUpdate: null - {{- end }} - template: - metadata: - labels: - app: {{ template "grafana.name" . }} - release: {{ .Release.Name }} -{{- with .Values.podAnnotations }} - annotations: -{{ toYaml . | indent 8 }} -{{- end }} - spec: - serviceAccountName: {{ template "grafana.serviceAccountName" . }} -{{- if .Values.schedulerName }} - schedulerName: "{{ .Values.schedulerName }}" -{{- end }} -{{- if .Values.securityContext }} - securityContext: -{{ toYaml .Values.securityContext | indent 8 }} -{{- end }} -{{- if .Values.dashboards }} - initContainers: - - name: download-dashboards - image: "{{ .Values.downloadDashboardsImage.repository }}:{{ .Values.downloadDashboardsImage.tag }}" - imagePullPolicy: {{ .Values.downloadDashboardsImage.pullPolicy }} - command: ["sh", "/etc/grafana/download_dashboards.sh"] - volumeMounts: - - name: config - mountPath: "/etc/grafana/download_dashboards.sh" - subPath: download_dashboards.sh - - name: storage - mountPath: "/var/lib/grafana" - subPath: {{ .Values.persistence.subPath }} - {{- range .Values.extraSecretMounts }} - - name: {{ .name }} - mountPath: {{ .mountPath }} - readOnly: {{ .readOnly }} - {{- end }} -{{- end }} - {{- if .Values.image.pullSecrets }} - imagePullSecrets: - {{- range .Values.image.pullSecrets }} - - name: {{ . }} - {{- end}} - {{- end }} - containers: -{{- if .Values.sidecar.dashboards.enabled }} - - name: {{ template "grafana.name" . }}-sc-dashboard - image: "{{ .Values.sidecar.image }}" - imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }} - env: - - name: LABEL - value: "{{ .Values.sidecar.dashboards.label }}" - - name: FOLDER - value: "{{ .Values.sidecar.dashboards.folder }}" - resources: -{{ toYaml .Values.sidecar.resources | indent 12 }} - volumeMounts: - - name: sc-dashboard-volume - mountPath: {{ .Values.sidecar.dashboards.folder | quote }} -{{- end}} -{{- if .Values.sidecar.datasources.enabled }} - - name: {{ template "grafana.name" . }}-sc-datasources - image: "{{ .Values.sidecar.image }}" - imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }} - env: - - name: LABEL - value: "{{ .Values.sidecar.datasources.label }}" - - name: FOLDER - value: "/etc/grafana/provisioning/datasources" - resources: -{{ toYaml .Values.sidecar.resources | indent 12 }} - volumeMounts: - - name: sc-datasources-volume - mountPath: "/etc/grafana/provisioning/datasources" -{{- end}} - - name: {{ .Chart.Name }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - volumeMounts: - - name: config - mountPath: "/etc/grafana/grafana.ini" - subPath: grafana.ini - - name: ldap - mountPath: "/etc/grafana/ldap.toml" - subPath: ldap.toml -{{- if .Values.dashboards }} - {{- range $provider, $dashboards := .Values.dashboards }} - {{- range $key, $value := $dashboards }} - {{- if hasKey $value "json" }} - - name: dashboards-{{ $provider }} - mountPath: "/var/lib/grafana/dashboards/{{ $provider }}/{{ $key }}.json" - subPath: "{{ $key }}.json" - {{- end }} - {{- end }} - {{- end }} -{{- end -}} -{{- if .Values.dashboardsConfigMaps }} - {{- range keys .Values.dashboardsConfigMaps }} - - name: dashboards-{{ . }} - mountPath: "/var/lib/grafana/dashboards/{{ . }}" - {{- end }} -{{- end }} -{{- if .Values.datasources }} - - name: config - mountPath: "/etc/grafana/provisioning/datasources/datasources.yaml" - subPath: datasources.yaml -{{- end }} -{{- if .Values.dashboardProviders }} - - name: config - mountPath: "/etc/grafana/provisioning/dashboards/dashboardproviders.yaml" - subPath: dashboardproviders.yaml -{{- end }} -{{- if .Values.sidecar.dashboards.enabled }} - - name: sc-dashboard-volume - mountPath: {{ .Values.sidecar.dashboards.folder | quote }} - - name: sc-dashboard-provider - mountPath: "/etc/grafana/provisioning/dashboards/sc-dashboardproviders.yaml" - subPath: provider.yaml -{{- end}} -{{- if .Values.sidecar.datasources.enabled }} - - name: sc-datasources-volume - mountPath: "/etc/grafana/provisioning/datasources" -{{- end}} - - name: storage - mountPath: "/var/lib/grafana" - subPath: {{ .Values.persistence.subPath }} - {{- range .Values.extraSecretMounts }} - - name: {{ .name }} - mountPath: {{ .mountPath }} - readOnly: {{ .readOnly }} - {{- end }} - ports: - - name: service - containerPort: {{ .Values.service.port }} - protocol: TCP - - name: grafana - containerPort: 3000 - protocol: TCP - env: - - name: GF_SECURITY_ADMIN_USER - valueFrom: - secretKeyRef: - name: {{ template "grafana.fullname" . }} - key: admin-user - - name: GF_SECURITY_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "grafana.fullname" . }} - key: admin-password - {{- if .Values.plugins }} - - name: GF_INSTALL_PLUGINS - valueFrom: - configMapKeyRef: - name: {{ template "grafana.fullname" . }} - key: plugins - {{- end }} - {{- if .Values.smtp.existingSecret }} - - name: GF_SMTP_USER - valueFrom: - secretKeyRef: - name: {{ .Values.smtp.existingSecret }} - key: user - - name: GF_SMTP_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Values.smtp.existingSecret }} - key: password - {{- end }} -{{- range $key, $value := .Values.env }} - - name: "{{ $key }}" - value: "{{ $value }}" -{{- end }} - {{- if .Values.envFromSecret }} - envFrom: - - secretRef: - name: {{ .Values.envFromSecret }} - {{- end }} - livenessProbe: -{{ toYaml .Values.livenessProbe | indent 12 }} - readinessProbe: -{{ toYaml .Values.readinessProbe | indent 12 }} - resources: -{{ toYaml .Values.resources | indent 12 }} - {{- with .Values.nodeSelector }} - nodeSelector: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: -{{ toYaml . | indent 8 }} - {{- end }} - volumes: - - name: config - configMap: - name: {{ template "grafana.fullname" . }} - {{- if .Values.dashboards }} - {{- range keys .Values.dashboards }} - - name: dashboards-{{ . }} - configMap: - name: {{ template "grafana.fullname" $ }}-dashboards-{{ . }} - {{- end }} - {{- end }} - {{- if .Values.dashboardsConfigMaps }} - {{- range $provider, $name := .Values.dashboardsConfigMaps }} - - name: dashboards-{{ $provider }} - configMap: - name: {{ $name }} - {{- end }} - {{- end }} - - name: ldap - secret: - {{- if .Values.ldap.existingSecret }} - secretName: {{ .Values.ldap.existingSecret }} - {{- else }} - secretName: {{ template "grafana.fullname" . }} - {{- end }} - items: - - key: ldap-toml - path: ldap.toml - - name: storage - {{- if .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ .Values.persistence.existingClaim | default (include "grafana.fullname" .) }} - {{- else }} - emptyDir: {} - {{- end -}} - {{- if .Values.sidecar.dashboards.enabled }} - - name: sc-dashboard-volume - emptyDir: {} - - name: sc-dashboard-provider - configMap: - name: {{ template "grafana.fullname" . }}-config-dashboards - {{- end }} - {{- if .Values.sidecar.datasources.enabled }} - - name: sc-datasources-volume - emptyDir: {} - {{- end -}} - {{- range .Values.extraSecretMounts }} - - name: {{ .name }} - secret: - secretName: {{ .secretName }} - defaultMode: {{ .defaultMode }} - {{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/grafana/templates/ingress.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/grafana/templates/ingress.yaml deleted file mode 100644 index 556f0fab0..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/grafana/templates/ingress.yaml +++ /dev/null @@ -1,44 +0,0 @@ -{{ if .Values.global.grafana.enabled }} -{{- if .Values.ingress.enabled -}} -{{- $fullName := include "grafana.fullname" . -}} -{{- $servicePort := .Values.service.port -}} -{{- $ingressPath := .Values.ingress.path -}} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: {{ $fullName }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -{{- if .Values.ingress.labels }} -{{ toYaml .Values.ingress.labels | indent 4 }} -{{- end }} -{{- with .Values.ingress.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} -spec: -{{- if .Values.ingress.tls }} - tls: - {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} -{{- end }} - rules: - {{- range .Values.ingress.hosts }} - - host: {{ . }} - http: - paths: - - path: {{ $ingressPath }} - backend: - serviceName: {{ $fullName }} - servicePort: {{ $servicePort }} - {{- end }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/grafana/templates/podsecuritypolicy.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/grafana/templates/podsecuritypolicy.yaml deleted file mode 100644 index e2b47f42b..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/grafana/templates/podsecuritypolicy.yaml +++ /dev/null @@ -1,42 +0,0 @@ -{{ if .Values.global.grafana.enabled }} -{{- if .Values.rbac.pspEnabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "grafana.fullname" . }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default' - apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default' - seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' - apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' -spec: - privileged: false - allowPrivilegeEscalation: false - requiredDropCapabilities: - - ALL - volumes: - - 'configMap' - - 'emptyDir' - - 'projected' - - 'secret' - - 'downwardAPI' - - 'persistentVolumeClaim' - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'RunAsAny' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'RunAsAny' - fsGroup: - rule: 'RunAsAny' - readOnlyRootFilesystem: false -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/grafana/templates/pvc.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/grafana/templates/pvc.yaml deleted file mode 100644 index e13c78378..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/grafana/templates/pvc.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{ if .Values.global.grafana.enabled }} -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: {{ template "grafana.fullname" . }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - {{- with .Values.persistence.annotations }} - annotations: -{{ toYaml . | indent 4 }} - {{- end }} -spec: - accessModes: - {{- range .Values.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - storageClassName: {{ .Values.persistence.storageClassName }} -{{- end -}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/grafana/templates/role.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/grafana/templates/role.yaml deleted file mode 100644 index 6c9195769..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/grafana/templates/role.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{ if .Values.global.grafana.enabled }} -{{- if .Values.rbac.create }} -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: Role -metadata: - name: {{ template "grafana.fullname" . }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -{{- if .Values.rbac.pspEnabled }} -rules: -- apiGroups: ['extensions'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: [{{ template "grafana.fullname" . }}] -{{- end }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/grafana/templates/rolebinding.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/grafana/templates/rolebinding.yaml deleted file mode 100644 index e777ddabc..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/grafana/templates/rolebinding.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{ if .Values.global.grafana.enabled }} -{{- if .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: RoleBinding -metadata: - name: {{ template "grafana.fullname" . }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "grafana.fullname" . }} -subjects: -- kind: ServiceAccount - name: {{ template "grafana.serviceAccountName" . }} -{{- end -}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/grafana/templates/secret.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/grafana/templates/secret.yaml deleted file mode 100644 index cd16c2fc7..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/grafana/templates/secret.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{ if .Values.global.grafana.enabled }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "grafana.fullname" . }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -type: Opaque -data: - admin-user: {{ .Values.adminUser | b64enc | quote }} - {{- if .Values.adminPassword }} - admin-password: {{ .Values.adminPassword | b64enc | quote }} - {{- else }} - admin-password: {{ randAlphaNum 40 | b64enc | quote }} - {{- end }} - {{- if not .Values.ldap.existingSecret }} - ldap-toml: {{ .Values.ldap.config | b64enc | quote }} - {{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/grafana/templates/service.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/grafana/templates/service.yaml deleted file mode 100644 index 307d0abf1..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/grafana/templates/service.yaml +++ /dev/null @@ -1,51 +0,0 @@ -{{ if .Values.global.grafana.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "grafana.fullname" . }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -{{- if .Values.service.labels }} -{{ toYaml .Values.service.labels | indent 4 }} -{{- end }} -{{- with .Values.service.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} -spec: -{{- if (or (eq .Values.service.type "ClusterIP") (empty .Values.service.type)) }} - type: ClusterIP - {{- if .Values.service.clusterIP }} - clusterIP: {{ .Values.service.clusterIP }} - {{end}} -{{- else if eq .Values.service.type "LoadBalancer" }} - type: {{ .Values.service.type }} - {{- if .Values.service.loadBalancerIP }} - loadBalancerIP: {{ .Values.service.loadBalancerIP }} - {{- end }} - {{- if .Values.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml .Values.service.loadBalancerSourceRanges | indent 4 }} - {{- end -}} -{{- else }} - type: {{ .Values.service.type }} -{{- end }} -{{- if .Values.service.externalIPs }} - externalIPs: -{{ toYaml .Values.service.externalIPs | indent 4 }} -{{- end }} - ports: - - name: service - port: {{ .Values.service.port }} - protocol: TCP - targetPort: 3000 -{{ if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePort))) }} - nodePort: {{.Values.service.nodePort}} -{{ end }} - selector: - app: {{ template "grafana.name" . }} - release: {{ .Release.Name }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/grafana/templates/serviceaccount.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/grafana/templates/serviceaccount.yaml deleted file mode 100644 index bbcb5055e..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/grafana/templates/serviceaccount.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{ if .Values.global.grafana.enabled }} -{{- if .Values.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app: {{ template "grafana.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - name: {{ template "grafana.serviceAccountName" . }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/grafana/values.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/grafana/values.yaml deleted file mode 100644 index 504a3e86a..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/grafana/values.yaml +++ /dev/null @@ -1,275 +0,0 @@ -rbac: - create: true - pspEnabled: true -serviceAccount: - create: true - name: - -replicas: 1 - -deploymentStrategy: RollingUpdate - -readinessProbe: - httpGet: - path: /api/health - port: 3000 - -livenessProbe: - httpGet: - path: /api/health - port: 3000 - initialDelaySeconds: 60 - timeoutSeconds: 30 - failureThreshold: 10 - -image: - repository: grafana/grafana - tag: 7.1.1 - pullPolicy: IfNotPresent - - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistrKeySecretName - -securityContext: - runAsUser: 472 - fsGroup: 472 - -downloadDashboardsImage: - repository: appropriate/curl - tag: latest - pullPolicy: IfNotPresent - -## Pod Annotations -# podAnnotations: {} - -## Deployment annotations -# annotations: {} - -## Expose the grafana service to be accessed from outside the cluster (LoadBalancer service). -## or access it from within the cluster (ClusterIP service). Set the service type and the port to serve it. -## ref: http://kubernetes.io/docs/user-guide/services/ -## -service: - type: ClusterIP - port: 80 - annotations: {} - labels: {} - -ingress: - enabled: false - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - labels: {} - path: / - hosts: - - chart-example.local - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -resources: {} -# limits: -# cpu: 100m -# memory: 128Mi -# requests: -# cpu: 100m -# memory: 128Mi - -## Node labels for pod assignment -## ref: https://kubernetes.io/docs/user-guide/node-selection/ -# -nodeSelector: {} - -## Tolerations for pod assignment -## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## -tolerations: [] - -## Affinity for pod assignment -## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## -affinity: {} - -## Enable persistence using Persistent Volume Claims -## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ -## -persistence: - enabled: false - # storageClassName: default - # accessModes: - # - ReadWriteOnce - # size: 10Gi - # annotations: {} - # subPath: "" - # existingClaim: - -adminUser: admin -adminPassword: strongpassword - -## Use an alternate scheduler, e.g. "stork". -## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ -## -# schedulerName: - -## Extra environment variables that will be pass onto deployment pods -env: {} - -## The name of a secret in the same kubernetes namespace which contain values to be added to the environment -## This can be useful for auth tokens, etc -envFromSecret: "" - -## Additional grafana server secret mounts -# Defines additional mounts with secrets. Secrets must be manually created in the namespace. -extraSecretMounts: [] - # - name: secret-files - # mountPath: /etc/secrets - # secretName: grafana-secret-files - # readOnly: true - -## Pass the plugins you want installed as a list. -## -plugins: [] - # - digrich-bubblechart-panel - # - grafana-clock-panel - -## Configure grafana datasources -## ref: http://docs.grafana.org/administration/provisioning/#datasources -## -datasources: {} -# datasources.yaml: -# apiVersion: 1 -# datasources: -# - name: Prometheus2 -# type: prometheus -# url: http://prometheus-server.default.svc -# access: proxy -# isDefault: false - -## Configure grafana dashboard providers -## ref: http://docs.grafana.org/administration/provisioning/#dashboards -## -## `path` must be /var/lib/grafana/dashboards/ -## -dashboardProviders: {} -# dashboardproviders.yaml: -# apiVersion: 1 -# providers: -# - name: 'default' -# orgId: 1 -# folder: '' -# type: file -# disableDeletion: false -# editable: true -# options: -# path: /var/lib/grafana/dashboards/default - -## Configure grafana dashboard to import -## NOTE: To use dashboards you must also enable/configure dashboardProviders -## ref: https://grafana.com/dashboards -## -## dashboards per provider, use provider name as key. -## -dashboards: {} -# default: -# prometheus-stats: -# gnetId: 3662 -# revision: 2 -# datasource: Prometheus - -## Reference to external ConfigMap per provider. Use provider name as key and ConfiMap name as value. -## A provider dashboards must be defined either by external ConfigMaps or in values.yaml, not in both. -## ConfigMap data example: -## -## data: -## example-dashboard.json: | -## RAW_JSON -## -dashboardsConfigMaps: {} -# default: "" - -## Grafana's primary configuration -## NOTE: values in map will be converted to ini format -## ref: http://docs.grafana.org/installation/configuration/ -## -grafana.ini: - paths: - data: /var/lib/grafana/data - logs: /var/log/grafana - plugins: /var/lib/grafana/plugins - provisioning: /etc/grafana/provisioning - analytics: - check_for_updates: true - log: - mode: console - grafana_net: - url: https://grafana.net - auth.anonymous: - enabled: true - org_role: Admin - org_name: Main Org. - -## LDAP Authentication can be enabled with the following values on grafana.ini -## NOTE: Grafana will fail to start if the value for ldap.toml is invalid - # auth.ldap: - # enabled: true - # allow_sign_up: true - # config_file: /etc/grafana/ldap.toml - -## Grafana's LDAP configuration -## Templated by the template in _helpers.tpl -## NOTE: To enable the grafana.ini must be configured with auth.ldap.enabled -## ref: http://docs.grafana.org/installation/configuration/#auth-ldap -## ref: http://docs.grafana.org/installation/ldap/#configuration -ldap: - # `existingSecret` is a reference to an existing secret containing the ldap configuration - # for Grafana in a key `ldap-toml`. - existingSecret: "" - # `config` is the content of `ldap.toml` that will be stored in the created secret - config: "" - # config: |- - # verbose_logging = true - - # [[servers]] - # host = "my-ldap-server" - # port = 636 - # use_ssl = true - # start_tls = false - # ssl_skip_verify = false - # bind_dn = "uid=%s,ou=users,dc=myorg,dc=com" - -## Grafana's SMTP configuration -## NOTE: To enable, grafana.ini must be configured with smtp.enabled -## ref: http://docs.grafana.org/installation/configuration/#smtp -smtp: - # `existingSecret` is a reference to an existing secret containing the smtp configuration - # for Grafana in keys `user` and `password`. - existingSecret: "" - -## Sidecars that collect the configmaps with specified label and stores the included files them into the respective folders -## Requires at least Grafana 5 to work and can't be used together with parameters dashboardProviders, datasources and dashboards -sidecar: - image: kiwigrid/k8s-sidecar:0.1.144 - imagePullPolicy: IfNotPresent - resources: -# limits: -# cpu: 100m -# memory: 100Mi -# requests: -# cpu: 50m -# memory: 50Mi - dashboards: - enabled: false - # label that the configmaps with dashboards are marked with - label: grafana_dashboard - # folder in the pod that should hold the collected dashboards - folder: /tmp/dashboards - datasources: - enabled: false - # label that the configmaps with datasources are marked with - label: grafana_datasource diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/.helmignore b/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/.helmignore deleted file mode 100644 index 825c00779..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj - -OWNERS diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/Chart.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/Chart.yaml deleted file mode 100644 index dd81a9c69..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/Chart.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -appVersion: 2.17.2 -description: Prometheus is a monitoring system and time series database. -home: https://prometheus.io/ -icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png -maintainers: -- email: gianrubio@gmail.com - name: gianrubio -- email: zanhsieh@gmail.com - name: zanhsieh -name: prometheus -sources: -- https://github.com/prometheus/alertmanager -- https://github.com/prometheus/prometheus -- https://github.com/prometheus/pushgateway -- https://github.com/prometheus/node_exporter -- https://github.com/kubernetes/kube-state-metrics -version: 11.0.2 diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/README.md b/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/README.md deleted file mode 100644 index dc32dcd15..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/README.md +++ /dev/null @@ -1,471 +0,0 @@ -# Prometheus - -[Prometheus](https://prometheus.io/), a [Cloud Native Computing Foundation](https://cncf.io/) project, is a systems and service monitoring system. It collects metrics from configured targets at given intervals, evaluates rule expressions, displays the results, and can trigger alerts if some condition is observed to be true. - -## TL;DR; - -```console -$ helm install stable/prometheus -``` - -## Introduction - -This chart bootstraps a [Prometheus](https://prometheus.io/) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -## Prerequisites - -- Kubernetes 1.3+ with Beta APIs enabled - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```console -$ helm install --name my-release stable/prometheus -``` - -The command deploys Prometheus on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `my-release` deployment: - -```console -$ helm delete my-release -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Prometheus 2.x - -Prometheus version 2.x has made changes to alertmanager, storage and recording rules. Check out the migration guide [here](https://prometheus.io/docs/prometheus/2.0/migration/) - -Users of this chart will need to update their alerting rules to the new format before they can upgrade. - -## Upgrading from previous chart versions. - -Version 9.0 adds a new option to enable or disable the Prometheus Server. -This supports the use case of running a Prometheus server in one k8s cluster and scraping exporters in another cluster while using the same chart for each deployment. -To install the server `server.enabled` must be set to `true`. - -As of version 5.0, this chart uses Prometheus 2.x. This version of prometheus introduces a new data format and is not compatible with prometheus 1.x. It is recommended to install this as a new release, as updating existing releases will not work. See the [prometheus docs](https://prometheus.io/docs/prometheus/latest/migration/#storage) for instructions on retaining your old data. - -### Example migration - -Assuming you have an existing release of the prometheus chart, named `prometheus-old`. In order to update to prometheus 2.x while keeping your old data do the following: - -1. Update the `prometheus-old` release. Disable scraping on every component besides the prometheus server, similar to the configuration below: - - ``` - alertmanager: - enabled: false - alertmanagerFiles: - alertmanager.yml: "" - kubeStateMetrics: - enabled: false - nodeExporter: - enabled: false - pushgateway: - enabled: false - server: - extraArgs: - storage.local.retention: 720h - serverFiles: - alerts: "" - prometheus.yml: "" - rules: "" - ``` - -1. Deploy a new release of the chart with version 5.0+ using prometheus 2.x. In the values.yaml set the scrape config as usual, and also add the `prometheus-old` instance as a remote-read target. - - ``` - prometheus.yml: - ... - remote_read: - - url: http://prometheus-old/api/v1/read - ... - ``` - - Old data will be available when you query the new prometheus instance. - -## Scraping Pod Metrics via Annotations - -This chart uses a default configuration that causes prometheus -to scrape a variety of kubernetes resource types, provided they have the correct annotations. -In this section we describe how to configure pods to be scraped; -for information on how other resource types can be scraped you can -do a `helm template` to get the kubernetes resource definitions, -and then reference the prometheus configuration in the ConfigMap against the prometheus documentation -for [relabel_config](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config) -and [kubernetes_sd_config](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#kubernetes_sd_config). - -In order to get prometheus to scrape pods, you must add annotations to the the pods as below: - -``` -metadata: - annotations: - prometheus.io/scrape: "true" - prometheus.io/path: /metrics - prometheus.io/port: "8080" -spec: -... -``` - -You should adjust `prometheus.io/path` based on the URL that your pod serves metrics from. -`prometheus.io/port` should be set to the port that your pod serves metrics from. -Note that the values for `prometheus.io/scrape` and `prometheus.io/port` must be -enclosed in double quotes. - -## Configuration - -The following table lists the configurable parameters of the Prometheus chart and their default values. - -Parameter | Description | Default ---------- | ----------- | ------- -`alertmanager.enabled` | If true, create alertmanager | `true` -`alertmanager.name` | alertmanager container name | `alertmanager` -`alertmanager.image.repository` | alertmanager container image repository | `prom/alertmanager` -`alertmanager.image.tag` | alertmanager container image tag | `v0.20.0` -`alertmanager.image.pullPolicy` | alertmanager container image pull policy | `IfNotPresent` -`alertmanager.prefixURL` | The prefix slug at which the server can be accessed | `` -`alertmanager.baseURL` | The external url at which the server can be accessed | `"http://localhost:9093"` -`alertmanager.extraArgs` | Additional alertmanager container arguments | `{}` -`alertmanager.extraSecretMounts` | Additional alertmanager Secret mounts | `[]` -`alertmanager.configMapOverrideName` | Prometheus alertmanager ConfigMap override where full-name is `{{.Release.Name}}-{{.Values.alertmanager.configMapOverrideName}}` and setting this value will prevent the default alertmanager ConfigMap from being generated | `""` -`alertmanager.configFromSecret` | The name of a secret in the same kubernetes namespace which contains the Alertmanager config, setting this value will prevent the default alertmanager ConfigMap from being generated | `""` -`alertmanager.configFileName` | The configuration file name to be loaded to alertmanager. Must match the key within configuration loaded from ConfigMap/Secret. | `alertmanager.yml` -`alertmanager.ingress.enabled` | If true, alertmanager Ingress will be created | `false` -`alertmanager.ingress.annotations` | alertmanager Ingress annotations | `{}` -`alertmanager.ingress.extraLabels` | alertmanager Ingress additional labels | `{}` -`alertmanager.ingress.hosts` | alertmanager Ingress hostnames | `[]` -`alertmanager.ingress.extraPaths` | Ingress extra paths to prepend to every alertmanager host configuration. Useful when configuring [custom actions with AWS ALB Ingress Controller](https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/ingress/annotation/#actions) | `[]` -`alertmanager.ingress.tls` | alertmanager Ingress TLS configuration (YAML) | `[]` -`alertmanager.nodeSelector` | node labels for alertmanager pod assignment | `{}` -`alertmanager.tolerations` | node taints to tolerate (requires Kubernetes >=1.6) | `[]` -`alertmanager.affinity` | pod affinity | `{}` -`alertmanager.podDisruptionBudget.enabled` | If true, create a PodDisruptionBudget | `false` -`alertmanager.podDisruptionBudget.maxUnavailable` | Maximum unavailable instances in PDB | `1` -`alertmanager.schedulerName` | alertmanager alternate scheduler name | `nil` -`alertmanager.persistentVolume.enabled` | If true, alertmanager will create a Persistent Volume Claim | `true` -`alertmanager.persistentVolume.accessModes` | alertmanager data Persistent Volume access modes | `[ReadWriteOnce]` -`alertmanager.persistentVolume.annotations` | Annotations for alertmanager Persistent Volume Claim | `{}` -`alertmanager.persistentVolume.existingClaim` | alertmanager data Persistent Volume existing claim name | `""` -`alertmanager.persistentVolume.mountPath` | alertmanager data Persistent Volume mount root path | `/data` -`alertmanager.persistentVolume.size` | alertmanager data Persistent Volume size | `2Gi` -`alertmanager.persistentVolume.storageClass` | alertmanager data Persistent Volume Storage Class | `unset` -`alertmanager.persistentVolume.volumeBindingMode` | alertmanager data Persistent Volume Binding Mode | `unset` -`alertmanager.persistentVolume.subPath` | Subdirectory of alertmanager data Persistent Volume to mount | `""` -`alertmanager.podAnnotations` | annotations to be added to alertmanager pods | `{}` -`alertmanager.podLabels` | labels to be added to Prometheus AlertManager pods | `{}` -`alertmanager.podSecurityPolicy.annotations` | Specify pod annotations in the pod security policy | `{}` | -`alertmanager.replicaCount` | desired number of alertmanager pods | `1` -`alertmanager.statefulSet.enabled` | If true, use a statefulset instead of a deployment for pod management | `false` -`alertmanager.statefulSet.podManagementPolicy` | podManagementPolicy of alertmanager pods | `OrderedReady` -`alertmanager.statefulSet.headless.annotations` | annotations for alertmanager headless service | `{}` -`alertmanager.statefulSet.headless.labels` | labels for alertmanager headless service | `{}` -`alertmanager.statefulSet.headless.enableMeshPeer` | If true, enable the mesh peer endpoint for the headless service | `{}` -`alertmanager.statefulSet.headless.servicePort` | alertmanager headless service port | `80` -`alertmanager.priorityClassName` | alertmanager priorityClassName | `nil` -`alertmanager.resources` | alertmanager pod resource requests & limits | `{}` -`alertmanager.securityContext` | Custom [security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for Alert Manager containers | `{}` -`alertmanager.service.annotations` | annotations for alertmanager service | `{}` -`alertmanager.service.clusterIP` | internal alertmanager cluster service IP | `""` -`alertmanager.service.externalIPs` | alertmanager service external IP addresses | `[]` -`alertmanager.service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""` -`alertmanager.service.loadBalancerSourceRanges` | list of IP CIDRs allowed access to load balancer (if supported) | `[]` -`alertmanager.service.servicePort` | alertmanager service port | `80` -`alertmanager.service.sessionAffinity` | Session Affinity for alertmanager service, can be `None` or `ClientIP` | `None` -`alertmanager.service.type` | type of alertmanager service to create | `ClusterIP` -`alertmanager.strategy` | Deployment strategy | `{ "type": "RollingUpdate" }` -`alertmanagerFiles.alertmanager.yml` | Prometheus alertmanager configuration | example configuration -`configmapReload.prometheus.enabled` | If false, the configmap-reload container for Prometheus will not be deployed | `true` -`configmapReload.prometheus.name` | configmap-reload container name | `configmap-reload` -`configmapReload.prometheus.image.repository` | configmap-reload container image repository | `jimmidyson/configmap-reload` -`configmapReload.prometheus.image.tag` | configmap-reload container image tag | `v0.3.0` -`configmapReload.prometheus.image.pullPolicy` | configmap-reload container image pull policy | `IfNotPresent` -`configmapReload.prometheus.extraArgs` | Additional configmap-reload container arguments | `{}` -`configmapReload.prometheus.extraVolumeDirs` | Additional configmap-reload volume directories | `{}` -`configmapReload.prometheus.extraConfigmapMounts` | Additional configmap-reload configMap mounts | `[]` -`configmapReload.prometheus.resources` | configmap-reload pod resource requests & limits | `{}` -`configmapReload.alertmanager.enabled` | If false, the configmap-reload container for AlertManager will not be deployed | `true` -`configmapReload.alertmanager.name` | configmap-reload container name | `configmap-reload` -`configmapReload.alertmanager.image.repository` | configmap-reload container image repository | `jimmidyson/configmap-reload` -`configmapReload.alertmanager.image.tag` | configmap-reload container image tag | `v0.3.0` -`configmapReload.alertmanager.image.pullPolicy` | configmap-reload container image pull policy | `IfNotPresent` -`configmapReload.alertmanager.extraArgs` | Additional configmap-reload container arguments | `{}` -`configmapReload.alertmanager.extraVolumeDirs` | Additional configmap-reload volume directories | `{}` -`configmapReload.alertmanager.extraConfigmapMounts` | Additional configmap-reload configMap mounts | `[]` -`configmapReload.alertmanager.resources` | configmap-reload pod resource requests & limits | `{}` -`initChownData.enabled` | If false, don't reset data ownership at startup | true -`initChownData.name` | init-chown-data container name | `init-chown-data` -`initChownData.image.repository` | init-chown-data container image repository | `busybox` -`initChownData.image.tag` | init-chown-data container image tag | `latest` -`initChownData.image.pullPolicy` | init-chown-data container image pull policy | `IfNotPresent` -`initChownData.resources` | init-chown-data pod resource requests & limits | `{}` -`kubeStateMetrics.enabled` | If true, create kube-state-metrics sub-chart, see the [kube-state-metrics chart for configuration options](https://github.com/helm/charts/tree/master/stable/kube-state-metrics) | `true` -`nodeExporter.enabled` | If true, create node-exporter | `true` -`nodeExporter.name` | node-exporter container name | `node-exporter` -`nodeExporter.image.repository` | node-exporter container image repository| `prom/node-exporter` -`nodeExporter.image.tag` | node-exporter container image tag | `v0.18.1` -`nodeExporter.image.pullPolicy` | node-exporter container image pull policy | `IfNotPresent` -`nodeExporter.extraArgs` | Additional node-exporter container arguments | `{}` -`nodeExporter.extraHostPathMounts` | Additional node-exporter hostPath mounts | `[]` -`nodeExporter.extraConfigmapMounts` | Additional node-exporter configMap mounts | `[]` -`nodeExporter.hostNetwork` | If true, node-exporter pods share the host network namespace | `true` -`nodeExporter.hostPID` | If true, node-exporter pods share the host PID namespace | `true` -`nodeExporter.nodeSelector` | node labels for node-exporter pod assignment | `{}` -`nodeExporter.podAnnotations` | annotations to be added to node-exporter pods | `{}` -`nodeExporter.pod.labels` | labels to be added to node-exporter pods | `{}` -`nodeExporter.podDisruptionBudget.enabled` | If true, create a PodDisruptionBudget | `false` -`nodeExporter.podDisruptionBudget.maxUnavailable` | Maximum unavailable instances in PDB | `1` -`nodeExporter.podSecurityPolicy.annotations` | Specify pod annotations in the pod security policy | `{}` | -`nodeExporter.podSecurityPolicy.enabled` | Specify if a Pod Security Policy for node-exporter must be created | `false` -`nodeExporter.tolerations` | node taints to tolerate (requires Kubernetes >=1.6) | `[]` -`nodeExporter.priorityClassName` | node-exporter priorityClassName | `nil` -`nodeExporter.resources` | node-exporter resource requests and limits (YAML) | `{}` -`nodeExporter.securityContext` | securityContext for containers in pod | `{}` -`nodeExporter.service.annotations` | annotations for node-exporter service | `{prometheus.io/scrape: "true"}` -`nodeExporter.service.clusterIP` | internal node-exporter cluster service IP | `None` -`nodeExporter.service.externalIPs` | node-exporter service external IP addresses | `[]` -`nodeExporter.service.hostPort` | node-exporter service host port | `9100` -`nodeExporter.service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""` -`nodeExporter.service.loadBalancerSourceRanges` | list of IP CIDRs allowed access to load balancer (if supported) | `[]` -`nodeExporter.service.servicePort` | node-exporter service port | `9100` -`nodeExporter.service.type` | type of node-exporter service to create | `ClusterIP` -`podSecurityPolicy.enabled` | If true, create & use pod security policies resources | `false` -`pushgateway.enabled` | If true, create pushgateway | `true` -`pushgateway.name` | pushgateway container name | `pushgateway` -`pushgateway.image.repository` | pushgateway container image repository | `prom/pushgateway` -`pushgateway.image.tag` | pushgateway container image tag | `v1.0.1` -`pushgateway.image.pullPolicy` | pushgateway container image pull policy | `IfNotPresent` -`pushgateway.extraArgs` | Additional pushgateway container arguments | `{}` -`pushgateway.ingress.enabled` | If true, pushgateway Ingress will be created | `false` -`pushgateway.ingress.annotations` | pushgateway Ingress annotations | `{}` -`pushgateway.ingress.hosts` | pushgateway Ingress hostnames | `[]` -`pushgateway.ingress.extraPaths` | Ingress extra paths to prepend to every pushgateway host configuration. Useful when configuring [custom actions with AWS ALB Ingress Controller](https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/ingress/annotation/#actions) | `[]` -`pushgateway.ingress.tls` | pushgateway Ingress TLS configuration (YAML) | `[]` -`pushgateway.nodeSelector` | node labels for pushgateway pod assignment | `{}` -`pushgateway.podAnnotations` | annotations to be added to pushgateway pods | `{}` -`pushgateway.podSecurityPolicy.annotations` | Specify pod annotations in the pod security policy | `{}` | -`pushgateway.tolerations` | node taints to tolerate (requires Kubernetes >=1.6) | `[]` -`pushgateway.replicaCount` | desired number of pushgateway pods | `1` -`pushgateway.podDisruptionBudget.enabled` | If true, create a PodDisruptionBudget | `false` -`pushgateway.podDisruptionBudget.maxUnavailable` | Maximum unavailable instances in PDB | `1` -`pushgateway.schedulerName` | pushgateway alternate scheduler name | `nil` -`pushgateway.persistentVolume.enabled` | If true, Prometheus pushgateway will create a Persistent Volume Claim | `false` -`pushgateway.persistentVolume.accessModes` | Prometheus pushgateway data Persistent Volume access modes | `[ReadWriteOnce]` -`pushgateway.persistentVolume.annotations` | Prometheus pushgateway data Persistent Volume annotations | `{}` -`pushgateway.persistentVolume.existingClaim` | Prometheus pushgateway data Persistent Volume existing claim name | `""` -`pushgateway.persistentVolume.mountPath` | Prometheus pushgateway data Persistent Volume mount root path | `/data` -`pushgateway.persistentVolume.size` | Prometheus pushgateway data Persistent Volume size | `2Gi` -`pushgateway.persistentVolume.storageClass` | Prometheus pushgateway data Persistent Volume Storage Class | `unset` -`pushgateway.persistentVolume.volumeBindingMode` | Prometheus pushgateway data Persistent Volume Binding Mode | `unset` -`pushgateway.persistentVolume.subPath` | Subdirectory of Prometheus server data Persistent Volume to mount | `""` -`pushgateway.priorityClassName` | pushgateway priorityClassName | `nil` -`pushgateway.resources` | pushgateway pod resource requests & limits | `{}` -`pushgateway.service.annotations` | annotations for pushgateway service | `{}` -`pushgateway.service.clusterIP` | internal pushgateway cluster service IP | `""` -`pushgateway.service.externalIPs` | pushgateway service external IP addresses | `[]` -`pushgateway.service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""` -`pushgateway.service.loadBalancerSourceRanges` | list of IP CIDRs allowed access to load balancer (if supported) | `[]` -`pushgateway.service.servicePort` | pushgateway service port | `9091` -`pushgateway.service.type` | type of pushgateway service to create | `ClusterIP` -`pushgateway.strategy` | Deployment strategy | `{ "type": "RollingUpdate" }` -`rbac.create` | If true, create & use RBAC resources | `true` -`server.enabled` | If false, Prometheus server will not be created | `true` -`server.name` | Prometheus server container name | `server` -`server.image.repository` | Prometheus server container image repository | `prom/prometheus` -`server.image.tag` | Prometheus server container image tag | `v2.16.0` -`server.image.pullPolicy` | Prometheus server container image pull policy | `IfNotPresent` -`server.configPath` | Path to a prometheus server config file on the container FS | `/etc/config/prometheus.yml` -`server.global.scrape_interval` | How frequently to scrape targets by default | `1m` -`server.global.scrape_timeout` | How long until a scrape request times out | `10s` -`server.global.evaluation_interval` | How frequently to evaluate rules | `1m` -`server.remoteWrite` | The remote write feature of Prometheus allow transparently sending samples. | `{}` -`server.remoteRead` | The remote read feature of Prometheus allow transparently receiving samples. | `{}` -`server.extraArgs` | Additional Prometheus server container arguments | `{}` -`server.extraFlags` | Additional Prometheus server container flags | `["web.enable-lifecycle"]` -`server.extraInitContainers` | Init containers to launch alongside the server | `[]` -`server.prefixURL` | The prefix slug at which the server can be accessed | `` -`server.baseURL` | The external url at which the server can be accessed | `` -`server.env` | Prometheus server environment variables | `[]` -`server.extraHostPathMounts` | Additional Prometheus server hostPath mounts | `[]` -`server.extraConfigmapMounts` | Additional Prometheus server configMap mounts | `[]` -`server.extraSecretMounts` | Additional Prometheus server Secret mounts | `[]` -`server.extraVolumeMounts` | Additional Prometheus server Volume mounts | `[]` -`server.extraVolumes` | Additional Prometheus server Volumes | `[]` -`server.configMapOverrideName` | Prometheus server ConfigMap override where full-name is `{{.Release.Name}}-{{.Values.server.configMapOverrideName}}` and setting this value will prevent the default server ConfigMap from being generated | `""` -`server.ingress.enabled` | If true, Prometheus server Ingress will be created | `false` -`server.ingress.annotations` | Prometheus server Ingress annotations | `[]` -`server.ingress.extraLabels` | Prometheus server Ingress additional labels | `{}` -`server.ingress.hosts` | Prometheus server Ingress hostnames | `[]` -`server.ingress.extraPaths` | Ingress extra paths to prepend to every Prometheus server host configuration. Useful when configuring [custom actions with AWS ALB Ingress Controller](https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/ingress/annotation/#actions) | `[]` -`server.ingress.tls` | Prometheus server Ingress TLS configuration (YAML) | `[]` -`server.nodeSelector` | node labels for Prometheus server pod assignment | `{}` -`server.tolerations` | node taints to tolerate (requires Kubernetes >=1.6) | `[]` -`server.affinity` | pod affinity | `{}` -`server.podDisruptionBudget.enabled` | If true, create a PodDisruptionBudget | `false` -`server.podDisruptionBudget.maxUnavailable` | Maximum unavailable instances in PDB | `1` -`server.priorityClassName` | Prometheus server priorityClassName | `nil` -`server.schedulerName` | Prometheus server alternate scheduler name | `nil` -`server.persistentVolume.enabled` | If true, Prometheus server will create a Persistent Volume Claim | `true` -`server.persistentVolume.accessModes` | Prometheus server data Persistent Volume access modes | `[ReadWriteOnce]` -`server.persistentVolume.annotations` | Prometheus server data Persistent Volume annotations | `{}` -`server.persistentVolume.existingClaim` | Prometheus server data Persistent Volume existing claim name | `""` -`server.persistentVolume.mountPath` | Prometheus server data Persistent Volume mount root path | `/data` -`server.persistentVolume.size` | Prometheus server data Persistent Volume size | `8Gi` -`server.persistentVolume.storageClass` | Prometheus server data Persistent Volume Storage Class | `unset` -`server.persistentVolume.volumeBindingMode` | Prometheus server data Persistent Volume Binding Mode | `unset` -`server.persistentVolume.subPath` | Subdirectory of Prometheus server data Persistent Volume to mount | `""` -`server.emptyDir.sizeLimit` | emptyDir sizeLimit if a Persistent Volume is not used | `""` -`server.podAnnotations` | annotations to be added to Prometheus server pods | `{}` -`server.podLabels` | labels to be added to Prometheus server pods | `{}` -`server.alertmanagers` | Prometheus AlertManager configuration for the Prometheus server | `{}` -`server.deploymentAnnotations` | annotations to be added to Prometheus server deployment | `{}` -`server.podSecurityPolicy.annotations` | Specify pod annotations in the pod security policy | `{}` | -`server.replicaCount` | desired number of Prometheus server pods | `1` -`server.statefulSet.enabled` | If true, use a statefulset instead of a deployment for pod management | `false` -`server.statefulSet.annotations` | annotations to be added to Prometheus server stateful set | `{}` -`server.statefulSet.labels` | labels to be added to Prometheus server stateful set | `{}` -`server.statefulSet.podManagementPolicy` | podManagementPolicy of server pods | `OrderedReady` -`server.statefulSet.headless.annotations` | annotations for Prometheus server headless service | `{}` -`server.statefulSet.headless.labels` | labels for Prometheus server headless service | `{}` -`server.statefulSet.headless.servicePort` | Prometheus server headless service port | `80` -`server.resources` | Prometheus server resource requests and limits | `{}` -`server.verticalAutoscaler.enabled` | If true a VPA object will be created for the controller (either StatefulSet or Deployemnt, based on above configs) | `false` -`server.securityContext` | Custom [security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for server containers | `{}` -`server.service.annotations` | annotations for Prometheus server service | `{}` -`server.service.clusterIP` | internal Prometheus server cluster service IP | `""` -`server.service.externalIPs` | Prometheus server service external IP addresses | `[]` -`server.service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""` -`server.service.loadBalancerSourceRanges` | list of IP CIDRs allowed access to load balancer (if supported) | `[]` -`server.service.nodePort` | Port to be used as the service NodePort (ignored if `server.service.type` is not `NodePort`) | `0` -`server.service.servicePort` | Prometheus server service port | `80` -`server.service.sessionAffinity` | Session Affinity for server service, can be `None` or `ClientIP` | `None` -`server.service.type` | type of Prometheus server service to create | `ClusterIP` -`server.service.gRPC.enabled` | If true, open a second port on the service for gRPC | `false` -`server.service.gRPC.servicePort` | Prometheus service gRPC port, (ignored if `server.service.gRPC.enabled` is not `true`) | `10901` -`server.service.gRPC.nodePort` | Port to be used as gRPC nodePort in the prometheus service | `0` -`server.service.statefulsetReplica.enabled` | If true, send the traffic from the service to only one replica of the replicaset | `false` -`server.service.statefulsetReplica.replica` | Which replica to send the traffice to | `0` -`server.sidecarContainers` | array of snippets with your sidecar containers for prometheus server | `""` -`server.strategy` | Deployment strategy | `{ "type": "RollingUpdate" }` -`serviceAccounts.alertmanager.create` | If true, create the alertmanager service account | `true` -`serviceAccounts.alertmanager.name` | name of the alertmanager service account to use or create | `{{ prometheus.alertmanager.fullname }}` -`serviceAccounts.kubeStateMetrics.create` | If true, create the kubeStateMetrics service account | `true` -`serviceAccounts.kubeStateMetrics.name` | name of the kubeStateMetrics service account to use or create | `{{ prometheus.kubeStateMetrics.fullname }}` -`serviceAccounts.nodeExporter.create` | If true, create the nodeExporter service account | `true` -`serviceAccounts.nodeExporter.name` | name of the nodeExporter service account to use or create | `{{ prometheus.nodeExporter.fullname }}` -`serviceAccounts.pushgateway.create` | If true, create the pushgateway service account | `true` -`serviceAccounts.pushgateway.name` | name of the pushgateway service account to use or create | `{{ prometheus.pushgateway.fullname }}` -`serviceAccounts.server.create` | If true, create the server service account | `true` -`serviceAccounts.server.name` | name of the server service account to use or create | `{{ prometheus.server.fullname }}` -`server.terminationGracePeriodSeconds` | Prometheus server Pod termination grace period | `300` -`server.retention` | (optional) Prometheus data retention | `"15d"` -`serverFiles.alerts` | (Deprecated) Prometheus server alerts configuration | `{}` -`serverFiles.rules` | (Deprecated) Prometheus server rules configuration | `{}` -`serverFiles.alerting_rules.yml` | Prometheus server alerts configuration | `{}` -`serverFiles.recording_rules.yml` | Prometheus server rules configuration | `{}` -`serverFiles.prometheus.yml` | Prometheus server scrape configuration | example configuration -`extraScrapeConfigs` | Prometheus server additional scrape configuration | "" -`alertRelabelConfigs` | Prometheus server [alert relabeling configs](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs) for H/A prometheus | "" -`networkPolicy.enabled` | Enable NetworkPolicy | `false` | - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```console -$ helm install stable/prometheus --name my-release \ - --set server.terminationGracePeriodSeconds=360 -``` - -Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, - -```console -$ helm install stable/prometheus --name my-release -f values.yaml -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -Note that you have multiple yaml files. This is particularly useful when you have alerts belonging to multiple services in the cluster. For example, - -```yaml -# values.yaml -# ... - -# service1-alert.yaml -serverFiles: - alerts: - service1: - - alert: anAlert - # ... - -# service2-alert.yaml -serverFiles: - alerts: - service2: - - alert: anAlert - # ... -``` - -```console -$ helm install stable/prometheus --name my-release -f values.yaml -f service1-alert.yaml -f service2-alert.yaml -``` - -### RBAC Configuration -Roles and RoleBindings resources will be created automatically for `server` and `kubeStateMetrics` services. - -To manually setup RBAC you need to set the parameter `rbac.create=false` and specify the service account to be used for each service by setting the parameters: `serviceAccounts.{{ component }}.create` to `false` and `serviceAccounts.{{ component }}.name` to the name of a pre-existing service account. - -> **Tip**: You can refer to the default `*-clusterrole.yaml` and `*-clusterrolebinding.yaml` files in [templates](templates/) to customize your own. - -### ConfigMap Files -AlertManager is configured through [alertmanager.yml](https://prometheus.io/docs/alerting/configuration/). This file (and any others listed in `alertmanagerFiles`) will be mounted into the `alertmanager` pod. - -Prometheus is configured through [prometheus.yml](https://prometheus.io/docs/operating/configuration/). This file (and any others listed in `serverFiles`) will be mounted into the `server` pod. - -### Ingress TLS -If your cluster allows automatic creation/retrieval of TLS certificates (e.g. [kube-lego](https://github.com/jetstack/kube-lego)), please refer to the documentation for that mechanism. - -To manually configure TLS, first create/retrieve a key & certificate pair for the address(es) you wish to protect. Then create a TLS secret in the namespace: - -```console -kubectl create secret tls prometheus-server-tls --cert=path/to/tls.cert --key=path/to/tls.key -``` - -Include the secret's name, along with the desired hostnames, in the alertmanager/server Ingress TLS section of your custom `values.yaml` file: - -```yaml -server: - ingress: - ## If true, Prometheus server Ingress will be created - ## - enabled: true - - ## Prometheus server Ingress hostnames - ## Must be provided if Ingress is enabled - ## - hosts: - - prometheus.domain.com - - ## Prometheus server Ingress TLS configuration - ## Secrets must be manually created in the namespace - ## - tls: - - secretName: prometheus-server-tls - hosts: - - prometheus.domain.com -``` - -### NetworkPolicy - -Enabling Network Policy for Prometheus will secure connections to Alert Manager -and Kube State Metrics by only accepting connections from Prometheus Server. -All inbound connections to Prometheus Server are still allowed. - -To enable network policy for Prometheus, install a networking plugin that -implements the Kubernetes NetworkPolicy spec, and set `networkPolicy.enabled` to true. - -If NetworkPolicy is enabled for Prometheus' scrape targets, you may also need -to manually create a networkpolicy which allows it. diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/charts/kube-state-metrics/.helmignore b/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/charts/kube-state-metrics/.helmignore deleted file mode 100644 index f0c131944..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/charts/kube-state-metrics/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/charts/kube-state-metrics/Chart.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/charts/kube-state-metrics/Chart.yaml deleted file mode 100644 index 7752ccb44..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/charts/kube-state-metrics/Chart.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v1 -appVersion: 1.9.5 -description: Install kube-state-metrics to generate and expose cluster-level metrics -home: https://github.com/kubernetes/kube-state-metrics/ -keywords: -- metric -- monitoring -- prometheus -- kubernetes -maintainers: -- email: jose@armesto.net - name: fiunchinho -- email: tariq.ibrahim@mulesoft.com - name: tariq1890 -- email: manuel@rueg.eu - name: mrueg -name: kube-state-metrics -sources: -- https://github.com/kubernetes/kube-state-metrics/ -version: 2.7.2 diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/charts/kube-state-metrics/OWNERS b/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/charts/kube-state-metrics/OWNERS deleted file mode 100644 index 6ffd97d74..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/charts/kube-state-metrics/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -approvers: -- fiunchinho -- tariq1890 -- mrueg -reviewers: -- fiunchinho -- tariq1890 -- mrueg diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/charts/kube-state-metrics/README.md b/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/charts/kube-state-metrics/README.md deleted file mode 100644 index 5c6456983..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/charts/kube-state-metrics/README.md +++ /dev/null @@ -1,73 +0,0 @@ -# kube-state-metrics Helm Chart - -* Installs the [kube-state-metrics agent](https://github.com/kubernetes/kube-state-metrics). - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```bash -$ helm install stable/kube-state-metrics -``` - -## Configuration - -| Parameter | Description | Default | -|:---------------------------------------------|:--------------------------------------------------------------------------------------|:-------------------------------------------| -| `image.repository` | The image repository to pull from | quay.io/coreos/kube-state-metrics | -| `image.tag` | The image tag to pull from | `v1.9.5` | -| `image.pullPolicy` | Image pull policy | `IfNotPresent` | -| `replicas` | Number of replicas | `1` | -| `autosharding.enabled` | Set to `true` to automatically shard data across `replicas` pods. EXPERIMENTAL | `false` | -| `service.port` | The port of the container | `8080` | -| `service.annotations` | Annotations to be added to the service | `{}` | -| `customLabels` | Custom labels to apply to service, deployment and pods | `{}` | -| `hostNetwork` | Whether or not to use the host network | `false` | -| `prometheusScrape` | Whether or not enable prom scrape | `true` | -| `rbac.create` | If true, create & use RBAC resources | `true` | -| `serviceAccount.create` | If true, create & use serviceAccount | `true` | -| `serviceAccount.name` | If not set & create is true, use template fullname | | -| `serviceAccount.imagePullSecrets` | Specify image pull secrets field | `[]` | -| `podSecurityPolicy.enabled` | If true, create & use PodSecurityPolicy resources | `false` | -| `podSecurityPolicy.annotations` | Specify pod annotations in the pod security policy | {} | -| `securityContext.enabled` | Enable security context | `true` | -| `securityContext.fsGroup` | Group ID for the container | `65534` | -| `securityContext.runAsUser` | User ID for the container | `65534` | -| `priorityClassName` | Name of Priority Class to assign pods | `nil` | -| `nodeSelector` | Node labels for pod assignment | {} | -| `affinity` | Affinity settings for pod assignment | {} | -| `tolerations` | Tolerations for pod assignment | [] | -| `podAnnotations` | Annotations to be added to the pod | {} | -| `resources` | kube-state-metrics resource requests and limits | {} | -| `collectors.certificatesigningrequests` | Enable the certificatesigningrequests collector. | `true` | -| `collectors.configmaps` | Enable the configmaps collector. | `true` | -| `collectors.cronjobs` | Enable the cronjobs collector. | `true` | -| `collectors.daemonsets` | Enable the daemonsets collector. | `true` | -| `collectors.deployments` | Enable the deployments collector. | `true` | -| `collectors.endpoints` | Enable the endpoints collector. | `true` | -| `collectors.horizontalpodautoscalers` | Enable the horizontalpodautoscalers collector. | `true` | -| `collectors.ingresses` | Enable the ingresses collector. | `true` | -| `collectors.jobs` | Enable the jobs collector. | `true` | -| `collectors.limitranges` | Enable the limitranges collector. | `true` | -| `collectors.mutatingwebhookconfigurations` | Enable the mutatingwebhookconfigurations collector. | `false` | -| `collectors.namespaces` | Enable the namespaces collector. | `true` | -| `collectors.nodes` | Enable the nodes collector. | `true` | -| `collectors.persistentvolumeclaims` | Enable the persistentvolumeclaims collector. | `true` | -| `collectors.persistentvolumes` | Enable the persistentvolumes collector. | `true` | -| `collectors.poddisruptionbudgets` | Enable the poddisruptionbudgets collector. | `true` | -| `collectors.pods` | Enable the pods collector. | `true` | -| `collectors.replicasets` | Enable the replicasets collector. | `true` | -| `collectors.replicationcontrollers` | Enable the replicationcontrollers collector. | `true` | -| `collectors.resourcequotas` | Enable the resourcequotas collector. | `true` | -| `collectors.secrets` | Enable the secrets collector. | `true` | -| `collectors.services` | Enable the services collector. | `true` | -| `collectors.statefulsets` | Enable the statefulsets collector. | `true` | -| `collectors.storageclasses` | Enable the storageclasses collector. | `true` | -| `collectors.validatingwebhookconfigurations` | Enable the validatingwebhookconfigurations collector. | `false` | -| `collectors.verticalpodautoscalers` | Enable the verticalpodautoscalers collector. | `false` | -| `collectors.volumeattachments` | Enable the volumeattachments collector. | `false` | -| `prometheus.monitor.enabled` | Set this to `true` to create ServiceMonitor for Prometheus operator | `false` | -| `prometheus.monitor.additionalLabels` | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus | `{}` | -| `prometheus.monitor.namespace` | Namespace where servicemonitor resource should be created | `the same namespace as kube-state-metrics` | -| `prometheus.monitor.honorLabels` | Honor metric labels | `false` | -| `namespaceOverride` | Override the deployment namespace | `""` (`Release.Namespace`) | diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/charts/kube-state-metrics/templates/NOTES.txt b/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/charts/kube-state-metrics/templates/NOTES.txt deleted file mode 100644 index 5a646e0cc..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/charts/kube-state-metrics/templates/NOTES.txt +++ /dev/null @@ -1,10 +0,0 @@ -kube-state-metrics is a simple service that listens to the Kubernetes API server and generates metrics about the state of the objects. -The exposed metrics can be found here: -https://github.com/kubernetes/kube-state-metrics/blob/master/docs/README.md#exposed-metrics - -The metrics are exported on the HTTP endpoint /metrics on the listening port. -In your case, {{ template "kube-state-metrics.fullname" . }}.{{ template "kube-state-metrics.namespace" . }}.svc.cluster.local:{{ .Values.service.port }}/metrics - -They are served either as plaintext or protobuf depending on the Accept header. -They are designed to be consumed either by Prometheus itself or by a scraper that is compatible with scraping a Prometheus client endpoint. - diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/charts/kube-state-metrics/templates/_helpers.tpl b/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/charts/kube-state-metrics/templates/_helpers.tpl deleted file mode 100644 index 6ae0e647f..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/charts/kube-state-metrics/templates/_helpers.tpl +++ /dev/null @@ -1,47 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "kube-state-metrics.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "kube-state-metrics.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "kube-state-metrics.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "kube-state-metrics.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Allow the release namespace to be overridden for multi-namespace deployments in combined charts -*/}} -{{- define "kube-state-metrics.namespace" -}} - {{- if .Values.namespaceOverride -}} - {{- .Values.namespaceOverride -}} - {{- else -}} - {{- .Release.Namespace -}} - {{- end -}} -{{- end -}} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/charts/kube-state-metrics/templates/clusterrole.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/charts/kube-state-metrics/templates/clusterrole.yaml deleted file mode 100644 index 319aec16c..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/charts/kube-state-metrics/templates/clusterrole.yaml +++ /dev/null @@ -1,180 +0,0 @@ -{{- if .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - name: {{ template "kube-state-metrics.fullname" . }} -rules: -{{ if .Values.collectors.certificatesigningrequests }} -- apiGroups: ["certificates.k8s.io"] - resources: - - certificatesigningrequests - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.configmaps }} -- apiGroups: [""] - resources: - - configmaps - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.cronjobs }} -- apiGroups: ["batch"] - resources: - - cronjobs - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.daemonsets }} -- apiGroups: ["extensions", "apps"] - resources: - - daemonsets - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.deployments }} -- apiGroups: ["extensions", "apps"] - resources: - - deployments - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.endpoints }} -- apiGroups: [""] - resources: - - endpoints - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.horizontalpodautoscalers }} -- apiGroups: ["autoscaling"] - resources: - - horizontalpodautoscalers - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.ingresses }} -- apiGroups: ["extensions", "networking.k8s.io"] - resources: - - ingresses - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.jobs }} -- apiGroups: ["batch"] - resources: - - jobs - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.limitranges }} -- apiGroups: [""] - resources: - - limitranges - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.mutatingwebhookconfigurations }} -- apiGroups: ["admissionregistration.k8s.io"] - resources: - - mutatingwebhookconfigurations - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.namespaces }} -- apiGroups: [""] - resources: - - namespaces - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.networkpolicies }} -- apiGroups: ["networking.k8s.io"] - resources: - - networkpolicies - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.nodes }} -- apiGroups: [""] - resources: - - nodes - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.persistentvolumeclaims }} -- apiGroups: [""] - resources: - - persistentvolumeclaims - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.persistentvolumes }} -- apiGroups: [""] - resources: - - persistentvolumes - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.poddisruptionbudgets }} -- apiGroups: ["policy"] - resources: - - poddisruptionbudgets - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.pods }} -- apiGroups: [""] - resources: - - pods - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.replicasets }} -- apiGroups: ["extensions", "apps"] - resources: - - replicasets - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.replicationcontrollers }} -- apiGroups: [""] - resources: - - replicationcontrollers - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.resourcequotas }} -- apiGroups: [""] - resources: - - resourcequotas - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.secrets }} -- apiGroups: [""] - resources: - - secrets - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.services }} -- apiGroups: [""] - resources: - - services - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.statefulsets }} -- apiGroups: ["apps"] - resources: - - statefulsets - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.storageclasses }} -- apiGroups: ["storage.k8s.io"] - resources: - - storageclasses - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.validatingwebhookconfigurations }} -- apiGroups: ["admissionregistration.k8s.io"] - resources: - - validatingwebhookconfigurations - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.volumeattachments }} -- apiGroups: ["storage.k8s.io"] - resources: - - volumeattachments - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.verticalpodautoscalers }} -- apiGroups: ["autoscaling.k8s.io"] - resources: - - verticalpodautoscalers - verbs: ["list", "watch"] -{{ end -}} -{{- end -}} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/charts/kube-state-metrics/templates/clusterrolebinding.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/charts/kube-state-metrics/templates/clusterrolebinding.yaml deleted file mode 100644 index 4635985aa..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/charts/kube-state-metrics/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - name: {{ template "kube-state-metrics.fullname" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kube-state-metrics.fullname" . }} -subjects: -- kind: ServiceAccount - name: {{ template "kube-state-metrics.fullname" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} -{{- end -}} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/charts/kube-state-metrics/templates/deployment.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/charts/kube-state-metrics/templates/deployment.yaml deleted file mode 100644 index b6affcc20..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/charts/kube-state-metrics/templates/deployment.yaml +++ /dev/null @@ -1,186 +0,0 @@ -apiVersion: apps/v1 -{{- if .Values.autosharding.enabled }} -kind: StatefulSet -{{- else }} -kind: Deployment -{{- end }} -metadata: - name: {{ template "kube-state-metrics.fullname" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} - labels: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - app.kubernetes.io/instance: "{{ .Release.Name }}" - app.kubernetes.io/managed-by: "{{ .Release.Service }}" -{{- if .Values.customLabels }} -{{ toYaml .Values.customLabels | indent 4 }} -{{- end }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} - replicas: {{ .Values.replicas }} -{{- if .Values.autosharding.enabled }} - serviceName: {{ template "kube-state-metrics.fullname" . }} - volumeClaimTemplates: [] -{{- end }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} - app.kubernetes.io/instance: "{{ .Release.Name }}" -{{- if .Values.customLabels }} -{{ toYaml .Values.customLabels | indent 8 }} -{{- end }} -{{- if .Values.podAnnotations }} - annotations: -{{ toYaml .Values.podAnnotations | indent 8 }} -{{- end }} - spec: - hostNetwork: {{ .Values.hostNetwork }} - serviceAccountName: {{ template "kube-state-metrics.serviceAccountName" . }} - {{- if .Values.securityContext.enabled }} - securityContext: - fsGroup: {{ .Values.securityContext.fsGroup }} - runAsUser: {{ .Values.securityContext.runAsUser }} - {{- end }} - {{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName }} - {{- end }} - containers: - - name: {{ .Chart.Name }} -{{- if .Values.autosharding.enabled }} - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace -{{- end }} - args: -{{ if .Values.collectors.certificatesigningrequests }} - - --collectors=certificatesigningrequests -{{ end }} -{{ if .Values.collectors.configmaps }} - - --collectors=configmaps -{{ end }} -{{ if .Values.collectors.cronjobs }} - - --collectors=cronjobs -{{ end }} -{{ if .Values.collectors.daemonsets }} - - --collectors=daemonsets -{{ end }} -{{ if .Values.collectors.deployments }} - - --collectors=deployments -{{ end }} -{{ if .Values.collectors.endpoints }} - - --collectors=endpoints -{{ end }} -{{ if .Values.collectors.horizontalpodautoscalers }} - - --collectors=horizontalpodautoscalers -{{ end }} -{{ if .Values.collectors.ingresses }} - - --collectors=ingresses -{{ end }} -{{ if .Values.collectors.jobs }} - - --collectors=jobs -{{ end }} -{{ if .Values.collectors.limitranges }} - - --collectors=limitranges -{{ end }} -{{ if .Values.collectors.mutatingwebhookconfigurations }} - - --collectors=mutatingwebhookconfigurations -{{ end }} -{{ if .Values.collectors.namespaces }} - - --collectors=namespaces -{{ end }} -{{ if .Values.collectors.networkpolicies }} - - --collectors=networkpolicies -{{ end }} -{{ if .Values.collectors.nodes }} - - --collectors=nodes -{{ end }} -{{ if .Values.collectors.persistentvolumeclaims }} - - --collectors=persistentvolumeclaims -{{ end }} -{{ if .Values.collectors.persistentvolumes }} - - --collectors=persistentvolumes -{{ end }} -{{ if .Values.collectors.poddisruptionbudgets }} - - --collectors=poddisruptionbudgets -{{ end }} -{{ if .Values.collectors.pods }} - - --collectors=pods -{{ end }} -{{ if .Values.collectors.replicasets }} - - --collectors=replicasets -{{ end }} -{{ if .Values.collectors.replicationcontrollers }} - - --collectors=replicationcontrollers -{{ end }} -{{ if .Values.collectors.resourcequotas }} - - --collectors=resourcequotas -{{ end }} -{{ if .Values.collectors.secrets }} - - --collectors=secrets -{{ end }} -{{ if .Values.collectors.services }} - - --collectors=services -{{ end }} -{{ if .Values.collectors.statefulsets }} - - --collectors=statefulsets -{{ end }} -{{ if .Values.collectors.storageclasses }} - - --collectors=storageclasses -{{ end }} -{{ if .Values.collectors.validatingwebhookconfigurations }} - - --collectors=validatingwebhookconfigurations -{{ end }} -{{ if .Values.collectors.verticalpodautoscalers }} - - --collectors=verticalpodautoscalers -{{ end }} -{{ if .Values.collectors.volumeattachments }} - - --collectors=volumeattachments -{{ end }} -{{ if .Values.namespace }} - - --namespace={{ .Values.namespace }} -{{ end }} -{{ if .Values.autosharding.enabled }} - - --pod=$(POD_NAME) - - --pod-namespace=$(POD_NAMESPACE) -{{ end }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - ports: - - containerPort: 8080 - livenessProbe: - httpGet: - path: /healthz - port: 8080 - initialDelaySeconds: 5 - timeoutSeconds: 5 - readinessProbe: - httpGet: - path: / - port: 8080 - initialDelaySeconds: 5 - timeoutSeconds: 5 -{{- if .Values.resources }} - resources: -{{ toYaml .Values.resources | indent 10 }} -{{- end }} -{{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 8 }} -{{- end }} -{{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 8 }} -{{- end }} -{{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 8 }} -{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/charts/kube-state-metrics/templates/podsecuritypolicy.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/charts/kube-state-metrics/templates/podsecuritypolicy.yaml deleted file mode 100644 index aeff11791..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/charts/kube-state-metrics/templates/podsecuritypolicy.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if .Values.podSecurityPolicy.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "kube-state-metrics.fullname" . }} - labels: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} -{{- if .Values.podSecurityPolicy.annotations }} - annotations: -{{ toYaml .Values.podSecurityPolicy.annotations | indent 4 }} -{{- end }} -spec: - privileged: false - volumes: - - 'secret' - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'MustRunAsNonRoot' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - readOnlyRootFilesystem: false -{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/charts/kube-state-metrics/templates/psp-clusterrole.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/charts/kube-state-metrics/templates/psp-clusterrole.yaml deleted file mode 100644 index dcd65e13e..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/charts/kube-state-metrics/templates/psp-clusterrole.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and .Values.podSecurityPolicy.enabled -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - name: psp-{{ template "kube-state-metrics.fullname" . }} -rules: -- apiGroups: ['extensions'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "kube-state-metrics.fullname" . }} -{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/charts/kube-state-metrics/templates/psp-clusterrolebinding.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/charts/kube-state-metrics/templates/psp-clusterrolebinding.yaml deleted file mode 100644 index a206e640d..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/charts/kube-state-metrics/templates/psp-clusterrolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if and .Values.podSecurityPolicy.enabled -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - name: psp-{{ template "kube-state-metrics.fullname" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: psp-{{ template "kube-state-metrics.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ template "kube-state-metrics.fullname" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} -{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/charts/kube-state-metrics/templates/service.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/charts/kube-state-metrics/templates/service.yaml deleted file mode 100644 index 5dacf5217..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/charts/kube-state-metrics/templates/service.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "kube-state-metrics.fullname" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} - labels: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - app.kubernetes.io/instance: "{{ .Release.Name }}" - app.kubernetes.io/managed-by: "{{ .Release.Service }}" -{{- if .Values.customLabels }} -{{ toYaml .Values.customLabels | indent 4 }} -{{- end }} - annotations: - {{- if .Values.prometheusScrape }} - prometheus.io/scrape: '{{ .Values.prometheusScrape }}' - {{- end }} - {{- if .Values.service.annotations }} - {{- toYaml .Values.service.annotations | nindent 4 }} - {{- end }} -spec: - type: "{{ .Values.service.type }}" - ports: - - name: "http" - protocol: TCP - port: {{ .Values.service.port }} - {{- if .Values.service.nodePort }} - nodePort: {{ .Values.service.nodePort }} - {{- end }} - targetPort: 8080 -{{- if .Values.service.loadBalancerIP }} - loadBalancerIP: "{{ .Values.service.loadBalancerIP }}" -{{- end }} - selector: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/charts/kube-state-metrics/templates/serviceaccount.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/charts/kube-state-metrics/templates/serviceaccount.yaml deleted file mode 100644 index 32bb1640f..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/charts/kube-state-metrics/templates/serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - name: {{ template "kube-state-metrics.fullname" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} -imagePullSecrets: -{{ toYaml .Values.serviceAccount.imagePullSecrets | indent 2 }} -{{- end -}} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/charts/kube-state-metrics/templates/servicemonitor.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/charts/kube-state-metrics/templates/servicemonitor.yaml deleted file mode 100644 index 54cde362d..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/charts/kube-state-metrics/templates/servicemonitor.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if .Values.prometheus.monitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "kube-state-metrics.fullname" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} - labels: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - app.kubernetes.io/instance: "{{ .Release.Name }}" - app.kubernetes.io/managed-by: "{{ .Release.Service }}" - {{- if .Values.prometheus.monitor.additionalLabels }} -{{ toYaml .Values.prometheus.monitor.additionalLabels | indent 4 }} - {{- end }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - endpoints: - - port: http - {{- if .Values.prometheus.monitor.honorLabels }} - honorLabels: true - {{- end }} -{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/charts/kube-state-metrics/templates/stsdiscovery-role.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/charts/kube-state-metrics/templates/stsdiscovery-role.yaml deleted file mode 100644 index bf5396072..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/charts/kube-state-metrics/templates/stsdiscovery-role.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{- if and .Values.autosharding.enabled .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} - labels: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} -rules: -- apiGroups: - - "" - resources: - - pods - verbs: - - get -- apiGroups: - - apps - resourceNames: - - kube-state-metrics - resources: - - statefulsets - verbs: - - get -{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml deleted file mode 100644 index 6a2e5bfe7..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if and .Values.autosharding.enabled .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} - labels: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ template "kube-state-metrics.fullname" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} -{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/charts/kube-state-metrics/values.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/charts/kube-state-metrics/values.yaml deleted file mode 100644 index 888ca544b..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/charts/kube-state-metrics/values.yaml +++ /dev/null @@ -1,126 +0,0 @@ -# Default values for kube-state-metrics. -prometheusScrape: true -image: - repository: quay.io/coreos/kube-state-metrics - tag: v1.9.5 - pullPolicy: IfNotPresent - -# If set to true, this will deploy kube-state-metrics as a StatefulSet and the data -# will be automatically sharded across <.Values.replicas> pods using the built-in -# autodiscovery feature: https://github.com/kubernetes/kube-state-metrics#automated-sharding -# This is an experimental feature and there are no stability guarantees. -autosharding: - enabled: false - -replicas: 1 - -service: - port: 8080 - # Default to clusterIP for backward compatibility - type: ClusterIP - nodePort: 0 - loadBalancerIP: "" - annotations: {} - -customLabels: {} - -hostNetwork: false - -rbac: - # If true, create & use RBAC resources - create: true - -serviceAccount: - # Specifies whether a ServiceAccount should be created, require rbac true - create: true - # The name of the ServiceAccount to use. - # If not set and create is true, a name is generated using the fullname template - name: - # Reference to one or more secrets to be used when pulling images - # ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - imagePullSecrets: [] - -prometheus: - monitor: - enabled: false - additionalLabels: {} - namespace: "" - honorLabels: false - -## Specify if a Pod Security Policy for kube-state-metrics must be created -## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ -## -podSecurityPolicy: - enabled: false - annotations: {} - ## Specify pod annotations - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl - ## - # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' - # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' - # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' - - -securityContext: - enabled: true - runAsUser: 65534 - fsGroup: 65534 - -## Node labels for pod assignment -## Ref: https://kubernetes.io/docs/user-guide/node-selection/ -nodeSelector: {} - -## Affinity settings for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ -affinity: {} - -## Tolerations for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -tolerations: [] - -# Annotations to be added to the pod -podAnnotations: {} - -## Assign a PriorityClassName to pods if set -# priorityClassName: "" - -# Available collectors for kube-state-metrics. By default all available -# collectors are enabled. -collectors: - certificatesigningrequests: true - configmaps: true - cronjobs: true - daemonsets: true - deployments: true - endpoints: true - horizontalpodautoscalers: true - ingresses: true - jobs: true - limitranges: true - mutatingwebhookconfigurations: false - namespaces: true - networkpolicies: false - nodes: true - persistentvolumeclaims: true - persistentvolumes: true - poddisruptionbudgets: true - pods: true - replicasets: true - replicationcontrollers: true - resourcequotas: true - secrets: false - services: true - statefulsets: true - storageclasses: true - validatingwebhookconfigurations: false - verticalpodautoscalers: false - volumeattachments: false - -# Namespace to be enabled for collecting resources. By default all namespaces are collected. -# namespace: "" - -## Override the deployment namespace -## -namespaceOverride: "" diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/requirements.lock b/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/requirements.lock deleted file mode 100644 index 4a4bde218..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/requirements.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: kube-state-metrics - repository: https://kubernetes-charts.storage.googleapis.com/ - version: 2.7.2 -digest: sha256:695d0dbc2db8bccf5672145697546891da60ff12fbdb4f1bfc02459f4b755e4c -generated: 2020-03-18T18:57:59.00056179Z diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/requirements.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/requirements.yaml deleted file mode 100644 index 6e079ae7d..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/requirements.yaml +++ /dev/null @@ -1,7 +0,0 @@ -dependencies: - - - name: kube-state-metrics - version: "2.7.*" - repository: https://kubernetes-charts.storage.googleapis.com/ - condition: kubeStateMetrics.enabled - diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/NOTES.txt b/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/NOTES.txt deleted file mode 100644 index 0e8868f0b..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/NOTES.txt +++ /dev/null @@ -1,112 +0,0 @@ -{{- if .Values.server.enabled -}} -The Prometheus server can be accessed via port {{ .Values.server.service.servicePort }} on the following DNS name from within your cluster: -{{ template "prometheus.server.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local - -{{ if .Values.server.ingress.enabled -}} -From outside the cluster, the server URL(s) are: -{{- range .Values.server.ingress.hosts }} -http://{{ . }} -{{- end }} -{{- else }} -Get the Prometheus server URL by running these commands in the same shell: -{{- if contains "NodePort" .Values.server.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "prometheus.server.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.server.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "prometheus.server.fullname" . }}' - - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "prometheus.server.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.server.service.servicePort }} -{{- else if contains "ClusterIP" .Values.server.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "prometheus.name" . }},component={{ .Values.server.name }}" -o jsonpath="{.items[0].metadata.name}") - kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 9090 -{{- end }} -{{- end }} - -{{- if .Values.server.persistentVolume.enabled }} -{{- else }} -################################################################################# -###### WARNING: Persistence is disabled!!! You will lose your data when ##### -###### the Server pod is terminated. ##### -################################################################################# -{{- end }} -{{- end }} - -{{ if .Values.alertmanager.enabled }} -The Prometheus alertmanager can be accessed via port {{ .Values.alertmanager.service.servicePort }} on the following DNS name from within your cluster: -{{ template "prometheus.alertmanager.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local - -{{ if .Values.alertmanager.ingress.enabled -}} -From outside the cluster, the alertmanager URL(s) are: -{{- range .Values.alertmanager.ingress.hosts }} -http://{{ . }} -{{- end }} -{{- else }} -Get the Alertmanager URL by running these commands in the same shell: -{{- if contains "NodePort" .Values.alertmanager.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "prometheus.alertmanager.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.alertmanager.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "prometheus.alertmanager.fullname" . }}' - - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "prometheus.alertmanager.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.alertmanager.service.servicePort }} -{{- else if contains "ClusterIP" .Values.alertmanager.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "prometheus.name" . }},component={{ .Values.alertmanager.name }}" -o jsonpath="{.items[0].metadata.name}") - kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 9093 -{{- end }} -{{- end }} - -{{- if .Values.alertmanager.persistentVolume.enabled }} -{{- else }} -################################################################################# -###### WARNING: Persistence is disabled!!! You will lose your data when ##### -###### the AlertManager pod is terminated. ##### -################################################################################# -{{- end }} -{{- end }} - -{{- if .Values.nodeExporter.podSecurityPolicy.enabled }} -{{- else }} -################################################################################# -###### WARNING: Pod Security Policy has been moved to a global property. ##### -###### use .Values.podSecurityPolicy.enabled with pod-based ##### -###### annotations ##### -###### (e.g. .Values.nodeExporter.podSecurityPolicy.annotations) ##### -################################################################################# -{{- end }} - -{{ if .Values.pushgateway.enabled }} -The Prometheus PushGateway can be accessed via port {{ .Values.pushgateway.service.servicePort }} on the following DNS name from within your cluster: -{{ template "prometheus.pushgateway.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local - -{{ if .Values.pushgateway.ingress.enabled -}} -From outside the cluster, the pushgateway URL(s) are: -{{- range .Values.pushgateway.ingress.hosts }} -http://{{ . }} -{{- end }} -{{- else }} -Get the PushGateway URL by running these commands in the same shell: -{{- if contains "NodePort" .Values.pushgateway.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "prometheus.pushgateway.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.pushgateway.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "prometheus.pushgateway.fullname" . }}' - - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "prometheus.pushgateway.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.pushgateway.service.servicePort }} -{{- else if contains "ClusterIP" .Values.pushgateway.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "prometheus.name" . }},component={{ .Values.pushgateway.name }}" -o jsonpath="{.items[0].metadata.name}") - kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 9091 -{{- end }} -{{- end }} -{{- end }} - -For more information on running Prometheus, visit: -https://prometheus.io/ diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/_helpers.tpl b/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/_helpers.tpl deleted file mode 100644 index 295aa01c5..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/_helpers.tpl +++ /dev/null @@ -1,276 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "prometheus.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "prometheus.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create unified labels for prometheus components -*/}} -{{- define "prometheus.common.matchLabels" -}} -app: {{ template "prometheus.name" . }} -release: {{ .Release.Name }} -{{- end -}} - -{{- define "prometheus.common.metaLabels" -}} -chart: {{ template "prometheus.chart" . }} -heritage: {{ .Release.Service }} -{{- end -}} - -{{- define "prometheus.alertmanager.labels" -}} -{{ include "prometheus.alertmanager.matchLabels" . }} -{{ include "prometheus.common.metaLabels" . }} -{{- end -}} - -{{- define "prometheus.alertmanager.matchLabels" -}} -component: {{ .Values.alertmanager.name | quote }} -{{ include "prometheus.common.matchLabels" . }} -{{- end -}} - -{{- define "prometheus.kubeStateMetrics.labels" -}} -{{ include "prometheus.kubeStateMetrics.matchLabels" . }} -{{ include "prometheus.common.metaLabels" . }} -{{- end -}} - -{{- define "prometheus.kubeStateMetrics.matchLabels" -}} -component: {{ .Values.kubeStateMetrics.name | quote }} -{{ include "prometheus.common.matchLabels" . }} -{{- end -}} - -{{- define "prometheus.nodeExporter.labels" -}} -{{ include "prometheus.nodeExporter.matchLabels" . }} -{{ include "prometheus.common.metaLabels" . }} -{{- end -}} - -{{- define "prometheus.nodeExporter.matchLabels" -}} -component: {{ .Values.nodeExporter.name | quote }} -{{ include "prometheus.common.matchLabels" . }} -{{- end -}} - -{{- define "prometheus.pushgateway.labels" -}} -{{ include "prometheus.pushgateway.matchLabels" . }} -{{ include "prometheus.common.metaLabels" . }} -{{- end -}} - -{{- define "prometheus.pushgateway.matchLabels" -}} -component: {{ .Values.pushgateway.name | quote }} -{{ include "prometheus.common.matchLabels" . }} -{{- end -}} - -{{- define "prometheus.server.labels" -}} -{{ include "prometheus.server.matchLabels" . }} -{{ include "prometheus.common.metaLabels" . }} -{{- end -}} - -{{- define "prometheus.server.matchLabels" -}} -component: {{ .Values.server.name | quote }} -{{ include "prometheus.common.matchLabels" . }} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "prometheus.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create a fully qualified alertmanager name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} - -{{- define "prometheus.alertmanager.fullname" -}} -{{- if .Values.alertmanager.fullnameOverride -}} -{{- .Values.alertmanager.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- printf "%s-%s" .Release.Name .Values.alertmanager.name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s-%s" .Release.Name $name .Values.alertmanager.name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create a fully qualified kube-state-metrics name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "prometheus.kubeStateMetrics.fullname" -}} -{{- if .Values.kubeStateMetrics.fullnameOverride -}} -{{- .Values.kubeStateMetrics.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- printf "%s-%s" .Release.Name .Values.kubeStateMetrics.name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s-%s" .Release.Name $name .Values.kubeStateMetrics.name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create a fully qualified node-exporter name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "prometheus.nodeExporter.fullname" -}} -{{- if .Values.nodeExporter.fullnameOverride -}} -{{- .Values.nodeExporter.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- printf "%s-%s" .Release.Name .Values.nodeExporter.name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s-%s" .Release.Name $name .Values.nodeExporter.name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create a fully qualified Prometheus server name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "prometheus.server.fullname" -}} -{{- if .Values.server.fullnameOverride -}} -{{- .Values.server.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- printf "%s-%s" .Release.Name .Values.server.name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s-%s" .Release.Name $name .Values.server.name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create a fully qualified pushgateway name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "prometheus.pushgateway.fullname" -}} -{{- if .Values.pushgateway.fullnameOverride -}} -{{- .Values.pushgateway.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- printf "%s-%s" .Release.Name .Values.pushgateway.name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s-%s" .Release.Name $name .Values.pushgateway.name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for deployment. -*/}} -{{- define "prometheus.deployment.apiVersion" -}} -{{- if semverCompare "<1.9-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "extensions/v1beta1" -}} -{{- else if semverCompare "^1.9-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} -{{/* -Return the appropriate apiVersion for daemonset. -*/}} -{{- define "prometheus.daemonset.apiVersion" -}} -{{- if semverCompare "<1.9-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "extensions/v1beta1" -}} -{{- else if semverCompare "^1.9-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} -{{/* -Return the appropriate apiVersion for networkpolicy. -*/}} -{{- define "prometheus.networkPolicy.apiVersion" -}} -{{- if semverCompare ">=1.4-0, <1.7-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "extensions/v1beta1" -}} -{{- else if semverCompare "^1.7-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "networking.k8s.io/v1" -}} -{{- end -}} -{{- end -}} -{{/* -Return the appropriate apiVersion for podsecuritypolicy. -*/}} -{{- define "prometheus.podSecurityPolicy.apiVersion" -}} -{{- if semverCompare ">=1.3-0, <1.10-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "extensions/v1beta1" -}} -{{- else if semverCompare "^1.10-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "policy/v1beta1" -}} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the service account to use for the alertmanager component -*/}} -{{- define "prometheus.serviceAccountName.alertmanager" -}} -{{- if .Values.serviceAccounts.alertmanager.create -}} - {{ default (include "prometheus.alertmanager.fullname" .) .Values.serviceAccounts.alertmanager.name }} -{{- else -}} - {{ default "default" .Values.serviceAccounts.alertmanager.name }} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the service account to use for the kubeStateMetrics component -*/}} -{{- define "prometheus.serviceAccountName.kubeStateMetrics" -}} -{{- if .Values.serviceAccounts.kubeStateMetrics.create -}} - {{ default (include "prometheus.kubeStateMetrics.fullname" .) .Values.serviceAccounts.kubeStateMetrics.name }} -{{- else -}} - {{ default "default" .Values.serviceAccounts.kubeStateMetrics.name }} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the service account to use for the nodeExporter component -*/}} -{{- define "prometheus.serviceAccountName.nodeExporter" -}} -{{- if .Values.serviceAccounts.nodeExporter.create -}} - {{ default (include "prometheus.nodeExporter.fullname" .) .Values.serviceAccounts.nodeExporter.name }} -{{- else -}} - {{ default "default" .Values.serviceAccounts.nodeExporter.name }} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the service account to use for the pushgateway component -*/}} -{{- define "prometheus.serviceAccountName.pushgateway" -}} -{{- if .Values.serviceAccounts.pushgateway.create -}} - {{ default (include "prometheus.pushgateway.fullname" .) .Values.serviceAccounts.pushgateway.name }} -{{- else -}} - {{ default "default" .Values.serviceAccounts.pushgateway.name }} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the service account to use for the server component -*/}} -{{- define "prometheus.serviceAccountName.server" -}} -{{- if .Values.serviceAccounts.server.create -}} - {{ default (include "prometheus.server.fullname" .) .Values.serviceAccounts.server.name }} -{{- else -}} - {{ default "default" .Values.serviceAccounts.server.name }} -{{- end -}} -{{- end -}} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/alertmanager-clusterrole.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/alertmanager-clusterrole.yaml deleted file mode 100644 index 9bec69257..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/alertmanager-clusterrole.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if and .Values.alertmanager.enabled .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - labels: - {{- include "prometheus.alertmanager.labels" . | nindent 4 }} - name: {{ template "prometheus.alertmanager.fullname" . }} -rules: -{{- if .Values.podSecurityPolicy.enabled }} - - apiGroups: - - extensions - resources: - - podsecuritypolicies - verbs: - - use - resourceNames: - - {{ template "prometheus.alertmanager.fullname" . }} -{{- else }} - [] -{{- end }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/alertmanager-clusterrolebinding.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/alertmanager-clusterrolebinding.yaml deleted file mode 100644 index a058c7121..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/alertmanager-clusterrolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if and .Values.alertmanager.enabled .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding -metadata: - labels: - {{- include "prometheus.alertmanager.labels" . | nindent 4 }} - name: {{ template "prometheus.alertmanager.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ template "prometheus.serviceAccountName.alertmanager" . }} - namespace: {{ .Release.Namespace }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "prometheus.alertmanager.fullname" . }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/alertmanager-configmap.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/alertmanager-configmap.yaml deleted file mode 100644 index 09708915c..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/alertmanager-configmap.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if and .Values.alertmanager.enabled (and (empty .Values.alertmanager.configMapOverrideName) (empty .Values.alertmanager.configFromSecret)) -}} -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - {{- include "prometheus.alertmanager.labels" . | nindent 4 }} - name: {{ template "prometheus.alertmanager.fullname" . }} -data: -{{- $root := . -}} -{{- range $key, $value := .Values.alertmanagerFiles }} - {{- if $key | regexMatch ".*\\.ya?ml$" }} - {{ $key }}: | -{{ toYaml $value | default "{}" | indent 4 }} - {{- else }} - {{ $key }}: {{ toYaml $value | indent 4 }} - {{- end }} -{{- end -}} -{{- end -}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/alertmanager-deployment.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/alertmanager-deployment.yaml deleted file mode 100644 index 892204ab2..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/alertmanager-deployment.yaml +++ /dev/null @@ -1,141 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if and .Values.alertmanager.enabled (not .Values.alertmanager.statefulSet.enabled) -}} -apiVersion: {{ template "prometheus.deployment.apiVersion" . }} -kind: Deployment -metadata: - labels: - {{- include "prometheus.alertmanager.labels" . | nindent 4 }} - name: {{ template "prometheus.alertmanager.fullname" . }} -spec: - selector: - matchLabels: - {{- include "prometheus.alertmanager.matchLabels" . | nindent 6 }} - replicas: {{ .Values.alertmanager.replicaCount }} - {{- if .Values.alertmanager.strategy }} - strategy: -{{ toYaml .Values.alertmanager.strategy | indent 4 }} - {{- end }} - template: - metadata: - {{- if .Values.alertmanager.podAnnotations }} - annotations: -{{ toYaml .Values.alertmanager.podAnnotations | indent 8 }} - {{- end }} - labels: - {{- include "prometheus.alertmanager.labels" . | nindent 8 }} - {{- if .Values.alertmanager.podLabels}} - {{ toYaml .Values.alertmanager.podLabels | nindent 8 }} - {{- end}} - spec: -{{- if .Values.alertmanager.schedulerName }} - schedulerName: "{{ .Values.alertmanager.schedulerName }}" -{{- end }} - serviceAccountName: {{ template "prometheus.serviceAccountName.alertmanager" . }} -{{- if .Values.alertmanager.priorityClassName }} - priorityClassName: "{{ .Values.alertmanager.priorityClassName }}" -{{- end }} - containers: - - name: {{ template "prometheus.name" . }}-{{ .Values.alertmanager.name }} - image: "{{ .Values.alertmanager.image.repository }}:{{ .Values.alertmanager.image.tag }}" - imagePullPolicy: "{{ .Values.alertmanager.image.pullPolicy }}" - env: - {{- range $key, $value := .Values.alertmanager.extraEnv }} - - name: {{ $key }} - value: {{ $value }} - {{- end }} - - name: POD_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.podIP - args: - - --config.file=/etc/config/{{ .Values.alertmanager.configFileName }} - - --storage.path={{ .Values.alertmanager.persistentVolume.mountPath }} - - --cluster.advertise-address=$(POD_IP):6783 - {{- range $key, $value := .Values.alertmanager.extraArgs }} - - --{{ $key }}={{ $value }} - {{- end }} - {{- if .Values.alertmanager.baseURL }} - - --web.external-url={{ .Values.alertmanager.baseURL }} - {{- end }} - - ports: - - containerPort: 9093 - readinessProbe: - httpGet: - path: {{ .Values.alertmanager.prefixURL }}/-/ready - port: 9093 - initialDelaySeconds: 30 - timeoutSeconds: 30 - resources: -{{ toYaml .Values.alertmanager.resources | indent 12 }} - volumeMounts: - - name: config-volume - mountPath: /etc/config - - name: storage-volume - mountPath: "{{ .Values.alertmanager.persistentVolume.mountPath }}" - subPath: "{{ .Values.alertmanager.persistentVolume.subPath }}" - {{- range .Values.alertmanager.extraSecretMounts }} - - name: {{ .name }} - mountPath: {{ .mountPath }} - subPath: {{ .subPath }} - readOnly: {{ .readOnly }} - {{- end }} - - {{- if .Values.configmapReload.alertmanager.enabled }} - - name: {{ template "prometheus.name" . }}-{{ .Values.alertmanager.name }}-{{ .Values.configmapReload.alertmanager.name }} - image: "{{ .Values.configmapReload.alertmanager.image.repository }}:{{ .Values.configmapReload.alertmanager.image.tag }}" - imagePullPolicy: "{{ .Values.configmapReload.alertmanager.image.pullPolicy }}" - args: - - --volume-dir=/etc/config - - --webhook-url=http://127.0.0.1:9093{{ .Values.alertmanager.prefixURL }}/-/reload - resources: -{{ toYaml .Values.configmapReload.alertmanager.resources | indent 12 }} - volumeMounts: - - name: config-volume - mountPath: /etc/config - readOnly: true - {{- end }} - {{- if .Values.imagePullSecrets }} - imagePullSecrets: - {{ toYaml .Values.imagePullSecrets | indent 2 }} - {{- end }} - {{- if .Values.alertmanager.nodeSelector }} - nodeSelector: -{{ toYaml .Values.alertmanager.nodeSelector | indent 8 }} - {{- end }} - {{- if .Values.alertmanager.securityContext }} - securityContext: -{{ toYaml .Values.alertmanager.securityContext | indent 8 }} - {{- end }} - {{- if .Values.alertmanager.tolerations }} - tolerations: -{{ toYaml .Values.alertmanager.tolerations | indent 8 }} - {{- end }} - {{- if .Values.alertmanager.affinity }} - affinity: -{{ toYaml .Values.alertmanager.affinity | indent 8 }} - {{- end }} - volumes: - - name: config-volume - {{- if empty .Values.alertmanager.configFromSecret }} - configMap: - name: {{ if .Values.alertmanager.configMapOverrideName }}{{ .Release.Name }}-{{ .Values.alertmanager.configMapOverrideName }}{{- else }}{{ template "prometheus.alertmanager.fullname" . }}{{- end }} - {{- else }} - secret: - secretName: {{ .Values.alertmanager.configFromSecret }} - {{- end }} - {{- range .Values.alertmanager.extraSecretMounts }} - - name: {{ .name }} - secret: - secretName: {{ .secretName }} - {{- end }} - - name: storage-volume - {{- if .Values.alertmanager.persistentVolume.enabled }} - persistentVolumeClaim: - claimName: {{ if .Values.alertmanager.persistentVolume.existingClaim }}{{ .Values.alertmanager.persistentVolume.existingClaim }}{{- else }}{{ template "prometheus.alertmanager.fullname" . }}{{- end }} - {{- else }} - emptyDir: {} - {{- end -}} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/alertmanager-ingress.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/alertmanager-ingress.yaml deleted file mode 100644 index dc6ba4418..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/alertmanager-ingress.yaml +++ /dev/null @@ -1,44 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if and .Values.alertmanager.enabled .Values.alertmanager.ingress.enabled -}} -{{- $releaseName := .Release.Name -}} -{{- $serviceName := include "prometheus.alertmanager.fullname" . }} -{{- $servicePort := .Values.alertmanager.service.servicePort -}} -{{- $extraPaths := .Values.alertmanager.ingress.extraPaths -}} -{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} -apiVersion: networking.k8s.io/v1beta1 -{{ else }} -apiVersion: extensions/v1beta1 -{{ end -}} -kind: Ingress -metadata: -{{- if .Values.alertmanager.ingress.annotations }} - annotations: -{{ toYaml .Values.alertmanager.ingress.annotations | indent 4 }} -{{- end }} - labels: - {{- include "prometheus.alertmanager.labels" . | nindent 4 }} -{{- range $key, $value := .Values.alertmanager.ingress.extraLabels }} - {{ $key }}: {{ $value }} -{{- end }} - name: {{ template "prometheus.alertmanager.fullname" . }} -spec: - rules: - {{- range .Values.alertmanager.ingress.hosts }} - {{- $url := splitList "/" . }} - - host: {{ first $url }} - http: - paths: -{{ if $extraPaths }} -{{ toYaml $extraPaths | indent 10 }} -{{- end }} - - path: /{{ rest $url | join "/" }} - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end -}} -{{- if .Values.alertmanager.ingress.tls }} - tls: -{{ toYaml .Values.alertmanager.ingress.tls | indent 4 }} - {{- end -}} -{{- end -}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/alertmanager-networkpolicy.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/alertmanager-networkpolicy.yaml deleted file mode 100644 index 62633d0bc..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/alertmanager-networkpolicy.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if and .Values.alertmanager.enabled .Values.networkPolicy.enabled -}} -apiVersion: {{ template "prometheus.networkPolicy.apiVersion" . }} -kind: NetworkPolicy -metadata: - name: {{ template "prometheus.alertmanager.fullname" . }} - labels: - {{- include "prometheus.alertmanager.labels" . | nindent 4 }} -spec: - podSelector: - matchLabels: - {{- include "prometheus.alertmanager.matchLabels" . | nindent 6 }} - ingress: - - from: - - podSelector: - matchLabels: - {{- include "prometheus.server.matchLabels" . | nindent 12 }} - - ports: - - port: 9093 -{{- end -}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/alertmanager-pdb.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/alertmanager-pdb.yaml deleted file mode 100644 index bb190f23d..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/alertmanager-pdb.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if .Values.alertmanager.podDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ template "prometheus.alertmanager.fullname" . }} - labels: - {{- include "prometheus.alertmanager.labels" . | nindent 4 }} -spec: - maxUnavailable: {{ .Values.alertmanager.podDisruptionBudget.maxUnavailable }} - selector: - matchLabels: - {{- include "prometheus.alertmanager.labels" . | nindent 6 }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/alertmanager-podsecuritypolicy.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/alertmanager-podsecuritypolicy.yaml deleted file mode 100644 index da2fbbd1c..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/alertmanager-podsecuritypolicy.yaml +++ /dev/null @@ -1,50 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if .Values.rbac.create }} -{{- if .Values.podSecurityPolicy.enabled }} -apiVersion: {{ template "prometheus.podSecurityPolicy.apiVersion" . }} -kind: PodSecurityPolicy -metadata: - name: {{ template "prometheus.alertmanager.fullname" . }} - labels: - {{- include "prometheus.alertmanager.labels" . | nindent 4 }} - annotations: -{{- if .Values.alertmanager.podSecurityPolicy.annotations }} -{{ toYaml .Values.alertmanager.podSecurityPolicy.annotations | indent 4 }} -{{- end }} -spec: - privileged: false - allowPrivilegeEscalation: false - requiredDropCapabilities: - - ALL - volumes: - - 'configMap' - - 'persistentVolumeClaim' - - 'emptyDir' - - 'secret' - allowedHostPaths: - - pathPrefix: /etc - readOnly: true - - pathPrefix: {{ .Values.alertmanager.persistentVolume.mountPath }} - hostNetwork: false - hostPID: false - hostIPC: false - runAsUser: - rule: 'RunAsAny' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - readOnlyRootFilesystem: true -{{- end }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/alertmanager-pvc.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/alertmanager-pvc.yaml deleted file mode 100644 index 58de9fd39..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/alertmanager-pvc.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if not .Values.alertmanager.statefulSet.enabled -}} -{{- if and .Values.alertmanager.enabled .Values.alertmanager.persistentVolume.enabled -}} -{{- if not .Values.alertmanager.persistentVolume.existingClaim -}} -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - {{- if .Values.alertmanager.persistentVolume.annotations }} - annotations: -{{ toYaml .Values.alertmanager.persistentVolume.annotations | indent 4 }} - {{- end }} - labels: - {{- include "prometheus.alertmanager.labels" . | nindent 4 }} - name: {{ template "prometheus.alertmanager.fullname" . }} -spec: - accessModes: -{{ toYaml .Values.alertmanager.persistentVolume.accessModes | indent 4 }} -{{- if .Values.alertmanager.persistentVolume.storageClass }} -{{- if (eq "-" .Values.alertmanager.persistentVolume.storageClass) }} - storageClassName: "" -{{- else }} - storageClassName: "{{ .Values.alertmanager.persistentVolume.storageClass }}" -{{- end }} -{{- end }} -{{- if .Values.alertmanager.persistentVolume.volumeBindingMode }} - volumeBindingModeName: "{{ .Values.alertmanager.persistentVolume.volumeBindingMode }}" -{{- end }} - resources: - requests: - storage: "{{ .Values.alertmanager.persistentVolume.size }}" -{{- end -}} -{{- end -}} -{{- end -}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/alertmanager-service-headless.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/alertmanager-service-headless.yaml deleted file mode 100644 index 1519344ba..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/alertmanager-service-headless.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if and .Values.alertmanager.enabled .Values.alertmanager.statefulSet.enabled -}} -apiVersion: v1 -kind: Service -metadata: -{{- if .Values.alertmanager.statefulSet.headless.annotations }} - annotations: -{{ toYaml .Values.alertmanager.statefulSet.headless.annotations | indent 4 }} -{{- end }} - labels: - {{- include "prometheus.alertmanager.labels" . | nindent 4 }} -{{- if .Values.alertmanager.statefulSet.headless.labels }} -{{ toYaml .Values.alertmanager.statefulSet.headless.labels | indent 4 }} -{{- end }} - name: {{ template "prometheus.alertmanager.fullname" . }}-headless -spec: - clusterIP: None - ports: - - name: http - port: {{ .Values.alertmanager.statefulSet.headless.servicePort }} - protocol: TCP - targetPort: 9093 -{{- if .Values.alertmanager.statefulSet.headless.enableMeshPeer }} - - name: meshpeer - port: 6783 - protocol: TCP - targetPort: 6783 -{{- end }} - selector: - {{- include "prometheus.alertmanager.matchLabels" . | nindent 4 }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/alertmanager-service.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/alertmanager-service.yaml deleted file mode 100644 index 9bc45f7c6..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/alertmanager-service.yaml +++ /dev/null @@ -1,54 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if .Values.alertmanager.enabled -}} -apiVersion: v1 -kind: Service -metadata: -{{- if .Values.alertmanager.service.annotations }} - annotations: -{{ toYaml .Values.alertmanager.service.annotations | indent 4 }} -{{- end }} - labels: - {{- include "prometheus.alertmanager.labels" . | nindent 4 }} -{{- if .Values.alertmanager.service.labels }} -{{ toYaml .Values.alertmanager.service.labels | indent 4 }} -{{- end }} - name: {{ template "prometheus.alertmanager.fullname" . }} -spec: -{{- if .Values.alertmanager.service.clusterIP }} - clusterIP: {{ .Values.alertmanager.service.clusterIP }} -{{- end }} -{{- if .Values.alertmanager.service.externalIPs }} - externalIPs: -{{ toYaml .Values.alertmanager.service.externalIPs | indent 4 }} -{{- end }} -{{- if .Values.alertmanager.service.loadBalancerIP }} - loadBalancerIP: {{ .Values.alertmanager.service.loadBalancerIP }} -{{- end }} -{{- if .Values.alertmanager.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: - {{- range $cidr := .Values.alertmanager.service.loadBalancerSourceRanges }} - - {{ $cidr }} - {{- end }} -{{- end }} - ports: - - name: http - port: {{ .Values.alertmanager.service.servicePort }} - protocol: TCP - targetPort: 9093 - {{- if .Values.alertmanager.service.nodePort }} - nodePort: {{ .Values.alertmanager.service.nodePort }} - {{- end }} -{{- if .Values.alertmanager.service.enableMeshPeer }} - - name: meshpeer - port: 6783 - protocol: TCP - targetPort: 6783 -{{- end }} - selector: - {{- include "prometheus.alertmanager.matchLabels" . | nindent 4 }} -{{- if .Values.alertmanager.service.sessionAffinity }} - sessionAffinity: {{ .Values.alertmanager.service.sessionAffinity }} -{{- end }} - type: "{{ .Values.alertmanager.service.type }}" -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/alertmanager-serviceaccount.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/alertmanager-serviceaccount.yaml deleted file mode 100644 index d99c29996..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/alertmanager-serviceaccount.yaml +++ /dev/null @@ -1,10 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if and .Values.alertmanager.enabled .Values.serviceAccounts.alertmanager.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - {{- include "prometheus.alertmanager.labels" . | nindent 4 }} - name: {{ template "prometheus.serviceAccountName.alertmanager" . }} -{{- end -}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/alertmanager-statefulset.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/alertmanager-statefulset.yaml deleted file mode 100644 index 25a9b7a9c..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/alertmanager-statefulset.yaml +++ /dev/null @@ -1,154 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if and .Values.alertmanager.enabled .Values.alertmanager.statefulSet.enabled -}} -apiVersion: apps/v1 -kind: StatefulSet -metadata: - labels: - {{- include "prometheus.alertmanager.labels" . | nindent 4 }} - name: {{ template "prometheus.alertmanager.fullname" . }} -spec: - serviceName: {{ template "prometheus.alertmanager.fullname" . }}-headless - selector: - matchLabels: - {{- include "prometheus.alertmanager.matchLabels" . | nindent 6 }} - replicas: {{ .Values.alertmanager.replicaCount }} - podManagementPolicy: {{ .Values.alertmanager.statefulSet.podManagementPolicy }} - template: - metadata: - {{- if .Values.alertmanager.podAnnotations }} - annotations: -{{ toYaml .Values.alertmanager.podAnnotations | indent 8 }} - {{- end }} - labels: - {{- include "prometheus.alertmanager.labels" . | nindent 8 }} - spec: -{{- if .Values.alertmanager.affinity }} - affinity: -{{ toYaml .Values.alertmanager.affinity | indent 8 }} -{{- end }} -{{- if .Values.alertmanager.schedulerName }} - schedulerName: "{{ .Values.alertmanager.schedulerName }}" -{{- end }} - serviceAccountName: {{ template "prometheus.serviceAccountName.alertmanager" . }} -{{- if .Values.alertmanager.priorityClassName }} - priorityClassName: "{{ .Values.alertmanager.priorityClassName }}" -{{- end }} - containers: - - name: {{ template "prometheus.name" . }}-{{ .Values.alertmanager.name }} - image: "{{ .Values.alertmanager.image.repository }}:{{ .Values.alertmanager.image.tag }}" - imagePullPolicy: "{{ .Values.alertmanager.image.pullPolicy }}" - env: - {{- range $key, $value := .Values.alertmanager.extraEnv }} - - name: {{ $key }} - value: {{ $value }} - {{- end }} - - name: POD_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.podIP - args: - - --config.file=/etc/config/alertmanager.yml - - --storage.path={{ .Values.alertmanager.persistentVolume.mountPath }} - - --cluster.advertise-address=$(POD_IP):6783 - {{- if .Values.alertmanager.statefulSet.headless.enableMeshPeer }} - - --cluster.listen-address=0.0.0.0:6783 - {{- range $n := until (.Values.alertmanager.replicaCount | int) }} - - --cluster.peer={{ template "prometheus.alertmanager.fullname" $ }}-{{ $n }}.{{ template "prometheus.alertmanager.fullname" $ }}-headless:6783 - {{- end }} - {{- end }} - {{- range $key, $value := .Values.alertmanager.extraArgs }} - - --{{ $key }}={{ $value }} - {{- end }} - {{- if .Values.alertmanager.baseURL }} - - --web.external-url={{ .Values.alertmanager.baseURL }} - {{- end }} - - ports: - - containerPort: 9093 - readinessProbe: - httpGet: - path: {{ .Values.alertmanager.prefixURL }}/#/status - port: 9093 - initialDelaySeconds: 30 - timeoutSeconds: 30 - resources: -{{ toYaml .Values.alertmanager.resources | indent 12 }} - volumeMounts: - - name: config-volume - mountPath: /etc/config - - name: storage-volume - mountPath: "{{ .Values.alertmanager.persistentVolume.mountPath }}" - subPath: "{{ .Values.alertmanager.persistentVolume.subPath }}" - {{- range .Values.alertmanager.extraSecretMounts }} - - name: {{ .name }} - mountPath: {{ .mountPath }} - subPath: {{ .subPath }} - readOnly: {{ .readOnly }} - {{- end }} - {{- if .Values.configmapReload.alertmanager.enabled }} - - name: {{ template "prometheus.name" . }}-{{ .Values.alertmanager.name }}-{{ .Values.configmapReload.alertmanager.name }} - image: "{{ .Values.configmapReload.alertmanager.image.repository }}:{{ .Values.configmapReload.alertmanager.image.tag }}" - imagePullPolicy: "{{ .Values.configmapReload.alertmanager.image.pullPolicy }}" - args: - - --volume-dir=/etc/config - - --webhook-url=http://localhost:9093{{ .Values.alertmanager.prefixURL }}/-/reload - resources: -{{ toYaml .Values.configmapReload.alertmanager.resources | indent 12 }} - volumeMounts: - - name: config-volume - mountPath: /etc/config - readOnly: true - {{- end }} - {{- if .Values.imagePullSecrets }} - imagePullSecrets: - {{ toYaml .Values.imagePullSecrets | indent 2 }} - {{- end }} - {{- if .Values.alertmanager.nodeSelector }} - nodeSelector: -{{ toYaml .Values.alertmanager.nodeSelector | indent 8 }} - {{- end }} - {{- if .Values.alertmanager.securityContext }} - securityContext: -{{ toYaml .Values.alertmanager.securityContext | indent 8 }} - {{- end }} - {{- if .Values.alertmanager.tolerations }} - tolerations: -{{ toYaml .Values.alertmanager.tolerations | indent 8 }} - {{- end }} - volumes: - - name: config-volume - configMap: - name: {{ if .Values.alertmanager.configMapOverrideName }}{{ .Release.Name }}-{{ .Values.alertmanager.configMapOverrideName }}{{- else }}{{ template "prometheus.alertmanager.fullname" . }}{{- end }} - {{- range .Values.alertmanager.extraSecretMounts }} - - name: {{ .name }} - secret: - secretName: {{ .secretName }} - {{- end }} -{{- if .Values.alertmanager.persistentVolume.enabled }} - volumeClaimTemplates: - - metadata: - name: storage-volume - {{- if .Values.alertmanager.persistentVolume.annotations }} - annotations: -{{ toYaml .Values.alertmanager.persistentVolume.annotations | indent 10 }} - {{- end }} - spec: - accessModes: -{{ toYaml .Values.alertmanager.persistentVolume.accessModes | indent 10 }} - resources: - requests: - storage: "{{ .Values.alertmanager.persistentVolume.size }}" - {{- if .Values.server.persistentVolume.storageClass }} - {{- if (eq "-" .Values.server.persistentVolume.storageClass) }} - storageClassName: "" - {{- else }} - storageClassName: "{{ .Values.alertmanager.persistentVolume.storageClass }}" - {{- end }} - {{- end }} -{{- else }} - - name: storage-volume - emptyDir: {} -{{- end }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/node-exporter-daemonset.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/node-exporter-daemonset.yaml deleted file mode 100644 index fce0f2714..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/node-exporter-daemonset.yaml +++ /dev/null @@ -1,125 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if .Values.nodeExporter.enabled -}} -apiVersion: {{ template "prometheus.daemonset.apiVersion" . }} -kind: DaemonSet -metadata: -{{- if .Values.nodeExporter.deploymentAnnotations }} - annotations: -{{ toYaml .Values.nodeExporter.deploymentAnnotations | indent 4 }} -{{- end }} - labels: - {{- include "prometheus.nodeExporter.labels" . | nindent 4 }} - name: {{ template "prometheus.nodeExporter.fullname" . }} -spec: - selector: - matchLabels: - {{- include "prometheus.nodeExporter.matchLabels" . | nindent 6 }} - {{- if .Values.nodeExporter.updateStrategy }} - updateStrategy: -{{ toYaml .Values.nodeExporter.updateStrategy | indent 4 }} - {{- end }} - template: - metadata: - {{- if .Values.nodeExporter.podAnnotations }} - annotations: -{{ toYaml .Values.nodeExporter.podAnnotations | indent 8 }} - {{- end }} - labels: - {{- include "prometheus.nodeExporter.labels" . | nindent 8 }} -{{- if .Values.nodeExporter.pod.labels }} -{{ toYaml .Values.nodeExporter.pod.labels | indent 8 }} -{{- end }} - spec: - serviceAccountName: {{ template "prometheus.serviceAccountName.nodeExporter" . }} -{{- if .Values.nodeExporter.priorityClassName }} - priorityClassName: "{{ .Values.nodeExporter.priorityClassName }}" -{{- end }} - containers: - - name: {{ template "prometheus.name" . }}-{{ .Values.nodeExporter.name }} - image: "{{ .Values.nodeExporter.image.repository }}:{{ .Values.nodeExporter.image.tag }}" - imagePullPolicy: "{{ .Values.nodeExporter.image.pullPolicy }}" - args: - - --path.procfs=/host/proc - - --path.sysfs=/host/sys - {{- if .Values.nodeExporter.hostNetwork }} - - --web.listen-address=:{{ .Values.nodeExporter.service.hostPort }} - {{- end }} - {{- range $key, $value := .Values.nodeExporter.extraArgs }} - {{- if $value }} - - --{{ $key }}={{ $value }} - {{- else }} - - --{{ $key }} - {{- end }} - {{- end }} - ports: - - name: metrics - {{- if .Values.nodeExporter.hostNetwork }} - containerPort: {{ .Values.nodeExporter.service.hostPort }} - {{- else }} - containerPort: 9100 - {{- end }} - hostPort: {{ .Values.nodeExporter.service.hostPort }} - resources: -{{ toYaml .Values.nodeExporter.resources | indent 12 }} - volumeMounts: - - name: proc - mountPath: /host/proc - readOnly: true - - name: sys - mountPath: /host/sys - readOnly: true - {{- range .Values.nodeExporter.extraHostPathMounts }} - - name: {{ .name }} - mountPath: {{ .mountPath }} - readOnly: {{ .readOnly }} - {{- if .mountPropagation }} - mountPropagation: {{ .mountPropagation }} - {{- end }} - {{- end }} - {{- range .Values.nodeExporter.extraConfigmapMounts }} - - name: {{ .name }} - mountPath: {{ .mountPath }} - readOnly: {{ .readOnly }} - {{- end }} - {{- if .Values.imagePullSecrets }} - imagePullSecrets: - {{ toYaml .Values.imagePullSecrets | indent 2 }} - {{- end }} - {{- if .Values.nodeExporter.hostNetwork }} - hostNetwork: true - {{- end }} - {{- if .Values.nodeExporter.hostPID }} - hostPID: true - {{- end }} - {{- if .Values.nodeExporter.tolerations }} - tolerations: -{{ toYaml .Values.nodeExporter.tolerations | indent 8 }} - {{- end }} - {{- if .Values.nodeExporter.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeExporter.nodeSelector | indent 8 }} - {{- end }} - {{- if .Values.nodeExporter.securityContext }} - securityContext: -{{ toYaml .Values.nodeExporter.securityContext | indent 8 }} - {{- end }} - volumes: - - name: proc - hostPath: - path: /proc - - name: sys - hostPath: - path: /sys - {{- range .Values.nodeExporter.extraHostPathMounts }} - - name: {{ .name }} - hostPath: - path: {{ .hostPath }} - {{- end }} - {{- range .Values.nodeExporter.extraConfigmapMounts }} - - name: {{ .name }} - configMap: - name: {{ .configMap }} - {{- end }} - -{{- end -}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/node-exporter-podsecuritypolicy.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/node-exporter-podsecuritypolicy.yaml deleted file mode 100644 index 243667dd1..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/node-exporter-podsecuritypolicy.yaml +++ /dev/null @@ -1,57 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if and .Values.nodeExporter.enabled .Values.rbac.create }} -{{- if .Values.podSecurityPolicy.enabled }} -apiVersion: {{ template "prometheus.podSecurityPolicy.apiVersion" . }} -kind: PodSecurityPolicy -metadata: - name: {{ template "prometheus.nodeExporter.fullname" . }} - labels: - {{- include "prometheus.nodeExporter.labels" . | nindent 4 }} - annotations: -{{- if .Values.nodeExporter.podSecurityPolicy.annotations }} -{{ toYaml .Values.nodeExporter.podSecurityPolicy.annotations | indent 4 }} -{{- end }} -spec: - privileged: false - allowPrivilegeEscalation: false - requiredDropCapabilities: - - ALL - volumes: - - 'configMap' - - 'hostPath' - - 'secret' - allowedHostPaths: - - pathPrefix: /proc - readOnly: true - - pathPrefix: /sys - readOnly: true - {{- range .Values.nodeExporter.extraHostPathMounts }} - - pathPrefix: {{ .hostPath }} - readOnly: {{ .readOnly }} - {{- end }} - hostNetwork: {{ .Values.nodeExporter.hostNetwork }} - hostPID: {{ .Values.nodeExporter.hostPID }} - hostIPC: false - runAsUser: - rule: 'RunAsAny' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - readOnlyRootFilesystem: false - hostPorts: - - min: 1 - max: 65535 -{{- end }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/node-exporter-role.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/node-exporter-role.yaml deleted file mode 100644 index 1926db04e..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/node-exporter-role.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if and .Values.nodeExporter.enabled .Values.rbac.create }} -{{- if or (default .Values.nodeExporter.podSecurityPolicy.enabled false) (.Values.podSecurityPolicy.enabled) }} -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: Role -metadata: - name: {{ template "prometheus.nodeExporter.fullname" . }} - labels: - {{- include "prometheus.nodeExporter.labels" . | nindent 4 }} - namespace: {{ .Release.Namespace }} -rules: -- apiGroups: ['extensions'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "prometheus.nodeExporter.fullname" . }} -{{- end }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/node-exporter-rolebinding.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/node-exporter-rolebinding.yaml deleted file mode 100644 index fb39ab64f..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/node-exporter-rolebinding.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if and .Values.nodeExporter.enabled .Values.rbac.create }} -{{- if .Values.podSecurityPolicy.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "prometheus.nodeExporter.fullname" . }} - labels: - {{- include "prometheus.nodeExporter.labels" . | nindent 4 }} - namespace: {{ .Release.Namespace }} -roleRef: - kind: Role - name: {{ template "prometheus.nodeExporter.fullname" . }} - apiGroup: rbac.authorization.k8s.io -subjects: -- kind: ServiceAccount - name: {{ template "prometheus.serviceAccountName.nodeExporter" . }} - namespace: {{ .Release.Namespace }} -{{- end }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/node-exporter-service.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/node-exporter-service.yaml deleted file mode 100644 index 40cbd8d69..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/node-exporter-service.yaml +++ /dev/null @@ -1,46 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if .Values.nodeExporter.enabled -}} -apiVersion: v1 -kind: Service -metadata: -{{- if .Values.nodeExporter.service.annotations }} - annotations: -{{ toYaml .Values.nodeExporter.service.annotations | indent 4 }} -{{- end }} - labels: - {{- include "prometheus.nodeExporter.labels" . | nindent 4 }} -{{- if .Values.nodeExporter.service.labels }} -{{ toYaml .Values.nodeExporter.service.labels | indent 4 }} -{{- end }} - name: {{ template "prometheus.nodeExporter.fullname" . }} -spec: -{{- if .Values.nodeExporter.service.clusterIP }} - clusterIP: {{ .Values.nodeExporter.service.clusterIP }} -{{- end }} -{{- if .Values.nodeExporter.service.externalIPs }} - externalIPs: -{{ toYaml .Values.nodeExporter.service.externalIPs | indent 4 }} -{{- end }} -{{- if .Values.nodeExporter.service.loadBalancerIP }} - loadBalancerIP: {{ .Values.nodeExporter.service.loadBalancerIP }} -{{- end }} -{{- if .Values.nodeExporter.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: - {{- range $cidr := .Values.nodeExporter.service.loadBalancerSourceRanges }} - - {{ $cidr }} - {{- end }} -{{- end }} - ports: - - name: metrics - port: {{ .Values.nodeExporter.service.servicePort }} - protocol: TCP - {{- if .Values.nodeExporter.hostNetwork }} - targetPort: {{ .Values.nodeExporter.service.hostPort }} - {{- else }} - targetPort: 9100 - {{- end }} - selector: - {{- include "prometheus.nodeExporter.matchLabels" . | nindent 4 }} - type: "{{ .Values.nodeExporter.service.type }}" -{{- end -}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/node-exporter-serviceaccount.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/node-exporter-serviceaccount.yaml deleted file mode 100644 index b75c4a4b6..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/node-exporter-serviceaccount.yaml +++ /dev/null @@ -1,10 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if and .Values.nodeExporter.enabled .Values.serviceAccounts.nodeExporter.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - {{- include "prometheus.nodeExporter.labels" . | nindent 4 }} - name: {{ template "prometheus.serviceAccountName.nodeExporter" . }} -{{- end -}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/pushgateway-clusterrole.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/pushgateway-clusterrole.yaml deleted file mode 100644 index 9ea81e4a2..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/pushgateway-clusterrole.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if and .Values.pushgateway.enabled .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - labels: - {{- include "prometheus.pushgateway.labels" . | nindent 4 }} - name: {{ template "prometheus.pushgateway.fullname" . }} -rules: -{{- if .Values.podSecurityPolicy.enabled }} - - apiGroups: - - extensions - resources: - - podsecuritypolicies - verbs: - - use - resourceNames: - - {{ template "prometheus.pushgateway.fullname" . }} -{{- else }} - [] -{{- end }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/pushgateway-clusterrolebinding.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/pushgateway-clusterrolebinding.yaml deleted file mode 100644 index 475d9d63d..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/pushgateway-clusterrolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if and .Values.pushgateway.enabled .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding -metadata: - labels: - {{- include "prometheus.pushgateway.labels" . | nindent 4 }} - name: {{ template "prometheus.pushgateway.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ template "prometheus.serviceAccountName.pushgateway" . }} - namespace: {{ .Release.Namespace }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "prometheus.pushgateway.fullname" . }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/pushgateway-deployment.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/pushgateway-deployment.yaml deleted file mode 100644 index 9dec641fc..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/pushgateway-deployment.yaml +++ /dev/null @@ -1,99 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if .Values.pushgateway.enabled -}} -apiVersion: {{ template "prometheus.deployment.apiVersion" . }} -kind: Deployment -metadata: - labels: - {{- include "prometheus.pushgateway.labels" . | nindent 4 }} - name: {{ template "prometheus.pushgateway.fullname" . }} -spec: - selector: - {{- if .Values.schedulerName }} - schedulerName: "{{ .Values.schedulerName }}" - {{- end }} - matchLabels: - {{- include "prometheus.pushgateway.matchLabels" . | nindent 6 }} - replicas: {{ .Values.pushgateway.replicaCount }} - {{- if .Values.pushgateway.strategy }} - strategy: -{{ toYaml .Values.pushgateway.strategy | indent 4 }} - {{- end }} - template: - metadata: - {{- if .Values.pushgateway.podAnnotations }} - annotations: -{{ toYaml .Values.pushgateway.podAnnotations | indent 8 }} - {{- end }} - labels: - {{- include "prometheus.pushgateway.labels" . | nindent 8 }} - spec: - serviceAccountName: {{ template "prometheus.serviceAccountName.pushgateway" . }} -{{- if .Values.pushgateway.priorityClassName }} - priorityClassName: "{{ .Values.pushgateway.priorityClassName }}" -{{- end }} - containers: - - name: {{ template "prometheus.name" . }}-{{ .Values.pushgateway.name }} - image: "{{ .Values.pushgateway.image.repository }}:{{ .Values.pushgateway.image.tag }}" - imagePullPolicy: "{{ .Values.pushgateway.image.pullPolicy }}" - args: - {{- range $key, $value := .Values.pushgateway.extraArgs }} - - --{{ $key }}={{ $value }} - {{- end }} - ports: - - containerPort: 9091 - livenessProbe: - httpGet: - {{- if (index .Values "pushgateway" "extraArgs" "web.route-prefix") }} - path: /{{ index .Values "pushgateway" "extraArgs" "web.route-prefix" }}/-/healthy - {{- else }} - path: /-/healthy - {{- end }} - port: 9091 - initialDelaySeconds: 10 - timeoutSeconds: 10 - readinessProbe: - httpGet: - {{- if (index .Values "pushgateway" "extraArgs" "web.route-prefix") }} - path: /{{ index .Values "pushgateway" "extraArgs" "web.route-prefix" }}/-/ready - {{- else }} - path: /-/ready - {{- end }} - port: 9091 - initialDelaySeconds: 10 - timeoutSeconds: 10 - resources: -{{ toYaml .Values.pushgateway.resources | indent 12 }} - {{- if .Values.pushgateway.persistentVolume.enabled }} - volumeMounts: - - name: storage-volume - mountPath: "{{ .Values.pushgateway.persistentVolume.mountPath }}" - subPath: "{{ .Values.pushgateway.persistentVolume.subPath }}" - {{- end }} - {{- if .Values.imagePullSecrets }} - imagePullSecrets: - {{ toYaml .Values.imagePullSecrets | indent 2 }} - {{- end }} - {{- if .Values.pushgateway.nodeSelector }} - nodeSelector: -{{ toYaml .Values.pushgateway.nodeSelector | indent 8 }} - {{- end }} - {{- if .Values.pushgateway.securityContext }} - securityContext: -{{ toYaml .Values.pushgateway.securityContext | indent 8 }} - {{- end }} - {{- if .Values.pushgateway.tolerations }} - tolerations: -{{ toYaml .Values.pushgateway.tolerations | indent 8 }} - {{- end }} - {{- if .Values.pushgateway.affinity }} - affinity: -{{ toYaml .Values.pushgateway.affinity | indent 8 }} - {{- end }} - {{- if .Values.pushgateway.persistentVolume.enabled }} - volumes: - - name: storage-volume - persistentVolumeClaim: - claimName: {{ if .Values.pushgateway.persistentVolume.existingClaim }}{{ .Values.pushgateway.persistentVolume.existingClaim }}{{- else }}{{ template "prometheus.pushgateway.fullname" . }}{{- end }} - {{- end -}} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/pushgateway-ingress.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/pushgateway-ingress.yaml deleted file mode 100644 index 422129b6f..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/pushgateway-ingress.yaml +++ /dev/null @@ -1,41 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if and .Values.pushgateway.enabled .Values.pushgateway.ingress.enabled -}} -{{- $releaseName := .Release.Name -}} -{{- $serviceName := include "prometheus.pushgateway.fullname" . }} -{{- $servicePort := .Values.pushgateway.service.servicePort -}} -{{- $extraPaths := .Values.pushgateway.ingress.extraPaths -}} -{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} -apiVersion: networking.k8s.io/v1beta1 -{{ else }} -apiVersion: extensions/v1beta1 -{{ end -}} -kind: Ingress -metadata: -{{- if .Values.pushgateway.ingress.annotations }} - annotations: -{{ toYaml .Values.pushgateway.ingress.annotations | indent 4}} -{{- end }} - labels: - {{- include "prometheus.pushgateway.labels" . | nindent 4 }} - name: {{ template "prometheus.pushgateway.fullname" . }} -spec: - rules: - {{- range .Values.pushgateway.ingress.hosts }} - {{- $url := splitList "/" . }} - - host: {{ first $url }} - http: - paths: -{{ if $extraPaths }} -{{ toYaml $extraPaths | indent 10 }} -{{- end }} - - path: /{{ rest $url | join "/" }} - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end -}} -{{- if .Values.pushgateway.ingress.tls }} - tls: -{{ toYaml .Values.pushgateway.ingress.tls | indent 4 }} - {{- end -}} -{{- end -}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/pushgateway-networkpolicy.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/pushgateway-networkpolicy.yaml deleted file mode 100644 index 70a5ada3b..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/pushgateway-networkpolicy.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if and .Values.pushgateway.enabled .Values.networkPolicy.enabled -}} -apiVersion: {{ template "prometheus.networkPolicy.apiVersion" . }} -kind: NetworkPolicy -metadata: - name: {{ template "prometheus.pushgateway.fullname" . }} - labels: - {{- include "prometheus.pushgateway.labels" . | nindent 4 }} -spec: - podSelector: - matchLabels: - {{- include "prometheus.pushgateway.matchLabels" . | nindent 6 }} - ingress: - - from: - - podSelector: - matchLabels: - {{- include "prometheus.server.matchLabels" . | nindent 12 }} - - ports: - - port: 9091 -{{- end -}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/pushgateway-pdb.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/pushgateway-pdb.yaml deleted file mode 100644 index edf2318fe..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/pushgateway-pdb.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if .Values.pushgateway.podDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ template "prometheus.pushgateway.fullname" . }} - labels: - {{- include "prometheus.pushgateway.labels" . | nindent 4 }} -spec: - maxUnavailable: {{ .Values.pushgateway.podDisruptionBudget.maxUnavailable }} - selector: - matchLabels: - {{- include "prometheus.pushgateway.labels" . | nindent 6 }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/pushgateway-podsecuritypolicy.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/pushgateway-podsecuritypolicy.yaml deleted file mode 100644 index 80617cbc7..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/pushgateway-podsecuritypolicy.yaml +++ /dev/null @@ -1,46 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if .Values.rbac.create }} -{{- if .Values.podSecurityPolicy.enabled }} -apiVersion: {{ template "prometheus.podSecurityPolicy.apiVersion" . }} -kind: PodSecurityPolicy -metadata: - name: {{ template "prometheus.pushgateway.fullname" . }} - labels: - {{- include "prometheus.pushgateway.labels" . | nindent 4 }} - annotations: -{{- if .Values.pushgateway.podSecurityPolicy.annotations }} -{{ toYaml .Values.pushgateway.podSecurityPolicy.annotations | indent 4 }} -{{- end }} -spec: - privileged: false - allowPrivilegeEscalation: false - requiredDropCapabilities: - - ALL - volumes: - - 'persistentVolumeClaim' - - 'secret' - allowedHostPaths: - - pathPrefix: {{ .Values.pushgateway.persistentVolume.mountPath }} - hostNetwork: false - hostPID: false - hostIPC: false - runAsUser: - rule: 'RunAsAny' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - readOnlyRootFilesystem: true -{{- end }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/pushgateway-pvc.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/pushgateway-pvc.yaml deleted file mode 100644 index 5b4eeb937..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/pushgateway-pvc.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if .Values.pushgateway.persistentVolume.enabled -}} -{{- if not .Values.pushgateway.persistentVolume.existingClaim -}} -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - {{- if .Values.pushgateway.persistentVolume.annotations }} - annotations: -{{ toYaml .Values.pushgateway.persistentVolume.annotations | indent 4 }} - {{- end }} - labels: - {{- include "prometheus.pushgateway.labels" . | nindent 4 }} - name: {{ template "prometheus.pushgateway.fullname" . }} -spec: - accessModes: -{{ toYaml .Values.pushgateway.persistentVolume.accessModes | indent 4 }} -{{- if .Values.pushgateway.persistentVolume.storageClass }} -{{- if (eq "-" .Values.pushgateway.persistentVolume.storageClass) }} - storageClassName: "" -{{- else }} - storageClassName: "{{ .Values.pushgateway.persistentVolume.storageClass }}" -{{- end }} -{{- end }} -{{- if .Values.pushgateway.persistentVolume.volumeBindingMode }} - volumeBindingModeName: "{{ .Values.pushgateway.persistentVolume.volumeBindingMode }}" -{{- end }} - resources: - requests: - storage: "{{ .Values.pushgateway.persistentVolume.size }}" -{{- end -}} -{{- end -}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/pushgateway-service.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/pushgateway-service.yaml deleted file mode 100644 index ffcc4a20b..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/pushgateway-service.yaml +++ /dev/null @@ -1,42 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if .Values.pushgateway.enabled -}} -apiVersion: v1 -kind: Service -metadata: -{{- if .Values.pushgateway.service.annotations }} - annotations: -{{ toYaml .Values.pushgateway.service.annotations | indent 4}} -{{- end }} - labels: - {{- include "prometheus.pushgateway.labels" . | nindent 4 }} -{{- if .Values.pushgateway.service.labels }} -{{ toYaml .Values.pushgateway.service.labels | indent 4}} -{{- end }} - name: {{ template "prometheus.pushgateway.fullname" . }} -spec: -{{- if .Values.pushgateway.service.clusterIP }} - clusterIP: {{ .Values.pushgateway.service.clusterIP }} -{{- end }} -{{- if .Values.pushgateway.service.externalIPs }} - externalIPs: -{{ toYaml .Values.pushgateway.service.externalIPs | indent 4 }} -{{- end }} -{{- if .Values.pushgateway.service.loadBalancerIP }} - loadBalancerIP: {{ .Values.pushgateway.service.loadBalancerIP }} -{{- end }} -{{- if .Values.pushgateway.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: - {{- range $cidr := .Values.pushgateway.service.loadBalancerSourceRanges }} - - {{ $cidr }} - {{- end }} -{{- end }} - ports: - - name: http - port: {{ .Values.pushgateway.service.servicePort }} - protocol: TCP - targetPort: 9091 - selector: - {{- include "prometheus.pushgateway.matchLabels" . | nindent 4 }} - type: "{{ .Values.pushgateway.service.type }}" -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/pushgateway-serviceaccount.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/pushgateway-serviceaccount.yaml deleted file mode 100644 index 3b221e43d..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/pushgateway-serviceaccount.yaml +++ /dev/null @@ -1,10 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if and .Values.pushgateway.enabled .Values.serviceAccounts.pushgateway.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - {{- include "prometheus.pushgateway.labels" . | nindent 4 }} - name: {{ template "prometheus.serviceAccountName.pushgateway" . }} -{{- end -}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/server-clusterrole.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/server-clusterrole.yaml deleted file mode 100644 index 410685193..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/server-clusterrole.yaml +++ /dev/null @@ -1,49 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if and .Values.server.enabled .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - labels: - {{- include "prometheus.server.labels" . | nindent 4 }} - name: {{ template "prometheus.server.fullname" . }} -rules: -{{- if .Values.podSecurityPolicy.enabled }} - - apiGroups: - - extensions - resources: - - podsecuritypolicies - verbs: - - use - resourceNames: - - {{ template "prometheus.server.fullname" . }} -{{- end }} - - apiGroups: - - "" - resources: - - nodes - - nodes/proxy - - nodes/metrics - - services - - endpoints - - pods - - ingresses - - configmaps - verbs: - - get - - list - - watch - - apiGroups: - - "extensions" - resources: - - ingresses/status - - ingresses - verbs: - - get - - list - - watch - - nonResourceURLs: - - "/metrics" - verbs: - - get -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/server-clusterrolebinding.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/server-clusterrolebinding.yaml deleted file mode 100644 index a89f3bd76..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/server-clusterrolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if and .Values.server.enabled .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding -metadata: - labels: - {{- include "prometheus.server.labels" . | nindent 4 }} - name: {{ template "prometheus.server.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ template "prometheus.serviceAccountName.server" . }} - namespace: {{ .Release.Namespace }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "prometheus.server.fullname" . }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/server-configmap.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/server-configmap.yaml deleted file mode 100644 index 52a5d5e53..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/server-configmap.yaml +++ /dev/null @@ -1,83 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if .Values.server.enabled -}} -{{- if (empty .Values.server.configMapOverrideName) -}} -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - {{- include "prometheus.server.labels" . | nindent 4 }} - name: {{ template "prometheus.server.fullname" . }} -data: -{{- $root := . -}} -{{- range $key, $value := .Values.serverFiles }} - {{ $key }}: | -{{- if eq $key "prometheus.yml" }} - global: -{{ $root.Values.server.global | toYaml | trimSuffix "\n" | indent 6 }} -{{- if $root.Values.server.remoteWrite }} - remote_write: -{{ $root.Values.server.remoteWrite | toYaml | indent 4 }} -{{- end }} -{{- if $root.Values.server.remoteRead }} - remote_read: -{{ $root.Values.server.remoteRead | toYaml | indent 4 }} -{{- end }} -{{- end }} -{{- if eq $key "alerts" }} -{{- if and (not (empty $value)) (empty $value.groups) }} - groups: -{{- range $ruleKey, $ruleValue := $value }} - - name: {{ $ruleKey -}}.rules - rules: -{{ $ruleValue | toYaml | trimSuffix "\n" | indent 6 }} -{{- end }} -{{- else }} -{{ toYaml $value | indent 4 }} -{{- end }} -{{- else }} -{{ toYaml $value | default "{}" | indent 4 }} -{{- end }} -{{- if eq $key "prometheus.yml" -}} -{{- if $root.Values.extraScrapeConfigs }} -{{ tpl $root.Values.extraScrapeConfigs $root | indent 4 }} -{{- end -}} -{{- if or ($root.Values.alertmanager.enabled) ($root.Values.server.alertmanagers) }} - alerting: -{{- if $root.Values.alertRelabelConfigs }} -{{ $root.Values.alertRelabelConfigs | toYaml | trimSuffix "\n" | indent 6 }} -{{- end }} - alertmanagers: -{{- if $root.Values.server.alertmanagers }} -{{ toYaml $root.Values.server.alertmanagers | indent 8 }} -{{- else }} - - kubernetes_sd_configs: - - role: pod - tls_config: - ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - {{- if $root.Values.alertmanager.prefixURL }} - path_prefix: {{ $root.Values.alertmanager.prefixURL }} - {{- end }} - relabel_configs: - - source_labels: [__meta_kubernetes_namespace] - regex: {{ $root.Release.Namespace }} - action: keep - - source_labels: [__meta_kubernetes_pod_label_app] - regex: {{ template "prometheus.name" $root }} - action: keep - - source_labels: [__meta_kubernetes_pod_label_component] - regex: alertmanager - action: keep - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_probe] - regex: {{ index $root.Values.alertmanager.podAnnotations "prometheus.io/probe" | default ".*" }} - action: keep - - source_labels: [__meta_kubernetes_pod_container_port_number] - regex: - action: drop -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/server-deployment.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/server-deployment.yaml deleted file mode 100644 index 4a1c14f08..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/server-deployment.yaml +++ /dev/null @@ -1,216 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if .Values.server.enabled -}} -{{- if not .Values.server.statefulSet.enabled -}} -apiVersion: {{ template "prometheus.deployment.apiVersion" . }} -kind: Deployment -metadata: -{{- if .Values.server.deploymentAnnotations }} - annotations: -{{ toYaml .Values.server.deploymentAnnotations | indent 4 }} -{{- end }} - labels: - {{- include "prometheus.server.labels" . | nindent 4 }} - name: {{ template "prometheus.server.fullname" . }} -spec: - selector: - matchLabels: - {{- include "prometheus.server.matchLabels" . | nindent 6 }} - replicas: {{ .Values.server.replicaCount }} - {{- if .Values.server.strategy }} - strategy: -{{ toYaml .Values.server.strategy | indent 4 }} - {{- end }} - template: - metadata: - {{- if .Values.server.podAnnotations }} - annotations: -{{ toYaml .Values.server.podAnnotations | indent 8 }} - {{- end }} - labels: - {{- include "prometheus.server.labels" . | nindent 8 }} - {{- if .Values.server.podLabels}} - {{ toYaml .Values.server.podLabels | nindent 8 }} - {{- end}} - spec: -{{- if .Values.server.priorityClassName }} - priorityClassName: "{{ .Values.server.priorityClassName }}" -{{- end }} -{{- if .Values.server.schedulerName }} - schedulerName: "{{ .Values.server.schedulerName }}" -{{- end }} - serviceAccountName: {{ template "prometheus.serviceAccountName.server" . }} - {{- if .Values.server.extraInitContainers }} - initContainers: -{{ toYaml .Values.server.extraInitContainers | indent 8 }} - {{- end }} - containers: - {{- if .Values.configmapReload.prometheus.enabled }} - - name: {{ template "prometheus.name" . }}-{{ .Values.server.name }}-{{ .Values.configmapReload.prometheus.name }} - image: "{{ .Values.configmapReload.prometheus.image.repository }}:{{ .Values.configmapReload.prometheus.image.tag }}" - imagePullPolicy: "{{ .Values.configmapReload.prometheus.image.pullPolicy }}" - args: - - --volume-dir=/etc/config - - --webhook-url=http://127.0.0.1:9090{{ .Values.server.prefixURL }}/-/reload - {{- range $key, $value := .Values.configmapReload.prometheus.extraArgs }} - - --{{ $key }}={{ $value }} - {{- end }} - {{- range .Values.configmapReload.prometheus.extraVolumeDirs }} - - --volume-dir={{ . }} - {{- end }} - resources: -{{ toYaml .Values.configmapReload.prometheus.resources | indent 12 }} - volumeMounts: - - name: config-volume - mountPath: /etc/config - readOnly: true - {{- range .Values.configmapReload.prometheus.extraConfigmapMounts }} - - name: {{ $.Values.configmapReload.prometheus.name }}-{{ .name }} - mountPath: {{ .mountPath }} - subPath: {{ .subPath }} - readOnly: {{ .readOnly }} - {{- end }} - {{- end }} - - - name: {{ template "prometheus.name" . }}-{{ .Values.server.name }} - image: "{{ .Values.server.image.repository }}:{{ .Values.server.image.tag }}" - imagePullPolicy: "{{ .Values.server.image.pullPolicy }}" - {{- if .Values.server.env }} - env: -{{ toYaml .Values.server.env | indent 12}} - {{- end }} - args: - {{- if .Values.server.retention }} - - --storage.tsdb.retention.time={{ .Values.server.retention }} - {{- end }} - - --config.file={{ .Values.server.configPath }} - - --storage.tsdb.path={{ .Values.server.persistentVolume.mountPath }} - - --web.console.libraries=/etc/prometheus/console_libraries - - --web.console.templates=/etc/prometheus/consoles - {{- range .Values.server.extraFlags }} - - --{{ . }} - {{- end }} - {{- if .Values.server.baseURL }} - - --web.external-url={{ .Values.server.baseURL }} - {{- end }} - - {{- range $key, $value := .Values.server.extraArgs }} - - --{{ $key }}={{ $value }} - {{- end }} - ports: - - containerPort: 9090 - readinessProbe: - httpGet: - path: {{ .Values.server.prefixURL }}/-/ready - port: 9090 - initialDelaySeconds: {{ .Values.server.readinessProbeInitialDelay }} - timeoutSeconds: {{ .Values.server.readinessProbeTimeout }} - failureThreshold: {{ .Values.server.readinessProbeFailureThreshold }} - successThreshold: {{ .Values.server.readinessProbeSuccessThreshold }} - livenessProbe: - httpGet: - path: {{ .Values.server.prefixURL }}/-/healthy - port: 9090 - initialDelaySeconds: {{ .Values.server.livenessProbeInitialDelay }} - timeoutSeconds: {{ .Values.server.livenessProbeTimeout }} - failureThreshold: {{ .Values.server.livenessProbeFailureThreshold }} - successThreshold: {{ .Values.server.livenessProbeSuccessThreshold }} - resources: -{{ toYaml .Values.server.resources | indent 12 }} - volumeMounts: - - name: config-volume - mountPath: /etc/config - - name: storage-volume - mountPath: {{ .Values.server.persistentVolume.mountPath }} - subPath: "{{ .Values.server.persistentVolume.subPath }}" - {{- range .Values.server.extraHostPathMounts }} - - name: {{ .name }} - mountPath: {{ .mountPath }} - subPath: {{ .subPath }} - readOnly: {{ .readOnly }} - {{- end }} - {{- range .Values.server.extraConfigmapMounts }} - - name: {{ $.Values.server.name }}-{{ .name }} - mountPath: {{ .mountPath }} - subPath: {{ .subPath }} - readOnly: {{ .readOnly }} - {{- end }} - {{- range .Values.server.extraSecretMounts }} - - name: {{ .name }} - mountPath: {{ .mountPath }} - subPath: {{ .subPath }} - readOnly: {{ .readOnly }} - {{- end }} - {{- if .Values.server.extraVolumeMounts }} - {{ toYaml .Values.server.extraVolumeMounts | nindent 12 }} - {{- end }} - {{- if .Values.server.sidecarContainers }} - {{- toYaml .Values.server.sidecarContainers | nindent 8 }} - {{- end }} - {{- if .Values.imagePullSecrets }} - imagePullSecrets: - {{ toYaml .Values.imagePullSecrets | indent 2 }} - {{- end }} - {{- if .Values.server.nodeSelector }} - nodeSelector: -{{ toYaml .Values.server.nodeSelector | indent 8 }} - {{- end }} - {{- if .Values.server.securityContext }} - securityContext: -{{ toYaml .Values.server.securityContext | indent 8 }} - {{- end }} - {{- if .Values.server.tolerations }} - tolerations: -{{ toYaml .Values.server.tolerations | indent 8 }} - {{- end }} - {{- if .Values.server.affinity }} - affinity: -{{ toYaml .Values.server.affinity | indent 8 }} - {{- end }} - terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }} - volumes: - - name: config-volume - configMap: - name: {{ if .Values.server.configMapOverrideName }}{{ .Release.Name }}-{{ .Values.server.configMapOverrideName }}{{- else }}{{ template "prometheus.server.fullname" . }}{{- end }} - - name: storage-volume - {{- if .Values.server.persistentVolume.enabled }} - persistentVolumeClaim: - claimName: {{ if .Values.server.persistentVolume.existingClaim }}{{ .Values.server.persistentVolume.existingClaim }}{{- else }}{{ template "prometheus.server.fullname" . }}{{- end }} - {{- else }} - emptyDir: - {{- if .Values.server.emptyDir.sizeLimit }} - sizeLimit: {{ .Values.server.emptyDir.sizeLimit }} - {{- else }} - {} - {{- end -}} - {{- end -}} -{{- if .Values.server.extraVolumes }} -{{ toYaml .Values.server.extraVolumes | indent 8}} -{{- end }} - {{- range .Values.server.extraHostPathMounts }} - - name: {{ .name }} - hostPath: - path: {{ .hostPath }} - {{- end }} - {{- range .Values.configmapReload.prometheus.extraConfigmapMounts }} - - name: {{ $.Values.configmapReload.prometheus.name }}-{{ .name }} - configMap: - name: {{ .configMap }} - {{- end }} - {{- range .Values.server.extraConfigmapMounts }} - - name: {{ $.Values.server.name }}-{{ .name }} - configMap: - name: {{ .configMap }} - {{- end }} - {{- range .Values.server.extraSecretMounts }} - - name: {{ .name }} - secret: - secretName: {{ .secretName }} - {{- end }} - {{- range .Values.configmapReload.prometheus.extraConfigmapMounts }} - - name: {{ .name }} - configMap: - name: {{ .configMap }} - {{- end }} -{{- end -}} -{{- end -}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/server-ingress.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/server-ingress.yaml deleted file mode 100644 index 4cdca92a3..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/server-ingress.yaml +++ /dev/null @@ -1,46 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if .Values.server.enabled -}} -{{- if .Values.server.ingress.enabled -}} -{{- $releaseName := .Release.Name -}} -{{- $serviceName := include "prometheus.server.fullname" . }} -{{- $servicePort := .Values.server.service.servicePort -}} -{{- $extraPaths := .Values.server.ingress.extraPaths -}} -{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} -apiVersion: networking.k8s.io/v1beta1 -{{ else }} -apiVersion: extensions/v1beta1 -{{ end -}} -kind: Ingress -metadata: -{{- if .Values.server.ingress.annotations }} - annotations: -{{ toYaml .Values.server.ingress.annotations | indent 4 }} -{{- end }} - labels: - {{- include "prometheus.server.labels" . | nindent 4 }} -{{- range $key, $value := .Values.server.ingress.extraLabels }} - {{ $key }}: {{ $value }} -{{- end }} - name: {{ template "prometheus.server.fullname" . }} -spec: - rules: - {{- range .Values.server.ingress.hosts }} - {{- $url := splitList "/" . }} - - host: {{ first $url }} - http: - paths: -{{ if $extraPaths }} -{{ toYaml $extraPaths | indent 10 }} -{{- end }} - - path: /{{ rest $url | join "/" }} - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end -}} -{{- if .Values.server.ingress.tls }} - tls: -{{ toYaml .Values.server.ingress.tls | indent 4 }} - {{- end -}} -{{- end -}} -{{- end -}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/server-networkpolicy.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/server-networkpolicy.yaml deleted file mode 100644 index 152f3a967..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/server-networkpolicy.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if .Values.server.enabled -}} -{{- if .Values.networkPolicy.enabled }} -apiVersion: {{ template "prometheus.networkPolicy.apiVersion" . }} -kind: NetworkPolicy -metadata: - name: {{ template "prometheus.server.fullname" . }} - labels: - {{- include "prometheus.server.labels" . | nindent 4 }} -spec: - podSelector: - matchLabels: - {{- include "prometheus.server.matchLabels" . | nindent 6 }} - ingress: - - ports: - - port: 9090 -{{- end }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/server-pdb.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/server-pdb.yaml deleted file mode 100644 index ec90cd5c9..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/server-pdb.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if .Values.server.podDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ template "prometheus.server.fullname" . }} - labels: - {{- include "prometheus.server.labels" . | nindent 4 }} -spec: - maxUnavailable: {{ .Values.server.podDisruptionBudget.maxUnavailable }} - selector: - matchLabels: - {{- include "prometheus.server.labels" . | nindent 6 }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/server-podsecuritypolicy.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/server-podsecuritypolicy.yaml deleted file mode 100644 index 73bf065dc..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/server-podsecuritypolicy.yaml +++ /dev/null @@ -1,55 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if .Values.rbac.create }} -{{- if .Values.podSecurityPolicy.enabled }} -apiVersion: {{ template "prometheus.podSecurityPolicy.apiVersion" . }} -kind: PodSecurityPolicy -metadata: - name: {{ template "prometheus.server.fullname" . }} - labels: - {{- include "prometheus.server.labels" . | nindent 4 }} - annotations: -{{- if .Values.server.podSecurityPolicy.annotations }} -{{ toYaml .Values.server.podSecurityPolicy.annotations | indent 4 }} -{{- end }} -spec: - privileged: false - allowPrivilegeEscalation: false - allowedCapabilities: - - 'CHOWN' - volumes: - - 'configMap' - - 'persistentVolumeClaim' - - 'emptyDir' - - 'secret' - - 'hostPath' - allowedHostPaths: - - pathPrefix: /etc - readOnly: true - - pathPrefix: {{ .Values.server.persistentVolume.mountPath }} - {{- range .Values.server.extraHostPathMounts }} - - pathPrefix: {{ .hostPath }} - readOnly: {{ .readOnly }} - {{- end }} - hostNetwork: false - hostPID: false - hostIPC: false - runAsUser: - rule: 'RunAsAny' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - readOnlyRootFilesystem: false -{{- end }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/server-pvc.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/server-pvc.yaml deleted file mode 100644 index 22cb51afc..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/server-pvc.yaml +++ /dev/null @@ -1,36 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if .Values.server.enabled -}} -{{- if not .Values.server.statefulSet.enabled -}} -{{- if .Values.server.persistentVolume.enabled -}} -{{- if not .Values.server.persistentVolume.existingClaim -}} -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - {{- if .Values.server.persistentVolume.annotations }} - annotations: -{{ toYaml .Values.server.persistentVolume.annotations | indent 4 }} - {{- end }} - labels: - {{- include "prometheus.server.labels" . | nindent 4 }} - name: {{ template "prometheus.server.fullname" . }} -spec: - accessModes: -{{ toYaml .Values.server.persistentVolume.accessModes | indent 4 }} -{{- if .Values.server.persistentVolume.storageClass }} -{{- if (eq "-" .Values.server.persistentVolume.storageClass) }} - storageClassName: "" -{{- else }} - storageClassName: "{{ .Values.server.persistentVolume.storageClass }}" -{{- end }} -{{- end }} -{{- if .Values.server.persistentVolume.volumeBindingMode }} - volumeBindingModeName: "{{ .Values.server.persistentVolume.volumeBindingMode }}" -{{- end }} - resources: - requests: - storage: "{{ .Values.server.persistentVolume.size }}" -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/server-service-headless.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/server-service-headless.yaml deleted file mode 100644 index 018a75b79..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/server-service-headless.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if .Values.server.enabled -}} -{{- if .Values.server.statefulSet.enabled -}} -apiVersion: v1 -kind: Service -metadata: -{{- if .Values.server.statefulSet.headless.annotations }} - annotations: -{{ toYaml .Values.server.statefulSet.headless.annotations | indent 4 }} -{{- end }} - labels: - {{- include "prometheus.server.labels" . | nindent 4 }} -{{- if .Values.server.statefulSet.headless.labels }} -{{ toYaml .Values.server.statefulSet.headless.labels | indent 4 }} -{{- end }} - name: {{ template "prometheus.server.fullname" . }}-headless -spec: - clusterIP: None - ports: - - name: http - port: {{ .Values.server.statefulSet.headless.servicePort }} - protocol: TCP - targetPort: 9090 - selector: - {{- include "prometheus.server.matchLabels" . | nindent 4 }} -{{- end -}} -{{- end -}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/server-service.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/server-service.yaml deleted file mode 100644 index e03faf974..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/server-service.yaml +++ /dev/null @@ -1,61 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if .Values.server.enabled -}} -apiVersion: v1 -kind: Service -metadata: -{{- if .Values.server.service.annotations }} - annotations: -{{ toYaml .Values.server.service.annotations | indent 4 }} -{{- end }} - labels: - {{- include "prometheus.server.labels" . | nindent 4 }} -{{- if .Values.server.service.labels }} -{{ toYaml .Values.server.service.labels | indent 4 }} -{{- end }} - name: {{ template "prometheus.server.fullname" . }} -spec: -{{- if .Values.server.service.clusterIP }} - clusterIP: {{ .Values.server.service.clusterIP }} -{{- end }} -{{- if .Values.server.service.externalIPs }} - externalIPs: -{{ toYaml .Values.server.service.externalIPs | indent 4 }} -{{- end }} -{{- if .Values.server.service.loadBalancerIP }} - loadBalancerIP: {{ .Values.server.service.loadBalancerIP }} -{{- end }} -{{- if .Values.server.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: - {{- range $cidr := .Values.server.service.loadBalancerSourceRanges }} - - {{ $cidr }} - {{- end }} -{{- end }} - ports: - - name: http - port: {{ .Values.server.service.servicePort }} - protocol: TCP - targetPort: 9090 - {{- if .Values.server.service.nodePort }} - nodePort: {{ .Values.server.service.nodePort }} - {{- end }} - {{- if .Values.server.service.gRPC.enabled }} - - name: grpc - port: {{ .Values.server.service.gRPC.servicePort }} - protocol: TCP - targetPort: 10901 - {{- if .Values.server.service.gRPC.nodePort }} - nodePort: {{ .Values.server.service.gRPC.nodePort }} - {{- end }} - {{- end }} - selector: - {{- if and .Values.server.statefulSet.enabled .Values.server.service.statefulsetReplica.enabled }} - statefulset.kubernetes.io/pod-name: {{ .Release.Name }}-{{ .Values.server.name }}-{{ .Values.server.service.statefulsetReplica.replica }} - {{- else -}} - {{- include "prometheus.server.matchLabels" . | nindent 4 }} -{{- if .Values.server.service.sessionAffinity }} - sessionAffinity: {{ .Values.server.service.sessionAffinity }} -{{- end }} - {{- end }} - type: "{{ .Values.server.service.type }}" -{{- end -}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/server-serviceaccount.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/server-serviceaccount.yaml deleted file mode 100644 index 6cf017c20..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/server-serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if .Values.server.enabled -}} -{{- if .Values.serviceAccounts.server.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - {{- include "prometheus.server.labels" . | nindent 4 }} - name: {{ template "prometheus.serviceAccountName.server" . }} -{{- end }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/server-statefulset.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/server-statefulset.yaml deleted file mode 100644 index 9369ddf38..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/server-statefulset.yaml +++ /dev/null @@ -1,224 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if .Values.server.enabled -}} -{{- if .Values.server.statefulSet.enabled -}} -apiVersion: apps/v1 -kind: StatefulSet -metadata: -{{- if .Values.server.statefulSet.annotations }} - annotations: -{{ toYaml .Values.server.statefulSet.annotations | indent 4 }} -{{- end }} - labels: - {{- include "prometheus.server.labels" . | nindent 4 }} - {{- if .Values.server.statefulSet.labels}} - {{ toYaml .Values.server.statefulSet.labels | nindent 4 }} - {{- end}} - name: {{ template "prometheus.server.fullname" . }} -spec: - serviceName: {{ template "prometheus.server.fullname" . }}-headless - selector: - matchLabels: - {{- include "prometheus.server.matchLabels" . | nindent 6 }} - replicas: {{ .Values.server.replicaCount }} - podManagementPolicy: {{ .Values.server.statefulSet.podManagementPolicy }} - template: - metadata: - {{- if .Values.server.podAnnotations }} - annotations: -{{ toYaml .Values.server.podAnnotations | indent 8 }} - {{- end }} - labels: - {{- include "prometheus.server.labels" . | nindent 8 }} - {{- if .Values.server.statefulSet.labels}} - {{ toYaml .Values.server.statefulSet.labels | nindent 8 }} - {{- end}} - spec: -{{- if .Values.server.affinity }} - affinity: -{{ toYaml .Values.server.affinity | indent 8 }} -{{- end }} -{{- if .Values.server.priorityClassName }} - priorityClassName: "{{ .Values.server.priorityClassName }}" -{{- end }} -{{- if .Values.server.schedulerName }} - schedulerName: "{{ .Values.server.schedulerName }}" -{{- end }} - serviceAccountName: {{ template "prometheus.serviceAccountName.server" . }} - containers: - {{- if .Values.configmapReload.prometheus.enabled }} - - name: {{ template "prometheus.name" . }}-{{ .Values.server.name }}-{{ .Values.configmapReload.prometheus.name }} - image: "{{ .Values.configmapReload.prometheus.image.repository }}:{{ .Values.configmapReload.prometheus.image.tag }}" - imagePullPolicy: "{{ .Values.configmapReload.prometheus.image.pullPolicy }}" - args: - - --volume-dir=/etc/config - - --webhook-url=http://127.0.0.1:9090{{ .Values.server.prefixURL }}/-/reload - {{- range $key, $value := .Values.configmapReload.prometheus.extraArgs }} - - --{{ $key }}={{ $value }} - {{- end }} - {{- range .Values.configmapReload.prometheus.extraVolumeDirs }} - - --volume-dir={{ . }} - {{- end }} - resources: -{{ toYaml .Values.configmapReload.prometheus.resources | indent 12 }} - volumeMounts: - - name: config-volume - mountPath: /etc/config - readOnly: true - {{- range .Values.configmapReload.prometheus.extraConfigmapMounts }} - - name: {{ $.Values.configmapReload.prometheus.name }}-{{ .name }} - mountPath: {{ .mountPath }} - subPath: {{ .subPath }} - readOnly: {{ .readOnly }} - {{- end }} - {{- end }} - - name: {{ template "prometheus.name" . }}-{{ .Values.server.name }} - image: "{{ .Values.server.image.repository }}:{{ .Values.server.image.tag }}" - imagePullPolicy: "{{ .Values.server.image.pullPolicy }}" - {{- if .Values.server.env }} - env: -{{ toYaml .Values.server.env | indent 12}} - {{- end }} - args: - {{- if .Values.server.retention }} - - --storage.tsdb.retention.time={{ .Values.server.retention }} - {{- end }} - - --config.file={{ .Values.server.configPath }} - - --storage.tsdb.path={{ .Values.server.persistentVolume.mountPath }} - - --web.console.libraries=/etc/prometheus/console_libraries - - --web.console.templates=/etc/prometheus/consoles - {{- range .Values.server.extraFlags }} - - --{{ . }} - {{- end }} - {{- range $key, $value := .Values.server.extraArgs }} - - --{{ $key }}={{ $value }} - {{- end }} - {{- if .Values.server.baseURL }} - - --web.external-url={{ .Values.server.baseURL }} - {{- end }} - ports: - - containerPort: 9090 - readinessProbe: - httpGet: - path: {{ .Values.server.prefixURL }}/-/ready - port: 9090 - initialDelaySeconds: {{ .Values.server.readinessProbeInitialDelay }} - timeoutSeconds: {{ .Values.server.readinessProbeTimeout }} - livenessProbe: - httpGet: - path: {{ .Values.server.prefixURL }}/-/healthy - port: 9090 - initialDelaySeconds: {{ .Values.server.livenessProbeInitialDelay }} - timeoutSeconds: {{ .Values.server.livenessProbeTimeout }} - resources: -{{ toYaml .Values.server.resources | indent 12 }} - volumeMounts: - - name: config-volume - mountPath: /etc/config - - name: storage-volume - mountPath: {{ .Values.server.persistentVolume.mountPath }} - subPath: "{{ .Values.server.persistentVolume.subPath }}" - {{- range .Values.server.extraHostPathMounts }} - - name: {{ .name }} - mountPath: {{ .mountPath }} - subPath: {{ .subPath }} - readOnly: {{ .readOnly }} - {{- end }} - {{- range .Values.server.extraConfigmapMounts }} - - name: {{ $.Values.server.name }}-{{ .name }} - mountPath: {{ .mountPath }} - subPath: {{ .subPath }} - readOnly: {{ .readOnly }} - {{- end }} - {{- range .Values.server.extraSecretMounts }} - - name: {{ .name }} - mountPath: {{ .mountPath }} - subPath: {{ .subPath }} - readOnly: {{ .readOnly }} - {{- end }} - {{- if .Values.server.extraVolumeMounts }} - {{ toYaml .Values.server.extraVolumeMounts | nindent 12 }} - {{- end }} - {{- if .Values.server.sidecarContainers }} - {{- toYaml .Values.server.sidecarContainers | nindent 8 }} - {{- end }} - {{- if .Values.imagePullSecrets }} - imagePullSecrets: - {{ toYaml .Values.imagePullSecrets | indent 2 }} - {{- end }} - {{- if .Values.server.nodeSelector }} - nodeSelector: -{{ toYaml .Values.server.nodeSelector | indent 8 }} - {{- end }} - {{- if .Values.server.securityContext }} - securityContext: -{{ toYaml .Values.server.securityContext | indent 8 }} - {{- end }} - {{- if .Values.server.tolerations }} - tolerations: -{{ toYaml .Values.server.tolerations | indent 8 }} - {{- end }} - {{- if .Values.server.affinity }} - affinity: -{{ toYaml .Values.server.affinity | indent 8 }} - {{- end }} - terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }} - volumes: - - name: config-volume - configMap: - name: {{ if .Values.server.configMapOverrideName }}{{ .Release.Name }}-{{ .Values.server.configMapOverrideName }}{{- else }}{{ template "prometheus.server.fullname" . }}{{- end }} - {{- range .Values.server.extraHostPathMounts }} - - name: {{ .name }} - hostPath: - path: {{ .hostPath }} - {{- end }} - {{- range .Values.configmapReload.prometheus.extraConfigmapMounts }} - - name: {{ $.Values.configmapReload.prometheus.name }}-{{ .name }} - configMap: - name: {{ .configMap }} - {{- end }} - {{- range .Values.server.extraConfigmapMounts }} - - name: {{ $.Values.server.name }}-{{ .name }} - configMap: - name: {{ .configMap }} - {{- end }} - {{- range .Values.server.extraSecretMounts }} - - name: {{ .name }} - secret: - secretName: {{ .secretName }} - {{- end }} - {{- range .Values.configmapReload.prometheus.extraConfigmapMounts }} - - name: {{ .name }} - configMap: - name: {{ .configMap }} - {{- end }} -{{- if .Values.server.extraVolumes }} -{{ toYaml .Values.server.extraVolumes | indent 8}} -{{- end }} -{{- if .Values.server.persistentVolume.enabled }} - volumeClaimTemplates: - - metadata: - name: storage-volume - {{- if .Values.server.persistentVolume.annotations }} - annotations: -{{ toYaml .Values.server.persistentVolume.annotations | indent 10 }} - {{- end }} - spec: - accessModes: -{{ toYaml .Values.server.persistentVolume.accessModes | indent 10 }} - resources: - requests: - storage: "{{ .Values.server.persistentVolume.size }}" - {{- if .Values.server.persistentVolume.storageClass }} - {{- if (eq "-" .Values.server.persistentVolume.storageClass) }} - storageClassName: "" - {{- else }} - storageClassName: "{{ .Values.server.persistentVolume.storageClass }}" - {{- end }} - {{- end }} -{{- else }} - - name: storage-volume - emptyDir: {} -{{- end }} -{{- end }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/server-vpa.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/server-vpa.yaml deleted file mode 100644 index 8aec16ad5..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/templates/server-vpa.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if .Values.server.enabled -}} -{{- if .Values.server.verticalAutoscaler.enabled -}} -apiVersion: autoscaling.k8s.io/v1beta2 -kind: VerticalPodAutoscaler -metadata: - labels: - {{- include "prometheus.server.labels" . | nindent 4 }} - name: {{ template "prometheus.server.fullname" . }}-vpa -spec: - targetRef: -{{- if .Values.server.statefulSet.enabled }} - apiVersion: "apps/v1" - kind: StatefulSet -{{- else }} - apiVersion: "extensions/v1beta1" - kind: Deployment -{{- end }} - name: {{ template "prometheus.server.fullname" . }} - updatePolicy: - updateMode: {{ .Values.server.verticalAutoscaler.updateMode | default "Off" | quote }} - resourcePolicy: - containerPolicies: {{ .Values.server.verticalAutoscaler.containerPolicies | default list | toYaml | trim | nindent 4 }} -{{- end -}} {{/* if .Values.server.verticalAutoscaler.enabled */}} -{{- end -}} {{/* .Values.server.enabled */}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/values.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/values.yaml deleted file mode 100644 index 3d44e7f59..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/prometheus/values.yaml +++ /dev/null @@ -1,1387 +0,0 @@ -rbac: - create: true - -podSecurityPolicy: - enabled: false - -imagePullSecrets: -# - name: "image-pull-secret" - -## Define serviceAccount names for components. Defaults to component's fully qualified name. -## -serviceAccounts: - alertmanager: - create: true - name: - nodeExporter: - create: true - name: - pushgateway: - create: true - name: - server: - create: true - name: - -alertmanager: - ## If false, alertmanager will not be installed - ## - enabled: true - - strategy: - type: Recreate - rollingUpdate: null - - ## alertmanager container name - ## - name: alertmanager - - ## alertmanager container image - ## - image: - repository: prom/alertmanager - tag: v0.20.0 - pullPolicy: IfNotPresent - - ## alertmanager priorityClassName - ## - priorityClassName: "" - - ## Additional alertmanager container arguments - ## - extraArgs: {} - - ## The URL prefix at which the container can be accessed. Useful in the case the '-web.external-url' includes a slug - ## so that the various internal URLs are still able to access as they are in the default case. - ## (Optional) - prefixURL: "" - - ## External URL which can access alertmanager - baseURL: "http://localhost:9093" - - ## Additional alertmanager container environment variable - ## For instance to add a http_proxy - ## - extraEnv: {} - - ## Additional alertmanager Secret mounts - # Defines additional mounts with secrets. Secrets must be manually created in the namespace. - extraSecretMounts: [] - # - name: secret-files - # mountPath: /etc/secrets - # subPath: "" - # secretName: alertmanager-secret-files - # readOnly: true - - ## ConfigMap override where fullname is {{.Release.Name}}-{{.Values.alertmanager.configMapOverrideName}} - ## Defining configMapOverrideName will cause templates/alertmanager-configmap.yaml - ## to NOT generate a ConfigMap resource - ## - configMapOverrideName: "" - - ## The name of a secret in the same kubernetes namespace which contains the Alertmanager config - ## Defining configFromSecret will cause templates/alertmanager-configmap.yaml - ## to NOT generate a ConfigMap resource - ## - configFromSecret: "" - - ## The configuration file name to be loaded to alertmanager - ## Must match the key within configuration loaded from ConfigMap/Secret - ## - configFileName: alertmanager.yml - - ingress: - ## If true, alertmanager Ingress will be created - ## - enabled: false - - ## alertmanager Ingress annotations - ## - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: 'true' - - ## alertmanager Ingress additional labels - ## - extraLabels: {} - - ## alertmanager Ingress hostnames with optional path - ## Must be provided if Ingress is enabled - ## - hosts: [] - # - alertmanager.domain.com - # - domain.com/alertmanager - - ## Extra paths to prepend to every host configuration. This is useful when working with annotation based services. - extraPaths: [] - # - path: /* - # backend: - # serviceName: ssl-redirect - # servicePort: use-annotation - - ## alertmanager Ingress TLS configuration - ## Secrets must be manually created in the namespace - ## - tls: [] - # - secretName: prometheus-alerts-tls - # hosts: - # - alertmanager.domain.com - - ## Alertmanager Deployment Strategy type - # strategy: - # type: Recreate - - ## Node tolerations for alertmanager scheduling to nodes with taints - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - ## - tolerations: [] - # - key: "key" - # operator: "Equal|Exists" - # value: "value" - # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" - - ## Node labels for alertmanager pod assignment - ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - - ## Pod affinity - ## - affinity: {} - - ## PodDisruptionBudget settings - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ - ## - podDisruptionBudget: - enabled: false - maxUnavailable: 1 - - ## Use an alternate scheduler, e.g. "stork". - ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ - ## - # schedulerName: - - persistentVolume: - ## If true, alertmanager will create/use a Persistent Volume Claim - ## If false, use emptyDir - ## - enabled: true - - ## alertmanager data Persistent Volume access modes - ## Must match those of existing PV or dynamic provisioner - ## Ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ - ## - accessModes: - - ReadWriteOnce - - ## alertmanager data Persistent Volume Claim annotations - ## - annotations: {} - - ## alertmanager data Persistent Volume existing claim name - ## Requires alertmanager.persistentVolume.enabled: true - ## If defined, PVC must be created manually before volume will be bound - existingClaim: "" - - ## alertmanager data Persistent Volume mount root path - ## - mountPath: /data - - ## alertmanager data Persistent Volume size - ## - size: 2Gi - - ## alertmanager data Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - # storageClass: "-" - - ## alertmanager data Persistent Volume Binding Mode - ## If defined, volumeBindingMode: - ## If undefined (the default) or set to null, no volumeBindingMode spec is - ## set, choosing the default mode. - ## - # volumeBindingMode: "" - - ## Subdirectory of alertmanager data Persistent Volume to mount - ## Useful if the volume's root directory is not empty - ## - subPath: "" - - ## Annotations to be added to alertmanager pods - ## - podAnnotations: {} - ## Tell prometheus to use a specific set of alertmanager pods - ## instead of all alertmanager pods found in the same namespace - ## Useful if you deploy multiple releases within the same namespace - ## - ## prometheus.io/probe: alertmanager-teamA - - ## Labels to be added to Prometheus AlertManager pods - ## - podLabels: {} - - ## Specify if a Pod Security Policy for node-exporter must be created - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ - ## - podSecurityPolicy: - annotations: {} - ## Specify pod annotations - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl - ## - # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' - # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' - # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' - - ## Use a StatefulSet if replicaCount needs to be greater than 1 (see below) - ## - replicaCount: 1 - - statefulSet: - ## If true, use a statefulset instead of a deployment for pod management. - ## This allows to scale replicas to more than 1 pod - ## - enabled: false - - podManagementPolicy: OrderedReady - - ## Alertmanager headless service to use for the statefulset - ## - headless: - annotations: {} - labels: {} - - ## Enabling peer mesh service end points for enabling the HA alert manager - ## Ref: https://github.com/prometheus/alertmanager/blob/master/README.md - # enableMeshPeer : true - - servicePort: 80 - - ## alertmanager resource requests and limits - ## Ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## - resources: {} - # limits: - # cpu: 10m - # memory: 32Mi - # requests: - # cpu: 10m - # memory: 32Mi - - ## Security context to be added to alertmanager pods - ## - securityContext: - runAsUser: 65534 - runAsNonRoot: true - runAsGroup: 65534 - fsGroup: 65534 - - service: - annotations: {} - labels: {} - clusterIP: "" - - ## Enabling peer mesh service end points for enabling the HA alert manager - ## Ref: https://github.com/prometheus/alertmanager/blob/master/README.md - # enableMeshPeer : true - - ## List of IP addresses at which the alertmanager service is available - ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips - ## - externalIPs: [] - - loadBalancerIP: "" - loadBalancerSourceRanges: [] - servicePort: 80 - # nodePort: 30000 - sessionAffinity: None - type: ClusterIP - -## Monitors ConfigMap changes and POSTs to a URL -## Ref: https://github.com/jimmidyson/configmap-reload -## -configmapReload: - prometheus: - ## If false, the configmap-reload container will not be deployed - ## - enabled: true - - ## configmap-reload container name - ## - name: configmap-reload - - ## configmap-reload container image - ## - image: - repository: jimmidyson/configmap-reload - tag: v0.3.0 - pullPolicy: IfNotPresent - - ## Additional configmap-reload container arguments - ## - extraArgs: {} - ## Additional configmap-reload volume directories - ## - extraVolumeDirs: [] - - - ## Additional configmap-reload mounts - ## - extraConfigmapMounts: [] - # - name: prometheus-alerts - # mountPath: /etc/alerts.d - # subPath: "" - # configMap: prometheus-alerts - # readOnly: true - - - ## configmap-reload resource requests and limits - ## Ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## - resources: {} - alertmanager: - ## If false, the configmap-reload container will not be deployed - ## - enabled: true - - ## configmap-reload container name - ## - name: configmap-reload - - ## configmap-reload container image - ## - image: - repository: jimmidyson/configmap-reload - tag: v0.3.0 - pullPolicy: IfNotPresent - - ## Additional configmap-reload container arguments - ## - extraArgs: {} - ## Additional configmap-reload volume directories - ## - extraVolumeDirs: [] - - - ## Additional configmap-reload mounts - ## - extraConfigmapMounts: [] - # - name: prometheus-alerts - # mountPath: /etc/alerts.d - # subPath: "" - # configMap: prometheus-alerts - # readOnly: true - - - ## configmap-reload resource requests and limits - ## Ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## - resources: {} - -kubeStateMetrics: - ## If false, kube-state-metrics sub-chart will not be installed - ## Please see https://github.com/helm/charts/tree/master/stable/kube-state-metrics for configurable values - ## - enabled: true - -nodeExporter: - ## If false, node-exporter will not be installed - ## - enabled: true - - ## If true, node-exporter pods share the host network namespace - ## - hostNetwork: true - - ## If true, node-exporter pods share the host PID namespace - ## - hostPID: true - - ## node-exporter container name - ## - name: node-exporter - - ## node-exporter container image - ## - image: - repository: prom/node-exporter - tag: v0.18.1 - pullPolicy: IfNotPresent - - ## Specify if a Pod Security Policy for node-exporter must be created - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ - ## - podSecurityPolicy: - annotations: {} - ## Specify pod annotations - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl - ## - # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' - # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' - # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' - - ## node-exporter priorityClassName - ## - priorityClassName: "" - - ## Custom Update Strategy - ## - updateStrategy: - type: RollingUpdate - - ## Additional node-exporter container arguments - ## - extraArgs: {} - - ## Additional node-exporter hostPath mounts - ## - extraHostPathMounts: [] - # - name: textfile-dir - # mountPath: /srv/txt_collector - # hostPath: /var/lib/node-exporter - # readOnly: true - # mountPropagation: HostToContainer - - extraConfigmapMounts: [] - # - name: certs-configmap - # mountPath: /prometheus - # configMap: certs-configmap - # readOnly: true - - ## Node tolerations for node-exporter scheduling to nodes with taints - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - ## - tolerations: [] - # - key: "key" - # operator: "Equal|Exists" - # value: "value" - # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" - - ## Node labels for node-exporter pod assignment - ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - - ## Annotations to be added to node-exporter pods - ## - podAnnotations: {} - - ## Labels to be added to node-exporter pods - ## - pod: - labels: {} - - ## PodDisruptionBudget settings - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ - ## - podDisruptionBudget: - enabled: false - maxUnavailable: 1 - - ## node-exporter resource limits & requests - ## Ref: https://kubernetes.io/docs/user-guide/compute-resources/ - ## - resources: {} - # limits: - # cpu: 200m - # memory: 50Mi - # requests: - # cpu: 100m - # memory: 30Mi - - ## Security context to be added to node-exporter pods - ## - securityContext: {} - # runAsUser: 0 - - service: - annotations: - prometheus.io/scrape: "true" - labels: {} - - # Exposed as a headless service: - # https://kubernetes.io/docs/concepts/services-networking/service/#headless-services - clusterIP: None - - ## List of IP addresses at which the node-exporter service is available - ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips - ## - externalIPs: [] - - hostPort: 9100 - loadBalancerIP: "" - loadBalancerSourceRanges: [] - servicePort: 9100 - type: ClusterIP - -server: - ## Prometheus server container name - ## - enabled: true - name: server - sidecarContainers: - strategy: - type: Recreate - rollingUpdate: null - - ## Prometheus server container image - ## - image: - repository: prom/prometheus - tag: v2.17.2 - pullPolicy: IfNotPresent - - ## prometheus server priorityClassName - ## - priorityClassName: "" - - ## The URL prefix at which the container can be accessed. Useful in the case the '-web.external-url' includes a slug - ## so that the various internal URLs are still able to access as they are in the default case. - ## (Optional) - prefixURL: "" - - ## External URL which can access alertmanager - ## Maybe same with Ingress host name - baseURL: "" - - ## Additional server container environment variables - ## - ## You specify this manually like you would a raw deployment manifest. - ## This means you can bind in environment variables from secrets. - ## - ## e.g. static environment variable: - ## - name: DEMO_GREETING - ## value: "Hello from the environment" - ## - ## e.g. secret environment variable: - ## - name: USERNAME - ## valueFrom: - ## secretKeyRef: - ## name: mysecret - ## key: username - env: [] - - extraFlags: - - web.enable-lifecycle - ## web.enable-admin-api flag controls access to the administrative HTTP API which includes functionality such as - ## deleting time series. This is disabled by default. - # - web.enable-admin-api - ## - ## storage.tsdb.no-lockfile flag controls BD locking - # - storage.tsdb.no-lockfile - ## - ## storage.tsdb.wal-compression flag enables compression of the write-ahead log (WAL) - # - storage.tsdb.wal-compression - - ## Path to a configuration file on prometheus server container FS - configPath: /etc/config/prometheus.yml - - global: - ## How frequently to scrape targets by default - ## - scrape_interval: 1m - ## How long until a scrape request times out - ## - scrape_timeout: 10s - ## How frequently to evaluate rules - ## - evaluation_interval: 1m - ## https://prometheus.io/docs/prometheus/latest/configuration/configuration/#remote_write - ## - remoteWrite: {} - ## https://prometheus.io/docs/prometheus/latest/configuration/configuration/#remote_read - ## - remoteRead: {} - - ## Additional Prometheus server container arguments - ## - extraArgs: {} - - ## Additional InitContainers to initialize the pod - ## - extraInitContainers: [] - - ## Additional Prometheus server Volume mounts - ## - extraVolumeMounts: [] - - ## Additional Prometheus server Volumes - ## - extraVolumes: [] - - ## Additional Prometheus server hostPath mounts - ## - extraHostPathMounts: [] - # - name: certs-dir - # mountPath: /etc/kubernetes/certs - # subPath: "" - # hostPath: /etc/kubernetes/certs - # readOnly: true - - extraConfigmapMounts: [] - # - name: certs-configmap - # mountPath: /prometheus - # subPath: "" - # configMap: certs-configmap - # readOnly: true - - ## Additional Prometheus server Secret mounts - # Defines additional mounts with secrets. Secrets must be manually created in the namespace. - extraSecretMounts: [] - # - name: secret-files - # mountPath: /etc/secrets - # subPath: "" - # secretName: prom-secret-files - # readOnly: true - - ## ConfigMap override where fullname is {{.Release.Name}}-{{.Values.server.configMapOverrideName}} - ## Defining configMapOverrideName will cause templates/server-configmap.yaml - ## to NOT generate a ConfigMap resource - ## - configMapOverrideName: "" - - ingress: - ## If true, Prometheus server Ingress will be created - ## - enabled: false - - ## Prometheus server Ingress annotations - ## - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: 'true' - - ## Prometheus server Ingress additional labels - ## - extraLabels: {} - - ## Prometheus server Ingress hostnames with optional path - ## Must be provided if Ingress is enabled - ## - hosts: [] - # - prometheus.domain.com - # - domain.com/prometheus - - ## Extra paths to prepend to every host configuration. This is useful when working with annotation based services. - extraPaths: [] - # - path: /* - # backend: - # serviceName: ssl-redirect - # servicePort: use-annotation - - ## Prometheus server Ingress TLS configuration - ## Secrets must be manually created in the namespace - ## - tls: [] - # - secretName: prometheus-server-tls - # hosts: - # - prometheus.domain.com - - ## Server Deployment Strategy type - # strategy: - # type: Recreate - - ## Node tolerations for server scheduling to nodes with taints - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - ## - tolerations: [] - # - key: "key" - # operator: "Equal|Exists" - # value: "value" - # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" - - ## Node labels for Prometheus server pod assignment - ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - - ## Pod affinity - ## - affinity: {} - - ## PodDisruptionBudget settings - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ - ## - podDisruptionBudget: - enabled: false - maxUnavailable: 1 - - ## Use an alternate scheduler, e.g. "stork". - ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ - ## - # schedulerName: - - persistentVolume: - ## If true, Prometheus server will create/use a Persistent Volume Claim - ## If false, use emptyDir - ## - enabled: true - - ## Prometheus server data Persistent Volume access modes - ## Must match those of existing PV or dynamic provisioner - ## Ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ - ## - accessModes: - - ReadWriteOnce - - ## Prometheus server data Persistent Volume annotations - ## - annotations: {} - - ## Prometheus server data Persistent Volume existing claim name - ## Requires server.persistentVolume.enabled: true - ## If defined, PVC must be created manually before volume will be bound - existingClaim: "" - - ## Prometheus server data Persistent Volume mount root path - ## - mountPath: /data - - ## Prometheus server data Persistent Volume size - ## - size: 8Gi - - ## Prometheus server data Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - # storageClass: "-" - - ## Prometheus server data Persistent Volume Binding Mode - ## If defined, volumeBindingMode: - ## If undefined (the default) or set to null, no volumeBindingMode spec is - ## set, choosing the default mode. - ## - # volumeBindingMode: "" - - ## Subdirectory of Prometheus server data Persistent Volume to mount - ## Useful if the volume's root directory is not empty - ## - subPath: "" - - emptyDir: - sizeLimit: "" - - ## Annotations to be added to Prometheus server pods - ## - podAnnotations: {} - # iam.amazonaws.com/role: prometheus - - ## Labels to be added to Prometheus server pods - ## - podLabels: {} - - ## Prometheus AlertManager configuration - ## - alertmanagers: [] - - ## Specify if a Pod Security Policy for node-exporter must be created - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ - ## - podSecurityPolicy: - annotations: {} - ## Specify pod annotations - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl - ## - # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' - # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' - # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' - - ## Use a StatefulSet if replicaCount needs to be greater than 1 (see below) - ## - replicaCount: 1 - - statefulSet: - ## If true, use a statefulset instead of a deployment for pod management. - ## This allows to scale replicas to more than 1 pod - ## - enabled: false - - annotations: {} - labels: {} - podManagementPolicy: OrderedReady - - ## Alertmanager headless service to use for the statefulset - ## - headless: - annotations: {} - labels: {} - servicePort: 80 - - ## Prometheus server readiness and liveness probe initial delay and timeout - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ - ## - readinessProbeInitialDelay: 30 - readinessProbeTimeout: 30 - readinessProbeFailureThreshold: 3 - readinessProbeSuccessThreshold: 1 - livenessProbeInitialDelay: 30 - livenessProbeTimeout: 30 - livenessProbeFailureThreshold: 3 - livenessProbeSuccessThreshold: 1 - - ## Prometheus server resource requests and limits - ## Ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## - resources: {} - # limits: - # cpu: 500m - # memory: 512Mi - # requests: - # cpu: 500m - # memory: 512Mi - - ## Vertical Pod Autoscaler config - ## Ref: https://github.com/kubernetes/autoscaler/tree/master/vertical-pod-autoscaler - verticalAutoscaler: - ## If true a VPA object will be created for the controller (either StatefulSet or Deployemnt, based on above configs) - enabled: false - # updateMode: "Auto" - # containerPolicies: - # - containerName: 'prometheus-server' - - ## Security context to be added to server pods - ## - securityContext: - runAsUser: 65534 - runAsNonRoot: true - runAsGroup: 65534 - fsGroup: 65534 - - service: - annotations: {} - labels: {} - clusterIP: "" - - ## List of IP addresses at which the Prometheus server service is available - ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips - ## - externalIPs: [] - - loadBalancerIP: "" - loadBalancerSourceRanges: [] - servicePort: 80 - sessionAffinity: None - type: ClusterIP - - ## Enable gRPC port on service to allow auto discovery with thanos-querier - gRPC: - enabled: false - servicePort: 10901 - # nodePort: 10901 - - ## If using a statefulSet (statefulSet.enabled=true), configure the - ## service to connect to a specific replica to have a consistent view - ## of the data. - statefulsetReplica: - enabled: false - replica: 0 - - ## Prometheus server pod termination grace period - ## - terminationGracePeriodSeconds: 300 - - ## Prometheus data retention period (default if not specified is 15 days) - ## - retention: "15d" - -pushgateway: - ## If false, pushgateway will not be installed - ## - enabled: true - - ## Use an alternate scheduler, e.g. "stork". - ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ - ## - # schedulerName: - - ## pushgateway container name - ## - name: pushgateway - - ## pushgateway container image - ## - image: - repository: prom/pushgateway - tag: v1.0.1 - pullPolicy: IfNotPresent - - ## pushgateway priorityClassName - ## - priorityClassName: "" - - ## Additional pushgateway container arguments - ## - ## for example: persistence.file: /data/pushgateway.data - extraArgs: {} - - ingress: - ## If true, pushgateway Ingress will be created - ## - enabled: false - - ## pushgateway Ingress annotations - ## - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: 'true' - - ## pushgateway Ingress hostnames with optional path - ## Must be provided if Ingress is enabled - ## - hosts: [] - # - pushgateway.domain.com - # - domain.com/pushgateway - - ## Extra paths to prepend to every host configuration. This is useful when working with annotation based services. - extraPaths: [] - # - path: /* - # backend: - # serviceName: ssl-redirect - # servicePort: use-annotation - - ## pushgateway Ingress TLS configuration - ## Secrets must be manually created in the namespace - ## - tls: [] - # - secretName: prometheus-alerts-tls - # hosts: - # - pushgateway.domain.com - - ## Node tolerations for pushgateway scheduling to nodes with taints - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - ## - tolerations: [] - # - key: "key" - # operator: "Equal|Exists" - # value: "value" - # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" - - ## Node labels for pushgateway pod assignment - ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - - ## Annotations to be added to pushgateway pods - ## - podAnnotations: {} - - ## Specify if a Pod Security Policy for node-exporter must be created - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ - ## - podSecurityPolicy: - annotations: {} - ## Specify pod annotations - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl - ## - # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' - # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' - # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' - - replicaCount: 1 - - ## PodDisruptionBudget settings - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ - ## - podDisruptionBudget: - enabled: false - maxUnavailable: 1 - - ## pushgateway resource requests and limits - ## Ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## - resources: {} - # limits: - # cpu: 10m - # memory: 32Mi - # requests: - # cpu: 10m - # memory: 32Mi - - ## Security context to be added to push-gateway pods - ## - securityContext: - runAsUser: 65534 - runAsNonRoot: true - - service: - annotations: - prometheus.io/probe: pushgateway - labels: {} - clusterIP: "" - - ## List of IP addresses at which the pushgateway service is available - ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips - ## - externalIPs: [] - - loadBalancerIP: "" - loadBalancerSourceRanges: [] - servicePort: 9091 - type: ClusterIP - - strategy: - type: Recreate - rollingUpdate: null - - - persistentVolume: - ## If true, pushgateway will create/use a Persistent Volume Claim - ## If false, use emptyDir - ## - enabled: false - - ## pushgateway data Persistent Volume access modes - ## Must match those of existing PV or dynamic provisioner - ## Ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ - ## - accessModes: - - ReadWriteOnce - - ## pushgateway data Persistent Volume Claim annotations - ## - annotations: {} - - ## pushgateway data Persistent Volume existing claim name - ## Requires pushgateway.persistentVolume.enabled: true - ## If defined, PVC must be created manually before volume will be bound - existingClaim: "" - - ## pushgateway data Persistent Volume mount root path - ## - mountPath: /data - - ## pushgateway data Persistent Volume size - ## - size: 2Gi - - ## pushgateway data Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - # storageClass: "-" - - ## pushgateway data Persistent Volume Binding Mode - ## If defined, volumeBindingMode: - ## If undefined (the default) or set to null, no volumeBindingMode spec is - ## set, choosing the default mode. - ## - # volumeBindingMode: "" - - ## Subdirectory of pushgateway data Persistent Volume to mount - ## Useful if the volume's root directory is not empty - ## - subPath: "" - - -## alertmanager ConfigMap entries -## -alertmanagerFiles: - alertmanager.yml: - global: {} - # slack_api_url: '' - - receivers: - - name: default-receiver - # slack_configs: - # - channel: '@you' - # send_resolved: true - - route: - group_wait: 10s - group_interval: 5m - receiver: default-receiver - repeat_interval: 3h - -## Prometheus server ConfigMap entries -## -serverFiles: - - ## Alerts configuration - ## Ref: https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/ - alerting_rules.yml: {} - # groups: - # - name: Instances - # rules: - # - alert: InstanceDown - # expr: up == 0 - # for: 5m - # labels: - # severity: page - # annotations: - # description: '{{ $labels.instance }} of job {{ $labels.job }} has been down for more than 5 minutes.' - # summary: 'Instance {{ $labels.instance }} down' - ## DEPRECATED DEFAULT VALUE, unless explicitly naming your files, please use alerting_rules.yml - alerts: {} - - ## Records configuration - ## Ref: https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/ - recording_rules.yml: {} - ## DEPRECATED DEFAULT VALUE, unless explicitly naming your files, please use recording_rules.yml - rules: {} - - prometheus.yml: - rule_files: - - /etc/config/recording_rules.yml - - /etc/config/alerting_rules.yml - ## Below two files are DEPRECATED will be removed from this default values file - - /etc/config/rules - - /etc/config/alerts - - scrape_configs: - - job_name: prometheus - static_configs: - - targets: - - localhost:9090 - - # A scrape configuration for running Prometheus on a Kubernetes cluster. - # This uses separate scrape configs for cluster components (i.e. API server, node) - # and services to allow each to use different authentication configs. - # - # Kubernetes labels will be added as Prometheus labels on metrics via the - # `labelmap` relabeling action. - - - job_name: 'kubernetes-nodes-cadvisor' - - # Default to scraping over https. If required, just disable this or change to - # `http`. - scheme: https - - # This TLS & bearer token file config is used to connect to the actual scrape - # endpoints for cluster components. This is separate to discovery auth - # configuration because discovery & scraping are two separate concerns in - # Prometheus. The discovery auth config is automatic if Prometheus runs inside - # the cluster. Otherwise, more config options have to be provided within the - # . - tls_config: - ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - # If your node certificates are self-signed or use a different CA to the - # master CA, then disable certificate verification below. Note that - # certificate verification is an integral part of a secure infrastructure - # so this should only be disabled in a controlled environment. You can - # disable certificate verification by uncommenting the line below. - # - insecure_skip_verify: true - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - - kubernetes_sd_configs: - - role: node - - # This configuration will work only on kubelet 1.7.3+ - # As the scrape endpoints for cAdvisor have changed - # if you are using older version you need to change the replacement to - # replacement: /api/v1/nodes/$1:4194/proxy/metrics - # more info here https://github.com/coreos/prometheus-operator/issues/633 - relabel_configs: - - action: labelmap - regex: __meta_kubernetes_node_label_(.+) - - target_label: __address__ - replacement: kubernetes.default.svc:443 - - source_labels: [__meta_kubernetes_node_name] - regex: (.+) - target_label: __metrics_path__ - replacement: /api/v1/nodes/$1/proxy/metrics/cadvisor - - metric_relabel_configs: - - source_labels: [ __name__ ] - regex: (container_cpu_usage_seconds_total|container_memory_working_set_bytes|container_network_receive_errors_total|container_network_transmit_errors_total|container_network_receive_packets_dropped_total|container_network_transmit_packets_dropped_total|container_memory_usage_bytes|container_cpu_cfs_throttled_periods_total|container_cpu_cfs_periods_total|container_fs_usage_bytes|container_fs_limit_bytes|container_cpu_cfs_periods_total|container_fs_inodes_free|container_fs_inodes_total|container_fs_usage_bytes|container_fs_limit_bytes|container_cpu_cfs_throttled_periods_total|container_cpu_cfs_periods_total|container_network_receive_bytes_total|container_network_transmit_bytes_total|container_fs_inodes_free|container_fs_inodes_total|container_fs_usage_bytes|container_fs_limit_bytes|container_spec_cpu_shares|container_spec_memory_limit_bytes|container_network_receive_bytes_total|container_network_transmit_bytes_total|container_fs_reads_bytes_total|container_network_receive_bytes_total|container_fs_writes_bytes_total|container_fs_reads_bytes_total|cadvisor_version_info) - action: keep - - source_labels: [ container ] - target_label: container_name - regex: (.+) - action: replace - - source_labels: [ pod ] - target_label: pod_name - regex: (.+) - action: replace - - # Scrape config for service endpoints. - # - # The relabeling allows the actual service scrape endpoint to be configured - # via the following annotations: - # - # * `prometheus.io/scrape`: Only scrape services that have a value of `true` - # * `prometheus.io/scheme`: If the metrics endpoint is secured then you will need - # to set this to `https` & most likely set the `tls_config` of the scrape config. - # * `prometheus.io/path`: If the metrics path is not `/metrics` override this. - # * `prometheus.io/port`: If the metrics are exposed on a different port to the - # service then set this appropriately. - - job_name: 'kubernetes-service-endpoints' - - kubernetes_sd_configs: - - role: endpoints - - relabel_configs: - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape] - action: keep - regex: true - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme] - action: replace - target_label: __scheme__ - regex: (https?) - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path] - action: replace - target_label: __metrics_path__ - regex: (.+) - - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port] - action: replace - target_label: __address__ - regex: ([^:]+)(?::\d+)?;(\d+) - replacement: $1:$2 - - action: labelmap - regex: __meta_kubernetes_service_label_(.+) - - source_labels: [__meta_kubernetes_namespace] - action: replace - target_label: kubernetes_namespace - - source_labels: [__meta_kubernetes_service_name] - action: replace - target_label: kubernetes_name - - source_labels: [__meta_kubernetes_pod_node_name] - action: replace - target_label: kubernetes_node - metric_relabel_configs: - - source_labels: [ __name__ ] - regex: (container_cpu_allocation|container_cpu_usage_seconds_total|container_fs_limit_bytes|container_memory_allocation_bytes|container_memory_usage_bytes|container_memory_working_set_bytes|container_network_receive_bytes_total|container_network_transmit_bytes_total|deployment_match_labels|kube_deployment_spec_replicas|kube_deployment_status_replicas_available|kube_job_status_failed|kube_namespace_annotations|kube_namespace_labels|kube_node_info|kube_node_labels|kube_node_status_capacity_cpu_cores|kube_node_status_capacity_memory_bytes|kube_node_status_condition|kube_persistentvolume_capacity_bytes|kube_persistentvolume_status_phase|kube_persistentvolumeclaim_info|kube_persistentvolumeclaim_resource_requests_storage_bytes|kube_persistentvolumeclaim_resource_requests_storage_bytes|container_memory_allocation_bytes|kube_pod_container_resource_limits_cpu_cores|kube_pod_container_resource_limits_memory_bytes|kube_pod_container_resource_requests_cpu_cores|kube_pod_container_resource_requests_cpu_cores|container_cpu_usage_seconds_total|kube_pod_container_resource_requests_memory_bytes|kube_pod_container_resource_requests_memory_bytes|kube_node_status_capacity_memory_bytes|kube_pod_container_resource_requests|kube_pod_container_status_restarts_total|kube_pod_container_status_running|kube_pod_container_status_terminated_reason|kube_pod_labels|kube_pod_owner|kube_pod_status_phase|kubecost_cluster_memory_working_set_bytes|kubecost_pod_network_egress_bytes_total|node_cpu_hourly_cost|node_cpu_seconds_total|node_disk_reads_completed|node_disk_reads_completed_total|node_disk_writes_completed|node_disk_writes_completed_total|node_filesystem_device_error|node_gpu_hourly_cost|node_memory_Buffers_bytes|node_memory_Cached_bytes|node_memory_MemAvailable_bytes|node_memory_MemFree_bytes|node_memory_MemTotal_bytes|node_network_transmit_bytes_total|node_ram_hourly_cost|pod_pvc_allocation|pv_hourly_cost|service_selector_labels|statefulSet_match_labels|up|kube_node_status_allocatable_cpu_cores|kube_node_status_allocatable_memory_bytes|container_fs_writes_bytes_total|kube_deployment_status_replicas|kube_statefulset_replicas|kube_daemonset_status_desired_number_scheduled|kube_deployment_status_replicas_available|kube_statefulset_status_replicas|kube_daemonset_status_number_ready|kube_deployment_status_replicas|kube_statefulset_replicas|kube_daemonset_status_desired_number_scheduled|kube_replicaset_owner|kube_pod_container_info) - action: keep - - # Scrape config for slow service endpoints; same as above, but with a larger - # timeout and a larger interval - # - # The relabeling allows the actual service scrape endpoint to be configured - # via the following annotations: - # - # * `prometheus.io/scrape-slow`: Only scrape services that have a value of `true` - # * `prometheus.io/scheme`: If the metrics endpoint is secured then you will need - # to set this to `https` & most likely set the `tls_config` of the scrape config. - # * `prometheus.io/path`: If the metrics path is not `/metrics` override this. - # * `prometheus.io/port`: If the metrics are exposed on a different port to the - # service then set this appropriately. - - job_name: 'kubernetes-service-endpoints-slow' - - scrape_interval: 5m - scrape_timeout: 30s - - kubernetes_sd_configs: - - role: endpoints - - relabel_configs: - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape_slow] - action: keep - regex: true - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme] - action: replace - target_label: __scheme__ - regex: (https?) - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path] - action: replace - target_label: __metrics_path__ - regex: (.+) - - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port] - action: replace - target_label: __address__ - regex: ([^:]+)(?::\d+)?;(\d+) - replacement: $1:$2 - - action: labelmap - regex: __meta_kubernetes_service_label_(.+) - - source_labels: [__meta_kubernetes_namespace] - action: replace - target_label: kubernetes_namespace - - source_labels: [__meta_kubernetes_service_name] - action: replace - target_label: kubernetes_name - - source_labels: [__meta_kubernetes_pod_node_name] - action: replace - target_label: kubernetes_node - - - job_name: 'prometheus-pushgateway' - honor_labels: true - - kubernetes_sd_configs: - - role: service - - relabel_configs: - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_probe] - action: keep - regex: pushgateway - - # Example scrape config for probing services via the Blackbox Exporter. - # - # The relabeling allows the actual service scrape endpoint to be configured - # via the following annotations: - # - # * `prometheus.io/probe`: Only probe services that have a value of `true` - - job_name: 'kubernetes-services' - - metrics_path: /probe - params: - module: [http_2xx] - - kubernetes_sd_configs: - - role: service - - relabel_configs: - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_probe] - action: keep - regex: true - - source_labels: [__address__] - target_label: __param_target - - target_label: __address__ - replacement: blackbox - - source_labels: [__param_target] - target_label: instance - - action: labelmap - regex: __meta_kubernetes_service_label_(.+) - - source_labels: [__meta_kubernetes_namespace] - target_label: kubernetes_namespace - - source_labels: [__meta_kubernetes_service_name] - target_label: kubernetes_name - -# adds additional scrape configs to prometheus.yml -# must be a string so you have to add a | after extraScrapeConfigs: -# example adds prometheus-blackbox-exporter scrape config -extraScrapeConfigs: - # - job_name: 'prometheus-blackbox-exporter' - # metrics_path: /probe - # params: - # module: [http_2xx] - # static_configs: - # - targets: - # - https://example.com - # relabel_configs: - # - source_labels: [__address__] - # target_label: __param_target - # - source_labels: [__param_target] - # target_label: instance - # - target_label: __address__ - # replacement: prometheus-blackbox-exporter:9115 - -# Adds option to add alert_relabel_configs to avoid duplicate alerts in alertmanager -# useful in H/A prometheus with different external labels but the same alerts -alertRelabelConfigs: - # alert_relabel_configs: - # - source_labels: [dc] - # regex: (.+)\d+ - # target_label: dc - -networkPolicy: - ## Enable creation of NetworkPolicy resources. - ## - enabled: false diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/.helmignore b/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/.helmignore deleted file mode 100644 index f0c131944..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/Chart.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/Chart.yaml deleted file mode 100644 index bf76cbf27..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/Chart.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -appVersion: 0.15.0 -description: Thanos is a set of components that can be composed into a highly available - metric system with unlimited storage capacity, which can be added seamlessly on - top of existing Prometheus deployments. -icon: https://raw.githubusercontent.com/thanos-io/thanos/master/website/static/Thanos-logo_full.svg -keywords: -- thanos -- prometheus -- metrics -maintainers: -- email: info@banzaicloud.com - name: Banzai Cloud -name: thanos -sources: -- https://github.com/thanos-io/thanos -- https://github.com/banzaicloud/banzai-charts/tree/master/thanos -version: 0.15.0 diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/requirements.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/requirements.yaml deleted file mode 100644 index e69de29bb..000000000 diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/NOTES.txt b/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/NOTES.txt deleted file mode 100644 index e69de29bb..000000000 diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/_helpers.tpl b/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/_helpers.tpl deleted file mode 100644 index 7b5fb57d8..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/_helpers.tpl +++ /dev/null @@ -1,51 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "thanos.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "thanos.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "thanos.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - - -{{/* -Create a default fully qualified component name from the full app name and a component name. -We truncate the full name at 63 - 1 (last dash) - len(component name) chars because some Kubernetes name fields are limited to this (by the DNS naming spec) -and we want to make sure that the component is included in the name. -*/}} -{{- define "thanos.componentname" -}} -{{- $global := index . 0 -}} -{{- $component := index . 1 | trimPrefix "-" -}} -{{- printf "%s-%s" (include "thanos.fullname" $global | trunc (sub 62 (len $component) | int) | trimSuffix "-" ) $component | trimSuffix "-" -}} -{{- end -}} - -{{/* - -*/}} -{{- define "thanos.secretname" }} -{{- default (include "thanos.name" .) .Values.storeSecretName }} -{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/bucket-deployment.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/bucket-deployment.yaml deleted file mode 100644 index e8757af68..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/bucket-deployment.yaml +++ /dev/null @@ -1,87 +0,0 @@ -{{ if .Values.global.thanos.enabled }} -{{ if .Values.bucket.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "thanos.componentname" (list $ "bucket") }} - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: bucket -{{ with .Values.bucket.deploymentLabels }}{{ toYaml . | indent 4 }}{{ end -}} - {{- with .Values.bucket.deploymentAnnotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} -spec: - replicas: {{ .Values.bucket.replicaCount | default 1 }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: bucket -{{ with .Values.bucket.deploymentMatchLabels }}{{ toYaml . | indent 6 }}{{ end }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: bucket -{{ with .Values.bucket.labels }}{{ toYaml . | indent 8 }}{{ end }} - {{- with .Values.bucket.annotations }} - annotations: {{ toYaml . | nindent 8 }} - {{- end }} - spec: - containers: - - name: thanos-bucket - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - env: {{- with .Values.bucket.extraEnv }}{{ toYaml . | nindent 8 }}{{- end }} - args: - - "tools" - - "bucket" - - "web" - - "--log.level={{ .Values.bucket.logLevel }}" - - "--http-address=0.0.0.0:{{ .Values.bucket.http.port }}" - - "--objstore.config-file=/etc/config/object-store.yaml" - {{- if .Values.bucket.refresh }} - - "--refresh={{ .Values.bucket.refresh }}" - {{- end }} - {{- if .Values.bucket.timeout }} - - "--timeout={{ .Values.bucket.timeout }}" - {{- end }} - {{- if .Values.bucket.label }} - - "--label={{ .Values.bucket.label }}" - {{- end }} - {{ with .Values.bucket.extraArgs }}{{ toYaml . | nindent 8 }}{{- end }} - ports: - - name: http - containerPort: {{ .Values.bucket.http.port }} - volumeMounts: - - name: config-volume - mountPath: /etc/config - readOnly: true - resources: {{ toYaml .Values.bucket.resources | nindent 10 }} - volumes: - - name: config-volume - secret: - secretName: {{ include "thanos.secretname" . }} - {{- with .Values.bucket.securityContext }} - securityContext: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.bucket.nodeSelector }} - nodeSelector: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.bucket.affinity }} - affinity: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.bucket.tolerations }} - tolerations: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.bucket.serviceAccount }} - serviceAccountName: "{{ . }}" - {{- end }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/bucket-ingress.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/bucket-ingress.yaml deleted file mode 100644 index 28b037bda..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/bucket-ingress.yaml +++ /dev/null @@ -1,42 +0,0 @@ -{{ if .Values.global.thanos.enabled }} -{{ if and .Values.bucket.enabled .Values.bucket.http.ingress.enabled }} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: {{ include "thanos.componentname" (list $ "bucket") }} - {{- with .Values.bucket.http.ingress.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: bucket - {{- if .Values.bucket.http.ingress.labels }} -{{ toYaml .Values.bucket.http.ingress.labels | indent 4 }} - {{- end }} -spec: - {{- if .Values.bucket.http.ingress.tls }} - tls: - {{- range .Values.bucket.http.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} - {{- end }} - rules: - {{- range .Values.bucket.http.ingress.hosts }} - - host: {{ . }} - http: - paths: - - path: {{ $.Values.bucket.http.ingress.path }} - backend: - serviceName: {{ include "thanos.componentname" (list $ "bucket") }} - servicePort: {{ $.Values.bucket.http.port }} - {{- end }} -{{ end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/bucket-poddisruptionbudget.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/bucket-poddisruptionbudget.yaml deleted file mode 100644 index fb3fd1cb7..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/bucket-poddisruptionbudget.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{ if .Values.global.thanos.enabled }} -{{- if and .Values.bucket.enabled .Values.bucket.podDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ include "thanos.componentname" (list $ "bucket") }} - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ $.Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: bucket -{{ with .Values.bucket.deploymentLabels }}{{ toYaml . | indent 4 }}{{ end }} -spec: - {{- if .Values.bucket.podDisruptionBudget.minAvailable }} - minAvailable: {{ .Values.bucket.podDisruptionBudget.minAvailable }} - {{- end }} - {{- if .Values.bucket.podDisruptionBudget.maxUnavailable }} - maxUnavailable: {{ .Values.bucket.podDisruptionBudget.maxUnavailable }} - {{- end }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - app.kubernetes.io/component: bucket -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/bucket-service.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/bucket-service.yaml deleted file mode 100644 index 0d56d8a2b..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/bucket-service.yaml +++ /dev/null @@ -1,30 +0,0 @@ -{{ if .Values.global.thanos.enabled }} -{{ if .Values.bucket.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "thanos.componentname" (list $ "bucket") }} - {{- with .Values.bucket.http.service.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ $.Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: bucket -{{ with .Values.bucket.http.service.labels }}{{ toYaml . | indent 4 }}{{ end }} -spec: - ports: - - port: {{ .Values.bucket.http.port }} - protocol: TCP - targetPort: http - name: http - selector: - app.kubernetes.io/name: {{ include "thanos.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: bucket -{{ with .Values.bucket.http.service.matchLabels }}{{ toYaml . | indent 4 }}{{ end }} -{{ end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/compact-deployment.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/compact-deployment.yaml deleted file mode 100644 index a5b0347ad..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/compact-deployment.yaml +++ /dev/null @@ -1,108 +0,0 @@ -{{ if .Values.global.thanos.enabled }} -{{ if .Values.compact.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "thanos.componentname" (list $ "compact") }} - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: compact -{{ with .Values.compact.deploymentLabels }}{{ toYaml . | indent 4 }}{{ end -}} - {{- with .Values.compact.deploymentAnnotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} -spec: - replicas: {{ .Values.compact.replicaCount | default 1 }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: compact -{{ with .Values.compact.deploymentMatchLabels }}{{ toYaml . | indent 6 }}{{ end }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: compact -{{ with .Values.compact.labels }}{{ toYaml . | indent 8 }}{{ end }} - {{- with .Values.compact.annotations }} - annotations: {{ toYaml . | nindent 8 }} - {{- end }} - {{- if .Values.compact.metrics.annotations.enabled }} - prometheus.io/scrape: "true" - prometheus.io/port: "{{ .Values.compact.http.port }}" - {{- end }} - spec: - containers: - - name: thanos-compact - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - env: {{- with .Values.compact.extraEnv }}{{ toYaml . | nindent 8 }}{{- end }} - args: - - "compact" - - "--log.level={{ .Values.compact.logLevel }}" - - "--http-address=0.0.0.0:{{ .Values.compact.http.port }}" - - "--objstore.config-file=/etc/config/object-store.yaml" - - "--data-dir=/var/thanos/compact" - - "--consistency-delay={{ .Values.compact.consistencyDelay }}" - - "--retention.resolution-raw={{ .Values.compact.retentionResolutionRaw }}" - - "--retention.resolution-5m={{ .Values.compact.retentionResolution5m }}" - - "--retention.resolution-1h={{ .Values.compact.retentionResolution1h }}" - - "--block-sync-concurrency={{ .Values.compact.blockSyncConcurrency }}" - - "--compact.concurrency={{ .Values.compact.compactConcurrency }}" -{{- if .Values.compact.disableDownsampling }} - - "--downsampling.disable" -{{- end }} - - "--wait" -{{ with .Values.compact.extraArgs }}{{ toYaml . | indent 8 }}{{- end }} - ports: - - name: http - containerPort: {{ .Values.compact.http.port }} - volumeMounts: - - name: config-volume - mountPath: /etc/config - readOnly: true - - name: data-volume - mountPath: /var/thanos/compact - resources: {{ toYaml .Values.compact.resources | nindent 10 }} - volumes: - - name: data-volume - {{- if .Values.compact.dataVolume }} - {{- if .Values.compact.dataVolume.persistentVolumeClaim }} - {{- if .Values.compact.dataVolume.persistentVolumeClaim.claimName }} - persistentVolumeClaim: - claimName: {{ .Values.compact.dataVolume.persistentVolumeClaim.claimName }} - {{- else }} - emptyDir: {} - {{- end }} - {{- else }} - emptyDir: {} - {{- end }} - {{- else }} - emptyDir: {} - {{- end }} - - name: config-volume - secret: - secretName: {{ include "thanos.secretname" . }} - {{- with .Values.compact.securityContext }} - securityContext: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.compact.nodeSelector }} - nodeSelector: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.compact.affinity }} - affinity: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.compact.tolerations }} - tolerations: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.compact.serviceAccount }} - serviceAccountName: "{{ . }}" - {{- end }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/compact-pvc.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/compact-pvc.yaml deleted file mode 100644 index f6b33e491..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/compact-pvc.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{ if .Values.global.thanos.enabled }} -{{- if .Values.compact.enabled }} -{{- if .Values.compact.dataVolume -}} -{{- if .Values.compact.dataVolume.persistentVolumeClaim -}} -{{- if .Values.compact.dataVolume.persistentVolumeClaim.claimName -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ .Values.compact.dataVolume.persistentVolumeClaim.claimName }} -spec: - accessModes: - - ReadWriteOnce - {{- if .Values.compact.dataVolume.persistentVolumeClaim.storageClass }} - storageClassName: {{ .Values.compact.dataVolume.persistentVolumeClaim.storageClass }} - {{- end }} - resources: - requests: - {{- if .Values.compact.dataVolume.persistentVolumeClaim.storage }} - storage: {{ .Values.compact.dataVolume.persistentVolumeClaim.storage }} - {{- else }} - storage: 100Gi - {{- end }} -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/compact-service.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/compact-service.yaml deleted file mode 100644 index 080821849..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/compact-service.yaml +++ /dev/null @@ -1,30 +0,0 @@ -{{ if .Values.global.thanos.enabled }} -{{ if .Values.compact.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "thanos.componentname" (list $ "compact") }} - {{- with .Values.compact.http.service.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ $.Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: compact -{{ with .Values.compact.http.service.labels }}{{ toYaml . | indent 4 }}{{ end }} -spec: - ports: - - port: {{ .Values.compact.http.port }} - protocol: TCP - targetPort: http - name: http - selector: - app.kubernetes.io/name: {{ include "thanos.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: compact -{{ with .Values.compact.http.service.matchLabels }}{{ toYaml . | indent 4 }}{{ end }} -{{ end}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/compact-servicemonitor.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/compact-servicemonitor.yaml deleted file mode 100644 index bc224d802..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/compact-servicemonitor.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{ if .Values.global.thanos.enabled }} -{{- if and .Values.compact.enabled .Values.compact.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "thanos.componentname" (list $ "compact") }} - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: compact -{{ with .Values.compact.metrics.serviceMonitor.labels }}{{ toYaml . | indent 4 }}{{ end }} -spec: - jobLabel: thanos-compact - selector: - matchLabels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: compact - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} - endpoints: - - port: http - interval: {{ .Values.compact.metrics.serviceMonitor.interval | default "15s" }} - {{- with .Values.compact.metrics.serviceMonitor.relabellings }} - metricRelabelings: {{ toYaml . | nindent 8 }} - {{- end }} -{{- end -}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/query-deployment.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/query-deployment.yaml deleted file mode 100644 index 74e96d09c..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/query-deployment.yaml +++ /dev/null @@ -1,148 +0,0 @@ -{{ if .Values.global.thanos.enabled }} -{{ if .Values.query.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "thanos.componentname" (list $ "query") }} - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: query -{{ with .Values.query.deploymentLabels }}{{ toYaml . | indent 4 }}{{ end }} - {{- with .Values.query.deploymentAnnotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} -spec: -{{- if not .Values.query.autoscaling.enabled }} - replicas: {{ .Values.query.replicaCount | default 1 }} -{{- end }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: query -{{ with .Values.query.deploymentMatchLabels }}{{ toYaml . | indent 6 }}{{ end }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: query -{{ with .Values.query.labels }}{{ toYaml . | indent 8 }}{{ end }} - {{- with .Values.query.annotations }} - annotations: {{ toYaml . | nindent 8 }} - {{- end }} - {{- if .Values.query.metrics.annotations.enabled }} - prometheus.io/scrape: "true" - prometheus.io/port: "{{ .Values.query.http.port }}" - {{- end }} - spec: - containers: - - name: thanos-query - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - args: - - "query" - - "--log.level={{ .Values.query.logLevel }}" - - "--grpc-address=0.0.0.0:{{ .Values.query.grpc.port }}" - - "--http-address=0.0.0.0:{{ .Values.query.http.port }}" - - "--query.timeout={{ .Values.query.timeout }}" - - "--query.max-concurrent={{ .Values.query.maxConcurrent }}" - {{- if .Values.query.autoDownsampling }} - - "--query.auto-downsampling" - {{- end }} - {{- if .Values.query.replicaLabel }} - - "--query.replica-label={{ .Values.query.replicaLabel }}" - {{- end }} - {{- if .Values.query.webRoutePrefix }} - - "--web.route-prefix={{ .Values.query.webRoutePrefix }}" - {{- end }} - {{- if .Values.query.webExternalPrefix }} - - "--web.external-prefix={{ .Values.query.webExternalPrefix }}" - {{- end }} - {{- if .Values.query.webPrefixHeader }} - - "--web.prefix-header={{ .Values.query.webPrefixHeader }}" - {{- end }} - {{- if .Values.query.storeDNSResolver }} - - "--store.sd-dns-resolver={{ .Values.query.storeDNSResolver }}" - {{- end }} - {{- if .Values.query.storeDNSDiscovery }} - - "--store=dnssrv+_grpc._tcp.{{ include "thanos.componentname" (list $ "store") }}-grpc.{{ .Release.Namespace }}.svc" - {{- end }} - {{- if .Values.query.sidecarDNSDiscovery }} - - "--store=dnssrv+_grpc._tcp.{{ include "thanos.componentname" (list $ "sidecar") }}-grpc.{{ .Release.Namespace }}.svc" - {{- end }} - {{- range .Values.query.stores }} - - "--store={{ . }}" - {{- end }} - {{- range .Values.query.serviceDiscoveryFiles }} - - "--store.sd-files={{ . }}" - {{- end }} - {{- range .Values.query.serviceDiscoveryFileConfigMaps }} - - "--store.sd-files=/etc/query/{{ . }}/*.yaml" - - "--store.sd-files=/etc/query/{{ . }}/*.yml" - - "--store.sd-files=/etc/query/{{ . }}/*.json" - {{- end }} - {{- if .Values.query.serviceDiscoveryInterval }} - - "--store.sd-interval={{ .Values.query.serviceDiscoveryInterval }}" - {{- end }} - - {{- if .Values.query.extraArgs }} - {{ toYaml .Values.query.extraArgs | nindent 8 }} - {{- end }} - ports: - - name: http - containerPort: {{ .Values.query.http.port }} - - name: grpc - containerPort: {{ .Values.query.grpc.port }} - resources: - {{ toYaml .Values.query.resources | nindent 10 }} - env: - {{- toYaml .Values.query.extraEnv | nindent 10 }} - volumeMounts: - {{- range .Values.query.serviceDiscoveryFileConfigMaps }} - - mountPath: /etc/query/{{ . }} - name: {{ . }} - {{- end }} - {{- if .Values.query.certSecretName }} - - mountPath: /etc/certs - name: {{ .Values.query.certSecretName }} - readOnly: true - {{- end }} - livenessProbe: - httpGet: - path: /-/healthy - port: http - volumes: - {{- range .Values.query.serviceDiscoveryFileConfigMaps }} - - name: {{ . }} - configMap: - defaultMode: 420 - name: {{ . }} - {{- end }} - {{- if .Values.query.certSecretName }} - - name: {{ .Values.query.certSecretName }} - secret: - defaultMode: 420 - secretName: {{ .Values.query.certSecretName }} - {{- end }} - {{- with .Values.query.securityContext }} - securityContext: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.query.nodeSelector }} - nodeSelector: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.query.affinity }} - affinity: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.query.tolerations }} - tolerations: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.query.serviceAccount }} - serviceAccountName: "{{ . }}" - {{- end }} -{{ end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/query-frontend-deployment.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/query-frontend-deployment.yaml deleted file mode 100644 index 05c32682d..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/query-frontend-deployment.yaml +++ /dev/null @@ -1,122 +0,0 @@ -{{ if .Values.global.thanos.enabled }} -{{ if .Values.queryFrontend.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "thanos.componentname" (list $ "query-frontend") }} - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: query-frontend -{{ with .Values.queryFrontend.deploymentLabels }}{{ toYaml . | indent 4 }}{{ end }} - {{- with .Values.queryFrontend.deploymentAnnotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} -spec: -{{- if not .Values.queryFrontend.autoscaling.enabled }} - replicas: {{ .Values.queryFrontend.replicaCount | default 1 }} -{{- end }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: query-frontend -{{ with .Values.queryFrontend.deploymentMatchLabels }}{{ toYaml . | indent 6 }}{{ end }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: query-frontend -{{ with .Values.queryFrontend.labels }}{{ toYaml . | indent 8 }}{{ end }} - {{- with .Values.queryFrontend.annotations }} - annotations: {{ toYaml . | nindent 8 }} - {{- end }} - {{- if .Values.queryFrontend.metrics.annotations.enabled }} - prometheus.io/scrape: "true" - prometheus.io/port: "{{ .Values.queryFrontend.http.port }}" - {{- end }} - spec: - containers: - - name: thanos-query-frontend - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - args: - - "query-frontend" - - "--log.level={{ .Values.queryFrontend.logLevel }}" - - "--http-address=0.0.0.0:{{ .Values.queryFrontend.http.port }}" - - "--query-frontend.downstream-url=http://{{ include "thanos.componentname" (list $ "query") }}-http.{{ .Release.Namespace }}:{{ .Values.query.http.port }}" - - "--query-range.split-interval={{ .Values.queryFrontend.splitInterval }}" - - "--query-range.max-retries-per-request={{ .Values.queryFrontend.maxRetriesPerRequest }}" - - "--query-range.max-query-length={{ .Values.queryFrontend.maxQueryLength }}" - - "--query-range.max-query-parallelism={{ .Values.queryFrontend.maxQueryParallelism }}" - - "--query-range.response-cache-max-freshness={{ .Values.queryFrontend.responseCacheMaxFreshness }}" - {{- if .Values.queryFrontend.responseCache.enabled }} - {{- with .Values.queryFrontend.responseCache }} - - |- - --query-range.response-cache-config= - config: - max_size: {{ quote .maxSize }} - max_size_items: {{ .maxSizeItems }} - validity: {{ quote .validity }} - type: "in-memory" - {{- end }} - {{- else if .Values.queryFrontend.responseCacheConfigFile }} - - "--query-range.response-cache-config-file={{ .Values.queryFrontend.responseCacheConfigFile }}" - {{- else if .Values.queryFrontend.responseCacheConfig }} - - |- - --query-range.response-cache-config={{ toYaml .Values.queryFrontend.responseCacheConfig | nindent 12 }} - {{- end }} - {{- if .Values.queryFrontend.compressResponses }} - - "--query-frontend.compress-responses" - {{- end }} - {{- if .Values.queryFrontend.partialResponse }} - - "--query-range.partial-response" - {{- end }} - {{- if .Values.queryFrontend.extraArgs }} - {{ toYaml .Values.queryFrontend.extraArgs | nindent 8 }} - {{- end }} - ports: - - name: http - containerPort: {{ .Values.queryFrontend.http.port }} - resources: - {{ toYaml .Values.queryFrontend.resources | nindent 10 }} - env: - {{- toYaml .Values.queryFrontend.extraEnv | nindent 10 }} - volumeMounts: - {{- if .Values.queryFrontend.certSecretName }} - - mountPath: /etc/certs - name: {{ .Values.queryFrontend.certSecretName }} - readOnly: true - {{- end }} - livenessProbe: - httpGet: - path: /-/healthy - port: http - volumes: - {{- if .Values.queryFrontend.certSecretName }} - - name: {{ .Values.queryFrontend.certSecretName }} - secret: - defaultMode: 420 - secretName: {{ .Values.queryFrontend.certSecretName }} - {{- end }} - {{- with .Values.queryFrontend.securityContext }} - securityContext: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.queryFrontend.nodeSelector }} - nodeSelector: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.queryFrontend.affinity }} - affinity: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.queryFrontend.tolerations }} - tolerations: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.queryFrontend.serviceAccount }} - serviceAccountName: "{{ . }}" - {{- end }} -{{ end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/query-frontend-horizontalpodautoscaler.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/query-frontend-horizontalpodautoscaler.yaml deleted file mode 100644 index 3d08e459b..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/query-frontend-horizontalpodautoscaler.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{ if .Values.global.thanos.enabled }} -{{- if .Values.queryFrontend.enabled }} -{{- if .Values.queryFrontend.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "thanos.componentname" (list $ "query-frontend") }} - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: query-frontend -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ include "thanos.componentname" (list $ "query-frontend") }} - minReplicas: {{ .Values.queryFrontend.autoscaling.minReplicas }} - maxReplicas: {{ .Values.queryFrontend.autoscaling.maxReplicas }} - metrics: -{{- with .Values.queryFrontend.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - targetAverageUtilization: {{ . }} -{{- end }} -{{- with .Values.queryFrontend.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ . }} -{{- end }} -{{- end }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/query-frontend-ingress.yml b/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/query-frontend-ingress.yml deleted file mode 100644 index 5423cecf2..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/query-frontend-ingress.yml +++ /dev/null @@ -1,45 +0,0 @@ ---- -{{ if .Values.global.thanos.enabled }} -{{- if and .Values.queryFrontend.enabled .Values.queryFrontend.http.ingress.enabled }} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: {{ include "thanos.componentname" (list $ "query-frontend") }}-http - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: query-frontend - {{- if .Values.queryFrontend.http.ingress.labels }} - {{ toYaml .Values.queryFrontend.http.ingress.labels | indent 4 }} - {{- end }} - {{- with .Values.queryFrontend.http.ingress.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} -spec: - {{- if .Values.queryFrontend.http.ingress.tls }} - tls: - {{- range .Values.queryFrontend.http.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - {{- if .secretName }} - secretName: {{ .secretName }} - {{- end}} - {{- end }} - {{- end }} - rules: - {{- range .Values.queryFrontend.http.ingress.hosts }} - - host: {{ . }} - http: - paths: - - path: {{ $.Values.queryFrontend.http.ingress.path }} - backend: - serviceName: {{ include "thanos.componentname" (list $ "query-frontend") }}-http - servicePort: {{ $.Values.queryFrontend.http.port }} - {{- end }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/query-frontend-poddisruptionbudget.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/query-frontend-poddisruptionbudget.yaml deleted file mode 100644 index 5cfef4756..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/query-frontend-poddisruptionbudget.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{ if .Values.global.thanos.enabled }} -{{- if and .Values.queryFrontend.enabled .Values.queryFrontend.podDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ include "thanos.componentname" (list $ "query-frontend") }} - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ $.Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: query-frontend -{{ with .Values.queryFrontend.deploymentLabels }}{{ toYaml . | indent 4 }}{{ end }} -spec: - {{- if .Values.queryFrontend.podDisruptionBudget.minAvailable }} - minAvailable: {{ .Values.queryFrontend.podDisruptionBudget.minAvailable }} - {{- end }} - {{- if .Values.queryFrontend.podDisruptionBudget.maxUnavailable }} - maxUnavailable: {{ .Values.queryFrontend.podDisruptionBudget.maxUnavailable }} - {{- end }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - app.kubernetes.io/component: query-frontend -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/query-frontend-service.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/query-frontend-service.yaml deleted file mode 100644 index 2521e898a..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/query-frontend-service.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{ if .Values.global.thanos.enabled }} -{{- if .Values.queryFrontend.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "thanos.componentname" (list $ "query-frontend") }}-http - {{- with .Values.queryFrontend.http.service.annotations }} - annotations: {{ toYaml .| nindent 4 }} - {{- end }} - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ $.Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: query-frontend -{{ with .Values.queryFrontend.http.service.labels }}{{ toYaml . | indent 4 }}{{ end }} -spec: - type: {{ .Values.queryFrontend.http.service.type }} - {{- if .Values.queryFrontend.http.service.externalTrafficPolicy }} - externalTrafficPolicy: {{ .Values.queryFrontend.http.externalTrafficPolicy }} - {{- end }} - ports: - - port: {{ .Values.queryFrontend.http.port }} - targetPort: http - protocol: TCP - name: http - selector: - app.kubernetes.io/name: {{ include "thanos.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: query-frontend -{{ with .Values.queryFrontend.http.service.matchLabels }}{{ toYaml . | indent 4 }}{{ end }} -{{- end -}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/query-frontend-servicemonitor.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/query-frontend-servicemonitor.yaml deleted file mode 100644 index 004367519..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/query-frontend-servicemonitor.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{ if .Values.global.thanos.enabled }} -{{- if and .Values.queryFrontend.enabled .Values.queryFrontend.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "thanos.componentname" (list $ "query-frontend") }} - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: query-frontend -{{ with .Values.queryFrontend.metrics.serviceMonitor.labels }}{{ toYaml . | indent 4 }}{{ end }} -spec: - jobLabel: thanos-query - selector: - matchLabels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: query-frontend - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} - endpoints: - - port: http - interval: {{ .Values.queryFrontend.metrics.serviceMonitor.interval | default "15s" }} - {{- with .Values.queryFrontend.metrics.serviceMonitor.relabellings }} - metricRelabelings: {{ toYaml . | nindent 8 }} - {{- end }} -{{- end -}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/query-horizontalpodautoscaler.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/query-horizontalpodautoscaler.yaml deleted file mode 100644 index 9b38473d8..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/query-horizontalpodautoscaler.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{ if .Values.global.thanos.enabled }} -{{- if .Values.query.enabled }} -{{- if .Values.query.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "thanos.componentname" (list $ "query") }} - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: query -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ include "thanos.componentname" (list $ "query") }} - minReplicas: {{ .Values.query.autoscaling.minReplicas }} - maxReplicas: {{ .Values.query.autoscaling.maxReplicas }} - metrics: -{{- with .Values.query.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - targetAverageUtilization: {{ . }} -{{- end }} -{{- with .Values.query.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ . }} -{{- end }} -{{- end }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/query-ingress.yml b/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/query-ingress.yml deleted file mode 100644 index cfda4a0e3..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/query-ingress.yml +++ /dev/null @@ -1,89 +0,0 @@ ---- -{{ if .Values.global.thanos.enabled }} -{{- if and .Values.query.enabled .Values.query.http.ingress.enabled }} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: {{ include "thanos.componentname" (list $ "query") }}-http - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: query - {{- if .Values.query.http.ingress.labels }} - {{ toYaml .Values.query.http.ingress.labels | indent 4 }} - {{- end }} - {{- with .Values.query.http.ingress.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} -spec: - {{- if .Values.query.http.ingress.tls }} - tls: - {{- range .Values.query.http.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - {{- if .secretName }} - secretName: {{ .secretName }} - {{- end}} - {{- end }} - {{- end }} - rules: - {{- range .Values.query.http.ingress.hosts }} - - host: {{ . }} - http: - paths: - - path: {{ $.Values.query.http.ingress.path }} - backend: - serviceName: {{ include "thanos.componentname" (list $ "query") }}-http - servicePort: {{ $.Values.query.http.port }} - {{- end }} -{{- end }} - -{{- if and .Values.query.enabled .Values.query.grpc.ingress.enabled }} ---- -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: {{ include "thanos.componentname" (list $ "query") }}-grpc - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: query - {{- if .Values.query.grpc.ingress.labels }} - {{ toYaml .Values.grpc.ingress.labels | indent 4 }} - {{- end }} - {{- with .Values.query.grpc.ingress.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} -spec: - {{- if .Values.query.grpc.ingress.tls }} - tls: - {{- range .Values.query.grpc.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - {{- if .secretName }} - secretName: {{ .secretName }} - {{- end}} - {{- end }} - {{- end }} - rules: - {{- range .Values.query.grpc.ingress.hosts }} - - host: {{ . }} - http: - paths: - - path: {{ $.Values.query.grpc.ingress.path }} - backend: - serviceName: {{ include "thanos.componentname" (list $ "query") }}-grpc - servicePort: {{ $.Values.query.http.port }} - {{- end }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/query-poddisruptionbudget.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/query-poddisruptionbudget.yaml deleted file mode 100644 index efc2c817c..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/query-poddisruptionbudget.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{ if .Values.global.thanos.enabled }} -{{- if and .Values.query.enabled .Values.query.podDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ include "thanos.componentname" (list $ "query") }} - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ $.Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: query -{{ with .Values.query.deploymentLabels }}{{ toYaml . | indent 4 }}{{ end }} -spec: - {{- if .Values.query.podDisruptionBudget.minAvailable }} - minAvailable: {{ .Values.query.podDisruptionBudget.minAvailable }} - {{- end }} - {{- if .Values.query.podDisruptionBudget.maxUnavailable }} - maxUnavailable: {{ .Values.query.podDisruptionBudget.maxUnavailable }} - {{- end }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - app.kubernetes.io/component: query -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/query-service.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/query-service.yaml deleted file mode 100644 index 89178a4e1..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/query-service.yaml +++ /dev/null @@ -1,65 +0,0 @@ -{{ if .Values.global.thanos.enabled }} -{{- if .Values.query.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "thanos.componentname" (list $ "query") }}-grpc - {{- with .Values.query.grpc.service.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ $.Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: query -{{ with .Values.query.grpc.service.labels }}{{ toYaml . | indent 4 }}{{ end }} -spec: - type: ClusterIP - clusterIP: None - ports: - - port: {{ .Values.query.grpc.port }} - targetPort: grpc - protocol: TCP - name: grpc - selector: - app.kubernetes.io/name: {{ include "thanos.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: query -{{ with .Values.query.grpc.service.matchLabels }}{{ toYaml . | indent 4 }}{{ end }} - ---- - -apiVersion: v1 -kind: Service -metadata: - name: {{ include "thanos.componentname" (list $ "query") }}-http - {{- with .Values.query.http.service.annotations }} - annotations: {{ toYaml .| nindent 4 }} - {{- end }} - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ $.Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: query -{{ with .Values.query.http.service.labels }}{{ toYaml . | indent 4 }}{{ end }} -spec: - type: {{ .Values.query.http.service.type }} - {{- if .Values.query.http.service.externalTrafficPolicy }} - externalTrafficPolicy: {{ .Values.query.http.externalTrafficPolicy }} - {{- end }} - ports: - - port: {{ .Values.query.http.port }} - targetPort: http - protocol: TCP - name: http - selector: - app.kubernetes.io/name: {{ include "thanos.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: query -{{ with .Values.query.http.service.matchLabels }}{{ toYaml . | indent 4 }}{{ end }} -{{- end -}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/query-servicemonitor.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/query-servicemonitor.yaml deleted file mode 100644 index 673445428..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/query-servicemonitor.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{ if .Values.global.thanos.enabled }} -{{- if and .Values.query.enabled .Values.query.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "thanos.componentname" (list $ "query") }} - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: query -{{ with .Values.query.metrics.serviceMonitor.labels }}{{ toYaml . | indent 4 }}{{ end }} -spec: - jobLabel: thanos-query - selector: - matchLabels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: query - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} - endpoints: - - port: http - interval: {{ .Values.query.metrics.serviceMonitor.interval | default "15s" }} - {{- with .Values.query.metrics.serviceMonitor.relabellings }} - metricRelabelings: {{ toYaml . | nindent 8 }} - {{- end }} -{{- end -}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/sidecar-service.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/sidecar-service.yaml deleted file mode 100644 index 021bdfaf9..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/sidecar-service.yaml +++ /dev/null @@ -1,61 +0,0 @@ -{{ if .Values.global.thanos.enabled }} -{{- if .Values.sidecar.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "thanos.componentname" (list $ "sidecar") }}-grpc - {{- with .Values.sidecar.grpc.service.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ $.Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: sidecar -{{ with .Values.sidecar.grpc.service.labels }}{{ toYaml . | indent 4 }}{{ end }} -spec: - type: ClusterIP - clusterIP: None - ports: - - port: {{ .Values.sidecar.grpc.port }} - protocol: TCP - targetPort: grpc - name: grpc - selector: - app: prometheus -{{ with .Values.sidecar.grpc.service.matchLabels }}{{ toYaml . | indent 4 }}{{ end }} - ---- - -apiVersion: v1 -kind: Service -metadata: - name: {{ include "thanos.componentname" (list $ "sidecar") }}-http - {{- with .Values.sidecar.http.service.annotations }} - annotations: {{ toYaml .| nindent 4 }} - {{- end }} - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ $.Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: sidecar -{{ with .Values.store.http.service.labels }}{{ toYaml . | indent 4 }}{{ end }} -spec: - type: {{ .Values.sidecar.http.service.type }} - {{- if .Values.sidecar.http.service.externalTrafficPolicy }} - externalTrafficPolicy: {{ .Values.sidecar.http.externalTrafficPolicy }} - {{- end }} - ports: - - port: {{ .Values.sidecar.http.port }} - targetPort: http - protocol: TCP - name: http - selector: - app: prometheus -{{ with .Values.sidecar.http.service.matchLabels }}{{ toYaml . | indent 4 }}{{ end }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/sidecar-servicemonitor.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/sidecar-servicemonitor.yaml deleted file mode 100644 index 6271a23ca..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/sidecar-servicemonitor.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{ if .Values.global.thanos.enabled }} -{{- if and .Values.sidecar.enabled .Values.sidecar.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "thanos.componentname" (list $ "sidecar") }} - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: sidecar -{{ with .Values.sidecar.metrics.serviceMonitor.labels }}{{ toYaml . | indent 4 }}{{ end }} -spec: - jobLabel: thanos-sidecar - selector: - matchLabels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: sidecar - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} - endpoints: - - port: http - interval: {{ .Values.sidecar.metrics.serviceMonitor.interval | default "15s" }} - {{- with .Values.sidecar.metrics.serviceMonitor.relabellings }} - metricRelabelings: {{ toYaml . | nindent 8 }} - {{- end }} -{{- end -}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/store-deployment.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/store-deployment.yaml deleted file mode 100644 index d8f0d3b1b..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/store-deployment.yaml +++ /dev/null @@ -1,121 +0,0 @@ -{{ if .Values.global.thanos.enabled }} -{{ if .Values.store.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "thanos.componentname" (list $ "store") }} - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: store -{{ with .Values.store.deploymentLabels }}{{ toYaml . | indent 4 }}{{ end }} - {{- with .Values.store.deploymentAnnotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} -spec: - replicas: {{ .Values.store.replicaCount | default 1 }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: store -{{ with .Values.store.deploymentMatchLabels }}{{ toYaml . | indent 6 }}{{ end }} - template: - metadata: - labels: -{{ with .Values.store.labels }}{{ toYaml . | indent 8 }}{{ end }} - app.kubernetes.io/name: {{ include "thanos.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: store - {{- with .Values.store.annotations }} - annotations: {{ toYaml . | nindent 8 }} - {{- end }} - {{- if .Values.store.metrics.annotations.enabled }} - prometheus.io/scrape: "true" - prometheus.io/port: "{{ .Values.store.http.port }}" - {{- end }} - spec: - containers: - - name: thanos-store - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - args: - - "store" - - "--data-dir=/var/thanos/store" - - "--log.level={{ .Values.store.logLevel }}" - - "--http-address=0.0.0.0:{{ .Values.store.http.port }}" - - "--grpc-address=0.0.0.0:{{ .Values.store.grpc.port }}" - - "--objstore.config-file=/etc/config/object-store.yaml" - {{- if .Values.store.indexCacheSize }} - - "--index-cache-size={{ .Values.store.indexCacheSize }}" - {{- end }} - {{- if .Values.store.chunkPoolSize }} - - "--chunk-pool-size={{ .Values.store.chunkPoolSize }}" - {{- end }} - {{- if .Values.store.grpcSeriesSampleLimit }} - - "--store.grpc.series-sample-limit={{ .Values.store.grpcSeriesSampleLimit }}" - {{- end }} - {{- if .Values.store.grpcSeriesMaxConcurrency }} - - "--store.grpc.series-max-concurrency={{ .Values.store.grpcSeriesMaxConcurrency }}" - {{- end }} - {{- if .Values.store.syncBlockDuration }} - - "--sync-block-duration={{ .Values.store.syncBlockDuration }}" - {{- end }} - {{- if .Values.store.blockSyncConcurrency }} - - "--block-sync-concurrency={{ .Values.store.blockSyncConcurrency }}" - {{- end }} - {{- if .Values.store.extraArgs }} - {{ toYaml .Values.store.extraArgs | nindent 8 }} - {{- end }} - ports: - - name: http - containerPort: {{ .Values.store.http.port }} - - name: grpc - containerPort: {{ .Values.store.grpc.port }} - env: - {{- toYaml .Values.store.extraEnv | nindent 10 }} - volumeMounts: - - name: config-volume - mountPath: /etc/config - readOnly: true - - name: data - mountPath: /var/thanos/store - {{- if .Values.store.certSecretName }} - - mountPath: /etc/certs - name: {{ .Values.store.certSecretName }} - readOnly: true - {{- end }} - resources: - {{ toYaml .Values.store.resources | nindent 10 }} - volumes: - - name: data - emptyDir: {} - - name: config-volume - secret: - secretName: {{ include "thanos.secretname" . }} - {{- if .Values.store.certSecretName }} - - name: {{ .Values.store.certSecretName }} - secret: - defaultMode: 420 - secretName: {{ .Values.store.certSecretName }} - {{- end }} - {{- with .Values.store.securityContext }} - securityContext: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.store.nodeSelector }} - nodeSelector: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.store.affinity }} - affinity: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.store.tolerations }} - tolerations: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.store.serviceAccount }} - serviceAccountName: "{{ . }}" - {{- end }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/store-ingress.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/store-ingress.yaml deleted file mode 100644 index 4d18c019e..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/store-ingress.yaml +++ /dev/null @@ -1,85 +0,0 @@ -{{ if .Values.global.thanos.enabled }} -{{- if and .Values.store.enabled .Values.store.http.ingress.enabled }} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: {{ include "thanos.componentname" (list $ "store") }}-http - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: store - {{- if .Values.store.http.ingress.labels }} - {{ toYaml .Values.store.http.ingress.labels | indent 4 }} - {{- end }} - {{- with .Values.store.http.ingress.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} -spec: - {{- if .Values.store.http.ingress.tls }} - tls: - {{- range .Values.store.http.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} - {{- end }} - rules: - {{- range .Values.store.http.ingress.hosts }} - - host: {{ . }} - http: - paths: - - path: {{ $.Values.store.http.ingress.path }} - backend: - serviceName: {{ include "thanos.componentname" (list $ "store") }}-http - servicePort: {{ $.Values.store.http.port }} - {{- end }} -{{- end }} - ---- - - {{- if and .Values.store.enabled .Values.store.grpc.ingress.enabled }} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: {{ include "thanos.componentname" (list $ "store") }}-grpc - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: store - {{- if .Values.store.grpc.ingress.labels }} - {{ toYaml .Values.grpc.ingress.labels | indent 4 }} - {{- end }} - {{- with .Values.store.grpc.ingress.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} -spec: - {{- if .Values.store.grpc.ingress.tls }} - tls: - {{- range .Values.store.grpc.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} - {{- end }} - rules: - {{- range .Values.store.grpc.ingress.hosts }} - - host: {{ . }} - http: - paths: - - path: {{ $.Values.store.grpc.ingress.path }} - backend: - serviceName: {{ include "thanos.componentname" (list $ "store") }}-grpc - servicePort: {{ $.Values.store.http.port }} - {{- end }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/store-service.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/store-service.yaml deleted file mode 100644 index ce5894fa3..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/store-service.yaml +++ /dev/null @@ -1,65 +0,0 @@ -{{ if .Values.global.thanos.enabled }} -{{- if .Values.store.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "thanos.componentname" (list $ "store") }}-grpc - {{- with .Values.store.grpc.service.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ $.Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: store -{{ with .Values.store.grpc.service.labels }}{{ toYaml . | indent 4 }}{{ end }} -spec: - type: ClusterIP - clusterIP: None - ports: - - port: {{ .Values.store.grpc.port }} - targetPort: grpc - protocol: TCP - name: grpc - selector: - app.kubernetes.io/name: {{ include "thanos.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: store -{{ with .Values.store.grpc.service.matchLabels }}{{ toYaml . | indent 4 }}{{ end }} - ---- - -apiVersion: v1 -kind: Service -metadata: - name: {{ include "thanos.componentname" (list $ "store") }}-http - {{- with .Values.store.http.service.annotations }} - annotations: {{ toYaml .| nindent 4 }} - {{- end }} - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ $.Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: store -{{ with .Values.store.http.service.labels }}{{ toYaml . | indent 4 }}{{ end }} -spec: - type: {{ .Values.store.http.service.type }} - {{- if .Values.store.http.service.externalTrafficPolicy }} - externalTrafficPolicy: {{ .Values.store.http.externalTrafficPolicy }} - {{- end }} - ports: - - port: {{ .Values.store.http.port }} - targetPort: http - protocol: TCP - name: http - selector: - app.kubernetes.io/name: {{ include "thanos.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: store -{{ with .Values.store.http.service.matchLabels }}{{ toYaml . | indent 4 }}{{ end }} -{{- end -}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/store-servicemonitor.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/store-servicemonitor.yaml deleted file mode 100644 index c181c6416..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/templates/store-servicemonitor.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{ if .Values.global.thanos.enabled }} -{{- if and .Values.store.enabled .Values.store.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "thanos.componentname" (list $ "store") }} - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: store -{{ with .Values.store.metrics.serviceMonitor.labels }}{{ toYaml . | indent 4 }}{{ end }} -spec: - jobLabel: thanos-store - selector: - matchLabels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: store - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} - endpoints: - - port: http - interval: {{ .Values.store.metrics.serviceMonitor.interval | default "15s" }} - {{- with .Values.store.metrics.serviceMonitor.relabellings }} - metricRelabelings: {{ toYaml . | nindent 8 }} - {{- end }} -{{- end -}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/values.yaml b/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/values.yaml deleted file mode 100644 index 0a11a2627..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/charts/thanos/values.yaml +++ /dev/null @@ -1,739 +0,0 @@ -image: - repository: thanosio/thanos - tag: v0.15.0 - pullPolicy: IfNotPresent - -store: - enabled: true - # Maximum size of items held in the index cache. - indexCacheSize: 250MB - # Maximum size of concurrently allocatable bytes for chunks. - chunkPoolSize: 2GB - # Maximum amount of samples returned via a single series call. 0 means no limit. - # NOTE: for efficiency we take 120 as the number of samples in chunk (it cannot be bigger than that), - # so the actual number of samples might be lower, even though the maximum could be hit. - grpcSeriesSampleLimit: 0 - # Maximum number of concurrent Series calls. - grpcSeriesMaxConcurrency: 20 - # Repeat interval for syncing the blocks between local and remote view. - syncBlockDuration: 3m - # Number of goroutines to use when syncing blocks from object storage. - blockSyncConcurrency: 20 - # Log filtering level. - logLevel: info - # Add extra environment variables to store - extraEnv: [] - # - name: ENV - # value: value - # - # Add extra arguments to the store service - extraArgs: [] - # - "--extraargs=extravalue" - # - # Number of replicas running from store component - replicaCount: 1 - # Extra labels for store pod template - labels: {} - # cluster: example - # - # Extra annotations for store pod template - annotations: {} - # example.com: default - # - # Add extra labels to store deployment - deploymentLabels: {} - # extraLabel: extraLabelValue - # - # Add extra annotations to store deployment - deploymentAnnotations: {} - # extraAnnotation: extraAnnotationValue - # - # Add extra selector matchLabels to store deployment - deploymentMatchLabels: {} - # Enable metrics collecting for store service - metrics: - # This is the Prometheus annotation type scraping configuration - annotations: - enabled: false - # Enable ServiceMonitor https://github.com/coreos/prometheus-operator - serviceMonitor: - enabled: false - # Labels for prometheus-operator to find servicemonitor - labels: {} - # The grpc endpoint to communicate with other components - grpc: - # grpc listen port number - port: 10901 - # Service definition for query grpc service - service: - # Annotations to query grpc service - annotations: {} - # Labels to query grpc service - labels: {} - matchLabels: {} - # Set up ingress for the grpc service - ingress: - enabled: false - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - labels: {} - path: "/" - hosts: - - "/" - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - - # The http endpoint to communicate with other components - http: - # http listen port number - port: 10902 - # Service definition for query http service - service: - type: ClusterIP - # Annotations to query http service - annotations: {} - # Labels to query http service - labels: {} - matchLabels: {} - # Set up ingress for the http service - ingress: - enabled: false - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - labels: {} - path: "/" - hosts: - - "/" - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - # Optional securityContext - securityContext: {} - resources: {} - # limits: - # cpu: 2000m - # memory: 16Gi - # requests: - # cpu: 1000m - # memory: 4Gi - # - # Node tolerations for server scheduling to nodes with taints - # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - tolerations: [] - # - key: "key" - # operator: "Equal|Exists" - # value: "value" - # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" - # - # Node labels for store pod assignment - # Ref: https://kubernetes.io/docs/user-guide/node-selection/ - # - nodeSelector: {} - # - # Pod affinity - # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-affinity - affinity: {} - serviceAccount: "" - -# Query Frontend Component -queryFrontend: - enabled: true - - # Split queries by an interval and execute in parallel, 0 disables it. - splitInterval: 24h - - # Maximum number of retries for a single request; beyond this, the downstream error is returned. - maxRetriesPerRequest: 5 - - # Limit the query time range (end - start time) in the query-frontend, 0 disables it. - maxQueryLength: 0 - - # Maximum number of queries will be scheduled in parallel by the frontend.\ - maxQueryParallelism: 14 - - # Most recent allowed cacheable result, to prevent caching very recent results that might still be in flux. - responseCacheMaxFreshness: 1m - - # Path to YAML file that contains response cache configuration. - # responseCacheConfigFile: - - # Response Cache Configuration - responseCache: - enabled: false - maxSize: 512MB - maxSizeItems: 0 - validity: 10m - - # Response cache configuration content - # responseCacheConfig: - - # Enable partial response for queries if no partial_response param is specified. --no-query-range.partial-response for disabling. - # partialResponse: false - - # Compress HTTP responses. - compressResponses: true - - logLevel: info - # Add extra environment variables to query - extraEnv: [] - # - name: ENV - # value: value - # - # Add extra arguments to the query service - extraArgs: [] - # - "--extraargs=extravalue" - # - # Number of replicas running from query component - replicaCount: 1 - # Enable HPA for query component - autoscaling: - enabled: false - minReplicas: 2 - maxReplicas: 3 - targetCPUUtilizationPercentage: 50 - targetMemoryUtilizationPercentage: 50 - # Enable podDisruptionBudget for query component - podDisruptionBudget: - enabled: false - # minAvailable and maxUnavailable can't be used simultaneous. Choose one. - minAvailable: 1 - # maxUnavailable: 50% - - serviceAccount: "" - - # The http endpoint to communicate with other components - http: - # http listen port number - port: 10902 - # Service definition for query http service - service: - type: ClusterIP - # Annotations to query http service - annotations: {} - # Labels to query http service - labels: {} - matchLabels: {} - # Set up ingress for the http service - ingress: - enabled: false - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - labels: {} - path: "/" - hosts: - - "/" - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - - certSecretName: "" - # Extra labels for query pod template - labels: {} - # cluster: example - # - # Extra annotations for query pod template - annotations: {} - # example.com: default - # - # Add extra labels to query deployment - deploymentLabels: {} - # extraLabel: extraLabelValue - # - # Add extra annotations to query deployment - deploymentAnnotations: {} - # extraAnnotation: extraAnnotationValue - # - # Add extra selector matchLabels to query deployment - deploymentMatchLabels: {} - - # Enable metrics collecting for query service - metrics: - # This is the Prometheus annotation type scraping configuration - annotations: - enabled: false - # Enable ServiceMonitor https://github.com/coreos/prometheus-operator - serviceMonitor: - enabled: false - # Labels for prometheus-operator to find servicemonitor - labels: {} - - # Optional securityContext - securityContext: {} - resources: {} - # limits: - # cpu: 2000m - # memory: 16Gi - # requests: - # cpu: 1000m - # memory: 4Gi - # - # Node tolerations for server scheduling to nodes with taints - # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - tolerations: [] - # - key: "key" - # operator: "Equal|Exists" - # value: "value" - # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" - # - # Node labels for compact pod assignment - # Ref: https://kubernetes.io/docs/user-guide/node-selection/ - # - nodeSelector: {} - # - # Pod affinity - # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-affinity - affinity: {} - -query: - enabled: true - # Label to treat as a replica indicator along which data is deduplicated. - # Still you will be able to query without deduplication using 'dedup=false' parameter. - replicaLabel: "" - # Prefix for API and UI endpoints. This allows thanos UI to be served on a sub-path. - # This option is analogous to --web.route-prefix of Promethus. - webRoutePrefix: "" - # Static prefix for all HTML links and redirect - # URLs in the UI query web interface. Actual - # endpoints are still served on / or the - # web.route-prefix. This allows thanos UI to be - # served behind a reverse proxy that strips a URL - # sub-path. - webExternalPrefix: "" - # Name of HTTP request header used for dynamic prefixing of UI links and redirects. - # This option is ignored if web.external-prefix argument is set. Security risk: enable this - # option only if a reverse proxy in front of thanos is resetting the header. The --web.prefix-header=X-Forwarded-Prefix option - # can be useful, for example, if Thanos UI is served via Traefik reverse proxy with PathPrefixStrip option enabled, which sends the - # stripped prefix value in X-Forwarded-Prefix header. This allows thanos UI to be served on a sub-path - webPrefixHeader: "" - # Maximum time to process query by query node. - timeout: 2m - # Maximum number of queries processed concurrently by query node. - maxConcurrent: 16 - # Maximum number of select requests made concurrently per a query. - maxConcurrentSelect: 4 - # Enable automatic adjustment (step / 5) to what source of data should be used in store gateways - # if no max_source_resolution param is specified. - autoDownsampling: false - # https://github.com/improbable-eng/thanos/issues/1015 - storeDNSResolver: miekgdns - # Enable DNS discovery for stores - storeDNSDiscovery: true - # Enable DNS discovery for sidecars (this is for the chart built-in sidecar service) - sidecarDNSDiscovery: true - # Addresses of statically configured store API servers (repeatable). - # The scheme may be prefixed with 'dns+' or 'dnssrv+' to detect store API servers through respective DNS lookups. - stores: [] - # - "dnssrv+_grpc._tcp...svc" - # - # Path to files that contains addresses of store API servers. The path can be a glob pattern (repeatable). - serviceDiscoveryFiles: [] - # Names of configmaps that contain addresses of store API servers, used for file service discovery. - serviceDiscoveryFileConfigMaps: [] - # Refresh interval to re-read file SD files. It is used as a resync fallback. - serviceDiscoveryInterval: 5m - # Log filtering level. - logLevel: info - # Add extra environment variables to query - extraEnv: [] - # - name: ENV - # value: value - # - # Add extra arguments to the query service - extraArgs: [] - # - "--extraargs=extravalue" - # - # Number of replicas running from query component - replicaCount: 1 - # Enable HPA for query component - autoscaling: - enabled: false - minReplicas: 2 - maxReplicas: 3 - targetCPUUtilizationPercentage: 50 - targetMemoryUtilizationPercentage: 50 - # Enable podDisruptionBudget for query component - podDisruptionBudget: - enabled: false - # minAvailable and maxUnavailable can't be used simultaneous. Choose one. - minAvailable: 1 - # maxUnavailable: 50% - - # The http endpoint to communicate with other components - http: - # http listen port number - port: 10902 - # Service definition for query http service - service: - type: ClusterIP - # Annotations to query http service - annotations: {} - # Labels to query http service - labels: {} - matchLabels: {} - # Set up ingress for the http service - ingress: - enabled: false - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - labels: {} - path: "/" - hosts: - - "/" - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - - certSecretName: "" - # Extra labels for query pod template - labels: {} - # cluster: example - # - # Extra annotations for query pod template - annotations: {} - # example.com: default - # - # Add extra labels to query deployment - deploymentLabels: {} - # extraLabel: extraLabelValue - # - # Add extra annotations to query deployment - deploymentAnnotations: {} - # extraAnnotation: extraAnnotationValue - # - # Add extra selector matchLabels to query deployment - deploymentMatchLabels: {} - - # Enable metrics collecting for query service - metrics: - # This is the Prometheus annotation type scraping configuration - annotations: - enabled: false - # Enable ServiceMonitor https://github.com/coreos/prometheus-operator - serviceMonitor: - enabled: false - # Labels for prometheus-operator to find servicemonitor - labels: {} - - # Optional securityContext - securityContext: {} - resources: {} - # limits: - # cpu: 2000m - # memory: 16Gi - # requests: - # cpu: 1000m - # memory: 4Gi - # - # Node tolerations for server scheduling to nodes with taints - # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - tolerations: [] - # - key: "key" - # operator: "Equal|Exists" - # value: "value" - # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" - # - # Node labels for compact pod assignment - # Ref: https://kubernetes.io/docs/user-guide/node-selection/ - # - nodeSelector: {} - # - # Pod affinity - # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-affinity - affinity: {} - - # The grpc endpoint to communicate with other components - grpc: - # grpc listen port number - port: 10901 - # Service definition for query grpc service - service: - # Annotations to query grpc service - annotations: {} - # labels to query grpc service - labels: {} - matchLabels: {} - # Set up ingress for the grpc service - ingress: - enabled: false - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - labels: {} - path: "/" - hosts: - - "/" - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - serviceAccount: "" - -compact: - enabled: true - # Minimum age of fresh (non-compacted) blocks before they are being processed. - # Malformed blocks older than the maximum of consistency-delay and 30m0s will be removed. - consistencyDelay: 30m - # How long to retain raw samples in bucket. Setting this to 0d will retain samples of this resolution forever - retentionResolutionRaw: 1825d - # How long to retain samples of resolution 1 (5 minutes) in bucket. Setting this to 0d will retain samples of this resolution forever - retentionResolution5m: 1825d - # How long to retain samples of resolution 2 (1 hour) in bucket. Setting this to 0d will retain samples of this resolution forever - retentionResolution1h: 1825d - # Number of goroutines to use when compacting groups. - compactConcurrency: 1 - # Number of goroutines to use when syncing block metadata from object storage. - blockSyncConcurrency: 20 - # Disables Downsampling data - disableDownsampling: false - # Log filtering level. - logLevel: info - # Compact service listening http port - http: - port: 10902 - service: - labels: {} - # Add extra environment variables to compact - extraEnv: - # - name: ENV - # value: value - # - # Add extra arguments to the compact service - extraArgs: - # - "--extraargs=extravalue" - # - # Data volume for the compactor to store temporary data defaults to emptyDir - # dataVolume: - # persistentVolumeClaim: - # claimName: compact-data-volume - # storage: 100Gi - # Extra labels for compact pod template - labels: {} - # cluster: example - # - # Extra annotations for compact pod template - annotations: {} - # example.com: default - # - # Add extra labels to compact deployment - deploymentLabels: {} - # extraLabel: extraLabelValue - # - # Add extra annotations to compact deployment - deploymentAnnotations: {} - # extraAnnotation: extraAnnotationValue - # - # Add extra selector matchLabels to compact deployment - deploymentMatchLabels: {} - # - # Enable metrics collecting for compact service - metrics: - # This is the Prometheus annotation type scraping configuration - annotations: - enabled: false - # Enable ServiceMonitor https://github.com/coreos/prometheus-operator - serviceMonitor: - enabled: false - # Labels for prometheus-operator to find servicemonitor - labels: {} - serviceAccount: "" - - # Optional securityContext - securityContext: {} - resources: {} - # limits: - # cpu: 2000m - # memory: 16Gi - # requests: - # cpu: 1000m - # memory: 4Gi - # - # Node tolerations for server scheduling to nodes with taints - # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - tolerations: [] - # - key: "key" - # operator: "Equal|Exists" - # value: "value" - # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" - # - # Node labels for compact pod assignment - # Ref: https://kubernetes.io/docs/user-guide/node-selection/ - # - nodeSelector: {} - # - # Pod affinity - # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-affinity - affinity: {} - -bucket: - enabled: true - # Number of replicas running from bucket component - replicaCount: 1 - # Log filtering level. - logLevel: info - # Refresh interval to download metadata from remote storage - refresh: 30m - # Timeout to download metadata from remote storage - timeout: 5m - # Prometheus label to use as timeline title - label: "" - # The http endpoint to communicate with other components - http: - # http listen port number - port: 8080 - # Service definition for bucket http service - service: - type: ClusterIP - # Annotations to bucket http service - annotations: {} - # Labels to bucket http service - labels: {} - matchLabels: {} - # Set up ingress for the http service - ingress: - enabled: false - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - labels: {} - path: "/" - hosts: - - "/" - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - # Add extra environment variables to bucket - extraEnv: - # - name: ENV - # value: value - # - # Add extra arguments to the bucket service - extraArgs: - # - "--extraargs=extravalue" - # - # Extra labels for bucket pod template - labels: {} - # cluster: example - # - # Extra annotations for bucket pod template - annotations: {} - # example.com: default - # - # Add extra labels to bucket deployment - deploymentLabels: {} - # extraLabel: extraLabelValue - # - # Add extra annotations to bucket deployment - deploymentAnnotations: {} - # - # Add extra selector matchLabels to bucket deployment - deploymentMatchLabels: {} - - # Enable podDisruptionBudget for bucket component - podDisruptionBudget: - enabled: false - # minAvailable and maxUnavailable can't be used simultaneous. Choose one. - minAvailable: 1 - # maxUnavailable: 50% - - # Optional securityContext - securityContext: {} - resources: {} - # limits: - # cpu: 2000m - # memory: 16Gi - # requests: - # cpu: 1000m - # memory: 4Gi - # - # Node tolerations for server scheduling to nodes with taints - # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - tolerations: [] - # - key: "key" - # operator: "Equal|Exists" - # value: "value" - # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" - # - # Node labels for bucket pod assignment - # Ref: https://kubernetes.io/docs/user-guide/node-selection/ - # - nodeSelector: {} - # - # Pod affinity - # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-affinity - affinity: {} - serviceAccount: "" - -sidecar: - # NOTE: This is only the service references for the sidecar - enabled: true - # Enable metrics collecting for sidecar service - metrics: - # Enable ServiceMonitor https://github.com/coreos/prometheus-operator - serviceMonitor: - enabled: false - # Labels for prometheus-operator to find servicemonitor - labels: {} - # The grpc endpoint to communicate with other components - grpc: - # grpc listen port number - port: 10901 - # Service definition for sidecar grpc service - service: - # Annotations to sidecar grpc service - annotations: {} - # Labels to sidecar grpc service - labels: {} - matchLabels: {} - # Set up ingress for the grpc service - ingress: - enabled: false - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - labels: {} - path: "/" - hosts: - - "/" - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - - # The http endpoint to communicate with other components - http: - # http listen port number - port: 10902 - # Service definition for sidecar http service - service: - type: ClusterIP - # Annotations to sidecar http service - annotations: {} - # Labels to sidecar http service - labels: {} - matchLabels: {} - # Set up ingress for the http service - ingress: - enabled: false - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - labels: {} - path: "/" - hosts: - - "/" - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -storeSecretName: diff --git a/charts/kubecost/cost-analyzer/1.70.0/cluster-metrics.json b/charts/kubecost/cost-analyzer/1.70.0/cluster-metrics.json deleted file mode 100644 index 0e6638252..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/cluster-metrics.json +++ /dev/null @@ -1,1663 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "description": "Cost metrics from the Kubecost product", - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "id": 7, - "iteration": 1558062099204, - "links": [], - "panels": [ - { - "content": "Note: this dashboard requires Kubecost metrics to be available in your Prometheus deployment. [Learn more](https://github.com/kubecost/cost-model/blob/master/PROMETHEUS.md)", - "gridPos": { - "h": 2, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 27, - "links": [], - "mode": "markdown", - "title": "", - "transparent": true, - "type": "text" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "default-kubecost", - "decimals": 2, - "description": "Monthly run rate of CPU + GPU costs based on currently provisioned resources.", - "format": "currencyUSD", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 0, - "y": 2 - }, - "hideTimeOverride": true, - "id": 2, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "label_cloud_google_com_gke_preemptible", - "targets": [ - { - "expr": "sum(\n avg(kube_node_status_capacity_cpu_cores) by (node) * avg(node_cpu_hourly_cost) by (node) * 730 * (1-$useDiscount/100) +\n avg(node_gpu_hourly_cost) by (node) * 730 * (1-$useDiscount/100)\n)", - "format": "time_series", - "instant": true, - "interval": "", - "intervalFactor": 1, - "legendFormat": " {{ node }}", - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": "15m", - "timeShift": null, - "title": "CPU Cost", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "default-kubecost", - "decimals": 2, - "description": "Monthly run rate of memory costs based on currently provisioned expenses.", - "format": "currencyUSD", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 6, - "y": 2 - }, - "hideTimeOverride": true, - "id": 3, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "label_cloud_google_com_gke_preemptible", - "targets": [ - { - "expr": "sum(\n avg(kube_node_status_capacity_memory_bytes) by (node) / 1024 / 1024 / 1024 * avg(node_ram_hourly_cost) by (node) * 730 * (1-$useDiscount/100)\n)", - "format": "time_series", - "instant": true, - "interval": "", - "intervalFactor": 1, - "legendFormat": " {{ node }}", - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": "15m", - "timeShift": null, - "title": "Memory Cost", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "default-kubecost", - "decimals": 2, - "description": "Monthly run rate of attached storage and PV costs based on currently provisioned resources.", - "format": "currencyUSD", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 12, - "y": 2 - }, - "hideTimeOverride": true, - "id": 4, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "label_cloud_google_com_gke_preemptible", - "targets": [ - { - "expr": "sum(avg(pv_hourly_cost) by (persistentvolume) * 730 * avg(kube_persistentvolume_capacity_bytes) by (persistentvolume) / 1024 / 1024 / 1024) \n+\nsum(sum(container_fs_limit_bytes{device!=\"tmpfs\", id=\"/\"}) by (instance) / 1024 / 1024 / 1024) * $localStorageGBCost", - "format": "time_series", - "instant": true, - "interval": "", - "intervalFactor": 1, - "legendFormat": " {{ node }}", - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": "15m", - "timeShift": null, - "title": "Storage Cost", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "default-kubecost", - "decimals": 2, - "description": "Sum of compute, memory, storage and network costs.", - "format": "currencyUSD", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 2 - }, - "hideTimeOverride": true, - "id": 11, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "label_cloud_google_com_gke_preemptible", - "targets": [ - { - "expr": "# Compute\nsum(\n avg(kube_node_status_capacity_cpu_cores) by (node) * avg(node_cpu_hourly_cost) by (node) * 730 * (1-$useDiscount/100) +\n avg(node_gpu_hourly_cost) by (node) * 730 * (1-$useDiscount/100)\n) +\n\n\n# Memory\nsum(\n avg(kube_node_status_capacity_memory_bytes) by (node) / 1024 / 1024 / 1024 * avg(node_ram_hourly_cost) by (node) * 730 * (1-$useDiscount/100)\n) +\n\n# Storage \n\nsum(avg(pv_hourly_cost) by (persistentvolume) * 730 * avg(kube_persistentvolume_capacity_bytes) by (persistentvolume) / 1024 / 1024 / 1024) \n+\nsum(sum(container_fs_limit_bytes{device!=\"tmpfs\", id=\"/\"}) by (instance) / 1024 / 1024 / 1024) * $localStorageGBCost", - "format": "time_series", - "instant": true, - "interval": "", - "intervalFactor": 1, - "legendFormat": " {{ node }}", - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": "15m", - "timeShift": null, - "title": "Total Cost", - "type": "singlestat", - "valueFontSize": "120%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": true, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(50, 172, 45, 0.97)", - "#c15c17" - ], - "datasource": "default-kubecost", - "decimals": 2, - "description": "Current CPU use from applications divided by allocatable CPUs", - "editable": true, - "error": false, - "format": "percent", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": true, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 3, - "x": 0, - "y": 5 - }, - "height": "180px", - "hideTimeOverride": true, - "id": 13, - "interval": null, - "isNew": true, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "(\n sum(\n count(irate(container_cpu_usage_seconds_total{id=\"/\"}[10m])) by (instance)\n * on (instance) \n sum(irate(container_cpu_usage_seconds_total{id=\"/\"}[10m])) by (instance)\n ) \n / \n (sum (kube_node_status_allocatable_cpu_cores))\n) * 100", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "refId": "A", - "step": 10 - } - ], - "thresholds": "30, 80", - "timeFrom": "", - "title": "CPU Utilization", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": true, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(50, 172, 45, 0.97)", - "#c15c17" - ], - "datasource": "default-kubecost", - "decimals": 2, - "description": "Current CPU reservation requests from applications vs allocatable CPU", - "editable": true, - "error": false, - "format": "percent", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": true, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 3, - "x": 3, - "y": 5 - }, - "height": "180px", - "id": 15, - "interval": null, - "isNew": true, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "SUM(kube_pod_container_resource_requests_cpu_cores) / SUM(kube_node_status_allocatable_cpu_cores) * 100", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "refId": "A", - "step": 10 - } - ], - "thresholds": "30, 80", - "title": "CPU Requests", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": true, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(50, 172, 45, 0.97)", - "#c15c17" - ], - "datasource": "default-kubecost", - "description": "Current RAM use vs RAM available", - "editable": true, - "error": false, - "format": "percent", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": true, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 3, - "x": 6, - "y": 5 - }, - "height": "180px", - "hideTimeOverride": true, - "id": 17, - "interval": null, - "isNew": true, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "SUM(container_memory_usage_bytes{namespace!=\"\"}) / SUM(kube_node_status_allocatable_memory_bytes) * 100", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "refId": "A", - "step": 10 - }, - { - "expr": "", - "format": "time_series", - "intervalFactor": 1, - "refId": "B" - } - ], - "thresholds": "30,80", - "timeFrom": "", - "title": "RAM Utilization", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": true, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(50, 172, 45, 0.97)", - "#c15c17" - ], - "datasource": "default-kubecost", - "description": "Current RAM requests vs RAM available", - "editable": true, - "error": false, - "format": "percent", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": true, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 3, - "x": 9, - "y": 5 - }, - "height": "180px", - "id": 19, - "interval": null, - "isNew": true, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "(\n sum(kube_pod_container_resource_requests_memory_bytes{namespace!=\"\"})\n /\n sum(kube_node_status_allocatable_memory_bytes)\n) * 100", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "refId": "A", - "step": 10 - } - ], - "thresholds": "30,80", - "title": "RAM Requests", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": true, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(50, 172, 45, 0.97)", - "#c15c17" - ], - "datasource": "default-kubecost", - "decimals": 2, - "description": "This gauge shows the current standard storage use, including cluster storage, vs storage available", - "editable": true, - "error": false, - "format": "percent", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": true, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 12, - "y": 5 - }, - "height": "180px", - "hideTimeOverride": true, - "id": 21, - "interval": null, - "isNew": true, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum (\n sum(kube_persistentvolumeclaim_info) by (persistentvolumeclaim, namespace, storageclass)\n + on (persistentvolumeclaim, namespace) group_right(storageclass)\n sum(kubelet_volume_stats_used_bytes) by (persistentvolumeclaim, namespace) or up * 0\n + sum(container_fs_usage_bytes{device=~\"^/dev/[sv]d[a-z][1-9]$\",id=\"/\"})\n) /\nsum (\n sum(kube_persistentvolumeclaim_info) by (persistentvolumeclaim, namespace, storageclass)\n + on (persistentvolumeclaim, namespace) group_right(storageclass)\n sum(kube_persistentvolumeclaim_resource_requests_storage_bytes) by (persistentvolumeclaim, namespace) or up * 0\n + sum(container_fs_limit_bytes{device=~\"^/dev/[sv]d[a-z][1-9]$\",id=\"/\"})\n) * 100", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "refId": "A", - "step": 10 - } - ], - "thresholds": "30, 80", - "timeFrom": "", - "title": "Storage Utilization", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "description": "Monthly run rate of CPU + GPU costs", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 9 - }, - "id": 6, - "interval": "1m", - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(\n avg(kube_node_status_capacity_cpu_cores) by (node) * avg(node_cpu_hourly_cost) by (node) * 730 +\n avg(node_gpu_hourly_cost) by (node) * 730\n)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "compute cost", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Compute Cost", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "currencyUSD", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "description": "Monthly run rate of memory costs", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 9 - }, - "id": 9, - "interval": "1m", - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(\n avg(kube_node_status_capacity_memory_bytes) by (node) / 1024 / 1024 / 1024 * avg(node_ram_hourly_cost) by (node) * 730\n)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "memory cost", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Memory Cost", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "currencyUSD", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "description": "Monthly run rate of attached disk + PV storage costs", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 9 - }, - "id": 10, - "interval": "1m", - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(\n avg(avg_over_time(pv_hourly_cost[$timeRange] offset 1m)) by (persistentvolume) * 730 \n * avg(avg_over_time(kube_persistentvolume_capacity_bytes[$timeRange] offset 1m)) by (persistentvolume) / 1024 / 1024 / 1024\n) +\nsum(avg(container_fs_limit_bytes{device!=\"tmpfs\", id=\"/\"}) by (instance) / 1024 / 1024 / 1024) * $localStorageGBCost", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "storage cost", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Storage Cost", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "description": "Sum of compute, memory, and storage costs", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 9 - }, - "id": 22, - "interval": "1m", - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "# Compute\nsum(\n avg(kube_node_status_capacity_cpu_cores) by (node) * avg(node_cpu_hourly_cost) by (node) * 730 * (1-$useDiscount/100) +\n avg(node_gpu_hourly_cost) by (node) * 730 * (1-$useDiscount/100)\n) +\n\n\n# Memory\nsum(\n avg(kube_node_status_capacity_memory_bytes) by (node) / 1024 / 1024 / 1024 * avg(node_ram_hourly_cost) by (node) * 730 * (1-$useDiscount/100)\n) +\n\n# Storage \n\nsum(avg(pv_hourly_cost) by (persistentvolume) * 730 * avg(kube_persistentvolume_capacity_bytes) by (persistentvolume) / 1024 / 1024 / 1024) \n+\nsum(sum(container_fs_limit_bytes{device!=\"tmpfs\", id=\"/\"}) by (instance) / 1024 / 1024 / 1024) * $localStorageGBCost", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "total cost", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Total Cost", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "columns": [], - "datasource": "default-kubecost", - "description": "Cost of by resource class of currently provisioned nodes", - "fontSize": "100%", - "gridPos": { - "h": 9, - "w": 12, - "x": 0, - "y": 16 - }, - "id": 8, - "links": [], - "pageSize": null, - "scroll": true, - "showHeader": true, - "sort": { - "col": 4, - "desc": false - }, - "styles": [ - { - "alias": "", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "mappingType": 1, - "pattern": "Time", - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "Compute Cost", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "mappingType": 1, - "pattern": "Value", - "thresholds": [], - "type": "number", - "unit": "short" - }, - { - "alias": "CPU Cost", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "mappingType": 1, - "pattern": "Value #A", - "thresholds": [], - "type": "number", - "unit": "currencyUSD" - }, - { - "alias": "Mem Cost", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "mappingType": 1, - "pattern": "Value #B", - "thresholds": [], - "type": "number", - "unit": "currencyUSD" - }, - { - "alias": "Total", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "mappingType": 1, - "pattern": "Value #C", - "thresholds": [], - "type": "number", - "unit": "currencyUSD" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "mappingType": 1, - "pattern": "instance", - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "GPU", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "mappingType": 1, - "pattern": "Value #D", - "thresholds": [], - "type": "number", - "unit": "short" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "decimals": 2, - "pattern": "/.*/", - "thresholds": [], - "type": "number", - "unit": "short" - } - ], - "targets": [ - { - "expr": "avg(kube_node_status_capacity_cpu_cores) by (node) * avg(node_cpu_hourly_cost or up * 0) by (node) * 730 * (1-$useDiscount/100)", - "format": "table", - "instant": true, - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - }, - { - "expr": "avg(kube_node_status_capacity_memory_bytes) by (node) / 1024 / 1024 / 1024 * avg(node_ram_hourly_cost) by (node) * 730 * (1-$useDiscount/100)", - "format": "table", - "instant": true, - "intervalFactor": 1, - "legendFormat": "", - "refId": "B" - }, - { - "expr": "avg(node_gpu_hourly_cost) by (node) * 730 * (1-$useDiscount/100)", - "format": "table", - "instant": true, - "intervalFactor": 1, - "refId": "D" - }, - { - "expr": "# CPU \navg(kube_node_status_capacity_cpu_cores) by (node) * avg(node_cpu_hourly_cost or up * 0) by (node) * 730 * (1-$useDiscount/100) +\n# GPU\navg(node_gpu_hourly_cost) by (node) * 730 * (1-$useDiscount/100) +\n# Memory\navg(kube_node_status_capacity_memory_bytes) by (node) / 1024 / 1024 / 1024 * avg(node_ram_hourly_cost) by (node) * 730 * (1-$useDiscount/100)\n", - "format": "table", - "instant": true, - "intervalFactor": 1, - "refId": "C" - } - ], - "title": "Cost by node", - "transform": "table", - "type": "table" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "description": "Monthly run rate of attached disk + PV storage costs based on currently provisioned resources.", - "fill": 1, - "gridPos": { - "h": 9, - "w": 12, - "x": 12, - "y": 16 - }, - "id": 25, - "interval": "1m", - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(\n avg(kube_node_status_capacity_cpu_cores) by (node) * avg(node_cpu_hourly_cost) by (node) * 730 +\n avg(node_gpu_hourly_cost) by (node) * 730\n)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "cpu", - "refId": "B" - }, - { - "expr": "sum(\n avg(kube_node_status_capacity_memory_bytes) by (node) / 1024 / 1024 / 1024 * avg(node_ram_hourly_cost) by (node) * 730\n)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "memory", - "refId": "A" - }, - { - "expr": "sum(\n avg(avg_over_time(pv_hourly_cost[$timeRange] offset 1m)) by (persistentvolume) * 730 \n * avg(avg_over_time(kube_persistentvolume_capacity_bytes[$timeRange] offset 1m)) by (persistentvolume) / 1024 / 1024 / 1024\n) +\nsum(avg(container_fs_limit_bytes{device!=\"tmpfs\", id=\"/\"}) by (instance) / 1024 / 1024 / 1024) * $localStorageGBCost", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "storage", - "refId": "C" - }, - { - "expr": "SUM(rate(node_network_transmit_bytes_total{device=\"eth0\"}[60m]) / 1024 / 1024 / 1024 ) * (60 * 60 * 24 * 30) * $percentEgress * $egressCost ", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "network", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Cost by Resource", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "currencyUSD", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": false, - "schemaVersion": 16, - "style": "dark", - "tags": [ - "cost", - "utilization", - "metrics" - ], - "templating": { - "list": [ - { - "auto": true, - "auto_count": 1, - "auto_min": "1m", - "current": { - "text": "auto", - "value": "$__auto_interval_timeRange" - }, - "hide": 2, - "label": null, - "name": "timeRange", - "options": [ - { - "selected": true, - "text": "auto", - "value": "$__auto_interval_timeRange" - }, - { - "selected": false, - "text": "1h", - "value": "1h" - }, - { - "selected": false, - "text": "6h", - "value": "6h" - }, - { - "selected": false, - "text": "12h", - "value": "12h" - }, - { - "selected": false, - "text": "1d", - "value": "1d" - }, - { - "selected": false, - "text": "7d", - "value": "7d" - }, - { - "selected": false, - "text": "14d", - "value": "14d" - }, - { - "selected": false, - "text": "30d", - "value": "30d" - }, - { - "selected": false, - "text": "90d", - "value": "90d" - } - ], - "query": "1h,6h,12h,1d,7d,14d,30d,90d", - "refresh": 2, - "skipUrlSync": false, - "type": "interval" - }, - { - "current": { - "text": ".04", - "value": ".04" - }, - "hide": 2, - "label": "Cost per Gb hour for attached disks", - "name": "localStorageGBCost", - "options": [ - { - "selected": true, - "text": ".04", - "value": ".04" - } - ], - "query": ".04", - "skipUrlSync": false, - "type": "constant" - }, - { - "current": { - "tags": [], - "text": "0", - "value": "0" - }, - "hide": 0, - "label": "Sustained Use Discount %", - "name": "useDiscount", - "options": [ - { - "selected": true, - "text": "0", - "value": "0" - } - ], - "query": "0", - "skipUrlSync": false, - "type": "constant" - }, - { - "current": { - "text": ".1", - "value": ".1" - }, - "hide": 2, - "label": null, - "name": "percentEgress", - "options": [ - { - "selected": true, - "text": ".1", - "value": ".1" - } - ], - "query": ".1", - "skipUrlSync": false, - "type": "constant" - }, - { - "current": { - "text": ".12", - "value": ".12" - }, - "hide": 2, - "label": null, - "name": "egressCost", - "options": [ - { - "selected": true, - "text": ".12", - "value": ".12" - } - ], - "query": ".12", - "skipUrlSync": false, - "type": "constant" - } - ] - }, - "time": { - "from": "now-7d", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Kubecost cluster metrics", - "uid": "JOUdHGZZz", - "version": 20 -} diff --git a/charts/kubecost/cost-analyzer/1.70.0/cluster-utilization.json b/charts/kubecost/cost-analyzer/1.70.0/cluster-utilization.json deleted file mode 100644 index 0c3acfc76..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/cluster-utilization.json +++ /dev/null @@ -1,3473 +0,0 @@ -{ - "annotations":{ - "list":[ - { - "builtIn":1, - "datasource":"-- Grafana --", - "enable":true, - "hide":true, - "iconColor":"rgba(0, 211, 255, 1)", - "name":"Annotations & Alerts", - "type":"dashboard" - } - ] - }, - "description":"A dashboard to help manage Kubernetes cluster costs and resources", - "editable":true, - "gnetId":6873, - "graphTooltip":0, - "id":4, - "iteration":1556759633456, - "links":[ - - ], - "panels":[ - { - "content":"This dashboard shows monthly cost estimates for the cluster, based on **current** CPU, RAM and storage provisioned.", - "gridPos":{ - "h":2, - "w":24, - "x":0, - "y":0 - }, - "id":86, - "links":[ - - ], - "mode":"markdown", - "title":"", - "transparent":true, - "type":"text" - }, - { - "cacheTimeout":null, - "colorBackground":false, - "colorValue":false, - "colors":[ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource":"default-kubecost", - "decimals":2, - "format":"currencyUSD", - "gauge":{ - "maxValue":100, - "minValue":0, - "show":false, - "thresholdLabels":false, - "thresholdMarkers":true - }, - "gridPos":{ - "h":4, - "w":6, - "x":0, - "y":2 - }, - "hideTimeOverride":true, - "id":75, - "interval":null, - "links":[ - - ], - "mappingType":1, - "mappingTypes":[ - { - "name":"value to text", - "value":1 - }, - { - "name":"range to text", - "value":2 - } - ], - "maxDataPoints":100, - "nullPointMode":"connected", - "nullText":null, - "postfix":"", - "postfixFontSize":"50%", - "prefix":"", - "prefixFontSize":"50%", - "rangeMaps":[ - { - "from":"null", - "text":"N/A", - "to":"null" - } - ], - "sparkline":{ - "fillColor":"rgba(31, 118, 189, 0.18)", - "full":false, - "lineColor":"rgb(31, 120, 193)", - "show":false - }, - "tableColumn":"label_cloud_google_com_gke_preemptible", - "targets":[ - { - "expr":"sum(\n (\n (\n sum(kube_node_status_capacity_cpu_cores) by (node)\n * on (node) group_left (label_cloud_google_com_gke_preemptible)\n avg(kube_node_labels{label_cloud_google_com_gke_preemptible=\"true\"}) by (node)\n ) * $costpcpu\n )\n or\n (\n (\n sum(kube_node_status_capacity_cpu_cores) by (node)\n * on (node) group_left (label_cloud_google_com_gke_preemptible)\n avg(kube_node_labels{label_cloud_google_com_gke_preemptible!=\"true\"}) by (node)\n ) * ($costcpu - ($costcpu / 100 * $costDiscount))\n )\n) ", - "format":"time_series", - "instant":true, - "interval":"", - "intervalFactor":1, - "legendFormat":" {{ node }}", - "refId":"A" - } - ], - "thresholds":"", - "timeFrom":"15m", - "timeShift":null, - "title":"CPU Cost", - "type":"singlestat", - "valueFontSize":"80%", - "valueMaps":[ - { - "op":"=", - "text":"N/A", - "value":"null" - } - ], - "valueName":"current" - }, - { - "cacheTimeout":null, - "colorBackground":false, - "colorValue":false, - "colors":[ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource":"default-kubecost", - "decimals":2, - "format":"currencyUSD", - "gauge":{ - "maxValue":100, - "minValue":0, - "show":false, - "thresholdLabels":false, - "thresholdMarkers":true - }, - "gridPos":{ - "h":4, - "w":6, - "x":6, - "y":2 - }, - "hideTimeOverride":true, - "id":77, - "interval":null, - "links":[ - - ], - "mappingType":1, - "mappingTypes":[ - { - "name":"value to text", - "value":1 - }, - { - "name":"range to text", - "value":2 - } - ], - "maxDataPoints":100, - "nullPointMode":"connected", - "nullText":null, - "postfix":"", - "postfixFontSize":"50%", - "prefix":"", - "prefixFontSize":"50%", - "rangeMaps":[ - { - "from":"null", - "text":"N/A", - "to":"null" - } - ], - "sparkline":{ - "fillColor":"rgba(31, 118, 189, 0.18)", - "full":false, - "lineColor":"rgb(31, 120, 193)", - "show":false - }, - "tableColumn":"label_cloud_google_com_gke_preemptible", - "targets":[ - { - "expr":"sum(\n (\n (\n sum(kube_node_status_capacity_memory_bytes) by (node)\n * on (node) group_left (label_cloud_google_com_gke_preemptible)\n avg(kube_node_labels{label_cloud_google_com_gke_preemptible=\"true\"}) by (node)\n ) /1024/1024/1024 * $costpram\n )\n or\n (\n (\n sum(kube_node_status_capacity_memory_bytes) by (node)\n * on (node) group_left (label_cloud_google_com_gke_preemptible)\n avg(kube_node_labels{label_cloud_google_com_gke_preemptible!=\"true\"}) by (node)\n ) /1024/1024/1024 * ($costram - ($costram / 100 * $costDiscount))\n)\n) ", - "format":"time_series", - "instant":true, - "interval":"", - "intervalFactor":1, - "legendFormat":" {{ node }}", - "refId":"A" - } - ], - "thresholds":"", - "timeFrom":"15m", - "timeShift":null, - "title":"RAM Cost", - "type":"singlestat", - "valueFontSize":"80%", - "valueMaps":[ - { - "op":"=", - "text":"N/A", - "value":"null" - } - ], - "valueName":"current" - }, - { - "cacheTimeout":null, - "colorBackground":false, - "colorValue":false, - "colors":[ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource":"default-kubecost", - "decimals":2, - "format":"currencyUSD", - "gauge":{ - "maxValue":100, - "minValue":0, - "show":false, - "thresholdLabels":false, - "thresholdMarkers":true - }, - "gridPos":{ - "h":4, - "w":6, - "x":12, - "y":2 - }, - "hideTimeOverride":true, - "id":78, - "interval":null, - "links":[ - - ], - "mappingType":1, - "mappingTypes":[ - { - "name":"value to text", - "value":1 - }, - { - "name":"range to text", - "value":2 - } - ], - "maxDataPoints":100, - "nullPointMode":"connected", - "nullText":null, - "postfix":"", - "postfixFontSize":"50%", - "prefix":"", - "prefixFontSize":"50%", - "rangeMaps":[ - { - "from":"null", - "text":"N/A", - "to":"null" - } - ], - "sparkline":{ - "fillColor":"rgba(31, 118, 189, 0.18)", - "full":false, - "lineColor":"rgb(31, 120, 193)", - "show":false - }, - "tableColumn":"label_cloud_google_com_gke_preemptible", - "targets":[ - { - "expr":"sum (\n sum(kube_persistentvolumeclaim_info{storageclass=~\".*ssd.*\"}) by (persistentvolumeclaim, namespace, storageclass)\n + on (persistentvolumeclaim, namespace) group_right(storageclass)\n sum(kube_persistentvolumeclaim_resource_requests_storage_bytes) by (persistentvolumeclaim, namespace) or up * 0\n) / 1024 / 1024 /1024 * $costStorageSSD\n\n+\n\nsum (\n sum(kube_persistentvolumeclaim_info{storageclass!~\".*ssd.*\"}) by (persistentvolumeclaim, namespace, storageclass)\n + on (persistentvolumeclaim, namespace) group_right(storageclass)\n sum(kube_persistentvolumeclaim_resource_requests_storage_bytes) by (persistentvolumeclaim, namespace) or up * 0\n) / 1024 / 1024 /1024 * $costStorageStandard\n\n+ \n\nsum(container_fs_limit_bytes{id=\"/\"}) / 1024 / 1024 / 1024 * 1.03 * $costStorageStandard", - "format":"time_series", - "instant":true, - "interval":"", - "intervalFactor":1, - "legendFormat":" {{ node }}", - "refId":"A" - } - ], - "thresholds":"", - "timeFrom":"15m", - "timeShift":null, - "title":"Storage Cost (Cluster and PVC)", - "type":"singlestat", - "valueFontSize":"80%", - "valueMaps":[ - { - "op":"=", - "text":"N/A", - "value":"null" - } - ], - "valueName":"current" - }, - { - "cacheTimeout":null, - "colorBackground":false, - "colorValue":false, - "colors":[ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource":"default-kubecost", - "decimals":2, - "description":"Represents a near worst-case approximation of network costs.", - "format":"currencyUSD", - "gauge":{ - "maxValue":100, - "minValue":0, - "show":false, - "thresholdLabels":false, - "thresholdMarkers":true - }, - "gridPos":{ - "h":4, - "w":6, - "x":18, - "y":2 - }, - "hideTimeOverride":true, - "id":129, - "interval":null, - "links":[ - - ], - "mappingType":1, - "mappingTypes":[ - { - "name":"value to text", - "value":1 - }, - { - "name":"range to text", - "value":2 - } - ], - "maxDataPoints":100, - "nullPointMode":"connected", - "nullText":null, - "postfix":"", - "postfixFontSize":"50%", - "prefix":"", - "prefixFontSize":"50%", - "rangeMaps":[ - { - "from":"null", - "text":"N/A", - "to":"null" - } - ], - "sparkline":{ - "fillColor":"rgba(31, 118, 189, 0.18)", - "full":false, - "lineColor":"rgb(31, 120, 193)", - "show":false - }, - "tableColumn":"label_cloud_google_com_gke_preemptible", - "targets":[ - { - "expr":"SUM(rate(node_network_transmit_bytes_total{device=\"eth0\"}[60m]) / 1024 / 1024 / 1024 ) * (60 * 60 * 24 * 30) * $costEgress", - "format":"time_series", - "instant":true, - "interval":"", - "intervalFactor":1, - "legendFormat":" {{ node }}", - "refId":"A" - } - ], - "thresholds":"", - "timeFrom":"15m", - "timeShift":null, - "title":"Network Egress Cost", - "type":"singlestat", - "valueFontSize":"80%", - "valueMaps":[ - { - "op":"=", - "text":"N/A", - "value":"null" - } - ], - "valueName":"current" - }, - { - "cacheTimeout":null, - "colorBackground":false, - "colorValue":true, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(50, 172, 45, 0.97)", - "#c15c17" - ], - "datasource":"default-kubecost", - "decimals":2, - "description":"Current CPU use from applications divided by allocatable CPUs", - "editable":true, - "error":false, - "format":"percent", - "gauge":{ - "maxValue":100, - "minValue":0, - "show":true, - "thresholdLabels":false, - "thresholdMarkers":true - }, - "gridPos":{ - "h":4, - "w":3, - "x":0, - "y":6 - }, - "height":"180px", - "hideTimeOverride":true, - "id":82, - "interval":null, - "isNew":true, - "links":[ - - ], - "mappingType":1, - "mappingTypes":[ - { - "name":"value to text", - "value":1 - }, - { - "name":"range to text", - "value":2 - } - ], - "maxDataPoints":100, - "nullPointMode":"connected", - "nullText":null, - "postfix":"", - "postfixFontSize":"50%", - "prefix":"", - "prefixFontSize":"50%", - "rangeMaps":[ - { - "from":"null", - "text":"N/A", - "to":"null" - } - ], - "sparkline":{ - "fillColor":"rgba(31, 118, 189, 0.18)", - "full":false, - "lineColor":"rgb(31, 120, 193)", - "show":false - }, - "tableColumn":"", - "targets":[ - { - "expr":"(\n sum(\n count(irate(container_cpu_usage_seconds_total{id=\"/\"}[10m])) by (instance)\n * on (instance) \n sum(irate(container_cpu_usage_seconds_total{id=\"/\"}[10m])) by (instance)\n ) \n / \n (sum (kube_node_status_allocatable_cpu_cores))\n) * 100", - "format":"time_series", - "interval":"", - "intervalFactor":1, - "refId":"A", - "step":10 - } - ], - "thresholds":"30, 80", - "timeFrom":"", - "title":"CPU Utilization", - "type":"singlestat", - "valueFontSize":"80%", - "valueMaps":[ - { - "op":"=", - "text":"N/A", - "value":"null" - } - ], - "valueName":"current" - }, - { - "cacheTimeout":null, - "colorBackground":false, - "colorValue":true, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(50, 172, 45, 0.97)", - "#c15c17" - ], - "datasource":"default-kubecost", - "decimals":2, - "description":"Current CPU reservation requests from applications vs allocatable CPU", - "editable":true, - "error":false, - "format":"percent", - "gauge":{ - "maxValue":100, - "minValue":0, - "show":true, - "thresholdLabels":false, - "thresholdMarkers":true - }, - "gridPos":{ - "h":4, - "w":3, - "x":3, - "y":6 - }, - "height":"180px", - "id":91, - "interval":null, - "isNew":true, - "links":[ - - ], - "mappingType":1, - "mappingTypes":[ - { - "name":"value to text", - "value":1 - }, - { - "name":"range to text", - "value":2 - } - ], - "maxDataPoints":100, - "nullPointMode":"connected", - "nullText":null, - "postfix":"", - "postfixFontSize":"50%", - "prefix":"", - "prefixFontSize":"50%", - "rangeMaps":[ - { - "from":"null", - "text":"N/A", - "to":"null" - } - ], - "sparkline":{ - "fillColor":"rgba(31, 118, 189, 0.18)", - "full":false, - "lineColor":"rgb(31, 120, 193)", - "show":false - }, - "tableColumn":"", - "targets":[ - { - "expr":"SUM(kube_pod_container_resource_requests_cpu_cores) / SUM(kube_node_status_allocatable_cpu_cores) * 100", - "format":"time_series", - "interval":"", - "intervalFactor":1, - "refId":"A", - "step":10 - } - ], - "thresholds":"30, 80", - "title":"CPU Requests", - "type":"singlestat", - "valueFontSize":"80%", - "valueMaps":[ - { - "op":"=", - "text":"N/A", - "value":"null" - } - ], - "valueName":"current" - }, - { - "cacheTimeout":null, - "colorBackground":false, - "colorValue":true, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(50, 172, 45, 0.97)", - "#c15c17" - ], - "datasource":"default-kubecost", - "description":"Current RAM use vs RAM available", - "editable":true, - "error":false, - "format":"percent", - "gauge":{ - "maxValue":100, - "minValue":0, - "show":true, - "thresholdLabels":false, - "thresholdMarkers":true - }, - "gridPos":{ - "h":4, - "w":3, - "x":6, - "y":6 - }, - "height":"180px", - "hideTimeOverride":true, - "id":80, - "interval":null, - "isNew":true, - "links":[ - - ], - "mappingType":1, - "mappingTypes":[ - { - "name":"value to text", - "value":1 - }, - { - "name":"range to text", - "value":2 - } - ], - "maxDataPoints":100, - "nullPointMode":"connected", - "nullText":null, - "postfix":"", - "postfixFontSize":"50%", - "prefix":"", - "prefixFontSize":"50%", - "rangeMaps":[ - { - "from":"null", - "text":"N/A", - "to":"null" - } - ], - "sparkline":{ - "fillColor":"rgba(31, 118, 189, 0.18)", - "full":false, - "lineColor":"rgb(31, 120, 193)", - "show":false - }, - "tableColumn":"", - "targets":[ - { - "expr":"SUM(container_memory_usage_bytes{namespace!=\"\"}) / SUM(kube_node_status_allocatable_memory_bytes) * 100", - "format":"time_series", - "interval":"", - "intervalFactor":1, - "refId":"A", - "step":10 - }, - { - "expr":"", - "format":"time_series", - "intervalFactor":1, - "refId":"B" - } - ], - "thresholds":"30,80", - "timeFrom":"", - "title":"RAM Utilization", - "transparent":false, - "type":"singlestat", - "valueFontSize":"80%", - "valueMaps":[ - { - "op":"=", - "text":"N/A", - "value":"null" - } - ], - "valueName":"current" - }, - { - "cacheTimeout":null, - "colorBackground":false, - "colorValue":true, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(50, 172, 45, 0.97)", - "#c15c17" - ], - "datasource":"default-kubecost", - "description":"Current RAM requests vs RAM available", - "editable":true, - "error":false, - "format":"percent", - "gauge":{ - "maxValue":100, - "minValue":0, - "show":true, - "thresholdLabels":false, - "thresholdMarkers":true - }, - "gridPos":{ - "h":4, - "w":3, - "x":9, - "y":6 - }, - "height":"180px", - "id":92, - "interval":null, - "isNew":true, - "links":[ - - ], - "mappingType":1, - "mappingTypes":[ - { - "name":"value to text", - "value":1 - }, - { - "name":"range to text", - "value":2 - } - ], - "maxDataPoints":100, - "nullPointMode":"connected", - "nullText":null, - "postfix":"", - "postfixFontSize":"50%", - "prefix":"", - "prefixFontSize":"50%", - "rangeMaps":[ - { - "from":"null", - "text":"N/A", - "to":"null" - } - ], - "sparkline":{ - "fillColor":"rgba(31, 118, 189, 0.18)", - "full":false, - "lineColor":"rgb(31, 120, 193)", - "show":false - }, - "tableColumn":"", - "targets":[ - { - "expr":"(\n sum(kube_pod_container_resource_requests_memory_bytes{namespace!=\"\"})\n /\n sum(kube_node_status_allocatable_memory_bytes)\n) * 100", - "format":"time_series", - "interval":"", - "intervalFactor":1, - "refId":"A", - "step":10 - } - ], - "thresholds":"30,80", - "title":"RAM Requests", - "transparent":false, - "type":"singlestat", - "valueFontSize":"80%", - "valueMaps":[ - { - "op":"=", - "text":"N/A", - "value":"null" - } - ], - "valueName":"current" - }, - { - "cacheTimeout":null, - "colorBackground":false, - "colorValue":true, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(50, 172, 45, 0.97)", - "#c15c17" - ], - "datasource":"default-kubecost", - "decimals":2, - "description":"This gauge shows the current standard storage use, including cluster storage, vs storage available", - "editable":true, - "error":false, - "format":"percent", - "gauge":{ - "maxValue":100, - "minValue":0, - "show":true, - "thresholdLabels":false, - "thresholdMarkers":true - }, - "gridPos":{ - "h":4, - "w":3, - "x":12, - "y":6 - }, - "height":"180px", - "hideTimeOverride":true, - "id":95, - "interval":null, - "isNew":true, - "links":[ - - ], - "mappingType":1, - "mappingTypes":[ - { - "name":"value to text", - "value":1 - }, - { - "name":"range to text", - "value":2 - } - ], - "maxDataPoints":100, - "nullPointMode":"connected", - "nullText":null, - "postfix":"", - "postfixFontSize":"50%", - "prefix":"", - "prefixFontSize":"50%", - "rangeMaps":[ - { - "from":"null", - "text":"N/A", - "to":"null" - } - ], - "sparkline":{ - "fillColor":"rgba(31, 118, 189, 0.18)", - "full":false, - "lineColor":"rgb(31, 120, 193)", - "show":false - }, - "tableColumn":"", - "targets":[ - { - "expr":"sum (\n sum(kube_persistentvolumeclaim_info{storageclass!~\".*ssd.*\"}) by (persistentvolumeclaim, namespace, storageclass)\n + on (persistentvolumeclaim, namespace) group_right(storageclass)\n sum(kubelet_volume_stats_used_bytes) by (persistentvolumeclaim, namespace) or up * 0\n + sum(container_fs_usage_bytes{device=~\"^/dev/[sv]d[a-z][1-9]$\",id=\"/\"})\n) /\nsum (\n sum(kube_persistentvolumeclaim_info{storageclass!~\".*ssd.*\"}) by (persistentvolumeclaim, namespace, storageclass)\n + on (persistentvolumeclaim, namespace) group_right(storageclass)\n sum(kube_persistentvolumeclaim_resource_requests_storage_bytes) by (persistentvolumeclaim, namespace) or up * 0\n + sum(container_fs_limit_bytes{device=~\"^/dev/[sv]d[a-z][1-9]$\",id=\"/\"})\n) * 100", - "format":"time_series", - "interval":"", - "intervalFactor":1, - "refId":"A", - "step":10 - } - ], - "thresholds":"30, 80", - "timeFrom":"", - "title":"Storage Utilization", - "type":"singlestat", - "valueFontSize":"80%", - "valueMaps":[ - { - "op":"=", - "text":"N/A", - "value":"null" - } - ], - "valueName":"current" - }, - { - "cacheTimeout":null, - "colorBackground":false, - "colorValue":true, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(50, 172, 45, 0.97)", - "#c15c17" - ], - "datasource":"default-kubecost", - "decimals":2, - "description":"This gauge shows the current SSD use vs SSD available", - "editable":true, - "error":false, - "format":"percent", - "gauge":{ - "maxValue":100, - "minValue":0, - "show":true, - "thresholdLabels":false, - "thresholdMarkers":true - }, - "gridPos":{ - "h":4, - "w":3, - "x":15, - "y":6 - }, - "height":"180px", - "hideTimeOverride":true, - "id":96, - "interval":null, - "isNew":true, - "links":[ - - ], - "mappingType":1, - "mappingTypes":[ - { - "name":"value to text", - "value":1 - }, - { - "name":"range to text", - "value":2 - } - ], - "maxDataPoints":100, - "nullPointMode":"connected", - "nullText":null, - "postfix":"", - "postfixFontSize":"50%", - "prefix":"", - "prefixFontSize":"50%", - "rangeMaps":[ - { - "from":"null", - "text":"N/A", - "to":"null" - } - ], - "sparkline":{ - "fillColor":"rgba(31, 118, 189, 0.18)", - "full":false, - "lineColor":"rgb(31, 120, 193)", - "show":false - }, - "tableColumn":"", - "targets":[ - { - "expr":"sum (\n sum(kube_persistentvolumeclaim_info{storageclass=~\".*ssd.*\"}) by (persistentvolumeclaim, namespace, storageclass)\n + on (persistentvolumeclaim, namespace) group_right(storageclass)\n sum(kubelet_volume_stats_used_bytes) by (persistentvolumeclaim, namespace)\n) /\nsum (\n sum(kube_persistentvolumeclaim_info{storageclass=~\".*ssd.*\"}) by (persistentvolumeclaim, namespace, storageclass)\n + on (persistentvolumeclaim, namespace) group_right(storageclass)\n sum(kube_persistentvolumeclaim_resource_requests_storage_bytes) by (persistentvolumeclaim, namespace)\n) * 100", - "format":"time_series", - "interval":"", - "intervalFactor":1, - "refId":"A", - "step":10 - } - ], - "thresholds":"30, 80", - "timeFrom":"", - "title":"SSD Utilization", - "type":"singlestat", - "valueFontSize":"80%", - "valueMaps":[ - { - "op":"=", - "text":"N/A", - "value":"null" - } - ], - "valueName":"current" - }, - { - "cacheTimeout":null, - "colorBackground":false, - "colorValue":false, - "colors":[ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource":"default-kubecost", - "decimals":2, - "description":"Expected monthly cost given current CPU, memory storage, and network resource consumption", - "format":"currencyUSD", - "gauge":{ - "maxValue":100, - "minValue":0, - "show":false, - "thresholdLabels":false, - "thresholdMarkers":true - }, - "gridPos":{ - "h":4, - "w":6, - "x":18, - "y":6 - }, - "hideTimeOverride":true, - "id":93, - "interval":null, - "links":[ - - ], - "mappingType":1, - "mappingTypes":[ - { - "name":"value to text", - "value":1 - }, - { - "name":"range to text", - "value":2 - } - ], - "maxDataPoints":100, - "nullPointMode":"connected", - "nullText":null, - "postfix":"", - "postfixFontSize":"50%", - "prefix":"", - "prefixFontSize":"50%", - "rangeMaps":[ - { - "from":"null", - "text":"N/A", - "to":"null" - } - ], - "sparkline":{ - "fillColor":"rgba(31, 118, 189, 0.18)", - "full":false, - "lineColor":"rgb(31, 120, 193)", - "show":false - }, - "tableColumn":"label_cloud_google_com_gke_preemptible", - "targets":[ - { - "expr":"# CPU\nsum(\n (\n (\n sum(kube_node_status_capacity_cpu_cores) by (node)\n * on (node) group_left (label_cloud_google_com_gke_preemptible)\n avg(kube_node_labels{label_cloud_google_com_gke_preemptible=\"true\"}) by (node)\n ) * $costpcpu\n )\n or\n (\n (\n sum(kube_node_status_capacity_cpu_cores) by (node)\n * on (node) group_left (label_cloud_google_com_gke_preemptible)\n avg(kube_node_labels{label_cloud_google_com_gke_preemptible!=\"true\"}) by (node)\n ) * ($costcpu - ($costcpu / 100 * $costDiscount))\n )\n) \n\n+ \n\n# Storage\nsum (\n sum(kube_persistentvolumeclaim_info{storageclass=~\".*ssd.*\"}) by (persistentvolumeclaim, namespace, storageclass)\n + on (persistentvolumeclaim, namespace) group_right(storageclass)\n sum(kube_persistentvolumeclaim_resource_requests_storage_bytes) by (persistentvolumeclaim, namespace) or up * 0\n) / 1024 / 1024 /1024 * $costStorageSSD\n\n+\n\nsum (\n sum(kube_persistentvolumeclaim_info{storageclass!~\".*ssd.*\"}) by (persistentvolumeclaim, namespace, storageclass)\n + on (persistentvolumeclaim, namespace) group_right(storageclass)\n sum(kube_persistentvolumeclaim_resource_requests_storage_bytes) by (persistentvolumeclaim, namespace) or up * 0\n) / 1024 / 1024 /1024 * $costStorageStandard\n\n+ \n\nsum(container_fs_limit_bytes{id=\"/\"}) / 1024 / 1024 / 1024 * 1.03 * $costStorageStandard \n\n+\n\n# END STORAGE\n# RAM \nsum(\n (\n (\n sum(kube_node_status_capacity_memory_bytes) by (node)\n * on (node) group_left (label_cloud_google_com_gke_preemptible)\n avg(kube_node_labels{label_cloud_google_com_gke_preemptible=\"true\"}) by (node)\n ) /1024/1024/1024 * $costpram\n )\n or\n (\n (\n sum(kube_node_status_capacity_memory_bytes) by (node)\n * on (node) group_left (label_cloud_google_com_gke_preemptible)\n avg(kube_node_labels{label_cloud_google_com_gke_preemptible!=\"true\"}) by (node)\n ) /1024/1024/1024 * ($costram - ($costram / 100 * $costDiscount))\n)\n)\n\n+\n\n#Network \nSUM(rate(node_network_transmit_bytes_total{device=\"eth0\"}[60m]) / 1024 / 1024 / 1024 ) * (60 * 60 * 24 * 30) * $costEgress", - "format":"time_series", - "instant":true, - "interval":"", - "intervalFactor":1, - "legendFormat":" {{ node }}", - "refId":"A" - } - ], - "thresholds":"", - "timeFrom":"15m", - "timeShift":null, - "title":"Total Monthly Cost", - "type":"singlestat", - "valueFontSize":"120%", - "valueMaps":[ - { - "op":"=", - "text":"N/A", - "value":"null" - } - ], - "valueName":"current" - }, - { - "aliasColors":{ - - }, - "bars":false, - "dashLength":10, - "dashes":false, - "datasource":"default-kubecost", - "description":"Expected monthly CPU, memory and storage costs given provisioned resources", - "fill":1, - "gridPos":{ - "h":8, - "w":12, - "x":0, - "y":10 - }, - "id":120, - "legend":{ - "avg":false, - "current":false, - "max":false, - "min":false, - "show":false, - "total":false, - "values":false - }, - "lines":true, - "linewidth":1, - "links":[ - - ], - "nullPointMode":"null", - "percentage":false, - "pointradius":5, - "points":false, - "renderer":"flot", - "seriesOverrides":[ - - ], - "spaceLength":10, - "stack":false, - "steppedLine":false, - "targets":[ - { - "expr":"# CPU\nsum(\n (\n (\n sum(kube_node_status_capacity_cpu_cores) by (node)\n * on (node) group_left (label_cloud_google_com_gke_preemptible)\n avg(kube_node_labels{label_cloud_google_com_gke_preemptible=\"true\"}) by (node)\n ) * $costpcpu\n )\n or\n (\n (\n sum(kube_node_status_capacity_cpu_cores) by (node)\n * on (node) group_left (label_cloud_google_com_gke_preemptible)\n avg(kube_node_labels{label_cloud_google_com_gke_preemptible!=\"true\"}) by (node)\n ) * ($costcpu - ($costcpu / 100 * $costDiscount))\n )\n) \n\n+ \n\n# Storage\nsum (\n sum(kube_persistentvolumeclaim_info{storageclass=~\".*ssd.*\"}) by (persistentvolumeclaim, namespace, storageclass)\n + on (persistentvolumeclaim, namespace) group_right(storageclass)\n sum(kube_persistentvolumeclaim_resource_requests_storage_bytes) by (persistentvolumeclaim, namespace) or up * 0\n) / 1024 / 1024 /1024 * $costStorageSSD\n\n+\n\nsum (\n sum(kube_persistentvolumeclaim_info{storageclass!~\".*ssd.*\"}) by (persistentvolumeclaim, namespace, storageclass)\n + on (persistentvolumeclaim, namespace) group_right(storageclass)\n sum(kube_persistentvolumeclaim_resource_requests_storage_bytes) by (persistentvolumeclaim, namespace) or up * 0\n) / 1024 / 1024 /1024 * $costStorageStandard\n\n+ \n\nsum(container_fs_limit_bytes{id=\"/\"}) / 1024 / 1024 / 1024 * 1.03 * $costStorageStandard \n\n+\n\n# END STORAGE\n# RAM \nsum(\n (\n (\n sum(kube_node_status_capacity_memory_bytes) by (node)\n * on (node) group_left (label_cloud_google_com_gke_preemptible)\n avg(kube_node_labels{label_cloud_google_com_gke_preemptible=\"true\"}) by (node)\n ) /1024/1024/1024 * $costpram\n )\n or\n (\n (\n sum(kube_node_status_capacity_memory_bytes) by (node)\n * on (node) group_left (label_cloud_google_com_gke_preemptible)\n avg(kube_node_labels{label_cloud_google_com_gke_preemptible!=\"true\"}) by (node)\n ) /1024/1024/1024 * ($costram - ($costram / 100 * $costDiscount))\n)\n) \n\n+\n\n#Network \nSUM(rate(node_network_transmit_bytes_total{device=\"eth0\"}[60m]) / 1024 / 1024 / 1024 ) * (60 * 60 * 24 * 30) * $costEgress", - "format":"time_series", - "intervalFactor":1, - "legendFormat":"cluster cost", - "refId":"A" - } - ], - "thresholds":[ - - ], - "timeFrom":null, - "timeShift":null, - "title":"Total monthly cost", - "tooltip":{ - "shared":true, - "sort":0, - "value_type":"individual" - }, - "type":"graph", - "xaxis":{ - "buckets":null, - "mode":"time", - "name":null, - "show":true, - "values":[ - - ] - }, - "yaxes":[ - { - "format":"currencyUSD", - "label":null, - "logBase":1, - "max":null, - "min":null, - "show":true - }, - { - "format":"short", - "label":null, - "logBase":1, - "max":null, - "min":null, - "show":true - } - ], - "yaxis":{ - "align":false, - "alignLevel":null - } - }, - { - "columns":[ - { - "text":"Avg", - "value":"avg" - } - ], - "datasource":"default-kubecost", - "description":"Resources allocated to namespace based on container requests", - "fontSize":"100%", - "gridPos":{ - "h":8, - "w":12, - "x":12, - "y":10 - }, - "hideTimeOverride":false, - "id":73, - "links":[ - - ], - "pageSize":10, - "repeat":null, - "repeatDirection":"v", - "scroll":true, - "showHeader":true, - "sort":{ - "col":7, - "desc":true - }, - "styles":[ - { - "alias":"Namespace", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(50, 172, 45, 0.97)", - "#c15c17" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "link":true, - "linkTooltip":"View namespace cost metrics", - "linkUrl":"d/at-cost-analysis-namespace2/namespace-cost-metrics?&var-namespace=$__cell", - "pattern":"namespace", - "thresholds":[ - "30", - "80" - ], - "type":"string", - "unit":"currencyUSD" - }, - { - "alias":"RAM", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "pattern":"Value #B", - "thresholds":[ - - ], - "type":"number", - "unit":"currencyUSD" - }, - { - "alias":"CPU", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Value #A", - "thresholds":[ - - ], - "type":"number", - "unit":"currencyUSD" - }, - { - "alias":"", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Time", - "thresholds":[ - - ], - "type":"hidden", - "unit":"short" - }, - { - "alias":"PV Storage", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Value #C", - "thresholds":[ - - ], - "type":"number", - "unit":"currencyUSD" - }, - { - "alias":"Total", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Value #D", - "thresholds":[ - - ], - "type":"number", - "unit":"currencyUSD" - }, - { - "alias":"CPU Utilization", - "colorMode":"value", - "colors":[ - "#bf1b00", - "rgba(50, 172, 45, 0.97)", - "#ef843c" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Value #E", - "thresholds":[ - "30", - "80" - ], - "type":"number", - "unit":"percent" - }, - { - "alias":"RAM Utilization", - "colorMode":"value", - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(50, 172, 45, 0.97)", - "#ef843c" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Value #F", - "thresholds":[ - "30", - "80" - ], - "type":"number", - "unit":"percent" - } - ], - "targets":[ - { - "expr":"(\n sum(kube_pod_container_resource_requests_cpu_cores{namespace!=\"\",namespace!=\"kube-system\",cloud_google_com_gke_preemptible!=\"true\"}*($costcpu - ($costcpu / 100 * $costDiscount))) by(namespace)\n or\n count(\n count(container_spec_cpu_shares{namespace!=\"\",namespace!=\"kube-system\"}) by(namespace)\n ) by(namespace) -1\n)\n\n+\n\n(\n sum(kube_pod_container_resource_requests_cpu_cores{namespace!=\"\",namespace!=\"kube-system\",cloud_google_com_gke_preemptible=\"true\"}*$costpcpu) by(namespace)\n or\n count(\n count(container_spec_cpu_shares{namespace!=\"\",namespace!=\"kube-system\"}) by(namespace)\n ) by(namespace) -1\n)", - "format":"table", - "hide":false, - "instant":true, - "interval":"", - "intervalFactor":1, - "legendFormat":"{{ namespace }}", - "refId":"A" - }, - { - "expr":"(\n sum(kube_pod_container_resource_requests_memory_bytes{namespace!=\"\",namespace!=\"kube-system\",cloud_google_com_gke_preemptible!=\"true\"} / 1024 / 1024 / 1024*($costram- ($costram / 100 * $costDiscount))) by (namespace) \n or\n count(\n count(container_spec_memory_limit_bytes{namespace!=\"\",namespace!=\"kube-system\"}) by(namespace)\n ) by(namespace) -1\n)\n\n+\n\n(\n sum(kube_pod_container_resource_requests_memory_bytes{namespace!=\"\",namespace!=\"kube-system\",cloud_google_com_gke_preemptible=\"true\"} / 1024 / 1024 / 1024 * $costpram ) by (namespace) \n or\n count(\n count(container_spec_memory_limit_bytes{namespace!=\"\",namespace!=\"kube-system\"}) by(namespace)\n ) by(namespace) -1\n)", - "format":"table", - "instant":true, - "intervalFactor":1, - "legendFormat":"{{ namespace }}", - "refId":"B" - }, - { - "expr":"sum (\n sum(kube_persistentvolumeclaim_info{storageclass=~\".*ssd.*\"}) by (persistentvolumeclaim, namespace, storageclass)\n + on (persistentvolumeclaim, namespace) group_right(storageclass)\n sum(kube_persistentvolumeclaim_resource_requests_storage_bytes) by (persistentvolumeclaim, namespace) \n) by (namespace) / 1024 / 1024 /1024 * $costStorageSSD \n\nor\n\nsum (\n sum(kube_persistentvolumeclaim_info{storageclass!~\".*ssd.*\"}) by (persistentvolumeclaim, namespace, storageclass)\n + on (persistentvolumeclaim, namespace) group_right(storageclass)\n sum(kube_persistentvolumeclaim_resource_requests_storage_bytes) by (persistentvolumeclaim, namespace) \n) by (namespace) / 1024 / 1024 /1024 * $costStorageStandard", - "format":"table", - "instant":true, - "intervalFactor":1, - "legendFormat":"{{ namespace }}", - "refId":"C" - }, - { - "expr":"# CPU \n(\n sum(kube_pod_container_resource_requests_cpu_cores{namespace!=\"\",namespace!=\"kube-system\",cloud_google_com_gke_preemptible!=\"true\"}*($costcpu - ($costcpu / 100 * $costDiscount))) by(namespace)\n or\n count(\n count(container_spec_cpu_shares{namespace!=\"\",namespace!=\"kube-system\"}) by(namespace)\n ) by(namespace) -1\n)\n\n+\n\n(\n sum(kube_pod_container_resource_requests_cpu_cores{namespace!=\"\",namespace!=\"kube-system\",cloud_google_com_gke_preemptible=\"true\"}*$costpcpu) by(namespace)\n or\n count(\n count(container_spec_cpu_shares{namespace!=\"\",namespace!=\"kube-system\"}) by(namespace)\n ) by(namespace) -1\n)\n\n+\n\n#END CPU \n# Memory \n\n(\n sum(kube_pod_container_resource_requests_memory_bytes{namespace!=\"\",namespace!=\"kube-system\",cloud_google_com_gke_preemptible!=\"true\"} / 1024 / 1024 / 1024*($costram- ($costram / 100 * $costDiscount))) by (namespace) \n or\n count(\n count(container_spec_memory_limit_bytes{namespace!=\"\",namespace!=\"kube-system\"}) by(namespace)\n ) by(namespace) -1\n)\n\n+\n\n(\n sum(kube_pod_container_resource_requests_memory_bytes{namespace!=\"\",namespace!=\"kube-system\",cloud_google_com_gke_preemptible=\"true\"} / 1024 / 1024 / 1024 * $costpram ) by (namespace) \n or\n count(\n count(container_spec_memory_limit_bytes{namespace!=\"\",namespace!=\"kube-system\"}) by(namespace)\n ) by(namespace) -1\n)\n\n+\n\n# PV storage\n\n(\nsum (\n sum(kube_persistentvolumeclaim_info{storageclass=~\".*ssd.*\"}) by (persistentvolumeclaim, namespace, storageclass)\n + on (persistentvolumeclaim, namespace) group_right(storageclass)\n sum(kube_persistentvolumeclaim_resource_requests_storage_bytes) by (persistentvolumeclaim, namespace) \n) by (namespace) / 1024 / 1024 /1024 * $costStorageSSD \n\nor\n\nsum (\n sum(kube_persistentvolumeclaim_info{storageclass!~\".*ssd.*\"}) by (persistentvolumeclaim, namespace, storageclass)\n + on (persistentvolumeclaim, namespace) group_right(storageclass)\n sum(kube_persistentvolumeclaim_resource_requests_storage_bytes) by (persistentvolumeclaim, namespace) \n) by (namespace) / 1024 / 1024 /1024 * $costStorageStandard \n)", - "format":"table", - "instant":true, - "intervalFactor":1, - "legendFormat":"Total", - "refId":"D" - } - ], - "timeFrom":"", - "timeShift":null, - "title":"Namespace cost allocation", - "transform":"table", - "transparent":false, - "type":"table" - }, - { - "collapsed":false, - "gridPos":{ - "h":1, - "w":24, - "x":0, - "y":18 - }, - "id":108, - "panels":[ - - ], - "title":"CPU Metrics", - "type":"row" - }, - { - "aliasColors":{ - - }, - "bars":false, - "dashLength":10, - "dashes":false, - "datasource":"default-kubecost", - "fill":1, - "gridPos":{ - "h":8, - "w":24, - "x":0, - "y":19 - }, - "id":116, - "legend":{ - "alignAsTable":false, - "avg":false, - "current":false, - "max":false, - "min":false, - "rightSide":false, - "show":true, - "total":false, - "values":false - }, - "lines":true, - "linewidth":1, - "links":[ - - ], - "nullPointMode":"null", - "percentage":false, - "pointradius":5, - "points":false, - "renderer":"flot", - "seriesOverrides":[ - - ], - "spaceLength":10, - "stack":false, - "steppedLine":false, - "targets":[ - { - "expr":"SUM(kube_node_status_capacity_cpu_cores)", - "format":"time_series", - "intervalFactor":1, - "legendFormat":"capacity", - "refId":"A" - }, - { - "expr":"SUM(kube_pod_container_resource_requests_cpu_cores)", - "format":"time_series", - "intervalFactor":1, - "legendFormat":"requests", - "refId":"C" - }, - { - "expr":"SUM(irate(container_cpu_usage_seconds_total{id=\"/\"}[5m]))", - "format":"time_series", - "intervalFactor":1, - "legendFormat":"usage", - "refId":"B" - }, - { - "expr":"SUM(kube_pod_container_resource_limits_cpu_cores) ", - "format":"time_series", - "intervalFactor":1, - "legendFormat":"limits", - "refId":"D" - } - ], - "thresholds":[ - - ], - "timeFrom":null, - "timeShift":null, - "title":"Cluster CPUs", - "tooltip":{ - "shared":true, - "sort":0, - "value_type":"individual" - }, - "type":"graph", - "xaxis":{ - "buckets":null, - "mode":"time", - "name":null, - "show":true, - "values":[ - - ] - }, - "yaxes":[ - { - "decimals":1, - "format":"short", - "label":null, - "logBase":1, - "max":null, - "min":null, - "show":true - }, - { - "format":"short", - "label":null, - "logBase":1, - "max":null, - "min":null, - "show":true - } - ], - "yaxis":{ - "align":false, - "alignLevel":null - } - }, - { - "aliasColors":{ - - }, - "bars":false, - "dashLength":10, - "dashes":false, - "datasource":"default-kubecost", - "fill":1, - "gridPos":{ - "h":8, - "w":24, - "x":0, - "y":27 - }, - "id":130, - "legend":{ - "avg":false, - "current":false, - "max":false, - "min":false, - "show":true, - "total":false, - "values":false - }, - "lines":true, - "linewidth":1, - "links":[ - - ], - "nullPointMode":"null", - "percentage":false, - "pointradius":5, - "points":false, - "renderer":"flot", - "seriesOverrides":[ - - ], - "spaceLength":10, - "stack":false, - "steppedLine":false, - "targets":[ - { - "expr":"avg(irate(node_cpu_seconds_total{mode!=\"idle\"}[5m])) by (mode) * 100", - "format":"time_series", - "intervalFactor":1, - "legendFormat":"{{mode}}", - "refId":"A" - } - ], - "thresholds":[ - - ], - "timeFrom":null, - "timeShift":null, - "title":"CPU Mode", - "tooltip":{ - "shared":true, - "sort":0, - "value_type":"individual" - }, - "type":"graph", - "xaxis":{ - "buckets":null, - "mode":"time", - "name":null, - "show":true, - "values":[ - - ] - }, - "yaxes":[ - { - "format":"percent", - "label":null, - "logBase":1, - "max":null, - "min":null, - "show":true - }, - { - "format":"percent", - "label":null, - "logBase":1, - "max":null, - "min":null, - "show":false - } - ], - "yaxis":{ - "align":false, - "alignLevel":null - } - }, - { - "columns":[ - { - "text":"Avg", - "value":"avg" - } - ], - "datasource":"default-kubecost", - "description":"This table shows the comparison of CPU requests and usage by namespace", - "fontSize":"100%", - "gridPos":{ - "h":10, - "w":12, - "x":0, - "y":35 - }, - "hideTimeOverride":true, - "id":104, - "links":[ - - ], - "pageSize":8, - "repeatDirection":"v", - "scroll":true, - "showHeader":true, - "sort":{ - "col":1, - "desc":true - }, - "styles":[ - { - "alias":"CPU Requests", - "colorMode":null, - "colors":[ - "#fceaca", - "#fce2de", - "rgba(245, 54, 54, 0.9)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Value #A", - "thresholds":[ - "" - ], - "type":"number", - "unit":"short" - }, - { - "alias":"Node", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"node", - "thresholds":[ - - ], - "type":"string", - "unit":"short" - }, - { - "alias":"", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Time", - "thresholds":[ - - ], - "type":"hidden", - "unit":"short" - }, - { - "alias":"CPU Requests", - "colorMode":"value", - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(50, 172, 45, 0.97)", - "#cffaff" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Value #B", - "thresholds":[ - "" - ], - "type":"number", - "unit":"short" - }, - { - "alias":"24h CPU Usage", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Value #C", - "thresholds":[ - "30" - ], - "type":"number", - "unit":"none" - }, - { - "alias":"", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "link":true, - "linkTooltip":"View namespace cost metrics", - "linkUrl":"d/at-cost-analysis-namespace2/namespace-cost-metrics?&var-namespace=$__cell", - "mappingType":1, - "pattern":"namespace", - "thresholds":[ - - ], - "type":"number", - "unit":"short" - } - ], - "targets":[ - { - "expr":"sum(kube_pod_container_resource_requests_cpu_cores{namespace!=\"\"}) by (namespace) ", - "format":"table", - "hide":false, - "instant":true, - "interval":"", - "intervalFactor":1, - "legendFormat":"", - "refId":"A" - }, - { - "expr":"sum (rate (container_cpu_usage_seconds_total{image!=\"\",namespace!=\"\"}[24h])) by (namespace)", - "format":"table", - "instant":true, - "intervalFactor":1, - "legendFormat":"{{ namespace }}", - "refId":"C" - } - ], - "timeFrom":null, - "timeShift":null, - "title":"CPU request utilization by namespace", - "transform":"table", - "transparent":false, - "type":"table" - }, - { - "columns":[ - { - "text":"Avg", - "value":"avg" - } - ], - "datasource":"default-kubecost", - "description":"This table shows the comparison of application CPU usage vs the capacity of the node (measured over last 60 minutes)", - "fontSize":"100%", - "gridPos":{ - "h":10, - "w":12, - "x":12, - "y":35 - }, - "hideTimeOverride":true, - "id":90, - "links":[ - - ], - "pageSize":8, - "repeatDirection":"v", - "scroll":true, - "showHeader":true, - "sort":{ - "col":2, - "desc":true - }, - "styles":[ - { - "alias":"CPU Request Utilization", - "colorMode":"value", - "colors":[ - "#ef843c", - "rgba(50, 172, 45, 0.97)", - "rgba(245, 54, 54, 0.9)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Value #A", - "thresholds":[ - ".30", - " .80" - ], - "type":"number", - "unit":"percentunit" - }, - { - "alias":"Node", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"node", - "thresholds":[ - - ], - "type":"string", - "unit":"short" - }, - { - "alias":"", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Time", - "thresholds":[ - - ], - "type":"hidden", - "unit":"short" - }, - { - "alias":"CPU Utilization", - "colorMode":"value", - "colors":[ - "#ef843c", - "rgba(50, 172, 45, 0.97)", - "rgba(245, 54, 54, 0.9)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Value #B", - "thresholds":[ - ".20", - " .80" - ], - "type":"number", - "unit":"percentunit" - }, - { - "alias":"24h Utilization ", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Value", - "thresholds":[ - - ], - "type":"number", - "unit":"percentunit" - } - ], - "targets":[ - { - "expr":"SUM(\nSUM(rate(container_cpu_usage_seconds_total[24h])) by (pod_name)\n* on (pod_name) group_left (node) \nlabel_replace(\n avg(kube_pod_info{}),\n \"pod_name\", \n \"$1\", \n \"pod\", \n \"(.+)\"\n)\n) by (node) \n/ \nsum(kube_node_status_capacity_cpu_cores) by (node)", - "format":"table", - "instant":true, - "intervalFactor":1, - "refId":"B" - }, - { - "expr":"sum(kube_pod_container_resource_requests_cpu_cores) by (node) / sum(kube_node_status_capacity_cpu_cores) by (node)", - "format":"table", - "instant":true, - "intervalFactor":1, - "refId":"A" - } - ], - "timeFrom":null, - "timeShift":null, - "title":"Cluster cost & utilization by node", - "transform":"table", - "transparent":false, - "type":"table" - }, - { - "collapsed":false, - "gridPos":{ - "h":1, - "w":24, - "x":0, - "y":45 - }, - "id":113, - "panels":[ - - ], - "title":"Memory Metrics", - "type":"row" - }, - { - "aliasColors":{ - - }, - "bars":false, - "dashLength":10, - "dashes":false, - "datasource":"default-kubecost", - "fill":1, - "gridPos":{ - "h":8, - "w":24, - "x":0, - "y":46 - }, - "id":117, - "legend":{ - "avg":false, - "current":false, - "max":false, - "min":false, - "show":false, - "total":false, - "values":false - }, - "lines":true, - "linewidth":1, - "links":[ - - ], - "nullPointMode":"null", - "percentage":false, - "pointradius":5, - "points":false, - "renderer":"flot", - "seriesOverrides":[ - - ], - "spaceLength":10, - "stack":false, - "steppedLine":false, - "targets":[ - { - "expr":"SUM(kube_node_status_capacity_memory_bytes / 1024 / 1024 / 1024)", - "format":"time_series", - "intervalFactor":1, - "legendFormat":"capacity", - "refId":"A" - }, - { - "expr":"SUM(kube_pod_container_resource_requests_memory_bytes{namespace!=\"\"} / 1024 / 1024 / 1024)", - "format":"time_series", - "intervalFactor":1, - "legendFormat":"requests", - "refId":"C" - }, - { - "expr":"SUM(container_memory_usage_bytes{image!=\"\"} / 1024 / 1024 / 1024)", - "format":"time_series", - "intervalFactor":1, - "legendFormat":"usage", - "refId":"B" - }, - { - "expr":"SUM(kube_pod_container_resource_limits_memory_bytes {namespace!=\"\"} / 1024 / 1024 / 1024)", - "format":"time_series", - "intervalFactor":1, - "legendFormat":"limits", - "refId":"D" - } - ], - "thresholds":[ - - ], - "timeFrom":null, - "timeShift":null, - "title":"Cluster memory (GB)", - "tooltip":{ - "shared":true, - "sort":0, - "value_type":"individual" - }, - "type":"graph", - "xaxis":{ - "buckets":null, - "mode":"time", - "name":null, - "show":true, - "values":[ - - ] - }, - "yaxes":[ - { - "format":"decgbytes", - "label":null, - "logBase":1, - "max":null, - "min":null, - "show":true - }, - { - "format":"short", - "label":null, - "logBase":1, - "max":null, - "min":null, - "show":true - } - ], - "yaxis":{ - "align":false, - "alignLevel":null - } - }, - { - "aliasColors":{ - - }, - "bars":false, - "dashLength":10, - "dashes":false, - "datasource":"default-kubecost", - "fill":1, - "gridPos":{ - "h":8, - "w":24, - "x":0, - "y":54 - }, - "id":131, - "legend":{ - "avg":false, - "current":false, - "max":false, - "min":false, - "show":false, - "total":false, - "values":false - }, - "lines":true, - "linewidth":1, - "links":[ - - ], - "nullPointMode":"null", - "percentage":false, - "pointradius":5, - "points":false, - "renderer":"flot", - "seriesOverrides":[ - - ], - "spaceLength":10, - "stack":false, - "steppedLine":false, - "targets":[ - { - "expr":"1 - sum(node_memory_MemAvailable_bytes) by (node) / sum(node_memory_MemTotal_bytes) by (node)", - "format":"time_series", - "intervalFactor":1, - "legendFormat":"usage", - "refId":"A" - } - ], - "thresholds":[ - - ], - "timeFrom":null, - "timeShift":null, - "title":"Cluster Memory Utilization", - "tooltip":{ - "shared":true, - "sort":0, - "value_type":"individual" - }, - "type":"graph", - "xaxis":{ - "buckets":null, - "mode":"time", - "name":null, - "show":true, - "values":[ - - ] - }, - "yaxes":[ - { - "format":"percentunit", - "label":null, - "logBase":1, - "max":null, - "min":null, - "show":true - }, - { - "format":"short", - "label":null, - "logBase":1, - "max":null, - "min":null, - "show":true - } - ], - "yaxis":{ - "align":false, - "alignLevel":null - } - }, - { - "columns":[ - { - "text":"Avg", - "value":"avg" - } - ], - "datasource":"default-kubecost", - "description":"Comparison of memory requests and current usage by namespace", - "fontSize":"100%", - "gridPos":{ - "h":10, - "w":12, - "x":0, - "y":62 - }, - "hideTimeOverride":true, - "id":109, - "links":[ - - ], - "pageSize":7, - "repeatDirection":"v", - "scroll":true, - "showHeader":true, - "sort":{ - "col":1, - "desc":true - }, - "styles":[ - { - "alias":"Mem Requests (GB)", - "colorMode":null, - "colors":[ - "#fceaca", - "#fce2de", - "rgba(245, 54, 54, 0.9)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Value #A", - "thresholds":[ - "" - ], - "type":"number", - "unit":"short" - }, - { - "alias":"Node", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"node", - "thresholds":[ - - ], - "type":"string", - "unit":"short" - }, - { - "alias":"", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Time", - "thresholds":[ - - ], - "type":"hidden", - "unit":"short" - }, - { - "alias":"CPU Requests", - "colorMode":"value", - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(50, 172, 45, 0.97)", - "#cffaff" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Value #B", - "thresholds":[ - "" - ], - "type":"number", - "unit":"short" - }, - { - "alias":"24h Mem Usage", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "#508642", - "#e5ac0e" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Value #C", - "thresholds":[ - ".30", - ".75" - ], - "type":"number", - "unit":"none" - }, - { - "alias":"Namespace", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "link":true, - "linkTooltip":"View namespace cost metrics", - "linkUrl":"d/at-cost-analysis-namespace2/namespace-cost-metrics?&var-namespace=$__cell", - "mappingType":1, - "pattern":"namespace", - "thresholds":[ - - ], - "type":"number", - "unit":"short" - } - ], - "targets":[ - { - "expr":"sum(kube_pod_container_resource_requests_memory_bytes{namespace!=\"\"} / 1024 / 1024 / 1024) by (namespace) ", - "format":"table", - "hide":false, - "instant":true, - "interval":"", - "intervalFactor":1, - "legendFormat":"", - "refId":"A" - }, - { - "expr":"SUM(container_memory_usage_bytes{image!=\"\",namespace!=\"\"} / 1024 / 1024 / 1024) by (namespace)", - "format":"table", - "instant":true, - "intervalFactor":1, - "legendFormat":"", - "refId":"C" - } - ], - "timeFrom":null, - "timeShift":null, - "title":"Memory requests & utilization by namespace", - "transform":"table", - "transparent":false, - "type":"table" - }, - { - "columns":[ - { - "text":"Avg", - "value":"avg" - } - ], - "datasource":"default-kubecost", - "description":"Container RAM usage vs node capacity", - "fontSize":"100%", - "gridPos":{ - "h":10, - "w":12, - "x":12, - "y":62 - }, - "hideTimeOverride":true, - "id":114, - "links":[ - - ], - "pageSize":8, - "repeatDirection":"v", - "scroll":true, - "showHeader":true, - "sort":{ - "col":1, - "desc":true - }, - "styles":[ - { - "alias":"RAM Requests", - "colorMode":"value", - "colors":[ - "#ef843c", - "rgba(50, 172, 45, 0.97)", - "rgba(245, 54, 54, 0.9)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Value #A", - "thresholds":[ - "30", - " 80" - ], - "type":"number", - "unit":"percentunit" - }, - { - "alias":"Node", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"node", - "thresholds":[ - - ], - "type":"string", - "unit":"short" - }, - { - "alias":"", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Time", - "thresholds":[ - - ], - "type":"hidden", - "unit":"short" - }, - { - "alias":"RAM Usage", - "colorMode":"value", - "colors":[ - "#ef843c", - "rgba(50, 172, 45, 0.97)", - "rgba(245, 54, 54, 0.9)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Value #B", - "thresholds":[ - "25", - " 80" - ], - "type":"number", - "unit":"percent" - }, - { - "alias":"", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"", - "thresholds":[ - - ], - "type":"number", - "unit":"short" - } - ], - "targets":[ - { - "expr":"SUM(label_replace(container_memory_usage_bytes{namespace!=\"\"}, \"node\", \"$1\", \"instance\",\"(.+)\")) by (node) * 100\n/\nSUM(kube_node_status_capacity_memory_bytes) by (node)", - "format":"table", - "instant":true, - "intervalFactor":1, - "refId":"B" - }, - { - "expr":"sum(kube_pod_container_resource_requests_memory_bytes{namespace!=\"\"}) by (node) / SUM(kube_node_status_capacity_memory_bytes) by (node)", - "format":"table", - "instant":true, - "intervalFactor":1, - "refId":"A" - } - ], - "timeFrom":null, - "timeShift":null, - "title":"Node utilization of allocatable RAM", - "transform":"table", - "transparent":false, - "type":"table" - }, - { - "collapsed":false, - "gridPos":{ - "h":1, - "w":24, - "x":0, - "y":72 - }, - "id":101, - "panels":[ - - ], - "title":"Storage Metrics", - "type":"row" - }, - { - "columns":[ - { - "text":"Avg", - "value":"avg" - } - ], - "datasource":"default-kubecost", - "fontSize":"100%", - "gridPos":{ - "h":9, - "w":12, - "x":0, - "y":73 - }, - "hideTimeOverride":true, - "id":97, - "links":[ - - ], - "pageSize":8, - "repeatDirection":"v", - "scroll":true, - "showHeader":true, - "sort":{ - "col":4, - "desc":true - }, - "styles":[ - { - "alias":"Node", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"instance", - "thresholds":[ - - ], - "type":"string", - "unit":"short" - }, - { - "alias":"PVC Name", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"persistentvolumeclaim", - "thresholds":[ - - ], - "type":"number", - "unit":"short" - }, - { - "alias":"Storage Class", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"storageclass", - "thresholds":[ - - ], - "type":"number", - "unit":"short" - }, - { - "alias":"Cost", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Value", - "thresholds":[ - - ], - "type":"number", - "unit":"currencyUSD" - }, - { - "alias":"", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Time", - "thresholds":[ - - ], - "type":"hidden", - "unit":"short" - }, - { - "alias":"Cost", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Value #A", - "thresholds":[ - - ], - "type":"number", - "unit":"currencyUSD" - }, - { - "alias":"Size (GB)", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Value #B", - "thresholds":[ - - ], - "type":"number", - "unit":"short" - }, - { - "alias":"Usage", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Value #C", - "thresholds":[ - - ], - "type":"number", - "unit":"percentunit" - } - ], - "targets":[ - { - "expr":"SUM(container_fs_limit_bytes{id=\"/\"}) by (instance) / 1024 / 1024 / 1024 * 1.03", - "format":"table", - "instant":true, - "intervalFactor":1, - "refId":"B" - }, - { - "expr":"SUM(container_fs_limit_bytes{id=\"/\"}) by (instance) / 1024 / 1024 / 1024 * 1.03 * $costStorageStandard\n", - "format":"table", - "hide":false, - "instant":true, - "interval":"", - "intervalFactor":1, - "legendFormat":"{{ persistentvolumeclaim }}", - "refId":"A" - }, - { - "expr":"sum(container_fs_usage_bytes{device=~\"^/dev/[sv]d[a-z][1-9]$\",id=\"/\"} / container_fs_limit_bytes{device=~\"^/dev/[sv]d[a-z][1-9]$\",id=\"/\"}) by (instance) \n", - "format":"table", - "instant":true, - "intervalFactor":1, - "refId":"C" - } - ], - "timeFrom":null, - "timeShift":null, - "title":"Local Storage", - "transform":"table", - "transparent":false, - "type":"table" - }, - { - "aliasColors":{ - - }, - "bars":false, - "dashLength":10, - "dashes":false, - "datasource":"default-kubecost", - "fill":1, - "gridPos":{ - "h":9, - "w":12, - "x":12, - "y":73 - }, - "id":128, - "legend":{ - "avg":false, - "current":false, - "max":false, - "min":false, - "show":true, - "total":false, - "values":false - }, - "lines":true, - "linewidth":1, - "links":[ - - ], - "nullPointMode":"null", - "percentage":false, - "pointradius":5, - "points":false, - "renderer":"flot", - "seriesOverrides":[ - - ], - "spaceLength":10, - "stack":false, - "steppedLine":false, - "targets":[ - { - "expr":"SUM(container_fs_usage_bytes{id=\"/\"}) / SUM(container_fs_limit_bytes{id=\"/\"})", - "format":"time_series", - "intervalFactor":1, - "legendFormat":"reads", - "refId":"D" - } - ], - "thresholds":[ - - ], - "timeFrom":null, - "timeShift":null, - "title":"Local storage utilization", - "tooltip":{ - "shared":true, - "sort":0, - "value_type":"individual" - }, - "type":"graph", - "xaxis":{ - "buckets":null, - "mode":"time", - "name":null, - "show":true, - "values":[ - - ] - }, - "yaxes":[ - { - "format":"percent", - "label":"IOPS", - "logBase":1, - "max":null, - "min":null, - "show":true - }, - { - "format":"short", - "label":null, - "logBase":1, - "max":null, - "min":null, - "show":true - } - ], - "yaxis":{ - "align":false, - "alignLevel":null - } - }, - { - "columns":[ - { - "text":"Avg", - "value":"avg" - } - ], - "datasource":"default-kubecost", - "fontSize":"100%", - "gridPos":{ - "h":10, - "w":12, - "x":0, - "y":82 - }, - "hideTimeOverride":true, - "id":94, - "links":[ - - ], - "pageSize":10, - "repeatDirection":"v", - "scroll":true, - "showHeader":true, - "sort":{ - "col":2, - "desc":true - }, - "styles":[ - { - "alias":"Namespace", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "link":true, - "linkTooltip":"View namespace cost metrics", - "linkUrl":"d/at-cost-analysis-namespace2/namespace-cost-metrics?&var-namespace=$__cell", - "mappingType":1, - "pattern":"namespace", - "thresholds":[ - - ], - "type":"string", - "unit":"short" - }, - { - "alias":"PVC Name", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"persistentvolumeclaim", - "thresholds":[ - - ], - "type":"number", - "unit":"short" - }, - { - "alias":"Storage Class", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"storageclass", - "thresholds":[ - - ], - "type":"number", - "unit":"short" - }, - { - "alias":"Cost", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Value", - "thresholds":[ - - ], - "type":"number", - "unit":"currencyUSD" - }, - { - "alias":"", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Time", - "thresholds":[ - - ], - "type":"hidden", - "unit":"short" - }, - { - "alias":"Cost", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Value #A", - "thresholds":[ - - ], - "type":"number", - "unit":"currencyUSD" - }, - { - "alias":"Usage", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Value #B", - "thresholds":[ - - ], - "type":"number", - "unit":"percentunit" - }, - { - "alias":"Size (GB)", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Value #C", - "thresholds":[ - - ], - "type":"number", - "unit":"short" - } - ], - "targets":[ - { - "expr":"sum (\n sum(kube_persistentvolumeclaim_info{storageclass=~\".*ssd.*\"}) by (persistentvolumeclaim, namespace, storageclass)\n * on (persistentvolumeclaim, namespace) group_right(storageclass)\n sum(kube_persistentvolumeclaim_resource_requests_storage_bytes{storageclass=~\".*ssd.*\"}) by (persistentvolumeclaim, namespace)\n) by (namespace,persistentvolumeclaim,storageclass) / 1024 / 1024 /1024\n\nor\n\nsum (\n sum(kube_persistentvolumeclaim_info{storageclass!~\".*ssd.*\"}) by (persistentvolumeclaim, namespace, storageclass)\n * on (persistentvolumeclaim, namespace) group_right(storageclass)\n sum(kube_persistentvolumeclaim_resource_requests_storage_bytes{storageclass!~\".*ssd.*\"}) by (persistentvolumeclaim, namespace)\n) by (namespace,persistentvolumeclaim,storageclass) / 1024 / 1024 /1024\n\n\n", - "format":"table", - "instant":true, - "intervalFactor":1, - "refId":"C" - }, - { - "expr":"sum (\n sum(kube_persistentvolumeclaim_info{storageclass=~\".*ssd.*\"}) by (persistentvolumeclaim, namespace, storageclass)\n * on (persistentvolumeclaim, namespace) group_right(storageclass)\n sum(kube_persistentvolumeclaim_resource_requests_storage_bytes{storageclass=~\".*ssd.*\"}) by (persistentvolumeclaim, namespace)\n) by (namespace,persistentvolumeclaim,storageclass) / 1024 / 1024 /1024 * $costStorageSSD\n\nor\n\nsum (\n sum(kube_persistentvolumeclaim_info{storageclass!~\".*ssd.*\"}) by (persistentvolumeclaim, namespace, storageclass)\n * on (persistentvolumeclaim, namespace) group_right(storageclass)\n sum(kube_persistentvolumeclaim_resource_requests_storage_bytes{storageclass!~\".*ssd.*\"}) by (persistentvolumeclaim, namespace)\n) by (namespace,persistentvolumeclaim,storageclass) / 1024 / 1024 /1024 * $costStorageStandard\n", - "format":"table", - "hide":false, - "instant":true, - "interval":"", - "intervalFactor":1, - "legendFormat":"{{ persistentvolumeclaim }}", - "refId":"A" - }, - { - "expr":"sum(kubelet_volume_stats_used_bytes) by (persistentvolumeclaim, namespace) \n/\nsum (\n sum(kube_persistentvolumeclaim_info{storageclass!~\".*ssd.*\"}) by (persistentvolumeclaim, namespace, storageclass)\n * on (persistentvolumeclaim, namespace) group_right(storageclass)\n sum(kube_persistentvolumeclaim_resource_requests_storage_bytes{storageclass!~\".*ssd.*\"}) by (persistentvolumeclaim, namespace)\n) by (namespace,persistentvolumeclaim)", - "format":"table", - "instant":true, - "intervalFactor":1, - "refId":"B" - } - ], - "timeFrom":null, - "timeShift":null, - "title":"Persistent Volume Claims", - "transform":"table", - "transparent":false, - "type":"table" - }, - { - "aliasColors":{ - - }, - "bars":false, - "dashLength":10, - "dashes":false, - "datasource":"default-kubecost", - "fill":1, - "gridPos":{ - "h":10, - "w":12, - "x":12, - "y":82 - }, - "id":132, - "legend":{ - "avg":false, - "current":false, - "max":false, - "min":false, - "show":true, - "total":false, - "values":false - }, - "lines":true, - "linewidth":1, - "links":[ - - ], - "nullPointMode":"null", - "percentage":false, - "pointradius":5, - "points":false, - "renderer":"flot", - "seriesOverrides":[ - - ], - "spaceLength":10, - "stack":false, - "steppedLine":false, - "targets":[ - { - "expr":"SUM(rate(node_disk_reads_completed_total[10m])) or SUM(rate(node_disk_reads_completed[10m]))\n", - "format":"time_series", - "intervalFactor":1, - "legendFormat":"reads", - "refId":"D" - }, - { - "expr":"SUM(rate(node_disk_writes_completed_total[10m])) or SUM(rate(node_disk_writes_completed[10m]))", - "format":"time_series", - "intervalFactor":1, - "legendFormat":"writes", - "refId":"A" - } - ], - "thresholds":[ - - ], - "timeFrom":null, - "timeShift":null, - "title":"Disk IOPS", - "tooltip":{ - "shared":true, - "sort":0, - "value_type":"individual" - }, - "type":"graph", - "xaxis":{ - "buckets":null, - "mode":"time", - "name":null, - "show":true, - "values":[ - - ] - }, - "yaxes":[ - { - "format":"none", - "label":"IOPS", - "logBase":1, - "max":null, - "min":null, - "show":true - }, - { - "format":"short", - "label":null, - "logBase":1, - "max":null, - "min":null, - "show":true - } - ], - "yaxis":{ - "align":false, - "alignLevel":null - } - }, - { - "aliasColors":{ - - }, - "bars":false, - "dashLength":10, - "dashes":false, - "datasource":"default-kubecost", - "fill":1, - "gridPos":{ - "h":9, - "w":24, - "x":0, - "y":92 - }, - "id":122, - "legend":{ - "avg":false, - "current":false, - "max":false, - "min":false, - "show":true, - "total":false, - "values":false - }, - "lines":true, - "linewidth":1, - "links":[ - - ], - "nullPointMode":"null", - "percentage":false, - "pointradius":5, - "points":false, - "renderer":"flot", - "seriesOverrides":[ - - ], - "spaceLength":10, - "stack":false, - "steppedLine":false, - "targets":[ - { - "expr":"SUM( kubelet_volume_stats_inodes_used / kubelet_volume_stats_inodes) by (persistentvolumeclaim) * 100", - "format":"time_series", - "intervalFactor":1, - "legendFormat":"", - "refId":"D" - } - ], - "thresholds":[ - - ], - "timeFrom":null, - "timeShift":null, - "title":"Inode usage", - "tooltip":{ - "shared":true, - "sort":0, - "value_type":"individual" - }, - "type":"graph", - "xaxis":{ - "buckets":null, - "mode":"time", - "name":null, - "show":true, - "values":[ - - ] - }, - "yaxes":[ - { - "format":"percent", - "label":null, - "logBase":1, - "max":null, - "min":null, - "show":true - }, - { - "format":"short", - "label":null, - "logBase":1, - "max":null, - "min":null, - "show":true - } - ], - "yaxis":{ - "align":false, - "alignLevel":null - } - }, - { - "collapsed":false, - "gridPos":{ - "h":1, - "w":24, - "x":0, - "y":101 - }, - "id":127, - "panels":[ - - ], - "title":"Network", - "type":"row" - }, - { - "aliasColors":{ - - }, - "bars":false, - "dashLength":10, - "dashes":false, - "datasource":"default-kubecost", - "fill":1, - "gridPos":{ - "h":9, - "w":24, - "x":0, - "y":102 - }, - "id":123, - "legend":{ - "avg":false, - "current":false, - "max":false, - "min":false, - "show":true, - "total":false, - "values":false - }, - "lines":true, - "linewidth":1, - "links":[ - - ], - "nullPointMode":"null", - "percentage":false, - "pointradius":5, - "points":false, - "renderer":"flot", - "seriesOverrides":[ - - ], - "spaceLength":10, - "stack":false, - "steppedLine":false, - "targets":[ - { - "expr":"sum (rate (node_network_transmit_bytes_total{}[60m]))\n", - "format":"time_series", - "intervalFactor":1, - "legendFormat":"node_out", - "refId":"B" - }, - { - "expr":"SUM ( rate(node_network_transmit_bytes_total{device=\"eth0\"}[60m]))", - "format":"time_series", - "instant":false, - "intervalFactor":1, - "legendFormat":"eth0 out", - "refId":"C" - } - ], - "thresholds":[ - - ], - "timeFrom":null, - "timeShift":null, - "title":"Node network transmit", - "tooltip":{ - "shared":true, - "sort":0, - "value_type":"individual" - }, - "type":"graph", - "xaxis":{ - "buckets":null, - "mode":"time", - "name":null, - "show":true, - "values":[ - - ] - }, - "yaxes":[ - { - "format":"decbytes", - "label":null, - "logBase":1, - "max":null, - "min":null, - "show":true - }, - { - "format":"short", - "label":null, - "logBase":1, - "max":null, - "min":null, - "show":true - } - ], - "yaxis":{ - "align":false, - "alignLevel":null - } - } - ], - "refresh":"15m", - "schemaVersion":16, - "style":"dark", - "tags":[ - "cost", - "utilization", - "metrics" - ], - "templating":{ - "list":[ - { - "current":{ - "text":"23.076", - "value":"23.076" - }, - "hide":0, - "label":"CPU", - "name":"costcpu", - "options":[ - { - "text":"23.076", - "value":"23.076" - } - ], - "query":"23.076", - "skipUrlSync":false, - "type":"constant" - }, - { - "current":{ - "text":"5.10", - "value":"5.10" - }, - "hide":0, - "label":"PE CPU", - "name":"costpcpu", - "options":[ - { - "text":"5.10", - "value":"5.10" - } - ], - "query":"5.10", - "skipUrlSync":false, - "type":"constant" - }, - { - "current":{ - "text":"3.25", - "value":"3.25" - }, - "hide":0, - "label":"RAM", - "name":"costram", - "options":[ - { - "text":"3.25", - "value":"3.25" - } - ], - "query":"3.25", - "skipUrlSync":false, - "type":"constant" - }, - { - "current":{ - "text":"0.6862", - "value":"0.6862" - }, - "hide":0, - "label":"PE RAM", - "name":"costpram", - "options":[ - { - "text":"0.6862", - "value":"0.6862" - } - ], - "query":"0.6862", - "skipUrlSync":false, - "type":"constant" - }, - { - "current":{ - "text":"0.040", - "value":"0.040" - }, - "hide":0, - "label":"Storage", - "name":"costStorageStandard", - "options":[ - { - "text":"0.040", - "value":"0.040" - } - ], - "query":"0.040", - "skipUrlSync":false, - "type":"constant" - }, - { - "current":{ - "text":".17", - "value":".17" - }, - "hide":0, - "label":"SSD", - "name":"costStorageSSD", - "options":[ - { - "text":".17", - "value":".17" - } - ], - "query":".17", - "skipUrlSync":false, - "type":"constant" - }, - { - "current":{ - "text":".12", - "value":".12" - }, - "hide":0, - "label":"Egress", - "name":"costEgress", - "options":[ - { - "selected":true, - "text":".12", - "value":".12" - } - ], - "query":".12", - "skipUrlSync":false, - "type":"constant" - }, - { - "current":{ - "text":"30", - "value":"30" - }, - "hide":0, - "label":"Discount", - "name":"costDiscount", - "options":[ - { - "text":"30", - "value":"30" - } - ], - "query":"30", - "skipUrlSync":false, - "type":"constant" - } - ] - }, - "time":{ - "from":"now-24h", - "to":"now" - }, - "timepicker":{ - "hidden":false, - "refresh_intervals":[ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options":[ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone":"browser", - "title":"Cluster cost & utilization metrics", - "uid":"cluster-costs", - "version":1 -} diff --git a/charts/kubecost/cost-analyzer/1.70.0/deployment-utilization.json b/charts/kubecost/cost-analyzer/1.70.0/deployment-utilization.json deleted file mode 100644 index ff5526c15..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/deployment-utilization.json +++ /dev/null @@ -1,1366 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "description": "Monitors Kubernetes deployments in cluster using Prometheus and kube-state-metrics. Shows resource utilization of deployments, daemonsets, and statefulsets.", - "editable": true, - "gnetId": 8588, - "graphTooltip": 0, - "id": 2, - "iteration": 1586200623748, - "links": [], - "panels": [ - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": true, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "default-kubecost", - "editable": true, - "error": false, - "format": "percent", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": true, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 5, - "w": 8, - "x": 0, - "y": 0 - }, - "height": "180px", - "id": 1, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum (container_memory_working_set_bytes{container!=\"\",pod_name=~\"^$Deployment$Statefulset$Daemonset.*$\", kubernetes_io_hostname=~\"^$Node$\", pod_name!=\"\"}) / sum (kube_node_status_allocatable_memory_bytes{node=~\"^$Node.*$\"}) * 100", - "format": "time_series", - "interval": "10s", - "intervalFactor": 1, - "refId": "A", - "step": 900 - } - ], - "thresholds": "65, 90", - "title": "Deployment memory usage", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": true, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "default-kubecost", - "decimals": 2, - "editable": true, - "error": false, - "format": "percent", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": true, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 5, - "w": 8, - "x": 8, - "y": 0 - }, - "height": "180px", - "id": 2, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum (rate (container_cpu_usage_seconds_total{pod_name=~\"^$Deployment$Statefulset$Daemonset.*$\", kubernetes_io_hostname=~\"^$Node$\"}[2m])) / sum (machine_cpu_cores{kubernetes_io_hostname=~\"^$Node$\"}) * 100", - "format": "time_series", - "interval": "10s", - "intervalFactor": 1, - "refId": "A", - "step": 900 - } - ], - "thresholds": "65, 90", - "title": "Deployment CPU usage", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": true, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "default-kubecost", - "editable": true, - "error": false, - "format": "percent", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": true, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 5, - "w": 8, - "x": 16, - "y": 0 - }, - "height": "180px", - "id": 3, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "(((sum(kube_deployment_status_replicas{deployment=~\".*$Deployment$Statefulset$Daemonset\"}) or vector(0)) + (sum(kube_statefulset_replicas{statefulset=~\".*$Deployment$Statefulset$Daemonset\"}) or vector(0)) + (sum(kube_daemonset_status_desired_number_scheduled{daemonset=~\".*$Deployment$Statefulset$Daemonset\"}) or vector(0))) - ((sum(kube_deployment_status_replicas_available{deployment=~\".*$Deployment$Statefulset$Daemonset\"}) or vector(0)) + (sum(kube_statefulset_status_replicas{statefulset=~\".*$Deployment$Statefulset$Daemonset\"}) or vector(0)) + (sum(kube_daemonset_status_number_ready{daemonset=~\".*$Deployment$Statefulset$Daemonset\"}) or vector(0)))) / ((sum(kube_deployment_status_replicas{deployment=~\".*$Deployment$Statefulset$Daemonset\"}) or vector(0)) + (sum(kube_statefulset_replicas{statefulset=~\".*$Deployment$Statefulset$Daemonset\"}) or vector(0)) + (sum(kube_daemonset_status_desired_number_scheduled{daemonset=~\".*$Deployment$Statefulset$Daemonset\"}) or vector(0))) * 100", - "format": "time_series", - "intervalFactor": 2, - "refId": "A", - "step": 1800 - } - ], - "thresholds": "1,30", - "title": "Unavailable Replicas", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "default-kubecost", - "editable": true, - "error": false, - "format": "bytes", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 4, - "x": 0, - "y": 5 - }, - "height": "100px", - "id": 4, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(container_memory_working_set_bytes{container!=\"\",pod_name=~\"^$Deployment$Statefulset$Daemonset.*$\", kubernetes_io_hostname=~\"^$Node$\", pod_name!=\"\"})", - "format": "time_series", - "intervalFactor": 2, - "refId": "A", - "step": 1800 - } - ], - "thresholds": "", - "title": "Used", - "type": "singlestat", - "valueFontSize": "50%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "default-kubecost", - "editable": true, - "error": false, - "format": "bytes", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 4, - "x": 4, - "y": 5 - }, - "height": "100px", - "id": 5, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum (kube_node_status_allocatable_memory_bytes{node=~\"^$Node.*$\"})", - "format": "time_series", - "intervalFactor": 2, - "refId": "A", - "step": 1800 - } - ], - "thresholds": "", - "title": "Total", - "type": "singlestat", - "valueFontSize": "50%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "default-kubecost", - "editable": true, - "error": false, - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 4, - "x": 8, - "y": 5 - }, - "height": "100px", - "id": 6, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": " cores", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum (rate (container_cpu_usage_seconds_total{pod_name=~\"^$Deployment$Statefulset$Daemonset.*$\", kubernetes_io_hostname=~\"^$Node$\"}[5m]))", - "format": "time_series", - "intervalFactor": 2, - "refId": "A", - "step": 1800 - } - ], - "thresholds": "", - "title": "Used", - "type": "singlestat", - "valueFontSize": "50%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "default-kubecost", - "editable": true, - "error": false, - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 4, - "x": 12, - "y": 5 - }, - "height": "100px", - "id": 7, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": " cores", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum (machine_cpu_cores{kubernetes_io_hostname=~\"^$Node$\"})", - "intervalFactor": 2, - "refId": "A", - "step": 1800 - } - ], - "thresholds": "", - "title": "Total", - "type": "singlestat", - "valueFontSize": "50%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "default-kubecost", - "editable": true, - "error": false, - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 4, - "x": 16, - "y": 5 - }, - "height": "100px", - "id": 8, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "(sum(kube_deployment_status_replicas_available{deployment=~\".*$Deployment$Statefulset$Daemonset\"}) or vector(0)) + (sum(kube_statefulset_status_replicas{statefulset=~\".*$Deployment$Statefulset$Daemonset\"}) or vector(0)) + (sum(kube_daemonset_status_number_ready{daemonset=~\".*$Deployment$Statefulset$Daemonset\"}) or vector(0))", - "format": "time_series", - "intervalFactor": 2, - "refId": "A", - "step": 1800 - } - ], - "thresholds": "", - "title": "Available (cluster)", - "type": "singlestat", - "valueFontSize": "50%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "default-kubecost", - "editable": true, - "error": false, - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 4, - "x": 20, - "y": 5 - }, - "height": "100px", - "id": 9, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "(sum(kube_deployment_status_replicas{deployment=~\".*$Deployment$Statefulset$Daemonset\"}) or vector(0)) + (sum(kube_statefulset_replicas{statefulset=~\".*$Deployment$Statefulset$Daemonset\"}) or vector(0)) + (sum(kube_daemonset_status_desired_number_scheduled{daemonset=~\".*$Deployment$Statefulset$Daemonset\"}) or vector(0))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ $Daemonset }}", - "refId": "A", - "step": 1800 - } - ], - "thresholds": "", - "title": "Total (cluster)", - "type": "singlestat", - "valueFontSize": "50%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "decimals": 3, - "editable": true, - "error": false, - "fill": 0, - "grid": {}, - "gridPos": { - "h": 11, - "w": 24, - "x": 0, - "y": 8 - }, - "height": "", - "id": 10, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "hideEmpty": false, - "hideZero": false, - "max": true, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/avlbl.*/", - "yaxis": 2 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum (irate (container_cpu_usage_seconds_total{container!=\"\",image!=\"\",name=~\"^k8s_.*\",io_kubernetes_container_name!=\"POD\",pod_name=~\"^$Deployment$Statefulset$Daemonset.*$\",kubernetes_io_hostname=~\"^$Node$\"}[5m])) by (pod_name,kubernetes_io_hostname)", - "format": "time_series", - "hide": false, - "interval": "10s", - "intervalFactor": 1, - "legendFormat": "usage: {{ kubernetes_io_hostname }} | {{ pod_name }} ", - "metric": "container_cpu", - "refId": "A", - "step": 60 - }, - { - "expr": "sum (kube_pod_container_resource_requests_cpu_cores{pod=~\"^$Deployment$Statefulset$Daemonset.*$\",node=~\"^$Node$\"}) by (pod,node)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "rqst: {{ node }} | {{ pod }}", - "refId": "B", - "step": 120 - }, - { - "expr": "sum ((kube_node_status_allocatable_cpu_cores{node=~\"^$Node$\"})) by (node)", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "avlbl: {{ node }}", - "refId": "C", - "step": 30 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "CPU usage & requests", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 2, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "none", - "label": "cores", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "decimals": 2, - "editable": true, - "error": false, - "fill": 0, - "grid": {}, - "gridPos": { - "h": 13, - "w": 24, - "x": 0, - "y": 19 - }, - "id": 11, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "max": true, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/^avlbl.*$/", - "yaxis": 2 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "max (container_memory_working_set_bytes{container!=\"POD\",container!=\"\",id!=\"/\",pod_name=~\"^$Deployment$Statefulset$Daemonset.*$\",kubernetes_io_hostname=~\"^$Node$\"}) by (pod_name,kubernetes_io_hostname)", - "format": "time_series", - "hide": false, - "interval": "10s", - "intervalFactor": 1, - "legendFormat": "usage: {{kubernetes_io_hostname }} | {{ pod_name }}", - "metric": "container_memory_usage:sort_desc", - "refId": "A", - "step": 60 - }, - { - "expr": "sum ((kube_pod_container_resource_requests_memory_bytes{pod=~\"^$Deployment$Statefulset$Daemonset.*$\",node=~\"^$Node$\"})) by (pod,node)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "rqst: {{ node }} | {{ pod }}", - "refId": "B", - "step": 120 - }, - { - "expr": "sum ((kube_node_status_allocatable_memory_bytes{node=~\"^$Node$\"})) by (node)", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "avlbl: {{ node }}", - "refId": "C", - "step": 30 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Memory usage & requests", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 2, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "fill": 1, - "gridPos": { - "h": 9, - "w": 24, - "x": 0, - "y": 32 - }, - "id": 12, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "100 * (kubelet_volume_stats_used_bytes{kubernetes_io_hostname=~\"^$Node$\", persistentvolumeclaim=~\".*$Deployment$Statefulset$Daemonset.*$\"} / kubelet_volume_stats_capacity_bytes{kubernetes_io_hostname=~\"^$Node$\", persistentvolumeclaim=~\".*$Deployment$Statefulset$Daemonset.*$\"})", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ persistentvolumeclaim }} | {{ kubernetes_io_hostname }}", - "refId": "A", - "step": 120 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Disk Usage", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "decimals": 2, - "editable": true, - "error": false, - "fill": 1, - "grid": {}, - "gridPos": { - "h": 13, - "w": 24, - "x": 0, - "y": 41 - }, - "id": 13, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum (rate (container_network_receive_bytes_total{id!=\"/\",pod_name=~\"^$Deployment$Statefulset$Daemonset.*$\",kubernetes_io_hostname=~\"^$Node$\"}[2m])) by (pod_name, kubernetes_io_hostname)", - "format": "time_series", - "interval": "10s", - "intervalFactor": 1, - "legendFormat": "-> {{ kubernetes_io_hostname }} | {{ pod_name }}", - "metric": "network", - "refId": "A", - "step": 60 - }, - { - "expr": "- sum( rate (container_network_transmit_bytes_total{id!=\"/\",pod_name=~\"^$Deployment$Statefulset$Daemonset.*$\",kubernetes_io_hostname=~\"^$Node$\"}[2m])) by (pod_name, kubernetes_io_hostname)", - "format": "time_series", - "interval": "10s", - "intervalFactor": 1, - "legendFormat": "<- {{ kubernetes_io_hostname }} | {{ pod_name }}", - "metric": "network", - "refId": "B", - "step": 60 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "All processes network I/O", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 2, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": false, - "schemaVersion": 16, - "style": "dark", - "tags": [ - "kubernetes", - "deployment" - ], - "templating": { - "list": [ - { - "allValue": "()", - "current": { - "selected": false, - "tags": [], - "text": "All", - "value": "$__all" - }, - "datasource": "default-kubecost", - "hide": 0, - "includeAll": true, - "label": null, - "multi": false, - "name": "Deployment", - "options": [], - "query": "label_values(deployment)", - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "sort": 0, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": "()", - "current": { - "text": "All", - "value": "$__all" - }, - "datasource": "default-kubecost", - "hide": 0, - "includeAll": true, - "label": null, - "multi": false, - "name": "Statefulset", - "options": [], - "query": "label_values(statefulset)", - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "sort": 0, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": "()", - "current": { - "text": "All", - "value": "$__all" - }, - "datasource": "default-kubecost", - "hide": 0, - "includeAll": true, - "label": null, - "multi": false, - "name": "Daemonset", - "options": [], - "query": "label_values(daemonset)", - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "sort": 0, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": ".*", - "current": { - "text": "All", - "value": "$__all" - }, - "datasource": "default-kubecost", - "hide": 0, - "includeAll": true, - "label": null, - "multi": false, - "name": "Node", - "options": [], - "query": "label_values(kubernetes_io_hostname)", - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "sort": 0, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-24h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "browser", - "title": "Deployment/Statefulset/Daemonset utilization metrics", - "uid": "deployment-metrics", - "version": 1 -} diff --git a/charts/kubecost/cost-analyzer/1.70.0/label-cost-utilization.json b/charts/kubecost/cost-analyzer/1.70.0/label-cost-utilization.json deleted file mode 100644 index 46d508aa0..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/label-cost-utilization.json +++ /dev/null @@ -1,1193 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "id": 7, - "iteration": 1586214000479, - "links": [], - "panels": [ - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "default-kubecost", - "decimals": 2, - "description": "Monthly projected CPU cost given last 10m", - "format": "currencyUSD", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 5, - "w": 6, - "x": 0, - "y": 0 - }, - "hideTimeOverride": true, - "id": 15, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "label_cloud_google_com_gke_preemptible", - "targets": [ - { - "expr": "sum(\n avg(container_cpu_allocation) by (pod,node)\n\n * on (node) group_left()\n avg(avg_over_time(node_cpu_hourly_cost[10m])) by (node)\n\n * on (pod) group_left()\n label_replace(\n max(kube_pod_labels{label_$label=~\"$label_value\"}) by (pod),\n \"pod_name\",\n \"$1\", \n \"pod\", \n \"(.+)\"\n )\n) * 730", - "format": "time_series", - "instant": true, - "interval": "", - "intervalFactor": 1, - "legendFormat": " {{ node }}", - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": "15m", - "timeShift": null, - "title": "CPU Cost", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "default-kubecost", - "decimals": 2, - "description": "Based on CPU usage over last 24 hours", - "format": "currencyUSD", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 5, - "w": 6, - "x": 6, - "y": 0 - }, - "hideTimeOverride": true, - "id": 16, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "label_cloud_google_com_gke_preemptible", - "targets": [ - { - "expr": "sum(\n avg(container_memory_allocation_bytes) by (pod,node) / 1024 / 1024 / 1024\n\n * on (node) group_left()\n avg(avg_over_time(node_ram_hourly_cost[10m])) by (node)\n\n * on (pod) group_left()\n label_replace(\n max(kube_pod_labels{label_$label=~\"$label_value\"}) by (pod),\n \"pod_name\",\n \"$1\", \n \"pod\", \n \"(.+)\"\n )\n) * 730", - "format": "time_series", - "instant": true, - "interval": "", - "intervalFactor": 1, - "legendFormat": " {{ node }}", - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": "15m", - "timeShift": null, - "title": "Memory Cost", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "default-kubecost", - "decimals": 2, - "description": "", - "format": "currencyUSD", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 5, - "w": 6, - "x": 12, - "y": 0 - }, - "hideTimeOverride": true, - "id": 21, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "label_cloud_google_com_gke_preemptible", - "targets": [ - { - "expr": "sum(\n sum(kube_persistentvolumeclaim_info{storageclass!=\".*ssd.*\"}) by (persistentvolumeclaim, storageclass)\n * on (persistentvolumeclaim) group_right(storageclass)\n sum(kube_persistentvolumeclaim_resource_requests_storage_bytes) by (persistentvolumeclaim)\n * on (persistentvolumeclaim) group_left(label_app)\n max(kube_persistentvolumeclaim_labels{label_$label=~\"$label_value\"}) by (persistentvolumeclaim) or up * 0\n) / 1024 / 1024 /1024 * .04 \n\n+\n\nsum(\n sum(kube_persistentvolumeclaim_info{storageclass=~\".*ssd.*\"}) by (persistentvolumeclaim, storageclass)\n * on (persistentvolumeclaim) group_right(storageclass)\n sum(kube_persistentvolumeclaim_resource_requests_storage_bytes) by (persistentvolumeclaim)\n * on (persistentvolumeclaim) group_left(label_app)\n max(kube_persistentvolumeclaim_labels{label_$label=~\"$label_value\"}) by (persistentvolumeclaim) or up * 0\n) / 1024 / 1024 /1024 * .17 \n", - "format": "time_series", - "instant": true, - "interval": "", - "intervalFactor": 1, - "legendFormat": " {{ node }}", - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": "15m", - "timeShift": null, - "title": "Storage Cost", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "default-kubecost", - "decimals": 2, - "description": "Cost of memory + CPU usage", - "format": "currencyUSD", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 5, - "w": 6, - "x": 18, - "y": 0 - }, - "hideTimeOverride": true, - "id": 20, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "label_cloud_google_com_gke_preemptible", - "targets": [ - { - "expr": "# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ CPU ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\nsum(\n avg(container_cpu_allocation) by (pod,node)\n\n * on (node) group_left()\n avg(avg_over_time(node_cpu_hourly_cost[10m])) by (node)\n\n * on (pod) group_left()\n label_replace(\n max(kube_pod_labels{label_$label=~\"$label_value\"}) by (pod),\n \"pod_name\",\n \"$1\", \n \"pod\", \n \"(.+)\"\n )\n) * 730\n\n#END CPU\n+\n\n# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Memory ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\nsum(\n avg(container_memory_allocation_bytes) by (pod,node) / 1024 / 1024 / 1024\n\n * on (node) group_left()\n avg(avg_over_time(node_ram_hourly_cost[10m])) by (node)\n\n * on (pod) group_left()\n label_replace(\n max(kube_pod_labels{label_$label=~\"$label_value\"}) by (pod),\n \"pod_name\",\n \"$1\", \n \"pod\", \n \"(.+)\"\n )\n) * 730\n\n# END MEMORY\n\n+\n\n# ~~~~~~~~~~~~~~~~~~~~~~~~~~~ STORAGE ~~~~~~~~~~~~~~~~~~~~~~~~~\n\nsum(\n sum(kube_persistentvolumeclaim_info{storageclass!=\".*ssd.*\"}) by (persistentvolumeclaim, storageclass)\n * on (persistentvolumeclaim) group_right(storageclass)\n sum(kube_persistentvolumeclaim_resource_requests_storage_bytes) by (persistentvolumeclaim)\n * on (persistentvolumeclaim) group_left(label_app)\n max(kube_persistentvolumeclaim_labels{label_$label=~\"$label_value\"}) by (persistentvolumeclaim) or up * 0\n) / 1024 / 1024 /1024 * .04 \n\n+\n\nsum(\n sum(kube_persistentvolumeclaim_info{storageclass=~\".*ssd.*\"}) by (persistentvolumeclaim, storageclass)\n * on (persistentvolumeclaim) group_right(storageclass)\n sum(kube_persistentvolumeclaim_resource_requests_storage_bytes) by (persistentvolumeclaim)\n * on (persistentvolumeclaim) group_left(label_app)\n max(kube_persistentvolumeclaim_labels{label_$label=~\"$label_value\"}) by (persistentvolumeclaim) or up * 0\n) / 1024 / 1024 /1024 * .17 \n\n\n# END STORAGE\n", - "format": "time_series", - "instant": true, - "interval": "", - "intervalFactor": 1, - "legendFormat": " {{ node }}", - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": "15m", - "timeShift": null, - "title": "Total Cost", - "type": "singlestat", - "valueFontSize": "110%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "default-kubecost", - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 3, - "x": 0, - "y": 5 - }, - "id": 10, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": " cores", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(\n sum (kube_pod_container_resource_requests_cpu_cores) by (pod)\n * on (pod) group_left()\n max(kube_pod_labels{label_$label=~\"$label_value\"}) by (pod)\n or up * 0\n) ", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": "", - "title": "CPU Request", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "default-kubecost", - "decimals": 2, - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 3, - "x": 3, - "y": 5 - }, - "id": 17, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": " cores", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(\n label_replace(\n sum(rate(container_cpu_usage_seconds_total{image!=\"\",container_name!=\"POD\"}[1h])) by (kubernetes_io_hostname,pod_name),\n \"node\",\n \"$1\", \n \"kubernetes_io_hostname\", \n \"(.+)\"\n ) \n * on (pod_name) group_left()\n label_replace(\n max(kube_pod_labels{label_$label=~\"$label_value\"}) by (pod),\n \"pod_name\",\n \"$1\", \n \"pod\", \n \"(.+)\"\n ) or up * 0\n) ", - "format": "time_series", - "intervalFactor": 2, - "refId": "A" - } - ], - "thresholds": "", - "title": "CPU Used", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "default-kubecost", - "decimals": 0, - "format": "bytes", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 3, - "x": 6, - "y": 5 - }, - "id": 11, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(\n sum (kube_pod_container_resource_requests_memory_bytes) by (pod)\n * on (pod) group_left()\n max(kube_pod_labels{label_$label=~\"$label_value\"}) by (pod)\n or up * 0\n) ", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": "", - "title": "Memory Request", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "default-kubecost", - "format": "bytes", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 3, - "x": 9, - "y": 5 - }, - "id": 18, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(\n label_replace(\n sum (container_memory_working_set_bytes{pod_name!=\"\",container!=\"POD\",container!=\"\"}) by (pod_name),\n \"pod\",\n \"$1\", \n \"pod_name\", \n \"(.+)\")\n * on (pod) group_left()\n max(kube_pod_labels{label_$label=~\"$label_value\"}) by (pod)\n or up * 0\n)", - "format": "time_series", - "instant": true, - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": "", - "title": "Memory Usage", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "default-kubecost", - "decimals": 0, - "format": "bytes", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 12, - "y": 5 - }, - "id": 22, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(\n max(kube_persistentvolumeclaim_info) by (persistentvolumeclaim, storageclass)\n * on (persistentvolumeclaim) group_right(storageclass)\n sum(kube_persistentvolumeclaim_resource_requests_storage_bytes) by (persistentvolumeclaim)\n * on (persistentvolumeclaim) group_left(label_app)\n max(kube_persistentvolumeclaim_labels{label_$label=~\"$label_value\"}) by (persistentvolumeclaim) or up * 0\n) \n", - "format": "time_series", - "instant": true, - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": "", - "title": "Storage Request", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "fill": 1, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 9 - }, - "id": 8, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(\n label_replace(\n sum (kube_pod_container_resource_limits_cpu_cores) by (pod, container)\n * on (pod) group_left()\n max(kube_pod_labels{label_$label=~\"$label_value\"}) by (pod,container),\n \"container_name\",\n \"$1\", \n \"container\", \n \"(.+)\"\n )\n) \n", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "limit", - "refId": "C" - }, - { - "expr": "sum(\n label_replace(\n sum (kube_pod_container_resource_requests_cpu_cores) by (pod, container)\n * on (pod) group_left()\n max(kube_pod_labels{label_$label=~\"$label_value\"}) by (pod,container),\n \"container_name\",\n \"$1\", \n \"container\", \n \"(.+)\"\n )\n) \n", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "request", - "refId": "B" - }, - { - "expr": "sum(\n label_replace(\n sum (rate (container_cpu_usage_seconds_total{image!=\"\",container!=\"POD\",container!=\"\"}[10m])) by (container,pod),\n \"pod\", \n \"$1\", \n \"pod_name\", \n \"(.+)\"\n )\n * on (pod) group_left (label_$label)\n max(kube_pod_labels{label_$label=~\"$label_value\"}) by (pod,container)\n)\n", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "usage", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "CPU Usage vs Requests vs Limits", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "fill": 1, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 9 - }, - "id": 23, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(\n label_replace(\n sum (kube_pod_container_resource_limits_memory_bytes) by (pod, container)\n * on (pod) group_left()\n max(kube_pod_labels{label_$label=~\"$label_value\"}) by (pod,container),\n \"container_name\",\n \"$1\", \n \"container\", \n \"(.+)\"\n )\n) \n", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "limit", - "refId": "C" - }, - { - "expr": "sum(\n label_replace(\n sum (kube_pod_container_resource_requests_memory_bytes) by (pod, container)\n * on (pod) group_left()\n max(kube_pod_labels{label_$label=~\"$label_value\"}) by (pod,container),\n \"container_name\",\n \"$1\", \n \"container\", \n \"(.+)\"\n )\n) \n", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "request", - "refId": "B" - }, - { - "expr": "sum(\n label_replace(\n sum (container_memory_working_set_bytes{container!=\"\",container!=\"POD\"}) by (container,pod),\n \"pod\", \n \"$1\", \n \"pod_name\", \n \"(.+)\"\n )\n * on (pod) group_left (label_$label)\n max(kube_pod_labels{label_$label=~\"$label_value\"}) by (pod,container)\n)\n", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "usage", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Memory Usage vs Requests vs Limits", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": false, - "schemaVersion": 16, - "style": "dark", - "tags": [ - "cost", - "utilization", - "metrics" - ], - "templating": { - "list": [ - { - "datasource": "default-kubecost", - "filters": [], - "hide": 0, - "label": "", - "name": "Filters", - "skipUrlSync": false, - "type": "adhoc" - }, - { - "allValue": null, - "current": { - "tags": [], - "text": "app", - "value": "app" - }, - "hide": 0, - "includeAll": false, - "label": "Label", - "multi": false, - "name": "label", - "options": [ - { - "selected": false, - "text": "app", - "value": "app" - }, - { - "selected": false, - "text": "tier", - "value": "tier" - }, - { - "selected": false, - "text": "component", - "value": "component" - }, - { - "selected": true, - "text": "release", - "value": "release" - }, - { - "selected": false, - "text": "name", - "value": "name" - }, - { - "selected": false, - "text": "team", - "value": "team" - }, - { - "selected": false, - "text": "department", - "value": "department" - }, - { - "selected": false, - "text": "owner", - "value": "owner" - }, - { - "selected": false, - "text": "contact", - "value": "contact" - } - ], - "query": "app, tier, component, release, name, team, department, owner, contact", - "skipUrlSync": false, - "type": "custom" - }, - { - "allValue": ".*", - "current": { - "tags": [], - "text": "All", - "value": "$__all" - }, - "datasource": "default-kubecost", - "hide": 0, - "includeAll": true, - "label": "Value", - "multi": false, - "name": "label_value", - "options": [], - "query": "query_result(SUM(kube_pod_labels{label_$label!=\"\",namespace!=\"kube-system\"}) by (label_$label))", - "refresh": 1, - "regex": "/label_$label=\\\"(.*?)(\\\")/", - "skipUrlSync": false, - "sort": 0, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": "()", - "current": { - "text": "All", - "value": "$__all" - }, - "datasource": "default-kubecost", - "hide": 0, - "includeAll": true, - "label": "", - "multi": false, - "name": "Deployments", - "options": [], - "query": "label_values(deployment)", - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "sort": 1, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "tags": [], - "text": "All", - "value": "$__all" - }, - "datasource": "default-kubecost", - "hide": 0, - "includeAll": true, - "label": null, - "multi": false, - "name": "Secondary", - "options": [ - { - "selected": true, - "text": "All", - "value": "$__all" - }, - { - "selected": false, - "text": "app", - "value": "app" - }, - { - "selected": false, - "text": "component", - "value": "component" - }, - { - "selected": false, - "text": "controller_revision_hash", - "value": "controller_revision_hash" - }, - { - "selected": false, - "text": "k8s_app", - "value": "k8s_app" - } - ], - "query": "query_result(kube_pod_labels)", - "refresh": 0, - "regex": "/.+?label_([^=]*).*/", - "skipUrlSync": false, - "sort": 1, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-24h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Label costs & utilization", - "uid": "lWMhIA-ik", - "version": 2 -} diff --git a/charts/kubecost/cost-analyzer/1.70.0/namespace-utilization.json b/charts/kubecost/cost-analyzer/1.70.0/namespace-utilization.json deleted file mode 100644 index 7260cced1..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/namespace-utilization.json +++ /dev/null @@ -1,1156 +0,0 @@ -{ - "annotations":{ - "list":[ - { - "builtIn":1, - "datasource":"-- Grafana --", - "enable":true, - "hide":true, - "iconColor":"rgba(0, 211, 255, 1)", - "name":"Annotations & Alerts", - "type":"dashboard" - } - ] - }, - "description":"A dashboard to help with utilization and resource allocation", - "editable":true, - "gnetId":8673, - "graphTooltip":0, - "id":9, - "iteration":1553150922105, - "links":[ - - ], - "panels":[ - { - "columns":[ - { - "text":"Avg", - "value":"avg" - } - ], - "datasource":"default-kubecost", - "fontSize":"100%", - "gridPos":{ - "h":9, - "w":16, - "x":0, - "y":0 - }, - "hideTimeOverride":true, - "id":73, - "links":[ - - ], - "pageSize":8, - "repeat":null, - "repeatDirection":"v", - "scroll":true, - "showHeader":true, - "sort":{ - "col":2, - "desc":false - }, - "styles":[ - { - "alias":"Pod", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(50, 172, 45, 0.97)", - "#c15c17" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "link":false, - "linkTooltip":"", - "linkUrl":"", - "pattern":"pod_name", - "thresholds":[ - "30", - "80" - ], - "type":"string", - "unit":"currencyUSD" - }, - { - "alias":"RAM", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "pattern":"Value #B", - "thresholds":[ - - ], - "type":"number", - "unit":"decbytes" - }, - { - "alias":"CPU %", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Value #A", - "thresholds":[ - - ], - "type":"number", - "unit":"percent" - }, - { - "alias":"", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Time", - "thresholds":[ - - ], - "type":"hidden", - "unit":"short" - }, - { - "alias":"Storage", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Value #C", - "thresholds":[ - - ], - "type":"number", - "unit":"currencyUSD" - }, - { - "alias":"Total", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Value #D", - "thresholds":[ - - ], - "type":"number", - "unit":"currencyUSD" - }, - { - "alias":"CPU Utilization", - "colorMode":"value", - "colors":[ - "#bf1b00", - "rgba(50, 172, 45, 0.97)", - "#ef843c" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Value #E", - "thresholds":[ - "30", - "80" - ], - "type":"number", - "unit":"percent" - }, - { - "alias":"RAM Utilization", - "colorMode":"value", - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(50, 172, 45, 0.97)", - "#ef843c" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Value #F", - "thresholds":[ - "30", - "80" - ], - "type":"number", - "unit":"percent" - } - ], - "targets":[ - { - "expr":"sum (rate (container_cpu_usage_seconds_total{namespace=\"$namespace\"}[10m])) by (pod_name) * 100", - "format":"table", - "hide":false, - "instant":true, - "interval":"", - "intervalFactor":1, - "legendFormat":"{{ pod_name }}", - "refId":"A" - }, - { - "expr":"sum (avg_over_time (container_memory_working_set_bytes{namespace=\"$namespace\", container_name!=\"POD\"}[10m])) by (pod_name)", - "format":"table", - "hide":false, - "instant":true, - "intervalFactor":1, - "legendFormat":"{{ pod_name }}", - "refId":"B" - } - ], - "timeFrom":"1M", - "timeShift":null, - "title":"Pod utilization analysis", - "transform":"table", - "transparent":false, - "type":"table" - }, - { - "columns":[ - { - "text":"Avg", - "value":"avg" - } - ], - "datasource":"default-kubecost", - "fontSize":"100%", - "gridPos":{ - "h":9, - "w":8, - "x":16, - "y":0 - }, - "hideTimeOverride":true, - "id":90, - "links":[ - - ], - "pageSize":8, - "repeatDirection":"v", - "scroll":true, - "showHeader":true, - "sort":{ - "col":4, - "desc":true - }, - "styles":[ - { - "alias":"Namespace", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"namespace", - "thresholds":[ - - ], - "type":"hidden", - "unit":"short" - }, - { - "alias":"PVC Name", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"persistentvolumeclaim", - "thresholds":[ - - ], - "type":"number", - "unit":"short" - }, - { - "alias":"Storage Class", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"storageclass", - "thresholds":[ - - ], - "type":"number", - "unit":"short" - }, - { - "alias":"Size", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":1, - "mappingType":1, - "pattern":"Value", - "thresholds":[ - - ], - "type":"number", - "unit":"gbytes" - }, - { - "alias":"", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Time", - "thresholds":[ - - ], - "type":"hidden", - "unit":"short" - } - ], - "targets":[ - { - "expr":"sum (\n sum(kube_persistentvolumeclaim_info) by (persistentvolumeclaim, namespace, storageclass)\n + on (persistentvolumeclaim, namespace) group_right (storageclass)\n sum(kube_persistentvolumeclaim_resource_requests_storage_bytes{namespace=~\"$namespace\"}) by (persistentvolumeclaim, namespace)\n) by (namespace,persistentvolumeclaim,storageclass) / 1024 / 1024 /1024 ", - "format":"table", - "hide":false, - "instant":true, - "interval":"", - "intervalFactor":1, - "legendFormat":"{{ persistentvolumeclaim }}", - "refId":"A" - } - ], - "timeFrom":null, - "timeShift":null, - "title":"Persistent Volume Claims", - "transform":"table", - "transparent":false, - "type":"table" - }, - { - "aliasColors":{ - - }, - "bars":false, - "dashLength":10, - "dashes":false, - "datasource":"default-kubecost", - "description":"CPU requests by pod divided by the rate of CPU usage over the last hour", - "fill":1, - "gridPos":{ - "h":9, - "w":24, - "x":0, - "y":9 - }, - "id":100, - "legend":{ - "avg":false, - "current":false, - "max":false, - "min":false, - "show":true, - "total":false, - "values":false - }, - "lines":true, - "linewidth":1, - "links":[ - - ], - "nullPointMode":"null", - "percentage":false, - "pointradius":5, - "points":false, - "renderer":"flot", - "seriesOverrides":[ - - ], - "spaceLength":10, - "stack":false, - "steppedLine":false, - "targets":[ - { - "expr":"topk(10,\n label_replace(\n sum(kube_pod_container_resource_requests_cpu_cores{namespace=\"$namespace\"}) by (pod),\n \"pod_name\", \n \"$1\", \n \"pod\", \n \"(.+)\"\n ) \n/ on (pod_name) sum(rate(container_cpu_usage_seconds_total{namespace=\"$namespace\",pod_name=~\".+\"}[1h])) by (pod_name))", - "format":"time_series", - "intervalFactor":1, - "refId":"A" - } - ], - "thresholds":[ - - ], - "timeFrom":null, - "timeShift":null, - "title":"Ratio of CPU requests to usage (Top 10 pods)", - "tooltip":{ - "shared":true, - "sort":0, - "value_type":"individual" - }, - "type":"graph", - "xaxis":{ - "buckets":null, - "mode":"time", - "name":null, - "show":true, - "values":[ - - ] - }, - "yaxes":[ - { - "format":"short", - "label":null, - "logBase":1, - "max":null, - "min":null, - "show":true - }, - { - "format":"short", - "label":null, - "logBase":1, - "max":null, - "min":null, - "show":true - } - ], - "yaxis":{ - "align":false, - "alignLevel":null - } - }, - { - "aliasColors":{ - - }, - "bars":false, - "dashLength":10, - "dashes":false, - "datasource":"default-kubecost", - "decimals":3, - "description":"This panel shows historical utilization as an average across all pods in this namespace. It only accounts for currently deployed pods", - "editable":true, - "error":false, - "fill":0, - "grid":{ - - }, - "gridPos":{ - "h":6, - "w":12, - "x":0, - "y":18 - }, - "height":"", - "id":94, - "isNew":true, - "legend":{ - "alignAsTable":false, - "avg":false, - "current":false, - "hideEmpty":false, - "hideZero":false, - "max":false, - "min":false, - "rightSide":false, - "show":false, - "sideWidth":null, - "sort":"current", - "sortDesc":true, - "total":false, - "values":true - }, - "lines":true, - "linewidth":2, - "links":[ - - ], - "nullPointMode":"connected", - "percentage":false, - "pointradius":5, - "points":false, - "renderer":"flot", - "seriesOverrides":[ - - ], - "spaceLength":10, - "stack":false, - "steppedLine":true, - "targets":[ - { - "expr":"sum (rate (container_cpu_usage_seconds_total{namespace=\"$namespace\"}[10m])) by (namespace)\n", - "format":"time_series", - "hide":false, - "instant":false, - "interval":"10s", - "intervalFactor":1, - "legendFormat":"cpu utilization", - "metric":"container_cpu", - "refId":"A", - "step":10 - } - ], - "thresholds":[ - - ], - "timeFrom":"", - "timeShift":null, - "title":"Overall CPU Utilization", - "tooltip":{ - "msResolution":true, - "shared":true, - "sort":2, - "value_type":"cumulative" - }, - "type":"graph", - "xaxis":{ - "buckets":null, - "mode":"time", - "name":null, - "show":true, - "values":[ - - ] - }, - "yaxes":[ - { - "decimals":null, - "format":"percent", - "label":"", - "logBase":1, - "max":"110", - "min":"0", - "show":true - }, - { - "format":"short", - "label":null, - "logBase":1, - "max":null, - "min":null, - "show":false - } - ], - "yaxis":{ - "align":false, - "alignLevel":null - } - }, - { - "aliasColors":{ - - }, - "bars":false, - "dashLength":10, - "dashes":false, - "datasource":"default-kubecost", - "decimals":2, - "description":"This panel shows historical utilization as an average across all pods in this namespace. It only accounts for currently deployed pods", - "editable":true, - "error":false, - "fill":0, - "grid":{ - - }, - "gridPos":{ - "h":6, - "w":12, - "x":12, - "y":18 - }, - "id":92, - "isNew":true, - "legend":{ - "alignAsTable":false, - "avg":false, - "current":false, - "max":false, - "min":false, - "rightSide":false, - "show":false, - "sideWidth":200, - "sort":"current", - "sortDesc":true, - "total":false, - "values":true - }, - "lines":true, - "linewidth":2, - "links":[ - - ], - "nullPointMode":"connected", - "percentage":false, - "pointradius":5, - "points":false, - "renderer":"flot", - "seriesOverrides":[ - - ], - "spaceLength":10, - "stack":false, - "steppedLine":true, - "targets":[ - { - "expr":"sum (container_memory_working_set_bytes{namespace=\"$namespace\"})\n/\nsum(node_memory_MemTotal_bytes)", - "format":"time_series", - "instant":false, - "intervalFactor":1, - "legendFormat":"mem utilization", - "refId":"B" - } - ], - "thresholds":[ - - ], - "timeFrom":"", - "timeShift":null, - "title":"Overall RAM Utilization", - "tooltip":{ - "msResolution":false, - "shared":true, - "sort":2, - "value_type":"cumulative" - }, - "type":"graph", - "xaxis":{ - "buckets":null, - "mode":"time", - "name":null, - "show":true, - "values":[ - - ] - }, - "yaxes":[ - { - "decimals":null, - "format":"percent", - "label":null, - "logBase":1, - "max":"110", - "min":"0", - "show":true - }, - { - "format":"short", - "label":null, - "logBase":1, - "max":null, - "min":null, - "show":false - } - ], - "yaxis":{ - "align":false, - "alignLevel":null - } - }, - { - "aliasColors":{ - - }, - "bars":false, - "dashLength":10, - "dashes":false, - "datasource":"default-kubecost", - "decimals":2, - "description":"Traffic in and out of this namespace, as a sum of the pods within it", - "editable":true, - "error":false, - "fill":1, - "grid":{ - - }, - "gridPos":{ - "h":6, - "w":12, - "x":0, - "y":24 - }, - "height":"", - "id":96, - "isNew":true, - "legend":{ - "alignAsTable":false, - "avg":true, - "current":true, - "hideEmpty":false, - "hideZero":false, - "max":false, - "min":false, - "rightSide":false, - "show":true, - "sideWidth":null, - "sort":"current", - "sortDesc":true, - "total":false, - "values":true - }, - "lines":true, - "linewidth":2, - "links":[ - - ], - "nullPointMode":"connected", - "percentage":false, - "pointradius":5, - "points":false, - "renderer":"flot", - "seriesOverrides":[ - - ], - "spaceLength":10, - "stack":false, - "steppedLine":false, - "targets":[ - { - "expr":"sum (rate (container_network_receive_bytes_total{namespace=\"$namespace\"}[10m])) by (namespace)", - "format":"time_series", - "hide":false, - "instant":false, - "interval":"", - "intervalFactor":1, - "legendFormat":"<- in", - "metric":"container_cpu", - "refId":"A", - "step":10 - }, - { - "expr":"- sum (rate (container_network_transmit_bytes_total{namespace=\"$namespace\"}[10m])) by (namespace)", - "format":"time_series", - "hide":false, - "instant":false, - "interval":"", - "intervalFactor":1, - "legendFormat":"-> out", - "refId":"B" - } - ], - "thresholds":[ - - ], - "timeFrom":"", - "timeShift":null, - "title":"Network IO", - "tooltip":{ - "msResolution":true, - "shared":true, - "sort":2, - "value_type":"cumulative" - }, - "type":"graph", - "xaxis":{ - "buckets":null, - "mode":"time", - "name":null, - "show":true, - "values":[ - - ] - }, - "yaxes":[ - { - "format":"Bps", - "label":"", - "logBase":1, - "max":null, - "min":null, - "show":true - }, - { - "format":"short", - "label":null, - "logBase":1, - "max":null, - "min":null, - "show":false - } - ], - "yaxis":{ - "align":false, - "alignLevel":null - } - }, - { - "aliasColors":{ - - }, - "bars":false, - "dashLength":10, - "dashes":false, - "datasource":"default-kubecost", - "decimals":2, - "description":"Disk reads and writes for the namespace, as a sum of the pods within it", - "editable":true, - "error":false, - "fill":1, - "grid":{ - - }, - "gridPos":{ - "h":6, - "w":12, - "x":12, - "y":24 - }, - "height":"", - "id":98, - "isNew":true, - "legend":{ - "alignAsTable":false, - "avg":true, - "current":true, - "hideEmpty":false, - "hideZero":false, - "max":false, - "min":false, - "rightSide":false, - "show":true, - "sideWidth":null, - "sort":"current", - "sortDesc":true, - "total":false, - "values":true - }, - "lines":true, - "linewidth":2, - "links":[ - - ], - "nullPointMode":"connected", - "percentage":false, - "pointradius":5, - "points":false, - "renderer":"flot", - "seriesOverrides":[ - - ], - "spaceLength":10, - "stack":false, - "steppedLine":false, - "targets":[ - { - "expr":"sum (rate (container_fs_writes_bytes_total{namespace=\"$namespace\"}[10m])) by (namespace)", - "format":"time_series", - "hide":false, - "instant":false, - "interval":"", - "intervalFactor":1, - "legendFormat":"<- write", - "metric":"container_cpu", - "refId":"A", - "step":10 - }, - { - "expr":"- sum (rate (container_fs_reads_bytes_total{namespace=\"$namespace\"}[10m])) by (namespace)", - "format":"time_series", - "hide":false, - "instant":false, - "interval":"", - "intervalFactor":1, - "legendFormat":"-> read", - "refId":"B" - } - ], - "thresholds":[ - - ], - "timeFrom":"", - "timeShift":null, - "title":"Disk IO", - "tooltip":{ - "msResolution":true, - "shared":true, - "sort":2, - "value_type":"cumulative" - }, - "type":"graph", - "xaxis":{ - "buckets":null, - "mode":"time", - "name":null, - "show":true, - "values":[ - - ] - }, - "yaxes":[ - { - "format":"Bps", - "label":"", - "logBase":1, - "max":null, - "min":null, - "show":true - }, - { - "format":"short", - "label":null, - "logBase":1, - "max":null, - "min":null, - "show":false - } - ], - "yaxis":{ - "align":false, - "alignLevel":null - } - } - ], - "refresh":"10s", - "schemaVersion":16, - "style":"dark", - "tags":[ - "cost", - "utilization", - "metrics" - ], - "templating":{ - "list":[ - { - "current":{ - "text":"23.06", - "value":"23.06" - }, - "hide":0, - "label":"CPU", - "name":"costcpu", - "options":[ - { - "text":"23.06", - "value":"23.06" - } - ], - "query":"23.06", - "skipUrlSync":false, - "type":"constant" - }, - { - "current":{ - "text":"7.28", - "value":"7.28" - }, - "hide":0, - "label":"PE CPU", - "name":"costpcpu", - "options":[ - { - "text":"7.28", - "value":"7.28" - } - ], - "query":"7.28", - "skipUrlSync":false, - "type":"constant" - }, - { - "current":{ - "text":"3.25", - "value":"3.25" - }, - "hide":0, - "label":"RAM", - "name":"costram", - "options":[ - { - "text":"3.25", - "value":"3.25" - } - ], - "query":"3.25", - "skipUrlSync":false, - "type":"constant" - }, - { - "current":{ - "text":"0.6862", - "value":"0.6862" - }, - "hide":0, - "label":"PE RAM", - "name":"costpram", - "options":[ - { - "text":"0.6862", - "value":"0.6862" - } - ], - "query":"0.6862", - "skipUrlSync":false, - "type":"constant" - }, - { - "current":{ - "text":"0.04", - "value":"0.04" - }, - "hide":0, - "label":"Storage", - "name":"costStorageStandard", - "options":[ - { - "text":"0.04", - "value":"0.04" - } - ], - "query":"0.04", - "skipUrlSync":false, - "type":"constant" - }, - { - "current":{ - "text":".17", - "value":".17" - }, - "hide":0, - "label":"SSD", - "name":"costStorageSSD", - "options":[ - { - "text":".17", - "value":".17" - } - ], - "query":".17", - "skipUrlSync":false, - "type":"constant" - }, - { - "current":{ - "text":"30", - "value":"30" - }, - "hide":0, - "label":"Disc.", - "name":"costDiscount", - "options":[ - { - "text":"30", - "value":"30" - } - ], - "query":"30", - "skipUrlSync":false, - "type":"constant" - }, - { - "allValue":null, - "current":{ - "text":"kube-system", - "value":"kube-system" - }, - "datasource":"default-kubecost", - "hide":0, - "includeAll":false, - "label":"NS", - "multi":false, - "name":"namespace", - "options":[ - - ], - "query":"query_result(sum(kube_namespace_created{namespace!=\"\"}) by (namespace))", - "refresh":1, - "regex":"/namespace=\\\"(.*?)(\\\")/", - "skipUrlSync":false, - "sort":0, - "tagValuesQuery":"", - "tags":[ - - ], - "tagsQuery":"", - "type":"query", - "useTags":false - }, - { - "datasource":"default-kubecost", - "filters":[ - - ], - "hide":0, - "label":"", - "name":"Filters", - "skipUrlSync":false, - "type":"adhoc" - } - ] - }, - "time":{ - "from":"now-15m", - "to":"now" - }, - "timepicker":{ - "hidden":false, - "refresh_intervals":[ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options":[ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone":"browser", - "title":"Namespace utilization metrics", - "uid":"at-cost-analysis-namespace2", - "version":1 -} diff --git a/charts/kubecost/cost-analyzer/1.70.0/node-utilization.json b/charts/kubecost/cost-analyzer/1.70.0/node-utilization.json deleted file mode 100644 index ce751c199..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/node-utilization.json +++ /dev/null @@ -1,1370 +0,0 @@ -{ - "annotations":{ - "list":[ - { - "builtIn":1, - "datasource":"-- Grafana --", - "enable":true, - "hide":true, - "iconColor":"rgba(0, 211, 255, 1)", - "name":"Annotations & Alerts", - "type":"dashboard" - } - ] - }, - "editable":true, - "gnetId":null, - "graphTooltip":0, - "id":6, - "iteration":1557245882378, - "links":[ - - ], - "panels":[ - { - "cacheTimeout":null, - "colorBackground":false, - "colorValue":false, - "colors":[ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource":"default-kubecost", - "format":"percentunit", - "gauge":{ - "maxValue":100, - "minValue":0, - "show":true, - "thresholdLabels":false, - "thresholdMarkers":true - }, - "gridPos":{ - "h":7, - "w":8, - "x":0, - "y":0 - }, - "id":2, - "interval":null, - "links":[ - - ], - "mappingType":1, - "mappingTypes":[ - { - "name":"value to text", - "value":1 - }, - { - "name":"range to text", - "value":2 - } - ], - "maxDataPoints":100, - "nullPointMode":"connected", - "nullText":null, - "postfix":"", - "postfixFontSize":"50%", - "prefix":"", - "prefixFontSize":"50%", - "rangeMaps":[ - { - "from":"null", - "text":"N/A", - "to":"null" - } - ], - "sparkline":{ - "fillColor":"rgba(31, 118, 189, 0.18)", - "full":false, - "lineColor":"rgb(31, 120, 193)", - "show":false - }, - "tableColumn":"", - "targets":[ - { - "expr":"sum(irate(container_cpu_usage_seconds_total{id=\"/\",instance=\"$node\"}[10m]))", - "format":"time_series", - "intervalFactor":1, - "refId":"A" - } - ], - "thresholds":"", - "title":"CPU Usage", - "type":"singlestat", - "valueFontSize":"80%", - "valueMaps":[ - { - "op":"=", - "text":"N/A", - "value":"null" - } - ], - "valueName":"avg" - }, - { - "cacheTimeout":null, - "colorBackground":false, - "colorValue":false, - "colors":[ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource":"default-kubecost", - "format":"percentunit", - "gauge":{ - "maxValue":100, - "minValue":0, - "show":true, - "thresholdLabels":false, - "thresholdMarkers":true - }, - "gridPos":{ - "h":7, - "w":8, - "x":8, - "y":0 - }, - "id":3, - "interval":null, - "links":[ - - ], - "mappingType":1, - "mappingTypes":[ - { - "name":"value to text", - "value":1 - }, - { - "name":"range to text", - "value":2 - } - ], - "maxDataPoints":100, - "nullPointMode":"connected", - "nullText":null, - "postfix":"", - "postfixFontSize":"50%", - "prefix":"", - "prefixFontSize":"50%", - "rangeMaps":[ - { - "from":"null", - "text":"N/A", - "to":"null" - } - ], - "sparkline":{ - "fillColor":"rgba(31, 118, 189, 0.18)", - "full":false, - "lineColor":"rgb(31, 120, 193)", - "show":false - }, - "tableColumn":"", - "targets":[ - { - "expr":"SUM(container_memory_usage_bytes{namespace!=\"\",instance=\"$node\"}) / SUM(kube_node_status_capacity_memory_bytes{node=\"$node\"})", - "format":"time_series", - "intervalFactor":1, - "refId":"A" - } - ], - "thresholds":"", - "title":"Memory Usage", - "type":"singlestat", - "valueFontSize":"80%", - "valueMaps":[ - { - "op":"=", - "text":"N/A", - "value":"null" - } - ], - "valueName":"avg" - }, - { - "cacheTimeout":null, - "colorBackground":false, - "colorValue":false, - "colors":[ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource":"default-kubecost", - "format":"percentunit", - "gauge":{ - "maxValue":100, - "minValue":0, - "show":true, - "thresholdLabels":false, - "thresholdMarkers":true - }, - "gridPos":{ - "h":7, - "w":8, - "x":16, - "y":0 - }, - "id":4, - "interval":null, - "links":[ - - ], - "mappingType":1, - "mappingTypes":[ - { - "name":"value to text", - "value":1 - }, - { - "name":"range to text", - "value":2 - } - ], - "maxDataPoints":100, - "nullPointMode":"connected", - "nullText":null, - "postfix":"", - "postfixFontSize":"50%", - "prefix":"", - "prefixFontSize":"50%", - "rangeMaps":[ - { - "from":"null", - "text":"N/A", - "to":"null" - } - ], - "sparkline":{ - "fillColor":"rgba(31, 118, 189, 0.18)", - "full":false, - "lineColor":"rgb(31, 120, 193)", - "show":false - }, - "tableColumn":"", - "targets":[ - { - "expr":"sum(container_fs_usage_bytes{device=~\"^/dev/[sv]d[a-z][1-9]$\",id=\"/\",instance=\"$node\"}) /\nsum(container_fs_limit_bytes{device=~\"^/dev/[sv]d[a-z][1-9]$\",id=\"/\",instance=\"$node\"})", - "format":"time_series", - "intervalFactor":1, - "refId":"A" - } - ], - "thresholds":"", - "title":"Storage Usage", - "type":"singlestat", - "valueFontSize":"80%", - "valueMaps":[ - { - "op":"=", - "text":"N/A", - "value":"null" - } - ], - "valueName":"avg" - }, - { - "columns":[ - { - "text":"Avg", - "value":"avg" - } - ], - "datasource":"default-kubecost", - "fontSize":"100%", - "gridPos":{ - "h":8, - "w":16, - "x":0, - "y":7 - }, - "hideTimeOverride":true, - "id":21, - "links":[ - - ], - "pageSize":8, - "repeat":null, - "repeatDirection":"v", - "scroll":true, - "showHeader":true, - "sort":{ - "col":4, - "desc":true - }, - "styles":[ - { - "alias":"Pod", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(50, 172, 45, 0.97)", - "#c15c17" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "link":false, - "linkTooltip":"", - "linkUrl":"", - "pattern":"pod_name", - "thresholds":[ - "30", - "80" - ], - "type":"string", - "unit":"currencyUSD" - }, - { - "alias":"", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Time", - "thresholds":[ - - ], - "type":"hidden", - "unit":"short" - }, - { - "alias":"CPU Usage", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Value #C", - "thresholds":[ - - ], - "type":"number", - "unit":"short" - }, - { - "alias":"CPU Request", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Value #A", - "thresholds":[ - - ], - "type":"number", - "unit":"short" - }, - { - "alias":"CPU Limit", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Value #B", - "thresholds":[ - - ], - "type":"number", - "unit":"short" - }, - { - "alias":"Mem Usage", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Value #D", - "thresholds":[ - - ], - "type":"number", - "unit":"bytes" - }, - { - "alias":"Mem Request", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Value #E", - "thresholds":[ - - ], - "type":"number", - "unit":"bytes" - }, - { - "alias":"Mem Limit", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Value #F", - "thresholds":[ - - ], - "type":"number", - "unit":"bytes" - } - ], - "targets":[ - { - "expr":"sum(rate(container_cpu_usage_seconds_total{container_name!=\"\",container_name!=\"POD\",pod_name!=\"\",instance=\"$node\"}[24h])) by (pod_name)", - "format":"table", - "instant":true, - "intervalFactor":1, - "refId":"C" - }, - { - "expr":"sum(label_replace(\nsum(avg_over_time(kube_pod_container_resource_requests_cpu_cores{container!=\"\",container!=\"POD\",node=\"$node\"}[24h])) by (pod), \n\"pod_name\",\"$1\",\"pod\",\"(.+)\")\nor up * 0\n) by (pod_name)", - "format":"table", - "instant":true, - "intervalFactor":1, - "refId":"A" - }, - { - "expr":"sum(avg_over_time(container_memory_usage_bytes{container_name!=\"\",container_name!=\"POD\",pod_name!=\"\",instance=\"$node\"}[24h])) by (pod_name)\n", - "format":"table", - "instant":true, - "intervalFactor":1, - "refId":"D" - }, - { - "expr":"sum(label_replace(label_replace(\nsum(avg_over_time(kube_pod_container_resource_requests_memory_bytes{container!=\"\",container!=\"POD\",node=\"$node\"}[24h])) by (pod),\n\"container_name\",\"$1\",\"container\",\"(.+)\"), \"pod_name\",\"$1\",\"pod\",\"(.+)\")\nor up * 0\n) by (pod_name)\n", - "format":"table", - "instant":true, - "intervalFactor":1, - "refId":"E" - } - ], - "timeFrom":"1M", - "timeShift":null, - "title":"Current pods", - "transform":"table", - "transparent":false, - "type":"table" - }, - { - "cacheTimeout":null, - "colorBackground":false, - "colorValue":false, - "colors":[ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource":"default-kubecost", - "decimals":0, - "format":"none", - "gauge":{ - "maxValue":100, - "minValue":0, - "show":false, - "thresholdLabels":false, - "thresholdMarkers":true - }, - "gridPos":{ - "h":4, - "w":4, - "x":16, - "y":7 - }, - "id":8, - "interval":null, - "links":[ - - ], - "mappingType":1, - "mappingTypes":[ - { - "name":"value to text", - "value":1 - }, - { - "name":"range to text", - "value":2 - } - ], - "maxDataPoints":100, - "nullPointMode":"connected", - "nullText":null, - "postfix":"", - "postfixFontSize":"50%", - "prefix":"", - "prefixFontSize":"50%", - "rangeMaps":[ - { - "from":"null", - "text":"N/A", - "to":"null" - } - ], - "sparkline":{ - "fillColor":"rgba(31, 118, 189, 0.18)", - "full":false, - "lineColor":"rgb(31, 120, 193)", - "show":false - }, - "tableColumn":"", - "targets":[ - { - "expr":"sum(\n count(avg_over_time(kube_pod_container_resource_requests_cpu_cores{container!=\"\",container!=\"POD\",node=\"$node\"}[24h])) by (pod)\n * on (pod) group_right()\n sum(kube_pod_container_status_running) by (pod)\n)", - "format":"time_series", - "instant":true, - "intervalFactor":1, - "refId":"A" - } - ], - "thresholds":"", - "title":"Pods Running", - "type":"singlestat", - "valueFontSize":"80%", - "valueMaps":[ - { - "op":"=", - "text":"N/A", - "value":"null" - } - ], - "valueName":"current" - }, - { - "cacheTimeout":null, - "colorBackground":false, - "colorValue":false, - "colors":[ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource":"default-kubecost", - "format":"bytes", - "gauge":{ - "maxValue":100, - "minValue":0, - "show":false, - "thresholdLabels":false, - "thresholdMarkers":true - }, - "gridPos":{ - "h":4, - "w":4, - "x":20, - "y":7 - }, - "id":18, - "interval":null, - "links":[ - - ], - "mappingType":1, - "mappingTypes":[ - { - "name":"value to text", - "value":1 - }, - { - "name":"range to text", - "value":2 - } - ], - "maxDataPoints":100, - "nullPointMode":"connected", - "nullText":null, - "postfix":"", - "postfixFontSize":"50%", - "prefix":"", - "prefixFontSize":"50%", - "rangeMaps":[ - { - "from":"null", - "text":"N/A", - "to":"null" - } - ], - "sparkline":{ - "fillColor":"rgba(31, 118, 189, 0.18)", - "full":false, - "lineColor":"rgb(31, 120, 193)", - "show":false - }, - "tableColumn":"", - "targets":[ - { - "expr":"sum(container_fs_limit_bytes{device=~\"^/dev/[sv]d[a-z][1-9]$\",id=\"/\",instance=\"$node\"})", - "format":"time_series", - "intervalFactor":1, - "refId":"A" - } - ], - "thresholds":"", - "title":"Storage Capacity", - "type":"singlestat", - "valueFontSize":"80%", - "valueMaps":[ - { - "op":"=", - "text":"N/A", - "value":"null" - } - ], - "valueName":"current" - }, - { - "cacheTimeout":null, - "colorBackground":false, - "colorValue":false, - "colors":[ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource":"default-kubecost", - "format":"none", - "gauge":{ - "maxValue":100, - "minValue":0, - "show":false, - "thresholdLabels":false, - "thresholdMarkers":true - }, - "gridPos":{ - "h":4, - "w":4, - "x":16, - "y":11 - }, - "id":9, - "interval":null, - "links":[ - - ], - "mappingType":1, - "mappingTypes":[ - { - "name":"value to text", - "value":1 - }, - { - "name":"range to text", - "value":2 - } - ], - "maxDataPoints":100, - "nullPointMode":"connected", - "nullText":null, - "postfix":"", - "postfixFontSize":"50%", - "prefix":"", - "prefixFontSize":"50%", - "rangeMaps":[ - { - "from":"null", - "text":"N/A", - "to":"null" - } - ], - "sparkline":{ - "fillColor":"rgba(31, 118, 189, 0.18)", - "full":false, - "lineColor":"rgb(31, 120, 193)", - "show":false - }, - "tableColumn":"", - "targets":[ - { - "expr":"kube_node_status_capacity_cpu_cores{node=\"$node\"}", - "format":"time_series", - "intervalFactor":1, - "refId":"A" - } - ], - "thresholds":"", - "title":"CPU Capacity", - "type":"singlestat", - "valueFontSize":"80%", - "valueMaps":[ - { - "op":"=", - "text":"N/A", - "value":"null" - } - ], - "valueName":"avg" - }, - { - "cacheTimeout":null, - "colorBackground":false, - "colorValue":false, - "colors":[ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource":"default-kubecost", - "format":"bytes", - "gauge":{ - "maxValue":100, - "minValue":0, - "show":false, - "thresholdLabels":false, - "thresholdMarkers":true - }, - "gridPos":{ - "h":4, - "w":4, - "x":20, - "y":11 - }, - "id":19, - "interval":null, - "links":[ - - ], - "mappingType":1, - "mappingTypes":[ - { - "name":"value to text", - "value":1 - }, - { - "name":"range to text", - "value":2 - } - ], - "maxDataPoints":100, - "nullPointMode":"connected", - "nullText":null, - "postfix":"", - "postfixFontSize":"50%", - "prefix":"", - "prefixFontSize":"50%", - "rangeMaps":[ - { - "from":"null", - "text":"N/A", - "to":"null" - } - ], - "sparkline":{ - "fillColor":"rgba(31, 118, 189, 0.18)", - "full":false, - "lineColor":"rgb(31, 120, 193)", - "show":false - }, - "tableColumn":"", - "targets":[ - { - "expr":"kube_node_status_capacity_memory_bytes{node=\"$node\"}", - "format":"time_series", - "intervalFactor":1, - "refId":"A" - } - ], - "thresholds":"", - "title":"RAM Capacity", - "type":"singlestat", - "valueFontSize":"80%", - "valueMaps":[ - { - "op":"=", - "text":"N/A", - "value":"null" - } - ], - "valueName":"current" - }, - { - "aliasColors":{ - - }, - "bars":false, - "dashLength":10, - "dashes":false, - "datasource":"default-kubecost", - "decimals":3, - "description":"This panel shows historical utilization for the node.", - "editable":true, - "error":false, - "fill":0, - "grid":{ - - }, - "gridPos":{ - "h":6, - "w":12, - "x":0, - "y":15 - }, - "height":"", - "id":11, - "isNew":true, - "legend":{ - "alignAsTable":false, - "avg":false, - "current":false, - "hideEmpty":false, - "hideZero":false, - "max":false, - "min":false, - "rightSide":false, - "show":false, - "sideWidth":null, - "sort":"current", - "sortDesc":true, - "total":false, - "values":true - }, - "lines":true, - "linewidth":2, - "links":[ - - ], - "nullPointMode":"connected", - "percentage":false, - "pointradius":5, - "points":false, - "renderer":"flot", - "seriesOverrides":[ - - ], - "spaceLength":10, - "stack":false, - "steppedLine":true, - "targets":[ - { - "expr":"sum(irate(container_cpu_usage_seconds_total{id=\"/\",instance=\"$node\"}[10m]))", - "format":"time_series", - "hide":false, - "instant":false, - "interval":"10s", - "intervalFactor":1, - "legendFormat":"cpu utilization", - "metric":"container_cpu", - "refId":"A", - "step":10 - } - ], - "thresholds":[ - - ], - "timeFrom":"", - "timeShift":null, - "title":"CPU Utilization", - "tooltip":{ - "msResolution":true, - "shared":true, - "sort":2, - "value_type":"cumulative" - }, - "type":"graph", - "xaxis":{ - "buckets":null, - "mode":"time", - "name":null, - "show":true, - "values":[ - - ] - }, - "yaxes":[ - { - "decimals":null, - "format":"percentunit", - "label":"", - "logBase":1, - "max":"1.1", - "min":"0", - "show":true - }, - { - "format":"short", - "label":null, - "logBase":1, - "max":null, - "min":null, - "show":false - } - ], - "yaxis":{ - "align":false, - "alignLevel":null - } - }, - { - "aliasColors":{ - - }, - "bars":false, - "dashLength":10, - "dashes":false, - "datasource":"default-kubecost", - "decimals":2, - "description":"This panel shows historical utilization for the node.", - "editable":true, - "error":false, - "fill":0, - "grid":{ - - }, - "gridPos":{ - "h":6, - "w":12, - "x":12, - "y":15 - }, - "id":13, - "isNew":true, - "legend":{ - "alignAsTable":false, - "avg":false, - "current":false, - "max":false, - "min":false, - "rightSide":false, - "show":false, - "sideWidth":200, - "sort":"current", - "sortDesc":true, - "total":false, - "values":true - }, - "lines":true, - "linewidth":2, - "links":[ - - ], - "nullPointMode":"connected", - "percentage":false, - "pointradius":5, - "points":false, - "renderer":"flot", - "seriesOverrides":[ - - ], - "spaceLength":10, - "stack":false, - "steppedLine":true, - "targets":[ - { - "expr":"SUM(container_memory_usage_bytes{namespace!=\"\",instance=\"$node\"}) / SUM(kube_node_status_capacity_memory_bytes{node=\"$node\"})", - "format":"time_series", - "instant":false, - "interval":"10s", - "intervalFactor":1, - "legendFormat":"ram utilization", - "metric":"container_memory_usage:sort_desc", - "refId":"A", - "step":10 - } - ], - "thresholds":[ - - ], - "timeFrom":"", - "timeShift":null, - "title":"RAM Utilization", - "tooltip":{ - "msResolution":false, - "shared":true, - "sort":2, - "value_type":"cumulative" - }, - "type":"graph", - "xaxis":{ - "buckets":null, - "mode":"time", - "name":null, - "show":true, - "values":[ - - ] - }, - "yaxes":[ - { - "decimals":null, - "format":"percentunit", - "label":null, - "logBase":1, - "max":"1.1", - "min":"0", - "show":true - }, - { - "format":"short", - "label":null, - "logBase":1, - "max":null, - "min":null, - "show":false - } - ], - "yaxis":{ - "align":false, - "alignLevel":null - } - }, - { - "aliasColors":{ - - }, - "bars":false, - "dashLength":10, - "dashes":false, - "datasource":"default-kubecost", - "decimals":2, - "description":"Traffic in and out of this namespace, as a sum of the pods within it", - "editable":true, - "error":false, - "fill":1, - "grid":{ - - }, - "gridPos":{ - "h":6, - "w":12, - "x":0, - "y":21 - }, - "height":"", - "id":15, - "isNew":true, - "legend":{ - "alignAsTable":false, - "avg":true, - "current":true, - "hideEmpty":false, - "hideZero":false, - "max":false, - "min":false, - "rightSide":false, - "show":true, - "sideWidth":null, - "sort":"current", - "sortDesc":true, - "total":false, - "values":true - }, - "lines":true, - "linewidth":2, - "links":[ - - ], - "nullPointMode":"connected", - "percentage":false, - "pointradius":5, - "points":false, - "renderer":"flot", - "seriesOverrides":[ - - ], - "spaceLength":10, - "stack":false, - "steppedLine":false, - "targets":[ - { - "expr":"sum (rate (container_network_receive_bytes_total{instance=\"$node\"}[10m]))", - "format":"time_series", - "hide":false, - "instant":false, - "interval":"", - "intervalFactor":1, - "legendFormat":"<- in", - "metric":"container_cpu", - "refId":"A", - "step":10 - }, - { - "expr":"- sum (rate (container_network_transmit_bytes_total{instance=\"$node\"}[10m]))", - "format":"time_series", - "hide":false, - "instant":false, - "interval":"", - "intervalFactor":1, - "legendFormat":"-> out", - "refId":"B" - } - ], - "thresholds":[ - - ], - "timeFrom":"", - "timeShift":null, - "title":"Network IO", - "tooltip":{ - "msResolution":true, - "shared":true, - "sort":2, - "value_type":"cumulative" - }, - "type":"graph", - "xaxis":{ - "buckets":null, - "mode":"time", - "name":null, - "show":true, - "values":[ - - ] - }, - "yaxes":[ - { - "format":"Bps", - "label":"", - "logBase":1, - "max":null, - "min":null, - "show":true - }, - { - "format":"short", - "label":null, - "logBase":1, - "max":null, - "min":null, - "show":false - } - ], - "yaxis":{ - "align":false, - "alignLevel":null - } - }, - { - "aliasColors":{ - - }, - "bars":false, - "dashLength":10, - "dashes":false, - "datasource":"default-kubecost", - "decimals":2, - "description":"Disk reads and writes for the namespace, as a sum of the pods within it", - "editable":true, - "error":false, - "fill":1, - "grid":{ - - }, - "gridPos":{ - "h":6, - "w":12, - "x":12, - "y":21 - }, - "height":"", - "id":17, - "isNew":true, - "legend":{ - "alignAsTable":false, - "avg":true, - "current":true, - "hideEmpty":false, - "hideZero":false, - "max":false, - "min":false, - "rightSide":false, - "show":true, - "sideWidth":null, - "sort":"current", - "sortDesc":true, - "total":false, - "values":true - }, - "lines":true, - "linewidth":2, - "links":[ - - ], - "nullPointMode":"connected", - "percentage":false, - "pointradius":5, - "points":false, - "renderer":"flot", - "seriesOverrides":[ - - ], - "spaceLength":10, - "stack":false, - "steppedLine":false, - "targets":[ - { - "expr":"sum (rate (container_fs_writes_bytes_total{instance=\"$node\"}[10m]))", - "format":"time_series", - "hide":false, - "instant":false, - "interval":"", - "intervalFactor":1, - "legendFormat":"<- write", - "metric":"container_cpu", - "refId":"A", - "step":10 - }, - { - "expr":"- sum (rate (container_fs_reads_bytes_total{instance=\"$node\"}[10m]))", - "format":"time_series", - "hide":false, - "instant":false, - "interval":"", - "intervalFactor":1, - "legendFormat":"-> read", - "refId":"B" - } - ], - "thresholds":[ - - ], - "timeFrom":"", - "timeShift":null, - "title":"Disk IO", - "tooltip":{ - "msResolution":true, - "shared":true, - "sort":2, - "value_type":"cumulative" - }, - "type":"graph", - "xaxis":{ - "buckets":null, - "mode":"time", - "name":null, - "show":true, - "values":[ - - ] - }, - "yaxes":[ - { - "format":"Bps", - "label":"", - "logBase":1, - "max":null, - "min":null, - "show":true - }, - { - "format":"short", - "label":null, - "logBase":1, - "max":null, - "min":null, - "show":false - } - ], - "yaxis":{ - "align":false, - "alignLevel":null - } - } - ], - "schemaVersion":16, - "style":"dark", - "tags":[ - "cost", - "utilization", - "metrics" - ], - "templating":{ - "list":[ - { - "allValue":null, - "current":{ - "text":"ip-172-20-44-170.us-east-2.compute.internal", - "value":"ip-172-20-44-170.us-east-2.compute.internal" - }, - "datasource":"default-kubecost", - "hide":0, - "includeAll":false, - "label":null, - "multi":false, - "name":"node", - "options":[ - - ], - "query":"query_result(kube_node_labels)", - "refresh":1, - "regex":"/node=\\\"(.*?)(\\\")/", - "skipUrlSync":false, - "sort":0, - "tagValuesQuery":"", - "tags":[ - - ], - "tagsQuery":"", - "type":"query", - "useTags":false - } - ] - }, - "time":{ - "from":"now-6h", - "to":"now" - }, - "timepicker":{ - "refresh_intervals":[ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options":[ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone":"", - "title":"Node utilization metrics", - "uid":"NUQW37Lmk", - "version":1 -} diff --git a/charts/kubecost/cost-analyzer/1.70.0/pod-utilization.json b/charts/kubecost/cost-analyzer/1.70.0/pod-utilization.json deleted file mode 100644 index 4e0abff2d..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/pod-utilization.json +++ /dev/null @@ -1,798 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "description": "Visualize your kubernetes costs at the pod level.", - "editable": true, - "gnetId": 9063, - "graphTooltip": 0, - "id": 4, - "iteration": 1560100821196, - "links": [], - "panels": [ - { - "columns": [ - { - "text": "Avg", - "value": "avg" - } - ], - "datasource": "default-kubecost", - "fontSize": "100%", - "gridPos": { - "h": 5, - "w": 24, - "x": 0, - "y": 0 - }, - "hideTimeOverride": true, - "id": 98, - "links": [], - "pageSize": 5, - "repeatDirection": "v", - "scroll": true, - "showHeader": true, - "sort": { - "col": 6, - "desc": true - }, - "styles": [ - { - "alias": "Container", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(50, 172, 45, 0.97)", - "#c15c17" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "pattern": "container_name", - "thresholds": [ - "30", - "80" - ], - "type": "string", - "unit": "currencyUSD" - }, - { - "alias": "Memory Allocation", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #B", - "thresholds": [], - "type": "number", - "unit": "bytes" - }, - { - "alias": "CPU Allocation", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "mappingType": 1, - "pattern": "Value #A", - "thresholds": [], - "type": "number", - "unit": "none" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "mappingType": 1, - "pattern": "Time", - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "Memory ($/hour)", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "mappingType": 1, - "pattern": "Value #C", - "thresholds": [], - "type": "number", - "unit": "currencyUSD" - }, - { - "alias": "Spot/PE RAM", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "mappingType": 1, - "pattern": "Value #D", - "thresholds": [], - "type": "number", - "unit": "currencyUSD" - }, - { - "alias": "Total", - "colorMode": null, - "colors": [ - "#bf1b00", - "rgba(50, 172, 45, 0.97)", - "#ef843c" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "mappingType": 1, - "pattern": "Value #E", - "thresholds": [ - "" - ], - "type": "number", - "unit": "currencyUSD" - } - ], - "targets": [ - { - "expr": "sum(\n avg_over_time(container_memory_allocation_bytes{namespace=\"$namespace\", pod=\"$pod\", container!=\"POD\"}[$__range])\n) by (container,node)", - "format": "table", - "instant": true, - "intervalFactor": 1, - "refId": "B" - }, - { - "expr": "sum(\n avg_over_time(container_cpu_allocation{namespace=\"$namespace\", pod=\"$pod\", container!=\"POD\"}[$__range])\n or up * 0 \n) by (container,node)", - "format": "table", - "hide": false, - "instant": true, - "interval": "", - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "timeFrom": "1M", - "timeShift": null, - "title": "Container cost & allocation analysis", - "transform": "table", - "transparent": false, - "type": "table" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "decimals": 3, - "description": "This graph attempts to show you CPU use of your application vs its requests", - "editable": true, - "error": false, - "fill": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 5 - }, - "height": "", - "id": 94, - "isNew": true, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": true, - "targets": [ - { - "expr": "avg (rate (container_cpu_usage_seconds_total{namespace=~\"$namespace\", pod_name=\"$pod\", container_name!=\"POD\",container_name!=\"\"}[10m])) by (container_name)", - "format": "time_series", - "hide": false, - "instant": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{ container_name }} (usage)", - "metric": "container_cpu", - "refId": "A", - "step": 10 - }, - { - "expr": "avg(kube_pod_container_resource_requests_cpu_cores{namespace=~\"$namespace\", pod=\"$pod\", container!=\"POD\"}) by (container)", - "format": "time_series", - "instant": false, - "intervalFactor": 1, - "legendFormat": "{{ container}} (request)", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": "", - "timeShift": null, - "title": "CPU Usage vs Requested", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 2, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "none", - "label": "", - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "decimals": 3, - "description": "This graph attempts to show you RAM use of your application vs its requests", - "editable": true, - "error": false, - "fill": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 5 - }, - "height": "", - "id": 96, - "isNew": true, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": true, - "targets": [ - { - "expr": "avg (avg_over_time (container_memory_working_set_bytes{namespace=\"$namespace\", pod_name=\"$pod\", container_name!=\"POD\",container_name!=\"\"}[1m])) by (container_name)", - "format": "time_series", - "hide": false, - "instant": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{ container_name }} (usage)", - "metric": "container_cpu", - "refId": "A", - "step": 10 - }, - { - "expr": "avg(kube_pod_container_resource_requests_memory_bytes{namespace=~\"$namespace\", pod=\"$pod\", container!=\"POD\"}) by (container)", - "format": "time_series", - "hide": false, - "instant": false, - "intervalFactor": 1, - "legendFormat": "{{ container }} (requested)", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": "", - "timeShift": null, - "title": "RAM Usage vs Requested", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 2, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "decimals": 2, - "description": "Traffic in and out of this pod, as a sum of its containers", - "editable": true, - "error": false, - "fill": 1, - "grid": {}, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 12 - }, - "height": "", - "id": 95, - "isNew": true, - "legend": { - "alignAsTable": false, - "avg": true, - "current": true, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "avg (rate (container_network_receive_bytes_total{namespace=\"$namespace\",pod_name=\"$pod\"}[10m])) by (pod_name)", - "format": "time_series", - "hide": false, - "instant": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "<- in", - "metric": "container_cpu", - "refId": "A", - "step": 10 - }, - { - "expr": "- avg (rate (container_network_transmit_bytes_total{namespace=\"$namespace\",pod_name=\"$pod\"}[10m])) by (pod_name)", - "format": "time_series", - "hide": false, - "instant": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "-> out", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": "", - "timeShift": null, - "title": "Network IO", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 2, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "decimals": 2, - "description": "Disk read writes", - "editable": true, - "error": false, - "fill": 1, - "grid": {}, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 12 - }, - "height": "", - "id": 97, - "isNew": true, - "legend": { - "alignAsTable": false, - "avg": true, - "current": true, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "avg (rate (container_fs_writes_bytes_total{namespace=\"$namespace\",pod_name=\"$pod\"}[10m])) by (pod_name)", - "format": "time_series", - "hide": false, - "instant": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "<- write", - "metric": "container_cpu", - "refId": "A", - "step": 10 - }, - { - "expr": "- avg (rate (container_fs_reads_bytes_total{namespace=\"$namespace\",pod_name=\"$pod\"}[10m])) by (pod_name)", - "format": "time_series", - "hide": false, - "instant": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "-> read", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": "", - "timeShift": null, - "title": "Disk IO", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 2, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": false, - "schemaVersion": 16, - "style": "dark", - "tags": [ - "cost", - "utilization", - "metrics" - ], - "templating": { - "list": [ - { - "current": { - "text": "0.044", - "value": "0.044" - }, - "hide": 0, - "label": "Storage", - "name": "costStorageStandard", - "options": [ - { - "text": "0.044", - "value": "0.044" - } - ], - "query": "0.044", - "skipUrlSync": false, - "type": "constant" - }, - { - "current": { - "text": "0.187", - "value": "0.187" - }, - "hide": 0, - "label": "SSD", - "name": "costStorageSSD", - "options": [ - { - "text": "0.187", - "value": "0.187" - } - ], - "query": "0.187", - "skipUrlSync": false, - "type": "constant" - }, - { - "current": { - "text": "30", - "value": "30" - }, - "hide": 0, - "label": "Disc.", - "name": "costDiscount", - "options": [ - { - "text": "30", - "value": "30" - } - ], - "query": "30", - "skipUrlSync": false, - "type": "constant" - }, - { - "allValue": null, - "current": { - "selected": false, - "text": "kubecost", - "value": "kubecost" - }, - "datasource": "default-kubecost", - "hide": 0, - "includeAll": false, - "label": "NS", - "multi": false, - "name": "namespace", - "options": [], - "query": "query_result(sum(container_memory_working_set_bytes{namespace!=\"\"}) by (namespace))", - "refresh": 1, - "regex": "/namespace=\\\"(.*?)(\\\")/", - "skipUrlSync": false, - "sort": 0, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "selected": false, - "tags": [], - "text": "kubecost-grafana-5cc9f5bf6-7kmgl", - "value": "kubecost-grafana-5cc9f5bf6-7kmgl" - }, - "datasource": "default-kubecost", - "hide": 0, - "includeAll": false, - "label": "Pod", - "multi": false, - "name": "pod", - "options": [], - "query": "query_result(sum(container_memory_working_set_bytes{namespace=\"$namespace\"}) by (pod_name))", - "refresh": 1, - "regex": "/pod_name=\\\"(.*?)(\\\")/", - "skipUrlSync": false, - "sort": 0, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-24h", - "to": "now" - }, - "timepicker": { - "hidden": false, - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "browser", - "title": "Pod cost & utilization metrics", - "uid": "at-cost-analysis-pod", - "version": 1 -} diff --git a/charts/kubecost/cost-analyzer/1.70.0/prom-benchmark.json b/charts/kubecost/cost-analyzer/1.70.0/prom-benchmark.json deleted file mode 100644 index 83c778bd5..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/prom-benchmark.json +++ /dev/null @@ -1,5670 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "description": "Metrics useful for benchmarking and loadtesting Prometheus itself. Designed primarily for Prometheus 2.17.x.", - "editable": true, - "gnetId": 12054, - "graphTooltip": 1, - "id": 9, - "iteration": 1603144824023, - "links": [], - "panels": [ - { - "collapsed": false, - "datasource": "default-kubecost", - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 49, - "panels": [], - "title": "Basics", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 1 - }, - "hiddenSeries": false, - "id": 40, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "prometheus_build_info{job=\"prometheus\",instance=\"$Prometheus:9090\"}", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{version}} - {{revision}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Prometheus Version", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 1 - }, - "hiddenSeries": false, - "id": 72, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "time() - process_start_time_seconds{job=\"prometheus\",instance=\"$Prometheus:9090\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Age", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Uptime", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "dtdurations", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 1 - }, - "hiddenSeries": false, - "id": 107, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "time() - prometheus_config_last_reload_success_timestamp_seconds{job=\"prometheus\",instance=\"$Prometheus:9090\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Age", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Last Successful Config Reload", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "dtdurations", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "datasource": "default-kubecost", - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 8 - }, - "id": 46, - "panels": [], - "title": "Ingestion", - "type": "row" - }, - { - "aliasColors": { - "Chunks": "#1F78C1", - "Chunks to persist": "#508642", - "Max chunks": "#052B51", - "Max to persist": "#3F6833", - "Time series": "#70dbed" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 9 - }, - "hiddenSeries": false, - "id": 3, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "prometheus_tsdb_head_series{job=\"prometheus\",instance=\"$Prometheus:9090\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Time series", - "metric": "prometheus_local_storage_memory_series", - "refId": "A", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Head Time series", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Chunks": "#1F78C1", - "Chunks to persist": "#508642", - "Max chunks": "#052B51", - "Max to persist": "#3F6833" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 9 - }, - "hiddenSeries": false, - "id": 26, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "prometheus_tsdb_head_active_appenders{job=\"prometheus\",instance=\"$Prometheus:9090\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Head Appenders", - "metric": "prometheus_local_storage_memory_series", - "refId": "A", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Head Active Appenders", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "samples/s": "#e5a8e2" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 9 - }, - "hiddenSeries": false, - "id": 1, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(prometheus_tsdb_head_samples_appended_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[2m])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "samples/s", - "metric": "prometheus_local_storage_ingested_samples_total", - "refId": "A", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Samples Appended/s", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Chunks": "#1F78C1", - "Chunks to persist": "#508642", - "Max chunks": "#052B51", - "Max to persist": "#3F6833", - "To persist": "#9AC48A" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 16 - }, - "hiddenSeries": false, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Max.*/", - "fill": 0 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "prometheus_tsdb_head_chunks{job=\"prometheus\",instance=\"$Prometheus:9090\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Chunks", - "metric": "prometheus_local_storage_memory_chunks", - "refId": "A", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Head Chunks", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Chunks": "#1F78C1", - "Chunks to persist": "#508642", - "Max chunks": "#052B51", - "Max to persist": "#3F6833" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 16 - }, - "hiddenSeries": false, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(prometheus_tsdb_head_chunks_created_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[2m])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "Created", - "metric": "prometheus_local_storage_chunk_ops_total", - "refId": "A", - "step": 10 - }, - { - "expr": "rate(prometheus_tsdb_head_chunks_removed_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[2m])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "Removed", - "metric": "prometheus_local_storage_chunk_ops_total", - "refId": "B", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Head Chunks/s", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Chunks": "#1F78C1", - "Chunks to persist": "#508642", - "Max chunks": "#052B51", - "Max to persist": "#3F6833", - "Removed": "#e5ac0e" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 16 - }, - "hiddenSeries": false, - "id": 25, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "prometheus_tsdb_isolation_high_watermark{job=\"prometheus\",instance=\"$Prometheus:9090\"} - prometheus_tsdb_isolation_low_watermark{job=\"prometheus\",instance=\"$Prometheus:9090\"}", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "Difference", - "metric": "prometheus_local_storage_chunk_ops_total", - "refId": "B", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Isolation Watermarks", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "datasource": "default-kubecost", - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 23 - }, - "id": 52, - "panels": [], - "title": "Compaction", - "type": "row" - }, - { - "aliasColors": { - "Chunks": "#1F78C1", - "Chunks to persist": "#508642", - "Max": "#447ebc", - "Max chunks": "#052B51", - "Max to persist": "#3F6833", - "Min": "#447ebc", - "Now": "#7eb26d" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 24 - }, - "hiddenSeries": false, - "id": 28, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "Max", - "fillBelowTo": "Min", - "lines": false - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "prometheus_tsdb_head_min_time{job=\"prometheus\",instance=\"$Prometheus:9090\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Min", - "metric": "prometheus_local_storage_series_chunks_persisted_count", - "refId": "A", - "step": 10 - }, - { - "expr": "time() * 1000", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Now", - "refId": "C" - }, - { - "expr": "prometheus_tsdb_head_max_time{job=\"prometheus\",instance=\"$Prometheus:9090\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Max", - "metric": "prometheus_local_storage_series_chunks_persisted_count", - "refId": "B", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Head Time Range", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "dateTimeAsIso", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Chunks": "#1F78C1", - "Chunks to persist": "#508642", - "Max chunks": "#052B51", - "Max to persist": "#3F6833" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 24 - }, - "hiddenSeries": false, - "id": 29, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(prometheus_tsdb_head_gc_duration_seconds_sum{job=\"prometheus\",instance=\"$Prometheus:9090\"}[2m])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "GC Time/s", - "metric": "prometheus_local_storage_series_chunks_persisted_count", - "refId": "A", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Head GC Time/s", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Chunks": "#1F78C1", - "Chunks to persist": "#508642", - "Max chunks": "#052B51", - "Max to persist": "#3F6833" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 24 - }, - "hiddenSeries": false, - "id": 14, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "Queue length", - "yaxis": 2 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "prometheus_tsdb_blocks_loaded{job=\"prometheus\",instance=\"$Prometheus:9090\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Blocks Loaded", - "metric": "prometheus_local_storage_indexing_batch_sizes_sum", - "refId": "A", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Blocks Loaded", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Chunks": "#1F78C1", - "Chunks to persist": "#508642", - "Failed Compactions": "#bf1b00", - "Failed Reloads": "#bf1b00", - "Max chunks": "#052B51", - "Max to persist": "#3F6833" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 31 - }, - "hiddenSeries": false, - "id": 30, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(prometheus_tsdb_reloads_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[10m])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "Reloads", - "metric": "prometheus_local_storage_series_chunks_persisted_count", - "refId": "A", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "TSDB Reloads/s", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "none", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Chunks": "#1F78C1", - "Chunks to persist": "#508642", - "Failed Compactions": "#bf1b00", - "Max chunks": "#052B51", - "Max to persist": "#3F6833" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 31 - }, - "hiddenSeries": false, - "id": 31, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(prometheus_tsdb_wal_fsync_duration_seconds_sum{job=\"prometheus\",instance=\"$Prometheus:9090\"}[2m]) / rate(prometheus_tsdb_wal_fsync_duration_seconds_count{job=\"prometheus\",instance=\"$Prometheus:9090\"}[2m])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "Fsync Latency", - "metric": "prometheus_local_storage_series_chunks_persisted_count", - "refId": "A", - "step": 10 - }, - { - "expr": "rate(prometheus_tsdb_wal_truncate_duration_seconds_sum{job=\"prometheus\",instance=\"$Prometheus:9090\"}[1m]) / rate(prometheus_tsdb_wal_trunacte_duration_seconds_count{job=\"prometheus\",instance=\"$Prometheus:9090\"}[1m])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "Truncate Latency", - "metric": "prometheus_local_storage_series_chunks_persisted_count", - "refId": "B", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "WAL Fsync&Truncate Latency", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Chunks": "#1F78C1", - "Chunks to persist": "#508642", - "Failed Compactions": "#bf1b00", - "Max chunks": "#052B51", - "Max to persist": "#3F6833", - "{instance=\"demo.robustperception.io:9090\",job=\"prometheus\"}": "#bf1b00" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 31 - }, - "hiddenSeries": false, - "id": 32, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(prometheus_tsdb_wal_corruptions_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[10m])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "WAL Corruptions", - "metric": "prometheus_local_storage_series_chunks_persisted_count", - "refId": "A", - "step": 10 - }, - { - "expr": "rate(prometheus_tsdb_reloads_failures_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[10m])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "Reload Failures", - "metric": "prometheus_local_storage_series_chunks_persisted_count", - "refId": "B", - "step": 10 - }, - { - "expr": "rate(prometheus_tsdb_head_series_not_found{job=\"prometheus\",instance=\"$Prometheus:9090\"}[10m])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "Head Series Not Found", - "metric": "prometheus_local_storage_series_chunks_persisted_count", - "refId": "C", - "step": 10 - }, - { - "expr": "rate(prometheus_tsdb_compactions_failed_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[10m])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "Compaction Failures", - "metric": "prometheus_local_storage_series_chunks_persisted_count", - "refId": "D", - "step": 10 - }, - { - "expr": "rate(prometheus_tsdb_retention_cutoffs_failures_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[10m])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "Retention Cutoff Failures", - "metric": "prometheus_local_storage_series_chunks_persisted_count", - "refId": "E", - "step": 10 - }, - { - "expr": "rate(prometheus_tsdb_checkpoint_creations_failed_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[10m])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "WAL Checkpoint Creation Failures", - "metric": "prometheus_local_storage_series_chunks_persisted_count", - "refId": "F", - "step": 10 - }, - { - "expr": "rate(prometheus_tsdb_checkpoint_deletions_failed_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[10m])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "WAL Checkpoint Deletion Failures", - "metric": "prometheus_local_storage_series_chunks_persisted_count", - "refId": "G", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "TSDB Problems/s", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "none", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Chunks": "#1F78C1", - "Chunks to persist": "#508642", - "Failed Compactions": "#bf1b00", - "Max chunks": "#052B51", - "Max to persist": "#3F6833" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 38 - }, - "hiddenSeries": false, - "id": 19, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(prometheus_tsdb_compactions_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[10m])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "Compactions", - "metric": "prometheus_local_storage_series_chunks_persisted_count", - "refId": "A", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Compactions/s", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "none", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Chunks": "#1F78C1", - "Chunks to persist": "#508642", - "Max chunks": "#052B51", - "Max to persist": "#3F6833" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 38 - }, - "hiddenSeries": false, - "id": 33, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(prometheus_tsdb_compaction_duration_seconds_sum{job=\"prometheus\",instance=\"$Prometheus:9090\"}[10m])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "", - "metric": "prometheus_local_storage_series_chunks_persisted_count", - "refId": "A", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Compaction Time/s", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Allocated bytes": "#F9BA8F", - "Chunks": "#1F78C1", - "Chunks to persist": "#508642", - "Max chunks": "#052B51", - "Max to persist": "#3F6833", - "RSS": "#890F02" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 38 - }, - "hiddenSeries": false, - "id": 8, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(prometheus_tsdb_time_retentions_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[10m])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Time Cutoffs", - "metric": "last", - "refId": "A", - "step": 10 - }, - { - "expr": "rate(prometheus_tsdb_size_retentions_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[10m])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Size Cutoffs", - "metric": "last", - "refId": "B", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Retention Cutoffs/s", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "none", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Chunks": "#1F78C1", - "Chunks to persist": "#508642", - "Max chunks": "#052B51", - "Max to persist": "#3F6833" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 45 - }, - "hiddenSeries": false, - "id": 27, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(prometheus_tsdb_compaction_chunk_range_seconds_sum{job=\"prometheus\",instance=\"$Prometheus:9090\"}[10m]) / rate(prometheus_tsdb_compaction_chunk_range_seconds_count{job=\"prometheus\",instance=\"$Prometheus:9090\"}[10m])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Chunk Time Range", - "metric": "prometheus_local_storage_series_chunks_persisted_count", - "refId": "A", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "First Compaction, Avg Chunk Time Range", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "dtdurationms", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Chunks": "#1F78C1", - "Chunks to persist": "#508642", - "Max chunks": "#052B51", - "Max to persist": "#3F6833" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 45 - }, - "hiddenSeries": false, - "id": 35, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(prometheus_tsdb_compaction_chunk_size_bytes_sum{job=\"prometheus\",instance=\"$Prometheus:9090\"}[10m]) / rate(prometheus_tsdb_compaction_chunk_samples_sum{job=\"prometheus\",instance=\"$Prometheus:9090\"}[10m])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Bytes/Sample", - "metric": "prometheus_local_storage_series_chunks_persisted_count", - "refId": "A", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "First Compaction, Avg Bytes/Sample", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Chunks": "#1F78C1", - "Chunks to persist": "#508642", - "Max chunks": "#052B51", - "Max to persist": "#3F6833" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 45 - }, - "hiddenSeries": false, - "id": 34, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(prometheus_tsdb_compaction_chunk_samples_sum{job=\"prometheus\",instance=\"$Prometheus:9090\"}[10m]) / rate(prometheus_tsdb_compaction_chunk_samples_count{job=\"prometheus\",instance=\"$Prometheus:9090\"}[10m])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Chunk Samples", - "metric": "prometheus_local_storage_series_chunks_persisted_count", - "refId": "A", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "First Compaction, Avg Chunk Samples", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "none", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "datasource": "default-kubecost", - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 52 - }, - "id": 55, - "panels": [], - "title": "Resource Usage", - "type": "row" - }, - { - "aliasColors": { - "Allocated bytes": "#7EB26D", - "Allocated bytes - 1m max": "#BF1B00", - "Allocated bytes - 1m min": "#BF1B00", - "Allocated bytes - 5m max": "#BF1B00", - "Allocated bytes - 5m min": "#BF1B00", - "Chunks": "#1F78C1", - "Chunks to persist": "#508642", - "Max chunks": "#052B51", - "Max to persist": "#3F6833", - "RSS": "#447EBC" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "decimals": null, - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 53 - }, - "hiddenSeries": false, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/-/", - "fill": 0 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_resident_memory_bytes{job=\"prometheus\",instance=\"$Prometheus:9090\"}", - "intervalFactor": 2, - "legendFormat": "RSS", - "metric": "process_resident_memory_bytes", - "refId": "B", - "step": 10 - }, - { - "expr": "prometheus_local_storage_target_heap_size_bytes{job=\"prometheus\",instance=\"$Prometheus:9090\"}", - "intervalFactor": 2, - "legendFormat": "Target heap size", - "metric": "go_memstats_alloc_bytes", - "refId": "D", - "step": 10 - }, - { - "expr": "go_memstats_next_gc_bytes{job=\"prometheus\",instance=\"$Prometheus:9090\"}", - "intervalFactor": 2, - "legendFormat": "Next GC", - "metric": "go_memstats_next_gc_bytes", - "refId": "C", - "step": 10 - }, - { - "expr": "go_memstats_alloc_bytes{job=\"prometheus\",instance=\"$Prometheus:9090\"}", - "intervalFactor": 2, - "legendFormat": "Allocated", - "metric": "go_memstats_alloc_bytes", - "refId": "A", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Allocated bytes": "#F9BA8F", - "Chunks": "#1F78C1", - "Chunks to persist": "#508642", - "Max chunks": "#052B51", - "Max to persist": "#3F6833", - "RSS": "#890F02" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 53 - }, - "hiddenSeries": false, - "id": 7, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(go_memstats_alloc_bytes_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[2m])", - "interval": "", - "intervalFactor": 2, - "legendFormat": "Allocated Bytes/s", - "metric": "go_memstats_alloc_bytes", - "refId": "A", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Allocations", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "decimals": 2, - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 53 - }, - "hiddenSeries": false, - "id": 9, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "irate(process_cpu_seconds_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[1m])", - "intervalFactor": 2, - "legendFormat": "Irate", - "metric": "prometheus_local_storage_ingested_samples_total", - "refId": "A", - "step": 10 - }, - { - "expr": "rate(process_cpu_seconds_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[5m])", - "intervalFactor": 2, - "legendFormat": "5m rate", - "metric": "prometheus_local_storage_ingested_samples_total", - "refId": "B", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CPU", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - "avg" - ] - }, - "yaxes": [ - { - "format": "none", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "decimals": 2, - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 60 - }, - "hiddenSeries": false, - "id": 70, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "prometheus_tsdb_symbol_table_size_bytes{job=\"prometheus\",instance=\"$Prometheus:9090\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "RAM Used", - "metric": "prometheus_local_storage_ingested_samples_total", - "refId": "A", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Symbol Tables Size", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - "avg" - ] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "decimals": 2, - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 60 - }, - "hiddenSeries": false, - "id": 71, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "prometheus_tsdb_storage_blocks_bytes_total{job=\"prometheus\",instance=\"$Prometheus:9090\"} or prometheus_tsdb_storage_blocks_bytes{job=\"prometheus\",instance=\"$Prometheus:9090\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Disk Used", - "metric": "prometheus_local_storage_ingested_samples_total", - "refId": "A", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Block Size", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - "avg" - ] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Max": "#e24d42", - "Open": "#508642" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 60 - }, - "hiddenSeries": false, - "id": 41, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_max_fds{job=\"prometheus\",instance=\"$Prometheus:9090\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Max", - "refId": "A" - }, - { - "expr": "process_open_fds{job=\"prometheus\",instance=\"$Prometheus:9090\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Open", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "File Descriptors", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "datasource": "default-kubecost", - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 67 - }, - "id": 91, - "panels": [], - "title": "Service Discovery", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 68 - }, - "hiddenSeries": false, - "id": 42, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "prometheus_sd_discovered_targets{job=\"prometheus\",instance=\"$Prometheus:9090\"}", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{name}}-{{config}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Discovered Targets", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 68 - }, - "hiddenSeries": false, - "id": 96, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(prometheus_sd_updates_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[5m])", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{name}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Sent Updates/s", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 68 - }, - "hiddenSeries": false, - "id": 97, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(prometheus_sd_received_updates_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[5m])", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{name}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Received Updates/s", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "datasource": "default-kubecost", - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 75 - }, - "id": 99, - "panels": [], - "title": "Scraping", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 76 - }, - "hiddenSeries": false, - "id": 105, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "rate(prometheus_target_interval_length_seconds_sum{job=\"prometheus\",instance=\"$Prometheus:9090\"}[2m]) / rate(prometheus_target_interval_length_seconds_count{job=\"prometheus\",instance=\"$Prometheus:9090\"}[2m])", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{interval}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Scrape Interval", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 76 - }, - "hiddenSeries": false, - "id": 104, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "rate(prometheus_target_scrapes_exceeded_sample_limit_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[2m])", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "Exceeded Sample Limit", - "refId": "A" - }, - { - "expr": "rate(prometheus_target_scrapes_sample_duplicate_timestamp_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[2m])", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "Duplicate Timestamp", - "refId": "C" - }, - { - "expr": "rate(prometheus_target_scrapes_sample_out_of_bounds_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[1m])", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "Out Of Bounds ", - "refId": "D" - }, - { - "expr": "rate(prometheus_target_scrapes_sample_out_of_order_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[1m])", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "Out of Order", - "refId": "E" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Scrape Problems/s", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "none", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 76 - }, - "hiddenSeries": false, - "id": 95, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "prometheus_target_metadata_cache_bytes{job=\"prometheus\",instance=\"$Prometheus:9090\"}", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{scrape_job}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Metadata Cache Size", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "datasource": "default-kubecost", - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 83 - }, - "id": 63, - "panels": [], - "title": "Query Engine", - "type": "row" - }, - { - "aliasColors": { - "Chunks": "#1F78C1", - "Chunks to persist": "#508642", - "Max chunks": "#052B51", - "Max to persist": "#3F6833" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "description": "Time spent in each mode, per second", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 84 - }, - "hiddenSeries": false, - "id": 24, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "rate(prometheus_engine_query_duration_seconds_sum{job=\"prometheus\",}[2m])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{slice}}", - "metric": "prometheus_local_storage_memory_chunkdescs", - "refId": "A", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Query engine timings/s", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Chunks": "#1F78C1", - "Chunks to persist": "#508642", - "Max chunks": "#052B51", - "Max to persist": "#3F6833" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 84 - }, - "hiddenSeries": false, - "id": 22, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(prometheus_rule_group_iterations_missed_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[2m]) ", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "Rule group missed", - "metric": "prometheus_local_storage_memory_chunkdescs", - "refId": "B", - "step": 10 - }, - { - "expr": "rate(prometheus_rule_evaluation_failures_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[1m])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Rule evals failed", - "metric": "prometheus_local_storage_memory_chunkdescs", - "refId": "C", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Rule group evaulation problems/s", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Chunks": "#1F78C1", - "Chunks to persist": "#508642", - "Max chunks": "#052B51", - "Max to persist": "#3F6833" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 84 - }, - "hiddenSeries": false, - "id": 23, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(prometheus_rule_group_duration_seconds_sum{job=\"prometheus\",instance=\"$Prometheus:9090\"}[2m])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "Rule evaluation duration", - "metric": "prometheus_local_storage_memory_chunkdescs", - "refId": "A", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Evaluation time of rule groups/s", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": true, - "datasource": "default-kubecost", - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 91 - }, - "id": 77, - "panels": [ - { - "aliasColors": { - "Chunks": "#1F78C1", - "Chunks to persist": "#508642", - "Max chunks": "#052B51", - "Max to persist": "#3F6833" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 92 - }, - "hiddenSeries": false, - "id": 86, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(prometheus_notifications_sent_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[1m])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{alertmanager}}", - "metric": "prometheus_local_storage_memory_chunkdescs", - "refId": "A", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Notification Sent/s", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Chunks": "#1F78C1", - "Chunks to persist": "#508642", - "Max chunks": "#052B51", - "Max to persist": "#3F6833" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 92 - }, - "hiddenSeries": false, - "id": 87, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(prometheus_notifications_errors_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[2m]) / rate(prometheus_notifications_sent_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[2m])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{alertmanager}}", - "metric": "prometheus_local_storage_memory_chunkdescs", - "refId": "A", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Notification Error Ratio", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "none", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Chunks": "#1F78C1", - "Chunks to persist": "#508642", - "Max chunks": "#052B51", - "Max to persist": "#3F6833" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 92 - }, - "hiddenSeries": false, - "id": 81, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(prometheus_notifications_latency_seconds_sum{job=\"prometheus\",instance=\"$Prometheus:9090\"}[1m]) / rate(prometheus_notifications_latency_seconds_count{job=\"prometheus\",instance=\"$Prometheus:9090\"}[1m])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{alertmanager}}", - "metric": "prometheus_local_storage_memory_chunkdescs", - "refId": "A", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Notification Latency", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Chunks": "#1F78C1", - "Chunks to persist": "#508642", - "Max chunks": "#052B51", - "Max to persist": "#3F6833" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 99 - }, - "hiddenSeries": false, - "id": 85, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "prometheus_notifications_alertmanagers_discovered{job=\"prometheus\",instance=\"$Prometheus:9090\"}", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "Alertmanagers", - "metric": "prometheus_local_storage_memory_chunkdescs", - "refId": "A", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Alertmanagers Discovered", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "none", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Chunks": "#1F78C1", - "Chunks to persist": "#508642", - "Max chunks": "#052B51", - "Max to persist": "#3F6833" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 99 - }, - "hiddenSeries": false, - "id": 89, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(prometheus_notifications_dropped_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[1m])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "Dropped", - "metric": "prometheus_local_storage_memory_chunkdescs", - "refId": "A", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Notifications Dropped/s", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "none", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Chunks": "#1F78C1", - "Chunks to persist": "#508642", - "Max chunks": "#052B51", - "Max to persist": "#3F6833" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 99 - }, - "hiddenSeries": false, - "id": 88, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "prometheus_notifications_queue_length{job=\"prometheus\",instance=\"$Prometheus:9090\"}", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "Pending", - "metric": "prometheus_local_storage_memory_chunkdescs", - "refId": "A", - "step": 10 - }, - { - "expr": "prometheus_notifications_queue_capacity{job=\"prometheus\",instance=\"$Prometheus:9090\"}", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "Max", - "metric": "prometheus_local_storage_memory_chunkdescs", - "refId": "B", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Notification Queue", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "none", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "title": "Notification", - "type": "row" - }, - { - "collapsed": false, - "datasource": "default-kubecost", - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 92 - }, - "id": 58, - "panels": [], - "title": "HTTP Server", - "type": "row" - }, - { - "aliasColors": { - "Chunks": "#1F78C1", - "Chunks to persist": "#508642", - "Max chunks": "#052B51", - "Max to persist": "#3F6833" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "description": "", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 93 - }, - "hiddenSeries": false, - "id": 38, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(prometheus_http_request_duration_seconds_count{job=\"prometheus\",instance=\"$Prometheus:9090\"}[2m])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{handler}}", - "metric": "prometheus_local_storage_memory_chunkdescs", - "refId": "A", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "HTTP requests/s", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Chunks": "#1F78C1", - "Chunks to persist": "#508642", - "Max chunks": "#052B51", - "Max to persist": "#3F6833" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "description": "", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 93 - }, - "hiddenSeries": false, - "id": 37, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(prometheus_http_request_duration_seconds_sum{job=\"prometheus\",instance=\"$Prometheus:9090\"}[2m]) / rate(prometheus_http_request_duration_seconds_count{job=\"prometheus\",instance=\"$Prometheus:9090\"}[2m])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{handler}}", - "metric": "prometheus_local_storage_memory_chunkdescs", - "refId": "A", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "HTTP request latency", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Chunks": "#1F78C1", - "Chunks to persist": "#508642", - "Max chunks": "#052B51", - "Max to persist": "#3F6833" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "description": "", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 93 - }, - "hiddenSeries": false, - "id": 36, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "rate(prometheus_http_request_duration_seconds_sum{job=\"prometheus\",instance=\"$Prometheus:9090\"}[2m])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{handler}}", - "metric": "prometheus_local_storage_memory_chunkdescs", - "refId": "A", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Time spent in HTTP requests/s", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "datasource": "default-kubecost", - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 100 - }, - "id": 61, - "panels": [], - "repeat": "RuleGroup", - "scopedVars": { - "RuleGroup": { - "selected": false, - "text": "/etc/config/rules;CPU", - "value": "/etc/config/rules;CPU" - } - }, - "title": "Rule Group: $RuleGroup", - "type": "row" - }, - { - "aliasColors": { - "Chunks": "#1F78C1", - "Chunks to persist": "#508642", - "Interval": "#890f02", - "Last Duration": "#f9934e", - "Max chunks": "#052B51", - "Max to persist": "#3F6833" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 101 - }, - "hiddenSeries": false, - "id": 43, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "repeatDirection": "h", - "scopedVars": { - "RuleGroup": { - "selected": false, - "text": "/etc/config/rules;CPU", - "value": "/etc/config/rules;CPU" - } - }, - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "prometheus_rule_group_interval_seconds{job=\"prometheus\",instance=\"$Prometheus:9090\",rule_group=~\"$RuleGroup\"}\n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Interval", - "metric": "prometheus_local_storage_memory_chunkdescs", - "refId": "A", - "step": 10 - }, - { - "expr": "prometheus_rule_group_last_duration_seconds{job=\"prometheus\",instance=\"$Prometheus:9090\",rule_group=~\"$RuleGroup\"}\n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Last Duration", - "metric": "prometheus_local_storage_memory_chunkdescs", - "refId": "B", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "$RuleGroup: Duration", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Chunks": "#1F78C1", - "Chunks to persist": "#508642", - "Interval": "#890f02", - "Last Duration": "#f9934e", - "Max chunks": "#052B51", - "Max to persist": "#3F6833" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 101 - }, - "hiddenSeries": false, - "id": 66, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeatDirection": "h", - "scopedVars": { - "RuleGroup": { - "selected": false, - "text": "/etc/config/rules;CPU", - "value": "/etc/config/rules;CPU" - } - }, - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "prometheus_rule_group_rules{job=\"prometheus\",instance=\"$Prometheus:9090\",rule_group=~\"$RuleGroup\"}\n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Rules", - "metric": "prometheus_local_storage_memory_chunkdescs", - "refId": "A", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "$RuleGroup: Rules", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 0, - "format": "none", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "datasource": "default-kubecost", - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 108 - }, - "id": 108, - "panels": [], - "repeat": null, - "repeatIteration": 1603144824023, - "repeatPanelId": 61, - "scopedVars": { - "RuleGroup": { - "selected": false, - "text": "/etc/config/rules;Savings", - "value": "/etc/config/rules;Savings" - } - }, - "title": "Rule Group: $RuleGroup", - "type": "row" - }, - { - "aliasColors": { - "Chunks": "#1F78C1", - "Chunks to persist": "#508642", - "Interval": "#890f02", - "Last Duration": "#f9934e", - "Max chunks": "#052B51", - "Max to persist": "#3F6833" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 109 - }, - "hiddenSeries": false, - "id": 109, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "repeatDirection": "h", - "repeatIteration": 1603144824023, - "repeatPanelId": 43, - "repeatedByRow": true, - "scopedVars": { - "RuleGroup": { - "selected": false, - "text": "/etc/config/rules;Savings", - "value": "/etc/config/rules;Savings" - } - }, - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "prometheus_rule_group_interval_seconds{job=\"prometheus\",instance=\"$Prometheus:9090\",rule_group=~\"$RuleGroup\"}\n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Interval", - "metric": "prometheus_local_storage_memory_chunkdescs", - "refId": "A", - "step": 10 - }, - { - "expr": "prometheus_rule_group_last_duration_seconds{job=\"prometheus\",instance=\"$Prometheus:9090\",rule_group=~\"$RuleGroup\"}\n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Last Duration", - "metric": "prometheus_local_storage_memory_chunkdescs", - "refId": "B", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "$RuleGroup: Duration", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Chunks": "#1F78C1", - "Chunks to persist": "#508642", - "Interval": "#890f02", - "Last Duration": "#f9934e", - "Max chunks": "#052B51", - "Max to persist": "#3F6833" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 109 - }, - "hiddenSeries": false, - "id": 110, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeatDirection": "h", - "repeatIteration": 1603144824023, - "repeatPanelId": 66, - "repeatedByRow": true, - "scopedVars": { - "RuleGroup": { - "selected": false, - "text": "/etc/config/rules;Savings", - "value": "/etc/config/rules;Savings" - } - }, - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "prometheus_rule_group_rules{job=\"prometheus\",instance=\"$Prometheus:9090\",rule_group=~\"$RuleGroup\"}\n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Rules", - "metric": "prometheus_local_storage_memory_chunkdescs", - "refId": "A", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "$RuleGroup: Rules", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 0, - "format": "none", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": false, - "schemaVersion": 26, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "allValue": null, - "current": { - "selected": false, - "text": "localhost", - "value": "localhost" - }, - "datasource": "default-kubecost", - "definition": "", - "hide": 0, - "includeAll": false, - "label": null, - "multi": false, - "name": "Prometheus", - "options": [], - "query": "query_result(up{job=\"prometheus\"} == 1)", - "refresh": 2, - "regex": ".*instance=\"([^\"]+):9090\".*", - "skipUrlSync": false, - "sort": 0, - "tagValuesQuery": null, - "tags": [], - "tagsQuery": null, - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "selected": false, - "text": "All", - "value": "$__all" - }, - "datasource": "default-kubecost", - "definition": "", - "hide": 2, - "includeAll": true, - "label": null, - "multi": false, - "name": "RuleGroup", - "options": [], - "query": "prometheus_rule_group_last_duration_seconds{job=\"prometheus\",instance=\"$Prometheus:9090\"}", - "refresh": 2, - "regex": ".*rule_group=\"(.*?)\".*", - "skipUrlSync": false, - "sort": 1, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-24h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "utc", - "title": "Prometheus Benchmark - 2.17.x", - "uid": "L0HBvojWz", - "version": 4 -} diff --git a/charts/kubecost/cost-analyzer/1.70.0/questions.yml b/charts/kubecost/cost-analyzer/1.70.0/questions.yml deleted file mode 100644 index ce86c64fb..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/questions.yml +++ /dev/null @@ -1,160 +0,0 @@ -questions: -# General Settings -- variable: kubecostProductConfigs.clusterName - label: Cluster Name - description: "Used for display in the cost-analyzer UI (Can be renamed in the UI)" - type: string - required: true - default: "" - group: General Settings -- variable: persistentVolume.enabled - label: Enable Persistent Volume for CostAnalyzer - description: "If true, Kubecost will create a Persistent Volume Claim for product config data" - type: boolean - default: false - show_subquestion_if: true - group: "General Settings" - subquestions: - - variable: persistentVolume.size - label: CostAnalyzer Persistent Volume Size - type: string - default: "0.2Gi" - -# Prometheus Server -- variable: global.prometheus.enabled - label: Enable Prometheus - description: If false, use an existing Prometheus install - type: boolean - default: true - group: "Prometheus" -- variable: prometheus.kubeStateMetrics.enabled - label: Enable KubeStateMetrics - description: "If true, deploy kube-state-metrics for Kubernetes metrics" - type: boolean - default: true - show_if: "global.prometheus.enabled=true" - group: "Prometheus" -- variable: prometheus.server.retention - label: Prometheus Server Retention - description: "Determines when to remove old data" - type: string - default: "15d" - show_if: "global.prometheus.enabled=true" - group: "Prometheus" -- variable: prometheus.server.persistentVolume.enabled - label: Create Persistent Volume for Prometheus - description: "If true, prometheus will create a persistent volume claim" - type: boolean - required: true - default: false - group: "Prometheus" - show_if: "global.prometheus.enabled=true" - show_subquestion_if: true - subquestions: - - variable: prometheus.server.persistentVolume.size - label: Prometheus Persistent Volume Size - type: string - default: "8Gi" - - variable: prometheus.server.persistentVolume.storageClass - label: Prometheus Persistent Volume StorageClass - description: "Prometheus data persistent volume storageClass, if not set use default StorageClass" - default: "" - type: storageclass - - variable: prometheus.server.persistentVolume.existingClaim - label: Existing Persistent Volume Claim for Prometheus - description: "If not empty, uses the specified existing PVC instead of creating new one" - type: pvc - default: "" - -# Prometheus Node Exporter -- variable: prometheus.nodeExporter.enabled - label: Enable NodeExporter - description: "If false, do not create NodeExporter daemonset" - type: boolean - default: true - group: "NodeExporter" -- variable: prometheus.serviceAccounts.nodeExporter.create - label: Enable Service Accounts NodeExporter - description: "If false, do not create NodeExporter daemonset" - type: boolean - default: true - group: "NodeExporter" - -# Prometheus AlertManager -- variable: prometheus.alertmanager.enabled - label: Enable AlertManager - type: boolean - default: true - group: "AlertManager" -- variable: prometheus.alertmanager.persistentVolume.enabled - label: Create Persistent Volume for AlertManager - description: "If true, alertmanager will create a persistent volume claim" - type: boolean - required: true - default: false - group: "AlertManager" - show_if: "prometheus.alertmanager.enabled=true" - show_subquestion_if: true - subquestions: - - variable: prometheus.alertmanager.persistentVolume.size - default: "2Gi" - description: "AlertManager data persistent volume size" - type: string - label: AlertManager Persistent Volume Size - - variable: prometheus.alertmanager.persistentVolume.storageClass - default: "" - description: "Alertmanager data persistent volume storageClass, if not set use default StorageClass" - type: storageclass - label: AlertManager Persistent Volume StorageClass - - variable: prometheus.alertmanager.persistentVolume.existingClaim - default: "" - description: "If not empty, uses the specified existing PVC instead of creating new one" - type: pvc - label: Existing Persistent Volume Claim for AlertManager - -# PushGateway -- variable: prometheus.pushgateway.enabled - label: Enable PushGateway - type: boolean - default: true - group: "PushGateway" -- variable: prometheus.pushgateway.persistentVolume.enabled - label: Create Persistent Volume for PushGateway - description: "If true, PushGateway will create a persistent volume claim" - required: true - type: boolean - default: false - group: "PushGateway" - show_if: "prometheus.pushgateway.enabled=true" - show_subquestion_if: true - subquestions: - - variable: prometheus.prometheus.pushgateway.persistentVolume.size - label: PushGateway Persistent Volume Size - type: string - default: "2Gi" - - variable: prometheus.pushgateway.persistentVolume.storageClass - label: PushGateway Persistent Volume StorageClass - description: "PushGateway data persistent volume storageClass, if not set use default StorageClass" - type: storageclass - default: "" - - variable: prometheus.pushgateway.persistentVolume.existingClaim - label: Existing Persistent Volume Claim for PushGateway - description: "If not empty, uses the specified existing PVC instead of creating new one" - type: pvc - default: "" - -# Services and Load Balancing -- variable: ingress.enabled - label: Enable Ingress - description: "Expose app using Ingress (Layer 7 Load Balancer)" - default: true - type: boolean - show_subquestion_if: true - group: "Services and Load Balancing" - subquestions: - - variable: ingress.hosts[0] - default: "xip.io" - description: "Hostname to your CostAnalyzer installation" - type: hostname - required: true - label: Hostname diff --git a/charts/kubecost/cost-analyzer/1.70.0/templates/NOTES.txt b/charts/kubecost/cost-analyzer/1.70.0/templates/NOTES.txt deleted file mode 100644 index bbc2594e9..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/templates/NOTES.txt +++ /dev/null @@ -1,10 +0,0 @@ - - --------------------------------------------------- -{{- $servicePort := .Values.service.port | default 9090 -}} -Kubecost has been successfully installed. When pods are Ready, you can enable port-forwarding with the following command: - - kubectl port-forward --namespace {{ .Release.Namespace }} deployment/{{ template "cost-analyzer.fullname" . }} {{ $servicePort }} - -Next, navigate to http://localhost:{{ $servicePort }} in a web browser. - diff --git a/charts/kubecost/cost-analyzer/1.70.0/templates/_helpers.tpl b/charts/kubecost/cost-analyzer/1.70.0/templates/_helpers.tpl deleted file mode 100644 index 95e2dca20..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/templates/_helpers.tpl +++ /dev/null @@ -1,200 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "cost-analyzer.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "cost-analyzer.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create the fully qualified name for Prometheus server service. -*/}} -{{- define "cost-analyzer.prometheus.server.name" -}} -{{- if .Values.prometheus -}} -{{- if .Values.prometheus.server -}} -{{- if .Values.prometheus.server.fullnameOverride -}} -{{- .Values.prometheus.server.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-prometheus-server" .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- else -}} -{{- printf "%s-prometheus-server" .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- else -}} -{{- printf "%s-prometheus-server" .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} - -{{/* -Create the fully qualified name for Prometheus alertmanager service. -*/}} -{{- define "cost-analyzer.prometheus.alertmanager.name" -}} -{{- if .Values.prometheus -}} -{{- if .Values.prometheus.alertmanager -}} -{{- if .Values.prometheus.alertmanager.fullnameOverride -}} -{{- .Values.prometheus.alertmanager.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-prometheus-alertmanager" .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- else -}} -{{- printf "%s-prometheus-alertmanager" .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- else -}} -{{- printf "%s-prometheus-alertmanager" .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} - -{{- define "cost-analyzer.serviceName" -}} -{{- printf "%s-%s" .Release.Name "cost-analyzer" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Network Costs name used to tie autodiscovery of metrics to daemon set pods -*/}} -{{- define "cost-analyzer.networkCostsName" -}} -{{- printf "%s-%s" .Release.Name "network-costs" -}} -{{- end -}} - -{{- define "kubecost.clusterControllerName" -}} -{{- printf "%s-%s" .Release.Name "cluster-controller" -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "cost-analyzer.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create the name of the service account -*/}} -{{- define "cost-analyzer.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "cost-analyzer.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Create the common labels. -*/}} -{{- define "cost-analyzer.commonLabels" -}} -app.kubernetes.io/name: {{ include "cost-analyzer.name" . }} -helm.sh/chart: {{ include "cost-analyzer.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -app: cost-analyzer -{{- end -}} - -{{/* -Create the selector labels. -*/}} -{{- define "cost-analyzer.selectorLabels" -}} -app.kubernetes.io/name: {{ include "cost-analyzer.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -app: cost-analyzer -{{- end -}} - -{{/* -Return the appropriate apiVersion for daemonset. -*/}} -{{- define "cost-analyzer.daemonset.apiVersion" -}} -{{- if semverCompare "<1.9-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "extensions/v1beta1" -}} -{{- else if semverCompare "^1.9-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for priorityClass. -*/}} -{{- define "cost-analyzer.priorityClass.apiVersion" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "scheduling.k8s.io/v1beta1" -}} -{{- else if semverCompare "^1.14-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "scheduling.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for networkpolicy. -*/}} -{{- define "cost-analyzer.networkPolicy.apiVersion" -}} -{{- if semverCompare ">=1.4-0, <1.7-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "extensions/v1beta1" -}} -{{- else if semverCompare "^1.7-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "networking.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for podsecuritypolicy. -*/}} -{{- define "cost-analyzer.podSecurityPolicy.apiVersion" -}} -{{- if semverCompare ">=1.3-0, <1.10-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "extensions/v1beta1" -}} -{{- else if semverCompare "^1.10-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "policy/v1beta1" -}} -{{- end -}} -{{- end -}} - -{{/* -Recursive filter which accepts a map containing an input map (.v) and an output map (.r). The template -will traverse all values inside .v recursively writing non-map values to the output .r. If a nested map -is discovered, we look for an 'enabled' key. If it doesn't exist, we continue traversing the -map. If it does exist, we omit the inner map traversal iff enabled is false. This filter writes the -enabled only version to the output .r -*/}} -{{- define "cost-analyzer.filter" -}} -{{- $v := .v }} -{{- $r := .r }} -{{- range $key, $value := .v }} - {{- $tp := kindOf $value -}} - {{- if eq $tp "map" -}} - {{- $isEnabled := true -}} - {{- if (hasKey $value "enabled") -}} - {{- $isEnabled = $value.enabled -}} - {{- end -}} - {{- if $isEnabled -}} - {{- $rr := "{}" | fromYaml }} - {{- template "cost-analyzer.filter" (dict "v" $value "r" $rr) }} - {{- $_ := set $r $key $rr -}} - {{- end -}} - {{- else -}} - {{- $_ := set $r $key $value -}} - {{- end -}} -{{- end -}} -{{- end -}} - -{{/* -This template accepts a map and returns a base64 encoded json version of the map where all disabled -leaf nodes are omitted. - -The implied use case is {{ template "cost-analyzer.filterEnabled" .Values }} -*/}} -{{- define "cost-analyzer.filterEnabled" -}} -{{- $result := "{}" | fromYaml }} -{{- template "cost-analyzer.filter" (dict "v" . "r" $result) }} -{{- $result | toJson | b64enc }} -{{- end -}} \ No newline at end of file diff --git a/charts/kubecost/cost-analyzer/1.70.0/templates/aws-service-key-secret.yaml b/charts/kubecost/cost-analyzer/1.70.0/templates/aws-service-key-secret.yaml deleted file mode 100644 index 6b8de4d5e..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/templates/aws-service-key-secret.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.kubecostProductConfigs }} -{{- if .Values.kubecostProductConfigs.createServiceKeySecret }} -{{- if .Values.kubecostProductConfigs.awsServiceKeyName }} -apiVersion: v1 -kind: Secret -metadata: - name: cloud-service-key -type: Opaque -stringData: - service-key.json: |- - { - "aws_access_key_id": "{{ .Values.kubecostProductConfigs.awsServiceKeyName }}", - "aws_secret_access_key": "{{ .Values.kubecostProductConfigs.awsServiceKeyPassword }}" - } -{{- end -}} -{{- end -}} -{{- end -}} \ No newline at end of file diff --git a/charts/kubecost/cost-analyzer/1.70.0/templates/awsstore-deployment-template.yaml b/charts/kubecost/cost-analyzer/1.70.0/templates/awsstore-deployment-template.yaml deleted file mode 100644 index 35f5b9991..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/templates/awsstore-deployment-template.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if .Values.awsstore }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "cost-analyzer.fullname" . }}-awsstore - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} -spec: - selector: - matchLabels: - app: awsstore - strategy: - rollingUpdate: - maxSurge: 1 - maxUnavailable: 1 - type: RollingUpdate - template: - metadata: - labels: - app: awsstore - spec: - serviceAccountName: awsstore-serviceaccount - containers: - - image: {{ .Values.awsstore.imageNameAndVersion }} - name: awsstore -{{- end }} \ No newline at end of file diff --git a/charts/kubecost/cost-analyzer/1.70.0/templates/awsstore-service-account-template.yaml b/charts/kubecost/cost-analyzer/1.70.0/templates/awsstore-service-account-template.yaml deleted file mode 100644 index 65f37e652..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/templates/awsstore-service-account-template.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if .Values.awsstore }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: awsstore-serviceaccount - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} -{{- with .Values.awsstore.annotations }} - annotations: - {{- toYaml . | nindent 4 }} -{{- end }} -{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/templates/azure-service-key-secret.yaml b/charts/kubecost/cost-analyzer/1.70.0/templates/azure-service-key-secret.yaml deleted file mode 100644 index bb71e064b..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/templates/azure-service-key-secret.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.kubecostProductConfigs }} -{{- if .Values.kubecostProductConfigs.createServiceKeySecret }} -{{- if .Values.kubecostProductConfigs.azureSubscriptionID }} -apiVersion: v1 -kind: Secret -metadata: - name: cloud-service-key -type: Opaque -stringData: - service-key.json: |- - { - "subscriptionId": "{{ .Values.kubecostProductConfigs.azureSubscriptionID }}", - "serviceKey": { - "appId": "{{ .Values.kubecostProductConfigs.azureClientID }}", - "password": "{{ .Values.kubecostProductConfigs.azureClientPassword }}", - "tenant": "{{ .Values.kubecostProductConfigs.azureTenantID }}" - } - } -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-alerts-configmap.yaml b/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-alerts-configmap.yaml deleted file mode 100644 index b627cf874..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-alerts-configmap.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if .Values.global.notifications.alertConfigs }} -{{- if .Values.global.notifications.alertConfigs.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: alert-configs - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} -data: - alerts.json: '{{ toJson .Values.global.notifications.alertConfigs }}' -{{- end -}} -{{- end -}} diff --git a/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-checks-template.yaml b/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-checks-template.yaml deleted file mode 100644 index eef8d187d..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-checks-template.yaml +++ /dev/null @@ -1,63 +0,0 @@ -{{- if .Values.kubecostChecks -}} -{{- if .Values.kubecostChecks.enabled -}} -apiVersion: batch/v1beta1 -kind: CronJob -metadata: - name: cost-analyzer-checks - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} -spec: - {{- if .Values.kubecostChecks.debug }} - schedule: "*/1 * * * *" - {{- else if .Values.kubecostChecks.schedule }} - schedule: {{ .Values.kubecostChecks.schedule | quote }} - {{- else }} - schedule: "*/10 * * * *" - {{- end }} - jobTemplate: - metadata: - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 8 }} - spec: - template: - spec: - containers: - - name: cost-analyzer-checks - {{- if .Values.kubecostChecks }} - image: {{ .Values.kubecostChecks.image }}:prod-{{ $.Chart.AppVersion }} - {{- else }} - image: gcr.io/kubecost1/checks:prod-{{ $.Chart.AppVersion }} - {{ end }} - imagePullPolicy: Always - args: - - node - - ./node/cron.js - resources: -{{ toYaml .Values.kubecostChecks.resources | indent 14 }} - env: - - name: COST_ANALYZER_SERVER_ENDPOINT - value: {{ template "cost-analyzer.serviceName" . }}.{{ .Release.Namespace }}:9001 - - name: COST_ANALYZER_MODEL_ENDPOINT - {{- if .Values.saml.enabled }} - value: {{ template "cost-analyzer.serviceName" . }}.{{ .Release.Namespace }}:9004 - {{- else }} - value: {{ template "cost-analyzer.serviceName" . }}.{{ .Release.Namespace }}:9003 - {{ end }} - {{- if .Values.kubecostChecks }} - {{- if .Values.kubecostChecks.debug }} - - name: SEND_UPDATES_NOW - value: "true" - {{- end }} - {{- end }} - - name: PROMETHEUS_ALERTMANAGER_ENDPOINT - valueFrom: - configMapKeyRef: - name: {{ template "cost-analyzer.fullname" . }} - key: prometheus-alertmanager-endpoint - {{- if .Values.imagePullSecrets }} - imagePullSecrets: - {{ toYaml .Values.imagePullSecrets | indent 2 }} - {{- end }} - restartPolicy: OnFailure -{{- end -}} -{{- end -}} diff --git a/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-cluser-role-template.yaml b/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-cluser-role-template.yaml deleted file mode 100644 index 16f926e8a..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-cluser-role-template.yaml +++ /dev/null @@ -1,105 +0,0 @@ -{{- if and .Values.reporting .Values.reporting.logCollection -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - namespace: {{ .Release.Namespace }} - name: {{ template "cost-analyzer.serviceAccountName" . }} -rules: -- apiGroups: - - '' - resources: - - "pods/log" - verbs: - - get - - list - - watch ---- -{{- end }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "cost-analyzer.serviceAccountName" . }} - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} -rules: - - apiGroups: - - '' - resources: - - configmaps - - deployments - - nodes - - pods - - events - - services - - resourcequotas - - replicationcontrollers - - limitranges - - persistentvolumeclaims - - persistentvolumes - - namespaces - - endpoints - verbs: - - get - - list - - watch - - apiGroups: - - extensions - resources: - - daemonsets - - deployments - - replicasets - verbs: - - get - - list - - watch - - apiGroups: - - apps - resources: - - statefulsets - - deployments - - daemonsets - - replicasets - verbs: - - list - - watch - - apiGroups: - - batch - resources: - - cronjobs - - jobs - verbs: - - get - - list - - watch - - apiGroups: - - autoscaling - resources: - - horizontalpodautoscalers - verbs: - - get - - list - - watch - - apiGroups: - - policy - resources: - - poddisruptionbudgets - verbs: - - get - - list - - watch - - apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - get - - list - - watch - - apiGroups: - - events.k8s.io - resources: - - events - verbs: - - get - - list - - watch diff --git a/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-cluster-role-binding-template.yaml b/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-cluster-role-binding-template.yaml deleted file mode 100644 index f2952b923..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-cluster-role-binding-template.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- if .Values.reporting }} -{{- if .Values.reporting.logCollection }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "cost-analyzer.serviceAccountName" . }} - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "cost-analyzer.serviceAccountName" . }} -subjects: - - kind: ServiceAccount - name: {{ template "cost-analyzer.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} ---- -{{- end }} -{{- end }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "cost-analyzer.serviceAccountName" . }} - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "cost-analyzer.serviceAccountName" . }} -subjects: - - kind: ServiceAccount - name: {{ template "cost-analyzer.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} \ No newline at end of file diff --git a/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-config-map-template.yaml b/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-config-map-template.yaml deleted file mode 100644 index 86aa0ee51..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-config-map-template.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "cost-analyzer.fullname" . }} - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} -data: - {{- if .Values.global.prometheus.enabled }} - {{- if .Values.global.zone }} - prometheus-alertmanager-endpoint: http://{{ template "cost-analyzer.prometheus.alertmanager.name" . }}.{{ .Release.Namespace }}.svc.{{ .Values.global.zone }} - {{ else }} - prometheus-alertmanager-endpoint: http://{{ template "cost-analyzer.prometheus.alertmanager.name" . }}.{{ .Release.Namespace }} - {{- end -}} - {{ else }} - prometheus-alertmanager-endpoint: {{ .Values.global.notifications.alertmanager.fqdn }} - {{- end -}} - {{- if .Values.global.prometheus.enabled }} - {{- if .Values.global.zone }} - prometheus-server-endpoint: http://{{ template "cost-analyzer.prometheus.server.name" . }}.{{ .Release.Namespace }}.svc.{{ .Values.global.zone }} - {{ else }} - prometheus-server-endpoint: http://{{ template "cost-analyzer.prometheus.server.name" . }}.{{ .Release.Namespace }} - {{- end -}} - {{ else }} - prometheus-server-endpoint: {{ .Values.global.prometheus.fqdn }} - {{- end -}} - {{- if .Values.kubecostToken }} - kubecost-token: {{ .Values.kubecostToken }} - {{ else }} - kubecost-token: not-applied - {{- end -}} diff --git a/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-db-pvc-template.yaml b/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-db-pvc-template.yaml deleted file mode 100644 index 38b7e92f8..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-db-pvc-template.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- if (.Values.kubecostModel.etlToDisk | default true) -}} -{{- if .Values.persistentVolume -}} -{{- if not .Values.persistentVolume.dbExistingClaim -}} -{{- if .Values.persistentVolume.enabled -}} -{{- if .Values.persistentVolume.dbPVEnabled -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ template "cost-analyzer.fullname" . }}-db - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} -spec: - accessModes: - - ReadWriteOnce - {{- if .Values.persistentVolume.dbStorageClass }} - storageClassName: {{ .Values.persistentVolume.dbStorageClass }} - {{ end }} - resources: - requests: - {{- if .Values.persistentVolume }} - storage: {{ .Values.persistentVolume.dbSize }} - {{- else }} - storage: 32.0Gi - {{ end }} -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-deployment-template.yaml b/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-deployment-template.yaml deleted file mode 100644 index 2bfd2896b..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-deployment-template.yaml +++ /dev/null @@ -1,672 +0,0 @@ -{{- $nginxPort := int .Values.service.port | default 9090 -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "cost-analyzer.fullname" . }} - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} -{{- if .Values.kubecostDeployment }} -{{- with .Values.kubecostDeployment.labels }} -{{ toYaml . | indent 4 }} -{{- end }} -{{- end }} -spec: -{{- if .Values.kubecostDeployment }} - replicas: {{ .Values.kubecostDeployment.replicas | default 1 }} -{{- end }} - selector: - matchLabels: -{{ include "cost-analyzer.selectorLabels" . | nindent 8}} - strategy: - rollingUpdate: - maxSurge: 1 - maxUnavailable: 1 - type: RollingUpdate - template: - metadata: - labels: - {{ include "cost-analyzer.selectorLabels" . | nindent 8 }} -{{- if .Values.kubecostDeployment }} -{{- with .Values.kubecostDeployment.labels }} -{{ toYaml . | indent 8 }} -{{- end }} -{{- end }} -{{- if .Values.global.podAnnotations}} - annotations: -{{- with .Values.global.podAnnotations }} -{{ toYaml . | indent 8 }} -{{- end }} -{{- end }} - spec: - {{- if .Values.kubecostFrontend.tls }} - {{- if .Values.kubecostFrontend.tls.enabled }} - securityContext: - runAsUser: 0 - {{- else }} - securityContext: - runAsUser: 1001 - runAsGroup: 1001 - fsGroup: 1001 - {{- end }} - {{- else if lt $nginxPort 1025 }} - securityContext: - runAsUser: 0 - {{- else }} - securityContext: - runAsUser: 1001 - runAsGroup: 1001 - fsGroup: 1001 - {{- end }} - restartPolicy: Always - serviceAccountName: {{ template "cost-analyzer.serviceAccountName" . }} - volumes: - - name: nginx-conf - configMap: - name: nginx-conf - items: - - key: nginx.conf - path: default.conf - {{- if .Values.kubecostProductConfigs }} - {{- if .Values.kubecostProductConfigs.productKey }} - {{- if .Values.kubecostProductConfigs.productKey.secretname }} - - name: productkey-secret - secret: - secretName: {{ .Values.kubecostProductConfigs.productKey.secretname }} - items: - - key: productkey.json - path: productkey.json - {{- end }} - {{- end -}} - {{- if .Values.kubecostProductConfigs.gcpSecretName }} - - name: gcp-key-secret - secret: - secretName: {{ .Values.kubecostProductConfigs.gcpSecretName }} - items: - - key: compute-viewer-kubecost-key.json - path: key.json - {{- end }} - {{- if .Values.kubecostProductConfigs.serviceKeySecretName }} - - name: service-key-secret - secret: - secretName: {{ .Values.kubecostProductConfigs.serviceKeySecretName }} - {{- else if .Values.kubecostProductConfigs.createServiceKeySecret }} - - name: service-key-secret - secret: - secretName: cloud-service-key - {{- end }} - {{- if .Values.kubecostProductConfigs.clusters }} - - name: kubecost-clusters - configMap: - name: kubecost-clusters - {{- range .Values.kubecostProductConfigs.clusters }} - {{- if .auth }} - {{- if .auth.secretName }} - - name: {{ .auth.secretName }} - secret: - secretName: {{ .auth.secretName }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - {{- if .Values.kubecostFrontend.tls }} - {{- if .Values.kubecostFrontend.tls.enabled }} - - name: tls - secret: - secretName : {{ .Values.kubecostFrontend.tls.secretName }} - items: - - key: tls.crt - path: kc.crt - - key: tls.key - path: kc.key - {{- end }} - {{- end }} - {{- if .Values.saml }} - {{- if .Values.saml.enabled }} - {{- if .Values.saml.secretName }} - - name: secret-volume - secret: - secretName: {{ .Values.saml.secretName }} - {{- end }} - {{- if .Values.saml.metadataSecretName }} - - name: metadata-secret-volume - secret: - secretName: {{ .Values.saml.metadataSecretName }} - {{- end }} - {{- if .Values.saml.rbac.enabled }} - - name: saml-roles - configMap: - name: {{ template "cost-analyzer.fullname" . }}-saml - {{- end }} - {{- end }} - {{- end }} - - name: persistent-configs -{{- if .Values.persistentVolume }} -{{- if .Values.persistentVolume.enabled }} - persistentVolumeClaim: -{{- if .Values.persistentVolume.existingClaim }} - claimName: {{ .Values.persistentVolume.existingClaim }} -{{- else }} - claimName: {{ template "cost-analyzer.fullname" . }} -{{- end -}} -{{- else }} - emptyDir: {} -{{- end -}} -{{- else }} - persistentVolumeClaim: - claimName: {{ template "cost-analyzer.fullname" . }} -{{- end }} -{{- if and (.Values.kubecostModel.etlToDisk | default true) .Values.persistentVolume.dbPVEnabled }} - - name: persistent-db -{{- if .Values.persistentVolume }} -{{- if .Values.persistentVolume.enabled }} - persistentVolumeClaim: -{{- if .Values.persistentVolume.dbExistingClaim }} - claimName: {{ .Values.persistentVolume.dbExistingClaim }} -{{- else }} - claimName: {{ template "cost-analyzer.fullname" . }}-db -{{- end -}} -{{- else }} - emptyDir: {} -{{- end -}} -{{- else }} - persistentVolumeClaim: - claimName: {{ template "cost-analyzer.fullname" . }}-db -{{- end }} -{{- end }} - initContainers: -{{- if .Values.supportNFS }} - - name: config-db-perms-fix - {{- if .Values.initChownDataImage }} - image: {{ .Values.initChownDataImage }} - {{- else }} - image: busybox - {{- end }} - resources: -{{ toYaml .Values.initChownData.resources | indent 12 }} - {{- if and (.Values.kubecostModel.etlToDisk | default true) .Values.persistentVolume.dbPVEnabled }} - command: ["sh", "-c", "/bin/chmod -R 777 /var/configs && /bin/chmod -R 777 /var/db"] - {{- else }} - command: ["sh", "-c", "/bin/chmod -R 777 /var/configs"] - {{- end}} - volumeMounts: - - name: persistent-configs - mountPath: /var/configs - {{- if and (.Values.kubecostModel.etlToDisk | default true) .Values.persistentVolume.dbPVEnabled }} - - name: persistent-db - mountPath: /var/db - {{- end }} - securityContext: - runAsUser: 0 -{{ end }} - containers: - {{- if .Values.kubecostModel }} - {{- if .Values.imageVersion}} - - image: {{ .Values.kubecostModel.image }}:{{ .Values.imageVersion }} - {{- else }} - - image: {{ .Values.kubecostModel.image }}:prod-{{ $.Chart.AppVersion }} - {{ end }} - {{- else }} - - image: gcr.io/kubecost1/cost-model:prod-{{ $.Chart.AppVersion }} - {{ end }} - name: cost-model - {{- if .Values.kubecostModel.imagePullPolicy }} - imagePullPolicy: {{ .Values.kubecostModel.imagePullPolicy }} - {{- else }} - imagePullPolicy: Always - {{- end }} - resources: -{{ toYaml .Values.kubecostModel.resources | indent 12 }} - readinessProbe: - httpGet: - path: /healthz - port: 9003 - initialDelaySeconds: 30 - periodSeconds: 10 - failureThreshold: 200 - volumeMounts: - - name: persistent-configs - mountPath: /var/configs - {{- if and (.Values.kubecostModel.etlToDisk | default true) .Values.persistentVolume.dbPVEnabled }} - - name: persistent-db - mountPath: /var/db - {{- end }} - {{- if .Values.kubecostProductConfigs }} - {{- if .Values.kubecostProductConfigs.productKey }} - {{- if .Values.kubecostProductConfigs.productKey.secretname }} - - name: productkey-secret - mountPath: /var/configs/productkey - {{- end }} - {{- end }} - {{- if .Values.kubecostProductConfigs.gcpSecretName }} - - name: gcp-key-secret - mountPath: /models - {{- end }} - {{- if or .Values.kubecostProductConfigs.serviceKeySecretName .Values.kubecostProductConfigs.createServiceKeySecret }} - - name: service-key-secret - mountPath: /var/secrets - {{- end }} - {{- if .Values.kubecostProductConfigs.clusters }} - - name: kubecost-clusters - mountPath: /var/configs/clusters - {{- range .Values.kubecostProductConfigs.clusters }} - {{- if .auth }} - {{- if .auth.secretName }} - - name: {{ .auth.secretName }} - mountPath: /var/secrets/{{ .auth.secretName }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - {{- if .Values.saml }} - {{- if .Values.saml.enabled }} - {{- if .Values.saml.secretName }} - - name: secret-volume - mountPath: /var/configs/secret-volume - {{- end }} - {{- if .Values.saml.metadataSecretName }} - - name: metadata-secret-volume - mountPath: /var/configs/metadata-secret-volume - {{- end }} - {{- if .Values.saml.rbac.enabled }} - - name: saml-roles - mountPath: /var/configs/saml - {{- end }} - {{- end }} - {{- end }} - env: - - name: PROMETHEUS_SERVER_ENDPOINT - valueFrom: - configMapKeyRef: - name: {{ template "cost-analyzer.fullname" . }} - key: prometheus-server-endpoint - - name: CLOUD_PROVIDER_API_KEY - value: "AIzaSyDXQPG_MHUEy9neR7stolq6l0ujXmjJlvk" # The GCP Pricing API requires a key. - - name: GOOGLE_APPLICATION_CREDENTIALS - value: /var/configs/key.json - - name: CONFIG_PATH - value: /var/configs/ - - name: DB_PATH - value: /var/db/ - - name: CLUSTER_PROFILE - {{- if .Values.kubecostProductConfigs }} - value: {{ .Values.kubecostProductConfigs.clusterProfile | default "production" }} - {{- else }} - value: production - {{- end }} - - name: REMOTE_WRITE_PASSWORD - value: {{ .Values.remoteWrite.postgres.auth.password }} - {{- if .Values.remoteWrite.postgres.enabled }} - - name: REMOTE_WRITE_ENABLED - value: "true" - {{- end }} - - name: GOGC - value: "60" - {{- if .Values.global.thanos.queryServiceBasicAuthSecretName}} - - name: MC_BASIC_AUTH_USERNAME - valueFrom: - secretKeyRef: - name: {{ .Values.global.thanos.queryServiceBasicAuthSecretName }} - key: USERNAME - - name: MC_BASIC_AUTH_PW - valueFrom: - secretKeyRef: - name: {{ .Values.global.thanos.queryServiceBasicAuthSecretName }} - key: PASSWORD - {{- end }} - {{- if .Values.global.prometheus.queryServiceBasicAuthSecretName}} - - name: DB_BASIC_AUTH_USERNAME - valueFrom: - secretKeyRef: - name: {{ .Values.global.prometheus.queryServiceBasicAuthSecretName }} - key: USERNAME - - name: DB_BASIC_AUTH_PW - valueFrom: - secretKeyRef: - name: {{ .Values.global.prometheus.queryServiceBasicAuthSecretName }} - key: PASSWORD - {{- end }} - {{- if .Values.global.prometheus.queryServiceBearerTokenSecretName }} - - name: DB_BEARER_TOKEN - valueFrom: - secretKeyRef: - name: {{ .Values.global.prometheus.queryServiceBearerTokenSecretName }} - key: TOKEN - {{- end }} - {{- if .Values.global.thanos.queryServiceBearerTokenSecretName }} - - name: MC_BEARER_TOKEN - valueFrom: - secretKeyRef: - name: {{ .Values.global.thanos.queryServiceBearerTokenSecretName }} - key: TOKEN - {{- end }} - {{- if .Values.global.prometheus.insecureSkipVerify }} - - name: INSECURE_SKIP_VERIFY - value: {{ (quote .Values.global.prometheus.insecureSkipVerify) }} - {{- end }} - {{- if .Values.pricingCsv }} - {{- if .Values.pricingCsv.enabled }} - - name: USE_CSV_PROVIDER - value: "true" - - name: CSV_PATH - value: {{ .Values.pricingCsv.location.URI }} - - name: CSV_REGION - value: {{ .Values.pricingCsv.location.region }} - {{- if eq .Values.pricingCsv.location.provider "AWS"}} - {{- if .Values.pricingCsv.location.csvAccessCredentials }} - - name: AWS_ACCESS_KEY_ID - valueFrom: - secretKeyRef: - name: {{ .Values.pricingCsv.location.csvAccessCredentials }} - key: AWS_ACCESS_KEY_ID - - name: AWS_SECRET_ACCESS_KEY - valueFrom: - secretKeyRef: - name: {{ .Values.pricingCsv.location.csvAccessCredentials }} - key: AWS_SECRET_ACCESS_KEY - {{- end }} - {{- end }} - {{- end }} - {{- end }} - {{- if .Values.reporting }} - - name: LOG_COLLECTION_ENABLED - value: {{ (quote .Values.reporting.logCollection ) | default (quote true) }} - - name: PRODUCT_ANALYTICS_ENABLED - value: {{ (quote .Values.reporting.productAnalytics ) | default (quote true) }} - - name: ERROR_REPORTING_ENABLED - value: {{ (quote .Values.reporting.errorReporting ) | default (quote true) }} - - name: VALUES_REPORTING_ENABLED - value: {{ (quote .Values.reporting.valuesReporting) | default (quote true) }} - {{- if .Values.reporting.errorReporting }} - - name: SENTRY_DSN - value: "https://71964476292e4087af8d5072afe43abd@o394722.ingest.sentry.io/5245431" - {{- end }} - {{- end }} - - name: CACHE_WARMING_ENABLED - value: {{ (quote .Values.kubecostModel.warmCache) | default (quote true) }} - - name: SAVINGS_CACHE_WARMING_ENABLED - value: {{ (quote .Values.kubecostModel.warmSavingsCache) | default (quote true) }} - - name: ETL_ENABLED - value: {{ (quote .Values.kubecostModel.etl) | default (quote true) }} - - name: ETL_TO_DISK_ENABLED - value: {{ (quote .Values.kubecostModel.etlToDisk) | default (quote true) }} - - name : ETL_CLOUD_ASSETS_ENABLED - value: {{ (quote .Values.kubecostModel.etlCloudAssets) | default (quote true) }} - {{- if .Values.persistentVolume.dbPVEnabled }} - - name: ETL_PATH_PREFIX - value: "/var/db" - {{- end }} - {{- if .Values.kubecostModel.etlStoreDurationDays }} - - name: ETL_STORE_DURATION_DAYS - value: {{ (quote .Values.kubecostModel.etlStoreDurationDays) | default (quote 120) }} - {{- end }} - - name: PV_ENABLED - value: {{ (quote .Values.persistentVolume.enabled) | default (quote true) }} - - name: MAX_QUERY_CONCURRENCY - value: {{ (quote .Values.kubecostModel.maxQueryConcurrency) | default (quote 5) }} - - name: UTC_OFFSET - value: {{ (quote .Values.kubecostModel.utcOffset) | default (quote ) }} - {{- if .Values.networkCosts }} - {{- if .Values.networkCosts.enabled }} - - name: NETWORK_COSTS_PORT - value: {{ quote .Values.networkCosts.port | default (quote 3001) }} - {{- end }} - {{- end }} - {{- /* - If queryService is set, the cost-analyzer will always pass THANOS_ENABLED as true - to ensure that the custom query service target is used. The global.thanos.enabled - flag does not have any affect on this behavior. - */}} - {{- if .Values.global.thanos.queryService }} - - name: THANOS_ENABLED - value: "true" - - name: THANOS_QUERY_URL - value: {{ .Values.global.thanos.queryService }} - - name: THANOS_QUERY_OFFSET - value: {{ .Values.global.thanos.queryOffset | default "3h" }} - - name: THANOS_MAX_SOURCE_RESOLUTION - value: {{ .Values.kubecostModel.maxSourceResolution | default "raw" }} - {{- else if and .Values.global.thanos.enabled .Values.thanos }} - {{- if .Values.thanos.query }} - {{- if .Values.thanos.query.enabled }} - - name: THANOS_ENABLED - value: "true" - - name: THANOS_QUERY_URL - value: http://{{ .Release.Name }}-thanos-query-frontend-http.{{ .Release.Namespace }}:{{ .Values.thanos.queryFrontend.http.port }} - - name: THANOS_QUERY_OFFSET - value: {{ .Values.global.thanos.queryOffset | default "3h" }} - - name: THANOS_MAX_SOURCE_RESOLUTION - value: {{ .Values.kubecostModel.maxSourceResolution | default "raw" }} - {{- end }} - {{- end }} - {{- end }} - {{- if .Values.saml }} - {{- if .Values.saml.enabled }} - - name: SAML_ENABLED - value: "true" - - name: IDP_URL - value: {{ .Values.saml.idpMetadataURL }} - - name: SP_HOST - value: {{ .Values.saml.appRootURL }} - {{- if .Values.saml.audienceURI }} - - name: AUDIENCE_URI - value: {{ .Values.saml.audienceURI }} - {{- end }} - {{- if .Values.saml.rbac.enabled }} - - name: SAML_RBAC_ENABLED - value: "true" - {{- end }} - {{- end }} - {{- end }} - {{- if and (.Values.prometheus.server.global.external_labels.cluster_id) (not .Values.prometheus.server.clusterIDConfigmap) }} - - name: CLUSTER_ID - value: {{ .Values.prometheus.server.global.external_labels.cluster_id }} - {{- end }} - {{- if .Values.prometheus.server.clusterIDConfigmap }} - - name: CLUSTER_ID - valueFrom: - configMapKeyRef: - name: {{ .Values.prometheus.server.clusterIDConfigmap }} - key: CLUSTER_ID - {{- end }} - {{- if .Values.remoteWrite.postgres.installLocal }} - - name: SQL_ADDRESS - value: pgprometheus - {{- else }} - - name: SQL_ADDRESS - value: {{ .Values.remoteWrite.postgres.remotePostgresAddress }} - {{- end }} - - name: RELEASE_NAME - value: {{ .Release.Name }} - - name: KUBECOST_NAMESPACE - value: {{ .Release.Namespace }} - - name: KUBECOST_TOKEN - valueFrom: - configMapKeyRef: - name: {{ template "cost-analyzer.fullname" . }} - key: kubecost-token - {{- if .Values.kubecostFrontend }} - {{- if .Values.imageVersion}} - - image: {{ .Values.kubecostFrontend.image }}:{{ .Values.imageVersion }} - {{- else }} - - image: {{ .Values.kubecostFrontend.image }}:prod-{{ $.Chart.AppVersion }} - {{ end }} - {{- else }} - - image: gcr.io/kubecost1/frontend:prod-{{ $.Chart.AppVersion }} - {{ end }} - {{- if .Values.kubecostFrontend.tls }} - {{- if .Values.kubecostFrontend.tls.enabled }} - command: ["nginx", "-g", "daemon off;"] - ports: - - containerPort: 443 - {{- end }} - {{- end }} - env: - - name: GET_HOSTS_FROM - value: dns - name: cost-analyzer-frontend - volumeMounts: - - name: nginx-conf - mountPath: /etc/nginx/conf.d/ - {{- if .Values.kubecostFrontend.tls }} - {{- if .Values.kubecostFrontend.tls.enabled }} - - name: tls - mountPath: /etc/ssl/certs - {{- end }} - {{- end }} - resources: -{{ toYaml .Values.kubecostFrontend.resources | indent 12 }} - {{- if .Values.kubecostFrontend.imagePullPolicy }} - imagePullPolicy: {{ .Values.kubecostFrontend.imagePullPolicy }} - {{- else }} - imagePullPolicy: Always - {{- end }} - readinessProbe: - httpGet: - path: /healthz - port: 9003 - initialDelaySeconds: 30 - periodSeconds: 10 - failureThreshold: 200 - {{- if .Values.kubecost }} - {{- if .Values.imageVersion}} - - image: {{ .Values.kubecost.image }}:{{ .Values.imageVersion }} - {{- else }} - - image: {{ .Values.kubecost.image }}:prod-{{ $.Chart.AppVersion }} - {{ end }} - {{- else }} - - image: gcr.io/kubecost1/server:prod-{{ $.Chart.AppVersion }} - {{ end }} - resources: -{{ toYaml .Values.kubecost.resources | indent 12 }} - name: cost-analyzer-server - readinessProbe: - httpGet: - path: /healthz - port: 9003 - initialDelaySeconds: 30 - periodSeconds: 10 - failureThreshold: 200 - volumeMounts: - - name: persistent-configs - mountPath: /var/configs - env: - - name: PROMETHEUS_SERVER_ENDPOINT - valueFrom: - configMapKeyRef: - name: {{ template "cost-analyzer.fullname" . }} - key: prometheus-server-endpoint - {{- if .Values.reporting }} - {{- if .Values.reporting.valuesReporting }} - - name: HELM_VALUES - value: {{ template "cost-analyzer.filterEnabled" .Values }} - {{- end }} - {{- end }} - {{- if .Values.global.prometheus.insecureSkipVerify }} - - name: INSECURE_SKIP_VERIFY - value: {{ (quote .Values.global.prometheus.insecureSkipVerify) }} - {{- end }} - {{- /* - If queryService is set, the cost-analyzer will always pass THANOS_ENABLED as true - to ensure that the custom query service target is used. The global.thanos.enabled - flag does not have any affect on this behavior. - */}} - {{- if .Values.global.thanos.queryService }} - - name: THANOS_ENABLED - value: "true" - - name: THANOS_QUERY_URL - value: {{ .Values.global.thanos.queryService }} - - name: THANOS_QUERY_OFFSET - value: {{ .Values.global.thanos.queryOffset | default "3h" }} - - name: THANOS_MAX_SOURCE_RESOLUTION - value: {{ .Values.kubecostModel.maxSourceResolution | default "raw" }} - {{- else if and .Values.global.thanos.enabled .Values.thanos }} - {{- if .Values.thanos.query }} - {{- if .Values.thanos.query.enabled }} - - name: THANOS_ENABLED - value: "true" - - name: THANOS_QUERY_URL - value: http://{{ .Release.Name }}-thanos-query-frontend-http.{{ .Release.Namespace }}:{{ .Values.thanos.queryFrontend.http.port }} - - name: THANOS_QUERY_OFFSET - value: {{ .Values.global.thanos.queryOffset | default "3h" }} - - name: THANOS_MAX_SOURCE_RESOLUTION - value: {{ .Values.kubecostModel.maxSourceResolution | default "raw" }} - {{- end }} - {{- end }} - {{- end }} - {{- if .Values.global.thanos.queryServiceBasicAuthSecretName}} - - name: MC_BASIC_AUTH_USERNAME - valueFrom: - secretKeyRef: - name: {{ .Values.global.thanos.queryServiceBasicAuthSecretName }} - key: USERNAME - - name: MC_BASIC_AUTH_PW - valueFrom: - secretKeyRef: - name: {{ .Values.global.thanos.queryServiceBasicAuthSecretName }} - key: PASSWORD - {{- end }} - {{- if .Values.global.prometheus.queryServiceBasicAuthSecretName}} - - name: DB_BASIC_AUTH_USERNAME - valueFrom: - secretKeyRef: - name: {{ .Values.global.prometheus.queryServiceBasicAuthSecretName }} - key: USERNAME - - name: DB_BASIC_AUTH_PW - valueFrom: - secretKeyRef: - name: {{ .Values.global.prometheus.queryServiceBasicAuthSecretName }} - key: PASSWORD - {{- end }} - {{- if .Values.global.prometheus.queryServiceBearerTokenSecretName }} - - name: DB_BEARER_TOKEN - valueFrom: - secretKeyRef: - name: {{ .Values.global.prometheus.queryServiceBearerTokenSecretName }} - key: TOKEN - {{- end }} - {{- if .Values.global.thanos.queryServiceBearerTokenSecretName }} - - name: MC_BEARER_TOKEN - valueFrom: - secretKeyRef: - name: {{ .Values.global.thanos.queryServiceBearerTokenSecretName }} - key: TOKEN - {{- end }} - - name: KUBECOST_NAMESPACE - value: {{ .Release.Namespace }} - - name: GOOGLE_APPLICATION_CREDENTIALS - value: /var/configs/key.json - - name: KUBECOST_TOKEN - valueFrom: - configMapKeyRef: - name: {{ template "cost-analyzer.fullname" . }} - key: kubecost-token - {{- if eq .Values.global.grafana.proxy false }} - - name: GRAFANA_URL - valueFrom: - configMapKeyRef: - name: external-grafana-config-map - key: grafanaURL - {{- end }} - {{- if .Values.imagePullSecrets }} - imagePullSecrets: - {{ toYaml .Values.imagePullSecrets | indent 2 }} - {{- end }} - {{- if .Values.priority }} - {{- if .Values.priority.enabled }} - priorityClassName: {{ template "cost-analyzer.fullname" . }}-priority - {{- end }} - {{- end }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-frontend-config-map-template.yaml b/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-frontend-config-map-template.yaml deleted file mode 100644 index 429ed1f90..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-frontend-config-map-template.yaml +++ /dev/null @@ -1,174 +0,0 @@ -{{- $serviceName := include "cost-analyzer.serviceName" . -}} -{{- $nginxPort := .Values.service.targetPort | default 9090 -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: nginx-conf - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} -data: - nginx.conf: | - gzip_static on; - - # Enable gzip encoding for content of the provided types of 50kb and higher. - gzip on; - gzip_min_length 50000; - gzip_proxied expired no-cache no-store private auth; - gzip_types - text/plain - text/css - text/xml - text/javascript - application/x-javascript - application/xml - application/json; - - upstream api { - server {{ $serviceName }}.{{ .Release.Namespace }}:9001; - } - - upstream model { - server {{ $serviceName }}.{{ .Release.Namespace }}:9003; - } - -{{- if .Values.clusterController }} -{{- if .Values.clusterController.enabled }} - upstream clustercontroller { - server {{ template "kubecost.clusterControllerName" . }}-service.{{ .Release.Namespace }}:9731; - } -{{- end }} -{{- end }} - -{{- if .Values.global.grafana.proxy }} - upstream grafana { -{{- if .Values.global.grafana.enabled }} - server {{ .Release.Name }}-grafana.{{ .Release.Namespace }}; -{{ else }} - server {{.Values.global.grafana.domainName}}; -{{ end }} - } -{{ end }} - - server { - server_name _; - root /var/www; - index index.html; - add_header Cache-Control "max-age=300"; - add_header Cache-Control "must-revalidate"; -{{- if .Values.imageVersion }} - add_header ETag "{{ $.Values.imageVersion }}"; -{{- else }} - add_header ETag "{{ $.Chart.Version }}"; -{{- end }} -{{- if .Values.kubecostFrontend.tls }} -{{- if .Values.kubecostFrontend.tls.enabled }} - ssl_certificate /etc/ssl/certs/kc.crt; - ssl_certificate_key /etc/ssl/certs/kc.key; - listen 443 ssl; -{{- else }} - listen {{ $nginxPort }}; -{{- end }} -{{- else }} - listen {{ $nginxPort }}; -{{- end }} - location /api/ { - {{- if .Values.saml.enabled }} - auth_request /auth; - {{- end }} - proxy_pass http://api/; - proxy_redirect off; - proxy_http_version 1.1; - proxy_set_header Connection ""; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } - location /model/ { - proxy_connect_timeout 180; - proxy_send_timeout 180; - proxy_read_timeout 180; - proxy_pass http://model/; - proxy_redirect off; - proxy_http_version 1.1; - proxy_set_header Connection ""; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } - - location ~ ^/(turndown|cluster)/ { - - add_header 'Access-Control-Allow-Origin' '*' always; -{{- if .Values.clusterController }} -{{- if .Values.clusterController.enabled }} - {{- if .Values.saml }} - {{- if .Values.saml.enabled }} - auth_request /auth; - {{- else if .Values.saml.rbac.enabled}} - auth_request /authrbac; - {{- end }} - {{- end }} - - rewrite ^/(?:turndown|cluster)/(.*)$ /$1 break; - proxy_pass http://clustercontroller; - proxy_connect_timeout 180; - proxy_send_timeout 180; - proxy_read_timeout 180; - proxy_redirect off; - proxy_http_version 1.1; - proxy_set_header Connection ""; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - -{{- else }} - return 404; -{{- end }} -{{- else }} - return 404; -{{- end }} - } - location /saml/ { - proxy_connect_timeout 180; - proxy_send_timeout 180; - proxy_read_timeout 180; - proxy_pass http://model/saml/; - proxy_redirect off; - proxy_http_version 1.1; - proxy_set_header Connection ""; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } - location /login { - proxy_connect_timeout 180; - proxy_send_timeout 180; - proxy_read_timeout 180; - proxy_pass http://model/login; - proxy_redirect off; - proxy_http_version 1.1; - proxy_set_header Connection ""; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } - - {{- if .Values.global.grafana.proxy }} - location /grafana/ { - {{- if .Values.saml.enabled }} - auth_request /auth; - {{- end }} - proxy_pass http://grafana/; - proxy_redirect off; - proxy_http_version 1.1; - proxy_set_header Connection ""; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } - {{ end }} - {{- if .Values.saml.enabled }} - location /auth { - proxy_pass http://model/isAuthenticated; - } - {{- end }} - {{- if .Values.saml.rbac.enabled }} - location /authrbac { - proxy_pass http://model/isAdminAuthenticated; - } - {{- end }} - } diff --git a/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-ingress-template.yaml b/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-ingress-template.yaml deleted file mode 100644 index 1b6e8776a..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-ingress-template.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if .Values.ingress -}} -{{- if .Values.ingress.enabled -}} -{{- $fullName := include "cost-analyzer.fullname" . -}} -{{- $serviceName := include "cost-analyzer.serviceName" . -}} -{{- $ingressPaths := .Values.ingress.paths -}} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: {{ $fullName }} - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} - {{- with .Values.ingress.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: -{{- if .Values.ingress.tls }} - tls: - {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} -{{- end }} - rules: - {{- range .Values.ingress.hosts }} - - host: {{ . | quote }} - http: - paths: - {{- range $ingressPaths }} - - path: {{ . }} - backend: - serviceName: {{ $serviceName }} - servicePort: frontend - {{- end }} - {{- end }} -{{- end }} -{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-network-costs-config-map-template.yaml b/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-network-costs-config-map-template.yaml deleted file mode 100644 index 37276f297..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-network-costs-config-map-template.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if .Values.networkCosts -}} -{{- if .Values.networkCosts.enabled -}} -{{- if .Values.networkCosts.config -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: network-costs-config - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} -data: - config.yaml: | -{{- toYaml .Values.networkCosts.config | nindent 4 }} -{{- end -}} -{{- end -}} -{{- end -}} \ No newline at end of file diff --git a/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-network-costs-podmonitor-template.yaml b/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-network-costs-podmonitor-template.yaml deleted file mode 100644 index d45567616..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-network-costs-podmonitor-template.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{- if .Values.networkCosts }} -{{- if .Values.networkCosts.enabled }} -{{- if .Values.networkCosts.podMonitor }} -{{- if .Values.networkCosts.podMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: PodMonitor -metadata: - name: {{ include "cost-analyzer.networkCostsName" . }} - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} - {{- if .Values.networkCosts.podMonitor.additionalLabels }} - {{ toYaml .Values.networkCosts.podMonitor.additionalLabels | nindent 4 }} - {{- end }} -spec: - podMetricsEndpoints: - - port: http-server - honorLabels: true - interval: 1m - scrapeTimeout: 10s - path: /metrics - scheme: http - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} - selector: - matchLabels: - app: {{ template "cost-analyzer.networkCostsName" . }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-network-costs-template.yaml b/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-network-costs-template.yaml deleted file mode 100644 index e87d8d44b..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-network-costs-template.yaml +++ /dev/null @@ -1,93 +0,0 @@ -{{- if .Values.networkCosts -}} -{{- if .Values.networkCosts.enabled -}} -apiVersion: {{ include "cost-analyzer.daemonset.apiVersion" . }} -kind: DaemonSet -metadata: - name: {{ template "cost-analyzer.networkCostsName" . }} - labels: - {{- include "cost-analyzer.commonLabels" . | nindent 4 }} -spec: - updateStrategy: - type: RollingUpdate - selector: - matchLabels: - app: {{ template "cost-analyzer.networkCostsName" . }} - template: - metadata: - labels: - app: {{ template "cost-analyzer.networkCostsName" . }} - spec: - hostNetwork: true - serviceAccountName: {{ template "cost-analyzer.serviceAccountName" . }} - containers: - - name: {{ template "cost-analyzer.networkCostsName" . }} - image: {{ .Values.networkCosts.image }} -{{- if .Values.networkCosts.imagePullPolicy }} - imagePullPolicy: {{ .Values.networkCosts.imagePullPolicy }} -{{- else }} - imagePullPolicy: Always -{{- end }} -{{- if .Values.networkCosts.resources }} - resources: -{{ toYaml .Values.networkCosts.resources | indent 10 }} -{{- end }} - env: - {{- if .Values.networkCosts.hostProc }} - - name: HOST_PROC - value: {{ .Values.networkCosts.hostProc.mountPath }} - {{- end }} - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_PORT - value: {{ (quote .Values.networkCosts.port) | default (quote 3001) }} - - name: TRAFFIC_LOGGING_ENABLED - value: {{ (quote .Values.networkCosts.trafficLogging) | default (quote true) }} - volumeMounts: - {{- if .Values.networkCosts.hostProc }} - - mountPath: {{ .Values.networkCosts.hostProc.mountPath }} - name: host-proc - {{- else }} - - mountPath: /net - name: nf-conntrack - - mountPath: /netfilter - name: netfilter - {{- end }} - {{- if .Values.networkCosts.config }} - - mountPath: /network-costs/config - name: network-costs-config - {{- end }} - securityContext: - privileged: true - ports: - - name: http-server - containerPort: {{ .Values.networkCosts.port | default 3001 }} - hostPort: {{ .Values.networkCosts.port | default 3001 }} -{{- if .Values.networkCosts.priorityClassName }} - priorityClassName: "{{ .Values.networkCosts.priorityClassName }}" -{{- end }} -{{- if .Values.networkCosts.tolerations }} - tolerations: -{{ toYaml .Values.networkCosts.tolerations | indent 8 }} - {{- end }} - volumes: - {{- if .Values.networkCosts.config }} - - name: network-costs-config - configMap: - name: network-costs-config - {{- end }} - {{- if .Values.networkCosts.hostProc }} - - name: host-proc - hostPath: - path: {{ default "/proc" .Values.networkCosts.hostProc.hostPath }} - {{- else }} - - name: nf-conntrack - hostPath: - path: /proc/net - - name: netfilter - hostPath: - path: /proc/sys/net/netfilter - {{- end }} -{{- end }} -{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-network-policy.yaml b/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-network-policy.yaml deleted file mode 100644 index 872951bd1..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-network-policy.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.networkPolicy -}} -{{- if .Values.networkPolicy.enabled -}} -apiVersion: {{ include "cost-analyzer.networkPolicy.apiVersion" . }} -kind: NetworkPolicy -metadata: - name: deny-egress - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} -spec: - podSelector: - matchLabels: - {{ include "cost-analyzer.selectorLabels" . | nindent 6 }} - policyTypes: - - Egress - egress: - - to: - - namespaceSelector: {} -{{- end -}} -{{- end -}} diff --git a/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-pkey-configmap.yaml b/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-pkey-configmap.yaml deleted file mode 100644 index 5ce22f52b..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-pkey-configmap.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.kubecostProductConfigs }} -{{- if .Values.kubecostProductConfigs.productKey }} -{{- if .Values.kubecostProductConfigs.productKey.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: product-configs - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} -data: - {{- if .Values.kubecostProductConfigs.productKey.key }} - key: {{ .Values.kubecostProductConfigs.productKey.key | quote }} - {{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} \ No newline at end of file diff --git a/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-postgres-deployment.yaml b/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-postgres-deployment.yaml deleted file mode 100644 index 08f82a5ac..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-postgres-deployment.yaml +++ /dev/null @@ -1,49 +0,0 @@ -{{- if .Values.remoteWrite -}} -{{- if .Values.remoteWrite.postgres -}} -{{- if .Values.remoteWrite.postgres.enabled -}} -{{- if .Values.remoteWrite.postgres.installLocal -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "cost-analyzer.fullname" . }}-postgres - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} -spec: - selector: - matchLabels: - app: postgres - strategy: - rollingUpdate: - maxSurge: 1 - maxUnavailable: 1 - type: RollingUpdate - template: - metadata: - labels: - app: postgres - spec: - containers: - - image: timescale/pg_prometheus:latest-pg11 - name: pgprometheus - ports: - - containerPort: 5432 - args: - - -csynchronous_commit=off - - -S 1GB - env: - - name: POSTGRES_PASSWORD - value: {{ .Values.remoteWrite.postgres.auth.password }} - - name: POSTGRES_USER - value: postgres - volumeMounts: - - mountPath: /var/lib/postgresql/data - name: postgres-pv-volume - subPath: postgres - volumes: - - name: postgres-pv-volume - persistentVolumeClaim: - claimName: postgres-pv-claim -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-postgres-pv.yaml b/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-postgres-pv.yaml deleted file mode 100644 index 0a67fa928..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-postgres-pv.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if .Values.remoteWrite -}} -{{- if .Values.remoteWrite.postgres -}} -{{- if .Values.remoteWrite.postgres.enabled -}} -{{- if .Values.remoteWrite.postgres.installLocal -}} -kind: PersistentVolume -apiVersion: v1 -metadata: - name: postgres-pv-volume - labels: - type: local - app: postgres -spec: - capacity: - storage: {{ .Values.remoteWrite.postgres.persistentVolume.size }} - accessModes: - - ReadWriteOnce - hostPath: - path: "/mnt/data" -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-postgres-pvc.yaml b/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-postgres-pvc.yaml deleted file mode 100644 index 8c5deb444..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-postgres-pvc.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.remoteWrite -}} -{{- if .Values.remoteWrite.postgres -}} -{{- if .Values.remoteWrite.postgres.enabled -}} -{{- if .Values.remoteWrite.postgres.installLocal -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: postgres-pv-claim - labels: - app: postgres -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: {{ .Values.remoteWrite.postgres.persistentVolume.size }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-postgres-service.yaml b/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-postgres-service.yaml deleted file mode 100644 index 5488c58b1..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-postgres-service.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if .Values.remoteWrite -}} -{{- if .Values.remoteWrite.postgres -}} -{{- if .Values.remoteWrite.postgres.enabled -}} -{{- if .Values.remoteWrite.postgres.installLocal -}} -kind: Service -apiVersion: v1 -metadata: - name: pgprometheus - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} -spec: - selector: - app: postgres - type: ClusterIP - ports: - - name: server - port: 5432 - targetPort: 5432 -{{- end }} -{{- end }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-pricing-configmap.yaml b/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-pricing-configmap.yaml deleted file mode 100644 index 7163cec98..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-pricing-configmap.yaml +++ /dev/null @@ -1,121 +0,0 @@ -{{- if .Values.kubecostProductConfigs }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: pricing-configs - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} -data: - {{- if .Values.kubecostProductConfigs.defaultModelPricing }} - {{- if .Values.kubecostProductConfigs.defaultModelPricing.enabled }} - {{- if .Values.kubecostProductConfigs.customPricesEnabled }} - customPricesEnabled: "{{ .Values.kubecostProductConfigs.customPricesEnabled }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.defaultModelPricing.CPU }} - CPU: "{{ .Values.kubecostProductConfigs.defaultModelPricing.CPU | toString }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.defaultModelPricing.spotCPU }} - spotCPU: "{{ .Values.kubecostProductConfigs.defaultModelPricing.spotCPU | toString }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.defaultModelPricing.RAM }} - RAM: "{{ .Values.kubecostProductConfigs.defaultModelPricing.RAM | toString }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.defaultModelPricing.spotRAM }} - spotRAM: "{{ .Values.kubecostProductConfigs.defaultModelPricing.spotRAM | toString }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.defaultModelPricing.GPU }} - GPU: "{{ .Values.kubecostProductConfigs.defaultModelPricing.GPU | toString }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.defaultModelPricing.spotGPU }} - spotGPU: "{{ .Values.kubecostProductConfigs.defaultModelPricing.spotGPU | toString }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.defaultModelPricing.storage }} - storage: "{{ .Values.kubecostProductConfigs.defaultModelPricing.storage | toString }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.defaultModelPricing.zoneNetworkEgress }} - zoneNetworkEgress: "{{ .Values.kubecostProductConfigs.defaultModelPricing.zoneNetworkEgress | toString }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.defaultModelPricing.regionNetworkEgress }} - regionNetworkEgress: "{{ .Values.kubecostProductConfigs.defaultModelPricing.regionNetworkEgress | toString }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.defaultModelPricing.internetNetworkEgress }} - internetNetworkEgress: "{{ .Values.kubecostProductConfigs.defaultModelPricing.internetNetworkEgress | toString }}" - {{- end -}} - {{- end -}} - {{- end -}} - {{- if .Values.kubecostProductConfigs.clusterName }} - clusterName: "{{ .Values.kubecostProductConfigs.clusterName }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.currencyCode }} - currencyCode: "{{ .Values.kubecostProductConfigs.currencyCode }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.azureBillingRegion }} - azureBillingRegion: "{{ .Values.kubecostProductConfigs.azureBillingRegion }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.azureSubscriptionID }} - azureSubscriptionID: "{{ .Values.kubecostProductConfigs.azureSubscriptionID }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.azureClientID }} - azureClientID: "{{ .Values.kubecostProductConfigs.azureClientID }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.azureTenantID }} - azureTenantID: "{{ .Values.kubecostProductConfigs.azureTenantID }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.discount }} - discount: "{{ .Values.kubecostProductConfigs.discount }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.negotiatedDiscount }} - negotiatedDiscount: "{{ .Values.kubecostProductConfigs.negotiatedDiscount }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.defaultIdle }} - defaultIdle: "{{ .Values.kubecostProductConfigs.defaultIdle }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.sharedNamespaces }} - sharedNamespaces: "{{ .Values.kubecostProductConfigs.sharedNamespaces }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.spotLabel }} - spotLabel: "{{ .Values.kubecostProductConfigs.spotLabel }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.spotLabelValue }} - spotLabelValue: "{{ .Values.kubecostProductConfigs.spotLabelValue }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.awsSpotDataRegion }} - spotDataRegion: "{{ .Values.kubecostProductConfigs.awsSpotDataRegion }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.awsSpotDataBucket }} - spotDataBucket: "{{ .Values.kubecostProductConfigs.awsSpotDataBucket }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.awsSpotDataPrefix }} - spotDataPrefix: "{{ .Values.kubecostProductConfigs.awsSpotDataPrefix }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.projectID }} - projectID: "{{ .Values.kubecostProductConfigs.projectID }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.bigQueryBillingDataDataset }} - billingDataDataset: "{{ .Values.kubecostProductConfigs.bigQueryBillingDataDataset }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.athenaProjectID }} - athenaProjectID: "{{ .Values.kubecostProductConfigs.athenaProjectID }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.athenaBucketName }} - athenaBucketName: "{{ .Values.kubecostProductConfigs.athenaBucketName }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.athenaRegion }} - athenaRegion: "{{ .Values.kubecostProductConfigs.athenaRegion }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.athenaDatabase }} - athenaDatabase: "{{ .Values.kubecostProductConfigs.athenaDatabase }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.athenaTable }} - athenaTable: "{{ .Values.kubecostProductConfigs.athenaTable }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.masterPayerARN}} - masterPayerARN: "{{ .Values.kubecostProductConfigs.masterPayerARN }}" - {{- end }} - {{- if .Values.kubecostProductConfigs.gpuLabel }} - gpuLabel: "{{ .Values.kubecostProductConfigs.gpuLabel }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.gpuLabelValue }} - gpuLabelValue: "{{ .Values.kubecostProductConfigs.gpuLabelValue }}" - {{- end -}} -{{- end -}} diff --git a/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-prometheus-postgres-adapter-deployment.yaml b/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-prometheus-postgres-adapter-deployment.yaml deleted file mode 100644 index c2b282772..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-prometheus-postgres-adapter-deployment.yaml +++ /dev/null @@ -1,53 +0,0 @@ -{{- if .Values.remoteWrite -}} -{{- if .Values.remoteWrite.postgres -}} -{{- if .Values.remoteWrite.postgres.enabled -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "cost-analyzer.fullname" . }}-adapter - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} -spec: - selector: - matchLabels: - app: adapter - strategy: - rollingUpdate: - maxSurge: 1 - maxUnavailable: 1 - type: RollingUpdate - template: - metadata: - labels: - app: adapter - spec: - initContainers: - - name: kubecost-sql-init - image: {{ .Values.remoteWrite.postgres.initImage }}:prod-{{ $.Chart.AppVersion }} - {{- if .Values.remoteWrite.postgres.initImagePullPolicy }} - imagePullPolicy: {{ .Values.remoteWrite.postgres.initImagePullPolicy }} - {{- else }} - imagePullPolicy: Always - {{- end }} - env: - - name: PROMETHEUS_SERVER_ENDPOINT - valueFrom: - configMapKeyRef: - name: {{ template "cost-analyzer.fullname" . }} - key: prometheus-server-endpoint - containers: - - image: timescale/prometheus-postgresql-adapter:latest - name: pgprometheusadapter - ports: - - containerPort: 9201 - args: - {{- if .Values.remoteWrite.postgres.installLocal }} - - "-pg-host=pgprometheus" - {{- else }} - - "-pg-host={{ .Values.remoteWrite.postgres.remotePostgresAddress }}" - {{- end }} - - "-pg-prometheus-log-samples=true" - - "-pg-password={{ .Values.remoteWrite.postgres.auth.password }}" -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-prometheus-postgres-adapter-service.yaml b/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-prometheus-postgres-adapter-service.yaml deleted file mode 100644 index d36479439..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-prometheus-postgres-adapter-service.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.remoteWrite -}} -{{- if .Values.remoteWrite.postgres -}} -{{- if .Values.remoteWrite.postgres.enabled -}} -kind: Service -apiVersion: v1 -metadata: - name: pgprometheus-adapter - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} -spec: - selector: - app: adapter - type: ClusterIP - ports: - - name: server - port: 9201 - targetPort: 9201 -{{- end }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-prometheusrule-template.yaml b/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-prometheusrule-template.yaml deleted file mode 100644 index 61380b424..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-prometheusrule-template.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.prometheus }} -{{- if .Values.prometheus.serverFiles }} -{{- if .Values.prometheus.serverFiles.rules }} -{{- if .Values.prometheusRule }} -{{- if .Values.prometheusRule.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ include "cost-analyzer.fullname" . }} - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} - {{- if .Values.prometheusRule.additionalLabels }} - {{ toYaml .Values.prometheusRule.additionalLabels | nindent 4 }} - {{- end }} -spec: - {{ toYaml .Values.prometheus.serverFiles.rules | nindent 2 }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-psp-role.template.yaml b/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-psp-role.template.yaml deleted file mode 100644 index f326b1f1c..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-psp-role.template.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.podSecurityPolicy }} -{{- if .Values.podSecurityPolicy.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: kubecost-cost-analyzer-psp - annotations: -{{- if .Values.podSecurityPolicy.annotations }} -{{ toYaml .Values.podSecurityPolicy.annotations | indent 4 }} -{{- end }} -rules: -- apiGroups: ['extensions'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - kubecost-cost-analyzer-psp -{{- end }} -{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-psp-rolebinding.template.yaml b/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-psp-rolebinding.template.yaml deleted file mode 100644 index 8e1d925c5..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-psp-rolebinding.template.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.podSecurityPolicy }} -{{- if .Values.podSecurityPolicy.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: kubecost-cost-analyzer-psp -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: kubecost-cost-analyzer-psp -subjects: -- kind: ServiceAccount - name: {{ template "cost-analyzer.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} -{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-psp.template.yaml b/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-psp.template.yaml deleted file mode 100644 index 885ab9ca9..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-psp.template.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.podSecurityPolicy }} -{{- if .Values.podSecurityPolicy.enabled }} -apiVersion: {{ include "cost-analyzer.podSecurityPolicy.apiVersion" . }} -kind: PodSecurityPolicy -metadata: - name: kubecost-cost-analyzer-psp -spec: - privileged: true - seLinux: - rule: RunAsAny - supplementalGroups: - rule: RunAsAny - runAsUser: - rule: RunAsAny - fsGroup: - rule: RunAsAny - volumes: - - '*' -{{- end }} -{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-pvc-template.yaml b/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-pvc-template.yaml deleted file mode 100644 index d3e257668..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-pvc-template.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if .Values.persistentVolume -}} -{{- if not .Values.persistentVolume.existingClaim -}} -{{- if .Values.persistentVolume.enabled -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ template "cost-analyzer.fullname" . }} - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} -spec: - accessModes: - - ReadWriteOnce - {{- if .Values.persistentVolume.storageClass }} - storageClassName: {{ .Values.persistentVolume.storageClass }} - {{ end }} - resources: - requests: - {{- if .Values.persistentVolume }} - storage: {{ .Values.persistentVolume.size }} - {{- else }} - storage: 0.2Gi - {{ end }} -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-saml-config-map-template.yaml b/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-saml-config-map-template.yaml deleted file mode 100644 index 71ac8659c..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-saml-config-map-template.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if .Values.saml }} -{{- if .Values.saml.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "cost-analyzer.fullname" . }}-saml - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} -data: -{{- $root := . }} - saml.json: '{{ toJson .Values.saml }}' -{{- end -}} -{{- end -}} \ No newline at end of file diff --git a/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-server-configmap.yaml b/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-server-configmap.yaml deleted file mode 100644 index edf5ca6fa..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-server-configmap.yaml +++ /dev/null @@ -1,69 +0,0 @@ -{{- if .Values.kubecostProductConfigs }} -{{- if or .Values.kubecostProductConfigs.grafanaURL .Values.kubecostProductConfigs.labelMappingConfigs }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: app-configs - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} -data: -{{- if .Values.kubecostProductConfigs.labelMappingConfigs }} -{{- if .Values.kubecostProductConfigs.labelMappingConfigs.enabled }} - {{- if .Values.kubecostProductConfigs.labelMappingConfigs.owner_label }} - owner_label: "{{ .Values.kubecostProductConfigs.labelMappingConfigs.owner_label }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.labelMappingConfigs.team_label }} - team_label: "{{ .Values.kubecostProductConfigs.labelMappingConfigs.team_label }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.labelMappingConfigs.department_label }} - department_label: "{{ .Values.kubecostProductConfigs.labelMappingConfigs.department_label }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.labelMappingConfigs.product_label }} - product_label: "{{ .Values.kubecostProductConfigs.labelMappingConfigs.product_label }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.labelMappingConfigs.environment_label }} - environment_label: "{{ .Values.kubecostProductConfigs.labelMappingConfigs.environment_label }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.labelMappingConfigs.namespace_external_label }} - namespace_external_label: "{{ .Values.kubecostProductConfigs.labelMappingConfigs.namespace_external_label }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.labelMappingConfigs.cluster_external_label }} - cluster_external_label: "{{ .Values.kubecostProductConfigs.labelMappingConfigs.cluster_external_label }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.labelMappingConfigs.controller_external_label }} - controller_external_label: "{{ .Values.kubecostProductConfigs.labelMappingConfigs.controller_external_label }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.labelMappingConfigs.product_external_label }} - product_external_label: "{{ .Values.kubecostProductConfigs.labelMappingConfigs.product_external_label }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.labelMappingConfigs.service_external_label }} - service_external_label: "{{ .Values.kubecostProductConfigs.labelMappingConfigs.service_external_label }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.labelMappingConfigs.deployment_external_label }} - deployment_external_label: "{{ .Values.kubecostProductConfigs.labelMappingConfigs.deployment_external_label }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.labelMappingConfigs.team_external_label }} - team_external_label: "{{ .Values.kubecostProductConfigs.labelMappingConfigs.team_external_label }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.labelMappingConfigs.environment_external_label }} - environment_external_label: "{{ .Values.kubecostProductConfigs.labelMappingConfigs.environment_external_label }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.labelMappingConfigs.department_external_label }} - department_external_label: "{{ .Values.kubecostProductConfigs.labelMappingConfigs.department_external_label }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.labelMappingConfigs.statefulset_external_label }} - statefulset_external_label: "{{ .Values.kubecostProductConfigs.labelMappingConfigs.statefulset_external_label }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.labelMappingConfigs.daemonset_external_label }} - daemonset_external_label: "{{ .Values.kubecostProductConfigs.labelMappingConfigs.daemonset_external_label }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.labelMappingConfigs.pod_external_label }} - pod_external_label: "{{ .Values.kubecostProductConfigs.labelMappingConfigs.pod_external_label }}" - {{- end -}} -{{- end -}} -{{- end -}} - {{- if .Values.kubecostProductConfigs.grafanaURL }} - grafanaURL: "{{ .Values.kubecostProductConfigs.grafanaURL }}" - {{- end -}} -{{- end -}} -{{- end -}} diff --git a/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-service-account-template.yaml b/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-service-account-template.yaml deleted file mode 100644 index d5e3be3b9..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-service-account-template.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if .Values.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "cost-analyzer.serviceAccountName" . }} - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} -{{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} -{{- end }} -{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-service-template.yaml b/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-service-template.yaml deleted file mode 100644 index dd48bb3f8..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-service-template.yaml +++ /dev/null @@ -1,69 +0,0 @@ -{{- $nginxPort := .Values.service.targetPort | default 9090 -}} -{{- $servicePort := .Values.service.port | default 9090 -}} -kind: Service -apiVersion: v1 -metadata: - name: {{ template "cost-analyzer.serviceName" . }} - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} -{{- if .Values.service.labels }} -{{ toYaml .Values.service.labels | indent 4 }} -{{- end }} -{{- if .Values.service.annotations }} - annotations: -{{ toYaml .Values.service.annotations | indent 4 }} -{{- end }} -spec: - selector: - {{ include "cost-analyzer.selectorLabels" . | nindent 4 }} -{{- if .Values.service -}} -{{- if .Values.service.type }} - type: "{{ .Values.service.type }}" -{{- else }} - type: ClusterIP -{{- end }} -{{- else }} - type: ClusterIP -{{- end }} - ports: - - name: server - port: 9001 - targetPort: 9001 - - name: model - port: 9003 - targetPort: 9003 - - name: frontend - {{- if .Values.kubecostFrontend.tls }} - {{- if .Values.kubecostFrontend.tls.enabled }} - port: 443 - targetPort: 443 - {{- if (eq .Values.service.type "NodePort") }} - {{- if .Values.service.nodePort }} - nodePort: {{ .Values.service.nodePort }} - {{- end }} - {{- end }} - {{- else }} - port: {{ $servicePort }} - targetPort: {{ $nginxPort }} - {{- if (eq .Values.service.type "NodePort") }} - {{- if .Values.service.nodePort }} - nodePort: {{ .Values.service.nodePort }} - {{- end }} - {{- end }} - {{- end}} - {{- else }} - port: {{ $servicePort }} - targetPort: {{ $nginxPort }} - {{- if (eq .Values.service.type "NodePort") }} - {{- if .Values.service.nodePort }} - nodePort: {{ .Values.service.nodePort }} - {{- end }} - {{- end }} - {{- end }} - {{- if .Values.saml }} - {{- if .Values.saml.enabled }} - - name: apiserver - port: 9004 - targetPort: 9004 - {{- end }} - {{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-servicemonitor-template.yaml b/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-servicemonitor-template.yaml deleted file mode 100644 index 6f79d8cd4..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/templates/cost-analyzer-servicemonitor-template.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{- if .Values.serviceMonitor }} -{{- if .Values.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "cost-analyzer.fullname" . }} - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} - {{- if .Values.serviceMonitor.additionalLabels }} - {{ toYaml .Values.serviceMonitor.additionalLabels | nindent 4 }} - {{- end }} -spec: - endpoints: - - port: model - honorLabels: true - interval: 1m - scrapeTimeout: 10s - path: /metrics - scheme: http - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} - selector: - matchLabels: - {{ include "cost-analyzer.selectorLabels" . | nindent 6 }} -{{- end }} -{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/templates/external-grafana-config-map-template.yaml b/charts/kubecost/cost-analyzer/1.70.0/templates/external-grafana-config-map-template.yaml deleted file mode 100644 index 5e81ed359..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/templates/external-grafana-config-map-template.yaml +++ /dev/null @@ -1,10 +0,0 @@ -{{- if eq .Values.global.grafana.proxy false -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: external-grafana-config-map - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} -data: - grafanaURL: {{ .Values.global.grafana.scheme | default "http" }}://{{- .Values.global.grafana.domainName }} -{{- end -}} \ No newline at end of file diff --git a/charts/kubecost/cost-analyzer/1.70.0/templates/grafana-attached-disk-metrics-template.yaml b/charts/kubecost/cost-analyzer/1.70.0/templates/grafana-attached-disk-metrics-template.yaml deleted file mode 100644 index 6d896a34c..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/templates/grafana-attached-disk-metrics-template.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if .Values.grafana -}} -{{- if .Values.grafana.sidecar -}} -{{- if .Values.grafana.sidecar.dashboards -}} -{{- if .Values.grafana.sidecar.dashboards.enabled -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: attached-disk-metrics-dashboard - {{- if $.Values.grafana.namespace_dashboards }} - namespace: {{ $.Values.grafana.namespace_dashboards }} - {{- end }} - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: "1" - {{- else }} - grafana_dashboard: "1" - {{- end }} -data: - attached-disks.json: |- -{{ .Files.Get "attached-disks.json" | indent 8 }} -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/charts/kubecost/cost-analyzer/1.70.0/templates/grafana-dashboard-cluster-metrics-template.yaml b/charts/kubecost/cost-analyzer/1.70.0/templates/grafana-dashboard-cluster-metrics-template.yaml deleted file mode 100644 index 91650c74b..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/templates/grafana-dashboard-cluster-metrics-template.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{- if .Values.grafana -}} -{{- if .Values.grafana.sidecar -}} -{{- if .Values.grafana.sidecar.dashboards -}} -{{- if .Values.grafana.sidecar.dashboards.enabled -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: cluster-metrics-dashboard - {{- if $.Values.grafana.namespace_dashboards }} - namespace: {{ $.Values.grafana.namespace_dashboards }} - {{- end }} - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: "1" - {{- else }} - grafana_dashboard: "1" - {{- end }} -data: - cluster-metrics.json: |- -{{ .Files.Get "cluster-metrics.json" | indent 8 }} -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} - - diff --git a/charts/kubecost/cost-analyzer/1.70.0/templates/grafana-dashboard-cluster-utilization-template.yaml b/charts/kubecost/cost-analyzer/1.70.0/templates/grafana-dashboard-cluster-utilization-template.yaml deleted file mode 100644 index 8fe764c3e..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/templates/grafana-dashboard-cluster-utilization-template.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if .Values.grafana -}} -{{- if .Values.grafana.sidecar -}} -{{- if .Values.grafana.sidecar.dashboards -}} -{{- if .Values.grafana.sidecar.dashboards.enabled -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: cluster-utilization-dashboard - {{- if $.Values.grafana.namespace_dashboards }} - namespace: {{ $.Values.grafana.namespace_dashboards }} - {{- end }} - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: "1" - {{- else }} - grafana_dashboard: "1" - {{- end }} -data: - cluster-utilization.json: |- -{{ .Files.Get "cluster-utilization.json" | indent 8 }} -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/charts/kubecost/cost-analyzer/1.70.0/templates/grafana-dashboard-deployment-utilization-template.yaml b/charts/kubecost/cost-analyzer/1.70.0/templates/grafana-dashboard-deployment-utilization-template.yaml deleted file mode 100644 index d16c70bcd..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/templates/grafana-dashboard-deployment-utilization-template.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if .Values.grafana -}} -{{- if .Values.grafana.sidecar -}} -{{- if .Values.grafana.sidecar.dashboards -}} -{{- if .Values.grafana.sidecar.dashboards.enabled -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: deployment-utilization-dashboard - {{- if $.Values.grafana.namespace_dashboards }} - namespace: {{ $.Values.grafana.namespace_dashboards }} - {{- end }} - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: "1" - {{- else }} - grafana_dashboard: "1" - {{- end }} -data: - deployment-utilization.json: |- -{{ .Files.Get "deployment-utilization.json" | indent 8 }} -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/charts/kubecost/cost-analyzer/1.70.0/templates/grafana-dashboard-label-cost-utilization-template.yaml b/charts/kubecost/cost-analyzer/1.70.0/templates/grafana-dashboard-label-cost-utilization-template.yaml deleted file mode 100644 index 2372514d4..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/templates/grafana-dashboard-label-cost-utilization-template.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if .Values.grafana -}} -{{- if .Values.grafana.sidecar -}} -{{- if .Values.grafana.sidecar.dashboards -}} -{{- if .Values.grafana.sidecar.dashboards.enabled -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: label-cost-dashboard - {{- if $.Values.grafana.namespace_dashboards }} - namespace: {{ $.Values.grafana.namespace_dashboards }} - {{- end }} - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: "1" - {{- else }} - grafana_dashboard: "1" - {{- end }} -data: - label-cost-utilization.json: |- -{{ .Files.Get "label-cost-utilization.json" | indent 8 }} -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/charts/kubecost/cost-analyzer/1.70.0/templates/grafana-dashboard-namespace-utilization-template.yaml b/charts/kubecost/cost-analyzer/1.70.0/templates/grafana-dashboard-namespace-utilization-template.yaml deleted file mode 100644 index 17393dd16..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/templates/grafana-dashboard-namespace-utilization-template.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if .Values.grafana -}} -{{- if .Values.grafana.sidecar -}} -{{- if .Values.grafana.sidecar.dashboards -}} -{{- if .Values.grafana.sidecar.dashboards.enabled -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: namespace-utilization-dashboard - {{- if $.Values.grafana.namespace_dashboards }} - namespace: {{ $.Values.grafana.namespace_dashboards }} - {{- end }} - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: "1" - {{- else }} - grafana_dashboard: "1" - {{- end }} -data: - namespace-utilization.json: |- -{{ .Files.Get "namespace-utilization.json" | indent 8 }} -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/charts/kubecost/cost-analyzer/1.70.0/templates/grafana-dashboard-node-utilization-template.yaml b/charts/kubecost/cost-analyzer/1.70.0/templates/grafana-dashboard-node-utilization-template.yaml deleted file mode 100644 index 586a3dfca..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/templates/grafana-dashboard-node-utilization-template.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if .Values.grafana -}} -{{- if .Values.grafana.sidecar -}} -{{- if .Values.grafana.sidecar.dashboards -}} -{{- if .Values.grafana.sidecar.dashboards.enabled -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: node-utilization-dashboard - {{- if $.Values.grafana.namespace_dashboards }} - namespace: {{ $.Values.grafana.namespace_dashboards }} - {{- end }} - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: "1" - {{- else }} - grafana_dashboard: "1" - {{- end }} -data: - node-utilization.json: |- -{{ .Files.Get "node-utilization.json" | indent 8 }} -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/charts/kubecost/cost-analyzer/1.70.0/templates/grafana-dashboard-pod-utilization-template.yaml b/charts/kubecost/cost-analyzer/1.70.0/templates/grafana-dashboard-pod-utilization-template.yaml deleted file mode 100644 index 92017afb8..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/templates/grafana-dashboard-pod-utilization-template.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if .Values.grafana -}} -{{- if .Values.grafana.sidecar -}} -{{- if .Values.grafana.sidecar.dashboards -}} -{{- if .Values.grafana.sidecar.dashboards.enabled -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: pod-utilization-dashboard - {{- if $.Values.grafana.namespace_dashboards }} - namespace: {{ $.Values.grafana.namespace_dashboards }} - {{- end }} - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: "1" - {{- else }} - grafana_dashboard: "1" - {{- end }} -data: - pod-utilization.json: |- -{{ .Files.Get "pod-utilization.json" | indent 8 }} -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/charts/kubecost/cost-analyzer/1.70.0/templates/grafana-dashboard-prometheus-metrics-template.yaml b/charts/kubecost/cost-analyzer/1.70.0/templates/grafana-dashboard-prometheus-metrics-template.yaml deleted file mode 100644 index 32e1fc707..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/templates/grafana-dashboard-prometheus-metrics-template.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if .Values.grafana -}} -{{- if .Values.grafana.sidecar -}} -{{- if .Values.grafana.sidecar.dashboards -}} -{{- if .Values.grafana.sidecar.dashboards.enabled -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: prom-benchmark-dashboard - {{- if $.Values.grafana.namespace_dashboards }} - namespace: {{ $.Values.grafana.namespace_dashboards }} - {{- end }} - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: "1" - {{- else }} - grafana_dashboard: "1" - {{- end }} -data: - pod-utilization.json: |- -{{ .Files.Get "prom-benchmark.json" | indent 8 }} -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/charts/kubecost/cost-analyzer/1.70.0/templates/grafana-datasource-template.yaml b/charts/kubecost/cost-analyzer/1.70.0/templates/grafana-datasource-template.yaml deleted file mode 100644 index e79d2fa35..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/templates/grafana-datasource-template.yaml +++ /dev/null @@ -1,72 +0,0 @@ -{{- if .Values.grafana -}} -{{- if .Values.grafana.sidecar -}} -{{- if .Values.grafana.sidecar.datasources -}} -{{- if .Values.grafana.sidecar.datasources.enabled -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: grafana-datasource - {{- if $.Values.grafana.namespace_datasources }} - namespace: {{ $.Values.grafana.namespace_datasources }} - {{- end }} - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} - {{- if $.Values.grafana.sidecar.datasources.label }} - {{ $.Values.grafana.sidecar.datasources.label }}: "1" - {{- else }} - {{- if .Values.global.grafana.enabled }} - kubecost_grafana_datasource: "1" - {{- else }} - grafana_datasource: "1" - {{- end }} - {{- end }} -data: - {{ default "datasource.yaml" .Values.grafana.sidecar.datasources.dataSourceFilename }}: |- - apiVersion: 1 - datasources: - - access: proxy -{{- if .Values.global.thanos }} -{{- if .Values.global.thanos.enabled }} - name: {{ default "Prometheus" .Values.grafana.sidecar.datasources.dataSourceName }} - isDefault: false -{{- else }} - name: "default-kubecost" -{{- if .Values.grafana.sidecar.datasources.defaultDatasourceEnabled }} - isDefault: true -{{- else }} - isDefault: false -{{- end }} -{{- end }} -{{- else }} - name: "default-kubecost" -{{- if .Values.grafana.sidecar.datasources.defaultDatasourceEnabled }} - isDefault: true -{{- else }} - isDefault: false -{{- end }} -{{- end }} - type: prometheus -{{- if .Values.global.prometheus.enabled }} - url: http://{{ template "cost-analyzer.prometheus.server.name" . }}.{{ .Release.Namespace }} -{{- else }} - url: {{ .Values.global.prometheus.fqdn }} -{{- end }} -{{- if .Values.global.thanos.enabled }} - - access: proxy - name: "default-kubecost" - type: prometheus -{{- if .Values.grafana.sidecar.datasources.defaultDatasourceEnabled }} - isDefault: true -{{- else }} - isDefault: false -{{- end }} -{{- if .Values.global.prometheus.enabled }} - url: http://{{ .Release.Name }}-thanos-query-http.{{ .Release.Namespace }}:{{ .Values.thanos.query.http.port }} -{{ else }} - url: {{ .Values.global.thanos.queryService }} -{{- end }} -{{- end }} -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/charts/kubecost/cost-analyzer/1.70.0/templates/kubecost-cluster-controller-template.yaml b/charts/kubecost/cost-analyzer/1.70.0/templates/kubecost-cluster-controller-template.yaml deleted file mode 100644 index 1a947e696..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/templates/kubecost-cluster-controller-template.yaml +++ /dev/null @@ -1,282 +0,0 @@ -{{- if .Values.clusterController }} -{{- if .Values.clusterController.enabled }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "kubecost.clusterControllerName" . }} - labels: - app: {{ template "kubecost.clusterControllerName" . }} ---- -# -# NOTE: -# The following ClusterRole permissions are only created and assigned for the -# cluster controller feature. They will not be added to any clusters by default. -# -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "kubecost.clusterControllerName" . }} - labels: - app: {{ template "kubecost.clusterControllerName" . }} -rules: - - apiGroups: - - kubecost.k8s.io - resources: - - turndownschedules - - turndownschedules/status - verbs: - - get - - list - - watch - - create - - patch - - update - - delete - - apiGroups: - - "" - - events.k8s.io - resources: - - events - verbs: - - create - - patch - - update - - apiGroups: - - '' - resources: - - deployments - - nodes - - pods - - resourcequotas - - replicationcontrollers - - limitranges - - pods/eviction - verbs: - - get - - list - - watch - - create - - patch - - update - - delete - - apiGroups: - - '' - resources: - - configmaps - - namespaces - - persistentvolumeclaims - - persistentvolumes - - endpoints - - events - - services - verbs: - - get - - list - - watch - - apiGroups: - - extensions - resources: - - daemonsets - - deployments - - replicasets - verbs: - - get - - list - - watch - - create - - patch - - update - - delete - - apiGroups: - - apps - resources: - - statefulsets - - deployments - - daemonsets - - replicasets - verbs: - - get - - list - - watch - - create - - patch - - update - - delete - - apiGroups: - - batch - resources: - - cronjobs - - jobs - verbs: - - get - - list - - watch - - create - - patch - - update - - delete - - apiGroups: - - autoscaling - resources: - - horizontalpodautoscalers - verbs: - - get - - list - - watch - - apiGroups: - - policy - resources: - - poddisruptionbudgets - verbs: - - get - - list - - watch - - apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - get - - list - - watch - - apiGroups: - - events.k8s.io - resources: - - events - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "kubecost.clusterControllerName" . }} - labels: - app: {{ template "kubecost.clusterControllerName" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kubecost.clusterControllerName" . }} -subjects: - - kind: ServiceAccount - name: {{ template "kubecost.clusterControllerName" . }} - namespace: {{ .Release.Namespace }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "kubecost.clusterControllerName" . }} -spec: - strategy: - rollingUpdate: - maxSurge: 1 - maxUnavailable: 1 - type: RollingUpdate - selector: - matchLabels: - app: {{ template "kubecost.clusterControllerName" . }} - template: - metadata: - labels: - app: {{ template "kubecost.clusterControllerName" . }} - spec: - containers: - - name: {{ template "kubecost.clusterControllerName" . }} - image: {{ .Values.clusterController.image }} - imagePullPolicy: {{ .Values.clusterController.imagePullPolicy }} - volumeMounts: - - name: cluster-controller-keys - mountPath: /var/keys - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: TURNDOWN_NAMESPACE - value: {{ .Release.Namespace }} - - name: TURNDOWN_DEPLOYMENT - value: {{ template "kubecost.clusterControllerName" . }} - - name: GOOGLE_APPLICATION_CREDENTIALS - value: /var/keys/service-key.json - ports: - - name: http-server - containerPort: 9731 - hostPort: 9731 - serviceAccount: {{ template "kubecost.clusterControllerName" . }} - serviceAccountName: {{ template "kubecost.clusterControllerName" . }} - volumes: - - name: cluster-controller-keys - secret: - secretName: {{ .Values.clusterController.secretName | default "cluster-controller-service-key" }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ template "kubecost.clusterControllerName" . }}-service -spec: - type: ClusterIP - ports: - - name: http - protocol: TCP - port: 9731 - targetPort: 9731 - selector: - app: {{ template "kubecost.clusterControllerName" . }} ---- -# TurndownSchedule Custom Resource Definition for persistence -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: turndownschedules.kubecost.k8s.io -spec: - group: kubecost.k8s.io - version: v1alpha1 - names: - kind: TurndownSchedule - singular: turndownschedule - plural: turndownschedules - shortNames: - - td - - tds - scope: Cluster - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - type: object - properties: - start: - type: string - format: date-time - end: - type: string - format: date-time - repeat: - type: string - enum: [none, daily, weekly] - additionalPrinterColumns: - - name: State - type: string - description: The state of the turndownschedule - JSONPath: .status.state - - name: Next Turndown - type: string - description: The next turndown date-time - JSONPath: .status.nextScaleDownTime - - name: Next Turn Up - type: string - description: The next turn up date-time - JSONPath: .status.nextScaleUpTime -{{- end }} -{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/templates/kubecost-cluster-manager-configmap-template.yaml b/charts/kubecost/cost-analyzer/1.70.0/templates/kubecost-cluster-manager-configmap-template.yaml deleted file mode 100644 index 907252f93..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/templates/kubecost-cluster-manager-configmap-template.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if .Values.kubecostProductConfigs }} -{{- if .Values.kubecostProductConfigs.clusters }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: kubecost-clusters - labels: - {{- include "cost-analyzer.commonLabels" . | nindent 4 }} -data: - default-clusters.yaml: | -{{- toYaml .Values.kubecostProductConfigs.clusters | nindent 4 }} -{{- end }} -{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/templates/kubecost-priority-class-template.yaml b/charts/kubecost/cost-analyzer/1.70.0/templates/kubecost-priority-class-template.yaml deleted file mode 100644 index a098a766e..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/templates/kubecost-priority-class-template.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if .Values.priority }} -{{- if .Values.priority.enabled }} -apiVersion: {{ include "cost-analyzer.priorityClass.apiVersion" . }} -kind: PriorityClass -metadata: - name: {{ template "cost-analyzer.fullname" . }}-priority -value: {{ .Values.priority.value | default "1000000" }} -globalDefault: false -description: "Priority class for scheduling the cost-analyzer pod" -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/kubecost/cost-analyzer/1.70.0/templates/network-costs-psp.template.yaml b/charts/kubecost/cost-analyzer/1.70.0/templates/network-costs-psp.template.yaml deleted file mode 100644 index c6d1c5385..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/templates/network-costs-psp.template.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if .Values.networkCosts }} -{{- if .Values.networkCosts.enabled }} -{{- if .Values.networkCosts.podSecurityPolicy }} -{{- if .Values.networkCosts.podSecurityPolicy.enabled }} -apiVersion: {{ include "cost-analyzer.podSecurityPolicy.apiVersion" . }} -kind: PodSecurityPolicy -metadata: - name: kubecost-network-costs -spec: - privileged: true - seLinux: - rule: RunAsAny - supplementalGroups: - rule: RunAsAny - runAsUser: - rule: RunAsAny - fsGroup: - rule: RunAsAny - volumes: - - '*' -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/templates/network-costs-role.template.yaml b/charts/kubecost/cost-analyzer/1.70.0/templates/network-costs-role.template.yaml deleted file mode 100644 index 04424a44e..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/templates/network-costs-role.template.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if .Values.networkCosts }} -{{- if .Values.networkCosts.enabled }} -{{- if .Values.networkCosts.podSecurityPolicy }} -{{- if .Values.networkCosts.podSecurityPolicy.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: kubecost-network-costs - annotations: -{{- if .Values.networkCosts.podSecurityPolicy.annotations }} -{{ toYaml .Values.networkCosts.podSecurityPolicy.annotations | indent 4 }} -{{- end }} -rules: -- apiGroups: ['extensions'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - kubecost-network-costs -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/templates/network-costs-rolebinding.template.yaml b/charts/kubecost/cost-analyzer/1.70.0/templates/network-costs-rolebinding.template.yaml deleted file mode 100644 index 84ab0d1c2..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/templates/network-costs-rolebinding.template.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.networkCosts }} -{{- if .Values.networkCosts.enabled }} -{{- if .Values.networkCosts.podSecurityPolicy }} -{{- if .Values.networkCosts.podSecurityPolicy.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: kubecost-network-costs -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: kubecost-network-costs -subjects: -- kind: ServiceAccount - name: {{ template "cost-analyzer.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.0/values-thanos.yaml b/charts/kubecost/cost-analyzer/1.70.0/values-thanos.yaml deleted file mode 100644 index b0bc33889..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/values-thanos.yaml +++ /dev/null @@ -1,117 +0,0 @@ -global: - thanos: - enabled: true - -# For Thanos Installs, Allow Higher Concurrency from Cost-Model -# Still may require tweaking for some installs, but the thanos-query-frontend -# will greatly assist in reduction memory bloat in query. -kubecostModel: - maxQueryConcurrency: 5 - # This configuration is applied to thanos only. Expresses the resolution to - # use for longer query ranges. Options: raw, 5m, 1h - Default: raw - maxSourceResolution: 5m - -prometheus: - server: - extraArgs: - storage.tsdb.min-block-duration: 2h - storage.tsdb.max-block-duration: 2h - storage.tsdb.retention: 2w - extraVolumes: - - name: object-store-volume - secret: - # Ensure this secret name matches thanos.storeSecretName - secretName: kubecost-thanos - enableAdminApi: true - sidecarContainers: - - name: thanos-sidecar - image: thanosio/thanos:v0.15.0 - args: - - sidecar - - --log.level=debug - - --tsdb.path=/data/ - - --prometheus.url=http://127.0.0.1:9090 - - --objstore.config-file=/etc/config/object-store.yaml - # Start of time range limit to serve. Thanos sidecar will serve only metrics, which happened - # later than this value. Option can be a constant time in RFC3339 format or time duration - # relative to current time, such as -1d or 2h45m. Valid duration units are ms, s, m, h, d, w, y. - - --min-time=-3h - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - ports: - - name: sidecar-http - containerPort: 10902 - - name: grpc - containerPort: 10901 - - name: cluster - containerPort: 10900 - volumeMounts: - - name: config-volume - mountPath: /etc/prometheus - - name: storage-volume - mountPath: /data - subPath: "" - - name: object-store-volume - mountPath: /etc/config - -thanos: - store: - enabled: true - grpcSeriesMaxConcurrency: 20 - blockSyncConcurrency: 20 - extraEnv: - - name: GOGC - value: "100" - resources: - requests: - memory: "2.5Gi" - query: - enabled: true - timeout: 3m - # Maximum number of queries processed concurrently by query node. - maxConcurrent: 8 - # Maximum number of select requests made concurrently per a query. - maxConcurrentSelect: 2 - resources: - requests: - memory: "2.5Gi" - autoDownsampling: false - extraEnv: - - name: GOGC - value: "100" - - # Thanos Query Frontend - queryFrontend: - enabled: true - compressResponses: true - # Response Cache Configuration - # Configure either a max size constraint or max items. - responseCache: - enabled: true - # Maximum memory size of the cache in bytes. A unit suffix (KB, MB, GB) may be applied. - maxSize: 1.25GB - # Maximum number of entries in the cache. - maxSizeItems: 0 - # The expiry duration for the cache. - validity: 2m - resources: - requests: - memory: "1.5Gi" - - # Thanos Sidecar Service Discovery - sidecar: - enabled: true - bucket: - enabled: false - compact: - enabled: true - dataVolume: - persistentVolumeClaim: - claimName: compact-data-volume - storage: 100Gi - # This secret name should match the sidecar configured secret name volume - # in the prometheus.server.extraVolumes entry - storeSecretName: kubecost-thanos diff --git a/charts/kubecost/cost-analyzer/1.70.0/values.yaml b/charts/kubecost/cost-analyzer/1.70.0/values.yaml deleted file mode 100644 index 29e3d558f..000000000 --- a/charts/kubecost/cost-analyzer/1.70.0/values.yaml +++ /dev/null @@ -1,561 +0,0 @@ -global: - # zone: cluster.local (use only if your DNS server doesn't live in the same zone as kubecost) - prometheus: - enabled: true # If false, Prometheus will not be installed -- only actively supported on paid Kubecost plans - fqdn: http://cost-analyzer-prometheus-server.default.svc #example fqdn. Ignored if enabled: true - # insecureSkipVerify : false # If true, kubecost will not check the TLS cert of prometheus - # queryServiceBasicAuthSecretName: dbsecret # kubectl create secret generic dbsecret -n kubecost --from-file=USERNAME --from-file=PASSWORD - # queryServiceBearerTokenSecretName: dbsecret # kubectl create secret generic mcdbsecret -n kubecost --from-file=TOKEN - - # Durable storage option, product key required - thanos: - enabled: false - # queryService: http://thanos-query-frontend-http.kubecost:{{ .Values.thanos.queryFrontend.http.port }} # an address of the thanos query-frontend endpoint, if different from installed thanos - # queryServiceBasicAuthSecretName: mcdbsecret # kubectl create secret generic mcdbsecret -n kubecost --from-file=USERNAME --from-file=PASSWORD <---enter basic auth credentials like that - # queryServiceBearerTokenSecretName mcdbsecret # kubectl create secret generic mcdbsecret -n kubecost --from-file=TOKEN - # queryOffset: 3h # The offset to apply to all thanos queries in order to achieve syncronization on all cluster block stores - - grafana: - enabled: true # If false, Grafana will not be installed - domainName: cost-analyzer-grafana.default.svc #example grafana domain Ignored if enabled: true - scheme: "http" # http or https, for the domain name above. - proxy: true # If true, the kubecost frontend will route to your grafana through its service endpoint - - notifications: - # Kubecost alerting configuration - # Ref: http://docs.kubecost.com/alerts - alertConfigs: - enabled: false # the example values below are never read unless enabled is set to true - frontendUrl: http://localhost:9090 # optional, used for linkbacks - slackWebhookUrl: https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX # optional, used for Slack alerts - globalAlertEmails: - - recipient@example.com - - additionalRecipient@example.com - alerts: - # Daily namespace budget alert on namespace `kubecost` - - type: budget # supported: budget, recurringUpdate - threshold: 50 # optional, required for budget alerts - window: daily # or 1d - aggregation: namespace - filter: kubecost - ownerContact: # optional, overrides globalAlertEmails default - - owner@example.com - - owner2@example.com - # Daily cluster budget alert (clusterCosts alert) on cluster `cluster-one` - - type: budget - threshold: 200.8 # optional, required for budget alerts - window: daily # or 1d - aggregation: cluster - filter: cluster-one - # Recurring weekly update (weeklyUpdate alert) - - type: recurringUpdate - window: weekly # or 7d - aggregation: namespace - filter: '*' - # Recurring weekly namespace update on kubecost namespace - - type: recurringUpdate - window: weekly # or 7d - aggregation: namespace - filter: kubecost - ownerContact: # ownerContact(s) should be the same for the same namespace, otherwise the last namespace alert overwrites - - owner@example.com - - owner2@example.com - alertmanager: # Supply an alertmanager FQDN to receive notifications from the app. - enabled: false # If true, allow kubecost to write to your alertmanager - fqdn: http://cost-analyzer-prometheus-server.default.svc #example fqdn. Ignored if prometheus.enabled: true - - podAnnotations: {} - # iam.amazonaws.com/role: role-arn - -pricingCsv: - enabled: false - location: - provider: "AWS" - region: "us-east-1" - URI: s3://kc-csv-test/pricing_schema.csv # a valid file URI - csvAccessCredentials: pricing-schema-access-secret - -saml: # enterprise key required to use - enabled: false - secretName: "kubecost-authzero" - #metadataSecretName: "kubecost-authzero-metadata" # One of metadataSecretName or idpMetadataURL must be set. defaults to metadataURL if set - idpMetadataURL: "https://dev-elu2z98r.auth0.com/samlp/metadata/c6nY4M37rBP0qSO1IYIqBPPyIPxLS8v2" - appRootURL: "http://localhost:9090" # sample URL - # audienceURI: "http://localhost:9090" # by convention, the same as the appRootURL, but any string uniquely identifying kubecost to your samp IDP. Optional if you follow the convention - rbac: - enabled: false - groups: - - name: admin - enabled: false # if admin is disabled, all SAML users will be able to make configuration changes to the kubecost frontend - assertionName: "http://schemas.auth0.com/userType" # a SAML Assertion, one of whose elements has a value that matches on of the values in assertionValues - assertionValues: - - "admin" - - "superusers" - - name: readonly - enabled: false # if readonly is disabled, all users authorized on SAML will default to readonly - assertionName: "http://schemas.auth0.com/userType" - assertionvalues: - - "readonly" - -# imagePullSecrets: -# - name: "image-pull-secret" - -kubecostChecks: - enabled: true - image: "quay.io/kubecost1/checks" - resources: - requests: - cpu: "20m" - memory: "100Mi" - limits: - cpu: "100m" - memory: "200Mi" - -kubecostFrontend: - image: "gcr.io/kubecost1/frontend" - imagePullPolicy: Always - resources: - requests: - cpu: "10m" - memory: "55Mi" - #limits: - # cpu: "100m" - # memory: "256Mi" - -kubecost: - image: "gcr.io/kubecost1/server" - resources: - requests: - cpu: "100m" - memory: "55Mi" - #limits: - # cpu: "100m" - # memory: "256Mi" - -kubecostModel: - image: "gcr.io/kubecost1/cost-model" - imagePullPolicy: Always - warmCache: true - warmSavingsCache: true - etl: true - # The total number of days the ETL storage will build - etlStoreDurationDays: 120 - maxQueryConcurrency: 5 - # utcOffset represents a timezone in hours and minutes east (+) or west (-) - # of UTC, itself, which is defined as +00:00. - # See the tz database of timezones to look up your local UTC offset: - # https://en.wikipedia.org/wiki/List_of_tz_database_time_zones - utcOffset: "+00:00" - resources: - requests: - cpu: "200m" - memory: "55Mi" - #limits: - # cpu: "800m" - # memory: "256Mi" - -ingress: - enabled: false - annotations: - kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - paths: ["/"] # There's no need to route specifically to the pods-- we have an nginx deployed that handles routing - hosts: - - cost-analyzer.local - tls: [] - # - secretName: cost-analyzer-tls - # hosts: - # - cost-analyzer.local - -nodeSelector: {} - -tolerations: [] -# - key: "key" -# operator: "Equal|Exists" -# value: "value" -# effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" - -affinity: {} - -# If true, creates a PriorityClass to be used by the cost-analyzer pod -priority: - enabled: false - # value: 1000000 - -# If true, enable creation of NetworkPolicy resources. -networkPolicy: - enabled: false - -podSecurityPolicy: - enabled: false - -# Define persistence volume for cost-analyzer -persistentVolume: - size: 0.2Gi - dbSize: 32.0Gi - enabled: true # Note that setting this to false means configurations will be wiped out on pod restart. - # storageClass: "-" # - # existingClaim: kubecost-cost-analyzer # a claim in the same namespace as kubecost - -service: - type: ClusterIP - port: 9090 - targetPort: 9090 - # nodePort: - labels: {} - annotations: {} - -# enabling long-term durable storage with Postgres requires an enterprise license -remoteWrite: - postgres: - enabled: false - initImage: "gcr.io/kubecost1/sql-init" - initImagePullPolicy: Always - installLocal: true - remotePostgresAddress: "" # ignored if installing locally - persistentVolume: - size: 200Gi - auth: - password: admin # change me - -prometheus: - extraScrapeConfigs: | - - job_name: kubecost - honor_labels: true - scrape_interval: 1m - scrape_timeout: 10s - metrics_path: /metrics - scheme: http - dns_sd_configs: - - names: - - {{ template "cost-analyzer.serviceName" . }} - type: 'A' - port: 9003 - - job_name: kubecost-networking - kubernetes_sd_configs: - - role: pod - relabel_configs: - # Scrape only the the targets matching the following metadata - - source_labels: [__meta_kubernetes_pod_label_app] - action: keep - regex: {{ template "cost-analyzer.networkCostsName" . }} - server: - # If clusterIDConfigmap is defined, instead use user-generated configmap with key CLUSTER_ID - # to use as unique cluster ID in kubecost cost-analyzer deployment. - # This overrides the cluster_id set in prometheus.server.global.external_labels. - # NOTE: This does not affect the external_labels set in prometheus config. - # clusterIDConfigmap: cluster-id-configmap - - resources: {} - # limits: - # cpu: 500m - # memory: 512Mi - # requests: - # cpu: 500m - # memory: 512Mi - global: - scrape_interval: 1m - scrape_timeout: 10s - evaluation_interval: 1m - external_labels: - cluster_id: cluster-one # Each cluster should have a unique ID - persistentVolume: - size: 32Gi - enabled: true - extraArgs: - query.max-concurrency: 1 - query.max-samples: 100000000 - tolerations: [] - # - key: "key" - # operator: "Equal|Exists" - # value: "value" - # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" - alertmanager: - # enabled: false - persistentVolume: - enabled: true - nodeExporter: - enabled: true - pushgateway: - enabled: false - persistentVolume: - enabled: true - serverFiles: - # prometheus.yml: # Sample block -- enable if using an in cluster durable store. - # remote_write: - # - url: "http://pgprometheus-adapter:9201/write" - # write_relabel_configs: - # - source_labels: [__name__] - # regex: 'container_.*_allocation|container_.*_allocation_bytes|.*_hourly_cost|kube_pod_container_resource_requests_memory_bytes|container_memory_working_set_bytes|kube_pod_container_resource_requests_cpu_cores|kube_pod_container_resource_requests|pod_pvc_allocation|kube_namespace_labels|kube_pod_labels' - # action: keep - # queue_config: - # max_samples_per_send: 1000 - #remote_read: - # - url: "http://pgprometheus-adapter:9201/read" - rules: - groups: - - name: CPU - rules: - - expr: sum(rate(container_cpu_usage_seconds_total{container_name!=""}[5m])) - record: cluster:cpu_usage:rate5m - - expr: rate(container_cpu_usage_seconds_total{container_name!=""}[5m]) - record: cluster:cpu_usage_nosum:rate5m - - expr: avg(irate(container_cpu_usage_seconds_total{container_name!="POD", container_name!=""}[5m])) by (container_name,pod_name,namespace) - record: kubecost_container_cpu_usage_irate - - expr: sum(container_memory_working_set_bytes{container_name!="POD",container_name!=""}) by (container_name,pod_name,namespace) - record: kubecost_container_memory_working_set_bytes - - expr: sum(container_memory_working_set_bytes{container_name!="POD",container_name!=""}) - record: kubecost_cluster_memory_working_set_bytes - - name: Savings - rules: - - expr: sum(avg(kube_pod_owner{owner_kind!="DaemonSet"}) by (pod) * sum(container_cpu_allocation) by (pod)) - record: kubecost_savings_cpu_allocation - labels: - daemonset: "false" - - expr: sum(avg(kube_pod_owner{owner_kind="DaemonSet"}) by (pod) * sum(container_cpu_allocation) by (pod)) / sum(kube_node_info) - record: kubecost_savings_cpu_allocation - labels: - daemonset: "true" - - expr: sum(avg(kube_pod_owner{owner_kind!="DaemonSet"}) by (pod) * sum(container_memory_allocation_bytes) by (pod)) - record: kubecost_savings_memory_allocation_bytes - labels: - daemonset: "false" - - expr: sum(avg(kube_pod_owner{owner_kind="DaemonSet"}) by (pod) * sum(container_memory_allocation_bytes) by (pod)) / sum(kube_node_info) - record: kubecost_savings_memory_allocation_bytes - labels: - daemonset: "true" - - expr: label_replace(sum(kube_pod_status_phase{phase="Running",namespace!="kube-system"} > 0) by (pod, namespace), "pod_name", "$1", "pod", "(.+)") - record: kubecost_savings_running_pods - - expr: sum(rate(container_cpu_usage_seconds_total{container_name!="",container_name!="POD",instance!=""}[5m])) by (namespace, pod_name, container_name, instance) - record: kubecost_savings_container_cpu_usage_seconds - - expr: sum(container_memory_working_set_bytes{container_name!="",container_name!="POD",instance!=""}) by (namespace, pod_name, container_name, instance) - record: kubecost_savings_container_memory_usage_bytes - - expr: avg(sum(kube_pod_container_resource_requests_cpu_cores{namespace!="kube-system"}) by (pod, namespace, instance)) by (pod, namespace) - record: kubecost_savings_pod_requests_cpu_cores - - expr: avg(sum(kube_pod_container_resource_requests_memory_bytes{namespace!="kube-system"}) by (pod, namespace, instance)) by (pod, namespace) - record: kubecost_savings_pod_requests_memory_bytes - -networkCosts: - enabled: false - podSecurityPolicy: - enabled: false - image: gcr.io/kubecost1/kubecost-network-costs:v13.7 - imagePullPolicy: Always - # Traffic Logging will enable logging the top 5 destinations for each source - # every 30 minutes. - trafficLogging: true - # Port will set both the containerPort and hostPort to this value. - # These must be identical due to network-costs being run on hostNetwork - port: 3001 - resources: {} - #requests: - # cpu: "50m" - # memory: "20Mi" - config: - # Configuration for traffic destinations, including specific classification - # for IPs and CIDR blocks. This configuration will act as an override to the - # automatic classification provided by network-costs. - destinations: - # In Zone contains a list of address/range that will be - # classified as in zone. - in-zone: - # Loopback - - "127.0.0.1" - # IPv4 Link Local Address Space - - "169.254.0.0/16" - # Private Address Ranges in RFC-1918 - - "10.0.0.0/8" - - "172.16.0.0/12" - - "192.168.0.0/16" - - # In Region contains a list of address/range that will be - # classified as in region. This is synonymous with cross - # zone traffic, where the regions between source and destinations - # are the same, but the zone is different. - in-region: [] - - # Cross Region contains a list of address/range that will be - # classified as non-internet egress from one region to another. - cross-region: [] - - # Direct Classification specifically maps an ip address or range - # to a region (required) and/or zone (optional). This classification - # takes priority over in-zone, in-region, and cross-region configurations. - direct-classification: [] - # - region: "us-east1" - # zone: "us-east1-c" - # ips: - # - "10.0.0.0/24" - - ## Node tolerations for server scheduling to nodes with taints - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - ## - tolerations: [] - # - key: "key" - # operator: "Equal|Exists" - # value: "value" - # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" - - ## PriorityClassName - ## Ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass - priorityClassName: [] - ## PodMonitor - ## Allows scraping of network metrics from a dedicated prometheus operator setup - podMonitor: - enabled: false - additionalLabels: {} - -# Kubecost Deployment Configuration -# Used for HA mode in Business & Enterprise tier -kubecostDeployment: - replicas: 1 - -# Kubecost Cluster Controller for Right Sizing and Cluster Turndown -clusterController: - enabled: false - image: gcr.io/kubecost1/cluster-controller:v0.0.2 - imagePullPolicy: Always - -reporting: - # Kubecost bug report feature: Logs access/collection limited to .Release.Namespace - # Ref: http://docs.kubecost.com/bug-report - logCollection: true - productAnalytics: true - errorReporting: true - valuesReporting: true - -serviceMonitor: - enabled: false - additionalLabels: {} - -prometheusRule: - enabled: false - additionalLabels: {} - -supportNFS: true -initChownDataImage: "busybox" # Supports a fully qualified Docker image eg: registry.hub.docker.com/library/busybox:latest. -initChownData: - resources: {} - #requests: - # cpu: "50m" - # memory: "20Mi" - - -grafana: - # namespace_datasources: kubecost # override the default namespace here - # namespace_dashboards: kubecost # override the default namespace here - sidecar: - dashboards: - enabled: true - # label that the configmaps with dashboards are marked with - label: grafana_dashboard - datasources: - # dataSourceFilename: foo.yml # If you need to change the name of the datasource file - enabled: true - defaultDatasourceEnabled: false - dataSourceName: default-kubecost - # label that the configmaps with datasources are marked with - label: kubecost_grafana_datasource -# For grafana to be accessible, add the path to root_url. For example, if you run kubecost at www.foo.com:9090/kubecost -# set root_url to "%(protocol)s://%(domain)s:%(http_port)s/kubecost/grafana". No change is necessary here if kubecost runs at a root URL - grafana.ini: - server: - root_url: "%(protocol)s://%(domain)s:%(http_port)s/grafana" -serviceAccount: - create: true # Set this to false if you're bringing your own service account. - annotations: {} - # name: kc-test - -# These configs can also be set from the Settings page in the Kubecost product UI -# Values in this block override config changes in the Settings UI on pod restart -# -# kubecostProductConfigs: -# An optional list of cluster definitions that can be added for frontend access. The local -# cluster is *always* included by default, so this list is for non-local clusters. -# Ref: https://github.com/kubecost/docs/blob/master/multi-cluster.md -# clusters: -# - name: "Cluster A" -# address: http://cluster-a.kubecost.com:9090 -# # Optional authentication credentials - only basic auth is currently supported. -# auth: -# type: basic -# # Secret name should be a secret formatted based on: https://github.com/kubecost/docs/blob/master/ingress-examples.md -# secretName: cluster-a-auth -# # Or pass auth directly as base64 encoded user:pass -# data: YWRtaW46YWRtaW4= -# # Or user and pass directly -# user: admin -# pass: admin -# - name: "Cluster B" -# address: http://cluster-b.kubecost.com:9090 -# defaultModelPricing: # default monthly resource prices, used predominately for on-prem clusters -# CPU: 28.0 -# spotCPU: 4.86 -# RAM: 3.09 -# spotRAM: 0.65 -# GPU: 693.50 -# spotGPU: 225.0 -# storage: 0.04 -# zoneNetworkEgress: 0.01 -# regionNetworkEgress: 0.01 -# internetNetworkEgress: 0.12 -# enabled: true -# # The cluster profile represents a predefined set of parameters to use when calculating savings. -# # Possible values are: [ development, production, high-availability ] -# clusterProfile: production -# customPricesEnabled: false # This makes the default view custom prices-- generally used for on-premises clusters -# spotLabel: lifecycle -# spotLabelValue: Ec2Spot -# gpuLabel: gpu -# gpuLabelValue: true -# awsServiceKeyName: ACCESSKEYID -# awsServiceKeyPassword: fakepassword # Only use if your values.yaml are stored encrypted. Otherwise provide an existing secret via serviceKeySecretName -# awsSpotDataRegion: us-east-1 -# awsSpotDataBucket: spot-data-feed-s3-bucket -# awsSpotDataPrefix: dev -# athenaProjectID: "530337586277" # The AWS AccountID where the Athena CUR is. Generally your masterpayer account -# athenaBucketName: "s3://aws-athena-query-results-530337586277-us-east-1" -# athenaRegion: us-east-1 -# athenaDatabase: athenacurcfn_athena_test1 -# athenaTable: "athena_test1" -# masterPayerARN: "" -# projectID: "123456789" # Also known as AccountID on AWS -- the current account/project that this instance of Kubecost is deployed on. -# gcpSecretName: gcp-secret # Name of a secret representing the gcp service key -# bigQueryBillingDataDataset: billing_data.gcp_billing_export_v1_01AC9F_74CF1D_5565A2 -# labelMappingConfigs: # names of k8s labels used to designate different allocation concepts -# enabled: true -# owner_label: "owner" -# team_label: "team" -# department_label: "dept" -# product_label: "product" -# environment_label: "env" -# namespace_external_label: "kubernetes_namespace" # external labels are used to map external cloud costs to kubernetes concepts -# cluster_external_label: "kubernetes_cluster" -# controller_external_label: "kubernetes_controller" -# product_external_label: "kubernetes_label_app" -# service_external_label: "kubernetes_service" -# deployment_external_label: "kubernetes_deployment" -# team_external_label: "kubernetes_label_team" -# environment_external_label: "kubernetes_label_env" -# department_external_label: "kubernetes_label_department" -# statefulset_external_label: "kubernetes_statefulset" -# daemonset_external_label: "kubernetes_daemonset" -# pod_external_label: "kubernetes_pod" -# grafanaURL: "" -# clusterName: "" # used for display in Kubecost UI -# currencyCode: "USD" # offical support for USD, CAD, EUR, and CHF -# azureBillingRegion: US # Represents 2-letter region code, e.g. West Europe = NL, Canada = CA. ref: https://en.wikipedia.org/wiki/List_of_ISO_3166_country_codes -# azureSubscriptionID: 0bd50fdf-c923-4e1e-850c-196dd3dcc5d3 -# azureClientID: f2ef6f7d-71fb-47c8-b766-8d63a19db017 -# azureTenantID: 72faf3ff-7a3f-4597-b0d9-7b0b201bb23a -# azureClientPassword: fake key # Only use if your values.yaml are stored encrypted. Otherwise provide an existing secret via serviceKeySecretName -# discount: "" # percentage discount applied to compute -# negotiatedDiscount: "" # custom negotiated cloud provider discount -# defaultIdle: false -# serviceKeySecretName: "" # Use an existing AWS or Azure secret with format as in aws-service-key-secret.yaml or azure-service-key-secret.yaml. Leave blank if using createServiceKeySecret -# createServiceKeySecret: true # Creates a secret representing your cloud service key based on data in values.yaml. If you are storing unencrypted values, add a secret manually -# sharedNamespaces: "" # namespaces with shared workloads, example value: "kube-system\,ingress-nginx\,kubecost\,monitoring" -# productKey: # apply business or enterprise product license -# key: "" -# enabled: false -# secretname: productkeysecret # create a secret out of a file named productkey.json of format { "key": "kc-b1325234" } diff --git a/charts/kubecost/cost-analyzer/1.70.000/Chart.yaml b/charts/kubecost/cost-analyzer/1.70.000/Chart.yaml deleted file mode 100755 index 6b33309a1..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/Chart.yaml +++ /dev/null @@ -1,10 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: kubecost -apiVersion: v1 -appVersion: 1.70.0 -description: A Helm chart that sets up Kubecost, Prometheus, and Grafana to monitor - cloud costs. -icon: https://kubecost.com/images/logo-white.png -name: cost-analyzer -version: 1.70.000 diff --git a/charts/kubecost/cost-analyzer/1.70.000/app-readme.md b/charts/kubecost/cost-analyzer/1.70.000/app-readme.md deleted file mode 100755 index dfb1e5854..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/app-readme.md +++ /dev/null @@ -1,23 +0,0 @@ -# Kubecost -[Kubecost](https://kubecost.com/) is an open-source Kubernetes cost monitoring solution. - -Kubecost gives teams visibility into current and historical Kubernetes spend and resource allocation. These models provide cost transparency in Kubernetes environments that support multiple applications, teams, departments, etc. - -To see more on the functionality of the full Kubecost product, please visit the [features page](https://kubecost.com/#features) on our website. - -Here is a summary of features enabled by this cost model: - -- Real-time cost allocation by Kubernetes service, deployment, namespace, label, statefulset, daemonset, pod, and container -- Dynamic asset pricing enabled by integrations with AWS, Azure, and GCP billing APIs -- Supports on-prem k8s clusters with custom pricing sheets -- Allocation for in-cluster resources like CPU, GPU, memory, and persistent volumes. -- Allocation for AWS & GCP out-of-cluster resources like RDS instances and S3 buckets with key (optional) -- Easily export pricing data to Prometheus with /metrics endpoint ([learn more](PROMETHEUS.md)) -- Free and open source distribution (Apache2 license) - -## Requirements -- Kubernetes 1.8+ -- kube-state-metrics -- Grafana -- Prometheus -- Node Exporter diff --git a/charts/kubecost/cost-analyzer/1.70.000/attached-disks.json b/charts/kubecost/cost-analyzer/1.70.000/attached-disks.json deleted file mode 100755 index 0ae9d4411..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/attached-disks.json +++ /dev/null @@ -1,425 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "id": 10, - "iteration": 1589748792557, - "links": [], - "panels": [ - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "fill": 1, - "gridPos": { - "h": 9, - "w": 12, - "x": 0, - "y": 0 - }, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(container_fs_limit_bytes{instance=~'$disk', device!=\"tmpfs\", id=\"/\"}) by (instance)", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Disk Size", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "fill": 1, - "gridPos": { - "h": 9, - "w": 12, - "x": 12, - "y": 0 - }, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(container_fs_usage_bytes{instance=~'$disk',id=\"/\"}) by (instance) / sum(container_fs_limit_bytes{instance=~'$disk',device!=\"tmpfs\", id=\"/\"}) by (instance)", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Disk Utilization", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "percentunit", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "fill": 1, - "gridPos": { - "h": 9, - "w": 12, - "x": 0, - "y": 9 - }, - "id": 5, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "1 - sum(container_fs_inodes_free{instance=~'$disk',id=\"/\"}) by (instance) / sum(container_fs_inodes_total{instance=~'$disk',id=\"/\"}) by (instance)", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "iNode Utilization", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "percentunit", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "fill": 1, - "gridPos": { - "h": 9, - "w": 12, - "x": 12, - "y": 9 - }, - "id": 3, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(container_fs_usage_bytes{instance=~'$disk',id=\"/\"}) by (instance)", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Disk Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "schemaVersion": 16, - "style": "dark", - "tags": [ - "cost", - "utilization", - "metrics" - ], - "templating": { - "list": [ - { - "allValue": null, - "current": { - "text": "All", - "value": "$__all" - }, - "datasource": "default-kubecost", - "hide": 0, - "includeAll": true, - "label": null, - "multi": false, - "name": "disk", - "options": [], - "query": "query_result(sum(container_fs_limit_bytes{device!=\"tmpfs\", id=\"/\"}) by (instance))", - "refresh": 1, - "regex": "/instance=\\\"(.*?)(\\\")/", - "skipUrlSync": false, - "sort": 0, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-7d", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Attached disk metrics", - "uid": "nBH7qBgMk", - "version": 2 -} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/Chart.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/Chart.yaml deleted file mode 100755 index eb46b5995..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/Chart.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -appVersion: 6.0.0 -description: The leading tool for querying and visualizing time series and metrics. -home: https://grafana.net -icon: https://raw.githubusercontent.com/grafana/grafana/master/public/img/logo_transparent_400x.png -kubeVersion: ^1.8.0-0 -maintainers: -- email: zanhsieh@gmail.com - name: zanhsieh -- email: rluckie@cisco.com - name: rtluckie -name: grafana -sources: -- https://github.com/grafana/grafana -version: 1.17.2 diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/README.md b/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/README.md deleted file mode 100755 index 03c70b520..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/README.md +++ /dev/null @@ -1,162 +0,0 @@ -# Grafana Helm Chart - -* Installs the web dashboarding system [Grafana](http://grafana.org/) - -## TL;DR; - -```console -$ helm install stable/grafana -``` - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```console -$ helm install --name my-release stable/grafana -``` - -## Uninstalling the Chart - -To uninstall/delete the my-release deployment: - -```console -$ helm delete my-release -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - - -## Configuration - -| Parameter | Description | Default | -|---------------------------------|-----------------------------------------------|---------------------------------------------------------| -| `replicas` | Number of nodes | `1` | -| `deploymentStrategy` | Deployment strategy | `RollingUpdate` | -| `livenessProbe` | Liveness Probe settings | `{ "httpGet": { "path": "/api/health", "port": 3000 } "initialDelaySeconds": 60, "timeoutSeconds": 30, "failureThreshold": 10 }` | -| `readinessProbe` | Rediness Probe settings | `{ "httpGet": { "path": "/api/health", "port": 3000 } }`| -| `securityContext` | Deployment securityContext | `{"runAsUser": 472, "fsGroup": 472}` | -| `image.repository` | Image repository | `grafana/grafana` | -| `image.tag` | Image tag. (`Must be >= 5.0.0`) | `5.3.1` | -| `image.pullPolicy` | Image pull policy | `IfNotPresent` | -| `service.type` | Kubernetes service type | `ClusterIP` | -| `service.port` | Kubernetes port where service is exposed | `80` | -| `service.annotations` | Service annotations | `{}` | -| `service.labels` | Custom labels | `{}` | -| `ingress.enabled` | Enables Ingress | `false` | -| `ingress.annotations` | Ingress annotations | `{}` | -| `ingress.labels` | Custom labels | `{}` | -| `ingress.hosts` | Ingress accepted hostnames | `[]` | -| `ingress.tls` | Ingress TLS configuration | `[]` | -| `resources` | CPU/Memory resource requests/limits | `{}` | -| `nodeSelector` | Node labels for pod assignment | `{}` | -| `tolerations` | Toleration labels for pod assignment | `[]` | -| `affinity` | Affinity settings for pod assignment | `{}` | -| `persistence.enabled` | Use persistent volume to store data | `false` | -| `persistence.size` | Size of persistent volume claim | `10Gi` | -| `persistence.existingClaim` | Use an existing PVC to persist data | `nil` | -| `persistence.storageClassName` | Type of persistent volume claim | `nil` | -| `persistence.accessModes` | Persistence access modes | `[]` | -| `persistence.subPath` | Mount a sub dir of the persistent volume | `""` | -| `schedulerName` | Alternate scheduler name | `nil` | -| `env` | Extra environment variables passed to pods | `{}` | -| `envFromSecret` | Name of a Kubenretes secret (must be manually created in the same namespace) containing values to be added to the environment | `""` | -| `extraSecretMounts` | Additional grafana server secret mounts | `[]` | -| `plugins` | Plugins to be loaded along with Grafana | `[]` | -| `datasources` | Configure grafana datasources | `{}` | -| `dashboardProviders` | Configure grafana dashboard providers | `{}` | -| `dashboards` | Dashboards to import | `{}` | -| `dashboardsConfigMaps` | ConfigMaps reference that contains dashboards | `{}` | -| `grafana.ini` | Grafana's primary configuration | `{}` | -| `ldap.existingSecret` | The name of an existing secret containing the `ldap.toml` file, this must have the key `ldap-toml`. | `""` | -| `ldap.config ` | Grafana's LDAP configuration | `""` | -| `annotations` | Deployment annotations | `{}` | -| `podAnnotations` | Pod annotations | `{}` | -| `sidecar.dashboards.enabled` | Enabled the cluster wide search for dashboards and adds/updates/deletes them in grafana | `false` | -| `sidecar.dashboards.label` | Label that config maps with dashboards should have to be added | `false` | -| `sidecar.datasources.enabled` | Enabled the cluster wide search for datasources and adds/updates/deletes them in grafana |`false` | -| `sidecar.datasources.label` | Label that config maps with datasources should have to be added | `false` | -| `smtp.existingSecret` | The name of an existing secret containing the SMTP credentials, this must have the keys `user` and `password`. | `""` | - -## Sidecar for dashboards - -If the parameter `sidecar.dashboards.enabled` is set, a sidecar container is deployed in the grafana pod. This container watches all config maps in the cluster and filters out the ones with a label as defined in `sidecar.dashboards.label`. The files defined in those configmaps are written to a folder and accessed by grafana. Changes to the configmaps are monitored and the imported dashboards are deleted/updated. A recommendation is to use one configmap per dashboard, as an reduction of multiple dashboards inside one configmap is currently not properly mirrored in grafana. -Example dashboard config: -``` -apiVersion: v1 -kind: ConfigMap -metadata: - name: sample-grafana-dashboard - labels: - grafana_dashboard: 1 -data: - k8s-dashboard.json: |- - [...] -``` - -## Sidecar for datasources - -If the parameter `sidecar.datasource.enabled` is set, a sidecar container is deployed in the grafana pod. This container watches all config maps in the cluster and filters out the ones with a label as defined in `sidecar.datasources.label`. The files defined in those configmaps are written to a folder and accessed by grafana on startup. Using these yaml files, the data sources in grafana can be modified. - -Example datasource config adapted from [Grafana](http://docs.grafana.org/administration/provisioning/#example-datasource-config-file): -``` -apiVersion: v1 -kind: ConfigMap -metadata: - name: sample-grafana-datasource - labels: - grafana_datasource: 1 -data: - datasource.yaml: |- - # config file version - apiVersion: 1 - - # list of datasources that should be deleted from the database - deleteDatasources: - - name: Graphite - orgId: 1 - - # list of datasources to insert/update depending - # whats available in the database - datasources: - # name of the datasource. Required - - name: Graphite - # datasource type. Required - type: graphite - # access mode. proxy or direct (Server or Browser in the UI). Required - access: proxy - # org id. will default to orgId 1 if not specified - orgId: 1 - # url - url: http://localhost:8080 - # database password, if used - password: - # database user, if used - user: - # database name, if used - database: - # enable/disable basic auth - basicAuth: - # basic auth username - basicAuthUser: - # basic auth password - basicAuthPassword: - # enable/disable with credentials headers - withCredentials: - # mark as default datasource. Max one per org - isDefault: - # fields that will be converted to json and stored in json_data - jsonData: - graphiteVersion: "1.1" - tlsAuth: true - tlsAuthWithCACert: true - # json object of data that will be encrypted. - secureJsonData: - tlsCACert: "..." - tlsClientCert: "..." - tlsClientKey: "..." - version: 1 - # allow users to edit datasources from the UI. - editable: false - -``` diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/NOTES.txt b/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/NOTES.txt deleted file mode 100755 index 57e84cd69..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/NOTES.txt +++ /dev/null @@ -1,37 +0,0 @@ -1. Get your '{{ .Values.adminUser }}' user password by running: - - kubectl get secret --namespace {{ .Release.Namespace }} {{ template "grafana.fullname" . }} -o jsonpath="{.data.admin-password}" | base64 --decode ; echo - -2. The Grafana server can be accessed via port {{ .Values.service.port }} on the following DNS name from within your cluster: - - {{ template "grafana.fullname" . }}.{{ .Release.Namespace }}.svc -{{ if .Values.ingress.enabled }} - From outside the cluster, the server URL(s) are: -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{ else }} - Get the Grafana URL to visit by running these commands in the same shell: -{{ if contains "NodePort" .Values.service.type -}} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "grafana.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{ else if contains "LoadBalancer" .Values.service.type -}} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "grafana.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "grafana.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - http://$SERVICE_IP:{{ .Values.service.port -}} -{{ else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "grafana.fullname" . }},component={{ .Values.name }}" -o jsonpath="{.items[0].metadata.name}") - kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 3000 -{{- end }} -{{- end }} - -3. Login with the password from step 1 and the username: {{ .Values.adminUser }} - -{{- if not .Values.persistence.enabled }} -################################################################################# -###### WARNING: Persistence is disabled!!! You will lose your data when ##### -###### the Grafana pod is terminated. ##### -################################################################################# -{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/_helpers.tpl b/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/_helpers.tpl deleted file mode 100755 index 3a3ebd3ec..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/_helpers.tpl +++ /dev/null @@ -1,43 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "grafana.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "grafana.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "grafana.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create the name of the service account -*/}} -{{- define "grafana.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "grafana.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/clusterrole.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/clusterrole.yaml deleted file mode 100755 index d49193651..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/clusterrole.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{ if .Values.global.grafana.enabled }} -{{- if .Values.rbac.create }} -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -{{- with .Values.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} - name: {{ template "grafana.fullname" . }}-clusterrole -{{- if or .Values.sidecar.dashboards.enabled .Values.sidecar.datasources.enabled }} -rules: -- apiGroups: [""] # "" indicates the core API group - resources: ["configmaps"] - verbs: ["get", "watch", "list"] -{{- else }} -rules: [] -{{- end}} -{{- end}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/clusterrolebinding.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/clusterrolebinding.yaml deleted file mode 100755 index 99dada9f4..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{ if .Values.global.grafana.enabled }} -{{- if .Values.rbac.create }} -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ template "grafana.fullname" . }}-clusterrolebinding - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -{{- with .Values.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} -subjects: - - kind: ServiceAccount - name: {{ template "grafana.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: {{ template "grafana.fullname" . }}-clusterrole - apiGroup: rbac.authorization.k8s.io -{{- end}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/configmap-dashboard-provider.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/configmap-dashboard-provider.yaml deleted file mode 100755 index 1765e9aff..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/configmap-dashboard-provider.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{ if .Values.global.grafana.enabled }} -{{- if .Values.sidecar.dashboards.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -{{- with .Values.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} - name: {{ template "grafana.fullname" . }}-config-dashboards -data: - provider.yaml: |- - apiVersion: 1 - providers: - - name: 'default' - orgId: 1 - folder: '' - type: file - disableDeletion: false - options: - path: {{ .Values.sidecar.dashboards.folder }} -{{- end}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/configmap.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/configmap.yaml deleted file mode 100755 index d283d04c0..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/configmap.yaml +++ /dev/null @@ -1,76 +0,0 @@ -{{ if .Values.global.grafana.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "grafana.fullname" . }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -data: -{{- if .Values.plugins }} - plugins: {{ join "," .Values.plugins }} -{{- end }} - grafana.ini: | -{{- range $key, $value := index .Values "grafana.ini" }} - [{{ $key }}] - {{- range $elem, $elemVal := $value }} - {{ $elem }} = {{ $elemVal }} - {{- end }} -{{- end }} - -{{- if .Values.datasources }} - {{- range $key, $value := .Values.datasources }} - {{ $key }}: | -{{ toYaml $value | trim | indent 4 }} - {{- end -}} -{{- end -}} -{{- if .Values.global.prometheus.enabled }} - - access: proxy - isDefault: true - name: Prometheus - type: prometheus - url: http://{{ template "cost-analyzer.prometheus.server.name" . }}.{{ .Release.Namespace }}.svc -{{ else }} - - access: proxy - isDefault: true - name: Prometheus - type: prometheus - url: {{ .Values.global.prometheus.fqdn }} -{{- end -}} - -{{- if .Values.dashboardProviders }} - {{- range $key, $value := .Values.dashboardProviders }} - {{ $key }}: | -{{ toYaml $value | indent 4 }} - {{- end -}} -{{- end -}} - -{{- if .Values.dashboards }} - download_dashboards.sh: | - #!/usr/bin/env sh - set -euf - {{- if .Values.dashboardProviders }} - {{- range $key, $value := .Values.dashboardProviders }} - {{- range $value.providers }} - mkdir -p {{ .options.path }} - {{- end }} - {{- end }} - {{- end }} - - {{- range $provider, $dashboards := .Values.dashboards }} - {{- range $key, $value := $dashboards }} - {{- if (or (hasKey $value "gnetId") (hasKey $value "url")) }} - curl -sk \ - --connect-timeout 60 \ - --max-time 60 \ - -H "Accept: application/json" \ - -H "Content-Type: application/json;charset=UTF-8" \ - {{- if $value.url -}}{{ $value.url }}{{- else -}} https://grafana.com/api/dashboards/{{ $value.gnetId }}/revisions/{{- if $value.revision -}}{{ $value.revision }}{{- else -}}1{{- end -}}/download{{- end -}}{{ if $value.datasource }}| sed 's|\"datasource\":[^,]*|\"datasource\": \"{{ $value.datasource }}\"|g'{{ end }} \ - > /var/lib/grafana/dashboards/{{ $provider }}/{{ $key }}.json - {{- end }} - {{- end }} - {{- end }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/dashboards-json-configmap.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/dashboards-json-configmap.yaml deleted file mode 100755 index c1ab8c4ba..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/dashboards-json-configmap.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{ if .Values.global.grafana.enabled }} -{{- if .Values.dashboards }} - {{- range $provider, $dashboards := .Values.dashboards }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "grafana.fullname" $ }}-dashboards-{{ $provider }} - labels: - app: {{ template "grafana.name" $ }} - chart: {{ template "grafana.chart" $ }} - release: {{ $.Release.Name }} - heritage: {{ $.Release.Service }} - dashboard-provider: {{ $provider }} -data: - {{- range $key, $value := $dashboards }} - {{- if hasKey $value "json" }} - {{ $key }}.json: | -{{ $value.json | indent 4 }} - {{- end }} - {{- end }} - {{- end }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/deployment.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/deployment.yaml deleted file mode 100755 index ea8e814f3..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/deployment.yaml +++ /dev/null @@ -1,272 +0,0 @@ -{{ if .Values.global.grafana.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "grafana.fullname" . }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -{{- with .Values.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} -spec: - replicas: {{ .Values.replicas }} - selector: - matchLabels: - app: {{ template "grafana.name" . }} - release: {{ .Release.Name }} - strategy: - type: {{ .Values.deploymentStrategy }} - {{- if ne .Values.deploymentStrategy "RollingUpdate" }} - rollingUpdate: null - {{- end }} - template: - metadata: - labels: - app: {{ template "grafana.name" . }} - release: {{ .Release.Name }} -{{- with .Values.podAnnotations }} - annotations: -{{ toYaml . | indent 8 }} -{{- end }} - spec: - serviceAccountName: {{ template "grafana.serviceAccountName" . }} -{{- if .Values.schedulerName }} - schedulerName: "{{ .Values.schedulerName }}" -{{- end }} -{{- if .Values.securityContext }} - securityContext: -{{ toYaml .Values.securityContext | indent 8 }} -{{- end }} -{{- if .Values.dashboards }} - initContainers: - - name: download-dashboards - image: "{{ .Values.downloadDashboardsImage.repository }}:{{ .Values.downloadDashboardsImage.tag }}" - imagePullPolicy: {{ .Values.downloadDashboardsImage.pullPolicy }} - command: ["sh", "/etc/grafana/download_dashboards.sh"] - volumeMounts: - - name: config - mountPath: "/etc/grafana/download_dashboards.sh" - subPath: download_dashboards.sh - - name: storage - mountPath: "/var/lib/grafana" - subPath: {{ .Values.persistence.subPath }} - {{- range .Values.extraSecretMounts }} - - name: {{ .name }} - mountPath: {{ .mountPath }} - readOnly: {{ .readOnly }} - {{- end }} -{{- end }} - {{- if .Values.image.pullSecrets }} - imagePullSecrets: - {{- range .Values.image.pullSecrets }} - - name: {{ . }} - {{- end}} - {{- end }} - containers: -{{- if .Values.sidecar.dashboards.enabled }} - - name: {{ template "grafana.name" . }}-sc-dashboard - image: "{{ .Values.sidecar.image }}" - imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }} - env: - - name: LABEL - value: "{{ .Values.sidecar.dashboards.label }}" - - name: FOLDER - value: "{{ .Values.sidecar.dashboards.folder }}" - resources: -{{ toYaml .Values.sidecar.resources | indent 12 }} - volumeMounts: - - name: sc-dashboard-volume - mountPath: {{ .Values.sidecar.dashboards.folder | quote }} -{{- end}} -{{- if .Values.sidecar.datasources.enabled }} - - name: {{ template "grafana.name" . }}-sc-datasources - image: "{{ .Values.sidecar.image }}" - imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }} - env: - - name: LABEL - value: "{{ .Values.sidecar.datasources.label }}" - - name: FOLDER - value: "/etc/grafana/provisioning/datasources" - resources: -{{ toYaml .Values.sidecar.resources | indent 12 }} - volumeMounts: - - name: sc-datasources-volume - mountPath: "/etc/grafana/provisioning/datasources" -{{- end}} - - name: {{ .Chart.Name }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - volumeMounts: - - name: config - mountPath: "/etc/grafana/grafana.ini" - subPath: grafana.ini - - name: ldap - mountPath: "/etc/grafana/ldap.toml" - subPath: ldap.toml -{{- if .Values.dashboards }} - {{- range $provider, $dashboards := .Values.dashboards }} - {{- range $key, $value := $dashboards }} - {{- if hasKey $value "json" }} - - name: dashboards-{{ $provider }} - mountPath: "/var/lib/grafana/dashboards/{{ $provider }}/{{ $key }}.json" - subPath: "{{ $key }}.json" - {{- end }} - {{- end }} - {{- end }} -{{- end -}} -{{- if .Values.dashboardsConfigMaps }} - {{- range keys .Values.dashboardsConfigMaps }} - - name: dashboards-{{ . }} - mountPath: "/var/lib/grafana/dashboards/{{ . }}" - {{- end }} -{{- end }} -{{- if .Values.datasources }} - - name: config - mountPath: "/etc/grafana/provisioning/datasources/datasources.yaml" - subPath: datasources.yaml -{{- end }} -{{- if .Values.dashboardProviders }} - - name: config - mountPath: "/etc/grafana/provisioning/dashboards/dashboardproviders.yaml" - subPath: dashboardproviders.yaml -{{- end }} -{{- if .Values.sidecar.dashboards.enabled }} - - name: sc-dashboard-volume - mountPath: {{ .Values.sidecar.dashboards.folder | quote }} - - name: sc-dashboard-provider - mountPath: "/etc/grafana/provisioning/dashboards/sc-dashboardproviders.yaml" - subPath: provider.yaml -{{- end}} -{{- if .Values.sidecar.datasources.enabled }} - - name: sc-datasources-volume - mountPath: "/etc/grafana/provisioning/datasources" -{{- end}} - - name: storage - mountPath: "/var/lib/grafana" - subPath: {{ .Values.persistence.subPath }} - {{- range .Values.extraSecretMounts }} - - name: {{ .name }} - mountPath: {{ .mountPath }} - readOnly: {{ .readOnly }} - {{- end }} - ports: - - name: service - containerPort: {{ .Values.service.port }} - protocol: TCP - - name: grafana - containerPort: 3000 - protocol: TCP - env: - - name: GF_SECURITY_ADMIN_USER - valueFrom: - secretKeyRef: - name: {{ template "grafana.fullname" . }} - key: admin-user - - name: GF_SECURITY_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "grafana.fullname" . }} - key: admin-password - {{- if .Values.plugins }} - - name: GF_INSTALL_PLUGINS - valueFrom: - configMapKeyRef: - name: {{ template "grafana.fullname" . }} - key: plugins - {{- end }} - {{- if .Values.smtp.existingSecret }} - - name: GF_SMTP_USER - valueFrom: - secretKeyRef: - name: {{ .Values.smtp.existingSecret }} - key: user - - name: GF_SMTP_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Values.smtp.existingSecret }} - key: password - {{- end }} -{{- range $key, $value := .Values.env }} - - name: "{{ $key }}" - value: "{{ $value }}" -{{- end }} - {{- if .Values.envFromSecret }} - envFrom: - - secretRef: - name: {{ .Values.envFromSecret }} - {{- end }} - livenessProbe: -{{ toYaml .Values.livenessProbe | indent 12 }} - readinessProbe: -{{ toYaml .Values.readinessProbe | indent 12 }} - resources: -{{ toYaml .Values.resources | indent 12 }} - {{- with .Values.nodeSelector }} - nodeSelector: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: -{{ toYaml . | indent 8 }} - {{- end }} - volumes: - - name: config - configMap: - name: {{ template "grafana.fullname" . }} - {{- if .Values.dashboards }} - {{- range keys .Values.dashboards }} - - name: dashboards-{{ . }} - configMap: - name: {{ template "grafana.fullname" $ }}-dashboards-{{ . }} - {{- end }} - {{- end }} - {{- if .Values.dashboardsConfigMaps }} - {{- range $provider, $name := .Values.dashboardsConfigMaps }} - - name: dashboards-{{ $provider }} - configMap: - name: {{ $name }} - {{- end }} - {{- end }} - - name: ldap - secret: - {{- if .Values.ldap.existingSecret }} - secretName: {{ .Values.ldap.existingSecret }} - {{- else }} - secretName: {{ template "grafana.fullname" . }} - {{- end }} - items: - - key: ldap-toml - path: ldap.toml - - name: storage - {{- if .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ .Values.persistence.existingClaim | default (include "grafana.fullname" .) }} - {{- else }} - emptyDir: {} - {{- end -}} - {{- if .Values.sidecar.dashboards.enabled }} - - name: sc-dashboard-volume - emptyDir: {} - - name: sc-dashboard-provider - configMap: - name: {{ template "grafana.fullname" . }}-config-dashboards - {{- end }} - {{- if .Values.sidecar.datasources.enabled }} - - name: sc-datasources-volume - emptyDir: {} - {{- end -}} - {{- range .Values.extraSecretMounts }} - - name: {{ .name }} - secret: - secretName: {{ .secretName }} - defaultMode: {{ .defaultMode }} - {{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/ingress.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/ingress.yaml deleted file mode 100755 index 556f0fab0..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/ingress.yaml +++ /dev/null @@ -1,44 +0,0 @@ -{{ if .Values.global.grafana.enabled }} -{{- if .Values.ingress.enabled -}} -{{- $fullName := include "grafana.fullname" . -}} -{{- $servicePort := .Values.service.port -}} -{{- $ingressPath := .Values.ingress.path -}} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: {{ $fullName }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -{{- if .Values.ingress.labels }} -{{ toYaml .Values.ingress.labels | indent 4 }} -{{- end }} -{{- with .Values.ingress.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} -spec: -{{- if .Values.ingress.tls }} - tls: - {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} -{{- end }} - rules: - {{- range .Values.ingress.hosts }} - - host: {{ . }} - http: - paths: - - path: {{ $ingressPath }} - backend: - serviceName: {{ $fullName }} - servicePort: {{ $servicePort }} - {{- end }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/podsecuritypolicy.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/podsecuritypolicy.yaml deleted file mode 100755 index e2b47f42b..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/podsecuritypolicy.yaml +++ /dev/null @@ -1,42 +0,0 @@ -{{ if .Values.global.grafana.enabled }} -{{- if .Values.rbac.pspEnabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "grafana.fullname" . }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default' - apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default' - seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' - apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' -spec: - privileged: false - allowPrivilegeEscalation: false - requiredDropCapabilities: - - ALL - volumes: - - 'configMap' - - 'emptyDir' - - 'projected' - - 'secret' - - 'downwardAPI' - - 'persistentVolumeClaim' - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'RunAsAny' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'RunAsAny' - fsGroup: - rule: 'RunAsAny' - readOnlyRootFilesystem: false -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/pvc.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/pvc.yaml deleted file mode 100755 index e13c78378..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/pvc.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{ if .Values.global.grafana.enabled }} -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: {{ template "grafana.fullname" . }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - {{- with .Values.persistence.annotations }} - annotations: -{{ toYaml . | indent 4 }} - {{- end }} -spec: - accessModes: - {{- range .Values.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - storageClassName: {{ .Values.persistence.storageClassName }} -{{- end -}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/role.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/role.yaml deleted file mode 100755 index 6c9195769..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/role.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{ if .Values.global.grafana.enabled }} -{{- if .Values.rbac.create }} -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: Role -metadata: - name: {{ template "grafana.fullname" . }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -{{- if .Values.rbac.pspEnabled }} -rules: -- apiGroups: ['extensions'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: [{{ template "grafana.fullname" . }}] -{{- end }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/rolebinding.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/rolebinding.yaml deleted file mode 100755 index e777ddabc..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/rolebinding.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{ if .Values.global.grafana.enabled }} -{{- if .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: RoleBinding -metadata: - name: {{ template "grafana.fullname" . }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "grafana.fullname" . }} -subjects: -- kind: ServiceAccount - name: {{ template "grafana.serviceAccountName" . }} -{{- end -}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/secret.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/secret.yaml deleted file mode 100755 index cd16c2fc7..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/secret.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{ if .Values.global.grafana.enabled }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "grafana.fullname" . }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -type: Opaque -data: - admin-user: {{ .Values.adminUser | b64enc | quote }} - {{- if .Values.adminPassword }} - admin-password: {{ .Values.adminPassword | b64enc | quote }} - {{- else }} - admin-password: {{ randAlphaNum 40 | b64enc | quote }} - {{- end }} - {{- if not .Values.ldap.existingSecret }} - ldap-toml: {{ .Values.ldap.config | b64enc | quote }} - {{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/service.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/service.yaml deleted file mode 100755 index 307d0abf1..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/service.yaml +++ /dev/null @@ -1,51 +0,0 @@ -{{ if .Values.global.grafana.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "grafana.fullname" . }} - labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -{{- if .Values.service.labels }} -{{ toYaml .Values.service.labels | indent 4 }} -{{- end }} -{{- with .Values.service.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} -spec: -{{- if (or (eq .Values.service.type "ClusterIP") (empty .Values.service.type)) }} - type: ClusterIP - {{- if .Values.service.clusterIP }} - clusterIP: {{ .Values.service.clusterIP }} - {{end}} -{{- else if eq .Values.service.type "LoadBalancer" }} - type: {{ .Values.service.type }} - {{- if .Values.service.loadBalancerIP }} - loadBalancerIP: {{ .Values.service.loadBalancerIP }} - {{- end }} - {{- if .Values.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml .Values.service.loadBalancerSourceRanges | indent 4 }} - {{- end -}} -{{- else }} - type: {{ .Values.service.type }} -{{- end }} -{{- if .Values.service.externalIPs }} - externalIPs: -{{ toYaml .Values.service.externalIPs | indent 4 }} -{{- end }} - ports: - - name: service - port: {{ .Values.service.port }} - protocol: TCP - targetPort: 3000 -{{ if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePort))) }} - nodePort: {{.Values.service.nodePort}} -{{ end }} - selector: - app: {{ template "grafana.name" . }} - release: {{ .Release.Name }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/serviceaccount.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/serviceaccount.yaml deleted file mode 100755 index bbcb5055e..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/serviceaccount.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{ if .Values.global.grafana.enabled }} -{{- if .Values.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app: {{ template "grafana.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - name: {{ template "grafana.serviceAccountName" . }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/values.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/values.yaml deleted file mode 100755 index 504a3e86a..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/values.yaml +++ /dev/null @@ -1,275 +0,0 @@ -rbac: - create: true - pspEnabled: true -serviceAccount: - create: true - name: - -replicas: 1 - -deploymentStrategy: RollingUpdate - -readinessProbe: - httpGet: - path: /api/health - port: 3000 - -livenessProbe: - httpGet: - path: /api/health - port: 3000 - initialDelaySeconds: 60 - timeoutSeconds: 30 - failureThreshold: 10 - -image: - repository: grafana/grafana - tag: 7.1.1 - pullPolicy: IfNotPresent - - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistrKeySecretName - -securityContext: - runAsUser: 472 - fsGroup: 472 - -downloadDashboardsImage: - repository: appropriate/curl - tag: latest - pullPolicy: IfNotPresent - -## Pod Annotations -# podAnnotations: {} - -## Deployment annotations -# annotations: {} - -## Expose the grafana service to be accessed from outside the cluster (LoadBalancer service). -## or access it from within the cluster (ClusterIP service). Set the service type and the port to serve it. -## ref: http://kubernetes.io/docs/user-guide/services/ -## -service: - type: ClusterIP - port: 80 - annotations: {} - labels: {} - -ingress: - enabled: false - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - labels: {} - path: / - hosts: - - chart-example.local - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -resources: {} -# limits: -# cpu: 100m -# memory: 128Mi -# requests: -# cpu: 100m -# memory: 128Mi - -## Node labels for pod assignment -## ref: https://kubernetes.io/docs/user-guide/node-selection/ -# -nodeSelector: {} - -## Tolerations for pod assignment -## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## -tolerations: [] - -## Affinity for pod assignment -## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## -affinity: {} - -## Enable persistence using Persistent Volume Claims -## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ -## -persistence: - enabled: false - # storageClassName: default - # accessModes: - # - ReadWriteOnce - # size: 10Gi - # annotations: {} - # subPath: "" - # existingClaim: - -adminUser: admin -adminPassword: strongpassword - -## Use an alternate scheduler, e.g. "stork". -## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ -## -# schedulerName: - -## Extra environment variables that will be pass onto deployment pods -env: {} - -## The name of a secret in the same kubernetes namespace which contain values to be added to the environment -## This can be useful for auth tokens, etc -envFromSecret: "" - -## Additional grafana server secret mounts -# Defines additional mounts with secrets. Secrets must be manually created in the namespace. -extraSecretMounts: [] - # - name: secret-files - # mountPath: /etc/secrets - # secretName: grafana-secret-files - # readOnly: true - -## Pass the plugins you want installed as a list. -## -plugins: [] - # - digrich-bubblechart-panel - # - grafana-clock-panel - -## Configure grafana datasources -## ref: http://docs.grafana.org/administration/provisioning/#datasources -## -datasources: {} -# datasources.yaml: -# apiVersion: 1 -# datasources: -# - name: Prometheus2 -# type: prometheus -# url: http://prometheus-server.default.svc -# access: proxy -# isDefault: false - -## Configure grafana dashboard providers -## ref: http://docs.grafana.org/administration/provisioning/#dashboards -## -## `path` must be /var/lib/grafana/dashboards/ -## -dashboardProviders: {} -# dashboardproviders.yaml: -# apiVersion: 1 -# providers: -# - name: 'default' -# orgId: 1 -# folder: '' -# type: file -# disableDeletion: false -# editable: true -# options: -# path: /var/lib/grafana/dashboards/default - -## Configure grafana dashboard to import -## NOTE: To use dashboards you must also enable/configure dashboardProviders -## ref: https://grafana.com/dashboards -## -## dashboards per provider, use provider name as key. -## -dashboards: {} -# default: -# prometheus-stats: -# gnetId: 3662 -# revision: 2 -# datasource: Prometheus - -## Reference to external ConfigMap per provider. Use provider name as key and ConfiMap name as value. -## A provider dashboards must be defined either by external ConfigMaps or in values.yaml, not in both. -## ConfigMap data example: -## -## data: -## example-dashboard.json: | -## RAW_JSON -## -dashboardsConfigMaps: {} -# default: "" - -## Grafana's primary configuration -## NOTE: values in map will be converted to ini format -## ref: http://docs.grafana.org/installation/configuration/ -## -grafana.ini: - paths: - data: /var/lib/grafana/data - logs: /var/log/grafana - plugins: /var/lib/grafana/plugins - provisioning: /etc/grafana/provisioning - analytics: - check_for_updates: true - log: - mode: console - grafana_net: - url: https://grafana.net - auth.anonymous: - enabled: true - org_role: Admin - org_name: Main Org. - -## LDAP Authentication can be enabled with the following values on grafana.ini -## NOTE: Grafana will fail to start if the value for ldap.toml is invalid - # auth.ldap: - # enabled: true - # allow_sign_up: true - # config_file: /etc/grafana/ldap.toml - -## Grafana's LDAP configuration -## Templated by the template in _helpers.tpl -## NOTE: To enable the grafana.ini must be configured with auth.ldap.enabled -## ref: http://docs.grafana.org/installation/configuration/#auth-ldap -## ref: http://docs.grafana.org/installation/ldap/#configuration -ldap: - # `existingSecret` is a reference to an existing secret containing the ldap configuration - # for Grafana in a key `ldap-toml`. - existingSecret: "" - # `config` is the content of `ldap.toml` that will be stored in the created secret - config: "" - # config: |- - # verbose_logging = true - - # [[servers]] - # host = "my-ldap-server" - # port = 636 - # use_ssl = true - # start_tls = false - # ssl_skip_verify = false - # bind_dn = "uid=%s,ou=users,dc=myorg,dc=com" - -## Grafana's SMTP configuration -## NOTE: To enable, grafana.ini must be configured with smtp.enabled -## ref: http://docs.grafana.org/installation/configuration/#smtp -smtp: - # `existingSecret` is a reference to an existing secret containing the smtp configuration - # for Grafana in keys `user` and `password`. - existingSecret: "" - -## Sidecars that collect the configmaps with specified label and stores the included files them into the respective folders -## Requires at least Grafana 5 to work and can't be used together with parameters dashboardProviders, datasources and dashboards -sidecar: - image: kiwigrid/k8s-sidecar:0.1.144 - imagePullPolicy: IfNotPresent - resources: -# limits: -# cpu: 100m -# memory: 100Mi -# requests: -# cpu: 50m -# memory: 50Mi - dashboards: - enabled: false - # label that the configmaps with dashboards are marked with - label: grafana_dashboard - # folder in the pod that should hold the collected dashboards - folder: /tmp/dashboards - datasources: - enabled: false - # label that the configmaps with datasources are marked with - label: grafana_datasource diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/.helmignore b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/.helmignore deleted file mode 100755 index 825c00779..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj - -OWNERS diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/Chart.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/Chart.yaml deleted file mode 100755 index dd81a9c69..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/Chart.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -appVersion: 2.17.2 -description: Prometheus is a monitoring system and time series database. -home: https://prometheus.io/ -icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png -maintainers: -- email: gianrubio@gmail.com - name: gianrubio -- email: zanhsieh@gmail.com - name: zanhsieh -name: prometheus -sources: -- https://github.com/prometheus/alertmanager -- https://github.com/prometheus/prometheus -- https://github.com/prometheus/pushgateway -- https://github.com/prometheus/node_exporter -- https://github.com/kubernetes/kube-state-metrics -version: 11.0.2 diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/README.md b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/README.md deleted file mode 100755 index dc32dcd15..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/README.md +++ /dev/null @@ -1,471 +0,0 @@ -# Prometheus - -[Prometheus](https://prometheus.io/), a [Cloud Native Computing Foundation](https://cncf.io/) project, is a systems and service monitoring system. It collects metrics from configured targets at given intervals, evaluates rule expressions, displays the results, and can trigger alerts if some condition is observed to be true. - -## TL;DR; - -```console -$ helm install stable/prometheus -``` - -## Introduction - -This chart bootstraps a [Prometheus](https://prometheus.io/) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -## Prerequisites - -- Kubernetes 1.3+ with Beta APIs enabled - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```console -$ helm install --name my-release stable/prometheus -``` - -The command deploys Prometheus on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `my-release` deployment: - -```console -$ helm delete my-release -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Prometheus 2.x - -Prometheus version 2.x has made changes to alertmanager, storage and recording rules. Check out the migration guide [here](https://prometheus.io/docs/prometheus/2.0/migration/) - -Users of this chart will need to update their alerting rules to the new format before they can upgrade. - -## Upgrading from previous chart versions. - -Version 9.0 adds a new option to enable or disable the Prometheus Server. -This supports the use case of running a Prometheus server in one k8s cluster and scraping exporters in another cluster while using the same chart for each deployment. -To install the server `server.enabled` must be set to `true`. - -As of version 5.0, this chart uses Prometheus 2.x. This version of prometheus introduces a new data format and is not compatible with prometheus 1.x. It is recommended to install this as a new release, as updating existing releases will not work. See the [prometheus docs](https://prometheus.io/docs/prometheus/latest/migration/#storage) for instructions on retaining your old data. - -### Example migration - -Assuming you have an existing release of the prometheus chart, named `prometheus-old`. In order to update to prometheus 2.x while keeping your old data do the following: - -1. Update the `prometheus-old` release. Disable scraping on every component besides the prometheus server, similar to the configuration below: - - ``` - alertmanager: - enabled: false - alertmanagerFiles: - alertmanager.yml: "" - kubeStateMetrics: - enabled: false - nodeExporter: - enabled: false - pushgateway: - enabled: false - server: - extraArgs: - storage.local.retention: 720h - serverFiles: - alerts: "" - prometheus.yml: "" - rules: "" - ``` - -1. Deploy a new release of the chart with version 5.0+ using prometheus 2.x. In the values.yaml set the scrape config as usual, and also add the `prometheus-old` instance as a remote-read target. - - ``` - prometheus.yml: - ... - remote_read: - - url: http://prometheus-old/api/v1/read - ... - ``` - - Old data will be available when you query the new prometheus instance. - -## Scraping Pod Metrics via Annotations - -This chart uses a default configuration that causes prometheus -to scrape a variety of kubernetes resource types, provided they have the correct annotations. -In this section we describe how to configure pods to be scraped; -for information on how other resource types can be scraped you can -do a `helm template` to get the kubernetes resource definitions, -and then reference the prometheus configuration in the ConfigMap against the prometheus documentation -for [relabel_config](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config) -and [kubernetes_sd_config](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#kubernetes_sd_config). - -In order to get prometheus to scrape pods, you must add annotations to the the pods as below: - -``` -metadata: - annotations: - prometheus.io/scrape: "true" - prometheus.io/path: /metrics - prometheus.io/port: "8080" -spec: -... -``` - -You should adjust `prometheus.io/path` based on the URL that your pod serves metrics from. -`prometheus.io/port` should be set to the port that your pod serves metrics from. -Note that the values for `prometheus.io/scrape` and `prometheus.io/port` must be -enclosed in double quotes. - -## Configuration - -The following table lists the configurable parameters of the Prometheus chart and their default values. - -Parameter | Description | Default ---------- | ----------- | ------- -`alertmanager.enabled` | If true, create alertmanager | `true` -`alertmanager.name` | alertmanager container name | `alertmanager` -`alertmanager.image.repository` | alertmanager container image repository | `prom/alertmanager` -`alertmanager.image.tag` | alertmanager container image tag | `v0.20.0` -`alertmanager.image.pullPolicy` | alertmanager container image pull policy | `IfNotPresent` -`alertmanager.prefixURL` | The prefix slug at which the server can be accessed | `` -`alertmanager.baseURL` | The external url at which the server can be accessed | `"http://localhost:9093"` -`alertmanager.extraArgs` | Additional alertmanager container arguments | `{}` -`alertmanager.extraSecretMounts` | Additional alertmanager Secret mounts | `[]` -`alertmanager.configMapOverrideName` | Prometheus alertmanager ConfigMap override where full-name is `{{.Release.Name}}-{{.Values.alertmanager.configMapOverrideName}}` and setting this value will prevent the default alertmanager ConfigMap from being generated | `""` -`alertmanager.configFromSecret` | The name of a secret in the same kubernetes namespace which contains the Alertmanager config, setting this value will prevent the default alertmanager ConfigMap from being generated | `""` -`alertmanager.configFileName` | The configuration file name to be loaded to alertmanager. Must match the key within configuration loaded from ConfigMap/Secret. | `alertmanager.yml` -`alertmanager.ingress.enabled` | If true, alertmanager Ingress will be created | `false` -`alertmanager.ingress.annotations` | alertmanager Ingress annotations | `{}` -`alertmanager.ingress.extraLabels` | alertmanager Ingress additional labels | `{}` -`alertmanager.ingress.hosts` | alertmanager Ingress hostnames | `[]` -`alertmanager.ingress.extraPaths` | Ingress extra paths to prepend to every alertmanager host configuration. Useful when configuring [custom actions with AWS ALB Ingress Controller](https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/ingress/annotation/#actions) | `[]` -`alertmanager.ingress.tls` | alertmanager Ingress TLS configuration (YAML) | `[]` -`alertmanager.nodeSelector` | node labels for alertmanager pod assignment | `{}` -`alertmanager.tolerations` | node taints to tolerate (requires Kubernetes >=1.6) | `[]` -`alertmanager.affinity` | pod affinity | `{}` -`alertmanager.podDisruptionBudget.enabled` | If true, create a PodDisruptionBudget | `false` -`alertmanager.podDisruptionBudget.maxUnavailable` | Maximum unavailable instances in PDB | `1` -`alertmanager.schedulerName` | alertmanager alternate scheduler name | `nil` -`alertmanager.persistentVolume.enabled` | If true, alertmanager will create a Persistent Volume Claim | `true` -`alertmanager.persistentVolume.accessModes` | alertmanager data Persistent Volume access modes | `[ReadWriteOnce]` -`alertmanager.persistentVolume.annotations` | Annotations for alertmanager Persistent Volume Claim | `{}` -`alertmanager.persistentVolume.existingClaim` | alertmanager data Persistent Volume existing claim name | `""` -`alertmanager.persistentVolume.mountPath` | alertmanager data Persistent Volume mount root path | `/data` -`alertmanager.persistentVolume.size` | alertmanager data Persistent Volume size | `2Gi` -`alertmanager.persistentVolume.storageClass` | alertmanager data Persistent Volume Storage Class | `unset` -`alertmanager.persistentVolume.volumeBindingMode` | alertmanager data Persistent Volume Binding Mode | `unset` -`alertmanager.persistentVolume.subPath` | Subdirectory of alertmanager data Persistent Volume to mount | `""` -`alertmanager.podAnnotations` | annotations to be added to alertmanager pods | `{}` -`alertmanager.podLabels` | labels to be added to Prometheus AlertManager pods | `{}` -`alertmanager.podSecurityPolicy.annotations` | Specify pod annotations in the pod security policy | `{}` | -`alertmanager.replicaCount` | desired number of alertmanager pods | `1` -`alertmanager.statefulSet.enabled` | If true, use a statefulset instead of a deployment for pod management | `false` -`alertmanager.statefulSet.podManagementPolicy` | podManagementPolicy of alertmanager pods | `OrderedReady` -`alertmanager.statefulSet.headless.annotations` | annotations for alertmanager headless service | `{}` -`alertmanager.statefulSet.headless.labels` | labels for alertmanager headless service | `{}` -`alertmanager.statefulSet.headless.enableMeshPeer` | If true, enable the mesh peer endpoint for the headless service | `{}` -`alertmanager.statefulSet.headless.servicePort` | alertmanager headless service port | `80` -`alertmanager.priorityClassName` | alertmanager priorityClassName | `nil` -`alertmanager.resources` | alertmanager pod resource requests & limits | `{}` -`alertmanager.securityContext` | Custom [security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for Alert Manager containers | `{}` -`alertmanager.service.annotations` | annotations for alertmanager service | `{}` -`alertmanager.service.clusterIP` | internal alertmanager cluster service IP | `""` -`alertmanager.service.externalIPs` | alertmanager service external IP addresses | `[]` -`alertmanager.service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""` -`alertmanager.service.loadBalancerSourceRanges` | list of IP CIDRs allowed access to load balancer (if supported) | `[]` -`alertmanager.service.servicePort` | alertmanager service port | `80` -`alertmanager.service.sessionAffinity` | Session Affinity for alertmanager service, can be `None` or `ClientIP` | `None` -`alertmanager.service.type` | type of alertmanager service to create | `ClusterIP` -`alertmanager.strategy` | Deployment strategy | `{ "type": "RollingUpdate" }` -`alertmanagerFiles.alertmanager.yml` | Prometheus alertmanager configuration | example configuration -`configmapReload.prometheus.enabled` | If false, the configmap-reload container for Prometheus will not be deployed | `true` -`configmapReload.prometheus.name` | configmap-reload container name | `configmap-reload` -`configmapReload.prometheus.image.repository` | configmap-reload container image repository | `jimmidyson/configmap-reload` -`configmapReload.prometheus.image.tag` | configmap-reload container image tag | `v0.3.0` -`configmapReload.prometheus.image.pullPolicy` | configmap-reload container image pull policy | `IfNotPresent` -`configmapReload.prometheus.extraArgs` | Additional configmap-reload container arguments | `{}` -`configmapReload.prometheus.extraVolumeDirs` | Additional configmap-reload volume directories | `{}` -`configmapReload.prometheus.extraConfigmapMounts` | Additional configmap-reload configMap mounts | `[]` -`configmapReload.prometheus.resources` | configmap-reload pod resource requests & limits | `{}` -`configmapReload.alertmanager.enabled` | If false, the configmap-reload container for AlertManager will not be deployed | `true` -`configmapReload.alertmanager.name` | configmap-reload container name | `configmap-reload` -`configmapReload.alertmanager.image.repository` | configmap-reload container image repository | `jimmidyson/configmap-reload` -`configmapReload.alertmanager.image.tag` | configmap-reload container image tag | `v0.3.0` -`configmapReload.alertmanager.image.pullPolicy` | configmap-reload container image pull policy | `IfNotPresent` -`configmapReload.alertmanager.extraArgs` | Additional configmap-reload container arguments | `{}` -`configmapReload.alertmanager.extraVolumeDirs` | Additional configmap-reload volume directories | `{}` -`configmapReload.alertmanager.extraConfigmapMounts` | Additional configmap-reload configMap mounts | `[]` -`configmapReload.alertmanager.resources` | configmap-reload pod resource requests & limits | `{}` -`initChownData.enabled` | If false, don't reset data ownership at startup | true -`initChownData.name` | init-chown-data container name | `init-chown-data` -`initChownData.image.repository` | init-chown-data container image repository | `busybox` -`initChownData.image.tag` | init-chown-data container image tag | `latest` -`initChownData.image.pullPolicy` | init-chown-data container image pull policy | `IfNotPresent` -`initChownData.resources` | init-chown-data pod resource requests & limits | `{}` -`kubeStateMetrics.enabled` | If true, create kube-state-metrics sub-chart, see the [kube-state-metrics chart for configuration options](https://github.com/helm/charts/tree/master/stable/kube-state-metrics) | `true` -`nodeExporter.enabled` | If true, create node-exporter | `true` -`nodeExporter.name` | node-exporter container name | `node-exporter` -`nodeExporter.image.repository` | node-exporter container image repository| `prom/node-exporter` -`nodeExporter.image.tag` | node-exporter container image tag | `v0.18.1` -`nodeExporter.image.pullPolicy` | node-exporter container image pull policy | `IfNotPresent` -`nodeExporter.extraArgs` | Additional node-exporter container arguments | `{}` -`nodeExporter.extraHostPathMounts` | Additional node-exporter hostPath mounts | `[]` -`nodeExporter.extraConfigmapMounts` | Additional node-exporter configMap mounts | `[]` -`nodeExporter.hostNetwork` | If true, node-exporter pods share the host network namespace | `true` -`nodeExporter.hostPID` | If true, node-exporter pods share the host PID namespace | `true` -`nodeExporter.nodeSelector` | node labels for node-exporter pod assignment | `{}` -`nodeExporter.podAnnotations` | annotations to be added to node-exporter pods | `{}` -`nodeExporter.pod.labels` | labels to be added to node-exporter pods | `{}` -`nodeExporter.podDisruptionBudget.enabled` | If true, create a PodDisruptionBudget | `false` -`nodeExporter.podDisruptionBudget.maxUnavailable` | Maximum unavailable instances in PDB | `1` -`nodeExporter.podSecurityPolicy.annotations` | Specify pod annotations in the pod security policy | `{}` | -`nodeExporter.podSecurityPolicy.enabled` | Specify if a Pod Security Policy for node-exporter must be created | `false` -`nodeExporter.tolerations` | node taints to tolerate (requires Kubernetes >=1.6) | `[]` -`nodeExporter.priorityClassName` | node-exporter priorityClassName | `nil` -`nodeExporter.resources` | node-exporter resource requests and limits (YAML) | `{}` -`nodeExporter.securityContext` | securityContext for containers in pod | `{}` -`nodeExporter.service.annotations` | annotations for node-exporter service | `{prometheus.io/scrape: "true"}` -`nodeExporter.service.clusterIP` | internal node-exporter cluster service IP | `None` -`nodeExporter.service.externalIPs` | node-exporter service external IP addresses | `[]` -`nodeExporter.service.hostPort` | node-exporter service host port | `9100` -`nodeExporter.service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""` -`nodeExporter.service.loadBalancerSourceRanges` | list of IP CIDRs allowed access to load balancer (if supported) | `[]` -`nodeExporter.service.servicePort` | node-exporter service port | `9100` -`nodeExporter.service.type` | type of node-exporter service to create | `ClusterIP` -`podSecurityPolicy.enabled` | If true, create & use pod security policies resources | `false` -`pushgateway.enabled` | If true, create pushgateway | `true` -`pushgateway.name` | pushgateway container name | `pushgateway` -`pushgateway.image.repository` | pushgateway container image repository | `prom/pushgateway` -`pushgateway.image.tag` | pushgateway container image tag | `v1.0.1` -`pushgateway.image.pullPolicy` | pushgateway container image pull policy | `IfNotPresent` -`pushgateway.extraArgs` | Additional pushgateway container arguments | `{}` -`pushgateway.ingress.enabled` | If true, pushgateway Ingress will be created | `false` -`pushgateway.ingress.annotations` | pushgateway Ingress annotations | `{}` -`pushgateway.ingress.hosts` | pushgateway Ingress hostnames | `[]` -`pushgateway.ingress.extraPaths` | Ingress extra paths to prepend to every pushgateway host configuration. Useful when configuring [custom actions with AWS ALB Ingress Controller](https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/ingress/annotation/#actions) | `[]` -`pushgateway.ingress.tls` | pushgateway Ingress TLS configuration (YAML) | `[]` -`pushgateway.nodeSelector` | node labels for pushgateway pod assignment | `{}` -`pushgateway.podAnnotations` | annotations to be added to pushgateway pods | `{}` -`pushgateway.podSecurityPolicy.annotations` | Specify pod annotations in the pod security policy | `{}` | -`pushgateway.tolerations` | node taints to tolerate (requires Kubernetes >=1.6) | `[]` -`pushgateway.replicaCount` | desired number of pushgateway pods | `1` -`pushgateway.podDisruptionBudget.enabled` | If true, create a PodDisruptionBudget | `false` -`pushgateway.podDisruptionBudget.maxUnavailable` | Maximum unavailable instances in PDB | `1` -`pushgateway.schedulerName` | pushgateway alternate scheduler name | `nil` -`pushgateway.persistentVolume.enabled` | If true, Prometheus pushgateway will create a Persistent Volume Claim | `false` -`pushgateway.persistentVolume.accessModes` | Prometheus pushgateway data Persistent Volume access modes | `[ReadWriteOnce]` -`pushgateway.persistentVolume.annotations` | Prometheus pushgateway data Persistent Volume annotations | `{}` -`pushgateway.persistentVolume.existingClaim` | Prometheus pushgateway data Persistent Volume existing claim name | `""` -`pushgateway.persistentVolume.mountPath` | Prometheus pushgateway data Persistent Volume mount root path | `/data` -`pushgateway.persistentVolume.size` | Prometheus pushgateway data Persistent Volume size | `2Gi` -`pushgateway.persistentVolume.storageClass` | Prometheus pushgateway data Persistent Volume Storage Class | `unset` -`pushgateway.persistentVolume.volumeBindingMode` | Prometheus pushgateway data Persistent Volume Binding Mode | `unset` -`pushgateway.persistentVolume.subPath` | Subdirectory of Prometheus server data Persistent Volume to mount | `""` -`pushgateway.priorityClassName` | pushgateway priorityClassName | `nil` -`pushgateway.resources` | pushgateway pod resource requests & limits | `{}` -`pushgateway.service.annotations` | annotations for pushgateway service | `{}` -`pushgateway.service.clusterIP` | internal pushgateway cluster service IP | `""` -`pushgateway.service.externalIPs` | pushgateway service external IP addresses | `[]` -`pushgateway.service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""` -`pushgateway.service.loadBalancerSourceRanges` | list of IP CIDRs allowed access to load balancer (if supported) | `[]` -`pushgateway.service.servicePort` | pushgateway service port | `9091` -`pushgateway.service.type` | type of pushgateway service to create | `ClusterIP` -`pushgateway.strategy` | Deployment strategy | `{ "type": "RollingUpdate" }` -`rbac.create` | If true, create & use RBAC resources | `true` -`server.enabled` | If false, Prometheus server will not be created | `true` -`server.name` | Prometheus server container name | `server` -`server.image.repository` | Prometheus server container image repository | `prom/prometheus` -`server.image.tag` | Prometheus server container image tag | `v2.16.0` -`server.image.pullPolicy` | Prometheus server container image pull policy | `IfNotPresent` -`server.configPath` | Path to a prometheus server config file on the container FS | `/etc/config/prometheus.yml` -`server.global.scrape_interval` | How frequently to scrape targets by default | `1m` -`server.global.scrape_timeout` | How long until a scrape request times out | `10s` -`server.global.evaluation_interval` | How frequently to evaluate rules | `1m` -`server.remoteWrite` | The remote write feature of Prometheus allow transparently sending samples. | `{}` -`server.remoteRead` | The remote read feature of Prometheus allow transparently receiving samples. | `{}` -`server.extraArgs` | Additional Prometheus server container arguments | `{}` -`server.extraFlags` | Additional Prometheus server container flags | `["web.enable-lifecycle"]` -`server.extraInitContainers` | Init containers to launch alongside the server | `[]` -`server.prefixURL` | The prefix slug at which the server can be accessed | `` -`server.baseURL` | The external url at which the server can be accessed | `` -`server.env` | Prometheus server environment variables | `[]` -`server.extraHostPathMounts` | Additional Prometheus server hostPath mounts | `[]` -`server.extraConfigmapMounts` | Additional Prometheus server configMap mounts | `[]` -`server.extraSecretMounts` | Additional Prometheus server Secret mounts | `[]` -`server.extraVolumeMounts` | Additional Prometheus server Volume mounts | `[]` -`server.extraVolumes` | Additional Prometheus server Volumes | `[]` -`server.configMapOverrideName` | Prometheus server ConfigMap override where full-name is `{{.Release.Name}}-{{.Values.server.configMapOverrideName}}` and setting this value will prevent the default server ConfigMap from being generated | `""` -`server.ingress.enabled` | If true, Prometheus server Ingress will be created | `false` -`server.ingress.annotations` | Prometheus server Ingress annotations | `[]` -`server.ingress.extraLabels` | Prometheus server Ingress additional labels | `{}` -`server.ingress.hosts` | Prometheus server Ingress hostnames | `[]` -`server.ingress.extraPaths` | Ingress extra paths to prepend to every Prometheus server host configuration. Useful when configuring [custom actions with AWS ALB Ingress Controller](https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/ingress/annotation/#actions) | `[]` -`server.ingress.tls` | Prometheus server Ingress TLS configuration (YAML) | `[]` -`server.nodeSelector` | node labels for Prometheus server pod assignment | `{}` -`server.tolerations` | node taints to tolerate (requires Kubernetes >=1.6) | `[]` -`server.affinity` | pod affinity | `{}` -`server.podDisruptionBudget.enabled` | If true, create a PodDisruptionBudget | `false` -`server.podDisruptionBudget.maxUnavailable` | Maximum unavailable instances in PDB | `1` -`server.priorityClassName` | Prometheus server priorityClassName | `nil` -`server.schedulerName` | Prometheus server alternate scheduler name | `nil` -`server.persistentVolume.enabled` | If true, Prometheus server will create a Persistent Volume Claim | `true` -`server.persistentVolume.accessModes` | Prometheus server data Persistent Volume access modes | `[ReadWriteOnce]` -`server.persistentVolume.annotations` | Prometheus server data Persistent Volume annotations | `{}` -`server.persistentVolume.existingClaim` | Prometheus server data Persistent Volume existing claim name | `""` -`server.persistentVolume.mountPath` | Prometheus server data Persistent Volume mount root path | `/data` -`server.persistentVolume.size` | Prometheus server data Persistent Volume size | `8Gi` -`server.persistentVolume.storageClass` | Prometheus server data Persistent Volume Storage Class | `unset` -`server.persistentVolume.volumeBindingMode` | Prometheus server data Persistent Volume Binding Mode | `unset` -`server.persistentVolume.subPath` | Subdirectory of Prometheus server data Persistent Volume to mount | `""` -`server.emptyDir.sizeLimit` | emptyDir sizeLimit if a Persistent Volume is not used | `""` -`server.podAnnotations` | annotations to be added to Prometheus server pods | `{}` -`server.podLabels` | labels to be added to Prometheus server pods | `{}` -`server.alertmanagers` | Prometheus AlertManager configuration for the Prometheus server | `{}` -`server.deploymentAnnotations` | annotations to be added to Prometheus server deployment | `{}` -`server.podSecurityPolicy.annotations` | Specify pod annotations in the pod security policy | `{}` | -`server.replicaCount` | desired number of Prometheus server pods | `1` -`server.statefulSet.enabled` | If true, use a statefulset instead of a deployment for pod management | `false` -`server.statefulSet.annotations` | annotations to be added to Prometheus server stateful set | `{}` -`server.statefulSet.labels` | labels to be added to Prometheus server stateful set | `{}` -`server.statefulSet.podManagementPolicy` | podManagementPolicy of server pods | `OrderedReady` -`server.statefulSet.headless.annotations` | annotations for Prometheus server headless service | `{}` -`server.statefulSet.headless.labels` | labels for Prometheus server headless service | `{}` -`server.statefulSet.headless.servicePort` | Prometheus server headless service port | `80` -`server.resources` | Prometheus server resource requests and limits | `{}` -`server.verticalAutoscaler.enabled` | If true a VPA object will be created for the controller (either StatefulSet or Deployemnt, based on above configs) | `false` -`server.securityContext` | Custom [security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for server containers | `{}` -`server.service.annotations` | annotations for Prometheus server service | `{}` -`server.service.clusterIP` | internal Prometheus server cluster service IP | `""` -`server.service.externalIPs` | Prometheus server service external IP addresses | `[]` -`server.service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""` -`server.service.loadBalancerSourceRanges` | list of IP CIDRs allowed access to load balancer (if supported) | `[]` -`server.service.nodePort` | Port to be used as the service NodePort (ignored if `server.service.type` is not `NodePort`) | `0` -`server.service.servicePort` | Prometheus server service port | `80` -`server.service.sessionAffinity` | Session Affinity for server service, can be `None` or `ClientIP` | `None` -`server.service.type` | type of Prometheus server service to create | `ClusterIP` -`server.service.gRPC.enabled` | If true, open a second port on the service for gRPC | `false` -`server.service.gRPC.servicePort` | Prometheus service gRPC port, (ignored if `server.service.gRPC.enabled` is not `true`) | `10901` -`server.service.gRPC.nodePort` | Port to be used as gRPC nodePort in the prometheus service | `0` -`server.service.statefulsetReplica.enabled` | If true, send the traffic from the service to only one replica of the replicaset | `false` -`server.service.statefulsetReplica.replica` | Which replica to send the traffice to | `0` -`server.sidecarContainers` | array of snippets with your sidecar containers for prometheus server | `""` -`server.strategy` | Deployment strategy | `{ "type": "RollingUpdate" }` -`serviceAccounts.alertmanager.create` | If true, create the alertmanager service account | `true` -`serviceAccounts.alertmanager.name` | name of the alertmanager service account to use or create | `{{ prometheus.alertmanager.fullname }}` -`serviceAccounts.kubeStateMetrics.create` | If true, create the kubeStateMetrics service account | `true` -`serviceAccounts.kubeStateMetrics.name` | name of the kubeStateMetrics service account to use or create | `{{ prometheus.kubeStateMetrics.fullname }}` -`serviceAccounts.nodeExporter.create` | If true, create the nodeExporter service account | `true` -`serviceAccounts.nodeExporter.name` | name of the nodeExporter service account to use or create | `{{ prometheus.nodeExporter.fullname }}` -`serviceAccounts.pushgateway.create` | If true, create the pushgateway service account | `true` -`serviceAccounts.pushgateway.name` | name of the pushgateway service account to use or create | `{{ prometheus.pushgateway.fullname }}` -`serviceAccounts.server.create` | If true, create the server service account | `true` -`serviceAccounts.server.name` | name of the server service account to use or create | `{{ prometheus.server.fullname }}` -`server.terminationGracePeriodSeconds` | Prometheus server Pod termination grace period | `300` -`server.retention` | (optional) Prometheus data retention | `"15d"` -`serverFiles.alerts` | (Deprecated) Prometheus server alerts configuration | `{}` -`serverFiles.rules` | (Deprecated) Prometheus server rules configuration | `{}` -`serverFiles.alerting_rules.yml` | Prometheus server alerts configuration | `{}` -`serverFiles.recording_rules.yml` | Prometheus server rules configuration | `{}` -`serverFiles.prometheus.yml` | Prometheus server scrape configuration | example configuration -`extraScrapeConfigs` | Prometheus server additional scrape configuration | "" -`alertRelabelConfigs` | Prometheus server [alert relabeling configs](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs) for H/A prometheus | "" -`networkPolicy.enabled` | Enable NetworkPolicy | `false` | - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```console -$ helm install stable/prometheus --name my-release \ - --set server.terminationGracePeriodSeconds=360 -``` - -Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, - -```console -$ helm install stable/prometheus --name my-release -f values.yaml -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -Note that you have multiple yaml files. This is particularly useful when you have alerts belonging to multiple services in the cluster. For example, - -```yaml -# values.yaml -# ... - -# service1-alert.yaml -serverFiles: - alerts: - service1: - - alert: anAlert - # ... - -# service2-alert.yaml -serverFiles: - alerts: - service2: - - alert: anAlert - # ... -``` - -```console -$ helm install stable/prometheus --name my-release -f values.yaml -f service1-alert.yaml -f service2-alert.yaml -``` - -### RBAC Configuration -Roles and RoleBindings resources will be created automatically for `server` and `kubeStateMetrics` services. - -To manually setup RBAC you need to set the parameter `rbac.create=false` and specify the service account to be used for each service by setting the parameters: `serviceAccounts.{{ component }}.create` to `false` and `serviceAccounts.{{ component }}.name` to the name of a pre-existing service account. - -> **Tip**: You can refer to the default `*-clusterrole.yaml` and `*-clusterrolebinding.yaml` files in [templates](templates/) to customize your own. - -### ConfigMap Files -AlertManager is configured through [alertmanager.yml](https://prometheus.io/docs/alerting/configuration/). This file (and any others listed in `alertmanagerFiles`) will be mounted into the `alertmanager` pod. - -Prometheus is configured through [prometheus.yml](https://prometheus.io/docs/operating/configuration/). This file (and any others listed in `serverFiles`) will be mounted into the `server` pod. - -### Ingress TLS -If your cluster allows automatic creation/retrieval of TLS certificates (e.g. [kube-lego](https://github.com/jetstack/kube-lego)), please refer to the documentation for that mechanism. - -To manually configure TLS, first create/retrieve a key & certificate pair for the address(es) you wish to protect. Then create a TLS secret in the namespace: - -```console -kubectl create secret tls prometheus-server-tls --cert=path/to/tls.cert --key=path/to/tls.key -``` - -Include the secret's name, along with the desired hostnames, in the alertmanager/server Ingress TLS section of your custom `values.yaml` file: - -```yaml -server: - ingress: - ## If true, Prometheus server Ingress will be created - ## - enabled: true - - ## Prometheus server Ingress hostnames - ## Must be provided if Ingress is enabled - ## - hosts: - - prometheus.domain.com - - ## Prometheus server Ingress TLS configuration - ## Secrets must be manually created in the namespace - ## - tls: - - secretName: prometheus-server-tls - hosts: - - prometheus.domain.com -``` - -### NetworkPolicy - -Enabling Network Policy for Prometheus will secure connections to Alert Manager -and Kube State Metrics by only accepting connections from Prometheus Server. -All inbound connections to Prometheus Server are still allowed. - -To enable network policy for Prometheus, install a networking plugin that -implements the Kubernetes NetworkPolicy spec, and set `networkPolicy.enabled` to true. - -If NetworkPolicy is enabled for Prometheus' scrape targets, you may also need -to manually create a networkpolicy which allows it. diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/.helmignore b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/.helmignore deleted file mode 100755 index f0c131944..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/Chart.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/Chart.yaml deleted file mode 100755 index 7752ccb44..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/Chart.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v1 -appVersion: 1.9.5 -description: Install kube-state-metrics to generate and expose cluster-level metrics -home: https://github.com/kubernetes/kube-state-metrics/ -keywords: -- metric -- monitoring -- prometheus -- kubernetes -maintainers: -- email: jose@armesto.net - name: fiunchinho -- email: tariq.ibrahim@mulesoft.com - name: tariq1890 -- email: manuel@rueg.eu - name: mrueg -name: kube-state-metrics -sources: -- https://github.com/kubernetes/kube-state-metrics/ -version: 2.7.2 diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/OWNERS b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/OWNERS deleted file mode 100755 index 6ffd97d74..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -approvers: -- fiunchinho -- tariq1890 -- mrueg -reviewers: -- fiunchinho -- tariq1890 -- mrueg diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/README.md b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/README.md deleted file mode 100755 index 5c6456983..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/README.md +++ /dev/null @@ -1,73 +0,0 @@ -# kube-state-metrics Helm Chart - -* Installs the [kube-state-metrics agent](https://github.com/kubernetes/kube-state-metrics). - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```bash -$ helm install stable/kube-state-metrics -``` - -## Configuration - -| Parameter | Description | Default | -|:---------------------------------------------|:--------------------------------------------------------------------------------------|:-------------------------------------------| -| `image.repository` | The image repository to pull from | quay.io/coreos/kube-state-metrics | -| `image.tag` | The image tag to pull from | `v1.9.5` | -| `image.pullPolicy` | Image pull policy | `IfNotPresent` | -| `replicas` | Number of replicas | `1` | -| `autosharding.enabled` | Set to `true` to automatically shard data across `replicas` pods. EXPERIMENTAL | `false` | -| `service.port` | The port of the container | `8080` | -| `service.annotations` | Annotations to be added to the service | `{}` | -| `customLabels` | Custom labels to apply to service, deployment and pods | `{}` | -| `hostNetwork` | Whether or not to use the host network | `false` | -| `prometheusScrape` | Whether or not enable prom scrape | `true` | -| `rbac.create` | If true, create & use RBAC resources | `true` | -| `serviceAccount.create` | If true, create & use serviceAccount | `true` | -| `serviceAccount.name` | If not set & create is true, use template fullname | | -| `serviceAccount.imagePullSecrets` | Specify image pull secrets field | `[]` | -| `podSecurityPolicy.enabled` | If true, create & use PodSecurityPolicy resources | `false` | -| `podSecurityPolicy.annotations` | Specify pod annotations in the pod security policy | {} | -| `securityContext.enabled` | Enable security context | `true` | -| `securityContext.fsGroup` | Group ID for the container | `65534` | -| `securityContext.runAsUser` | User ID for the container | `65534` | -| `priorityClassName` | Name of Priority Class to assign pods | `nil` | -| `nodeSelector` | Node labels for pod assignment | {} | -| `affinity` | Affinity settings for pod assignment | {} | -| `tolerations` | Tolerations for pod assignment | [] | -| `podAnnotations` | Annotations to be added to the pod | {} | -| `resources` | kube-state-metrics resource requests and limits | {} | -| `collectors.certificatesigningrequests` | Enable the certificatesigningrequests collector. | `true` | -| `collectors.configmaps` | Enable the configmaps collector. | `true` | -| `collectors.cronjobs` | Enable the cronjobs collector. | `true` | -| `collectors.daemonsets` | Enable the daemonsets collector. | `true` | -| `collectors.deployments` | Enable the deployments collector. | `true` | -| `collectors.endpoints` | Enable the endpoints collector. | `true` | -| `collectors.horizontalpodautoscalers` | Enable the horizontalpodautoscalers collector. | `true` | -| `collectors.ingresses` | Enable the ingresses collector. | `true` | -| `collectors.jobs` | Enable the jobs collector. | `true` | -| `collectors.limitranges` | Enable the limitranges collector. | `true` | -| `collectors.mutatingwebhookconfigurations` | Enable the mutatingwebhookconfigurations collector. | `false` | -| `collectors.namespaces` | Enable the namespaces collector. | `true` | -| `collectors.nodes` | Enable the nodes collector. | `true` | -| `collectors.persistentvolumeclaims` | Enable the persistentvolumeclaims collector. | `true` | -| `collectors.persistentvolumes` | Enable the persistentvolumes collector. | `true` | -| `collectors.poddisruptionbudgets` | Enable the poddisruptionbudgets collector. | `true` | -| `collectors.pods` | Enable the pods collector. | `true` | -| `collectors.replicasets` | Enable the replicasets collector. | `true` | -| `collectors.replicationcontrollers` | Enable the replicationcontrollers collector. | `true` | -| `collectors.resourcequotas` | Enable the resourcequotas collector. | `true` | -| `collectors.secrets` | Enable the secrets collector. | `true` | -| `collectors.services` | Enable the services collector. | `true` | -| `collectors.statefulsets` | Enable the statefulsets collector. | `true` | -| `collectors.storageclasses` | Enable the storageclasses collector. | `true` | -| `collectors.validatingwebhookconfigurations` | Enable the validatingwebhookconfigurations collector. | `false` | -| `collectors.verticalpodautoscalers` | Enable the verticalpodautoscalers collector. | `false` | -| `collectors.volumeattachments` | Enable the volumeattachments collector. | `false` | -| `prometheus.monitor.enabled` | Set this to `true` to create ServiceMonitor for Prometheus operator | `false` | -| `prometheus.monitor.additionalLabels` | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus | `{}` | -| `prometheus.monitor.namespace` | Namespace where servicemonitor resource should be created | `the same namespace as kube-state-metrics` | -| `prometheus.monitor.honorLabels` | Honor metric labels | `false` | -| `namespaceOverride` | Override the deployment namespace | `""` (`Release.Namespace`) | diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/NOTES.txt b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/NOTES.txt deleted file mode 100755 index 5a646e0cc..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/NOTES.txt +++ /dev/null @@ -1,10 +0,0 @@ -kube-state-metrics is a simple service that listens to the Kubernetes API server and generates metrics about the state of the objects. -The exposed metrics can be found here: -https://github.com/kubernetes/kube-state-metrics/blob/master/docs/README.md#exposed-metrics - -The metrics are exported on the HTTP endpoint /metrics on the listening port. -In your case, {{ template "kube-state-metrics.fullname" . }}.{{ template "kube-state-metrics.namespace" . }}.svc.cluster.local:{{ .Values.service.port }}/metrics - -They are served either as plaintext or protobuf depending on the Accept header. -They are designed to be consumed either by Prometheus itself or by a scraper that is compatible with scraping a Prometheus client endpoint. - diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/_helpers.tpl b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/_helpers.tpl deleted file mode 100755 index 6ae0e647f..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/_helpers.tpl +++ /dev/null @@ -1,47 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "kube-state-metrics.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "kube-state-metrics.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "kube-state-metrics.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "kube-state-metrics.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Allow the release namespace to be overridden for multi-namespace deployments in combined charts -*/}} -{{- define "kube-state-metrics.namespace" -}} - {{- if .Values.namespaceOverride -}} - {{- .Values.namespaceOverride -}} - {{- else -}} - {{- .Release.Namespace -}} - {{- end -}} -{{- end -}} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/clusterrole.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/clusterrole.yaml deleted file mode 100755 index 319aec16c..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/clusterrole.yaml +++ /dev/null @@ -1,180 +0,0 @@ -{{- if .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - name: {{ template "kube-state-metrics.fullname" . }} -rules: -{{ if .Values.collectors.certificatesigningrequests }} -- apiGroups: ["certificates.k8s.io"] - resources: - - certificatesigningrequests - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.configmaps }} -- apiGroups: [""] - resources: - - configmaps - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.cronjobs }} -- apiGroups: ["batch"] - resources: - - cronjobs - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.daemonsets }} -- apiGroups: ["extensions", "apps"] - resources: - - daemonsets - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.deployments }} -- apiGroups: ["extensions", "apps"] - resources: - - deployments - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.endpoints }} -- apiGroups: [""] - resources: - - endpoints - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.horizontalpodautoscalers }} -- apiGroups: ["autoscaling"] - resources: - - horizontalpodautoscalers - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.ingresses }} -- apiGroups: ["extensions", "networking.k8s.io"] - resources: - - ingresses - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.jobs }} -- apiGroups: ["batch"] - resources: - - jobs - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.limitranges }} -- apiGroups: [""] - resources: - - limitranges - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.mutatingwebhookconfigurations }} -- apiGroups: ["admissionregistration.k8s.io"] - resources: - - mutatingwebhookconfigurations - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.namespaces }} -- apiGroups: [""] - resources: - - namespaces - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.networkpolicies }} -- apiGroups: ["networking.k8s.io"] - resources: - - networkpolicies - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.nodes }} -- apiGroups: [""] - resources: - - nodes - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.persistentvolumeclaims }} -- apiGroups: [""] - resources: - - persistentvolumeclaims - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.persistentvolumes }} -- apiGroups: [""] - resources: - - persistentvolumes - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.poddisruptionbudgets }} -- apiGroups: ["policy"] - resources: - - poddisruptionbudgets - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.pods }} -- apiGroups: [""] - resources: - - pods - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.replicasets }} -- apiGroups: ["extensions", "apps"] - resources: - - replicasets - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.replicationcontrollers }} -- apiGroups: [""] - resources: - - replicationcontrollers - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.resourcequotas }} -- apiGroups: [""] - resources: - - resourcequotas - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.secrets }} -- apiGroups: [""] - resources: - - secrets - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.services }} -- apiGroups: [""] - resources: - - services - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.statefulsets }} -- apiGroups: ["apps"] - resources: - - statefulsets - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.storageclasses }} -- apiGroups: ["storage.k8s.io"] - resources: - - storageclasses - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.validatingwebhookconfigurations }} -- apiGroups: ["admissionregistration.k8s.io"] - resources: - - validatingwebhookconfigurations - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.volumeattachments }} -- apiGroups: ["storage.k8s.io"] - resources: - - volumeattachments - verbs: ["list", "watch"] -{{ end -}} -{{ if .Values.collectors.verticalpodautoscalers }} -- apiGroups: ["autoscaling.k8s.io"] - resources: - - verticalpodautoscalers - verbs: ["list", "watch"] -{{ end -}} -{{- end -}} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/clusterrolebinding.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/clusterrolebinding.yaml deleted file mode 100755 index 4635985aa..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - name: {{ template "kube-state-metrics.fullname" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kube-state-metrics.fullname" . }} -subjects: -- kind: ServiceAccount - name: {{ template "kube-state-metrics.fullname" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} -{{- end -}} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/deployment.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/deployment.yaml deleted file mode 100755 index b6affcc20..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/deployment.yaml +++ /dev/null @@ -1,186 +0,0 @@ -apiVersion: apps/v1 -{{- if .Values.autosharding.enabled }} -kind: StatefulSet -{{- else }} -kind: Deployment -{{- end }} -metadata: - name: {{ template "kube-state-metrics.fullname" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} - labels: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - app.kubernetes.io/instance: "{{ .Release.Name }}" - app.kubernetes.io/managed-by: "{{ .Release.Service }}" -{{- if .Values.customLabels }} -{{ toYaml .Values.customLabels | indent 4 }} -{{- end }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} - replicas: {{ .Values.replicas }} -{{- if .Values.autosharding.enabled }} - serviceName: {{ template "kube-state-metrics.fullname" . }} - volumeClaimTemplates: [] -{{- end }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} - app.kubernetes.io/instance: "{{ .Release.Name }}" -{{- if .Values.customLabels }} -{{ toYaml .Values.customLabels | indent 8 }} -{{- end }} -{{- if .Values.podAnnotations }} - annotations: -{{ toYaml .Values.podAnnotations | indent 8 }} -{{- end }} - spec: - hostNetwork: {{ .Values.hostNetwork }} - serviceAccountName: {{ template "kube-state-metrics.serviceAccountName" . }} - {{- if .Values.securityContext.enabled }} - securityContext: - fsGroup: {{ .Values.securityContext.fsGroup }} - runAsUser: {{ .Values.securityContext.runAsUser }} - {{- end }} - {{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName }} - {{- end }} - containers: - - name: {{ .Chart.Name }} -{{- if .Values.autosharding.enabled }} - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace -{{- end }} - args: -{{ if .Values.collectors.certificatesigningrequests }} - - --collectors=certificatesigningrequests -{{ end }} -{{ if .Values.collectors.configmaps }} - - --collectors=configmaps -{{ end }} -{{ if .Values.collectors.cronjobs }} - - --collectors=cronjobs -{{ end }} -{{ if .Values.collectors.daemonsets }} - - --collectors=daemonsets -{{ end }} -{{ if .Values.collectors.deployments }} - - --collectors=deployments -{{ end }} -{{ if .Values.collectors.endpoints }} - - --collectors=endpoints -{{ end }} -{{ if .Values.collectors.horizontalpodautoscalers }} - - --collectors=horizontalpodautoscalers -{{ end }} -{{ if .Values.collectors.ingresses }} - - --collectors=ingresses -{{ end }} -{{ if .Values.collectors.jobs }} - - --collectors=jobs -{{ end }} -{{ if .Values.collectors.limitranges }} - - --collectors=limitranges -{{ end }} -{{ if .Values.collectors.mutatingwebhookconfigurations }} - - --collectors=mutatingwebhookconfigurations -{{ end }} -{{ if .Values.collectors.namespaces }} - - --collectors=namespaces -{{ end }} -{{ if .Values.collectors.networkpolicies }} - - --collectors=networkpolicies -{{ end }} -{{ if .Values.collectors.nodes }} - - --collectors=nodes -{{ end }} -{{ if .Values.collectors.persistentvolumeclaims }} - - --collectors=persistentvolumeclaims -{{ end }} -{{ if .Values.collectors.persistentvolumes }} - - --collectors=persistentvolumes -{{ end }} -{{ if .Values.collectors.poddisruptionbudgets }} - - --collectors=poddisruptionbudgets -{{ end }} -{{ if .Values.collectors.pods }} - - --collectors=pods -{{ end }} -{{ if .Values.collectors.replicasets }} - - --collectors=replicasets -{{ end }} -{{ if .Values.collectors.replicationcontrollers }} - - --collectors=replicationcontrollers -{{ end }} -{{ if .Values.collectors.resourcequotas }} - - --collectors=resourcequotas -{{ end }} -{{ if .Values.collectors.secrets }} - - --collectors=secrets -{{ end }} -{{ if .Values.collectors.services }} - - --collectors=services -{{ end }} -{{ if .Values.collectors.statefulsets }} - - --collectors=statefulsets -{{ end }} -{{ if .Values.collectors.storageclasses }} - - --collectors=storageclasses -{{ end }} -{{ if .Values.collectors.validatingwebhookconfigurations }} - - --collectors=validatingwebhookconfigurations -{{ end }} -{{ if .Values.collectors.verticalpodautoscalers }} - - --collectors=verticalpodautoscalers -{{ end }} -{{ if .Values.collectors.volumeattachments }} - - --collectors=volumeattachments -{{ end }} -{{ if .Values.namespace }} - - --namespace={{ .Values.namespace }} -{{ end }} -{{ if .Values.autosharding.enabled }} - - --pod=$(POD_NAME) - - --pod-namespace=$(POD_NAMESPACE) -{{ end }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - ports: - - containerPort: 8080 - livenessProbe: - httpGet: - path: /healthz - port: 8080 - initialDelaySeconds: 5 - timeoutSeconds: 5 - readinessProbe: - httpGet: - path: / - port: 8080 - initialDelaySeconds: 5 - timeoutSeconds: 5 -{{- if .Values.resources }} - resources: -{{ toYaml .Values.resources | indent 10 }} -{{- end }} -{{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 8 }} -{{- end }} -{{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 8 }} -{{- end }} -{{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 8 }} -{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/podsecuritypolicy.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/podsecuritypolicy.yaml deleted file mode 100755 index aeff11791..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/podsecuritypolicy.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if .Values.podSecurityPolicy.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "kube-state-metrics.fullname" . }} - labels: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} -{{- if .Values.podSecurityPolicy.annotations }} - annotations: -{{ toYaml .Values.podSecurityPolicy.annotations | indent 4 }} -{{- end }} -spec: - privileged: false - volumes: - - 'secret' - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'MustRunAsNonRoot' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - readOnlyRootFilesystem: false -{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/psp-clusterrole.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/psp-clusterrole.yaml deleted file mode 100755 index dcd65e13e..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/psp-clusterrole.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and .Values.podSecurityPolicy.enabled -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - name: psp-{{ template "kube-state-metrics.fullname" . }} -rules: -- apiGroups: ['extensions'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "kube-state-metrics.fullname" . }} -{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/psp-clusterrolebinding.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/psp-clusterrolebinding.yaml deleted file mode 100755 index a206e640d..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/psp-clusterrolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if and .Values.podSecurityPolicy.enabled -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - name: psp-{{ template "kube-state-metrics.fullname" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: psp-{{ template "kube-state-metrics.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ template "kube-state-metrics.fullname" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} -{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/service.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/service.yaml deleted file mode 100755 index 5dacf5217..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/service.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "kube-state-metrics.fullname" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} - labels: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - app.kubernetes.io/instance: "{{ .Release.Name }}" - app.kubernetes.io/managed-by: "{{ .Release.Service }}" -{{- if .Values.customLabels }} -{{ toYaml .Values.customLabels | indent 4 }} -{{- end }} - annotations: - {{- if .Values.prometheusScrape }} - prometheus.io/scrape: '{{ .Values.prometheusScrape }}' - {{- end }} - {{- if .Values.service.annotations }} - {{- toYaml .Values.service.annotations | nindent 4 }} - {{- end }} -spec: - type: "{{ .Values.service.type }}" - ports: - - name: "http" - protocol: TCP - port: {{ .Values.service.port }} - {{- if .Values.service.nodePort }} - nodePort: {{ .Values.service.nodePort }} - {{- end }} - targetPort: 8080 -{{- if .Values.service.loadBalancerIP }} - loadBalancerIP: "{{ .Values.service.loadBalancerIP }}" -{{- end }} - selector: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/serviceaccount.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/serviceaccount.yaml deleted file mode 100755 index 32bb1640f..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - name: {{ template "kube-state-metrics.fullname" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} -imagePullSecrets: -{{ toYaml .Values.serviceAccount.imagePullSecrets | indent 2 }} -{{- end -}} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/servicemonitor.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/servicemonitor.yaml deleted file mode 100755 index 54cde362d..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/servicemonitor.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if .Values.prometheus.monitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "kube-state-metrics.fullname" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} - labels: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - app.kubernetes.io/instance: "{{ .Release.Name }}" - app.kubernetes.io/managed-by: "{{ .Release.Service }}" - {{- if .Values.prometheus.monitor.additionalLabels }} -{{ toYaml .Values.prometheus.monitor.additionalLabels | indent 4 }} - {{- end }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - endpoints: - - port: http - {{- if .Values.prometheus.monitor.honorLabels }} - honorLabels: true - {{- end }} -{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/stsdiscovery-role.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/stsdiscovery-role.yaml deleted file mode 100755 index bf5396072..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/stsdiscovery-role.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{- if and .Values.autosharding.enabled .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} - labels: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} -rules: -- apiGroups: - - "" - resources: - - pods - verbs: - - get -- apiGroups: - - apps - resourceNames: - - kube-state-metrics - resources: - - statefulsets - verbs: - - get -{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml deleted file mode 100755 index 6a2e5bfe7..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if and .Values.autosharding.enabled .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} - labels: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ template "kube-state-metrics.fullname" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} -{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/values.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/values.yaml deleted file mode 100755 index 888ca544b..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/values.yaml +++ /dev/null @@ -1,126 +0,0 @@ -# Default values for kube-state-metrics. -prometheusScrape: true -image: - repository: quay.io/coreos/kube-state-metrics - tag: v1.9.5 - pullPolicy: IfNotPresent - -# If set to true, this will deploy kube-state-metrics as a StatefulSet and the data -# will be automatically sharded across <.Values.replicas> pods using the built-in -# autodiscovery feature: https://github.com/kubernetes/kube-state-metrics#automated-sharding -# This is an experimental feature and there are no stability guarantees. -autosharding: - enabled: false - -replicas: 1 - -service: - port: 8080 - # Default to clusterIP for backward compatibility - type: ClusterIP - nodePort: 0 - loadBalancerIP: "" - annotations: {} - -customLabels: {} - -hostNetwork: false - -rbac: - # If true, create & use RBAC resources - create: true - -serviceAccount: - # Specifies whether a ServiceAccount should be created, require rbac true - create: true - # The name of the ServiceAccount to use. - # If not set and create is true, a name is generated using the fullname template - name: - # Reference to one or more secrets to be used when pulling images - # ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - imagePullSecrets: [] - -prometheus: - monitor: - enabled: false - additionalLabels: {} - namespace: "" - honorLabels: false - -## Specify if a Pod Security Policy for kube-state-metrics must be created -## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ -## -podSecurityPolicy: - enabled: false - annotations: {} - ## Specify pod annotations - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl - ## - # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' - # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' - # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' - - -securityContext: - enabled: true - runAsUser: 65534 - fsGroup: 65534 - -## Node labels for pod assignment -## Ref: https://kubernetes.io/docs/user-guide/node-selection/ -nodeSelector: {} - -## Affinity settings for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ -affinity: {} - -## Tolerations for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -tolerations: [] - -# Annotations to be added to the pod -podAnnotations: {} - -## Assign a PriorityClassName to pods if set -# priorityClassName: "" - -# Available collectors for kube-state-metrics. By default all available -# collectors are enabled. -collectors: - certificatesigningrequests: true - configmaps: true - cronjobs: true - daemonsets: true - deployments: true - endpoints: true - horizontalpodautoscalers: true - ingresses: true - jobs: true - limitranges: true - mutatingwebhookconfigurations: false - namespaces: true - networkpolicies: false - nodes: true - persistentvolumeclaims: true - persistentvolumes: true - poddisruptionbudgets: true - pods: true - replicasets: true - replicationcontrollers: true - resourcequotas: true - secrets: false - services: true - statefulsets: true - storageclasses: true - validatingwebhookconfigurations: false - verticalpodautoscalers: false - volumeattachments: false - -# Namespace to be enabled for collecting resources. By default all namespaces are collected. -# namespace: "" - -## Override the deployment namespace -## -namespaceOverride: "" diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/requirements.lock b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/requirements.lock deleted file mode 100755 index 4a4bde218..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/requirements.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: kube-state-metrics - repository: https://kubernetes-charts.storage.googleapis.com/ - version: 2.7.2 -digest: sha256:695d0dbc2db8bccf5672145697546891da60ff12fbdb4f1bfc02459f4b755e4c -generated: 2020-03-18T18:57:59.00056179Z diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/requirements.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/requirements.yaml deleted file mode 100755 index 6e079ae7d..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/requirements.yaml +++ /dev/null @@ -1,7 +0,0 @@ -dependencies: - - - name: kube-state-metrics - version: "2.7.*" - repository: https://kubernetes-charts.storage.googleapis.com/ - condition: kubeStateMetrics.enabled - diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/NOTES.txt b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/NOTES.txt deleted file mode 100755 index 0e8868f0b..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/NOTES.txt +++ /dev/null @@ -1,112 +0,0 @@ -{{- if .Values.server.enabled -}} -The Prometheus server can be accessed via port {{ .Values.server.service.servicePort }} on the following DNS name from within your cluster: -{{ template "prometheus.server.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local - -{{ if .Values.server.ingress.enabled -}} -From outside the cluster, the server URL(s) are: -{{- range .Values.server.ingress.hosts }} -http://{{ . }} -{{- end }} -{{- else }} -Get the Prometheus server URL by running these commands in the same shell: -{{- if contains "NodePort" .Values.server.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "prometheus.server.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.server.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "prometheus.server.fullname" . }}' - - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "prometheus.server.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.server.service.servicePort }} -{{- else if contains "ClusterIP" .Values.server.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "prometheus.name" . }},component={{ .Values.server.name }}" -o jsonpath="{.items[0].metadata.name}") - kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 9090 -{{- end }} -{{- end }} - -{{- if .Values.server.persistentVolume.enabled }} -{{- else }} -################################################################################# -###### WARNING: Persistence is disabled!!! You will lose your data when ##### -###### the Server pod is terminated. ##### -################################################################################# -{{- end }} -{{- end }} - -{{ if .Values.alertmanager.enabled }} -The Prometheus alertmanager can be accessed via port {{ .Values.alertmanager.service.servicePort }} on the following DNS name from within your cluster: -{{ template "prometheus.alertmanager.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local - -{{ if .Values.alertmanager.ingress.enabled -}} -From outside the cluster, the alertmanager URL(s) are: -{{- range .Values.alertmanager.ingress.hosts }} -http://{{ . }} -{{- end }} -{{- else }} -Get the Alertmanager URL by running these commands in the same shell: -{{- if contains "NodePort" .Values.alertmanager.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "prometheus.alertmanager.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.alertmanager.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "prometheus.alertmanager.fullname" . }}' - - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "prometheus.alertmanager.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.alertmanager.service.servicePort }} -{{- else if contains "ClusterIP" .Values.alertmanager.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "prometheus.name" . }},component={{ .Values.alertmanager.name }}" -o jsonpath="{.items[0].metadata.name}") - kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 9093 -{{- end }} -{{- end }} - -{{- if .Values.alertmanager.persistentVolume.enabled }} -{{- else }} -################################################################################# -###### WARNING: Persistence is disabled!!! You will lose your data when ##### -###### the AlertManager pod is terminated. ##### -################################################################################# -{{- end }} -{{- end }} - -{{- if .Values.nodeExporter.podSecurityPolicy.enabled }} -{{- else }} -################################################################################# -###### WARNING: Pod Security Policy has been moved to a global property. ##### -###### use .Values.podSecurityPolicy.enabled with pod-based ##### -###### annotations ##### -###### (e.g. .Values.nodeExporter.podSecurityPolicy.annotations) ##### -################################################################################# -{{- end }} - -{{ if .Values.pushgateway.enabled }} -The Prometheus PushGateway can be accessed via port {{ .Values.pushgateway.service.servicePort }} on the following DNS name from within your cluster: -{{ template "prometheus.pushgateway.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local - -{{ if .Values.pushgateway.ingress.enabled -}} -From outside the cluster, the pushgateway URL(s) are: -{{- range .Values.pushgateway.ingress.hosts }} -http://{{ . }} -{{- end }} -{{- else }} -Get the PushGateway URL by running these commands in the same shell: -{{- if contains "NodePort" .Values.pushgateway.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "prometheus.pushgateway.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.pushgateway.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "prometheus.pushgateway.fullname" . }}' - - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "prometheus.pushgateway.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.pushgateway.service.servicePort }} -{{- else if contains "ClusterIP" .Values.pushgateway.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "prometheus.name" . }},component={{ .Values.pushgateway.name }}" -o jsonpath="{.items[0].metadata.name}") - kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 9091 -{{- end }} -{{- end }} -{{- end }} - -For more information on running Prometheus, visit: -https://prometheus.io/ diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/_helpers.tpl b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/_helpers.tpl deleted file mode 100755 index 295aa01c5..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/_helpers.tpl +++ /dev/null @@ -1,276 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "prometheus.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "prometheus.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create unified labels for prometheus components -*/}} -{{- define "prometheus.common.matchLabels" -}} -app: {{ template "prometheus.name" . }} -release: {{ .Release.Name }} -{{- end -}} - -{{- define "prometheus.common.metaLabels" -}} -chart: {{ template "prometheus.chart" . }} -heritage: {{ .Release.Service }} -{{- end -}} - -{{- define "prometheus.alertmanager.labels" -}} -{{ include "prometheus.alertmanager.matchLabels" . }} -{{ include "prometheus.common.metaLabels" . }} -{{- end -}} - -{{- define "prometheus.alertmanager.matchLabels" -}} -component: {{ .Values.alertmanager.name | quote }} -{{ include "prometheus.common.matchLabels" . }} -{{- end -}} - -{{- define "prometheus.kubeStateMetrics.labels" -}} -{{ include "prometheus.kubeStateMetrics.matchLabels" . }} -{{ include "prometheus.common.metaLabels" . }} -{{- end -}} - -{{- define "prometheus.kubeStateMetrics.matchLabels" -}} -component: {{ .Values.kubeStateMetrics.name | quote }} -{{ include "prometheus.common.matchLabels" . }} -{{- end -}} - -{{- define "prometheus.nodeExporter.labels" -}} -{{ include "prometheus.nodeExporter.matchLabels" . }} -{{ include "prometheus.common.metaLabels" . }} -{{- end -}} - -{{- define "prometheus.nodeExporter.matchLabels" -}} -component: {{ .Values.nodeExporter.name | quote }} -{{ include "prometheus.common.matchLabels" . }} -{{- end -}} - -{{- define "prometheus.pushgateway.labels" -}} -{{ include "prometheus.pushgateway.matchLabels" . }} -{{ include "prometheus.common.metaLabels" . }} -{{- end -}} - -{{- define "prometheus.pushgateway.matchLabels" -}} -component: {{ .Values.pushgateway.name | quote }} -{{ include "prometheus.common.matchLabels" . }} -{{- end -}} - -{{- define "prometheus.server.labels" -}} -{{ include "prometheus.server.matchLabels" . }} -{{ include "prometheus.common.metaLabels" . }} -{{- end -}} - -{{- define "prometheus.server.matchLabels" -}} -component: {{ .Values.server.name | quote }} -{{ include "prometheus.common.matchLabels" . }} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "prometheus.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create a fully qualified alertmanager name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} - -{{- define "prometheus.alertmanager.fullname" -}} -{{- if .Values.alertmanager.fullnameOverride -}} -{{- .Values.alertmanager.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- printf "%s-%s" .Release.Name .Values.alertmanager.name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s-%s" .Release.Name $name .Values.alertmanager.name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create a fully qualified kube-state-metrics name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "prometheus.kubeStateMetrics.fullname" -}} -{{- if .Values.kubeStateMetrics.fullnameOverride -}} -{{- .Values.kubeStateMetrics.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- printf "%s-%s" .Release.Name .Values.kubeStateMetrics.name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s-%s" .Release.Name $name .Values.kubeStateMetrics.name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create a fully qualified node-exporter name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "prometheus.nodeExporter.fullname" -}} -{{- if .Values.nodeExporter.fullnameOverride -}} -{{- .Values.nodeExporter.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- printf "%s-%s" .Release.Name .Values.nodeExporter.name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s-%s" .Release.Name $name .Values.nodeExporter.name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create a fully qualified Prometheus server name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "prometheus.server.fullname" -}} -{{- if .Values.server.fullnameOverride -}} -{{- .Values.server.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- printf "%s-%s" .Release.Name .Values.server.name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s-%s" .Release.Name $name .Values.server.name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create a fully qualified pushgateway name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "prometheus.pushgateway.fullname" -}} -{{- if .Values.pushgateway.fullnameOverride -}} -{{- .Values.pushgateway.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- printf "%s-%s" .Release.Name .Values.pushgateway.name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s-%s" .Release.Name $name .Values.pushgateway.name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for deployment. -*/}} -{{- define "prometheus.deployment.apiVersion" -}} -{{- if semverCompare "<1.9-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "extensions/v1beta1" -}} -{{- else if semverCompare "^1.9-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} -{{/* -Return the appropriate apiVersion for daemonset. -*/}} -{{- define "prometheus.daemonset.apiVersion" -}} -{{- if semverCompare "<1.9-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "extensions/v1beta1" -}} -{{- else if semverCompare "^1.9-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} -{{/* -Return the appropriate apiVersion for networkpolicy. -*/}} -{{- define "prometheus.networkPolicy.apiVersion" -}} -{{- if semverCompare ">=1.4-0, <1.7-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "extensions/v1beta1" -}} -{{- else if semverCompare "^1.7-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "networking.k8s.io/v1" -}} -{{- end -}} -{{- end -}} -{{/* -Return the appropriate apiVersion for podsecuritypolicy. -*/}} -{{- define "prometheus.podSecurityPolicy.apiVersion" -}} -{{- if semverCompare ">=1.3-0, <1.10-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "extensions/v1beta1" -}} -{{- else if semverCompare "^1.10-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "policy/v1beta1" -}} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the service account to use for the alertmanager component -*/}} -{{- define "prometheus.serviceAccountName.alertmanager" -}} -{{- if .Values.serviceAccounts.alertmanager.create -}} - {{ default (include "prometheus.alertmanager.fullname" .) .Values.serviceAccounts.alertmanager.name }} -{{- else -}} - {{ default "default" .Values.serviceAccounts.alertmanager.name }} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the service account to use for the kubeStateMetrics component -*/}} -{{- define "prometheus.serviceAccountName.kubeStateMetrics" -}} -{{- if .Values.serviceAccounts.kubeStateMetrics.create -}} - {{ default (include "prometheus.kubeStateMetrics.fullname" .) .Values.serviceAccounts.kubeStateMetrics.name }} -{{- else -}} - {{ default "default" .Values.serviceAccounts.kubeStateMetrics.name }} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the service account to use for the nodeExporter component -*/}} -{{- define "prometheus.serviceAccountName.nodeExporter" -}} -{{- if .Values.serviceAccounts.nodeExporter.create -}} - {{ default (include "prometheus.nodeExporter.fullname" .) .Values.serviceAccounts.nodeExporter.name }} -{{- else -}} - {{ default "default" .Values.serviceAccounts.nodeExporter.name }} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the service account to use for the pushgateway component -*/}} -{{- define "prometheus.serviceAccountName.pushgateway" -}} -{{- if .Values.serviceAccounts.pushgateway.create -}} - {{ default (include "prometheus.pushgateway.fullname" .) .Values.serviceAccounts.pushgateway.name }} -{{- else -}} - {{ default "default" .Values.serviceAccounts.pushgateway.name }} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the service account to use for the server component -*/}} -{{- define "prometheus.serviceAccountName.server" -}} -{{- if .Values.serviceAccounts.server.create -}} - {{ default (include "prometheus.server.fullname" .) .Values.serviceAccounts.server.name }} -{{- else -}} - {{ default "default" .Values.serviceAccounts.server.name }} -{{- end -}} -{{- end -}} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-clusterrole.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-clusterrole.yaml deleted file mode 100755 index 9bec69257..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-clusterrole.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if and .Values.alertmanager.enabled .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - labels: - {{- include "prometheus.alertmanager.labels" . | nindent 4 }} - name: {{ template "prometheus.alertmanager.fullname" . }} -rules: -{{- if .Values.podSecurityPolicy.enabled }} - - apiGroups: - - extensions - resources: - - podsecuritypolicies - verbs: - - use - resourceNames: - - {{ template "prometheus.alertmanager.fullname" . }} -{{- else }} - [] -{{- end }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-clusterrolebinding.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-clusterrolebinding.yaml deleted file mode 100755 index a058c7121..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-clusterrolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if and .Values.alertmanager.enabled .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding -metadata: - labels: - {{- include "prometheus.alertmanager.labels" . | nindent 4 }} - name: {{ template "prometheus.alertmanager.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ template "prometheus.serviceAccountName.alertmanager" . }} - namespace: {{ .Release.Namespace }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "prometheus.alertmanager.fullname" . }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-configmap.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-configmap.yaml deleted file mode 100755 index 09708915c..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-configmap.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if and .Values.alertmanager.enabled (and (empty .Values.alertmanager.configMapOverrideName) (empty .Values.alertmanager.configFromSecret)) -}} -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - {{- include "prometheus.alertmanager.labels" . | nindent 4 }} - name: {{ template "prometheus.alertmanager.fullname" . }} -data: -{{- $root := . -}} -{{- range $key, $value := .Values.alertmanagerFiles }} - {{- if $key | regexMatch ".*\\.ya?ml$" }} - {{ $key }}: | -{{ toYaml $value | default "{}" | indent 4 }} - {{- else }} - {{ $key }}: {{ toYaml $value | indent 4 }} - {{- end }} -{{- end -}} -{{- end -}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-deployment.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-deployment.yaml deleted file mode 100755 index 892204ab2..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-deployment.yaml +++ /dev/null @@ -1,141 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if and .Values.alertmanager.enabled (not .Values.alertmanager.statefulSet.enabled) -}} -apiVersion: {{ template "prometheus.deployment.apiVersion" . }} -kind: Deployment -metadata: - labels: - {{- include "prometheus.alertmanager.labels" . | nindent 4 }} - name: {{ template "prometheus.alertmanager.fullname" . }} -spec: - selector: - matchLabels: - {{- include "prometheus.alertmanager.matchLabels" . | nindent 6 }} - replicas: {{ .Values.alertmanager.replicaCount }} - {{- if .Values.alertmanager.strategy }} - strategy: -{{ toYaml .Values.alertmanager.strategy | indent 4 }} - {{- end }} - template: - metadata: - {{- if .Values.alertmanager.podAnnotations }} - annotations: -{{ toYaml .Values.alertmanager.podAnnotations | indent 8 }} - {{- end }} - labels: - {{- include "prometheus.alertmanager.labels" . | nindent 8 }} - {{- if .Values.alertmanager.podLabels}} - {{ toYaml .Values.alertmanager.podLabels | nindent 8 }} - {{- end}} - spec: -{{- if .Values.alertmanager.schedulerName }} - schedulerName: "{{ .Values.alertmanager.schedulerName }}" -{{- end }} - serviceAccountName: {{ template "prometheus.serviceAccountName.alertmanager" . }} -{{- if .Values.alertmanager.priorityClassName }} - priorityClassName: "{{ .Values.alertmanager.priorityClassName }}" -{{- end }} - containers: - - name: {{ template "prometheus.name" . }}-{{ .Values.alertmanager.name }} - image: "{{ .Values.alertmanager.image.repository }}:{{ .Values.alertmanager.image.tag }}" - imagePullPolicy: "{{ .Values.alertmanager.image.pullPolicy }}" - env: - {{- range $key, $value := .Values.alertmanager.extraEnv }} - - name: {{ $key }} - value: {{ $value }} - {{- end }} - - name: POD_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.podIP - args: - - --config.file=/etc/config/{{ .Values.alertmanager.configFileName }} - - --storage.path={{ .Values.alertmanager.persistentVolume.mountPath }} - - --cluster.advertise-address=$(POD_IP):6783 - {{- range $key, $value := .Values.alertmanager.extraArgs }} - - --{{ $key }}={{ $value }} - {{- end }} - {{- if .Values.alertmanager.baseURL }} - - --web.external-url={{ .Values.alertmanager.baseURL }} - {{- end }} - - ports: - - containerPort: 9093 - readinessProbe: - httpGet: - path: {{ .Values.alertmanager.prefixURL }}/-/ready - port: 9093 - initialDelaySeconds: 30 - timeoutSeconds: 30 - resources: -{{ toYaml .Values.alertmanager.resources | indent 12 }} - volumeMounts: - - name: config-volume - mountPath: /etc/config - - name: storage-volume - mountPath: "{{ .Values.alertmanager.persistentVolume.mountPath }}" - subPath: "{{ .Values.alertmanager.persistentVolume.subPath }}" - {{- range .Values.alertmanager.extraSecretMounts }} - - name: {{ .name }} - mountPath: {{ .mountPath }} - subPath: {{ .subPath }} - readOnly: {{ .readOnly }} - {{- end }} - - {{- if .Values.configmapReload.alertmanager.enabled }} - - name: {{ template "prometheus.name" . }}-{{ .Values.alertmanager.name }}-{{ .Values.configmapReload.alertmanager.name }} - image: "{{ .Values.configmapReload.alertmanager.image.repository }}:{{ .Values.configmapReload.alertmanager.image.tag }}" - imagePullPolicy: "{{ .Values.configmapReload.alertmanager.image.pullPolicy }}" - args: - - --volume-dir=/etc/config - - --webhook-url=http://127.0.0.1:9093{{ .Values.alertmanager.prefixURL }}/-/reload - resources: -{{ toYaml .Values.configmapReload.alertmanager.resources | indent 12 }} - volumeMounts: - - name: config-volume - mountPath: /etc/config - readOnly: true - {{- end }} - {{- if .Values.imagePullSecrets }} - imagePullSecrets: - {{ toYaml .Values.imagePullSecrets | indent 2 }} - {{- end }} - {{- if .Values.alertmanager.nodeSelector }} - nodeSelector: -{{ toYaml .Values.alertmanager.nodeSelector | indent 8 }} - {{- end }} - {{- if .Values.alertmanager.securityContext }} - securityContext: -{{ toYaml .Values.alertmanager.securityContext | indent 8 }} - {{- end }} - {{- if .Values.alertmanager.tolerations }} - tolerations: -{{ toYaml .Values.alertmanager.tolerations | indent 8 }} - {{- end }} - {{- if .Values.alertmanager.affinity }} - affinity: -{{ toYaml .Values.alertmanager.affinity | indent 8 }} - {{- end }} - volumes: - - name: config-volume - {{- if empty .Values.alertmanager.configFromSecret }} - configMap: - name: {{ if .Values.alertmanager.configMapOverrideName }}{{ .Release.Name }}-{{ .Values.alertmanager.configMapOverrideName }}{{- else }}{{ template "prometheus.alertmanager.fullname" . }}{{- end }} - {{- else }} - secret: - secretName: {{ .Values.alertmanager.configFromSecret }} - {{- end }} - {{- range .Values.alertmanager.extraSecretMounts }} - - name: {{ .name }} - secret: - secretName: {{ .secretName }} - {{- end }} - - name: storage-volume - {{- if .Values.alertmanager.persistentVolume.enabled }} - persistentVolumeClaim: - claimName: {{ if .Values.alertmanager.persistentVolume.existingClaim }}{{ .Values.alertmanager.persistentVolume.existingClaim }}{{- else }}{{ template "prometheus.alertmanager.fullname" . }}{{- end }} - {{- else }} - emptyDir: {} - {{- end -}} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-ingress.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-ingress.yaml deleted file mode 100755 index dc6ba4418..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-ingress.yaml +++ /dev/null @@ -1,44 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if and .Values.alertmanager.enabled .Values.alertmanager.ingress.enabled -}} -{{- $releaseName := .Release.Name -}} -{{- $serviceName := include "prometheus.alertmanager.fullname" . }} -{{- $servicePort := .Values.alertmanager.service.servicePort -}} -{{- $extraPaths := .Values.alertmanager.ingress.extraPaths -}} -{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} -apiVersion: networking.k8s.io/v1beta1 -{{ else }} -apiVersion: extensions/v1beta1 -{{ end -}} -kind: Ingress -metadata: -{{- if .Values.alertmanager.ingress.annotations }} - annotations: -{{ toYaml .Values.alertmanager.ingress.annotations | indent 4 }} -{{- end }} - labels: - {{- include "prometheus.alertmanager.labels" . | nindent 4 }} -{{- range $key, $value := .Values.alertmanager.ingress.extraLabels }} - {{ $key }}: {{ $value }} -{{- end }} - name: {{ template "prometheus.alertmanager.fullname" . }} -spec: - rules: - {{- range .Values.alertmanager.ingress.hosts }} - {{- $url := splitList "/" . }} - - host: {{ first $url }} - http: - paths: -{{ if $extraPaths }} -{{ toYaml $extraPaths | indent 10 }} -{{- end }} - - path: /{{ rest $url | join "/" }} - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end -}} -{{- if .Values.alertmanager.ingress.tls }} - tls: -{{ toYaml .Values.alertmanager.ingress.tls | indent 4 }} - {{- end -}} -{{- end -}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-networkpolicy.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-networkpolicy.yaml deleted file mode 100755 index 62633d0bc..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-networkpolicy.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if and .Values.alertmanager.enabled .Values.networkPolicy.enabled -}} -apiVersion: {{ template "prometheus.networkPolicy.apiVersion" . }} -kind: NetworkPolicy -metadata: - name: {{ template "prometheus.alertmanager.fullname" . }} - labels: - {{- include "prometheus.alertmanager.labels" . | nindent 4 }} -spec: - podSelector: - matchLabels: - {{- include "prometheus.alertmanager.matchLabels" . | nindent 6 }} - ingress: - - from: - - podSelector: - matchLabels: - {{- include "prometheus.server.matchLabels" . | nindent 12 }} - - ports: - - port: 9093 -{{- end -}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-pdb.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-pdb.yaml deleted file mode 100755 index bb190f23d..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-pdb.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if .Values.alertmanager.podDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ template "prometheus.alertmanager.fullname" . }} - labels: - {{- include "prometheus.alertmanager.labels" . | nindent 4 }} -spec: - maxUnavailable: {{ .Values.alertmanager.podDisruptionBudget.maxUnavailable }} - selector: - matchLabels: - {{- include "prometheus.alertmanager.labels" . | nindent 6 }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-podsecuritypolicy.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-podsecuritypolicy.yaml deleted file mode 100755 index da2fbbd1c..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-podsecuritypolicy.yaml +++ /dev/null @@ -1,50 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if .Values.rbac.create }} -{{- if .Values.podSecurityPolicy.enabled }} -apiVersion: {{ template "prometheus.podSecurityPolicy.apiVersion" . }} -kind: PodSecurityPolicy -metadata: - name: {{ template "prometheus.alertmanager.fullname" . }} - labels: - {{- include "prometheus.alertmanager.labels" . | nindent 4 }} - annotations: -{{- if .Values.alertmanager.podSecurityPolicy.annotations }} -{{ toYaml .Values.alertmanager.podSecurityPolicy.annotations | indent 4 }} -{{- end }} -spec: - privileged: false - allowPrivilegeEscalation: false - requiredDropCapabilities: - - ALL - volumes: - - 'configMap' - - 'persistentVolumeClaim' - - 'emptyDir' - - 'secret' - allowedHostPaths: - - pathPrefix: /etc - readOnly: true - - pathPrefix: {{ .Values.alertmanager.persistentVolume.mountPath }} - hostNetwork: false - hostPID: false - hostIPC: false - runAsUser: - rule: 'RunAsAny' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - readOnlyRootFilesystem: true -{{- end }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-pvc.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-pvc.yaml deleted file mode 100755 index 58de9fd39..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-pvc.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if not .Values.alertmanager.statefulSet.enabled -}} -{{- if and .Values.alertmanager.enabled .Values.alertmanager.persistentVolume.enabled -}} -{{- if not .Values.alertmanager.persistentVolume.existingClaim -}} -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - {{- if .Values.alertmanager.persistentVolume.annotations }} - annotations: -{{ toYaml .Values.alertmanager.persistentVolume.annotations | indent 4 }} - {{- end }} - labels: - {{- include "prometheus.alertmanager.labels" . | nindent 4 }} - name: {{ template "prometheus.alertmanager.fullname" . }} -spec: - accessModes: -{{ toYaml .Values.alertmanager.persistentVolume.accessModes | indent 4 }} -{{- if .Values.alertmanager.persistentVolume.storageClass }} -{{- if (eq "-" .Values.alertmanager.persistentVolume.storageClass) }} - storageClassName: "" -{{- else }} - storageClassName: "{{ .Values.alertmanager.persistentVolume.storageClass }}" -{{- end }} -{{- end }} -{{- if .Values.alertmanager.persistentVolume.volumeBindingMode }} - volumeBindingModeName: "{{ .Values.alertmanager.persistentVolume.volumeBindingMode }}" -{{- end }} - resources: - requests: - storage: "{{ .Values.alertmanager.persistentVolume.size }}" -{{- end -}} -{{- end -}} -{{- end -}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-service-headless.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-service-headless.yaml deleted file mode 100755 index 1519344ba..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-service-headless.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if and .Values.alertmanager.enabled .Values.alertmanager.statefulSet.enabled -}} -apiVersion: v1 -kind: Service -metadata: -{{- if .Values.alertmanager.statefulSet.headless.annotations }} - annotations: -{{ toYaml .Values.alertmanager.statefulSet.headless.annotations | indent 4 }} -{{- end }} - labels: - {{- include "prometheus.alertmanager.labels" . | nindent 4 }} -{{- if .Values.alertmanager.statefulSet.headless.labels }} -{{ toYaml .Values.alertmanager.statefulSet.headless.labels | indent 4 }} -{{- end }} - name: {{ template "prometheus.alertmanager.fullname" . }}-headless -spec: - clusterIP: None - ports: - - name: http - port: {{ .Values.alertmanager.statefulSet.headless.servicePort }} - protocol: TCP - targetPort: 9093 -{{- if .Values.alertmanager.statefulSet.headless.enableMeshPeer }} - - name: meshpeer - port: 6783 - protocol: TCP - targetPort: 6783 -{{- end }} - selector: - {{- include "prometheus.alertmanager.matchLabels" . | nindent 4 }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-service.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-service.yaml deleted file mode 100755 index 9bc45f7c6..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-service.yaml +++ /dev/null @@ -1,54 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if .Values.alertmanager.enabled -}} -apiVersion: v1 -kind: Service -metadata: -{{- if .Values.alertmanager.service.annotations }} - annotations: -{{ toYaml .Values.alertmanager.service.annotations | indent 4 }} -{{- end }} - labels: - {{- include "prometheus.alertmanager.labels" . | nindent 4 }} -{{- if .Values.alertmanager.service.labels }} -{{ toYaml .Values.alertmanager.service.labels | indent 4 }} -{{- end }} - name: {{ template "prometheus.alertmanager.fullname" . }} -spec: -{{- if .Values.alertmanager.service.clusterIP }} - clusterIP: {{ .Values.alertmanager.service.clusterIP }} -{{- end }} -{{- if .Values.alertmanager.service.externalIPs }} - externalIPs: -{{ toYaml .Values.alertmanager.service.externalIPs | indent 4 }} -{{- end }} -{{- if .Values.alertmanager.service.loadBalancerIP }} - loadBalancerIP: {{ .Values.alertmanager.service.loadBalancerIP }} -{{- end }} -{{- if .Values.alertmanager.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: - {{- range $cidr := .Values.alertmanager.service.loadBalancerSourceRanges }} - - {{ $cidr }} - {{- end }} -{{- end }} - ports: - - name: http - port: {{ .Values.alertmanager.service.servicePort }} - protocol: TCP - targetPort: 9093 - {{- if .Values.alertmanager.service.nodePort }} - nodePort: {{ .Values.alertmanager.service.nodePort }} - {{- end }} -{{- if .Values.alertmanager.service.enableMeshPeer }} - - name: meshpeer - port: 6783 - protocol: TCP - targetPort: 6783 -{{- end }} - selector: - {{- include "prometheus.alertmanager.matchLabels" . | nindent 4 }} -{{- if .Values.alertmanager.service.sessionAffinity }} - sessionAffinity: {{ .Values.alertmanager.service.sessionAffinity }} -{{- end }} - type: "{{ .Values.alertmanager.service.type }}" -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-serviceaccount.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-serviceaccount.yaml deleted file mode 100755 index d99c29996..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-serviceaccount.yaml +++ /dev/null @@ -1,10 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if and .Values.alertmanager.enabled .Values.serviceAccounts.alertmanager.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - {{- include "prometheus.alertmanager.labels" . | nindent 4 }} - name: {{ template "prometheus.serviceAccountName.alertmanager" . }} -{{- end -}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-statefulset.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-statefulset.yaml deleted file mode 100755 index 25a9b7a9c..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-statefulset.yaml +++ /dev/null @@ -1,154 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if and .Values.alertmanager.enabled .Values.alertmanager.statefulSet.enabled -}} -apiVersion: apps/v1 -kind: StatefulSet -metadata: - labels: - {{- include "prometheus.alertmanager.labels" . | nindent 4 }} - name: {{ template "prometheus.alertmanager.fullname" . }} -spec: - serviceName: {{ template "prometheus.alertmanager.fullname" . }}-headless - selector: - matchLabels: - {{- include "prometheus.alertmanager.matchLabels" . | nindent 6 }} - replicas: {{ .Values.alertmanager.replicaCount }} - podManagementPolicy: {{ .Values.alertmanager.statefulSet.podManagementPolicy }} - template: - metadata: - {{- if .Values.alertmanager.podAnnotations }} - annotations: -{{ toYaml .Values.alertmanager.podAnnotations | indent 8 }} - {{- end }} - labels: - {{- include "prometheus.alertmanager.labels" . | nindent 8 }} - spec: -{{- if .Values.alertmanager.affinity }} - affinity: -{{ toYaml .Values.alertmanager.affinity | indent 8 }} -{{- end }} -{{- if .Values.alertmanager.schedulerName }} - schedulerName: "{{ .Values.alertmanager.schedulerName }}" -{{- end }} - serviceAccountName: {{ template "prometheus.serviceAccountName.alertmanager" . }} -{{- if .Values.alertmanager.priorityClassName }} - priorityClassName: "{{ .Values.alertmanager.priorityClassName }}" -{{- end }} - containers: - - name: {{ template "prometheus.name" . }}-{{ .Values.alertmanager.name }} - image: "{{ .Values.alertmanager.image.repository }}:{{ .Values.alertmanager.image.tag }}" - imagePullPolicy: "{{ .Values.alertmanager.image.pullPolicy }}" - env: - {{- range $key, $value := .Values.alertmanager.extraEnv }} - - name: {{ $key }} - value: {{ $value }} - {{- end }} - - name: POD_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.podIP - args: - - --config.file=/etc/config/alertmanager.yml - - --storage.path={{ .Values.alertmanager.persistentVolume.mountPath }} - - --cluster.advertise-address=$(POD_IP):6783 - {{- if .Values.alertmanager.statefulSet.headless.enableMeshPeer }} - - --cluster.listen-address=0.0.0.0:6783 - {{- range $n := until (.Values.alertmanager.replicaCount | int) }} - - --cluster.peer={{ template "prometheus.alertmanager.fullname" $ }}-{{ $n }}.{{ template "prometheus.alertmanager.fullname" $ }}-headless:6783 - {{- end }} - {{- end }} - {{- range $key, $value := .Values.alertmanager.extraArgs }} - - --{{ $key }}={{ $value }} - {{- end }} - {{- if .Values.alertmanager.baseURL }} - - --web.external-url={{ .Values.alertmanager.baseURL }} - {{- end }} - - ports: - - containerPort: 9093 - readinessProbe: - httpGet: - path: {{ .Values.alertmanager.prefixURL }}/#/status - port: 9093 - initialDelaySeconds: 30 - timeoutSeconds: 30 - resources: -{{ toYaml .Values.alertmanager.resources | indent 12 }} - volumeMounts: - - name: config-volume - mountPath: /etc/config - - name: storage-volume - mountPath: "{{ .Values.alertmanager.persistentVolume.mountPath }}" - subPath: "{{ .Values.alertmanager.persistentVolume.subPath }}" - {{- range .Values.alertmanager.extraSecretMounts }} - - name: {{ .name }} - mountPath: {{ .mountPath }} - subPath: {{ .subPath }} - readOnly: {{ .readOnly }} - {{- end }} - {{- if .Values.configmapReload.alertmanager.enabled }} - - name: {{ template "prometheus.name" . }}-{{ .Values.alertmanager.name }}-{{ .Values.configmapReload.alertmanager.name }} - image: "{{ .Values.configmapReload.alertmanager.image.repository }}:{{ .Values.configmapReload.alertmanager.image.tag }}" - imagePullPolicy: "{{ .Values.configmapReload.alertmanager.image.pullPolicy }}" - args: - - --volume-dir=/etc/config - - --webhook-url=http://localhost:9093{{ .Values.alertmanager.prefixURL }}/-/reload - resources: -{{ toYaml .Values.configmapReload.alertmanager.resources | indent 12 }} - volumeMounts: - - name: config-volume - mountPath: /etc/config - readOnly: true - {{- end }} - {{- if .Values.imagePullSecrets }} - imagePullSecrets: - {{ toYaml .Values.imagePullSecrets | indent 2 }} - {{- end }} - {{- if .Values.alertmanager.nodeSelector }} - nodeSelector: -{{ toYaml .Values.alertmanager.nodeSelector | indent 8 }} - {{- end }} - {{- if .Values.alertmanager.securityContext }} - securityContext: -{{ toYaml .Values.alertmanager.securityContext | indent 8 }} - {{- end }} - {{- if .Values.alertmanager.tolerations }} - tolerations: -{{ toYaml .Values.alertmanager.tolerations | indent 8 }} - {{- end }} - volumes: - - name: config-volume - configMap: - name: {{ if .Values.alertmanager.configMapOverrideName }}{{ .Release.Name }}-{{ .Values.alertmanager.configMapOverrideName }}{{- else }}{{ template "prometheus.alertmanager.fullname" . }}{{- end }} - {{- range .Values.alertmanager.extraSecretMounts }} - - name: {{ .name }} - secret: - secretName: {{ .secretName }} - {{- end }} -{{- if .Values.alertmanager.persistentVolume.enabled }} - volumeClaimTemplates: - - metadata: - name: storage-volume - {{- if .Values.alertmanager.persistentVolume.annotations }} - annotations: -{{ toYaml .Values.alertmanager.persistentVolume.annotations | indent 10 }} - {{- end }} - spec: - accessModes: -{{ toYaml .Values.alertmanager.persistentVolume.accessModes | indent 10 }} - resources: - requests: - storage: "{{ .Values.alertmanager.persistentVolume.size }}" - {{- if .Values.server.persistentVolume.storageClass }} - {{- if (eq "-" .Values.server.persistentVolume.storageClass) }} - storageClassName: "" - {{- else }} - storageClassName: "{{ .Values.alertmanager.persistentVolume.storageClass }}" - {{- end }} - {{- end }} -{{- else }} - - name: storage-volume - emptyDir: {} -{{- end }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/node-exporter-daemonset.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/node-exporter-daemonset.yaml deleted file mode 100755 index fce0f2714..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/node-exporter-daemonset.yaml +++ /dev/null @@ -1,125 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if .Values.nodeExporter.enabled -}} -apiVersion: {{ template "prometheus.daemonset.apiVersion" . }} -kind: DaemonSet -metadata: -{{- if .Values.nodeExporter.deploymentAnnotations }} - annotations: -{{ toYaml .Values.nodeExporter.deploymentAnnotations | indent 4 }} -{{- end }} - labels: - {{- include "prometheus.nodeExporter.labels" . | nindent 4 }} - name: {{ template "prometheus.nodeExporter.fullname" . }} -spec: - selector: - matchLabels: - {{- include "prometheus.nodeExporter.matchLabels" . | nindent 6 }} - {{- if .Values.nodeExporter.updateStrategy }} - updateStrategy: -{{ toYaml .Values.nodeExporter.updateStrategy | indent 4 }} - {{- end }} - template: - metadata: - {{- if .Values.nodeExporter.podAnnotations }} - annotations: -{{ toYaml .Values.nodeExporter.podAnnotations | indent 8 }} - {{- end }} - labels: - {{- include "prometheus.nodeExporter.labels" . | nindent 8 }} -{{- if .Values.nodeExporter.pod.labels }} -{{ toYaml .Values.nodeExporter.pod.labels | indent 8 }} -{{- end }} - spec: - serviceAccountName: {{ template "prometheus.serviceAccountName.nodeExporter" . }} -{{- if .Values.nodeExporter.priorityClassName }} - priorityClassName: "{{ .Values.nodeExporter.priorityClassName }}" -{{- end }} - containers: - - name: {{ template "prometheus.name" . }}-{{ .Values.nodeExporter.name }} - image: "{{ .Values.nodeExporter.image.repository }}:{{ .Values.nodeExporter.image.tag }}" - imagePullPolicy: "{{ .Values.nodeExporter.image.pullPolicy }}" - args: - - --path.procfs=/host/proc - - --path.sysfs=/host/sys - {{- if .Values.nodeExporter.hostNetwork }} - - --web.listen-address=:{{ .Values.nodeExporter.service.hostPort }} - {{- end }} - {{- range $key, $value := .Values.nodeExporter.extraArgs }} - {{- if $value }} - - --{{ $key }}={{ $value }} - {{- else }} - - --{{ $key }} - {{- end }} - {{- end }} - ports: - - name: metrics - {{- if .Values.nodeExporter.hostNetwork }} - containerPort: {{ .Values.nodeExporter.service.hostPort }} - {{- else }} - containerPort: 9100 - {{- end }} - hostPort: {{ .Values.nodeExporter.service.hostPort }} - resources: -{{ toYaml .Values.nodeExporter.resources | indent 12 }} - volumeMounts: - - name: proc - mountPath: /host/proc - readOnly: true - - name: sys - mountPath: /host/sys - readOnly: true - {{- range .Values.nodeExporter.extraHostPathMounts }} - - name: {{ .name }} - mountPath: {{ .mountPath }} - readOnly: {{ .readOnly }} - {{- if .mountPropagation }} - mountPropagation: {{ .mountPropagation }} - {{- end }} - {{- end }} - {{- range .Values.nodeExporter.extraConfigmapMounts }} - - name: {{ .name }} - mountPath: {{ .mountPath }} - readOnly: {{ .readOnly }} - {{- end }} - {{- if .Values.imagePullSecrets }} - imagePullSecrets: - {{ toYaml .Values.imagePullSecrets | indent 2 }} - {{- end }} - {{- if .Values.nodeExporter.hostNetwork }} - hostNetwork: true - {{- end }} - {{- if .Values.nodeExporter.hostPID }} - hostPID: true - {{- end }} - {{- if .Values.nodeExporter.tolerations }} - tolerations: -{{ toYaml .Values.nodeExporter.tolerations | indent 8 }} - {{- end }} - {{- if .Values.nodeExporter.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeExporter.nodeSelector | indent 8 }} - {{- end }} - {{- if .Values.nodeExporter.securityContext }} - securityContext: -{{ toYaml .Values.nodeExporter.securityContext | indent 8 }} - {{- end }} - volumes: - - name: proc - hostPath: - path: /proc - - name: sys - hostPath: - path: /sys - {{- range .Values.nodeExporter.extraHostPathMounts }} - - name: {{ .name }} - hostPath: - path: {{ .hostPath }} - {{- end }} - {{- range .Values.nodeExporter.extraConfigmapMounts }} - - name: {{ .name }} - configMap: - name: {{ .configMap }} - {{- end }} - -{{- end -}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/node-exporter-podsecuritypolicy.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/node-exporter-podsecuritypolicy.yaml deleted file mode 100755 index 243667dd1..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/node-exporter-podsecuritypolicy.yaml +++ /dev/null @@ -1,57 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if and .Values.nodeExporter.enabled .Values.rbac.create }} -{{- if .Values.podSecurityPolicy.enabled }} -apiVersion: {{ template "prometheus.podSecurityPolicy.apiVersion" . }} -kind: PodSecurityPolicy -metadata: - name: {{ template "prometheus.nodeExporter.fullname" . }} - labels: - {{- include "prometheus.nodeExporter.labels" . | nindent 4 }} - annotations: -{{- if .Values.nodeExporter.podSecurityPolicy.annotations }} -{{ toYaml .Values.nodeExporter.podSecurityPolicy.annotations | indent 4 }} -{{- end }} -spec: - privileged: false - allowPrivilegeEscalation: false - requiredDropCapabilities: - - ALL - volumes: - - 'configMap' - - 'hostPath' - - 'secret' - allowedHostPaths: - - pathPrefix: /proc - readOnly: true - - pathPrefix: /sys - readOnly: true - {{- range .Values.nodeExporter.extraHostPathMounts }} - - pathPrefix: {{ .hostPath }} - readOnly: {{ .readOnly }} - {{- end }} - hostNetwork: {{ .Values.nodeExporter.hostNetwork }} - hostPID: {{ .Values.nodeExporter.hostPID }} - hostIPC: false - runAsUser: - rule: 'RunAsAny' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - readOnlyRootFilesystem: false - hostPorts: - - min: 1 - max: 65535 -{{- end }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/node-exporter-role.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/node-exporter-role.yaml deleted file mode 100755 index 1926db04e..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/node-exporter-role.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if and .Values.nodeExporter.enabled .Values.rbac.create }} -{{- if or (default .Values.nodeExporter.podSecurityPolicy.enabled false) (.Values.podSecurityPolicy.enabled) }} -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: Role -metadata: - name: {{ template "prometheus.nodeExporter.fullname" . }} - labels: - {{- include "prometheus.nodeExporter.labels" . | nindent 4 }} - namespace: {{ .Release.Namespace }} -rules: -- apiGroups: ['extensions'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "prometheus.nodeExporter.fullname" . }} -{{- end }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/node-exporter-rolebinding.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/node-exporter-rolebinding.yaml deleted file mode 100755 index fb39ab64f..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/node-exporter-rolebinding.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if and .Values.nodeExporter.enabled .Values.rbac.create }} -{{- if .Values.podSecurityPolicy.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "prometheus.nodeExporter.fullname" . }} - labels: - {{- include "prometheus.nodeExporter.labels" . | nindent 4 }} - namespace: {{ .Release.Namespace }} -roleRef: - kind: Role - name: {{ template "prometheus.nodeExporter.fullname" . }} - apiGroup: rbac.authorization.k8s.io -subjects: -- kind: ServiceAccount - name: {{ template "prometheus.serviceAccountName.nodeExporter" . }} - namespace: {{ .Release.Namespace }} -{{- end }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/node-exporter-service.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/node-exporter-service.yaml deleted file mode 100755 index 40cbd8d69..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/node-exporter-service.yaml +++ /dev/null @@ -1,46 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if .Values.nodeExporter.enabled -}} -apiVersion: v1 -kind: Service -metadata: -{{- if .Values.nodeExporter.service.annotations }} - annotations: -{{ toYaml .Values.nodeExporter.service.annotations | indent 4 }} -{{- end }} - labels: - {{- include "prometheus.nodeExporter.labels" . | nindent 4 }} -{{- if .Values.nodeExporter.service.labels }} -{{ toYaml .Values.nodeExporter.service.labels | indent 4 }} -{{- end }} - name: {{ template "prometheus.nodeExporter.fullname" . }} -spec: -{{- if .Values.nodeExporter.service.clusterIP }} - clusterIP: {{ .Values.nodeExporter.service.clusterIP }} -{{- end }} -{{- if .Values.nodeExporter.service.externalIPs }} - externalIPs: -{{ toYaml .Values.nodeExporter.service.externalIPs | indent 4 }} -{{- end }} -{{- if .Values.nodeExporter.service.loadBalancerIP }} - loadBalancerIP: {{ .Values.nodeExporter.service.loadBalancerIP }} -{{- end }} -{{- if .Values.nodeExporter.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: - {{- range $cidr := .Values.nodeExporter.service.loadBalancerSourceRanges }} - - {{ $cidr }} - {{- end }} -{{- end }} - ports: - - name: metrics - port: {{ .Values.nodeExporter.service.servicePort }} - protocol: TCP - {{- if .Values.nodeExporter.hostNetwork }} - targetPort: {{ .Values.nodeExporter.service.hostPort }} - {{- else }} - targetPort: 9100 - {{- end }} - selector: - {{- include "prometheus.nodeExporter.matchLabels" . | nindent 4 }} - type: "{{ .Values.nodeExporter.service.type }}" -{{- end -}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/node-exporter-serviceaccount.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/node-exporter-serviceaccount.yaml deleted file mode 100755 index b75c4a4b6..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/node-exporter-serviceaccount.yaml +++ /dev/null @@ -1,10 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if and .Values.nodeExporter.enabled .Values.serviceAccounts.nodeExporter.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - {{- include "prometheus.nodeExporter.labels" . | nindent 4 }} - name: {{ template "prometheus.serviceAccountName.nodeExporter" . }} -{{- end -}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-clusterrole.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-clusterrole.yaml deleted file mode 100755 index 9ea81e4a2..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-clusterrole.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if and .Values.pushgateway.enabled .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - labels: - {{- include "prometheus.pushgateway.labels" . | nindent 4 }} - name: {{ template "prometheus.pushgateway.fullname" . }} -rules: -{{- if .Values.podSecurityPolicy.enabled }} - - apiGroups: - - extensions - resources: - - podsecuritypolicies - verbs: - - use - resourceNames: - - {{ template "prometheus.pushgateway.fullname" . }} -{{- else }} - [] -{{- end }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-clusterrolebinding.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-clusterrolebinding.yaml deleted file mode 100755 index 475d9d63d..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-clusterrolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if and .Values.pushgateway.enabled .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding -metadata: - labels: - {{- include "prometheus.pushgateway.labels" . | nindent 4 }} - name: {{ template "prometheus.pushgateway.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ template "prometheus.serviceAccountName.pushgateway" . }} - namespace: {{ .Release.Namespace }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "prometheus.pushgateway.fullname" . }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-deployment.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-deployment.yaml deleted file mode 100755 index 9dec641fc..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-deployment.yaml +++ /dev/null @@ -1,99 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if .Values.pushgateway.enabled -}} -apiVersion: {{ template "prometheus.deployment.apiVersion" . }} -kind: Deployment -metadata: - labels: - {{- include "prometheus.pushgateway.labels" . | nindent 4 }} - name: {{ template "prometheus.pushgateway.fullname" . }} -spec: - selector: - {{- if .Values.schedulerName }} - schedulerName: "{{ .Values.schedulerName }}" - {{- end }} - matchLabels: - {{- include "prometheus.pushgateway.matchLabels" . | nindent 6 }} - replicas: {{ .Values.pushgateway.replicaCount }} - {{- if .Values.pushgateway.strategy }} - strategy: -{{ toYaml .Values.pushgateway.strategy | indent 4 }} - {{- end }} - template: - metadata: - {{- if .Values.pushgateway.podAnnotations }} - annotations: -{{ toYaml .Values.pushgateway.podAnnotations | indent 8 }} - {{- end }} - labels: - {{- include "prometheus.pushgateway.labels" . | nindent 8 }} - spec: - serviceAccountName: {{ template "prometheus.serviceAccountName.pushgateway" . }} -{{- if .Values.pushgateway.priorityClassName }} - priorityClassName: "{{ .Values.pushgateway.priorityClassName }}" -{{- end }} - containers: - - name: {{ template "prometheus.name" . }}-{{ .Values.pushgateway.name }} - image: "{{ .Values.pushgateway.image.repository }}:{{ .Values.pushgateway.image.tag }}" - imagePullPolicy: "{{ .Values.pushgateway.image.pullPolicy }}" - args: - {{- range $key, $value := .Values.pushgateway.extraArgs }} - - --{{ $key }}={{ $value }} - {{- end }} - ports: - - containerPort: 9091 - livenessProbe: - httpGet: - {{- if (index .Values "pushgateway" "extraArgs" "web.route-prefix") }} - path: /{{ index .Values "pushgateway" "extraArgs" "web.route-prefix" }}/-/healthy - {{- else }} - path: /-/healthy - {{- end }} - port: 9091 - initialDelaySeconds: 10 - timeoutSeconds: 10 - readinessProbe: - httpGet: - {{- if (index .Values "pushgateway" "extraArgs" "web.route-prefix") }} - path: /{{ index .Values "pushgateway" "extraArgs" "web.route-prefix" }}/-/ready - {{- else }} - path: /-/ready - {{- end }} - port: 9091 - initialDelaySeconds: 10 - timeoutSeconds: 10 - resources: -{{ toYaml .Values.pushgateway.resources | indent 12 }} - {{- if .Values.pushgateway.persistentVolume.enabled }} - volumeMounts: - - name: storage-volume - mountPath: "{{ .Values.pushgateway.persistentVolume.mountPath }}" - subPath: "{{ .Values.pushgateway.persistentVolume.subPath }}" - {{- end }} - {{- if .Values.imagePullSecrets }} - imagePullSecrets: - {{ toYaml .Values.imagePullSecrets | indent 2 }} - {{- end }} - {{- if .Values.pushgateway.nodeSelector }} - nodeSelector: -{{ toYaml .Values.pushgateway.nodeSelector | indent 8 }} - {{- end }} - {{- if .Values.pushgateway.securityContext }} - securityContext: -{{ toYaml .Values.pushgateway.securityContext | indent 8 }} - {{- end }} - {{- if .Values.pushgateway.tolerations }} - tolerations: -{{ toYaml .Values.pushgateway.tolerations | indent 8 }} - {{- end }} - {{- if .Values.pushgateway.affinity }} - affinity: -{{ toYaml .Values.pushgateway.affinity | indent 8 }} - {{- end }} - {{- if .Values.pushgateway.persistentVolume.enabled }} - volumes: - - name: storage-volume - persistentVolumeClaim: - claimName: {{ if .Values.pushgateway.persistentVolume.existingClaim }}{{ .Values.pushgateway.persistentVolume.existingClaim }}{{- else }}{{ template "prometheus.pushgateway.fullname" . }}{{- end }} - {{- end -}} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-ingress.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-ingress.yaml deleted file mode 100755 index 422129b6f..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-ingress.yaml +++ /dev/null @@ -1,41 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if and .Values.pushgateway.enabled .Values.pushgateway.ingress.enabled -}} -{{- $releaseName := .Release.Name -}} -{{- $serviceName := include "prometheus.pushgateway.fullname" . }} -{{- $servicePort := .Values.pushgateway.service.servicePort -}} -{{- $extraPaths := .Values.pushgateway.ingress.extraPaths -}} -{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} -apiVersion: networking.k8s.io/v1beta1 -{{ else }} -apiVersion: extensions/v1beta1 -{{ end -}} -kind: Ingress -metadata: -{{- if .Values.pushgateway.ingress.annotations }} - annotations: -{{ toYaml .Values.pushgateway.ingress.annotations | indent 4}} -{{- end }} - labels: - {{- include "prometheus.pushgateway.labels" . | nindent 4 }} - name: {{ template "prometheus.pushgateway.fullname" . }} -spec: - rules: - {{- range .Values.pushgateway.ingress.hosts }} - {{- $url := splitList "/" . }} - - host: {{ first $url }} - http: - paths: -{{ if $extraPaths }} -{{ toYaml $extraPaths | indent 10 }} -{{- end }} - - path: /{{ rest $url | join "/" }} - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end -}} -{{- if .Values.pushgateway.ingress.tls }} - tls: -{{ toYaml .Values.pushgateway.ingress.tls | indent 4 }} - {{- end -}} -{{- end -}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-networkpolicy.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-networkpolicy.yaml deleted file mode 100755 index 70a5ada3b..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-networkpolicy.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if and .Values.pushgateway.enabled .Values.networkPolicy.enabled -}} -apiVersion: {{ template "prometheus.networkPolicy.apiVersion" . }} -kind: NetworkPolicy -metadata: - name: {{ template "prometheus.pushgateway.fullname" . }} - labels: - {{- include "prometheus.pushgateway.labels" . | nindent 4 }} -spec: - podSelector: - matchLabels: - {{- include "prometheus.pushgateway.matchLabels" . | nindent 6 }} - ingress: - - from: - - podSelector: - matchLabels: - {{- include "prometheus.server.matchLabels" . | nindent 12 }} - - ports: - - port: 9091 -{{- end -}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-pdb.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-pdb.yaml deleted file mode 100755 index edf2318fe..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-pdb.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if .Values.pushgateway.podDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ template "prometheus.pushgateway.fullname" . }} - labels: - {{- include "prometheus.pushgateway.labels" . | nindent 4 }} -spec: - maxUnavailable: {{ .Values.pushgateway.podDisruptionBudget.maxUnavailable }} - selector: - matchLabels: - {{- include "prometheus.pushgateway.labels" . | nindent 6 }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-podsecuritypolicy.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-podsecuritypolicy.yaml deleted file mode 100755 index 80617cbc7..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-podsecuritypolicy.yaml +++ /dev/null @@ -1,46 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if .Values.rbac.create }} -{{- if .Values.podSecurityPolicy.enabled }} -apiVersion: {{ template "prometheus.podSecurityPolicy.apiVersion" . }} -kind: PodSecurityPolicy -metadata: - name: {{ template "prometheus.pushgateway.fullname" . }} - labels: - {{- include "prometheus.pushgateway.labels" . | nindent 4 }} - annotations: -{{- if .Values.pushgateway.podSecurityPolicy.annotations }} -{{ toYaml .Values.pushgateway.podSecurityPolicy.annotations | indent 4 }} -{{- end }} -spec: - privileged: false - allowPrivilegeEscalation: false - requiredDropCapabilities: - - ALL - volumes: - - 'persistentVolumeClaim' - - 'secret' - allowedHostPaths: - - pathPrefix: {{ .Values.pushgateway.persistentVolume.mountPath }} - hostNetwork: false - hostPID: false - hostIPC: false - runAsUser: - rule: 'RunAsAny' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - readOnlyRootFilesystem: true -{{- end }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-pvc.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-pvc.yaml deleted file mode 100755 index 5b4eeb937..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-pvc.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if .Values.pushgateway.persistentVolume.enabled -}} -{{- if not .Values.pushgateway.persistentVolume.existingClaim -}} -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - {{- if .Values.pushgateway.persistentVolume.annotations }} - annotations: -{{ toYaml .Values.pushgateway.persistentVolume.annotations | indent 4 }} - {{- end }} - labels: - {{- include "prometheus.pushgateway.labels" . | nindent 4 }} - name: {{ template "prometheus.pushgateway.fullname" . }} -spec: - accessModes: -{{ toYaml .Values.pushgateway.persistentVolume.accessModes | indent 4 }} -{{- if .Values.pushgateway.persistentVolume.storageClass }} -{{- if (eq "-" .Values.pushgateway.persistentVolume.storageClass) }} - storageClassName: "" -{{- else }} - storageClassName: "{{ .Values.pushgateway.persistentVolume.storageClass }}" -{{- end }} -{{- end }} -{{- if .Values.pushgateway.persistentVolume.volumeBindingMode }} - volumeBindingModeName: "{{ .Values.pushgateway.persistentVolume.volumeBindingMode }}" -{{- end }} - resources: - requests: - storage: "{{ .Values.pushgateway.persistentVolume.size }}" -{{- end -}} -{{- end -}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-service.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-service.yaml deleted file mode 100755 index ffcc4a20b..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-service.yaml +++ /dev/null @@ -1,42 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if .Values.pushgateway.enabled -}} -apiVersion: v1 -kind: Service -metadata: -{{- if .Values.pushgateway.service.annotations }} - annotations: -{{ toYaml .Values.pushgateway.service.annotations | indent 4}} -{{- end }} - labels: - {{- include "prometheus.pushgateway.labels" . | nindent 4 }} -{{- if .Values.pushgateway.service.labels }} -{{ toYaml .Values.pushgateway.service.labels | indent 4}} -{{- end }} - name: {{ template "prometheus.pushgateway.fullname" . }} -spec: -{{- if .Values.pushgateway.service.clusterIP }} - clusterIP: {{ .Values.pushgateway.service.clusterIP }} -{{- end }} -{{- if .Values.pushgateway.service.externalIPs }} - externalIPs: -{{ toYaml .Values.pushgateway.service.externalIPs | indent 4 }} -{{- end }} -{{- if .Values.pushgateway.service.loadBalancerIP }} - loadBalancerIP: {{ .Values.pushgateway.service.loadBalancerIP }} -{{- end }} -{{- if .Values.pushgateway.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: - {{- range $cidr := .Values.pushgateway.service.loadBalancerSourceRanges }} - - {{ $cidr }} - {{- end }} -{{- end }} - ports: - - name: http - port: {{ .Values.pushgateway.service.servicePort }} - protocol: TCP - targetPort: 9091 - selector: - {{- include "prometheus.pushgateway.matchLabels" . | nindent 4 }} - type: "{{ .Values.pushgateway.service.type }}" -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-serviceaccount.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-serviceaccount.yaml deleted file mode 100755 index 3b221e43d..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-serviceaccount.yaml +++ /dev/null @@ -1,10 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if and .Values.pushgateway.enabled .Values.serviceAccounts.pushgateway.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - {{- include "prometheus.pushgateway.labels" . | nindent 4 }} - name: {{ template "prometheus.serviceAccountName.pushgateway" . }} -{{- end -}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-clusterrole.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-clusterrole.yaml deleted file mode 100755 index 410685193..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-clusterrole.yaml +++ /dev/null @@ -1,49 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if and .Values.server.enabled .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - labels: - {{- include "prometheus.server.labels" . | nindent 4 }} - name: {{ template "prometheus.server.fullname" . }} -rules: -{{- if .Values.podSecurityPolicy.enabled }} - - apiGroups: - - extensions - resources: - - podsecuritypolicies - verbs: - - use - resourceNames: - - {{ template "prometheus.server.fullname" . }} -{{- end }} - - apiGroups: - - "" - resources: - - nodes - - nodes/proxy - - nodes/metrics - - services - - endpoints - - pods - - ingresses - - configmaps - verbs: - - get - - list - - watch - - apiGroups: - - "extensions" - resources: - - ingresses/status - - ingresses - verbs: - - get - - list - - watch - - nonResourceURLs: - - "/metrics" - verbs: - - get -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-clusterrolebinding.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-clusterrolebinding.yaml deleted file mode 100755 index a89f3bd76..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-clusterrolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if and .Values.server.enabled .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding -metadata: - labels: - {{- include "prometheus.server.labels" . | nindent 4 }} - name: {{ template "prometheus.server.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ template "prometheus.serviceAccountName.server" . }} - namespace: {{ .Release.Namespace }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "prometheus.server.fullname" . }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-configmap.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-configmap.yaml deleted file mode 100755 index 52a5d5e53..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-configmap.yaml +++ /dev/null @@ -1,83 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if .Values.server.enabled -}} -{{- if (empty .Values.server.configMapOverrideName) -}} -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - {{- include "prometheus.server.labels" . | nindent 4 }} - name: {{ template "prometheus.server.fullname" . }} -data: -{{- $root := . -}} -{{- range $key, $value := .Values.serverFiles }} - {{ $key }}: | -{{- if eq $key "prometheus.yml" }} - global: -{{ $root.Values.server.global | toYaml | trimSuffix "\n" | indent 6 }} -{{- if $root.Values.server.remoteWrite }} - remote_write: -{{ $root.Values.server.remoteWrite | toYaml | indent 4 }} -{{- end }} -{{- if $root.Values.server.remoteRead }} - remote_read: -{{ $root.Values.server.remoteRead | toYaml | indent 4 }} -{{- end }} -{{- end }} -{{- if eq $key "alerts" }} -{{- if and (not (empty $value)) (empty $value.groups) }} - groups: -{{- range $ruleKey, $ruleValue := $value }} - - name: {{ $ruleKey -}}.rules - rules: -{{ $ruleValue | toYaml | trimSuffix "\n" | indent 6 }} -{{- end }} -{{- else }} -{{ toYaml $value | indent 4 }} -{{- end }} -{{- else }} -{{ toYaml $value | default "{}" | indent 4 }} -{{- end }} -{{- if eq $key "prometheus.yml" -}} -{{- if $root.Values.extraScrapeConfigs }} -{{ tpl $root.Values.extraScrapeConfigs $root | indent 4 }} -{{- end -}} -{{- if or ($root.Values.alertmanager.enabled) ($root.Values.server.alertmanagers) }} - alerting: -{{- if $root.Values.alertRelabelConfigs }} -{{ $root.Values.alertRelabelConfigs | toYaml | trimSuffix "\n" | indent 6 }} -{{- end }} - alertmanagers: -{{- if $root.Values.server.alertmanagers }} -{{ toYaml $root.Values.server.alertmanagers | indent 8 }} -{{- else }} - - kubernetes_sd_configs: - - role: pod - tls_config: - ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - {{- if $root.Values.alertmanager.prefixURL }} - path_prefix: {{ $root.Values.alertmanager.prefixURL }} - {{- end }} - relabel_configs: - - source_labels: [__meta_kubernetes_namespace] - regex: {{ $root.Release.Namespace }} - action: keep - - source_labels: [__meta_kubernetes_pod_label_app] - regex: {{ template "prometheus.name" $root }} - action: keep - - source_labels: [__meta_kubernetes_pod_label_component] - regex: alertmanager - action: keep - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_probe] - regex: {{ index $root.Values.alertmanager.podAnnotations "prometheus.io/probe" | default ".*" }} - action: keep - - source_labels: [__meta_kubernetes_pod_container_port_number] - regex: - action: drop -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-deployment.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-deployment.yaml deleted file mode 100755 index 4a1c14f08..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-deployment.yaml +++ /dev/null @@ -1,216 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if .Values.server.enabled -}} -{{- if not .Values.server.statefulSet.enabled -}} -apiVersion: {{ template "prometheus.deployment.apiVersion" . }} -kind: Deployment -metadata: -{{- if .Values.server.deploymentAnnotations }} - annotations: -{{ toYaml .Values.server.deploymentAnnotations | indent 4 }} -{{- end }} - labels: - {{- include "prometheus.server.labels" . | nindent 4 }} - name: {{ template "prometheus.server.fullname" . }} -spec: - selector: - matchLabels: - {{- include "prometheus.server.matchLabels" . | nindent 6 }} - replicas: {{ .Values.server.replicaCount }} - {{- if .Values.server.strategy }} - strategy: -{{ toYaml .Values.server.strategy | indent 4 }} - {{- end }} - template: - metadata: - {{- if .Values.server.podAnnotations }} - annotations: -{{ toYaml .Values.server.podAnnotations | indent 8 }} - {{- end }} - labels: - {{- include "prometheus.server.labels" . | nindent 8 }} - {{- if .Values.server.podLabels}} - {{ toYaml .Values.server.podLabels | nindent 8 }} - {{- end}} - spec: -{{- if .Values.server.priorityClassName }} - priorityClassName: "{{ .Values.server.priorityClassName }}" -{{- end }} -{{- if .Values.server.schedulerName }} - schedulerName: "{{ .Values.server.schedulerName }}" -{{- end }} - serviceAccountName: {{ template "prometheus.serviceAccountName.server" . }} - {{- if .Values.server.extraInitContainers }} - initContainers: -{{ toYaml .Values.server.extraInitContainers | indent 8 }} - {{- end }} - containers: - {{- if .Values.configmapReload.prometheus.enabled }} - - name: {{ template "prometheus.name" . }}-{{ .Values.server.name }}-{{ .Values.configmapReload.prometheus.name }} - image: "{{ .Values.configmapReload.prometheus.image.repository }}:{{ .Values.configmapReload.prometheus.image.tag }}" - imagePullPolicy: "{{ .Values.configmapReload.prometheus.image.pullPolicy }}" - args: - - --volume-dir=/etc/config - - --webhook-url=http://127.0.0.1:9090{{ .Values.server.prefixURL }}/-/reload - {{- range $key, $value := .Values.configmapReload.prometheus.extraArgs }} - - --{{ $key }}={{ $value }} - {{- end }} - {{- range .Values.configmapReload.prometheus.extraVolumeDirs }} - - --volume-dir={{ . }} - {{- end }} - resources: -{{ toYaml .Values.configmapReload.prometheus.resources | indent 12 }} - volumeMounts: - - name: config-volume - mountPath: /etc/config - readOnly: true - {{- range .Values.configmapReload.prometheus.extraConfigmapMounts }} - - name: {{ $.Values.configmapReload.prometheus.name }}-{{ .name }} - mountPath: {{ .mountPath }} - subPath: {{ .subPath }} - readOnly: {{ .readOnly }} - {{- end }} - {{- end }} - - - name: {{ template "prometheus.name" . }}-{{ .Values.server.name }} - image: "{{ .Values.server.image.repository }}:{{ .Values.server.image.tag }}" - imagePullPolicy: "{{ .Values.server.image.pullPolicy }}" - {{- if .Values.server.env }} - env: -{{ toYaml .Values.server.env | indent 12}} - {{- end }} - args: - {{- if .Values.server.retention }} - - --storage.tsdb.retention.time={{ .Values.server.retention }} - {{- end }} - - --config.file={{ .Values.server.configPath }} - - --storage.tsdb.path={{ .Values.server.persistentVolume.mountPath }} - - --web.console.libraries=/etc/prometheus/console_libraries - - --web.console.templates=/etc/prometheus/consoles - {{- range .Values.server.extraFlags }} - - --{{ . }} - {{- end }} - {{- if .Values.server.baseURL }} - - --web.external-url={{ .Values.server.baseURL }} - {{- end }} - - {{- range $key, $value := .Values.server.extraArgs }} - - --{{ $key }}={{ $value }} - {{- end }} - ports: - - containerPort: 9090 - readinessProbe: - httpGet: - path: {{ .Values.server.prefixURL }}/-/ready - port: 9090 - initialDelaySeconds: {{ .Values.server.readinessProbeInitialDelay }} - timeoutSeconds: {{ .Values.server.readinessProbeTimeout }} - failureThreshold: {{ .Values.server.readinessProbeFailureThreshold }} - successThreshold: {{ .Values.server.readinessProbeSuccessThreshold }} - livenessProbe: - httpGet: - path: {{ .Values.server.prefixURL }}/-/healthy - port: 9090 - initialDelaySeconds: {{ .Values.server.livenessProbeInitialDelay }} - timeoutSeconds: {{ .Values.server.livenessProbeTimeout }} - failureThreshold: {{ .Values.server.livenessProbeFailureThreshold }} - successThreshold: {{ .Values.server.livenessProbeSuccessThreshold }} - resources: -{{ toYaml .Values.server.resources | indent 12 }} - volumeMounts: - - name: config-volume - mountPath: /etc/config - - name: storage-volume - mountPath: {{ .Values.server.persistentVolume.mountPath }} - subPath: "{{ .Values.server.persistentVolume.subPath }}" - {{- range .Values.server.extraHostPathMounts }} - - name: {{ .name }} - mountPath: {{ .mountPath }} - subPath: {{ .subPath }} - readOnly: {{ .readOnly }} - {{- end }} - {{- range .Values.server.extraConfigmapMounts }} - - name: {{ $.Values.server.name }}-{{ .name }} - mountPath: {{ .mountPath }} - subPath: {{ .subPath }} - readOnly: {{ .readOnly }} - {{- end }} - {{- range .Values.server.extraSecretMounts }} - - name: {{ .name }} - mountPath: {{ .mountPath }} - subPath: {{ .subPath }} - readOnly: {{ .readOnly }} - {{- end }} - {{- if .Values.server.extraVolumeMounts }} - {{ toYaml .Values.server.extraVolumeMounts | nindent 12 }} - {{- end }} - {{- if .Values.server.sidecarContainers }} - {{- toYaml .Values.server.sidecarContainers | nindent 8 }} - {{- end }} - {{- if .Values.imagePullSecrets }} - imagePullSecrets: - {{ toYaml .Values.imagePullSecrets | indent 2 }} - {{- end }} - {{- if .Values.server.nodeSelector }} - nodeSelector: -{{ toYaml .Values.server.nodeSelector | indent 8 }} - {{- end }} - {{- if .Values.server.securityContext }} - securityContext: -{{ toYaml .Values.server.securityContext | indent 8 }} - {{- end }} - {{- if .Values.server.tolerations }} - tolerations: -{{ toYaml .Values.server.tolerations | indent 8 }} - {{- end }} - {{- if .Values.server.affinity }} - affinity: -{{ toYaml .Values.server.affinity | indent 8 }} - {{- end }} - terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }} - volumes: - - name: config-volume - configMap: - name: {{ if .Values.server.configMapOverrideName }}{{ .Release.Name }}-{{ .Values.server.configMapOverrideName }}{{- else }}{{ template "prometheus.server.fullname" . }}{{- end }} - - name: storage-volume - {{- if .Values.server.persistentVolume.enabled }} - persistentVolumeClaim: - claimName: {{ if .Values.server.persistentVolume.existingClaim }}{{ .Values.server.persistentVolume.existingClaim }}{{- else }}{{ template "prometheus.server.fullname" . }}{{- end }} - {{- else }} - emptyDir: - {{- if .Values.server.emptyDir.sizeLimit }} - sizeLimit: {{ .Values.server.emptyDir.sizeLimit }} - {{- else }} - {} - {{- end -}} - {{- end -}} -{{- if .Values.server.extraVolumes }} -{{ toYaml .Values.server.extraVolumes | indent 8}} -{{- end }} - {{- range .Values.server.extraHostPathMounts }} - - name: {{ .name }} - hostPath: - path: {{ .hostPath }} - {{- end }} - {{- range .Values.configmapReload.prometheus.extraConfigmapMounts }} - - name: {{ $.Values.configmapReload.prometheus.name }}-{{ .name }} - configMap: - name: {{ .configMap }} - {{- end }} - {{- range .Values.server.extraConfigmapMounts }} - - name: {{ $.Values.server.name }}-{{ .name }} - configMap: - name: {{ .configMap }} - {{- end }} - {{- range .Values.server.extraSecretMounts }} - - name: {{ .name }} - secret: - secretName: {{ .secretName }} - {{- end }} - {{- range .Values.configmapReload.prometheus.extraConfigmapMounts }} - - name: {{ .name }} - configMap: - name: {{ .configMap }} - {{- end }} -{{- end -}} -{{- end -}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-ingress.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-ingress.yaml deleted file mode 100755 index 4cdca92a3..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-ingress.yaml +++ /dev/null @@ -1,46 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if .Values.server.enabled -}} -{{- if .Values.server.ingress.enabled -}} -{{- $releaseName := .Release.Name -}} -{{- $serviceName := include "prometheus.server.fullname" . }} -{{- $servicePort := .Values.server.service.servicePort -}} -{{- $extraPaths := .Values.server.ingress.extraPaths -}} -{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} -apiVersion: networking.k8s.io/v1beta1 -{{ else }} -apiVersion: extensions/v1beta1 -{{ end -}} -kind: Ingress -metadata: -{{- if .Values.server.ingress.annotations }} - annotations: -{{ toYaml .Values.server.ingress.annotations | indent 4 }} -{{- end }} - labels: - {{- include "prometheus.server.labels" . | nindent 4 }} -{{- range $key, $value := .Values.server.ingress.extraLabels }} - {{ $key }}: {{ $value }} -{{- end }} - name: {{ template "prometheus.server.fullname" . }} -spec: - rules: - {{- range .Values.server.ingress.hosts }} - {{- $url := splitList "/" . }} - - host: {{ first $url }} - http: - paths: -{{ if $extraPaths }} -{{ toYaml $extraPaths | indent 10 }} -{{- end }} - - path: /{{ rest $url | join "/" }} - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end -}} -{{- if .Values.server.ingress.tls }} - tls: -{{ toYaml .Values.server.ingress.tls | indent 4 }} - {{- end -}} -{{- end -}} -{{- end -}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-networkpolicy.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-networkpolicy.yaml deleted file mode 100755 index 152f3a967..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-networkpolicy.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if .Values.server.enabled -}} -{{- if .Values.networkPolicy.enabled }} -apiVersion: {{ template "prometheus.networkPolicy.apiVersion" . }} -kind: NetworkPolicy -metadata: - name: {{ template "prometheus.server.fullname" . }} - labels: - {{- include "prometheus.server.labels" . | nindent 4 }} -spec: - podSelector: - matchLabels: - {{- include "prometheus.server.matchLabels" . | nindent 6 }} - ingress: - - ports: - - port: 9090 -{{- end }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-pdb.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-pdb.yaml deleted file mode 100755 index ec90cd5c9..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-pdb.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if .Values.server.podDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ template "prometheus.server.fullname" . }} - labels: - {{- include "prometheus.server.labels" . | nindent 4 }} -spec: - maxUnavailable: {{ .Values.server.podDisruptionBudget.maxUnavailable }} - selector: - matchLabels: - {{- include "prometheus.server.labels" . | nindent 6 }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-podsecuritypolicy.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-podsecuritypolicy.yaml deleted file mode 100755 index 73bf065dc..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-podsecuritypolicy.yaml +++ /dev/null @@ -1,55 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if .Values.rbac.create }} -{{- if .Values.podSecurityPolicy.enabled }} -apiVersion: {{ template "prometheus.podSecurityPolicy.apiVersion" . }} -kind: PodSecurityPolicy -metadata: - name: {{ template "prometheus.server.fullname" . }} - labels: - {{- include "prometheus.server.labels" . | nindent 4 }} - annotations: -{{- if .Values.server.podSecurityPolicy.annotations }} -{{ toYaml .Values.server.podSecurityPolicy.annotations | indent 4 }} -{{- end }} -spec: - privileged: false - allowPrivilegeEscalation: false - allowedCapabilities: - - 'CHOWN' - volumes: - - 'configMap' - - 'persistentVolumeClaim' - - 'emptyDir' - - 'secret' - - 'hostPath' - allowedHostPaths: - - pathPrefix: /etc - readOnly: true - - pathPrefix: {{ .Values.server.persistentVolume.mountPath }} - {{- range .Values.server.extraHostPathMounts }} - - pathPrefix: {{ .hostPath }} - readOnly: {{ .readOnly }} - {{- end }} - hostNetwork: false - hostPID: false - hostIPC: false - runAsUser: - rule: 'RunAsAny' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - readOnlyRootFilesystem: false -{{- end }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-pvc.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-pvc.yaml deleted file mode 100755 index 22cb51afc..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-pvc.yaml +++ /dev/null @@ -1,36 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if .Values.server.enabled -}} -{{- if not .Values.server.statefulSet.enabled -}} -{{- if .Values.server.persistentVolume.enabled -}} -{{- if not .Values.server.persistentVolume.existingClaim -}} -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - {{- if .Values.server.persistentVolume.annotations }} - annotations: -{{ toYaml .Values.server.persistentVolume.annotations | indent 4 }} - {{- end }} - labels: - {{- include "prometheus.server.labels" . | nindent 4 }} - name: {{ template "prometheus.server.fullname" . }} -spec: - accessModes: -{{ toYaml .Values.server.persistentVolume.accessModes | indent 4 }} -{{- if .Values.server.persistentVolume.storageClass }} -{{- if (eq "-" .Values.server.persistentVolume.storageClass) }} - storageClassName: "" -{{- else }} - storageClassName: "{{ .Values.server.persistentVolume.storageClass }}" -{{- end }} -{{- end }} -{{- if .Values.server.persistentVolume.volumeBindingMode }} - volumeBindingModeName: "{{ .Values.server.persistentVolume.volumeBindingMode }}" -{{- end }} - resources: - requests: - storage: "{{ .Values.server.persistentVolume.size }}" -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-service-headless.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-service-headless.yaml deleted file mode 100755 index 018a75b79..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-service-headless.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if .Values.server.enabled -}} -{{- if .Values.server.statefulSet.enabled -}} -apiVersion: v1 -kind: Service -metadata: -{{- if .Values.server.statefulSet.headless.annotations }} - annotations: -{{ toYaml .Values.server.statefulSet.headless.annotations | indent 4 }} -{{- end }} - labels: - {{- include "prometheus.server.labels" . | nindent 4 }} -{{- if .Values.server.statefulSet.headless.labels }} -{{ toYaml .Values.server.statefulSet.headless.labels | indent 4 }} -{{- end }} - name: {{ template "prometheus.server.fullname" . }}-headless -spec: - clusterIP: None - ports: - - name: http - port: {{ .Values.server.statefulSet.headless.servicePort }} - protocol: TCP - targetPort: 9090 - selector: - {{- include "prometheus.server.matchLabels" . | nindent 4 }} -{{- end -}} -{{- end -}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-service.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-service.yaml deleted file mode 100755 index e03faf974..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-service.yaml +++ /dev/null @@ -1,61 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if .Values.server.enabled -}} -apiVersion: v1 -kind: Service -metadata: -{{- if .Values.server.service.annotations }} - annotations: -{{ toYaml .Values.server.service.annotations | indent 4 }} -{{- end }} - labels: - {{- include "prometheus.server.labels" . | nindent 4 }} -{{- if .Values.server.service.labels }} -{{ toYaml .Values.server.service.labels | indent 4 }} -{{- end }} - name: {{ template "prometheus.server.fullname" . }} -spec: -{{- if .Values.server.service.clusterIP }} - clusterIP: {{ .Values.server.service.clusterIP }} -{{- end }} -{{- if .Values.server.service.externalIPs }} - externalIPs: -{{ toYaml .Values.server.service.externalIPs | indent 4 }} -{{- end }} -{{- if .Values.server.service.loadBalancerIP }} - loadBalancerIP: {{ .Values.server.service.loadBalancerIP }} -{{- end }} -{{- if .Values.server.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: - {{- range $cidr := .Values.server.service.loadBalancerSourceRanges }} - - {{ $cidr }} - {{- end }} -{{- end }} - ports: - - name: http - port: {{ .Values.server.service.servicePort }} - protocol: TCP - targetPort: 9090 - {{- if .Values.server.service.nodePort }} - nodePort: {{ .Values.server.service.nodePort }} - {{- end }} - {{- if .Values.server.service.gRPC.enabled }} - - name: grpc - port: {{ .Values.server.service.gRPC.servicePort }} - protocol: TCP - targetPort: 10901 - {{- if .Values.server.service.gRPC.nodePort }} - nodePort: {{ .Values.server.service.gRPC.nodePort }} - {{- end }} - {{- end }} - selector: - {{- if and .Values.server.statefulSet.enabled .Values.server.service.statefulsetReplica.enabled }} - statefulset.kubernetes.io/pod-name: {{ .Release.Name }}-{{ .Values.server.name }}-{{ .Values.server.service.statefulsetReplica.replica }} - {{- else -}} - {{- include "prometheus.server.matchLabels" . | nindent 4 }} -{{- if .Values.server.service.sessionAffinity }} - sessionAffinity: {{ .Values.server.service.sessionAffinity }} -{{- end }} - {{- end }} - type: "{{ .Values.server.service.type }}" -{{- end -}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-serviceaccount.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-serviceaccount.yaml deleted file mode 100755 index 6cf017c20..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if .Values.server.enabled -}} -{{- if .Values.serviceAccounts.server.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - {{- include "prometheus.server.labels" . | nindent 4 }} - name: {{ template "prometheus.serviceAccountName.server" . }} -{{- end }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-statefulset.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-statefulset.yaml deleted file mode 100755 index 9369ddf38..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-statefulset.yaml +++ /dev/null @@ -1,224 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if .Values.server.enabled -}} -{{- if .Values.server.statefulSet.enabled -}} -apiVersion: apps/v1 -kind: StatefulSet -metadata: -{{- if .Values.server.statefulSet.annotations }} - annotations: -{{ toYaml .Values.server.statefulSet.annotations | indent 4 }} -{{- end }} - labels: - {{- include "prometheus.server.labels" . | nindent 4 }} - {{- if .Values.server.statefulSet.labels}} - {{ toYaml .Values.server.statefulSet.labels | nindent 4 }} - {{- end}} - name: {{ template "prometheus.server.fullname" . }} -spec: - serviceName: {{ template "prometheus.server.fullname" . }}-headless - selector: - matchLabels: - {{- include "prometheus.server.matchLabels" . | nindent 6 }} - replicas: {{ .Values.server.replicaCount }} - podManagementPolicy: {{ .Values.server.statefulSet.podManagementPolicy }} - template: - metadata: - {{- if .Values.server.podAnnotations }} - annotations: -{{ toYaml .Values.server.podAnnotations | indent 8 }} - {{- end }} - labels: - {{- include "prometheus.server.labels" . | nindent 8 }} - {{- if .Values.server.statefulSet.labels}} - {{ toYaml .Values.server.statefulSet.labels | nindent 8 }} - {{- end}} - spec: -{{- if .Values.server.affinity }} - affinity: -{{ toYaml .Values.server.affinity | indent 8 }} -{{- end }} -{{- if .Values.server.priorityClassName }} - priorityClassName: "{{ .Values.server.priorityClassName }}" -{{- end }} -{{- if .Values.server.schedulerName }} - schedulerName: "{{ .Values.server.schedulerName }}" -{{- end }} - serviceAccountName: {{ template "prometheus.serviceAccountName.server" . }} - containers: - {{- if .Values.configmapReload.prometheus.enabled }} - - name: {{ template "prometheus.name" . }}-{{ .Values.server.name }}-{{ .Values.configmapReload.prometheus.name }} - image: "{{ .Values.configmapReload.prometheus.image.repository }}:{{ .Values.configmapReload.prometheus.image.tag }}" - imagePullPolicy: "{{ .Values.configmapReload.prometheus.image.pullPolicy }}" - args: - - --volume-dir=/etc/config - - --webhook-url=http://127.0.0.1:9090{{ .Values.server.prefixURL }}/-/reload - {{- range $key, $value := .Values.configmapReload.prometheus.extraArgs }} - - --{{ $key }}={{ $value }} - {{- end }} - {{- range .Values.configmapReload.prometheus.extraVolumeDirs }} - - --volume-dir={{ . }} - {{- end }} - resources: -{{ toYaml .Values.configmapReload.prometheus.resources | indent 12 }} - volumeMounts: - - name: config-volume - mountPath: /etc/config - readOnly: true - {{- range .Values.configmapReload.prometheus.extraConfigmapMounts }} - - name: {{ $.Values.configmapReload.prometheus.name }}-{{ .name }} - mountPath: {{ .mountPath }} - subPath: {{ .subPath }} - readOnly: {{ .readOnly }} - {{- end }} - {{- end }} - - name: {{ template "prometheus.name" . }}-{{ .Values.server.name }} - image: "{{ .Values.server.image.repository }}:{{ .Values.server.image.tag }}" - imagePullPolicy: "{{ .Values.server.image.pullPolicy }}" - {{- if .Values.server.env }} - env: -{{ toYaml .Values.server.env | indent 12}} - {{- end }} - args: - {{- if .Values.server.retention }} - - --storage.tsdb.retention.time={{ .Values.server.retention }} - {{- end }} - - --config.file={{ .Values.server.configPath }} - - --storage.tsdb.path={{ .Values.server.persistentVolume.mountPath }} - - --web.console.libraries=/etc/prometheus/console_libraries - - --web.console.templates=/etc/prometheus/consoles - {{- range .Values.server.extraFlags }} - - --{{ . }} - {{- end }} - {{- range $key, $value := .Values.server.extraArgs }} - - --{{ $key }}={{ $value }} - {{- end }} - {{- if .Values.server.baseURL }} - - --web.external-url={{ .Values.server.baseURL }} - {{- end }} - ports: - - containerPort: 9090 - readinessProbe: - httpGet: - path: {{ .Values.server.prefixURL }}/-/ready - port: 9090 - initialDelaySeconds: {{ .Values.server.readinessProbeInitialDelay }} - timeoutSeconds: {{ .Values.server.readinessProbeTimeout }} - livenessProbe: - httpGet: - path: {{ .Values.server.prefixURL }}/-/healthy - port: 9090 - initialDelaySeconds: {{ .Values.server.livenessProbeInitialDelay }} - timeoutSeconds: {{ .Values.server.livenessProbeTimeout }} - resources: -{{ toYaml .Values.server.resources | indent 12 }} - volumeMounts: - - name: config-volume - mountPath: /etc/config - - name: storage-volume - mountPath: {{ .Values.server.persistentVolume.mountPath }} - subPath: "{{ .Values.server.persistentVolume.subPath }}" - {{- range .Values.server.extraHostPathMounts }} - - name: {{ .name }} - mountPath: {{ .mountPath }} - subPath: {{ .subPath }} - readOnly: {{ .readOnly }} - {{- end }} - {{- range .Values.server.extraConfigmapMounts }} - - name: {{ $.Values.server.name }}-{{ .name }} - mountPath: {{ .mountPath }} - subPath: {{ .subPath }} - readOnly: {{ .readOnly }} - {{- end }} - {{- range .Values.server.extraSecretMounts }} - - name: {{ .name }} - mountPath: {{ .mountPath }} - subPath: {{ .subPath }} - readOnly: {{ .readOnly }} - {{- end }} - {{- if .Values.server.extraVolumeMounts }} - {{ toYaml .Values.server.extraVolumeMounts | nindent 12 }} - {{- end }} - {{- if .Values.server.sidecarContainers }} - {{- toYaml .Values.server.sidecarContainers | nindent 8 }} - {{- end }} - {{- if .Values.imagePullSecrets }} - imagePullSecrets: - {{ toYaml .Values.imagePullSecrets | indent 2 }} - {{- end }} - {{- if .Values.server.nodeSelector }} - nodeSelector: -{{ toYaml .Values.server.nodeSelector | indent 8 }} - {{- end }} - {{- if .Values.server.securityContext }} - securityContext: -{{ toYaml .Values.server.securityContext | indent 8 }} - {{- end }} - {{- if .Values.server.tolerations }} - tolerations: -{{ toYaml .Values.server.tolerations | indent 8 }} - {{- end }} - {{- if .Values.server.affinity }} - affinity: -{{ toYaml .Values.server.affinity | indent 8 }} - {{- end }} - terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }} - volumes: - - name: config-volume - configMap: - name: {{ if .Values.server.configMapOverrideName }}{{ .Release.Name }}-{{ .Values.server.configMapOverrideName }}{{- else }}{{ template "prometheus.server.fullname" . }}{{- end }} - {{- range .Values.server.extraHostPathMounts }} - - name: {{ .name }} - hostPath: - path: {{ .hostPath }} - {{- end }} - {{- range .Values.configmapReload.prometheus.extraConfigmapMounts }} - - name: {{ $.Values.configmapReload.prometheus.name }}-{{ .name }} - configMap: - name: {{ .configMap }} - {{- end }} - {{- range .Values.server.extraConfigmapMounts }} - - name: {{ $.Values.server.name }}-{{ .name }} - configMap: - name: {{ .configMap }} - {{- end }} - {{- range .Values.server.extraSecretMounts }} - - name: {{ .name }} - secret: - secretName: {{ .secretName }} - {{- end }} - {{- range .Values.configmapReload.prometheus.extraConfigmapMounts }} - - name: {{ .name }} - configMap: - name: {{ .configMap }} - {{- end }} -{{- if .Values.server.extraVolumes }} -{{ toYaml .Values.server.extraVolumes | indent 8}} -{{- end }} -{{- if .Values.server.persistentVolume.enabled }} - volumeClaimTemplates: - - metadata: - name: storage-volume - {{- if .Values.server.persistentVolume.annotations }} - annotations: -{{ toYaml .Values.server.persistentVolume.annotations | indent 10 }} - {{- end }} - spec: - accessModes: -{{ toYaml .Values.server.persistentVolume.accessModes | indent 10 }} - resources: - requests: - storage: "{{ .Values.server.persistentVolume.size }}" - {{- if .Values.server.persistentVolume.storageClass }} - {{- if (eq "-" .Values.server.persistentVolume.storageClass) }} - storageClassName: "" - {{- else }} - storageClassName: "{{ .Values.server.persistentVolume.storageClass }}" - {{- end }} - {{- end }} -{{- else }} - - name: storage-volume - emptyDir: {} -{{- end }} -{{- end }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-vpa.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-vpa.yaml deleted file mode 100755 index 8aec16ad5..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-vpa.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{ if .Values.global.prometheus.enabled }} -{{- if .Values.server.enabled -}} -{{- if .Values.server.verticalAutoscaler.enabled -}} -apiVersion: autoscaling.k8s.io/v1beta2 -kind: VerticalPodAutoscaler -metadata: - labels: - {{- include "prometheus.server.labels" . | nindent 4 }} - name: {{ template "prometheus.server.fullname" . }}-vpa -spec: - targetRef: -{{- if .Values.server.statefulSet.enabled }} - apiVersion: "apps/v1" - kind: StatefulSet -{{- else }} - apiVersion: "extensions/v1beta1" - kind: Deployment -{{- end }} - name: {{ template "prometheus.server.fullname" . }} - updatePolicy: - updateMode: {{ .Values.server.verticalAutoscaler.updateMode | default "Off" | quote }} - resourcePolicy: - containerPolicies: {{ .Values.server.verticalAutoscaler.containerPolicies | default list | toYaml | trim | nindent 4 }} -{{- end -}} {{/* if .Values.server.verticalAutoscaler.enabled */}} -{{- end -}} {{/* .Values.server.enabled */}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/values.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/values.yaml deleted file mode 100755 index 3d44e7f59..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/values.yaml +++ /dev/null @@ -1,1387 +0,0 @@ -rbac: - create: true - -podSecurityPolicy: - enabled: false - -imagePullSecrets: -# - name: "image-pull-secret" - -## Define serviceAccount names for components. Defaults to component's fully qualified name. -## -serviceAccounts: - alertmanager: - create: true - name: - nodeExporter: - create: true - name: - pushgateway: - create: true - name: - server: - create: true - name: - -alertmanager: - ## If false, alertmanager will not be installed - ## - enabled: true - - strategy: - type: Recreate - rollingUpdate: null - - ## alertmanager container name - ## - name: alertmanager - - ## alertmanager container image - ## - image: - repository: prom/alertmanager - tag: v0.20.0 - pullPolicy: IfNotPresent - - ## alertmanager priorityClassName - ## - priorityClassName: "" - - ## Additional alertmanager container arguments - ## - extraArgs: {} - - ## The URL prefix at which the container can be accessed. Useful in the case the '-web.external-url' includes a slug - ## so that the various internal URLs are still able to access as they are in the default case. - ## (Optional) - prefixURL: "" - - ## External URL which can access alertmanager - baseURL: "http://localhost:9093" - - ## Additional alertmanager container environment variable - ## For instance to add a http_proxy - ## - extraEnv: {} - - ## Additional alertmanager Secret mounts - # Defines additional mounts with secrets. Secrets must be manually created in the namespace. - extraSecretMounts: [] - # - name: secret-files - # mountPath: /etc/secrets - # subPath: "" - # secretName: alertmanager-secret-files - # readOnly: true - - ## ConfigMap override where fullname is {{.Release.Name}}-{{.Values.alertmanager.configMapOverrideName}} - ## Defining configMapOverrideName will cause templates/alertmanager-configmap.yaml - ## to NOT generate a ConfigMap resource - ## - configMapOverrideName: "" - - ## The name of a secret in the same kubernetes namespace which contains the Alertmanager config - ## Defining configFromSecret will cause templates/alertmanager-configmap.yaml - ## to NOT generate a ConfigMap resource - ## - configFromSecret: "" - - ## The configuration file name to be loaded to alertmanager - ## Must match the key within configuration loaded from ConfigMap/Secret - ## - configFileName: alertmanager.yml - - ingress: - ## If true, alertmanager Ingress will be created - ## - enabled: false - - ## alertmanager Ingress annotations - ## - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: 'true' - - ## alertmanager Ingress additional labels - ## - extraLabels: {} - - ## alertmanager Ingress hostnames with optional path - ## Must be provided if Ingress is enabled - ## - hosts: [] - # - alertmanager.domain.com - # - domain.com/alertmanager - - ## Extra paths to prepend to every host configuration. This is useful when working with annotation based services. - extraPaths: [] - # - path: /* - # backend: - # serviceName: ssl-redirect - # servicePort: use-annotation - - ## alertmanager Ingress TLS configuration - ## Secrets must be manually created in the namespace - ## - tls: [] - # - secretName: prometheus-alerts-tls - # hosts: - # - alertmanager.domain.com - - ## Alertmanager Deployment Strategy type - # strategy: - # type: Recreate - - ## Node tolerations for alertmanager scheduling to nodes with taints - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - ## - tolerations: [] - # - key: "key" - # operator: "Equal|Exists" - # value: "value" - # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" - - ## Node labels for alertmanager pod assignment - ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - - ## Pod affinity - ## - affinity: {} - - ## PodDisruptionBudget settings - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ - ## - podDisruptionBudget: - enabled: false - maxUnavailable: 1 - - ## Use an alternate scheduler, e.g. "stork". - ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ - ## - # schedulerName: - - persistentVolume: - ## If true, alertmanager will create/use a Persistent Volume Claim - ## If false, use emptyDir - ## - enabled: true - - ## alertmanager data Persistent Volume access modes - ## Must match those of existing PV or dynamic provisioner - ## Ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ - ## - accessModes: - - ReadWriteOnce - - ## alertmanager data Persistent Volume Claim annotations - ## - annotations: {} - - ## alertmanager data Persistent Volume existing claim name - ## Requires alertmanager.persistentVolume.enabled: true - ## If defined, PVC must be created manually before volume will be bound - existingClaim: "" - - ## alertmanager data Persistent Volume mount root path - ## - mountPath: /data - - ## alertmanager data Persistent Volume size - ## - size: 2Gi - - ## alertmanager data Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - # storageClass: "-" - - ## alertmanager data Persistent Volume Binding Mode - ## If defined, volumeBindingMode: - ## If undefined (the default) or set to null, no volumeBindingMode spec is - ## set, choosing the default mode. - ## - # volumeBindingMode: "" - - ## Subdirectory of alertmanager data Persistent Volume to mount - ## Useful if the volume's root directory is not empty - ## - subPath: "" - - ## Annotations to be added to alertmanager pods - ## - podAnnotations: {} - ## Tell prometheus to use a specific set of alertmanager pods - ## instead of all alertmanager pods found in the same namespace - ## Useful if you deploy multiple releases within the same namespace - ## - ## prometheus.io/probe: alertmanager-teamA - - ## Labels to be added to Prometheus AlertManager pods - ## - podLabels: {} - - ## Specify if a Pod Security Policy for node-exporter must be created - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ - ## - podSecurityPolicy: - annotations: {} - ## Specify pod annotations - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl - ## - # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' - # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' - # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' - - ## Use a StatefulSet if replicaCount needs to be greater than 1 (see below) - ## - replicaCount: 1 - - statefulSet: - ## If true, use a statefulset instead of a deployment for pod management. - ## This allows to scale replicas to more than 1 pod - ## - enabled: false - - podManagementPolicy: OrderedReady - - ## Alertmanager headless service to use for the statefulset - ## - headless: - annotations: {} - labels: {} - - ## Enabling peer mesh service end points for enabling the HA alert manager - ## Ref: https://github.com/prometheus/alertmanager/blob/master/README.md - # enableMeshPeer : true - - servicePort: 80 - - ## alertmanager resource requests and limits - ## Ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## - resources: {} - # limits: - # cpu: 10m - # memory: 32Mi - # requests: - # cpu: 10m - # memory: 32Mi - - ## Security context to be added to alertmanager pods - ## - securityContext: - runAsUser: 65534 - runAsNonRoot: true - runAsGroup: 65534 - fsGroup: 65534 - - service: - annotations: {} - labels: {} - clusterIP: "" - - ## Enabling peer mesh service end points for enabling the HA alert manager - ## Ref: https://github.com/prometheus/alertmanager/blob/master/README.md - # enableMeshPeer : true - - ## List of IP addresses at which the alertmanager service is available - ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips - ## - externalIPs: [] - - loadBalancerIP: "" - loadBalancerSourceRanges: [] - servicePort: 80 - # nodePort: 30000 - sessionAffinity: None - type: ClusterIP - -## Monitors ConfigMap changes and POSTs to a URL -## Ref: https://github.com/jimmidyson/configmap-reload -## -configmapReload: - prometheus: - ## If false, the configmap-reload container will not be deployed - ## - enabled: true - - ## configmap-reload container name - ## - name: configmap-reload - - ## configmap-reload container image - ## - image: - repository: jimmidyson/configmap-reload - tag: v0.3.0 - pullPolicy: IfNotPresent - - ## Additional configmap-reload container arguments - ## - extraArgs: {} - ## Additional configmap-reload volume directories - ## - extraVolumeDirs: [] - - - ## Additional configmap-reload mounts - ## - extraConfigmapMounts: [] - # - name: prometheus-alerts - # mountPath: /etc/alerts.d - # subPath: "" - # configMap: prometheus-alerts - # readOnly: true - - - ## configmap-reload resource requests and limits - ## Ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## - resources: {} - alertmanager: - ## If false, the configmap-reload container will not be deployed - ## - enabled: true - - ## configmap-reload container name - ## - name: configmap-reload - - ## configmap-reload container image - ## - image: - repository: jimmidyson/configmap-reload - tag: v0.3.0 - pullPolicy: IfNotPresent - - ## Additional configmap-reload container arguments - ## - extraArgs: {} - ## Additional configmap-reload volume directories - ## - extraVolumeDirs: [] - - - ## Additional configmap-reload mounts - ## - extraConfigmapMounts: [] - # - name: prometheus-alerts - # mountPath: /etc/alerts.d - # subPath: "" - # configMap: prometheus-alerts - # readOnly: true - - - ## configmap-reload resource requests and limits - ## Ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## - resources: {} - -kubeStateMetrics: - ## If false, kube-state-metrics sub-chart will not be installed - ## Please see https://github.com/helm/charts/tree/master/stable/kube-state-metrics for configurable values - ## - enabled: true - -nodeExporter: - ## If false, node-exporter will not be installed - ## - enabled: true - - ## If true, node-exporter pods share the host network namespace - ## - hostNetwork: true - - ## If true, node-exporter pods share the host PID namespace - ## - hostPID: true - - ## node-exporter container name - ## - name: node-exporter - - ## node-exporter container image - ## - image: - repository: prom/node-exporter - tag: v0.18.1 - pullPolicy: IfNotPresent - - ## Specify if a Pod Security Policy for node-exporter must be created - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ - ## - podSecurityPolicy: - annotations: {} - ## Specify pod annotations - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl - ## - # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' - # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' - # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' - - ## node-exporter priorityClassName - ## - priorityClassName: "" - - ## Custom Update Strategy - ## - updateStrategy: - type: RollingUpdate - - ## Additional node-exporter container arguments - ## - extraArgs: {} - - ## Additional node-exporter hostPath mounts - ## - extraHostPathMounts: [] - # - name: textfile-dir - # mountPath: /srv/txt_collector - # hostPath: /var/lib/node-exporter - # readOnly: true - # mountPropagation: HostToContainer - - extraConfigmapMounts: [] - # - name: certs-configmap - # mountPath: /prometheus - # configMap: certs-configmap - # readOnly: true - - ## Node tolerations for node-exporter scheduling to nodes with taints - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - ## - tolerations: [] - # - key: "key" - # operator: "Equal|Exists" - # value: "value" - # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" - - ## Node labels for node-exporter pod assignment - ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - - ## Annotations to be added to node-exporter pods - ## - podAnnotations: {} - - ## Labels to be added to node-exporter pods - ## - pod: - labels: {} - - ## PodDisruptionBudget settings - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ - ## - podDisruptionBudget: - enabled: false - maxUnavailable: 1 - - ## node-exporter resource limits & requests - ## Ref: https://kubernetes.io/docs/user-guide/compute-resources/ - ## - resources: {} - # limits: - # cpu: 200m - # memory: 50Mi - # requests: - # cpu: 100m - # memory: 30Mi - - ## Security context to be added to node-exporter pods - ## - securityContext: {} - # runAsUser: 0 - - service: - annotations: - prometheus.io/scrape: "true" - labels: {} - - # Exposed as a headless service: - # https://kubernetes.io/docs/concepts/services-networking/service/#headless-services - clusterIP: None - - ## List of IP addresses at which the node-exporter service is available - ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips - ## - externalIPs: [] - - hostPort: 9100 - loadBalancerIP: "" - loadBalancerSourceRanges: [] - servicePort: 9100 - type: ClusterIP - -server: - ## Prometheus server container name - ## - enabled: true - name: server - sidecarContainers: - strategy: - type: Recreate - rollingUpdate: null - - ## Prometheus server container image - ## - image: - repository: prom/prometheus - tag: v2.17.2 - pullPolicy: IfNotPresent - - ## prometheus server priorityClassName - ## - priorityClassName: "" - - ## The URL prefix at which the container can be accessed. Useful in the case the '-web.external-url' includes a slug - ## so that the various internal URLs are still able to access as they are in the default case. - ## (Optional) - prefixURL: "" - - ## External URL which can access alertmanager - ## Maybe same with Ingress host name - baseURL: "" - - ## Additional server container environment variables - ## - ## You specify this manually like you would a raw deployment manifest. - ## This means you can bind in environment variables from secrets. - ## - ## e.g. static environment variable: - ## - name: DEMO_GREETING - ## value: "Hello from the environment" - ## - ## e.g. secret environment variable: - ## - name: USERNAME - ## valueFrom: - ## secretKeyRef: - ## name: mysecret - ## key: username - env: [] - - extraFlags: - - web.enable-lifecycle - ## web.enable-admin-api flag controls access to the administrative HTTP API which includes functionality such as - ## deleting time series. This is disabled by default. - # - web.enable-admin-api - ## - ## storage.tsdb.no-lockfile flag controls BD locking - # - storage.tsdb.no-lockfile - ## - ## storage.tsdb.wal-compression flag enables compression of the write-ahead log (WAL) - # - storage.tsdb.wal-compression - - ## Path to a configuration file on prometheus server container FS - configPath: /etc/config/prometheus.yml - - global: - ## How frequently to scrape targets by default - ## - scrape_interval: 1m - ## How long until a scrape request times out - ## - scrape_timeout: 10s - ## How frequently to evaluate rules - ## - evaluation_interval: 1m - ## https://prometheus.io/docs/prometheus/latest/configuration/configuration/#remote_write - ## - remoteWrite: {} - ## https://prometheus.io/docs/prometheus/latest/configuration/configuration/#remote_read - ## - remoteRead: {} - - ## Additional Prometheus server container arguments - ## - extraArgs: {} - - ## Additional InitContainers to initialize the pod - ## - extraInitContainers: [] - - ## Additional Prometheus server Volume mounts - ## - extraVolumeMounts: [] - - ## Additional Prometheus server Volumes - ## - extraVolumes: [] - - ## Additional Prometheus server hostPath mounts - ## - extraHostPathMounts: [] - # - name: certs-dir - # mountPath: /etc/kubernetes/certs - # subPath: "" - # hostPath: /etc/kubernetes/certs - # readOnly: true - - extraConfigmapMounts: [] - # - name: certs-configmap - # mountPath: /prometheus - # subPath: "" - # configMap: certs-configmap - # readOnly: true - - ## Additional Prometheus server Secret mounts - # Defines additional mounts with secrets. Secrets must be manually created in the namespace. - extraSecretMounts: [] - # - name: secret-files - # mountPath: /etc/secrets - # subPath: "" - # secretName: prom-secret-files - # readOnly: true - - ## ConfigMap override where fullname is {{.Release.Name}}-{{.Values.server.configMapOverrideName}} - ## Defining configMapOverrideName will cause templates/server-configmap.yaml - ## to NOT generate a ConfigMap resource - ## - configMapOverrideName: "" - - ingress: - ## If true, Prometheus server Ingress will be created - ## - enabled: false - - ## Prometheus server Ingress annotations - ## - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: 'true' - - ## Prometheus server Ingress additional labels - ## - extraLabels: {} - - ## Prometheus server Ingress hostnames with optional path - ## Must be provided if Ingress is enabled - ## - hosts: [] - # - prometheus.domain.com - # - domain.com/prometheus - - ## Extra paths to prepend to every host configuration. This is useful when working with annotation based services. - extraPaths: [] - # - path: /* - # backend: - # serviceName: ssl-redirect - # servicePort: use-annotation - - ## Prometheus server Ingress TLS configuration - ## Secrets must be manually created in the namespace - ## - tls: [] - # - secretName: prometheus-server-tls - # hosts: - # - prometheus.domain.com - - ## Server Deployment Strategy type - # strategy: - # type: Recreate - - ## Node tolerations for server scheduling to nodes with taints - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - ## - tolerations: [] - # - key: "key" - # operator: "Equal|Exists" - # value: "value" - # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" - - ## Node labels for Prometheus server pod assignment - ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - - ## Pod affinity - ## - affinity: {} - - ## PodDisruptionBudget settings - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ - ## - podDisruptionBudget: - enabled: false - maxUnavailable: 1 - - ## Use an alternate scheduler, e.g. "stork". - ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ - ## - # schedulerName: - - persistentVolume: - ## If true, Prometheus server will create/use a Persistent Volume Claim - ## If false, use emptyDir - ## - enabled: true - - ## Prometheus server data Persistent Volume access modes - ## Must match those of existing PV or dynamic provisioner - ## Ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ - ## - accessModes: - - ReadWriteOnce - - ## Prometheus server data Persistent Volume annotations - ## - annotations: {} - - ## Prometheus server data Persistent Volume existing claim name - ## Requires server.persistentVolume.enabled: true - ## If defined, PVC must be created manually before volume will be bound - existingClaim: "" - - ## Prometheus server data Persistent Volume mount root path - ## - mountPath: /data - - ## Prometheus server data Persistent Volume size - ## - size: 8Gi - - ## Prometheus server data Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - # storageClass: "-" - - ## Prometheus server data Persistent Volume Binding Mode - ## If defined, volumeBindingMode: - ## If undefined (the default) or set to null, no volumeBindingMode spec is - ## set, choosing the default mode. - ## - # volumeBindingMode: "" - - ## Subdirectory of Prometheus server data Persistent Volume to mount - ## Useful if the volume's root directory is not empty - ## - subPath: "" - - emptyDir: - sizeLimit: "" - - ## Annotations to be added to Prometheus server pods - ## - podAnnotations: {} - # iam.amazonaws.com/role: prometheus - - ## Labels to be added to Prometheus server pods - ## - podLabels: {} - - ## Prometheus AlertManager configuration - ## - alertmanagers: [] - - ## Specify if a Pod Security Policy for node-exporter must be created - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ - ## - podSecurityPolicy: - annotations: {} - ## Specify pod annotations - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl - ## - # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' - # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' - # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' - - ## Use a StatefulSet if replicaCount needs to be greater than 1 (see below) - ## - replicaCount: 1 - - statefulSet: - ## If true, use a statefulset instead of a deployment for pod management. - ## This allows to scale replicas to more than 1 pod - ## - enabled: false - - annotations: {} - labels: {} - podManagementPolicy: OrderedReady - - ## Alertmanager headless service to use for the statefulset - ## - headless: - annotations: {} - labels: {} - servicePort: 80 - - ## Prometheus server readiness and liveness probe initial delay and timeout - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ - ## - readinessProbeInitialDelay: 30 - readinessProbeTimeout: 30 - readinessProbeFailureThreshold: 3 - readinessProbeSuccessThreshold: 1 - livenessProbeInitialDelay: 30 - livenessProbeTimeout: 30 - livenessProbeFailureThreshold: 3 - livenessProbeSuccessThreshold: 1 - - ## Prometheus server resource requests and limits - ## Ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## - resources: {} - # limits: - # cpu: 500m - # memory: 512Mi - # requests: - # cpu: 500m - # memory: 512Mi - - ## Vertical Pod Autoscaler config - ## Ref: https://github.com/kubernetes/autoscaler/tree/master/vertical-pod-autoscaler - verticalAutoscaler: - ## If true a VPA object will be created for the controller (either StatefulSet or Deployemnt, based on above configs) - enabled: false - # updateMode: "Auto" - # containerPolicies: - # - containerName: 'prometheus-server' - - ## Security context to be added to server pods - ## - securityContext: - runAsUser: 65534 - runAsNonRoot: true - runAsGroup: 65534 - fsGroup: 65534 - - service: - annotations: {} - labels: {} - clusterIP: "" - - ## List of IP addresses at which the Prometheus server service is available - ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips - ## - externalIPs: [] - - loadBalancerIP: "" - loadBalancerSourceRanges: [] - servicePort: 80 - sessionAffinity: None - type: ClusterIP - - ## Enable gRPC port on service to allow auto discovery with thanos-querier - gRPC: - enabled: false - servicePort: 10901 - # nodePort: 10901 - - ## If using a statefulSet (statefulSet.enabled=true), configure the - ## service to connect to a specific replica to have a consistent view - ## of the data. - statefulsetReplica: - enabled: false - replica: 0 - - ## Prometheus server pod termination grace period - ## - terminationGracePeriodSeconds: 300 - - ## Prometheus data retention period (default if not specified is 15 days) - ## - retention: "15d" - -pushgateway: - ## If false, pushgateway will not be installed - ## - enabled: true - - ## Use an alternate scheduler, e.g. "stork". - ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ - ## - # schedulerName: - - ## pushgateway container name - ## - name: pushgateway - - ## pushgateway container image - ## - image: - repository: prom/pushgateway - tag: v1.0.1 - pullPolicy: IfNotPresent - - ## pushgateway priorityClassName - ## - priorityClassName: "" - - ## Additional pushgateway container arguments - ## - ## for example: persistence.file: /data/pushgateway.data - extraArgs: {} - - ingress: - ## If true, pushgateway Ingress will be created - ## - enabled: false - - ## pushgateway Ingress annotations - ## - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: 'true' - - ## pushgateway Ingress hostnames with optional path - ## Must be provided if Ingress is enabled - ## - hosts: [] - # - pushgateway.domain.com - # - domain.com/pushgateway - - ## Extra paths to prepend to every host configuration. This is useful when working with annotation based services. - extraPaths: [] - # - path: /* - # backend: - # serviceName: ssl-redirect - # servicePort: use-annotation - - ## pushgateway Ingress TLS configuration - ## Secrets must be manually created in the namespace - ## - tls: [] - # - secretName: prometheus-alerts-tls - # hosts: - # - pushgateway.domain.com - - ## Node tolerations for pushgateway scheduling to nodes with taints - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - ## - tolerations: [] - # - key: "key" - # operator: "Equal|Exists" - # value: "value" - # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" - - ## Node labels for pushgateway pod assignment - ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - - ## Annotations to be added to pushgateway pods - ## - podAnnotations: {} - - ## Specify if a Pod Security Policy for node-exporter must be created - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ - ## - podSecurityPolicy: - annotations: {} - ## Specify pod annotations - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl - ## - # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' - # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' - # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' - - replicaCount: 1 - - ## PodDisruptionBudget settings - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ - ## - podDisruptionBudget: - enabled: false - maxUnavailable: 1 - - ## pushgateway resource requests and limits - ## Ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## - resources: {} - # limits: - # cpu: 10m - # memory: 32Mi - # requests: - # cpu: 10m - # memory: 32Mi - - ## Security context to be added to push-gateway pods - ## - securityContext: - runAsUser: 65534 - runAsNonRoot: true - - service: - annotations: - prometheus.io/probe: pushgateway - labels: {} - clusterIP: "" - - ## List of IP addresses at which the pushgateway service is available - ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips - ## - externalIPs: [] - - loadBalancerIP: "" - loadBalancerSourceRanges: [] - servicePort: 9091 - type: ClusterIP - - strategy: - type: Recreate - rollingUpdate: null - - - persistentVolume: - ## If true, pushgateway will create/use a Persistent Volume Claim - ## If false, use emptyDir - ## - enabled: false - - ## pushgateway data Persistent Volume access modes - ## Must match those of existing PV or dynamic provisioner - ## Ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ - ## - accessModes: - - ReadWriteOnce - - ## pushgateway data Persistent Volume Claim annotations - ## - annotations: {} - - ## pushgateway data Persistent Volume existing claim name - ## Requires pushgateway.persistentVolume.enabled: true - ## If defined, PVC must be created manually before volume will be bound - existingClaim: "" - - ## pushgateway data Persistent Volume mount root path - ## - mountPath: /data - - ## pushgateway data Persistent Volume size - ## - size: 2Gi - - ## pushgateway data Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - # storageClass: "-" - - ## pushgateway data Persistent Volume Binding Mode - ## If defined, volumeBindingMode: - ## If undefined (the default) or set to null, no volumeBindingMode spec is - ## set, choosing the default mode. - ## - # volumeBindingMode: "" - - ## Subdirectory of pushgateway data Persistent Volume to mount - ## Useful if the volume's root directory is not empty - ## - subPath: "" - - -## alertmanager ConfigMap entries -## -alertmanagerFiles: - alertmanager.yml: - global: {} - # slack_api_url: '' - - receivers: - - name: default-receiver - # slack_configs: - # - channel: '@you' - # send_resolved: true - - route: - group_wait: 10s - group_interval: 5m - receiver: default-receiver - repeat_interval: 3h - -## Prometheus server ConfigMap entries -## -serverFiles: - - ## Alerts configuration - ## Ref: https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/ - alerting_rules.yml: {} - # groups: - # - name: Instances - # rules: - # - alert: InstanceDown - # expr: up == 0 - # for: 5m - # labels: - # severity: page - # annotations: - # description: '{{ $labels.instance }} of job {{ $labels.job }} has been down for more than 5 minutes.' - # summary: 'Instance {{ $labels.instance }} down' - ## DEPRECATED DEFAULT VALUE, unless explicitly naming your files, please use alerting_rules.yml - alerts: {} - - ## Records configuration - ## Ref: https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/ - recording_rules.yml: {} - ## DEPRECATED DEFAULT VALUE, unless explicitly naming your files, please use recording_rules.yml - rules: {} - - prometheus.yml: - rule_files: - - /etc/config/recording_rules.yml - - /etc/config/alerting_rules.yml - ## Below two files are DEPRECATED will be removed from this default values file - - /etc/config/rules - - /etc/config/alerts - - scrape_configs: - - job_name: prometheus - static_configs: - - targets: - - localhost:9090 - - # A scrape configuration for running Prometheus on a Kubernetes cluster. - # This uses separate scrape configs for cluster components (i.e. API server, node) - # and services to allow each to use different authentication configs. - # - # Kubernetes labels will be added as Prometheus labels on metrics via the - # `labelmap` relabeling action. - - - job_name: 'kubernetes-nodes-cadvisor' - - # Default to scraping over https. If required, just disable this or change to - # `http`. - scheme: https - - # This TLS & bearer token file config is used to connect to the actual scrape - # endpoints for cluster components. This is separate to discovery auth - # configuration because discovery & scraping are two separate concerns in - # Prometheus. The discovery auth config is automatic if Prometheus runs inside - # the cluster. Otherwise, more config options have to be provided within the - # . - tls_config: - ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - # If your node certificates are self-signed or use a different CA to the - # master CA, then disable certificate verification below. Note that - # certificate verification is an integral part of a secure infrastructure - # so this should only be disabled in a controlled environment. You can - # disable certificate verification by uncommenting the line below. - # - insecure_skip_verify: true - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - - kubernetes_sd_configs: - - role: node - - # This configuration will work only on kubelet 1.7.3+ - # As the scrape endpoints for cAdvisor have changed - # if you are using older version you need to change the replacement to - # replacement: /api/v1/nodes/$1:4194/proxy/metrics - # more info here https://github.com/coreos/prometheus-operator/issues/633 - relabel_configs: - - action: labelmap - regex: __meta_kubernetes_node_label_(.+) - - target_label: __address__ - replacement: kubernetes.default.svc:443 - - source_labels: [__meta_kubernetes_node_name] - regex: (.+) - target_label: __metrics_path__ - replacement: /api/v1/nodes/$1/proxy/metrics/cadvisor - - metric_relabel_configs: - - source_labels: [ __name__ ] - regex: (container_cpu_usage_seconds_total|container_memory_working_set_bytes|container_network_receive_errors_total|container_network_transmit_errors_total|container_network_receive_packets_dropped_total|container_network_transmit_packets_dropped_total|container_memory_usage_bytes|container_cpu_cfs_throttled_periods_total|container_cpu_cfs_periods_total|container_fs_usage_bytes|container_fs_limit_bytes|container_cpu_cfs_periods_total|container_fs_inodes_free|container_fs_inodes_total|container_fs_usage_bytes|container_fs_limit_bytes|container_cpu_cfs_throttled_periods_total|container_cpu_cfs_periods_total|container_network_receive_bytes_total|container_network_transmit_bytes_total|container_fs_inodes_free|container_fs_inodes_total|container_fs_usage_bytes|container_fs_limit_bytes|container_spec_cpu_shares|container_spec_memory_limit_bytes|container_network_receive_bytes_total|container_network_transmit_bytes_total|container_fs_reads_bytes_total|container_network_receive_bytes_total|container_fs_writes_bytes_total|container_fs_reads_bytes_total|cadvisor_version_info) - action: keep - - source_labels: [ container ] - target_label: container_name - regex: (.+) - action: replace - - source_labels: [ pod ] - target_label: pod_name - regex: (.+) - action: replace - - # Scrape config for service endpoints. - # - # The relabeling allows the actual service scrape endpoint to be configured - # via the following annotations: - # - # * `prometheus.io/scrape`: Only scrape services that have a value of `true` - # * `prometheus.io/scheme`: If the metrics endpoint is secured then you will need - # to set this to `https` & most likely set the `tls_config` of the scrape config. - # * `prometheus.io/path`: If the metrics path is not `/metrics` override this. - # * `prometheus.io/port`: If the metrics are exposed on a different port to the - # service then set this appropriately. - - job_name: 'kubernetes-service-endpoints' - - kubernetes_sd_configs: - - role: endpoints - - relabel_configs: - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape] - action: keep - regex: true - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme] - action: replace - target_label: __scheme__ - regex: (https?) - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path] - action: replace - target_label: __metrics_path__ - regex: (.+) - - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port] - action: replace - target_label: __address__ - regex: ([^:]+)(?::\d+)?;(\d+) - replacement: $1:$2 - - action: labelmap - regex: __meta_kubernetes_service_label_(.+) - - source_labels: [__meta_kubernetes_namespace] - action: replace - target_label: kubernetes_namespace - - source_labels: [__meta_kubernetes_service_name] - action: replace - target_label: kubernetes_name - - source_labels: [__meta_kubernetes_pod_node_name] - action: replace - target_label: kubernetes_node - metric_relabel_configs: - - source_labels: [ __name__ ] - regex: (container_cpu_allocation|container_cpu_usage_seconds_total|container_fs_limit_bytes|container_memory_allocation_bytes|container_memory_usage_bytes|container_memory_working_set_bytes|container_network_receive_bytes_total|container_network_transmit_bytes_total|deployment_match_labels|kube_deployment_spec_replicas|kube_deployment_status_replicas_available|kube_job_status_failed|kube_namespace_annotations|kube_namespace_labels|kube_node_info|kube_node_labels|kube_node_status_capacity_cpu_cores|kube_node_status_capacity_memory_bytes|kube_node_status_condition|kube_persistentvolume_capacity_bytes|kube_persistentvolume_status_phase|kube_persistentvolumeclaim_info|kube_persistentvolumeclaim_resource_requests_storage_bytes|kube_persistentvolumeclaim_resource_requests_storage_bytes|container_memory_allocation_bytes|kube_pod_container_resource_limits_cpu_cores|kube_pod_container_resource_limits_memory_bytes|kube_pod_container_resource_requests_cpu_cores|kube_pod_container_resource_requests_cpu_cores|container_cpu_usage_seconds_total|kube_pod_container_resource_requests_memory_bytes|kube_pod_container_resource_requests_memory_bytes|kube_node_status_capacity_memory_bytes|kube_pod_container_resource_requests|kube_pod_container_status_restarts_total|kube_pod_container_status_running|kube_pod_container_status_terminated_reason|kube_pod_labels|kube_pod_owner|kube_pod_status_phase|kubecost_cluster_memory_working_set_bytes|kubecost_pod_network_egress_bytes_total|node_cpu_hourly_cost|node_cpu_seconds_total|node_disk_reads_completed|node_disk_reads_completed_total|node_disk_writes_completed|node_disk_writes_completed_total|node_filesystem_device_error|node_gpu_hourly_cost|node_memory_Buffers_bytes|node_memory_Cached_bytes|node_memory_MemAvailable_bytes|node_memory_MemFree_bytes|node_memory_MemTotal_bytes|node_network_transmit_bytes_total|node_ram_hourly_cost|pod_pvc_allocation|pv_hourly_cost|service_selector_labels|statefulSet_match_labels|up|kube_node_status_allocatable_cpu_cores|kube_node_status_allocatable_memory_bytes|container_fs_writes_bytes_total|kube_deployment_status_replicas|kube_statefulset_replicas|kube_daemonset_status_desired_number_scheduled|kube_deployment_status_replicas_available|kube_statefulset_status_replicas|kube_daemonset_status_number_ready|kube_deployment_status_replicas|kube_statefulset_replicas|kube_daemonset_status_desired_number_scheduled|kube_replicaset_owner|kube_pod_container_info) - action: keep - - # Scrape config for slow service endpoints; same as above, but with a larger - # timeout and a larger interval - # - # The relabeling allows the actual service scrape endpoint to be configured - # via the following annotations: - # - # * `prometheus.io/scrape-slow`: Only scrape services that have a value of `true` - # * `prometheus.io/scheme`: If the metrics endpoint is secured then you will need - # to set this to `https` & most likely set the `tls_config` of the scrape config. - # * `prometheus.io/path`: If the metrics path is not `/metrics` override this. - # * `prometheus.io/port`: If the metrics are exposed on a different port to the - # service then set this appropriately. - - job_name: 'kubernetes-service-endpoints-slow' - - scrape_interval: 5m - scrape_timeout: 30s - - kubernetes_sd_configs: - - role: endpoints - - relabel_configs: - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape_slow] - action: keep - regex: true - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme] - action: replace - target_label: __scheme__ - regex: (https?) - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path] - action: replace - target_label: __metrics_path__ - regex: (.+) - - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port] - action: replace - target_label: __address__ - regex: ([^:]+)(?::\d+)?;(\d+) - replacement: $1:$2 - - action: labelmap - regex: __meta_kubernetes_service_label_(.+) - - source_labels: [__meta_kubernetes_namespace] - action: replace - target_label: kubernetes_namespace - - source_labels: [__meta_kubernetes_service_name] - action: replace - target_label: kubernetes_name - - source_labels: [__meta_kubernetes_pod_node_name] - action: replace - target_label: kubernetes_node - - - job_name: 'prometheus-pushgateway' - honor_labels: true - - kubernetes_sd_configs: - - role: service - - relabel_configs: - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_probe] - action: keep - regex: pushgateway - - # Example scrape config for probing services via the Blackbox Exporter. - # - # The relabeling allows the actual service scrape endpoint to be configured - # via the following annotations: - # - # * `prometheus.io/probe`: Only probe services that have a value of `true` - - job_name: 'kubernetes-services' - - metrics_path: /probe - params: - module: [http_2xx] - - kubernetes_sd_configs: - - role: service - - relabel_configs: - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_probe] - action: keep - regex: true - - source_labels: [__address__] - target_label: __param_target - - target_label: __address__ - replacement: blackbox - - source_labels: [__param_target] - target_label: instance - - action: labelmap - regex: __meta_kubernetes_service_label_(.+) - - source_labels: [__meta_kubernetes_namespace] - target_label: kubernetes_namespace - - source_labels: [__meta_kubernetes_service_name] - target_label: kubernetes_name - -# adds additional scrape configs to prometheus.yml -# must be a string so you have to add a | after extraScrapeConfigs: -# example adds prometheus-blackbox-exporter scrape config -extraScrapeConfigs: - # - job_name: 'prometheus-blackbox-exporter' - # metrics_path: /probe - # params: - # module: [http_2xx] - # static_configs: - # - targets: - # - https://example.com - # relabel_configs: - # - source_labels: [__address__] - # target_label: __param_target - # - source_labels: [__param_target] - # target_label: instance - # - target_label: __address__ - # replacement: prometheus-blackbox-exporter:9115 - -# Adds option to add alert_relabel_configs to avoid duplicate alerts in alertmanager -# useful in H/A prometheus with different external labels but the same alerts -alertRelabelConfigs: - # alert_relabel_configs: - # - source_labels: [dc] - # regex: (.+)\d+ - # target_label: dc - -networkPolicy: - ## Enable creation of NetworkPolicy resources. - ## - enabled: false diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/.helmignore b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/.helmignore deleted file mode 100755 index f0c131944..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/Chart.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/Chart.yaml deleted file mode 100755 index bf76cbf27..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/Chart.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -appVersion: 0.15.0 -description: Thanos is a set of components that can be composed into a highly available - metric system with unlimited storage capacity, which can be added seamlessly on - top of existing Prometheus deployments. -icon: https://raw.githubusercontent.com/thanos-io/thanos/master/website/static/Thanos-logo_full.svg -keywords: -- thanos -- prometheus -- metrics -maintainers: -- email: info@banzaicloud.com - name: Banzai Cloud -name: thanos -sources: -- https://github.com/thanos-io/thanos -- https://github.com/banzaicloud/banzai-charts/tree/master/thanos -version: 0.15.0 diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/requirements.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/requirements.yaml deleted file mode 100755 index e69de29bb..000000000 diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/NOTES.txt b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/NOTES.txt deleted file mode 100755 index e69de29bb..000000000 diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/_helpers.tpl b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/_helpers.tpl deleted file mode 100755 index 7b5fb57d8..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/_helpers.tpl +++ /dev/null @@ -1,51 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "thanos.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "thanos.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "thanos.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - - -{{/* -Create a default fully qualified component name from the full app name and a component name. -We truncate the full name at 63 - 1 (last dash) - len(component name) chars because some Kubernetes name fields are limited to this (by the DNS naming spec) -and we want to make sure that the component is included in the name. -*/}} -{{- define "thanos.componentname" -}} -{{- $global := index . 0 -}} -{{- $component := index . 1 | trimPrefix "-" -}} -{{- printf "%s-%s" (include "thanos.fullname" $global | trunc (sub 62 (len $component) | int) | trimSuffix "-" ) $component | trimSuffix "-" -}} -{{- end -}} - -{{/* - -*/}} -{{- define "thanos.secretname" }} -{{- default (include "thanos.name" .) .Values.storeSecretName }} -{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/bucket-deployment.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/bucket-deployment.yaml deleted file mode 100755 index e8757af68..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/bucket-deployment.yaml +++ /dev/null @@ -1,87 +0,0 @@ -{{ if .Values.global.thanos.enabled }} -{{ if .Values.bucket.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "thanos.componentname" (list $ "bucket") }} - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: bucket -{{ with .Values.bucket.deploymentLabels }}{{ toYaml . | indent 4 }}{{ end -}} - {{- with .Values.bucket.deploymentAnnotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} -spec: - replicas: {{ .Values.bucket.replicaCount | default 1 }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: bucket -{{ with .Values.bucket.deploymentMatchLabels }}{{ toYaml . | indent 6 }}{{ end }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: bucket -{{ with .Values.bucket.labels }}{{ toYaml . | indent 8 }}{{ end }} - {{- with .Values.bucket.annotations }} - annotations: {{ toYaml . | nindent 8 }} - {{- end }} - spec: - containers: - - name: thanos-bucket - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - env: {{- with .Values.bucket.extraEnv }}{{ toYaml . | nindent 8 }}{{- end }} - args: - - "tools" - - "bucket" - - "web" - - "--log.level={{ .Values.bucket.logLevel }}" - - "--http-address=0.0.0.0:{{ .Values.bucket.http.port }}" - - "--objstore.config-file=/etc/config/object-store.yaml" - {{- if .Values.bucket.refresh }} - - "--refresh={{ .Values.bucket.refresh }}" - {{- end }} - {{- if .Values.bucket.timeout }} - - "--timeout={{ .Values.bucket.timeout }}" - {{- end }} - {{- if .Values.bucket.label }} - - "--label={{ .Values.bucket.label }}" - {{- end }} - {{ with .Values.bucket.extraArgs }}{{ toYaml . | nindent 8 }}{{- end }} - ports: - - name: http - containerPort: {{ .Values.bucket.http.port }} - volumeMounts: - - name: config-volume - mountPath: /etc/config - readOnly: true - resources: {{ toYaml .Values.bucket.resources | nindent 10 }} - volumes: - - name: config-volume - secret: - secretName: {{ include "thanos.secretname" . }} - {{- with .Values.bucket.securityContext }} - securityContext: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.bucket.nodeSelector }} - nodeSelector: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.bucket.affinity }} - affinity: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.bucket.tolerations }} - tolerations: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.bucket.serviceAccount }} - serviceAccountName: "{{ . }}" - {{- end }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/bucket-ingress.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/bucket-ingress.yaml deleted file mode 100755 index 28b037bda..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/bucket-ingress.yaml +++ /dev/null @@ -1,42 +0,0 @@ -{{ if .Values.global.thanos.enabled }} -{{ if and .Values.bucket.enabled .Values.bucket.http.ingress.enabled }} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: {{ include "thanos.componentname" (list $ "bucket") }} - {{- with .Values.bucket.http.ingress.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: bucket - {{- if .Values.bucket.http.ingress.labels }} -{{ toYaml .Values.bucket.http.ingress.labels | indent 4 }} - {{- end }} -spec: - {{- if .Values.bucket.http.ingress.tls }} - tls: - {{- range .Values.bucket.http.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} - {{- end }} - rules: - {{- range .Values.bucket.http.ingress.hosts }} - - host: {{ . }} - http: - paths: - - path: {{ $.Values.bucket.http.ingress.path }} - backend: - serviceName: {{ include "thanos.componentname" (list $ "bucket") }} - servicePort: {{ $.Values.bucket.http.port }} - {{- end }} -{{ end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/bucket-poddisruptionbudget.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/bucket-poddisruptionbudget.yaml deleted file mode 100755 index fb3fd1cb7..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/bucket-poddisruptionbudget.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{ if .Values.global.thanos.enabled }} -{{- if and .Values.bucket.enabled .Values.bucket.podDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ include "thanos.componentname" (list $ "bucket") }} - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ $.Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: bucket -{{ with .Values.bucket.deploymentLabels }}{{ toYaml . | indent 4 }}{{ end }} -spec: - {{- if .Values.bucket.podDisruptionBudget.minAvailable }} - minAvailable: {{ .Values.bucket.podDisruptionBudget.minAvailable }} - {{- end }} - {{- if .Values.bucket.podDisruptionBudget.maxUnavailable }} - maxUnavailable: {{ .Values.bucket.podDisruptionBudget.maxUnavailable }} - {{- end }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - app.kubernetes.io/component: bucket -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/bucket-service.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/bucket-service.yaml deleted file mode 100755 index 0d56d8a2b..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/bucket-service.yaml +++ /dev/null @@ -1,30 +0,0 @@ -{{ if .Values.global.thanos.enabled }} -{{ if .Values.bucket.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "thanos.componentname" (list $ "bucket") }} - {{- with .Values.bucket.http.service.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ $.Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: bucket -{{ with .Values.bucket.http.service.labels }}{{ toYaml . | indent 4 }}{{ end }} -spec: - ports: - - port: {{ .Values.bucket.http.port }} - protocol: TCP - targetPort: http - name: http - selector: - app.kubernetes.io/name: {{ include "thanos.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: bucket -{{ with .Values.bucket.http.service.matchLabels }}{{ toYaml . | indent 4 }}{{ end }} -{{ end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/compact-deployment.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/compact-deployment.yaml deleted file mode 100755 index a5b0347ad..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/compact-deployment.yaml +++ /dev/null @@ -1,108 +0,0 @@ -{{ if .Values.global.thanos.enabled }} -{{ if .Values.compact.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "thanos.componentname" (list $ "compact") }} - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: compact -{{ with .Values.compact.deploymentLabels }}{{ toYaml . | indent 4 }}{{ end -}} - {{- with .Values.compact.deploymentAnnotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} -spec: - replicas: {{ .Values.compact.replicaCount | default 1 }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: compact -{{ with .Values.compact.deploymentMatchLabels }}{{ toYaml . | indent 6 }}{{ end }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: compact -{{ with .Values.compact.labels }}{{ toYaml . | indent 8 }}{{ end }} - {{- with .Values.compact.annotations }} - annotations: {{ toYaml . | nindent 8 }} - {{- end }} - {{- if .Values.compact.metrics.annotations.enabled }} - prometheus.io/scrape: "true" - prometheus.io/port: "{{ .Values.compact.http.port }}" - {{- end }} - spec: - containers: - - name: thanos-compact - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - env: {{- with .Values.compact.extraEnv }}{{ toYaml . | nindent 8 }}{{- end }} - args: - - "compact" - - "--log.level={{ .Values.compact.logLevel }}" - - "--http-address=0.0.0.0:{{ .Values.compact.http.port }}" - - "--objstore.config-file=/etc/config/object-store.yaml" - - "--data-dir=/var/thanos/compact" - - "--consistency-delay={{ .Values.compact.consistencyDelay }}" - - "--retention.resolution-raw={{ .Values.compact.retentionResolutionRaw }}" - - "--retention.resolution-5m={{ .Values.compact.retentionResolution5m }}" - - "--retention.resolution-1h={{ .Values.compact.retentionResolution1h }}" - - "--block-sync-concurrency={{ .Values.compact.blockSyncConcurrency }}" - - "--compact.concurrency={{ .Values.compact.compactConcurrency }}" -{{- if .Values.compact.disableDownsampling }} - - "--downsampling.disable" -{{- end }} - - "--wait" -{{ with .Values.compact.extraArgs }}{{ toYaml . | indent 8 }}{{- end }} - ports: - - name: http - containerPort: {{ .Values.compact.http.port }} - volumeMounts: - - name: config-volume - mountPath: /etc/config - readOnly: true - - name: data-volume - mountPath: /var/thanos/compact - resources: {{ toYaml .Values.compact.resources | nindent 10 }} - volumes: - - name: data-volume - {{- if .Values.compact.dataVolume }} - {{- if .Values.compact.dataVolume.persistentVolumeClaim }} - {{- if .Values.compact.dataVolume.persistentVolumeClaim.claimName }} - persistentVolumeClaim: - claimName: {{ .Values.compact.dataVolume.persistentVolumeClaim.claimName }} - {{- else }} - emptyDir: {} - {{- end }} - {{- else }} - emptyDir: {} - {{- end }} - {{- else }} - emptyDir: {} - {{- end }} - - name: config-volume - secret: - secretName: {{ include "thanos.secretname" . }} - {{- with .Values.compact.securityContext }} - securityContext: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.compact.nodeSelector }} - nodeSelector: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.compact.affinity }} - affinity: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.compact.tolerations }} - tolerations: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.compact.serviceAccount }} - serviceAccountName: "{{ . }}" - {{- end }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/compact-pvc.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/compact-pvc.yaml deleted file mode 100755 index f6b33e491..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/compact-pvc.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{ if .Values.global.thanos.enabled }} -{{- if .Values.compact.enabled }} -{{- if .Values.compact.dataVolume -}} -{{- if .Values.compact.dataVolume.persistentVolumeClaim -}} -{{- if .Values.compact.dataVolume.persistentVolumeClaim.claimName -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ .Values.compact.dataVolume.persistentVolumeClaim.claimName }} -spec: - accessModes: - - ReadWriteOnce - {{- if .Values.compact.dataVolume.persistentVolumeClaim.storageClass }} - storageClassName: {{ .Values.compact.dataVolume.persistentVolumeClaim.storageClass }} - {{- end }} - resources: - requests: - {{- if .Values.compact.dataVolume.persistentVolumeClaim.storage }} - storage: {{ .Values.compact.dataVolume.persistentVolumeClaim.storage }} - {{- else }} - storage: 100Gi - {{- end }} -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/compact-service.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/compact-service.yaml deleted file mode 100755 index 080821849..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/compact-service.yaml +++ /dev/null @@ -1,30 +0,0 @@ -{{ if .Values.global.thanos.enabled }} -{{ if .Values.compact.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "thanos.componentname" (list $ "compact") }} - {{- with .Values.compact.http.service.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ $.Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: compact -{{ with .Values.compact.http.service.labels }}{{ toYaml . | indent 4 }}{{ end }} -spec: - ports: - - port: {{ .Values.compact.http.port }} - protocol: TCP - targetPort: http - name: http - selector: - app.kubernetes.io/name: {{ include "thanos.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: compact -{{ with .Values.compact.http.service.matchLabels }}{{ toYaml . | indent 4 }}{{ end }} -{{ end}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/compact-servicemonitor.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/compact-servicemonitor.yaml deleted file mode 100755 index bc224d802..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/compact-servicemonitor.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{ if .Values.global.thanos.enabled }} -{{- if and .Values.compact.enabled .Values.compact.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "thanos.componentname" (list $ "compact") }} - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: compact -{{ with .Values.compact.metrics.serviceMonitor.labels }}{{ toYaml . | indent 4 }}{{ end }} -spec: - jobLabel: thanos-compact - selector: - matchLabels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: compact - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} - endpoints: - - port: http - interval: {{ .Values.compact.metrics.serviceMonitor.interval | default "15s" }} - {{- with .Values.compact.metrics.serviceMonitor.relabellings }} - metricRelabelings: {{ toYaml . | nindent 8 }} - {{- end }} -{{- end -}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-deployment.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-deployment.yaml deleted file mode 100755 index 74e96d09c..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-deployment.yaml +++ /dev/null @@ -1,148 +0,0 @@ -{{ if .Values.global.thanos.enabled }} -{{ if .Values.query.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "thanos.componentname" (list $ "query") }} - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: query -{{ with .Values.query.deploymentLabels }}{{ toYaml . | indent 4 }}{{ end }} - {{- with .Values.query.deploymentAnnotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} -spec: -{{- if not .Values.query.autoscaling.enabled }} - replicas: {{ .Values.query.replicaCount | default 1 }} -{{- end }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: query -{{ with .Values.query.deploymentMatchLabels }}{{ toYaml . | indent 6 }}{{ end }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: query -{{ with .Values.query.labels }}{{ toYaml . | indent 8 }}{{ end }} - {{- with .Values.query.annotations }} - annotations: {{ toYaml . | nindent 8 }} - {{- end }} - {{- if .Values.query.metrics.annotations.enabled }} - prometheus.io/scrape: "true" - prometheus.io/port: "{{ .Values.query.http.port }}" - {{- end }} - spec: - containers: - - name: thanos-query - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - args: - - "query" - - "--log.level={{ .Values.query.logLevel }}" - - "--grpc-address=0.0.0.0:{{ .Values.query.grpc.port }}" - - "--http-address=0.0.0.0:{{ .Values.query.http.port }}" - - "--query.timeout={{ .Values.query.timeout }}" - - "--query.max-concurrent={{ .Values.query.maxConcurrent }}" - {{- if .Values.query.autoDownsampling }} - - "--query.auto-downsampling" - {{- end }} - {{- if .Values.query.replicaLabel }} - - "--query.replica-label={{ .Values.query.replicaLabel }}" - {{- end }} - {{- if .Values.query.webRoutePrefix }} - - "--web.route-prefix={{ .Values.query.webRoutePrefix }}" - {{- end }} - {{- if .Values.query.webExternalPrefix }} - - "--web.external-prefix={{ .Values.query.webExternalPrefix }}" - {{- end }} - {{- if .Values.query.webPrefixHeader }} - - "--web.prefix-header={{ .Values.query.webPrefixHeader }}" - {{- end }} - {{- if .Values.query.storeDNSResolver }} - - "--store.sd-dns-resolver={{ .Values.query.storeDNSResolver }}" - {{- end }} - {{- if .Values.query.storeDNSDiscovery }} - - "--store=dnssrv+_grpc._tcp.{{ include "thanos.componentname" (list $ "store") }}-grpc.{{ .Release.Namespace }}.svc" - {{- end }} - {{- if .Values.query.sidecarDNSDiscovery }} - - "--store=dnssrv+_grpc._tcp.{{ include "thanos.componentname" (list $ "sidecar") }}-grpc.{{ .Release.Namespace }}.svc" - {{- end }} - {{- range .Values.query.stores }} - - "--store={{ . }}" - {{- end }} - {{- range .Values.query.serviceDiscoveryFiles }} - - "--store.sd-files={{ . }}" - {{- end }} - {{- range .Values.query.serviceDiscoveryFileConfigMaps }} - - "--store.sd-files=/etc/query/{{ . }}/*.yaml" - - "--store.sd-files=/etc/query/{{ . }}/*.yml" - - "--store.sd-files=/etc/query/{{ . }}/*.json" - {{- end }} - {{- if .Values.query.serviceDiscoveryInterval }} - - "--store.sd-interval={{ .Values.query.serviceDiscoveryInterval }}" - {{- end }} - - {{- if .Values.query.extraArgs }} - {{ toYaml .Values.query.extraArgs | nindent 8 }} - {{- end }} - ports: - - name: http - containerPort: {{ .Values.query.http.port }} - - name: grpc - containerPort: {{ .Values.query.grpc.port }} - resources: - {{ toYaml .Values.query.resources | nindent 10 }} - env: - {{- toYaml .Values.query.extraEnv | nindent 10 }} - volumeMounts: - {{- range .Values.query.serviceDiscoveryFileConfigMaps }} - - mountPath: /etc/query/{{ . }} - name: {{ . }} - {{- end }} - {{- if .Values.query.certSecretName }} - - mountPath: /etc/certs - name: {{ .Values.query.certSecretName }} - readOnly: true - {{- end }} - livenessProbe: - httpGet: - path: /-/healthy - port: http - volumes: - {{- range .Values.query.serviceDiscoveryFileConfigMaps }} - - name: {{ . }} - configMap: - defaultMode: 420 - name: {{ . }} - {{- end }} - {{- if .Values.query.certSecretName }} - - name: {{ .Values.query.certSecretName }} - secret: - defaultMode: 420 - secretName: {{ .Values.query.certSecretName }} - {{- end }} - {{- with .Values.query.securityContext }} - securityContext: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.query.nodeSelector }} - nodeSelector: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.query.affinity }} - affinity: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.query.tolerations }} - tolerations: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.query.serviceAccount }} - serviceAccountName: "{{ . }}" - {{- end }} -{{ end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-frontend-deployment.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-frontend-deployment.yaml deleted file mode 100755 index 05c32682d..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-frontend-deployment.yaml +++ /dev/null @@ -1,122 +0,0 @@ -{{ if .Values.global.thanos.enabled }} -{{ if .Values.queryFrontend.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "thanos.componentname" (list $ "query-frontend") }} - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: query-frontend -{{ with .Values.queryFrontend.deploymentLabels }}{{ toYaml . | indent 4 }}{{ end }} - {{- with .Values.queryFrontend.deploymentAnnotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} -spec: -{{- if not .Values.queryFrontend.autoscaling.enabled }} - replicas: {{ .Values.queryFrontend.replicaCount | default 1 }} -{{- end }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: query-frontend -{{ with .Values.queryFrontend.deploymentMatchLabels }}{{ toYaml . | indent 6 }}{{ end }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: query-frontend -{{ with .Values.queryFrontend.labels }}{{ toYaml . | indent 8 }}{{ end }} - {{- with .Values.queryFrontend.annotations }} - annotations: {{ toYaml . | nindent 8 }} - {{- end }} - {{- if .Values.queryFrontend.metrics.annotations.enabled }} - prometheus.io/scrape: "true" - prometheus.io/port: "{{ .Values.queryFrontend.http.port }}" - {{- end }} - spec: - containers: - - name: thanos-query-frontend - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - args: - - "query-frontend" - - "--log.level={{ .Values.queryFrontend.logLevel }}" - - "--http-address=0.0.0.0:{{ .Values.queryFrontend.http.port }}" - - "--query-frontend.downstream-url=http://{{ include "thanos.componentname" (list $ "query") }}-http.{{ .Release.Namespace }}:{{ .Values.query.http.port }}" - - "--query-range.split-interval={{ .Values.queryFrontend.splitInterval }}" - - "--query-range.max-retries-per-request={{ .Values.queryFrontend.maxRetriesPerRequest }}" - - "--query-range.max-query-length={{ .Values.queryFrontend.maxQueryLength }}" - - "--query-range.max-query-parallelism={{ .Values.queryFrontend.maxQueryParallelism }}" - - "--query-range.response-cache-max-freshness={{ .Values.queryFrontend.responseCacheMaxFreshness }}" - {{- if .Values.queryFrontend.responseCache.enabled }} - {{- with .Values.queryFrontend.responseCache }} - - |- - --query-range.response-cache-config= - config: - max_size: {{ quote .maxSize }} - max_size_items: {{ .maxSizeItems }} - validity: {{ quote .validity }} - type: "in-memory" - {{- end }} - {{- else if .Values.queryFrontend.responseCacheConfigFile }} - - "--query-range.response-cache-config-file={{ .Values.queryFrontend.responseCacheConfigFile }}" - {{- else if .Values.queryFrontend.responseCacheConfig }} - - |- - --query-range.response-cache-config={{ toYaml .Values.queryFrontend.responseCacheConfig | nindent 12 }} - {{- end }} - {{- if .Values.queryFrontend.compressResponses }} - - "--query-frontend.compress-responses" - {{- end }} - {{- if .Values.queryFrontend.partialResponse }} - - "--query-range.partial-response" - {{- end }} - {{- if .Values.queryFrontend.extraArgs }} - {{ toYaml .Values.queryFrontend.extraArgs | nindent 8 }} - {{- end }} - ports: - - name: http - containerPort: {{ .Values.queryFrontend.http.port }} - resources: - {{ toYaml .Values.queryFrontend.resources | nindent 10 }} - env: - {{- toYaml .Values.queryFrontend.extraEnv | nindent 10 }} - volumeMounts: - {{- if .Values.queryFrontend.certSecretName }} - - mountPath: /etc/certs - name: {{ .Values.queryFrontend.certSecretName }} - readOnly: true - {{- end }} - livenessProbe: - httpGet: - path: /-/healthy - port: http - volumes: - {{- if .Values.queryFrontend.certSecretName }} - - name: {{ .Values.queryFrontend.certSecretName }} - secret: - defaultMode: 420 - secretName: {{ .Values.queryFrontend.certSecretName }} - {{- end }} - {{- with .Values.queryFrontend.securityContext }} - securityContext: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.queryFrontend.nodeSelector }} - nodeSelector: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.queryFrontend.affinity }} - affinity: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.queryFrontend.tolerations }} - tolerations: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.queryFrontend.serviceAccount }} - serviceAccountName: "{{ . }}" - {{- end }} -{{ end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-frontend-horizontalpodautoscaler.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-frontend-horizontalpodautoscaler.yaml deleted file mode 100755 index 3d08e459b..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-frontend-horizontalpodautoscaler.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{ if .Values.global.thanos.enabled }} -{{- if .Values.queryFrontend.enabled }} -{{- if .Values.queryFrontend.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "thanos.componentname" (list $ "query-frontend") }} - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: query-frontend -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ include "thanos.componentname" (list $ "query-frontend") }} - minReplicas: {{ .Values.queryFrontend.autoscaling.minReplicas }} - maxReplicas: {{ .Values.queryFrontend.autoscaling.maxReplicas }} - metrics: -{{- with .Values.queryFrontend.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - targetAverageUtilization: {{ . }} -{{- end }} -{{- with .Values.queryFrontend.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ . }} -{{- end }} -{{- end }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-frontend-ingress.yml b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-frontend-ingress.yml deleted file mode 100755 index 5423cecf2..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-frontend-ingress.yml +++ /dev/null @@ -1,45 +0,0 @@ ---- -{{ if .Values.global.thanos.enabled }} -{{- if and .Values.queryFrontend.enabled .Values.queryFrontend.http.ingress.enabled }} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: {{ include "thanos.componentname" (list $ "query-frontend") }}-http - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: query-frontend - {{- if .Values.queryFrontend.http.ingress.labels }} - {{ toYaml .Values.queryFrontend.http.ingress.labels | indent 4 }} - {{- end }} - {{- with .Values.queryFrontend.http.ingress.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} -spec: - {{- if .Values.queryFrontend.http.ingress.tls }} - tls: - {{- range .Values.queryFrontend.http.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - {{- if .secretName }} - secretName: {{ .secretName }} - {{- end}} - {{- end }} - {{- end }} - rules: - {{- range .Values.queryFrontend.http.ingress.hosts }} - - host: {{ . }} - http: - paths: - - path: {{ $.Values.queryFrontend.http.ingress.path }} - backend: - serviceName: {{ include "thanos.componentname" (list $ "query-frontend") }}-http - servicePort: {{ $.Values.queryFrontend.http.port }} - {{- end }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-frontend-poddisruptionbudget.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-frontend-poddisruptionbudget.yaml deleted file mode 100755 index 5cfef4756..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-frontend-poddisruptionbudget.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{ if .Values.global.thanos.enabled }} -{{- if and .Values.queryFrontend.enabled .Values.queryFrontend.podDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ include "thanos.componentname" (list $ "query-frontend") }} - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ $.Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: query-frontend -{{ with .Values.queryFrontend.deploymentLabels }}{{ toYaml . | indent 4 }}{{ end }} -spec: - {{- if .Values.queryFrontend.podDisruptionBudget.minAvailable }} - minAvailable: {{ .Values.queryFrontend.podDisruptionBudget.minAvailable }} - {{- end }} - {{- if .Values.queryFrontend.podDisruptionBudget.maxUnavailable }} - maxUnavailable: {{ .Values.queryFrontend.podDisruptionBudget.maxUnavailable }} - {{- end }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - app.kubernetes.io/component: query-frontend -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-frontend-service.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-frontend-service.yaml deleted file mode 100755 index 2521e898a..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-frontend-service.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{ if .Values.global.thanos.enabled }} -{{- if .Values.queryFrontend.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "thanos.componentname" (list $ "query-frontend") }}-http - {{- with .Values.queryFrontend.http.service.annotations }} - annotations: {{ toYaml .| nindent 4 }} - {{- end }} - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ $.Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: query-frontend -{{ with .Values.queryFrontend.http.service.labels }}{{ toYaml . | indent 4 }}{{ end }} -spec: - type: {{ .Values.queryFrontend.http.service.type }} - {{- if .Values.queryFrontend.http.service.externalTrafficPolicy }} - externalTrafficPolicy: {{ .Values.queryFrontend.http.externalTrafficPolicy }} - {{- end }} - ports: - - port: {{ .Values.queryFrontend.http.port }} - targetPort: http - protocol: TCP - name: http - selector: - app.kubernetes.io/name: {{ include "thanos.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: query-frontend -{{ with .Values.queryFrontend.http.service.matchLabels }}{{ toYaml . | indent 4 }}{{ end }} -{{- end -}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-frontend-servicemonitor.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-frontend-servicemonitor.yaml deleted file mode 100755 index 004367519..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-frontend-servicemonitor.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{ if .Values.global.thanos.enabled }} -{{- if and .Values.queryFrontend.enabled .Values.queryFrontend.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "thanos.componentname" (list $ "query-frontend") }} - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: query-frontend -{{ with .Values.queryFrontend.metrics.serviceMonitor.labels }}{{ toYaml . | indent 4 }}{{ end }} -spec: - jobLabel: thanos-query - selector: - matchLabels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: query-frontend - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} - endpoints: - - port: http - interval: {{ .Values.queryFrontend.metrics.serviceMonitor.interval | default "15s" }} - {{- with .Values.queryFrontend.metrics.serviceMonitor.relabellings }} - metricRelabelings: {{ toYaml . | nindent 8 }} - {{- end }} -{{- end -}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-horizontalpodautoscaler.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-horizontalpodautoscaler.yaml deleted file mode 100755 index 9b38473d8..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-horizontalpodautoscaler.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{ if .Values.global.thanos.enabled }} -{{- if .Values.query.enabled }} -{{- if .Values.query.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "thanos.componentname" (list $ "query") }} - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: query -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ include "thanos.componentname" (list $ "query") }} - minReplicas: {{ .Values.query.autoscaling.minReplicas }} - maxReplicas: {{ .Values.query.autoscaling.maxReplicas }} - metrics: -{{- with .Values.query.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - targetAverageUtilization: {{ . }} -{{- end }} -{{- with .Values.query.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ . }} -{{- end }} -{{- end }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-ingress.yml b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-ingress.yml deleted file mode 100755 index cfda4a0e3..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-ingress.yml +++ /dev/null @@ -1,89 +0,0 @@ ---- -{{ if .Values.global.thanos.enabled }} -{{- if and .Values.query.enabled .Values.query.http.ingress.enabled }} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: {{ include "thanos.componentname" (list $ "query") }}-http - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: query - {{- if .Values.query.http.ingress.labels }} - {{ toYaml .Values.query.http.ingress.labels | indent 4 }} - {{- end }} - {{- with .Values.query.http.ingress.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} -spec: - {{- if .Values.query.http.ingress.tls }} - tls: - {{- range .Values.query.http.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - {{- if .secretName }} - secretName: {{ .secretName }} - {{- end}} - {{- end }} - {{- end }} - rules: - {{- range .Values.query.http.ingress.hosts }} - - host: {{ . }} - http: - paths: - - path: {{ $.Values.query.http.ingress.path }} - backend: - serviceName: {{ include "thanos.componentname" (list $ "query") }}-http - servicePort: {{ $.Values.query.http.port }} - {{- end }} -{{- end }} - -{{- if and .Values.query.enabled .Values.query.grpc.ingress.enabled }} ---- -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: {{ include "thanos.componentname" (list $ "query") }}-grpc - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: query - {{- if .Values.query.grpc.ingress.labels }} - {{ toYaml .Values.grpc.ingress.labels | indent 4 }} - {{- end }} - {{- with .Values.query.grpc.ingress.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} -spec: - {{- if .Values.query.grpc.ingress.tls }} - tls: - {{- range .Values.query.grpc.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - {{- if .secretName }} - secretName: {{ .secretName }} - {{- end}} - {{- end }} - {{- end }} - rules: - {{- range .Values.query.grpc.ingress.hosts }} - - host: {{ . }} - http: - paths: - - path: {{ $.Values.query.grpc.ingress.path }} - backend: - serviceName: {{ include "thanos.componentname" (list $ "query") }}-grpc - servicePort: {{ $.Values.query.http.port }} - {{- end }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-poddisruptionbudget.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-poddisruptionbudget.yaml deleted file mode 100755 index efc2c817c..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-poddisruptionbudget.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{ if .Values.global.thanos.enabled }} -{{- if and .Values.query.enabled .Values.query.podDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ include "thanos.componentname" (list $ "query") }} - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ $.Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: query -{{ with .Values.query.deploymentLabels }}{{ toYaml . | indent 4 }}{{ end }} -spec: - {{- if .Values.query.podDisruptionBudget.minAvailable }} - minAvailable: {{ .Values.query.podDisruptionBudget.minAvailable }} - {{- end }} - {{- if .Values.query.podDisruptionBudget.maxUnavailable }} - maxUnavailable: {{ .Values.query.podDisruptionBudget.maxUnavailable }} - {{- end }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - app.kubernetes.io/component: query -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-service.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-service.yaml deleted file mode 100755 index 89178a4e1..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-service.yaml +++ /dev/null @@ -1,65 +0,0 @@ -{{ if .Values.global.thanos.enabled }} -{{- if .Values.query.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "thanos.componentname" (list $ "query") }}-grpc - {{- with .Values.query.grpc.service.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ $.Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: query -{{ with .Values.query.grpc.service.labels }}{{ toYaml . | indent 4 }}{{ end }} -spec: - type: ClusterIP - clusterIP: None - ports: - - port: {{ .Values.query.grpc.port }} - targetPort: grpc - protocol: TCP - name: grpc - selector: - app.kubernetes.io/name: {{ include "thanos.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: query -{{ with .Values.query.grpc.service.matchLabels }}{{ toYaml . | indent 4 }}{{ end }} - ---- - -apiVersion: v1 -kind: Service -metadata: - name: {{ include "thanos.componentname" (list $ "query") }}-http - {{- with .Values.query.http.service.annotations }} - annotations: {{ toYaml .| nindent 4 }} - {{- end }} - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ $.Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: query -{{ with .Values.query.http.service.labels }}{{ toYaml . | indent 4 }}{{ end }} -spec: - type: {{ .Values.query.http.service.type }} - {{- if .Values.query.http.service.externalTrafficPolicy }} - externalTrafficPolicy: {{ .Values.query.http.externalTrafficPolicy }} - {{- end }} - ports: - - port: {{ .Values.query.http.port }} - targetPort: http - protocol: TCP - name: http - selector: - app.kubernetes.io/name: {{ include "thanos.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: query -{{ with .Values.query.http.service.matchLabels }}{{ toYaml . | indent 4 }}{{ end }} -{{- end -}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-servicemonitor.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-servicemonitor.yaml deleted file mode 100755 index 673445428..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-servicemonitor.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{ if .Values.global.thanos.enabled }} -{{- if and .Values.query.enabled .Values.query.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "thanos.componentname" (list $ "query") }} - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: query -{{ with .Values.query.metrics.serviceMonitor.labels }}{{ toYaml . | indent 4 }}{{ end }} -spec: - jobLabel: thanos-query - selector: - matchLabels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: query - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} - endpoints: - - port: http - interval: {{ .Values.query.metrics.serviceMonitor.interval | default "15s" }} - {{- with .Values.query.metrics.serviceMonitor.relabellings }} - metricRelabelings: {{ toYaml . | nindent 8 }} - {{- end }} -{{- end -}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/sidecar-service.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/sidecar-service.yaml deleted file mode 100755 index 021bdfaf9..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/sidecar-service.yaml +++ /dev/null @@ -1,61 +0,0 @@ -{{ if .Values.global.thanos.enabled }} -{{- if .Values.sidecar.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "thanos.componentname" (list $ "sidecar") }}-grpc - {{- with .Values.sidecar.grpc.service.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ $.Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: sidecar -{{ with .Values.sidecar.grpc.service.labels }}{{ toYaml . | indent 4 }}{{ end }} -spec: - type: ClusterIP - clusterIP: None - ports: - - port: {{ .Values.sidecar.grpc.port }} - protocol: TCP - targetPort: grpc - name: grpc - selector: - app: prometheus -{{ with .Values.sidecar.grpc.service.matchLabels }}{{ toYaml . | indent 4 }}{{ end }} - ---- - -apiVersion: v1 -kind: Service -metadata: - name: {{ include "thanos.componentname" (list $ "sidecar") }}-http - {{- with .Values.sidecar.http.service.annotations }} - annotations: {{ toYaml .| nindent 4 }} - {{- end }} - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ $.Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: sidecar -{{ with .Values.store.http.service.labels }}{{ toYaml . | indent 4 }}{{ end }} -spec: - type: {{ .Values.sidecar.http.service.type }} - {{- if .Values.sidecar.http.service.externalTrafficPolicy }} - externalTrafficPolicy: {{ .Values.sidecar.http.externalTrafficPolicy }} - {{- end }} - ports: - - port: {{ .Values.sidecar.http.port }} - targetPort: http - protocol: TCP - name: http - selector: - app: prometheus -{{ with .Values.sidecar.http.service.matchLabels }}{{ toYaml . | indent 4 }}{{ end }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/sidecar-servicemonitor.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/sidecar-servicemonitor.yaml deleted file mode 100755 index 6271a23ca..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/sidecar-servicemonitor.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{ if .Values.global.thanos.enabled }} -{{- if and .Values.sidecar.enabled .Values.sidecar.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "thanos.componentname" (list $ "sidecar") }} - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: sidecar -{{ with .Values.sidecar.metrics.serviceMonitor.labels }}{{ toYaml . | indent 4 }}{{ end }} -spec: - jobLabel: thanos-sidecar - selector: - matchLabels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: sidecar - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} - endpoints: - - port: http - interval: {{ .Values.sidecar.metrics.serviceMonitor.interval | default "15s" }} - {{- with .Values.sidecar.metrics.serviceMonitor.relabellings }} - metricRelabelings: {{ toYaml . | nindent 8 }} - {{- end }} -{{- end -}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/store-deployment.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/store-deployment.yaml deleted file mode 100755 index d8f0d3b1b..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/store-deployment.yaml +++ /dev/null @@ -1,121 +0,0 @@ -{{ if .Values.global.thanos.enabled }} -{{ if .Values.store.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "thanos.componentname" (list $ "store") }} - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: store -{{ with .Values.store.deploymentLabels }}{{ toYaml . | indent 4 }}{{ end }} - {{- with .Values.store.deploymentAnnotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} -spec: - replicas: {{ .Values.store.replicaCount | default 1 }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: store -{{ with .Values.store.deploymentMatchLabels }}{{ toYaml . | indent 6 }}{{ end }} - template: - metadata: - labels: -{{ with .Values.store.labels }}{{ toYaml . | indent 8 }}{{ end }} - app.kubernetes.io/name: {{ include "thanos.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: store - {{- with .Values.store.annotations }} - annotations: {{ toYaml . | nindent 8 }} - {{- end }} - {{- if .Values.store.metrics.annotations.enabled }} - prometheus.io/scrape: "true" - prometheus.io/port: "{{ .Values.store.http.port }}" - {{- end }} - spec: - containers: - - name: thanos-store - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - args: - - "store" - - "--data-dir=/var/thanos/store" - - "--log.level={{ .Values.store.logLevel }}" - - "--http-address=0.0.0.0:{{ .Values.store.http.port }}" - - "--grpc-address=0.0.0.0:{{ .Values.store.grpc.port }}" - - "--objstore.config-file=/etc/config/object-store.yaml" - {{- if .Values.store.indexCacheSize }} - - "--index-cache-size={{ .Values.store.indexCacheSize }}" - {{- end }} - {{- if .Values.store.chunkPoolSize }} - - "--chunk-pool-size={{ .Values.store.chunkPoolSize }}" - {{- end }} - {{- if .Values.store.grpcSeriesSampleLimit }} - - "--store.grpc.series-sample-limit={{ .Values.store.grpcSeriesSampleLimit }}" - {{- end }} - {{- if .Values.store.grpcSeriesMaxConcurrency }} - - "--store.grpc.series-max-concurrency={{ .Values.store.grpcSeriesMaxConcurrency }}" - {{- end }} - {{- if .Values.store.syncBlockDuration }} - - "--sync-block-duration={{ .Values.store.syncBlockDuration }}" - {{- end }} - {{- if .Values.store.blockSyncConcurrency }} - - "--block-sync-concurrency={{ .Values.store.blockSyncConcurrency }}" - {{- end }} - {{- if .Values.store.extraArgs }} - {{ toYaml .Values.store.extraArgs | nindent 8 }} - {{- end }} - ports: - - name: http - containerPort: {{ .Values.store.http.port }} - - name: grpc - containerPort: {{ .Values.store.grpc.port }} - env: - {{- toYaml .Values.store.extraEnv | nindent 10 }} - volumeMounts: - - name: config-volume - mountPath: /etc/config - readOnly: true - - name: data - mountPath: /var/thanos/store - {{- if .Values.store.certSecretName }} - - mountPath: /etc/certs - name: {{ .Values.store.certSecretName }} - readOnly: true - {{- end }} - resources: - {{ toYaml .Values.store.resources | nindent 10 }} - volumes: - - name: data - emptyDir: {} - - name: config-volume - secret: - secretName: {{ include "thanos.secretname" . }} - {{- if .Values.store.certSecretName }} - - name: {{ .Values.store.certSecretName }} - secret: - defaultMode: 420 - secretName: {{ .Values.store.certSecretName }} - {{- end }} - {{- with .Values.store.securityContext }} - securityContext: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.store.nodeSelector }} - nodeSelector: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.store.affinity }} - affinity: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.store.tolerations }} - tolerations: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.store.serviceAccount }} - serviceAccountName: "{{ . }}" - {{- end }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/store-ingress.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/store-ingress.yaml deleted file mode 100755 index 4d18c019e..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/store-ingress.yaml +++ /dev/null @@ -1,85 +0,0 @@ -{{ if .Values.global.thanos.enabled }} -{{- if and .Values.store.enabled .Values.store.http.ingress.enabled }} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: {{ include "thanos.componentname" (list $ "store") }}-http - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: store - {{- if .Values.store.http.ingress.labels }} - {{ toYaml .Values.store.http.ingress.labels | indent 4 }} - {{- end }} - {{- with .Values.store.http.ingress.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} -spec: - {{- if .Values.store.http.ingress.tls }} - tls: - {{- range .Values.store.http.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} - {{- end }} - rules: - {{- range .Values.store.http.ingress.hosts }} - - host: {{ . }} - http: - paths: - - path: {{ $.Values.store.http.ingress.path }} - backend: - serviceName: {{ include "thanos.componentname" (list $ "store") }}-http - servicePort: {{ $.Values.store.http.port }} - {{- end }} -{{- end }} - ---- - - {{- if and .Values.store.enabled .Values.store.grpc.ingress.enabled }} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: {{ include "thanos.componentname" (list $ "store") }}-grpc - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: store - {{- if .Values.store.grpc.ingress.labels }} - {{ toYaml .Values.grpc.ingress.labels | indent 4 }} - {{- end }} - {{- with .Values.store.grpc.ingress.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} -spec: - {{- if .Values.store.grpc.ingress.tls }} - tls: - {{- range .Values.store.grpc.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} - {{- end }} - rules: - {{- range .Values.store.grpc.ingress.hosts }} - - host: {{ . }} - http: - paths: - - path: {{ $.Values.store.grpc.ingress.path }} - backend: - serviceName: {{ include "thanos.componentname" (list $ "store") }}-grpc - servicePort: {{ $.Values.store.http.port }} - {{- end }} -{{- end }} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/store-service.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/store-service.yaml deleted file mode 100755 index ce5894fa3..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/store-service.yaml +++ /dev/null @@ -1,65 +0,0 @@ -{{ if .Values.global.thanos.enabled }} -{{- if .Values.store.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "thanos.componentname" (list $ "store") }}-grpc - {{- with .Values.store.grpc.service.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ $.Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: store -{{ with .Values.store.grpc.service.labels }}{{ toYaml . | indent 4 }}{{ end }} -spec: - type: ClusterIP - clusterIP: None - ports: - - port: {{ .Values.store.grpc.port }} - targetPort: grpc - protocol: TCP - name: grpc - selector: - app.kubernetes.io/name: {{ include "thanos.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: store -{{ with .Values.store.grpc.service.matchLabels }}{{ toYaml . | indent 4 }}{{ end }} - ---- - -apiVersion: v1 -kind: Service -metadata: - name: {{ include "thanos.componentname" (list $ "store") }}-http - {{- with .Values.store.http.service.annotations }} - annotations: {{ toYaml .| nindent 4 }} - {{- end }} - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ $.Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: store -{{ with .Values.store.http.service.labels }}{{ toYaml . | indent 4 }}{{ end }} -spec: - type: {{ .Values.store.http.service.type }} - {{- if .Values.store.http.service.externalTrafficPolicy }} - externalTrafficPolicy: {{ .Values.store.http.externalTrafficPolicy }} - {{- end }} - ports: - - port: {{ .Values.store.http.port }} - targetPort: http - protocol: TCP - name: http - selector: - app.kubernetes.io/name: {{ include "thanos.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: store -{{ with .Values.store.http.service.matchLabels }}{{ toYaml . | indent 4 }}{{ end }} -{{- end -}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/store-servicemonitor.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/store-servicemonitor.yaml deleted file mode 100755 index c181c6416..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/store-servicemonitor.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{ if .Values.global.thanos.enabled }} -{{- if and .Values.store.enabled .Values.store.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "thanos.componentname" (list $ "store") }} - labels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - helm.sh/chart: {{ include "thanos.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} - app.kubernetes.io/component: store -{{ with .Values.store.metrics.serviceMonitor.labels }}{{ toYaml . | indent 4 }}{{ end }} -spec: - jobLabel: thanos-store - selector: - matchLabels: - app.kubernetes.io/name: {{ include "thanos.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: store - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} - endpoints: - - port: http - interval: {{ .Values.store.metrics.serviceMonitor.interval | default "15s" }} - {{- with .Values.store.metrics.serviceMonitor.relabellings }} - metricRelabelings: {{ toYaml . | nindent 8 }} - {{- end }} -{{- end -}} -{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/values.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/values.yaml deleted file mode 100755 index 0a11a2627..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/values.yaml +++ /dev/null @@ -1,739 +0,0 @@ -image: - repository: thanosio/thanos - tag: v0.15.0 - pullPolicy: IfNotPresent - -store: - enabled: true - # Maximum size of items held in the index cache. - indexCacheSize: 250MB - # Maximum size of concurrently allocatable bytes for chunks. - chunkPoolSize: 2GB - # Maximum amount of samples returned via a single series call. 0 means no limit. - # NOTE: for efficiency we take 120 as the number of samples in chunk (it cannot be bigger than that), - # so the actual number of samples might be lower, even though the maximum could be hit. - grpcSeriesSampleLimit: 0 - # Maximum number of concurrent Series calls. - grpcSeriesMaxConcurrency: 20 - # Repeat interval for syncing the blocks between local and remote view. - syncBlockDuration: 3m - # Number of goroutines to use when syncing blocks from object storage. - blockSyncConcurrency: 20 - # Log filtering level. - logLevel: info - # Add extra environment variables to store - extraEnv: [] - # - name: ENV - # value: value - # - # Add extra arguments to the store service - extraArgs: [] - # - "--extraargs=extravalue" - # - # Number of replicas running from store component - replicaCount: 1 - # Extra labels for store pod template - labels: {} - # cluster: example - # - # Extra annotations for store pod template - annotations: {} - # example.com: default - # - # Add extra labels to store deployment - deploymentLabels: {} - # extraLabel: extraLabelValue - # - # Add extra annotations to store deployment - deploymentAnnotations: {} - # extraAnnotation: extraAnnotationValue - # - # Add extra selector matchLabels to store deployment - deploymentMatchLabels: {} - # Enable metrics collecting for store service - metrics: - # This is the Prometheus annotation type scraping configuration - annotations: - enabled: false - # Enable ServiceMonitor https://github.com/coreos/prometheus-operator - serviceMonitor: - enabled: false - # Labels for prometheus-operator to find servicemonitor - labels: {} - # The grpc endpoint to communicate with other components - grpc: - # grpc listen port number - port: 10901 - # Service definition for query grpc service - service: - # Annotations to query grpc service - annotations: {} - # Labels to query grpc service - labels: {} - matchLabels: {} - # Set up ingress for the grpc service - ingress: - enabled: false - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - labels: {} - path: "/" - hosts: - - "/" - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - - # The http endpoint to communicate with other components - http: - # http listen port number - port: 10902 - # Service definition for query http service - service: - type: ClusterIP - # Annotations to query http service - annotations: {} - # Labels to query http service - labels: {} - matchLabels: {} - # Set up ingress for the http service - ingress: - enabled: false - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - labels: {} - path: "/" - hosts: - - "/" - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - # Optional securityContext - securityContext: {} - resources: {} - # limits: - # cpu: 2000m - # memory: 16Gi - # requests: - # cpu: 1000m - # memory: 4Gi - # - # Node tolerations for server scheduling to nodes with taints - # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - tolerations: [] - # - key: "key" - # operator: "Equal|Exists" - # value: "value" - # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" - # - # Node labels for store pod assignment - # Ref: https://kubernetes.io/docs/user-guide/node-selection/ - # - nodeSelector: {} - # - # Pod affinity - # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-affinity - affinity: {} - serviceAccount: "" - -# Query Frontend Component -queryFrontend: - enabled: true - - # Split queries by an interval and execute in parallel, 0 disables it. - splitInterval: 24h - - # Maximum number of retries for a single request; beyond this, the downstream error is returned. - maxRetriesPerRequest: 5 - - # Limit the query time range (end - start time) in the query-frontend, 0 disables it. - maxQueryLength: 0 - - # Maximum number of queries will be scheduled in parallel by the frontend.\ - maxQueryParallelism: 14 - - # Most recent allowed cacheable result, to prevent caching very recent results that might still be in flux. - responseCacheMaxFreshness: 1m - - # Path to YAML file that contains response cache configuration. - # responseCacheConfigFile: - - # Response Cache Configuration - responseCache: - enabled: false - maxSize: 512MB - maxSizeItems: 0 - validity: 10m - - # Response cache configuration content - # responseCacheConfig: - - # Enable partial response for queries if no partial_response param is specified. --no-query-range.partial-response for disabling. - # partialResponse: false - - # Compress HTTP responses. - compressResponses: true - - logLevel: info - # Add extra environment variables to query - extraEnv: [] - # - name: ENV - # value: value - # - # Add extra arguments to the query service - extraArgs: [] - # - "--extraargs=extravalue" - # - # Number of replicas running from query component - replicaCount: 1 - # Enable HPA for query component - autoscaling: - enabled: false - minReplicas: 2 - maxReplicas: 3 - targetCPUUtilizationPercentage: 50 - targetMemoryUtilizationPercentage: 50 - # Enable podDisruptionBudget for query component - podDisruptionBudget: - enabled: false - # minAvailable and maxUnavailable can't be used simultaneous. Choose one. - minAvailable: 1 - # maxUnavailable: 50% - - serviceAccount: "" - - # The http endpoint to communicate with other components - http: - # http listen port number - port: 10902 - # Service definition for query http service - service: - type: ClusterIP - # Annotations to query http service - annotations: {} - # Labels to query http service - labels: {} - matchLabels: {} - # Set up ingress for the http service - ingress: - enabled: false - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - labels: {} - path: "/" - hosts: - - "/" - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - - certSecretName: "" - # Extra labels for query pod template - labels: {} - # cluster: example - # - # Extra annotations for query pod template - annotations: {} - # example.com: default - # - # Add extra labels to query deployment - deploymentLabels: {} - # extraLabel: extraLabelValue - # - # Add extra annotations to query deployment - deploymentAnnotations: {} - # extraAnnotation: extraAnnotationValue - # - # Add extra selector matchLabels to query deployment - deploymentMatchLabels: {} - - # Enable metrics collecting for query service - metrics: - # This is the Prometheus annotation type scraping configuration - annotations: - enabled: false - # Enable ServiceMonitor https://github.com/coreos/prometheus-operator - serviceMonitor: - enabled: false - # Labels for prometheus-operator to find servicemonitor - labels: {} - - # Optional securityContext - securityContext: {} - resources: {} - # limits: - # cpu: 2000m - # memory: 16Gi - # requests: - # cpu: 1000m - # memory: 4Gi - # - # Node tolerations for server scheduling to nodes with taints - # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - tolerations: [] - # - key: "key" - # operator: "Equal|Exists" - # value: "value" - # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" - # - # Node labels for compact pod assignment - # Ref: https://kubernetes.io/docs/user-guide/node-selection/ - # - nodeSelector: {} - # - # Pod affinity - # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-affinity - affinity: {} - -query: - enabled: true - # Label to treat as a replica indicator along which data is deduplicated. - # Still you will be able to query without deduplication using 'dedup=false' parameter. - replicaLabel: "" - # Prefix for API and UI endpoints. This allows thanos UI to be served on a sub-path. - # This option is analogous to --web.route-prefix of Promethus. - webRoutePrefix: "" - # Static prefix for all HTML links and redirect - # URLs in the UI query web interface. Actual - # endpoints are still served on / or the - # web.route-prefix. This allows thanos UI to be - # served behind a reverse proxy that strips a URL - # sub-path. - webExternalPrefix: "" - # Name of HTTP request header used for dynamic prefixing of UI links and redirects. - # This option is ignored if web.external-prefix argument is set. Security risk: enable this - # option only if a reverse proxy in front of thanos is resetting the header. The --web.prefix-header=X-Forwarded-Prefix option - # can be useful, for example, if Thanos UI is served via Traefik reverse proxy with PathPrefixStrip option enabled, which sends the - # stripped prefix value in X-Forwarded-Prefix header. This allows thanos UI to be served on a sub-path - webPrefixHeader: "" - # Maximum time to process query by query node. - timeout: 2m - # Maximum number of queries processed concurrently by query node. - maxConcurrent: 16 - # Maximum number of select requests made concurrently per a query. - maxConcurrentSelect: 4 - # Enable automatic adjustment (step / 5) to what source of data should be used in store gateways - # if no max_source_resolution param is specified. - autoDownsampling: false - # https://github.com/improbable-eng/thanos/issues/1015 - storeDNSResolver: miekgdns - # Enable DNS discovery for stores - storeDNSDiscovery: true - # Enable DNS discovery for sidecars (this is for the chart built-in sidecar service) - sidecarDNSDiscovery: true - # Addresses of statically configured store API servers (repeatable). - # The scheme may be prefixed with 'dns+' or 'dnssrv+' to detect store API servers through respective DNS lookups. - stores: [] - # - "dnssrv+_grpc._tcp...svc" - # - # Path to files that contains addresses of store API servers. The path can be a glob pattern (repeatable). - serviceDiscoveryFiles: [] - # Names of configmaps that contain addresses of store API servers, used for file service discovery. - serviceDiscoveryFileConfigMaps: [] - # Refresh interval to re-read file SD files. It is used as a resync fallback. - serviceDiscoveryInterval: 5m - # Log filtering level. - logLevel: info - # Add extra environment variables to query - extraEnv: [] - # - name: ENV - # value: value - # - # Add extra arguments to the query service - extraArgs: [] - # - "--extraargs=extravalue" - # - # Number of replicas running from query component - replicaCount: 1 - # Enable HPA for query component - autoscaling: - enabled: false - minReplicas: 2 - maxReplicas: 3 - targetCPUUtilizationPercentage: 50 - targetMemoryUtilizationPercentage: 50 - # Enable podDisruptionBudget for query component - podDisruptionBudget: - enabled: false - # minAvailable and maxUnavailable can't be used simultaneous. Choose one. - minAvailable: 1 - # maxUnavailable: 50% - - # The http endpoint to communicate with other components - http: - # http listen port number - port: 10902 - # Service definition for query http service - service: - type: ClusterIP - # Annotations to query http service - annotations: {} - # Labels to query http service - labels: {} - matchLabels: {} - # Set up ingress for the http service - ingress: - enabled: false - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - labels: {} - path: "/" - hosts: - - "/" - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - - certSecretName: "" - # Extra labels for query pod template - labels: {} - # cluster: example - # - # Extra annotations for query pod template - annotations: {} - # example.com: default - # - # Add extra labels to query deployment - deploymentLabels: {} - # extraLabel: extraLabelValue - # - # Add extra annotations to query deployment - deploymentAnnotations: {} - # extraAnnotation: extraAnnotationValue - # - # Add extra selector matchLabels to query deployment - deploymentMatchLabels: {} - - # Enable metrics collecting for query service - metrics: - # This is the Prometheus annotation type scraping configuration - annotations: - enabled: false - # Enable ServiceMonitor https://github.com/coreos/prometheus-operator - serviceMonitor: - enabled: false - # Labels for prometheus-operator to find servicemonitor - labels: {} - - # Optional securityContext - securityContext: {} - resources: {} - # limits: - # cpu: 2000m - # memory: 16Gi - # requests: - # cpu: 1000m - # memory: 4Gi - # - # Node tolerations for server scheduling to nodes with taints - # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - tolerations: [] - # - key: "key" - # operator: "Equal|Exists" - # value: "value" - # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" - # - # Node labels for compact pod assignment - # Ref: https://kubernetes.io/docs/user-guide/node-selection/ - # - nodeSelector: {} - # - # Pod affinity - # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-affinity - affinity: {} - - # The grpc endpoint to communicate with other components - grpc: - # grpc listen port number - port: 10901 - # Service definition for query grpc service - service: - # Annotations to query grpc service - annotations: {} - # labels to query grpc service - labels: {} - matchLabels: {} - # Set up ingress for the grpc service - ingress: - enabled: false - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - labels: {} - path: "/" - hosts: - - "/" - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - serviceAccount: "" - -compact: - enabled: true - # Minimum age of fresh (non-compacted) blocks before they are being processed. - # Malformed blocks older than the maximum of consistency-delay and 30m0s will be removed. - consistencyDelay: 30m - # How long to retain raw samples in bucket. Setting this to 0d will retain samples of this resolution forever - retentionResolutionRaw: 1825d - # How long to retain samples of resolution 1 (5 minutes) in bucket. Setting this to 0d will retain samples of this resolution forever - retentionResolution5m: 1825d - # How long to retain samples of resolution 2 (1 hour) in bucket. Setting this to 0d will retain samples of this resolution forever - retentionResolution1h: 1825d - # Number of goroutines to use when compacting groups. - compactConcurrency: 1 - # Number of goroutines to use when syncing block metadata from object storage. - blockSyncConcurrency: 20 - # Disables Downsampling data - disableDownsampling: false - # Log filtering level. - logLevel: info - # Compact service listening http port - http: - port: 10902 - service: - labels: {} - # Add extra environment variables to compact - extraEnv: - # - name: ENV - # value: value - # - # Add extra arguments to the compact service - extraArgs: - # - "--extraargs=extravalue" - # - # Data volume for the compactor to store temporary data defaults to emptyDir - # dataVolume: - # persistentVolumeClaim: - # claimName: compact-data-volume - # storage: 100Gi - # Extra labels for compact pod template - labels: {} - # cluster: example - # - # Extra annotations for compact pod template - annotations: {} - # example.com: default - # - # Add extra labels to compact deployment - deploymentLabels: {} - # extraLabel: extraLabelValue - # - # Add extra annotations to compact deployment - deploymentAnnotations: {} - # extraAnnotation: extraAnnotationValue - # - # Add extra selector matchLabels to compact deployment - deploymentMatchLabels: {} - # - # Enable metrics collecting for compact service - metrics: - # This is the Prometheus annotation type scraping configuration - annotations: - enabled: false - # Enable ServiceMonitor https://github.com/coreos/prometheus-operator - serviceMonitor: - enabled: false - # Labels for prometheus-operator to find servicemonitor - labels: {} - serviceAccount: "" - - # Optional securityContext - securityContext: {} - resources: {} - # limits: - # cpu: 2000m - # memory: 16Gi - # requests: - # cpu: 1000m - # memory: 4Gi - # - # Node tolerations for server scheduling to nodes with taints - # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - tolerations: [] - # - key: "key" - # operator: "Equal|Exists" - # value: "value" - # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" - # - # Node labels for compact pod assignment - # Ref: https://kubernetes.io/docs/user-guide/node-selection/ - # - nodeSelector: {} - # - # Pod affinity - # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-affinity - affinity: {} - -bucket: - enabled: true - # Number of replicas running from bucket component - replicaCount: 1 - # Log filtering level. - logLevel: info - # Refresh interval to download metadata from remote storage - refresh: 30m - # Timeout to download metadata from remote storage - timeout: 5m - # Prometheus label to use as timeline title - label: "" - # The http endpoint to communicate with other components - http: - # http listen port number - port: 8080 - # Service definition for bucket http service - service: - type: ClusterIP - # Annotations to bucket http service - annotations: {} - # Labels to bucket http service - labels: {} - matchLabels: {} - # Set up ingress for the http service - ingress: - enabled: false - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - labels: {} - path: "/" - hosts: - - "/" - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - # Add extra environment variables to bucket - extraEnv: - # - name: ENV - # value: value - # - # Add extra arguments to the bucket service - extraArgs: - # - "--extraargs=extravalue" - # - # Extra labels for bucket pod template - labels: {} - # cluster: example - # - # Extra annotations for bucket pod template - annotations: {} - # example.com: default - # - # Add extra labels to bucket deployment - deploymentLabels: {} - # extraLabel: extraLabelValue - # - # Add extra annotations to bucket deployment - deploymentAnnotations: {} - # - # Add extra selector matchLabels to bucket deployment - deploymentMatchLabels: {} - - # Enable podDisruptionBudget for bucket component - podDisruptionBudget: - enabled: false - # minAvailable and maxUnavailable can't be used simultaneous. Choose one. - minAvailable: 1 - # maxUnavailable: 50% - - # Optional securityContext - securityContext: {} - resources: {} - # limits: - # cpu: 2000m - # memory: 16Gi - # requests: - # cpu: 1000m - # memory: 4Gi - # - # Node tolerations for server scheduling to nodes with taints - # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - tolerations: [] - # - key: "key" - # operator: "Equal|Exists" - # value: "value" - # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" - # - # Node labels for bucket pod assignment - # Ref: https://kubernetes.io/docs/user-guide/node-selection/ - # - nodeSelector: {} - # - # Pod affinity - # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-affinity - affinity: {} - serviceAccount: "" - -sidecar: - # NOTE: This is only the service references for the sidecar - enabled: true - # Enable metrics collecting for sidecar service - metrics: - # Enable ServiceMonitor https://github.com/coreos/prometheus-operator - serviceMonitor: - enabled: false - # Labels for prometheus-operator to find servicemonitor - labels: {} - # The grpc endpoint to communicate with other components - grpc: - # grpc listen port number - port: 10901 - # Service definition for sidecar grpc service - service: - # Annotations to sidecar grpc service - annotations: {} - # Labels to sidecar grpc service - labels: {} - matchLabels: {} - # Set up ingress for the grpc service - ingress: - enabled: false - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - labels: {} - path: "/" - hosts: - - "/" - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - - # The http endpoint to communicate with other components - http: - # http listen port number - port: 10902 - # Service definition for sidecar http service - service: - type: ClusterIP - # Annotations to sidecar http service - annotations: {} - # Labels to sidecar http service - labels: {} - matchLabels: {} - # Set up ingress for the http service - ingress: - enabled: false - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - labels: {} - path: "/" - hosts: - - "/" - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -storeSecretName: diff --git a/charts/kubecost/cost-analyzer/1.70.000/cluster-metrics.json b/charts/kubecost/cost-analyzer/1.70.000/cluster-metrics.json deleted file mode 100755 index 0e6638252..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/cluster-metrics.json +++ /dev/null @@ -1,1663 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "description": "Cost metrics from the Kubecost product", - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "id": 7, - "iteration": 1558062099204, - "links": [], - "panels": [ - { - "content": "Note: this dashboard requires Kubecost metrics to be available in your Prometheus deployment. [Learn more](https://github.com/kubecost/cost-model/blob/master/PROMETHEUS.md)", - "gridPos": { - "h": 2, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 27, - "links": [], - "mode": "markdown", - "title": "", - "transparent": true, - "type": "text" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "default-kubecost", - "decimals": 2, - "description": "Monthly run rate of CPU + GPU costs based on currently provisioned resources.", - "format": "currencyUSD", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 0, - "y": 2 - }, - "hideTimeOverride": true, - "id": 2, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "label_cloud_google_com_gke_preemptible", - "targets": [ - { - "expr": "sum(\n avg(kube_node_status_capacity_cpu_cores) by (node) * avg(node_cpu_hourly_cost) by (node) * 730 * (1-$useDiscount/100) +\n avg(node_gpu_hourly_cost) by (node) * 730 * (1-$useDiscount/100)\n)", - "format": "time_series", - "instant": true, - "interval": "", - "intervalFactor": 1, - "legendFormat": " {{ node }}", - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": "15m", - "timeShift": null, - "title": "CPU Cost", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "default-kubecost", - "decimals": 2, - "description": "Monthly run rate of memory costs based on currently provisioned expenses.", - "format": "currencyUSD", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 6, - "y": 2 - }, - "hideTimeOverride": true, - "id": 3, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "label_cloud_google_com_gke_preemptible", - "targets": [ - { - "expr": "sum(\n avg(kube_node_status_capacity_memory_bytes) by (node) / 1024 / 1024 / 1024 * avg(node_ram_hourly_cost) by (node) * 730 * (1-$useDiscount/100)\n)", - "format": "time_series", - "instant": true, - "interval": "", - "intervalFactor": 1, - "legendFormat": " {{ node }}", - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": "15m", - "timeShift": null, - "title": "Memory Cost", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "default-kubecost", - "decimals": 2, - "description": "Monthly run rate of attached storage and PV costs based on currently provisioned resources.", - "format": "currencyUSD", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 12, - "y": 2 - }, - "hideTimeOverride": true, - "id": 4, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "label_cloud_google_com_gke_preemptible", - "targets": [ - { - "expr": "sum(avg(pv_hourly_cost) by (persistentvolume) * 730 * avg(kube_persistentvolume_capacity_bytes) by (persistentvolume) / 1024 / 1024 / 1024) \n+\nsum(sum(container_fs_limit_bytes{device!=\"tmpfs\", id=\"/\"}) by (instance) / 1024 / 1024 / 1024) * $localStorageGBCost", - "format": "time_series", - "instant": true, - "interval": "", - "intervalFactor": 1, - "legendFormat": " {{ node }}", - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": "15m", - "timeShift": null, - "title": "Storage Cost", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "default-kubecost", - "decimals": 2, - "description": "Sum of compute, memory, storage and network costs.", - "format": "currencyUSD", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 2 - }, - "hideTimeOverride": true, - "id": 11, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "label_cloud_google_com_gke_preemptible", - "targets": [ - { - "expr": "# Compute\nsum(\n avg(kube_node_status_capacity_cpu_cores) by (node) * avg(node_cpu_hourly_cost) by (node) * 730 * (1-$useDiscount/100) +\n avg(node_gpu_hourly_cost) by (node) * 730 * (1-$useDiscount/100)\n) +\n\n\n# Memory\nsum(\n avg(kube_node_status_capacity_memory_bytes) by (node) / 1024 / 1024 / 1024 * avg(node_ram_hourly_cost) by (node) * 730 * (1-$useDiscount/100)\n) +\n\n# Storage \n\nsum(avg(pv_hourly_cost) by (persistentvolume) * 730 * avg(kube_persistentvolume_capacity_bytes) by (persistentvolume) / 1024 / 1024 / 1024) \n+\nsum(sum(container_fs_limit_bytes{device!=\"tmpfs\", id=\"/\"}) by (instance) / 1024 / 1024 / 1024) * $localStorageGBCost", - "format": "time_series", - "instant": true, - "interval": "", - "intervalFactor": 1, - "legendFormat": " {{ node }}", - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": "15m", - "timeShift": null, - "title": "Total Cost", - "type": "singlestat", - "valueFontSize": "120%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": true, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(50, 172, 45, 0.97)", - "#c15c17" - ], - "datasource": "default-kubecost", - "decimals": 2, - "description": "Current CPU use from applications divided by allocatable CPUs", - "editable": true, - "error": false, - "format": "percent", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": true, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 3, - "x": 0, - "y": 5 - }, - "height": "180px", - "hideTimeOverride": true, - "id": 13, - "interval": null, - "isNew": true, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "(\n sum(\n count(irate(container_cpu_usage_seconds_total{id=\"/\"}[10m])) by (instance)\n * on (instance) \n sum(irate(container_cpu_usage_seconds_total{id=\"/\"}[10m])) by (instance)\n ) \n / \n (sum (kube_node_status_allocatable_cpu_cores))\n) * 100", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "refId": "A", - "step": 10 - } - ], - "thresholds": "30, 80", - "timeFrom": "", - "title": "CPU Utilization", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": true, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(50, 172, 45, 0.97)", - "#c15c17" - ], - "datasource": "default-kubecost", - "decimals": 2, - "description": "Current CPU reservation requests from applications vs allocatable CPU", - "editable": true, - "error": false, - "format": "percent", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": true, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 3, - "x": 3, - "y": 5 - }, - "height": "180px", - "id": 15, - "interval": null, - "isNew": true, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "SUM(kube_pod_container_resource_requests_cpu_cores) / SUM(kube_node_status_allocatable_cpu_cores) * 100", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "refId": "A", - "step": 10 - } - ], - "thresholds": "30, 80", - "title": "CPU Requests", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": true, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(50, 172, 45, 0.97)", - "#c15c17" - ], - "datasource": "default-kubecost", - "description": "Current RAM use vs RAM available", - "editable": true, - "error": false, - "format": "percent", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": true, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 3, - "x": 6, - "y": 5 - }, - "height": "180px", - "hideTimeOverride": true, - "id": 17, - "interval": null, - "isNew": true, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "SUM(container_memory_usage_bytes{namespace!=\"\"}) / SUM(kube_node_status_allocatable_memory_bytes) * 100", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "refId": "A", - "step": 10 - }, - { - "expr": "", - "format": "time_series", - "intervalFactor": 1, - "refId": "B" - } - ], - "thresholds": "30,80", - "timeFrom": "", - "title": "RAM Utilization", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": true, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(50, 172, 45, 0.97)", - "#c15c17" - ], - "datasource": "default-kubecost", - "description": "Current RAM requests vs RAM available", - "editable": true, - "error": false, - "format": "percent", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": true, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 3, - "x": 9, - "y": 5 - }, - "height": "180px", - "id": 19, - "interval": null, - "isNew": true, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "(\n sum(kube_pod_container_resource_requests_memory_bytes{namespace!=\"\"})\n /\n sum(kube_node_status_allocatable_memory_bytes)\n) * 100", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "refId": "A", - "step": 10 - } - ], - "thresholds": "30,80", - "title": "RAM Requests", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": true, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(50, 172, 45, 0.97)", - "#c15c17" - ], - "datasource": "default-kubecost", - "decimals": 2, - "description": "This gauge shows the current standard storage use, including cluster storage, vs storage available", - "editable": true, - "error": false, - "format": "percent", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": true, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 12, - "y": 5 - }, - "height": "180px", - "hideTimeOverride": true, - "id": 21, - "interval": null, - "isNew": true, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum (\n sum(kube_persistentvolumeclaim_info) by (persistentvolumeclaim, namespace, storageclass)\n + on (persistentvolumeclaim, namespace) group_right(storageclass)\n sum(kubelet_volume_stats_used_bytes) by (persistentvolumeclaim, namespace) or up * 0\n + sum(container_fs_usage_bytes{device=~\"^/dev/[sv]d[a-z][1-9]$\",id=\"/\"})\n) /\nsum (\n sum(kube_persistentvolumeclaim_info) by (persistentvolumeclaim, namespace, storageclass)\n + on (persistentvolumeclaim, namespace) group_right(storageclass)\n sum(kube_persistentvolumeclaim_resource_requests_storage_bytes) by (persistentvolumeclaim, namespace) or up * 0\n + sum(container_fs_limit_bytes{device=~\"^/dev/[sv]d[a-z][1-9]$\",id=\"/\"})\n) * 100", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "refId": "A", - "step": 10 - } - ], - "thresholds": "30, 80", - "timeFrom": "", - "title": "Storage Utilization", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "description": "Monthly run rate of CPU + GPU costs", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 9 - }, - "id": 6, - "interval": "1m", - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(\n avg(kube_node_status_capacity_cpu_cores) by (node) * avg(node_cpu_hourly_cost) by (node) * 730 +\n avg(node_gpu_hourly_cost) by (node) * 730\n)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "compute cost", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Compute Cost", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "currencyUSD", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "description": "Monthly run rate of memory costs", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 9 - }, - "id": 9, - "interval": "1m", - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(\n avg(kube_node_status_capacity_memory_bytes) by (node) / 1024 / 1024 / 1024 * avg(node_ram_hourly_cost) by (node) * 730\n)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "memory cost", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Memory Cost", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "currencyUSD", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "description": "Monthly run rate of attached disk + PV storage costs", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 9 - }, - "id": 10, - "interval": "1m", - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(\n avg(avg_over_time(pv_hourly_cost[$timeRange] offset 1m)) by (persistentvolume) * 730 \n * avg(avg_over_time(kube_persistentvolume_capacity_bytes[$timeRange] offset 1m)) by (persistentvolume) / 1024 / 1024 / 1024\n) +\nsum(avg(container_fs_limit_bytes{device!=\"tmpfs\", id=\"/\"}) by (instance) / 1024 / 1024 / 1024) * $localStorageGBCost", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "storage cost", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Storage Cost", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "description": "Sum of compute, memory, and storage costs", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 9 - }, - "id": 22, - "interval": "1m", - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "# Compute\nsum(\n avg(kube_node_status_capacity_cpu_cores) by (node) * avg(node_cpu_hourly_cost) by (node) * 730 * (1-$useDiscount/100) +\n avg(node_gpu_hourly_cost) by (node) * 730 * (1-$useDiscount/100)\n) +\n\n\n# Memory\nsum(\n avg(kube_node_status_capacity_memory_bytes) by (node) / 1024 / 1024 / 1024 * avg(node_ram_hourly_cost) by (node) * 730 * (1-$useDiscount/100)\n) +\n\n# Storage \n\nsum(avg(pv_hourly_cost) by (persistentvolume) * 730 * avg(kube_persistentvolume_capacity_bytes) by (persistentvolume) / 1024 / 1024 / 1024) \n+\nsum(sum(container_fs_limit_bytes{device!=\"tmpfs\", id=\"/\"}) by (instance) / 1024 / 1024 / 1024) * $localStorageGBCost", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "total cost", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Total Cost", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "columns": [], - "datasource": "default-kubecost", - "description": "Cost of by resource class of currently provisioned nodes", - "fontSize": "100%", - "gridPos": { - "h": 9, - "w": 12, - "x": 0, - "y": 16 - }, - "id": 8, - "links": [], - "pageSize": null, - "scroll": true, - "showHeader": true, - "sort": { - "col": 4, - "desc": false - }, - "styles": [ - { - "alias": "", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "mappingType": 1, - "pattern": "Time", - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "Compute Cost", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "mappingType": 1, - "pattern": "Value", - "thresholds": [], - "type": "number", - "unit": "short" - }, - { - "alias": "CPU Cost", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "mappingType": 1, - "pattern": "Value #A", - "thresholds": [], - "type": "number", - "unit": "currencyUSD" - }, - { - "alias": "Mem Cost", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "mappingType": 1, - "pattern": "Value #B", - "thresholds": [], - "type": "number", - "unit": "currencyUSD" - }, - { - "alias": "Total", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "mappingType": 1, - "pattern": "Value #C", - "thresholds": [], - "type": "number", - "unit": "currencyUSD" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "mappingType": 1, - "pattern": "instance", - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "GPU", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "mappingType": 1, - "pattern": "Value #D", - "thresholds": [], - "type": "number", - "unit": "short" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "decimals": 2, - "pattern": "/.*/", - "thresholds": [], - "type": "number", - "unit": "short" - } - ], - "targets": [ - { - "expr": "avg(kube_node_status_capacity_cpu_cores) by (node) * avg(node_cpu_hourly_cost or up * 0) by (node) * 730 * (1-$useDiscount/100)", - "format": "table", - "instant": true, - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - }, - { - "expr": "avg(kube_node_status_capacity_memory_bytes) by (node) / 1024 / 1024 / 1024 * avg(node_ram_hourly_cost) by (node) * 730 * (1-$useDiscount/100)", - "format": "table", - "instant": true, - "intervalFactor": 1, - "legendFormat": "", - "refId": "B" - }, - { - "expr": "avg(node_gpu_hourly_cost) by (node) * 730 * (1-$useDiscount/100)", - "format": "table", - "instant": true, - "intervalFactor": 1, - "refId": "D" - }, - { - "expr": "# CPU \navg(kube_node_status_capacity_cpu_cores) by (node) * avg(node_cpu_hourly_cost or up * 0) by (node) * 730 * (1-$useDiscount/100) +\n# GPU\navg(node_gpu_hourly_cost) by (node) * 730 * (1-$useDiscount/100) +\n# Memory\navg(kube_node_status_capacity_memory_bytes) by (node) / 1024 / 1024 / 1024 * avg(node_ram_hourly_cost) by (node) * 730 * (1-$useDiscount/100)\n", - "format": "table", - "instant": true, - "intervalFactor": 1, - "refId": "C" - } - ], - "title": "Cost by node", - "transform": "table", - "type": "table" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "description": "Monthly run rate of attached disk + PV storage costs based on currently provisioned resources.", - "fill": 1, - "gridPos": { - "h": 9, - "w": 12, - "x": 12, - "y": 16 - }, - "id": 25, - "interval": "1m", - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(\n avg(kube_node_status_capacity_cpu_cores) by (node) * avg(node_cpu_hourly_cost) by (node) * 730 +\n avg(node_gpu_hourly_cost) by (node) * 730\n)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "cpu", - "refId": "B" - }, - { - "expr": "sum(\n avg(kube_node_status_capacity_memory_bytes) by (node) / 1024 / 1024 / 1024 * avg(node_ram_hourly_cost) by (node) * 730\n)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "memory", - "refId": "A" - }, - { - "expr": "sum(\n avg(avg_over_time(pv_hourly_cost[$timeRange] offset 1m)) by (persistentvolume) * 730 \n * avg(avg_over_time(kube_persistentvolume_capacity_bytes[$timeRange] offset 1m)) by (persistentvolume) / 1024 / 1024 / 1024\n) +\nsum(avg(container_fs_limit_bytes{device!=\"tmpfs\", id=\"/\"}) by (instance) / 1024 / 1024 / 1024) * $localStorageGBCost", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "storage", - "refId": "C" - }, - { - "expr": "SUM(rate(node_network_transmit_bytes_total{device=\"eth0\"}[60m]) / 1024 / 1024 / 1024 ) * (60 * 60 * 24 * 30) * $percentEgress * $egressCost ", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "network", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Cost by Resource", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "currencyUSD", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": false, - "schemaVersion": 16, - "style": "dark", - "tags": [ - "cost", - "utilization", - "metrics" - ], - "templating": { - "list": [ - { - "auto": true, - "auto_count": 1, - "auto_min": "1m", - "current": { - "text": "auto", - "value": "$__auto_interval_timeRange" - }, - "hide": 2, - "label": null, - "name": "timeRange", - "options": [ - { - "selected": true, - "text": "auto", - "value": "$__auto_interval_timeRange" - }, - { - "selected": false, - "text": "1h", - "value": "1h" - }, - { - "selected": false, - "text": "6h", - "value": "6h" - }, - { - "selected": false, - "text": "12h", - "value": "12h" - }, - { - "selected": false, - "text": "1d", - "value": "1d" - }, - { - "selected": false, - "text": "7d", - "value": "7d" - }, - { - "selected": false, - "text": "14d", - "value": "14d" - }, - { - "selected": false, - "text": "30d", - "value": "30d" - }, - { - "selected": false, - "text": "90d", - "value": "90d" - } - ], - "query": "1h,6h,12h,1d,7d,14d,30d,90d", - "refresh": 2, - "skipUrlSync": false, - "type": "interval" - }, - { - "current": { - "text": ".04", - "value": ".04" - }, - "hide": 2, - "label": "Cost per Gb hour for attached disks", - "name": "localStorageGBCost", - "options": [ - { - "selected": true, - "text": ".04", - "value": ".04" - } - ], - "query": ".04", - "skipUrlSync": false, - "type": "constant" - }, - { - "current": { - "tags": [], - "text": "0", - "value": "0" - }, - "hide": 0, - "label": "Sustained Use Discount %", - "name": "useDiscount", - "options": [ - { - "selected": true, - "text": "0", - "value": "0" - } - ], - "query": "0", - "skipUrlSync": false, - "type": "constant" - }, - { - "current": { - "text": ".1", - "value": ".1" - }, - "hide": 2, - "label": null, - "name": "percentEgress", - "options": [ - { - "selected": true, - "text": ".1", - "value": ".1" - } - ], - "query": ".1", - "skipUrlSync": false, - "type": "constant" - }, - { - "current": { - "text": ".12", - "value": ".12" - }, - "hide": 2, - "label": null, - "name": "egressCost", - "options": [ - { - "selected": true, - "text": ".12", - "value": ".12" - } - ], - "query": ".12", - "skipUrlSync": false, - "type": "constant" - } - ] - }, - "time": { - "from": "now-7d", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Kubecost cluster metrics", - "uid": "JOUdHGZZz", - "version": 20 -} diff --git a/charts/kubecost/cost-analyzer/1.70.000/cluster-utilization.json b/charts/kubecost/cost-analyzer/1.70.000/cluster-utilization.json deleted file mode 100755 index 0c3acfc76..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/cluster-utilization.json +++ /dev/null @@ -1,3473 +0,0 @@ -{ - "annotations":{ - "list":[ - { - "builtIn":1, - "datasource":"-- Grafana --", - "enable":true, - "hide":true, - "iconColor":"rgba(0, 211, 255, 1)", - "name":"Annotations & Alerts", - "type":"dashboard" - } - ] - }, - "description":"A dashboard to help manage Kubernetes cluster costs and resources", - "editable":true, - "gnetId":6873, - "graphTooltip":0, - "id":4, - "iteration":1556759633456, - "links":[ - - ], - "panels":[ - { - "content":"This dashboard shows monthly cost estimates for the cluster, based on **current** CPU, RAM and storage provisioned.", - "gridPos":{ - "h":2, - "w":24, - "x":0, - "y":0 - }, - "id":86, - "links":[ - - ], - "mode":"markdown", - "title":"", - "transparent":true, - "type":"text" - }, - { - "cacheTimeout":null, - "colorBackground":false, - "colorValue":false, - "colors":[ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource":"default-kubecost", - "decimals":2, - "format":"currencyUSD", - "gauge":{ - "maxValue":100, - "minValue":0, - "show":false, - "thresholdLabels":false, - "thresholdMarkers":true - }, - "gridPos":{ - "h":4, - "w":6, - "x":0, - "y":2 - }, - "hideTimeOverride":true, - "id":75, - "interval":null, - "links":[ - - ], - "mappingType":1, - "mappingTypes":[ - { - "name":"value to text", - "value":1 - }, - { - "name":"range to text", - "value":2 - } - ], - "maxDataPoints":100, - "nullPointMode":"connected", - "nullText":null, - "postfix":"", - "postfixFontSize":"50%", - "prefix":"", - "prefixFontSize":"50%", - "rangeMaps":[ - { - "from":"null", - "text":"N/A", - "to":"null" - } - ], - "sparkline":{ - "fillColor":"rgba(31, 118, 189, 0.18)", - "full":false, - "lineColor":"rgb(31, 120, 193)", - "show":false - }, - "tableColumn":"label_cloud_google_com_gke_preemptible", - "targets":[ - { - "expr":"sum(\n (\n (\n sum(kube_node_status_capacity_cpu_cores) by (node)\n * on (node) group_left (label_cloud_google_com_gke_preemptible)\n avg(kube_node_labels{label_cloud_google_com_gke_preemptible=\"true\"}) by (node)\n ) * $costpcpu\n )\n or\n (\n (\n sum(kube_node_status_capacity_cpu_cores) by (node)\n * on (node) group_left (label_cloud_google_com_gke_preemptible)\n avg(kube_node_labels{label_cloud_google_com_gke_preemptible!=\"true\"}) by (node)\n ) * ($costcpu - ($costcpu / 100 * $costDiscount))\n )\n) ", - "format":"time_series", - "instant":true, - "interval":"", - "intervalFactor":1, - "legendFormat":" {{ node }}", - "refId":"A" - } - ], - "thresholds":"", - "timeFrom":"15m", - "timeShift":null, - "title":"CPU Cost", - "type":"singlestat", - "valueFontSize":"80%", - "valueMaps":[ - { - "op":"=", - "text":"N/A", - "value":"null" - } - ], - "valueName":"current" - }, - { - "cacheTimeout":null, - "colorBackground":false, - "colorValue":false, - "colors":[ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource":"default-kubecost", - "decimals":2, - "format":"currencyUSD", - "gauge":{ - "maxValue":100, - "minValue":0, - "show":false, - "thresholdLabels":false, - "thresholdMarkers":true - }, - "gridPos":{ - "h":4, - "w":6, - "x":6, - "y":2 - }, - "hideTimeOverride":true, - "id":77, - "interval":null, - "links":[ - - ], - "mappingType":1, - "mappingTypes":[ - { - "name":"value to text", - "value":1 - }, - { - "name":"range to text", - "value":2 - } - ], - "maxDataPoints":100, - "nullPointMode":"connected", - "nullText":null, - "postfix":"", - "postfixFontSize":"50%", - "prefix":"", - "prefixFontSize":"50%", - "rangeMaps":[ - { - "from":"null", - "text":"N/A", - "to":"null" - } - ], - "sparkline":{ - "fillColor":"rgba(31, 118, 189, 0.18)", - "full":false, - "lineColor":"rgb(31, 120, 193)", - "show":false - }, - "tableColumn":"label_cloud_google_com_gke_preemptible", - "targets":[ - { - "expr":"sum(\n (\n (\n sum(kube_node_status_capacity_memory_bytes) by (node)\n * on (node) group_left (label_cloud_google_com_gke_preemptible)\n avg(kube_node_labels{label_cloud_google_com_gke_preemptible=\"true\"}) by (node)\n ) /1024/1024/1024 * $costpram\n )\n or\n (\n (\n sum(kube_node_status_capacity_memory_bytes) by (node)\n * on (node) group_left (label_cloud_google_com_gke_preemptible)\n avg(kube_node_labels{label_cloud_google_com_gke_preemptible!=\"true\"}) by (node)\n ) /1024/1024/1024 * ($costram - ($costram / 100 * $costDiscount))\n)\n) ", - "format":"time_series", - "instant":true, - "interval":"", - "intervalFactor":1, - "legendFormat":" {{ node }}", - "refId":"A" - } - ], - "thresholds":"", - "timeFrom":"15m", - "timeShift":null, - "title":"RAM Cost", - "type":"singlestat", - "valueFontSize":"80%", - "valueMaps":[ - { - "op":"=", - "text":"N/A", - "value":"null" - } - ], - "valueName":"current" - }, - { - "cacheTimeout":null, - "colorBackground":false, - "colorValue":false, - "colors":[ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource":"default-kubecost", - "decimals":2, - "format":"currencyUSD", - "gauge":{ - "maxValue":100, - "minValue":0, - "show":false, - "thresholdLabels":false, - "thresholdMarkers":true - }, - "gridPos":{ - "h":4, - "w":6, - "x":12, - "y":2 - }, - "hideTimeOverride":true, - "id":78, - "interval":null, - "links":[ - - ], - "mappingType":1, - "mappingTypes":[ - { - "name":"value to text", - "value":1 - }, - { - "name":"range to text", - "value":2 - } - ], - "maxDataPoints":100, - "nullPointMode":"connected", - "nullText":null, - "postfix":"", - "postfixFontSize":"50%", - "prefix":"", - "prefixFontSize":"50%", - "rangeMaps":[ - { - "from":"null", - "text":"N/A", - "to":"null" - } - ], - "sparkline":{ - "fillColor":"rgba(31, 118, 189, 0.18)", - "full":false, - "lineColor":"rgb(31, 120, 193)", - "show":false - }, - "tableColumn":"label_cloud_google_com_gke_preemptible", - "targets":[ - { - "expr":"sum (\n sum(kube_persistentvolumeclaim_info{storageclass=~\".*ssd.*\"}) by (persistentvolumeclaim, namespace, storageclass)\n + on (persistentvolumeclaim, namespace) group_right(storageclass)\n sum(kube_persistentvolumeclaim_resource_requests_storage_bytes) by (persistentvolumeclaim, namespace) or up * 0\n) / 1024 / 1024 /1024 * $costStorageSSD\n\n+\n\nsum (\n sum(kube_persistentvolumeclaim_info{storageclass!~\".*ssd.*\"}) by (persistentvolumeclaim, namespace, storageclass)\n + on (persistentvolumeclaim, namespace) group_right(storageclass)\n sum(kube_persistentvolumeclaim_resource_requests_storage_bytes) by (persistentvolumeclaim, namespace) or up * 0\n) / 1024 / 1024 /1024 * $costStorageStandard\n\n+ \n\nsum(container_fs_limit_bytes{id=\"/\"}) / 1024 / 1024 / 1024 * 1.03 * $costStorageStandard", - "format":"time_series", - "instant":true, - "interval":"", - "intervalFactor":1, - "legendFormat":" {{ node }}", - "refId":"A" - } - ], - "thresholds":"", - "timeFrom":"15m", - "timeShift":null, - "title":"Storage Cost (Cluster and PVC)", - "type":"singlestat", - "valueFontSize":"80%", - "valueMaps":[ - { - "op":"=", - "text":"N/A", - "value":"null" - } - ], - "valueName":"current" - }, - { - "cacheTimeout":null, - "colorBackground":false, - "colorValue":false, - "colors":[ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource":"default-kubecost", - "decimals":2, - "description":"Represents a near worst-case approximation of network costs.", - "format":"currencyUSD", - "gauge":{ - "maxValue":100, - "minValue":0, - "show":false, - "thresholdLabels":false, - "thresholdMarkers":true - }, - "gridPos":{ - "h":4, - "w":6, - "x":18, - "y":2 - }, - "hideTimeOverride":true, - "id":129, - "interval":null, - "links":[ - - ], - "mappingType":1, - "mappingTypes":[ - { - "name":"value to text", - "value":1 - }, - { - "name":"range to text", - "value":2 - } - ], - "maxDataPoints":100, - "nullPointMode":"connected", - "nullText":null, - "postfix":"", - "postfixFontSize":"50%", - "prefix":"", - "prefixFontSize":"50%", - "rangeMaps":[ - { - "from":"null", - "text":"N/A", - "to":"null" - } - ], - "sparkline":{ - "fillColor":"rgba(31, 118, 189, 0.18)", - "full":false, - "lineColor":"rgb(31, 120, 193)", - "show":false - }, - "tableColumn":"label_cloud_google_com_gke_preemptible", - "targets":[ - { - "expr":"SUM(rate(node_network_transmit_bytes_total{device=\"eth0\"}[60m]) / 1024 / 1024 / 1024 ) * (60 * 60 * 24 * 30) * $costEgress", - "format":"time_series", - "instant":true, - "interval":"", - "intervalFactor":1, - "legendFormat":" {{ node }}", - "refId":"A" - } - ], - "thresholds":"", - "timeFrom":"15m", - "timeShift":null, - "title":"Network Egress Cost", - "type":"singlestat", - "valueFontSize":"80%", - "valueMaps":[ - { - "op":"=", - "text":"N/A", - "value":"null" - } - ], - "valueName":"current" - }, - { - "cacheTimeout":null, - "colorBackground":false, - "colorValue":true, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(50, 172, 45, 0.97)", - "#c15c17" - ], - "datasource":"default-kubecost", - "decimals":2, - "description":"Current CPU use from applications divided by allocatable CPUs", - "editable":true, - "error":false, - "format":"percent", - "gauge":{ - "maxValue":100, - "minValue":0, - "show":true, - "thresholdLabels":false, - "thresholdMarkers":true - }, - "gridPos":{ - "h":4, - "w":3, - "x":0, - "y":6 - }, - "height":"180px", - "hideTimeOverride":true, - "id":82, - "interval":null, - "isNew":true, - "links":[ - - ], - "mappingType":1, - "mappingTypes":[ - { - "name":"value to text", - "value":1 - }, - { - "name":"range to text", - "value":2 - } - ], - "maxDataPoints":100, - "nullPointMode":"connected", - "nullText":null, - "postfix":"", - "postfixFontSize":"50%", - "prefix":"", - "prefixFontSize":"50%", - "rangeMaps":[ - { - "from":"null", - "text":"N/A", - "to":"null" - } - ], - "sparkline":{ - "fillColor":"rgba(31, 118, 189, 0.18)", - "full":false, - "lineColor":"rgb(31, 120, 193)", - "show":false - }, - "tableColumn":"", - "targets":[ - { - "expr":"(\n sum(\n count(irate(container_cpu_usage_seconds_total{id=\"/\"}[10m])) by (instance)\n * on (instance) \n sum(irate(container_cpu_usage_seconds_total{id=\"/\"}[10m])) by (instance)\n ) \n / \n (sum (kube_node_status_allocatable_cpu_cores))\n) * 100", - "format":"time_series", - "interval":"", - "intervalFactor":1, - "refId":"A", - "step":10 - } - ], - "thresholds":"30, 80", - "timeFrom":"", - "title":"CPU Utilization", - "type":"singlestat", - "valueFontSize":"80%", - "valueMaps":[ - { - "op":"=", - "text":"N/A", - "value":"null" - } - ], - "valueName":"current" - }, - { - "cacheTimeout":null, - "colorBackground":false, - "colorValue":true, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(50, 172, 45, 0.97)", - "#c15c17" - ], - "datasource":"default-kubecost", - "decimals":2, - "description":"Current CPU reservation requests from applications vs allocatable CPU", - "editable":true, - "error":false, - "format":"percent", - "gauge":{ - "maxValue":100, - "minValue":0, - "show":true, - "thresholdLabels":false, - "thresholdMarkers":true - }, - "gridPos":{ - "h":4, - "w":3, - "x":3, - "y":6 - }, - "height":"180px", - "id":91, - "interval":null, - "isNew":true, - "links":[ - - ], - "mappingType":1, - "mappingTypes":[ - { - "name":"value to text", - "value":1 - }, - { - "name":"range to text", - "value":2 - } - ], - "maxDataPoints":100, - "nullPointMode":"connected", - "nullText":null, - "postfix":"", - "postfixFontSize":"50%", - "prefix":"", - "prefixFontSize":"50%", - "rangeMaps":[ - { - "from":"null", - "text":"N/A", - "to":"null" - } - ], - "sparkline":{ - "fillColor":"rgba(31, 118, 189, 0.18)", - "full":false, - "lineColor":"rgb(31, 120, 193)", - "show":false - }, - "tableColumn":"", - "targets":[ - { - "expr":"SUM(kube_pod_container_resource_requests_cpu_cores) / SUM(kube_node_status_allocatable_cpu_cores) * 100", - "format":"time_series", - "interval":"", - "intervalFactor":1, - "refId":"A", - "step":10 - } - ], - "thresholds":"30, 80", - "title":"CPU Requests", - "type":"singlestat", - "valueFontSize":"80%", - "valueMaps":[ - { - "op":"=", - "text":"N/A", - "value":"null" - } - ], - "valueName":"current" - }, - { - "cacheTimeout":null, - "colorBackground":false, - "colorValue":true, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(50, 172, 45, 0.97)", - "#c15c17" - ], - "datasource":"default-kubecost", - "description":"Current RAM use vs RAM available", - "editable":true, - "error":false, - "format":"percent", - "gauge":{ - "maxValue":100, - "minValue":0, - "show":true, - "thresholdLabels":false, - "thresholdMarkers":true - }, - "gridPos":{ - "h":4, - "w":3, - "x":6, - "y":6 - }, - "height":"180px", - "hideTimeOverride":true, - "id":80, - "interval":null, - "isNew":true, - "links":[ - - ], - "mappingType":1, - "mappingTypes":[ - { - "name":"value to text", - "value":1 - }, - { - "name":"range to text", - "value":2 - } - ], - "maxDataPoints":100, - "nullPointMode":"connected", - "nullText":null, - "postfix":"", - "postfixFontSize":"50%", - "prefix":"", - "prefixFontSize":"50%", - "rangeMaps":[ - { - "from":"null", - "text":"N/A", - "to":"null" - } - ], - "sparkline":{ - "fillColor":"rgba(31, 118, 189, 0.18)", - "full":false, - "lineColor":"rgb(31, 120, 193)", - "show":false - }, - "tableColumn":"", - "targets":[ - { - "expr":"SUM(container_memory_usage_bytes{namespace!=\"\"}) / SUM(kube_node_status_allocatable_memory_bytes) * 100", - "format":"time_series", - "interval":"", - "intervalFactor":1, - "refId":"A", - "step":10 - }, - { - "expr":"", - "format":"time_series", - "intervalFactor":1, - "refId":"B" - } - ], - "thresholds":"30,80", - "timeFrom":"", - "title":"RAM Utilization", - "transparent":false, - "type":"singlestat", - "valueFontSize":"80%", - "valueMaps":[ - { - "op":"=", - "text":"N/A", - "value":"null" - } - ], - "valueName":"current" - }, - { - "cacheTimeout":null, - "colorBackground":false, - "colorValue":true, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(50, 172, 45, 0.97)", - "#c15c17" - ], - "datasource":"default-kubecost", - "description":"Current RAM requests vs RAM available", - "editable":true, - "error":false, - "format":"percent", - "gauge":{ - "maxValue":100, - "minValue":0, - "show":true, - "thresholdLabels":false, - "thresholdMarkers":true - }, - "gridPos":{ - "h":4, - "w":3, - "x":9, - "y":6 - }, - "height":"180px", - "id":92, - "interval":null, - "isNew":true, - "links":[ - - ], - "mappingType":1, - "mappingTypes":[ - { - "name":"value to text", - "value":1 - }, - { - "name":"range to text", - "value":2 - } - ], - "maxDataPoints":100, - "nullPointMode":"connected", - "nullText":null, - "postfix":"", - "postfixFontSize":"50%", - "prefix":"", - "prefixFontSize":"50%", - "rangeMaps":[ - { - "from":"null", - "text":"N/A", - "to":"null" - } - ], - "sparkline":{ - "fillColor":"rgba(31, 118, 189, 0.18)", - "full":false, - "lineColor":"rgb(31, 120, 193)", - "show":false - }, - "tableColumn":"", - "targets":[ - { - "expr":"(\n sum(kube_pod_container_resource_requests_memory_bytes{namespace!=\"\"})\n /\n sum(kube_node_status_allocatable_memory_bytes)\n) * 100", - "format":"time_series", - "interval":"", - "intervalFactor":1, - "refId":"A", - "step":10 - } - ], - "thresholds":"30,80", - "title":"RAM Requests", - "transparent":false, - "type":"singlestat", - "valueFontSize":"80%", - "valueMaps":[ - { - "op":"=", - "text":"N/A", - "value":"null" - } - ], - "valueName":"current" - }, - { - "cacheTimeout":null, - "colorBackground":false, - "colorValue":true, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(50, 172, 45, 0.97)", - "#c15c17" - ], - "datasource":"default-kubecost", - "decimals":2, - "description":"This gauge shows the current standard storage use, including cluster storage, vs storage available", - "editable":true, - "error":false, - "format":"percent", - "gauge":{ - "maxValue":100, - "minValue":0, - "show":true, - "thresholdLabels":false, - "thresholdMarkers":true - }, - "gridPos":{ - "h":4, - "w":3, - "x":12, - "y":6 - }, - "height":"180px", - "hideTimeOverride":true, - "id":95, - "interval":null, - "isNew":true, - "links":[ - - ], - "mappingType":1, - "mappingTypes":[ - { - "name":"value to text", - "value":1 - }, - { - "name":"range to text", - "value":2 - } - ], - "maxDataPoints":100, - "nullPointMode":"connected", - "nullText":null, - "postfix":"", - "postfixFontSize":"50%", - "prefix":"", - "prefixFontSize":"50%", - "rangeMaps":[ - { - "from":"null", - "text":"N/A", - "to":"null" - } - ], - "sparkline":{ - "fillColor":"rgba(31, 118, 189, 0.18)", - "full":false, - "lineColor":"rgb(31, 120, 193)", - "show":false - }, - "tableColumn":"", - "targets":[ - { - "expr":"sum (\n sum(kube_persistentvolumeclaim_info{storageclass!~\".*ssd.*\"}) by (persistentvolumeclaim, namespace, storageclass)\n + on (persistentvolumeclaim, namespace) group_right(storageclass)\n sum(kubelet_volume_stats_used_bytes) by (persistentvolumeclaim, namespace) or up * 0\n + sum(container_fs_usage_bytes{device=~\"^/dev/[sv]d[a-z][1-9]$\",id=\"/\"})\n) /\nsum (\n sum(kube_persistentvolumeclaim_info{storageclass!~\".*ssd.*\"}) by (persistentvolumeclaim, namespace, storageclass)\n + on (persistentvolumeclaim, namespace) group_right(storageclass)\n sum(kube_persistentvolumeclaim_resource_requests_storage_bytes) by (persistentvolumeclaim, namespace) or up * 0\n + sum(container_fs_limit_bytes{device=~\"^/dev/[sv]d[a-z][1-9]$\",id=\"/\"})\n) * 100", - "format":"time_series", - "interval":"", - "intervalFactor":1, - "refId":"A", - "step":10 - } - ], - "thresholds":"30, 80", - "timeFrom":"", - "title":"Storage Utilization", - "type":"singlestat", - "valueFontSize":"80%", - "valueMaps":[ - { - "op":"=", - "text":"N/A", - "value":"null" - } - ], - "valueName":"current" - }, - { - "cacheTimeout":null, - "colorBackground":false, - "colorValue":true, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(50, 172, 45, 0.97)", - "#c15c17" - ], - "datasource":"default-kubecost", - "decimals":2, - "description":"This gauge shows the current SSD use vs SSD available", - "editable":true, - "error":false, - "format":"percent", - "gauge":{ - "maxValue":100, - "minValue":0, - "show":true, - "thresholdLabels":false, - "thresholdMarkers":true - }, - "gridPos":{ - "h":4, - "w":3, - "x":15, - "y":6 - }, - "height":"180px", - "hideTimeOverride":true, - "id":96, - "interval":null, - "isNew":true, - "links":[ - - ], - "mappingType":1, - "mappingTypes":[ - { - "name":"value to text", - "value":1 - }, - { - "name":"range to text", - "value":2 - } - ], - "maxDataPoints":100, - "nullPointMode":"connected", - "nullText":null, - "postfix":"", - "postfixFontSize":"50%", - "prefix":"", - "prefixFontSize":"50%", - "rangeMaps":[ - { - "from":"null", - "text":"N/A", - "to":"null" - } - ], - "sparkline":{ - "fillColor":"rgba(31, 118, 189, 0.18)", - "full":false, - "lineColor":"rgb(31, 120, 193)", - "show":false - }, - "tableColumn":"", - "targets":[ - { - "expr":"sum (\n sum(kube_persistentvolumeclaim_info{storageclass=~\".*ssd.*\"}) by (persistentvolumeclaim, namespace, storageclass)\n + on (persistentvolumeclaim, namespace) group_right(storageclass)\n sum(kubelet_volume_stats_used_bytes) by (persistentvolumeclaim, namespace)\n) /\nsum (\n sum(kube_persistentvolumeclaim_info{storageclass=~\".*ssd.*\"}) by (persistentvolumeclaim, namespace, storageclass)\n + on (persistentvolumeclaim, namespace) group_right(storageclass)\n sum(kube_persistentvolumeclaim_resource_requests_storage_bytes) by (persistentvolumeclaim, namespace)\n) * 100", - "format":"time_series", - "interval":"", - "intervalFactor":1, - "refId":"A", - "step":10 - } - ], - "thresholds":"30, 80", - "timeFrom":"", - "title":"SSD Utilization", - "type":"singlestat", - "valueFontSize":"80%", - "valueMaps":[ - { - "op":"=", - "text":"N/A", - "value":"null" - } - ], - "valueName":"current" - }, - { - "cacheTimeout":null, - "colorBackground":false, - "colorValue":false, - "colors":[ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource":"default-kubecost", - "decimals":2, - "description":"Expected monthly cost given current CPU, memory storage, and network resource consumption", - "format":"currencyUSD", - "gauge":{ - "maxValue":100, - "minValue":0, - "show":false, - "thresholdLabels":false, - "thresholdMarkers":true - }, - "gridPos":{ - "h":4, - "w":6, - "x":18, - "y":6 - }, - "hideTimeOverride":true, - "id":93, - "interval":null, - "links":[ - - ], - "mappingType":1, - "mappingTypes":[ - { - "name":"value to text", - "value":1 - }, - { - "name":"range to text", - "value":2 - } - ], - "maxDataPoints":100, - "nullPointMode":"connected", - "nullText":null, - "postfix":"", - "postfixFontSize":"50%", - "prefix":"", - "prefixFontSize":"50%", - "rangeMaps":[ - { - "from":"null", - "text":"N/A", - "to":"null" - } - ], - "sparkline":{ - "fillColor":"rgba(31, 118, 189, 0.18)", - "full":false, - "lineColor":"rgb(31, 120, 193)", - "show":false - }, - "tableColumn":"label_cloud_google_com_gke_preemptible", - "targets":[ - { - "expr":"# CPU\nsum(\n (\n (\n sum(kube_node_status_capacity_cpu_cores) by (node)\n * on (node) group_left (label_cloud_google_com_gke_preemptible)\n avg(kube_node_labels{label_cloud_google_com_gke_preemptible=\"true\"}) by (node)\n ) * $costpcpu\n )\n or\n (\n (\n sum(kube_node_status_capacity_cpu_cores) by (node)\n * on (node) group_left (label_cloud_google_com_gke_preemptible)\n avg(kube_node_labels{label_cloud_google_com_gke_preemptible!=\"true\"}) by (node)\n ) * ($costcpu - ($costcpu / 100 * $costDiscount))\n )\n) \n\n+ \n\n# Storage\nsum (\n sum(kube_persistentvolumeclaim_info{storageclass=~\".*ssd.*\"}) by (persistentvolumeclaim, namespace, storageclass)\n + on (persistentvolumeclaim, namespace) group_right(storageclass)\n sum(kube_persistentvolumeclaim_resource_requests_storage_bytes) by (persistentvolumeclaim, namespace) or up * 0\n) / 1024 / 1024 /1024 * $costStorageSSD\n\n+\n\nsum (\n sum(kube_persistentvolumeclaim_info{storageclass!~\".*ssd.*\"}) by (persistentvolumeclaim, namespace, storageclass)\n + on (persistentvolumeclaim, namespace) group_right(storageclass)\n sum(kube_persistentvolumeclaim_resource_requests_storage_bytes) by (persistentvolumeclaim, namespace) or up * 0\n) / 1024 / 1024 /1024 * $costStorageStandard\n\n+ \n\nsum(container_fs_limit_bytes{id=\"/\"}) / 1024 / 1024 / 1024 * 1.03 * $costStorageStandard \n\n+\n\n# END STORAGE\n# RAM \nsum(\n (\n (\n sum(kube_node_status_capacity_memory_bytes) by (node)\n * on (node) group_left (label_cloud_google_com_gke_preemptible)\n avg(kube_node_labels{label_cloud_google_com_gke_preemptible=\"true\"}) by (node)\n ) /1024/1024/1024 * $costpram\n )\n or\n (\n (\n sum(kube_node_status_capacity_memory_bytes) by (node)\n * on (node) group_left (label_cloud_google_com_gke_preemptible)\n avg(kube_node_labels{label_cloud_google_com_gke_preemptible!=\"true\"}) by (node)\n ) /1024/1024/1024 * ($costram - ($costram / 100 * $costDiscount))\n)\n)\n\n+\n\n#Network \nSUM(rate(node_network_transmit_bytes_total{device=\"eth0\"}[60m]) / 1024 / 1024 / 1024 ) * (60 * 60 * 24 * 30) * $costEgress", - "format":"time_series", - "instant":true, - "interval":"", - "intervalFactor":1, - "legendFormat":" {{ node }}", - "refId":"A" - } - ], - "thresholds":"", - "timeFrom":"15m", - "timeShift":null, - "title":"Total Monthly Cost", - "type":"singlestat", - "valueFontSize":"120%", - "valueMaps":[ - { - "op":"=", - "text":"N/A", - "value":"null" - } - ], - "valueName":"current" - }, - { - "aliasColors":{ - - }, - "bars":false, - "dashLength":10, - "dashes":false, - "datasource":"default-kubecost", - "description":"Expected monthly CPU, memory and storage costs given provisioned resources", - "fill":1, - "gridPos":{ - "h":8, - "w":12, - "x":0, - "y":10 - }, - "id":120, - "legend":{ - "avg":false, - "current":false, - "max":false, - "min":false, - "show":false, - "total":false, - "values":false - }, - "lines":true, - "linewidth":1, - "links":[ - - ], - "nullPointMode":"null", - "percentage":false, - "pointradius":5, - "points":false, - "renderer":"flot", - "seriesOverrides":[ - - ], - "spaceLength":10, - "stack":false, - "steppedLine":false, - "targets":[ - { - "expr":"# CPU\nsum(\n (\n (\n sum(kube_node_status_capacity_cpu_cores) by (node)\n * on (node) group_left (label_cloud_google_com_gke_preemptible)\n avg(kube_node_labels{label_cloud_google_com_gke_preemptible=\"true\"}) by (node)\n ) * $costpcpu\n )\n or\n (\n (\n sum(kube_node_status_capacity_cpu_cores) by (node)\n * on (node) group_left (label_cloud_google_com_gke_preemptible)\n avg(kube_node_labels{label_cloud_google_com_gke_preemptible!=\"true\"}) by (node)\n ) * ($costcpu - ($costcpu / 100 * $costDiscount))\n )\n) \n\n+ \n\n# Storage\nsum (\n sum(kube_persistentvolumeclaim_info{storageclass=~\".*ssd.*\"}) by (persistentvolumeclaim, namespace, storageclass)\n + on (persistentvolumeclaim, namespace) group_right(storageclass)\n sum(kube_persistentvolumeclaim_resource_requests_storage_bytes) by (persistentvolumeclaim, namespace) or up * 0\n) / 1024 / 1024 /1024 * $costStorageSSD\n\n+\n\nsum (\n sum(kube_persistentvolumeclaim_info{storageclass!~\".*ssd.*\"}) by (persistentvolumeclaim, namespace, storageclass)\n + on (persistentvolumeclaim, namespace) group_right(storageclass)\n sum(kube_persistentvolumeclaim_resource_requests_storage_bytes) by (persistentvolumeclaim, namespace) or up * 0\n) / 1024 / 1024 /1024 * $costStorageStandard\n\n+ \n\nsum(container_fs_limit_bytes{id=\"/\"}) / 1024 / 1024 / 1024 * 1.03 * $costStorageStandard \n\n+\n\n# END STORAGE\n# RAM \nsum(\n (\n (\n sum(kube_node_status_capacity_memory_bytes) by (node)\n * on (node) group_left (label_cloud_google_com_gke_preemptible)\n avg(kube_node_labels{label_cloud_google_com_gke_preemptible=\"true\"}) by (node)\n ) /1024/1024/1024 * $costpram\n )\n or\n (\n (\n sum(kube_node_status_capacity_memory_bytes) by (node)\n * on (node) group_left (label_cloud_google_com_gke_preemptible)\n avg(kube_node_labels{label_cloud_google_com_gke_preemptible!=\"true\"}) by (node)\n ) /1024/1024/1024 * ($costram - ($costram / 100 * $costDiscount))\n)\n) \n\n+\n\n#Network \nSUM(rate(node_network_transmit_bytes_total{device=\"eth0\"}[60m]) / 1024 / 1024 / 1024 ) * (60 * 60 * 24 * 30) * $costEgress", - "format":"time_series", - "intervalFactor":1, - "legendFormat":"cluster cost", - "refId":"A" - } - ], - "thresholds":[ - - ], - "timeFrom":null, - "timeShift":null, - "title":"Total monthly cost", - "tooltip":{ - "shared":true, - "sort":0, - "value_type":"individual" - }, - "type":"graph", - "xaxis":{ - "buckets":null, - "mode":"time", - "name":null, - "show":true, - "values":[ - - ] - }, - "yaxes":[ - { - "format":"currencyUSD", - "label":null, - "logBase":1, - "max":null, - "min":null, - "show":true - }, - { - "format":"short", - "label":null, - "logBase":1, - "max":null, - "min":null, - "show":true - } - ], - "yaxis":{ - "align":false, - "alignLevel":null - } - }, - { - "columns":[ - { - "text":"Avg", - "value":"avg" - } - ], - "datasource":"default-kubecost", - "description":"Resources allocated to namespace based on container requests", - "fontSize":"100%", - "gridPos":{ - "h":8, - "w":12, - "x":12, - "y":10 - }, - "hideTimeOverride":false, - "id":73, - "links":[ - - ], - "pageSize":10, - "repeat":null, - "repeatDirection":"v", - "scroll":true, - "showHeader":true, - "sort":{ - "col":7, - "desc":true - }, - "styles":[ - { - "alias":"Namespace", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(50, 172, 45, 0.97)", - "#c15c17" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "link":true, - "linkTooltip":"View namespace cost metrics", - "linkUrl":"d/at-cost-analysis-namespace2/namespace-cost-metrics?&var-namespace=$__cell", - "pattern":"namespace", - "thresholds":[ - "30", - "80" - ], - "type":"string", - "unit":"currencyUSD" - }, - { - "alias":"RAM", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "pattern":"Value #B", - "thresholds":[ - - ], - "type":"number", - "unit":"currencyUSD" - }, - { - "alias":"CPU", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Value #A", - "thresholds":[ - - ], - "type":"number", - "unit":"currencyUSD" - }, - { - "alias":"", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Time", - "thresholds":[ - - ], - "type":"hidden", - "unit":"short" - }, - { - "alias":"PV Storage", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Value #C", - "thresholds":[ - - ], - "type":"number", - "unit":"currencyUSD" - }, - { - "alias":"Total", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Value #D", - "thresholds":[ - - ], - "type":"number", - "unit":"currencyUSD" - }, - { - "alias":"CPU Utilization", - "colorMode":"value", - "colors":[ - "#bf1b00", - "rgba(50, 172, 45, 0.97)", - "#ef843c" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Value #E", - "thresholds":[ - "30", - "80" - ], - "type":"number", - "unit":"percent" - }, - { - "alias":"RAM Utilization", - "colorMode":"value", - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(50, 172, 45, 0.97)", - "#ef843c" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Value #F", - "thresholds":[ - "30", - "80" - ], - "type":"number", - "unit":"percent" - } - ], - "targets":[ - { - "expr":"(\n sum(kube_pod_container_resource_requests_cpu_cores{namespace!=\"\",namespace!=\"kube-system\",cloud_google_com_gke_preemptible!=\"true\"}*($costcpu - ($costcpu / 100 * $costDiscount))) by(namespace)\n or\n count(\n count(container_spec_cpu_shares{namespace!=\"\",namespace!=\"kube-system\"}) by(namespace)\n ) by(namespace) -1\n)\n\n+\n\n(\n sum(kube_pod_container_resource_requests_cpu_cores{namespace!=\"\",namespace!=\"kube-system\",cloud_google_com_gke_preemptible=\"true\"}*$costpcpu) by(namespace)\n or\n count(\n count(container_spec_cpu_shares{namespace!=\"\",namespace!=\"kube-system\"}) by(namespace)\n ) by(namespace) -1\n)", - "format":"table", - "hide":false, - "instant":true, - "interval":"", - "intervalFactor":1, - "legendFormat":"{{ namespace }}", - "refId":"A" - }, - { - "expr":"(\n sum(kube_pod_container_resource_requests_memory_bytes{namespace!=\"\",namespace!=\"kube-system\",cloud_google_com_gke_preemptible!=\"true\"} / 1024 / 1024 / 1024*($costram- ($costram / 100 * $costDiscount))) by (namespace) \n or\n count(\n count(container_spec_memory_limit_bytes{namespace!=\"\",namespace!=\"kube-system\"}) by(namespace)\n ) by(namespace) -1\n)\n\n+\n\n(\n sum(kube_pod_container_resource_requests_memory_bytes{namespace!=\"\",namespace!=\"kube-system\",cloud_google_com_gke_preemptible=\"true\"} / 1024 / 1024 / 1024 * $costpram ) by (namespace) \n or\n count(\n count(container_spec_memory_limit_bytes{namespace!=\"\",namespace!=\"kube-system\"}) by(namespace)\n ) by(namespace) -1\n)", - "format":"table", - "instant":true, - "intervalFactor":1, - "legendFormat":"{{ namespace }}", - "refId":"B" - }, - { - "expr":"sum (\n sum(kube_persistentvolumeclaim_info{storageclass=~\".*ssd.*\"}) by (persistentvolumeclaim, namespace, storageclass)\n + on (persistentvolumeclaim, namespace) group_right(storageclass)\n sum(kube_persistentvolumeclaim_resource_requests_storage_bytes) by (persistentvolumeclaim, namespace) \n) by (namespace) / 1024 / 1024 /1024 * $costStorageSSD \n\nor\n\nsum (\n sum(kube_persistentvolumeclaim_info{storageclass!~\".*ssd.*\"}) by (persistentvolumeclaim, namespace, storageclass)\n + on (persistentvolumeclaim, namespace) group_right(storageclass)\n sum(kube_persistentvolumeclaim_resource_requests_storage_bytes) by (persistentvolumeclaim, namespace) \n) by (namespace) / 1024 / 1024 /1024 * $costStorageStandard", - "format":"table", - "instant":true, - "intervalFactor":1, - "legendFormat":"{{ namespace }}", - "refId":"C" - }, - { - "expr":"# CPU \n(\n sum(kube_pod_container_resource_requests_cpu_cores{namespace!=\"\",namespace!=\"kube-system\",cloud_google_com_gke_preemptible!=\"true\"}*($costcpu - ($costcpu / 100 * $costDiscount))) by(namespace)\n or\n count(\n count(container_spec_cpu_shares{namespace!=\"\",namespace!=\"kube-system\"}) by(namespace)\n ) by(namespace) -1\n)\n\n+\n\n(\n sum(kube_pod_container_resource_requests_cpu_cores{namespace!=\"\",namespace!=\"kube-system\",cloud_google_com_gke_preemptible=\"true\"}*$costpcpu) by(namespace)\n or\n count(\n count(container_spec_cpu_shares{namespace!=\"\",namespace!=\"kube-system\"}) by(namespace)\n ) by(namespace) -1\n)\n\n+\n\n#END CPU \n# Memory \n\n(\n sum(kube_pod_container_resource_requests_memory_bytes{namespace!=\"\",namespace!=\"kube-system\",cloud_google_com_gke_preemptible!=\"true\"} / 1024 / 1024 / 1024*($costram- ($costram / 100 * $costDiscount))) by (namespace) \n or\n count(\n count(container_spec_memory_limit_bytes{namespace!=\"\",namespace!=\"kube-system\"}) by(namespace)\n ) by(namespace) -1\n)\n\n+\n\n(\n sum(kube_pod_container_resource_requests_memory_bytes{namespace!=\"\",namespace!=\"kube-system\",cloud_google_com_gke_preemptible=\"true\"} / 1024 / 1024 / 1024 * $costpram ) by (namespace) \n or\n count(\n count(container_spec_memory_limit_bytes{namespace!=\"\",namespace!=\"kube-system\"}) by(namespace)\n ) by(namespace) -1\n)\n\n+\n\n# PV storage\n\n(\nsum (\n sum(kube_persistentvolumeclaim_info{storageclass=~\".*ssd.*\"}) by (persistentvolumeclaim, namespace, storageclass)\n + on (persistentvolumeclaim, namespace) group_right(storageclass)\n sum(kube_persistentvolumeclaim_resource_requests_storage_bytes) by (persistentvolumeclaim, namespace) \n) by (namespace) / 1024 / 1024 /1024 * $costStorageSSD \n\nor\n\nsum (\n sum(kube_persistentvolumeclaim_info{storageclass!~\".*ssd.*\"}) by (persistentvolumeclaim, namespace, storageclass)\n + on (persistentvolumeclaim, namespace) group_right(storageclass)\n sum(kube_persistentvolumeclaim_resource_requests_storage_bytes) by (persistentvolumeclaim, namespace) \n) by (namespace) / 1024 / 1024 /1024 * $costStorageStandard \n)", - "format":"table", - "instant":true, - "intervalFactor":1, - "legendFormat":"Total", - "refId":"D" - } - ], - "timeFrom":"", - "timeShift":null, - "title":"Namespace cost allocation", - "transform":"table", - "transparent":false, - "type":"table" - }, - { - "collapsed":false, - "gridPos":{ - "h":1, - "w":24, - "x":0, - "y":18 - }, - "id":108, - "panels":[ - - ], - "title":"CPU Metrics", - "type":"row" - }, - { - "aliasColors":{ - - }, - "bars":false, - "dashLength":10, - "dashes":false, - "datasource":"default-kubecost", - "fill":1, - "gridPos":{ - "h":8, - "w":24, - "x":0, - "y":19 - }, - "id":116, - "legend":{ - "alignAsTable":false, - "avg":false, - "current":false, - "max":false, - "min":false, - "rightSide":false, - "show":true, - "total":false, - "values":false - }, - "lines":true, - "linewidth":1, - "links":[ - - ], - "nullPointMode":"null", - "percentage":false, - "pointradius":5, - "points":false, - "renderer":"flot", - "seriesOverrides":[ - - ], - "spaceLength":10, - "stack":false, - "steppedLine":false, - "targets":[ - { - "expr":"SUM(kube_node_status_capacity_cpu_cores)", - "format":"time_series", - "intervalFactor":1, - "legendFormat":"capacity", - "refId":"A" - }, - { - "expr":"SUM(kube_pod_container_resource_requests_cpu_cores)", - "format":"time_series", - "intervalFactor":1, - "legendFormat":"requests", - "refId":"C" - }, - { - "expr":"SUM(irate(container_cpu_usage_seconds_total{id=\"/\"}[5m]))", - "format":"time_series", - "intervalFactor":1, - "legendFormat":"usage", - "refId":"B" - }, - { - "expr":"SUM(kube_pod_container_resource_limits_cpu_cores) ", - "format":"time_series", - "intervalFactor":1, - "legendFormat":"limits", - "refId":"D" - } - ], - "thresholds":[ - - ], - "timeFrom":null, - "timeShift":null, - "title":"Cluster CPUs", - "tooltip":{ - "shared":true, - "sort":0, - "value_type":"individual" - }, - "type":"graph", - "xaxis":{ - "buckets":null, - "mode":"time", - "name":null, - "show":true, - "values":[ - - ] - }, - "yaxes":[ - { - "decimals":1, - "format":"short", - "label":null, - "logBase":1, - "max":null, - "min":null, - "show":true - }, - { - "format":"short", - "label":null, - "logBase":1, - "max":null, - "min":null, - "show":true - } - ], - "yaxis":{ - "align":false, - "alignLevel":null - } - }, - { - "aliasColors":{ - - }, - "bars":false, - "dashLength":10, - "dashes":false, - "datasource":"default-kubecost", - "fill":1, - "gridPos":{ - "h":8, - "w":24, - "x":0, - "y":27 - }, - "id":130, - "legend":{ - "avg":false, - "current":false, - "max":false, - "min":false, - "show":true, - "total":false, - "values":false - }, - "lines":true, - "linewidth":1, - "links":[ - - ], - "nullPointMode":"null", - "percentage":false, - "pointradius":5, - "points":false, - "renderer":"flot", - "seriesOverrides":[ - - ], - "spaceLength":10, - "stack":false, - "steppedLine":false, - "targets":[ - { - "expr":"avg(irate(node_cpu_seconds_total{mode!=\"idle\"}[5m])) by (mode) * 100", - "format":"time_series", - "intervalFactor":1, - "legendFormat":"{{mode}}", - "refId":"A" - } - ], - "thresholds":[ - - ], - "timeFrom":null, - "timeShift":null, - "title":"CPU Mode", - "tooltip":{ - "shared":true, - "sort":0, - "value_type":"individual" - }, - "type":"graph", - "xaxis":{ - "buckets":null, - "mode":"time", - "name":null, - "show":true, - "values":[ - - ] - }, - "yaxes":[ - { - "format":"percent", - "label":null, - "logBase":1, - "max":null, - "min":null, - "show":true - }, - { - "format":"percent", - "label":null, - "logBase":1, - "max":null, - "min":null, - "show":false - } - ], - "yaxis":{ - "align":false, - "alignLevel":null - } - }, - { - "columns":[ - { - "text":"Avg", - "value":"avg" - } - ], - "datasource":"default-kubecost", - "description":"This table shows the comparison of CPU requests and usage by namespace", - "fontSize":"100%", - "gridPos":{ - "h":10, - "w":12, - "x":0, - "y":35 - }, - "hideTimeOverride":true, - "id":104, - "links":[ - - ], - "pageSize":8, - "repeatDirection":"v", - "scroll":true, - "showHeader":true, - "sort":{ - "col":1, - "desc":true - }, - "styles":[ - { - "alias":"CPU Requests", - "colorMode":null, - "colors":[ - "#fceaca", - "#fce2de", - "rgba(245, 54, 54, 0.9)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Value #A", - "thresholds":[ - "" - ], - "type":"number", - "unit":"short" - }, - { - "alias":"Node", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"node", - "thresholds":[ - - ], - "type":"string", - "unit":"short" - }, - { - "alias":"", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Time", - "thresholds":[ - - ], - "type":"hidden", - "unit":"short" - }, - { - "alias":"CPU Requests", - "colorMode":"value", - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(50, 172, 45, 0.97)", - "#cffaff" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Value #B", - "thresholds":[ - "" - ], - "type":"number", - "unit":"short" - }, - { - "alias":"24h CPU Usage", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Value #C", - "thresholds":[ - "30" - ], - "type":"number", - "unit":"none" - }, - { - "alias":"", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "link":true, - "linkTooltip":"View namespace cost metrics", - "linkUrl":"d/at-cost-analysis-namespace2/namespace-cost-metrics?&var-namespace=$__cell", - "mappingType":1, - "pattern":"namespace", - "thresholds":[ - - ], - "type":"number", - "unit":"short" - } - ], - "targets":[ - { - "expr":"sum(kube_pod_container_resource_requests_cpu_cores{namespace!=\"\"}) by (namespace) ", - "format":"table", - "hide":false, - "instant":true, - "interval":"", - "intervalFactor":1, - "legendFormat":"", - "refId":"A" - }, - { - "expr":"sum (rate (container_cpu_usage_seconds_total{image!=\"\",namespace!=\"\"}[24h])) by (namespace)", - "format":"table", - "instant":true, - "intervalFactor":1, - "legendFormat":"{{ namespace }}", - "refId":"C" - } - ], - "timeFrom":null, - "timeShift":null, - "title":"CPU request utilization by namespace", - "transform":"table", - "transparent":false, - "type":"table" - }, - { - "columns":[ - { - "text":"Avg", - "value":"avg" - } - ], - "datasource":"default-kubecost", - "description":"This table shows the comparison of application CPU usage vs the capacity of the node (measured over last 60 minutes)", - "fontSize":"100%", - "gridPos":{ - "h":10, - "w":12, - "x":12, - "y":35 - }, - "hideTimeOverride":true, - "id":90, - "links":[ - - ], - "pageSize":8, - "repeatDirection":"v", - "scroll":true, - "showHeader":true, - "sort":{ - "col":2, - "desc":true - }, - "styles":[ - { - "alias":"CPU Request Utilization", - "colorMode":"value", - "colors":[ - "#ef843c", - "rgba(50, 172, 45, 0.97)", - "rgba(245, 54, 54, 0.9)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Value #A", - "thresholds":[ - ".30", - " .80" - ], - "type":"number", - "unit":"percentunit" - }, - { - "alias":"Node", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"node", - "thresholds":[ - - ], - "type":"string", - "unit":"short" - }, - { - "alias":"", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Time", - "thresholds":[ - - ], - "type":"hidden", - "unit":"short" - }, - { - "alias":"CPU Utilization", - "colorMode":"value", - "colors":[ - "#ef843c", - "rgba(50, 172, 45, 0.97)", - "rgba(245, 54, 54, 0.9)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Value #B", - "thresholds":[ - ".20", - " .80" - ], - "type":"number", - "unit":"percentunit" - }, - { - "alias":"24h Utilization ", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Value", - "thresholds":[ - - ], - "type":"number", - "unit":"percentunit" - } - ], - "targets":[ - { - "expr":"SUM(\nSUM(rate(container_cpu_usage_seconds_total[24h])) by (pod_name)\n* on (pod_name) group_left (node) \nlabel_replace(\n avg(kube_pod_info{}),\n \"pod_name\", \n \"$1\", \n \"pod\", \n \"(.+)\"\n)\n) by (node) \n/ \nsum(kube_node_status_capacity_cpu_cores) by (node)", - "format":"table", - "instant":true, - "intervalFactor":1, - "refId":"B" - }, - { - "expr":"sum(kube_pod_container_resource_requests_cpu_cores) by (node) / sum(kube_node_status_capacity_cpu_cores) by (node)", - "format":"table", - "instant":true, - "intervalFactor":1, - "refId":"A" - } - ], - "timeFrom":null, - "timeShift":null, - "title":"Cluster cost & utilization by node", - "transform":"table", - "transparent":false, - "type":"table" - }, - { - "collapsed":false, - "gridPos":{ - "h":1, - "w":24, - "x":0, - "y":45 - }, - "id":113, - "panels":[ - - ], - "title":"Memory Metrics", - "type":"row" - }, - { - "aliasColors":{ - - }, - "bars":false, - "dashLength":10, - "dashes":false, - "datasource":"default-kubecost", - "fill":1, - "gridPos":{ - "h":8, - "w":24, - "x":0, - "y":46 - }, - "id":117, - "legend":{ - "avg":false, - "current":false, - "max":false, - "min":false, - "show":false, - "total":false, - "values":false - }, - "lines":true, - "linewidth":1, - "links":[ - - ], - "nullPointMode":"null", - "percentage":false, - "pointradius":5, - "points":false, - "renderer":"flot", - "seriesOverrides":[ - - ], - "spaceLength":10, - "stack":false, - "steppedLine":false, - "targets":[ - { - "expr":"SUM(kube_node_status_capacity_memory_bytes / 1024 / 1024 / 1024)", - "format":"time_series", - "intervalFactor":1, - "legendFormat":"capacity", - "refId":"A" - }, - { - "expr":"SUM(kube_pod_container_resource_requests_memory_bytes{namespace!=\"\"} / 1024 / 1024 / 1024)", - "format":"time_series", - "intervalFactor":1, - "legendFormat":"requests", - "refId":"C" - }, - { - "expr":"SUM(container_memory_usage_bytes{image!=\"\"} / 1024 / 1024 / 1024)", - "format":"time_series", - "intervalFactor":1, - "legendFormat":"usage", - "refId":"B" - }, - { - "expr":"SUM(kube_pod_container_resource_limits_memory_bytes {namespace!=\"\"} / 1024 / 1024 / 1024)", - "format":"time_series", - "intervalFactor":1, - "legendFormat":"limits", - "refId":"D" - } - ], - "thresholds":[ - - ], - "timeFrom":null, - "timeShift":null, - "title":"Cluster memory (GB)", - "tooltip":{ - "shared":true, - "sort":0, - "value_type":"individual" - }, - "type":"graph", - "xaxis":{ - "buckets":null, - "mode":"time", - "name":null, - "show":true, - "values":[ - - ] - }, - "yaxes":[ - { - "format":"decgbytes", - "label":null, - "logBase":1, - "max":null, - "min":null, - "show":true - }, - { - "format":"short", - "label":null, - "logBase":1, - "max":null, - "min":null, - "show":true - } - ], - "yaxis":{ - "align":false, - "alignLevel":null - } - }, - { - "aliasColors":{ - - }, - "bars":false, - "dashLength":10, - "dashes":false, - "datasource":"default-kubecost", - "fill":1, - "gridPos":{ - "h":8, - "w":24, - "x":0, - "y":54 - }, - "id":131, - "legend":{ - "avg":false, - "current":false, - "max":false, - "min":false, - "show":false, - "total":false, - "values":false - }, - "lines":true, - "linewidth":1, - "links":[ - - ], - "nullPointMode":"null", - "percentage":false, - "pointradius":5, - "points":false, - "renderer":"flot", - "seriesOverrides":[ - - ], - "spaceLength":10, - "stack":false, - "steppedLine":false, - "targets":[ - { - "expr":"1 - sum(node_memory_MemAvailable_bytes) by (node) / sum(node_memory_MemTotal_bytes) by (node)", - "format":"time_series", - "intervalFactor":1, - "legendFormat":"usage", - "refId":"A" - } - ], - "thresholds":[ - - ], - "timeFrom":null, - "timeShift":null, - "title":"Cluster Memory Utilization", - "tooltip":{ - "shared":true, - "sort":0, - "value_type":"individual" - }, - "type":"graph", - "xaxis":{ - "buckets":null, - "mode":"time", - "name":null, - "show":true, - "values":[ - - ] - }, - "yaxes":[ - { - "format":"percentunit", - "label":null, - "logBase":1, - "max":null, - "min":null, - "show":true - }, - { - "format":"short", - "label":null, - "logBase":1, - "max":null, - "min":null, - "show":true - } - ], - "yaxis":{ - "align":false, - "alignLevel":null - } - }, - { - "columns":[ - { - "text":"Avg", - "value":"avg" - } - ], - "datasource":"default-kubecost", - "description":"Comparison of memory requests and current usage by namespace", - "fontSize":"100%", - "gridPos":{ - "h":10, - "w":12, - "x":0, - "y":62 - }, - "hideTimeOverride":true, - "id":109, - "links":[ - - ], - "pageSize":7, - "repeatDirection":"v", - "scroll":true, - "showHeader":true, - "sort":{ - "col":1, - "desc":true - }, - "styles":[ - { - "alias":"Mem Requests (GB)", - "colorMode":null, - "colors":[ - "#fceaca", - "#fce2de", - "rgba(245, 54, 54, 0.9)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Value #A", - "thresholds":[ - "" - ], - "type":"number", - "unit":"short" - }, - { - "alias":"Node", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"node", - "thresholds":[ - - ], - "type":"string", - "unit":"short" - }, - { - "alias":"", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Time", - "thresholds":[ - - ], - "type":"hidden", - "unit":"short" - }, - { - "alias":"CPU Requests", - "colorMode":"value", - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(50, 172, 45, 0.97)", - "#cffaff" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Value #B", - "thresholds":[ - "" - ], - "type":"number", - "unit":"short" - }, - { - "alias":"24h Mem Usage", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "#508642", - "#e5ac0e" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Value #C", - "thresholds":[ - ".30", - ".75" - ], - "type":"number", - "unit":"none" - }, - { - "alias":"Namespace", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "link":true, - "linkTooltip":"View namespace cost metrics", - "linkUrl":"d/at-cost-analysis-namespace2/namespace-cost-metrics?&var-namespace=$__cell", - "mappingType":1, - "pattern":"namespace", - "thresholds":[ - - ], - "type":"number", - "unit":"short" - } - ], - "targets":[ - { - "expr":"sum(kube_pod_container_resource_requests_memory_bytes{namespace!=\"\"} / 1024 / 1024 / 1024) by (namespace) ", - "format":"table", - "hide":false, - "instant":true, - "interval":"", - "intervalFactor":1, - "legendFormat":"", - "refId":"A" - }, - { - "expr":"SUM(container_memory_usage_bytes{image!=\"\",namespace!=\"\"} / 1024 / 1024 / 1024) by (namespace)", - "format":"table", - "instant":true, - "intervalFactor":1, - "legendFormat":"", - "refId":"C" - } - ], - "timeFrom":null, - "timeShift":null, - "title":"Memory requests & utilization by namespace", - "transform":"table", - "transparent":false, - "type":"table" - }, - { - "columns":[ - { - "text":"Avg", - "value":"avg" - } - ], - "datasource":"default-kubecost", - "description":"Container RAM usage vs node capacity", - "fontSize":"100%", - "gridPos":{ - "h":10, - "w":12, - "x":12, - "y":62 - }, - "hideTimeOverride":true, - "id":114, - "links":[ - - ], - "pageSize":8, - "repeatDirection":"v", - "scroll":true, - "showHeader":true, - "sort":{ - "col":1, - "desc":true - }, - "styles":[ - { - "alias":"RAM Requests", - "colorMode":"value", - "colors":[ - "#ef843c", - "rgba(50, 172, 45, 0.97)", - "rgba(245, 54, 54, 0.9)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Value #A", - "thresholds":[ - "30", - " 80" - ], - "type":"number", - "unit":"percentunit" - }, - { - "alias":"Node", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"node", - "thresholds":[ - - ], - "type":"string", - "unit":"short" - }, - { - "alias":"", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Time", - "thresholds":[ - - ], - "type":"hidden", - "unit":"short" - }, - { - "alias":"RAM Usage", - "colorMode":"value", - "colors":[ - "#ef843c", - "rgba(50, 172, 45, 0.97)", - "rgba(245, 54, 54, 0.9)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Value #B", - "thresholds":[ - "25", - " 80" - ], - "type":"number", - "unit":"percent" - }, - { - "alias":"", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"", - "thresholds":[ - - ], - "type":"number", - "unit":"short" - } - ], - "targets":[ - { - "expr":"SUM(label_replace(container_memory_usage_bytes{namespace!=\"\"}, \"node\", \"$1\", \"instance\",\"(.+)\")) by (node) * 100\n/\nSUM(kube_node_status_capacity_memory_bytes) by (node)", - "format":"table", - "instant":true, - "intervalFactor":1, - "refId":"B" - }, - { - "expr":"sum(kube_pod_container_resource_requests_memory_bytes{namespace!=\"\"}) by (node) / SUM(kube_node_status_capacity_memory_bytes) by (node)", - "format":"table", - "instant":true, - "intervalFactor":1, - "refId":"A" - } - ], - "timeFrom":null, - "timeShift":null, - "title":"Node utilization of allocatable RAM", - "transform":"table", - "transparent":false, - "type":"table" - }, - { - "collapsed":false, - "gridPos":{ - "h":1, - "w":24, - "x":0, - "y":72 - }, - "id":101, - "panels":[ - - ], - "title":"Storage Metrics", - "type":"row" - }, - { - "columns":[ - { - "text":"Avg", - "value":"avg" - } - ], - "datasource":"default-kubecost", - "fontSize":"100%", - "gridPos":{ - "h":9, - "w":12, - "x":0, - "y":73 - }, - "hideTimeOverride":true, - "id":97, - "links":[ - - ], - "pageSize":8, - "repeatDirection":"v", - "scroll":true, - "showHeader":true, - "sort":{ - "col":4, - "desc":true - }, - "styles":[ - { - "alias":"Node", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"instance", - "thresholds":[ - - ], - "type":"string", - "unit":"short" - }, - { - "alias":"PVC Name", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"persistentvolumeclaim", - "thresholds":[ - - ], - "type":"number", - "unit":"short" - }, - { - "alias":"Storage Class", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"storageclass", - "thresholds":[ - - ], - "type":"number", - "unit":"short" - }, - { - "alias":"Cost", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Value", - "thresholds":[ - - ], - "type":"number", - "unit":"currencyUSD" - }, - { - "alias":"", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Time", - "thresholds":[ - - ], - "type":"hidden", - "unit":"short" - }, - { - "alias":"Cost", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Value #A", - "thresholds":[ - - ], - "type":"number", - "unit":"currencyUSD" - }, - { - "alias":"Size (GB)", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Value #B", - "thresholds":[ - - ], - "type":"number", - "unit":"short" - }, - { - "alias":"Usage", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Value #C", - "thresholds":[ - - ], - "type":"number", - "unit":"percentunit" - } - ], - "targets":[ - { - "expr":"SUM(container_fs_limit_bytes{id=\"/\"}) by (instance) / 1024 / 1024 / 1024 * 1.03", - "format":"table", - "instant":true, - "intervalFactor":1, - "refId":"B" - }, - { - "expr":"SUM(container_fs_limit_bytes{id=\"/\"}) by (instance) / 1024 / 1024 / 1024 * 1.03 * $costStorageStandard\n", - "format":"table", - "hide":false, - "instant":true, - "interval":"", - "intervalFactor":1, - "legendFormat":"{{ persistentvolumeclaim }}", - "refId":"A" - }, - { - "expr":"sum(container_fs_usage_bytes{device=~\"^/dev/[sv]d[a-z][1-9]$\",id=\"/\"} / container_fs_limit_bytes{device=~\"^/dev/[sv]d[a-z][1-9]$\",id=\"/\"}) by (instance) \n", - "format":"table", - "instant":true, - "intervalFactor":1, - "refId":"C" - } - ], - "timeFrom":null, - "timeShift":null, - "title":"Local Storage", - "transform":"table", - "transparent":false, - "type":"table" - }, - { - "aliasColors":{ - - }, - "bars":false, - "dashLength":10, - "dashes":false, - "datasource":"default-kubecost", - "fill":1, - "gridPos":{ - "h":9, - "w":12, - "x":12, - "y":73 - }, - "id":128, - "legend":{ - "avg":false, - "current":false, - "max":false, - "min":false, - "show":true, - "total":false, - "values":false - }, - "lines":true, - "linewidth":1, - "links":[ - - ], - "nullPointMode":"null", - "percentage":false, - "pointradius":5, - "points":false, - "renderer":"flot", - "seriesOverrides":[ - - ], - "spaceLength":10, - "stack":false, - "steppedLine":false, - "targets":[ - { - "expr":"SUM(container_fs_usage_bytes{id=\"/\"}) / SUM(container_fs_limit_bytes{id=\"/\"})", - "format":"time_series", - "intervalFactor":1, - "legendFormat":"reads", - "refId":"D" - } - ], - "thresholds":[ - - ], - "timeFrom":null, - "timeShift":null, - "title":"Local storage utilization", - "tooltip":{ - "shared":true, - "sort":0, - "value_type":"individual" - }, - "type":"graph", - "xaxis":{ - "buckets":null, - "mode":"time", - "name":null, - "show":true, - "values":[ - - ] - }, - "yaxes":[ - { - "format":"percent", - "label":"IOPS", - "logBase":1, - "max":null, - "min":null, - "show":true - }, - { - "format":"short", - "label":null, - "logBase":1, - "max":null, - "min":null, - "show":true - } - ], - "yaxis":{ - "align":false, - "alignLevel":null - } - }, - { - "columns":[ - { - "text":"Avg", - "value":"avg" - } - ], - "datasource":"default-kubecost", - "fontSize":"100%", - "gridPos":{ - "h":10, - "w":12, - "x":0, - "y":82 - }, - "hideTimeOverride":true, - "id":94, - "links":[ - - ], - "pageSize":10, - "repeatDirection":"v", - "scroll":true, - "showHeader":true, - "sort":{ - "col":2, - "desc":true - }, - "styles":[ - { - "alias":"Namespace", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "link":true, - "linkTooltip":"View namespace cost metrics", - "linkUrl":"d/at-cost-analysis-namespace2/namespace-cost-metrics?&var-namespace=$__cell", - "mappingType":1, - "pattern":"namespace", - "thresholds":[ - - ], - "type":"string", - "unit":"short" - }, - { - "alias":"PVC Name", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"persistentvolumeclaim", - "thresholds":[ - - ], - "type":"number", - "unit":"short" - }, - { - "alias":"Storage Class", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"storageclass", - "thresholds":[ - - ], - "type":"number", - "unit":"short" - }, - { - "alias":"Cost", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Value", - "thresholds":[ - - ], - "type":"number", - "unit":"currencyUSD" - }, - { - "alias":"", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Time", - "thresholds":[ - - ], - "type":"hidden", - "unit":"short" - }, - { - "alias":"Cost", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Value #A", - "thresholds":[ - - ], - "type":"number", - "unit":"currencyUSD" - }, - { - "alias":"Usage", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Value #B", - "thresholds":[ - - ], - "type":"number", - "unit":"percentunit" - }, - { - "alias":"Size (GB)", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Value #C", - "thresholds":[ - - ], - "type":"number", - "unit":"short" - } - ], - "targets":[ - { - "expr":"sum (\n sum(kube_persistentvolumeclaim_info{storageclass=~\".*ssd.*\"}) by (persistentvolumeclaim, namespace, storageclass)\n * on (persistentvolumeclaim, namespace) group_right(storageclass)\n sum(kube_persistentvolumeclaim_resource_requests_storage_bytes{storageclass=~\".*ssd.*\"}) by (persistentvolumeclaim, namespace)\n) by (namespace,persistentvolumeclaim,storageclass) / 1024 / 1024 /1024\n\nor\n\nsum (\n sum(kube_persistentvolumeclaim_info{storageclass!~\".*ssd.*\"}) by (persistentvolumeclaim, namespace, storageclass)\n * on (persistentvolumeclaim, namespace) group_right(storageclass)\n sum(kube_persistentvolumeclaim_resource_requests_storage_bytes{storageclass!~\".*ssd.*\"}) by (persistentvolumeclaim, namespace)\n) by (namespace,persistentvolumeclaim,storageclass) / 1024 / 1024 /1024\n\n\n", - "format":"table", - "instant":true, - "intervalFactor":1, - "refId":"C" - }, - { - "expr":"sum (\n sum(kube_persistentvolumeclaim_info{storageclass=~\".*ssd.*\"}) by (persistentvolumeclaim, namespace, storageclass)\n * on (persistentvolumeclaim, namespace) group_right(storageclass)\n sum(kube_persistentvolumeclaim_resource_requests_storage_bytes{storageclass=~\".*ssd.*\"}) by (persistentvolumeclaim, namespace)\n) by (namespace,persistentvolumeclaim,storageclass) / 1024 / 1024 /1024 * $costStorageSSD\n\nor\n\nsum (\n sum(kube_persistentvolumeclaim_info{storageclass!~\".*ssd.*\"}) by (persistentvolumeclaim, namespace, storageclass)\n * on (persistentvolumeclaim, namespace) group_right(storageclass)\n sum(kube_persistentvolumeclaim_resource_requests_storage_bytes{storageclass!~\".*ssd.*\"}) by (persistentvolumeclaim, namespace)\n) by (namespace,persistentvolumeclaim,storageclass) / 1024 / 1024 /1024 * $costStorageStandard\n", - "format":"table", - "hide":false, - "instant":true, - "interval":"", - "intervalFactor":1, - "legendFormat":"{{ persistentvolumeclaim }}", - "refId":"A" - }, - { - "expr":"sum(kubelet_volume_stats_used_bytes) by (persistentvolumeclaim, namespace) \n/\nsum (\n sum(kube_persistentvolumeclaim_info{storageclass!~\".*ssd.*\"}) by (persistentvolumeclaim, namespace, storageclass)\n * on (persistentvolumeclaim, namespace) group_right(storageclass)\n sum(kube_persistentvolumeclaim_resource_requests_storage_bytes{storageclass!~\".*ssd.*\"}) by (persistentvolumeclaim, namespace)\n) by (namespace,persistentvolumeclaim)", - "format":"table", - "instant":true, - "intervalFactor":1, - "refId":"B" - } - ], - "timeFrom":null, - "timeShift":null, - "title":"Persistent Volume Claims", - "transform":"table", - "transparent":false, - "type":"table" - }, - { - "aliasColors":{ - - }, - "bars":false, - "dashLength":10, - "dashes":false, - "datasource":"default-kubecost", - "fill":1, - "gridPos":{ - "h":10, - "w":12, - "x":12, - "y":82 - }, - "id":132, - "legend":{ - "avg":false, - "current":false, - "max":false, - "min":false, - "show":true, - "total":false, - "values":false - }, - "lines":true, - "linewidth":1, - "links":[ - - ], - "nullPointMode":"null", - "percentage":false, - "pointradius":5, - "points":false, - "renderer":"flot", - "seriesOverrides":[ - - ], - "spaceLength":10, - "stack":false, - "steppedLine":false, - "targets":[ - { - "expr":"SUM(rate(node_disk_reads_completed_total[10m])) or SUM(rate(node_disk_reads_completed[10m]))\n", - "format":"time_series", - "intervalFactor":1, - "legendFormat":"reads", - "refId":"D" - }, - { - "expr":"SUM(rate(node_disk_writes_completed_total[10m])) or SUM(rate(node_disk_writes_completed[10m]))", - "format":"time_series", - "intervalFactor":1, - "legendFormat":"writes", - "refId":"A" - } - ], - "thresholds":[ - - ], - "timeFrom":null, - "timeShift":null, - "title":"Disk IOPS", - "tooltip":{ - "shared":true, - "sort":0, - "value_type":"individual" - }, - "type":"graph", - "xaxis":{ - "buckets":null, - "mode":"time", - "name":null, - "show":true, - "values":[ - - ] - }, - "yaxes":[ - { - "format":"none", - "label":"IOPS", - "logBase":1, - "max":null, - "min":null, - "show":true - }, - { - "format":"short", - "label":null, - "logBase":1, - "max":null, - "min":null, - "show":true - } - ], - "yaxis":{ - "align":false, - "alignLevel":null - } - }, - { - "aliasColors":{ - - }, - "bars":false, - "dashLength":10, - "dashes":false, - "datasource":"default-kubecost", - "fill":1, - "gridPos":{ - "h":9, - "w":24, - "x":0, - "y":92 - }, - "id":122, - "legend":{ - "avg":false, - "current":false, - "max":false, - "min":false, - "show":true, - "total":false, - "values":false - }, - "lines":true, - "linewidth":1, - "links":[ - - ], - "nullPointMode":"null", - "percentage":false, - "pointradius":5, - "points":false, - "renderer":"flot", - "seriesOverrides":[ - - ], - "spaceLength":10, - "stack":false, - "steppedLine":false, - "targets":[ - { - "expr":"SUM( kubelet_volume_stats_inodes_used / kubelet_volume_stats_inodes) by (persistentvolumeclaim) * 100", - "format":"time_series", - "intervalFactor":1, - "legendFormat":"", - "refId":"D" - } - ], - "thresholds":[ - - ], - "timeFrom":null, - "timeShift":null, - "title":"Inode usage", - "tooltip":{ - "shared":true, - "sort":0, - "value_type":"individual" - }, - "type":"graph", - "xaxis":{ - "buckets":null, - "mode":"time", - "name":null, - "show":true, - "values":[ - - ] - }, - "yaxes":[ - { - "format":"percent", - "label":null, - "logBase":1, - "max":null, - "min":null, - "show":true - }, - { - "format":"short", - "label":null, - "logBase":1, - "max":null, - "min":null, - "show":true - } - ], - "yaxis":{ - "align":false, - "alignLevel":null - } - }, - { - "collapsed":false, - "gridPos":{ - "h":1, - "w":24, - "x":0, - "y":101 - }, - "id":127, - "panels":[ - - ], - "title":"Network", - "type":"row" - }, - { - "aliasColors":{ - - }, - "bars":false, - "dashLength":10, - "dashes":false, - "datasource":"default-kubecost", - "fill":1, - "gridPos":{ - "h":9, - "w":24, - "x":0, - "y":102 - }, - "id":123, - "legend":{ - "avg":false, - "current":false, - "max":false, - "min":false, - "show":true, - "total":false, - "values":false - }, - "lines":true, - "linewidth":1, - "links":[ - - ], - "nullPointMode":"null", - "percentage":false, - "pointradius":5, - "points":false, - "renderer":"flot", - "seriesOverrides":[ - - ], - "spaceLength":10, - "stack":false, - "steppedLine":false, - "targets":[ - { - "expr":"sum (rate (node_network_transmit_bytes_total{}[60m]))\n", - "format":"time_series", - "intervalFactor":1, - "legendFormat":"node_out", - "refId":"B" - }, - { - "expr":"SUM ( rate(node_network_transmit_bytes_total{device=\"eth0\"}[60m]))", - "format":"time_series", - "instant":false, - "intervalFactor":1, - "legendFormat":"eth0 out", - "refId":"C" - } - ], - "thresholds":[ - - ], - "timeFrom":null, - "timeShift":null, - "title":"Node network transmit", - "tooltip":{ - "shared":true, - "sort":0, - "value_type":"individual" - }, - "type":"graph", - "xaxis":{ - "buckets":null, - "mode":"time", - "name":null, - "show":true, - "values":[ - - ] - }, - "yaxes":[ - { - "format":"decbytes", - "label":null, - "logBase":1, - "max":null, - "min":null, - "show":true - }, - { - "format":"short", - "label":null, - "logBase":1, - "max":null, - "min":null, - "show":true - } - ], - "yaxis":{ - "align":false, - "alignLevel":null - } - } - ], - "refresh":"15m", - "schemaVersion":16, - "style":"dark", - "tags":[ - "cost", - "utilization", - "metrics" - ], - "templating":{ - "list":[ - { - "current":{ - "text":"23.076", - "value":"23.076" - }, - "hide":0, - "label":"CPU", - "name":"costcpu", - "options":[ - { - "text":"23.076", - "value":"23.076" - } - ], - "query":"23.076", - "skipUrlSync":false, - "type":"constant" - }, - { - "current":{ - "text":"5.10", - "value":"5.10" - }, - "hide":0, - "label":"PE CPU", - "name":"costpcpu", - "options":[ - { - "text":"5.10", - "value":"5.10" - } - ], - "query":"5.10", - "skipUrlSync":false, - "type":"constant" - }, - { - "current":{ - "text":"3.25", - "value":"3.25" - }, - "hide":0, - "label":"RAM", - "name":"costram", - "options":[ - { - "text":"3.25", - "value":"3.25" - } - ], - "query":"3.25", - "skipUrlSync":false, - "type":"constant" - }, - { - "current":{ - "text":"0.6862", - "value":"0.6862" - }, - "hide":0, - "label":"PE RAM", - "name":"costpram", - "options":[ - { - "text":"0.6862", - "value":"0.6862" - } - ], - "query":"0.6862", - "skipUrlSync":false, - "type":"constant" - }, - { - "current":{ - "text":"0.040", - "value":"0.040" - }, - "hide":0, - "label":"Storage", - "name":"costStorageStandard", - "options":[ - { - "text":"0.040", - "value":"0.040" - } - ], - "query":"0.040", - "skipUrlSync":false, - "type":"constant" - }, - { - "current":{ - "text":".17", - "value":".17" - }, - "hide":0, - "label":"SSD", - "name":"costStorageSSD", - "options":[ - { - "text":".17", - "value":".17" - } - ], - "query":".17", - "skipUrlSync":false, - "type":"constant" - }, - { - "current":{ - "text":".12", - "value":".12" - }, - "hide":0, - "label":"Egress", - "name":"costEgress", - "options":[ - { - "selected":true, - "text":".12", - "value":".12" - } - ], - "query":".12", - "skipUrlSync":false, - "type":"constant" - }, - { - "current":{ - "text":"30", - "value":"30" - }, - "hide":0, - "label":"Discount", - "name":"costDiscount", - "options":[ - { - "text":"30", - "value":"30" - } - ], - "query":"30", - "skipUrlSync":false, - "type":"constant" - } - ] - }, - "time":{ - "from":"now-24h", - "to":"now" - }, - "timepicker":{ - "hidden":false, - "refresh_intervals":[ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options":[ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone":"browser", - "title":"Cluster cost & utilization metrics", - "uid":"cluster-costs", - "version":1 -} diff --git a/charts/kubecost/cost-analyzer/1.70.000/deployment-utilization.json b/charts/kubecost/cost-analyzer/1.70.000/deployment-utilization.json deleted file mode 100755 index ff5526c15..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/deployment-utilization.json +++ /dev/null @@ -1,1366 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "description": "Monitors Kubernetes deployments in cluster using Prometheus and kube-state-metrics. Shows resource utilization of deployments, daemonsets, and statefulsets.", - "editable": true, - "gnetId": 8588, - "graphTooltip": 0, - "id": 2, - "iteration": 1586200623748, - "links": [], - "panels": [ - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": true, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "default-kubecost", - "editable": true, - "error": false, - "format": "percent", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": true, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 5, - "w": 8, - "x": 0, - "y": 0 - }, - "height": "180px", - "id": 1, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum (container_memory_working_set_bytes{container!=\"\",pod_name=~\"^$Deployment$Statefulset$Daemonset.*$\", kubernetes_io_hostname=~\"^$Node$\", pod_name!=\"\"}) / sum (kube_node_status_allocatable_memory_bytes{node=~\"^$Node.*$\"}) * 100", - "format": "time_series", - "interval": "10s", - "intervalFactor": 1, - "refId": "A", - "step": 900 - } - ], - "thresholds": "65, 90", - "title": "Deployment memory usage", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": true, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "default-kubecost", - "decimals": 2, - "editable": true, - "error": false, - "format": "percent", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": true, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 5, - "w": 8, - "x": 8, - "y": 0 - }, - "height": "180px", - "id": 2, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum (rate (container_cpu_usage_seconds_total{pod_name=~\"^$Deployment$Statefulset$Daemonset.*$\", kubernetes_io_hostname=~\"^$Node$\"}[2m])) / sum (machine_cpu_cores{kubernetes_io_hostname=~\"^$Node$\"}) * 100", - "format": "time_series", - "interval": "10s", - "intervalFactor": 1, - "refId": "A", - "step": 900 - } - ], - "thresholds": "65, 90", - "title": "Deployment CPU usage", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": true, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "default-kubecost", - "editable": true, - "error": false, - "format": "percent", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": true, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 5, - "w": 8, - "x": 16, - "y": 0 - }, - "height": "180px", - "id": 3, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "(((sum(kube_deployment_status_replicas{deployment=~\".*$Deployment$Statefulset$Daemonset\"}) or vector(0)) + (sum(kube_statefulset_replicas{statefulset=~\".*$Deployment$Statefulset$Daemonset\"}) or vector(0)) + (sum(kube_daemonset_status_desired_number_scheduled{daemonset=~\".*$Deployment$Statefulset$Daemonset\"}) or vector(0))) - ((sum(kube_deployment_status_replicas_available{deployment=~\".*$Deployment$Statefulset$Daemonset\"}) or vector(0)) + (sum(kube_statefulset_status_replicas{statefulset=~\".*$Deployment$Statefulset$Daemonset\"}) or vector(0)) + (sum(kube_daemonset_status_number_ready{daemonset=~\".*$Deployment$Statefulset$Daemonset\"}) or vector(0)))) / ((sum(kube_deployment_status_replicas{deployment=~\".*$Deployment$Statefulset$Daemonset\"}) or vector(0)) + (sum(kube_statefulset_replicas{statefulset=~\".*$Deployment$Statefulset$Daemonset\"}) or vector(0)) + (sum(kube_daemonset_status_desired_number_scheduled{daemonset=~\".*$Deployment$Statefulset$Daemonset\"}) or vector(0))) * 100", - "format": "time_series", - "intervalFactor": 2, - "refId": "A", - "step": 1800 - } - ], - "thresholds": "1,30", - "title": "Unavailable Replicas", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "default-kubecost", - "editable": true, - "error": false, - "format": "bytes", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 4, - "x": 0, - "y": 5 - }, - "height": "100px", - "id": 4, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(container_memory_working_set_bytes{container!=\"\",pod_name=~\"^$Deployment$Statefulset$Daemonset.*$\", kubernetes_io_hostname=~\"^$Node$\", pod_name!=\"\"})", - "format": "time_series", - "intervalFactor": 2, - "refId": "A", - "step": 1800 - } - ], - "thresholds": "", - "title": "Used", - "type": "singlestat", - "valueFontSize": "50%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "default-kubecost", - "editable": true, - "error": false, - "format": "bytes", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 4, - "x": 4, - "y": 5 - }, - "height": "100px", - "id": 5, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum (kube_node_status_allocatable_memory_bytes{node=~\"^$Node.*$\"})", - "format": "time_series", - "intervalFactor": 2, - "refId": "A", - "step": 1800 - } - ], - "thresholds": "", - "title": "Total", - "type": "singlestat", - "valueFontSize": "50%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "default-kubecost", - "editable": true, - "error": false, - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 4, - "x": 8, - "y": 5 - }, - "height": "100px", - "id": 6, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": " cores", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum (rate (container_cpu_usage_seconds_total{pod_name=~\"^$Deployment$Statefulset$Daemonset.*$\", kubernetes_io_hostname=~\"^$Node$\"}[5m]))", - "format": "time_series", - "intervalFactor": 2, - "refId": "A", - "step": 1800 - } - ], - "thresholds": "", - "title": "Used", - "type": "singlestat", - "valueFontSize": "50%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "default-kubecost", - "editable": true, - "error": false, - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 4, - "x": 12, - "y": 5 - }, - "height": "100px", - "id": 7, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": " cores", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum (machine_cpu_cores{kubernetes_io_hostname=~\"^$Node$\"})", - "intervalFactor": 2, - "refId": "A", - "step": 1800 - } - ], - "thresholds": "", - "title": "Total", - "type": "singlestat", - "valueFontSize": "50%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "default-kubecost", - "editable": true, - "error": false, - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 4, - "x": 16, - "y": 5 - }, - "height": "100px", - "id": 8, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "(sum(kube_deployment_status_replicas_available{deployment=~\".*$Deployment$Statefulset$Daemonset\"}) or vector(0)) + (sum(kube_statefulset_status_replicas{statefulset=~\".*$Deployment$Statefulset$Daemonset\"}) or vector(0)) + (sum(kube_daemonset_status_number_ready{daemonset=~\".*$Deployment$Statefulset$Daemonset\"}) or vector(0))", - "format": "time_series", - "intervalFactor": 2, - "refId": "A", - "step": 1800 - } - ], - "thresholds": "", - "title": "Available (cluster)", - "type": "singlestat", - "valueFontSize": "50%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "default-kubecost", - "editable": true, - "error": false, - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 4, - "x": 20, - "y": 5 - }, - "height": "100px", - "id": 9, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "(sum(kube_deployment_status_replicas{deployment=~\".*$Deployment$Statefulset$Daemonset\"}) or vector(0)) + (sum(kube_statefulset_replicas{statefulset=~\".*$Deployment$Statefulset$Daemonset\"}) or vector(0)) + (sum(kube_daemonset_status_desired_number_scheduled{daemonset=~\".*$Deployment$Statefulset$Daemonset\"}) or vector(0))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ $Daemonset }}", - "refId": "A", - "step": 1800 - } - ], - "thresholds": "", - "title": "Total (cluster)", - "type": "singlestat", - "valueFontSize": "50%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "decimals": 3, - "editable": true, - "error": false, - "fill": 0, - "grid": {}, - "gridPos": { - "h": 11, - "w": 24, - "x": 0, - "y": 8 - }, - "height": "", - "id": 10, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "hideEmpty": false, - "hideZero": false, - "max": true, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/avlbl.*/", - "yaxis": 2 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum (irate (container_cpu_usage_seconds_total{container!=\"\",image!=\"\",name=~\"^k8s_.*\",io_kubernetes_container_name!=\"POD\",pod_name=~\"^$Deployment$Statefulset$Daemonset.*$\",kubernetes_io_hostname=~\"^$Node$\"}[5m])) by (pod_name,kubernetes_io_hostname)", - "format": "time_series", - "hide": false, - "interval": "10s", - "intervalFactor": 1, - "legendFormat": "usage: {{ kubernetes_io_hostname }} | {{ pod_name }} ", - "metric": "container_cpu", - "refId": "A", - "step": 60 - }, - { - "expr": "sum (kube_pod_container_resource_requests_cpu_cores{pod=~\"^$Deployment$Statefulset$Daemonset.*$\",node=~\"^$Node$\"}) by (pod,node)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "rqst: {{ node }} | {{ pod }}", - "refId": "B", - "step": 120 - }, - { - "expr": "sum ((kube_node_status_allocatable_cpu_cores{node=~\"^$Node$\"})) by (node)", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "avlbl: {{ node }}", - "refId": "C", - "step": 30 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "CPU usage & requests", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 2, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "none", - "label": "cores", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "decimals": 2, - "editable": true, - "error": false, - "fill": 0, - "grid": {}, - "gridPos": { - "h": 13, - "w": 24, - "x": 0, - "y": 19 - }, - "id": 11, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "max": true, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/^avlbl.*$/", - "yaxis": 2 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "max (container_memory_working_set_bytes{container!=\"POD\",container!=\"\",id!=\"/\",pod_name=~\"^$Deployment$Statefulset$Daemonset.*$\",kubernetes_io_hostname=~\"^$Node$\"}) by (pod_name,kubernetes_io_hostname)", - "format": "time_series", - "hide": false, - "interval": "10s", - "intervalFactor": 1, - "legendFormat": "usage: {{kubernetes_io_hostname }} | {{ pod_name }}", - "metric": "container_memory_usage:sort_desc", - "refId": "A", - "step": 60 - }, - { - "expr": "sum ((kube_pod_container_resource_requests_memory_bytes{pod=~\"^$Deployment$Statefulset$Daemonset.*$\",node=~\"^$Node$\"})) by (pod,node)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "rqst: {{ node }} | {{ pod }}", - "refId": "B", - "step": 120 - }, - { - "expr": "sum ((kube_node_status_allocatable_memory_bytes{node=~\"^$Node$\"})) by (node)", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "avlbl: {{ node }}", - "refId": "C", - "step": 30 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Memory usage & requests", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 2, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "fill": 1, - "gridPos": { - "h": 9, - "w": 24, - "x": 0, - "y": 32 - }, - "id": 12, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "100 * (kubelet_volume_stats_used_bytes{kubernetes_io_hostname=~\"^$Node$\", persistentvolumeclaim=~\".*$Deployment$Statefulset$Daemonset.*$\"} / kubelet_volume_stats_capacity_bytes{kubernetes_io_hostname=~\"^$Node$\", persistentvolumeclaim=~\".*$Deployment$Statefulset$Daemonset.*$\"})", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ persistentvolumeclaim }} | {{ kubernetes_io_hostname }}", - "refId": "A", - "step": 120 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Disk Usage", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "decimals": 2, - "editable": true, - "error": false, - "fill": 1, - "grid": {}, - "gridPos": { - "h": 13, - "w": 24, - "x": 0, - "y": 41 - }, - "id": 13, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum (rate (container_network_receive_bytes_total{id!=\"/\",pod_name=~\"^$Deployment$Statefulset$Daemonset.*$\",kubernetes_io_hostname=~\"^$Node$\"}[2m])) by (pod_name, kubernetes_io_hostname)", - "format": "time_series", - "interval": "10s", - "intervalFactor": 1, - "legendFormat": "-> {{ kubernetes_io_hostname }} | {{ pod_name }}", - "metric": "network", - "refId": "A", - "step": 60 - }, - { - "expr": "- sum( rate (container_network_transmit_bytes_total{id!=\"/\",pod_name=~\"^$Deployment$Statefulset$Daemonset.*$\",kubernetes_io_hostname=~\"^$Node$\"}[2m])) by (pod_name, kubernetes_io_hostname)", - "format": "time_series", - "interval": "10s", - "intervalFactor": 1, - "legendFormat": "<- {{ kubernetes_io_hostname }} | {{ pod_name }}", - "metric": "network", - "refId": "B", - "step": 60 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "All processes network I/O", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 2, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": false, - "schemaVersion": 16, - "style": "dark", - "tags": [ - "kubernetes", - "deployment" - ], - "templating": { - "list": [ - { - "allValue": "()", - "current": { - "selected": false, - "tags": [], - "text": "All", - "value": "$__all" - }, - "datasource": "default-kubecost", - "hide": 0, - "includeAll": true, - "label": null, - "multi": false, - "name": "Deployment", - "options": [], - "query": "label_values(deployment)", - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "sort": 0, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": "()", - "current": { - "text": "All", - "value": "$__all" - }, - "datasource": "default-kubecost", - "hide": 0, - "includeAll": true, - "label": null, - "multi": false, - "name": "Statefulset", - "options": [], - "query": "label_values(statefulset)", - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "sort": 0, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": "()", - "current": { - "text": "All", - "value": "$__all" - }, - "datasource": "default-kubecost", - "hide": 0, - "includeAll": true, - "label": null, - "multi": false, - "name": "Daemonset", - "options": [], - "query": "label_values(daemonset)", - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "sort": 0, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": ".*", - "current": { - "text": "All", - "value": "$__all" - }, - "datasource": "default-kubecost", - "hide": 0, - "includeAll": true, - "label": null, - "multi": false, - "name": "Node", - "options": [], - "query": "label_values(kubernetes_io_hostname)", - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "sort": 0, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-24h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "browser", - "title": "Deployment/Statefulset/Daemonset utilization metrics", - "uid": "deployment-metrics", - "version": 1 -} diff --git a/charts/kubecost/cost-analyzer/1.70.000/label-cost-utilization.json b/charts/kubecost/cost-analyzer/1.70.000/label-cost-utilization.json deleted file mode 100755 index 46d508aa0..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/label-cost-utilization.json +++ /dev/null @@ -1,1193 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "id": 7, - "iteration": 1586214000479, - "links": [], - "panels": [ - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "default-kubecost", - "decimals": 2, - "description": "Monthly projected CPU cost given last 10m", - "format": "currencyUSD", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 5, - "w": 6, - "x": 0, - "y": 0 - }, - "hideTimeOverride": true, - "id": 15, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "label_cloud_google_com_gke_preemptible", - "targets": [ - { - "expr": "sum(\n avg(container_cpu_allocation) by (pod,node)\n\n * on (node) group_left()\n avg(avg_over_time(node_cpu_hourly_cost[10m])) by (node)\n\n * on (pod) group_left()\n label_replace(\n max(kube_pod_labels{label_$label=~\"$label_value\"}) by (pod),\n \"pod_name\",\n \"$1\", \n \"pod\", \n \"(.+)\"\n )\n) * 730", - "format": "time_series", - "instant": true, - "interval": "", - "intervalFactor": 1, - "legendFormat": " {{ node }}", - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": "15m", - "timeShift": null, - "title": "CPU Cost", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "default-kubecost", - "decimals": 2, - "description": "Based on CPU usage over last 24 hours", - "format": "currencyUSD", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 5, - "w": 6, - "x": 6, - "y": 0 - }, - "hideTimeOverride": true, - "id": 16, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "label_cloud_google_com_gke_preemptible", - "targets": [ - { - "expr": "sum(\n avg(container_memory_allocation_bytes) by (pod,node) / 1024 / 1024 / 1024\n\n * on (node) group_left()\n avg(avg_over_time(node_ram_hourly_cost[10m])) by (node)\n\n * on (pod) group_left()\n label_replace(\n max(kube_pod_labels{label_$label=~\"$label_value\"}) by (pod),\n \"pod_name\",\n \"$1\", \n \"pod\", \n \"(.+)\"\n )\n) * 730", - "format": "time_series", - "instant": true, - "interval": "", - "intervalFactor": 1, - "legendFormat": " {{ node }}", - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": "15m", - "timeShift": null, - "title": "Memory Cost", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "default-kubecost", - "decimals": 2, - "description": "", - "format": "currencyUSD", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 5, - "w": 6, - "x": 12, - "y": 0 - }, - "hideTimeOverride": true, - "id": 21, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "label_cloud_google_com_gke_preemptible", - "targets": [ - { - "expr": "sum(\n sum(kube_persistentvolumeclaim_info{storageclass!=\".*ssd.*\"}) by (persistentvolumeclaim, storageclass)\n * on (persistentvolumeclaim) group_right(storageclass)\n sum(kube_persistentvolumeclaim_resource_requests_storage_bytes) by (persistentvolumeclaim)\n * on (persistentvolumeclaim) group_left(label_app)\n max(kube_persistentvolumeclaim_labels{label_$label=~\"$label_value\"}) by (persistentvolumeclaim) or up * 0\n) / 1024 / 1024 /1024 * .04 \n\n+\n\nsum(\n sum(kube_persistentvolumeclaim_info{storageclass=~\".*ssd.*\"}) by (persistentvolumeclaim, storageclass)\n * on (persistentvolumeclaim) group_right(storageclass)\n sum(kube_persistentvolumeclaim_resource_requests_storage_bytes) by (persistentvolumeclaim)\n * on (persistentvolumeclaim) group_left(label_app)\n max(kube_persistentvolumeclaim_labels{label_$label=~\"$label_value\"}) by (persistentvolumeclaim) or up * 0\n) / 1024 / 1024 /1024 * .17 \n", - "format": "time_series", - "instant": true, - "interval": "", - "intervalFactor": 1, - "legendFormat": " {{ node }}", - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": "15m", - "timeShift": null, - "title": "Storage Cost", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "default-kubecost", - "decimals": 2, - "description": "Cost of memory + CPU usage", - "format": "currencyUSD", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 5, - "w": 6, - "x": 18, - "y": 0 - }, - "hideTimeOverride": true, - "id": 20, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "label_cloud_google_com_gke_preemptible", - "targets": [ - { - "expr": "# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ CPU ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\nsum(\n avg(container_cpu_allocation) by (pod,node)\n\n * on (node) group_left()\n avg(avg_over_time(node_cpu_hourly_cost[10m])) by (node)\n\n * on (pod) group_left()\n label_replace(\n max(kube_pod_labels{label_$label=~\"$label_value\"}) by (pod),\n \"pod_name\",\n \"$1\", \n \"pod\", \n \"(.+)\"\n )\n) * 730\n\n#END CPU\n+\n\n# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Memory ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\nsum(\n avg(container_memory_allocation_bytes) by (pod,node) / 1024 / 1024 / 1024\n\n * on (node) group_left()\n avg(avg_over_time(node_ram_hourly_cost[10m])) by (node)\n\n * on (pod) group_left()\n label_replace(\n max(kube_pod_labels{label_$label=~\"$label_value\"}) by (pod),\n \"pod_name\",\n \"$1\", \n \"pod\", \n \"(.+)\"\n )\n) * 730\n\n# END MEMORY\n\n+\n\n# ~~~~~~~~~~~~~~~~~~~~~~~~~~~ STORAGE ~~~~~~~~~~~~~~~~~~~~~~~~~\n\nsum(\n sum(kube_persistentvolumeclaim_info{storageclass!=\".*ssd.*\"}) by (persistentvolumeclaim, storageclass)\n * on (persistentvolumeclaim) group_right(storageclass)\n sum(kube_persistentvolumeclaim_resource_requests_storage_bytes) by (persistentvolumeclaim)\n * on (persistentvolumeclaim) group_left(label_app)\n max(kube_persistentvolumeclaim_labels{label_$label=~\"$label_value\"}) by (persistentvolumeclaim) or up * 0\n) / 1024 / 1024 /1024 * .04 \n\n+\n\nsum(\n sum(kube_persistentvolumeclaim_info{storageclass=~\".*ssd.*\"}) by (persistentvolumeclaim, storageclass)\n * on (persistentvolumeclaim) group_right(storageclass)\n sum(kube_persistentvolumeclaim_resource_requests_storage_bytes) by (persistentvolumeclaim)\n * on (persistentvolumeclaim) group_left(label_app)\n max(kube_persistentvolumeclaim_labels{label_$label=~\"$label_value\"}) by (persistentvolumeclaim) or up * 0\n) / 1024 / 1024 /1024 * .17 \n\n\n# END STORAGE\n", - "format": "time_series", - "instant": true, - "interval": "", - "intervalFactor": 1, - "legendFormat": " {{ node }}", - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": "15m", - "timeShift": null, - "title": "Total Cost", - "type": "singlestat", - "valueFontSize": "110%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "default-kubecost", - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 3, - "x": 0, - "y": 5 - }, - "id": 10, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": " cores", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(\n sum (kube_pod_container_resource_requests_cpu_cores) by (pod)\n * on (pod) group_left()\n max(kube_pod_labels{label_$label=~\"$label_value\"}) by (pod)\n or up * 0\n) ", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": "", - "title": "CPU Request", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "default-kubecost", - "decimals": 2, - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 3, - "x": 3, - "y": 5 - }, - "id": 17, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": " cores", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(\n label_replace(\n sum(rate(container_cpu_usage_seconds_total{image!=\"\",container_name!=\"POD\"}[1h])) by (kubernetes_io_hostname,pod_name),\n \"node\",\n \"$1\", \n \"kubernetes_io_hostname\", \n \"(.+)\"\n ) \n * on (pod_name) group_left()\n label_replace(\n max(kube_pod_labels{label_$label=~\"$label_value\"}) by (pod),\n \"pod_name\",\n \"$1\", \n \"pod\", \n \"(.+)\"\n ) or up * 0\n) ", - "format": "time_series", - "intervalFactor": 2, - "refId": "A" - } - ], - "thresholds": "", - "title": "CPU Used", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "default-kubecost", - "decimals": 0, - "format": "bytes", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 3, - "x": 6, - "y": 5 - }, - "id": 11, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(\n sum (kube_pod_container_resource_requests_memory_bytes) by (pod)\n * on (pod) group_left()\n max(kube_pod_labels{label_$label=~\"$label_value\"}) by (pod)\n or up * 0\n) ", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": "", - "title": "Memory Request", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "default-kubecost", - "format": "bytes", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 3, - "x": 9, - "y": 5 - }, - "id": 18, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(\n label_replace(\n sum (container_memory_working_set_bytes{pod_name!=\"\",container!=\"POD\",container!=\"\"}) by (pod_name),\n \"pod\",\n \"$1\", \n \"pod_name\", \n \"(.+)\")\n * on (pod) group_left()\n max(kube_pod_labels{label_$label=~\"$label_value\"}) by (pod)\n or up * 0\n)", - "format": "time_series", - "instant": true, - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": "", - "title": "Memory Usage", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "default-kubecost", - "decimals": 0, - "format": "bytes", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 12, - "y": 5 - }, - "id": 22, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(\n max(kube_persistentvolumeclaim_info) by (persistentvolumeclaim, storageclass)\n * on (persistentvolumeclaim) group_right(storageclass)\n sum(kube_persistentvolumeclaim_resource_requests_storage_bytes) by (persistentvolumeclaim)\n * on (persistentvolumeclaim) group_left(label_app)\n max(kube_persistentvolumeclaim_labels{label_$label=~\"$label_value\"}) by (persistentvolumeclaim) or up * 0\n) \n", - "format": "time_series", - "instant": true, - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": "", - "title": "Storage Request", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "fill": 1, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 9 - }, - "id": 8, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(\n label_replace(\n sum (kube_pod_container_resource_limits_cpu_cores) by (pod, container)\n * on (pod) group_left()\n max(kube_pod_labels{label_$label=~\"$label_value\"}) by (pod,container),\n \"container_name\",\n \"$1\", \n \"container\", \n \"(.+)\"\n )\n) \n", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "limit", - "refId": "C" - }, - { - "expr": "sum(\n label_replace(\n sum (kube_pod_container_resource_requests_cpu_cores) by (pod, container)\n * on (pod) group_left()\n max(kube_pod_labels{label_$label=~\"$label_value\"}) by (pod,container),\n \"container_name\",\n \"$1\", \n \"container\", \n \"(.+)\"\n )\n) \n", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "request", - "refId": "B" - }, - { - "expr": "sum(\n label_replace(\n sum (rate (container_cpu_usage_seconds_total{image!=\"\",container!=\"POD\",container!=\"\"}[10m])) by (container,pod),\n \"pod\", \n \"$1\", \n \"pod_name\", \n \"(.+)\"\n )\n * on (pod) group_left (label_$label)\n max(kube_pod_labels{label_$label=~\"$label_value\"}) by (pod,container)\n)\n", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "usage", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "CPU Usage vs Requests vs Limits", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "fill": 1, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 9 - }, - "id": 23, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(\n label_replace(\n sum (kube_pod_container_resource_limits_memory_bytes) by (pod, container)\n * on (pod) group_left()\n max(kube_pod_labels{label_$label=~\"$label_value\"}) by (pod,container),\n \"container_name\",\n \"$1\", \n \"container\", \n \"(.+)\"\n )\n) \n", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "limit", - "refId": "C" - }, - { - "expr": "sum(\n label_replace(\n sum (kube_pod_container_resource_requests_memory_bytes) by (pod, container)\n * on (pod) group_left()\n max(kube_pod_labels{label_$label=~\"$label_value\"}) by (pod,container),\n \"container_name\",\n \"$1\", \n \"container\", \n \"(.+)\"\n )\n) \n", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "request", - "refId": "B" - }, - { - "expr": "sum(\n label_replace(\n sum (container_memory_working_set_bytes{container!=\"\",container!=\"POD\"}) by (container,pod),\n \"pod\", \n \"$1\", \n \"pod_name\", \n \"(.+)\"\n )\n * on (pod) group_left (label_$label)\n max(kube_pod_labels{label_$label=~\"$label_value\"}) by (pod,container)\n)\n", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "usage", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Memory Usage vs Requests vs Limits", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": false, - "schemaVersion": 16, - "style": "dark", - "tags": [ - "cost", - "utilization", - "metrics" - ], - "templating": { - "list": [ - { - "datasource": "default-kubecost", - "filters": [], - "hide": 0, - "label": "", - "name": "Filters", - "skipUrlSync": false, - "type": "adhoc" - }, - { - "allValue": null, - "current": { - "tags": [], - "text": "app", - "value": "app" - }, - "hide": 0, - "includeAll": false, - "label": "Label", - "multi": false, - "name": "label", - "options": [ - { - "selected": false, - "text": "app", - "value": "app" - }, - { - "selected": false, - "text": "tier", - "value": "tier" - }, - { - "selected": false, - "text": "component", - "value": "component" - }, - { - "selected": true, - "text": "release", - "value": "release" - }, - { - "selected": false, - "text": "name", - "value": "name" - }, - { - "selected": false, - "text": "team", - "value": "team" - }, - { - "selected": false, - "text": "department", - "value": "department" - }, - { - "selected": false, - "text": "owner", - "value": "owner" - }, - { - "selected": false, - "text": "contact", - "value": "contact" - } - ], - "query": "app, tier, component, release, name, team, department, owner, contact", - "skipUrlSync": false, - "type": "custom" - }, - { - "allValue": ".*", - "current": { - "tags": [], - "text": "All", - "value": "$__all" - }, - "datasource": "default-kubecost", - "hide": 0, - "includeAll": true, - "label": "Value", - "multi": false, - "name": "label_value", - "options": [], - "query": "query_result(SUM(kube_pod_labels{label_$label!=\"\",namespace!=\"kube-system\"}) by (label_$label))", - "refresh": 1, - "regex": "/label_$label=\\\"(.*?)(\\\")/", - "skipUrlSync": false, - "sort": 0, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": "()", - "current": { - "text": "All", - "value": "$__all" - }, - "datasource": "default-kubecost", - "hide": 0, - "includeAll": true, - "label": "", - "multi": false, - "name": "Deployments", - "options": [], - "query": "label_values(deployment)", - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "sort": 1, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "tags": [], - "text": "All", - "value": "$__all" - }, - "datasource": "default-kubecost", - "hide": 0, - "includeAll": true, - "label": null, - "multi": false, - "name": "Secondary", - "options": [ - { - "selected": true, - "text": "All", - "value": "$__all" - }, - { - "selected": false, - "text": "app", - "value": "app" - }, - { - "selected": false, - "text": "component", - "value": "component" - }, - { - "selected": false, - "text": "controller_revision_hash", - "value": "controller_revision_hash" - }, - { - "selected": false, - "text": "k8s_app", - "value": "k8s_app" - } - ], - "query": "query_result(kube_pod_labels)", - "refresh": 0, - "regex": "/.+?label_([^=]*).*/", - "skipUrlSync": false, - "sort": 1, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-24h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Label costs & utilization", - "uid": "lWMhIA-ik", - "version": 2 -} diff --git a/charts/kubecost/cost-analyzer/1.70.000/namespace-utilization.json b/charts/kubecost/cost-analyzer/1.70.000/namespace-utilization.json deleted file mode 100755 index 7260cced1..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/namespace-utilization.json +++ /dev/null @@ -1,1156 +0,0 @@ -{ - "annotations":{ - "list":[ - { - "builtIn":1, - "datasource":"-- Grafana --", - "enable":true, - "hide":true, - "iconColor":"rgba(0, 211, 255, 1)", - "name":"Annotations & Alerts", - "type":"dashboard" - } - ] - }, - "description":"A dashboard to help with utilization and resource allocation", - "editable":true, - "gnetId":8673, - "graphTooltip":0, - "id":9, - "iteration":1553150922105, - "links":[ - - ], - "panels":[ - { - "columns":[ - { - "text":"Avg", - "value":"avg" - } - ], - "datasource":"default-kubecost", - "fontSize":"100%", - "gridPos":{ - "h":9, - "w":16, - "x":0, - "y":0 - }, - "hideTimeOverride":true, - "id":73, - "links":[ - - ], - "pageSize":8, - "repeat":null, - "repeatDirection":"v", - "scroll":true, - "showHeader":true, - "sort":{ - "col":2, - "desc":false - }, - "styles":[ - { - "alias":"Pod", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(50, 172, 45, 0.97)", - "#c15c17" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "link":false, - "linkTooltip":"", - "linkUrl":"", - "pattern":"pod_name", - "thresholds":[ - "30", - "80" - ], - "type":"string", - "unit":"currencyUSD" - }, - { - "alias":"RAM", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "pattern":"Value #B", - "thresholds":[ - - ], - "type":"number", - "unit":"decbytes" - }, - { - "alias":"CPU %", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Value #A", - "thresholds":[ - - ], - "type":"number", - "unit":"percent" - }, - { - "alias":"", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Time", - "thresholds":[ - - ], - "type":"hidden", - "unit":"short" - }, - { - "alias":"Storage", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Value #C", - "thresholds":[ - - ], - "type":"number", - "unit":"currencyUSD" - }, - { - "alias":"Total", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Value #D", - "thresholds":[ - - ], - "type":"number", - "unit":"currencyUSD" - }, - { - "alias":"CPU Utilization", - "colorMode":"value", - "colors":[ - "#bf1b00", - "rgba(50, 172, 45, 0.97)", - "#ef843c" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Value #E", - "thresholds":[ - "30", - "80" - ], - "type":"number", - "unit":"percent" - }, - { - "alias":"RAM Utilization", - "colorMode":"value", - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(50, 172, 45, 0.97)", - "#ef843c" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Value #F", - "thresholds":[ - "30", - "80" - ], - "type":"number", - "unit":"percent" - } - ], - "targets":[ - { - "expr":"sum (rate (container_cpu_usage_seconds_total{namespace=\"$namespace\"}[10m])) by (pod_name) * 100", - "format":"table", - "hide":false, - "instant":true, - "interval":"", - "intervalFactor":1, - "legendFormat":"{{ pod_name }}", - "refId":"A" - }, - { - "expr":"sum (avg_over_time (container_memory_working_set_bytes{namespace=\"$namespace\", container_name!=\"POD\"}[10m])) by (pod_name)", - "format":"table", - "hide":false, - "instant":true, - "intervalFactor":1, - "legendFormat":"{{ pod_name }}", - "refId":"B" - } - ], - "timeFrom":"1M", - "timeShift":null, - "title":"Pod utilization analysis", - "transform":"table", - "transparent":false, - "type":"table" - }, - { - "columns":[ - { - "text":"Avg", - "value":"avg" - } - ], - "datasource":"default-kubecost", - "fontSize":"100%", - "gridPos":{ - "h":9, - "w":8, - "x":16, - "y":0 - }, - "hideTimeOverride":true, - "id":90, - "links":[ - - ], - "pageSize":8, - "repeatDirection":"v", - "scroll":true, - "showHeader":true, - "sort":{ - "col":4, - "desc":true - }, - "styles":[ - { - "alias":"Namespace", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"namespace", - "thresholds":[ - - ], - "type":"hidden", - "unit":"short" - }, - { - "alias":"PVC Name", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"persistentvolumeclaim", - "thresholds":[ - - ], - "type":"number", - "unit":"short" - }, - { - "alias":"Storage Class", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"storageclass", - "thresholds":[ - - ], - "type":"number", - "unit":"short" - }, - { - "alias":"Size", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":1, - "mappingType":1, - "pattern":"Value", - "thresholds":[ - - ], - "type":"number", - "unit":"gbytes" - }, - { - "alias":"", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Time", - "thresholds":[ - - ], - "type":"hidden", - "unit":"short" - } - ], - "targets":[ - { - "expr":"sum (\n sum(kube_persistentvolumeclaim_info) by (persistentvolumeclaim, namespace, storageclass)\n + on (persistentvolumeclaim, namespace) group_right (storageclass)\n sum(kube_persistentvolumeclaim_resource_requests_storage_bytes{namespace=~\"$namespace\"}) by (persistentvolumeclaim, namespace)\n) by (namespace,persistentvolumeclaim,storageclass) / 1024 / 1024 /1024 ", - "format":"table", - "hide":false, - "instant":true, - "interval":"", - "intervalFactor":1, - "legendFormat":"{{ persistentvolumeclaim }}", - "refId":"A" - } - ], - "timeFrom":null, - "timeShift":null, - "title":"Persistent Volume Claims", - "transform":"table", - "transparent":false, - "type":"table" - }, - { - "aliasColors":{ - - }, - "bars":false, - "dashLength":10, - "dashes":false, - "datasource":"default-kubecost", - "description":"CPU requests by pod divided by the rate of CPU usage over the last hour", - "fill":1, - "gridPos":{ - "h":9, - "w":24, - "x":0, - "y":9 - }, - "id":100, - "legend":{ - "avg":false, - "current":false, - "max":false, - "min":false, - "show":true, - "total":false, - "values":false - }, - "lines":true, - "linewidth":1, - "links":[ - - ], - "nullPointMode":"null", - "percentage":false, - "pointradius":5, - "points":false, - "renderer":"flot", - "seriesOverrides":[ - - ], - "spaceLength":10, - "stack":false, - "steppedLine":false, - "targets":[ - { - "expr":"topk(10,\n label_replace(\n sum(kube_pod_container_resource_requests_cpu_cores{namespace=\"$namespace\"}) by (pod),\n \"pod_name\", \n \"$1\", \n \"pod\", \n \"(.+)\"\n ) \n/ on (pod_name) sum(rate(container_cpu_usage_seconds_total{namespace=\"$namespace\",pod_name=~\".+\"}[1h])) by (pod_name))", - "format":"time_series", - "intervalFactor":1, - "refId":"A" - } - ], - "thresholds":[ - - ], - "timeFrom":null, - "timeShift":null, - "title":"Ratio of CPU requests to usage (Top 10 pods)", - "tooltip":{ - "shared":true, - "sort":0, - "value_type":"individual" - }, - "type":"graph", - "xaxis":{ - "buckets":null, - "mode":"time", - "name":null, - "show":true, - "values":[ - - ] - }, - "yaxes":[ - { - "format":"short", - "label":null, - "logBase":1, - "max":null, - "min":null, - "show":true - }, - { - "format":"short", - "label":null, - "logBase":1, - "max":null, - "min":null, - "show":true - } - ], - "yaxis":{ - "align":false, - "alignLevel":null - } - }, - { - "aliasColors":{ - - }, - "bars":false, - "dashLength":10, - "dashes":false, - "datasource":"default-kubecost", - "decimals":3, - "description":"This panel shows historical utilization as an average across all pods in this namespace. It only accounts for currently deployed pods", - "editable":true, - "error":false, - "fill":0, - "grid":{ - - }, - "gridPos":{ - "h":6, - "w":12, - "x":0, - "y":18 - }, - "height":"", - "id":94, - "isNew":true, - "legend":{ - "alignAsTable":false, - "avg":false, - "current":false, - "hideEmpty":false, - "hideZero":false, - "max":false, - "min":false, - "rightSide":false, - "show":false, - "sideWidth":null, - "sort":"current", - "sortDesc":true, - "total":false, - "values":true - }, - "lines":true, - "linewidth":2, - "links":[ - - ], - "nullPointMode":"connected", - "percentage":false, - "pointradius":5, - "points":false, - "renderer":"flot", - "seriesOverrides":[ - - ], - "spaceLength":10, - "stack":false, - "steppedLine":true, - "targets":[ - { - "expr":"sum (rate (container_cpu_usage_seconds_total{namespace=\"$namespace\"}[10m])) by (namespace)\n", - "format":"time_series", - "hide":false, - "instant":false, - "interval":"10s", - "intervalFactor":1, - "legendFormat":"cpu utilization", - "metric":"container_cpu", - "refId":"A", - "step":10 - } - ], - "thresholds":[ - - ], - "timeFrom":"", - "timeShift":null, - "title":"Overall CPU Utilization", - "tooltip":{ - "msResolution":true, - "shared":true, - "sort":2, - "value_type":"cumulative" - }, - "type":"graph", - "xaxis":{ - "buckets":null, - "mode":"time", - "name":null, - "show":true, - "values":[ - - ] - }, - "yaxes":[ - { - "decimals":null, - "format":"percent", - "label":"", - "logBase":1, - "max":"110", - "min":"0", - "show":true - }, - { - "format":"short", - "label":null, - "logBase":1, - "max":null, - "min":null, - "show":false - } - ], - "yaxis":{ - "align":false, - "alignLevel":null - } - }, - { - "aliasColors":{ - - }, - "bars":false, - "dashLength":10, - "dashes":false, - "datasource":"default-kubecost", - "decimals":2, - "description":"This panel shows historical utilization as an average across all pods in this namespace. It only accounts for currently deployed pods", - "editable":true, - "error":false, - "fill":0, - "grid":{ - - }, - "gridPos":{ - "h":6, - "w":12, - "x":12, - "y":18 - }, - "id":92, - "isNew":true, - "legend":{ - "alignAsTable":false, - "avg":false, - "current":false, - "max":false, - "min":false, - "rightSide":false, - "show":false, - "sideWidth":200, - "sort":"current", - "sortDesc":true, - "total":false, - "values":true - }, - "lines":true, - "linewidth":2, - "links":[ - - ], - "nullPointMode":"connected", - "percentage":false, - "pointradius":5, - "points":false, - "renderer":"flot", - "seriesOverrides":[ - - ], - "spaceLength":10, - "stack":false, - "steppedLine":true, - "targets":[ - { - "expr":"sum (container_memory_working_set_bytes{namespace=\"$namespace\"})\n/\nsum(node_memory_MemTotal_bytes)", - "format":"time_series", - "instant":false, - "intervalFactor":1, - "legendFormat":"mem utilization", - "refId":"B" - } - ], - "thresholds":[ - - ], - "timeFrom":"", - "timeShift":null, - "title":"Overall RAM Utilization", - "tooltip":{ - "msResolution":false, - "shared":true, - "sort":2, - "value_type":"cumulative" - }, - "type":"graph", - "xaxis":{ - "buckets":null, - "mode":"time", - "name":null, - "show":true, - "values":[ - - ] - }, - "yaxes":[ - { - "decimals":null, - "format":"percent", - "label":null, - "logBase":1, - "max":"110", - "min":"0", - "show":true - }, - { - "format":"short", - "label":null, - "logBase":1, - "max":null, - "min":null, - "show":false - } - ], - "yaxis":{ - "align":false, - "alignLevel":null - } - }, - { - "aliasColors":{ - - }, - "bars":false, - "dashLength":10, - "dashes":false, - "datasource":"default-kubecost", - "decimals":2, - "description":"Traffic in and out of this namespace, as a sum of the pods within it", - "editable":true, - "error":false, - "fill":1, - "grid":{ - - }, - "gridPos":{ - "h":6, - "w":12, - "x":0, - "y":24 - }, - "height":"", - "id":96, - "isNew":true, - "legend":{ - "alignAsTable":false, - "avg":true, - "current":true, - "hideEmpty":false, - "hideZero":false, - "max":false, - "min":false, - "rightSide":false, - "show":true, - "sideWidth":null, - "sort":"current", - "sortDesc":true, - "total":false, - "values":true - }, - "lines":true, - "linewidth":2, - "links":[ - - ], - "nullPointMode":"connected", - "percentage":false, - "pointradius":5, - "points":false, - "renderer":"flot", - "seriesOverrides":[ - - ], - "spaceLength":10, - "stack":false, - "steppedLine":false, - "targets":[ - { - "expr":"sum (rate (container_network_receive_bytes_total{namespace=\"$namespace\"}[10m])) by (namespace)", - "format":"time_series", - "hide":false, - "instant":false, - "interval":"", - "intervalFactor":1, - "legendFormat":"<- in", - "metric":"container_cpu", - "refId":"A", - "step":10 - }, - { - "expr":"- sum (rate (container_network_transmit_bytes_total{namespace=\"$namespace\"}[10m])) by (namespace)", - "format":"time_series", - "hide":false, - "instant":false, - "interval":"", - "intervalFactor":1, - "legendFormat":"-> out", - "refId":"B" - } - ], - "thresholds":[ - - ], - "timeFrom":"", - "timeShift":null, - "title":"Network IO", - "tooltip":{ - "msResolution":true, - "shared":true, - "sort":2, - "value_type":"cumulative" - }, - "type":"graph", - "xaxis":{ - "buckets":null, - "mode":"time", - "name":null, - "show":true, - "values":[ - - ] - }, - "yaxes":[ - { - "format":"Bps", - "label":"", - "logBase":1, - "max":null, - "min":null, - "show":true - }, - { - "format":"short", - "label":null, - "logBase":1, - "max":null, - "min":null, - "show":false - } - ], - "yaxis":{ - "align":false, - "alignLevel":null - } - }, - { - "aliasColors":{ - - }, - "bars":false, - "dashLength":10, - "dashes":false, - "datasource":"default-kubecost", - "decimals":2, - "description":"Disk reads and writes for the namespace, as a sum of the pods within it", - "editable":true, - "error":false, - "fill":1, - "grid":{ - - }, - "gridPos":{ - "h":6, - "w":12, - "x":12, - "y":24 - }, - "height":"", - "id":98, - "isNew":true, - "legend":{ - "alignAsTable":false, - "avg":true, - "current":true, - "hideEmpty":false, - "hideZero":false, - "max":false, - "min":false, - "rightSide":false, - "show":true, - "sideWidth":null, - "sort":"current", - "sortDesc":true, - "total":false, - "values":true - }, - "lines":true, - "linewidth":2, - "links":[ - - ], - "nullPointMode":"connected", - "percentage":false, - "pointradius":5, - "points":false, - "renderer":"flot", - "seriesOverrides":[ - - ], - "spaceLength":10, - "stack":false, - "steppedLine":false, - "targets":[ - { - "expr":"sum (rate (container_fs_writes_bytes_total{namespace=\"$namespace\"}[10m])) by (namespace)", - "format":"time_series", - "hide":false, - "instant":false, - "interval":"", - "intervalFactor":1, - "legendFormat":"<- write", - "metric":"container_cpu", - "refId":"A", - "step":10 - }, - { - "expr":"- sum (rate (container_fs_reads_bytes_total{namespace=\"$namespace\"}[10m])) by (namespace)", - "format":"time_series", - "hide":false, - "instant":false, - "interval":"", - "intervalFactor":1, - "legendFormat":"-> read", - "refId":"B" - } - ], - "thresholds":[ - - ], - "timeFrom":"", - "timeShift":null, - "title":"Disk IO", - "tooltip":{ - "msResolution":true, - "shared":true, - "sort":2, - "value_type":"cumulative" - }, - "type":"graph", - "xaxis":{ - "buckets":null, - "mode":"time", - "name":null, - "show":true, - "values":[ - - ] - }, - "yaxes":[ - { - "format":"Bps", - "label":"", - "logBase":1, - "max":null, - "min":null, - "show":true - }, - { - "format":"short", - "label":null, - "logBase":1, - "max":null, - "min":null, - "show":false - } - ], - "yaxis":{ - "align":false, - "alignLevel":null - } - } - ], - "refresh":"10s", - "schemaVersion":16, - "style":"dark", - "tags":[ - "cost", - "utilization", - "metrics" - ], - "templating":{ - "list":[ - { - "current":{ - "text":"23.06", - "value":"23.06" - }, - "hide":0, - "label":"CPU", - "name":"costcpu", - "options":[ - { - "text":"23.06", - "value":"23.06" - } - ], - "query":"23.06", - "skipUrlSync":false, - "type":"constant" - }, - { - "current":{ - "text":"7.28", - "value":"7.28" - }, - "hide":0, - "label":"PE CPU", - "name":"costpcpu", - "options":[ - { - "text":"7.28", - "value":"7.28" - } - ], - "query":"7.28", - "skipUrlSync":false, - "type":"constant" - }, - { - "current":{ - "text":"3.25", - "value":"3.25" - }, - "hide":0, - "label":"RAM", - "name":"costram", - "options":[ - { - "text":"3.25", - "value":"3.25" - } - ], - "query":"3.25", - "skipUrlSync":false, - "type":"constant" - }, - { - "current":{ - "text":"0.6862", - "value":"0.6862" - }, - "hide":0, - "label":"PE RAM", - "name":"costpram", - "options":[ - { - "text":"0.6862", - "value":"0.6862" - } - ], - "query":"0.6862", - "skipUrlSync":false, - "type":"constant" - }, - { - "current":{ - "text":"0.04", - "value":"0.04" - }, - "hide":0, - "label":"Storage", - "name":"costStorageStandard", - "options":[ - { - "text":"0.04", - "value":"0.04" - } - ], - "query":"0.04", - "skipUrlSync":false, - "type":"constant" - }, - { - "current":{ - "text":".17", - "value":".17" - }, - "hide":0, - "label":"SSD", - "name":"costStorageSSD", - "options":[ - { - "text":".17", - "value":".17" - } - ], - "query":".17", - "skipUrlSync":false, - "type":"constant" - }, - { - "current":{ - "text":"30", - "value":"30" - }, - "hide":0, - "label":"Disc.", - "name":"costDiscount", - "options":[ - { - "text":"30", - "value":"30" - } - ], - "query":"30", - "skipUrlSync":false, - "type":"constant" - }, - { - "allValue":null, - "current":{ - "text":"kube-system", - "value":"kube-system" - }, - "datasource":"default-kubecost", - "hide":0, - "includeAll":false, - "label":"NS", - "multi":false, - "name":"namespace", - "options":[ - - ], - "query":"query_result(sum(kube_namespace_created{namespace!=\"\"}) by (namespace))", - "refresh":1, - "regex":"/namespace=\\\"(.*?)(\\\")/", - "skipUrlSync":false, - "sort":0, - "tagValuesQuery":"", - "tags":[ - - ], - "tagsQuery":"", - "type":"query", - "useTags":false - }, - { - "datasource":"default-kubecost", - "filters":[ - - ], - "hide":0, - "label":"", - "name":"Filters", - "skipUrlSync":false, - "type":"adhoc" - } - ] - }, - "time":{ - "from":"now-15m", - "to":"now" - }, - "timepicker":{ - "hidden":false, - "refresh_intervals":[ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options":[ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone":"browser", - "title":"Namespace utilization metrics", - "uid":"at-cost-analysis-namespace2", - "version":1 -} diff --git a/charts/kubecost/cost-analyzer/1.70.000/node-utilization.json b/charts/kubecost/cost-analyzer/1.70.000/node-utilization.json deleted file mode 100755 index ce751c199..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/node-utilization.json +++ /dev/null @@ -1,1370 +0,0 @@ -{ - "annotations":{ - "list":[ - { - "builtIn":1, - "datasource":"-- Grafana --", - "enable":true, - "hide":true, - "iconColor":"rgba(0, 211, 255, 1)", - "name":"Annotations & Alerts", - "type":"dashboard" - } - ] - }, - "editable":true, - "gnetId":null, - "graphTooltip":0, - "id":6, - "iteration":1557245882378, - "links":[ - - ], - "panels":[ - { - "cacheTimeout":null, - "colorBackground":false, - "colorValue":false, - "colors":[ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource":"default-kubecost", - "format":"percentunit", - "gauge":{ - "maxValue":100, - "minValue":0, - "show":true, - "thresholdLabels":false, - "thresholdMarkers":true - }, - "gridPos":{ - "h":7, - "w":8, - "x":0, - "y":0 - }, - "id":2, - "interval":null, - "links":[ - - ], - "mappingType":1, - "mappingTypes":[ - { - "name":"value to text", - "value":1 - }, - { - "name":"range to text", - "value":2 - } - ], - "maxDataPoints":100, - "nullPointMode":"connected", - "nullText":null, - "postfix":"", - "postfixFontSize":"50%", - "prefix":"", - "prefixFontSize":"50%", - "rangeMaps":[ - { - "from":"null", - "text":"N/A", - "to":"null" - } - ], - "sparkline":{ - "fillColor":"rgba(31, 118, 189, 0.18)", - "full":false, - "lineColor":"rgb(31, 120, 193)", - "show":false - }, - "tableColumn":"", - "targets":[ - { - "expr":"sum(irate(container_cpu_usage_seconds_total{id=\"/\",instance=\"$node\"}[10m]))", - "format":"time_series", - "intervalFactor":1, - "refId":"A" - } - ], - "thresholds":"", - "title":"CPU Usage", - "type":"singlestat", - "valueFontSize":"80%", - "valueMaps":[ - { - "op":"=", - "text":"N/A", - "value":"null" - } - ], - "valueName":"avg" - }, - { - "cacheTimeout":null, - "colorBackground":false, - "colorValue":false, - "colors":[ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource":"default-kubecost", - "format":"percentunit", - "gauge":{ - "maxValue":100, - "minValue":0, - "show":true, - "thresholdLabels":false, - "thresholdMarkers":true - }, - "gridPos":{ - "h":7, - "w":8, - "x":8, - "y":0 - }, - "id":3, - "interval":null, - "links":[ - - ], - "mappingType":1, - "mappingTypes":[ - { - "name":"value to text", - "value":1 - }, - { - "name":"range to text", - "value":2 - } - ], - "maxDataPoints":100, - "nullPointMode":"connected", - "nullText":null, - "postfix":"", - "postfixFontSize":"50%", - "prefix":"", - "prefixFontSize":"50%", - "rangeMaps":[ - { - "from":"null", - "text":"N/A", - "to":"null" - } - ], - "sparkline":{ - "fillColor":"rgba(31, 118, 189, 0.18)", - "full":false, - "lineColor":"rgb(31, 120, 193)", - "show":false - }, - "tableColumn":"", - "targets":[ - { - "expr":"SUM(container_memory_usage_bytes{namespace!=\"\",instance=\"$node\"}) / SUM(kube_node_status_capacity_memory_bytes{node=\"$node\"})", - "format":"time_series", - "intervalFactor":1, - "refId":"A" - } - ], - "thresholds":"", - "title":"Memory Usage", - "type":"singlestat", - "valueFontSize":"80%", - "valueMaps":[ - { - "op":"=", - "text":"N/A", - "value":"null" - } - ], - "valueName":"avg" - }, - { - "cacheTimeout":null, - "colorBackground":false, - "colorValue":false, - "colors":[ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource":"default-kubecost", - "format":"percentunit", - "gauge":{ - "maxValue":100, - "minValue":0, - "show":true, - "thresholdLabels":false, - "thresholdMarkers":true - }, - "gridPos":{ - "h":7, - "w":8, - "x":16, - "y":0 - }, - "id":4, - "interval":null, - "links":[ - - ], - "mappingType":1, - "mappingTypes":[ - { - "name":"value to text", - "value":1 - }, - { - "name":"range to text", - "value":2 - } - ], - "maxDataPoints":100, - "nullPointMode":"connected", - "nullText":null, - "postfix":"", - "postfixFontSize":"50%", - "prefix":"", - "prefixFontSize":"50%", - "rangeMaps":[ - { - "from":"null", - "text":"N/A", - "to":"null" - } - ], - "sparkline":{ - "fillColor":"rgba(31, 118, 189, 0.18)", - "full":false, - "lineColor":"rgb(31, 120, 193)", - "show":false - }, - "tableColumn":"", - "targets":[ - { - "expr":"sum(container_fs_usage_bytes{device=~\"^/dev/[sv]d[a-z][1-9]$\",id=\"/\",instance=\"$node\"}) /\nsum(container_fs_limit_bytes{device=~\"^/dev/[sv]d[a-z][1-9]$\",id=\"/\",instance=\"$node\"})", - "format":"time_series", - "intervalFactor":1, - "refId":"A" - } - ], - "thresholds":"", - "title":"Storage Usage", - "type":"singlestat", - "valueFontSize":"80%", - "valueMaps":[ - { - "op":"=", - "text":"N/A", - "value":"null" - } - ], - "valueName":"avg" - }, - { - "columns":[ - { - "text":"Avg", - "value":"avg" - } - ], - "datasource":"default-kubecost", - "fontSize":"100%", - "gridPos":{ - "h":8, - "w":16, - "x":0, - "y":7 - }, - "hideTimeOverride":true, - "id":21, - "links":[ - - ], - "pageSize":8, - "repeat":null, - "repeatDirection":"v", - "scroll":true, - "showHeader":true, - "sort":{ - "col":4, - "desc":true - }, - "styles":[ - { - "alias":"Pod", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(50, 172, 45, 0.97)", - "#c15c17" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "link":false, - "linkTooltip":"", - "linkUrl":"", - "pattern":"pod_name", - "thresholds":[ - "30", - "80" - ], - "type":"string", - "unit":"currencyUSD" - }, - { - "alias":"", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Time", - "thresholds":[ - - ], - "type":"hidden", - "unit":"short" - }, - { - "alias":"CPU Usage", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Value #C", - "thresholds":[ - - ], - "type":"number", - "unit":"short" - }, - { - "alias":"CPU Request", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Value #A", - "thresholds":[ - - ], - "type":"number", - "unit":"short" - }, - { - "alias":"CPU Limit", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Value #B", - "thresholds":[ - - ], - "type":"number", - "unit":"short" - }, - { - "alias":"Mem Usage", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Value #D", - "thresholds":[ - - ], - "type":"number", - "unit":"bytes" - }, - { - "alias":"Mem Request", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Value #E", - "thresholds":[ - - ], - "type":"number", - "unit":"bytes" - }, - { - "alias":"Mem Limit", - "colorMode":null, - "colors":[ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat":"YYYY-MM-DD HH:mm:ss", - "decimals":2, - "mappingType":1, - "pattern":"Value #F", - "thresholds":[ - - ], - "type":"number", - "unit":"bytes" - } - ], - "targets":[ - { - "expr":"sum(rate(container_cpu_usage_seconds_total{container_name!=\"\",container_name!=\"POD\",pod_name!=\"\",instance=\"$node\"}[24h])) by (pod_name)", - "format":"table", - "instant":true, - "intervalFactor":1, - "refId":"C" - }, - { - "expr":"sum(label_replace(\nsum(avg_over_time(kube_pod_container_resource_requests_cpu_cores{container!=\"\",container!=\"POD\",node=\"$node\"}[24h])) by (pod), \n\"pod_name\",\"$1\",\"pod\",\"(.+)\")\nor up * 0\n) by (pod_name)", - "format":"table", - "instant":true, - "intervalFactor":1, - "refId":"A" - }, - { - "expr":"sum(avg_over_time(container_memory_usage_bytes{container_name!=\"\",container_name!=\"POD\",pod_name!=\"\",instance=\"$node\"}[24h])) by (pod_name)\n", - "format":"table", - "instant":true, - "intervalFactor":1, - "refId":"D" - }, - { - "expr":"sum(label_replace(label_replace(\nsum(avg_over_time(kube_pod_container_resource_requests_memory_bytes{container!=\"\",container!=\"POD\",node=\"$node\"}[24h])) by (pod),\n\"container_name\",\"$1\",\"container\",\"(.+)\"), \"pod_name\",\"$1\",\"pod\",\"(.+)\")\nor up * 0\n) by (pod_name)\n", - "format":"table", - "instant":true, - "intervalFactor":1, - "refId":"E" - } - ], - "timeFrom":"1M", - "timeShift":null, - "title":"Current pods", - "transform":"table", - "transparent":false, - "type":"table" - }, - { - "cacheTimeout":null, - "colorBackground":false, - "colorValue":false, - "colors":[ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource":"default-kubecost", - "decimals":0, - "format":"none", - "gauge":{ - "maxValue":100, - "minValue":0, - "show":false, - "thresholdLabels":false, - "thresholdMarkers":true - }, - "gridPos":{ - "h":4, - "w":4, - "x":16, - "y":7 - }, - "id":8, - "interval":null, - "links":[ - - ], - "mappingType":1, - "mappingTypes":[ - { - "name":"value to text", - "value":1 - }, - { - "name":"range to text", - "value":2 - } - ], - "maxDataPoints":100, - "nullPointMode":"connected", - "nullText":null, - "postfix":"", - "postfixFontSize":"50%", - "prefix":"", - "prefixFontSize":"50%", - "rangeMaps":[ - { - "from":"null", - "text":"N/A", - "to":"null" - } - ], - "sparkline":{ - "fillColor":"rgba(31, 118, 189, 0.18)", - "full":false, - "lineColor":"rgb(31, 120, 193)", - "show":false - }, - "tableColumn":"", - "targets":[ - { - "expr":"sum(\n count(avg_over_time(kube_pod_container_resource_requests_cpu_cores{container!=\"\",container!=\"POD\",node=\"$node\"}[24h])) by (pod)\n * on (pod) group_right()\n sum(kube_pod_container_status_running) by (pod)\n)", - "format":"time_series", - "instant":true, - "intervalFactor":1, - "refId":"A" - } - ], - "thresholds":"", - "title":"Pods Running", - "type":"singlestat", - "valueFontSize":"80%", - "valueMaps":[ - { - "op":"=", - "text":"N/A", - "value":"null" - } - ], - "valueName":"current" - }, - { - "cacheTimeout":null, - "colorBackground":false, - "colorValue":false, - "colors":[ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource":"default-kubecost", - "format":"bytes", - "gauge":{ - "maxValue":100, - "minValue":0, - "show":false, - "thresholdLabels":false, - "thresholdMarkers":true - }, - "gridPos":{ - "h":4, - "w":4, - "x":20, - "y":7 - }, - "id":18, - "interval":null, - "links":[ - - ], - "mappingType":1, - "mappingTypes":[ - { - "name":"value to text", - "value":1 - }, - { - "name":"range to text", - "value":2 - } - ], - "maxDataPoints":100, - "nullPointMode":"connected", - "nullText":null, - "postfix":"", - "postfixFontSize":"50%", - "prefix":"", - "prefixFontSize":"50%", - "rangeMaps":[ - { - "from":"null", - "text":"N/A", - "to":"null" - } - ], - "sparkline":{ - "fillColor":"rgba(31, 118, 189, 0.18)", - "full":false, - "lineColor":"rgb(31, 120, 193)", - "show":false - }, - "tableColumn":"", - "targets":[ - { - "expr":"sum(container_fs_limit_bytes{device=~\"^/dev/[sv]d[a-z][1-9]$\",id=\"/\",instance=\"$node\"})", - "format":"time_series", - "intervalFactor":1, - "refId":"A" - } - ], - "thresholds":"", - "title":"Storage Capacity", - "type":"singlestat", - "valueFontSize":"80%", - "valueMaps":[ - { - "op":"=", - "text":"N/A", - "value":"null" - } - ], - "valueName":"current" - }, - { - "cacheTimeout":null, - "colorBackground":false, - "colorValue":false, - "colors":[ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource":"default-kubecost", - "format":"none", - "gauge":{ - "maxValue":100, - "minValue":0, - "show":false, - "thresholdLabels":false, - "thresholdMarkers":true - }, - "gridPos":{ - "h":4, - "w":4, - "x":16, - "y":11 - }, - "id":9, - "interval":null, - "links":[ - - ], - "mappingType":1, - "mappingTypes":[ - { - "name":"value to text", - "value":1 - }, - { - "name":"range to text", - "value":2 - } - ], - "maxDataPoints":100, - "nullPointMode":"connected", - "nullText":null, - "postfix":"", - "postfixFontSize":"50%", - "prefix":"", - "prefixFontSize":"50%", - "rangeMaps":[ - { - "from":"null", - "text":"N/A", - "to":"null" - } - ], - "sparkline":{ - "fillColor":"rgba(31, 118, 189, 0.18)", - "full":false, - "lineColor":"rgb(31, 120, 193)", - "show":false - }, - "tableColumn":"", - "targets":[ - { - "expr":"kube_node_status_capacity_cpu_cores{node=\"$node\"}", - "format":"time_series", - "intervalFactor":1, - "refId":"A" - } - ], - "thresholds":"", - "title":"CPU Capacity", - "type":"singlestat", - "valueFontSize":"80%", - "valueMaps":[ - { - "op":"=", - "text":"N/A", - "value":"null" - } - ], - "valueName":"avg" - }, - { - "cacheTimeout":null, - "colorBackground":false, - "colorValue":false, - "colors":[ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource":"default-kubecost", - "format":"bytes", - "gauge":{ - "maxValue":100, - "minValue":0, - "show":false, - "thresholdLabels":false, - "thresholdMarkers":true - }, - "gridPos":{ - "h":4, - "w":4, - "x":20, - "y":11 - }, - "id":19, - "interval":null, - "links":[ - - ], - "mappingType":1, - "mappingTypes":[ - { - "name":"value to text", - "value":1 - }, - { - "name":"range to text", - "value":2 - } - ], - "maxDataPoints":100, - "nullPointMode":"connected", - "nullText":null, - "postfix":"", - "postfixFontSize":"50%", - "prefix":"", - "prefixFontSize":"50%", - "rangeMaps":[ - { - "from":"null", - "text":"N/A", - "to":"null" - } - ], - "sparkline":{ - "fillColor":"rgba(31, 118, 189, 0.18)", - "full":false, - "lineColor":"rgb(31, 120, 193)", - "show":false - }, - "tableColumn":"", - "targets":[ - { - "expr":"kube_node_status_capacity_memory_bytes{node=\"$node\"}", - "format":"time_series", - "intervalFactor":1, - "refId":"A" - } - ], - "thresholds":"", - "title":"RAM Capacity", - "type":"singlestat", - "valueFontSize":"80%", - "valueMaps":[ - { - "op":"=", - "text":"N/A", - "value":"null" - } - ], - "valueName":"current" - }, - { - "aliasColors":{ - - }, - "bars":false, - "dashLength":10, - "dashes":false, - "datasource":"default-kubecost", - "decimals":3, - "description":"This panel shows historical utilization for the node.", - "editable":true, - "error":false, - "fill":0, - "grid":{ - - }, - "gridPos":{ - "h":6, - "w":12, - "x":0, - "y":15 - }, - "height":"", - "id":11, - "isNew":true, - "legend":{ - "alignAsTable":false, - "avg":false, - "current":false, - "hideEmpty":false, - "hideZero":false, - "max":false, - "min":false, - "rightSide":false, - "show":false, - "sideWidth":null, - "sort":"current", - "sortDesc":true, - "total":false, - "values":true - }, - "lines":true, - "linewidth":2, - "links":[ - - ], - "nullPointMode":"connected", - "percentage":false, - "pointradius":5, - "points":false, - "renderer":"flot", - "seriesOverrides":[ - - ], - "spaceLength":10, - "stack":false, - "steppedLine":true, - "targets":[ - { - "expr":"sum(irate(container_cpu_usage_seconds_total{id=\"/\",instance=\"$node\"}[10m]))", - "format":"time_series", - "hide":false, - "instant":false, - "interval":"10s", - "intervalFactor":1, - "legendFormat":"cpu utilization", - "metric":"container_cpu", - "refId":"A", - "step":10 - } - ], - "thresholds":[ - - ], - "timeFrom":"", - "timeShift":null, - "title":"CPU Utilization", - "tooltip":{ - "msResolution":true, - "shared":true, - "sort":2, - "value_type":"cumulative" - }, - "type":"graph", - "xaxis":{ - "buckets":null, - "mode":"time", - "name":null, - "show":true, - "values":[ - - ] - }, - "yaxes":[ - { - "decimals":null, - "format":"percentunit", - "label":"", - "logBase":1, - "max":"1.1", - "min":"0", - "show":true - }, - { - "format":"short", - "label":null, - "logBase":1, - "max":null, - "min":null, - "show":false - } - ], - "yaxis":{ - "align":false, - "alignLevel":null - } - }, - { - "aliasColors":{ - - }, - "bars":false, - "dashLength":10, - "dashes":false, - "datasource":"default-kubecost", - "decimals":2, - "description":"This panel shows historical utilization for the node.", - "editable":true, - "error":false, - "fill":0, - "grid":{ - - }, - "gridPos":{ - "h":6, - "w":12, - "x":12, - "y":15 - }, - "id":13, - "isNew":true, - "legend":{ - "alignAsTable":false, - "avg":false, - "current":false, - "max":false, - "min":false, - "rightSide":false, - "show":false, - "sideWidth":200, - "sort":"current", - "sortDesc":true, - "total":false, - "values":true - }, - "lines":true, - "linewidth":2, - "links":[ - - ], - "nullPointMode":"connected", - "percentage":false, - "pointradius":5, - "points":false, - "renderer":"flot", - "seriesOverrides":[ - - ], - "spaceLength":10, - "stack":false, - "steppedLine":true, - "targets":[ - { - "expr":"SUM(container_memory_usage_bytes{namespace!=\"\",instance=\"$node\"}) / SUM(kube_node_status_capacity_memory_bytes{node=\"$node\"})", - "format":"time_series", - "instant":false, - "interval":"10s", - "intervalFactor":1, - "legendFormat":"ram utilization", - "metric":"container_memory_usage:sort_desc", - "refId":"A", - "step":10 - } - ], - "thresholds":[ - - ], - "timeFrom":"", - "timeShift":null, - "title":"RAM Utilization", - "tooltip":{ - "msResolution":false, - "shared":true, - "sort":2, - "value_type":"cumulative" - }, - "type":"graph", - "xaxis":{ - "buckets":null, - "mode":"time", - "name":null, - "show":true, - "values":[ - - ] - }, - "yaxes":[ - { - "decimals":null, - "format":"percentunit", - "label":null, - "logBase":1, - "max":"1.1", - "min":"0", - "show":true - }, - { - "format":"short", - "label":null, - "logBase":1, - "max":null, - "min":null, - "show":false - } - ], - "yaxis":{ - "align":false, - "alignLevel":null - } - }, - { - "aliasColors":{ - - }, - "bars":false, - "dashLength":10, - "dashes":false, - "datasource":"default-kubecost", - "decimals":2, - "description":"Traffic in and out of this namespace, as a sum of the pods within it", - "editable":true, - "error":false, - "fill":1, - "grid":{ - - }, - "gridPos":{ - "h":6, - "w":12, - "x":0, - "y":21 - }, - "height":"", - "id":15, - "isNew":true, - "legend":{ - "alignAsTable":false, - "avg":true, - "current":true, - "hideEmpty":false, - "hideZero":false, - "max":false, - "min":false, - "rightSide":false, - "show":true, - "sideWidth":null, - "sort":"current", - "sortDesc":true, - "total":false, - "values":true - }, - "lines":true, - "linewidth":2, - "links":[ - - ], - "nullPointMode":"connected", - "percentage":false, - "pointradius":5, - "points":false, - "renderer":"flot", - "seriesOverrides":[ - - ], - "spaceLength":10, - "stack":false, - "steppedLine":false, - "targets":[ - { - "expr":"sum (rate (container_network_receive_bytes_total{instance=\"$node\"}[10m]))", - "format":"time_series", - "hide":false, - "instant":false, - "interval":"", - "intervalFactor":1, - "legendFormat":"<- in", - "metric":"container_cpu", - "refId":"A", - "step":10 - }, - { - "expr":"- sum (rate (container_network_transmit_bytes_total{instance=\"$node\"}[10m]))", - "format":"time_series", - "hide":false, - "instant":false, - "interval":"", - "intervalFactor":1, - "legendFormat":"-> out", - "refId":"B" - } - ], - "thresholds":[ - - ], - "timeFrom":"", - "timeShift":null, - "title":"Network IO", - "tooltip":{ - "msResolution":true, - "shared":true, - "sort":2, - "value_type":"cumulative" - }, - "type":"graph", - "xaxis":{ - "buckets":null, - "mode":"time", - "name":null, - "show":true, - "values":[ - - ] - }, - "yaxes":[ - { - "format":"Bps", - "label":"", - "logBase":1, - "max":null, - "min":null, - "show":true - }, - { - "format":"short", - "label":null, - "logBase":1, - "max":null, - "min":null, - "show":false - } - ], - "yaxis":{ - "align":false, - "alignLevel":null - } - }, - { - "aliasColors":{ - - }, - "bars":false, - "dashLength":10, - "dashes":false, - "datasource":"default-kubecost", - "decimals":2, - "description":"Disk reads and writes for the namespace, as a sum of the pods within it", - "editable":true, - "error":false, - "fill":1, - "grid":{ - - }, - "gridPos":{ - "h":6, - "w":12, - "x":12, - "y":21 - }, - "height":"", - "id":17, - "isNew":true, - "legend":{ - "alignAsTable":false, - "avg":true, - "current":true, - "hideEmpty":false, - "hideZero":false, - "max":false, - "min":false, - "rightSide":false, - "show":true, - "sideWidth":null, - "sort":"current", - "sortDesc":true, - "total":false, - "values":true - }, - "lines":true, - "linewidth":2, - "links":[ - - ], - "nullPointMode":"connected", - "percentage":false, - "pointradius":5, - "points":false, - "renderer":"flot", - "seriesOverrides":[ - - ], - "spaceLength":10, - "stack":false, - "steppedLine":false, - "targets":[ - { - "expr":"sum (rate (container_fs_writes_bytes_total{instance=\"$node\"}[10m]))", - "format":"time_series", - "hide":false, - "instant":false, - "interval":"", - "intervalFactor":1, - "legendFormat":"<- write", - "metric":"container_cpu", - "refId":"A", - "step":10 - }, - { - "expr":"- sum (rate (container_fs_reads_bytes_total{instance=\"$node\"}[10m]))", - "format":"time_series", - "hide":false, - "instant":false, - "interval":"", - "intervalFactor":1, - "legendFormat":"-> read", - "refId":"B" - } - ], - "thresholds":[ - - ], - "timeFrom":"", - "timeShift":null, - "title":"Disk IO", - "tooltip":{ - "msResolution":true, - "shared":true, - "sort":2, - "value_type":"cumulative" - }, - "type":"graph", - "xaxis":{ - "buckets":null, - "mode":"time", - "name":null, - "show":true, - "values":[ - - ] - }, - "yaxes":[ - { - "format":"Bps", - "label":"", - "logBase":1, - "max":null, - "min":null, - "show":true - }, - { - "format":"short", - "label":null, - "logBase":1, - "max":null, - "min":null, - "show":false - } - ], - "yaxis":{ - "align":false, - "alignLevel":null - } - } - ], - "schemaVersion":16, - "style":"dark", - "tags":[ - "cost", - "utilization", - "metrics" - ], - "templating":{ - "list":[ - { - "allValue":null, - "current":{ - "text":"ip-172-20-44-170.us-east-2.compute.internal", - "value":"ip-172-20-44-170.us-east-2.compute.internal" - }, - "datasource":"default-kubecost", - "hide":0, - "includeAll":false, - "label":null, - "multi":false, - "name":"node", - "options":[ - - ], - "query":"query_result(kube_node_labels)", - "refresh":1, - "regex":"/node=\\\"(.*?)(\\\")/", - "skipUrlSync":false, - "sort":0, - "tagValuesQuery":"", - "tags":[ - - ], - "tagsQuery":"", - "type":"query", - "useTags":false - } - ] - }, - "time":{ - "from":"now-6h", - "to":"now" - }, - "timepicker":{ - "refresh_intervals":[ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options":[ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone":"", - "title":"Node utilization metrics", - "uid":"NUQW37Lmk", - "version":1 -} diff --git a/charts/kubecost/cost-analyzer/1.70.000/pod-utilization.json b/charts/kubecost/cost-analyzer/1.70.000/pod-utilization.json deleted file mode 100755 index 4e0abff2d..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/pod-utilization.json +++ /dev/null @@ -1,798 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "description": "Visualize your kubernetes costs at the pod level.", - "editable": true, - "gnetId": 9063, - "graphTooltip": 0, - "id": 4, - "iteration": 1560100821196, - "links": [], - "panels": [ - { - "columns": [ - { - "text": "Avg", - "value": "avg" - } - ], - "datasource": "default-kubecost", - "fontSize": "100%", - "gridPos": { - "h": 5, - "w": 24, - "x": 0, - "y": 0 - }, - "hideTimeOverride": true, - "id": 98, - "links": [], - "pageSize": 5, - "repeatDirection": "v", - "scroll": true, - "showHeader": true, - "sort": { - "col": 6, - "desc": true - }, - "styles": [ - { - "alias": "Container", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(50, 172, 45, 0.97)", - "#c15c17" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "pattern": "container_name", - "thresholds": [ - "30", - "80" - ], - "type": "string", - "unit": "currencyUSD" - }, - { - "alias": "Memory Allocation", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #B", - "thresholds": [], - "type": "number", - "unit": "bytes" - }, - { - "alias": "CPU Allocation", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "mappingType": 1, - "pattern": "Value #A", - "thresholds": [], - "type": "number", - "unit": "none" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "mappingType": 1, - "pattern": "Time", - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "Memory ($/hour)", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "mappingType": 1, - "pattern": "Value #C", - "thresholds": [], - "type": "number", - "unit": "currencyUSD" - }, - { - "alias": "Spot/PE RAM", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "mappingType": 1, - "pattern": "Value #D", - "thresholds": [], - "type": "number", - "unit": "currencyUSD" - }, - { - "alias": "Total", - "colorMode": null, - "colors": [ - "#bf1b00", - "rgba(50, 172, 45, 0.97)", - "#ef843c" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "mappingType": 1, - "pattern": "Value #E", - "thresholds": [ - "" - ], - "type": "number", - "unit": "currencyUSD" - } - ], - "targets": [ - { - "expr": "sum(\n avg_over_time(container_memory_allocation_bytes{namespace=\"$namespace\", pod=\"$pod\", container!=\"POD\"}[$__range])\n) by (container,node)", - "format": "table", - "instant": true, - "intervalFactor": 1, - "refId": "B" - }, - { - "expr": "sum(\n avg_over_time(container_cpu_allocation{namespace=\"$namespace\", pod=\"$pod\", container!=\"POD\"}[$__range])\n or up * 0 \n) by (container,node)", - "format": "table", - "hide": false, - "instant": true, - "interval": "", - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "timeFrom": "1M", - "timeShift": null, - "title": "Container cost & allocation analysis", - "transform": "table", - "transparent": false, - "type": "table" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "decimals": 3, - "description": "This graph attempts to show you CPU use of your application vs its requests", - "editable": true, - "error": false, - "fill": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 5 - }, - "height": "", - "id": 94, - "isNew": true, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": true, - "targets": [ - { - "expr": "avg (rate (container_cpu_usage_seconds_total{namespace=~\"$namespace\", pod_name=\"$pod\", container_name!=\"POD\",container_name!=\"\"}[10m])) by (container_name)", - "format": "time_series", - "hide": false, - "instant": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{ container_name }} (usage)", - "metric": "container_cpu", - "refId": "A", - "step": 10 - }, - { - "expr": "avg(kube_pod_container_resource_requests_cpu_cores{namespace=~\"$namespace\", pod=\"$pod\", container!=\"POD\"}) by (container)", - "format": "time_series", - "instant": false, - "intervalFactor": 1, - "legendFormat": "{{ container}} (request)", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": "", - "timeShift": null, - "title": "CPU Usage vs Requested", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 2, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "none", - "label": "", - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "decimals": 3, - "description": "This graph attempts to show you RAM use of your application vs its requests", - "editable": true, - "error": false, - "fill": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 5 - }, - "height": "", - "id": 96, - "isNew": true, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": true, - "targets": [ - { - "expr": "avg (avg_over_time (container_memory_working_set_bytes{namespace=\"$namespace\", pod_name=\"$pod\", container_name!=\"POD\",container_name!=\"\"}[1m])) by (container_name)", - "format": "time_series", - "hide": false, - "instant": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{ container_name }} (usage)", - "metric": "container_cpu", - "refId": "A", - "step": 10 - }, - { - "expr": "avg(kube_pod_container_resource_requests_memory_bytes{namespace=~\"$namespace\", pod=\"$pod\", container!=\"POD\"}) by (container)", - "format": "time_series", - "hide": false, - "instant": false, - "intervalFactor": 1, - "legendFormat": "{{ container }} (requested)", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": "", - "timeShift": null, - "title": "RAM Usage vs Requested", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 2, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "decimals": 2, - "description": "Traffic in and out of this pod, as a sum of its containers", - "editable": true, - "error": false, - "fill": 1, - "grid": {}, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 12 - }, - "height": "", - "id": 95, - "isNew": true, - "legend": { - "alignAsTable": false, - "avg": true, - "current": true, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "avg (rate (container_network_receive_bytes_total{namespace=\"$namespace\",pod_name=\"$pod\"}[10m])) by (pod_name)", - "format": "time_series", - "hide": false, - "instant": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "<- in", - "metric": "container_cpu", - "refId": "A", - "step": 10 - }, - { - "expr": "- avg (rate (container_network_transmit_bytes_total{namespace=\"$namespace\",pod_name=\"$pod\"}[10m])) by (pod_name)", - "format": "time_series", - "hide": false, - "instant": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "-> out", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": "", - "timeShift": null, - "title": "Network IO", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 2, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "decimals": 2, - "description": "Disk read writes", - "editable": true, - "error": false, - "fill": 1, - "grid": {}, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 12 - }, - "height": "", - "id": 97, - "isNew": true, - "legend": { - "alignAsTable": false, - "avg": true, - "current": true, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "avg (rate (container_fs_writes_bytes_total{namespace=\"$namespace\",pod_name=\"$pod\"}[10m])) by (pod_name)", - "format": "time_series", - "hide": false, - "instant": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "<- write", - "metric": "container_cpu", - "refId": "A", - "step": 10 - }, - { - "expr": "- avg (rate (container_fs_reads_bytes_total{namespace=\"$namespace\",pod_name=\"$pod\"}[10m])) by (pod_name)", - "format": "time_series", - "hide": false, - "instant": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "-> read", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": "", - "timeShift": null, - "title": "Disk IO", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 2, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": false, - "schemaVersion": 16, - "style": "dark", - "tags": [ - "cost", - "utilization", - "metrics" - ], - "templating": { - "list": [ - { - "current": { - "text": "0.044", - "value": "0.044" - }, - "hide": 0, - "label": "Storage", - "name": "costStorageStandard", - "options": [ - { - "text": "0.044", - "value": "0.044" - } - ], - "query": "0.044", - "skipUrlSync": false, - "type": "constant" - }, - { - "current": { - "text": "0.187", - "value": "0.187" - }, - "hide": 0, - "label": "SSD", - "name": "costStorageSSD", - "options": [ - { - "text": "0.187", - "value": "0.187" - } - ], - "query": "0.187", - "skipUrlSync": false, - "type": "constant" - }, - { - "current": { - "text": "30", - "value": "30" - }, - "hide": 0, - "label": "Disc.", - "name": "costDiscount", - "options": [ - { - "text": "30", - "value": "30" - } - ], - "query": "30", - "skipUrlSync": false, - "type": "constant" - }, - { - "allValue": null, - "current": { - "selected": false, - "text": "kubecost", - "value": "kubecost" - }, - "datasource": "default-kubecost", - "hide": 0, - "includeAll": false, - "label": "NS", - "multi": false, - "name": "namespace", - "options": [], - "query": "query_result(sum(container_memory_working_set_bytes{namespace!=\"\"}) by (namespace))", - "refresh": 1, - "regex": "/namespace=\\\"(.*?)(\\\")/", - "skipUrlSync": false, - "sort": 0, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "selected": false, - "tags": [], - "text": "kubecost-grafana-5cc9f5bf6-7kmgl", - "value": "kubecost-grafana-5cc9f5bf6-7kmgl" - }, - "datasource": "default-kubecost", - "hide": 0, - "includeAll": false, - "label": "Pod", - "multi": false, - "name": "pod", - "options": [], - "query": "query_result(sum(container_memory_working_set_bytes{namespace=\"$namespace\"}) by (pod_name))", - "refresh": 1, - "regex": "/pod_name=\\\"(.*?)(\\\")/", - "skipUrlSync": false, - "sort": 0, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-24h", - "to": "now" - }, - "timepicker": { - "hidden": false, - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "browser", - "title": "Pod cost & utilization metrics", - "uid": "at-cost-analysis-pod", - "version": 1 -} diff --git a/charts/kubecost/cost-analyzer/1.70.000/prom-benchmark.json b/charts/kubecost/cost-analyzer/1.70.000/prom-benchmark.json deleted file mode 100755 index 83c778bd5..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/prom-benchmark.json +++ /dev/null @@ -1,5670 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "description": "Metrics useful for benchmarking and loadtesting Prometheus itself. Designed primarily for Prometheus 2.17.x.", - "editable": true, - "gnetId": 12054, - "graphTooltip": 1, - "id": 9, - "iteration": 1603144824023, - "links": [], - "panels": [ - { - "collapsed": false, - "datasource": "default-kubecost", - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 49, - "panels": [], - "title": "Basics", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 1 - }, - "hiddenSeries": false, - "id": 40, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "prometheus_build_info{job=\"prometheus\",instance=\"$Prometheus:9090\"}", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{version}} - {{revision}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Prometheus Version", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 1 - }, - "hiddenSeries": false, - "id": 72, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "time() - process_start_time_seconds{job=\"prometheus\",instance=\"$Prometheus:9090\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Age", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Uptime", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "dtdurations", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 1 - }, - "hiddenSeries": false, - "id": 107, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "time() - prometheus_config_last_reload_success_timestamp_seconds{job=\"prometheus\",instance=\"$Prometheus:9090\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Age", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Last Successful Config Reload", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "dtdurations", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "datasource": "default-kubecost", - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 8 - }, - "id": 46, - "panels": [], - "title": "Ingestion", - "type": "row" - }, - { - "aliasColors": { - "Chunks": "#1F78C1", - "Chunks to persist": "#508642", - "Max chunks": "#052B51", - "Max to persist": "#3F6833", - "Time series": "#70dbed" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 9 - }, - "hiddenSeries": false, - "id": 3, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "prometheus_tsdb_head_series{job=\"prometheus\",instance=\"$Prometheus:9090\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Time series", - "metric": "prometheus_local_storage_memory_series", - "refId": "A", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Head Time series", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Chunks": "#1F78C1", - "Chunks to persist": "#508642", - "Max chunks": "#052B51", - "Max to persist": "#3F6833" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 9 - }, - "hiddenSeries": false, - "id": 26, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "prometheus_tsdb_head_active_appenders{job=\"prometheus\",instance=\"$Prometheus:9090\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Head Appenders", - "metric": "prometheus_local_storage_memory_series", - "refId": "A", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Head Active Appenders", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "samples/s": "#e5a8e2" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 9 - }, - "hiddenSeries": false, - "id": 1, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(prometheus_tsdb_head_samples_appended_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[2m])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "samples/s", - "metric": "prometheus_local_storage_ingested_samples_total", - "refId": "A", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Samples Appended/s", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Chunks": "#1F78C1", - "Chunks to persist": "#508642", - "Max chunks": "#052B51", - "Max to persist": "#3F6833", - "To persist": "#9AC48A" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 16 - }, - "hiddenSeries": false, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Max.*/", - "fill": 0 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "prometheus_tsdb_head_chunks{job=\"prometheus\",instance=\"$Prometheus:9090\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Chunks", - "metric": "prometheus_local_storage_memory_chunks", - "refId": "A", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Head Chunks", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Chunks": "#1F78C1", - "Chunks to persist": "#508642", - "Max chunks": "#052B51", - "Max to persist": "#3F6833" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 16 - }, - "hiddenSeries": false, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(prometheus_tsdb_head_chunks_created_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[2m])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "Created", - "metric": "prometheus_local_storage_chunk_ops_total", - "refId": "A", - "step": 10 - }, - { - "expr": "rate(prometheus_tsdb_head_chunks_removed_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[2m])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "Removed", - "metric": "prometheus_local_storage_chunk_ops_total", - "refId": "B", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Head Chunks/s", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Chunks": "#1F78C1", - "Chunks to persist": "#508642", - "Max chunks": "#052B51", - "Max to persist": "#3F6833", - "Removed": "#e5ac0e" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 16 - }, - "hiddenSeries": false, - "id": 25, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "prometheus_tsdb_isolation_high_watermark{job=\"prometheus\",instance=\"$Prometheus:9090\"} - prometheus_tsdb_isolation_low_watermark{job=\"prometheus\",instance=\"$Prometheus:9090\"}", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "Difference", - "metric": "prometheus_local_storage_chunk_ops_total", - "refId": "B", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Isolation Watermarks", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "datasource": "default-kubecost", - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 23 - }, - "id": 52, - "panels": [], - "title": "Compaction", - "type": "row" - }, - { - "aliasColors": { - "Chunks": "#1F78C1", - "Chunks to persist": "#508642", - "Max": "#447ebc", - "Max chunks": "#052B51", - "Max to persist": "#3F6833", - "Min": "#447ebc", - "Now": "#7eb26d" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 24 - }, - "hiddenSeries": false, - "id": 28, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "Max", - "fillBelowTo": "Min", - "lines": false - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "prometheus_tsdb_head_min_time{job=\"prometheus\",instance=\"$Prometheus:9090\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Min", - "metric": "prometheus_local_storage_series_chunks_persisted_count", - "refId": "A", - "step": 10 - }, - { - "expr": "time() * 1000", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Now", - "refId": "C" - }, - { - "expr": "prometheus_tsdb_head_max_time{job=\"prometheus\",instance=\"$Prometheus:9090\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Max", - "metric": "prometheus_local_storage_series_chunks_persisted_count", - "refId": "B", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Head Time Range", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "dateTimeAsIso", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Chunks": "#1F78C1", - "Chunks to persist": "#508642", - "Max chunks": "#052B51", - "Max to persist": "#3F6833" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 24 - }, - "hiddenSeries": false, - "id": 29, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(prometheus_tsdb_head_gc_duration_seconds_sum{job=\"prometheus\",instance=\"$Prometheus:9090\"}[2m])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "GC Time/s", - "metric": "prometheus_local_storage_series_chunks_persisted_count", - "refId": "A", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Head GC Time/s", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Chunks": "#1F78C1", - "Chunks to persist": "#508642", - "Max chunks": "#052B51", - "Max to persist": "#3F6833" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 24 - }, - "hiddenSeries": false, - "id": 14, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "Queue length", - "yaxis": 2 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "prometheus_tsdb_blocks_loaded{job=\"prometheus\",instance=\"$Prometheus:9090\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Blocks Loaded", - "metric": "prometheus_local_storage_indexing_batch_sizes_sum", - "refId": "A", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Blocks Loaded", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Chunks": "#1F78C1", - "Chunks to persist": "#508642", - "Failed Compactions": "#bf1b00", - "Failed Reloads": "#bf1b00", - "Max chunks": "#052B51", - "Max to persist": "#3F6833" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 31 - }, - "hiddenSeries": false, - "id": 30, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(prometheus_tsdb_reloads_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[10m])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "Reloads", - "metric": "prometheus_local_storage_series_chunks_persisted_count", - "refId": "A", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "TSDB Reloads/s", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "none", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Chunks": "#1F78C1", - "Chunks to persist": "#508642", - "Failed Compactions": "#bf1b00", - "Max chunks": "#052B51", - "Max to persist": "#3F6833" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 31 - }, - "hiddenSeries": false, - "id": 31, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(prometheus_tsdb_wal_fsync_duration_seconds_sum{job=\"prometheus\",instance=\"$Prometheus:9090\"}[2m]) / rate(prometheus_tsdb_wal_fsync_duration_seconds_count{job=\"prometheus\",instance=\"$Prometheus:9090\"}[2m])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "Fsync Latency", - "metric": "prometheus_local_storage_series_chunks_persisted_count", - "refId": "A", - "step": 10 - }, - { - "expr": "rate(prometheus_tsdb_wal_truncate_duration_seconds_sum{job=\"prometheus\",instance=\"$Prometheus:9090\"}[1m]) / rate(prometheus_tsdb_wal_trunacte_duration_seconds_count{job=\"prometheus\",instance=\"$Prometheus:9090\"}[1m])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "Truncate Latency", - "metric": "prometheus_local_storage_series_chunks_persisted_count", - "refId": "B", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "WAL Fsync&Truncate Latency", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Chunks": "#1F78C1", - "Chunks to persist": "#508642", - "Failed Compactions": "#bf1b00", - "Max chunks": "#052B51", - "Max to persist": "#3F6833", - "{instance=\"demo.robustperception.io:9090\",job=\"prometheus\"}": "#bf1b00" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 31 - }, - "hiddenSeries": false, - "id": 32, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(prometheus_tsdb_wal_corruptions_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[10m])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "WAL Corruptions", - "metric": "prometheus_local_storage_series_chunks_persisted_count", - "refId": "A", - "step": 10 - }, - { - "expr": "rate(prometheus_tsdb_reloads_failures_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[10m])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "Reload Failures", - "metric": "prometheus_local_storage_series_chunks_persisted_count", - "refId": "B", - "step": 10 - }, - { - "expr": "rate(prometheus_tsdb_head_series_not_found{job=\"prometheus\",instance=\"$Prometheus:9090\"}[10m])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "Head Series Not Found", - "metric": "prometheus_local_storage_series_chunks_persisted_count", - "refId": "C", - "step": 10 - }, - { - "expr": "rate(prometheus_tsdb_compactions_failed_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[10m])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "Compaction Failures", - "metric": "prometheus_local_storage_series_chunks_persisted_count", - "refId": "D", - "step": 10 - }, - { - "expr": "rate(prometheus_tsdb_retention_cutoffs_failures_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[10m])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "Retention Cutoff Failures", - "metric": "prometheus_local_storage_series_chunks_persisted_count", - "refId": "E", - "step": 10 - }, - { - "expr": "rate(prometheus_tsdb_checkpoint_creations_failed_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[10m])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "WAL Checkpoint Creation Failures", - "metric": "prometheus_local_storage_series_chunks_persisted_count", - "refId": "F", - "step": 10 - }, - { - "expr": "rate(prometheus_tsdb_checkpoint_deletions_failed_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[10m])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "WAL Checkpoint Deletion Failures", - "metric": "prometheus_local_storage_series_chunks_persisted_count", - "refId": "G", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "TSDB Problems/s", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "none", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Chunks": "#1F78C1", - "Chunks to persist": "#508642", - "Failed Compactions": "#bf1b00", - "Max chunks": "#052B51", - "Max to persist": "#3F6833" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 38 - }, - "hiddenSeries": false, - "id": 19, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(prometheus_tsdb_compactions_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[10m])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "Compactions", - "metric": "prometheus_local_storage_series_chunks_persisted_count", - "refId": "A", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Compactions/s", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "none", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Chunks": "#1F78C1", - "Chunks to persist": "#508642", - "Max chunks": "#052B51", - "Max to persist": "#3F6833" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 38 - }, - "hiddenSeries": false, - "id": 33, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(prometheus_tsdb_compaction_duration_seconds_sum{job=\"prometheus\",instance=\"$Prometheus:9090\"}[10m])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "", - "metric": "prometheus_local_storage_series_chunks_persisted_count", - "refId": "A", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Compaction Time/s", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Allocated bytes": "#F9BA8F", - "Chunks": "#1F78C1", - "Chunks to persist": "#508642", - "Max chunks": "#052B51", - "Max to persist": "#3F6833", - "RSS": "#890F02" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 38 - }, - "hiddenSeries": false, - "id": 8, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(prometheus_tsdb_time_retentions_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[10m])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Time Cutoffs", - "metric": "last", - "refId": "A", - "step": 10 - }, - { - "expr": "rate(prometheus_tsdb_size_retentions_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[10m])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Size Cutoffs", - "metric": "last", - "refId": "B", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Retention Cutoffs/s", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "none", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Chunks": "#1F78C1", - "Chunks to persist": "#508642", - "Max chunks": "#052B51", - "Max to persist": "#3F6833" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 45 - }, - "hiddenSeries": false, - "id": 27, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(prometheus_tsdb_compaction_chunk_range_seconds_sum{job=\"prometheus\",instance=\"$Prometheus:9090\"}[10m]) / rate(prometheus_tsdb_compaction_chunk_range_seconds_count{job=\"prometheus\",instance=\"$Prometheus:9090\"}[10m])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Chunk Time Range", - "metric": "prometheus_local_storage_series_chunks_persisted_count", - "refId": "A", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "First Compaction, Avg Chunk Time Range", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "dtdurationms", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Chunks": "#1F78C1", - "Chunks to persist": "#508642", - "Max chunks": "#052B51", - "Max to persist": "#3F6833" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 45 - }, - "hiddenSeries": false, - "id": 35, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(prometheus_tsdb_compaction_chunk_size_bytes_sum{job=\"prometheus\",instance=\"$Prometheus:9090\"}[10m]) / rate(prometheus_tsdb_compaction_chunk_samples_sum{job=\"prometheus\",instance=\"$Prometheus:9090\"}[10m])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Bytes/Sample", - "metric": "prometheus_local_storage_series_chunks_persisted_count", - "refId": "A", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "First Compaction, Avg Bytes/Sample", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Chunks": "#1F78C1", - "Chunks to persist": "#508642", - "Max chunks": "#052B51", - "Max to persist": "#3F6833" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 45 - }, - "hiddenSeries": false, - "id": 34, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(prometheus_tsdb_compaction_chunk_samples_sum{job=\"prometheus\",instance=\"$Prometheus:9090\"}[10m]) / rate(prometheus_tsdb_compaction_chunk_samples_count{job=\"prometheus\",instance=\"$Prometheus:9090\"}[10m])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Chunk Samples", - "metric": "prometheus_local_storage_series_chunks_persisted_count", - "refId": "A", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "First Compaction, Avg Chunk Samples", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "none", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "datasource": "default-kubecost", - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 52 - }, - "id": 55, - "panels": [], - "title": "Resource Usage", - "type": "row" - }, - { - "aliasColors": { - "Allocated bytes": "#7EB26D", - "Allocated bytes - 1m max": "#BF1B00", - "Allocated bytes - 1m min": "#BF1B00", - "Allocated bytes - 5m max": "#BF1B00", - "Allocated bytes - 5m min": "#BF1B00", - "Chunks": "#1F78C1", - "Chunks to persist": "#508642", - "Max chunks": "#052B51", - "Max to persist": "#3F6833", - "RSS": "#447EBC" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "decimals": null, - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 53 - }, - "hiddenSeries": false, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/-/", - "fill": 0 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_resident_memory_bytes{job=\"prometheus\",instance=\"$Prometheus:9090\"}", - "intervalFactor": 2, - "legendFormat": "RSS", - "metric": "process_resident_memory_bytes", - "refId": "B", - "step": 10 - }, - { - "expr": "prometheus_local_storage_target_heap_size_bytes{job=\"prometheus\",instance=\"$Prometheus:9090\"}", - "intervalFactor": 2, - "legendFormat": "Target heap size", - "metric": "go_memstats_alloc_bytes", - "refId": "D", - "step": 10 - }, - { - "expr": "go_memstats_next_gc_bytes{job=\"prometheus\",instance=\"$Prometheus:9090\"}", - "intervalFactor": 2, - "legendFormat": "Next GC", - "metric": "go_memstats_next_gc_bytes", - "refId": "C", - "step": 10 - }, - { - "expr": "go_memstats_alloc_bytes{job=\"prometheus\",instance=\"$Prometheus:9090\"}", - "intervalFactor": 2, - "legendFormat": "Allocated", - "metric": "go_memstats_alloc_bytes", - "refId": "A", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Allocated bytes": "#F9BA8F", - "Chunks": "#1F78C1", - "Chunks to persist": "#508642", - "Max chunks": "#052B51", - "Max to persist": "#3F6833", - "RSS": "#890F02" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 53 - }, - "hiddenSeries": false, - "id": 7, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(go_memstats_alloc_bytes_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[2m])", - "interval": "", - "intervalFactor": 2, - "legendFormat": "Allocated Bytes/s", - "metric": "go_memstats_alloc_bytes", - "refId": "A", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Allocations", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "decimals": 2, - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 53 - }, - "hiddenSeries": false, - "id": 9, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "irate(process_cpu_seconds_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[1m])", - "intervalFactor": 2, - "legendFormat": "Irate", - "metric": "prometheus_local_storage_ingested_samples_total", - "refId": "A", - "step": 10 - }, - { - "expr": "rate(process_cpu_seconds_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[5m])", - "intervalFactor": 2, - "legendFormat": "5m rate", - "metric": "prometheus_local_storage_ingested_samples_total", - "refId": "B", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CPU", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - "avg" - ] - }, - "yaxes": [ - { - "format": "none", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "decimals": 2, - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 60 - }, - "hiddenSeries": false, - "id": 70, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "prometheus_tsdb_symbol_table_size_bytes{job=\"prometheus\",instance=\"$Prometheus:9090\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "RAM Used", - "metric": "prometheus_local_storage_ingested_samples_total", - "refId": "A", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Symbol Tables Size", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - "avg" - ] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "decimals": 2, - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 60 - }, - "hiddenSeries": false, - "id": 71, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "prometheus_tsdb_storage_blocks_bytes_total{job=\"prometheus\",instance=\"$Prometheus:9090\"} or prometheus_tsdb_storage_blocks_bytes{job=\"prometheus\",instance=\"$Prometheus:9090\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Disk Used", - "metric": "prometheus_local_storage_ingested_samples_total", - "refId": "A", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Block Size", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - "avg" - ] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Max": "#e24d42", - "Open": "#508642" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 60 - }, - "hiddenSeries": false, - "id": 41, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_max_fds{job=\"prometheus\",instance=\"$Prometheus:9090\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Max", - "refId": "A" - }, - { - "expr": "process_open_fds{job=\"prometheus\",instance=\"$Prometheus:9090\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Open", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "File Descriptors", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "datasource": "default-kubecost", - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 67 - }, - "id": 91, - "panels": [], - "title": "Service Discovery", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 68 - }, - "hiddenSeries": false, - "id": 42, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "prometheus_sd_discovered_targets{job=\"prometheus\",instance=\"$Prometheus:9090\"}", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{name}}-{{config}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Discovered Targets", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 68 - }, - "hiddenSeries": false, - "id": 96, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(prometheus_sd_updates_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[5m])", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{name}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Sent Updates/s", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 68 - }, - "hiddenSeries": false, - "id": 97, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(prometheus_sd_received_updates_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[5m])", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{name}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Received Updates/s", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "datasource": "default-kubecost", - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 75 - }, - "id": 99, - "panels": [], - "title": "Scraping", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 76 - }, - "hiddenSeries": false, - "id": 105, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "rate(prometheus_target_interval_length_seconds_sum{job=\"prometheus\",instance=\"$Prometheus:9090\"}[2m]) / rate(prometheus_target_interval_length_seconds_count{job=\"prometheus\",instance=\"$Prometheus:9090\"}[2m])", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{interval}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Scrape Interval", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 76 - }, - "hiddenSeries": false, - "id": 104, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "rate(prometheus_target_scrapes_exceeded_sample_limit_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[2m])", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "Exceeded Sample Limit", - "refId": "A" - }, - { - "expr": "rate(prometheus_target_scrapes_sample_duplicate_timestamp_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[2m])", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "Duplicate Timestamp", - "refId": "C" - }, - { - "expr": "rate(prometheus_target_scrapes_sample_out_of_bounds_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[1m])", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "Out Of Bounds ", - "refId": "D" - }, - { - "expr": "rate(prometheus_target_scrapes_sample_out_of_order_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[1m])", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "Out of Order", - "refId": "E" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Scrape Problems/s", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "none", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 76 - }, - "hiddenSeries": false, - "id": 95, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "prometheus_target_metadata_cache_bytes{job=\"prometheus\",instance=\"$Prometheus:9090\"}", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{scrape_job}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Metadata Cache Size", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "datasource": "default-kubecost", - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 83 - }, - "id": 63, - "panels": [], - "title": "Query Engine", - "type": "row" - }, - { - "aliasColors": { - "Chunks": "#1F78C1", - "Chunks to persist": "#508642", - "Max chunks": "#052B51", - "Max to persist": "#3F6833" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "description": "Time spent in each mode, per second", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 84 - }, - "hiddenSeries": false, - "id": 24, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "rate(prometheus_engine_query_duration_seconds_sum{job=\"prometheus\",}[2m])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{slice}}", - "metric": "prometheus_local_storage_memory_chunkdescs", - "refId": "A", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Query engine timings/s", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Chunks": "#1F78C1", - "Chunks to persist": "#508642", - "Max chunks": "#052B51", - "Max to persist": "#3F6833" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 84 - }, - "hiddenSeries": false, - "id": 22, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(prometheus_rule_group_iterations_missed_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[2m]) ", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "Rule group missed", - "metric": "prometheus_local_storage_memory_chunkdescs", - "refId": "B", - "step": 10 - }, - { - "expr": "rate(prometheus_rule_evaluation_failures_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[1m])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Rule evals failed", - "metric": "prometheus_local_storage_memory_chunkdescs", - "refId": "C", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Rule group evaulation problems/s", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Chunks": "#1F78C1", - "Chunks to persist": "#508642", - "Max chunks": "#052B51", - "Max to persist": "#3F6833" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 84 - }, - "hiddenSeries": false, - "id": 23, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(prometheus_rule_group_duration_seconds_sum{job=\"prometheus\",instance=\"$Prometheus:9090\"}[2m])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "Rule evaluation duration", - "metric": "prometheus_local_storage_memory_chunkdescs", - "refId": "A", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Evaluation time of rule groups/s", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": true, - "datasource": "default-kubecost", - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 91 - }, - "id": 77, - "panels": [ - { - "aliasColors": { - "Chunks": "#1F78C1", - "Chunks to persist": "#508642", - "Max chunks": "#052B51", - "Max to persist": "#3F6833" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 92 - }, - "hiddenSeries": false, - "id": 86, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(prometheus_notifications_sent_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[1m])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{alertmanager}}", - "metric": "prometheus_local_storage_memory_chunkdescs", - "refId": "A", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Notification Sent/s", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Chunks": "#1F78C1", - "Chunks to persist": "#508642", - "Max chunks": "#052B51", - "Max to persist": "#3F6833" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 92 - }, - "hiddenSeries": false, - "id": 87, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(prometheus_notifications_errors_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[2m]) / rate(prometheus_notifications_sent_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[2m])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{alertmanager}}", - "metric": "prometheus_local_storage_memory_chunkdescs", - "refId": "A", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Notification Error Ratio", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "none", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Chunks": "#1F78C1", - "Chunks to persist": "#508642", - "Max chunks": "#052B51", - "Max to persist": "#3F6833" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 92 - }, - "hiddenSeries": false, - "id": 81, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(prometheus_notifications_latency_seconds_sum{job=\"prometheus\",instance=\"$Prometheus:9090\"}[1m]) / rate(prometheus_notifications_latency_seconds_count{job=\"prometheus\",instance=\"$Prometheus:9090\"}[1m])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{alertmanager}}", - "metric": "prometheus_local_storage_memory_chunkdescs", - "refId": "A", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Notification Latency", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Chunks": "#1F78C1", - "Chunks to persist": "#508642", - "Max chunks": "#052B51", - "Max to persist": "#3F6833" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 99 - }, - "hiddenSeries": false, - "id": 85, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "prometheus_notifications_alertmanagers_discovered{job=\"prometheus\",instance=\"$Prometheus:9090\"}", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "Alertmanagers", - "metric": "prometheus_local_storage_memory_chunkdescs", - "refId": "A", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Alertmanagers Discovered", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "none", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Chunks": "#1F78C1", - "Chunks to persist": "#508642", - "Max chunks": "#052B51", - "Max to persist": "#3F6833" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 99 - }, - "hiddenSeries": false, - "id": 89, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(prometheus_notifications_dropped_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[1m])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "Dropped", - "metric": "prometheus_local_storage_memory_chunkdescs", - "refId": "A", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Notifications Dropped/s", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "none", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Chunks": "#1F78C1", - "Chunks to persist": "#508642", - "Max chunks": "#052B51", - "Max to persist": "#3F6833" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 99 - }, - "hiddenSeries": false, - "id": 88, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "prometheus_notifications_queue_length{job=\"prometheus\",instance=\"$Prometheus:9090\"}", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "Pending", - "metric": "prometheus_local_storage_memory_chunkdescs", - "refId": "A", - "step": 10 - }, - { - "expr": "prometheus_notifications_queue_capacity{job=\"prometheus\",instance=\"$Prometheus:9090\"}", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "Max", - "metric": "prometheus_local_storage_memory_chunkdescs", - "refId": "B", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Notification Queue", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "none", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "title": "Notification", - "type": "row" - }, - { - "collapsed": false, - "datasource": "default-kubecost", - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 92 - }, - "id": 58, - "panels": [], - "title": "HTTP Server", - "type": "row" - }, - { - "aliasColors": { - "Chunks": "#1F78C1", - "Chunks to persist": "#508642", - "Max chunks": "#052B51", - "Max to persist": "#3F6833" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "description": "", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 93 - }, - "hiddenSeries": false, - "id": 38, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(prometheus_http_request_duration_seconds_count{job=\"prometheus\",instance=\"$Prometheus:9090\"}[2m])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{handler}}", - "metric": "prometheus_local_storage_memory_chunkdescs", - "refId": "A", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "HTTP requests/s", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Chunks": "#1F78C1", - "Chunks to persist": "#508642", - "Max chunks": "#052B51", - "Max to persist": "#3F6833" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "description": "", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 93 - }, - "hiddenSeries": false, - "id": 37, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(prometheus_http_request_duration_seconds_sum{job=\"prometheus\",instance=\"$Prometheus:9090\"}[2m]) / rate(prometheus_http_request_duration_seconds_count{job=\"prometheus\",instance=\"$Prometheus:9090\"}[2m])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{handler}}", - "metric": "prometheus_local_storage_memory_chunkdescs", - "refId": "A", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "HTTP request latency", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Chunks": "#1F78C1", - "Chunks to persist": "#508642", - "Max chunks": "#052B51", - "Max to persist": "#3F6833" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "description": "", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 93 - }, - "hiddenSeries": false, - "id": 36, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "rate(prometheus_http_request_duration_seconds_sum{job=\"prometheus\",instance=\"$Prometheus:9090\"}[2m])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{handler}}", - "metric": "prometheus_local_storage_memory_chunkdescs", - "refId": "A", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Time spent in HTTP requests/s", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "datasource": "default-kubecost", - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 100 - }, - "id": 61, - "panels": [], - "repeat": "RuleGroup", - "scopedVars": { - "RuleGroup": { - "selected": false, - "text": "/etc/config/rules;CPU", - "value": "/etc/config/rules;CPU" - } - }, - "title": "Rule Group: $RuleGroup", - "type": "row" - }, - { - "aliasColors": { - "Chunks": "#1F78C1", - "Chunks to persist": "#508642", - "Interval": "#890f02", - "Last Duration": "#f9934e", - "Max chunks": "#052B51", - "Max to persist": "#3F6833" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 101 - }, - "hiddenSeries": false, - "id": 43, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "repeatDirection": "h", - "scopedVars": { - "RuleGroup": { - "selected": false, - "text": "/etc/config/rules;CPU", - "value": "/etc/config/rules;CPU" - } - }, - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "prometheus_rule_group_interval_seconds{job=\"prometheus\",instance=\"$Prometheus:9090\",rule_group=~\"$RuleGroup\"}\n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Interval", - "metric": "prometheus_local_storage_memory_chunkdescs", - "refId": "A", - "step": 10 - }, - { - "expr": "prometheus_rule_group_last_duration_seconds{job=\"prometheus\",instance=\"$Prometheus:9090\",rule_group=~\"$RuleGroup\"}\n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Last Duration", - "metric": "prometheus_local_storage_memory_chunkdescs", - "refId": "B", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "$RuleGroup: Duration", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Chunks": "#1F78C1", - "Chunks to persist": "#508642", - "Interval": "#890f02", - "Last Duration": "#f9934e", - "Max chunks": "#052B51", - "Max to persist": "#3F6833" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 101 - }, - "hiddenSeries": false, - "id": 66, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeatDirection": "h", - "scopedVars": { - "RuleGroup": { - "selected": false, - "text": "/etc/config/rules;CPU", - "value": "/etc/config/rules;CPU" - } - }, - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "prometheus_rule_group_rules{job=\"prometheus\",instance=\"$Prometheus:9090\",rule_group=~\"$RuleGroup\"}\n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Rules", - "metric": "prometheus_local_storage_memory_chunkdescs", - "refId": "A", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "$RuleGroup: Rules", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 0, - "format": "none", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "datasource": "default-kubecost", - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 108 - }, - "id": 108, - "panels": [], - "repeat": null, - "repeatIteration": 1603144824023, - "repeatPanelId": 61, - "scopedVars": { - "RuleGroup": { - "selected": false, - "text": "/etc/config/rules;Savings", - "value": "/etc/config/rules;Savings" - } - }, - "title": "Rule Group: $RuleGroup", - "type": "row" - }, - { - "aliasColors": { - "Chunks": "#1F78C1", - "Chunks to persist": "#508642", - "Interval": "#890f02", - "Last Duration": "#f9934e", - "Max chunks": "#052B51", - "Max to persist": "#3F6833" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 109 - }, - "hiddenSeries": false, - "id": 109, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "repeatDirection": "h", - "repeatIteration": 1603144824023, - "repeatPanelId": 43, - "repeatedByRow": true, - "scopedVars": { - "RuleGroup": { - "selected": false, - "text": "/etc/config/rules;Savings", - "value": "/etc/config/rules;Savings" - } - }, - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "prometheus_rule_group_interval_seconds{job=\"prometheus\",instance=\"$Prometheus:9090\",rule_group=~\"$RuleGroup\"}\n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Interval", - "metric": "prometheus_local_storage_memory_chunkdescs", - "refId": "A", - "step": 10 - }, - { - "expr": "prometheus_rule_group_last_duration_seconds{job=\"prometheus\",instance=\"$Prometheus:9090\",rule_group=~\"$RuleGroup\"}\n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Last Duration", - "metric": "prometheus_local_storage_memory_chunkdescs", - "refId": "B", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "$RuleGroup: Duration", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Chunks": "#1F78C1", - "Chunks to persist": "#508642", - "Interval": "#890f02", - "Last Duration": "#f9934e", - "Max chunks": "#052B51", - "Max to persist": "#3F6833" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "default-kubecost", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 109 - }, - "hiddenSeries": false, - "id": 110, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.1", - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeatDirection": "h", - "repeatIteration": 1603144824023, - "repeatPanelId": 66, - "repeatedByRow": true, - "scopedVars": { - "RuleGroup": { - "selected": false, - "text": "/etc/config/rules;Savings", - "value": "/etc/config/rules;Savings" - } - }, - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "prometheus_rule_group_rules{job=\"prometheus\",instance=\"$Prometheus:9090\",rule_group=~\"$RuleGroup\"}\n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Rules", - "metric": "prometheus_local_storage_memory_chunkdescs", - "refId": "A", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "$RuleGroup: Rules", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 0, - "format": "none", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": false, - "schemaVersion": 26, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "allValue": null, - "current": { - "selected": false, - "text": "localhost", - "value": "localhost" - }, - "datasource": "default-kubecost", - "definition": "", - "hide": 0, - "includeAll": false, - "label": null, - "multi": false, - "name": "Prometheus", - "options": [], - "query": "query_result(up{job=\"prometheus\"} == 1)", - "refresh": 2, - "regex": ".*instance=\"([^\"]+):9090\".*", - "skipUrlSync": false, - "sort": 0, - "tagValuesQuery": null, - "tags": [], - "tagsQuery": null, - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "selected": false, - "text": "All", - "value": "$__all" - }, - "datasource": "default-kubecost", - "definition": "", - "hide": 2, - "includeAll": true, - "label": null, - "multi": false, - "name": "RuleGroup", - "options": [], - "query": "prometheus_rule_group_last_duration_seconds{job=\"prometheus\",instance=\"$Prometheus:9090\"}", - "refresh": 2, - "regex": ".*rule_group=\"(.*?)\".*", - "skipUrlSync": false, - "sort": 1, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-24h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "utc", - "title": "Prometheus Benchmark - 2.17.x", - "uid": "L0HBvojWz", - "version": 4 -} diff --git a/charts/kubecost/cost-analyzer/1.70.000/questions.yml b/charts/kubecost/cost-analyzer/1.70.000/questions.yml deleted file mode 100755 index ce86c64fb..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/questions.yml +++ /dev/null @@ -1,160 +0,0 @@ -questions: -# General Settings -- variable: kubecostProductConfigs.clusterName - label: Cluster Name - description: "Used for display in the cost-analyzer UI (Can be renamed in the UI)" - type: string - required: true - default: "" - group: General Settings -- variable: persistentVolume.enabled - label: Enable Persistent Volume for CostAnalyzer - description: "If true, Kubecost will create a Persistent Volume Claim for product config data" - type: boolean - default: false - show_subquestion_if: true - group: "General Settings" - subquestions: - - variable: persistentVolume.size - label: CostAnalyzer Persistent Volume Size - type: string - default: "0.2Gi" - -# Prometheus Server -- variable: global.prometheus.enabled - label: Enable Prometheus - description: If false, use an existing Prometheus install - type: boolean - default: true - group: "Prometheus" -- variable: prometheus.kubeStateMetrics.enabled - label: Enable KubeStateMetrics - description: "If true, deploy kube-state-metrics for Kubernetes metrics" - type: boolean - default: true - show_if: "global.prometheus.enabled=true" - group: "Prometheus" -- variable: prometheus.server.retention - label: Prometheus Server Retention - description: "Determines when to remove old data" - type: string - default: "15d" - show_if: "global.prometheus.enabled=true" - group: "Prometheus" -- variable: prometheus.server.persistentVolume.enabled - label: Create Persistent Volume for Prometheus - description: "If true, prometheus will create a persistent volume claim" - type: boolean - required: true - default: false - group: "Prometheus" - show_if: "global.prometheus.enabled=true" - show_subquestion_if: true - subquestions: - - variable: prometheus.server.persistentVolume.size - label: Prometheus Persistent Volume Size - type: string - default: "8Gi" - - variable: prometheus.server.persistentVolume.storageClass - label: Prometheus Persistent Volume StorageClass - description: "Prometheus data persistent volume storageClass, if not set use default StorageClass" - default: "" - type: storageclass - - variable: prometheus.server.persistentVolume.existingClaim - label: Existing Persistent Volume Claim for Prometheus - description: "If not empty, uses the specified existing PVC instead of creating new one" - type: pvc - default: "" - -# Prometheus Node Exporter -- variable: prometheus.nodeExporter.enabled - label: Enable NodeExporter - description: "If false, do not create NodeExporter daemonset" - type: boolean - default: true - group: "NodeExporter" -- variable: prometheus.serviceAccounts.nodeExporter.create - label: Enable Service Accounts NodeExporter - description: "If false, do not create NodeExporter daemonset" - type: boolean - default: true - group: "NodeExporter" - -# Prometheus AlertManager -- variable: prometheus.alertmanager.enabled - label: Enable AlertManager - type: boolean - default: true - group: "AlertManager" -- variable: prometheus.alertmanager.persistentVolume.enabled - label: Create Persistent Volume for AlertManager - description: "If true, alertmanager will create a persistent volume claim" - type: boolean - required: true - default: false - group: "AlertManager" - show_if: "prometheus.alertmanager.enabled=true" - show_subquestion_if: true - subquestions: - - variable: prometheus.alertmanager.persistentVolume.size - default: "2Gi" - description: "AlertManager data persistent volume size" - type: string - label: AlertManager Persistent Volume Size - - variable: prometheus.alertmanager.persistentVolume.storageClass - default: "" - description: "Alertmanager data persistent volume storageClass, if not set use default StorageClass" - type: storageclass - label: AlertManager Persistent Volume StorageClass - - variable: prometheus.alertmanager.persistentVolume.existingClaim - default: "" - description: "If not empty, uses the specified existing PVC instead of creating new one" - type: pvc - label: Existing Persistent Volume Claim for AlertManager - -# PushGateway -- variable: prometheus.pushgateway.enabled - label: Enable PushGateway - type: boolean - default: true - group: "PushGateway" -- variable: prometheus.pushgateway.persistentVolume.enabled - label: Create Persistent Volume for PushGateway - description: "If true, PushGateway will create a persistent volume claim" - required: true - type: boolean - default: false - group: "PushGateway" - show_if: "prometheus.pushgateway.enabled=true" - show_subquestion_if: true - subquestions: - - variable: prometheus.prometheus.pushgateway.persistentVolume.size - label: PushGateway Persistent Volume Size - type: string - default: "2Gi" - - variable: prometheus.pushgateway.persistentVolume.storageClass - label: PushGateway Persistent Volume StorageClass - description: "PushGateway data persistent volume storageClass, if not set use default StorageClass" - type: storageclass - default: "" - - variable: prometheus.pushgateway.persistentVolume.existingClaim - label: Existing Persistent Volume Claim for PushGateway - description: "If not empty, uses the specified existing PVC instead of creating new one" - type: pvc - default: "" - -# Services and Load Balancing -- variable: ingress.enabled - label: Enable Ingress - description: "Expose app using Ingress (Layer 7 Load Balancer)" - default: true - type: boolean - show_subquestion_if: true - group: "Services and Load Balancing" - subquestions: - - variable: ingress.hosts[0] - default: "xip.io" - description: "Hostname to your CostAnalyzer installation" - type: hostname - required: true - label: Hostname diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/NOTES.txt b/charts/kubecost/cost-analyzer/1.70.000/templates/NOTES.txt deleted file mode 100755 index bbc2594e9..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/templates/NOTES.txt +++ /dev/null @@ -1,10 +0,0 @@ - - --------------------------------------------------- -{{- $servicePort := .Values.service.port | default 9090 -}} -Kubecost has been successfully installed. When pods are Ready, you can enable port-forwarding with the following command: - - kubectl port-forward --namespace {{ .Release.Namespace }} deployment/{{ template "cost-analyzer.fullname" . }} {{ $servicePort }} - -Next, navigate to http://localhost:{{ $servicePort }} in a web browser. - diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/_helpers.tpl b/charts/kubecost/cost-analyzer/1.70.000/templates/_helpers.tpl deleted file mode 100755 index 95e2dca20..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/templates/_helpers.tpl +++ /dev/null @@ -1,200 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "cost-analyzer.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "cost-analyzer.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create the fully qualified name for Prometheus server service. -*/}} -{{- define "cost-analyzer.prometheus.server.name" -}} -{{- if .Values.prometheus -}} -{{- if .Values.prometheus.server -}} -{{- if .Values.prometheus.server.fullnameOverride -}} -{{- .Values.prometheus.server.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-prometheus-server" .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- else -}} -{{- printf "%s-prometheus-server" .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- else -}} -{{- printf "%s-prometheus-server" .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} - -{{/* -Create the fully qualified name for Prometheus alertmanager service. -*/}} -{{- define "cost-analyzer.prometheus.alertmanager.name" -}} -{{- if .Values.prometheus -}} -{{- if .Values.prometheus.alertmanager -}} -{{- if .Values.prometheus.alertmanager.fullnameOverride -}} -{{- .Values.prometheus.alertmanager.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-prometheus-alertmanager" .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- else -}} -{{- printf "%s-prometheus-alertmanager" .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- else -}} -{{- printf "%s-prometheus-alertmanager" .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} - -{{- define "cost-analyzer.serviceName" -}} -{{- printf "%s-%s" .Release.Name "cost-analyzer" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Network Costs name used to tie autodiscovery of metrics to daemon set pods -*/}} -{{- define "cost-analyzer.networkCostsName" -}} -{{- printf "%s-%s" .Release.Name "network-costs" -}} -{{- end -}} - -{{- define "kubecost.clusterControllerName" -}} -{{- printf "%s-%s" .Release.Name "cluster-controller" -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "cost-analyzer.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create the name of the service account -*/}} -{{- define "cost-analyzer.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "cost-analyzer.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Create the common labels. -*/}} -{{- define "cost-analyzer.commonLabels" -}} -app.kubernetes.io/name: {{ include "cost-analyzer.name" . }} -helm.sh/chart: {{ include "cost-analyzer.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -app: cost-analyzer -{{- end -}} - -{{/* -Create the selector labels. -*/}} -{{- define "cost-analyzer.selectorLabels" -}} -app.kubernetes.io/name: {{ include "cost-analyzer.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -app: cost-analyzer -{{- end -}} - -{{/* -Return the appropriate apiVersion for daemonset. -*/}} -{{- define "cost-analyzer.daemonset.apiVersion" -}} -{{- if semverCompare "<1.9-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "extensions/v1beta1" -}} -{{- else if semverCompare "^1.9-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for priorityClass. -*/}} -{{- define "cost-analyzer.priorityClass.apiVersion" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "scheduling.k8s.io/v1beta1" -}} -{{- else if semverCompare "^1.14-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "scheduling.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for networkpolicy. -*/}} -{{- define "cost-analyzer.networkPolicy.apiVersion" -}} -{{- if semverCompare ">=1.4-0, <1.7-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "extensions/v1beta1" -}} -{{- else if semverCompare "^1.7-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "networking.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for podsecuritypolicy. -*/}} -{{- define "cost-analyzer.podSecurityPolicy.apiVersion" -}} -{{- if semverCompare ">=1.3-0, <1.10-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "extensions/v1beta1" -}} -{{- else if semverCompare "^1.10-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "policy/v1beta1" -}} -{{- end -}} -{{- end -}} - -{{/* -Recursive filter which accepts a map containing an input map (.v) and an output map (.r). The template -will traverse all values inside .v recursively writing non-map values to the output .r. If a nested map -is discovered, we look for an 'enabled' key. If it doesn't exist, we continue traversing the -map. If it does exist, we omit the inner map traversal iff enabled is false. This filter writes the -enabled only version to the output .r -*/}} -{{- define "cost-analyzer.filter" -}} -{{- $v := .v }} -{{- $r := .r }} -{{- range $key, $value := .v }} - {{- $tp := kindOf $value -}} - {{- if eq $tp "map" -}} - {{- $isEnabled := true -}} - {{- if (hasKey $value "enabled") -}} - {{- $isEnabled = $value.enabled -}} - {{- end -}} - {{- if $isEnabled -}} - {{- $rr := "{}" | fromYaml }} - {{- template "cost-analyzer.filter" (dict "v" $value "r" $rr) }} - {{- $_ := set $r $key $rr -}} - {{- end -}} - {{- else -}} - {{- $_ := set $r $key $value -}} - {{- end -}} -{{- end -}} -{{- end -}} - -{{/* -This template accepts a map and returns a base64 encoded json version of the map where all disabled -leaf nodes are omitted. - -The implied use case is {{ template "cost-analyzer.filterEnabled" .Values }} -*/}} -{{- define "cost-analyzer.filterEnabled" -}} -{{- $result := "{}" | fromYaml }} -{{- template "cost-analyzer.filter" (dict "v" . "r" $result) }} -{{- $result | toJson | b64enc }} -{{- end -}} \ No newline at end of file diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/aws-service-key-secret.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/aws-service-key-secret.yaml deleted file mode 100755 index 6b8de4d5e..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/templates/aws-service-key-secret.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.kubecostProductConfigs }} -{{- if .Values.kubecostProductConfigs.createServiceKeySecret }} -{{- if .Values.kubecostProductConfigs.awsServiceKeyName }} -apiVersion: v1 -kind: Secret -metadata: - name: cloud-service-key -type: Opaque -stringData: - service-key.json: |- - { - "aws_access_key_id": "{{ .Values.kubecostProductConfigs.awsServiceKeyName }}", - "aws_secret_access_key": "{{ .Values.kubecostProductConfigs.awsServiceKeyPassword }}" - } -{{- end -}} -{{- end -}} -{{- end -}} \ No newline at end of file diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/awsstore-deployment-template.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/awsstore-deployment-template.yaml deleted file mode 100755 index 35f5b9991..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/templates/awsstore-deployment-template.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if .Values.awsstore }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "cost-analyzer.fullname" . }}-awsstore - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} -spec: - selector: - matchLabels: - app: awsstore - strategy: - rollingUpdate: - maxSurge: 1 - maxUnavailable: 1 - type: RollingUpdate - template: - metadata: - labels: - app: awsstore - spec: - serviceAccountName: awsstore-serviceaccount - containers: - - image: {{ .Values.awsstore.imageNameAndVersion }} - name: awsstore -{{- end }} \ No newline at end of file diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/awsstore-service-account-template.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/awsstore-service-account-template.yaml deleted file mode 100755 index 65f37e652..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/templates/awsstore-service-account-template.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if .Values.awsstore }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: awsstore-serviceaccount - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} -{{- with .Values.awsstore.annotations }} - annotations: - {{- toYaml . | nindent 4 }} -{{- end }} -{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/azure-service-key-secret.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/azure-service-key-secret.yaml deleted file mode 100755 index bb71e064b..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/templates/azure-service-key-secret.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.kubecostProductConfigs }} -{{- if .Values.kubecostProductConfigs.createServiceKeySecret }} -{{- if .Values.kubecostProductConfigs.azureSubscriptionID }} -apiVersion: v1 -kind: Secret -metadata: - name: cloud-service-key -type: Opaque -stringData: - service-key.json: |- - { - "subscriptionId": "{{ .Values.kubecostProductConfigs.azureSubscriptionID }}", - "serviceKey": { - "appId": "{{ .Values.kubecostProductConfigs.azureClientID }}", - "password": "{{ .Values.kubecostProductConfigs.azureClientPassword }}", - "tenant": "{{ .Values.kubecostProductConfigs.azureTenantID }}" - } - } -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-alerts-configmap.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-alerts-configmap.yaml deleted file mode 100755 index b627cf874..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-alerts-configmap.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if .Values.global.notifications.alertConfigs }} -{{- if .Values.global.notifications.alertConfigs.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: alert-configs - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} -data: - alerts.json: '{{ toJson .Values.global.notifications.alertConfigs }}' -{{- end -}} -{{- end -}} diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-checks-template.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-checks-template.yaml deleted file mode 100755 index eef8d187d..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-checks-template.yaml +++ /dev/null @@ -1,63 +0,0 @@ -{{- if .Values.kubecostChecks -}} -{{- if .Values.kubecostChecks.enabled -}} -apiVersion: batch/v1beta1 -kind: CronJob -metadata: - name: cost-analyzer-checks - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} -spec: - {{- if .Values.kubecostChecks.debug }} - schedule: "*/1 * * * *" - {{- else if .Values.kubecostChecks.schedule }} - schedule: {{ .Values.kubecostChecks.schedule | quote }} - {{- else }} - schedule: "*/10 * * * *" - {{- end }} - jobTemplate: - metadata: - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 8 }} - spec: - template: - spec: - containers: - - name: cost-analyzer-checks - {{- if .Values.kubecostChecks }} - image: {{ .Values.kubecostChecks.image }}:prod-{{ $.Chart.AppVersion }} - {{- else }} - image: gcr.io/kubecost1/checks:prod-{{ $.Chart.AppVersion }} - {{ end }} - imagePullPolicy: Always - args: - - node - - ./node/cron.js - resources: -{{ toYaml .Values.kubecostChecks.resources | indent 14 }} - env: - - name: COST_ANALYZER_SERVER_ENDPOINT - value: {{ template "cost-analyzer.serviceName" . }}.{{ .Release.Namespace }}:9001 - - name: COST_ANALYZER_MODEL_ENDPOINT - {{- if .Values.saml.enabled }} - value: {{ template "cost-analyzer.serviceName" . }}.{{ .Release.Namespace }}:9004 - {{- else }} - value: {{ template "cost-analyzer.serviceName" . }}.{{ .Release.Namespace }}:9003 - {{ end }} - {{- if .Values.kubecostChecks }} - {{- if .Values.kubecostChecks.debug }} - - name: SEND_UPDATES_NOW - value: "true" - {{- end }} - {{- end }} - - name: PROMETHEUS_ALERTMANAGER_ENDPOINT - valueFrom: - configMapKeyRef: - name: {{ template "cost-analyzer.fullname" . }} - key: prometheus-alertmanager-endpoint - {{- if .Values.imagePullSecrets }} - imagePullSecrets: - {{ toYaml .Values.imagePullSecrets | indent 2 }} - {{- end }} - restartPolicy: OnFailure -{{- end -}} -{{- end -}} diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-cluser-role-template.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-cluser-role-template.yaml deleted file mode 100755 index 16f926e8a..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-cluser-role-template.yaml +++ /dev/null @@ -1,105 +0,0 @@ -{{- if and .Values.reporting .Values.reporting.logCollection -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - namespace: {{ .Release.Namespace }} - name: {{ template "cost-analyzer.serviceAccountName" . }} -rules: -- apiGroups: - - '' - resources: - - "pods/log" - verbs: - - get - - list - - watch ---- -{{- end }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "cost-analyzer.serviceAccountName" . }} - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} -rules: - - apiGroups: - - '' - resources: - - configmaps - - deployments - - nodes - - pods - - events - - services - - resourcequotas - - replicationcontrollers - - limitranges - - persistentvolumeclaims - - persistentvolumes - - namespaces - - endpoints - verbs: - - get - - list - - watch - - apiGroups: - - extensions - resources: - - daemonsets - - deployments - - replicasets - verbs: - - get - - list - - watch - - apiGroups: - - apps - resources: - - statefulsets - - deployments - - daemonsets - - replicasets - verbs: - - list - - watch - - apiGroups: - - batch - resources: - - cronjobs - - jobs - verbs: - - get - - list - - watch - - apiGroups: - - autoscaling - resources: - - horizontalpodautoscalers - verbs: - - get - - list - - watch - - apiGroups: - - policy - resources: - - poddisruptionbudgets - verbs: - - get - - list - - watch - - apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - get - - list - - watch - - apiGroups: - - events.k8s.io - resources: - - events - verbs: - - get - - list - - watch diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-cluster-role-binding-template.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-cluster-role-binding-template.yaml deleted file mode 100755 index f2952b923..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-cluster-role-binding-template.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- if .Values.reporting }} -{{- if .Values.reporting.logCollection }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "cost-analyzer.serviceAccountName" . }} - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "cost-analyzer.serviceAccountName" . }} -subjects: - - kind: ServiceAccount - name: {{ template "cost-analyzer.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} ---- -{{- end }} -{{- end }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "cost-analyzer.serviceAccountName" . }} - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "cost-analyzer.serviceAccountName" . }} -subjects: - - kind: ServiceAccount - name: {{ template "cost-analyzer.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} \ No newline at end of file diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-config-map-template.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-config-map-template.yaml deleted file mode 100755 index 86aa0ee51..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-config-map-template.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "cost-analyzer.fullname" . }} - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} -data: - {{- if .Values.global.prometheus.enabled }} - {{- if .Values.global.zone }} - prometheus-alertmanager-endpoint: http://{{ template "cost-analyzer.prometheus.alertmanager.name" . }}.{{ .Release.Namespace }}.svc.{{ .Values.global.zone }} - {{ else }} - prometheus-alertmanager-endpoint: http://{{ template "cost-analyzer.prometheus.alertmanager.name" . }}.{{ .Release.Namespace }} - {{- end -}} - {{ else }} - prometheus-alertmanager-endpoint: {{ .Values.global.notifications.alertmanager.fqdn }} - {{- end -}} - {{- if .Values.global.prometheus.enabled }} - {{- if .Values.global.zone }} - prometheus-server-endpoint: http://{{ template "cost-analyzer.prometheus.server.name" . }}.{{ .Release.Namespace }}.svc.{{ .Values.global.zone }} - {{ else }} - prometheus-server-endpoint: http://{{ template "cost-analyzer.prometheus.server.name" . }}.{{ .Release.Namespace }} - {{- end -}} - {{ else }} - prometheus-server-endpoint: {{ .Values.global.prometheus.fqdn }} - {{- end -}} - {{- if .Values.kubecostToken }} - kubecost-token: {{ .Values.kubecostToken }} - {{ else }} - kubecost-token: not-applied - {{- end -}} diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-db-pvc-template.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-db-pvc-template.yaml deleted file mode 100755 index 38b7e92f8..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-db-pvc-template.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- if (.Values.kubecostModel.etlToDisk | default true) -}} -{{- if .Values.persistentVolume -}} -{{- if not .Values.persistentVolume.dbExistingClaim -}} -{{- if .Values.persistentVolume.enabled -}} -{{- if .Values.persistentVolume.dbPVEnabled -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ template "cost-analyzer.fullname" . }}-db - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} -spec: - accessModes: - - ReadWriteOnce - {{- if .Values.persistentVolume.dbStorageClass }} - storageClassName: {{ .Values.persistentVolume.dbStorageClass }} - {{ end }} - resources: - requests: - {{- if .Values.persistentVolume }} - storage: {{ .Values.persistentVolume.dbSize }} - {{- else }} - storage: 32.0Gi - {{ end }} -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-deployment-template.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-deployment-template.yaml deleted file mode 100755 index 2bfd2896b..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-deployment-template.yaml +++ /dev/null @@ -1,672 +0,0 @@ -{{- $nginxPort := int .Values.service.port | default 9090 -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "cost-analyzer.fullname" . }} - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} -{{- if .Values.kubecostDeployment }} -{{- with .Values.kubecostDeployment.labels }} -{{ toYaml . | indent 4 }} -{{- end }} -{{- end }} -spec: -{{- if .Values.kubecostDeployment }} - replicas: {{ .Values.kubecostDeployment.replicas | default 1 }} -{{- end }} - selector: - matchLabels: -{{ include "cost-analyzer.selectorLabels" . | nindent 8}} - strategy: - rollingUpdate: - maxSurge: 1 - maxUnavailable: 1 - type: RollingUpdate - template: - metadata: - labels: - {{ include "cost-analyzer.selectorLabels" . | nindent 8 }} -{{- if .Values.kubecostDeployment }} -{{- with .Values.kubecostDeployment.labels }} -{{ toYaml . | indent 8 }} -{{- end }} -{{- end }} -{{- if .Values.global.podAnnotations}} - annotations: -{{- with .Values.global.podAnnotations }} -{{ toYaml . | indent 8 }} -{{- end }} -{{- end }} - spec: - {{- if .Values.kubecostFrontend.tls }} - {{- if .Values.kubecostFrontend.tls.enabled }} - securityContext: - runAsUser: 0 - {{- else }} - securityContext: - runAsUser: 1001 - runAsGroup: 1001 - fsGroup: 1001 - {{- end }} - {{- else if lt $nginxPort 1025 }} - securityContext: - runAsUser: 0 - {{- else }} - securityContext: - runAsUser: 1001 - runAsGroup: 1001 - fsGroup: 1001 - {{- end }} - restartPolicy: Always - serviceAccountName: {{ template "cost-analyzer.serviceAccountName" . }} - volumes: - - name: nginx-conf - configMap: - name: nginx-conf - items: - - key: nginx.conf - path: default.conf - {{- if .Values.kubecostProductConfigs }} - {{- if .Values.kubecostProductConfigs.productKey }} - {{- if .Values.kubecostProductConfigs.productKey.secretname }} - - name: productkey-secret - secret: - secretName: {{ .Values.kubecostProductConfigs.productKey.secretname }} - items: - - key: productkey.json - path: productkey.json - {{- end }} - {{- end -}} - {{- if .Values.kubecostProductConfigs.gcpSecretName }} - - name: gcp-key-secret - secret: - secretName: {{ .Values.kubecostProductConfigs.gcpSecretName }} - items: - - key: compute-viewer-kubecost-key.json - path: key.json - {{- end }} - {{- if .Values.kubecostProductConfigs.serviceKeySecretName }} - - name: service-key-secret - secret: - secretName: {{ .Values.kubecostProductConfigs.serviceKeySecretName }} - {{- else if .Values.kubecostProductConfigs.createServiceKeySecret }} - - name: service-key-secret - secret: - secretName: cloud-service-key - {{- end }} - {{- if .Values.kubecostProductConfigs.clusters }} - - name: kubecost-clusters - configMap: - name: kubecost-clusters - {{- range .Values.kubecostProductConfigs.clusters }} - {{- if .auth }} - {{- if .auth.secretName }} - - name: {{ .auth.secretName }} - secret: - secretName: {{ .auth.secretName }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - {{- if .Values.kubecostFrontend.tls }} - {{- if .Values.kubecostFrontend.tls.enabled }} - - name: tls - secret: - secretName : {{ .Values.kubecostFrontend.tls.secretName }} - items: - - key: tls.crt - path: kc.crt - - key: tls.key - path: kc.key - {{- end }} - {{- end }} - {{- if .Values.saml }} - {{- if .Values.saml.enabled }} - {{- if .Values.saml.secretName }} - - name: secret-volume - secret: - secretName: {{ .Values.saml.secretName }} - {{- end }} - {{- if .Values.saml.metadataSecretName }} - - name: metadata-secret-volume - secret: - secretName: {{ .Values.saml.metadataSecretName }} - {{- end }} - {{- if .Values.saml.rbac.enabled }} - - name: saml-roles - configMap: - name: {{ template "cost-analyzer.fullname" . }}-saml - {{- end }} - {{- end }} - {{- end }} - - name: persistent-configs -{{- if .Values.persistentVolume }} -{{- if .Values.persistentVolume.enabled }} - persistentVolumeClaim: -{{- if .Values.persistentVolume.existingClaim }} - claimName: {{ .Values.persistentVolume.existingClaim }} -{{- else }} - claimName: {{ template "cost-analyzer.fullname" . }} -{{- end -}} -{{- else }} - emptyDir: {} -{{- end -}} -{{- else }} - persistentVolumeClaim: - claimName: {{ template "cost-analyzer.fullname" . }} -{{- end }} -{{- if and (.Values.kubecostModel.etlToDisk | default true) .Values.persistentVolume.dbPVEnabled }} - - name: persistent-db -{{- if .Values.persistentVolume }} -{{- if .Values.persistentVolume.enabled }} - persistentVolumeClaim: -{{- if .Values.persistentVolume.dbExistingClaim }} - claimName: {{ .Values.persistentVolume.dbExistingClaim }} -{{- else }} - claimName: {{ template "cost-analyzer.fullname" . }}-db -{{- end -}} -{{- else }} - emptyDir: {} -{{- end -}} -{{- else }} - persistentVolumeClaim: - claimName: {{ template "cost-analyzer.fullname" . }}-db -{{- end }} -{{- end }} - initContainers: -{{- if .Values.supportNFS }} - - name: config-db-perms-fix - {{- if .Values.initChownDataImage }} - image: {{ .Values.initChownDataImage }} - {{- else }} - image: busybox - {{- end }} - resources: -{{ toYaml .Values.initChownData.resources | indent 12 }} - {{- if and (.Values.kubecostModel.etlToDisk | default true) .Values.persistentVolume.dbPVEnabled }} - command: ["sh", "-c", "/bin/chmod -R 777 /var/configs && /bin/chmod -R 777 /var/db"] - {{- else }} - command: ["sh", "-c", "/bin/chmod -R 777 /var/configs"] - {{- end}} - volumeMounts: - - name: persistent-configs - mountPath: /var/configs - {{- if and (.Values.kubecostModel.etlToDisk | default true) .Values.persistentVolume.dbPVEnabled }} - - name: persistent-db - mountPath: /var/db - {{- end }} - securityContext: - runAsUser: 0 -{{ end }} - containers: - {{- if .Values.kubecostModel }} - {{- if .Values.imageVersion}} - - image: {{ .Values.kubecostModel.image }}:{{ .Values.imageVersion }} - {{- else }} - - image: {{ .Values.kubecostModel.image }}:prod-{{ $.Chart.AppVersion }} - {{ end }} - {{- else }} - - image: gcr.io/kubecost1/cost-model:prod-{{ $.Chart.AppVersion }} - {{ end }} - name: cost-model - {{- if .Values.kubecostModel.imagePullPolicy }} - imagePullPolicy: {{ .Values.kubecostModel.imagePullPolicy }} - {{- else }} - imagePullPolicy: Always - {{- end }} - resources: -{{ toYaml .Values.kubecostModel.resources | indent 12 }} - readinessProbe: - httpGet: - path: /healthz - port: 9003 - initialDelaySeconds: 30 - periodSeconds: 10 - failureThreshold: 200 - volumeMounts: - - name: persistent-configs - mountPath: /var/configs - {{- if and (.Values.kubecostModel.etlToDisk | default true) .Values.persistentVolume.dbPVEnabled }} - - name: persistent-db - mountPath: /var/db - {{- end }} - {{- if .Values.kubecostProductConfigs }} - {{- if .Values.kubecostProductConfigs.productKey }} - {{- if .Values.kubecostProductConfigs.productKey.secretname }} - - name: productkey-secret - mountPath: /var/configs/productkey - {{- end }} - {{- end }} - {{- if .Values.kubecostProductConfigs.gcpSecretName }} - - name: gcp-key-secret - mountPath: /models - {{- end }} - {{- if or .Values.kubecostProductConfigs.serviceKeySecretName .Values.kubecostProductConfigs.createServiceKeySecret }} - - name: service-key-secret - mountPath: /var/secrets - {{- end }} - {{- if .Values.kubecostProductConfigs.clusters }} - - name: kubecost-clusters - mountPath: /var/configs/clusters - {{- range .Values.kubecostProductConfigs.clusters }} - {{- if .auth }} - {{- if .auth.secretName }} - - name: {{ .auth.secretName }} - mountPath: /var/secrets/{{ .auth.secretName }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - {{- if .Values.saml }} - {{- if .Values.saml.enabled }} - {{- if .Values.saml.secretName }} - - name: secret-volume - mountPath: /var/configs/secret-volume - {{- end }} - {{- if .Values.saml.metadataSecretName }} - - name: metadata-secret-volume - mountPath: /var/configs/metadata-secret-volume - {{- end }} - {{- if .Values.saml.rbac.enabled }} - - name: saml-roles - mountPath: /var/configs/saml - {{- end }} - {{- end }} - {{- end }} - env: - - name: PROMETHEUS_SERVER_ENDPOINT - valueFrom: - configMapKeyRef: - name: {{ template "cost-analyzer.fullname" . }} - key: prometheus-server-endpoint - - name: CLOUD_PROVIDER_API_KEY - value: "AIzaSyDXQPG_MHUEy9neR7stolq6l0ujXmjJlvk" # The GCP Pricing API requires a key. - - name: GOOGLE_APPLICATION_CREDENTIALS - value: /var/configs/key.json - - name: CONFIG_PATH - value: /var/configs/ - - name: DB_PATH - value: /var/db/ - - name: CLUSTER_PROFILE - {{- if .Values.kubecostProductConfigs }} - value: {{ .Values.kubecostProductConfigs.clusterProfile | default "production" }} - {{- else }} - value: production - {{- end }} - - name: REMOTE_WRITE_PASSWORD - value: {{ .Values.remoteWrite.postgres.auth.password }} - {{- if .Values.remoteWrite.postgres.enabled }} - - name: REMOTE_WRITE_ENABLED - value: "true" - {{- end }} - - name: GOGC - value: "60" - {{- if .Values.global.thanos.queryServiceBasicAuthSecretName}} - - name: MC_BASIC_AUTH_USERNAME - valueFrom: - secretKeyRef: - name: {{ .Values.global.thanos.queryServiceBasicAuthSecretName }} - key: USERNAME - - name: MC_BASIC_AUTH_PW - valueFrom: - secretKeyRef: - name: {{ .Values.global.thanos.queryServiceBasicAuthSecretName }} - key: PASSWORD - {{- end }} - {{- if .Values.global.prometheus.queryServiceBasicAuthSecretName}} - - name: DB_BASIC_AUTH_USERNAME - valueFrom: - secretKeyRef: - name: {{ .Values.global.prometheus.queryServiceBasicAuthSecretName }} - key: USERNAME - - name: DB_BASIC_AUTH_PW - valueFrom: - secretKeyRef: - name: {{ .Values.global.prometheus.queryServiceBasicAuthSecretName }} - key: PASSWORD - {{- end }} - {{- if .Values.global.prometheus.queryServiceBearerTokenSecretName }} - - name: DB_BEARER_TOKEN - valueFrom: - secretKeyRef: - name: {{ .Values.global.prometheus.queryServiceBearerTokenSecretName }} - key: TOKEN - {{- end }} - {{- if .Values.global.thanos.queryServiceBearerTokenSecretName }} - - name: MC_BEARER_TOKEN - valueFrom: - secretKeyRef: - name: {{ .Values.global.thanos.queryServiceBearerTokenSecretName }} - key: TOKEN - {{- end }} - {{- if .Values.global.prometheus.insecureSkipVerify }} - - name: INSECURE_SKIP_VERIFY - value: {{ (quote .Values.global.prometheus.insecureSkipVerify) }} - {{- end }} - {{- if .Values.pricingCsv }} - {{- if .Values.pricingCsv.enabled }} - - name: USE_CSV_PROVIDER - value: "true" - - name: CSV_PATH - value: {{ .Values.pricingCsv.location.URI }} - - name: CSV_REGION - value: {{ .Values.pricingCsv.location.region }} - {{- if eq .Values.pricingCsv.location.provider "AWS"}} - {{- if .Values.pricingCsv.location.csvAccessCredentials }} - - name: AWS_ACCESS_KEY_ID - valueFrom: - secretKeyRef: - name: {{ .Values.pricingCsv.location.csvAccessCredentials }} - key: AWS_ACCESS_KEY_ID - - name: AWS_SECRET_ACCESS_KEY - valueFrom: - secretKeyRef: - name: {{ .Values.pricingCsv.location.csvAccessCredentials }} - key: AWS_SECRET_ACCESS_KEY - {{- end }} - {{- end }} - {{- end }} - {{- end }} - {{- if .Values.reporting }} - - name: LOG_COLLECTION_ENABLED - value: {{ (quote .Values.reporting.logCollection ) | default (quote true) }} - - name: PRODUCT_ANALYTICS_ENABLED - value: {{ (quote .Values.reporting.productAnalytics ) | default (quote true) }} - - name: ERROR_REPORTING_ENABLED - value: {{ (quote .Values.reporting.errorReporting ) | default (quote true) }} - - name: VALUES_REPORTING_ENABLED - value: {{ (quote .Values.reporting.valuesReporting) | default (quote true) }} - {{- if .Values.reporting.errorReporting }} - - name: SENTRY_DSN - value: "https://71964476292e4087af8d5072afe43abd@o394722.ingest.sentry.io/5245431" - {{- end }} - {{- end }} - - name: CACHE_WARMING_ENABLED - value: {{ (quote .Values.kubecostModel.warmCache) | default (quote true) }} - - name: SAVINGS_CACHE_WARMING_ENABLED - value: {{ (quote .Values.kubecostModel.warmSavingsCache) | default (quote true) }} - - name: ETL_ENABLED - value: {{ (quote .Values.kubecostModel.etl) | default (quote true) }} - - name: ETL_TO_DISK_ENABLED - value: {{ (quote .Values.kubecostModel.etlToDisk) | default (quote true) }} - - name : ETL_CLOUD_ASSETS_ENABLED - value: {{ (quote .Values.kubecostModel.etlCloudAssets) | default (quote true) }} - {{- if .Values.persistentVolume.dbPVEnabled }} - - name: ETL_PATH_PREFIX - value: "/var/db" - {{- end }} - {{- if .Values.kubecostModel.etlStoreDurationDays }} - - name: ETL_STORE_DURATION_DAYS - value: {{ (quote .Values.kubecostModel.etlStoreDurationDays) | default (quote 120) }} - {{- end }} - - name: PV_ENABLED - value: {{ (quote .Values.persistentVolume.enabled) | default (quote true) }} - - name: MAX_QUERY_CONCURRENCY - value: {{ (quote .Values.kubecostModel.maxQueryConcurrency) | default (quote 5) }} - - name: UTC_OFFSET - value: {{ (quote .Values.kubecostModel.utcOffset) | default (quote ) }} - {{- if .Values.networkCosts }} - {{- if .Values.networkCosts.enabled }} - - name: NETWORK_COSTS_PORT - value: {{ quote .Values.networkCosts.port | default (quote 3001) }} - {{- end }} - {{- end }} - {{- /* - If queryService is set, the cost-analyzer will always pass THANOS_ENABLED as true - to ensure that the custom query service target is used. The global.thanos.enabled - flag does not have any affect on this behavior. - */}} - {{- if .Values.global.thanos.queryService }} - - name: THANOS_ENABLED - value: "true" - - name: THANOS_QUERY_URL - value: {{ .Values.global.thanos.queryService }} - - name: THANOS_QUERY_OFFSET - value: {{ .Values.global.thanos.queryOffset | default "3h" }} - - name: THANOS_MAX_SOURCE_RESOLUTION - value: {{ .Values.kubecostModel.maxSourceResolution | default "raw" }} - {{- else if and .Values.global.thanos.enabled .Values.thanos }} - {{- if .Values.thanos.query }} - {{- if .Values.thanos.query.enabled }} - - name: THANOS_ENABLED - value: "true" - - name: THANOS_QUERY_URL - value: http://{{ .Release.Name }}-thanos-query-frontend-http.{{ .Release.Namespace }}:{{ .Values.thanos.queryFrontend.http.port }} - - name: THANOS_QUERY_OFFSET - value: {{ .Values.global.thanos.queryOffset | default "3h" }} - - name: THANOS_MAX_SOURCE_RESOLUTION - value: {{ .Values.kubecostModel.maxSourceResolution | default "raw" }} - {{- end }} - {{- end }} - {{- end }} - {{- if .Values.saml }} - {{- if .Values.saml.enabled }} - - name: SAML_ENABLED - value: "true" - - name: IDP_URL - value: {{ .Values.saml.idpMetadataURL }} - - name: SP_HOST - value: {{ .Values.saml.appRootURL }} - {{- if .Values.saml.audienceURI }} - - name: AUDIENCE_URI - value: {{ .Values.saml.audienceURI }} - {{- end }} - {{- if .Values.saml.rbac.enabled }} - - name: SAML_RBAC_ENABLED - value: "true" - {{- end }} - {{- end }} - {{- end }} - {{- if and (.Values.prometheus.server.global.external_labels.cluster_id) (not .Values.prometheus.server.clusterIDConfigmap) }} - - name: CLUSTER_ID - value: {{ .Values.prometheus.server.global.external_labels.cluster_id }} - {{- end }} - {{- if .Values.prometheus.server.clusterIDConfigmap }} - - name: CLUSTER_ID - valueFrom: - configMapKeyRef: - name: {{ .Values.prometheus.server.clusterIDConfigmap }} - key: CLUSTER_ID - {{- end }} - {{- if .Values.remoteWrite.postgres.installLocal }} - - name: SQL_ADDRESS - value: pgprometheus - {{- else }} - - name: SQL_ADDRESS - value: {{ .Values.remoteWrite.postgres.remotePostgresAddress }} - {{- end }} - - name: RELEASE_NAME - value: {{ .Release.Name }} - - name: KUBECOST_NAMESPACE - value: {{ .Release.Namespace }} - - name: KUBECOST_TOKEN - valueFrom: - configMapKeyRef: - name: {{ template "cost-analyzer.fullname" . }} - key: kubecost-token - {{- if .Values.kubecostFrontend }} - {{- if .Values.imageVersion}} - - image: {{ .Values.kubecostFrontend.image }}:{{ .Values.imageVersion }} - {{- else }} - - image: {{ .Values.kubecostFrontend.image }}:prod-{{ $.Chart.AppVersion }} - {{ end }} - {{- else }} - - image: gcr.io/kubecost1/frontend:prod-{{ $.Chart.AppVersion }} - {{ end }} - {{- if .Values.kubecostFrontend.tls }} - {{- if .Values.kubecostFrontend.tls.enabled }} - command: ["nginx", "-g", "daemon off;"] - ports: - - containerPort: 443 - {{- end }} - {{- end }} - env: - - name: GET_HOSTS_FROM - value: dns - name: cost-analyzer-frontend - volumeMounts: - - name: nginx-conf - mountPath: /etc/nginx/conf.d/ - {{- if .Values.kubecostFrontend.tls }} - {{- if .Values.kubecostFrontend.tls.enabled }} - - name: tls - mountPath: /etc/ssl/certs - {{- end }} - {{- end }} - resources: -{{ toYaml .Values.kubecostFrontend.resources | indent 12 }} - {{- if .Values.kubecostFrontend.imagePullPolicy }} - imagePullPolicy: {{ .Values.kubecostFrontend.imagePullPolicy }} - {{- else }} - imagePullPolicy: Always - {{- end }} - readinessProbe: - httpGet: - path: /healthz - port: 9003 - initialDelaySeconds: 30 - periodSeconds: 10 - failureThreshold: 200 - {{- if .Values.kubecost }} - {{- if .Values.imageVersion}} - - image: {{ .Values.kubecost.image }}:{{ .Values.imageVersion }} - {{- else }} - - image: {{ .Values.kubecost.image }}:prod-{{ $.Chart.AppVersion }} - {{ end }} - {{- else }} - - image: gcr.io/kubecost1/server:prod-{{ $.Chart.AppVersion }} - {{ end }} - resources: -{{ toYaml .Values.kubecost.resources | indent 12 }} - name: cost-analyzer-server - readinessProbe: - httpGet: - path: /healthz - port: 9003 - initialDelaySeconds: 30 - periodSeconds: 10 - failureThreshold: 200 - volumeMounts: - - name: persistent-configs - mountPath: /var/configs - env: - - name: PROMETHEUS_SERVER_ENDPOINT - valueFrom: - configMapKeyRef: - name: {{ template "cost-analyzer.fullname" . }} - key: prometheus-server-endpoint - {{- if .Values.reporting }} - {{- if .Values.reporting.valuesReporting }} - - name: HELM_VALUES - value: {{ template "cost-analyzer.filterEnabled" .Values }} - {{- end }} - {{- end }} - {{- if .Values.global.prometheus.insecureSkipVerify }} - - name: INSECURE_SKIP_VERIFY - value: {{ (quote .Values.global.prometheus.insecureSkipVerify) }} - {{- end }} - {{- /* - If queryService is set, the cost-analyzer will always pass THANOS_ENABLED as true - to ensure that the custom query service target is used. The global.thanos.enabled - flag does not have any affect on this behavior. - */}} - {{- if .Values.global.thanos.queryService }} - - name: THANOS_ENABLED - value: "true" - - name: THANOS_QUERY_URL - value: {{ .Values.global.thanos.queryService }} - - name: THANOS_QUERY_OFFSET - value: {{ .Values.global.thanos.queryOffset | default "3h" }} - - name: THANOS_MAX_SOURCE_RESOLUTION - value: {{ .Values.kubecostModel.maxSourceResolution | default "raw" }} - {{- else if and .Values.global.thanos.enabled .Values.thanos }} - {{- if .Values.thanos.query }} - {{- if .Values.thanos.query.enabled }} - - name: THANOS_ENABLED - value: "true" - - name: THANOS_QUERY_URL - value: http://{{ .Release.Name }}-thanos-query-frontend-http.{{ .Release.Namespace }}:{{ .Values.thanos.queryFrontend.http.port }} - - name: THANOS_QUERY_OFFSET - value: {{ .Values.global.thanos.queryOffset | default "3h" }} - - name: THANOS_MAX_SOURCE_RESOLUTION - value: {{ .Values.kubecostModel.maxSourceResolution | default "raw" }} - {{- end }} - {{- end }} - {{- end }} - {{- if .Values.global.thanos.queryServiceBasicAuthSecretName}} - - name: MC_BASIC_AUTH_USERNAME - valueFrom: - secretKeyRef: - name: {{ .Values.global.thanos.queryServiceBasicAuthSecretName }} - key: USERNAME - - name: MC_BASIC_AUTH_PW - valueFrom: - secretKeyRef: - name: {{ .Values.global.thanos.queryServiceBasicAuthSecretName }} - key: PASSWORD - {{- end }} - {{- if .Values.global.prometheus.queryServiceBasicAuthSecretName}} - - name: DB_BASIC_AUTH_USERNAME - valueFrom: - secretKeyRef: - name: {{ .Values.global.prometheus.queryServiceBasicAuthSecretName }} - key: USERNAME - - name: DB_BASIC_AUTH_PW - valueFrom: - secretKeyRef: - name: {{ .Values.global.prometheus.queryServiceBasicAuthSecretName }} - key: PASSWORD - {{- end }} - {{- if .Values.global.prometheus.queryServiceBearerTokenSecretName }} - - name: DB_BEARER_TOKEN - valueFrom: - secretKeyRef: - name: {{ .Values.global.prometheus.queryServiceBearerTokenSecretName }} - key: TOKEN - {{- end }} - {{- if .Values.global.thanos.queryServiceBearerTokenSecretName }} - - name: MC_BEARER_TOKEN - valueFrom: - secretKeyRef: - name: {{ .Values.global.thanos.queryServiceBearerTokenSecretName }} - key: TOKEN - {{- end }} - - name: KUBECOST_NAMESPACE - value: {{ .Release.Namespace }} - - name: GOOGLE_APPLICATION_CREDENTIALS - value: /var/configs/key.json - - name: KUBECOST_TOKEN - valueFrom: - configMapKeyRef: - name: {{ template "cost-analyzer.fullname" . }} - key: kubecost-token - {{- if eq .Values.global.grafana.proxy false }} - - name: GRAFANA_URL - valueFrom: - configMapKeyRef: - name: external-grafana-config-map - key: grafanaURL - {{- end }} - {{- if .Values.imagePullSecrets }} - imagePullSecrets: - {{ toYaml .Values.imagePullSecrets | indent 2 }} - {{- end }} - {{- if .Values.priority }} - {{- if .Values.priority.enabled }} - priorityClassName: {{ template "cost-analyzer.fullname" . }}-priority - {{- end }} - {{- end }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-frontend-config-map-template.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-frontend-config-map-template.yaml deleted file mode 100755 index 429ed1f90..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-frontend-config-map-template.yaml +++ /dev/null @@ -1,174 +0,0 @@ -{{- $serviceName := include "cost-analyzer.serviceName" . -}} -{{- $nginxPort := .Values.service.targetPort | default 9090 -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: nginx-conf - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} -data: - nginx.conf: | - gzip_static on; - - # Enable gzip encoding for content of the provided types of 50kb and higher. - gzip on; - gzip_min_length 50000; - gzip_proxied expired no-cache no-store private auth; - gzip_types - text/plain - text/css - text/xml - text/javascript - application/x-javascript - application/xml - application/json; - - upstream api { - server {{ $serviceName }}.{{ .Release.Namespace }}:9001; - } - - upstream model { - server {{ $serviceName }}.{{ .Release.Namespace }}:9003; - } - -{{- if .Values.clusterController }} -{{- if .Values.clusterController.enabled }} - upstream clustercontroller { - server {{ template "kubecost.clusterControllerName" . }}-service.{{ .Release.Namespace }}:9731; - } -{{- end }} -{{- end }} - -{{- if .Values.global.grafana.proxy }} - upstream grafana { -{{- if .Values.global.grafana.enabled }} - server {{ .Release.Name }}-grafana.{{ .Release.Namespace }}; -{{ else }} - server {{.Values.global.grafana.domainName}}; -{{ end }} - } -{{ end }} - - server { - server_name _; - root /var/www; - index index.html; - add_header Cache-Control "max-age=300"; - add_header Cache-Control "must-revalidate"; -{{- if .Values.imageVersion }} - add_header ETag "{{ $.Values.imageVersion }}"; -{{- else }} - add_header ETag "{{ $.Chart.Version }}"; -{{- end }} -{{- if .Values.kubecostFrontend.tls }} -{{- if .Values.kubecostFrontend.tls.enabled }} - ssl_certificate /etc/ssl/certs/kc.crt; - ssl_certificate_key /etc/ssl/certs/kc.key; - listen 443 ssl; -{{- else }} - listen {{ $nginxPort }}; -{{- end }} -{{- else }} - listen {{ $nginxPort }}; -{{- end }} - location /api/ { - {{- if .Values.saml.enabled }} - auth_request /auth; - {{- end }} - proxy_pass http://api/; - proxy_redirect off; - proxy_http_version 1.1; - proxy_set_header Connection ""; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } - location /model/ { - proxy_connect_timeout 180; - proxy_send_timeout 180; - proxy_read_timeout 180; - proxy_pass http://model/; - proxy_redirect off; - proxy_http_version 1.1; - proxy_set_header Connection ""; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } - - location ~ ^/(turndown|cluster)/ { - - add_header 'Access-Control-Allow-Origin' '*' always; -{{- if .Values.clusterController }} -{{- if .Values.clusterController.enabled }} - {{- if .Values.saml }} - {{- if .Values.saml.enabled }} - auth_request /auth; - {{- else if .Values.saml.rbac.enabled}} - auth_request /authrbac; - {{- end }} - {{- end }} - - rewrite ^/(?:turndown|cluster)/(.*)$ /$1 break; - proxy_pass http://clustercontroller; - proxy_connect_timeout 180; - proxy_send_timeout 180; - proxy_read_timeout 180; - proxy_redirect off; - proxy_http_version 1.1; - proxy_set_header Connection ""; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - -{{- else }} - return 404; -{{- end }} -{{- else }} - return 404; -{{- end }} - } - location /saml/ { - proxy_connect_timeout 180; - proxy_send_timeout 180; - proxy_read_timeout 180; - proxy_pass http://model/saml/; - proxy_redirect off; - proxy_http_version 1.1; - proxy_set_header Connection ""; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } - location /login { - proxy_connect_timeout 180; - proxy_send_timeout 180; - proxy_read_timeout 180; - proxy_pass http://model/login; - proxy_redirect off; - proxy_http_version 1.1; - proxy_set_header Connection ""; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } - - {{- if .Values.global.grafana.proxy }} - location /grafana/ { - {{- if .Values.saml.enabled }} - auth_request /auth; - {{- end }} - proxy_pass http://grafana/; - proxy_redirect off; - proxy_http_version 1.1; - proxy_set_header Connection ""; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } - {{ end }} - {{- if .Values.saml.enabled }} - location /auth { - proxy_pass http://model/isAuthenticated; - } - {{- end }} - {{- if .Values.saml.rbac.enabled }} - location /authrbac { - proxy_pass http://model/isAdminAuthenticated; - } - {{- end }} - } diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-ingress-template.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-ingress-template.yaml deleted file mode 100755 index 1b6e8776a..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-ingress-template.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if .Values.ingress -}} -{{- if .Values.ingress.enabled -}} -{{- $fullName := include "cost-analyzer.fullname" . -}} -{{- $serviceName := include "cost-analyzer.serviceName" . -}} -{{- $ingressPaths := .Values.ingress.paths -}} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: {{ $fullName }} - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} - {{- with .Values.ingress.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: -{{- if .Values.ingress.tls }} - tls: - {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} -{{- end }} - rules: - {{- range .Values.ingress.hosts }} - - host: {{ . | quote }} - http: - paths: - {{- range $ingressPaths }} - - path: {{ . }} - backend: - serviceName: {{ $serviceName }} - servicePort: frontend - {{- end }} - {{- end }} -{{- end }} -{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-network-costs-config-map-template.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-network-costs-config-map-template.yaml deleted file mode 100755 index 37276f297..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-network-costs-config-map-template.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if .Values.networkCosts -}} -{{- if .Values.networkCosts.enabled -}} -{{- if .Values.networkCosts.config -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: network-costs-config - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} -data: - config.yaml: | -{{- toYaml .Values.networkCosts.config | nindent 4 }} -{{- end -}} -{{- end -}} -{{- end -}} \ No newline at end of file diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-network-costs-podmonitor-template.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-network-costs-podmonitor-template.yaml deleted file mode 100755 index d45567616..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-network-costs-podmonitor-template.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{- if .Values.networkCosts }} -{{- if .Values.networkCosts.enabled }} -{{- if .Values.networkCosts.podMonitor }} -{{- if .Values.networkCosts.podMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: PodMonitor -metadata: - name: {{ include "cost-analyzer.networkCostsName" . }} - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} - {{- if .Values.networkCosts.podMonitor.additionalLabels }} - {{ toYaml .Values.networkCosts.podMonitor.additionalLabels | nindent 4 }} - {{- end }} -spec: - podMetricsEndpoints: - - port: http-server - honorLabels: true - interval: 1m - scrapeTimeout: 10s - path: /metrics - scheme: http - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} - selector: - matchLabels: - app: {{ template "cost-analyzer.networkCostsName" . }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-network-costs-template.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-network-costs-template.yaml deleted file mode 100755 index e87d8d44b..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-network-costs-template.yaml +++ /dev/null @@ -1,93 +0,0 @@ -{{- if .Values.networkCosts -}} -{{- if .Values.networkCosts.enabled -}} -apiVersion: {{ include "cost-analyzer.daemonset.apiVersion" . }} -kind: DaemonSet -metadata: - name: {{ template "cost-analyzer.networkCostsName" . }} - labels: - {{- include "cost-analyzer.commonLabels" . | nindent 4 }} -spec: - updateStrategy: - type: RollingUpdate - selector: - matchLabels: - app: {{ template "cost-analyzer.networkCostsName" . }} - template: - metadata: - labels: - app: {{ template "cost-analyzer.networkCostsName" . }} - spec: - hostNetwork: true - serviceAccountName: {{ template "cost-analyzer.serviceAccountName" . }} - containers: - - name: {{ template "cost-analyzer.networkCostsName" . }} - image: {{ .Values.networkCosts.image }} -{{- if .Values.networkCosts.imagePullPolicy }} - imagePullPolicy: {{ .Values.networkCosts.imagePullPolicy }} -{{- else }} - imagePullPolicy: Always -{{- end }} -{{- if .Values.networkCosts.resources }} - resources: -{{ toYaml .Values.networkCosts.resources | indent 10 }} -{{- end }} - env: - {{- if .Values.networkCosts.hostProc }} - - name: HOST_PROC - value: {{ .Values.networkCosts.hostProc.mountPath }} - {{- end }} - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST_PORT - value: {{ (quote .Values.networkCosts.port) | default (quote 3001) }} - - name: TRAFFIC_LOGGING_ENABLED - value: {{ (quote .Values.networkCosts.trafficLogging) | default (quote true) }} - volumeMounts: - {{- if .Values.networkCosts.hostProc }} - - mountPath: {{ .Values.networkCosts.hostProc.mountPath }} - name: host-proc - {{- else }} - - mountPath: /net - name: nf-conntrack - - mountPath: /netfilter - name: netfilter - {{- end }} - {{- if .Values.networkCosts.config }} - - mountPath: /network-costs/config - name: network-costs-config - {{- end }} - securityContext: - privileged: true - ports: - - name: http-server - containerPort: {{ .Values.networkCosts.port | default 3001 }} - hostPort: {{ .Values.networkCosts.port | default 3001 }} -{{- if .Values.networkCosts.priorityClassName }} - priorityClassName: "{{ .Values.networkCosts.priorityClassName }}" -{{- end }} -{{- if .Values.networkCosts.tolerations }} - tolerations: -{{ toYaml .Values.networkCosts.tolerations | indent 8 }} - {{- end }} - volumes: - {{- if .Values.networkCosts.config }} - - name: network-costs-config - configMap: - name: network-costs-config - {{- end }} - {{- if .Values.networkCosts.hostProc }} - - name: host-proc - hostPath: - path: {{ default "/proc" .Values.networkCosts.hostProc.hostPath }} - {{- else }} - - name: nf-conntrack - hostPath: - path: /proc/net - - name: netfilter - hostPath: - path: /proc/sys/net/netfilter - {{- end }} -{{- end }} -{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-network-policy.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-network-policy.yaml deleted file mode 100755 index 872951bd1..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-network-policy.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.networkPolicy -}} -{{- if .Values.networkPolicy.enabled -}} -apiVersion: {{ include "cost-analyzer.networkPolicy.apiVersion" . }} -kind: NetworkPolicy -metadata: - name: deny-egress - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} -spec: - podSelector: - matchLabels: - {{ include "cost-analyzer.selectorLabels" . | nindent 6 }} - policyTypes: - - Egress - egress: - - to: - - namespaceSelector: {} -{{- end -}} -{{- end -}} diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-pkey-configmap.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-pkey-configmap.yaml deleted file mode 100755 index 5ce22f52b..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-pkey-configmap.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.kubecostProductConfigs }} -{{- if .Values.kubecostProductConfigs.productKey }} -{{- if .Values.kubecostProductConfigs.productKey.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: product-configs - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} -data: - {{- if .Values.kubecostProductConfigs.productKey.key }} - key: {{ .Values.kubecostProductConfigs.productKey.key | quote }} - {{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} \ No newline at end of file diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-postgres-deployment.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-postgres-deployment.yaml deleted file mode 100755 index 08f82a5ac..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-postgres-deployment.yaml +++ /dev/null @@ -1,49 +0,0 @@ -{{- if .Values.remoteWrite -}} -{{- if .Values.remoteWrite.postgres -}} -{{- if .Values.remoteWrite.postgres.enabled -}} -{{- if .Values.remoteWrite.postgres.installLocal -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "cost-analyzer.fullname" . }}-postgres - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} -spec: - selector: - matchLabels: - app: postgres - strategy: - rollingUpdate: - maxSurge: 1 - maxUnavailable: 1 - type: RollingUpdate - template: - metadata: - labels: - app: postgres - spec: - containers: - - image: timescale/pg_prometheus:latest-pg11 - name: pgprometheus - ports: - - containerPort: 5432 - args: - - -csynchronous_commit=off - - -S 1GB - env: - - name: POSTGRES_PASSWORD - value: {{ .Values.remoteWrite.postgres.auth.password }} - - name: POSTGRES_USER - value: postgres - volumeMounts: - - mountPath: /var/lib/postgresql/data - name: postgres-pv-volume - subPath: postgres - volumes: - - name: postgres-pv-volume - persistentVolumeClaim: - claimName: postgres-pv-claim -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-postgres-pv.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-postgres-pv.yaml deleted file mode 100755 index 0a67fa928..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-postgres-pv.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if .Values.remoteWrite -}} -{{- if .Values.remoteWrite.postgres -}} -{{- if .Values.remoteWrite.postgres.enabled -}} -{{- if .Values.remoteWrite.postgres.installLocal -}} -kind: PersistentVolume -apiVersion: v1 -metadata: - name: postgres-pv-volume - labels: - type: local - app: postgres -spec: - capacity: - storage: {{ .Values.remoteWrite.postgres.persistentVolume.size }} - accessModes: - - ReadWriteOnce - hostPath: - path: "/mnt/data" -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-postgres-pvc.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-postgres-pvc.yaml deleted file mode 100755 index 8c5deb444..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-postgres-pvc.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.remoteWrite -}} -{{- if .Values.remoteWrite.postgres -}} -{{- if .Values.remoteWrite.postgres.enabled -}} -{{- if .Values.remoteWrite.postgres.installLocal -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: postgres-pv-claim - labels: - app: postgres -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: {{ .Values.remoteWrite.postgres.persistentVolume.size }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-postgres-service.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-postgres-service.yaml deleted file mode 100755 index 5488c58b1..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-postgres-service.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if .Values.remoteWrite -}} -{{- if .Values.remoteWrite.postgres -}} -{{- if .Values.remoteWrite.postgres.enabled -}} -{{- if .Values.remoteWrite.postgres.installLocal -}} -kind: Service -apiVersion: v1 -metadata: - name: pgprometheus - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} -spec: - selector: - app: postgres - type: ClusterIP - ports: - - name: server - port: 5432 - targetPort: 5432 -{{- end }} -{{- end }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-pricing-configmap.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-pricing-configmap.yaml deleted file mode 100755 index 7163cec98..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-pricing-configmap.yaml +++ /dev/null @@ -1,121 +0,0 @@ -{{- if .Values.kubecostProductConfigs }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: pricing-configs - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} -data: - {{- if .Values.kubecostProductConfigs.defaultModelPricing }} - {{- if .Values.kubecostProductConfigs.defaultModelPricing.enabled }} - {{- if .Values.kubecostProductConfigs.customPricesEnabled }} - customPricesEnabled: "{{ .Values.kubecostProductConfigs.customPricesEnabled }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.defaultModelPricing.CPU }} - CPU: "{{ .Values.kubecostProductConfigs.defaultModelPricing.CPU | toString }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.defaultModelPricing.spotCPU }} - spotCPU: "{{ .Values.kubecostProductConfigs.defaultModelPricing.spotCPU | toString }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.defaultModelPricing.RAM }} - RAM: "{{ .Values.kubecostProductConfigs.defaultModelPricing.RAM | toString }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.defaultModelPricing.spotRAM }} - spotRAM: "{{ .Values.kubecostProductConfigs.defaultModelPricing.spotRAM | toString }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.defaultModelPricing.GPU }} - GPU: "{{ .Values.kubecostProductConfigs.defaultModelPricing.GPU | toString }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.defaultModelPricing.spotGPU }} - spotGPU: "{{ .Values.kubecostProductConfigs.defaultModelPricing.spotGPU | toString }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.defaultModelPricing.storage }} - storage: "{{ .Values.kubecostProductConfigs.defaultModelPricing.storage | toString }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.defaultModelPricing.zoneNetworkEgress }} - zoneNetworkEgress: "{{ .Values.kubecostProductConfigs.defaultModelPricing.zoneNetworkEgress | toString }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.defaultModelPricing.regionNetworkEgress }} - regionNetworkEgress: "{{ .Values.kubecostProductConfigs.defaultModelPricing.regionNetworkEgress | toString }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.defaultModelPricing.internetNetworkEgress }} - internetNetworkEgress: "{{ .Values.kubecostProductConfigs.defaultModelPricing.internetNetworkEgress | toString }}" - {{- end -}} - {{- end -}} - {{- end -}} - {{- if .Values.kubecostProductConfigs.clusterName }} - clusterName: "{{ .Values.kubecostProductConfigs.clusterName }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.currencyCode }} - currencyCode: "{{ .Values.kubecostProductConfigs.currencyCode }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.azureBillingRegion }} - azureBillingRegion: "{{ .Values.kubecostProductConfigs.azureBillingRegion }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.azureSubscriptionID }} - azureSubscriptionID: "{{ .Values.kubecostProductConfigs.azureSubscriptionID }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.azureClientID }} - azureClientID: "{{ .Values.kubecostProductConfigs.azureClientID }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.azureTenantID }} - azureTenantID: "{{ .Values.kubecostProductConfigs.azureTenantID }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.discount }} - discount: "{{ .Values.kubecostProductConfigs.discount }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.negotiatedDiscount }} - negotiatedDiscount: "{{ .Values.kubecostProductConfigs.negotiatedDiscount }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.defaultIdle }} - defaultIdle: "{{ .Values.kubecostProductConfigs.defaultIdle }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.sharedNamespaces }} - sharedNamespaces: "{{ .Values.kubecostProductConfigs.sharedNamespaces }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.spotLabel }} - spotLabel: "{{ .Values.kubecostProductConfigs.spotLabel }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.spotLabelValue }} - spotLabelValue: "{{ .Values.kubecostProductConfigs.spotLabelValue }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.awsSpotDataRegion }} - spotDataRegion: "{{ .Values.kubecostProductConfigs.awsSpotDataRegion }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.awsSpotDataBucket }} - spotDataBucket: "{{ .Values.kubecostProductConfigs.awsSpotDataBucket }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.awsSpotDataPrefix }} - spotDataPrefix: "{{ .Values.kubecostProductConfigs.awsSpotDataPrefix }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.projectID }} - projectID: "{{ .Values.kubecostProductConfigs.projectID }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.bigQueryBillingDataDataset }} - billingDataDataset: "{{ .Values.kubecostProductConfigs.bigQueryBillingDataDataset }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.athenaProjectID }} - athenaProjectID: "{{ .Values.kubecostProductConfigs.athenaProjectID }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.athenaBucketName }} - athenaBucketName: "{{ .Values.kubecostProductConfigs.athenaBucketName }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.athenaRegion }} - athenaRegion: "{{ .Values.kubecostProductConfigs.athenaRegion }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.athenaDatabase }} - athenaDatabase: "{{ .Values.kubecostProductConfigs.athenaDatabase }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.athenaTable }} - athenaTable: "{{ .Values.kubecostProductConfigs.athenaTable }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.masterPayerARN}} - masterPayerARN: "{{ .Values.kubecostProductConfigs.masterPayerARN }}" - {{- end }} - {{- if .Values.kubecostProductConfigs.gpuLabel }} - gpuLabel: "{{ .Values.kubecostProductConfigs.gpuLabel }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.gpuLabelValue }} - gpuLabelValue: "{{ .Values.kubecostProductConfigs.gpuLabelValue }}" - {{- end -}} -{{- end -}} diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-prometheus-postgres-adapter-deployment.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-prometheus-postgres-adapter-deployment.yaml deleted file mode 100755 index c2b282772..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-prometheus-postgres-adapter-deployment.yaml +++ /dev/null @@ -1,53 +0,0 @@ -{{- if .Values.remoteWrite -}} -{{- if .Values.remoteWrite.postgres -}} -{{- if .Values.remoteWrite.postgres.enabled -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "cost-analyzer.fullname" . }}-adapter - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} -spec: - selector: - matchLabels: - app: adapter - strategy: - rollingUpdate: - maxSurge: 1 - maxUnavailable: 1 - type: RollingUpdate - template: - metadata: - labels: - app: adapter - spec: - initContainers: - - name: kubecost-sql-init - image: {{ .Values.remoteWrite.postgres.initImage }}:prod-{{ $.Chart.AppVersion }} - {{- if .Values.remoteWrite.postgres.initImagePullPolicy }} - imagePullPolicy: {{ .Values.remoteWrite.postgres.initImagePullPolicy }} - {{- else }} - imagePullPolicy: Always - {{- end }} - env: - - name: PROMETHEUS_SERVER_ENDPOINT - valueFrom: - configMapKeyRef: - name: {{ template "cost-analyzer.fullname" . }} - key: prometheus-server-endpoint - containers: - - image: timescale/prometheus-postgresql-adapter:latest - name: pgprometheusadapter - ports: - - containerPort: 9201 - args: - {{- if .Values.remoteWrite.postgres.installLocal }} - - "-pg-host=pgprometheus" - {{- else }} - - "-pg-host={{ .Values.remoteWrite.postgres.remotePostgresAddress }}" - {{- end }} - - "-pg-prometheus-log-samples=true" - - "-pg-password={{ .Values.remoteWrite.postgres.auth.password }}" -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-prometheus-postgres-adapter-service.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-prometheus-postgres-adapter-service.yaml deleted file mode 100755 index d36479439..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-prometheus-postgres-adapter-service.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.remoteWrite -}} -{{- if .Values.remoteWrite.postgres -}} -{{- if .Values.remoteWrite.postgres.enabled -}} -kind: Service -apiVersion: v1 -metadata: - name: pgprometheus-adapter - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} -spec: - selector: - app: adapter - type: ClusterIP - ports: - - name: server - port: 9201 - targetPort: 9201 -{{- end }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-prometheusrule-template.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-prometheusrule-template.yaml deleted file mode 100755 index 61380b424..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-prometheusrule-template.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.prometheus }} -{{- if .Values.prometheus.serverFiles }} -{{- if .Values.prometheus.serverFiles.rules }} -{{- if .Values.prometheusRule }} -{{- if .Values.prometheusRule.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ include "cost-analyzer.fullname" . }} - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} - {{- if .Values.prometheusRule.additionalLabels }} - {{ toYaml .Values.prometheusRule.additionalLabels | nindent 4 }} - {{- end }} -spec: - {{ toYaml .Values.prometheus.serverFiles.rules | nindent 2 }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-psp-role.template.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-psp-role.template.yaml deleted file mode 100755 index f326b1f1c..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-psp-role.template.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.podSecurityPolicy }} -{{- if .Values.podSecurityPolicy.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: kubecost-cost-analyzer-psp - annotations: -{{- if .Values.podSecurityPolicy.annotations }} -{{ toYaml .Values.podSecurityPolicy.annotations | indent 4 }} -{{- end }} -rules: -- apiGroups: ['extensions'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - kubecost-cost-analyzer-psp -{{- end }} -{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-psp-rolebinding.template.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-psp-rolebinding.template.yaml deleted file mode 100755 index 8e1d925c5..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-psp-rolebinding.template.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.podSecurityPolicy }} -{{- if .Values.podSecurityPolicy.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: kubecost-cost-analyzer-psp -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: kubecost-cost-analyzer-psp -subjects: -- kind: ServiceAccount - name: {{ template "cost-analyzer.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} -{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-psp.template.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-psp.template.yaml deleted file mode 100755 index 885ab9ca9..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-psp.template.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.podSecurityPolicy }} -{{- if .Values.podSecurityPolicy.enabled }} -apiVersion: {{ include "cost-analyzer.podSecurityPolicy.apiVersion" . }} -kind: PodSecurityPolicy -metadata: - name: kubecost-cost-analyzer-psp -spec: - privileged: true - seLinux: - rule: RunAsAny - supplementalGroups: - rule: RunAsAny - runAsUser: - rule: RunAsAny - fsGroup: - rule: RunAsAny - volumes: - - '*' -{{- end }} -{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-pvc-template.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-pvc-template.yaml deleted file mode 100755 index d3e257668..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-pvc-template.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if .Values.persistentVolume -}} -{{- if not .Values.persistentVolume.existingClaim -}} -{{- if .Values.persistentVolume.enabled -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ template "cost-analyzer.fullname" . }} - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} -spec: - accessModes: - - ReadWriteOnce - {{- if .Values.persistentVolume.storageClass }} - storageClassName: {{ .Values.persistentVolume.storageClass }} - {{ end }} - resources: - requests: - {{- if .Values.persistentVolume }} - storage: {{ .Values.persistentVolume.size }} - {{- else }} - storage: 0.2Gi - {{ end }} -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-saml-config-map-template.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-saml-config-map-template.yaml deleted file mode 100755 index 71ac8659c..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-saml-config-map-template.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if .Values.saml }} -{{- if .Values.saml.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "cost-analyzer.fullname" . }}-saml - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} -data: -{{- $root := . }} - saml.json: '{{ toJson .Values.saml }}' -{{- end -}} -{{- end -}} \ No newline at end of file diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-server-configmap.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-server-configmap.yaml deleted file mode 100755 index edf5ca6fa..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-server-configmap.yaml +++ /dev/null @@ -1,69 +0,0 @@ -{{- if .Values.kubecostProductConfigs }} -{{- if or .Values.kubecostProductConfigs.grafanaURL .Values.kubecostProductConfigs.labelMappingConfigs }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: app-configs - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} -data: -{{- if .Values.kubecostProductConfigs.labelMappingConfigs }} -{{- if .Values.kubecostProductConfigs.labelMappingConfigs.enabled }} - {{- if .Values.kubecostProductConfigs.labelMappingConfigs.owner_label }} - owner_label: "{{ .Values.kubecostProductConfigs.labelMappingConfigs.owner_label }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.labelMappingConfigs.team_label }} - team_label: "{{ .Values.kubecostProductConfigs.labelMappingConfigs.team_label }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.labelMappingConfigs.department_label }} - department_label: "{{ .Values.kubecostProductConfigs.labelMappingConfigs.department_label }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.labelMappingConfigs.product_label }} - product_label: "{{ .Values.kubecostProductConfigs.labelMappingConfigs.product_label }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.labelMappingConfigs.environment_label }} - environment_label: "{{ .Values.kubecostProductConfigs.labelMappingConfigs.environment_label }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.labelMappingConfigs.namespace_external_label }} - namespace_external_label: "{{ .Values.kubecostProductConfigs.labelMappingConfigs.namespace_external_label }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.labelMappingConfigs.cluster_external_label }} - cluster_external_label: "{{ .Values.kubecostProductConfigs.labelMappingConfigs.cluster_external_label }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.labelMappingConfigs.controller_external_label }} - controller_external_label: "{{ .Values.kubecostProductConfigs.labelMappingConfigs.controller_external_label }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.labelMappingConfigs.product_external_label }} - product_external_label: "{{ .Values.kubecostProductConfigs.labelMappingConfigs.product_external_label }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.labelMappingConfigs.service_external_label }} - service_external_label: "{{ .Values.kubecostProductConfigs.labelMappingConfigs.service_external_label }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.labelMappingConfigs.deployment_external_label }} - deployment_external_label: "{{ .Values.kubecostProductConfigs.labelMappingConfigs.deployment_external_label }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.labelMappingConfigs.team_external_label }} - team_external_label: "{{ .Values.kubecostProductConfigs.labelMappingConfigs.team_external_label }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.labelMappingConfigs.environment_external_label }} - environment_external_label: "{{ .Values.kubecostProductConfigs.labelMappingConfigs.environment_external_label }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.labelMappingConfigs.department_external_label }} - department_external_label: "{{ .Values.kubecostProductConfigs.labelMappingConfigs.department_external_label }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.labelMappingConfigs.statefulset_external_label }} - statefulset_external_label: "{{ .Values.kubecostProductConfigs.labelMappingConfigs.statefulset_external_label }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.labelMappingConfigs.daemonset_external_label }} - daemonset_external_label: "{{ .Values.kubecostProductConfigs.labelMappingConfigs.daemonset_external_label }}" - {{- end -}} - {{- if .Values.kubecostProductConfigs.labelMappingConfigs.pod_external_label }} - pod_external_label: "{{ .Values.kubecostProductConfigs.labelMappingConfigs.pod_external_label }}" - {{- end -}} -{{- end -}} -{{- end -}} - {{- if .Values.kubecostProductConfigs.grafanaURL }} - grafanaURL: "{{ .Values.kubecostProductConfigs.grafanaURL }}" - {{- end -}} -{{- end -}} -{{- end -}} diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-service-account-template.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-service-account-template.yaml deleted file mode 100755 index d5e3be3b9..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-service-account-template.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if .Values.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "cost-analyzer.serviceAccountName" . }} - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} -{{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} -{{- end }} -{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-service-template.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-service-template.yaml deleted file mode 100755 index dd48bb3f8..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-service-template.yaml +++ /dev/null @@ -1,69 +0,0 @@ -{{- $nginxPort := .Values.service.targetPort | default 9090 -}} -{{- $servicePort := .Values.service.port | default 9090 -}} -kind: Service -apiVersion: v1 -metadata: - name: {{ template "cost-analyzer.serviceName" . }} - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} -{{- if .Values.service.labels }} -{{ toYaml .Values.service.labels | indent 4 }} -{{- end }} -{{- if .Values.service.annotations }} - annotations: -{{ toYaml .Values.service.annotations | indent 4 }} -{{- end }} -spec: - selector: - {{ include "cost-analyzer.selectorLabels" . | nindent 4 }} -{{- if .Values.service -}} -{{- if .Values.service.type }} - type: "{{ .Values.service.type }}" -{{- else }} - type: ClusterIP -{{- end }} -{{- else }} - type: ClusterIP -{{- end }} - ports: - - name: server - port: 9001 - targetPort: 9001 - - name: model - port: 9003 - targetPort: 9003 - - name: frontend - {{- if .Values.kubecostFrontend.tls }} - {{- if .Values.kubecostFrontend.tls.enabled }} - port: 443 - targetPort: 443 - {{- if (eq .Values.service.type "NodePort") }} - {{- if .Values.service.nodePort }} - nodePort: {{ .Values.service.nodePort }} - {{- end }} - {{- end }} - {{- else }} - port: {{ $servicePort }} - targetPort: {{ $nginxPort }} - {{- if (eq .Values.service.type "NodePort") }} - {{- if .Values.service.nodePort }} - nodePort: {{ .Values.service.nodePort }} - {{- end }} - {{- end }} - {{- end}} - {{- else }} - port: {{ $servicePort }} - targetPort: {{ $nginxPort }} - {{- if (eq .Values.service.type "NodePort") }} - {{- if .Values.service.nodePort }} - nodePort: {{ .Values.service.nodePort }} - {{- end }} - {{- end }} - {{- end }} - {{- if .Values.saml }} - {{- if .Values.saml.enabled }} - - name: apiserver - port: 9004 - targetPort: 9004 - {{- end }} - {{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-servicemonitor-template.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-servicemonitor-template.yaml deleted file mode 100755 index 6f79d8cd4..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-servicemonitor-template.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{- if .Values.serviceMonitor }} -{{- if .Values.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "cost-analyzer.fullname" . }} - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} - {{- if .Values.serviceMonitor.additionalLabels }} - {{ toYaml .Values.serviceMonitor.additionalLabels | nindent 4 }} - {{- end }} -spec: - endpoints: - - port: model - honorLabels: true - interval: 1m - scrapeTimeout: 10s - path: /metrics - scheme: http - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} - selector: - matchLabels: - {{ include "cost-analyzer.selectorLabels" . | nindent 6 }} -{{- end }} -{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/external-grafana-config-map-template.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/external-grafana-config-map-template.yaml deleted file mode 100755 index 5e81ed359..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/templates/external-grafana-config-map-template.yaml +++ /dev/null @@ -1,10 +0,0 @@ -{{- if eq .Values.global.grafana.proxy false -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: external-grafana-config-map - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} -data: - grafanaURL: {{ .Values.global.grafana.scheme | default "http" }}://{{- .Values.global.grafana.domainName }} -{{- end -}} \ No newline at end of file diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/grafana-attached-disk-metrics-template.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/grafana-attached-disk-metrics-template.yaml deleted file mode 100755 index 6d896a34c..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/templates/grafana-attached-disk-metrics-template.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if .Values.grafana -}} -{{- if .Values.grafana.sidecar -}} -{{- if .Values.grafana.sidecar.dashboards -}} -{{- if .Values.grafana.sidecar.dashboards.enabled -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: attached-disk-metrics-dashboard - {{- if $.Values.grafana.namespace_dashboards }} - namespace: {{ $.Values.grafana.namespace_dashboards }} - {{- end }} - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: "1" - {{- else }} - grafana_dashboard: "1" - {{- end }} -data: - attached-disks.json: |- -{{ .Files.Get "attached-disks.json" | indent 8 }} -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/grafana-dashboard-cluster-metrics-template.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/grafana-dashboard-cluster-metrics-template.yaml deleted file mode 100755 index 91650c74b..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/templates/grafana-dashboard-cluster-metrics-template.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{- if .Values.grafana -}} -{{- if .Values.grafana.sidecar -}} -{{- if .Values.grafana.sidecar.dashboards -}} -{{- if .Values.grafana.sidecar.dashboards.enabled -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: cluster-metrics-dashboard - {{- if $.Values.grafana.namespace_dashboards }} - namespace: {{ $.Values.grafana.namespace_dashboards }} - {{- end }} - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: "1" - {{- else }} - grafana_dashboard: "1" - {{- end }} -data: - cluster-metrics.json: |- -{{ .Files.Get "cluster-metrics.json" | indent 8 }} -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} - - diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/grafana-dashboard-cluster-utilization-template.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/grafana-dashboard-cluster-utilization-template.yaml deleted file mode 100755 index 8fe764c3e..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/templates/grafana-dashboard-cluster-utilization-template.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if .Values.grafana -}} -{{- if .Values.grafana.sidecar -}} -{{- if .Values.grafana.sidecar.dashboards -}} -{{- if .Values.grafana.sidecar.dashboards.enabled -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: cluster-utilization-dashboard - {{- if $.Values.grafana.namespace_dashboards }} - namespace: {{ $.Values.grafana.namespace_dashboards }} - {{- end }} - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: "1" - {{- else }} - grafana_dashboard: "1" - {{- end }} -data: - cluster-utilization.json: |- -{{ .Files.Get "cluster-utilization.json" | indent 8 }} -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/grafana-dashboard-deployment-utilization-template.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/grafana-dashboard-deployment-utilization-template.yaml deleted file mode 100755 index d16c70bcd..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/templates/grafana-dashboard-deployment-utilization-template.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if .Values.grafana -}} -{{- if .Values.grafana.sidecar -}} -{{- if .Values.grafana.sidecar.dashboards -}} -{{- if .Values.grafana.sidecar.dashboards.enabled -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: deployment-utilization-dashboard - {{- if $.Values.grafana.namespace_dashboards }} - namespace: {{ $.Values.grafana.namespace_dashboards }} - {{- end }} - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: "1" - {{- else }} - grafana_dashboard: "1" - {{- end }} -data: - deployment-utilization.json: |- -{{ .Files.Get "deployment-utilization.json" | indent 8 }} -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/grafana-dashboard-label-cost-utilization-template.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/grafana-dashboard-label-cost-utilization-template.yaml deleted file mode 100755 index 2372514d4..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/templates/grafana-dashboard-label-cost-utilization-template.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if .Values.grafana -}} -{{- if .Values.grafana.sidecar -}} -{{- if .Values.grafana.sidecar.dashboards -}} -{{- if .Values.grafana.sidecar.dashboards.enabled -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: label-cost-dashboard - {{- if $.Values.grafana.namespace_dashboards }} - namespace: {{ $.Values.grafana.namespace_dashboards }} - {{- end }} - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: "1" - {{- else }} - grafana_dashboard: "1" - {{- end }} -data: - label-cost-utilization.json: |- -{{ .Files.Get "label-cost-utilization.json" | indent 8 }} -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/grafana-dashboard-namespace-utilization-template.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/grafana-dashboard-namespace-utilization-template.yaml deleted file mode 100755 index 17393dd16..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/templates/grafana-dashboard-namespace-utilization-template.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if .Values.grafana -}} -{{- if .Values.grafana.sidecar -}} -{{- if .Values.grafana.sidecar.dashboards -}} -{{- if .Values.grafana.sidecar.dashboards.enabled -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: namespace-utilization-dashboard - {{- if $.Values.grafana.namespace_dashboards }} - namespace: {{ $.Values.grafana.namespace_dashboards }} - {{- end }} - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: "1" - {{- else }} - grafana_dashboard: "1" - {{- end }} -data: - namespace-utilization.json: |- -{{ .Files.Get "namespace-utilization.json" | indent 8 }} -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/grafana-dashboard-node-utilization-template.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/grafana-dashboard-node-utilization-template.yaml deleted file mode 100755 index 586a3dfca..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/templates/grafana-dashboard-node-utilization-template.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if .Values.grafana -}} -{{- if .Values.grafana.sidecar -}} -{{- if .Values.grafana.sidecar.dashboards -}} -{{- if .Values.grafana.sidecar.dashboards.enabled -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: node-utilization-dashboard - {{- if $.Values.grafana.namespace_dashboards }} - namespace: {{ $.Values.grafana.namespace_dashboards }} - {{- end }} - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: "1" - {{- else }} - grafana_dashboard: "1" - {{- end }} -data: - node-utilization.json: |- -{{ .Files.Get "node-utilization.json" | indent 8 }} -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/grafana-dashboard-pod-utilization-template.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/grafana-dashboard-pod-utilization-template.yaml deleted file mode 100755 index 92017afb8..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/templates/grafana-dashboard-pod-utilization-template.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if .Values.grafana -}} -{{- if .Values.grafana.sidecar -}} -{{- if .Values.grafana.sidecar.dashboards -}} -{{- if .Values.grafana.sidecar.dashboards.enabled -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: pod-utilization-dashboard - {{- if $.Values.grafana.namespace_dashboards }} - namespace: {{ $.Values.grafana.namespace_dashboards }} - {{- end }} - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: "1" - {{- else }} - grafana_dashboard: "1" - {{- end }} -data: - pod-utilization.json: |- -{{ .Files.Get "pod-utilization.json" | indent 8 }} -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/grafana-dashboard-prometheus-metrics-template.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/grafana-dashboard-prometheus-metrics-template.yaml deleted file mode 100755 index 32e1fc707..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/templates/grafana-dashboard-prometheus-metrics-template.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if .Values.grafana -}} -{{- if .Values.grafana.sidecar -}} -{{- if .Values.grafana.sidecar.dashboards -}} -{{- if .Values.grafana.sidecar.dashboards.enabled -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: prom-benchmark-dashboard - {{- if $.Values.grafana.namespace_dashboards }} - namespace: {{ $.Values.grafana.namespace_dashboards }} - {{- end }} - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: "1" - {{- else }} - grafana_dashboard: "1" - {{- end }} -data: - pod-utilization.json: |- -{{ .Files.Get "prom-benchmark.json" | indent 8 }} -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/grafana-datasource-template.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/grafana-datasource-template.yaml deleted file mode 100755 index e79d2fa35..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/templates/grafana-datasource-template.yaml +++ /dev/null @@ -1,72 +0,0 @@ -{{- if .Values.grafana -}} -{{- if .Values.grafana.sidecar -}} -{{- if .Values.grafana.sidecar.datasources -}} -{{- if .Values.grafana.sidecar.datasources.enabled -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: grafana-datasource - {{- if $.Values.grafana.namespace_datasources }} - namespace: {{ $.Values.grafana.namespace_datasources }} - {{- end }} - labels: - {{ include "cost-analyzer.commonLabels" . | nindent 4 }} - {{- if $.Values.grafana.sidecar.datasources.label }} - {{ $.Values.grafana.sidecar.datasources.label }}: "1" - {{- else }} - {{- if .Values.global.grafana.enabled }} - kubecost_grafana_datasource: "1" - {{- else }} - grafana_datasource: "1" - {{- end }} - {{- end }} -data: - {{ default "datasource.yaml" .Values.grafana.sidecar.datasources.dataSourceFilename }}: |- - apiVersion: 1 - datasources: - - access: proxy -{{- if .Values.global.thanos }} -{{- if .Values.global.thanos.enabled }} - name: {{ default "Prometheus" .Values.grafana.sidecar.datasources.dataSourceName }} - isDefault: false -{{- else }} - name: "default-kubecost" -{{- if .Values.grafana.sidecar.datasources.defaultDatasourceEnabled }} - isDefault: true -{{- else }} - isDefault: false -{{- end }} -{{- end }} -{{- else }} - name: "default-kubecost" -{{- if .Values.grafana.sidecar.datasources.defaultDatasourceEnabled }} - isDefault: true -{{- else }} - isDefault: false -{{- end }} -{{- end }} - type: prometheus -{{- if .Values.global.prometheus.enabled }} - url: http://{{ template "cost-analyzer.prometheus.server.name" . }}.{{ .Release.Namespace }} -{{- else }} - url: {{ .Values.global.prometheus.fqdn }} -{{- end }} -{{- if .Values.global.thanos.enabled }} - - access: proxy - name: "default-kubecost" - type: prometheus -{{- if .Values.grafana.sidecar.datasources.defaultDatasourceEnabled }} - isDefault: true -{{- else }} - isDefault: false -{{- end }} -{{- if .Values.global.prometheus.enabled }} - url: http://{{ .Release.Name }}-thanos-query-http.{{ .Release.Namespace }}:{{ .Values.thanos.query.http.port }} -{{ else }} - url: {{ .Values.global.thanos.queryService }} -{{- end }} -{{- end }} -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/kubecost-cluster-controller-template.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/kubecost-cluster-controller-template.yaml deleted file mode 100755 index 1a947e696..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/templates/kubecost-cluster-controller-template.yaml +++ /dev/null @@ -1,282 +0,0 @@ -{{- if .Values.clusterController }} -{{- if .Values.clusterController.enabled }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "kubecost.clusterControllerName" . }} - labels: - app: {{ template "kubecost.clusterControllerName" . }} ---- -# -# NOTE: -# The following ClusterRole permissions are only created and assigned for the -# cluster controller feature. They will not be added to any clusters by default. -# -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "kubecost.clusterControllerName" . }} - labels: - app: {{ template "kubecost.clusterControllerName" . }} -rules: - - apiGroups: - - kubecost.k8s.io - resources: - - turndownschedules - - turndownschedules/status - verbs: - - get - - list - - watch - - create - - patch - - update - - delete - - apiGroups: - - "" - - events.k8s.io - resources: - - events - verbs: - - create - - patch - - update - - apiGroups: - - '' - resources: - - deployments - - nodes - - pods - - resourcequotas - - replicationcontrollers - - limitranges - - pods/eviction - verbs: - - get - - list - - watch - - create - - patch - - update - - delete - - apiGroups: - - '' - resources: - - configmaps - - namespaces - - persistentvolumeclaims - - persistentvolumes - - endpoints - - events - - services - verbs: - - get - - list - - watch - - apiGroups: - - extensions - resources: - - daemonsets - - deployments - - replicasets - verbs: - - get - - list - - watch - - create - - patch - - update - - delete - - apiGroups: - - apps - resources: - - statefulsets - - deployments - - daemonsets - - replicasets - verbs: - - get - - list - - watch - - create - - patch - - update - - delete - - apiGroups: - - batch - resources: - - cronjobs - - jobs - verbs: - - get - - list - - watch - - create - - patch - - update - - delete - - apiGroups: - - autoscaling - resources: - - horizontalpodautoscalers - verbs: - - get - - list - - watch - - apiGroups: - - policy - resources: - - poddisruptionbudgets - verbs: - - get - - list - - watch - - apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - get - - list - - watch - - apiGroups: - - events.k8s.io - resources: - - events - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "kubecost.clusterControllerName" . }} - labels: - app: {{ template "kubecost.clusterControllerName" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kubecost.clusterControllerName" . }} -subjects: - - kind: ServiceAccount - name: {{ template "kubecost.clusterControllerName" . }} - namespace: {{ .Release.Namespace }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "kubecost.clusterControllerName" . }} -spec: - strategy: - rollingUpdate: - maxSurge: 1 - maxUnavailable: 1 - type: RollingUpdate - selector: - matchLabels: - app: {{ template "kubecost.clusterControllerName" . }} - template: - metadata: - labels: - app: {{ template "kubecost.clusterControllerName" . }} - spec: - containers: - - name: {{ template "kubecost.clusterControllerName" . }} - image: {{ .Values.clusterController.image }} - imagePullPolicy: {{ .Values.clusterController.imagePullPolicy }} - volumeMounts: - - name: cluster-controller-keys - mountPath: /var/keys - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: TURNDOWN_NAMESPACE - value: {{ .Release.Namespace }} - - name: TURNDOWN_DEPLOYMENT - value: {{ template "kubecost.clusterControllerName" . }} - - name: GOOGLE_APPLICATION_CREDENTIALS - value: /var/keys/service-key.json - ports: - - name: http-server - containerPort: 9731 - hostPort: 9731 - serviceAccount: {{ template "kubecost.clusterControllerName" . }} - serviceAccountName: {{ template "kubecost.clusterControllerName" . }} - volumes: - - name: cluster-controller-keys - secret: - secretName: {{ .Values.clusterController.secretName | default "cluster-controller-service-key" }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ template "kubecost.clusterControllerName" . }}-service -spec: - type: ClusterIP - ports: - - name: http - protocol: TCP - port: 9731 - targetPort: 9731 - selector: - app: {{ template "kubecost.clusterControllerName" . }} ---- -# TurndownSchedule Custom Resource Definition for persistence -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: turndownschedules.kubecost.k8s.io -spec: - group: kubecost.k8s.io - version: v1alpha1 - names: - kind: TurndownSchedule - singular: turndownschedule - plural: turndownschedules - shortNames: - - td - - tds - scope: Cluster - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - type: object - properties: - start: - type: string - format: date-time - end: - type: string - format: date-time - repeat: - type: string - enum: [none, daily, weekly] - additionalPrinterColumns: - - name: State - type: string - description: The state of the turndownschedule - JSONPath: .status.state - - name: Next Turndown - type: string - description: The next turndown date-time - JSONPath: .status.nextScaleDownTime - - name: Next Turn Up - type: string - description: The next turn up date-time - JSONPath: .status.nextScaleUpTime -{{- end }} -{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/kubecost-cluster-manager-configmap-template.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/kubecost-cluster-manager-configmap-template.yaml deleted file mode 100755 index 907252f93..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/templates/kubecost-cluster-manager-configmap-template.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if .Values.kubecostProductConfigs }} -{{- if .Values.kubecostProductConfigs.clusters }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: kubecost-clusters - labels: - {{- include "cost-analyzer.commonLabels" . | nindent 4 }} -data: - default-clusters.yaml: | -{{- toYaml .Values.kubecostProductConfigs.clusters | nindent 4 }} -{{- end }} -{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/kubecost-priority-class-template.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/kubecost-priority-class-template.yaml deleted file mode 100755 index a098a766e..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/templates/kubecost-priority-class-template.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if .Values.priority }} -{{- if .Values.priority.enabled }} -apiVersion: {{ include "cost-analyzer.priorityClass.apiVersion" . }} -kind: PriorityClass -metadata: - name: {{ template "cost-analyzer.fullname" . }}-priority -value: {{ .Values.priority.value | default "1000000" }} -globalDefault: false -description: "Priority class for scheduling the cost-analyzer pod" -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/network-costs-psp.template.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/network-costs-psp.template.yaml deleted file mode 100755 index c6d1c5385..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/templates/network-costs-psp.template.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if .Values.networkCosts }} -{{- if .Values.networkCosts.enabled }} -{{- if .Values.networkCosts.podSecurityPolicy }} -{{- if .Values.networkCosts.podSecurityPolicy.enabled }} -apiVersion: {{ include "cost-analyzer.podSecurityPolicy.apiVersion" . }} -kind: PodSecurityPolicy -metadata: - name: kubecost-network-costs -spec: - privileged: true - seLinux: - rule: RunAsAny - supplementalGroups: - rule: RunAsAny - runAsUser: - rule: RunAsAny - fsGroup: - rule: RunAsAny - volumes: - - '*' -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/network-costs-role.template.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/network-costs-role.template.yaml deleted file mode 100755 index 04424a44e..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/templates/network-costs-role.template.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if .Values.networkCosts }} -{{- if .Values.networkCosts.enabled }} -{{- if .Values.networkCosts.podSecurityPolicy }} -{{- if .Values.networkCosts.podSecurityPolicy.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: kubecost-network-costs - annotations: -{{- if .Values.networkCosts.podSecurityPolicy.annotations }} -{{ toYaml .Values.networkCosts.podSecurityPolicy.annotations | indent 4 }} -{{- end }} -rules: -- apiGroups: ['extensions'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - kubecost-network-costs -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/network-costs-rolebinding.template.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/network-costs-rolebinding.template.yaml deleted file mode 100755 index 84ab0d1c2..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/templates/network-costs-rolebinding.template.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.networkCosts }} -{{- if .Values.networkCosts.enabled }} -{{- if .Values.networkCosts.podSecurityPolicy }} -{{- if .Values.networkCosts.podSecurityPolicy.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: kubecost-network-costs -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: kubecost-network-costs -subjects: -- kind: ServiceAccount - name: {{ template "cost-analyzer.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/values-thanos.yaml b/charts/kubecost/cost-analyzer/1.70.000/values-thanos.yaml deleted file mode 100755 index b0bc33889..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/values-thanos.yaml +++ /dev/null @@ -1,117 +0,0 @@ -global: - thanos: - enabled: true - -# For Thanos Installs, Allow Higher Concurrency from Cost-Model -# Still may require tweaking for some installs, but the thanos-query-frontend -# will greatly assist in reduction memory bloat in query. -kubecostModel: - maxQueryConcurrency: 5 - # This configuration is applied to thanos only. Expresses the resolution to - # use for longer query ranges. Options: raw, 5m, 1h - Default: raw - maxSourceResolution: 5m - -prometheus: - server: - extraArgs: - storage.tsdb.min-block-duration: 2h - storage.tsdb.max-block-duration: 2h - storage.tsdb.retention: 2w - extraVolumes: - - name: object-store-volume - secret: - # Ensure this secret name matches thanos.storeSecretName - secretName: kubecost-thanos - enableAdminApi: true - sidecarContainers: - - name: thanos-sidecar - image: thanosio/thanos:v0.15.0 - args: - - sidecar - - --log.level=debug - - --tsdb.path=/data/ - - --prometheus.url=http://127.0.0.1:9090 - - --objstore.config-file=/etc/config/object-store.yaml - # Start of time range limit to serve. Thanos sidecar will serve only metrics, which happened - # later than this value. Option can be a constant time in RFC3339 format or time duration - # relative to current time, such as -1d or 2h45m. Valid duration units are ms, s, m, h, d, w, y. - - --min-time=-3h - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - ports: - - name: sidecar-http - containerPort: 10902 - - name: grpc - containerPort: 10901 - - name: cluster - containerPort: 10900 - volumeMounts: - - name: config-volume - mountPath: /etc/prometheus - - name: storage-volume - mountPath: /data - subPath: "" - - name: object-store-volume - mountPath: /etc/config - -thanos: - store: - enabled: true - grpcSeriesMaxConcurrency: 20 - blockSyncConcurrency: 20 - extraEnv: - - name: GOGC - value: "100" - resources: - requests: - memory: "2.5Gi" - query: - enabled: true - timeout: 3m - # Maximum number of queries processed concurrently by query node. - maxConcurrent: 8 - # Maximum number of select requests made concurrently per a query. - maxConcurrentSelect: 2 - resources: - requests: - memory: "2.5Gi" - autoDownsampling: false - extraEnv: - - name: GOGC - value: "100" - - # Thanos Query Frontend - queryFrontend: - enabled: true - compressResponses: true - # Response Cache Configuration - # Configure either a max size constraint or max items. - responseCache: - enabled: true - # Maximum memory size of the cache in bytes. A unit suffix (KB, MB, GB) may be applied. - maxSize: 1.25GB - # Maximum number of entries in the cache. - maxSizeItems: 0 - # The expiry duration for the cache. - validity: 2m - resources: - requests: - memory: "1.5Gi" - - # Thanos Sidecar Service Discovery - sidecar: - enabled: true - bucket: - enabled: false - compact: - enabled: true - dataVolume: - persistentVolumeClaim: - claimName: compact-data-volume - storage: 100Gi - # This secret name should match the sidecar configured secret name volume - # in the prometheus.server.extraVolumes entry - storeSecretName: kubecost-thanos diff --git a/charts/kubecost/cost-analyzer/1.70.000/values.yaml b/charts/kubecost/cost-analyzer/1.70.000/values.yaml deleted file mode 100755 index 29e3d558f..000000000 --- a/charts/kubecost/cost-analyzer/1.70.000/values.yaml +++ /dev/null @@ -1,561 +0,0 @@ -global: - # zone: cluster.local (use only if your DNS server doesn't live in the same zone as kubecost) - prometheus: - enabled: true # If false, Prometheus will not be installed -- only actively supported on paid Kubecost plans - fqdn: http://cost-analyzer-prometheus-server.default.svc #example fqdn. Ignored if enabled: true - # insecureSkipVerify : false # If true, kubecost will not check the TLS cert of prometheus - # queryServiceBasicAuthSecretName: dbsecret # kubectl create secret generic dbsecret -n kubecost --from-file=USERNAME --from-file=PASSWORD - # queryServiceBearerTokenSecretName: dbsecret # kubectl create secret generic mcdbsecret -n kubecost --from-file=TOKEN - - # Durable storage option, product key required - thanos: - enabled: false - # queryService: http://thanos-query-frontend-http.kubecost:{{ .Values.thanos.queryFrontend.http.port }} # an address of the thanos query-frontend endpoint, if different from installed thanos - # queryServiceBasicAuthSecretName: mcdbsecret # kubectl create secret generic mcdbsecret -n kubecost --from-file=USERNAME --from-file=PASSWORD <---enter basic auth credentials like that - # queryServiceBearerTokenSecretName mcdbsecret # kubectl create secret generic mcdbsecret -n kubecost --from-file=TOKEN - # queryOffset: 3h # The offset to apply to all thanos queries in order to achieve syncronization on all cluster block stores - - grafana: - enabled: true # If false, Grafana will not be installed - domainName: cost-analyzer-grafana.default.svc #example grafana domain Ignored if enabled: true - scheme: "http" # http or https, for the domain name above. - proxy: true # If true, the kubecost frontend will route to your grafana through its service endpoint - - notifications: - # Kubecost alerting configuration - # Ref: http://docs.kubecost.com/alerts - alertConfigs: - enabled: false # the example values below are never read unless enabled is set to true - frontendUrl: http://localhost:9090 # optional, used for linkbacks - slackWebhookUrl: https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX # optional, used for Slack alerts - globalAlertEmails: - - recipient@example.com - - additionalRecipient@example.com - alerts: - # Daily namespace budget alert on namespace `kubecost` - - type: budget # supported: budget, recurringUpdate - threshold: 50 # optional, required for budget alerts - window: daily # or 1d - aggregation: namespace - filter: kubecost - ownerContact: # optional, overrides globalAlertEmails default - - owner@example.com - - owner2@example.com - # Daily cluster budget alert (clusterCosts alert) on cluster `cluster-one` - - type: budget - threshold: 200.8 # optional, required for budget alerts - window: daily # or 1d - aggregation: cluster - filter: cluster-one - # Recurring weekly update (weeklyUpdate alert) - - type: recurringUpdate - window: weekly # or 7d - aggregation: namespace - filter: '*' - # Recurring weekly namespace update on kubecost namespace - - type: recurringUpdate - window: weekly # or 7d - aggregation: namespace - filter: kubecost - ownerContact: # ownerContact(s) should be the same for the same namespace, otherwise the last namespace alert overwrites - - owner@example.com - - owner2@example.com - alertmanager: # Supply an alertmanager FQDN to receive notifications from the app. - enabled: false # If true, allow kubecost to write to your alertmanager - fqdn: http://cost-analyzer-prometheus-server.default.svc #example fqdn. Ignored if prometheus.enabled: true - - podAnnotations: {} - # iam.amazonaws.com/role: role-arn - -pricingCsv: - enabled: false - location: - provider: "AWS" - region: "us-east-1" - URI: s3://kc-csv-test/pricing_schema.csv # a valid file URI - csvAccessCredentials: pricing-schema-access-secret - -saml: # enterprise key required to use - enabled: false - secretName: "kubecost-authzero" - #metadataSecretName: "kubecost-authzero-metadata" # One of metadataSecretName or idpMetadataURL must be set. defaults to metadataURL if set - idpMetadataURL: "https://dev-elu2z98r.auth0.com/samlp/metadata/c6nY4M37rBP0qSO1IYIqBPPyIPxLS8v2" - appRootURL: "http://localhost:9090" # sample URL - # audienceURI: "http://localhost:9090" # by convention, the same as the appRootURL, but any string uniquely identifying kubecost to your samp IDP. Optional if you follow the convention - rbac: - enabled: false - groups: - - name: admin - enabled: false # if admin is disabled, all SAML users will be able to make configuration changes to the kubecost frontend - assertionName: "http://schemas.auth0.com/userType" # a SAML Assertion, one of whose elements has a value that matches on of the values in assertionValues - assertionValues: - - "admin" - - "superusers" - - name: readonly - enabled: false # if readonly is disabled, all users authorized on SAML will default to readonly - assertionName: "http://schemas.auth0.com/userType" - assertionvalues: - - "readonly" - -# imagePullSecrets: -# - name: "image-pull-secret" - -kubecostChecks: - enabled: true - image: "quay.io/kubecost1/checks" - resources: - requests: - cpu: "20m" - memory: "100Mi" - limits: - cpu: "100m" - memory: "200Mi" - -kubecostFrontend: - image: "gcr.io/kubecost1/frontend" - imagePullPolicy: Always - resources: - requests: - cpu: "10m" - memory: "55Mi" - #limits: - # cpu: "100m" - # memory: "256Mi" - -kubecost: - image: "gcr.io/kubecost1/server" - resources: - requests: - cpu: "100m" - memory: "55Mi" - #limits: - # cpu: "100m" - # memory: "256Mi" - -kubecostModel: - image: "gcr.io/kubecost1/cost-model" - imagePullPolicy: Always - warmCache: true - warmSavingsCache: true - etl: true - # The total number of days the ETL storage will build - etlStoreDurationDays: 120 - maxQueryConcurrency: 5 - # utcOffset represents a timezone in hours and minutes east (+) or west (-) - # of UTC, itself, which is defined as +00:00. - # See the tz database of timezones to look up your local UTC offset: - # https://en.wikipedia.org/wiki/List_of_tz_database_time_zones - utcOffset: "+00:00" - resources: - requests: - cpu: "200m" - memory: "55Mi" - #limits: - # cpu: "800m" - # memory: "256Mi" - -ingress: - enabled: false - annotations: - kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - paths: ["/"] # There's no need to route specifically to the pods-- we have an nginx deployed that handles routing - hosts: - - cost-analyzer.local - tls: [] - # - secretName: cost-analyzer-tls - # hosts: - # - cost-analyzer.local - -nodeSelector: {} - -tolerations: [] -# - key: "key" -# operator: "Equal|Exists" -# value: "value" -# effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" - -affinity: {} - -# If true, creates a PriorityClass to be used by the cost-analyzer pod -priority: - enabled: false - # value: 1000000 - -# If true, enable creation of NetworkPolicy resources. -networkPolicy: - enabled: false - -podSecurityPolicy: - enabled: false - -# Define persistence volume for cost-analyzer -persistentVolume: - size: 0.2Gi - dbSize: 32.0Gi - enabled: true # Note that setting this to false means configurations will be wiped out on pod restart. - # storageClass: "-" # - # existingClaim: kubecost-cost-analyzer # a claim in the same namespace as kubecost - -service: - type: ClusterIP - port: 9090 - targetPort: 9090 - # nodePort: - labels: {} - annotations: {} - -# enabling long-term durable storage with Postgres requires an enterprise license -remoteWrite: - postgres: - enabled: false - initImage: "gcr.io/kubecost1/sql-init" - initImagePullPolicy: Always - installLocal: true - remotePostgresAddress: "" # ignored if installing locally - persistentVolume: - size: 200Gi - auth: - password: admin # change me - -prometheus: - extraScrapeConfigs: | - - job_name: kubecost - honor_labels: true - scrape_interval: 1m - scrape_timeout: 10s - metrics_path: /metrics - scheme: http - dns_sd_configs: - - names: - - {{ template "cost-analyzer.serviceName" . }} - type: 'A' - port: 9003 - - job_name: kubecost-networking - kubernetes_sd_configs: - - role: pod - relabel_configs: - # Scrape only the the targets matching the following metadata - - source_labels: [__meta_kubernetes_pod_label_app] - action: keep - regex: {{ template "cost-analyzer.networkCostsName" . }} - server: - # If clusterIDConfigmap is defined, instead use user-generated configmap with key CLUSTER_ID - # to use as unique cluster ID in kubecost cost-analyzer deployment. - # This overrides the cluster_id set in prometheus.server.global.external_labels. - # NOTE: This does not affect the external_labels set in prometheus config. - # clusterIDConfigmap: cluster-id-configmap - - resources: {} - # limits: - # cpu: 500m - # memory: 512Mi - # requests: - # cpu: 500m - # memory: 512Mi - global: - scrape_interval: 1m - scrape_timeout: 10s - evaluation_interval: 1m - external_labels: - cluster_id: cluster-one # Each cluster should have a unique ID - persistentVolume: - size: 32Gi - enabled: true - extraArgs: - query.max-concurrency: 1 - query.max-samples: 100000000 - tolerations: [] - # - key: "key" - # operator: "Equal|Exists" - # value: "value" - # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" - alertmanager: - # enabled: false - persistentVolume: - enabled: true - nodeExporter: - enabled: true - pushgateway: - enabled: false - persistentVolume: - enabled: true - serverFiles: - # prometheus.yml: # Sample block -- enable if using an in cluster durable store. - # remote_write: - # - url: "http://pgprometheus-adapter:9201/write" - # write_relabel_configs: - # - source_labels: [__name__] - # regex: 'container_.*_allocation|container_.*_allocation_bytes|.*_hourly_cost|kube_pod_container_resource_requests_memory_bytes|container_memory_working_set_bytes|kube_pod_container_resource_requests_cpu_cores|kube_pod_container_resource_requests|pod_pvc_allocation|kube_namespace_labels|kube_pod_labels' - # action: keep - # queue_config: - # max_samples_per_send: 1000 - #remote_read: - # - url: "http://pgprometheus-adapter:9201/read" - rules: - groups: - - name: CPU - rules: - - expr: sum(rate(container_cpu_usage_seconds_total{container_name!=""}[5m])) - record: cluster:cpu_usage:rate5m - - expr: rate(container_cpu_usage_seconds_total{container_name!=""}[5m]) - record: cluster:cpu_usage_nosum:rate5m - - expr: avg(irate(container_cpu_usage_seconds_total{container_name!="POD", container_name!=""}[5m])) by (container_name,pod_name,namespace) - record: kubecost_container_cpu_usage_irate - - expr: sum(container_memory_working_set_bytes{container_name!="POD",container_name!=""}) by (container_name,pod_name,namespace) - record: kubecost_container_memory_working_set_bytes - - expr: sum(container_memory_working_set_bytes{container_name!="POD",container_name!=""}) - record: kubecost_cluster_memory_working_set_bytes - - name: Savings - rules: - - expr: sum(avg(kube_pod_owner{owner_kind!="DaemonSet"}) by (pod) * sum(container_cpu_allocation) by (pod)) - record: kubecost_savings_cpu_allocation - labels: - daemonset: "false" - - expr: sum(avg(kube_pod_owner{owner_kind="DaemonSet"}) by (pod) * sum(container_cpu_allocation) by (pod)) / sum(kube_node_info) - record: kubecost_savings_cpu_allocation - labels: - daemonset: "true" - - expr: sum(avg(kube_pod_owner{owner_kind!="DaemonSet"}) by (pod) * sum(container_memory_allocation_bytes) by (pod)) - record: kubecost_savings_memory_allocation_bytes - labels: - daemonset: "false" - - expr: sum(avg(kube_pod_owner{owner_kind="DaemonSet"}) by (pod) * sum(container_memory_allocation_bytes) by (pod)) / sum(kube_node_info) - record: kubecost_savings_memory_allocation_bytes - labels: - daemonset: "true" - - expr: label_replace(sum(kube_pod_status_phase{phase="Running",namespace!="kube-system"} > 0) by (pod, namespace), "pod_name", "$1", "pod", "(.+)") - record: kubecost_savings_running_pods - - expr: sum(rate(container_cpu_usage_seconds_total{container_name!="",container_name!="POD",instance!=""}[5m])) by (namespace, pod_name, container_name, instance) - record: kubecost_savings_container_cpu_usage_seconds - - expr: sum(container_memory_working_set_bytes{container_name!="",container_name!="POD",instance!=""}) by (namespace, pod_name, container_name, instance) - record: kubecost_savings_container_memory_usage_bytes - - expr: avg(sum(kube_pod_container_resource_requests_cpu_cores{namespace!="kube-system"}) by (pod, namespace, instance)) by (pod, namespace) - record: kubecost_savings_pod_requests_cpu_cores - - expr: avg(sum(kube_pod_container_resource_requests_memory_bytes{namespace!="kube-system"}) by (pod, namespace, instance)) by (pod, namespace) - record: kubecost_savings_pod_requests_memory_bytes - -networkCosts: - enabled: false - podSecurityPolicy: - enabled: false - image: gcr.io/kubecost1/kubecost-network-costs:v13.7 - imagePullPolicy: Always - # Traffic Logging will enable logging the top 5 destinations for each source - # every 30 minutes. - trafficLogging: true - # Port will set both the containerPort and hostPort to this value. - # These must be identical due to network-costs being run on hostNetwork - port: 3001 - resources: {} - #requests: - # cpu: "50m" - # memory: "20Mi" - config: - # Configuration for traffic destinations, including specific classification - # for IPs and CIDR blocks. This configuration will act as an override to the - # automatic classification provided by network-costs. - destinations: - # In Zone contains a list of address/range that will be - # classified as in zone. - in-zone: - # Loopback - - "127.0.0.1" - # IPv4 Link Local Address Space - - "169.254.0.0/16" - # Private Address Ranges in RFC-1918 - - "10.0.0.0/8" - - "172.16.0.0/12" - - "192.168.0.0/16" - - # In Region contains a list of address/range that will be - # classified as in region. This is synonymous with cross - # zone traffic, where the regions between source and destinations - # are the same, but the zone is different. - in-region: [] - - # Cross Region contains a list of address/range that will be - # classified as non-internet egress from one region to another. - cross-region: [] - - # Direct Classification specifically maps an ip address or range - # to a region (required) and/or zone (optional). This classification - # takes priority over in-zone, in-region, and cross-region configurations. - direct-classification: [] - # - region: "us-east1" - # zone: "us-east1-c" - # ips: - # - "10.0.0.0/24" - - ## Node tolerations for server scheduling to nodes with taints - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - ## - tolerations: [] - # - key: "key" - # operator: "Equal|Exists" - # value: "value" - # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" - - ## PriorityClassName - ## Ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass - priorityClassName: [] - ## PodMonitor - ## Allows scraping of network metrics from a dedicated prometheus operator setup - podMonitor: - enabled: false - additionalLabels: {} - -# Kubecost Deployment Configuration -# Used for HA mode in Business & Enterprise tier -kubecostDeployment: - replicas: 1 - -# Kubecost Cluster Controller for Right Sizing and Cluster Turndown -clusterController: - enabled: false - image: gcr.io/kubecost1/cluster-controller:v0.0.2 - imagePullPolicy: Always - -reporting: - # Kubecost bug report feature: Logs access/collection limited to .Release.Namespace - # Ref: http://docs.kubecost.com/bug-report - logCollection: true - productAnalytics: true - errorReporting: true - valuesReporting: true - -serviceMonitor: - enabled: false - additionalLabels: {} - -prometheusRule: - enabled: false - additionalLabels: {} - -supportNFS: true -initChownDataImage: "busybox" # Supports a fully qualified Docker image eg: registry.hub.docker.com/library/busybox:latest. -initChownData: - resources: {} - #requests: - # cpu: "50m" - # memory: "20Mi" - - -grafana: - # namespace_datasources: kubecost # override the default namespace here - # namespace_dashboards: kubecost # override the default namespace here - sidecar: - dashboards: - enabled: true - # label that the configmaps with dashboards are marked with - label: grafana_dashboard - datasources: - # dataSourceFilename: foo.yml # If you need to change the name of the datasource file - enabled: true - defaultDatasourceEnabled: false - dataSourceName: default-kubecost - # label that the configmaps with datasources are marked with - label: kubecost_grafana_datasource -# For grafana to be accessible, add the path to root_url. For example, if you run kubecost at www.foo.com:9090/kubecost -# set root_url to "%(protocol)s://%(domain)s:%(http_port)s/kubecost/grafana". No change is necessary here if kubecost runs at a root URL - grafana.ini: - server: - root_url: "%(protocol)s://%(domain)s:%(http_port)s/grafana" -serviceAccount: - create: true # Set this to false if you're bringing your own service account. - annotations: {} - # name: kc-test - -# These configs can also be set from the Settings page in the Kubecost product UI -# Values in this block override config changes in the Settings UI on pod restart -# -# kubecostProductConfigs: -# An optional list of cluster definitions that can be added for frontend access. The local -# cluster is *always* included by default, so this list is for non-local clusters. -# Ref: https://github.com/kubecost/docs/blob/master/multi-cluster.md -# clusters: -# - name: "Cluster A" -# address: http://cluster-a.kubecost.com:9090 -# # Optional authentication credentials - only basic auth is currently supported. -# auth: -# type: basic -# # Secret name should be a secret formatted based on: https://github.com/kubecost/docs/blob/master/ingress-examples.md -# secretName: cluster-a-auth -# # Or pass auth directly as base64 encoded user:pass -# data: YWRtaW46YWRtaW4= -# # Or user and pass directly -# user: admin -# pass: admin -# - name: "Cluster B" -# address: http://cluster-b.kubecost.com:9090 -# defaultModelPricing: # default monthly resource prices, used predominately for on-prem clusters -# CPU: 28.0 -# spotCPU: 4.86 -# RAM: 3.09 -# spotRAM: 0.65 -# GPU: 693.50 -# spotGPU: 225.0 -# storage: 0.04 -# zoneNetworkEgress: 0.01 -# regionNetworkEgress: 0.01 -# internetNetworkEgress: 0.12 -# enabled: true -# # The cluster profile represents a predefined set of parameters to use when calculating savings. -# # Possible values are: [ development, production, high-availability ] -# clusterProfile: production -# customPricesEnabled: false # This makes the default view custom prices-- generally used for on-premises clusters -# spotLabel: lifecycle -# spotLabelValue: Ec2Spot -# gpuLabel: gpu -# gpuLabelValue: true -# awsServiceKeyName: ACCESSKEYID -# awsServiceKeyPassword: fakepassword # Only use if your values.yaml are stored encrypted. Otherwise provide an existing secret via serviceKeySecretName -# awsSpotDataRegion: us-east-1 -# awsSpotDataBucket: spot-data-feed-s3-bucket -# awsSpotDataPrefix: dev -# athenaProjectID: "530337586277" # The AWS AccountID where the Athena CUR is. Generally your masterpayer account -# athenaBucketName: "s3://aws-athena-query-results-530337586277-us-east-1" -# athenaRegion: us-east-1 -# athenaDatabase: athenacurcfn_athena_test1 -# athenaTable: "athena_test1" -# masterPayerARN: "" -# projectID: "123456789" # Also known as AccountID on AWS -- the current account/project that this instance of Kubecost is deployed on. -# gcpSecretName: gcp-secret # Name of a secret representing the gcp service key -# bigQueryBillingDataDataset: billing_data.gcp_billing_export_v1_01AC9F_74CF1D_5565A2 -# labelMappingConfigs: # names of k8s labels used to designate different allocation concepts -# enabled: true -# owner_label: "owner" -# team_label: "team" -# department_label: "dept" -# product_label: "product" -# environment_label: "env" -# namespace_external_label: "kubernetes_namespace" # external labels are used to map external cloud costs to kubernetes concepts -# cluster_external_label: "kubernetes_cluster" -# controller_external_label: "kubernetes_controller" -# product_external_label: "kubernetes_label_app" -# service_external_label: "kubernetes_service" -# deployment_external_label: "kubernetes_deployment" -# team_external_label: "kubernetes_label_team" -# environment_external_label: "kubernetes_label_env" -# department_external_label: "kubernetes_label_department" -# statefulset_external_label: "kubernetes_statefulset" -# daemonset_external_label: "kubernetes_daemonset" -# pod_external_label: "kubernetes_pod" -# grafanaURL: "" -# clusterName: "" # used for display in Kubecost UI -# currencyCode: "USD" # offical support for USD, CAD, EUR, and CHF -# azureBillingRegion: US # Represents 2-letter region code, e.g. West Europe = NL, Canada = CA. ref: https://en.wikipedia.org/wiki/List_of_ISO_3166_country_codes -# azureSubscriptionID: 0bd50fdf-c923-4e1e-850c-196dd3dcc5d3 -# azureClientID: f2ef6f7d-71fb-47c8-b766-8d63a19db017 -# azureTenantID: 72faf3ff-7a3f-4597-b0d9-7b0b201bb23a -# azureClientPassword: fake key # Only use if your values.yaml are stored encrypted. Otherwise provide an existing secret via serviceKeySecretName -# discount: "" # percentage discount applied to compute -# negotiatedDiscount: "" # custom negotiated cloud provider discount -# defaultIdle: false -# serviceKeySecretName: "" # Use an existing AWS or Azure secret with format as in aws-service-key-secret.yaml or azure-service-key-secret.yaml. Leave blank if using createServiceKeySecret -# createServiceKeySecret: true # Creates a secret representing your cloud service key based on data in values.yaml. If you are storing unencrypted values, add a secret manually -# sharedNamespaces: "" # namespaces with shared workloads, example value: "kube-system\,ingress-nginx\,kubecost\,monitoring" -# productKey: # apply business or enterprise product license -# key: "" -# enabled: false -# secretname: productkeysecret # create a secret out of a file named productkey.json of format { "key": "kc-b1325234" } diff --git a/charts/neuvector/neuvector/1.8.0/.helmignore b/charts/neuvector/neuvector/1.8.0/.helmignore deleted file mode 100644 index f0c131944..000000000 --- a/charts/neuvector/neuvector/1.8.0/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/neuvector/neuvector/1.8.0/Chart.yaml b/charts/neuvector/neuvector/1.8.0/Chart.yaml deleted file mode 100644 index 453359e5d..000000000 --- a/charts/neuvector/neuvector/1.8.0/Chart.yaml +++ /dev/null @@ -1,17 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: NeuVector - catalog.cattle.io/release-name: neuvector -apiVersion: v1 -appVersion: 4.3.0 -description: Helm chart for NeuVector's core services -home: https://neuvector.com -icon: https://avatars2.githubusercontent.com/u/19367275?s=200&v=4 -keywords: -- security -kubeVersion: '>=1.13.0-0' -maintainers: -- email: support@neuvector.com - name: becitsthere -name: neuvector -version: 1.8.0 diff --git a/charts/neuvector/neuvector/1.8.0/README.md b/charts/neuvector/neuvector/1.8.0/README.md deleted file mode 100644 index 1e529372e..000000000 --- a/charts/neuvector/neuvector/1.8.0/README.md +++ /dev/null @@ -1,159 +0,0 @@ -# NeuVector Helm Chart - -Helm chart for NeuVector container security's core services. - -## Preparation if using Helm 2 - -- Kubernetes 1.7+ -- Helm installed and Tiller pod is running -- Cluster role `cluster-admin` available, check by: - -```console -$ kubectl get clusterrole cluster-admin -``` - -If nothing returned, then add the `cluster-admin`: - -cluster-admin.yaml -```yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: cluster-admin -rules: -- apiGroups: - - '*' - resources: - - '*' - verbs: - - '*' -- nonResourceURLs: - - '*' - verbs: - - '*' -``` - -```console -$ kubectl create -f cluster-admin.yaml -``` - -- If you have not created a service account for tiller, and give it admin abilities on the cluster: - -```console -$ kubectl create serviceaccount --namespace kube-system tiller -$ kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller -$ kubectl patch deployment tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}' -n kube-system -``` - -## CRD -Because the CRD (Custom Resource Definition) poclies can be deployed before NeuVector's core product, a new 'crd' helm chart is created. The crd template in the 'core' chart is kept for the backward compatibility. Please set 'crdwebhook.enabled' to false, if you use the new 'crd' chart. - - -## Configuration - -The following table lists the configurable parameters of the NeuVector chart and their default values. - -Parameter | Description | Default | Notes ---------- | ----------- | ------- | ----- -`openshift` | If deploying in OpenShift, set this to true | `false` | -`registry` | image registry | `registry.neuvector.com` | If Azure, set to my-reg.azurecr.io;
if OpenShift, set to docker-registry.default.svc:5000 -`tag` | image tag for controller enforcer manager | `latest` | -`oem` | OEM release name | `nil` | -`imagePullSecrets` | image pull secret | `nil` | -`psp` | NeuVector Pod Security Policy when psp policy is enabled | `false` | -`serviceAccount` | Service account name for NeuVector components | `default` | -`controller.enabled` | If true, create controller | `true` | -`controller.image.repository` | controller image repository | `neuvector/controller` | -`controller.replicas` | controller replicas | `3` | -`controller.disruptionbudget` | controller PodDisruptionBudget. 0 to disable. Recommended value: 2. | `0` | -`controller.priorityClassName` | controller priorityClassName. Must exist prior to helm deployment. Leave empty to disable. | `nil` | -`controller.pvc.enabled` | If true, enable persistence for controller using PVC | `false` | Require persistent volume type RWX, and storage 1Gi -`controller.pvc.storageClass` | Storage Class to be used | `default` | -`controller.pvc.capacity` | Storage capacity | `1Gi` | -`controller.azureFileShare.enabled` | If true, enable the usage of an existing or statically provisioned Azure File Share | `false` | -`controller.azureFileShare.secretName` | The name of the secret containing the Azure file share storage account name and key | `nil` | -`controller.azureFileShare.shareName` | The name of the Azure file share to use | `nil` | -`controller.apisvc.type` | Controller REST API service type | `nil` | -`controller.svc.annotations` | Add annotations to controller REST API service | `{}` | -`controller.apisvc.route.enabled` | If true, create a OpenShift route to expose the Controller REST API service | `false` | -`controller.apisvc.route.termination` | Specify TLS termination for OpenShift route for Controller REST API service. Possible passthrough, edge, reencrypt | `passthrough` | -`controller.certificate.secret` | Replace controller REST API certificate using secret if secret name is specified | `nil` | -`controller.certificate.keyFile` | Replace controller REST API certificate key file | `tls.key` | -`controller.certificate.pemFile` | Replace controller REST API certificate pem file | `tls.pem` | -`controller.federation.mastersvc.type` | Multi-cluster master cluster service type. If specified, the deployment will be used to manage other clusters. Possible values include NodePort, LoadBalancer and Ingress. | `nil` | -`controller.federation.mastersvc.route.enabled` | If true, create a OpenShift route to expose the Multi-cluster master cluster service | `false` | -`controller.federation.mastersvc.route.termination` | Specify TLS termination for OpenShift route for Multi-cluster master cluster service. Possible passthrough, edge, reencrypt | `passthrough` | -`controller.federation.managedsvc.type` | Multi-cluster managed cluster service type. If specified, the deployment will be managed by the master clsuter. Possible values include NodePort, LoadBalancer and Ingress. | `nil` | -`controller.federation.mastersvc.route.enabled` | If true, create a OpenShift route to expose the Multi-cluster managed cluster service | `false` | -`controller.federation.mastersvc.route.termination` | Specify TLS termination for OpenShift route for Multi-cluster managed cluster service. Possible passthrough, edge, reencrypt | `passthrough` | -`controller.ingress.enabled` | If true, create ingress for rest api, must also set ingress host value | `false` | enable this if ingress controller is installed -`controller.ingress.host` | Must set this host value if ingress is enabled | `nil` | -`controller.ingress.path` | Set ingress path |`/` | If set, it might be necessary to set a rewrite rule in annotations. -`controller.ingress.annotations` | Add annotations to ingress to influence behavior | `ingress.kubernetes.io/protocol: https ingress.kubernetes.io/rewrite-target: /` | see examples in [values.yaml](values.yaml) -`controller.resources` | Add resources requests and limits to controller deployment | `{}` | see examples in [values.yaml](values.yaml) -`controller.configmap.enabled` | If true, configure NeuVector using a ConfigMap | `false` -`controller.configmap.data` | NeuVector configuration in YAML format | `{}` -`enforcer.enabled` | If true, create enforcer | `true` | -`enforcer.image.repository` | enforcer image repository | `neuvector/enforcer` | -`enforcer.priorityClassName` | enforcer priorityClassName. Must exist prior to helm deployment. Leave empty to disable. | `nil` | -`enforcer.tolerations` | List of node taints to tolerate | `- effect: NoSchedule`
`key: node-role.kubernetes.io/master` | other taints can be added after the default -`enforcer.resources` | Add resources requests and limits to enforcer deployment | `{}` | see examples in [values.yaml](values.yaml) -`manager.enabled` | If true, create manager | `true` | -`manager.image.repository` | manager image repository | `neuvector/manager` | -`manager.priorityClassName` | manager priorityClassName. Must exist prior to helm deployment. Leave empty to disable. | `nil` | -`manager.env.ssl` | If false, manager will listen on HTTP access instead of HTTPS | `true` | -`manager.svc.type` | set manager service type for native Kubernetes | `NodePort`;
if it is OpenShift platform or ingress is enabled, then default is `ClusterIP` | set to LoadBalancer if using cloud providers, such as Azure, Amazon, Google -`manager.svc.loadBalancerIP` | if manager service type is LoadBalancer, this is used to specify the load balancer's IP | `nil` | -`manager.svc.annotations` | Add annotations to manager service | `{}` | see examples in [values.yaml](values.yaml) -`manager.route.enabled` | If true, create a OpenShift route to expose the management consol service | `true` | -`manager.route.termination` | Specify TLS termination for OpenShift route for management consol service. Possible passthrough, edge, reencrypt | `passthrough` | -`manager.certificate.secret` | Replace manager UI certificate using secret if secret name is specified | `nil` | -`manager.certificate.keyFile` | Replace manager UI certificate key file | `tls.key` | -`manager.certificate.pemFile` | Replace manager UI certificate pem file | `tls.pem` | -`manager.ingress.enabled` | If true, create ingress, must also set ingress host value | `false` | enable this if ingress controller is installed -`manager.ingress.host` | Must set this host value if ingress is enabled | `nil` | -`manager.ingress.path` | Set ingress path |`/` | If set, it might be necessary to set a rewrite rule in annotations. Currently only supports `/` -`manager.ingress.annotations` | Add annotations to ingress to influence behavior | `{}` | see examples in [values.yaml](values.yaml) -`manager.ingress.tls` | If true, TLS is enabled for manager ingress service |`false` | If set, the tls-host used is the one set with `manager.ingress.host`. -`manager.ingress.secretName` | Name of the secret to be used for TLS-encryption | `nil` | Secret must be created separately (Let's encrypt, manually) -`manager.resources` | Add resources requests and limits to manager deployment | `{}` | see examples in [values.yaml](values.yaml) -`cve.updater.enabled` | If true, create cve updater | `true` | -`cve.updater.image.repository` | cve updater image repository | `neuvector/updater` | -`cve.updater.image.tag` | image tag for cve updater | `latest` | -`cve.updater.priorityClassName` | cve updater priorityClassName. Must exist prior to helm deployment. Leave empty to disable. | `nil` | -`cve.updater.schedule` | cronjob cve updater schedule | `0 0 * * *` | -`cve.scanner.enabled` | If true, external scanners will be deployed | `true` | -`cve.scanner.image.repository` | external scanner image repository | `neuvector/scanner` | -`cve.scanner.image.tag` | external scanner image tag | `latest` | -`cve.scanner.priorityClassName` | cve scanner priorityClassName. Must exist prior to helm deployment. Leave empty to disable. | `nil` | -`cve.scanner.replicas` | external scanner replicas | `3` | -`cve.scanner.dockerPath` | the remote docker socket if CI/CD integration need scan images before they are pushed to the registry | `nil` | -`cve.scanner.resources` | Add resources requests and limits to scanner deployment | `{}` | see examples in [values.yaml](values.yaml) -`docker.path` | docker path | `/var/run/docker.sock` | -`containerd.enabled` | Set to true, if the container runtime is containerd | `false` | -`containerd.path` | If containerd is enabled, this local containerd socket path will be used | `/var/run/containerd/containerd.sock` | -`crio.enabled` | Set to true, if the container runtime is cri-o | `false` | -`crio.path` | If cri-o is enabled, this local cri-o socket path will be used | `/var/run/crio/crio.sock` | -`k3s.enabled` | Set to true for k3s | `false` | -`k3s.runtimePath` | If k3s is enabled, this local containerd socket path will be used | `/run/k3s/containerd/containerd.sock` | -`bottlerocket.enabled` | Set to true if using AWS bottlerocket | `false` | -`bottlerocket.runtimePath` | If bottlerocket is enabled, this local containerd socket path will be used | `/run/dockershim.sock` | -`admissionwebhook.type` | admission webhook type | `ClusterIP` | -`crdwebhook.enabled` | Enable crd service and create crd related resources | `true` | -`crdwebhook.type` | crd webhook type | `ClusterIP` | - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```console -$ helm install --name my-release --namespace neuvector ./neuvector-helm/ --set manager.env.ssl=off -``` - -Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, - -```console -$ helm install --name my-release --namespace neuvector ./neuvector-helm/ -f values.yaml -``` - ---- -Contact for access to Docker Hub and docs. - diff --git a/charts/neuvector/neuvector/1.8.0/app-readme.md b/charts/neuvector/neuvector/1.8.0/app-readme.md deleted file mode 100644 index ac18b4b90..000000000 --- a/charts/neuvector/neuvector/1.8.0/app-readme.md +++ /dev/null @@ -1,12 +0,0 @@ -### Run-Time Protection Without Compromise - -NeuVector delivers a complete run-time security solution with container process/file system protection and vulnerability scanning combined with the only true Layer 7 container firewall. Protect sensitive data with a complete container security platform. - -NeuVector integrates tightly with Rancher and Kubernetes to extend the built-in security features for applications that require defense in depth. Security features include: - -+ Build phase vulnerability scanning with Jenkins plug-in and registry scanning -+ Admission control to prevent vulnerable or unauthorized image deployments using Kubernetes admission control webhooks -+ Complete run-time scanning with network, process, and file system monitoring and protection -+ The industry's only layer 7 container firewall for multi-protocol threat detection and automated segmentation -+ Advanced network controls including DLP detection, service mesh integration, connection blocking and packet captures -+ Run-time vulnerability scanning and CIS benchmarks \ No newline at end of file diff --git a/charts/neuvector/neuvector/1.8.0/questions.yml b/charts/neuvector/neuvector/1.8.0/questions.yml deleted file mode 100644 index c0ece40fe..000000000 --- a/charts/neuvector/neuvector/1.8.0/questions.yml +++ /dev/null @@ -1,160 +0,0 @@ -questions: -#image configurations -- variable: registry - default: "registry.neuvector.com" - description: image registry - type: string - label: Image Registry - group: "Container Images" -- variable: oem - default: "" - description: OEM release name - type: string - label: OEM name - group: "Container Images" -- variable: tag - default: "latest" - description: image tag for controller enforcer manager - type: string - label: Image Tag - group: "Container Images" -- variable: imagePullSecrets - default: "" - description: secret name to pull image - type: string - label: Image Pull Secrets - group: "Container Images" -- variable: controller.image.repository - default: "neuvector/controller" - description: controller image repository - type: string - label: Controller image path - group: "Container Images" -- variable: manager.image.repository - default: "neuvector/manager" - description: manager image repository - type: string - label: Manager image path - group: "Container Images" -- variable: enforcer.image.repository - default: "neuvector/enforcer" - description: enforcer image repository - type: string - label: Enforcer image path - group: "Container Images" -- variable: cve.scanner.image.repository - default: "neuvector/scanner" - description: scanner image repository - type: string - label: Scanner image path - group: "Container Images" -- variable: cve.updater.image.repository - default: "neuvector/updater" - description: cve updater image repository - type: string - label: CVE Updater image path - group: "Container Images" -#storage configurations -- variable: controller.pvc.enabled - default: false - description: If true, enable persistence for controller using PVC - type: boolean - label: PVC status - group: "PVC Configuration" -- variable: controller.pvc.storageClass - default: "" - description: Storage Class to be used - type: string - label: Storage Class Name - group: "PVC Configuration" -#ingress configurations -- variable: manager.ingress.enabled - default: false - description: If true, create ingress, must also set ingress host value - type: boolean - label: Manager ingress status - group: "Ingress Configuration" -- variable: manager.ingress.host - default: "" - description: Must set this host value if ingress is enabled - type: string - label: Manager Ingress host - group: "Ingress Configuration" -- variable: manager.ingress.path - default: "/" - description: Set ingress path - type: string - label: Manager Ingress path - group: "Ingress Configuration" -- variable: manager.ingress.annotations - default: "{}" - description: Add annotations to ingress to influence behavior - type: string - label: Manager Ingress annotations - group: "Ingress Configuration" -- variable: controller.ingress.enabled - default: false - description: If true, create ingress for rest api, must also set ingress host value - type: boolean - label: Controller ingress status - group: "Ingress Configuration" -- variable: controller.ingress.host - default: "" - description: Must set this host value if ingress is enabled - type: string - label: Controller Ingress host - group: "Ingress Configuration" -- variable: controller.ingress.path - default: "/" - description: Set ingress path - type: string - label: Controller Ingress path - group: "Ingress Configuration" -- variable: controller.ingress.annotations - default: "{}" - description: Add annotations to ingress to influence behavior - type: string - label: Controller Ingress annotations - group: "Ingress Configuration" -#service configurations -- variable: manager.svc.type - default: "NodePort" - description: Set manager service type for native Kubernetes - type: enum - label: Manager service type - group: "Service Configuration" - options: - - "NodePort" - - "ClusterIP" - - "LoadBalancer" -- variable: controller.federation.mastersvc.type - default: "" - description: Multi-cluster master cluster service type. If specified, the deployment will be used to manage other clusters. Possible values include NodePort, LoadBalancer and Ingress - type: enum - label: Fed Master Service Type - group: "Service Configuration" - options: - - "NodePort" - - "Ingress" - - "LoadBalancer" -- variable: controller.federation.managedsvc.type - default: "" - description: Multi-cluster managed cluster service type. If specified, the deployment will be managed by the master clsuter. Possible values include NodePort, LoadBalancer and Ingress - type: enum - label: Fed Managed service type - group: "Service Configuration" - options: - - "NodePort" - - "Ingress" - - "LoadBalancer" -- variable: controller.apisvc.type - default: "NodePort" - description: Controller REST API service type - type: enum - label: Controller REST API Service Type - group: "Service Configuration" - options: - - "NodePort" - - "ClusterIP" - - "LoadBalancer" - diff --git a/charts/neuvector/neuvector/1.8.0/templates/NOTES.txt b/charts/neuvector/neuvector/1.8.0/templates/NOTES.txt deleted file mode 100644 index e79b2cc21..000000000 --- a/charts/neuvector/neuvector/1.8.0/templates/NOTES.txt +++ /dev/null @@ -1,20 +0,0 @@ -{{- if and .Values.manager.enabled .Values.manager.ingress.enabled }} -From outside the cluster, the NeuVector URL is: -http://{{ .Values.manager.ingress.host }} -{{- else if not .Values.openshift }} -Get the NeuVector URL by running these commands: -{{- if contains "NodePort" .Values.manager.svc.type }} - NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services neuvector-service-webui) - NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo https://$NODE_IP:$NODE_PORT -{{- else if contains "ClusterIP" .Values.manager.svc.type }} - CLUSTER_IP=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.clusterIP}" services neuvector-service-webui) - echo https://$CLUSTER_IP:8443 -{{- else if contains "LoadBalancer" .Values.manager.svc.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - Watch the status by running 'kubectl get svc --namespace {{ .Release.Namespace }} -w neuvector-service-webui' - - SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} neuvector-service-webui -o jsonpath="{.status.loadBalancer.ingress[0].ip}") - echo https://$SERVICE_IP:8443 -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/neuvector/neuvector/1.8.0/templates/_helpers.tpl b/charts/neuvector/neuvector/1.8.0/templates/_helpers.tpl deleted file mode 100644 index c0cc49294..000000000 --- a/charts/neuvector/neuvector/1.8.0/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "neuvector.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "neuvector.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "neuvector.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/neuvector/neuvector/1.8.0/templates/admission-webhook-service.yaml b/charts/neuvector/neuvector/1.8.0/templates/admission-webhook-service.yaml deleted file mode 100644 index 8a0a76aaa..000000000 --- a/charts/neuvector/neuvector/1.8.0/templates/admission-webhook-service.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: neuvector-svc-admission-webhook - namespace: {{ .Release.Namespace }} - labels: - chart: {{ template "neuvector.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - ports: - - port: 443 - targetPort: 20443 - protocol: TCP - name: admission-webhook - type: {{ .Values.admissionwebhook.type }} - selector: - app: neuvector-controller-pod \ No newline at end of file diff --git a/charts/neuvector/neuvector/1.8.0/templates/clusterrole.yaml b/charts/neuvector/neuvector/1.8.0/templates/clusterrole.yaml deleted file mode 100644 index 6673e2f6c..000000000 --- a/charts/neuvector/neuvector/1.8.0/templates/clusterrole.yaml +++ /dev/null @@ -1,119 +0,0 @@ -{{- $oc4 := and .Values.openshift (semverCompare ">=1.12-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}} -{{- $oc3 := and .Values.openshift (not $oc4) (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}} -{{- if $oc3 }} -apiVersion: authorization.openshift.io/v1 -{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} -apiVersion: rbac.authorization.k8s.io/v1 -{{- else }} -apiVersion: v1 -{{- end }} -kind: ClusterRole -metadata: - name: neuvector-binding-app - labels: - chart: {{ template "neuvector.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -rules: -- apiGroups: - - "" - resources: - - nodes - - pods - - services - - namespaces - verbs: - - get - - list - - watch - - update - ---- - -{{- if $oc3 }} -apiVersion: authorization.openshift.io/v1 -{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} -apiVersion: rbac.authorization.k8s.io/v1 -{{- else }} -apiVersion: v1 -{{- end }} -kind: ClusterRole -metadata: - name: neuvector-binding-rbac - labels: - chart: {{ template "neuvector.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -rules: -{{- if .Values.openshift }} -- apiGroups: - - image.openshift.io - resources: - - imagestreams - verbs: - - get - - list - - watch -{{- end }} -- apiGroups: - - rbac.authorization.k8s.io - resources: - - rolebindings - - roles - - clusterrolebindings - - clusterroles - verbs: - - get - - list - - watch - ---- - -{{- if $oc3 }} -apiVersion: authorization.openshift.io/v1 -{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} -apiVersion: rbac.authorization.k8s.io/v1 -{{- else }} -apiVersion: v1 -{{- end }} -kind: ClusterRole -metadata: - name: neuvector-binding-admission - labels: - chart: {{ template "neuvector.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -rules: -- apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - - mutatingwebhookconfigurations - verbs: - - get - - list - - watch - - create - - update - - delete - ---- - -{{- if $oc4 }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: neuvector-binding-co - labels: - chart: {{ template "neuvector.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -rules: -- apiGroups: - - config.openshift.io - resources: - - clusteroperators - verbs: - - get - - list -{{- end }} diff --git a/charts/neuvector/neuvector/1.8.0/templates/clusterrolebinding.yaml b/charts/neuvector/neuvector/1.8.0/templates/clusterrolebinding.yaml deleted file mode 100644 index 2ae8aed3a..000000000 --- a/charts/neuvector/neuvector/1.8.0/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,145 +0,0 @@ -{{- $oc4 := and .Values.openshift (semverCompare ">=1.12-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}} -{{- $oc3 := and .Values.openshift (not $oc4) (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}} - -{{- if $oc3 }} -apiVersion: authorization.openshift.io/v1 -{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} -apiVersion: rbac.authorization.k8s.io/v1 -{{- else }} -apiVersion: v1 -{{- end }} -kind: ClusterRoleBinding -metadata: - name: neuvector-binding-app - labels: - chart: {{ template "neuvector.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -roleRef: -{{- if not $oc3 }} - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole -{{- end }} - name: neuvector-binding-app -subjects: -- kind: ServiceAccount - name: {{ .Values.serviceAccount }} - namespace: {{ .Release.Namespace }} -{{- if $oc3 }} -userNames: -- system:serviceaccount:{{ .Release.Namespace }}:{{ .Values.serviceAccount }} -{{- end }} - ---- - -{{- if $oc3 }} -apiVersion: authorization.openshift.io/v1 -{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} -apiVersion: rbac.authorization.k8s.io/v1 -{{- else }} -apiVersion: v1 -{{- end }} -kind: ClusterRoleBinding -metadata: - name: neuvector-binding-rbac - labels: - chart: {{ template "neuvector.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -roleRef: -{{- if not $oc3 }} - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole -{{- end }} - name: neuvector-binding-rbac -subjects: -- kind: ServiceAccount - name: {{ .Values.serviceAccount }} - namespace: {{ .Release.Namespace }} -{{- if $oc3 }} -userNames: -- system:serviceaccount:{{ .Release.Namespace }}:{{ .Values.serviceAccount }} -{{- end }} - ---- - -{{- if $oc3 }} -apiVersion: authorization.openshift.io/v1 -{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} -apiVersion: rbac.authorization.k8s.io/v1 -{{- else }} -apiVersion: v1 -{{- end }} -kind: ClusterRoleBinding -metadata: - name: neuvector-binding-admission - labels: - chart: {{ template "neuvector.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -roleRef: -{{- if not $oc3 }} - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole -{{- end }} - name: neuvector-binding-admission -subjects: -- kind: ServiceAccount - name: {{ .Values.serviceAccount }} - namespace: {{ .Release.Namespace }} -{{- if $oc3 }} -userNames: -- system:serviceaccount:{{ .Release.Namespace }}:{{ .Values.serviceAccount }} -{{- end }} - ---- - -{{- if $oc3 }} -apiVersion: authorization.openshift.io/v1 -{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} -apiVersion: rbac.authorization.k8s.io/v1 -{{- else }} -apiVersion: v1 -{{- end }} -kind: ClusterRoleBinding -metadata: - name: neuvector-binding-view - labels: - chart: {{ template "neuvector.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -roleRef: -{{- if not $oc3 }} - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole -{{- end }} - name: view -subjects: -- kind: ServiceAccount - name: {{ .Values.serviceAccount }} - namespace: {{ .Release.Namespace }} -{{- if $oc3 }} -userNames: -- system:serviceaccount:{{ .Release.Namespace }}:{{ .Values.serviceAccount }} -{{- end }} - ---- - -{{- if $oc4 }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: neuvector-binding-co - labels: - chart: {{ template "neuvector.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: neuvector-binding-co -subjects: -- kind: ServiceAccount - name: {{ .Values.serviceAccount }} - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/neuvector/neuvector/1.8.0/templates/configmap.yaml b/charts/neuvector/neuvector/1.8.0/templates/configmap.yaml deleted file mode 100644 index 4d3b97129..000000000 --- a/charts/neuvector/neuvector/1.8.0/templates/configmap.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if .Values.controller.configmap.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: neuvector-init - namespace: {{ .Release.Namespace }} - labels: - chart: {{ template "neuvector.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -data: -{{ toYaml .Values.controller.configmap.data | indent 4 }} -{{- end }} \ No newline at end of file diff --git a/charts/neuvector/neuvector/1.8.0/templates/controller-deployment.yaml b/charts/neuvector/neuvector/1.8.0/templates/controller-deployment.yaml deleted file mode 100644 index f6df38a0f..000000000 --- a/charts/neuvector/neuvector/1.8.0/templates/controller-deployment.yaml +++ /dev/null @@ -1,186 +0,0 @@ -{{- if .Values.controller.enabled -}} -{{- if (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} -apiVersion: apps/v1 -{{- else }} -apiVersion: extensions/v1beta1 -{{- end }} -kind: Deployment -metadata: - name: neuvector-controller-pod - namespace: {{ .Release.Namespace }} - labels: - chart: {{ template "neuvector.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - replicas: {{ .Values.controller.replicas }} - minReadySeconds: 60 - strategy: -{{ toYaml .Values.controller.strategy | indent 4 }} - selector: - matchLabels: - app: neuvector-controller-pod - template: - metadata: - labels: - app: neuvector-controller-pod - release: {{ .Release.Name }} - spec: - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 - podAffinityTerm: - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - neuvector-controller-pod - topologyKey: "kubernetes.io/hostname" - {{- if .Values.imagePullSecrets }} - imagePullSecrets: - - name: {{ .Values.imagePullSecrets }} - {{- end }} - {{- if .Values.controller.priorityClassName }} - priorityClassName: {{ .Values.controller.priorityClassName }} - {{- end }} - serviceAccountName: {{ .Values.serviceAccount }} - serviceAccount: {{ .Values.serviceAccount }} - containers: - - name: neuvector-controller-pod - {{ if eq .Values.registry "registry.neuvector.com" }} - {{ if .Values.oem }} - image: "{{ .Values.registry }}/{{ .Values.oem }}/controller:{{ .Values.tag }}" - {{- else }} - image: "{{ .Values.registry }}/controller:{{ .Values.tag }}" - {{- end }} - {{- else }} - image: "{{ .Values.registry }}/{{ .Values.controller.image.repository }}:{{ .Values.tag }}" - {{- end }} - securityContext: - privileged: true - resources: - {{- if .Values.controller.resources }} -{{ toYaml .Values.controller.resources | indent 12 }} - {{- else }} -{{ toYaml .Values.resources | indent 12 }} - {{- end }} - readinessProbe: - exec: - command: - - cat - - /tmp/ready - initialDelaySeconds: 5 - periodSeconds: 5 - env: - - name: CLUSTER_JOIN_ADDR - value: neuvector-svc-controller.{{ .Release.Namespace }} - - name: CLUSTER_ADVERTISED_ADDR - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: CLUSTER_BIND_ADDR - valueFrom: - fieldRef: - fieldPath: status.podIP - {{- if or .Values.controller.pvc.enabled .Values.controller.azureFileShare.enabled }} - - name: CTRL_PERSIST_CONFIG - value: "1" - {{- end }} - volumeMounts: - - mountPath: /var/neuvector - name: nv-share - readOnly: false - {{- if .Values.containerd.enabled }} - - mountPath: /var/run/containerd/containerd.sock - {{- else if .Values.k3s.enabled }} - - mountPath: /var/run/containerd/containerd.sock - {{- else if .Values.bottlerocket.enabled }} - - mountPath: /var/run/containerd/containerd.sock - {{- else if .Values.crio.enabled }} - - mountPath: /var/run/crio/crio.sock - {{- else }} - - mountPath: /var/run/docker.sock - {{- end }} - name: runtime-sock - readOnly: true - - mountPath: /host/proc - name: proc-vol - readOnly: true - - mountPath: /host/cgroup - name: cgroup-vol - readOnly: true - - mountPath: /etc/config - name: config-volume - readOnly: true - {{- if .Values.controller.certificate.secret }} - - mountPath: /etc/neuvector/certs/ssl-cert.key - subPath: {{ .Values.controller.certificate.keyFile }} - name: cert - readOnly: true - - mountPath: /etc/neuvector/certs/ssl-cert.pem - subPath: {{ .Values.controller.certificate.pemFile }} - name: cert - readOnly: true - {{- end }} - terminationGracePeriodSeconds: 300 - restartPolicy: Always - volumes: - - name: nv-share - {{- if .Values.controller.pvc.enabled }} - persistentVolumeClaim: - claimName: neuvector-data - {{- else if .Values.controller.azureFileShare.enabled }} - azureFile: - secretName: {{ .Values.controller.azureFileShare.secretName }} - shareName: {{ .Values.controller.azureFileShare.shareName }} - readOnly: false - {{- else }} - hostPath: - path: /var/neuvector - {{- end }} - - name: runtime-sock - hostPath: - {{- if .Values.containerd.enabled }} - path: {{ .Values.containerd.path }} - {{- else if .Values.crio.enabled }} - path: {{ .Values.crio.path }} - {{- else if .Values.k3s.enabled }} - path: {{ .Values.k3s.runtimePath }} - {{- else if .Values.bottlerocket.enabled }} - path: {{ .Values.bottlerocket.runtimePath }} - {{- else }} - path: {{ .Values.docker.path }} - {{- end }} - - name: proc-vol - hostPath: - path: /proc - - name: cgroup-vol - hostPath: - path: /sys/fs/cgroup - - name: config-volume - configMap: - name: neuvector-init - {{- if not .Values.controller.configmap.enabled }} - optional: true - {{- end }} - {{- if .Values.controller.certificate.secret }} - - name: cert - secret: - secretName: {{ .Values.controller.certificate.secret }} - {{- end }} -{{- if gt (int .Values.controller.disruptionbudget) 0 }} ---- -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: neuvector-controller-pdb - namespace: neuvector -spec: - minAvailable: {{ .Values.controller.disruptionbudget }} - selector: - matchLabels: - app: neuvector-controller-pod -{{- end }} -{{- end }} diff --git a/charts/neuvector/neuvector/1.8.0/templates/controller-ingress.yaml b/charts/neuvector/neuvector/1.8.0/templates/controller-ingress.yaml deleted file mode 100644 index a84f053e6..000000000 --- a/charts/neuvector/neuvector/1.8.0/templates/controller-ingress.yaml +++ /dev/null @@ -1,68 +0,0 @@ -{{- if and .Values.controller.enabled .Values.controller.ingress.enabled }} -{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: neuvector-restapi-ingress - namespace: {{ .Release.Namespace }} -{{- with .Values.controller.ingress.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} - labels: - chart: {{ template "neuvector.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: -{{- if .Values.controller.ingress.tls }} - tls: - - hosts: - - {{ .Values.controller.ingress.host }} -{{- if .Values.controller.ingress.secretName }} - secretName: {{ .Values.controller.ingress.secretName }} -{{- end }} -{{- end }} - rules: - - host: {{ .Values.controller.ingress.host }} - http: - paths: - - path: {{ .Values.controller.ingress.path }} - pathType: Prefix - backend: - service: - name: neuvector-svc-controller-api - port: - number: 10443 -{{- else }} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: neuvector-restapi-ingress - namespace: {{ .Release.Namespace }} -{{- with .Values.controller.ingress.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} - labels: - chart: {{ template "neuvector.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: -{{- if .Values.controller.ingress.tls }} - tls: - - hosts: - - {{ .Values.controller.ingress.host }} -{{- if .Values.controller.ingress.secretName }} - secretName: {{ .Values.controller.ingress.secretName }} -{{- end }} -{{- end }} - rules: - - host: {{ .Values.controller.ingress.host }} - http: - paths: - - path: {{ .Values.controller.ingress.path }} - backend: - serviceName: neuvector-svc-controller-api - servicePort: 10443 -{{- end }} -{{- end -}} diff --git a/charts/neuvector/neuvector/1.8.0/templates/controller-route.yaml b/charts/neuvector/neuvector/1.8.0/templates/controller-route.yaml deleted file mode 100644 index fe11694f6..000000000 --- a/charts/neuvector/neuvector/1.8.0/templates/controller-route.yaml +++ /dev/null @@ -1,73 +0,0 @@ -{{- if .Values.openshift -}} -{{- if .Values.controller.apisvc.route.enabled }} -{{- if (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} -apiVersion: route.openshift.io/v1 -{{- else }} -apiVersion: v1 -{{- end }} -kind: Route -metadata: - name: neuvector-route-api - namespace: {{ .Release.Namespace }} - labels: - chart: {{ template "neuvector.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - to: - kind: Service - name: neuvector-svc-controller-api - port: - targetPort: controller-api - tls: - termination: {{ .Values.controller.apisvc.route.termination }} ---- -{{ end -}} -{{- if .Values.controller.federation.mastersvc.route.enabled }} -{{- if (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} -apiVersion: route.openshift.io/v1 -{{- else }} -apiVersion: v1 -{{- end }} -kind: Route -metadata: - name: neuvector-route-fed-master - namespace: {{ .Release.Namespace }} - labels: - chart: {{ template "neuvector.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - to: - kind: Service - name: neuvector-svc-controller-fed-master - port: - targetPort: fed - tls: - termination: {{ .Values.controller.federation.mastersvc.route.termination }} ---- -{{ end -}} -{{- if .Values.controller.federation.managedsvc.route.enabled }} -{{- if (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} -apiVersion: route.openshift.io/v1 -{{- else }} -apiVersion: v1 -{{- end }} -kind: Route -metadata: - name: neuvector-route-fed-managed - namespace: {{ .Release.Namespace }} - labels: - chart: {{ template "neuvector.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - to: - kind: Service - name: neuvector-svc-controller-fed-managed - port: - targetPort: fed - tls: - termination: {{ .Values.controller.federation.managedsvc.route.termination }} -{{ end -}} -{{- end -}} diff --git a/charts/neuvector/neuvector/1.8.0/templates/controller-service.yaml b/charts/neuvector/neuvector/1.8.0/templates/controller-service.yaml deleted file mode 100644 index e7971b2ed..000000000 --- a/charts/neuvector/neuvector/1.8.0/templates/controller-service.yaml +++ /dev/null @@ -1,89 +0,0 @@ -{{- if .Values.controller.enabled -}} -apiVersion: v1 -kind: Service -metadata: - name: neuvector-svc-controller - namespace: {{ .Release.Namespace }} - labels: - chart: {{ template "neuvector.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - clusterIP: None - ports: - - port: 18300 - protocol: "TCP" - name: "cluster-tcp-18300" - - port: 18301 - protocol: "TCP" - name: "cluster-tcp-18301" - - port: 18301 - protocol: "UDP" - name: "cluster-udp-18301" - selector: - app: neuvector-controller-pod -{{- if .Values.controller.apisvc.type }} ---- -apiVersion: v1 -kind: Service -metadata: - name: neuvector-svc-controller-api - namespace: {{ .Release.Namespace }} -{{- with .Values.controller.apisvc.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} - labels: - chart: {{ template "neuvector.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - type: {{ .Values.controller.apisvc.type }} - ports: - - port: 10443 - protocol: "TCP" - name: "controller-api" - selector: - app: neuvector-controller-pod -{{ end -}} -{{- if .Values.controller.federation.mastersvc.type }} ---- -apiVersion: v1 -kind: Service -metadata: - name: neuvector-svc-controller-fed-master - namespace: {{ .Release.Namespace }} - labels: - chart: {{ template "neuvector.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - type: {{ .Values.controller.federation.mastersvc.type }} - ports: - - port: 11443 - name: fed - protocol: TCP - selector: - app: neuvector-controller-pod -{{ end -}} -{{- if .Values.controller.federation.managedsvc.type }} ---- -apiVersion: v1 -kind: Service -metadata: - name: neuvector-svc-controller-fed-managed - namespace: {{ .Release.Namespace }} - labels: - chart: {{ template "neuvector.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - type: {{ .Values.controller.federation.managedsvc.type }} - ports: - - port: 10443 - name: fed - protocol: TCP - selector: - app: neuvector-controller-pod -{{ end -}} -{{- end -}} diff --git a/charts/neuvector/neuvector/1.8.0/templates/crd.yaml b/charts/neuvector/neuvector/1.8.0/templates/crd.yaml deleted file mode 100644 index 71fad2f47..000000000 --- a/charts/neuvector/neuvector/1.8.0/templates/crd.yaml +++ /dev/null @@ -1,448 +0,0 @@ -{{- if .Values.crdwebhook.enabled -}} -{{- $oc4 := and .Values.openshift (semverCompare ">=1.12-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}} -{{- $oc3 := and .Values.openshift (not $oc4) (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}} -{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} -apiVersion: apiextensions.k8s.io/v1 -{{- else }} -apiVersion: apiextensions.k8s.io/v1beta1 -{{- end }} -kind: CustomResourceDefinition -metadata: - name: nvsecurityrules.neuvector.com - labels: - chart: {{ template "neuvector.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - group: neuvector.com - names: - kind: NvSecurityRule - listKind: NvSecurityRuleList - plural: nvsecurityrules - singular: nvsecurityrule - scope: Namespaced -{{- if (semverCompare "<1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} - version: v1 -{{- end }} - versions: - - name: v1 - served: true - storage: true -{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} - schema: - openAPIV3Schema: - properties: - spec: - properties: - egress: - items: - properties: - action: - type: string - applications: - items: - type: string - type: array - name: - type: string - ports: - type: string - priority: - type: integer - selector: - properties: - criteria: - items: - properties: - key: - type: string - op: - type: string - value: - type: string - type: object - type: array - name: - type: string - original_name: - type: string - type: object - type: object - type: array - file: - items: - properties: - app: - items: - type: string - type: array - behavior: - type: string - filter: - type: string - recursive: - type: boolean - type: object - type: array - ingress: - items: - properties: - action: - type: string - applications: - items: - type: string - type: array - name: - type: string - ports: - type: string - priority: - type: integer - selector: - properties: - criteria: - items: - properties: - key: - type: string - op: - type: string - value: - type: string - type: object - type: array - name: - type: string - original_name: - type: string - type: object - type: object - type: array - process: - items: - properties: - action: - type: string - name: - type: string - path: - type: string - type: object - type: array - target: - properties: - policymode: - type: string - selector: - properties: - criteria: - items: - properties: - key: - type: string - op: - type: string - value: - type: string - type: object - type: array - name: - type: string - original_name: - type: string - type: object - type: object - required: - - target - type: object - type: object -{{- end }} ---- -{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} -apiVersion: apiextensions.k8s.io/v1 -{{- else }} -apiVersion: apiextensions.k8s.io/v1beta1 -{{- end }} -kind: CustomResourceDefinition -metadata: - name: nvclustersecurityrules.neuvector.com - labels: - chart: {{ template "neuvector.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - group: neuvector.com - names: - kind: NvClusterSecurityRule - listKind: NvClusterSecurityRuleList - plural: nvclustersecurityrules - singular: nvclustersecurityrule - scope: Cluster -{{- if (semverCompare "<1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} - version: v1 -{{- end }} - versions: - - name: v1 - served: true - storage: true -{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} - schema: - openAPIV3Schema: - properties: - spec: - properties: - egress: - items: - properties: - action: - type: string - applications: - items: - type: string - type: array - name: - type: string - ports: - type: string - priority: - type: integer - selector: - properties: - criteria: - items: - properties: - key: - type: string - op: - type: string - value: - type: string - type: object - type: array - name: - type: string - original_name: - type: string - type: object - type: object - type: array - file: - items: - properties: - app: - items: - type: string - type: array - behavior: - type: string - filter: - type: string - recursive: - type: boolean - type: object - type: array - ingress: - items: - properties: - action: - type: string - applications: - items: - type: string - type: array - name: - type: string - ports: - type: string - priority: - type: integer - selector: - properties: - criteria: - items: - properties: - key: - type: string - op: - type: string - value: - type: string - type: object - type: array - name: - type: string - original_name: - type: string - type: object - type: object - type: array - process: - items: - properties: - action: - type: string - name: - type: string - path: - type: string - type: object - type: array - target: - properties: - policymode: - type: string - selector: - properties: - criteria: - items: - properties: - key: - type: string - op: - type: string - value: - type: string - type: object - type: array - name: - type: string - original_name: - type: string - type: object - type: object - required: - - target - type: object - type: object -{{- end }} ---- -apiVersion: v1 -kind: Service -metadata: - name: neuvector-svc-crd-webhook - namespace: {{ .Release.Namespace }} - labels: - chart: {{ template "neuvector.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - ports: - - port: 443 - targetPort: 30443 - protocol: TCP - name: crd-webhook - type: {{ .Values.crdwebhook.type }} - selector: - app: neuvector-controller-pod ---- -# ClusterRole for NeuVector to operate CRD -{{- if $oc3 }} -apiVersion: authorization.openshift.io/v1 -{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} -apiVersion: rbac.authorization.k8s.io/v1 -{{- else }} -apiVersion: v1 -{{- end }} -kind: ClusterRole -metadata: - name: neuvector-binding-customresourcedefinition - labels: - chart: {{ template "neuvector.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -rules: -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - watch - - create - - get ---- -# ClusterRoleBinding for NeuVector to operate CRD -{{- if $oc3 }} -apiVersion: authorization.openshift.io/v1 -{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} -apiVersion: rbac.authorization.k8s.io/v1 -{{- else }} -apiVersion: v1 -{{- end }} -kind: ClusterRoleBinding -metadata: - name: neuvector-binding-customresourcedefinition - labels: - chart: {{ template "neuvector.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -roleRef: -{{- if not $oc3 }} - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole -{{- end }} - name: neuvector-binding-customresourcedefinition -subjects: -- kind: ServiceAccount - name: {{ .Values.serviceAccount }} - namespace: {{ .Release.Namespace }} -{{- if $oc3 }} -userNames: -- system:serviceaccount:{{ .Release.Namespace }}:{{ .Values.serviceAccount }} -{{- end }} ---- -# ClusterRole for NeuVector to manager user-created CRD rules -{{- if $oc3 }} -apiVersion: authorization.openshift.io/v1 -{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} -apiVersion: rbac.authorization.k8s.io/v1 -{{- else }} -apiVersion: v1 -{{- end }} -kind: ClusterRole -metadata: - name: neuvector-binding-nvsecurityrules - labels: - chart: {{ template "neuvector.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -rules: -- apiGroups: - - neuvector.com - resources: - - nvsecurityrules - - nvclustersecurityrules - verbs: - - list - - delete ---- -# ClusterRoleBinding for NeuVector to manager user-created CRD rules -{{- if $oc3 }} -apiVersion: authorization.openshift.io/v1 -{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} -apiVersion: rbac.authorization.k8s.io/v1 -{{- else }} -apiVersion: v1 -{{- end }} -kind: ClusterRoleBinding -metadata: - name: neuvector-binding-nvsecurityrules - labels: - chart: {{ template "neuvector.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -roleRef: -{{- if not $oc3 }} - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole -{{- end }} - name: neuvector-binding-nvsecurityrules -subjects: -- kind: ServiceAccount - name: {{ .Values.serviceAccount }} - namespace: {{ .Release.Namespace }} -{{- if $oc3 }} -userNames: -- system:serviceaccount:{{ .Release.Namespace }}:{{ .Values.serviceAccount }} -{{- end }} -{{- end }} diff --git a/charts/neuvector/neuvector/1.8.0/templates/enforcer-daemonset.yaml b/charts/neuvector/neuvector/1.8.0/templates/enforcer-daemonset.yaml deleted file mode 100644 index b11829a2a..000000000 --- a/charts/neuvector/neuvector/1.8.0/templates/enforcer-daemonset.yaml +++ /dev/null @@ -1,119 +0,0 @@ -{{- if .Values.enforcer.enabled -}} -{{- if (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} -apiVersion: apps/v1 -{{- else }} -apiVersion: extensions/v1beta1 -{{- end }} -kind: DaemonSet -metadata: - name: neuvector-enforcer-pod - namespace: {{ .Release.Namespace }} - labels: - chart: {{ template "neuvector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - updateStrategy: - type: RollingUpdate - selector: - matchLabels: - app: neuvector-enforcer-pod - template: - metadata: - labels: - app: neuvector-enforcer-pod - release: {{ .Release.Name }} - spec: - {{- if .Values.imagePullSecrets }} - imagePullSecrets: - - name: {{ .Values.imagePullSecrets }} - {{- end }} - {{- if .Values.enforcer.tolerations }} - tolerations: -{{ toYaml .Values.enforcer.tolerations | indent 8 }} - {{- end }} - hostPID: true - {{- if .Values.enforcer.priorityClassName }} - priorityClassName: {{ .Values.enforcer.priorityClassName }} - {{- end }} - serviceAccountName: {{ .Values.serviceAccount }} - serviceAccount: {{ .Values.serviceAccount }} - containers: - - name: neuvector-enforcer-pod - {{ if eq .Values.registry "registry.neuvector.com" }} - {{ if .Values.oem }} - image: "{{ .Values.registry }}/{{ .Values.oem }}/enforcer:{{ .Values.tag }}" - {{- else }} - image: "{{ .Values.registry }}/enforcer:{{ .Values.tag }}" - {{- end }} - {{- else }} - image: "{{ .Values.registry }}/{{ .Values.enforcer.image.repository }}:{{ .Values.tag }}" - {{- end }} - securityContext: - privileged: true - resources: - {{- if .Values.enforcer.resources }} -{{ toYaml .Values.enforcer.resources | indent 12 }} - {{- else }} -{{ toYaml .Values.resources | indent 12 }} - {{- end }} - env: - - name: CLUSTER_JOIN_ADDR - value: neuvector-svc-controller.{{ .Release.Namespace }} - - name: CLUSTER_ADVERTISED_ADDR - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: CLUSTER_BIND_ADDR - valueFrom: - fieldRef: - fieldPath: status.podIP - volumeMounts: - {{- if .Values.containerd.enabled }} - - mountPath: /var/run/containerd/containerd.sock - {{- else if .Values.k3s.enabled }} - - mountPath: /var/run/containerd/containerd.sock - {{- else if .Values.bottlerocket.enabled }} - - mountPath: /var/run/containerd/containerd.sock - {{- else if .Values.crio.enabled }} - - mountPath: /var/run/crio/crio.sock - {{- else }} - - mountPath: /var/run/docker.sock - {{- end }} - name: runtime-sock - readOnly: true - - mountPath: /host/proc - name: proc-vol - readOnly: true - - mountPath: /host/cgroup - name: cgroup-vol - readOnly: true - - mountPath: /lib/modules - name: modules-vol - readOnly: true - terminationGracePeriodSeconds: 1200 - restartPolicy: Always - volumes: - - name: runtime-sock - hostPath: - {{- if .Values.containerd.enabled }} - path: {{ .Values.containerd.path }} - {{- else if .Values.crio.enabled }} - path: {{ .Values.crio.path }} - {{- else if .Values.k3s.enabled }} - path: {{ .Values.k3s.runtimePath }} - {{- else if .Values.bottlerocket.enabled }} - path: {{ .Values.bottlerocket.runtimePath }} - {{- else }} - path: {{ .Values.docker.path }} - {{- end }} - - name: proc-vol - hostPath: - path: /proc - - name: cgroup-vol - hostPath: - path: /sys/fs/cgroup - - name: modules-vol - hostPath: - path: /lib/modules -{{- end }} diff --git a/charts/neuvector/neuvector/1.8.0/templates/manager-deployment.yaml b/charts/neuvector/neuvector/1.8.0/templates/manager-deployment.yaml deleted file mode 100644 index 84e84575f..000000000 --- a/charts/neuvector/neuvector/1.8.0/templates/manager-deployment.yaml +++ /dev/null @@ -1,77 +0,0 @@ -{{- if .Values.manager.enabled -}} -{{- if (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} -apiVersion: apps/v1 -{{- else }} -apiVersion: extensions/v1beta1 -{{- end }} -kind: Deployment -metadata: - name: neuvector-manager-pod - namespace: {{ .Release.Namespace }} - labels: - chart: {{ template "neuvector.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - replicas: 1 - selector: - matchLabels: - app: neuvector-manager-pod - template: - metadata: - labels: - app: neuvector-manager-pod - release: {{ .Release.Name }} - spec: - {{- if .Values.imagePullSecrets }} - imagePullSecrets: - - name: {{ .Values.imagePullSecrets }} - {{- end }} - {{- if .Values.manager.priorityClassName }} - priorityClassName: {{ .Values.manager.priorityClassName }} - {{- end }} - serviceAccountName: {{ .Values.serviceAccount }} - serviceAccount: {{ .Values.serviceAccount }} - containers: - - name: neuvector-manager-pod - {{ if eq .Values.registry "registry.neuvector.com" }} - {{ if .Values.oem }} - image: "{{ .Values.registry }}/{{ .Values.oem }}/manager:{{ .Values.tag }}" - {{- else }} - image: "{{ .Values.registry }}/manager:{{ .Values.tag }}" - {{- end }} - {{- else }} - image: "{{ .Values.registry }}/{{ .Values.manager.image.repository }}:{{ .Values.tag }}" - {{- end }} - env: - - name: CTRL_SERVER_IP - value: neuvector-svc-controller.{{ .Release.Namespace }} - {{- if not .Values.manager.env.ssl }} - - name: MANAGER_SSL - value: "off" - {{- end }} - volumeMounts: - {{- if .Values.manager.certificate.secret }} - - mountPath: /etc/neuvector/certs/ssl-cert.key - subPath: {{ .Values.manager.certificate.keyFile }} - name: cert - readOnly: true - - mountPath: /etc/neuvector/certs/ssl-cert.pem - subPath: {{ .Values.manager.certificate.pemFile }} - name: cert - readOnly: true - {{- end }} - resources: - {{- if .Values.manager.resources }} -{{ toYaml .Values.manager.resources | indent 12 }} - {{- else }} -{{ toYaml .Values.resources | indent 12 }} - {{- end }} - restartPolicy: Always - volumes: - {{- if .Values.manager.certificate.secret }} - - name: cert - secret: - secretName: {{ .Values.manager.certificate.secret }} - {{- end }} -{{- end }} diff --git a/charts/neuvector/neuvector/1.8.0/templates/manager-ingress.yaml b/charts/neuvector/neuvector/1.8.0/templates/manager-ingress.yaml deleted file mode 100644 index 456090208..000000000 --- a/charts/neuvector/neuvector/1.8.0/templates/manager-ingress.yaml +++ /dev/null @@ -1,68 +0,0 @@ -{{- if and .Values.manager.enabled .Values.manager.ingress.enabled -}} -{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: neuvector-webui-ingress - namespace: {{ .Release.Namespace }} -{{- with .Values.manager.ingress.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} - labels: - chart: {{ template "neuvector.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: -{{- if .Values.manager.ingress.tls }} - tls: - - hosts: - - {{ .Values.manager.ingress.host }} -{{- if .Values.manager.ingress.secretName }} - secretName: {{ .Values.manager.ingress.secretName }} -{{- end }} -{{- end }} - rules: - - host: {{ .Values.manager.ingress.host }} - http: - paths: - - path: {{ .Values.manager.ingress.path }} - pathType: Prefix - backend: - service: - name: neuvector-service-webui - port: - number: 8443 -{{- else }} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: neuvector-webui-ingress - namespace: {{ .Release.Namespace }} -{{- with .Values.manager.ingress.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} - labels: - chart: {{ template "neuvector.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: -{{- if .Values.manager.ingress.tls }} - tls: - - hosts: - - {{ .Values.manager.ingress.host }} -{{- if .Values.manager.ingress.secretName }} - secretName: {{ .Values.manager.ingress.secretName }} -{{- end }} -{{- end }} - rules: - - host: {{ .Values.manager.ingress.host }} - http: - paths: - - path: {{ .Values.manager.ingress.path }} - backend: - serviceName: neuvector-service-webui - servicePort: 8443 -{{- end }} -{{- end -}} \ No newline at end of file diff --git a/charts/neuvector/neuvector/1.8.0/templates/manager-route.yaml b/charts/neuvector/neuvector/1.8.0/templates/manager-route.yaml deleted file mode 100644 index aec365c9e..000000000 --- a/charts/neuvector/neuvector/1.8.0/templates/manager-route.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if .Values.openshift -}} -{{- if .Values.manager.route.enabled }} -{{- if (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} -apiVersion: route.openshift.io/v1 -{{- else }} -apiVersion: v1 -{{- end }} -kind: Route -metadata: - name: neuvector-route-webui - namespace: {{ .Release.Namespace }} - labels: - chart: {{ template "neuvector.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - to: - kind: Service - name: neuvector-service-webui - port: - targetPort: manager - tls: - termination: {{ .Values.manager.route.termination }} -{{- end }} -{{- end -}} diff --git a/charts/neuvector/neuvector/1.8.0/templates/manager-service.yaml b/charts/neuvector/neuvector/1.8.0/templates/manager-service.yaml deleted file mode 100644 index e18e55c35..000000000 --- a/charts/neuvector/neuvector/1.8.0/templates/manager-service.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if .Values.manager.enabled -}} -apiVersion: v1 -kind: Service -metadata: - name: neuvector-service-webui - namespace: {{ .Release.Namespace }} -{{- with .Values.manager.svc.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} - labels: - chart: {{ template "neuvector.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - type: {{ .Values.manager.svc.type }} -{{- if and .Values.manager.svc.loadBalancerIP (eq .Values.manager.svc.type "LoadBalancer") }} - loadBalancerIP: {{ .Values.manager.svc.loadBalancerIP }} -{{- end }} - ports: - - port: 8443 - name: manager - protocol: TCP - selector: - app: neuvector-manager-pod -{{- end }} diff --git a/charts/neuvector/neuvector/1.8.0/templates/psp.yaml b/charts/neuvector/neuvector/1.8.0/templates/psp.yaml deleted file mode 100644 index c1d68857b..000000000 --- a/charts/neuvector/neuvector/1.8.0/templates/psp.yaml +++ /dev/null @@ -1,77 +0,0 @@ -{{- if .Values.psp -}} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: neuvector-binding-psp - annotations: - seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' - labels: - chart: {{ template "neuvector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - privileged: true - readOnlyRootFilesystem: false - allowPrivilegeEscalation: true - allowedCapabilities: - - SYS_ADMIN - - NET_ADMIN - - SYS_PTRACE - - IPC_LOCK - requiredDropCapabilities: - - ALL - volumes: - - '*' - hostNetwork: true - hostPorts: - - min: 0 - max: 65535 - hostIPC: true - hostPID: true - runAsUser: - rule: 'RunAsAny' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'RunAsAny' - fsGroup: - rule: 'RunAsAny' ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: neuvector-binding-psp - namespace: {{ .Release.Namespace }} - labels: - chart: {{ template "neuvector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -- apiGroups: - - policy - - extensions - resources: - - podsecuritypolicies - verbs: - - use - resourceNames: - - neuvector-binding-psp ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: neuvector-binding-psp - namespace: {{ .Release.Namespace }} - labels: - chart: {{ template "neuvector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: neuvector-binding-psp -subjects: -- kind: ServiceAccount - name: {{ .Values.serviceAccount }} - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/neuvector/neuvector/1.8.0/templates/pvc.yaml b/charts/neuvector/neuvector/1.8.0/templates/pvc.yaml deleted file mode 100644 index 1e976bbf6..000000000 --- a/charts/neuvector/neuvector/1.8.0/templates/pvc.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if and .Values.controller.enabled .Values.controller.pvc.enabled -}} -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: neuvector-data - namespace: {{ .Release.Namespace }} - labels: - chart: {{ template "neuvector.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - accessModes: -{{ toYaml .Values.controller.pvc.accessModes | indent 4 }} - volumeMode: Filesystem -{{- if .Values.controller.pvc.storageClass }} - storageClassName: {{ .Values.controller.pvc.storageClass }} -{{- end }} - resources: - requests: -{{- if .Values.controller.pvc.capacity }} - storage: {{ .Values.controller.pvc.capacity }} -{{- else }} - storage: 1Gi -{{- end }} -{{- end }} diff --git a/charts/neuvector/neuvector/1.8.0/templates/rolebinding.yaml b/charts/neuvector/neuvector/1.8.0/templates/rolebinding.yaml deleted file mode 100644 index eda38e210..000000000 --- a/charts/neuvector/neuvector/1.8.0/templates/rolebinding.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{- $oc4 := and .Values.openshift (semverCompare ">=1.12-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}} -{{- $oc3 := and .Values.openshift (not $oc4) (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}} -{{- if $oc3 }} -apiVersion: authorization.openshift.io/v1 -{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} -apiVersion: rbac.authorization.k8s.io/v1 -{{- else }} -apiVersion: v1 -{{- end }} -kind: RoleBinding -metadata: - name: neuvector-admin - namespace: {{ .Release.Namespace }} - labels: - chart: {{ template "neuvector.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -roleRef: -{{- if not $oc3 }} - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole -{{- end }} - name: admin -subjects: -- kind: ServiceAccount - name: {{ .Values.serviceAccount }} - namespace: {{ .Release.Namespace }} -{{- if $oc3 }} -userNames: -- system:serviceaccount:{{ .Release.Namespace }}:{{ .Values.serviceAccount }} -{{- end }} diff --git a/charts/neuvector/neuvector/1.8.0/templates/scanner-deployment.yaml b/charts/neuvector/neuvector/1.8.0/templates/scanner-deployment.yaml deleted file mode 100644 index 380b484c6..000000000 --- a/charts/neuvector/neuvector/1.8.0/templates/scanner-deployment.yaml +++ /dev/null @@ -1,58 +0,0 @@ -{{- if .Values.cve.scanner.enabled -}} -{{- if (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} -apiVersion: apps/v1 -{{- else }} -apiVersion: extensions/v1beta1 -{{- end }} -kind: Deployment -metadata: - name: neuvector-scanner-pod - namespace: {{ .Release.Namespace }} - labels: - chart: {{ template "neuvector.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - strategy: -{{ toYaml .Values.cve.scanner.strategy | indent 4 }} - replicas: {{ .Values.cve.scanner.replicas }} - selector: - matchLabels: - app: neuvector-scanner-pod - template: - metadata: - labels: - app: neuvector-scanner-pod - spec: - {{- if .Values.imagePullSecrets }} - imagePullSecrets: - - name: {{ .Values.imagePullSecrets }} - {{- end }} - {{- if .Values.cve.scanner.priorityClassName }} - priorityClassName: {{ .Values.cve.scanner.priorityClassName }} - {{- end }} - serviceAccountName: {{ .Values.serviceAccount }} - serviceAccount: {{ .Values.serviceAccount }} - containers: - - name: neuvector-scanner-pod - {{ if eq .Values.registry "registry.neuvector.com" }} - {{ if .Values.oem }} - image: "{{ .Values.registry }}/{{ .Values.oem }}/scanner:{{ .Values.cve.scanner.image.tag }}" - {{- else }} - image: "{{ .Values.registry }}/scanner:{{ .Values.cve.scanner.image.tag }}" - {{- end }} - {{- else }} - image: "{{ .Values.registry }}/{{ .Values.cve.scanner.image.repository }}:{{ .Values.cve.scanner.image.tag }}" - {{- end }} - imagePullPolicy: Always - env: - - name: CLUSTER_JOIN_ADDR - value: neuvector-svc-controller.{{ .Release.Namespace }} - {{- if .Values.cve.scanner.dockerPath }} - - name: SCANNER_DOCKER_URL - value: {{ .Values.cve.scanner.dockerPath }} - {{- end }} - resources: -{{ toYaml .Values.cve.scanner.resources | indent 12 }} - restartPolicy: Always -{{- end }} diff --git a/charts/neuvector/neuvector/1.8.0/templates/updater-cronjob.yaml b/charts/neuvector/neuvector/1.8.0/templates/updater-cronjob.yaml deleted file mode 100644 index 9ecc7465e..000000000 --- a/charts/neuvector/neuvector/1.8.0/templates/updater-cronjob.yaml +++ /dev/null @@ -1,63 +0,0 @@ -{{- if .Values.cve.updater.enabled -}} -{{- if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} -apiVersion: batch/v1beta1 -{{- else }} -apiVersion: batch/v2alpha1 -{{- end }} -kind: CronJob -metadata: - name: neuvector-updater-pod - namespace: {{ .Release.Namespace }} - labels: - chart: {{ template "neuvector.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - schedule: {{ .Values.cve.updater.schedule | quote }} - jobTemplate: - spec: - template: - metadata: - labels: - app: neuvector-updater-pod - release: {{ .Release.Name }} - spec: - {{- if .Values.imagePullSecrets }} - imagePullSecrets: - - name: {{ .Values.imagePullSecrets }} - {{- end }} - {{- if .Values.cve.updater.priorityClassName }} - priorityClassName: {{ .Values.cve.updater.priorityClassName }} - {{- end }} - serviceAccountName: {{ .Values.serviceAccount }} - serviceAccount: {{ .Values.serviceAccount }} - containers: - - name: neuvector-updater-pod - {{ if eq .Values.registry "registry.neuvector.com" }} - {{ if .Values.oem }} - image: "{{ .Values.registry }}/{{ .Values.oem }}/updater:{{ .Values.cve.updater.image.tag }}" - {{- else }} - image: "{{ .Values.registry }}/updater:{{ .Values.cve.updater.image.tag }}" - {{- end }} - {{- else }} - image: "{{ .Values.registry }}/{{ .Values.cve.updater.image.repository }}:{{ .Values.cve.updater.image.tag }}" - {{- end }} - imagePullPolicy: Always - {{- if .Values.cve.scanner.enabled }} - lifecycle: - postStart: - exec: - command: - - /bin/sh - - -c - {{- if (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} - - TOKEN=`cat /var/run/secrets/kubernetes.io/serviceaccount/token`; /usr/bin/curl -kv -X PATCH -H "Authorization:Bearer $TOKEN" -H "Content-Type:application/strategic-merge-patch+json" -d '{"spec":{"template":{"metadata":{"annotations":{"kubectl.kubernetes.io/restartedAt":"'`date +%Y-%m-%dT%H:%M:%S%z`'"}}}}}' 'https://kubernetes.default/apis/apps/v1/namespaces/{{ .Release.Namespace }}/deployments/neuvector-scanner-pod' - {{- else }} - - TOKEN=`cat /var/run/secrets/kubernetes.io/serviceaccount/token`; /usr/bin/curl -kv -X PATCH -H "Authorization:Bearer $TOKEN" -H "Content-Type:application/strategic-merge-patch+json" -d '{"spec":{"template":{"metadata":{"annotations":{"kubectl.kubernetes.io/restartedAt":"'`date +%Y-%m-%dT%H:%M:%S%z`'"}}}}}' 'https://kubernetes.default/apis/extensions/v1beta1/namespaces/{{ .Release.Namespace }}/deployments/neuvector-scanner-pod' - {{- end }} - {{- end }} - env: - - name: CLUSTER_JOIN_ADDR - value: neuvector-svc-controller.{{ .Release.Namespace }} - restartPolicy: Never -{{- end }} diff --git a/charts/neuvector/neuvector/1.8.0/values.yaml b/charts/neuvector/neuvector/1.8.0/values.yaml deleted file mode 100644 index 1fc5d7e4a..000000000 --- a/charts/neuvector/neuvector/1.8.0/values.yaml +++ /dev/null @@ -1,216 +0,0 @@ -# Default values for neuvector. -# This is a YAML-formatted file. -# Declare variables to be passed into the templates. - -openshift: false - -registry: registry.neuvector.com -tag: latest -oem: -imagePullSecrets: -psp: false -serviceAccount: default - -controller: - # If false, controller will not be installed - enabled: true - strategy: - type: RollingUpdate - rollingUpdate: - maxSurge: 1 - maxUnavailable: 0 - image: - repository: neuvector/controller - replicas: 3 - disruptionbudget: 0 - priorityClassName: - apisvc: - type: - annotations: {} - # OpenShift Route configuration - route: - enabled: false - termination: passthrough - pvc: - enabled: false - accessModes: - - ReadWriteMany - storageClass: - capacity: - azureFileShare: - enabled: false - secretName: - shareName: - certificate: - secret: - keyFile: tls.key - pemFile: tls.pem - federation: - mastersvc: - type: - # OpenShift Route configuration - route: - enabled: false - termination: passthrough - managedsvc: - type: - # OpenShift Route configuration - route: - enabled: false - termination: passthrough - ingress: - enabled: false - host: # MUST be set, if ingress is enabled - path: "/" # or this could be "/api", but might need "rewrite-target" annotation - annotations: - ingress.kubernetes.io/protocol: https - # ingress.kubernetes.io/rewrite-target: / - tls: false - secretName: - resources: {} - # limits: - # cpu: 400m - # memory: 2792Mi - # requests: - # cpu: 100m - # memory: 2280Mi - configmap: - enabled: false - data: - # eulainitcfg.yaml: | - # ... - # ldapinitcfg.yaml: | - # ... - # oidcinitcfg.yaml: | - # ... - # samlinitcfg.yaml: | - # ... - # sysinitcfg.yaml: | - # ... - # userinitcfg.yaml: | - # ... - -enforcer: - # If false, enforcer will not be installed - enabled: true - image: - repository: neuvector/enforcer - priorityClassName: - tolerations: - - effect: NoSchedule - key: node-role.kubernetes.io/master - resources: {} - # limits: - # cpu: 400m - # memory: 2792Mi - # requests: - # cpu: 100m - # memory: 2280Mi - -manager: - # If false, manager will not be installed - enabled: true - image: - repository: neuvector/manager - priorityClassName: - env: - ssl: true - svc: - type: NodePort - loadBalancerIP: - annotations: {} - # azure - # service.beta.kubernetes.io/azure-load-balancer-internal: "true" - # service.beta.kubernetes.io/azure-load-balancer-internal-subnet: "apps-subnet" - # OpenShift Route configuration - route: - enabled: true - termination: passthrough - certificate: - secret: - keyFile: tls.key - pemFile: tls.pem - ingress: - enabled: false - host: # MUST be set, if ingress is enabled - path: "/" - annotations: {} - # kubernetes.io/ingress.class: my-nginx - # nginx.ingress.kubernetes.io/whitelist-source-range: "1.1.1.1" - # nginx.ingress.kubernetes.io/rewrite-target: / - # nginx.ingress.kubernetes.io/enable-rewrite-log: "true" - # only for end-to-end tls conf - ingress-nginx accepts backend self-signed cert - # nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" - tls: false - secretName: # my-tls-secret - resources: {} - # limits: - # cpu: 400m - # memory: 2792Mi - # requests: - # cpu: 100m - # memory: 2280Mi - -cve: - updater: - # If false, cve updater will not be installed - enabled: true - image: - repository: neuvector/updater - tag: latest - schedule: "0 0 * * *" - priorityClassName: - scanner: - enabled: true - replicas: 3 - dockerPath: "" - strategy: - type: RollingUpdate - rollingUpdate: - maxSurge: 1 - maxUnavailable: 0 - image: - repository: neuvector/scanner - tag: latest - priorityClassName: - resources: {} - # limits: - # cpu: 400m - # memory: 2792Mi - # requests: - # cpu: 100m - # memory: 2280Mi - -docker: - path: /var/run/docker.sock - -resources: {} - # limits: - # cpu: 400m - # memory: 2792Mi - # requests: - # cpu: 100m - # memory: 2280Mi - -k3s: - enabled: false - runtimePath: /run/k3s/containerd/containerd.sock - -bottlerocket: - enabled: false - runtimePath: /run/dockershim.sock - -containerd: - enabled: false - path: /var/run/containerd/containerd.sock - -crio: - enabled: false - path: /var/run/crio/crio.sock - -admissionwebhook: - type: ClusterIP - -crdwebhook: - enabled: true - type: ClusterIP diff --git a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/.helmignore b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/.helmignore deleted file mode 100644 index f0c131944..000000000 --- a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/Chart.yaml b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/Chart.yaml deleted file mode 100644 index 95d837778..000000000 --- a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/Chart.yaml +++ /dev/null @@ -1,21 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: nutanix-csi-storage -apiVersion: v1 -appVersion: 2.3.1 -description: A Helm chart for installing Nutanix CSI Volume Driver -home: https://github.com/nutanix/helm -icon: https://avatars2.githubusercontent.com/u/6165865?s=200&v=4 -keywords: -- Nutanix -- Storage -- Volumes -- Files -- StorageClass -- CentOS -- Ubuntu -kubeVersion: '>= 1.13.0' -maintainers: -- name: tuxtof -name: nutanix-csi-storage -version: 2.3.100+up2.3.1 diff --git a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/README.md b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/README.md deleted file mode 100644 index 97f4c99fc..000000000 --- a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/README.md +++ /dev/null @@ -1,93 +0,0 @@ -# Nutanix CSI Volume Driver Helm chart - -## Introduction - -The Container Storage Interface (CSI) Volume Driver for Kubernetes leverages Nutanix Volumes and Nutanix Files to provide scalable and persistent storage for stateful applications. - -When Files is used for persistent storage, applications on multiple pods can access the same storage, and also have the benefit of multi-pod read and write access. - -## Important notice - -If you plan to update an existing Nutanix CSI deployement from 1.x to 2.x with this Chart, you need first deploy manually the CRD present here https://github.com/nutanix/csi-plugin/tree/master/deploy/Centos/crd. - -Please note that starting with v2.2.0, Nutanix CSI driver has changed format of driver name from com.nutanix.csi to csi.nutanix.com. All deployment yamls uses this new driver name format. However, if you are upgrading the CSI driver then you should continue to use old driver name com.nutanix.csi by setting `legacy` parameter to `true`. If not existing PVC/PV will not work with the new driver name. - -## Nutanix CSI driver documentation -https://portal.nutanix.com/page/documents/details?targetId=CSI-Volume-Driver-v2_3:CSI-Volume-Driver-v2_3 - -## Features list - -- Nutanix CSI Driver v2.3.1 -- Nutanix Volumes support -- Nutanix Files support -- Volume resize support ( beta in Kubernetes >= 1.16.0 ) -- Volume clone ( beta Kubernetes >= 1.16.0 ) -- Volume snapshot and Restore ( beta Kubernetes >= 1.17.0 ) -- IP Address Whitelisting -- LVM Volume supporting multi vdisks volume group -- NFS dynamic share provisioning -- iSCSI Auto CHAP Authentication -- OS independence - -## Prerequisites - -- Kubernetes 1.13 or later -- Kubernetes worker nodes must have the iSCSI package installed (Nutanix Volumes only) -- This chart have been validated on CentOS 7 and Ubuntu 18.04/20.04, but the new architecture enables easy portability to other distributions. - -## Installing the Chart - -To install the chart with the name `nutanix-csi`: - -```console -helm repo add nutanix https://nutanix.github.io/helm/ - -helm install nutanix-csi nutanix/nutanix-csi-storage -n -``` - -## Uninstalling the Chart - -To uninstall/delete the `nutanix-csi` deployment: - -```console -helm delete nutanix-csi -n -``` - -## Configuration - -The following table lists the configurable parameters of the Nutanix-CSI chart and their default values. - -| Parameter | Description | Default | -|------------------------------|----------------------------------------|--------------------------------| -| `legacy` | use old reverse notation for CSI driver name | `false` | -| `volumeClass` | Activate Nutanix Volumes Storage Class | `true` | -| `fileClass` | Activate Nutanix Files Storage Class | `false` | -| `dynamicFileClass` | Activate Nutanix Dynamic Files Storage Class | `false` | -| `defaultStorageClass` | Choose your default Storage Class (none, volume, file, dynfile) | `none`| -| `prismEndPoint` | Cluster Virtual IP Address |`10.0.0.1`| -| `dataServiceEndPoint` | Prism data service IP |`10.0.0.2`| -| `username` | name used for the admin role (if created) |`admin`| -| `password` | password for the admin role (if created) |`nutanix/4u`| -| `secretName` | name of the secret to use for admin role| `ntnx-secret`| -| `createSecret` | create secret for admin role (if false use existing)| `true`| -| `storageContainer` | Nutanix storage container name | `default`| -| `fsType` | type of file system you are using (ext4, xfs) |`xfs`| -| `fileHost` | NFS server IP address | `10.0.0.3`| -| `filePath` | path of the NFS share |`share`| -| `fileServerName` | name of the Nutanix FIle Server | `file`| -| `nodeSelector` | add nodeSelector to pods spec | | -| `tolerations` | add tolerations to pods spec | | - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install` or provide a a file whit `-f value.yaml`. - -Example: - -```console -helm install nutanix-csi nutanix/nutanix-csi-storage --set prismEndPoint=X.X.X.X --set dataServiceEndPoint=Y.Y.Y.Y --set username=admin --set password=xxxxxxxxx --set storageContainer=container_name --set fsType=xfs --set defaultStorageClass=volume --set os=centos -``` - -or - -```console -helm install nutanix-csi nutanix/nutanix-csi-storage -f value.yaml -``` diff --git a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/app-readme.md b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/app-readme.md deleted file mode 100644 index bffca7493..000000000 --- a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/app-readme.md +++ /dev/null @@ -1 +0,0 @@ -A Helm chart for installing Nutanix CSI Volume/File Storage Driver diff --git a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/crds/snapshot.storage.k8s.io_volumesnapshotclasses.yaml b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/crds/snapshot.storage.k8s.io_volumesnapshotclasses.yaml deleted file mode 100644 index 4aa980cc7..000000000 --- a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/crds/snapshot.storage.k8s.io_volumesnapshotclasses.yaml +++ /dev/null @@ -1,85 +0,0 @@ - ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.2.5 - api-approved.kubernetes.io: "https://github.com/kubernetes-csi/external-snapshotter/pull/260" - creationTimestamp: null - name: volumesnapshotclasses.snapshot.storage.k8s.io -spec: - additionalPrinterColumns: - - JSONPath: .driver - name: Driver - type: string - - JSONPath: .deletionPolicy - description: Determines whether a VolumeSnapshotContent created through the VolumeSnapshotClass - should be deleted when its bound VolumeSnapshot is deleted. - name: DeletionPolicy - type: string - - JSONPath: .metadata.creationTimestamp - name: Age - type: date - group: snapshot.storage.k8s.io - names: - kind: VolumeSnapshotClass - listKind: VolumeSnapshotClassList - plural: volumesnapshotclasses - singular: volumesnapshotclass - preserveUnknownFields: false - scope: Cluster - subresources: {} - validation: - openAPIV3Schema: - description: VolumeSnapshotClass specifies parameters that a underlying storage - system uses when creating a volume snapshot. A specific VolumeSnapshotClass - is used by specifying its name in a VolumeSnapshot object. VolumeSnapshotClasses - are non-namespaced - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - deletionPolicy: - description: deletionPolicy determines whether a VolumeSnapshotContent created - through the VolumeSnapshotClass should be deleted when its bound VolumeSnapshot - is deleted. Supported values are "Retain" and "Delete". "Retain" means - that the VolumeSnapshotContent and its physical snapshot on underlying - storage system are kept. "Delete" means that the VolumeSnapshotContent - and its physical snapshot on underlying storage system are deleted. Required. - enum: - - Delete - - Retain - type: string - driver: - description: driver is the name of the storage driver that handles this - VolumeSnapshotClass. Required. - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - parameters: - additionalProperties: - type: string - description: parameters is a key-value map with storage driver specific - parameters for creating snapshots. These values are opaque to Kubernetes. - type: object - required: - - deletionPolicy - - driver - type: object - version: v1beta1 - versions: - - name: v1beta1 - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/crds/snapshot.storage.k8s.io_volumesnapshotcontents.yaml b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/crds/snapshot.storage.k8s.io_volumesnapshotcontents.yaml deleted file mode 100644 index 34c51ad62..000000000 --- a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/crds/snapshot.storage.k8s.io_volumesnapshotcontents.yaml +++ /dev/null @@ -1,233 +0,0 @@ - ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.2.5 - api-approved.kubernetes.io: "https://github.com/kubernetes-csi/external-snapshotter/pull/260" - creationTimestamp: null - name: volumesnapshotcontents.snapshot.storage.k8s.io -spec: - additionalPrinterColumns: - - JSONPath: .status.readyToUse - description: Indicates if a snapshot is ready to be used to restore a volume. - name: ReadyToUse - type: boolean - - JSONPath: .status.restoreSize - description: Represents the complete size of the snapshot in bytes - name: RestoreSize - type: integer - - JSONPath: .spec.deletionPolicy - description: Determines whether this VolumeSnapshotContent and its physical snapshot - on the underlying storage system should be deleted when its bound VolumeSnapshot - is deleted. - name: DeletionPolicy - type: string - - JSONPath: .spec.driver - description: Name of the CSI driver used to create the physical snapshot on the - underlying storage system. - name: Driver - type: string - - JSONPath: .spec.volumeSnapshotClassName - description: Name of the VolumeSnapshotClass to which this snapshot belongs. - name: VolumeSnapshotClass - type: string - - JSONPath: .spec.volumeSnapshotRef.name - description: Name of the VolumeSnapshot object to which this VolumeSnapshotContent - object is bound. - name: VolumeSnapshot - type: string - - JSONPath: .metadata.creationTimestamp - name: Age - type: date - group: snapshot.storage.k8s.io - names: - kind: VolumeSnapshotContent - listKind: VolumeSnapshotContentList - plural: volumesnapshotcontents - singular: volumesnapshotcontent - preserveUnknownFields: false - scope: Cluster - subresources: - status: {} - validation: - openAPIV3Schema: - description: VolumeSnapshotContent represents the actual "on-disk" snapshot - object in the underlying storage system - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: spec defines properties of a VolumeSnapshotContent created - by the underlying storage system. Required. - properties: - deletionPolicy: - description: deletionPolicy determines whether this VolumeSnapshotContent - and its physical snapshot on the underlying storage system should - be deleted when its bound VolumeSnapshot is deleted. Supported values - are "Retain" and "Delete". "Retain" means that the VolumeSnapshotContent - and its physical snapshot on underlying storage system are kept. "Delete" - means that the VolumeSnapshotContent and its physical snapshot on - underlying storage system are deleted. In dynamic snapshot creation - case, this field will be filled in with the "DeletionPolicy" field - defined in the VolumeSnapshotClass the VolumeSnapshot refers to. For - pre-existing snapshots, users MUST specify this field when creating - the VolumeSnapshotContent object. Required. - enum: - - Delete - - Retain - type: string - driver: - description: driver is the name of the CSI driver used to create the - physical snapshot on the underlying storage system. This MUST be the - same as the name returned by the CSI GetPluginName() call for that - driver. Required. - type: string - source: - description: source specifies from where a snapshot will be created. - This field is immutable after creation. Required. - properties: - snapshotHandle: - description: snapshotHandle specifies the CSI "snapshot_id" of a - pre-existing snapshot on the underlying storage system. This field - is immutable. - type: string - volumeHandle: - description: volumeHandle specifies the CSI "volume_id" of the volume - from which a snapshot should be dynamically taken from. This field - is immutable. - type: string - type: object - volumeSnapshotClassName: - description: name of the VolumeSnapshotClass to which this snapshot - belongs. - type: string - volumeSnapshotRef: - description: volumeSnapshotRef specifies the VolumeSnapshot object to - which this VolumeSnapshotContent object is bound. VolumeSnapshot.Spec.VolumeSnapshotContentName - field must reference to this VolumeSnapshotContent's name for the - bidirectional binding to be valid. For a pre-existing VolumeSnapshotContent - object, name and namespace of the VolumeSnapshot object MUST be provided - for binding to happen. This field is immutable after creation. Required. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an - entire object, this string should contain a valid JSON/Go field - access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen only - to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change - in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is - made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - type: object - required: - - deletionPolicy - - driver - - source - - volumeSnapshotRef - type: object - status: - description: status represents the current information of a snapshot. - properties: - creationTime: - description: creationTime is the timestamp when the point-in-time snapshot - is taken by the underlying storage system. In dynamic snapshot creation - case, this field will be filled in with the "creation_time" value - returned from CSI "CreateSnapshotRequest" gRPC call. For a pre-existing - snapshot, this field will be filled with the "creation_time" value - returned from the CSI "ListSnapshots" gRPC call if the driver supports - it. If not specified, it indicates the creation time is unknown. The - format of this field is a Unix nanoseconds time encoded as an int64. - On Unix, the command `date +%s%N` returns the current time in nanoseconds - since 1970-01-01 00:00:00 UTC. - format: int64 - type: integer - error: - description: error is the latest observed error during snapshot creation, - if any. - properties: - message: - description: 'message is a string detailing the encountered error - during snapshot creation if specified. NOTE: message may be logged, - and it should not contain sensitive information.' - type: string - time: - description: time is the timestamp when the error was encountered. - format: date-time - type: string - type: object - readyToUse: - description: readyToUse indicates if a snapshot is ready to be used - to restore a volume. In dynamic snapshot creation case, this field - will be filled in with the "ready_to_use" value returned from CSI - "CreateSnapshotRequest" gRPC call. For a pre-existing snapshot, this - field will be filled with the "ready_to_use" value returned from the - CSI "ListSnapshots" gRPC call if the driver supports it, otherwise, - this field will be set to "True". If not specified, it means the readiness - of a snapshot is unknown. - type: boolean - restoreSize: - description: restoreSize represents the complete size of the snapshot - in bytes. In dynamic snapshot creation case, this field will be filled - in with the "size_bytes" value returned from CSI "CreateSnapshotRequest" - gRPC call. For a pre-existing snapshot, this field will be filled - with the "size_bytes" value returned from the CSI "ListSnapshots" - gRPC call if the driver supports it. When restoring a volume from - this snapshot, the size of the volume MUST NOT be smaller than the - restoreSize if it is specified, otherwise the restoration will fail. - If not specified, it indicates that the size is unknown. - format: int64 - minimum: 0 - type: integer - snapshotHandle: - description: snapshotHandle is the CSI "snapshot_id" of a snapshot on - the underlying storage system. If not specified, it indicates that - dynamic snapshot creation has either failed or it is still in progress. - type: string - type: object - required: - - spec - type: object - version: v1beta1 - versions: - - name: v1beta1 - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/crds/snapshot.storage.k8s.io_volumesnapshots.yaml b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/crds/snapshot.storage.k8s.io_volumesnapshots.yaml deleted file mode 100644 index 483706f16..000000000 --- a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/crds/snapshot.storage.k8s.io_volumesnapshots.yaml +++ /dev/null @@ -1,188 +0,0 @@ - ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.2.5 - api-approved.kubernetes.io: "https://github.com/kubernetes-csi/external-snapshotter/pull/260" - creationTimestamp: null - name: volumesnapshots.snapshot.storage.k8s.io -spec: - additionalPrinterColumns: - - JSONPath: .status.readyToUse - description: Indicates if a snapshot is ready to be used to restore a volume. - name: ReadyToUse - type: boolean - - JSONPath: .spec.source.persistentVolumeClaimName - description: Name of the source PVC from where a dynamically taken snapshot will - be created. - name: SourcePVC - type: string - - JSONPath: .spec.source.volumeSnapshotContentName - description: Name of the VolumeSnapshotContent which represents a pre-provisioned - snapshot. - name: SourceSnapshotContent - type: string - - JSONPath: .status.restoreSize - description: Represents the complete size of the snapshot. - name: RestoreSize - type: string - - JSONPath: .spec.volumeSnapshotClassName - description: The name of the VolumeSnapshotClass requested by the VolumeSnapshot. - name: SnapshotClass - type: string - - JSONPath: .status.boundVolumeSnapshotContentName - description: The name of the VolumeSnapshotContent to which this VolumeSnapshot - is bound. - name: SnapshotContent - type: string - - JSONPath: .status.creationTime - description: Timestamp when the point-in-time snapshot is taken by the underlying - storage system. - name: CreationTime - type: date - - JSONPath: .metadata.creationTimestamp - name: Age - type: date - group: snapshot.storage.k8s.io - names: - kind: VolumeSnapshot - listKind: VolumeSnapshotList - plural: volumesnapshots - singular: volumesnapshot - preserveUnknownFields: false - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: VolumeSnapshot is a user's request for either creating a point-in-time - snapshot of a persistent volume, or binding to a pre-existing snapshot. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: 'spec defines the desired characteristics of a snapshot requested - by a user. More info: https://kubernetes.io/docs/concepts/storage/volume-snapshots#volumesnapshots - Required.' - properties: - source: - description: source specifies where a snapshot will be created from. - This field is immutable after creation. Required. - properties: - persistentVolumeClaimName: - description: persistentVolumeClaimName specifies the name of the - PersistentVolumeClaim object in the same namespace as the VolumeSnapshot - object where the snapshot should be dynamically taken from. This - field is immutable. - type: string - volumeSnapshotContentName: - description: volumeSnapshotContentName specifies the name of a pre-existing - VolumeSnapshotContent object. This field is immutable. - type: string - type: object - volumeSnapshotClassName: - description: 'volumeSnapshotClassName is the name of the VolumeSnapshotClass - requested by the VolumeSnapshot. If not specified, the default snapshot - class will be used if one exists. If not specified, and there is no - default snapshot class, dynamic snapshot creation will fail. Empty - string is not allowed for this field. TODO(xiangqian): a webhook validation - on empty string. More info: https://kubernetes.io/docs/concepts/storage/volume-snapshot-classes' - type: string - required: - - source - type: object - status: - description: 'status represents the current information of a snapshot. NOTE: - status can be modified by sources other than system controllers, and must - not be depended upon for accuracy. Controllers should only use information - from the VolumeSnapshotContent object after verifying that the binding - is accurate and complete.' - properties: - boundVolumeSnapshotContentName: - description: 'boundVolumeSnapshotContentName represents the name of - the VolumeSnapshotContent object to which the VolumeSnapshot object - is bound. If not specified, it indicates that the VolumeSnapshot object - has not been successfully bound to a VolumeSnapshotContent object - yet. NOTE: Specified boundVolumeSnapshotContentName alone does not - mean binding is valid. Controllers MUST always verify bidirectional - binding between VolumeSnapshot and VolumeSnapshotContent to - avoid possible security issues.' - type: string - creationTime: - description: creationTime is the timestamp when the point-in-time snapshot - is taken by the underlying storage system. In dynamic snapshot creation - case, this field will be filled in with the "creation_time" value - returned from CSI "CreateSnapshotRequest" gRPC call. For a pre-existing - snapshot, this field will be filled with the "creation_time" value - returned from the CSI "ListSnapshots" gRPC call if the driver supports - it. If not specified, it indicates that the creation time of the snapshot - is unknown. - format: date-time - type: string - error: - description: error is the last observed error during snapshot creation, - if any. This field could be helpful to upper level controllers(i.e., - application controller) to decide whether they should continue on - waiting for the snapshot to be created based on the type of error - reported. - properties: - message: - description: 'message is a string detailing the encountered error - during snapshot creation if specified. NOTE: message may be logged, - and it should not contain sensitive information.' - type: string - time: - description: time is the timestamp when the error was encountered. - format: date-time - type: string - type: object - readyToUse: - description: readyToUse indicates if a snapshot is ready to be used - to restore a volume. In dynamic snapshot creation case, this field - will be filled in with the "ready_to_use" value returned from CSI - "CreateSnapshotRequest" gRPC call. For a pre-existing snapshot, this - field will be filled with the "ready_to_use" value returned from the - CSI "ListSnapshots" gRPC call if the driver supports it, otherwise, - this field will be set to "True". If not specified, it means the readiness - of a snapshot is unknown. - type: boolean - restoreSize: - anyOf: - - type: integer - - type: string - description: restoreSize represents the complete size of the snapshot - in bytes. In dynamic snapshot creation case, this field will be filled - in with the "size_bytes" value returned from CSI "CreateSnapshotRequest" - gRPC call. For a pre-existing snapshot, this field will be filled - with the "size_bytes" value returned from the CSI "ListSnapshots" - gRPC call if the driver supports it. When restoring a volume from - this snapshot, the size of the volume MUST NOT be smaller than the - restoreSize if it is specified, otherwise the restoration will fail. - If not specified, it indicates that the size is unknown. - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - required: - - spec - type: object - version: v1beta1 - versions: - - name: v1beta1 - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/questions.yml b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/questions.yml deleted file mode 100644 index a8f3d2b16..000000000 --- a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/questions.yml +++ /dev/null @@ -1,116 +0,0 @@ -questions: - - variable: volumeClass - label: "Volumes Storage Class" - type: boolean - default: true - description: "Activate Nutanix Volumes Storage Class" - group: "global Settings" - - variable: fileClass - label: "Files Storage Class" - type: boolean - default: false - description: "Activate Nutanix Files Storage Class" - group: "global Settings" - - variable: dynamicFileClass - label: "Dynamic Files Storage Class" - type: boolean - default: false - description: "Activate Nutanix Files Storage Class with dynamic share provisioning" - group: "global Settings" - - variable: legacy - label: "Driver Name Legacy mode" - type: boolean - default: false - description: "Set to True to continue to use old driver name in case of initial install with chart < 2.2.0" - group: "global Settings" - - variable: defaultStorageClass - label: "Default Storage Class" - type: enum - default: "none" - options: ["none", "volume", "file", "dynfile"] - description: "Select the default Storage Class you want" - group: "global Settings" - show_if: "volumeClass=true||dynamicFileClass=true||fileClass=true" - - - variable: prismEndPoint - label: "Prism Endpoint" - type: string - required: true - description: "Please specify the cluster virtual address" - group: "global Settings" - show_if: "volumeClass=true||dynamicFileClass=true" - - variable: username - label: "Username" - type: string - required: true - description: "Specify username with cluster admin permission" - group: "global Settings" - show_if: "volumeClass=true||dynamicFileClass=true" - - variable: password - label: "Password" - type: password - required: true - description: "Specify password of the user" - group: "global Settings" - show_if: "volumeClass=true||dynamicFileClass=true" - - - variable: lvmVolume - label: "LVM Volume" - type: boolean - default: false - description: "Activate LVM to support multi vdisks volume group for PV" - group: "Nutanix Volumes Settings" - show_if: "volumeClass=true" - - variable: dataServiceEndPoint - label: "Data Service Endpoint" - type: string - required: true - description: "Please specify the ISCSI data services address" - group: "Nutanix Volumes Settings" - show_if: "volumeClass=true" - - variable: storageContainer - label: "Storage Container" - type: string - required: true - description: "Specify Nutanix container name where the Persistent Volume will be stored" - group: "Nutanix Volumes Settings" - show_if: "volumeClass=true" - - variable: fsType - label: "Filesystem" - type: enum - options: ["xfs", "ext4"] - description: "Select the filesystem for the Persistent Volume" - group: "Nutanix Volumes Settings" - show_if: "volumeClass=true" - - variable: lvmDisks - label: "LVM Disks" - type: int - required: true - default: "4" - min: 1 - max: 8 - description: "Number of vdisk for each PV" - group: "Nutanix Volumes Settings" - show_if: "lvmVolume=true&&volumeClass=true" - - - variable: fileHost - label: "File Server Address" - type: string - required: true - description: "Specify Nutanix Files address" - group: "Nutanix Files Settings" - show_if: "fileClass=true" - - variable: filePath - label: "Export share" - type: string - required: true - description: "Specify Nutanix Files share path" - group: "Nutanix Files Settings" - show_if: "fileClass=true" - - variable: fileServerName - label: "NFS File Server Name" - type: string - required: true - description: "Specify Nutanix Files server name" - group: "Nutanix Files Settings" - show_if: "dynamicFileClass=true" diff --git a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/templates/NOTES.txt b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/templates/NOTES.txt deleted file mode 100644 index 3921d167a..000000000 --- a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/templates/NOTES.txt +++ /dev/null @@ -1,3 +0,0 @@ -Driver name: {{ include "nutanix-csi-storage.drivername" . }} - -Nutanix CSI provider was deployed in namespace {{ .Release.Namespace }} diff --git a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/templates/_helpers.tpl b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/templates/_helpers.tpl deleted file mode 100644 index 5fe53b26a..000000000 --- a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/templates/_helpers.tpl +++ /dev/null @@ -1,43 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "nutanix-csi-storage.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "nutanix-csi-storage.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "nutanix-csi-storage.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create CSI driver name. -*/}} -{{- define "nutanix-csi-storage.drivername" -}} -{{- if .Values.legacy -}} -com.nutanix.csi -{{- else -}} -csi.nutanix.com -{{- end -}} -{{- end -}} \ No newline at end of file diff --git a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/templates/csi-driver.yaml b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/templates/csi-driver.yaml deleted file mode 100644 index fa56a6a1c..000000000 --- a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/templates/csi-driver.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: storage.k8s.io/v1beta1 -kind: CSIDriver -metadata: - name: {{ include "nutanix-csi-storage.drivername" . }} -spec: - attachRequired: false - podInfoOnMount: true \ No newline at end of file diff --git a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/templates/ntnx-cs-scc.yaml b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/templates/ntnx-cs-scc.yaml deleted file mode 100644 index 89a543a54..000000000 --- a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/templates/ntnx-cs-scc.yaml +++ /dev/null @@ -1,30 +0,0 @@ -{{- if eq .Values.os "openshift4"}} -kind: SecurityContextConstraints -apiVersion: security.openshift.io/v1 -metadata: - name: ntnx-csi-scc -allowHostDirVolumePlugin: true -allowHostIPC: false -allowHostNetwork: true -allowHostPID: false -allowHostPorts: true -allowPrivilegeEscalation: true -allowPrivilegedContainer: true -allowedCapabilities: [] -defaultAddCapabilities: [] -fsGroup: - type: RunAsAny -groups: [] -priority: -readOnlyRootFilesystem: false -requiredDropCapabilities: [] -runAsUser: - type: RunAsAny -seLinuxContext: - type: RunAsAny -supplementalGroups: - type: RunAsAny -users: - - system:serviceaccount:{{ .Release.Namespace }}:csi-provisioner - - system:serviceaccount:{{ .Release.Namespace }}:csi-node-ntnx-plugin -{{- end}} \ No newline at end of file diff --git a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/templates/ntnx-csi-node.yaml b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/templates/ntnx-csi-node.yaml deleted file mode 100644 index 59519e9f0..000000000 --- a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/templates/ntnx-csi-node.yaml +++ /dev/null @@ -1,128 +0,0 @@ -# Copyright 2019 Nutanix Inc -# -# example usage: kubectl create -f - ---- -kind: DaemonSet -apiVersion: apps/v1 -metadata: - name: csi-node-ntnx-plugin - namespace: {{ .Release.Namespace }} -spec: - selector: - matchLabels: - app: csi-node-ntnx-plugin - template: - metadata: - labels: - app: csi-node-ntnx-plugin - spec: - serviceAccount: csi-node-ntnx-plugin - hostNetwork: true - containers: - - name: driver-registrar - image: quay.io/k8scsi/csi-node-driver-registrar:v1.2.0 - args: - - "--v=5" - - "--csi-address=$(ADDRESS)" - - "--kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)" - env: - - name: ADDRESS - value: /csi/csi.sock - - name: DRIVER_REG_SOCK_PATH - value: /var/lib/kubelet/plugins/{{ include "nutanix-csi-storage.drivername" . }}/csi.sock - - name: KUBE_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - volumeMounts: - - name: plugin-dir - mountPath: /csi/ - - name: registration-dir - mountPath: /registration - - name: csi-node-ntnx-plugin - securityContext: - privileged: true - allowPrivilegeEscalation: true - image: quay.io/karbon/ntnx-csi:v2.3.1 - args : - - "--endpoint=$(CSI_ENDPOINT)" - - "--nodeid=$(NODE_ID)" - - "--drivername={{ include "nutanix-csi-storage.drivername" . }}" - env: - - name: CSI_ENDPOINT - value: unix:///csi/csi.sock - - name: NODE_ID - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: NODE_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - volumeMounts: - - name: plugin-dir - mountPath: /csi - - name: pods-mount-dir - mountPath: /var/lib/kubelet - # needed so that any mounts setup inside this container are - # propagated back to the host machine. - mountPropagation: "Bidirectional" - - mountPath: /dev - name: device-dir - - mountPath: /etc/iscsi - name: iscsi-dir - - mountPath: /host - name: root-dir - ports: - - containerPort: 9808 - name: healthz - protocol: TCP - livenessProbe: - httpGet: - path: /healthz - port: healthz - initialDelaySeconds: 10 - timeoutSeconds: 3 - periodSeconds: 2 - failureThreshold: 3 - - name: liveness-probe - imagePullPolicy: Always - volumeMounts: - - mountPath: /csi - name: plugin-dir - image: quay.io/k8scsi/livenessprobe:v1.1.0 - args: - - --csi-address=/csi/csi.sock - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: registration-dir - hostPath: - path: /var/lib/kubelet/plugins_registry/ - type: Directory - - name: plugin-dir - hostPath: - path: /var/lib/kubelet/plugins/{{ include "nutanix-csi-storage.drivername" . }}/ - type: DirectoryOrCreate - - name: pods-mount-dir - hostPath: - path: /var/lib/kubelet - type: Directory - - name: device-dir - hostPath: - path: /dev - - name: iscsi-dir - hostPath: - path: /etc/iscsi - type: Directory - - name: root-dir - hostPath: - path: / - type: Directory diff --git a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/templates/ntnx-csi-provisioner.yaml b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/templates/ntnx-csi-provisioner.yaml deleted file mode 100644 index 5de6f7a29..000000000 --- a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/templates/ntnx-csi-provisioner.yaml +++ /dev/null @@ -1,111 +0,0 @@ -# Copyright 2019 Nutanix Inc -# -# example usage: kubectl create -f - ---- -kind: StatefulSet -apiVersion: apps/v1 -metadata: - name: csi-provisioner-ntnx-plugin - namespace: {{ .Release.Namespace }} -spec: - serviceName: csi-provisioner-ntnx-plugin - replicas: 1 - selector: - matchLabels: - app: csi-provisioner-ntnx-plugin - template: - metadata: - labels: - app: csi-provisioner-ntnx-plugin - spec: - serviceAccount: csi-provisioner - containers: - - name: csi-provisioner - image: quay.io/k8scsi/csi-provisioner:v1.5.0 - args: - - --provisioner={{ include "nutanix-csi-storage.drivername" . }} - - --csi-address=$(ADDRESS) - - --timeout=60s - - --v=5 - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi.sock - imagePullPolicy: IfNotPresent - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy/ - - name: csi-resizer - image: quay.io/k8scsi/csi-resizer:v0.3.0 - args: - - --v=5 - - --csi-address=$(ADDRESS) - - --leader-election=false - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi.sock - imagePullPolicy: IfNotPresent - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy/ - - name: csi-snapshotter - image: quay.io/k8scsi/csi-snapshotter:v2.1.0 - args: - - --csi-address=$(ADDRESS) - - --leader-election=false - - --logtostderr=true - env: - - name: ADDRESS - value: /csi/csi.sock - volumeMounts: - - name: socket-dir - mountPath: /csi - - name: ntnx-csi-plugin - image: quay.io/karbon/ntnx-csi:v2.3.1 - securityContext: - allowPrivilegeEscalation: true - privileged: true - args: - - "--endpoint=$(CSI_ENDPOINT)" - - "--nodeid=$(NODE_ID)" - - "--drivername={{ include "nutanix-csi-storage.drivername" . }}" - env: - - name: CSI_ENDPOINT - value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock - - name: NODE_ID - valueFrom: - fieldRef: - fieldPath: spec.nodeName - volumeMounts: - - mountPath: /var/lib/csi/sockets/pluginproxy/ - name: socket-dir - ports: - - containerPort: 9808 - name: healthz - protocol: TCP - livenessProbe: - httpGet: - path: /healthz - port: healthz - initialDelaySeconds: 10 - timeoutSeconds: 3 - periodSeconds: 2 - failureThreshold: 3 - - name: liveness-probe - volumeMounts: - - mountPath: /csi - name: socket-dir - image: quay.io/k8scsi/livenessprobe:v1.1.0 - args: - - --csi-address=/csi/csi.sock - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - emptyDir: {} - name: socket-dir diff --git a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/templates/ntnx-csi-rbac.yaml b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/templates/ntnx-csi-rbac.yaml deleted file mode 100644 index 1b79eed11..000000000 --- a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/templates/ntnx-csi-rbac.yaml +++ /dev/null @@ -1,124 +0,0 @@ -# Copyright 2018 Nutanix Inc -# -# Configuration to deploy the Nutanix CSI driver -# -# example usage: kubectl create -f - ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: csi-provisioner - namespace: {{ .Release.Namespace }} ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: external-provisioner-runner - namespace: {{ .Release.Namespace }} -rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete", "update", "patch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: [""] - resources: ["persistentvolumeclaims/status"] - verbs: ["update", "patch"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots/status"] - verbs: ["update"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents"] - verbs: ["create", "get", "list", "watch", "update", "delete"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents/status"] - verbs: ["update"] ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-provisioner-role - namespace: {{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: csi-provisioner - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: external-provisioner-runner - apiGroup: rbac.authorization.k8s.io ---- -# needed for StatefulSet -kind: Service -apiVersion: v1 -metadata: - name: csi-provisioner-ntnx-plugin - namespace: {{ .Release.Namespace }} - labels: - app: csi-provisioner-ntnx-plugin -spec: - selector: - app: csi-provisioner-ntnx-plugin - ports: - - name: dummy - port: 12345 ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: csi-node-ntnx-plugin - namespace: {{ .Release.Namespace }} ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-node-runner - namespace: {{ .Release.Namespace }} -rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list", "update"] - - apiGroups: [""] - resources: ["namespaces"] - verbs: ["get", "list"] - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["storage.k8s.io"] - resources: ["volumeattachments"] - verbs: ["get", "list", "watch", "update"] ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-node-role - namespace: {{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: csi-node-ntnx-plugin - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: csi-node-runner - apiGroup: rbac.authorization.k8s.io - diff --git a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/templates/ntnx-secret.yaml b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/templates/ntnx-secret.yaml deleted file mode 100644 index dbf22bdfc..000000000 --- a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/templates/ntnx-secret.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if eq .Values.createSecret true }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Values.secretName }} - namespace: {{ .Release.Namespace }} -data: - # base64 encoded prism-ip:prism-port:admin:password. - # E.g.: echo -n "10.83.0.91:9440:admin:mypassword" | base64 - key: {{ printf "%s:9440:%s:%s" .Values.prismEndPoint .Values.username .Values.password | b64enc}} -{{- end }} \ No newline at end of file diff --git a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/templates/sc.yaml b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/templates/sc.yaml deleted file mode 100644 index b7ba803e2..000000000 --- a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/templates/sc.yaml +++ /dev/null @@ -1,73 +0,0 @@ -{{- if eq .Values.volumeClass true }} -kind: StorageClass -apiVersion: storage.k8s.io/v1 -metadata: - name: nutanix-volume -{{- if eq .Values.defaultStorageClass "volume" }} - annotations: - storageclass.kubernetes.io/is-default-class: "true" -{{- end }} -provisioner: {{ include "nutanix-csi-storage.drivername" . }} -parameters: - storageType: NutanixVolumes - csi.storage.k8s.io/provisioner-secret-name: {{ .Values.secretName }} - csi.storage.k8s.io/provisioner-secret-namespace: {{ .Release.Namespace }} - csi.storage.k8s.io/node-publish-secret-name: {{ .Values.secretName }} - csi.storage.k8s.io/node-publish-secret-namespace: {{ .Release.Namespace }} - csi.storage.k8s.io/controller-expand-secret-name: {{ .Values.secretName }} - csi.storage.k8s.io/controller-expand-secret-namespace: {{ .Release.Namespace }} - dataServiceEndPoint: {{ .Values.dataServiceEndPoint }} - storageContainer: {{ .Values.storageContainer }} - csi.storage.k8s.io/fstype: {{ .Values.fsType }} -{{- if eq .Values.lvmVolume true }} - isLVMVolume: "true" - numLVMDisks: {{ quote .Values.lvmDisks }} -{{- end }} -allowVolumeExpansion: true -reclaimPolicy: Delete ---- -apiVersion: snapshot.storage.k8s.io/v1beta1 -kind: VolumeSnapshotClass -metadata: - name: nutanix-snapshot-class -driver: {{ include "nutanix-csi-storage.drivername" . }} -parameters: - storageType: NutanixVolumes - csi.storage.k8s.io/snapshotter-secret-name: {{ .Values.secretName }} - csi.storage.k8s.io/snapshotter-secret-namespace: {{ .Release.Namespace }} -deletionPolicy: Delete -{{- end }} ---- -{{- if eq .Values.fileClass true }} -kind: StorageClass -apiVersion: storage.k8s.io/v1 -metadata: - name: nutanix-file -{{- if eq .Values.defaultStorageClass "file" }} - annotations: - storageclass.kubernetes.io/is-default-class: "true" -{{- end }} -provisioner: {{ include "nutanix-csi-storage.drivername" . }} -parameters: - storageType: NutanixFiles - nfsServer: {{ .Values.fileHost }} - nfsPath: {{ .Values.filePath }} -{{- end }} ---- -{{- if eq .Values.dynamicFileClass true }} -kind: StorageClass -apiVersion: storage.k8s.io/v1 -metadata: - name: nutanix-dynamicfile -{{- if eq .Values.defaultStorageClass "dynfile" }} - annotations: - storageclass.kubernetes.io/is-default-class: "true" -{{- end }} -provisioner: {{ include "nutanix-csi-storage.drivername" . }} -parameters: - storageType: NutanixFiles - dynamicProv: ENABLED - nfsServerName: {{ .Values.fileServerName }} - csi.storage.k8s.io/provisioner-secret-name: {{ .Values.secretName }} - csi.storage.k8s.io/provisioner-secret-namespace: {{ .Release.Namespace }} -{{- end }} \ No newline at end of file diff --git a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/templates/snapshot-controller-rbac.yaml b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/templates/snapshot-controller-rbac.yaml deleted file mode 100644 index eb6bb088c..000000000 --- a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/templates/snapshot-controller-rbac.yaml +++ /dev/null @@ -1,78 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: snapshot-controller - namespace: {{ .Release.Namespace }} ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: snapshot-controller-runner - namespace: {{ .Release.Namespace }} -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents"] - verbs: ["create", "get", "list", "watch", "update", "delete"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots/status"] - verbs: ["update"] - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: snapshot-controller-role - namespace: {{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: snapshot-controller - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: snapshot-controller-runner - apiGroup: rbac.authorization.k8s.io - ---- -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: snapshot-controller-leaderelection - namespace: {{ .Release.Namespace }} -rules: -- apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "watch", "list", "delete", "update", "create"] - ---- -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: snapshot-controller-leaderelection - namespace: {{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: snapshot-controller - namespace: {{ .Release.Namespace }} -roleRef: - kind: Role - name: snapshot-controller-leaderelection - apiGroup: rbac.authorization.k8s.io - diff --git a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/templates/snapshot-controller-setup.yaml b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/templates/snapshot-controller-setup.yaml deleted file mode 100644 index 57cf273ae..000000000 --- a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/templates/snapshot-controller-setup.yaml +++ /dev/null @@ -1,24 +0,0 @@ -kind: StatefulSet -apiVersion: apps/v1 -metadata: - name: snapshot-controller - namespace: {{ .Release.Namespace }} -spec: - serviceName: "snapshot-controller" - replicas: 1 - selector: - matchLabels: - app: snapshot-controller - template: - metadata: - labels: - app: snapshot-controller - spec: - serviceAccount: snapshot-controller - containers: - - name: snapshot-controller - image: quay.io/k8scsi/snapshot-controller:v2.0.1 - args: - - "--v=5" - - "--leader-election=false" - imagePullPolicy: Always diff --git a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/values.yaml b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/values.yaml deleted file mode 100644 index b8be1d667..000000000 --- a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100+up2.3.1/values.yaml +++ /dev/null @@ -1,67 +0,0 @@ -# Default values for nutanix-csi-storage. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -# parameters - -# Legacy mode -# -# if legacy set to true we keep the old reverse domain notation for CSI driver name (com.nutanix.csi). -# need to be set to true only if upgrade and initialy installed with helm package before 2.2.x -legacy: false - -# OS settings -# -# Starting v2.3.1 CSI driver is OS independent, this value is deprecated -os: none - - -# Storage Class settings -# -# choose for wich mode (Volume, File, Dynamic File) storageclass need to be created -volumeClass: true -fileClass: false -dynamicFileClass: false - - -# Default Storage Class settings -# -# Decide wich storageclass will be the default -# value are: node, volume, file, dynfile -defaultStorageClass: none - -# Nutanix Prism Elements settings -# -# Allow dynamic creation of Volumes and Fileshare -# needed if volumeClass or dynamicFileClass is set to true - -prismEndPoint: 10.0.0.1 - -username: admin -password: nutanix/4u - -secretName: ntnx-secret - -# Nutanix Prism Elements Existing Secret -# -# if set to false a new secret will not be created -createSecret: true - - -# Volumes Settings -# -dataServiceEndPoint: 10.0.0.2 -storageContainer: default -fsType: xfs - -lvmVolume: false -lvmDisks: 4 - -# Files Settings -# -fileHost: 10.0.0.3 -filePath: share - -# Dynamic Files Settings -# -fileServerName: file diff --git a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/.helmignore b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/.helmignore deleted file mode 100755 index f0c131944..000000000 --- a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/Chart.yaml b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/Chart.yaml deleted file mode 100755 index 3f57d6b38..000000000 --- a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/Chart.yaml +++ /dev/null @@ -1,21 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: nutanix-csi-storage -apiVersion: v1 -appVersion: 2.3.1 -description: A Helm chart for installing Nutanix CSI Volume Driver -home: https://github.com/nutanix/helm -icon: https://avatars2.githubusercontent.com/u/6165865?s=200&v=4 -keywords: -- Nutanix -- Storage -- Volumes -- Files -- StorageClass -- CentOS -- Ubuntu -kubeVersion: '>= 1.13.0' -maintainers: -- name: tuxtof -name: nutanix-csi-storage -version: 2.3.100 diff --git a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/README.md b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/README.md deleted file mode 100755 index 97f4c99fc..000000000 --- a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/README.md +++ /dev/null @@ -1,93 +0,0 @@ -# Nutanix CSI Volume Driver Helm chart - -## Introduction - -The Container Storage Interface (CSI) Volume Driver for Kubernetes leverages Nutanix Volumes and Nutanix Files to provide scalable and persistent storage for stateful applications. - -When Files is used for persistent storage, applications on multiple pods can access the same storage, and also have the benefit of multi-pod read and write access. - -## Important notice - -If you plan to update an existing Nutanix CSI deployement from 1.x to 2.x with this Chart, you need first deploy manually the CRD present here https://github.com/nutanix/csi-plugin/tree/master/deploy/Centos/crd. - -Please note that starting with v2.2.0, Nutanix CSI driver has changed format of driver name from com.nutanix.csi to csi.nutanix.com. All deployment yamls uses this new driver name format. However, if you are upgrading the CSI driver then you should continue to use old driver name com.nutanix.csi by setting `legacy` parameter to `true`. If not existing PVC/PV will not work with the new driver name. - -## Nutanix CSI driver documentation -https://portal.nutanix.com/page/documents/details?targetId=CSI-Volume-Driver-v2_3:CSI-Volume-Driver-v2_3 - -## Features list - -- Nutanix CSI Driver v2.3.1 -- Nutanix Volumes support -- Nutanix Files support -- Volume resize support ( beta in Kubernetes >= 1.16.0 ) -- Volume clone ( beta Kubernetes >= 1.16.0 ) -- Volume snapshot and Restore ( beta Kubernetes >= 1.17.0 ) -- IP Address Whitelisting -- LVM Volume supporting multi vdisks volume group -- NFS dynamic share provisioning -- iSCSI Auto CHAP Authentication -- OS independence - -## Prerequisites - -- Kubernetes 1.13 or later -- Kubernetes worker nodes must have the iSCSI package installed (Nutanix Volumes only) -- This chart have been validated on CentOS 7 and Ubuntu 18.04/20.04, but the new architecture enables easy portability to other distributions. - -## Installing the Chart - -To install the chart with the name `nutanix-csi`: - -```console -helm repo add nutanix https://nutanix.github.io/helm/ - -helm install nutanix-csi nutanix/nutanix-csi-storage -n -``` - -## Uninstalling the Chart - -To uninstall/delete the `nutanix-csi` deployment: - -```console -helm delete nutanix-csi -n -``` - -## Configuration - -The following table lists the configurable parameters of the Nutanix-CSI chart and their default values. - -| Parameter | Description | Default | -|------------------------------|----------------------------------------|--------------------------------| -| `legacy` | use old reverse notation for CSI driver name | `false` | -| `volumeClass` | Activate Nutanix Volumes Storage Class | `true` | -| `fileClass` | Activate Nutanix Files Storage Class | `false` | -| `dynamicFileClass` | Activate Nutanix Dynamic Files Storage Class | `false` | -| `defaultStorageClass` | Choose your default Storage Class (none, volume, file, dynfile) | `none`| -| `prismEndPoint` | Cluster Virtual IP Address |`10.0.0.1`| -| `dataServiceEndPoint` | Prism data service IP |`10.0.0.2`| -| `username` | name used for the admin role (if created) |`admin`| -| `password` | password for the admin role (if created) |`nutanix/4u`| -| `secretName` | name of the secret to use for admin role| `ntnx-secret`| -| `createSecret` | create secret for admin role (if false use existing)| `true`| -| `storageContainer` | Nutanix storage container name | `default`| -| `fsType` | type of file system you are using (ext4, xfs) |`xfs`| -| `fileHost` | NFS server IP address | `10.0.0.3`| -| `filePath` | path of the NFS share |`share`| -| `fileServerName` | name of the Nutanix FIle Server | `file`| -| `nodeSelector` | add nodeSelector to pods spec | | -| `tolerations` | add tolerations to pods spec | | - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install` or provide a a file whit `-f value.yaml`. - -Example: - -```console -helm install nutanix-csi nutanix/nutanix-csi-storage --set prismEndPoint=X.X.X.X --set dataServiceEndPoint=Y.Y.Y.Y --set username=admin --set password=xxxxxxxxx --set storageContainer=container_name --set fsType=xfs --set defaultStorageClass=volume --set os=centos -``` - -or - -```console -helm install nutanix-csi nutanix/nutanix-csi-storage -f value.yaml -``` diff --git a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/app-readme.md b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/app-readme.md deleted file mode 100755 index bffca7493..000000000 --- a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/app-readme.md +++ /dev/null @@ -1 +0,0 @@ -A Helm chart for installing Nutanix CSI Volume/File Storage Driver diff --git a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/crds/snapshot.storage.k8s.io_volumesnapshotclasses.yaml b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/crds/snapshot.storage.k8s.io_volumesnapshotclasses.yaml deleted file mode 100755 index 4aa980cc7..000000000 --- a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/crds/snapshot.storage.k8s.io_volumesnapshotclasses.yaml +++ /dev/null @@ -1,85 +0,0 @@ - ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.2.5 - api-approved.kubernetes.io: "https://github.com/kubernetes-csi/external-snapshotter/pull/260" - creationTimestamp: null - name: volumesnapshotclasses.snapshot.storage.k8s.io -spec: - additionalPrinterColumns: - - JSONPath: .driver - name: Driver - type: string - - JSONPath: .deletionPolicy - description: Determines whether a VolumeSnapshotContent created through the VolumeSnapshotClass - should be deleted when its bound VolumeSnapshot is deleted. - name: DeletionPolicy - type: string - - JSONPath: .metadata.creationTimestamp - name: Age - type: date - group: snapshot.storage.k8s.io - names: - kind: VolumeSnapshotClass - listKind: VolumeSnapshotClassList - plural: volumesnapshotclasses - singular: volumesnapshotclass - preserveUnknownFields: false - scope: Cluster - subresources: {} - validation: - openAPIV3Schema: - description: VolumeSnapshotClass specifies parameters that a underlying storage - system uses when creating a volume snapshot. A specific VolumeSnapshotClass - is used by specifying its name in a VolumeSnapshot object. VolumeSnapshotClasses - are non-namespaced - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - deletionPolicy: - description: deletionPolicy determines whether a VolumeSnapshotContent created - through the VolumeSnapshotClass should be deleted when its bound VolumeSnapshot - is deleted. Supported values are "Retain" and "Delete". "Retain" means - that the VolumeSnapshotContent and its physical snapshot on underlying - storage system are kept. "Delete" means that the VolumeSnapshotContent - and its physical snapshot on underlying storage system are deleted. Required. - enum: - - Delete - - Retain - type: string - driver: - description: driver is the name of the storage driver that handles this - VolumeSnapshotClass. Required. - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - parameters: - additionalProperties: - type: string - description: parameters is a key-value map with storage driver specific - parameters for creating snapshots. These values are opaque to Kubernetes. - type: object - required: - - deletionPolicy - - driver - type: object - version: v1beta1 - versions: - - name: v1beta1 - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/crds/snapshot.storage.k8s.io_volumesnapshotcontents.yaml b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/crds/snapshot.storage.k8s.io_volumesnapshotcontents.yaml deleted file mode 100755 index 34c51ad62..000000000 --- a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/crds/snapshot.storage.k8s.io_volumesnapshotcontents.yaml +++ /dev/null @@ -1,233 +0,0 @@ - ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.2.5 - api-approved.kubernetes.io: "https://github.com/kubernetes-csi/external-snapshotter/pull/260" - creationTimestamp: null - name: volumesnapshotcontents.snapshot.storage.k8s.io -spec: - additionalPrinterColumns: - - JSONPath: .status.readyToUse - description: Indicates if a snapshot is ready to be used to restore a volume. - name: ReadyToUse - type: boolean - - JSONPath: .status.restoreSize - description: Represents the complete size of the snapshot in bytes - name: RestoreSize - type: integer - - JSONPath: .spec.deletionPolicy - description: Determines whether this VolumeSnapshotContent and its physical snapshot - on the underlying storage system should be deleted when its bound VolumeSnapshot - is deleted. - name: DeletionPolicy - type: string - - JSONPath: .spec.driver - description: Name of the CSI driver used to create the physical snapshot on the - underlying storage system. - name: Driver - type: string - - JSONPath: .spec.volumeSnapshotClassName - description: Name of the VolumeSnapshotClass to which this snapshot belongs. - name: VolumeSnapshotClass - type: string - - JSONPath: .spec.volumeSnapshotRef.name - description: Name of the VolumeSnapshot object to which this VolumeSnapshotContent - object is bound. - name: VolumeSnapshot - type: string - - JSONPath: .metadata.creationTimestamp - name: Age - type: date - group: snapshot.storage.k8s.io - names: - kind: VolumeSnapshotContent - listKind: VolumeSnapshotContentList - plural: volumesnapshotcontents - singular: volumesnapshotcontent - preserveUnknownFields: false - scope: Cluster - subresources: - status: {} - validation: - openAPIV3Schema: - description: VolumeSnapshotContent represents the actual "on-disk" snapshot - object in the underlying storage system - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: spec defines properties of a VolumeSnapshotContent created - by the underlying storage system. Required. - properties: - deletionPolicy: - description: deletionPolicy determines whether this VolumeSnapshotContent - and its physical snapshot on the underlying storage system should - be deleted when its bound VolumeSnapshot is deleted. Supported values - are "Retain" and "Delete". "Retain" means that the VolumeSnapshotContent - and its physical snapshot on underlying storage system are kept. "Delete" - means that the VolumeSnapshotContent and its physical snapshot on - underlying storage system are deleted. In dynamic snapshot creation - case, this field will be filled in with the "DeletionPolicy" field - defined in the VolumeSnapshotClass the VolumeSnapshot refers to. For - pre-existing snapshots, users MUST specify this field when creating - the VolumeSnapshotContent object. Required. - enum: - - Delete - - Retain - type: string - driver: - description: driver is the name of the CSI driver used to create the - physical snapshot on the underlying storage system. This MUST be the - same as the name returned by the CSI GetPluginName() call for that - driver. Required. - type: string - source: - description: source specifies from where a snapshot will be created. - This field is immutable after creation. Required. - properties: - snapshotHandle: - description: snapshotHandle specifies the CSI "snapshot_id" of a - pre-existing snapshot on the underlying storage system. This field - is immutable. - type: string - volumeHandle: - description: volumeHandle specifies the CSI "volume_id" of the volume - from which a snapshot should be dynamically taken from. This field - is immutable. - type: string - type: object - volumeSnapshotClassName: - description: name of the VolumeSnapshotClass to which this snapshot - belongs. - type: string - volumeSnapshotRef: - description: volumeSnapshotRef specifies the VolumeSnapshot object to - which this VolumeSnapshotContent object is bound. VolumeSnapshot.Spec.VolumeSnapshotContentName - field must reference to this VolumeSnapshotContent's name for the - bidirectional binding to be valid. For a pre-existing VolumeSnapshotContent - object, name and namespace of the VolumeSnapshot object MUST be provided - for binding to happen. This field is immutable after creation. Required. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an - entire object, this string should contain a valid JSON/Go field - access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen only - to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change - in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is - made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - type: object - required: - - deletionPolicy - - driver - - source - - volumeSnapshotRef - type: object - status: - description: status represents the current information of a snapshot. - properties: - creationTime: - description: creationTime is the timestamp when the point-in-time snapshot - is taken by the underlying storage system. In dynamic snapshot creation - case, this field will be filled in with the "creation_time" value - returned from CSI "CreateSnapshotRequest" gRPC call. For a pre-existing - snapshot, this field will be filled with the "creation_time" value - returned from the CSI "ListSnapshots" gRPC call if the driver supports - it. If not specified, it indicates the creation time is unknown. The - format of this field is a Unix nanoseconds time encoded as an int64. - On Unix, the command `date +%s%N` returns the current time in nanoseconds - since 1970-01-01 00:00:00 UTC. - format: int64 - type: integer - error: - description: error is the latest observed error during snapshot creation, - if any. - properties: - message: - description: 'message is a string detailing the encountered error - during snapshot creation if specified. NOTE: message may be logged, - and it should not contain sensitive information.' - type: string - time: - description: time is the timestamp when the error was encountered. - format: date-time - type: string - type: object - readyToUse: - description: readyToUse indicates if a snapshot is ready to be used - to restore a volume. In dynamic snapshot creation case, this field - will be filled in with the "ready_to_use" value returned from CSI - "CreateSnapshotRequest" gRPC call. For a pre-existing snapshot, this - field will be filled with the "ready_to_use" value returned from the - CSI "ListSnapshots" gRPC call if the driver supports it, otherwise, - this field will be set to "True". If not specified, it means the readiness - of a snapshot is unknown. - type: boolean - restoreSize: - description: restoreSize represents the complete size of the snapshot - in bytes. In dynamic snapshot creation case, this field will be filled - in with the "size_bytes" value returned from CSI "CreateSnapshotRequest" - gRPC call. For a pre-existing snapshot, this field will be filled - with the "size_bytes" value returned from the CSI "ListSnapshots" - gRPC call if the driver supports it. When restoring a volume from - this snapshot, the size of the volume MUST NOT be smaller than the - restoreSize if it is specified, otherwise the restoration will fail. - If not specified, it indicates that the size is unknown. - format: int64 - minimum: 0 - type: integer - snapshotHandle: - description: snapshotHandle is the CSI "snapshot_id" of a snapshot on - the underlying storage system. If not specified, it indicates that - dynamic snapshot creation has either failed or it is still in progress. - type: string - type: object - required: - - spec - type: object - version: v1beta1 - versions: - - name: v1beta1 - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/crds/snapshot.storage.k8s.io_volumesnapshots.yaml b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/crds/snapshot.storage.k8s.io_volumesnapshots.yaml deleted file mode 100755 index 483706f16..000000000 --- a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/crds/snapshot.storage.k8s.io_volumesnapshots.yaml +++ /dev/null @@ -1,188 +0,0 @@ - ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.2.5 - api-approved.kubernetes.io: "https://github.com/kubernetes-csi/external-snapshotter/pull/260" - creationTimestamp: null - name: volumesnapshots.snapshot.storage.k8s.io -spec: - additionalPrinterColumns: - - JSONPath: .status.readyToUse - description: Indicates if a snapshot is ready to be used to restore a volume. - name: ReadyToUse - type: boolean - - JSONPath: .spec.source.persistentVolumeClaimName - description: Name of the source PVC from where a dynamically taken snapshot will - be created. - name: SourcePVC - type: string - - JSONPath: .spec.source.volumeSnapshotContentName - description: Name of the VolumeSnapshotContent which represents a pre-provisioned - snapshot. - name: SourceSnapshotContent - type: string - - JSONPath: .status.restoreSize - description: Represents the complete size of the snapshot. - name: RestoreSize - type: string - - JSONPath: .spec.volumeSnapshotClassName - description: The name of the VolumeSnapshotClass requested by the VolumeSnapshot. - name: SnapshotClass - type: string - - JSONPath: .status.boundVolumeSnapshotContentName - description: The name of the VolumeSnapshotContent to which this VolumeSnapshot - is bound. - name: SnapshotContent - type: string - - JSONPath: .status.creationTime - description: Timestamp when the point-in-time snapshot is taken by the underlying - storage system. - name: CreationTime - type: date - - JSONPath: .metadata.creationTimestamp - name: Age - type: date - group: snapshot.storage.k8s.io - names: - kind: VolumeSnapshot - listKind: VolumeSnapshotList - plural: volumesnapshots - singular: volumesnapshot - preserveUnknownFields: false - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: VolumeSnapshot is a user's request for either creating a point-in-time - snapshot of a persistent volume, or binding to a pre-existing snapshot. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: 'spec defines the desired characteristics of a snapshot requested - by a user. More info: https://kubernetes.io/docs/concepts/storage/volume-snapshots#volumesnapshots - Required.' - properties: - source: - description: source specifies where a snapshot will be created from. - This field is immutable after creation. Required. - properties: - persistentVolumeClaimName: - description: persistentVolumeClaimName specifies the name of the - PersistentVolumeClaim object in the same namespace as the VolumeSnapshot - object where the snapshot should be dynamically taken from. This - field is immutable. - type: string - volumeSnapshotContentName: - description: volumeSnapshotContentName specifies the name of a pre-existing - VolumeSnapshotContent object. This field is immutable. - type: string - type: object - volumeSnapshotClassName: - description: 'volumeSnapshotClassName is the name of the VolumeSnapshotClass - requested by the VolumeSnapshot. If not specified, the default snapshot - class will be used if one exists. If not specified, and there is no - default snapshot class, dynamic snapshot creation will fail. Empty - string is not allowed for this field. TODO(xiangqian): a webhook validation - on empty string. More info: https://kubernetes.io/docs/concepts/storage/volume-snapshot-classes' - type: string - required: - - source - type: object - status: - description: 'status represents the current information of a snapshot. NOTE: - status can be modified by sources other than system controllers, and must - not be depended upon for accuracy. Controllers should only use information - from the VolumeSnapshotContent object after verifying that the binding - is accurate and complete.' - properties: - boundVolumeSnapshotContentName: - description: 'boundVolumeSnapshotContentName represents the name of - the VolumeSnapshotContent object to which the VolumeSnapshot object - is bound. If not specified, it indicates that the VolumeSnapshot object - has not been successfully bound to a VolumeSnapshotContent object - yet. NOTE: Specified boundVolumeSnapshotContentName alone does not - mean binding is valid. Controllers MUST always verify bidirectional - binding between VolumeSnapshot and VolumeSnapshotContent to - avoid possible security issues.' - type: string - creationTime: - description: creationTime is the timestamp when the point-in-time snapshot - is taken by the underlying storage system. In dynamic snapshot creation - case, this field will be filled in with the "creation_time" value - returned from CSI "CreateSnapshotRequest" gRPC call. For a pre-existing - snapshot, this field will be filled with the "creation_time" value - returned from the CSI "ListSnapshots" gRPC call if the driver supports - it. If not specified, it indicates that the creation time of the snapshot - is unknown. - format: date-time - type: string - error: - description: error is the last observed error during snapshot creation, - if any. This field could be helpful to upper level controllers(i.e., - application controller) to decide whether they should continue on - waiting for the snapshot to be created based on the type of error - reported. - properties: - message: - description: 'message is a string detailing the encountered error - during snapshot creation if specified. NOTE: message may be logged, - and it should not contain sensitive information.' - type: string - time: - description: time is the timestamp when the error was encountered. - format: date-time - type: string - type: object - readyToUse: - description: readyToUse indicates if a snapshot is ready to be used - to restore a volume. In dynamic snapshot creation case, this field - will be filled in with the "ready_to_use" value returned from CSI - "CreateSnapshotRequest" gRPC call. For a pre-existing snapshot, this - field will be filled with the "ready_to_use" value returned from the - CSI "ListSnapshots" gRPC call if the driver supports it, otherwise, - this field will be set to "True". If not specified, it means the readiness - of a snapshot is unknown. - type: boolean - restoreSize: - anyOf: - - type: integer - - type: string - description: restoreSize represents the complete size of the snapshot - in bytes. In dynamic snapshot creation case, this field will be filled - in with the "size_bytes" value returned from CSI "CreateSnapshotRequest" - gRPC call. For a pre-existing snapshot, this field will be filled - with the "size_bytes" value returned from the CSI "ListSnapshots" - gRPC call if the driver supports it. When restoring a volume from - this snapshot, the size of the volume MUST NOT be smaller than the - restoreSize if it is specified, otherwise the restoration will fail. - If not specified, it indicates that the size is unknown. - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - required: - - spec - type: object - version: v1beta1 - versions: - - name: v1beta1 - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/questions.yml b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/questions.yml deleted file mode 100755 index a8f3d2b16..000000000 --- a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/questions.yml +++ /dev/null @@ -1,116 +0,0 @@ -questions: - - variable: volumeClass - label: "Volumes Storage Class" - type: boolean - default: true - description: "Activate Nutanix Volumes Storage Class" - group: "global Settings" - - variable: fileClass - label: "Files Storage Class" - type: boolean - default: false - description: "Activate Nutanix Files Storage Class" - group: "global Settings" - - variable: dynamicFileClass - label: "Dynamic Files Storage Class" - type: boolean - default: false - description: "Activate Nutanix Files Storage Class with dynamic share provisioning" - group: "global Settings" - - variable: legacy - label: "Driver Name Legacy mode" - type: boolean - default: false - description: "Set to True to continue to use old driver name in case of initial install with chart < 2.2.0" - group: "global Settings" - - variable: defaultStorageClass - label: "Default Storage Class" - type: enum - default: "none" - options: ["none", "volume", "file", "dynfile"] - description: "Select the default Storage Class you want" - group: "global Settings" - show_if: "volumeClass=true||dynamicFileClass=true||fileClass=true" - - - variable: prismEndPoint - label: "Prism Endpoint" - type: string - required: true - description: "Please specify the cluster virtual address" - group: "global Settings" - show_if: "volumeClass=true||dynamicFileClass=true" - - variable: username - label: "Username" - type: string - required: true - description: "Specify username with cluster admin permission" - group: "global Settings" - show_if: "volumeClass=true||dynamicFileClass=true" - - variable: password - label: "Password" - type: password - required: true - description: "Specify password of the user" - group: "global Settings" - show_if: "volumeClass=true||dynamicFileClass=true" - - - variable: lvmVolume - label: "LVM Volume" - type: boolean - default: false - description: "Activate LVM to support multi vdisks volume group for PV" - group: "Nutanix Volumes Settings" - show_if: "volumeClass=true" - - variable: dataServiceEndPoint - label: "Data Service Endpoint" - type: string - required: true - description: "Please specify the ISCSI data services address" - group: "Nutanix Volumes Settings" - show_if: "volumeClass=true" - - variable: storageContainer - label: "Storage Container" - type: string - required: true - description: "Specify Nutanix container name where the Persistent Volume will be stored" - group: "Nutanix Volumes Settings" - show_if: "volumeClass=true" - - variable: fsType - label: "Filesystem" - type: enum - options: ["xfs", "ext4"] - description: "Select the filesystem for the Persistent Volume" - group: "Nutanix Volumes Settings" - show_if: "volumeClass=true" - - variable: lvmDisks - label: "LVM Disks" - type: int - required: true - default: "4" - min: 1 - max: 8 - description: "Number of vdisk for each PV" - group: "Nutanix Volumes Settings" - show_if: "lvmVolume=true&&volumeClass=true" - - - variable: fileHost - label: "File Server Address" - type: string - required: true - description: "Specify Nutanix Files address" - group: "Nutanix Files Settings" - show_if: "fileClass=true" - - variable: filePath - label: "Export share" - type: string - required: true - description: "Specify Nutanix Files share path" - group: "Nutanix Files Settings" - show_if: "fileClass=true" - - variable: fileServerName - label: "NFS File Server Name" - type: string - required: true - description: "Specify Nutanix Files server name" - group: "Nutanix Files Settings" - show_if: "dynamicFileClass=true" diff --git a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/NOTES.txt b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/NOTES.txt deleted file mode 100755 index 3921d167a..000000000 --- a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/NOTES.txt +++ /dev/null @@ -1,3 +0,0 @@ -Driver name: {{ include "nutanix-csi-storage.drivername" . }} - -Nutanix CSI provider was deployed in namespace {{ .Release.Namespace }} diff --git a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/_helpers.tpl b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/_helpers.tpl deleted file mode 100755 index 5fe53b26a..000000000 --- a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/_helpers.tpl +++ /dev/null @@ -1,43 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "nutanix-csi-storage.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "nutanix-csi-storage.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "nutanix-csi-storage.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create CSI driver name. -*/}} -{{- define "nutanix-csi-storage.drivername" -}} -{{- if .Values.legacy -}} -com.nutanix.csi -{{- else -}} -csi.nutanix.com -{{- end -}} -{{- end -}} \ No newline at end of file diff --git a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/csi-driver.yaml b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/csi-driver.yaml deleted file mode 100755 index fa56a6a1c..000000000 --- a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/csi-driver.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: storage.k8s.io/v1beta1 -kind: CSIDriver -metadata: - name: {{ include "nutanix-csi-storage.drivername" . }} -spec: - attachRequired: false - podInfoOnMount: true \ No newline at end of file diff --git a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/ntnx-cs-scc.yaml b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/ntnx-cs-scc.yaml deleted file mode 100755 index 89a543a54..000000000 --- a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/ntnx-cs-scc.yaml +++ /dev/null @@ -1,30 +0,0 @@ -{{- if eq .Values.os "openshift4"}} -kind: SecurityContextConstraints -apiVersion: security.openshift.io/v1 -metadata: - name: ntnx-csi-scc -allowHostDirVolumePlugin: true -allowHostIPC: false -allowHostNetwork: true -allowHostPID: false -allowHostPorts: true -allowPrivilegeEscalation: true -allowPrivilegedContainer: true -allowedCapabilities: [] -defaultAddCapabilities: [] -fsGroup: - type: RunAsAny -groups: [] -priority: -readOnlyRootFilesystem: false -requiredDropCapabilities: [] -runAsUser: - type: RunAsAny -seLinuxContext: - type: RunAsAny -supplementalGroups: - type: RunAsAny -users: - - system:serviceaccount:{{ .Release.Namespace }}:csi-provisioner - - system:serviceaccount:{{ .Release.Namespace }}:csi-node-ntnx-plugin -{{- end}} \ No newline at end of file diff --git a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/ntnx-csi-node.yaml b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/ntnx-csi-node.yaml deleted file mode 100755 index 59519e9f0..000000000 --- a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/ntnx-csi-node.yaml +++ /dev/null @@ -1,128 +0,0 @@ -# Copyright 2019 Nutanix Inc -# -# example usage: kubectl create -f - ---- -kind: DaemonSet -apiVersion: apps/v1 -metadata: - name: csi-node-ntnx-plugin - namespace: {{ .Release.Namespace }} -spec: - selector: - matchLabels: - app: csi-node-ntnx-plugin - template: - metadata: - labels: - app: csi-node-ntnx-plugin - spec: - serviceAccount: csi-node-ntnx-plugin - hostNetwork: true - containers: - - name: driver-registrar - image: quay.io/k8scsi/csi-node-driver-registrar:v1.2.0 - args: - - "--v=5" - - "--csi-address=$(ADDRESS)" - - "--kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)" - env: - - name: ADDRESS - value: /csi/csi.sock - - name: DRIVER_REG_SOCK_PATH - value: /var/lib/kubelet/plugins/{{ include "nutanix-csi-storage.drivername" . }}/csi.sock - - name: KUBE_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - volumeMounts: - - name: plugin-dir - mountPath: /csi/ - - name: registration-dir - mountPath: /registration - - name: csi-node-ntnx-plugin - securityContext: - privileged: true - allowPrivilegeEscalation: true - image: quay.io/karbon/ntnx-csi:v2.3.1 - args : - - "--endpoint=$(CSI_ENDPOINT)" - - "--nodeid=$(NODE_ID)" - - "--drivername={{ include "nutanix-csi-storage.drivername" . }}" - env: - - name: CSI_ENDPOINT - value: unix:///csi/csi.sock - - name: NODE_ID - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: NODE_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - volumeMounts: - - name: plugin-dir - mountPath: /csi - - name: pods-mount-dir - mountPath: /var/lib/kubelet - # needed so that any mounts setup inside this container are - # propagated back to the host machine. - mountPropagation: "Bidirectional" - - mountPath: /dev - name: device-dir - - mountPath: /etc/iscsi - name: iscsi-dir - - mountPath: /host - name: root-dir - ports: - - containerPort: 9808 - name: healthz - protocol: TCP - livenessProbe: - httpGet: - path: /healthz - port: healthz - initialDelaySeconds: 10 - timeoutSeconds: 3 - periodSeconds: 2 - failureThreshold: 3 - - name: liveness-probe - imagePullPolicy: Always - volumeMounts: - - mountPath: /csi - name: plugin-dir - image: quay.io/k8scsi/livenessprobe:v1.1.0 - args: - - --csi-address=/csi/csi.sock - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: registration-dir - hostPath: - path: /var/lib/kubelet/plugins_registry/ - type: Directory - - name: plugin-dir - hostPath: - path: /var/lib/kubelet/plugins/{{ include "nutanix-csi-storage.drivername" . }}/ - type: DirectoryOrCreate - - name: pods-mount-dir - hostPath: - path: /var/lib/kubelet - type: Directory - - name: device-dir - hostPath: - path: /dev - - name: iscsi-dir - hostPath: - path: /etc/iscsi - type: Directory - - name: root-dir - hostPath: - path: / - type: Directory diff --git a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/ntnx-csi-provisioner.yaml b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/ntnx-csi-provisioner.yaml deleted file mode 100755 index 5de6f7a29..000000000 --- a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/ntnx-csi-provisioner.yaml +++ /dev/null @@ -1,111 +0,0 @@ -# Copyright 2019 Nutanix Inc -# -# example usage: kubectl create -f - ---- -kind: StatefulSet -apiVersion: apps/v1 -metadata: - name: csi-provisioner-ntnx-plugin - namespace: {{ .Release.Namespace }} -spec: - serviceName: csi-provisioner-ntnx-plugin - replicas: 1 - selector: - matchLabels: - app: csi-provisioner-ntnx-plugin - template: - metadata: - labels: - app: csi-provisioner-ntnx-plugin - spec: - serviceAccount: csi-provisioner - containers: - - name: csi-provisioner - image: quay.io/k8scsi/csi-provisioner:v1.5.0 - args: - - --provisioner={{ include "nutanix-csi-storage.drivername" . }} - - --csi-address=$(ADDRESS) - - --timeout=60s - - --v=5 - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi.sock - imagePullPolicy: IfNotPresent - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy/ - - name: csi-resizer - image: quay.io/k8scsi/csi-resizer:v0.3.0 - args: - - --v=5 - - --csi-address=$(ADDRESS) - - --leader-election=false - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi.sock - imagePullPolicy: IfNotPresent - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy/ - - name: csi-snapshotter - image: quay.io/k8scsi/csi-snapshotter:v2.1.0 - args: - - --csi-address=$(ADDRESS) - - --leader-election=false - - --logtostderr=true - env: - - name: ADDRESS - value: /csi/csi.sock - volumeMounts: - - name: socket-dir - mountPath: /csi - - name: ntnx-csi-plugin - image: quay.io/karbon/ntnx-csi:v2.3.1 - securityContext: - allowPrivilegeEscalation: true - privileged: true - args: - - "--endpoint=$(CSI_ENDPOINT)" - - "--nodeid=$(NODE_ID)" - - "--drivername={{ include "nutanix-csi-storage.drivername" . }}" - env: - - name: CSI_ENDPOINT - value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock - - name: NODE_ID - valueFrom: - fieldRef: - fieldPath: spec.nodeName - volumeMounts: - - mountPath: /var/lib/csi/sockets/pluginproxy/ - name: socket-dir - ports: - - containerPort: 9808 - name: healthz - protocol: TCP - livenessProbe: - httpGet: - path: /healthz - port: healthz - initialDelaySeconds: 10 - timeoutSeconds: 3 - periodSeconds: 2 - failureThreshold: 3 - - name: liveness-probe - volumeMounts: - - mountPath: /csi - name: socket-dir - image: quay.io/k8scsi/livenessprobe:v1.1.0 - args: - - --csi-address=/csi/csi.sock - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - emptyDir: {} - name: socket-dir diff --git a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/ntnx-csi-rbac.yaml b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/ntnx-csi-rbac.yaml deleted file mode 100755 index 1b79eed11..000000000 --- a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/ntnx-csi-rbac.yaml +++ /dev/null @@ -1,124 +0,0 @@ -# Copyright 2018 Nutanix Inc -# -# Configuration to deploy the Nutanix CSI driver -# -# example usage: kubectl create -f - ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: csi-provisioner - namespace: {{ .Release.Namespace }} ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: external-provisioner-runner - namespace: {{ .Release.Namespace }} -rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete", "update", "patch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: [""] - resources: ["persistentvolumeclaims/status"] - verbs: ["update", "patch"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots/status"] - verbs: ["update"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents"] - verbs: ["create", "get", "list", "watch", "update", "delete"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents/status"] - verbs: ["update"] ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-provisioner-role - namespace: {{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: csi-provisioner - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: external-provisioner-runner - apiGroup: rbac.authorization.k8s.io ---- -# needed for StatefulSet -kind: Service -apiVersion: v1 -metadata: - name: csi-provisioner-ntnx-plugin - namespace: {{ .Release.Namespace }} - labels: - app: csi-provisioner-ntnx-plugin -spec: - selector: - app: csi-provisioner-ntnx-plugin - ports: - - name: dummy - port: 12345 ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: csi-node-ntnx-plugin - namespace: {{ .Release.Namespace }} ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-node-runner - namespace: {{ .Release.Namespace }} -rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list", "update"] - - apiGroups: [""] - resources: ["namespaces"] - verbs: ["get", "list"] - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["storage.k8s.io"] - resources: ["volumeattachments"] - verbs: ["get", "list", "watch", "update"] ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-node-role - namespace: {{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: csi-node-ntnx-plugin - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: csi-node-runner - apiGroup: rbac.authorization.k8s.io - diff --git a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/ntnx-secret.yaml b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/ntnx-secret.yaml deleted file mode 100755 index dbf22bdfc..000000000 --- a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/ntnx-secret.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if eq .Values.createSecret true }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Values.secretName }} - namespace: {{ .Release.Namespace }} -data: - # base64 encoded prism-ip:prism-port:admin:password. - # E.g.: echo -n "10.83.0.91:9440:admin:mypassword" | base64 - key: {{ printf "%s:9440:%s:%s" .Values.prismEndPoint .Values.username .Values.password | b64enc}} -{{- end }} \ No newline at end of file diff --git a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/sc.yaml b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/sc.yaml deleted file mode 100755 index b7ba803e2..000000000 --- a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/sc.yaml +++ /dev/null @@ -1,73 +0,0 @@ -{{- if eq .Values.volumeClass true }} -kind: StorageClass -apiVersion: storage.k8s.io/v1 -metadata: - name: nutanix-volume -{{- if eq .Values.defaultStorageClass "volume" }} - annotations: - storageclass.kubernetes.io/is-default-class: "true" -{{- end }} -provisioner: {{ include "nutanix-csi-storage.drivername" . }} -parameters: - storageType: NutanixVolumes - csi.storage.k8s.io/provisioner-secret-name: {{ .Values.secretName }} - csi.storage.k8s.io/provisioner-secret-namespace: {{ .Release.Namespace }} - csi.storage.k8s.io/node-publish-secret-name: {{ .Values.secretName }} - csi.storage.k8s.io/node-publish-secret-namespace: {{ .Release.Namespace }} - csi.storage.k8s.io/controller-expand-secret-name: {{ .Values.secretName }} - csi.storage.k8s.io/controller-expand-secret-namespace: {{ .Release.Namespace }} - dataServiceEndPoint: {{ .Values.dataServiceEndPoint }} - storageContainer: {{ .Values.storageContainer }} - csi.storage.k8s.io/fstype: {{ .Values.fsType }} -{{- if eq .Values.lvmVolume true }} - isLVMVolume: "true" - numLVMDisks: {{ quote .Values.lvmDisks }} -{{- end }} -allowVolumeExpansion: true -reclaimPolicy: Delete ---- -apiVersion: snapshot.storage.k8s.io/v1beta1 -kind: VolumeSnapshotClass -metadata: - name: nutanix-snapshot-class -driver: {{ include "nutanix-csi-storage.drivername" . }} -parameters: - storageType: NutanixVolumes - csi.storage.k8s.io/snapshotter-secret-name: {{ .Values.secretName }} - csi.storage.k8s.io/snapshotter-secret-namespace: {{ .Release.Namespace }} -deletionPolicy: Delete -{{- end }} ---- -{{- if eq .Values.fileClass true }} -kind: StorageClass -apiVersion: storage.k8s.io/v1 -metadata: - name: nutanix-file -{{- if eq .Values.defaultStorageClass "file" }} - annotations: - storageclass.kubernetes.io/is-default-class: "true" -{{- end }} -provisioner: {{ include "nutanix-csi-storage.drivername" . }} -parameters: - storageType: NutanixFiles - nfsServer: {{ .Values.fileHost }} - nfsPath: {{ .Values.filePath }} -{{- end }} ---- -{{- if eq .Values.dynamicFileClass true }} -kind: StorageClass -apiVersion: storage.k8s.io/v1 -metadata: - name: nutanix-dynamicfile -{{- if eq .Values.defaultStorageClass "dynfile" }} - annotations: - storageclass.kubernetes.io/is-default-class: "true" -{{- end }} -provisioner: {{ include "nutanix-csi-storage.drivername" . }} -parameters: - storageType: NutanixFiles - dynamicProv: ENABLED - nfsServerName: {{ .Values.fileServerName }} - csi.storage.k8s.io/provisioner-secret-name: {{ .Values.secretName }} - csi.storage.k8s.io/provisioner-secret-namespace: {{ .Release.Namespace }} -{{- end }} \ No newline at end of file diff --git a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/snapshot-controller-rbac.yaml b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/snapshot-controller-rbac.yaml deleted file mode 100755 index eb6bb088c..000000000 --- a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/snapshot-controller-rbac.yaml +++ /dev/null @@ -1,78 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: snapshot-controller - namespace: {{ .Release.Namespace }} ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: snapshot-controller-runner - namespace: {{ .Release.Namespace }} -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents"] - verbs: ["create", "get", "list", "watch", "update", "delete"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots/status"] - verbs: ["update"] - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: snapshot-controller-role - namespace: {{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: snapshot-controller - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: snapshot-controller-runner - apiGroup: rbac.authorization.k8s.io - ---- -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: snapshot-controller-leaderelection - namespace: {{ .Release.Namespace }} -rules: -- apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "watch", "list", "delete", "update", "create"] - ---- -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: snapshot-controller-leaderelection - namespace: {{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: snapshot-controller - namespace: {{ .Release.Namespace }} -roleRef: - kind: Role - name: snapshot-controller-leaderelection - apiGroup: rbac.authorization.k8s.io - diff --git a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/snapshot-controller-setup.yaml b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/snapshot-controller-setup.yaml deleted file mode 100755 index 57cf273ae..000000000 --- a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/snapshot-controller-setup.yaml +++ /dev/null @@ -1,24 +0,0 @@ -kind: StatefulSet -apiVersion: apps/v1 -metadata: - name: snapshot-controller - namespace: {{ .Release.Namespace }} -spec: - serviceName: "snapshot-controller" - replicas: 1 - selector: - matchLabels: - app: snapshot-controller - template: - metadata: - labels: - app: snapshot-controller - spec: - serviceAccount: snapshot-controller - containers: - - name: snapshot-controller - image: quay.io/k8scsi/snapshot-controller:v2.0.1 - args: - - "--v=5" - - "--leader-election=false" - imagePullPolicy: Always diff --git a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/values.yaml b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/values.yaml deleted file mode 100755 index b8be1d667..000000000 --- a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/values.yaml +++ /dev/null @@ -1,67 +0,0 @@ -# Default values for nutanix-csi-storage. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -# parameters - -# Legacy mode -# -# if legacy set to true we keep the old reverse domain notation for CSI driver name (com.nutanix.csi). -# need to be set to true only if upgrade and initialy installed with helm package before 2.2.x -legacy: false - -# OS settings -# -# Starting v2.3.1 CSI driver is OS independent, this value is deprecated -os: none - - -# Storage Class settings -# -# choose for wich mode (Volume, File, Dynamic File) storageclass need to be created -volumeClass: true -fileClass: false -dynamicFileClass: false - - -# Default Storage Class settings -# -# Decide wich storageclass will be the default -# value are: node, volume, file, dynfile -defaultStorageClass: none - -# Nutanix Prism Elements settings -# -# Allow dynamic creation of Volumes and Fileshare -# needed if volumeClass or dynamicFileClass is set to true - -prismEndPoint: 10.0.0.1 - -username: admin -password: nutanix/4u - -secretName: ntnx-secret - -# Nutanix Prism Elements Existing Secret -# -# if set to false a new secret will not be created -createSecret: true - - -# Volumes Settings -# -dataServiceEndPoint: 10.0.0.2 -storageContainer: default -fsType: xfs - -lvmVolume: false -lvmDisks: 4 - -# Files Settings -# -fileHost: 10.0.0.3 -filePath: share - -# Dynamic Files Settings -# -fileServerName: file diff --git a/charts/openebs/openebs/1.12.300+up1.12.3/Chart.yaml b/charts/openebs/openebs/1.12.300+up1.12.3/Chart.yaml deleted file mode 100644 index 66bca2982..000000000 --- a/charts/openebs/openebs/1.12.300+up1.12.3/Chart.yaml +++ /dev/null @@ -1,22 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: openebs -apiVersion: v1 -appVersion: 1.12.0 -description: Containerized Storage for Containers -home: http://www.openebs.io/ -icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/openebs/icon/color/openebs-icon-color.png -keywords: -- cloud-native-storage -- block-storage -- iSCSI -- storage -maintainers: -- email: kiran.mova@openebs.io - name: kmova -- email: prateek.pandey@openebs.io - name: prateekpandey14 -name: openebs -sources: -- https://github.com/openebs/openebs -version: 1.12.300+up1.12.3 diff --git a/charts/openebs/openebs/1.12.300+up1.12.3/OWNERS b/charts/openebs/openebs/1.12.300+up1.12.3/OWNERS deleted file mode 100644 index 874423e12..000000000 --- a/charts/openebs/openebs/1.12.300+up1.12.3/OWNERS +++ /dev/null @@ -1,6 +0,0 @@ -approvers: -- kmova -- prateekpandey14 -reviewers: -- kmova -- prateekpandey14 diff --git a/charts/openebs/openebs/1.12.300+up1.12.3/README.md b/charts/openebs/openebs/1.12.300+up1.12.3/README.md deleted file mode 100644 index a97908152..000000000 --- a/charts/openebs/openebs/1.12.300+up1.12.3/README.md +++ /dev/null @@ -1,135 +0,0 @@ -# OpenEBS Helm Chart - -[OpenEBS](https://github.com/openebs/openebs) is an *open source storage platform* that provides persistent and containerized block storage for DevOps and container environments. -OpenEBS provides multiple storage engines that can be plugged in easily. A common pattern is the use of OpenEBS to deliver Dynamic LocalPV for those applications and workloads that want to access disks and cloud volumes directly. - -OpenEBS can be deployed on any Kubernetes cluster - either in cloud, on-premise or developer laptop (minikube). OpenEBS itself is deployed as just another container on your cluster, and enables storage services that can be designated on a per pod, application, cluster or container level. - -## Introduction - -This chart bootstraps OpenEBS deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -## Quickstart and documentation - -You can run OpenEBS on any Kubernetes 1.13+ cluster in a matter of seconds. See the [Quickstart Guide to OpenEBS](https://docs.openebs.io/docs/next/quickstart.html) for detailed instructions. - -For more comprehensive documentation, start with the [Welcome to OpenEBS](https://docs.openebs.io/docs/next/overview.html) docs. - -## Prerequisites - -- Kubernetes 1.13+ with RBAC enabled -- iSCSI PV support in the underlying infrastructure - -## Adding OpenEBS Helm repository - -Before installing OpenEBS Helm charts, you need to add the [OpenEBS Helm repository](https://openebs.github.io/charts) to your Helm client. - -```bash -helm repo add openebs https://openebs.github.io/charts -``` - -## Installing OpenEBS - -```bash -helm install --namespace openebs openebs/openebs -``` - -## Installing OpenEBS with the release name - -```bash -helm install --name `my-release` --namespace openebs openebs/openebs -``` - -## To uninstall/delete instance with release name - -```bash -helm ls --all -helm delete `my-release` -``` - -## Configuration - -The following table lists the configurable parameters of the OpenEBS chart and their default values. - -| Parameter | Description | Default | -| ----------------------------------------| --------------------------------------------- | ----------------------------------------- | -| `rbac.create` | Enable RBAC Resources | `true` | -| `rbac.pspEnabled` | Create pod security policy resources | `false` | -| `image.pullPolicy` | Container pull policy | `IfNotPresent` | -| `image.repository` | Specify which docker registry to use | `""` | -| `apiserver.enabled` | Enable API Server | `true` | -| `apiserver.image` | Image for API Server | `openebs/m-apiserver` | -| `apiserver.imageTag` | Image Tag for API Server | `1.12.0` | -| `apiserver.replicas` | Number of API Server Replicas | `1` | -| `apiserver.sparse.enabled` | Create Sparse Pool based on Sparsefile | `false` | -| `provisioner.enabled` | Enable Provisioner | `true` | -| `provisioner.image` | Image for Provisioner | `openebs/openebs-k8s-provisioner` | -| `provisioner.imageTag` | Image Tag for Provisioner | `1.12.0` | -| `provisioner.replicas` | Number of Provisioner Replicas | `1` | -| `localprovisioner.enabled` | Enable localProvisioner | `true` | -| `localprovisioner.image` | Image for localProvisioner | `openebs/provisioner-localpv` | -| `localprovisioner.imageTag` | Image Tag for localProvisioner | `1.12.0` | -| `localprovisioner.replicas` | Number of localProvisioner Replicas | `1` | -| `localprovisioner.basePath` | BasePath for hostPath volumes on Nodes | `/var/openebs/local` | -| `webhook.enabled` | Enable admission server | `true` | -| `webhook.image` | Image for admission server | `openebs/admission-server` | -| `webhook.imageTag` | Image Tag for admission server | `1.12.0` | -| `webhook.replicas` | Number of admission server Replicas | `1` | -| `webhook.hostNetwork` | Use hostNetwork in admission server | `false` | -| `snapshotOperator.enabled` | Enable Snapshot Provisioner | `true` | -| `snapshotOperator.provisioner.image` | Image for Snapshot Provisioner | `openebs/snapshot-provisioner` | -| `snapshotOperator.provisioner.imageTag` | Image Tag for Snapshot Provisioner | `1.12.0` | -| `snapshotOperator.controller.image` | Image for Snapshot Controller | `openebs/snapshot-controller` | -| `snapshotOperator.controller.imageTag` | Image Tag for Snapshot Controller | `1.12.0` | -| `snapshotOperator.replicas` | Number of Snapshot Operator Replicas | `1` | -| `ndm.enabled` | Enable Node Disk Manager | `true` | -| `ndm.image` | Image for Node Disk Manager | `openebs/node-disk-manager` | -| `ndm.imageTag` | Image Tag for Node Disk Manager | `0.7.0` | -| `ndm.sparse.path` | Directory where Sparse files are created | `/var/openebs/sparse` | -| `ndm.sparse.size` | Size of the sparse file in bytes | `10737418240` | -| `ndm.sparse.count` | Number of sparse files to be created | `0` | -| `ndm.filters.enableOsDiskExcludeFilter` | Enable filters of OS disk exclude | `true` | -| `ndm.filters.enableVendorFilter` | Enable filters of venders | `true` | -| `ndm.filters.excludeVendors` | Exclude devices with specified vendor | `CLOUDBYT,OpenEBS` | -| `ndm.filters.enablePathFilter` | Enable filters of paths | `true` | -| `ndm.filters.includePaths` | Include devices with specified path patterns | `""` | -| `ndm.filters.excludePaths` | Exclude devices with specified path patterns | `loop,fd0,sr0,/dev/ram,/dev/dm-,/dev/md,/dev/rbd`| -| `ndm.probes.enableSeachest` | Enable Seachest probe for NDM | `false` | -| `ndmOperator.enabled` | Enable NDM Operator | `true` | -| `ndmOperator.image` | Image for NDM Operator | `openebs/node-disk-operator` | -| `ndmOperator.imageTag` | Image Tag for NDM Operator | `0.7.0` | -| `jiva.image` | Image for Jiva | `openebs/jiva` | -| `jiva.imageTag` | Image Tag for Jiva | `1.12.0` | -| `jiva.replicas` | Number of Jiva Replicas | `3` | -| `jiva.defaultStoragePath` | hostpath used by default Jiva StorageClass | `/var/openebs` | -| `cstor.pool.image` | Image for cStor Pool | `openebs/cstor-pool` | -| `cstor.pool.imageTag` | Image Tag for cStor Pool | `1.12.0` | -| `cstor.poolMgmt.image` | Image for cStor Pool Management | `openebs/cstor-pool-mgmt` | -| `cstor.poolMgmt.imageTag` | Image Tag for cStor Pool Management | `1.12.0` | -| `cstor.target.image` | Image for cStor Target | `openebs/cstor-istgt` | -| `cstor.target.imageTag` | Image Tag for cStor Target | `1.12.0` | -| `cstor.volumeMgmt.image` | Image for cStor Volume Management | `openebs/cstor-volume-mgmt` | -| `cstor.volumeMgmt.imageTag` | Image Tag for cStor Volume Management | `1.12.0` | -| `helper.image` | Image for helper | `openebs/linux-utils` | -| `helper.imageTag` | Image Tag for helper | `1.12.0` | -| `featureGates.enabled` | Enable feature gates for OpenEBS | `false` | -| `featureGates.GPTBasedUUID.enabled` | Enable GPT based UUID generation in NDM | `false` | -| `crd.enableInstall` | Enable installation of CRDs by OpenEBS | `true` | -| `policies.monitoring.image` | Image for Prometheus Exporter | `openebs/m-exporter` | -| `policies.monitoring.imageTag` | Image Tag for Prometheus Exporter | `1.12.0` | -| `analytics.enabled` | Enable sending stats to Google Analytics | `true` | -| `analytics.pingInterval` | Duration(hours) between sending ping stat | `24h` | -| `defaultStorageConfig.enabled` | Enable default storage class installation | `true` | -| `varDirectoryPath.baseDir` | To store debug info of OpenEBS containers | `/var/openebs` | -| `healthCheck.initialDelaySeconds` | Delay before liveness probe is initiated | `30` | -| `healthCheck.periodSeconds` | How often to perform the liveness probe | `60` | - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```bash -helm install --name openebs -f values.yaml openebs/openebs -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) diff --git a/charts/openebs/openebs/1.12.300+up1.12.3/app-readme.md b/charts/openebs/openebs/1.12.300+up1.12.3/app-readme.md deleted file mode 100644 index e6a3d5f48..000000000 --- a/charts/openebs/openebs/1.12.300+up1.12.3/app-readme.md +++ /dev/null @@ -1,10 +0,0 @@ -# OpenEBS - -OpenEBS is an open source storage platform that provides persistent container attached, cloud-native block storage for DevOps and for Kubernetes environments. - -OpenEBS allows you to treat your persistent workload containers, such as DBs on containers, just like other containers. OpenEBS itself is deployed as just another container on your host and enables storage services that can be designated on a per pod, application, cluster or container level, including: -- Data persistence across nodes, dramatically reducing time spent rebuilding Cassandra rings for example. -- Synchronization of data across availability zones and cloud providers. -- Use of commodity hardware plus a container engine to deliver so called container attached block storage. -- Integration with Kubernetes, so developer and application intent flows into OpenEBS configurations automatically. -- Management of tiering to and from S3 and other targets. diff --git a/charts/openebs/openebs/1.12.300+up1.12.3/questions.yml b/charts/openebs/openebs/1.12.300+up1.12.3/questions.yml deleted file mode 100644 index c0d4641cb..000000000 --- a/charts/openebs/openebs/1.12.300+up1.12.3/questions.yml +++ /dev/null @@ -1,200 +0,0 @@ -questions: -- variable: defaultImage - default: true - description: "Use default OpenEBS images" - label: Use Default Image - type: boolean - show_subquestion_if: false - group: "Container Images" - subquestions: - - variable: apiserver.image - default: "openebs/m-apiserver" - description: "Default API Server image for OpenEBS" - type: string - label: API Server Image - - variable: apiserver.imageTag - default: "1.12.0" - description: "The image tag of API Server image" - type: string - label: Image Tag For OpenEBS API Server Image - - variable: provisioner.image - default: "openebs/openebs-k8s-provisioner" - description: "Default K8s Provisioner image for OpenEBS" - type: string - label: Provisioner Image - - variable: provisioner.imageTag - default: "1.12.0" - description: "The image tag of Provisioner image" - type: string - label: Image Tag For Provisioner Image - - variable: snapshotOperator.controller.image - default: "openebs/snapshot-controller" - description: "Default Snapshot Controller image for OpenEBS" - type: string - label: Snapshot Controller Image - - variable: snapshotOperator.controller.imageTag - default: "1.12.0" - description: "The image tag of Snapshot Controller image" - type: string - label: Image Tag For OpenEBS Snapshot Controller Image - - variable: snapshotOperator.provisioner.image - default: "openebs/snapshot-provisioner" - description: "Default Snapshot Provisioner image for OpenEBS" - type: string - label: Snapshot Provisioner Image - - variable: snapshotOperator.provisioner.imageTag - default: "1.12.0" - description: "The image tag of Snapshot Provisioner image" - type: string - label: Image Tag For OpenEBS Snapshot Provisioner Image - - variable: ndm.image - default: "openebs/node-disk-manager" - description: "Default NDM image" - type: string - label: Node Disk Manager Image - - variable: ndm.imageTag - default: "0.7.0" - description: "The image tag of NDM image" - type: string - label: Image Tag For Node Disk Manager Image - - variable: ndmOperator.image - default: "openebs/node-disk-operator" - description: "Default NDO image" - type: string - label: Node Disk Operator Image - - variable: ndmOperator.imageTag - default: "0.7.0" - description: "The image tag of NDO image" - type: string - label: Image Tag For Node Disk Manager Image - - variable: jiva.image - default: "openebs/jiva" - description: "Default Jiva Storage Engine image for OpenEBS" - type: string - label: Jiva Storage Engine Image - - variable: jiva.imageTag - default: "1.12.0" - description: "The image tag of Jiva image" - type: string - label: Image Tag For OpenEBS Jiva Storage Engine Image - - variable: cstor.pool.image - default: "openebs/cstor-pool" - description: "Default cStor Storage Engine Pool image for OpenEBS" - type: string - label: cStor Storage Engine Pool Image - - variable: cstor.pool.imageTag - default: "1.12.0" - description: "The image tag of cStor Storage Engine Pool image" - type: string - label: Image Tag For OpenEBS cStor Storage Engine Pool Image - - variable: cstor.poolMgmt.image - default: "openebs/cstor-pool-mgmt" - description: "Default cStor Storage Engine Pool Management image for OpenEBS" - type: string - label: cStor Storage Engine Pool Management Image - - variable: cstor.poolMgmt.imageTag - default: "1.12.0" - description: "The image tag of cStor Storage Engine Pool Management image" - type: string - label: Image Tag For OpenEBS cStor Storage Engine Pool Management Image - - variable: cstor.target.image - default: "openebs/cstor-istgt" - description: "Default cStor Storage Engine Target image for OpenEBS" - type: string - label: cStor Storage Engine Target Image - - variable: cstor.target.imageTag - default: "1.12.0" - description: "The image tag of cStor Storage Engine Target image" - type: string - label: Image Tag For OpenEBS cStor Storage Engine Target Image - - variable: cstor.volumeMgmt.image - default: "openebs/cstor-volume-mgmt" - description: "Default cStor Storage Engine Target Management image for OpenEBS" - type: string - label: cStor Storage Engine Target Management Image - - variable: cstor.volumeMgmt.imageTag - default: "1.12.0" - description: "The image tag of cStor Storage Engine Target Management image" - type: string - label: Image Tag For OpenEBS cStor Storage Engine Target Management Image - - variable: policies.monitoring.image - default: "openebs/m-exporter" - description: "Default OpeneEBS Volume and pool Exporter image" - type: string - label: Monitoring Exporter Image - show_if: "policies.monitoring.enabled=true&&defaultImage=false" - - variable: policies.monitoring.imageTag - default: "1.12.0" - description: "The image tag of OpenEBS Exporter" - type: string - label: Image Tag For OpenEBS Exporter Image - show_if: "policies.monitoring.enabled=true&&defaultImage=false" -- variable: ndm.filters.excludeVendors - default: 'CLOUDBYT,OpenEBS' - type: string - description: "Configure NDM to filter disks from following vendors" - label: Filter Disks belonging to vendors - group: "NDM Disk Filter by Vendor " -- variable: ndm.filters.excludePaths - default: 'loop,fd0,sr0,/dev/ram,/dev/dm-,/dev/md' - type: string - description: "Configure NDM to filter disks from following paths" - label: Filter Disks belonging to paths - group: "NDM Disk Filter by Path" -- variable: ndm.sparse.enabled - default: true - description: "Create a cStor Pool on Sparse Disks" - label: Create cStor Pool on Sprase Disks - type: boolean - show_subquestion_if: true - group: "NDM Sparse Disk Settings" - subquestions: - - variable: ndm.sparse.size - default: "10737418240" - description: "Default Size of Sparse Disk" - type: string - label: Sparse Disk Size in bytes - - variable: ndm.sparse.count - default: "0" - description: "Number of Sparse Disks" - type: string - label: Number of Sparse Disks - - variable: ndm.sparse.path - default: "/var/openebs/sparse" - description: "Directory where Sparse Disks should be created" - type: string - label: Directory for Sparse Disks -- variable: defaultPorts - default: true - description: "Use default Communication Ports" - label: Use Default Ports - type: boolean - show_subquestion_if: false - group: "Communication Ports" - subquestions: - - variable: apiserver.ports.externalPort - default: 5656 - description: "Default External Port for OpenEBS API Server" - type: int - min: 0 - max: 9999 - label: OpenEBS API Server External Port - - variable: apiserver.ports.internalPort - default: 5656 - description: "Default Internal Port for OpenEBS API Server" - type: int - min: 0 - max: 9999 - label: OpenEBS API Server Internal Port -- variable: policies.monitoring.enabled - default: true - description: "Enable prometheus monitoring" - type: boolean - label: Enable Prometheus Monitoring - group: "Monitoring Settings" -- variable: analytics.enabled - default: true - description: "Enable sending anonymous statistics to OpenEBS Google Analytics" - type: boolean - label: Enable updating OpenEBS with usage details - group: "Anonymous Analytics" diff --git a/charts/openebs/openebs/1.12.300+up1.12.3/templates/NOTES.txt b/charts/openebs/openebs/1.12.300+up1.12.3/templates/NOTES.txt deleted file mode 100644 index 299a52638..000000000 --- a/charts/openebs/openebs/1.12.300+up1.12.3/templates/NOTES.txt +++ /dev/null @@ -1,27 +0,0 @@ -The OpenEBS has been installed. Check its status by running: -$ kubectl get pods -n {{ .Release.Namespace }} - -For dynamically creating OpenEBS Volumes, you can either create a new StorageClass or -use one of the default storage classes provided by OpenEBS. - -Use `kubectl get sc` to see the list of installed OpenEBS StorageClasses. A sample -PVC spec using `openebs-jiva-default` StorageClass is given below:" - ---- -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: demo-vol-claim -spec: - storageClassName: openebs-jiva-default - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 5G ---- - -Please note that, OpenEBS uses iSCSI for connecting applications with the -OpenEBS Volumes and your nodes should have the iSCSI initiator installed. - -For more information, visit our Slack at https://openebs.io/community or view the documentation online at http://docs.openebs.io/. diff --git a/charts/openebs/openebs/1.12.300+up1.12.3/templates/_helpers.tpl b/charts/openebs/openebs/1.12.300+up1.12.3/templates/_helpers.tpl deleted file mode 100644 index 09c63c5a4..000000000 --- a/charts/openebs/openebs/1.12.300+up1.12.3/templates/_helpers.tpl +++ /dev/null @@ -1,43 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "openebs.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "openebs.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "openebs.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "openebs.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "openebs.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} diff --git a/charts/openebs/openebs/1.12.300+up1.12.3/templates/clusterrole.yaml b/charts/openebs/openebs/1.12.300+up1.12.3/templates/clusterrole.yaml deleted file mode 100644 index 3a8d3ced8..000000000 --- a/charts/openebs/openebs/1.12.300+up1.12.3/templates/clusterrole.yaml +++ /dev/null @@ -1,50 +0,0 @@ -{{- if .Values.rbac.create }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "openebs.fullname" . }} - labels: - app: {{ template "openebs.name" . }} - chart: {{ template "openebs.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -rules: -- apiGroups: ["*"] - resources: ["nodes", "nodes/proxy"] - verbs: ["*"] -- apiGroups: ["*"] - resources: ["namespaces", "services", "pods", "pods/exec", "deployments", "deployments/finalizers", "replicationcontrollers", "replicasets", "events", "endpoints", "configmaps", "secrets", "jobs", "cronjobs" ] - verbs: ["*"] -- apiGroups: ["*"] - resources: ["statefulsets", "daemonsets"] - verbs: ["*"] -- apiGroups: ["*"] - resources: ["resourcequotas", "limitranges"] - verbs: ["list", "watch"] -- apiGroups: ["*"] - resources: ["ingresses", "horizontalpodautoscalers", "verticalpodautoscalers", "poddisruptionbudgets", "certificatesigningrequests"] - verbs: ["list", "watch"] -- apiGroups: ["*"] - resources: ["storageclasses", "persistentvolumeclaims", "persistentvolumes"] - verbs: ["*"] -- apiGroups: ["volumesnapshot.external-storage.k8s.io"] - resources: ["volumesnapshots", "volumesnapshotdatas"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] -- apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: [ "get", "list", "create", "update", "delete", "patch"] -- apiGroups: ["openebs.io"] - resources: [ "*"] - verbs: ["*" ] -- apiGroups: ["cstor.openebs.io"] - resources: [ "*"] - verbs: ["*" ] -- apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "watch", "list", "delete", "update", "create"] -- apiGroups: ["admissionregistration.k8s.io"] - resources: ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"] - verbs: ["get", "create", "list", "delete", "update", "patch"] -- nonResourceURLs: ["/metrics"] - verbs: ["get"] -{{- end }} diff --git a/charts/openebs/openebs/1.12.300+up1.12.3/templates/clusterrolebinding.yaml b/charts/openebs/openebs/1.12.300+up1.12.3/templates/clusterrolebinding.yaml deleted file mode 100644 index 0ada25cd6..000000000 --- a/charts/openebs/openebs/1.12.300+up1.12.3/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.rbac.create }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "openebs.fullname" . }} - labels: - app: {{ template "openebs.name" . }} - chart: {{ template "openebs.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "openebs.fullname" . }} -subjects: -- kind: ServiceAccount - name: {{ template "openebs.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/openebs/openebs/1.12.300+up1.12.3/templates/cm-node-disk-manager.yaml b/charts/openebs/openebs/1.12.300+up1.12.3/templates/cm-node-disk-manager.yaml deleted file mode 100644 index 165eabb50..000000000 --- a/charts/openebs/openebs/1.12.300+up1.12.3/templates/cm-node-disk-manager.yaml +++ /dev/null @@ -1,46 +0,0 @@ -{{- if .Values.ndm.enabled }} -# This is the node-disk-manager related config. -# It can be used to customize the disks probes and filters -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "openebs.fullname" . }}-ndm-config - labels: - app: {{ template "openebs.name" . }} - chart: {{ template "openebs.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - component: ndm-config - openebs.io/component-name: ndm-config -data: - # udev-probe is default or primary probe which should be enabled to run ndm - # filterconfigs contains configs of filters - in the form of include - # and exclude comma separated strings - node-disk-manager.config: | - probeconfigs: - - key: udev-probe - name: udev probe - state: true - - key: seachest-probe - name: seachest probe - state: {{ .Values.ndm.probes.enableSeachest }} - - key: smart-probe - name: smart probe - state: true - filterconfigs: - - key: os-disk-exclude-filter - name: os disk exclude filter - state: {{ .Values.ndm.filters.enableOsDiskExcludeFilter }} - exclude: "/,/etc/hosts,/boot" - - key: vendor-filter - name: vendor filter - state: {{ .Values.ndm.filters.enableVendorFilter }} - include: "" - exclude: "{{ .Values.ndm.filters.excludeVendors }}" - - key: path-filter - name: path filter - state: {{ .Values.ndm.filters.enablePathFilter }} - include: "{{ .Values.ndm.filters.includePaths }}" - exclude: "{{ .Values.ndm.filters.excludePaths }}" ---- -{{- end }} diff --git a/charts/openebs/openebs/1.12.300+up1.12.3/templates/daemonset-ndm.yaml b/charts/openebs/openebs/1.12.300+up1.12.3/templates/daemonset-ndm.yaml deleted file mode 100644 index 2d8aae373..000000000 --- a/charts/openebs/openebs/1.12.300+up1.12.3/templates/daemonset-ndm.yaml +++ /dev/null @@ -1,147 +0,0 @@ -{{- if .Values.ndm.enabled }} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ template "openebs.fullname" . }}-ndm - labels: - app: {{ template "openebs.name" . }} - chart: {{ template "openebs.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - component: ndm - openebs.io/component-name: ndm - openebs.io/version: {{ .Values.release.version }} -spec: - updateStrategy: - type: "RollingUpdate" - selector: - matchLabels: - app: {{ template "openebs.name" . }} - release: {{ .Release.Name }} - component: ndm - template: - metadata: - labels: - app: {{ template "openebs.name" . }} - release: {{ .Release.Name }} - component: ndm - openebs.io/component-name: ndm - name: openebs-ndm - openebs.io/version: {{ .Values.release.version }} - spec: - serviceAccountName: {{ template "openebs.serviceAccountName" . }} - hostNetwork: true - containers: - - name: {{ template "openebs.name" . }}-ndm - image: "{{ .Values.image.repository }}{{ .Values.ndm.image }}:{{ .Values.ndm.imageTag }}" - args: - - -v=4 -{{- if .Values.featureGates.enabled }} -{{- if .Values.featureGates.GPTBasedUUID.enabled }} - - --feature-gates={{ .Values.featureGates.GPTBasedUUID.featureGateFlag }} -{{- end}} -{{- end}} - imagePullPolicy: {{ .Values.image.pullPolicy }} - securityContext: - privileged: true - env: - # namespace in which NDM is installed will be passed to NDM Daemonset - # as environment variable - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - # pass hostname as env variable using downward API to the NDM container - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName -{{- if .Values.ndm.sparse }} -{{- if .Values.ndm.sparse.path }} - # specify the directory where the sparse files need to be created. - # if not specified, then sparse files will not be created. - - name: SPARSE_FILE_DIR - value: "{{ .Values.ndm.sparse.path }}" -{{- end }} -{{- if .Values.ndm.sparse.size }} - # Size(bytes) of the sparse file to be created. - - name: SPARSE_FILE_SIZE - value: "{{ .Values.ndm.sparse.size }}" -{{- end }} -{{- if .Values.ndm.sparse.count }} - # Specify the number of sparse files to be created - - name: SPARSE_FILE_COUNT - value: "{{ .Values.ndm.sparse.count }}" -{{- end }} -{{- end }} - # Process name used for matching is limited to the 15 characters - # present in the pgrep output. - # So fullname can be used here with pgrep (cmd is < 15 chars). - livenessProbe: - exec: - command: - - pgrep - - "ndm" - initialDelaySeconds: {{ .Values.ndm.healthCheck.initialDelaySeconds }} - periodSeconds: {{ .Values.ndm.healthCheck.periodSeconds }} - volumeMounts: - - name: config - mountPath: /host/node-disk-manager.config - subPath: node-disk-manager.config - readOnly: true - - name: udev - mountPath: /run/udev - - name: procmount - mountPath: /host/proc - readOnly: true - - name: basepath - mountPath: /var/openebs/ndm -{{- if .Values.ndm.sparse }} -{{- if .Values.ndm.sparse.path }} - - name: sparsepath - mountPath: {{ .Values.ndm.sparse.path }} -{{- end }} -{{- end }} - volumes: - - name: config - configMap: - name: {{ template "openebs.fullname" . }}-ndm-config - - name: udev - hostPath: - path: /run/udev - type: Directory - # mount /proc (to access mount file of process 1 of host) inside container - # to read mount-point of disks and partitions - - name: procmount - hostPath: - path: /proc - type: Directory - - name: basepath - hostPath: - path: "{{ .Values.varDirectoryPath.baseDir }}/ndm" - type: DirectoryOrCreate -{{- if .Values.ndm.sparse }} -{{- if .Values.ndm.sparse.path }} - - name: sparsepath - hostPath: - path: {{ .Values.ndm.sparse.path }} -{{- end }} -{{- end }} - # By default the node-disk-manager will be run on all kubernetes nodes - # If you would like to limit this to only some nodes, say the nodes - # that have storage attached, you could label those node and use - # nodeSelector. - # - # e.g. label the storage nodes with - "openebs.io/nodegroup"="storage-node" - # kubectl label node "openebs.io/nodegroup"="storage-node" - #nodeSelector: - # "openebs.io/nodegroup": "storage-node" -{{- if .Values.ndm.nodeSelector }} - nodeSelector: -{{ toYaml .Values.ndm.nodeSelector | indent 8 }} -{{- end }} -{{- if .Values.ndm.tolerations }} - tolerations: -{{ toYaml .Values.ndm.tolerations | indent 8 }} -{{- end }} -{{- end }} diff --git a/charts/openebs/openebs/1.12.300+up1.12.3/templates/deployment-admission-server.yaml b/charts/openebs/openebs/1.12.300+up1.12.3/templates/deployment-admission-server.yaml deleted file mode 100644 index a577de02d..000000000 --- a/charts/openebs/openebs/1.12.300+up1.12.3/templates/deployment-admission-server.yaml +++ /dev/null @@ -1,76 +0,0 @@ -{{- if .Values.webhook.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "openebs.fullname" . }}-admission-server - labels: - app: admission-webhook - chart: {{ template "openebs.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - component: admission-webhook - openebs.io/component-name: admission-webhook - openebs.io/version: {{ .Values.release.version }} -spec: - replicas: {{ .Values.webhook.replicas }} - strategy: - type: "Recreate" - rollingUpdate: null - selector: - matchLabels: - app: admission-webhook - template: - metadata: - labels: - app: admission-webhook - name: admission-webhook - release: {{ .Release.Name }} - openebs.io/version: {{ .Values.release.version }} - openebs.io/component-name: admission-webhook - spec: -{{- if .Values.webhook.hostNetwork }} - hostNetwork: true -{{- end }} -{{- if .Values.webhook.nodeSelector }} - nodeSelector: -{{ toYaml .Values.webhook.nodeSelector | indent 8 }} -{{- end }} -{{- if .Values.webhook.tolerations }} - tolerations: -{{ toYaml .Values.webhook.tolerations | indent 8 }} -{{- end }} -{{- if .Values.webhook.affinity }} - affinity: -{{ toYaml .Values.webhook.affinity | indent 8 }} -{{- end }} - serviceAccountName: {{ template "openebs.serviceAccountName" . }} - containers: - - name: admission-webhook - image: "{{ .Values.image.repository }}{{ .Values.webhook.image }}:{{ .Values.webhook.imageTag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - args: - - -alsologtostderr - - -v=2 - - 2>&1 - env: - - name: OPENEBS_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: ADMISSION_WEBHOOK_FAILURE_POLICY - value: "{{ .Values.webhook.failurePolicy }}" - # Process name used for matching is limited to the 15 characters - # present in the pgrep output. - # So fullname can't be used here with pgrep (>15 chars).A regular expression - # Anchor `^` : matches any string that starts with `admission-serve` - # `.*`: matche any string that has `admission-serve` followed by zero or more char - # that matches the entire command name has to specified. - livenessProbe: - exec: - command: - - sh - - -c - - test `pgrep -c "^admission-serve.*"` = 1 - initialDelaySeconds: {{ .Values.webhook.healthCheck.initialDelaySeconds }} - periodSeconds: {{ .Values.webhook.healthCheck.periodSeconds }} -{{- end }} diff --git a/charts/openebs/openebs/1.12.300+up1.12.3/templates/deployment-local-provisioner.yaml b/charts/openebs/openebs/1.12.300+up1.12.3/templates/deployment-local-provisioner.yaml deleted file mode 100644 index ba064a790..000000000 --- a/charts/openebs/openebs/1.12.300+up1.12.3/templates/deployment-local-provisioner.yaml +++ /dev/null @@ -1,99 +0,0 @@ -{{- if .Values.localprovisioner.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "openebs.fullname" . }}-localpv-provisioner - labels: - app: {{ template "openebs.name" . }} - chart: {{ template "openebs.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - component: localpv-provisioner - openebs.io/component-name: openebs-localpv-provisioner - openebs.io/version: {{ .Values.release.version }} -spec: - replicas: {{ .Values.localprovisioner.replicas }} - strategy: - type: "Recreate" - rollingUpdate: null - selector: - matchLabels: - app: {{ template "openebs.name" . }} - release: {{ .Release.Name }} - template: - metadata: - labels: - app: {{ template "openebs.name" . }} - release: {{ .Release.Name }} - component: localpv-provisioner - name: openebs-localpv-provisioner - openebs.io/component-name: openebs-localpv-provisioner - openebs.io/version: {{ .Values.release.version }} - spec: - serviceAccountName: {{ template "openebs.serviceAccountName" . }} - containers: - - name: {{ template "openebs.name" . }}-localpv-provisioner - image: "{{ .Values.image.repository }}{{ .Values.localprovisioner.image }}:{{ .Values.localprovisioner.imageTag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - env: - # OPENEBS_IO_K8S_MASTER enables openebs provisioner to connect to K8s - # based on this address. This is ignored if empty. - # This is supported for openebs provisioner version 0.5.2 onwards - #- name: OPENEBS_IO_K8S_MASTER - # value: "http://10.128.0.12:8080" - # OPENEBS_IO_KUBE_CONFIG enables openebs provisioner to connect to K8s - # based on this config. This is ignored if empty. - # This is supported for openebs provisioner version 0.5.2 onwards - #- name: OPENEBS_IO_KUBE_CONFIG - # value: "/home/ubuntu/.kube/config" - # OPENEBS_NAMESPACE is the namespace that this provisioner will - # lookup to find maya api service - - name: OPENEBS_NAMESPACE - value: "{{ .Release.Namespace }}" - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - # OPENEBS_SERVICE_ACCOUNT provides the service account of this pod as - # environment variable - - name: OPENEBS_SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - # OPENEBS_IO_BASE_PATH is the environment variable that provides the - # default base path on the node where host-path PVs will be provisioned. - - name: OPENEBS_IO_ENABLE_ANALYTICS - value: "{{ .Values.analytics.enabled }}" - - name: OPENEBS_IO_BASE_PATH - value: "{{ .Values.localprovisioner.basePath }}" - - name: OPENEBS_IO_HELPER_IMAGE - value: "{{ .Values.image.repository }}{{ .Values.helper.image }}:{{ .Values.helper.imageTag }}" - - name: OPENEBS_IO_INSTALLER_TYPE - value: "charts-helm" - # Process name used for matching is limited to the 15 characters - # present in the pgrep output. - # So fullname can't be used here with pgrep (>15 chars).A regular expression - # that matches the entire command name has to specified. - # Anchor `^` : matches any string that starts with `provisioner-loc` - # `.*`: matches any string that has `provisioner-loc` followed by zero or more char - livenessProbe: - exec: - command: - - sh - - -c - - test `pgrep -c "^provisioner-loc.*"` = 1 - initialDelaySeconds: {{ .Values.localprovisioner.healthCheck.initialDelaySeconds }} - periodSeconds: {{ .Values.localprovisioner.healthCheck.periodSeconds }} -{{- if .Values.localprovisioner.nodeSelector }} - nodeSelector: -{{ toYaml .Values.localprovisioner.nodeSelector | indent 8 }} -{{- end }} -{{- if .Values.localprovisioner.tolerations }} - tolerations: -{{ toYaml .Values.localprovisioner.tolerations | indent 8 }} -{{- end }} -{{- if .Values.localprovisioner.affinity }} - affinity: -{{ toYaml .Values.localprovisioner.affinity | indent 8 }} -{{- end }} -{{- end }} diff --git a/charts/openebs/openebs/1.12.300+up1.12.3/templates/deployment-maya-apiserver.yaml b/charts/openebs/openebs/1.12.300+up1.12.3/templates/deployment-maya-apiserver.yaml deleted file mode 100644 index 5f4b5884e..000000000 --- a/charts/openebs/openebs/1.12.300+up1.12.3/templates/deployment-maya-apiserver.yaml +++ /dev/null @@ -1,165 +0,0 @@ -{{- if .Values.apiserver.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "openebs.fullname" . }}-apiserver - labels: - app: {{ template "openebs.name" . }} - chart: {{ template "openebs.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - component: apiserver - name: maya-apiserver - openebs.io/component-name: maya-apiserver - openebs.io/version: {{ .Values.release.version }} -spec: - replicas: {{ .Values.apiserver.replicas }} - strategy: - type: "Recreate" - rollingUpdate: null - selector: - matchLabels: - app: {{ template "openebs.name" . }} - release: {{ .Release.Name }} - template: - metadata: - labels: - app: {{ template "openebs.name" . }} - release: {{ .Release.Name }} - component: apiserver - name: maya-apiserver - openebs.io/component-name: maya-apiserver - openebs.io/version: {{ .Values.release.version }} - spec: - serviceAccountName: {{ template "openebs.serviceAccountName" . }} - containers: - - name: {{ template "openebs.name" . }}-apiserver - image: "{{ .Values.image.repository }}{{ .Values.apiserver.image }}:{{ .Values.apiserver.imageTag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - ports: - - containerPort: {{ .Values.apiserver.ports.internalPort }} - env: - # OPENEBS_IO_KUBE_CONFIG enables maya api service to connect to K8s - # based on this config. This is ignored if empty. - # This is supported for maya api server version 0.5.2 onwards - #- name: OPENEBS_IO_KUBE_CONFIG - # value: "/home/ubuntu/.kube/config" - # OPENEBS_IO_K8S_MASTER enables maya api service to connect to K8s - # based on this address. This is ignored if empty. - # This is supported for maya api server version 0.5.2 onwards - #- name: OPENEBS_IO_K8S_MASTER - # value: "http://172.28.128.3:8080" - # OPENEBS_NAMESPACE provides the namespace of this deployment as an - # environment variable - - name: OPENEBS_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - # OPENEBS_SERVICE_ACCOUNT provides the service account of this pod as - # environment variable - - name: OPENEBS_SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - # OPENEBS_MAYA_POD_NAME provides the name of this pod as - # environment variable - - name: OPENEBS_MAYA_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - # If OPENEBS_IO_CREATE_DEFAULT_STORAGE_CONFIG is false then OpenEBS default - # storageclass and storagepool will not be created. - - name: OPENEBS_IO_CREATE_DEFAULT_STORAGE_CONFIG - value: "{{ .Values.defaultStorageConfig.enabled }}" - # OPENEBS_IO_INSTALL_DEFAULT_CSTOR_SPARSE_POOL decides whether default cstor sparse pool should be - # configured as a part of openebs installation. - # If "true" a default cstor sparse pool will be configured, if "false" it will not be configured. - # This value takes effect only if OPENEBS_IO_CREATE_DEFAULT_STORAGE_CONFIG - # is set to true - - name: OPENEBS_IO_INSTALL_DEFAULT_CSTOR_SPARSE_POOL - value: "{{ .Values.apiserver.sparse.enabled }}" - # OPENEBS_IO_CSTOR_TARGET_DIR can be used to specify the hostpath - # to be used for saving the shared content between the side cars - # of cstor volume pod. - # The default path used is /var/openebs/sparse - - name: OPENEBS_IO_CSTOR_TARGET_DIR - value: "{{ .Values.ndm.sparse.path }}" - # OPENEBS_IO_CSTOR_POOL_SPARSE_DIR can be used to specify the hostpath - # to be used for saving the shared content between the side cars - # of cstor pool pod. This ENV is also used to indicate the location - # of the sparse devices. - # The default path used is /var/openebs/sparse - - name: OPENEBS_IO_CSTOR_POOL_SPARSE_DIR - value: "{{ .Values.ndm.sparse.path }}" - # OPENEBS_IO_JIVA_POOL_DIR can be used to specify the hostpath - # to be used for default Jiva StoragePool loaded by OpenEBS - # The default path used is /var/openebs - # This value takes effect only if OPENEBS_IO_CREATE_DEFAULT_STORAGE_CONFIG - # is set to true - - name: OPENEBS_IO_JIVA_POOL_DIR - value: "{{ .Values.jiva.defaultStoragePath }}" - # OPENEBS_IO_LOCALPV_HOSTPATH_DIR can be used to specify the hostpath - # to be used for default openebs-hostpath storageclass loaded by OpenEBS - # The default path used is /var/openebs/local - # This value takes effect only if OPENEBS_IO_CREATE_DEFAULT_STORAGE_CONFIG - # is set to true - - name: OPENEBS_IO_LOCALPV_HOSTPATH_DIR - value: "{{ .Values.localprovisioner.basePath }}" - # OPENEBS_IO_BASE_DIR used by the OpenEBS to store debug information and - # so forth that are generated in the course of running OpenEBS containers. - - name: OPENEBS_IO_BASE_DIR - value: "{{ .Values.varDirectoryPath.baseDir }}" - - name: OPENEBS_IO_JIVA_CONTROLLER_IMAGE - value: "{{ .Values.image.repository }}{{ .Values.jiva.image }}:{{ .Values.jiva.imageTag }}" - - name: OPENEBS_IO_JIVA_REPLICA_IMAGE - value: "{{ .Values.image.repository }}{{ .Values.jiva.image }}:{{ .Values.jiva.imageTag }}" - - name: OPENEBS_IO_JIVA_REPLICA_COUNT - value: "{{ .Values.jiva.replicas }}" - - name: OPENEBS_IO_CSTOR_TARGET_IMAGE - value: "{{ .Values.image.repository }}{{ .Values.cstor.target.image }}:{{ .Values.cstor.target.imageTag }}" - - name: OPENEBS_IO_CSTOR_POOL_IMAGE - value: "{{ .Values.image.repository }}{{ .Values.cstor.pool.image }}:{{ .Values.cstor.pool.imageTag }}" - - name: OPENEBS_IO_CSTOR_POOL_MGMT_IMAGE - value: "{{ .Values.image.repository }}{{ .Values.cstor.poolMgmt.image }}:{{ .Values.cstor.poolMgmt.imageTag }}" - - name: OPENEBS_IO_CSTOR_VOLUME_MGMT_IMAGE - value: "{{ .Values.image.repository }}{{ .Values.cstor.volumeMgmt.image }}:{{ .Values.cstor.volumeMgmt.imageTag }}" - - name: OPENEBS_IO_VOLUME_MONITOR_IMAGE - value: "{{ .Values.image.repository }}{{ .Values.policies.monitoring.image }}:{{ .Values.policies.monitoring.imageTag }}" - - name: OPENEBS_IO_CSTOR_POOL_EXPORTER_IMAGE - value: "{{ .Values.image.repository }}{{ .Values.policies.monitoring.image }}:{{ .Values.policies.monitoring.imageTag }}" - - name: OPENEBS_IO_HELPER_IMAGE - value: "{{ .Values.image.repository }}{{ .Values.helper.image }}:{{ .Values.helper.imageTag }}" - # OPENEBS_IO_ENABLE_ANALYTICS if set to true sends anonymous usage - # events to Google Analytics - - name: OPENEBS_IO_ENABLE_ANALYTICS - value: "{{ .Values.analytics.enabled }}" - # OPENEBS_IO_ANALYTICS_PING_INTERVAL can be used to specify the duration (in hours) - # for periodic ping events sent to Google Analytics. Default is 24 hours. - - name: OPENEBS_IO_ANALYTICS_PING_INTERVAL - value: "{{ .Values.analytics.pingInterval }}" - - name: OPENEBS_IO_INSTALLER_TYPE - value: "charts-helm" - # OPENEBS_IO_INSTALL_CRD environment variable is used to enable/disable CRD installation - # from Maya API server. By default the CRDs will be installed - - name: OPENEBS_IO_INSTALL_CRD - value: "{{ .Values.crd.enableInstall }}" - livenessProbe: - exec: - command: - - /usr/local/bin/mayactl - - version - initialDelaySeconds: {{ .Values.apiserver.healthCheck.initialDelaySeconds }} - periodSeconds: {{ .Values.apiserver.healthCheck.periodSeconds }} -{{- if .Values.apiserver.nodeSelector }} - nodeSelector: -{{ toYaml .Values.apiserver.nodeSelector | indent 8 }} -{{- end }} -{{- if .Values.apiserver.tolerations }} - tolerations: -{{ toYaml .Values.apiserver.tolerations | indent 8 }} -{{- end }} -{{- if .Values.apiserver.affinity }} - affinity: -{{ toYaml .Values.apiserver.affinity | indent 8 }} -{{- end }} -{{- end }} diff --git a/charts/openebs/openebs/1.12.300+up1.12.3/templates/deployment-maya-provisioner.yaml b/charts/openebs/openebs/1.12.300+up1.12.3/templates/deployment-maya-provisioner.yaml deleted file mode 100644 index df917018e..000000000 --- a/charts/openebs/openebs/1.12.300+up1.12.3/templates/deployment-maya-provisioner.yaml +++ /dev/null @@ -1,98 +0,0 @@ -{{- if .Values.provisioner.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "openebs.fullname" . }}-provisioner - labels: - app: {{ template "openebs.name" . }} - chart: {{ template "openebs.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - component: provisioner - name: openebs-provisioner - openebs.io/component-name: openebs-provisioner - openebs.io/version: {{ .Values.release.version }} -spec: - replicas: {{ .Values.provisioner.replicas }} - strategy: - type: "Recreate" - rollingUpdate: null - selector: - matchLabels: - app: {{ template "openebs.name" . }} - release: {{ .Release.Name }} - template: - metadata: - labels: - app: {{ template "openebs.name" . }} - release: {{ .Release.Name }} - component: provisioner - name: openebs-provisioner - openebs.io/component-name: openebs-provisioner - openebs.io/version: {{ .Values.release.version }} - spec: - serviceAccountName: {{ template "openebs.serviceAccountName" . }} - containers: - - name: {{ template "openebs.name" . }}-provisioner - image: "{{ .Values.image.repository }}{{ .Values.provisioner.image }}:{{ .Values.provisioner.imageTag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - env: - # OPENEBS_IO_K8S_MASTER enables openebs provisioner to connect to K8s - # based on this address. This is ignored if empty. - # This is supported for openebs provisioner version 0.5.2 onwards - #- name: OPENEBS_IO_K8S_MASTER - # value: "http://10.128.0.12:8080" - # OPENEBS_IO_KUBE_CONFIG enables openebs provisioner to connect to K8s - # based on this config. This is ignored if empty. - # This is supported for openebs provisioner version 0.5.2 onwards - #- name: OPENEBS_IO_KUBE_CONFIG - # value: "/home/ubuntu/.kube/config" - # OPENEBS_NAMESPACE is the namespace that this provisioner will - # lookup to find maya api service - - name: OPENEBS_NAMESPACE - value: "{{ .Release.Namespace }}" - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - # OPENEBS_MAYA_SERVICE_NAME provides the maya-apiserver K8s service name, - # that provisioner should forward the volume create/delete requests. - # If not present, "maya-apiserver-service" will be used for lookup. - # This is supported for openebs provisioner version 0.5.3-RC1 onwards - - name: OPENEBS_MAYA_SERVICE_NAME - value: "{{ template "openebs.fullname" . }}-apiservice" - # The following values will be set as annotations to the PV object. - # Refer : https://github.com/openebs/external-storage/pull/15 - #- name: OPENEBS_MONITOR_URL - # value: "{{ .Values.provisioner.monitorUrl }}" - #- name: OPENEBS_MONITOR_VOLKEY - # value: "{{ .Values.provisioner.monitorVolumeKey }}" - #- name: MAYA_PORTAL_URL - # value: "{{ .Values.provisioner.mayaPortalUrl }}" - # Process name used for matching is limited to the 15 characters - # present in the pgrep output. - # So fullname can't be used here with pgrep (>15 chars).A regular expression - # that matches the entire command name has to specified. - # Anchor `^` : matches any string that starts with `openebs-provis` - # `.*`: matches any string that has `openebs-provis` followed by zero or more char - livenessProbe: - exec: - command: - - sh - - -c - - test `pgrep -c "^openebs-provisi.*"` = 1 - initialDelaySeconds: {{ .Values.provisioner.healthCheck.initialDelaySeconds }} - periodSeconds: {{ .Values.provisioner.healthCheck.periodSeconds }} -{{- if .Values.provisioner.nodeSelector }} - nodeSelector: -{{ toYaml .Values.provisioner.nodeSelector | indent 8 }} -{{- end }} -{{- if .Values.provisioner.tolerations }} - tolerations: -{{ toYaml .Values.provisioner.tolerations | indent 8 }} -{{- end }} -{{- if .Values.provisioner.affinity }} - affinity: -{{ toYaml .Values.provisioner.affinity | indent 8 }} -{{- end }} -{{- end }} diff --git a/charts/openebs/openebs/1.12.300+up1.12.3/templates/deployment-maya-snapshot-operator.yaml b/charts/openebs/openebs/1.12.300+up1.12.3/templates/deployment-maya-snapshot-operator.yaml deleted file mode 100644 index 707986831..000000000 --- a/charts/openebs/openebs/1.12.300+up1.12.3/templates/deployment-maya-snapshot-operator.yaml +++ /dev/null @@ -1,131 +0,0 @@ -{{- if .Values.snapshotOperator.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "openebs.fullname" . }}-snapshot-operator - labels: - app: {{ template "openebs.name" . }} - chart: {{ template "openebs.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - component: snapshot-operator - openebs.io/component-name: openebs-snapshot-operator - openebs.io/version: {{ .Values.release.version }} -spec: - replicas: {{ .Values.snapshotOperator.replicas }} - selector: - matchLabels: - app: {{ template "openebs.name" . }} - release: {{ .Release.Name }} - strategy: - type: "Recreate" - rollingUpdate: null - template: - metadata: - labels: - app: {{ template "openebs.name" . }} - release: {{ .Release.Name }} - component: snapshot-operator - name: openebs-snapshot-operator - openebs.io/version: {{ .Values.release.version }} - openebs.io/component-name: openebs-snapshot-operator - spec: - serviceAccountName: {{ template "openebs.serviceAccountName" . }} - containers: - - name: {{ template "openebs.name" . }}-snapshot-controller - image: "{{ .Values.image.repository }}{{ .Values.snapshotOperator.controller.image }}:{{ .Values.snapshotOperator.controller.imageTag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - env: - # OPENEBS_IO_K8S_MASTER enables openebs snapshot controller to connect to K8s - # based on this address. This is ignored if empty. - # This is supported for openebs snapshot controller version 0.6-RC1 onwards - #- name: OPENEBS_IO_K8S_MASTER - # value: "http://10.128.0.12:8080" - # OPENEBS_IO_KUBE_CONFIG enables openebs snapshot controller to connect to K8s - # based on this config. This is ignored if empty. - # This is supported for openebs snapshot controller version 0.6-RC1 onwards - #- name: OPENEBS_IO_KUBE_CONFIG - # value: "/home/ubuntu/.kube/config" - # OPENEBS_NAMESPACE is the namespace that this snapshot controller will - # lookup to find maya api service - - name: OPENEBS_NAMESPACE - value: "{{ .Release.Namespace }}" - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - # OPENEBS_MAYA_SERVICE_NAME provides the maya-apiserver K8s service name, - # that snapshot controller should forward the volume snapshot requests. - # If not present, "maya-apiserver-service" will be used for lookup. - # This is supported for openebs snapshot controller version 0.6-RC1 onwards - - name: OPENEBS_MAYA_SERVICE_NAME - value: "{{ template "openebs.fullname" . }}-apiservice" - # Process name used for matching is limited to the 15 characters - # present in the pgrep output. - # So fullname can't be used here with pgrep (>15 chars).A regular expression - # that matches the entire command name has to specified. - # Anchor `^` : matches any string that starts with `snapshot-contro` - # `.*`: matches any string that has `snapshot-contro` followed by zero or more char - livenessProbe: - exec: - command: - - sh - - -c - - test `pgrep -c "^snapshot-contro.*"` = 1 - initialDelaySeconds: {{ .Values.snapshotOperator.healthCheck.initialDelaySeconds }} - periodSeconds: {{ .Values.snapshotOperator.healthCheck.periodSeconds }} - - name: {{ template "openebs.name" . }}-snapshot-provisioner - image: "{{ .Values.image.repository }}{{ .Values.snapshotOperator.provisioner.image }}:{{ .Values.snapshotOperator.provisioner.imageTag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - env: - # OPENEBS_IO_K8S_MASTER enables openebs snapshot provisioner to connect to K8s - # based on this address. This is ignored if empty. - # This is supported for openebs snapshot provisioner version 0.6-RC1 onwards - #- name: OPENEBS_IO_K8S_MASTER - # value: "http://10.128.0.12:8080" - # OPENEBS_IO_KUBE_CONFIG enables openebs snapshot provisioner to connect to K8s - # based on this config. This is ignored if empty. - # This is supported for openebs snapshot provisioner version 0.6-RC1 onwards - #- name: OPENEBS_IO_KUBE_CONFIG - # value: "/home/ubuntu/.kube/config" - # OPENEBS_NAMESPACE is the namespace that this snapshot provisioner will - # lookup to find maya api service - - name: OPENEBS_NAMESPACE - value: "{{ .Release.Namespace }}" - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - # OPENEBS_MAYA_SERVICE_NAME provides the maya-apiserver K8s service name, - # that snapshot provisioner should forward the volume snapshot PV requests. - # If not present, "maya-apiserver-service" will be used for lookup. - # This is supported for openebs snapshot provisioner version 0.6-RC1 onwards - - name: OPENEBS_MAYA_SERVICE_NAME - value: "{{ template "openebs.fullname" . }}-apiservice" - # Process name used for matching is limited to the 15 characters - # present in the pgrep output. - # So fullname can't be used here with pgrep (>15 chars).A regular expression - # that matches the entire command name has to specified. - # Anchor `^` : matches any string that starts with `snapshot-provis` - # `.*`: matches any string that has `snapshot-provis` followed by zero or more char - livenessProbe: - exec: - command: - - sh - - -c - - test `pgrep -c "^snapshot-provis.*"` = 1 - initialDelaySeconds: {{ .Values.snapshotOperator.healthCheck.initialDelaySeconds }} - periodSeconds: {{ .Values.snapshotOperator.healthCheck.periodSeconds }} -{{- if .Values.snapshotOperator.nodeSelector }} - nodeSelector: -{{ toYaml .Values.snapshotOperator.nodeSelector | indent 8 }} -{{- end }} -{{- if .Values.snapshotOperator.tolerations }} - tolerations: -{{ toYaml .Values.snapshotOperator.tolerations | indent 8 }} -{{- end }} -{{- if .Values.snapshotOperator.affinity }} - affinity: -{{ toYaml .Values.snapshotOperator.affinity | indent 8 }} -{{- end }} -{{- end }} diff --git a/charts/openebs/openebs/1.12.300+up1.12.3/templates/deployment-ndm-operator.yaml b/charts/openebs/openebs/1.12.300+up1.12.3/templates/deployment-ndm-operator.yaml deleted file mode 100644 index 27e61d5a0..000000000 --- a/charts/openebs/openebs/1.12.300+up1.12.3/templates/deployment-ndm-operator.yaml +++ /dev/null @@ -1,87 +0,0 @@ -{{- if .Values.ndmOperator.enabled }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "openebs.fullname" . }}-ndm-operator - labels: - app: {{ template "openebs.name" . }} - chart: {{ template "openebs.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - component: ndm-operator - openebs.io/component-name: ndm-operator - openebs.io/version: {{ .Values.release.version }} - name: ndm-operator -spec: - replicas: {{ .Values.ndmOperator.replicas }} - strategy: - type: "Recreate" - rollingUpdate: null - selector: - matchLabels: - app: {{ template "openebs.name" . }} - release: {{ .Release.Name }} - template: - metadata: - labels: - app: {{ template "openebs.name" . }} - release: {{ .Release.Name }} - component: ndm-operator - name: ndm-operator - openebs.io/component-name: ndm-operator - openebs.io/version: {{ .Values.release.version }} - spec: - serviceAccountName: {{ template "openebs.serviceAccountName" . }} - containers: - - name: {{ template "openebs.fullname" . }}-ndm-operator - image: "{{ .Values.image.repository }}{{ .Values.ndmOperator.image }}:{{ .Values.ndmOperator.imageTag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - readinessProbe: - exec: - command: - - stat - - /tmp/operator-sdk-ready - initialDelaySeconds: {{ .Values.ndmOperator.readinessCheck.initialDelaySeconds }} - periodSeconds: {{ .Values.ndmOperator.readinessCheck.periodSeconds }} - failureThreshold: {{ .Values.ndmOperator.readinessCheck.failureThreshold }} - env: - - name: WATCH_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: OPERATOR_NAME - value: "node-disk-operator" - - name: CLEANUP_JOB_IMAGE - value: "{{ .Values.image.repository }}{{ .Values.helper.image }}:{{ .Values.helper.imageTag }}" - # OPENEBS_IO_INSTALL_CRD environment variable is used to enable/disable CRD installation - # from NDM Operator. By default the CRDs will be installed - - name: OPENEBS_IO_INSTALL_CRD - value: "{{ .Values.crd.enableInstall }}" - # Process name used for matching is limited to the 15 characters - # present in the pgrep output. - # So fullname can be used here with pgrep (cmd is < 15 chars). - livenessProbe: - exec: - command: - - pgrep - - "ndo" - initialDelaySeconds: {{ .Values.ndmOperator.healthCheck.initialDelaySeconds }} - periodSeconds: {{ .Values.ndmOperator.healthCheck.periodSeconds }} -{{- if .Values.ndmOperator.nodeSelector }} - nodeSelector: -{{ toYaml .Values.ndmOperator.nodeSelector | indent 8 }} -{{- end }} -{{- if .Values.ndmOperator.tolerations }} - tolerations: -{{ toYaml .Values.ndmOperator.tolerations | indent 8 }} -{{- end }} -{{- end }} diff --git a/charts/openebs/openebs/1.12.300+up1.12.3/templates/psp-clusterrole.yaml b/charts/openebs/openebs/1.12.300+up1.12.3/templates/psp-clusterrole.yaml deleted file mode 100644 index a6c4807dd..000000000 --- a/charts/openebs/openebs/1.12.300+up1.12.3/templates/psp-clusterrole.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if and .Values.rbac.create .Values.rbac.pspEnabled }} -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ template "openebs.fullname" . }}-psp - labels: - app: {{ template "openebs.name" . }} -rules: -- apiGroups: ['extensions'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "openebs.fullname" . }}-psp -{{- end }} diff --git a/charts/openebs/openebs/1.12.300+up1.12.3/templates/psp-clusterrolebinding.yaml b/charts/openebs/openebs/1.12.300+up1.12.3/templates/psp-clusterrolebinding.yaml deleted file mode 100644 index 5a4205877..000000000 --- a/charts/openebs/openebs/1.12.300+up1.12.3/templates/psp-clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and .Values.rbac.create .Values.rbac.pspEnabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "openebs.fullname" . }}-psp - labels: - app: {{ template "openebs.name" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "openebs.fullname" . }}-psp -subjects: - - kind: ServiceAccount - name: {{ template "openebs.serviceAccountName" . }} - namespace: {{ $.Release.Namespace }} -{{- end }} - diff --git a/charts/openebs/openebs/1.12.300+up1.12.3/templates/psp.yaml b/charts/openebs/openebs/1.12.300+up1.12.3/templates/psp.yaml deleted file mode 100644 index 0442f0e5d..000000000 --- a/charts/openebs/openebs/1.12.300+up1.12.3/templates/psp.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{- if and .Values.rbac.create .Values.rbac.pspEnabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "openebs.fullname" . }}-psp - namespace: {{ $.Release.Namespace }} - labels: - app: {{ template "openebs.name" . }} -spec: - privileged: true - allowPrivilegeEscalation: true - allowedCapabilities: ['*'] - volumes: ['*'] - hostNetwork: true - hostPorts: - - min: 0 - max: 65535 - hostIPC: true - hostPID: true - runAsUser: - rule: 'RunAsAny' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'RunAsAny' - fsGroup: - rule: 'RunAsAny' -{{- end }} diff --git a/charts/openebs/openebs/1.12.300+up1.12.3/templates/service-maya-apiserver.yaml b/charts/openebs/openebs/1.12.300+up1.12.3/templates/service-maya-apiserver.yaml deleted file mode 100644 index d44bcb0f8..000000000 --- a/charts/openebs/openebs/1.12.300+up1.12.3/templates/service-maya-apiserver.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.apiserver.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "openebs.fullname" . }}-apiservice - labels: - app: {{ template "openebs.name" . }} - chart: {{ template "openebs.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - openebs.io/component-name: maya-apiserver-svc -spec: - ports: - - name: api - port: {{ .Values.apiserver.ports.externalPort }} - targetPort: {{ .Values.apiserver.ports.internalPort }} - protocol: TCP - selector: - app: {{ template "openebs.name" . }} - release: {{ .Release.Name }} - component: apiserver - sessionAffinity: None -{{- end }} diff --git a/charts/openebs/openebs/1.12.300+up1.12.3/templates/serviceaccount.yaml b/charts/openebs/openebs/1.12.300+up1.12.3/templates/serviceaccount.yaml deleted file mode 100644 index 31a500455..000000000 --- a/charts/openebs/openebs/1.12.300+up1.12.3/templates/serviceaccount.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if .Values.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "openebs.serviceAccountName" . }} - labels: - app: {{ template "openebs.name" . }} - chart: {{ template "openebs.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -{{- end }} diff --git a/charts/openebs/openebs/1.12.300+up1.12.3/values.yaml b/charts/openebs/openebs/1.12.300+up1.12.3/values.yaml deleted file mode 100644 index ff2cc72c0..000000000 --- a/charts/openebs/openebs/1.12.300+up1.12.3/values.yaml +++ /dev/null @@ -1,184 +0,0 @@ -# Default values for openebs. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -rbac: - # Specifies whether RBAC resources should be created - create: true - pspEnabled: false - -serviceAccount: - create: true - name: - -release: - # "openebs.io/version" label for control plane components - version: "1.12.0" - -image: - pullPolicy: IfNotPresent - repository: "" - -apiserver: - enabled: true - image: "openebs/m-apiserver" - imageTag: "1.12.0" - replicas: 1 - ports: - externalPort: 5656 - internalPort: 5656 - sparse: - enabled: "false" - nodeSelector: {} - tolerations: [] - affinity: {} - healthCheck: - initialDelaySeconds: 30 - periodSeconds: 60 - -defaultStorageConfig: - enabled: "true" - -# Directory used by the OpenEBS to store debug information and so forth -# that are generated in the course of running OpenEBS containers. -varDirectoryPath: - baseDir: "/var/openebs" - -provisioner: - enabled: true - image: "openebs/openebs-k8s-provisioner" - imageTag: "1.12.0" - replicas: 1 - nodeSelector: {} - tolerations: [] - affinity: {} - healthCheck: - initialDelaySeconds: 30 - periodSeconds: 60 - -localprovisioner: - enabled: true - image: "openebs/provisioner-localpv" - imageTag: "1.12.0" - replicas: 1 - basePath: "/var/openebs/local" - nodeSelector: {} - tolerations: [] - affinity: {} - healthCheck: - initialDelaySeconds: 30 - periodSeconds: 60 - -snapshotOperator: - enabled: true - controller: - image: "openebs/snapshot-controller" - imageTag: "1.12.0" - provisioner: - image: "openebs/snapshot-provisioner" - imageTag: "1.12.0" - replicas: 1 - upgradeStrategy: "Recreate" - nodeSelector: {} - tolerations: [] - affinity: {} - healthCheck: - initialDelaySeconds: 30 - periodSeconds: 60 - -ndm: - enabled: true - image: "openebs/node-disk-manager" - imageTag: "0.7.0" - sparse: - path: "/var/openebs/sparse" - size: "10737418240" - count: "0" - filters: - enableOsDiskExcludeFilter: true - enableVendorFilter: true - excludeVendors: "CLOUDBYT,OpenEBS" - enablePathFilter: true - includePaths: "" - excludePaths: "loop,fd0,sr0,/dev/ram,/dev/dm-,/dev/md,/dev/rbd" - probes: - enableSeachest: false - nodeSelector: {} - tolerations: [] - healthCheck: - initialDelaySeconds: 30 - periodSeconds: 60 - -ndmOperator: - enabled: true - image: "openebs/node-disk-operator" - imageTag: "0.7.0" - replicas: 1 - upgradeStrategy: Recreate - nodeSelector: {} - tolerations: [] - healthCheck: - initialDelaySeconds: 30 - periodSeconds: 60 - readinessCheck: - initialDelaySeconds: 4 - periodSeconds: 10 - failureThreshold: 1 - -webhook: - enabled: true - image: "openebs/admission-server" - imageTag: "1.12.0" - failurePolicy: "Fail" - replicas: 1 - healthCheck: - initialDelaySeconds: 30 - periodSeconds: 60 - nodeSelector: {} - tolerations: [] - affinity: {} - hostNetwork: false - -jiva: - image: "openebs/jiva" - imageTag: "1.12.0" - replicas: 3 - defaultStoragePath: "/var/openebs" - -cstor: - pool: - image: "openebs/cstor-pool" - imageTag: "1.12.0" - poolMgmt: - image: "openebs/cstor-pool-mgmt" - imageTag: "1.12.0" - target: - image: "openebs/cstor-istgt" - imageTag: "1.12.0" - volumeMgmt: - image: "openebs/cstor-volume-mgmt" - imageTag: "1.12.0" - -helper: - image: "openebs/linux-utils" - imageTag: "1.12.0" - -featureGates: - enabled: false - GPTBasedUUID: - enabled: false - featureGateFlag: "GPTBasedUUID" - -crd: - enableInstall: true - -policies: - monitoring: - enabled: true - image: "openebs/m-exporter" - imageTag: "1.12.0" - -analytics: - enabled: true - # Specify in hours the duration after which a ping event needs to be sent. - pingInterval: "24h" diff --git a/charts/openebs/openebs/1.12.300/Chart.yaml b/charts/openebs/openebs/1.12.300/Chart.yaml deleted file mode 100755 index bd1066ace..000000000 --- a/charts/openebs/openebs/1.12.300/Chart.yaml +++ /dev/null @@ -1,22 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: openebs -apiVersion: v1 -appVersion: 1.12.0 -description: Containerized Storage for Containers -home: http://www.openebs.io/ -icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/openebs/icon/color/openebs-icon-color.png -keywords: -- cloud-native-storage -- block-storage -- iSCSI -- storage -maintainers: -- email: kiran.mova@openebs.io - name: kmova -- email: prateek.pandey@openebs.io - name: prateekpandey14 -name: openebs -sources: -- https://github.com/openebs/openebs -version: 1.12.300 diff --git a/charts/openebs/openebs/1.12.300/OWNERS b/charts/openebs/openebs/1.12.300/OWNERS deleted file mode 100755 index 874423e12..000000000 --- a/charts/openebs/openebs/1.12.300/OWNERS +++ /dev/null @@ -1,6 +0,0 @@ -approvers: -- kmova -- prateekpandey14 -reviewers: -- kmova -- prateekpandey14 diff --git a/charts/openebs/openebs/1.12.300/README.md b/charts/openebs/openebs/1.12.300/README.md deleted file mode 100755 index a97908152..000000000 --- a/charts/openebs/openebs/1.12.300/README.md +++ /dev/null @@ -1,135 +0,0 @@ -# OpenEBS Helm Chart - -[OpenEBS](https://github.com/openebs/openebs) is an *open source storage platform* that provides persistent and containerized block storage for DevOps and container environments. -OpenEBS provides multiple storage engines that can be plugged in easily. A common pattern is the use of OpenEBS to deliver Dynamic LocalPV for those applications and workloads that want to access disks and cloud volumes directly. - -OpenEBS can be deployed on any Kubernetes cluster - either in cloud, on-premise or developer laptop (minikube). OpenEBS itself is deployed as just another container on your cluster, and enables storage services that can be designated on a per pod, application, cluster or container level. - -## Introduction - -This chart bootstraps OpenEBS deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -## Quickstart and documentation - -You can run OpenEBS on any Kubernetes 1.13+ cluster in a matter of seconds. See the [Quickstart Guide to OpenEBS](https://docs.openebs.io/docs/next/quickstart.html) for detailed instructions. - -For more comprehensive documentation, start with the [Welcome to OpenEBS](https://docs.openebs.io/docs/next/overview.html) docs. - -## Prerequisites - -- Kubernetes 1.13+ with RBAC enabled -- iSCSI PV support in the underlying infrastructure - -## Adding OpenEBS Helm repository - -Before installing OpenEBS Helm charts, you need to add the [OpenEBS Helm repository](https://openebs.github.io/charts) to your Helm client. - -```bash -helm repo add openebs https://openebs.github.io/charts -``` - -## Installing OpenEBS - -```bash -helm install --namespace openebs openebs/openebs -``` - -## Installing OpenEBS with the release name - -```bash -helm install --name `my-release` --namespace openebs openebs/openebs -``` - -## To uninstall/delete instance with release name - -```bash -helm ls --all -helm delete `my-release` -``` - -## Configuration - -The following table lists the configurable parameters of the OpenEBS chart and their default values. - -| Parameter | Description | Default | -| ----------------------------------------| --------------------------------------------- | ----------------------------------------- | -| `rbac.create` | Enable RBAC Resources | `true` | -| `rbac.pspEnabled` | Create pod security policy resources | `false` | -| `image.pullPolicy` | Container pull policy | `IfNotPresent` | -| `image.repository` | Specify which docker registry to use | `""` | -| `apiserver.enabled` | Enable API Server | `true` | -| `apiserver.image` | Image for API Server | `openebs/m-apiserver` | -| `apiserver.imageTag` | Image Tag for API Server | `1.12.0` | -| `apiserver.replicas` | Number of API Server Replicas | `1` | -| `apiserver.sparse.enabled` | Create Sparse Pool based on Sparsefile | `false` | -| `provisioner.enabled` | Enable Provisioner | `true` | -| `provisioner.image` | Image for Provisioner | `openebs/openebs-k8s-provisioner` | -| `provisioner.imageTag` | Image Tag for Provisioner | `1.12.0` | -| `provisioner.replicas` | Number of Provisioner Replicas | `1` | -| `localprovisioner.enabled` | Enable localProvisioner | `true` | -| `localprovisioner.image` | Image for localProvisioner | `openebs/provisioner-localpv` | -| `localprovisioner.imageTag` | Image Tag for localProvisioner | `1.12.0` | -| `localprovisioner.replicas` | Number of localProvisioner Replicas | `1` | -| `localprovisioner.basePath` | BasePath for hostPath volumes on Nodes | `/var/openebs/local` | -| `webhook.enabled` | Enable admission server | `true` | -| `webhook.image` | Image for admission server | `openebs/admission-server` | -| `webhook.imageTag` | Image Tag for admission server | `1.12.0` | -| `webhook.replicas` | Number of admission server Replicas | `1` | -| `webhook.hostNetwork` | Use hostNetwork in admission server | `false` | -| `snapshotOperator.enabled` | Enable Snapshot Provisioner | `true` | -| `snapshotOperator.provisioner.image` | Image for Snapshot Provisioner | `openebs/snapshot-provisioner` | -| `snapshotOperator.provisioner.imageTag` | Image Tag for Snapshot Provisioner | `1.12.0` | -| `snapshotOperator.controller.image` | Image for Snapshot Controller | `openebs/snapshot-controller` | -| `snapshotOperator.controller.imageTag` | Image Tag for Snapshot Controller | `1.12.0` | -| `snapshotOperator.replicas` | Number of Snapshot Operator Replicas | `1` | -| `ndm.enabled` | Enable Node Disk Manager | `true` | -| `ndm.image` | Image for Node Disk Manager | `openebs/node-disk-manager` | -| `ndm.imageTag` | Image Tag for Node Disk Manager | `0.7.0` | -| `ndm.sparse.path` | Directory where Sparse files are created | `/var/openebs/sparse` | -| `ndm.sparse.size` | Size of the sparse file in bytes | `10737418240` | -| `ndm.sparse.count` | Number of sparse files to be created | `0` | -| `ndm.filters.enableOsDiskExcludeFilter` | Enable filters of OS disk exclude | `true` | -| `ndm.filters.enableVendorFilter` | Enable filters of venders | `true` | -| `ndm.filters.excludeVendors` | Exclude devices with specified vendor | `CLOUDBYT,OpenEBS` | -| `ndm.filters.enablePathFilter` | Enable filters of paths | `true` | -| `ndm.filters.includePaths` | Include devices with specified path patterns | `""` | -| `ndm.filters.excludePaths` | Exclude devices with specified path patterns | `loop,fd0,sr0,/dev/ram,/dev/dm-,/dev/md,/dev/rbd`| -| `ndm.probes.enableSeachest` | Enable Seachest probe for NDM | `false` | -| `ndmOperator.enabled` | Enable NDM Operator | `true` | -| `ndmOperator.image` | Image for NDM Operator | `openebs/node-disk-operator` | -| `ndmOperator.imageTag` | Image Tag for NDM Operator | `0.7.0` | -| `jiva.image` | Image for Jiva | `openebs/jiva` | -| `jiva.imageTag` | Image Tag for Jiva | `1.12.0` | -| `jiva.replicas` | Number of Jiva Replicas | `3` | -| `jiva.defaultStoragePath` | hostpath used by default Jiva StorageClass | `/var/openebs` | -| `cstor.pool.image` | Image for cStor Pool | `openebs/cstor-pool` | -| `cstor.pool.imageTag` | Image Tag for cStor Pool | `1.12.0` | -| `cstor.poolMgmt.image` | Image for cStor Pool Management | `openebs/cstor-pool-mgmt` | -| `cstor.poolMgmt.imageTag` | Image Tag for cStor Pool Management | `1.12.0` | -| `cstor.target.image` | Image for cStor Target | `openebs/cstor-istgt` | -| `cstor.target.imageTag` | Image Tag for cStor Target | `1.12.0` | -| `cstor.volumeMgmt.image` | Image for cStor Volume Management | `openebs/cstor-volume-mgmt` | -| `cstor.volumeMgmt.imageTag` | Image Tag for cStor Volume Management | `1.12.0` | -| `helper.image` | Image for helper | `openebs/linux-utils` | -| `helper.imageTag` | Image Tag for helper | `1.12.0` | -| `featureGates.enabled` | Enable feature gates for OpenEBS | `false` | -| `featureGates.GPTBasedUUID.enabled` | Enable GPT based UUID generation in NDM | `false` | -| `crd.enableInstall` | Enable installation of CRDs by OpenEBS | `true` | -| `policies.monitoring.image` | Image for Prometheus Exporter | `openebs/m-exporter` | -| `policies.monitoring.imageTag` | Image Tag for Prometheus Exporter | `1.12.0` | -| `analytics.enabled` | Enable sending stats to Google Analytics | `true` | -| `analytics.pingInterval` | Duration(hours) between sending ping stat | `24h` | -| `defaultStorageConfig.enabled` | Enable default storage class installation | `true` | -| `varDirectoryPath.baseDir` | To store debug info of OpenEBS containers | `/var/openebs` | -| `healthCheck.initialDelaySeconds` | Delay before liveness probe is initiated | `30` | -| `healthCheck.periodSeconds` | How often to perform the liveness probe | `60` | - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```bash -helm install --name openebs -f values.yaml openebs/openebs -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) diff --git a/charts/openebs/openebs/1.12.300/app-readme.md b/charts/openebs/openebs/1.12.300/app-readme.md deleted file mode 100755 index e6a3d5f48..000000000 --- a/charts/openebs/openebs/1.12.300/app-readme.md +++ /dev/null @@ -1,10 +0,0 @@ -# OpenEBS - -OpenEBS is an open source storage platform that provides persistent container attached, cloud-native block storage for DevOps and for Kubernetes environments. - -OpenEBS allows you to treat your persistent workload containers, such as DBs on containers, just like other containers. OpenEBS itself is deployed as just another container on your host and enables storage services that can be designated on a per pod, application, cluster or container level, including: -- Data persistence across nodes, dramatically reducing time spent rebuilding Cassandra rings for example. -- Synchronization of data across availability zones and cloud providers. -- Use of commodity hardware plus a container engine to deliver so called container attached block storage. -- Integration with Kubernetes, so developer and application intent flows into OpenEBS configurations automatically. -- Management of tiering to and from S3 and other targets. diff --git a/charts/openebs/openebs/1.12.300/questions.yml b/charts/openebs/openebs/1.12.300/questions.yml deleted file mode 100755 index c0d4641cb..000000000 --- a/charts/openebs/openebs/1.12.300/questions.yml +++ /dev/null @@ -1,200 +0,0 @@ -questions: -- variable: defaultImage - default: true - description: "Use default OpenEBS images" - label: Use Default Image - type: boolean - show_subquestion_if: false - group: "Container Images" - subquestions: - - variable: apiserver.image - default: "openebs/m-apiserver" - description: "Default API Server image for OpenEBS" - type: string - label: API Server Image - - variable: apiserver.imageTag - default: "1.12.0" - description: "The image tag of API Server image" - type: string - label: Image Tag For OpenEBS API Server Image - - variable: provisioner.image - default: "openebs/openebs-k8s-provisioner" - description: "Default K8s Provisioner image for OpenEBS" - type: string - label: Provisioner Image - - variable: provisioner.imageTag - default: "1.12.0" - description: "The image tag of Provisioner image" - type: string - label: Image Tag For Provisioner Image - - variable: snapshotOperator.controller.image - default: "openebs/snapshot-controller" - description: "Default Snapshot Controller image for OpenEBS" - type: string - label: Snapshot Controller Image - - variable: snapshotOperator.controller.imageTag - default: "1.12.0" - description: "The image tag of Snapshot Controller image" - type: string - label: Image Tag For OpenEBS Snapshot Controller Image - - variable: snapshotOperator.provisioner.image - default: "openebs/snapshot-provisioner" - description: "Default Snapshot Provisioner image for OpenEBS" - type: string - label: Snapshot Provisioner Image - - variable: snapshotOperator.provisioner.imageTag - default: "1.12.0" - description: "The image tag of Snapshot Provisioner image" - type: string - label: Image Tag For OpenEBS Snapshot Provisioner Image - - variable: ndm.image - default: "openebs/node-disk-manager" - description: "Default NDM image" - type: string - label: Node Disk Manager Image - - variable: ndm.imageTag - default: "0.7.0" - description: "The image tag of NDM image" - type: string - label: Image Tag For Node Disk Manager Image - - variable: ndmOperator.image - default: "openebs/node-disk-operator" - description: "Default NDO image" - type: string - label: Node Disk Operator Image - - variable: ndmOperator.imageTag - default: "0.7.0" - description: "The image tag of NDO image" - type: string - label: Image Tag For Node Disk Manager Image - - variable: jiva.image - default: "openebs/jiva" - description: "Default Jiva Storage Engine image for OpenEBS" - type: string - label: Jiva Storage Engine Image - - variable: jiva.imageTag - default: "1.12.0" - description: "The image tag of Jiva image" - type: string - label: Image Tag For OpenEBS Jiva Storage Engine Image - - variable: cstor.pool.image - default: "openebs/cstor-pool" - description: "Default cStor Storage Engine Pool image for OpenEBS" - type: string - label: cStor Storage Engine Pool Image - - variable: cstor.pool.imageTag - default: "1.12.0" - description: "The image tag of cStor Storage Engine Pool image" - type: string - label: Image Tag For OpenEBS cStor Storage Engine Pool Image - - variable: cstor.poolMgmt.image - default: "openebs/cstor-pool-mgmt" - description: "Default cStor Storage Engine Pool Management image for OpenEBS" - type: string - label: cStor Storage Engine Pool Management Image - - variable: cstor.poolMgmt.imageTag - default: "1.12.0" - description: "The image tag of cStor Storage Engine Pool Management image" - type: string - label: Image Tag For OpenEBS cStor Storage Engine Pool Management Image - - variable: cstor.target.image - default: "openebs/cstor-istgt" - description: "Default cStor Storage Engine Target image for OpenEBS" - type: string - label: cStor Storage Engine Target Image - - variable: cstor.target.imageTag - default: "1.12.0" - description: "The image tag of cStor Storage Engine Target image" - type: string - label: Image Tag For OpenEBS cStor Storage Engine Target Image - - variable: cstor.volumeMgmt.image - default: "openebs/cstor-volume-mgmt" - description: "Default cStor Storage Engine Target Management image for OpenEBS" - type: string - label: cStor Storage Engine Target Management Image - - variable: cstor.volumeMgmt.imageTag - default: "1.12.0" - description: "The image tag of cStor Storage Engine Target Management image" - type: string - label: Image Tag For OpenEBS cStor Storage Engine Target Management Image - - variable: policies.monitoring.image - default: "openebs/m-exporter" - description: "Default OpeneEBS Volume and pool Exporter image" - type: string - label: Monitoring Exporter Image - show_if: "policies.monitoring.enabled=true&&defaultImage=false" - - variable: policies.monitoring.imageTag - default: "1.12.0" - description: "The image tag of OpenEBS Exporter" - type: string - label: Image Tag For OpenEBS Exporter Image - show_if: "policies.monitoring.enabled=true&&defaultImage=false" -- variable: ndm.filters.excludeVendors - default: 'CLOUDBYT,OpenEBS' - type: string - description: "Configure NDM to filter disks from following vendors" - label: Filter Disks belonging to vendors - group: "NDM Disk Filter by Vendor " -- variable: ndm.filters.excludePaths - default: 'loop,fd0,sr0,/dev/ram,/dev/dm-,/dev/md' - type: string - description: "Configure NDM to filter disks from following paths" - label: Filter Disks belonging to paths - group: "NDM Disk Filter by Path" -- variable: ndm.sparse.enabled - default: true - description: "Create a cStor Pool on Sparse Disks" - label: Create cStor Pool on Sprase Disks - type: boolean - show_subquestion_if: true - group: "NDM Sparse Disk Settings" - subquestions: - - variable: ndm.sparse.size - default: "10737418240" - description: "Default Size of Sparse Disk" - type: string - label: Sparse Disk Size in bytes - - variable: ndm.sparse.count - default: "0" - description: "Number of Sparse Disks" - type: string - label: Number of Sparse Disks - - variable: ndm.sparse.path - default: "/var/openebs/sparse" - description: "Directory where Sparse Disks should be created" - type: string - label: Directory for Sparse Disks -- variable: defaultPorts - default: true - description: "Use default Communication Ports" - label: Use Default Ports - type: boolean - show_subquestion_if: false - group: "Communication Ports" - subquestions: - - variable: apiserver.ports.externalPort - default: 5656 - description: "Default External Port for OpenEBS API Server" - type: int - min: 0 - max: 9999 - label: OpenEBS API Server External Port - - variable: apiserver.ports.internalPort - default: 5656 - description: "Default Internal Port for OpenEBS API Server" - type: int - min: 0 - max: 9999 - label: OpenEBS API Server Internal Port -- variable: policies.monitoring.enabled - default: true - description: "Enable prometheus monitoring" - type: boolean - label: Enable Prometheus Monitoring - group: "Monitoring Settings" -- variable: analytics.enabled - default: true - description: "Enable sending anonymous statistics to OpenEBS Google Analytics" - type: boolean - label: Enable updating OpenEBS with usage details - group: "Anonymous Analytics" diff --git a/charts/openebs/openebs/1.12.300/templates/NOTES.txt b/charts/openebs/openebs/1.12.300/templates/NOTES.txt deleted file mode 100755 index 299a52638..000000000 --- a/charts/openebs/openebs/1.12.300/templates/NOTES.txt +++ /dev/null @@ -1,27 +0,0 @@ -The OpenEBS has been installed. Check its status by running: -$ kubectl get pods -n {{ .Release.Namespace }} - -For dynamically creating OpenEBS Volumes, you can either create a new StorageClass or -use one of the default storage classes provided by OpenEBS. - -Use `kubectl get sc` to see the list of installed OpenEBS StorageClasses. A sample -PVC spec using `openebs-jiva-default` StorageClass is given below:" - ---- -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: demo-vol-claim -spec: - storageClassName: openebs-jiva-default - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 5G ---- - -Please note that, OpenEBS uses iSCSI for connecting applications with the -OpenEBS Volumes and your nodes should have the iSCSI initiator installed. - -For more information, visit our Slack at https://openebs.io/community or view the documentation online at http://docs.openebs.io/. diff --git a/charts/openebs/openebs/1.12.300/templates/_helpers.tpl b/charts/openebs/openebs/1.12.300/templates/_helpers.tpl deleted file mode 100755 index 09c63c5a4..000000000 --- a/charts/openebs/openebs/1.12.300/templates/_helpers.tpl +++ /dev/null @@ -1,43 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "openebs.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "openebs.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "openebs.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "openebs.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "openebs.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} diff --git a/charts/openebs/openebs/1.12.300/templates/clusterrole.yaml b/charts/openebs/openebs/1.12.300/templates/clusterrole.yaml deleted file mode 100755 index 3a8d3ced8..000000000 --- a/charts/openebs/openebs/1.12.300/templates/clusterrole.yaml +++ /dev/null @@ -1,50 +0,0 @@ -{{- if .Values.rbac.create }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "openebs.fullname" . }} - labels: - app: {{ template "openebs.name" . }} - chart: {{ template "openebs.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -rules: -- apiGroups: ["*"] - resources: ["nodes", "nodes/proxy"] - verbs: ["*"] -- apiGroups: ["*"] - resources: ["namespaces", "services", "pods", "pods/exec", "deployments", "deployments/finalizers", "replicationcontrollers", "replicasets", "events", "endpoints", "configmaps", "secrets", "jobs", "cronjobs" ] - verbs: ["*"] -- apiGroups: ["*"] - resources: ["statefulsets", "daemonsets"] - verbs: ["*"] -- apiGroups: ["*"] - resources: ["resourcequotas", "limitranges"] - verbs: ["list", "watch"] -- apiGroups: ["*"] - resources: ["ingresses", "horizontalpodautoscalers", "verticalpodautoscalers", "poddisruptionbudgets", "certificatesigningrequests"] - verbs: ["list", "watch"] -- apiGroups: ["*"] - resources: ["storageclasses", "persistentvolumeclaims", "persistentvolumes"] - verbs: ["*"] -- apiGroups: ["volumesnapshot.external-storage.k8s.io"] - resources: ["volumesnapshots", "volumesnapshotdatas"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] -- apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: [ "get", "list", "create", "update", "delete", "patch"] -- apiGroups: ["openebs.io"] - resources: [ "*"] - verbs: ["*" ] -- apiGroups: ["cstor.openebs.io"] - resources: [ "*"] - verbs: ["*" ] -- apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "watch", "list", "delete", "update", "create"] -- apiGroups: ["admissionregistration.k8s.io"] - resources: ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"] - verbs: ["get", "create", "list", "delete", "update", "patch"] -- nonResourceURLs: ["/metrics"] - verbs: ["get"] -{{- end }} diff --git a/charts/openebs/openebs/1.12.300/templates/clusterrolebinding.yaml b/charts/openebs/openebs/1.12.300/templates/clusterrolebinding.yaml deleted file mode 100755 index 0ada25cd6..000000000 --- a/charts/openebs/openebs/1.12.300/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.rbac.create }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "openebs.fullname" . }} - labels: - app: {{ template "openebs.name" . }} - chart: {{ template "openebs.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "openebs.fullname" . }} -subjects: -- kind: ServiceAccount - name: {{ template "openebs.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/openebs/openebs/1.12.300/templates/cm-node-disk-manager.yaml b/charts/openebs/openebs/1.12.300/templates/cm-node-disk-manager.yaml deleted file mode 100755 index 165eabb50..000000000 --- a/charts/openebs/openebs/1.12.300/templates/cm-node-disk-manager.yaml +++ /dev/null @@ -1,46 +0,0 @@ -{{- if .Values.ndm.enabled }} -# This is the node-disk-manager related config. -# It can be used to customize the disks probes and filters -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "openebs.fullname" . }}-ndm-config - labels: - app: {{ template "openebs.name" . }} - chart: {{ template "openebs.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - component: ndm-config - openebs.io/component-name: ndm-config -data: - # udev-probe is default or primary probe which should be enabled to run ndm - # filterconfigs contains configs of filters - in the form of include - # and exclude comma separated strings - node-disk-manager.config: | - probeconfigs: - - key: udev-probe - name: udev probe - state: true - - key: seachest-probe - name: seachest probe - state: {{ .Values.ndm.probes.enableSeachest }} - - key: smart-probe - name: smart probe - state: true - filterconfigs: - - key: os-disk-exclude-filter - name: os disk exclude filter - state: {{ .Values.ndm.filters.enableOsDiskExcludeFilter }} - exclude: "/,/etc/hosts,/boot" - - key: vendor-filter - name: vendor filter - state: {{ .Values.ndm.filters.enableVendorFilter }} - include: "" - exclude: "{{ .Values.ndm.filters.excludeVendors }}" - - key: path-filter - name: path filter - state: {{ .Values.ndm.filters.enablePathFilter }} - include: "{{ .Values.ndm.filters.includePaths }}" - exclude: "{{ .Values.ndm.filters.excludePaths }}" ---- -{{- end }} diff --git a/charts/openebs/openebs/1.12.300/templates/daemonset-ndm.yaml b/charts/openebs/openebs/1.12.300/templates/daemonset-ndm.yaml deleted file mode 100755 index 2d8aae373..000000000 --- a/charts/openebs/openebs/1.12.300/templates/daemonset-ndm.yaml +++ /dev/null @@ -1,147 +0,0 @@ -{{- if .Values.ndm.enabled }} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ template "openebs.fullname" . }}-ndm - labels: - app: {{ template "openebs.name" . }} - chart: {{ template "openebs.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - component: ndm - openebs.io/component-name: ndm - openebs.io/version: {{ .Values.release.version }} -spec: - updateStrategy: - type: "RollingUpdate" - selector: - matchLabels: - app: {{ template "openebs.name" . }} - release: {{ .Release.Name }} - component: ndm - template: - metadata: - labels: - app: {{ template "openebs.name" . }} - release: {{ .Release.Name }} - component: ndm - openebs.io/component-name: ndm - name: openebs-ndm - openebs.io/version: {{ .Values.release.version }} - spec: - serviceAccountName: {{ template "openebs.serviceAccountName" . }} - hostNetwork: true - containers: - - name: {{ template "openebs.name" . }}-ndm - image: "{{ .Values.image.repository }}{{ .Values.ndm.image }}:{{ .Values.ndm.imageTag }}" - args: - - -v=4 -{{- if .Values.featureGates.enabled }} -{{- if .Values.featureGates.GPTBasedUUID.enabled }} - - --feature-gates={{ .Values.featureGates.GPTBasedUUID.featureGateFlag }} -{{- end}} -{{- end}} - imagePullPolicy: {{ .Values.image.pullPolicy }} - securityContext: - privileged: true - env: - # namespace in which NDM is installed will be passed to NDM Daemonset - # as environment variable - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - # pass hostname as env variable using downward API to the NDM container - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName -{{- if .Values.ndm.sparse }} -{{- if .Values.ndm.sparse.path }} - # specify the directory where the sparse files need to be created. - # if not specified, then sparse files will not be created. - - name: SPARSE_FILE_DIR - value: "{{ .Values.ndm.sparse.path }}" -{{- end }} -{{- if .Values.ndm.sparse.size }} - # Size(bytes) of the sparse file to be created. - - name: SPARSE_FILE_SIZE - value: "{{ .Values.ndm.sparse.size }}" -{{- end }} -{{- if .Values.ndm.sparse.count }} - # Specify the number of sparse files to be created - - name: SPARSE_FILE_COUNT - value: "{{ .Values.ndm.sparse.count }}" -{{- end }} -{{- end }} - # Process name used for matching is limited to the 15 characters - # present in the pgrep output. - # So fullname can be used here with pgrep (cmd is < 15 chars). - livenessProbe: - exec: - command: - - pgrep - - "ndm" - initialDelaySeconds: {{ .Values.ndm.healthCheck.initialDelaySeconds }} - periodSeconds: {{ .Values.ndm.healthCheck.periodSeconds }} - volumeMounts: - - name: config - mountPath: /host/node-disk-manager.config - subPath: node-disk-manager.config - readOnly: true - - name: udev - mountPath: /run/udev - - name: procmount - mountPath: /host/proc - readOnly: true - - name: basepath - mountPath: /var/openebs/ndm -{{- if .Values.ndm.sparse }} -{{- if .Values.ndm.sparse.path }} - - name: sparsepath - mountPath: {{ .Values.ndm.sparse.path }} -{{- end }} -{{- end }} - volumes: - - name: config - configMap: - name: {{ template "openebs.fullname" . }}-ndm-config - - name: udev - hostPath: - path: /run/udev - type: Directory - # mount /proc (to access mount file of process 1 of host) inside container - # to read mount-point of disks and partitions - - name: procmount - hostPath: - path: /proc - type: Directory - - name: basepath - hostPath: - path: "{{ .Values.varDirectoryPath.baseDir }}/ndm" - type: DirectoryOrCreate -{{- if .Values.ndm.sparse }} -{{- if .Values.ndm.sparse.path }} - - name: sparsepath - hostPath: - path: {{ .Values.ndm.sparse.path }} -{{- end }} -{{- end }} - # By default the node-disk-manager will be run on all kubernetes nodes - # If you would like to limit this to only some nodes, say the nodes - # that have storage attached, you could label those node and use - # nodeSelector. - # - # e.g. label the storage nodes with - "openebs.io/nodegroup"="storage-node" - # kubectl label node "openebs.io/nodegroup"="storage-node" - #nodeSelector: - # "openebs.io/nodegroup": "storage-node" -{{- if .Values.ndm.nodeSelector }} - nodeSelector: -{{ toYaml .Values.ndm.nodeSelector | indent 8 }} -{{- end }} -{{- if .Values.ndm.tolerations }} - tolerations: -{{ toYaml .Values.ndm.tolerations | indent 8 }} -{{- end }} -{{- end }} diff --git a/charts/openebs/openebs/1.12.300/templates/deployment-admission-server.yaml b/charts/openebs/openebs/1.12.300/templates/deployment-admission-server.yaml deleted file mode 100755 index a577de02d..000000000 --- a/charts/openebs/openebs/1.12.300/templates/deployment-admission-server.yaml +++ /dev/null @@ -1,76 +0,0 @@ -{{- if .Values.webhook.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "openebs.fullname" . }}-admission-server - labels: - app: admission-webhook - chart: {{ template "openebs.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - component: admission-webhook - openebs.io/component-name: admission-webhook - openebs.io/version: {{ .Values.release.version }} -spec: - replicas: {{ .Values.webhook.replicas }} - strategy: - type: "Recreate" - rollingUpdate: null - selector: - matchLabels: - app: admission-webhook - template: - metadata: - labels: - app: admission-webhook - name: admission-webhook - release: {{ .Release.Name }} - openebs.io/version: {{ .Values.release.version }} - openebs.io/component-name: admission-webhook - spec: -{{- if .Values.webhook.hostNetwork }} - hostNetwork: true -{{- end }} -{{- if .Values.webhook.nodeSelector }} - nodeSelector: -{{ toYaml .Values.webhook.nodeSelector | indent 8 }} -{{- end }} -{{- if .Values.webhook.tolerations }} - tolerations: -{{ toYaml .Values.webhook.tolerations | indent 8 }} -{{- end }} -{{- if .Values.webhook.affinity }} - affinity: -{{ toYaml .Values.webhook.affinity | indent 8 }} -{{- end }} - serviceAccountName: {{ template "openebs.serviceAccountName" . }} - containers: - - name: admission-webhook - image: "{{ .Values.image.repository }}{{ .Values.webhook.image }}:{{ .Values.webhook.imageTag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - args: - - -alsologtostderr - - -v=2 - - 2>&1 - env: - - name: OPENEBS_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: ADMISSION_WEBHOOK_FAILURE_POLICY - value: "{{ .Values.webhook.failurePolicy }}" - # Process name used for matching is limited to the 15 characters - # present in the pgrep output. - # So fullname can't be used here with pgrep (>15 chars).A regular expression - # Anchor `^` : matches any string that starts with `admission-serve` - # `.*`: matche any string that has `admission-serve` followed by zero or more char - # that matches the entire command name has to specified. - livenessProbe: - exec: - command: - - sh - - -c - - test `pgrep -c "^admission-serve.*"` = 1 - initialDelaySeconds: {{ .Values.webhook.healthCheck.initialDelaySeconds }} - periodSeconds: {{ .Values.webhook.healthCheck.periodSeconds }} -{{- end }} diff --git a/charts/openebs/openebs/1.12.300/templates/deployment-local-provisioner.yaml b/charts/openebs/openebs/1.12.300/templates/deployment-local-provisioner.yaml deleted file mode 100755 index ba064a790..000000000 --- a/charts/openebs/openebs/1.12.300/templates/deployment-local-provisioner.yaml +++ /dev/null @@ -1,99 +0,0 @@ -{{- if .Values.localprovisioner.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "openebs.fullname" . }}-localpv-provisioner - labels: - app: {{ template "openebs.name" . }} - chart: {{ template "openebs.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - component: localpv-provisioner - openebs.io/component-name: openebs-localpv-provisioner - openebs.io/version: {{ .Values.release.version }} -spec: - replicas: {{ .Values.localprovisioner.replicas }} - strategy: - type: "Recreate" - rollingUpdate: null - selector: - matchLabels: - app: {{ template "openebs.name" . }} - release: {{ .Release.Name }} - template: - metadata: - labels: - app: {{ template "openebs.name" . }} - release: {{ .Release.Name }} - component: localpv-provisioner - name: openebs-localpv-provisioner - openebs.io/component-name: openebs-localpv-provisioner - openebs.io/version: {{ .Values.release.version }} - spec: - serviceAccountName: {{ template "openebs.serviceAccountName" . }} - containers: - - name: {{ template "openebs.name" . }}-localpv-provisioner - image: "{{ .Values.image.repository }}{{ .Values.localprovisioner.image }}:{{ .Values.localprovisioner.imageTag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - env: - # OPENEBS_IO_K8S_MASTER enables openebs provisioner to connect to K8s - # based on this address. This is ignored if empty. - # This is supported for openebs provisioner version 0.5.2 onwards - #- name: OPENEBS_IO_K8S_MASTER - # value: "http://10.128.0.12:8080" - # OPENEBS_IO_KUBE_CONFIG enables openebs provisioner to connect to K8s - # based on this config. This is ignored if empty. - # This is supported for openebs provisioner version 0.5.2 onwards - #- name: OPENEBS_IO_KUBE_CONFIG - # value: "/home/ubuntu/.kube/config" - # OPENEBS_NAMESPACE is the namespace that this provisioner will - # lookup to find maya api service - - name: OPENEBS_NAMESPACE - value: "{{ .Release.Namespace }}" - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - # OPENEBS_SERVICE_ACCOUNT provides the service account of this pod as - # environment variable - - name: OPENEBS_SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - # OPENEBS_IO_BASE_PATH is the environment variable that provides the - # default base path on the node where host-path PVs will be provisioned. - - name: OPENEBS_IO_ENABLE_ANALYTICS - value: "{{ .Values.analytics.enabled }}" - - name: OPENEBS_IO_BASE_PATH - value: "{{ .Values.localprovisioner.basePath }}" - - name: OPENEBS_IO_HELPER_IMAGE - value: "{{ .Values.image.repository }}{{ .Values.helper.image }}:{{ .Values.helper.imageTag }}" - - name: OPENEBS_IO_INSTALLER_TYPE - value: "charts-helm" - # Process name used for matching is limited to the 15 characters - # present in the pgrep output. - # So fullname can't be used here with pgrep (>15 chars).A regular expression - # that matches the entire command name has to specified. - # Anchor `^` : matches any string that starts with `provisioner-loc` - # `.*`: matches any string that has `provisioner-loc` followed by zero or more char - livenessProbe: - exec: - command: - - sh - - -c - - test `pgrep -c "^provisioner-loc.*"` = 1 - initialDelaySeconds: {{ .Values.localprovisioner.healthCheck.initialDelaySeconds }} - periodSeconds: {{ .Values.localprovisioner.healthCheck.periodSeconds }} -{{- if .Values.localprovisioner.nodeSelector }} - nodeSelector: -{{ toYaml .Values.localprovisioner.nodeSelector | indent 8 }} -{{- end }} -{{- if .Values.localprovisioner.tolerations }} - tolerations: -{{ toYaml .Values.localprovisioner.tolerations | indent 8 }} -{{- end }} -{{- if .Values.localprovisioner.affinity }} - affinity: -{{ toYaml .Values.localprovisioner.affinity | indent 8 }} -{{- end }} -{{- end }} diff --git a/charts/openebs/openebs/1.12.300/templates/deployment-maya-apiserver.yaml b/charts/openebs/openebs/1.12.300/templates/deployment-maya-apiserver.yaml deleted file mode 100755 index 5f4b5884e..000000000 --- a/charts/openebs/openebs/1.12.300/templates/deployment-maya-apiserver.yaml +++ /dev/null @@ -1,165 +0,0 @@ -{{- if .Values.apiserver.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "openebs.fullname" . }}-apiserver - labels: - app: {{ template "openebs.name" . }} - chart: {{ template "openebs.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - component: apiserver - name: maya-apiserver - openebs.io/component-name: maya-apiserver - openebs.io/version: {{ .Values.release.version }} -spec: - replicas: {{ .Values.apiserver.replicas }} - strategy: - type: "Recreate" - rollingUpdate: null - selector: - matchLabels: - app: {{ template "openebs.name" . }} - release: {{ .Release.Name }} - template: - metadata: - labels: - app: {{ template "openebs.name" . }} - release: {{ .Release.Name }} - component: apiserver - name: maya-apiserver - openebs.io/component-name: maya-apiserver - openebs.io/version: {{ .Values.release.version }} - spec: - serviceAccountName: {{ template "openebs.serviceAccountName" . }} - containers: - - name: {{ template "openebs.name" . }}-apiserver - image: "{{ .Values.image.repository }}{{ .Values.apiserver.image }}:{{ .Values.apiserver.imageTag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - ports: - - containerPort: {{ .Values.apiserver.ports.internalPort }} - env: - # OPENEBS_IO_KUBE_CONFIG enables maya api service to connect to K8s - # based on this config. This is ignored if empty. - # This is supported for maya api server version 0.5.2 onwards - #- name: OPENEBS_IO_KUBE_CONFIG - # value: "/home/ubuntu/.kube/config" - # OPENEBS_IO_K8S_MASTER enables maya api service to connect to K8s - # based on this address. This is ignored if empty. - # This is supported for maya api server version 0.5.2 onwards - #- name: OPENEBS_IO_K8S_MASTER - # value: "http://172.28.128.3:8080" - # OPENEBS_NAMESPACE provides the namespace of this deployment as an - # environment variable - - name: OPENEBS_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - # OPENEBS_SERVICE_ACCOUNT provides the service account of this pod as - # environment variable - - name: OPENEBS_SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - # OPENEBS_MAYA_POD_NAME provides the name of this pod as - # environment variable - - name: OPENEBS_MAYA_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - # If OPENEBS_IO_CREATE_DEFAULT_STORAGE_CONFIG is false then OpenEBS default - # storageclass and storagepool will not be created. - - name: OPENEBS_IO_CREATE_DEFAULT_STORAGE_CONFIG - value: "{{ .Values.defaultStorageConfig.enabled }}" - # OPENEBS_IO_INSTALL_DEFAULT_CSTOR_SPARSE_POOL decides whether default cstor sparse pool should be - # configured as a part of openebs installation. - # If "true" a default cstor sparse pool will be configured, if "false" it will not be configured. - # This value takes effect only if OPENEBS_IO_CREATE_DEFAULT_STORAGE_CONFIG - # is set to true - - name: OPENEBS_IO_INSTALL_DEFAULT_CSTOR_SPARSE_POOL - value: "{{ .Values.apiserver.sparse.enabled }}" - # OPENEBS_IO_CSTOR_TARGET_DIR can be used to specify the hostpath - # to be used for saving the shared content between the side cars - # of cstor volume pod. - # The default path used is /var/openebs/sparse - - name: OPENEBS_IO_CSTOR_TARGET_DIR - value: "{{ .Values.ndm.sparse.path }}" - # OPENEBS_IO_CSTOR_POOL_SPARSE_DIR can be used to specify the hostpath - # to be used for saving the shared content between the side cars - # of cstor pool pod. This ENV is also used to indicate the location - # of the sparse devices. - # The default path used is /var/openebs/sparse - - name: OPENEBS_IO_CSTOR_POOL_SPARSE_DIR - value: "{{ .Values.ndm.sparse.path }}" - # OPENEBS_IO_JIVA_POOL_DIR can be used to specify the hostpath - # to be used for default Jiva StoragePool loaded by OpenEBS - # The default path used is /var/openebs - # This value takes effect only if OPENEBS_IO_CREATE_DEFAULT_STORAGE_CONFIG - # is set to true - - name: OPENEBS_IO_JIVA_POOL_DIR - value: "{{ .Values.jiva.defaultStoragePath }}" - # OPENEBS_IO_LOCALPV_HOSTPATH_DIR can be used to specify the hostpath - # to be used for default openebs-hostpath storageclass loaded by OpenEBS - # The default path used is /var/openebs/local - # This value takes effect only if OPENEBS_IO_CREATE_DEFAULT_STORAGE_CONFIG - # is set to true - - name: OPENEBS_IO_LOCALPV_HOSTPATH_DIR - value: "{{ .Values.localprovisioner.basePath }}" - # OPENEBS_IO_BASE_DIR used by the OpenEBS to store debug information and - # so forth that are generated in the course of running OpenEBS containers. - - name: OPENEBS_IO_BASE_DIR - value: "{{ .Values.varDirectoryPath.baseDir }}" - - name: OPENEBS_IO_JIVA_CONTROLLER_IMAGE - value: "{{ .Values.image.repository }}{{ .Values.jiva.image }}:{{ .Values.jiva.imageTag }}" - - name: OPENEBS_IO_JIVA_REPLICA_IMAGE - value: "{{ .Values.image.repository }}{{ .Values.jiva.image }}:{{ .Values.jiva.imageTag }}" - - name: OPENEBS_IO_JIVA_REPLICA_COUNT - value: "{{ .Values.jiva.replicas }}" - - name: OPENEBS_IO_CSTOR_TARGET_IMAGE - value: "{{ .Values.image.repository }}{{ .Values.cstor.target.image }}:{{ .Values.cstor.target.imageTag }}" - - name: OPENEBS_IO_CSTOR_POOL_IMAGE - value: "{{ .Values.image.repository }}{{ .Values.cstor.pool.image }}:{{ .Values.cstor.pool.imageTag }}" - - name: OPENEBS_IO_CSTOR_POOL_MGMT_IMAGE - value: "{{ .Values.image.repository }}{{ .Values.cstor.poolMgmt.image }}:{{ .Values.cstor.poolMgmt.imageTag }}" - - name: OPENEBS_IO_CSTOR_VOLUME_MGMT_IMAGE - value: "{{ .Values.image.repository }}{{ .Values.cstor.volumeMgmt.image }}:{{ .Values.cstor.volumeMgmt.imageTag }}" - - name: OPENEBS_IO_VOLUME_MONITOR_IMAGE - value: "{{ .Values.image.repository }}{{ .Values.policies.monitoring.image }}:{{ .Values.policies.monitoring.imageTag }}" - - name: OPENEBS_IO_CSTOR_POOL_EXPORTER_IMAGE - value: "{{ .Values.image.repository }}{{ .Values.policies.monitoring.image }}:{{ .Values.policies.monitoring.imageTag }}" - - name: OPENEBS_IO_HELPER_IMAGE - value: "{{ .Values.image.repository }}{{ .Values.helper.image }}:{{ .Values.helper.imageTag }}" - # OPENEBS_IO_ENABLE_ANALYTICS if set to true sends anonymous usage - # events to Google Analytics - - name: OPENEBS_IO_ENABLE_ANALYTICS - value: "{{ .Values.analytics.enabled }}" - # OPENEBS_IO_ANALYTICS_PING_INTERVAL can be used to specify the duration (in hours) - # for periodic ping events sent to Google Analytics. Default is 24 hours. - - name: OPENEBS_IO_ANALYTICS_PING_INTERVAL - value: "{{ .Values.analytics.pingInterval }}" - - name: OPENEBS_IO_INSTALLER_TYPE - value: "charts-helm" - # OPENEBS_IO_INSTALL_CRD environment variable is used to enable/disable CRD installation - # from Maya API server. By default the CRDs will be installed - - name: OPENEBS_IO_INSTALL_CRD - value: "{{ .Values.crd.enableInstall }}" - livenessProbe: - exec: - command: - - /usr/local/bin/mayactl - - version - initialDelaySeconds: {{ .Values.apiserver.healthCheck.initialDelaySeconds }} - periodSeconds: {{ .Values.apiserver.healthCheck.periodSeconds }} -{{- if .Values.apiserver.nodeSelector }} - nodeSelector: -{{ toYaml .Values.apiserver.nodeSelector | indent 8 }} -{{- end }} -{{- if .Values.apiserver.tolerations }} - tolerations: -{{ toYaml .Values.apiserver.tolerations | indent 8 }} -{{- end }} -{{- if .Values.apiserver.affinity }} - affinity: -{{ toYaml .Values.apiserver.affinity | indent 8 }} -{{- end }} -{{- end }} diff --git a/charts/openebs/openebs/1.12.300/templates/deployment-maya-provisioner.yaml b/charts/openebs/openebs/1.12.300/templates/deployment-maya-provisioner.yaml deleted file mode 100755 index df917018e..000000000 --- a/charts/openebs/openebs/1.12.300/templates/deployment-maya-provisioner.yaml +++ /dev/null @@ -1,98 +0,0 @@ -{{- if .Values.provisioner.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "openebs.fullname" . }}-provisioner - labels: - app: {{ template "openebs.name" . }} - chart: {{ template "openebs.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - component: provisioner - name: openebs-provisioner - openebs.io/component-name: openebs-provisioner - openebs.io/version: {{ .Values.release.version }} -spec: - replicas: {{ .Values.provisioner.replicas }} - strategy: - type: "Recreate" - rollingUpdate: null - selector: - matchLabels: - app: {{ template "openebs.name" . }} - release: {{ .Release.Name }} - template: - metadata: - labels: - app: {{ template "openebs.name" . }} - release: {{ .Release.Name }} - component: provisioner - name: openebs-provisioner - openebs.io/component-name: openebs-provisioner - openebs.io/version: {{ .Values.release.version }} - spec: - serviceAccountName: {{ template "openebs.serviceAccountName" . }} - containers: - - name: {{ template "openebs.name" . }}-provisioner - image: "{{ .Values.image.repository }}{{ .Values.provisioner.image }}:{{ .Values.provisioner.imageTag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - env: - # OPENEBS_IO_K8S_MASTER enables openebs provisioner to connect to K8s - # based on this address. This is ignored if empty. - # This is supported for openebs provisioner version 0.5.2 onwards - #- name: OPENEBS_IO_K8S_MASTER - # value: "http://10.128.0.12:8080" - # OPENEBS_IO_KUBE_CONFIG enables openebs provisioner to connect to K8s - # based on this config. This is ignored if empty. - # This is supported for openebs provisioner version 0.5.2 onwards - #- name: OPENEBS_IO_KUBE_CONFIG - # value: "/home/ubuntu/.kube/config" - # OPENEBS_NAMESPACE is the namespace that this provisioner will - # lookup to find maya api service - - name: OPENEBS_NAMESPACE - value: "{{ .Release.Namespace }}" - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - # OPENEBS_MAYA_SERVICE_NAME provides the maya-apiserver K8s service name, - # that provisioner should forward the volume create/delete requests. - # If not present, "maya-apiserver-service" will be used for lookup. - # This is supported for openebs provisioner version 0.5.3-RC1 onwards - - name: OPENEBS_MAYA_SERVICE_NAME - value: "{{ template "openebs.fullname" . }}-apiservice" - # The following values will be set as annotations to the PV object. - # Refer : https://github.com/openebs/external-storage/pull/15 - #- name: OPENEBS_MONITOR_URL - # value: "{{ .Values.provisioner.monitorUrl }}" - #- name: OPENEBS_MONITOR_VOLKEY - # value: "{{ .Values.provisioner.monitorVolumeKey }}" - #- name: MAYA_PORTAL_URL - # value: "{{ .Values.provisioner.mayaPortalUrl }}" - # Process name used for matching is limited to the 15 characters - # present in the pgrep output. - # So fullname can't be used here with pgrep (>15 chars).A regular expression - # that matches the entire command name has to specified. - # Anchor `^` : matches any string that starts with `openebs-provis` - # `.*`: matches any string that has `openebs-provis` followed by zero or more char - livenessProbe: - exec: - command: - - sh - - -c - - test `pgrep -c "^openebs-provisi.*"` = 1 - initialDelaySeconds: {{ .Values.provisioner.healthCheck.initialDelaySeconds }} - periodSeconds: {{ .Values.provisioner.healthCheck.periodSeconds }} -{{- if .Values.provisioner.nodeSelector }} - nodeSelector: -{{ toYaml .Values.provisioner.nodeSelector | indent 8 }} -{{- end }} -{{- if .Values.provisioner.tolerations }} - tolerations: -{{ toYaml .Values.provisioner.tolerations | indent 8 }} -{{- end }} -{{- if .Values.provisioner.affinity }} - affinity: -{{ toYaml .Values.provisioner.affinity | indent 8 }} -{{- end }} -{{- end }} diff --git a/charts/openebs/openebs/1.12.300/templates/deployment-maya-snapshot-operator.yaml b/charts/openebs/openebs/1.12.300/templates/deployment-maya-snapshot-operator.yaml deleted file mode 100755 index 707986831..000000000 --- a/charts/openebs/openebs/1.12.300/templates/deployment-maya-snapshot-operator.yaml +++ /dev/null @@ -1,131 +0,0 @@ -{{- if .Values.snapshotOperator.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "openebs.fullname" . }}-snapshot-operator - labels: - app: {{ template "openebs.name" . }} - chart: {{ template "openebs.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - component: snapshot-operator - openebs.io/component-name: openebs-snapshot-operator - openebs.io/version: {{ .Values.release.version }} -spec: - replicas: {{ .Values.snapshotOperator.replicas }} - selector: - matchLabels: - app: {{ template "openebs.name" . }} - release: {{ .Release.Name }} - strategy: - type: "Recreate" - rollingUpdate: null - template: - metadata: - labels: - app: {{ template "openebs.name" . }} - release: {{ .Release.Name }} - component: snapshot-operator - name: openebs-snapshot-operator - openebs.io/version: {{ .Values.release.version }} - openebs.io/component-name: openebs-snapshot-operator - spec: - serviceAccountName: {{ template "openebs.serviceAccountName" . }} - containers: - - name: {{ template "openebs.name" . }}-snapshot-controller - image: "{{ .Values.image.repository }}{{ .Values.snapshotOperator.controller.image }}:{{ .Values.snapshotOperator.controller.imageTag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - env: - # OPENEBS_IO_K8S_MASTER enables openebs snapshot controller to connect to K8s - # based on this address. This is ignored if empty. - # This is supported for openebs snapshot controller version 0.6-RC1 onwards - #- name: OPENEBS_IO_K8S_MASTER - # value: "http://10.128.0.12:8080" - # OPENEBS_IO_KUBE_CONFIG enables openebs snapshot controller to connect to K8s - # based on this config. This is ignored if empty. - # This is supported for openebs snapshot controller version 0.6-RC1 onwards - #- name: OPENEBS_IO_KUBE_CONFIG - # value: "/home/ubuntu/.kube/config" - # OPENEBS_NAMESPACE is the namespace that this snapshot controller will - # lookup to find maya api service - - name: OPENEBS_NAMESPACE - value: "{{ .Release.Namespace }}" - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - # OPENEBS_MAYA_SERVICE_NAME provides the maya-apiserver K8s service name, - # that snapshot controller should forward the volume snapshot requests. - # If not present, "maya-apiserver-service" will be used for lookup. - # This is supported for openebs snapshot controller version 0.6-RC1 onwards - - name: OPENEBS_MAYA_SERVICE_NAME - value: "{{ template "openebs.fullname" . }}-apiservice" - # Process name used for matching is limited to the 15 characters - # present in the pgrep output. - # So fullname can't be used here with pgrep (>15 chars).A regular expression - # that matches the entire command name has to specified. - # Anchor `^` : matches any string that starts with `snapshot-contro` - # `.*`: matches any string that has `snapshot-contro` followed by zero or more char - livenessProbe: - exec: - command: - - sh - - -c - - test `pgrep -c "^snapshot-contro.*"` = 1 - initialDelaySeconds: {{ .Values.snapshotOperator.healthCheck.initialDelaySeconds }} - periodSeconds: {{ .Values.snapshotOperator.healthCheck.periodSeconds }} - - name: {{ template "openebs.name" . }}-snapshot-provisioner - image: "{{ .Values.image.repository }}{{ .Values.snapshotOperator.provisioner.image }}:{{ .Values.snapshotOperator.provisioner.imageTag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - env: - # OPENEBS_IO_K8S_MASTER enables openebs snapshot provisioner to connect to K8s - # based on this address. This is ignored if empty. - # This is supported for openebs snapshot provisioner version 0.6-RC1 onwards - #- name: OPENEBS_IO_K8S_MASTER - # value: "http://10.128.0.12:8080" - # OPENEBS_IO_KUBE_CONFIG enables openebs snapshot provisioner to connect to K8s - # based on this config. This is ignored if empty. - # This is supported for openebs snapshot provisioner version 0.6-RC1 onwards - #- name: OPENEBS_IO_KUBE_CONFIG - # value: "/home/ubuntu/.kube/config" - # OPENEBS_NAMESPACE is the namespace that this snapshot provisioner will - # lookup to find maya api service - - name: OPENEBS_NAMESPACE - value: "{{ .Release.Namespace }}" - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - # OPENEBS_MAYA_SERVICE_NAME provides the maya-apiserver K8s service name, - # that snapshot provisioner should forward the volume snapshot PV requests. - # If not present, "maya-apiserver-service" will be used for lookup. - # This is supported for openebs snapshot provisioner version 0.6-RC1 onwards - - name: OPENEBS_MAYA_SERVICE_NAME - value: "{{ template "openebs.fullname" . }}-apiservice" - # Process name used for matching is limited to the 15 characters - # present in the pgrep output. - # So fullname can't be used here with pgrep (>15 chars).A regular expression - # that matches the entire command name has to specified. - # Anchor `^` : matches any string that starts with `snapshot-provis` - # `.*`: matches any string that has `snapshot-provis` followed by zero or more char - livenessProbe: - exec: - command: - - sh - - -c - - test `pgrep -c "^snapshot-provis.*"` = 1 - initialDelaySeconds: {{ .Values.snapshotOperator.healthCheck.initialDelaySeconds }} - periodSeconds: {{ .Values.snapshotOperator.healthCheck.periodSeconds }} -{{- if .Values.snapshotOperator.nodeSelector }} - nodeSelector: -{{ toYaml .Values.snapshotOperator.nodeSelector | indent 8 }} -{{- end }} -{{- if .Values.snapshotOperator.tolerations }} - tolerations: -{{ toYaml .Values.snapshotOperator.tolerations | indent 8 }} -{{- end }} -{{- if .Values.snapshotOperator.affinity }} - affinity: -{{ toYaml .Values.snapshotOperator.affinity | indent 8 }} -{{- end }} -{{- end }} diff --git a/charts/openebs/openebs/1.12.300/templates/deployment-ndm-operator.yaml b/charts/openebs/openebs/1.12.300/templates/deployment-ndm-operator.yaml deleted file mode 100755 index 27e61d5a0..000000000 --- a/charts/openebs/openebs/1.12.300/templates/deployment-ndm-operator.yaml +++ /dev/null @@ -1,87 +0,0 @@ -{{- if .Values.ndmOperator.enabled }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "openebs.fullname" . }}-ndm-operator - labels: - app: {{ template "openebs.name" . }} - chart: {{ template "openebs.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - component: ndm-operator - openebs.io/component-name: ndm-operator - openebs.io/version: {{ .Values.release.version }} - name: ndm-operator -spec: - replicas: {{ .Values.ndmOperator.replicas }} - strategy: - type: "Recreate" - rollingUpdate: null - selector: - matchLabels: - app: {{ template "openebs.name" . }} - release: {{ .Release.Name }} - template: - metadata: - labels: - app: {{ template "openebs.name" . }} - release: {{ .Release.Name }} - component: ndm-operator - name: ndm-operator - openebs.io/component-name: ndm-operator - openebs.io/version: {{ .Values.release.version }} - spec: - serviceAccountName: {{ template "openebs.serviceAccountName" . }} - containers: - - name: {{ template "openebs.fullname" . }}-ndm-operator - image: "{{ .Values.image.repository }}{{ .Values.ndmOperator.image }}:{{ .Values.ndmOperator.imageTag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - readinessProbe: - exec: - command: - - stat - - /tmp/operator-sdk-ready - initialDelaySeconds: {{ .Values.ndmOperator.readinessCheck.initialDelaySeconds }} - periodSeconds: {{ .Values.ndmOperator.readinessCheck.periodSeconds }} - failureThreshold: {{ .Values.ndmOperator.readinessCheck.failureThreshold }} - env: - - name: WATCH_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: OPERATOR_NAME - value: "node-disk-operator" - - name: CLEANUP_JOB_IMAGE - value: "{{ .Values.image.repository }}{{ .Values.helper.image }}:{{ .Values.helper.imageTag }}" - # OPENEBS_IO_INSTALL_CRD environment variable is used to enable/disable CRD installation - # from NDM Operator. By default the CRDs will be installed - - name: OPENEBS_IO_INSTALL_CRD - value: "{{ .Values.crd.enableInstall }}" - # Process name used for matching is limited to the 15 characters - # present in the pgrep output. - # So fullname can be used here with pgrep (cmd is < 15 chars). - livenessProbe: - exec: - command: - - pgrep - - "ndo" - initialDelaySeconds: {{ .Values.ndmOperator.healthCheck.initialDelaySeconds }} - periodSeconds: {{ .Values.ndmOperator.healthCheck.periodSeconds }} -{{- if .Values.ndmOperator.nodeSelector }} - nodeSelector: -{{ toYaml .Values.ndmOperator.nodeSelector | indent 8 }} -{{- end }} -{{- if .Values.ndmOperator.tolerations }} - tolerations: -{{ toYaml .Values.ndmOperator.tolerations | indent 8 }} -{{- end }} -{{- end }} diff --git a/charts/openebs/openebs/1.12.300/templates/psp-clusterrole.yaml b/charts/openebs/openebs/1.12.300/templates/psp-clusterrole.yaml deleted file mode 100755 index a6c4807dd..000000000 --- a/charts/openebs/openebs/1.12.300/templates/psp-clusterrole.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if and .Values.rbac.create .Values.rbac.pspEnabled }} -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ template "openebs.fullname" . }}-psp - labels: - app: {{ template "openebs.name" . }} -rules: -- apiGroups: ['extensions'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "openebs.fullname" . }}-psp -{{- end }} diff --git a/charts/openebs/openebs/1.12.300/templates/psp-clusterrolebinding.yaml b/charts/openebs/openebs/1.12.300/templates/psp-clusterrolebinding.yaml deleted file mode 100755 index 5a4205877..000000000 --- a/charts/openebs/openebs/1.12.300/templates/psp-clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and .Values.rbac.create .Values.rbac.pspEnabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "openebs.fullname" . }}-psp - labels: - app: {{ template "openebs.name" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "openebs.fullname" . }}-psp -subjects: - - kind: ServiceAccount - name: {{ template "openebs.serviceAccountName" . }} - namespace: {{ $.Release.Namespace }} -{{- end }} - diff --git a/charts/openebs/openebs/1.12.300/templates/psp.yaml b/charts/openebs/openebs/1.12.300/templates/psp.yaml deleted file mode 100755 index 0442f0e5d..000000000 --- a/charts/openebs/openebs/1.12.300/templates/psp.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{- if and .Values.rbac.create .Values.rbac.pspEnabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "openebs.fullname" . }}-psp - namespace: {{ $.Release.Namespace }} - labels: - app: {{ template "openebs.name" . }} -spec: - privileged: true - allowPrivilegeEscalation: true - allowedCapabilities: ['*'] - volumes: ['*'] - hostNetwork: true - hostPorts: - - min: 0 - max: 65535 - hostIPC: true - hostPID: true - runAsUser: - rule: 'RunAsAny' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'RunAsAny' - fsGroup: - rule: 'RunAsAny' -{{- end }} diff --git a/charts/openebs/openebs/1.12.300/templates/service-maya-apiserver.yaml b/charts/openebs/openebs/1.12.300/templates/service-maya-apiserver.yaml deleted file mode 100755 index d44bcb0f8..000000000 --- a/charts/openebs/openebs/1.12.300/templates/service-maya-apiserver.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.apiserver.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "openebs.fullname" . }}-apiservice - labels: - app: {{ template "openebs.name" . }} - chart: {{ template "openebs.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - openebs.io/component-name: maya-apiserver-svc -spec: - ports: - - name: api - port: {{ .Values.apiserver.ports.externalPort }} - targetPort: {{ .Values.apiserver.ports.internalPort }} - protocol: TCP - selector: - app: {{ template "openebs.name" . }} - release: {{ .Release.Name }} - component: apiserver - sessionAffinity: None -{{- end }} diff --git a/charts/openebs/openebs/1.12.300/templates/serviceaccount.yaml b/charts/openebs/openebs/1.12.300/templates/serviceaccount.yaml deleted file mode 100755 index 31a500455..000000000 --- a/charts/openebs/openebs/1.12.300/templates/serviceaccount.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if .Values.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "openebs.serviceAccountName" . }} - labels: - app: {{ template "openebs.name" . }} - chart: {{ template "openebs.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -{{- end }} diff --git a/charts/openebs/openebs/1.12.300/values.yaml b/charts/openebs/openebs/1.12.300/values.yaml deleted file mode 100755 index ff2cc72c0..000000000 --- a/charts/openebs/openebs/1.12.300/values.yaml +++ /dev/null @@ -1,184 +0,0 @@ -# Default values for openebs. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -rbac: - # Specifies whether RBAC resources should be created - create: true - pspEnabled: false - -serviceAccount: - create: true - name: - -release: - # "openebs.io/version" label for control plane components - version: "1.12.0" - -image: - pullPolicy: IfNotPresent - repository: "" - -apiserver: - enabled: true - image: "openebs/m-apiserver" - imageTag: "1.12.0" - replicas: 1 - ports: - externalPort: 5656 - internalPort: 5656 - sparse: - enabled: "false" - nodeSelector: {} - tolerations: [] - affinity: {} - healthCheck: - initialDelaySeconds: 30 - periodSeconds: 60 - -defaultStorageConfig: - enabled: "true" - -# Directory used by the OpenEBS to store debug information and so forth -# that are generated in the course of running OpenEBS containers. -varDirectoryPath: - baseDir: "/var/openebs" - -provisioner: - enabled: true - image: "openebs/openebs-k8s-provisioner" - imageTag: "1.12.0" - replicas: 1 - nodeSelector: {} - tolerations: [] - affinity: {} - healthCheck: - initialDelaySeconds: 30 - periodSeconds: 60 - -localprovisioner: - enabled: true - image: "openebs/provisioner-localpv" - imageTag: "1.12.0" - replicas: 1 - basePath: "/var/openebs/local" - nodeSelector: {} - tolerations: [] - affinity: {} - healthCheck: - initialDelaySeconds: 30 - periodSeconds: 60 - -snapshotOperator: - enabled: true - controller: - image: "openebs/snapshot-controller" - imageTag: "1.12.0" - provisioner: - image: "openebs/snapshot-provisioner" - imageTag: "1.12.0" - replicas: 1 - upgradeStrategy: "Recreate" - nodeSelector: {} - tolerations: [] - affinity: {} - healthCheck: - initialDelaySeconds: 30 - periodSeconds: 60 - -ndm: - enabled: true - image: "openebs/node-disk-manager" - imageTag: "0.7.0" - sparse: - path: "/var/openebs/sparse" - size: "10737418240" - count: "0" - filters: - enableOsDiskExcludeFilter: true - enableVendorFilter: true - excludeVendors: "CLOUDBYT,OpenEBS" - enablePathFilter: true - includePaths: "" - excludePaths: "loop,fd0,sr0,/dev/ram,/dev/dm-,/dev/md,/dev/rbd" - probes: - enableSeachest: false - nodeSelector: {} - tolerations: [] - healthCheck: - initialDelaySeconds: 30 - periodSeconds: 60 - -ndmOperator: - enabled: true - image: "openebs/node-disk-operator" - imageTag: "0.7.0" - replicas: 1 - upgradeStrategy: Recreate - nodeSelector: {} - tolerations: [] - healthCheck: - initialDelaySeconds: 30 - periodSeconds: 60 - readinessCheck: - initialDelaySeconds: 4 - periodSeconds: 10 - failureThreshold: 1 - -webhook: - enabled: true - image: "openebs/admission-server" - imageTag: "1.12.0" - failurePolicy: "Fail" - replicas: 1 - healthCheck: - initialDelaySeconds: 30 - periodSeconds: 60 - nodeSelector: {} - tolerations: [] - affinity: {} - hostNetwork: false - -jiva: - image: "openebs/jiva" - imageTag: "1.12.0" - replicas: 3 - defaultStoragePath: "/var/openebs" - -cstor: - pool: - image: "openebs/cstor-pool" - imageTag: "1.12.0" - poolMgmt: - image: "openebs/cstor-pool-mgmt" - imageTag: "1.12.0" - target: - image: "openebs/cstor-istgt" - imageTag: "1.12.0" - volumeMgmt: - image: "openebs/cstor-volume-mgmt" - imageTag: "1.12.0" - -helper: - image: "openebs/linux-utils" - imageTag: "1.12.0" - -featureGates: - enabled: false - GPTBasedUUID: - enabled: false - featureGateFlag: "GPTBasedUUID" - -crd: - enableInstall: true - -policies: - monitoring: - enabled: true - image: "openebs/m-exporter" - imageTag: "1.12.0" - -analytics: - enabled: true - # Specify in hours the duration after which a ping event needs to be sent. - pingInterval: "24h" diff --git a/charts/openebs/openebs/2.11.0/Chart.lock b/charts/openebs/openebs/2.11.0/Chart.lock deleted file mode 100644 index 6bc59c549..000000000 --- a/charts/openebs/openebs/2.11.0/Chart.lock +++ /dev/null @@ -1,21 +0,0 @@ -dependencies: -- name: openebs-ndm - repository: https://openebs.github.io/node-disk-manager - version: 1.6.0 -- name: localpv-provisioner - repository: https://openebs.github.io/dynamic-localpv-provisioner - version: 2.11.0 -- name: cstor - repository: https://openebs.github.io/cstor-operators - version: 2.11.0 -- name: jiva - repository: https://openebs.github.io/jiva-operator - version: 2.11.0 -- name: zfs-localpv - repository: https://openebs.github.io/zfs-localpv - version: 1.9.0 -- name: lvm-localpv - repository: https://openebs.github.io/lvm-localpv - version: 0.7.0 -digest: sha256:1ebff382d4bd81d067ecc6ca4ce844cd91fa0b389532a7235f18d566cef2d003 -generated: "2021-07-16T10:56:06.524924204Z" diff --git a/charts/openebs/openebs/2.11.0/Chart.yaml b/charts/openebs/openebs/2.11.0/Chart.yaml deleted file mode 100644 index c4f314b82..000000000 --- a/charts/openebs/openebs/2.11.0/Chart.yaml +++ /dev/null @@ -1,43 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: OpenEBS - catalog.cattle.io/release-name: openebs -apiVersion: v2 -appVersion: 2.11.0 -dependencies: -- condition: cstor.enabled - name: cstor - repository: file://./charts/cstor -- condition: jiva.enabled - name: jiva - repository: file://./charts/jiva -- condition: localpv-provisioner.enabled - name: localpv-provisioner - repository: file://./charts/localpv-provisioner -- condition: lvm-localpv.enabled - name: lvm-localpv - repository: file://./charts/lvm-localpv -- condition: openebs-ndm.enabled - name: openebs-ndm - repository: file://./charts/openebs-ndm -- condition: zfs-localpv.enabled - name: zfs-localpv - repository: file://./charts/zfs-localpv -description: Containerized Storage for Containers -home: http://www.openebs.io/ -icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/openebs/icon/color/openebs-icon-color.png -keywords: -- cloud-native-storage -- block-storage -- iSCSI -- storage -kubeVersion: '>=1.13.0-0' -maintainers: -- email: kiran.mova@openebs.io - name: kmova -- email: prateek.pandey@openebs.io - name: prateekpandey14 -name: openebs -sources: -- https://github.com/openebs/openebs -version: 2.11.0 diff --git a/charts/openebs/openebs/2.11.0/OWNERS b/charts/openebs/openebs/2.11.0/OWNERS deleted file mode 100644 index 874423e12..000000000 --- a/charts/openebs/openebs/2.11.0/OWNERS +++ /dev/null @@ -1,6 +0,0 @@ -approvers: -- kmova -- prateekpandey14 -reviewers: -- kmova -- prateekpandey14 diff --git a/charts/openebs/openebs/2.11.0/README.md b/charts/openebs/openebs/2.11.0/README.md deleted file mode 100644 index af624540c..000000000 --- a/charts/openebs/openebs/2.11.0/README.md +++ /dev/null @@ -1,250 +0,0 @@ -# OpenEBS Helm Chart - -[OpenEBS](https://github.com/openebs/openebs) is an *open source storage platform* that provides persistent and containerized block storage for DevOps and container environments. -OpenEBS provides multiple storage engines that can be plugged in easily. A common pattern is the use of OpenEBS to deliver Dynamic LocalPV for those applications and workloads that want to access disks and cloud volumes directly. - -OpenEBS can be deployed on any Kubernetes cluster - either in cloud, on-premise or developer laptop (minikube). OpenEBS itself is deployed as just another container on your cluster, and enables storage services that can be designated on a per pod, application, cluster or container level. - -## Introduction - -This chart bootstraps OpenEBS deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -## Quickstart and documentation - -You can run OpenEBS on any Kubernetes 1.13+ cluster in a matter of seconds. See the [Quickstart Guide to OpenEBS](https://docs.openebs.io/docs/next/quickstart.html) for detailed instructions. - -For more comprehensive documentation, start with the [Welcome to OpenEBS](https://docs.openebs.io/docs/next/overview.html) docs. - -## Prerequisites - -- Kubernetes 1.13+ with RBAC enabled -- iSCSI PV support in the underlying infrastructure - -## Adding OpenEBS Helm repository - -Before installing OpenEBS Helm charts, you need to add the [OpenEBS Helm repository](https://openebs.github.io/charts) to your Helm client. - -```bash -helm repo add openebs https://openebs.github.io/charts -``` - -## Update the dependent charts - -```bash -helm dependency update -``` - -## Installing OpenEBS - -```bash -helm install --namespace openebs openebs/openebs -``` - -## Installing OpenEBS with the release name - -```bash -helm install --name `my-release` --namespace openebs openebs/openebs -``` - -## To uninstall/delete instance with release name - -```bash -helm ls --all -helm delete `my-release` -``` - -## Configuration - -The following table lists the configurable parameters of the OpenEBS chart and their default values. - -| Parameter | Description | Default | -| ----------------------------------------| --------------------------------------------- | ----------------------------------------- | -| `rbac.create` | Enable RBAC Resources | `true` | -| `rbac.pspEnabled` | Create pod security policy resources | `false` | -| `image.pullPolicy` | Container pull policy | `IfNotPresent` | -| `image.repository` | Specify which docker registry to use | `""` | -| `apiserver.enabled` | Enable API Server | `true` | -| `apiserver.image` | Image for API Server | `openebs/m-apiserver` | -| `apiserver.imageTag` | Image Tag for API Server | `2.11.0` | -| `apiserver.replicas` | Number of API Server Replicas | `1` | -| `apiserver.sparse.enabled` | Create Sparse Pool based on Sparsefile | `false` | -| `apiserver.resources` | Set resource limits for API Server | `{}` | -| `provisioner.enabled` | Enable Provisioner | `true` | -| `provisioner.image` | Image for Provisioner | `openebs/openebs-k8s-provisioner` | -| `provisioner.imageTag` | Image Tag for Provisioner | `2.11.0` | -| `provisioner.replicas` | Number of Provisioner Replicas | `1` | -| `provisioner.resources` | Set resource limits for Provisioner | `{}` | -| `provisioner.patchJivaNodeAffinity` | Enable/disable node affinity on jiva replica deployment| `enabled` | -| `localprovisioner.enabled` | Enable localProvisioner | `true` | -| `localprovisioner.image` | Image for localProvisioner | `openebs/provisioner-localpv` | -| `localprovisioner.imageTag` | Image Tag for localProvisioner | `2.11.0` | -| `localprovisioner.replicas` | Number of localProvisioner Replicas | `1` | -| `localprovisioner.basePath` | BasePath for hostPath volumes on Nodes | `/var/openebs/local` | -| `localprovisioner.resources` | Set resource limits for localProvisioner | `{}` | -| `webhook.enabled` | Enable admission server | `true` | -| `webhook.image` | Image for admission server | `openebs/admission-server` | -| `webhook.imageTag` | Image Tag for admission server | `2.11.0` | -| `webhook.replicas` | Number of admission server Replicas | `1` | -| `webhook.hostNetwork` | Use hostNetwork in admission server | `false` | -| `webhook.resources` | Set resource limits for admission server | `{}` | -| `snapshotOperator.enabled` | Enable Snapshot Provisioner | `true` | -| `snapshotOperator.provisioner.image` | Image for Snapshot Provisioner | `openebs/snapshot-provisioner` | -| `snapshotOperator.provisioner.imageTag` | Image Tag for Snapshot Provisioner | `2.11.0` | -| `snapshotOperator.controller.image` | Image for Snapshot Controller | `openebs/snapshot-controller` | -| `snapshotOperator.controller.imageTag` | Image Tag for Snapshot Controller | `2.11.0` | -| `snapshotOperator.replicas` | Number of Snapshot Operator Replicas | `1` | -| `snapshotOperator.provisioner.resources`| Set resource limits for Snapshot Provisioner | `{}` | -| `snapshotOperator.controller.resources` | Set resource limits for Snapshot Controller | `{}` | -| `ndm.enabled` | Enable Node Disk Manager | `true` | -| `ndm.image` | Image for Node Disk Manager | `openebs/node-disk-manager` | -| `ndm.imageTag` | Image Tag for Node Disk Manager | `1.6.0` | -| `ndm.sparse.path` | Directory where Sparse files are created | `/var/openebs/sparse` | -| `ndm.sparse.size` | Size of the sparse file in bytes | `10737418240` | -| `ndm.sparse.count` | Number of sparse files to be created | `0` | -| `ndm.filters.enableOsDiskExcludeFilter` | Enable filters of OS disk exclude | `true` | -| `ndm.filters.osDiskExcludePaths` | Paths/Mountpoints to be excluded by OS Disk Filter| `/,/etc/hosts,/boot` | -| `ndm.filters.enableVendorFilter` | Enable filters of vendors | `true` | -| `ndm.filters.excludeVendors` | Exclude devices with specified vendor | `CLOUDBYT,OpenEBS` | -| `ndm.filters.enablePathFilter` | Enable filters of paths | `true` | -| `ndm.filters.includePaths` | Include devices with specified path patterns | `""` | -| `ndm.filters.excludePaths` | Exclude devices with specified path patterns | `/dev/loop,/dev/fd0,/dev/sr0,/dev/ram,/dev/dm-,/dev/md,/dev/rbd,/dev/zd`| -| `ndm.probes.enableSeachest` | Enable Seachest probe for NDM | `false` | -| `ndm.resources` | Set resource limits for NDM | `{}` | -| `ndmOperator.enabled` | Enable NDM Operator | `true` | -| `ndmOperator.image` | Image for NDM Operator | `openebs/node-disk-operator` | -| `ndmOperator.imageTag` | Image Tag for NDM Operator | `1.6.0` | -| `ndmOperator.resources` | Set resource limits for NDM Operator | `{}` | -| `jiva.image` | Image for Jiva | `openebs/jiva` | -| `jiva.imageTag` | Image Tag for Jiva | `2.11.0` | -| `jiva.replicas` | Number of Jiva Replicas | `3` | -| `jiva.defaultStoragePath` | hostpath used by default Jiva StorageClass | `/var/openebs` | -| `cstor.pool.image` | Image for cStor Pool | `openebs/cstor-pool` | -| `cstor.pool.imageTag` | Image Tag for cStor Pool | `2.11.0` | -| `cstor.poolMgmt.image` | Image for cStor Pool Management | `openebs/cstor-pool-mgmt` | -| `cstor.poolMgmt.imageTag` | Image Tag for cStor Pool Management | `2.11.0` | -| `cstor.target.image` | Image for cStor Target | `openebs/cstor-istgt` | -| `cstor.target.imageTag` | Image Tag for cStor Target | `2.11.0` | -| `cstor.volumeMgmt.image` | Image for cStor Volume Management | `openebs/cstor-volume-mgmt` | -| `cstor.volumeMgmt.imageTag` | Image Tag for cStor Volume Management | `2.11.0` | -| `helper.image` | Image for helper | `openebs/linux-utils` | -| `helper.imageTag` | Image Tag for helper | `2.11.0` | -| `featureGates.enabled` | Enable feature gates for OpenEBS | `true` | -| `featureGates.APIService.enabled` | Enable APIService in NDM | `false` | -| `featureGates.UseOSDisk.enabled` | Enable using unused partitions on OS Disk | `false` | -| `featureGates.MountChangeDetection.enabled` | Enable feature-gate to detect mountpoint/filesystem changes | `false` | -| `crd.enableInstall` | Enable installation of CRDs by OpenEBS | `true` | -| `policies.monitoring.image` | Image for Prometheus Exporter | `openebs/m-exporter` | -| `policies.monitoring.imageTag` | Image Tag for Prometheus Exporter | `2.11.0` | -| `analytics.enabled` | Enable sending stats to Google Analytics | `true` | -| `analytics.pingInterval` | Duration(hours) between sending ping stat | `24h` | -| `defaultStorageConfig.enabled` | Enable default storage class installation | `true` | -| `varDirectoryPath.baseDir` | To store debug info of OpenEBS containers | `/var/openebs` | -| `healthCheck.initialDelaySeconds` | Delay before liveness probe is initiated | `30` | -| `healthCheck.periodSeconds` | How often to perform the liveness probe | `60` | -| `cleanup.image.registry` | Cleanup pre hook image registry | `nil` | -| `cleanup.image.repository` | Cleanup pre hook image repository | `"bitnami/kubectl"` | -| `cleanup.image.tag` | Cleanup pre hook image tag | `if not provided determined by the k8s version` | -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```bash -helm install --name openebs -f values.yaml openebs/openebs -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -## Below charts are dependent charts of this chart -- [openebs-ndm](https://openebs.github.io/node-disk-manager) -- [localpv-provisioner](https://openebs.github.io/dynamic-localpv-provisioner) -- [cstor](https://openebs.github.io/cstor-operators) -- [jiva](https://openebs.github.io/jiva-operator) -- [zfs-localpv](https://openebs.github.io/zfs-localpv) -- [lvm-localpv](https://openebs.github.io/lvm-localpv) - -## Dependency tree of this chart -```bash -openebs -├── openebs-ndm -├── localpv-provisioner -│ └── openebs-ndm (optional) -├── jiva -│ └── localpv-provisioner -│ └── openebs-ndm (optional) -├── cstor -│ └── openebs-ndm -├── zfs-localpv -└── lvm-localpv -``` - -#### (Default) Install Jiva, cStor and Local PV with out-of-tree provisioners -```bash -helm install openebs openebs/openebs --namespace openebs --create-namespace -``` - -#### Install cStor with CSI driver -```bash -helm install openebs openebs/openebs --namespace openebs --create-namespace \ ---set localprovisioner.enabled=false \ ---set ndm.enabled=false \ ---set ndmOperator.enabled=false \ ---set webhook.enabled=false \ ---set snapshotOperator.enabled=false \ ---set provisioner.enabled=false \ ---set apiserver.enabled=false \ ---set cstor.enabled=true \ ---set openebs-ndm.enabled=true -``` - -#### Install Jiva with CSI driver -```bash -helm install openebs openebs/openebs --namespace openebs --create-namespace \ ---set localprovisioner.enabled=false \ ---set ndm.enabled=false \ ---set ndmOperator.enabled=false \ ---set webhook.enabled=false \ ---set snapshotOperator.enabled=false \ ---set provisioner.enabled=false \ ---set apiserver.enabled=false \ ---set jiva.enabled=true \ ---set openebs-ndm.enabled=true \ ---set localpv-provisioner.enabled=true -``` - -#### Install ZFS Local PV -```bash -helm install openebs openebs/openebs --namespace openebs --create-namespace \ ---set localprovisioner.enabled=false \ ---set ndm.enabled=false \ ---set ndmOperator.enabled=false \ ---set webhook.enabled=false \ ---set snapshotOperator.enabled=false \ ---set provisioner.enabled=false \ ---set apiserver.enabled=false \ ---set zfs-localpv.enabled=true -``` - -#### Install LVM Local PV -```bash -helm install openebs openebs/openebs --namespace openebs --create-namespace \ ---set localprovisioner.enabled=false \ ---set ndm.enabled=false \ ---set ndmOperator.enabled=false \ ---set webhook.enabled=false \ ---set snapshotOperator.enabled=false \ ---set provisioner.enabled=false \ ---set apiserver.enabled=false \ ---set lvm-localpv.enabled=true -``` - -#### Install Local PV hostpath and device -```bash -helm install openebs openebs/openebs --namespace openebs --create-namespace \ ---set localprovisioner.enabled=false \ ---set ndm.enabled=false \ ---set ndmOperator.enabled=false \ ---set openebs-ndm.enabled=true \ ---set localpv-provisioner.enabled=true -``` - -> **Tip**: You can install multiple csi driver by merging the configuration. diff --git a/charts/openebs/openebs/2.11.0/app-readme.md b/charts/openebs/openebs/2.11.0/app-readme.md deleted file mode 100644 index e6a3d5f48..000000000 --- a/charts/openebs/openebs/2.11.0/app-readme.md +++ /dev/null @@ -1,10 +0,0 @@ -# OpenEBS - -OpenEBS is an open source storage platform that provides persistent container attached, cloud-native block storage for DevOps and for Kubernetes environments. - -OpenEBS allows you to treat your persistent workload containers, such as DBs on containers, just like other containers. OpenEBS itself is deployed as just another container on your host and enables storage services that can be designated on a per pod, application, cluster or container level, including: -- Data persistence across nodes, dramatically reducing time spent rebuilding Cassandra rings for example. -- Synchronization of data across availability zones and cloud providers. -- Use of commodity hardware plus a container engine to deliver so called container attached block storage. -- Integration with Kubernetes, so developer and application intent flows into OpenEBS configurations automatically. -- Management of tiering to and from S3 and other targets. diff --git a/charts/openebs/openebs/2.11.0/charts/cstor/.helmignore b/charts/openebs/openebs/2.11.0/charts/cstor/.helmignore deleted file mode 100644 index 0e8a0eb36..000000000 --- a/charts/openebs/openebs/2.11.0/charts/cstor/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/openebs/openebs/2.11.0/charts/cstor/Chart.lock b/charts/openebs/openebs/2.11.0/charts/cstor/Chart.lock deleted file mode 100644 index e544a335d..000000000 --- a/charts/openebs/openebs/2.11.0/charts/cstor/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: openebs-ndm - repository: https://openebs.github.io/node-disk-manager - version: 1.6.0 -digest: sha256:bb37660c475faea9651f07b43f655da8f19d251b3227da70ec4990fae6d380f0 -generated: "2021-07-16T06:27:46.122817861Z" diff --git a/charts/openebs/openebs/2.11.0/charts/cstor/Chart.yaml b/charts/openebs/openebs/2.11.0/charts/cstor/Chart.yaml deleted file mode 100644 index 1c7a8cc27..000000000 --- a/charts/openebs/openebs/2.11.0/charts/cstor/Chart.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: v2 -appVersion: 2.11.0 -dependencies: -- condition: openebsNDM.enabled - name: openebs-ndm - repository: https://openebs.github.io/node-disk-manager - version: 1.6.0 -description: CStor-Operator helm chart for Kubernetes -home: http://www.openebs.io/ -icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/openebs/icon/color/openebs-icon-color.png -keywords: -- cloud-native-storage -- block-storage -- iSCSI -- storage -- cstor -- cstor-operators -maintainers: -- email: kiran.mova@mayadata.io - name: kiranmova -- email: prateek.pandey@mayadata.io - name: prateekpandey14 -- email: sonasingh46@gmail.com - name: sonasingh46 -name: cstor -sources: -- https://github.com/openebs/cstor-operators -type: application -version: 2.11.0 diff --git a/charts/openebs/openebs/2.11.0/charts/cstor/README.md b/charts/openebs/openebs/2.11.0/charts/cstor/README.md deleted file mode 100644 index 06f7b18e4..000000000 --- a/charts/openebs/openebs/2.11.0/charts/cstor/README.md +++ /dev/null @@ -1,241 +0,0 @@ -# OpenEBS CStor - -[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0) -![Release Charts](https://github.com/openebs/cstor-operators/workflows/Release%20Charts/badge.svg?branch=master) -![Chart Lint and Test](https://github.com/openebs/cstor-operators/workflows/Chart%20Lint%20and%20Test/badge.svg) - -OpenEBS CStor helm chart for Kubernetes. This chart bootstraps OpenEBS cstor operators and csi driver deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager - -**Homepage:** - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| kiranmova | kiran.mova@mayadata.io | | -| prateekpandey14 | prateek.pandey@mayadata.io | | -| sonasingh46 | sonasingh46@gmail.com | | - -## Get Repo Info - -```console -helm repo add openebs-cstor https://openebs.github.io/cstor-operators -helm repo update -``` - -_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ - -## Install Chart - -Please visit the [link](https://openebs.github.io/cstor-operators) for install instructions via helm3. - -```console -# Helm -$ helm install [RELEASE_NAME] openebs-cstor/cstor --namespace [NAMESPACE] -``` -

- Click here if you're using MicroK8s. - - ```console - microk8s helm3 install [RELEASE_NAME] openebs-cstor/cstor --namespace [NAMESPACE] --set-string csiNode.kubeletDir="/var/snap/microk8s/common/var/lib/kubelet/" - ``` -
- -_See [configuration](#configuration) below._ - -_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._ - - -## Dependencies - -By default this chart installs additional, dependent charts: - -| Repository | Name | Version | -|------------|------|---------| -| https://openebs.github.io/node-disk-manager | openebs-ndm | 1.6.0 | - -To disable the dependency during installation, set `openebsNDM.enabled` to `false`. - -_See [helm dependency](https://helm.sh/docs/helm/helm_dependency/) for command documentation._ - -## Uninstall Chart - -```console -# Helm -$ helm uninstall [RELEASE_NAME] --namespace [NAMESPACE] -``` - -This removes all the Kubernetes components associated with the chart and deletes the release. - -_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._ - -## Upgrading Chart - -```console -# Helm -$ helm upgrade [RELEASE_NAME] [CHART] --install --namespace [NAMESPACE] -``` - -## Configuration - -The following table lists the configurable parameters of the OpenEBS CStor chart and their default values. - -You can modify different parameters by specifying the desired value in the `helm install` command by using the `--set` and/or the `--set-string` flag(s). You can modify the parameters of the [Node Disk Manager chart](https://openebs.github.io/node-disk-manager) by adding `openebs-ndm` before the desired parameter in the `helm install` command. - -In the following sample command we modify `csiNode.nodeSelector` from the cstor chart and `ndm.nodeSelector` from the openebs-ndm chart to only schedule pods on nodes labelled with `openebs.io/data-plane=true`. We also enable the 'Use OS-disk' feature gate using the `featureGates.UseOSDisk.enabled` parameter from the openebs-ndm chart. - - -```console -helm install openebs-cstor openebs-cstor/cstor --namespace openebs --create-namespace \ - --set-string csiNode.nodeSelector."openebs\.io/data-plane"=true \ - --set-string openebs-ndm.ndm.nodeSelector."openebs\.io/data-plane"=true \ - --set openebs-ndm.featureGates.UseOSDisk.enabled=true -``` -
- Click here if you're using MicroK8s. - - If you are using MicroK8s, it is necessary to add the following flag: - - ```console - --set-string csiNode.kubeletDir="/var/snap/microk8s/common/var/lib/kubelet/" - ``` -
- -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| admissionServer.annotations | object | `{}` | Admission webhook annotations | -| admissionServer.componentName | string | `"cstor-admission-webhook"` | Admission webhook Component Name | -| admissionServer.failurePolicy | string | `"Fail"` | Admission Webhook failure policy | -| admissionServer.image.pullPolicy | string | `"IfNotPresent"` | Admission webhook image pull policy | -| admissionServer.image.registry | string | `nil` | Admission webhook image registry | -| admissionServer.image.repository | string | `"openebs/cstor-webhook"` | Admission webhook image repo | -| admissionServer.image.tag | string | `"2.11.0"` | Admission webhook image tag | -| admissionServer.nodeSelector | object | `{}` | Admission webhook pod node selector | -| admissionServer.podAnnotations | object | `{}` | Admission webhook pod annotations | -| admissionServer.resources | object | `{}` | Admission webhook pod resources | -| admissionServer.securityContext | object | `{}` | Admission webhook security context | -| admissionServer.tolerations | list | `[]` | Admission webhook tolerations | -| cleanup.image.registry | string | `nil` | cleanup pre hook image registry | -| cleanup.image.repository | string | `"bitnami/kubectl"` | cleanup pre hook image repository | -| csiController.annotations | object | `{}` | CSI controller annotations | -| csiController.attacher.image.pullPolicy | string | `"IfNotPresent"` | CSI attacher image pull policy | -| csiController.attacher.image.registry | string | `"k8s.gcr.io/"` | CSI attacher image registry | -| csiController.attacher.image.repository | string | `"sig-storage/csi-attacher"` | CSI attacher image repo | -| csiController.attacher.image.tag | string | `"v3.1.0"` | CSI attacher image tag | -| csiController.attacher.name | string | `"csi-attacher"` | CSI attacher container name| -| csiController.componentName | string | `"openebs-cstor-csi-controller"` | CSI controller component name | -| csiController.nodeSelector | object | `{}` | CSI controller pod node selector | -| csiController.podAnnotations | object | `{}` | CSI controller pod annotations | -| csiController.provisioner.image.pullPolicy | string | `"IfNotPresent"` | CSI provisioner image pull policy | -| csiController.provisioner.image.registry | string | `"k8s.gcr.io/"` | CSI provisioner image pull registry | -| csiController.provisioner.image.repository | string | `"sig-storage/csi-provisioner"` | CSI provisioner image pull repository | -| csiController.provisioner.image.tag | string | `"v2.1.0"` | CSI provisioner image tag | -| csiController.provisioner.name | string | `"csi-provisioner"` | CSI provisioner container name | -| csiController.resizer.image.pullPolicy | string | `"IfNotPresent"` | CSI resizer image pull policy | -| csiController.resizer.image.registry | string | `"k8s.gcr.io/"` | CSI resizer image registry | -| csiController.resizer.image.repository | string | `"sig-storage/csi-resizer"` | CSI resizer image repository| -| csiController.resizer.image.tag | string | `"v1.1.0"` | CSI resizer image tag | -| csiController.resizer.name | string | `"csi-resizer"` | CSI resizer container name | -| csiController.resources | object | `{}` | CSI controller container resources | -| csiController.securityContext | object | `{}` | CSI controller security context | -| csiController.snapshotController.image.pullPolicy | string | `"IfNotPresent"` | CSI snapshot controller image pull policy | -| csiController.snapshotController.image.registry | string | `"k8s.gcr.io/"` | CSI snapshot controller image registry | -| csiController.snapshotController.image.repository | string | `"sig-storage/snapshot-controller"` | CSI snapshot controller image repository | -| csiController.snapshotController.image.tag | string | `"v3.0.3"` | CSI snapshot controller image tag | -| csiController.snapshotController.name | string | `"snapshot-controller"` | CSI snapshot controller container name | -| csiController.snapshotter.image.pullPolicy | string | `"IfNotPresent"` | CSI snapshotter image pull policy | -| csiController.snapshotter.image.registry | string | `"k8s.gcr.io/"` | CSI snapshotter image pull registry | -| csiController.snapshotter.image.repository | string | `"sig-storage/csi-snapshotter"` | CSI snapshotter image repository | -| csiController.snapshotter.image.tag | string | `"v3.0.3"` | CSI snapshotter image tag | -| csiController.snapshotter.name | string | `"csi-snapshotter"` | CSI snapshotter container name | -| csiController.tolerations | list | `[]` | CSI controller pod tolerations | -| csiNode.annotations | object | `{}` | CSI Node annotations | -| csiNode.componentName | string | `"openebs-cstor-csi-node"` | CSI Node component name | -| csiNode.driverRegistrar.image.pullPolicy | string | `"IfNotPresent"` | CSI Node driver registrar image pull policy| -| csiNode.driverRegistrar.image.registry | string | `"k8s.gcr.io/"` | CSI Node driver registrar image registry | -| csiNode.driverRegistrar.image.repository | string | `"sig-storage/csi-node-driver-registrar"` | CSI Node driver registrar image repository | -| csiNode.driverRegistrar.image.tag | string | `"v2.1.0"` | CSI Node driver registrar image tag| -| csiNode.driverRegistrar.name | string | `"csi-node-driver-registrar"` | CSI Node driver registrar container name | -| csiNode.kubeletDir | string | `"/var/lib/kubelet/"` | Kubelet root dir | -| csiNode.labels | object | `{}` | CSI Node pod labels | -| csiNode.nodeSelector | object | `{}` | CSI Node pod nodeSelector | -| csiNode.podAnnotations | object | `{}` | CSI Node pod annotations | -| csiNode.resources | object | `{}` | CSI Node pod resources | -| csiNode.securityContext | object | `{}` | CSI Node pod security context | -| csiNode.tolerations | list | `[]` | CSI Node pod tolerations | -| csiNode.updateStrategy.type | string | `"RollingUpdate"` | CSI Node daemonset update strategy | -| cspcOperator.annotations | object | `{}` | CSPC operator annotations | -| cspcOperator.componentName | string | `"cspc-operator"` | CSPC operator component name | -| cspcOperator.cstorPool.image.registry | string | `nil` | CStor pool image registry | -| cspcOperator.cstorPool.image.repository | string | `"openebs/cstor-pool"` | CStor pool image repository| -| cspcOperator.cstorPool.image.tag | string | `"2.11.0"` | CStor pool image tag | -| cspcOperator.cstorPoolExporter.image.registry | string | `nil` | CStor pool exporter image registry | -| cspcOperator.cstorPoolExporter.image.repository | string | `"openebs/m-exporter"` | CStor pool exporter image repository | -| cspcOperator.cstorPoolExporter.image.tag | string | `"2.11.0"` | CStor pool exporter image tag | -| cspcOperator.image.pullPolicy | string | `"IfNotPresent"` | CSPC operator image pull policy | -| cspcOperator.image.registry | string | `nil` | CSPC operator image registry | -| cspcOperator.image.repository | string | `"openebs/cspc-operator"` | CSPC operator image repository | -| cspcOperator.image.tag | string | `"2.11.0"` | CSPC operator image tag | -| cspcOperator.nodeSelector | object | `{}` | CSPC operator pod nodeSelector| -| cspcOperator.podAnnotations | object | `{}` | CSPC operator pod annotations | -| cspcOperator.poolManager.image.registry | string | `nil` | CStor Pool Manager image registry | -| cspcOperator.poolManager.image.repository | string | `"openebs/cstor-pool-manager"` | CStor Pool Manager image repository | -| cspcOperator.poolManager.image.tag | string | `"2.11.0"` | CStor Pool Manager image tag | -| cspcOperator.resources | object | `{}` | CSPC operator pod resources | -| cspcOperator.resyncInterval | string | `"30"` | CSPC operator resync interval | -| cspcOperator.securityContext | object | `{}` | CSPC operator security context | -| cspcOperator.tolerations | list | `[]` | CSPC operator pod tolerations | -| cstorCSIPlugin.image.pullPolicy | string | `"IfNotPresent"` | CStor CSI driver image pull policy | -| cstorCSIPlugin.image.registry | string | `nil` | CStor CSI driver image registry | -| cstorCSIPlugin.image.repository | string | `"openebs/cstor-csi-driver"` | CStor CSI driver image repository | -| cstorCSIPlugin.image.tag | string | `"2.11.0"` | CStor CSI driver image tag | -| cstorCSIPlugin.name | string | `"cstor-csi-plugin"` | CStor CSI driver container name | -| cstorCSIPlugin.remount | string | `"true"` | Enable/disable auto-remount when volume recovers from read-only state | -| cvcOperator.annotations | object | `{}` | CVC operator annotations | -| cvcOperator.componentName | string | `"cvc-operator"` | CVC operator component name | -| cvcOperator.image.pullPolicy | string | `"IfNotPresent"` | CVC operator image pull policy | -| cvcOperator.image.registry | string | `nil` | CVC operator image registry | -| cvcOperator.image.repository | string | `"openebs/cvc-operator"` | CVC operator image repository | -| cvcOperator.image.tag | string | `"2.11.0"` | CVC operator image tag | -| cvcOperator.nodeSelector | object | `{}` | CVC operator pod nodeSelector | -| cvcOperator.podAnnotations | object | `{}` | CVC operator pod annotations | -| cvcOperator.resources | object | `{}` |CVC operator pod resources | -| cvcOperator.resyncInterval | string | `"30"` | CVC operator resync interval | -| cvcOperator.securityContext | object | `{}` | CVC operator security context | -| cvcOperator.target.image.registry | string | `nil` | Volume Target image registry | -| cvcOperator.target.image.repository | string | `"openebs/cstor-istgt"` | Volume Target image repository | -| cvcOperator.target.image.tag | string | `"2.11.0"` | Volume Target image tag | -| cvcOperator.tolerations | list | `[]` | CVC operator pod tolerations | -| cvcOperator.volumeExporter.image.registry | string | `nil` | Volume exporter image registry | -| cvcOperator.volumeExporter.image.repository | string | `"openebs/m-exporter"` | Volume exporter image repository | -| cvcOperator.volumeExporter.image.tag | string | `"2.11.0"` | Volume exporter image tag | -| cvcOperator.volumeMgmt.image.registry | string | `nil` | Volume mgmt image registry | -| cvcOperator.volumeMgmt.image.repository | string | `"openebs/cstor-volume-manager"` | Volume mgmt image repository | -| cvcOperator.volumeMgmt.image.tag | string | `"2.11.0"` | Volume mgmt image tag| -| imagePullSecrets | string | `nil` | Image registry pull secrets | -| openebsNDM.enabled | bool | `true` | Enable OpenEBS NDM dependency | -| openebs-ndm.featureGates.APIService.enabled | bool | `true` | Enable 'API Service' feature gate for NDM | -| openebs-ndm.featureGates.GPTBasedUUID.enabled | bool | `true` | Enable 'GPT-based UUID' feature gate for NDM | -| openebs-ndm.featureGates.UseOSDisk.enabled | bool | `false` | Enable 'Use OS-disk' feature gate for NDM | -| openebs-ndm.helperPod.image.registry | string | `nil` | Registry for helper image | -| openebs-ndm.helperPod.image.repository | string | `openebs/linux-utils` | Image repository for helper pod | -| openebs-ndm.ndm.filters.enableOsDiskExcludeFilter | bool | `true` | Enable filters of OS disk exclude | -| openebs-ndm.ndm.filters.enableVendorFilter | bool | `true` | Enable filters of vendors | -| openebs-ndm.ndm.filters.excludeVendors | string | `"CLOUDBYT,OpenEBS"` | Exclude devices with specified vendor | -| openebs-ndm.ndm.filters.enablePathFilter | bool | `true` | Enable filters of paths | -| openebs-ndm.ndm.filters.includePaths | string | `""` | Include devices with specified path patterns | -| openebs-ndm.ndm.filters.excludePaths | string | `"loop,fd0,sr0,/dev/ram,/dev/dm-,/dev/md,/dev/rbd,/dev/zd"` | Exclude devices with specified path patterns | -| openebs-ndm.ndm.image.registry | string | `nil` | Registry for Node Disk Manager image | -| openebs-ndm.ndm.image.repository | string | `openebs/node-disk-manager` | Image repository for Node Disk Manager | -| openebs-ndm.ndm.nodeSelector | object | `{}` | Nodeselector for daemonset pods | -| openebs-ndm.ndmOperator.image.registry | string | `nil` | Registry for NDM operator image | -| openebs-ndm.ndmOperator.image.repository | string | `openebs/node-disk-operator` | Image repository for NDM operator | -| rbac.create | bool | `true` | Enable RBAC | -| rbac.pspEnabled | bool | `false` | Enable PodSecurityPolicy | -| release.version | string | `"2.11.0"` | Openebs CStor release version | -| serviceAccount.annotations | object | `{}` | Service Account annotations | -| serviceAccount.csiController.create | bool | `true` | Enable CSI Controller ServiceAccount | -| serviceAccount.csiController.name | string | `"openebs-cstor-csi-controller-sa"` | CSI Controller ServiceAccount name | -| serviceAccount.csiNode.create | bool | `true` | Enable CSI Node ServiceAccount | -| serviceAccount.csiNode.name | string | `"openebs-cstor-csi-node-sa"` | CSI Node ServiceAccount name | - diff --git a/charts/openebs/openebs/2.11.0/charts/cstor/charts/openebs-ndm/Chart.yaml b/charts/openebs/openebs/2.11.0/charts/cstor/charts/openebs-ndm/Chart.yaml deleted file mode 100644 index 890c4887b..000000000 --- a/charts/openebs/openebs/2.11.0/charts/cstor/charts/openebs-ndm/Chart.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v2 -appVersion: 1.6.0 -description: Helm chart for OpenEBS Node Disk Manager - a Kubernetes native storage - device management solution. For instructions on how to install, refer to https://openebs.github.io/node-disk-manager/. -home: http://www.openebs.io/ -icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/openebs/icon/color/openebs-icon-color.png -keywords: -- cloud-native-storage -- block-storage -- ndm -- disk-inventory -- storage -maintainers: -- email: akhil.mohan@mayadata.io - name: akhilerm -- email: michaelfornaro@gmail.com - name: xUnholy -- email: prateek.pandey@mayadata.io - name: prateekpandey14 -name: openebs-ndm -sources: -- https://github.com/openebs/node-disk-manager -version: 1.6.0 diff --git a/charts/openebs/openebs/2.11.0/charts/cstor/charts/openebs-ndm/README.md b/charts/openebs/openebs/2.11.0/charts/cstor/charts/openebs-ndm/README.md deleted file mode 100644 index 497b6b450..000000000 --- a/charts/openebs/openebs/2.11.0/charts/cstor/charts/openebs-ndm/README.md +++ /dev/null @@ -1,79 +0,0 @@ -## Introduction - -This chart bootstraps OpenEBS NDM deployment on a [Kubernetes](http://kubernetes.io) cluster using the -[Helm](https://helm.sh) package manager. - -## Installation - -You can run OpenEBS NDM on any Kubernetes 1.13+ cluster in a matter of seconds. - -Please visit the [link](https://openebs.github.io/node-disk-manager/) for install instructions via helm3. - -## Configuration - -The following table lists the configurable parameters of the OpenEBS NDM chart and their default values. - -| Parameter | Description | Default | -| ----------------------------------------| --------------------------------------------- | ----------------------------------------- | -| `imagePullSecrets` | Provides image pull secrect | `""` | -| `ndm.enabled` | Enable Node Disk Manager | `true` | -| `ndm.image.registry` | Registry for Node Disk Manager image | `""` | -| `ndm.image.repository` | Image repository for Node Disk Manager | `openebs/node-disk-manager` | -| `ndm.image.pullPolicy` | Image pull policy for Node Disk Manager | `IfNotPresent` | -| `ndm.image.tag` | Image tag for Node Disk Manager | `1.5.0` | -| `ndm.sparse.path` | Directory where Sparse files are created | `/var/openebs/sparse` | -| `ndm.sparse.size` | Size of the sparse file in bytes | `10737418240` | -| `ndm.sparse.count` | Number of sparse files to be created | `0` | -| `ndm.updateStrategy.type` | Update strategy for NDM daemonset | `RollingUpdate` | -| `ndm.annotations` | Annotations for NDM daemonset metadata | `""` | -| `ndm.podAnnotations` | Annotations for NDM daemonset's pods metadata | `""` | -| `ndm.resources` | Resource and request and limit for containers | `""` | -| `ndm.podLabels` | Appends labels to the pods | `""` | -| `ndm.nodeSelector` | Nodeselector for daemonset pods | `""` | -| `ndm.tolerations` | NDM daemonset's pod toleration values | `""` | -| `ndm.securityContext` | Seurity context for container | `""` | -| `ndm.filters.enableOsDiskExcludeFilter` | Enable filters of OS disk exclude | `true` | -| `ndm.filters.osDiskExcludePaths` | Paths/Mountpoints to be excluded by OS Disk Filter| `/,/etc/hosts,/boot` | -| `ndm.filters.enableVendorFilter` | Enable filters of vendors | `true` | -| `ndm.filters.excludeVendors` | Exclude devices with specified vendor | `CLOUDBYT,OpenEBS` | -| `ndm.filters.enablePathFilter` | Enable filters of paths | `true` | -| `ndm.filters.includePaths` | Include devices with specified path patterns | `""` | -| `ndm.filters.excludePaths` | Exclude devices with specified path patterns | `loop,fd0,sr0,/dev/ram,/dev/dm-,/dev/md,/dev/rbd,/dev/zd`| -| `ndm.probes.enableSeachest` | Enable Seachest probe for NDM | `false` | -| `ndm.probes.enableUdevProbe` | Enable Udev probe for NDM | `true` | -| `ndm.probes.enableSmartProbe` | Enable Smart probe for NDM | `true` | -| `ndmOperator.enabled` | Enable NDM Operator | `true` | -| `ndmOperator.replica` | Pod replica count for NDM operator | `1` | -| `ndmOperator.upgradeStrategy` | Update strategy NDM operator | `"Recreate"` | -| `ndmOperator.image.registry` | Registry for NDM operator image | `""` | -| `ndmOperator.image.repository` | Image repository for NDM operator | `openebs/node-disk-operator` | -| `ndmOperator.image.pullPolicy` | Image pull policy for NDM operator | `IfNotPresent` | -| `ndmOperator.image.tag` | Image tag for NDM operator | `1.5.0` | -| `ndmOperator.annotations` | Annotations for NDM operator metadata | `""` | -| `ndmOperator.podAnnotations` | Annotations for NDM operator's pods metadata | `""` | -| `ndmOperator.resources` | Resource and request and limit for containers | `""` | -| `ndmOperator.podLabels` | Appends labels to the pods | `""` | -| `ndmOperator.nodeSelector` | Nodeselector for operator pods | `""` | -| `ndmOperator.tolerations` | NDM operator's pod toleration values | `""` | -| `ndmOperator.securityContext` | Seurity context for container | `""` | -| `featureGates.APIService.enabled` | Enable the gRPC API service of NDM | `false` | -| `featureGates.UseOSDisk.enabled` | Enable feature-gate to use free space on OS disk | `false` | -| `featureGates.MountChangeDetection.enabled` | Enable feature-gate to detect mountpoint/filesystem changes | `false` | -| `helperPod.image.registry` | Registry for helper image | `""` | -| `helperPod.image.repository` | Image for helper pod | `openebs/linux-utils` | -| `helperPod.image.pullPolicy` | Pull policy for helper pod | `IfNotPresent` | -| `helperPod.image.tag` | Image tag for helper image | `2.10.0` | -| `varDirectoryPath.baseDir` | Directory to store debug info and so forth | `/var/openebs` | -| `serviceAccount.create` | Create a service account or not | `true` | -| `serviceAccount.name` | Name for the service account | `true` | - - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```bash -helm install -f values.yaml ndm/openebs-ndm -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) diff --git a/charts/openebs/openebs/2.11.0/charts/cstor/charts/openebs-ndm/crds/blockdevice.yaml b/charts/openebs/openebs/2.11.0/charts/cstor/charts/openebs-ndm/crds/blockdevice.yaml deleted file mode 100644 index 95f40703c..000000000 --- a/charts/openebs/openebs/2.11.0/charts/cstor/charts/openebs-ndm/crds/blockdevice.yaml +++ /dev/null @@ -1,241 +0,0 @@ - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.5.0 - creationTimestamp: null - name: blockdevices.openebs.io -spec: - group: openebs.io - names: - kind: BlockDevice - listKind: BlockDeviceList - plural: blockdevices - shortNames: - - bd - singular: blockdevice - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.nodeAttributes.nodeName - name: NodeName - type: string - - jsonPath: .spec.path - name: Path - priority: 1 - type: string - - jsonPath: .spec.filesystem.fsType - name: FSType - priority: 1 - type: string - - jsonPath: .spec.capacity.storage - name: Size - type: string - - jsonPath: .status.claimState - name: ClaimState - type: string - - jsonPath: .status.state - name: Status - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - description: BlockDevice is the Schema for the blockdevices API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: DeviceSpec defines the properties and runtime status of a BlockDevice - properties: - aggregateDevice: - description: AggregateDevice was intended to store the hierarchical information in cases of LVM. However this is currently not implemented and may need to be re-looked into for better design. To be deprecated - type: string - capacity: - description: Capacity - properties: - logicalSectorSize: - description: LogicalSectorSize is blockdevice logical-sector size in bytes - format: int32 - type: integer - physicalSectorSize: - description: PhysicalSectorSize is blockdevice physical-Sector size in bytes - format: int32 - type: integer - storage: - description: Storage is the blockdevice capacity in bytes - format: int64 - type: integer - required: - - storage - type: object - claimRef: - description: ClaimRef is the reference to the BDC which has claimed this BD - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - type: object - details: - description: Details contain static attributes of BD like model,serial, and so forth - properties: - compliance: - description: Compliance is standards/specifications version implemented by device firmware such as SPC-1, SPC-2, etc - type: string - deviceType: - description: DeviceType represents the type of device like sparse, disk, partition, lvm, crypt - enum: - - disk - - partition - - sparse - - loop - - lvm - - crypt - - dm - - mpath - type: string - driveType: - description: DriveType is the type of backing drive, HDD/SSD - enum: - - HDD - - SSD - - Unknown - - "" - type: string - firmwareRevision: - description: FirmwareRevision is the disk firmware revision - type: string - hardwareSectorSize: - description: HardwareSectorSize is the hardware sector size in bytes - format: int32 - type: integer - logicalBlockSize: - description: LogicalBlockSize is the logical block size in bytes reported by /sys/class/block/sda/queue/logical_block_size - format: int32 - type: integer - model: - description: Model is model of disk - type: string - physicalBlockSize: - description: PhysicalBlockSize is the physical block size in bytes reported by /sys/class/block/sda/queue/physical_block_size - format: int32 - type: integer - serial: - description: Serial is serial number of disk - type: string - vendor: - description: Vendor is vendor of disk - type: string - type: object - devlinks: - description: DevLinks contains soft links of a block device like /dev/by-id/... /dev/by-uuid/... - items: - description: DeviceDevLink holds the mapping between type and links like by-id type or by-path type link - properties: - kind: - description: Kind is the type of link like by-id or by-path. - enum: - - by-id - - by-path - type: string - links: - description: Links are the soft links - items: - type: string - type: array - type: object - type: array - filesystem: - description: FileSystem contains mountpoint and filesystem type - properties: - fsType: - description: Type represents the FileSystem type of the block device - type: string - mountPoint: - description: MountPoint represents the mountpoint of the block device. - type: string - type: object - nodeAttributes: - description: NodeAttributes has the details of the node on which BD is attached - properties: - nodeName: - description: NodeName is the name of the Kubernetes node resource on which the device is attached - type: string - type: object - parentDevice: - description: "ParentDevice was intended to store the UUID of the parent Block Device as is the case for partitioned block devices. \n For example: /dev/sda is the parent for /dev/sda1 To be deprecated" - type: string - partitioned: - description: Partitioned represents if BlockDevice has partitions or not (Yes/No) Currently always default to No. To be deprecated - enum: - - "Yes" - - "No" - type: string - path: - description: Path contain devpath (e.g. /dev/sdb) - type: string - required: - - capacity - - devlinks - - nodeAttributes - - path - type: object - status: - description: DeviceStatus defines the observed state of BlockDevice - properties: - claimState: - description: ClaimState represents the claim state of the block device - enum: - - Claimed - - Unclaimed - - Released - type: string - state: - description: State is the current state of the blockdevice (Active/Inactive/Unknown) - enum: - - Active - - Inactive - - Unknown - type: string - required: - - claimState - - state - type: object - type: object - served: true - storage: true - subresources: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/openebs/openebs/2.11.0/charts/cstor/charts/openebs-ndm/crds/blockdeviceclaim.yaml b/charts/openebs/openebs/2.11.0/charts/cstor/charts/openebs-ndm/crds/blockdeviceclaim.yaml deleted file mode 100644 index 81b9a355e..000000000 --- a/charts/openebs/openebs/2.11.0/charts/cstor/charts/openebs-ndm/crds/blockdeviceclaim.yaml +++ /dev/null @@ -1,144 +0,0 @@ - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.5.0 - creationTimestamp: null - name: blockdeviceclaims.openebs.io -spec: - group: openebs.io - names: - kind: BlockDeviceClaim - listKind: BlockDeviceClaimList - plural: blockdeviceclaims - shortNames: - - bdc - singular: blockdeviceclaim - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.blockDeviceName - name: BlockDeviceName - type: string - - jsonPath: .status.phase - name: Phase - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - description: BlockDeviceClaim is the Schema for the blockdeviceclaims API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: DeviceClaimSpec defines the request details for a BlockDevice - properties: - blockDeviceName: - description: BlockDeviceName is the reference to the block-device backing this claim - type: string - blockDeviceNodeAttributes: - description: BlockDeviceNodeAttributes is the attributes on the node from which a BD should be selected for this claim. It can include nodename, failure domain etc. - properties: - hostName: - description: HostName represents the hostname of the Kubernetes node resource where the BD should be present - type: string - nodeName: - description: NodeName represents the name of the Kubernetes node resource where the BD should be present - type: string - type: object - deviceClaimDetails: - description: Details of the device to be claimed - properties: - allowPartition: - description: AllowPartition represents whether to claim a full block device or a device that is a partition - type: boolean - blockVolumeMode: - description: 'BlockVolumeMode represents whether to claim a device in Block mode or Filesystem mode. These are use cases of BlockVolumeMode: 1) Not specified: VolumeMode check will not be effective 2) VolumeModeBlock: BD should not have any filesystem or mountpoint 3) VolumeModeFileSystem: BD should have a filesystem and mountpoint. If DeviceFormat is specified then the format should match with the FSType in BD' - type: string - formatType: - description: Format of the device required, eg:ext4, xfs - type: string - type: object - deviceType: - description: DeviceType represents the type of drive like SSD, HDD etc., - nullable: true - type: string - hostName: - description: Node name from where blockdevice has to be claimed. To be deprecated. Use NodeAttributes.HostName instead - type: string - resources: - description: Resources will help with placing claims on Capacity, IOPS - properties: - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum resources required. eg: if storage resource of 10G is requested minimum capacity of 10G should be available TODO for validating' - type: object - required: - - requests - type: object - selector: - description: Selector is used to find block devices to be considered for claiming - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - type: object - status: - description: DeviceClaimStatus defines the observed state of BlockDeviceClaim - properties: - phase: - description: Phase represents the current phase of the claim - type: string - required: - - phase - type: object - type: object - served: true - storage: true - subresources: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/openebs/openebs/2.11.0/charts/cstor/charts/openebs-ndm/templates/NOTES.txt b/charts/openebs/openebs/2.11.0/charts/cstor/charts/openebs-ndm/templates/NOTES.txt deleted file mode 100644 index 3c84551b5..000000000 --- a/charts/openebs/openebs/2.11.0/charts/cstor/charts/openebs-ndm/templates/NOTES.txt +++ /dev/null @@ -1,8 +0,0 @@ -The OpenEBS Node Disk Manager has been installed. Check its status by running: -$ kubectl get pods -n {{ .Release.Namespace }} - -Use `kubectl get bd -n {{ .Release.Namespace }} ` to see the list of -blockdevices attached to the Kubernetes cluster nodes. - -For more information, visit our Slack at https://openebs.io/community or view -the documentation online at http://docs.openebs.io/. diff --git a/charts/openebs/openebs/2.11.0/charts/cstor/charts/openebs-ndm/templates/_helpers.tpl b/charts/openebs/openebs/2.11.0/charts/cstor/charts/openebs-ndm/templates/_helpers.tpl deleted file mode 100644 index e6d5b99dc..000000000 --- a/charts/openebs/openebs/2.11.0/charts/cstor/charts/openebs-ndm/templates/_helpers.tpl +++ /dev/null @@ -1,132 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -This name is used for ndm daemonset -*/}} -{{- define "openebs-ndm.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "openebs-ndm.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified ndm daemonset app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "openebs-ndm.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains .Release.Name $name }} -{{- $name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{- define "openebs-ndm.operator.name" -}} -{{- $ndmName := default .Chart.Name .Values.ndmOperator.nameOverride | trunc 63 | trimSuffix "-" }} -{{- $componentName := .Values.ndmOperator.name | trunc 63 | trimSuffix "-" }} -{{- printf "%s-%s" $ndmName $componentName | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified ndm operator app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "openebs-ndm.operator.fullname" -}} -{{- if .Values.ndmOperator.fullnameOverride }} -{{- .Values.ndmOperator.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $ndmOperatorName := include "openebs-ndm.operator.name" .}} - -{{- $name := default $ndmOperatorName .Values.ndmOperator.nameOverride }} -{{- if contains .Release.Name $name }} -{{- $name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "openebs-ndm.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "openebs-ndm.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} - -{{/* -Define meta labels for ndm components -*/}} -{{- define "openebs-ndm.common.metaLabels" -}} -chart: {{ template "openebs-ndm.chart" . }} -heritage: {{ .Release.Service }} -openebs.io/version: {{ .Values.release.version | quote }} -{{- end -}} - - -{{/* -Create match labels for ndm daemonset component -*/}} -{{- define "openebs-ndm.matchLabels" -}} -app: {{ template "openebs-ndm.name" . }} -release: {{ .Release.Name }} -component: {{ .Values.ndm.componentName | quote }} -{{- end -}} - -{{/* -Create component labels for ndm daemonset component -*/}} -{{- define "openebs-ndm.componentLabels" -}} -openebs.io/component-name: {{ .Values.ndm.componentName | quote }} -{{- end -}} - - -{{/* -Create labels for ndm daemonset component -*/}} -{{- define "openebs-ndm.labels" -}} -{{ include "openebs-ndm.common.metaLabels" . }} -{{ include "openebs-ndm.matchLabels" . }} -{{ include "openebs-ndm.componentLabels" . }} -{{- end -}} - -{{/* -Create match labels for ndm operator deployment -*/}} -{{- define "openebs-ndm.operator.matchLabels" -}} -app: {{ template "openebs-ndm.operator.name" . }} -release: {{ .Release.Name }} -component: {{ default (include "openebs-ndm.operator.name" .) .Values.ndmOperator.componentName }} -{{- end -}} - -{{/* -Create component labels for ndm operator component -*/}} -{{- define "openebs-ndm.operator.componentLabels" -}} -openebs.io/component-name: {{ default (include "openebs-ndm.operator.name" .) .Values.ndmOperator.componentName }} -{{- end -}} - - -{{/* -Create labels for ndm operator component -*/}} -{{- define "openebs-ndm.operator.labels" -}} -{{ include "openebs-ndm.common.metaLabels" . }} -{{ include "openebs-ndm.operator.matchLabels" . }} -{{ include "openebs-ndm.operator.componentLabels" . }} -{{- end -}} diff --git a/charts/openebs/openebs/2.11.0/charts/cstor/charts/openebs-ndm/templates/configmap.yaml b/charts/openebs/openebs/2.11.0/charts/cstor/charts/openebs-ndm/templates/configmap.yaml deleted file mode 100644 index 337b0e593..000000000 --- a/charts/openebs/openebs/2.11.0/charts/cstor/charts/openebs-ndm/templates/configmap.yaml +++ /dev/null @@ -1,38 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "openebs-ndm.fullname" . }}-config -data: - # node-disk-manager-config contains config of available probes and filters. - # Probes and Filters will initialize with default values if config for that - # filter or probe are not present in configmap - - # udev-probe is default or primary probe it should be enabled to run ndm - # filterconfigs contains configs of filters. To provide a group of include - # and exclude values add it as , separated string - node-disk-manager.config: | - probeconfigs: - - key: udev-probe - name: udev probe - state: {{ .Values.ndm.probes.enableUdevProbe }} - - key: seachest-probe - name: seachest probe - state: {{ .Values.ndm.probes.enableSeachest }} - - key: smart-probe - name: smart probe - state: {{ .Values.ndm.probes.enableSmartProbe }} - filterconfigs: - - key: os-disk-exclude-filter - name: os disk exclude filter - state: {{ .Values.ndm.filters.enableOsDiskExcludeFilter }} - exclude: "{{ .Values.ndm.filters.osDiskExcludePaths }}" - - key: vendor-filter - name: vendor filter - state: {{ .Values.ndm.filters.enableVendorFilter }} - include: "" - exclude: "{{ .Values.ndm.filters.excludeVendors }}" - - key: path-filter - name: path filter - state: {{ .Values.ndm.filters.enablePathFilter }} - include: "{{ .Values.ndm.filters.includePaths }}" - exclude: "{{ .Values.ndm.filters.excludePaths }}" diff --git a/charts/openebs/openebs/2.11.0/charts/cstor/charts/openebs-ndm/templates/daemonset.yaml b/charts/openebs/openebs/2.11.0/charts/cstor/charts/openebs-ndm/templates/daemonset.yaml deleted file mode 100644 index af66edfe5..000000000 --- a/charts/openebs/openebs/2.11.0/charts/cstor/charts/openebs-ndm/templates/daemonset.yaml +++ /dev/null @@ -1,176 +0,0 @@ -{{- if .Values.ndm.enabled }} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ template "openebs-ndm.fullname" . }} - {{- with .Values.ndm.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} - labels: - {{- include "openebs-ndm.labels" . | nindent 4 }} -spec: - updateStrategy: -{{ toYaml .Values.ndm.updateStrategy | indent 4 }} - selector: - matchLabels: - {{- include "openebs-ndm.matchLabels" . | nindent 6 }} - template: - metadata: - {{- with .Values.ndm.podAnnotations }} - annotations: {{ toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "openebs-ndm.labels" . | nindent 8 }} - {{- with .Values.ndm.podLabels}} - {{ toYaml . | nindent 8 }} - {{- end}} - spec: - serviceAccountName: {{ template "openebs-ndm.serviceAccountName" . }} -{{- if .Values.featureGates.enabled }} -{{- if .Values.featureGates.APIService.enabled }} - hostPID: true -{{- end}} -{{- end}} - containers: - - name: {{ template "openebs-ndm.name" . }} - image: "{{ .Values.ndm.image.registry }}{{ .Values.ndm.image.repository }}:{{ .Values.ndm.image.tag }}" - args: - - -v=4 -{{- if .Values.featureGates.enabled }} -{{- if .Values.featureGates.GPTBasedUUID.enabled }} - - --feature-gates={{ .Values.featureGates.GPTBasedUUID.featureGateFlag }} -{{- end}} -{{- if .Values.featureGates.APIService.enabled }} - - --feature-gates={{ .Values.featureGates.APIService.featureGateFlag }} - - --api-service-address={{ .Values.featureGates.APIService.address }} -{{- end}} -{{- if .Values.featureGates.UseOSDisk.enabled }} - - --feature-gates={{ .Values.featureGates.UseOSDisk.featureGateFlag }} -{{- end}} -{{- if .Values.featureGates.MountChangeDetection.enabled }} - - --feature-gates={{ .Values.featureGates.MountChangeDetection.featureGateFlag }} -{{- end}} -{{- end}} - imagePullPolicy: {{ .Values.ndm.image.pullPolicy }} - resources: -{{ toYaml .Values.ndm.resources | indent 12 }} - securityContext: - privileged: true - env: - # namespace in which NDM is installed will be passed to NDM Daemonset - # as environment variable - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - # pass hostname as env variable using downward API to the NDM container - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName -{{- if .Values.ndm.sparse }} -{{- if .Values.ndm.sparse.path }} - # specify the directory where the sparse files need to be created. - # if not specified, then sparse files will not be created. - - name: SPARSE_FILE_DIR - value: "{{ .Values.ndm.sparse.path }}" -{{- end }} -{{- if .Values.ndm.sparse.size }} - # Size(bytes) of the sparse file to be created. - - name: SPARSE_FILE_SIZE - value: "{{ .Values.ndm.sparse.size }}" -{{- end }} -{{- if .Values.ndm.sparse.count }} - # Specify the number of sparse files to be created - - name: SPARSE_FILE_COUNT - value: "{{ .Values.ndm.sparse.count }}" -{{- end }} -{{- end }} - # Process name used for matching is limited to the 15 characters - # present in the pgrep output. - # So fullname can be used here with pgrep (cmd is < 15 chars). - livenessProbe: - exec: - command: - - pgrep - - "ndm" - initialDelaySeconds: {{ .Values.ndm.healthCheck.initialDelaySeconds }} - periodSeconds: {{ .Values.ndm.healthCheck.periodSeconds }} - volumeMounts: - - name: config - mountPath: /host/node-disk-manager.config - subPath: node-disk-manager.config - readOnly: true - - name: udev - mountPath: /run/udev - - name: procmount - mountPath: /host/proc - readOnly: true - - name: devmount - mountPath: /dev - - name: basepath - mountPath: /var/openebs/ndm -{{- if .Values.ndm.sparse }} -{{- if .Values.ndm.sparse.path }} - - name: sparsepath - mountPath: {{ .Values.ndm.sparse.path }} -{{- end }} -{{- end }} - volumes: - - name: config - configMap: - name: {{ include "openebs-ndm.fullname" . }}-config - - name: udev - hostPath: - path: /run/udev - type: Directory - # mount /proc (to access mount file of process 1 of host) inside container - # to read mount-point of disks and partitions - - name: procmount - hostPath: - path: /proc - type: Directory - - name: devmount - # the /dev directory is mounted so that we have access to the devices that - # are connected at runtime of the pod. - hostPath: - path: /dev - type: Directory - - name: basepath - hostPath: - path: "{{ .Values.varDirectoryPath.baseDir }}/ndm" - type: DirectoryOrCreate -{{- if .Values.ndm.sparse }} -{{- if .Values.ndm.sparse.path }} - - name: sparsepath - hostPath: - path: {{ .Values.ndm.sparse.path }} -{{- end }} -{{- end }} - # By default the node-disk-manager will be run on all kubernetes nodes - # If you would like to limit this to only some nodes, say the nodes - # that have storage attached, you could label those node and use - # nodeSelector. - # - # e.g. label the storage nodes with - "openebs.io/nodegroup"="storage-node" - # kubectl label node "openebs.io/nodegroup"="storage-node" - #nodeSelector: - # "openebs.io/nodegroup": "storage-node" -{{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 6 }} -{{- end }} -{{- if .Values.ndm.nodeSelector }} - nodeSelector: -{{ toYaml .Values.ndm.nodeSelector | indent 8 }} -{{- end }} -{{- if .Values.ndm.tolerations }} - tolerations: -{{ toYaml .Values.ndm.tolerations | indent 8 }} -{{- end }} -{{- if .Values.ndm.securityContext }} - securityContext: -{{ toYaml .Values.ndm.securityContext | indent 8 }} -{{- end }} - hostNetwork: true -{{- end }} diff --git a/charts/openebs/openebs/2.11.0/charts/cstor/charts/openebs-ndm/templates/deployment.yaml b/charts/openebs/openebs/2.11.0/charts/cstor/charts/openebs-ndm/templates/deployment.yaml deleted file mode 100644 index 4a54dc777..000000000 --- a/charts/openebs/openebs/2.11.0/charts/cstor/charts/openebs-ndm/templates/deployment.yaml +++ /dev/null @@ -1,87 +0,0 @@ -{{- if .Values.ndmOperator.enabled }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "openebs-ndm.operator.fullname" . }} - {{- with .Values.ndmOperator.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} - labels: - {{- include "openebs-ndm.operator.labels" . | nindent 4 }} -spec: - replicas: {{ .Values.ndmOperator.replicas }} - strategy: - type: "Recreate" - rollingUpdate: null - selector: - matchLabels: - {{- include "openebs-ndm.operator.matchLabels" . | nindent 6 }} - template: - metadata: - {{- with .Values.ndmOperator.podAnnotations }} - annotations: {{ toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "openebs-ndm.operator.labels" . | nindent 8 }} - {{- with .Values.ndmOperator.podLabels}} - {{ toYaml . | nindent 8 }} - {{- end}} - spec: - serviceAccountName: {{ template "openebs-ndm.serviceAccountName" . }} - containers: - - name: {{ template "openebs-ndm.operator.fullname" . }} - image: "{{ .Values.ndmOperator.image.registry }}{{ .Values.ndmOperator.image.repository }}:{{ .Values.ndmOperator.image.tag }}" - imagePullPolicy: {{ .Values.ndmOperator.image.pullPolicy }} - resources: -{{ toYaml .Values.ndmOperator.resources | indent 12 }} - livenessProbe: - httpGet: - path: /healthz - port: 8585 - initialDelaySeconds: {{ .Values.ndmOperator.healthCheck.initialDelaySeconds }} - periodSeconds: {{ .Values.ndmOperator.healthCheck.periodSeconds }} - readinessProbe: - httpGet: - path: /readyz - port: 8585 - initialDelaySeconds: {{ .Values.ndmOperator.readinessCheck.initialDelaySeconds }} - periodSeconds: {{ .Values.ndmOperator.readinessCheck.periodSeconds }} - env: - - name: WATCH_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: OPERATOR_NAME - value: "node-disk-operator" - - name: CLEANUP_JOB_IMAGE - value: "{{ .Values.helperPod.image.registry }}{{ .Values.helperPod.image.repository }}:{{ .Values.helperPod.image.tag }}" -{{- if .Values.imagePullSecrets }} - - name: OPENEBS_IO_IMAGE_PULL_SECRETS - value: "{{- range $index, $secret := .Values.imagePullSecrets}}{{if $index}},{{end}}{{ $secret.name }}{{- end}}" -{{- end }} -{{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 6 }} -{{- end }} -{{- if .Values.ndmOperator.nodeSelector }} - nodeSelector: -{{ toYaml .Values.ndmOperator.nodeSelector | indent 8 }} -{{- end }} -{{- if .Values.ndmOperator.securityContext }} - securityContext: -{{ toYaml .Values.ndmOperator.securityContext | indent 8 }} -{{- end }} -{{- if .Values.ndmOperator.tolerations }} - tolerations: -{{ toYaml .Values.ndmOperator.tolerations | indent 8 }} -{{- end }} -{{- end }} diff --git a/charts/openebs/openebs/2.11.0/charts/cstor/charts/openebs-ndm/templates/rbac.yaml b/charts/openebs/openebs/2.11.0/charts/cstor/charts/openebs-ndm/templates/rbac.yaml deleted file mode 100644 index 8e81c4922..000000000 --- a/charts/openebs/openebs/2.11.0/charts/cstor/charts/openebs-ndm/templates/rbac.yaml +++ /dev/null @@ -1,44 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "openebs-ndm.serviceAccountName" . }} -{{- end }} ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ include "openebs-ndm.fullname" . }} -rules: - - apiGroups: ["*"] - resources: ["nodes", "pods", "events", "configmaps", "jobs"] - verbs: - - '*' - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: - - '*' - - apiGroups: - - openebs.io - resources: - - blockdevices - - blockdeviceclaims - verbs: - - '*' ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ include "openebs-ndm.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ include "openebs-ndm.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - - kind: User - name: system:serviceaccount:default:default - apiGroup: rbac.authorization.k8s.io -roleRef: - kind: ClusterRole - name: {{ include "openebs-ndm.fullname" . }} - apiGroup: rbac.authorization.k8s.io ---- diff --git a/charts/openebs/openebs/2.11.0/charts/cstor/charts/openebs-ndm/values.yaml b/charts/openebs/openebs/2.11.0/charts/cstor/charts/openebs-ndm/values.yaml deleted file mode 100644 index 14928d497..000000000 --- a/charts/openebs/openebs/2.11.0/charts/cstor/charts/openebs-ndm/values.yaml +++ /dev/null @@ -1,121 +0,0 @@ -# Default values for ndm. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. -release: - version: "1.6.0" - -imagePullSecrets: -# - name: "image-pull-secret" - -ndm: - componentName: ndm - enabled: true - image: - # Make sure that registry name end with a '/'. - # For example : quay.io/ is a correct value here and quay.io is incorrect - registry: - repository: openebs/node-disk-manager - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: 1.6.0 - sparse: - path: "/var/openebs/sparse" - size: "10737418240" - count: "0" - updateStrategy: - type: RollingUpdate - annotations: {} - podAnnotations: {} - resources: {} - # limits: - # cpu: 10m - # memory: 32Mi - # requests: - # cpu: 10m - # memory: 32Mi - ## Labels to be added to ndm daemonset pods - podLabels: - name: openebs-ndm - nodeSelector: {} - tolerations: [] - securityContext: {} - filters: - enableOsDiskExcludeFilter: true - osDiskExcludePaths: "/,/etc/hosts,/boot" - enableVendorFilter: true - excludeVendors: "CLOUDBYT,OpenEBS" - enablePathFilter: true - includePaths: "" - excludePaths: "loop,fd0,sr0,/dev/ram,/dev/dm-,/dev/md,/dev/rbd,/dev/zd" - probes: - enableSeachest: false - enableUdevProbe: true - enableSmartProbe: true - healthCheck: - initialDelaySeconds: 30 - periodSeconds: 60 - -ndmOperator: - name: operator - enabled: true - image: - registry: - repository: openebs/node-disk-operator - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: 1.6.0 - podLabels: - name: openebs-ndm-operator - annotations: {} - podAnnotations: {} - nodeSelector: {} - resources: {} - securityContext: {} - tolerations: [] - healthCheck: - initialDelaySeconds: 15 - periodSeconds: 20 - readinessCheck: - initialDelaySeconds: 5 - periodSeconds: 10 - replicas: 1 - upgradeStrategy: Recreate - -helperPod: - image: - registry: "" - repository: openebs/linux-utils - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: 2.11.0 - -crd: - enableInstall: false - -featureGates: - enabled: true - GPTBasedUUID: - enabled: true - featureGateFlag: "GPTBasedUUID" - APIService: - enabled: false - featureGateFlag: "APIService" - address: "0.0.0.0:9115" - UseOSDisk: - enabled: false - featureGateFlag: "UseOSDisk" - MountChangeDetection: - enabled: false - featureGateFlag: "MountChangeDetection" - -# Directory used by the OpenEBS to store debug information and so forth -# that are generated in the course of running OpenEBS containers. -varDirectoryPath: - baseDir: "/var/openebs" - -serviceAccount: - # Specifies whether a service account should be created - create: true - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: openebs-ndm diff --git a/charts/openebs/openebs/2.11.0/charts/cstor/crds/cstorbackup.yaml b/charts/openebs/openebs/2.11.0/charts/cstor/crds/cstorbackup.yaml deleted file mode 100644 index 64e738422..000000000 --- a/charts/openebs/openebs/2.11.0/charts/cstor/crds/cstorbackup.yaml +++ /dev/null @@ -1,93 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.0 - creationTimestamp: null - name: cstorbackups.cstor.openebs.io -spec: - group: cstor.openebs.io - names: - kind: CStorBackup - listKind: CStorBackupList - plural: cstorbackups - shortNames: - - cbackup - singular: cstorbackup - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Name of the volume for which this backup is destined - jsonPath: .spec.volumeName - name: Volume - type: string - - description: Name of the backup or scheduled backup - jsonPath: .spec.backupName - name: Backup/Schedule - type: string - - description: Identifies the phase of the backup - jsonPath: .status - name: Status - type: string - name: v1 - schema: - openAPIV3Schema: - description: CStorBackup describes a cstor backup resource created as a custom - resource - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: CStorBackupSpec is the spec for a CStorBackup resource - properties: - backupDest: - description: BackupDest is the remote address for backup transfer - type: string - backupName: - description: BackupName is the name of the backup or scheduled backup - type: string - localSnap: - description: LocalSnap is the flag to enable local snapshot only - type: boolean - prevSnapName: - description: PrevSnapName is the last completed-backup's snapshot - name - type: string - snapName: - description: SnapName is the name of the current backup snapshot - type: string - volumeName: - description: VolumeName is the name of the volume for which this backup - is destined - type: string - required: - - backupName - - snapName - - volumeName - type: object - status: - description: CStorBackupStatus is a string type that represents the status - of the backup - type: string - required: - - spec - type: object - served: true - storage: true - subresources: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/openebs/openebs/2.11.0/charts/cstor/crds/cstorcompletedbackup.yaml b/charts/openebs/openebs/2.11.0/charts/cstor/crds/cstorcompletedbackup.yaml deleted file mode 100644 index dd48bfb29..000000000 --- a/charts/openebs/openebs/2.11.0/charts/cstor/crds/cstorcompletedbackup.yaml +++ /dev/null @@ -1,80 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.0 - creationTimestamp: null - name: cstorcompletedbackups.cstor.openebs.io -spec: - group: cstor.openebs.io - names: - kind: CStorCompletedBackup - listKind: CStorCompletedBackupList - plural: cstorcompletedbackups - shortNames: - - ccompletedbackup - singular: cstorcompletedbackup - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Volume name on which backup is performed - jsonPath: .spec.volumeName - name: Volume - type: string - - description: Name of the backup or scheduled backup - jsonPath: .spec.backupName - name: Backup/Schedule - type: string - - description: Last successfully backup snapshot - jsonPath: .spec.lastSnapName - name: LastSnap - type: string - name: v1 - schema: - openAPIV3Schema: - description: CStorCompletedBackup describes a cstor completed-backup resource - created as custom resource - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: CStorCompletedBackupSpec is the spec for a CStorBackup resource - properties: - backupName: - description: BackupName is the name of backup or scheduled backup - type: string - lastSnapName: - description: LastSnapName is the name of last completed-backup's snapshot - name - type: string - secondLastSnapName: - description: SecondLastSnapName is the name of second last 'successfully' - completed-backup's snapshot - type: string - volumeName: - description: VolumeName is the name of volume for which this backup - is destined - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/openebs/openebs/2.11.0/charts/cstor/crds/cstorpoolcluster.yaml b/charts/openebs/openebs/2.11.0/charts/cstor/crds/cstorpoolcluster.yaml deleted file mode 100644 index abce8a968..000000000 --- a/charts/openebs/openebs/2.11.0/charts/cstor/crds/cstorpoolcluster.yaml +++ /dev/null @@ -1,491 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.0 - creationTimestamp: null - name: cstorpoolclusters.cstor.openebs.io -spec: - group: cstor.openebs.io - names: - kind: CStorPoolCluster - listKind: CStorPoolClusterList - plural: cstorpoolclusters - shortNames: - - cspc - singular: cstorpoolcluster - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: The number of healthy cStorPoolInstances - jsonPath: .status.healthyInstances - name: HealthyInstances - type: integer - - description: The number of provisioned cStorPoolInstances - jsonPath: .status.provisionedInstances - name: ProvisionedInstances - type: integer - - description: The number of desired cStorPoolInstances - jsonPath: .status.desiredInstances - name: DesiredInstances - type: integer - - description: Age of CStorPoolCluster - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - description: CStorPoolCluster describes a CStorPoolCluster custom resource. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: CStorPoolClusterSpec is the spec for a CStorPoolClusterSpec - resource - properties: - auxResources: - description: AuxResources are the compute resources required by the - cstor-pool pod side car containers. - nullable: true - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - pools: - description: Pools is the spec for pools for various nodes where it - should be created. - items: - description: PoolSpec is the spec for pool on node where it should - be created. - properties: - dataRaidGroups: - description: DataRaidGroups is the raid group configuration - for the given pool. - items: - description: RaidGroup contains the details of a raid group - for the pool - properties: - blockDevices: - items: - description: CStorPoolInstanceBlockDevice contains the - details of block devices that constitutes a raid group. - properties: - blockDeviceName: - description: BlockDeviceName is the name of the - block device. - type: string - capacity: - description: Capacity is the capacity of the block - device. It is system generated - format: int64 - type: integer - devLink: - description: DevLink is the dev link for block devices - type: string - required: - - blockDeviceName - type: object - type: array - required: - - blockDevices - type: object - type: array - nodeSelector: - additionalProperties: - type: string - description: NodeSelector is the labels that will be used to - select a node for pool provisioning. Required field - type: object - poolConfig: - description: PoolConfig is the default pool config that applies - to the pool on node. - properties: - auxResources: - description: AuxResources are the compute resources required - by the cstor-pool pod side car containers. - nullable: true - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of - compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount - of compute resources required. If Requests is omitted - for a container, it defaults to Limits if that is - explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - compression: - description: 'Compression to enable compression Optional - -- defaults to off Possible values : lz, off' - type: string - dataRaidGroupType: - description: DataRaidGroupType is the raid type. - type: string - priorityClassName: - description: PriorityClassName if specified applies to this - pool pod If left empty, DefaultPriorityClassName is applied. - (See CStorPoolClusterSpec.DefaultPriorityClassName) If - both are empty, not priority class is applied. - nullable: true - type: string - resources: - description: Resources are the compute resources required - by the cstor-pool container. - nullable: true - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of - compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount - of compute resources required. If Requests is omitted - for a container, it defaults to Limits if that is - explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - roThresholdLimit: - description: 'ROThresholdLimit is threshold(percentage base) - limit for pool read only mode. If ROThresholdLimit(%) - amount of pool storage is reached then pool will set to - readonly. NOTE: 1. If ROThresholdLimit is set to 100 then - entire pool storage will be used by default it will - be set to 85%. 2. ROThresholdLimit value will be 0 <= - ROThresholdLimit <= 100.' - nullable: true - type: integer - thickProvision: - description: ThickProvision to enable thick provisioning - Optional -- defaults to false - type: boolean - tolerations: - description: Tolerations, if specified, the pool pod's tolerations. - items: - description: The pod this Toleration is attached to tolerates - any taint that matches the triple - using the matching operator . - properties: - effect: - description: Effect indicates the taint effect to - match. Empty means match all taint effects. When - specified, allowed values are NoSchedule, PreferNoSchedule - and NoExecute. - type: string - key: - description: Key is the taint key that the toleration - applies to. Empty means match all taint keys. If - the key is empty, operator must be Exists; this - combination means to match all values and all keys. - type: string - operator: - description: Operator represents a key's relationship - to the value. Valid operators are Exists and Equal. - Defaults to Equal. Exists is equivalent to wildcard - for value, so that a pod can tolerate all taints - of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period - of time the toleration (which must be of effect - NoExecute, otherwise this field is ignored) tolerates - the taint. By default, it is not set, which means - tolerate the taint forever (do not evict). Zero - and negative values will be treated as 0 (evict - immediately) by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration - matches to. If the operator is Exists, the value - should be empty, otherwise just a regular string. - type: string - type: object - nullable: true - type: array - writeCacheGroupType: - description: WriteCacheGroupType is the write cache raid - type. - type: string - required: - - dataRaidGroupType - type: object - writeCacheRaidGroups: - description: WriteCacheRaidGroups is the write cache raid group. - items: - description: RaidGroup contains the details of a raid group - for the pool - properties: - blockDevices: - items: - description: CStorPoolInstanceBlockDevice contains the - details of block devices that constitutes a raid group. - properties: - blockDeviceName: - description: BlockDeviceName is the name of the - block device. - type: string - capacity: - description: Capacity is the capacity of the block - device. It is system generated - format: int64 - type: integer - devLink: - description: DevLink is the dev link for block devices - type: string - required: - - blockDeviceName - type: object - type: array - required: - - blockDevices - type: object - nullable: true - type: array - required: - - dataRaidGroups - - nodeSelector - type: object - type: array - priorityClassName: - description: DefaultPriorityClassName if specified applies to all - the pool pods in the pool spec if the priorityClass at the pool - level is not specified. - type: string - resources: - description: DefaultResources are the compute resources required by - the cstor-pool container. If the resources at PoolConfig is not - specified, this is written to CSPI PoolConfig. - nullable: true - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - tolerations: - description: Tolerations, if specified, are the pool pod's tolerations - If tolerations at PoolConfig is empty, this is written to CSPI PoolConfig. - items: - description: The pod this Toleration is attached to tolerates any - taint that matches the triple using the matching - operator . - properties: - effect: - description: Effect indicates the taint effect to match. Empty - means match all taint effects. When specified, allowed values - are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match all - values and all keys. - type: string - operator: - description: Operator represents a key's relationship to the - value. Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod - can tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time - the toleration (which must be of effect NoExecute, otherwise - this field is ignored) tolerates the taint. By default, it - is not set, which means tolerate the taint forever (do not - evict). Zero and negative values will be treated as 0 (evict - immediately) by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. - type: string - type: object - nullable: true - type: array - type: object - status: - description: CStorPoolClusterStatus represents the latest available observations - of a CSPC's current state. - properties: - conditions: - description: Current state of CSPC. - items: - description: CStorPoolClusterCondition describes the state of a - CSPC at a certain point. - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - format: date-time - type: string - lastUpdateTime: - description: The last time this condition was updated. - format: date-time - type: string - message: - description: A human readable message indicating details about - the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of CSPC condition. - type: string - required: - - status - - type - type: object - nullable: true - type: array - desiredInstances: - description: DesiredInstances is the number of CSPI(s) that should - be provisioned. - format: int32 - nullable: true - type: integer - healthyInstances: - description: HealthyInstances is the number of CSPI(s) that are healthy. - format: int32 - nullable: true - type: integer - provisionedInstances: - description: ProvisionedInstances is the the number of CSPI present - at the current state. - format: int32 - nullable: true - type: integer - type: object - versionDetails: - description: VersionDetails provides the details for upgrade - properties: - autoUpgrade: - description: If AutoUpgrade is set to true then the resource is upgraded - automatically without any manual steps - type: boolean - desired: - description: Desired is the version that we want to upgrade or the - control plane version - type: string - status: - description: Status gives the status of reconciliation triggered when - the desired and current version are not same - properties: - current: - description: Current is the version of resource - type: string - dependentsUpgraded: - description: DependentsUpgraded gives the details whether all - children of a resource are upgraded to desired version or not - type: boolean - lastUpdateTime: - description: LastUpdateTime is the time the status was last updated - format: date-time - nullable: true - type: string - message: - description: Message is a human readable message if some error - occurs - type: string - reason: - description: Reason is the actual reason for the error state - type: string - state: - description: State is the state of reconciliation - type: string - type: object - type: object - required: - - spec - type: object - served: true - storage: true - subresources: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/openebs/openebs/2.11.0/charts/cstor/crds/cstorpoolinstance.yaml b/charts/openebs/openebs/2.11.0/charts/cstor/crds/cstorpoolinstance.yaml deleted file mode 100644 index 7766c6a01..000000000 --- a/charts/openebs/openebs/2.11.0/charts/cstor/crds/cstorpoolinstance.yaml +++ /dev/null @@ -1,455 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.0 - creationTimestamp: null - name: cstorpoolinstances.cstor.openebs.io -spec: - group: cstor.openebs.io - names: - kind: CStorPoolInstance - listKind: CStorPoolInstanceList - plural: cstorpoolinstances - shortNames: - - cspi - singular: cstorpoolinstance - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Host name where cstorpool instances scheduled - jsonPath: .spec.hostName - name: HostName - type: string - - description: The amount of storage space within the pool that has been physically - allocated - jsonPath: .status.capacity.used - name: Allocated - priority: 1 - type: string - - description: The amount of usable free space available in the pool - jsonPath: .status.capacity.free - name: Free - type: string - - description: Total amount of usable space in pool - jsonPath: .status.capacity.total - name: Capacity - type: string - - description: Identifies the pool read only mode - jsonPath: .status.readOnly - name: ReadOnly - type: boolean - - description: Represents no.of replicas present in the pool - jsonPath: .status.provisionedReplicas - name: ProvisionedReplicas - type: integer - - description: Represents no.of healthy replicas present in the pool - jsonPath: .status.healthyReplicas - name: HealthyReplicas - type: integer - - description: Represents the type of the storage pool - jsonPath: .spec.poolConfig.dataRaidGroupType - name: Type - priority: 1 - type: string - - description: Identifies the current health of the pool - jsonPath: .status.phase - name: Status - type: string - - description: Age of CStorPoolInstance - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - description: CStorPoolInstance describes a cstor pool instance resource. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec is the specification of the cstorpoolinstance resource. - properties: - dataRaidGroups: - description: DataRaidGroups is the raid group configuration for the - given pool. - items: - description: RaidGroup contains the details of a raid group for - the pool - properties: - blockDevices: - items: - description: CStorPoolInstanceBlockDevice contains the details - of block devices that constitutes a raid group. - properties: - blockDeviceName: - description: BlockDeviceName is the name of the block - device. - type: string - capacity: - description: Capacity is the capacity of the block device. - It is system generated - format: int64 - type: integer - devLink: - description: DevLink is the dev link for block devices - type: string - required: - - blockDeviceName - type: object - type: array - required: - - blockDevices - type: object - type: array - hostName: - description: HostName is the name of kubernetes node where the pool - should be created. - type: string - nodeSelector: - additionalProperties: - type: string - description: NodeSelector is the labels that will be used to select - a node for pool provisioning. Required field - type: object - poolConfig: - description: PoolConfig is the default pool config that applies to - the pool on node. - properties: - auxResources: - description: AuxResources are the compute resources required by - the cstor-pool pod side car containers. - nullable: true - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - compression: - description: 'Compression to enable compression Optional -- defaults - to off Possible values : lz, off' - type: string - dataRaidGroupType: - description: DataRaidGroupType is the raid type. - type: string - priorityClassName: - description: PriorityClassName if specified applies to this pool - pod If left empty, DefaultPriorityClassName is applied. (See - CStorPoolClusterSpec.DefaultPriorityClassName) If both are empty, - not priority class is applied. - nullable: true - type: string - resources: - description: Resources are the compute resources required by the - cstor-pool container. - nullable: true - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - roThresholdLimit: - description: 'ROThresholdLimit is threshold(percentage base) limit - for pool read only mode. If ROThresholdLimit(%) amount of pool - storage is reached then pool will set to readonly. NOTE: 1. - If ROThresholdLimit is set to 100 then entire pool storage - will be used by default it will be set to 85%. 2. ROThresholdLimit - value will be 0 <= ROThresholdLimit <= 100.' - nullable: true - type: integer - thickProvision: - description: ThickProvision to enable thick provisioning Optional - -- defaults to false - type: boolean - tolerations: - description: Tolerations, if specified, the pool pod's tolerations. - items: - description: The pod this Toleration is attached to tolerates - any taint that matches the triple using - the matching operator . - properties: - effect: - description: Effect indicates the taint effect to match. - Empty means match all taint effects. When specified, allowed - values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match - all values and all keys. - type: string - operator: - description: Operator represents a key's relationship to - the value. Valid operators are Exists and Equal. Defaults - to Equal. Exists is equivalent to wildcard for value, - so that a pod can tolerate all taints of a particular - category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of - time the toleration (which must be of effect NoExecute, - otherwise this field is ignored) tolerates the taint. - By default, it is not set, which means tolerate the taint - forever (do not evict). Zero and negative values will - be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. - type: string - type: object - nullable: true - type: array - writeCacheGroupType: - description: WriteCacheGroupType is the write cache raid type. - type: string - required: - - dataRaidGroupType - type: object - writeCacheRaidGroups: - description: WriteCacheRaidGroups is the write cache raid group. - items: - description: RaidGroup contains the details of a raid group for - the pool - properties: - blockDevices: - items: - description: CStorPoolInstanceBlockDevice contains the details - of block devices that constitutes a raid group. - properties: - blockDeviceName: - description: BlockDeviceName is the name of the block - device. - type: string - capacity: - description: Capacity is the capacity of the block device. - It is system generated - format: int64 - type: integer - devLink: - description: DevLink is the dev link for block devices - type: string - required: - - blockDeviceName - type: object - type: array - required: - - blockDevices - type: object - nullable: true - type: array - required: - - dataRaidGroups - - nodeSelector - type: object - status: - description: Status is the possible statuses of the cstorpoolinstance - resource. - properties: - capacity: - description: Capacity describes the capacity details of a cstor pool - properties: - free: - anyOf: - - type: integer - - type: string - description: Amount of usable space in the pool after excluding - metadata and raid parity - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - total: - anyOf: - - type: integer - - type: string - description: Sum of usable capacity in all the data raidgroups - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - used: - anyOf: - - type: integer - - type: string - description: Amount of physical data (and its metadata) written - to pool after applying compression, etc.., - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - zfs: - description: ZFSCapacityAttributes contains advanced information - about pool capacity details - properties: - logicalUsed: - anyOf: - - type: integer - - type: string - description: LogicalUsed is the amount of space that is "logically" - consumed by this pool and all its descendents. The logical - space ignores the effect of the compression and copies properties, - giving a quantity closer to the amount of data that applications - see. However, it does include space consumed by metadata. - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - required: - - logicalUsed - type: object - required: - - free - - total - - used - - zfs - type: object - conditions: - description: Current state of CSPI with details. - items: - description: CSPIConditionType describes the state of a CSPI at - a certain point. - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - format: date-time - type: string - lastUpdateTime: - description: The last time this condition was updated. - format: date-time - type: string - message: - description: A human readable message indicating details about - the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of CSPC condition. - type: string - required: - - status - - type - type: object - type: array - healthyReplicas: - description: HealthyReplicas describes the total count of healthy - Volume Replicas in the cstor pool - format: int32 - type: integer - phase: - description: ' The phase of a CStorPool is a simple, high-level summary - of the pool state on the node.' - type: string - provisionedReplicas: - description: ProvisionedReplicas describes the total count of Volume - Replicas present in the cstor pool - format: int32 - type: integer - readOnly: - description: ReadOnly if pool is readOnly or not - type: boolean - required: - - healthyReplicas - - provisionedReplicas - - readOnly - type: object - versionDetails: - description: VersionDetails is the openebs version. - properties: - autoUpgrade: - description: If AutoUpgrade is set to true then the resource is upgraded - automatically without any manual steps - type: boolean - desired: - description: Desired is the version that we want to upgrade or the - control plane version - type: string - status: - description: Status gives the status of reconciliation triggered when - the desired and current version are not same - properties: - current: - description: Current is the version of resource - type: string - dependentsUpgraded: - description: DependentsUpgraded gives the details whether all - children of a resource are upgraded to desired version or not - type: boolean - lastUpdateTime: - description: LastUpdateTime is the time the status was last updated - format: date-time - nullable: true - type: string - message: - description: Message is a human readable message if some error - occurs - type: string - reason: - description: Reason is the actual reason for the error state - type: string - state: - description: State is the state of reconciliation - type: string - type: object - type: object - required: - - spec - type: object - served: true - storage: true - subresources: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/openebs/openebs/2.11.0/charts/cstor/crds/cstorrestore.yaml b/charts/openebs/openebs/2.11.0/charts/cstor/crds/cstorrestore.yaml deleted file mode 100644 index d013407fc..000000000 --- a/charts/openebs/openebs/2.11.0/charts/cstor/crds/cstorrestore.yaml +++ /dev/null @@ -1,106 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.0 - creationTimestamp: null - name: cstorrestores.cstor.openebs.io -spec: - group: cstor.openebs.io - names: - kind: CStorRestore - listKind: CStorRestoreList - plural: cstorrestores - shortNames: - - crestore - singular: cstorrestore - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Name of the snapshot which is restored - jsonPath: .spec.restoreName - name: Backup - type: string - - description: Volume on which restore is performed - jsonPath: .spec.volumeName - name: Volume - type: string - - description: Identifies the state of the restore - jsonPath: .status - name: Status - type: string - name: v1 - schema: - openAPIV3Schema: - description: CStorRestore describes a cstor restore resource created as a - custom resource - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: CStorRestoreSpec is the spec for a CStorRestore resource - properties: - localRestore: - description: Local defines whether restore is from local/remote - type: boolean - maxretrycount: - description: MaxRestoreRetryCount is the maximum number of attempt, - will be performed to restore - type: integer - restoreName: - description: RestoreName holds restore name - type: string - restoreSrc: - description: RestoreSrc can be ip:port in case of restore from remote - or volumeName in case of local restore - type: string - retrycount: - description: RetryCount represents the number of restore attempts - performed for the restore - type: integer - size: - anyOf: - - type: integer - - type: string - description: Size represents the size of a snapshot to restore - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - storageClass: - description: StorageClass represents name of StorageClass of restore - volume - type: string - volumeName: - description: VolumeName is used to restore the data to corresponding - volume - type: string - required: - - restoreName - - restoreSrc - - volumeName - type: object - status: - description: CStorRestoreStatus is a string type that represents the status - of the restore - type: string - required: - - spec - type: object - served: true - storage: true - subresources: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/openebs/openebs/2.11.0/charts/cstor/crds/cstorvolume.yaml b/charts/openebs/openebs/2.11.0/charts/cstor/crds/cstorvolume.yaml deleted file mode 100644 index ac9dd22d2..000000000 --- a/charts/openebs/openebs/2.11.0/charts/cstor/crds/cstorvolume.yaml +++ /dev/null @@ -1,271 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.0 - creationTimestamp: null - name: cstorvolumes.cstor.openebs.io -spec: - group: cstor.openebs.io - names: - kind: CStorVolume - listKind: CStorVolumeList - plural: cstorvolumes - shortNames: - - cv - singular: cstorvolume - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Current volume capacity - jsonPath: .status.capacity - name: Capacity - type: string - - description: Identifies the current health of the volume - jsonPath: .status.phase - name: Status - type: string - - description: Age of CStorVolume - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - description: CStorVolume describes a cstor volume resource created as custom - resource - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: CStorVolumeSpec is the spec for a CStorVolume resource - properties: - capacity: - anyOf: - - type: integer - - type: string - description: Capacity represents the desired size of the underlying - volume. - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - consistencyFactor: - description: ConsistencyFactor is minimum number of volume replicas - i.e. `RF/2 + 1` has to be connected to the target for write operations. - Basically more then 50% of replica has to be connected to target. - type: integer - desiredReplicationFactor: - description: DesiredReplicationFactor represents maximum number of - replicas that are allowed to connect to the target. Required for - scale operations - type: integer - iqn: - description: Target iSCSI Qualified Name.combination of nodeBase - type: string - replicaDetails: - description: ReplicaDetails refers to the trusty replica information - properties: - knownReplicas: - additionalProperties: - type: string - description: KnownReplicas represents the replicas that target - can trust to read data - type: object - type: object - replicationFactor: - description: ReplicationFactor represents number of volume replica - created during volume provisioning connect to the target - type: integer - targetIP: - description: TargetIP IP of the iSCSI target service - type: string - targetPort: - description: iSCSI Target Port typically TCP ports 3260 - type: string - targetPortal: - description: iSCSI Target Portal. The Portal is combination of IP:port - (typically TCP ports 3260) - type: string - type: object - status: - description: CStorVolumeStatus is for handling status of cvr. - properties: - capacity: - anyOf: - - type: integer - - type: string - description: Represents the actual capacity of the underlying volume. - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - conditions: - description: Current Condition of cstorvolume. If underlying persistent - volume is being resized then the Condition will be set to 'ResizePending'. - items: - description: CStorVolumeCondition contains details about state of - cstorvolume - properties: - lastProbeTime: - description: Last time we probed the condition. - format: date-time - type: string - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - format: date-time - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, this should be a short, machine understandable - string that gives the reason for condition's last transition. - If it reports "ResizePending" that means the underlying cstorvolume - is being resized. - type: string - status: - description: ConditionStatus states in which state condition - is present - type: string - type: - description: CStorVolumeConditionType is a valid value of CStorVolumeCondition.Type - type: string - required: - - status - - type - type: object - type: array - lastTransitionTime: - description: LastTransitionTime refers to the time when the phase - changes - format: date-time - nullable: true - type: string - lastUpdateTime: - description: LastUpdateTime refers to the time when last status updated - due to any operations - format: date-time - nullable: true - type: string - message: - description: A human-readable message indicating details about why - the volume is in this state. - type: string - phase: - description: CStorVolumePhase is to hold result of action. - type: string - replicaDetails: - description: ReplicaDetails refers to the trusty replica information - properties: - knownReplicas: - additionalProperties: - type: string - description: KnownReplicas represents the replicas that target - can trust to read data - type: object - type: object - replicaStatuses: - items: - description: ReplicaStatus stores the status of replicas - properties: - checkpointedIOSeq: - description: Represents IO number of replica persisted on the - disk - type: string - inflightRead: - description: Ongoing reads I/O from target to replica - type: string - inflightSync: - description: Ongoing sync I/O from target to replica - type: string - inflightWrite: - description: ongoing writes I/O from target to replica - type: string - mode: - description: Mode represents replica status i.e. Healthy, Degraded - type: string - quorum: - description: 'Quorum indicates whether data wrtitten to the - replica is lost or exists. "0" means: data has been lost( - might be ephimeral case) and will recostruct data from other - Healthy replicas in a write-only mode 1 means: written data - is exists on replica' - type: string - replicaId: - description: ID is replica unique identifier - type: string - upTime: - description: time since the replica connected to target - type: integer - required: - - checkpointedIOSeq - - inflightRead - - inflightSync - - inflightWrite - - mode - - quorum - - replicaId - - upTime - type: object - type: array - type: object - versionDetails: - description: VersionDetails provides the details for upgrade - properties: - autoUpgrade: - description: If AutoUpgrade is set to true then the resource is upgraded - automatically without any manual steps - type: boolean - desired: - description: Desired is the version that we want to upgrade or the - control plane version - type: string - status: - description: Status gives the status of reconciliation triggered when - the desired and current version are not same - properties: - current: - description: Current is the version of resource - type: string - dependentsUpgraded: - description: DependentsUpgraded gives the details whether all - children of a resource are upgraded to desired version or not - type: boolean - lastUpdateTime: - description: LastUpdateTime is the time the status was last updated - format: date-time - nullable: true - type: string - message: - description: Message is a human readable message if some error - occurs - type: string - reason: - description: Reason is the actual reason for the error state - type: string - state: - description: State is the state of reconciliation - type: string - type: object - type: object - required: - - spec - type: object - served: true - storage: true - subresources: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/openebs/openebs/2.11.0/charts/cstor/crds/cstorvolumeattachment.yaml b/charts/openebs/openebs/2.11.0/charts/cstor/crds/cstorvolumeattachment.yaml deleted file mode 100644 index bfa61a58a..000000000 --- a/charts/openebs/openebs/2.11.0/charts/cstor/crds/cstorvolumeattachment.yaml +++ /dev/null @@ -1,130 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.0 - creationTimestamp: null - name: cstorvolumeattachments.cstor.openebs.io -spec: - group: cstor.openebs.io - names: - kind: CStorVolumeAttachment - listKind: CStorVolumeAttachmentList - plural: cstorvolumeattachments - shortNames: - - cva - singular: cstorvolumeattachment - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - description: CStorVolumeAttachment represents a CSI based volume - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: CStorVolumeAttachmentSpec is the spec for a CStorVolume resource - properties: - iscsi: - description: ISCSIInfo specific to ISCSI protocol, this is filled - only if the volume type is iSCSI - properties: - iqn: - description: Iqn of this volume - type: string - iscsiInterface: - description: IscsiInterface of this volume - type: string - lun: - description: 'Lun specify the lun number 0, 1.. on iSCSI Volume. - (default: 0)' - type: string - targetPortal: - description: TargetPortal holds the target portal of this volume - type: string - type: object - volume: - description: Volume specific info - properties: - accessModes: - description: AccessMode of a volume will hold the access mode - of the volume - items: - type: string - type: array - accessType: - description: AccessType of a volume will indicate if the volume - will be used as a block device or mounted on a path - type: string - capacity: - description: Capacity of the volume - type: string - devicePath: - description: Device Path specifies the device path which is returned - when the iSCSI login is successful - type: string - fsType: - description: FSType of a volume will specify the format type - - ext4(default), xfs of PV - type: string - mountOptions: - description: MountOptions specifies the options with which mount - needs to be attempted - items: - type: string - type: array - name: - description: Name of the CSI volume - type: string - ownerNodeID: - description: OwnerNodeID is the Node ID which is also the owner - of this Volume - type: string - readOnly: - description: ReadOnly specifies if the volume needs to be mounted - in ReadOnly mode - type: boolean - stagingTargetPath: - description: StagingPath of the volume will hold the path on which - the volume is mounted on that node - type: string - targetPath: - description: TargetPath of the volume will hold the path on which - the volume is bind mounted on that node - type: string - required: - - name - - ownerNodeID - type: object - required: - - iscsi - - volume - type: object - status: - description: CStorVolumeAttachmentStatus status represents the current - mount status of the volume - type: string - required: - - spec - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- \ No newline at end of file diff --git a/charts/openebs/openebs/2.11.0/charts/cstor/crds/cstorvolumeconfig.yaml b/charts/openebs/openebs/2.11.0/charts/cstor/crds/cstorvolumeconfig.yaml deleted file mode 100644 index d4dfcc33b..000000000 --- a/charts/openebs/openebs/2.11.0/charts/cstor/crds/cstorvolumeconfig.yaml +++ /dev/null @@ -1,639 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.0 - creationTimestamp: null - name: cstorvolumeconfigs.cstor.openebs.io -spec: - group: cstor.openebs.io - names: - kind: CStorVolumeConfig - listKind: CStorVolumeConfigList - plural: cstorvolumeconfigs - shortNames: - - cvc - singular: cstorvolumeconfig - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Identifies the volume capacity - jsonPath: .status.capacity.storage - name: Capacity - type: string - - description: Identifies the volume provisioning status - jsonPath: .status.phase - name: Status - type: string - - description: Age of CStorVolumeReplica - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - description: CStorVolumeConfig describes a cstor volume config resource created - as custom resource. CStorVolumeConfig is a request for creating cstor volume - related resources like deployment, svc etc. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - publish: - description: Publish contains info related to attachment of a volume to - a node. i.e. NodeId etc. - properties: - nodeId: - description: NodeID contains publish info related to attachment of - a volume to a node. - type: string - type: object - spec: - description: Spec defines a specification of a cstor volume config required - to provisione cstor volume resources - properties: - capacity: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: Capacity represents the actual resources of the underlying - cstor volume. - type: object - cstorVolumeRef: - description: CStorVolumeRef has the information about where CstorVolumeClaim - is created from. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - type: object - cstorVolumeSource: - description: CStorVolumeSource contains the source volumeName@snapShotname - combaination. This will be filled only if it is a clone creation. - type: string - policy: - description: Policy contains volume specific required policies target - and replicas - properties: - provision: - description: replicaAffinity is set to true then volume replica - resources need to be distributed across the pool instances - properties: - blockSize: - description: BlockSize is the logical block size in multiple - of 512 bytes BlockSize specifies the block size of the volume. - The blocksize cannot be changed once the volume has been - written, so it should be set at volume creation time. The - default blocksize for volumes is 4 Kbytes. Any power of - 2 from 512 bytes to 128 Kbytes is valid. - format: int32 - type: integer - replicaAffinity: - description: replicaAffinity is set to true then volume replica - resources need to be distributed across the cstor pool instances - based on the given topology - type: boolean - required: - - replicaAffinity - type: object - replica: - description: ReplicaSpec represents configuration related to replicas - resources - properties: - compression: - description: The zle compression algorithm compresses runs - of zeros. - type: string - zvolWorkers: - description: IOWorkers represents number of threads that executes - client IOs - type: string - type: object - replicaPoolInfo: - description: 'ReplicaPoolInfo holds the pool information of volume - replicas. Ex: If volume is provisioned on which CStor pool volume - replicas exist' - items: - description: ReplicaPoolInfo represents the pool information - of volume replica - properties: - poolName: - description: PoolName represents the pool name where volume - replica exists - type: string - required: - - poolName - type: object - type: array - target: - description: TargetSpec represents configuration related to cstor - target and its resources - properties: - affinity: - description: PodAffinity if specified, are the target pod's - affinities - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating - through the elements of this field and adding "weight" - to the sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum are - the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the - pods matching the labelSelector in the specified - namespaces, where co-located is defined as - running on a node whose value of the label - with key topologyKey matches that of any node - on which any of the selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the - corresponding podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by - this field are not met at scheduling time, the pod will - not be scheduled onto the node. If the affinity requirements - specified by this field cease to be met at some point - during pod execution (e.g. due to a pod label update), - the system may or may not try to eventually evict the - pod from its node. When there are multiple elements, - the lists of nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the - label with key matches that of any node - on which a pod of the set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - auxResources: - description: AuxResources are the compute resources required - by the cstor-target pod side car containers. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of - compute resources required. If Requests is omitted for - a container, it defaults to Limits if that is explicitly - specified, otherwise to an implementation-defined value. - More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - luWorkers: - description: IOWorkers sets the number of threads that are - working on above queue - format: int64 - type: integer - monitor: - description: Monitor enables or disables the target exporter - sidecar - type: boolean - nodeSelector: - additionalProperties: - type: string - description: NodeSelector is the labels that will be used - to select a node for target pod scheduleing Required field - type: object - priorityClassName: - description: PriorityClassName if specified applies to this - target pod If left empty, no priority class is applied. - type: string - queueDepth: - description: QueueDepth sets the queue size at iSCSI target - which limits the ongoing IO count from client - type: string - replicationFactor: - description: ReplicationFactor represents maximum number of - replicas that are allowed to connect to the target - format: int64 - type: integer - resources: - description: Resources are the compute resources required - by the cstor-target container. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of - compute resources required. If Requests is omitted for - a container, it defaults to Limits if that is explicitly - specified, otherwise to an implementation-defined value. - More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - tolerations: - description: Tolerations, if specified, are the target pod's - tolerations - items: - description: The pod this Toleration is attached to tolerates - any taint that matches the triple using - the matching operator . - properties: - effect: - description: Effect indicates the taint effect to match. - Empty means match all taint effects. When specified, - allowed values are NoSchedule, PreferNoSchedule and - NoExecute. - type: string - key: - description: Key is the taint key that the toleration - applies to. Empty means match all taint keys. If the - key is empty, operator must be Exists; this combination - means to match all values and all keys. - type: string - operator: - description: Operator represents a key's relationship - to the value. Valid operators are Exists and Equal. - Defaults to Equal. Exists is equivalent to wildcard - for value, so that a pod can tolerate all taints of - a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period - of time the toleration (which must be of effect NoExecute, - otherwise this field is ignored) tolerates the taint. - By default, it is not set, which means tolerate the - taint forever (do not evict). Zero and negative values - will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration - matches to. If the operator is Exists, the value should - be empty, otherwise just a regular string. - type: string - type: object - type: array - type: object - type: object - provision: - description: Provision represents the initial volume configuration - for the underlying cstor volume based on the persistent volume request - by user. Provision properties are immutable - properties: - capacity: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: Capacity represents initial capacity of volume replica - required during volume clone operations to maintain some metadata - info related to child resources like snapshot, cloned volumes. - type: object - replicaCount: - description: ReplicaCount represents initial cstor volume replica - count, its will not be updated later on based on scale up/down - operations, only readonly operations and validations. - type: integer - required: - - capacity - - replicaCount - type: object - required: - - capacity - - policy - - provision - type: object - status: - description: Status represents the current information/status for the - cstor volume config, populated by the controller. - properties: - capacity: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: Capacity the actual resources of the underlying volume. - type: object - condition: - items: - description: CStorVolumeConfigCondition contains details about state - of cstor volume - properties: - lastProbeTime: - description: Last time we probed the condition. - format: date-time - type: string - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - format: date-time - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Reason is a brief CamelCase string that describes - any failure - type: string - type: - description: Current Condition of cstor volume config. If underlying - persistent volume is being resized then the Condition will - be set to 'ResizeStarted' etc - type: string - required: - - message - - reason - - type - type: object - type: array - phase: - description: Phase represents the current phase of CStorVolumeConfig. - type: string - poolInfo: - description: PoolInfo represents current pool names where volume replicas - exists - items: - type: string - type: array - type: object - versionDetails: - description: VersionDetails provides the details for upgrade - properties: - autoUpgrade: - description: If AutoUpgrade is set to true then the resource is upgraded - automatically without any manual steps - type: boolean - desired: - description: Desired is the version that we want to upgrade or the - control plane version - type: string - status: - description: Status gives the status of reconciliation triggered when - the desired and current version are not same - properties: - current: - description: Current is the version of resource - type: string - dependentsUpgraded: - description: DependentsUpgraded gives the details whether all - children of a resource are upgraded to desired version or not - type: boolean - lastUpdateTime: - description: LastUpdateTime is the time the status was last updated - format: date-time - nullable: true - type: string - message: - description: Message is a human readable message if some error - occurs - type: string - reason: - description: Reason is the actual reason for the error state - type: string - state: - description: State is the state of reconciliation - type: string - type: object - type: object - required: - - spec - - status - - versionDetails - type: object - served: true - storage: true - subresources: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/openebs/openebs/2.11.0/charts/cstor/crds/cstorvolumepolicy.yaml b/charts/openebs/openebs/2.11.0/charts/cstor/crds/cstorvolumepolicy.yaml deleted file mode 100644 index cd0b942c5..000000000 --- a/charts/openebs/openebs/2.11.0/charts/cstor/crds/cstorvolumepolicy.yaml +++ /dev/null @@ -1,425 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.0 - creationTimestamp: null - name: cstorvolumepolicies.cstor.openebs.io -spec: - group: cstor.openebs.io - names: - kind: CStorVolumePolicy - listKind: CStorVolumePolicyList - plural: cstorvolumepolicies - shortNames: - - cvp - singular: cstorvolumepolicy - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - description: CStorVolumePolicy describes a configuration required for cstor - volume resources - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec defines a configuration info of a cstor volume required - to provisione cstor volume resources - properties: - provision: - description: replicaAffinity is set to true then volume replica resources - need to be distributed across the pool instances - properties: - blockSize: - description: BlockSize is the logical block size in multiple of - 512 bytes BlockSize specifies the block size of the volume. - The blocksize cannot be changed once the volume has been written, - so it should be set at volume creation time. The default blocksize - for volumes is 4 Kbytes. Any power of 2 from 512 bytes to 128 - Kbytes is valid. - format: int32 - type: integer - replicaAffinity: - description: replicaAffinity is set to true then volume replica - resources need to be distributed across the cstor pool instances - based on the given topology - type: boolean - required: - - replicaAffinity - type: object - replica: - description: ReplicaSpec represents configuration related to replicas - resources - properties: - compression: - description: The zle compression algorithm compresses runs of - zeros. - type: string - zvolWorkers: - description: IOWorkers represents number of threads that executes - client IOs - type: string - type: object - replicaPoolInfo: - description: 'ReplicaPoolInfo holds the pool information of volume - replicas. Ex: If volume is provisioned on which CStor pool volume - replicas exist' - items: - description: ReplicaPoolInfo represents the pool information of - volume replica - properties: - poolName: - description: PoolName represents the pool name where volume - replica exists - type: string - required: - - poolName - type: object - type: array - target: - description: TargetSpec represents configuration related to cstor - target and its resources - properties: - affinity: - description: PodAffinity if specified, are the target pod's affinities - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to - nodes that satisfy the affinity expressions specified by - this field, but it may choose a node that violates one or - more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node has - pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to a pod label update), the system may or may - not try to eventually evict the pod from its node. When - there are multiple elements, the lists of nodes corresponding - to each podAffinityTerm are intersected, i.e. all terms - must be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of - pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces the - labelSelector applies to (matches against); null or - empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of - any node on which any of the selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - auxResources: - description: AuxResources are the compute resources required by - the cstor-target pod side car containers. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - luWorkers: - description: IOWorkers sets the number of threads that are working - on above queue - format: int64 - type: integer - monitor: - description: Monitor enables or disables the target exporter sidecar - type: boolean - nodeSelector: - additionalProperties: - type: string - description: NodeSelector is the labels that will be used to select - a node for target pod scheduleing Required field - type: object - priorityClassName: - description: PriorityClassName if specified applies to this target - pod If left empty, no priority class is applied. - type: string - queueDepth: - description: QueueDepth sets the queue size at iSCSI target which - limits the ongoing IO count from client - type: string - replicationFactor: - description: ReplicationFactor represents maximum number of replicas - that are allowed to connect to the target - format: int64 - type: integer - resources: - description: Resources are the compute resources required by the - cstor-target container. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - tolerations: - description: Tolerations, if specified, are the target pod's tolerations - items: - description: The pod this Toleration is attached to tolerates - any taint that matches the triple using - the matching operator . - properties: - effect: - description: Effect indicates the taint effect to match. - Empty means match all taint effects. When specified, allowed - values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match - all values and all keys. - type: string - operator: - description: Operator represents a key's relationship to - the value. Valid operators are Exists and Equal. Defaults - to Equal. Exists is equivalent to wildcard for value, - so that a pod can tolerate all taints of a particular - category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of - time the toleration (which must be of effect NoExecute, - otherwise this field is ignored) tolerates the taint. - By default, it is not set, which means tolerate the taint - forever (do not evict). Zero and negative values will - be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. - type: string - type: object - type: array - type: object - type: object - status: - description: CStorVolumePolicyStatus is for handling status of CstorVolumePolicy - properties: - phase: - type: string - type: object - required: - - spec - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/openebs/openebs/2.11.0/charts/cstor/crds/cstorvolumereplica.yaml b/charts/openebs/openebs/2.11.0/charts/cstor/crds/cstorvolumereplica.yaml deleted file mode 100644 index ff60226d2..000000000 --- a/charts/openebs/openebs/2.11.0/charts/cstor/crds/cstorvolumereplica.yaml +++ /dev/null @@ -1,216 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.0 - creationTimestamp: null - name: cstorvolumereplicas.cstor.openebs.io -spec: - group: cstor.openebs.io - names: - kind: CStorVolumeReplica - listKind: CStorVolumeReplicaList - plural: cstorvolumereplicas - shortNames: - - cvr - singular: cstorvolumereplica - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: The amount of disk space consumed by a dataset and all its descendents - jsonPath: .status.capacity.total - name: Allocated - type: string - - description: The amount of space that is logically consumed by this dataset - jsonPath: .status.capacity.used - name: Used - type: string - - description: Identifies the current state of the replicas - jsonPath: .status.phase - name: Status - type: string - - description: Age of CStorVolumeReplica - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - description: CStorVolumeReplica describes a cstor volume resource created - as custom resource - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: CStorVolumeReplicaSpec is the spec for a CStorVolumeReplica - resource - properties: - blockSize: - description: BlockSize is the logical block size in multiple of 512 - bytes BlockSize specifies the block size of the volume. The blocksize - cannot be changed once the volume has been written, so it should - be set at volume creation time. The default blocksize for volumes - is 4 Kbytes. Any power of 2 from 512 bytes to 128 Kbytes is valid. - format: int32 - type: integer - capacity: - description: Represents the actual capacity of the underlying volume - type: string - compression: - description: 'Controls the compression algorithm used for this volumes - examples: on|off|gzip|gzip-N|lz4|lzjb|zle' - type: string - replicaid: - description: ReplicaID is unique number to identify the replica - type: string - targetIP: - description: TargetIP represents iscsi target IP through which replica - cummunicates IO workloads and other volume operations like snapshot - and resize requests - type: string - zvolWorkers: - description: ZvolWorkers represents number of threads that executes - client IOs - type: string - type: object - status: - description: CStorVolumeReplicaStatus is for handling status of cvr. - properties: - capacity: - description: CStorVolumeCapacityDetails represents capacity info of - replica - properties: - total: - description: The amount of space consumed by this volume replica - and all its descendents - type: string - used: - description: The amount of space that is "logically" accessible - by this dataset. The logical space ignores the effect of the - compression and copies properties, giving a quantity closer - to the amount of data that applications see. However, it does - include space consumed by metadata - type: string - required: - - total - - used - type: object - lastTransitionTime: - description: LastTransitionTime refers to the time when the phase - changes - format: date-time - nullable: true - type: string - lastUpdateTime: - description: The last updated time - format: date-time - nullable: true - type: string - message: - description: A human readable message indicating details about the - transition. - type: string - pendingSnapshots: - additionalProperties: - description: CStorSnapshotInfo represents the snapshot information - related to particular snapshot - properties: - logicalReferenced: - description: LogicalReferenced describes the amount of space - that is "logically" accessible by this snapshot. This logical - space ignores the effect of the compression and copies properties, - giving a quantity closer to the amount of data that application - see. It also includes space consumed by metadata. - format: int64 - type: integer - required: - - logicalReferenced - type: object - description: PendingSnapshots contains list of pending snapshots that - are not yet available on this replica - type: object - phase: - description: CStorVolumeReplicaPhase is to holds different phases - of replica - type: string - snapshots: - additionalProperties: - description: CStorSnapshotInfo represents the snapshot information - related to particular snapshot - properties: - logicalReferenced: - description: LogicalReferenced describes the amount of space - that is "logically" accessible by this snapshot. This logical - space ignores the effect of the compression and copies properties, - giving a quantity closer to the amount of data that application - see. It also includes space consumed by metadata. - format: int64 - type: integer - required: - - logicalReferenced - type: object - description: Snapshots contains list of snapshots, and their properties, - created on CVR - type: object - type: object - versionDetails: - description: VersionDetails provides the details for upgrade - properties: - autoUpgrade: - description: If AutoUpgrade is set to true then the resource is upgraded - automatically without any manual steps - type: boolean - desired: - description: Desired is the version that we want to upgrade or the - control plane version - type: string - status: - description: Status gives the status of reconciliation triggered when - the desired and current version are not same - properties: - current: - description: Current is the version of resource - type: string - dependentsUpgraded: - description: DependentsUpgraded gives the details whether all - children of a resource are upgraded to desired version or not - type: boolean - lastUpdateTime: - description: LastUpdateTime is the time the status was last updated - format: date-time - nullable: true - type: string - message: - description: Message is a human readable message if some error - occurs - type: string - reason: - description: Reason is the actual reason for the error state - type: string - state: - description: State is the state of reconciliation - type: string - type: object - type: object - required: - - spec - type: object - served: true - storage: true - subresources: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/openebs/openebs/2.11.0/charts/cstor/crds/migrationtask.yaml b/charts/openebs/openebs/2.11.0/charts/cstor/crds/migrationtask.yaml deleted file mode 100644 index 4dd2e5432..000000000 --- a/charts/openebs/openebs/2.11.0/charts/cstor/crds/migrationtask.yaml +++ /dev/null @@ -1,128 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.0 - creationTimestamp: null - name: migrationtasks.openebs.io -spec: - group: openebs.io - names: - kind: MigrationTask - listKind: MigrationTaskList - plural: migrationtasks - shortNames: - - mtask - singular: migrationtask - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: MigrationTask represents an migration task - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec i.e. specifications of the MigrationTask - properties: - cstorPool: - description: MigrateCStorPool contains the details of the cstor pool - to be migrated - properties: - rename: - description: If a CSPC with the same name as SPC already exists - then we can rename SPC during migration using Rename - type: string - spcName: - description: SPCName contains the name of the storage pool claim - to be migrated - type: string - type: object - cstorVolume: - description: MigrateCStorVolume contains the details of the cstor - volume to be migrated - properties: - pvName: - description: PVName contains the name of the pv associated with - the cstor volume to be migrated - type: string - type: object - type: object - status: - description: Status of MigrationTask - properties: - completedTime: - description: CompletedTime of Migrate - format: date-time - nullable: true - type: string - migrationDetailedStatuses: - description: MigrationDetailedStatuses contains the list of statuses - of each step - items: - description: MigrationDetailedStatuses represents the latest available - observations of a MigrationTask current state. - properties: - lastUpdatedAt: - description: LastUpdatedTime of a MigrateStep - format: date-time - nullable: true - type: string - message: - description: A human-readable message indicating details about - why the migrationStep is in this state - type: string - phase: - description: Phase indicates if the MigrateStep is waiting, - errored or completed. - type: string - reason: - description: Reason is a brief CamelCase string that describes - any failure and is meant for machine parsing and tidy display - in the CLI - type: string - startTime: - description: StartTime of a MigrateStep - format: date-time - nullable: true - type: string - step: - type: string - type: object - type: array - phase: - description: Phase indicates if a migrationTask is started, success - or errored - type: string - retries: - description: Retries is the number of times the job attempted to migration - the resource - type: integer - startTime: - description: StartTime of Migrate - format: date-time - nullable: true - type: string - type: object - required: - - spec - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/openebs/openebs/2.11.0/charts/cstor/crds/upgradetask.yaml b/charts/openebs/openebs/2.11.0/charts/cstor/crds/upgradetask.yaml deleted file mode 100644 index ab35065be..000000000 --- a/charts/openebs/openebs/2.11.0/charts/cstor/crds/upgradetask.yaml +++ /dev/null @@ -1,257 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.0 - creationTimestamp: null - name: upgradetasks.openebs.io -spec: - group: openebs.io - names: - kind: UpgradeTask - listKind: UpgradeTaskList - plural: upgradetasks - singular: upgradetask - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: UpgradeTask represents an upgrade task - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec i.e. specifications of the UpgradeTask - properties: - cstorPool: - description: CStorPool contains the details of the cstor pool to be - upgraded - properties: - options: - description: Options can be used to change the default behaviour - of upgrade - properties: - ignoreStepsOnError: - description: IgnoreStepsOnError allows to ignore steps which - failed - items: - type: string - type: array - type: object - poolName: - description: PoolName contains the name of the cstor pool to be - upgraded - type: string - type: object - cstorPoolCluster: - description: CStorPoolCluster contains the details of the storage - pool claim to be upgraded - properties: - cspcName: - description: CSPCName contains the name of the storage pool claim - to be upgraded - type: string - options: - description: Options can be used to change the default behaviour - of upgrade - properties: - ignoreStepsOnError: - description: IgnoreStepsOnError allows to ignore steps which - failed - items: - type: string - type: array - type: object - type: object - cstorPoolInstance: - description: CStorPoolInstance contains the details of the cstor pool - to be upgraded - properties: - cspiName: - description: CSPCName contains the name of the storage pool claim - to be upgraded - type: string - options: - description: Options can be used to change the default behaviour - of upgrade - properties: - ignoreStepsOnError: - description: IgnoreStepsOnError allows to ignore steps which - failed - items: - type: string - type: array - type: object - type: object - cstorVolume: - description: CStorVolume contains the details of the cstor volume - to be upgraded - properties: - options: - description: Options can be used to change the default behaviour - of upgrade - properties: - ignoreStepsOnError: - description: IgnoreStepsOnError allows to ignore steps which - failed - items: - type: string - type: array - type: object - pvName: - description: PVName contains the name of the pv associated with - the cstor volume - type: string - type: object - fromVersion: - description: FromVersion is the current version of the resource. - type: string - imagePrefix: - description: ImagePrefix contains the url prefix of the image url. - This field is optional. If not present upgrade takes the previously - present ImagePrefix. - type: string - imageTag: - description: ImageTag contains the customized tag for ToVersion if - any. This field is optional. If not present upgrade takes the ToVersion - as the ImageTag - type: string - jivaVolume: - description: JivaVolume contains the details of the jiva volume to - be upgraded - properties: - options: - description: Options can be used to change the default behaviour - of upgrade - properties: - ignoreStepsOnError: - description: IgnoreStepsOnError allows to ignore steps which - failed - items: - type: string - type: array - type: object - pvName: - description: PVName contains the name of the pv associated with - the jiva volume - type: string - type: object - options: - description: Options contains the optional flags that can be passed - during upgrade. - properties: - timeout: - description: Timeout is maximum seconds to wait at any given step - in the upgrade - type: integer - type: object - storagePoolClaim: - description: StoragePoolClaim contains the details of the storage - pool claim to be upgraded - properties: - options: - description: Options can be used to change the default behaviour - of upgrade - properties: - ignoreStepsOnError: - description: IgnoreStepsOnError allows to ignore steps which - failed - items: - type: string - type: array - type: object - spcName: - description: SPCName contains the name of the storage pool claim - to be upgraded - type: string - type: object - toVersion: - description: ToVersion is the upgraded version of the resource. It - should be same as the version of control plane components version. - type: string - required: - - fromVersion - - toVersion - type: object - status: - description: Status of UpgradeTask - properties: - completedTime: - description: CompletedTime of Upgrade - format: date-time - nullable: true - type: string - phase: - description: Phase indicates if a upgradeTask is started, success - or errored - type: string - retries: - description: Retries is the number of times the job attempted to upgrade - the resource - type: integer - startTime: - description: StartTime of Upgrade - format: date-time - nullable: true - type: string - upgradeDetailedStatuses: - description: UpgradeDetailedStatuses contains the list of statuses - of each step - items: - description: UpgradeDetailedStatuses represents the latest available - observations of a UpgradeTask current state. - properties: - lastUpdatedAt: - description: LastUpdatedTime of a UpgradeStep - format: date-time - nullable: true - type: string - message: - description: A human-readable message indicating details about - why the upgradeStep is in this state - type: string - phase: - description: Phase indicates if the UpgradeStep is waiting, - errored or completed. - type: string - reason: - description: Reason is a brief CamelCase string that describes - any failure and is meant for machine parsing and tidy display - in the CLI - type: string - startTime: - description: StartTime of a UpgradeStep - format: date-time - nullable: true - type: string - step: - description: UpgradeStep is the current step being performed - for a particular resource upgrade - type: string - type: object - type: array - type: object - required: - - spec - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- diff --git a/charts/openebs/openebs/2.11.0/charts/cstor/crds/volumesnapshot.yaml b/charts/openebs/openebs/2.11.0/charts/cstor/crds/volumesnapshot.yaml deleted file mode 100644 index b229db9cd..000000000 --- a/charts/openebs/openebs/2.11.0/charts/cstor/crds/volumesnapshot.yaml +++ /dev/null @@ -1,226 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.0 - api-approved.kubernetes.io: "https://github.com/kubernetes-csi/external-snapshotter/pull/419" - creationTimestamp: null - name: volumesnapshots.snapshot.storage.k8s.io -spec: - group: snapshot.storage.k8s.io - names: - kind: VolumeSnapshot - listKind: VolumeSnapshotList - plural: volumesnapshots - singular: volumesnapshot - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Indicates if the snapshot is ready to be used to restore a volume. - jsonPath: .status.readyToUse - name: ReadyToUse - type: boolean - - description: If a new snapshot needs to be created, this contains the name of the source PVC from which this snapshot was (or will be) created. - jsonPath: .spec.source.persistentVolumeClaimName - name: SourcePVC - type: string - - description: If a snapshot already exists, this contains the name of the existing VolumeSnapshotContent object representing the existing snapshot. - jsonPath: .spec.source.volumeSnapshotContentName - name: SourceSnapshotContent - type: string - - description: Represents the minimum size of volume required to rehydrate from this snapshot. - jsonPath: .status.restoreSize - name: RestoreSize - type: string - - description: The name of the VolumeSnapshotClass requested by the VolumeSnapshot. - jsonPath: .spec.volumeSnapshotClassName - name: SnapshotClass - type: string - - description: Name of the VolumeSnapshotContent object to which the VolumeSnapshot object intends to bind to. Please note that verification of binding actually requires checking both VolumeSnapshot and VolumeSnapshotContent to ensure both are pointing at each other. Binding MUST be verified prior to usage of this object. - jsonPath: .status.boundVolumeSnapshotContentName - name: SnapshotContent - type: string - - description: Timestamp when the point-in-time snapshot was taken by the underlying storage system. - jsonPath: .status.creationTime - name: CreationTime - type: date - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - description: VolumeSnapshot is a user's request for either creating a point-in-time snapshot of a persistent volume, or binding to a pre-existing snapshot. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: 'spec defines the desired characteristics of a snapshot requested by a user. More info: https://kubernetes.io/docs/concepts/storage/volume-snapshots#volumesnapshots Required.' - properties: - source: - description: source specifies where a snapshot will be created from. This field is immutable after creation. Required. - properties: - persistentVolumeClaimName: - description: persistentVolumeClaimName specifies the name of the PersistentVolumeClaim object representing the volume from which a snapshot should be created. This PVC is assumed to be in the same namespace as the VolumeSnapshot object. This field should be set if the snapshot does not exists, and needs to be created. This field is immutable. - type: string - volumeSnapshotContentName: - description: volumeSnapshotContentName specifies the name of a pre-existing VolumeSnapshotContent object representing an existing volume snapshot. This field should be set if the snapshot already exists and only needs a representation in Kubernetes. This field is immutable. - type: string - type: object - oneOf: - - required: ["persistentVolumeClaimName"] - - required: ["volumeSnapshotContentName"] - volumeSnapshotClassName: - description: 'VolumeSnapshotClassName is the name of the VolumeSnapshotClass requested by the VolumeSnapshot. VolumeSnapshotClassName may be left nil to indicate that the default SnapshotClass should be used. A given cluster may have multiple default Volume SnapshotClasses: one default per CSI Driver. If a VolumeSnapshot does not specify a SnapshotClass, VolumeSnapshotSource will be checked to figure out what the associated CSI Driver is, and the default VolumeSnapshotClass associated with that CSI Driver will be used. If more than one VolumeSnapshotClass exist for a given CSI Driver and more than one have been marked as default, CreateSnapshot will fail and generate an event. Empty string is not allowed for this field.' - type: string - required: - - source - type: object - status: - description: status represents the current information of a snapshot. Consumers must verify binding between VolumeSnapshot and VolumeSnapshotContent objects is successful (by validating that both VolumeSnapshot and VolumeSnapshotContent point at each other) before using this object. - properties: - boundVolumeSnapshotContentName: - description: 'boundVolumeSnapshotContentName is the name of the VolumeSnapshotContent object to which this VolumeSnapshot object intends to bind to. If not specified, it indicates that the VolumeSnapshot object has not been successfully bound to a VolumeSnapshotContent object yet. NOTE: To avoid possible security issues, consumers must verify binding between VolumeSnapshot and VolumeSnapshotContent objects is successful (by validating that both VolumeSnapshot and VolumeSnapshotContent point at each other) before using this object.' - type: string - creationTime: - description: creationTime is the timestamp when the point-in-time snapshot is taken by the underlying storage system. In dynamic snapshot creation case, this field will be filled in by the snapshot controller with the "creation_time" value returned from CSI "CreateSnapshot" gRPC call. For a pre-existing snapshot, this field will be filled with the "creation_time" value returned from the CSI "ListSnapshots" gRPC call if the driver supports it. If not specified, it may indicate that the creation time of the snapshot is unknown. - format: date-time - type: string - error: - description: error is the last observed error during snapshot creation, if any. This field could be helpful to upper level controllers(i.e., application controller) to decide whether they should continue on waiting for the snapshot to be created based on the type of error reported. The snapshot controller will keep retrying when an error occurs during the snapshot creation. Upon success, this error field will be cleared. - properties: - message: - description: 'message is a string detailing the encountered error during snapshot creation if specified. NOTE: message may be logged, and it should not contain sensitive information.' - type: string - time: - description: time is the timestamp when the error was encountered. - format: date-time - type: string - type: object - readyToUse: - description: readyToUse indicates if the snapshot is ready to be used to restore a volume. In dynamic snapshot creation case, this field will be filled in by the snapshot controller with the "ready_to_use" value returned from CSI "CreateSnapshot" gRPC call. For a pre-existing snapshot, this field will be filled with the "ready_to_use" value returned from the CSI "ListSnapshots" gRPC call if the driver supports it, otherwise, this field will be set to "True". If not specified, it means the readiness of a snapshot is unknown. - type: boolean - restoreSize: - type: string - description: restoreSize represents the minimum size of volume required to create a volume from this snapshot. In dynamic snapshot creation case, this field will be filled in by the snapshot controller with the "size_bytes" value returned from CSI "CreateSnapshot" gRPC call. For a pre-existing snapshot, this field will be filled with the "size_bytes" value returned from the CSI "ListSnapshots" gRPC call if the driver supports it. When restoring a volume from this snapshot, the size of the volume MUST NOT be smaller than the restoreSize if it is specified, otherwise the restoration will fail. If not specified, it indicates that the size is unknown. - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - required: - - spec - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - description: Indicates if the snapshot is ready to be used to restore a volume. - jsonPath: .status.readyToUse - name: ReadyToUse - type: boolean - - description: If a new snapshot needs to be created, this contains the name of the source PVC from which this snapshot was (or will be) created. - jsonPath: .spec.source.persistentVolumeClaimName - name: SourcePVC - type: string - - description: If a snapshot already exists, this contains the name of the existing VolumeSnapshotContent object representing the existing snapshot. - jsonPath: .spec.source.volumeSnapshotContentName - name: SourceSnapshotContent - type: string - - description: Represents the minimum size of volume required to rehydrate from this snapshot. - jsonPath: .status.restoreSize - name: RestoreSize - type: string - - description: The name of the VolumeSnapshotClass requested by the VolumeSnapshot. - jsonPath: .spec.volumeSnapshotClassName - name: SnapshotClass - type: string - - description: Name of the VolumeSnapshotContent object to which the VolumeSnapshot object intends to bind to. Please note that verification of binding actually requires checking both VolumeSnapshot and VolumeSnapshotContent to ensure both are pointing at each other. Binding MUST be verified prior to usage of this object. - jsonPath: .status.boundVolumeSnapshotContentName - name: SnapshotContent - type: string - - description: Timestamp when the point-in-time snapshot was taken by the underlying storage system. - jsonPath: .status.creationTime - name: CreationTime - type: date - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: VolumeSnapshot is a user's request for either creating a point-in-time snapshot of a persistent volume, or binding to a pre-existing snapshot. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: 'spec defines the desired characteristics of a snapshot requested by a user. More info: https://kubernetes.io/docs/concepts/storage/volume-snapshots#volumesnapshots Required.' - properties: - source: - description: source specifies where a snapshot will be created from. This field is immutable after creation. Required. - properties: - persistentVolumeClaimName: - description: persistentVolumeClaimName specifies the name of the PersistentVolumeClaim object representing the volume from which a snapshot should be created. This PVC is assumed to be in the same namespace as the VolumeSnapshot object. This field should be set if the snapshot does not exists, and needs to be created. This field is immutable. - type: string - volumeSnapshotContentName: - description: volumeSnapshotContentName specifies the name of a pre-existing VolumeSnapshotContent object representing an existing volume snapshot. This field should be set if the snapshot already exists and only needs a representation in Kubernetes. This field is immutable. - type: string - type: object - volumeSnapshotClassName: - description: 'VolumeSnapshotClassName is the name of the VolumeSnapshotClass requested by the VolumeSnapshot. VolumeSnapshotClassName may be left nil to indicate that the default SnapshotClass should be used. A given cluster may have multiple default Volume SnapshotClasses: one default per CSI Driver. If a VolumeSnapshot does not specify a SnapshotClass, VolumeSnapshotSource will be checked to figure out what the associated CSI Driver is, and the default VolumeSnapshotClass associated with that CSI Driver will be used. If more than one VolumeSnapshotClass exist for a given CSI Driver and more than one have been marked as default, CreateSnapshot will fail and generate an event. Empty string is not allowed for this field.' - type: string - required: - - source - type: object - status: - description: status represents the current information of a snapshot. Consumers must verify binding between VolumeSnapshot and VolumeSnapshotContent objects is successful (by validating that both VolumeSnapshot and VolumeSnapshotContent point at each other) before using this object. - properties: - boundVolumeSnapshotContentName: - description: 'boundVolumeSnapshotContentName is the name of the VolumeSnapshotContent object to which this VolumeSnapshot object intends to bind to. If not specified, it indicates that the VolumeSnapshot object has not been successfully bound to a VolumeSnapshotContent object yet. NOTE: To avoid possible security issues, consumers must verify binding between VolumeSnapshot and VolumeSnapshotContent objects is successful (by validating that both VolumeSnapshot and VolumeSnapshotContent point at each other) before using this object.' - type: string - creationTime: - description: creationTime is the timestamp when the point-in-time snapshot is taken by the underlying storage system. In dynamic snapshot creation case, this field will be filled in by the snapshot controller with the "creation_time" value returned from CSI "CreateSnapshot" gRPC call. For a pre-existing snapshot, this field will be filled with the "creation_time" value returned from the CSI "ListSnapshots" gRPC call if the driver supports it. If not specified, it may indicate that the creation time of the snapshot is unknown. - format: date-time - type: string - error: - description: error is the last observed error during snapshot creation, if any. This field could be helpful to upper level controllers(i.e., application controller) to decide whether they should continue on waiting for the snapshot to be created based on the type of error reported. The snapshot controller will keep retrying when an error occurs during the snapshot creation. Upon success, this error field will be cleared. - properties: - message: - description: 'message is a string detailing the encountered error during snapshot creation if specified. NOTE: message may be logged, and it should not contain sensitive information.' - type: string - time: - description: time is the timestamp when the error was encountered. - format: date-time - type: string - type: object - readyToUse: - description: readyToUse indicates if the snapshot is ready to be used to restore a volume. In dynamic snapshot creation case, this field will be filled in by the snapshot controller with the "ready_to_use" value returned from CSI "CreateSnapshot" gRPC call. For a pre-existing snapshot, this field will be filled with the "ready_to_use" value returned from the CSI "ListSnapshots" gRPC call if the driver supports it, otherwise, this field will be set to "True". If not specified, it means the readiness of a snapshot is unknown. - type: boolean - restoreSize: - type: string - description: restoreSize represents the minimum size of volume required to create a volume from this snapshot. In dynamic snapshot creation case, this field will be filled in by the snapshot controller with the "size_bytes" value returned from CSI "CreateSnapshot" gRPC call. For a pre-existing snapshot, this field will be filled with the "size_bytes" value returned from the CSI "ListSnapshots" gRPC call if the driver supports it. When restoring a volume from this snapshot, the size of the volume MUST NOT be smaller than the restoreSize if it is specified, otherwise the restoration will fail. If not specified, it indicates that the size is unknown. - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] - ---- diff --git a/charts/openebs/openebs/2.11.0/charts/cstor/crds/volumesnapshotclass.yaml b/charts/openebs/openebs/2.11.0/charts/cstor/crds/volumesnapshotclass.yaml deleted file mode 100644 index 9f83c5e0b..000000000 --- a/charts/openebs/openebs/2.11.0/charts/cstor/crds/volumesnapshotclass.yaml +++ /dev/null @@ -1,111 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.0 - api-approved.kubernetes.io: "https://github.com/kubernetes-csi/external-snapshotter/pull/419" - creationTimestamp: null - name: volumesnapshotclasses.snapshot.storage.k8s.io -spec: - group: snapshot.storage.k8s.io - names: - kind: VolumeSnapshotClass - listKind: VolumeSnapshotClassList - plural: volumesnapshotclasses - singular: volumesnapshotclass - scope: Cluster - versions: - - additionalPrinterColumns: - - jsonPath: .driver - name: Driver - type: string - - description: Determines whether a VolumeSnapshotContent created through the VolumeSnapshotClass should be deleted when its bound VolumeSnapshot is deleted. - jsonPath: .deletionPolicy - name: DeletionPolicy - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - description: VolumeSnapshotClass specifies parameters that a underlying storage system uses when creating a volume snapshot. A specific VolumeSnapshotClass is used by specifying its name in a VolumeSnapshot object. VolumeSnapshotClasses are non-namespaced - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - deletionPolicy: - description: deletionPolicy determines whether a VolumeSnapshotContent created through the VolumeSnapshotClass should be deleted when its bound VolumeSnapshot is deleted. Supported values are "Retain" and "Delete". "Retain" means that the VolumeSnapshotContent and its physical snapshot on underlying storage system are kept. "Delete" means that the VolumeSnapshotContent and its physical snapshot on underlying storage system are deleted. Required. - enum: - - Delete - - Retain - type: string - driver: - description: driver is the name of the storage driver that handles this VolumeSnapshotClass. Required. - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - parameters: - additionalProperties: - type: string - description: parameters is a key-value map with storage driver specific parameters for creating snapshots. These values are opaque to Kubernetes. - type: object - required: - - deletionPolicy - - driver - type: object - served: true - storage: false - subresources: {} - - additionalPrinterColumns: - - jsonPath: .driver - name: Driver - type: string - - description: Determines whether a VolumeSnapshotContent created through the VolumeSnapshotClass should be deleted when its bound VolumeSnapshot is deleted. - jsonPath: .deletionPolicy - name: DeletionPolicy - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: VolumeSnapshotClass specifies parameters that a underlying storage system uses when creating a volume snapshot. A specific VolumeSnapshotClass is used by specifying its name in a VolumeSnapshot object. VolumeSnapshotClasses are non-namespaced - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - deletionPolicy: - description: deletionPolicy determines whether a VolumeSnapshotContent created through the VolumeSnapshotClass should be deleted when its bound VolumeSnapshot is deleted. Supported values are "Retain" and "Delete". "Retain" means that the VolumeSnapshotContent and its physical snapshot on underlying storage system are kept. "Delete" means that the VolumeSnapshotContent and its physical snapshot on underlying storage system are deleted. Required. - enum: - - Delete - - Retain - type: string - driver: - description: driver is the name of the storage driver that handles this VolumeSnapshotClass. Required. - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - parameters: - additionalProperties: - type: string - description: parameters is a key-value map with storage driver specific parameters for creating snapshots. These values are opaque to Kubernetes. - type: object - required: - - deletionPolicy - - driver - type: object - served: true - storage: true - subresources: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- \ No newline at end of file diff --git a/charts/openebs/openebs/2.11.0/charts/cstor/crds/volumesnapshotcontent.yaml b/charts/openebs/openebs/2.11.0/charts/cstor/crds/volumesnapshotcontent.yaml deleted file mode 100644 index 888322d8a..000000000 --- a/charts/openebs/openebs/2.11.0/charts/cstor/crds/volumesnapshotcontent.yaml +++ /dev/null @@ -1,291 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.0 - api-approved.kubernetes.io: "https://github.com/kubernetes-csi/external-snapshotter/pull/419" - creationTimestamp: null - name: volumesnapshotcontents.snapshot.storage.k8s.io -spec: - group: snapshot.storage.k8s.io - names: - kind: VolumeSnapshotContent - listKind: VolumeSnapshotContentList - plural: volumesnapshotcontents - singular: volumesnapshotcontent - scope: Cluster - versions: - - additionalPrinterColumns: - - description: Indicates if the snapshot is ready to be used to restore a volume. - jsonPath: .status.readyToUse - name: ReadyToUse - type: boolean - - description: Represents the complete size of the snapshot in bytes - jsonPath: .status.restoreSize - name: RestoreSize - type: integer - - description: Determines whether this VolumeSnapshotContent and its physical snapshot on the underlying storage system should be deleted when its bound VolumeSnapshot is deleted. - jsonPath: .spec.deletionPolicy - name: DeletionPolicy - type: string - - description: Name of the CSI driver used to create the physical snapshot on the underlying storage system. - jsonPath: .spec.driver - name: Driver - type: string - - description: Name of the VolumeSnapshotClass to which this snapshot belongs. - jsonPath: .spec.volumeSnapshotClassName - name: VolumeSnapshotClass - type: string - - description: Name of the VolumeSnapshot object to which this VolumeSnapshotContent object is bound. - jsonPath: .spec.volumeSnapshotRef.name - name: VolumeSnapshot - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - description: VolumeSnapshotContent represents the actual "on-disk" snapshot object in the underlying storage system - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: spec defines properties of a VolumeSnapshotContent created by the underlying storage system. Required. - properties: - deletionPolicy: - description: deletionPolicy determines whether this VolumeSnapshotContent and its physical snapshot on the underlying storage system should be deleted when its bound VolumeSnapshot is deleted. Supported values are "Retain" and "Delete". "Retain" means that the VolumeSnapshotContent and its physical snapshot on underlying storage system are kept. "Delete" means that the VolumeSnapshotContent and its physical snapshot on underlying storage system are deleted. For dynamically provisioned snapshots, this field will automatically be filled in by the CSI snapshotter sidecar with the "DeletionPolicy" field defined in the corresponding VolumeSnapshotClass. For pre-existing snapshots, users MUST specify this field when creating the VolumeSnapshotContent object. Required. - enum: - - Delete - - Retain - type: string - driver: - description: driver is the name of the CSI driver used to create the physical snapshot on the underlying storage system. This MUST be the same as the name returned by the CSI GetPluginName() call for that driver. Required. - type: string - source: - description: source specifies whether the snapshot is (or should be) dynamically provisioned or already exists, and just requires a Kubernetes object representation. This field is immutable after creation. Required. - properties: - snapshotHandle: - description: snapshotHandle specifies the CSI "snapshot_id" of a pre-existing snapshot on the underlying storage system for which a Kubernetes object representation was (or should be) created. This field is immutable. - type: string - volumeHandle: - description: volumeHandle specifies the CSI "volume_id" of the volume from which a snapshot should be dynamically taken from. This field is immutable. - type: string - type: object - oneOf: - - required: ["snapshotHandle"] - - required: ["volumeHandle"] - volumeSnapshotClassName: - description: name of the VolumeSnapshotClass from which this snapshot was (or will be) created. Note that after provisioning, the VolumeSnapshotClass may be deleted or recreated with different set of values, and as such, should not be referenced post-snapshot creation. - type: string - volumeSnapshotRef: - description: volumeSnapshotRef specifies the VolumeSnapshot object to which this VolumeSnapshotContent object is bound. VolumeSnapshot.Spec.VolumeSnapshotContentName field must reference to this VolumeSnapshotContent's name for the bidirectional binding to be valid. For a pre-existing VolumeSnapshotContent object, name and namespace of the VolumeSnapshot object MUST be provided for binding to happen. This field is immutable after creation. Required. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - type: object - required: - - deletionPolicy - - driver - - source - - volumeSnapshotRef - type: object - status: - description: status represents the current information of a snapshot. - properties: - creationTime: - description: creationTime is the timestamp when the point-in-time snapshot is taken by the underlying storage system. In dynamic snapshot creation case, this field will be filled in by the CSI snapshotter sidecar with the "creation_time" value returned from CSI "CreateSnapshot" gRPC call. For a pre-existing snapshot, this field will be filled with the "creation_time" value returned from the CSI "ListSnapshots" gRPC call if the driver supports it. If not specified, it indicates the creation time is unknown. The format of this field is a Unix nanoseconds time encoded as an int64. On Unix, the command `date +%s%N` returns the current time in nanoseconds since 1970-01-01 00:00:00 UTC. - format: int64 - type: integer - error: - description: error is the last observed error during snapshot creation, if any. Upon success after retry, this error field will be cleared. - properties: - message: - description: 'message is a string detailing the encountered error during snapshot creation if specified. NOTE: message may be logged, and it should not contain sensitive information.' - type: string - time: - description: time is the timestamp when the error was encountered. - format: date-time - type: string - type: object - readyToUse: - description: readyToUse indicates if a snapshot is ready to be used to restore a volume. In dynamic snapshot creation case, this field will be filled in by the CSI snapshotter sidecar with the "ready_to_use" value returned from CSI "CreateSnapshot" gRPC call. For a pre-existing snapshot, this field will be filled with the "ready_to_use" value returned from the CSI "ListSnapshots" gRPC call if the driver supports it, otherwise, this field will be set to "True". If not specified, it means the readiness of a snapshot is unknown. - type: boolean - restoreSize: - description: restoreSize represents the complete size of the snapshot in bytes. In dynamic snapshot creation case, this field will be filled in by the CSI snapshotter sidecar with the "size_bytes" value returned from CSI "CreateSnapshot" gRPC call. For a pre-existing snapshot, this field will be filled with the "size_bytes" value returned from the CSI "ListSnapshots" gRPC call if the driver supports it. When restoring a volume from this snapshot, the size of the volume MUST NOT be smaller than the restoreSize if it is specified, otherwise the restoration will fail. If not specified, it indicates that the size is unknown. - format: int64 - minimum: 0 - type: integer - snapshotHandle: - description: snapshotHandle is the CSI "snapshot_id" of a snapshot on the underlying storage system. If not specified, it indicates that dynamic snapshot creation has either failed or it is still in progress. - type: string - type: object - required: - - spec - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - description: Indicates if the snapshot is ready to be used to restore a volume. - jsonPath: .status.readyToUse - name: ReadyToUse - type: boolean - - description: Represents the complete size of the snapshot in bytes - jsonPath: .status.restoreSize - name: RestoreSize - type: integer - - description: Determines whether this VolumeSnapshotContent and its physical snapshot on the underlying storage system should be deleted when its bound VolumeSnapshot is deleted. - jsonPath: .spec.deletionPolicy - name: DeletionPolicy - type: string - - description: Name of the CSI driver used to create the physical snapshot on the underlying storage system. - jsonPath: .spec.driver - name: Driver - type: string - - description: Name of the VolumeSnapshotClass to which this snapshot belongs. - jsonPath: .spec.volumeSnapshotClassName - name: VolumeSnapshotClass - type: string - - description: Name of the VolumeSnapshot object to which this VolumeSnapshotContent object is bound. - jsonPath: .spec.volumeSnapshotRef.name - name: VolumeSnapshot - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: VolumeSnapshotContent represents the actual "on-disk" snapshot object in the underlying storage system - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: spec defines properties of a VolumeSnapshotContent created by the underlying storage system. Required. - properties: - deletionPolicy: - description: deletionPolicy determines whether this VolumeSnapshotContent and its physical snapshot on the underlying storage system should be deleted when its bound VolumeSnapshot is deleted. Supported values are "Retain" and "Delete". "Retain" means that the VolumeSnapshotContent and its physical snapshot on underlying storage system are kept. "Delete" means that the VolumeSnapshotContent and its physical snapshot on underlying storage system are deleted. For dynamically provisioned snapshots, this field will automatically be filled in by the CSI snapshotter sidecar with the "DeletionPolicy" field defined in the corresponding VolumeSnapshotClass. For pre-existing snapshots, users MUST specify this field when creating the VolumeSnapshotContent object. Required. - enum: - - Delete - - Retain - type: string - driver: - description: driver is the name of the CSI driver used to create the physical snapshot on the underlying storage system. This MUST be the same as the name returned by the CSI GetPluginName() call for that driver. Required. - type: string - source: - description: source specifies whether the snapshot is (or should be) dynamically provisioned or already exists, and just requires a Kubernetes object representation. This field is immutable after creation. Required. - properties: - snapshotHandle: - description: snapshotHandle specifies the CSI "snapshot_id" of a pre-existing snapshot on the underlying storage system for which a Kubernetes object representation was (or should be) created. This field is immutable. - type: string - volumeHandle: - description: volumeHandle specifies the CSI "volume_id" of the volume from which a snapshot should be dynamically taken from. This field is immutable. - type: string - type: object - volumeSnapshotClassName: - description: name of the VolumeSnapshotClass from which this snapshot was (or will be) created. Note that after provisioning, the VolumeSnapshotClass may be deleted or recreated with different set of values, and as such, should not be referenced post-snapshot creation. - type: string - volumeSnapshotRef: - description: volumeSnapshotRef specifies the VolumeSnapshot object to which this VolumeSnapshotContent object is bound. VolumeSnapshot.Spec.VolumeSnapshotContentName field must reference to this VolumeSnapshotContent's name for the bidirectional binding to be valid. For a pre-existing VolumeSnapshotContent object, name and namespace of the VolumeSnapshot object MUST be provided for binding to happen. This field is immutable after creation. Required. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - type: object - required: - - deletionPolicy - - driver - - source - - volumeSnapshotRef - type: object - status: - description: status represents the current information of a snapshot. - properties: - creationTime: - description: creationTime is the timestamp when the point-in-time snapshot is taken by the underlying storage system. In dynamic snapshot creation case, this field will be filled in by the CSI snapshotter sidecar with the "creation_time" value returned from CSI "CreateSnapshot" gRPC call. For a pre-existing snapshot, this field will be filled with the "creation_time" value returned from the CSI "ListSnapshots" gRPC call if the driver supports it. If not specified, it indicates the creation time is unknown. The format of this field is a Unix nanoseconds time encoded as an int64. On Unix, the command `date +%s%N` returns the current time in nanoseconds since 1970-01-01 00:00:00 UTC. - format: int64 - type: integer - error: - description: error is the last observed error during snapshot creation, if any. Upon success after retry, this error field will be cleared. - properties: - message: - description: 'message is a string detailing the encountered error during snapshot creation if specified. NOTE: message may be logged, and it should not contain sensitive information.' - type: string - time: - description: time is the timestamp when the error was encountered. - format: date-time - type: string - type: object - readyToUse: - description: readyToUse indicates if a snapshot is ready to be used to restore a volume. In dynamic snapshot creation case, this field will be filled in by the CSI snapshotter sidecar with the "ready_to_use" value returned from CSI "CreateSnapshot" gRPC call. For a pre-existing snapshot, this field will be filled with the "ready_to_use" value returned from the CSI "ListSnapshots" gRPC call if the driver supports it, otherwise, this field will be set to "True". If not specified, it means the readiness of a snapshot is unknown. - type: boolean - restoreSize: - description: restoreSize represents the complete size of the snapshot in bytes. In dynamic snapshot creation case, this field will be filled in by the CSI snapshotter sidecar with the "size_bytes" value returned from CSI "CreateSnapshot" gRPC call. For a pre-existing snapshot, this field will be filled with the "size_bytes" value returned from the CSI "ListSnapshots" gRPC call if the driver supports it. When restoring a volume from this snapshot, the size of the volume MUST NOT be smaller than the restoreSize if it is specified, otherwise the restoration will fail. If not specified, it indicates that the size is unknown. - format: int64 - minimum: 0 - type: integer - snapshotHandle: - description: snapshotHandle is the CSI "snapshot_id" of a snapshot on the underlying storage system. If not specified, it indicates that dynamic snapshot creation has either failed or it is still in progress. - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- \ No newline at end of file diff --git a/charts/openebs/openebs/2.11.0/charts/cstor/templates/NOTES.txt b/charts/openebs/openebs/2.11.0/charts/cstor/templates/NOTES.txt deleted file mode 100644 index 1dadf47d5..000000000 --- a/charts/openebs/openebs/2.11.0/charts/cstor/templates/NOTES.txt +++ /dev/null @@ -1,11 +0,0 @@ -The OpenEBS cstor has been installed check its status by running: -$ kubectl get pods -n {{ .Release.Namespace }} - -Use `kubectl get bd -n {{ .Release.Namespace }} ` to see the list of -blockdevices attached to the Kubernetes cluster nodes. - -For more information, visit our Slack at https://openebs.io/community or view -the documentation online at http://docs.openebs.io/. - -For more information related to cstor pool and volume provisioning, visit -https://github.com/openebs/cstor-operators/tree/master/docs . diff --git a/charts/openebs/openebs/2.11.0/charts/cstor/templates/_helpers.tpl b/charts/openebs/openebs/2.11.0/charts/cstor/templates/_helpers.tpl deleted file mode 100644 index 7c86f3a04..000000000 --- a/charts/openebs/openebs/2.11.0/charts/cstor/templates/_helpers.tpl +++ /dev/null @@ -1,217 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "cstor.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "cstor.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "cstor.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "cstor.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "cstor.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} - -{{/* -Define meta labels for cstor components -*/}} -{{- define "cstor.common.metaLabels" -}} -chart: {{ template "cstor.chart" . }} -heritage: {{ .Release.Service }} -openebs.io/version: {{ .Values.release.version | quote }} -{{- end -}} - -{{/* -Create match labels for cstor admission server -*/}} -{{- define "cstor.admissionServer.matchLabels" -}} -app: {{ .Values.admissionServer.componentName | quote }} -release: {{ .Release.Name }} -component: {{ .Values.admissionServer.componentName | quote }} -{{- end -}} - -{{/* -Create component labels for cstor admission server -*/}} -{{- define "cstor.admissionServer.componentLabels" -}} -openebs.io/component-name: {{ .Values.admissionServer.componentName | quote }} -{{- end -}} - -{{/* -Create labels for cstor admission server -*/}} -{{- define "cstor.admissionServer.labels" -}} -{{ include "cstor.common.metaLabels" . }} -{{ include "cstor.admissionServer.matchLabels" . }} -{{ include "cstor.admissionServer.componentLabels" . }} -{{- end -}} - -{{/* -Create match labels for cstor cspc operator -*/}} -{{- define "cstor.cspcOperator.matchLabels" -}} -name: {{ .Values.cspcOperator.componentName | quote }} -release: {{ .Release.Name }} -component: {{ .Values.cspcOperator.componentName | quote }} -{{- end -}} - -{{/* -Create component labels cstor cspc operator -*/}} -{{- define "cstor.cspcOperator.componentLabels" -}} -openebs.io/component-name: {{ .Values.cspcOperator.componentName | quote }} -{{- end -}} - - -{{/* -Create labels for cstor cspc operator -*/}} -{{- define "cstor.cspcOperator.labels" -}} -{{ include "cstor.common.metaLabels" . }} -{{ include "cstor.cspcOperator.matchLabels" . }} -{{ include "cstor.cspcOperator.componentLabels" . }} -{{- end -}} - -{{/* -Create match labels for cstor cvc operator -*/}} -{{- define "cstor.cvcOperator.matchLabels" -}} -name: {{ .Values.cvcOperator.componentName | quote }} -release: {{ .Release.Name }} -component: {{ .Values.cvcOperator.componentName | quote }} -{{- end -}} - -{{/* -Create component labels cstor cvc operator -*/}} -{{- define "cstor.cvcOperator.componentLabels" -}} -openebs.io/component-name: {{ .Values.cvcOperator.componentName | quote }} -{{- end -}} - -{{/* -Create component labels cstor cvc operator service -*/}} -{{- define "cstor.cvcOperatorService.componentLabels" -}} -openebs.io/component-name: {{ printf "%s-svc" .Values.cvcOperator.componentName | quote }} -{{- end -}} - - -{{/* -Create labels for cstor cvc operator -*/}} -{{- define "cstor.cvcOperator.labels" -}} -{{ include "cstor.common.metaLabels" . }} -{{ include "cstor.cvcOperator.matchLabels" . }} -{{ include "cstor.cvcOperator.componentLabels" . }} -{{- end -}} - -{{/* -Create labels for cstor cvc operator service -*/}} -{{- define "cstor.cvcOperatorService.labels" -}} -{{ include "cstor.common.metaLabels" . }} -{{ include "cstor.cvcOperator.matchLabels" . }} -{{ include "cstor.cvcOperatorService.componentLabels" . }} -{{- end -}} - -{{/* -Create match labels for cstor csi node operator -*/}} -{{- define "cstor.csiNode.matchLabels" -}} -name: {{ .Values.csiNode.componentName | quote }} -release: {{ .Release.Name }} -component: {{ .Values.csiNode.componentName | quote }} -{{- end -}} - -{{/* -Create component labels cstor csi node operator -*/}} -{{- define "cstor.csiNode.componentLabels" -}} -openebs.io/component-name: {{ .Values.csiNode.componentName | quote }} -{{- end -}} - -{{/* -Create labels for cstor csi node operator -*/}} -{{- define "cstor.csiNode.labels" -}} -{{ include "cstor.common.metaLabels" . }} -{{ include "cstor.csiNode.matchLabels" . }} -{{ include "cstor.csiNode.componentLabels" . }} -{{- end -}} - -{{/* -Create match labels for cstor csi controller -*/}} -{{- define "cstor.csiController.matchLabels" -}} -name: {{ .Values.csiController.componentName | quote }} -release: {{ .Release.Name }} -component: {{ .Values.csiController.componentName | quote }} -{{- end -}} - -{{/* -Create component labels cstor csi controller -*/}} -{{- define "cstor.csiController.componentLabels" -}} -openebs.io/component-name: {{ .Values.csiController.componentName | quote }} -{{- end -}} - -{{/* -Create labels for cstor csi controller -*/}} -{{- define "cstor.csiController.labels" -}} -{{ include "cstor.common.metaLabels" . }} -{{ include "cstor.csiController.matchLabels" . }} -{{ include "cstor.csiController.componentLabels" . }} -{{- end -}} - -{{/* -Create the name of the priority class for csi node plugin -*/}} -{{- define "cstor.csiNode.priorityClassName" -}} -{{- if .Values.csiNode.priorityClass.create }} -{{- printf "%s-%s" .Release.Name .Values.csiNode.priorityClass.name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s" .Values.csiNode.priorityClass.name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} - -{{/* -Create the name of the priority class for csi controller plugin -*/}} -{{- define "cstor.csiController.priorityClassName" -}} -{{- if .Values.csiController.priorityClass.create }} -{{- printf "%s-%s" .Release.Name .Values.csiController.priorityClass.name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s" .Values.csiController.priorityClass.name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} diff --git a/charts/openebs/openebs/2.11.0/charts/cstor/templates/admission-server.yaml b/charts/openebs/openebs/2.11.0/charts/cstor/templates/admission-server.yaml deleted file mode 100644 index 0909c9d74..000000000 --- a/charts/openebs/openebs/2.11.0/charts/cstor/templates/admission-server.yaml +++ /dev/null @@ -1,59 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "cstor.fullname" . }}-admission-server - {{- with .Values.admissionServer.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} - labels: - {{- include "cstor.admissionServer.labels" . | nindent 4 }} -spec: - replicas: {{ .Values.admissionServer.replicas }} - strategy: - type: Recreate - rollingUpdate: null - selector: - matchLabels: - {{- include "cstor.admissionServer.matchLabels" . | nindent 6 }} - template: - metadata: - labels: - {{- include "cstor.admissionServer.labels" . | nindent 8 }} - {{- if .Values.admissionServer.podLabels }} - {{ toYaml .Values.admissionServer.podLabels | nindent 8 }} - {{- end }} - spec: - serviceAccountName: {{ .Values.serviceAccount.cstorOperator.name }} - containers: - - name: {{ template "cstor.fullname" . }}-admission-webhook - image: "{{ .Values.admissionServer.image.registry }}{{ .Values.admissionServer.image.repository }}:{{ .Values.admissionServer.image.tag }}" - imagePullPolicy: {{ .Values.admissionServer.image.pullPolicy }} - resources: -{{ toYaml .Values.admissionServer.resources | indent 12 }} - args: - - -alsologtostderr - - -v=2 - - 2>&1 - env: - - name: OPENEBS_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: ADMISSION_WEBHOOK_FAILURE_POLICY - value: {{ .Values.admissionServer.failurePolicy }} -{{- if .Values.imagePullSecrets }} - imagePullSecrets: -{{ toYaml .Values.imagePullSecrets | indent 2 }} -{{- end }} -{{- if .Values.admissionServer.nodeSelector }} - nodeSelector: -{{ toYaml .Values.admissionServer.nodeSelector | indent 8 }} -{{- end }} -{{- if .Values.admissionServer.securityContext }} - securityContext: -{{ toYaml .Values.admissionServer.securityContext | indent 8 }} -{{- end }} -{{- if .Values.admissionServer.tolerations }} - tolerations: -{{ toYaml .Values.admissionServer.tolerations | indent 8 }} -{{- end }} diff --git a/charts/openebs/openebs/2.11.0/charts/cstor/templates/cleanup-webhook.yaml b/charts/openebs/openebs/2.11.0/charts/cstor/templates/cleanup-webhook.yaml deleted file mode 100644 index ea1d86984..000000000 --- a/charts/openebs/openebs/2.11.0/charts/cstor/templates/cleanup-webhook.yaml +++ /dev/null @@ -1,39 +0,0 @@ -# HELM first deletes RBAC, then it tries to delete other resources like CSPC and PVC. -# We've got validating webhook on CSPC and PVC. -# But even that the policy of this webhook is Ignore, it fails because the ServiceAccount -# does not have permission to access resources like BDC anymore which are used for validation. -# Therefore we first need to delete webhook so we can delete the rest of the deployments. -{{- $kubeMinor := .Capabilities.KubeVersion.Minor | replace "+" "" }} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ template "cstor.fullname" . }}-webhook-cleanup - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": pre-delete - "helm.sh/hook-delete-policy": hook-succeeded - labels: - app: {{ template "cstor.name" . }} -spec: - template: - metadata: - name: {{ template "cstor.fullname" . }}-webhook-cleanup - labels: - app: {{ template "cstor.name" . }} - spec: - serviceAccountName: {{ .Values.serviceAccount.cstorOperator.name }} - containers: - - name: kubectl - {{- /* bitnami maintains an image for all k8s versions */}} - {{- /* see: https://hub.docker.com/r/bitnami/kubectl */}} - {{- if .Values.cleanup.image.tag }} - image: "{{ .Values.cleanup.image.registry }}{{ .Values.cleanup.image.repository }}:{{ .Values.cleanup.image.tag }}" - {{- else }} - image: "{{ .Values.cleanup.image.registry }}{{ .Values.cleanup.image.repository }}:{{ .Capabilities.KubeVersion.Major }}.{{ $kubeMinor }}" - {{- end }} - command: - - /bin/sh - - -c - - > - kubectl delete validatingWebhookConfiguration openebs-cstor-validation-webhook || true; - restartPolicy: OnFailure diff --git a/charts/openebs/openebs/2.11.0/charts/cstor/templates/csi-controller-rbac.yaml b/charts/openebs/openebs/2.11.0/charts/cstor/templates/csi-controller-rbac.yaml deleted file mode 100644 index 9926d0fb1..000000000 --- a/charts/openebs/openebs/2.11.0/charts/cstor/templates/csi-controller-rbac.yaml +++ /dev/null @@ -1,196 +0,0 @@ -{{- if .Values.serviceAccount.csiController.create -}} -kind: ServiceAccount -apiVersion: v1 -metadata: - name: {{ .Values.serviceAccount.csiController.name }} - labels: - {{- include "cstor.csiController.labels" . | nindent 4 }} - namespace: {{ .Release.Namespace }} -{{- end }} -{{- if .Values.rbac.create }} ---- -# cstor csi roles and bindings -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: openebs-cstor-csi-snapshotter-binding - labels: - {{- include "cstor.csiController.labels" . | nindent 4 }} -subjects: - - kind: ServiceAccount - name: {{ .Values.serviceAccount.csiController.name }} - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: openebs-cstor-csi-snapshotter-role - apiGroup: rbac.authorization.k8s.io ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: openebs-cstor-csi-snapshotter-role - labels: - {{- include "cstor.csiController.labels" . | nindent 4 }} -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents"] - verbs: ["create", "get", "list", "watch", "update", "delete"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents/status"] - verbs: ["update"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots/status"] - verbs: ["update"] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "watch", "list", "delete", "update", "create"] - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["create", "list", "watch", "delete", "get", "update"] ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: openebs-cstor-csi-provisioner-role - labels: - {{- include "cstor.csiController.labels" . | nindent 4 }} -rules: - - apiGroups: [""] - resources: ["secrets","namespaces"] - verbs: ["get", "list"] - - apiGroups: [ "" ] - resources: [ "pods" ] - verbs: [ "get", "list", "watch" ] - - apiGroups: [""] - resources: ["persistentvolumes", "services"] - verbs: ["get", "list", "watch", "create", "delete", "update", "patch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: [""] - resources: ["persistentvolumeclaims/status"] - verbs: ["update", "patch"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses", "csinodes"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots"] - verbs: ["get", "list"] - - apiGroups: ["storage.k8s.io"] - resources: ["volumeattachments"] - verbs: ["get", "list", "watch", "create", "delete", "update", "patch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents"] - verbs: ["get", "list"] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["*"] - - apiGroups: ["*"] - resources: ["cstorvolumeattachments", "cstorvolumes","cstorvolumeconfigs"] - verbs: ["*"] ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: openebs-cstor-csi-provisioner-binding - labels: - {{- include "cstor.csiController.labels" . | nindent 4 }} -subjects: - - kind: ServiceAccount - name: {{ .Values.serviceAccount.csiController.name }} - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: openebs-cstor-csi-provisioner-role - apiGroup: rbac.authorization.k8s.io ---- -############################## CSI- Attacher ####################### -# Attacher must be able to work with PVs, nodes and VolumeAttachments -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: openebs-cstor-csi-attacher-role - labels: - {{- include "cstor.csiController.labels" . | nindent 4 }} -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list", "watch"] - - apiGroups: ["csi.storage.k8s.io"] - resources: ["csinodeinfos"] - verbs: ["get", "list", "watch"] - - apiGroups: ["storage.k8s.io"] - resources: ["volumeattachments", "csinodes"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: [ "storage.k8s.io" ] - resources: [ "volumeattachments/status" ] - verbs: [ "patch" ] ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: openebs-cstor-csi-attacher-binding - labels: - {{- include "cstor.csiController.labels" . | nindent 4 }} -subjects: - - kind: ServiceAccount - name: {{ .Values.serviceAccount.csiController.name }} - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: openebs-cstor-csi-attacher-role - apiGroup: rbac.authorization.k8s.io ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: openebs-cstor-csi-cluster-registrar-role - labels: - {{- include "cstor.csiController.labels" . | nindent 4 }} -rules: - - apiGroups: ["csi.storage.k8s.io"] - resources: ["csidrivers"] - verbs: ["create", "delete"] ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: openebs-cstor-csi-cluster-registrar-binding - labels: - {{- include "cstor.csiController.labels" . | nindent 4 }} -subjects: - - kind: ServiceAccount - name: {{ .Values.serviceAccount.csiController.name }} - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: openebs-cstor-csi-cluster-registrar-role - apiGroup: rbac.authorization.k8s.io -{{- end }} diff --git a/charts/openebs/openebs/2.11.0/charts/cstor/templates/csi-controller.yaml b/charts/openebs/openebs/2.11.0/charts/cstor/templates/csi-controller.yaml deleted file mode 100644 index b8cb82732..000000000 --- a/charts/openebs/openebs/2.11.0/charts/cstor/templates/csi-controller.yaml +++ /dev/null @@ -1,137 +0,0 @@ -kind: StatefulSet -apiVersion: apps/v1 -metadata: - name: {{ template "cstor.fullname" . }}-csi-controller - {{- with .Values.csiController.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} - labels: - {{- include "cstor.csiController.labels" . | nindent 4 }} -spec: - selector: - matchLabels: - {{- include "cstor.csiController.matchLabels" . | nindent 6 }} - serviceName: "openebs-csi" - replicas: {{ .Values.csiController.replicas }} - template: - metadata: - labels: - {{- include "cstor.csiController.labels" . | nindent 8 }} - {{- if .Values.csiController.podLabels }} - {{ toYaml .Values.csiController.podLabels | nindent 8 }} - {{- end }} - spec: - priorityClassName: {{ template "cstor.csiController.priorityClassName" . }} - serviceAccount: {{ .Values.serviceAccount.csiController.name }} - containers: - - name: {{ .Values.csiController.resizer.name }} - image: "{{ .Values.csiController.resizer.image.registry }}{{ .Values.csiController.resizer.image.repository }}:{{ .Values.csiController.resizer.image.tag }}" - resources: -{{ toYaml .Values.csiController.resources | indent 12 }} - args: - - "--v=5" - - "--csi-address=$(ADDRESS)" - - "--leader-election" - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi.sock - imagePullPolicy: {{ .Values.csiController.resizer.image.pullPolicy }} - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy/ - - name: {{ .Values.csiController.snapshotter.name }} - image: "{{ .Values.csiController.snapshotter.image.registry }}{{ .Values.csiController.snapshotter.image.repository }}:{{ .Values.csiController.snapshotter.image.tag }}" - args: - - "--csi-address=$(ADDRESS)" - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi.sock - imagePullPolicy: {{ .Values.csiController.snapshotter.image.pullPolicy }} - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy/ - - name: {{ .Values.csiController.snapshotController.name }} - image: "{{ .Values.csiController.snapshotController.image.registry }}{{ .Values.csiController.snapshotController.image.repository }}:{{ .Values.csiController.snapshotController.image.tag }}" - args: - - "--v=5" - - "--leader-election=false" - imagePullPolicy: {{ .Values.csiController.snapshotController.image.pullPolicy }} - - name: {{ .Values.csiController.provisioner.name }} - image: "{{ .Values.csiController.provisioner.image.registry }}{{ .Values.csiController.provisioner.image.repository }}:{{ .Values.csiController.provisioner.image.tag }}" - imagePullPolicy: {{ .Values.csiController.provisioner.image.pullPolicy }} - args: - - "--csi-address=$(ADDRESS)" - - "--v=5" - - "--feature-gates=Topology=true" - - "--extra-create-metadata=true" - - "--metrics-address=:22011" - - "--timeout=250s" - - "--default-fstype=ext4" - env: - - name: MY_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi.sock - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy/ - - name: {{ .Values.csiController.attacher.name }} - image: "{{ .Values.csiController.attacher.image.registry }}{{ .Values.csiController.attacher.image.repository }}:{{ .Values.csiController.attacher.image.tag }}" - imagePullPolicy: {{ .Values.csiController.attacher.image.pullPolicy }} - args: - - "--v=5" - - "--csi-address=$(ADDRESS)" - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi.sock - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy/ - - name: {{ .Values.cstorCSIPlugin.name }} - image: "{{ .Values.cstorCSIPlugin.image.registry }}{{ .Values.cstorCSIPlugin.image.repository }}:{{ .Values.cstorCSIPlugin.image.tag }}" - imagePullPolicy: {{ .Values.cstorCSIPlugin.image.pullPolicy }} - env: - - name: OPENEBS_CONTROLLER_DRIVER - value: controller - - name: OPENEBS_CSI_ENDPOINT - value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock - - name: OPENEBS_CSI_API_URL - value: https://openebs.io - # OpenEBS namespace where the openebs cstor operator components - # has been installed - - name: OPENEBS_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: OPENEBS_IO_INSTALLER_TYPE - value: "cstor-helm" - - name: OPENEBS_IO_ENABLE_ANALYTICS - value: "{{ .Values.analytics.enabled }}" - args : - - "--endpoint=$(OPENEBS_CSI_ENDPOINT)" - - "--url=$(OPENEBS_CSI_API_URL)" - - "--plugin=$(OPENEBS_CONTROLLER_DRIVER)" - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy/ - volumes: - - name: socket-dir - emptyDir: {} -{{- if .Values.imagePullSecrets }} - imagePullSecrets: -{{ toYaml .Values.imagePullSecrets | indent 2 }} -{{- end }} -{{- if .Values.csiController.nodeSelector }} - nodeSelector: -{{ toYaml .Values.csiController.nodeSelector | indent 8 }} -{{- end }} -{{- if .Values.csiController.securityContext }} - securityContext: -{{ toYaml .Values.csiController.securityContext | indent 8 }} -{{- end }} -{{- if .Values.csiController.tolerations }} - tolerations: -{{ toYaml .Values.csiController.tolerations | indent 8 }} -{{- end }} diff --git a/charts/openebs/openebs/2.11.0/charts/cstor/templates/csi-driver.yaml b/charts/openebs/openebs/2.11.0/charts/cstor/templates/csi-driver.yaml deleted file mode 100644 index fbb9b8e0d..000000000 --- a/charts/openebs/openebs/2.11.0/charts/cstor/templates/csi-driver.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.csiDriver.create -}} -apiVersion: storage.k8s.io/v1 -kind: CSIDriver -metadata: - name: cstor.csi.openebs.io -spec: - # Supports persistent inline volumes. - volumeLifecycleModes: - - Persistent - # Not yet supported but added just to support upgrade control plane seamlessly - - Ephemeral - # To determine at runtime which mode a volume uses, pod info and its - # "csi.storage.k8s.io/ephemeral" entry are needed. - podInfoOnMount: {{ .Values.csiDriver.podInfoOnMount }} - attachRequired: {{ .Values.csiDriver.attachRequired }} -{{- end }} \ No newline at end of file diff --git a/charts/openebs/openebs/2.11.0/charts/cstor/templates/csi-iscsiadm-config.yaml b/charts/openebs/openebs/2.11.0/charts/cstor/templates/csi-iscsiadm-config.yaml deleted file mode 100644 index 4c134ad6e..000000000 --- a/charts/openebs/openebs/2.11.0/charts/cstor/templates/csi-iscsiadm-config.yaml +++ /dev/null @@ -1,18 +0,0 @@ -kind: ConfigMap -apiVersion: v1 -metadata: - name: openebs-cstor-csi-iscsiadm -data: - iscsiadm: | - #!/bin/sh - if [ -x /host/sbin/iscsiadm ]; then - chroot /host /sbin/iscsiadm "$@" - elif [ -x /host/usr/local/sbin/iscsiadm ]; then - chroot /host /usr/local/sbin/iscsiadm "$@" - elif [ -x /host/bin/iscsiadm ]; then - chroot /host /bin/iscsiadm "$@" - elif [ -x /host/usr/local/bin/iscsiadm ]; then - chroot /host /usr/local/bin/iscsiadm "$@" - else - chroot /host iscsiadm "$@" - fi diff --git a/charts/openebs/openebs/2.11.0/charts/cstor/templates/csi-node-rbac.yaml b/charts/openebs/openebs/2.11.0/charts/cstor/templates/csi-node-rbac.yaml deleted file mode 100644 index 4af703b20..000000000 --- a/charts/openebs/openebs/2.11.0/charts/cstor/templates/csi-node-rbac.yaml +++ /dev/null @@ -1,73 +0,0 @@ -{{- if .Values.serviceAccount.csiNode.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Values.serviceAccount.csiNode.name }} - labels: - {{- include "cstor.csiNode.labels" . | nindent 4 }} - namespace: {{ .Release.Namespace }} -{{- end }} -{{- if .Values.rbac.create }} ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: openebs-cstor-csi-registrar-role - labels: - {{- include "cstor.csiNode.labels" . | nindent 4 }} -rules: - - apiGroups: [""] - resources: ["events"] - verbs: ["get", "list", "watch", "create", "update", "patch"] - - apiGroups: [""] - resources: ["persistentvolumes", "nodes", "services"] - verbs: ["get", "list", "patch"] - - apiGroups: ["*"] - resources: ["cstorvolumeattachments", "cstorvolumes","cstorvolumeconfigs"] - verbs: ["get", "list", "watch", "create", "update", "delete", "patch"] ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: openebs-cstor-csi-registrar-binding - labels: - {{- include "cstor.csiNode.labels" . | nindent 4 }} -subjects: - - kind: ServiceAccount - name: {{ .Values.serviceAccount.csiNode.name }} - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: openebs-cstor-csi-registrar-role - apiGroup: rbac.authorization.k8s.io -{{- if .Values.rbac.pspEnabled }} ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: openebs-cstor-csi-node-role - labels: - {{- include "cstor.csiNode.labels" . | nindent 4 }} -rules: -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - openebs-cstor-csi-node-psp ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: openebs-cstor-csi-node-binding - labels: - {{- include "cstor.csiNode.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: openebs-cstor-csi-node-role -subjects: - - kind: ServiceAccount - name: {{ .Values.serviceAccount.csiNode.name }} - namespace: {{ $.Release.Namespace }} -{{- end }} -{{- end }} diff --git a/charts/openebs/openebs/2.11.0/charts/cstor/templates/csi-node.yaml b/charts/openebs/openebs/2.11.0/charts/cstor/templates/csi-node.yaml deleted file mode 100644 index 8a9a59e2a..000000000 --- a/charts/openebs/openebs/2.11.0/charts/cstor/templates/csi-node.yaml +++ /dev/null @@ -1,143 +0,0 @@ -kind: DaemonSet -apiVersion: apps/v1 -metadata: - name: {{ template "cstor.fullname" . }}-csi-node - {{- with .Values.csiNode.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} - labels: - {{- include "cstor.csiNode.labels" . | nindent 4 }} -spec: - selector: - matchLabels: - {{- include "cstor.csiNode.matchLabels" . | nindent 6 }} - template: - metadata: - labels: - {{- include "cstor.csiNode.labels" . | nindent 8 }} - {{- if .Values.csiNode.podLabels }} - {{ toYaml .Values.csiNode.podLabels | nindent 8 }} - {{- end }} - spec: - priorityClassName: {{ template "cstor.csiNode.priorityClassName" . }} - serviceAccount: {{ .Values.serviceAccount.csiNode.name }} - hostNetwork: true - containers: - - name: {{ .Values.csiNode.driverRegistrar.name }} - image: "{{ .Values.csiNode.driverRegistrar.image.registry }}{{ .Values.csiNode.driverRegistrar.image.repository }}:{{ .Values.csiNode.driverRegistrar.image.tag }}" - imagePullPolicy: {{ .Values.csiNode.driverRegistrar.image.pullPolicy }} - resources: -{{ toYaml .Values.csiNode.resources | indent 12 }} - args: - - "--v=5" - - "--csi-address=$(ADDRESS)" - - "--kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)" - lifecycle: - preStop: - exec: - command: ["/bin/sh", "-c", "rm -rf /registration/cstor.csi.openebs.io /registration/cstor.csi.openebs.io-reg.sock"] - env: - - name: ADDRESS - value: /plugin/csi.sock - - name: DRIVER_REG_SOCK_PATH - value: {{ .Values.csiNode.kubeletDir }}plugins/cstor.csi.openebs.io/csi.sock - - name: KUBE_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: NODE_DRIVER - value: openebs-cstor-csi - volumeMounts: - - name: plugin-dir - mountPath: /plugin - - name: registration-dir - mountPath: /registration - - name: {{ .Values.cstorCSIPlugin.name }} - securityContext: - privileged: true - allowPrivilegeEscalation: true - image: "{{ .Values.cstorCSIPlugin.image.registry }}{{ .Values.cstorCSIPlugin.image.repository }}:{{ .Values.cstorCSIPlugin.image.tag }}" - imagePullPolicy: {{ .Values.cstorCSIPlugin.image.pullPolicy }} - args: - - "--nodeid=$(OPENEBS_NODE_ID)" - - "--endpoint=$(OPENEBS_CSI_ENDPOINT)" - - "--url=$(OPENEBS_CSI_API_URL)" - - "--plugin=$(OPENEBS_NODE_DRIVER)" - env: - - name: OPENEBS_NODE_ID - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: OPENEBS_CSI_ENDPOINT - value: unix:///plugin/csi.sock - - name: OPENEBS_NODE_DRIVER - value: node - - name: OPENEBS_CSI_API_URL - value: https://openebs.io - # OpenEBS namespace where the openebs cstor operator components - # has been installed - - name: OPENEBS_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - # Enable/Disable auto-remount feature, when volumes - # recovers from the read-only state - - name: REMOUNT - value: "{{ .Values.cstorCSIPlugin.remount }}" - volumeMounts: - - name: plugin-dir - mountPath: /plugin - - name: device-dir - mountPath: /dev - - name: pods-mount-dir - mountPath: {{ .Values.csiNode.kubeletDir }} - # needed so that any mounts setup inside this container are - # propagated back to the host machine. - mountPropagation: "Bidirectional" - - name: host-root - mountPath: /host - mountPropagation: "HostToContainer" - - name: chroot-iscsiadm - mountPath: /sbin/iscsiadm - subPath: iscsiadm - volumes: - - name: device-dir - hostPath: - path: /dev - type: Directory - - name: registration-dir - hostPath: - path: {{ .Values.csiNode.kubeletDir }}plugins_registry/ - type: DirectoryOrCreate - - name: plugin-dir - hostPath: - path: {{ .Values.csiNode.kubeletDir }}plugins/cstor.csi.openebs.io/ - type: DirectoryOrCreate - - name: pods-mount-dir - hostPath: - path: {{ .Values.csiNode.kubeletDir }} - type: Directory - - name: chroot-iscsiadm - configMap: - defaultMode: 0555 - name: openebs-cstor-csi-iscsiadm - - name: host-root - hostPath: - path: / - type: Directory -{{- if .Values.imagePullSecrets }} - imagePullSecrets: -{{ toYaml .Values.imagePullSecrets | indent 2 }} -{{- end }} -{{- if .Values.csiNode.nodeSelector }} - nodeSelector: -{{ toYaml .Values.csiNode.nodeSelector | indent 8 }} -{{- end }} -{{- if .Values.csiNode.securityContext }} - securityContext: -{{ toYaml .Values.csiNode.securityContext | indent 8 }} -{{- end }} -{{- if .Values.csiNode.tolerations }} - tolerations: -{{ toYaml .Values.csiNode.tolerations | indent 8 }} -{{- end }} diff --git a/charts/openebs/openebs/2.11.0/charts/cstor/templates/cspc-operator.yaml b/charts/openebs/openebs/2.11.0/charts/cstor/templates/cspc-operator.yaml deleted file mode 100644 index 140929f28..000000000 --- a/charts/openebs/openebs/2.11.0/charts/cstor/templates/cspc-operator.yaml +++ /dev/null @@ -1,86 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "cstor.fullname" . }}-cspc-operator - {{- with .Values.cspcOperator.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} - labels: - {{- include "cstor.cspcOperator.labels" . | nindent 4 }} -spec: - selector: - matchLabels: - {{- include "cstor.cspcOperator.matchLabels" . | nindent 6 }} - replicas: {{ .Values.cspcOperator.replicas }} - strategy: - type: Recreate - template: - metadata: - {{- with .Values.cspcOperator.podAnnotations }} - annotations: {{ toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "cstor.cspcOperator.labels" . | nindent 8 }} - {{- if .Values.cspcOperator.podLabels }} - {{ toYaml .Values.cspcOperator.podLabels | nindent 8 }} - {{- end }} - spec: - serviceAccountName: {{ .Values.serviceAccount.cstorOperator.name }} - containers: - - name: {{ template "cstor.fullname" . }}-cspc-operator - imagePullPolicy: {{ .Values.cspcOperator.image.pullPolicy }} - image: "{{ .Values.cspcOperator.image.registry }}{{ .Values.cspcOperator.image.repository }}:{{ .Values.cspcOperator.image.tag }}" - resources: -{{ toYaml .Values.cspcOperator.resources | indent 12 }} - env: - - name: OPENEBS_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: OPENEBS_SERVICEACCOUNT_NAME - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: CSPC_OPERATOR_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - # OPENEBS_IO_BASE_DIR is used to configure base directory for openebs on host path. - # Where OpenEBS can store required files. Default base path will be /var/openebs - # - name: OPENEBS_IO_BASE_DIR - # value: "/var/openebs" - # OPENEBS_IO_CSTOR_POOL_SPARSE_DIR can be used to specify the hostpath - # to be used for saving the shared content between the side cars - # of cstor pool pod. This ENV is also used to indicate the location - # of the sparse devices. - # The default path used is /var/openebs/sparse - #- name: OPENEBS_IO_CSTOR_POOL_SPARSE_DIR - # value: "/var/openebs/sparse" - - name: OPENEBS_IO_CSPI_MGMT_IMAGE - value: "{{ .Values.cspcOperator.poolManager.image.registry }}{{ .Values.cspcOperator.poolManager.image.repository }}:{{ .Values.cspcOperator.poolManager.image.tag }}" - - name: OPENEBS_IO_CSTOR_POOL_IMAGE - value: "{{ .Values.cspcOperator.cstorPool.image.registry }}{{ .Values.cspcOperator.cstorPool.image.repository }}:{{ .Values.cspcOperator.cstorPool.image.tag }}" - - name: OPENEBS_IO_CSTOR_POOL_EXPORTER_IMAGE - value: "{{ .Values.cspcOperator.cstorPoolExporter.image.registry }}{{ .Values.cspcOperator.cstorPoolExporter.image.repository }}:{{ .Values.cspcOperator.cstorPoolExporter.image.tag }}" - - name: RESYNC_INTERVAL - value: "{{ .Values.cspcOperator.resyncInterval }}" -{{- if .Values.imagePullSecrets }} - - name: OPENEBS_IO_IMAGE_PULL_SECRETS - value: "{{- range $.Values.imagePullSecrets }}{{ .name }},{{- end }}" -{{- end }} -{{- if .Values.imagePullSecrets }} - imagePullSecrets: -{{ toYaml .Values.imagePullSecrets | indent 2 }} -{{- end }} -{{- if .Values.cspcOperator.nodeSelector }} - nodeSelector: -{{ toYaml .Values.cspcOperator.nodeSelector | indent 8 }} -{{- end }} -{{- if .Values.cspcOperator.securityContext }} - securityContext: -{{ toYaml .Values.cspcOperator.securityContext | indent 8 }} -{{- end }} -{{- if .Values.cspcOperator.tolerations }} - tolerations: -{{ toYaml .Values.cspcOperator.tolerations | indent 8 }} -{{- end }} diff --git a/charts/openebs/openebs/2.11.0/charts/cstor/templates/cvc-operator-service.yaml b/charts/openebs/openebs/2.11.0/charts/cstor/templates/cvc-operator-service.yaml deleted file mode 100644 index 2962838e2..000000000 --- a/charts/openebs/openebs/2.11.0/charts/cstor/templates/cvc-operator-service.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "cstor.fullname" . }}-cvc-operator-svc - labels: - {{- include "cstor.cvcOperatorService.labels" . | nindent 4 }} -spec: - ports: - - name: api - port: 5757 - protocol: TCP - targetPort: 5757 - selector: - name: cvc-operator - sessionAffinity: None diff --git a/charts/openebs/openebs/2.11.0/charts/cstor/templates/cvc-operator.yaml b/charts/openebs/openebs/2.11.0/charts/cstor/templates/cvc-operator.yaml deleted file mode 100644 index 561c65629..000000000 --- a/charts/openebs/openebs/2.11.0/charts/cstor/templates/cvc-operator.yaml +++ /dev/null @@ -1,83 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "cstor.fullname" . }}-cvc-operator - {{- with .Values.cvcOperator.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} - labels: - {{- include "cstor.cvcOperator.labels" . | nindent 4 }} -spec: - selector: - matchLabels: - {{- include "cstor.cvcOperator.matchLabels" . | nindent 6 }} - replicas: {{ .Values.cvcOperator.replicas }} - strategy: - type: Recreate - template: - metadata: - labels: - {{- include "cstor.cvcOperator.labels" . | nindent 8 }} - {{- if .Values.cvcOperator.podLabels }} - {{ toYaml .Values.cvcOperator.podLabels | nindent 8 }} - {{- end }} - spec: - serviceAccountName: {{ .Values.serviceAccount.cstorOperator.name }} - containers: - - name: {{ template "cstor.fullname" . }}-cvc-operator - imagePullPolicy: {{ .Values.cvcOperator.image.pullPolicy }} - image: "{{ .Values.cvcOperator.image.registry }}{{ .Values.cvcOperator.image.repository }}:{{ .Values.cvcOperator.image.tag }}" - args: - - "--v=2" - - "--leader-election=false" - - "--bind=$(OPENEBS_CVC_POD_IP)" - resources: -{{ toYaml .Values.cvcOperator.resources | indent 12 }} - env: - # OPENEBS_IO_BASE_DIR is used to configure base directory for openebs on host path. - # Where OpenEBS can store required files. Default base path will be /var/openebs - # - name: OPENEBS_IO_BASE_DIR - # value: "/var/openebs" - # OPENEBS_IO_CSTOR_TARGET_DIR can be used to specify the hostpath - # that to be used for saving the core dump of cstor volume pod. - # The default path used is /var/openebs/sparse - #- name: OPENEBS_IO_CSTOR_TARGET_DIR - # value: "/var/openebs/sparse" - - name: OPENEBS_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: OPENEBS_SERVICEACCOUNT_NAME - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: OPENEBS_CVC_POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: OPENEBS_IO_CSTOR_TARGET_IMAGE - value: "{{ .Values.cvcOperator.target.image.registry }}{{ .Values.cvcOperator.target.image.repository }}:{{ .Values.cvcOperator.target.image.tag }}" - - name: OPENEBS_IO_CSTOR_VOLUME_MGMT_IMAGE - value: "{{ .Values.cvcOperator.volumeMgmt.image.registry }}{{ .Values.cvcOperator.volumeMgmt.image.repository }}:{{ .Values.cvcOperator.volumeMgmt.image.tag }}" - - name: OPENEBS_IO_VOLUME_MONITOR_IMAGE - value: "{{ .Values.cvcOperator.volumeExporter.image.registry }}{{ .Values.cvcOperator.volumeExporter.image.repository }}:{{ .Values.cvcOperator.volumeExporter.image.tag }}" -{{- if .Values.imagePullSecrets }} - - name: OPENEBS_IO_IMAGE_PULL_SECRETS - value: "{{- range $.Values.imagePullSecrets }}{{ .name }},{{- end }}" -{{- end }} -{{- if .Values.imagePullSecrets }} - imagePullSecrets: -{{ toYaml .Values.imagePullSecrets | indent 2 }} -{{- end }} -{{- if .Values.cvcOperator.nodeSelector }} - nodeSelector: -{{ toYaml .Values.cvcOperator.nodeSelector | indent 8 }} -{{- end }} -{{- if .Values.cvcOperator.securityContext }} - securityContext: -{{ toYaml .Values.cvcOperator.securityContext | indent 8 }} -{{- end }} -{{- if .Values.cvcOperator.tolerations }} - tolerations: -{{ toYaml .Values.cvcOperator.tolerations | indent 8 }} -{{- end }} diff --git a/charts/openebs/openebs/2.11.0/charts/cstor/templates/priority-class.yaml b/charts/openebs/openebs/2.11.0/charts/cstor/templates/priority-class.yaml deleted file mode 100644 index 70b8e1220..000000000 --- a/charts/openebs/openebs/2.11.0/charts/cstor/templates/priority-class.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.csiController.priorityClass.create }} -apiVersion: scheduling.k8s.io/v1 -kind: PriorityClass -metadata: - name: {{ template "cstor.csiController.priorityClassName" . }} -value: 900000000 -globalDefault: false -description: "This priority class should be used for the CStor CSI driver controller deployment only." -{{- end }} ---- -{{- if .Values.csiNode.priorityClass.create }} -apiVersion: scheduling.k8s.io/v1 -kind: PriorityClass -metadata: - name: {{ template "cstor.csiNode.priorityClassName" . }} -value: 900001000 -globalDefault: false -description: "This priority class should be used for the CStor CSI driver node deployment only." -{{- end }} \ No newline at end of file diff --git a/charts/openebs/openebs/2.11.0/charts/cstor/templates/psp.yaml b/charts/openebs/openebs/2.11.0/charts/cstor/templates/psp.yaml deleted file mode 100644 index 138b52e09..000000000 --- a/charts/openebs/openebs/2.11.0/charts/cstor/templates/psp.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if .Values.rbac.pspEnabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: openebs-cstor-csi-node-psp - labels: - {{- include "cstor.csiNode.labels" . | nindent 4 }} -spec: - privileged: true - allowPrivilegeEscalation: true - allowedCapabilities: ['*'] - volumes: ['*'] - hostNetwork: true - hostIPC: true - hostPID: true - runAsUser: - rule: 'RunAsAny' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'RunAsAny' - fsGroup: - rule: 'RunAsAny' -{{- end }} diff --git a/charts/openebs/openebs/2.11.0/charts/cstor/templates/rbac.yaml b/charts/openebs/openebs/2.11.0/charts/cstor/templates/rbac.yaml deleted file mode 100644 index 74845bde7..000000000 --- a/charts/openebs/openebs/2.11.0/charts/cstor/templates/rbac.yaml +++ /dev/null @@ -1,117 +0,0 @@ -{{- if .Values.serviceAccount.cstorOperator.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Values.serviceAccount.cstorOperator.name }} - labels: - {{- include "cstor.common.metaLabels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} -{{- if .Values.rbac.create }} ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: openebs-cstor-operator - {{- with .Values.serviceAccount.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} - labels: - {{- include "cstor.common.metaLabels" . | nindent 4 }} -rules: - - apiGroups: ["*"] - resources: ["nodes", "nodes/proxy"] - verbs: ["*"] - - apiGroups: ["*"] - resources: ["namespaces", "services", "pods", "deployments", "deployments/finalizers", "replicationcontrollers", "replicasets", "events", "endpoints", "configmaps", "secrets", "jobs", "cronjobs"] - verbs: ["*"] - - apiGroups: ["*"] - resources: ["statefulsets", "daemonsets"] - verbs: ["*"] - - apiGroups: ["*"] - resources: ["resourcequotas", "limitranges"] - verbs: ["list", "watch"] - - apiGroups: ["*"] - resources: ["certificatesigningrequests"] - verbs: ["list", "watch"] - - apiGroups: ["*"] - resources: ["storageclasses", "persistentvolumeclaims", "persistentvolumes"] - verbs: ["*"] - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: [ "get", "list", "create", "update", "delete", "patch"] - - apiGroups: ["openebs.io"] - resources: ["*"] - verbs: ["*" ] - - apiGroups: ["cstor.openebs.io"] - resources: ["*"] - verbs: ["*" ] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "watch", "list", "delete", "update", "create"] - - apiGroups: ["admissionregistration.k8s.io"] - resources: ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"] - verbs: ["get", "create", "list", "delete", "update", "patch"] - - nonResourceURLs: ["/metrics"] - verbs: ["get"] - - apiGroups: ["*"] - resources: ["upgradetasks","migrationtasks"] - verbs: ["*"] - - apiGroups: ["*"] - resources: ["poddisruptionbudgets"] - verbs: ["get", "list", "create", "delete", "watch"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: openebs-cstor-operator - {{- with .Values.serviceAccount.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} - labels: - {{- include "cstor.common.metaLabels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: openebs-cstor-operator -subjects: -- kind: ServiceAccount - name: {{ .Values.serviceAccount.cstorOperator.name }} - namespace: {{ .Release.Namespace }} ---- -# Define Role that allows operations required for migration of snapshots -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: openebs-cstor-migration - labels: - {{- include "cstor.common.metaLabels" . | nindent 4 }} -rules: - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotclasses"] - verbs: ["get", "list"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents"] - verbs: ["create", "get", "list"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots"] - verbs: ["create", "get", "list"] ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: openebs-cstor-migration - labels: - {{- include "cstor.common.metaLabels" . | nindent 4 }} -subjects: -- kind: ServiceAccount - name: {{ .Values.serviceAccount.cstorOperator.name }} - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: openebs-cstor-migration - apiGroup: rbac.authorization.k8s.io -{{- end }} diff --git a/charts/openebs/openebs/2.11.0/charts/cstor/templates/snapshot-class.yaml b/charts/openebs/openebs/2.11.0/charts/cstor/templates/snapshot-class.yaml deleted file mode 100644 index 6418d0d89..000000000 --- a/charts/openebs/openebs/2.11.0/charts/cstor/templates/snapshot-class.yaml +++ /dev/null @@ -1,8 +0,0 @@ -kind: VolumeSnapshotClass -apiVersion: snapshot.storage.k8s.io/v1 -metadata: - name: csi-cstor-snapshotclass - annotations: - snapshot.storage.kubernetes.io/is-default-class: "true" -driver: cstor.csi.openebs.io -deletionPolicy: Delete \ No newline at end of file diff --git a/charts/openebs/openebs/2.11.0/charts/cstor/values.yaml b/charts/openebs/openebs/2.11.0/charts/cstor/values.yaml deleted file mode 100644 index 7e51a8df4..000000000 --- a/charts/openebs/openebs/2.11.0/charts/cstor/values.yaml +++ /dev/null @@ -1,248 +0,0 @@ -# Default values for cstor-operators. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -release: - version: "2.11.0" - -# If false, openebs NDM sub-chart will not be installed -openebsNDM: - enabled: true - -rbac: - # rbac.create: `true` if rbac resources should be created - create: true - # rbac.pspEnabled: `true` if PodSecurityPolicy resources should be created - pspEnabled: false - -imagePullSecrets: -# - name: "image-pull-secret" - -cspcOperator: - componentName: cspc-operator - poolManager: - image: - registry: - repository: openebs/cstor-pool-manager - tag: 2.11.0 - cstorPool: - image: - registry: - repository: openebs/cstor-pool - tag: 2.11.0 - cstorPoolExporter: - image: - registry: - repository: openebs/m-exporter - tag: 2.11.0 - image: - # Make sure that registry name end with a '/'. - # For example : quay.io/ is a correct value here and quay.io is incorrect - registry: - repository: openebs/cspc-operator - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: 2.11.0 - annotations: {} - resyncInterval: "30" - podAnnotations: {} - podLabels: {} - nodeSelector: {} - tolerations: [] - resources: {} - securityContext: {} - -cvcOperator: - componentName: cvc-operator - target: - image: - registry: - repository: openebs/cstor-istgt - tag: 2.11.0 - volumeMgmt: - image: - registry: - repository: openebs/cstor-volume-manager - tag: 2.11.0 - volumeExporter: - image: - registry: - repository: openebs/m-exporter - tag: 2.11.0 - image: - # Make sure that registry name end with a '/'. - # For example : quay.io/ is a correct value here and quay.io is incorrect - registry: - repository: openebs/cvc-operator - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: 2.11.0 - annotations: {} - resyncInterval: "30" - podAnnotations: {} - podLabels: {} - nodeSelector: {} - tolerations: [] - resources: {} - securityContext: {} - -csiController: - priorityClass: - create: true - name: cstor-csi-controller-critical - componentName: "openebs-cstor-csi-controller" - resizer: - name: "csi-resizer" - image: - # Make sure that registry name end with a '/'. - # For example : quay.io/ is a correct value here and quay.io is incorrect - registry: k8s.gcr.io/ - repository: sig-storage/csi-resizer - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: v1.1.0 - snapshotter: - name: "csi-snapshotter" - image: - # Make sure that registry name end with a '/'. - # For example : quay.io/ is a correct value here and quay.io is incorrect - registry: k8s.gcr.io/ - repository: sig-storage/csi-snapshotter - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: v3.0.3 - snapshotController: - name: "snapshot-controller" - image: - # Make sure that registry name end with a '/'. - # For example : quay.io/ is a correct value here and quay.io is incorrect - registry: k8s.gcr.io/ - repository: sig-storage/snapshot-controller - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: v3.0.3 - attacher: - name: "csi-attacher" - image: - # Make sure that registry name end with a '/'. - # For example : quay.io/ is a correct value here and quay.io is incorrect - registry: k8s.gcr.io/ - repository: sig-storage/csi-attacher - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: v3.1.0 - provisioner: - name: "csi-provisioner" - image: - # Make sure that registry name end with a '/'. - # For example : quay.io/ is a correct value here and quay.io is incorrect - registry: k8s.gcr.io/ - repository: sig-storage/csi-provisioner - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: v2.1.0 - annotations: {} - podAnnotations: {} - podLabels: {} - nodeSelector: {} - tolerations: [] - resources: {} - securityContext: {} - -cstorCSIPlugin: - name: cstor-csi-plugin - image: - # Make sure that registry name end with a '/'. - # For example : quay.io/ is a correct value here and quay.io is incorrect - registry: - repository: openebs/cstor-csi-driver - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: 2.11.0 - remount: "true" - -csiNode: - priorityClass: - create: true - name: cstor-csi-node-critical - componentName: "openebs-cstor-csi-node" - driverRegistrar: - name: "csi-node-driver-registrar" - image: - registry: k8s.gcr.io/ - repository: sig-storage/csi-node-driver-registrar - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: v2.1.0 - updateStrategy: - type: RollingUpdate - annotations: {} - podAnnotations: {} - resources: {} - # limits: - # cpu: 10m - # memory: 32Mi - # requests: - # cpu: 10m - # memory: 32Mi - ## Labels to be added to openebs-cstor-csi-node pods - podLabels: {} - # kubeletDir path can be configured to run on various different k8s distributions like - # microk8s where kubelet root dir is not (/var/lib/kubelet/). For example microk8s, - # we need to change the kubelet directory to `/var/snap/microk8s/common/var/lib/kubelet/` - kubeletDir: "/var/lib/kubelet/" - nodeSelector: {} - tolerations: [] - securityContext: {} - -csiDriver: - create: true - podInfoOnMount: true - attachRequired: false - -admissionServer: - componentName: cstor-admission-webhook - image: - # Make sure that registry name end with a '/'. - # For example : quay.io/ is a correct value here and quay.io is incorrect - registry: - repository: openebs/cstor-webhook - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: 2.11.0 - failurePolicy: "Fail" - annotations: {} - podAnnotations: {} - podLabels: {} - nodeSelector: {} - tolerations: [] - resources: {} - securityContext: {} - -serviceAccount: - # Annotations to add to the service account - annotations: {} - cstorOperator: - create: true - name: openebs-cstor-operator - csiController: - # Specifies whether a service account should be created - create: true - name: openebs-cstor-csi-controller-sa - csiNode: - # Specifies whether a service account should be created - create: true - name: openebs-cstor-csi-node-sa - -analytics: - enabled: true - # Specify in hours the duration after which a ping event needs to be sent. - pingInterval: "24h" - -cleanup: - image: - # Make sure that registry name end with a '/'. - # For example : quay.io/ is a correct value here and quay.io is incorrect - registry: - repository: bitnami/kubectl - tag: diff --git a/charts/openebs/openebs/2.11.0/charts/jiva/.helmignore b/charts/openebs/openebs/2.11.0/charts/jiva/.helmignore deleted file mode 100644 index 0e8a0eb36..000000000 --- a/charts/openebs/openebs/2.11.0/charts/jiva/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/openebs/openebs/2.11.0/charts/jiva/Chart.lock b/charts/openebs/openebs/2.11.0/charts/jiva/Chart.lock deleted file mode 100644 index 9ca339356..000000000 --- a/charts/openebs/openebs/2.11.0/charts/jiva/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: localpv-provisioner - repository: https://openebs.github.io/dynamic-localpv-provisioner - version: 2.11.0 -digest: sha256:947f9f89e8ce4efb17f542729a44d6be93c87441acde7f866fd420402a086f72 -generated: "2021-07-16T06:37:41.704645964Z" diff --git a/charts/openebs/openebs/2.11.0/charts/jiva/Chart.yaml b/charts/openebs/openebs/2.11.0/charts/jiva/Chart.yaml deleted file mode 100644 index 24cd22445..000000000 --- a/charts/openebs/openebs/2.11.0/charts/jiva/Chart.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: v2 -appVersion: 2.11.0 -dependencies: -- condition: openebsLocalpv.enabled - name: localpv-provisioner - repository: https://openebs.github.io/dynamic-localpv-provisioner - version: 2.11.0 -description: Jiva-Operator helm chart for Kubernetes -home: http://www.openebs.io/ -icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/openebs/icon/color/openebs-icon-color.png -keywords: -- cloud-native-storage -- block-storage -- iSCSI -- storage -- jiva -- jiva-operator -maintainers: -- email: prateek.pandey@mayadata.io - name: prateekpandey14 -- email: shubham.bajpai@mayadata.io - name: shubham14bajpai -name: jiva -sources: -- https://github.com/openebs/jiva-operator -type: application -version: 2.11.0 diff --git a/charts/openebs/openebs/2.11.0/charts/jiva/README.md b/charts/openebs/openebs/2.11.0/charts/jiva/README.md deleted file mode 100644 index 50def8ff2..000000000 --- a/charts/openebs/openebs/2.11.0/charts/jiva/README.md +++ /dev/null @@ -1,207 +0,0 @@ - -# OpenEBS Jiva - -[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0) -![Release Charts](https://github.com/openebs/jiva-operator/workflows/Release%20Charts/badge.svg?branch=master) -![Chart Lint and Test](https://github.com/openebs/jiva-operator/workflows/Chart%20Lint%20and%20Test/badge.svg) - -OpenEBS Jiva helm chart for Kubernetes. This chart bootstraps OpenEBS jiva operators and csi driver deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager - -**Homepage:** - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| prateekpandey14 | prateek.pandey@mayadata.io | | -| shubham14bajpai | shubham.bajpai@mayadata.io | | - -## Get Repo Info - -```console -helm repo add openebs-jiva https://openebs.github.io/jiva-operator -helm repo update -``` - -_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ - -## Install Chart - -Please visit the [link](https://openebs.github.io/jiva-operator) for install instructions via helm3. - -```console -# Helm -helm install [RELEASE_NAME] openebs-jiva/jiva --namespace [NAMESPACE] --create-namespace -``` - -_See [configuration](#configuration) below._ - -_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._ - - -## Dependencies - -By default this chart installs additional, dependent charts: - -| Repository | Name | Version | -|------------|------|---------| -| https://openebs.github.io/dynamic-localpv-provisioner | localpv-provisioner | 2.11.0 | - -**Note:** Find detailed Dynamic LocalPV Provisioner Helm chart configuration options [here](https://github.com/openebs/dynamic-localpv-provisioner/blob/develop/deploy/helm/charts/README.md). - -To disable the dependency during installation, set `openebsLocalpv.enabled` to `false`. - -```console -helm install openebs-jiva/jiva --namespace --create-namespace --set openebsLocalpv.enabled=false -``` - -For more details on dependency see [Jiva chart readme](https://github.com/openebs/jiva-operator/blob/master/deploy/helm/charts/README.md). - -_See [helm dependency](https://helm.sh/docs/helm/helm_dependency/) for command documentation._ - -## Uninstall Chart - -```console -# Helm -helm uninstall [RELEASE_NAME] --namespace [NAMESPACE] -``` - -This removes all the Kubernetes components associated with the chart and deletes the release. - -_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._ - -## Upgrading Chart - -```console -# Helm -helm upgrade [RELEASE_NAME] [CHART] --install --namespace [NAMESPACE] -``` - -## Configuration - -The following table lists the configurable parameters of the OpenEBS Jiva chart and their default values. -You can modify different parameters by specifying the desired value in the helm install command by using the `--set` and/or the `--set-string` flag(s). You can modify the parameters of the [Dynamic LocalPV Provisioner chart](https://openebs.github.io/dynamic-localpv-provisioner) by adding `localpv-provisioner` before the desired parameter in the helm install command. - -In the following sample command we modify `csiNode.nodeSelector` from the Jiva chart to only use the NodeSelector label `openebs.io/data-plane=true` to schedule the openebs-jiva-csi-node DaemonSet pods, and we also modify `hostpathClass.basePath` from the localpv-provisioner chart to change the BasePath directory to '/data' used by the openebs-hostpath StorageClass. - -```console -helm install openebs-jiva openebs-jiva/jiva -n openebs --create-namespace \ - --set-string csiNode.nodeSelector."openebs\.io/data-plane"=true \ - --set-string localpv-provisioner.hostpathClass.basePath="/data" -``` - -The Dynamic LocalPV Provisioner helm chart (this is a dependency for the Jiva helm chart) includes the [Node Disk Manager (NDM)](https://openebs.github.io/node-disk-manager/) helm chart. This NDM helm chart is disabled by default. You can enable the NDM chart during installation using flags as shown below: - -```console -helm install openebs-jiva openebs-jiva/jiva -n openebs --create-namespace \ - --set localpv-provisioner.openebsNDM.enabled=true \ - --set localpv-provisioner.deviceClass.enabled=true -``` - -If you have already installed Jiva without NDM, and would like to enable it after installation, use the following command: - -```console -helm upgrade openebs-jiva openebs-jiva/jiva -n openebs \ - --set localpv-provisioner.openebsNDM.enabled=true \ - --set localpv-provisioner.deviceClass.enabled=true -``` - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| csiController.annotations | object | `{}` | CSI controller annotations | -| csiController.attacher.image.pullPolicy | string | `"IfNotPresent"` | CSI attacher image pull policy | -| csiController.attacher.image.registry | string | `"k8s.gcr.io/"` | CSI attacher image registry | -| csiController.attacher.image.repository | string | `"k8scsi/csi-attacher"` | CSI attacher image repo | -| csiController.attacher.image.tag | string | `"v3.1.0"` | CSI attacher image tag | -| csiController.attacher.name | string | `"csi-attacher"` | CSI attacher container name| -| csiController.componentName | string | `""` | CSI controller component name | -| csiController.driverRegistrar.image.pullPolicy | string | `"IfNotPresent"` | CSI driver registrar image pull policy | -| csiController.driverRegistrar.image.registry | string | `"k8s.gcr.io/"` | CSI driver registrar image registry | -| csiController.driverRegistrar.image.repository | string | `"k8scsi/csi-cluster-driver-registrar"` | CSI driver registrar image repo | -| csiController.driverRegistrar.image.tag | string | `"v1.0.1"` | CSI driver registrar image tag| -| csiController.driverRegistrar.name | string | `"csi-cluster-driver-registrar"` | CSI driver registrar container name | -| csiController.livenessprobe.image.pullPolicy | string | `"IfNotPresent"` | CSI livenessprobe image pull policy | -| csiController.livenessprobe.image.registry | string | `"k8s.gcr.io/"` | CSI livenessprobe image registry | -| csiController.livenessprobe.image.repository | string | `"k8scsi/livenessprobe"` | CSI livenessprobe image repo | -| csiController.livenessprobe.image.tag | string | `"v2.2.0"` | CSI livenessprobe image tag | -| csiController.livenessprobe.name | string | `"liveness-probe"` | CSI livenessprobe container name| -| csiController.nodeSelector | object | `{}` | CSI controller pod node selector | -| csiController.podAnnotations | object | `{}` | CSI controller pod annotations | -| csiController.provisioner.image.pullPolicy | string | `"IfNotPresent"` | CSI provisioner image pull policy | -| csiController.provisioner.image.registry | string | `"k8s.gcr.io/"` | CSI provisioner image pull registry | -| csiController.provisioner.image.repository | string | `"k8scsi/csi-provisioner"` | CSI provisioner image pull repository | -| csiController.provisioner.image.tag | string | `"v2.1.0"` | CSI provisioner image tag | -| csiController.provisioner.name | string | `"csi-provisioner"` | CSI provisioner container name | -| csiController.resizer.image.pullPolicy | string | `"IfNotPresent"` | CSI resizer image pull policy | -| csiController.resizer.image.registry | string | `"k8s.gcr.io/"` | CSI resizer image registry | -| csiController.resizer.image.repository | string | `"k8scsi/csi-resizer"` | CSI resizer image repository| -| csiController.resizer.image.tag | string | `"v1.1.0"` | CSI resizer image tag | -| csiController.resizer.name | string | `"csi-resizer"` | CSI resizer container name | -| csiController.resources | object | `{}` | CSI controller container resources | -| csiController.securityContext | object | `{}` | CSI controller security context | -| csiController.tolerations | list | `[]` | CSI controller pod tolerations | -| csiNode.annotations | object | `{}` | CSI Node annotations | -| csiNode.componentName | string | `"openebs-jiva-csi-node"` | CSI Node component name | -| csiNode.driverRegistrar.image.pullPolicy | string | `"IfNotPresent"` | CSI Node driver registrar image pull policy| -| csiNode.driverRegistrar.image.registry | string | `"k8s.gcr.io/"` | CSI Node driver registrar image registry | -| csiNode.driverRegistrar.image.repository | string | `"k8scsi/csi-node-driver-registrar"` | CSI Node driver registrar image repository | -| csiNode.driverRegistrar.image.tag | string | `"v2.0.1"` | CSI Node driver registrar image tag| -| csiNode.driverRegistrar.name | string | `"csi-node-driver-registrar"` | CSI Node driver registrar container name | -| csiNode.kubeletDir | string | `"/var/lib/kubelet/"` | Kubelet root dir | -| csiNode.labels | object | `{}` | CSI Node pod labels | -| csiNode.nodeSelector | object | `{}` | CSI Node pod nodeSelector | -| csiNode.podAnnotations | object | `{}` | CSI Node pod annotations | -| csiNode.resources | object | `{}` | CSI Node pod resources | -| csiNode.securityContext | object | `{}` | CSI Node pod security context | -| csiNode.tolerations | list | `[]` | CSI Node pod tolerations | -| csiNode.updateStrategy.type | string | `"RollingUpdate"` | CSI Node daemonset update strategy | -| csiNode.livenessprobe.image.pullPolicy | string | `"IfNotPresent"` | CSI livenessprobe image pull policy | -| csiNode.livenessprobe.image.registry | string | `"k8s.gcr.io/"` | CSI livenessprobe image registry | -| csiNode.livenessprobe.image.repository | string | `"k8scsi/livenessprobe"` | CSI livenessprobe image repo | -| csiNode.livenessprobe.image.tag | string | `"v2.2.0"` | CSI livenessprobe image tag | -| csiNode.livenessprobe.name | string | `"liveness-probe"` | CSI livenessprobe container name| -| defaultPolicy.name | string | `"openebs-jiva-default-policy"` | Default jiva volume policy | -| defaultPolicy.enabled | bool | `true` | Enable default jiva volume policy | -| defaultPolicy.replicaSC | string | `"openebs-hostpath"` | StorageClass used for creating the PVC for the replica STS | -| defaultPolicy.replicas | string | `"3"` | The desired replication factor for the jiva volumes | -| defaultClass.name | string | `"openebs-jiva-csi-default"` | Default jiva csi StorageClass | -| defaultClass.enabled | bool | `true` | Enable default jiva csi StorageClass | -| defaultClass.reclaimPolicy | string | `"Delete"` | Reclaim Policy for the StorageClass | -| defaultClass.isDefaultClass | bool | `false` | Make jiva csi StorageClass as the default StorageClass | -| jivaOperator.annotations | object | `{}` | Jiva operator annotations | -| jivaOperator.componentName | string | `"jiva-operator"` | Jiva operator component name | -| jivaOperator.image.pullPolicy | string | `"IfNotPresent"` | Jiva operator image pull policy | -| jivaOperator.image.registry | string | `nil` | Jiva operator image registry | -| jivaOperator.image.repository | string | `"openebs/jiva-operator"` | Jiva operator image repository | -| jivaOperator.image.tag | string | `"2.11.0"` | Jiva operator image tag | -| jivaOperator.nodeSelector | object | `{}` | Jiva operator pod nodeSelector| -| jivaOperator.podAnnotations | object | `{}` | Jiva operator pod annotations | -| jivaOperator.resources | object | `{}` | Jiva operator pod resources | -| jivaOperator.securityContext | object | `{}` | Jiva operator security context | -| jivaOperator.tolerations | list | `[]` | Jiva operator pod tolerations | -| jivaCSIPlugin.image.pullPolicy | string | `"IfNotPresent"` | Jiva CSI driver image pull policy | -| jivaCSIPlugin.image.registry | string | `nil` | Jiva CSI driver image registry | -| jivaCSIPlugin.image.repository | string | `"openebs/jiva-csi"` | Jiva CSI driver image repository | -| jivaCSIPlugin.image.tag | string | `"2.11.0"` | Jiva CSI driver image tag | -| jivaCSIPlugin.name | string | `"jiva-csi-plugin"` | Jiva CSI driver container name | -| jivaCSIPlugin.remount | string | `"true"` | Jiva CSI driver remount feature, enabled by default | -| rbac.create | bool | `true` | Enable RBAC | -| rbac.pspEnabled | bool | `false` | Enable PodSecurityPolicy | -| release.version | string | `"2.11.0"` | Openebs Jiva release version | -| serviceAccount.annotations | object | `{}` | Service Account annotations | -| serviceAccount.csiController.create | bool | `true` | Enable CSI Controller ServiceAccount | -| serviceAccount.csiController.name | string | `"openebs-jiva-csi-controller-sa"` | CSI Controller ServiceAccount name | -| serviceAccount.csiNode.create | bool | `true` | Enable CSI Node ServiceAccount | -| serviceAccount.csiNode.name | string | `"openebs-jiva-csi-node-sa"` | CSI Node ServiceAccount name | -| serviceAccount.jivaOperator.create | bool | `true` | Enable Jiva Operator Node ServiceAccount | -| serviceAccount.jivaOperator.name | string | `"openebs-jiva-operator"` | Jiva Operator ServiceAccount name | - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```bash -helm install -f values.yaml openebs-jiva/jiva -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) diff --git a/charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/.helmignore b/charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/.helmignore deleted file mode 100644 index 0e8a0eb36..000000000 --- a/charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/Chart.lock b/charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/Chart.lock deleted file mode 100644 index 1399387a0..000000000 --- a/charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: openebs-ndm - repository: https://openebs.github.io/node-disk-manager - version: 1.6.0 -digest: sha256:bb37660c475faea9651f07b43f655da8f19d251b3227da70ec4990fae6d380f0 -generated: "2021-07-16T06:29:18.04468484Z" diff --git a/charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/Chart.yaml b/charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/Chart.yaml deleted file mode 100644 index 8e02a3469..000000000 --- a/charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/Chart.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: v2 -appVersion: 2.11.0 -dependencies: -- condition: openebsNDM.enabled - name: openebs-ndm - repository: https://openebs.github.io/node-disk-manager - version: 1.6.0 -description: Helm chart for OpenEBS Dynamic Local PV. For instructions to install - OpenEBS Dynamic Local PV using helm chart, refer to https://openebs.github.io/dynamic-localpv-provisioner/. -home: http://www.openebs.io/ -icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/openebs/icon/color/openebs-icon-color.png -keywords: -- storage -- local -- dynamic-localpv -maintainers: -- email: akhil.mohan@mayadata.io - name: akhilerm -- email: kiran.mova@mayadata.io - name: kiranmova -- email: prateek.pandey@mayadata.io - name: prateekpandey14 -name: localpv-provisioner -sources: -- https://github.com/openebs/dynamic-localpv-provisioner -type: application -version: 2.11.0 diff --git a/charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/README.md b/charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/README.md deleted file mode 100644 index 139ac268c..000000000 --- a/charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/README.md +++ /dev/null @@ -1,143 +0,0 @@ -# OpenEBS LocalPV Provisioner - -[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0) -![Chart Lint and Test](https://github.com/openebs/dynamic-localpv-provisioner/workflows/Chart%20Lint%20and%20Test/badge.svg) -![Release Charts](https://github.com/openebs/dynamic-localpv-provisioner/workflows/Release%20Charts/badge.svg?branch=develop) - -A Helm chart for openebs dynamic localpv provisioner. This chart bootstraps OpenEBS Dynamic LocalPV provisioner deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - - -**Homepage:** - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| akhilerm | akhil.mohan@mayadata.io | | -| kiranmova | kiran.mova@mayadata.io | | -| prateekpandey14 | prateek.pandey@mayadata.io | | - - -## Get Repo Info - -```console -helm repo add openebs-localpv https://openebs.github.io/dynamic-localpv-provisioner -helm repo update -``` - -_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ - -## Install Chart - -Please visit the [link](https://openebs.github.io/dynamic-localpv-provisioner/) for install instructions via helm3. - -```console -# Helm -helm install [RELEASE_NAME] openebs-localpv/localpv-provisioner --namespace [NAMESPACE] --create-namespace -``` - -_See [configuration](#configuration) below._ - -_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._ - -## Dependencies - -By default this chart installs additional, dependent charts: - -| Repository | Name | Version | -|------------|------|---------| -| https://openebs.github.io/node-disk-manager | openebs-ndm | 1.6.0 | - -**Note:** Find detailed Node Disk Manager Helm chart configuration options [here](https://github.com/openebs/node-disk-manager/blob/master/deploy/helm/charts/README.md). - - -To disable the dependency during installation, set `openebsNDM.enabled` to `false`. - -_See [helm dependency](https://helm.sh/docs/helm/helm_dependency/) for command documentation._ - -## Uninstall Chart - -```console -# Helm -helm uninstall [RELEASE_NAME] --namespace [NAMESPACE] -``` - -This removes all the Kubernetes components associated with the chart and deletes the release. - -_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._ - -## Upgrading Chart - -```console -# Helm -helm upgrade [RELEASE_NAME] [CHART] --install --namespace [NAMESPACE] -``` - - -## Configuration - -The following table lists the configurable parameters of the OpenEBS Dynamic LocalPV Provisioner chart and their default values. - -You can modify different parameters by specifying the desired value in the `helm install` command by using the `--set` and/or the `--set-string` flag(s). You can modify the parameters of the [Node Disk Manager chart](https://openebs.github.io/node-disk-manager) by adding `openebs-ndm` before the desired parameter in the `helm install` command. - -In the following sample command we modify `deviceClass.fsType` from the localpv-provisioner chart and `ndm.nodeSelector` from the openebs-ndm chart to only schedule openebs-ndm DaemonSet pods on nodes labelled with `openebs.io/data-plane=true`. We also enable the 'Use OS-disk' feature gate using the `featureGates.UseOSDisk.enabled` parameter from the openebs-ndm chart. - - -```console -helm install openebs-localpv openebs-localpv/localpv-provisioner --namespace openebs --create-namespace \ - --set-string deviceClass.fsType="xfs" \ - --set-string openebs-ndm.ndm.nodeSelector."openebs\.io/data-plane"=true \ - --set openebs-ndm.featureGates.UseOSDisk.enabled=true -``` - -| Parameter | Description | Default | -| ------------------------------------------- | --------------------------------------------- | ----------------------------------------- | -| `release.version` | LocalPV Provisioner release version | `2.11.0` | -| `analytics.enabled` | Enable sending stats to Google Analytics | `true` | -| `analytics.pingInterval` | Duration(hours) between sending ping stat | `24h` | -| `deviceClass.blockDeviceTag` | Value of `openebs.io/block-device-tag` BD label | `""` | -| `deviceClass.enabled` | Enables creation of default Device StorageClass | `true` | -| `deviceClass.fsType` | Filesystem type for openebs-device StorageClass | `"ext4"` | -| `deviceClass.isDefaultClass` | Make openebs-device the default StorageClass | `"false"` | -| `deviceClass.reclaimPolicy` | ReclaimPolicy for Device PVs | `"Delete"` | -| `helperPod.image.registry` | Registry for helper image | `""` | -| `helperPod.image.repository` | Image for helper pod | `"openebs/linux-utils"` | -| `helperPod.image.pullPolicy` | Pull policy for helper pod | `"IfNotPresent"` | -| `helperPod.image.tag` | Image tag for helper image | `2.11.0` | -| `hostpathClass.basePath` | BasePath for openebs-hostpath StorageClass | `"/var/openebs/local"` | -| `hostpathClass.enabled` | Enables creation of default Hostpath StorageClass | `true` | -| `hostpathClass.isDefaultClass` | Make openebs-hostpath the default StorageClass | `"false"` | -| `hostpathClass.nodeAffinityLabel` | Custom node label key to uniquely identify nodes. `kubernetes.io/hostname` is the default label key for node selection. | `""` | -| `hostpathClass.reclaimPolicy` | ReclaimPolicy for Hostpath PVs | `"Delete"` | -| `imagePullSecrets` | Provides image pull secrect | `""` | -| `localpv.enabled` | Enable LocalPV Provisioner | `true` | -| `localpv.image.registry` | Registry for LocalPV Provisioner image | `""` | -| `localpv.image.repository` | Image repository for LocalPV Provisioner | `openebs/localpv-provisioner` | -| `localpv.image.pullPolicy` | Image pull policy for LocalPV Provisioner | `IfNotPresent` | -| `localpv.image.tag` | Image tag for LocalPV Provisioner | `2.11.0` | -| `localpv.updateStrategy.type` | Update strategy for LocalPV Provisioner | `RollingUpdate` | -| `localpv.annotations` | Annotations for LocalPV Provisioner metadata | `""` | -| `localpv.podAnnotations` | Annotations for LocalPV Provisioner pods metadata | `""` | -| `localpv.privileged` | Run LocalPV Provisioner with extra privileges | `true` | -| `localpv.resources` | Resource and request and limit for containers | `""` | -| `localpv.podLabels` | Appends labels to the pods | `""` | -| `localpv.nodeSelector` | Nodeselector for LocalPV Provisioner pods | `""` | -| `localpv.tolerations` | LocalPV Provisioner pod toleration values | `""` | -| `localpv.securityContext` | Seurity context for container | `""` | -| `localpv.healthCheck.initialDelaySeconds` | Delay before liveness probe is initiated | `30` | -| `localpv.healthCheck.periodSeconds` | How often to perform the liveness probe | `60` | -| `localpv.replicas` | No. of LocalPV Provisioner replica | `1` | -| `localpv.enableLeaderElection` | Enable leader election | `true` | -| `localpv.affinity` | LocalPV Provisioner pod affinity | `{}` | -| `openebsNDM.enabled` | Install openebs NDM dependency | `true` | -| `rbac.create` | Enable RBAC Resources | `true` | -| `rbac.pspEnabled` | Create pod security policy resources | `false` | - - -A YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```bash -helm install -f values.yaml --namespace openebs openebs-localpv/localpv-provisioner -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) diff --git a/charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/charts/openebs-ndm/Chart.yaml b/charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/charts/openebs-ndm/Chart.yaml deleted file mode 100644 index 890c4887b..000000000 --- a/charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/charts/openebs-ndm/Chart.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v2 -appVersion: 1.6.0 -description: Helm chart for OpenEBS Node Disk Manager - a Kubernetes native storage - device management solution. For instructions on how to install, refer to https://openebs.github.io/node-disk-manager/. -home: http://www.openebs.io/ -icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/openebs/icon/color/openebs-icon-color.png -keywords: -- cloud-native-storage -- block-storage -- ndm -- disk-inventory -- storage -maintainers: -- email: akhil.mohan@mayadata.io - name: akhilerm -- email: michaelfornaro@gmail.com - name: xUnholy -- email: prateek.pandey@mayadata.io - name: prateekpandey14 -name: openebs-ndm -sources: -- https://github.com/openebs/node-disk-manager -version: 1.6.0 diff --git a/charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/charts/openebs-ndm/README.md b/charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/charts/openebs-ndm/README.md deleted file mode 100644 index 497b6b450..000000000 --- a/charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/charts/openebs-ndm/README.md +++ /dev/null @@ -1,79 +0,0 @@ -## Introduction - -This chart bootstraps OpenEBS NDM deployment on a [Kubernetes](http://kubernetes.io) cluster using the -[Helm](https://helm.sh) package manager. - -## Installation - -You can run OpenEBS NDM on any Kubernetes 1.13+ cluster in a matter of seconds. - -Please visit the [link](https://openebs.github.io/node-disk-manager/) for install instructions via helm3. - -## Configuration - -The following table lists the configurable parameters of the OpenEBS NDM chart and their default values. - -| Parameter | Description | Default | -| ----------------------------------------| --------------------------------------------- | ----------------------------------------- | -| `imagePullSecrets` | Provides image pull secrect | `""` | -| `ndm.enabled` | Enable Node Disk Manager | `true` | -| `ndm.image.registry` | Registry for Node Disk Manager image | `""` | -| `ndm.image.repository` | Image repository for Node Disk Manager | `openebs/node-disk-manager` | -| `ndm.image.pullPolicy` | Image pull policy for Node Disk Manager | `IfNotPresent` | -| `ndm.image.tag` | Image tag for Node Disk Manager | `1.5.0` | -| `ndm.sparse.path` | Directory where Sparse files are created | `/var/openebs/sparse` | -| `ndm.sparse.size` | Size of the sparse file in bytes | `10737418240` | -| `ndm.sparse.count` | Number of sparse files to be created | `0` | -| `ndm.updateStrategy.type` | Update strategy for NDM daemonset | `RollingUpdate` | -| `ndm.annotations` | Annotations for NDM daemonset metadata | `""` | -| `ndm.podAnnotations` | Annotations for NDM daemonset's pods metadata | `""` | -| `ndm.resources` | Resource and request and limit for containers | `""` | -| `ndm.podLabels` | Appends labels to the pods | `""` | -| `ndm.nodeSelector` | Nodeselector for daemonset pods | `""` | -| `ndm.tolerations` | NDM daemonset's pod toleration values | `""` | -| `ndm.securityContext` | Seurity context for container | `""` | -| `ndm.filters.enableOsDiskExcludeFilter` | Enable filters of OS disk exclude | `true` | -| `ndm.filters.osDiskExcludePaths` | Paths/Mountpoints to be excluded by OS Disk Filter| `/,/etc/hosts,/boot` | -| `ndm.filters.enableVendorFilter` | Enable filters of vendors | `true` | -| `ndm.filters.excludeVendors` | Exclude devices with specified vendor | `CLOUDBYT,OpenEBS` | -| `ndm.filters.enablePathFilter` | Enable filters of paths | `true` | -| `ndm.filters.includePaths` | Include devices with specified path patterns | `""` | -| `ndm.filters.excludePaths` | Exclude devices with specified path patterns | `loop,fd0,sr0,/dev/ram,/dev/dm-,/dev/md,/dev/rbd,/dev/zd`| -| `ndm.probes.enableSeachest` | Enable Seachest probe for NDM | `false` | -| `ndm.probes.enableUdevProbe` | Enable Udev probe for NDM | `true` | -| `ndm.probes.enableSmartProbe` | Enable Smart probe for NDM | `true` | -| `ndmOperator.enabled` | Enable NDM Operator | `true` | -| `ndmOperator.replica` | Pod replica count for NDM operator | `1` | -| `ndmOperator.upgradeStrategy` | Update strategy NDM operator | `"Recreate"` | -| `ndmOperator.image.registry` | Registry for NDM operator image | `""` | -| `ndmOperator.image.repository` | Image repository for NDM operator | `openebs/node-disk-operator` | -| `ndmOperator.image.pullPolicy` | Image pull policy for NDM operator | `IfNotPresent` | -| `ndmOperator.image.tag` | Image tag for NDM operator | `1.5.0` | -| `ndmOperator.annotations` | Annotations for NDM operator metadata | `""` | -| `ndmOperator.podAnnotations` | Annotations for NDM operator's pods metadata | `""` | -| `ndmOperator.resources` | Resource and request and limit for containers | `""` | -| `ndmOperator.podLabels` | Appends labels to the pods | `""` | -| `ndmOperator.nodeSelector` | Nodeselector for operator pods | `""` | -| `ndmOperator.tolerations` | NDM operator's pod toleration values | `""` | -| `ndmOperator.securityContext` | Seurity context for container | `""` | -| `featureGates.APIService.enabled` | Enable the gRPC API service of NDM | `false` | -| `featureGates.UseOSDisk.enabled` | Enable feature-gate to use free space on OS disk | `false` | -| `featureGates.MountChangeDetection.enabled` | Enable feature-gate to detect mountpoint/filesystem changes | `false` | -| `helperPod.image.registry` | Registry for helper image | `""` | -| `helperPod.image.repository` | Image for helper pod | `openebs/linux-utils` | -| `helperPod.image.pullPolicy` | Pull policy for helper pod | `IfNotPresent` | -| `helperPod.image.tag` | Image tag for helper image | `2.10.0` | -| `varDirectoryPath.baseDir` | Directory to store debug info and so forth | `/var/openebs` | -| `serviceAccount.create` | Create a service account or not | `true` | -| `serviceAccount.name` | Name for the service account | `true` | - - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```bash -helm install -f values.yaml ndm/openebs-ndm -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) diff --git a/charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/charts/openebs-ndm/crds/blockdevice.yaml b/charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/charts/openebs-ndm/crds/blockdevice.yaml deleted file mode 100644 index 95f40703c..000000000 --- a/charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/charts/openebs-ndm/crds/blockdevice.yaml +++ /dev/null @@ -1,241 +0,0 @@ - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.5.0 - creationTimestamp: null - name: blockdevices.openebs.io -spec: - group: openebs.io - names: - kind: BlockDevice - listKind: BlockDeviceList - plural: blockdevices - shortNames: - - bd - singular: blockdevice - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.nodeAttributes.nodeName - name: NodeName - type: string - - jsonPath: .spec.path - name: Path - priority: 1 - type: string - - jsonPath: .spec.filesystem.fsType - name: FSType - priority: 1 - type: string - - jsonPath: .spec.capacity.storage - name: Size - type: string - - jsonPath: .status.claimState - name: ClaimState - type: string - - jsonPath: .status.state - name: Status - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - description: BlockDevice is the Schema for the blockdevices API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: DeviceSpec defines the properties and runtime status of a BlockDevice - properties: - aggregateDevice: - description: AggregateDevice was intended to store the hierarchical information in cases of LVM. However this is currently not implemented and may need to be re-looked into for better design. To be deprecated - type: string - capacity: - description: Capacity - properties: - logicalSectorSize: - description: LogicalSectorSize is blockdevice logical-sector size in bytes - format: int32 - type: integer - physicalSectorSize: - description: PhysicalSectorSize is blockdevice physical-Sector size in bytes - format: int32 - type: integer - storage: - description: Storage is the blockdevice capacity in bytes - format: int64 - type: integer - required: - - storage - type: object - claimRef: - description: ClaimRef is the reference to the BDC which has claimed this BD - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - type: object - details: - description: Details contain static attributes of BD like model,serial, and so forth - properties: - compliance: - description: Compliance is standards/specifications version implemented by device firmware such as SPC-1, SPC-2, etc - type: string - deviceType: - description: DeviceType represents the type of device like sparse, disk, partition, lvm, crypt - enum: - - disk - - partition - - sparse - - loop - - lvm - - crypt - - dm - - mpath - type: string - driveType: - description: DriveType is the type of backing drive, HDD/SSD - enum: - - HDD - - SSD - - Unknown - - "" - type: string - firmwareRevision: - description: FirmwareRevision is the disk firmware revision - type: string - hardwareSectorSize: - description: HardwareSectorSize is the hardware sector size in bytes - format: int32 - type: integer - logicalBlockSize: - description: LogicalBlockSize is the logical block size in bytes reported by /sys/class/block/sda/queue/logical_block_size - format: int32 - type: integer - model: - description: Model is model of disk - type: string - physicalBlockSize: - description: PhysicalBlockSize is the physical block size in bytes reported by /sys/class/block/sda/queue/physical_block_size - format: int32 - type: integer - serial: - description: Serial is serial number of disk - type: string - vendor: - description: Vendor is vendor of disk - type: string - type: object - devlinks: - description: DevLinks contains soft links of a block device like /dev/by-id/... /dev/by-uuid/... - items: - description: DeviceDevLink holds the mapping between type and links like by-id type or by-path type link - properties: - kind: - description: Kind is the type of link like by-id or by-path. - enum: - - by-id - - by-path - type: string - links: - description: Links are the soft links - items: - type: string - type: array - type: object - type: array - filesystem: - description: FileSystem contains mountpoint and filesystem type - properties: - fsType: - description: Type represents the FileSystem type of the block device - type: string - mountPoint: - description: MountPoint represents the mountpoint of the block device. - type: string - type: object - nodeAttributes: - description: NodeAttributes has the details of the node on which BD is attached - properties: - nodeName: - description: NodeName is the name of the Kubernetes node resource on which the device is attached - type: string - type: object - parentDevice: - description: "ParentDevice was intended to store the UUID of the parent Block Device as is the case for partitioned block devices. \n For example: /dev/sda is the parent for /dev/sda1 To be deprecated" - type: string - partitioned: - description: Partitioned represents if BlockDevice has partitions or not (Yes/No) Currently always default to No. To be deprecated - enum: - - "Yes" - - "No" - type: string - path: - description: Path contain devpath (e.g. /dev/sdb) - type: string - required: - - capacity - - devlinks - - nodeAttributes - - path - type: object - status: - description: DeviceStatus defines the observed state of BlockDevice - properties: - claimState: - description: ClaimState represents the claim state of the block device - enum: - - Claimed - - Unclaimed - - Released - type: string - state: - description: State is the current state of the blockdevice (Active/Inactive/Unknown) - enum: - - Active - - Inactive - - Unknown - type: string - required: - - claimState - - state - type: object - type: object - served: true - storage: true - subresources: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/charts/openebs-ndm/crds/blockdeviceclaim.yaml b/charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/charts/openebs-ndm/crds/blockdeviceclaim.yaml deleted file mode 100644 index 81b9a355e..000000000 --- a/charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/charts/openebs-ndm/crds/blockdeviceclaim.yaml +++ /dev/null @@ -1,144 +0,0 @@ - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.5.0 - creationTimestamp: null - name: blockdeviceclaims.openebs.io -spec: - group: openebs.io - names: - kind: BlockDeviceClaim - listKind: BlockDeviceClaimList - plural: blockdeviceclaims - shortNames: - - bdc - singular: blockdeviceclaim - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.blockDeviceName - name: BlockDeviceName - type: string - - jsonPath: .status.phase - name: Phase - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - description: BlockDeviceClaim is the Schema for the blockdeviceclaims API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: DeviceClaimSpec defines the request details for a BlockDevice - properties: - blockDeviceName: - description: BlockDeviceName is the reference to the block-device backing this claim - type: string - blockDeviceNodeAttributes: - description: BlockDeviceNodeAttributes is the attributes on the node from which a BD should be selected for this claim. It can include nodename, failure domain etc. - properties: - hostName: - description: HostName represents the hostname of the Kubernetes node resource where the BD should be present - type: string - nodeName: - description: NodeName represents the name of the Kubernetes node resource where the BD should be present - type: string - type: object - deviceClaimDetails: - description: Details of the device to be claimed - properties: - allowPartition: - description: AllowPartition represents whether to claim a full block device or a device that is a partition - type: boolean - blockVolumeMode: - description: 'BlockVolumeMode represents whether to claim a device in Block mode or Filesystem mode. These are use cases of BlockVolumeMode: 1) Not specified: VolumeMode check will not be effective 2) VolumeModeBlock: BD should not have any filesystem or mountpoint 3) VolumeModeFileSystem: BD should have a filesystem and mountpoint. If DeviceFormat is specified then the format should match with the FSType in BD' - type: string - formatType: - description: Format of the device required, eg:ext4, xfs - type: string - type: object - deviceType: - description: DeviceType represents the type of drive like SSD, HDD etc., - nullable: true - type: string - hostName: - description: Node name from where blockdevice has to be claimed. To be deprecated. Use NodeAttributes.HostName instead - type: string - resources: - description: Resources will help with placing claims on Capacity, IOPS - properties: - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum resources required. eg: if storage resource of 10G is requested minimum capacity of 10G should be available TODO for validating' - type: object - required: - - requests - type: object - selector: - description: Selector is used to find block devices to be considered for claiming - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - type: object - status: - description: DeviceClaimStatus defines the observed state of BlockDeviceClaim - properties: - phase: - description: Phase represents the current phase of the claim - type: string - required: - - phase - type: object - type: object - served: true - storage: true - subresources: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/charts/openebs-ndm/templates/NOTES.txt b/charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/charts/openebs-ndm/templates/NOTES.txt deleted file mode 100644 index 3c84551b5..000000000 --- a/charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/charts/openebs-ndm/templates/NOTES.txt +++ /dev/null @@ -1,8 +0,0 @@ -The OpenEBS Node Disk Manager has been installed. Check its status by running: -$ kubectl get pods -n {{ .Release.Namespace }} - -Use `kubectl get bd -n {{ .Release.Namespace }} ` to see the list of -blockdevices attached to the Kubernetes cluster nodes. - -For more information, visit our Slack at https://openebs.io/community or view -the documentation online at http://docs.openebs.io/. diff --git a/charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/charts/openebs-ndm/templates/_helpers.tpl b/charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/charts/openebs-ndm/templates/_helpers.tpl deleted file mode 100644 index e6d5b99dc..000000000 --- a/charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/charts/openebs-ndm/templates/_helpers.tpl +++ /dev/null @@ -1,132 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -This name is used for ndm daemonset -*/}} -{{- define "openebs-ndm.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "openebs-ndm.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified ndm daemonset app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "openebs-ndm.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains .Release.Name $name }} -{{- $name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{- define "openebs-ndm.operator.name" -}} -{{- $ndmName := default .Chart.Name .Values.ndmOperator.nameOverride | trunc 63 | trimSuffix "-" }} -{{- $componentName := .Values.ndmOperator.name | trunc 63 | trimSuffix "-" }} -{{- printf "%s-%s" $ndmName $componentName | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified ndm operator app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "openebs-ndm.operator.fullname" -}} -{{- if .Values.ndmOperator.fullnameOverride }} -{{- .Values.ndmOperator.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $ndmOperatorName := include "openebs-ndm.operator.name" .}} - -{{- $name := default $ndmOperatorName .Values.ndmOperator.nameOverride }} -{{- if contains .Release.Name $name }} -{{- $name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "openebs-ndm.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "openebs-ndm.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} - -{{/* -Define meta labels for ndm components -*/}} -{{- define "openebs-ndm.common.metaLabels" -}} -chart: {{ template "openebs-ndm.chart" . }} -heritage: {{ .Release.Service }} -openebs.io/version: {{ .Values.release.version | quote }} -{{- end -}} - - -{{/* -Create match labels for ndm daemonset component -*/}} -{{- define "openebs-ndm.matchLabels" -}} -app: {{ template "openebs-ndm.name" . }} -release: {{ .Release.Name }} -component: {{ .Values.ndm.componentName | quote }} -{{- end -}} - -{{/* -Create component labels for ndm daemonset component -*/}} -{{- define "openebs-ndm.componentLabels" -}} -openebs.io/component-name: {{ .Values.ndm.componentName | quote }} -{{- end -}} - - -{{/* -Create labels for ndm daemonset component -*/}} -{{- define "openebs-ndm.labels" -}} -{{ include "openebs-ndm.common.metaLabels" . }} -{{ include "openebs-ndm.matchLabels" . }} -{{ include "openebs-ndm.componentLabels" . }} -{{- end -}} - -{{/* -Create match labels for ndm operator deployment -*/}} -{{- define "openebs-ndm.operator.matchLabels" -}} -app: {{ template "openebs-ndm.operator.name" . }} -release: {{ .Release.Name }} -component: {{ default (include "openebs-ndm.operator.name" .) .Values.ndmOperator.componentName }} -{{- end -}} - -{{/* -Create component labels for ndm operator component -*/}} -{{- define "openebs-ndm.operator.componentLabels" -}} -openebs.io/component-name: {{ default (include "openebs-ndm.operator.name" .) .Values.ndmOperator.componentName }} -{{- end -}} - - -{{/* -Create labels for ndm operator component -*/}} -{{- define "openebs-ndm.operator.labels" -}} -{{ include "openebs-ndm.common.metaLabels" . }} -{{ include "openebs-ndm.operator.matchLabels" . }} -{{ include "openebs-ndm.operator.componentLabels" . }} -{{- end -}} diff --git a/charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/charts/openebs-ndm/templates/configmap.yaml b/charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/charts/openebs-ndm/templates/configmap.yaml deleted file mode 100644 index 337b0e593..000000000 --- a/charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/charts/openebs-ndm/templates/configmap.yaml +++ /dev/null @@ -1,38 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "openebs-ndm.fullname" . }}-config -data: - # node-disk-manager-config contains config of available probes and filters. - # Probes and Filters will initialize with default values if config for that - # filter or probe are not present in configmap - - # udev-probe is default or primary probe it should be enabled to run ndm - # filterconfigs contains configs of filters. To provide a group of include - # and exclude values add it as , separated string - node-disk-manager.config: | - probeconfigs: - - key: udev-probe - name: udev probe - state: {{ .Values.ndm.probes.enableUdevProbe }} - - key: seachest-probe - name: seachest probe - state: {{ .Values.ndm.probes.enableSeachest }} - - key: smart-probe - name: smart probe - state: {{ .Values.ndm.probes.enableSmartProbe }} - filterconfigs: - - key: os-disk-exclude-filter - name: os disk exclude filter - state: {{ .Values.ndm.filters.enableOsDiskExcludeFilter }} - exclude: "{{ .Values.ndm.filters.osDiskExcludePaths }}" - - key: vendor-filter - name: vendor filter - state: {{ .Values.ndm.filters.enableVendorFilter }} - include: "" - exclude: "{{ .Values.ndm.filters.excludeVendors }}" - - key: path-filter - name: path filter - state: {{ .Values.ndm.filters.enablePathFilter }} - include: "{{ .Values.ndm.filters.includePaths }}" - exclude: "{{ .Values.ndm.filters.excludePaths }}" diff --git a/charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/charts/openebs-ndm/templates/daemonset.yaml b/charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/charts/openebs-ndm/templates/daemonset.yaml deleted file mode 100644 index af66edfe5..000000000 --- a/charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/charts/openebs-ndm/templates/daemonset.yaml +++ /dev/null @@ -1,176 +0,0 @@ -{{- if .Values.ndm.enabled }} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ template "openebs-ndm.fullname" . }} - {{- with .Values.ndm.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} - labels: - {{- include "openebs-ndm.labels" . | nindent 4 }} -spec: - updateStrategy: -{{ toYaml .Values.ndm.updateStrategy | indent 4 }} - selector: - matchLabels: - {{- include "openebs-ndm.matchLabels" . | nindent 6 }} - template: - metadata: - {{- with .Values.ndm.podAnnotations }} - annotations: {{ toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "openebs-ndm.labels" . | nindent 8 }} - {{- with .Values.ndm.podLabels}} - {{ toYaml . | nindent 8 }} - {{- end}} - spec: - serviceAccountName: {{ template "openebs-ndm.serviceAccountName" . }} -{{- if .Values.featureGates.enabled }} -{{- if .Values.featureGates.APIService.enabled }} - hostPID: true -{{- end}} -{{- end}} - containers: - - name: {{ template "openebs-ndm.name" . }} - image: "{{ .Values.ndm.image.registry }}{{ .Values.ndm.image.repository }}:{{ .Values.ndm.image.tag }}" - args: - - -v=4 -{{- if .Values.featureGates.enabled }} -{{- if .Values.featureGates.GPTBasedUUID.enabled }} - - --feature-gates={{ .Values.featureGates.GPTBasedUUID.featureGateFlag }} -{{- end}} -{{- if .Values.featureGates.APIService.enabled }} - - --feature-gates={{ .Values.featureGates.APIService.featureGateFlag }} - - --api-service-address={{ .Values.featureGates.APIService.address }} -{{- end}} -{{- if .Values.featureGates.UseOSDisk.enabled }} - - --feature-gates={{ .Values.featureGates.UseOSDisk.featureGateFlag }} -{{- end}} -{{- if .Values.featureGates.MountChangeDetection.enabled }} - - --feature-gates={{ .Values.featureGates.MountChangeDetection.featureGateFlag }} -{{- end}} -{{- end}} - imagePullPolicy: {{ .Values.ndm.image.pullPolicy }} - resources: -{{ toYaml .Values.ndm.resources | indent 12 }} - securityContext: - privileged: true - env: - # namespace in which NDM is installed will be passed to NDM Daemonset - # as environment variable - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - # pass hostname as env variable using downward API to the NDM container - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName -{{- if .Values.ndm.sparse }} -{{- if .Values.ndm.sparse.path }} - # specify the directory where the sparse files need to be created. - # if not specified, then sparse files will not be created. - - name: SPARSE_FILE_DIR - value: "{{ .Values.ndm.sparse.path }}" -{{- end }} -{{- if .Values.ndm.sparse.size }} - # Size(bytes) of the sparse file to be created. - - name: SPARSE_FILE_SIZE - value: "{{ .Values.ndm.sparse.size }}" -{{- end }} -{{- if .Values.ndm.sparse.count }} - # Specify the number of sparse files to be created - - name: SPARSE_FILE_COUNT - value: "{{ .Values.ndm.sparse.count }}" -{{- end }} -{{- end }} - # Process name used for matching is limited to the 15 characters - # present in the pgrep output. - # So fullname can be used here with pgrep (cmd is < 15 chars). - livenessProbe: - exec: - command: - - pgrep - - "ndm" - initialDelaySeconds: {{ .Values.ndm.healthCheck.initialDelaySeconds }} - periodSeconds: {{ .Values.ndm.healthCheck.periodSeconds }} - volumeMounts: - - name: config - mountPath: /host/node-disk-manager.config - subPath: node-disk-manager.config - readOnly: true - - name: udev - mountPath: /run/udev - - name: procmount - mountPath: /host/proc - readOnly: true - - name: devmount - mountPath: /dev - - name: basepath - mountPath: /var/openebs/ndm -{{- if .Values.ndm.sparse }} -{{- if .Values.ndm.sparse.path }} - - name: sparsepath - mountPath: {{ .Values.ndm.sparse.path }} -{{- end }} -{{- end }} - volumes: - - name: config - configMap: - name: {{ include "openebs-ndm.fullname" . }}-config - - name: udev - hostPath: - path: /run/udev - type: Directory - # mount /proc (to access mount file of process 1 of host) inside container - # to read mount-point of disks and partitions - - name: procmount - hostPath: - path: /proc - type: Directory - - name: devmount - # the /dev directory is mounted so that we have access to the devices that - # are connected at runtime of the pod. - hostPath: - path: /dev - type: Directory - - name: basepath - hostPath: - path: "{{ .Values.varDirectoryPath.baseDir }}/ndm" - type: DirectoryOrCreate -{{- if .Values.ndm.sparse }} -{{- if .Values.ndm.sparse.path }} - - name: sparsepath - hostPath: - path: {{ .Values.ndm.sparse.path }} -{{- end }} -{{- end }} - # By default the node-disk-manager will be run on all kubernetes nodes - # If you would like to limit this to only some nodes, say the nodes - # that have storage attached, you could label those node and use - # nodeSelector. - # - # e.g. label the storage nodes with - "openebs.io/nodegroup"="storage-node" - # kubectl label node "openebs.io/nodegroup"="storage-node" - #nodeSelector: - # "openebs.io/nodegroup": "storage-node" -{{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 6 }} -{{- end }} -{{- if .Values.ndm.nodeSelector }} - nodeSelector: -{{ toYaml .Values.ndm.nodeSelector | indent 8 }} -{{- end }} -{{- if .Values.ndm.tolerations }} - tolerations: -{{ toYaml .Values.ndm.tolerations | indent 8 }} -{{- end }} -{{- if .Values.ndm.securityContext }} - securityContext: -{{ toYaml .Values.ndm.securityContext | indent 8 }} -{{- end }} - hostNetwork: true -{{- end }} diff --git a/charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/charts/openebs-ndm/templates/deployment.yaml b/charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/charts/openebs-ndm/templates/deployment.yaml deleted file mode 100644 index 4a54dc777..000000000 --- a/charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/charts/openebs-ndm/templates/deployment.yaml +++ /dev/null @@ -1,87 +0,0 @@ -{{- if .Values.ndmOperator.enabled }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "openebs-ndm.operator.fullname" . }} - {{- with .Values.ndmOperator.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} - labels: - {{- include "openebs-ndm.operator.labels" . | nindent 4 }} -spec: - replicas: {{ .Values.ndmOperator.replicas }} - strategy: - type: "Recreate" - rollingUpdate: null - selector: - matchLabels: - {{- include "openebs-ndm.operator.matchLabels" . | nindent 6 }} - template: - metadata: - {{- with .Values.ndmOperator.podAnnotations }} - annotations: {{ toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "openebs-ndm.operator.labels" . | nindent 8 }} - {{- with .Values.ndmOperator.podLabels}} - {{ toYaml . | nindent 8 }} - {{- end}} - spec: - serviceAccountName: {{ template "openebs-ndm.serviceAccountName" . }} - containers: - - name: {{ template "openebs-ndm.operator.fullname" . }} - image: "{{ .Values.ndmOperator.image.registry }}{{ .Values.ndmOperator.image.repository }}:{{ .Values.ndmOperator.image.tag }}" - imagePullPolicy: {{ .Values.ndmOperator.image.pullPolicy }} - resources: -{{ toYaml .Values.ndmOperator.resources | indent 12 }} - livenessProbe: - httpGet: - path: /healthz - port: 8585 - initialDelaySeconds: {{ .Values.ndmOperator.healthCheck.initialDelaySeconds }} - periodSeconds: {{ .Values.ndmOperator.healthCheck.periodSeconds }} - readinessProbe: - httpGet: - path: /readyz - port: 8585 - initialDelaySeconds: {{ .Values.ndmOperator.readinessCheck.initialDelaySeconds }} - periodSeconds: {{ .Values.ndmOperator.readinessCheck.periodSeconds }} - env: - - name: WATCH_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: OPERATOR_NAME - value: "node-disk-operator" - - name: CLEANUP_JOB_IMAGE - value: "{{ .Values.helperPod.image.registry }}{{ .Values.helperPod.image.repository }}:{{ .Values.helperPod.image.tag }}" -{{- if .Values.imagePullSecrets }} - - name: OPENEBS_IO_IMAGE_PULL_SECRETS - value: "{{- range $index, $secret := .Values.imagePullSecrets}}{{if $index}},{{end}}{{ $secret.name }}{{- end}}" -{{- end }} -{{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 6 }} -{{- end }} -{{- if .Values.ndmOperator.nodeSelector }} - nodeSelector: -{{ toYaml .Values.ndmOperator.nodeSelector | indent 8 }} -{{- end }} -{{- if .Values.ndmOperator.securityContext }} - securityContext: -{{ toYaml .Values.ndmOperator.securityContext | indent 8 }} -{{- end }} -{{- if .Values.ndmOperator.tolerations }} - tolerations: -{{ toYaml .Values.ndmOperator.tolerations | indent 8 }} -{{- end }} -{{- end }} diff --git a/charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/charts/openebs-ndm/templates/rbac.yaml b/charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/charts/openebs-ndm/templates/rbac.yaml deleted file mode 100644 index 8e81c4922..000000000 --- a/charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/charts/openebs-ndm/templates/rbac.yaml +++ /dev/null @@ -1,44 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "openebs-ndm.serviceAccountName" . }} -{{- end }} ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ include "openebs-ndm.fullname" . }} -rules: - - apiGroups: ["*"] - resources: ["nodes", "pods", "events", "configmaps", "jobs"] - verbs: - - '*' - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: - - '*' - - apiGroups: - - openebs.io - resources: - - blockdevices - - blockdeviceclaims - verbs: - - '*' ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ include "openebs-ndm.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ include "openebs-ndm.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - - kind: User - name: system:serviceaccount:default:default - apiGroup: rbac.authorization.k8s.io -roleRef: - kind: ClusterRole - name: {{ include "openebs-ndm.fullname" . }} - apiGroup: rbac.authorization.k8s.io ---- diff --git a/charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/charts/openebs-ndm/values.yaml b/charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/charts/openebs-ndm/values.yaml deleted file mode 100644 index 14928d497..000000000 --- a/charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/charts/openebs-ndm/values.yaml +++ /dev/null @@ -1,121 +0,0 @@ -# Default values for ndm. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. -release: - version: "1.6.0" - -imagePullSecrets: -# - name: "image-pull-secret" - -ndm: - componentName: ndm - enabled: true - image: - # Make sure that registry name end with a '/'. - # For example : quay.io/ is a correct value here and quay.io is incorrect - registry: - repository: openebs/node-disk-manager - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: 1.6.0 - sparse: - path: "/var/openebs/sparse" - size: "10737418240" - count: "0" - updateStrategy: - type: RollingUpdate - annotations: {} - podAnnotations: {} - resources: {} - # limits: - # cpu: 10m - # memory: 32Mi - # requests: - # cpu: 10m - # memory: 32Mi - ## Labels to be added to ndm daemonset pods - podLabels: - name: openebs-ndm - nodeSelector: {} - tolerations: [] - securityContext: {} - filters: - enableOsDiskExcludeFilter: true - osDiskExcludePaths: "/,/etc/hosts,/boot" - enableVendorFilter: true - excludeVendors: "CLOUDBYT,OpenEBS" - enablePathFilter: true - includePaths: "" - excludePaths: "loop,fd0,sr0,/dev/ram,/dev/dm-,/dev/md,/dev/rbd,/dev/zd" - probes: - enableSeachest: false - enableUdevProbe: true - enableSmartProbe: true - healthCheck: - initialDelaySeconds: 30 - periodSeconds: 60 - -ndmOperator: - name: operator - enabled: true - image: - registry: - repository: openebs/node-disk-operator - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: 1.6.0 - podLabels: - name: openebs-ndm-operator - annotations: {} - podAnnotations: {} - nodeSelector: {} - resources: {} - securityContext: {} - tolerations: [] - healthCheck: - initialDelaySeconds: 15 - periodSeconds: 20 - readinessCheck: - initialDelaySeconds: 5 - periodSeconds: 10 - replicas: 1 - upgradeStrategy: Recreate - -helperPod: - image: - registry: "" - repository: openebs/linux-utils - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: 2.11.0 - -crd: - enableInstall: false - -featureGates: - enabled: true - GPTBasedUUID: - enabled: true - featureGateFlag: "GPTBasedUUID" - APIService: - enabled: false - featureGateFlag: "APIService" - address: "0.0.0.0:9115" - UseOSDisk: - enabled: false - featureGateFlag: "UseOSDisk" - MountChangeDetection: - enabled: false - featureGateFlag: "MountChangeDetection" - -# Directory used by the OpenEBS to store debug information and so forth -# that are generated in the course of running OpenEBS containers. -varDirectoryPath: - baseDir: "/var/openebs" - -serviceAccount: - # Specifies whether a service account should be created - create: true - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: openebs-ndm diff --git a/charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/templates/NOTES.txt b/charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/templates/NOTES.txt deleted file mode 100644 index a2a0aea84..000000000 --- a/charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/templates/NOTES.txt +++ /dev/null @@ -1,12 +0,0 @@ -The OpenEBS Dynamic LocalPV Provisioner has been installed. -Check its status by running: -$ kubectl get pods -n {{ .Release.Namespace }} - -Use `kubectl get bd -n {{ .Release.Namespace }}` to list the -blockdevices attached to the Kubernetes cluster nodes. - -Get started with the Dynamic LocalPV Provisioner Quickstart guide at: -https://github.com/openebs/dynamic-localpv-provisioner/blob/develop/docs/quickstart.md - -For more information, visit our Slack at https://openebs.io/community or view -the OpenEBS documentation online at https://docs.openebs.io. diff --git a/charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/templates/_helpers.tpl b/charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/templates/_helpers.tpl deleted file mode 100644 index ea1ce3111..000000000 --- a/charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/templates/_helpers.tpl +++ /dev/null @@ -1,79 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "localpv.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified localpv provisioner name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "localpv.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "localpv.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - - -{{/* -Meta labels -*/}} -{{- define "localpv.common.metaLabels" -}} -chart: {{ template "localpv.chart" . }} -heritage: {{ .Release.Service }} -openebs.io/version: {{ .Values.release.version | quote }} -{{- end -}} - -{{/* -Selector labels -*/}} -{{- define "localpv.selectorLabels" -}} -app: {{ template "localpv.name" . }} -release: {{ .Release.Name }} -component: {{ .Values.localpv.name | quote }} -{{- end -}} - -{{/* -Component labels -*/}} -{{- define "localpv.componentLabels" -}} -openebs.io/component-name: openebs-{{ .Values.localpv.name }} -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "localpv.labels" -}} -{{ include "localpv.common.metaLabels" . }} -{{ include "localpv.selectorLabels" . }} -{{ include "localpv.componentLabels" . }} -{{- end -}} - - -{{/* -Create the name of the service account to use -*/}} -{{- define "localpv.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "localpv.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} diff --git a/charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/templates/deployment.yaml b/charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/templates/deployment.yaml deleted file mode 100644 index bc736d981..000000000 --- a/charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/templates/deployment.yaml +++ /dev/null @@ -1,114 +0,0 @@ -{{- if .Values.localpv.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "localpv.fullname" . }} - {{- with .Values.localpv.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} - labels: - {{- include "localpv.labels" . | nindent 4 }} -spec: - replicas: {{ .Values.localpv.replicas }} - strategy: - type: "Recreate" - rollingUpdate: null - selector: - matchLabels: - {{- include "localpv.selectorLabels" . | nindent 6 }} - template: - metadata: - {{- with .Values.localpv.podAnnotations }} - annotations: {{ toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "localpv.labels" . | nindent 8 }} - {{- with .Values.localpv.podLabels }} - {{ toYaml . | nindent 8 }} - {{- end }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ template "localpv.serviceAccountName" . }} - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - containers: - - name: {{ template "localpv.fullname" . }} - image: "{{ .Values.localpv.image.registry }}{{ .Values.localpv.image.repository }}:{{ .Values.localpv.image.tag }}" - imagePullPolicy: {{ .Values.localpv.image.pullPolicy }} - resources: -{{ toYaml .Values.localpv.resources | indent 10 }} - env: - # OPENEBS_IO_K8S_MASTER enables openebs provisioner to connect to K8s - # based on this address. This is ignored if empty. - # This is supported for openebs provisioner version 0.5.2 onwards - #- name: OPENEBS_IO_K8S_MASTER - # value: "http://10.128.0.12:8080" - # OPENEBS_IO_KUBE_CONFIG enables openebs provisioner to connect to K8s - # based on this config. This is ignored if empty. - # This is supported for openebs provisioner version 0.5.2 onwards - #- name: OPENEBS_IO_KUBE_CONFIG - # value: "/home/ubuntu/.kube/config" - # OPENEBS_NAMESPACE is the namespace that this provisioner will - # lookup to find maya api service - - name: OPENEBS_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - # OPENEBS_SERVICE_ACCOUNT provides the service account of this pod as - # environment variable - - name: OPENEBS_SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - # OPENEBS_IO_BASE_PATH is the environment variable that provides the - # default base path on the node where host-path PVs will be provisioned. - - name: OPENEBS_IO_ENABLE_ANALYTICS - value: "{{ .Values.analytics.enabled }}" - - name: OPENEBS_IO_BASE_PATH - value: "{{ .Values.localpv.basePath }}" - - name: OPENEBS_IO_HELPER_IMAGE - value: "{{ .Values.helperPod.image.registry }}{{ .Values.helperPod.image.repository }}:{{ .Values.helperPod.image.tag }}" - - name: OPENEBS_IO_INSTALLER_TYPE - value: "charts-helm" - # LEADER_ELECTION_ENABLED is used to enable/disable leader election. By default - # leader election is enabled. - - name: LEADER_ELECTION_ENABLED - value: "{{ .Values.localpv.enableLeaderElection }}" -{{- if .Values.imagePullSecrets }} - - name: OPENEBS_IO_IMAGE_PULL_SECRETS - value: "{{- range $index, $secret := .Values.imagePullSecrets}}{{if $index}},{{end}}{{ $secret.name }}{{- end}}" -{{- end }} - # Process name used for matching is limited to the 15 characters - # present in the pgrep output. - # So fullname can't be used here with pgrep (>15 chars).A regular expression - # that matches the entire command name has to specified. - # Anchor `^` : matches any string that starts with `provisioner-loc` - # `.*`: matches any string that has `provisioner-loc` followed by zero or more char - livenessProbe: - exec: - command: - - sh - - -c - - test `pgrep -c "^provisioner-loc.*"` = 1 - initialDelaySeconds: {{ .Values.localpv.healthCheck.initialDelaySeconds }} - periodSeconds: {{ .Values.localpv.healthCheck.periodSeconds }} -{{- if .Values.localpv.nodeSelector }} - nodeSelector: -{{ toYaml .Values.localpv.nodeSelector | indent 8 }} -{{- end }} -{{- if .Values.localpv.tolerations }} - tolerations: -{{ toYaml .Values.localpv.tolerations | indent 8 }} -{{- end }} -{{- if .Values.localpv.affinity }} - affinity: -{{ toYaml .Values.localpv.affinity | indent 8 }} -{{- end }} -{{- end }} diff --git a/charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/templates/device-class.yaml b/charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/templates/device-class.yaml deleted file mode 100644 index f7cf95465..000000000 --- a/charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/templates/device-class.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if .Values.deviceClass.enabled }} -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - name: {{ .Values.deviceClass.name }} - annotations: - openebs.io/cas-type: local - cas.openebs.io/config: | - - name: StorageType - value: "device" -{{- if .Values.deviceClass.fsType }} - - name: FSType - value: {{ .Values.deviceClass.fsType }} -{{- end }} -{{- if .Values.deviceClass.blockDeviceTag }} - - name: BlockDeviceTag - value: {{ .Values.deviceClass.blockDeviceTag }} -{{- end }} -{{- if .Values.deviceClass.isDefaultClass }} - storageclass.kubernetes.io/is-default-class: "true" -{{- end }} -provisioner: openebs.io/local -volumeBindingMode: WaitForFirstConsumer -reclaimPolicy: {{ .Values.deviceClass.reclaimPolicy }} -{{- end }} diff --git a/charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/templates/hostpath-class.yaml b/charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/templates/hostpath-class.yaml deleted file mode 100644 index d4fbfd3d2..000000000 --- a/charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/templates/hostpath-class.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if .Values.hostpathClass.enabled }} -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - name: {{ .Values.hostpathClass.name }} - annotations: - openebs.io/cas-type: local - cas.openebs.io/config: | - - name: StorageType - value: "hostpath" -{{- if .Values.hostpathClass.basePath }} - - name: BasePath - value: {{ .Values.hostpathClass.basePath }} -{{- end }} -{{- if .Values.hostpathClass.nodeAffinityLabel }} - - name: NodeAffinityLabel - value: {{ .Values.hostpathClass.nodeAffinityLabel }} -{{- end }} -{{- if .Values.hostpathClass.isDefaultClass }} - storageclass.kubernetes.io/is-default-class: "true" -{{- end }} -provisioner: openebs.io/local -volumeBindingMode: WaitForFirstConsumer -reclaimPolicy: {{ .Values.hostpathClass.reclaimPolicy }} -{{- end }} diff --git a/charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/templates/psp.yaml b/charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/templates/psp.yaml deleted file mode 100644 index ec64aad40..000000000 --- a/charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/templates/psp.yaml +++ /dev/null @@ -1,30 +0,0 @@ -{{- if .Values.rbac.pspEnabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "localpv.fullname" . }}-psp - {{- with .Values.localpv.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} - labels: - {{- include "localpv.labels" . | nindent 4 }} -spec: - privileged: {{ .Values.localpv.privileged }} - allowPrivilegeEscalation: true - allowedCapabilities: ['*'] - volumes: ['*'] - hostNetwork: true - hostPorts: - - min: 0 - max: 65535 - hostIPC: true - hostPID: true - runAsUser: - rule: 'RunAsAny' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'RunAsAny' - fsGroup: - rule: 'RunAsAny' -{{- end }} diff --git a/charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/templates/rbac.yaml b/charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/templates/rbac.yaml deleted file mode 100644 index 04cd5409c..000000000 --- a/charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/templates/rbac.yaml +++ /dev/null @@ -1,99 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "localpv.serviceAccountName" . }} - labels: - {{- include "localpv.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} -{{- if .Values.rbac.create }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "localpv.fullname" . }} - {{- with .Values.localpv.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} - labels: - {{- include "localpv.labels" . | nindent 4 }} -rules: -- apiGroups: ["*"] - resources: ["nodes"] - verbs: ["get", "list", "watch"] -- apiGroups: ["*"] - resources: ["namespaces", "pods", "events", "endpoints"] - verbs: ["*"] -- apiGroups: ["*"] - resources: ["resourcequotas", "limitranges"] - verbs: ["list", "watch"] -- apiGroups: ["*"] - resources: ["storageclasses", "persistentvolumeclaims", "persistentvolumes"] - verbs: ["*"] -- apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: [ "get", "list", "create", "update", "delete", "patch"] -- apiGroups: ["openebs.io"] - resources: [ "*"] - verbs: ["*" ] -- nonResourceURLs: ["/metrics"] - verbs: ["get"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "localpv.fullname" . }} - {{- with .Values.localpv.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} - labels: - {{- include "localpv.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "localpv.fullname" . }} -subjects: -- kind: ServiceAccount - name: {{ template "localpv.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- if .Values.rbac.pspEnabled }} ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ template "localpv.fullname" . }}-psp - {{- with .Values.localpv.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} - labels: - {{- include "localpv.labels" . | nindent 4 }} -rules: -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "localpv.fullname" . }}-psp ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "localpv.fullname" . }}-psp - {{- with .Values.localpv.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} - labels: - {{- include "localpv.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "localpv.fullname" . }}-psp -subjects: - - kind: ServiceAccount - name: {{ template "localpv.serviceAccountName" . }} - namespace: {{ $.Release.Namespace }} -{{- end }} -{{- end }} diff --git a/charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/values.yaml b/charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/values.yaml deleted file mode 100644 index 0d9fb270f..000000000 --- a/charts/openebs/openebs/2.11.0/charts/jiva/charts/localpv-provisioner/values.yaml +++ /dev/null @@ -1,121 +0,0 @@ -# Default values for localpv. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -release: - version: "2.11.0" - -rbac: - # rbac.create: `true` if rbac resources should be created - create: true - # rbac.pspEnabled: `true` if PodSecurityPolicy resources should be created - pspEnabled: false - -# If false, openebs NDM sub-chart will not be installed -openebsNDM: - enabled: true - -localpv: - name: localpv-provisioner - enabled: true - image: - # Make sure that registry name end with a '/'. - # For example : quay.io/ is a correct value here and quay.io is incorrect - registry: - repository: openebs/provisioner-localpv - tag: 2.11.0 - pullPolicy: IfNotPresent - updateStrategy: - type: RollingUpdate - # If set to false, containers created by the localpv provisioner will run without extra privileges. - privileged: true - annotations: {} - podAnnotations: {} - ## Labels to be added to localpv provisioner deployment pods - podLabels: - name: openebs-localpv-provisioner - healthCheck: - initialDelaySeconds: 30 - periodSeconds: 60 - replicas: 1 - enableLeaderElection: true - basePath: "/var/openebs/local" - resources: - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - nodeSelector: {} - tolerations: [] - affinity: {} - securityContext: {} - -imagePullSecrets: -# - name: img-pull-secret - -podSecurityContext: {} - # fsGroup: 2000 - -nameOverride: "" -fullnameOverride: "" - -serviceAccount: - # Specifies whether a service account should be created - create: true - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: - -deviceClass: - # Name of default device StorageClass. - name: openebs-device - # If true, enables creation of the openebs-device StorageClass - enabled: true - # Available reclaim policies: Delete/Retain, defaults: Delete. - reclaimPolicy: Delete - # If true, sets the openebs-device StorageClass as the default StorageClass - isDefaultClass: false - fsType: "ext4" - # Label block devices in the cluster that you would like the openEBS localPV - # Provisioner to pick up those specific block devices available on the node. - # - # To read more: https://docs.openebs.io/docs/next/uglocalpv-device.html#optional-block-device-tagging - blockDeviceTag: "" - -hostpathClass: - # Name of the default hostpath StorageClass - name: openebs-hostpath - # If true, enables creation of the openebs-hostpath StorageClass - enabled: true - # Available reclaim policies: Delete/Retain, defaults: Delete. - reclaimPolicy: Delete - # If true, sets the openebs-hostpath StorageClass as the default StorageClass - isDefaultClass: false - # Path on the host where local volumes of this storage class are mounted under. - basePath: "/var/openebs/local" - # Custom node affinity label for example "openebs.io/node-affinity-value" that will be - # used instead of hostnames - # This helps in cases where the hostname changes when the node is removed and - # added back with the disks still intact. - nodeAffinityLabel: "" - -helperPod: - image: - registry: "" - repository: openebs/linux-utils - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: 2.11.0 - -analytics: - enabled: true - # Specify in hours the duration after which a ping event needs to be sent. - pingInterval: "24h" diff --git a/charts/openebs/openebs/2.11.0/charts/jiva/crds/jivavolumepolicy.yaml b/charts/openebs/openebs/2.11.0/charts/jiva/crds/jivavolumepolicy.yaml deleted file mode 100644 index dabb741a9..000000000 --- a/charts/openebs/openebs/2.11.0/charts/jiva/crds/jivavolumepolicy.yaml +++ /dev/null @@ -1,1506 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - name: jivavolumepolicies.openebs.io -spec: - group: openebs.io - names: - kind: JivaVolumePolicy - listKind: JivaVolumePolicyList - plural: jivavolumepolicies - shortNames: - - jvp - singular: jivavolumepolicy - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: 'JivaVolumePolicy is the Schema for the jivavolumes API Important: - Run "operator-sdk generate k8s" to regenerate code after modifying this - file' - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: JivaVolumePolicySpec defines the desired state of JivaVolumePolicy - properties: - autoScaling: - description: AutoScaling ... - type: boolean - enableBufio: - description: EnableBufio ... - type: boolean - priorityClassName: - description: PriorityClassName if specified applies to the pod If - left empty, no priority class is applied. - type: string - replica: - description: ReplicaSpec represents configuration related to replicas - resources - nullable: true - properties: - affinity: - description: Affinity if specified, are the pod's affinities - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for - the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating - through the elements of this field and adding "weight" - to the sum if the node matches the corresponding matchExpressions; - the node(s) with the highest sum are the most preferred. - items: - description: An empty preferred scheduling term matches - all objects with implicit weight 0 (i.e. it's a no-op). - A null preferred scheduling term matches no objects - (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated with - the corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - description: Weight associated with matching the - corresponding nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by - this field are not met at scheduling time, the pod will - not be scheduled onto the node. If the affinity requirements - specified by this field cease to be met at some point - during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from - its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. - items: - description: A null or empty node selector term - matches no objects. The requirements of them are - ANDed. The TopologySelectorTerm type implements - a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. - co-locate this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating - through the elements of this field and adding "weight" - to the sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum are - the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the - pods matching the labelSelector in the specified - namespaces, where co-located is defined as - running on a node whose value of the label - with key topologyKey matches that of any node - on which any of the selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the - corresponding podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by - this field are not met at scheduling time, the pod will - not be scheduled onto the node. If the affinity requirements - specified by this field cease to be met at some point - during pod execution (e.g. due to a pod label update), - the system may or may not try to eventually evict the - pod from its node. When there are multiple elements, - the lists of nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the - label with key matches that of any node - on which a pod of the set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules - (e.g. avoid putting this pod in the same node, zone, etc. - as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the anti-affinity expressions - specified by this field, but it may choose a node that - violates one or more of the expressions. The node that - is most preferred is the one with the greatest sum of - weights, i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - anti-affinity expressions, etc.), compute a sum by iterating - through the elements of this field and adding "weight" - to the sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum are - the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the - pods matching the labelSelector in the specified - namespaces, where co-located is defined as - running on a node whose value of the label - with key topologyKey matches that of any node - on which any of the selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the - corresponding podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified - by this field are not met at scheduling time, the pod - will not be scheduled onto the node. If the anti-affinity - requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod - label update), the system may or may not try to eventually - evict the pod from its node. When there are multiple - elements, the lists of nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the - label with key matches that of any node - on which a pod of the set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - nodeSelector: - additionalProperties: - type: string - description: NodeSelector is the labels that will be used to select - a node for pod scheduleing - type: object - resources: - description: Resources are the compute resources required by the - jiva container. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - tolerations: - description: Tolerations, if specified, are the pod's tolerations - items: - description: The pod this Toleration is attached to tolerates - any taint that matches the triple using - the matching operator . - properties: - effect: - description: Effect indicates the taint effect to match. - Empty means match all taint effects. When specified, allowed - values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match - all values and all keys. - type: string - operator: - description: Operator represents a key's relationship to - the value. Valid operators are Exists and Equal. Defaults - to Equal. Exists is equivalent to wildcard for value, - so that a pod can tolerate all taints of a particular - category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of - time the toleration (which must be of effect NoExecute, - otherwise this field is ignored) tolerates the taint. - By default, it is not set, which means tolerate the taint - forever (do not evict). Zero and negative values will - be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. - type: string - type: object - type: array - type: object - replicaSC: - description: ReplicaSC represents the storage class used for creating - the pvc for the replicas (provisioned by localpv provisioner) - type: string - serviceAccountName: - description: ServiceAccountName can be provided to enable PSP - type: string - target: - description: TargetSpec represents configuration related to jiva target - and its resources - nullable: true - properties: - affinity: - description: Affinity if specified, are the pod's affinities - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for - the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating - through the elements of this field and adding "weight" - to the sum if the node matches the corresponding matchExpressions; - the node(s) with the highest sum are the most preferred. - items: - description: An empty preferred scheduling term matches - all objects with implicit weight 0 (i.e. it's a no-op). - A null preferred scheduling term matches no objects - (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated with - the corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - description: Weight associated with matching the - corresponding nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by - this field are not met at scheduling time, the pod will - not be scheduled onto the node. If the affinity requirements - specified by this field cease to be met at some point - during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from - its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. - items: - description: A null or empty node selector term - matches no objects. The requirements of them are - ANDed. The TopologySelectorTerm type implements - a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. - co-locate this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating - through the elements of this field and adding "weight" - to the sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum are - the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the - pods matching the labelSelector in the specified - namespaces, where co-located is defined as - running on a node whose value of the label - with key topologyKey matches that of any node - on which any of the selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the - corresponding podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by - this field are not met at scheduling time, the pod will - not be scheduled onto the node. If the affinity requirements - specified by this field cease to be met at some point - during pod execution (e.g. due to a pod label update), - the system may or may not try to eventually evict the - pod from its node. When there are multiple elements, - the lists of nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the - label with key matches that of any node - on which a pod of the set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules - (e.g. avoid putting this pod in the same node, zone, etc. - as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the anti-affinity expressions - specified by this field, but it may choose a node that - violates one or more of the expressions. The node that - is most preferred is the one with the greatest sum of - weights, i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - anti-affinity expressions, etc.), compute a sum by iterating - through the elements of this field and adding "weight" - to the sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum are - the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the - pods matching the labelSelector in the specified - namespaces, where co-located is defined as - running on a node whose value of the label - with key topologyKey matches that of any node - on which any of the selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the - corresponding podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified - by this field are not met at scheduling time, the pod - will not be scheduled onto the node. If the anti-affinity - requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod - label update), the system may or may not try to eventually - evict the pod from its node. When there are multiple - elements, the lists of nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the - label with key matches that of any node - on which a pod of the set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - auxResources: - description: AuxResources are the compute resources required by - the jiva-target pod side car containers. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - monitor: - description: Monitor enables or disables the target exporter sidecar - type: boolean - nodeSelector: - additionalProperties: - type: string - description: NodeSelector is the labels that will be used to select - a node for pod scheduleing - type: object - replicationFactor: - description: ReplicationFactor represents maximum number of replicas - that are allowed to connect to the target - type: integer - resources: - description: Resources are the compute resources required by the - jiva container. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - tolerations: - description: Tolerations, if specified, are the pod's tolerations - items: - description: The pod this Toleration is attached to tolerates - any taint that matches the triple using - the matching operator . - properties: - effect: - description: Effect indicates the taint effect to match. - Empty means match all taint effects. When specified, allowed - values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match - all values and all keys. - type: string - operator: - description: Operator represents a key's relationship to - the value. Valid operators are Exists and Equal. Defaults - to Equal. Exists is equivalent to wildcard for value, - so that a pod can tolerate all taints of a particular - category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of - time the toleration (which must be of effect NoExecute, - otherwise this field is ignored) tolerates the taint. - By default, it is not set, which means tolerate the taint - forever (do not evict). Zero and negative values will - be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. - type: string - type: object - type: array - type: object - required: - - autoScaling - - enableBufio - type: object - status: - description: JivaVolumePolicyStatus is for handling status of JivaVolumePolicy - properties: - phase: - type: string - required: - - phase - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/openebs/openebs/2.11.0/charts/jiva/crds/jivavolumes.yaml b/charts/openebs/openebs/2.11.0/charts/jiva/crds/jivavolumes.yaml deleted file mode 100644 index 9f6fb40ce..000000000 --- a/charts/openebs/openebs/2.11.0/charts/jiva/crds/jivavolumes.yaml +++ /dev/null @@ -1,1670 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - name: jivavolumes.openebs.io -spec: - group: openebs.io - names: - kind: JivaVolume - listKind: JivaVolumeList - plural: jivavolumes - shortNames: - - jv - singular: jivavolume - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.replicaCount - name: ReplicaCount - type: string - - jsonPath: .status.phase - name: Phase - type: string - - jsonPath: .status.status - name: Status - type: string - name: v1alpha1 - schema: - openAPIV3Schema: - description: 'JivaVolume is the Schema for the jivavolumes API Important: - Run "operator-sdk generate k8s" to regenerate code after modifying this - file' - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: JivaVolumeSpec defines the desired state of JivaVolume - properties: - accessType: - description: AccessType can be specified as Block or Mount type - type: string - capacity: - type: string - desiredReplicationFactor: - type: integer - iscsiSpec: - nullable: true - properties: - iqn: - type: string - targetIP: - type: string - targetPort: - format: int32 - type: integer - type: object - mountInfo: - nullable: true - properties: - devicePath: - type: string - fsType: - type: string - stagingPath: - description: StagingPath is the path provided by K8s during NodeStageVolume - rpc call, where volume is mounted globally. - type: string - targetPath: - description: TargetPath is the path provided by K8s during NodePublishVolume - rpc call where bind mount happens. - type: string - type: object - policy: - description: Policy is the configuration used for creating target - and replica pods during volume provisioning - nullable: true - properties: - autoScaling: - description: AutoScaling ... - type: boolean - enableBufio: - description: EnableBufio ... - type: boolean - priorityClassName: - description: PriorityClassName if specified applies to the pod - If left empty, no priority class is applied. - type: string - replica: - description: ReplicaSpec represents configuration related to replicas - resources - nullable: true - properties: - affinity: - description: Affinity if specified, are the pod's affinities - properties: - nodeAffinity: - description: Describes node affinity scheduling rules - for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule - pods to nodes that satisfy the affinity expressions - specified by this field, but it may choose a node - that violates one or more of the expressions. The - node that is most preferred is the one with the - greatest sum of weights, i.e. for each node that - meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if - the node matches the corresponding matchExpressions; - the node(s) with the highest sum are the most preferred. - items: - description: An empty preferred scheduling term - matches all objects with implicit weight 0 (i.e. - it's a no-op). A null preferred scheduling term - matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated - with the corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: The label key that the - selector applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. - If the operator is Gt or Lt, the - values array must have a single - element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: The label key that the - selector applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. - If the operator is Gt or Lt, the - values array must have a single - element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - description: Weight associated with matching - the corresponding nodeSelectorTerm, in the - range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified - by this field are not met at scheduling time, the - pod will not be scheduled onto the node. If the - affinity requirements specified by this field cease - to be met at some point during pod execution (e.g. - due to an update), the system may or may not try - to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector - terms. The terms are ORed. - items: - description: A null or empty node selector term - matches no objects. The requirements of them - are ANDed. The TopologySelectorTerm type implements - a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: The label key that the - selector applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. - If the operator is Gt or Lt, the - values array must have a single - element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: The label key that the - selector applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. - If the operator is Gt or Lt, the - values array must have a single - element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. - co-locate this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule - pods to nodes that satisfy the affinity expressions - specified by this field, but it may choose a node - that violates one or more of the expressions. The - node that is most preferred is the one with the - greatest sum of weights, i.e. for each node that - meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if - the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum - are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, - associated with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of - resources, in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: operator represents - a key's relationship to a set - of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array - of string values. If the operator - is In or NotIn, the values array - must be non-empty. If the operator - is Exists or DoesNotExist, the - values array must be empty. - This array is replaced during - a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of - {key,value} pairs. A single {key,value} - in the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are - ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which - namespaces the labelSelector applies to - (matches against); null or empty list - means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located - (affinity) or not co-located (anti-affinity) - with the pods matching the labelSelector - in the specified namespaces, where co-located - is defined as running on a node whose - value of the label with key topologyKey - matches that of any node on which any - of the selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching - the corresponding podAffinityTerm, in the - range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified - by this field are not met at scheduling time, the - pod will not be scheduled onto the node. If the - affinity requirements specified by this field cease - to be met at some point during pod execution (e.g. - due to a pod label update), the system may or may - not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes - corresponding to each podAffinityTerm are intersected, - i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those - matching the labelSelector relative to the given - namespace(s)) that this pod should be co-located - (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node - whose value of the label with key - matches that of any node on which a pod of the - set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the - pods matching the labelSelector in the specified - namespaces, where co-located is defined as - running on a node whose value of the label - with key topologyKey matches that of any node - on which any of the selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules - (e.g. avoid putting this pod in the same node, zone, - etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule - pods to nodes that satisfy the anti-affinity expressions - specified by this field, but it may choose a node - that violates one or more of the expressions. The - node that is most preferred is the one with the - greatest sum of weights, i.e. for each node that - meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity - expressions, etc.), compute a sum by iterating through - the elements of this field and adding "weight" to - the sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum - are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, - associated with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of - resources, in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: operator represents - a key's relationship to a set - of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array - of string values. If the operator - is In or NotIn, the values array - must be non-empty. If the operator - is Exists or DoesNotExist, the - values array must be empty. - This array is replaced during - a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of - {key,value} pairs. A single {key,value} - in the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are - ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which - namespaces the labelSelector applies to - (matches against); null or empty list - means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located - (affinity) or not co-located (anti-affinity) - with the pods matching the labelSelector - in the specified namespaces, where co-located - is defined as running on a node whose - value of the label with key topologyKey - matches that of any node on which any - of the selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching - the corresponding podAffinityTerm, in the - range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified - by this field are not met at scheduling time, the - pod will not be scheduled onto the node. If the - anti-affinity requirements specified by this field - cease to be met at some point during pod execution - (e.g. due to a pod label update), the system may - or may not try to eventually evict the pod from - its node. When there are multiple elements, the - lists of nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those - matching the labelSelector relative to the given - namespace(s)) that this pod should be co-located - (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node - whose value of the label with key - matches that of any node on which a pod of the - set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the - pods matching the labelSelector in the specified - namespaces, where co-located is defined as - running on a node whose value of the label - with key topologyKey matches that of any node - on which any of the selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - nodeSelector: - additionalProperties: - type: string - description: NodeSelector is the labels that will be used - to select a node for pod scheduleing - type: object - resources: - description: Resources are the compute resources required - by the jiva container. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of - compute resources required. If Requests is omitted for - a container, it defaults to Limits if that is explicitly - specified, otherwise to an implementation-defined value. - More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - tolerations: - description: Tolerations, if specified, are the pod's tolerations - items: - description: The pod this Toleration is attached to tolerates - any taint that matches the triple using - the matching operator . - properties: - effect: - description: Effect indicates the taint effect to match. - Empty means match all taint effects. When specified, - allowed values are NoSchedule, PreferNoSchedule and - NoExecute. - type: string - key: - description: Key is the taint key that the toleration - applies to. Empty means match all taint keys. If the - key is empty, operator must be Exists; this combination - means to match all values and all keys. - type: string - operator: - description: Operator represents a key's relationship - to the value. Valid operators are Exists and Equal. - Defaults to Equal. Exists is equivalent to wildcard - for value, so that a pod can tolerate all taints of - a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period - of time the toleration (which must be of effect NoExecute, - otherwise this field is ignored) tolerates the taint. - By default, it is not set, which means tolerate the - taint forever (do not evict). Zero and negative values - will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration - matches to. If the operator is Exists, the value should - be empty, otherwise just a regular string. - type: string - type: object - type: array - type: object - replicaSC: - description: ReplicaSC represents the storage class used for creating - the pvc for the replicas (provisioned by localpv provisioner) - type: string - serviceAccountName: - description: ServiceAccountName can be provided to enable PSP - type: string - target: - description: TargetSpec represents configuration related to jiva - target and its resources - nullable: true - properties: - affinity: - description: Affinity if specified, are the pod's affinities - properties: - nodeAffinity: - description: Describes node affinity scheduling rules - for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule - pods to nodes that satisfy the affinity expressions - specified by this field, but it may choose a node - that violates one or more of the expressions. The - node that is most preferred is the one with the - greatest sum of weights, i.e. for each node that - meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if - the node matches the corresponding matchExpressions; - the node(s) with the highest sum are the most preferred. - items: - description: An empty preferred scheduling term - matches all objects with implicit weight 0 (i.e. - it's a no-op). A null preferred scheduling term - matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated - with the corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: The label key that the - selector applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. - If the operator is Gt or Lt, the - values array must have a single - element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: The label key that the - selector applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. - If the operator is Gt or Lt, the - values array must have a single - element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - description: Weight associated with matching - the corresponding nodeSelectorTerm, in the - range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified - by this field are not met at scheduling time, the - pod will not be scheduled onto the node. If the - affinity requirements specified by this field cease - to be met at some point during pod execution (e.g. - due to an update), the system may or may not try - to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector - terms. The terms are ORed. - items: - description: A null or empty node selector term - matches no objects. The requirements of them - are ANDed. The TopologySelectorTerm type implements - a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: The label key that the - selector applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. - If the operator is Gt or Lt, the - values array must have a single - element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: The label key that the - selector applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. - If the operator is Gt or Lt, the - values array must have a single - element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. - co-locate this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule - pods to nodes that satisfy the affinity expressions - specified by this field, but it may choose a node - that violates one or more of the expressions. The - node that is most preferred is the one with the - greatest sum of weights, i.e. for each node that - meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if - the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum - are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, - associated with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of - resources, in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: operator represents - a key's relationship to a set - of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array - of string values. If the operator - is In or NotIn, the values array - must be non-empty. If the operator - is Exists or DoesNotExist, the - values array must be empty. - This array is replaced during - a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of - {key,value} pairs. A single {key,value} - in the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are - ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which - namespaces the labelSelector applies to - (matches against); null or empty list - means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located - (affinity) or not co-located (anti-affinity) - with the pods matching the labelSelector - in the specified namespaces, where co-located - is defined as running on a node whose - value of the label with key topologyKey - matches that of any node on which any - of the selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching - the corresponding podAffinityTerm, in the - range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified - by this field are not met at scheduling time, the - pod will not be scheduled onto the node. If the - affinity requirements specified by this field cease - to be met at some point during pod execution (e.g. - due to a pod label update), the system may or may - not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes - corresponding to each podAffinityTerm are intersected, - i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those - matching the labelSelector relative to the given - namespace(s)) that this pod should be co-located - (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node - whose value of the label with key - matches that of any node on which a pod of the - set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the - pods matching the labelSelector in the specified - namespaces, where co-located is defined as - running on a node whose value of the label - with key topologyKey matches that of any node - on which any of the selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules - (e.g. avoid putting this pod in the same node, zone, - etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule - pods to nodes that satisfy the anti-affinity expressions - specified by this field, but it may choose a node - that violates one or more of the expressions. The - node that is most preferred is the one with the - greatest sum of weights, i.e. for each node that - meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity - expressions, etc.), compute a sum by iterating through - the elements of this field and adding "weight" to - the sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum - are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, - associated with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of - resources, in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: operator represents - a key's relationship to a set - of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array - of string values. If the operator - is In or NotIn, the values array - must be non-empty. If the operator - is Exists or DoesNotExist, the - values array must be empty. - This array is replaced during - a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of - {key,value} pairs. A single {key,value} - in the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are - ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which - namespaces the labelSelector applies to - (matches against); null or empty list - means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located - (affinity) or not co-located (anti-affinity) - with the pods matching the labelSelector - in the specified namespaces, where co-located - is defined as running on a node whose - value of the label with key topologyKey - matches that of any node on which any - of the selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching - the corresponding podAffinityTerm, in the - range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified - by this field are not met at scheduling time, the - pod will not be scheduled onto the node. If the - anti-affinity requirements specified by this field - cease to be met at some point during pod execution - (e.g. due to a pod label update), the system may - or may not try to eventually evict the pod from - its node. When there are multiple elements, the - lists of nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those - matching the labelSelector relative to the given - namespace(s)) that this pod should be co-located - (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node - whose value of the label with key - matches that of any node on which a pod of the - set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the - pods matching the labelSelector in the specified - namespaces, where co-located is defined as - running on a node whose value of the label - with key topologyKey matches that of any node - on which any of the selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - auxResources: - description: AuxResources are the compute resources required - by the jiva-target pod side car containers. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of - compute resources required. If Requests is omitted for - a container, it defaults to Limits if that is explicitly - specified, otherwise to an implementation-defined value. - More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - monitor: - description: Monitor enables or disables the target exporter - sidecar - type: boolean - nodeSelector: - additionalProperties: - type: string - description: NodeSelector is the labels that will be used - to select a node for pod scheduleing - type: object - replicationFactor: - description: ReplicationFactor represents maximum number of - replicas that are allowed to connect to the target - type: integer - resources: - description: Resources are the compute resources required - by the jiva container. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of - compute resources required. If Requests is omitted for - a container, it defaults to Limits if that is explicitly - specified, otherwise to an implementation-defined value. - More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - tolerations: - description: Tolerations, if specified, are the pod's tolerations - items: - description: The pod this Toleration is attached to tolerates - any taint that matches the triple using - the matching operator . - properties: - effect: - description: Effect indicates the taint effect to match. - Empty means match all taint effects. When specified, - allowed values are NoSchedule, PreferNoSchedule and - NoExecute. - type: string - key: - description: Key is the taint key that the toleration - applies to. Empty means match all taint keys. If the - key is empty, operator must be Exists; this combination - means to match all values and all keys. - type: string - operator: - description: Operator represents a key's relationship - to the value. Valid operators are Exists and Equal. - Defaults to Equal. Exists is equivalent to wildcard - for value, so that a pod can tolerate all taints of - a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period - of time the toleration (which must be of effect NoExecute, - otherwise this field is ignored) tolerates the taint. - By default, it is not set, which means tolerate the - taint forever (do not evict). Zero and negative values - will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration - matches to. If the operator is Exists, the value should - be empty, otherwise just a regular string. - type: string - type: object - type: array - type: object - required: - - autoScaling - - enableBufio - type: object - pv: - type: string - required: - - accessType - - capacity - - pv - type: object - status: - description: JivaVolumeStatus defines the observed state of JivaVolume - properties: - phase: - description: Phase represents the current phase of JivaVolume. - type: string - replicaCount: - type: integer - replicaStatus: - items: - description: ReplicaStatus stores the status of replicas - properties: - address: - type: string - mode: - type: string - type: object - nullable: true - type: array - status: - type: string - type: object - versionDetails: - description: VersionDetails provides the details for upgrade - properties: - autoUpgrade: - description: If AutoUpgrade is set to true then the resource is upgraded - automatically without any manual steps - type: boolean - desired: - description: Desired is the version that we want to upgrade or the - control plane version - type: string - status: - description: Status gives the status of reconciliation triggered when - the desired and current version are not same - properties: - current: - description: Current is the version of resource - type: string - dependentsUpgraded: - description: DependentsUpgraded gives the details whether all - children of a resource are upgraded to desired version or not - type: boolean - lastUpdateTime: - description: LastUpdateTime is the time the status was last updated - format: date-time - nullable: true - type: string - message: - description: Message is a human readable message if some error - occurs - type: string - reason: - description: Reason is the actual reason for the error state - type: string - state: - description: State is the state of reconciliation - type: string - type: object - type: object - type: object - served: true - storage: true - subresources: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/openebs/openebs/2.11.0/charts/jiva/crds/upgradetask.yaml b/charts/openebs/openebs/2.11.0/charts/jiva/crds/upgradetask.yaml deleted file mode 100644 index ab35065be..000000000 --- a/charts/openebs/openebs/2.11.0/charts/jiva/crds/upgradetask.yaml +++ /dev/null @@ -1,257 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.0 - creationTimestamp: null - name: upgradetasks.openebs.io -spec: - group: openebs.io - names: - kind: UpgradeTask - listKind: UpgradeTaskList - plural: upgradetasks - singular: upgradetask - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: UpgradeTask represents an upgrade task - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec i.e. specifications of the UpgradeTask - properties: - cstorPool: - description: CStorPool contains the details of the cstor pool to be - upgraded - properties: - options: - description: Options can be used to change the default behaviour - of upgrade - properties: - ignoreStepsOnError: - description: IgnoreStepsOnError allows to ignore steps which - failed - items: - type: string - type: array - type: object - poolName: - description: PoolName contains the name of the cstor pool to be - upgraded - type: string - type: object - cstorPoolCluster: - description: CStorPoolCluster contains the details of the storage - pool claim to be upgraded - properties: - cspcName: - description: CSPCName contains the name of the storage pool claim - to be upgraded - type: string - options: - description: Options can be used to change the default behaviour - of upgrade - properties: - ignoreStepsOnError: - description: IgnoreStepsOnError allows to ignore steps which - failed - items: - type: string - type: array - type: object - type: object - cstorPoolInstance: - description: CStorPoolInstance contains the details of the cstor pool - to be upgraded - properties: - cspiName: - description: CSPCName contains the name of the storage pool claim - to be upgraded - type: string - options: - description: Options can be used to change the default behaviour - of upgrade - properties: - ignoreStepsOnError: - description: IgnoreStepsOnError allows to ignore steps which - failed - items: - type: string - type: array - type: object - type: object - cstorVolume: - description: CStorVolume contains the details of the cstor volume - to be upgraded - properties: - options: - description: Options can be used to change the default behaviour - of upgrade - properties: - ignoreStepsOnError: - description: IgnoreStepsOnError allows to ignore steps which - failed - items: - type: string - type: array - type: object - pvName: - description: PVName contains the name of the pv associated with - the cstor volume - type: string - type: object - fromVersion: - description: FromVersion is the current version of the resource. - type: string - imagePrefix: - description: ImagePrefix contains the url prefix of the image url. - This field is optional. If not present upgrade takes the previously - present ImagePrefix. - type: string - imageTag: - description: ImageTag contains the customized tag for ToVersion if - any. This field is optional. If not present upgrade takes the ToVersion - as the ImageTag - type: string - jivaVolume: - description: JivaVolume contains the details of the jiva volume to - be upgraded - properties: - options: - description: Options can be used to change the default behaviour - of upgrade - properties: - ignoreStepsOnError: - description: IgnoreStepsOnError allows to ignore steps which - failed - items: - type: string - type: array - type: object - pvName: - description: PVName contains the name of the pv associated with - the jiva volume - type: string - type: object - options: - description: Options contains the optional flags that can be passed - during upgrade. - properties: - timeout: - description: Timeout is maximum seconds to wait at any given step - in the upgrade - type: integer - type: object - storagePoolClaim: - description: StoragePoolClaim contains the details of the storage - pool claim to be upgraded - properties: - options: - description: Options can be used to change the default behaviour - of upgrade - properties: - ignoreStepsOnError: - description: IgnoreStepsOnError allows to ignore steps which - failed - items: - type: string - type: array - type: object - spcName: - description: SPCName contains the name of the storage pool claim - to be upgraded - type: string - type: object - toVersion: - description: ToVersion is the upgraded version of the resource. It - should be same as the version of control plane components version. - type: string - required: - - fromVersion - - toVersion - type: object - status: - description: Status of UpgradeTask - properties: - completedTime: - description: CompletedTime of Upgrade - format: date-time - nullable: true - type: string - phase: - description: Phase indicates if a upgradeTask is started, success - or errored - type: string - retries: - description: Retries is the number of times the job attempted to upgrade - the resource - type: integer - startTime: - description: StartTime of Upgrade - format: date-time - nullable: true - type: string - upgradeDetailedStatuses: - description: UpgradeDetailedStatuses contains the list of statuses - of each step - items: - description: UpgradeDetailedStatuses represents the latest available - observations of a UpgradeTask current state. - properties: - lastUpdatedAt: - description: LastUpdatedTime of a UpgradeStep - format: date-time - nullable: true - type: string - message: - description: A human-readable message indicating details about - why the upgradeStep is in this state - type: string - phase: - description: Phase indicates if the UpgradeStep is waiting, - errored or completed. - type: string - reason: - description: Reason is a brief CamelCase string that describes - any failure and is meant for machine parsing and tidy display - in the CLI - type: string - startTime: - description: StartTime of a UpgradeStep - format: date-time - nullable: true - type: string - step: - description: UpgradeStep is the current step being performed - for a particular resource upgrade - type: string - type: object - type: array - type: object - required: - - spec - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- diff --git a/charts/openebs/openebs/2.11.0/charts/jiva/templates/NOTES.txt b/charts/openebs/openebs/2.11.0/charts/jiva/templates/NOTES.txt deleted file mode 100644 index de04887f6..000000000 --- a/charts/openebs/openebs/2.11.0/charts/jiva/templates/NOTES.txt +++ /dev/null @@ -1,8 +0,0 @@ -The OpenEBS jiva has been installed check its status by running: -$ kubectl get pods -n {{ .Release.Namespace }} - -For more information, visit our Slack at https://openebs.io/community or view -the documentation online at http://docs.openebs.io/. - -For more information related to jiva volume provisioning, visit -https://github.com/openebs/jiva-operator/tree/master/docs . diff --git a/charts/openebs/openebs/2.11.0/charts/jiva/templates/_helpers.tpl b/charts/openebs/openebs/2.11.0/charts/jiva/templates/_helpers.tpl deleted file mode 100644 index 88fed2e1c..000000000 --- a/charts/openebs/openebs/2.11.0/charts/jiva/templates/_helpers.tpl +++ /dev/null @@ -1,150 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "jiva.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "jiva.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "jiva.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "jiva.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "jiva.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} - -{{/* -Define meta labels for jiva components -*/}} -{{- define "jiva.common.metaLabels" -}} -chart: {{ template "jiva.chart" . }} -heritage: {{ .Release.Service }} -openebs.io/version: {{ .Values.release.version | quote }} -{{- end -}} - -{{/* -Create match labels for jiva operator -*/}} -{{- define "jiva.operator.matchLabels" -}} -name: {{ .Values.jivaOperator.componentName | quote }} -release: {{ .Release.Name }} -component: {{ .Values.jivaOperator.componentName | quote }} -{{- end -}} - -{{/* -Create component labels jiva operator -*/}} -{{- define "jiva.operator.componentLabels" -}} -openebs.io/component-name: {{ .Values.jivaOperator.componentName | quote }} -{{- end -}} - - -{{/* -Create labels for jiva operator -*/}} -{{- define "jiva.operator.labels" -}} -{{ include "jiva.common.metaLabels" . }} -{{ include "jiva.operator.matchLabels" . }} -{{ include "jiva.operator.componentLabels" . }} -{{- end -}} - -{{/* -Create match labels for jiva csi node operator -*/}} -{{- define "jiva.csiNode.matchLabels" -}} -name: {{ .Values.csiNode.componentName | quote }} -release: {{ .Release.Name }} -component: {{ .Values.csiNode.componentName | quote }} -{{- end -}} - -{{/* -Create component labels jiva csi node operator -*/}} -{{- define "jiva.csiNode.componentLabels" -}} -openebs.io/component-name: {{ .Values.csiNode.componentName | quote }} -{{- end -}} - -{{/* -Create labels for jiva csi node operator -*/}} -{{- define "jiva.csiNode.labels" -}} -{{ include "jiva.common.metaLabels" . }} -{{ include "jiva.csiNode.matchLabels" . }} -{{ include "jiva.csiNode.componentLabels" . }} -{{- end -}} - -{{/* -Create match labels for jiva csi controller -*/}} -{{- define "jiva.csiController.matchLabels" -}} -name: {{ .Values.csiController.componentName | quote }} -release: {{ .Release.Name }} -component: {{ .Values.csiController.componentName | quote }} -{{- end -}} - -{{/* -Create component labels jiva csi controller -*/}} -{{- define "jiva.csiController.componentLabels" -}} -openebs.io/component-name: {{ .Values.csiController.componentName | quote }} -{{- end -}} - -{{/* -Create labels for jiva csi controller -*/}} -{{- define "jiva.csiController.labels" -}} -{{ include "jiva.common.metaLabels" . }} -{{ include "jiva.csiController.matchLabels" . }} -{{ include "jiva.csiController.componentLabels" . }} -{{- end -}} - -{{/* -Create the name of the priority class for csi node plugin -*/}} -{{- define "jiva.csiNode.priorityClassName" -}} -{{- if .Values.csiNode.priorityClass.create }} -{{- printf "%s-%s" .Release.Name .Values.csiNode.priorityClass.name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s" .Values.csiNode.priorityClass.name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} - -{{/* -Create the name of the priority class for csi controller plugin -*/}} -{{- define "jiva.csiController.priorityClassName" -}} -{{- if .Values.csiController.priorityClass.create }} -{{- printf "%s-%s" .Release.Name .Values.csiController.priorityClass.name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s" .Values.csiController.priorityClass.name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} diff --git a/charts/openebs/openebs/2.11.0/charts/jiva/templates/csi-controller-rbac.yaml b/charts/openebs/openebs/2.11.0/charts/jiva/templates/csi-controller-rbac.yaml deleted file mode 100644 index c19db646a..000000000 --- a/charts/openebs/openebs/2.11.0/charts/jiva/templates/csi-controller-rbac.yaml +++ /dev/null @@ -1,196 +0,0 @@ -{{- if .Values.serviceAccount.csiController.create -}} -kind: ServiceAccount -apiVersion: v1 -metadata: - name: {{ .Values.serviceAccount.csiController.name }} - labels: - {{- include "jiva.csiController.labels" . | nindent 4 }} - namespace: {{ .Release.Namespace }} -{{- end }} -{{- if .Values.rbac.create }} ---- -# jiva csi roles and bindings -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: openebs-jiva-csi-snapshotter-binding - labels: - {{- include "jiva.csiController.labels" . | nindent 4 }} -subjects: - - kind: ServiceAccount - name: {{ .Values.serviceAccount.csiController.name }} - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: openebs-jiva-csi-snapshotter-role - apiGroup: rbac.authorization.k8s.io ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: openebs-jiva-csi-snapshotter-role - labels: - {{- include "jiva.csiController.labels" . | nindent 4 }} -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents"] - verbs: ["create", "get", "list", "watch", "update", "delete"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents/status"] - verbs: ["update"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots/status"] - verbs: ["update"] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "watch", "list", "delete", "update", "create"] - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["create", "list", "watch", "delete", "get", "update"] ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: openebs-jiva-csi-provisioner-role - labels: - {{- include "jiva.csiController.labels" . | nindent 4 }} -rules: - - apiGroups: [""] - resources: ["secrets","namespaces"] - verbs: ["get", "list"] - - apiGroups: [ "" ] - resources: [ "pods" ] - verbs: [ "get", "list", "watch" ] - - apiGroups: [""] - resources: ["persistentvolumes", "services"] - verbs: ["get", "list", "watch", "create", "delete", "update", "patch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: [""] - resources: ["persistentvolumeclaims/status"] - verbs: ["update", "patch"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses", "csinodes"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots"] - verbs: ["get", "list"] - - apiGroups: ["storage.k8s.io"] - resources: ["volumeattachments"] - verbs: ["get", "list", "watch", "create", "delete", "update", "patch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents"] - verbs: ["get", "list"] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["*"] - - apiGroups: ["*"] - resources: ["jivavolumeattachments", "jivavolumes","jivavolumeconfigs"] - verbs: ["*"] ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: openebs-jiva-csi-provisioner-binding - labels: - {{- include "jiva.csiController.labels" . | nindent 4 }} -subjects: - - kind: ServiceAccount - name: {{ .Values.serviceAccount.csiController.name }} - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: openebs-jiva-csi-provisioner-role - apiGroup: rbac.authorization.k8s.io ---- -############################## CSI- Attacher ####################### -# Attacher must be able to work with PVs, nodes and VolumeAttachments -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: openebs-jiva-csi-attacher-role - labels: - {{- include "jiva.csiController.labels" . | nindent 4 }} -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list", "watch"] - - apiGroups: ["csi.storage.k8s.io"] - resources: ["csinodeinfos"] - verbs: ["get", "list", "watch"] - - apiGroups: ["storage.k8s.io"] - resources: ["volumeattachments", "csinodes"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: [ "storage.k8s.io" ] - resources: [ "volumeattachments/status" ] - verbs: [ "patch" ] ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: openebs-jiva-csi-attacher-binding - labels: - {{- include "jiva.csiController.labels" . | nindent 4 }} -subjects: - - kind: ServiceAccount - name: {{ .Values.serviceAccount.csiController.name }} - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: openebs-jiva-csi-attacher-role - apiGroup: rbac.authorization.k8s.io ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: openebs-jiva-csi-cluster-registrar-role - labels: - {{- include "jiva.csiController.labels" . | nindent 4 }} -rules: - - apiGroups: ["csi.storage.k8s.io"] - resources: ["csidrivers"] - verbs: ["create", "delete"] ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: openebs-jiva-csi-cluster-registrar-binding - labels: - {{- include "jiva.csiController.labels" . | nindent 4 }} -subjects: - - kind: ServiceAccount - name: {{ .Values.serviceAccount.csiController.name }} - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: openebs-jiva-csi-cluster-registrar-role - apiGroup: rbac.authorization.k8s.io -{{- end }} diff --git a/charts/openebs/openebs/2.11.0/charts/jiva/templates/csi-controller.yaml b/charts/openebs/openebs/2.11.0/charts/jiva/templates/csi-controller.yaml deleted file mode 100644 index 76094f6d3..000000000 --- a/charts/openebs/openebs/2.11.0/charts/jiva/templates/csi-controller.yaml +++ /dev/null @@ -1,134 +0,0 @@ -kind: StatefulSet -apiVersion: apps/v1 -metadata: - name: {{ template "jiva.fullname" . }}-csi-controller - {{- with .Values.csiController.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} - labels: - {{- include "jiva.csiController.labels" . | nindent 4 }} -spec: - selector: - matchLabels: - {{- include "jiva.csiController.matchLabels" . | nindent 6 }} - serviceName: "openebs-csi" - replicas: {{ .Values.csiController.replicas }} - template: - metadata: - labels: - {{- include "jiva.csiController.labels" . | nindent 8 }} - {{- if .Values.csiController.podLabels }} - {{ toYaml .Values.csiController.podLabels | nindent 8 }} - {{- end }} - spec: - priorityClassName: {{ template "jiva.csiController.priorityClassName" . }} - serviceAccount: {{ .Values.serviceAccount.csiController.name }} - containers: - - name: {{ .Values.csiController.resizer.name }} - image: "{{ .Values.csiController.resizer.image.registry }}{{ .Values.csiController.resizer.image.repository }}:{{ .Values.csiController.resizer.image.tag }}" - resources: -{{ toYaml .Values.csiController.resources | indent 12 }} - args: - - "--v=5" - - "--csi-address=$(ADDRESS)" - - "--leader-election" - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi.sock - imagePullPolicy: {{ .Values.csiController.resizer.image.pullPolicy }} - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy/ - - name: {{ .Values.csiController.provisioner.name }} - image: "{{ .Values.csiController.provisioner.image.registry }}{{ .Values.csiController.provisioner.image.repository }}:{{ .Values.csiController.provisioner.image.tag }}" - imagePullPolicy: {{ .Values.csiController.provisioner.image.pullPolicy }} - args: - - "--csi-address=$(ADDRESS)" - - "--v=5" - - "--feature-gates=Topology=true" - - "--extra-create-metadata=true" - - "--metrics-address=:22011" - - "--timeout=250s" - - "--default-fstype=ext4" - env: - - name: MY_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi.sock - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy/ - - name: {{ .Values.csiController.attacher.name }} - image: "{{ .Values.csiController.attacher.image.registry }}{{ .Values.csiController.attacher.image.repository }}:{{ .Values.csiController.attacher.image.tag }}" - imagePullPolicy: {{ .Values.csiController.attacher.image.pullPolicy }} - args: - - "--v=5" - - "--csi-address=$(ADDRESS)" - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi.sock - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy/ - - name: {{ .Values.jivaCSIPlugin.name }} - image: "{{ .Values.jivaCSIPlugin.image.registry }}{{ .Values.jivaCSIPlugin.image.repository }}:{{ .Values.jivaCSIPlugin.image.tag }}" - imagePullPolicy: {{ .Values.jivaCSIPlugin.image.pullPolicy }} - env: - - name: OPENEBS_JIVA_CSI_CONTROLLER - value: controller - - name: OPENEBS_JIVA_CSI_ENDPOINT - value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock - - name: OPENEBS_CSI_API_URL - value: https://openebs.io - - name: OPENEBS_NODEID - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - # OpenEBS namespace where the openebs jiva operator components - # has been installed - - name: OPENEBS_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: OPENEBS_IO_INSTALLER_TYPE - value: "jiva-helm" - - name: OPENEBS_IO_ENABLE_ANALYTICS - value: "{{ .Values.analytics.enabled }}" - args : - - "--endpoint=$(OPENEBS_JIVA_CSI_ENDPOINT)" - - "--plugin=$(OPENEBS_JIVA_CSI_CONTROLLER)" - - "--name=jiva.csi.openebs.io" - - "--nodeid=$(OPENEBS_NODEID)" - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy/ - - name: {{ .Values.csiController.livenessprobe.name }} - image: "{{ .Values.csiController.livenessprobe.image.registry }}{{ .Values.csiController.livenessprobe.image.repository }}:{{ .Values.csiController.livenessprobe.image.tag }}" - imagePullPolicy: {{ .Values.csiController.livenessprobe.image.pullPolicy }} - args: - - "--csi-address=/csi/csi.sock" - volumeMounts: - - mountPath: /csi - name: socket-dir - volumes: - - name: socket-dir - emptyDir: {} -{{- if .Values.imagePullSecrets }} - imagePullSecrets: -{{ toYaml .Values.imagePullSecrets | indent 2 }} -{{- end }} -{{- if .Values.csiController.nodeSelector }} - nodeSelector: -{{ toYaml .Values.csiController.nodeSelector | indent 8 }} -{{- end }} -{{- if .Values.csiController.securityContext }} - securityContext: -{{ toYaml .Values.csiController.securityContext | indent 8 }} -{{- end }} -{{- if .Values.csiController.tolerations }} - tolerations: -{{ toYaml .Values.csiController.tolerations | indent 8 }} -{{- end }} diff --git a/charts/openebs/openebs/2.11.0/charts/jiva/templates/csi-driver.yaml b/charts/openebs/openebs/2.11.0/charts/jiva/templates/csi-driver.yaml deleted file mode 100644 index 04bd6e3ab..000000000 --- a/charts/openebs/openebs/2.11.0/charts/jiva/templates/csi-driver.yaml +++ /dev/null @@ -1,9 +0,0 @@ -{{- if .Values.csiDriver.create -}} -apiVersion: storage.k8s.io/v1 -kind: CSIDriver -metadata: - name: jiva.csi.openebs.io -spec: - podInfoOnMount: {{ .Values.csiDriver.podInfoOnMount }} - attachRequired: {{ .Values.csiDriver.attachRequired }} -{{- end }} diff --git a/charts/openebs/openebs/2.11.0/charts/jiva/templates/csi-iscsiadm-config.yaml b/charts/openebs/openebs/2.11.0/charts/jiva/templates/csi-iscsiadm-config.yaml deleted file mode 100644 index f25f155a7..000000000 --- a/charts/openebs/openebs/2.11.0/charts/jiva/templates/csi-iscsiadm-config.yaml +++ /dev/null @@ -1,18 +0,0 @@ -kind: ConfigMap -apiVersion: v1 -metadata: - name: openebs-jiva-csi-iscsiadm -data: - iscsiadm: | - #!/bin/sh - if [ -x /host/sbin/iscsiadm ]; then - chroot /host /sbin/iscsiadm "$@" - elif [ -x /host/usr/local/sbin/iscsiadm ]; then - chroot /host /usr/local/sbin/iscsiadm "$@" - elif [ -x /host/bin/iscsiadm ]; then - chroot /host /bin/iscsiadm "$@" - elif [ -x /host/usr/local/bin/iscsiadm ]; then - chroot /host /usr/local/bin/iscsiadm "$@" - else - chroot /host iscsiadm "$@" - fi diff --git a/charts/openebs/openebs/2.11.0/charts/jiva/templates/csi-node-rbac.yaml b/charts/openebs/openebs/2.11.0/charts/jiva/templates/csi-node-rbac.yaml deleted file mode 100644 index 68e33fe14..000000000 --- a/charts/openebs/openebs/2.11.0/charts/jiva/templates/csi-node-rbac.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{- if .Values.serviceAccount.csiNode.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Values.serviceAccount.csiNode.name }} - labels: - {{- include "jiva.csiNode.labels" . | nindent 4 }} - namespace: {{ .Release.Namespace }} -{{- end }} -{{- if .Values.rbac.create }} ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: openebs-jiva-csi-registrar-role - labels: - {{- include "jiva.csiNode.labels" . | nindent 4 }} -rules: - - apiGroups: [""] - resources: ["events"] - verbs: ["get", "list", "watch", "create", "update", "patch"] - - apiGroups: [""] - resources: ["persistentvolumes", "nodes", "services"] - verbs: ["get", "list", "patch"] - - apiGroups: ["*"] - resources: ["jivavolumes"] - verbs: ["get", "list", "watch", "create", "update", "delete", "patch"] ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: openebs-jiva-csi-registrar-binding - labels: - {{- include "jiva.csiNode.labels" . | nindent 4 }} -subjects: - - kind: ServiceAccount - name: {{ .Values.serviceAccount.csiNode.name }} - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: openebs-jiva-csi-registrar-role - apiGroup: rbac.authorization.k8s.io -{{- end }} diff --git a/charts/openebs/openebs/2.11.0/charts/jiva/templates/csi-node.yaml b/charts/openebs/openebs/2.11.0/charts/jiva/templates/csi-node.yaml deleted file mode 100644 index 3acf07f56..000000000 --- a/charts/openebs/openebs/2.11.0/charts/jiva/templates/csi-node.yaml +++ /dev/null @@ -1,165 +0,0 @@ -kind: DaemonSet -apiVersion: apps/v1 -metadata: - name: {{ template "jiva.fullname" . }}-csi-node - {{- with .Values.csiNode.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} - labels: - {{- include "jiva.csiNode.labels" . | nindent 4 }} -spec: - selector: - matchLabels: - {{- include "jiva.csiNode.matchLabels" . | nindent 6 }} - template: - metadata: - labels: - {{- include "jiva.csiNode.labels" . | nindent 8 }} - {{- if .Values.csiNode.podLabels }} - {{ toYaml .Values.csiNode.podLabels | nindent 8 }} - {{- end }} - spec: - priorityClassName: {{ template "jiva.csiNode.priorityClassName" . }} - serviceAccount: {{ .Values.serviceAccount.csiNode.name }} - hostNetwork: true - containers: - - name: {{ .Values.csiNode.driverRegistrar.name }} - image: "{{ .Values.csiNode.driverRegistrar.image.registry }}{{ .Values.csiNode.driverRegistrar.image.repository }}:{{ .Values.csiNode.driverRegistrar.image.tag }}" - imagePullPolicy: {{ .Values.csiNode.driverRegistrar.image.pullPolicy }} - resources: -{{ toYaml .Values.csiNode.resources | indent 12 }} - args: - - "--v=5" - - "--csi-address=$(ADDRESS)" - - "--kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)" - lifecycle: - preStop: - exec: - command: ["/bin/sh", "-c", "rm -rf /registration/jiva.csi.openebs.io /registration/jiva.csi.openebs.io-reg.sock"] - env: - - name: ADDRESS - value: /plugin/csi.sock - - name: DRIVER_REG_SOCK_PATH - value: {{ .Values.csiNode.kubeletDir }}plugins/jiva.csi.openebs.io/csi.sock - - name: KUBE_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: NODE_DRIVER - value: openebs-jiva-csi - volumeMounts: - - name: plugin-dir - mountPath: /plugin - - name: registration-dir - mountPath: /registration - - name: {{ .Values.jivaCSIPlugin.name }} - securityContext: - privileged: true - allowPrivilegeEscalation: true - image: "{{ .Values.jivaCSIPlugin.image.registry }}{{ .Values.jivaCSIPlugin.image.repository }}:{{ .Values.jivaCSIPlugin.image.tag }}" - imagePullPolicy: {{ .Values.jivaCSIPlugin.image.pullPolicy }} - args: - - "--name=jiva.csi.openebs.io" - - "--nodeid=$(OPENEBS_NODE_ID)" - - "--endpoint=$(OPENEBS_CSI_ENDPOINT)" - - "--plugin=$(OPENEBS_NODE_DRIVER)" - # enableiscsidebug is used to enable debug logs for iscsi operations - - "--enableiscsidebug=true" - # logging level for klog library used in k8s packages - #- "--v=5" - # retrycount is the max number of retries per nodeStaging rpc - # request on a timeout of 5 sec - # This count has been set to 20 for sanity test cases as it takes - # time in minikube - - "--retrycount=20" - # metricsBindAddress is the TCP address that the controller should bind to - # for serving prometheus metrics. By default the address is set to localhost:9505. - # The address can be configured to any desired address. - # Remove the flag to disable prometheus metrics. - - "--metricsBindAddress=:9505" - env: - - name: OPENEBS_NODE_ID - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: OPENEBS_CSI_ENDPOINT - value: unix:///plugin/csi.sock - - name: OPENEBS_NODE_DRIVER - value: node - - name: OPENEBS_CSI_API_URL - value: https://openebs.io - # OpenEBS namespace where the openebs jiva operator components - # has been installed - - name: OPENEBS_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - # Enable/Disable auto-remount feature, when volumes - # recovers form the read-only state - - name: REMOUNT - value: "{{ .Values.jivaCSIPlugin.remount }}" - volumeMounts: - - name: plugin-dir - mountPath: /plugin - - name: device-dir - mountPath: /dev - - name: pods-mount-dir - mountPath: {{ .Values.csiNode.kubeletDir }} - # needed so that any mounts setup inside this container are - # propagated back to the host machine. - mountPropagation: "Bidirectional" - - name: host-root - mountPath: /host - mountPropagation: "HostToContainer" - - name: chroot-iscsiadm - mountPath: /sbin/iscsiadm - subPath: iscsiadm - - name: {{ .Values.csiNode.livenessprobe.name }} - image: "{{ .Values.csiNode.livenessprobe.image.registry }}{{ .Values.csiNode.livenessprobe.image.repository }}:{{ .Values.csiNode.livenessprobe.image.tag }}" - imagePullPolicy: {{ .Values.csiNode.livenessprobe.image.pullPolicy }} - args: - - "--csi-address=/plugin/csi.sock" - volumeMounts: - - mountPath: /plugin - name: plugin-dir - volumes: - - name: device-dir - hostPath: - path: /dev - type: Directory - - name: registration-dir - hostPath: - path: {{ .Values.csiNode.kubeletDir }}plugins_registry/ - type: DirectoryOrCreate - - name: plugin-dir - hostPath: - path: {{ .Values.csiNode.kubeletDir }}plugins/jiva.csi.openebs.io/ - type: DirectoryOrCreate - - name: pods-mount-dir - hostPath: - path: {{ .Values.csiNode.kubeletDir }} - type: Directory - - name: chroot-iscsiadm - configMap: - defaultMode: 0555 - name: openebs-jiva-csi-iscsiadm - - name: host-root - hostPath: - path: / - type: Directory -{{- if .Values.imagePullSecrets }} - imagePullSecrets: -{{ toYaml .Values.imagePullSecrets | indent 2 }} -{{- end }} -{{- if .Values.csiNode.nodeSelector }} - nodeSelector: -{{ toYaml .Values.csiNode.nodeSelector | indent 8 }} -{{- end }} -{{- if .Values.csiNode.securityContext }} - securityContext: -{{ toYaml .Values.csiNode.securityContext | indent 8 }} -{{- end }} -{{- if .Values.csiNode.tolerations }} - tolerations: -{{ toYaml .Values.csiNode.tolerations | indent 8 }} -{{- end }} diff --git a/charts/openebs/openebs/2.11.0/charts/jiva/templates/default-policy.yaml b/charts/openebs/openebs/2.11.0/charts/jiva/templates/default-policy.yaml deleted file mode 100644 index 0c89de5ba..000000000 --- a/charts/openebs/openebs/2.11.0/charts/jiva/templates/default-policy.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if .Values.defaultPolicy.enabled }} -apiVersion: openebs.io/v1alpha1 -kind: JivaVolumePolicy -metadata: - name: {{ .Values.defaultPolicy.name }} -spec: - replicaSC: {{ .Values.defaultPolicy.replicaSC }} - enableBufio: false - autoScaling: false - target: - replicationFactor: {{ .Values.defaultPolicy.replicas }} -{{- end }} diff --git a/charts/openebs/openebs/2.11.0/charts/jiva/templates/default-storageclass.yaml b/charts/openebs/openebs/2.11.0/charts/jiva/templates/default-storageclass.yaml deleted file mode 100644 index d9848eaae..000000000 --- a/charts/openebs/openebs/2.11.0/charts/jiva/templates/default-storageclass.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.defaultClass.enabled }} -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - name: {{ .Values.defaultClass.name }} - annotations: -{{- if .Values.defaultClass.isDefaultClass }} - storageclass.kubernetes.io/is-default-class: "true" -{{- end }} -provisioner: jiva.csi.openebs.io -volumeBindingMode: Immediate -reclaimPolicy: {{ .Values.defaultClass.reclaimPolicy }} -parameters: - cas-type: "jiva" - policy: {{ .Values.defaultPolicy.name }} -{{- end }} diff --git a/charts/openebs/openebs/2.11.0/charts/jiva/templates/jiva-operator-rbac.yaml b/charts/openebs/openebs/2.11.0/charts/jiva/templates/jiva-operator-rbac.yaml deleted file mode 100644 index 4c5b5e8a5..000000000 --- a/charts/openebs/openebs/2.11.0/charts/jiva/templates/jiva-operator-rbac.yaml +++ /dev/null @@ -1,103 +0,0 @@ -{{- if .Values.serviceAccount.jivaOperator.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Values.serviceAccount.jivaOperator.name }} - labels: - {{- include "jiva.common.metaLabels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} -{{- if .Values.rbac.create }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: jiva-operator -rules: -- apiGroups: - - "" - resources: - - pods - - services - - services/finalizers - - endpoints - - persistentvolumes - - persistentvolumeclaims - - events - - configmaps - - secrets - verbs: - - '*' -- apiGroups: - - apps - resources: - - deployments - - daemonsets - - replicasets - - statefulsets - verbs: - - '*' -- apiGroups: - - monitoring.coreos.com - resources: - - servicemonitors - verbs: - - get - - create -- apiGroups: - - apps - resourceNames: - - jiva-operator - resources: - - deployments/finalizers - verbs: - - update -- apiGroups: - - "" - resources: - - nodes - verbs: - - get - - list - - watch -- apiGroups: - - apps - resources: - - replicasets - verbs: - - get -- apiGroups: - - policy - resources: - - poddisruptionbudgets - verbs: - - '*' -- apiGroups: - - openebs.io - resources: - - '*' - verbs: - - '*' ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: openebs-jiva-operator - {{- with .Values.serviceAccount.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} - labels: - {{- include "jiva.common.metaLabels" . | nindent 4 }} -subjects: -- kind: ServiceAccount - name: {{ .Values.serviceAccount.jivaOperator.name }} - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: jiva-operator - apiGroup: rbac.authorization.k8s.io -{{- end }} - diff --git a/charts/openebs/openebs/2.11.0/charts/jiva/templates/jiva-operator.yaml b/charts/openebs/openebs/2.11.0/charts/jiva/templates/jiva-operator.yaml deleted file mode 100644 index 0d0b4b3de..000000000 --- a/charts/openebs/openebs/2.11.0/charts/jiva/templates/jiva-operator.yaml +++ /dev/null @@ -1,76 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "jiva.fullname" . }}-operator - {{- with .Values.jivaOperator.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} - labels: - {{- include "jiva.operator.labels" . | nindent 4 }} -spec: - selector: - matchLabels: - {{- include "jiva.operator.matchLabels" . | nindent 6 }} - replicas: {{ .Values.jivaOperator.replicas }} - strategy: - type: Recreate - template: - metadata: - labels: - {{- include "jiva.operator.labels" . | nindent 8 }} - {{- if .Values.jivaOperator.podLabels }} - {{ toYaml .Values.jivaOperator.podLabels | nindent 8 }} - {{- end }} - spec: - serviceAccountName: {{ .Values.serviceAccount.jivaOperator.name }} - containers: - - name: {{ template "jiva.fullname" . }}-operator - imagePullPolicy: {{ .Values.jivaOperator.image.pullPolicy }} - image: "{{ .Values.jivaOperator.image.registry }}{{ .Values.jivaOperator.image.repository }}:{{ .Values.jivaOperator.image.tag }}" - command: - - jiva-operator - resources: -{{ toYaml .Values.jivaOperator.resources | indent 12 }} - env: - - name: OPENEBS_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: OPENEBS_SERVICEACCOUNT_NAME - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: OPERATOR_NAME - value: "jiva-operator" - - name: OPENEBS_SERVICEACCOUNT_NAME - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: OPENEBS_IO_JIVA_CONTOLLER_IMAGE - value: "{{ .Values.jivaOperator.controller.image.registry }}{{ .Values.jivaOperator.controller.image.repository }}:{{ .Values.jivaOperator.controller.image.tag }}" - - name: OPENEBS_IO_JIVA_REPLICA_IMAGE - value: "{{ .Values.jivaOperator.replica.image.registry }}{{ .Values.jivaOperator.replica.image.repository }}:{{ .Values.jivaOperator.replica.image.tag }}" -{{- if .Values.imagePullSecrets }} - - name: OPENEBS_IO_IMAGE_PULL_SECRETS - value: "{{- range $.Values.imagePullSecrets }}{{ .name }},{{- end }}" -{{- end }} -{{- if .Values.imagePullSecrets }} - imagePullSecrets: -{{ toYaml .Values.imagePullSecrets | indent 2 }} -{{- end }} -{{- if .Values.jivaOperator.nodeSelector }} - nodeSelector: -{{ toYaml .Values.jivaOperator.nodeSelector | indent 8 }} -{{- end }} -{{- if .Values.jivaOperator.securityContext }} - securityContext: -{{ toYaml .Values.jivaOperator.securityContext | indent 8 }} -{{- end }} -{{- if .Values.jivaOperator.tolerations }} - tolerations: -{{ toYaml .Values.jivaOperator.tolerations | indent 8 }} -{{- end }} diff --git a/charts/openebs/openebs/2.11.0/charts/jiva/templates/priority-class.yaml b/charts/openebs/openebs/2.11.0/charts/jiva/templates/priority-class.yaml deleted file mode 100644 index 4e3c77406..000000000 --- a/charts/openebs/openebs/2.11.0/charts/jiva/templates/priority-class.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.csiController.priorityClass.create }} -apiVersion: scheduling.k8s.io/v1 -kind: PriorityClass -metadata: - name: {{ template "jiva.csiController.priorityClassName" . }} -value: 900000000 -globalDefault: false -description: "This priority class should be used for the OpenEBS CSI driver controller deployment only." -{{- end }} ---- -{{- if .Values.csiNode.priorityClass.create }} -apiVersion: scheduling.k8s.io/v1 -kind: PriorityClass -metadata: - name: {{ template "jiva.csiNode.priorityClassName" . }} -value: 900001000 -globalDefault: false -description: "This priority class should be used for the OpenEBS CSI driver node deployment only." -{{- end }} diff --git a/charts/openebs/openebs/2.11.0/charts/jiva/templates/psp.yaml b/charts/openebs/openebs/2.11.0/charts/jiva/templates/psp.yaml deleted file mode 100644 index a8bfc3ed9..000000000 --- a/charts/openebs/openebs/2.11.0/charts/jiva/templates/psp.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{- if .Values.rbac.pspEnabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "jiva.fullname" . }}-psp - {{- with .Values.csiNode.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} - labels: - {{- include "jiva.csiNode.labels" . | nindent 4 }} -spec: - privileged: true - allowPrivilegeEscalation: true - allowedCapabilities: ['*'] - volumes: ['*'] - hostNetwork: true - hostIPC: true - hostPID: true - runAsUser: - rule: 'RunAsAny' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'RunAsAny' - fsGroup: - rule: 'RunAsAny' -{{- end }} diff --git a/charts/openebs/openebs/2.11.0/charts/jiva/values.yaml b/charts/openebs/openebs/2.11.0/charts/jiva/values.yaml deleted file mode 100644 index 234e703d0..000000000 --- a/charts/openebs/openebs/2.11.0/charts/jiva/values.yaml +++ /dev/null @@ -1,213 +0,0 @@ -# Default values for jiva-operator. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -release: - version: "2.11.0" - - -# If false, openebs localpv sub-chart will not be installed -openebsLocalpv: - enabled: true - -rbac: - # rbac.create: `true` if rbac resources should be created - create: true - # rbac.pspEnabled: `true` if PodSecurityPolicy resources should be created - pspEnabled: false - -imagePullSecrets: -# - name: "image-pull-secret" - -jivaOperator: - componentName: "jiva-operator" - controller: - image: - registry: - repository: openebs/jiva - tag: 2.11.0 - replica: - image: - registry: - repository: openebs/jiva - tag: 2.11.0 - image: - # Make sure that registry name end with a '/'. - # For example : quay.io/ is a correct value here and quay.io is incorrect - registry: - repository: openebs/jiva-operator - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: 2.11.0 - annotations: {} - resyncInterval: "30" - podAnnotations: {} - podLabels: {} - nodeSelector: {} - tolerations: [] - resources: {} - securityContext: {} - - -csiController: - priorityClass: - create: true - name: jiva-csi-controller-critical - componentName: "openebs-jiva-csi-controller" - attacher: - name: "csi-attacher" - image: - # Make sure that registry name end with a '/'. - # For example : quay.io/ is a correct value here and quay.io is incorrect - registry: k8s.gcr.io/ - repository: sig-storage/csi-attacher - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: v3.1.0 - livenessprobe: - name: "liveness-probe" - image: - # Make sure that registry name end with a '/'. - # For example : quay.io/ is a correct value here and quay.io is incorrect - registry: k8s.gcr.io/ - repository: sig-storage/livenessprobe - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: v2.2.0 - provisioner: - name: "csi-provisioner" - image: - # Make sure that registry name end with a '/'. - # For example : quay.io/ is a correct value here and quay.io is incorrect - registry: k8s.gcr.io/ - repository: sig-storage/csi-provisioner - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: v2.1.0 - resizer: - name: "csi-resizer" - image: - # Make sure that registry name end with a '/'. - # For example : quay.io/ is a correct value here and quay.io is incorrect - registry: k8s.gcr.io/ - repository: sig-storage/csi-resizer - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: v1.1.0 - annotations: {} - podAnnotations: {} - podLabels: {} - nodeSelector: {} - tolerations: [] - resources: {} - securityContext: {} - -jivaCSIPlugin: - name: jiva-csi-plugin - image: - # Make sure that registry name end with a '/'. - # For example : quay.io/ is a correct value here and quay.io is incorrect - registry: - repository: openebs/jiva-csi - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: 2.11.0 - remount: "true" - -csiNode: - priorityClass: - create: true - name: jiva-csi-node-critical - componentName: "openebs-jiva-csi-node" - driverRegistrar: - name: "csi-node-driver-registrar" - image: - registry: k8s.gcr.io/ - repository: sig-storage/csi-node-driver-registrar - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: v2.0.1 - livenessprobe: - name: "liveness-probe" - image: - # Make sure that registry name end with a '/'. - # For example : quay.io/ is a correct value here and quay.io is incorrect - registry: k8s.gcr.io/ - repository: sig-storage/livenessprobe - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: v2.2.0 - updateStrategy: - type: RollingUpdate - annotations: {} - podAnnotations: {} - resources: {} - # limits: - # cpu: 10m - # memory: 32Mi - # requests: - # cpu: 10m - # memory: 32Mi - ## Labels to be added to openebs-jiva-csi-node pods - podLabels: {} - # kubeletDir path can be configured to run on various different k8s distributions like - # microk8s where kubelet root dir is not (/var/lib/kubelet/). For example microk8s, - # we need to change the kubelet directory to `/var/snap/microk8s/common/var/lib/kubelet/` - kubeletDir: "/var/lib/kubelet/" - nodeSelector: {} - tolerations: [] - securityContext: {} - -csiDriver: - create: true - podInfoOnMount: true - attachRequired: false - -serviceAccount: - # Annotations to add to the service account - annotations: {} - jivaOperator: - create: true - name: openebs-jiva-operator - csiController: - # Specifies whether a service account should be created - create: true - name: openebs-jiva-csi-controller-sa - csiNode: - # Specifies whether a service account should be created - create: true - name: openebs-jiva-csi-node-sa - -defaultClass: - # Name of the default default StorageClass - name: openebs-jiva-csi-default - # If true, enables creation of the openebs-jiva-csi-default StorageClass - enabled: true - # Available reclaim policies: Delete/Retain, defaults: Delete. - reclaimPolicy: Delete - # If true, sets the openebs-jiva-csi-default StorageClass as the default StorageClass - isDefaultClass: false - -defaultPolicy: - # Name of the default default JivaVolumePolicy - name: openebs-jiva-default-policy - # If true, enables creation of the openebs-jiva-default-policy JivaVolumePolicy - enabled: true - # replicaSC represents the storage class used for creating - # the pvc for the replica sts provisioned by localpv provisioner - replicaSC: openebs-hostpath - # replicas represent the desired replication factor for the jiva volume - replicas: 3 - -analytics: - enabled: true - # Specify in hours the duration after which a ping event needs to be sent. - pingInterval: "24h" - -localpv-provisioner: - # Disable installation of node-disk-manager components by default - openebsNDM: - enabled: false - # Disable openebs-device deviceClass by default. - deviceClass: - enabled: false diff --git a/charts/openebs/openebs/2.11.0/charts/localpv-provisioner/.helmignore b/charts/openebs/openebs/2.11.0/charts/localpv-provisioner/.helmignore deleted file mode 100644 index 0e8a0eb36..000000000 --- a/charts/openebs/openebs/2.11.0/charts/localpv-provisioner/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/openebs/openebs/2.11.0/charts/localpv-provisioner/Chart.lock b/charts/openebs/openebs/2.11.0/charts/localpv-provisioner/Chart.lock deleted file mode 100644 index 1399387a0..000000000 --- a/charts/openebs/openebs/2.11.0/charts/localpv-provisioner/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: openebs-ndm - repository: https://openebs.github.io/node-disk-manager - version: 1.6.0 -digest: sha256:bb37660c475faea9651f07b43f655da8f19d251b3227da70ec4990fae6d380f0 -generated: "2021-07-16T06:29:18.04468484Z" diff --git a/charts/openebs/openebs/2.11.0/charts/localpv-provisioner/Chart.yaml b/charts/openebs/openebs/2.11.0/charts/localpv-provisioner/Chart.yaml deleted file mode 100644 index 8e02a3469..000000000 --- a/charts/openebs/openebs/2.11.0/charts/localpv-provisioner/Chart.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: v2 -appVersion: 2.11.0 -dependencies: -- condition: openebsNDM.enabled - name: openebs-ndm - repository: https://openebs.github.io/node-disk-manager - version: 1.6.0 -description: Helm chart for OpenEBS Dynamic Local PV. For instructions to install - OpenEBS Dynamic Local PV using helm chart, refer to https://openebs.github.io/dynamic-localpv-provisioner/. -home: http://www.openebs.io/ -icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/openebs/icon/color/openebs-icon-color.png -keywords: -- storage -- local -- dynamic-localpv -maintainers: -- email: akhil.mohan@mayadata.io - name: akhilerm -- email: kiran.mova@mayadata.io - name: kiranmova -- email: prateek.pandey@mayadata.io - name: prateekpandey14 -name: localpv-provisioner -sources: -- https://github.com/openebs/dynamic-localpv-provisioner -type: application -version: 2.11.0 diff --git a/charts/openebs/openebs/2.11.0/charts/localpv-provisioner/README.md b/charts/openebs/openebs/2.11.0/charts/localpv-provisioner/README.md deleted file mode 100644 index 139ac268c..000000000 --- a/charts/openebs/openebs/2.11.0/charts/localpv-provisioner/README.md +++ /dev/null @@ -1,143 +0,0 @@ -# OpenEBS LocalPV Provisioner - -[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0) -![Chart Lint and Test](https://github.com/openebs/dynamic-localpv-provisioner/workflows/Chart%20Lint%20and%20Test/badge.svg) -![Release Charts](https://github.com/openebs/dynamic-localpv-provisioner/workflows/Release%20Charts/badge.svg?branch=develop) - -A Helm chart for openebs dynamic localpv provisioner. This chart bootstraps OpenEBS Dynamic LocalPV provisioner deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - - -**Homepage:** - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| akhilerm | akhil.mohan@mayadata.io | | -| kiranmova | kiran.mova@mayadata.io | | -| prateekpandey14 | prateek.pandey@mayadata.io | | - - -## Get Repo Info - -```console -helm repo add openebs-localpv https://openebs.github.io/dynamic-localpv-provisioner -helm repo update -``` - -_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ - -## Install Chart - -Please visit the [link](https://openebs.github.io/dynamic-localpv-provisioner/) for install instructions via helm3. - -```console -# Helm -helm install [RELEASE_NAME] openebs-localpv/localpv-provisioner --namespace [NAMESPACE] --create-namespace -``` - -_See [configuration](#configuration) below._ - -_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._ - -## Dependencies - -By default this chart installs additional, dependent charts: - -| Repository | Name | Version | -|------------|------|---------| -| https://openebs.github.io/node-disk-manager | openebs-ndm | 1.6.0 | - -**Note:** Find detailed Node Disk Manager Helm chart configuration options [here](https://github.com/openebs/node-disk-manager/blob/master/deploy/helm/charts/README.md). - - -To disable the dependency during installation, set `openebsNDM.enabled` to `false`. - -_See [helm dependency](https://helm.sh/docs/helm/helm_dependency/) for command documentation._ - -## Uninstall Chart - -```console -# Helm -helm uninstall [RELEASE_NAME] --namespace [NAMESPACE] -``` - -This removes all the Kubernetes components associated with the chart and deletes the release. - -_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._ - -## Upgrading Chart - -```console -# Helm -helm upgrade [RELEASE_NAME] [CHART] --install --namespace [NAMESPACE] -``` - - -## Configuration - -The following table lists the configurable parameters of the OpenEBS Dynamic LocalPV Provisioner chart and their default values. - -You can modify different parameters by specifying the desired value in the `helm install` command by using the `--set` and/or the `--set-string` flag(s). You can modify the parameters of the [Node Disk Manager chart](https://openebs.github.io/node-disk-manager) by adding `openebs-ndm` before the desired parameter in the `helm install` command. - -In the following sample command we modify `deviceClass.fsType` from the localpv-provisioner chart and `ndm.nodeSelector` from the openebs-ndm chart to only schedule openebs-ndm DaemonSet pods on nodes labelled with `openebs.io/data-plane=true`. We also enable the 'Use OS-disk' feature gate using the `featureGates.UseOSDisk.enabled` parameter from the openebs-ndm chart. - - -```console -helm install openebs-localpv openebs-localpv/localpv-provisioner --namespace openebs --create-namespace \ - --set-string deviceClass.fsType="xfs" \ - --set-string openebs-ndm.ndm.nodeSelector."openebs\.io/data-plane"=true \ - --set openebs-ndm.featureGates.UseOSDisk.enabled=true -``` - -| Parameter | Description | Default | -| ------------------------------------------- | --------------------------------------------- | ----------------------------------------- | -| `release.version` | LocalPV Provisioner release version | `2.11.0` | -| `analytics.enabled` | Enable sending stats to Google Analytics | `true` | -| `analytics.pingInterval` | Duration(hours) between sending ping stat | `24h` | -| `deviceClass.blockDeviceTag` | Value of `openebs.io/block-device-tag` BD label | `""` | -| `deviceClass.enabled` | Enables creation of default Device StorageClass | `true` | -| `deviceClass.fsType` | Filesystem type for openebs-device StorageClass | `"ext4"` | -| `deviceClass.isDefaultClass` | Make openebs-device the default StorageClass | `"false"` | -| `deviceClass.reclaimPolicy` | ReclaimPolicy for Device PVs | `"Delete"` | -| `helperPod.image.registry` | Registry for helper image | `""` | -| `helperPod.image.repository` | Image for helper pod | `"openebs/linux-utils"` | -| `helperPod.image.pullPolicy` | Pull policy for helper pod | `"IfNotPresent"` | -| `helperPod.image.tag` | Image tag for helper image | `2.11.0` | -| `hostpathClass.basePath` | BasePath for openebs-hostpath StorageClass | `"/var/openebs/local"` | -| `hostpathClass.enabled` | Enables creation of default Hostpath StorageClass | `true` | -| `hostpathClass.isDefaultClass` | Make openebs-hostpath the default StorageClass | `"false"` | -| `hostpathClass.nodeAffinityLabel` | Custom node label key to uniquely identify nodes. `kubernetes.io/hostname` is the default label key for node selection. | `""` | -| `hostpathClass.reclaimPolicy` | ReclaimPolicy for Hostpath PVs | `"Delete"` | -| `imagePullSecrets` | Provides image pull secrect | `""` | -| `localpv.enabled` | Enable LocalPV Provisioner | `true` | -| `localpv.image.registry` | Registry for LocalPV Provisioner image | `""` | -| `localpv.image.repository` | Image repository for LocalPV Provisioner | `openebs/localpv-provisioner` | -| `localpv.image.pullPolicy` | Image pull policy for LocalPV Provisioner | `IfNotPresent` | -| `localpv.image.tag` | Image tag for LocalPV Provisioner | `2.11.0` | -| `localpv.updateStrategy.type` | Update strategy for LocalPV Provisioner | `RollingUpdate` | -| `localpv.annotations` | Annotations for LocalPV Provisioner metadata | `""` | -| `localpv.podAnnotations` | Annotations for LocalPV Provisioner pods metadata | `""` | -| `localpv.privileged` | Run LocalPV Provisioner with extra privileges | `true` | -| `localpv.resources` | Resource and request and limit for containers | `""` | -| `localpv.podLabels` | Appends labels to the pods | `""` | -| `localpv.nodeSelector` | Nodeselector for LocalPV Provisioner pods | `""` | -| `localpv.tolerations` | LocalPV Provisioner pod toleration values | `""` | -| `localpv.securityContext` | Seurity context for container | `""` | -| `localpv.healthCheck.initialDelaySeconds` | Delay before liveness probe is initiated | `30` | -| `localpv.healthCheck.periodSeconds` | How often to perform the liveness probe | `60` | -| `localpv.replicas` | No. of LocalPV Provisioner replica | `1` | -| `localpv.enableLeaderElection` | Enable leader election | `true` | -| `localpv.affinity` | LocalPV Provisioner pod affinity | `{}` | -| `openebsNDM.enabled` | Install openebs NDM dependency | `true` | -| `rbac.create` | Enable RBAC Resources | `true` | -| `rbac.pspEnabled` | Create pod security policy resources | `false` | - - -A YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```bash -helm install -f values.yaml --namespace openebs openebs-localpv/localpv-provisioner -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) diff --git a/charts/openebs/openebs/2.11.0/charts/localpv-provisioner/charts/openebs-ndm/Chart.yaml b/charts/openebs/openebs/2.11.0/charts/localpv-provisioner/charts/openebs-ndm/Chart.yaml deleted file mode 100644 index 890c4887b..000000000 --- a/charts/openebs/openebs/2.11.0/charts/localpv-provisioner/charts/openebs-ndm/Chart.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v2 -appVersion: 1.6.0 -description: Helm chart for OpenEBS Node Disk Manager - a Kubernetes native storage - device management solution. For instructions on how to install, refer to https://openebs.github.io/node-disk-manager/. -home: http://www.openebs.io/ -icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/openebs/icon/color/openebs-icon-color.png -keywords: -- cloud-native-storage -- block-storage -- ndm -- disk-inventory -- storage -maintainers: -- email: akhil.mohan@mayadata.io - name: akhilerm -- email: michaelfornaro@gmail.com - name: xUnholy -- email: prateek.pandey@mayadata.io - name: prateekpandey14 -name: openebs-ndm -sources: -- https://github.com/openebs/node-disk-manager -version: 1.6.0 diff --git a/charts/openebs/openebs/2.11.0/charts/localpv-provisioner/charts/openebs-ndm/README.md b/charts/openebs/openebs/2.11.0/charts/localpv-provisioner/charts/openebs-ndm/README.md deleted file mode 100644 index 497b6b450..000000000 --- a/charts/openebs/openebs/2.11.0/charts/localpv-provisioner/charts/openebs-ndm/README.md +++ /dev/null @@ -1,79 +0,0 @@ -## Introduction - -This chart bootstraps OpenEBS NDM deployment on a [Kubernetes](http://kubernetes.io) cluster using the -[Helm](https://helm.sh) package manager. - -## Installation - -You can run OpenEBS NDM on any Kubernetes 1.13+ cluster in a matter of seconds. - -Please visit the [link](https://openebs.github.io/node-disk-manager/) for install instructions via helm3. - -## Configuration - -The following table lists the configurable parameters of the OpenEBS NDM chart and their default values. - -| Parameter | Description | Default | -| ----------------------------------------| --------------------------------------------- | ----------------------------------------- | -| `imagePullSecrets` | Provides image pull secrect | `""` | -| `ndm.enabled` | Enable Node Disk Manager | `true` | -| `ndm.image.registry` | Registry for Node Disk Manager image | `""` | -| `ndm.image.repository` | Image repository for Node Disk Manager | `openebs/node-disk-manager` | -| `ndm.image.pullPolicy` | Image pull policy for Node Disk Manager | `IfNotPresent` | -| `ndm.image.tag` | Image tag for Node Disk Manager | `1.5.0` | -| `ndm.sparse.path` | Directory where Sparse files are created | `/var/openebs/sparse` | -| `ndm.sparse.size` | Size of the sparse file in bytes | `10737418240` | -| `ndm.sparse.count` | Number of sparse files to be created | `0` | -| `ndm.updateStrategy.type` | Update strategy for NDM daemonset | `RollingUpdate` | -| `ndm.annotations` | Annotations for NDM daemonset metadata | `""` | -| `ndm.podAnnotations` | Annotations for NDM daemonset's pods metadata | `""` | -| `ndm.resources` | Resource and request and limit for containers | `""` | -| `ndm.podLabels` | Appends labels to the pods | `""` | -| `ndm.nodeSelector` | Nodeselector for daemonset pods | `""` | -| `ndm.tolerations` | NDM daemonset's pod toleration values | `""` | -| `ndm.securityContext` | Seurity context for container | `""` | -| `ndm.filters.enableOsDiskExcludeFilter` | Enable filters of OS disk exclude | `true` | -| `ndm.filters.osDiskExcludePaths` | Paths/Mountpoints to be excluded by OS Disk Filter| `/,/etc/hosts,/boot` | -| `ndm.filters.enableVendorFilter` | Enable filters of vendors | `true` | -| `ndm.filters.excludeVendors` | Exclude devices with specified vendor | `CLOUDBYT,OpenEBS` | -| `ndm.filters.enablePathFilter` | Enable filters of paths | `true` | -| `ndm.filters.includePaths` | Include devices with specified path patterns | `""` | -| `ndm.filters.excludePaths` | Exclude devices with specified path patterns | `loop,fd0,sr0,/dev/ram,/dev/dm-,/dev/md,/dev/rbd,/dev/zd`| -| `ndm.probes.enableSeachest` | Enable Seachest probe for NDM | `false` | -| `ndm.probes.enableUdevProbe` | Enable Udev probe for NDM | `true` | -| `ndm.probes.enableSmartProbe` | Enable Smart probe for NDM | `true` | -| `ndmOperator.enabled` | Enable NDM Operator | `true` | -| `ndmOperator.replica` | Pod replica count for NDM operator | `1` | -| `ndmOperator.upgradeStrategy` | Update strategy NDM operator | `"Recreate"` | -| `ndmOperator.image.registry` | Registry for NDM operator image | `""` | -| `ndmOperator.image.repository` | Image repository for NDM operator | `openebs/node-disk-operator` | -| `ndmOperator.image.pullPolicy` | Image pull policy for NDM operator | `IfNotPresent` | -| `ndmOperator.image.tag` | Image tag for NDM operator | `1.5.0` | -| `ndmOperator.annotations` | Annotations for NDM operator metadata | `""` | -| `ndmOperator.podAnnotations` | Annotations for NDM operator's pods metadata | `""` | -| `ndmOperator.resources` | Resource and request and limit for containers | `""` | -| `ndmOperator.podLabels` | Appends labels to the pods | `""` | -| `ndmOperator.nodeSelector` | Nodeselector for operator pods | `""` | -| `ndmOperator.tolerations` | NDM operator's pod toleration values | `""` | -| `ndmOperator.securityContext` | Seurity context for container | `""` | -| `featureGates.APIService.enabled` | Enable the gRPC API service of NDM | `false` | -| `featureGates.UseOSDisk.enabled` | Enable feature-gate to use free space on OS disk | `false` | -| `featureGates.MountChangeDetection.enabled` | Enable feature-gate to detect mountpoint/filesystem changes | `false` | -| `helperPod.image.registry` | Registry for helper image | `""` | -| `helperPod.image.repository` | Image for helper pod | `openebs/linux-utils` | -| `helperPod.image.pullPolicy` | Pull policy for helper pod | `IfNotPresent` | -| `helperPod.image.tag` | Image tag for helper image | `2.10.0` | -| `varDirectoryPath.baseDir` | Directory to store debug info and so forth | `/var/openebs` | -| `serviceAccount.create` | Create a service account or not | `true` | -| `serviceAccount.name` | Name for the service account | `true` | - - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```bash -helm install -f values.yaml ndm/openebs-ndm -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) diff --git a/charts/openebs/openebs/2.11.0/charts/localpv-provisioner/charts/openebs-ndm/crds/blockdevice.yaml b/charts/openebs/openebs/2.11.0/charts/localpv-provisioner/charts/openebs-ndm/crds/blockdevice.yaml deleted file mode 100644 index 95f40703c..000000000 --- a/charts/openebs/openebs/2.11.0/charts/localpv-provisioner/charts/openebs-ndm/crds/blockdevice.yaml +++ /dev/null @@ -1,241 +0,0 @@ - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.5.0 - creationTimestamp: null - name: blockdevices.openebs.io -spec: - group: openebs.io - names: - kind: BlockDevice - listKind: BlockDeviceList - plural: blockdevices - shortNames: - - bd - singular: blockdevice - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.nodeAttributes.nodeName - name: NodeName - type: string - - jsonPath: .spec.path - name: Path - priority: 1 - type: string - - jsonPath: .spec.filesystem.fsType - name: FSType - priority: 1 - type: string - - jsonPath: .spec.capacity.storage - name: Size - type: string - - jsonPath: .status.claimState - name: ClaimState - type: string - - jsonPath: .status.state - name: Status - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - description: BlockDevice is the Schema for the blockdevices API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: DeviceSpec defines the properties and runtime status of a BlockDevice - properties: - aggregateDevice: - description: AggregateDevice was intended to store the hierarchical information in cases of LVM. However this is currently not implemented and may need to be re-looked into for better design. To be deprecated - type: string - capacity: - description: Capacity - properties: - logicalSectorSize: - description: LogicalSectorSize is blockdevice logical-sector size in bytes - format: int32 - type: integer - physicalSectorSize: - description: PhysicalSectorSize is blockdevice physical-Sector size in bytes - format: int32 - type: integer - storage: - description: Storage is the blockdevice capacity in bytes - format: int64 - type: integer - required: - - storage - type: object - claimRef: - description: ClaimRef is the reference to the BDC which has claimed this BD - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - type: object - details: - description: Details contain static attributes of BD like model,serial, and so forth - properties: - compliance: - description: Compliance is standards/specifications version implemented by device firmware such as SPC-1, SPC-2, etc - type: string - deviceType: - description: DeviceType represents the type of device like sparse, disk, partition, lvm, crypt - enum: - - disk - - partition - - sparse - - loop - - lvm - - crypt - - dm - - mpath - type: string - driveType: - description: DriveType is the type of backing drive, HDD/SSD - enum: - - HDD - - SSD - - Unknown - - "" - type: string - firmwareRevision: - description: FirmwareRevision is the disk firmware revision - type: string - hardwareSectorSize: - description: HardwareSectorSize is the hardware sector size in bytes - format: int32 - type: integer - logicalBlockSize: - description: LogicalBlockSize is the logical block size in bytes reported by /sys/class/block/sda/queue/logical_block_size - format: int32 - type: integer - model: - description: Model is model of disk - type: string - physicalBlockSize: - description: PhysicalBlockSize is the physical block size in bytes reported by /sys/class/block/sda/queue/physical_block_size - format: int32 - type: integer - serial: - description: Serial is serial number of disk - type: string - vendor: - description: Vendor is vendor of disk - type: string - type: object - devlinks: - description: DevLinks contains soft links of a block device like /dev/by-id/... /dev/by-uuid/... - items: - description: DeviceDevLink holds the mapping between type and links like by-id type or by-path type link - properties: - kind: - description: Kind is the type of link like by-id or by-path. - enum: - - by-id - - by-path - type: string - links: - description: Links are the soft links - items: - type: string - type: array - type: object - type: array - filesystem: - description: FileSystem contains mountpoint and filesystem type - properties: - fsType: - description: Type represents the FileSystem type of the block device - type: string - mountPoint: - description: MountPoint represents the mountpoint of the block device. - type: string - type: object - nodeAttributes: - description: NodeAttributes has the details of the node on which BD is attached - properties: - nodeName: - description: NodeName is the name of the Kubernetes node resource on which the device is attached - type: string - type: object - parentDevice: - description: "ParentDevice was intended to store the UUID of the parent Block Device as is the case for partitioned block devices. \n For example: /dev/sda is the parent for /dev/sda1 To be deprecated" - type: string - partitioned: - description: Partitioned represents if BlockDevice has partitions or not (Yes/No) Currently always default to No. To be deprecated - enum: - - "Yes" - - "No" - type: string - path: - description: Path contain devpath (e.g. /dev/sdb) - type: string - required: - - capacity - - devlinks - - nodeAttributes - - path - type: object - status: - description: DeviceStatus defines the observed state of BlockDevice - properties: - claimState: - description: ClaimState represents the claim state of the block device - enum: - - Claimed - - Unclaimed - - Released - type: string - state: - description: State is the current state of the blockdevice (Active/Inactive/Unknown) - enum: - - Active - - Inactive - - Unknown - type: string - required: - - claimState - - state - type: object - type: object - served: true - storage: true - subresources: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/openebs/openebs/2.11.0/charts/localpv-provisioner/charts/openebs-ndm/crds/blockdeviceclaim.yaml b/charts/openebs/openebs/2.11.0/charts/localpv-provisioner/charts/openebs-ndm/crds/blockdeviceclaim.yaml deleted file mode 100644 index 81b9a355e..000000000 --- a/charts/openebs/openebs/2.11.0/charts/localpv-provisioner/charts/openebs-ndm/crds/blockdeviceclaim.yaml +++ /dev/null @@ -1,144 +0,0 @@ - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.5.0 - creationTimestamp: null - name: blockdeviceclaims.openebs.io -spec: - group: openebs.io - names: - kind: BlockDeviceClaim - listKind: BlockDeviceClaimList - plural: blockdeviceclaims - shortNames: - - bdc - singular: blockdeviceclaim - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.blockDeviceName - name: BlockDeviceName - type: string - - jsonPath: .status.phase - name: Phase - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - description: BlockDeviceClaim is the Schema for the blockdeviceclaims API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: DeviceClaimSpec defines the request details for a BlockDevice - properties: - blockDeviceName: - description: BlockDeviceName is the reference to the block-device backing this claim - type: string - blockDeviceNodeAttributes: - description: BlockDeviceNodeAttributes is the attributes on the node from which a BD should be selected for this claim. It can include nodename, failure domain etc. - properties: - hostName: - description: HostName represents the hostname of the Kubernetes node resource where the BD should be present - type: string - nodeName: - description: NodeName represents the name of the Kubernetes node resource where the BD should be present - type: string - type: object - deviceClaimDetails: - description: Details of the device to be claimed - properties: - allowPartition: - description: AllowPartition represents whether to claim a full block device or a device that is a partition - type: boolean - blockVolumeMode: - description: 'BlockVolumeMode represents whether to claim a device in Block mode or Filesystem mode. These are use cases of BlockVolumeMode: 1) Not specified: VolumeMode check will not be effective 2) VolumeModeBlock: BD should not have any filesystem or mountpoint 3) VolumeModeFileSystem: BD should have a filesystem and mountpoint. If DeviceFormat is specified then the format should match with the FSType in BD' - type: string - formatType: - description: Format of the device required, eg:ext4, xfs - type: string - type: object - deviceType: - description: DeviceType represents the type of drive like SSD, HDD etc., - nullable: true - type: string - hostName: - description: Node name from where blockdevice has to be claimed. To be deprecated. Use NodeAttributes.HostName instead - type: string - resources: - description: Resources will help with placing claims on Capacity, IOPS - properties: - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum resources required. eg: if storage resource of 10G is requested minimum capacity of 10G should be available TODO for validating' - type: object - required: - - requests - type: object - selector: - description: Selector is used to find block devices to be considered for claiming - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - type: object - status: - description: DeviceClaimStatus defines the observed state of BlockDeviceClaim - properties: - phase: - description: Phase represents the current phase of the claim - type: string - required: - - phase - type: object - type: object - served: true - storage: true - subresources: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/openebs/openebs/2.11.0/charts/localpv-provisioner/charts/openebs-ndm/templates/NOTES.txt b/charts/openebs/openebs/2.11.0/charts/localpv-provisioner/charts/openebs-ndm/templates/NOTES.txt deleted file mode 100644 index 3c84551b5..000000000 --- a/charts/openebs/openebs/2.11.0/charts/localpv-provisioner/charts/openebs-ndm/templates/NOTES.txt +++ /dev/null @@ -1,8 +0,0 @@ -The OpenEBS Node Disk Manager has been installed. Check its status by running: -$ kubectl get pods -n {{ .Release.Namespace }} - -Use `kubectl get bd -n {{ .Release.Namespace }} ` to see the list of -blockdevices attached to the Kubernetes cluster nodes. - -For more information, visit our Slack at https://openebs.io/community or view -the documentation online at http://docs.openebs.io/. diff --git a/charts/openebs/openebs/2.11.0/charts/localpv-provisioner/charts/openebs-ndm/templates/_helpers.tpl b/charts/openebs/openebs/2.11.0/charts/localpv-provisioner/charts/openebs-ndm/templates/_helpers.tpl deleted file mode 100644 index e6d5b99dc..000000000 --- a/charts/openebs/openebs/2.11.0/charts/localpv-provisioner/charts/openebs-ndm/templates/_helpers.tpl +++ /dev/null @@ -1,132 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -This name is used for ndm daemonset -*/}} -{{- define "openebs-ndm.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "openebs-ndm.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified ndm daemonset app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "openebs-ndm.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains .Release.Name $name }} -{{- $name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{- define "openebs-ndm.operator.name" -}} -{{- $ndmName := default .Chart.Name .Values.ndmOperator.nameOverride | trunc 63 | trimSuffix "-" }} -{{- $componentName := .Values.ndmOperator.name | trunc 63 | trimSuffix "-" }} -{{- printf "%s-%s" $ndmName $componentName | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified ndm operator app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "openebs-ndm.operator.fullname" -}} -{{- if .Values.ndmOperator.fullnameOverride }} -{{- .Values.ndmOperator.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $ndmOperatorName := include "openebs-ndm.operator.name" .}} - -{{- $name := default $ndmOperatorName .Values.ndmOperator.nameOverride }} -{{- if contains .Release.Name $name }} -{{- $name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "openebs-ndm.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "openebs-ndm.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} - -{{/* -Define meta labels for ndm components -*/}} -{{- define "openebs-ndm.common.metaLabels" -}} -chart: {{ template "openebs-ndm.chart" . }} -heritage: {{ .Release.Service }} -openebs.io/version: {{ .Values.release.version | quote }} -{{- end -}} - - -{{/* -Create match labels for ndm daemonset component -*/}} -{{- define "openebs-ndm.matchLabels" -}} -app: {{ template "openebs-ndm.name" . }} -release: {{ .Release.Name }} -component: {{ .Values.ndm.componentName | quote }} -{{- end -}} - -{{/* -Create component labels for ndm daemonset component -*/}} -{{- define "openebs-ndm.componentLabels" -}} -openebs.io/component-name: {{ .Values.ndm.componentName | quote }} -{{- end -}} - - -{{/* -Create labels for ndm daemonset component -*/}} -{{- define "openebs-ndm.labels" -}} -{{ include "openebs-ndm.common.metaLabels" . }} -{{ include "openebs-ndm.matchLabels" . }} -{{ include "openebs-ndm.componentLabels" . }} -{{- end -}} - -{{/* -Create match labels for ndm operator deployment -*/}} -{{- define "openebs-ndm.operator.matchLabels" -}} -app: {{ template "openebs-ndm.operator.name" . }} -release: {{ .Release.Name }} -component: {{ default (include "openebs-ndm.operator.name" .) .Values.ndmOperator.componentName }} -{{- end -}} - -{{/* -Create component labels for ndm operator component -*/}} -{{- define "openebs-ndm.operator.componentLabels" -}} -openebs.io/component-name: {{ default (include "openebs-ndm.operator.name" .) .Values.ndmOperator.componentName }} -{{- end -}} - - -{{/* -Create labels for ndm operator component -*/}} -{{- define "openebs-ndm.operator.labels" -}} -{{ include "openebs-ndm.common.metaLabels" . }} -{{ include "openebs-ndm.operator.matchLabels" . }} -{{ include "openebs-ndm.operator.componentLabels" . }} -{{- end -}} diff --git a/charts/openebs/openebs/2.11.0/charts/localpv-provisioner/charts/openebs-ndm/templates/configmap.yaml b/charts/openebs/openebs/2.11.0/charts/localpv-provisioner/charts/openebs-ndm/templates/configmap.yaml deleted file mode 100644 index 337b0e593..000000000 --- a/charts/openebs/openebs/2.11.0/charts/localpv-provisioner/charts/openebs-ndm/templates/configmap.yaml +++ /dev/null @@ -1,38 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "openebs-ndm.fullname" . }}-config -data: - # node-disk-manager-config contains config of available probes and filters. - # Probes and Filters will initialize with default values if config for that - # filter or probe are not present in configmap - - # udev-probe is default or primary probe it should be enabled to run ndm - # filterconfigs contains configs of filters. To provide a group of include - # and exclude values add it as , separated string - node-disk-manager.config: | - probeconfigs: - - key: udev-probe - name: udev probe - state: {{ .Values.ndm.probes.enableUdevProbe }} - - key: seachest-probe - name: seachest probe - state: {{ .Values.ndm.probes.enableSeachest }} - - key: smart-probe - name: smart probe - state: {{ .Values.ndm.probes.enableSmartProbe }} - filterconfigs: - - key: os-disk-exclude-filter - name: os disk exclude filter - state: {{ .Values.ndm.filters.enableOsDiskExcludeFilter }} - exclude: "{{ .Values.ndm.filters.osDiskExcludePaths }}" - - key: vendor-filter - name: vendor filter - state: {{ .Values.ndm.filters.enableVendorFilter }} - include: "" - exclude: "{{ .Values.ndm.filters.excludeVendors }}" - - key: path-filter - name: path filter - state: {{ .Values.ndm.filters.enablePathFilter }} - include: "{{ .Values.ndm.filters.includePaths }}" - exclude: "{{ .Values.ndm.filters.excludePaths }}" diff --git a/charts/openebs/openebs/2.11.0/charts/localpv-provisioner/charts/openebs-ndm/templates/daemonset.yaml b/charts/openebs/openebs/2.11.0/charts/localpv-provisioner/charts/openebs-ndm/templates/daemonset.yaml deleted file mode 100644 index af66edfe5..000000000 --- a/charts/openebs/openebs/2.11.0/charts/localpv-provisioner/charts/openebs-ndm/templates/daemonset.yaml +++ /dev/null @@ -1,176 +0,0 @@ -{{- if .Values.ndm.enabled }} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ template "openebs-ndm.fullname" . }} - {{- with .Values.ndm.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} - labels: - {{- include "openebs-ndm.labels" . | nindent 4 }} -spec: - updateStrategy: -{{ toYaml .Values.ndm.updateStrategy | indent 4 }} - selector: - matchLabels: - {{- include "openebs-ndm.matchLabels" . | nindent 6 }} - template: - metadata: - {{- with .Values.ndm.podAnnotations }} - annotations: {{ toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "openebs-ndm.labels" . | nindent 8 }} - {{- with .Values.ndm.podLabels}} - {{ toYaml . | nindent 8 }} - {{- end}} - spec: - serviceAccountName: {{ template "openebs-ndm.serviceAccountName" . }} -{{- if .Values.featureGates.enabled }} -{{- if .Values.featureGates.APIService.enabled }} - hostPID: true -{{- end}} -{{- end}} - containers: - - name: {{ template "openebs-ndm.name" . }} - image: "{{ .Values.ndm.image.registry }}{{ .Values.ndm.image.repository }}:{{ .Values.ndm.image.tag }}" - args: - - -v=4 -{{- if .Values.featureGates.enabled }} -{{- if .Values.featureGates.GPTBasedUUID.enabled }} - - --feature-gates={{ .Values.featureGates.GPTBasedUUID.featureGateFlag }} -{{- end}} -{{- if .Values.featureGates.APIService.enabled }} - - --feature-gates={{ .Values.featureGates.APIService.featureGateFlag }} - - --api-service-address={{ .Values.featureGates.APIService.address }} -{{- end}} -{{- if .Values.featureGates.UseOSDisk.enabled }} - - --feature-gates={{ .Values.featureGates.UseOSDisk.featureGateFlag }} -{{- end}} -{{- if .Values.featureGates.MountChangeDetection.enabled }} - - --feature-gates={{ .Values.featureGates.MountChangeDetection.featureGateFlag }} -{{- end}} -{{- end}} - imagePullPolicy: {{ .Values.ndm.image.pullPolicy }} - resources: -{{ toYaml .Values.ndm.resources | indent 12 }} - securityContext: - privileged: true - env: - # namespace in which NDM is installed will be passed to NDM Daemonset - # as environment variable - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - # pass hostname as env variable using downward API to the NDM container - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName -{{- if .Values.ndm.sparse }} -{{- if .Values.ndm.sparse.path }} - # specify the directory where the sparse files need to be created. - # if not specified, then sparse files will not be created. - - name: SPARSE_FILE_DIR - value: "{{ .Values.ndm.sparse.path }}" -{{- end }} -{{- if .Values.ndm.sparse.size }} - # Size(bytes) of the sparse file to be created. - - name: SPARSE_FILE_SIZE - value: "{{ .Values.ndm.sparse.size }}" -{{- end }} -{{- if .Values.ndm.sparse.count }} - # Specify the number of sparse files to be created - - name: SPARSE_FILE_COUNT - value: "{{ .Values.ndm.sparse.count }}" -{{- end }} -{{- end }} - # Process name used for matching is limited to the 15 characters - # present in the pgrep output. - # So fullname can be used here with pgrep (cmd is < 15 chars). - livenessProbe: - exec: - command: - - pgrep - - "ndm" - initialDelaySeconds: {{ .Values.ndm.healthCheck.initialDelaySeconds }} - periodSeconds: {{ .Values.ndm.healthCheck.periodSeconds }} - volumeMounts: - - name: config - mountPath: /host/node-disk-manager.config - subPath: node-disk-manager.config - readOnly: true - - name: udev - mountPath: /run/udev - - name: procmount - mountPath: /host/proc - readOnly: true - - name: devmount - mountPath: /dev - - name: basepath - mountPath: /var/openebs/ndm -{{- if .Values.ndm.sparse }} -{{- if .Values.ndm.sparse.path }} - - name: sparsepath - mountPath: {{ .Values.ndm.sparse.path }} -{{- end }} -{{- end }} - volumes: - - name: config - configMap: - name: {{ include "openebs-ndm.fullname" . }}-config - - name: udev - hostPath: - path: /run/udev - type: Directory - # mount /proc (to access mount file of process 1 of host) inside container - # to read mount-point of disks and partitions - - name: procmount - hostPath: - path: /proc - type: Directory - - name: devmount - # the /dev directory is mounted so that we have access to the devices that - # are connected at runtime of the pod. - hostPath: - path: /dev - type: Directory - - name: basepath - hostPath: - path: "{{ .Values.varDirectoryPath.baseDir }}/ndm" - type: DirectoryOrCreate -{{- if .Values.ndm.sparse }} -{{- if .Values.ndm.sparse.path }} - - name: sparsepath - hostPath: - path: {{ .Values.ndm.sparse.path }} -{{- end }} -{{- end }} - # By default the node-disk-manager will be run on all kubernetes nodes - # If you would like to limit this to only some nodes, say the nodes - # that have storage attached, you could label those node and use - # nodeSelector. - # - # e.g. label the storage nodes with - "openebs.io/nodegroup"="storage-node" - # kubectl label node "openebs.io/nodegroup"="storage-node" - #nodeSelector: - # "openebs.io/nodegroup": "storage-node" -{{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 6 }} -{{- end }} -{{- if .Values.ndm.nodeSelector }} - nodeSelector: -{{ toYaml .Values.ndm.nodeSelector | indent 8 }} -{{- end }} -{{- if .Values.ndm.tolerations }} - tolerations: -{{ toYaml .Values.ndm.tolerations | indent 8 }} -{{- end }} -{{- if .Values.ndm.securityContext }} - securityContext: -{{ toYaml .Values.ndm.securityContext | indent 8 }} -{{- end }} - hostNetwork: true -{{- end }} diff --git a/charts/openebs/openebs/2.11.0/charts/localpv-provisioner/charts/openebs-ndm/templates/deployment.yaml b/charts/openebs/openebs/2.11.0/charts/localpv-provisioner/charts/openebs-ndm/templates/deployment.yaml deleted file mode 100644 index 4a54dc777..000000000 --- a/charts/openebs/openebs/2.11.0/charts/localpv-provisioner/charts/openebs-ndm/templates/deployment.yaml +++ /dev/null @@ -1,87 +0,0 @@ -{{- if .Values.ndmOperator.enabled }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "openebs-ndm.operator.fullname" . }} - {{- with .Values.ndmOperator.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} - labels: - {{- include "openebs-ndm.operator.labels" . | nindent 4 }} -spec: - replicas: {{ .Values.ndmOperator.replicas }} - strategy: - type: "Recreate" - rollingUpdate: null - selector: - matchLabels: - {{- include "openebs-ndm.operator.matchLabels" . | nindent 6 }} - template: - metadata: - {{- with .Values.ndmOperator.podAnnotations }} - annotations: {{ toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "openebs-ndm.operator.labels" . | nindent 8 }} - {{- with .Values.ndmOperator.podLabels}} - {{ toYaml . | nindent 8 }} - {{- end}} - spec: - serviceAccountName: {{ template "openebs-ndm.serviceAccountName" . }} - containers: - - name: {{ template "openebs-ndm.operator.fullname" . }} - image: "{{ .Values.ndmOperator.image.registry }}{{ .Values.ndmOperator.image.repository }}:{{ .Values.ndmOperator.image.tag }}" - imagePullPolicy: {{ .Values.ndmOperator.image.pullPolicy }} - resources: -{{ toYaml .Values.ndmOperator.resources | indent 12 }} - livenessProbe: - httpGet: - path: /healthz - port: 8585 - initialDelaySeconds: {{ .Values.ndmOperator.healthCheck.initialDelaySeconds }} - periodSeconds: {{ .Values.ndmOperator.healthCheck.periodSeconds }} - readinessProbe: - httpGet: - path: /readyz - port: 8585 - initialDelaySeconds: {{ .Values.ndmOperator.readinessCheck.initialDelaySeconds }} - periodSeconds: {{ .Values.ndmOperator.readinessCheck.periodSeconds }} - env: - - name: WATCH_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: OPERATOR_NAME - value: "node-disk-operator" - - name: CLEANUP_JOB_IMAGE - value: "{{ .Values.helperPod.image.registry }}{{ .Values.helperPod.image.repository }}:{{ .Values.helperPod.image.tag }}" -{{- if .Values.imagePullSecrets }} - - name: OPENEBS_IO_IMAGE_PULL_SECRETS - value: "{{- range $index, $secret := .Values.imagePullSecrets}}{{if $index}},{{end}}{{ $secret.name }}{{- end}}" -{{- end }} -{{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 6 }} -{{- end }} -{{- if .Values.ndmOperator.nodeSelector }} - nodeSelector: -{{ toYaml .Values.ndmOperator.nodeSelector | indent 8 }} -{{- end }} -{{- if .Values.ndmOperator.securityContext }} - securityContext: -{{ toYaml .Values.ndmOperator.securityContext | indent 8 }} -{{- end }} -{{- if .Values.ndmOperator.tolerations }} - tolerations: -{{ toYaml .Values.ndmOperator.tolerations | indent 8 }} -{{- end }} -{{- end }} diff --git a/charts/openebs/openebs/2.11.0/charts/localpv-provisioner/charts/openebs-ndm/templates/rbac.yaml b/charts/openebs/openebs/2.11.0/charts/localpv-provisioner/charts/openebs-ndm/templates/rbac.yaml deleted file mode 100644 index 8e81c4922..000000000 --- a/charts/openebs/openebs/2.11.0/charts/localpv-provisioner/charts/openebs-ndm/templates/rbac.yaml +++ /dev/null @@ -1,44 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "openebs-ndm.serviceAccountName" . }} -{{- end }} ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ include "openebs-ndm.fullname" . }} -rules: - - apiGroups: ["*"] - resources: ["nodes", "pods", "events", "configmaps", "jobs"] - verbs: - - '*' - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: - - '*' - - apiGroups: - - openebs.io - resources: - - blockdevices - - blockdeviceclaims - verbs: - - '*' ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ include "openebs-ndm.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ include "openebs-ndm.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - - kind: User - name: system:serviceaccount:default:default - apiGroup: rbac.authorization.k8s.io -roleRef: - kind: ClusterRole - name: {{ include "openebs-ndm.fullname" . }} - apiGroup: rbac.authorization.k8s.io ---- diff --git a/charts/openebs/openebs/2.11.0/charts/localpv-provisioner/charts/openebs-ndm/values.yaml b/charts/openebs/openebs/2.11.0/charts/localpv-provisioner/charts/openebs-ndm/values.yaml deleted file mode 100644 index 14928d497..000000000 --- a/charts/openebs/openebs/2.11.0/charts/localpv-provisioner/charts/openebs-ndm/values.yaml +++ /dev/null @@ -1,121 +0,0 @@ -# Default values for ndm. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. -release: - version: "1.6.0" - -imagePullSecrets: -# - name: "image-pull-secret" - -ndm: - componentName: ndm - enabled: true - image: - # Make sure that registry name end with a '/'. - # For example : quay.io/ is a correct value here and quay.io is incorrect - registry: - repository: openebs/node-disk-manager - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: 1.6.0 - sparse: - path: "/var/openebs/sparse" - size: "10737418240" - count: "0" - updateStrategy: - type: RollingUpdate - annotations: {} - podAnnotations: {} - resources: {} - # limits: - # cpu: 10m - # memory: 32Mi - # requests: - # cpu: 10m - # memory: 32Mi - ## Labels to be added to ndm daemonset pods - podLabels: - name: openebs-ndm - nodeSelector: {} - tolerations: [] - securityContext: {} - filters: - enableOsDiskExcludeFilter: true - osDiskExcludePaths: "/,/etc/hosts,/boot" - enableVendorFilter: true - excludeVendors: "CLOUDBYT,OpenEBS" - enablePathFilter: true - includePaths: "" - excludePaths: "loop,fd0,sr0,/dev/ram,/dev/dm-,/dev/md,/dev/rbd,/dev/zd" - probes: - enableSeachest: false - enableUdevProbe: true - enableSmartProbe: true - healthCheck: - initialDelaySeconds: 30 - periodSeconds: 60 - -ndmOperator: - name: operator - enabled: true - image: - registry: - repository: openebs/node-disk-operator - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: 1.6.0 - podLabels: - name: openebs-ndm-operator - annotations: {} - podAnnotations: {} - nodeSelector: {} - resources: {} - securityContext: {} - tolerations: [] - healthCheck: - initialDelaySeconds: 15 - periodSeconds: 20 - readinessCheck: - initialDelaySeconds: 5 - periodSeconds: 10 - replicas: 1 - upgradeStrategy: Recreate - -helperPod: - image: - registry: "" - repository: openebs/linux-utils - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: 2.11.0 - -crd: - enableInstall: false - -featureGates: - enabled: true - GPTBasedUUID: - enabled: true - featureGateFlag: "GPTBasedUUID" - APIService: - enabled: false - featureGateFlag: "APIService" - address: "0.0.0.0:9115" - UseOSDisk: - enabled: false - featureGateFlag: "UseOSDisk" - MountChangeDetection: - enabled: false - featureGateFlag: "MountChangeDetection" - -# Directory used by the OpenEBS to store debug information and so forth -# that are generated in the course of running OpenEBS containers. -varDirectoryPath: - baseDir: "/var/openebs" - -serviceAccount: - # Specifies whether a service account should be created - create: true - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: openebs-ndm diff --git a/charts/openebs/openebs/2.11.0/charts/localpv-provisioner/templates/NOTES.txt b/charts/openebs/openebs/2.11.0/charts/localpv-provisioner/templates/NOTES.txt deleted file mode 100644 index a2a0aea84..000000000 --- a/charts/openebs/openebs/2.11.0/charts/localpv-provisioner/templates/NOTES.txt +++ /dev/null @@ -1,12 +0,0 @@ -The OpenEBS Dynamic LocalPV Provisioner has been installed. -Check its status by running: -$ kubectl get pods -n {{ .Release.Namespace }} - -Use `kubectl get bd -n {{ .Release.Namespace }}` to list the -blockdevices attached to the Kubernetes cluster nodes. - -Get started with the Dynamic LocalPV Provisioner Quickstart guide at: -https://github.com/openebs/dynamic-localpv-provisioner/blob/develop/docs/quickstart.md - -For more information, visit our Slack at https://openebs.io/community or view -the OpenEBS documentation online at https://docs.openebs.io. diff --git a/charts/openebs/openebs/2.11.0/charts/localpv-provisioner/templates/_helpers.tpl b/charts/openebs/openebs/2.11.0/charts/localpv-provisioner/templates/_helpers.tpl deleted file mode 100644 index ea1ce3111..000000000 --- a/charts/openebs/openebs/2.11.0/charts/localpv-provisioner/templates/_helpers.tpl +++ /dev/null @@ -1,79 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "localpv.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified localpv provisioner name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "localpv.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "localpv.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - - -{{/* -Meta labels -*/}} -{{- define "localpv.common.metaLabels" -}} -chart: {{ template "localpv.chart" . }} -heritage: {{ .Release.Service }} -openebs.io/version: {{ .Values.release.version | quote }} -{{- end -}} - -{{/* -Selector labels -*/}} -{{- define "localpv.selectorLabels" -}} -app: {{ template "localpv.name" . }} -release: {{ .Release.Name }} -component: {{ .Values.localpv.name | quote }} -{{- end -}} - -{{/* -Component labels -*/}} -{{- define "localpv.componentLabels" -}} -openebs.io/component-name: openebs-{{ .Values.localpv.name }} -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "localpv.labels" -}} -{{ include "localpv.common.metaLabels" . }} -{{ include "localpv.selectorLabels" . }} -{{ include "localpv.componentLabels" . }} -{{- end -}} - - -{{/* -Create the name of the service account to use -*/}} -{{- define "localpv.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "localpv.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} diff --git a/charts/openebs/openebs/2.11.0/charts/localpv-provisioner/templates/deployment.yaml b/charts/openebs/openebs/2.11.0/charts/localpv-provisioner/templates/deployment.yaml deleted file mode 100644 index bc736d981..000000000 --- a/charts/openebs/openebs/2.11.0/charts/localpv-provisioner/templates/deployment.yaml +++ /dev/null @@ -1,114 +0,0 @@ -{{- if .Values.localpv.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "localpv.fullname" . }} - {{- with .Values.localpv.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} - labels: - {{- include "localpv.labels" . | nindent 4 }} -spec: - replicas: {{ .Values.localpv.replicas }} - strategy: - type: "Recreate" - rollingUpdate: null - selector: - matchLabels: - {{- include "localpv.selectorLabels" . | nindent 6 }} - template: - metadata: - {{- with .Values.localpv.podAnnotations }} - annotations: {{ toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "localpv.labels" . | nindent 8 }} - {{- with .Values.localpv.podLabels }} - {{ toYaml . | nindent 8 }} - {{- end }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ template "localpv.serviceAccountName" . }} - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - containers: - - name: {{ template "localpv.fullname" . }} - image: "{{ .Values.localpv.image.registry }}{{ .Values.localpv.image.repository }}:{{ .Values.localpv.image.tag }}" - imagePullPolicy: {{ .Values.localpv.image.pullPolicy }} - resources: -{{ toYaml .Values.localpv.resources | indent 10 }} - env: - # OPENEBS_IO_K8S_MASTER enables openebs provisioner to connect to K8s - # based on this address. This is ignored if empty. - # This is supported for openebs provisioner version 0.5.2 onwards - #- name: OPENEBS_IO_K8S_MASTER - # value: "http://10.128.0.12:8080" - # OPENEBS_IO_KUBE_CONFIG enables openebs provisioner to connect to K8s - # based on this config. This is ignored if empty. - # This is supported for openebs provisioner version 0.5.2 onwards - #- name: OPENEBS_IO_KUBE_CONFIG - # value: "/home/ubuntu/.kube/config" - # OPENEBS_NAMESPACE is the namespace that this provisioner will - # lookup to find maya api service - - name: OPENEBS_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - # OPENEBS_SERVICE_ACCOUNT provides the service account of this pod as - # environment variable - - name: OPENEBS_SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - # OPENEBS_IO_BASE_PATH is the environment variable that provides the - # default base path on the node where host-path PVs will be provisioned. - - name: OPENEBS_IO_ENABLE_ANALYTICS - value: "{{ .Values.analytics.enabled }}" - - name: OPENEBS_IO_BASE_PATH - value: "{{ .Values.localpv.basePath }}" - - name: OPENEBS_IO_HELPER_IMAGE - value: "{{ .Values.helperPod.image.registry }}{{ .Values.helperPod.image.repository }}:{{ .Values.helperPod.image.tag }}" - - name: OPENEBS_IO_INSTALLER_TYPE - value: "charts-helm" - # LEADER_ELECTION_ENABLED is used to enable/disable leader election. By default - # leader election is enabled. - - name: LEADER_ELECTION_ENABLED - value: "{{ .Values.localpv.enableLeaderElection }}" -{{- if .Values.imagePullSecrets }} - - name: OPENEBS_IO_IMAGE_PULL_SECRETS - value: "{{- range $index, $secret := .Values.imagePullSecrets}}{{if $index}},{{end}}{{ $secret.name }}{{- end}}" -{{- end }} - # Process name used for matching is limited to the 15 characters - # present in the pgrep output. - # So fullname can't be used here with pgrep (>15 chars).A regular expression - # that matches the entire command name has to specified. - # Anchor `^` : matches any string that starts with `provisioner-loc` - # `.*`: matches any string that has `provisioner-loc` followed by zero or more char - livenessProbe: - exec: - command: - - sh - - -c - - test `pgrep -c "^provisioner-loc.*"` = 1 - initialDelaySeconds: {{ .Values.localpv.healthCheck.initialDelaySeconds }} - periodSeconds: {{ .Values.localpv.healthCheck.periodSeconds }} -{{- if .Values.localpv.nodeSelector }} - nodeSelector: -{{ toYaml .Values.localpv.nodeSelector | indent 8 }} -{{- end }} -{{- if .Values.localpv.tolerations }} - tolerations: -{{ toYaml .Values.localpv.tolerations | indent 8 }} -{{- end }} -{{- if .Values.localpv.affinity }} - affinity: -{{ toYaml .Values.localpv.affinity | indent 8 }} -{{- end }} -{{- end }} diff --git a/charts/openebs/openebs/2.11.0/charts/localpv-provisioner/templates/device-class.yaml b/charts/openebs/openebs/2.11.0/charts/localpv-provisioner/templates/device-class.yaml deleted file mode 100644 index f7cf95465..000000000 --- a/charts/openebs/openebs/2.11.0/charts/localpv-provisioner/templates/device-class.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if .Values.deviceClass.enabled }} -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - name: {{ .Values.deviceClass.name }} - annotations: - openebs.io/cas-type: local - cas.openebs.io/config: | - - name: StorageType - value: "device" -{{- if .Values.deviceClass.fsType }} - - name: FSType - value: {{ .Values.deviceClass.fsType }} -{{- end }} -{{- if .Values.deviceClass.blockDeviceTag }} - - name: BlockDeviceTag - value: {{ .Values.deviceClass.blockDeviceTag }} -{{- end }} -{{- if .Values.deviceClass.isDefaultClass }} - storageclass.kubernetes.io/is-default-class: "true" -{{- end }} -provisioner: openebs.io/local -volumeBindingMode: WaitForFirstConsumer -reclaimPolicy: {{ .Values.deviceClass.reclaimPolicy }} -{{- end }} diff --git a/charts/openebs/openebs/2.11.0/charts/localpv-provisioner/templates/hostpath-class.yaml b/charts/openebs/openebs/2.11.0/charts/localpv-provisioner/templates/hostpath-class.yaml deleted file mode 100644 index d4fbfd3d2..000000000 --- a/charts/openebs/openebs/2.11.0/charts/localpv-provisioner/templates/hostpath-class.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if .Values.hostpathClass.enabled }} -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - name: {{ .Values.hostpathClass.name }} - annotations: - openebs.io/cas-type: local - cas.openebs.io/config: | - - name: StorageType - value: "hostpath" -{{- if .Values.hostpathClass.basePath }} - - name: BasePath - value: {{ .Values.hostpathClass.basePath }} -{{- end }} -{{- if .Values.hostpathClass.nodeAffinityLabel }} - - name: NodeAffinityLabel - value: {{ .Values.hostpathClass.nodeAffinityLabel }} -{{- end }} -{{- if .Values.hostpathClass.isDefaultClass }} - storageclass.kubernetes.io/is-default-class: "true" -{{- end }} -provisioner: openebs.io/local -volumeBindingMode: WaitForFirstConsumer -reclaimPolicy: {{ .Values.hostpathClass.reclaimPolicy }} -{{- end }} diff --git a/charts/openebs/openebs/2.11.0/charts/localpv-provisioner/templates/psp.yaml b/charts/openebs/openebs/2.11.0/charts/localpv-provisioner/templates/psp.yaml deleted file mode 100644 index ec64aad40..000000000 --- a/charts/openebs/openebs/2.11.0/charts/localpv-provisioner/templates/psp.yaml +++ /dev/null @@ -1,30 +0,0 @@ -{{- if .Values.rbac.pspEnabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "localpv.fullname" . }}-psp - {{- with .Values.localpv.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} - labels: - {{- include "localpv.labels" . | nindent 4 }} -spec: - privileged: {{ .Values.localpv.privileged }} - allowPrivilegeEscalation: true - allowedCapabilities: ['*'] - volumes: ['*'] - hostNetwork: true - hostPorts: - - min: 0 - max: 65535 - hostIPC: true - hostPID: true - runAsUser: - rule: 'RunAsAny' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'RunAsAny' - fsGroup: - rule: 'RunAsAny' -{{- end }} diff --git a/charts/openebs/openebs/2.11.0/charts/localpv-provisioner/templates/rbac.yaml b/charts/openebs/openebs/2.11.0/charts/localpv-provisioner/templates/rbac.yaml deleted file mode 100644 index 04cd5409c..000000000 --- a/charts/openebs/openebs/2.11.0/charts/localpv-provisioner/templates/rbac.yaml +++ /dev/null @@ -1,99 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "localpv.serviceAccountName" . }} - labels: - {{- include "localpv.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} -{{- if .Values.rbac.create }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "localpv.fullname" . }} - {{- with .Values.localpv.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} - labels: - {{- include "localpv.labels" . | nindent 4 }} -rules: -- apiGroups: ["*"] - resources: ["nodes"] - verbs: ["get", "list", "watch"] -- apiGroups: ["*"] - resources: ["namespaces", "pods", "events", "endpoints"] - verbs: ["*"] -- apiGroups: ["*"] - resources: ["resourcequotas", "limitranges"] - verbs: ["list", "watch"] -- apiGroups: ["*"] - resources: ["storageclasses", "persistentvolumeclaims", "persistentvolumes"] - verbs: ["*"] -- apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: [ "get", "list", "create", "update", "delete", "patch"] -- apiGroups: ["openebs.io"] - resources: [ "*"] - verbs: ["*" ] -- nonResourceURLs: ["/metrics"] - verbs: ["get"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "localpv.fullname" . }} - {{- with .Values.localpv.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} - labels: - {{- include "localpv.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "localpv.fullname" . }} -subjects: -- kind: ServiceAccount - name: {{ template "localpv.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- if .Values.rbac.pspEnabled }} ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ template "localpv.fullname" . }}-psp - {{- with .Values.localpv.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} - labels: - {{- include "localpv.labels" . | nindent 4 }} -rules: -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "localpv.fullname" . }}-psp ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "localpv.fullname" . }}-psp - {{- with .Values.localpv.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} - labels: - {{- include "localpv.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "localpv.fullname" . }}-psp -subjects: - - kind: ServiceAccount - name: {{ template "localpv.serviceAccountName" . }} - namespace: {{ $.Release.Namespace }} -{{- end }} -{{- end }} diff --git a/charts/openebs/openebs/2.11.0/charts/localpv-provisioner/values.yaml b/charts/openebs/openebs/2.11.0/charts/localpv-provisioner/values.yaml deleted file mode 100644 index 0d9fb270f..000000000 --- a/charts/openebs/openebs/2.11.0/charts/localpv-provisioner/values.yaml +++ /dev/null @@ -1,121 +0,0 @@ -# Default values for localpv. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -release: - version: "2.11.0" - -rbac: - # rbac.create: `true` if rbac resources should be created - create: true - # rbac.pspEnabled: `true` if PodSecurityPolicy resources should be created - pspEnabled: false - -# If false, openebs NDM sub-chart will not be installed -openebsNDM: - enabled: true - -localpv: - name: localpv-provisioner - enabled: true - image: - # Make sure that registry name end with a '/'. - # For example : quay.io/ is a correct value here and quay.io is incorrect - registry: - repository: openebs/provisioner-localpv - tag: 2.11.0 - pullPolicy: IfNotPresent - updateStrategy: - type: RollingUpdate - # If set to false, containers created by the localpv provisioner will run without extra privileges. - privileged: true - annotations: {} - podAnnotations: {} - ## Labels to be added to localpv provisioner deployment pods - podLabels: - name: openebs-localpv-provisioner - healthCheck: - initialDelaySeconds: 30 - periodSeconds: 60 - replicas: 1 - enableLeaderElection: true - basePath: "/var/openebs/local" - resources: - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - nodeSelector: {} - tolerations: [] - affinity: {} - securityContext: {} - -imagePullSecrets: -# - name: img-pull-secret - -podSecurityContext: {} - # fsGroup: 2000 - -nameOverride: "" -fullnameOverride: "" - -serviceAccount: - # Specifies whether a service account should be created - create: true - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: - -deviceClass: - # Name of default device StorageClass. - name: openebs-device - # If true, enables creation of the openebs-device StorageClass - enabled: true - # Available reclaim policies: Delete/Retain, defaults: Delete. - reclaimPolicy: Delete - # If true, sets the openebs-device StorageClass as the default StorageClass - isDefaultClass: false - fsType: "ext4" - # Label block devices in the cluster that you would like the openEBS localPV - # Provisioner to pick up those specific block devices available on the node. - # - # To read more: https://docs.openebs.io/docs/next/uglocalpv-device.html#optional-block-device-tagging - blockDeviceTag: "" - -hostpathClass: - # Name of the default hostpath StorageClass - name: openebs-hostpath - # If true, enables creation of the openebs-hostpath StorageClass - enabled: true - # Available reclaim policies: Delete/Retain, defaults: Delete. - reclaimPolicy: Delete - # If true, sets the openebs-hostpath StorageClass as the default StorageClass - isDefaultClass: false - # Path on the host where local volumes of this storage class are mounted under. - basePath: "/var/openebs/local" - # Custom node affinity label for example "openebs.io/node-affinity-value" that will be - # used instead of hostnames - # This helps in cases where the hostname changes when the node is removed and - # added back with the disks still intact. - nodeAffinityLabel: "" - -helperPod: - image: - registry: "" - repository: openebs/linux-utils - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: 2.11.0 - -analytics: - enabled: true - # Specify in hours the duration after which a ping event needs to be sent. - pingInterval: "24h" diff --git a/charts/openebs/openebs/2.11.0/charts/lvm-localpv/.helmignore b/charts/openebs/openebs/2.11.0/charts/lvm-localpv/.helmignore deleted file mode 100644 index 0e8a0eb36..000000000 --- a/charts/openebs/openebs/2.11.0/charts/lvm-localpv/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/openebs/openebs/2.11.0/charts/lvm-localpv/Chart.yaml b/charts/openebs/openebs/2.11.0/charts/lvm-localpv/Chart.yaml deleted file mode 100644 index cd411ff8f..000000000 --- a/charts/openebs/openebs/2.11.0/charts/lvm-localpv/Chart.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v2 -appVersion: 0.7.0 -description: CSI Driver for dynamic provisioning of LVM Persistent Local Volumes. -home: http://www.openebs.io/ -icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/openebs/icon/color/openebs-icon-color.png -keywords: -- cloud-native-storage -- block-storage -- filesystem -- LVM -- Local Persistent Volumes -- storage -maintainers: -- email: prateek.pandey@mayadata.io - name: prateekpandey14 -- email: pawan@mayadata.io - name: pawanpraka1 -- email: yashpal.c1995@gmail.com - name: iyashu -name: lvm-localpv -sources: -- https://github.com/openebs/lvm-localpv -version: 0.7.0 diff --git a/charts/openebs/openebs/2.11.0/charts/lvm-localpv/README.md b/charts/openebs/openebs/2.11.0/charts/lvm-localpv/README.md deleted file mode 100644 index 733e8df80..000000000 --- a/charts/openebs/openebs/2.11.0/charts/lvm-localpv/README.md +++ /dev/null @@ -1,159 +0,0 @@ - -# OpenEBS LocalPV Provisioner - -[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0) -![Chart Lint and Test](https://github.com/openebs/lvm-localpv/workflows/Chart%20Lint%20and%20Test/badge.svg) -![Release Charts](https://github.com/openebs/lvm-localpv/workflows/Release%20Charts/badge.svg?branch=develop) - -A Helm chart for openebs lvm localpv provisioner. This chart bootstraps OpenEBS LVM LocalPV provisioner deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - - -**Homepage:** - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| pawanpraka1 | pawan@mayadata.io | | -| prateekpandey14 | prateek.pandey@mayadata.io | | -| iyashu | yashpal.c1995@gmail.com | | - - -## Get Repo Info - -```console -helm repo add openebs-lvmlocalpv https://openebs.github.io/lvm-localpv -helm repo update -``` - -_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ - -## Install Chart - -Please visit the [link](https://openebs.github.io/lvm-localpv/) for install instructions via helm3. - -```console -# Helm -$ helm install [RELEASE_NAME] openebs-lvmlocalpv/lvm-localpv --namespace [NAMESPACE] -``` - -
- Click here if you're using MicroK8s. - - ```console - microk8s helm3 install [RELEASE_NAME] openebs-lvmlocalpv/lvm-localpv --namespace [NAMESPACE] --set-string lvmNode.kubeletDir="/var/snap/microk8s/common/var/lib/kubelet/" - ``` -
- - -**Note:** If moving from the operator to helm -- Make sure the namespace provided in the helm install command is same as `LVM_NAMESPACE` (by default it is `openebs`) env in the controller statefulset. -- Before installing, clean up the stale statefulset and daemonset from `kube-system` namespace using the below commands -```sh -kubectl delete sts openebs-lvm-controller -n kube-system -kubectl delete ds openebs-lvm-node -n kube-system -``` - - -_See [configuration](#configuration) below._ - -_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._ - -## Uninstall Chart - -```console -# Helm -$ helm uninstall [RELEASE_NAME] -``` - -This removes all the Kubernetes components associated with the chart and deletes the release. - -_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._ - -## Upgrading Chart - -```console -# Helm -$ helm upgrade [RELEASE_NAME] [CHART] --install --namespace [NAMESPACE] -``` - -## Configuration - -The following table lists the configurable parameters of the OpenEBS LVM Localpv chart and their default values. - -```console -helm install openebs-lvmlocalpv openebs-lvmlocalpv/lvm-localpv --namespace openebs --create-namespace -``` -
- Click here if you're using MicroK8s. - - If you are using MicroK8s, it is necessary to add the following flag: - - ```console - --set-string lvmNode.kubeletDir="/var/snap/microk8s/common/var/lib/kubelet/" - ``` -
- -| Parameter| Description| Default| -| -| -| -| -| `imagePullSecrets`| Provides image pull secrect| `""`| -| `lvmPlugin.image.registry`| Registry for openebs-lvm-plugin image| `""`| -| `lvmPlugin.image.repository`| Image repository for openebs-lvm-plugin| `openebs/lvm-driver`| -| `lvmPlugin.image.pullPolicy`| Image pull policy for openebs-lvm-plugin| `IfNotPresent`| -| `lvmPlugin.image.tag`| Image tag for openebs-lvm-plugin| `0.7.0`| -| `lvmPlugin.metricsPort`| The TCP port number used for exposing lvm-metrics | `9500`| -| `lvmNode.driverRegistrar.image.registry`| Registry for csi-node-driver-registrar image| `k8s.gcr.io/`| -| `lvmNode.driverRegistrar.image.repository`| Image repository for csi-node-driver-registrar| `sig-storage/csi-node-driver-registrar`| -| `lvmNode.driverRegistrar.image.pullPolicy`| Image pull policy for csi-node-driver-registrar| `IfNotPresent`| -| `lvmNode.driverRegistrar.image.tag`| Image tag for csi-node-driver-registrar| `v1.2.0`| -| `lvmNode.updateStrategy.type`| Update strategy for lvmnode daemonset | `RollingUpdate` | -| `lvmNode.kubeletDir`| Kubelet mount point for lvmnode daemonset| `"/var/lib/kubelet/"` | -| `lvmNode.annotations` | Annotations for lvmnode daemonset metadata| `""`| -| `lvmNode.podAnnotations`| Annotations for lvmnode daemonset's pods metadata | `""`| -| `lvmNode.resources`| Resource and request and limit for lvmnode daemonset containers | `""`| -| `lvmNode.labels`| Labels for lvmnode daemonset metadata | `""`| -| `lvmNode.podLabels`| Appends labels to the lvmnode daemonset pods| `""`| -| `lvmNode.nodeSelector`| Nodeselector for lvmnode daemonset pods| `""`| -| `lvmNode.tolerations` | lvmnode daemonset's pod toleration values | `""`| -| `lvmNode.securityContext` | Security context for lvmnode daemonset container | `""`| -| `lvmController.resizer.image.registry`| Registry for csi-resizer image| `k8s.gcr.io/`| -| `lvmController.resizer.image.repository`| Image repository for csi-resizer| `sig-storage/csi-resizer`| -| `lvmController.resizer.image.pullPolicy`| Image pull policy for csi-resizer| `IfNotPresent`| -| `lvmController.resizer.image.tag`| Image tag for csi-resizer| `v1.1.0`| -| `lvmController.snapshotter.image.registry`| Registry for csi-snapshotter image| `k8s.gcr.io/`| -| `lvmController.snapshotter.image.repository`| Image repository for csi-snapshotter| `sig-storage/csi-snapshotter`| -| `lvmController.snapshotter.image.pullPolicy`| Image pull policy for csi-snapshotter| `IfNotPresent`| -| `lvmController.snapshotter.image.tag`| Image tag for csi-snapshotter| `v4.0.0`| -| `lvmController.snapshotController.image.registry`| Registry for snapshot-controller image| `k8s.gcr.io/`| -| `lvmController.snapshotController.image.repository`| Image repository for snapshot-controller| `sig-storage/snapshot-controller`| -| `lvmController.snapshotController.image.pullPolicy`| Image pull policy for snapshot-controller| `IfNotPresent`| -| `lvmController.snapshotController.image.tag`| Image tag for snapshot-controller| `v4.0.0`| -| `lvmController.provisioner.image.registry`| Registry for csi-provisioner image| `k8s.gcr.io/`| -| `lvmController.provisioner.image.repository`| Image repository for csi-provisioner| `sig-storage/csi-provisioner`| -| `lvmController.provisioner.image.pullPolicy`| Image pull policy for csi-provisioner| `IfNotPresent`| -| `lvmController.provisioner.image.tag`| Image tag for csi-provisioner| `v2.1.0`| -| `lvmController.updateStrategy.type`| Update strategy for lvm localpv controller statefulset | `RollingUpdate` | -| `lvmController.annotations` | Annotations for lvm localpv controller statefulset metadata| `""`| -| `lvmController.podAnnotations`| Annotations for lvm localpv controller statefulset's pods metadata | `""`| -| `lvmController.resources`| Resource and request and limit for lvm localpv controller statefulset containers | `""`| -| `lvmController.labels`| Labels for lvm localpv controller statefulset metadata | `""`| -| `lvmController.podLabels`| Appends labels to the lvm localpv controller statefulset pods| `""`| -| `lvmController.nodeSelector`| Nodeselector for lvm localpv controller statefulset pods| `""`| -| `lvmController.tolerations` | lvm localpv controller statefulset's pod toleration values | `""`| -| `lvmController.securityContext` | Seurity context for lvm localpv controller statefulset container | `""`| -| `rbac.pspEnabled` | Enable PodSecurityPolicy | `false` | -| `serviceAccount.lvmNode.create` | Create a service account for lvmnode or not| `true`| -| `serviceAccount.lvmNode.name` | Name for the lvmnode service account| `openebs-lvm-node-sa`| -| `serviceAccount.lvmController.create` | Create a service account for lvm localpv controller or not| `true`| -| `serviceAccount.lvmController.name` | Name for the lvm localpv controller service account| `openebs-lvm-controller-sa`| -| `analytics.enabled` | Enable or Disable google analytics for the controller| `true`| - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```bash -helm install -f values.yaml openebs/lvm-localpv -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) diff --git a/charts/openebs/openebs/2.11.0/charts/lvm-localpv/crds/lvmnode.yaml b/charts/openebs/openebs/2.11.0/charts/lvm-localpv/crds/lvmnode.yaml deleted file mode 100644 index d2aed0c65..000000000 --- a/charts/openebs/openebs/2.11.0/charts/lvm-localpv/crds/lvmnode.yaml +++ /dev/null @@ -1,110 +0,0 @@ - - -############################################## -########### ############ -########### LVMNode CRD ############ -########### ############ -############################################## - -# LVMNode CRD is autogenerated via `make manifests` command. -# Do the modification in the code and run the `make manifests` command -# to generate the CRD definition - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.0 - creationTimestamp: null - name: lvmnodes.local.openebs.io -spec: - group: local.openebs.io - names: - kind: LVMNode - listKind: LVMNodeList - plural: lvmnodes - shortNames: - - lvmnode - singular: lvmnode - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: LVMNode records information about all lvm volume groups available - in a node. In general, the openebs node-agent creates the LVMNode object - & periodically synchronizing the volume groups available in the node. LVMNode - has an owner reference pointing to the corresponding node object. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - volumeGroups: - items: - description: VolumeGroup specifies attributes of a given vg exists on - node. - properties: - free: - anyOf: - - type: integer - - type: string - description: Free specifies the available capacity of volume group. - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - lvCount: - description: LVCount denotes total number of logical volumes in - volume group. - format: int32 - minimum: 0 - type: integer - name: - description: Name of the lvm volume group. - minLength: 1 - type: string - pvCount: - description: PVCount denotes total number of physical volumes constituting - the volume group. - format: int32 - minimum: 0 - type: integer - size: - anyOf: - - type: integer - - type: string - description: Size specifies the total size of volume group. - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - uuid: - description: UUID denotes a unique identity of a lvm volume group. - minLength: 1 - type: string - required: - - free - - lvCount - - name - - pvCount - - size - - uuid - type: object - type: array - required: - - volumeGroups - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/openebs/openebs/2.11.0/charts/lvm-localpv/crds/lvmsnapshot.yaml b/charts/openebs/openebs/2.11.0/charts/lvm-localpv/crds/lvmsnapshot.yaml deleted file mode 100644 index 63458c13d..000000000 --- a/charts/openebs/openebs/2.11.0/charts/lvm-localpv/crds/lvmsnapshot.yaml +++ /dev/null @@ -1,109 +0,0 @@ - - -############################################## -########### ############ -########### LVMSnapshot CRD ############ -########### ############ -############################################## - -# LVMSnapshot CRD is autogenerated via `make manifests` command. -# Do the modification in the code and run the `make manifests` command -# to generate the CRD definition - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.0 - creationTimestamp: null - name: lvmsnapshots.local.openebs.io -spec: - group: local.openebs.io - names: - kind: LVMSnapshot - listKind: LVMSnapshotList - plural: lvmsnapshots - singular: lvmsnapshot - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: LVMSnapshot represents an LVM Snapshot of the lvm volume - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: VolumeInfo defines LVM info - properties: - capacity: - description: Capacity of the volume - minLength: 1 - type: string - ownerNodeID: - description: OwnerNodeID is the Node ID where the volume group is - present which is where the volume has been provisioned. OwnerNodeID - can not be edited after the volume has been provisioned. - minLength: 1 - type: string - shared: - description: Shared specifies whether the volume can be shared among - multiple pods. If it is not set to "yes", then the LVM LocalPV Driver - will not allow the volumes to be mounted by more than one pods. - enum: - - "yes" - - "no" - type: string - thinProvision: - description: ThinProvision specifies whether logical volumes can be - thinly provisioned. If it is set to "yes", then the LVM LocalPV - Driver will create thinProvision i.e. logical volumes that are larger - than the available extents. - enum: - - "yes" - - "no" - type: string - vgPattern: - description: VgPattern specifies the regex to choose volume groups - where volume needs to be created. - type: string - volGroup: - description: VolGroup specifies the name of the volume group where - the volume has been created. - type: string - required: - - capacity - - ownerNodeID - - vgPattern - - volGroup - type: object - status: - description: SnapStatus string that reflects if the snapshot was created - successfully - properties: - state: - type: string - type: object - required: - - spec - - status - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/openebs/openebs/2.11.0/charts/lvm-localpv/crds/lvmvolume.yaml b/charts/openebs/openebs/2.11.0/charts/lvm-localpv/crds/lvmvolume.yaml deleted file mode 100644 index f6c61e26c..000000000 --- a/charts/openebs/openebs/2.11.0/charts/lvm-localpv/crds/lvmvolume.yaml +++ /dev/null @@ -1,153 +0,0 @@ - - -############################################## -########### ############ -########### LVMVolume CRD ############ -########### ############ -############################################## - -# LVMVolume CRD is autogenerated via `make manifests` command. -# Do the modification in the code and run the `make manifests` command -# to generate the CRD definition - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.0 - creationTimestamp: null - name: lvmvolumes.local.openebs.io -spec: - group: local.openebs.io - names: - kind: LVMVolume - listKind: LVMVolumeList - plural: lvmvolumes - shortNames: - - lvmvol - singular: lvmvolume - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: volume group where the volume is created - jsonPath: .spec.volGroup - name: VolGroup - type: string - - description: Node where the volume is created - jsonPath: .spec.ownerNodeID - name: Node - type: string - - description: Size of the volume - jsonPath: .spec.capacity - name: Size - type: string - - description: Status of the volume - jsonPath: .status.state - name: Status - type: string - - description: Age of the volume - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - description: LVMVolume represents a LVM based volume - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: VolumeInfo defines LVM info - properties: - capacity: - description: Capacity of the volume - minLength: 1 - type: string - ownerNodeID: - description: OwnerNodeID is the Node ID where the volume group is - present which is where the volume has been provisioned. OwnerNodeID - can not be edited after the volume has been provisioned. - minLength: 1 - type: string - shared: - description: Shared specifies whether the volume can be shared among - multiple pods. If it is not set to "yes", then the LVM LocalPV Driver - will not allow the volumes to be mounted by more than one pods. - enum: - - "yes" - - "no" - type: string - thinProvision: - description: ThinProvision specifies whether logical volumes can be - thinly provisioned. If it is set to "yes", then the LVM LocalPV - Driver will create thinProvision i.e. logical volumes that are larger - than the available extents. - enum: - - "yes" - - "no" - type: string - vgPattern: - description: VgPattern specifies the regex to choose volume groups - where volume needs to be created. - type: string - volGroup: - description: VolGroup specifies the name of the volume group where - the volume has been created. - type: string - required: - - capacity - - ownerNodeID - - vgPattern - - volGroup - type: object - status: - description: VolStatus string that specifies the current state of the - volume provisioning request. - properties: - error: - description: Error denotes the error occurred during provisioning/expanding - a volume. Error field should only be set when State becomes Failed. - properties: - code: - description: VolumeErrorCode represents the error code to represent - specific class of errors. - type: string - message: - type: string - type: object - state: - description: State specifies the current state of the volume provisioning - request. The state "Pending" means that the volume creation request - has not processed yet. The state "Ready" means that the volume has - been created and it is ready for the use. "Failed" means that volume - provisioning has been failed and will not be retried by node agent - controller. - enum: - - Pending - - Ready - - Failed - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/openebs/openebs/2.11.0/charts/lvm-localpv/crds/volumesnapshotclasses.yaml b/charts/openebs/openebs/2.11.0/charts/lvm-localpv/crds/volumesnapshotclasses.yaml deleted file mode 100644 index afd637b19..000000000 --- a/charts/openebs/openebs/2.11.0/charts/lvm-localpv/crds/volumesnapshotclasses.yaml +++ /dev/null @@ -1,112 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.0 - api-approved.kubernetes.io: "https://github.com/kubernetes-csi/external-snapshotter/pull/419" - creationTimestamp: null - name: volumesnapshotclasses.snapshot.storage.k8s.io -spec: - group: snapshot.storage.k8s.io - names: - kind: VolumeSnapshotClass - listKind: VolumeSnapshotClassList - plural: volumesnapshotclasses - singular: volumesnapshotclass - scope: Cluster - versions: - - additionalPrinterColumns: - - jsonPath: .driver - name: Driver - type: string - - description: Determines whether a VolumeSnapshotContent created through the VolumeSnapshotClass should be deleted when its bound VolumeSnapshot is deleted. - jsonPath: .deletionPolicy - name: DeletionPolicy - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - description: VolumeSnapshotClass specifies parameters that a underlying storage system uses when creating a volume snapshot. A specific VolumeSnapshotClass is used by specifying its name in a VolumeSnapshot object. VolumeSnapshotClasses are non-namespaced - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - deletionPolicy: - description: deletionPolicy determines whether a VolumeSnapshotContent created through the VolumeSnapshotClass should be deleted when its bound VolumeSnapshot is deleted. Supported values are "Retain" and "Delete". "Retain" means that the VolumeSnapshotContent and its physical snapshot on underlying storage system are kept. "Delete" means that the VolumeSnapshotContent and its physical snapshot on underlying storage system are deleted. Required. - enum: - - Delete - - Retain - type: string - driver: - description: driver is the name of the storage driver that handles this VolumeSnapshotClass. Required. - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - parameters: - additionalProperties: - type: string - description: parameters is a key-value map with storage driver specific parameters for creating snapshots. These values are opaque to Kubernetes. - type: object - required: - - deletionPolicy - - driver - type: object - served: true - storage: false - subresources: {} - - additionalPrinterColumns: - - jsonPath: .driver - name: Driver - type: string - - description: Determines whether a VolumeSnapshotContent created through the VolumeSnapshotClass should be deleted when its bound VolumeSnapshot is deleted. - jsonPath: .deletionPolicy - name: DeletionPolicy - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: VolumeSnapshotClass specifies parameters that a underlying storage system uses when creating a volume snapshot. A specific VolumeSnapshotClass is used by specifying its name in a VolumeSnapshot object. VolumeSnapshotClasses are non-namespaced - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - deletionPolicy: - description: deletionPolicy determines whether a VolumeSnapshotContent created through the VolumeSnapshotClass should be deleted when its bound VolumeSnapshot is deleted. Supported values are "Retain" and "Delete". "Retain" means that the VolumeSnapshotContent and its physical snapshot on underlying storage system are kept. "Delete" means that the VolumeSnapshotContent and its physical snapshot on underlying storage system are deleted. Required. - enum: - - Delete - - Retain - type: string - driver: - description: driver is the name of the storage driver that handles this VolumeSnapshotClass. Required. - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - parameters: - additionalProperties: - type: string - description: parameters is a key-value map with storage driver specific parameters for creating snapshots. These values are opaque to Kubernetes. - type: object - required: - - deletionPolicy - - driver - type: object - served: true - storage: true - subresources: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] - - diff --git a/charts/openebs/openebs/2.11.0/charts/lvm-localpv/crds/volumesnapshotcontents.yaml b/charts/openebs/openebs/2.11.0/charts/lvm-localpv/crds/volumesnapshotcontents.yaml deleted file mode 100644 index c57a2e4a6..000000000 --- a/charts/openebs/openebs/2.11.0/charts/lvm-localpv/crds/volumesnapshotcontents.yaml +++ /dev/null @@ -1,291 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.0 - api-approved.kubernetes.io: "https://github.com/kubernetes-csi/external-snapshotter/pull/419" - creationTimestamp: null - name: volumesnapshotcontents.snapshot.storage.k8s.io -spec: - group: snapshot.storage.k8s.io - names: - kind: VolumeSnapshotContent - listKind: VolumeSnapshotContentList - plural: volumesnapshotcontents - singular: volumesnapshotcontent - scope: Cluster - versions: - - additionalPrinterColumns: - - description: Indicates if the snapshot is ready to be used to restore a volume. - jsonPath: .status.readyToUse - name: ReadyToUse - type: boolean - - description: Represents the complete size of the snapshot in bytes - jsonPath: .status.restoreSize - name: RestoreSize - type: integer - - description: Determines whether this VolumeSnapshotContent and its physical snapshot on the underlying storage system should be deleted when its bound VolumeSnapshot is deleted. - jsonPath: .spec.deletionPolicy - name: DeletionPolicy - type: string - - description: Name of the CSI driver used to create the physical snapshot on the underlying storage system. - jsonPath: .spec.driver - name: Driver - type: string - - description: Name of the VolumeSnapshotClass to which this snapshot belongs. - jsonPath: .spec.volumeSnapshotClassName - name: VolumeSnapshotClass - type: string - - description: Name of the VolumeSnapshot object to which this VolumeSnapshotContent object is bound. - jsonPath: .spec.volumeSnapshotRef.name - name: VolumeSnapshot - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - description: VolumeSnapshotContent represents the actual "on-disk" snapshot object in the underlying storage system - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: spec defines properties of a VolumeSnapshotContent created by the underlying storage system. Required. - properties: - deletionPolicy: - description: deletionPolicy determines whether this VolumeSnapshotContent and its physical snapshot on the underlying storage system should be deleted when its bound VolumeSnapshot is deleted. Supported values are "Retain" and "Delete". "Retain" means that the VolumeSnapshotContent and its physical snapshot on underlying storage system are kept. "Delete" means that the VolumeSnapshotContent and its physical snapshot on underlying storage system are deleted. For dynamically provisioned snapshots, this field will automatically be filled in by the CSI snapshotter sidecar with the "DeletionPolicy" field defined in the corresponding VolumeSnapshotClass. For pre-existing snapshots, users MUST specify this field when creating the VolumeSnapshotContent object. Required. - enum: - - Delete - - Retain - type: string - driver: - description: driver is the name of the CSI driver used to create the physical snapshot on the underlying storage system. This MUST be the same as the name returned by the CSI GetPluginName() call for that driver. Required. - type: string - source: - description: source specifies whether the snapshot is (or should be) dynamically provisioned or already exists, and just requires a Kubernetes object representation. This field is immutable after creation. Required. - properties: - snapshotHandle: - description: snapshotHandle specifies the CSI "snapshot_id" of a pre-existing snapshot on the underlying storage system for which a Kubernetes object representation was (or should be) created. This field is immutable. - type: string - volumeHandle: - description: volumeHandle specifies the CSI "volume_id" of the volume from which a snapshot should be dynamically taken from. This field is immutable. - type: string - type: object - oneOf: - - required: ["snapshotHandle"] - - required: ["volumeHandle"] - volumeSnapshotClassName: - description: name of the VolumeSnapshotClass from which this snapshot was (or will be) created. Note that after provisioning, the VolumeSnapshotClass may be deleted or recreated with different set of values, and as such, should not be referenced post-snapshot creation. - type: string - volumeSnapshotRef: - description: volumeSnapshotRef specifies the VolumeSnapshot object to which this VolumeSnapshotContent object is bound. VolumeSnapshot.Spec.VolumeSnapshotContentName field must reference to this VolumeSnapshotContent's name for the bidirectional binding to be valid. For a pre-existing VolumeSnapshotContent object, name and namespace of the VolumeSnapshot object MUST be provided for binding to happen. This field is immutable after creation. Required. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - type: object - required: - - deletionPolicy - - driver - - source - - volumeSnapshotRef - type: object - status: - description: status represents the current information of a snapshot. - properties: - creationTime: - description: creationTime is the timestamp when the point-in-time snapshot is taken by the underlying storage system. In dynamic snapshot creation case, this field will be filled in by the CSI snapshotter sidecar with the "creation_time" value returned from CSI "CreateSnapshot" gRPC call. For a pre-existing snapshot, this field will be filled with the "creation_time" value returned from the CSI "ListSnapshots" gRPC call if the driver supports it. If not specified, it indicates the creation time is unknown. The format of this field is a Unix nanoseconds time encoded as an int64. On Unix, the command `date +%s%N` returns the current time in nanoseconds since 1970-01-01 00:00:00 UTC. - format: int64 - type: integer - error: - description: error is the last observed error during snapshot creation, if any. Upon success after retry, this error field will be cleared. - properties: - message: - description: 'message is a string detailing the encountered error during snapshot creation if specified. NOTE: message may be logged, and it should not contain sensitive information.' - type: string - time: - description: time is the timestamp when the error was encountered. - format: date-time - type: string - type: object - readyToUse: - description: readyToUse indicates if a snapshot is ready to be used to restore a volume. In dynamic snapshot creation case, this field will be filled in by the CSI snapshotter sidecar with the "ready_to_use" value returned from CSI "CreateSnapshot" gRPC call. For a pre-existing snapshot, this field will be filled with the "ready_to_use" value returned from the CSI "ListSnapshots" gRPC call if the driver supports it, otherwise, this field will be set to "True". If not specified, it means the readiness of a snapshot is unknown. - type: boolean - restoreSize: - description: restoreSize represents the complete size of the snapshot in bytes. In dynamic snapshot creation case, this field will be filled in by the CSI snapshotter sidecar with the "size_bytes" value returned from CSI "CreateSnapshot" gRPC call. For a pre-existing snapshot, this field will be filled with the "size_bytes" value returned from the CSI "ListSnapshots" gRPC call if the driver supports it. When restoring a volume from this snapshot, the size of the volume MUST NOT be smaller than the restoreSize if it is specified, otherwise the restoration will fail. If not specified, it indicates that the size is unknown. - format: int64 - minimum: 0 - type: integer - snapshotHandle: - description: snapshotHandle is the CSI "snapshot_id" of a snapshot on the underlying storage system. If not specified, it indicates that dynamic snapshot creation has either failed or it is still in progress. - type: string - type: object - required: - - spec - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - description: Indicates if the snapshot is ready to be used to restore a volume. - jsonPath: .status.readyToUse - name: ReadyToUse - type: boolean - - description: Represents the complete size of the snapshot in bytes - jsonPath: .status.restoreSize - name: RestoreSize - type: integer - - description: Determines whether this VolumeSnapshotContent and its physical snapshot on the underlying storage system should be deleted when its bound VolumeSnapshot is deleted. - jsonPath: .spec.deletionPolicy - name: DeletionPolicy - type: string - - description: Name of the CSI driver used to create the physical snapshot on the underlying storage system. - jsonPath: .spec.driver - name: Driver - type: string - - description: Name of the VolumeSnapshotClass to which this snapshot belongs. - jsonPath: .spec.volumeSnapshotClassName - name: VolumeSnapshotClass - type: string - - description: Name of the VolumeSnapshot object to which this VolumeSnapshotContent object is bound. - jsonPath: .spec.volumeSnapshotRef.name - name: VolumeSnapshot - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: VolumeSnapshotContent represents the actual "on-disk" snapshot object in the underlying storage system - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: spec defines properties of a VolumeSnapshotContent created by the underlying storage system. Required. - properties: - deletionPolicy: - description: deletionPolicy determines whether this VolumeSnapshotContent and its physical snapshot on the underlying storage system should be deleted when its bound VolumeSnapshot is deleted. Supported values are "Retain" and "Delete". "Retain" means that the VolumeSnapshotContent and its physical snapshot on underlying storage system are kept. "Delete" means that the VolumeSnapshotContent and its physical snapshot on underlying storage system are deleted. For dynamically provisioned snapshots, this field will automatically be filled in by the CSI snapshotter sidecar with the "DeletionPolicy" field defined in the corresponding VolumeSnapshotClass. For pre-existing snapshots, users MUST specify this field when creating the VolumeSnapshotContent object. Required. - enum: - - Delete - - Retain - type: string - driver: - description: driver is the name of the CSI driver used to create the physical snapshot on the underlying storage system. This MUST be the same as the name returned by the CSI GetPluginName() call for that driver. Required. - type: string - source: - description: source specifies whether the snapshot is (or should be) dynamically provisioned or already exists, and just requires a Kubernetes object representation. This field is immutable after creation. Required. - properties: - snapshotHandle: - description: snapshotHandle specifies the CSI "snapshot_id" of a pre-existing snapshot on the underlying storage system for which a Kubernetes object representation was (or should be) created. This field is immutable. - type: string - volumeHandle: - description: volumeHandle specifies the CSI "volume_id" of the volume from which a snapshot should be dynamically taken from. This field is immutable. - type: string - type: object - volumeSnapshotClassName: - description: name of the VolumeSnapshotClass from which this snapshot was (or will be) created. Note that after provisioning, the VolumeSnapshotClass may be deleted or recreated with different set of values, and as such, should not be referenced post-snapshot creation. - type: string - volumeSnapshotRef: - description: volumeSnapshotRef specifies the VolumeSnapshot object to which this VolumeSnapshotContent object is bound. VolumeSnapshot.Spec.VolumeSnapshotContentName field must reference to this VolumeSnapshotContent's name for the bidirectional binding to be valid. For a pre-existing VolumeSnapshotContent object, name and namespace of the VolumeSnapshot object MUST be provided for binding to happen. This field is immutable after creation. Required. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - type: object - required: - - deletionPolicy - - driver - - source - - volumeSnapshotRef - type: object - status: - description: status represents the current information of a snapshot. - properties: - creationTime: - description: creationTime is the timestamp when the point-in-time snapshot is taken by the underlying storage system. In dynamic snapshot creation case, this field will be filled in by the CSI snapshotter sidecar with the "creation_time" value returned from CSI "CreateSnapshot" gRPC call. For a pre-existing snapshot, this field will be filled with the "creation_time" value returned from the CSI "ListSnapshots" gRPC call if the driver supports it. If not specified, it indicates the creation time is unknown. The format of this field is a Unix nanoseconds time encoded as an int64. On Unix, the command `date +%s%N` returns the current time in nanoseconds since 1970-01-01 00:00:00 UTC. - format: int64 - type: integer - error: - description: error is the last observed error during snapshot creation, if any. Upon success after retry, this error field will be cleared. - properties: - message: - description: 'message is a string detailing the encountered error during snapshot creation if specified. NOTE: message may be logged, and it should not contain sensitive information.' - type: string - time: - description: time is the timestamp when the error was encountered. - format: date-time - type: string - type: object - readyToUse: - description: readyToUse indicates if a snapshot is ready to be used to restore a volume. In dynamic snapshot creation case, this field will be filled in by the CSI snapshotter sidecar with the "ready_to_use" value returned from CSI "CreateSnapshot" gRPC call. For a pre-existing snapshot, this field will be filled with the "ready_to_use" value returned from the CSI "ListSnapshots" gRPC call if the driver supports it, otherwise, this field will be set to "True". If not specified, it means the readiness of a snapshot is unknown. - type: boolean - restoreSize: - description: restoreSize represents the complete size of the snapshot in bytes. In dynamic snapshot creation case, this field will be filled in by the CSI snapshotter sidecar with the "size_bytes" value returned from CSI "CreateSnapshot" gRPC call. For a pre-existing snapshot, this field will be filled with the "size_bytes" value returned from the CSI "ListSnapshots" gRPC call if the driver supports it. When restoring a volume from this snapshot, the size of the volume MUST NOT be smaller than the restoreSize if it is specified, otherwise the restoration will fail. If not specified, it indicates that the size is unknown. - format: int64 - minimum: 0 - type: integer - snapshotHandle: - description: snapshotHandle is the CSI "snapshot_id" of a snapshot on the underlying storage system. If not specified, it indicates that dynamic snapshot creation has either failed or it is still in progress. - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/openebs/openebs/2.11.0/charts/lvm-localpv/crds/volumesnapshots.yaml b/charts/openebs/openebs/2.11.0/charts/lvm-localpv/crds/volumesnapshots.yaml deleted file mode 100644 index 13d894144..000000000 --- a/charts/openebs/openebs/2.11.0/charts/lvm-localpv/crds/volumesnapshots.yaml +++ /dev/null @@ -1,225 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.0 - api-approved.kubernetes.io: "https://github.com/kubernetes-csi/external-snapshotter/pull/419" - creationTimestamp: null - name: volumesnapshots.snapshot.storage.k8s.io -spec: - group: snapshot.storage.k8s.io - names: - kind: VolumeSnapshot - listKind: VolumeSnapshotList - plural: volumesnapshots - singular: volumesnapshot - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Indicates if the snapshot is ready to be used to restore a volume. - jsonPath: .status.readyToUse - name: ReadyToUse - type: boolean - - description: If a new snapshot needs to be created, this contains the name of the source PVC from which this snapshot was (or will be) created. - jsonPath: .spec.source.persistentVolumeClaimName - name: SourcePVC - type: string - - description: If a snapshot already exists, this contains the name of the existing VolumeSnapshotContent object representing the existing snapshot. - jsonPath: .spec.source.volumeSnapshotContentName - name: SourceSnapshotContent - type: string - - description: Represents the minimum size of volume required to rehydrate from this snapshot. - jsonPath: .status.restoreSize - name: RestoreSize - type: string - - description: The name of the VolumeSnapshotClass requested by the VolumeSnapshot. - jsonPath: .spec.volumeSnapshotClassName - name: SnapshotClass - type: string - - description: Name of the VolumeSnapshotContent object to which the VolumeSnapshot object intends to bind to. Please note that verification of binding actually requires checking both VolumeSnapshot and VolumeSnapshotContent to ensure both are pointing at each other. Binding MUST be verified prior to usage of this object. - jsonPath: .status.boundVolumeSnapshotContentName - name: SnapshotContent - type: string - - description: Timestamp when the point-in-time snapshot was taken by the underlying storage system. - jsonPath: .status.creationTime - name: CreationTime - type: date - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - description: VolumeSnapshot is a user's request for either creating a point-in-time snapshot of a persistent volume, or binding to a pre-existing snapshot. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: 'spec defines the desired characteristics of a snapshot requested by a user. More info: https://kubernetes.io/docs/concepts/storage/volume-snapshots#volumesnapshots Required.' - properties: - source: - description: source specifies where a snapshot will be created from. This field is immutable after creation. Required. - properties: - persistentVolumeClaimName: - description: persistentVolumeClaimName specifies the name of the PersistentVolumeClaim object representing the volume from which a snapshot should be created. This PVC is assumed to be in the same namespace as the VolumeSnapshot object. This field should be set if the snapshot does not exists, and needs to be created. This field is immutable. - type: string - volumeSnapshotContentName: - description: volumeSnapshotContentName specifies the name of a pre-existing VolumeSnapshotContent object representing an existing volume snapshot. This field should be set if the snapshot already exists and only needs a representation in Kubernetes. This field is immutable. - type: string - type: object - oneOf: - - required: ["persistentVolumeClaimName"] - - required: ["volumeSnapshotContentName"] - volumeSnapshotClassName: - description: 'VolumeSnapshotClassName is the name of the VolumeSnapshotClass requested by the VolumeSnapshot. VolumeSnapshotClassName may be left nil to indicate that the default SnapshotClass should be used. A given cluster may have multiple default Volume SnapshotClasses: one default per CSI Driver. If a VolumeSnapshot does not specify a SnapshotClass, VolumeSnapshotSource will be checked to figure out what the associated CSI Driver is, and the default VolumeSnapshotClass associated with that CSI Driver will be used. If more than one VolumeSnapshotClass exist for a given CSI Driver and more than one have been marked as default, CreateSnapshot will fail and generate an event. Empty string is not allowed for this field.' - type: string - required: - - source - type: object - status: - description: status represents the current information of a snapshot. Consumers must verify binding between VolumeSnapshot and VolumeSnapshotContent objects is successful (by validating that both VolumeSnapshot and VolumeSnapshotContent point at each other) before using this object. - properties: - boundVolumeSnapshotContentName: - description: 'boundVolumeSnapshotContentName is the name of the VolumeSnapshotContent object to which this VolumeSnapshot object intends to bind to. If not specified, it indicates that the VolumeSnapshot object has not been successfully bound to a VolumeSnapshotContent object yet. NOTE: To avoid possible security issues, consumers must verify binding between VolumeSnapshot and VolumeSnapshotContent objects is successful (by validating that both VolumeSnapshot and VolumeSnapshotContent point at each other) before using this object.' - type: string - creationTime: - description: creationTime is the timestamp when the point-in-time snapshot is taken by the underlying storage system. In dynamic snapshot creation case, this field will be filled in by the snapshot controller with the "creation_time" value returned from CSI "CreateSnapshot" gRPC call. For a pre-existing snapshot, this field will be filled with the "creation_time" value returned from the CSI "ListSnapshots" gRPC call if the driver supports it. If not specified, it may indicate that the creation time of the snapshot is unknown. - format: date-time - type: string - error: - description: error is the last observed error during snapshot creation, if any. This field could be helpful to upper level controllers(i.e., application controller) to decide whether they should continue on waiting for the snapshot to be created based on the type of error reported. The snapshot controller will keep retrying when an error occurs during the snapshot creation. Upon success, this error field will be cleared. - properties: - message: - description: 'message is a string detailing the encountered error during snapshot creation if specified. NOTE: message may be logged, and it should not contain sensitive information.' - type: string - time: - description: time is the timestamp when the error was encountered. - format: date-time - type: string - type: object - readyToUse: - description: readyToUse indicates if the snapshot is ready to be used to restore a volume. In dynamic snapshot creation case, this field will be filled in by the snapshot controller with the "ready_to_use" value returned from CSI "CreateSnapshot" gRPC call. For a pre-existing snapshot, this field will be filled with the "ready_to_use" value returned from the CSI "ListSnapshots" gRPC call if the driver supports it, otherwise, this field will be set to "True". If not specified, it means the readiness of a snapshot is unknown. - type: boolean - restoreSize: - type: string - description: restoreSize represents the minimum size of volume required to create a volume from this snapshot. In dynamic snapshot creation case, this field will be filled in by the snapshot controller with the "size_bytes" value returned from CSI "CreateSnapshot" gRPC call. For a pre-existing snapshot, this field will be filled with the "size_bytes" value returned from the CSI "ListSnapshots" gRPC call if the driver supports it. When restoring a volume from this snapshot, the size of the volume MUST NOT be smaller than the restoreSize if it is specified, otherwise the restoration will fail. If not specified, it indicates that the size is unknown. - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - required: - - spec - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - description: Indicates if the snapshot is ready to be used to restore a volume. - jsonPath: .status.readyToUse - name: ReadyToUse - type: boolean - - description: If a new snapshot needs to be created, this contains the name of the source PVC from which this snapshot was (or will be) created. - jsonPath: .spec.source.persistentVolumeClaimName - name: SourcePVC - type: string - - description: If a snapshot already exists, this contains the name of the existing VolumeSnapshotContent object representing the existing snapshot. - jsonPath: .spec.source.volumeSnapshotContentName - name: SourceSnapshotContent - type: string - - description: Represents the minimum size of volume required to rehydrate from this snapshot. - jsonPath: .status.restoreSize - name: RestoreSize - type: string - - description: The name of the VolumeSnapshotClass requested by the VolumeSnapshot. - jsonPath: .spec.volumeSnapshotClassName - name: SnapshotClass - type: string - - description: Name of the VolumeSnapshotContent object to which the VolumeSnapshot object intends to bind to. Please note that verification of binding actually requires checking both VolumeSnapshot and VolumeSnapshotContent to ensure both are pointing at each other. Binding MUST be verified prior to usage of this object. - jsonPath: .status.boundVolumeSnapshotContentName - name: SnapshotContent - type: string - - description: Timestamp when the point-in-time snapshot was taken by the underlying storage system. - jsonPath: .status.creationTime - name: CreationTime - type: date - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: VolumeSnapshot is a user's request for either creating a point-in-time snapshot of a persistent volume, or binding to a pre-existing snapshot. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: 'spec defines the desired characteristics of a snapshot requested by a user. More info: https://kubernetes.io/docs/concepts/storage/volume-snapshots#volumesnapshots Required.' - properties: - source: - description: source specifies where a snapshot will be created from. This field is immutable after creation. Required. - properties: - persistentVolumeClaimName: - description: persistentVolumeClaimName specifies the name of the PersistentVolumeClaim object representing the volume from which a snapshot should be created. This PVC is assumed to be in the same namespace as the VolumeSnapshot object. This field should be set if the snapshot does not exists, and needs to be created. This field is immutable. - type: string - volumeSnapshotContentName: - description: volumeSnapshotContentName specifies the name of a pre-existing VolumeSnapshotContent object representing an existing volume snapshot. This field should be set if the snapshot already exists and only needs a representation in Kubernetes. This field is immutable. - type: string - type: object - volumeSnapshotClassName: - description: 'VolumeSnapshotClassName is the name of the VolumeSnapshotClass requested by the VolumeSnapshot. VolumeSnapshotClassName may be left nil to indicate that the default SnapshotClass should be used. A given cluster may have multiple default Volume SnapshotClasses: one default per CSI Driver. If a VolumeSnapshot does not specify a SnapshotClass, VolumeSnapshotSource will be checked to figure out what the associated CSI Driver is, and the default VolumeSnapshotClass associated with that CSI Driver will be used. If more than one VolumeSnapshotClass exist for a given CSI Driver and more than one have been marked as default, CreateSnapshot will fail and generate an event. Empty string is not allowed for this field.' - type: string - required: - - source - type: object - status: - description: status represents the current information of a snapshot. Consumers must verify binding between VolumeSnapshot and VolumeSnapshotContent objects is successful (by validating that both VolumeSnapshot and VolumeSnapshotContent point at each other) before using this object. - properties: - boundVolumeSnapshotContentName: - description: 'boundVolumeSnapshotContentName is the name of the VolumeSnapshotContent object to which this VolumeSnapshot object intends to bind to. If not specified, it indicates that the VolumeSnapshot object has not been successfully bound to a VolumeSnapshotContent object yet. NOTE: To avoid possible security issues, consumers must verify binding between VolumeSnapshot and VolumeSnapshotContent objects is successful (by validating that both VolumeSnapshot and VolumeSnapshotContent point at each other) before using this object.' - type: string - creationTime: - description: creationTime is the timestamp when the point-in-time snapshot is taken by the underlying storage system. In dynamic snapshot creation case, this field will be filled in by the snapshot controller with the "creation_time" value returned from CSI "CreateSnapshot" gRPC call. For a pre-existing snapshot, this field will be filled with the "creation_time" value returned from the CSI "ListSnapshots" gRPC call if the driver supports it. If not specified, it may indicate that the creation time of the snapshot is unknown. - format: date-time - type: string - error: - description: error is the last observed error during snapshot creation, if any. This field could be helpful to upper level controllers(i.e., application controller) to decide whether they should continue on waiting for the snapshot to be created based on the type of error reported. The snapshot controller will keep retrying when an error occurs during the snapshot creation. Upon success, this error field will be cleared. - properties: - message: - description: 'message is a string detailing the encountered error during snapshot creation if specified. NOTE: message may be logged, and it should not contain sensitive information.' - type: string - time: - description: time is the timestamp when the error was encountered. - format: date-time - type: string - type: object - readyToUse: - description: readyToUse indicates if the snapshot is ready to be used to restore a volume. In dynamic snapshot creation case, this field will be filled in by the snapshot controller with the "ready_to_use" value returned from CSI "CreateSnapshot" gRPC call. For a pre-existing snapshot, this field will be filled with the "ready_to_use" value returned from the CSI "ListSnapshots" gRPC call if the driver supports it, otherwise, this field will be set to "True". If not specified, it means the readiness of a snapshot is unknown. - type: boolean - restoreSize: - type: string - description: restoreSize represents the minimum size of volume required to create a volume from this snapshot. In dynamic snapshot creation case, this field will be filled in by the snapshot controller with the "size_bytes" value returned from CSI "CreateSnapshot" gRPC call. For a pre-existing snapshot, this field will be filled with the "size_bytes" value returned from the CSI "ListSnapshots" gRPC call if the driver supports it. When restoring a volume from this snapshot, the size of the volume MUST NOT be smaller than the restoreSize if it is specified, otherwise the restoration will fail. If not specified, it indicates that the size is unknown. - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/openebs/openebs/2.11.0/charts/lvm-localpv/templates/NOTES.txt b/charts/openebs/openebs/2.11.0/charts/lvm-localpv/templates/NOTES.txt deleted file mode 100644 index cc5aaf67f..000000000 --- a/charts/openebs/openebs/2.11.0/charts/lvm-localpv/templates/NOTES.txt +++ /dev/null @@ -1,5 +0,0 @@ -The OpenEBS LVM LocalPV has been installed. Check its status by running: -$ kubectl get pods -n {{ .Release.Namespace }} -l role=openebs-lvm - -For more information, visit our Slack at https://openebs.io/community or view -the documentation online at http://docs.openebs.io/. diff --git a/charts/openebs/openebs/2.11.0/charts/lvm-localpv/templates/_helpers.tpl b/charts/openebs/openebs/2.11.0/charts/lvm-localpv/templates/_helpers.tpl deleted file mode 100644 index ab3590fb9..000000000 --- a/charts/openebs/openebs/2.11.0/charts/lvm-localpv/templates/_helpers.tpl +++ /dev/null @@ -1,116 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "lvmlocalpv.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified localpv provisioner name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "lvmlocalpv.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "lvmlocalpv.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - - -{{/* -Create the name of the service account for controller -*/}} -{{- define "lvmlocalpv.lvmController.serviceAccountName" -}} -{{- if .Values.serviceAccount.lvmController.create }} -{{- default (include "lvmlocalpv.fullname" .) .Values.serviceAccount.lvmController.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.lvmController.name }} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "lvmlocalpv.lvmNode.serviceAccountName" -}} -{{- if .Values.serviceAccount.lvmNode.create }} -{{- default (include "lvmlocalpv.fullname" .) .Values.serviceAccount.lvmNode.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.lvmNode.name }} -{{- end -}} -{{- end -}} - -{{/* -Define meta labels for openebs lvm-localpv components -*/}} -{{- define "lvmlocalpv.common.metaLabels" -}} -chart: {{ template "lvmlocalpv.chart" . }} -heritage: {{ .Release.Service }} -openebs.io/version: {{ .Values.release.version | quote }} -role: {{ .Values.role | quote }} -{{- end -}} - -{{/* -Create match labels for openebs lvm-localpv controller -*/}} -{{- define "lvmlocalpv.lvmController.matchLabels" -}} -app: {{ .Values.lvmController.componentName | quote }} -release: {{ .Release.Name }} -component: {{ .Values.lvmController.componentName | quote }} -{{- end -}} - -{{/* -Create component labels for lvmlocalpv controller -*/}} -{{- define "lvmlocalpv.lvmController.componentLabels" -}} -openebs.io/component-name: {{ .Values.lvmController.componentName | quote }} -{{- end -}} - - -{{/* -Create labels for openebs lvm-localpv controller -*/}} -{{- define "lvmlocalpv.lvmController.labels" -}} -{{ include "lvmlocalpv.common.metaLabels" . }} -{{ include "lvmlocalpv.lvmController.matchLabels" . }} -{{ include "lvmlocalpv.lvmController.componentLabels" . }} -{{- end -}} - -{{/* -Create match labels for openebs lvm-localpv node daemon -*/}} -{{- define "lvmlocalpv.lvmNode.matchLabels" -}} -name: {{ .Values.lvmNode.componentName | quote }} -release: {{ .Release.Name }} -{{- end -}} - -{{/* -Create component labels openebs lvm-localpv node daemon -*/}} -{{- define "lvmlocalpv.lvmNode.componentLabels" -}} -openebs.io/component-name: {{ .Values.lvmNode.componentName | quote }} -{{- end -}} - - -{{/* -Create labels for openebs lvm-localpv node daemon -*/}} -{{- define "lvmlocalpv.lvmNode.labels" -}} -{{ include "lvmlocalpv.common.metaLabels" . }} -{{ include "lvmlocalpv.lvmNode.matchLabels" . }} -{{ include "lvmlocalpv.lvmNode.componentLabels" . }} -{{- end -}} diff --git a/charts/openebs/openebs/2.11.0/charts/lvm-localpv/templates/csidriver.yaml b/charts/openebs/openebs/2.11.0/charts/lvm-localpv/templates/csidriver.yaml deleted file mode 100644 index 5eeac5427..000000000 --- a/charts/openebs/openebs/2.11.0/charts/lvm-localpv/templates/csidriver.yaml +++ /dev/null @@ -1,10 +0,0 @@ -# Create the CSI Driver object -apiVersion: storage.k8s.io/v1 -kind: CSIDriver -metadata: - name: local.csi.openebs.io -spec: - # do not require volumeattachment - attachRequired: false - podInfoOnMount: true - storageCapacity: {{ .Values.storageCapacity }} diff --git a/charts/openebs/openebs/2.11.0/charts/lvm-localpv/templates/lvm-controller.yaml b/charts/openebs/openebs/2.11.0/charts/lvm-localpv/templates/lvm-controller.yaml deleted file mode 100644 index 0e09dbf9a..000000000 --- a/charts/openebs/openebs/2.11.0/charts/lvm-localpv/templates/lvm-controller.yaml +++ /dev/null @@ -1,147 +0,0 @@ -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ template "lvmlocalpv.fullname" . }}-controller - {{- with .Values.lvmController.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} - labels: - {{- include "lvmlocalpv.lvmController.labels" . | nindent 4 }} -spec: - selector: - matchLabels: - {{- include "lvmlocalpv.lvmController.matchLabels" . | nindent 6 }} - serviceName: "{{ .Values.lvmController.serviceName }}" - replicas: {{ .Values.lvmController.replicas }} - template: - metadata: - {{- with .Values.lvmController.podAnnotations }} - annotations: {{ toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "lvmlocalpv.lvmController.labels" . | nindent 8 }} - {{- with .Values.lvmController.podLabels}} - {{ toYaml . | nindent 8 }} - {{- end}} - spec: - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - openebs-lvm-controller - topologyKey: "kubernetes.io/hostname" - priorityClassName: system-cluster-critical - serviceAccount: {{ .Values.serviceAccount.lvmController.name }} - containers: - - name: {{ .Values.lvmController.resizer.name }} - image: "{{ .Values.lvmController.resizer.image.registry }}{{ .Values.lvmController.resizer.image.repository }}:{{ .Values.lvmController.resizer.image.tag }}" - args: - - "--v=5" - - "--csi-address=$(ADDRESS)" - - "--leader-election" - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi.sock - imagePullPolicy: {{ .Values.lvmController.resizer.image.pullPolicy }} - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy/ - resources: - {{- toYaml .Values.lvmController.resources | nindent 12 }} - - name: {{ .Values.lvmController.snapshotter.name }} - image: "{{ .Values.lvmController.snapshotter.image.registry }}{{ .Values.lvmController.snapshotter.image.repository }}:{{ .Values.lvmController.snapshotter.image.tag }}" - imagePullPolicy: {{ .Values.lvmController.snapshotter.image.pullPolicy }} - args: - - "--csi-address=$(ADDRESS)" - - "--leader-election" - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi.sock - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy/ - resources: - {{- toYaml .Values.lvmController.resources | nindent 12 }} - - name: {{ .Values.lvmController.snapshotController.name }} - image: "{{ .Values.lvmController.snapshotController.image.registry }}{{ .Values.lvmController.snapshotController.image.repository }}:{{ .Values.lvmController.snapshotController.image.tag }}" - args: - - "--v=5" - - "--leader-election=true" - imagePullPolicy: {{ .Values.lvmController.snapshotController.image.pullPolicy }} - resources: - {{- toYaml .Values.lvmController.resources | nindent 12 }} - - name: {{ .Values.lvmController.provisioner.name }} - image: "{{ .Values.lvmController.provisioner.image.registry }}{{ .Values.lvmController.provisioner.image.repository }}:{{ .Values.lvmController.provisioner.image.tag }}" - imagePullPolicy: {{ .Values.lvmController.provisioner.image.pullPolicy }} - args: - - "--csi-address=$(ADDRESS)" - - "--v=5" - - "--feature-gates=Topology=true" - - "--strict-topology" - - "--leader-election" - - "--enable-capacity={{ .Values.storageCapacity }}" - - "--extra-create-metadata=true" - - "--default-fstype=ext4" - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi.sock - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy/ - resources: - {{- toYaml .Values.lvmController.resources | nindent 12 }} - - name: {{ .Values.lvmPlugin.name }} - image: "{{ .Values.lvmPlugin.image.registry }}{{ .Values.lvmPlugin.image.repository }}:{{ .Values.lvmPlugin.image.tag }}" - imagePullPolicy: {{ .Values.lvmPlugin.image.pullPolicy }} - env: - - name: OPENEBS_CONTROLLER_DRIVER - value: controller - - name: OPENEBS_CSI_ENDPOINT - value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock - - name: LVM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: OPENEBS_IO_INSTALLER_TYPE - value: "lvm-localpv-helm" - - name: OPENEBS_IO_ENABLE_ANALYTICS - value: "{{ .Values.analytics.enabled }}" - args : - - "--endpoint=$(OPENEBS_CSI_ENDPOINT)" - - "--plugin=$(OPENEBS_CONTROLLER_DRIVER)" - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy/ - resources: - {{- toYaml .Values.lvmController.resources | nindent 12 }} - volumes: - - name: socket-dir - emptyDir: {} -{{- if .Values.imagePullSecrets }} - imagePullSecrets: -{{ toYaml .Values.imagePullSecrets | indent 2 }} -{{- end }} -{{- if .Values.lvmController.nodeSelector }} - nodeSelector: -{{ toYaml .Values.lvmController.nodeSelector | indent 8 }} -{{- end }} -{{- if .Values.lvmController.securityContext }} - securityContext: -{{ toYaml .Values.lvmController.securityContext | indent 8 }} -{{- end }} -{{- if .Values.lvmController.tolerations }} - tolerations: -{{ toYaml .Values.lvmController.tolerations | indent 8 }} -{{- end }} diff --git a/charts/openebs/openebs/2.11.0/charts/lvm-localpv/templates/lvm-node-service.yaml b/charts/openebs/openebs/2.11.0/charts/lvm-localpv/templates/lvm-node-service.yaml deleted file mode 100644 index 4825c2592..000000000 --- a/charts/openebs/openebs/2.11.0/charts/lvm-localpv/templates/lvm-node-service.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.lvmPlugin.metricsPort }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "lvmlocalpv.fullname" . }}-node-service - labels: - {{- include "lvmlocalpv.lvmNode.labels" . | nindent 4 }} -spec: - clusterIP: None - ports: - - name: metrics - port: {{ .Values.lvmPlugin.metricsPort }} - targetPort: {{ .Values.lvmPlugin.metricsPort }} - selector: - {{- with .Values.lvmNode.podLabels }} - {{ toYaml . }} - {{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/openebs/openebs/2.11.0/charts/lvm-localpv/templates/lvm-node.yaml b/charts/openebs/openebs/2.11.0/charts/lvm-localpv/templates/lvm-node.yaml deleted file mode 100644 index 6d973c455..000000000 --- a/charts/openebs/openebs/2.11.0/charts/lvm-localpv/templates/lvm-node.yaml +++ /dev/null @@ -1,150 +0,0 @@ -kind: DaemonSet -apiVersion: apps/v1 -metadata: - name: {{ template "lvmlocalpv.fullname" . }}-node - {{- with .Values.lvmNode.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} - labels: - {{- include "lvmlocalpv.lvmNode.labels" . | nindent 4 }} -spec: - selector: - matchLabels: - {{- include "lvmlocalpv.lvmNode.matchLabels" . | nindent 6 }} - updateStrategy: - rollingUpdate: - maxUnavailable: 100% - type: RollingUpdate - template: - metadata: - {{- with .Values.lvmNode.podAnnotations }} - annotations: {{ toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "lvmlocalpv.lvmNode.labels" . | nindent 8 }} - {{- with .Values.lvmNode.podLabels}} - {{ toYaml . | nindent 8 }} - {{- end}} - spec: - priorityClassName: system-node-critical - serviceAccount: {{ .Values.serviceAccount.lvmNode.name }} - hostNetwork: true - containers: - - name: {{ .Values.lvmNode.driverRegistrar.name }} - image: "{{ .Values.lvmNode.driverRegistrar.image.registry }}{{ .Values.lvmNode.driverRegistrar.image.repository }}:{{ .Values.lvmNode.driverRegistrar.image.tag }}" - imagePullPolicy: {{ .Values.lvmNode.driverRegistrar.image.pullPolicy }} - args: - - "--v=5" - - "--csi-address=$(ADDRESS)" - - "--kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)" - lifecycle: - preStop: - exec: - command: ["/bin/sh", "-c", "rm -rf /registration/lvm-localpv /registration/lvm-localpv-reg.sock"] - env: - - name: ADDRESS - value: /plugin/csi.sock - - name: DRIVER_REG_SOCK_PATH - value: {{ .Values.lvmNode.kubeletDir }}plugins/lvm-localpv/csi.sock - - name: KUBE_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: NODE_DRIVER - value: openebs-lvm - volumeMounts: - - name: plugin-dir - mountPath: /plugin - - name: registration-dir - mountPath: /registration - resources: - {{- toYaml .Values.lvmNode.resources | nindent 12 }} - - name: {{ .Values.lvmPlugin.name }} - securityContext: - privileged: true - allowPrivilegeEscalation: true - image: "{{ .Values.lvmPlugin.image.registry }}{{ .Values.lvmPlugin.image.repository }}:{{ .Values.lvmPlugin.image.tag }}" - imagePullPolicy: {{ .Values.lvmPlugin.image.pullPolicy }} - args: - - "--nodeid=$(OPENEBS_NODE_ID)" - - "--endpoint=$(OPENEBS_CSI_ENDPOINT)" - - "--plugin=$(OPENEBS_NODE_DRIVER)" - {{- if .Values.lvmPlugin.ioLimits.enabled }} - - "--setiolimits" - - "--container-runtime=$(CONTAINER_RUNTIME)" - - "--riops-per-gb=$(RIOPS_PER_GB)" - - "--wiops-per-gb=$(WIOPS_PER_GB)" - {{- end }} - {{- if .Values.lvmPlugin.metricsPort }} - - "--listen-address=$(METRICS_LISTEN_ADDRESS)" - {{- end }} - env: - - name: OPENEBS_NODE_ID - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: OPENEBS_CSI_ENDPOINT - value: unix:///plugin/csi.sock - - name: OPENEBS_NODE_DRIVER - value: agent - - name: LVM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - {{- if .Values.lvmPlugin.ioLimits.enabled }} - - name: CONTAINER_RUNTIME - value: {{ .Values.lvmPlugin.ioLimits.containerRuntime }} - - name: RIOPS_PER_GB - value: {{ .Values.lvmPlugin.ioLimits.readIopsPerGB }} - - name: WIOPS_PER_GB - value: {{ .Values.lvmPlugin.ioLimits.writeIopsPerGB }} - {{- end }} - {{- if .Values.lvmPlugin.metricsPort }} - - name: METRICS_LISTEN_ADDRESS - value: :{{ .Values.lvmPlugin.metricsPort }} - {{- end }} - volumeMounts: - - name: plugin-dir - mountPath: /plugin - - name: device-dir - mountPath: /dev - - name: pods-mount-dir - mountPath: {{ .Values.lvmNode.kubeletDir }} - # needed so that any mounts setup inside this container are - # propagated back to the host machine. - mountPropagation: "Bidirectional" - resources: - {{- toYaml .Values.lvmNode.resources | nindent 12 }} - volumes: - - name: device-dir - hostPath: - path: /dev - type: Directory - - name: registration-dir - hostPath: - path: {{ .Values.lvmNode.kubeletDir }}plugins_registry/ - type: DirectoryOrCreate - - name: plugin-dir - hostPath: - path: {{ .Values.lvmNode.kubeletDir }}plugins/lvm-localpv/ - type: DirectoryOrCreate - - name: pods-mount-dir - hostPath: - path: {{ .Values.lvmNode.kubeletDir }} - type: Directory -{{- if .Values.imagePullSecrets }} - imagePullSecrets: -{{ toYaml .Values.imagePullSecrets | indent 2 }} -{{- end }} -{{- if .Values.lvmNode.nodeSelector }} - nodeSelector: -{{ toYaml .Values.lvmNode.nodeSelector | indent 8 }} -{{- end }} -{{- if .Values.lvmNode.securityContext }} - securityContext: -{{ toYaml .Values.lvmNode.securityContext | indent 8 }} -{{- end }} -{{- if .Values.lvmNode.tolerations }} - tolerations: -{{ toYaml .Values.lvmNode.tolerations | indent 8 }} -{{- end }} diff --git a/charts/openebs/openebs/2.11.0/charts/lvm-localpv/templates/psp.yaml b/charts/openebs/openebs/2.11.0/charts/lvm-localpv/templates/psp.yaml deleted file mode 100644 index 7472d7c66..000000000 --- a/charts/openebs/openebs/2.11.0/charts/lvm-localpv/templates/psp.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if .Values.rbac.pspEnabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: openebs-lvm-node-psp - labels: - {{- include "lvmlocalpv.lvmNode.labels" . | nindent 4 }} -spec: - privileged: true - allowPrivilegeEscalation: true - allowedCapabilities: ['*'] - volumes: ['*'] - hostNetwork: true - hostIPC: true - hostPID: true - runAsUser: - rule: 'RunAsAny' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'RunAsAny' - fsGroup: - rule: 'RunAsAny' -{{- end }} diff --git a/charts/openebs/openebs/2.11.0/charts/lvm-localpv/templates/rbac.yaml b/charts/openebs/openebs/2.11.0/charts/lvm-localpv/templates/rbac.yaml deleted file mode 100644 index 5f54948cd..000000000 --- a/charts/openebs/openebs/2.11.0/charts/lvm-localpv/templates/rbac.yaml +++ /dev/null @@ -1,197 +0,0 @@ -{{- if .Values.serviceAccount.lvmController.create -}} -kind: ServiceAccount -apiVersion: v1 -metadata: - name: {{ .Values.serviceAccount.lvmController.name }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "lvmlocalpv.lvmController.labels" . | nindent 4 }} ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: openebs-lvm-provisioner-role - labels: - {{- include "lvmlocalpv.lvmController.labels" . | nindent 4 }} -rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list"] - - apiGroups: [""] - resources: ["namespaces"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["persistentvolumes", "services"] - verbs: ["get", "list", "watch", "create", "delete", "update", "patch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: [""] - resources: ["persistentvolumeclaims/status"] - verbs: ["update", "patch"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses", "csinodes"] - verbs: ["get", "list", "watch"] - - apiGroups: [ "storage.k8s.io" ] - resources: [ "csistoragecapacities"] - verbs: ["*"] - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "watch", "list", "delete", "update", "create"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["pods"] - verbs: ["get", "list", "watch", "update", "patch"] - - apiGroups: ["local.openebs.io"] - resources: ["lvmvolumes", "lvmsnapshots", "lvmnodes"] - verbs: ["*"] ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: openebs-lvm-provisioner-binding - labels: - {{- include "lvmlocalpv.lvmController.labels" . | nindent 4 }} -subjects: - - kind: ServiceAccount - name: {{ .Values.serviceAccount.lvmController.name }} - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: openebs-lvm-provisioner-role - apiGroup: rbac.authorization.k8s.io ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: openebs-lvm-snapshotter-role - labels: - {{- include "lvmlocalpv.lvmController.labels" . | nindent 4 }} -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents"] - verbs: ["create", "get", "list", "watch", "update", "delete"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents/status"] - verbs: ["update"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots/status"] - verbs: ["update"] - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["create", "list", "watch", "delete"] ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: openebs-lvm-snapshotter-binding - labels: - {{- include "lvmlocalpv.lvmController.labels" . | nindent 4 }} -subjects: - - kind: ServiceAccount - name: {{ .Values.serviceAccount.lvmController.name }} - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: openebs-lvm-snapshotter-role - apiGroup: rbac.authorization.k8s.io ---- -{{- end }} -{{- if .Values.serviceAccount.lvmNode.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Values.serviceAccount.lvmNode.name }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "lvmlocalpv.lvmNode.labels" . | nindent 4 }} ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: openebs-lvm-driver-registrar-role - labels: - {{- include "lvmlocalpv.lvmNode.labels" . | nindent 4 }} -rules: - - apiGroups: [""] - resources: ["events"] - verbs: ["get", "list", "watch", "create", "update", "patch"] - - apiGroups: [""] - resources: ["persistentvolumes", "nodes", "services"] - verbs: ["get", "list"] - - apiGroups: ["local.openebs.io"] - resources: ["lvmvolumes", "lvmsnapshots", "lvmnodes"] - verbs: ["get", "list", "watch", "create", "update", "patch"] ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: openebs-lvm-driver-registrar-binding - labels: - {{- include "lvmlocalpv.lvmNode.labels" . | nindent 4 }} -subjects: - - kind: ServiceAccount - name: {{ .Values.serviceAccount.lvmNode.name }} - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: openebs-lvm-driver-registrar-role - apiGroup: rbac.authorization.k8s.io - -{{- if .Values.rbac.pspEnabled }} ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: openebs-lvm-node-role - labels: - {{- include "lvmlocalpv.lvmNode.labels" . | nindent 4 }} -rules: -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - openebs-lvm-node-psp ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: openebs-lvm-node-binding - labels: - {{- include "lvmlocalpv.lvmNode.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: openebs-lvm-node-role -subjects: - - kind: ServiceAccount - name: {{ .Values.serviceAccount.lvmNode.name }} - namespace: {{ $.Release.Namespace }} -{{- end }} -{{- end }} diff --git a/charts/openebs/openebs/2.11.0/charts/lvm-localpv/values.yaml b/charts/openebs/openebs/2.11.0/charts/lvm-localpv/values.yaml deleted file mode 100644 index e398a7aed..000000000 --- a/charts/openebs/openebs/2.11.0/charts/lvm-localpv/values.yaml +++ /dev/null @@ -1,159 +0,0 @@ -# Default values for openebs-lvmlocalpv. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. -release: - version: "0.7.0" - -imagePullSecrets: -# - name: "image-pull-secret" - -# enable storage capacity tracking feature -# Ref: https://kubernetes:io/docs/concepts/storage/storage-capacity -storageCapacity: true - -rbac: - # rbac.pspEnabled: `true` if PodSecurityPolicy resources should be created - pspEnabled: false - -# lvmNode contains the configurables for -# the lvm node daemonset -lvmNode: - componentName: openebs-lvm-node - driverRegistrar: - name: "csi-node-driver-registrar" - image: - # Make sure that registry name end with a '/'. - # For example : k8s.gcr.io/ is a correct value here and quay.io is incorrect - registry: k8s.gcr.io/ - repository: sig-storage/csi-node-driver-registrar - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: v2.1.0 - updateStrategy: - type: RollingUpdate - annotations: {} - podAnnotations: {} - # This can be configured to run on various different k8s distributions like - # microk8s where kubelet dir is different - kubeletDir: "/var/lib/kubelet/" - resources: {} -# limits: -# cpu: 10m -# memory: 32Mi -# requests: -# cpu: 10m -# memory: 32Mi - ## Labels to be added to openebs-lvm node pods - podLabels: - name: openebs-lvm-node - nodeSelector: {} - tolerations: [] - securityContext: {} - labels: {} - -# lvmController contains the configurables for -# the lvm controller statefulset -lvmController: - componentName: openebs-lvm-controller - replicas: 1 - serviceName: openebs-lvm - resizer: - name: "csi-resizer" - image: - # Make sure that registry name end with a '/'. - # For example : k8s.gcr.io/ is a correct value here and quay.io is incorrect - registry: k8s.gcr.io/ - repository: sig-storage/csi-resizer - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: v1.1.0 - snapshotter: - name: "csi-snapshotter" - image: - # Make sure that registry name end with a '/'. - # For example : k8s.gcr.io/ is a correct value here and quay.io is incorrect - registry: k8s.gcr.io/ - repository: sig-storage/csi-snapshotter - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: v4.0.0 - snapshotController: - name: "snapshot-controller" - image: - # Make sure that registry name end with a '/'. - # For example : k8s.gcr.io/ is a correct value here and quay.io is incorrect - registry: k8s.gcr.io/ - repository: sig-storage/snapshot-controller - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: v4.0.0 - provisioner: - name: "csi-provisioner" - image: - # Make sure that registry name end with a '/'. - # For example : k8s.gcr.io/ is a correct value here and quay.io is incorrect - registry: k8s.gcr.io/ - repository: sig-storage/csi-provisioner - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: v2.1.0 - updateStrategy: - type: RollingUpdate - annotations: {} - podAnnotations: {} - resources: {} -# limits: -# cpu: 10m -# memory: 32Mi -# requests: -# cpu: 10m -# memory: 32Mi - ## Labels to be added to openebs-lvm controller pods - podLabels: - name: openebs-lvm-controller - nodeSelector: {} - tolerations: [] - securityContext: {} - -# lvmPlugin is the common csi container used by the -# controller statefulset and node daemonset -lvmPlugin: - name: "openebs-lvm-plugin" - image: - # Make sure that registry name end with a '/'. - # For example : k8s.gcr.io/ is a correct value here and quay.io is incorrect - registry: - repository: openebs/lvm-driver - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: 0.7.0 - ioLimits: - enabled: false - containerRuntime: containerd - readIopsPerGB: "" - writeIopsPerGB: "" - # The TCP port number used for exposing lvm-metrics. - # If not set, service will not be created to expose metrics endpoint to serviceMonitor and listen-address flag will not be set. - metricsPort: 9500 - -role: openebs-lvm - -crd: - enableInstall: true - -serviceAccount: - lvmController: - # Specifies whether a service account should be created - create: true - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: openebs-lvm-controller-sa - lvmNode: - # Specifies whether a service account should be created - create: true - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: openebs-lvm-node-sa - -analytics: - enabled: true diff --git a/charts/openebs/openebs/2.11.0/charts/openebs-ndm/Chart.yaml b/charts/openebs/openebs/2.11.0/charts/openebs-ndm/Chart.yaml deleted file mode 100644 index 890c4887b..000000000 --- a/charts/openebs/openebs/2.11.0/charts/openebs-ndm/Chart.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v2 -appVersion: 1.6.0 -description: Helm chart for OpenEBS Node Disk Manager - a Kubernetes native storage - device management solution. For instructions on how to install, refer to https://openebs.github.io/node-disk-manager/. -home: http://www.openebs.io/ -icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/openebs/icon/color/openebs-icon-color.png -keywords: -- cloud-native-storage -- block-storage -- ndm -- disk-inventory -- storage -maintainers: -- email: akhil.mohan@mayadata.io - name: akhilerm -- email: michaelfornaro@gmail.com - name: xUnholy -- email: prateek.pandey@mayadata.io - name: prateekpandey14 -name: openebs-ndm -sources: -- https://github.com/openebs/node-disk-manager -version: 1.6.0 diff --git a/charts/openebs/openebs/2.11.0/charts/openebs-ndm/README.md b/charts/openebs/openebs/2.11.0/charts/openebs-ndm/README.md deleted file mode 100644 index 497b6b450..000000000 --- a/charts/openebs/openebs/2.11.0/charts/openebs-ndm/README.md +++ /dev/null @@ -1,79 +0,0 @@ -## Introduction - -This chart bootstraps OpenEBS NDM deployment on a [Kubernetes](http://kubernetes.io) cluster using the -[Helm](https://helm.sh) package manager. - -## Installation - -You can run OpenEBS NDM on any Kubernetes 1.13+ cluster in a matter of seconds. - -Please visit the [link](https://openebs.github.io/node-disk-manager/) for install instructions via helm3. - -## Configuration - -The following table lists the configurable parameters of the OpenEBS NDM chart and their default values. - -| Parameter | Description | Default | -| ----------------------------------------| --------------------------------------------- | ----------------------------------------- | -| `imagePullSecrets` | Provides image pull secrect | `""` | -| `ndm.enabled` | Enable Node Disk Manager | `true` | -| `ndm.image.registry` | Registry for Node Disk Manager image | `""` | -| `ndm.image.repository` | Image repository for Node Disk Manager | `openebs/node-disk-manager` | -| `ndm.image.pullPolicy` | Image pull policy for Node Disk Manager | `IfNotPresent` | -| `ndm.image.tag` | Image tag for Node Disk Manager | `1.5.0` | -| `ndm.sparse.path` | Directory where Sparse files are created | `/var/openebs/sparse` | -| `ndm.sparse.size` | Size of the sparse file in bytes | `10737418240` | -| `ndm.sparse.count` | Number of sparse files to be created | `0` | -| `ndm.updateStrategy.type` | Update strategy for NDM daemonset | `RollingUpdate` | -| `ndm.annotations` | Annotations for NDM daemonset metadata | `""` | -| `ndm.podAnnotations` | Annotations for NDM daemonset's pods metadata | `""` | -| `ndm.resources` | Resource and request and limit for containers | `""` | -| `ndm.podLabels` | Appends labels to the pods | `""` | -| `ndm.nodeSelector` | Nodeselector for daemonset pods | `""` | -| `ndm.tolerations` | NDM daemonset's pod toleration values | `""` | -| `ndm.securityContext` | Seurity context for container | `""` | -| `ndm.filters.enableOsDiskExcludeFilter` | Enable filters of OS disk exclude | `true` | -| `ndm.filters.osDiskExcludePaths` | Paths/Mountpoints to be excluded by OS Disk Filter| `/,/etc/hosts,/boot` | -| `ndm.filters.enableVendorFilter` | Enable filters of vendors | `true` | -| `ndm.filters.excludeVendors` | Exclude devices with specified vendor | `CLOUDBYT,OpenEBS` | -| `ndm.filters.enablePathFilter` | Enable filters of paths | `true` | -| `ndm.filters.includePaths` | Include devices with specified path patterns | `""` | -| `ndm.filters.excludePaths` | Exclude devices with specified path patterns | `loop,fd0,sr0,/dev/ram,/dev/dm-,/dev/md,/dev/rbd,/dev/zd`| -| `ndm.probes.enableSeachest` | Enable Seachest probe for NDM | `false` | -| `ndm.probes.enableUdevProbe` | Enable Udev probe for NDM | `true` | -| `ndm.probes.enableSmartProbe` | Enable Smart probe for NDM | `true` | -| `ndmOperator.enabled` | Enable NDM Operator | `true` | -| `ndmOperator.replica` | Pod replica count for NDM operator | `1` | -| `ndmOperator.upgradeStrategy` | Update strategy NDM operator | `"Recreate"` | -| `ndmOperator.image.registry` | Registry for NDM operator image | `""` | -| `ndmOperator.image.repository` | Image repository for NDM operator | `openebs/node-disk-operator` | -| `ndmOperator.image.pullPolicy` | Image pull policy for NDM operator | `IfNotPresent` | -| `ndmOperator.image.tag` | Image tag for NDM operator | `1.5.0` | -| `ndmOperator.annotations` | Annotations for NDM operator metadata | `""` | -| `ndmOperator.podAnnotations` | Annotations for NDM operator's pods metadata | `""` | -| `ndmOperator.resources` | Resource and request and limit for containers | `""` | -| `ndmOperator.podLabels` | Appends labels to the pods | `""` | -| `ndmOperator.nodeSelector` | Nodeselector for operator pods | `""` | -| `ndmOperator.tolerations` | NDM operator's pod toleration values | `""` | -| `ndmOperator.securityContext` | Seurity context for container | `""` | -| `featureGates.APIService.enabled` | Enable the gRPC API service of NDM | `false` | -| `featureGates.UseOSDisk.enabled` | Enable feature-gate to use free space on OS disk | `false` | -| `featureGates.MountChangeDetection.enabled` | Enable feature-gate to detect mountpoint/filesystem changes | `false` | -| `helperPod.image.registry` | Registry for helper image | `""` | -| `helperPod.image.repository` | Image for helper pod | `openebs/linux-utils` | -| `helperPod.image.pullPolicy` | Pull policy for helper pod | `IfNotPresent` | -| `helperPod.image.tag` | Image tag for helper image | `2.10.0` | -| `varDirectoryPath.baseDir` | Directory to store debug info and so forth | `/var/openebs` | -| `serviceAccount.create` | Create a service account or not | `true` | -| `serviceAccount.name` | Name for the service account | `true` | - - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```bash -helm install -f values.yaml ndm/openebs-ndm -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) diff --git a/charts/openebs/openebs/2.11.0/charts/openebs-ndm/crds/blockdevice.yaml b/charts/openebs/openebs/2.11.0/charts/openebs-ndm/crds/blockdevice.yaml deleted file mode 100644 index 95f40703c..000000000 --- a/charts/openebs/openebs/2.11.0/charts/openebs-ndm/crds/blockdevice.yaml +++ /dev/null @@ -1,241 +0,0 @@ - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.5.0 - creationTimestamp: null - name: blockdevices.openebs.io -spec: - group: openebs.io - names: - kind: BlockDevice - listKind: BlockDeviceList - plural: blockdevices - shortNames: - - bd - singular: blockdevice - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.nodeAttributes.nodeName - name: NodeName - type: string - - jsonPath: .spec.path - name: Path - priority: 1 - type: string - - jsonPath: .spec.filesystem.fsType - name: FSType - priority: 1 - type: string - - jsonPath: .spec.capacity.storage - name: Size - type: string - - jsonPath: .status.claimState - name: ClaimState - type: string - - jsonPath: .status.state - name: Status - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - description: BlockDevice is the Schema for the blockdevices API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: DeviceSpec defines the properties and runtime status of a BlockDevice - properties: - aggregateDevice: - description: AggregateDevice was intended to store the hierarchical information in cases of LVM. However this is currently not implemented and may need to be re-looked into for better design. To be deprecated - type: string - capacity: - description: Capacity - properties: - logicalSectorSize: - description: LogicalSectorSize is blockdevice logical-sector size in bytes - format: int32 - type: integer - physicalSectorSize: - description: PhysicalSectorSize is blockdevice physical-Sector size in bytes - format: int32 - type: integer - storage: - description: Storage is the blockdevice capacity in bytes - format: int64 - type: integer - required: - - storage - type: object - claimRef: - description: ClaimRef is the reference to the BDC which has claimed this BD - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - type: object - details: - description: Details contain static attributes of BD like model,serial, and so forth - properties: - compliance: - description: Compliance is standards/specifications version implemented by device firmware such as SPC-1, SPC-2, etc - type: string - deviceType: - description: DeviceType represents the type of device like sparse, disk, partition, lvm, crypt - enum: - - disk - - partition - - sparse - - loop - - lvm - - crypt - - dm - - mpath - type: string - driveType: - description: DriveType is the type of backing drive, HDD/SSD - enum: - - HDD - - SSD - - Unknown - - "" - type: string - firmwareRevision: - description: FirmwareRevision is the disk firmware revision - type: string - hardwareSectorSize: - description: HardwareSectorSize is the hardware sector size in bytes - format: int32 - type: integer - logicalBlockSize: - description: LogicalBlockSize is the logical block size in bytes reported by /sys/class/block/sda/queue/logical_block_size - format: int32 - type: integer - model: - description: Model is model of disk - type: string - physicalBlockSize: - description: PhysicalBlockSize is the physical block size in bytes reported by /sys/class/block/sda/queue/physical_block_size - format: int32 - type: integer - serial: - description: Serial is serial number of disk - type: string - vendor: - description: Vendor is vendor of disk - type: string - type: object - devlinks: - description: DevLinks contains soft links of a block device like /dev/by-id/... /dev/by-uuid/... - items: - description: DeviceDevLink holds the mapping between type and links like by-id type or by-path type link - properties: - kind: - description: Kind is the type of link like by-id or by-path. - enum: - - by-id - - by-path - type: string - links: - description: Links are the soft links - items: - type: string - type: array - type: object - type: array - filesystem: - description: FileSystem contains mountpoint and filesystem type - properties: - fsType: - description: Type represents the FileSystem type of the block device - type: string - mountPoint: - description: MountPoint represents the mountpoint of the block device. - type: string - type: object - nodeAttributes: - description: NodeAttributes has the details of the node on which BD is attached - properties: - nodeName: - description: NodeName is the name of the Kubernetes node resource on which the device is attached - type: string - type: object - parentDevice: - description: "ParentDevice was intended to store the UUID of the parent Block Device as is the case for partitioned block devices. \n For example: /dev/sda is the parent for /dev/sda1 To be deprecated" - type: string - partitioned: - description: Partitioned represents if BlockDevice has partitions or not (Yes/No) Currently always default to No. To be deprecated - enum: - - "Yes" - - "No" - type: string - path: - description: Path contain devpath (e.g. /dev/sdb) - type: string - required: - - capacity - - devlinks - - nodeAttributes - - path - type: object - status: - description: DeviceStatus defines the observed state of BlockDevice - properties: - claimState: - description: ClaimState represents the claim state of the block device - enum: - - Claimed - - Unclaimed - - Released - type: string - state: - description: State is the current state of the blockdevice (Active/Inactive/Unknown) - enum: - - Active - - Inactive - - Unknown - type: string - required: - - claimState - - state - type: object - type: object - served: true - storage: true - subresources: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/openebs/openebs/2.11.0/charts/openebs-ndm/crds/blockdeviceclaim.yaml b/charts/openebs/openebs/2.11.0/charts/openebs-ndm/crds/blockdeviceclaim.yaml deleted file mode 100644 index 81b9a355e..000000000 --- a/charts/openebs/openebs/2.11.0/charts/openebs-ndm/crds/blockdeviceclaim.yaml +++ /dev/null @@ -1,144 +0,0 @@ - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.5.0 - creationTimestamp: null - name: blockdeviceclaims.openebs.io -spec: - group: openebs.io - names: - kind: BlockDeviceClaim - listKind: BlockDeviceClaimList - plural: blockdeviceclaims - shortNames: - - bdc - singular: blockdeviceclaim - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.blockDeviceName - name: BlockDeviceName - type: string - - jsonPath: .status.phase - name: Phase - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - description: BlockDeviceClaim is the Schema for the blockdeviceclaims API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: DeviceClaimSpec defines the request details for a BlockDevice - properties: - blockDeviceName: - description: BlockDeviceName is the reference to the block-device backing this claim - type: string - blockDeviceNodeAttributes: - description: BlockDeviceNodeAttributes is the attributes on the node from which a BD should be selected for this claim. It can include nodename, failure domain etc. - properties: - hostName: - description: HostName represents the hostname of the Kubernetes node resource where the BD should be present - type: string - nodeName: - description: NodeName represents the name of the Kubernetes node resource where the BD should be present - type: string - type: object - deviceClaimDetails: - description: Details of the device to be claimed - properties: - allowPartition: - description: AllowPartition represents whether to claim a full block device or a device that is a partition - type: boolean - blockVolumeMode: - description: 'BlockVolumeMode represents whether to claim a device in Block mode or Filesystem mode. These are use cases of BlockVolumeMode: 1) Not specified: VolumeMode check will not be effective 2) VolumeModeBlock: BD should not have any filesystem or mountpoint 3) VolumeModeFileSystem: BD should have a filesystem and mountpoint. If DeviceFormat is specified then the format should match with the FSType in BD' - type: string - formatType: - description: Format of the device required, eg:ext4, xfs - type: string - type: object - deviceType: - description: DeviceType represents the type of drive like SSD, HDD etc., - nullable: true - type: string - hostName: - description: Node name from where blockdevice has to be claimed. To be deprecated. Use NodeAttributes.HostName instead - type: string - resources: - description: Resources will help with placing claims on Capacity, IOPS - properties: - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum resources required. eg: if storage resource of 10G is requested minimum capacity of 10G should be available TODO for validating' - type: object - required: - - requests - type: object - selector: - description: Selector is used to find block devices to be considered for claiming - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - type: object - status: - description: DeviceClaimStatus defines the observed state of BlockDeviceClaim - properties: - phase: - description: Phase represents the current phase of the claim - type: string - required: - - phase - type: object - type: object - served: true - storage: true - subresources: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/openebs/openebs/2.11.0/charts/openebs-ndm/templates/NOTES.txt b/charts/openebs/openebs/2.11.0/charts/openebs-ndm/templates/NOTES.txt deleted file mode 100644 index 3c84551b5..000000000 --- a/charts/openebs/openebs/2.11.0/charts/openebs-ndm/templates/NOTES.txt +++ /dev/null @@ -1,8 +0,0 @@ -The OpenEBS Node Disk Manager has been installed. Check its status by running: -$ kubectl get pods -n {{ .Release.Namespace }} - -Use `kubectl get bd -n {{ .Release.Namespace }} ` to see the list of -blockdevices attached to the Kubernetes cluster nodes. - -For more information, visit our Slack at https://openebs.io/community or view -the documentation online at http://docs.openebs.io/. diff --git a/charts/openebs/openebs/2.11.0/charts/openebs-ndm/templates/_helpers.tpl b/charts/openebs/openebs/2.11.0/charts/openebs-ndm/templates/_helpers.tpl deleted file mode 100644 index e6d5b99dc..000000000 --- a/charts/openebs/openebs/2.11.0/charts/openebs-ndm/templates/_helpers.tpl +++ /dev/null @@ -1,132 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -This name is used for ndm daemonset -*/}} -{{- define "openebs-ndm.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "openebs-ndm.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified ndm daemonset app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "openebs-ndm.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains .Release.Name $name }} -{{- $name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{- define "openebs-ndm.operator.name" -}} -{{- $ndmName := default .Chart.Name .Values.ndmOperator.nameOverride | trunc 63 | trimSuffix "-" }} -{{- $componentName := .Values.ndmOperator.name | trunc 63 | trimSuffix "-" }} -{{- printf "%s-%s" $ndmName $componentName | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified ndm operator app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "openebs-ndm.operator.fullname" -}} -{{- if .Values.ndmOperator.fullnameOverride }} -{{- .Values.ndmOperator.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $ndmOperatorName := include "openebs-ndm.operator.name" .}} - -{{- $name := default $ndmOperatorName .Values.ndmOperator.nameOverride }} -{{- if contains .Release.Name $name }} -{{- $name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "openebs-ndm.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "openebs-ndm.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} - -{{/* -Define meta labels for ndm components -*/}} -{{- define "openebs-ndm.common.metaLabels" -}} -chart: {{ template "openebs-ndm.chart" . }} -heritage: {{ .Release.Service }} -openebs.io/version: {{ .Values.release.version | quote }} -{{- end -}} - - -{{/* -Create match labels for ndm daemonset component -*/}} -{{- define "openebs-ndm.matchLabels" -}} -app: {{ template "openebs-ndm.name" . }} -release: {{ .Release.Name }} -component: {{ .Values.ndm.componentName | quote }} -{{- end -}} - -{{/* -Create component labels for ndm daemonset component -*/}} -{{- define "openebs-ndm.componentLabels" -}} -openebs.io/component-name: {{ .Values.ndm.componentName | quote }} -{{- end -}} - - -{{/* -Create labels for ndm daemonset component -*/}} -{{- define "openebs-ndm.labels" -}} -{{ include "openebs-ndm.common.metaLabels" . }} -{{ include "openebs-ndm.matchLabels" . }} -{{ include "openebs-ndm.componentLabels" . }} -{{- end -}} - -{{/* -Create match labels for ndm operator deployment -*/}} -{{- define "openebs-ndm.operator.matchLabels" -}} -app: {{ template "openebs-ndm.operator.name" . }} -release: {{ .Release.Name }} -component: {{ default (include "openebs-ndm.operator.name" .) .Values.ndmOperator.componentName }} -{{- end -}} - -{{/* -Create component labels for ndm operator component -*/}} -{{- define "openebs-ndm.operator.componentLabels" -}} -openebs.io/component-name: {{ default (include "openebs-ndm.operator.name" .) .Values.ndmOperator.componentName }} -{{- end -}} - - -{{/* -Create labels for ndm operator component -*/}} -{{- define "openebs-ndm.operator.labels" -}} -{{ include "openebs-ndm.common.metaLabels" . }} -{{ include "openebs-ndm.operator.matchLabels" . }} -{{ include "openebs-ndm.operator.componentLabels" . }} -{{- end -}} diff --git a/charts/openebs/openebs/2.11.0/charts/openebs-ndm/templates/configmap.yaml b/charts/openebs/openebs/2.11.0/charts/openebs-ndm/templates/configmap.yaml deleted file mode 100644 index 337b0e593..000000000 --- a/charts/openebs/openebs/2.11.0/charts/openebs-ndm/templates/configmap.yaml +++ /dev/null @@ -1,38 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "openebs-ndm.fullname" . }}-config -data: - # node-disk-manager-config contains config of available probes and filters. - # Probes and Filters will initialize with default values if config for that - # filter or probe are not present in configmap - - # udev-probe is default or primary probe it should be enabled to run ndm - # filterconfigs contains configs of filters. To provide a group of include - # and exclude values add it as , separated string - node-disk-manager.config: | - probeconfigs: - - key: udev-probe - name: udev probe - state: {{ .Values.ndm.probes.enableUdevProbe }} - - key: seachest-probe - name: seachest probe - state: {{ .Values.ndm.probes.enableSeachest }} - - key: smart-probe - name: smart probe - state: {{ .Values.ndm.probes.enableSmartProbe }} - filterconfigs: - - key: os-disk-exclude-filter - name: os disk exclude filter - state: {{ .Values.ndm.filters.enableOsDiskExcludeFilter }} - exclude: "{{ .Values.ndm.filters.osDiskExcludePaths }}" - - key: vendor-filter - name: vendor filter - state: {{ .Values.ndm.filters.enableVendorFilter }} - include: "" - exclude: "{{ .Values.ndm.filters.excludeVendors }}" - - key: path-filter - name: path filter - state: {{ .Values.ndm.filters.enablePathFilter }} - include: "{{ .Values.ndm.filters.includePaths }}" - exclude: "{{ .Values.ndm.filters.excludePaths }}" diff --git a/charts/openebs/openebs/2.11.0/charts/openebs-ndm/templates/daemonset.yaml b/charts/openebs/openebs/2.11.0/charts/openebs-ndm/templates/daemonset.yaml deleted file mode 100644 index af66edfe5..000000000 --- a/charts/openebs/openebs/2.11.0/charts/openebs-ndm/templates/daemonset.yaml +++ /dev/null @@ -1,176 +0,0 @@ -{{- if .Values.ndm.enabled }} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ template "openebs-ndm.fullname" . }} - {{- with .Values.ndm.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} - labels: - {{- include "openebs-ndm.labels" . | nindent 4 }} -spec: - updateStrategy: -{{ toYaml .Values.ndm.updateStrategy | indent 4 }} - selector: - matchLabels: - {{- include "openebs-ndm.matchLabels" . | nindent 6 }} - template: - metadata: - {{- with .Values.ndm.podAnnotations }} - annotations: {{ toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "openebs-ndm.labels" . | nindent 8 }} - {{- with .Values.ndm.podLabels}} - {{ toYaml . | nindent 8 }} - {{- end}} - spec: - serviceAccountName: {{ template "openebs-ndm.serviceAccountName" . }} -{{- if .Values.featureGates.enabled }} -{{- if .Values.featureGates.APIService.enabled }} - hostPID: true -{{- end}} -{{- end}} - containers: - - name: {{ template "openebs-ndm.name" . }} - image: "{{ .Values.ndm.image.registry }}{{ .Values.ndm.image.repository }}:{{ .Values.ndm.image.tag }}" - args: - - -v=4 -{{- if .Values.featureGates.enabled }} -{{- if .Values.featureGates.GPTBasedUUID.enabled }} - - --feature-gates={{ .Values.featureGates.GPTBasedUUID.featureGateFlag }} -{{- end}} -{{- if .Values.featureGates.APIService.enabled }} - - --feature-gates={{ .Values.featureGates.APIService.featureGateFlag }} - - --api-service-address={{ .Values.featureGates.APIService.address }} -{{- end}} -{{- if .Values.featureGates.UseOSDisk.enabled }} - - --feature-gates={{ .Values.featureGates.UseOSDisk.featureGateFlag }} -{{- end}} -{{- if .Values.featureGates.MountChangeDetection.enabled }} - - --feature-gates={{ .Values.featureGates.MountChangeDetection.featureGateFlag }} -{{- end}} -{{- end}} - imagePullPolicy: {{ .Values.ndm.image.pullPolicy }} - resources: -{{ toYaml .Values.ndm.resources | indent 12 }} - securityContext: - privileged: true - env: - # namespace in which NDM is installed will be passed to NDM Daemonset - # as environment variable - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - # pass hostname as env variable using downward API to the NDM container - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName -{{- if .Values.ndm.sparse }} -{{- if .Values.ndm.sparse.path }} - # specify the directory where the sparse files need to be created. - # if not specified, then sparse files will not be created. - - name: SPARSE_FILE_DIR - value: "{{ .Values.ndm.sparse.path }}" -{{- end }} -{{- if .Values.ndm.sparse.size }} - # Size(bytes) of the sparse file to be created. - - name: SPARSE_FILE_SIZE - value: "{{ .Values.ndm.sparse.size }}" -{{- end }} -{{- if .Values.ndm.sparse.count }} - # Specify the number of sparse files to be created - - name: SPARSE_FILE_COUNT - value: "{{ .Values.ndm.sparse.count }}" -{{- end }} -{{- end }} - # Process name used for matching is limited to the 15 characters - # present in the pgrep output. - # So fullname can be used here with pgrep (cmd is < 15 chars). - livenessProbe: - exec: - command: - - pgrep - - "ndm" - initialDelaySeconds: {{ .Values.ndm.healthCheck.initialDelaySeconds }} - periodSeconds: {{ .Values.ndm.healthCheck.periodSeconds }} - volumeMounts: - - name: config - mountPath: /host/node-disk-manager.config - subPath: node-disk-manager.config - readOnly: true - - name: udev - mountPath: /run/udev - - name: procmount - mountPath: /host/proc - readOnly: true - - name: devmount - mountPath: /dev - - name: basepath - mountPath: /var/openebs/ndm -{{- if .Values.ndm.sparse }} -{{- if .Values.ndm.sparse.path }} - - name: sparsepath - mountPath: {{ .Values.ndm.sparse.path }} -{{- end }} -{{- end }} - volumes: - - name: config - configMap: - name: {{ include "openebs-ndm.fullname" . }}-config - - name: udev - hostPath: - path: /run/udev - type: Directory - # mount /proc (to access mount file of process 1 of host) inside container - # to read mount-point of disks and partitions - - name: procmount - hostPath: - path: /proc - type: Directory - - name: devmount - # the /dev directory is mounted so that we have access to the devices that - # are connected at runtime of the pod. - hostPath: - path: /dev - type: Directory - - name: basepath - hostPath: - path: "{{ .Values.varDirectoryPath.baseDir }}/ndm" - type: DirectoryOrCreate -{{- if .Values.ndm.sparse }} -{{- if .Values.ndm.sparse.path }} - - name: sparsepath - hostPath: - path: {{ .Values.ndm.sparse.path }} -{{- end }} -{{- end }} - # By default the node-disk-manager will be run on all kubernetes nodes - # If you would like to limit this to only some nodes, say the nodes - # that have storage attached, you could label those node and use - # nodeSelector. - # - # e.g. label the storage nodes with - "openebs.io/nodegroup"="storage-node" - # kubectl label node "openebs.io/nodegroup"="storage-node" - #nodeSelector: - # "openebs.io/nodegroup": "storage-node" -{{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 6 }} -{{- end }} -{{- if .Values.ndm.nodeSelector }} - nodeSelector: -{{ toYaml .Values.ndm.nodeSelector | indent 8 }} -{{- end }} -{{- if .Values.ndm.tolerations }} - tolerations: -{{ toYaml .Values.ndm.tolerations | indent 8 }} -{{- end }} -{{- if .Values.ndm.securityContext }} - securityContext: -{{ toYaml .Values.ndm.securityContext | indent 8 }} -{{- end }} - hostNetwork: true -{{- end }} diff --git a/charts/openebs/openebs/2.11.0/charts/openebs-ndm/templates/deployment.yaml b/charts/openebs/openebs/2.11.0/charts/openebs-ndm/templates/deployment.yaml deleted file mode 100644 index 4a54dc777..000000000 --- a/charts/openebs/openebs/2.11.0/charts/openebs-ndm/templates/deployment.yaml +++ /dev/null @@ -1,87 +0,0 @@ -{{- if .Values.ndmOperator.enabled }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "openebs-ndm.operator.fullname" . }} - {{- with .Values.ndmOperator.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} - labels: - {{- include "openebs-ndm.operator.labels" . | nindent 4 }} -spec: - replicas: {{ .Values.ndmOperator.replicas }} - strategy: - type: "Recreate" - rollingUpdate: null - selector: - matchLabels: - {{- include "openebs-ndm.operator.matchLabels" . | nindent 6 }} - template: - metadata: - {{- with .Values.ndmOperator.podAnnotations }} - annotations: {{ toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "openebs-ndm.operator.labels" . | nindent 8 }} - {{- with .Values.ndmOperator.podLabels}} - {{ toYaml . | nindent 8 }} - {{- end}} - spec: - serviceAccountName: {{ template "openebs-ndm.serviceAccountName" . }} - containers: - - name: {{ template "openebs-ndm.operator.fullname" . }} - image: "{{ .Values.ndmOperator.image.registry }}{{ .Values.ndmOperator.image.repository }}:{{ .Values.ndmOperator.image.tag }}" - imagePullPolicy: {{ .Values.ndmOperator.image.pullPolicy }} - resources: -{{ toYaml .Values.ndmOperator.resources | indent 12 }} - livenessProbe: - httpGet: - path: /healthz - port: 8585 - initialDelaySeconds: {{ .Values.ndmOperator.healthCheck.initialDelaySeconds }} - periodSeconds: {{ .Values.ndmOperator.healthCheck.periodSeconds }} - readinessProbe: - httpGet: - path: /readyz - port: 8585 - initialDelaySeconds: {{ .Values.ndmOperator.readinessCheck.initialDelaySeconds }} - periodSeconds: {{ .Values.ndmOperator.readinessCheck.periodSeconds }} - env: - - name: WATCH_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: OPERATOR_NAME - value: "node-disk-operator" - - name: CLEANUP_JOB_IMAGE - value: "{{ .Values.helperPod.image.registry }}{{ .Values.helperPod.image.repository }}:{{ .Values.helperPod.image.tag }}" -{{- if .Values.imagePullSecrets }} - - name: OPENEBS_IO_IMAGE_PULL_SECRETS - value: "{{- range $index, $secret := .Values.imagePullSecrets}}{{if $index}},{{end}}{{ $secret.name }}{{- end}}" -{{- end }} -{{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 6 }} -{{- end }} -{{- if .Values.ndmOperator.nodeSelector }} - nodeSelector: -{{ toYaml .Values.ndmOperator.nodeSelector | indent 8 }} -{{- end }} -{{- if .Values.ndmOperator.securityContext }} - securityContext: -{{ toYaml .Values.ndmOperator.securityContext | indent 8 }} -{{- end }} -{{- if .Values.ndmOperator.tolerations }} - tolerations: -{{ toYaml .Values.ndmOperator.tolerations | indent 8 }} -{{- end }} -{{- end }} diff --git a/charts/openebs/openebs/2.11.0/charts/openebs-ndm/templates/rbac.yaml b/charts/openebs/openebs/2.11.0/charts/openebs-ndm/templates/rbac.yaml deleted file mode 100644 index 8e81c4922..000000000 --- a/charts/openebs/openebs/2.11.0/charts/openebs-ndm/templates/rbac.yaml +++ /dev/null @@ -1,44 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "openebs-ndm.serviceAccountName" . }} -{{- end }} ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ include "openebs-ndm.fullname" . }} -rules: - - apiGroups: ["*"] - resources: ["nodes", "pods", "events", "configmaps", "jobs"] - verbs: - - '*' - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: - - '*' - - apiGroups: - - openebs.io - resources: - - blockdevices - - blockdeviceclaims - verbs: - - '*' ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ include "openebs-ndm.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ include "openebs-ndm.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - - kind: User - name: system:serviceaccount:default:default - apiGroup: rbac.authorization.k8s.io -roleRef: - kind: ClusterRole - name: {{ include "openebs-ndm.fullname" . }} - apiGroup: rbac.authorization.k8s.io ---- diff --git a/charts/openebs/openebs/2.11.0/charts/openebs-ndm/values.yaml b/charts/openebs/openebs/2.11.0/charts/openebs-ndm/values.yaml deleted file mode 100644 index 14928d497..000000000 --- a/charts/openebs/openebs/2.11.0/charts/openebs-ndm/values.yaml +++ /dev/null @@ -1,121 +0,0 @@ -# Default values for ndm. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. -release: - version: "1.6.0" - -imagePullSecrets: -# - name: "image-pull-secret" - -ndm: - componentName: ndm - enabled: true - image: - # Make sure that registry name end with a '/'. - # For example : quay.io/ is a correct value here and quay.io is incorrect - registry: - repository: openebs/node-disk-manager - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: 1.6.0 - sparse: - path: "/var/openebs/sparse" - size: "10737418240" - count: "0" - updateStrategy: - type: RollingUpdate - annotations: {} - podAnnotations: {} - resources: {} - # limits: - # cpu: 10m - # memory: 32Mi - # requests: - # cpu: 10m - # memory: 32Mi - ## Labels to be added to ndm daemonset pods - podLabels: - name: openebs-ndm - nodeSelector: {} - tolerations: [] - securityContext: {} - filters: - enableOsDiskExcludeFilter: true - osDiskExcludePaths: "/,/etc/hosts,/boot" - enableVendorFilter: true - excludeVendors: "CLOUDBYT,OpenEBS" - enablePathFilter: true - includePaths: "" - excludePaths: "loop,fd0,sr0,/dev/ram,/dev/dm-,/dev/md,/dev/rbd,/dev/zd" - probes: - enableSeachest: false - enableUdevProbe: true - enableSmartProbe: true - healthCheck: - initialDelaySeconds: 30 - periodSeconds: 60 - -ndmOperator: - name: operator - enabled: true - image: - registry: - repository: openebs/node-disk-operator - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: 1.6.0 - podLabels: - name: openebs-ndm-operator - annotations: {} - podAnnotations: {} - nodeSelector: {} - resources: {} - securityContext: {} - tolerations: [] - healthCheck: - initialDelaySeconds: 15 - periodSeconds: 20 - readinessCheck: - initialDelaySeconds: 5 - periodSeconds: 10 - replicas: 1 - upgradeStrategy: Recreate - -helperPod: - image: - registry: "" - repository: openebs/linux-utils - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: 2.11.0 - -crd: - enableInstall: false - -featureGates: - enabled: true - GPTBasedUUID: - enabled: true - featureGateFlag: "GPTBasedUUID" - APIService: - enabled: false - featureGateFlag: "APIService" - address: "0.0.0.0:9115" - UseOSDisk: - enabled: false - featureGateFlag: "UseOSDisk" - MountChangeDetection: - enabled: false - featureGateFlag: "MountChangeDetection" - -# Directory used by the OpenEBS to store debug information and so forth -# that are generated in the course of running OpenEBS containers. -varDirectoryPath: - baseDir: "/var/openebs" - -serviceAccount: - # Specifies whether a service account should be created - create: true - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: openebs-ndm diff --git a/charts/openebs/openebs/2.11.0/charts/zfs-localpv/.helmignore b/charts/openebs/openebs/2.11.0/charts/zfs-localpv/.helmignore deleted file mode 100644 index 0e8a0eb36..000000000 --- a/charts/openebs/openebs/2.11.0/charts/zfs-localpv/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/openebs/openebs/2.11.0/charts/zfs-localpv/Chart.yaml b/charts/openebs/openebs/2.11.0/charts/zfs-localpv/Chart.yaml deleted file mode 100644 index 53a9d8c42..000000000 --- a/charts/openebs/openebs/2.11.0/charts/zfs-localpv/Chart.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v2 -appVersion: 1.9.0 -description: CSI Driver for dynamic provisioning of ZFS Persistent Local Volumes. -home: http://www.openebs.io/ -icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/openebs/icon/color/openebs-icon-color.png -keywords: -- cloud-native-storage -- block-storage -- filesystem -- ZFS -- Local Persistent Volumes -- storage -maintainers: -- email: michaelfornaro@gmail.com - name: xUnholy -- email: prateek.pandey@mayadata.io - name: prateekpandey14 -- email: pawan@mayadata.io - name: pawanpraka1 -name: zfs-localpv -sources: -- https://github.com/openebs/zfs-localpv -version: 1.9.0 diff --git a/charts/openebs/openebs/2.11.0/charts/zfs-localpv/README.md b/charts/openebs/openebs/2.11.0/charts/zfs-localpv/README.md deleted file mode 100644 index ea6ea79f0..000000000 --- a/charts/openebs/openebs/2.11.0/charts/zfs-localpv/README.md +++ /dev/null @@ -1,136 +0,0 @@ - -# OpenEBS LocalPV Provisioner - -[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0) -![Chart Lint and Test](https://github.com/openebs/zfs-localpv/workflows/Chart%20Lint%20and%20Test/badge.svg) -![Release Charts](https://github.com/openebs/zfs-localpv/workflows/Release%20Charts/badge.svg?branch=develop) - -A Helm chart for openebs zfs localpv provisioner. This chart bootstraps OpenEBS ZFS LocalPV provisioner deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - - -**Homepage:** - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| pawanpraka1 | pawan@mayadata.io | | -| xUnholy | michaelfornaro@gmail.com | | -| prateekpandey14 | prateek.pandey@mayadata.io | | - - -## Get Repo Info - -```console -helm repo add openebs-zfslocalpv https://openebs.github.io/zfs-localpv -helm repo update -``` - -_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ - -## Install Chart - -Please visit the [link](https://openebs.github.io/zfs-localpv/) for install instructions via helm3. - -```console -# Helm -$ helm install [RELEASE_NAME] openebs-zfslocalpv/zfs-localpv -``` - -**Note:** If moving from the operator to helm -- Make sure the namespace provided in the helm install command is same as `OPENEBS_NAMESPACE` (by default it is `openebs`) env in the controller statefulset. -- Before installing, clean up the stale statefulset and daemonset from `kube-system` namespace using the below commands -```sh -kubectl delete sts openebs-zfs-controller -n kube-system -kubectl delete ds openebs-zfs-node -n kube-system -``` - - -_See [configuration](#configuration) below._ - -_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._ - -## Uninstall Chart - -```console -# Helm -$ helm uninstall [RELEASE_NAME] -``` - -This removes all the Kubernetes components associated with the chart and deletes the release. - -_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._ - -## Upgrading Chart - -```console -# Helm -$ helm upgrade [RELEASE_NAME] [CHART] --install -``` - -## Configuration - -The following table lists the configurable parameters of the OpenEBS ZFS Localpv chart and their default values. - -| Parameter| Description| Default| -| -| -| -| -| `imagePullSecrets`| Provides image pull secrect| `""`| -| `zfsPlugin.image.registry`| Registry for openebs-zfs-plugin image| `""`| -| `zfsPlugin.image.repository`| Image repository for openebs-zfs-plugin| `openebs/zfs-driver`| -| `zfsPlugin.image.pullPolicy`| Image pull policy for openebs-zfs-plugin| `IfNotPresent`| -| `zfsPlugin.image.tag`| Image tag for openebs-zfs-plugin| `1.9.0`| -| `zfsNode.driverRegistrar.image.registry`| Registry for csi-node-driver-registrar image| `k8s.gcr.io/`| -| `zfsNode.driverRegistrar.image.repository`| Image repository for csi-node-driver-registrar| `sig-storage/csi-node-driver-registrar`| -| `zfsNode.driverRegistrar.image.pullPolicy`| Image pull policy for csi-node-driver-registrar| `IfNotPresent`| -| `zfsNode.driverRegistrar.image.tag`| Image tag for csi-node-driver-registrar| `v1.2.0`| -| `zfsNode.updateStrategy.type`| Update strategy for zfsnode daemonset | `RollingUpdate` | -| `zfsNode.kubeletDir`| Kubelet mount point for zfsnode daemonset| `"/var/lib/kubelet/"` | -| `zfsNode.annotations` | Annotations for zfsnode daemonset metadata| `""`| -| `zfsNode.podAnnotations`| Annotations for zfsnode daemonset's pods metadata | `""`| -| `zfsNode.resources`| Resource and request and limit for zfsnode daemonset containers | `""`| -| `zfsNode.labels`| Labels for zfsnode daemonset metadata | `""`| -| `zfsNode.podLabels`| Appends labels to the zfsnode daemonset pods| `""`| -| `zfsNode.nodeSelector`| Nodeselector for zfsnode daemonset pods| `""`| -| `zfsNode.tolerations` | zfsnode daemonset's pod toleration values | `""`| -| `zfsNode.securityContext` | Seurity context for zfsnode daemonset container | `""`| -| `zfsController.resizer.image.registry`| Registry for csi-resizer image| `k8s.gcr.io/`| -| `zfsController.resizer.image.repository`| Image repository for csi-resizer| `sig-storage/csi-resizer`| -| `zfsController.resizer.image.pullPolicy`| Image pull policy for csi-resizer| `IfNotPresent`| -| `zfsController.resizer.image.tag`| Image tag for csi-resizer| `v1.1.0`| -| `zfsController.snapshotter.image.registry`| Registry for csi-snapshotter image| `k8s.gcr.io/`| -| `zfsController.snapshotter.image.repository`| Image repository for csi-snapshotter| `sig-storage/csi-snapshotter`| -| `zfsController.snapshotter.image.pullPolicy`| Image pull policy for csi-snapshotter| `IfNotPresent`| -| `zfsController.snapshotter.image.tag`| Image tag for csi-snapshotter| `v4.0.0`| -| `zfsController.snapshotController.image.registry`| Registry for snapshot-controller image| `k8s.gcr.io/`| -| `zfsController.snapshotController.image.repository`| Image repository for snapshot-controller| `sig-storage/snapshot-controller`| -| `zfsController.snapshotController.image.pullPolicy`| Image pull policy for snapshot-controller| `IfNotPresent`| -| `zfsController.snapshotController.image.tag`| Image tag for snapshot-controller| `v4.0.0`| -| `zfsController.provisioner.image.registry`| Registry for csi-provisioner image| `k8s.gcr.io/`| -| `zfsController.provisioner.image.repository`| Image repository for csi-provisioner| `sig-storage/csi-provisioner`| -| `zfsController.provisioner.image.pullPolicy`| Image pull policy for csi-provisioner| `IfNotPresent`| -| `zfsController.provisioner.image.tag`| Image tag for csi-provisioner| `v2.1.0`| -| `zfsController.updateStrategy.type`| Update strategy for zfs localpv controller statefulset | `RollingUpdate` | -| `zfsController.annotations` | Annotations for zfs localpv controller statefulset metadata| `""`| -| `zfsController.podAnnotations`| Annotations for zfs localpv controller statefulset's pods metadata | `""`| -| `zfsController.resources`| Resource and request and limit for zfs localpv controller statefulset containers | `""`| -| `zfsController.labels`| Labels for zfs localpv controller statefulset metadata | `""`| -| `zfsController.podLabels`| Appends labels to the zfs localpv controller statefulset pods| `""`| -| `zfsController.nodeSelector`| Nodeselector for zfs localpv controller statefulset pods| `""`| -| `zfsController.tolerations` | zfs localpv controller statefulset's pod toleration values | `""`| -| `zfsController.securityContext` | Seurity context for zfs localpv controller statefulset container | `""`| -| `rbac.pspEnabled` | Enable PodSecurityPolicy | `false` | -| `serviceAccount.zfsNode.create` | Create a service account for zfsnode or not| `true`| -| `serviceAccount.zfsNode.name` | Name for the zfsnode service account| `openebs-zfs-node-sa`| -| `serviceAccount.zfsController.create` | Create a service account for zfs localpv controller or not| `true`| -| `serviceAccount.zfsController.name` | Name for the zfs localpv controller service account| `openebs-zfs-controller-sa`| -| `analytics.enabled` | Enable or Disable google analytics for the controller| `true`| - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```bash -helm install -f values.yaml openebs/zfs-localpv -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) diff --git a/charts/openebs/openebs/2.11.0/charts/zfs-localpv/crds/volumesnapshotclasses.yaml b/charts/openebs/openebs/2.11.0/charts/zfs-localpv/crds/volumesnapshotclasses.yaml deleted file mode 100644 index 820a9a394..000000000 --- a/charts/openebs/openebs/2.11.0/charts/zfs-localpv/crds/volumesnapshotclasses.yaml +++ /dev/null @@ -1,111 +0,0 @@ - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.0 - api-approved.kubernetes.io: "https://github.com/kubernetes-csi/external-snapshotter/pull/419" - creationTimestamp: null - name: volumesnapshotclasses.snapshot.storage.k8s.io -spec: - group: snapshot.storage.k8s.io - names: - kind: VolumeSnapshotClass - listKind: VolumeSnapshotClassList - plural: volumesnapshotclasses - singular: volumesnapshotclass - scope: Cluster - versions: - - additionalPrinterColumns: - - jsonPath: .driver - name: Driver - type: string - - description: Determines whether a VolumeSnapshotContent created through the VolumeSnapshotClass should be deleted when its bound VolumeSnapshot is deleted. - jsonPath: .deletionPolicy - name: DeletionPolicy - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - description: VolumeSnapshotClass specifies parameters that a underlying storage system uses when creating a volume snapshot. A specific VolumeSnapshotClass is used by specifying its name in a VolumeSnapshot object. VolumeSnapshotClasses are non-namespaced - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - deletionPolicy: - description: deletionPolicy determines whether a VolumeSnapshotContent created through the VolumeSnapshotClass should be deleted when its bound VolumeSnapshot is deleted. Supported values are "Retain" and "Delete". "Retain" means that the VolumeSnapshotContent and its physical snapshot on underlying storage system are kept. "Delete" means that the VolumeSnapshotContent and its physical snapshot on underlying storage system are deleted. Required. - enum: - - Delete - - Retain - type: string - driver: - description: driver is the name of the storage driver that handles this VolumeSnapshotClass. Required. - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - parameters: - additionalProperties: - type: string - description: parameters is a key-value map with storage driver specific parameters for creating snapshots. These values are opaque to Kubernetes. - type: object - required: - - deletionPolicy - - driver - type: object - served: true - storage: false - subresources: {} - - additionalPrinterColumns: - - jsonPath: .driver - name: Driver - type: string - - description: Determines whether a VolumeSnapshotContent created through the VolumeSnapshotClass should be deleted when its bound VolumeSnapshot is deleted. - jsonPath: .deletionPolicy - name: DeletionPolicy - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: VolumeSnapshotClass specifies parameters that a underlying storage system uses when creating a volume snapshot. A specific VolumeSnapshotClass is used by specifying its name in a VolumeSnapshot object. VolumeSnapshotClasses are non-namespaced - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - deletionPolicy: - description: deletionPolicy determines whether a VolumeSnapshotContent created through the VolumeSnapshotClass should be deleted when its bound VolumeSnapshot is deleted. Supported values are "Retain" and "Delete". "Retain" means that the VolumeSnapshotContent and its physical snapshot on underlying storage system are kept. "Delete" means that the VolumeSnapshotContent and its physical snapshot on underlying storage system are deleted. Required. - enum: - - Delete - - Retain - type: string - driver: - description: driver is the name of the storage driver that handles this VolumeSnapshotClass. Required. - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - parameters: - additionalProperties: - type: string - description: parameters is a key-value map with storage driver specific parameters for creating snapshots. These values are opaque to Kubernetes. - type: object - required: - - deletionPolicy - - driver - type: object - served: true - storage: true - subresources: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/openebs/openebs/2.11.0/charts/zfs-localpv/crds/volumesnapshotcontents.yaml b/charts/openebs/openebs/2.11.0/charts/zfs-localpv/crds/volumesnapshotcontents.yaml deleted file mode 100644 index b27b3286e..000000000 --- a/charts/openebs/openebs/2.11.0/charts/zfs-localpv/crds/volumesnapshotcontents.yaml +++ /dev/null @@ -1,292 +0,0 @@ - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.0 - api-approved.kubernetes.io: "https://github.com/kubernetes-csi/external-snapshotter/pull/419" - creationTimestamp: null - name: volumesnapshotcontents.snapshot.storage.k8s.io -spec: - group: snapshot.storage.k8s.io - names: - kind: VolumeSnapshotContent - listKind: VolumeSnapshotContentList - plural: volumesnapshotcontents - singular: volumesnapshotcontent - scope: Cluster - versions: - - additionalPrinterColumns: - - description: Indicates if the snapshot is ready to be used to restore a volume. - jsonPath: .status.readyToUse - name: ReadyToUse - type: boolean - - description: Represents the complete size of the snapshot in bytes - jsonPath: .status.restoreSize - name: RestoreSize - type: integer - - description: Determines whether this VolumeSnapshotContent and its physical snapshot on the underlying storage system should be deleted when its bound VolumeSnapshot is deleted. - jsonPath: .spec.deletionPolicy - name: DeletionPolicy - type: string - - description: Name of the CSI driver used to create the physical snapshot on the underlying storage system. - jsonPath: .spec.driver - name: Driver - type: string - - description: Name of the VolumeSnapshotClass to which this snapshot belongs. - jsonPath: .spec.volumeSnapshotClassName - name: VolumeSnapshotClass - type: string - - description: Name of the VolumeSnapshot object to which this VolumeSnapshotContent object is bound. - jsonPath: .spec.volumeSnapshotRef.name - name: VolumeSnapshot - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - description: VolumeSnapshotContent represents the actual "on-disk" snapshot object in the underlying storage system - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: spec defines properties of a VolumeSnapshotContent created by the underlying storage system. Required. - properties: - deletionPolicy: - description: deletionPolicy determines whether this VolumeSnapshotContent and its physical snapshot on the underlying storage system should be deleted when its bound VolumeSnapshot is deleted. Supported values are "Retain" and "Delete". "Retain" means that the VolumeSnapshotContent and its physical snapshot on underlying storage system are kept. "Delete" means that the VolumeSnapshotContent and its physical snapshot on underlying storage system are deleted. For dynamically provisioned snapshots, this field will automatically be filled in by the CSI snapshotter sidecar with the "DeletionPolicy" field defined in the corresponding VolumeSnapshotClass. For pre-existing snapshots, users MUST specify this field when creating the VolumeSnapshotContent object. Required. - enum: - - Delete - - Retain - type: string - driver: - description: driver is the name of the CSI driver used to create the physical snapshot on the underlying storage system. This MUST be the same as the name returned by the CSI GetPluginName() call for that driver. Required. - type: string - source: - description: source specifies whether the snapshot is (or should be) dynamically provisioned or already exists, and just requires a Kubernetes object representation. This field is immutable after creation. Required. - properties: - snapshotHandle: - description: snapshotHandle specifies the CSI "snapshot_id" of a pre-existing snapshot on the underlying storage system for which a Kubernetes object representation was (or should be) created. This field is immutable. - type: string - volumeHandle: - description: volumeHandle specifies the CSI "volume_id" of the volume from which a snapshot should be dynamically taken from. This field is immutable. - type: string - type: object - oneOf: - - required: ["snapshotHandle"] - - required: ["volumeHandle"] - volumeSnapshotClassName: - description: name of the VolumeSnapshotClass from which this snapshot was (or will be) created. Note that after provisioning, the VolumeSnapshotClass may be deleted or recreated with different set of values, and as such, should not be referenced post-snapshot creation. - type: string - volumeSnapshotRef: - description: volumeSnapshotRef specifies the VolumeSnapshot object to which this VolumeSnapshotContent object is bound. VolumeSnapshot.Spec.VolumeSnapshotContentName field must reference to this VolumeSnapshotContent's name for the bidirectional binding to be valid. For a pre-existing VolumeSnapshotContent object, name and namespace of the VolumeSnapshot object MUST be provided for binding to happen. This field is immutable after creation. Required. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - type: object - required: - - deletionPolicy - - driver - - source - - volumeSnapshotRef - type: object - status: - description: status represents the current information of a snapshot. - properties: - creationTime: - description: creationTime is the timestamp when the point-in-time snapshot is taken by the underlying storage system. In dynamic snapshot creation case, this field will be filled in by the CSI snapshotter sidecar with the "creation_time" value returned from CSI "CreateSnapshot" gRPC call. For a pre-existing snapshot, this field will be filled with the "creation_time" value returned from the CSI "ListSnapshots" gRPC call if the driver supports it. If not specified, it indicates the creation time is unknown. The format of this field is a Unix nanoseconds time encoded as an int64. On Unix, the command `date +%s%N` returns the current time in nanoseconds since 1970-01-01 00:00:00 UTC. - format: int64 - type: integer - error: - description: error is the last observed error during snapshot creation, if any. Upon success after retry, this error field will be cleared. - properties: - message: - description: 'message is a string detailing the encountered error during snapshot creation if specified. NOTE: message may be logged, and it should not contain sensitive information.' - type: string - time: - description: time is the timestamp when the error was encountered. - format: date-time - type: string - type: object - readyToUse: - description: readyToUse indicates if a snapshot is ready to be used to restore a volume. In dynamic snapshot creation case, this field will be filled in by the CSI snapshotter sidecar with the "ready_to_use" value returned from CSI "CreateSnapshot" gRPC call. For a pre-existing snapshot, this field will be filled with the "ready_to_use" value returned from the CSI "ListSnapshots" gRPC call if the driver supports it, otherwise, this field will be set to "True". If not specified, it means the readiness of a snapshot is unknown. - type: boolean - restoreSize: - description: restoreSize represents the complete size of the snapshot in bytes. In dynamic snapshot creation case, this field will be filled in by the CSI snapshotter sidecar with the "size_bytes" value returned from CSI "CreateSnapshot" gRPC call. For a pre-existing snapshot, this field will be filled with the "size_bytes" value returned from the CSI "ListSnapshots" gRPC call if the driver supports it. When restoring a volume from this snapshot, the size of the volume MUST NOT be smaller than the restoreSize if it is specified, otherwise the restoration will fail. If not specified, it indicates that the size is unknown. - format: int64 - minimum: 0 - type: integer - snapshotHandle: - description: snapshotHandle is the CSI "snapshot_id" of a snapshot on the underlying storage system. If not specified, it indicates that dynamic snapshot creation has either failed or it is still in progress. - type: string - type: object - required: - - spec - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - description: Indicates if the snapshot is ready to be used to restore a volume. - jsonPath: .status.readyToUse - name: ReadyToUse - type: boolean - - description: Represents the complete size of the snapshot in bytes - jsonPath: .status.restoreSize - name: RestoreSize - type: integer - - description: Determines whether this VolumeSnapshotContent and its physical snapshot on the underlying storage system should be deleted when its bound VolumeSnapshot is deleted. - jsonPath: .spec.deletionPolicy - name: DeletionPolicy - type: string - - description: Name of the CSI driver used to create the physical snapshot on the underlying storage system. - jsonPath: .spec.driver - name: Driver - type: string - - description: Name of the VolumeSnapshotClass to which this snapshot belongs. - jsonPath: .spec.volumeSnapshotClassName - name: VolumeSnapshotClass - type: string - - description: Name of the VolumeSnapshot object to which this VolumeSnapshotContent object is bound. - jsonPath: .spec.volumeSnapshotRef.name - name: VolumeSnapshot - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: VolumeSnapshotContent represents the actual "on-disk" snapshot object in the underlying storage system - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: spec defines properties of a VolumeSnapshotContent created by the underlying storage system. Required. - properties: - deletionPolicy: - description: deletionPolicy determines whether this VolumeSnapshotContent and its physical snapshot on the underlying storage system should be deleted when its bound VolumeSnapshot is deleted. Supported values are "Retain" and "Delete". "Retain" means that the VolumeSnapshotContent and its physical snapshot on underlying storage system are kept. "Delete" means that the VolumeSnapshotContent and its physical snapshot on underlying storage system are deleted. For dynamically provisioned snapshots, this field will automatically be filled in by the CSI snapshotter sidecar with the "DeletionPolicy" field defined in the corresponding VolumeSnapshotClass. For pre-existing snapshots, users MUST specify this field when creating the VolumeSnapshotContent object. Required. - enum: - - Delete - - Retain - type: string - driver: - description: driver is the name of the CSI driver used to create the physical snapshot on the underlying storage system. This MUST be the same as the name returned by the CSI GetPluginName() call for that driver. Required. - type: string - source: - description: source specifies whether the snapshot is (or should be) dynamically provisioned or already exists, and just requires a Kubernetes object representation. This field is immutable after creation. Required. - properties: - snapshotHandle: - description: snapshotHandle specifies the CSI "snapshot_id" of a pre-existing snapshot on the underlying storage system for which a Kubernetes object representation was (or should be) created. This field is immutable. - type: string - volumeHandle: - description: volumeHandle specifies the CSI "volume_id" of the volume from which a snapshot should be dynamically taken from. This field is immutable. - type: string - type: object - volumeSnapshotClassName: - description: name of the VolumeSnapshotClass from which this snapshot was (or will be) created. Note that after provisioning, the VolumeSnapshotClass may be deleted or recreated with different set of values, and as such, should not be referenced post-snapshot creation. - type: string - volumeSnapshotRef: - description: volumeSnapshotRef specifies the VolumeSnapshot object to which this VolumeSnapshotContent object is bound. VolumeSnapshot.Spec.VolumeSnapshotContentName field must reference to this VolumeSnapshotContent's name for the bidirectional binding to be valid. For a pre-existing VolumeSnapshotContent object, name and namespace of the VolumeSnapshot object MUST be provided for binding to happen. This field is immutable after creation. Required. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - type: object - required: - - deletionPolicy - - driver - - source - - volumeSnapshotRef - type: object - status: - description: status represents the current information of a snapshot. - properties: - creationTime: - description: creationTime is the timestamp when the point-in-time snapshot is taken by the underlying storage system. In dynamic snapshot creation case, this field will be filled in by the CSI snapshotter sidecar with the "creation_time" value returned from CSI "CreateSnapshot" gRPC call. For a pre-existing snapshot, this field will be filled with the "creation_time" value returned from the CSI "ListSnapshots" gRPC call if the driver supports it. If not specified, it indicates the creation time is unknown. The format of this field is a Unix nanoseconds time encoded as an int64. On Unix, the command `date +%s%N` returns the current time in nanoseconds since 1970-01-01 00:00:00 UTC. - format: int64 - type: integer - error: - description: error is the last observed error during snapshot creation, if any. Upon success after retry, this error field will be cleared. - properties: - message: - description: 'message is a string detailing the encountered error during snapshot creation if specified. NOTE: message may be logged, and it should not contain sensitive information.' - type: string - time: - description: time is the timestamp when the error was encountered. - format: date-time - type: string - type: object - readyToUse: - description: readyToUse indicates if a snapshot is ready to be used to restore a volume. In dynamic snapshot creation case, this field will be filled in by the CSI snapshotter sidecar with the "ready_to_use" value returned from CSI "CreateSnapshot" gRPC call. For a pre-existing snapshot, this field will be filled with the "ready_to_use" value returned from the CSI "ListSnapshots" gRPC call if the driver supports it, otherwise, this field will be set to "True". If not specified, it means the readiness of a snapshot is unknown. - type: boolean - restoreSize: - description: restoreSize represents the complete size of the snapshot in bytes. In dynamic snapshot creation case, this field will be filled in by the CSI snapshotter sidecar with the "size_bytes" value returned from CSI "CreateSnapshot" gRPC call. For a pre-existing snapshot, this field will be filled with the "size_bytes" value returned from the CSI "ListSnapshots" gRPC call if the driver supports it. When restoring a volume from this snapshot, the size of the volume MUST NOT be smaller than the restoreSize if it is specified, otherwise the restoration will fail. If not specified, it indicates that the size is unknown. - format: int64 - minimum: 0 - type: integer - snapshotHandle: - description: snapshotHandle is the CSI "snapshot_id" of a snapshot on the underlying storage system. If not specified, it indicates that dynamic snapshot creation has either failed or it is still in progress. - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/openebs/openebs/2.11.0/charts/zfs-localpv/crds/volumesnapshots.yaml b/charts/openebs/openebs/2.11.0/charts/zfs-localpv/crds/volumesnapshots.yaml deleted file mode 100644 index bf27a7aff..000000000 --- a/charts/openebs/openebs/2.11.0/charts/zfs-localpv/crds/volumesnapshots.yaml +++ /dev/null @@ -1,225 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.0 - api-approved.kubernetes.io: "https://github.com/kubernetes-csi/external-snapshotter/pull/419" - creationTimestamp: null - name: volumesnapshots.snapshot.storage.k8s.io -spec: - group: snapshot.storage.k8s.io - names: - kind: VolumeSnapshot - listKind: VolumeSnapshotList - plural: volumesnapshots - singular: volumesnapshot - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Indicates if the snapshot is ready to be used to restore a volume. - jsonPath: .status.readyToUse - name: ReadyToUse - type: boolean - - description: If a new snapshot needs to be created, this contains the name of the source PVC from which this snapshot was (or will be) created. - jsonPath: .spec.source.persistentVolumeClaimName - name: SourcePVC - type: string - - description: If a snapshot already exists, this contains the name of the existing VolumeSnapshotContent object representing the existing snapshot. - jsonPath: .spec.source.volumeSnapshotContentName - name: SourceSnapshotContent - type: string - - description: Represents the minimum size of volume required to rehydrate from this snapshot. - jsonPath: .status.restoreSize - name: RestoreSize - type: string - - description: The name of the VolumeSnapshotClass requested by the VolumeSnapshot. - jsonPath: .spec.volumeSnapshotClassName - name: SnapshotClass - type: string - - description: Name of the VolumeSnapshotContent object to which the VolumeSnapshot object intends to bind to. Please note that verification of binding actually requires checking both VolumeSnapshot and VolumeSnapshotContent to ensure both are pointing at each other. Binding MUST be verified prior to usage of this object. - jsonPath: .status.boundVolumeSnapshotContentName - name: SnapshotContent - type: string - - description: Timestamp when the point-in-time snapshot was taken by the underlying storage system. - jsonPath: .status.creationTime - name: CreationTime - type: date - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - description: VolumeSnapshot is a user's request for either creating a point-in-time snapshot of a persistent volume, or binding to a pre-existing snapshot. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: 'spec defines the desired characteristics of a snapshot requested by a user. More info: https://kubernetes.io/docs/concepts/storage/volume-snapshots#volumesnapshots Required.' - properties: - source: - description: source specifies where a snapshot will be created from. This field is immutable after creation. Required. - properties: - persistentVolumeClaimName: - description: persistentVolumeClaimName specifies the name of the PersistentVolumeClaim object representing the volume from which a snapshot should be created. This PVC is assumed to be in the same namespace as the VolumeSnapshot object. This field should be set if the snapshot does not exists, and needs to be created. This field is immutable. - type: string - volumeSnapshotContentName: - description: volumeSnapshotContentName specifies the name of a pre-existing VolumeSnapshotContent object representing an existing volume snapshot. This field should be set if the snapshot already exists and only needs a representation in Kubernetes. This field is immutable. - type: string - type: object - oneOf: - - required: ["persistentVolumeClaimName"] - - required: ["volumeSnapshotContentName"] - volumeSnapshotClassName: - description: 'VolumeSnapshotClassName is the name of the VolumeSnapshotClass requested by the VolumeSnapshot. VolumeSnapshotClassName may be left nil to indicate that the default SnapshotClass should be used. A given cluster may have multiple default Volume SnapshotClasses: one default per CSI Driver. If a VolumeSnapshot does not specify a SnapshotClass, VolumeSnapshotSource will be checked to figure out what the associated CSI Driver is, and the default VolumeSnapshotClass associated with that CSI Driver will be used. If more than one VolumeSnapshotClass exist for a given CSI Driver and more than one have been marked as default, CreateSnapshot will fail and generate an event. Empty string is not allowed for this field.' - type: string - required: - - source - type: object - status: - description: status represents the current information of a snapshot. Consumers must verify binding between VolumeSnapshot and VolumeSnapshotContent objects is successful (by validating that both VolumeSnapshot and VolumeSnapshotContent point at each other) before using this object. - properties: - boundVolumeSnapshotContentName: - description: 'boundVolumeSnapshotContentName is the name of the VolumeSnapshotContent object to which this VolumeSnapshot object intends to bind to. If not specified, it indicates that the VolumeSnapshot object has not been successfully bound to a VolumeSnapshotContent object yet. NOTE: To avoid possible security issues, consumers must verify binding between VolumeSnapshot and VolumeSnapshotContent objects is successful (by validating that both VolumeSnapshot and VolumeSnapshotContent point at each other) before using this object.' - type: string - creationTime: - description: creationTime is the timestamp when the point-in-time snapshot is taken by the underlying storage system. In dynamic snapshot creation case, this field will be filled in by the snapshot controller with the "creation_time" value returned from CSI "CreateSnapshot" gRPC call. For a pre-existing snapshot, this field will be filled with the "creation_time" value returned from the CSI "ListSnapshots" gRPC call if the driver supports it. If not specified, it may indicate that the creation time of the snapshot is unknown. - format: date-time - type: string - error: - description: error is the last observed error during snapshot creation, if any. This field could be helpful to upper level controllers(i.e., application controller) to decide whether they should continue on waiting for the snapshot to be created based on the type of error reported. The snapshot controller will keep retrying when an error occurs during the snapshot creation. Upon success, this error field will be cleared. - properties: - message: - description: 'message is a string detailing the encountered error during snapshot creation if specified. NOTE: message may be logged, and it should not contain sensitive information.' - type: string - time: - description: time is the timestamp when the error was encountered. - format: date-time - type: string - type: object - readyToUse: - description: readyToUse indicates if the snapshot is ready to be used to restore a volume. In dynamic snapshot creation case, this field will be filled in by the snapshot controller with the "ready_to_use" value returned from CSI "CreateSnapshot" gRPC call. For a pre-existing snapshot, this field will be filled with the "ready_to_use" value returned from the CSI "ListSnapshots" gRPC call if the driver supports it, otherwise, this field will be set to "True". If not specified, it means the readiness of a snapshot is unknown. - type: boolean - restoreSize: - type: string - description: restoreSize represents the minimum size of volume required to create a volume from this snapshot. In dynamic snapshot creation case, this field will be filled in by the snapshot controller with the "size_bytes" value returned from CSI "CreateSnapshot" gRPC call. For a pre-existing snapshot, this field will be filled with the "size_bytes" value returned from the CSI "ListSnapshots" gRPC call if the driver supports it. When restoring a volume from this snapshot, the size of the volume MUST NOT be smaller than the restoreSize if it is specified, otherwise the restoration will fail. If not specified, it indicates that the size is unknown. - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - required: - - spec - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - description: Indicates if the snapshot is ready to be used to restore a volume. - jsonPath: .status.readyToUse - name: ReadyToUse - type: boolean - - description: If a new snapshot needs to be created, this contains the name of the source PVC from which this snapshot was (or will be) created. - jsonPath: .spec.source.persistentVolumeClaimName - name: SourcePVC - type: string - - description: If a snapshot already exists, this contains the name of the existing VolumeSnapshotContent object representing the existing snapshot. - jsonPath: .spec.source.volumeSnapshotContentName - name: SourceSnapshotContent - type: string - - description: Represents the minimum size of volume required to rehydrate from this snapshot. - jsonPath: .status.restoreSize - name: RestoreSize - type: string - - description: The name of the VolumeSnapshotClass requested by the VolumeSnapshot. - jsonPath: .spec.volumeSnapshotClassName - name: SnapshotClass - type: string - - description: Name of the VolumeSnapshotContent object to which the VolumeSnapshot object intends to bind to. Please note that verification of binding actually requires checking both VolumeSnapshot and VolumeSnapshotContent to ensure both are pointing at each other. Binding MUST be verified prior to usage of this object. - jsonPath: .status.boundVolumeSnapshotContentName - name: SnapshotContent - type: string - - description: Timestamp when the point-in-time snapshot was taken by the underlying storage system. - jsonPath: .status.creationTime - name: CreationTime - type: date - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: VolumeSnapshot is a user's request for either creating a point-in-time snapshot of a persistent volume, or binding to a pre-existing snapshot. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: 'spec defines the desired characteristics of a snapshot requested by a user. More info: https://kubernetes.io/docs/concepts/storage/volume-snapshots#volumesnapshots Required.' - properties: - source: - description: source specifies where a snapshot will be created from. This field is immutable after creation. Required. - properties: - persistentVolumeClaimName: - description: persistentVolumeClaimName specifies the name of the PersistentVolumeClaim object representing the volume from which a snapshot should be created. This PVC is assumed to be in the same namespace as the VolumeSnapshot object. This field should be set if the snapshot does not exists, and needs to be created. This field is immutable. - type: string - volumeSnapshotContentName: - description: volumeSnapshotContentName specifies the name of a pre-existing VolumeSnapshotContent object representing an existing volume snapshot. This field should be set if the snapshot already exists and only needs a representation in Kubernetes. This field is immutable. - type: string - type: object - volumeSnapshotClassName: - description: 'VolumeSnapshotClassName is the name of the VolumeSnapshotClass requested by the VolumeSnapshot. VolumeSnapshotClassName may be left nil to indicate that the default SnapshotClass should be used. A given cluster may have multiple default Volume SnapshotClasses: one default per CSI Driver. If a VolumeSnapshot does not specify a SnapshotClass, VolumeSnapshotSource will be checked to figure out what the associated CSI Driver is, and the default VolumeSnapshotClass associated with that CSI Driver will be used. If more than one VolumeSnapshotClass exist for a given CSI Driver and more than one have been marked as default, CreateSnapshot will fail and generate an event. Empty string is not allowed for this field.' - type: string - required: - - source - type: object - status: - description: status represents the current information of a snapshot. Consumers must verify binding between VolumeSnapshot and VolumeSnapshotContent objects is successful (by validating that both VolumeSnapshot and VolumeSnapshotContent point at each other) before using this object. - properties: - boundVolumeSnapshotContentName: - description: 'boundVolumeSnapshotContentName is the name of the VolumeSnapshotContent object to which this VolumeSnapshot object intends to bind to. If not specified, it indicates that the VolumeSnapshot object has not been successfully bound to a VolumeSnapshotContent object yet. NOTE: To avoid possible security issues, consumers must verify binding between VolumeSnapshot and VolumeSnapshotContent objects is successful (by validating that both VolumeSnapshot and VolumeSnapshotContent point at each other) before using this object.' - type: string - creationTime: - description: creationTime is the timestamp when the point-in-time snapshot is taken by the underlying storage system. In dynamic snapshot creation case, this field will be filled in by the snapshot controller with the "creation_time" value returned from CSI "CreateSnapshot" gRPC call. For a pre-existing snapshot, this field will be filled with the "creation_time" value returned from the CSI "ListSnapshots" gRPC call if the driver supports it. If not specified, it may indicate that the creation time of the snapshot is unknown. - format: date-time - type: string - error: - description: error is the last observed error during snapshot creation, if any. This field could be helpful to upper level controllers(i.e., application controller) to decide whether they should continue on waiting for the snapshot to be created based on the type of error reported. The snapshot controller will keep retrying when an error occurs during the snapshot creation. Upon success, this error field will be cleared. - properties: - message: - description: 'message is a string detailing the encountered error during snapshot creation if specified. NOTE: message may be logged, and it should not contain sensitive information.' - type: string - time: - description: time is the timestamp when the error was encountered. - format: date-time - type: string - type: object - readyToUse: - description: readyToUse indicates if the snapshot is ready to be used to restore a volume. In dynamic snapshot creation case, this field will be filled in by the snapshot controller with the "ready_to_use" value returned from CSI "CreateSnapshot" gRPC call. For a pre-existing snapshot, this field will be filled with the "ready_to_use" value returned from the CSI "ListSnapshots" gRPC call if the driver supports it, otherwise, this field will be set to "True". If not specified, it means the readiness of a snapshot is unknown. - type: boolean - restoreSize: - type: string - description: restoreSize represents the minimum size of volume required to create a volume from this snapshot. In dynamic snapshot creation case, this field will be filled in by the snapshot controller with the "size_bytes" value returned from CSI "CreateSnapshot" gRPC call. For a pre-existing snapshot, this field will be filled with the "size_bytes" value returned from the CSI "ListSnapshots" gRPC call if the driver supports it. When restoring a volume from this snapshot, the size of the volume MUST NOT be smaller than the restoreSize if it is specified, otherwise the restoration will fail. If not specified, it indicates that the size is unknown. - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/openebs/openebs/2.11.0/charts/zfs-localpv/crds/zfsbackup.yaml b/charts/openebs/openebs/2.11.0/charts/zfs-localpv/crds/zfsbackup.yaml deleted file mode 100644 index 492e5d4b9..000000000 --- a/charts/openebs/openebs/2.11.0/charts/zfs-localpv/crds/zfsbackup.yaml +++ /dev/null @@ -1,116 +0,0 @@ - - -############################################## -########### ############ -########### ZFSBackup CRD ############ -########### ############ -############################################## - -# ZFSBackups CRD is autogenerated via `make manifests` command. -# Do the modification in the code and run the `make manifests` command -# to generate the CRD definition - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.0 - creationTimestamp: null - name: zfsbackups.zfs.openebs.io -spec: - group: zfs.openebs.io - names: - kind: ZFSBackup - listKind: ZFSBackupList - plural: zfsbackups - shortNames: - - zb - singular: zfsbackup - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Previous snapshot for backup - jsonPath: .spec.prevSnapName - name: PrevSnap - type: string - - description: Backup status - jsonPath: .status - name: Status - type: string - - description: Age of the volume - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - description: ZFSBackup describes a zfs backup resource created as a custom - resource - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ZFSBackupSpec is the spec for a ZFSBackup resource - properties: - backupDest: - description: BackupDest is the remote address for backup transfer - minLength: 1 - pattern: ^([0-9]+.[0-9]+.[0-9]+.[0-9]+:[0-9]+)$ - type: string - ownerNodeID: - description: OwnerNodeID is a name of the nodes where the source volume - is - minLength: 1 - type: string - prevSnapName: - description: PrevSnapName is the last completed-backup's snapshot - name - type: string - snapName: - description: SnapName is the snapshot name for backup - minLength: 1 - type: string - volumeName: - description: VolumeName is a name of the volume for which this backup - is destined - minLength: 1 - type: string - required: - - backupDest - - ownerNodeID - - volumeName - type: object - status: - description: ZFSBackupStatus is to hold status of backup - enum: - - Init - - Done - - Failed - - Pending - - InProgress - - Invalid - type: string - required: - - spec - - status - type: object - served: true - storage: true - subresources: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/openebs/openebs/2.11.0/charts/zfs-localpv/crds/zfsnode.yaml b/charts/openebs/openebs/2.11.0/charts/zfs-localpv/crds/zfsnode.yaml deleted file mode 100644 index db0540d4b..000000000 --- a/charts/openebs/openebs/2.11.0/charts/zfs-localpv/crds/zfsnode.yaml +++ /dev/null @@ -1,87 +0,0 @@ - -############################################## -########### ############ -########### ZFSNode CRD ############ -########### ############ -############################################## - -# ZFSNode CRD is autogenerated via `make manifests` command. -# Do the modification in the code and run the `make manifests` command -# to generate the CRD definition - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.0 - creationTimestamp: null - name: zfsnodes.zfs.openebs.io -spec: - group: zfs.openebs.io - names: - kind: ZFSNode - listKind: ZFSNodeList - plural: zfsnodes - shortNames: - - zfsnode - singular: zfsnode - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - description: ZFSNode records information about all zfs pools available in - a node. In general, the openebs node-agent creates the ZFSNode object & - periodically synchronizing the zfs pools available in the node. ZFSNode - has an owner reference pointing to the corresponding node object. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - pools: - items: - description: Pool specifies attributes of a given zfs pool that exists - on the node. - properties: - free: - anyOf: - - type: integer - - type: string - description: Free specifies the available capacity of zfs pool. - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - name: - description: Name of the zfs pool. - minLength: 1 - type: string - uuid: - description: UUID denotes a unique identity of a zfs pool. - minLength: 1 - type: string - required: - - free - - name - - uuid - type: object - type: array - required: - - pools - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/openebs/openebs/2.11.0/charts/zfs-localpv/crds/zfsrestore.yaml b/charts/openebs/openebs/2.11.0/charts/zfs-localpv/crds/zfsrestore.yaml deleted file mode 100644 index e3fc43452..000000000 --- a/charts/openebs/openebs/2.11.0/charts/zfs-localpv/crds/zfsrestore.yaml +++ /dev/null @@ -1,238 +0,0 @@ - - -############################################## -########### ############ -########### ZFSRestore CRD ############ -########### ############ -############################################## - -# ZFSRestores CRD is autogenerated via `make manifests` command. -# Do the modification in the code and run the `make manifests` command -# to generate the CRD definition - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.0 - creationTimestamp: null - name: zfsrestores.zfs.openebs.io -spec: - group: zfs.openebs.io - names: - kind: ZFSRestore - listKind: ZFSRestoreList - plural: zfsrestores - singular: zfsrestore - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - description: ZFSRestore describes a cstor restore resource created as a custom - resource - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ZFSRestoreSpec is the spec for a ZFSRestore resource - properties: - ownerNodeID: - description: owner node name where restore volume is present - minLength: 1 - type: string - restoreSrc: - description: it can be ip:port in case of restore from remote or volumeName - in case of local restore - minLength: 1 - pattern: ^([0-9]+.[0-9]+.[0-9]+.[0-9]+:[0-9]+)$ - type: string - volumeName: - description: volume name to where restore has to be performed - minLength: 1 - type: string - required: - - ownerNodeID - - restoreSrc - - volumeName - type: object - status: - description: ZFSRestoreStatus is to hold result of action. - enum: - - Init - - Done - - Failed - - Pending - - InProgress - - Invalid - type: string - volSpec: - description: VolumeInfo defines ZFS volume parameters for all modes in - which ZFS volumes can be created like - ZFS volume with filesystem, - ZFS Volume exposed as zfs or ZFS volume exposed as raw block device. - Some of the parameters can be only set during creation time (as specified - in the details of the parameter), and a few are editable. In case of - Cloned volumes, the parameters are assigned the same values as the source - volume. - properties: - capacity: - description: Capacity of the volume - minLength: 1 - type: string - compression: - description: 'Compression specifies the block-level compression algorithm - to be applied to the ZFS Volume. The value "on" indicates ZFS to - use the default compression algorithm. The default compression algorithm - used by ZFS will be either lzjb or, if the lz4_compress feature - is enabled, lz4. Compression property can be edited after the volume - has been created. The change will only be applied to the newly-written - data. For instance, if the Volume was created with "off" and the - next day the compression was modified to "on", the data written - prior to setting "on" will not be compressed. Default Value: off.' - pattern: ^(on|off|lzjb|gzip|gzip-[1-9]|zle|lz4)$ - type: string - dedup: - description: 'Deduplication is the process for removing redundant - data at the block level, reducing the total amount of data stored. - If a file system has the dedup property enabled, duplicate data - blocks are removed synchronously. The result is that only unique - data is stored and common components are shared among files. Deduplication - can consume significant processing power (CPU) and memory as well - as generate additional disk IO. Before creating a pool with deduplication - enabled, ensure that you have planned your hardware requirements - appropriately and implemented appropriate recovery practices, such - as regular backups. As an alternative to deduplication consider - using compression=lz4, as a less resource-intensive alternative. - should be enabled on the zvol. Dedup property can be edited after - the volume has been created. Default Value: off.' - enum: - - "on" - - "off" - type: string - encryption: - description: 'Enabling the encryption feature allows for the creation - of encrypted filesystems and volumes. ZFS will encrypt file and - zvol data, file attributes, ACLs, permission bits, directory listings, - FUID mappings, and userused / groupused data. ZFS will not encrypt - metadata related to the pool structure, including dataset and snapshot - names, dataset hierarchy, properties, file size, file holes, and - deduplication tables (though the deduplicated data itself is encrypted). - Default Value: off.' - pattern: ^(on|off|aes-128-[c,g]cm|aes-192-[c,g]cm|aes-256-[c,g]cm)$ - type: string - fsType: - description: 'FsType specifies filesystem type for the zfs volume/dataset. - If FsType is provided as "zfs", then the driver will create a ZFS - dataset, formatting is not required as underlying filesystem is - ZFS anyway. If FsType is ext2, ext3, ext4 or xfs, then the driver - will create a ZVOL and format the volume accordingly. FsType can - not be modified once volume has been provisioned. Default Value: - ext4.' - type: string - keyformat: - description: KeyFormat specifies format of the encryption key The - supported KeyFormats are passphrase, raw, hex. - enum: - - passphrase - - raw - - hex - type: string - keylocation: - description: KeyLocation is the location of key for the encryption - type: string - ownerNodeID: - description: OwnerNodeID is the Node ID where the ZPOOL is running - which is where the volume has been provisioned. OwnerNodeID can - not be edited after the volume has been provisioned. - minLength: 1 - type: string - poolName: - description: poolName specifies the name of the pool where the volume - has been created. PoolName can not be edited after the volume has - been provisioned. - minLength: 1 - type: string - recordsize: - description: 'Specifies a suggested block size for files in the file - system. The size specified must be a power of two greater than or - equal to 512 and less than or equal to 128 Kbytes. RecordSize property - can be edited after the volume has been created. Changing the file - system''s recordsize affects only files created afterward; existing - files are unaffected. Default Value: 128k.' - minLength: 1 - type: string - shared: - description: Shared specifies whether the volume can be shared among - multiple pods. If it is not set to "yes", then the ZFS-LocalPV Driver - will not allow the volumes to be mounted by more than one pods. - enum: - - "yes" - - "no" - type: string - snapname: - description: SnapName specifies the name of the snapshot where the - volume has been cloned from. Snapname can not be edited after the - volume has been provisioned. - type: string - thinProvision: - description: 'ThinProvision describes whether space reservation for - the source volume is required or not. The value "yes" indicates - that volume should be thin provisioned and "no" means thick provisioning - of the volume. If thinProvision is set to "yes" then volume can - be provisioned even if the ZPOOL does not have the enough capacity. - If thinProvision is set to "no" then volume can be provisioned only - if the ZPOOL has enough capacity and capacity required by volume - can be reserved. ThinProvision can not be modified once volume has - been provisioned. Default Value: no.' - enum: - - "yes" - - "no" - type: string - volblocksize: - description: 'VolBlockSize specifies the block size for the zvol. - The volsize can only be set to a multiple of volblocksize, and cannot - be zero. VolBlockSize can not be edited after the volume has been - provisioned. Default Value: 8k.' - minLength: 1 - type: string - volumeType: - description: volumeType determines whether the volume is of type "DATASET" - or "ZVOL". If fstype provided in the storageclass is "zfs", a volume - of type dataset will be created. If "ext4", "ext3", "ext2" or "xfs" - is mentioned as fstype in the storageclass, then a volume of type - zvol will be created, which will be further formatted as the fstype - provided in the storageclass. VolumeType can not be modified once - volume has been provisioned. - enum: - - ZVOL - - DATASET - type: string - required: - - capacity - - ownerNodeID - - poolName - - volumeType - type: object - required: - - spec - - status - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/openebs/openebs/2.11.0/charts/zfs-localpv/crds/zfssnapshot.yaml b/charts/openebs/openebs/2.11.0/charts/zfs-localpv/crds/zfssnapshot.yaml deleted file mode 100644 index 6bb076080..000000000 --- a/charts/openebs/openebs/2.11.0/charts/zfs-localpv/crds/zfssnapshot.yaml +++ /dev/null @@ -1,383 +0,0 @@ - - -############################################## -########### ############ -########### ZFSSnapshot CRD ############ -########### ############ -############################################## - -# ZFSSnapshot CRD is autogenerated via `make manifests` command. -# Do the modification in the code and run the `make manifests` command -# to generate the CRD definition - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.0 - creationTimestamp: null - name: zfssnapshots.zfs.openebs.io -spec: - group: zfs.openebs.io - names: - kind: ZFSSnapshot - listKind: ZFSSnapshotList - plural: zfssnapshots - shortNames: - - zfssnap - singular: zfssnapshot - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - description: ZFSSnapshot represents a ZFS Snapshot of the zfsvolume - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: VolumeInfo defines ZFS volume parameters for all modes in - which ZFS volumes can be created like - ZFS volume with filesystem, - ZFS Volume exposed as zfs or ZFS volume exposed as raw block device. - Some of the parameters can be only set during creation time (as specified - in the details of the parameter), and a few are editable. In case of - Cloned volumes, the parameters are assigned the same values as the source - volume. - properties: - capacity: - description: Capacity of the volume - minLength: 1 - type: string - compression: - description: 'Compression specifies the block-level compression algorithm - to be applied to the ZFS Volume. The value "on" indicates ZFS to - use the default compression algorithm. The default compression algorithm - used by ZFS will be either lzjb or, if the lz4_compress feature - is enabled, lz4. Compression property can be edited after the volume - has been created. The change will only be applied to the newly-written - data. For instance, if the Volume was created with "off" and the - next day the compression was modified to "on", the data written - prior to setting "on" will not be compressed. Default Value: off.' - pattern: ^(on|off|lzjb|gzip|gzip-[1-9]|zle|lz4)$ - type: string - dedup: - description: 'Deduplication is the process for removing redundant - data at the block level, reducing the total amount of data stored. - If a file system has the dedup property enabled, duplicate data - blocks are removed synchronously. The result is that only unique - data is stored and common components are shared among files. Deduplication - can consume significant processing power (CPU) and memory as well - as generate additional disk IO. Before creating a pool with deduplication - enabled, ensure that you have planned your hardware requirements - appropriately and implemented appropriate recovery practices, such - as regular backups. As an alternative to deduplication consider - using compression=lz4, as a less resource-intensive alternative. - should be enabled on the zvol. Dedup property can be edited after - the volume has been created. Default Value: off.' - enum: - - "on" - - "off" - type: string - encryption: - description: 'Enabling the encryption feature allows for the creation - of encrypted filesystems and volumes. ZFS will encrypt file and - zvol data, file attributes, ACLs, permission bits, directory listings, - FUID mappings, and userused / groupused data. ZFS will not encrypt - metadata related to the pool structure, including dataset and snapshot - names, dataset hierarchy, properties, file size, file holes, and - deduplication tables (though the deduplicated data itself is encrypted). - Default Value: off.' - pattern: ^(on|off|aes-128-[c,g]cm|aes-192-[c,g]cm|aes-256-[c,g]cm)$ - type: string - fsType: - description: 'FsType specifies filesystem type for the zfs volume/dataset. - If FsType is provided as "zfs", then the driver will create a ZFS - dataset, formatting is not required as underlying filesystem is - ZFS anyway. If FsType is ext2, ext3, ext4 or xfs, then the driver - will create a ZVOL and format the volume accordingly. FsType can - not be modified once volume has been provisioned. Default Value: - ext4.' - type: string - keyformat: - description: KeyFormat specifies format of the encryption key The - supported KeyFormats are passphrase, raw, hex. - enum: - - passphrase - - raw - - hex - type: string - keylocation: - description: KeyLocation is the location of key for the encryption - type: string - ownerNodeID: - description: OwnerNodeID is the Node ID where the ZPOOL is running - which is where the volume has been provisioned. OwnerNodeID can - not be edited after the volume has been provisioned. - minLength: 1 - type: string - poolName: - description: poolName specifies the name of the pool where the volume - has been created. PoolName can not be edited after the volume has - been provisioned. - minLength: 1 - type: string - recordsize: - description: 'Specifies a suggested block size for files in the file - system. The size specified must be a power of two greater than or - equal to 512 and less than or equal to 128 Kbytes. RecordSize property - can be edited after the volume has been created. Changing the file - system''s recordsize affects only files created afterward; existing - files are unaffected. Default Value: 128k.' - minLength: 1 - type: string - shared: - description: Shared specifies whether the volume can be shared among - multiple pods. If it is not set to "yes", then the ZFS-LocalPV Driver - will not allow the volumes to be mounted by more than one pods. - enum: - - "yes" - - "no" - type: string - snapname: - description: SnapName specifies the name of the snapshot where the - volume has been cloned from. Snapname can not be edited after the - volume has been provisioned. - type: string - thinProvision: - description: 'ThinProvision describes whether space reservation for - the source volume is required or not. The value "yes" indicates - that volume should be thin provisioned and "no" means thick provisioning - of the volume. If thinProvision is set to "yes" then volume can - be provisioned even if the ZPOOL does not have the enough capacity. - If thinProvision is set to "no" then volume can be provisioned only - if the ZPOOL has enough capacity and capacity required by volume - can be reserved. ThinProvision can not be modified once volume has - been provisioned. Default Value: no.' - enum: - - "yes" - - "no" - type: string - volblocksize: - description: 'VolBlockSize specifies the block size for the zvol. - The volsize can only be set to a multiple of volblocksize, and cannot - be zero. VolBlockSize can not be edited after the volume has been - provisioned. Default Value: 8k.' - minLength: 1 - type: string - volumeType: - description: volumeType determines whether the volume is of type "DATASET" - or "ZVOL". If fstype provided in the storageclass is "zfs", a volume - of type dataset will be created. If "ext4", "ext3", "ext2" or "xfs" - is mentioned as fstype in the storageclass, then a volume of type - zvol will be created, which will be further formatted as the fstype - provided in the storageclass. VolumeType can not be modified once - volume has been provisioned. - enum: - - ZVOL - - DATASET - type: string - required: - - capacity - - ownerNodeID - - poolName - - volumeType - type: object - status: - description: SnapStatus string that reflects if the snapshot was created - successfully - properties: - state: - type: string - type: object - required: - - spec - - status - type: object - served: true - storage: true - - name: v1alpha1 - schema: - openAPIV3Schema: - description: ZFSSnapshot represents a ZFS Snapshot of the zfsvolume - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: VolumeInfo defines ZFS volume parameters for all modes in - which ZFS volumes can be created like - ZFS volume with filesystem, - ZFS Volume exposed as zfs or ZFS volume exposed as raw block device. - Some of the parameters can be only set during creation time (as specified - in the details of the parameter), and a few are editable. In case of - Cloned volumes, the parameters are assigned the same values as the source - volume. - properties: - capacity: - description: Capacity of the volume - minLength: 1 - type: string - compression: - description: 'Compression specifies the block-level compression algorithm - to be applied to the ZFS Volume. The value "on" indicates ZFS to - use the default compression algorithm. The default compression algorithm - used by ZFS will be either lzjb or, if the lz4_compress feature - is enabled, lz4. Compression property can be edited after the volume - has been created. The change will only be applied to the newly-written - data. For instance, if the Volume was created with "off" and the - next day the compression was modified to "on", the data written - prior to setting "on" will not be compressed. Default Value: off.' - pattern: ^(on|off|lzjb|gzip|gzip-[1-9]|zle|lz4)$ - type: string - dedup: - description: 'Deduplication is the process for removing redundant - data at the block level, reducing the total amount of data stored. - If a file system has the dedup property enabled, duplicate data - blocks are removed synchronously. The result is that only unique - data is stored and common components are shared among files. Deduplication - can consume significant processing power (CPU) and memory as well - as generate additional disk IO. Before creating a pool with deduplication - enabled, ensure that you have planned your hardware requirements - appropriately and implemented appropriate recovery practices, such - as regular backups. As an alternative to deduplication consider - using compression=lz4, as a less resource-intensive alternative. - should be enabled on the zvol. Dedup property can be edited after - the volume has been created. Default Value: off.' - enum: - - "on" - - "off" - type: string - encryption: - description: 'Enabling the encryption feature allows for the creation - of encrypted filesystems and volumes. ZFS will encrypt file and - zvol data, file attributes, ACLs, permission bits, directory listings, - FUID mappings, and userused / groupused data. ZFS will not encrypt - metadata related to the pool structure, including dataset and snapshot - names, dataset hierarchy, properties, file size, file holes, and - deduplication tables (though the deduplicated data itself is encrypted). - Default Value: off.' - pattern: ^(on|off|aes-128-[c,g]cm|aes-192-[c,g]cm|aes-256-[c,g]cm)$ - type: string - fsType: - description: 'FsType specifies filesystem type for the zfs volume/dataset. - If FsType is provided as "zfs", then the driver will create a ZFS - dataset, formatting is not required as underlying filesystem is - ZFS anyway. If FsType is ext2, ext3, ext4 or xfs, then the driver - will create a ZVOL and format the volume accordingly. FsType can - not be modified once volume has been provisioned. Default Value: - ext4.' - type: string - keyformat: - description: KeyFormat specifies format of the encryption key The - supported KeyFormats are passphrase, raw, hex. - enum: - - passphrase - - raw - - hex - type: string - keylocation: - description: KeyLocation is the location of key for the encryption - type: string - ownerNodeID: - description: OwnerNodeID is the Node ID where the ZPOOL is running - which is where the volume has been provisioned. OwnerNodeID can - not be edited after the volume has been provisioned. - minLength: 1 - type: string - poolName: - description: poolName specifies the name of the pool where the volume - has been created. PoolName can not be edited after the volume has - been provisioned. - minLength: 1 - type: string - recordsize: - description: 'Specifies a suggested block size for files in the file - system. The size specified must be a power of two greater than or - equal to 512 and less than or equal to 128 Kbytes. RecordSize property - can be edited after the volume has been created. Changing the file - system''s recordsize affects only files created afterward; existing - files are unaffected. Default Value: 128k.' - minLength: 1 - type: string - snapname: - description: SnapName specifies the name of the snapshot where the - volume has been cloned from. Snapname can not be edited after the - volume has been provisioned. - type: string - thinProvision: - description: 'ThinProvision describes whether space reservation for - the source volume is required or not. The value "yes" indicates - that volume should be thin provisioned and "no" means thick provisioning - of the volume. If thinProvision is set to "yes" then volume can - be provisioned even if the ZPOOL does not have the enough capacity. - If thinProvision is set to "no" then volume can be provisioned only - if the ZPOOL has enough capacity and capacity required by volume - can be reserved. ThinProvision can not be modified once volume has - been provisioned. Default Value: no.' - enum: - - "yes" - - "no" - type: string - volblocksize: - description: 'VolBlockSize specifies the block size for the zvol. - The volsize can only be set to a multiple of volblocksize, and cannot - be zero. VolBlockSize can not be edited after the volume has been - provisioned. Default Value: 8k.' - minLength: 1 - type: string - volumeType: - description: volumeType determines whether the volume is of type "DATASET" - or "ZVOL". If fstype provided in the storageclass is "zfs", a volume - of type dataset will be created. If "ext4", "ext3", "ext2" or "xfs" - is mentioned as fstype in the storageclass, then a volume of type - zvol will be created, which will be further formatted as the fstype - provided in the storageclass. VolumeType can not be modified once - volume has been provisioned. - enum: - - ZVOL - - DATASET - type: string - required: - - capacity - - ownerNodeID - - poolName - - volumeType - type: object - status: - description: SnapStatus string that reflects if the snapshot was created - successfully - properties: - state: - type: string - type: object - required: - - spec - - status - type: object - served: true - storage: false -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/openebs/openebs/2.11.0/charts/zfs-localpv/crds/zfsvolume.yaml b/charts/openebs/openebs/2.11.0/charts/zfs-localpv/crds/zfsvolume.yaml deleted file mode 100644 index 4173e472a..000000000 --- a/charts/openebs/openebs/2.11.0/charts/zfs-localpv/crds/zfsvolume.yaml +++ /dev/null @@ -1,449 +0,0 @@ - - -############################################## -########### ############ -########### ZFSVolume CRD ############ -########### ############ -############################################## - -# ZFSVolume CRD is autogenerated via `make manifests` command. -# Do the modification in the code and run the `make manifests` command -# to generate the CRD definition - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.0 - creationTimestamp: null - name: zfsvolumes.zfs.openebs.io -spec: - group: zfs.openebs.io - names: - kind: ZFSVolume - listKind: ZFSVolumeList - plural: zfsvolumes - shortNames: - - zfsvol - - zv - singular: zfsvolume - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: ZFS Pool where the volume is created - jsonPath: .spec.poolName - name: ZPool - type: string - - description: Node where the volume is created - jsonPath: .spec.ownerNodeID - name: NodeID - type: string - - description: Size of the volume - jsonPath: .spec.capacity - name: Size - type: string - - description: Status of the volume - jsonPath: .status.state - name: Status - type: string - - description: filesystem created on the volume - jsonPath: .spec.fsType - name: Filesystem - type: string - - description: Age of the volume - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - description: ZFSVolume represents a ZFS based volume - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: VolumeInfo defines ZFS volume parameters for all modes in - which ZFS volumes can be created like - ZFS volume with filesystem, - ZFS Volume exposed as zfs or ZFS volume exposed as raw block device. - Some of the parameters can be only set during creation time (as specified - in the details of the parameter), and a few are editable. In case of - Cloned volumes, the parameters are assigned the same values as the source - volume. - properties: - capacity: - description: Capacity of the volume - minLength: 1 - type: string - compression: - description: 'Compression specifies the block-level compression algorithm - to be applied to the ZFS Volume. The value "on" indicates ZFS to - use the default compression algorithm. The default compression algorithm - used by ZFS will be either lzjb or, if the lz4_compress feature - is enabled, lz4. Compression property can be edited after the volume - has been created. The change will only be applied to the newly-written - data. For instance, if the Volume was created with "off" and the - next day the compression was modified to "on", the data written - prior to setting "on" will not be compressed. Default Value: off.' - pattern: ^(on|off|lzjb|gzip|gzip-[1-9]|zle|lz4)$ - type: string - dedup: - description: 'Deduplication is the process for removing redundant - data at the block level, reducing the total amount of data stored. - If a file system has the dedup property enabled, duplicate data - blocks are removed synchronously. The result is that only unique - data is stored and common components are shared among files. Deduplication - can consume significant processing power (CPU) and memory as well - as generate additional disk IO. Before creating a pool with deduplication - enabled, ensure that you have planned your hardware requirements - appropriately and implemented appropriate recovery practices, such - as regular backups. As an alternative to deduplication consider - using compression=lz4, as a less resource-intensive alternative. - should be enabled on the zvol. Dedup property can be edited after - the volume has been created. Default Value: off.' - enum: - - "on" - - "off" - type: string - encryption: - description: 'Enabling the encryption feature allows for the creation - of encrypted filesystems and volumes. ZFS will encrypt file and - zvol data, file attributes, ACLs, permission bits, directory listings, - FUID mappings, and userused / groupused data. ZFS will not encrypt - metadata related to the pool structure, including dataset and snapshot - names, dataset hierarchy, properties, file size, file holes, and - deduplication tables (though the deduplicated data itself is encrypted). - Default Value: off.' - pattern: ^(on|off|aes-128-[c,g]cm|aes-192-[c,g]cm|aes-256-[c,g]cm)$ - type: string - fsType: - description: 'FsType specifies filesystem type for the zfs volume/dataset. - If FsType is provided as "zfs", then the driver will create a ZFS - dataset, formatting is not required as underlying filesystem is - ZFS anyway. If FsType is ext2, ext3, ext4 or xfs, then the driver - will create a ZVOL and format the volume accordingly. FsType can - not be modified once volume has been provisioned. Default Value: - ext4.' - type: string - keyformat: - description: KeyFormat specifies format of the encryption key The - supported KeyFormats are passphrase, raw, hex. - enum: - - passphrase - - raw - - hex - type: string - keylocation: - description: KeyLocation is the location of key for the encryption - type: string - ownerNodeID: - description: OwnerNodeID is the Node ID where the ZPOOL is running - which is where the volume has been provisioned. OwnerNodeID can - not be edited after the volume has been provisioned. - minLength: 1 - type: string - poolName: - description: poolName specifies the name of the pool where the volume - has been created. PoolName can not be edited after the volume has - been provisioned. - minLength: 1 - type: string - recordsize: - description: 'Specifies a suggested block size for files in the file - system. The size specified must be a power of two greater than or - equal to 512 and less than or equal to 128 Kbytes. RecordSize property - can be edited after the volume has been created. Changing the file - system''s recordsize affects only files created afterward; existing - files are unaffected. Default Value: 128k.' - minLength: 1 - type: string - shared: - description: Shared specifies whether the volume can be shared among - multiple pods. If it is not set to "yes", then the ZFS-LocalPV Driver - will not allow the volumes to be mounted by more than one pods. - enum: - - "yes" - - "no" - type: string - snapname: - description: SnapName specifies the name of the snapshot where the - volume has been cloned from. Snapname can not be edited after the - volume has been provisioned. - type: string - thinProvision: - description: 'ThinProvision describes whether space reservation for - the source volume is required or not. The value "yes" indicates - that volume should be thin provisioned and "no" means thick provisioning - of the volume. If thinProvision is set to "yes" then volume can - be provisioned even if the ZPOOL does not have the enough capacity. - If thinProvision is set to "no" then volume can be provisioned only - if the ZPOOL has enough capacity and capacity required by volume - can be reserved. ThinProvision can not be modified once volume has - been provisioned. Default Value: no.' - enum: - - "yes" - - "no" - type: string - volblocksize: - description: 'VolBlockSize specifies the block size for the zvol. - The volsize can only be set to a multiple of volblocksize, and cannot - be zero. VolBlockSize can not be edited after the volume has been - provisioned. Default Value: 8k.' - minLength: 1 - type: string - volumeType: - description: volumeType determines whether the volume is of type "DATASET" - or "ZVOL". If fstype provided in the storageclass is "zfs", a volume - of type dataset will be created. If "ext4", "ext3", "ext2" or "xfs" - is mentioned as fstype in the storageclass, then a volume of type - zvol will be created, which will be further formatted as the fstype - provided in the storageclass. VolumeType can not be modified once - volume has been provisioned. - enum: - - ZVOL - - DATASET - type: string - required: - - capacity - - ownerNodeID - - poolName - - volumeType - type: object - status: - description: VolStatus string that specifies the current state of the - volume provisioning request. - properties: - state: - description: State specifies the current state of the volume provisioning - request. The state "Pending" means that the volume creation request - has not processed yet. The state "Ready" means that the volume has - been created and it is ready for the use. - enum: - - Pending - - Ready - - Failed - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: {} - - additionalPrinterColumns: - - description: ZFS Pool where the volume is created - jsonPath: .spec.poolName - name: ZPool - type: string - - description: Node where the volume is created - jsonPath: .spec.ownerNodeID - name: Node - type: string - - description: Size of the volume - jsonPath: .spec.capacity - name: Size - type: string - - description: Status of the volume - jsonPath: .status.state - name: Status - type: string - - description: filesystem created on the volume - jsonPath: .spec.fsType - name: Filesystem - type: string - - description: Age of the volume - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - description: ZFSVolume represents a ZFS based volume - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: VolumeInfo defines ZFS volume parameters for all modes in - which ZFS volumes can be created like - ZFS volume with filesystem, - ZFS Volume exposed as zfs or ZFS volume exposed as raw block device. - Some of the parameters can be only set during creation time (as specified - in the details of the parameter), and a few are editable. In case of - Cloned volumes, the parameters are assigned the same values as the source - volume. - properties: - capacity: - description: Capacity of the volume - minLength: 1 - type: string - compression: - description: 'Compression specifies the block-level compression algorithm - to be applied to the ZFS Volume. The value "on" indicates ZFS to - use the default compression algorithm. The default compression algorithm - used by ZFS will be either lzjb or, if the lz4_compress feature - is enabled, lz4. Compression property can be edited after the volume - has been created. The change will only be applied to the newly-written - data. For instance, if the Volume was created with "off" and the - next day the compression was modified to "on", the data written - prior to setting "on" will not be compressed. Default Value: off.' - pattern: ^(on|off|lzjb|gzip|gzip-[1-9]|zle|lz4)$ - type: string - dedup: - description: 'Deduplication is the process for removing redundant - data at the block level, reducing the total amount of data stored. - If a file system has the dedup property enabled, duplicate data - blocks are removed synchronously. The result is that only unique - data is stored and common components are shared among files. Deduplication - can consume significant processing power (CPU) and memory as well - as generate additional disk IO. Before creating a pool with deduplication - enabled, ensure that you have planned your hardware requirements - appropriately and implemented appropriate recovery practices, such - as regular backups. As an alternative to deduplication consider - using compression=lz4, as a less resource-intensive alternative. - should be enabled on the zvol. Dedup property can be edited after - the volume has been created. Default Value: off.' - enum: - - "on" - - "off" - type: string - encryption: - description: 'Enabling the encryption feature allows for the creation - of encrypted filesystems and volumes. ZFS will encrypt file and - zvol data, file attributes, ACLs, permission bits, directory listings, - FUID mappings, and userused / groupused data. ZFS will not encrypt - metadata related to the pool structure, including dataset and snapshot - names, dataset hierarchy, properties, file size, file holes, and - deduplication tables (though the deduplicated data itself is encrypted). - Default Value: off.' - pattern: ^(on|off|aes-128-[c,g]cm|aes-192-[c,g]cm|aes-256-[c,g]cm)$ - type: string - fsType: - description: 'FsType specifies filesystem type for the zfs volume/dataset. - If FsType is provided as "zfs", then the driver will create a ZFS - dataset, formatting is not required as underlying filesystem is - ZFS anyway. If FsType is ext2, ext3, ext4 or xfs, then the driver - will create a ZVOL and format the volume accordingly. FsType can - not be modified once volume has been provisioned. Default Value: - ext4.' - type: string - keyformat: - description: KeyFormat specifies format of the encryption key The - supported KeyFormats are passphrase, raw, hex. - enum: - - passphrase - - raw - - hex - type: string - keylocation: - description: KeyLocation is the location of key for the encryption - type: string - ownerNodeID: - description: OwnerNodeID is the Node ID where the ZPOOL is running - which is where the volume has been provisioned. OwnerNodeID can - not be edited after the volume has been provisioned. - minLength: 1 - type: string - poolName: - description: poolName specifies the name of the pool where the volume - has been created. PoolName can not be edited after the volume has - been provisioned. - minLength: 1 - type: string - recordsize: - description: 'Specifies a suggested block size for files in the file - system. The size specified must be a power of two greater than or - equal to 512 and less than or equal to 128 Kbytes. RecordSize property - can be edited after the volume has been created. Changing the file - system''s recordsize affects only files created afterward; existing - files are unaffected. Default Value: 128k.' - minLength: 1 - type: string - snapname: - description: SnapName specifies the name of the snapshot where the - volume has been cloned from. Snapname can not be edited after the - volume has been provisioned. - type: string - thinProvision: - description: 'ThinProvision describes whether space reservation for - the source volume is required or not. The value "yes" indicates - that volume should be thin provisioned and "no" means thick provisioning - of the volume. If thinProvision is set to "yes" then volume can - be provisioned even if the ZPOOL does not have the enough capacity. - If thinProvision is set to "no" then volume can be provisioned only - if the ZPOOL has enough capacity and capacity required by volume - can be reserved. ThinProvision can not be modified once volume has - been provisioned. Default Value: no.' - enum: - - "yes" - - "no" - type: string - volblocksize: - description: 'VolBlockSize specifies the block size for the zvol. - The volsize can only be set to a multiple of volblocksize, and cannot - be zero. VolBlockSize can not be edited after the volume has been - provisioned. Default Value: 8k.' - minLength: 1 - type: string - volumeType: - description: volumeType determines whether the volume is of type "DATASET" - or "ZVOL". If fstype provided in the storageclass is "zfs", a volume - of type dataset will be created. If "ext4", "ext3", "ext2" or "xfs" - is mentioned as fstype in the storageclass, then a volume of type - zvol will be created, which will be further formatted as the fstype - provided in the storageclass. VolumeType can not be modified once - volume has been provisioned. - enum: - - ZVOL - - DATASET - type: string - required: - - capacity - - ownerNodeID - - poolName - - volumeType - type: object - status: - description: VolStatus string that specifies the current state of the - volume provisioning request. - properties: - state: - description: State specifies the current state of the volume provisioning - request. The state "Pending" means that the volume creation request - has not processed yet. The state "Ready" means that the volume has - been created and it is ready for the use. - enum: - - Pending - - Ready - type: string - type: object - required: - - spec - type: object - served: true - storage: false - subresources: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/openebs/openebs/2.11.0/charts/zfs-localpv/templates/NOTES.txt b/charts/openebs/openebs/2.11.0/charts/zfs-localpv/templates/NOTES.txt deleted file mode 100644 index c0454bc57..000000000 --- a/charts/openebs/openebs/2.11.0/charts/zfs-localpv/templates/NOTES.txt +++ /dev/null @@ -1,5 +0,0 @@ -The OpenEBS ZFS LocalPV has been installed. Check its status by running: -$ kubectl get pods -n {{ .Release.Namespace }} -l role=openebs-zfs - -For more information, visit our Slack at https://openebs.io/community or view -the documentation online at http://docs.openebs.io/. diff --git a/charts/openebs/openebs/2.11.0/charts/zfs-localpv/templates/_helpers.tpl b/charts/openebs/openebs/2.11.0/charts/zfs-localpv/templates/_helpers.tpl deleted file mode 100644 index a611c8f4d..000000000 --- a/charts/openebs/openebs/2.11.0/charts/zfs-localpv/templates/_helpers.tpl +++ /dev/null @@ -1,116 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "zfslocalpv.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified localpv provisioner name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "zfslocalpv.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "zfslocalpv.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - - -{{/* -Create the name of the service account for controller -*/}} -{{- define "zfslocalpv.zfsController.serviceAccountName" -}} -{{- if .Values.serviceAccount.zfsController.create }} -{{- default (include "zfslocalpv.fullname" .) .Values.serviceAccount.zfsController.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.zfsController.name }} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "zfslocalpv.zfsNode.serviceAccountName" -}} -{{- if .Values.serviceAccount.zfsNode.create }} -{{- default (include "zfslocalpv.fullname" .) .Values.serviceAccount.zfsNode.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.zfsNode.name }} -{{- end -}} -{{- end -}} - -{{/* -Define meta labels for openebs zfs-localpv components -*/}} -{{- define "zfslocalpv.common.metaLabels" -}} -chart: {{ template "zfslocalpv.chart" . }} -heritage: {{ .Release.Service }} -openebs.io/version: {{ .Values.release.version | quote }} -role: {{ .Values.role | quote }} -{{- end -}} - -{{/* -Create match labels for openebs zfs-localpv controller -*/}} -{{- define "zfslocalpv.zfsController.matchLabels" -}} -app: {{ .Values.zfsController.componentName | quote }} -release: {{ .Release.Name }} -component: {{ .Values.zfsController.componentName | quote }} -{{- end -}} - -{{/* -Create component labels for zfslocalpv controller -*/}} -{{- define "zfslocalpv.zfsController.componentLabels" -}} -openebs.io/component-name: {{ .Values.zfsController.componentName | quote }} -{{- end -}} - - -{{/* -Create labels for openebs zfs-localpv controller -*/}} -{{- define "zfslocalpv.zfsController.labels" -}} -{{ include "zfslocalpv.common.metaLabels" . }} -{{ include "zfslocalpv.zfsController.matchLabels" . }} -{{ include "zfslocalpv.zfsController.componentLabels" . }} -{{- end -}} - -{{/* -Create match labels for openebs zfs-localpv node daemon -*/}} -{{- define "zfslocalpv.zfsNode.matchLabels" -}} -name: {{ .Values.zfsNode.componentName | quote }} -release: {{ .Release.Name }} -{{- end -}} - -{{/* -Create component labels openebs zfs-localpv node daemon -*/}} -{{- define "zfslocalpv.zfsNode.componentLabels" -}} -openebs.io/component-name: {{ .Values.zfsNode.componentName | quote }} -{{- end -}} - - -{{/* -Create labels for openebs zfs-localpv node daemon -*/}} -{{- define "zfslocalpv.zfsNode.labels" -}} -{{ include "zfslocalpv.common.metaLabels" . }} -{{ include "zfslocalpv.zfsNode.matchLabels" . }} -{{ include "zfslocalpv.zfsNode.componentLabels" . }} -{{- end -}} diff --git a/charts/openebs/openebs/2.11.0/charts/zfs-localpv/templates/configmap.yaml b/charts/openebs/openebs/2.11.0/charts/zfs-localpv/templates/configmap.yaml deleted file mode 100644 index 2c3d62e9d..000000000 --- a/charts/openebs/openebs/2.11.0/charts/zfs-localpv/templates/configmap.yaml +++ /dev/null @@ -1,17 +0,0 @@ -kind: ConfigMap -apiVersion: v1 -metadata: - name: openebs-zfspv-bin - namespace: {{ .Release.Namespace }} # should be the same namespace where it is getting mounted - labels: - {{- include "zfslocalpv.zfsNode.labels" . | nindent 4 }} -data: - zfs: | - #!/bin/sh - if [ -x /host/sbin/zfs ]; then - chroot /host /sbin/zfs "$@" - elif [ -x /host/usr/sbin/zfs ]; then - chroot /host /usr/sbin/zfs "$@" - else - chroot /host zfs "$@" - fi diff --git a/charts/openebs/openebs/2.11.0/charts/zfs-localpv/templates/csidriver.yaml b/charts/openebs/openebs/2.11.0/charts/zfs-localpv/templates/csidriver.yaml deleted file mode 100644 index a33cbb801..000000000 --- a/charts/openebs/openebs/2.11.0/charts/zfs-localpv/templates/csidriver.yaml +++ /dev/null @@ -1,9 +0,0 @@ -# Create the CSI Driver object -apiVersion: storage.k8s.io/v1 -kind: CSIDriver -metadata: - name: zfs.csi.openebs.io -spec: - # do not require volumeattachment - attachRequired: false - podInfoOnMount: false diff --git a/charts/openebs/openebs/2.11.0/charts/zfs-localpv/templates/psp.yaml b/charts/openebs/openebs/2.11.0/charts/zfs-localpv/templates/psp.yaml deleted file mode 100644 index 33be4dc3d..000000000 --- a/charts/openebs/openebs/2.11.0/charts/zfs-localpv/templates/psp.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if .Values.rbac.pspEnabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: openebs-zfs-node-psp - labels: - {{- include "zfslocalpv.zfsNode.labels" . | nindent 4 }} -spec: - privileged: true - allowPrivilegeEscalation: true - allowedCapabilities: ['*'] - volumes: ['*'] - hostNetwork: true - hostIPC: true - hostPID: true - runAsUser: - rule: 'RunAsAny' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'RunAsAny' - fsGroup: - rule: 'RunAsAny' -{{- end }} diff --git a/charts/openebs/openebs/2.11.0/charts/zfs-localpv/templates/rbac.yaml b/charts/openebs/openebs/2.11.0/charts/zfs-localpv/templates/rbac.yaml deleted file mode 100644 index 632ec42ce..000000000 --- a/charts/openebs/openebs/2.11.0/charts/zfs-localpv/templates/rbac.yaml +++ /dev/null @@ -1,200 +0,0 @@ -{{- if .Values.serviceAccount.zfsController.create -}} -kind: ServiceAccount -apiVersion: v1 -metadata: - name: {{ .Values.serviceAccount.zfsController.name }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "zfslocalpv.zfsController.labels" . | nindent 4 }} ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: openebs-zfs-provisioner-role - labels: - {{- include "zfslocalpv.zfsController.labels" . | nindent 4 }} -rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list"] - - apiGroups: [""] - resources: ["namespaces"] - verbs: ["*"] - - apiGroups: [""] - resources: ["persistentvolumes", "services"] - verbs: ["get", "list", "watch", "create", "delete", "update", "patch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: [""] - resources: ["persistentvolumeclaims/status"] - verbs: ["update", "patch"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses", "csinodes"] - verbs: ["get", "list", "watch"] - - apiGroups: [ "storage.k8s.io" ] - resources: [ "csistoragecapacities"] - verbs: ["*"] - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "watch", "list", "delete", "update", "create"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["pods"] - verbs: ["get", "list", "watch", "update", "patch"] - - apiGroups: [""] - resources: ["pods"] - verbs: ["get", "list", "watch", "update", "patch"] - - apiGroups: ["*"] - resources: ["zfsvolumes", "zfssnapshots", "zfsbackups", "zfsrestores", "zfsnodes"] - verbs: ["*"] ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: openebs-zfs-provisioner-binding - labels: - {{- include "zfslocalpv.zfsController.labels" . | nindent 4 }} -subjects: - - kind: ServiceAccount - name: {{ .Values.serviceAccount.zfsController.name }} - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: openebs-zfs-provisioner-role - apiGroup: rbac.authorization.k8s.io ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: openebs-zfs-snapshotter-role - labels: - {{- include "zfslocalpv.zfsController.labels" . | nindent 4 }} -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents"] - verbs: ["create", "get", "list", "watch", "update", "delete"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents/status"] - verbs: ["update"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots/status"] - verbs: ["update"] - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["create", "list", "watch", "delete"] ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: openebs-zfs-snapshotter-binding - labels: - {{- include "zfslocalpv.zfsController.labels" . | nindent 4 }} -subjects: - - kind: ServiceAccount - name: {{ .Values.serviceAccount.zfsController.name }} - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: openebs-zfs-snapshotter-role - apiGroup: rbac.authorization.k8s.io ---- -{{- end }} -{{- if .Values.serviceAccount.zfsNode.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Values.serviceAccount.zfsNode.name }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "zfslocalpv.zfsNode.labels" . | nindent 4 }} ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: openebs-zfs-driver-registrar-role - labels: - {{- include "zfslocalpv.zfsNode.labels" . | nindent 4 }} -rules: - - apiGroups: [""] - resources: ["events"] - verbs: ["get", "list", "watch", "create", "update", "patch"] - - apiGroups: [""] - resources: ["persistentvolumes", "nodes", "services"] - verbs: ["get", "list"] - - apiGroups: ["*"] - resources: ["zfsvolumes", "zfssnapshots", "zfsbackups", "zfsrestores", "zfsnodes"] - verbs: ["get", "list", "watch", "create", "update", "patch"] ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: openebs-zfs-driver-registrar-binding - labels: - {{- include "zfslocalpv.zfsNode.labels" . | nindent 4 }} -subjects: - - kind: ServiceAccount - name: {{ .Values.serviceAccount.zfsNode.name }} - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: openebs-zfs-driver-registrar-role - apiGroup: rbac.authorization.k8s.io - -{{- if .Values.rbac.pspEnabled }} ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: openebs-zfs-node-role - labels: - {{- include "zfslocalpv.zfsNode.labels" . | nindent 4 }} -rules: -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - openebs-zfs-node-psp ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: openebs-zfs-node-binding - labels: - {{- include "zfslocalpv.zfsNode.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: openebs-zfs-node-role -subjects: - - kind: ServiceAccount - name: {{ .Values.serviceAccount.zfsNode.name }} - namespace: {{ $.Release.Namespace }} -{{- end }} -{{- end }} diff --git a/charts/openebs/openebs/2.11.0/charts/zfs-localpv/templates/zfs-contoller.yaml b/charts/openebs/openebs/2.11.0/charts/zfs-localpv/templates/zfs-contoller.yaml deleted file mode 100644 index 4f4a72e92..000000000 --- a/charts/openebs/openebs/2.11.0/charts/zfs-localpv/templates/zfs-contoller.yaml +++ /dev/null @@ -1,128 +0,0 @@ -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ template "zfslocalpv.fullname" . }}-controller - {{- with .Values.zfsController.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} - labels: - {{- include "zfslocalpv.zfsController.labels" . | nindent 4 }} -spec: - selector: - matchLabels: - {{- include "zfslocalpv.zfsController.matchLabels" . | nindent 6 }} - serviceName: "{{ .Values.zfsController.serviceName }}" - replicas: {{ .Values.zfsController.replicas }} - template: - metadata: - {{- with .Values.zfsController.podAnnotations }} - annotations: {{ toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "zfslocalpv.zfsController.labels" . | nindent 8 }} - {{- with .Values.zfsController.podLabels}} - {{ toYaml . | nindent 8 }} - {{- end}} - spec: - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - openebs-zfs-controller - topologyKey: "kubernetes.io/hostname" - priorityClassName: system-cluster-critical - serviceAccount: {{ .Values.serviceAccount.zfsController.name }} - containers: - - name: {{ .Values.zfsController.resizer.name }} - image: "{{ .Values.zfsController.resizer.image.registry }}{{ .Values.zfsController.resizer.image.repository }}:{{ .Values.zfsController.resizer.image.tag }}" - args: - - "--v=5" - - "--csi-address=$(ADDRESS)" - - "--leader-election" - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi.sock - imagePullPolicy: {{ .Values.zfsController.resizer.image.pullPolicy }} - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy/ - - name: {{ .Values.zfsController.snapshotter.name }} - image: "{{ .Values.zfsController.snapshotter.image.registry }}{{ .Values.zfsController.snapshotter.image.repository }}:{{ .Values.zfsController.snapshotter.image.tag }}" - imagePullPolicy: {{ .Values.zfsController.snapshotter.image.pullPolicy }} - args: - - "--csi-address=$(ADDRESS)" - - "--leader-election" - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi.sock - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy/ - - name: {{ .Values.zfsController.snapshotController.name }} - image: "{{ .Values.zfsController.snapshotController.image.registry }}{{ .Values.zfsController.snapshotController.image.repository }}:{{ .Values.zfsController.snapshotController.image.tag }}" - args: - - "--v=5" - - "--leader-election=true" - imagePullPolicy: {{ .Values.zfsController.snapshotController.image.pullPolicy }} - - name: {{ .Values.zfsController.provisioner.name }} - image: "{{ .Values.zfsController.provisioner.image.registry }}{{ .Values.zfsController.provisioner.image.repository }}:{{ .Values.zfsController.provisioner.image.tag }}" - imagePullPolicy: {{ .Values.zfsController.provisioner.image.pullPolicy }} - args: - - "--csi-address=$(ADDRESS)" - - "--v=5" - - "--feature-gates=Topology=true" - - "--strict-topology" - - "--leader-election" - - "--extra-create-metadata=true" - - "--default-fstype=ext4" - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi.sock - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy/ - - name: {{ .Values.zfsPlugin.name }} - image: "{{ .Values.zfsPlugin.image.registry }}{{ .Values.zfsPlugin.image.repository }}:{{ .Values.zfsPlugin.image.tag }}" - imagePullPolicy: {{ .Values.zfsPlugin.image.pullPolicy }} - env: - - name: OPENEBS_CONTROLLER_DRIVER - value: controller - - name: OPENEBS_CSI_ENDPOINT - value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock - - name: OPENEBS_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: OPENEBS_IO_INSTALLER_TYPE - value: "zfs-localpv-helm" - - name: OPENEBS_IO_ENABLE_ANALYTICS - value: "{{ .Values.analytics.enabled }}" - args : - - "--endpoint=$(OPENEBS_CSI_ENDPOINT)" - - "--plugin=$(OPENEBS_CONTROLLER_DRIVER)" - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy/ - volumes: - - name: socket-dir - emptyDir: {} -{{- if .Values.imagePullSecrets }} - imagePullSecrets: -{{ toYaml .Values.imagePullSecrets | indent 2 }} -{{- end }} -{{- if .Values.zfsController.nodeSelector }} - nodeSelector: -{{ toYaml .Values.zfsController.nodeSelector | indent 8 }} -{{- end }} -{{- if .Values.zfsController.securityContext }} - securityContext: -{{ toYaml .Values.zfsController.securityContext | indent 8 }} -{{- end }} -{{- if .Values.zfsController.tolerations }} - tolerations: -{{ toYaml .Values.zfsController.tolerations | indent 8 }} -{{- end }} diff --git a/charts/openebs/openebs/2.11.0/charts/zfs-localpv/templates/zfs-node.yaml b/charts/openebs/openebs/2.11.0/charts/zfs-localpv/templates/zfs-node.yaml deleted file mode 100644 index 5cc5c3cf3..000000000 --- a/charts/openebs/openebs/2.11.0/charts/zfs-localpv/templates/zfs-node.yaml +++ /dev/null @@ -1,146 +0,0 @@ -kind: DaemonSet -apiVersion: apps/v1 -metadata: - name: {{ template "zfslocalpv.fullname" . }}-node - {{- with .Values.zfsNode.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} - labels: - {{- include "zfslocalpv.zfsNode.labels" . | nindent 4 }} -spec: - selector: - matchLabels: - {{- include "zfslocalpv.zfsNode.matchLabels" . | nindent 6 }} - updateStrategy: - rollingUpdate: - maxUnavailable: 100% - type: RollingUpdate - template: - metadata: - {{- with .Values.zfsNode.podAnnotations }} - annotations: {{ toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "zfslocalpv.zfsNode.labels" . | nindent 8 }} - {{- with .Values.zfsNode.podLabels}} - {{ toYaml . | nindent 8 }} - {{- end}} - spec: - priorityClassName: system-node-critical - serviceAccount: {{ .Values.serviceAccount.zfsNode.name }} - hostNetwork: true - containers: - - name: {{ .Values.zfsNode.driverRegistrar.name }} - image: "{{ .Values.zfsNode.driverRegistrar.image.registry }}{{ .Values.zfsNode.driverRegistrar.image.repository }}:{{ .Values.zfsNode.driverRegistrar.image.tag }}" - imagePullPolicy: {{ .Values.zfsNode.driverRegistrar.image.pullPolicy }} - args: - - "--v=5" - - "--csi-address=$(ADDRESS)" - - "--kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)" - lifecycle: - preStop: - exec: - command: ["/bin/sh", "-c", "rm -rf /registration/zfs-localpv /registration/zfs-localpv-reg.sock"] - env: - - name: ADDRESS - value: /plugin/csi.sock - - name: DRIVER_REG_SOCK_PATH - value: {{ .Values.zfsNode.kubeletDir }}plugins/zfs-localpv/csi.sock - - name: KUBE_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: NODE_DRIVER - value: openebs-zfs - volumeMounts: - - name: plugin-dir - mountPath: /plugin - - name: registration-dir - mountPath: /registration - - name: {{ .Values.zfsPlugin.name }} - securityContext: - privileged: true - allowPrivilegeEscalation: true - image: "{{ .Values.zfsPlugin.image.registry }}{{ .Values.zfsPlugin.image.repository }}:{{ .Values.zfsPlugin.image.tag }}" - imagePullPolicy: {{ .Values.zfsPlugin.image.pullPolicy }} - args: - - "--nodename=$(OPENEBS_NODE_NAME)" - - "--endpoint=$(OPENEBS_CSI_ENDPOINT)" - - "--plugin=$(OPENEBS_NODE_DRIVER)" - env: - - name: OPENEBS_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: OPENEBS_CSI_ENDPOINT - value: unix:///plugin/csi.sock - - name: OPENEBS_NODE_DRIVER - value: agent - - name: OPENEBS_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - volumeMounts: - - name: plugin-dir - mountPath: /plugin - - name: device-dir - mountPath: /dev - - name: encr-keys - mountPath: /home/keys - - name: chroot-zfs - mountPath: /sbin/zfs - subPath: zfs - - name: host-root - mountPath: /host - mountPropagation: "HostToContainer" - readOnly: true - - name: pods-mount-dir - mountPath: {{ .Values.zfsNode.kubeletDir }} - # needed so that any mounts setup inside this container are - # propagated back to the host machine. - mountPropagation: "Bidirectional" - volumes: - - name: device-dir - hostPath: - path: /dev - type: Directory - - name: encr-keys - hostPath: - path: /home/keys - type: DirectoryOrCreate - - name: chroot-zfs - configMap: - defaultMode: 0555 - name: openebs-zfspv-bin - - name: host-root - hostPath: - path: / - type: Directory - - name: registration-dir - hostPath: - path: {{ .Values.zfsNode.kubeletDir }}plugins_registry/ - type: DirectoryOrCreate - - name: plugin-dir - hostPath: - path: {{ .Values.zfsNode.kubeletDir }}plugins/zfs-localpv/ - type: DirectoryOrCreate - - name: pods-mount-dir - hostPath: - path: {{ .Values.zfsNode.kubeletDir }} - type: Directory -{{- if .Values.imagePullSecrets }} - imagePullSecrets: -{{ toYaml .Values.imagePullSecrets | indent 2 }} -{{- end }} -{{- if .Values.zfsNode.nodeSelector }} - nodeSelector: -{{ toYaml .Values.zfsNode.nodeSelector | indent 8 }} -{{- end }} -{{- if .Values.zfsNode.securityContext }} - securityContext: -{{ toYaml .Values.zfsNode.securityContext | indent 8 }} -{{- end }} -{{- if .Values.zfsNode.tolerations }} - tolerations: -{{ toYaml .Values.zfsNode.tolerations | indent 8 }} -{{- end }} diff --git a/charts/openebs/openebs/2.11.0/charts/zfs-localpv/values.yaml b/charts/openebs/openebs/2.11.0/charts/zfs-localpv/values.yaml deleted file mode 100644 index 53004845f..000000000 --- a/charts/openebs/openebs/2.11.0/charts/zfs-localpv/values.yaml +++ /dev/null @@ -1,147 +0,0 @@ -# Default values for openebs-zfslocalpv. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. -release: - version: "1.9.0" - -imagePullSecrets: -# - name: "image-pull-secret" - - -rbac: - # rbac.pspEnabled: `true` if PodSecurityPolicy resources should be created - pspEnabled: false - -# zfsNode contains the configurables for -# the zfs node daemonset -zfsNode: - componentName: openebs-zfs-node - driverRegistrar: - name: "csi-node-driver-registrar" - image: - # Make sure that registry name end with a '/'. - # For example : k8s.gcr.io/ is a correct value here and quay.io is incorrect - registry: k8s.gcr.io/ - repository: sig-storage/csi-node-driver-registrar - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: v2.1.0 - updateStrategy: - type: RollingUpdate - annotations: {} - podAnnotations: {} - resources: {} - # This can be configured to run on various different k8s distributions like - # microk8s where kubelet dir is different - kubeletDir: "/var/lib/kubelet/" - # limits: - # cpu: 10m - # memory: 32Mi - # requests: - # cpu: 10m - # memory: 32Mi - ## Labels to be added to openebs-zfs node pods - podLabels: {} - nodeSelector: {} - tolerations: [] - securityContext: {} - labels: {} - -# zfsController contains the configurables for -# the zfs controller statefulset -zfsController: - componentName: openebs-zfs-controller - replicas: 1 - serviceName: openebs-zfs - resizer: - name: "csi-resizer" - image: - # Make sure that registry name end with a '/'. - # For example : k8s.gcr.io/ is a correct value here and quay.io is incorrect - registry: k8s.gcr.io/ - repository: sig-storage/csi-resizer - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: v1.1.0 - snapshotter: - name: "csi-snapshotter" - image: - # Make sure that registry name end with a '/'. - # For example : k8s.gcr.io/ is a correct value here and quay.io is incorrect - registry: k8s.gcr.io/ - repository: sig-storage/csi-snapshotter - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: v4.0.0 - snapshotController: - name: "snapshot-controller" - image: - # Make sure that registry name end with a '/'. - # For example : k8s.gcr.io/ is a correct value here and quay.io is incorrect - registry: k8s.gcr.io/ - repository: sig-storage/snapshot-controller - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: v4.0.0 - provisioner: - name: "csi-provisioner" - image: - # Make sure that registry name end with a '/'. - # For example : k8s.gcr.io/ is a correct value here and quay.io is incorrect - registry: k8s.gcr.io/ - repository: sig-storage/csi-provisioner - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: v2.1.0 - updateStrategy: - type: RollingUpdate - annotations: {} - podAnnotations: {} - resources: {} - # limits: - # cpu: 10m - # memory: 32Mi - # requests: - # cpu: 10m - # memory: 32Mi - ## Labels to be added to openebs-zfs controller pods - podLabels: - name: openebs-zfs-controller - nodeSelector: {} - tolerations: [] - securityContext: {} - -# zfsPlugin is the common csi container used by the -# controller statefulset and node daemonset -zfsPlugin: - name: "openebs-zfs-plugin" - image: - # Make sure that registry name end with a '/'. - # For example : k8s.gcr.io/ is a correct value here and quay.io is incorrect - registry: - repository: openebs/zfs-driver - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: 1.9.0 - -role: openebs-zfs - -crd: - enableInstall: true - -serviceAccount: - zfsController: - # Specifies whether a service account should be created - create: true - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: openebs-zfs-controller-sa - zfsNode: - # Specifies whether a service account should be created - create: true - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: openebs-zfs-node-sa - -analytics: - enabled: true diff --git a/charts/openebs/openebs/2.11.0/questions.yml b/charts/openebs/openebs/2.11.0/questions.yml deleted file mode 100644 index 37b581c72..000000000 --- a/charts/openebs/openebs/2.11.0/questions.yml +++ /dev/null @@ -1,200 +0,0 @@ -questions: -- variable: defaultImage - default: true - description: "Use default OpenEBS images" - label: Use Default Image - type: boolean - show_subquestion_if: false - group: "Container Images" - subquestions: - - variable: apiserver.image - default: "openebs/m-apiserver" - description: "Default API Server image for OpenEBS" - type: string - label: API Server Image - - variable: apiserver.imageTag - default: "2.11.0" - description: "The image tag of API Server image" - type: string - label: Image Tag For OpenEBS API Server Image - - variable: provisioner.image - default: "openebs/openebs-k8s-provisioner" - description: "Default K8s Provisioner image for OpenEBS" - type: string - label: Provisioner Image - - variable: provisioner.imageTag - default: "2.11.0" - description: "The image tag of Provisioner image" - type: string - label: Image Tag For Provisioner Image - - variable: snapshotOperator.controller.image - default: "openebs/snapshot-controller" - description: "Default Snapshot Controller image for OpenEBS" - type: string - label: Snapshot Controller Image - - variable: snapshotOperator.controller.imageTag - default: "2.11.0" - description: "The image tag of Snapshot Controller image" - type: string - label: Image Tag For OpenEBS Snapshot Controller Image - - variable: snapshotOperator.provisioner.image - default: "openebs/snapshot-provisioner" - description: "Default Snapshot Provisioner image for OpenEBS" - type: string - label: Snapshot Provisioner Image - - variable: snapshotOperator.provisioner.imageTag - default: "2.11.0" - description: "The image tag of Snapshot Provisioner image" - type: string - label: Image Tag For OpenEBS Snapshot Provisioner Image - - variable: ndm.image - default: "openebs/node-disk-manager" - description: "Default NDM image" - type: string - label: Node Disk Manager Image - - variable: ndm.imageTag - default: "0.7.0" - description: "The image tag of NDM image" - type: string - label: Image Tag For Node Disk Manager Image - - variable: ndmOperator.image - default: "openebs/node-disk-operator" - description: "Default NDO image" - type: string - label: Node Disk Operator Image - - variable: ndmOperator.imageTag - default: "0.7.0" - description: "The image tag of NDO image" - type: string - label: Image Tag For Node Disk Manager Image - - variable: jiva.image - default: "openebs/jiva" - description: "Default Jiva Storage Engine image for OpenEBS" - type: string - label: Jiva Storage Engine Image - - variable: jiva.imageTag - default: "2.11.0" - description: "The image tag of Jiva image" - type: string - label: Image Tag For OpenEBS Jiva Storage Engine Image - - variable: cstor.pool.image - default: "openebs/cstor-pool" - description: "Default cStor Storage Engine Pool image for OpenEBS" - type: string - label: cStor Storage Engine Pool Image - - variable: cstor.pool.imageTag - default: "2.11.0" - description: "The image tag of cStor Storage Engine Pool image" - type: string - label: Image Tag For OpenEBS cStor Storage Engine Pool Image - - variable: cstor.poolMgmt.image - default: "openebs/cstor-pool-mgmt" - description: "Default cStor Storage Engine Pool Management image for OpenEBS" - type: string - label: cStor Storage Engine Pool Management Image - - variable: cstor.poolMgmt.imageTag - default: "2.11.0" - description: "The image tag of cStor Storage Engine Pool Management image" - type: string - label: Image Tag For OpenEBS cStor Storage Engine Pool Management Image - - variable: cstor.target.image - default: "openebs/cstor-istgt" - description: "Default cStor Storage Engine Target image for OpenEBS" - type: string - label: cStor Storage Engine Target Image - - variable: cstor.target.imageTag - default: "2.11.0" - description: "The image tag of cStor Storage Engine Target image" - type: string - label: Image Tag For OpenEBS cStor Storage Engine Target Image - - variable: cstor.volumeMgmt.image - default: "openebs/cstor-volume-mgmt" - description: "Default cStor Storage Engine Target Management image for OpenEBS" - type: string - label: cStor Storage Engine Target Management Image - - variable: cstor.volumeMgmt.imageTag - default: "2.11.0" - description: "The image tag of cStor Storage Engine Target Management image" - type: string - label: Image Tag For OpenEBS cStor Storage Engine Target Management Image - - variable: policies.monitoring.image - default: "openebs/m-exporter" - description: "Default OpeneEBS Volume and pool Exporter image" - type: string - label: Monitoring Exporter Image - show_if: "policies.monitoring.enabled=true&&defaultImage=false" - - variable: policies.monitoring.imageTag - default: "2.11.0" - description: "The image tag of OpenEBS Exporter" - type: string - label: Image Tag For OpenEBS Exporter Image - show_if: "policies.monitoring.enabled=true&&defaultImage=false" -- variable: ndm.filters.excludeVendors - default: 'CLOUDBYT,OpenEBS' - type: string - description: "Configure NDM to filter disks from following vendors" - label: Filter Disks belonging to vendors - group: "NDM Disk Filter by Vendor " -- variable: ndm.filters.excludePaths - default: 'loop,fd0,sr0,/dev/ram,/dev/dm-,/dev/md' - type: string - description: "Configure NDM to filter disks from following paths" - label: Filter Disks belonging to paths - group: "NDM Disk Filter by Path" -- variable: ndm.sparse.enabled - default: true - description: "Create a cStor Pool on Sparse Disks" - label: Create cStor Pool on Sprase Disks - type: boolean - show_subquestion_if: true - group: "NDM Sparse Disk Settings" - subquestions: - - variable: ndm.sparse.size - default: "10737418240" - description: "Default Size of Sparse Disk" - type: string - label: Sparse Disk Size in bytes - - variable: ndm.sparse.count - default: "0" - description: "Number of Sparse Disks" - type: string - label: Number of Sparse Disks - - variable: ndm.sparse.path - default: "/var/openebs/sparse" - description: "Directory where Sparse Disks should be created" - type: string - label: Directory for Sparse Disks -- variable: defaultPorts - default: true - description: "Use default Communication Ports" - label: Use Default Ports - type: boolean - show_subquestion_if: false - group: "Communication Ports" - subquestions: - - variable: apiserver.ports.externalPort - default: 5656 - description: "Default External Port for OpenEBS API Server" - type: int - min: 0 - max: 9999 - label: OpenEBS API Server External Port - - variable: apiserver.ports.internalPort - default: 5656 - description: "Default Internal Port for OpenEBS API Server" - type: int - min: 0 - max: 9999 - label: OpenEBS API Server Internal Port -- variable: policies.monitoring.enabled - default: true - description: "Enable prometheus monitoring" - type: boolean - label: Enable Prometheus Monitoring - group: "Monitoring Settings" -- variable: analytics.enabled - default: true - description: "Enable sending anonymous statistics to OpenEBS Google Analytics" - type: boolean - label: Enable updating OpenEBS with usage details - group: "Anonymous Analytics" diff --git a/charts/openebs/openebs/2.11.0/templates/NOTES.txt b/charts/openebs/openebs/2.11.0/templates/NOTES.txt deleted file mode 100644 index 299a52638..000000000 --- a/charts/openebs/openebs/2.11.0/templates/NOTES.txt +++ /dev/null @@ -1,27 +0,0 @@ -The OpenEBS has been installed. Check its status by running: -$ kubectl get pods -n {{ .Release.Namespace }} - -For dynamically creating OpenEBS Volumes, you can either create a new StorageClass or -use one of the default storage classes provided by OpenEBS. - -Use `kubectl get sc` to see the list of installed OpenEBS StorageClasses. A sample -PVC spec using `openebs-jiva-default` StorageClass is given below:" - ---- -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: demo-vol-claim -spec: - storageClassName: openebs-jiva-default - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 5G ---- - -Please note that, OpenEBS uses iSCSI for connecting applications with the -OpenEBS Volumes and your nodes should have the iSCSI initiator installed. - -For more information, visit our Slack at https://openebs.io/community or view the documentation online at http://docs.openebs.io/. diff --git a/charts/openebs/openebs/2.11.0/templates/_helpers.tpl b/charts/openebs/openebs/2.11.0/templates/_helpers.tpl deleted file mode 100644 index 09c63c5a4..000000000 --- a/charts/openebs/openebs/2.11.0/templates/_helpers.tpl +++ /dev/null @@ -1,43 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "openebs.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "openebs.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "openebs.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "openebs.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "openebs.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} diff --git a/charts/openebs/openebs/2.11.0/templates/cleanup-webhook.yaml b/charts/openebs/openebs/2.11.0/templates/cleanup-webhook.yaml deleted file mode 100644 index 27e644647..000000000 --- a/charts/openebs/openebs/2.11.0/templates/cleanup-webhook.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{- if .Values.webhook.enabled }} -# HELM first deletes RBAC, then it tries to delete other resources like SPC and PVC. -# We've got validating webhook on SPC and PVC. -# But even that the policy of this webhook is Ignore, it fails because the ServiceAccount -# does not have permission to access resources like BDC anymore which are used for validation. -# Therefore we first need to delete webhook so we can delete the rest of the deployments. -{{- $kubeMinor := .Capabilities.KubeVersion.Minor | replace "+" "" }} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ template "openebs.fullname" . }}-webhook-cleanup - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": pre-delete - "helm.sh/hook-delete-policy": hook-succeeded - labels: - app: {{ template "openebs.name" . }} -spec: - template: - metadata: - name: {{ template "openebs.fullname" . }}-webhook-cleanup - labels: - app: {{ template "openebs.name" . }} - spec: - serviceAccountName: {{ template "openebs.serviceAccountName" . }} - {{- if .Values.webhook.tolerations }} - tolerations: -{{ toYaml .Values.webhook.tolerations | indent 8 }} - {{- end }} - containers: - - name: kubectl - {{- /* bitnami maintains an image for all k8s versions */}} - {{- /* see: https://hub.docker.com/r/bitnami/kubectl */}} - {{- if .Values.cleanup.image.tag }} - image: "{{ .Values.cleanup.image.registry }}{{ .Values.cleanup.image.repository }}:{{ .Values.cleanup.image.tag }}" - {{- else }} - image: "{{ .Values.cleanup.image.registry }}{{ .Values.cleanup.image.repository }}:{{ .Capabilities.KubeVersion.Major }}.{{ $kubeMinor }}" - {{- end }} - command: - - /bin/sh - - -c - - > - kubectl delete validatingWebhookConfiguration openebs-validation-webhook-cfg || true; - restartPolicy: OnFailure -{{- end }} diff --git a/charts/openebs/openebs/2.11.0/templates/clusterrole.yaml b/charts/openebs/openebs/2.11.0/templates/clusterrole.yaml deleted file mode 100644 index 3a8d3ced8..000000000 --- a/charts/openebs/openebs/2.11.0/templates/clusterrole.yaml +++ /dev/null @@ -1,50 +0,0 @@ -{{- if .Values.rbac.create }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "openebs.fullname" . }} - labels: - app: {{ template "openebs.name" . }} - chart: {{ template "openebs.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -rules: -- apiGroups: ["*"] - resources: ["nodes", "nodes/proxy"] - verbs: ["*"] -- apiGroups: ["*"] - resources: ["namespaces", "services", "pods", "pods/exec", "deployments", "deployments/finalizers", "replicationcontrollers", "replicasets", "events", "endpoints", "configmaps", "secrets", "jobs", "cronjobs" ] - verbs: ["*"] -- apiGroups: ["*"] - resources: ["statefulsets", "daemonsets"] - verbs: ["*"] -- apiGroups: ["*"] - resources: ["resourcequotas", "limitranges"] - verbs: ["list", "watch"] -- apiGroups: ["*"] - resources: ["ingresses", "horizontalpodautoscalers", "verticalpodautoscalers", "poddisruptionbudgets", "certificatesigningrequests"] - verbs: ["list", "watch"] -- apiGroups: ["*"] - resources: ["storageclasses", "persistentvolumeclaims", "persistentvolumes"] - verbs: ["*"] -- apiGroups: ["volumesnapshot.external-storage.k8s.io"] - resources: ["volumesnapshots", "volumesnapshotdatas"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] -- apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: [ "get", "list", "create", "update", "delete", "patch"] -- apiGroups: ["openebs.io"] - resources: [ "*"] - verbs: ["*" ] -- apiGroups: ["cstor.openebs.io"] - resources: [ "*"] - verbs: ["*" ] -- apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "watch", "list", "delete", "update", "create"] -- apiGroups: ["admissionregistration.k8s.io"] - resources: ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"] - verbs: ["get", "create", "list", "delete", "update", "patch"] -- nonResourceURLs: ["/metrics"] - verbs: ["get"] -{{- end }} diff --git a/charts/openebs/openebs/2.11.0/templates/clusterrolebinding.yaml b/charts/openebs/openebs/2.11.0/templates/clusterrolebinding.yaml deleted file mode 100644 index 0ada25cd6..000000000 --- a/charts/openebs/openebs/2.11.0/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.rbac.create }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "openebs.fullname" . }} - labels: - app: {{ template "openebs.name" . }} - chart: {{ template "openebs.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "openebs.fullname" . }} -subjects: -- kind: ServiceAccount - name: {{ template "openebs.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/openebs/openebs/2.11.0/templates/cm-node-disk-manager.yaml b/charts/openebs/openebs/2.11.0/templates/cm-node-disk-manager.yaml deleted file mode 100644 index 2006e3dcd..000000000 --- a/charts/openebs/openebs/2.11.0/templates/cm-node-disk-manager.yaml +++ /dev/null @@ -1,46 +0,0 @@ -{{- if .Values.ndm.enabled }} -# This is the node-disk-manager related config. -# It can be used to customize the disks probes and filters -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "openebs.fullname" . }}-ndm-config - labels: - app: {{ template "openebs.name" . }} - chart: {{ template "openebs.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - component: ndm-config - openebs.io/component-name: ndm-config -data: - # udev-probe is default or primary probe which should be enabled to run ndm - # filterconfigs contains configs of filters - in the form of include - # and exclude comma separated strings - node-disk-manager.config: | - probeconfigs: - - key: udev-probe - name: udev probe - state: true - - key: seachest-probe - name: seachest probe - state: {{ .Values.ndm.probes.enableSeachest }} - - key: smart-probe - name: smart probe - state: true - filterconfigs: - - key: os-disk-exclude-filter - name: os disk exclude filter - state: {{ .Values.ndm.filters.enableOsDiskExcludeFilter }} - exclude: "{{ .Values.ndm.filters.osDiskExcludePaths }}" - - key: vendor-filter - name: vendor filter - state: {{ .Values.ndm.filters.enableVendorFilter }} - include: "" - exclude: "{{ .Values.ndm.filters.excludeVendors }}" - - key: path-filter - name: path filter - state: {{ .Values.ndm.filters.enablePathFilter }} - include: "{{ .Values.ndm.filters.includePaths }}" - exclude: "{{ .Values.ndm.filters.excludePaths }}" ---- -{{- end }} diff --git a/charts/openebs/openebs/2.11.0/templates/daemonset-ndm.yaml b/charts/openebs/openebs/2.11.0/templates/daemonset-ndm.yaml deleted file mode 100644 index 17573417e..000000000 --- a/charts/openebs/openebs/2.11.0/templates/daemonset-ndm.yaml +++ /dev/null @@ -1,180 +0,0 @@ -{{- if .Values.ndm.enabled }} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ template "openebs.fullname" . }}-ndm - labels: - app: {{ template "openebs.name" . }} - chart: {{ template "openebs.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - component: ndm - openebs.io/component-name: ndm - openebs.io/version: {{ .Values.release.version }} -spec: - updateStrategy: - type: "RollingUpdate" - selector: - matchLabels: - app: {{ template "openebs.name" . }} - release: {{ .Release.Name }} - component: ndm - template: - metadata: - labels: - app: {{ template "openebs.name" . }} - release: {{ .Release.Name }} - component: ndm - openebs.io/component-name: ndm - name: openebs-ndm - openebs.io/version: {{ .Values.release.version }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ template "openebs.serviceAccountName" . }} - hostNetwork: true - # host PID is used to check status of iSCSI Service when the NDM - # API service is enabled -{{- if .Values.featureGates.enabled }} -{{- if .Values.featureGates.APIService.enabled }} - hostPID: true -{{- end}} -{{- end}} - containers: - - name: {{ template "openebs.name" . }}-ndm - image: "{{ .Values.image.repository }}{{ .Values.ndm.image }}:{{ .Values.ndm.imageTag }}" - args: - - -v=4 -{{- if .Values.featureGates.enabled }} -{{- if .Values.featureGates.GPTBasedUUID.enabled }} - - --feature-gates={{ .Values.featureGates.GPTBasedUUID.featureGateFlag }} -{{- end}} -{{- if .Values.featureGates.APIService.enabled }} - - --feature-gates={{ .Values.featureGates.APIService.featureGateFlag }} - - --api-service-address={{ .Values.featureGates.APIService.address }} -{{- end}} -{{- if .Values.featureGates.UseOSDisk.enabled }} - - --feature-gates={{ .Values.featureGates.UseOSDisk.featureGateFlag }} -{{- end}} -{{- if .Values.featureGates.MountChangeDetection.enabled }} - - --feature-gates={{ .Values.featureGates.MountChangeDetection.featureGateFlag }} -{{- end}} -{{- end}} - imagePullPolicy: {{ .Values.image.pullPolicy }} -{{- if .Values.ndm.resources }} - resources: -{{ toYaml .Values.ndm.resources | trimSuffix "\n" | indent 10 }} -{{- end }} - securityContext: - privileged: true - env: - # namespace in which NDM is installed will be passed to NDM Daemonset - # as environment variable - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - # pass hostname as env variable using downward API to the NDM container - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName -{{- if .Values.ndm.sparse }} -{{- if .Values.ndm.sparse.path }} - # specify the directory where the sparse files need to be created. - # if not specified, then sparse files will not be created. - - name: SPARSE_FILE_DIR - value: "{{ .Values.ndm.sparse.path }}" -{{- end }} -{{- if .Values.ndm.sparse.size }} - # Size(bytes) of the sparse file to be created. - - name: SPARSE_FILE_SIZE - value: "{{ .Values.ndm.sparse.size }}" -{{- end }} -{{- if .Values.ndm.sparse.count }} - # Specify the number of sparse files to be created - - name: SPARSE_FILE_COUNT - value: "{{ .Values.ndm.sparse.count }}" -{{- end }} -{{- end }} - # Process name used for matching is limited to the 15 characters - # present in the pgrep output. - # So fullname can be used here with pgrep (cmd is < 15 chars). - livenessProbe: - exec: - command: - - pgrep - - "ndm" - initialDelaySeconds: {{ .Values.ndm.healthCheck.initialDelaySeconds }} - periodSeconds: {{ .Values.ndm.healthCheck.periodSeconds }} - volumeMounts: - - name: config - mountPath: /host/node-disk-manager.config - subPath: node-disk-manager.config - readOnly: true - - name: udev - mountPath: /run/udev - - name: procmount - mountPath: /host/proc - readOnly: true - - name: devmount - mountPath: /dev - - name: basepath - mountPath: /var/openebs/ndm -{{- if .Values.ndm.sparse }} -{{- if .Values.ndm.sparse.path }} - - name: sparsepath - mountPath: {{ .Values.ndm.sparse.path }} -{{- end }} -{{- end }} - volumes: - - name: config - configMap: - name: {{ template "openebs.fullname" . }}-ndm-config - - name: udev - hostPath: - path: /run/udev - type: Directory - # mount /proc (to access mount file of process 1 of host) inside container - # to read mount-point of disks and partitions - - name: procmount - hostPath: - path: /proc - type: Directory - # the /dev directory is mounted so that we have access to the devices that - # are connected at runtime of the pod. - - name: devmount - hostPath: - path: /dev - type: Directory - - name: basepath - hostPath: - path: "{{ .Values.varDirectoryPath.baseDir }}/ndm" - type: DirectoryOrCreate -{{- if .Values.ndm.sparse }} -{{- if .Values.ndm.sparse.path }} - - name: sparsepath - hostPath: - path: {{ .Values.ndm.sparse.path }} -{{- end }} -{{- end }} - # By default the node-disk-manager will be run on all kubernetes nodes - # If you would like to limit this to only some nodes, say the nodes - # that have storage attached, you could label those node and use - # nodeSelector. - # - # e.g. label the storage nodes with - "openebs.io/nodegroup"="storage-node" - # kubectl label node "openebs.io/nodegroup"="storage-node" - #nodeSelector: - # "openebs.io/nodegroup": "storage-node" -{{- if .Values.ndm.nodeSelector }} - nodeSelector: -{{ toYaml .Values.ndm.nodeSelector | indent 8 }} -{{- end }} -{{- if .Values.ndm.tolerations }} - tolerations: -{{ toYaml .Values.ndm.tolerations | indent 8 }} -{{- end }} -{{- end }} diff --git a/charts/openebs/openebs/2.11.0/templates/deployment-admission-server.yaml b/charts/openebs/openebs/2.11.0/templates/deployment-admission-server.yaml deleted file mode 100644 index b10b9b65e..000000000 --- a/charts/openebs/openebs/2.11.0/templates/deployment-admission-server.yaml +++ /dev/null @@ -1,84 +0,0 @@ -{{- if .Values.webhook.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "openebs.fullname" . }}-admission-server - labels: - app: admission-webhook - chart: {{ template "openebs.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - component: admission-webhook - openebs.io/component-name: admission-webhook - openebs.io/version: {{ .Values.release.version }} -spec: - replicas: {{ .Values.webhook.replicas }} - strategy: - type: "Recreate" - rollingUpdate: null - selector: - matchLabels: - app: admission-webhook - template: - metadata: - labels: - app: admission-webhook - name: admission-webhook - release: {{ .Release.Name }} - openebs.io/version: {{ .Values.release.version }} - openebs.io/component-name: admission-webhook - spec: -{{- if .Values.webhook.hostNetwork }} - hostNetwork: true -{{- end }} -{{- if .Values.webhook.nodeSelector }} - nodeSelector: -{{ toYaml .Values.webhook.nodeSelector | indent 8 }} -{{- end }} -{{- if .Values.webhook.tolerations }} - tolerations: -{{ toYaml .Values.webhook.tolerations | indent 8 }} -{{- end }} -{{- if .Values.webhook.affinity }} - affinity: -{{ toYaml .Values.webhook.affinity | indent 8 }} -{{- end }} - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ template "openebs.serviceAccountName" . }} - containers: - - name: admission-webhook - image: "{{ .Values.image.repository }}{{ .Values.webhook.image }}:{{ .Values.webhook.imageTag }}" -{{- if .Values.webhook.resources }} - resources: -{{ toYaml .Values.webhook.resources | trimSuffix "\n" | indent 12 }} -{{- end }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - args: - - -alsologtostderr - - -v=2 - - 2>&1 - env: - - name: OPENEBS_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: ADMISSION_WEBHOOK_FAILURE_POLICY - value: "{{ .Values.webhook.failurePolicy }}" - # Process name used for matching is limited to the 15 characters - # present in the pgrep output. - # So fullname can't be used here with pgrep (>15 chars).A regular expression - # Anchor `^` : matches any string that starts with `admission-serve` - # `.*`: matche any string that has `admission-serve` followed by zero or more char - # that matches the entire command name has to specified. - livenessProbe: - exec: - command: - - sh - - -c - - test `pgrep -c "^admission-serve.*"` = 1 - initialDelaySeconds: {{ .Values.webhook.healthCheck.initialDelaySeconds }} - periodSeconds: {{ .Values.webhook.healthCheck.periodSeconds }} -{{- end }} diff --git a/charts/openebs/openebs/2.11.0/templates/deployment-local-provisioner.yaml b/charts/openebs/openebs/2.11.0/templates/deployment-local-provisioner.yaml deleted file mode 100644 index 018f0a1de..000000000 --- a/charts/openebs/openebs/2.11.0/templates/deployment-local-provisioner.yaml +++ /dev/null @@ -1,115 +0,0 @@ -{{- if .Values.localprovisioner.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "openebs.fullname" . }}-localpv-provisioner - labels: - app: {{ template "openebs.name" . }} - chart: {{ template "openebs.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - component: localpv-provisioner - openebs.io/component-name: openebs-localpv-provisioner - openebs.io/version: {{ .Values.release.version }} -spec: - replicas: {{ .Values.localprovisioner.replicas }} - strategy: - type: "Recreate" - rollingUpdate: null - selector: - matchLabels: - app: {{ template "openebs.name" . }} - release: {{ .Release.Name }} - template: - metadata: - labels: - app: {{ template "openebs.name" . }} - release: {{ .Release.Name }} - component: localpv-provisioner - name: openebs-localpv-provisioner - openebs.io/component-name: openebs-localpv-provisioner - openebs.io/version: {{ .Values.release.version }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ template "openebs.serviceAccountName" . }} - containers: - - name: {{ template "openebs.name" . }}-localpv-provisioner - image: "{{ .Values.image.repository }}{{ .Values.localprovisioner.image }}:{{ .Values.localprovisioner.imageTag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} -{{- if .Values.localprovisioner.resources }} - resources: -{{ toYaml .Values.localprovisioner.resources | trimSuffix "\n" | indent 10 }} -{{- end }} - env: - # OPENEBS_IO_K8S_MASTER enables openebs provisioner to connect to K8s - # based on this address. This is ignored if empty. - # This is supported for openebs provisioner version 0.5.2 onwards - #- name: OPENEBS_IO_K8S_MASTER - # value: "http://10.128.0.12:8080" - # OPENEBS_IO_KUBE_CONFIG enables openebs provisioner to connect to K8s - # based on this config. This is ignored if empty. - # This is supported for openebs provisioner version 0.5.2 onwards - #- name: OPENEBS_IO_KUBE_CONFIG - # value: "/home/ubuntu/.kube/config" - # OPENEBS_NAMESPACE is the namespace that this provisioner will - # lookup to find maya api service - - name: OPENEBS_NAMESPACE - value: "{{ .Release.Namespace }}" - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - # OPENEBS_SERVICE_ACCOUNT provides the service account of this pod as - # environment variable - - name: OPENEBS_SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - # OPENEBS_IO_BASE_PATH is the environment variable that provides the - # default base path on the node where host-path PVs will be provisioned. - - name: OPENEBS_IO_ENABLE_ANALYTICS - value: "{{ .Values.analytics.enabled }}" - - name: OPENEBS_IO_BASE_PATH - value: "{{ .Values.localprovisioner.basePath }}" - - name: OPENEBS_IO_HELPER_IMAGE - value: "{{ .Values.image.repository }}{{ .Values.helper.image }}:{{ .Values.helper.imageTag }}" - - name: OPENEBS_IO_INSTALLER_TYPE - value: "charts-helm" - # LEADER_ELECTION_ENABLED is used to enable/disable leader election. By default - # leader election is enabled. - - name: LEADER_ELECTION_ENABLED - value: "{{ .Values.localprovisioner.enableLeaderElection }}" -{{- if .Values.imagePullSecrets }} - - name: OPENEBS_IO_IMAGE_PULL_SECRETS - value: "{{- range $.Values.imagePullSecrets }}{{ .name }},{{- end }}" -{{- end }} - # Process name used for matching is limited to the 15 characters - # present in the pgrep output. - # So fullname can't be used here with pgrep (>15 chars).A regular expression - # that matches the entire command name has to specified. - # Anchor `^` : matches any string that starts with `provisioner-loc` - # `.*`: matches any string that has `provisioner-loc` followed by zero or more char - livenessProbe: - exec: - command: - - sh - - -c - - test `pgrep -c "^provisioner-loc.*"` = 1 - initialDelaySeconds: {{ .Values.localprovisioner.healthCheck.initialDelaySeconds }} - periodSeconds: {{ .Values.localprovisioner.healthCheck.periodSeconds }} -{{- if .Values.localprovisioner.nodeSelector }} - nodeSelector: -{{ toYaml .Values.localprovisioner.nodeSelector | indent 8 }} -{{- end }} -{{- if .Values.localprovisioner.tolerations }} - tolerations: -{{ toYaml .Values.localprovisioner.tolerations | indent 8 }} -{{- end }} -{{- if .Values.localprovisioner.affinity }} - affinity: -{{ toYaml .Values.localprovisioner.affinity | indent 8 }} -{{- end }} -{{- end }} diff --git a/charts/openebs/openebs/2.11.0/templates/deployment-maya-apiserver.yaml b/charts/openebs/openebs/2.11.0/templates/deployment-maya-apiserver.yaml deleted file mode 100644 index 0f551ccb1..000000000 --- a/charts/openebs/openebs/2.11.0/templates/deployment-maya-apiserver.yaml +++ /dev/null @@ -1,173 +0,0 @@ -{{- if .Values.apiserver.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "openebs.fullname" . }}-apiserver - labels: - app: {{ template "openebs.name" . }} - chart: {{ template "openebs.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - component: apiserver - name: maya-apiserver - openebs.io/component-name: maya-apiserver - openebs.io/version: {{ .Values.release.version }} -spec: - replicas: {{ .Values.apiserver.replicas }} - strategy: - type: "Recreate" - rollingUpdate: null - selector: - matchLabels: - app: {{ template "openebs.name" . }} - release: {{ .Release.Name }} - template: - metadata: - labels: - app: {{ template "openebs.name" . }} - release: {{ .Release.Name }} - component: apiserver - name: maya-apiserver - openebs.io/component-name: maya-apiserver - openebs.io/version: {{ .Values.release.version }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ template "openebs.serviceAccountName" . }} - containers: - - name: {{ template "openebs.name" . }}-apiserver - image: "{{ .Values.image.repository }}{{ .Values.apiserver.image }}:{{ .Values.apiserver.imageTag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} -{{- if .Values.apiserver.resources }} - resources: -{{ toYaml .Values.apiserver.resources | trimSuffix "\n" | indent 10 }} -{{- end }} - ports: - - containerPort: {{ .Values.apiserver.ports.internalPort }} - env: - # OPENEBS_IO_KUBE_CONFIG enables maya api service to connect to K8s - # based on this config. This is ignored if empty. - # This is supported for maya api server version 0.5.2 onwards - #- name: OPENEBS_IO_KUBE_CONFIG - # value: "/home/ubuntu/.kube/config" - # OPENEBS_IO_K8S_MASTER enables maya api service to connect to K8s - # based on this address. This is ignored if empty. - # This is supported for maya api server version 0.5.2 onwards - #- name: OPENEBS_IO_K8S_MASTER - # value: "http://172.28.128.3:8080" - # OPENEBS_NAMESPACE provides the namespace of this deployment as an - # environment variable - - name: OPENEBS_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - # OPENEBS_SERVICE_ACCOUNT provides the service account of this pod as - # environment variable - - name: OPENEBS_SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - # OPENEBS_MAYA_POD_NAME provides the name of this pod as - # environment variable - - name: OPENEBS_MAYA_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - # If OPENEBS_IO_CREATE_DEFAULT_STORAGE_CONFIG is false then OpenEBS default - # storageclass and storagepool will not be created. - - name: OPENEBS_IO_CREATE_DEFAULT_STORAGE_CONFIG - value: "{{ .Values.defaultStorageConfig.enabled }}" - # OPENEBS_IO_INSTALL_DEFAULT_CSTOR_SPARSE_POOL decides whether default cstor sparse pool should be - # configured as a part of openebs installation. - # If "true" a default cstor sparse pool will be configured, if "false" it will not be configured. - # This value takes effect only if OPENEBS_IO_CREATE_DEFAULT_STORAGE_CONFIG - # is set to true - - name: OPENEBS_IO_INSTALL_DEFAULT_CSTOR_SPARSE_POOL - value: "{{ .Values.apiserver.sparse.enabled }}" - # OPENEBS_IO_CSTOR_TARGET_DIR can be used to specify the hostpath - # to be used for saving the shared content between the side cars - # of cstor volume pod. - # The default path used is /var/openebs/sparse - - name: OPENEBS_IO_CSTOR_TARGET_DIR - value: "{{ .Values.ndm.sparse.path }}" - # OPENEBS_IO_CSTOR_POOL_SPARSE_DIR can be used to specify the hostpath - # to be used for saving the shared content between the side cars - # of cstor pool pod. This ENV is also used to indicate the location - # of the sparse devices. - # The default path used is /var/openebs/sparse - - name: OPENEBS_IO_CSTOR_POOL_SPARSE_DIR - value: "{{ .Values.ndm.sparse.path }}" - # OPENEBS_IO_JIVA_POOL_DIR can be used to specify the hostpath - # to be used for default Jiva StoragePool loaded by OpenEBS - # The default path used is /var/openebs - # This value takes effect only if OPENEBS_IO_CREATE_DEFAULT_STORAGE_CONFIG - # is set to true - - name: OPENEBS_IO_JIVA_POOL_DIR - value: "{{ .Values.jiva.defaultStoragePath }}" - # OPENEBS_IO_LOCALPV_HOSTPATH_DIR can be used to specify the hostpath - # to be used for default openebs-hostpath storageclass loaded by OpenEBS - # The default path used is /var/openebs/local - # This value takes effect only if OPENEBS_IO_CREATE_DEFAULT_STORAGE_CONFIG - # is set to true - - name: OPENEBS_IO_LOCALPV_HOSTPATH_DIR - value: "{{ .Values.localprovisioner.basePath }}" - # OPENEBS_IO_BASE_DIR used by the OpenEBS to store debug information and - # so forth that are generated in the course of running OpenEBS containers. - - name: OPENEBS_IO_BASE_DIR - value: "{{ .Values.varDirectoryPath.baseDir }}" - - name: OPENEBS_IO_JIVA_CONTROLLER_IMAGE - value: "{{ .Values.image.repository }}{{ .Values.jiva.image }}:{{ .Values.jiva.imageTag }}" - - name: OPENEBS_IO_JIVA_REPLICA_IMAGE - value: "{{ .Values.image.repository }}{{ .Values.jiva.image }}:{{ .Values.jiva.imageTag }}" - - name: OPENEBS_IO_JIVA_REPLICA_COUNT - value: "{{ .Values.jiva.replicas }}" - - name: OPENEBS_IO_CSTOR_TARGET_IMAGE - value: "{{ .Values.image.repository }}{{ .Values.cstor.target.image }}:{{ .Values.cstor.target.imageTag }}" - - name: OPENEBS_IO_CSTOR_POOL_IMAGE - value: "{{ .Values.image.repository }}{{ .Values.cstor.pool.image }}:{{ .Values.cstor.pool.imageTag }}" - - name: OPENEBS_IO_CSTOR_POOL_MGMT_IMAGE - value: "{{ .Values.image.repository }}{{ .Values.cstor.poolMgmt.image }}:{{ .Values.cstor.poolMgmt.imageTag }}" - - name: OPENEBS_IO_CSTOR_VOLUME_MGMT_IMAGE - value: "{{ .Values.image.repository }}{{ .Values.cstor.volumeMgmt.image }}:{{ .Values.cstor.volumeMgmt.imageTag }}" - - name: OPENEBS_IO_VOLUME_MONITOR_IMAGE - value: "{{ .Values.image.repository }}{{ .Values.policies.monitoring.image }}:{{ .Values.policies.monitoring.imageTag }}" - - name: OPENEBS_IO_CSTOR_POOL_EXPORTER_IMAGE - value: "{{ .Values.image.repository }}{{ .Values.policies.monitoring.image }}:{{ .Values.policies.monitoring.imageTag }}" - - name: OPENEBS_IO_HELPER_IMAGE - value: "{{ .Values.image.repository }}{{ .Values.helper.image }}:{{ .Values.helper.imageTag }}" - # OPENEBS_IO_ENABLE_ANALYTICS if set to true sends anonymous usage - # events to Google Analytics - - name: OPENEBS_IO_ENABLE_ANALYTICS - value: "{{ .Values.analytics.enabled }}" - # OPENEBS_IO_ANALYTICS_PING_INTERVAL can be used to specify the duration (in hours) - # for periodic ping events sent to Google Analytics. Default is 24 hours. - - name: OPENEBS_IO_ANALYTICS_PING_INTERVAL - value: "{{ .Values.analytics.pingInterval }}" - - name: OPENEBS_IO_INSTALLER_TYPE - value: "charts-helm" - # OPENEBS_IO_INSTALL_CRD environment variable is used to enable/disable CRD installation - # from Maya API server. By default the CRDs will be installed - - name: OPENEBS_IO_INSTALL_CRD - value: "{{ .Values.crd.enableInstall }}" - livenessProbe: - exec: - command: - - /usr/local/bin/mayactl - - version - initialDelaySeconds: {{ .Values.apiserver.healthCheck.initialDelaySeconds }} - periodSeconds: {{ .Values.apiserver.healthCheck.periodSeconds }} -{{- if .Values.apiserver.nodeSelector }} - nodeSelector: -{{ toYaml .Values.apiserver.nodeSelector | indent 8 }} -{{- end }} -{{- if .Values.apiserver.tolerations }} - tolerations: -{{ toYaml .Values.apiserver.tolerations | indent 8 }} -{{- end }} -{{- if .Values.apiserver.affinity }} - affinity: -{{ toYaml .Values.apiserver.affinity | indent 8 }} -{{- end }} -{{- end }} diff --git a/charts/openebs/openebs/2.11.0/templates/deployment-maya-provisioner.yaml b/charts/openebs/openebs/2.11.0/templates/deployment-maya-provisioner.yaml deleted file mode 100644 index 561d92342..000000000 --- a/charts/openebs/openebs/2.11.0/templates/deployment-maya-provisioner.yaml +++ /dev/null @@ -1,115 +0,0 @@ -{{- if .Values.provisioner.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "openebs.fullname" . }}-provisioner - labels: - app: {{ template "openebs.name" . }} - chart: {{ template "openebs.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - component: provisioner - name: openebs-provisioner - openebs.io/component-name: openebs-provisioner - openebs.io/version: {{ .Values.release.version }} -spec: - replicas: {{ .Values.provisioner.replicas }} - strategy: - type: "Recreate" - rollingUpdate: null - selector: - matchLabels: - app: {{ template "openebs.name" . }} - release: {{ .Release.Name }} - template: - metadata: - labels: - app: {{ template "openebs.name" . }} - release: {{ .Release.Name }} - component: provisioner - name: openebs-provisioner - openebs.io/component-name: openebs-provisioner - openebs.io/version: {{ .Values.release.version }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ template "openebs.serviceAccountName" . }} - containers: - - name: {{ template "openebs.name" . }}-provisioner - image: "{{ .Values.image.repository }}{{ .Values.provisioner.image }}:{{ .Values.provisioner.imageTag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} -{{- if .Values.provisioner.resources }} - resources: -{{ toYaml .Values.provisioner.resources | trimSuffix "\n" | indent 10 }} -{{- end }} - env: - # OPENEBS_IO_K8S_MASTER enables openebs provisioner to connect to K8s - # based on this address. This is ignored if empty. - # This is supported for openebs provisioner version 0.5.2 onwards - #- name: OPENEBS_IO_K8S_MASTER - # value: "http://10.128.0.12:8080" - # OPENEBS_IO_KUBE_CONFIG enables openebs provisioner to connect to K8s - # based on this config. This is ignored if empty. - # This is supported for openebs provisioner version 0.5.2 onwards - #- name: OPENEBS_IO_KUBE_CONFIG - # value: "/home/ubuntu/.kube/config" - # OPENEBS_NAMESPACE is the namespace that this provisioner will - # lookup to find maya api service - - name: OPENEBS_NAMESPACE - value: "{{ .Release.Namespace }}" - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - # OPENEBS_MAYA_SERVICE_NAME provides the maya-apiserver K8s service name, - # that provisioner should forward the volume create/delete requests. - # If not present, "maya-apiserver-service" will be used for lookup. - # This is supported for openebs provisioner version 0.5.3-RC1 onwards - - name: OPENEBS_MAYA_SERVICE_NAME - value: "{{ template "openebs.fullname" . }}-apiservice" - # LEADER_ELECTION_ENABLED is used to enable/disable leader election. By default - # leader election is enabled. - - name: LEADER_ELECTION_ENABLED - value: "{{ .Values.provisioner.enableLeaderElection }}" - # OPENEBS_IO_JIVA_PATCH_NODE_AFFINITY is used to enable/disable setting node affinity - # to the jiva replica deployments. Default is `enabled`. The valid values are - # `enabled` and `disabled`. - - name: OPENEBS_IO_JIVA_PATCH_NODE_AFFINITY - value: "{{ .Values.provisioner.patchJivaNodeAffinity }}" - # The following values will be set as annotations to the PV object. - # Refer : https://github.com/openebs/external-storage/pull/15 - #- name: OPENEBS_MONITOR_URL - # value: "{{ .Values.provisioner.monitorUrl }}" - #- name: OPENEBS_MONITOR_VOLKEY - # value: "{{ .Values.provisioner.monitorVolumeKey }}" - #- name: MAYA_PORTAL_URL - # value: "{{ .Values.provisioner.mayaPortalUrl }}" - # Process name used for matching is limited to the 15 characters - # present in the pgrep output. - # So fullname can't be used here with pgrep (>15 chars).A regular expression - # that matches the entire command name has to specified. - # Anchor `^` : matches any string that starts with `openebs-provis` - # `.*`: matches any string that has `openebs-provis` followed by zero or more char - livenessProbe: - exec: - command: - - sh - - -c - - test `pgrep -c "^openebs-provisi.*"` = 1 - initialDelaySeconds: {{ .Values.provisioner.healthCheck.initialDelaySeconds }} - periodSeconds: {{ .Values.provisioner.healthCheck.periodSeconds }} -{{- if .Values.provisioner.nodeSelector }} - nodeSelector: -{{ toYaml .Values.provisioner.nodeSelector | indent 8 }} -{{- end }} -{{- if .Values.provisioner.tolerations }} - tolerations: -{{ toYaml .Values.provisioner.tolerations | indent 8 }} -{{- end }} -{{- if .Values.provisioner.affinity }} - affinity: -{{ toYaml .Values.provisioner.affinity | indent 8 }} -{{- end }} -{{- end }} diff --git a/charts/openebs/openebs/2.11.0/templates/deployment-maya-snapshot-operator.yaml b/charts/openebs/openebs/2.11.0/templates/deployment-maya-snapshot-operator.yaml deleted file mode 100644 index 49c1a892a..000000000 --- a/charts/openebs/openebs/2.11.0/templates/deployment-maya-snapshot-operator.yaml +++ /dev/null @@ -1,147 +0,0 @@ -{{- if .Values.snapshotOperator.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "openebs.fullname" . }}-snapshot-operator - labels: - app: {{ template "openebs.name" . }} - chart: {{ template "openebs.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - component: snapshot-operator - openebs.io/component-name: openebs-snapshot-operator - openebs.io/version: {{ .Values.release.version }} -spec: - replicas: {{ .Values.snapshotOperator.replicas }} - selector: - matchLabels: - app: {{ template "openebs.name" . }} - release: {{ .Release.Name }} - strategy: - type: "Recreate" - rollingUpdate: null - template: - metadata: - labels: - app: {{ template "openebs.name" . }} - release: {{ .Release.Name }} - component: snapshot-operator - name: openebs-snapshot-operator - openebs.io/version: {{ .Values.release.version }} - openebs.io/component-name: openebs-snapshot-operator - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ template "openebs.serviceAccountName" . }} - containers: - - name: {{ template "openebs.name" . }}-snapshot-controller - image: "{{ .Values.image.repository }}{{ .Values.snapshotOperator.controller.image }}:{{ .Values.snapshotOperator.controller.imageTag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} -{{- if .Values.snapshotOperator.controller.resources }} - resources: -{{ toYaml .Values.snapshotOperator.controller.resources | trimSuffix "\n" | indent 10 }} -{{- end }} - env: - # OPENEBS_IO_K8S_MASTER enables openebs snapshot controller to connect to K8s - # based on this address. This is ignored if empty. - # This is supported for openebs snapshot controller version 0.6-RC1 onwards - #- name: OPENEBS_IO_K8S_MASTER - # value: "http://10.128.0.12:8080" - # OPENEBS_IO_KUBE_CONFIG enables openebs snapshot controller to connect to K8s - # based on this config. This is ignored if empty. - # This is supported for openebs snapshot controller version 0.6-RC1 onwards - #- name: OPENEBS_IO_KUBE_CONFIG - # value: "/home/ubuntu/.kube/config" - # OPENEBS_NAMESPACE is the namespace that this snapshot controller will - # lookup to find maya api service - - name: OPENEBS_NAMESPACE - value: "{{ .Release.Namespace }}" - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - # OPENEBS_MAYA_SERVICE_NAME provides the maya-apiserver K8s service name, - # that snapshot controller should forward the volume snapshot requests. - # If not present, "maya-apiserver-service" will be used for lookup. - # This is supported for openebs snapshot controller version 0.6-RC1 onwards - - name: OPENEBS_MAYA_SERVICE_NAME - value: "{{ template "openebs.fullname" . }}-apiservice" - # Process name used for matching is limited to the 15 characters - # present in the pgrep output. - # So fullname can't be used here with pgrep (>15 chars).A regular expression - # that matches the entire command name has to specified. - # Anchor `^` : matches any string that starts with `snapshot-contro` - # `.*`: matches any string that has `snapshot-contro` followed by zero or more char - livenessProbe: - exec: - command: - - sh - - -c - - test `pgrep -c "^snapshot-contro.*"` = 1 - initialDelaySeconds: {{ .Values.snapshotOperator.healthCheck.initialDelaySeconds }} - periodSeconds: {{ .Values.snapshotOperator.healthCheck.periodSeconds }} - - name: {{ template "openebs.name" . }}-snapshot-provisioner - image: "{{ .Values.image.repository }}{{ .Values.snapshotOperator.provisioner.image }}:{{ .Values.snapshotOperator.provisioner.imageTag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} -{{- if .Values.snapshotOperator.provisioner.resources }} - resources: -{{ toYaml .Values.snapshotOperator.provisioner.resources | trimSuffix "\n" | indent 10 }} -{{- end }} - env: - # OPENEBS_IO_K8S_MASTER enables openebs snapshot provisioner to connect to K8s - # based on this address. This is ignored if empty. - # This is supported for openebs snapshot provisioner version 0.6-RC1 onwards - #- name: OPENEBS_IO_K8S_MASTER - # value: "http://10.128.0.12:8080" - # OPENEBS_IO_KUBE_CONFIG enables openebs snapshot provisioner to connect to K8s - # based on this config. This is ignored if empty. - # This is supported for openebs snapshot provisioner version 0.6-RC1 onwards - #- name: OPENEBS_IO_KUBE_CONFIG - # value: "/home/ubuntu/.kube/config" - # OPENEBS_NAMESPACE is the namespace that this snapshot provisioner will - # lookup to find maya api service - - name: OPENEBS_NAMESPACE - value: "{{ .Release.Namespace }}" - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - # OPENEBS_MAYA_SERVICE_NAME provides the maya-apiserver K8s service name, - # that snapshot provisioner should forward the volume snapshot PV requests. - # If not present, "maya-apiserver-service" will be used for lookup. - # This is supported for openebs snapshot provisioner version 0.6-RC1 onwards - - name: OPENEBS_MAYA_SERVICE_NAME - value: "{{ template "openebs.fullname" . }}-apiservice" - # LEADER_ELECTION_ENABLED is used to enable/disable leader election. By default - # leader election is enabled. - - name: LEADER_ELECTION_ENABLED - value: "{{ .Values.snapshotOperator.enableLeaderElection }}" - # Process name used for matching is limited to the 15 characters - # present in the pgrep output. - # So fullname can't be used here with pgrep (>15 chars).A regular expression - # that matches the entire command name has to specified. - # Anchor `^` : matches any string that starts with `snapshot-provis` - # `.*`: matches any string that has `snapshot-provis` followed by zero or more char - livenessProbe: - exec: - command: - - sh - - -c - - test `pgrep -c "^snapshot-provis.*"` = 1 - initialDelaySeconds: {{ .Values.snapshotOperator.healthCheck.initialDelaySeconds }} - periodSeconds: {{ .Values.snapshotOperator.healthCheck.periodSeconds }} -{{- if .Values.snapshotOperator.nodeSelector }} - nodeSelector: -{{ toYaml .Values.snapshotOperator.nodeSelector | indent 8 }} -{{- end }} -{{- if .Values.snapshotOperator.tolerations }} - tolerations: -{{ toYaml .Values.snapshotOperator.tolerations | indent 8 }} -{{- end }} -{{- if .Values.snapshotOperator.affinity }} - affinity: -{{ toYaml .Values.snapshotOperator.affinity | indent 8 }} -{{- end }} -{{- end }} diff --git a/charts/openebs/openebs/2.11.0/templates/deployment-ndm-operator.yaml b/charts/openebs/openebs/2.11.0/templates/deployment-ndm-operator.yaml deleted file mode 100644 index bc5edf1d6..000000000 --- a/charts/openebs/openebs/2.11.0/templates/deployment-ndm-operator.yaml +++ /dev/null @@ -1,89 +0,0 @@ -{{- if .Values.ndmOperator.enabled }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "openebs.fullname" . }}-ndm-operator - labels: - app: {{ template "openebs.name" . }} - chart: {{ template "openebs.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - component: ndm-operator - openebs.io/component-name: ndm-operator - openebs.io/version: {{ .Values.release.version }} - name: ndm-operator -spec: - replicas: {{ .Values.ndmOperator.replicas }} - strategy: - type: "Recreate" - rollingUpdate: null - selector: - matchLabels: - app: {{ template "openebs.name" . }} - release: {{ .Release.Name }} - template: - metadata: - labels: - app: {{ template "openebs.name" . }} - release: {{ .Release.Name }} - component: ndm-operator - name: ndm-operator - openebs.io/component-name: ndm-operator - openebs.io/version: {{ .Values.release.version }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ template "openebs.serviceAccountName" . }} - containers: - - name: {{ template "openebs.fullname" . }}-ndm-operator - image: "{{ .Values.image.repository }}{{ .Values.ndmOperator.image }}:{{ .Values.ndmOperator.imageTag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} -{{- if .Values.ndmOperator.resources }} - resources: -{{ toYaml .Values.ndmOperator.resources | trimSuffix "\n" | indent 10 }} -{{- end }} - livenessProbe: - httpGet: - path: /healthz - port: 8585 - initialDelaySeconds: {{ .Values.ndmOperator.healthCheck.initialDelaySeconds }} - periodSeconds: {{ .Values.ndmOperator.healthCheck.periodSeconds }} - readinessProbe: - httpGet: - path: /readyz - port: 8585 - initialDelaySeconds: {{ .Values.ndmOperator.readinessCheck.initialDelaySeconds }} - periodSeconds: {{ .Values.ndmOperator.readinessCheck.periodSeconds }} - env: - - name: WATCH_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: OPERATOR_NAME - value: "node-disk-operator" - - name: CLEANUP_JOB_IMAGE - value: "{{ .Values.image.repository }}{{ .Values.helper.image }}:{{ .Values.helper.imageTag }}" -{{- if .Values.imagePullSecrets }} - - name: OPENEBS_IO_IMAGE_PULL_SECRETS - value: "{{- range $index, $secret := .Values.imagePullSecrets}}{{if $index}},{{end}}{{ $secret.name }}{{- end}}" -{{- end }} -{{- if .Values.ndmOperator.nodeSelector }} - nodeSelector: -{{ toYaml .Values.ndmOperator.nodeSelector | indent 8 }} -{{- end }} -{{- if .Values.ndmOperator.tolerations }} - tolerations: -{{ toYaml .Values.ndmOperator.tolerations | indent 8 }} -{{- end }} -{{- end }} diff --git a/charts/openebs/openebs/2.11.0/templates/psp-clusterrole.yaml b/charts/openebs/openebs/2.11.0/templates/psp-clusterrole.yaml deleted file mode 100644 index a6c4807dd..000000000 --- a/charts/openebs/openebs/2.11.0/templates/psp-clusterrole.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if and .Values.rbac.create .Values.rbac.pspEnabled }} -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ template "openebs.fullname" . }}-psp - labels: - app: {{ template "openebs.name" . }} -rules: -- apiGroups: ['extensions'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "openebs.fullname" . }}-psp -{{- end }} diff --git a/charts/openebs/openebs/2.11.0/templates/psp-clusterrolebinding.yaml b/charts/openebs/openebs/2.11.0/templates/psp-clusterrolebinding.yaml deleted file mode 100644 index 5a4205877..000000000 --- a/charts/openebs/openebs/2.11.0/templates/psp-clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and .Values.rbac.create .Values.rbac.pspEnabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "openebs.fullname" . }}-psp - labels: - app: {{ template "openebs.name" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "openebs.fullname" . }}-psp -subjects: - - kind: ServiceAccount - name: {{ template "openebs.serviceAccountName" . }} - namespace: {{ $.Release.Namespace }} -{{- end }} - diff --git a/charts/openebs/openebs/2.11.0/templates/psp.yaml b/charts/openebs/openebs/2.11.0/templates/psp.yaml deleted file mode 100644 index 0442f0e5d..000000000 --- a/charts/openebs/openebs/2.11.0/templates/psp.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{- if and .Values.rbac.create .Values.rbac.pspEnabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "openebs.fullname" . }}-psp - namespace: {{ $.Release.Namespace }} - labels: - app: {{ template "openebs.name" . }} -spec: - privileged: true - allowPrivilegeEscalation: true - allowedCapabilities: ['*'] - volumes: ['*'] - hostNetwork: true - hostPorts: - - min: 0 - max: 65535 - hostIPC: true - hostPID: true - runAsUser: - rule: 'RunAsAny' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'RunAsAny' - fsGroup: - rule: 'RunAsAny' -{{- end }} diff --git a/charts/openebs/openebs/2.11.0/templates/service-maya-apiserver.yaml b/charts/openebs/openebs/2.11.0/templates/service-maya-apiserver.yaml deleted file mode 100644 index d44bcb0f8..000000000 --- a/charts/openebs/openebs/2.11.0/templates/service-maya-apiserver.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.apiserver.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "openebs.fullname" . }}-apiservice - labels: - app: {{ template "openebs.name" . }} - chart: {{ template "openebs.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - openebs.io/component-name: maya-apiserver-svc -spec: - ports: - - name: api - port: {{ .Values.apiserver.ports.externalPort }} - targetPort: {{ .Values.apiserver.ports.internalPort }} - protocol: TCP - selector: - app: {{ template "openebs.name" . }} - release: {{ .Release.Name }} - component: apiserver - sessionAffinity: None -{{- end }} diff --git a/charts/openebs/openebs/2.11.0/templates/serviceaccount.yaml b/charts/openebs/openebs/2.11.0/templates/serviceaccount.yaml deleted file mode 100644 index 31a500455..000000000 --- a/charts/openebs/openebs/2.11.0/templates/serviceaccount.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if .Values.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "openebs.serviceAccountName" . }} - labels: - app: {{ template "openebs.name" . }} - chart: {{ template "openebs.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -{{- end }} diff --git a/charts/openebs/openebs/2.11.0/values.yaml b/charts/openebs/openebs/2.11.0/values.yaml deleted file mode 100644 index 86e79168b..000000000 --- a/charts/openebs/openebs/2.11.0/values.yaml +++ /dev/null @@ -1,604 +0,0 @@ -# Default values for openebs. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -rbac: - # Specifies whether RBAC resources should be created - create: true - pspEnabled: false - -serviceAccount: - create: true - name: - -imagePullSecrets: [] - # - name: image-pull-secret - -release: - # "openebs.io/version" label for control plane components - version: "2.11.0" - -image: - pullPolicy: IfNotPresent - repository: "" - -apiserver: - enabled: true - image: "openebs/m-apiserver" - imageTag: "2.11.0" - replicas: 1 - ports: - externalPort: 5656 - internalPort: 5656 - sparse: - enabled: "false" - nodeSelector: {} - tolerations: [] - affinity: {} - healthCheck: - initialDelaySeconds: 30 - periodSeconds: 60 - ## apiserver resource requests and limits - ## Reference: http://kubernetes.io/docs/user-guide/compute-resources/ - resources: {} - # limits: - # cpu: 1000m - # memory: 2Gi - # requests: - # cpu: 500m - # memory: 1Gi - - -defaultStorageConfig: - enabled: "true" - -# Directory used by the OpenEBS to store debug information and so forth -# that are generated in the course of running OpenEBS containers. -varDirectoryPath: - baseDir: "/var/openebs" - -provisioner: - enabled: true - image: "openebs/openebs-k8s-provisioner" - imageTag: "2.11.0" - replicas: 1 - enableLeaderElection: true - patchJivaNodeAffinity: enabled - nodeSelector: {} - tolerations: [] - affinity: {} - healthCheck: - initialDelaySeconds: 30 - periodSeconds: 60 - ## provisioner resource requests and limits - ## Reference: http://kubernetes.io/docs/user-guide/compute-resources/ - resources: {} - # limits: - # cpu: 1000m - # memory: 2Gi - # requests: - # cpu: 500m - # memory: 1Gi - -# If you want to enable local pv as a dependency chart then set -# `localprovisioner.enabled: false` and enable it as dependency chart. -# If you are using custom configuration then update those configuration -# under `localpv-provisioner` key. -localprovisioner: - enabled: true - image: "openebs/provisioner-localpv" - imageTag: "2.11.0" - replicas: 1 - enableLeaderElection: true - basePath: "/var/openebs/local" - nodeSelector: {} - tolerations: [] - affinity: {} - healthCheck: - initialDelaySeconds: 30 - periodSeconds: 60 - ## localprovisioner resource requests and limits - ## Reference: http://kubernetes.io/docs/user-guide/compute-resources/ - resources: {} - # limits: - # cpu: 1000m - # memory: 2Gi - # requests: - # cpu: 500m - # memory: 1Gi - -snapshotOperator: - enabled: true - controller: - image: "openebs/snapshot-controller" - imageTag: "2.11.0" - ## snapshot controller resource requests and limits - ## Reference: http://kubernetes.io/docs/user-guide/compute-resources/ - resources: {} - # limits: - # cpu: 1000m - # memory: 2Gi - # requests: - # cpu: 500m - # memory: 1Gi - provisioner: - image: "openebs/snapshot-provisioner" - imageTag: "2.11.0" - ## snapshot provisioner resource requests and limits - ## Reference: http://kubernetes.io/docs/user-guide/compute-resources/ - resources: {} - # limits: - # cpu: 1000m - # memory: 2Gi - # requests: - # cpu: 500m - # memory: 1Gi - replicas: 1 - enableLeaderElection: true - upgradeStrategy: "Recreate" - nodeSelector: {} - tolerations: [] - affinity: {} - healthCheck: - initialDelaySeconds: 30 - periodSeconds: 60 - -# If you want to enable openebs as a dependency chart then set `ndm.enabled: false`, -# `ndmOperator.enabled: false` and enable it as dependency chart. If you are using -# custom configuration then update those configuration under `openebs-ndm` key. -ndm: - enabled: true - image: "openebs/node-disk-manager" - imageTag: "1.6.0" - sparse: - path: "/var/openebs/sparse" - size: "10737418240" - count: "0" - filters: - enableOsDiskExcludeFilter: true - osDiskExcludePaths: "/,/etc/hosts,/boot" - enableVendorFilter: true - excludeVendors: "CLOUDBYT,OpenEBS" - enablePathFilter: true - includePaths: "" - excludePaths: "/dev/loop,/dev/fd0,/dev/sr0,/dev/ram,/dev/dm-,/dev/md,/dev/rbd,/dev/zd" - probes: - enableSeachest: false - nodeSelector: {} - tolerations: [] - healthCheck: - initialDelaySeconds: 30 - periodSeconds: 60 - ## ndm resource requests and limits - ## Reference: http://kubernetes.io/docs/user-guide/compute-resources/ - resources: {} - # limits: - # cpu: 1000m - # memory: 2Gi - # requests: - # cpu: 500m - # memory: 1Gi - -# If you want to enable openebs as a dependency chart then set `ndm.enabled: false`, -# `ndmOperator.enabled: false` and enable it as dependency chart. If you are using -# custom configuration then update those configuration under `openebs-ndm` key. -ndmOperator: - enabled: true - image: "openebs/node-disk-operator" - imageTag: "1.6.0" - replicas: 1 - upgradeStrategy: Recreate - nodeSelector: {} - tolerations: [] - healthCheck: - initialDelaySeconds: 15 - periodSeconds: 20 - readinessCheck: - initialDelaySeconds: 5 - periodSeconds: 10 - ## ndmOperator resource requests and limits - ## Reference: http://kubernetes.io/docs/user-guide/compute-resources/ - resources: {} - # limits: - # cpu: 1000m - # memory: 2Gi - # requests: - # cpu: 500m - # memory: 1Gi - -webhook: - enabled: true - image: "openebs/admission-server" - imageTag: "2.11.0" - failurePolicy: "Fail" - replicas: 1 - healthCheck: - initialDelaySeconds: 30 - periodSeconds: 60 - nodeSelector: {} - tolerations: [] - affinity: {} - hostNetwork: false - ## admission-server resource requests and limits - ## Reference: http://kubernetes.io/docs/user-guide/compute-resources/ - resources: {} - # limits: - # cpu: 500m - # memory: 1Gi - # requests: - # cpu: 250m - # memory: 500Mi - -# If you are migrating from 2.x to 3.x and if you are using custom values -# then put this configuration under `localpv-provisioner` and `openebs-ndm` key. -helper: - image: "openebs/linux-utils" - imageTag: "2.11.0" - -# These are ndm related configuration. If you want to enable openebs as a dependency -# chart then set `ndm.enabled: false`, `ndmOperator.enabled: false` and enable it as -# dependency chart. If you are using custom configuration then update those configuration -# under `openebs-ndm` key. -featureGates: - enabled: true - GPTBasedUUID: - enabled: true - featureGateFlag: "GPTBasedUUID" - APIService: - enabled: false - featureGateFlag: "APIService" - address: "0.0.0.0:9115" - UseOSDisk: - enabled: false - featureGateFlag: "UseOSDisk" - MountChangeDetection: - enabled: false - featureGateFlag: "MountChangeDetection" - -crd: - enableInstall: true - -# If you are migrating from 2.x to 3.x and if you are using custom values -# then put these configuration under `cstor` key. -policies: - monitoring: - enabled: true - image: "openebs/m-exporter" - imageTag: "2.11.0" - -analytics: - enabled: true - # Specify in hours the duration after which a ping event needs to be sent. - pingInterval: "24h" - -jiva: - - # non csi configuration - image: "openebs/jiva" - imageTag: "2.11.0" - replicas: 3 - defaultStoragePath: "/var/openebs" - - # jiva csi driver configuration - # do not enable or configure any sub dependency here - # only jiva csi related settings can be added here - # ref - https://openebs.github.io/jiva-operator - - # jiva chart dependency tree is here - - # jiva - # | - localpv-provisioner - # | | - openebs-ndm - - # Enable localpv-provisioner and openebs-ndm as root dependency not as - # sub dependency. - # openebs - # | - jiva(enable) - # | | - localpv-provisioner(disable) - # | | | - openebs-ndm(disable) - # | - localpv-provisioner(enable) - # | - openebs-ndm(enable) - - enabled: false - openebsLocalpv: - enabled: false - localpv-provisioner: - openebsNDM: - enabled: false - - # Sample configuration if you want to configure jiva csi driver with custom values. - # This is a small part of the full configuration. Full configuration available - # here - https://openebs.github.io/jiva-operator - -# rbac: -# create: true -# pspEnabled: false -# -# jivaOperator: -# controller: -# image: -# registry: quay.io/ -# repository: openebs/jiva -# tag: 2.11.0 -# replica: -# image: -# registry: quay.io/ -# repository: openebs/jiva -# tag: 2.11.0 -# image: -# registry: quay.io/ -# repository: openebs/jiva-operator -# pullPolicy: IfNotPresent -# tag: 2.11.0 -# -# jivaCSIPlugin: -# remount: "true" -# image: -# registry: quay.io/ -# repository: openebs/jiva-csi -# pullPolicy: IfNotPresent -# tag: 2.11.0 - -cstor: - - # non csi configuration - pool: - image: "openebs/cstor-pool" - imageTag: "2.11.0" - poolMgmt: - image: "openebs/cstor-pool-mgmt" - imageTag: "2.11.0" - target: - image: "openebs/cstor-istgt" - imageTag: "2.11.0" - volumeMgmt: - image: "openebs/cstor-volume-mgmt" - imageTag: "2.11.0" - - # cstor csi driver configuration - # do not enable or configure any sub dependency here - # only cstor csi related settings can be added here - # ref - https://openebs.github.io/cstor-operators - - # cstor chart dependency tree is here - - # cstor - # | - openebs-ndm - - # Enable openebs-ndm as root dependency not as sub dependency. - # openebs - # | - cstor(enable) - # | | - openebs-ndm(disable) - # | - openebs-ndm(enable) - enabled: false - openebsNDM: - enabled: false - - # Sample configuration if you want to configure cstor csi driver with custom values. - # This is a small part of the full configuration. Full configuration available - # here - https://openebs.github.io/cstor-operators - -# imagePullSecrets: [] -# -# rbac: -# create: true -# pspEnabled: false -# -# cspcOperator: -# poolManager: -# image: -# registry: quay.io/ -# repository: openebs/cstor-pool-manager -# tag: 2.11.0 -# cstorPool: -# image: -# registry: quay.io/ -# repository: openebs/cstor-pool -# tag: 2.11.0 -# cstorPoolExporter: -# image: -# registry: quay.io/ -# repository: openebs/m-exporter -# tag: 2.11.0 -# image: -# registry: quay.io/ -# repository: openebs/cspc-operator -# pullPolicy: IfNotPresent -# tag: 2.11.0 -# -# cvcOperator: -# target: -# image: -# registry: quay.io/ -# repository: openebs/cstor-istgt -# tag: 2.11.0 -# volumeMgmt: -# image: -# registry: quay.io/ -# repository: openebs/cstor-volume-manager -# tag: 2.11.0 -# volumeExporter: -# image: -# registry: quay.io/ -# repository: openebs/m-exporter -# tag: 2.11.0 -# image: -# registry: quay.io/ -# repository: openebs/cvc-operator -# pullPolicy: IfNotPresent -# tag: 2.11.0 -# -# cstorCSIPlugin: -# image: -# registry: quay.io/ -# repository: openebs/cstor-csi-driver -# pullPolicy: IfNotPresent -# tag: 2.11.0 -# -# admissionServer: -# componentName: cstor-admission-webhook -# image: -# registry: quay.io/ -# repository: openebs/cstor-webhook -# pullPolicy: IfNotPresent -# tag: 2.11.0 - -# ndm configuration goes here -# https://openebs.github.io/node-disk-manager -openebs-ndm: - enabled: false - - # Sample configuration if you want to configure openebs ndm with custom values. - # This is a small part of the full configuration. Full configuration available - # here - https://openebs.github.io/node-disk-manager - -# imagePullSecrets: [] -# -# ndm: -# image: -# registry: quay.io/ -# repository: openebs/node-disk-manager -# pullPolicy: IfNotPresent -# tag: 1.6.0 -# sparse: -# path: "/var/openebs/sparse" -# size: "10737418240" -# count: "0" -# filters: -# enableOsDiskExcludeFilter: true -# osDiskExcludePaths: "/,/etc/hosts,/boot" -# enableVendorFilter: true -# excludeVendors: "CLOUDBYT,OpenEBS" -# enablePathFilter: true -# includePaths: "" -# excludePaths: "loop,fd0,sr0,/dev/ram,/dev/dm-,/dev/md,/dev/rbd,/dev/zd" -# probes: -# enableSeachest: false -# enableUdevProbe: true -# enableSmartProbe: true -# -# ndmOperator: -# image: -# registry: quay.io/ -# repository: openebs/node-disk-operator -# pullPolicy: IfNotPresent -# tag: 1.6.0 -# -# helperPod: -# image: -# registry: quay.io/ -# repository: openebs/linux-utils -# pullPolicy: IfNotPresent -# tag: 2.11.0 -# -# featureGates: -# enabled: true -# GPTBasedUUID: -# enabled: true -# featureGateFlag: "GPTBasedUUID" -# APIService: -# enabled: true -# featureGateFlag: "APIService" -# address: "0.0.0.0:9115" -# UseOSDisk: -# enabled: false -# featureGateFlag: "UseOSDisk" -# -# varDirectoryPath: -# baseDir: "/var/openebs" - - # local pv provisioner configuration goes here - # do not enable or configure any sub dependency here - # ref - https://openebs.github.io/dynamic-localpv-provisioner - - # local pv chart dependency tree is here - - # localpv-provisioner - # | - openebs-ndm - - # Enable openebs-ndm as root dependency not as sub dependency. - # openebs - # | - localpv-provisioner(enable) - # | | - openebs-ndm(disable) - # | - openebs-ndm(enable) -localpv-provisioner: - enabled: false - openebsNDM: - enabled: false - - # Sample configuration if you want to configure openebs locapv with custom values. - # This is a small part of the full configuration. Full configuration available - # here - https://openebs.github.io/dynamic-localpv-provisioner - -# imagePullSecrets: [] -# -# rbac: -# create: true -# pspEnabled: false -# -# localpv: -# image: -# registry: quay.io/ -# repository: openebs/provisioner-localpv -# tag: 2.11.0 -# pullPolicy: IfNotPresent -# healthCheck: -# initialDelaySeconds: 30 -# periodSeconds: 60 -# replicas: 1 -# enableLeaderElection: true -# basePath: "/var/openebs/local" -# -# helperPod: -# image: -# registry: quay.io/ -# repository: openebs/linux-utils -# pullPolicy: IfNotPresent -# tag: 2.11.0 - -# zfs local pv configuration goes here -# ref - https://openebs.github.io/zfs-localpv -zfs-localpv: - enabled: false - - # Sample configuration if you want to configure zfs locapv with custom values. - # This is a small part of the full configuration. Full configuration available - # here - https://openebs.github.io/zfs-localpv - -# imagePullSecrets: [] -# -# rbac: -# pspEnabled: false -# -# zfsPlugin: -# image: -# registry: quay.io/ -# repository: openebs/zfs-driver -# pullPolicy: IfNotPresent -# tag: 1.9.0 - -# lvm local pv configuration goes here -# ref - https://openebs.github.io/lvm-localpv -lvm-localpv: - enabled: false - - # Sample configuration if you want to configure lvm locapv with custom values. - # This is a small part of the full configuration. Full configuration available - # here - https://openebs.github.io/lvm-localpv - -# imagePullSecrets: [] -# -# rbac: -# pspEnabled: false -# -# lvmPlugin: -# image: -# registry: quay.io/ -# repository: openebs/lvm-driver -# pullPolicy: IfNotPresent -# tag: 0.7.0 - -cleanup: - image: - # Make sure that registry name end with a '/'. - # For example : quay.io/ is a correct value here and quay.io is incorrect - registry: - repository: bitnami/kubectl - tag: diff --git a/charts/portshift-operator/portshift-operator/0.1.0/.helmignore b/charts/portshift-operator/portshift-operator/0.1.0/.helmignore deleted file mode 100644 index 0e8a0eb36..000000000 --- a/charts/portshift-operator/portshift-operator/0.1.0/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/portshift-operator/portshift-operator/0.1.0/Chart.yaml b/charts/portshift-operator/portshift-operator/0.1.0/Chart.yaml deleted file mode 100644 index af5287d0f..000000000 --- a/charts/portshift-operator/portshift-operator/0.1.0/Chart.yaml +++ /dev/null @@ -1,23 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: portshift-operator -apiVersion: v1 -appVersion: v0.1.3 -description: | - Portshift cloud-native security platform is an agentless security solution for containerized applications -home: https://www.portshift.io/ -icon: https://www.portshift.io/wp-content/uploads/2019/10/portshift-logo-68.png -keywords: -- portshift -- operator -- monitoring -- security -- alerting -- metric -- troubleshooting -- run-time -maintainers: -- email: idan@portshift.io - name: idan -name: portshift-operator -version: 0.1.0 diff --git a/charts/portshift-operator/portshift-operator/0.1.0/README.md b/charts/portshift-operator/portshift-operator/0.1.0/README.md deleted file mode 100644 index 80073c37f..000000000 --- a/charts/portshift-operator/portshift-operator/0.1.0/README.md +++ /dev/null @@ -1,5 +0,0 @@ -# Portshift Operator - -Please [contact us](https://www.portshift.io/contact-us/) to get installation instructions. - -This Helm Chart requires Helm 3. diff --git a/charts/portshift-operator/portshift-operator/0.1.0/app-readme.md b/charts/portshift-operator/portshift-operator/0.1.0/app-readme.md deleted file mode 100644 index 2dafd7ac4..000000000 --- a/charts/portshift-operator/portshift-operator/0.1.0/app-readme.md +++ /dev/null @@ -1,5 +0,0 @@ -Portshift cloud-native security platform is an agentless security solution for containerized applications. - -Portshift provides a real-time Kubernetes container security solution that addresses images, containers and cluster resources security. Detecting images vulnerabilities, pods misconfiguration, overly permissive roles and clusters misconfiguration and threats. - -Portshift security platform leverages service mesh to enable unmatched network security enforcement tools that simplifies the implementation of zero trust security model in Kubernetes clusters, complemented by declarative security policies cluster entities visualisation. \ No newline at end of file diff --git a/charts/portshift-operator/portshift-operator/0.1.0/crds/crd.yaml b/charts/portshift-operator/portshift-operator/0.1.0/crds/crd.yaml deleted file mode 100644 index adf76f92d..000000000 --- a/charts/portshift-operator/portshift-operator/0.1.0/crds/crd.yaml +++ /dev/null @@ -1,53 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: portshiftinstallers.portshift.io - labels: - app: portshift-operator -spec: - group: portshift.io - names: - kind: PortshiftInstaller - listKind: PortshiftInstallerList - plural: portshiftinstallers - singular: portshiftinstaller - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: PortshiftInstaller is the Schema for the portshiftinstallers API - properties: - apiVersion: - description: APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info in https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info in https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: PortshiftInstallerSpec defines the desired state of PortshiftInstaller - properties: - portshiftClusterId: - description: Portshift cluster id as specified in Portshift console - type: string - managementUrl: - description: Portshift console URL - type: string - required: - - portshiftClusterId - - managementUrl - type: object - status: - description: Place holder for future use. - properties: - phase: - type: string - type: object - type: object - version: v1 - versions: - - name: v1 - served: true - storage: true diff --git a/charts/portshift-operator/portshift-operator/0.1.0/questions.yaml b/charts/portshift-operator/portshift-operator/0.1.0/questions.yaml deleted file mode 100644 index c08055359..000000000 --- a/charts/portshift-operator/portshift-operator/0.1.0/questions.yaml +++ /dev/null @@ -1,60 +0,0 @@ -questions: -#operator image configurations -- variable: defaultImage - default: true - description: "Use default Portshift operator image or specify a custom one" - label: Use Default Portshift Image - type: boolean - show_subquestion_if: false - group: "Operator Container Images" - subquestions: - - variable: operator.image.repository - default: "gcr.io/development-infra-208909/k8s_operator" - description: "Portshift Operator Image Name" - type: string - label: Portshift Operator Image Name - - variable: operator.image.tag - default: "v0.1.3" - description: "Portshift Operator Image Tag" - type: string - label: Portshift Operator Image Tag - - variable: operator.image.pullPolicy - default: "IfNotPresent" - description: "Portshift Operator Image Pull Policy" - type: string - label: Portshift Operator Image Pull Policy -#operator access configurations -- variable: operator.secret.accessKey - default: "" - description: "Operator access key retrieved from Portshift console" - type: string - required: true - label: Portshift Operator Access Key - group: "Operator Access Configuration" -- variable: operator.secret.secretKey - default: "" - description: "Operator secret key retrieved from Portshift console" - type: string - required: true - label: Portshift Operator Secret Key - group: "Operator Access Configuration" -- variable: defaultMgmtUrl - default: true - description: "Use default Portshift console url or specify a custom one" - label: Use Default Portshift Url - type: boolean - show_subquestion_if: false - group: "Operator Access Configuration" - subquestions: - - variable: operator.portshiftinstaller.managementUrl - default: "console.portshift.io" - description: "Portshift Console Url" - type: string - label: Portshift Console Url -- variable: operator.portshiftinstaller.portshiftClusterId - default: "" - description: "Cluster id definition retrieved from Portshift console" - type: string - required: true - label: Portshift Cluster ID - group: "Operator Access Configuration" diff --git a/charts/portshift-operator/portshift-operator/0.1.0/templates/_helpers.tpl b/charts/portshift-operator/portshift-operator/0.1.0/templates/_helpers.tpl deleted file mode 100644 index 96fb234df..000000000 --- a/charts/portshift-operator/portshift-operator/0.1.0/templates/_helpers.tpl +++ /dev/null @@ -1,45 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "portshift-operator.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "portshift-operator.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "portshift-operator.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "portshift-operator.labels" -}} -app.kubernetes.io/name: {{ include "portshift-operator.name" . }} -helm.sh/chart: {{ include "portshift-operator.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} - diff --git a/charts/portshift-operator/portshift-operator/0.1.0/templates/clusterrolebinding.yaml b/charts/portshift-operator/portshift-operator/0.1.0/templates/clusterrolebinding.yaml deleted file mode 100644 index 9421465ea..000000000 --- a/charts/portshift-operator/portshift-operator/0.1.0/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: portshift-operator - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "portshift-operator.name" . }} - chart: {{ template "portshift-operator.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-admin -subjects: -- kind: ServiceAccount - name: portshift-operator - namespace: {{ .Release.Namespace }} diff --git a/charts/portshift-operator/portshift-operator/0.1.0/templates/deployment.yaml b/charts/portshift-operator/portshift-operator/0.1.0/templates/deployment.yaml deleted file mode 100644 index 4fc8aacfe..000000000 --- a/charts/portshift-operator/portshift-operator/0.1.0/templates/deployment.yaml +++ /dev/null @@ -1,41 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: portshift-operator - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "portshift-operator.name" . }} - chart: {{ template "portshift-operator.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - replicas: 1 - selector: - matchLabels: - app: {{ template "portshift-operator.name" . }} - template: - metadata: - labels: - app: {{ template "portshift-operator.name" . }} - chart: {{ template "portshift-operator.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - serviceAccountName: portshift-operator - containers: - - name: portshift-operator - image: "{{ .Values.operator.image.repository }}:{{ .Values.operator.image.tag }}" - command: - - portshift-operator - imagePullPolicy: "{{ .Values.operator.image.pullPolicy }}" - env: - - name: WATCH_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: OPERATOR_NAME - value: portshift-operator diff --git a/charts/portshift-operator/portshift-operator/0.1.0/templates/portshiftinstaller.yaml b/charts/portshift-operator/portshift-operator/0.1.0/templates/portshiftinstaller.yaml deleted file mode 100644 index 1cec0ff15..000000000 --- a/charts/portshift-operator/portshift-operator/0.1.0/templates/portshiftinstaller.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: portshift.io/v1 -kind: PortshiftInstaller -metadata: - name: portshiftinstaller - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "portshift-operator.name" . }} - chart: {{ template "portshift-operator.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - managementUrl: {{ .Values.operator.portshiftinstaller.managementUrl }} - portshiftClusterId: {{ .Values.operator.portshiftinstaller.portshiftClusterId }} diff --git a/charts/portshift-operator/portshift-operator/0.1.0/templates/secret.yaml b/charts/portshift-operator/portshift-operator/0.1.0/templates/secret.yaml deleted file mode 100644 index 24064d7f1..000000000 --- a/charts/portshift-operator/portshift-operator/0.1.0/templates/secret.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: portshift-operator-secret - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "portshift-operator.name" . }} - chart: {{ template "portshift-operator.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -type: Opaque -data: - accessKey: {{ required "A valid .Values.operator.secret.accessKey is required" .Values.operator.secret.accessKey | b64enc | quote }} - secretKey: {{ required "A valid .Values.operator.secret.secretKey is required" .Values.operator.secret.secretKey | b64enc | quote }} diff --git a/charts/portshift-operator/portshift-operator/0.1.0/templates/serviceaccount.yaml b/charts/portshift-operator/portshift-operator/0.1.0/templates/serviceaccount.yaml deleted file mode 100644 index 0604efeb6..000000000 --- a/charts/portshift-operator/portshift-operator/0.1.0/templates/serviceaccount.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: portshift-operator - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "portshift-operator.name" . }} - chart: {{ template "portshift-operator.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/portshift-operator/portshift-operator/0.1.0/values.yaml b/charts/portshift-operator/portshift-operator/0.1.0/values.yaml deleted file mode 100644 index 438fa39e8..000000000 --- a/charts/portshift-operator/portshift-operator/0.1.0/values.yaml +++ /dev/null @@ -1,11 +0,0 @@ -operator: - image: - repository: gcr.io/development-infra-208909/k8s_operator - tag: v0.1.3 - pullPolicy: IfNotPresent - secret: - accessKey: "" - secretKey: "" - portshiftinstaller: - managementUrl: console.portshift.io - portshiftClusterId: "" diff --git a/charts/portshift-operator/portshift-operator/0.1.000/.helmignore b/charts/portshift-operator/portshift-operator/0.1.000/.helmignore deleted file mode 100755 index 0e8a0eb36..000000000 --- a/charts/portshift-operator/portshift-operator/0.1.000/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/portshift-operator/portshift-operator/0.1.000/Chart.yaml b/charts/portshift-operator/portshift-operator/0.1.000/Chart.yaml deleted file mode 100755 index 82b157203..000000000 --- a/charts/portshift-operator/portshift-operator/0.1.000/Chart.yaml +++ /dev/null @@ -1,23 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: portshift-operator -apiVersion: v1 -appVersion: v0.1.3 -description: | - Portshift cloud-native security platform is an agentless security solution for containerized applications -home: https://www.portshift.io/ -icon: https://www.portshift.io/wp-content/uploads/2019/10/portshift-logo-68.png -keywords: -- portshift -- operator -- monitoring -- security -- alerting -- metric -- troubleshooting -- run-time -maintainers: -- email: idan@portshift.io - name: idan -name: portshift-operator -version: 0.1.000 diff --git a/charts/portshift-operator/portshift-operator/0.1.000/README.md b/charts/portshift-operator/portshift-operator/0.1.000/README.md deleted file mode 100755 index 80073c37f..000000000 --- a/charts/portshift-operator/portshift-operator/0.1.000/README.md +++ /dev/null @@ -1,5 +0,0 @@ -# Portshift Operator - -Please [contact us](https://www.portshift.io/contact-us/) to get installation instructions. - -This Helm Chart requires Helm 3. diff --git a/charts/portshift-operator/portshift-operator/0.1.000/app-readme.md b/charts/portshift-operator/portshift-operator/0.1.000/app-readme.md deleted file mode 100755 index 2dafd7ac4..000000000 --- a/charts/portshift-operator/portshift-operator/0.1.000/app-readme.md +++ /dev/null @@ -1,5 +0,0 @@ -Portshift cloud-native security platform is an agentless security solution for containerized applications. - -Portshift provides a real-time Kubernetes container security solution that addresses images, containers and cluster resources security. Detecting images vulnerabilities, pods misconfiguration, overly permissive roles and clusters misconfiguration and threats. - -Portshift security platform leverages service mesh to enable unmatched network security enforcement tools that simplifies the implementation of zero trust security model in Kubernetes clusters, complemented by declarative security policies cluster entities visualisation. \ No newline at end of file diff --git a/charts/portshift-operator/portshift-operator/0.1.000/crds/crd.yaml b/charts/portshift-operator/portshift-operator/0.1.000/crds/crd.yaml deleted file mode 100755 index adf76f92d..000000000 --- a/charts/portshift-operator/portshift-operator/0.1.000/crds/crd.yaml +++ /dev/null @@ -1,53 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: portshiftinstallers.portshift.io - labels: - app: portshift-operator -spec: - group: portshift.io - names: - kind: PortshiftInstaller - listKind: PortshiftInstallerList - plural: portshiftinstallers - singular: portshiftinstaller - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: PortshiftInstaller is the Schema for the portshiftinstallers API - properties: - apiVersion: - description: APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info in https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info in https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: PortshiftInstallerSpec defines the desired state of PortshiftInstaller - properties: - portshiftClusterId: - description: Portshift cluster id as specified in Portshift console - type: string - managementUrl: - description: Portshift console URL - type: string - required: - - portshiftClusterId - - managementUrl - type: object - status: - description: Place holder for future use. - properties: - phase: - type: string - type: object - type: object - version: v1 - versions: - - name: v1 - served: true - storage: true diff --git a/charts/portshift-operator/portshift-operator/0.1.000/questions.yaml b/charts/portshift-operator/portshift-operator/0.1.000/questions.yaml deleted file mode 100755 index c08055359..000000000 --- a/charts/portshift-operator/portshift-operator/0.1.000/questions.yaml +++ /dev/null @@ -1,60 +0,0 @@ -questions: -#operator image configurations -- variable: defaultImage - default: true - description: "Use default Portshift operator image or specify a custom one" - label: Use Default Portshift Image - type: boolean - show_subquestion_if: false - group: "Operator Container Images" - subquestions: - - variable: operator.image.repository - default: "gcr.io/development-infra-208909/k8s_operator" - description: "Portshift Operator Image Name" - type: string - label: Portshift Operator Image Name - - variable: operator.image.tag - default: "v0.1.3" - description: "Portshift Operator Image Tag" - type: string - label: Portshift Operator Image Tag - - variable: operator.image.pullPolicy - default: "IfNotPresent" - description: "Portshift Operator Image Pull Policy" - type: string - label: Portshift Operator Image Pull Policy -#operator access configurations -- variable: operator.secret.accessKey - default: "" - description: "Operator access key retrieved from Portshift console" - type: string - required: true - label: Portshift Operator Access Key - group: "Operator Access Configuration" -- variable: operator.secret.secretKey - default: "" - description: "Operator secret key retrieved from Portshift console" - type: string - required: true - label: Portshift Operator Secret Key - group: "Operator Access Configuration" -- variable: defaultMgmtUrl - default: true - description: "Use default Portshift console url or specify a custom one" - label: Use Default Portshift Url - type: boolean - show_subquestion_if: false - group: "Operator Access Configuration" - subquestions: - - variable: operator.portshiftinstaller.managementUrl - default: "console.portshift.io" - description: "Portshift Console Url" - type: string - label: Portshift Console Url -- variable: operator.portshiftinstaller.portshiftClusterId - default: "" - description: "Cluster id definition retrieved from Portshift console" - type: string - required: true - label: Portshift Cluster ID - group: "Operator Access Configuration" diff --git a/charts/portshift-operator/portshift-operator/0.1.000/templates/_helpers.tpl b/charts/portshift-operator/portshift-operator/0.1.000/templates/_helpers.tpl deleted file mode 100755 index 96fb234df..000000000 --- a/charts/portshift-operator/portshift-operator/0.1.000/templates/_helpers.tpl +++ /dev/null @@ -1,45 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "portshift-operator.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "portshift-operator.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "portshift-operator.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "portshift-operator.labels" -}} -app.kubernetes.io/name: {{ include "portshift-operator.name" . }} -helm.sh/chart: {{ include "portshift-operator.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} - diff --git a/charts/portshift-operator/portshift-operator/0.1.000/templates/clusterrolebinding.yaml b/charts/portshift-operator/portshift-operator/0.1.000/templates/clusterrolebinding.yaml deleted file mode 100755 index 9421465ea..000000000 --- a/charts/portshift-operator/portshift-operator/0.1.000/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: portshift-operator - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "portshift-operator.name" . }} - chart: {{ template "portshift-operator.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-admin -subjects: -- kind: ServiceAccount - name: portshift-operator - namespace: {{ .Release.Namespace }} diff --git a/charts/portshift-operator/portshift-operator/0.1.000/templates/deployment.yaml b/charts/portshift-operator/portshift-operator/0.1.000/templates/deployment.yaml deleted file mode 100755 index 4fc8aacfe..000000000 --- a/charts/portshift-operator/portshift-operator/0.1.000/templates/deployment.yaml +++ /dev/null @@ -1,41 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: portshift-operator - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "portshift-operator.name" . }} - chart: {{ template "portshift-operator.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - replicas: 1 - selector: - matchLabels: - app: {{ template "portshift-operator.name" . }} - template: - metadata: - labels: - app: {{ template "portshift-operator.name" . }} - chart: {{ template "portshift-operator.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - serviceAccountName: portshift-operator - containers: - - name: portshift-operator - image: "{{ .Values.operator.image.repository }}:{{ .Values.operator.image.tag }}" - command: - - portshift-operator - imagePullPolicy: "{{ .Values.operator.image.pullPolicy }}" - env: - - name: WATCH_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: OPERATOR_NAME - value: portshift-operator diff --git a/charts/portshift-operator/portshift-operator/0.1.000/templates/portshiftinstaller.yaml b/charts/portshift-operator/portshift-operator/0.1.000/templates/portshiftinstaller.yaml deleted file mode 100755 index 1cec0ff15..000000000 --- a/charts/portshift-operator/portshift-operator/0.1.000/templates/portshiftinstaller.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: portshift.io/v1 -kind: PortshiftInstaller -metadata: - name: portshiftinstaller - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "portshift-operator.name" . }} - chart: {{ template "portshift-operator.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - managementUrl: {{ .Values.operator.portshiftinstaller.managementUrl }} - portshiftClusterId: {{ .Values.operator.portshiftinstaller.portshiftClusterId }} diff --git a/charts/portshift-operator/portshift-operator/0.1.000/templates/secret.yaml b/charts/portshift-operator/portshift-operator/0.1.000/templates/secret.yaml deleted file mode 100755 index 24064d7f1..000000000 --- a/charts/portshift-operator/portshift-operator/0.1.000/templates/secret.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: portshift-operator-secret - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "portshift-operator.name" . }} - chart: {{ template "portshift-operator.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -type: Opaque -data: - accessKey: {{ required "A valid .Values.operator.secret.accessKey is required" .Values.operator.secret.accessKey | b64enc | quote }} - secretKey: {{ required "A valid .Values.operator.secret.secretKey is required" .Values.operator.secret.secretKey | b64enc | quote }} diff --git a/charts/portshift-operator/portshift-operator/0.1.000/templates/serviceaccount.yaml b/charts/portshift-operator/portshift-operator/0.1.000/templates/serviceaccount.yaml deleted file mode 100755 index 0604efeb6..000000000 --- a/charts/portshift-operator/portshift-operator/0.1.000/templates/serviceaccount.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: portshift-operator - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "portshift-operator.name" . }} - chart: {{ template "portshift-operator.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} diff --git a/charts/portshift-operator/portshift-operator/0.1.000/values.yaml b/charts/portshift-operator/portshift-operator/0.1.000/values.yaml deleted file mode 100755 index 438fa39e8..000000000 --- a/charts/portshift-operator/portshift-operator/0.1.000/values.yaml +++ /dev/null @@ -1,11 +0,0 @@ -operator: - image: - repository: gcr.io/development-infra-208909/k8s_operator - tag: v0.1.3 - pullPolicy: IfNotPresent - secret: - accessKey: "" - secretKey: "" - portshiftinstaller: - managementUrl: console.portshift.io - portshiftClusterId: "" diff --git a/charts/streamsets/control-agent/2.0.100+up2.0.1/.helmignore b/charts/streamsets/control-agent/2.0.100+up2.0.1/.helmignore deleted file mode 100644 index f0c131944..000000000 --- a/charts/streamsets/control-agent/2.0.100+up2.0.1/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/streamsets/control-agent/2.0.100+up2.0.1/Chart.yaml b/charts/streamsets/control-agent/2.0.100+up2.0.1/Chart.yaml deleted file mode 100644 index 59c1513bc..000000000 --- a/charts/streamsets/control-agent/2.0.100+up2.0.1/Chart.yaml +++ /dev/null @@ -1,19 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: streamsets -apiVersion: v1 -appVersion: 3.8.0 -description: Control Agent for managing StreamSets Control Hub Deployments -home: https://streamsets.com -icon: https://github.com/streamsets/datacollector/raw/master/basic-lib/src/main/resources/sdcipc.png -keywords: -- streamsets -- sdc -- sch -maintainers: -- email: thomas.ganka@streamsets.com - name: thomasganka -name: control-agent -sources: -- https://github.com/streamsets/helm-charts/tree/master/incubating/control-agent -version: 2.0.100+up2.0.1 diff --git a/charts/streamsets/control-agent/2.0.100+up2.0.1/README.md b/charts/streamsets/control-agent/2.0.100+up2.0.1/README.md deleted file mode 100644 index fd7dd1e5a..000000000 --- a/charts/streamsets/control-agent/2.0.100+up2.0.1/README.md +++ /dev/null @@ -1,52 +0,0 @@ -# StreamSets Control Agent - -The [StreamSets](https://streamsets.com) control agent manages StreamSets Control Hub deployments. - -## Introduction - -This chart supports both RBAC and non-RBAC enabled clusters. It has no dependencies. - -## Installing the Chart - -First, add the streamsets stable repository to helm. - -```bash -helm repo add streamsets https://streamsets.github.io/helm-charts/stable -``` - -To install the chart with the release name `my-release` into the namespace `streamsets`: - -```bash -helm install streamsets/control-agent --name my-release --namespace streamsets -``` - -## Configuration - -The following tables lists the configurable parameters of the chart and their default values. - -| Parameter | Description | Default | -| ------------------------------- | -------------------------------------------------------------------- | ----------------------------------------- | -| `image.repository` | Control Agent image name | `streamsets/control-agent` | -| `image.tag` | The version of the official image to use | `3.0.0` | -| `image.pullPolicy` | Pull policy for the image | `IfNotPresent` | -| `streamsets.orgId` | This is the part of your SCH/DPM username after the `@` | None (Required) | -| `streamsets.api.url` | The URL for the SCH/DPM instance to connect to | `https://cloud.streamsets.com` | -| `streamsets.api.token` | Agent auth token from the SCH/DPM REST API or UI | None (Required) | -| `rbac.enabled` | Creates req'd ServiceAccount and Role on RBAC-enabled cluster | `true` | -| `resources` | Resource request for the pod | None | -| `nodeSelector` | Node Selector to apply to the deployment | None | - -`streamsets.api.token` and `streamsets.orgId` are required values - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example: - -```bash -helm install streamsets/control-agent --set streamsets.api.token="my_api_token" --set streamsets.orgId="my_org" -``` - -Alternatively, a YAML file that specifies the values for the parameters can be provided while -installing the chart. For example: - -```bash -helm install streamsets/control-agent --values values.yaml -``` diff --git a/charts/streamsets/control-agent/2.0.100+up2.0.1/app-readme.md b/charts/streamsets/control-agent/2.0.100+up2.0.1/app-readme.md deleted file mode 100644 index f511468db..000000000 --- a/charts/streamsets/control-agent/2.0.100+up2.0.1/app-readme.md +++ /dev/null @@ -1,5 +0,0 @@ -# Streamsets - -[Streamsets](https://www.streamsets.com/) is a data engineering platform. This chart adds the Streamsets Agent to all nodes in your cluster. The agent communicates with Control Hub to automatically provision Data Collector containers in the Kubernetes cluster in which it runs [Streamsets Control Hub](https://streamsets.com/documentation/controlhub/latest/help/controlhub/UserGuide/GettingStarted/DPM.html#concept_l45_qwf_xw. For more information about deploying Streamsets on Kubernetes, please refer to the [Streamsets documentation website](https://streamsets.com/documentation/controlhub/latest/help/controlhub/UserGuide/DataCollectorsProvisioned/Provisioned.html#concept_jsd_v24_lbb). - -Streamsets [Docker Image](https://hub.docker.com/r/streamsets/datacollector). \ No newline at end of file diff --git a/charts/streamsets/control-agent/2.0.100+up2.0.1/krb/krb5.conf b/charts/streamsets/control-agent/2.0.100+up2.0.1/krb/krb5.conf deleted file mode 100644 index d97d77d1e..000000000 --- a/charts/streamsets/control-agent/2.0.100+up2.0.1/krb/krb5.conf +++ /dev/null @@ -1,17 +0,0 @@ -[libdefaults] -default_realm = -dns_lookup_kdc = false -dns_lookup_realm = false -ticket_lifetime = 86400 -renew_lifetime = 604800 -forwardable = true -default_tgs_enctypes = aes256-cts -default_tkt_enctypes = aes256-cts -permitted_enctypes = aes256-cts -udp_preference_limit = 1 -[realms] - = { -kdc = -admin_server = -} - diff --git a/charts/streamsets/control-agent/2.0.100+up2.0.1/questions.yml b/charts/streamsets/control-agent/2.0.100+up2.0.1/questions.yml deleted file mode 100644 index b34ac722c..000000000 --- a/charts/streamsets/control-agent/2.0.100+up2.0.1/questions.yml +++ /dev/null @@ -1,65 +0,0 @@ -questions: -#image configurations -- variable: defaultImage - default: true - description: "Use default Streamsets image or specify a custom one" - label: Use Default Streamsets Image - type: boolean - show_subquestion_if: false - group: "Container Images" - subquestions: - - variable: image.repository - default: "streamsets/control-agent" - description: "Streamsets Control Agent Image Name" - type: string - label: Streamsets Control Agent Image Name - - variable: image.tag - default: "3.0.0" - description: "Streamsets Image Tag" - type: string - label: Streamsets Image Tag - - variable: image.pullPolicy - default: "IfNotPresent" - description: "Pull policy for the image" - type: string - label: Streamsets Pull Policy -#streamsets configurations -- variable: streamsets.orgId - default: "" - description: "This is the part of your Streamsets Control Hub username after the `@`" - type: string - label: Enable Org ID - required: true - group: "Streamsets Org ID" -- variable: streamsets.api.url - default: "https://cloud.streamsets.com" - description: "The URL for the Streamsets Control Hub instance to connect to. Default is Streamsets Hosted Service" - type: string - label: Enable Streamsets API URL - required: false - group: "Streamsets API URL" -- variable: streamsets.api.token - default: "" - description: "Agent auth token from the Streamsets Control Hub REST API or UI" - type: string - required: true - label: Agent Auth Token - group: "Agent Auth Token" -- variable: rbac.enabled - default: true - description: "Creates req'd ServiceAccount and Role on RBAC-enabled cluster" - type: boolean - label: Enable RBAC - group: "RBAC" -- variable: resources - default: "" - description: "Resource request for the Control Agent pod" - type: string - label: Resource request for Streamsets Control Agent - group: "Resource request" -- variable: nodeSelector - default: "" - description: "Node Selector to apply to the deployment " - type: string - label: Node Selector for Streamsets Control Agent - group: "Node Selector" diff --git a/charts/streamsets/control-agent/2.0.100+up2.0.1/templates/NOTES.txt b/charts/streamsets/control-agent/2.0.100+up2.0.1/templates/NOTES.txt deleted file mode 100644 index f17b2e5d9..000000000 --- a/charts/streamsets/control-agent/2.0.100+up2.0.1/templates/NOTES.txt +++ /dev/null @@ -1,2 +0,0 @@ -The agent has been successfully installed. -Visit {{ .Values.streamsets.api.url }}/sch/provisioning/deployments to continue setup. diff --git a/charts/streamsets/control-agent/2.0.100+up2.0.1/templates/_helpers.tpl b/charts/streamsets/control-agent/2.0.100+up2.0.1/templates/_helpers.tpl deleted file mode 100644 index 8288985e9..000000000 --- a/charts/streamsets/control-agent/2.0.100+up2.0.1/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "control-agent.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "control-agent.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "control-agent.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/streamsets/control-agent/2.0.100+up2.0.1/templates/deployment.yaml b/charts/streamsets/control-agent/2.0.100+up2.0.1/templates/deployment.yaml deleted file mode 100644 index 6dc75545b..000000000 --- a/charts/streamsets/control-agent/2.0.100+up2.0.1/templates/deployment.yaml +++ /dev/null @@ -1,87 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "control-agent.fullname" . }} - labels: - app.kubernetes.io/name: {{ include "control-agent.name" . }} - helm.sh/chart: {{ include "control-agent.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: {{ include "control-agent.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ include "control-agent.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - spec: - {{- if .Values.rbac.enabled }} - serviceAccountName: {{ include "control-agent.fullname" . }} - {{- else }} - serviceAccountName: default - {{- end }} - terminationGracePeriodSeconds: 60 - containers: - - name: {{ include "control-agent.fullname" . }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - {{- if .Values.krb.enabled }} - volumeMounts: - - name: krb5conf - mountPath: "/opt/kerberos" - readOnly: true - {{- end}} - {{- if .Values.resources }} - resources: -{{ toYaml .Values.resources | indent 12 }} - {{- end }} - env: - - name: HOST - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: dpm_agent_master_url - value: "https://kubernetes.default.svc.cluster.local" - - name: dpm_agent_cof_type - value: KUBERNETES - - name: dpm_agent_dpm_baseurl - value: {{ default "https://cloud.streamsets.com" .Values.streamsets.api.url }} - - name: dpm_agent_component_id - value: {{ .Release.Name }}-{{ .Values.streamsets.orgId }} - - name: dpm_agent_token_string - valueFrom: - secretKeyRef: - name: {{ include "control-agent.fullname" . }} - key: apiToken - - name: dpm_agent_name - value: {{ .Release.Name }} - - name: dpm_agent_orgId - value: {{required "An SCH orgId is required!" .Values.streamsets.orgId }} - - name: dpm_agent_secret - value: {{ include "control-agent.fullname" . }} - - name: dpm_agent_crd_enabled - value: "{{.Values.streamsets.crdEnabled}}" - {{- if .Values.krb.enabled }} - - name: dpm_agent_kerberos_enabled - value: "true" - - name: KRB5_CONFIG - value: "/opt/kerberos/krb5.conf" - - name: dpm_agent_kerberos_secret - value: kerbsecret - - name: dpm_agent_kdc_type - value: {{ .Values.krb.kdcType }} - {{- end}} - {{- if .Values.krb.enabled }} - volumes: - - name: krb5conf - secret: - secretName: krb5conf - {{- end}} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 8 }} - {{- end }} diff --git a/charts/streamsets/control-agent/2.0.100+up2.0.1/templates/krb5-secret.yaml b/charts/streamsets/control-agent/2.0.100+up2.0.1/templates/krb5-secret.yaml deleted file mode 100644 index 6af832276..000000000 --- a/charts/streamsets/control-agent/2.0.100+up2.0.1/templates/krb5-secret.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- if .Values.krb.enabled }} -apiVersion: v1 -kind: Secret -metadata: - name: krb5conf - labels: - app: {{ template "control-agent.fullname" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" -type: Opaque -data: -{{ (.Files.Glob "krb/krb5.conf").AsSecrets | indent 2 }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: kerbsecret - labels: - app: {{ template "control-agent.fullname" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" -type: Opaque -data: - encryption_types: {{required "encryption types to use when creating a keytab for service principal!" .Values.krb.encryptionTypes | b64enc }} - container_dn: {{required "distinguished name of the container under which new principals will be created is required!" .Values.krb.containerDn | b64enc }} - ldap_url: {{required "URL of the LDAP service provider is required!" .Values.krb.ldapUrl | b64enc }} - admin_principal: {{required "user account which has privileges to create, search and destroy service principals is required!" .Values.krb.adminPrincipal | b64enc }} - admin_key : {{required "secret key for the admin principal is required!" .Values.krb.adminKey | b64enc }} - realm : {{required "the realm of the organization is required!" .Values.krb.realm | b64enc }} -{{- end}} diff --git a/charts/streamsets/control-agent/2.0.100+up2.0.1/templates/rbac.yaml b/charts/streamsets/control-agent/2.0.100+up2.0.1/templates/rbac.yaml deleted file mode 100644 index 29607415a..000000000 --- a/charts/streamsets/control-agent/2.0.100+up2.0.1/templates/rbac.yaml +++ /dev/null @@ -1,91 +0,0 @@ -{{- if .Values.rbac.enabled }} -kind: ServiceAccount -apiVersion: v1 -metadata: - name: {{ include "control-agent.fullname" . }} - labels: - app.kubernetes.io/name: {{ include "control-agent.name" . }} - helm.sh/chart: {{ include "control-agent.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} ---- -kind: Role -apiVersion: rbac.authorization.k8s.io/v1beta1 -metadata: - namespace: {{ .Release.Namespace }} - name: {{ include "control-agent.fullname" . }} - labels: - app.kubernetes.io/name: {{ include "control-agent.name" . }} - helm.sh/chart: {{ include "control-agent.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: ["", "extensions", "autoscaling", "apps"] - resources: ["pods", "deployments", "replicasets", "horizontalpodautoscalers", "services", "ingresses"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] -- apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "update"] -{{- if .Values.streamsets.crdEnabled }} -- apiGroups: ["streamsets.k8s.io"] - resources: ["sdcs"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: RoleBinding -metadata: - name: {{ include "control-agent.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "control-agent.name" . }} - helm.sh/chart: {{ include "control-agent.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "control-agent.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ include "control-agent.fullname" . }} - namespace: {{ .Release.Namespace }} ---- -{{- if .Values.streamsets.crdEnabled }} -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: streamsets-crd-handler - labels: - app.kubernetes.io/name: {{ include "control-agent.name" . }} - helm.sh/chart: {{ include "control-agent.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions", ] - verbs: ["get", "list", "watch"] -- apiGroups: ["apiextensions.k8s.io", "streamsets.k8s.io"] - resources: ["customresourcedefinitions", "sdcs"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "control-agent.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "control-agent.name" . }} - helm.sh/chart: {{ include "control-agent.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: streamsets-crd-handler -subjects: -- kind: ServiceAccount - name: {{ include "control-agent.fullname" . }} - namespace: {{ .Release.Namespace }} -{{- end }} -{{- end }} diff --git a/charts/streamsets/control-agent/2.0.100+up2.0.1/templates/sdc.yaml b/charts/streamsets/control-agent/2.0.100+up2.0.1/templates/sdc.yaml deleted file mode 100644 index bd061f56e..000000000 --- a/charts/streamsets/control-agent/2.0.100+up2.0.1/templates/sdc.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if .Values.streamsets.crdEnabled }} -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: sdcs.streamsets.k8s.io - labels: - app.kubernetes.io/name: {{ include "control-agent.name" . }} - helm.sh/chart: {{ include "control-agent.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - annotations: - "helm.sh/hook": crd-install - "helm.sh/hook-delete-policy": before-hook-creation -scope: Namespaced -spec: - group: streamsets.k8s.io - version: v1 - names: - kind: SdcCustomResource - plural: sdcs - singular: sdc -{{- end }} diff --git a/charts/streamsets/control-agent/2.0.100+up2.0.1/templates/token-secret.yaml b/charts/streamsets/control-agent/2.0.100+up2.0.1/templates/token-secret.yaml deleted file mode 100644 index fa397f495..000000000 --- a/charts/streamsets/control-agent/2.0.100+up2.0.1/templates/token-secret.yaml +++ /dev/null @@ -1,12 +0,0 @@ -kind: Secret -apiVersion: v1 -metadata: - name: {{ include "control-agent.fullname" . }} - labels: - app.kubernetes.io/name: {{ include "control-agent.name" . }} - helm.sh/chart: {{ include "control-agent.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -type: Opaque -data: - apiToken: {{ required "A Control Agent API token is required!" .Values.streamsets.api.token | b64enc }} diff --git a/charts/streamsets/control-agent/2.0.100+up2.0.1/values.yaml b/charts/streamsets/control-agent/2.0.100+up2.0.1/values.yaml deleted file mode 100644 index 3ccdef683..000000000 --- a/charts/streamsets/control-agent/2.0.100+up2.0.1/values.yaml +++ /dev/null @@ -1,28 +0,0 @@ -# Default values for Streamsets Control Agent -image: - repository: streamsets/control-agent - tag: latest - pullPolicy: Always -streamsets: - orgId: - crdEnabled: false - api: - url: https://cloud.streamsets.com - token: -rbac: - enabled: true -krb: - enabled: false - encryptionTypes: - containerDn: - ldapUrl: - adminPrincipal: - adminKey: - realm: - kdcType: < AD | MIT > -## -## Configure resource requests and limits -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## -resources: {} -nodeSelector: {} diff --git a/charts/streamsets/control-agent/2.0.100/.helmignore b/charts/streamsets/control-agent/2.0.100/.helmignore deleted file mode 100755 index f0c131944..000000000 --- a/charts/streamsets/control-agent/2.0.100/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/streamsets/control-agent/2.0.100/Chart.yaml b/charts/streamsets/control-agent/2.0.100/Chart.yaml deleted file mode 100755 index 918242aac..000000000 --- a/charts/streamsets/control-agent/2.0.100/Chart.yaml +++ /dev/null @@ -1,19 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: streamsets -apiVersion: v1 -appVersion: 3.8.0 -description: Control Agent for managing StreamSets Control Hub Deployments -home: https://streamsets.com -icon: https://github.com/streamsets/datacollector/raw/master/basic-lib/src/main/resources/sdcipc.png -keywords: -- streamsets -- sdc -- sch -maintainers: -- email: thomas.ganka@streamsets.com - name: thomasganka -name: control-agent -sources: -- https://github.com/streamsets/helm-charts/tree/master/incubating/control-agent -version: 2.0.100 diff --git a/charts/streamsets/control-agent/2.0.100/README.md b/charts/streamsets/control-agent/2.0.100/README.md deleted file mode 100755 index fd7dd1e5a..000000000 --- a/charts/streamsets/control-agent/2.0.100/README.md +++ /dev/null @@ -1,52 +0,0 @@ -# StreamSets Control Agent - -The [StreamSets](https://streamsets.com) control agent manages StreamSets Control Hub deployments. - -## Introduction - -This chart supports both RBAC and non-RBAC enabled clusters. It has no dependencies. - -## Installing the Chart - -First, add the streamsets stable repository to helm. - -```bash -helm repo add streamsets https://streamsets.github.io/helm-charts/stable -``` - -To install the chart with the release name `my-release` into the namespace `streamsets`: - -```bash -helm install streamsets/control-agent --name my-release --namespace streamsets -``` - -## Configuration - -The following tables lists the configurable parameters of the chart and their default values. - -| Parameter | Description | Default | -| ------------------------------- | -------------------------------------------------------------------- | ----------------------------------------- | -| `image.repository` | Control Agent image name | `streamsets/control-agent` | -| `image.tag` | The version of the official image to use | `3.0.0` | -| `image.pullPolicy` | Pull policy for the image | `IfNotPresent` | -| `streamsets.orgId` | This is the part of your SCH/DPM username after the `@` | None (Required) | -| `streamsets.api.url` | The URL for the SCH/DPM instance to connect to | `https://cloud.streamsets.com` | -| `streamsets.api.token` | Agent auth token from the SCH/DPM REST API or UI | None (Required) | -| `rbac.enabled` | Creates req'd ServiceAccount and Role on RBAC-enabled cluster | `true` | -| `resources` | Resource request for the pod | None | -| `nodeSelector` | Node Selector to apply to the deployment | None | - -`streamsets.api.token` and `streamsets.orgId` are required values - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example: - -```bash -helm install streamsets/control-agent --set streamsets.api.token="my_api_token" --set streamsets.orgId="my_org" -``` - -Alternatively, a YAML file that specifies the values for the parameters can be provided while -installing the chart. For example: - -```bash -helm install streamsets/control-agent --values values.yaml -``` diff --git a/charts/streamsets/control-agent/2.0.100/app-readme.md b/charts/streamsets/control-agent/2.0.100/app-readme.md deleted file mode 100755 index f511468db..000000000 --- a/charts/streamsets/control-agent/2.0.100/app-readme.md +++ /dev/null @@ -1,5 +0,0 @@ -# Streamsets - -[Streamsets](https://www.streamsets.com/) is a data engineering platform. This chart adds the Streamsets Agent to all nodes in your cluster. The agent communicates with Control Hub to automatically provision Data Collector containers in the Kubernetes cluster in which it runs [Streamsets Control Hub](https://streamsets.com/documentation/controlhub/latest/help/controlhub/UserGuide/GettingStarted/DPM.html#concept_l45_qwf_xw. For more information about deploying Streamsets on Kubernetes, please refer to the [Streamsets documentation website](https://streamsets.com/documentation/controlhub/latest/help/controlhub/UserGuide/DataCollectorsProvisioned/Provisioned.html#concept_jsd_v24_lbb). - -Streamsets [Docker Image](https://hub.docker.com/r/streamsets/datacollector). \ No newline at end of file diff --git a/charts/streamsets/control-agent/2.0.100/krb/krb5.conf b/charts/streamsets/control-agent/2.0.100/krb/krb5.conf deleted file mode 100755 index d97d77d1e..000000000 --- a/charts/streamsets/control-agent/2.0.100/krb/krb5.conf +++ /dev/null @@ -1,17 +0,0 @@ -[libdefaults] -default_realm = -dns_lookup_kdc = false -dns_lookup_realm = false -ticket_lifetime = 86400 -renew_lifetime = 604800 -forwardable = true -default_tgs_enctypes = aes256-cts -default_tkt_enctypes = aes256-cts -permitted_enctypes = aes256-cts -udp_preference_limit = 1 -[realms] - = { -kdc = -admin_server = -} - diff --git a/charts/streamsets/control-agent/2.0.100/questions.yml b/charts/streamsets/control-agent/2.0.100/questions.yml deleted file mode 100755 index b34ac722c..000000000 --- a/charts/streamsets/control-agent/2.0.100/questions.yml +++ /dev/null @@ -1,65 +0,0 @@ -questions: -#image configurations -- variable: defaultImage - default: true - description: "Use default Streamsets image or specify a custom one" - label: Use Default Streamsets Image - type: boolean - show_subquestion_if: false - group: "Container Images" - subquestions: - - variable: image.repository - default: "streamsets/control-agent" - description: "Streamsets Control Agent Image Name" - type: string - label: Streamsets Control Agent Image Name - - variable: image.tag - default: "3.0.0" - description: "Streamsets Image Tag" - type: string - label: Streamsets Image Tag - - variable: image.pullPolicy - default: "IfNotPresent" - description: "Pull policy for the image" - type: string - label: Streamsets Pull Policy -#streamsets configurations -- variable: streamsets.orgId - default: "" - description: "This is the part of your Streamsets Control Hub username after the `@`" - type: string - label: Enable Org ID - required: true - group: "Streamsets Org ID" -- variable: streamsets.api.url - default: "https://cloud.streamsets.com" - description: "The URL for the Streamsets Control Hub instance to connect to. Default is Streamsets Hosted Service" - type: string - label: Enable Streamsets API URL - required: false - group: "Streamsets API URL" -- variable: streamsets.api.token - default: "" - description: "Agent auth token from the Streamsets Control Hub REST API or UI" - type: string - required: true - label: Agent Auth Token - group: "Agent Auth Token" -- variable: rbac.enabled - default: true - description: "Creates req'd ServiceAccount and Role on RBAC-enabled cluster" - type: boolean - label: Enable RBAC - group: "RBAC" -- variable: resources - default: "" - description: "Resource request for the Control Agent pod" - type: string - label: Resource request for Streamsets Control Agent - group: "Resource request" -- variable: nodeSelector - default: "" - description: "Node Selector to apply to the deployment " - type: string - label: Node Selector for Streamsets Control Agent - group: "Node Selector" diff --git a/charts/streamsets/control-agent/2.0.100/templates/NOTES.txt b/charts/streamsets/control-agent/2.0.100/templates/NOTES.txt deleted file mode 100755 index f17b2e5d9..000000000 --- a/charts/streamsets/control-agent/2.0.100/templates/NOTES.txt +++ /dev/null @@ -1,2 +0,0 @@ -The agent has been successfully installed. -Visit {{ .Values.streamsets.api.url }}/sch/provisioning/deployments to continue setup. diff --git a/charts/streamsets/control-agent/2.0.100/templates/_helpers.tpl b/charts/streamsets/control-agent/2.0.100/templates/_helpers.tpl deleted file mode 100755 index 8288985e9..000000000 --- a/charts/streamsets/control-agent/2.0.100/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "control-agent.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "control-agent.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "control-agent.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/streamsets/control-agent/2.0.100/templates/deployment.yaml b/charts/streamsets/control-agent/2.0.100/templates/deployment.yaml deleted file mode 100755 index 6dc75545b..000000000 --- a/charts/streamsets/control-agent/2.0.100/templates/deployment.yaml +++ /dev/null @@ -1,87 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "control-agent.fullname" . }} - labels: - app.kubernetes.io/name: {{ include "control-agent.name" . }} - helm.sh/chart: {{ include "control-agent.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: {{ include "control-agent.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ include "control-agent.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - spec: - {{- if .Values.rbac.enabled }} - serviceAccountName: {{ include "control-agent.fullname" . }} - {{- else }} - serviceAccountName: default - {{- end }} - terminationGracePeriodSeconds: 60 - containers: - - name: {{ include "control-agent.fullname" . }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - {{- if .Values.krb.enabled }} - volumeMounts: - - name: krb5conf - mountPath: "/opt/kerberos" - readOnly: true - {{- end}} - {{- if .Values.resources }} - resources: -{{ toYaml .Values.resources | indent 12 }} - {{- end }} - env: - - name: HOST - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: dpm_agent_master_url - value: "https://kubernetes.default.svc.cluster.local" - - name: dpm_agent_cof_type - value: KUBERNETES - - name: dpm_agent_dpm_baseurl - value: {{ default "https://cloud.streamsets.com" .Values.streamsets.api.url }} - - name: dpm_agent_component_id - value: {{ .Release.Name }}-{{ .Values.streamsets.orgId }} - - name: dpm_agent_token_string - valueFrom: - secretKeyRef: - name: {{ include "control-agent.fullname" . }} - key: apiToken - - name: dpm_agent_name - value: {{ .Release.Name }} - - name: dpm_agent_orgId - value: {{required "An SCH orgId is required!" .Values.streamsets.orgId }} - - name: dpm_agent_secret - value: {{ include "control-agent.fullname" . }} - - name: dpm_agent_crd_enabled - value: "{{.Values.streamsets.crdEnabled}}" - {{- if .Values.krb.enabled }} - - name: dpm_agent_kerberos_enabled - value: "true" - - name: KRB5_CONFIG - value: "/opt/kerberos/krb5.conf" - - name: dpm_agent_kerberos_secret - value: kerbsecret - - name: dpm_agent_kdc_type - value: {{ .Values.krb.kdcType }} - {{- end}} - {{- if .Values.krb.enabled }} - volumes: - - name: krb5conf - secret: - secretName: krb5conf - {{- end}} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 8 }} - {{- end }} diff --git a/charts/streamsets/control-agent/2.0.100/templates/krb5-secret.yaml b/charts/streamsets/control-agent/2.0.100/templates/krb5-secret.yaml deleted file mode 100755 index 6af832276..000000000 --- a/charts/streamsets/control-agent/2.0.100/templates/krb5-secret.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- if .Values.krb.enabled }} -apiVersion: v1 -kind: Secret -metadata: - name: krb5conf - labels: - app: {{ template "control-agent.fullname" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" -type: Opaque -data: -{{ (.Files.Glob "krb/krb5.conf").AsSecrets | indent 2 }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: kerbsecret - labels: - app: {{ template "control-agent.fullname" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" -type: Opaque -data: - encryption_types: {{required "encryption types to use when creating a keytab for service principal!" .Values.krb.encryptionTypes | b64enc }} - container_dn: {{required "distinguished name of the container under which new principals will be created is required!" .Values.krb.containerDn | b64enc }} - ldap_url: {{required "URL of the LDAP service provider is required!" .Values.krb.ldapUrl | b64enc }} - admin_principal: {{required "user account which has privileges to create, search and destroy service principals is required!" .Values.krb.adminPrincipal | b64enc }} - admin_key : {{required "secret key for the admin principal is required!" .Values.krb.adminKey | b64enc }} - realm : {{required "the realm of the organization is required!" .Values.krb.realm | b64enc }} -{{- end}} diff --git a/charts/streamsets/control-agent/2.0.100/templates/rbac.yaml b/charts/streamsets/control-agent/2.0.100/templates/rbac.yaml deleted file mode 100755 index 29607415a..000000000 --- a/charts/streamsets/control-agent/2.0.100/templates/rbac.yaml +++ /dev/null @@ -1,91 +0,0 @@ -{{- if .Values.rbac.enabled }} -kind: ServiceAccount -apiVersion: v1 -metadata: - name: {{ include "control-agent.fullname" . }} - labels: - app.kubernetes.io/name: {{ include "control-agent.name" . }} - helm.sh/chart: {{ include "control-agent.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} ---- -kind: Role -apiVersion: rbac.authorization.k8s.io/v1beta1 -metadata: - namespace: {{ .Release.Namespace }} - name: {{ include "control-agent.fullname" . }} - labels: - app.kubernetes.io/name: {{ include "control-agent.name" . }} - helm.sh/chart: {{ include "control-agent.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: ["", "extensions", "autoscaling", "apps"] - resources: ["pods", "deployments", "replicasets", "horizontalpodautoscalers", "services", "ingresses"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] -- apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "update"] -{{- if .Values.streamsets.crdEnabled }} -- apiGroups: ["streamsets.k8s.io"] - resources: ["sdcs"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: RoleBinding -metadata: - name: {{ include "control-agent.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "control-agent.name" . }} - helm.sh/chart: {{ include "control-agent.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "control-agent.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ include "control-agent.fullname" . }} - namespace: {{ .Release.Namespace }} ---- -{{- if .Values.streamsets.crdEnabled }} -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: streamsets-crd-handler - labels: - app.kubernetes.io/name: {{ include "control-agent.name" . }} - helm.sh/chart: {{ include "control-agent.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions", ] - verbs: ["get", "list", "watch"] -- apiGroups: ["apiextensions.k8s.io", "streamsets.k8s.io"] - resources: ["customresourcedefinitions", "sdcs"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "control-agent.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "control-agent.name" . }} - helm.sh/chart: {{ include "control-agent.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: streamsets-crd-handler -subjects: -- kind: ServiceAccount - name: {{ include "control-agent.fullname" . }} - namespace: {{ .Release.Namespace }} -{{- end }} -{{- end }} diff --git a/charts/streamsets/control-agent/2.0.100/templates/sdc.yaml b/charts/streamsets/control-agent/2.0.100/templates/sdc.yaml deleted file mode 100755 index bd061f56e..000000000 --- a/charts/streamsets/control-agent/2.0.100/templates/sdc.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if .Values.streamsets.crdEnabled }} -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: sdcs.streamsets.k8s.io - labels: - app.kubernetes.io/name: {{ include "control-agent.name" . }} - helm.sh/chart: {{ include "control-agent.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - annotations: - "helm.sh/hook": crd-install - "helm.sh/hook-delete-policy": before-hook-creation -scope: Namespaced -spec: - group: streamsets.k8s.io - version: v1 - names: - kind: SdcCustomResource - plural: sdcs - singular: sdc -{{- end }} diff --git a/charts/streamsets/control-agent/2.0.100/templates/token-secret.yaml b/charts/streamsets/control-agent/2.0.100/templates/token-secret.yaml deleted file mode 100755 index fa397f495..000000000 --- a/charts/streamsets/control-agent/2.0.100/templates/token-secret.yaml +++ /dev/null @@ -1,12 +0,0 @@ -kind: Secret -apiVersion: v1 -metadata: - name: {{ include "control-agent.fullname" . }} - labels: - app.kubernetes.io/name: {{ include "control-agent.name" . }} - helm.sh/chart: {{ include "control-agent.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -type: Opaque -data: - apiToken: {{ required "A Control Agent API token is required!" .Values.streamsets.api.token | b64enc }} diff --git a/charts/streamsets/control-agent/2.0.100/values.yaml b/charts/streamsets/control-agent/2.0.100/values.yaml deleted file mode 100755 index 3ccdef683..000000000 --- a/charts/streamsets/control-agent/2.0.100/values.yaml +++ /dev/null @@ -1,28 +0,0 @@ -# Default values for Streamsets Control Agent -image: - repository: streamsets/control-agent - tag: latest - pullPolicy: Always -streamsets: - orgId: - crdEnabled: false - api: - url: https://cloud.streamsets.com - token: -rbac: - enabled: true -krb: - enabled: false - encryptionTypes: - containerDn: - ldapUrl: - adminPrincipal: - adminKey: - realm: - kdcType: < AD | MIT > -## -## Configure resource requests and limits -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## -resources: {} -nodeSelector: {} diff --git a/charts/sysdig/sysdig/1.9.200+up1.9.2/CHANGELOG.md b/charts/sysdig/sysdig/1.9.200+up1.9.2/CHANGELOG.md deleted file mode 100644 index 3b017ffe4..000000000 --- a/charts/sysdig/sysdig/1.9.200+up1.9.2/CHANGELOG.md +++ /dev/null @@ -1,437 +0,0 @@ -# Chart: Sysdig - -## Change Log - -This file documents all notable changes to Sysdig Helm Chart. The release -numbering uses [semantic versioning](http://semver.org). - -## v1.9.2 - -### Minor changes - -* Use latest image from Agent (10.3.0) - -## v1.9.1 - -### Minor changes - -* Remove explicit *onPrem* option. Use *collectorSettings* section instead. - -## v1.9.0 - -### Major changes - -* Option to deploy the [Node Image Analyzer](https://docs.sysdig.com/en/scan-running-images.html). - -### Minor changes - -* Include get/list/watch endpoints in agent clusterrole permissions. - -## v1.8.1 - -### Minor changes - -* Use the latest image from Agent (10.2.0) by default. - -### Bug fixes - -* Fix logic in template that was disabling captures in the agent settings. - -## v1.8.0 - -### Major changes - -* Migrated charts to *sysdiglabs* repository - -### Minor changes - -* Add explicit *clusterName* option in values.yaml -* Add beta.kubernetes.io labels for node affinity, to support older versions -* SCC deployed by default in Openshift (check API security.openshift.io/v1) - -## v1.7.20 - -### Minor changes - -* Use the latest image from Agent (10.1.1) by default. - -## v1.7.19 - -### Minor changes - -* Use the latest image from Agent (10.1.0) by default. - -## v1.7.18 - -### Minor changes - -* Add explicit *disable captures* option to agent settings. - -## v1.7.17 - -### Minor changes - -* Add onPrem as explicit option to set collector host, port and settings -* Fail if no sysdig.accessKey value is provided - -## v1.7.16 - -### Minor changes - -* Include support links in README.md - -## v1.7.15 - -### Minor changes - -* Use the latest image from Agent (10.0.0) by default. - -## v1.7.14 - -### Minor changes - -* Implement a more comprehensive securityContext for running the pod. - -## v1.7.13 - -### Minor changes - -* Implement scheduling with affinity and not with nodeSelector on amd64 & linux nodes. -* Add support for custom annotations on daemonSet. - -## v1.7.12 - -### Minor changes - -* Use the latest image from Agent (9.9.1) by default. -* Use kubernetes.io/arch label on daemonSet to schedule pods only on amd64 nodes. -* Add a livenessProbe to daemonSet. - -## v1.7.11 - -### Minor changes - -* Use app.kubernetes.io labels instead of custom ones - -## v1.7.10 - -### Minor changes - -* Use the latest image from Agent (9.9.0) by default. - -## v1.7.9 - -### Minor changes - -* Add the SecurityContextConstraints if the security.openshift.io/v1 API is detected. - -## v1.7.8 - -### Minor changes - -* Add an image.overrideValue value which is a hack to support - RELATED_IMAGE_ feature in Helm based operators. - -## v1.7.7 - -### Minor changes - -* Use the latest image from Agent (9.8.0) by default. - -## v1.7.6 - -### Minor changes - -* Use rbac.authorization.k8s.io/v1 instead of the beta1 API. -* Fix security key duplication when enabling secure and auditLog. - -## v1.7.5 - -### Minor changes - -* Use the latest image from Agent (9.7.0) by default. - -## v1.7.4 - -### Minor changes - -* Use the latest image from Agent (9.6.1) by default. - -## v1.7.3 - -### Minor changes - -* Removed dependency on ebpf.enabled to set environment variables - -## v1.7.2 - -### Minor changes - -* Use the latest image from Agent (9.5.0) by default. - -## v1.7.1 - -### Major changes - -* Remove the auditLog.clusterIP dependency. Using dynamic backend allows to - rely on DNS queries. - -## v1.7.0 - -### Major changes - -* Enable Sysdig Secure by default. - -## v1.6.0 - -### Major changes - -* Add audit log configuration when deploying the agent. - -## v1.5.0 - -### Major changes - -* Add slim configuration for deploying the agent. - -### Minor changes - -* Mount /etc/modprobe.d from host. -* Drop permissions to read secrets and configmaps. - -## v1.4.25 - -### Minor changes - -* Use the latest image from Agent (0.94.0) by default. - -## v1.4.24 - -### Minor changes - -* Use the latest image from Agent (0.93.1) by default. - -## v1.4.23 - -### Minor changes - -* Update NOTES.txt to use the newest URL for finding the infrastructure. - -## v1.4.22 - -### Minor changes - -* Use the latest image from Agent (0.93.0) by default. - -## v1.4.21 - -* Add 'How to upgrade to last version' to the README - -## v1.4.20 - -### Minor changes - -* Fixes compatibility errors introduced in v1.4.19. - -## v1.4.19 - -### Minor changes - -* Fixes compatibility with kubernetes 1.16. - -## v1.4.18 - -### Minor changes - -* Use the latest image from Agent (0.92.3) by default. - -## v1.4.17 - -### Minor changes - -* Use the latest image from Agent (0.92.2) by default. - -## v1.4.16 - -### Minor changes - -* Allow the DaemonSet to schedule using affinity rules - -## v1.4.15 - -### Minor changes - -* Add configmaps and secrets to the resources we can read -* Add support for priorityClassName, httpProxy, timezone and any env variable settings - -## v1.4.14 - -### Minor changes - -* Update REAMED.md to fix the example in how to use the `sysdig.settings.tags` in the command line with `--set` - -## v1.4.13 - -### Minor changes - -* Use the latest image from Agent (0.92.1) by default. -* Increase `resources.requests` and `resources.limits` to match the [values - provided by Sysdig's agent team.](https://github.com/draios/sysdig-cloud-scripts/blob/master/agent_deploy/kubernetes/sysdig-agent-daemonset-v2.yaml#L70) - -## v1.4.12 - -### Minor changes - -* Use the latest image from Agent (0.92.0) by default. - -## v1.4.11 - -### Minor Changes - -* Add nestorsalceda as an approver in the OWNERS file - -## v1.4.10 - -### Minor Changes - -* Use the latest image from Agent (0.90.3) by default. - -## v1.4.9 - -### Minor Changes - -* Use the latest image from Agent (0.90.2) by default. - -## v1.4.8 - -### Minor Changes - -* Add a volume with the os release information. -* Use the latest image from Agent (0.90.1) by default. - -## v1.4.7 - -### Minor Changes - -* Add apiVersion to Chart.yaml. - -## v1.4.6 - -### Minor Changes - -* Dont allow to change the value of `new_k8s` flag. - -## v1.4.5 - -### Minor Changes - -* Enable `new_k8s` flag by default. This allows kube state metrics to be - automatically detected, monitored, and displayed in Sysdig Monitor. - -## v1.4.4 - -### Minor Changes - -* Use the latest image from Agent (0.89.5) by default. -* Add `persistentvolumes` and `persistentvolumeclaims` to ClusterRole - -## v1.4.3 - -### Minor Changes - -* Provide an empty value to `sysdig.accessKey` key. - -## v1.4.2 - -### Minor Changes - -* Use the latest image from Agent (0.89.4) by default. -* Use latest shovel logo. - -## v1.4.0 - -### Major Changes - -* Use the latest image from Agent (0.89.0) by default. -* eBPF support added. - -## v1.3.2 - -### Minor Changes - -* Provide sane defaults resources for the Sysdig Agent. -* Use RollingUpdate strategy by default. - -## v1.3.1 - -### Minor Changes - -* Revert v1.2.1 changes. The agent automatically restarts when detects a change in the configuration. - -## v1.3.0 - -### Major Changes - -* Use a lower pod termination grace period for avoiding data gaps when pod fails to terminate quickly. -* Check running file on readinessProbe instead of relaying on logs. -* Mount /run and /var/run instead of Docker socket. It allows to access CRI / containerd socket. -* Avoid floating references for the image. - -## v1.2.2 - -### Minor Changes - -* Fix value in the agent tags example. - -## v1.2.1 - -### Minor Changes - -* Add checksum annotations to DaemonSet so that rolling upgrades works when a ConfigMap changes. - -## v1.2.0 - -### Major Changes - -* Allow to use other Docker registries (ECR, Quay ...) to download the Sysdig agent image. - -## v1.1.0 - -### Major Changes - -* Add support for uploading custom app checks for Sysdig agent - -## v1.0.4 - -### Minor Changes - -* Update README file with instructions for setting up the agent with On-Premise deployments - -## v1.0.3 - -### Minor Changes - -* Fixed error in ClusterRoleBinding's roleRef - -## v1.0.2 - -### Minor Changes - -* Fix readinessProbe in daemonset's pod spec - -## v1.0.1 - -### Minor Changes - -* Add dnsPolicy to daemonset. Its value is ClusterFirstWithHostNet -* Fix link target for retrieving Sysdig Monitor Access Key in README - -## v1.0.0 - -### Major Changes - -* Run Sysdig agent as [daemonset v2.0](https://github.com/draios/sysdig-cloud-scripts/blob/master/agent_deploy/kubernetes/sysdig-agent-daemonset-v2.yaml). -* Fix value's naming in order to follow [best practices](https://docs.helm.sh/chart_best_practices/#naming-conventions). -* Use a secure.enabled flag for enabling Sysdig Secure. -* Allow rbac resource creation or use existing serviceAccountName. -* Use required function for retrieving sysdig.accessKey. This ensures that key is present. diff --git a/charts/sysdig/sysdig/1.9.200+up1.9.2/Chart.yaml b/charts/sysdig/sysdig/1.9.200+up1.9.2/Chart.yaml deleted file mode 100644 index 549645b6e..000000000 --- a/charts/sysdig/sysdig/1.9.200+up1.9.2/Chart.yaml +++ /dev/null @@ -1,31 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: sysdig -apiVersion: v1 -appVersion: 10.3.0 -description: Sysdig Monitor and Secure agent -home: https://www.sysdig.com/ -icon: https://478h5m1yrfsa3bbe262u7muv-wpengine.netdna-ssl.com/wp-content/uploads/2019/02/Shovel_600px.png -keywords: -- monitoring -- security -- alerting -- metric -- troubleshooting -- run-time -maintainers: -- email: lachlan@deis.com - name: lachie83 -- email: jorge.salamero@sysdig.com - name: bencer -- email: nestor.salceda@sysdig.com - name: nestorsalceda -- email: alvaro.iradier@sysdig.com - name: airadier -- email: carlos.arilla@sysdig.com - name: carillan81 -name: sysdig -sources: -- https://app.sysdigcloud.com/#/settings/user -- https://github.com/draios/sysdig -version: 1.9.200+up1.9.2 diff --git a/charts/sysdig/sysdig/1.9.200+up1.9.2/DESIGN.md b/charts/sysdig/sysdig/1.9.200+up1.9.2/DESIGN.md deleted file mode 100644 index 607f73d67..000000000 --- a/charts/sysdig/sysdig/1.9.200+up1.9.2/DESIGN.md +++ /dev/null @@ -1,34 +0,0 @@ -# Chart: Sysdig - -## Design and Known Issues Justification Document - -### Goal - -The goal of this file is to document and give some context about some issues that -forced me to take some decisions in this Chart. - -### Loading Custom App Checks using a ConfigMap and a Yaml file - -In Helm, we are not able to add an external file to a Chart deployment, in fact, -there is an [issue](https://github.com/helm/helm/issues/3276) about this. - -This means that external files like SSL certificates or pluggable files, like -Falco rules or Custom App Checks, should be managed using Helm exclusively. You -can see comments in [first Falco pull request](https://github.com/helm/charts/pull/5853). - -And the way to manage them using Helm is to pass file contents as values to Chart -deployment. A nice tip is using a Yaml file and pass to deployment command line -using the -f flag. - -### OpenShift support - -Right now, there are an issue in [OpenShift](https://github.com/openshift/origin/issues/20788) -and other in [Helm](https://github.com/helm/helm/issues/4533) that makes a bit -cumbersome the OpenShift support for this Chart. - -Eventually, they will be fixed. But meanwhile a workaround is to create a -serviceAccount using the `oc` utility. Also manage permissions for creating privileged -containers and allowing hostPath mount with `oc` and deploy the Chart with the -`serviceAccount.name` created with `oc`. - -You can see more details about this workaround on [Sysdig Documentation about OpenShift](https://sysdigdocs.atlassian.net/wiki/spaces/Platform/pages/256671843/). diff --git a/charts/sysdig/sysdig/1.9.200+up1.9.2/OWNERS b/charts/sysdig/sysdig/1.9.200+up1.9.2/OWNERS deleted file mode 100644 index a424cc075..000000000 --- a/charts/sysdig/sysdig/1.9.200+up1.9.2/OWNERS +++ /dev/null @@ -1,6 +0,0 @@ -approvers: -- bencer -- nestorsalceda -reviewers: -- bencer -- nestorsalceda diff --git a/charts/sysdig/sysdig/1.9.200+up1.9.2/README-AWS.md b/charts/sysdig/sysdig/1.9.200+up1.9.2/README-AWS.md deleted file mode 100644 index a9eea4564..000000000 --- a/charts/sysdig/sysdig/1.9.200+up1.9.2/README-AWS.md +++ /dev/null @@ -1,45 +0,0 @@ -# Chart: Sysdig - -## Deploying the AWS Marketplace Sysdig agent image - -This is an use case similar to pulling images from a private registry. First you -need to get the authorization token for the AWS Marketplace ECS image registry: - -```bash -aws ecr --region=us-east-1 get-authorization-token --output text --query authorizationData[].authorizationToken | base64 -d | cut -d: -f2 -``` - -And then use it to create the Secret. Don't forget to replace TOKEN and EMAIL -with your own values: - -```bash -kubectl create secret docker-registry aws-marketplace-credentials \ - --docker-server=217273820646.dkr.ecr.us-east-1.amazonaws.com \ - --docker-username=AWS \ - --docker-password="TOKEN" \ - --docker-email="EMAIL" -``` - -Next you need to create a values YAML file to pass the specific ECS registry -configuration (you will find these values when you activate the software from -the AWS Marketplace): - -```yaml -sysdig: - accessKey: XxxXXxXXxXXxxx - -image: - registry: 217273820646.dkr.ecr.us-east-1.amazonaws.com - repository: 2df5da52-6fa2-46f6-b164-5b879e86fd85/cg-3361214151/agent - tag: 0.85.1-latest - pullSecrets: - - name: aws-marketplace-credentials -``` - -Finally, set the accessKey value and you are ready to deploy the Sysdig agent -using the Helm chart: - -```bash -helm install --name sysdig-agent -f aws-marketplace-values.yaml stable/sysdig -``` - diff --git a/charts/sysdig/sysdig/1.9.200+up1.9.2/README.md b/charts/sysdig/sysdig/1.9.200+up1.9.2/README.md deleted file mode 100644 index cac7539cb..000000000 --- a/charts/sysdig/sysdig/1.9.200+up1.9.2/README.md +++ /dev/null @@ -1,377 +0,0 @@ -# Chart: Sysdig - -[Sysdig](https://sysdig.com/) is a unified platform for container and microservices monitoring, troubleshooting, security and forensics. Sysdig platform has been built on top of [Sysdig tool](https://sysdig.com/opensource/sysdig/) and [Sysdig Inspect](https://sysdig.com/blog/sysdig-inspect/) open-source technologies. - -## Introduction - -This chart adds the Sysdig agent for [Sysdig Monitor](https://sysdig.com/product/monitor/) and [Sysdig Secure](https://sysdig.com/product/secure/) to all nodes in your cluster via a DaemonSet. - -## Prerequisites - -- Kubernetes 1.9+ with Beta APIs enabled - -## Installing the Chart - -To install the chart with the release name `my-release`, retrieve your Sysdig Monitor Access Key from your [Account Settings](https://app.sysdigcloud.com/#/settings/agentInstallation) and run: - -```bash -$ helm repo add sysdiglabs https://sysdiglabs.github.io/charts/ -``` - -to add the `sysdiglabs` Helm chart repository. Then run: - -```bash -$ helm install --name my-release --set sysdig.accessKey=YOUR-KEY-HERE sysdiglabs/sysdig -``` - -After a few seconds, you should see hosts and containers appearing in Sysdig Monitor and Sysdig Secure. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `my-release` deployment: - -```bash -$ helm delete my-release -``` -> **Tip**: Use helm delete --purge my-release to completely remove the release from Helm internal storage - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Configuration - -The following table lists the configurable parameters of the Sysdig chart and their default values. - -| Parameter | Description | Default | -| --- | --- | --- | -| `image.registry` | Sysdig Agent image registry | `docker.io` | -| `image.repository` | The image repository to pull from | `sysdig/agent` | -| `image.tag` | The image tag to pull | `10.3.0` | -| `image.pullPolicy` | The Image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Image pull secrets | `nil` | -| `resources.requests.cpu` | CPU requested for being run in a node | `600m` | -| `resources.requests.memory` | Memory requested for being run in a node | `512Mi` | -| `resources.limits.cpu` | CPU limit | `2000m` | -| `resources.limits.memory` | Memory limit | `1536Mi` | -| `rbac.create` | If true, create & use RBAC resources | `true` | -| `scc.create` | Create OpenShift's Security Context Constraint | `true` | -| `serviceAccount.create` | Create serviceAccount | `true` | -| `serviceAccount.name` | Use this value as serviceAccountName | ` ` | -| `daemonset.updateStrategy.type` | The updateStrategy for updating the daemonset | `RollingUpdate` | -| `daemonset.affinity` | Node affinities | `schedule on amd64 and linux` | -| `daemonset.annotations` | Custom annotations for daemonset | `{}` | -| `slim.enabled` | Use the slim based Sysdig Agent image | `false` | -| `slim.kmoduleImage.repository` | The kernel module image builder repository to pull from | `sysdig/agent-kmodule` | -| `slim.resources.requests.cpu` | CPU requested for building the kernel module | `1000m` | -| `slim.resources.requests.memory` | Memory requested for building the kernel module | `348Mi` | -| `slim.resources.limits.memory` | Memory limit for building the kernel module | `512Mi` | -| `ebpf.enabled` | Enable eBPF support for Sysdig instead of `sysdig-probe` kernel module | `false` | -| `ebpf.settings.mountEtcVolume` | Needed to detect which kernel version are running in Google COS | `true` | -| `clusterName` | Set a cluster name to identify events using *kubernetes.cluster.name* tag | ` ` | -| `sysdig.accessKey` | Your Sysdig Monitor Access Key | `Nil` You must provide your own key | -| `sysdig.disableCaptures` | Disable capture functionality (see https://docs.sysdig.com/en/disable-captures.html) | `false` | -| `sysdig.settings` | Additional settings, directly included in the agent's configuration file `dragent.yaml` | `{}` | -| `secure.enabled` | Enable Sysdig Secure | `true` | -| `auditLog.enabled` | Enable K8s audit log support for Sysdig Secure | `false` | -| `auditLog.auditServerUrl` | The URL where Sysdig Agent listens for K8s audit log events | `0.0.0.0` | -| `auditLog.auditServerPort` | Port where Sysdig Agent listens for K8s audit log events | `7765` | -| `auditLog.dynamicBackend.enabled` | Deploy the Audit Sink where Sysdig listens for K8s audit log events | `false` | -| `customAppChecks` | The custom app checks deployed with your agent | `{}` | -| `nodeImageAnalyzer.deploy` | Deploy the Node Image Analyzer (See https://docs.sysdig.com/en/scan-running-images.html)| `false` | -| `nodeImageAnalyzer.image.repository` | The image repository to pull the Node Image Analyzer from | `sysdig/node-image-analyzer` | -| `nodeImageAnalyzer.image.tag` | The image tag to pull the Node Image Analyzer | `0.1.1` | -| `nodeImageAnalyzer.image.pullPolicy` | The Image pull policy for the Node Image Analyzer | `IfNotPresent` | -| `nodeImageAnalyzer.image.pullSecrets` | Image pull secrets for the Node Image Analyzer | `nil` | -| `nodeImageAnalyzer.resources.requests.cpu` | Node Image Analyzer CPU requests per node | `250m` | -| `nodeImageAnalyzer.resources.requests.memory` | Node Image Analyzer Memory requests per node | `512Mi` | -| `nodeImageAnalyzer.resources.limits.cpu` | Node Image Analyzer CPU limit per node | `500m` | -| `nodeImageAnalyzer.resources.limits.memory` | Node Image Analyzer Memory limit per node | `1024Mi` | -| `nodeImageAnalyzer.settings` | Additional Node Image Analyzer settings | `{}` | -| `tolerations` | The tolerations for scheduling | `node-role.kubernetes.io/master:NoSchedule` | -| `prometheus.file` | Use file to configure promscrape | `false` | -| `prometheus.yaml` | prometheus.yaml content to configure metric collection: relabelling and filtering | ` ` | -| `extraVolume.volumes` | Additional volumes to mount in the sysdig agent to pass new secrets or configmaps | `[]` | -| `extraVolume.mounts` | Mount points for additional volumes | `[]` | - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```bash -$ helm install --name my-release \ - --set sysdig.accessKey=YOUR-KEY-HERE,sysdig.settings.tags="role:webserver\,location:europe" \ - sysdiglabs/sysdig -``` - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```bash -$ helm install --name my-release -f values.yaml sysdiglabs/sysdig -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -## On-Premise backend deployment settings - -Sysdig platform backend can be also deployed On-Premise in your own infrastructure. - -Installing the agent using the Helm chart is also possible in this scenario, and you can enable it with the following parameters: - -| Parameter | Description | Default | -| --- | --- | --- | -| `collectorSettings.collectorHost` | The IP address or hostname of the collector | ` ` | -| `collectorSettings.collectorPort` | The port where collector is listening | 6443 | -| `collectorSettings.ssl` | The collector accepts SSL | `true` | -| `collectorSettings.sslVerifyCertificate` | Set to false if you don't want to verify SSL certificate | `true` | - -For example: - -```bash -$ helm install --name my-release \ - --set sysdig.accessKey=YOUR-KEY-HERE \ - --set collectorSettings.collectorHost=42.32.196.18 \ - --set collectorSettings.collectorPort=6443 \ - --set collectorSettings.sslVerifyCertificate=false \ - sysdiglabs/sysdig -``` - -## Using private Docker image registry - -If you pull the Sysdig agent Docker image from a private registry that requires authentication, some additional configuration is required. - -First, create a secret that stores the registry credentials: - -```bash -$ kubectl create secret docker-registry SECRET_NAME \ - --docker-server=SERVER \ - --docker-username=USERNAME \ - --docker-password=TOKEN \ - --docker-email=EMAIL -``` - -Then, point to this secret in the values YAML file: - -```yaml -sysdig: - accessKey: YOUR-KEY-HERE -image: - registry: myrepo.mydomain.tld - repository: sysdig-agent - tag: latest-tag - pullSecrets: - - name: SECRET_NAME -``` - -Finally, set the accessKey value and you are ready to deploy the Sysdig agent -using the Helm chart: - -```bash -$ helm install --name my-release -f values.yaml sysdiglabs/sysdig -``` - -You can read more details about this in [Kubernetes Documentation](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/). - -## Modifying Sysdig agent configuration - -The Sysdig agent uses a file called `dragent.yaml` to store the configuration. - -Using the Helm chart, the default configuration settings can be updated using `sysdig.settings` either via `--set sysdig.settings.key = value` or in the values YAML file. For example, to eanble Prometheus metrics scraping, you need this in your `values.yaml` file:: - -```yaml -sysdig: - accessKey: YOUR-KEY-HERE - settings: - prometheus: - enabled: true - histograms: true -``` - -```bash -$ helm install --name my-release -f values.yaml sysdiglabs/sysdig -``` - -## Upgrading Sysdig agent configuration - -If you need to upgrade the agent configuration file, first modify the YAML file (in this case we are increasing the metrics limit scraping Prometheus metrics): - -```yaml -sysdig: - accessKey: YOUR-KEY-HERE - settings: - prometheus: - enabled: true - histograms: true - max_metrics: 2000 - max_metrics_per_process: 400 -``` - -And then, upgrade Helm chart with: - -```bash -$ helm upgrade my-release -f values.yaml sysdiglabs/sysdig -``` - -## How to upgrade to the last version - -First of all ensure you have the lastest chart version - -```bash -$ helm repo update -``` - -In case you deployed the chart with a values.yaml file, you just need to modify (or add if it's missing) the `image.tag` field and execute: - -```bash -$ helm install --name sysdig -f values.yaml sysdiglabs/sysdig -``` - -If you deployed the chart setting the values as CLI parameters, like for example: - -```bash -$ helm install \ - --name sysdig \ - --set sysdig.accessKey=xxxx \ - --set ebpf.enabled=true \ - --namespace sysdig-agent \ - sysdiglabs/sysdig -``` - -You will need to execute: - -```bash -$ helm upgrade --set image.tag= --reuse-values sysdig sysdiglabs/sysdig -``` - -## Adding custom AppChecks - -[Application checks](https://sysdigdocs.atlassian.net/wiki/spaces/Monitor/pages/204767363/) are integrations that allow the Sysdig agent to collect metrics exposed by specific services. Sysdig has several built-in AppChecks, but sometimes you might need to [create your own](https://sysdigdocs.atlassian.net/wiki/spaces/Monitor/pages/204767436/). - -Your own AppChecks can deployed with the Helm chart embedding them in the values YAML file: - -```yaml -customAppChecks: - sample.py: |- - from checks import AgentCheck - - class MyCustomCheck(AgentCheck): - def check(self, instance): - self.gauge("testhelm", 1) - -sysdig: - accessKey: YOUR-KEY-HERE - settings: - app_checks: - - name: sample - interval: 10 - pattern: # pattern to match the application - comm: myprocess - conf: - mykey: myvalue -``` - -The first section, dumps the AppCheck in a Kubernetes configmap and makes it available within the Sysdig agent container. The second, configures it on the `dragent.yaml` file. - -Once the values YAML file is ready, we will deploy the Chart like before: - -```bash -$ helm install --name my-release -f values.yaml sysdiglabs/sysdig -``` - -### Automating the generation of custom-app-checks.yaml file - -Sometimes editing and maintaining YAML files can be a bit cumbersome and error-prone, so we have created a script for automating this process and make your life easier. - -Imagine that you have custom AppChecks for a number of services like Redis, MongoDB and Traefik. - -You have already a `values.yaml` with just your configuration: - -```yaml -sysdig: - accessKey: YOUR-KEY-HERE - settings: - app_checks: - - name: myredis - [...] - - name: mymongo - [...] - - name: mytraefik - [...] -``` - -You can generate an additional values YAML file with the custom AppChecks: - -```bash -$ git clone https://github.com/kubernetes/charts.git -$ cd charts/sysdiglabs/sysdig -$ ./scripts/appchecks2helm appChecks/solr.py appChecks/traefik.py appChecks/nats.py > custom-app-checks.yaml -``` - -And deploy the Chart with both of them: - -```bash -$ helm install --name my-release -f custom-app-checks.yaml -f values.yaml sysdiglabs/sysdig -``` - -### Adding prometheus.yaml to configure promscrape - -Promscrape is the component used to collect Prometheus metrics from the sysdig agent. It is based on Prometheus and accepts the same configuration format. - -This file can contain relabelling rules and filters to remove certain metrics or add some configurations to the collection. An example of this file could be: - -```yaml -global: - scrape_interval: 15s - evaluation_interval: 15s -scrape_configs: -- job_name: 'prometheus' # config for federation - honor_labels: true - metrics_path: '/federate' - metric_relabel_configs: - - regex: 'kubernetes_pod_name' - action: labeldrop - params: - 'match[]': - - '{sysdig="true"}' - sysdig_sd_configs: - - tags: - namespace: monitoring - deployment: prometheus-server -``` -`sysdig_sd_configs` allows to select the targets obtained by Sysdig agents to apply the rules in the job. Check [how to configure filtering in sysdig documentation](https://docs.sysdig.com/en/filtering-prometheus-metrics.html). - - -### Adding additional volumes - -To add a new volume to the sysdig agent. - -In order to pass new config maps or secrets used for authentication (for example for Prometheus endpoints) you can mount additional secrets, configmaps or volumes. An example of this could be: - -```yaml -extraVolumes: - volumes: - - name: sysdig-new-cm - configMap: - name: my-cm - optional: true - - name: sysdig-new-secret - secret: - secretName: my-secret - mounts: - - mountPath: /opt/draios/cm - name: sysdig-new-cm - - mountPath: /opt/draios/secret - name: sysdig-new-secret -``` - -## Support - -For getting support from the Sysdig team, you should refer to the official -[Sysdig Support page](https://sysdig.com/support). - -In addition to this, you can browse the documentation for the different -components of the Sysdig Platform: - -* [Sysdig Monitor](https://app.sysdigcloud.com) -* [Sysdig Secure](https://secure.sysdig.com) -* [Platform Documentation](https://docs.sysdig.com/en/sysdig-platform.html) -* [Monitor Documentation](https://docs.sysdig.com/en/sysdig-monitor.html) -* [Secure Documentation](https://docs.sysdig.com/en/sysdig-secure.html) diff --git a/charts/sysdig/sysdig/1.9.200+up1.9.2/app-readme.md b/charts/sysdig/sysdig/1.9.200+up1.9.2/app-readme.md deleted file mode 100644 index 80c6133f0..000000000 --- a/charts/sysdig/sysdig/1.9.200+up1.9.2/app-readme.md +++ /dev/null @@ -1,20 +0,0 @@ -# Sysdig Secure DevOps Platform - -Sysdig enables companies to confidently run cloud-native workloads in production. With the Sysdig Secure DevOps Platform, cloud teams embed security, maximize availability, and validate compliance. The Sysdig platform is open by design, with the scale, performance, and usability enterprises demand. The largest companies rely on Sysdig for cloud-native security and visibility. - -## Embed security -* Detect vulnerabilities and misconfigurations with a single workflow -* Block threats without impacting performance using K8s controls -* Conduct forensics even after the container is gone - -## Maximize availability -* Prevent issues by monitoring performance and capacity -* Accelerate troubleshooting with a single source of truth -* Scale Prometheus monitoring across clusters and clouds - -## Validate compliance -* Verify configuration meets CIS best practices -* Ensure application compliance with NIST, PCI -* Enable audit by correlating Kubernetes activity - -Learn more at [sysdig.com](https://sysdig.com/) diff --git a/charts/sysdig/sysdig/1.9.200+up1.9.2/ci/test-values.yaml b/charts/sysdig/sysdig/1.9.200+up1.9.2/ci/test-values.yaml deleted file mode 100644 index a6745f8b2..000000000 --- a/charts/sysdig/sysdig/1.9.200+up1.9.2/ci/test-values.yaml +++ /dev/null @@ -1,2 +0,0 @@ -sysdig: - accessKey: xxx diff --git a/charts/sysdig/sysdig/1.9.200+up1.9.2/questions.yml b/charts/sysdig/sysdig/1.9.200+up1.9.2/questions.yml deleted file mode 100644 index 26e0d4358..000000000 --- a/charts/sysdig/sysdig/1.9.200+up1.9.2/questions.yml +++ /dev/null @@ -1,100 +0,0 @@ -questions: -#image configurations -- variable: defaultImage - default: true - description: "Use default Sysdig image or specify a custom one" - label: Use Default Sysdig Image - type: boolean - show_subquestion_if: false - group: "Container Images" - subquestions: - - variable: image.repository - default: "sysdig/agent" - description: "Sysdig Image Name" - type: string - label: Sysdig Image Name - - variable: image.tag - default: "10.3.0" - description: "Sysdig Image Tag" - type: string - label: Sysdig Image Tag -#agent configurations -- variable: sysdig.accessKey - default: "" - description: "You need your Sysdig accessKey before running agents" - type: string - required: true - label: Sysdig accessKey -- variable: sysdig.backend - default: "Sysdig SaaS" - description: "Where is Sysdig backend hosted on" - type: enum - label: Sysdig Backend - group: "Agent Configuration" - required: true - options: - - "sysdig-saas" - - "self-hosted" -- variable: sysdig.settings.collector - required: true - default: "collector.sysdigcloud.com" - description: "The host of the Sysdig collector the agent sends data to, only set this option if you need the agent to send data to a custom backend" - type: string - label: Sysdig Collector - group: "Agent Configuration" - show_if: "sysdig.backend=self-hosted" -- variable: sysdig.settings.collector_port - required: true - default: "6443" - description: "The port where the Sysdig collector listens to" - type: string - label: Sysdig Collector Port - group: "Agent Configuration" - show_if: "sysdig.backend=self-hosted" -- variable: sysdig.settings.ssl - required: true - default: true - description: "Use SSL to connect to the Sysdig collector" - type: boolean - label: Sysdig Collector SSL - group: "Agent Configuration" - show_if: "sysdig.backend=self-hosted" -- variable: sysdig.settings.ssl_verify_certificate - required: true - default: true - description: "Validate SSL certificate from the Sysdig collector" - type: boolean - label: Sysdig Collector Verify SSL Certificate - group: "Agent Configuration" - show_if: "sysdig.backend=self-hosted&&sysdig.settings.ssl=true" -- variable: sysdig.settings.tags - default: "" - description: "Agent tags, separated by commas. For example: 'linux:ubuntu,dept:dev,local:nyc'" - type: string - label: Agent Tags - group: "Agent Configuration" -- variable: ebpf.enabled - default: false - description: "Enable eBPF support for Sysdig agent instead of kernel module" - type: boolean - label: Enable eBPF - group: "Agent Configuration" -#proxy configurations -- variable: proxy.httpProxy - default: "" - description: "An http URL to use as a proxy for http requests" - type: string - label: Proxy for HTTP Requests - group: "Proxy Configuration" -- variable: proxy.httpsProxy - default: "" - description: "An http URL to use as a proxy for https requests" - type: string - label: Proxy for HTTPS Requests - group: "Proxy Configuration" -- variable: proxy.noProxy - default: "" - description: "A space-separated list of URLs for which no proxy should be used" - type: string - label: No Proxy List (separated by a space) - group: "Proxy Configuration" diff --git a/charts/sysdig/sysdig/1.9.200+up1.9.2/scripts/appchecks2helm b/charts/sysdig/sysdig/1.9.200+up1.9.2/scripts/appchecks2helm deleted file mode 100644 index f9e0f2d21..000000000 --- a/charts/sysdig/sysdig/1.9.200+up1.9.2/scripts/appchecks2helm +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash - -echo "customAppChecks:" -for app_check in "$@" -do - echo -e " $(basename $app_check): |-" - while IFS= read -r line - do - echo -e " $line" - done <"$app_check" -done diff --git a/charts/sysdig/sysdig/1.9.200+up1.9.2/templates/NOTES.txt b/charts/sysdig/sysdig/1.9.200+up1.9.2/templates/NOTES.txt deleted file mode 100644 index 131548b8a..000000000 --- a/charts/sysdig/sysdig/1.9.200+up1.9.2/templates/NOTES.txt +++ /dev/null @@ -1,9 +0,0 @@ -The agent for Sysdig Secure DevOps Platform is spinning up on each node in your -cluster. After a few seconds, you should see your hosts appearing in the -Explore tab: - - https://app.sysdigcloud.com/#/explore/overview/l:10 - - https://secure.sysdig.com/#/events/l:600/*/*?viewAs=list - -No further action should be required. diff --git a/charts/sysdig/sysdig/1.9.200+up1.9.2/templates/_helpers.tpl b/charts/sysdig/sysdig/1.9.200+up1.9.2/templates/_helpers.tpl deleted file mode 100644 index 5649026a7..000000000 --- a/charts/sysdig/sysdig/1.9.200+up1.9.2/templates/_helpers.tpl +++ /dev/null @@ -1,109 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "sysdig.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "sysdig.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "sysdig.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "sysdig.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "sysdig.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Define the proper imageRegistry to use for agent and kmodule image -*/}} -{{- define "sysdig.imageRegistry" -}} -{{- if and .Values.global (hasKey (default .Values.global dict) "imageRegistry") -}} - {{- .Values.global.imageRegistry -}} -{{- else -}} - {{- .Values.image.registry -}} -{{- end -}} -{{- end -}} - -{{/* -Return the proper Sysdig Agent image name -*/}} -{{- define "sysdig.repositoryName" -}} -{{- .Values.image.repository -}} {{- if .Values.slim.enabled -}} -slim {{- end -}} -{{- end -}} - -{{- define "sysdig.image" -}} -{{- if .Values.image.overrideValue }} - {{- printf .Values.image.overrideValue -}} -{{- else -}} - {{- include "sysdig.imageRegistry" . -}} / {{- include "sysdig.repositoryName" . -}} : {{- .Values.image.tag -}} -{{- end -}} -{{- end -}} - -{{/* -Return the proper Sysdig Agent image name for module building -*/}} -{{- define "sysdig.image.kmodule" -}} - {{- include "sysdig.imageRegistry" . -}} / {{- .Values.slim.kmoduleImage.repository -}} : {{- .Values.image.tag -}} -{{- end -}} - -{{/* -Return the proper Sysdig Agent image name for the Node Image Analyzer -*/}} -{{- define "sysdig.image.nodeImageAnalyzer" -}} - {{- include "sysdig.imageRegistry" . -}} / {{- .Values.nodeImageAnalyzer.image.repository -}} : {{- .Values.nodeImageAnalyzer.image.tag -}} -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "sysdig.labels" -}} -helm.sh/chart: {{ include "sysdig.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} - - -{{/* -Use like: {{ include "get_or_fail_if_in_settings" (dict "root" . "key" "" "setting" "") }} -Return the value of key "" and if "" is also defined in sysdig.settings., and error is thrown -NOTE: I don't like the error message! Too much information. -*/}} -{{- define "get_or_fail_if_in_settings" -}} -{{- $keyValue := tpl (printf "{{- .Values.%s -}}" .key) .root }} -{{- if $keyValue -}} - {{- if hasKey .root.Values.sysdig.settings .setting }}{{ fail (printf "Value '%s' is also set via .sysdig.settings.%s'." .key .setting) }}{{- end -}} - {{- $keyValue -}} -{{- end -}} -{{- end -}} \ No newline at end of file diff --git a/charts/sysdig/sysdig/1.9.200+up1.9.2/templates/auditsink.yaml b/charts/sysdig/sysdig/1.9.200+up1.9.2/templates/auditsink.yaml deleted file mode 100644 index 4f8378ea0..000000000 --- a/charts/sysdig/sysdig/1.9.200+up1.9.2/templates/auditsink.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if and .Values.auditLog.enabled .Values.auditLog.dynamicBackend.enabled }} -apiVersion: auditregistration.k8s.io/v1alpha1 -kind: AuditSink -metadata: - name: {{ template "sysdig.fullname" . }} - labels: -{{ include "sysdig.labels" . | indent 4 }} -spec: - policy: - level: RequestResponse - stages: - - ResponseComplete - - ResponseStarted - webhook: - throttle: - qps: 10 - burst: 15 - clientConfig: - service: - namespace: {{ .Release.Namespace }} - name: {{ template "sysdig.fullname" . }} - port: {{ .Values.auditLog.auditServerPort }} - path: /k8s_audit -{{- end }} diff --git a/charts/sysdig/sysdig/1.9.200+up1.9.2/templates/clusterrole.yaml b/charts/sysdig/sysdig/1.9.200+up1.9.2/templates/clusterrole.yaml deleted file mode 100644 index 35fde6101..000000000 --- a/charts/sysdig/sysdig/1.9.200+up1.9.2/templates/clusterrole.yaml +++ /dev/null @@ -1,66 +0,0 @@ -{{- if .Values.rbac.create }} -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ template "sysdig.fullname" .}} - labels: -{{ include "sysdig.labels" . | indent 4 }} -rules: - - apiGroups: - - "" - resources: - - pods - - replicationcontrollers - - services - - endpoints - - events - - limitranges - - namespaces - - nodes - - resourcequotas - - persistentvolumes - - persistentvolumeclaims - verbs: - - get - - list - - watch - - apiGroups: - - apps - resources: - - daemonsets - - deployments - - replicasets - - statefulsets - verbs: - - get - - list - - watch - - apiGroups: - - autoscaling - resources: - - horizontalpodautoscalers - verbs: - - get - - list - - watch - - apiGroups: - - batch - resources: - - cronjobs - - jobs - verbs: - - get - - list - - watch - - apiGroups: - - extensions - resources: - - daemonsets - - deployments - - ingresses - - replicasets - verbs: - - get - - list - - watch -{{- end }} diff --git a/charts/sysdig/sysdig/1.9.200+up1.9.2/templates/clusterrolebinding.yaml b/charts/sysdig/sysdig/1.9.200+up1.9.2/templates/clusterrolebinding.yaml deleted file mode 100644 index f8ab01298..000000000 --- a/charts/sysdig/sysdig/1.9.200+up1.9.2/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.rbac.create }} -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ template "sysdig.fullname" .}} - labels: -{{ include "sysdig.labels" . | indent 4 }} -subjects: - - kind: ServiceAccount - name: {{ template "sysdig.serviceAccountName" .}} - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: {{ template "sysdig.fullname" .}} - apiGroup: rbac.authorization.k8s.io -{{- end }} diff --git a/charts/sysdig/sysdig/1.9.200+up1.9.2/templates/configmap-custom-app-checks.yaml b/charts/sysdig/sysdig/1.9.200+up1.9.2/templates/configmap-custom-app-checks.yaml deleted file mode 100644 index 6f0495efa..000000000 --- a/charts/sysdig/sysdig/1.9.200+up1.9.2/templates/configmap-custom-app-checks.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if .Values.customAppChecks }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "sysdig.fullname" . }}-custom-app-checks - labels: -{{ include "sysdig.labels" . | indent 4 }} -data: -{{- range $file, $content := .Values.customAppChecks }} - {{ $file }}: |- -{{ $content | indent 4}} -{{- end }} -{{- end }} diff --git a/charts/sysdig/sysdig/1.9.200+up1.9.2/templates/configmap-image-analyzer.yaml b/charts/sysdig/sysdig/1.9.200+up1.9.2/templates/configmap-image-analyzer.yaml deleted file mode 100644 index d62acb6d5..000000000 --- a/charts/sysdig/sysdig/1.9.200+up1.9.2/templates/configmap-image-analyzer.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{- if .Values.nodeImageAnalyzer.deploy }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "sysdig.fullname" . }}-image-analyzer - labels: -{{ include "sysdig.labels" . | indent 4 }} -data: - debug: "{{ .Values.nodeImageAnalyzer.settings.debug | default false }}" - {{- if .Values.nodeImageAnalyzer.settings.imagePeriod }} - image_period: {{ .Values.nodeImageAnalyzer.settings.imagePeriod }} - {{- end }} - {{- if .Values.nodeImageAnalyzer.settings.imageCacheTTL }} - image_cache_ttl: {{ .Values.nodeImageAnalyzer.settings.imageCacheTTL }} - {{- end }} - {{- if .Values.nodeImageAnalyzer.settings.reportPeriod }} - report_period: {{ .Values.nodeImageAnalyzer.settings.reportPeriod }} - {{- end }} - {{- if .Values.nodeImageAnalyzer.settings.dockerSocketPath }} - docker_socket_path: {{ .Values.nodeImageAnalyzer.settings.dockerSocketPath }} - {{- end }} - {{- if .Values.nodeImageAnalyzer.settings.criSocketPath }} - cri_socket_path: {{ .Values.nodeImageAnalyzer.settings.criSocketPath }} - {{- end }} - {{- if .Values.nodeImageAnalyzer.settings.collectorEndpoint }} - collector_endpoint: {{ .Values.nodeImageAnalyzer.settings.collectorEndpoint }} - {{- end }} - {{- if .Values.nodeImageAnalyzer.settings.checkCertificate }} - check_certificate: {{ .Values.nodeImageAnalyzer.settings.checkCertificate }} - {{- end }} - {{- if .Values.nodeImageAnalyzer.settings.collectorTimeout }} - collector_timeout: {{ .Values.nodeImageAnalyzer.settings.collectorTimeout }} - {{- end }} -{{- end }} diff --git a/charts/sysdig/sysdig/1.9.200+up1.9.2/templates/configmap.yaml b/charts/sysdig/sysdig/1.9.200+up1.9.2/templates/configmap.yaml deleted file mode 100644 index 543f62af7..000000000 --- a/charts/sysdig/sysdig/1.9.200+up1.9.2/templates/configmap.yaml +++ /dev/null @@ -1,54 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "sysdig.fullname" . }} - labels: -{{ include "sysdig.labels" . | indent 4 }} -data: - dragent.yaml: | - new_k8s: true -{{- $clusterName := include "get_or_fail_if_in_settings" (dict "root" . "key" "clusterName" "setting" "k8s_cluster_name")}} -{{- if $clusterName }} - k8s_cluster_name: {{ $clusterName }} -{{- end }} -{{- if or .Values.secure.enabled .Values.auditLog.enabled }} - security: - {{- if .Values.auditLog.enabled }} - k8s_audit_server_url: {{ .Values.auditLog.auditServerUrl }} - k8s_audit_server_port: {{ .Values.auditLog.auditServerPort }} - {{- end }} - {{- if .Values.secure.enabled }} - enabled: true - commandlines_capture: - enabled: true - memdump: - enabled: true - {{- end }} -{{- end }} -{{- $disableCaptures := include "get_or_fail_if_in_settings" (dict "root" . "key" "sysdig.disableCaptures" "setting" "sysdig_capture_enabled")}} -{{- if eq $disableCaptures "true" }} - sysdig_capture_enabled: false -{{- end }} -{{- $collectorHost := include "get_or_fail_if_in_settings" (dict "root" . "key" "collectorSettings.collectorHost" "setting" "collector")}} -{{- if $collectorHost }} - collector: {{ $collectorHost }} -{{- end }} -{{- $collectorPort := include "get_or_fail_if_in_settings" (dict "root" . "key" "collectorSettings.collectorPort" "setting" "collector_port")}} -{{- if $collectorPort }} - collector_port: {{ $collectorPort }} -{{- end }} -{{- $ssl := include "get_or_fail_if_in_settings" (dict "root" . "key" "collectorSettings.ssl" "setting" "ssl")}} -{{- if $ssl }} - ssl: {{ $ssl }} -{{- end }} -{{- $sslVerifyCertificate := include "get_or_fail_if_in_settings" (dict "root" . "key" "collectorSettings.sslVerifyCertificate" "setting" "ssl_verify_certificate")}} -{{- if $sslVerifyCertificate }} - ssl_verify_certificate: {{ $sslVerifyCertificate }} -{{- end }} -{{- if .Values.sysdig.settings }} -{{ toYaml .Values.sysdig.settings | indent 4 }} -{{- end }} -{{- if .Values.prometheus.file }} - prometheus.yaml: | -{{ toYaml .Values.prometheus.yaml | indent 4 }} -{{- end }} \ No newline at end of file diff --git a/charts/sysdig/sysdig/1.9.200+up1.9.2/templates/daemonset-image-analyzer.yaml b/charts/sysdig/sysdig/1.9.200+up1.9.2/templates/daemonset-image-analyzer.yaml deleted file mode 100644 index ae9888bbf..000000000 --- a/charts/sysdig/sysdig/1.9.200+up1.9.2/templates/daemonset-image-analyzer.yaml +++ /dev/null @@ -1,148 +0,0 @@ -{{- if .Values.nodeImageAnalyzer.deploy }} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ template "sysdig.fullname" . }}-image-analyzer - labels: - app.kubernetes.io/name: {{ include "sysdig.name" . }}-image-analyzer -{{ include "sysdig.labels" . | indent 4 }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: {{ include "sysdig.name" . }}-image-analyzer - app.kubernetes.io/instance: {{ .Release.Name }} - updateStrategy: - type: RollingUpdate - template: - metadata: - name: {{ template "sysdig.fullname" . }}-image-analyzer - labels: - app.kubernetes.io/name: {{ include "sysdig.name" . }}-image-analyzer -{{ include "sysdig.labels" . | indent 8 }} - spec: - volumes: - # Needed for cri-o image inspection. - # cri-o and especially OCP 4.x by default use containers/storage to handle images, and this makes sure that the - # analyzer has access to the configuration. This file is mounted read-only. - - name: etc-containers-storage-vol - hostPath: - path: /etc/containers/storage.conf - # Needed for cri-o image inspection. - # This is the directory where image data is stored by default when using cri-o and OCP 4.x and the analyzer - # uses it to get the data to scan. This directory must be mounted r/w because proper access to its files through - # the containers/storage library is always regulated with a lockfile. - - name: var-lib-containers-vol - hostPath: - path: /var/lib/containers - # Needed for socket access - - name: varrun-vol - hostPath: - path: /var/run - # Add custom volume here - - name: sysdig-image-analyzer-config - configMap: - name: {{ template "sysdig.fullname" . }}-image-analyzer - optional: true - tolerations: - - effect: NoSchedule - key: node-role.kubernetes.io/master - # The following line is necessary for RBAC - serviceAccount: {{ template "sysdig.serviceAccountName" .}} - {{- if .Values.nodeImageAnalyzer.image.pullSecrets }} - imagePullSecrets: -{{ toYaml .Values.nodeImageAnalyzer.image.pullSecrets | indent 8 }} - {{- end }} - terminationGracePeriodSeconds: 5 - containers: - - name: sysdig-image-analyzer - image: {{ template "sysdig.image.nodeImageAnalyzer" . }} - securityContext: - # The privileged flag is necessary for OCP 4.x and other Kubernetes setups that deny host filesystem access to - # running containers by default regardless of volume mounts. In those cases, access to the CRI socket would fail. - privileged: true - imagePullPolicy: {{ .Values.nodeImageAnalyzer.image.pullPolicy }} - resources: -{{ toYaml .Values.nodeImageAnalyzer.resources | indent 10 }} - volumeMounts: - - mountPath: /var/run - name: varrun-vol - - mountPath: /etc/containers/storage.conf - name: etc-containers-storage-vol - readOnly: true - - mountPath: /var/lib/containers - name: var-lib-containers-vol - env: - - name: ACCESS_KEY - valueFrom: - secretKeyRef: - name: {{ template "sysdig.fullname" . }} - key: access-key - - name: IMAGE_PERIOD - valueFrom: - configMapKeyRef: - name: {{ template "sysdig.fullname" . }}-image-analyzer - key: image_period - optional: true - - name: IMAGE_CACHE_TTL - valueFrom: - configMapKeyRef: - name: {{ template "sysdig.fullname" . }}-image-analyzer - key: image_cache_ttl - optional: true - - name: REPORT_PERIOD - valueFrom: - configMapKeyRef: - name: {{ template "sysdig.fullname" . }}-image-analyzer - key: report_period - optional: true - - name: DOCKER_SOCKET_PATH - valueFrom: - configMapKeyRef: - name: {{ template "sysdig.fullname" . }}-image-analyzer - key: docker_socket_path - optional: true - - name: CRI_SOCKET_PATH - valueFrom: - configMapKeyRef: - name: {{ template "sysdig.fullname" . }}-image-analyzer - key: cri_socket_path - optional: true - #TODO: Get from agent config instead? - - name: AM_COLLECTOR_ENDPOINT - valueFrom: - configMapKeyRef: - name: {{ template "sysdig.fullname" . }}-image-analyzer - key: collector_endpoint - optional: true - #TODO: Get from agent config instead? - - name: AM_COLLECTOR_TIMEOUT - valueFrom: - configMapKeyRef: - name: {{ template "sysdig.fullname" . }}-image-analyzer - key: collector_timeout - optional: true - - name: CHECK_CERTIFICATE - valueFrom: - configMapKeyRef: - name: {{ template "sysdig.fullname" . }}-image-analyzer - key: check_certificate - optional: true - - name: K8S_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: K8S_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: K8S_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: DEBUG - valueFrom: - configMapKeyRef: - name: {{ template "sysdig.fullname" . }}-image-analyzer - key: debug - optional: true -{{- end }} \ No newline at end of file diff --git a/charts/sysdig/sysdig/1.9.200+up1.9.2/templates/daemonset.yaml b/charts/sysdig/sysdig/1.9.200+up1.9.2/templates/daemonset.yaml deleted file mode 100644 index 2e1447f92..000000000 --- a/charts/sysdig/sysdig/1.9.200+up1.9.2/templates/daemonset.yaml +++ /dev/null @@ -1,227 +0,0 @@ -{{- if .Values.sysdig.accessKey }} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ template "sysdig.fullname" . }} - labels: - app.kubernetes.io/name: {{ include "sysdig.name" . }} -{{ include "sysdig.labels" . | indent 4 }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: {{ include "sysdig.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - template: - metadata: - name: {{ template "sysdig.fullname" .}} - labels: - app.kubernetes.io/name: {{ include "sysdig.name" . }} -{{ include "sysdig.labels" . | indent 8 }} - {{- if .Values.daemonset.annotations }} - annotations: -{{ toYaml .Values.daemonset.annotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: {{ template "sysdig.serviceAccountName" .}} -{{- if .Values.priorityClassName }} - priorityClassName: "{{ .Values.priorityClassName }}" -{{- end }} - tolerations: -{{ toYaml .Values.tolerations | indent 8 }} - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - hostPID: true - terminationGracePeriodSeconds: 5 - {{- if .Values.daemonset.affinity }} - affinity: -{{ toYaml .Values.daemonset.affinity | indent 8 }} - {{- end }} - {{- if .Values.image.pullSecrets }} - imagePullSecrets: -{{ toYaml .Values.image.pullSecrets | indent 8 }} - {{- end }} - {{- if .Values.slim.enabled }} - initContainers: - - name: sysdig-agent-kmodule - image: {{ template "sysdig.image.kmodule" . }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - {{- if .Values.image.pullSecrets }} - imagePullSecrets: -{{ toYaml .Values.image.pullSecrets | indent 12 }} - {{- end }} - securityContext: - capabilities: - drop: - - ALL - privileged: true - runAsNonRoot: false - runAsUser: 0 - readOnlyRootFilesystem: false - allowPrivilegeEscalation: true - resources: -{{ toYaml .Values.slim.resources | indent 12 }} - volumeMounts: - - mountPath: /etc/modprobe.d - name: modprobe-d - readOnly: true - - mountPath: /host/boot - name: boot-vol - readOnly: true - - mountPath: /host/lib/modules - name: modules-vol - readOnly: true - - mountPath: /host/usr - name: usr-vol - readOnly: true - {{- end }} - containers: - - name: {{ .Chart.Name }} - image: {{ template "sysdig.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - resources: -{{ toYaml .Values.resources | indent 12 }} - securityContext: - capabilities: - drop: - - ALL - privileged: true - runAsNonRoot: false - runAsUser: 0 - readOnlyRootFilesystem: false - allowPrivilegeEscalation: true - env: - {{- if .Values.ebpf.enabled }} - - name: SYSDIG_BPF_PROBE - value: - {{- end }} - {{- if .Values.proxy.httpProxy }} - - name: http_proxy - value: {{ .Values.proxy.httpProxy }} - {{- end }} - {{- if .Values.proxy.httpsProxy }} - - name: https_proxy - value: {{ .Values.proxy.httpsProxy }} - {{- end }} - {{- if .Values.proxy.noProxy }} - - name: no_proxy - value: {{ .Values.proxy.noProxy }} - {{- end }} - {{- if .Values.timezone }} - - name: TZ - value: {{ .Values.timezone }} - {{- end }} - {{- range $key, $value := .Values.daemonset.env }} - - name: "{{ $key }}" - value: "{{ $value }}" - {{- end }} - readinessProbe: - exec: - command: [ "test", "-e", "/opt/draios/logs/running" ] - initialDelaySeconds: 10 - livenessProbe: - exec: - command: [ "test", "-e", "/opt/draios/logs/running" ] - initialDelaySeconds: 10 - volumeMounts: - {{- if not .Values.slim.enabled }} - - mountPath: /etc/modprobe.d - name: modprobe-d - readOnly: true - {{- end }} - - mountPath: /host/dev - name: dev-vol - readOnly: false - - mountPath: /host/proc - name: proc-vol - readOnly: true - {{- if not .Values.slim.enabled }} - - mountPath: /host/boot - name: boot-vol - readOnly: true - - mountPath: /host/lib/modules - name: modules-vol - readOnly: true - - mountPath: /host/usr - name: usr-vol - readOnly: true - {{- end }} - - mountPath: /host/run - name: run-vol - - mountPath: /host/var/run - name: varrun-vol - - mountPath: /dev/shm - name: dshm - - mountPath: /opt/draios/etc/kubernetes/config - name: sysdig-agent-config - - mountPath: /opt/draios/etc/kubernetes/secrets - name: sysdig-agent-secrets - {{- if (and .Values.ebpf.enabled .Values.ebpf.settings.mountEtcVolume) }} - - mountPath: /host/etc - name: etc-fs - readOnly: true - {{- end }} - {{- if .Values.customAppChecks }} - - mountPath: /opt/draios/lib/python/checks.custom.d - name: custom-app-checks-volume - {{- end }} - - mountPath: /host/etc/os-release - name: osrel - readOnly: true - {{- if .Values.extraVolumes.mounts }} -{{ toYaml .Values.extraVolumes.mounts | indent 12 }} - {{- end }} - volumes: - - name: modprobe-d - hostPath: - path: /etc/modprobe.d - - name: osrel - hostPath: - path: /etc/os-release - type: FileOrCreate - - name: dshm - emptyDir: - medium: Memory - - name: dev-vol - hostPath: - path: /dev - - name: proc-vol - hostPath: - path: /proc - - name: boot-vol - hostPath: - path: /boot - - name: modules-vol - hostPath: - path: /lib/modules - - name: usr-vol - hostPath: - path: /usr - - name: run-vol - hostPath: - path: /run - - name: varrun-vol - hostPath: - path: /var/run - {{- if (and .Values.ebpf.enabled .Values.ebpf.settings.mountEtcVolume) }} - - name: etc-fs - hostPath: - path: /etc - {{- end }} - - name: sysdig-agent-config - configMap: - name: {{ template "sysdig.fullname" . }} - optional: true - - name: sysdig-agent-secrets - secret: - secretName: {{ template "sysdig.fullname" . }} - {{- if .Values.customAppChecks }} - - name: custom-app-checks-volume - configMap: - name: {{ template "sysdig.fullname" . }}-custom-app-checks - {{- end }} - {{- if .Values.extraVolumes.volumes }} -{{ toYaml .Values.extraVolumes.volumes | indent 8 }} - {{- end }} - updateStrategy: -{{ toYaml .Values.daemonset.updateStrategy | indent 4 }} -{{- end }} diff --git a/charts/sysdig/sysdig/1.9.200+up1.9.2/templates/secrets.yaml b/charts/sysdig/sysdig/1.9.200+up1.9.2/templates/secrets.yaml deleted file mode 100644 index 7e458160f..000000000 --- a/charts/sysdig/sysdig/1.9.200+up1.9.2/templates/secrets.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "sysdig.fullname" . }} - labels: -{{ include "sysdig.labels" . | indent 4 }} -type: Opaque -data: - access-key : {{ required "A valid .Values.sysdig.accessKey is required" .Values.sysdig.accessKey | b64enc | quote }} diff --git a/charts/sysdig/sysdig/1.9.200+up1.9.2/templates/securitycontextconstraint.yaml b/charts/sysdig/sysdig/1.9.200+up1.9.2/templates/securitycontextconstraint.yaml deleted file mode 100644 index e604859b2..000000000 --- a/charts/sysdig/sysdig/1.9.200+up1.9.2/templates/securitycontextconstraint.yaml +++ /dev/null @@ -1,42 +0,0 @@ -{{- if and .Values.scc.create (.Capabilities.APIVersions.Has "security.openshift.io/v1") }} -apiVersion: security.openshift.io/v1 -kind: SecurityContextConstraints -metadata: - annotations: - kubernetes.io/description: | - This provides the minimum requirements to the Sysdig agent to run in the Openshift. - name: {{ template "sysdig.fullname" . }} - labels: -{{ include "sysdig.labels" . | indent 4 }} -allowHostDirVolumePlugin: true -allowHostIPC: false -allowHostNetwork: true -allowHostPID: true -allowHostPorts: false -allowPrivilegeEscalation: true -allowPrivilegedContainer: true -allowedCapabilities: [] -allowedUnsafeSysctls: [] -defaultAddCapabilities: [] -fsGroup: - type: RunAsAny -groups: [] -priority: 0 -readOnlyRootFilesystem: false -requiredDropCapabilities: [] -runAsUser: - type: RunAsAny -seLinuxContext: - type: RunAsAny -seccompProfiles: -- '*' -supplementalGroups: - type: RunAsAny -users: -- system:serviceaccount:{{ .Release.Namespace }}:{{ template "sysdig.serviceAccountName" .}} -volumes: -- hostPath -- emptyDir -- secret -- configMap -{{- end }} diff --git a/charts/sysdig/sysdig/1.9.200+up1.9.2/templates/service.yaml b/charts/sysdig/sysdig/1.9.200+up1.9.2/templates/service.yaml deleted file mode 100644 index ba94d6894..000000000 --- a/charts/sysdig/sysdig/1.9.200+up1.9.2/templates/service.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if .Values.auditLog.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "sysdig.fullname" . }} - labels: -{{ include "sysdig.labels" . | indent 4 }} -spec: - selector: - app.kubernetes.io/name: {{ include "sysdig.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - ports: - - protocol: TCP - port: {{ .Values.auditLog.auditServerPort }} -{{- end }} diff --git a/charts/sysdig/sysdig/1.9.200+up1.9.2/templates/serviceaccount.yaml b/charts/sysdig/sysdig/1.9.200+up1.9.2/templates/serviceaccount.yaml deleted file mode 100644 index 141affa38..000000000 --- a/charts/sysdig/sysdig/1.9.200+up1.9.2/templates/serviceaccount.yaml +++ /dev/null @@ -1,8 +0,0 @@ -{{- if .Values.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "sysdig.serviceAccountName" .}} - labels: -{{ include "sysdig.labels" . | indent 4 }} -{{- end }} diff --git a/charts/sysdig/sysdig/1.9.200+up1.9.2/values.yaml b/charts/sysdig/sysdig/1.9.200+up1.9.2/values.yaml deleted file mode 100644 index fb1e29cbb..000000000 --- a/charts/sysdig/sysdig/1.9.200+up1.9.2/values.yaml +++ /dev/null @@ -1,220 +0,0 @@ -# Default values for Sysdig Monitor and Secure Helm package. - -image: - # This is a hack to support RELATED_IMAGE_ feature in Helm based - # Operators - # - # As long as I don't want to people to use this, I will keep it undocumented - overrideValue: - - registry: docker.io - repository: sysdig/agent - tag: 10.3.0 - # Specify a imagePullPolicy - # Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - # ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - pullPolicy: IfNotPresent - # Optionally specify an array of imagePullSecrets. - # Secrets must be manually created in the namespace. - # ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - # - # pullSecrets: - # - name: myRegistrKeySecretName - -resources: - # Although resources needed are subjective on the actual workload we provide - # a sane defaults ones. If you have more questions or concerns, please refer - # to Sysdig Support for more info about it - requests: - cpu: 600m - memory: 512Mi - limits: - cpu: 2000m - memory: 1536Mi - -rbac: - # true here enables creation of rbac resources - create: true - -scc: - # true here enabled creation of Security Context Constraints in Openshift - create: true - -serviceAccount: - # Create and use serviceAccount resources - create: true - # Use this value as serviceAccountName - name: - -daemonset: - # Perform rolling updates by default in the DaemonSet agent - # ref: https://kubernetes.io/docs/tasks/manage-daemon/update-daemon-set/ - updateStrategy: - # You can also customize maxUnavailable, maxSurge or minReadySeconds if you - # need it - type: RollingUpdate - ## Extra environment variables that will be pass onto deployment pods - env: {} - # Allow the DaemonSet to schedule using affinity rules - # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: kubernetes.io/arch - operator: In - values: - - amd64 - - key: kubernetes.io/os - operator: In - values: - - linux - - matchExpressions: - - key: beta.kubernetes.io/arch - operator: In - values: - - amd64 - - key: beta.kubernetes.io/os - operator: In - values: - - linux - # Allow the DaemonSet to set annotations - annotations: {} - -# If is behind a proxy you can set the proxy server -proxy: - httpProxy: - httpsProxy: - noProxy: - -# Set daemonset timezone -timezone: - -# Set daemonset priorityClassName -priorityClassName: - -ebpf: - # Enable eBPF support for Sysdig Agent - enabled: false - - settings: - # Needed to correctly detect the kernel version for the eBPF program - # Set to false if not running on Google COS - mountEtcVolume: true - -slim: - # Uses a slim version of the Sysdig Agent - enabled: false - # When using slim the kernel module is built in other container, which - # contains the toolchain required to build the kernel module. - kmoduleImage: - repository: sysdig/agent-kmodule - - resources: - # Resources required by the kernel module builder image. These are some - # a sane defaults ones, but you can tweak or ask Sysdig Support for more - # info about this - requests: - cpu: 1000m - memory: 348Mi - limits: - memory: 512Mi - -# For Sysdig On-Prem installations or for custom collector settings, set the following fields -collectorSettings: - collectorHost: - collectorPort: - ssl: - sslVerifyCertificate: - -# Setting a cluster name allows you to filter events from this cluster using kubernetes.cluster.name -clusterName: "" - -sysdig: - # Required: You need your Sysdig Agent access key before running agents. - accessKey: "" - - # Disable capture functionality (see https://docs.sysdig.com/en/disable-captures.html) - disableCaptures: false - - # Advanced settings. Any option in here will be directly translated into dragent.yaml in the Configmap - settings: {} - ### Agent tags - # tags: linux:ubuntu,dept:dev,local:nyc - -secure: - # true here enables Sysdig Secure: container run-time security & forensics - enabled: true - -auditLog: - # true here activates the K8s Audit Log feature for Sysdig Secure - enabled: false - auditServerUrl: 0.0.0.0 - auditServerPort: 7765 - - dynamicBackend: - # true here configures an AuditSink who will receive the K8s audit logs - enabled: false - -nodeImageAnalyzer: - deploy: false - image: - repository: sysdig/node-image-analyzer - tag: 0.1.0 - pullPolicy: IfNotPresent - # pullSecrets: - # - name: myRegistrKeySecretName - resources: - requests: - cpu: 250m - memory: 512Mi - limits: - cpu: 500m - memory: 1024Mi - - # Additional advanced settings - settings: {} - -customAppChecks: {} - # Allow passing custom app checks for Sysdig Agent. - # Example: - # - # sample.py: |- - # from checks import AgentCheck - # - # class MyCustomCheck(AgentCheck): - # def check(self, instance): - # self.gauge("testhelm", 1) - -# Promscrape prometheus.yaml not configured by default -prometheus: - file: false - yaml: {} - -extraVolumes: - volumes: [] - mounts: [] - # Allow passing extra volumes to the agent to mount secrets or certificates - # to authenticate in different services. - # Any kind of volume can be passed. Example: - # - # extraVolumes: - # volumes: - # - name: sysdig-new-cm - # configMap: - # name: my-cm - # optional: true - # - name: sysdig-new-secret - # secret: - # secretName: my-secret - # mounts: - # - mountPath: /opt/draios/cm - # name: sysdig-new-cm - # - mountPath: /opt/draios/secret - # name: sysdig-new-secret - -# Allow sysdig to run on Kubernetes 1.6 masters. -tolerations: - - effect: NoSchedule - key: node-role.kubernetes.io/master diff --git a/charts/sysdig/sysdig/1.9.200/CHANGELOG.md b/charts/sysdig/sysdig/1.9.200/CHANGELOG.md deleted file mode 100755 index 3b017ffe4..000000000 --- a/charts/sysdig/sysdig/1.9.200/CHANGELOG.md +++ /dev/null @@ -1,437 +0,0 @@ -# Chart: Sysdig - -## Change Log - -This file documents all notable changes to Sysdig Helm Chart. The release -numbering uses [semantic versioning](http://semver.org). - -## v1.9.2 - -### Minor changes - -* Use latest image from Agent (10.3.0) - -## v1.9.1 - -### Minor changes - -* Remove explicit *onPrem* option. Use *collectorSettings* section instead. - -## v1.9.0 - -### Major changes - -* Option to deploy the [Node Image Analyzer](https://docs.sysdig.com/en/scan-running-images.html). - -### Minor changes - -* Include get/list/watch endpoints in agent clusterrole permissions. - -## v1.8.1 - -### Minor changes - -* Use the latest image from Agent (10.2.0) by default. - -### Bug fixes - -* Fix logic in template that was disabling captures in the agent settings. - -## v1.8.0 - -### Major changes - -* Migrated charts to *sysdiglabs* repository - -### Minor changes - -* Add explicit *clusterName* option in values.yaml -* Add beta.kubernetes.io labels for node affinity, to support older versions -* SCC deployed by default in Openshift (check API security.openshift.io/v1) - -## v1.7.20 - -### Minor changes - -* Use the latest image from Agent (10.1.1) by default. - -## v1.7.19 - -### Minor changes - -* Use the latest image from Agent (10.1.0) by default. - -## v1.7.18 - -### Minor changes - -* Add explicit *disable captures* option to agent settings. - -## v1.7.17 - -### Minor changes - -* Add onPrem as explicit option to set collector host, port and settings -* Fail if no sysdig.accessKey value is provided - -## v1.7.16 - -### Minor changes - -* Include support links in README.md - -## v1.7.15 - -### Minor changes - -* Use the latest image from Agent (10.0.0) by default. - -## v1.7.14 - -### Minor changes - -* Implement a more comprehensive securityContext for running the pod. - -## v1.7.13 - -### Minor changes - -* Implement scheduling with affinity and not with nodeSelector on amd64 & linux nodes. -* Add support for custom annotations on daemonSet. - -## v1.7.12 - -### Minor changes - -* Use the latest image from Agent (9.9.1) by default. -* Use kubernetes.io/arch label on daemonSet to schedule pods only on amd64 nodes. -* Add a livenessProbe to daemonSet. - -## v1.7.11 - -### Minor changes - -* Use app.kubernetes.io labels instead of custom ones - -## v1.7.10 - -### Minor changes - -* Use the latest image from Agent (9.9.0) by default. - -## v1.7.9 - -### Minor changes - -* Add the SecurityContextConstraints if the security.openshift.io/v1 API is detected. - -## v1.7.8 - -### Minor changes - -* Add an image.overrideValue value which is a hack to support - RELATED_IMAGE_ feature in Helm based operators. - -## v1.7.7 - -### Minor changes - -* Use the latest image from Agent (9.8.0) by default. - -## v1.7.6 - -### Minor changes - -* Use rbac.authorization.k8s.io/v1 instead of the beta1 API. -* Fix security key duplication when enabling secure and auditLog. - -## v1.7.5 - -### Minor changes - -* Use the latest image from Agent (9.7.0) by default. - -## v1.7.4 - -### Minor changes - -* Use the latest image from Agent (9.6.1) by default. - -## v1.7.3 - -### Minor changes - -* Removed dependency on ebpf.enabled to set environment variables - -## v1.7.2 - -### Minor changes - -* Use the latest image from Agent (9.5.0) by default. - -## v1.7.1 - -### Major changes - -* Remove the auditLog.clusterIP dependency. Using dynamic backend allows to - rely on DNS queries. - -## v1.7.0 - -### Major changes - -* Enable Sysdig Secure by default. - -## v1.6.0 - -### Major changes - -* Add audit log configuration when deploying the agent. - -## v1.5.0 - -### Major changes - -* Add slim configuration for deploying the agent. - -### Minor changes - -* Mount /etc/modprobe.d from host. -* Drop permissions to read secrets and configmaps. - -## v1.4.25 - -### Minor changes - -* Use the latest image from Agent (0.94.0) by default. - -## v1.4.24 - -### Minor changes - -* Use the latest image from Agent (0.93.1) by default. - -## v1.4.23 - -### Minor changes - -* Update NOTES.txt to use the newest URL for finding the infrastructure. - -## v1.4.22 - -### Minor changes - -* Use the latest image from Agent (0.93.0) by default. - -## v1.4.21 - -* Add 'How to upgrade to last version' to the README - -## v1.4.20 - -### Minor changes - -* Fixes compatibility errors introduced in v1.4.19. - -## v1.4.19 - -### Minor changes - -* Fixes compatibility with kubernetes 1.16. - -## v1.4.18 - -### Minor changes - -* Use the latest image from Agent (0.92.3) by default. - -## v1.4.17 - -### Minor changes - -* Use the latest image from Agent (0.92.2) by default. - -## v1.4.16 - -### Minor changes - -* Allow the DaemonSet to schedule using affinity rules - -## v1.4.15 - -### Minor changes - -* Add configmaps and secrets to the resources we can read -* Add support for priorityClassName, httpProxy, timezone and any env variable settings - -## v1.4.14 - -### Minor changes - -* Update REAMED.md to fix the example in how to use the `sysdig.settings.tags` in the command line with `--set` - -## v1.4.13 - -### Minor changes - -* Use the latest image from Agent (0.92.1) by default. -* Increase `resources.requests` and `resources.limits` to match the [values - provided by Sysdig's agent team.](https://github.com/draios/sysdig-cloud-scripts/blob/master/agent_deploy/kubernetes/sysdig-agent-daemonset-v2.yaml#L70) - -## v1.4.12 - -### Minor changes - -* Use the latest image from Agent (0.92.0) by default. - -## v1.4.11 - -### Minor Changes - -* Add nestorsalceda as an approver in the OWNERS file - -## v1.4.10 - -### Minor Changes - -* Use the latest image from Agent (0.90.3) by default. - -## v1.4.9 - -### Minor Changes - -* Use the latest image from Agent (0.90.2) by default. - -## v1.4.8 - -### Minor Changes - -* Add a volume with the os release information. -* Use the latest image from Agent (0.90.1) by default. - -## v1.4.7 - -### Minor Changes - -* Add apiVersion to Chart.yaml. - -## v1.4.6 - -### Minor Changes - -* Dont allow to change the value of `new_k8s` flag. - -## v1.4.5 - -### Minor Changes - -* Enable `new_k8s` flag by default. This allows kube state metrics to be - automatically detected, monitored, and displayed in Sysdig Monitor. - -## v1.4.4 - -### Minor Changes - -* Use the latest image from Agent (0.89.5) by default. -* Add `persistentvolumes` and `persistentvolumeclaims` to ClusterRole - -## v1.4.3 - -### Minor Changes - -* Provide an empty value to `sysdig.accessKey` key. - -## v1.4.2 - -### Minor Changes - -* Use the latest image from Agent (0.89.4) by default. -* Use latest shovel logo. - -## v1.4.0 - -### Major Changes - -* Use the latest image from Agent (0.89.0) by default. -* eBPF support added. - -## v1.3.2 - -### Minor Changes - -* Provide sane defaults resources for the Sysdig Agent. -* Use RollingUpdate strategy by default. - -## v1.3.1 - -### Minor Changes - -* Revert v1.2.1 changes. The agent automatically restarts when detects a change in the configuration. - -## v1.3.0 - -### Major Changes - -* Use a lower pod termination grace period for avoiding data gaps when pod fails to terminate quickly. -* Check running file on readinessProbe instead of relaying on logs. -* Mount /run and /var/run instead of Docker socket. It allows to access CRI / containerd socket. -* Avoid floating references for the image. - -## v1.2.2 - -### Minor Changes - -* Fix value in the agent tags example. - -## v1.2.1 - -### Minor Changes - -* Add checksum annotations to DaemonSet so that rolling upgrades works when a ConfigMap changes. - -## v1.2.0 - -### Major Changes - -* Allow to use other Docker registries (ECR, Quay ...) to download the Sysdig agent image. - -## v1.1.0 - -### Major Changes - -* Add support for uploading custom app checks for Sysdig agent - -## v1.0.4 - -### Minor Changes - -* Update README file with instructions for setting up the agent with On-Premise deployments - -## v1.0.3 - -### Minor Changes - -* Fixed error in ClusterRoleBinding's roleRef - -## v1.0.2 - -### Minor Changes - -* Fix readinessProbe in daemonset's pod spec - -## v1.0.1 - -### Minor Changes - -* Add dnsPolicy to daemonset. Its value is ClusterFirstWithHostNet -* Fix link target for retrieving Sysdig Monitor Access Key in README - -## v1.0.0 - -### Major Changes - -* Run Sysdig agent as [daemonset v2.0](https://github.com/draios/sysdig-cloud-scripts/blob/master/agent_deploy/kubernetes/sysdig-agent-daemonset-v2.yaml). -* Fix value's naming in order to follow [best practices](https://docs.helm.sh/chart_best_practices/#naming-conventions). -* Use a secure.enabled flag for enabling Sysdig Secure. -* Allow rbac resource creation or use existing serviceAccountName. -* Use required function for retrieving sysdig.accessKey. This ensures that key is present. diff --git a/charts/sysdig/sysdig/1.9.200/Chart.yaml b/charts/sysdig/sysdig/1.9.200/Chart.yaml deleted file mode 100755 index 8bff7b41f..000000000 --- a/charts/sysdig/sysdig/1.9.200/Chart.yaml +++ /dev/null @@ -1,31 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: sysdig -apiVersion: v1 -appVersion: 10.3.0 -description: Sysdig Monitor and Secure agent -home: https://www.sysdig.com/ -icon: https://478h5m1yrfsa3bbe262u7muv-wpengine.netdna-ssl.com/wp-content/uploads/2019/02/Shovel_600px.png -keywords: -- monitoring -- security -- alerting -- metric -- troubleshooting -- run-time -maintainers: -- email: lachlan@deis.com - name: lachie83 -- email: jorge.salamero@sysdig.com - name: bencer -- email: nestor.salceda@sysdig.com - name: nestorsalceda -- email: alvaro.iradier@sysdig.com - name: airadier -- email: carlos.arilla@sysdig.com - name: carillan81 -name: sysdig -sources: -- https://app.sysdigcloud.com/#/settings/user -- https://github.com/draios/sysdig -version: 1.9.200 diff --git a/charts/sysdig/sysdig/1.9.200/DESIGN.md b/charts/sysdig/sysdig/1.9.200/DESIGN.md deleted file mode 100755 index 607f73d67..000000000 --- a/charts/sysdig/sysdig/1.9.200/DESIGN.md +++ /dev/null @@ -1,34 +0,0 @@ -# Chart: Sysdig - -## Design and Known Issues Justification Document - -### Goal - -The goal of this file is to document and give some context about some issues that -forced me to take some decisions in this Chart. - -### Loading Custom App Checks using a ConfigMap and a Yaml file - -In Helm, we are not able to add an external file to a Chart deployment, in fact, -there is an [issue](https://github.com/helm/helm/issues/3276) about this. - -This means that external files like SSL certificates or pluggable files, like -Falco rules or Custom App Checks, should be managed using Helm exclusively. You -can see comments in [first Falco pull request](https://github.com/helm/charts/pull/5853). - -And the way to manage them using Helm is to pass file contents as values to Chart -deployment. A nice tip is using a Yaml file and pass to deployment command line -using the -f flag. - -### OpenShift support - -Right now, there are an issue in [OpenShift](https://github.com/openshift/origin/issues/20788) -and other in [Helm](https://github.com/helm/helm/issues/4533) that makes a bit -cumbersome the OpenShift support for this Chart. - -Eventually, they will be fixed. But meanwhile a workaround is to create a -serviceAccount using the `oc` utility. Also manage permissions for creating privileged -containers and allowing hostPath mount with `oc` and deploy the Chart with the -`serviceAccount.name` created with `oc`. - -You can see more details about this workaround on [Sysdig Documentation about OpenShift](https://sysdigdocs.atlassian.net/wiki/spaces/Platform/pages/256671843/). diff --git a/charts/sysdig/sysdig/1.9.200/OWNERS b/charts/sysdig/sysdig/1.9.200/OWNERS deleted file mode 100755 index a424cc075..000000000 --- a/charts/sysdig/sysdig/1.9.200/OWNERS +++ /dev/null @@ -1,6 +0,0 @@ -approvers: -- bencer -- nestorsalceda -reviewers: -- bencer -- nestorsalceda diff --git a/charts/sysdig/sysdig/1.9.200/README-AWS.md b/charts/sysdig/sysdig/1.9.200/README-AWS.md deleted file mode 100755 index a9eea4564..000000000 --- a/charts/sysdig/sysdig/1.9.200/README-AWS.md +++ /dev/null @@ -1,45 +0,0 @@ -# Chart: Sysdig - -## Deploying the AWS Marketplace Sysdig agent image - -This is an use case similar to pulling images from a private registry. First you -need to get the authorization token for the AWS Marketplace ECS image registry: - -```bash -aws ecr --region=us-east-1 get-authorization-token --output text --query authorizationData[].authorizationToken | base64 -d | cut -d: -f2 -``` - -And then use it to create the Secret. Don't forget to replace TOKEN and EMAIL -with your own values: - -```bash -kubectl create secret docker-registry aws-marketplace-credentials \ - --docker-server=217273820646.dkr.ecr.us-east-1.amazonaws.com \ - --docker-username=AWS \ - --docker-password="TOKEN" \ - --docker-email="EMAIL" -``` - -Next you need to create a values YAML file to pass the specific ECS registry -configuration (you will find these values when you activate the software from -the AWS Marketplace): - -```yaml -sysdig: - accessKey: XxxXXxXXxXXxxx - -image: - registry: 217273820646.dkr.ecr.us-east-1.amazonaws.com - repository: 2df5da52-6fa2-46f6-b164-5b879e86fd85/cg-3361214151/agent - tag: 0.85.1-latest - pullSecrets: - - name: aws-marketplace-credentials -``` - -Finally, set the accessKey value and you are ready to deploy the Sysdig agent -using the Helm chart: - -```bash -helm install --name sysdig-agent -f aws-marketplace-values.yaml stable/sysdig -``` - diff --git a/charts/sysdig/sysdig/1.9.200/README.md b/charts/sysdig/sysdig/1.9.200/README.md deleted file mode 100755 index cac7539cb..000000000 --- a/charts/sysdig/sysdig/1.9.200/README.md +++ /dev/null @@ -1,377 +0,0 @@ -# Chart: Sysdig - -[Sysdig](https://sysdig.com/) is a unified platform for container and microservices monitoring, troubleshooting, security and forensics. Sysdig platform has been built on top of [Sysdig tool](https://sysdig.com/opensource/sysdig/) and [Sysdig Inspect](https://sysdig.com/blog/sysdig-inspect/) open-source technologies. - -## Introduction - -This chart adds the Sysdig agent for [Sysdig Monitor](https://sysdig.com/product/monitor/) and [Sysdig Secure](https://sysdig.com/product/secure/) to all nodes in your cluster via a DaemonSet. - -## Prerequisites - -- Kubernetes 1.9+ with Beta APIs enabled - -## Installing the Chart - -To install the chart with the release name `my-release`, retrieve your Sysdig Monitor Access Key from your [Account Settings](https://app.sysdigcloud.com/#/settings/agentInstallation) and run: - -```bash -$ helm repo add sysdiglabs https://sysdiglabs.github.io/charts/ -``` - -to add the `sysdiglabs` Helm chart repository. Then run: - -```bash -$ helm install --name my-release --set sysdig.accessKey=YOUR-KEY-HERE sysdiglabs/sysdig -``` - -After a few seconds, you should see hosts and containers appearing in Sysdig Monitor and Sysdig Secure. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `my-release` deployment: - -```bash -$ helm delete my-release -``` -> **Tip**: Use helm delete --purge my-release to completely remove the release from Helm internal storage - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Configuration - -The following table lists the configurable parameters of the Sysdig chart and their default values. - -| Parameter | Description | Default | -| --- | --- | --- | -| `image.registry` | Sysdig Agent image registry | `docker.io` | -| `image.repository` | The image repository to pull from | `sysdig/agent` | -| `image.tag` | The image tag to pull | `10.3.0` | -| `image.pullPolicy` | The Image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Image pull secrets | `nil` | -| `resources.requests.cpu` | CPU requested for being run in a node | `600m` | -| `resources.requests.memory` | Memory requested for being run in a node | `512Mi` | -| `resources.limits.cpu` | CPU limit | `2000m` | -| `resources.limits.memory` | Memory limit | `1536Mi` | -| `rbac.create` | If true, create & use RBAC resources | `true` | -| `scc.create` | Create OpenShift's Security Context Constraint | `true` | -| `serviceAccount.create` | Create serviceAccount | `true` | -| `serviceAccount.name` | Use this value as serviceAccountName | ` ` | -| `daemonset.updateStrategy.type` | The updateStrategy for updating the daemonset | `RollingUpdate` | -| `daemonset.affinity` | Node affinities | `schedule on amd64 and linux` | -| `daemonset.annotations` | Custom annotations for daemonset | `{}` | -| `slim.enabled` | Use the slim based Sysdig Agent image | `false` | -| `slim.kmoduleImage.repository` | The kernel module image builder repository to pull from | `sysdig/agent-kmodule` | -| `slim.resources.requests.cpu` | CPU requested for building the kernel module | `1000m` | -| `slim.resources.requests.memory` | Memory requested for building the kernel module | `348Mi` | -| `slim.resources.limits.memory` | Memory limit for building the kernel module | `512Mi` | -| `ebpf.enabled` | Enable eBPF support for Sysdig instead of `sysdig-probe` kernel module | `false` | -| `ebpf.settings.mountEtcVolume` | Needed to detect which kernel version are running in Google COS | `true` | -| `clusterName` | Set a cluster name to identify events using *kubernetes.cluster.name* tag | ` ` | -| `sysdig.accessKey` | Your Sysdig Monitor Access Key | `Nil` You must provide your own key | -| `sysdig.disableCaptures` | Disable capture functionality (see https://docs.sysdig.com/en/disable-captures.html) | `false` | -| `sysdig.settings` | Additional settings, directly included in the agent's configuration file `dragent.yaml` | `{}` | -| `secure.enabled` | Enable Sysdig Secure | `true` | -| `auditLog.enabled` | Enable K8s audit log support for Sysdig Secure | `false` | -| `auditLog.auditServerUrl` | The URL where Sysdig Agent listens for K8s audit log events | `0.0.0.0` | -| `auditLog.auditServerPort` | Port where Sysdig Agent listens for K8s audit log events | `7765` | -| `auditLog.dynamicBackend.enabled` | Deploy the Audit Sink where Sysdig listens for K8s audit log events | `false` | -| `customAppChecks` | The custom app checks deployed with your agent | `{}` | -| `nodeImageAnalyzer.deploy` | Deploy the Node Image Analyzer (See https://docs.sysdig.com/en/scan-running-images.html)| `false` | -| `nodeImageAnalyzer.image.repository` | The image repository to pull the Node Image Analyzer from | `sysdig/node-image-analyzer` | -| `nodeImageAnalyzer.image.tag` | The image tag to pull the Node Image Analyzer | `0.1.1` | -| `nodeImageAnalyzer.image.pullPolicy` | The Image pull policy for the Node Image Analyzer | `IfNotPresent` | -| `nodeImageAnalyzer.image.pullSecrets` | Image pull secrets for the Node Image Analyzer | `nil` | -| `nodeImageAnalyzer.resources.requests.cpu` | Node Image Analyzer CPU requests per node | `250m` | -| `nodeImageAnalyzer.resources.requests.memory` | Node Image Analyzer Memory requests per node | `512Mi` | -| `nodeImageAnalyzer.resources.limits.cpu` | Node Image Analyzer CPU limit per node | `500m` | -| `nodeImageAnalyzer.resources.limits.memory` | Node Image Analyzer Memory limit per node | `1024Mi` | -| `nodeImageAnalyzer.settings` | Additional Node Image Analyzer settings | `{}` | -| `tolerations` | The tolerations for scheduling | `node-role.kubernetes.io/master:NoSchedule` | -| `prometheus.file` | Use file to configure promscrape | `false` | -| `prometheus.yaml` | prometheus.yaml content to configure metric collection: relabelling and filtering | ` ` | -| `extraVolume.volumes` | Additional volumes to mount in the sysdig agent to pass new secrets or configmaps | `[]` | -| `extraVolume.mounts` | Mount points for additional volumes | `[]` | - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```bash -$ helm install --name my-release \ - --set sysdig.accessKey=YOUR-KEY-HERE,sysdig.settings.tags="role:webserver\,location:europe" \ - sysdiglabs/sysdig -``` - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```bash -$ helm install --name my-release -f values.yaml sysdiglabs/sysdig -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -## On-Premise backend deployment settings - -Sysdig platform backend can be also deployed On-Premise in your own infrastructure. - -Installing the agent using the Helm chart is also possible in this scenario, and you can enable it with the following parameters: - -| Parameter | Description | Default | -| --- | --- | --- | -| `collectorSettings.collectorHost` | The IP address or hostname of the collector | ` ` | -| `collectorSettings.collectorPort` | The port where collector is listening | 6443 | -| `collectorSettings.ssl` | The collector accepts SSL | `true` | -| `collectorSettings.sslVerifyCertificate` | Set to false if you don't want to verify SSL certificate | `true` | - -For example: - -```bash -$ helm install --name my-release \ - --set sysdig.accessKey=YOUR-KEY-HERE \ - --set collectorSettings.collectorHost=42.32.196.18 \ - --set collectorSettings.collectorPort=6443 \ - --set collectorSettings.sslVerifyCertificate=false \ - sysdiglabs/sysdig -``` - -## Using private Docker image registry - -If you pull the Sysdig agent Docker image from a private registry that requires authentication, some additional configuration is required. - -First, create a secret that stores the registry credentials: - -```bash -$ kubectl create secret docker-registry SECRET_NAME \ - --docker-server=SERVER \ - --docker-username=USERNAME \ - --docker-password=TOKEN \ - --docker-email=EMAIL -``` - -Then, point to this secret in the values YAML file: - -```yaml -sysdig: - accessKey: YOUR-KEY-HERE -image: - registry: myrepo.mydomain.tld - repository: sysdig-agent - tag: latest-tag - pullSecrets: - - name: SECRET_NAME -``` - -Finally, set the accessKey value and you are ready to deploy the Sysdig agent -using the Helm chart: - -```bash -$ helm install --name my-release -f values.yaml sysdiglabs/sysdig -``` - -You can read more details about this in [Kubernetes Documentation](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/). - -## Modifying Sysdig agent configuration - -The Sysdig agent uses a file called `dragent.yaml` to store the configuration. - -Using the Helm chart, the default configuration settings can be updated using `sysdig.settings` either via `--set sysdig.settings.key = value` or in the values YAML file. For example, to eanble Prometheus metrics scraping, you need this in your `values.yaml` file:: - -```yaml -sysdig: - accessKey: YOUR-KEY-HERE - settings: - prometheus: - enabled: true - histograms: true -``` - -```bash -$ helm install --name my-release -f values.yaml sysdiglabs/sysdig -``` - -## Upgrading Sysdig agent configuration - -If you need to upgrade the agent configuration file, first modify the YAML file (in this case we are increasing the metrics limit scraping Prometheus metrics): - -```yaml -sysdig: - accessKey: YOUR-KEY-HERE - settings: - prometheus: - enabled: true - histograms: true - max_metrics: 2000 - max_metrics_per_process: 400 -``` - -And then, upgrade Helm chart with: - -```bash -$ helm upgrade my-release -f values.yaml sysdiglabs/sysdig -``` - -## How to upgrade to the last version - -First of all ensure you have the lastest chart version - -```bash -$ helm repo update -``` - -In case you deployed the chart with a values.yaml file, you just need to modify (or add if it's missing) the `image.tag` field and execute: - -```bash -$ helm install --name sysdig -f values.yaml sysdiglabs/sysdig -``` - -If you deployed the chart setting the values as CLI parameters, like for example: - -```bash -$ helm install \ - --name sysdig \ - --set sysdig.accessKey=xxxx \ - --set ebpf.enabled=true \ - --namespace sysdig-agent \ - sysdiglabs/sysdig -``` - -You will need to execute: - -```bash -$ helm upgrade --set image.tag= --reuse-values sysdig sysdiglabs/sysdig -``` - -## Adding custom AppChecks - -[Application checks](https://sysdigdocs.atlassian.net/wiki/spaces/Monitor/pages/204767363/) are integrations that allow the Sysdig agent to collect metrics exposed by specific services. Sysdig has several built-in AppChecks, but sometimes you might need to [create your own](https://sysdigdocs.atlassian.net/wiki/spaces/Monitor/pages/204767436/). - -Your own AppChecks can deployed with the Helm chart embedding them in the values YAML file: - -```yaml -customAppChecks: - sample.py: |- - from checks import AgentCheck - - class MyCustomCheck(AgentCheck): - def check(self, instance): - self.gauge("testhelm", 1) - -sysdig: - accessKey: YOUR-KEY-HERE - settings: - app_checks: - - name: sample - interval: 10 - pattern: # pattern to match the application - comm: myprocess - conf: - mykey: myvalue -``` - -The first section, dumps the AppCheck in a Kubernetes configmap and makes it available within the Sysdig agent container. The second, configures it on the `dragent.yaml` file. - -Once the values YAML file is ready, we will deploy the Chart like before: - -```bash -$ helm install --name my-release -f values.yaml sysdiglabs/sysdig -``` - -### Automating the generation of custom-app-checks.yaml file - -Sometimes editing and maintaining YAML files can be a bit cumbersome and error-prone, so we have created a script for automating this process and make your life easier. - -Imagine that you have custom AppChecks for a number of services like Redis, MongoDB and Traefik. - -You have already a `values.yaml` with just your configuration: - -```yaml -sysdig: - accessKey: YOUR-KEY-HERE - settings: - app_checks: - - name: myredis - [...] - - name: mymongo - [...] - - name: mytraefik - [...] -``` - -You can generate an additional values YAML file with the custom AppChecks: - -```bash -$ git clone https://github.com/kubernetes/charts.git -$ cd charts/sysdiglabs/sysdig -$ ./scripts/appchecks2helm appChecks/solr.py appChecks/traefik.py appChecks/nats.py > custom-app-checks.yaml -``` - -And deploy the Chart with both of them: - -```bash -$ helm install --name my-release -f custom-app-checks.yaml -f values.yaml sysdiglabs/sysdig -``` - -### Adding prometheus.yaml to configure promscrape - -Promscrape is the component used to collect Prometheus metrics from the sysdig agent. It is based on Prometheus and accepts the same configuration format. - -This file can contain relabelling rules and filters to remove certain metrics or add some configurations to the collection. An example of this file could be: - -```yaml -global: - scrape_interval: 15s - evaluation_interval: 15s -scrape_configs: -- job_name: 'prometheus' # config for federation - honor_labels: true - metrics_path: '/federate' - metric_relabel_configs: - - regex: 'kubernetes_pod_name' - action: labeldrop - params: - 'match[]': - - '{sysdig="true"}' - sysdig_sd_configs: - - tags: - namespace: monitoring - deployment: prometheus-server -``` -`sysdig_sd_configs` allows to select the targets obtained by Sysdig agents to apply the rules in the job. Check [how to configure filtering in sysdig documentation](https://docs.sysdig.com/en/filtering-prometheus-metrics.html). - - -### Adding additional volumes - -To add a new volume to the sysdig agent. - -In order to pass new config maps or secrets used for authentication (for example for Prometheus endpoints) you can mount additional secrets, configmaps or volumes. An example of this could be: - -```yaml -extraVolumes: - volumes: - - name: sysdig-new-cm - configMap: - name: my-cm - optional: true - - name: sysdig-new-secret - secret: - secretName: my-secret - mounts: - - mountPath: /opt/draios/cm - name: sysdig-new-cm - - mountPath: /opt/draios/secret - name: sysdig-new-secret -``` - -## Support - -For getting support from the Sysdig team, you should refer to the official -[Sysdig Support page](https://sysdig.com/support). - -In addition to this, you can browse the documentation for the different -components of the Sysdig Platform: - -* [Sysdig Monitor](https://app.sysdigcloud.com) -* [Sysdig Secure](https://secure.sysdig.com) -* [Platform Documentation](https://docs.sysdig.com/en/sysdig-platform.html) -* [Monitor Documentation](https://docs.sysdig.com/en/sysdig-monitor.html) -* [Secure Documentation](https://docs.sysdig.com/en/sysdig-secure.html) diff --git a/charts/sysdig/sysdig/1.9.200/app-readme.md b/charts/sysdig/sysdig/1.9.200/app-readme.md deleted file mode 100755 index 80c6133f0..000000000 --- a/charts/sysdig/sysdig/1.9.200/app-readme.md +++ /dev/null @@ -1,20 +0,0 @@ -# Sysdig Secure DevOps Platform - -Sysdig enables companies to confidently run cloud-native workloads in production. With the Sysdig Secure DevOps Platform, cloud teams embed security, maximize availability, and validate compliance. The Sysdig platform is open by design, with the scale, performance, and usability enterprises demand. The largest companies rely on Sysdig for cloud-native security and visibility. - -## Embed security -* Detect vulnerabilities and misconfigurations with a single workflow -* Block threats without impacting performance using K8s controls -* Conduct forensics even after the container is gone - -## Maximize availability -* Prevent issues by monitoring performance and capacity -* Accelerate troubleshooting with a single source of truth -* Scale Prometheus monitoring across clusters and clouds - -## Validate compliance -* Verify configuration meets CIS best practices -* Ensure application compliance with NIST, PCI -* Enable audit by correlating Kubernetes activity - -Learn more at [sysdig.com](https://sysdig.com/) diff --git a/charts/sysdig/sysdig/1.9.200/ci/test-values.yaml b/charts/sysdig/sysdig/1.9.200/ci/test-values.yaml deleted file mode 100755 index a6745f8b2..000000000 --- a/charts/sysdig/sysdig/1.9.200/ci/test-values.yaml +++ /dev/null @@ -1,2 +0,0 @@ -sysdig: - accessKey: xxx diff --git a/charts/sysdig/sysdig/1.9.200/questions.yml b/charts/sysdig/sysdig/1.9.200/questions.yml deleted file mode 100755 index 26e0d4358..000000000 --- a/charts/sysdig/sysdig/1.9.200/questions.yml +++ /dev/null @@ -1,100 +0,0 @@ -questions: -#image configurations -- variable: defaultImage - default: true - description: "Use default Sysdig image or specify a custom one" - label: Use Default Sysdig Image - type: boolean - show_subquestion_if: false - group: "Container Images" - subquestions: - - variable: image.repository - default: "sysdig/agent" - description: "Sysdig Image Name" - type: string - label: Sysdig Image Name - - variable: image.tag - default: "10.3.0" - description: "Sysdig Image Tag" - type: string - label: Sysdig Image Tag -#agent configurations -- variable: sysdig.accessKey - default: "" - description: "You need your Sysdig accessKey before running agents" - type: string - required: true - label: Sysdig accessKey -- variable: sysdig.backend - default: "Sysdig SaaS" - description: "Where is Sysdig backend hosted on" - type: enum - label: Sysdig Backend - group: "Agent Configuration" - required: true - options: - - "sysdig-saas" - - "self-hosted" -- variable: sysdig.settings.collector - required: true - default: "collector.sysdigcloud.com" - description: "The host of the Sysdig collector the agent sends data to, only set this option if you need the agent to send data to a custom backend" - type: string - label: Sysdig Collector - group: "Agent Configuration" - show_if: "sysdig.backend=self-hosted" -- variable: sysdig.settings.collector_port - required: true - default: "6443" - description: "The port where the Sysdig collector listens to" - type: string - label: Sysdig Collector Port - group: "Agent Configuration" - show_if: "sysdig.backend=self-hosted" -- variable: sysdig.settings.ssl - required: true - default: true - description: "Use SSL to connect to the Sysdig collector" - type: boolean - label: Sysdig Collector SSL - group: "Agent Configuration" - show_if: "sysdig.backend=self-hosted" -- variable: sysdig.settings.ssl_verify_certificate - required: true - default: true - description: "Validate SSL certificate from the Sysdig collector" - type: boolean - label: Sysdig Collector Verify SSL Certificate - group: "Agent Configuration" - show_if: "sysdig.backend=self-hosted&&sysdig.settings.ssl=true" -- variable: sysdig.settings.tags - default: "" - description: "Agent tags, separated by commas. For example: 'linux:ubuntu,dept:dev,local:nyc'" - type: string - label: Agent Tags - group: "Agent Configuration" -- variable: ebpf.enabled - default: false - description: "Enable eBPF support for Sysdig agent instead of kernel module" - type: boolean - label: Enable eBPF - group: "Agent Configuration" -#proxy configurations -- variable: proxy.httpProxy - default: "" - description: "An http URL to use as a proxy for http requests" - type: string - label: Proxy for HTTP Requests - group: "Proxy Configuration" -- variable: proxy.httpsProxy - default: "" - description: "An http URL to use as a proxy for https requests" - type: string - label: Proxy for HTTPS Requests - group: "Proxy Configuration" -- variable: proxy.noProxy - default: "" - description: "A space-separated list of URLs for which no proxy should be used" - type: string - label: No Proxy List (separated by a space) - group: "Proxy Configuration" diff --git a/charts/sysdig/sysdig/1.9.200/scripts/appchecks2helm b/charts/sysdig/sysdig/1.9.200/scripts/appchecks2helm deleted file mode 100755 index f9e0f2d21..000000000 --- a/charts/sysdig/sysdig/1.9.200/scripts/appchecks2helm +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash - -echo "customAppChecks:" -for app_check in "$@" -do - echo -e " $(basename $app_check): |-" - while IFS= read -r line - do - echo -e " $line" - done <"$app_check" -done diff --git a/charts/sysdig/sysdig/1.9.200/templates/NOTES.txt b/charts/sysdig/sysdig/1.9.200/templates/NOTES.txt deleted file mode 100755 index 131548b8a..000000000 --- a/charts/sysdig/sysdig/1.9.200/templates/NOTES.txt +++ /dev/null @@ -1,9 +0,0 @@ -The agent for Sysdig Secure DevOps Platform is spinning up on each node in your -cluster. After a few seconds, you should see your hosts appearing in the -Explore tab: - - https://app.sysdigcloud.com/#/explore/overview/l:10 - - https://secure.sysdig.com/#/events/l:600/*/*?viewAs=list - -No further action should be required. diff --git a/charts/sysdig/sysdig/1.9.200/templates/_helpers.tpl b/charts/sysdig/sysdig/1.9.200/templates/_helpers.tpl deleted file mode 100755 index 5649026a7..000000000 --- a/charts/sysdig/sysdig/1.9.200/templates/_helpers.tpl +++ /dev/null @@ -1,109 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "sysdig.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "sysdig.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "sysdig.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "sysdig.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "sysdig.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Define the proper imageRegistry to use for agent and kmodule image -*/}} -{{- define "sysdig.imageRegistry" -}} -{{- if and .Values.global (hasKey (default .Values.global dict) "imageRegistry") -}} - {{- .Values.global.imageRegistry -}} -{{- else -}} - {{- .Values.image.registry -}} -{{- end -}} -{{- end -}} - -{{/* -Return the proper Sysdig Agent image name -*/}} -{{- define "sysdig.repositoryName" -}} -{{- .Values.image.repository -}} {{- if .Values.slim.enabled -}} -slim {{- end -}} -{{- end -}} - -{{- define "sysdig.image" -}} -{{- if .Values.image.overrideValue }} - {{- printf .Values.image.overrideValue -}} -{{- else -}} - {{- include "sysdig.imageRegistry" . -}} / {{- include "sysdig.repositoryName" . -}} : {{- .Values.image.tag -}} -{{- end -}} -{{- end -}} - -{{/* -Return the proper Sysdig Agent image name for module building -*/}} -{{- define "sysdig.image.kmodule" -}} - {{- include "sysdig.imageRegistry" . -}} / {{- .Values.slim.kmoduleImage.repository -}} : {{- .Values.image.tag -}} -{{- end -}} - -{{/* -Return the proper Sysdig Agent image name for the Node Image Analyzer -*/}} -{{- define "sysdig.image.nodeImageAnalyzer" -}} - {{- include "sysdig.imageRegistry" . -}} / {{- .Values.nodeImageAnalyzer.image.repository -}} : {{- .Values.nodeImageAnalyzer.image.tag -}} -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "sysdig.labels" -}} -helm.sh/chart: {{ include "sysdig.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} - - -{{/* -Use like: {{ include "get_or_fail_if_in_settings" (dict "root" . "key" "" "setting" "") }} -Return the value of key "" and if "" is also defined in sysdig.settings., and error is thrown -NOTE: I don't like the error message! Too much information. -*/}} -{{- define "get_or_fail_if_in_settings" -}} -{{- $keyValue := tpl (printf "{{- .Values.%s -}}" .key) .root }} -{{- if $keyValue -}} - {{- if hasKey .root.Values.sysdig.settings .setting }}{{ fail (printf "Value '%s' is also set via .sysdig.settings.%s'." .key .setting) }}{{- end -}} - {{- $keyValue -}} -{{- end -}} -{{- end -}} \ No newline at end of file diff --git a/charts/sysdig/sysdig/1.9.200/templates/auditsink.yaml b/charts/sysdig/sysdig/1.9.200/templates/auditsink.yaml deleted file mode 100755 index 4f8378ea0..000000000 --- a/charts/sysdig/sysdig/1.9.200/templates/auditsink.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if and .Values.auditLog.enabled .Values.auditLog.dynamicBackend.enabled }} -apiVersion: auditregistration.k8s.io/v1alpha1 -kind: AuditSink -metadata: - name: {{ template "sysdig.fullname" . }} - labels: -{{ include "sysdig.labels" . | indent 4 }} -spec: - policy: - level: RequestResponse - stages: - - ResponseComplete - - ResponseStarted - webhook: - throttle: - qps: 10 - burst: 15 - clientConfig: - service: - namespace: {{ .Release.Namespace }} - name: {{ template "sysdig.fullname" . }} - port: {{ .Values.auditLog.auditServerPort }} - path: /k8s_audit -{{- end }} diff --git a/charts/sysdig/sysdig/1.9.200/templates/clusterrole.yaml b/charts/sysdig/sysdig/1.9.200/templates/clusterrole.yaml deleted file mode 100755 index 35fde6101..000000000 --- a/charts/sysdig/sysdig/1.9.200/templates/clusterrole.yaml +++ /dev/null @@ -1,66 +0,0 @@ -{{- if .Values.rbac.create }} -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ template "sysdig.fullname" .}} - labels: -{{ include "sysdig.labels" . | indent 4 }} -rules: - - apiGroups: - - "" - resources: - - pods - - replicationcontrollers - - services - - endpoints - - events - - limitranges - - namespaces - - nodes - - resourcequotas - - persistentvolumes - - persistentvolumeclaims - verbs: - - get - - list - - watch - - apiGroups: - - apps - resources: - - daemonsets - - deployments - - replicasets - - statefulsets - verbs: - - get - - list - - watch - - apiGroups: - - autoscaling - resources: - - horizontalpodautoscalers - verbs: - - get - - list - - watch - - apiGroups: - - batch - resources: - - cronjobs - - jobs - verbs: - - get - - list - - watch - - apiGroups: - - extensions - resources: - - daemonsets - - deployments - - ingresses - - replicasets - verbs: - - get - - list - - watch -{{- end }} diff --git a/charts/sysdig/sysdig/1.9.200/templates/clusterrolebinding.yaml b/charts/sysdig/sysdig/1.9.200/templates/clusterrolebinding.yaml deleted file mode 100755 index f8ab01298..000000000 --- a/charts/sysdig/sysdig/1.9.200/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.rbac.create }} -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ template "sysdig.fullname" .}} - labels: -{{ include "sysdig.labels" . | indent 4 }} -subjects: - - kind: ServiceAccount - name: {{ template "sysdig.serviceAccountName" .}} - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: {{ template "sysdig.fullname" .}} - apiGroup: rbac.authorization.k8s.io -{{- end }} diff --git a/charts/sysdig/sysdig/1.9.200/templates/configmap-custom-app-checks.yaml b/charts/sysdig/sysdig/1.9.200/templates/configmap-custom-app-checks.yaml deleted file mode 100755 index 6f0495efa..000000000 --- a/charts/sysdig/sysdig/1.9.200/templates/configmap-custom-app-checks.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if .Values.customAppChecks }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "sysdig.fullname" . }}-custom-app-checks - labels: -{{ include "sysdig.labels" . | indent 4 }} -data: -{{- range $file, $content := .Values.customAppChecks }} - {{ $file }}: |- -{{ $content | indent 4}} -{{- end }} -{{- end }} diff --git a/charts/sysdig/sysdig/1.9.200/templates/configmap-image-analyzer.yaml b/charts/sysdig/sysdig/1.9.200/templates/configmap-image-analyzer.yaml deleted file mode 100755 index d62acb6d5..000000000 --- a/charts/sysdig/sysdig/1.9.200/templates/configmap-image-analyzer.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{- if .Values.nodeImageAnalyzer.deploy }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "sysdig.fullname" . }}-image-analyzer - labels: -{{ include "sysdig.labels" . | indent 4 }} -data: - debug: "{{ .Values.nodeImageAnalyzer.settings.debug | default false }}" - {{- if .Values.nodeImageAnalyzer.settings.imagePeriod }} - image_period: {{ .Values.nodeImageAnalyzer.settings.imagePeriod }} - {{- end }} - {{- if .Values.nodeImageAnalyzer.settings.imageCacheTTL }} - image_cache_ttl: {{ .Values.nodeImageAnalyzer.settings.imageCacheTTL }} - {{- end }} - {{- if .Values.nodeImageAnalyzer.settings.reportPeriod }} - report_period: {{ .Values.nodeImageAnalyzer.settings.reportPeriod }} - {{- end }} - {{- if .Values.nodeImageAnalyzer.settings.dockerSocketPath }} - docker_socket_path: {{ .Values.nodeImageAnalyzer.settings.dockerSocketPath }} - {{- end }} - {{- if .Values.nodeImageAnalyzer.settings.criSocketPath }} - cri_socket_path: {{ .Values.nodeImageAnalyzer.settings.criSocketPath }} - {{- end }} - {{- if .Values.nodeImageAnalyzer.settings.collectorEndpoint }} - collector_endpoint: {{ .Values.nodeImageAnalyzer.settings.collectorEndpoint }} - {{- end }} - {{- if .Values.nodeImageAnalyzer.settings.checkCertificate }} - check_certificate: {{ .Values.nodeImageAnalyzer.settings.checkCertificate }} - {{- end }} - {{- if .Values.nodeImageAnalyzer.settings.collectorTimeout }} - collector_timeout: {{ .Values.nodeImageAnalyzer.settings.collectorTimeout }} - {{- end }} -{{- end }} diff --git a/charts/sysdig/sysdig/1.9.200/templates/configmap.yaml b/charts/sysdig/sysdig/1.9.200/templates/configmap.yaml deleted file mode 100755 index 543f62af7..000000000 --- a/charts/sysdig/sysdig/1.9.200/templates/configmap.yaml +++ /dev/null @@ -1,54 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "sysdig.fullname" . }} - labels: -{{ include "sysdig.labels" . | indent 4 }} -data: - dragent.yaml: | - new_k8s: true -{{- $clusterName := include "get_or_fail_if_in_settings" (dict "root" . "key" "clusterName" "setting" "k8s_cluster_name")}} -{{- if $clusterName }} - k8s_cluster_name: {{ $clusterName }} -{{- end }} -{{- if or .Values.secure.enabled .Values.auditLog.enabled }} - security: - {{- if .Values.auditLog.enabled }} - k8s_audit_server_url: {{ .Values.auditLog.auditServerUrl }} - k8s_audit_server_port: {{ .Values.auditLog.auditServerPort }} - {{- end }} - {{- if .Values.secure.enabled }} - enabled: true - commandlines_capture: - enabled: true - memdump: - enabled: true - {{- end }} -{{- end }} -{{- $disableCaptures := include "get_or_fail_if_in_settings" (dict "root" . "key" "sysdig.disableCaptures" "setting" "sysdig_capture_enabled")}} -{{- if eq $disableCaptures "true" }} - sysdig_capture_enabled: false -{{- end }} -{{- $collectorHost := include "get_or_fail_if_in_settings" (dict "root" . "key" "collectorSettings.collectorHost" "setting" "collector")}} -{{- if $collectorHost }} - collector: {{ $collectorHost }} -{{- end }} -{{- $collectorPort := include "get_or_fail_if_in_settings" (dict "root" . "key" "collectorSettings.collectorPort" "setting" "collector_port")}} -{{- if $collectorPort }} - collector_port: {{ $collectorPort }} -{{- end }} -{{- $ssl := include "get_or_fail_if_in_settings" (dict "root" . "key" "collectorSettings.ssl" "setting" "ssl")}} -{{- if $ssl }} - ssl: {{ $ssl }} -{{- end }} -{{- $sslVerifyCertificate := include "get_or_fail_if_in_settings" (dict "root" . "key" "collectorSettings.sslVerifyCertificate" "setting" "ssl_verify_certificate")}} -{{- if $sslVerifyCertificate }} - ssl_verify_certificate: {{ $sslVerifyCertificate }} -{{- end }} -{{- if .Values.sysdig.settings }} -{{ toYaml .Values.sysdig.settings | indent 4 }} -{{- end }} -{{- if .Values.prometheus.file }} - prometheus.yaml: | -{{ toYaml .Values.prometheus.yaml | indent 4 }} -{{- end }} \ No newline at end of file diff --git a/charts/sysdig/sysdig/1.9.200/templates/daemonset-image-analyzer.yaml b/charts/sysdig/sysdig/1.9.200/templates/daemonset-image-analyzer.yaml deleted file mode 100755 index ae9888bbf..000000000 --- a/charts/sysdig/sysdig/1.9.200/templates/daemonset-image-analyzer.yaml +++ /dev/null @@ -1,148 +0,0 @@ -{{- if .Values.nodeImageAnalyzer.deploy }} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ template "sysdig.fullname" . }}-image-analyzer - labels: - app.kubernetes.io/name: {{ include "sysdig.name" . }}-image-analyzer -{{ include "sysdig.labels" . | indent 4 }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: {{ include "sysdig.name" . }}-image-analyzer - app.kubernetes.io/instance: {{ .Release.Name }} - updateStrategy: - type: RollingUpdate - template: - metadata: - name: {{ template "sysdig.fullname" . }}-image-analyzer - labels: - app.kubernetes.io/name: {{ include "sysdig.name" . }}-image-analyzer -{{ include "sysdig.labels" . | indent 8 }} - spec: - volumes: - # Needed for cri-o image inspection. - # cri-o and especially OCP 4.x by default use containers/storage to handle images, and this makes sure that the - # analyzer has access to the configuration. This file is mounted read-only. - - name: etc-containers-storage-vol - hostPath: - path: /etc/containers/storage.conf - # Needed for cri-o image inspection. - # This is the directory where image data is stored by default when using cri-o and OCP 4.x and the analyzer - # uses it to get the data to scan. This directory must be mounted r/w because proper access to its files through - # the containers/storage library is always regulated with a lockfile. - - name: var-lib-containers-vol - hostPath: - path: /var/lib/containers - # Needed for socket access - - name: varrun-vol - hostPath: - path: /var/run - # Add custom volume here - - name: sysdig-image-analyzer-config - configMap: - name: {{ template "sysdig.fullname" . }}-image-analyzer - optional: true - tolerations: - - effect: NoSchedule - key: node-role.kubernetes.io/master - # The following line is necessary for RBAC - serviceAccount: {{ template "sysdig.serviceAccountName" .}} - {{- if .Values.nodeImageAnalyzer.image.pullSecrets }} - imagePullSecrets: -{{ toYaml .Values.nodeImageAnalyzer.image.pullSecrets | indent 8 }} - {{- end }} - terminationGracePeriodSeconds: 5 - containers: - - name: sysdig-image-analyzer - image: {{ template "sysdig.image.nodeImageAnalyzer" . }} - securityContext: - # The privileged flag is necessary for OCP 4.x and other Kubernetes setups that deny host filesystem access to - # running containers by default regardless of volume mounts. In those cases, access to the CRI socket would fail. - privileged: true - imagePullPolicy: {{ .Values.nodeImageAnalyzer.image.pullPolicy }} - resources: -{{ toYaml .Values.nodeImageAnalyzer.resources | indent 10 }} - volumeMounts: - - mountPath: /var/run - name: varrun-vol - - mountPath: /etc/containers/storage.conf - name: etc-containers-storage-vol - readOnly: true - - mountPath: /var/lib/containers - name: var-lib-containers-vol - env: - - name: ACCESS_KEY - valueFrom: - secretKeyRef: - name: {{ template "sysdig.fullname" . }} - key: access-key - - name: IMAGE_PERIOD - valueFrom: - configMapKeyRef: - name: {{ template "sysdig.fullname" . }}-image-analyzer - key: image_period - optional: true - - name: IMAGE_CACHE_TTL - valueFrom: - configMapKeyRef: - name: {{ template "sysdig.fullname" . }}-image-analyzer - key: image_cache_ttl - optional: true - - name: REPORT_PERIOD - valueFrom: - configMapKeyRef: - name: {{ template "sysdig.fullname" . }}-image-analyzer - key: report_period - optional: true - - name: DOCKER_SOCKET_PATH - valueFrom: - configMapKeyRef: - name: {{ template "sysdig.fullname" . }}-image-analyzer - key: docker_socket_path - optional: true - - name: CRI_SOCKET_PATH - valueFrom: - configMapKeyRef: - name: {{ template "sysdig.fullname" . }}-image-analyzer - key: cri_socket_path - optional: true - #TODO: Get from agent config instead? - - name: AM_COLLECTOR_ENDPOINT - valueFrom: - configMapKeyRef: - name: {{ template "sysdig.fullname" . }}-image-analyzer - key: collector_endpoint - optional: true - #TODO: Get from agent config instead? - - name: AM_COLLECTOR_TIMEOUT - valueFrom: - configMapKeyRef: - name: {{ template "sysdig.fullname" . }}-image-analyzer - key: collector_timeout - optional: true - - name: CHECK_CERTIFICATE - valueFrom: - configMapKeyRef: - name: {{ template "sysdig.fullname" . }}-image-analyzer - key: check_certificate - optional: true - - name: K8S_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: K8S_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: K8S_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: DEBUG - valueFrom: - configMapKeyRef: - name: {{ template "sysdig.fullname" . }}-image-analyzer - key: debug - optional: true -{{- end }} \ No newline at end of file diff --git a/charts/sysdig/sysdig/1.9.200/templates/daemonset.yaml b/charts/sysdig/sysdig/1.9.200/templates/daemonset.yaml deleted file mode 100755 index 2e1447f92..000000000 --- a/charts/sysdig/sysdig/1.9.200/templates/daemonset.yaml +++ /dev/null @@ -1,227 +0,0 @@ -{{- if .Values.sysdig.accessKey }} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ template "sysdig.fullname" . }} - labels: - app.kubernetes.io/name: {{ include "sysdig.name" . }} -{{ include "sysdig.labels" . | indent 4 }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: {{ include "sysdig.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - template: - metadata: - name: {{ template "sysdig.fullname" .}} - labels: - app.kubernetes.io/name: {{ include "sysdig.name" . }} -{{ include "sysdig.labels" . | indent 8 }} - {{- if .Values.daemonset.annotations }} - annotations: -{{ toYaml .Values.daemonset.annotations | indent 8 }} - {{- end }} - spec: - serviceAccountName: {{ template "sysdig.serviceAccountName" .}} -{{- if .Values.priorityClassName }} - priorityClassName: "{{ .Values.priorityClassName }}" -{{- end }} - tolerations: -{{ toYaml .Values.tolerations | indent 8 }} - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - hostPID: true - terminationGracePeriodSeconds: 5 - {{- if .Values.daemonset.affinity }} - affinity: -{{ toYaml .Values.daemonset.affinity | indent 8 }} - {{- end }} - {{- if .Values.image.pullSecrets }} - imagePullSecrets: -{{ toYaml .Values.image.pullSecrets | indent 8 }} - {{- end }} - {{- if .Values.slim.enabled }} - initContainers: - - name: sysdig-agent-kmodule - image: {{ template "sysdig.image.kmodule" . }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - {{- if .Values.image.pullSecrets }} - imagePullSecrets: -{{ toYaml .Values.image.pullSecrets | indent 12 }} - {{- end }} - securityContext: - capabilities: - drop: - - ALL - privileged: true - runAsNonRoot: false - runAsUser: 0 - readOnlyRootFilesystem: false - allowPrivilegeEscalation: true - resources: -{{ toYaml .Values.slim.resources | indent 12 }} - volumeMounts: - - mountPath: /etc/modprobe.d - name: modprobe-d - readOnly: true - - mountPath: /host/boot - name: boot-vol - readOnly: true - - mountPath: /host/lib/modules - name: modules-vol - readOnly: true - - mountPath: /host/usr - name: usr-vol - readOnly: true - {{- end }} - containers: - - name: {{ .Chart.Name }} - image: {{ template "sysdig.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - resources: -{{ toYaml .Values.resources | indent 12 }} - securityContext: - capabilities: - drop: - - ALL - privileged: true - runAsNonRoot: false - runAsUser: 0 - readOnlyRootFilesystem: false - allowPrivilegeEscalation: true - env: - {{- if .Values.ebpf.enabled }} - - name: SYSDIG_BPF_PROBE - value: - {{- end }} - {{- if .Values.proxy.httpProxy }} - - name: http_proxy - value: {{ .Values.proxy.httpProxy }} - {{- end }} - {{- if .Values.proxy.httpsProxy }} - - name: https_proxy - value: {{ .Values.proxy.httpsProxy }} - {{- end }} - {{- if .Values.proxy.noProxy }} - - name: no_proxy - value: {{ .Values.proxy.noProxy }} - {{- end }} - {{- if .Values.timezone }} - - name: TZ - value: {{ .Values.timezone }} - {{- end }} - {{- range $key, $value := .Values.daemonset.env }} - - name: "{{ $key }}" - value: "{{ $value }}" - {{- end }} - readinessProbe: - exec: - command: [ "test", "-e", "/opt/draios/logs/running" ] - initialDelaySeconds: 10 - livenessProbe: - exec: - command: [ "test", "-e", "/opt/draios/logs/running" ] - initialDelaySeconds: 10 - volumeMounts: - {{- if not .Values.slim.enabled }} - - mountPath: /etc/modprobe.d - name: modprobe-d - readOnly: true - {{- end }} - - mountPath: /host/dev - name: dev-vol - readOnly: false - - mountPath: /host/proc - name: proc-vol - readOnly: true - {{- if not .Values.slim.enabled }} - - mountPath: /host/boot - name: boot-vol - readOnly: true - - mountPath: /host/lib/modules - name: modules-vol - readOnly: true - - mountPath: /host/usr - name: usr-vol - readOnly: true - {{- end }} - - mountPath: /host/run - name: run-vol - - mountPath: /host/var/run - name: varrun-vol - - mountPath: /dev/shm - name: dshm - - mountPath: /opt/draios/etc/kubernetes/config - name: sysdig-agent-config - - mountPath: /opt/draios/etc/kubernetes/secrets - name: sysdig-agent-secrets - {{- if (and .Values.ebpf.enabled .Values.ebpf.settings.mountEtcVolume) }} - - mountPath: /host/etc - name: etc-fs - readOnly: true - {{- end }} - {{- if .Values.customAppChecks }} - - mountPath: /opt/draios/lib/python/checks.custom.d - name: custom-app-checks-volume - {{- end }} - - mountPath: /host/etc/os-release - name: osrel - readOnly: true - {{- if .Values.extraVolumes.mounts }} -{{ toYaml .Values.extraVolumes.mounts | indent 12 }} - {{- end }} - volumes: - - name: modprobe-d - hostPath: - path: /etc/modprobe.d - - name: osrel - hostPath: - path: /etc/os-release - type: FileOrCreate - - name: dshm - emptyDir: - medium: Memory - - name: dev-vol - hostPath: - path: /dev - - name: proc-vol - hostPath: - path: /proc - - name: boot-vol - hostPath: - path: /boot - - name: modules-vol - hostPath: - path: /lib/modules - - name: usr-vol - hostPath: - path: /usr - - name: run-vol - hostPath: - path: /run - - name: varrun-vol - hostPath: - path: /var/run - {{- if (and .Values.ebpf.enabled .Values.ebpf.settings.mountEtcVolume) }} - - name: etc-fs - hostPath: - path: /etc - {{- end }} - - name: sysdig-agent-config - configMap: - name: {{ template "sysdig.fullname" . }} - optional: true - - name: sysdig-agent-secrets - secret: - secretName: {{ template "sysdig.fullname" . }} - {{- if .Values.customAppChecks }} - - name: custom-app-checks-volume - configMap: - name: {{ template "sysdig.fullname" . }}-custom-app-checks - {{- end }} - {{- if .Values.extraVolumes.volumes }} -{{ toYaml .Values.extraVolumes.volumes | indent 8 }} - {{- end }} - updateStrategy: -{{ toYaml .Values.daemonset.updateStrategy | indent 4 }} -{{- end }} diff --git a/charts/sysdig/sysdig/1.9.200/templates/secrets.yaml b/charts/sysdig/sysdig/1.9.200/templates/secrets.yaml deleted file mode 100755 index 7e458160f..000000000 --- a/charts/sysdig/sysdig/1.9.200/templates/secrets.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "sysdig.fullname" . }} - labels: -{{ include "sysdig.labels" . | indent 4 }} -type: Opaque -data: - access-key : {{ required "A valid .Values.sysdig.accessKey is required" .Values.sysdig.accessKey | b64enc | quote }} diff --git a/charts/sysdig/sysdig/1.9.200/templates/securitycontextconstraint.yaml b/charts/sysdig/sysdig/1.9.200/templates/securitycontextconstraint.yaml deleted file mode 100755 index e604859b2..000000000 --- a/charts/sysdig/sysdig/1.9.200/templates/securitycontextconstraint.yaml +++ /dev/null @@ -1,42 +0,0 @@ -{{- if and .Values.scc.create (.Capabilities.APIVersions.Has "security.openshift.io/v1") }} -apiVersion: security.openshift.io/v1 -kind: SecurityContextConstraints -metadata: - annotations: - kubernetes.io/description: | - This provides the minimum requirements to the Sysdig agent to run in the Openshift. - name: {{ template "sysdig.fullname" . }} - labels: -{{ include "sysdig.labels" . | indent 4 }} -allowHostDirVolumePlugin: true -allowHostIPC: false -allowHostNetwork: true -allowHostPID: true -allowHostPorts: false -allowPrivilegeEscalation: true -allowPrivilegedContainer: true -allowedCapabilities: [] -allowedUnsafeSysctls: [] -defaultAddCapabilities: [] -fsGroup: - type: RunAsAny -groups: [] -priority: 0 -readOnlyRootFilesystem: false -requiredDropCapabilities: [] -runAsUser: - type: RunAsAny -seLinuxContext: - type: RunAsAny -seccompProfiles: -- '*' -supplementalGroups: - type: RunAsAny -users: -- system:serviceaccount:{{ .Release.Namespace }}:{{ template "sysdig.serviceAccountName" .}} -volumes: -- hostPath -- emptyDir -- secret -- configMap -{{- end }} diff --git a/charts/sysdig/sysdig/1.9.200/templates/service.yaml b/charts/sysdig/sysdig/1.9.200/templates/service.yaml deleted file mode 100755 index ba94d6894..000000000 --- a/charts/sysdig/sysdig/1.9.200/templates/service.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if .Values.auditLog.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "sysdig.fullname" . }} - labels: -{{ include "sysdig.labels" . | indent 4 }} -spec: - selector: - app.kubernetes.io/name: {{ include "sysdig.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - ports: - - protocol: TCP - port: {{ .Values.auditLog.auditServerPort }} -{{- end }} diff --git a/charts/sysdig/sysdig/1.9.200/templates/serviceaccount.yaml b/charts/sysdig/sysdig/1.9.200/templates/serviceaccount.yaml deleted file mode 100755 index 141affa38..000000000 --- a/charts/sysdig/sysdig/1.9.200/templates/serviceaccount.yaml +++ /dev/null @@ -1,8 +0,0 @@ -{{- if .Values.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "sysdig.serviceAccountName" .}} - labels: -{{ include "sysdig.labels" . | indent 4 }} -{{- end }} diff --git a/charts/sysdig/sysdig/1.9.200/values.yaml b/charts/sysdig/sysdig/1.9.200/values.yaml deleted file mode 100755 index fb1e29cbb..000000000 --- a/charts/sysdig/sysdig/1.9.200/values.yaml +++ /dev/null @@ -1,220 +0,0 @@ -# Default values for Sysdig Monitor and Secure Helm package. - -image: - # This is a hack to support RELATED_IMAGE_ feature in Helm based - # Operators - # - # As long as I don't want to people to use this, I will keep it undocumented - overrideValue: - - registry: docker.io - repository: sysdig/agent - tag: 10.3.0 - # Specify a imagePullPolicy - # Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - # ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - pullPolicy: IfNotPresent - # Optionally specify an array of imagePullSecrets. - # Secrets must be manually created in the namespace. - # ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - # - # pullSecrets: - # - name: myRegistrKeySecretName - -resources: - # Although resources needed are subjective on the actual workload we provide - # a sane defaults ones. If you have more questions or concerns, please refer - # to Sysdig Support for more info about it - requests: - cpu: 600m - memory: 512Mi - limits: - cpu: 2000m - memory: 1536Mi - -rbac: - # true here enables creation of rbac resources - create: true - -scc: - # true here enabled creation of Security Context Constraints in Openshift - create: true - -serviceAccount: - # Create and use serviceAccount resources - create: true - # Use this value as serviceAccountName - name: - -daemonset: - # Perform rolling updates by default in the DaemonSet agent - # ref: https://kubernetes.io/docs/tasks/manage-daemon/update-daemon-set/ - updateStrategy: - # You can also customize maxUnavailable, maxSurge or minReadySeconds if you - # need it - type: RollingUpdate - ## Extra environment variables that will be pass onto deployment pods - env: {} - # Allow the DaemonSet to schedule using affinity rules - # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: kubernetes.io/arch - operator: In - values: - - amd64 - - key: kubernetes.io/os - operator: In - values: - - linux - - matchExpressions: - - key: beta.kubernetes.io/arch - operator: In - values: - - amd64 - - key: beta.kubernetes.io/os - operator: In - values: - - linux - # Allow the DaemonSet to set annotations - annotations: {} - -# If is behind a proxy you can set the proxy server -proxy: - httpProxy: - httpsProxy: - noProxy: - -# Set daemonset timezone -timezone: - -# Set daemonset priorityClassName -priorityClassName: - -ebpf: - # Enable eBPF support for Sysdig Agent - enabled: false - - settings: - # Needed to correctly detect the kernel version for the eBPF program - # Set to false if not running on Google COS - mountEtcVolume: true - -slim: - # Uses a slim version of the Sysdig Agent - enabled: false - # When using slim the kernel module is built in other container, which - # contains the toolchain required to build the kernel module. - kmoduleImage: - repository: sysdig/agent-kmodule - - resources: - # Resources required by the kernel module builder image. These are some - # a sane defaults ones, but you can tweak or ask Sysdig Support for more - # info about this - requests: - cpu: 1000m - memory: 348Mi - limits: - memory: 512Mi - -# For Sysdig On-Prem installations or for custom collector settings, set the following fields -collectorSettings: - collectorHost: - collectorPort: - ssl: - sslVerifyCertificate: - -# Setting a cluster name allows you to filter events from this cluster using kubernetes.cluster.name -clusterName: "" - -sysdig: - # Required: You need your Sysdig Agent access key before running agents. - accessKey: "" - - # Disable capture functionality (see https://docs.sysdig.com/en/disable-captures.html) - disableCaptures: false - - # Advanced settings. Any option in here will be directly translated into dragent.yaml in the Configmap - settings: {} - ### Agent tags - # tags: linux:ubuntu,dept:dev,local:nyc - -secure: - # true here enables Sysdig Secure: container run-time security & forensics - enabled: true - -auditLog: - # true here activates the K8s Audit Log feature for Sysdig Secure - enabled: false - auditServerUrl: 0.0.0.0 - auditServerPort: 7765 - - dynamicBackend: - # true here configures an AuditSink who will receive the K8s audit logs - enabled: false - -nodeImageAnalyzer: - deploy: false - image: - repository: sysdig/node-image-analyzer - tag: 0.1.0 - pullPolicy: IfNotPresent - # pullSecrets: - # - name: myRegistrKeySecretName - resources: - requests: - cpu: 250m - memory: 512Mi - limits: - cpu: 500m - memory: 1024Mi - - # Additional advanced settings - settings: {} - -customAppChecks: {} - # Allow passing custom app checks for Sysdig Agent. - # Example: - # - # sample.py: |- - # from checks import AgentCheck - # - # class MyCustomCheck(AgentCheck): - # def check(self, instance): - # self.gauge("testhelm", 1) - -# Promscrape prometheus.yaml not configured by default -prometheus: - file: false - yaml: {} - -extraVolumes: - volumes: [] - mounts: [] - # Allow passing extra volumes to the agent to mount secrets or certificates - # to authenticate in different services. - # Any kind of volume can be passed. Example: - # - # extraVolumes: - # volumes: - # - name: sysdig-new-cm - # configMap: - # name: my-cm - # optional: true - # - name: sysdig-new-secret - # secret: - # secretName: my-secret - # mounts: - # - mountPath: /opt/draios/cm - # name: sysdig-new-cm - # - mountPath: /opt/draios/secret - # name: sysdig-new-secret - -# Allow sysdig to run on Kubernetes 1.6 masters. -tolerations: - - effect: NoSchedule - key: node-role.kubernetes.io/master diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/.helmignore b/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/.helmignore deleted file mode 100644 index f0c131944..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/Chart.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/Chart.yaml deleted file mode 100644 index 2183de63f..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/Chart.yaml +++ /dev/null @@ -1,42 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: Upbound Universal Crossplane - catalog.cattle.io/release-name: universal-crossplane -apiVersion: v1 -appVersion: 1.2.2001 -description: 'Upbound Universal Crossplane (UXP) is Upbound''s official enterprise-grade - distribution of Crossplane. It''s fully compatible with upstream Crossplane, open - source, capable of connecting to Upbound Cloud for real-time dashboard visibility, - and maintained by Upbound. It''s the easiest way for both individual community members - and enterprises to build their production control planes. ' -home: https://upbound.io -icon: https://raw.githubusercontent.com/upbound/universal-crossplane/66ce9eb2c5a0c3af8ed7d19551a2c4d743b933b9/docs/media/logo.png -keywords: -- cloud -- infrastructure -- services -- application -- database -- cache -- bucket -- infra -- app -- ops -- oam -- gcp -- azure -- aws -- alibaba -- cloudsql -- rds -- s3 -- azuredatabase -- asparadb -- gke -- aks -- eks -maintainers: -- email: info@upbound.io - name: Upbound Inc. -name: universal-crossplane -version: 1.2.200100+up1.2.2-up.1 diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/app-readme.md b/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/app-readme.md deleted file mode 100644 index c6d8ecfe0..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/app-readme.md +++ /dev/null @@ -1,36 +0,0 @@ -# Upbound Universal Crossplane (UXP) - -Upbound Universal Crossplane (UXP) is [Upbound's](https://upbound.io) official enterprise-grade distribution of [Crossplane](https://crossplane.io). It's fully compatible with upstream Crossplane, [open source](https://github.com/upbound/universal-crossplane), capable of connecting to [Upbound Cloud](https://cloud.upbound.io) for real-time dashboard visibility, and maintained by Upbound. It's the easiest way for both individual community members and enterprises to build their production control planes. - -## Connecting to Upbound Cloud - -You can optionally connect your Universal Crossplane instance to Upbound Cloud. -Follow the steps below to connect your Universal Crossplane cluster to your Upbound Cloud Console. - -1. Install Upbound CLI - - You will need to make sure you have the Upbound CLI installed before you continue. If you need more information on how to install the Upbound CLI, you can read the [Installing Upbound CLI Documentation](https://cloud.upbound.io/docs/cli). - - ``` - curl -sL https://cli.upbound.io | sh - ``` - -2. Log in to Upbound Cloud - - ``` - up cloud login --profile=rancher --account=$UPBOUND_ACCOUNT - ``` - - Or, to log in using an Upbound [API token](https://cloud.upbound.io/account/settings/tokens): - - ``` - up cloud login --profile=rancher --account=$UPBOUND_ACCOUNT --token=$API_TOKEN - ``` - -3. Create a Self-Hosted Control Plane - - ``` - up cloud controlplane attach $CONTROL_PLANE_NAME --profile=rancher - ``` - -4. Provide the token obtained in the previous step as `upbound.controlPlane.token` under `Upbound Cloud` section \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/questions.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/questions.yaml deleted file mode 100644 index c5cb628bf..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/questions.yaml +++ /dev/null @@ -1,184 +0,0 @@ -questions: -# Upbound Cloud configuration -- variable: upbound.controlPlane.token - label: upbound.controlPlane.token - required: false - type: password - description: Token used to connect Upbound Cloud - group: "Upbound Cloud" -- variable: upbound.controlPlane.permission - label: upbound.controlPlane.permission - required: false - type: enum - default: "edit" - options: - - "edit" - - "view" - description: Cluster permissions for Upbound Cloud - group: "Upbound Cloud" -# Basic Crossplane configuration -- variable: replicas - label: replicas - description: Number of replicas to run for Crossplane pods - type: int - default: 1 - required: true - group: "Crossplane" -# Advanced Crossplane configuration -- variable: advancedCrossplaneConfiguration - description: View advanced configuration settings - label: View advanced configuration - type: boolean - default: false - show_subquestion_if: true - group: "Crossplane" - subquestions: - - variable: leaderElection - label: leaderElection - description: "Enable leader election for Crossplane Managers pod" - type: boolean - default: true - required: false - group: "Crossplane" - - variable: deploymentStrategy - label: deploymentStrategy - description: "The deployment strategy for the Crossplane and RBAC Manager (if enabled) pods" - type: enum - default: "RollingUpdate" - options: - - "RollingUpdate" - - "Recreate" - required: true - group: "Crossplane" - - variable: priorityClassName - label: priorityClassName - description: "Priority class name for Crossplane and RBAC Manager (if enabled) pods" - type: string - required: false - group: "Crossplane" - - variable: metrics.enabled - label: metrics.enabled - description: "Expose Crossplane and RBAC Manager metrics endpoint" - type: boolean - required: false - group: "Crossplane" -# Basic Crossplane RBAC Manager configuration -- variable: rbacManager.deploy - label: rbacManager.deploy - description: "Deploy RBAC Manager" - type: boolean - default: true - required: true - group: "Crossplane RBAC Manager" -- variable: rbacManager.replicas - label: rbacManager.replicas - description: "The number of replicas to run for the RBAC Manager pods" - type: int - default: 1 - required: true - group: "Crossplane RBAC Manager" -# Advanced Crossplane RBAC Manager configuration -- variable: advancedRBACManagerConfiguration - description: View advanced configuration settings - label: View advanced configuration - type: boolean - default: false - show_subquestion_if: true - group: "Crossplane RBAC Manager" - subquestions: - - variable: rbacManager.leaderElection - label: rbacManager.leaderElection - description: "Enable leader election for RBAC Managers pod" - type: boolean - default: true - group: "Crossplane RBAC Manager" - - variable: rbacManager.managementPolicy - label: rbacManager.managementPolicy - description: RBAC manager permissions. 'All' enables management for every Crossplane controller and user role. 'Basic' enables management just for Crossplane controller roles and the crossplane-admin, crossplane-edit, and crossplane-view user roles. - type: enum - default: "Basic" - options: - - "Basic" - - "All" - required: true - group: "Crossplane RBAC Manager" - - variable: rbacManager.skipAggregatedClusterRoles - label: rbacManager.skipAggregatedClusterRoles - description: "Opt out of deploying aggregated ClusterRoles" - type: boolean - default: true - group: "Crossplane RBAC Manager" -# Basic Package configuration -- variable: provider.packages - label: provider.packages - description: List of Provider packages to install with Crossplane. Select 'Edit as YAML' for the best editing experience. - type: string - required: false - group: "Packages" -- variable: configuration.packages - label: configuration.packages - description: List of Configuration packages to install with Crossplane. Select 'Edit as YAML' for the best editing experience. - type: string - required: false - group: "Packages" -# Advanced Package configuration -- variable: advancedPackageConfiguration - description: View advanced configuration settings - label: View advanced configuration - type: boolean - default: false - show_subquestion_if: true - group: "Packages" - subquestions: - - variable: packageCache.sizeLimit - label: packageCache.sizeLimit - description: "Size limit for package cache. If medium is Memory then maximum usage would be the minimum of this value the sum of all memory limits on containers in the Crossplane pod" - type: string - default: "5Mi" - group: "Packages" - - variable: packageCache.medium - label: packageCache.medium - description: "Storage medium for package cache. Memory means volume will be backed by tmpfs, which can be useful for development" - type: string - group: "Packages" - - variable: packageCache.pvc - label: packageCache.pvc - description: "Name of the PersistentVolumeClaim to be used as the package cache. Providing a value will cause the default emptyDir volume to not be mounted" - type: string - group: "Packages" -# Basic XGQL configuration -- variable: xgql.config.debugMode - label: xgql.config.debugMode - description: "Enable debug mode for XGQL" - type: boolean - default: false - group: "XGQL" -# Advanced Crossplane configuration -- variable: advancedXGQLConfiguration - description: View advanced configuration settings - label: View advanced configuration - type: boolean - default: false - show_subquestion_if: true - group: "XGQL" - subquestions: - - variable: xgql.metrics.enabled - label: xgql.metrics.enabled - description: "Expose XGQL metrics endpoint" - type: boolean - required: false - group: "XGQL" -# Basic Agent configuration -- variable: agent.config.debugMode - label: agent.config.debugMode - description: "Enable debug mode for Upbound Agent" - type: boolean - default: false - group: "Upbound Agent" -# Basic Bootstrapper configuration -- variable: bootstrapper.config.debugMode - label: bootstrapper.config.debugMode - description: "Enable debug mode for Bootstrapper" - type: boolean - default: false - group: "Bootstrapper" \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/NOTES.txt b/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/NOTES.txt deleted file mode 100644 index 33260c04f..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/NOTES.txt +++ /dev/null @@ -1,15 +0,0 @@ -By proceeding, you are accepting to comply with terms and conditions in https://licenses.upbound.io/upbound-software-license.html - -✨ Thank you for installing Universal Crossplane! -{{- if or (eq .Values.upbound.controlPlane.permission "view") (eq .Values.upbound.controlPlane.permission "edit") }} -🚀 You can now connect your cluster to Upbound Cloud! - -Example command: -{{ if eq .Values.upbound.controlPlane.permission "edit" }} -$ up cloud controlplane attach | \ -up uxp connect --token-secret-name {{ .Values.upbound.controlPlane.tokenSecretName }} --namespace {{ .Release.Namespace }} - -{{- else if eq .Values.upbound.controlPlane.permission "view" }} -$ up cloud controlplane attach --view-only | \ -up uxp connect --token-secret-name {{ .Values.upbound.controlPlane.tokenSecretName }} --namespace {{ .Release.Namespace }} - -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/_helpers.tpl b/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/_helpers.tpl deleted file mode 100644 index 7ba5d8058..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/_helpers.tpl +++ /dev/null @@ -1,21 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* -Common labels -*/}} -{{- define "labels" -}} -helm.sh/chart: {{ include "chart" . }} -{{ include "selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "selectorLabels" -}} -app.kubernetes.io/name: {{ include "name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/bootstrapper/_helpers.tpl b/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/bootstrapper/_helpers.tpl deleted file mode 100644 index bdca1ae09..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/bootstrapper/_helpers.tpl +++ /dev/null @@ -1,21 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{- define "bootstrapper-name" -}} -{{- "upbound-bootstrapper" -}} -{{- end -}} - -{{/* -Labels - bootstrapper -*/}} -{{- define "labelsBootstrapper" -}} -{{ include "labels" . }} -app.kubernetes.io/component: bootstrapper -{{- end }} - -{{/* -Selector labels - bootstrapper -*/}} -{{- define "selectorLabelsBootstrapper" -}} -{{ include "selectorLabels" . }} -app.kubernetes.io/component: bootstrapper -{{- end }} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/bootstrapper/clusterrole.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/bootstrapper/clusterrole.yaml deleted file mode 100644 index 162abdd7a..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/bootstrapper/clusterrole.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "bootstrapper-name" . }} - labels: - {{- include "labelsBootstrapper" . | nindent 4 }} -rules: - # Bootstrapper needs to identify the cluster uniquely and it does that by using - # UID of kube-system namespace. - - apiGroups: - - "" - resources: - - namespaces - resourceNames: - - "kube-system" - verbs: - - "get" - # Controller-runtime requires watch and list permissions to build its resource - # cache of the kind that any client query is made for. - - apiGroups: - - "" - resources: - - namespaces - verbs: - - "list" - - "watch" diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/bootstrapper/clusterrolebinding.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/bootstrapper/clusterrolebinding.yaml deleted file mode 100644 index 33fd634cd..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/bootstrapper/clusterrolebinding.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "bootstrapper-name" . }} - labels: - {{- include "labelsBootstrapper" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "bootstrapper-name" . }} -subjects: - - kind: ServiceAccount - name: {{ template "bootstrapper-name" . }} - namespace: {{ .Release.Namespace }} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/bootstrapper/deployment.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/bootstrapper/deployment.yaml deleted file mode 100644 index 14dd4335e..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/bootstrapper/deployment.yaml +++ /dev/null @@ -1,53 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "bootstrapper-name" . }} - labels: - {{- include "labelsBootstrapper" . | nindent 4 }} -spec: - replicas: 1 - selector: - matchLabels: - {{- include "selectorLabelsBootstrapper" . | nindent 6 }} - template: - metadata: - labels: - {{- include "selectorLabelsBootstrapper" . | nindent 8 }} - spec: - serviceAccountName: {{ template "bootstrapper-name" . }} - {{- if .Values.billing.awsMarketplace.enabled }} - securityContext: - # Providing this is not required for 1.19 or later clusters. - # See https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts-technical-overview.html - fsGroup: 1337 - {{- end }} - {{- if .Values.imagePullSecrets }} - imagePullSecrets: - {{- range $index, $secret := .Values.imagePullSecrets }} - - name: {{ $secret }} - {{- end }} - {{ end }} - containers: - - name: bootstrapper - image: "{{ .Values.bootstrapper.image.repository }}:{{ .Values.bootstrapper.image.tag }}" - args: - - start - - --namespace - - {{ .Release.Namespace }} - - --upbound-api-url - - {{ .Values.upbound.apiURL }} - - --controller - - tls-secrets - {{- if .Values.billing.awsMarketplace.enabled }} - - --controller - - aws-marketplace - {{- end }} - {{- if .Values.bootstrapper.config.debugMode }} - - "--debug" - {{- end }} - {{- range $arg := .Values.bootstrapper.config.args }} - - {{ $arg }} - {{- end }} - imagePullPolicy: {{ .Values.bootstrapper.image.pullPolicy }} - resources: - {{- toYaml .Values.bootstrapper.resources | nindent 12 }} diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/bootstrapper/role.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/bootstrapper/role.yaml deleted file mode 100644 index e14c58f58..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/bootstrapper/role.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "bootstrapper-name" . }} - labels: - {{- include "labelsBootstrapper" . | nindent 4 }} -rules: - - apiGroups: [""] - resources: ["events"] - verbs: ["create", "update", "patch", "delete"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["watch", "list"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "update", "patch"] - resourceNames: - - uxp-ca - - upbound-agent-public-certs - - upbound-agent-tls - - xgql-tls - {{- if .Values.billing.awsMarketplace.enabled }} - - upbound-entitlement - {{- end}} diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/bootstrapper/rolebinding.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/bootstrapper/rolebinding.yaml deleted file mode 100644 index aa41bb33a..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/bootstrapper/rolebinding.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "bootstrapper-name" . }} - labels: - {{- include "labelsBootstrapper" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "bootstrapper-name" . }} -subjects: - - kind: ServiceAccount - name: {{ template "bootstrapper-name" . }} - namespace: {{ .Release.Namespace }} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/bootstrapper/secret-entitlement.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/bootstrapper/secret-entitlement.yaml deleted file mode 100644 index 7e311b629..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/bootstrapper/secret-entitlement.yaml +++ /dev/null @@ -1,9 +0,0 @@ -{{- if .Values.billing.awsMarketplace.enabled }} -apiVersion: v1 -kind: Secret -metadata: - name: upbound-entitlement - labels: - {{- include "labelsBootstrapper" . | nindent 4 }} -type: Opaque -{{- end }} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/bootstrapper/serviceaccount.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/bootstrapper/serviceaccount.yaml deleted file mode 100644 index 1768272a3..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/bootstrapper/serviceaccount.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "bootstrapper-name" . }} - {{- if and .Values.billing.awsMarketplace.enabled .Values.billing.awsMarketplace.iamRoleARN }} - annotations: - eks.amazonaws.com/role-arn: {{ .Values.billing.awsMarketplace.iamRoleARN | quote }} - {{- end }} - labels: - {{- include "labelsBootstrapper" . | nindent 4 }} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/bootstrapper/uxp-ca-tls-secret.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/bootstrapper/uxp-ca-tls-secret.yaml deleted file mode 100644 index 07163971e..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/bootstrapper/uxp-ca-tls-secret.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: uxp-ca - labels: - {{- include "labels" . | nindent 4 }} -type: Opaque diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/bootstrapper/versions-configmap.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/bootstrapper/versions-configmap.yaml deleted file mode 100644 index 1eacb8d16..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/bootstrapper/versions-configmap.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: universal-crossplane-config - labels: - {{- include "labelsBootstrapper" . | nindent 4 }} -data: - crossplaneVersion: {{ (trimPrefix "v" .Values.image.tag) }} - xgqlVersion: {{ (trimPrefix "v" .Values.xgql.image.tag) }} - agentVersion: {{ (trimPrefix "v" .Values.agent.image.tag) }} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/crossplane/NOTES.txt b/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/crossplane/NOTES.txt deleted file mode 100644 index f1c8a0c63..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/crossplane/NOTES.txt +++ /dev/null @@ -1,8 +0,0 @@ -Release: {{.Release.Name}} - -Chart Name: {{.Chart.Name}} -Chart Description: {{.Chart.Description}} -Chart Version: {{.Chart.Version}} -Chart Application Version: {{.Chart.AppVersion}} - -Kube Version: {{.Capabilities.KubeVersion}} diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/crossplane/_helpers.tpl b/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/crossplane/_helpers.tpl deleted file mode 100644 index 921e9df26..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/crossplane/_helpers.tpl +++ /dev/null @@ -1,14 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/crossplane/clusterrole.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/crossplane/clusterrole.yaml deleted file mode 100644 index 8a6b573cc..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/crossplane/clusterrole.yaml +++ /dev/null @@ -1,93 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "name" . }} - labels: - app: {{ template "name" . }} - chart: {{ template "chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -aggregationRule: - clusterRoleSelectors: - - matchLabels: - rbac.crossplane.io/aggregate-to-crossplane: "true" -rules: [] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "name" . }}:system:aggregate-to-crossplane - labels: - app: {{ template "name" . }} - chart: {{ template "chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - crossplane.io/scope: "system" - rbac.crossplane.io/aggregate-to-crossplane: "true" -rules: -- apiGroups: - - "" - resources: - - events - verbs: - - create - - update - - patch - - delete -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - "*" -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch - - create - - update - - patch -- apiGroups: - - "" - resources: - - serviceaccounts - verbs: - - "*" -- apiGroups: - - apiextensions.crossplane.io - - pkg.crossplane.io - resources: - - "*" - verbs: - - "*" -- apiGroups: - - extensions - - apps - resources: - - deployments - verbs: - - get - - list - - create - - update - - patch - - delete - - watch -- apiGroups: - - "" - - coordination.k8s.io - resources: - - configmaps - - leases - verbs: - - get - - list - - create - - update - - patch - - watch - - delete diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/crossplane/clusterrolebinding.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/crossplane/clusterrolebinding.yaml deleted file mode 100644 index d0fb877c2..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/crossplane/clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "name" . }} - labels: - app: {{ template "name" . }} - chart: {{ template "chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "name" . }} -subjects: -- kind: ServiceAccount - name: {{ template "name" . }} - namespace: {{ .Release.Namespace }} diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/crossplane/deployment.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/crossplane/deployment.yaml deleted file mode 100644 index b51ab99ad..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/crossplane/deployment.yaml +++ /dev/null @@ -1,104 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "name" . }} - labels: - app: {{ template "name" . }} - chart: {{ template "chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - replicas: {{ .Values.replicas }} - selector: - matchLabels: - app: {{ template "name" . }} - release: {{ .Release.Name }} - strategy: - type: {{ .Values.deploymentStrategy }} - template: - metadata: - {{- if .Values.metrics.enabled }} - annotations: - prometheus.io/path: /metrics - prometheus.io/port: "8080" - prometheus.io/scrape: "true" - {{- end }} - labels: - app: {{ template "name" . }} - release: {{ .Release.Name }} - spec: - {{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName | quote }} - {{- end }} - serviceAccountName: {{ template "name" . }} - initContainers: - - image: {{ .Values.image.repository }}:{{ .Values.image.tag }} - args: - - core - - init - {{- range $arg := .Values.provider.packages }} - - --provider - - "{{ $arg }}" - {{- end }} - {{- range $arg := .Values.configuration.packages }} - - --configuration - - "{{ $arg }}" - {{- end }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - name: {{ .Chart.Name }}-init - resources: - {{- toYaml .Values.resourcesCrossplane | nindent 12 }} - securityContext: - {{- toYaml .Values.securityContextCrossplane | nindent 12 }} - containers: - - image: {{ .Values.image.repository }}:{{ .Values.image.tag }} - args: - - core - - start - {{- range $arg := .Values.args }} - - {{ $arg }} - {{- end }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - name: {{ .Chart.Name }} - resources: - {{- toYaml .Values.resourcesCrossplane | nindent 12 }} - {{- if .Values.metrics.enabled }} - ports: - - name: metrics - containerPort: 8080 - {{- end }} - securityContext: - {{- toYaml .Values.securityContextCrossplane | nindent 12 }} - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: LEADER_ELECTION - value: "{{ .Values.leaderElection }}" - {{- range $key, $value := .Values.extraEnvVarsCrossplane }} - - name: {{ $key | replace "." "_" }} - value: {{ $value | quote }} - {{- end}} - volumeMounts: - - mountPath: /cache - name: package-cache - volumes: - - name: package-cache - {{- if .Values.packageCache.pvc }} - persistentVolumeClaim: - claimName: {{ .Values.packageCache.pvc }} - {{- else }} - emptyDir: - medium: {{ .Values.packageCache.medium }} - sizeLimit: {{ .Values.packageCache.sizeLimit }} - {{- end }} - {{- if .Values.nodeSelector }} - nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }} - {{- end }} - {{- if .Values.tolerations }} - tolerations: {{ toYaml .Values.tolerations | nindent 8 }} - {{- end }} - {{- if .Values.affinity }} - affinity: {{ toYaml .Values.affinity | nindent 8 }} - {{- end }} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/crossplane/rbac-manager-allowed-provider-permissions.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/crossplane/rbac-manager-allowed-provider-permissions.yaml deleted file mode 100644 index 3b6ce2270..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/crossplane/rbac-manager-allowed-provider-permissions.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.rbacManager.deploy }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "name" . }}:allowed-provider-permissions - labels: - app: {{ template "name" . }} - chart: {{ template "chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -aggregationRule: - clusterRoleSelectors: - - matchLabels: - rbac.crossplane.io/aggregate-to-allowed-provider-permissions: "true" -{{- end}} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/crossplane/rbac-manager-clusterrole.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/crossplane/rbac-manager-clusterrole.yaml deleted file mode 100644 index de8478697..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/crossplane/rbac-manager-clusterrole.yaml +++ /dev/null @@ -1,94 +0,0 @@ -{{- if .Values.rbacManager.deploy }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "name" . }}-rbac-manager - labels: - app: {{ template "name" . }} - chart: {{ template "chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -rules: -- apiGroups: - - "" - resources: - - events - verbs: - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - namespaces - - serviceaccounts - verbs: - - get - - list - - watch -- apiGroups: - - apiextensions.crossplane.io - resources: - - compositeresourcedefinitions - verbs: - - get - - list - - watch -- apiGroups: - - pkg.crossplane.io - resources: - - providerrevisions - verbs: - - get - - list - - watch -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - get - - list - - watch -- apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterroles - - roles - verbs: - - get - - list - - watch - - create - - update - - patch - # The RBAC manager may grant access it does not have. - - escalate -- apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterroles - verbs: - - bind -- apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterrolebindings - verbs: - - "*" -- apiGroups: - - "" - - coordination.k8s.io - resources: - - configmaps - - leases - verbs: - - get - - list - - create - - update - - patch - - watch - - delete -{{- end}} diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/crossplane/rbac-manager-clusterrolebinding.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/crossplane/rbac-manager-clusterrolebinding.yaml deleted file mode 100644 index bda467f24..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/crossplane/rbac-manager-clusterrolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.rbacManager.deploy }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "name" . }}-rbac-manager - labels: - app: {{ template "name" . }} - chart: {{ template "chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "name" . }}-rbac-manager -subjects: -- kind: ServiceAccount - name: rbac-manager - namespace: {{ .Release.Namespace }} -{{- end}} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/crossplane/rbac-manager-deployment.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/crossplane/rbac-manager-deployment.yaml deleted file mode 100644 index 110a5285d..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/crossplane/rbac-manager-deployment.yaml +++ /dev/null @@ -1,85 +0,0 @@ -{{- if .Values.rbacManager.deploy }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "name" . }}-rbac-manager - labels: - app: {{ template "name" . }}-rbac-manager - chart: {{ template "chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - replicas: {{ .Values.rbacManager.replicas }} - selector: - matchLabels: - app: {{ template "name" . }}-rbac-manager - release: {{ .Release.Name }} - strategy: - type: {{ .Values.deploymentStrategy }} - template: - metadata: - {{- if .Values.metrics.enabled }} - annotations: - prometheus.io/path: /metrics - prometheus.io/port: "8080" - prometheus.io/scrape: "true" - {{- end }} - labels: - app: {{ template "name" . }}-rbac-manager - release: {{ .Release.Name }} - spec: - {{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName | quote }} - {{- end }} - serviceAccountName: rbac-manager - initContainers: - - image: {{ .Values.image.repository }}:{{ .Values.image.tag }} - args: - - rbac - - init - imagePullPolicy: {{ .Values.image.pullPolicy }} - name: {{ .Chart.Name }}-init - resources: - {{- toYaml .Values.resourcesRBACManager | nindent 12 }} - securityContext: - {{- toYaml .Values.securityContextRBACManager | nindent 12 }} - containers: - - image: {{ .Values.image.repository }}:{{ .Values.image.tag }} - args: - - rbac - - start - {{- if .Values.rbacManager.managementPolicy }} - - --manage={{ .Values.rbacManager.managementPolicy }} - {{- end }} - {{- range $arg := .Values.rbacManager.args }} - - {{ $arg }} - {{- end }} - - --provider-clusterrole={{ template "name" .}}:allowed-provider-permissions - imagePullPolicy: {{ .Values.image.pullPolicy }} - name: {{ .Chart.Name }} - resources: - {{- toYaml .Values.resourcesRBACManager | nindent 12 }} - {{- if .Values.metrics.enabled }} - ports: - - name: metrics - containerPort: 8080 - {{- end }} - securityContext: - {{- toYaml .Values.securityContextRBACManager | nindent 12 }} - env: - - name: LEADER_ELECTION - value: "{{ .Values.rbacManager.leaderElection }}" - {{- range $key, $value := .Values.extraEnvVarsRBACManager }} - - name: {{ $key | replace "." "_" }} - value: {{ $value | quote }} - {{- end}} - {{- if .Values.rbacManager.nodeSelector }} - nodeSelector: {{ toYaml .Values.rbacManager.nodeSelector | nindent 8 }} - {{- end }} - {{- if .Values.rbacManager.tolerations }} - tolerations: {{ toYaml .Values.rbacManager.tolerations | nindent 8 }} - {{- end }} - {{- if .Values.rbacManager.affinity }} - affinity: {{ toYaml .Values.rbacManager.affinity | nindent 8 }} - {{- end }} -{{- end}} diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/crossplane/rbac-manager-managed-clusterroles.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/crossplane/rbac-manager-managed-clusterroles.yaml deleted file mode 100644 index 3d41fb9b5..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/crossplane/rbac-manager-managed-clusterroles.yaml +++ /dev/null @@ -1,279 +0,0 @@ -{{- if .Values.rbacManager.deploy }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "name" . }}-admin -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "name" . }}-admin -subjects: -- apiGroup: rbac.authorization.k8s.io - kind: Group - name: {{ template "name" . }}:masters ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "name" . }}-admin - labels: - app: {{ template "name" . }} - chart: {{ template "chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -aggregationRule: - clusterRoleSelectors: - - matchLabels: - rbac.crossplane.io/aggregate-to-admin: "true" ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "name" . }}-edit - labels: - app: {{ template "name" . }} - chart: {{ template "chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -aggregationRule: - clusterRoleSelectors: - - matchLabels: - rbac.crossplane.io/aggregate-to-edit: "true" ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "name" . }}-view - labels: - app: {{ template "name" . }} - chart: {{ template "chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -aggregationRule: - clusterRoleSelectors: - - matchLabels: - rbac.crossplane.io/aggregate-to-view: "true" ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "name" . }}-browse - labels: - app: {{ template "name" . }} - chart: {{ template "chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -aggregationRule: - clusterRoleSelectors: - - matchLabels: - rbac.crossplane.io/aggregate-to-browse: "true" -{{- if not .Values.rbacManager.skipAggregatedClusterRoles }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "name" . }}:aggregate-to-admin - labels: - rbac.crossplane.io/aggregate-to-admin: "true" - app: {{ template "name" . }} - chart: {{ template "chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -rules: -# Crossplane administrators have access to view events. -- apiGroups: [""] - resources: [events] - verbs: [get, list, watch] -# Crossplane administrators must create provider credential secrets, and may -# need to read or otherwise interact with connection secrets. They may also need -# to create or annotate namespaces. -- apiGroups: [""] - resources: [secrets, namespaces] - verbs: ["*"] -# Crossplane administrators have access to view the roles that they may be able -# to grant to other subjects. -- apiGroups: [rbac.authorization.k8s.io] - resources: [clusterroles, roles] - verbs: [get, list, watch] -# Crossplane administrators have access to grant the access they have to other -# subjects. -- apiGroups: [rbac.authorization.k8s.io] - resources: [clusterrolebindings, rolebindings] - verbs: ["*"] -# Crossplane administrators have full access to built in Crossplane types. -- apiGroups: - - apiextensions.crossplane.io - resources: ["*"] - verbs: ["*"] -- apiGroups: - - pkg.crossplane.io - resources: [providers, configurations, providerrevisions, configurationrevisions] - verbs: ["*"] -# Crossplane administrators have access to view CRDs in order to debug XRDs. -- apiGroups: [apiextensions.k8s.io] - resources: [customresourcedefinitions] - verbs: [get, list, watch] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "name" . }}:aggregate-to-edit - labels: - rbac.crossplane.io/aggregate-to-edit: "true" - app: {{ template "name" . }} - chart: {{ template "chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -rules: -# Crossplane editors have access to view events. -- apiGroups: [""] - resources: [events] - verbs: [get, list, watch] -# Crossplane editors must create provider credential secrets, and may need to -# read or otherwise interact with connection secrets. -- apiGroups: [""] - resources: [secrets] - verbs: ["*"] -# Crossplane editors may see which namespaces exist, but not edit them. -- apiGroups: [""] - resources: [namespaces] - verbs: [get, list, watch] -# Crossplane editors have full access to built in Crossplane types. -- apiGroups: - - apiextensions.crossplane.io - resources: ["*"] - verbs: ["*"] -- apiGroups: - - pkg.crossplane.io - resources: [providers, configurations, providerrevisions, configurationrevisions] - verbs: ["*"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "name" . }}:aggregate-to-view - labels: - rbac.crossplane.io/aggregate-to-view: "true" - app: {{ template "name" . }} - chart: {{ template "chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -rules: -# Crossplane viewers have access to view events. -- apiGroups: [""] - resources: [events] - verbs: [get, list, watch] -# Crossplane viewers may see which namespaces exist. -- apiGroups: [""] - resources: [namespaces] - verbs: [get, list, watch] -# Crossplane viewers have read-only access to built in Crossplane types. -- apiGroups: - - apiextensions.crossplane.io - resources: ["*"] - verbs: [get, list, watch] -- apiGroups: - - pkg.crossplane.io - resources: [providers, configurations, providerrevisions, configurationrevisions] - verbs: [get, list, watch] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "name" . }}:aggregate-to-browse - labels: - rbac.crossplane.io/aggregate-to-browse: "true" - app: {{ template "name" . }} - chart: {{ template "chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -rules: -# Crossplane browsers have access to view events. -- apiGroups: [""] - resources: [events] - verbs: [get, list, watch] -# Crossplane browsers have read-only access to compositions and XRDs. This -# allows them to discover and select an appropriate composition when creating a -# resource claim. -- apiGroups: - - apiextensions.crossplane.io - resources: ["*"] - verbs: [get, list, watch] -{{- if .Values.rbacManager.managementPolicy }} ---- -# The below ClusterRoles are aggregated to the namespaced RBAC roles created by -# the Crossplane RBAC manager when it is running in --manage=All mode. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "name" . }}:aggregate-to-ns-admin - labels: - rbac.crossplane.io/aggregate-to-ns-admin: "true" - rbac.crossplane.io/base-of-ns-admin: "true" - app: {{ template "name" . }} - chart: {{ template "chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -rules: -# Crossplane namespace admins have access to view events. -- apiGroups: [""] - resources: [events] - verbs: [get, list, watch] -# Crossplane namespace admins may need to read or otherwise interact with -# resource claim connection secrets. -- apiGroups: [""] - resources: [secrets] - verbs: ["*"] -# Crossplane namespace admins have access to view the roles that they may be -# able to grant to other subjects. -- apiGroups: [rbac.authorization.k8s.io] - resources: [roles] - verbs: [get, list, watch] -# Crossplane namespace admins have access to grant the access they have to other -# subjects. -- apiGroups: [rbac.authorization.k8s.io] - resources: [rolebindings] - verbs: ["*"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "name" . }}:aggregate-to-ns-edit - labels: - rbac.crossplane.io/aggregate-to-ns-edit: "true" - rbac.crossplane.io/base-of-ns-edit: "true" - app: {{ template "name" . }} - chart: {{ template "chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -rules: -# Crossplane namespace editors have access to view events. -- apiGroups: [""] - resources: [events] - verbs: [get, list, watch] -# Crossplane namespace editors may need to read or otherwise interact with -# resource claim connection secrets. -- apiGroups: [""] - resources: [secrets] - verbs: ["*"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "name" . }}:aggregate-to-ns-view - labels: - rbac.crossplane.io/aggregate-to-ns-view: "true" - rbac.crossplane.io/base-of-ns-view: "true" - app: {{ template "name" . }} - chart: {{ template "chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -rules: -# Crossplane namespace viewers have access to view events. -- apiGroups: [""] - resources: [events] - verbs: [get, list, watch] -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/crossplane/rbac-manager-serviceaccount.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/crossplane/rbac-manager-serviceaccount.yaml deleted file mode 100644 index dfefe4050..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/crossplane/rbac-manager-serviceaccount.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if .Values.rbacManager.deploy }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: rbac-manager - labels: - app: {{ template "name" . }} - chart: {{ template "chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -{{- end}} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/crossplane/serviceaccount.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/crossplane/serviceaccount.yaml deleted file mode 100644 index d3d47223c..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/crossplane/serviceaccount.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "name" . }} - labels: - app: {{ template "name" . }} - chart: {{ template "chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -{{- if .Values.imagePullSecrets }} -imagePullSecrets: -{{- range $index, $secret := .Values.imagePullSecrets }} -- name: {{ $secret }} -{{- end }} -{{ end }} diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/upbound-agent/_helpers.tpl b/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/upbound-agent/_helpers.tpl deleted file mode 100644 index 4db04bfaa..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/upbound-agent/_helpers.tpl +++ /dev/null @@ -1,22 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{- define "agent-name" -}} -{{- "upbound-agent" -}} -{{- end -}} - -{{/* -Labels - agent -*/}} -{{- define "labelsAgent" -}} -{{ include "labels" . }} -app.kubernetes.io/component: agent -{{- end }} - -{{/* -Selector labels - agent -*/}} -{{- define "selectorLabelsAgent" -}} -{{ include "selectorLabels" . }} -app.kubernetes.io/component: agent -{{- end }} - diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/upbound-agent/clusterrole.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/upbound-agent/clusterrole.yaml deleted file mode 100644 index 9dc24441e..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/upbound-agent/clusterrole.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if or (eq .Values.upbound.controlPlane.permission "view") (eq .Values.upbound.controlPlane.permission "edit") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "agent-name" . }} - labels: - {{- include "labelsAgent" . | nindent 4 }} -rules: - - apiGroups: [""] - resources: ["namespaces"] - resourceNames: ["kube-system"] - verbs: ["get"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "agent-name" . }}-impersonator - labels: - {{- include "labelsAgent" . | nindent 4 }} -rules: - - apiGroups: [""] - resources: ["users"] - verbs: ["impersonate"] - resourceNames: ["upbound-cloud-impersonator"] - - apiGroups: ["authentication.k8s.io"] - resources: ["userextras/upbound-id"] - verbs: ["impersonate"] - - apiGroups: [""] - resources: ["groups"] - resourceNames: - # system:authenticated is required for calls to discovery API. Some Kubernetes - # clients like kubectl use it to figure out exactly which endpoints to call - # for given arguments. - - "system:authenticated" - - "upbound:view" -{{- if eq .Values.upbound.controlPlane.permission "edit" }} - - "upbound:edit" -{{- end }} - verbs: ["impersonate"] -{{- end }} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/upbound-agent/clusterrolebindings-managed.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/upbound-agent/clusterrolebindings-managed.yaml deleted file mode 100644 index 66e157620..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/upbound-agent/clusterrolebindings-managed.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{- if or (eq .Values.upbound.controlPlane.permission "view") (eq .Values.upbound.controlPlane.permission "edit") }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "name" . }}-view - labels: - {{- include "labelsAgent" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "name" . }}-view -subjects: - - apiGroup: rbac.authorization.k8s.io - kind: Group - name: upbound:view -{{- if eq .Values.upbound.controlPlane.permission "edit" }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "name" . }}-edit - labels: - {{- include "labelsAgent" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "name" . }}-edit -subjects: - - apiGroup: rbac.authorization.k8s.io - kind: Group - name: upbound:edit -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/upbound-agent/clusterrolebindings.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/upbound-agent/clusterrolebindings.yaml deleted file mode 100644 index ec99faf43..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/upbound-agent/clusterrolebindings.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{- if or (eq .Values.upbound.controlPlane.permission "view") (eq .Values.upbound.controlPlane.permission "edit") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "agent-name" . }} - labels: - {{- include "labelsAgent" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "agent-name" . }} -subjects: -- kind: ServiceAccount - name: {{ template "agent-name" . }} - namespace: {{ .Release.Namespace }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "agent-name" . }}-impersonator - labels: - {{- include "labelsAgent" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "agent-name" . }}-impersonator -subjects: - - kind: ServiceAccount - name: {{ template "agent-name" . }} - namespace: {{ .Release.Namespace }} -{{- end }} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/upbound-agent/clusterroles-managed.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/upbound-agent/clusterroles-managed.yaml deleted file mode 100644 index fcca427a0..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/upbound-agent/clusterroles-managed.yaml +++ /dev/null @@ -1,66 +0,0 @@ -{{- if or (eq .Values.upbound.controlPlane.permission "view") (eq .Values.upbound.controlPlane.permission "edit") }} -# There are more permissions in upstream aggregated ClusterRoles than we'd like -# to have, so, we have our own ClusterRoles with only the permissions we need. ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "name" . }}:aggregate-to-view - labels: - rbac.crossplane.io/aggregate-to-view: "true" - {{- include "labelsAgent" . | nindent 4 }} -rules: - # Universal Crossplane viewers have access to view events. - - apiGroups: [""] - resources: [events] - verbs: [get, list, watch] - # Universal Crossplane viewers may see which namespaces exist. - - apiGroups: [""] - resources: [namespaces] - verbs: [get, list, watch] - # Universal Crossplane viewers may see CRDs installed in the cluster. - - apiGroups: [apiextensions.k8s.io] - resources: [customresourcedefinitions] - verbs: [get, list, watch] - # Universal Crossplane viewers have read-only access to built in Crossplane types. - - apiGroups: - - apiextensions.crossplane.io - resources: ["*"] - verbs: [get, list, watch] - - apiGroups: - - pkg.crossplane.io - resources: [providers, configurations, providerrevisions, configurationrevisions] - verbs: [get, list, watch] -{{- if eq .Values.upbound.controlPlane.permission "edit" }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "name" . }}:aggregate-to-edit - labels: - rbac.crossplane.io/aggregate-to-edit: "true" - {{- include "labelsAgent" . | nindent 4 }} -rules: - # Universal Crossplane editors have access to view events. - - apiGroups: [""] - resources: [events] - verbs: [get, list, watch] - # Universal Crossplane editors may see which namespaces exist, but not edit them. - - apiGroups: [""] - resources: [namespaces] - verbs: [get, list, watch] - # Universal Crossplane editors may see CRDs installed in the cluster. - - apiGroups: [apiextensions.k8s.io] - resources: [customresourcedefinitions] - verbs: [get, list, watch] - # Universal Crossplane editors have full access to built in Crossplane types. - - apiGroups: - - apiextensions.crossplane.io - resources: ["*"] - verbs: ["*"] - - apiGroups: - - pkg.crossplane.io - resources: [providers, configurations, providerrevisions, configurationrevisions] - verbs: ["*"] -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/upbound-agent/control-plane-token-secret.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/upbound-agent/control-plane-token-secret.yaml deleted file mode 100644 index 897846ae7..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/upbound-agent/control-plane-token-secret.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if .Values.upbound.controlPlane.token }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Values.upbound.controlPlane.tokenSecretName }} - labels: - {{- include "labels" . | nindent 4 }} -type: Opaque -data: - token: {{ .Values.upbound.controlPlane.token | b64enc | quote }} -{{- end }} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/upbound-agent/deployment.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/upbound-agent/deployment.yaml deleted file mode 100644 index c8cfd788a..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/upbound-agent/deployment.yaml +++ /dev/null @@ -1,103 +0,0 @@ -{{- if or (eq .Values.upbound.controlPlane.permission "view") (eq .Values.upbound.controlPlane.permission "edit") }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "agent-name" . }} - labels: - {{- include "labelsAgent" . | nindent 4 }} -spec: - replicas: 1 - selector: - matchLabels: - {{- include "selectorLabelsAgent" . | nindent 6 }} - template: - metadata: - labels: - {{- include "selectorLabelsAgent" . | nindent 8 }} - spec: - serviceAccountName: {{ template "agent-name" . }} - {{- if .Values.imagePullSecrets }} - imagePullSecrets: - {{- range $index, $secret := .Values.imagePullSecrets }} - - name: {{ $secret }} - {{- end }} - {{ end }} - containers: - - name: agent - image: "{{ .Values.agent.image.repository }}:{{ .Values.agent.image.tag }}" - args: - - agent - - --tls-cert-file - - /etc/certs/upbound-agent/tls.crt - - --tls-key-file - - /etc/certs/upbound-agent/tls.key - - --xgql-ca-bundle-file - - /etc/certs/upbound-agent/ca.crt - - --nats-endpoint - - nats://{{ .Values.upbound.connectHost }}:{{ .Values.upbound.connectPort | default "443" }} - - --upbound-api-endpoint - - {{ .Values.upbound.apiURL }} - - --pod-name - - $(POD_NAME) - - --control-plane-token-path - - /etc/tokens/control-plane/token - {{- if .Values.agent.config.debugMode }} - - "--debug" - {{- end }} - {{- range $arg := .Values.agent.config.args }} - - {{ $arg }} - {{- end }} - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - imagePullPolicy: {{ .Values.agent.image.pullPolicy }} - ports: - - name: agent - containerPort: 6443 - protocol: TCP - resources: - {{- toYaml .Values.agent.resources | nindent 12 }} -# TODO(muvaf): Disabled temporarily since we'd like to complete the installation -# even if the control plane token is not there, which makes these probes return -# false. -# readinessProbe: -# httpGet: -# scheme: HTTPS -# path: /readyz -# port: 6443 -# initialDelaySeconds: 5 -# timeoutSeconds: 5 -# periodSeconds: 5 -# failureThreshold: 3 -# livenessProbe: -# httpGet: -# scheme: HTTPS -# path: /livez -# port: 6443 -# initialDelaySeconds: 10 -# timeoutSeconds: 5 -# periodSeconds: 30 -# failureThreshold: 5 - volumeMounts: - - mountPath: /etc/certs/upbound-agent - name: certs - readOnly: true - - mountPath: /etc/tokens/control-plane - name: upbound-control-plane-token - readOnly: true - volumes: - - name: certs - secret: - defaultMode: 420 - secretName: upbound-agent-tls - - name: upbound-control-plane-token - secret: - defaultMode: 420 - secretName: {{ .Values.upbound.controlPlane.tokenSecretName }} - optional: true - items: - - key: token - path: token -{{- end }} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/upbound-agent/role.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/upbound-agent/role.yaml deleted file mode 100644 index 960bc4d48..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/upbound-agent/role.yaml +++ /dev/null @@ -1,66 +0,0 @@ -{{- if or (eq .Values.upbound.controlPlane.permission "view") (eq .Values.upbound.controlPlane.permission "edit") }} ---- -# We need to be able to read universal-crossplane-config configmap in the namespace -# where UXP is deployed to provide version/configuration information. -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "agent-name" . }}-uxp-config - labels: - {{- include "labelsAgent" . | nindent 4 }} -rules: - - apiGroups: [""] - resources: ["configmaps"] - resourceNames: ["universal-crossplane-config"] - verbs: ["get"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "agent-name" . }}-uxp-config - labels: - {{- include "labelsAgent" . | nindent 4 }} -subjects: - - apiGroup: rbac.authorization.k8s.io - kind: Group - name: upbound:view -{{- if eq .Values.upbound.controlPlane.permission "edit" }} - - apiGroup: rbac.authorization.k8s.io - kind: Group - name: upbound:edit -{{- end }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "agent-name" . }}-uxp-config -{{- end }} -{{- if eq .Values.upbound.controlPlane.permission "edit" }} ---- -# We need to be able to manage Secrets in the namespace where UXP is deployed -# so that Secrets pointed by ProviderConfig objects can be created by the agent. -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "agent-name" . }}-secret - labels: - {{- include "labelsAgent" . | nindent 4 }} -rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["*"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "agent-name" . }}-secret - labels: - {{- include "labelsAgent" . | nindent 4 }} -subjects: - - apiGroup: rbac.authorization.k8s.io - kind: Group - name: upbound:edit -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "agent-name" . }}-secret -{{- end }} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/upbound-agent/service.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/upbound-agent/service.yaml deleted file mode 100644 index 7e22879a3..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/upbound-agent/service.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if or (eq .Values.upbound.controlPlane.permission "view") (eq .Values.upbound.controlPlane.permission "edit") }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "agent-name" . }} - labels: - {{- include "labelsAgent" . | nindent 4 }} -spec: - selector: - {{- include "selectorLabelsAgent" . | nindent 4 }} - ports: - - port: 6443 - targetPort: 6443 - protocol: TCP - name: https -{{- end }} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/upbound-agent/serviceaccount.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/upbound-agent/serviceaccount.yaml deleted file mode 100644 index fe136d5c0..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/upbound-agent/serviceaccount.yaml +++ /dev/null @@ -1,8 +0,0 @@ -{{- if or (eq .Values.upbound.controlPlane.permission "view") (eq .Values.upbound.controlPlane.permission "edit") }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "agent-name" . }} - labels: - {{- include "labelsAgent" . | nindent 4 }} -{{- end }} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/upbound-agent/tls-secret.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/upbound-agent/tls-secret.yaml deleted file mode 100644 index 19a5c9748..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/upbound-agent/tls-secret.yaml +++ /dev/null @@ -1,9 +0,0 @@ -{{- if or (eq .Values.upbound.controlPlane.permission "view") (eq .Values.upbound.controlPlane.permission "edit") }} -apiVersion: v1 -kind: Secret -metadata: - name: upbound-agent-tls - labels: - {{- include "labelsAgent" . | nindent 4 }} -type: Opaque -{{- end }} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/xgql/_helpers.tpl b/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/xgql/_helpers.tpl deleted file mode 100644 index bd1141516..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/xgql/_helpers.tpl +++ /dev/null @@ -1,22 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{- define "xgql-name" -}} -{{- "xgql" -}} -{{- end -}} - -{{/* -Labels - xgql -*/}} -{{- define "labelsXgql" -}} -{{ include "labels" . }} -app.kubernetes.io/component: xgql -{{- end }} - -{{/* -Selector labels - xgql -*/}} -{{- define "selectorLabelsXgql" -}} -{{ include "selectorLabels" . }} -app.kubernetes.io/component: xgql -{{- end }} - diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/xgql/deployment.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/xgql/deployment.yaml deleted file mode 100644 index 520345385..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/xgql/deployment.yaml +++ /dev/null @@ -1,59 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "xgql-name" . }} - labels: - {{- include "labelsXgql" . | nindent 4 }} -spec: - selector: - matchLabels: - {{- include "selectorLabelsXgql" . | nindent 6 }} - template: - metadata: - labels: - {{- include "selectorLabelsXgql" . | nindent 8 }} - spec: - serviceAccountName: {{ template "xgql-name" . }} - {{- if .Values.imagePullSecrets }} - imagePullSecrets: - {{- range $index, $secret := .Values.imagePullSecrets }} - - name: {{ $secret }} - {{- end }} - {{ end }} - containers: - - name: xgql - image: "{{ .Values.xgql.image.repository }}:{{ .Values.xgql.image.tag }}" - imagePullPolicy: {{ .Values.xgql.image.pullPolicy }} - resources: - {{- toYaml .Values.xgql.resources | nindent 12 }} - ports: - - name: https - containerPort: 8443 - protocol: TCP - {{- if .Values.xgql.metrics.enabled }} - - name: metrics - containerPort: 8080 - {{- end }} - args: - - --tls-key=/etc/certs/xgql/tls.key - - --tls-cert=/etc/certs/xgql/tls.crt - {{- if .Values.xgql.config.debugMode }} - - "--debug" - {{- end }} - {{- range $arg := .Values.xgql.config.args }} - - {{ $arg }} - {{- end }} - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - volumeMounts: - - mountPath: /etc/certs/xgql - name: certs - readOnly: true - volumes: - - name: certs - secret: - defaultMode: 420 - secretName: xgql-tls diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/xgql/service.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/xgql/service.yaml deleted file mode 100644 index 80f822d3c..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/xgql/service.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "xgql-name" . }} - labels: - {{- include "labelsXgql" . | nindent 4 }} -spec: - selector: - {{- include "selectorLabelsXgql" . | nindent 4 }} - ports: - - port: 443 - targetPort: https - protocol: TCP - name: https diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/xgql/serviceaccount.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/xgql/serviceaccount.yaml deleted file mode 100644 index 88e8bbdb7..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/xgql/serviceaccount.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "xgql-name" . }} - labels: - {{- include "labelsXgql" . | nindent 4 }} diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/xgql/tls-secret.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/xgql/tls-secret.yaml deleted file mode 100644 index 4b06ca735..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/templates/xgql/tls-secret.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: xgql-tls - labels: - {{- include "labelsXgql" . | nindent 4 }} -type: Opaque diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/values.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/values.yaml deleted file mode 100644 index f5ed73d78..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/values.yaml +++ /dev/null @@ -1,152 +0,0 @@ -nameOverride: "crossplane" - -replicas: 1 - -deploymentStrategy: RollingUpdate - -image: - repository: crossplane/crossplane - tag: v1.2.2 - pullPolicy: IfNotPresent - -nodeSelector: {} -tolerations: {} -affinity: {} - -leaderElection: true -args: {} - -provider: - packages: [] - -configuration: - packages: [] - -imagePullSecrets: - - dockerhub - -rbacManager: - deploy: true - skipAggregatedClusterRoles: true - replicas: 1 - managementPolicy: Basic - leaderElection: true - args: {} - nodeSelector: {} - tolerations: {} - affinity: {} - -priorityClassName: "" - -resourcesCrossplane: - limits: - cpu: 100m - memory: 512Mi - requests: - cpu: 100m - memory: 256Mi - -securityContextCrossplane: - runAsUser: 65532 - runAsGroup: 65532 - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - -packageCache: - medium: "" - sizeLimit: 5Mi - pvc: "" - -resourcesRBACManager: - limits: - cpu: 100m - memory: 512Mi - requests: - cpu: 100m - memory: 256Mi - -securityContextRBACManager: - runAsUser: 65532 - runAsGroup: 65532 - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - -alpha: - oam: - enabled: false - -metrics: - enabled: false - -# List of extra environment variables to set in the crossplane deployment. -# EXAMPLE -# extraEnvironmentVars: -# sample.key=value1 -# ANOTHER.KEY=value2 -# RESULT -# - name: sample_key -# value: "value1" -# - name: ANOTHER_KEY -# value: "value2" -extraEnvVarsCrossplane: {} - -# List of extra environment variables to set in the crossplane rbac manager deployment. -# EXAMPLE -# extraEnvironmentVars: -# sample.key=value1 -# ANOTHER.KEY=value2 -# RESULT -# - name: sample_key -# value: "value1" -# - name: ANOTHER_KEY -# value: "value2" -extraEnvVarsRBACManager: {} - -### Agent Values - -upbound: - apiURL: "https://api.upbound.io" - connectHost: "connect.upbound.io" - controlPlane: - permission: edit - tokenSecretName: upbound-control-plane-token - token: "" - -xgql: - image: - repository: upbound/xgql - tag: v0.1.3 - pullPolicy: IfNotPresent - resources: {} - metrics: - enabled: false - config: - debugMode: false - args: [] - -agent: - image: - repository: upbound/upbound-agent - tag: v1.2.2-up.1 - pullPolicy: IfNotPresent - resources: {} - config: - debugMode: false - args: [] - -### Bootstrapper Values - -bootstrapper: - image: - repository: upbound/uxp-bootstrapper - tag: v1.2.2-up.1 - pullPolicy: IfNotPresent - resources: {} - config: - debugMode: false - args: [] - -billing: - awsMarketplace: - enabled: false - iamRoleARN: arn:aws:iam:::role/ diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/values.yaml.tmpl b/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/values.yaml.tmpl deleted file mode 100644 index a9a0a3389..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100+up1.2.2-up.1/values.yaml.tmpl +++ /dev/null @@ -1,152 +0,0 @@ -nameOverride: "crossplane" - -replicas: 1 - -deploymentStrategy: RollingUpdate - -image: - repository: crossplane/crossplane - tag: %%CROSSPLANE_TAG%% - pullPolicy: IfNotPresent - -nodeSelector: {} -tolerations: {} -affinity: {} - -leaderElection: true -args: {} - -provider: - packages: [] - -configuration: - packages: [] - -imagePullSecrets: - - dockerhub - -rbacManager: - deploy: true - skipAggregatedClusterRoles: true - replicas: 1 - managementPolicy: Basic - leaderElection: true - args: {} - nodeSelector: {} - tolerations: {} - affinity: {} - -priorityClassName: "" - -resourcesCrossplane: - limits: - cpu: 100m - memory: 512Mi - requests: - cpu: 100m - memory: 256Mi - -securityContextCrossplane: - runAsUser: 65532 - runAsGroup: 65532 - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - -packageCache: - medium: "" - sizeLimit: 5Mi - pvc: "" - -resourcesRBACManager: - limits: - cpu: 100m - memory: 512Mi - requests: - cpu: 100m - memory: 256Mi - -securityContextRBACManager: - runAsUser: 65532 - runAsGroup: 65532 - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - -alpha: - oam: - enabled: false - -metrics: - enabled: false - -# List of extra environment variables to set in the crossplane deployment. -# EXAMPLE -# extraEnvironmentVars: -# sample.key=value1 -# ANOTHER.KEY=value2 -# RESULT -# - name: sample_key -# value: "value1" -# - name: ANOTHER_KEY -# value: "value2" -extraEnvVarsCrossplane: {} - -# List of extra environment variables to set in the crossplane rbac manager deployment. -# EXAMPLE -# extraEnvironmentVars: -# sample.key=value1 -# ANOTHER.KEY=value2 -# RESULT -# - name: sample_key -# value: "value1" -# - name: ANOTHER_KEY -# value: "value2" -extraEnvVarsRBACManager: {} - -### Agent Values - -upbound: - apiURL: "https://api.upbound.io" - connectHost: "connect.upbound.io" - controlPlane: - permission: edit - tokenSecretName: upbound-control-plane-token - token: "" - -xgql: - image: - repository: upbound/xgql - tag: %%XGQL_TAG%% - pullPolicy: IfNotPresent - resources: {} - metrics: - enabled: false - config: - debugMode: false - args: [] - -agent: - image: - repository: upbound/upbound-agent - tag: %%AGENT_TAG%% - pullPolicy: IfNotPresent - resources: {} - config: - debugMode: false - args: [] - -### Bootstrapper Values - -bootstrapper: - image: - repository: upbound/uxp-bootstrapper - tag: %%BOOTSTRAPPER_TAG%% - pullPolicy: IfNotPresent - resources: {} - config: - debugMode: false - args: [] - -billing: - awsMarketplace: - enabled: false - iamRoleARN: arn:aws:iam:::role/ diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/.helmignore b/charts/universal-crossplane/universal-crossplane/1.2.200100/.helmignore deleted file mode 100755 index f0c131944..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/Chart.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100/Chart.yaml deleted file mode 100755 index d7090fa7d..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100/Chart.yaml +++ /dev/null @@ -1,42 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: Upbound Universal Crossplane - catalog.cattle.io/release-name: universal-crossplane -apiVersion: v1 -appVersion: 1.2.2001 -description: 'Upbound Universal Crossplane (UXP) is Upbound''s official enterprise-grade - distribution of Crossplane. It''s fully compatible with upstream Crossplane, open - source, capable of connecting to Upbound Cloud for real-time dashboard visibility, - and maintained by Upbound. It''s the easiest way for both individual community members - and enterprises to build their production control planes. ' -home: https://upbound.io -icon: https://raw.githubusercontent.com/upbound/universal-crossplane/66ce9eb2c5a0c3af8ed7d19551a2c4d743b933b9/docs/media/logo.png -keywords: -- cloud -- infrastructure -- services -- application -- database -- cache -- bucket -- infra -- app -- ops -- oam -- gcp -- azure -- aws -- alibaba -- cloudsql -- rds -- s3 -- azuredatabase -- asparadb -- gke -- aks -- eks -maintainers: -- email: info@upbound.io - name: Upbound Inc. -name: universal-crossplane -version: 1.2.200100 diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/app-readme.md b/charts/universal-crossplane/universal-crossplane/1.2.200100/app-readme.md deleted file mode 100755 index c6d8ecfe0..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100/app-readme.md +++ /dev/null @@ -1,36 +0,0 @@ -# Upbound Universal Crossplane (UXP) - -Upbound Universal Crossplane (UXP) is [Upbound's](https://upbound.io) official enterprise-grade distribution of [Crossplane](https://crossplane.io). It's fully compatible with upstream Crossplane, [open source](https://github.com/upbound/universal-crossplane), capable of connecting to [Upbound Cloud](https://cloud.upbound.io) for real-time dashboard visibility, and maintained by Upbound. It's the easiest way for both individual community members and enterprises to build their production control planes. - -## Connecting to Upbound Cloud - -You can optionally connect your Universal Crossplane instance to Upbound Cloud. -Follow the steps below to connect your Universal Crossplane cluster to your Upbound Cloud Console. - -1. Install Upbound CLI - - You will need to make sure you have the Upbound CLI installed before you continue. If you need more information on how to install the Upbound CLI, you can read the [Installing Upbound CLI Documentation](https://cloud.upbound.io/docs/cli). - - ``` - curl -sL https://cli.upbound.io | sh - ``` - -2. Log in to Upbound Cloud - - ``` - up cloud login --profile=rancher --account=$UPBOUND_ACCOUNT - ``` - - Or, to log in using an Upbound [API token](https://cloud.upbound.io/account/settings/tokens): - - ``` - up cloud login --profile=rancher --account=$UPBOUND_ACCOUNT --token=$API_TOKEN - ``` - -3. Create a Self-Hosted Control Plane - - ``` - up cloud controlplane attach $CONTROL_PLANE_NAME --profile=rancher - ``` - -4. Provide the token obtained in the previous step as `upbound.controlPlane.token` under `Upbound Cloud` section \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/questions.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100/questions.yaml deleted file mode 100755 index c5cb628bf..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100/questions.yaml +++ /dev/null @@ -1,184 +0,0 @@ -questions: -# Upbound Cloud configuration -- variable: upbound.controlPlane.token - label: upbound.controlPlane.token - required: false - type: password - description: Token used to connect Upbound Cloud - group: "Upbound Cloud" -- variable: upbound.controlPlane.permission - label: upbound.controlPlane.permission - required: false - type: enum - default: "edit" - options: - - "edit" - - "view" - description: Cluster permissions for Upbound Cloud - group: "Upbound Cloud" -# Basic Crossplane configuration -- variable: replicas - label: replicas - description: Number of replicas to run for Crossplane pods - type: int - default: 1 - required: true - group: "Crossplane" -# Advanced Crossplane configuration -- variable: advancedCrossplaneConfiguration - description: View advanced configuration settings - label: View advanced configuration - type: boolean - default: false - show_subquestion_if: true - group: "Crossplane" - subquestions: - - variable: leaderElection - label: leaderElection - description: "Enable leader election for Crossplane Managers pod" - type: boolean - default: true - required: false - group: "Crossplane" - - variable: deploymentStrategy - label: deploymentStrategy - description: "The deployment strategy for the Crossplane and RBAC Manager (if enabled) pods" - type: enum - default: "RollingUpdate" - options: - - "RollingUpdate" - - "Recreate" - required: true - group: "Crossplane" - - variable: priorityClassName - label: priorityClassName - description: "Priority class name for Crossplane and RBAC Manager (if enabled) pods" - type: string - required: false - group: "Crossplane" - - variable: metrics.enabled - label: metrics.enabled - description: "Expose Crossplane and RBAC Manager metrics endpoint" - type: boolean - required: false - group: "Crossplane" -# Basic Crossplane RBAC Manager configuration -- variable: rbacManager.deploy - label: rbacManager.deploy - description: "Deploy RBAC Manager" - type: boolean - default: true - required: true - group: "Crossplane RBAC Manager" -- variable: rbacManager.replicas - label: rbacManager.replicas - description: "The number of replicas to run for the RBAC Manager pods" - type: int - default: 1 - required: true - group: "Crossplane RBAC Manager" -# Advanced Crossplane RBAC Manager configuration -- variable: advancedRBACManagerConfiguration - description: View advanced configuration settings - label: View advanced configuration - type: boolean - default: false - show_subquestion_if: true - group: "Crossplane RBAC Manager" - subquestions: - - variable: rbacManager.leaderElection - label: rbacManager.leaderElection - description: "Enable leader election for RBAC Managers pod" - type: boolean - default: true - group: "Crossplane RBAC Manager" - - variable: rbacManager.managementPolicy - label: rbacManager.managementPolicy - description: RBAC manager permissions. 'All' enables management for every Crossplane controller and user role. 'Basic' enables management just for Crossplane controller roles and the crossplane-admin, crossplane-edit, and crossplane-view user roles. - type: enum - default: "Basic" - options: - - "Basic" - - "All" - required: true - group: "Crossplane RBAC Manager" - - variable: rbacManager.skipAggregatedClusterRoles - label: rbacManager.skipAggregatedClusterRoles - description: "Opt out of deploying aggregated ClusterRoles" - type: boolean - default: true - group: "Crossplane RBAC Manager" -# Basic Package configuration -- variable: provider.packages - label: provider.packages - description: List of Provider packages to install with Crossplane. Select 'Edit as YAML' for the best editing experience. - type: string - required: false - group: "Packages" -- variable: configuration.packages - label: configuration.packages - description: List of Configuration packages to install with Crossplane. Select 'Edit as YAML' for the best editing experience. - type: string - required: false - group: "Packages" -# Advanced Package configuration -- variable: advancedPackageConfiguration - description: View advanced configuration settings - label: View advanced configuration - type: boolean - default: false - show_subquestion_if: true - group: "Packages" - subquestions: - - variable: packageCache.sizeLimit - label: packageCache.sizeLimit - description: "Size limit for package cache. If medium is Memory then maximum usage would be the minimum of this value the sum of all memory limits on containers in the Crossplane pod" - type: string - default: "5Mi" - group: "Packages" - - variable: packageCache.medium - label: packageCache.medium - description: "Storage medium for package cache. Memory means volume will be backed by tmpfs, which can be useful for development" - type: string - group: "Packages" - - variable: packageCache.pvc - label: packageCache.pvc - description: "Name of the PersistentVolumeClaim to be used as the package cache. Providing a value will cause the default emptyDir volume to not be mounted" - type: string - group: "Packages" -# Basic XGQL configuration -- variable: xgql.config.debugMode - label: xgql.config.debugMode - description: "Enable debug mode for XGQL" - type: boolean - default: false - group: "XGQL" -# Advanced Crossplane configuration -- variable: advancedXGQLConfiguration - description: View advanced configuration settings - label: View advanced configuration - type: boolean - default: false - show_subquestion_if: true - group: "XGQL" - subquestions: - - variable: xgql.metrics.enabled - label: xgql.metrics.enabled - description: "Expose XGQL metrics endpoint" - type: boolean - required: false - group: "XGQL" -# Basic Agent configuration -- variable: agent.config.debugMode - label: agent.config.debugMode - description: "Enable debug mode for Upbound Agent" - type: boolean - default: false - group: "Upbound Agent" -# Basic Bootstrapper configuration -- variable: bootstrapper.config.debugMode - label: bootstrapper.config.debugMode - description: "Enable debug mode for Bootstrapper" - type: boolean - default: false - group: "Bootstrapper" \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/NOTES.txt b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/NOTES.txt deleted file mode 100755 index 33260c04f..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/NOTES.txt +++ /dev/null @@ -1,15 +0,0 @@ -By proceeding, you are accepting to comply with terms and conditions in https://licenses.upbound.io/upbound-software-license.html - -✨ Thank you for installing Universal Crossplane! -{{- if or (eq .Values.upbound.controlPlane.permission "view") (eq .Values.upbound.controlPlane.permission "edit") }} -🚀 You can now connect your cluster to Upbound Cloud! - -Example command: -{{ if eq .Values.upbound.controlPlane.permission "edit" }} -$ up cloud controlplane attach | \ -up uxp connect --token-secret-name {{ .Values.upbound.controlPlane.tokenSecretName }} --namespace {{ .Release.Namespace }} - -{{- else if eq .Values.upbound.controlPlane.permission "view" }} -$ up cloud controlplane attach --view-only | \ -up uxp connect --token-secret-name {{ .Values.upbound.controlPlane.tokenSecretName }} --namespace {{ .Release.Namespace }} - -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/_helpers.tpl b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/_helpers.tpl deleted file mode 100755 index 7ba5d8058..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/_helpers.tpl +++ /dev/null @@ -1,21 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* -Common labels -*/}} -{{- define "labels" -}} -helm.sh/chart: {{ include "chart" . }} -{{ include "selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "selectorLabels" -}} -app.kubernetes.io/name: {{ include "name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/_helpers.tpl b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/_helpers.tpl deleted file mode 100755 index bdca1ae09..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/_helpers.tpl +++ /dev/null @@ -1,21 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{- define "bootstrapper-name" -}} -{{- "upbound-bootstrapper" -}} -{{- end -}} - -{{/* -Labels - bootstrapper -*/}} -{{- define "labelsBootstrapper" -}} -{{ include "labels" . }} -app.kubernetes.io/component: bootstrapper -{{- end }} - -{{/* -Selector labels - bootstrapper -*/}} -{{- define "selectorLabelsBootstrapper" -}} -{{ include "selectorLabels" . }} -app.kubernetes.io/component: bootstrapper -{{- end }} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/clusterrole.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/clusterrole.yaml deleted file mode 100755 index 162abdd7a..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/clusterrole.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "bootstrapper-name" . }} - labels: - {{- include "labelsBootstrapper" . | nindent 4 }} -rules: - # Bootstrapper needs to identify the cluster uniquely and it does that by using - # UID of kube-system namespace. - - apiGroups: - - "" - resources: - - namespaces - resourceNames: - - "kube-system" - verbs: - - "get" - # Controller-runtime requires watch and list permissions to build its resource - # cache of the kind that any client query is made for. - - apiGroups: - - "" - resources: - - namespaces - verbs: - - "list" - - "watch" diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/clusterrolebinding.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/clusterrolebinding.yaml deleted file mode 100755 index 33fd634cd..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/clusterrolebinding.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "bootstrapper-name" . }} - labels: - {{- include "labelsBootstrapper" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "bootstrapper-name" . }} -subjects: - - kind: ServiceAccount - name: {{ template "bootstrapper-name" . }} - namespace: {{ .Release.Namespace }} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/deployment.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/deployment.yaml deleted file mode 100755 index 14dd4335e..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/deployment.yaml +++ /dev/null @@ -1,53 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "bootstrapper-name" . }} - labels: - {{- include "labelsBootstrapper" . | nindent 4 }} -spec: - replicas: 1 - selector: - matchLabels: - {{- include "selectorLabelsBootstrapper" . | nindent 6 }} - template: - metadata: - labels: - {{- include "selectorLabelsBootstrapper" . | nindent 8 }} - spec: - serviceAccountName: {{ template "bootstrapper-name" . }} - {{- if .Values.billing.awsMarketplace.enabled }} - securityContext: - # Providing this is not required for 1.19 or later clusters. - # See https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts-technical-overview.html - fsGroup: 1337 - {{- end }} - {{- if .Values.imagePullSecrets }} - imagePullSecrets: - {{- range $index, $secret := .Values.imagePullSecrets }} - - name: {{ $secret }} - {{- end }} - {{ end }} - containers: - - name: bootstrapper - image: "{{ .Values.bootstrapper.image.repository }}:{{ .Values.bootstrapper.image.tag }}" - args: - - start - - --namespace - - {{ .Release.Namespace }} - - --upbound-api-url - - {{ .Values.upbound.apiURL }} - - --controller - - tls-secrets - {{- if .Values.billing.awsMarketplace.enabled }} - - --controller - - aws-marketplace - {{- end }} - {{- if .Values.bootstrapper.config.debugMode }} - - "--debug" - {{- end }} - {{- range $arg := .Values.bootstrapper.config.args }} - - {{ $arg }} - {{- end }} - imagePullPolicy: {{ .Values.bootstrapper.image.pullPolicy }} - resources: - {{- toYaml .Values.bootstrapper.resources | nindent 12 }} diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/role.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/role.yaml deleted file mode 100755 index e14c58f58..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/role.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "bootstrapper-name" . }} - labels: - {{- include "labelsBootstrapper" . | nindent 4 }} -rules: - - apiGroups: [""] - resources: ["events"] - verbs: ["create", "update", "patch", "delete"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["watch", "list"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "update", "patch"] - resourceNames: - - uxp-ca - - upbound-agent-public-certs - - upbound-agent-tls - - xgql-tls - {{- if .Values.billing.awsMarketplace.enabled }} - - upbound-entitlement - {{- end}} diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/rolebinding.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/rolebinding.yaml deleted file mode 100755 index aa41bb33a..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/rolebinding.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "bootstrapper-name" . }} - labels: - {{- include "labelsBootstrapper" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "bootstrapper-name" . }} -subjects: - - kind: ServiceAccount - name: {{ template "bootstrapper-name" . }} - namespace: {{ .Release.Namespace }} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/secret-entitlement.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/secret-entitlement.yaml deleted file mode 100755 index 7e311b629..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/secret-entitlement.yaml +++ /dev/null @@ -1,9 +0,0 @@ -{{- if .Values.billing.awsMarketplace.enabled }} -apiVersion: v1 -kind: Secret -metadata: - name: upbound-entitlement - labels: - {{- include "labelsBootstrapper" . | nindent 4 }} -type: Opaque -{{- end }} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/serviceaccount.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/serviceaccount.yaml deleted file mode 100755 index 1768272a3..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/serviceaccount.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "bootstrapper-name" . }} - {{- if and .Values.billing.awsMarketplace.enabled .Values.billing.awsMarketplace.iamRoleARN }} - annotations: - eks.amazonaws.com/role-arn: {{ .Values.billing.awsMarketplace.iamRoleARN | quote }} - {{- end }} - labels: - {{- include "labelsBootstrapper" . | nindent 4 }} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/uxp-ca-tls-secret.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/uxp-ca-tls-secret.yaml deleted file mode 100755 index 07163971e..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/uxp-ca-tls-secret.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: uxp-ca - labels: - {{- include "labels" . | nindent 4 }} -type: Opaque diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/versions-configmap.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/versions-configmap.yaml deleted file mode 100755 index 1eacb8d16..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/versions-configmap.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: universal-crossplane-config - labels: - {{- include "labelsBootstrapper" . | nindent 4 }} -data: - crossplaneVersion: {{ (trimPrefix "v" .Values.image.tag) }} - xgqlVersion: {{ (trimPrefix "v" .Values.xgql.image.tag) }} - agentVersion: {{ (trimPrefix "v" .Values.agent.image.tag) }} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/NOTES.txt b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/NOTES.txt deleted file mode 100755 index f1c8a0c63..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/NOTES.txt +++ /dev/null @@ -1,8 +0,0 @@ -Release: {{.Release.Name}} - -Chart Name: {{.Chart.Name}} -Chart Description: {{.Chart.Description}} -Chart Version: {{.Chart.Version}} -Chart Application Version: {{.Chart.AppVersion}} - -Kube Version: {{.Capabilities.KubeVersion}} diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/_helpers.tpl b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/_helpers.tpl deleted file mode 100755 index 921e9df26..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/_helpers.tpl +++ /dev/null @@ -1,14 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/clusterrole.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/clusterrole.yaml deleted file mode 100755 index 8a6b573cc..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/clusterrole.yaml +++ /dev/null @@ -1,93 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "name" . }} - labels: - app: {{ template "name" . }} - chart: {{ template "chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -aggregationRule: - clusterRoleSelectors: - - matchLabels: - rbac.crossplane.io/aggregate-to-crossplane: "true" -rules: [] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "name" . }}:system:aggregate-to-crossplane - labels: - app: {{ template "name" . }} - chart: {{ template "chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - crossplane.io/scope: "system" - rbac.crossplane.io/aggregate-to-crossplane: "true" -rules: -- apiGroups: - - "" - resources: - - events - verbs: - - create - - update - - patch - - delete -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - "*" -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch - - create - - update - - patch -- apiGroups: - - "" - resources: - - serviceaccounts - verbs: - - "*" -- apiGroups: - - apiextensions.crossplane.io - - pkg.crossplane.io - resources: - - "*" - verbs: - - "*" -- apiGroups: - - extensions - - apps - resources: - - deployments - verbs: - - get - - list - - create - - update - - patch - - delete - - watch -- apiGroups: - - "" - - coordination.k8s.io - resources: - - configmaps - - leases - verbs: - - get - - list - - create - - update - - patch - - watch - - delete diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/clusterrolebinding.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/clusterrolebinding.yaml deleted file mode 100755 index d0fb877c2..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "name" . }} - labels: - app: {{ template "name" . }} - chart: {{ template "chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "name" . }} -subjects: -- kind: ServiceAccount - name: {{ template "name" . }} - namespace: {{ .Release.Namespace }} diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/deployment.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/deployment.yaml deleted file mode 100755 index b51ab99ad..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/deployment.yaml +++ /dev/null @@ -1,104 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "name" . }} - labels: - app: {{ template "name" . }} - chart: {{ template "chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - replicas: {{ .Values.replicas }} - selector: - matchLabels: - app: {{ template "name" . }} - release: {{ .Release.Name }} - strategy: - type: {{ .Values.deploymentStrategy }} - template: - metadata: - {{- if .Values.metrics.enabled }} - annotations: - prometheus.io/path: /metrics - prometheus.io/port: "8080" - prometheus.io/scrape: "true" - {{- end }} - labels: - app: {{ template "name" . }} - release: {{ .Release.Name }} - spec: - {{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName | quote }} - {{- end }} - serviceAccountName: {{ template "name" . }} - initContainers: - - image: {{ .Values.image.repository }}:{{ .Values.image.tag }} - args: - - core - - init - {{- range $arg := .Values.provider.packages }} - - --provider - - "{{ $arg }}" - {{- end }} - {{- range $arg := .Values.configuration.packages }} - - --configuration - - "{{ $arg }}" - {{- end }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - name: {{ .Chart.Name }}-init - resources: - {{- toYaml .Values.resourcesCrossplane | nindent 12 }} - securityContext: - {{- toYaml .Values.securityContextCrossplane | nindent 12 }} - containers: - - image: {{ .Values.image.repository }}:{{ .Values.image.tag }} - args: - - core - - start - {{- range $arg := .Values.args }} - - {{ $arg }} - {{- end }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - name: {{ .Chart.Name }} - resources: - {{- toYaml .Values.resourcesCrossplane | nindent 12 }} - {{- if .Values.metrics.enabled }} - ports: - - name: metrics - containerPort: 8080 - {{- end }} - securityContext: - {{- toYaml .Values.securityContextCrossplane | nindent 12 }} - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: LEADER_ELECTION - value: "{{ .Values.leaderElection }}" - {{- range $key, $value := .Values.extraEnvVarsCrossplane }} - - name: {{ $key | replace "." "_" }} - value: {{ $value | quote }} - {{- end}} - volumeMounts: - - mountPath: /cache - name: package-cache - volumes: - - name: package-cache - {{- if .Values.packageCache.pvc }} - persistentVolumeClaim: - claimName: {{ .Values.packageCache.pvc }} - {{- else }} - emptyDir: - medium: {{ .Values.packageCache.medium }} - sizeLimit: {{ .Values.packageCache.sizeLimit }} - {{- end }} - {{- if .Values.nodeSelector }} - nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }} - {{- end }} - {{- if .Values.tolerations }} - tolerations: {{ toYaml .Values.tolerations | nindent 8 }} - {{- end }} - {{- if .Values.affinity }} - affinity: {{ toYaml .Values.affinity | nindent 8 }} - {{- end }} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/rbac-manager-allowed-provider-permissions.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/rbac-manager-allowed-provider-permissions.yaml deleted file mode 100755 index 3b6ce2270..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/rbac-manager-allowed-provider-permissions.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.rbacManager.deploy }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "name" . }}:allowed-provider-permissions - labels: - app: {{ template "name" . }} - chart: {{ template "chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -aggregationRule: - clusterRoleSelectors: - - matchLabels: - rbac.crossplane.io/aggregate-to-allowed-provider-permissions: "true" -{{- end}} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/rbac-manager-clusterrole.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/rbac-manager-clusterrole.yaml deleted file mode 100755 index de8478697..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/rbac-manager-clusterrole.yaml +++ /dev/null @@ -1,94 +0,0 @@ -{{- if .Values.rbacManager.deploy }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "name" . }}-rbac-manager - labels: - app: {{ template "name" . }} - chart: {{ template "chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -rules: -- apiGroups: - - "" - resources: - - events - verbs: - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - namespaces - - serviceaccounts - verbs: - - get - - list - - watch -- apiGroups: - - apiextensions.crossplane.io - resources: - - compositeresourcedefinitions - verbs: - - get - - list - - watch -- apiGroups: - - pkg.crossplane.io - resources: - - providerrevisions - verbs: - - get - - list - - watch -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - get - - list - - watch -- apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterroles - - roles - verbs: - - get - - list - - watch - - create - - update - - patch - # The RBAC manager may grant access it does not have. - - escalate -- apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterroles - verbs: - - bind -- apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterrolebindings - verbs: - - "*" -- apiGroups: - - "" - - coordination.k8s.io - resources: - - configmaps - - leases - verbs: - - get - - list - - create - - update - - patch - - watch - - delete -{{- end}} diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/rbac-manager-clusterrolebinding.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/rbac-manager-clusterrolebinding.yaml deleted file mode 100755 index bda467f24..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/rbac-manager-clusterrolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.rbacManager.deploy }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "name" . }}-rbac-manager - labels: - app: {{ template "name" . }} - chart: {{ template "chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "name" . }}-rbac-manager -subjects: -- kind: ServiceAccount - name: rbac-manager - namespace: {{ .Release.Namespace }} -{{- end}} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/rbac-manager-deployment.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/rbac-manager-deployment.yaml deleted file mode 100755 index 110a5285d..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/rbac-manager-deployment.yaml +++ /dev/null @@ -1,85 +0,0 @@ -{{- if .Values.rbacManager.deploy }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "name" . }}-rbac-manager - labels: - app: {{ template "name" . }}-rbac-manager - chart: {{ template "chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - replicas: {{ .Values.rbacManager.replicas }} - selector: - matchLabels: - app: {{ template "name" . }}-rbac-manager - release: {{ .Release.Name }} - strategy: - type: {{ .Values.deploymentStrategy }} - template: - metadata: - {{- if .Values.metrics.enabled }} - annotations: - prometheus.io/path: /metrics - prometheus.io/port: "8080" - prometheus.io/scrape: "true" - {{- end }} - labels: - app: {{ template "name" . }}-rbac-manager - release: {{ .Release.Name }} - spec: - {{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName | quote }} - {{- end }} - serviceAccountName: rbac-manager - initContainers: - - image: {{ .Values.image.repository }}:{{ .Values.image.tag }} - args: - - rbac - - init - imagePullPolicy: {{ .Values.image.pullPolicy }} - name: {{ .Chart.Name }}-init - resources: - {{- toYaml .Values.resourcesRBACManager | nindent 12 }} - securityContext: - {{- toYaml .Values.securityContextRBACManager | nindent 12 }} - containers: - - image: {{ .Values.image.repository }}:{{ .Values.image.tag }} - args: - - rbac - - start - {{- if .Values.rbacManager.managementPolicy }} - - --manage={{ .Values.rbacManager.managementPolicy }} - {{- end }} - {{- range $arg := .Values.rbacManager.args }} - - {{ $arg }} - {{- end }} - - --provider-clusterrole={{ template "name" .}}:allowed-provider-permissions - imagePullPolicy: {{ .Values.image.pullPolicy }} - name: {{ .Chart.Name }} - resources: - {{- toYaml .Values.resourcesRBACManager | nindent 12 }} - {{- if .Values.metrics.enabled }} - ports: - - name: metrics - containerPort: 8080 - {{- end }} - securityContext: - {{- toYaml .Values.securityContextRBACManager | nindent 12 }} - env: - - name: LEADER_ELECTION - value: "{{ .Values.rbacManager.leaderElection }}" - {{- range $key, $value := .Values.extraEnvVarsRBACManager }} - - name: {{ $key | replace "." "_" }} - value: {{ $value | quote }} - {{- end}} - {{- if .Values.rbacManager.nodeSelector }} - nodeSelector: {{ toYaml .Values.rbacManager.nodeSelector | nindent 8 }} - {{- end }} - {{- if .Values.rbacManager.tolerations }} - tolerations: {{ toYaml .Values.rbacManager.tolerations | nindent 8 }} - {{- end }} - {{- if .Values.rbacManager.affinity }} - affinity: {{ toYaml .Values.rbacManager.affinity | nindent 8 }} - {{- end }} -{{- end}} diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/rbac-manager-managed-clusterroles.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/rbac-manager-managed-clusterroles.yaml deleted file mode 100755 index 3d41fb9b5..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/rbac-manager-managed-clusterroles.yaml +++ /dev/null @@ -1,279 +0,0 @@ -{{- if .Values.rbacManager.deploy }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "name" . }}-admin -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "name" . }}-admin -subjects: -- apiGroup: rbac.authorization.k8s.io - kind: Group - name: {{ template "name" . }}:masters ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "name" . }}-admin - labels: - app: {{ template "name" . }} - chart: {{ template "chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -aggregationRule: - clusterRoleSelectors: - - matchLabels: - rbac.crossplane.io/aggregate-to-admin: "true" ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "name" . }}-edit - labels: - app: {{ template "name" . }} - chart: {{ template "chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -aggregationRule: - clusterRoleSelectors: - - matchLabels: - rbac.crossplane.io/aggregate-to-edit: "true" ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "name" . }}-view - labels: - app: {{ template "name" . }} - chart: {{ template "chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -aggregationRule: - clusterRoleSelectors: - - matchLabels: - rbac.crossplane.io/aggregate-to-view: "true" ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "name" . }}-browse - labels: - app: {{ template "name" . }} - chart: {{ template "chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -aggregationRule: - clusterRoleSelectors: - - matchLabels: - rbac.crossplane.io/aggregate-to-browse: "true" -{{- if not .Values.rbacManager.skipAggregatedClusterRoles }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "name" . }}:aggregate-to-admin - labels: - rbac.crossplane.io/aggregate-to-admin: "true" - app: {{ template "name" . }} - chart: {{ template "chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -rules: -# Crossplane administrators have access to view events. -- apiGroups: [""] - resources: [events] - verbs: [get, list, watch] -# Crossplane administrators must create provider credential secrets, and may -# need to read or otherwise interact with connection secrets. They may also need -# to create or annotate namespaces. -- apiGroups: [""] - resources: [secrets, namespaces] - verbs: ["*"] -# Crossplane administrators have access to view the roles that they may be able -# to grant to other subjects. -- apiGroups: [rbac.authorization.k8s.io] - resources: [clusterroles, roles] - verbs: [get, list, watch] -# Crossplane administrators have access to grant the access they have to other -# subjects. -- apiGroups: [rbac.authorization.k8s.io] - resources: [clusterrolebindings, rolebindings] - verbs: ["*"] -# Crossplane administrators have full access to built in Crossplane types. -- apiGroups: - - apiextensions.crossplane.io - resources: ["*"] - verbs: ["*"] -- apiGroups: - - pkg.crossplane.io - resources: [providers, configurations, providerrevisions, configurationrevisions] - verbs: ["*"] -# Crossplane administrators have access to view CRDs in order to debug XRDs. -- apiGroups: [apiextensions.k8s.io] - resources: [customresourcedefinitions] - verbs: [get, list, watch] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "name" . }}:aggregate-to-edit - labels: - rbac.crossplane.io/aggregate-to-edit: "true" - app: {{ template "name" . }} - chart: {{ template "chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -rules: -# Crossplane editors have access to view events. -- apiGroups: [""] - resources: [events] - verbs: [get, list, watch] -# Crossplane editors must create provider credential secrets, and may need to -# read or otherwise interact with connection secrets. -- apiGroups: [""] - resources: [secrets] - verbs: ["*"] -# Crossplane editors may see which namespaces exist, but not edit them. -- apiGroups: [""] - resources: [namespaces] - verbs: [get, list, watch] -# Crossplane editors have full access to built in Crossplane types. -- apiGroups: - - apiextensions.crossplane.io - resources: ["*"] - verbs: ["*"] -- apiGroups: - - pkg.crossplane.io - resources: [providers, configurations, providerrevisions, configurationrevisions] - verbs: ["*"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "name" . }}:aggregate-to-view - labels: - rbac.crossplane.io/aggregate-to-view: "true" - app: {{ template "name" . }} - chart: {{ template "chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -rules: -# Crossplane viewers have access to view events. -- apiGroups: [""] - resources: [events] - verbs: [get, list, watch] -# Crossplane viewers may see which namespaces exist. -- apiGroups: [""] - resources: [namespaces] - verbs: [get, list, watch] -# Crossplane viewers have read-only access to built in Crossplane types. -- apiGroups: - - apiextensions.crossplane.io - resources: ["*"] - verbs: [get, list, watch] -- apiGroups: - - pkg.crossplane.io - resources: [providers, configurations, providerrevisions, configurationrevisions] - verbs: [get, list, watch] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "name" . }}:aggregate-to-browse - labels: - rbac.crossplane.io/aggregate-to-browse: "true" - app: {{ template "name" . }} - chart: {{ template "chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -rules: -# Crossplane browsers have access to view events. -- apiGroups: [""] - resources: [events] - verbs: [get, list, watch] -# Crossplane browsers have read-only access to compositions and XRDs. This -# allows them to discover and select an appropriate composition when creating a -# resource claim. -- apiGroups: - - apiextensions.crossplane.io - resources: ["*"] - verbs: [get, list, watch] -{{- if .Values.rbacManager.managementPolicy }} ---- -# The below ClusterRoles are aggregated to the namespaced RBAC roles created by -# the Crossplane RBAC manager when it is running in --manage=All mode. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "name" . }}:aggregate-to-ns-admin - labels: - rbac.crossplane.io/aggregate-to-ns-admin: "true" - rbac.crossplane.io/base-of-ns-admin: "true" - app: {{ template "name" . }} - chart: {{ template "chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -rules: -# Crossplane namespace admins have access to view events. -- apiGroups: [""] - resources: [events] - verbs: [get, list, watch] -# Crossplane namespace admins may need to read or otherwise interact with -# resource claim connection secrets. -- apiGroups: [""] - resources: [secrets] - verbs: ["*"] -# Crossplane namespace admins have access to view the roles that they may be -# able to grant to other subjects. -- apiGroups: [rbac.authorization.k8s.io] - resources: [roles] - verbs: [get, list, watch] -# Crossplane namespace admins have access to grant the access they have to other -# subjects. -- apiGroups: [rbac.authorization.k8s.io] - resources: [rolebindings] - verbs: ["*"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "name" . }}:aggregate-to-ns-edit - labels: - rbac.crossplane.io/aggregate-to-ns-edit: "true" - rbac.crossplane.io/base-of-ns-edit: "true" - app: {{ template "name" . }} - chart: {{ template "chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -rules: -# Crossplane namespace editors have access to view events. -- apiGroups: [""] - resources: [events] - verbs: [get, list, watch] -# Crossplane namespace editors may need to read or otherwise interact with -# resource claim connection secrets. -- apiGroups: [""] - resources: [secrets] - verbs: ["*"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "name" . }}:aggregate-to-ns-view - labels: - rbac.crossplane.io/aggregate-to-ns-view: "true" - rbac.crossplane.io/base-of-ns-view: "true" - app: {{ template "name" . }} - chart: {{ template "chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -rules: -# Crossplane namespace viewers have access to view events. -- apiGroups: [""] - resources: [events] - verbs: [get, list, watch] -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/rbac-manager-serviceaccount.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/rbac-manager-serviceaccount.yaml deleted file mode 100755 index dfefe4050..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/rbac-manager-serviceaccount.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if .Values.rbacManager.deploy }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: rbac-manager - labels: - app: {{ template "name" . }} - chart: {{ template "chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -{{- end}} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/serviceaccount.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/serviceaccount.yaml deleted file mode 100755 index d3d47223c..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/serviceaccount.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "name" . }} - labels: - app: {{ template "name" . }} - chart: {{ template "chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -{{- if .Values.imagePullSecrets }} -imagePullSecrets: -{{- range $index, $secret := .Values.imagePullSecrets }} -- name: {{ $secret }} -{{- end }} -{{ end }} diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/_helpers.tpl b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/_helpers.tpl deleted file mode 100755 index 4db04bfaa..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/_helpers.tpl +++ /dev/null @@ -1,22 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{- define "agent-name" -}} -{{- "upbound-agent" -}} -{{- end -}} - -{{/* -Labels - agent -*/}} -{{- define "labelsAgent" -}} -{{ include "labels" . }} -app.kubernetes.io/component: agent -{{- end }} - -{{/* -Selector labels - agent -*/}} -{{- define "selectorLabelsAgent" -}} -{{ include "selectorLabels" . }} -app.kubernetes.io/component: agent -{{- end }} - diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/clusterrole.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/clusterrole.yaml deleted file mode 100755 index 9dc24441e..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/clusterrole.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if or (eq .Values.upbound.controlPlane.permission "view") (eq .Values.upbound.controlPlane.permission "edit") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "agent-name" . }} - labels: - {{- include "labelsAgent" . | nindent 4 }} -rules: - - apiGroups: [""] - resources: ["namespaces"] - resourceNames: ["kube-system"] - verbs: ["get"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "agent-name" . }}-impersonator - labels: - {{- include "labelsAgent" . | nindent 4 }} -rules: - - apiGroups: [""] - resources: ["users"] - verbs: ["impersonate"] - resourceNames: ["upbound-cloud-impersonator"] - - apiGroups: ["authentication.k8s.io"] - resources: ["userextras/upbound-id"] - verbs: ["impersonate"] - - apiGroups: [""] - resources: ["groups"] - resourceNames: - # system:authenticated is required for calls to discovery API. Some Kubernetes - # clients like kubectl use it to figure out exactly which endpoints to call - # for given arguments. - - "system:authenticated" - - "upbound:view" -{{- if eq .Values.upbound.controlPlane.permission "edit" }} - - "upbound:edit" -{{- end }} - verbs: ["impersonate"] -{{- end }} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/clusterrolebindings-managed.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/clusterrolebindings-managed.yaml deleted file mode 100755 index 66e157620..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/clusterrolebindings-managed.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{- if or (eq .Values.upbound.controlPlane.permission "view") (eq .Values.upbound.controlPlane.permission "edit") }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "name" . }}-view - labels: - {{- include "labelsAgent" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "name" . }}-view -subjects: - - apiGroup: rbac.authorization.k8s.io - kind: Group - name: upbound:view -{{- if eq .Values.upbound.controlPlane.permission "edit" }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "name" . }}-edit - labels: - {{- include "labelsAgent" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "name" . }}-edit -subjects: - - apiGroup: rbac.authorization.k8s.io - kind: Group - name: upbound:edit -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/clusterrolebindings.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/clusterrolebindings.yaml deleted file mode 100755 index ec99faf43..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/clusterrolebindings.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{- if or (eq .Values.upbound.controlPlane.permission "view") (eq .Values.upbound.controlPlane.permission "edit") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "agent-name" . }} - labels: - {{- include "labelsAgent" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "agent-name" . }} -subjects: -- kind: ServiceAccount - name: {{ template "agent-name" . }} - namespace: {{ .Release.Namespace }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "agent-name" . }}-impersonator - labels: - {{- include "labelsAgent" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "agent-name" . }}-impersonator -subjects: - - kind: ServiceAccount - name: {{ template "agent-name" . }} - namespace: {{ .Release.Namespace }} -{{- end }} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/clusterroles-managed.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/clusterroles-managed.yaml deleted file mode 100755 index fcca427a0..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/clusterroles-managed.yaml +++ /dev/null @@ -1,66 +0,0 @@ -{{- if or (eq .Values.upbound.controlPlane.permission "view") (eq .Values.upbound.controlPlane.permission "edit") }} -# There are more permissions in upstream aggregated ClusterRoles than we'd like -# to have, so, we have our own ClusterRoles with only the permissions we need. ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "name" . }}:aggregate-to-view - labels: - rbac.crossplane.io/aggregate-to-view: "true" - {{- include "labelsAgent" . | nindent 4 }} -rules: - # Universal Crossplane viewers have access to view events. - - apiGroups: [""] - resources: [events] - verbs: [get, list, watch] - # Universal Crossplane viewers may see which namespaces exist. - - apiGroups: [""] - resources: [namespaces] - verbs: [get, list, watch] - # Universal Crossplane viewers may see CRDs installed in the cluster. - - apiGroups: [apiextensions.k8s.io] - resources: [customresourcedefinitions] - verbs: [get, list, watch] - # Universal Crossplane viewers have read-only access to built in Crossplane types. - - apiGroups: - - apiextensions.crossplane.io - resources: ["*"] - verbs: [get, list, watch] - - apiGroups: - - pkg.crossplane.io - resources: [providers, configurations, providerrevisions, configurationrevisions] - verbs: [get, list, watch] -{{- if eq .Values.upbound.controlPlane.permission "edit" }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "name" . }}:aggregate-to-edit - labels: - rbac.crossplane.io/aggregate-to-edit: "true" - {{- include "labelsAgent" . | nindent 4 }} -rules: - # Universal Crossplane editors have access to view events. - - apiGroups: [""] - resources: [events] - verbs: [get, list, watch] - # Universal Crossplane editors may see which namespaces exist, but not edit them. - - apiGroups: [""] - resources: [namespaces] - verbs: [get, list, watch] - # Universal Crossplane editors may see CRDs installed in the cluster. - - apiGroups: [apiextensions.k8s.io] - resources: [customresourcedefinitions] - verbs: [get, list, watch] - # Universal Crossplane editors have full access to built in Crossplane types. - - apiGroups: - - apiextensions.crossplane.io - resources: ["*"] - verbs: ["*"] - - apiGroups: - - pkg.crossplane.io - resources: [providers, configurations, providerrevisions, configurationrevisions] - verbs: ["*"] -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/control-plane-token-secret.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/control-plane-token-secret.yaml deleted file mode 100755 index 897846ae7..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/control-plane-token-secret.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if .Values.upbound.controlPlane.token }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Values.upbound.controlPlane.tokenSecretName }} - labels: - {{- include "labels" . | nindent 4 }} -type: Opaque -data: - token: {{ .Values.upbound.controlPlane.token | b64enc | quote }} -{{- end }} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/deployment.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/deployment.yaml deleted file mode 100755 index c8cfd788a..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/deployment.yaml +++ /dev/null @@ -1,103 +0,0 @@ -{{- if or (eq .Values.upbound.controlPlane.permission "view") (eq .Values.upbound.controlPlane.permission "edit") }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "agent-name" . }} - labels: - {{- include "labelsAgent" . | nindent 4 }} -spec: - replicas: 1 - selector: - matchLabels: - {{- include "selectorLabelsAgent" . | nindent 6 }} - template: - metadata: - labels: - {{- include "selectorLabelsAgent" . | nindent 8 }} - spec: - serviceAccountName: {{ template "agent-name" . }} - {{- if .Values.imagePullSecrets }} - imagePullSecrets: - {{- range $index, $secret := .Values.imagePullSecrets }} - - name: {{ $secret }} - {{- end }} - {{ end }} - containers: - - name: agent - image: "{{ .Values.agent.image.repository }}:{{ .Values.agent.image.tag }}" - args: - - agent - - --tls-cert-file - - /etc/certs/upbound-agent/tls.crt - - --tls-key-file - - /etc/certs/upbound-agent/tls.key - - --xgql-ca-bundle-file - - /etc/certs/upbound-agent/ca.crt - - --nats-endpoint - - nats://{{ .Values.upbound.connectHost }}:{{ .Values.upbound.connectPort | default "443" }} - - --upbound-api-endpoint - - {{ .Values.upbound.apiURL }} - - --pod-name - - $(POD_NAME) - - --control-plane-token-path - - /etc/tokens/control-plane/token - {{- if .Values.agent.config.debugMode }} - - "--debug" - {{- end }} - {{- range $arg := .Values.agent.config.args }} - - {{ $arg }} - {{- end }} - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - imagePullPolicy: {{ .Values.agent.image.pullPolicy }} - ports: - - name: agent - containerPort: 6443 - protocol: TCP - resources: - {{- toYaml .Values.agent.resources | nindent 12 }} -# TODO(muvaf): Disabled temporarily since we'd like to complete the installation -# even if the control plane token is not there, which makes these probes return -# false. -# readinessProbe: -# httpGet: -# scheme: HTTPS -# path: /readyz -# port: 6443 -# initialDelaySeconds: 5 -# timeoutSeconds: 5 -# periodSeconds: 5 -# failureThreshold: 3 -# livenessProbe: -# httpGet: -# scheme: HTTPS -# path: /livez -# port: 6443 -# initialDelaySeconds: 10 -# timeoutSeconds: 5 -# periodSeconds: 30 -# failureThreshold: 5 - volumeMounts: - - mountPath: /etc/certs/upbound-agent - name: certs - readOnly: true - - mountPath: /etc/tokens/control-plane - name: upbound-control-plane-token - readOnly: true - volumes: - - name: certs - secret: - defaultMode: 420 - secretName: upbound-agent-tls - - name: upbound-control-plane-token - secret: - defaultMode: 420 - secretName: {{ .Values.upbound.controlPlane.tokenSecretName }} - optional: true - items: - - key: token - path: token -{{- end }} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/role.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/role.yaml deleted file mode 100755 index 960bc4d48..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/role.yaml +++ /dev/null @@ -1,66 +0,0 @@ -{{- if or (eq .Values.upbound.controlPlane.permission "view") (eq .Values.upbound.controlPlane.permission "edit") }} ---- -# We need to be able to read universal-crossplane-config configmap in the namespace -# where UXP is deployed to provide version/configuration information. -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "agent-name" . }}-uxp-config - labels: - {{- include "labelsAgent" . | nindent 4 }} -rules: - - apiGroups: [""] - resources: ["configmaps"] - resourceNames: ["universal-crossplane-config"] - verbs: ["get"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "agent-name" . }}-uxp-config - labels: - {{- include "labelsAgent" . | nindent 4 }} -subjects: - - apiGroup: rbac.authorization.k8s.io - kind: Group - name: upbound:view -{{- if eq .Values.upbound.controlPlane.permission "edit" }} - - apiGroup: rbac.authorization.k8s.io - kind: Group - name: upbound:edit -{{- end }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "agent-name" . }}-uxp-config -{{- end }} -{{- if eq .Values.upbound.controlPlane.permission "edit" }} ---- -# We need to be able to manage Secrets in the namespace where UXP is deployed -# so that Secrets pointed by ProviderConfig objects can be created by the agent. -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "agent-name" . }}-secret - labels: - {{- include "labelsAgent" . | nindent 4 }} -rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["*"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "agent-name" . }}-secret - labels: - {{- include "labelsAgent" . | nindent 4 }} -subjects: - - apiGroup: rbac.authorization.k8s.io - kind: Group - name: upbound:edit -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "agent-name" . }}-secret -{{- end }} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/service.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/service.yaml deleted file mode 100755 index 7e22879a3..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/service.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if or (eq .Values.upbound.controlPlane.permission "view") (eq .Values.upbound.controlPlane.permission "edit") }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "agent-name" . }} - labels: - {{- include "labelsAgent" . | nindent 4 }} -spec: - selector: - {{- include "selectorLabelsAgent" . | nindent 4 }} - ports: - - port: 6443 - targetPort: 6443 - protocol: TCP - name: https -{{- end }} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/serviceaccount.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/serviceaccount.yaml deleted file mode 100755 index fe136d5c0..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/serviceaccount.yaml +++ /dev/null @@ -1,8 +0,0 @@ -{{- if or (eq .Values.upbound.controlPlane.permission "view") (eq .Values.upbound.controlPlane.permission "edit") }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "agent-name" . }} - labels: - {{- include "labelsAgent" . | nindent 4 }} -{{- end }} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/tls-secret.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/tls-secret.yaml deleted file mode 100755 index 19a5c9748..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/tls-secret.yaml +++ /dev/null @@ -1,9 +0,0 @@ -{{- if or (eq .Values.upbound.controlPlane.permission "view") (eq .Values.upbound.controlPlane.permission "edit") }} -apiVersion: v1 -kind: Secret -metadata: - name: upbound-agent-tls - labels: - {{- include "labelsAgent" . | nindent 4 }} -type: Opaque -{{- end }} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/xgql/_helpers.tpl b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/xgql/_helpers.tpl deleted file mode 100755 index bd1141516..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/xgql/_helpers.tpl +++ /dev/null @@ -1,22 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{- define "xgql-name" -}} -{{- "xgql" -}} -{{- end -}} - -{{/* -Labels - xgql -*/}} -{{- define "labelsXgql" -}} -{{ include "labels" . }} -app.kubernetes.io/component: xgql -{{- end }} - -{{/* -Selector labels - xgql -*/}} -{{- define "selectorLabelsXgql" -}} -{{ include "selectorLabels" . }} -app.kubernetes.io/component: xgql -{{- end }} - diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/xgql/deployment.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/xgql/deployment.yaml deleted file mode 100755 index 520345385..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/xgql/deployment.yaml +++ /dev/null @@ -1,59 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "xgql-name" . }} - labels: - {{- include "labelsXgql" . | nindent 4 }} -spec: - selector: - matchLabels: - {{- include "selectorLabelsXgql" . | nindent 6 }} - template: - metadata: - labels: - {{- include "selectorLabelsXgql" . | nindent 8 }} - spec: - serviceAccountName: {{ template "xgql-name" . }} - {{- if .Values.imagePullSecrets }} - imagePullSecrets: - {{- range $index, $secret := .Values.imagePullSecrets }} - - name: {{ $secret }} - {{- end }} - {{ end }} - containers: - - name: xgql - image: "{{ .Values.xgql.image.repository }}:{{ .Values.xgql.image.tag }}" - imagePullPolicy: {{ .Values.xgql.image.pullPolicy }} - resources: - {{- toYaml .Values.xgql.resources | nindent 12 }} - ports: - - name: https - containerPort: 8443 - protocol: TCP - {{- if .Values.xgql.metrics.enabled }} - - name: metrics - containerPort: 8080 - {{- end }} - args: - - --tls-key=/etc/certs/xgql/tls.key - - --tls-cert=/etc/certs/xgql/tls.crt - {{- if .Values.xgql.config.debugMode }} - - "--debug" - {{- end }} - {{- range $arg := .Values.xgql.config.args }} - - {{ $arg }} - {{- end }} - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - volumeMounts: - - mountPath: /etc/certs/xgql - name: certs - readOnly: true - volumes: - - name: certs - secret: - defaultMode: 420 - secretName: xgql-tls diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/xgql/service.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/xgql/service.yaml deleted file mode 100755 index 80f822d3c..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/xgql/service.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "xgql-name" . }} - labels: - {{- include "labelsXgql" . | nindent 4 }} -spec: - selector: - {{- include "selectorLabelsXgql" . | nindent 4 }} - ports: - - port: 443 - targetPort: https - protocol: TCP - name: https diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/xgql/serviceaccount.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/xgql/serviceaccount.yaml deleted file mode 100755 index 88e8bbdb7..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/xgql/serviceaccount.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "xgql-name" . }} - labels: - {{- include "labelsXgql" . | nindent 4 }} diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/xgql/tls-secret.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/xgql/tls-secret.yaml deleted file mode 100755 index 4b06ca735..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/xgql/tls-secret.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: xgql-tls - labels: - {{- include "labelsXgql" . | nindent 4 }} -type: Opaque diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/values.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100/values.yaml deleted file mode 100755 index f5ed73d78..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100/values.yaml +++ /dev/null @@ -1,152 +0,0 @@ -nameOverride: "crossplane" - -replicas: 1 - -deploymentStrategy: RollingUpdate - -image: - repository: crossplane/crossplane - tag: v1.2.2 - pullPolicy: IfNotPresent - -nodeSelector: {} -tolerations: {} -affinity: {} - -leaderElection: true -args: {} - -provider: - packages: [] - -configuration: - packages: [] - -imagePullSecrets: - - dockerhub - -rbacManager: - deploy: true - skipAggregatedClusterRoles: true - replicas: 1 - managementPolicy: Basic - leaderElection: true - args: {} - nodeSelector: {} - tolerations: {} - affinity: {} - -priorityClassName: "" - -resourcesCrossplane: - limits: - cpu: 100m - memory: 512Mi - requests: - cpu: 100m - memory: 256Mi - -securityContextCrossplane: - runAsUser: 65532 - runAsGroup: 65532 - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - -packageCache: - medium: "" - sizeLimit: 5Mi - pvc: "" - -resourcesRBACManager: - limits: - cpu: 100m - memory: 512Mi - requests: - cpu: 100m - memory: 256Mi - -securityContextRBACManager: - runAsUser: 65532 - runAsGroup: 65532 - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - -alpha: - oam: - enabled: false - -metrics: - enabled: false - -# List of extra environment variables to set in the crossplane deployment. -# EXAMPLE -# extraEnvironmentVars: -# sample.key=value1 -# ANOTHER.KEY=value2 -# RESULT -# - name: sample_key -# value: "value1" -# - name: ANOTHER_KEY -# value: "value2" -extraEnvVarsCrossplane: {} - -# List of extra environment variables to set in the crossplane rbac manager deployment. -# EXAMPLE -# extraEnvironmentVars: -# sample.key=value1 -# ANOTHER.KEY=value2 -# RESULT -# - name: sample_key -# value: "value1" -# - name: ANOTHER_KEY -# value: "value2" -extraEnvVarsRBACManager: {} - -### Agent Values - -upbound: - apiURL: "https://api.upbound.io" - connectHost: "connect.upbound.io" - controlPlane: - permission: edit - tokenSecretName: upbound-control-plane-token - token: "" - -xgql: - image: - repository: upbound/xgql - tag: v0.1.3 - pullPolicy: IfNotPresent - resources: {} - metrics: - enabled: false - config: - debugMode: false - args: [] - -agent: - image: - repository: upbound/upbound-agent - tag: v1.2.2-up.1 - pullPolicy: IfNotPresent - resources: {} - config: - debugMode: false - args: [] - -### Bootstrapper Values - -bootstrapper: - image: - repository: upbound/uxp-bootstrapper - tag: v1.2.2-up.1 - pullPolicy: IfNotPresent - resources: {} - config: - debugMode: false - args: [] - -billing: - awsMarketplace: - enabled: false - iamRoleARN: arn:aws:iam:::role/ diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/values.yaml.tmpl b/charts/universal-crossplane/universal-crossplane/1.2.200100/values.yaml.tmpl deleted file mode 100755 index a9a0a3389..000000000 --- a/charts/universal-crossplane/universal-crossplane/1.2.200100/values.yaml.tmpl +++ /dev/null @@ -1,152 +0,0 @@ -nameOverride: "crossplane" - -replicas: 1 - -deploymentStrategy: RollingUpdate - -image: - repository: crossplane/crossplane - tag: %%CROSSPLANE_TAG%% - pullPolicy: IfNotPresent - -nodeSelector: {} -tolerations: {} -affinity: {} - -leaderElection: true -args: {} - -provider: - packages: [] - -configuration: - packages: [] - -imagePullSecrets: - - dockerhub - -rbacManager: - deploy: true - skipAggregatedClusterRoles: true - replicas: 1 - managementPolicy: Basic - leaderElection: true - args: {} - nodeSelector: {} - tolerations: {} - affinity: {} - -priorityClassName: "" - -resourcesCrossplane: - limits: - cpu: 100m - memory: 512Mi - requests: - cpu: 100m - memory: 256Mi - -securityContextCrossplane: - runAsUser: 65532 - runAsGroup: 65532 - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - -packageCache: - medium: "" - sizeLimit: 5Mi - pvc: "" - -resourcesRBACManager: - limits: - cpu: 100m - memory: 512Mi - requests: - cpu: 100m - memory: 256Mi - -securityContextRBACManager: - runAsUser: 65532 - runAsGroup: 65532 - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - -alpha: - oam: - enabled: false - -metrics: - enabled: false - -# List of extra environment variables to set in the crossplane deployment. -# EXAMPLE -# extraEnvironmentVars: -# sample.key=value1 -# ANOTHER.KEY=value2 -# RESULT -# - name: sample_key -# value: "value1" -# - name: ANOTHER_KEY -# value: "value2" -extraEnvVarsCrossplane: {} - -# List of extra environment variables to set in the crossplane rbac manager deployment. -# EXAMPLE -# extraEnvironmentVars: -# sample.key=value1 -# ANOTHER.KEY=value2 -# RESULT -# - name: sample_key -# value: "value1" -# - name: ANOTHER_KEY -# value: "value2" -extraEnvVarsRBACManager: {} - -### Agent Values - -upbound: - apiURL: "https://api.upbound.io" - connectHost: "connect.upbound.io" - controlPlane: - permission: edit - tokenSecretName: upbound-control-plane-token - token: "" - -xgql: - image: - repository: upbound/xgql - tag: %%XGQL_TAG%% - pullPolicy: IfNotPresent - resources: {} - metrics: - enabled: false - config: - debugMode: false - args: [] - -agent: - image: - repository: upbound/upbound-agent - tag: %%AGENT_TAG%% - pullPolicy: IfNotPresent - resources: {} - config: - debugMode: false - args: [] - -### Bootstrapper Values - -bootstrapper: - image: - repository: upbound/uxp-bootstrapper - tag: %%BOOTSTRAPPER_TAG%% - pullPolicy: IfNotPresent - resources: {} - config: - debugMode: false - args: [] - -billing: - awsMarketplace: - enabled: false - iamRoleARN: arn:aws:iam:::role/ diff --git a/index.yaml b/index.yaml deleted file mode 100755 index f2b41ee6a..000000000 --- a/index.yaml +++ /dev/null @@ -1,1649 +0,0 @@ -apiVersion: v1 -entries: - ambassador: - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: Ambassador Edge Stack - catalog.cattle.io/release-name: ambassador - apiVersion: v1 - appVersion: 1.13.8 - created: "2021-06-25T13:41:52.528853-07:00" - description: A Helm chart for Datawire Ambassador - digest: 395a8bfddf57116dabaa5f96ef027e05094b25c720947223f9167843cf4e7319 - home: https://www.getambassador.io/ - icon: https://www.getambassador.io/images/logo.png - keywords: - - api gateway - - ambassador - - datawire - - envoy - maintainers: - - email: markus@maga.se - name: flydiverny - - email: flynn@datawire.io - name: kflynn - - email: nkrause@datawire.io - name: nbkrause - - email: lukeshu@datawire.io - name: lukeshu - name: ambassador - sources: - - https://github.com/datawire/ambassador - - https://github.com/prometheus/statsd_exporter - urls: - - assets/ambassador/ambassador-6.7.1100+up6.7.11.tgz - version: 6.7.1100+up6.7.11 - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: Ambassador Edge Stack - catalog.cattle.io/release-name: ambassador - apiVersion: v1 - appVersion: 1.13.8 - created: "2021-06-25T13:41:52.533613-07:00" - description: A Helm chart for Datawire Ambassador - digest: f56e602f017a6e48d2838033b31ce356a47db561fcd9c02e008d06b67be95b90 - home: https://www.getambassador.io/ - icon: https://www.getambassador.io/images/logo.png - keywords: - - api gateway - - ambassador - - datawire - - envoy - maintainers: - - email: markus@maga.se - name: flydiverny - - email: flynn@datawire.io - name: kflynn - - email: nkrause@datawire.io - name: nbkrause - - email: lukeshu@datawire.io - name: lukeshu - name: ambassador - sources: - - https://github.com/datawire/ambassador - - https://github.com/prometheus/statsd_exporter - urls: - - assets/ambassador/ambassador-6.7.1100.tgz - version: 6.7.1100 - artifactory-ha: - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: artifactory-ha - apiVersion: v1 - appVersion: 7.17.5 - created: "2021-06-25T13:41:52.555596-07:00" - dependencies: - - condition: postgresql.enabled - name: postgresql - repository: file://./charts/postgresql - description: Universal Repository Manager supporting all major packaging formats, - build tools and CI servers. - digest: ceb2a4c71444df42a6501ef920b2f372852c4dde79f050533b79b00e2b8bb234 - home: https://www.jfrog.com/artifactory/ - icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory-ha/logo/artifactory-logo.png - keywords: - - artifactory - - jfrog - - devops - maintainers: - - email: installers@jfrog.com - name: Chart Maintainers at JFrog - name: artifactory-ha - sources: - - https://github.com/jfrog/charts - urls: - - assets/artifactory-ha/artifactory-ha-4.13.0.tgz - version: 4.13.0 - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: artifactory-ha - apiVersion: v1 - appVersion: 7.17.5 - created: "2021-06-25T13:41:52.566603-07:00" - dependencies: - - condition: postgresql.enabled - name: postgresql - repository: https://charts.bitnami.com/bitnami - version: 9.3.4 - description: Universal Repository Manager supporting all major packaging formats, - build tools and CI servers. - digest: 63b4083aaf16e3f8f46c01943a6113b11beebdab0b3bd9e6b482ad3e8cc4e56a - home: https://www.jfrog.com/artifactory/ - icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory-ha/logo/artifactory-logo.png - keywords: - - artifactory - - jfrog - - devops - maintainers: - - email: installers@jfrog.com - name: Chart Maintainers at JFrog - name: artifactory-ha - sources: - - https://github.com/jfrog/charts - urls: - - assets/artifactory-ha/artifactory-ha-4.13.000.tgz - version: 4.13.000 - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: artifactory-ha - apiVersion: v1 - appVersion: 7.12.6 - created: "2021-06-25T13:41:52.575924-07:00" - dependencies: - - condition: postgresql.enabled - name: postgresql - repository: https://charts.bitnami.com/bitnami - version: 9.3.4 - description: Universal Repository Manager supporting all major packaging formats, - build tools and CI servers. - digest: 6f13240e67c292e0a7229b1e0b1d8389991e10850d629fab7bac34b7f702fa3c - home: https://www.jfrog.com/artifactory/ - icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory-ha/logo/artifactory-logo.png - keywords: - - artifactory - - jfrog - - devops - maintainers: - - email: installers@jfrog.com - name: Chart Maintainers at JFrog - name: artifactory-ha - sources: - - https://bintray.com/jfrog/product/JFrog-Artifactory-Pro/view - - https://github.com/jfrog/charts - urls: - - assets/artifactory-ha/artifactory-ha-4.7.600.tgz - version: 4.7.600 - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: artifactory-ha - apiVersion: v1 - appVersion: 7.6.3 - created: "2021-06-25T13:41:52.544154-07:00" - dependencies: - - condition: postgresql.enabled - name: postgresql - repository: https://charts.bitnami.com/bitnami - version: 8.7.3 - description: Universal Repository Manager supporting all major packaging formats, - build tools and CI servers. - digest: cfe8c5e0fbf007f8f858b65ab788ad297cdece703364d94ff9d36beca395ca6a - home: https://www.jfrog.com/artifactory/ - icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory-ha/logo/artifactory-logo.png - keywords: - - artifactory - - jfrog - - devops - maintainers: - - email: amithk@jfrog.com - name: amithins - - email: daniele@jfrog.com - name: danielezer - - email: eldada@jfrog.com - name: eldada - - email: ramc@jfrog.com - name: chukka - - email: rimasm@jfrog.com - name: rimusz - name: artifactory-ha - sources: - - https://bintray.com/jfrog/product/JFrog-Artifactory-Pro/view - - https://github.com/jfrog/charts - urls: - - assets/artifactory-ha/artifactory-ha-3.0.1400.tgz - version: 3.0.1400 - artifactory-jcr: - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: artifactory-jcr - apiVersion: v1 - appVersion: 7.12.5 - created: "2021-06-25T13:41:52.593747-07:00" - dependencies: - - name: artifactory - repository: file://./charts/artifactory - description: JFrog Container Registry - digest: e30459226984ff62c7cd1849b9ee428808a25b1e20ee557e6baf0448b451401c - home: https://jfrog.com/container-registry/ - icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory-jcr/logo/jcr-logo.png - keywords: - - artifactory - - jfrog - - container - - registry - - devops - - jfrog-container-registry - maintainers: - - email: helm@jfrog.com - name: Chart Maintainers at JFrog - name: artifactory-jcr - sources: - - https://github.com/jfrog/charts - urls: - - assets/artifactory-jcr/artifactory-jcr-3.4.0.tgz - version: 3.4.0 - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: artifactory-jcr - apiVersion: v1 - appVersion: 7.12.5 - created: "2021-06-25T13:41:52.602995-07:00" - dependencies: - - name: artifactory - repository: https://charts.jfrog.io/ - version: 11.7.4 - description: JFrog Container Registry - digest: 148af8042991b7d031770887a8d64e034268c2e1e3eb03f55e13310a40cb2a60 - home: https://jfrog.com/container-registry/ - icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory-jcr/logo/jcr-logo.png - keywords: - - artifactory - - jfrog - - container - - registry - - devops - - jfrog-container-registry - maintainers: - - email: helm@jfrog.com - name: Chart Maintainers at JFrog - name: artifactory-jcr - sources: - - https://github.com/jfrog/charts - urls: - - assets/artifactory-jcr/artifactory-jcr-3.4.000.tgz - version: 3.4.000 - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: artifactory-jcr - apiVersion: v1 - appVersion: 7.6.3 - created: "2021-06-25T13:41:52.584328-07:00" - dependencies: - - name: artifactory - repository: https://charts.jfrog.io/ - version: 10.0.12 - description: JFrog Container Registry - digest: 4f32c8460467e79492bfab5da99afbd5867f6e8dc305d96458790b6de083f4da - home: https://jfrog.com/container-registry/ - icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory-jcr/logo/jcr-logo.png - keywords: - - artifactory - - jfrog - - container - - registry - - devops - - jfrog-container-registry - maintainers: - - email: amithk@jfrog.com - name: amithins - - email: daniele@jfrog.com - name: danielezer - - email: eldada@jfrog.com - name: eldada - - email: ramc@jfrog.com - name: chukka - - email: rimasm@jfrog.com - name: rimusz - - email: vinaya@jfrog.com - name: vinaya - name: artifactory-jcr - sources: - - https://github.com/jfrog/charts - urls: - - assets/artifactory-jcr/artifactory-jcr-2.5.100.tgz - version: 2.5.100 - citrix-adc-istio-ingress-gateway: - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: citrix-adc-istio-ingress-gateway - apiVersion: v1 - appVersion: 1.2.1 - created: "2021-06-25T13:41:52.603786-07:00" - description: A Helm chart for Citrix ADC as Ingress Gateway installation in Istio - Service Mesh on Kubernetes platform - digest: c8c7b066435836143a6ba4566e991eb0651829071ccb068955c09b8be86398fe - home: https://www.citrix.com - icon: https://raw.githubusercontent.com/citrix/citrix-helm-charts/gh-pages/icon.png - maintainers: - - email: dhiraj.gedam@citrix.com - name: dheerajng - - email: subash.dangol@citrix.com - name: subashd - name: citrix-adc-istio-ingress-gateway - sources: - - https://github.com/citrix/citrix-istio-adaptor - urls: - - assets/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway-1.2.100+up1.2.1.tgz - version: 1.2.100+up1.2.1 - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: citrix-adc-istio-ingress-gateway - apiVersion: v1 - appVersion: 1.2.1 - created: "2021-06-25T13:41:52.60455-07:00" - description: A Helm chart for Citrix ADC as Ingress Gateway installation in Istio - Service Mesh on Kubernetes platform - digest: 41121dad6ac7271f2ada14e5f8cbc7d398e1e656db95e1937ab1dc5bab563e4c - home: https://www.citrix.com - icon: https://raw.githubusercontent.com/citrix/citrix-helm-charts/gh-pages/icon.png - maintainers: - - email: dhiraj.gedam@citrix.com - name: dheerajng - - email: subash.dangol@citrix.com - name: subashd - name: citrix-adc-istio-ingress-gateway - sources: - - https://github.com/citrix/citrix-istio-adaptor - urls: - - assets/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway-1.2.100.tgz - version: 1.2.100 - citrix-cpx-with-ingress-controller: - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: citrix-cpx-with-ingress-controller - apiVersion: v1 - appVersion: 1.8.28 - created: "2021-06-25T13:41:52.605538-07:00" - description: A Helm chart for Citrix ADC CPX with Citrix ingress Controller running - as sidecar. - digest: 493e807c2e3864ea31432940e54c281202ee7adf627bd263a310f889dd61c1ec - home: https://www.citrix.com - icon: https://raw.githubusercontent.com/citrix/citrix-helm-charts/gh-pages/icon.png - maintainers: - - email: priyanka.sharma@citrix.com - name: priyankash-citrix - - email: subash.dangol@citrix.com - name: subashd - name: citrix-cpx-with-ingress-controller - sources: - - https://github.com/citrix/citrix-k8s-ingress-controller - urls: - - assets/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller-1.8.2800+up1.8.28.tgz - version: 1.8.2800+up1.8.28 - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: citrix-cpx-with-ingress-controller - apiVersion: v1 - appVersion: 1.8.28 - created: "2021-06-25T13:41:52.606529-07:00" - description: A Helm chart for Citrix ADC CPX with Citrix ingress Controller running - as sidecar. - digest: 298c1472ff1afea8333346f2d67dc4bb6fb64779b4b90378b18e57180995286e - home: https://www.citrix.com - icon: https://raw.githubusercontent.com/citrix/citrix-helm-charts/gh-pages/icon.png - maintainers: - - email: priyanka.sharma@citrix.com - name: priyankash-citrix - - email: subash.dangol@citrix.com - name: subashd - name: citrix-cpx-with-ingress-controller - sources: - - https://github.com/citrix/citrix-k8s-ingress-controller - urls: - - assets/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller-1.8.2800.tgz - version: 1.8.2800 - cloudcasa: - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: CloudCasa - catalog.cattle.io/namespace: cloudcasa-io - catalog.cattle.io/release-name: cloudcasa - apiVersion: v2 - appVersion: 2.0.0 - created: "2021-07-27T11:19:43.932053861+05:30" - description: CloudCasa backup service for Kubernetes and cloud native applications - digest: 2949fc524bea78210922a0a022a69df22ce5275a721610a4ba317603fed26c0e - home: https://cloudcasa.io - icon: https://partner-charts.rancher.io/assets/logos/cloudcasa.png - keywords: - - backup - - Catalogic - - CloudCasa - kubeVersion: '>=1.13.0-0' - maintainers: - - email: info@catalogicsoftware.com - name: catalogicsoftware - name: cloudcasa - urls: - - assets/cloudcasa/cloudcasa-2.0.0.tgz - version: 2.0.0 - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: CloudCasa - catalog.cattle.io/namespace: cloudcasa-io - catalog.cattle.io/release-name: cloudcasa - apiVersion: v2 - appVersion: 1.0.0 - created: "2021-06-25T13:41:52.609099-07:00" - description: CloudCasa backup service for Kubernetes and cloud native applications - digest: 6697648e35c4787d26ec7e342ea025014bdf7b0f717dca661aab2386e2a684e2 - home: https://cloudcasa.io - icon: https://partner-charts.rancher.io/assets/logos/cloudcasa.png - keywords: - - backup - - Catalogic - - CloudCasa - kubeVersion: '>=1.13.0-0' - maintainers: - - email: info@catalogicsoftware.com - name: catalogicsoftware - name: cloudcasa - urls: - - assets/cloudcasa/cloudcasa-1.0.0.tgz - version: 1.0.0 - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: Cloudcasa - catalog.cattle.io/namespace: cloudcasa-io - catalog.cattle.io/release-name: cloudcasa - apiVersion: v2 - appVersion: "1.0" - created: "2021-06-25T13:41:52.610439-07:00" - description: CloudCasa backup service for Kubernetes and cloud native applications - digest: 9bb36abfa6db450688840c60a4181791da4f4d637f5a48e7aee93238f4d471c1 - home: https://cloudcasa.io - icon: https://partner-charts.rancher.io/assets/logos/cloudcasa.png - keywords: - - backup - - Catalogic - - CloudCasa - kubeVersion: '>=1.13.0-0' - maintainers: - - email: info@catalogicsoftware.com - name: catalogicsoftware - name: cloudcasa - urls: - - assets/cloudcasa/cloudcasa-1.tgz - version: "1" - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/namespace: cloudcasa-io - catalog.cattle.io/release-name: cloudcasa - apiVersion: v2 - appVersion: 0.1.0 - created: "2021-06-25T13:41:52.607806-07:00" - description: CloudCasa backup service for Kubernetes and cloud native applications - digest: be87ab1b0e0e9c74998d5d3e5041f75ac732174389ee3bf68a3d8016aace786f - home: https://cloudcasa.io - icon: https://partner-charts.rancher.io/assets/logos/cloudcasa.png - keywords: - - backup - - Catalogic - - CloudCasa - kubeVersion: '>=1.13.0-0' - maintainers: - - email: info@catalogicsoftware.com - name: catalogicsoftware - name: cloudcasa - urls: - - assets/cloudcasa/cloudcasa-0.1.000.tgz - version: 0.1.000 - cockroachdb: - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: cockroachdb - apiVersion: v1 - appVersion: 20.1.3 - created: "2021-06-25T13:41:52.612363-07:00" - description: CockroachDB is a scalable, survivable, strongly-consistent SQL database. - digest: addd207fe564c88c8d64bfbcb262f593296fa5bdb3e1245a030ca83014532298 - home: https://www.cockroachlabs.com - icon: https://raw.githubusercontent.com/cockroachdb/cockroach/master/docs/media/cockroach_db.png - maintainers: - - email: helm-charts@cockroachlabs.com - name: cockroachlabs - name: cockroachdb - sources: - - https://github.com/cockroachdb/cockroach - urls: - - assets/cockroachdb/cockroachdb-4.1.200+up4.1.2.tgz - version: 4.1.200+up4.1.2 - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: cockroachdb - apiVersion: v1 - appVersion: 20.1.3 - created: "2021-06-25T13:41:52.613723-07:00" - description: CockroachDB is a scalable, survivable, strongly-consistent SQL database. - digest: ba272eab2f61dd699854035f1bfdfafb15cd0b99eefc2b8486702dc990202bea - home: https://www.cockroachlabs.com - icon: https://raw.githubusercontent.com/cockroachdb/cockroach/master/docs/media/cockroach_db.png - maintainers: - - email: helm-charts@cockroachlabs.com - name: cockroachlabs - name: cockroachdb - sources: - - https://github.com/cockroachdb/cockroach - urls: - - assets/cockroachdb/cockroachdb-4.1.200.tgz - version: 4.1.200 - control-agent: - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: streamsets - apiVersion: v1 - appVersion: 3.8.0 - created: "2021-06-25T13:41:52.667837-07:00" - description: Control Agent for managing StreamSets Control Hub Deployments - digest: 8a671458e983458f2a871ec232f334b30591d1c9343aee8e13f17410e72c73c6 - home: https://streamsets.com - icon: https://github.com/streamsets/datacollector/raw/master/basic-lib/src/main/resources/sdcipc.png - keywords: - - streamsets - - sdc - - sch - maintainers: - - email: thomas.ganka@streamsets.com - name: thomasganka - name: control-agent - sources: - - https://github.com/streamsets/helm-charts/tree/master/incubating/control-agent - urls: - - assets/streamsets/control-agent-2.0.100+up2.0.1.tgz - version: 2.0.100+up2.0.1 - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: streamsets - apiVersion: v1 - appVersion: 3.8.0 - created: "2021-06-25T13:41:52.66837-07:00" - description: Control Agent for managing StreamSets Control Hub Deployments - digest: 5289b93c60200cc9896b2e903c4143a8db1d312409ab86da5dc77df693bc395f - home: https://streamsets.com - icon: https://github.com/streamsets/datacollector/raw/master/basic-lib/src/main/resources/sdcipc.png - keywords: - - streamsets - - sdc - - sch - maintainers: - - email: thomas.ganka@streamsets.com - name: thomasganka - name: control-agent - sources: - - https://github.com/streamsets/helm-charts/tree/master/incubating/control-agent - urls: - - assets/streamsets/control-agent-2.0.100.tgz - version: 2.0.100 - cost-analyzer: - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: kubecost - apiVersion: v1 - appVersion: 1.70.0 - created: "2021-06-25T13:41:52.651822-07:00" - description: A Helm chart that sets up Kubecost, Prometheus, and Grafana to monitor - cloud costs. - digest: 4b1dade79ed90ac5c61c605685244044cbe7b65c185633306ff73528f17d9f82 - icon: https://kubecost.com/images/logo-white.png - name: cost-analyzer - urls: - - assets/kubecost/cost-analyzer-1.70.0.tgz - version: 1.70.0 - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: kubecost - apiVersion: v1 - appVersion: 1.70.0 - created: "2021-06-25T13:41:52.661814-07:00" - description: A Helm chart that sets up Kubecost, Prometheus, and Grafana to monitor - cloud costs. - digest: b633966fdce3fa9d0c899ff38b6090ac687ac1070000c2742e6834b7430c9975 - icon: https://kubecost.com/images/logo-white.png - name: cost-analyzer - urls: - - assets/kubecost/cost-analyzer-1.70.000.tgz - version: 1.70.000 - csi-wekafsplugin: - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: csi-wekafsplugin - apiVersion: v2 - appVersion: 0.6.4 - created: "2021-06-25T13:41:52.614214-07:00" - description: Helm chart for Deployment of WekaIO Container Storage Interface (CSI) - plugin for WekaFS - the world fastest filesystem - digest: 1660ef1d273936a795c766f42e978caecce4c157e88938aa92406b78b5b7a8aa - home: https://github.com/weka/csi-wekafs - icon: https://weka.github.io/csi-wekafs/logo.png - name: csi-wekafsplugin - sources: - - https://github.com/weka/csi-wekafs/tree/v0.6.4/deploy/helm/csi-wekafsplugin - type: application - urls: - - assets/csi-wekafs/csi-wekafsplugin-0.6.400+up0.6.4.tgz - version: 0.6.400+up0.6.4 - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: csi-wekafsplugin - apiVersion: v2 - appVersion: 0.6.4 - created: "2021-06-25T13:41:52.614688-07:00" - description: Helm chart for Deployment of WekaIO Container Storage Interface (CSI) - plugin for WekaFS - the world fastest filesystem - digest: 78feaf34b9a8d8cb5ddcf3928e5782ecb6da0d4de94bdfc9b65162be3e357a7d - home: https://github.com/weka/csi-wekafs - icon: https://weka.github.io/csi-wekafs/logo.png - name: csi-wekafsplugin - sources: - - https://github.com/weka/csi-wekafs/tree/v0.6.4/deploy/helm/csi-wekafsplugin - type: application - urls: - - assets/csi-wekafs/csi-wekafsplugin-0.6.400.tgz - version: 0.6.400 - datadog: - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: datadog - apiVersion: v1 - appVersion: "7" - created: "2021-06-25T13:41:52.618315-07:00" - dependencies: - - condition: datadog.kubeStateMetricsEnabled - name: kube-state-metrics - repository: file://./charts/kube-state-metrics - description: Datadog Agent - digest: 1f2bdfb7f12db718615678c98b8156b61230009be911300caedd5e0bc9a405ac - home: https://www.datadoghq.com - icon: https://datadog-live.imgix.net/img/dd_logo_70x75.png - keywords: - - monitoring - - alerting - - metric - maintainers: - - email: support@datadoghq.com - name: Datadog - name: datadog - sources: - - https://app.datadoghq.com/account/settings#agent/kubernetes - - https://github.com/DataDog/datadog-agent - urls: - - assets/datadog/datadog-2.4.200+up2.4.2.tgz - version: 2.4.200+up2.4.2 - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: datadog - apiVersion: v1 - appVersion: "7" - created: "2021-06-25T13:41:52.622371-07:00" - dependencies: - - condition: datadog.kubeStateMetricsEnabled - name: kube-state-metrics - repository: https://charts.helm.sh/stable - version: =2.8.11 - description: Datadog Agent - digest: 5e05f58feb6bd16390bd3ed6f668d830bf134efee0dbec4a441f16f16e3a4122 - home: https://www.datadoghq.com - icon: https://datadog-live.imgix.net/img/dd_logo_70x75.png - keywords: - - monitoring - - alerting - - metric - maintainers: - - email: support@datadoghq.com - name: Datadog - name: datadog - sources: - - https://app.datadoghq.com/account/settings#agent/kubernetes - - https://github.com/DataDog/datadog-agent - urls: - - assets/datadog/datadog-2.4.200.tgz - version: 2.4.200 - dynatrace-oneagent-operator: - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: dynatrace-oneagent-operator - apiVersion: v2 - appVersion: 0.8.0 - created: "2021-06-25T13:41:52.623661-07:00" - description: The Dynatrace OneAgent Operator Helm chart for Kubernetes and Openshift - digest: 73afd6694fa24baf12f090396f318edf85910529eade8e8521525aa7291ae38f - home: https://www.dynatrace.com/ - icon: https://assets.dynatrace.com/global/resources/Signet_Logo_RGB_CP_512x512px.png - maintainers: - - email: marco.mader@dynatrace.com - name: DTMad - - email: luis.garcia@dynatrace.com - name: lrgar - - email: michael.mayr@dynatrace.com - name: mmayr-at - name: dynatrace-oneagent-operator - sources: - - https://github.com/Dynatrace/helm-charts - type: application - urls: - - assets/dynatrace-oneagent-operator/dynatrace-oneagent-operator-0.8.0.tgz - version: 0.8.0 - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: dynatrace-oneagent-operator - apiVersion: v2 - appVersion: 0.8.0 - created: "2021-06-25T13:41:52.624931-07:00" - description: The Dynatrace OneAgent Operator Helm chart for Kubernetes and Openshift - digest: 7daf37239c0ca6f903d0e92bcb0ffff02584872f45e2e83822bb986dbf61ee58 - home: https://www.dynatrace.com/ - icon: https://assets.dynatrace.com/global/resources/Signet_Logo_RGB_CP_512x512px.png - maintainers: - - email: marco.mader@dynatrace.com - name: DTMad - - email: luis.garcia@dynatrace.com - name: lrgar - - email: michael.mayr@dynatrace.com - name: mmayr-at - name: dynatrace-oneagent-operator - sources: - - https://github.com/Dynatrace/helm-charts - type: application - urls: - - assets/dynatrace-oneagent-operator/dynatrace-oneagent-operator-0.8.000.tgz - version: 0.8.000 - falcon-sensor: - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: CrowdStrike Falcon Platform - catalog.cattle.io/release-name: falcon-helm - apiVersion: v2 - appVersion: 0.9.3 - created: "2021-06-25T13:41:52.625497-07:00" - description: A Helm chart to deploy CrowdStrike Falcon sensors into Kubernetes - clusters. - digest: 1038b8d518dc458933e3c8a87ccd9c3e0f92cc9fab3dd8d4214646e8c70e2774 - home: https://crowdstrike.com - icon: https://raw.githubusercontent.com/CrowdStrike/falcon-helm/main/images/crowdstrike-logo.svg - keywords: - - CrowdStrike - - Falcon - - EDR - - kubernetes - - security - - monitoring - - alerting - maintainers: - - name: CrowdStrike Solution Architecture - - email: gabriel.alford@crowdstrike.com - name: Gabe Alford - name: falcon-sensor - sources: - - https://github.com/CrowdStrike/falcon-helm - type: application - urls: - - assets/falcon-sensor/falcon-sensor-0.9.300+up0.9.3.tgz - version: 0.9.300+up0.9.3 - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: CrowdStrike Falcon Platform - catalog.cattle.io/release-name: falcon-helm - apiVersion: v2 - appVersion: 0.9.3 - created: "2021-06-25T13:41:52.626054-07:00" - description: A Helm chart to deploy CrowdStrike Falcon sensors into Kubernetes - clusters. - digest: cb98b5a7e6020ed2d06db01575e76b4cfd3e94549805323e65f551a832a1254a - home: https://crowdstrike.com - icon: https://raw.githubusercontent.com/CrowdStrike/falcon-helm/main/images/crowdstrike-logo.svg - keywords: - - CrowdStrike - - Falcon - - EDR - - kubernetes - - security - - monitoring - - alerting - maintainers: - - name: CrowdStrike Solution Architecture - - email: gabriel.alford@crowdstrike.com - name: Gabe Alford - name: falcon-sensor - sources: - - https://github.com/CrowdStrike/falcon-helm - type: application - urls: - - assets/falcon-sensor/falcon-sensor-0.9.300.tgz - version: 0.9.300 - federatorai: - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: Federator.ai - catalog.cattle.io/release-name: federatorai - apiVersion: v1 - appVersion: 4.5.1-ga - created: "2021-06-25T13:41:52.62702-07:00" - description: Federator.ai helps enterprises optimize cloud resources, maximize - application performance, and save significant cost without excessive over-provisioning - or under-provisioning of resources, meeting the service-level requirements of - their applications. - digest: 468180cf6828ee6294bc9cec6908f08df2c7092c70ee99d4a6f657940a582e9b - home: https://www.prophetstor.com - icon: https://raw.githubusercontent.com/prophetstor-ai/public/master/images/logo.png - keywords: - - AI - - Resource Orchestration - - NoOps - - AIOps - - Intelligent Workload Management - - Cost Optimization - maintainers: - - email: support@prophetstor.com - name: ProphetStor Data Services, Inc. - name: federatorai - sources: - - https://www.prophetstor.com - urls: - - assets/federatorai/federatorai-4.5.100+up4.5.1.tgz - version: 4.5.100+up4.5.1 - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: Federator.ai - catalog.cattle.io/release-name: federatorai - apiVersion: v1 - appVersion: 4.5.1-ga - created: "2021-06-25T13:41:52.627987-07:00" - description: Federator.ai helps enterprises optimize cloud resources, maximize - application performance, and save significant cost without excessive over-provisioning - or under-provisioning of resources, meeting the service-level requirements of - their applications. - digest: bb91267948c7571fcc0ff6604bf950a17da2b4704d31c6a0033ce444d2c0399b - home: https://www.prophetstor.com - icon: https://raw.githubusercontent.com/prophetstor-ai/public/master/images/logo.png - keywords: - - AI - - Resource Orchestration - - NoOps - - AIOps - - Intelligent Workload Management - - Cost Optimization - maintainers: - - email: support@prophetstor.com - name: ProphetStor Data Services, Inc. - name: federatorai - sources: - - https://www.prophetstor.com - urls: - - assets/federatorai/federatorai-4.5.100.tgz - version: 4.5.100 - haproxy: - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: haproxy - apiVersion: v1 - appVersion: 1.5.4 - created: "2021-06-25T13:41:52.631348-07:00" - description: A Helm chart for HAProxy Kubernetes Ingress Controller - digest: 0493bceb1fba08459acb768ab9cf13f5721187b31d0960a8ffe8566ea82d5994 - home: https://github.com/haproxytech/helm-charts/tree/master/kubernetes-ingress - icon: http://www.haproxy.org/img/HAProxyCommunityEdition_60px.png - keywords: - - ingress - - haproxy - kubeVersion: '>=1.12.0-0' - maintainers: - - email: mmhedhbi@haproxy.com - name: Moemen Mhedhbi - - email: bassmann@haproxy.com - name: Baptiste Assmann - - email: dkorunic@haproxy.com - name: Dinko Korunic - name: haproxy - sources: - - https://github.com/haproxytech/kubernetes-ingress - urls: - - assets/haproxy/haproxy-1.12.500+up1.12.5.tgz - version: 1.12.500+up1.12.5 - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: haproxy - apiVersion: v1 - appVersion: 1.5.4 - created: "2021-06-25T13:41:52.632682-07:00" - description: A Helm chart for HAProxy Kubernetes Ingress Controller - digest: fd110caa557e3b385d407578a4e7693429d5bc722d233f51f19ca58840372ca7 - home: https://github.com/haproxytech/helm-charts/tree/master/kubernetes-ingress - icon: http://www.haproxy.org/img/HAProxyCommunityEdition_60px.png - keywords: - - ingress - - haproxy - kubeVersion: '>=1.12.0-0' - maintainers: - - email: mmhedhbi@haproxy.com - name: Moemen Mhedhbi - - email: bassmann@haproxy.com - name: Baptiste Assmann - - email: dkorunic@haproxy.com - name: Dinko Korunic - name: haproxy - sources: - - https://github.com/haproxytech/kubernetes-ingress - urls: - - assets/haproxy/haproxy-1.12.500.tgz - version: 1.12.500 - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: haproxy - apiVersion: v1 - appVersion: 1.5.1 - created: "2021-06-25T13:41:52.629978-07:00" - description: A Helm chart for HAProxy Kubernetes Ingress Controller - digest: 29aa101f4851cac5b94d2de40c961d0f24c90bb361c0bf1bc17d3244ddf92046 - home: https://github.com/haproxytech/helm-charts/tree/master/kubernetes-ingress - icon: http://www.haproxy.org/img/HAProxyCommunityEdition_60px.png - keywords: - - ingress - - haproxy - kubeVersion: '>=1.12.0-0' - maintainers: - - email: mmhedhbi@haproxy.com - name: Moemen Mhedhbi - - email: bassmann@haproxy.com - name: Baptiste Assmann - - email: dkorunic@haproxy.com - name: Dinko Korunic - name: haproxy - sources: - - https://github.com/haproxytech/kubernetes-ingress - urls: - - assets/haproxy/haproxy-1.12.100.tgz - version: 1.12.100 - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: haproxy - apiVersion: v1 - appVersion: 1.4.6 - created: "2021-06-25T13:41:52.633781-07:00" - description: A Helm chart for HAProxy Kubernetes Ingress Controller - digest: f4b11d983e29c3748e04fba10d626277cc4c35c977a2bda016925a326af38b54 - home: https://github.com/haproxytech/helm-charts/tree/master/kubernetes-ingress - icon: http://www.haproxy.org/img/HAProxyCommunityEdition_60px.png - keywords: - - ingress - - haproxy - kubeVersion: '>=1.12.0-0' - maintainers: - - email: mmhedhbi@haproxy.com - name: Moemen Mhedhbi - - email: bassmann@haproxy.com - name: Baptiste Assmann - - email: dkorunic@haproxy.com - name: Dinko Korunic - name: haproxy - sources: - - https://github.com/haproxytech/kubernetes-ingress - urls: - - assets/haproxy/haproxy-1.4.300.tgz - version: 1.4.300 - hpe-csi-driver: - - annotations: - artifacthub.io/license: Apache-2.0 - artifacthub.io/links: | - - name: Documentation - url: https://scod.hpedev.io/csi_driver - artifacthub.io/prerelease: "false" - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: HPE CSI Driver for Kubernetes - catalog.cattle.io/release-name: hpe-csi-driver - apiVersion: v1 - appVersion: 2.0.0 - created: "2021-07-20T09:48:41.990223-07:00" - description: A Helm chart for installing the HPE CSI Driver for Kubernetes - digest: 50b4a0a0ded1373e043448cd9b041294a6d2f386c0d7945428cf5bfaf737da3d - home: https://hpe.com/storage/containers - icon: https://raw.githubusercontent.com/hpe-storage/co-deployments/master/docs/assets/hpedev.png - keywords: - - HPE - - Storage - - CSI - kubeVersion: 1.18 - 1.21 - maintainers: - - email: datamattsson@hpe.com - name: datamattsson - name: hpe-csi-driver - sources: - - https://github.com/hpe-storage/co-deployments - - https://github.com/hpe-storage/csi-driver - urls: - - assets/hpe-csi-driver/hpe-csi-driver-2.0.0.tgz - version: 2.0.0 - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: hpe-csi-driver - apiVersion: v1 - appVersion: 1.4.0 - created: "2021-06-25T13:41:52.635163-07:00" - description: A Helm chart for installing the HPE CSI Driver for Kubernetes - digest: b0807ec81771114cb12ce3f4014e0119e3c5ad71d9a14b2537e74d8e85261cfe - home: https://hpe.com/storage/containers - icon: https://raw.githubusercontent.com/hpe-storage/co-deployments/master/docs/assets/hpedev.png - keywords: - - HPE - - Storage - - StorageClass - maintainers: - - email: hpe-containers-dev@hpe.com - name: raunakkumar - name: hpe-csi-driver - sources: - - https://scod.hpedev.io/csi_driver - urls: - - assets/hpe-csi-driver/hpe-csi-driver-1.4.200+up1.4.2.tgz - version: 1.4.200+up1.4.2 - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: hpe-csi-driver - apiVersion: v1 - appVersion: 1.4.0 - created: "2021-06-25T13:41:52.635952-07:00" - description: A Helm chart for installing the HPE CSI Driver for Kubernetes - digest: 487dca3d6bdf6961bf29425945b40974667a67723d2a8d9edbca87285e628793 - home: https://hpe.com/storage/containers - icon: https://raw.githubusercontent.com/hpe-storage/co-deployments/master/docs/assets/hpedev.png - keywords: - - HPE - - Storage - - StorageClass - maintainers: - - email: hpe-containers-dev@hpe.com - name: raunakkumar - name: hpe-csi-driver - sources: - - https://scod.hpedev.io/csi_driver - urls: - - assets/hpe-csi-driver/hpe-csi-driver-1.4.200.tgz - version: 1.4.200 - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: hpe-csi-driver - apiVersion: v1 - appVersion: 1.3.0 - created: "2021-06-25T13:41:52.634386-07:00" - description: A Helm chart for installing the HPE CSI Driver for Kubernetes - digest: f5e5ce5e51d1b76ea667aca7e7689ccf9439825a30485fa2372ca0b9b86c7af0 - home: https://hpe.com/storage/containers - icon: https://raw.githubusercontent.com/hpe-storage/co-deployments/master/docs/assets/hpedev.png - keywords: - - HPE - - Storage - - StorageClass - - CentOS - - Ubuntu - - RHEL - maintainers: - - email: hpe-containers-dev@hpe.com - name: shivamerla - name: hpe-csi-driver - sources: - - https://scod.hpedev.io/csi_driver - urls: - - assets/hpe-csi-driver/hpe-csi-driver-1.3.000.tgz - version: 1.3.000 - hpe-flexvolume-driver: - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: hpe-flexvolume-driver - apiVersion: v1 - appVersion: "3.1" - created: "2021-06-25T13:41:52.636711-07:00" - description: A Helm chart for installing the HPE Volume Driver for Kubernetes - FlexVolume plugin - digest: 7c8d9a62cbe28c4f3047f36cd1f083aeedbf43d6a1fd066b34f0104521e78da0 - home: https://hpe.com/storage/containers - icon: https://raw.githubusercontent.com/hpe-storage/co-deployments/master/docs/assets/hpedev.png - keywords: - - HPE - - Storage - - StorageClass - - CentOS - - Ubuntu - - CloudVolumes - maintainers: - - email: hpe-containers-dev@hpe.com - name: shivamerla - name: hpe-flexvolume-driver - sources: - - https://github.com/hpe-storage/flexvolume-driver - urls: - - assets/hpe-flexvolume-driver/hpe-flexvolume-driver-3.1.0.tgz - version: 3.1.0 - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: hpe-flexvolume-driver - apiVersion: v1 - appVersion: "3.1" - created: "2021-06-25T13:41:52.637491-07:00" - description: A Helm chart for installing the HPE Volume Driver for Kubernetes - FlexVolume plugin - digest: 50fc38e25308bf32156bed37bd549a5855309ac69945ff402fbe5ea809f88ddc - home: https://hpe.com/storage/containers - icon: https://raw.githubusercontent.com/hpe-storage/co-deployments/master/docs/assets/hpedev.png - keywords: - - HPE - - Storage - - StorageClass - - CentOS - - Ubuntu - - CloudVolumes - maintainers: - - email: hpe-containers-dev@hpe.com - name: shivamerla - name: hpe-flexvolume-driver - sources: - - https://github.com/hpe-storage/flexvolume-driver - urls: - - assets/hpe-flexvolume-driver/hpe-flexvolume-driver-3.1.000.tgz - version: 3.1.000 - instana-agent: - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: instana-agent - apiVersion: v1 - appVersion: "1.1" - created: "2021-06-25T13:41:52.639008-07:00" - description: Instana Agent for Kubernetes - digest: a0113b93efd2fecf394e9357a61c85d322fb63559f3d2ca0250bf3cf05c5a0c7 - home: https://www.instana.com/ - icon: https://instana-management-assets.s3-eu-west-1.amazonaws.com/stan-logo-2020.png - maintainers: - - email: jon.brisbin@instana.com - name: jbrisbin - - email: william.james@instana.com - name: wiggzz - - email: jeroen.soeters@instana.com - name: JeroenSoeters - - email: fabian.staeber@instana.com - name: fstab - - email: miel.donkers@instana.com - name: mdonkers - - email: dahlia.bock@instana.com - name: dlbock - - email: nathan.fisher@instana.com - name: nfisher - name: instana-agent - sources: - - https://github.com/instana/instana-agent-docker - urls: - - assets/instana-agent/instana-agent-1.0.2900+up1.0.29.tgz - version: 1.0.2900+up1.0.29 - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: instana-agent - apiVersion: v1 - appVersion: "1.1" - created: "2021-06-25T13:41:52.639779-07:00" - description: Instana Agent for Kubernetes - digest: 164723f111d03fe67c775d916b0bdf29691b29005b8d93da7caa210cf43cab9c - home: https://www.instana.com/ - icon: https://instana-management-assets.s3-eu-west-1.amazonaws.com/stan-logo-2020.png - maintainers: - - email: jon.brisbin@instana.com - name: jbrisbin - - email: william.james@instana.com - name: wiggzz - - email: jeroen.soeters@instana.com - name: JeroenSoeters - - email: fabian.staeber@instana.com - name: fstab - - email: miel.donkers@instana.com - name: mdonkers - - email: dahlia.bock@instana.com - name: dlbock - - email: nathan.fisher@instana.com - name: nfisher - name: instana-agent - sources: - - https://github.com/instana/instana-agent-docker - urls: - - assets/instana-agent/instana-agent-1.0.2900.tgz - version: 1.0.2900 - k8s-triliovault-operator: - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: TrilioVault for Kubernetes Operator - catalog.cattle.io/release-name: k8s-triliovault-operator - apiVersion: v1 - appVersion: v2.0.5 - created: "2021-06-25T13:41:52.640442-07:00" - description: K8s-TrilioVault-Operator is an operator designed to manage the K8s-TrilioVault - Application Lifecycle. - digest: 3758440061264189ed831adf76968555571bdf10245839495f20bdf2f778617f - home: https://github.com/trilioData/k8s-triliovault-operator - icon: https://www.trilio.io/wp-content/uploads/2021/01/Trilio-2020-logo-RGB-gray-green.png - maintainers: - - email: prafull.ladha@trilio.io - name: prafull11 - name: k8s-triliovault-operator - sources: - - https://github.com/trilioData/k8s-triliovault-operator - urls: - - assets/k8s-triliovault-operator/k8s-triliovault-operator-2.0.500+upv2.0.5.tgz - version: 2.0.500+upv2.0.5 - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: TrilioVault for Kubernetes Operator - catalog.cattle.io/release-name: k8s-triliovault-operator - apiVersion: v1 - appVersion: v2.0.5 - created: "2021-06-25T13:41:52.641108-07:00" - description: K8s-TrilioVault-Operator is an operator designed to manage the K8s-TrilioVault - Application Lifecycle. - digest: e3272d943f70ec0c442c94920e4093fd0db9d1833711bcb8d23181f10098c000 - home: https://github.com/trilioData/k8s-triliovault-operator - icon: https://www.trilio.io/wp-content/uploads/2021/01/Trilio-2020-logo-RGB-gray-green.png - maintainers: - - email: prafull.ladha@trilio.io - name: prafull11 - name: k8s-triliovault-operator - sources: - - https://github.com/trilioData/k8s-triliovault-operator - urls: - - assets/k8s-triliovault-operator/k8s-triliovault-operator-2.0.500.tgz - version: 2.0.500 - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: k8s-triliovault-operator - apiVersion: v1 - appVersion: v2.0.2 - created: "2021-06-25T13:41:52.641799-07:00" - description: K8s-TrilioVault-Operator is an operator designed to manage the K8s-TrilioVault - Application Lifecycle. - digest: 24d6699876b92315e0b3ce5bd4f171f315ad2f963316e4d8d4e4f6993b3e9021 - home: https://github.com/trilioData/k8s-triliovault-operator - icon: https://www.trilio.io/wp-content/uploads/2021/01/Trilio-2020-logo-RGB-gray-green.png - maintainers: - - email: prafull.ladha@trilio.io - name: prafull11 - name: k8s-triliovault-operator - sources: - - https://github.com/trilioData/k8s-triliovault-operator - urls: - - assets/k8s-triliovault-operator/k8s-triliovault-operator-v2.0.200.tgz - version: v2.0.200 - neuvector: - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: NeuVector - catalog.cattle.io/release-name: neuvector - apiVersion: v1 - appVersion: 4.3.0 - created: "2021-08-02T15:35:14.114190933-07:00" - description: Helm chart for NeuVector's core services - digest: 83712258841482fa58044c211dace9008c30bdf818069118b344152132e3c29f - home: https://neuvector.com - icon: https://avatars2.githubusercontent.com/u/19367275?s=200&v=4 - keywords: - - security - kubeVersion: '>=1.13.0-0' - maintainers: - - email: support@neuvector.com - name: becitsthere - name: neuvector - urls: - - assets/neuvector/neuvector-1.8.0.tgz - version: 1.8.0 - nutanix-csi-storage: - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: nutanix-csi-storage - apiVersion: v1 - appVersion: 2.3.1 - created: "2021-06-25T13:41:52.662573-07:00" - description: A Helm chart for installing Nutanix CSI Volume Driver - digest: 4ad6c775cca775ff877072b7a72f5e5d3db8a053f2648a619d5f741cf12d30e8 - home: https://github.com/nutanix/helm - icon: https://avatars2.githubusercontent.com/u/6165865?s=200&v=4 - keywords: - - Nutanix - - Storage - - Volumes - - Files - - StorageClass - - CentOS - - Ubuntu - kubeVersion: '>= 1.13.0' - maintainers: - - name: tuxtof - name: nutanix-csi-storage - urls: - - assets/nutanix-csi-storage/nutanix-csi-storage-2.3.100+up2.3.1.tgz - version: 2.3.100+up2.3.1 - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: nutanix-csi-storage - apiVersion: v1 - appVersion: 2.3.1 - created: "2021-06-25T13:41:52.663308-07:00" - description: A Helm chart for installing Nutanix CSI Volume Driver - digest: 319009a424d1748dc5e7e32e3c0a424621f9555b3ccb0a583f204c561078ef29 - home: https://github.com/nutanix/helm - icon: https://avatars2.githubusercontent.com/u/6165865?s=200&v=4 - keywords: - - Nutanix - - Storage - - Volumes - - Files - - StorageClass - - CentOS - - Ubuntu - kubeVersion: '>= 1.13.0' - maintainers: - - name: tuxtof - name: nutanix-csi-storage - urls: - - assets/nutanix-csi-storage/nutanix-csi-storage-2.3.100.tgz - version: 2.3.100 - openebs: - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: OpenEBS - catalog.cattle.io/release-name: openebs - apiVersion: v2 - appVersion: 2.11.0 - created: "2021-08-04T11:40:41.40040755+05:30" - dependencies: - - condition: cstor.enabled - name: cstor - repository: file://./charts/cstor - - condition: jiva.enabled - name: jiva - repository: file://./charts/jiva - - condition: localpv-provisioner.enabled - name: localpv-provisioner - repository: file://./charts/localpv-provisioner - - condition: lvm-localpv.enabled - name: lvm-localpv - repository: file://./charts/lvm-localpv - - condition: openebs-ndm.enabled - name: openebs-ndm - repository: file://./charts/openebs-ndm - - condition: zfs-localpv.enabled - name: zfs-localpv - repository: file://./charts/zfs-localpv - description: Containerized Storage for Containers - digest: 0a9184ca9b440071b70aa8256ccc6838c2d5e161ef83bc6031a584fa09fda31c - home: http://www.openebs.io/ - icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/openebs/icon/color/openebs-icon-color.png - keywords: - - cloud-native-storage - - block-storage - - iSCSI - - storage - kubeVersion: '>=1.13.0-0' - maintainers: - - email: kiran.mova@openebs.io - name: kmova - - email: prateek.pandey@openebs.io - name: prateekpandey14 - name: openebs - sources: - - https://github.com/openebs/openebs - urls: - - assets/openebs/openebs-2.11.0.tgz - version: 2.11.0 - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: openebs - apiVersion: v1 - appVersion: 1.12.0 - created: "2021-06-25T13:41:52.664523-07:00" - description: Containerized Storage for Containers - digest: 5cc72c1053fcdc0d3e72a5710c742c4fdd72f70f5832d11872a3abb11f481e15 - home: http://www.openebs.io/ - icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/openebs/icon/color/openebs-icon-color.png - keywords: - - cloud-native-storage - - block-storage - - iSCSI - - storage - maintainers: - - email: kiran.mova@openebs.io - name: kmova - - email: prateek.pandey@openebs.io - name: prateekpandey14 - name: openebs - sources: - - https://github.com/openebs/openebs - urls: - - assets/openebs/openebs-1.12.300+up1.12.3.tgz - version: 1.12.300+up1.12.3 - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: openebs - apiVersion: v1 - appVersion: 1.12.0 - created: "2021-06-25T13:41:52.665735-07:00" - description: Containerized Storage for Containers - digest: fa46a4405ad4ad523d246d175bb48fc237c556bf606bb3d0af724920dc166bf6 - home: http://www.openebs.io/ - icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/openebs/icon/color/openebs-icon-color.png - keywords: - - cloud-native-storage - - block-storage - - iSCSI - - storage - maintainers: - - email: kiran.mova@openebs.io - name: kmova - - email: prateek.pandey@openebs.io - name: prateekpandey14 - name: openebs - sources: - - https://github.com/openebs/openebs - urls: - - assets/openebs/openebs-1.12.300.tgz - version: 1.12.300 - portshift-operator: - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: portshift-operator - apiVersion: v1 - appVersion: v0.1.3 - created: "2021-06-25T13:41:52.666705-07:00" - description: | - Portshift cloud-native security platform is an agentless security solution for containerized applications - digest: 96711eeb8decb98745252c1ce550befd2ae62a27d936a7fa08d6506c0db211b8 - home: https://www.portshift.io/ - icon: https://www.portshift.io/wp-content/uploads/2019/10/portshift-logo-68.png - keywords: - - portshift - - operator - - monitoring - - security - - alerting - - metric - - troubleshooting - - run-time - maintainers: - - email: idan@portshift.io - name: idan - name: portshift-operator - urls: - - assets/portshift-operator/portshift-operator-0.1.0.tgz - version: 0.1.0 - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: portshift-operator - apiVersion: v1 - appVersion: v0.1.3 - created: "2021-06-25T13:41:52.667286-07:00" - description: | - Portshift cloud-native security platform is an agentless security solution for containerized applications - digest: e332d44b698d4327c96780453f7de16e32e7b905e9f8797b05c02ba268536ed0 - home: https://www.portshift.io/ - icon: https://www.portshift.io/wp-content/uploads/2019/10/portshift-logo-68.png - keywords: - - portshift - - operator - - monitoring - - security - - alerting - - metric - - troubleshooting - - run-time - maintainers: - - email: idan@portshift.io - name: idan - name: portshift-operator - urls: - - assets/portshift-operator/portshift-operator-0.1.000.tgz - version: 0.1.000 - sysdig: - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: sysdig - apiVersion: v1 - appVersion: 10.3.0 - created: "2021-06-25T13:41:52.669652-07:00" - description: Sysdig Monitor and Secure agent - digest: feb7b93ec1cf3a8bac2255de2ca460fc20dd6c44a9e44bf02ada12cef4f67952 - home: https://www.sysdig.com/ - icon: https://478h5m1yrfsa3bbe262u7muv-wpengine.netdna-ssl.com/wp-content/uploads/2019/02/Shovel_600px.png - keywords: - - monitoring - - security - - alerting - - metric - - troubleshooting - - run-time - maintainers: - - email: lachlan@deis.com - name: lachie83 - - email: jorge.salamero@sysdig.com - name: bencer - - email: nestor.salceda@sysdig.com - name: nestorsalceda - - email: alvaro.iradier@sysdig.com - name: airadier - - email: carlos.arilla@sysdig.com - name: carillan81 - name: sysdig - sources: - - https://app.sysdigcloud.com/#/settings/user - - https://github.com/draios/sysdig - urls: - - assets/sysdig/sysdig-1.9.200+up1.9.2.tgz - version: 1.9.200+up1.9.2 - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/release-name: sysdig - apiVersion: v1 - appVersion: 10.3.0 - created: "2021-06-25T13:41:52.670903-07:00" - description: Sysdig Monitor and Secure agent - digest: 37cef38a742229947b02dfc764da69ec382b260e062372f2fb7cc3056a31790f - home: https://www.sysdig.com/ - icon: https://478h5m1yrfsa3bbe262u7muv-wpengine.netdna-ssl.com/wp-content/uploads/2019/02/Shovel_600px.png - keywords: - - monitoring - - security - - alerting - - metric - - troubleshooting - - run-time - maintainers: - - email: lachlan@deis.com - name: lachie83 - - email: jorge.salamero@sysdig.com - name: bencer - - email: nestor.salceda@sysdig.com - name: nestorsalceda - - email: alvaro.iradier@sysdig.com - name: airadier - - email: carlos.arilla@sysdig.com - name: carillan81 - name: sysdig - sources: - - https://app.sysdigcloud.com/#/settings/user - - https://github.com/draios/sysdig - urls: - - assets/sysdig/sysdig-1.9.200.tgz - version: 1.9.200 - universal-crossplane: - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: Upbound Universal Crossplane - catalog.cattle.io/release-name: universal-crossplane - apiVersion: v1 - appVersion: 1.2.2001 - created: "2021-06-25T13:41:52.672052-07:00" - description: 'Upbound Universal Crossplane (UXP) is Upbound''s official enterprise-grade - distribution of Crossplane. It''s fully compatible with upstream Crossplane, - open source, capable of connecting to Upbound Cloud for real-time dashboard - visibility, and maintained by Upbound. It''s the easiest way for both individual - community members and enterprises to build their production control planes. ' - digest: 126b2335aba4c2b699d64b15839a56b3dad51c25d83fcbce4123b9755c69f180 - home: https://upbound.io - icon: https://raw.githubusercontent.com/upbound/universal-crossplane/66ce9eb2c5a0c3af8ed7d19551a2c4d743b933b9/docs/media/logo.png - keywords: - - cloud - - infrastructure - - services - - application - - database - - cache - - bucket - - infra - - app - - ops - - oam - - gcp - - azure - - aws - - alibaba - - cloudsql - - rds - - s3 - - azuredatabase - - asparadb - - gke - - aks - - eks - maintainers: - - email: info@upbound.io - name: Upbound Inc. - name: universal-crossplane - urls: - - assets/universal-crossplane/universal-crossplane-1.2.200100+up1.2.2-up.1.tgz - version: 1.2.200100+up1.2.2-up.1 - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: Upbound Universal Crossplane - catalog.cattle.io/release-name: universal-crossplane - apiVersion: v1 - appVersion: 1.2.2001 - created: "2021-06-25T13:41:52.673298-07:00" - description: 'Upbound Universal Crossplane (UXP) is Upbound''s official enterprise-grade - distribution of Crossplane. It''s fully compatible with upstream Crossplane, - open source, capable of connecting to Upbound Cloud for real-time dashboard - visibility, and maintained by Upbound. It''s the easiest way for both individual - community members and enterprises to build their production control planes. ' - digest: 3c1dfa0f7f6181ab4101f23c41aadddb330484a1d6f48efcbbd523c6cf92eec9 - home: https://upbound.io - icon: https://raw.githubusercontent.com/upbound/universal-crossplane/66ce9eb2c5a0c3af8ed7d19551a2c4d743b933b9/docs/media/logo.png - keywords: - - cloud - - infrastructure - - services - - application - - database - - cache - - bucket - - infra - - app - - ops - - oam - - gcp - - azure - - aws - - alibaba - - cloudsql - - rds - - s3 - - azuredatabase - - asparadb - - gke - - aks - - eks - maintainers: - - email: info@upbound.io - name: Upbound Inc. - name: universal-crossplane - urls: - - assets/universal-crossplane/universal-crossplane-1.2.200100.tgz - version: 1.2.200100 -generated: "2021-06-25T13:41:52.522989-07:00" From 2e1d11ad69ed553f8925928f63848fe8c1d0323c Mon Sep 17 00:00:00 2001 From: Arvind Iyengar Date: Wed, 18 Aug 2021 11:45:22 -0700 Subject: [PATCH 2/9] Add back in assets from main branch --- assets/ambassador/ambassador-6.7.1100.tgz | Bin 0 -> 53609 bytes .../artifactory-ha-3.0.1400.tgz | Bin 0 -> 146674 bytes .../artifactory-ha-4.13.000.tgz | Bin 0 -> 158049 bytes .../artifactory-ha/artifactory-ha-4.7.600.tgz | Bin 0 -> 156835 bytes .../artifactory-jcr-2.5.100.tgz | Bin 0 -> 144516 bytes .../artifactory-jcr-3.4.000.tgz | Bin 0 -> 154564 bytes ...trix-adc-istio-ingress-gateway-1.2.100.tgz | Bin 0 -> 9482 bytes ...x-cpx-with-ingress-controller-1.8.2800.tgz | Bin 0 -> 16365 bytes assets/cloudcasa/cloudcasa-0.1.000.tgz | Bin 0 -> 25878 bytes assets/cloudcasa/cloudcasa-1.tgz | Bin 0 -> 25887 bytes assets/cockroachdb/cockroachdb-4.1.200.tgz | Bin 0 -> 20191 bytes .../csi-wekafs/csi-wekafsplugin-0.6.400.tgz | Bin 0 -> 4769 bytes assets/datadog/datadog-2.4.200.tgz | Bin 0 -> 47754 bytes .../dynatrace-oneagent-operator-0.8.000.tgz | Bin 0 -> 30369 bytes .../falcon-sensor/falcon-sensor-0.9.300.tgz | Bin 0 -> 6457 bytes assets/federatorai/federatorai-4.5.100.tgz | Bin 0 -> 17200 bytes assets/haproxy/haproxy-1.12.100.tgz | Bin 0 -> 12185 bytes assets/haproxy/haproxy-1.12.500.tgz | Bin 0 -> 12583 bytes assets/haproxy/haproxy-1.4.300.tgz | Bin 0 -> 10529 bytes .../hpe-csi-driver/hpe-csi-driver-1.3.000.tgz | Bin 0 -> 9098 bytes .../hpe-csi-driver/hpe-csi-driver-1.4.200.tgz | Bin 0 -> 12871 bytes .../hpe-flexvolume-driver-3.1.000.tgz | Bin 0 -> 8836 bytes .../instana-agent/instana-agent-1.0.2900.tgz | Bin 0 -> 10460 bytes .../k8s-triliovault-operator-2.0.500.tgz | Bin 0 -> 9220 bytes .../k8s-triliovault-operator-v2.0.200.tgz | Bin 0 -> 12362 bytes assets/kubecost/cost-analyzer-1.70.000.tgz | Bin 0 -> 107869 bytes assets/logos/cloudcasa.png | Bin 0 -> 21688 bytes .../nutanix-csi-storage-2.3.100.tgz | Bin 0 -> 11370 bytes assets/openebs/openebs-1.12.300.tgz | Bin 0 -> 12558 bytes .../portshift-operator-0.1.000.tgz | Bin 0 -> 3392 bytes assets/streamsets/control-agent-2.0.100.tgz | Bin 0 -> 5071 bytes assets/sysdig/sysdig-1.9.200.tgz | Bin 0 -> 17705 bytes .../universal-crossplane-1.2.200100.tgz | Bin 0 -> 11597 bytes .../ambassador/6.7.1100/.helmignore | 23 + .../ambassador/6.7.1100/CHANGELOG.md | 528 ++ .../ambassador/6.7.1100/CONTRIBUTING.md | 23 + .../ambassador/ambassador/6.7.1100/Chart.yaml | 28 + .../ambassador/ambassador/6.7.1100/Makefile | 37 + .../ambassador/ambassador/6.7.1100/README.md | 478 ++ .../ambassador/6.7.1100/RELEASE.tpl | 8 + .../ambassador/6.7.1100/RELEASE_TITLE.tpl | 1 + .../ambassador/6.7.1100/app-readme.md | 13 + .../ambassador/6.7.1100/ci/01-psp-values.yaml | 40 + .../ambassador/6.7.1100/ci/02-oss-values.yaml | 8 + .../6.7.1100/ci/05-auth-disabled-values.yaml | 8 + .../ambassador/6.7.1100/ci/06-hpa-values.yaml | 8 + .../ci/08-single-namespace-values.yaml | 8 + .../6.7.1100/ci/09-redis-false-values.yaml | 9 + .../6.7.1100/ci/12-daemonset-values.yaml | 7 + .../6.7.1100/ci/13-rl-disabled-values.yaml | 8 + .../6.7.1100/ci/14-deployment-labels.yaml | 3 + .../6.7.1100/ci/15-test-resolvers.yaml | 11 + .../6.7.1100/ci/16-test-module.yaml | 9 + .../6.7.1100/ci/17-svc-preview.yaml | 5 + .../6.7.1100/ci/check_updated_changelog.sh | 21 + .../6.7.1100/ci/tests/manifests/backend.yaml | 47 + .../ci/tests/manifests/ci-default-values.yaml | 9 + .../ci/tests/manifests/helm-init.yaml | 18 + .../ci/tests/manifests/helm2-values.yaml | 6 + .../6.7.1100/ci/tests/manifests/tls.yaml | 18 + .../6.7.1100/ci/update_chart_changelog.sh | 53 + .../ambassador/6.7.1100/crds/filter.yaml | 27 + .../6.7.1100/crds/filterpolicy.yaml | 27 + .../crds/getambassador.io_authservices.yaml | 115 + .../getambassador.io_consulresolvers.yaml | 58 + .../crds/getambassador.io_devportals.yaml | 109 + .../6.7.1100/crds/getambassador.io_hosts.yaml | 246 + ...ssador.io_kubernetesendpointresolvers.yaml | 54 + ...assador.io_kubernetesserviceresolvers.yaml | 54 + .../crds/getambassador.io_logservices.yaml | 83 + .../crds/getambassador.io_mappings.yaml | 431 ++ .../crds/getambassador.io_modules.yaml | 56 + .../getambassador.io_ratelimitservices.yaml | 72 + .../crds/getambassador.io_tcpmappings.yaml | 102 + .../crds/getambassador.io_tlscontexts.yaml | 100 + .../getambassador.io_tracingservices.yaml | 101 + .../ambassador/6.7.1100/crds/project.yaml | 34 + .../6.7.1100/crds/projectcontroller.yaml | 24 + .../6.7.1100/crds/projectrevision.yaml | 40 + .../ambassador/6.7.1100/crds/ratelimit.yaml | 27 + charts/ambassador/ambassador/6.7.1100/ct.yaml | 37 + .../ambassador/6.7.1100/questions.yml | 84 + .../ambassador/6.7.1100/templates/NOTES.txt | 60 + .../6.7.1100/templates/_helpers.tpl | 117 + .../6.7.1100/templates/admin-service.yaml | 64 + .../6.7.1100/templates/aes-authservice.yaml | 33 + .../6.7.1100/templates/aes-injector.yaml | 161 + .../6.7.1100/templates/aes-internal.yaml | 129 + .../6.7.1100/templates/aes-ratelimit.yaml | 29 + .../6.7.1100/templates/aes-redis.yaml | 106 + .../6.7.1100/templates/aes-secret.yaml | 21 + .../6.7.1100/templates/ambassador-agent.yaml | 371 ++ .../ambassador/6.7.1100/templates/config.yaml | 20 + .../6.7.1100/templates/crd-delete.yaml | 123 + .../ambassador/6.7.1100/templates/crds.yaml | 6 + .../6.7.1100/templates/deployment.yaml | 282 + .../6.7.1100/templates/exporter-config.yaml | 23 + .../ambassador/6.7.1100/templates/hpa.yaml | 26 + .../ambassador/6.7.1100/templates/module.yaml | 29 + .../6.7.1100/templates/namespace.yaml | 8 + .../templates/oss-migration-test-service.yaml | 33 + .../ambassador/6.7.1100/templates/pdb.yaml | 23 + .../6.7.1100/templates/podsecuritypolicy.yaml | 25 + .../6.7.1100/templates/projects-rbac.yaml | 75 + .../6.7.1100/templates/projects.yaml | 412 ++ .../ambassador/6.7.1100/templates/rbac.yaml | 200 + .../6.7.1100/templates/resolvers.yaml | 45 + .../6.7.1100/templates/service.yaml | 81 + .../6.7.1100/templates/serviceaccount.yaml | 24 + .../6.7.1100/templates/servicemonitor.yaml | 28 + .../6.7.1100/templates/tests/test-ready.yaml | 24 + .../templates/traffic-agent-rbac.yaml | 135 + .../6.7.1100/templates/traffic-manager.yaml | 190 + .../ambassador/6.7.1100/values.yaml | 521 ++ .../artifactory-ha/3.0.1400/.helmignore | 22 + .../artifactory-ha/3.0.1400/CHANGELOG.md | 830 +++ .../artifactory-ha/3.0.1400/Chart.yaml | 29 + .../artifactory-ha/3.0.1400/LICENSE | 201 + .../artifactory-ha/3.0.1400/README.md | 1587 +++++ .../3.0.1400/ReverseProxyConfiguration.md | 140 + .../artifactory-ha/3.0.1400/UPGRADE_NOTES.md | 38 + .../artifactory-ha/3.0.1400/app-readme.md | 16 + .../3.0.1400/charts/postgresql/.helmignore | 21 + .../3.0.1400/charts/postgresql/Chart.yaml | 22 + .../3.0.1400/charts/postgresql/README.md | 576 ++ .../charts/postgresql/ci/default-values.yaml | 1 + .../ci/shmvolume-disabled-values.yaml | 2 + .../charts/postgresql/files/README.md | 1 + .../charts/postgresql/files/conf.d/README.md | 4 + .../docker-entrypoint-initdb.d/README.md | 3 + .../charts/postgresql/templates/NOTES.txt | 60 + .../charts/postgresql/templates/_helpers.tpl | 420 ++ .../postgresql/templates/configmap.yaml | 26 + .../templates/extended-config-configmap.yaml | 21 + .../templates/initialization-configmap.yaml | 24 + .../templates/metrics-configmap.yaml | 13 + .../postgresql/templates/metrics-svc.yaml | 26 + .../postgresql/templates/networkpolicy.yaml | 38 + .../postgresql/templates/prometheusrule.yaml | 23 + .../charts/postgresql/templates/secrets.yaml | 23 + .../postgresql/templates/serviceaccount.yaml | 11 + .../postgresql/templates/servicemonitor.yaml | 33 + .../templates/statefulset-slaves.yaml | 299 + .../postgresql/templates/statefulset.yaml | 453 ++ .../postgresql/templates/svc-headless.yaml | 19 + .../charts/postgresql/templates/svc-read.yaml | 42 + .../charts/postgresql/templates/svc.yaml | 40 + .../charts/postgresql/values-production.yaml | 542 ++ .../charts/postgresql/values.schema.json | 103 + .../3.0.1400/charts/postgresql/values.yaml | 548 ++ .../3.0.1400/ci/access-tls-values.yaml | 9 + .../3.0.1400/ci/default-values.yaml | 6 + .../ci/migration-disabled-values.yaml | 5 + .../3.0.1400/ci/test-values.yaml | 14 + .../artifactory-ha/3.0.1400/files/migrate.sh | 4339 +++++++++++++ .../3.0.1400/files/migrationHelmInfo.yaml | 32 + .../3.0.1400/files/migrationStatus.sh | 44 + .../3.0.1400/logo/artifactory-logo.png | Bin 0 -> 12877 bytes .../artifactory-ha/3.0.1400/questions.yml | 424 ++ .../artifactory-ha/3.0.1400/requirements.lock | 6 + .../artifactory-ha/3.0.1400/requirements.yaml | 5 + .../3.0.1400/templates/NOTES.txt | 118 + .../3.0.1400/templates/_helpers.tpl | 127 + .../templates/admin-bootstrap-creds.yaml | 15 + .../templates/artifactory-access-config.yaml | 15 + .../artifactory-binarystore-secret.yaml | 14 + .../templates/artifactory-configmaps.yaml | 13 + .../templates/artifactory-custom-secrets.yaml | 19 + .../artifactory-database-secrets.yaml | 22 + .../artifactory-gcp-credentials-secret.yaml | 16 + .../templates/artifactory-installer-info.yaml | 12 + .../templates/artifactory-license-secret.yaml | 14 + .../artifactory-migration-scripts.yaml | 18 + .../templates/artifactory-networkpolicy.yaml | 34 + .../templates/artifactory-nfs-pvc.yaml | 101 + .../templates/artifactory-node-pdb.yaml | 20 + .../artifactory-node-statefulset.yaml | 711 +++ .../artifactory-primary-statefulset.yaml | 835 +++ .../templates/artifactory-priority-class.yaml | 9 + .../3.0.1400/templates/artifactory-role.yaml | 14 + .../templates/artifactory-rolebinding.yaml | 19 + .../templates/artifactory-secrets.yaml | 17 + .../templates/artifactory-service.yaml | 107 + .../templates/artifactory-serviceaccount.yaml | 16 + .../templates/artifactory-storage-pvc.yaml | 27 + .../templates/artifactory-system-yaml.yaml | 14 + .../templates/filebeat-configmap.yaml | 15 + .../3.0.1400/templates/ingress.yaml | 102 + .../3.0.1400/templates/logger-configmap.yaml | 63 + .../templates/nginx-artifactory-conf.yaml | 14 + .../templates/nginx-certificate-secret.yaml | 14 + .../3.0.1400/templates/nginx-conf.yaml | 14 + .../3.0.1400/templates/nginx-deployment.yaml | 192 + .../3.0.1400/templates/nginx-pdb.yaml | 19 + .../3.0.1400/templates/nginx-pvc.yaml | 26 + .../3.0.1400/templates/nginx-service.yaml | 79 + .../artifactory-ha/3.0.1400/values-large.yaml | 24 + .../3.0.1400/values-medium.yaml | 24 + .../artifactory-ha/3.0.1400/values-small.yaml | 24 + .../artifactory-ha/3.0.1400/values.yaml | 1551 +++++ .../artifactory-ha/4.13.000/.helmignore | 22 + .../artifactory-ha/4.13.000/CHANGELOG.md | 1048 +++ .../artifactory-ha/4.13.000/Chart.yaml | 19 + .../artifactory-ha/4.13.000/LICENSE | 201 + .../artifactory-ha/4.13.000/README.md | 1267 ++++ .../4.13.000/ReverseProxyConfiguration.md | 140 + .../artifactory-ha/4.13.000/UPGRADE_NOTES.md | 42 + .../artifactory-ha/4.13.000/app-readme.md | 16 + .../4.13.000/charts/postgresql/.helmignore | 21 + .../4.13.000/charts/postgresql/Chart.yaml | 23 + .../4.13.000/charts/postgresql/README.md | 680 ++ .../postgresql/charts/common/.helmignore | 22 + .../postgresql/charts/common/Chart.yaml | 20 + .../charts/postgresql/charts/common/README.md | 274 + .../charts/common/templates/_capabilities.tpl | 22 + .../charts/common/templates/_errors.tpl | 20 + .../charts/common/templates/_images.tpl | 43 + .../charts/common/templates/_labels.tpl | 18 + .../charts/common/templates/_names.tpl | 32 + .../charts/common/templates/_secrets.tpl | 49 + .../charts/common/templates/_storage.tpl | 23 + .../charts/common/templates/_tplvalues.tpl | 13 + .../charts/common/templates/_utils.tpl | 26 + .../charts/common/templates/_validations.tpl | 219 + .../charts/common/templates/_warnings.tpl | 14 + .../postgresql/charts/common/values.yaml | 3 + .../postgresql/ci/commonAnnotations.yaml | 3 + .../charts/postgresql/ci/default-values.yaml | 1 + .../ci/shmvolume-disabled-values.yaml | 2 + .../charts/postgresql/files/README.md | 1 + .../charts/postgresql/files/conf.d/README.md | 4 + .../docker-entrypoint-initdb.d/README.md | 3 + .../charts/postgresql/requirements.lock | 6 + .../charts/postgresql/requirements.yaml | 4 + .../charts/postgresql/templates/NOTES.txt | 59 + .../charts/postgresql/templates/_helpers.tpl | 501 ++ .../postgresql/templates/configmap.yaml | 26 + .../templates/extended-config-configmap.yaml | 21 + .../templates/initialization-configmap.yaml | 24 + .../templates/metrics-configmap.yaml | 13 + .../postgresql/templates/metrics-svc.yaml | 25 + .../postgresql/templates/networkpolicy.yaml | 36 + .../templates/podsecuritypolicy.yaml | 37 + .../postgresql/templates/prometheusrule.yaml | 23 + .../charts/postgresql/templates/role.yaml | 19 + .../postgresql/templates/rolebinding.yaml | 19 + .../charts/postgresql/templates/secrets.yaml | 23 + .../postgresql/templates/serviceaccount.yaml | 11 + .../postgresql/templates/servicemonitor.yaml | 33 + .../templates/statefulset-slaves.yaml | 345 + .../postgresql/templates/statefulset.yaml | 514 ++ .../postgresql/templates/svc-headless.yaml | 18 + .../charts/postgresql/templates/svc-read.yaml | 42 + .../charts/postgresql/templates/svc.yaml | 40 + .../charts/postgresql/values-production.yaml | 594 ++ .../charts/postgresql/values.schema.json | 103 + .../4.13.000/charts/postgresql/values.yaml | 600 ++ .../4.13.000/ci/access-tls-values.yaml | 11 + .../4.13.000/ci/default-values.yaml | 9 + .../4.13.000/ci/global-values.yaml | 47 + .../ci/migration-disabled-values.yaml | 8 + .../4.13.000/ci/test-values.yaml | 12 + .../artifactory-ha/4.13.000/files/migrate.sh | 4339 +++++++++++++ .../4.13.000/files/migrationHelmInfo.yaml | 32 + .../4.13.000/files/migrationStatus.sh | 44 + .../4.13.000/logo/artifactory-logo.png | Bin 0 -> 12877 bytes .../artifactory-ha/4.13.000/questions.yml | 424 ++ .../artifactory-ha/4.13.000/requirements.lock | 6 + .../artifactory-ha/4.13.000/requirements.yaml | 5 + .../4.13.000/security-mitigation.yaml | 20 + .../4.13.000/templates/NOTES.txt | 118 + .../4.13.000/templates/_helpers.tpl | 302 + .../templates/additional-resources.yaml | 3 + .../templates/admin-bootstrap-creds.yaml | 15 + .../templates/artifactory-access-config.yaml | 15 + .../artifactory-binarystore-secret.yaml | 14 + .../templates/artifactory-configmaps.yaml | 13 + .../templates/artifactory-custom-secrets.yaml | 19 + .../artifactory-database-secrets.yaml | 22 + .../artifactory-gcp-credentials-secret.yaml | 16 + .../templates/artifactory-installer-info.yaml | 12 + .../templates/artifactory-license-secret.yaml | 14 + .../artifactory-migration-scripts.yaml | 18 + .../templates/artifactory-networkpolicy.yaml | 34 + .../templates/artifactory-nfs-pvc.yaml | 101 + .../templates/artifactory-node-pdb.yaml | 20 + .../artifactory-node-statefulset.yaml | 777 +++ .../templates/artifactory-primary-pdb.yaml | 20 + .../artifactory-primary-statefulset.yaml | 897 +++ .../templates/artifactory-priority-class.yaml | 9 + .../4.13.000/templates/artifactory-role.yaml | 14 + .../templates/artifactory-rolebinding.yaml | 19 + .../templates/artifactory-secrets.yaml | 21 + .../templates/artifactory-service.yaml | 109 + .../templates/artifactory-serviceaccount.yaml | 16 + .../templates/artifactory-storage-pvc.yaml | 27 + .../templates/artifactory-system-yaml.yaml | 16 + .../templates/filebeat-configmap.yaml | 15 + .../4.13.000/templates/ingress.yaml | 149 + .../4.13.000/templates/logger-configmap.yaml | 63 + .../templates/nginx-artifactory-conf.yaml | 14 + .../templates/nginx-certificate-secret.yaml | 14 + .../4.13.000/templates/nginx-conf.yaml | 14 + .../4.13.000/templates/nginx-deployment.yaml | 217 + .../4.13.000/templates/nginx-pdb.yaml | 19 + .../4.13.000/templates/nginx-pvc.yaml | 26 + .../4.13.000/templates/nginx-service.yaml | 79 + .../artifactory-ha/4.13.000/values-large.yaml | 24 + .../4.13.000/values-medium.yaml | 24 + .../artifactory-ha/4.13.000/values-small.yaml | 24 + .../artifactory-ha/4.13.000/values.yaml | 1710 +++++ .../artifactory-ha/4.7.600/.helmignore | 22 + .../artifactory-ha/4.7.600/CHANGELOG.md | 989 +++ .../artifactory-ha/4.7.600/Chart.yaml | 20 + .../artifactory-ha/4.7.600/LICENSE | 201 + .../artifactory-ha/4.7.600/README.md | 1267 ++++ .../4.7.600/ReverseProxyConfiguration.md | 140 + .../artifactory-ha/4.7.600/UPGRADE_NOTES.md | 42 + .../artifactory-ha/4.7.600/app-readme.md | 16 + .../4.7.600/charts/postgresql/.helmignore | 21 + .../4.7.600/charts/postgresql/Chart.yaml | 23 + .../4.7.600/charts/postgresql/README.md | 680 ++ .../postgresql/charts/common/.helmignore | 22 + .../postgresql/charts/common/Chart.yaml | 20 + .../charts/postgresql/charts/common/README.md | 274 + .../charts/common/templates/_capabilities.tpl | 22 + .../charts/common/templates/_errors.tpl | 20 + .../charts/common/templates/_images.tpl | 43 + .../charts/common/templates/_labels.tpl | 18 + .../charts/common/templates/_names.tpl | 32 + .../charts/common/templates/_secrets.tpl | 49 + .../charts/common/templates/_storage.tpl | 23 + .../charts/common/templates/_tplvalues.tpl | 13 + .../charts/common/templates/_utils.tpl | 26 + .../charts/common/templates/_validations.tpl | 219 + .../charts/common/templates/_warnings.tpl | 14 + .../postgresql/charts/common/values.yaml | 3 + .../postgresql/ci/commonAnnotations.yaml | 3 + .../charts/postgresql/ci/default-values.yaml | 1 + .../ci/shmvolume-disabled-values.yaml | 2 + .../4.7.600/charts/postgresql/files/README.md | 1 + .../charts/postgresql/files/conf.d/README.md | 4 + .../docker-entrypoint-initdb.d/README.md | 3 + .../charts/postgresql/requirements.lock | 6 + .../charts/postgresql/requirements.yaml | 4 + .../charts/postgresql/templates/NOTES.txt | 59 + .../charts/postgresql/templates/_helpers.tpl | 501 ++ .../postgresql/templates/configmap.yaml | 26 + .../templates/extended-config-configmap.yaml | 21 + .../templates/initialization-configmap.yaml | 24 + .../templates/metrics-configmap.yaml | 13 + .../postgresql/templates/metrics-svc.yaml | 25 + .../postgresql/templates/networkpolicy.yaml | 36 + .../templates/podsecuritypolicy.yaml | 37 + .../postgresql/templates/prometheusrule.yaml | 23 + .../charts/postgresql/templates/role.yaml | 19 + .../postgresql/templates/rolebinding.yaml | 19 + .../charts/postgresql/templates/secrets.yaml | 23 + .../postgresql/templates/serviceaccount.yaml | 11 + .../postgresql/templates/servicemonitor.yaml | 33 + .../templates/statefulset-slaves.yaml | 345 + .../postgresql/templates/statefulset.yaml | 514 ++ .../postgresql/templates/svc-headless.yaml | 18 + .../charts/postgresql/templates/svc-read.yaml | 42 + .../charts/postgresql/templates/svc.yaml | 40 + .../charts/postgresql/values-production.yaml | 594 ++ .../charts/postgresql/values.schema.json | 103 + .../4.7.600/charts/postgresql/values.yaml | 600 ++ .../4.7.600/ci/access-tls-values.yaml | 13 + .../4.7.600/ci/default-values.yaml | 9 + .../4.7.600/ci/global-values.yaml | 47 + .../4.7.600/ci/migration-disabled-values.yaml | 8 + .../4.7.600/ci/test-values.yaml | 14 + .../artifactory-ha/4.7.600/files/migrate.sh | 4339 +++++++++++++ .../4.7.600/files/migrationHelmInfo.yaml | 32 + .../4.7.600/files/migrationStatus.sh | 44 + .../4.7.600/logo/artifactory-logo.png | Bin 0 -> 12877 bytes .../artifactory-ha/4.7.600/questions.yml | 424 ++ .../artifactory-ha/4.7.600/requirements.lock | 6 + .../artifactory-ha/4.7.600/requirements.yaml | 5 + .../4.7.600/security-mitigation.yaml | 20 + .../4.7.600/templates/NOTES.txt | 118 + .../4.7.600/templates/_helpers.tpl | 292 + .../templates/additional-resources.yaml | 3 + .../templates/admin-bootstrap-creds.yaml | 15 + .../templates/artifactory-access-config.yaml | 15 + .../artifactory-binarystore-secret.yaml | 14 + .../templates/artifactory-configmaps.yaml | 13 + .../templates/artifactory-custom-secrets.yaml | 19 + .../artifactory-database-secrets.yaml | 22 + .../artifactory-gcp-credentials-secret.yaml | 16 + .../templates/artifactory-installer-info.yaml | 12 + .../templates/artifactory-license-secret.yaml | 14 + .../artifactory-migration-scripts.yaml | 18 + .../templates/artifactory-networkpolicy.yaml | 34 + .../templates/artifactory-nfs-pvc.yaml | 101 + .../templates/artifactory-node-pdb.yaml | 20 + .../artifactory-node-statefulset.yaml | 736 +++ .../templates/artifactory-primary-pdb.yaml | 20 + .../artifactory-primary-statefulset.yaml | 862 +++ .../templates/artifactory-priority-class.yaml | 9 + .../4.7.600/templates/artifactory-role.yaml | 14 + .../templates/artifactory-rolebinding.yaml | 19 + .../templates/artifactory-secrets.yaml | 21 + .../templates/artifactory-service.yaml | 109 + .../templates/artifactory-serviceaccount.yaml | 16 + .../templates/artifactory-storage-pvc.yaml | 27 + .../templates/artifactory-system-yaml.yaml | 16 + .../4.7.600/templates/filebeat-configmap.yaml | 15 + .../4.7.600/templates/ingress.yaml | 149 + .../4.7.600/templates/logger-configmap.yaml | 63 + .../templates/nginx-artifactory-conf.yaml | 14 + .../templates/nginx-certificate-secret.yaml | 14 + .../4.7.600/templates/nginx-conf.yaml | 14 + .../4.7.600/templates/nginx-deployment.yaml | 201 + .../4.7.600/templates/nginx-pdb.yaml | 19 + .../4.7.600/templates/nginx-pvc.yaml | 26 + .../4.7.600/templates/nginx-service.yaml | 79 + .../artifactory-ha/4.7.600/values-large.yaml | 24 + .../artifactory-ha/4.7.600/values-medium.yaml | 24 + .../artifactory-ha/4.7.600/values-small.yaml | 24 + .../artifactory-ha/4.7.600/values.yaml | 1653 +++++ .../artifactory-jcr/2.5.100/CHANGELOG.md | 120 + .../artifactory-jcr/2.5.100/Chart.yaml | 32 + .../artifactory-jcr/2.5.100/LICENSE | 201 + .../artifactory-jcr/2.5.100/OWNERS | 14 + .../artifactory-jcr/2.5.100/README.md | 133 + .../artifactory-jcr/2.5.100/app-readme.md | 18 + .../2.5.100/charts/artifactory/.helmignore | 22 + .../2.5.100/charts/artifactory/CHANGELOG.md | 755 +++ .../2.5.100/charts/artifactory/Chart.yaml | 26 + .../2.5.100/charts/artifactory/LICENSE | 201 + .../2.5.100/charts/artifactory/README.md | 1431 +++++ .../artifactory/ReverseProxyConfiguration.md | 140 + .../charts/artifactory/UPGRADE_NOTES.md | 35 + .../artifactory/charts/postgresql/.helmignore | 21 + .../artifactory/charts/postgresql/Chart.yaml | 22 + .../artifactory/charts/postgresql/README.md | 576 ++ .../charts/postgresql/ci/default-values.yaml | 1 + .../ci/shmvolume-disabled-values.yaml | 2 + .../charts/postgresql/files/README.md | 1 + .../charts/postgresql/files/conf.d/README.md | 4 + .../docker-entrypoint-initdb.d/README.md | 3 + .../charts/postgresql/templates/NOTES.txt | 60 + .../charts/postgresql/templates/_helpers.tpl | 420 ++ .../postgresql/templates/configmap.yaml | 26 + .../templates/extended-config-configmap.yaml | 21 + .../templates/initialization-configmap.yaml | 24 + .../templates/metrics-configmap.yaml | 13 + .../postgresql/templates/metrics-svc.yaml | 26 + .../postgresql/templates/networkpolicy.yaml | 38 + .../postgresql/templates/prometheusrule.yaml | 23 + .../charts/postgresql/templates/secrets.yaml | 23 + .../postgresql/templates/serviceaccount.yaml | 11 + .../postgresql/templates/servicemonitor.yaml | 33 + .../templates/statefulset-slaves.yaml | 299 + .../postgresql/templates/statefulset.yaml | 453 ++ .../postgresql/templates/svc-headless.yaml | 19 + .../charts/postgresql/templates/svc-read.yaml | 42 + .../charts/postgresql/templates/svc.yaml | 40 + .../charts/postgresql/values-production.yaml | 542 ++ .../charts/postgresql/values.schema.json | 103 + .../artifactory/charts/postgresql/values.yaml | 548 ++ .../artifactory/ci/access-tls-values.yaml | 7 + .../charts/artifactory/ci/default-values.yaml | 2 + .../ci/migration-disabled-values.yaml | 4 + .../charts/artifactory/ci/test-values.yaml | 13 + .../charts/artifactory/files/migrate.sh | 4339 +++++++++++++ .../artifactory/files/migrationHelmInfo.yaml | 32 + .../artifactory/files/migrationStatus.sh | 44 + .../artifactory/logo/artifactory-logo.png | Bin 0 -> 12877 bytes .../charts/artifactory/requirements.lock | 6 + .../charts/artifactory/requirements.yaml | 5 + .../charts/artifactory/templates/NOTES.txt | 85 + .../charts/artifactory/templates/_helpers.tpl | 85 + .../templates/admin-bootstrap-creds.yaml | 15 + .../templates/artifactory-access-config.yaml | 15 + .../artifactory-binarystore-secret.yaml | 14 + .../templates/artifactory-configmaps.yaml | 13 + .../templates/artifactory-custom-secrets.yaml | 19 + .../artifactory-database-secrets.yaml | 22 + .../templates/artifactory-installer-info.yaml | 12 + .../templates/artifactory-license-secret.yaml | 14 + .../artifactory-migration-scripts.yaml | 16 + .../templates/artifactory-networkpolicy.yaml | 34 + .../templates/artifactory-priority-class.yaml | 9 + .../templates/artifactory-role.yaml | 14 + .../templates/artifactory-rolebinding.yaml | 19 + .../templates/artifactory-secrets.yaml | 17 + .../templates/artifactory-service.yaml | 50 + .../templates/artifactory-serviceaccount.yaml | 16 + .../templates/artifactory-statefulset.yaml | 695 ++ .../templates/artifactory-system-yaml.yaml | 13 + .../templates/filebeat-configmap.yaml | 15 + .../charts/artifactory/templates/ingress.yaml | 103 + .../templates/logger-configmap.yaml | 63 + .../templates/nginx-artifactory-conf.yaml | 14 + .../templates/nginx-certificate-secret.yaml | 14 + .../artifactory/templates/nginx-conf.yaml | 14 + .../templates/nginx-deployment.yaml | 194 + .../artifactory/templates/nginx-pvc.yaml | 26 + .../artifactory/templates/nginx-service.yaml | 73 + .../charts/artifactory/values-large.yaml | 11 + .../charts/artifactory/values-medium.yaml | 11 + .../charts/artifactory/values-small.yaml | 11 + .../2.5.100/charts/artifactory/values.yaml | 1268 ++++ .../2.5.100/ci/default-values.yaml | 1 + .../artifactory-jcr/2.5.100/logo/jcr-logo.png | Bin 0 -> 3135 bytes .../artifactory-jcr/2.5.100/questions.yml | 271 + .../artifactory-jcr/2.5.100/requirements.lock | 6 + .../artifactory-jcr/2.5.100/requirements.yaml | 4 + .../2.5.100/templates/NOTES.txt | 1 + .../artifactory-jcr/2.5.100/values.yaml | 74 + .../artifactory-jcr/3.4.000/CHANGELOG.md | 151 + .../artifactory-jcr/3.4.000/Chart.yaml | 22 + .../artifactory-jcr/3.4.000/LICENSE | 201 + .../artifactory-jcr/3.4.000/README.md | 131 + .../artifactory-jcr/3.4.000/app-readme.md | 18 + .../3.4.000/charts/artifactory/.helmignore | 22 + .../3.4.000/charts/artifactory/CHANGELOG.md | 905 +++ .../3.4.000/charts/artifactory/Chart.yaml | 17 + .../3.4.000/charts/artifactory/LICENSE | 201 + .../3.4.000/charts/artifactory/README.md | 1151 ++++ .../artifactory/ReverseProxyConfiguration.md | 140 + .../charts/artifactory/UPGRADE_NOTES.md | 39 + .../artifactory/charts/postgresql/.helmignore | 21 + .../artifactory/charts/postgresql/Chart.yaml | 23 + .../artifactory/charts/postgresql/README.md | 680 ++ .../postgresql/charts/common/.helmignore | 22 + .../postgresql/charts/common/Chart.yaml | 20 + .../charts/postgresql/charts/common/README.md | 274 + .../charts/common/templates/_capabilities.tpl | 22 + .../charts/common/templates/_errors.tpl | 20 + .../charts/common/templates/_images.tpl | 43 + .../charts/common/templates/_labels.tpl | 18 + .../charts/common/templates/_names.tpl | 32 + .../charts/common/templates/_secrets.tpl | 49 + .../charts/common/templates/_storage.tpl | 23 + .../charts/common/templates/_tplvalues.tpl | 13 + .../charts/common/templates/_utils.tpl | 26 + .../charts/common/templates/_validations.tpl | 219 + .../charts/common/templates/_warnings.tpl | 14 + .../postgresql/charts/common/values.yaml | 3 + .../postgresql/ci/commonAnnotations.yaml | 3 + .../charts/postgresql/ci/default-values.yaml | 1 + .../ci/shmvolume-disabled-values.yaml | 2 + .../charts/postgresql/files/README.md | 1 + .../charts/postgresql/files/conf.d/README.md | 4 + .../docker-entrypoint-initdb.d/README.md | 3 + .../charts/postgresql/requirements.lock | 6 + .../charts/postgresql/requirements.yaml | 4 + .../charts/postgresql/templates/NOTES.txt | 59 + .../charts/postgresql/templates/_helpers.tpl | 501 ++ .../postgresql/templates/configmap.yaml | 26 + .../templates/extended-config-configmap.yaml | 21 + .../templates/initialization-configmap.yaml | 24 + .../templates/metrics-configmap.yaml | 13 + .../postgresql/templates/metrics-svc.yaml | 25 + .../postgresql/templates/networkpolicy.yaml | 36 + .../templates/podsecuritypolicy.yaml | 37 + .../postgresql/templates/prometheusrule.yaml | 23 + .../charts/postgresql/templates/role.yaml | 19 + .../postgresql/templates/rolebinding.yaml | 19 + .../charts/postgresql/templates/secrets.yaml | 23 + .../postgresql/templates/serviceaccount.yaml | 11 + .../postgresql/templates/servicemonitor.yaml | 33 + .../templates/statefulset-slaves.yaml | 345 + .../postgresql/templates/statefulset.yaml | 514 ++ .../postgresql/templates/svc-headless.yaml | 18 + .../charts/postgresql/templates/svc-read.yaml | 42 + .../charts/postgresql/templates/svc.yaml | 40 + .../charts/postgresql/values-production.yaml | 594 ++ .../charts/postgresql/values.schema.json | 103 + .../artifactory/charts/postgresql/values.yaml | 600 ++ .../artifactory/ci/access-tls-values.yaml | 11 + .../charts/artifactory/ci/default-values.yaml | 6 + .../artifactory/ci/derby-test-values.yaml | 4 + .../charts/artifactory/ci/global-values.yaml | 47 + .../ci/migration-disabled-values.yaml | 7 + .../charts/artifactory/ci/test-values.yaml | 13 + .../charts/artifactory/files/migrate.sh | 4339 +++++++++++++ .../artifactory/files/migrationHelmInfo.yaml | 32 + .../artifactory/files/migrationStatus.sh | 44 + .../artifactory/logo/artifactory-logo.png | Bin 0 -> 12877 bytes .../charts/artifactory/requirements.lock | 6 + .../charts/artifactory/requirements.yaml | 5 + .../artifactory/security-mitigation.yaml | 19 + .../charts/artifactory/templates/NOTES.txt | 85 + .../charts/artifactory/templates/_helpers.tpl | 237 + .../templates/additional-resources.yaml | 3 + .../templates/admin-bootstrap-creds.yaml | 15 + .../templates/artifactory-access-config.yaml | 15 + .../artifactory-binarystore-secret.yaml | 14 + .../templates/artifactory-configmaps.yaml | 13 + .../templates/artifactory-custom-secrets.yaml | 19 + .../artifactory-database-secrets.yaml | 22 + .../templates/artifactory-installer-info.yaml | 12 + .../templates/artifactory-license-secret.yaml | 14 + .../artifactory-migration-scripts.yaml | 18 + .../templates/artifactory-networkpolicy.yaml | 34 + .../templates/artifactory-priority-class.yaml | 9 + .../templates/artifactory-role.yaml | 14 + .../templates/artifactory-rolebinding.yaml | 19 + .../templates/artifactory-secrets.yaml | 21 + .../templates/artifactory-service.yaml | 50 + .../templates/artifactory-serviceaccount.yaml | 16 + .../templates/artifactory-statefulset.yaml | 734 +++ .../templates/artifactory-system-yaml.yaml | 15 + .../templates/filebeat-configmap.yaml | 15 + .../charts/artifactory/templates/ingress.yaml | 107 + .../templates/logger-configmap.yaml | 63 + .../templates/nginx-artifactory-conf.yaml | 14 + .../templates/nginx-certificate-secret.yaml | 14 + .../artifactory/templates/nginx-conf.yaml | 14 + .../templates/nginx-deployment.yaml | 203 + .../artifactory/templates/nginx-pvc.yaml | 26 + .../artifactory/templates/nginx-service.yaml | 73 + .../charts/artifactory/values-large.yaml | 11 + .../charts/artifactory/values-medium.yaml | 11 + .../charts/artifactory/values-small.yaml | 11 + .../3.4.000/charts/artifactory/values.yaml | 1376 ++++ .../3.4.000/ci/default-values.yaml | 7 + .../artifactory-jcr/3.4.000/logo/jcr-logo.png | Bin 0 -> 3135 bytes .../artifactory-jcr/3.4.000/questions.yml | 271 + .../artifactory-jcr/3.4.000/requirements.lock | 6 + .../artifactory-jcr/3.4.000/requirements.yaml | 4 + .../3.4.000/templates/NOTES.txt | 1 + .../artifactory-jcr/3.4.000/values.yaml | 75 + .../1.2.100/.helmignore | 22 + .../1.2.100/Chart.yaml | 18 + .../1.2.100/README.md | 220 + .../1.2.100/app-readme.md | 18 + .../1.2.100/questions.yml | 300 + .../1.2.100/templates/_helpers.tpl | 4 + .../citrix-adc-ingressgateway-deployment.yaml | 330 + .../templates/ingressgateway-service.yaml | 60 + .../templates/metrics-exporter-service.yaml | 17 + .../1.2.100/templates/secret.yaml | 11 + .../1.2.100/values.yaml | 50 + .../1.8.2800/Chart.yaml | 18 + .../1.8.2800/README.md | 234 + .../1.8.2800/app-readme.md | 5 + .../1.8.2800/questions.yml | 211 + .../1.8.2800/templates/NOTES.txt | 14 + .../1.8.2800/templates/_helpers.tpl | 11 + .../1.8.2800/templates/cic_crds.yaml | 1009 +++ .../templates/citrix-k8s-cpx-ingress.yaml | 221 + .../1.8.2800/templates/configmap.yaml | 31 + .../1.8.2800/templates/login_credentials.yaml | 8 + .../1.8.2800/templates/rbac.yaml | 73 + .../1.8.2800/values.yaml | 81 + charts/cloudcasa/cloudcasa/0.1.000/Chart.yaml | 19 + charts/cloudcasa/cloudcasa/0.1.000/README.md | 51 + .../cloudcasa/cloudcasa/0.1.000/app-readme.md | 6 + .../cloudcasa/0.1.000/questions.yaml | 13 + .../cloudcasa/0.1.000/templates/NOTES.txt | 5 + .../cloudcasa/0.1.000/templates/_helpers.tpl | 32 + .../0.1.000/templates/cluster-register.yaml | 2982 +++++++++ .../cloudcasa/cloudcasa/0.1.000/values.yaml | 92 + charts/cloudcasa/cloudcasa/1/Chart.yaml | 20 + charts/cloudcasa/cloudcasa/1/README.md | 51 + charts/cloudcasa/cloudcasa/1/app-readme.md | 6 + charts/cloudcasa/cloudcasa/1/questions.yaml | 13 + .../cloudcasa/cloudcasa/1/templates/NOTES.txt | 5 + .../cloudcasa/1/templates/_helpers.tpl | 32 + .../1/templates/cluster-register.yaml | 2984 +++++++++ charts/cloudcasa/cloudcasa/1/values.yaml | 92 + .../cockroachdb/4.1.200/Chart.yaml | 15 + .../cockroachdb/cockroachdb/4.1.200/README.md | 477 ++ .../cockroachdb/4.1.200/app-readme.md | 9 + .../cockroachdb/4.1.200/questions.yml | 8 + .../cockroachdb/4.1.200/templates/NOTES.txt | 50 + .../4.1.200/templates/_helpers.tpl | 64 + .../4.1.200/templates/clusterrole.yaml | 19 + .../4.1.200/templates/clusterrolebinding.yaml | 23 + .../4.1.200/templates/ingress.yaml | 52 + .../4.1.200/templates/job.init.yaml | 157 + .../4.1.200/templates/networkpolicy.yaml | 59 + .../templates/poddisruptionbudget.yaml | 22 + .../cockroachdb/4.1.200/templates/role.yaml | 23 + .../4.1.200/templates/rolebinding.yaml | 23 + .../4.1.200/templates/secret.registry.yaml | 23 + .../4.1.200/templates/service.discovery.yaml | 62 + .../4.1.200/templates/service.public.yaml | 46 + .../4.1.200/templates/serviceaccount.yaml | 15 + .../4.1.200/templates/statefulset.yaml | 334 + .../4.1.200/templates/tests/client.yaml | 65 + .../cockroachdb/4.1.200/values.yaml | 382 ++ .../csi-wekafsplugin/0.6.400/.helmignore | 22 + .../csi-wekafsplugin/0.6.400/Chart.yaml | 13 + .../csi-wekafsplugin/0.6.400/LOCAL.md | 28 + .../csi-wekafsplugin/0.6.400/README.md | 23 + .../csi-wekafsplugin/0.6.400/app-readme.md | 20 + .../csi-wekafsplugin/0.6.400/questions.yaml | 6 + .../0.6.400/templates/NOTES.txt | 10 + .../0.6.400/templates/controllerserver.yaml | 242 + .../0.6.400/templates/driver.yaml | 9 + .../0.6.400/templates/nodeserver.yaml | 182 + .../0.6.400/values.schema.json | 104 + .../csi-wekafsplugin/0.6.400/values.yaml | 40 + charts/datadog/datadog/2.4.200/.helmignore | 23 + charts/datadog/datadog/2.4.200/CHANGELOG.md | 328 + charts/datadog/datadog/2.4.200/Chart.yaml | 20 + charts/datadog/datadog/2.4.200/README.md | 481 ++ charts/datadog/datadog/2.4.200/app-readme.md | 32 + .../charts/kube-state-metrics/.helmignore | 21 + .../charts/kube-state-metrics/Chart.yaml | 20 + .../2.4.200/charts/kube-state-metrics/OWNERS | 8 + .../charts/kube-state-metrics/README.md | 79 + .../kube-state-metrics/templates/NOTES.txt | 10 + .../kube-state-metrics/templates/_helpers.tpl | 47 + .../templates/clusterrole.yaml | 180 + .../templates/clusterrolebinding.yaml | 19 + .../templates/deployment.yaml | 191 + .../kube-state-metrics/templates/pdb.yaml | 17 + .../templates/podsecuritypolicy.yaml | 42 + .../templates/psp-clusterrole.yaml | 22 + .../templates/psp-clusterrolebinding.yaml | 19 + .../kube-state-metrics/templates/service.yaml | 36 + .../templates/serviceaccount.yaml | 14 + .../templates/servicemonitor.yaml | 25 + .../templates/stsdiscovery-role.yaml | 27 + .../templates/stsdiscovery-rolebinding.yaml | 20 + .../charts/kube-state-metrics/values.yaml | 139 + ...and-worker-with-dedicated-rbac-values.yaml | 17 + ...nt-metrics-server-service-port-values.yaml | 13 + .../2.4.200/ci/cluster-agent-values.yaml | 25 + .../datadog/2.4.200/ci/default-values.yaml | 4 + .../2.4.200/ci/dogstastd-socket-values.yaml | 12 + .../datadog/datadog/2.4.200/ci/kubeval.yaml | 46 + .../ci/no_hardened_seccomp-values.yaml | 7 + .../datadog/2.4.200/ci/psp-test-values.yaml | 9 + .../ci/securitycontext-nil-values.yaml | 7 + .../2.4.200/docs/Migration_1.x_to_2.x.md | 72 + charts/datadog/datadog/2.4.200/questions.yml | 221 + .../datadog/datadog/2.4.200/requirements.lock | 6 + .../datadog/datadog/2.4.200/requirements.yaml | 5 + .../datadog/2.4.200/templates/NOTES.txt | 76 + .../datadog/2.4.200/templates/_helpers.tpl | 137 + .../2.4.200/templates/agent-apiservice.yaml | 24 + .../agent-clusterchecks-deployment.yaml | 191 + .../templates/agent-clusterchecks-pdb.yaml | 17 + .../templates/agent-clusterchecks-rbac.yaml | 38 + .../datadog/2.4.200/templates/agent-psp.yaml | 33 + .../datadog/2.4.200/templates/agent-scc.yaml | 56 + .../2.4.200/templates/agent-secret.yaml | 23 + .../2.4.200/templates/agent-services.yaml | 70 + .../2.4.200/templates/checksd-configmap.yaml | 16 + .../cluster-agent-confd-configmap.yaml | 16 + .../cluster-agent-config-configmap.yaml | 21 + .../templates/cluster-agent-deployment.yaml | 245 + .../2.4.200/templates/cluster-agent-pdb.yaml | 17 + .../2.4.200/templates/cluster-agent-rbac.yaml | 225 + .../2.4.200/templates/confd-configmap.yaml | 26 + .../2.4.200/templates/container-agent.yaml | 161 + .../templates/container-process-agent.yaml | 72 + .../templates/container-system-probe.yaml | 33 + .../templates/container-trace-agent.yaml | 58 + .../templates/containers-common-env.yaml | 95 + .../templates/containers-init-linux.yaml | 51 + .../templates/containers-init-windows.yaml | 38 + .../templates/daemonset-volumes-linux.yaml | 69 + .../templates/daemonset-volumes-windows.yaml | 13 + .../datadog/2.4.200/templates/daemonset.yaml | 150 + .../templates/datadog-yaml-configmap.yaml | 51 + .../templates/hpa-external-metrics-rbac.yaml | 52 + .../templates/install_info-configmap.yaml | 19 + .../datadog/2.4.200/templates/rbac.yaml | 116 + .../datadog/2.4.200/templates/secrets.yaml | 38 + .../templates/system-probe-configmap.yaml | 218 + .../2.4.200/templates/system-probe-init.yaml | 15 + charts/datadog/datadog/2.4.200/values.yaml | 1254 ++++ .../0.8.000/.helmignore | 22 + .../0.8.000/Chart.yaml | 20 + .../0.8.000/README.md | 86 + .../0.8.000/app-readme.md | 6 + .../crds/dynatrace.com_oneagentapms_crd.yaml | 145 + .../crds/dynatrace.com_oneagents_crd.yaml | 368 ++ .../0.8.000/logo.png | Bin 0 -> 9908 bytes .../0.8.000/overview.svg | 2 + .../0.8.000/questions.yml | 175 + .../Common/clusterrole-operator.yaml | 47 + .../templates/Common/clusterrole-webhook.yaml | 47 + .../Common/clusterrolebinding-operator.yaml | 29 + .../Common/clusterrolebinding-webhook.yaml | 29 + .../0.8.000/templates/Common/configmap.yaml | 25 + .../Common/customresource-oneagent.yaml | 99 + .../Common/customresource-oneagentapm.yaml | 46 + .../templates/Common/deployment-operator.yaml | 86 + .../templates/Common/deployment-webhook.yaml | 125 + .../Common/mutatingwebhookconfiguration.yaml | 39 + .../Common/rolebinding-operator.yaml | 29 + .../templates/Common/rolebinding-webhook.yaml | 30 + .../0.8.000/templates/Common/secret.yaml | 29 + .../0.8.000/templates/Common/service.yaml | 31 + .../Common/serviceaccount-webhook.yaml | 20 + .../podsecuritypolicy-oneagent.yaml | 44 + .../podsecuritypolicy-operator.yaml | 50 + .../Kubernetes/podsecuritypolicy-webhook.yaml | 50 + .../templates/Kubernetes/role-oneagent.yaml | 31 + .../templates/Kubernetes/role-operator.yaml | 124 + .../templates/Kubernetes/role-webhook.yaml | 61 + .../Kubernetes/rolebinding-oneagent.yaml | 30 + .../Kubernetes/serviceaccount-oneagent.yaml | 22 + .../Kubernetes/serviceaccount-operator.yaml | 22 + .../0.8.000/templates/NOTES.txt | 58 + .../templates/Openshift/role-operator.yaml | 116 + .../templates/Openshift/role-webhook.yaml | 53 + .../Openshift/securitycontextconstraints.yaml | 50 + .../Openshift/serviceaccount-oneagent.yaml | 25 + .../Openshift/serviceaccount-operator.yaml | 25 + .../0.8.000/templates/_helpers.tpl | 113 + .../0.8.000/values.yaml | 51 + .../falcon-sensor/0.9.300/.helmignore | 23 + .../falcon-sensor/0.9.300/Chart.yaml | 26 + .../falcon-sensor/0.9.300/README.md | 90 + .../falcon-sensor/0.9.300/app-readme.md | 9 + .../falcon-sensor/0.9.300/ci/cid-values.yaml | 2 + .../falcon-sensor/0.9.300/questions.yaml | 97 + .../falcon-sensor/0.9.300/templates/NOTES.txt | 10 + .../0.9.300/templates/_helpers.tpl | 62 + .../0.9.300/templates/configmap.yaml | 17 + .../0.9.300/templates/daemonset.yaml | 134 + .../falcon-sensor/0.9.300/values.yaml | 50 + .../federatorai/4.5.100/.helmignore | 22 + .../federatorai/4.5.100/Chart.yaml | 25 + .../federatorai/federatorai/4.5.100/README.md | 96 + .../federatorai/4.5.100/app-readme.md | 39 + .../4.5.100/crds/02-alamedaservice.crd.yaml | 5009 +++++++++++++++ .../federatorai/federatorai/4.5.100/logo.png | Bin 0 -> 2838 bytes .../federatorai/4.5.100/questions.yaml | 90 + .../federatorai/4.5.100/requirements.yaml | 0 .../4.5.100/templates/01-serviceaccount.yaml | 5 + .../03-federatorai-operator.deployment.yaml | 99 + .../4.5.100/templates/04-clusterrole.yaml | 257 + .../templates/05-clusterrolebinding.yaml | 12 + .../4.5.100/templates/06-role.yaml | 107 + .../4.5.100/templates/07-rolebinding.yaml | 13 + .../4.5.100/templates/08-service.yaml | 14 + .../4.5.100/templates/09-secret.yaml | 7 + .../4.5.100/templates/10-mutatingwebhook.yaml | 24 + .../templates/11-validatingwebhook.yaml | 24 + .../federatorai/4.5.100/templates/NOTES.txt | 3 + .../4.5.100/templates/_helpers.tpl | 45 + .../4.5.100/templates/alamedaservice.yaml | 87 + .../federatorai/4.5.100/values.yaml | 41 + charts/haproxy/haproxy/1.12.100/.helmignore | 21 + charts/haproxy/haproxy/1.12.100/Chart.yaml | 23 + charts/haproxy/haproxy/1.12.100/README.md | 199 + charts/haproxy/haproxy/1.12.100/app-readme.md | 8 + .../ci/daemonset-customconfig-values.yaml | 4 + .../ci/daemonset-customnodeport-values.yaml | 7 + .../1.12.100/ci/daemonset-default-values.yaml | 2 + ...emonset-disableddefaultbackend-values.yaml | 4 + ...daemonset-disabledsecretconfig-values.yaml | 4 + .../ci/daemonset-enableports-values.yaml | 7 + .../ci/daemonset-extraargs-values.yaml | 4 + .../ci/daemonset-hostport-values.yaml | 8 + .../ci/daemonset-nodeport-values.yaml | 4 + .../ci/daemonset-publishservice-values.yaml | 5 + .../daemonset-serviceannotation-values.yaml | 5 + .../ci/deployment-customconfig-values.yaml | 3 + .../ci/deployment-customnodeport-values.yaml | 6 + .../ci/deployment-default-values.yaml | 1 + ...loyment-disableddefaultbackend-values.yaml | 2 + ...eployment-disabledsecretconfig-values.yaml | 3 + .../ci/deployment-enableports-values.yaml | 6 + .../ci/deployment-extraargs-values.yaml | 3 + .../1.12.100/ci/deployment-hpa-values.yaml | 14 + .../ci/deployment-nodeport-values.yaml | 3 + .../1.12.100/ci/deployment-psp-values.yaml | 2 + .../ci/deployment-publishservice-values.yaml | 4 + .../ci/deployment-replicacount-unset.yaml | 5 + charts/haproxy/haproxy/1.12.100/questions.yml | 73 + .../haproxy/1.12.100/templates/NOTES.txt | 67 + .../haproxy/1.12.100/templates/_helpers.tpl | 130 + .../1.12.100/templates/clusterrole.yaml | 60 + .../templates/clusterrolebinding.yaml | 37 + .../templates/controller-configmap.yaml | 34 + .../templates/controller-daemonset.yaml | 234 + .../controller-defaultcertsecret.yaml | 35 + .../templates/controller-deployment.yaml | 222 + .../1.12.100/templates/controller-hpa.yaml | 49 + .../controller-podsecuritypolicy.yaml | 80 + .../templates/controller-pullsecret.yaml | 32 + .../1.12.100/templates/controller-role.yaml | 38 + .../templates/controller-rolebinding.yaml | 37 + .../templates/controller-service.yaml | 101 + .../templates/controller-serviceaccount.yaml | 29 + .../templates/controller-servicemonitor.yaml | 41 + .../templates/default-backend-deployment.yaml | 84 + .../templates/default-backend-hpa.yaml | 49 + .../default-backend-podsecuritypolicy.yaml | 64 + .../templates/default-backend-role.yaml | 38 + .../default-backend-rolebinding.yaml | 37 + .../templates/default-backend-service.yaml | 40 + .../default-backend-serviceaccount.yaml | 29 + charts/haproxy/haproxy/1.12.100/values.yaml | 157 + charts/haproxy/haproxy/1.12.500/.helmignore | 21 + charts/haproxy/haproxy/1.12.500/Chart.yaml | 23 + charts/haproxy/haproxy/1.12.500/README.md | 208 + charts/haproxy/haproxy/1.12.500/app-readme.md | 8 + .../ci/daemonset-customconfig-values.yaml | 4 + .../ci/daemonset-customnodeport-values.yaml | 7 + .../1.12.500/ci/daemonset-default-values.yaml | 2 + ...emonset-disableddefaultbackend-values.yaml | 4 + ...daemonset-disabledsecretconfig-values.yaml | 4 + .../ci/daemonset-enableports-values.yaml | 7 + .../ci/daemonset-extraargs-values.yaml | 4 + .../ci/daemonset-hostport-values.yaml | 8 + .../ci/daemonset-nodeport-values.yaml | 4 + .../ci/daemonset-publishservice-values.yaml | 5 + .../daemonset-serviceannotation-values.yaml | 5 + .../ci/deployment-customconfig-values.yaml | 3 + .../ci/deployment-customnodeport-values.yaml | 6 + .../ci/deployment-default-values.yaml | 1 + ...loyment-disableddefaultbackend-values.yaml | 2 + ...eployment-disabledsecretconfig-values.yaml | 3 + .../ci/deployment-enableports-values.yaml | 6 + .../ci/deployment-extraargs-values.yaml | 3 + .../1.12.500/ci/deployment-hpa-values.yaml | 14 + .../ci/deployment-nodeport-values.yaml | 3 + .../1.12.500/ci/deployment-psp-values.yaml | 2 + .../ci/deployment-publishservice-values.yaml | 4 + .../ci/deployment-replicacount-unset.yaml | 5 + charts/haproxy/haproxy/1.12.500/questions.yml | 73 + .../haproxy/1.12.500/templates/NOTES.txt | 67 + .../haproxy/1.12.500/templates/_helpers.tpl | 130 + .../1.12.500/templates/clusterrole.yaml | 60 + .../templates/clusterrolebinding.yaml | 37 + .../templates/controller-configmap.yaml | 34 + .../templates/controller-daemonset.yaml | 237 + .../controller-defaultcertsecret.yaml | 35 + .../templates/controller-deployment.yaml | 229 + .../1.12.500/templates/controller-hpa.yaml | 49 + .../controller-poddisruptionbudget.yaml | 40 + .../controller-podsecuritypolicy.yaml | 80 + .../templates/controller-pullsecret.yaml | 32 + .../1.12.500/templates/controller-role.yaml | 38 + .../templates/controller-rolebinding.yaml | 37 + .../templates/controller-service.yaml | 101 + .../templates/controller-serviceaccount.yaml | 29 + .../templates/controller-servicemonitor.yaml | 41 + .../templates/default-backend-deployment.yaml | 88 + .../templates/default-backend-hpa.yaml | 49 + .../default-backend-podsecuritypolicy.yaml | 64 + .../templates/default-backend-role.yaml | 38 + .../default-backend-rolebinding.yaml | 37 + .../templates/default-backend-service.yaml | 40 + .../default-backend-serviceaccount.yaml | 29 + charts/haproxy/haproxy/1.12.500/values.yaml | 162 + charts/haproxy/haproxy/1.4.300/.helmignore | 21 + charts/haproxy/haproxy/1.4.300/Chart.yaml | 23 + charts/haproxy/haproxy/1.4.300/README.md | 190 + charts/haproxy/haproxy/1.4.300/app-readme.md | 8 + .../ci/daemonset-customconfig-values.yaml | 4 + .../ci/daemonset-customnodeport-values.yaml | 7 + .../1.4.300/ci/daemonset-default-values.yaml | 2 + ...daemonset-disabledsecretconfig-values.yaml | 4 + .../ci/daemonset-enableports-values.yaml | 7 + .../ci/daemonset-extraargs-values.yaml | 4 + .../1.4.300/ci/daemonset-hostport-values.yaml | 8 + .../1.4.300/ci/daemonset-nodeport-values.yaml | 4 + .../ci/daemonset-publishservice-values.yaml | 5 + .../daemonset-serviceannotation-values.yaml | 5 + .../ci/deployment-customconfig-values.yaml | 3 + .../ci/deployment-customnodeport-values.yaml | 6 + .../1.4.300/ci/deployment-default-values.yaml | 1 + ...eployment-disabledsecretconfig-values.yaml | 3 + .../ci/deployment-enableports-values.yaml | 6 + .../ci/deployment-extraargs-values.yaml | 3 + .../ci/deployment-nodeport-values.yaml | 3 + .../ci/deployment-publishservice-values.yaml | 4 + .../ci/deployment-replicacount-unset.yaml | 5 + .../deployment-serviceannotation-values.yaml | 4 + charts/haproxy/haproxy/1.4.300/questions.yml | 73 + .../haproxy/1.4.300/templates/NOTES.txt | 67 + .../haproxy/1.4.300/templates/_helpers.tpl | 123 + .../1.4.300/templates/clusterrole.yaml | 61 + .../1.4.300/templates/clusterrolebinding.yaml | 37 + .../templates/controller-configmap.yaml | 34 + .../templates/controller-daemonset.yaml | 153 + .../controller-defaultcertsecret.yaml | 33 + .../templates/controller-deployment.yaml | 141 + .../controller-podsecuritypolicy.yaml | 75 + .../templates/controller-pullsecret.yaml | 32 + .../1.4.300/templates/controller-role.yaml | 38 + .../templates/controller-rolebinding.yaml | 37 + .../1.4.300/templates/controller-service.yaml | 100 + .../templates/controller-serviceaccount.yaml | 29 + .../templates/default-backend-deployment.yaml | 71 + .../default-backend-podsecuritypolicy.yaml | 59 + .../templates/default-backend-role.yaml | 38 + .../default-backend-rolebinding.yaml | 37 + .../templates/default-backend-service.yaml | 38 + .../default-backend-serviceaccount.yaml | 29 + charts/haproxy/haproxy/1.4.300/values.yaml | 116 + .../hpe-csi-driver/1.3.000/Chart.yaml | 22 + .../hpe-csi-driver/1.3.000/README.md | 110 + .../hpe-csi-driver/1.3.000/app-readme.md | 3 + .../1.3.000/crds/hpe-nodeinfo-crd.yaml | 54 + .../crds/hpe-replicated-device-info-crd.yaml | 57 + .../1.3.000/crds/hpe-volumeinfo-crd.yaml | 32 + .../hpe-csi-driver/1.3.000/files/config.json | 128 + .../hpe-csi-driver/1.3.000/questions.yml | 29 + .../1.3.000/templates/NOTES.txt | 0 .../1.3.000/templates/_helpers.tpl | 32 + .../1.3.000/templates/csi-driver-crd.yaml | 16 + .../1.3.000/templates/hpe-csi-controller.yaml | 171 + .../1.3.000/templates/hpe-csi-node.yaml | 165 + .../1.3.000/templates/hpe-csi-rbac.yaml | 408 ++ .../1.3.000/templates/hpe-linux-config.yaml | 13 + .../1.3.000/templates/hpe-secret.yaml | 47 + .../1.3.000/templates/nimble-csp.yaml | 60 + .../1.3.000/templates/primera-3par-csp.yaml | 61 + .../hpe-csi-driver/1.3.000/templates/sc.yaml | 38 + .../hpe-csi-driver/1.3.000/values.yaml | 20 + .../hpe-csi-driver/1.4.200/Chart.yaml | 19 + .../hpe-csi-driver/1.4.200/README.md | 101 + .../hpe-csi-driver/1.4.200/app-readme.md | 3 + .../1.4.200/crds/hpe-nodeinfo-crd.yaml | 70 + .../crds/hpe-replicated-device-info-crd.yaml | 57 + .../crds/hpe-snapshotgroupinfo-crd.yaml | 57 + .../1.4.200/crds/hpe-volumegroupinfo-crd.yaml | 64 + .../1.4.200/crds/hpe-volumeinfo-crd.yaml | 32 + .../storage.hpe.com_snapshotgroupclasses.yaml | 60 + ...storage.hpe.com_snapshotgroupcontents.yaml | 104 + .../crds/storage.hpe.com_snapshotgroups.yaml | 83 + .../storage.hpe.com_volumegroupclasses.yaml | 60 + .../storage.hpe.com_volumegroupcontents.yaml | 96 + .../crds/storage.hpe.com_volumegroups.yaml | 69 + .../hpe-csi-driver/1.4.200/files/config.json | 128 + .../hpe-csi-driver/1.4.200/questions.yml | 37 + .../1.4.200/templates/NOTES.txt | 0 .../1.4.200/templates/_helpers.tpl | 32 + .../1.4.200/templates/csi-driver-crd.yaml | 24 + .../1.4.200/templates/hpe-csi-controller.yaml | 223 + .../1.4.200/templates/hpe-csi-node.yaml | 171 + .../1.4.200/templates/hpe-csi-rbac.yaml | 563 ++ .../1.4.200/templates/hpe-linux-config.yaml | 13 + .../1.4.200/templates/hpe-secret.yaml | 47 + .../1.4.200/templates/nimble-csp.yaml | 64 + .../1.4.200/templates/primera-3par-csp.yaml | 65 + .../hpe-csi-driver/1.4.200/templates/sc.yaml | 38 + .../hpe-csi-driver/1.4.200/values.yaml | 24 + .../hpe-flexvolume-driver/3.1.000/Chart.yaml | 23 + .../hpe-flexvolume-driver/3.1.000/README.md | 173 + .../3.1.000/app-readme.md | 3 + .../3.1.000/questions.yml | 172 + .../3.1.000/templates/NOTES.txt | 0 .../3.1.000/templates/_helpers.tpl | 32 + .../3.1.000/templates/hpe-config.yaml | 58 + .../3.1.000/templates/hpe-doryd-rbac.yaml | 40 + .../3.1.000/templates/hpe-doryd.yaml | 67 + .../templates/hpe-flexvolume-plugin.yaml | 216 + .../3.1.000/templates/hpe-secret.yaml | 18 + .../3.1.000/templates/hpecv-cp.yaml | 66 + .../3.1.000/templates/post-install.yaml | 28 + .../3.1.000/templates/sc.yaml | 16 + .../hpe-flexvolume-driver/3.1.000/values.yaml | 97 + .../instana-agent/1.0.2900/.helmignore | 23 + .../instana-agent/1.0.2900/Chart.yaml | 27 + .../instana-agent/1.0.2900/README.md | 164 + .../instana-agent/1.0.2900/app-readme.md | 5 + .../instana-agent/1.0.2900/questions.yml | 236 + .../1.0.2900/templates/NOTES.txt | 66 + .../1.0.2900/templates/_helpers.tpl | 76 + .../1.0.2900/templates/agentsecret.yaml | 19 + .../1.0.2900/templates/clusterrole.yaml | 68 + .../templates/clusterrolebinding.yaml | 22 + .../1.0.2900/templates/configmap.yaml | 44 + .../1.0.2900/templates/daemonset.yaml | 210 + .../1.0.2900/templates/namespace.yaml | 8 + .../1.0.2900/templates/podsecuritypolicy.yaml | 55 + .../1.0.2900/templates/serviceaccount.yaml | 9 + .../instana-agent/1.0.2900/values.yaml | 111 + .../2.0.500/.helmignore | 23 + .../2.0.500/Chart.yaml | 17 + .../k8s-triliovault-operator/2.0.500/LICENSE | 1 + .../2.0.500/README.md | 41 + .../2.0.500/app-readme.md | 37 + .../2.0.500/templates/NOTES.txt | 3 + .../2.0.500/templates/_helpers.tpl | 33 + .../2.0.500/templates/clusterrole.yaml | 53 + .../templates/clusterrole_binding.yaml | 12 + .../2.0.500/templates/deployment.yaml | 101 + .../2.0.500/templates/mutating-webhook.yaml | 24 + .../templates/ns-validating-webhook.yaml | 30 + .../2.0.500/templates/secret.yaml | 6 + ...iovault.trilio.io_triliovaultmanagers.yaml | 826 +++ .../2.0.500/templates/validating-webhook.yaml | 24 + .../2.0.500/templates/webhook-service.yaml | 15 + .../2.0.500/values.yaml | 33 + .../v2.0.200/.helmignore | 23 + .../v2.0.200/Chart.yaml | 15 + .../k8s-triliovault-operator/v2.0.200/LICENSE | 1 + .../v2.0.200/README.md | 41 + .../v2.0.200/app-readme.md | 4 + .../v2.0.200/templates/NOTES.txt | 3 + .../v2.0.200/templates/_helpers.tpl | 33 + .../v2.0.200/templates/clusterrole.yaml | 53 + .../templates/clusterrole_binding.yaml | 12 + .../v2.0.200/templates/deployment.yaml | 84 + .../v2.0.200/templates/mutating-webhook.yaml | 41 + .../v2.0.200/templates/secret.yaml | 6 + ...iovault.trilio.io_triliovaultmanagers.yaml | 1605 +++++ .../templates/validating-webhook.yaml | 41 + .../v2.0.200/templates/webhook-service.yaml | 15 + .../v2.0.200/values.yaml | 23 + .../cost-analyzer/1.70.000/Chart.yaml | 10 + .../cost-analyzer/1.70.000/app-readme.md | 23 + .../1.70.000/attached-disks.json | 425 ++ .../1.70.000/charts/grafana/Chart.yaml | 15 + .../1.70.000/charts/grafana/README.md | 162 + .../charts/grafana/templates/NOTES.txt | 37 + .../charts/grafana/templates/_helpers.tpl | 43 + .../charts/grafana/templates/clusterrole.yaml | 25 + .../grafana/templates/clusterrolebinding.yaml | 25 + .../configmap-dashboard-provider.yaml | 28 + .../charts/grafana/templates/configmap.yaml | 76 + .../templates/dashboards-json-configmap.yaml | 24 + .../charts/grafana/templates/deployment.yaml | 272 + .../charts/grafana/templates/ingress.yaml | 44 + .../grafana/templates/podsecuritypolicy.yaml | 42 + .../charts/grafana/templates/pvc.yaml | 26 + .../charts/grafana/templates/role.yaml | 20 + .../charts/grafana/templates/rolebinding.yaml | 20 + .../charts/grafana/templates/secret.yaml | 22 + .../charts/grafana/templates/service.yaml | 51 + .../grafana/templates/serviceaccount.yaml | 13 + .../1.70.000/charts/grafana/values.yaml | 275 + .../1.70.000/charts/prometheus/.helmignore | 23 + .../1.70.000/charts/prometheus/Chart.yaml | 18 + .../1.70.000/charts/prometheus/README.md | 471 ++ .../charts/kube-state-metrics/.helmignore | 21 + .../charts/kube-state-metrics/Chart.yaml | 20 + .../charts/kube-state-metrics/OWNERS | 8 + .../charts/kube-state-metrics/README.md | 73 + .../kube-state-metrics/templates/NOTES.txt | 10 + .../kube-state-metrics/templates/_helpers.tpl | 47 + .../templates/clusterrole.yaml | 180 + .../templates/clusterrolebinding.yaml | 19 + .../templates/deployment.yaml | 186 + .../templates/podsecuritypolicy.yaml | 39 + .../templates/psp-clusterrole.yaml | 17 + .../templates/psp-clusterrolebinding.yaml | 19 + .../kube-state-metrics/templates/service.yaml | 36 + .../templates/serviceaccount.yaml | 14 + .../templates/servicemonitor.yaml | 25 + .../templates/stsdiscovery-role.yaml | 27 + .../templates/stsdiscovery-rolebinding.yaml | 20 + .../charts/kube-state-metrics/values.yaml | 126 + .../charts/prometheus/requirements.lock | 6 + .../charts/prometheus/requirements.yaml | 7 + .../charts/prometheus/templates/NOTES.txt | 112 + .../charts/prometheus/templates/_helpers.tpl | 276 + .../templates/alertmanager-clusterrole.yaml | 23 + .../alertmanager-clusterrolebinding.yaml | 18 + .../templates/alertmanager-configmap.yaml | 20 + .../templates/alertmanager-deployment.yaml | 141 + .../templates/alertmanager-ingress.yaml | 44 + .../templates/alertmanager-networkpolicy.yaml | 21 + .../templates/alertmanager-pdb.yaml | 15 + .../alertmanager-podsecuritypolicy.yaml | 50 + .../templates/alertmanager-pvc.yaml | 34 + .../alertmanager-service-headless.yaml | 32 + .../templates/alertmanager-service.yaml | 54 + .../alertmanager-serviceaccount.yaml | 10 + .../templates/alertmanager-statefulset.yaml | 154 + .../templates/node-exporter-daemonset.yaml | 125 + .../node-exporter-podsecuritypolicy.yaml | 57 + .../templates/node-exporter-role.yaml | 19 + .../templates/node-exporter-rolebinding.yaml | 21 + .../templates/node-exporter-service.yaml | 46 + .../node-exporter-serviceaccount.yaml | 10 + .../templates/pushgateway-clusterrole.yaml | 23 + .../pushgateway-clusterrolebinding.yaml | 18 + .../templates/pushgateway-deployment.yaml | 99 + .../templates/pushgateway-ingress.yaml | 41 + .../templates/pushgateway-networkpolicy.yaml | 21 + .../prometheus/templates/pushgateway-pdb.yaml | 15 + .../pushgateway-podsecuritypolicy.yaml | 46 + .../prometheus/templates/pushgateway-pvc.yaml | 32 + .../templates/pushgateway-service.yaml | 42 + .../templates/pushgateway-serviceaccount.yaml | 10 + .../templates/server-clusterrole.yaml | 49 + .../templates/server-clusterrolebinding.yaml | 18 + .../templates/server-configmap.yaml | 83 + .../templates/server-deployment.yaml | 216 + .../prometheus/templates/server-ingress.yaml | 46 + .../templates/server-networkpolicy.yaml | 19 + .../prometheus/templates/server-pdb.yaml | 15 + .../templates/server-podsecuritypolicy.yaml | 55 + .../prometheus/templates/server-pvc.yaml | 36 + .../templates/server-service-headless.yaml | 28 + .../prometheus/templates/server-service.yaml | 61 + .../templates/server-serviceaccount.yaml | 12 + .../templates/server-statefulset.yaml | 224 + .../prometheus/templates/server-vpa.yaml | 26 + .../1.70.000/charts/prometheus/values.yaml | 1387 ++++ .../1.70.000/charts/thanos/.helmignore | 21 + .../1.70.000/charts/thanos/Chart.yaml | 18 + .../1.70.000/charts/thanos/requirements.yaml | 0 .../charts/thanos/templates/NOTES.txt | 0 .../charts/thanos/templates/_helpers.tpl | 51 + .../thanos/templates/bucket-deployment.yaml | 87 + .../thanos/templates/bucket-ingress.yaml | 42 + .../templates/bucket-poddisruptionbudget.yaml | 27 + .../thanos/templates/bucket-service.yaml | 30 + .../thanos/templates/compact-deployment.yaml | 108 + .../charts/thanos/templates/compact-pvc.yaml | 27 + .../thanos/templates/compact-service.yaml | 30 + .../templates/compact-servicemonitor.yaml | 32 + .../thanos/templates/query-deployment.yaml | 148 + .../templates/query-frontend-deployment.yaml | 122 + ...uery-frontend-horizontalpodautoscaler.yaml | 37 + .../templates/query-frontend-ingress.yml | 45 + .../query-frontend-poddisruptionbudget.yaml | 27 + .../templates/query-frontend-service.yaml | 34 + .../query-frontend-servicemonitor.yaml | 32 + .../query-horizontalpodautoscaler.yaml | 37 + .../charts/thanos/templates/query-ingress.yml | 89 + .../templates/query-poddisruptionbudget.yaml | 27 + .../thanos/templates/query-service.yaml | 65 + .../templates/query-servicemonitor.yaml | 32 + .../thanos/templates/sidecar-service.yaml | 61 + .../templates/sidecar-servicemonitor.yaml | 32 + .../thanos/templates/store-deployment.yaml | 121 + .../thanos/templates/store-ingress.yaml | 85 + .../thanos/templates/store-service.yaml | 65 + .../templates/store-servicemonitor.yaml | 32 + .../1.70.000/charts/thanos/values.yaml | 739 +++ .../1.70.000/cluster-metrics.json | 1663 +++++ .../1.70.000/cluster-utilization.json | 3473 ++++++++++ .../1.70.000/deployment-utilization.json | 1366 ++++ .../1.70.000/label-cost-utilization.json | 1193 ++++ .../1.70.000/namespace-utilization.json | 1156 ++++ .../1.70.000/node-utilization.json | 1370 ++++ .../1.70.000/pod-utilization.json | 798 +++ .../1.70.000/prom-benchmark.json | 5670 +++++++++++++++++ .../cost-analyzer/1.70.000/questions.yml | 160 + .../1.70.000/templates/NOTES.txt | 10 + .../1.70.000/templates/_helpers.tpl | 200 + .../templates/aws-service-key-secret.yaml | 17 + .../awsstore-deployment-template.yaml | 26 + .../awsstore-service-account-template.yaml | 12 + .../templates/azure-service-key-secret.yaml | 21 + .../cost-analyzer-alerts-configmap.yaml | 12 + .../cost-analyzer-checks-template.yaml | 63 + .../cost-analyzer-cluser-role-template.yaml | 105 + ...nalyzer-cluster-role-binding-template.yaml | 33 + .../cost-analyzer-config-map-template.yaml | 30 + .../cost-analyzer-db-pvc-template.yaml | 29 + .../cost-analyzer-deployment-template.yaml | 672 ++ ...analyzer-frontend-config-map-template.yaml | 174 + .../cost-analyzer-ingress-template.yaml | 40 + ...zer-network-costs-config-map-template.yaml | 15 + ...zer-network-costs-podmonitor-template.yaml | 31 + .../cost-analyzer-network-costs-template.yaml | 93 + .../cost-analyzer-network-policy.yaml | 19 + .../cost-analyzer-pkey-configmap.yaml | 16 + .../cost-analyzer-postgres-deployment.yaml | 49 + .../templates/cost-analyzer-postgres-pv.yaml | 22 + .../templates/cost-analyzer-postgres-pvc.yaml | 20 + .../cost-analyzer-postgres-service.yaml | 22 + .../cost-analyzer-pricing-configmap.yaml | 121 + ...rometheus-postgres-adapter-deployment.yaml | 53 + ...r-prometheus-postgres-adapter-service.yaml | 20 + ...cost-analyzer-prometheusrule-template.yaml | 21 + .../cost-analyzer-psp-role.template.yaml | 18 + ...ost-analyzer-psp-rolebinding.template.yaml | 16 + .../templates/cost-analyzer-psp.template.yaml | 20 + .../templates/cost-analyzer-pvc-template.yaml | 25 + ...ost-analyzer-saml-config-map-template.yaml | 13 + .../cost-analyzer-server-configmap.yaml | 69 + ...ost-analyzer-service-account-template.yaml | 12 + .../cost-analyzer-service-template.yaml | 69 + ...cost-analyzer-servicemonitor-template.yaml | 27 + .../external-grafana-config-map-template.yaml | 10 + ...rafana-attached-disk-metrics-template.yaml | 25 + ...na-dashboard-cluster-metrics-template.yaml | 27 + ...ashboard-cluster-utilization-template.yaml | 25 + ...board-deployment-utilization-template.yaml | 25 + ...board-label-cost-utilization-template.yaml | 25 + ...hboard-namespace-utilization-template.yaml | 25 + ...a-dashboard-node-utilization-template.yaml | 25 + ...na-dashboard-pod-utilization-template.yaml | 25 + ...dashboard-prometheus-metrics-template.yaml | 25 + .../grafana-datasource-template.yaml | 72 + .../kubecost-cluster-controller-template.yaml | 282 + ...st-cluster-manager-configmap-template.yaml | 13 + .../kubecost-priority-class-template.yaml | 11 + .../templates/network-costs-psp.template.yaml | 24 + .../network-costs-role.template.yaml | 22 + .../network-costs-rolebinding.template.yaml | 20 + .../cost-analyzer/1.70.000/values-thanos.yaml | 117 + .../cost-analyzer/1.70.000/values.yaml | 561 ++ .../nutanix-csi-storage/2.3.100/.helmignore | 21 + .../nutanix-csi-storage/2.3.100/Chart.yaml | 21 + .../nutanix-csi-storage/2.3.100/README.md | 93 + .../nutanix-csi-storage/2.3.100/app-readme.md | 1 + ....storage.k8s.io_volumesnapshotclasses.yaml | 85 + ...storage.k8s.io_volumesnapshotcontents.yaml | 233 + ...apshot.storage.k8s.io_volumesnapshots.yaml | 188 + .../nutanix-csi-storage/2.3.100/questions.yml | 116 + .../2.3.100/templates/NOTES.txt | 3 + .../2.3.100/templates/_helpers.tpl | 43 + .../2.3.100/templates/csi-driver.yaml | 7 + .../2.3.100/templates/ntnx-cs-scc.yaml | 30 + .../2.3.100/templates/ntnx-csi-node.yaml | 128 + .../templates/ntnx-csi-provisioner.yaml | 111 + .../2.3.100/templates/ntnx-csi-rbac.yaml | 124 + .../2.3.100/templates/ntnx-secret.yaml | 11 + .../2.3.100/templates/sc.yaml | 73 + .../templates/snapshot-controller-rbac.yaml | 78 + .../templates/snapshot-controller-setup.yaml | 24 + .../nutanix-csi-storage/2.3.100/values.yaml | 67 + charts/openebs/openebs/1.12.300/Chart.yaml | 22 + charts/openebs/openebs/1.12.300/OWNERS | 6 + charts/openebs/openebs/1.12.300/README.md | 135 + charts/openebs/openebs/1.12.300/app-readme.md | 10 + charts/openebs/openebs/1.12.300/questions.yml | 200 + .../openebs/1.12.300/templates/NOTES.txt | 27 + .../openebs/1.12.300/templates/_helpers.tpl | 43 + .../1.12.300/templates/clusterrole.yaml | 50 + .../templates/clusterrolebinding.yaml | 19 + .../templates/cm-node-disk-manager.yaml | 46 + .../1.12.300/templates/daemonset-ndm.yaml | 147 + .../deployment-admission-server.yaml | 76 + .../deployment-local-provisioner.yaml | 99 + .../templates/deployment-maya-apiserver.yaml | 165 + .../deployment-maya-provisioner.yaml | 98 + .../deployment-maya-snapshot-operator.yaml | 131 + .../templates/deployment-ndm-operator.yaml | 87 + .../1.12.300/templates/psp-clusterrole.yaml | 14 + .../templates/psp-clusterrolebinding.yaml | 17 + .../openebs/1.12.300/templates/psp.yaml | 28 + .../templates/service-maya-apiserver.yaml | 23 + .../1.12.300/templates/serviceaccount.yaml | 11 + charts/openebs/openebs/1.12.300/values.yaml | 184 + .../portshift-operator/0.1.000/.helmignore | 23 + .../portshift-operator/0.1.000/Chart.yaml | 23 + .../portshift-operator/0.1.000/README.md | 5 + .../portshift-operator/0.1.000/app-readme.md | 5 + .../portshift-operator/0.1.000/crds/crd.yaml | 53 + .../portshift-operator/0.1.000/questions.yaml | 60 + .../0.1.000/templates/_helpers.tpl | 45 + .../0.1.000/templates/clusterrolebinding.yaml | 18 + .../0.1.000/templates/deployment.yaml | 41 + .../0.1.000/templates/portshiftinstaller.yaml | 13 + .../0.1.000/templates/secret.yaml | 14 + .../0.1.000/templates/serviceaccount.yaml | 10 + .../portshift-operator/0.1.000/values.yaml | 11 + .../control-agent/2.0.100/.helmignore | 21 + .../control-agent/2.0.100/Chart.yaml | 19 + .../control-agent/2.0.100/README.md | 52 + .../control-agent/2.0.100/app-readme.md | 5 + .../control-agent/2.0.100/krb/krb5.conf | 17 + .../control-agent/2.0.100/questions.yml | 65 + .../control-agent/2.0.100/templates/NOTES.txt | 2 + .../2.0.100/templates/_helpers.tpl | 32 + .../2.0.100/templates/deployment.yaml | 87 + .../2.0.100/templates/krb5-secret.yaml | 32 + .../control-agent/2.0.100/templates/rbac.yaml | 91 + .../control-agent/2.0.100/templates/sdc.yaml | 22 + .../2.0.100/templates/token-secret.yaml | 12 + .../control-agent/2.0.100/values.yaml | 28 + charts/sysdig/sysdig/1.9.200/CHANGELOG.md | 437 ++ charts/sysdig/sysdig/1.9.200/Chart.yaml | 31 + charts/sysdig/sysdig/1.9.200/DESIGN.md | 34 + charts/sysdig/sysdig/1.9.200/OWNERS | 6 + charts/sysdig/sysdig/1.9.200/README-AWS.md | 45 + charts/sysdig/sysdig/1.9.200/README.md | 377 ++ charts/sysdig/sysdig/1.9.200/app-readme.md | 20 + .../sysdig/sysdig/1.9.200/ci/test-values.yaml | 2 + charts/sysdig/sysdig/1.9.200/questions.yml | 100 + .../sysdig/1.9.200/scripts/appchecks2helm | 11 + .../sysdig/sysdig/1.9.200/templates/NOTES.txt | 9 + .../sysdig/1.9.200/templates/_helpers.tpl | 109 + .../sysdig/1.9.200/templates/auditsink.yaml | 24 + .../sysdig/1.9.200/templates/clusterrole.yaml | 66 + .../1.9.200/templates/clusterrolebinding.yaml | 16 + .../configmap-custom-app-checks.yaml | 13 + .../templates/configmap-image-analyzer.yaml | 34 + .../sysdig/1.9.200/templates/configmap.yaml | 54 + .../templates/daemonset-image-analyzer.yaml | 148 + .../sysdig/1.9.200/templates/daemonset.yaml | 227 + .../sysdig/1.9.200/templates/secrets.yaml | 9 + .../templates/securitycontextconstraint.yaml | 42 + .../sysdig/1.9.200/templates/service.yaml | 15 + .../1.9.200/templates/serviceaccount.yaml | 8 + charts/sysdig/sysdig/1.9.200/values.yaml | 220 + .../1.2.200100/.helmignore | 21 + .../1.2.200100/Chart.yaml | 42 + .../1.2.200100/app-readme.md | 36 + .../1.2.200100/questions.yaml | 184 + .../1.2.200100/templates/NOTES.txt | 15 + .../1.2.200100/templates/_helpers.tpl | 21 + .../templates/bootstrapper/_helpers.tpl | 21 + .../templates/bootstrapper/clusterrole.yaml | 26 + .../bootstrapper/clusterrolebinding.yaml | 14 + .../templates/bootstrapper/deployment.yaml | 53 + .../templates/bootstrapper/role.yaml | 24 + .../templates/bootstrapper/rolebinding.yaml | 14 + .../bootstrapper/secret-entitlement.yaml | 9 + .../bootstrapper/serviceaccount.yaml | 10 + .../bootstrapper/uxp-ca-tls-secret.yaml | 7 + .../bootstrapper/versions-configmap.yaml | 10 + .../1.2.200100/templates/crossplane/NOTES.txt | 8 + .../templates/crossplane/_helpers.tpl | 14 + .../templates/crossplane/clusterrole.yaml | 93 + .../crossplane/clusterrolebinding.yaml | 17 + .../templates/crossplane/deployment.yaml | 104 + ...-manager-allowed-provider-permissions.yaml | 16 + .../crossplane/rbac-manager-clusterrole.yaml | 94 + .../rbac-manager-clusterrolebinding.yaml | 19 + .../crossplane/rbac-manager-deployment.yaml | 85 + .../rbac-manager-managed-clusterroles.yaml | 279 + .../rbac-manager-serviceaccount.yaml | 11 + .../templates/crossplane/serviceaccount.yaml | 15 + .../templates/upbound-agent/_helpers.tpl | 22 + .../templates/upbound-agent/clusterrole.yaml | 40 + .../clusterrolebindings-managed.yaml | 34 + .../upbound-agent/clusterrolebindings.yaml | 31 + .../upbound-agent/clusterroles-managed.yaml | 66 + .../control-plane-token-secret.yaml | 11 + .../templates/upbound-agent/deployment.yaml | 103 + .../templates/upbound-agent/role.yaml | 66 + .../templates/upbound-agent/service.yaml | 16 + .../upbound-agent/serviceaccount.yaml | 8 + .../templates/upbound-agent/tls-secret.yaml | 9 + .../1.2.200100/templates/xgql/_helpers.tpl | 22 + .../1.2.200100/templates/xgql/deployment.yaml | 59 + .../1.2.200100/templates/xgql/service.yaml | 14 + .../templates/xgql/serviceaccount.yaml | 6 + .../1.2.200100/templates/xgql/tls-secret.yaml | 7 + .../1.2.200100/values.yaml | 152 + .../1.2.200100/values.yaml.tmpl | 152 + index.yaml | 917 +++ 1439 files changed, 168235 insertions(+) create mode 100644 assets/ambassador/ambassador-6.7.1100.tgz create mode 100644 assets/artifactory-ha/artifactory-ha-3.0.1400.tgz create mode 100644 assets/artifactory-ha/artifactory-ha-4.13.000.tgz create mode 100644 assets/artifactory-ha/artifactory-ha-4.7.600.tgz create mode 100644 assets/artifactory-jcr/artifactory-jcr-2.5.100.tgz create mode 100644 assets/artifactory-jcr/artifactory-jcr-3.4.000.tgz create mode 100644 assets/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway-1.2.100.tgz create mode 100644 assets/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller-1.8.2800.tgz create mode 100644 assets/cloudcasa/cloudcasa-0.1.000.tgz create mode 100644 assets/cloudcasa/cloudcasa-1.tgz create mode 100644 assets/cockroachdb/cockroachdb-4.1.200.tgz create mode 100644 assets/csi-wekafs/csi-wekafsplugin-0.6.400.tgz create mode 100644 assets/datadog/datadog-2.4.200.tgz create mode 100644 assets/dynatrace-oneagent-operator/dynatrace-oneagent-operator-0.8.000.tgz create mode 100644 assets/falcon-sensor/falcon-sensor-0.9.300.tgz create mode 100644 assets/federatorai/federatorai-4.5.100.tgz create mode 100644 assets/haproxy/haproxy-1.12.100.tgz create mode 100644 assets/haproxy/haproxy-1.12.500.tgz create mode 100644 assets/haproxy/haproxy-1.4.300.tgz create mode 100644 assets/hpe-csi-driver/hpe-csi-driver-1.3.000.tgz create mode 100644 assets/hpe-csi-driver/hpe-csi-driver-1.4.200.tgz create mode 100644 assets/hpe-flexvolume-driver/hpe-flexvolume-driver-3.1.000.tgz create mode 100644 assets/instana-agent/instana-agent-1.0.2900.tgz create mode 100644 assets/k8s-triliovault-operator/k8s-triliovault-operator-2.0.500.tgz create mode 100644 assets/k8s-triliovault-operator/k8s-triliovault-operator-v2.0.200.tgz create mode 100644 assets/kubecost/cost-analyzer-1.70.000.tgz create mode 100644 assets/logos/cloudcasa.png create mode 100644 assets/nutanix-csi-storage/nutanix-csi-storage-2.3.100.tgz create mode 100644 assets/openebs/openebs-1.12.300.tgz create mode 100644 assets/portshift-operator/portshift-operator-0.1.000.tgz create mode 100644 assets/streamsets/control-agent-2.0.100.tgz create mode 100644 assets/sysdig/sysdig-1.9.200.tgz create mode 100644 assets/universal-crossplane/universal-crossplane-1.2.200100.tgz create mode 100644 charts/ambassador/ambassador/6.7.1100/.helmignore create mode 100644 charts/ambassador/ambassador/6.7.1100/CHANGELOG.md create mode 100644 charts/ambassador/ambassador/6.7.1100/CONTRIBUTING.md create mode 100644 charts/ambassador/ambassador/6.7.1100/Chart.yaml create mode 100644 charts/ambassador/ambassador/6.7.1100/Makefile create mode 100644 charts/ambassador/ambassador/6.7.1100/README.md create mode 100644 charts/ambassador/ambassador/6.7.1100/RELEASE.tpl create mode 100644 charts/ambassador/ambassador/6.7.1100/RELEASE_TITLE.tpl create mode 100644 charts/ambassador/ambassador/6.7.1100/app-readme.md create mode 100644 charts/ambassador/ambassador/6.7.1100/ci/01-psp-values.yaml create mode 100644 charts/ambassador/ambassador/6.7.1100/ci/02-oss-values.yaml create mode 100644 charts/ambassador/ambassador/6.7.1100/ci/05-auth-disabled-values.yaml create mode 100644 charts/ambassador/ambassador/6.7.1100/ci/06-hpa-values.yaml create mode 100644 charts/ambassador/ambassador/6.7.1100/ci/08-single-namespace-values.yaml create mode 100644 charts/ambassador/ambassador/6.7.1100/ci/09-redis-false-values.yaml create mode 100644 charts/ambassador/ambassador/6.7.1100/ci/12-daemonset-values.yaml create mode 100644 charts/ambassador/ambassador/6.7.1100/ci/13-rl-disabled-values.yaml create mode 100644 charts/ambassador/ambassador/6.7.1100/ci/14-deployment-labels.yaml create mode 100644 charts/ambassador/ambassador/6.7.1100/ci/15-test-resolvers.yaml create mode 100644 charts/ambassador/ambassador/6.7.1100/ci/16-test-module.yaml create mode 100644 charts/ambassador/ambassador/6.7.1100/ci/17-svc-preview.yaml create mode 100644 charts/ambassador/ambassador/6.7.1100/ci/check_updated_changelog.sh create mode 100644 charts/ambassador/ambassador/6.7.1100/ci/tests/manifests/backend.yaml create mode 100644 charts/ambassador/ambassador/6.7.1100/ci/tests/manifests/ci-default-values.yaml create mode 100644 charts/ambassador/ambassador/6.7.1100/ci/tests/manifests/helm-init.yaml create mode 100644 charts/ambassador/ambassador/6.7.1100/ci/tests/manifests/helm2-values.yaml create mode 100644 charts/ambassador/ambassador/6.7.1100/ci/tests/manifests/tls.yaml create mode 100644 charts/ambassador/ambassador/6.7.1100/ci/update_chart_changelog.sh create mode 100644 charts/ambassador/ambassador/6.7.1100/crds/filter.yaml create mode 100644 charts/ambassador/ambassador/6.7.1100/crds/filterpolicy.yaml create mode 100644 charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_authservices.yaml create mode 100644 charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_consulresolvers.yaml create mode 100644 charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_devportals.yaml create mode 100644 charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_hosts.yaml create mode 100644 charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_kubernetesendpointresolvers.yaml create mode 100644 charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_kubernetesserviceresolvers.yaml create mode 100644 charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_logservices.yaml create mode 100644 charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_mappings.yaml create mode 100644 charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_modules.yaml create mode 100644 charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_ratelimitservices.yaml create mode 100644 charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_tcpmappings.yaml create mode 100644 charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_tlscontexts.yaml create mode 100644 charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_tracingservices.yaml create mode 100644 charts/ambassador/ambassador/6.7.1100/crds/project.yaml create mode 100644 charts/ambassador/ambassador/6.7.1100/crds/projectcontroller.yaml create mode 100644 charts/ambassador/ambassador/6.7.1100/crds/projectrevision.yaml create mode 100644 charts/ambassador/ambassador/6.7.1100/crds/ratelimit.yaml create mode 100644 charts/ambassador/ambassador/6.7.1100/ct.yaml create mode 100644 charts/ambassador/ambassador/6.7.1100/questions.yml create mode 100644 charts/ambassador/ambassador/6.7.1100/templates/NOTES.txt create mode 100644 charts/ambassador/ambassador/6.7.1100/templates/_helpers.tpl create mode 100644 charts/ambassador/ambassador/6.7.1100/templates/admin-service.yaml create mode 100644 charts/ambassador/ambassador/6.7.1100/templates/aes-authservice.yaml create mode 100644 charts/ambassador/ambassador/6.7.1100/templates/aes-injector.yaml create mode 100644 charts/ambassador/ambassador/6.7.1100/templates/aes-internal.yaml create mode 100644 charts/ambassador/ambassador/6.7.1100/templates/aes-ratelimit.yaml create mode 100644 charts/ambassador/ambassador/6.7.1100/templates/aes-redis.yaml create mode 100644 charts/ambassador/ambassador/6.7.1100/templates/aes-secret.yaml create mode 100644 charts/ambassador/ambassador/6.7.1100/templates/ambassador-agent.yaml create mode 100644 charts/ambassador/ambassador/6.7.1100/templates/config.yaml create mode 100644 charts/ambassador/ambassador/6.7.1100/templates/crd-delete.yaml create mode 100644 charts/ambassador/ambassador/6.7.1100/templates/crds.yaml create mode 100644 charts/ambassador/ambassador/6.7.1100/templates/deployment.yaml create mode 100644 charts/ambassador/ambassador/6.7.1100/templates/exporter-config.yaml create mode 100644 charts/ambassador/ambassador/6.7.1100/templates/hpa.yaml create mode 100644 charts/ambassador/ambassador/6.7.1100/templates/module.yaml create mode 100644 charts/ambassador/ambassador/6.7.1100/templates/namespace.yaml create mode 100644 charts/ambassador/ambassador/6.7.1100/templates/oss-migration-test-service.yaml create mode 100644 charts/ambassador/ambassador/6.7.1100/templates/pdb.yaml create mode 100644 charts/ambassador/ambassador/6.7.1100/templates/podsecuritypolicy.yaml create mode 100644 charts/ambassador/ambassador/6.7.1100/templates/projects-rbac.yaml create mode 100644 charts/ambassador/ambassador/6.7.1100/templates/projects.yaml create mode 100644 charts/ambassador/ambassador/6.7.1100/templates/rbac.yaml create mode 100644 charts/ambassador/ambassador/6.7.1100/templates/resolvers.yaml create mode 100644 charts/ambassador/ambassador/6.7.1100/templates/service.yaml create mode 100644 charts/ambassador/ambassador/6.7.1100/templates/serviceaccount.yaml create mode 100644 charts/ambassador/ambassador/6.7.1100/templates/servicemonitor.yaml create mode 100644 charts/ambassador/ambassador/6.7.1100/templates/tests/test-ready.yaml create mode 100644 charts/ambassador/ambassador/6.7.1100/templates/traffic-agent-rbac.yaml create mode 100644 charts/ambassador/ambassador/6.7.1100/templates/traffic-manager.yaml create mode 100644 charts/ambassador/ambassador/6.7.1100/values.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/.helmignore create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/CHANGELOG.md create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/Chart.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/LICENSE create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/README.md create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/ReverseProxyConfiguration.md create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/UPGRADE_NOTES.md create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/app-readme.md create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/.helmignore create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/Chart.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/README.md create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/ci/default-values.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/ci/shmvolume-disabled-values.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/files/README.md create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/files/conf.d/README.md create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/files/docker-entrypoint-initdb.d/README.md create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/NOTES.txt create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/_helpers.tpl create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/configmap.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/extended-config-configmap.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/initialization-configmap.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/metrics-configmap.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/metrics-svc.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/networkpolicy.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/prometheusrule.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/secrets.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/serviceaccount.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/servicemonitor.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/statefulset-slaves.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/statefulset.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/svc-headless.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/svc-read.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/svc.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/values-production.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/values.schema.json create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/values.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/ci/access-tls-values.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/ci/default-values.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/ci/migration-disabled-values.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/ci/test-values.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/files/migrate.sh create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/files/migrationHelmInfo.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/files/migrationStatus.sh create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/logo/artifactory-logo.png create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/questions.yml create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/requirements.lock create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/requirements.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/templates/NOTES.txt create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/templates/_helpers.tpl create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/templates/admin-bootstrap-creds.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-access-config.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-binarystore-secret.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-configmaps.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-custom-secrets.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-database-secrets.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-gcp-credentials-secret.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-installer-info.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-license-secret.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-migration-scripts.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-networkpolicy.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-nfs-pvc.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-node-pdb.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-node-statefulset.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-primary-statefulset.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-priority-class.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-role.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-rolebinding.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-secrets.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-service.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-serviceaccount.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-storage-pvc.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-system-yaml.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/templates/filebeat-configmap.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/templates/ingress.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/templates/logger-configmap.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/templates/nginx-artifactory-conf.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/templates/nginx-certificate-secret.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/templates/nginx-conf.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/templates/nginx-deployment.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/templates/nginx-pdb.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/templates/nginx-pvc.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/templates/nginx-service.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/values-large.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/values-medium.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/values-small.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/3.0.1400/values.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/.helmignore create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/CHANGELOG.md create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/Chart.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/LICENSE create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/README.md create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/ReverseProxyConfiguration.md create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/UPGRADE_NOTES.md create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/app-readme.md create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/.helmignore create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/Chart.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/README.md create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/.helmignore create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/Chart.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/README.md create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_capabilities.tpl create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_errors.tpl create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_images.tpl create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_labels.tpl create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_names.tpl create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_secrets.tpl create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_storage.tpl create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_tplvalues.tpl create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_utils.tpl create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_validations.tpl create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_warnings.tpl create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/values.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/ci/commonAnnotations.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/ci/default-values.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/ci/shmvolume-disabled-values.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/files/README.md create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/files/conf.d/README.md create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/files/docker-entrypoint-initdb.d/README.md create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/requirements.lock create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/requirements.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/NOTES.txt create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/_helpers.tpl create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/configmap.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/extended-config-configmap.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/initialization-configmap.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/metrics-configmap.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/metrics-svc.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/networkpolicy.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/podsecuritypolicy.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/prometheusrule.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/role.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/rolebinding.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/secrets.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/serviceaccount.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/servicemonitor.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/statefulset-slaves.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/statefulset.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/svc-headless.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/svc-read.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/svc.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/values-production.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/values.schema.json create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/values.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/ci/access-tls-values.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/ci/default-values.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/ci/global-values.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/ci/migration-disabled-values.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/ci/test-values.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/files/migrate.sh create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/files/migrationHelmInfo.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/files/migrationStatus.sh create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/logo/artifactory-logo.png create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/questions.yml create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/requirements.lock create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/requirements.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/security-mitigation.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/templates/NOTES.txt create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/templates/_helpers.tpl create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/templates/additional-resources.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/templates/admin-bootstrap-creds.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-access-config.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-binarystore-secret.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-configmaps.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-custom-secrets.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-database-secrets.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-gcp-credentials-secret.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-installer-info.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-license-secret.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-migration-scripts.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-networkpolicy.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-nfs-pvc.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-node-pdb.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-node-statefulset.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-primary-pdb.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-primary-statefulset.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-priority-class.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-role.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-rolebinding.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-secrets.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-service.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-serviceaccount.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-storage-pvc.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-system-yaml.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/templates/filebeat-configmap.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/templates/ingress.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/templates/logger-configmap.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/templates/nginx-artifactory-conf.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/templates/nginx-certificate-secret.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/templates/nginx-conf.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/templates/nginx-deployment.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/templates/nginx-pdb.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/templates/nginx-pvc.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/templates/nginx-service.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/values-large.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/values-medium.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/values-small.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.13.000/values.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/.helmignore create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/CHANGELOG.md create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/Chart.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/LICENSE create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/README.md create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/ReverseProxyConfiguration.md create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/UPGRADE_NOTES.md create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/app-readme.md create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/.helmignore create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/Chart.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/README.md create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/.helmignore create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/Chart.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/README.md create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_capabilities.tpl create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_errors.tpl create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_images.tpl create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_labels.tpl create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_names.tpl create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_secrets.tpl create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_storage.tpl create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_tplvalues.tpl create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_utils.tpl create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_validations.tpl create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_warnings.tpl create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/values.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/ci/commonAnnotations.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/ci/default-values.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/ci/shmvolume-disabled-values.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/files/README.md create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/files/conf.d/README.md create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/files/docker-entrypoint-initdb.d/README.md create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/requirements.lock create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/requirements.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/NOTES.txt create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/_helpers.tpl create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/configmap.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/extended-config-configmap.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/initialization-configmap.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/metrics-configmap.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/metrics-svc.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/networkpolicy.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/podsecuritypolicy.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/prometheusrule.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/role.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/rolebinding.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/secrets.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/serviceaccount.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/servicemonitor.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/statefulset-slaves.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/statefulset.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/svc-headless.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/svc-read.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/svc.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/values-production.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/values.schema.json create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/values.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/ci/access-tls-values.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/ci/default-values.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/ci/global-values.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/ci/migration-disabled-values.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/ci/test-values.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/files/migrate.sh create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/files/migrationHelmInfo.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/files/migrationStatus.sh create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/logo/artifactory-logo.png create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/questions.yml create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/requirements.lock create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/requirements.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/security-mitigation.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/templates/NOTES.txt create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/templates/_helpers.tpl create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/templates/additional-resources.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/templates/admin-bootstrap-creds.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-access-config.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-binarystore-secret.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-configmaps.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-custom-secrets.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-database-secrets.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-gcp-credentials-secret.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-installer-info.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-license-secret.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-migration-scripts.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-networkpolicy.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-nfs-pvc.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-node-pdb.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-node-statefulset.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-primary-pdb.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-primary-statefulset.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-priority-class.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-role.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-rolebinding.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-secrets.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-service.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-serviceaccount.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-storage-pvc.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-system-yaml.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/templates/filebeat-configmap.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/templates/ingress.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/templates/logger-configmap.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/templates/nginx-artifactory-conf.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/templates/nginx-certificate-secret.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/templates/nginx-conf.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/templates/nginx-deployment.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/templates/nginx-pdb.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/templates/nginx-pvc.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/templates/nginx-service.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/values-large.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/values-medium.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/values-small.yaml create mode 100644 charts/artifactory-ha/artifactory-ha/4.7.600/values.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/CHANGELOG.md create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/Chart.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/LICENSE create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/OWNERS create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/README.md create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/app-readme.md create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/.helmignore create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/CHANGELOG.md create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/Chart.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/LICENSE create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/README.md create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/ReverseProxyConfiguration.md create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/UPGRADE_NOTES.md create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/.helmignore create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/Chart.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/README.md create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/ci/default-values.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/ci/shmvolume-disabled-values.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/files/README.md create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/files/conf.d/README.md create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/files/docker-entrypoint-initdb.d/README.md create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/NOTES.txt create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/_helpers.tpl create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/configmap.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/extended-config-configmap.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/initialization-configmap.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/metrics-configmap.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/metrics-svc.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/networkpolicy.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/prometheusrule.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/secrets.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/serviceaccount.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/servicemonitor.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/statefulset-slaves.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/statefulset.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/svc-headless.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/svc-read.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/svc.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/values-production.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/values.schema.json create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/values.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/ci/access-tls-values.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/ci/default-values.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/ci/migration-disabled-values.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/ci/test-values.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/files/migrate.sh create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/files/migrationHelmInfo.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/files/migrationStatus.sh create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/logo/artifactory-logo.png create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/requirements.lock create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/requirements.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/NOTES.txt create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/_helpers.tpl create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/admin-bootstrap-creds.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-access-config.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-binarystore-secret.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-configmaps.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-custom-secrets.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-database-secrets.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-installer-info.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-license-secret.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-migration-scripts.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-networkpolicy.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-priority-class.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-role.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-rolebinding.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-secrets.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-service.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-serviceaccount.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-statefulset.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-system-yaml.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/filebeat-configmap.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/ingress.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/logger-configmap.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/nginx-artifactory-conf.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/nginx-certificate-secret.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/nginx-conf.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/nginx-deployment.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/nginx-pvc.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/nginx-service.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/values-large.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/values-medium.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/values-small.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/values.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/ci/default-values.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/logo/jcr-logo.png create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/questions.yml create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/requirements.lock create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/requirements.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/templates/NOTES.txt create mode 100644 charts/artifactory-jcr/artifactory-jcr/2.5.100/values.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/CHANGELOG.md create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/Chart.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/LICENSE create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/README.md create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/app-readme.md create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/.helmignore create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/CHANGELOG.md create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/Chart.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/LICENSE create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/README.md create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/ReverseProxyConfiguration.md create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/UPGRADE_NOTES.md create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/.helmignore create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/Chart.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/README.md create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/.helmignore create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/Chart.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/README.md create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_capabilities.tpl create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_errors.tpl create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_images.tpl create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_labels.tpl create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_names.tpl create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_secrets.tpl create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_storage.tpl create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_tplvalues.tpl create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_utils.tpl create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_validations.tpl create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_warnings.tpl create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/values.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/ci/commonAnnotations.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/ci/default-values.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/ci/shmvolume-disabled-values.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/files/README.md create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/files/conf.d/README.md create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/files/docker-entrypoint-initdb.d/README.md create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/requirements.lock create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/requirements.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/NOTES.txt create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/_helpers.tpl create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/configmap.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/extended-config-configmap.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/initialization-configmap.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/metrics-configmap.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/metrics-svc.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/networkpolicy.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/podsecuritypolicy.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/prometheusrule.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/role.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/rolebinding.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/secrets.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/serviceaccount.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/servicemonitor.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/statefulset-slaves.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/statefulset.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/svc-headless.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/svc-read.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/svc.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/values-production.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/values.schema.json create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/values.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/ci/access-tls-values.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/ci/default-values.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/ci/derby-test-values.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/ci/global-values.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/ci/migration-disabled-values.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/ci/test-values.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/files/migrate.sh create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/files/migrationHelmInfo.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/files/migrationStatus.sh create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/logo/artifactory-logo.png create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/requirements.lock create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/requirements.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/security-mitigation.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/NOTES.txt create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/_helpers.tpl create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/additional-resources.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/admin-bootstrap-creds.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-access-config.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-binarystore-secret.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-configmaps.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-custom-secrets.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-database-secrets.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-installer-info.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-license-secret.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-migration-scripts.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-networkpolicy.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-priority-class.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-role.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-rolebinding.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-secrets.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-service.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-serviceaccount.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-statefulset.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-system-yaml.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/filebeat-configmap.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/ingress.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/logger-configmap.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/nginx-artifactory-conf.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/nginx-certificate-secret.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/nginx-conf.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/nginx-deployment.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/nginx-pvc.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/nginx-service.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/values-large.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/values-medium.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/values-small.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/values.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/ci/default-values.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/logo/jcr-logo.png create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/questions.yml create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/requirements.lock create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/requirements.yaml create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/templates/NOTES.txt create mode 100644 charts/artifactory-jcr/artifactory-jcr/3.4.000/values.yaml create mode 100644 charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/.helmignore create mode 100644 charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/Chart.yaml create mode 100644 charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/README.md create mode 100644 charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/app-readme.md create mode 100644 charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/questions.yml create mode 100644 charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/templates/_helpers.tpl create mode 100644 charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/templates/citrix-adc-ingressgateway-deployment.yaml create mode 100644 charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/templates/ingressgateway-service.yaml create mode 100644 charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/templates/metrics-exporter-service.yaml create mode 100644 charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/templates/secret.yaml create mode 100644 charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/values.yaml create mode 100644 charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/Chart.yaml create mode 100644 charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/README.md create mode 100644 charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/app-readme.md create mode 100644 charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/questions.yml create mode 100644 charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/templates/NOTES.txt create mode 100644 charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/templates/_helpers.tpl create mode 100644 charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/templates/cic_crds.yaml create mode 100644 charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/templates/citrix-k8s-cpx-ingress.yaml create mode 100644 charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/templates/configmap.yaml create mode 100644 charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/templates/login_credentials.yaml create mode 100644 charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/templates/rbac.yaml create mode 100644 charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/values.yaml create mode 100644 charts/cloudcasa/cloudcasa/0.1.000/Chart.yaml create mode 100644 charts/cloudcasa/cloudcasa/0.1.000/README.md create mode 100644 charts/cloudcasa/cloudcasa/0.1.000/app-readme.md create mode 100644 charts/cloudcasa/cloudcasa/0.1.000/questions.yaml create mode 100644 charts/cloudcasa/cloudcasa/0.1.000/templates/NOTES.txt create mode 100644 charts/cloudcasa/cloudcasa/0.1.000/templates/_helpers.tpl create mode 100644 charts/cloudcasa/cloudcasa/0.1.000/templates/cluster-register.yaml create mode 100644 charts/cloudcasa/cloudcasa/0.1.000/values.yaml create mode 100644 charts/cloudcasa/cloudcasa/1/Chart.yaml create mode 100644 charts/cloudcasa/cloudcasa/1/README.md create mode 100644 charts/cloudcasa/cloudcasa/1/app-readme.md create mode 100644 charts/cloudcasa/cloudcasa/1/questions.yaml create mode 100644 charts/cloudcasa/cloudcasa/1/templates/NOTES.txt create mode 100644 charts/cloudcasa/cloudcasa/1/templates/_helpers.tpl create mode 100644 charts/cloudcasa/cloudcasa/1/templates/cluster-register.yaml create mode 100644 charts/cloudcasa/cloudcasa/1/values.yaml create mode 100644 charts/cockroachdb/cockroachdb/4.1.200/Chart.yaml create mode 100644 charts/cockroachdb/cockroachdb/4.1.200/README.md create mode 100644 charts/cockroachdb/cockroachdb/4.1.200/app-readme.md create mode 100644 charts/cockroachdb/cockroachdb/4.1.200/questions.yml create mode 100644 charts/cockroachdb/cockroachdb/4.1.200/templates/NOTES.txt create mode 100644 charts/cockroachdb/cockroachdb/4.1.200/templates/_helpers.tpl create mode 100644 charts/cockroachdb/cockroachdb/4.1.200/templates/clusterrole.yaml create mode 100644 charts/cockroachdb/cockroachdb/4.1.200/templates/clusterrolebinding.yaml create mode 100644 charts/cockroachdb/cockroachdb/4.1.200/templates/ingress.yaml create mode 100644 charts/cockroachdb/cockroachdb/4.1.200/templates/job.init.yaml create mode 100644 charts/cockroachdb/cockroachdb/4.1.200/templates/networkpolicy.yaml create mode 100644 charts/cockroachdb/cockroachdb/4.1.200/templates/poddisruptionbudget.yaml create mode 100644 charts/cockroachdb/cockroachdb/4.1.200/templates/role.yaml create mode 100644 charts/cockroachdb/cockroachdb/4.1.200/templates/rolebinding.yaml create mode 100644 charts/cockroachdb/cockroachdb/4.1.200/templates/secret.registry.yaml create mode 100644 charts/cockroachdb/cockroachdb/4.1.200/templates/service.discovery.yaml create mode 100644 charts/cockroachdb/cockroachdb/4.1.200/templates/service.public.yaml create mode 100644 charts/cockroachdb/cockroachdb/4.1.200/templates/serviceaccount.yaml create mode 100644 charts/cockroachdb/cockroachdb/4.1.200/templates/statefulset.yaml create mode 100644 charts/cockroachdb/cockroachdb/4.1.200/templates/tests/client.yaml create mode 100644 charts/cockroachdb/cockroachdb/4.1.200/values.yaml create mode 100644 charts/csi-wekafs/csi-wekafsplugin/0.6.400/.helmignore create mode 100644 charts/csi-wekafs/csi-wekafsplugin/0.6.400/Chart.yaml create mode 100644 charts/csi-wekafs/csi-wekafsplugin/0.6.400/LOCAL.md create mode 100644 charts/csi-wekafs/csi-wekafsplugin/0.6.400/README.md create mode 100644 charts/csi-wekafs/csi-wekafsplugin/0.6.400/app-readme.md create mode 100644 charts/csi-wekafs/csi-wekafsplugin/0.6.400/questions.yaml create mode 100644 charts/csi-wekafs/csi-wekafsplugin/0.6.400/templates/NOTES.txt create mode 100644 charts/csi-wekafs/csi-wekafsplugin/0.6.400/templates/controllerserver.yaml create mode 100644 charts/csi-wekafs/csi-wekafsplugin/0.6.400/templates/driver.yaml create mode 100644 charts/csi-wekafs/csi-wekafsplugin/0.6.400/templates/nodeserver.yaml create mode 100644 charts/csi-wekafs/csi-wekafsplugin/0.6.400/values.schema.json create mode 100644 charts/csi-wekafs/csi-wekafsplugin/0.6.400/values.yaml create mode 100644 charts/datadog/datadog/2.4.200/.helmignore create mode 100644 charts/datadog/datadog/2.4.200/CHANGELOG.md create mode 100644 charts/datadog/datadog/2.4.200/Chart.yaml create mode 100644 charts/datadog/datadog/2.4.200/README.md create mode 100644 charts/datadog/datadog/2.4.200/app-readme.md create mode 100644 charts/datadog/datadog/2.4.200/charts/kube-state-metrics/.helmignore create mode 100644 charts/datadog/datadog/2.4.200/charts/kube-state-metrics/Chart.yaml create mode 100644 charts/datadog/datadog/2.4.200/charts/kube-state-metrics/OWNERS create mode 100644 charts/datadog/datadog/2.4.200/charts/kube-state-metrics/README.md create mode 100644 charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/NOTES.txt create mode 100644 charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/_helpers.tpl create mode 100644 charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/clusterrole.yaml create mode 100644 charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/clusterrolebinding.yaml create mode 100644 charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/deployment.yaml create mode 100644 charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/pdb.yaml create mode 100644 charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/podsecuritypolicy.yaml create mode 100644 charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/psp-clusterrole.yaml create mode 100644 charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/psp-clusterrolebinding.yaml create mode 100644 charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/service.yaml create mode 100644 charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/serviceaccount.yaml create mode 100644 charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/servicemonitor.yaml create mode 100644 charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/stsdiscovery-role.yaml create mode 100644 charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml create mode 100644 charts/datadog/datadog/2.4.200/charts/kube-state-metrics/values.yaml create mode 100644 charts/datadog/datadog/2.4.200/ci/cluster-agent-and-worker-with-dedicated-rbac-values.yaml create mode 100644 charts/datadog/datadog/2.4.200/ci/cluster-agent-metrics-server-service-port-values.yaml create mode 100644 charts/datadog/datadog/2.4.200/ci/cluster-agent-values.yaml create mode 100644 charts/datadog/datadog/2.4.200/ci/default-values.yaml create mode 100644 charts/datadog/datadog/2.4.200/ci/dogstastd-socket-values.yaml create mode 100644 charts/datadog/datadog/2.4.200/ci/kubeval.yaml create mode 100644 charts/datadog/datadog/2.4.200/ci/no_hardened_seccomp-values.yaml create mode 100644 charts/datadog/datadog/2.4.200/ci/psp-test-values.yaml create mode 100644 charts/datadog/datadog/2.4.200/ci/securitycontext-nil-values.yaml create mode 100644 charts/datadog/datadog/2.4.200/docs/Migration_1.x_to_2.x.md create mode 100644 charts/datadog/datadog/2.4.200/questions.yml create mode 100644 charts/datadog/datadog/2.4.200/requirements.lock create mode 100644 charts/datadog/datadog/2.4.200/requirements.yaml create mode 100644 charts/datadog/datadog/2.4.200/templates/NOTES.txt create mode 100644 charts/datadog/datadog/2.4.200/templates/_helpers.tpl create mode 100644 charts/datadog/datadog/2.4.200/templates/agent-apiservice.yaml create mode 100644 charts/datadog/datadog/2.4.200/templates/agent-clusterchecks-deployment.yaml create mode 100644 charts/datadog/datadog/2.4.200/templates/agent-clusterchecks-pdb.yaml create mode 100644 charts/datadog/datadog/2.4.200/templates/agent-clusterchecks-rbac.yaml create mode 100644 charts/datadog/datadog/2.4.200/templates/agent-psp.yaml create mode 100644 charts/datadog/datadog/2.4.200/templates/agent-scc.yaml create mode 100644 charts/datadog/datadog/2.4.200/templates/agent-secret.yaml create mode 100644 charts/datadog/datadog/2.4.200/templates/agent-services.yaml create mode 100644 charts/datadog/datadog/2.4.200/templates/checksd-configmap.yaml create mode 100644 charts/datadog/datadog/2.4.200/templates/cluster-agent-confd-configmap.yaml create mode 100644 charts/datadog/datadog/2.4.200/templates/cluster-agent-config-configmap.yaml create mode 100644 charts/datadog/datadog/2.4.200/templates/cluster-agent-deployment.yaml create mode 100644 charts/datadog/datadog/2.4.200/templates/cluster-agent-pdb.yaml create mode 100644 charts/datadog/datadog/2.4.200/templates/cluster-agent-rbac.yaml create mode 100644 charts/datadog/datadog/2.4.200/templates/confd-configmap.yaml create mode 100644 charts/datadog/datadog/2.4.200/templates/container-agent.yaml create mode 100644 charts/datadog/datadog/2.4.200/templates/container-process-agent.yaml create mode 100644 charts/datadog/datadog/2.4.200/templates/container-system-probe.yaml create mode 100644 charts/datadog/datadog/2.4.200/templates/container-trace-agent.yaml create mode 100644 charts/datadog/datadog/2.4.200/templates/containers-common-env.yaml create mode 100644 charts/datadog/datadog/2.4.200/templates/containers-init-linux.yaml create mode 100644 charts/datadog/datadog/2.4.200/templates/containers-init-windows.yaml create mode 100644 charts/datadog/datadog/2.4.200/templates/daemonset-volumes-linux.yaml create mode 100644 charts/datadog/datadog/2.4.200/templates/daemonset-volumes-windows.yaml create mode 100644 charts/datadog/datadog/2.4.200/templates/daemonset.yaml create mode 100644 charts/datadog/datadog/2.4.200/templates/datadog-yaml-configmap.yaml create mode 100644 charts/datadog/datadog/2.4.200/templates/hpa-external-metrics-rbac.yaml create mode 100644 charts/datadog/datadog/2.4.200/templates/install_info-configmap.yaml create mode 100644 charts/datadog/datadog/2.4.200/templates/rbac.yaml create mode 100644 charts/datadog/datadog/2.4.200/templates/secrets.yaml create mode 100644 charts/datadog/datadog/2.4.200/templates/system-probe-configmap.yaml create mode 100644 charts/datadog/datadog/2.4.200/templates/system-probe-init.yaml create mode 100644 charts/datadog/datadog/2.4.200/values.yaml create mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/.helmignore create mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/Chart.yaml create mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/README.md create mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/app-readme.md create mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/crds/dynatrace.com_oneagentapms_crd.yaml create mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/crds/dynatrace.com_oneagents_crd.yaml create mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/logo.png create mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/overview.svg create mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/questions.yml create mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/clusterrole-operator.yaml create mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/clusterrole-webhook.yaml create mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/clusterrolebinding-operator.yaml create mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/clusterrolebinding-webhook.yaml create mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/configmap.yaml create mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/customresource-oneagent.yaml create mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/customresource-oneagentapm.yaml create mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/deployment-operator.yaml create mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/deployment-webhook.yaml create mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/mutatingwebhookconfiguration.yaml create mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/rolebinding-operator.yaml create mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/rolebinding-webhook.yaml create mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/secret.yaml create mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/service.yaml create mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/serviceaccount-webhook.yaml create mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Kubernetes/podsecuritypolicy-oneagent.yaml create mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Kubernetes/podsecuritypolicy-operator.yaml create mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Kubernetes/podsecuritypolicy-webhook.yaml create mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Kubernetes/role-oneagent.yaml create mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Kubernetes/role-operator.yaml create mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Kubernetes/role-webhook.yaml create mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Kubernetes/rolebinding-oneagent.yaml create mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Kubernetes/serviceaccount-oneagent.yaml create mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Kubernetes/serviceaccount-operator.yaml create mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/NOTES.txt create mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Openshift/role-operator.yaml create mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Openshift/role-webhook.yaml create mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Openshift/securitycontextconstraints.yaml create mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Openshift/serviceaccount-oneagent.yaml create mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Openshift/serviceaccount-operator.yaml create mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/_helpers.tpl create mode 100644 charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/values.yaml create mode 100644 charts/falcon-sensor/falcon-sensor/0.9.300/.helmignore create mode 100644 charts/falcon-sensor/falcon-sensor/0.9.300/Chart.yaml create mode 100644 charts/falcon-sensor/falcon-sensor/0.9.300/README.md create mode 100644 charts/falcon-sensor/falcon-sensor/0.9.300/app-readme.md create mode 100644 charts/falcon-sensor/falcon-sensor/0.9.300/ci/cid-values.yaml create mode 100644 charts/falcon-sensor/falcon-sensor/0.9.300/questions.yaml create mode 100644 charts/falcon-sensor/falcon-sensor/0.9.300/templates/NOTES.txt create mode 100644 charts/falcon-sensor/falcon-sensor/0.9.300/templates/_helpers.tpl create mode 100644 charts/falcon-sensor/falcon-sensor/0.9.300/templates/configmap.yaml create mode 100644 charts/falcon-sensor/falcon-sensor/0.9.300/templates/daemonset.yaml create mode 100644 charts/falcon-sensor/falcon-sensor/0.9.300/values.yaml create mode 100644 charts/federatorai/federatorai/4.5.100/.helmignore create mode 100644 charts/federatorai/federatorai/4.5.100/Chart.yaml create mode 100644 charts/federatorai/federatorai/4.5.100/README.md create mode 100644 charts/federatorai/federatorai/4.5.100/app-readme.md create mode 100644 charts/federatorai/federatorai/4.5.100/crds/02-alamedaservice.crd.yaml create mode 100644 charts/federatorai/federatorai/4.5.100/logo.png create mode 100644 charts/federatorai/federatorai/4.5.100/questions.yaml create mode 100644 charts/federatorai/federatorai/4.5.100/requirements.yaml create mode 100644 charts/federatorai/federatorai/4.5.100/templates/01-serviceaccount.yaml create mode 100644 charts/federatorai/federatorai/4.5.100/templates/03-federatorai-operator.deployment.yaml create mode 100644 charts/federatorai/federatorai/4.5.100/templates/04-clusterrole.yaml create mode 100644 charts/federatorai/federatorai/4.5.100/templates/05-clusterrolebinding.yaml create mode 100644 charts/federatorai/federatorai/4.5.100/templates/06-role.yaml create mode 100644 charts/federatorai/federatorai/4.5.100/templates/07-rolebinding.yaml create mode 100644 charts/federatorai/federatorai/4.5.100/templates/08-service.yaml create mode 100644 charts/federatorai/federatorai/4.5.100/templates/09-secret.yaml create mode 100644 charts/federatorai/federatorai/4.5.100/templates/10-mutatingwebhook.yaml create mode 100644 charts/federatorai/federatorai/4.5.100/templates/11-validatingwebhook.yaml create mode 100644 charts/federatorai/federatorai/4.5.100/templates/NOTES.txt create mode 100644 charts/federatorai/federatorai/4.5.100/templates/_helpers.tpl create mode 100644 charts/federatorai/federatorai/4.5.100/templates/alamedaservice.yaml create mode 100644 charts/federatorai/federatorai/4.5.100/values.yaml create mode 100644 charts/haproxy/haproxy/1.12.100/.helmignore create mode 100644 charts/haproxy/haproxy/1.12.100/Chart.yaml create mode 100644 charts/haproxy/haproxy/1.12.100/README.md create mode 100644 charts/haproxy/haproxy/1.12.100/app-readme.md create mode 100644 charts/haproxy/haproxy/1.12.100/ci/daemonset-customconfig-values.yaml create mode 100644 charts/haproxy/haproxy/1.12.100/ci/daemonset-customnodeport-values.yaml create mode 100644 charts/haproxy/haproxy/1.12.100/ci/daemonset-default-values.yaml create mode 100644 charts/haproxy/haproxy/1.12.100/ci/daemonset-disableddefaultbackend-values.yaml create mode 100644 charts/haproxy/haproxy/1.12.100/ci/daemonset-disabledsecretconfig-values.yaml create mode 100644 charts/haproxy/haproxy/1.12.100/ci/daemonset-enableports-values.yaml create mode 100644 charts/haproxy/haproxy/1.12.100/ci/daemonset-extraargs-values.yaml create mode 100644 charts/haproxy/haproxy/1.12.100/ci/daemonset-hostport-values.yaml create mode 100644 charts/haproxy/haproxy/1.12.100/ci/daemonset-nodeport-values.yaml create mode 100644 charts/haproxy/haproxy/1.12.100/ci/daemonset-publishservice-values.yaml create mode 100644 charts/haproxy/haproxy/1.12.100/ci/daemonset-serviceannotation-values.yaml create mode 100644 charts/haproxy/haproxy/1.12.100/ci/deployment-customconfig-values.yaml create mode 100644 charts/haproxy/haproxy/1.12.100/ci/deployment-customnodeport-values.yaml create mode 100644 charts/haproxy/haproxy/1.12.100/ci/deployment-default-values.yaml create mode 100644 charts/haproxy/haproxy/1.12.100/ci/deployment-disableddefaultbackend-values.yaml create mode 100644 charts/haproxy/haproxy/1.12.100/ci/deployment-disabledsecretconfig-values.yaml create mode 100644 charts/haproxy/haproxy/1.12.100/ci/deployment-enableports-values.yaml create mode 100644 charts/haproxy/haproxy/1.12.100/ci/deployment-extraargs-values.yaml create mode 100644 charts/haproxy/haproxy/1.12.100/ci/deployment-hpa-values.yaml create mode 100644 charts/haproxy/haproxy/1.12.100/ci/deployment-nodeport-values.yaml create mode 100644 charts/haproxy/haproxy/1.12.100/ci/deployment-psp-values.yaml create mode 100644 charts/haproxy/haproxy/1.12.100/ci/deployment-publishservice-values.yaml create mode 100644 charts/haproxy/haproxy/1.12.100/ci/deployment-replicacount-unset.yaml create mode 100644 charts/haproxy/haproxy/1.12.100/questions.yml create mode 100644 charts/haproxy/haproxy/1.12.100/templates/NOTES.txt create mode 100644 charts/haproxy/haproxy/1.12.100/templates/_helpers.tpl create mode 100644 charts/haproxy/haproxy/1.12.100/templates/clusterrole.yaml create mode 100644 charts/haproxy/haproxy/1.12.100/templates/clusterrolebinding.yaml create mode 100644 charts/haproxy/haproxy/1.12.100/templates/controller-configmap.yaml create mode 100644 charts/haproxy/haproxy/1.12.100/templates/controller-daemonset.yaml create mode 100644 charts/haproxy/haproxy/1.12.100/templates/controller-defaultcertsecret.yaml create mode 100644 charts/haproxy/haproxy/1.12.100/templates/controller-deployment.yaml create mode 100644 charts/haproxy/haproxy/1.12.100/templates/controller-hpa.yaml create mode 100644 charts/haproxy/haproxy/1.12.100/templates/controller-podsecuritypolicy.yaml create mode 100644 charts/haproxy/haproxy/1.12.100/templates/controller-pullsecret.yaml create mode 100644 charts/haproxy/haproxy/1.12.100/templates/controller-role.yaml create mode 100644 charts/haproxy/haproxy/1.12.100/templates/controller-rolebinding.yaml create mode 100644 charts/haproxy/haproxy/1.12.100/templates/controller-service.yaml create mode 100644 charts/haproxy/haproxy/1.12.100/templates/controller-serviceaccount.yaml create mode 100644 charts/haproxy/haproxy/1.12.100/templates/controller-servicemonitor.yaml create mode 100644 charts/haproxy/haproxy/1.12.100/templates/default-backend-deployment.yaml create mode 100644 charts/haproxy/haproxy/1.12.100/templates/default-backend-hpa.yaml create mode 100644 charts/haproxy/haproxy/1.12.100/templates/default-backend-podsecuritypolicy.yaml create mode 100644 charts/haproxy/haproxy/1.12.100/templates/default-backend-role.yaml create mode 100644 charts/haproxy/haproxy/1.12.100/templates/default-backend-rolebinding.yaml create mode 100644 charts/haproxy/haproxy/1.12.100/templates/default-backend-service.yaml create mode 100644 charts/haproxy/haproxy/1.12.100/templates/default-backend-serviceaccount.yaml create mode 100644 charts/haproxy/haproxy/1.12.100/values.yaml create mode 100644 charts/haproxy/haproxy/1.12.500/.helmignore create mode 100644 charts/haproxy/haproxy/1.12.500/Chart.yaml create mode 100644 charts/haproxy/haproxy/1.12.500/README.md create mode 100644 charts/haproxy/haproxy/1.12.500/app-readme.md create mode 100644 charts/haproxy/haproxy/1.12.500/ci/daemonset-customconfig-values.yaml create mode 100644 charts/haproxy/haproxy/1.12.500/ci/daemonset-customnodeport-values.yaml create mode 100644 charts/haproxy/haproxy/1.12.500/ci/daemonset-default-values.yaml create mode 100644 charts/haproxy/haproxy/1.12.500/ci/daemonset-disableddefaultbackend-values.yaml create mode 100644 charts/haproxy/haproxy/1.12.500/ci/daemonset-disabledsecretconfig-values.yaml create mode 100644 charts/haproxy/haproxy/1.12.500/ci/daemonset-enableports-values.yaml create mode 100644 charts/haproxy/haproxy/1.12.500/ci/daemonset-extraargs-values.yaml create mode 100644 charts/haproxy/haproxy/1.12.500/ci/daemonset-hostport-values.yaml create mode 100644 charts/haproxy/haproxy/1.12.500/ci/daemonset-nodeport-values.yaml create mode 100644 charts/haproxy/haproxy/1.12.500/ci/daemonset-publishservice-values.yaml create mode 100644 charts/haproxy/haproxy/1.12.500/ci/daemonset-serviceannotation-values.yaml create mode 100644 charts/haproxy/haproxy/1.12.500/ci/deployment-customconfig-values.yaml create mode 100644 charts/haproxy/haproxy/1.12.500/ci/deployment-customnodeport-values.yaml create mode 100644 charts/haproxy/haproxy/1.12.500/ci/deployment-default-values.yaml create mode 100644 charts/haproxy/haproxy/1.12.500/ci/deployment-disableddefaultbackend-values.yaml create mode 100644 charts/haproxy/haproxy/1.12.500/ci/deployment-disabledsecretconfig-values.yaml create mode 100644 charts/haproxy/haproxy/1.12.500/ci/deployment-enableports-values.yaml create mode 100644 charts/haproxy/haproxy/1.12.500/ci/deployment-extraargs-values.yaml create mode 100644 charts/haproxy/haproxy/1.12.500/ci/deployment-hpa-values.yaml create mode 100644 charts/haproxy/haproxy/1.12.500/ci/deployment-nodeport-values.yaml create mode 100644 charts/haproxy/haproxy/1.12.500/ci/deployment-psp-values.yaml create mode 100644 charts/haproxy/haproxy/1.12.500/ci/deployment-publishservice-values.yaml create mode 100644 charts/haproxy/haproxy/1.12.500/ci/deployment-replicacount-unset.yaml create mode 100644 charts/haproxy/haproxy/1.12.500/questions.yml create mode 100644 charts/haproxy/haproxy/1.12.500/templates/NOTES.txt create mode 100644 charts/haproxy/haproxy/1.12.500/templates/_helpers.tpl create mode 100644 charts/haproxy/haproxy/1.12.500/templates/clusterrole.yaml create mode 100644 charts/haproxy/haproxy/1.12.500/templates/clusterrolebinding.yaml create mode 100644 charts/haproxy/haproxy/1.12.500/templates/controller-configmap.yaml create mode 100644 charts/haproxy/haproxy/1.12.500/templates/controller-daemonset.yaml create mode 100644 charts/haproxy/haproxy/1.12.500/templates/controller-defaultcertsecret.yaml create mode 100644 charts/haproxy/haproxy/1.12.500/templates/controller-deployment.yaml create mode 100644 charts/haproxy/haproxy/1.12.500/templates/controller-hpa.yaml create mode 100644 charts/haproxy/haproxy/1.12.500/templates/controller-poddisruptionbudget.yaml create mode 100644 charts/haproxy/haproxy/1.12.500/templates/controller-podsecuritypolicy.yaml create mode 100644 charts/haproxy/haproxy/1.12.500/templates/controller-pullsecret.yaml create mode 100644 charts/haproxy/haproxy/1.12.500/templates/controller-role.yaml create mode 100644 charts/haproxy/haproxy/1.12.500/templates/controller-rolebinding.yaml create mode 100644 charts/haproxy/haproxy/1.12.500/templates/controller-service.yaml create mode 100644 charts/haproxy/haproxy/1.12.500/templates/controller-serviceaccount.yaml create mode 100644 charts/haproxy/haproxy/1.12.500/templates/controller-servicemonitor.yaml create mode 100644 charts/haproxy/haproxy/1.12.500/templates/default-backend-deployment.yaml create mode 100644 charts/haproxy/haproxy/1.12.500/templates/default-backend-hpa.yaml create mode 100644 charts/haproxy/haproxy/1.12.500/templates/default-backend-podsecuritypolicy.yaml create mode 100644 charts/haproxy/haproxy/1.12.500/templates/default-backend-role.yaml create mode 100644 charts/haproxy/haproxy/1.12.500/templates/default-backend-rolebinding.yaml create mode 100644 charts/haproxy/haproxy/1.12.500/templates/default-backend-service.yaml create mode 100644 charts/haproxy/haproxy/1.12.500/templates/default-backend-serviceaccount.yaml create mode 100644 charts/haproxy/haproxy/1.12.500/values.yaml create mode 100644 charts/haproxy/haproxy/1.4.300/.helmignore create mode 100644 charts/haproxy/haproxy/1.4.300/Chart.yaml create mode 100644 charts/haproxy/haproxy/1.4.300/README.md create mode 100644 charts/haproxy/haproxy/1.4.300/app-readme.md create mode 100644 charts/haproxy/haproxy/1.4.300/ci/daemonset-customconfig-values.yaml create mode 100644 charts/haproxy/haproxy/1.4.300/ci/daemonset-customnodeport-values.yaml create mode 100644 charts/haproxy/haproxy/1.4.300/ci/daemonset-default-values.yaml create mode 100644 charts/haproxy/haproxy/1.4.300/ci/daemonset-disabledsecretconfig-values.yaml create mode 100644 charts/haproxy/haproxy/1.4.300/ci/daemonset-enableports-values.yaml create mode 100644 charts/haproxy/haproxy/1.4.300/ci/daemonset-extraargs-values.yaml create mode 100644 charts/haproxy/haproxy/1.4.300/ci/daemonset-hostport-values.yaml create mode 100644 charts/haproxy/haproxy/1.4.300/ci/daemonset-nodeport-values.yaml create mode 100644 charts/haproxy/haproxy/1.4.300/ci/daemonset-publishservice-values.yaml create mode 100644 charts/haproxy/haproxy/1.4.300/ci/daemonset-serviceannotation-values.yaml create mode 100644 charts/haproxy/haproxy/1.4.300/ci/deployment-customconfig-values.yaml create mode 100644 charts/haproxy/haproxy/1.4.300/ci/deployment-customnodeport-values.yaml create mode 100644 charts/haproxy/haproxy/1.4.300/ci/deployment-default-values.yaml create mode 100644 charts/haproxy/haproxy/1.4.300/ci/deployment-disabledsecretconfig-values.yaml create mode 100644 charts/haproxy/haproxy/1.4.300/ci/deployment-enableports-values.yaml create mode 100644 charts/haproxy/haproxy/1.4.300/ci/deployment-extraargs-values.yaml create mode 100644 charts/haproxy/haproxy/1.4.300/ci/deployment-nodeport-values.yaml create mode 100644 charts/haproxy/haproxy/1.4.300/ci/deployment-publishservice-values.yaml create mode 100644 charts/haproxy/haproxy/1.4.300/ci/deployment-replicacount-unset.yaml create mode 100644 charts/haproxy/haproxy/1.4.300/ci/deployment-serviceannotation-values.yaml create mode 100644 charts/haproxy/haproxy/1.4.300/questions.yml create mode 100644 charts/haproxy/haproxy/1.4.300/templates/NOTES.txt create mode 100644 charts/haproxy/haproxy/1.4.300/templates/_helpers.tpl create mode 100644 charts/haproxy/haproxy/1.4.300/templates/clusterrole.yaml create mode 100644 charts/haproxy/haproxy/1.4.300/templates/clusterrolebinding.yaml create mode 100644 charts/haproxy/haproxy/1.4.300/templates/controller-configmap.yaml create mode 100644 charts/haproxy/haproxy/1.4.300/templates/controller-daemonset.yaml create mode 100644 charts/haproxy/haproxy/1.4.300/templates/controller-defaultcertsecret.yaml create mode 100644 charts/haproxy/haproxy/1.4.300/templates/controller-deployment.yaml create mode 100644 charts/haproxy/haproxy/1.4.300/templates/controller-podsecuritypolicy.yaml create mode 100644 charts/haproxy/haproxy/1.4.300/templates/controller-pullsecret.yaml create mode 100644 charts/haproxy/haproxy/1.4.300/templates/controller-role.yaml create mode 100644 charts/haproxy/haproxy/1.4.300/templates/controller-rolebinding.yaml create mode 100644 charts/haproxy/haproxy/1.4.300/templates/controller-service.yaml create mode 100644 charts/haproxy/haproxy/1.4.300/templates/controller-serviceaccount.yaml create mode 100644 charts/haproxy/haproxy/1.4.300/templates/default-backend-deployment.yaml create mode 100644 charts/haproxy/haproxy/1.4.300/templates/default-backend-podsecuritypolicy.yaml create mode 100644 charts/haproxy/haproxy/1.4.300/templates/default-backend-role.yaml create mode 100644 charts/haproxy/haproxy/1.4.300/templates/default-backend-rolebinding.yaml create mode 100644 charts/haproxy/haproxy/1.4.300/templates/default-backend-service.yaml create mode 100644 charts/haproxy/haproxy/1.4.300/templates/default-backend-serviceaccount.yaml create mode 100644 charts/haproxy/haproxy/1.4.300/values.yaml create mode 100644 charts/hpe-csi-driver/hpe-csi-driver/1.3.000/Chart.yaml create mode 100644 charts/hpe-csi-driver/hpe-csi-driver/1.3.000/README.md create mode 100644 charts/hpe-csi-driver/hpe-csi-driver/1.3.000/app-readme.md create mode 100644 charts/hpe-csi-driver/hpe-csi-driver/1.3.000/crds/hpe-nodeinfo-crd.yaml create mode 100644 charts/hpe-csi-driver/hpe-csi-driver/1.3.000/crds/hpe-replicated-device-info-crd.yaml create mode 100644 charts/hpe-csi-driver/hpe-csi-driver/1.3.000/crds/hpe-volumeinfo-crd.yaml create mode 100644 charts/hpe-csi-driver/hpe-csi-driver/1.3.000/files/config.json create mode 100644 charts/hpe-csi-driver/hpe-csi-driver/1.3.000/questions.yml create mode 100644 charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/NOTES.txt create mode 100644 charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/_helpers.tpl create mode 100644 charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/csi-driver-crd.yaml create mode 100644 charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/hpe-csi-controller.yaml create mode 100644 charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/hpe-csi-node.yaml create mode 100644 charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/hpe-csi-rbac.yaml create mode 100644 charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/hpe-linux-config.yaml create mode 100644 charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/hpe-secret.yaml create mode 100644 charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/nimble-csp.yaml create mode 100644 charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/primera-3par-csp.yaml create mode 100644 charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/sc.yaml create mode 100644 charts/hpe-csi-driver/hpe-csi-driver/1.3.000/values.yaml create mode 100644 charts/hpe-csi-driver/hpe-csi-driver/1.4.200/Chart.yaml create mode 100644 charts/hpe-csi-driver/hpe-csi-driver/1.4.200/README.md create mode 100644 charts/hpe-csi-driver/hpe-csi-driver/1.4.200/app-readme.md create mode 100644 charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/hpe-nodeinfo-crd.yaml create mode 100644 charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/hpe-replicated-device-info-crd.yaml create mode 100644 charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/hpe-snapshotgroupinfo-crd.yaml create mode 100644 charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/hpe-volumegroupinfo-crd.yaml create mode 100644 charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/hpe-volumeinfo-crd.yaml create mode 100644 charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/storage.hpe.com_snapshotgroupclasses.yaml create mode 100644 charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/storage.hpe.com_snapshotgroupcontents.yaml create mode 100644 charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/storage.hpe.com_snapshotgroups.yaml create mode 100644 charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/storage.hpe.com_volumegroupclasses.yaml create mode 100644 charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/storage.hpe.com_volumegroupcontents.yaml create mode 100644 charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/storage.hpe.com_volumegroups.yaml create mode 100644 charts/hpe-csi-driver/hpe-csi-driver/1.4.200/files/config.json create mode 100644 charts/hpe-csi-driver/hpe-csi-driver/1.4.200/questions.yml create mode 100644 charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/NOTES.txt create mode 100644 charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/_helpers.tpl create mode 100644 charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/csi-driver-crd.yaml create mode 100644 charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/hpe-csi-controller.yaml create mode 100644 charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/hpe-csi-node.yaml create mode 100644 charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/hpe-csi-rbac.yaml create mode 100644 charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/hpe-linux-config.yaml create mode 100644 charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/hpe-secret.yaml create mode 100644 charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/nimble-csp.yaml create mode 100644 charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/primera-3par-csp.yaml create mode 100644 charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/sc.yaml create mode 100644 charts/hpe-csi-driver/hpe-csi-driver/1.4.200/values.yaml create mode 100644 charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/Chart.yaml create mode 100644 charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/README.md create mode 100644 charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/app-readme.md create mode 100644 charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/questions.yml create mode 100644 charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/templates/NOTES.txt create mode 100644 charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/templates/_helpers.tpl create mode 100644 charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/templates/hpe-config.yaml create mode 100644 charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/templates/hpe-doryd-rbac.yaml create mode 100644 charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/templates/hpe-doryd.yaml create mode 100644 charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/templates/hpe-flexvolume-plugin.yaml create mode 100644 charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/templates/hpe-secret.yaml create mode 100644 charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/templates/hpecv-cp.yaml create mode 100644 charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/templates/post-install.yaml create mode 100644 charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/templates/sc.yaml create mode 100644 charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/values.yaml create mode 100644 charts/instana-agent/instana-agent/1.0.2900/.helmignore create mode 100644 charts/instana-agent/instana-agent/1.0.2900/Chart.yaml create mode 100644 charts/instana-agent/instana-agent/1.0.2900/README.md create mode 100644 charts/instana-agent/instana-agent/1.0.2900/app-readme.md create mode 100644 charts/instana-agent/instana-agent/1.0.2900/questions.yml create mode 100644 charts/instana-agent/instana-agent/1.0.2900/templates/NOTES.txt create mode 100644 charts/instana-agent/instana-agent/1.0.2900/templates/_helpers.tpl create mode 100644 charts/instana-agent/instana-agent/1.0.2900/templates/agentsecret.yaml create mode 100644 charts/instana-agent/instana-agent/1.0.2900/templates/clusterrole.yaml create mode 100644 charts/instana-agent/instana-agent/1.0.2900/templates/clusterrolebinding.yaml create mode 100644 charts/instana-agent/instana-agent/1.0.2900/templates/configmap.yaml create mode 100644 charts/instana-agent/instana-agent/1.0.2900/templates/daemonset.yaml create mode 100644 charts/instana-agent/instana-agent/1.0.2900/templates/namespace.yaml create mode 100644 charts/instana-agent/instana-agent/1.0.2900/templates/podsecuritypolicy.yaml create mode 100644 charts/instana-agent/instana-agent/1.0.2900/templates/serviceaccount.yaml create mode 100644 charts/instana-agent/instana-agent/1.0.2900/values.yaml create mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/.helmignore create mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/Chart.yaml create mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/LICENSE create mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/README.md create mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/app-readme.md create mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/NOTES.txt create mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/_helpers.tpl create mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/clusterrole.yaml create mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/clusterrole_binding.yaml create mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/deployment.yaml create mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/mutating-webhook.yaml create mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/ns-validating-webhook.yaml create mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/secret.yaml create mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/triliovault.trilio.io_triliovaultmanagers.yaml create mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/validating-webhook.yaml create mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/webhook-service.yaml create mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/values.yaml create mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/.helmignore create mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/Chart.yaml create mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/LICENSE create mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/README.md create mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/app-readme.md create mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/NOTES.txt create mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/_helpers.tpl create mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/clusterrole.yaml create mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/clusterrole_binding.yaml create mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/deployment.yaml create mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/mutating-webhook.yaml create mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/secret.yaml create mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/triliovault.trilio.io_triliovaultmanagers.yaml create mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/validating-webhook.yaml create mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/webhook-service.yaml create mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/values.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/Chart.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/app-readme.md create mode 100644 charts/kubecost/cost-analyzer/1.70.000/attached-disks.json create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/grafana/Chart.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/grafana/README.md create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/NOTES.txt create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/_helpers.tpl create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/clusterrole.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/clusterrolebinding.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/configmap-dashboard-provider.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/configmap.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/dashboards-json-configmap.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/deployment.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/ingress.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/podsecuritypolicy.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/pvc.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/role.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/rolebinding.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/secret.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/service.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/serviceaccount.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/grafana/values.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/.helmignore create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/Chart.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/README.md create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/.helmignore create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/Chart.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/OWNERS create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/README.md create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/NOTES.txt create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/_helpers.tpl create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/clusterrole.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/clusterrolebinding.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/deployment.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/podsecuritypolicy.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/psp-clusterrole.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/psp-clusterrolebinding.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/service.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/serviceaccount.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/servicemonitor.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/stsdiscovery-role.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/values.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/requirements.lock create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/requirements.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/NOTES.txt create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/_helpers.tpl create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-clusterrole.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-clusterrolebinding.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-configmap.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-deployment.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-ingress.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-networkpolicy.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-pdb.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-podsecuritypolicy.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-pvc.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-service-headless.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-service.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-serviceaccount.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-statefulset.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/node-exporter-daemonset.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/node-exporter-podsecuritypolicy.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/node-exporter-role.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/node-exporter-rolebinding.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/node-exporter-service.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/node-exporter-serviceaccount.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-clusterrole.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-clusterrolebinding.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-deployment.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-ingress.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-networkpolicy.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-pdb.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-podsecuritypolicy.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-pvc.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-service.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-serviceaccount.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-clusterrole.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-clusterrolebinding.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-configmap.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-deployment.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-ingress.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-networkpolicy.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-pdb.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-podsecuritypolicy.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-pvc.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-service-headless.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-service.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-serviceaccount.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-statefulset.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-vpa.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/values.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/thanos/.helmignore create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/thanos/Chart.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/thanos/requirements.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/NOTES.txt create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/_helpers.tpl create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/bucket-deployment.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/bucket-ingress.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/bucket-poddisruptionbudget.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/bucket-service.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/compact-deployment.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/compact-pvc.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/compact-service.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/compact-servicemonitor.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-deployment.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-frontend-deployment.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-frontend-horizontalpodautoscaler.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-frontend-ingress.yml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-frontend-poddisruptionbudget.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-frontend-service.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-frontend-servicemonitor.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-horizontalpodautoscaler.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-ingress.yml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-poddisruptionbudget.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-service.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-servicemonitor.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/sidecar-service.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/sidecar-servicemonitor.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/store-deployment.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/store-ingress.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/store-service.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/store-servicemonitor.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/charts/thanos/values.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/cluster-metrics.json create mode 100644 charts/kubecost/cost-analyzer/1.70.000/cluster-utilization.json create mode 100644 charts/kubecost/cost-analyzer/1.70.000/deployment-utilization.json create mode 100644 charts/kubecost/cost-analyzer/1.70.000/label-cost-utilization.json create mode 100644 charts/kubecost/cost-analyzer/1.70.000/namespace-utilization.json create mode 100644 charts/kubecost/cost-analyzer/1.70.000/node-utilization.json create mode 100644 charts/kubecost/cost-analyzer/1.70.000/pod-utilization.json create mode 100644 charts/kubecost/cost-analyzer/1.70.000/prom-benchmark.json create mode 100644 charts/kubecost/cost-analyzer/1.70.000/questions.yml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/templates/NOTES.txt create mode 100644 charts/kubecost/cost-analyzer/1.70.000/templates/_helpers.tpl create mode 100644 charts/kubecost/cost-analyzer/1.70.000/templates/aws-service-key-secret.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/templates/awsstore-deployment-template.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/templates/awsstore-service-account-template.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/templates/azure-service-key-secret.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-alerts-configmap.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-checks-template.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-cluser-role-template.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-cluster-role-binding-template.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-config-map-template.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-db-pvc-template.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-deployment-template.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-frontend-config-map-template.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-ingress-template.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-network-costs-config-map-template.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-network-costs-podmonitor-template.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-network-costs-template.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-network-policy.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-pkey-configmap.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-postgres-deployment.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-postgres-pv.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-postgres-pvc.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-postgres-service.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-pricing-configmap.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-prometheus-postgres-adapter-deployment.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-prometheus-postgres-adapter-service.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-prometheusrule-template.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-psp-role.template.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-psp-rolebinding.template.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-psp.template.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-pvc-template.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-saml-config-map-template.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-server-configmap.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-service-account-template.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-service-template.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-servicemonitor-template.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/templates/external-grafana-config-map-template.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/templates/grafana-attached-disk-metrics-template.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/templates/grafana-dashboard-cluster-metrics-template.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/templates/grafana-dashboard-cluster-utilization-template.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/templates/grafana-dashboard-deployment-utilization-template.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/templates/grafana-dashboard-label-cost-utilization-template.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/templates/grafana-dashboard-namespace-utilization-template.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/templates/grafana-dashboard-node-utilization-template.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/templates/grafana-dashboard-pod-utilization-template.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/templates/grafana-dashboard-prometheus-metrics-template.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/templates/grafana-datasource-template.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/templates/kubecost-cluster-controller-template.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/templates/kubecost-cluster-manager-configmap-template.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/templates/kubecost-priority-class-template.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/templates/network-costs-psp.template.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/templates/network-costs-role.template.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/templates/network-costs-rolebinding.template.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/values-thanos.yaml create mode 100644 charts/kubecost/cost-analyzer/1.70.000/values.yaml create mode 100644 charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/.helmignore create mode 100644 charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/Chart.yaml create mode 100644 charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/README.md create mode 100644 charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/app-readme.md create mode 100644 charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/crds/snapshot.storage.k8s.io_volumesnapshotclasses.yaml create mode 100644 charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/crds/snapshot.storage.k8s.io_volumesnapshotcontents.yaml create mode 100644 charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/crds/snapshot.storage.k8s.io_volumesnapshots.yaml create mode 100644 charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/questions.yml create mode 100644 charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/NOTES.txt create mode 100644 charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/_helpers.tpl create mode 100644 charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/csi-driver.yaml create mode 100644 charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/ntnx-cs-scc.yaml create mode 100644 charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/ntnx-csi-node.yaml create mode 100644 charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/ntnx-csi-provisioner.yaml create mode 100644 charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/ntnx-csi-rbac.yaml create mode 100644 charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/ntnx-secret.yaml create mode 100644 charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/sc.yaml create mode 100644 charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/snapshot-controller-rbac.yaml create mode 100644 charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/snapshot-controller-setup.yaml create mode 100644 charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/values.yaml create mode 100644 charts/openebs/openebs/1.12.300/Chart.yaml create mode 100644 charts/openebs/openebs/1.12.300/OWNERS create mode 100644 charts/openebs/openebs/1.12.300/README.md create mode 100644 charts/openebs/openebs/1.12.300/app-readme.md create mode 100644 charts/openebs/openebs/1.12.300/questions.yml create mode 100644 charts/openebs/openebs/1.12.300/templates/NOTES.txt create mode 100644 charts/openebs/openebs/1.12.300/templates/_helpers.tpl create mode 100644 charts/openebs/openebs/1.12.300/templates/clusterrole.yaml create mode 100644 charts/openebs/openebs/1.12.300/templates/clusterrolebinding.yaml create mode 100644 charts/openebs/openebs/1.12.300/templates/cm-node-disk-manager.yaml create mode 100644 charts/openebs/openebs/1.12.300/templates/daemonset-ndm.yaml create mode 100644 charts/openebs/openebs/1.12.300/templates/deployment-admission-server.yaml create mode 100644 charts/openebs/openebs/1.12.300/templates/deployment-local-provisioner.yaml create mode 100644 charts/openebs/openebs/1.12.300/templates/deployment-maya-apiserver.yaml create mode 100644 charts/openebs/openebs/1.12.300/templates/deployment-maya-provisioner.yaml create mode 100644 charts/openebs/openebs/1.12.300/templates/deployment-maya-snapshot-operator.yaml create mode 100644 charts/openebs/openebs/1.12.300/templates/deployment-ndm-operator.yaml create mode 100644 charts/openebs/openebs/1.12.300/templates/psp-clusterrole.yaml create mode 100644 charts/openebs/openebs/1.12.300/templates/psp-clusterrolebinding.yaml create mode 100644 charts/openebs/openebs/1.12.300/templates/psp.yaml create mode 100644 charts/openebs/openebs/1.12.300/templates/service-maya-apiserver.yaml create mode 100644 charts/openebs/openebs/1.12.300/templates/serviceaccount.yaml create mode 100644 charts/openebs/openebs/1.12.300/values.yaml create mode 100644 charts/portshift-operator/portshift-operator/0.1.000/.helmignore create mode 100644 charts/portshift-operator/portshift-operator/0.1.000/Chart.yaml create mode 100644 charts/portshift-operator/portshift-operator/0.1.000/README.md create mode 100644 charts/portshift-operator/portshift-operator/0.1.000/app-readme.md create mode 100644 charts/portshift-operator/portshift-operator/0.1.000/crds/crd.yaml create mode 100644 charts/portshift-operator/portshift-operator/0.1.000/questions.yaml create mode 100644 charts/portshift-operator/portshift-operator/0.1.000/templates/_helpers.tpl create mode 100644 charts/portshift-operator/portshift-operator/0.1.000/templates/clusterrolebinding.yaml create mode 100644 charts/portshift-operator/portshift-operator/0.1.000/templates/deployment.yaml create mode 100644 charts/portshift-operator/portshift-operator/0.1.000/templates/portshiftinstaller.yaml create mode 100644 charts/portshift-operator/portshift-operator/0.1.000/templates/secret.yaml create mode 100644 charts/portshift-operator/portshift-operator/0.1.000/templates/serviceaccount.yaml create mode 100644 charts/portshift-operator/portshift-operator/0.1.000/values.yaml create mode 100644 charts/streamsets/control-agent/2.0.100/.helmignore create mode 100644 charts/streamsets/control-agent/2.0.100/Chart.yaml create mode 100644 charts/streamsets/control-agent/2.0.100/README.md create mode 100644 charts/streamsets/control-agent/2.0.100/app-readme.md create mode 100644 charts/streamsets/control-agent/2.0.100/krb/krb5.conf create mode 100644 charts/streamsets/control-agent/2.0.100/questions.yml create mode 100644 charts/streamsets/control-agent/2.0.100/templates/NOTES.txt create mode 100644 charts/streamsets/control-agent/2.0.100/templates/_helpers.tpl create mode 100644 charts/streamsets/control-agent/2.0.100/templates/deployment.yaml create mode 100644 charts/streamsets/control-agent/2.0.100/templates/krb5-secret.yaml create mode 100644 charts/streamsets/control-agent/2.0.100/templates/rbac.yaml create mode 100644 charts/streamsets/control-agent/2.0.100/templates/sdc.yaml create mode 100644 charts/streamsets/control-agent/2.0.100/templates/token-secret.yaml create mode 100644 charts/streamsets/control-agent/2.0.100/values.yaml create mode 100644 charts/sysdig/sysdig/1.9.200/CHANGELOG.md create mode 100644 charts/sysdig/sysdig/1.9.200/Chart.yaml create mode 100644 charts/sysdig/sysdig/1.9.200/DESIGN.md create mode 100644 charts/sysdig/sysdig/1.9.200/OWNERS create mode 100644 charts/sysdig/sysdig/1.9.200/README-AWS.md create mode 100644 charts/sysdig/sysdig/1.9.200/README.md create mode 100644 charts/sysdig/sysdig/1.9.200/app-readme.md create mode 100644 charts/sysdig/sysdig/1.9.200/ci/test-values.yaml create mode 100644 charts/sysdig/sysdig/1.9.200/questions.yml create mode 100644 charts/sysdig/sysdig/1.9.200/scripts/appchecks2helm create mode 100644 charts/sysdig/sysdig/1.9.200/templates/NOTES.txt create mode 100644 charts/sysdig/sysdig/1.9.200/templates/_helpers.tpl create mode 100644 charts/sysdig/sysdig/1.9.200/templates/auditsink.yaml create mode 100644 charts/sysdig/sysdig/1.9.200/templates/clusterrole.yaml create mode 100644 charts/sysdig/sysdig/1.9.200/templates/clusterrolebinding.yaml create mode 100644 charts/sysdig/sysdig/1.9.200/templates/configmap-custom-app-checks.yaml create mode 100644 charts/sysdig/sysdig/1.9.200/templates/configmap-image-analyzer.yaml create mode 100644 charts/sysdig/sysdig/1.9.200/templates/configmap.yaml create mode 100644 charts/sysdig/sysdig/1.9.200/templates/daemonset-image-analyzer.yaml create mode 100644 charts/sysdig/sysdig/1.9.200/templates/daemonset.yaml create mode 100644 charts/sysdig/sysdig/1.9.200/templates/secrets.yaml create mode 100644 charts/sysdig/sysdig/1.9.200/templates/securitycontextconstraint.yaml create mode 100644 charts/sysdig/sysdig/1.9.200/templates/service.yaml create mode 100644 charts/sysdig/sysdig/1.9.200/templates/serviceaccount.yaml create mode 100644 charts/sysdig/sysdig/1.9.200/values.yaml create mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100/.helmignore create mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100/Chart.yaml create mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100/app-readme.md create mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100/questions.yaml create mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/NOTES.txt create mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/_helpers.tpl create mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/_helpers.tpl create mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/clusterrole.yaml create mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/clusterrolebinding.yaml create mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/deployment.yaml create mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/role.yaml create mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/rolebinding.yaml create mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/secret-entitlement.yaml create mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/serviceaccount.yaml create mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/uxp-ca-tls-secret.yaml create mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/versions-configmap.yaml create mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/NOTES.txt create mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/_helpers.tpl create mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/clusterrole.yaml create mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/clusterrolebinding.yaml create mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/deployment.yaml create mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/rbac-manager-allowed-provider-permissions.yaml create mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/rbac-manager-clusterrole.yaml create mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/rbac-manager-clusterrolebinding.yaml create mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/rbac-manager-deployment.yaml create mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/rbac-manager-managed-clusterroles.yaml create mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/rbac-manager-serviceaccount.yaml create mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/serviceaccount.yaml create mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/_helpers.tpl create mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/clusterrole.yaml create mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/clusterrolebindings-managed.yaml create mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/clusterrolebindings.yaml create mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/clusterroles-managed.yaml create mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/control-plane-token-secret.yaml create mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/deployment.yaml create mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/role.yaml create mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/service.yaml create mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/serviceaccount.yaml create mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/tls-secret.yaml create mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/xgql/_helpers.tpl create mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/xgql/deployment.yaml create mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/xgql/service.yaml create mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/xgql/serviceaccount.yaml create mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100/templates/xgql/tls-secret.yaml create mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100/values.yaml create mode 100644 charts/universal-crossplane/universal-crossplane/1.2.200100/values.yaml.tmpl create mode 100644 index.yaml diff --git a/assets/ambassador/ambassador-6.7.1100.tgz b/assets/ambassador/ambassador-6.7.1100.tgz new file mode 100644 index 0000000000000000000000000000000000000000..4a1ec9bacfb946c63b25f7c32f5a4a9a82a65198 GIT binary patch literal 53609 zcmV)pK%2iGiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMYacjCCVD1QIuQ|OU?tE&12!Vppw*6FieLLgIx1cOb&x#yQF zY=IqY%Vo(7sjlz-Tar9u2pK9p9K2R{1zWTBtgXGFHH3sf4ZC{{9lEr*fR_1RZ~K%= zrP9IvKL58=Dy9D|S3V#7S9!m5P}x7I?pLe-RVr7jmC}EK(i@K>^YI9U?thhD-B)^Y ze~|~;Hl~mo*e3NH04k)=#N(n0DK$~izkiwbaqS#n+I%b{dlscrow>O*3iep5hKG}G3hRT{-TgI^97?C{_ zk8#nl$GHhw%&@DGdaeMVV}LQFXa*PTSJZa_X#R+D1%T`+UgRuj*c2Kza(Pu`LBp&A z3%V1J{67nhVUeI50AguI=0Y>3$h8+y(UG~Z?f)0FTQqQ3dcr?NCGCj|J%TdJ+C%X% zDs6fbM078+wEr!)v|$8$u8R0fg4G)vRQHBO6=aV!2!@<^E{w`RhM1`agxHhsaN00PE?0^`Km7qd+tZ*S#5qP$V2uT(ID(2*vfPAz7`P|4e&FAz( z9H@$s@xKz)axQXALxm0O*|ZL-ISnEU+g(KKU<6Hqa>07f4ATV2X3NQ!gCar;E`r(u z++YoS+>FE)I6vGQns~TpK|+zc7w*9xYf}7QG|Vyo6Wh>pD*7i5oY??^p+^=&JP#HK zxopxZG|d=u{Xl@KBXx2w28nFV!G=v)$tg4q4N?RQ%HU{*-HBn3fr?!hsnlE)b8HYy z{16k?>VUc)V||>{)`R}p;xxsQK#yXgLX)-Q5%&Kx>>7`3eC7?-j{MKa&Fz5L8nb41 z6P5WqhX`l};a%rq9}^=I+XH}Q*pk>pQU?|G0?wlsHTD8g*HF1QRRDD1pgNF{;Ep)} z0C4>ub^a^htE%JqzbSObhz4JQ--JvJ(|F{PTKEM{kqgHt_NfjIO3&-pLKb!xZ`F0q z!P<#IT#t)o$DYQT1K)qJtqW0twZG$cuL(3_-;XrSV6~tb12kk$4Hw%MvS~j9h6N`!A@RRfU9fC2CqnE-L1bJ>>&rLu$?)%z=qX9tNR?O2E{BOnjx}gcs@d zj(Xjb`)2#-_-ped1k~`u*>$&92SRcw5W}AEj|4G7p(6%8hUHnn_N*at0UiN@RBUSm z3=y3nWP>IX4cT5%=u*OKA6*?Eb-PC=*V4Vz?DmeN-hJ==aa8+}mVFS#t-XBAH2q)6fdD|brX8p&sf#d*K9c*g;;22FY z5wwBl0BCCf%?-MCB;7N)cXHhi22(Ea0wx?HlO#K(I)FAfKVf}9)5J60y^8ITG4@=x zyhQI>F1G6YCt%y?B6^7y5*h{X0>a@U%^-zDefCVyBGGCv zgq!P=`}3RZZbk+&wL};E%?+fwz$K3q9ju+-XkeS7xqvmst-`h9Tgz6@!CH~m3Ha&68zR?6Oh#c^Emp~%i$=&rwu<(~$VM)t zNQ)IKK*!jdmW$;tdpi!+f|01A>%z2LP_fHMgoCwUVE(uSopn9?h{y!Fb@1iOmoKYl zz{VSc>S*JMgH&T=FowK%yUDDcN!WAdd^mpHxW?2l(HJ!uFZKCDz(RMx5g0;Zs7#az z+PJ}{p>iUCY~m&Kb|y5qo^1<$&2ZUqT0tdO4L70L_o>~MI+bVJ>*>iZO zdk)qLK|2Ni9c#lME0a(02)GCmEW{5j5dI7Tut!b9Mj99*6VHmFxNKtzR2Q)o2E#>A z1wg{YAfjW>)Bv{q9UG!}SqQKlNxA0h!6>v7taT3F7)mC4RWE&=AE!_ zc_9YogVs5vr8=^KiQtr%_G~s`M*B7Gb2i3DQIKJR69IS~a%j&tN%3}J1J;em=R#tuR&Rap3y`?~`j2eOX*22+MG&et5I z27fbJ_|>qzdGvyzuE~fiL*OHO5tZ~D$3%=?L-W+do!3TTf&(7{Dc+6g!JGzG%f-FQR;=`nPvdA=c6{JH!dQ`rlPWhnCwWg zyQl*Vs}sacg;{1V-t<$&5y@#b3A$?t8Kh;ngywWiXd6+cMul19^_I!Mfgy+Dv0< z#BeOEc_t!zJ5)!7n2svmbK>AqUu_aH18bP?A^TDXUrM=1NxAV~`7hZx92ZlpVzUl< zjhpbTjWr|+S4;8IY#DE&cH@1LSf~5@)#YA;mz(t(FCFz7yxn2-uAt)>_W1rrtf}8J zFITBlD&ed6C=wr@9tA7S6xumOt_{te3r8bE^&yOXA&7I&qtVE)xh%E(uE8Op9&hLT z#+SiBf`oFN4}hJwe0Y0txxnY5LllB2(tLA3LpotBmyO!Mc7lhBW_(5(8}lxwU?a@P z3~Rz5Old%KXfeG2kHWHo)-8`l;Dr!T#wH#LT_8doU_sj$Aws#x=})JN(548)#IG13 zVH{Gl@tpe96uN_jU8akS@Xy#KP8Pt@P{eA~!S6YrEEfue;LrGZPuwV74hl>RTdRZK z*RC&Z2Je>+BK-G4cZq)~s3=gW0pOU(KsWzu{@*Vj&s9LY){e!WcrN69P_qpCJ|JtQ za`Z(r;5hj3<@4v{2OD#vM697@o7qnM_5Ij&)O!XWZ{>Q_g4(TaHa=K)l6fGY(&VtgAlP!|PV zu>t;ZV`x0jUY`Tkw2CTw%rv6BV$o^uWY1m^Eg(pX8k^V?k`C-ut;DVvp0Y$;h;H#I~nRFup!a{(uG3DcDI(cAL zAi-&hXviQjEEX~t7pMHwv+(RMa3sj(G~}3g!PMj~W!1)uNPUqohXL8qSe2Y_01ky! zid@UEIRc)#P(?S$H8{9pTVn)=iG7XG*yq~_4GpQ#O}`Ep(M`ZUxX1|26J)|g&?2ZZ zBJCu40Ze=!LBsT1)YDx=bZlzuZ7$?VZ`fvTicQb*QPBT!#kR_S<6!M8H+&0vKl7c~>1AluB1d4utK+3Rlu)tGsN^aShDPohBrt&BccgA96Xy9=gaxD#fl?6N*jb z1}njK2L?Ko|JlJN9xu8MgOmog33Z_nZe=7s`sx<%Mdc1g%R)^GwI>KU{*T-axCyrt zTsv$?*bO-B6}AnUR_=2`AJMStar2chuVkDxGgShUn6pj+`|T$Vn@{2m?Lo&VTH20J zYb-HDT@r_f|u6IcWVH1`Y(VUH$0B=+V_bseVeB$dF(-3>Gn zy5EKmZ}5#rm=p9qdz1zNBNri#LmX{5`4(C%_9%eBG*o001SV)v%>+K8?g?vqkIQU(I~pYV5JQ(s7%mzc{5)+(9LoTP;~qnfWJfu%@kh;W1kOxk z5b)mhl{*d;Yz{HGAw0_Sc|KuGF1Y}?ox~E@k(>~*=bS&BOT_t-I4=tkE*OB1c0$?Y zG(j91M6{4g8B~yxBJ3&(>dqR`V63rdVBvnX(uyjX$7XBoT zn%%fS$k)ubSQtVkb3G(PKSp~kNX5BPz}8*t(b(x?*n2T23WP6wi&dcGXlUy2_iX-b zXg4kz8S^?HXN(4{2S$(W78FN|VoPmRfTjg)IA-&J9@UY}M$OvW&FugtI|$G+#Rg(`Q~BN-}!J z-ae4@G*YOnd=tnrmD&N9d-zF7O!kS@t7TLxSHAFSOTrES3E>8Sgz&@YSZ*hREa4||cf!Qh~35gku8Yl*^Cs+ZeY)oD88A3=D<9$L~%kB7%AZ(K<7Pev}kPpvnfswt1 z<5Nejn?_pAQM0=%z(e@62pD0qm!PxU#^KXiwr3teIdT5l^v&j=Wth}=q!SEKWn|39 zPt_w7TPa!>fGk^x4K2PS-bo>PvE#pCT2>)2;pbw@$;o$!EzLP~p^$W0nJi6`@no2A zeu>dqpI#K7W99Z|NtkY+7XrmJVX}6uz!^<+0L}a48CC35*|1g9)6o48Ym4YW(1P>( z;es-J-!B~=B+nS{9q2N3Eu1BnBDovNJ+|+W>*CniqKY-dS_w{beD&?#!Wz2g?ImT` zv=uEt#k2`cyth5;o_*uimr8I}t!ekBVNZ~&-Rp>HRU|Q1Dum#Bi))#sQYi}wB}ma% zMm7Sh2qcJA$afinw=a_m;0<_2*d8~895uVeoEyB#;1QWX#wu`9<|{7`NM)Lyix|&B z6oL_gly!zj33CjiAp)H>G({%UML4S@6pjOQ7aj8L5@=>)s&gR$bB+gX0Kq9&abjFc zP@Si4jc{3v3BCm(_;LqZx<|2NsAP}R4W=vc>Fni%2<$H6s}g$uN{C={%Er&8&Fzwj zW#+8eAS#|BcM;lch;KoOIAkXEeBC^JADlfm7~)BP)Hcsdf45{^W~ zGuIavWeS=qLy#}W!fgVzWbGQ#b^DDO8Z&H;+Ph*l(1wdk7|izZf~S^rWi zmBQK@q>#yn$gKl57=}MOH_kW)9ebT&) zV3L|pFi(ta6&U!XzE^4XiHG>2i#$gqkNM8h*ggEm||dIjV%oOIz&30 z8kqZmTfUWm&y@QT1}vNer$C#S8&_Wn+@mf+dt!fg1hf|XP7Bc13Q6-O>ru|$Fuqy9 z@U=dJ=<)pyCGtdb^_Yn}coq6KM6LwE8Uzbp5N=j=@PQvbhfL?!qUR9mB52*K;W_NR z#r^Qa{s@kk=hg20YWG={m;e|Z!?IuQy*OC;pc{nZu?wxJS>Z7sKhX`^_B;HgoKMp+ znV`&L#=tpaC;S>Z2k&G!JE!E*Koq@k(bPb*&6PuOVL%%rm6~xy(U*_>_KFGPxlrEX zdZO<6wP=aT(r(l9Do^&1t!P|SeB zPlLH@?$CtxB&3n7L@}a&d<5bpg=4>Fj68-He8%;-`NN-^kiPwq6ofG2Mq}ga@opna zpNEEu&AKtev7q9?x&PrI(|VFZq99%w+XQB4sAD|gY%vXkNuUUgrXf2MjTqP#90 z!Mu{^HQ~bXL)EZwQFZA}^GYmL@NR+@{GH1g>(tPYw#(0Z%~63EV;gC}znt%z4#aW3 zL5Rl>eSLM*x8ydkWno*K+<$DeKQZe3zyHWsjDHsY5lV0WWK!|}?t+FaW}3w;meam>eR2EQk6A z8-s$8;SvhQh^di|V;XD?xw|{-gNaH0O-s!X{DAiYDEEp37MyU8cz*cIVb-OBx2q=h zw1%LzJv>3SKP%T!j{-F#;A7BnGU5yb8qbkC#*Bt!8Bbq|Um-5V(JXdS+r!ulRz2eE z!VQ^q!=xmkwm7aa<;McP%9;~}xQHaizvQ?ewx@?kU|0w~{LxpPw@=0sb8U=n2Dh(! z&2Ev->D%=2MEsY7%6=tv|G!q+#(#OAr|`B28%|*1ho&ki;irI{KSOy`qndK$WiA*XPjB} zTo>8YT!c5&)*Q9lps5^vm5+Mo*KKfhebOxEa*|NX02IgYnWy0Z(vX{Uo04+gXx^XS z#7^4p(0jrh+|H-{MTJ$iJk@@nS-vpNOJzw>|m$n(*ty70lO@9q8KkE#AkxQ-E|CAK7fDRA|+2nKgf zfdv?^{dfD7Ndh}ebZTb5fvDefV^D+IL@g%_D!}nnK&Di=D4SURXp8V71@)^d7Xacmun;#pHo15#C`}WaQGqp(E z5$pvxY=S&=oZr@z7Av*u`y>9A!G7{9NkI@8i#HTQ{=8xkg9d9?u6!<*ilt(?{-yM# z6qpLcMP7#oCt^G%p93J6FKs)TH;#1JlDc5(2?ovf+_EwbJ{(bLPFg2_?_gP~K93z*%S!`KU9o50Fdz=L9{hDje9Y0t|;_48O zHd4&_%2T=eXxlTFhnY3w3A>9fy*$qh?p`DOC&sV z0$+LV(`^v&aVSndePcL3d~%TbiEAy1+h-xu62WT4?WyQG9(VbHgb7`qY5JpGx4IEO z4i+V*Bc`JlhGkY3*l5+c+T;KDh0mb=+vXb^8)vu}qLn0H49A*y`|JTau3^&=$p2qb z_`f8dYEAU}98g>J_p1Hjws{K2nfoIQ_iPi+*cg-yTh(}R3I@rgIZHh1aM zN>Gg!GY^(PHtOrQ)No_l^b#mu-Ebms&r^WCx|u|{pe$H_84gD)obK?Y_`JHs&2W2l z{ndCL{En!0ol)&*HKRtKCJVkm5OG?e*$pA12uukH;F+7TpO#{Ly)Of&mID4RaoW`- z65J}o1o?t_aznl!Fr7&goCNwJiYUdse%8;J7tF8Zqj5Gb{`MoLfZrLVG}+Me|D6Z< z`~1sgxwN>MeN%nyG?x8FGIuapEU>9ZAQ{RxAD^&_d|K6{EtLJ_o~Ihm`+qFiF)|x@ z3Lw&}$AdL&uw?EKs_}(-!Q6SEz=YVBInWc)IU8IUkSya6#$SX@_E{L6gJt27>oSc= zBn|{0(KjHLHqVBU|CFA1(*E>>O!7x-b(=q#`aeHS46fe1J|Vyp`v3mt{aQ-@|6D44 z-s=DF@uX;AJjza-0;aODh}c&_te(I`Sr3zhY-Bku@Xq`?z6;T2$BenS&uSt!JG~uBhWcmlp77 zb(Pf4rj}%7yTbWXD-0K+>9y6r>%CGUv zU_%D+`;egnrsv1;)e$tQF0@QiOpI-XkNtD*9mShdbx7-32LE`Wp*JR(?)(`mvd7(4 zNxVAo9O28mcCc`WJzDTcP<$`Bwmh_zErM6&+t}uA@eI7U^L8fLi-ABK9x1+qmI;dB zcVHW=Q403O_ZYMWA%lgpeGGpRJwzu`VaQVe3cly^s!Dh z^_~K%_@VOojSpDKm#gev7?q6mQBBU=h9>XVqitdj8p(f|GQlE1Q&vD}V|EeG2oO3+h#Q}6?# zEH#@@C<1xVj~G059W}SKYRH}@I8Vyt&pzi9nTLGHipF(sXo-bH_OzI&@dUdIf3Qj2 zhYC~7t4M@GNLveHn7ASmOVmf2-EB}eVs@2f_7?p0M^n(h_Op`zhu08apAU3B|1a+! z9Hjk!4i5IW_P=*|e2k6@01=l@X(Fjx)T=(nFAWz%FbXPVNDk0($X;kwJPDb=i-m>o z`t|GC{xf;^>Va$-`A=iynH<**b8?oKRB|4F;cIM{-*lf}vH=0@^~V>3djOIE`R0Rt z5n#R?IA02&8w2SZ0BRPnz6xM7fOZLRK@i<4xGf(AD)-+6DT@4P1*?{2EjeD{9|OYB z4j{kmd%tN@8E*S)s!}+P>1tUHEBUp%;g5F(-1**5#V58P%qJP9qx+s3N)$3EUeCYz zR0sb8`M9{02mcPsAbT3&Y_NGpr_FZn{_3cGblQ}-&wcmisL>3|g_$|?oAImsQV%`p zsMR`e+>4&huZ~VvwEm)9UbSQI1PIxa6#xHv-t9Hp;sVr*C+wTq^Dn`!ROpg8ykw6% zxbbq-Xk5$f9tVe)4}ICsWf_N31SmRw5Q7Yf&QhW?5E{Ls3~3;i$S2Ho5In5dX*`)U z?~tc--4h2@kI7HbSx@3UQFX++J?r&uy5W~Z287rIEcQkuj@_F=chB|gJrQG@>`{{} zO(yxyMNqr8%|$HeOwiR56^_^Rb4|rsiUkCJCR;ABhSMVQo1M9DMdSY<(fH4Mn7uy8 zQa2G=3A@{)>=j4Z$>ZjD_N%1A^HWjvDGXXl>-mCSSLfms41>|jfIu?BnZ$47ju%2hE6Or0J zeM%pIKc})-%L!Vn9qJ`oylSK(gxm{9>Q~ORNosyFc|YCZp^D;+G| z|35gWZtwrU%d_nNvm(#eYA2w0j^fw1A4kaf=^*~(J(^{zsIIxdx~tH z0t^`R0|AD`^N)!eVI~io3Q55TGrMj|@xnxATc4pV_kL@ip*V1Dc8vMwbro{_1b>OW z@TXUdG60IgE}FRpMN9_ZCYgLLb}u8J^fSso!?iGre!K|V3y=^*-$KXVBK;QWvync6 zvA+xMr;>Yq6chZN(1nS}r@fEGUq5{;s)T$B>)g9&jOO9_3jcKX{fuv zf^(*{{8l|Em3Dz)SsrClP;j^=Qs@VP&R<8qR){|{9a29pr^WAYlOpIEWBtYQO@TGE zrFUC;_w(qT4`F{NYDf0oS(^EiXhQ|)7+YeoB^EzXIN|{Ix1kl-K{j-ZB)M2mDE^2$ z4J++`VJ!Hc9{;0Ks-^9JpG)P+*8cY%&$9h*DXYLMZ~vw95xm6}z-Ww5TmTHAczX+Q z%fEgG|B6y({PlU)s(XLiyLNxyXEpyvnnB*+@b78<|GE4*9slc~T&->S|9dL`$V?&A2 z`XlT<86YaV_|ha^9VO}+MDAJfqJH{4@GU>t@{?zVntUo8WJV;DWf~LBAdZbOBJ#}3 z>CYh(FCi2M@yh9owr>T&FTM7i*r4a#lYid2y=3LSB&%<7W&EY9_quEIF%aMEl6kW0 zjJx4tX`Z_6pdsg$<=R6cLxKfcS85&tQc>RVWW#FffyThIzS5Wj;NXU{Jdp_e4E zK&%ajdcpC@_5>kkMJ(5hsVzl$&fp#^ia#BLHM`3wCO~u;mEd}7$|hxt=g1I|zMmfH z^VOovtC0Sv3lqe7_^R0l3Het{SbY8+`1gExxp2xLpU;YIyJaD-ezNI*EL1qZ4)r=N zu%7-`E0xbn=l}bk%Uk;Y9#1-=C*ST^tUmVr7igMzCPFjRe*=Ef`yW4YK0(?0Rrsjc zXimY) zUeREs4q`d>jFE7GvoQq_5M)h}Ti_naVLmL|vxdmsW!xm)V5n;m;#mmH5YV~v9B}Xq zxxgdH<;;?Lu1JQ@R}5gg=vT}fVKqI%$Pm2C`mhnw0HlEFZxob^3zkMz~}$J|M?&7zyIfd zim`uwS#e7~N}gE+K`Md7-UB$qQ&f-d&ohUY9sBa5jlf3%Js>Z3BoBTMUu`hhVgp+a zbkQeJC})hk8jL)4C?NXz?`JP?a;Vi;4Rv{>`@u*Vh>7+$AEKW)+y}OJ!3|Cl{ZLjf z&oIO~`b!yrGX}pk{{A7x-}Jn&IzevHBj`M^Tlsp?j~_WB`6_vzKh;92Y&(_CF9R!h zCOzm;9lOTknm`m1Hqo(RYp=Nw$AK;i1hGY&E#f>Eaa?R735^&41R)RBz;F(L2zp-w zti&5WAXVUACKGut*6|wj-Qw*QZ~rj76;VtI8G%aT;YdJUK$!&{BBI?+kvkM$#)#&3 zLEbb7|98g3eOBhBDB-(VycuKLLirZTU&ftckoY3N`^$5u_yTNkaEpVl!9h44yJ*aT zP4Z0c%%Mi$6&#@ZK6M%XFdSx=90nO?7sdjiS8Pg@);tCVg71NUy$PFor2yw(jieCd zZ6~`$x&KU*+gP~sgU!8@RQF1BiPm?EHCwECFRX!%Ll`2UIYl;)-I#$#G0=QRE$Nl` zglx^h#ul5l*z||;pb!lII+zpLM7F52MV-HzZ7$ObL^%H)xnnFHA2rg>e(#TBE;dc< zZF$oc!QM~ObH~_m@dMl9Wn2pY@~^|Cpu_JSaW~d28g0?&Pk}~ppxhLdlGjO+Q08+l z6MI?%+cr{Z4^NN{^7*wcMF(|za%Kao1`749_x`-WrNcQds zTwVe&@0q$gKGN6S2Yw-dzYxe@4(OQxvoQv|0TyIo!mF?$10ynC#V=_u=kGFx!6kP8y*?R)O>f3rS~FDaDcH9M_SQs{GgF1nmC&x_y6iaw0Xm-OT=yGJxx-N1Em$LgH&3PNmts@3xO_ zx@XtDds+Ir++f}h{Bwq&( zCN%0I_1*vA#~I1j0e?w6RYgccT1JH#GR8X1*FnCV-*TxxJC_1!6T`cn)1{8jwy?g1 z_4kDJSnBHdksZiG$B6tJeRvP-Gbxu7k5Fs{?=-{%(nW`P(Q#h(Y2Gf#3!uyYG55r_ z2)ISSKN10d`hB$303KaRiwuOX63$+RF(CU!T$&gR8M%l~D=+Zy#mAIv(5i``?KyuA zEFYo~c2R+U<9>Grws)U_`qeG!|LIXbj3B@E!0_c@3|@cSm;!?rg2Kze;iVw4F<86- zXk>xMt3V`!L&Q)2QuE@h!OzYTHt>uS!c7Tz#v$eM31Y-H*vwUG#*UMMkkLaAFQ82g zyyut6#|lArOyXyA1&|nmc%`};NxUeSD**eqXrg|FRA}dGy9Eu?bJ5nED4tdJzc)(# z#Gfb5e@c~dI{t61{JFZd|GmePqAq;rBkIDwy3igY@QVYfz6*XCE+`_P{u?N^3=@&! zsfmXm&#LYH%0VXYyPW+J6hKr|4xBHyC%J#7Clmi8#`g~P|H^))Qcm0d_p96U-*MY1rf7B=J+SL`YQp$heWiZz2l}f7xJ~N=jaMe%2%sIGb&dFlnjm&&idv zq;9`KhNN}G8vxJIAVpp3LW;(V`V!G3=`TsBTM0Npi>Z89uT0pqddr@(qrRxSP98jQ|x}4y4A=Fb%qhf~RK^y<~IAf{8R;>7p@vVB*88lY^lkQzkG{i1p)b6`T&$gHr`^Bb62SD=_{V7@#iBqT|&mp&y%zFaYp?>}=EQ*3$`%CO@` z!!I~kD;V|&$4svpp4kkZk8aMBH!2K@ERw!tQCNBX0<5@#A>@Ij!VWK$`na@w*g{lC z9%;@U>{8^$)0m{ENhqYGfc%mL3p$QrkE8g>!J`Il&dC`(=a44sWU2AYWh(%lM=7W! zd|^G2aW9v(EXlERO8*R&p5^ep1}1*S0>%8mH(Z?bpflHHY1Er8&5LuPrPuAb`MLa@ zdvW*|Z<34fed7dU>2{V#$3}It1hb4bpPPy-)xp}^a2YJer(ml@k(Xw^G;D)5!gH>u zVDkN|cvsdj+N+3JR5~O!8Ru{bjT!~KW(k2mJI8DFfDQfHty1#@Ud}b6BDRjpuxU89~5)d-S#T2Va4c{NQ z|3!4Xx?IK%C%e!wSuu#RTer;yPC5VshuG!saR2e<2YC1Imd)1(` z03j?asQ;4DAnIcsCcTOpt%<#mT%p4HjpJzAw5QAan-(_0lB)!ZHT#n46lL`n`pZnv zV)qx3)VTiJx;im7%qoH3f#*2L4fbQrM*b4yOwKC!A_5f~rUYkMg%ZkAcCnR8(X$qM z>Gf)(W5|71njXPA^W!r{oH;Plm?9eya^vD5N;a!g>YS$a_rO3AOS8N;E$wj=|2<@_ zrHgZ+Vp;CUkfjr2Su+tPwi|CYXx7@|<%3QRX3eOd)^gUHFF{JTp_a4vbd8lN&NEDD zE5`Vw_7z+0rE1G>(pn*Vh&R01#2&T=>)yg92Hw^#mR_gg(vm!96Q8CvamdS}RxhO; zn`_BWsl?0V(a?|z-7I6)+nCC1tcAIHqGIv4uP~D>^#(`$USUiN4&H3u%Ts+&Y$7*( z#2I_}mOVMx#N$QRVSw4dHlZ#w62P^x$csl2GdF~JYS%zqx^VWsX*S8QU4(C=f=noH zBRa$GBvCZ>9&8?LC6oT^4t&GwUr*Bi zgU@ODUn^BUZ|VPgJQ@03hV%A1-|fT=lBnw5v@%2#R(vjThF#;4sUqeL){gvQ$bIPz z{w;_2J93D?3zWk~kDoGzHsq{}N+1j!5xaB*p67m)1HdwDDeL+{91&t={7P{Cbfu__ zUrBf|M7M-eDp#ViDEpJcAZF5k3u~VFHnIQyYXkcKxl~z-|61MO(*O5(Qlvuce44B; zr3IP>Wc`Yl&!FN7L)`X0-ImHHO;OA3sMvC_jqKHH7C)AU6q$x)(5$u-ms@9Fpt2-2kQL#ELuERi7nahjdFV)i7}jZ^>s5Z(LF z@MPjYCZu2)V_`BWP()}U@FaW*L3m33tCg!s{I8VvYg_y8yF5#Lk?H$AL}-kEuZ!}W zA^LH6iLm}Pf?p;prwa$w!B-5mV`wrF$>l~xktw9-!qLc3gCnW0ScPUT;VrwNm+Wfq zSSR5OoAl`nmNUymHhQ<-l{WL_l{IQ(4JC^PZ=wd5%dBi}+4c4**W8R#&A?AKc^iM} zN@Mmt?w4J>e_AGeoru4g6KB$YM;pGU{dfQK=Vklvmj1uXlRkC9+KEA2&taVZ z*we-$a73H~h?u3R0L(Yb^|q$ntFeg{4is{9>je*DR% z|5yvWWd*jsjvG8F|5sA_f2CBaZuS3nd6Jjqvf?;Ieq5Vyfn=>M57_d6wBhr~z##&3 zitx!`W-Htu_m_;U&*_#isyM@1(McuA2g3WHe>6Tn_sORJF6Maw3Ov~Kt2Kcq=>LB0 zpqlpoE0wqM|GPXH{vYuOmMm?Vz z1$m{`5~W0;H=|9P-%@^w(40W0KLr`w3g3SO<$P`)s?DJ?#?sSs%SvYTJspbs*(mb{ zd96Y>!Z%80^=Gvit(E`Z=n!DN{J&q>FQ@arACybm{J-z=ECo_X%K1Njo2Fil{=2?A(}+y%cu2u7Z*@|zrx00=a!PLP}1 z0pY;GIsHI@jVUlR1WiCOpsWczMJ}K^0{LkrA9S$`h8|^aU6k7a&_w_O+p~tq1$YG1 z*tJZmLn_8X*$`PnjN(!-!!Dr!b8B&K2cWrQVi#$EU@(Gi5%hFKP@*a5qI!-kNCET_ zuo2P#495>>93=_KGBPx!IKy?k3nzQE{Bj}kF7&e$xNjSt$K!;NVG-EVEE?XzR9B*cbbT~Dz zOT?nOi0~Dl7=+Pgg8efP;aeU7CP-&gIvoX#F(O8U{C?<3;>3h>OeISba@O5 zXluNc-q$XloId&QN5oC@E#2DL1^EW6MqJWT*VIwhE zv1AzoweXZ7qG5BW7f@ojK_5QuuwgK{8}K#u7xv>2vR~K+F0@r0xgQ8a_6fkFV9&+1 zbPYfXrsZO_SpCGhWb@((2^NSlYzEji7eI_VT9)BLj7DrzF~X-AwE5OphHY5JBZo!c zqHmtz^11P0gpez?o$3MupsFH5_B>ldE|UY9EYAx0#4v!~lXf==vtnfgTFwkpQ=zK? z>@t8y4s=;v%_dx&;Ju3>355R?jQtLK9D5U36cB=tJOo3Az;V&YnD6qgdC&h~fcVe7 zfB3^JhywrIn^yLU#o{i|@r= zG0_U~?F|N71m`2LV3dR3E$7<}EgwApF~aztd;b_h_n*5l>LU=t#CXD&PLvW;Vgi+e z8BG;ycxp_M4WKEA7Y~b^AiOigNxX?hRA92mw8{2ZKzG1+SVycGwxEO$niGA4@R{JD zi7X#R13L6cyysD>Q?IO`VXc7V9v zMGzHCZ)n&WNfJBOwBzD=5+ykw=zZ-L!Eu25GuFU4nAmv680zU|lhLB{#2{4_TNc(B{&1>@*+w8sP#y;pVhqg%rx=)RN5pX0?y{ML_ z**=isnGHtJRu^GE!Qv7X+GG!U8Uq=z7P|mZRq(D6Ry_gz5^VrJOffP*EQ~oAhy@bM zgXdg;aSg;IAKrc-Q4&T^3KSQZp5_xtE?F|(!B$~`JvL^x#F`*uY|u<+8e!Kef);jx zgXIC}y&)O+7y5Ap(#=7{kbr3qT=OiY1RW0ovLgLwV1&0UnJK zn~!Z&Tr!HSxx^!A&Wp1tha2|Syy+7k|JL~QhZvuN!&V_C)B$7g+z32#4T{3wtCZEi zSiGDP&NuJWc~CP_-`h(B4}G$FaxJnNdmefu)_@uo!XCZ1NF7wU(O?N@*Lqt&e>Ik} z={K>f#dvI8X~G|aNABD!YbL6~^`%v(RWlgi3U-Vbu%u>WF;IX0zfF zSJtpf_M+H#d)y*R_u|c|I;5hN`re-Zu4@Ka75o=NZ%m@D)=zoQAjI=Cf%(;m=ZJd_ zYX=L5*rNrH1jYA~i{~I)L$+!lQV01qwoyKHiNiPi^GMWdZxDp*>eJvL!W>zBm0(qs zm5B{sex+bF;d}M{g2dI8f`9j9f4`b>r=-R>2)Ciebd*>sUtyODe+M(+N-bkJgtE6H z(jn6Xc-BQGSQCo5{2R#L(3egN7Ib38RF6<>8IM9?Kry3iQvKTHIw17(hlmD{CKOnc zEDNqdw1=fg4_juqJ*53l@7I&dhQt2 zLFom_RG*~BFQmwCnO$`qReqCHtLt-{W~PB0VO$6KS`Y^QiTtM;-t{&NnL~uLc#wbJ;zYO$W5m~SPCh%J_{StL&i8Lo249ec5Jrqy<=>|n9) zAiPIt^m-XS)z)8Gl;7I5{&1N-K!PCFwq@4+z_!x>eM&_U>(IpGfC}*>Ixz+v+NKj5 z$~1Q-`UD~qRP|W0kD-Z&frSgZbzs;QvT!Iva6Zfr8lx&M##DHKa7$XYu){4=ffTH1 zZXMKPa+Hn$Z9tO0pq9ved0XHqS!`P9EgV$1c7)6f{$*og8>7*`16xO2QdW^mjgg^3 zemvkyFYLdf>P9jH&la2bIzj#z5j3eDwCAsr<{DEJ%Ua+^KTYL~;3mH*H0z*Til`;k zT|{(jYIRTzXyuYwnOgLju1E zYy-YkrYXFRAb7yTHHa_LZM-|C3(@Zl5Ixq=7SFeM{t7%7heXL<7<2__;j{ZdUi#WC z(XZWdLz1rUd~rM|nMzj~ zxP9~Dv^!BQc!NrVUiZukP_aeLCdN2dWx-;B&jbuUx#Jq0-g;XdXttU$+OFj z**exL8tmWdCuq{T>{!~hGPyYJE7CD_Dcl?KOsS?bG5>q2Ta=RMQB>)Fmg zDb=QfmVP}vmCj|`Y0HyxRZ?05>BwPa&!uK-rktKHuKM!_(V*$f?k3v)uvzX(w^~yx zn@z=RN!^lk44cZJ-@3qqlM8|rN0t<&-I%c`O0|Ax(rWkQ_IcNu!z*ikFlg$RZMocSpK0eE#k}lR4q>;iSMEx+ zW4TWolBL#Q*|`%9PMVkfiFSI`GVcaw#}7kADc>pTzE;xlU8&ZFlUB8-NNufD{wCdO zZKb8ul#2e)oA|$*lX9=`w6s!L7MpTw-oi<{F+6ozy(6dH=~I777q}<4`^u!eFImp9 zB45}&bI|DYwYJof=kWCEv1jRnD{DNzd%Wmhol57t!QQRjLX%cE*sZ%#`DECvRT|dC ztzw&#VSoO3H_?>Tl1zJYyCqxtL@M1q-YNPe+XLR9e5OH)BDZ+*sMOATx8@bB%;#Sp<%M>tS-s|krI>QL_jp`^&6=TDwW-=vx>8^3DWmBHYyub1x3<9*d2LU%%A$3xx2Z=DIflq(mrtE$wOt6Htw)X81- z;-Y<~UCR}z+^NiKa?3HVTT-c0(N8<_Tvz3q+n2AVs@XohEX{-_)9tIXfpu4Imo%?o zIxWQ_i^0jo11ufh4kyk5oJhAH3lR3?hmtSV)xac7$nZ%~`er`OHNqTlaSyJh|0u6q2SHch8n(Iu&=-E=z6+3-}s zuyUbvO0B9Sw~p`Rn%t8IEv=+WoI*Vu-*hGy1Kyw{4^De0O08|T&xfT$s+3w%Ur|n> zjrWzacC&ZdvgMxE?mXycjY)H^^rZ`}+#2-c3%!%7D{y&L13jJN^q{F!CHZ`+m0PDh zxz+AWTGsWMdMUM9gYJY*`x6suR{Of6v|0j}n-@|?mh3@EX>{b)Ksz(-_DTDs*SsJ@ z#hl)i+LP{s;&jbcsoj%G&~BZ|75)6`QEO>ceZSvv${nRSm(HZVU~{ETwPTMTWmy^w z%IX}+<<8w>t0$f4cgSwZYJdLFk8i*Gg(%?DXoj{)uh!Ov|2Sq z_Nh(799$2YgGcqusa>5)_RuuHUEkhS)QPzdC)zc9RL%ys=T%j9_It7fW%;h8HNI5Z zXM?YI{r2MeY;fJFYIfH;ulW>v0Izz-4{ft~sVVJlTTzsD*}3ZVFK$p@+lM9nrqiWY zSGP{JTXDMZb|4QcgR5b4ese8Lowj^2yP6#8*QaA)M(Rk za%|Zi=-0iLC!Gyuy$7=f&yJ0D>q2Q)TDador2W&@zS67>l;*`;X_mb~Ul-|$VPC)L zJZQ(=%AlkuO;>xk=npE2c~x%B;pxSG<3W|^uJ zG|yrA*p|zt$R#?I%h&Sa5caAU-M-bD!v{sW>0r*_zskzB)L6m%$G`pNiw)c|kSR8F z*ot|6**-A`?TP-NR$3=RQ@On>N#x3E-?p31 zzMx%`veT9wT{GxJHO+H$tKD5GgB#^cx@xzi+bacEy5)3oF z612_ZcI$4@sq8PL%AuiD@%~-+u-ve&%GYOif*5M$wxje*mBESDS8m&Fcs4Hgo3z#| zm77YxW(=yw5AfmQPMgS8xqsM|<*S9-cc4^iRoV~7cwkN3PRYFPo?Hna9NdmC)su^^ zWIESFOY*uCiKu7hL;FmfYfZEN^>N^~?Y8o@s>~JpxTTekPvyRL+NqRj-(*auRlA!w z70q;njYd0>j-~Q=UsKG6G;?nIT{3N-nbXUPybn+D44obKWw{Ky6SaC}Dm`hUTLXjM zDW+Dw>eH(7sJp$hNkwk9uYDlYP1K+5UzO-xx7@yf{X?a5tAA@)T0?E=)BZ%AGufjv zX&p;)n~|jBzC1UsPNlhas@$rkgnPDgpp=}64>q03Woh!*zr_o!Qr_=aQWcikSE@W1 zbRTql-6xmGcG{}hGSr?qhvvoppxUbR`U)O2HKLxFRdgo7t5fq)tf723V>>h`>6hB% zVy;Z~E7D{x$+vo^-91#~GlvnviDYW!UI#x)a&2FIP>$PGNxv-7Gs#j;yJuIG!Neb7 zuZe4Yt98(8>JzCyw}yRraoua34$cOT{no{mHc^zeOs!7;uyj=!7>eEQ_a9pGhAnxj za{hQ%(we<0V>YF!7~$i^<-k&o?t2*B`jBc~#L&<#JdW&)R3L>#ikD`VY#Lpsq*wvHu`l%2s(_ zvQ2p)mtFa^G=~+mfY)}evNLG$-tnOs?z$}u{23KogZ|&hqqUc z1JNL~%8t}Lyy~7Pa>H)vgI>#qkL@d^V)pK;`fTth>F}|+K(_w1Yfjw0d||Y0bzeTM zH5JR8-c{%gESaR+lyskm&L2A!#gQf#xcbWcpV-&Zd?)}e7%y-)^9TORhcYbdwB zbxr5IujuEpc~|Z=+m+#Ivm{S+UA=8z^-q1TGGscm*Q}i?{lh!S)M0Oe7oA7*o7{A2 zy)IpJI?lK2{>9h6*_w8GtxCIb`0ZNOu6noaDr#N~kX3fH5^W61EkXagmOgKv=JnU$52bKWkMYRGOKcl#Gz*e_iU zPg-r&BCb4f+@Y+TBH2IgQsu*1@AUAYZH`My*|}+#k7wv%aMPJ+{a$l^dfhUQrP86S zni`ZI2Q#@#PmpraZ&&p*xqEoiKf?PRvt5%FMQn;z9aOue3tQ^9Zu_UTnr3z8cZ%r@ zD|9YD4oujRysMJFe_8snkWQrssWN!DvK0I7w%wBYwR!)v-GFD4MW`ihg>1S`u=I(wEL)b1>)tA9~8-(C|^Ov{1|Dpi`O5hmUvVyRzbTD%zkUOZ#2&pxl~v zZrdk!GiTa;RHxdbc5*i<>(>mc9tJ}D9-K%<*F1N-kJ6*uq#ZQTDpysl32kjIF{yLX zK9J>dODdJE>pnf`^;>tt(&4T4*oN&&yV01K=Y!tGiG1tJ!|h6Yp!LgN?;ctcCc7cI z{OwB7I!fcP(QjT{4jzxIP;Or-CFuc9w2oAoxBI<|1v(|utN!fqYi0g$xj5`A6ICcF z?FVTvkoEGNX`0u~!*gUgHMu!B?b;Uu?Xh&&FoeJ)$+hNr>$uxh2FFTM9(PO1KnPl; z%iP<=6!2pQfQGoWZX%ao?Q39*ySNJbt4Dz`3LQ!S#XvKNxM-y#U>T~5LF0U{aS~ny zgC@@_z4;X?e;l!4Y+}B3(zPO^-fH{pno2J>-ujKI(fI!k7Tl~^ZB4oFXv!5)WR|ZD zEM-yJGzHU!375Wq4<_heT@T}PE*qKutdV)%=gEx!^EP2W!)JZ`pYndKmX7~fD<5p* z|GdkSW=*l!pM@VkUJzMtIilAKBjEiB7|51g{81-=a6ER=m;;#PncQbdjX)~&gBJnb zGOjCdI9=j9E;dnNEJE9D27@A=DEOC%F}VX8(g_dX6pRM&uy(0(1{=g~ZinCd=b?9_8-)e|u4mhR$Q=<&FOs}~g*Eg?VPipcwJk>e2V>;hV-?5U zc;r`*hmL{f6xoDFX%Vn2V!oy$!ivj=!8;9&4BOy-gF*2iNNjf0*(j{-`$Ug@1rvO} z=CwX<_Dcx>U%1>hTI`k@ybm=HaiEtx_zDq15dTFGz&rfOLwozb!Wdy2P=$ZzGHB8= z*k;kAUpJ;Z9>0c}h_D?6-S&wRc*RKk2x4T9P)NOHdg%9`*@KPf47(G<9v6ea2E~a8 zX;#$GbOk9E#Ko}3E+Pc+nCj7wjh5x9!ORQmc)^Bi|8_GDXBVvT?(!D;NKDL)m2V-?K809yPoCuF=!PARfejQ`C#_Z1pZ=_r!yAy`&>&)e`4b zj9tyJ;{rxz*PK+Z?D`c`3JBwCmM?ijEZkJ=CM^o-G&=?&8|Iu^n#>20dFsRRls=@> zmKlhANKWm8M^LIJ7ud36j;tDa;x>5t?)9ols}h+e`R&HJxCC?CG?`XL8Ych88yI+k zqz79&&sL6nt{nO7tOHpI1D*qHf5OxN3YN>XR&i_&Qyv_gmF3*x{O0e^RdJxM5vbj6VWk_C{ zelwEaa5e{8)4iQ=iP>g^{adjSf7~0nenhu^m%K+daS6$y%Fzgx0Z_#@@yr)Ne}h+j zF2wsCZsGlJ4Da!z!W+Z=iy=Nk>tBi#mx4Z?{WzB882ruB-EW`NlPUlCg7RCrfIT7q z)jluDf3?q*{jL1>9?wgo%?BW2KOK2ubO&8i@1b&&I#V+_|$|`{RZ%5%z=G~8pxQ4iJ^83O$MUw`HfG)6YuIEpV9DAy?mBjoY7&Ba;fLS(a2EaM{k** zvb$f^%BG_rh%n}SG~y0!e*dYLnG2d(@dZ7Kh@F}Jicb*-O(_@a8(hl5@O?$ng9u>L z4f8_LVQ3_H*oi380(ChWQNSxDPjJ~9M0pgVZ}Hp;|37>0zm_<%EexN3Pp+c2J@1}& zjz9phTlbmyUPVxBK@Go@e&=b5q<~10%A^8_qXzqC6o<1b+Ccrp9a4~9nOEVv^&?sKGq}A$s`o}h0l8a{bHFY zmhzEm8_~*%#NpBQU%JN2Q@O7e@js?9J+Yn!{eua;$2diu`37i|?8rQ?k>Adf{|eGx z!EP#-B+g_imkY*tr14{;FVO!VIsZX^pYg-Tz!m4eY(Y)d|NfNQE4-ioHt{T`MsbrR zM*=-|Pz)}<*1lbS)1n>urqg3dWcTGxBTq$+?1`$f-0=(1|x*AWpJqvDFOD3%u5g7+N|c#Ps1MkOgVaqvJ)C2%R#}6(^W=h9J5J zUDV)pQKROupC278T;}?GJuAu4_Yv3Gc|uuP8Y@h_KZo_d!Ohu1{_i8=^Z%wi1dZ7b zN`RI8Kf9ac|GS^^@BDugkHr5!2D_6ke8AGT!AA%Ck$MEFR!~R&c9PdebqlbufR%5p zXY!0_ZtGdS8QwMR)tdI)1;l!OIvk?>nlvp& zVZ37Q0}v@%z*cWeW<7kj6)|@m+cu;`_4Q}k-_JoQ5a{ti6;v1c*==f>(393aO}{ctvz75QIs>fWa$ z|KI!ce*eFbXMz47MdBr_LYE$zm}n|%`-{y-!H0s54k;Neie^|_V9EF176Q&2X9fF9~&4<+Wb1A1dWP#sgk(wg$|2swb? z6|%x1&;jVqB&?W7{V=_dEpNFVN{I?1Pmr2Fg1>ib*Na)ZV&*NDbmjvn@4FIy3CBLP>`%dYblBHyxd)J(LbBrgO{BoKw@X0HtG=H<5Qvo9+P92lklwpof5g zeB{}tL#a|{jDsqOaO~rhsCbr3LYQo0YX@uvnKt;ppAdZi`{ojBd{083H3KEzH{JWD``%6W+5wS2 zMkLQ29VyWL;RC4j!4!oB@&b$s@Pedysi|q89j=zx2s(te(V_FRFVqzTevZlJpOd40 z_y8cGYK(yqVHyk5tAXhNdW@e%Gh}7`n6g8GLeKyM4>~?@(3C9)VKvAjSj7kge3XIR zo-gqCY}xwW+0Z*1dYAprEBn{YXYwON{=Sd?efH6_<}LaD6<;LmMa}NG6CaTTG6PrO zW;N^!9lBrJZ2A5?)AOkPpKp{Ob^uyo|KHvHGygB3ei|1|r^U++&5_sAtVakn9X3?>5&ZG5*sVII*T&SQ0M&4(k*r#u%B)5UCOCm?{FCD1EFL zINt%#_pN(?E&%4eG$U)#BZIEx+!b&G=FORo5?w@2oS_5gg82CLJ3Dw{V;>GA-_oFE z^p1z%M-!E)7sQ-a7wt>-c1w;!SP=FgI=LKMR^T%#O@f2shA-uIk>4xWN*H4TlQ?~l zGdWngTFd28oB*WsVf9Mw_riTLx%@}PxHsuA~F6u7}^!}fvnBLIC9S%#4NbH87*c$r{3M`I`E5rhFI<|Ze> zXPG<_u~h8Grgpvvds^wZQvcS}&X=QXQS(I@Tm0Q3l9yYro1WxgFaK$O0X`nz7gBl$ zdDess4XLk?Y4MZ^pVeG0d^^F`*hW=m+Lk-A=`VcUGQRCf9^EMy8!6N2V`&6FY~n@2 z&HK=r!dVb3#a-W+CV1jO9bF>NWa;^_V~_)&Dl&8uuQl-0nL^JvysXHSX8On`@(-ye z5hNEZu@8BOSK`IOY0j%}Kdk$$vIf3uZ~v3Dx3`-xE9qs@kmv$jQo49gS(Qv#wN=9o z+DasH5(n4HWmKQDa(Mvgr*oS54{yp`WBqU1kJ#@_#pMTE& z-Q#_dk3>Xi%GAt(gFW=TW2}h(R15iJ{+E0qmwUhe+r;w$TteSRp2OVQ`09h{5ILYX zHZ8++2Ec{-2o4ZQD<42(Xp$fiAOU2EEDH=Q+zUeuc7TU0Rz8iXBGT{BF_aI$5mkM` zN7qAr^9~t2Sm7VrX>j3KGk_h|l7a+W>=d?C}P{j4rmqYz%V_c zqz9&-VgKdeE9u_7mtp@6ei#li^gqF$Wa4C^j(SiZja|?;Eku-G(q!r?zodI`r2LZh zZCCl_|0*9q3wkCV6HqxW5hX1u+be0)Krq9<^YE>bo)8@yD5G4oYbCAzcVH0G{x6;$ z)=o<27bj`kc-Ao<-~YSW>|FkjeD=Nm!)Bfjpg3g7_0I7?QP}pT8vz6=4`HsZRFUgh z2*l$87wFg=_b zV<_licreMPv-$Mr1MoE@eGX4T<3hGc2=rztQQt89A=9&PFJnWh_r$i(_Ck;(4fItY zIvNl9=G_7Ckc}q@7-MEe^$|Ziff1UqO65`(3l>Zkof#yot3QbKPj3$EF9T7CvHise zTLKb;Xm2G%i_QX%z!C!U`RTwEUJRH|ibR`>!V;llEI1_q2Tw!qe;s=s(*4lh%jXcC zBBRmvo<8;6XP$aW@Z1A1b}U2)m@{`{PyE&&TNX=Y7A8(N2|#yrs1XC3oV+%#&J>~T8W7pJ4#v40S=*eJh z106bylzWtloxV93d&pokFN`jrH)A3;0yO^}Sj)W>)^hUpJ;u(@zL3<6gfwg+cD&|? z3V{JCXOdSFHa3t%8B4_aqjSu@)Et*cyCkDfpPf;J)F{hXCY344zzH-hrkM2;vNs$X zy6zm6#yd8QFta=D<*SPg;A7Xq79Pw1aXkbLN}0s>py~J|npfOB!$@Dpj*eWPWTw~~ zSr{55<6{1wl#gB3XNvcklKRYSgNX?l!E}Sq>g=mx^ih{tUHKgaMZF)l??q}#8hrGJ z&>4{(@b!ONaB7*z|Gd9&J;Jx!{}38dnUXO@3YG1YRJ*b2J6(pPsBVtL%q3VPhYkXu zhxlp@1|B{AA_I&a19@x$T=nX%s-@rMnzhsgeFuh+uwDq=U~HF(A6ySj*n!mx_uof? zfrD8-e~LXGF|)wYifo6waF4UZRfL~=b_p4dzl75z$A2M_u*aF(>hWKQx$bc;ST^s% zJ0E@zMEPe>Wo&{iSS?<}Hsmya+*P6|QmIu;%qfFF3G!Gm4Lb82v1D)4?c z9l)@emU=ui3<4lviK8gsbQ{vP$r1V6VHR33^ABJ(Hat^%kwD)qIF zEd2a(8)J!4C^7uY?FuU07{M`|m+Fl0Sh@q5>?k~2E{h8QB`VKIdXi-sozsBdq2n>3 zT-fJrkpZ^2uhSOGa^_$^XfILgYOa)}XY!Xq{c4s(hktIxGR07SG$yknd?${vlD(!k zqkAYwf!d`y09}!g?Ne4Coox;+=zzLuP2fVvE^IV_trmhVcIfdYocaro6SiZnU5a_DTp&sSU}+Y zwU8#VyWd3<+1>3m(6IM{3gSA;u=jFgpsqK5j12yIJ^*%wbWU&$;v(Jb&nQQb3)BTX z!!mW`5R@9BS&9d|EhY+e?}*m{mu}EnLZa$- zLX%auxq;vS7?=rK<^ao$LVRqKC0G(~r_k|P9?3^AlmA}K=8` z5uu@hNqlb>N*W>jBkAXQtm7mmwNy(XXlU$g7s=;YjE(S{f-(tJbgHterw#D`VawevS9mbm{&@-v#Lek(E zxgOG4cHC$fi8A)qTaf3!kUKOC6p0yvd}gu;%Bq3NC0StO2v;gn$<83b4yfCvKU@gc zEqzaRbCN!`8(e~|n)M4AId^0CUZ8KmfmlM=vnUp@2MlH@3+V7`_mVq6b%7^{_J^*; z7=>qqQx(b3^$3WAK@u*b@v)%Y!gL9U<_Q9|olkpXFXp z>M!$w4IyE9Ev>5XQtHHRV9H)K{tKxSyIh?K7!*APbuSaVe%1wKh{qPsDBMFLleQsS zg9%GuZ2FWt!dQC1FdQEEL+A%RVaJ-uU13K@X+^2@!3>YVlzn5FBW6JhoC$)l767;d zY&b%I(49hCIE<|l@liS{z335+;)65P?97~#eR*?{F^&_lkDyolMdd*D>mnHVgvaXJP|Iju7m zkldJ{s2#IQI4Ym88`$)grjrbceiQI95m&bpPwu?Eywe3PDmwsL*clK?hKVtQexMQ7 zJE(AdVX>S7}TMd!m1x|CByXG!VyHHI^~I6el)%n{^t z+>1V6OWf_o#oaTWEAm|4RZRzbpf?_XzIlg8^p^2yx?#}(T!gz%4|3qgmw_t?x(C^@Yhprh>0ulBLo_Df!bKkR zu@`imTbK4;>P(vxx|Vqd{27CoU@opsk!9yua$4prXy*VW!Up5ThU+-j(xOP zyX<@Xt)yP&)>Az4=^W)$O@c!AG8W?#=)Lp^#|0&G{oe@zmtS?6gGM?HQYp%AVs*N| zs=u>;{Q6n#hIgq{LmMD=5DCv8hPIFeJcOz9}kJ023dp@*)hsS=zw6g2bb&jra*d%6UWO$I;(T`Qyn*JjzwaP!WS1bZZkXs=wE=Lyu@XIeX?4w_P0hPY!lUpC7(mags+nFFZLM zgbZZtgnn7VXMy8@@}J<|n4NoUY?ytM-4~~LbVWX90_P2=hGrPZNP{{vo^f9Y?zvmk zjzgzks?d3~(+T(da9w;Raiz)(n;eu}2#P;MGj>E6 zSh&|iMo5(&VmDb*Mp4==OC#D%gHt?36RL2>swU<6toVt;k35!lA~!iMiySmf91(_a zfeXDh;^;wX2)E^>f4 za7L816TjQ`kht-a8G*3tF$*2*9 z5_EP~eaFR$kcB~Bdprg9*z!%+3UA=Zl4GBAW@c~Z*`3(boYyYL`a*Al@H}tPBPn0} z9`=VI!4N10P5);iZuo;R;WbB*&ShQcJlqu$n1GK2A@Ef`D#yaXR~U{w)JGn2bQDwu zA{jXLhbi$_W;?hOmJ?NYI7L5707U1R_{xJmV%P!QX6VSDBZc35>WE4hIb-) z{84BHQuw~jKfZ4plA$K*d`>EGF&G$X8QTg(DwXHP%z?IWBJ(l$tbSGj_Q2=e-8=)6 zt}O$NEixrZ7wNt^LDr0l$8MnF(%0Rc_}`?X;I-C`smxtA z1al1z_ngsPFh#1hcNZr72`&4}HezBgG2FPOKBD?JClo1>Pvw}oBv8be5(%*zgs)#e zWD9Dp@cY7(2^Ek$Sq2I3i|E(P%+mey&)}+`&hxLoc===!n<^(nA20iw-Ab@%V{mg= zJr6aMPzKQh0o4X$)|O}l?hkE5Oi&0~#^E?77GhZJnKbw+-BM*fWDB467NcT${)P-~ zw7nQk=0MI3Iux*wLr3dJ0(Q)fGoVhjRe5t$QivEj+qK*;jdO(r_C#Uy9Qe2k6$kH{ef#ttuP`cvq&mg9Hg3;SHscrP2cvE}%M_ELak^$L!COmt}R z$W{8^)62shK;=MJde;^1DCuB?-R}TTjT$cnkC9_Q4lE>Lh>2fA{uFy7;VEi3Bsi0Z z4)aT)VP49o7xl)s%H_gKm8gqHP!{*DGaXa1FA{;bF8#R}{@M-gjzXX7y4c{!`a-ao zjpj*6ROz8KXuP}T8q0i7y8vJ5;!-utUTj&B`Il_vAuKLh-V0jk@VHt^+s22utlo}b z%s+X8xu|jO$&Is7<7E_4Ht!-oK&cDXUX9u>BZuXKhmEt3(Gpc@m&mU^cM=V0KR$*x zcA{9aNHYxvRiBEkLOw#5`qb@Q$VJl)b(bom=-Y_A>0%@PE9{La zbyrnW*h{GeRo(tOq(b>0`N;WSE@};}a@1^8YR{VjW<~y|Y_5FtCG|?Ew(vLXQfWo(CO$2ynj-x}32w39IPA zY=a{=1easWVx`;>38Wj-T}88WWB}%IX#Au|0$g!mJYEW(-L{L+T4qoU@0&~qC|#Z; zhucBfR2zsHkSS^r=;~%hvb_fCGyy!Tp*XY!<_oI&Ug|A8{Qq<#SGT!0oarPfur+FZttd#q(ypQQ}Fy z!LN)zr=k`q;i0D#PY<=mx8sTi4t@nceRQEu#y#SL|CQPKUpqg2G)xct^bz(5OB(po zM+*{viai7T^s##QrBtq*m%g1>>Wyvsh|az=k4nXhTDfvU`()XkN8=vihsDe&Z}5L9 z#m2YNb*Tt`6A-Sr;o|bwhuBM#(svmSZ8=2@|VXIZTmnd&LEX?xETfv zG4a7q9~1c82D;DC#2`5M6-49wx?pH9${UKp5yvwNTc#ua4O|cPEpssRCHw-Rc{3A# zi0uFT>7$tRb|{!rDKV8m=hwL)0{{Fc_&>^j{wGKDw&>767LqzlU!GpnZVo^MnW99H z9Y~->D-eT%e!LWfu=}V>MOif4WdnT>5%*@FA~1G|t^DWzHv8ZoK}LPLko1$>Zy;l! zNyeeF|6g28Q7pKg>G*x{GyTTFe$>wnaIJe_aHp4_|3yD$S-GJ_5c{idhSOLCx;&u> z^aJHT?GdH@lnc6s=`q)Z1$5C>{?o@}eYoh|f?*}xD2oVW`GPH{0r2p^EZy|0fS|Vn z2i(9xg};(n!Zt{yMtQ>SyO5WH-T-W+QVve>tDj$e52C&~+6rf}kf4=C5FIQAg@3dN zl*AYb8h>q0{5sDf%jI*A@u>XI7V@gPmyrLty+Za~{%_*>Af49uDP-~Kjk((sWc7oa z>mBB#=%FEUh&e(0(w7BC@MDTeBv*!%!&3rN4%{1?7K@1cT5=|M#`CSmZ_yEb!IJz@ zMMUHyYMlS;So@cvbh}+0I|N%u`H3F~J>+7R2OzLafn{fjpvAl^_afsN9f}Pd_z`e3 zCp!gmk=(=BC%y+=da9AL#Xas7uq|JFV@HADYlN#XC2B0hE8=faJlI!y6puy{H3_zZ zgv}r*-^=E3=^=JTC8p2qkdmWGHl5A>7yIhaFn}MP@}-P~KBh-oVGhtOlVt;ymg1=k z5uui?L@=em&=46EC%vy2?w4~!u-0>!KM2dyQ z!7|ozT_OTevUexQ$ ziIw7j_`*(?w2;O-NynJoMZLZwXV2`i+#p?fOVfdQ#t`l?n03Mw~=Vzyw_q4BniQ%$M4=OJW!Ncl*ioj!-V3{LyW0K;car9U3x(%M^UCPK9xSU zEIefx4cQtyQXEUHaC=c9aA;?bMU2~BygSgxv9z#WUZA7kxNA8ug9GT+%OV9A72jHVn zJTk9Zq1J_w0xN*4^g)-o!|p`!nt|_i-0SXV0@whcS=q>x=0N3ezVIk>cyzFVxCi*7 zz*YKD6lP5{;l6ncXHte3aqn!r>_i>`^>y&*&)jwP^#Xbea7TL(9$idBf8FN+bi-PD zFNe%|JW631%ZGiCvRv^fA(p>6UIZwP-Pd{^K=;qTUYHse;nBj-ID!^*^hZ|k0aPvl zGz^cWb;k5OV-6hf(d>)l(5{CkrV#}f6JYw=FFlzhpmw*mUKx*dc1G3M8Lb-!?h+Dl zs!kw|wg)}Y0icK#!A~DidT;;^+jUSnKiV8lA6PBS7axV;G2Dy%bh?iI$iHO9JHj)^ zi5MH%qh0p%T(jqAe>O;u@tB$QfRpqd-japdNye-od05O4`qI-`2QDDcRfmo8bU zAuvIn*`FnCp@Awn#omZWS^7V+GO1a+^*BubMV zqVf$r51`u{lUWbny(B6b9%HePYXT?Hvu?zlQxwRvPw2_jR&J>v!Sttv;0hFRbqRtQeK> z=)?8R2n+D&!@+X`_H54s=<*WY8xYtG6PIJlsR!jBE!(yqsQ24y`T$X{_4N6Bwaq7>GSBA$W2^<~; zZV?{qmDc$kG$TMwSbgqlXg(ZkK`)m-8QI4Lqo5^^TQa8RWQe@8t9V#MvTo;{d;PDNRq5yRx zqp*uEQSEVk>VE)-L50XSN`~RH!F~Nmq4lM}HAEZ08v&_RGOZRxZ5q_M!!36t&!)5c z8@lz{r2dEvR2K;{*ENXOq&9DwCO0W(JQK5u7ZxO>wvHo7;!cR1vdSnS*K%>Emh&0)Pq4NRM#&!>Ri7azr2D~@)Jb-Tg z=b7SVGh-tgd$TB}PlV@@jL1*^CLSuU!4`*T>)_8V-5qZoY-LqdwYPS* z_!PDdw)RxDYHt0tvlUDt`ZkyNG|xYcDFNKxldMp+25@y&7A9VEiiv6WZQWlBJbGj2 zkTePMwhqA7=g*%%Z-Hl3hGKY>WzFL_jqGL%ahY(WcvaNC1|GvS#H+CRG(1Mt(_Z1> zcw`yCFFkW&T4;buM2Fm!a7#pf{wP+L(&OV-hYyi=)LfxB*~dOWs*8=+aDD`vJ`?!Uov;imK+A9=RvFgic+ppGt)XEG|oj4kF~z!#$K1WOa-zI9s;2A3%kF1q}Kb_(--FSRH>RAm|#nwC|Um&B7Ui zZeD#2Ji05nBMYEmc;Vl^Wi)Q`To}h=ADY(KLye(_$Pil#U7a65nSTZR;Ip@i$c>(_ zp(TqksI9C2|TW`vDe+#uaCx8q{lTj_S*aU^%1#2Jd&rx3=81a2poRx zkl_H-jor@#ctm$R&sT%joqyz<$j&p|6dp7Rs?`Thxxqo^wXyjMcwGN#LBgYamGIg) zTlB;NdecE}nCC`p43E6#;CjHFn}p?<<5B9edoE9Wg&flvfH#nBik@fw+@iSKIsjWk z-*>lmwkXtF2jH{1vlUe{Vn2LV|JsRvPNMI3ck{^xySw?ne(%QdxK=Iz0o;2+fcPlO z@VGP=fB^12AwYZ-8IJ@JVq)iTwcC`$A4MY&I9t8TnIs+`$+GYm9z_cL|G{`%D|e3o zuKp&o^(=TEK=)kYS1%cel++(9m#g*gQlK_gE}5k9@YoLvv-(= z>v&8pPH^U+X^1z-J9}yPS3eu{lS<%m4Lvp5*8#rX?ADIy;V*_whQ|rE#x|-_e5~o3 z@&H<_4Nu*((BJXZH*^T<#`ZPG<5MCR13bQI4Dx4#cns4@KgCZF?MMres-?~l1-xP z?(5JakELE2v+w|FF|#9W#B%lf*o(QEiLSv2&4Bq@iQ-;?9@o5Dn7>!>eW(wE^Ni>) zHA1r#NAhcVn^92z{A&ZF@Ov)9Bu(x7DRFU4?VOUM7b}3mD&GZmvfeCKbLX|5O~%hq zWR#wg#peNh{NKhho~rkZUi)$<0Byb`TJO4ZqGV?fn?Prs6Ca5jAwhkGm$FMfx+oQ$}>yHDI_}*-NRXmQz zOAp^7-S2|1qn8ExNzVrJa>22Wi4HB(8LXNAn%x)DWe#o&2{^@`d5;|*S}bMrq3H8< zf(m1xz6u^~)6qmU`lI&8N*_qgM3Dt!hu13Zo5*6NFbS|t$F#?G5aJFtejED$y15Pc z)^|c>C=8mud3Dh!g@{K<1exAehf~ZX3QO6D$TdVa*i5`or z$=jkq`FRz36nI?eDV3zhI5JYOo=zG|Xs>#3LWR`%s!MugoM*a|uN$JkTo{zj$ z$HNC8T^54NusuMc13*jzrF7^8n&nGRWa+cXyw~%1Tv4?mj>pPdu2iwXLKO?}xT0#s zYI=M#)hopOGQ@{IF;W45&y3GycwAAn;_rpWiJJbLemPkU9;L@eFJa?&eABu2HYu;U zH6bl-@T=INJNhwM6YAmhSQFug3qCHc@g9|i^s%r~zkGb$2Ib5WJTljt3A7gG1E`3X z0Qz7$H1%O<+ljD6bPu|(9l*fyQ#^0go<*ZPf=7;qhG`=_PRO|jAbtk0Pq`t-B=d!2 zjeto2a*Wr;A$S{jT<%=)09XY95c8;z#Ep+Z-*k+`wtp2a$?_IP65s%g#yymZet4cd zka8T-rH3Xanyzz2Bi+vg?%zRRlIR8K*mkjl9G@HnDHl@w*yDkJhQGi8awtEQLM9x9 z4DOq15&YxKbc6gcfk!dNDxY+EQ5m$DpM4{Nr8lGUu;&5Pp^X3wAOMhjPg%EhMp+k+ zafNaXJie8}XG`$-l(KH?jItV!@#sVDg8wjwykJ`&zO{Hm<_8di^(A)rBX~TdtZU(} zUP6zY*S)P>{RZ~6jK}0ISc%8Cva8>~z7}|NZkc8im*NZLbv#%z6|{RsSif_I8;`$! z9FMx^UzV!f0Jz3^9q7pO&AzGA0|2o=PQPN{a8|^&jh!$|>Ax4C_P6wZhp}A0rO8Bp z*%>kynbZI|$b&vIb|`6@JRMtpuK)}>BQ$%*;|e^w*jr%x zd`K|GD1#LJ9yq*+1uHPlv4;#E3$pp0{{XuC`|3+)fLw{kMOx3_?OYf;JiQD;SL1PE zwbEFg4OmgEIH;T{hArZ*7JN^g-2=Qa#TjuxONtyRYr-xu9Tu7#Od=) zcGDs9C2^ojhM1?XX9*aBLr)R<(87b? zKeBvw2bm0X-ShzYQi4GfXBZS2oqwCz{uf<4WV`-s2k<3gVe$_4#hB87%Rt?jt2oD_ z=jw+%nciBd0Yu(C5sfX8Qvz?mb9ELrhrCzue0~7kM;GpSP%Po`DMzQEqQ|E60AdOo`Izx6$AcN2llX+`<) z;R7pl$stUJuP90*?tddiwum&CRJYKv?Rsd49AZw;4j{FJiv4misH!g z5$Ig>3WXaONJozEu>v5m2x1!>$YN7tA6bx2V1g7EdeATjc3M%6W8IGBRq3=mPMZaj8$ z?gnQ1GlBP_c1$RSO#+6d*;*_pt&1 zbY=nDbO2#V^&xXG;4>1dAC$6E6lrcg93c`_3}ae3L7s`n#G0i+nE_$422fbrjD3N}zGXTHK+v75FxF*h7*BhA_bVqp}rNh%LmX0AvmgtivxvlMjA z%p{x6e$ISwu@OKb3IL@h*%aj-l-lQN0a9oI2rKCwfX|;le_lR=rN!%ri*#o8v#i)0SYB!3G5b`a16>!!yxDln#yUvrH`8o7Do1y%|w(ZY15CKYaM5c+P5 zbJDG#ceWRO%B3v?C+urhB8{c^vMhl8A@WFCDr2{-hB6yMw4w|lITA_7HvxzF0Q~tE zBbyHt)rJ8MUH8zlF=r!nq*E;iNU2i7kAHA|KS0-obRf~8G{k}UiSDc5-vAJFZaU+; z=m)@}nhtCg2J>lm z20TQ7GTQ;|Ivx8q1#Htf0NL1&0NC*E0PGbC`9k=jPZ(rx53o>R7!kwZZ&ouF{$0dS z=O!1yOST*G0SK1l^@A5h@Rqhtt{Flu{9s z$N=3z+qDq0q0FD3);>K^L6M1GZi_>Nu!eqZoY#fOcv_FXMYfY!qWF1%)!v)ATn2`$ zRPe+3(llvB5vyW4KH`Pk>542w;|}nUjo5_+E0)L(3Y;0vo7_YS`KUd+M50<% zZrSwEXF7fC+2Szhh@HrmJ`)BO2T^;xm2e`}v1Rey7aTm8k~X95TWlXHiueg2s1E@> zRNIKIwKPa7MMd!l&3TMdIOdzmieKvqpZMSmmgWgUfyA9vW^{sEu{Pe z{%)}TKyl!H2J_WXJUWmqF-y+K$qC_#b*Ze;na-nbX{Ckl?5%Y#;PgX|h{`Fkfj%nLje~R3Au(tmSh{ zrBaIW0W{r#2dUtr>kAqf?4{MTswfr5_pmXhN3O*toF1YeN7NoEhk{g&JOoGdo4}GG z3#3aA2eo6Ot>YmZPdLM4P^5v_Fki0rVIKH`{+08`3|4aOkr(y3`DuwDQk*)B6yfhnQ~O@>w{ zhM~oUVj%=@M;P6D$l}||LDLwb2^dms-$6Pe1bQYjxzLp}g2mnCi%XRY_D{k2L%jh8 zm-x6JEP6m>Q#b<&iVYI$(WPSxB<&J*4o4niw2qE|KX!z46aFl8kBm)j3&AdOfKaxg zG2&VjJ*B3YS`^E=OPDNVnRyLi8i4}+a$tCn#W&iPN{XILkO8`B&brgChtqS(f+JD7 z;=90>$80acqu9bzV2?%8<I)bk%DpK>92z1SRbie|0=x#u`K9oD~W+loPlG17}&xy z+uMQ~Bs0G2;S~KS0T5GD<6n8uM+`es`l;CWl&AuQ6B5B@=z%(<0@?0*z`WhMN(z+C zJ7fUcBy?d7K<0BPhN&o-$m~PY;w+vrQOdk^Nazyq%tQ8D8~AW=03?u7YI=|Iwf|;J?Z1AY z`~M2NSJR);D%TCF$RA>EwqBTZLP`R08B9@gBxdV9ys+LYX|ja--6R*SSN++yuDol`GT6%z?J4QyqDT zsTio?Dfc3wj2QO;LB1cTb4*zBZYl9{l4f@U^etrwjGh^1*kQ(h)v!A z#9^9wqyftuA#Ph^<~Wwtp6)pVdWO7eOnbGVWA+iDT3XljP>SKFE7_nKjwm5fpg2Lr z5l(-hP#%EKs=~=9xWDA33PoG;c;nsO{CsQrBU`-ga=6%f(SM|vG&x{{tp%0bfUFHl zL)-{D1H=e}**3(51gHIOIuZ_z;^ieTSQ)=jqrx|kAC2OrpgOV80p|^cAtVb3B%oC3 z3@+zWmT#8%g)XOYX3>@TRktcKEJ)}3*b$uT_JNC6OtTNxV~Ne+06b7Ur&0<4&^24g zBh0oHeVdtN6#z!2V;l&3i~_{6NJkVPu*XSAo|ITjx-x8Gs4h%(NhScW(;pLli{%f4 zyCV69o6l?rJtL)KBe>dQBuZa2&g;NOo^3h;D~^P>bnFBZvWQq&QMP+2fNZ0mHX4^~ zStv1uztm+zIx(qeoNzpWuA1JXWDh=aJvI0}m(HctZL#Ls(P5E0pRqgOL(rAH(8MLa z^vjXy&_hcXa0%W0^UvU@NPqb2uaxc?U490UDG`Gyb3#~fXY+`;P+S}&d-Ko$dWI#r zHAUi?=-5T`4v!o$;lV)OA;HZ*Z>cEUnjdPGMtAN=$q&@g7Yv6x>`G+u_(H)E9uc(r zxaLDgjbB6yX90uztutLGw3jmC#hyd!Oi z$Z9r)AUyWwBDp9nZRJ=|-)@zPNY&$-%MjWc8G~AdJo_-w0H^sAW-5371-2?@VrXJAF$vTC0<(DG`iqn z4qp#!`Kso?<60Rz_jMO2cU^JPO)wHQy-QEQ*aK?1pr+MrMd4|1sQ&MbsT7Hb0g~uW zyeGNH5X?y1HU~qWnKu}bxdtU@X7QBz;GRZ7bx|J+*Cu~xh8{$wZ8`(0kMVy5b~JXh zUrBj_I3$Gg-A3u{|NDOzEzqJRiurfVt<9qKnp--bL7(;z@ga*Ph%cU2sy7a`#~Aqv9!JYE z%sh^o5Ia$oCC+H)0I$?e&P(5Fht*R3@~{}et|2bACV{nC=l1U{{)!9(ocE!{= z@u{#BO+%K$cdszYNrr0)A2l>x^dfp0NO8`g7b9q0B3eXsv9hX6(wzFf+l_#T`xz#J z(&nF7hqTFMJnkjgVJs|WtqudzdUtV$j{JIMhmk%`So7|DhqCV^eMxn%?$Qn;9EPsg z4@qxK8HsC6nZ%Je*P)EW^*W3rajrudiBHBM>CSg3Baz~8cQ>EFA=`^3ISZH$Jw>_n zV!CUA>8=v@r^-3!#{}!p7xv0O#wIgf2K_L1nLF;g&(bFa_fKh1S=?`QRAK&$QRfCm z#Q9lBrDy=?%-GpI8p!m?++g+C-`oSxBs|ZV?E4bA?FCuTdb3a<$qG=n-Z*U3kH3{_ zhezk77WeVU&(_u1r8xZ6~gZh|)Ets6p*hNk$VmhPl4pok1KN{BBWdDQ?^K%KC z$0AV7(5etHN(txy(9?^0qZ{5TN4l$&7bChp6`CjglKDF^RWHIhztYy(T?xN4z;ZtX ziQDJ-G)&##221&m_ve4;BN+^|(s}8yUP}9}^}J)Ks;cho?y~<^RWV>hprJ_!(0@@;}rc9xFMyzsd9A132)Z0S{t^2gY}PDxOkJ zx>eHZm5ZAAOi`NRj#&CW1=c+Cg;%>DhRCwhL*KTP7E80kc%_90QeTos$by4crf1=v zaAD6dMoHwi#nZ#uN$LFJByAhw68@dbEqLbl|F=e^asI4aVAcLtch$uH-_7Q-@B4of z&x&3DzGwc;A8G$X*G+i{8a7JX#&eFbV*lrJpFSn!|EGNZegALb`LM+8j2^y9wn+%| zW}xB>Sg17P5Q_5kd;G#&=J?^0OjPebvn^ajNX${ESSyx!!5QSalqG!)07(fz)*TAE zW@-R^G=(!dmKTd_`U}z48DcPean5`($Yax#S1Bn}JcHwnm`WG$%Q|yiU>}_kY?ub!^_HZ%+sV~kg}ocn$Cb^ghyi{NkA+N zF7Blmk2{rUAQnX`dERhOMoJX}#7s3_nDAzKPKU>Lf-qI2!t@S7BoFv{9MWx3)TF+& zptH(*Kcx1Q*d{5Lw#sa$0jQg{Yt29qGA81yixwUmfF-wBXHj@M3b7tZ@c$T_`Y6RP zllhRPAUH_(Q*@w|xHO^^A~|QV?nGpPVel{~HveR@had_9GK&V^{JV=J!LC zCM!-KD@w~GCXadgdPRYwOYE%*SXf4VV;_4av`A*ahfWC^$ZP|batX=docP|D0ZeuP z_IM;Li_Ks-e~M#V0vNiGWfoX911#5eIEIhGEe?Xmux*bW)1U2t3Bv#zwr<7b0sPDc zAoN$h1O(2&(ENv@{1T5o77+;~?gbTCK5-vp)7d==17+ICdpBJD@FVGex|vb4DVMk@ z$%*Va##p8QW%JpD{#VErKE3OIn|R)1q2FVn-(#Wwma)(xUiArK(9aqKJr@Ga{D7Zd6TJ8|06T|W4y!3G2>mcy! zeS7~qJ&FClmm0co!iD#{CtUS&oFg+}o4htfSMk;onr&j2%*`X&8-UU;KVeE(;2DFY%K zI|TX9cM4c3|8sNuKc9cU|J}&*z49NkRC-MojI1b}XzIv+m->IRC$azYDbIRl>)$%( z|785nUST))zW+DzJSP8x1ZMBnzklB+vHy2d(aNTHM#vvm09NgPwNRMb|LWfR{@=tC zEjKG2$@G1;?gyZcaqvg(0Q8{uzM=p9p2YqyqS z-_1PXO7nw0&rQyqdt#X$=?^@6T<}qf^9SzLNXFKqjrb>`N!+&!@;ZzM;HN)NFY1kN zmCL`x8w2`KM~;uY17PUc*GAR9<&)U|dwl=%Y*Np40k~@a=d(%uzmU(r@BfWFe5IMx zAH#1%_e|F(JiBC24i6w_f@j~b^UXuV#STFqgMWM*LdUSswn&E?`|)6ipn*K{ar*!o z#>cJmF-+BY|EUtUC~ob5txFHF=5B-fQFX@AxG4|ECn0=qXo}%HGia&o0{k@AkiqJn`b_^Edc%wRHM6 zD6_vP=kROK<^6g36W{+VeDE7jF=>1Yld`1A@JGg2vH!E#x%2<0Z1!FLZ{+##k4(>W zGCfF!ib9YNQbcugRP(bJUXnOeyd+JwPNY3`uks7 zV0#PvmNC#IOg)u_D)|2R_tGxBdkHx-)%{{TKL4X9nGJ0Az?P ziwDB;;P78{Y}?pLlc6F~3`F2$!gpJW!a(}zPtoyT3JVANCc;mD{psTX`QKu{Ngr=3 zirEMM00R%XVC%yNF!|}v*tdUeNngkE6M^4A0(;uUusW$jPEW{5fso7k+-h93?}HhBtpV*Xf9s~n}=M>)FI&!dGYaBa_-3Bo&W&= zB3-I2zH$d)`7Y6;1Py(xSm%lE;|91WwmbMGz-F+dK_@&8D5`bG`a4k5yJ;Id1J|JgupnL$}ktFfrcpv|$cJb{?^QhE5Y!pwa{{C$= z?jcsnWNpvkrLG6BjgV(F((-XVY#|Nx4|wq_ zo?K!17-1PKX^61LAX^wKUaXLD?-uESO1Tgj(Vb?9gr#VB?ZsW=S-t;rKkNp$YX7Ty zxrF>z^Xhy2??#?S{Qq>%APZdoUK`@~=Q*Fp_rL!f?tiQH|EGET&)(j<|KDbw1tyq4 zFNBuuKMToY*A|(XASe{SZkd%>&?#Dm0E6U?49ZtN7=J_vv#kQYR6YC*SS(_ zns(Z{uiut$YNf(%?e?s6)hrY{IsXox_^x(u<*TK$qvmz(D~`KVU1ip7zZzvADXU$yto=)0@?vs>LJ*^9x#Fc%Ikn-to;B-PWe9 zX4z_wMqahiI@WTn)1LWR?U?>lv&z>O$Hugi>r8sbL+dqcfv5%4^p~t2c0GjeO?}-s*R-*=fV<)h--qH=Xvr)@~bLpmmk4wuifQ zlgyCSI`8CLe&_gT?_4c3>!qo8<%@dzjNG(c_2RfzsH)|Pp4+e2X1?1xsi;@i80v1m)+mn}&edH*z4_8 zbm%s&a>lr2RkO9x@Q+S2Td3Zj9o3x5o!%TCooCDBW;F8P$yvE~T2rg7+VsXL*Dp@? z3r1-lH}5-ctz2vO+ILWI-yLbAyF$CHX~o;lUd=8{^<2Sf*v57BdN?wUYq{pgwa|5| z+%A65wx!ja)^)?d)7DA#3u?8n zanfntw98uS_AqPYvR^u-vwX)sbByb<+Pp2_^{$Ost?1wDw})!AG{je`TW{Hx)@&N5 zFxP6=Tg^h}w0wD^c1E31q1?E_g_^D3H`VM-`$Y5f*6`@&zFh9*h8?5i53B9zq}Djx zFPfa!Y0W~ZQmU1kmUgC%tmCVeR^~iX{UZ402+ijBX1%GF2F>!>S!+c3=Fz#<8nOP) zuiRR_X_fU-nevRIx>`GGHd{x=N#VTK+_yV+tBRVf-J4tOkE&WLc24&18z*OG?__^+ z(Q4hpvUY5=tZB1R*=-%)6nfW&UCR!#MZ0xZ&6V3%&7t4S9;uyH8Tahr^nB)5&hzDZ ztJ%pl?mM0Oapy~CG|XL`7>!2mX4X8}pTS(mxw2csX6fp#m#cMdTD5Agxxd?J-h8Rw zcJ_3~I{R{Obzr#zwfg>j z`_7Ge_T}bw*wHLJYuz5^tBqExI&gh-t6jHpT25DuYNvHnxVayB7bnI={k~&0udQ3d zI%+geu-CKw<95ltg(Wg;TSvQB*GGAD+xesA7`a}Fx@u|-?Y?#0yEp8{?NBw; zO1`ePtn=KyS2g{kdcO2UvsJI|Sa-eB-LzTv9j#PoUzvW%Xx`P)^`L;P)@?QC+SStj z4Q$_?Us>fdtyI>onrBBn)hb>!TNhWe{XgJwE8oeLcCW0%oPOp0VT{Tpqt(i_u3g;9 z*HmP?clv#8rZs)oxi@m~TAS3H`{yv*%Ic*uyg1pvGpw`SW}~F`a(73)Y)iekKGK@j z(Qc!8SGl>Z<%(9VQX6$@=-TzFZGX3SJ@gw^b8>ZmRk+HZ{b7v!z0P&VM5SG?nLoO( z-QE;x<-_c`s##i*sM?7;yJ}T-JEygweo~n>ZKHUVJ^a#X7Kq_!mew}vy_SLNjiW-x zF)pjuM!kAc-8I@Z4VDTg`faUds8;nVTQ1erjtg_O#gBl&C%|lt?r_Br_;7H4C(l#!ns~2cNZtd2p0Ww)aYEEXEmqM z>g0^<(RpiB@jA^RzOv6cH#u#ub#il8wC_xqcU!1g9(HUk-?EMx4QJT8Xb;oy)f&Ou&a8e~yKY!VZQagRdf66fI<;Hf!8v$5yzE$4YOlH9ZkV6HX!g+8 zOG7HZoOZKyRI^&8TFYuzn`d6TG}x`@vTf~lXtqx1|E$JMwldL9D!YxArQPIf=e7GQ zuT~lqV5w~PZneCT@3hgCYZ~VM=sZ^=7wyjJje2)oQ>WRhb~W2>Yj-uP*6y5?PqkLZ zZQZvn8ne%LEp+OHLxc5u>k`>#X4A52?RFunx3$xvT`r)LA#RR{s^tpf z-hJn~+OVqaww^Vz<$R-gHfi41>b-L7uGy~To6T&gZj$?IOW#HI)PwhidvQEcjaKWp zleNlM*H)=|UHQ^EZB^?hT2(*UZ?;QDu5;U|v_|`|dz5WE+VxGg zJh~a_h3avq);`syhGn#k<60JtK6|Z}k!zovRobUV_3D*-+iADF=BYN;8+JSQt#xW8w_b17{%D_;?oere ztmm>$arAj+G&<&u)w*hz_9y7NY_}|{{Y9NlzvK${`f2U_qFE~%Y6n(t&;F=hx6XsL z?cM9MPUGnQDp!V$vVNzRwRR(4^HIC<2~W!tcPW?r<)lN-BJtv5S& z7stll&FJj*%e^*2&Fth$-klalexWhC(>m8jnw~T6>&M2;mwagon?}`W5523L(Yb0` zH&<;#>)89Z)uw;aXw`;w$1<;OYr|%_If2>go!-8?ub;HY#mVr#etr0*meo29t9;RO zjB%$#Jk2hj-?TOICEKahuWN;leO9eDuL@Ob*t#g6-Siq~C-AzIt+(%P_43(Jw~Q~1 z#?_=&I{Sj!*&I5t_G$ySRJ}E1uGVSW1z)pjdyQP@rhQ#IyRkoeozmG^!z#^c&XIaiHlTh|of(cxYNMKW zb=}H0+S4yr&HY==vb^5y(RJNvooUzFxaSNn8+mQ2J43Z~qE*@_mB~fB)4oyn)u!X- z8m2#K-PUp!ty&3Mo!fRpE7jX>zItuB)sdfVP2Ih!-OARoR z(@F5Jp*2|d&>|}^K~_J->!PG|AjQ-D`WBfp2QPOrXq?wYO6*0}UyFpd>qAU@ zasa+={j&8tyI!X-E&%D>T=n>~rq9<8jj_W1lh5XJN&C;IcmJQwJn#OWlK!v;@RM*KVzT&MUlX+)u%(#LZDKv{|Y<=4UqDHWjYA_3m7=^-b^vf z(-(hjE&dh!_S@Vb>`Su`zJ8Uy`}O}a|I`|~^MefYTj2NKWuMc?X>@tF(KjFI>amvu z%#gpmPMdYUS?ol+tXtl9zk)3f^+{%kpg}T0rGrJ-ti_N9EUZIIo)YgE^pFn61OP^7p0<12S5;X2j~=8@pB}*VY}Q7Thy3<0o<&TgonJb!;6>mP`spn zwT$i9R6cx=u=w8`%(PEp`YlSDK#m;*4Pxv6~jD>Q(4V}_(; z+UuS9#}@HwG=N5TqaSG|mt>p~F4%%;+E_;Iz; z|NrODhxmW{`KqSQ3_dAHFcVN=pfdwSb1R)pDjr{03*9#`X9-h`ClzU}kr@V)eaq$1 zlJlDr5{PhYlMXzn8Ywf?u&ojcvEdYIs5@$XqzIc`h4y?Q)56Va$XY<<@$~ zhA*HB7F;m*_n4G(2#U~T(lNOB0Y@|tMVX*c4umnWUUH${7hR8asVQN}B8#YS^|kzp zQB+ADJvDqloRd$*zTK?GQ_~HI+uZjOe^6YYfwqg&n78U{Ft~62R=;-oZxTN3$^ZNK z$@7N)_p8DFdq3YdM*mZrQ*H0pfXRx}av3;?e0M_HdL^W;yWwIOzR&s9>3{uPOlhW; z)<|?$Tfjd1zZWlF)%|~-J{#w{OS~XYbyg5D1x)B&H#d*_teA z5|S0e%#@1EfTRKpxtO%LN`9vMqsYWRUO<9Z#4KY`28T-3$ zUKeSZ9vII^seY`Nykk;TE~7HAwHv2YFe|>ftEFsQ)PD3zC zD_o2cFoc;D_ojB9k+%#Id3}DCC#d8p2*se{y_)Z`lB;KByaNr83yYxlmCdVfcL#(- zn&J7}DA)v~CV5?+rJp8*qyNVQojyQFmu)uS$t?(l8Oj$4`z7xU6_I)vle(R-M1e?X zM9^pA5JM%zbWH^4eo2;;da!O4CW|~v=KLg2(7IsCou53z`VpQ2Hp>(j(&XPil58=i zB3Lp7fyx9N(Ugr5*aVNyBn}_u?z9Ib)R~uBsRTFwZUppRTc==$YIGGgsC|fJjPyJltB~EB4UszBC}bnX_Ej4fN zZNV%=?#t!_fhmYvmY@S6ricnb*R8`kpg;eB`4u;1VZF!79vT(tMb6%k5Q2ybkYu%F z!LpL=+@>4J>2^xjgeql@t0C1$`3-TJ5b_gU6JTlyLQ{~OwBat)7pp!(<~KPZ*4UxCz2nnlnTXY)GY2Al9+_p)7e_J^<3L^S4)sU zsDR`^5xk7_Ev3nQ{_Llgu+}y3O45Y4NwXY0y7|JYi;K^-Yc67CnvK$Y7MoJDl&a;_ zhGf}vbyL9=uh)hoi<{8a!h4t>7a|R|8Y|$Ddt%&dSgXIN{Pb+oA@v=Z$th2!AOshk z6zFfuHDOY31f(GU%%sxnB1_cw-*2&Z10FUG7wOp|-X&Em2A-*DlW6$6Q&FSxXS%I- zr%lb1+jdIE6^hl(P}P3Q1;!*pfv{DdwvlG6tbf}`_4cL3{l?d;|1puf?-UTeNB{Hu z`O}8}XR!a<(>LgUcGmyYPsaXKK&LqJg&n!31*#S{6hSqpYr3Fn={>50s!(|}LbXbR zPH4~x4LTwBW2a82c5)O%kt|EbiW4obm}>ejd&Ehuz}6UY>K(U%%VPH-VTvRGp+v-q z*c=f$Xg5%{-BhsWwQkw`1G&g>*fDL zxJ|iG^bV0=y7~X(r_by8-=98t`D)1jxR-C>|99s9ODAK0tp6LhJ;y<7Tz~$1gW)g0 ztnvDJ!9BA1qZ|$oi=UU{ldrz$iWWInio6b+ud&7TYDv{KvJ=-!zPd)Ink8Q)#@ixq zj<@FTU3E-8UM@!U)eMTgq_?$N8g!Fu7oYk1uuyhs{!v1Rup6^1eYaoRK-ltn;u?oM zkk_~vc=^xCBga-9l1xO8HCPUGTBwpakvs-+twGWp@HKfv2|BK6o=OWJXKw{U1 zSY%lq4iCOYwl0qeH9ks!etM1@mlN{3JW|2uBdpXcCXH~%ACl{0Z(kpp0m^s|crs^; zOgPEGaYZHA9vS+hp}9WNs6V>al*-n8JQ)o_;~+E+LL+{iLSuer`^^Zd*N*>ukwGr| z%H%S8xpc0>si|YHU4}~l0?d(dW$wzY+~OqAH<&(bTfBl9H$ne9n8%JIWDU`>w@oHG zo`^fF6h@{QdqaVC+HXz^0x()x5VS-;a7hl+GQVC&ni8vq_iM_Z|40k$wl z+wj@dww|q7rPn!_x^pBIwE?m?zx;}kPVm$M4fRpWG}lQexwKrCWvMXCbFBwmQsSPZ zrtO+_v4^r4*d62lw6*{1#KieDA^XTL>jIX31iT98v>!wS%Ysn1Lk7ta1`EnMQO?Ms5R)8nkPYAJ;s5 z_eB41Bg=!%CZ>2|%q=!HM*z(s^vu#-*jN|OBHD?_oNulAqn1NVfC6jKq5c@nKhCes-u^X!*j)^27vOD&bslp%wh z(ghG~CCP|J(b!&IBXjzjjcF7$JFtyv090xBgsiC0hv9@c;#Lf2dC?$4Zi9*i2%D6K z%sE%7V2NrHkoKKswo?H}YjJ7pd%EnZ>54onmQ!;kO9I@Ib3}-i!z;4-uG_99SyK7i z%qF!55skV1R18{Ti%>wb_l{8`8Et{P@2yy(XX~^Ch!jJ;OQm>`6qLxjYOUnbq9j+= z^qaE%RIP6=a5s^p_#G$XZc1yQ7j6cxhn3g>?>_49#lb#b4!*R0_H%!|`hN_xb~jJp zZvFqWCoi7X{eNG*d@<<%_wo(;|DE;!=45zP|K)oLwRxvJ%3?=@{`>O7`*W(6CuE`< zOmt^CCu#csOZlf74Xt*7hOGEcx&3AS_XdsAC6#c><1_*%U6@|ZbpffCY}(&Bm_$DH z-paps_2o9j1cN0po?NjQq@rhkrXJV~1z@!sEE^kUSWT=Y+k*B0CqwTG6aY1{V3 zBC}a7-J!wX3HjH*cYK1;V0j*25V*mtYS54m8uHCFC zmowFH$mxX91KR==2|(yAXcaAZgx`TWkmPL=h;^#|NZ6c=5}v?_JPN1;eNSr+La|$T zd`Lo$e1{TiRO)auf}v+jBIf? zb~bs6qsU>F&5lBDU~Q-;m>E-(eU3Z=i3C6|_o36$mpjlKLNiGq^Z_L)m2$;JSa!PR zV-tHYtaSZ&LdgH{%#mS@^@NKU_f-NA;xJ(RU&iCI8asbCnNbNL;R&H6;PH$lIk_+9 z;Wn5Ri3Kc}R3OZ2eEt%ROXLg!36+uu3?a_7v=(Z7?|#pfby0Czc1rZvw=gcSK9*`7 z0SUN($?fsv9S>;q0ZG9H;EQ$uCQc_!N>5L=)%CwHrs3pYxvc!}Yv=bu$e*k?*a{8= z5T3F`vwaFew3*Cv^vf(wIo@n$Jf{-J&A<{u6OIp7`55Gp^D~R}oo=R7-bjVPM97na zVg!wg$A@H=DSf!=(Na*GK+{ zV=7xq>bJCJL0Ehi<$?GV|ELz1!Z`!+peFRkm*KAA%+N_=Stny&1T z%!!F6B9&|Fo>Z2bKRcgd$Y~?O_XPgrKV3I3(>a{qKKrx(+I3#d9^KJnsrziO0VhdjF>=K=(oZnAjQq+ z=EUa~(g`7#9H%JFbPmdWA5?9lRxE1x@_yNMcM5{eHFqilO(%^NMb(VonY9VP2*vdo zc6jH4CQ?5)9}w$y1f@qP$8wyT#`u~z2dcSyy(;dZ(-v2m#I$H*E>HXRv<)-c@my7b z`b>Jkv|ZF)e98U1c>N7GvVHX`53e~GbFA7%_CFJyQ?uHX4$vB~*UFkPffkziE%>(DBk$yMX=Ae5z)Q)ifR+n<5>lxnW6qcxm!7(6iw3z zrC;6-64~U8kbK@70+*wyP=Ogl9!P^Uy*HLDHNu8wM)^F~5B`-#EX=zw``|1&)Dout z=dETDr15OyAm4L^zuakhX6OwkXDZ|7Nequr7&7LQI5Q$ijtC~n8HQ@Gvp`j?>Bw~9 zUaz&(2XU&_t$o6aY+#Q3XddfRKd7#v4_fRKbD;BnGhnlInBpM`_3D z+Zg9vZ_eiP#bq(ySnnrKi9=b(OSng@>W1ozSV5EqH54nRsort_(u4^Y{of>|OrQ^d zWXU3eN}1)R%iZW6m?Rp%w=~kEP#?sEKx7CbpEoG^Az3ZCG<44B7MLWX8(5DH8@qIL zmW&FIhRVLo=_^m7H5p;qXj|gH%Wc~ibmi*ZW&Ii@XUYi8%De%ga>hEv%(z;TYZXbG zDb4!Es7PLKrR$B-Wa`51wC8GiRq%SN}Z|^Zn?$q8Y#HTl~-fgXgW0GK~LZhge>`FZbW%{5@ z-&mR6b+`DG=--F}eaAE3{&46&@}ONmj!q;O*#BrywPGgNVY$x7(Z`V)Cg-%=&$iPQxcA$TBa>5o zw;ia>Ky3zU^Es$ZyP=CQEPLR=51P7Qm5Q+opIL9~ZLM7}rskh$aKq<~ClK$9u+arj z+2j-}z?SMAnm=;OK>NN_8XW~X!v~=&9?s;u@80Sv8^3^52dM*R;vpI9!?9uwMW_E^ zrDAs3Ip=CsW-m2%NJ?{+7r_pcj2IsNVrEQ%UlXk)x_ewHB4b8DGXV{78A zd68Ryv{pGSF16DojUq@E+acE?U_kA?q82CIt<+conKL1seNd!937tmhZIZ<#rs4)2 zv;!Vnax?k`1Rs@6I?LDALQfbi#w_kfByeR7i=;oAOH>_5au#EtlSCC->heJ7B0h`2 zy?Ud=5|u`QdBkI;lyd;JZiNQ46+Wa!(OUC2E8YFIzB>XHq3s)5+g=++ZCwJ{qF{7+ z_4?|qoxHtaq zlUn}&r_Z0gd^Y(1?Bg5!e|Gl&={gzv3kX)oly5B*p18pNiVY{0j+q&9m%Fz3Yu;l} zF+b!UKNmk#gY(Pa{4zMd6gq(}=a-IS=Zh~~QgFF8WmQ*u++js%pfcp6msFC(yj57O ziCWU65sP@EXu?Ajs>=5ztyhOozhCXQ1^;i4?DnZZ`uP86uj=uCpFe%_YT*C(@eTa{ zJ@EgHlkp|ke``mRuOf$RV3zh3@7;*0#$?idBEhyQ=^vL65I>G6~2L;SD3d;|Z#Gyh*c8T(`S z-|jhJH5wpe?!e7PM1JK5Zn4C^*bdS zFVU$z_|5$>IFB;9oZ`)P zOQY#*tzatIFAX65ep9s`6l>1V-*_R?puKh*Iz1T{z5;WwuUahj-{XHSRspS^s8{I|3Gm!FJ#3;~U!+3?MVkIvmKI)g6j_N8Q8N`-Wx}MSL~Q(uJU5w};f|HK|9u&NUr+vn4zk|K;lHoa8}TY{*i+ zA|FR)1ePp5j`YuXsM3m92tBfk3xwZ-5G-s?sv7Hc zj#`&P+lfAk$(mgI`nom&0_(OYB<5ijLA&#K8_1f@Pjf22`BVcYf{dx@OaQ%UxgI?` zuUoGg(@%Q8*sGy4WRySZsO}^+UZsvRxkFF)(Ss5_A@BShq=I>~UUWr}9Xs0LDP6Kf zTRh$#Wo|Fm(URoZr1GD#Fap%F@=Q&eJHw9$*Fkk}Od~c2-Q7-oDcX2Z@Xp(gxf|@f zc`&+8Kp-GAIW#(=-uak9_>^)9UKXA-g6QI0KM3>hJ7#h-{WFuwCdgDo(zSFnMzO>M ze@XJdILu~bq|r)OjH!@I8WAd+HysgdvD9r>_nV>7!(aDu*j?8a$saxjB;E;$`pDA7 z_JQ$YP)i;T$iEZvxnK*nL2&8;iQ7LvZj|i)ESYo1&r2eC3 z=MNb0a(9_)MxEaD5vIJDt!pXaA8&D|*tj6xH{4GAutmam3PhUHCg0pUnkNhVE}XxK zD>r57?eoof+M?0RZ5rM3b# z2X_iS|4+#iJCJ{#n}-(Pc-+Rr621c#_`&=<7M){zb);#;0;K0h8f+7|+Xna!XyU?q z+gNOfLlUtYz<5gqLMOhASiKfBSf%J_!;SIU0c15)mB$=vz^v?x2|2YBzta22X6(^> z$?g?>#LGK0kJ<=P`;EWxvNZSIj*~QvLl-%6&LU``J9foDOvukRI3gD$qGAEnv%*|z z`ciVj84#OEfF%)2aG9$?)V-kh69D~bpu0`78fZWoWW!8)XPxq}mhXdB_NbR7 ziN#rbLSFpg5A79LVk$g;@?-}EkUtXqxcwFx*Ko6q3MXdC8Q!SmcthpRc6M-gdPu7* z=bt!_oWx>YrOm~LdzU6;$)k`^tOhhOs(0V!{TwfJUL-Gh(^S+uj#XTnAn{wE*)&_g zr>)y`=*U~(+gYV|1CY|FMcv$)hs%xT7ZH4?$XR)A-!c_^)=rDN+Ig2hYE6=|!vT1m zTmI-C|15Zx%GWNDO*sKiv)Y85k(-3C4lxO11fQBm!YhYw&TrM3s4^S{q^0oONm=eK zz&)wV#%8UuxgUk}a7>+vcslUt(jp7;XwDKEMeG0fI5)DOE{hBTfjpi7jK3OZkz#2C zXhI`%I1h>BdF=3*3vdWGKEx|H2rU<=OnA=;xdgC5pkpd-q}2{M)1`z2XrqYx3kAUI z37W9*WU}Cm3@hgAQW1486XM_6{Fs@S65&wa20X#kRRKrSr!-FlZF7NPZ_6yE$yfjl zQD{ZB#3+(b`JLybMjN`;CGKPo{4=gC{Tm)rmi%P0{$NDuTM$}Wbuuj49opnTx>xiK zk7+7Nh)pGVq?a65TrXrEF5Jk&PKjeq{bMwd&`=dy#7wb~7tK#UI1Q&W8qp+ZTK0E7 zEO36qc1mH`#b@^NdOj`CMvawfCDbyP``1ZFwX;)>&4r&8V!9$u7+|Njm@@5SzG(; z$?+C@rrpo;*^|1qK>zl%<+o=ozrAYt?LRg?x4291W}y46Y$1(^;ZW5v;v=@-AST-H zj|F`GTciW~tqP@Y5cwU5i1{t_c}RSX1{q)0bU4Rbw-d&IxF+IEK)j7PF#$?n8m*FQ zXKJ%7?lNud(W`=(>S3++cx%Dh0NtLn)h}AV`1Gmu_XSn3qU$lVWS22DtP$vVPFa+R zHub?6VPaZT8$b7qBVe9M2*<`%qo)(|h%?sAo!kyR9mHrm1^;$|3kZ=*8uHcVQiK2P zpuz0gs;E~hJOK5X%_P(;Pd?;UDc8>6*U{f%M4!dUPld$^Qv@)xeEYT6wzvE8Y2V*H zwmZ#eTZv4ApCo#|&x?IF2aXs8utk2PF3qXDg%e7Pxk5?>&nn4~h zOs3|=_}qe`8JT=}b0hqT+YS?xgxn-wHF=e(0P=BEAnD^sb8sI=Dv}>Z=v(gG%2%sZ zV{uGAX9yR_`v*5iCaTDh;wcN{kuaCS> zN^-Dun|i3I7ShQx>JkG|w_Mr~!VRY5+Qw5QwH{nYXuq1|ZZlSW=cu=PcS>M7UEsU$7!S zXCJV131TWUrZ$cn)a$z0#2^IWavEgf_Hz!R<=oHMeM~=TmVL{|=;KK}ZYuuRj5%_9 zJZX8jKAvp+bRDzgtA;NX?3OB+-oSdht)0i02_m4vL{b*KF&V#HzvbaI)u%2R9!oq* zoz`6G3EOa-Z%f!6zQ)%t{|nq)yIcSE%l|K49oOamSI2|>?_Rz^{@-2xubqrN>Hy5h z?Y6(w!lo{u3Uyr{P$|7noj?UDpI)E}+n^g5bOVEKU_;$N<$P_RA83*g|4Ac*u>Z9Q z`>pPET~GQn2tdlI;y2JPwD&--$BZHf6c5NkKm#eGu>3?5- zct8DXU5cz#@Ry!ne7O3s`vjI;s-5!1+52&~WOH&!1%y+X(!^zr_V?jSJf|;en6hws z{PaI&Z0ioZ#tWffEic>cN`Z(imP#r}8zsN6^rjKldrUNu4f%$FbqJ9(PNNpFx-$Yi z-bsFR_^eB8O#JN|3YvsXB|~33FaEbS6`%`W(7^jrX|=!8n~hTW>05uP|2$t^{!ax* zX7>)^ei~no{D1uP)r+e9fBgLAi&umEzmIP(^7}rdal3Il#PD)NTolPpd6dQOuD&FHhqE2X1Tn1Vre0U_ap!M_nnCDmp(k-z~`a=g~sh3 zZh}7g|K!Qb8vTFy>cz8x{_o@a*64q+ardc^wWRViAH0odmOyJKpFz3#KuCvg51)tr z3%F%^FWrkA&`1AYJUy<{|L4!14D^2=-?v8p-NwB~Ilu_Sc|toU4HV3AuQ(uJUXcUl zn>M?xG`sC@hS$L)T~b*F*2KyF70MnLb~W3s(|o1dFH=!89j;RUSEv7Z*rj{a0QK_! zPwV{ui{n>A{O7%V-wgdP;)Q*QFl-e9Re)mX!;%a2z8GLkL{y_$c?+M#MH@M?3$ux` z`5Px?L8=P9B*b#~~B#1p-oTOZ5G{VgkO)w?qA+ ze4uy57(OXM$5brj2^o)F(x{hDo=Dsx?&7N4+YgC=2&jZHUic^O&mHjt!Hq;ay22Jw z?tn1c8pbhYiJ~k4A>Eysml-@6(>{AY=4E={+21T!V|!PRSrQ1$%luW}sU`Z4_H)Sk zt?&01=%N45pFOYh|Id$K4F2DH`SL|S(Z`3JUc4bc(S$B==RO#dTWT`pA=@q|CbUQB z`1TWWDu61`?KHDnwFA5~W_=}-zqjE6$fcse4GBy`V+*SX#CYzf7jF*a_oD|*`=Q(p zBxh-@Y2FDL>GL%z`1?_H7Nh1gZUD`O>>PdsNOzdQjcs-yO}1AwO4YQ2FiEn+iZ~G7 z`*cvGSWVgdgpA6o@||gj3;71ph_5j%yk|W_3NcSEK^2HFjR=+G4Hil)tfIu$X-5f0 z?9bbNPaa)Bz~dN_FrVq;yJDj>vrCinPF7b~KpL@tp7Jay&F#YcO5D%YS^b5t^fp|( z#<@*u`#eRK)F=0>G%&mS)DQ+bQ|WBDjM9Fde)PrTG{lCjxCu4LRBte(KKx+sP4SJ4N#lY3?iO|r+GxTD}Dn> zc^m6uQj`;{(6`)JNzX9Ut1V!`^dTeEoqChsyahjZ*%K}6Qf!IJnttc-^rgA1;Tyi; W8@{ja`@aAH0RR7a8tbS4NCf~rgYPl` literal 0 HcmV?d00001 diff --git a/assets/artifactory-ha/artifactory-ha-3.0.1400.tgz b/assets/artifactory-ha/artifactory-ha-3.0.1400.tgz new file mode 100644 index 0000000000000000000000000000000000000000..bedccb9f655a2ba5c692909248ba2c07d3f16735 GIT binary patch literal 146674 zcmV)HK)t^oiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMZ{cH=gZFg}0lDG=E^c4wNDZ1*LjzU-&A-5pO~?4RXMCTBA1 zfk;R~ncANPfGEQx8i3244vgdU=TrBIyVvm%^C*tFeDyKHmxwYL zfKwC`h6NPx9!7AAC}2q(6UuQk1uzIe2tN@DV(4AKsdzUbG=!Wz>;N!MaNq+@NWcJ$ ze6W867@`8Q+nEu8<&5)~4SKz+t1I`@go^%tIh{WC~JvXC?} zh|5Z{de0N9hxJ0pIHEnq;W$9O!U_w>l;qxt7j7I)I~QnvMX1jP9mgKPjsqn0jstvj zNn+LsA&xl25u&mz3Ly>#0EU>)F8)v2kq!WQGQMBa8x6QC5HXC!$$t6!_4G z6@}G@tRRJ2_?NtjIONeY9dRs*SR#Lx##xXok#tC=WDOgyL<}Nc?p9Au{Cc1jr@P- z@uR)Hog)9=d-C+2|9^>R100|UOaczn)C&$;SbJ_~1Dwq;1DF8_ej2`i=O{MIkq;&~ zK%&4abOk8_S2Gj=Zw4dDjWx&_qR0h5kp!?ANdg~SMC1xw%^(MJk^oW9CpemZ)7bz+ z&qIs>K0~JV73MSW`7>~TP_%i0<}ORd7ibP{ZaSR}uusB}L>(MqzE3n`JPP4duruOa zAnF=Ufk_VrF^-$kOAp@}WxvM$Mk>4GF z?)NAN&kGAkAgY8Yy~Tl>o9;u*?rTBx6J)#1ZSJ zeNPc`4VD7@&EIdf#6Y|zx&1Ltf#V)`-1W*CO3`|jkC={zcVS=y(;7Jk$@;gVNph;wQ^9}&EYzaQ! zi1jq3h{+K|kr0mj0hqvmiAtL8UqSBzMZOy3w2laA?z*BF510czA<1+F z_FY*-7IqDUe1({j>$x)~{@h{spQ2u0R0`l21sN`!!pQ`Cj^tJVU2{Yu7*u@1QTmAo zW;g^v%C!!{gmExNAcRo@gJ7;l)CV|{^D5?$#n4kkB3Fv2_(4l_ka7oI!!Qnz!viME zn32~%4#gsVrv_ZV0szKwNg9>JnbNXoLrxC> z7KNv8H^9fpBVmZt!h-@|K%!u7LzQesQZ@<0Boh1$sjV+2j0>Q@1YjFate>u49%iXN z&@-jFo0Ze^QRweRRgX99K9?X^o!gMz6FZAN-IYx=G*dUcl64+H4#$uo;E`y8rwLW7 zQhfTzkR;M8h`EqO9DfYN_AiR6{oe&6Bu87a7x4$Xz;Q=ZculAQtr?2|xoz|RK0ZopqT38{u|r@X5SxZPC)qpJbtvd+YwEOX;L2|;-i$H%@P+( zHo|ceU>)1R6%GQ4hd8A1j;Ujd>psPoYQ7ZKqCFwX2%Hld zJOlxPmq>0+a$gXW4Nw?!L52wp@-?sI`6R#>$nIh$a0sYsCp5gqjE_H7fMUHA9tsId zd|~D!BidsMRZ}S6_)H**t}&D1``c7H&@D2%Nq;O*@=?Sw447<8!78+{2( zR&|&9%(2#IN)#7JkcmHbL?!(;hx#%wOhx_04E<7Q(4gDt1Y|l@eaLacjN6q@edC19 z$K={#dhXtiyCV)w7P)n-#s``Dthn`WfDc5H0_0#kPY-NYNX~es+!SOpMO6=F^0{vlM z3evI@<{)DZ1wcU^Dkfi;r`k2=}+h1AHP5BA@22ZMdkTMKsk7IlD<5SMuMv) zak@#_{7r6l$1#d>8{T)K|D1##*b;vjK)W zY(k~&$gilFek#`r5r=|BRMbj8m1`*#NJSm}p|%F65KZuf^}$DUJeR-ai+5^fZCXgh z)@p1MMy3Qd{1a~H=UA_*TMk3?cq z+Iy01;)h~e0x?C7WY1FhA%t`sWpKffIN7I~ebKU3gM+^uyxP|X06C}c=c8YO-g`(f zJQ(+mDf9v(62ufqX1}jm7=Uhg;bRJ%81zWY%W_ul64G8JPwlB$?ge=K40!%+>VrT2 z5nKrw(K)^im|i$%zXVPy3pk(PC3GIUJMN<$_Ybl592#nAx#YW6^VW>7^P zhIkUEbgZOn(6y{aW$O^Qxye^Ju_S1_s=b}cf^H^j+dwq&S_&=)Y_Zu^?ziLRe{+&} zIrEm?nx)lnLm{o5Kt2OEH$9_zwR@k!y(B>rqW98lkV7T~QQyD17Q43AP7S?k#;oM} zxnG7j;DjT(JZ;>Q#cz%*N|Vk?+pyj<&t`%fkV`C%8M+7JsKEdf3XKm z_1TPEF+h_@DofHf0c3y@!ofE7LH|KYPFhB2q9~2O6JW+2#J#UfRYn*V&7f;;O(;#G zA^XS>9e{rJcEY4t)OxoPU9uVIDOW9~|8=b@Uz+n&!Y|`j0m7^hS;YR#lCgr5);3>r z)?+i)MQJQ2T*dFgETyGjU3w_93bYFsiVsTWF#mMc52j`8ndY@t$B zyslL>>xH&8DYQbM*$*HNvvY+}nQhqEtKaJ6{GRy8GW~TO zjlVRj=s!83aEhevOd5(;>i{Pbe-v>{EkkrgXTESxa>`=x{ZKA{Oyy3MMEI8kY3mWV zKyw!y7FAFY@sTpTOHIGDCBV?G^o?rfCz1dUMybOEAd%L*i8@|-gds7C7z+RuXC`Nc zuEE}JSAjTzi~%f77c&%us`i%SNG}hI?W(rlqWO!>&+mt$v%}N#w}(I7Z0Y_6(usiM zOBBo>N+X59OKOJYu`SiAYNLp328yl#4+a79b>|%MW;{1WAWY@ab@jZ&j#cKH;9@>&DhJ4;BCK8gb}4^hOwDM8Jg*~Bg7`EddD1JtEpsqq ziZc!|f~84AKqgBXZ@S7YPkuC=)`Rqdu2jFG4AFHD0s_41ev2&6`3@Ho| zM|5YPCVHpx>#qK~+koS4J(9bwYC4bSuUS*llq*@4J!oK83mKZYk0wgN|4{nwXlfQk z7zvQn!YTW2L^z;GnI)tHjpTqNGDWriP5*jFrp9p40l-quSLvq|BGR=^*|FqeGUj7r zu}rsAV`@?r5{9T=Y$H^Aoj`OsNQ7A1^D&D9IPd-C_381Oo)FR5pJ3$wNjWTT$QLm3 z)lcUXNoyF6rhJC9lkQM7EXq;!5lKg>5NqWdj-}A})a|={cSpHQB&qX8SC;H*drD@- zHAZ6fx0p<^L@Rc@0DCA>ZiD*I)X1iP3nqXSPtkAWTEr2E1BfFajw-IS$RR9wm}E(M zbPae-ElhDO?Gj?Zr!5{$K*7#oSH?_s5%~|rCMd~htc4Ba1ISXfMV0BU09U#V1O$rn zCFJ6KC3Tu^Y3Q`yr5-`UFvlo$s59P}8c9)5@hate=T=RCw%n%Tx#n>eit3ZA>=f>G z7)XT80kQaA3`>ek1{Fuz)mEBF4WsB-=Yj%1gwb4j>SSO-7#H^wrEjU8Sk{j-z@+^k>3Uc5@VtPsF8iAu{SJzQgA+zR_r)PrZ{4HogYU? zdr(TguRd-mORy{>>YT{8#ccpmZ-y_CLjpf_a$x48ysPAR0fLbHter|pK zoI2TpZa8)IwIfLPyZ(1O z-8OaK5C3|8_WkMM@L*H`v8#Lrt0C;~AC5*1l^-|MwOT*?>)Gk>eE;~v>!UXX2#eZY zrD|H|!=Y%uvD(3_^ONJ_ce0Pe{j;MV4hzM1isNI~I68P&E}t*{{-^WN;r{92+4xF~uRIb0cr)8&Fd2^p%#G%^64GPcRJB76t&DL5h6i zaubm06i3s{W!w@)(|4BWS)&2XYJr;@+i&MDx-aT1pmm-Hc2(`%-~|{(+zsKi>t$X; zFYNYILB;>vlrOoN*HG5>=g*E3HY(M%YSi3xoYQJ0+}J$wT#rz6LP#*e|3nfY`$fJ@ zJOS=?n1}e+kcmpU*P^W0)hjAr7b;(?%GWI_e+sWt$NF5KJQBJriQG`$L>9bEl%*&n z9JMUw3Q0`%UbG?&>aCk_X^3xCpRpjV%2-g{bLl3VgDEChwyiEt%MxNW3RpZ2tZJKu z(G3_{0#qv56fPfT@=Xzb-R!}H&rrnG6^i!bV^@2TdM~u8sMeH_0n-6i?_T3z84S#! zEDy@O%>%0*;r1QOTl`KAX#|17+T)VF@vtzOvMcst3`FYsc?}&JP8d3 zp!>-mdjsnZMNi(yJXO&NTycg0H#d$|z+#S8!^SB}ud!Zrsq#GsZLm_0pl`kV>W(X4 zbwKFU26G@^XC28-?2DQ;H#4keKYuRKg&Hy&n3(}re9GZ$P^>JiPYZTqxv4GqPp30W zXyqP~x`?LpTwN-44=vM!*rRL6sJf+CSrxN6O5IfJw&l9IwTomyAIcbH?yvPY)YUIw zv2d+byA{_on@)VWPS%3$jSQ+hl0m^Mxu&sJG6^X9GPeb0RZ6K<^60_J1Etvh-H*`{ zB3t9|)WE42nKCUG`dZ7EyA1y&s@9YZZO#tPNq>{44pwNy!5 z%N31p?#h&A0JNdC1|~#N9Ei=Il=x`&#o$zS+*MGvJ0Qr-6i`vb7k-;?(<5Djr8ombyb=%EutG4V48*nTI~ z6=yov^!N!W(&j#StwL#!C(_d-^5#Z`9NAV;Cn?^nN$ z^Mj$^vP3Q`8%jssg47+mvu^zP3-qGJb7{i6UC1vb&TE)#t-e{sUfaUux62OP!vqNoK zm*y5cjR-~Bw5LgXi~@3{^o=3BKp=@Lp(!k0Wncap>KG*hg>MM2_n|jKBYmYee>uz( zpH7rVAeB;;e4|EQ-&!(!E=s~NqQ{eT_N$jx9i|4n>vXHCb-NG2)eL(x;A5uLw*EYVA@-E-Bf}&z#xeyjiHr~J zwq?3}AY^gfRFnk4LlBWtbJ9=_aM~jvYCHtqjF9v?urYn7sap@omyjiEPAz@njP58V1GdfRnvc;W9lR+aQ&Cc(m=f0& zbJ$+~mvfoD_-8_qGY-hOlgUgsuneh1h8^@8?`n0Asl}9j%faAPee7>?<5^anm9M`yq zjHJ3&`iYfA*Q|B3oE>nW*H+OaDD8X?rCrU$OA$p5hG#>$5x*Mlzx{Y(;rv_?lyM+> z(S6i?Y02u(y&1%j{YJjk^G5;pUvwq&awe=R$-w&k5|kg=nauJj%c>wKkNY z@^LgZ4W_?aG-%3#6k>IYWrSIAyuU|#QK@pg|LNj=Y34KXP68WcOjHBnh z+=pTZPQKg~ZKb~!59M!h<@S27302p=bL)0n z%C8R|rtwGQaVlkqLhw!_$<@x|GHbpx(6Wo7F+rzk%XJ{1_j2WHCL=!=IZpDtr}i9s z+stc(OPkW}8aJiZ+l%7`3FC+s7fAZPj(6r4j7JG$A5>VdkzT~jODBbsUmw+g8rP78 zQM!6sa5Rg(i21HwdO7$3iZF`!I~-yzR%`BeU8N95qZm^3F_zA2^iW>2BUAvW{nmaj zv`BuLo$t9mx8$KI6O{p^f7Qd#ku~PhPvAxOpCm%8tNaUIbmdw4VH1q|4fZZJSSbn$ z=It{8eP8J`a_6LU$nr5m@*?8%Wyq|V*-Dn;OqjD%&sAkDK|n7hzR!E|@8x=Hj^c{u zR_SIX{g-EVhP(@1vh1F?-GXT;-P5#$et0V46Rr7tf|| zS{H~>9EGuX-{WEYyk~wb+rL%}t9Da8@?YwrUO*DxRLEMckb6wf_co)WfNNE;Yii2% zkb)_~mv;z`qoCEEmTw@fDqF|^6`L3*-i5lexO^K~UD=2Qs@Mva0Y~`?{V+9U3n`e= zdP_r^F5f~{S23pyREbm|pDhnx`&~Wn$?DbPFV$3R)frH=tvS%(ZZ8`zBMPU+sG<}+ z{BZN@XlHDql$^kK+3ziVnC|R`- zmTC;hrlp)Pv_Q&gDLB=dte;afH3Osm)ZAoR8i=x>+FtfdrM6~4EGNsi5YIE}$|sko z=x4rwY#?1X*88^eq*}cQ*+^c88etzDMjoBZG?;JE{HSWIn~G-`HI`Z$KY2Y<&uaxf z>E~Sg+1sVt+ZX7P_ryol4QAhSEn2UaStq5UkQLPg8f1z&QSpy$1sk7Yy( zcXOIyOMlQMfLAWhgrO6P7@kHrn#vK&y^+J0FH^E5;Ate&)g4~Pm>TC<399;&gjrLo zX5Qs#{WT>KKah!{G)pM)u8LwA6;ys*j{Y(bZ_)e&Vp_QjD@rL|T3OphEGxe%UMDJ* z-&<6*k5m<_8XxQHVmzv(>UMqy>4gEX@=3Jj7`nDIXzPRLSFzB1F%!eBPnVfA_4Ut@ zU+fThZwa`!1bjV9z{>39UQ@A>rXt7WZe>M~N7cp0la?;;3K}H=s*#$^r}n5>z@GQg z>g7q4F*D2JaK(p0w`v68ii+)VF4fh#plnm5$W2k_YCn$wRm%r-!odCmDX>e zOK*pj&PL)3comRwcA05C=cKI7)C7NjZj$Gwijld+IjSC7#h3eY*8MrFax{xWr)fJ& z+E~FTMmhkqx!Egcq1iY4U*q^ud;3Wi%w4tEX})^#1~_Lkz4 zB}}2`ktAv_U<#08vA9-6xgc#oHH{br?6Per{chSsNmIM*i8F=Y&SxzRFT4C8<*F*a zl>@ehLr~h*QU{@>WHb3@V*|V<6g0|X_Pu;jC%e*UqD<(N9wD3q7%(DZ-(;x^ie21?6j{UGS0{q2w`L*+0+jO zCo1-c3$}Imd+-A6Jjfc?q0vu%*k{T}l7>2YFW~DqBix&r0PH#!*dP6^}q?_>swP z3=QK*QH2L(>NgV>Ni>yFW+cO!&_L$!kdeOJj)fvpu+!{1x#&u|T*WQpED%>k=4oI> zi7Af%PFiAP1B}ve{}6aH9QalyZ8BLlmtP9mH{l7FO`MiX8ZV$^k8Oh20GDAGm449-$$OHR3}SAn)XA*K?Wm(76i&_!+G5B*&QPT3=gs~JP|7@3h(QI^75?okb(owO8K*y{m}N;w zNEFNsubg_ZKI#mWWVLYl>o_|)WeJQxG3`)HQ7kDNM*#YlF!E#&ojBn-VVBgqY*Q2m z&_m`OM-hJ@s)*n6jKJ(BDVk(CWu}4XVMeugsq7OQITKY`~lKj2;Lt4B;WoV{il9j zy!bhiuMR&PR1~XdMMYRYMeaRnDE(oLa``i z$Uy^U`Wk_x3(_N^=x$H^zXA>?7bq$MQdKk<7-J?u$)a_r7!msX`f>ly=N_W`JfVRN z^y=!W2vMVUxziIBSp8@$1C)|6;l0ZpS3KPu#58`sKHdyc0Xh%E@LFTr$S-{rZ7fah zr??Q%xd_CQ85sseG0&NLDIYcJezUMLMY?&TLKqf6WcRMRx%Skx5G%`7JNBE8GNzqn z4FdT?Q+^m0qp!?3gNjkHdjzjouDf3RUf&>F<)1bveM?=$%AYc~t--Prp9*GK+}8K-0s)p# z1V(${A7;q^Ay10`P;>eZb%Oc^j1Wq9BcFK8g;&glA^aza>N_8Qyi_uJE0 zK4M|2pfLk$Das13(xh(X+03bp7I7-Q=c-~+k@?8CDvsj5Iwc&P*qvi4)T0pUu4b4c zmD)^=rX2y$q$%7^7@8yjz!MYR)O?cT@!}nU{wo*=PD0bLkSca1W-5!J$)0v}0``v% zPL+)_J7HH&sS zwjqd_Gb5vsaKVXAbtER<&WR*IeM*xInbB5hW@Q44hJe-Oc-0X2Na^}~a1>3cz@LnT zfGl;9r)jWpvtl~s2;>zfF|0tPk$WwcFe6eP(xg*OJgQ3OF>uIJ7;nM@FsfHKso0N{LK=Jd7)&f(G>9S< zvDC+63S}7KG2&MUso{yOr6L0e7naM$2H2O!W^6(tV+tr@l9#Ed>}mmYS0;B%lz?Ua;Zit-852x@;YRq z2h*R}k~pgzA%%WC}@Koh2#91e7%#he(~xbb2IZ`xz%V z;8G4pOyx6@Wj+ZGAllP8;<>DExG2`y*K76$A&(LvYx7L@RbfYU!XRsJ&~I$wekQgL zuEY38By!~D@z8+o7Iu)Xy=6p%%N@uqZ&LqqyHu7lZes%+%IODZ??zxe7bhNZ=2PiW zc)$RPIGuxS>9Jta{>zm7;tw%3sqxRG?^TKX=P*=ZbM-kRX9&Eyx^krjP%2$TjUW+Q zP|wFK4&c1^m)EDqZ+h=x1O+mGI(s+z(>@Z!t%hU6d^vkJvfpE7; z;4iN!nS!B2SSMNWxUuhB0KqWfGa`Gty+3@QGKAx)>aQ3v&uUze#&|BZ7Sj7kAIi9H z?<9bHLTH#fe@V>;idaHT5_7p%5?|^gruzf? zjGdZVH2?QtB)zy)j{TxNc$_*!Nsl9WPP7L*GqrYd?mh$K(gY;|X=us}{trQu9uM?6 z-h340o?A(>UjoMwL;J#mu17g=oC`D;KeT<+y+HGSbTX@NHCiTZyrc(;7~*Qi_lIxM zoMrogO$QVy6989CZhvS`u~IpiBs>}yaDnC$l~N1YR*_GZSCuGF<{`5aES8ch+KClY zyHPGp;+7zTm`iEsh0K4x)#=!I`&yyV*#Jio=9$`>bp*%RPk#ckd$tAT@0-a(ivI`vf18{)ifXqV_ z@s5$kjdCm}1?QzmAu;A<$bOa??@nGE1*LEtWk+Zz>BloObDABXx)CTMR|QBgrc54$Or%m~&B zD=pD7?juTVQ7=H3C>Ve%NFz}zW0AokNisJ$e}*sPfGO30_9?}0L!gME9%^$b!3!_>t`yS!x{ zKY{FJxgVk_TYH=K1}O96_557gpv06#UXb{UJYxqn4v(@=*Od*a9+pxetI4}W5oc*f zG)-9sPaxBVKC?gwp)0Lmkk%7{xThwf7vfME{g^>RbF*`48I@V+vLSoN^nD5(V1CL>$A8-tqj4^;>--&bH}&?>1;$BrYm;%v69zU_vvZD^ z7)B1dn-Wiogp5wD8v28Pe-5W8;$2hrTA+3XsgHc|S9hxdYmTLZ{uYkG3y?!SZ9roF z0{q;yyYjPzf$WZ)XH_igqg_fI=tLXx-}J2>0RvzDuxshzcmd47q+jINh!4e)$`Fq= zTb01gFWEc0iS&c+K~|C?7L$k}^`(e&T0ZyNDkW!1HEz$H-S)?!^*x)ypR>7AqRUGA zUncbcJ(WycEV>?kC9|aYGd(m zJQK_^n}dQpv$0{M3a>1E;7|#O?syF8CGT$QOG-U*J^giwg=+#V|OffpN0I!xOMw z-c%*i0WZMT)&omcXNZHkvS5>WGZdn{?5tc2Gl?~`tmzZ2E@JHk@;XUi4%oT-2Nv7U zbN!7C>oC;-AU!vkiWI4Qo&RMQ>;2~@=mCnQB!u6kZQc*|`dC$VL zLWBl??)R%sR$7h*K%ec3WjsPIFgllURsi_#Z~v?3ehYe)XEd9J>(-E>9(`2n^=^Hv zD;()8#45RwaYJM*Ad^Wzpl>ZCBlGiYOu%0qsY`Z_wJFAV1sQTa(x7gI40=5&A?6V& z#;sawQ-e*-_+mnNab}8byf!c#Ib@)^Zbguqh2SKAs6n+EtM7$GoqH6R{5UQ`;58Ai zHdQg``^DqKvn+%_wrK2?Yb~IR4=Bkvp&0ykfqjUjznNnXmFwXvEC$OgY1V~}_~y%GhOaxUK+8$gG)0pfs-J%D2%PRNL{5`?3ZlrEGr zr*uQUA^@hBL5aDd`oI74f3?s5|NhVa1KV0Vr)-k{`#=Bp9r0lBzyI_9l>ORJ?wN84 zH+BFGK;e;h1lrJVoC`D`=s%?qx}!9R1z*?nMo8YL^*d#l%KN{{m&)|p3do~JdlgXB z+YNAVcyfBUKRi1;7!>?ujQ_a4p(<^$?{@l69y{-L`cI$8d#zxS@I?A}NY5h)(QaLw zDm2C$pm^L!KNM@Q4877BO?|Q*hL`dVuJc%DWtVk%D_rgnk!J!^fB;{j2r;Hp!b2a+ zUojCF%f_)K>Ua}0w66u|7>*p8-&3B*A{ z(b$a=6HkQ1Hu{8K8-YAHu1B^A@6c{wrv-ind?O|T~lmaSw z8m4NS@@0OBR5w41xh-v&-3SO_1gFRcCk8$TKS=*VN%7KU(9}9rj$O>g#VwPGa%%L^ z1V_k!D4iJ1Jp^<8AZ>k&CWIoOJQ~xP8j~dT!pu7_Y9ClR`|{3a7VhOZ(i<+59&(R$ zsDcfB3qu9dDfiMuKHCoeP>-G@5dj*pqN10C?oLy5gf-T8gb}dm}^pc)+&1MbW4s8 z3ryC#kNYL-^N#ipZ7^C_Ra0)IooXk*3SYXs1KS38jRQ1BkeBWL9nE$0RZCwQtYy)> z9UHTfi=j07f+G$fV@Zf)SPK&cMSSCs&5SsPe7PRe-OAUOIfJ>|F)ij?Im~)5yHT6s z_0AJr?LC14$T;>~kMu+Z)-zQVZ!!K7;HmrA-O(NZ0_l%57=W(%HF(^A^hgdqM>NEd z9FI2?dPs#%mt4JOE4@Zub`R8Y!v^w75}R2+9MAgkt91(6_@32%0(gl?yJWlwR z>G2ZYPdoj7h5OTD|EJn&ovhuROWG|1K6^`o1`++T5AiI zA^^W6C_ye$cSiraW6zL_qc}1C;*LJSD(|6cQB8&mVCWo?$pCDA-hX#IIvhxrV9wa0 zW7Zu%;H=cYZ`}-w2}Xf$fiy>V(ET)_ylZJ|rsvx6)@nz6S422Sm7$u0WN4aOo^~Lt zbd)Uq18#1*fA9R^{%P|RA|05Zb*%T{`0Q}x@@szkHv0X3|H-3A^51^HU-)j=Jd1Vz5_`?f@w?}y)XIt{L8Dk_!EQl-lYIc7T|ytzVlAbS9|YoelO(7Ug1 z`E(yhAFgjc+^Oih<3`fT|1N0?nnDJr^e+<7;nAmB{GmY90Z+ za%f)Mc4Rd0JA3r7nA=qH1_eshr83eRxr%`CEBArauq^?66QJvuP!8S?M`wqp=Wh>x zda=1pViYkJ04m7QnW1a2xBFmu%r^n@W&~`0&Vb*nFbLJa@9Yu4PasnlHnKx`N{XB) zU9cVFu$sDZ9pCygm=6P~>Erkk1#@+AviT~8>;{xQ^VC^Nb-)pCL<9Ql2VJo+6EHj0@+w2n_2A~zpUT-=&(?^K-jQFBFMFF~mkqTF#)$tlgh$1dyoPQ&5 z{22R?8$+LofSyH1lvm&{G0dU%@dywKP7gwcc>~-(^;h&C_Ay2B<{sbfc zPa`CHD<(1|6agP`hy&)9$Xs1-CA3;QuVRw8CZvq}DZEbQsj3Px?pI~$o14yG-v2dk zwj3C#Eg~Fj*X>W$H#99aCY5Uia#BWoAexl!X_7)n7$@8$SNP<|YMzW&qbQiVv zB9GrU-+UuR(F|yflw>xvqmx0?vAJ=?Z*GhTdUAU7et7!R`Q7ee2ANy#U4wf5ih846-VnaktgmTfGs|MvS&pBC)D zPaf~?-rIk_#Pj)c?^|$*!-15pCOAM+hziB9cr!Er-}WSn=zZHcypByYWVuIbWq@>< zbvwG8qrE4~M{dcioUD*Mn7RA1wsc!e52P?e=H?Xm6>yqF9(b}R|HR=anN09C=sFoN zb7fMYc~%JNtFlTgLNCw$oih8*VP(F@6i0jly8ppU5aRAFx?%3%iXWSDhzBq7B2o%x z_s>;0*k~vK_V_L{l-0v(MGR~=s&fBXc}P`rUwcFi7V93+;&M{1%H}AucxY3#O~tAz zt9I73xYGD^rYRwZ%)u`S4DbXaAHX=4-EliVA_ZNR=b{b4DHs?d4<-x&MnYt(JtUgS zkxX9DknVjZRx4&;Tl?=Hd>ENro-9V*16Q0b^`#UABt5H2)}-Fy!es!dbP>pFY!?l8 zCT~>`viVpd=Gp?QQ*Ud|Y2ld;h^FD(0!VSKTo$bn%q^O30orDCoAt5+8Cppu{#7Y5 zOPSG3oc4LZs$*gsL^&E*qRwq7#K6QP>aLNc{@Ze=qCKN(v&|K$8RRz;Y*=}*m`#~K@Z89njZVJ4s|LC>? zuxRwG)gr_u6C@3?+~q!1O5VX;ylQ0OZY@pN1griwF-d8%Va#nyuY z&nb%bhj|bl?1H@~kFAo3a$Rj zCD32N_{k#_c|aGDeo|?Xw`iU#QJ&C|450wFXPn19X(4(bojH7YqfS{o&fbm8jg6kZ z3Ft3g@H#d_)!we+>)1i8-CX$YGHrKtO4WsoQ5S4xc3)e4asS-%sn!2UOSm&8gfmWI z?06LU$}GEd8_oK^{?5*B;r_?&&hF!<_xist@z^$Av9DI003<0GzlQn(KIHH%nm<@z z`%s0ASA{67VvZ{h>kf=@ng{iACl`cWU7~Am6)9407QI|uC6D7~XoU!IQe0@Rp(Tp6 z$_!D=;Z$Lr?uk16yeXtl2ZNG9R1`3MPrKsEuE@gM8MFRB|G{2Jp`~`f6NYF`6I3pO z;}#S4pmH0`|M|6v`u=JC)bsyR7(d6#PqI`S3;2Kk$Q1a%mvIGP^l!N_Oz!C_1&cjxNfxj-@wz&0m8!7ykV z{s+L#Vu(IkJELv2{>M0ibS^WX>ol%QF@Z(v|LN|d!usFa-P^lg|6k&<*5Nn*1uw5A&gf$0507B zclL_szsGy`{vTiD$tTb$h9;9C$XKlekVYxH-3rghYuN=}5yv}QKFAtPj~O_e_!NTLjN-*WEvnHG})bc@u=WpWC?&DEZ3g8TU$$j zwr)q=nVxCt#lPFVB`+mTJ!K`-%hmnF#Q3z=G%cKHWfy4BK;2&{`@KA^_`eB6O&uIf z$lA~Uj~^BFf4h5okM8;Zmw1YbymfNaJlXsn`Ksx9VF74{+A(*YEuNZ|Jc=enq4Kq- zxbbPV{&nz+RcwEMXruq%-7T&Eo%{3u7kNsDxvG#h`d=L}@-EK!n}T2HW>#Yqo69qb z%}Pd5*5WPJ-qjuN3xlbcOyvRiYe`J4)_;hnDkhA>Jc{FG6@UxRfBmBVZ?FI4e*J%u zr{RE>&bod4x=TA?iOhb_B7^D-a@owN>R;mkG4~DPpgR$N_Oc?~!codp$0Yh51>upA zx)*>d7H7|>%2lYuM%)Ff-XxV}DwD;vj!)BqcmGB5ahsDUtLRiJb zH+jeu5bK3>BgvKc6=)~X{Kdkbqi)&mYh|alVS>*&W-UI7(L9^Sh#4!CKuq87R%IM; zq<&V}e?)1ND|}c{wi2%Xp*m{5wCUt-&Y*39w-G@WaC8gUj^o(2^RK;3@9b&E|0m3e zFTK@ne=X$yPx}4h{jdJhd-?y%Jf9oWKiF0Q8I!mhO_)seu(7dGjJ7J+ef9YuOTDQw zZ{FS&z=zv zLR)CXgGO%0@L&u*%vG>ulOVKJRz1;KJEbhJae>%QkrzN5nnd2Gh(j6T zIhtt7VTfL8FNiki;MmNhN{ZZVS#JgpAcyZ|s0ZUdMiKOnqhM}wc8Xo6ddaA4yzA7? zYvS^Luj{CGK`f+@s{FjU+>{!DEIIA%$(E(^oq!cW?#@+pDcv-#g0o6j?cwKMvA?d|>3_WVzL z>Hiv=lf3OSnU4?PBEq58S!IKaybG3uJu4K7#L`5ARRQt9 zrhBG`(|rXQI)Qu!x@`g)byct>HiNs5pRgp%&#-Qs%^63b^2S=FZB^fq2@abZUH|2& zQfKs~Cw)_BwGK7h4s7mQZpJf5l+6n?e+V{ZB1oC9qbeq0Mjv@PlC|aic=5M_QMiR) zYTR(!<`JiuP|W92o#dix%s7swC-&Q{fn4E~d*2dlE>`bi3dsT1;lCFkxLR27`d0It zr7-Fx3MdCQZ)S~EfzT};$q@~4Bx&Rgg&sOV6cc}hJQDf!yJBN48+B{gaR{gABnbj5 z_=Uou_{H!t#|n6{07%6!srb(OB;x3rXY7$C(U5&)4SMbb=eWRxy`dzD+ZD$V=KCr# zKcZ~ma#5E-k8+h>p(&2chENwNr?#H8cRZ;aoR;jezz&ynfSBL_X&&BPnpKO+BUv|H z>Z2K?$d{V`GN(3l(pBr%DF)?md`!FPd`c3^TPt$2b|k*1W{Dhq8q-M)CCGAaoE9ty z7$J=Oj1C>J#b#UfPsg)=zD)lHAiVG~1x{SNMz!JqiZMCBRI-6*mOztg{LALAJYBnK z*^JtD`gV7f6+&8gnB8Y-Dm#(pq865ev~+oM5|5g7ZSZKvJsT*{M*-sK;MEBwF`^tJ zb{v_E%Vknir5%6l#A*589F3KztVCz>1r32Sxm<2SZf;~+Qh)4b{oneMw6u0=x(z+m z#RQik{uRXhHK8Xe=bR>~1}-MbI}<|FEOoy%vRa09$y~VIA0d{x)+dDKvkr0s#z@+J z=dSB^pIJ3;KeS6$<2WpkghGB4AQa1-?F7IeAXh+^tm=zLLIjdH*AFJDH>wvJ(J2l| z=DTd3s~HXu_#5bMZeL9i2adyH>>~;sCnAnK#5h*!6yS`2a|ZV8Q%qel4Vg8!*IQ3U zV06t9jbL!1lI!-s?#n;!fM3Csq8M!b7XaU%ot^Zyz^?#aU4X66`ee0xv-O}0zIg$< zyZwF_{QX&O&H6;o(n&fMT+!Z%TBT;{j`CcP03S zF>HAx&K-=mii}}v5o6eDT-3cWj(SV3?0pi?fx=0iWyLC3VI#?nur2N^3us+%ddhL4 zcY)@t$7#Yi@@?2&EceVF4`W%}9)eYxv+9>g@)U*S5-klkAdLTMLXyY_6A}oHAVhc} z5VG8Oi~XOjAOK|WYfu(U^Ao|5jK(K~(o(Z4iXG;3*E7(c<(5x5R69isag|D4AN>GAf3~-v4Rw0i8`GKY{&fC+ zI66B#J%4-n(+zleJBn1}kf%u$UD}LRvGeNoEmWmi?lmRhAh+Ww#o=2tKSh)L7bC&e zIpS4K=dVkuvuxo~Ju(BB0_|L&c@r&ukt1e>6fY@heP;#JMyBJgZl_zdJJ`d=lCdgj zeQ&2S%6uYEh;O+?Rvaf{iegBS2~V7Pg=$y9+Z-=eJaN9vk&rhdR}pYdYqtWWVXG4> z)z`YZ&BK*j#~o{hRqGCO+Qa^rKJAv2p-c3$XuWE;B9sJ7Gz2N_6n-)MOy7;!*k>bX)BAUk>B|m&sSyb2}LnsSY8ED z+^Ue&cNoVerhYw;%QWi#)>@S~4LnWiG)^eK!~vS3L*~Iij)w8XZ(1nw$T)_r*GsFJ ziYbyxkbTu)rKp}nkr33ia9pgRQ7xR?YiX{&X}3xPQ$$I}VG*40MYl&{-upD6WNMp# zdoYg0SXB$Rn-+xfQA&x|21V1FRE(V_QTC-%VVi&awZoPu*u*}Gf;}DUAXNFVo61?2zXqB`6v^PURn1u&&12TOe zb!;v7gbKH(1+t2Dt|{-~#n9*~q;^A~ZNo1VSN_ZE^U?Ri)5C-FgW=im)o^rp{&948 z`eFF~aMd$Xf%#M;SP+tIPdjR{>5eFM7=43b;{djzOa90$Q59Pi*)tLIXqns4Va@5lX`E^o| zX|EBx=BX~A*C1(E;gEf;!DRtOFXnKxVwTbr1q-S5`XrOBPJ{%t$o}Zi^y&s;Iw08s0l`?d9QT^|ShaZNo-W`@W)c|xkO;ESl zdm3GH3J;@8Oi2`?i2nd77K_I|Y^7N=AIR(ywu5O!Kby5{RWS(7Q&NCg0sN|TU)kq% zG*b%hSKnl@=$e|(0s%HQofcb4b=l^QwJjHRJL~b?x+Bjm%bk^Fx;;-O~9vJLO?uc!C6V*Zg2a7AU(j(<6l>O?fT3QHrK%s}#2dDNU zWHnx>)Wq1AIT)2v94|5KqDHSGvv4K(SCnf(>~~^XtQnFudtf$niz4Xb2r+g-$+(gQ z=S$csg&F7Z8&uF{$4&HEXe};?p>mewrSd_$d*{D`B#z6P%y^Z9rV7i0VQ_!~IA0Xo zsL+#&s(ILPtB6U(@u>=!q@KJ_a9e;SPhtz=1mYl}=xjz2n~}h83$s|S$TZ}o)}^5q z>#crz4)7&vB=B5;+tGKvt=}Mo4Vt%*AiZ!NT)2e~HF&I4VFvc-!{X`QyC z_XT7+MYPIzZdc=QT3bnc%a_j1=`~>j>kjo6kbLsX+z`mdty!`4BH&jUVHJ7^bkDn> z>vZimu6k4LQ=rF2c@1o;UNwZTXc_8=%|K5(^Yu8yffJCazU#4ByicKeV7Gd!E61Ca z`WaK%ATvc&dmB~*s=~fX5~})KDSK3&v-PB&E_E%?82BnhCdgrcBlxaJEzQJLTkY!* z*`k}FOOaQPlhA|w-$ZQ`Ywz_2P zl3jQxA7LMPkS=+7yj*KxRMa+(YvO-wqZ8@owLJ*&v)ugnT}4k7BU~0OrjK zs2Pn?jVfF@^AUd-aXi$mXq`AC6W*=D!BAA8TF#Y@q6wlD`3DKb(RAd^ke>uNnjTFf zlDHICKcOlzUq5?VMW@f6W~0ZV zw52xBR~gv9hC0l8K|7L04{H@lt1Z~Faj~MY))_ss=88=$bA(u%6|mU`xbl=O!b8hL zHPQQ)oXFcXw$|x2!??=a-i@KLjhS(&X>K$YE}poi>bEu*t~P09t83GoH4IIQm`?Rq zcT>~0Jr7I!k(S|?`m(_IxgI?RomjBVSI5-$)o0QE`=qkp^RZg23Y)5@=BKdFYk)Rt&@RxRU&RjuKzzUm*5YU#cq`&F$S0fjN2 zAK;uWhT(srcR0lLjvRJNqI8B{itA-Y1SYYdR2;P2NOSl*rCgq+zAP9TrKhst+gqR+ zr7S^UYdo1cOs4tuN<^}aev#(eWdT_`a`DpubnE?@D+;%n#Bw(p-CgrZJf+jfd*UND z0Do)MURFi41pcleS>_%?j1>KnAeN6Lt+8E_JS!Gc`?xL5_i5?~^!7JvTIH-<0Pj{b zx+LtoC)?#aTSLi>blgd6H28KjV`72JdopO3k9<`A5;kjE3yX%UihFx&faKzY&7DT@m-K%{SnAtcK>Xp9W?D7v5)bTLLapVNns)k z=o+U8`pN)ojLD$;bM$lct$BWqj^3XfpPmgroDIOolQ*ZsgF`SnJ3cu%JOG@4n4(L8 zr+^Cr!q_)IN2ll#qbsog{qVz^!*|DT+|UQxGtOf+==G+U&yun0kx+-Bmy^zV0%~^b50Tf zDFTW7C{saF5-O54bOo+v*qebFv>Q%8ie|6fZYeN?-JC5JSW{}GKy7_qMGMgZ(xVi6 zkPX022Y@8@Ax9%lAxBf~G{EOE8h}$01UQ<0lm%p~w!OZ>O252qez9@9vIh&-6G#DS zWD8<>Q1C8T#j9WiE_KT;FU#gy^QIQ#nTgJ~#2- zZ0i)8uF)~LuOLIx%`tZ!&o-w!N|mRA>pqYevKicc{DdW8ex7yXnSOA!wk`eNf<}vH zJe71${j)DsQk4j*0$ORc8jd*-EwKDTH;>aUYJ0i96}(y>r(Wz>K-$qkU1uZ0!FFA0 zU+9N8YBI#D0{SZKgX&2YMO2iZCAupsSw>J%eU%<+gVY6@KLndHW>4MS8*Aa_7r3kq zZf=xUzk*T9MOSFNmAWIQm`FcwamG(Ic_;SUtbttNW>1m!U{n2t(`pUm0IL-Lix6Bc zr{UsO8};xd3ShZ~xmesNm(T5A?cJ~K4m8%XQMZOYy^Wxpcq}?7erbpqTL+|Km})K@ zSl102bN;0jChQF*N!+e@KJ{5k?O;A1*()@~Q7iLARlSAI=&LCC*JZ1}BTIdnv`?+y zT%t8;_Vh9R+IjBRn#S=~Sq1GhSGAFOmk;NY58hjMe`k$}QY$P?i@9e51^OsJ938wm zp(I9>W5kXloi4wE)KqE5A3Jec{@y!2 z|Gnqj<}2$>^lm|0Gm~1};4K@ogIiTLwkQj4=|16o^t`VWJ@3}>^L}Fy^eTg(w2$=m z8;PTrIrOgWlwV(@9JD&!476gVaHRj&-Vs*G!LITyoXAx1IGU~`A*iv=LcY0btn zR?gs>wU7ts#lU$-Cn~#aH41C&O`+{sNPO_5-@lUXqmr?$n0DJXL|V`IBD zXDD*>MUnIxD_7rAvZG1n`_;s_>;0wdG2Ze>oKtc)W*x6&PFr72)RZ|&TFaYO{%X}h zl|Gu2Rn|*&>g*K&tqYDJ^$Rp-Jx&wGkzbegS`@d3V3p>q`sF0yr}ETu3&|c#NZ=zX zwGg%W6A|bitAFKE5_dRqRZ~+0Ubn!<@t`yPk2(Vty7Dmkphh#G9=TbWisC+=J)&hFXuC zQuFR3fd%#iLDpS>&B)kF&*fPaS0Uosj(x!?DN;HQnCnr##!2#^0Jx~l3p8JEn=!?g zkRt)O4Q15aUi?IGBqWW7Z;MF=7$~=*5#2wznP}t7y6L2%iPC1}L}2st@bv8H^>F{} z`1GgqzZ@TZIDdQi(+zmJ-lltE*lsz0%4Mo<2Gg%C<}ib_+IF?(Nn37?-VaA-ho`H~ zQf^YzI4qnNE0f$>*I3S*TnXV-#AuDkQfZge6E%9_m)HHTOWLf9N+X@UNC0*&(EKZr zd)0Vmgmaf8T7}q}##Dh`G^)3X+ITDbNW(?Uit~BlBvBbg-TJ zms}LA9keM$Wx7fPJZD0vR<^mw1I|Bza|L#*{Fbehnf5?ieazyx$x!s* zkAGBBqjAayslzmQS=M$)~vn)@%F=)Jz_yw_Nbd0I!o61??Aw?|^G?;hDV zj9@Gic2yrxzvx$oWkznLSWcmQ?zWn3Pvns7Zc^kjaPoF;b`RVWT(>K)6^| z=cmsn2Kl|Dr*GE4)<=Y`P_1QRVWnm*`@D{3igIH^lf|NIYCaYCnww6GEv4SRcZR-C zCH`-nO1xfa^hI*c-Yy*KeM0jT;C({#LQj8-3C%49Ywnv@xbeHtK2ehg?su$F{f+29 z8REb}wkirwz~6x5gB-0$`S9E$(FFV*{PB+!B~oeve}4w}3`IF{IqzQ>%8xU2)zs{zxq!Ax+yYplHi)TQKK)KykeipuK}88Y84#OkR6$ zhF0(oWiQcM+9f)0bJG*m({3yr_=ea=cWLI3Lg#IeQ--A_kknOVAQn8q-rZmg0J=sV z=%I+yc}#G`Z9AZSJ`3;!d2=twB|nb|;}V;^l19KR`dn4GOMqIgpMJ}GPk;&!3Nv!g z3U8a|!{A*x5fy`20lePD@ZK13Zw$CM1}sZ8_r`#GW5B&J;NBSUn==N)gyyXPsRH1H z(E2!_IO2##FgQ_;Z7bIwX77rinnT@5iSrY@gvT*w?x*m&dc$akO(ndz0-yG0JH}?W z!AMlE8{^g{oh3Y%E8UjYngM7Px739Wz01u>TX*gC`{b_QBX{}UH)4FRW%lg!q7VXZGbGJ*+-D*;D;}azEBC`fmWQnUJ_FfRX$keTjUQ~4=Z9hWx)yjOO zCQjeL`fKuDw;E+pqn8IzPyQ9H35PaRPCWP;@q;^Q$(tD=b9*D^Y;eM$aSeA=q&HN8jb^m+$K zy@>+{cTUB%Es@`$T^98j*?7MJ-BF!yJp86QxJvB}hEF}kRatlPJ@fa!78A0gBBFOP z8b+;%k5z)(({d6SuD~7jLA5=eR@%7q%X%_nma35LYCu)9uM&o;ey$WhDphTDs8?%c zS8HEsrPM?-8ig@^Q^uAh@i=v_{W(asw66X-=(UsasZX>2#aLE4-Sx5Up>6OTs%{>x ziTB*7dbTFmv*tM)&$(I^>C)@f!JIT57m#G5RdCX6v`!0uO2J3($BUvzZ{6Y{i_uh1 zexXHRCl~1sSQU5l^X4Cg8a}A2T*T4rkjPnA;bP^Bf26s4PQIMi>CBu8Pu3}OWqoV` zyyBzv02k<+4y+|g=IV{7s-LXAvP<>yei$&Hrfb&Vn15?&tECk~0An7ozUt#?SLJ?t zxTI_2>N}vvq@$6P(r0T;wEPkw`kQ-9P#cr#%;Gvek_Sg|79OdAl!;vMQMOSv4UJu; z*9sAeDI2jgWx+|FhVi)XPgsygVLUz?$J~5<`hod5M5z~Ky*n0;C)pwCwA&>eE6`(I zvvgXHY0P-SBR-z}$m*l(YgcUFoe%qfzMlO;6Il0C(Gb@C+^5B={VeTH`ru=p&@{O3 zG3$=V_c`T1=(rXh*21HD$U&`kOl#7tj7Kajcb0U%T$3PZ#xD++8&?;4ftLAz&@O&h zvO2Her9md}(t`clRP`V%Y5AtQ-%7O?R|PxoC#x82)zB|zbIL>9*PHVoht^_u*1eBx z**p|quPLp&=0QGeutz;!y^Z%d+dsxdwu*yntz%y3=30Jmi(Y@Qqw9W$Ht#Q7mVtQx z5^wc+{KhHkp2OOqrStIT*0RKp_c-&Y1b)9@ujQd$Y?@@VlQ2CbA6GL&tuR`35ZC-o zDdSxEoj<}+ztl~?_zc$=NlkWDQl+eV_pxQqKWi zz(W4iwrorKO4ah2KcZpO3cRQQ{tuM-YTIl*egNB-5X=V!U?x?e+%CfU@ZK62@Kh&! zw31tYl?c#Ue!Vy>@DG|fjw0vY_~Vea7+)^pG4Pu_X2a_4IiqoO~+ayg}L z7REAaXX5m*t6`RldIl`+7;yiImbR-3{8A>rPM?57M| z!-jjfXRywF^*91rHT3n54|ialh{bAGNNH>}Zp^END3>7DZeYpbW>hX0<->omH{mo~ zkhkWHB%ij^GjqMQNN}xoA1sqA3NVHFx5$)bR1$SP&AGKK+Zt_Yc874K54}+$u|*bE zoT@;B)p10Hn7{Yoh-|WdLa4*KfE;0{{L>-Xs1N_IczBg_oL|PmVDQ2hNDklffQdu$ z>q_I>m2m{tKIGP z4m$ru+JD@#?I#x*P5-O?;IYb!`-^-Qhiky813B>glu^8LGznFyze5NSN7uG@^GtXl z-?{BHZo)V?B$w{%4VT6n`o3NhyXAA##9!5CsCS+_@4&P2rE$cEG&;d4>GFU9LrW|y zcEhQCKr|ErcVeUQ7bO8J-T#zFZ0%cbKg;g_{_a8P{$Xo%~gk= zXr4`Y8vYBNeB~>D#Uoa@>5&ssvThiOKcOmhr1lMX#C?TN6CSg;UjK5%!wE~n%&>nQ zoT6Ok`k^HOEbA)DjWmy{gBM|Y;iADKq*(mr4?F*r@Bc8214-uZK?auG|4yeJ}!kfbR1nV)jHd%MB%ej z{fE=>Y?iP?a*@z~=B$AWUlN{STgq?N8PF@*w<|lJ?Y>^ir!4&6$#8#{#lCC%nvcn= zo2Tl^Uq8#aw*6|3y6b-J3^n8>^ZT>W{L822vm*V+rpSK`{XgjJ?#Gbd$+>-vcP_; zZ!L{up1J8V&KJwd_EfpzsdYqKU|s_@drF=FM}IS=WrbJ=hC^AUR>4Nsb7yc4PMfS#y(5?;D@@R@mPDZ>V94IC~BdX@uVrKyyW*bKlulk_dut%nP1OO>ScUw!)s&0aUV9eFf`ue2O!2qrhpHQ9{t!+U@}ihZ zeLE7)BeF4N(;-W3Ol8WWCHx51Uv1O47e}(}rOp>0yAJk+yrb1>HJ*?&g#$!547=o! zf)*`uDTK$-?5oBT@=maT3}*y)1Q|KWIPoXUzp?rGgpZ2v57~&Pj7Z@q3*#}#lgH%# z^D&lRBmlE1l|sNAbuZi#&3T`YzU0zAjiMP5EQ6!d_yWu`|boR^k-~HV$_TSI)Sy13|aXys_@~rx~Oe`vO!~5q$ zJ>S@&pHRY0qe~Kegt8=BG`t>5}mxR+-h0@+j7$&x5$NZda= zVujR*dbz!nf>2IBSU2@xF7Ke=XN6%~pFXXB|5u~`Hvjbxp#SatIr*=%fAEF=f0obV z#eXc#oBj`%(+bfeB1^+~e4;iF_W`cXA^Ck#W-C5fY4ZDn&cE*dmoj>%G`V*M!1DXw zF311x9ej!Z|16&s^2l4QR<-(ftW(F=q!bJD#vg}Dc*pXerune_<|iZHt#Iv2d4~1Z z-+54PgIm10;?kR+^*?^8xbj+{xEE(%?NfXI!+4ysdnEf+e3sn*{k{EC{AXu>Z}&_5 z=V$qp?!P{Def?Vs3!f?r17Q2%i`srLZdgzGT`=6&H0&t&1HqBoLZb- zgULQzX*FAOdj#S`%f{dcHoax(F`p(hWn|;K7q=a+v+K1th<8jAIt-&Q3z_hK%!f>o zA@6mVITXpIvN6lT#~Th&Zds~aKiX33=Aswsr$MUc;TjBT zCZsU^CG~Gu929+7L;MoY*tzA15$?6uRTb<_EIecVaz#B@C%je8Y{G@EJ?T_Yli#|x zyyEE=k$>O>;PDc#o@AM+Xp_)vQfTO4`eHpTkAU9Uap}vJ9ZWX1JDnF~4eGr5a#c6bv7yI9Pu6@6|+!UoDW|2aMEUJv2bDygVj%zKB zp-fp4g+9%AT9$}`qv)SQ9-pntTpZBVe5Pg||GDg^W;d%j(Z+IC^t5cnUHFb-Mo%kU z+D~ic{W-Subg>$-8nUg;O4fk0I)|x@G5X8!m?c}X8tYjd$Rlv19XrC#pUHe&9?Emi;iv(-NHsn!2gA?k-)|CZ|i z-GlC&{jc{W|NrxRK0anW^GCH3))g=R%cYg-B|EJJ56SQF-jlC(hGD!TCJp%W&Bg2Y zCudhLo_5Ti=SOc(Up(!?-l80mhu z6R_KzIFF>TGGR0zt0oC5VmOJjhYd0W|Ko}GMh58pgu7B&a1VV;4g{Hl2^Iwa?y@Q+bg zdv70*XkE+y<8c^&Xt_U2QQ%%uz%u{e!Cd{n&hFlq_|MPsaq~Fb;s9{`DhkChs2gU! zReI9V_x?yJpc*Ux%2Gi=q~h_Y!dHkpOpB*b>nvQ)SGeT<`?f&4sseKl3b6G4x997B z?R}~L`B^@T?|&8vwUO$ z#zqTh8ZKJNAEUm?vipBup6`B^#{cYhO8)JvG^$s z<0ZWPu`P#7?tj3Nh|i|%9$8=Zv-tjZ_ID4;^?%yEgD>*`XZe(@<;8pbr$zs`)PyF9 zuq8$vmlw`eel73Cnjwhr?w?(R=y8e)R0lfa3U!EcZfC#$Jtz(UojE7qGS2`eae?^?P{A#%#dnsrG6#_pRKm-KmiVs zPaQ!EhR}CwGfBfZBTqfu1ju_y1%tScjk0jIu>~AMOlWs+U*uEQomLvBtU9kdW~D)> ze*CD^Q~o}^_%Yvot@+WoHOyMKP?c%0KIX{Dpv`C;8|NK<(#D)4G2;v)NI#Pc}#ZwJow zCJ0l~O4b5278V3H=6Wk1D8vVtS1Puq8g#iw4t(&u@Fo}fnF;3S&=Z5l8T;V$@k{gg zNW2p)tr$2D3yn}mLKT;udvNSN=-1-W(rc;^>+2fqNLj)~2(^$teL8gdi>TQDqa@MM zPF1hl)X%T~D8vLbg!jHKe%Bh8z6gM85Cn8UvB*}=U1p1x`lBA4uyq?#QDxd@TE{q~FWWBK7{*D5O>yc!{* z4M+MiIn{Lt^cUU8a0k(F2r_;u9`Km-p>;vGpynLEH<+N#>%s*QAm} zF@<%>BcP~1Ve-hnzrMblo56hR_k{!1)0^^0{rREd(vqaC7}Ds3MRe9@K97THU9qs0 z6)zQ`CM*qkurj>D<3&hWIAuJ~Rt8mkz6fhX!zfSL^(19t!lNn!M+sW_jUqgeL#2l` z;FaIF4^NB2Tek4_6dt(ml3%E)kfX zR_tYsr1G?KXRj7ZEFb3^?-tUll%~uB)>j5n`>y-#VRbdxXEipTnsMl8B*}$?r23o3 zfuHe+rEb0pkPZ9gnxp6wo-;L6$oCbE@GJRA$tPN6V40&G3*M>b7!UK2){vnU6_2@% zSg;LMpugfxE){Nn=YcYOK9dG#*UcisPedGp*k zAJ^96t!2|Bo1KK|A^BKCd{)r&Fi316<`ja8N^IDCU$GfA?^R<-3DQI2ipYG&jsKjk zMoawvNickP1&}52Kb=muTdx0cu=^$c@3VZC`u|;5d;%73lisUJK=R-u6lo4kvR~%G zc&?;sFZJI(&*$TOQ3;ot^wSB(m*SSai+Iisfm1>tLP;QxB7hOtqgBQQJs59Tb>Tn%?5ke+SwjCG*!dGbOX&Yzx4U1C|KH#J694;IK5NPU5A6E&??GxmU(juh z{lheJTpE5`dU8R7$Atr}+W@rw?e$xK7GW)I`dRUKW#_Qsb1U@>TlmWSRxX*;8>b8B zhK8}=tewZtE>)$P;+G31TY6iMR$KF?__mI&zfS3B6#8zMTIEj*Cb9rjJ^Nc}Qy$hQ zbw#)fn#h>Yy2lKvYpbBT6~gH-nr=xP-HQJ0iau=aqpP=ITjC9`YiTB5sO*hU9b{HJ zU3aE#xZT3p*2Uk46$jS2!$Dd0GoERT=($54UVqUkard z$58E$TXYEGk3bo5FPstgp6>%%CE6&)wQuMnv_~x3A|KE#aG{}cp;-0rt}6XUeoFeE zH(}8<9LGFmk2l7${O`SP+5WfN>wc;K{#iax$R*7rA&B9v-VSLW_QWSbZVm1a{f@~%!8-*WO zfMFnCZF%G(j%I|%@TQy+NmxpvFlJuEJL$jgXFO$%C*+tp-!+)ha@L&DKWV|E)qyH4Q@s0&Fr2b8wK&>v(*!IL-(%ANf^ro@xWz(dw{r@(e zke_H8@?4O!lT*>~l9d0({H)=H0i!$kT*`lIT>N}~de#54k94h1>HZ&oe{}x(^v%U< zZyG$>7>n=!ey>;V|JT`VcfQ>J&+>Ufet4DgvD-+#HK7C&rsRL)F^l-PaTGh&R8Hd8+bt8D6i3Y@`U`_^V(i#_aCH1e#j%z>oiHX-EB9v$-5+w z@G(JoLdQUOR+`b2emLfFj9VZ;r?de?+FXsD-07WYiC*ir=R$7JL4KK!N8tyu zQ_xd$!P3hpABVBd`~)KGPX53`eQtmrxYLCK78y521QO7U4yj-&_(ph*ZSs}};V5JQ z8DJ#yfXG({<;++7%?|m@4B1=%%;bLCbRlPZ4h+;X0tVF=AmfAvfjY=IAgafiGFi%> z6CMcoNq5=jL&+LkgxNQvTKwy)!@w{&a(o0Z3K3Q2{XPADr?+UcHFgdZdMV z%Hht=-QAt{+bHE@&*xLf5Q=gZ`)nr&MH123&JVAyE?)0A(7sX9`8Vf0W8#VPi~0e+ zZ#mz?n2l}n3YhxanfRxJ5x>zC<$*9JgCu285b+p;d|2hE~`c@|NE+BKVY% zgo|vPGC6{>xMW-kEh%8ajED)(qd-z6>iaweDF&z(BO)IH-LfO~=11zY;zdRu8S$e~ z-a_BGpc<-FVPGnR3PqLRm28qS8o1bCsK@>~huLjxlkM%Zx0e@J*GK2q+uPC>-y`i+VLS!HpSElf_L30ohl}c-&EAkV&q*hUQ z=gcxXcGoxPNFwdETLBw}G;Vd;t+e-SU|*$C62@%qwVv1MI!_IAF&pv^^U%Fs$LkC# zHt=kOd@2;GG^ee0LwHJNJSQ}Qa;=hJ5*k;Ky3K)Im{##$jA$g-V5=!HK`_HOx3>dM zVxCE!Ah&kL^X=`gN)w4mo{Uqf2oB64Wh57X!xLu0J}+_D{{OtGosrpG zSGT7bQB1mfmONxU0rRvz6O>c154mNU1~y^43wFRoAf zUiKj)sH%mr&(l=mZWxbvIt6}fLF^h3-PKWH&pY_+sIcc9*je}VtQ`iB(Jb_76wQcW zSq56LV*Q!`f(({%V!TsQ+PO^GEsHZT_w*>`Q!-={5c`mD!2*)x!zlEl8In@G;I3B* zN8mB>Bc4mqgWrY$OEoW%Gw;sNT;9+rBRSH2K+*BvG?~T=S_spsW_oypyaeRiC( zfW=uzBQbDjwNaU9L?S*8{l+$VnNO3Y2z*dL;4TR2C~!kSkez&2PrhTN+GFH1m_UO` zb3y`GqNlzfd*_zvX-!u|BHH7H-?X-CYMiIvPUH%q*XHw?3wPD3Dx>feKk6Giik zd#2C41Fr{%n6iK7ValYWtB&$M7}4$2VMJHiIOJZJO&lqcdm z=@FKu+!CvN<<%U3S$9B!Fa`hC%#nyndT0?j&kD#X)w;q>G!J@Z zZPw2Axt?r$UK*QHDK-4aW*}z&#={u?Ey{9P7YTF;%4sZepfnV1VDf!(!)BmCM1m8a zCm{<^v`~^mK!&q|4ud1f9W;x!>kVTg!$5-t9xx&@nz2zH36_CCn=+9wKNDJ{RM>*{ z5KxN~=A-pTzQ3aZn$S|a$b*VSDtiz0C#)6G8BWTd&@h%t5M-@Gg(UJCZaX;!IjOI0 zWXg4^NJpyVA^}3%pfzD1NDnBQ$QTVI82qxc@0_6GN2zPERO~>m?~cw;*>`BiK&LJb zD5~~rQhf+wFB=}41C3=fa*c68gLcOXi@01 zSg?VnxIjDfmb+>~7rERVbdgE!wHT)Awo(nYr@?j$%wMTT5g!wtV9*&6S-?`bRS_RU zmlTOJ@{x$$GKY?I%~T!ZZIVQ@QcXIi@QXZOpC_{xHq&oO!Zc`t*(sqZYazC_tX)+l zc@DrwMFy627p;^7r*xU3*v9swv~rM+nAG<}F_p*`m@T6f`~@Chkzi=M0=qdw!oB`^ z12ITY0bzksC@Su|C8ia}C9jIk_!nWoe3}ZQLr`P$(i}Kuci7_wx0*zB#`8?IWWnw+ zF`c>>y%7fgOdsG)PG$5mpMam^Rq=R)p?zbZvC^8rdGRmc1jT;vJiw>rIdd@Nx~NnY=5YS1Z)BX12{M?_m*Cev3DW`6wFy0;8I^xKunp2X)~B=B zPo=7?DR+|c53~2fd^AF`@Gs^7Fo@bIYfJ&5QA8veiWsJV0PP5PKD1vL`BD4dNwq#h zZfP2Vujh^m5->laDY_c_J$(rU8Ri)nSb?yjw2)>VIp=o@_s|3*fA*X;bSl<>LW7hc z6BXXx(uepMNT*Z)Ke>0>Y zR0%vJV*;OtSXL=V=FX;d4H6dBJ#ZLFs_ph8eQ)@}pyC=x4xRES(w12WKI0?!w^cR( zGx;5MJIlxvwRX9{m=RyT<4n#V_-^gxLpP)xbKvt>@QA(PW6+HT$QXeF4zNL;g$!u- ziVaI{U;{eia{s`OG=NL;D&^CGwp^$5G`yFab<_pe09Pt# zd!6SMuPr6PU8^K(54i;4m~l{=fsjPy;2%YFOa@gRh5@;og#HAsIt48t<5S0g-*U*PyGj35)HKc2;xPBO4`x(ISFgG#ucp`>PYx+!Z@(+?i<7? z(glM0d*rSjL*5z9C1kz41nR={Xilk5}A}GEDN*nme~n*%>=v7 zRUU;g7@7k~`c&x$GKAU>s2@m8OKL12Xu`nm%}aRT>_JBl(Rp6tzQ*f}2nsWn3q`2T z@1{$!h1#xwx`Ybsdz}MI271c(Cqe9&j1uevohA`0IuS8rQgImzGeAJihJD-4qX z*h()@RUSz0C55}opB$KQ6;GJ2aI*7UZJC4>Yng2*QBZXU1w&9o^Vpy0h)ZC_Du5=i zp!YOr)Pex?OO|CUt(b99p>jje2NvS4f!H$;-_rC33l5PfO|%FI^BR2o1q82}u)dnCP)IzFxwQF8&m)22OM#RV5zSPk#b&4}D z(oJI?ls@ z?I1Il>8$6L8nl)2h3cd8t_3i;aze^$Tdv3it->7|+ZY-8Ig`ICmt70|TPtVy1ST=?GWc zkAmWFVeA_ib63K(4V8T}QUL8JdlQ^^RBuXhy`FN&Jw0SKB`A>SWhs)VUEEE=j75rU z0PE0Zu1a9pEMYHPo72Ef&d{m-TH-?EnTmB75oT2ytMLzKij)m%)t&*Nq7@1|Zm)V= zDf8)6ry_+jSZ86F>$z7??k7$lE}Af;hSgLG3=INNltOtx&W_#^Nl~2HnoDf&$Imt@ z1gzN?@#!r~XCR~I$)JgnT+t1LNn!*dnOtKKO_}cCt)0{oq*jvA@?s`qNI`F{i)08} z+b+jt_;$8MW4PQB_94s!VwzOJmBOB+tc4xDMMlR;nz5t6JTLsrVO%!AkF?0ktJ9+& z&(2>HOls(VwY~lAF#WEvy?t`=^ZE7J+f(xP?DhB8Y4DHD@;6&@qRyZqAL>j2 zYLsVB_d#yLkoq@wGz}ohkY?d9V%ys&DuT!m1?HX2LEC%o z?G0cK=Un9#*v#$iZ9B2;Z48&ixv8yh5V8%~-s;-|-JMXO8`6J8`izlZ9rN}-Hl07V z3~i9ua>Hf1?qY+?bS;1X0$);`PNc^Jsq&xx7zKQ^_1Gs%aLxaWz93KG~6 zASmqE1IIbhC?eDpZYw%=@Mg8864WzS%Mv8V?^$-7JK~peyN2=D0oOI)I<=IvlEWya zT@}EnGWb=#CaL@?@2EP=>Oni-j-Kxv6JJCEds>zN7=}8P#j?d9+6Kfv$|HT2xTkPo zBxG?DCSZtdjd(Z;&k=>#yk8piXrKy(}s7%-EMm8Hc< z;6O%9f0xd4?d7V8C#L;);^t5`}pU{*A zSe)2~ObQh(Dyf7rnz%rB4ba^+X4dicT_8OJq*IvLnX>n%JkQV<9zZq^@aMUybTt$! zFrFY626GGm9=cg96Qfh9`QSF<{rlI^ew8^Yc34@z{au^Z(k=5=rQPTXR>mO(uXQV4Q#Te-5t3fRIMWE~>hf;o8V9Dy zDk%wsZsZ5bZBrUWO)_Ocm`^bzkfvi+<@N)>_G}$NT`*#rNeIU!Qq<-goKzkY?KRag z+h&}e$*b1hq!p2{1o);6nmYudWJn9>s=8;2Odp0+%LV8m1t|%8G{|zeh-6W$Z zi$gt|l(xUta(m8mCK{}T(O_jd*t6Mc^Mh1|^h!?g?&=L39aiJgfjdYhao9hs1UDg9T#X|b0C^qx{f`p?WhMm9a=bBPXcc{bgZW%0%tA?f|wyC?Rc!c z%-B{bqhl9+&8v1(`c>v(H@^e|uP;^B8AOrEtHk40lCo(im@c#EjAPQ8)}gd*N6+Y* zSfJSgqidz^NX0DnJ)fuSlJlq^{)-J%u9GK6rEibEdevk{Tr5@O1)SNFv_VWCkf%2oHIup zyiz^X27aDK15Kc{hx~5LvH=Nlrg?D8?$GKFx8DWcGm~!DyLXZ2Xv=YhNROt;M5hnB z1K8BBHEdifZ5}eJ4D~+?i8m4 zDv#VF>s0^g7+rxN{-aM?vu-V$`^yZop<&s-+_2bW&41X0JBt*z*>chqJo;LrtV-w z<8fX@X>(oLMLQW9nx1s`dSo*f6-NZwr;*&6!`q(`48GeS+SKT6gaCr4M;XRnTquP?5CdH?;z z+fym^lqDTEIb#j6@43UjJBo(@j3NU+K7%OWQcWYDHH~;Hj2$OHk=zAqf|9%4Ma#E7 z3hnj;W3xZ%<}`1f=wr@~HF@JC(8Q%JfA~x>n`tHJ$Qr9)sy2)68g?tz0A65y z-VokxZqm@vKRSwU*_;P_TZ(HKyO_)*dY4m#RL+}G;mXBu1!WN=gJIxEOJ+0vTQCHjTjEqMx z4#4LX@IZLVB&EqAwu{FZ`(Rw5M1--g>M7l^lo6jQxRTDgC;hAfwo8zA4gfIP#rgTEWby-&3m4a% zq=?R1m||G_bDKKQS;G!;U=R7ZO(3Y(L<)xs{+{L zsA~b3Q2g#e?RFmhD^D4D8S$Yp%)JE1o+(je;h7-(?piZ4Socg@UQGhR>Y`9FjG#hh zDe@#?$9%4b?9`c3_(jcE{5lb2W$oCf-h;aP z9(ooV@FuB1UFT;NIJx>kJyWJw39nZ;_@c=LRZAqvpfHm#urT&2U@SfCeQ(b~FsU}r ziV|bdB4@S_GZ^2ck*;T=3SP(?<0OYz$Cw?-9Wb_1Bl^-T7dxudPFl4j>v@GGD1~>QDb7L9opo~ zSlXa?$w?@(G#utw?8T`zYvTMp2ad(NGMpdiE!DErM(f1A0ulFb!g%ay8iUc{!Ei&x zcZN3R#Z}XlP2U~fMiH-pYkS^v2ZRY_?ml<%grOLJYc0LTty;QC7S{6$P!}p68mf_C z6ZS$vbQoiWV4Ea|IdT^2vkItsjc%1&yF@6%)Ugmu(!x4-de3`iA=s3KXD%;cbD7nu zAf8ft6c=4!f=4;JVB$Zp*$PU*TXDY5?Kdd}iqAYVM!JLtgvMFe(nYszWq^!V9+8D= z5(XTSVj_zQA*sdKSGhN79z*nwavWLti=A+Jqg=q!t{^4Q8`G)5x0K$>zz+ z_wTOWY&qC%qG~PfCPQ`TTFON zp0%HKfG)8Q6Pk;R1%%Aoff?H`I7pnz9~R~_1G8JgC@{$u(tE30pvf`ba2gC%28@M$PyySz$mhzR z=_|JhcSrkuw%icwKnL`UB{iRs+pZmL{~yIj>lJU817S}?=sYjqF0;c)%38+ip>|mb z(og}(CYb4WX*vwE6sw8Z1U_CYGUkR*L5lD;IgLj=^%)c$AyGIrX(GAudHeF5m2`{F zF~}+f&!!%HAowU75GkxpXc`Pm(znTMb4M-^kkuA1+||zqS-3c-68uDOpu!;u#zSg$ zsX{=oN|;W^K(B3UBnDP=pWj(0u)*0Pc)xZyd+xjD+{-t4u~=pyn4|$mu#?jAQ6gtg zx?Wq$U-li78Q^dO5c&H(6Vz0&5tGe3Du_Hrp9ebdc_4Z!x0Bup&*#&@mL0+d^LL5} zZIm}7gbaq%zhQAOP^3x6)0q+OA{{%7O+;Azq_$T?}={bUF$7;pFA9Zi~RvtwISYM+}(K5AU7k3Dt%i zjJC!I5fjF@QXrAn{?a#Y?N6!y)0?y7)ARo6ZoDxY2F5cWYmgOh;9Dr!b7i)A5c@BiL!k7q3sR-uB7S z`3X6`I6pbNKD#*YLzeEl{%Mn3onBsDoV+`hUpL{Yle7Ny)!EB;@*4oq@yLlO7c0Dm zn$3n<(FPF{srXEx)FGs~q*JVwW9nv`V3nq1o2D93Q-Oj;8LnjoD%4?(oZ*c0b+ed` zRI7MCo{;C5;v5QNu`17tr*jkYc`{4G@gyVsE@r8eO3;o3WvF->{tL!aaH`(G!c2mU zQz_&s;ZW^^GXXZH5jh3WbCbwpB{HklTOjeOSzui?1qMsBz)w;lg`rh-wk9T|t5R(+ z>84x_Brrq%iw~Xo6eRVaPWh#o8qg!JbUE5QO}Jpf?y5O(eMTD!$_6Y&kj-!lU*&f! zZ7SQloJ1Joznh@;Q6+*aC@S?r?m$YWG^S&QS>Piga(|*G)|B!$EPpt|*;9b+?#x{% zv5BW-GYq%zc*G=3Flc9#%}Byh$bQ+}YybbYU^pqaib`cuyDx71++(+pE`|a_+83`5+lKLsmcQTR9}!RrLnMK zdlHr9H<3|FDZ%XlaLwWZ6^zm{eLhV>P*|{c6E4$+`V|)JQZFC!?}RSzi+6X*f{;RG z4rkdv^YmtpC_pf!oH5WLiD~uAgp9fQZtoXAuK$3>yY zMAKziMij!Tvce_d7;Ps-4d9XL2|Rwu`A}LhvX;B)O^1vWu)x`EsQ(oTKNmvh(qmeg z79)QKif369`=B?WxK@piK95Bb`Z>=*J%3Ka-1RGn4iIP}t zob!xO;@(wnWBv-4mXU^gb-H1F* zII?Rg@H*EI2~pQ0uccTehdnmS*OC?K=g3?$Ua!nJ*UY8LjQSJeY!HzoWH>`94&;Jg zcuuI4@Di5gG}7pI$I~dd3#F_P^SA{kFTz{+v*k}{I+ltPpV26rwMHppO%kRlyX8Ja z{g%18cG5$iU(~jkEmJT@=`1-n9o1BKu%`VcVJWg&0pBRW!qwYcG2hT)5SHggtYGIr zTkwE-&H-Ig=-d0(Kb=kX!DmSZ4Qev#HhEUp(Xfdig^6BkO=ws3rVI5WL0 zeI8SgR5S2l$FmY9YLQ7Rqw1z;MZ?}P#qzXNh1@~MZ)#kjLJMr* zdgO|^mLU&@p3<46Y-K70VOyf8=r5D<;7Fv{2zm2O-P{rWpBs)`RGW$FcvVTsnpPEp z4Y8;-Wh^UIRkO6~uwnG7EnI0XGBTF)mD59gBV~S=gwQ3^6@86%C_i%xr6%XYJ+c1= zHmb)QI%A^Y#){HXkJ7nNK26bEIt^oqC#XFNXZS)Pa|u(GeY4dPizEBa$SKQc7&o=t z?5Oad9mKP_#W@3;0WCr_AuPji$EL#WrX-62lX6qj5hegdGke|C+Ry}1F`qI?ElO@k zJv9uNoT^NiuoM&ZxVmu=6kAxyJgY8lTCj!n4AuE7#ZMmf#`(qd+41QHfh-N|4kh#$ zQsj2Vac`GH0xE9G+|I&zIiR%aNuhXxDv+mmv;HV0cumG17se zr>=Hrm7CDS-4|g{KpoJhDC9GQO05Mcw?cxqro9T6k%}d;tLLMN z*);97(G`-bRT0-ZXRZ>!lS4b!JUf9oZ&iT{8>!ppQxv5o9u>?oMpG$i0)+$F17$}S zg8*ICN`b;7@33N?JTzSeJenay$3bH38?&+$=@_#dGghtX%1Zij#Ihj=MZKYGeO^a3 zQ(_iO(?J*nfud`my^r|*InU%v#(M+&Wynz}lh<|(>YZdGFg1}UEEOzZ=m?V6z&R2% z5K0%O^@dT2#wkO@pQ#%H8X5b*e22sX;WZm#dp*zT9?BQ6?~!XQfCv@Zt>tJ_9uP!s zwKyTGXG0SamLjGNZ#q|{WC5&{9bj0zr`NK*`5 zrYT0)K|fL9r{Pc?g;6@faX4?E)wfBXo8kr)EC6@vz#}K20M&`5@~NL`D)(h(E`gcq zaE1yjXx>uAvSa{GF~BfpZ3S!E15gfFX?6glVu3WeL#Vc}j{tNl>?EIujSco3r4+%uA znUz4LLKZk?QhS5IPD(YMnvpx)Do}{hc@oP<SaeGDHsQZO!$uCC9H-@Q4yBA4&3E-(70$ZgSE z7_kWY)h0X^P?!*ci5Y5zMRcJ_lJX=CrFaet9;paSz&}fI9eXKS8->WHpsQ$d9SWfA zg8QLSlaZ(^KPy;cT}SJ@GK;wP%p-5imdcmjgmf52;5hmPz=8Y7%?Xi7(25G z(-72a_A8TnOX0 z&_iZ~`k4Ulc=i22>RDhPJS9VYWD)ikP!<7<6Q9y?(S|SI)*%5lH~>P3t&uH^eaPxj zt^_H-piMV~Kwto>DYR+wNN9>abIHXGuNHZfl@(ps&D_wK9KQ);b(juabu9*)3w`2x zR&v=9M}!@79^8eIYdgFlBI8Ly$E*o5L7u7n{X9i(M59q2Tj2(nU_~SdG$Tp%Aa_AiUOBSU*u%LL zKTo9SUc9blXW>G3o0dZT3Fl}91xsha*$y^WLdl2$J!wLXk_0+l;vy0>gDUDb1H5C? zILyp_G~U}t&zd5>iV>VZI>gSTBmD=+;u?pnzt>l^_D5iF%^PA2Tx^0ZO+?`hchK?*agkx4%j_4 z!u*|sjgHu8=7I=(dVV7LYE>8<{C;$Kd3t_w_P0ZMgtjg(hA+6Gd-6A!%AN5g5kjt4 ze4(krD2mnuEmrd|VkuT^LT#>THF@YLEC`GJhzlh8!<70rEE8novJ?|k8EP~W@WT-?x+U-)fNG59n@4Y;dvBbOuw3k(heN9?f7P)o#8Cb=m+Bn z1*IM*;E|sh_SrZ64VA+{D{W9%67WU{Y(ffZ7l@gOX2#mJI%GCv1w5pBCeT`ZBS}Lr zTuU0fA$dj7^QnSgpcNezq4CG7ozs3-W1g`_4x0Lt@K#ew>rDJOo6TmQ$Vc5gwd7^} z1dl5u2^^iNh(1j>Ae3y%2TaW6)_+S7S|3pzdy(V8)+sR_3KUCm5lExKC?n!HT0b9x zwTu=_b{dgsrqO*_$f=5dZb1k=AuCDfb+U(wIcvC9%EEr>>4l>3K%E5sK=E4(-mqcVSe%x@XiCU*r+Wi7Gtx|m;=_az+v-~UsJ|2K{29&?O^@&CQ{!CtRj zj{o1?-~AH*|2aNS$PcelUaS)NeK?*FmGy+OC3H$Uo={cQ`!Z!f5k;6WK~7jk!$>q5 z+vG=Es=woPy5BUmi-3;`8Gr!LybdNL)hQ~BA`&s${zxy{7-MlGLxJ(Nc|!Q8(IQ8>9e*JQzD2I@cqt1GBM*EU zV@r1dF?$q`rqOuAX+SX78B4;EfXAj9tqTccb`K9XV)Ry-s0s%&Qj+|H#zDl$Z+wWB z*NlQ8Bo1`8Is|d1d7`{LVLaryd=68wy~cNFhg7pJBp9gji#nUWvX5cHc{IQZ6lZv_ z+E`;y{|VNzlz$#GIUBqhwz)#1@e-5&Lkj_Km~Gr8njrebN@$>}s@$(G*hvwr?ezr^ ze0azU`IZsV5quP~IBPTpgTauBNu!wQ=_}9*lKkE)f^%NTA>U3yYBcOExTF~WXF8f7 zip2p1M3iF0C}q$d6qXO-BcS5uf%kzNC5Z}q-NM~G#)?doo6vkHNk-e`9rd3kNtk16@wHQgQOLb^fq@7`y49Q{k3LDn-+v zRH4*)TB;62s!u7lI^5oFG^Av!)E4dAv}=~P4GL~c{UUS%%2eH4n&~C)=w5zVIAxx} z3}@?a*sQ@mKnCX9qyF{j)%zb$e|hnAlP4?|B7$~Aq%~n5NUyuqVE%-YryuQ;pAbi$ z*juBn%QZJxkeQZxMu=CH)loSb6vdFiVF`ux8d@z4vG@YPHfQdoHW>P%Fj>-Sfde6- zJ}U#kYp?^k&pV~29cGPv2&^sD8h3Fu7ufm>93ZwgcW=2aLmu=0nQz$$@W zcpp)u4Z6zV<(rYju~Hz<+}txvGr#RyxB zriB?`Ac7i2!gsSpN)aEw-WQclFLx{-{D#NhSn=+O{ej2!>lWgjqS10pv4!pw$&*JR z*h$z_+g^O0qEQgz#EU0HT0||d1^W!h*VJF(rrY*H>T5g%T@K(0!7ghhv~l>^Sw^N{ z*~p;I92v1YG7V#hKr9t-{aUDSVsdtg^&xydbyAnm;0V?DLGV%eSkQVzci)1#V_xGG zoQ=v$aXPH>JWKM-iDA*y&bN&=$148Ly#{BOF!sBvHy}@7XSp!*a1S7JzPtq&vCn{; zsoG*OyDN63Mj6G2KC=+&2sr3;zJ<7eN-8}^o9|C?&qjs*LU)i0hK1(?<2AIkS)3Ya z3pYE8`B?;qsp{vnV)Cuor|-zO)0yIs-?f|)3N2246Fg36HhHn} z(UXdbv%Hp`$fphRJ7kmX?~+z4U_KAn7VK!(Bk#08;BevL3>Kl~-6UnVA!cTjx&`2D z533K}ne;tRT`}^-?ckq&oZC|+gn;-Dau*u4!QED1y}G(Jj}f6wB_E5~>e}?t!)LbZ zoM%kPUy8b!UON!peGmF$Nl|z6C`q&hbgOZcnirgB^t+Bs3u;t2Ws)qZDJLnH7uwd( z16@m=%amrJ50a>Sj0d`;KXi;_EMS4xILjpA0yi1DI&CQ{5JJr`a#VSntl{2`@O8E@ z1Z`H5cj8mQ1o9#iePk;78I!xMcFtl*f5&=qKpUL^Br_F|Qh|n-1c)c(t(mSV8dBW% z2C;AsLB>!udJajJ=4e<~D^*2!4@qyo-L{g3d$?0J<*GQ<@#QRv7L zCG_$X+HMQf(4R!$kWEg*=Q8m-Y)Al0x6e- z!Y%n9<-lVww@in-Mo?bVnX5ZTuhEd=>J&9yCyO~Izs`#_Muc&<%p|)e5shOOpfI|I zcye|9O3S%dj==E*zjME8UD;juo~FSaP1%;$aFn4_TUNU~{bfhwy4f`i{f*vIjXZ7% zLTCM3D{3}>cVZynGq39CF4<kDX#<$^@rn#gVJ(cB8upDJ$Q1 zx1w{;q4o6l+U<3xU*3QPNQkw?>hWN~%FC~=eEzj#>IrxE7A?7E+~xaqZ=LJA0+)6< znK7TEiG5S`m(HVL3!@>13wVb_djdosq13Gb<)vJ& zsssOkPJZ+u6#x6j^Q zUR+%tonIerLor`7aJey~3M4y!)!zcGTy?;-j*YsVNLi4_0ge6H!16ui#|~8sKSkar z{Ekd%JkxW=KyOoT*_c6~^0J9LRQ}Abgpm`Huvu8Py>Y`1>gH&qhNB zP-TlpMQ3vRN?|Xu-v)=O`-URrTHaXvB+}y)3MSet{4q|PQ#47m2?=O zS`8$oQ)R@y#iUUI?u!N?A3xfNiH+g`c%wXuBpz%Kk9_*nl2dObw|?teSWin~!FTIH z!F5-{kuy57)d(?bdcyAn>6Z3VZjT3B$$c)V)vQ zMc27a=db#WYjai3U-flkKPu)JZw0}`4b79{%jlPsD#qER1T;8*)qj6>IdFO0K%Sr? z7I;hpBcWs6Burv`)h8Gd!~#cxhr4zs?^z)j90fE@rsTVhrQk8RS4l#B5sw7<`;rIa zk?_Lg#nX?t3!li}0lGbd*U*n&x5hKaQTm=>H-D3MVa^3qK`GIxz@5@-s?*-3>a($? zx^Qf*72jkN20=S8*c0cMY{JaDu7A78#dJNdLG0NZm#fq>vIiv#k1b6ktOKE5=W=ThRxrKs)7GH4^AWb7x-5W@RS z=&&v&-b3n+y*X4Ug@DcwX+BINl_TzktQLxx%taE6{fOrQ3F%Z%vZW>|$PJqb-QV(C z3HUt-F{ITB=~O>PzE$tNS6|>muo*u?z%TgDb!Do8*`X8?EaPq`GV*DgTZ6+50e%&wOkD{LVZO-qMV{zhN`=(EpX6 z`CsKvE%|wQ`ugmgTwb01baZ`6emwmJzWsarf7R#3i@(S4)#>?3#bXLGM%cb*QyNBU z)c^l)?)c#h+DVs^tJe$1F(@_4Rsf9jYh220i_zstkc6a1|)w>zL zVR89od`!JclMq_t?7*Y$kh&Mp`wx5V=kI-%X7BSfasf%2Rf3|XaNF6DFNosm)&Z3A zA~|sR%W5S7VKj|GsSZCO)|>%mKzJ02 zi47U?G1h6LisEdLA=4%59lHbu5-X0S=5fPjUo~{tk=ji46A+!yFZc<@e$tYo3DRoG zCA8$6UU)lIvw#!pYr}#98mjo3g?m>D?{KI&hHex{x^i)h{iKhV>j>}0q49mpM|#K) z&H&NnoKD$c^+FNvj$%wbF5q60XSf(ko)M#L%icxHHF1GdZ;p-(*QfwU5@s-k&$A~m zeI131pN~Z!(qaPbJhzNg7am9@c>Ibu3C%~c`0+uP(v#u9nmrlC%{E;qZQccLYF1NZ8HJsedixBI28{$Z+p z#n4VyDM1MjNW^YgR1AqI>^oI@-bVB)og~bP(XSD{PY9M`n_yGqHqZP10jDoW6-PwG`*vr`zGlH zoCjw0&fBc>3|^=l=VC@BQid$>qh_`So(e3L&Iy9P(Jb ze|7r$?BaaYR~=w0VL(zp6Zr!W&j3^x-s#m^~}t1hq8Z zYrNCSgBdR@5`4v}T#BzaO~J{=11k(~QbBlWo!o%3wJ~&rH38;?v|>3g~c01I1MA3dW{ml_^H4$j9y^dKf|SRyj*6_ zHytU*ISbEdetIIdga@=#rZaLYkvw3~$|xRd>86M$TdVOeN9%nI=GD4gk-+}+5CZvA z&qGS$5XpY;{mXa9Kb~G2O1T=KM_^??t;5Vf4lZr_gPGdD_qIDdtGus6I{mwC?fiG8 zHbm@e1@P?XEi$~LtMgAK1OMC5Pr2Zuj2!(-^1GK2AC}Gi^S>;YLo43-?3_eSLC!!& z2H|Augw^>8|G~C@Do1P$<%mmhMK8ru>aa$a|L5J+sk{*v@6K1grDa%{{#^v6Zr7@i zT+t5TtRdMMAi7R`T3Foi#rgHo+4-dY}Vvj$$oV#WB=H6{@AKZ`kJ$V zIqUkHO(iGf+pk(Jtj~@c@VB>bh={`^VHs()zSB=B)169leX()d+4#<}J$&m=pzOX9 zhhA(rQEMAJ28yyNf7ihC>U!D?{JAaEDmB>b9#rRnPD!povahVsp%f+XyOxU|cmg+J z92}}=8#D=3`r;wE?KGw=qXEsRJcAg_sPkYNghX`6qzpi?B5uLh3SWXKRs33H63b2$ z@Dkb{lHXf@>H(KnuyLhV8TgHb9n()+aUpxTH6q?l&E_}c!Ie(hJ!pN-hxaas;Zi1? z#LL1(!ef6iKfec;%vez5rEwHNU8F3$Wzo!rHTtDpRs>Yr_?*%yQyS;kq2b@997+X} zl%@~WWUlca#$k+4YPXNv@j$J!C8xC5cQc)}bRIeSYoaids`m>E;lj8F(79fMn$RLao|pTnLK=CcQYN>P_{0 zbt2ecmE^H%bF?f0UR~fH*^C4T+{tOT8QPEmZ_7Q|!;?=#DPI+;FPw5xpvQOiiM(H% zy{;{mEsz^3>jcO@ay#sss1^;XuIYem?(Y^rg|VDPQ}u~6CtDa0`;iM4sC*rP4dKFZ z%u^P4C;HTXDimT<#nI>aJWoi`*bk%duY4LA~*B@BSmBRRC0 z&7cxL209E~IX)y#u|QAV)&M9a(|gtQ`v)Gzb0xaw>vH`j9|KZnbJ(5Koe33?k%QTd zg}A=W!YU*jxdyZbff?uq3y)zj{wX(=bZthOUTLmM{Zh9k7>jSil*dyRXJ0KXwFULL z9-p`TaB+6N3TM&JRa0!e#}B62YLj0$13rlF-;b}G<@}Lc{a!o&SR7rh@FDzMzyD$x zW;_xvS9tMn!O0DF+@FtMuftv|?!*Hb_JZAf0K4{z)%R*DuD;?ap?(H^3rcyH-yh)( z1ynVt5xcd~H5kBht@uNZC9D}zeq*XC8=7agx7}ghoo#P7$@ccuY5$rWUBX|`A#{7& z37o>s+1~aVkXnW{%@qr_xlDI-rt`|?2l2=|6An-bTMp~aLo*W^+|t;GS|pl7hk^`Q z29+7}Q1_V9#dpA=T}nrDmdiKL9BmsH14!P3k<A;b##jZPO zVYPP>v%4sanI~x#3ZJ@QtAPjgm@-0v{WMKo`!QTrw0`MeStxjG8iv^>UCI^o?u^_) zUxSF#z&50XTpfLs8f_aoeO1oK%;h$u<_WUiZac^QjRf({(dF3_=S%tB(dAi79m)4c z%IvJ_y^Af6*b|VeG4o&_66R-uZ2UdmFgapsV}-^Zy#%w+xr=L7jG2&gUPuQcp)uaC zbMcrDvBr4~ZCRsEw@l-7b_Tyo!z^P^DJ#q%ghuzRpXN~(CXs_Xn_50_1IH!gttJVx zuZ3!gt-P^Go{{bC?2bdhKHNS{Gzxe;jJSWZz5UgyajKiphDsC7i2Kys7Zuko$k#N@ zyeRa)-dZD)R1ue!23CwGRS*jjjMG83nta9dM%(CmE2!V@o}UbC4Wf5 zkJ-5qyOl?ajSI_ZzQ8=bB0#K5Az=6r3z{yelRD20V~JbKPZXRzw7A8g6k1Y7gPAe2 zs{sCD;Y*#wv6)TS%!IEhO?b;|m=cpNaGUuI1?wbXDlrtE8WLeHy@RC+t4f_`Rf%fI znrt{)W1as%O$SZV>W?4U%(W}4t{+mu>wMQ}RD9j7{<>E(53h)-qk^{k1+o5E#41HF z!a6`$HJvx-S%?!)ibh1(S*Iqds>@`SrKPE|<~LSF^fr5>AhC(*k!SJqmXz?`*4=P_YWC*6#DeaH1y3M&ZRsgpkh z2crZHj*3!Fl@`>>_1TAPLT^K!r%jxG$<(sj+taE_-Nvlp6u7CX0E#~! z*3sB`JVtWcB3KFMkhqxpe#m(yvXmw}W#2ZE*o>xQmK_q7`R;o=swS{gRNgjKu(NiT z;w0SE)T~_~P~5M8ZGpHO@9+oF*u__Bt4r8mF-26T?bhge<07huveoJ|r)oNNFrcn#up3=m0 zZIge$rHRdbS^Sba(p$*GSZBDYeB+X4lS8tTO_Kr^sP}eOyBKwEZ&zG~zv=}5!Or0I zIm_;NdUMI6(4RFLg+F!pA`|2eibKR>=wAlLG5jaU77@R5T92EFdIZbfu-NChlq>?p zkHA!5LL=`c49nQKrP{(+ZWI*Q_48D96a@(YbNw5-^w=QA87DAfliMI4clo@Q6>!uU zX!`=h*y4)$@HeR(dkrwrB|PY}2-sq?V)ad^?W}r)hr*U!&L%8&3mdh_$4>*;E5#0! zZ%L=?^E>1Y0Lg1Kj<5>w<}lB&V+mBx;t7klibW}~LoI0S-RhN)A%kKS4%z`K6t)fP zIUmW1V6Bgelg{`Kc%*1WIUk5_#mX{JD7j(pZ8_w`*-}j$Ai({N6RT1cuOg*v`901? zU)+zM;2&zbg>TJzd>+RVDQ+bem6sqd2^0=4RH;`H$=Ik@w={y5Nl;k0@SM9?`^)-k zExlV>lAO1Gp;ZOA7I@ueR@T`5;qBi_-BgqjRaa&M@zX6bO@};30~7mzQRZ)7g6svB z=@z-S(d&n|fBObOH5#YbE?&+~CwE%?X&q9kigT_|SopW;he92a+Bb`3aBE+?w_0gK z?U`ztk2w~lL^ohKa)XpqtZ5H;**2fIJMAq`A0|pS6XrxLI<1i4jiITPO$LL((w&m; z30Gng;P1QqK#r%_u^JvTI zQlUEy=;qmOa|uVt5*bUdyM%*zh2ooZ$Zye7d~A2FP!Lg7u0W0_nb#~~E*pVT+yJiT-pdaAn4go_Mnz=b-o9(NnQ+tg_o zPzTpYwnHUQH&#JtIl#&YtsdTLl0LMZU4p%hBF;Ld9VwHS5eaPLa_59uCHB0TTQ^<` zj8^0#Q$i;dpsrwDrf=PC*JaIg{gN>G4wyyZWXgru)JsK3a!bl!2qDE+VFEpmyrFsQ zJL@;1vMKfw1V;Ff6v18;^Ug|hJp5L#@VDuQmW1@3g;0Fu@LO1dea>*lms&ke%8ptZ zOvBi;n=$SXqfe_;F!|H~e3-U1O@Wl?s>k-l`B9vdp0(SLy%Q`I;H`U|@;nj$AAA4a z)<%vjj^pQVzY48kCP1(aA<4`#L-ylbe47(8$L>Yi$O?A%-;^;NfdZsIpy*KeBZ)m;_+= z+BV+RI5*7LP|GD*&_3`GIdw+XEWe}eXW!Mg>Ra{g)TvsMrSwq?a8RNN#=E5YVgit`iYsyCbzeg(WW>}(cd>u?&RmAU|V zK!(3W?Nf}+w5~JtD_S-|^NJ1v2*CMXuXK-v{MtILZg2tyF6?U+P(iT5Xj;?UH;ZLO zx15QhDOsp=S=u@0RfQB`Ufw(tFJkmoaxXuzSXD}&qL6>w^sZrbl046?M(%f?D7skDoRlxu{m{YTtLFs{YQau_P+0eNUaIaLF z;L4}WU2^khJeZW2txJ%r2Tm8I$^d3C$JBR<%y6bAU zax9p(sft~j@`>_p!-~!VXOz9dei^bz|K=8U*3r@7G<9S&rNxb47WC22gGS(1W+j>8 zk@c{!AJ|5GWsw(x0>mm_o@#{GRV|FfDpi<+Z}yM!jy-r?R;aMJY$3;oz%3cXY;0+i z)*oK0P@dK9Vg&&$tnbu?qikQ0r<{6em?XQBbf9Dum}3Pc*|HvU9q2h3SB@Agj}ViQ zQ!-QUKY+He@oZxwQ$t;DEZg!d)QIxm8yh>B_GFEcgeMd#usz4`)@@&AL@43#mZ}pb#8Yc=6o>>8ephTJG`<4Yv33gO?8828hG8%mGLaCKVEb>C6{729 zD02o*LAL|kRbwa#`)rd4ZqPG08K0H9!Ng}!!Y2)2S z131FF)6V(bE;5JH_W4~SN02840}2)+LwVn6weRu`#wA>*D52Cx9XKFI=#~+wn<^=_ z|1VmttrAyV1AoIRx+3b3_JmIo5+K{jIf|(}o18)%$-!$-d@r+~3%4y4JK>2dXl-ny zdvar=o>oD%O9$D-#_X;5z!VIcQ><5Bfz~=r2xal_1MXe2m;@s_0M}|SoG6W$b(qW? zaU<3%uZUzlnETZHD5)rlk{2rfcjIK38II)K{1QI$XwnFS-o4M^ij}!6_olEX4S|Jn zxZ`QTRM97UnN#iR?HRan>|-$gUUhWo2QjIQNrR7*{FU3dqH!bjcCvp-N%8~n{D<@> z-+oK3*)jv?csP}>>iRlz}F!U`P zp@AdJ8@*b>MWI_M1NHc*4lU}EJElc|Jb2&r7o#?h|eQ^g`dXM3sW9t z((q+FaA@cE)X`T}!9X~P5`yVpO)gPYaW4#dG~jq5vu>fV@nnlSX@&w{_eTd8M~AQ5 z&GyHOv*!6b!lEm3MdLtHu5M`>b)A3LW6jkxYgM6jXI89y$gm6*J!|=s+;6*TniZn> zh5iCJ7}5&2S%r{E9PW}IabLZvpq^iS(P_2iH>r;QM{DQ2%H_Cm`N}T&k7F!qopG6K zJt_jP76#GerhfDCd2Rde^_O5?+46hwr2g+4 zC=F-)#`fP|Zf!M|hWYKcWD?1L)c%N;$Jm-J?%VB)t@=)VdwZ+4b3sS`%jb2U^a3SNfOcq4%L`7;QzGIF26})+DfC`Kd3VVK04ZSD0A3AT@A--_aU1`o7Ib= zQ6JMoakj;(_;sB6Cf3w$G^%qeAh}PlMyr9J$%?QE0uY1+bTbFHOD2)z>24MVon9d; zKIlAO7_2&uSYf z4icljeB^hXJ5#wTj%nZWs?N!&L!K6{U6elEGi@Abk{!~rtYBR4F5cH>Jn z1w_l6X*?Gm*L09$8@;ldO^zI}kYxkE3rQDlTxqF!R;-`{1n%Rx%fXxh*O{lmOjd&8(z`YpjxHb^OnovW^ z-P%wEpH(hH^-zo1AP|YF_>9Gn;k~N4oTkip5{CG@`>aJ53!>^oq{Bg#L8IQg)`}&q zEJhsgm8jHJg^$E_*N&r;mQ-xIWoNQLd@&Num>gFw7*N* zNHb*Bz-GnRK(b@20hHxPe{CH%509`a1jH;Vc>$NnA`7JZ=-$gD3Y0&ageni7*t4hp zFjMFe9}K`w=`)YULTNzYxu-mqM8-811Ps+29!oR`;UUB)f`ojaPJqS4F!2HyOs{AV zg6E-;=P@DM20~eoF{!vWWZotC_3{zJXblrP z80wG`BA@6uym|GKzA{n7hI^Y$~R>OfD z`hBeb%%te3%jjm?Yp21|y+oW$UtrWmD+L&{C&`QevZn8sp~-HTH-T&%h;KQDCaCK$ z3X*;E^=mc=BJGa@d2(C;CZE)RGZjOyva&c@NV}!6S{k7=kO~n}{9%Fp8{vB}-y_|$ zb9VQ7jJ~@pu>-PrHTppSgJp5SX{89%V}vkjm5r!=DP*rIYJ6 zYiYDIZW_M{4#sMXghNdOFsUl6;1ysTPwemqR~fDg#v7t(B+TSV>XHftv6V2J_Mn2q zoF`;0@X6M?<*_E`&2Ch^uy_(R#e2|UZNV3P0sgx3&+P6~f^1e`Lt~0(w{dFd!P($( zenqmO^?^{=;UXIiPM*c-6mnl^cWF|T1g~akCPB(~n5Deilv!L8KF` z+8!K52m4b=|H6Va`L~9=NNQu~A=YP|_pB}s-oTFuTwY@7#br{KTP{@=U=c)vkf|^g z7{CblrFo^iVQ|H2JoJr|gIl3gwKxrZJu6Wk#GGF_!4Fxb$y~(n`+|f8a}d5}y&>n9 z4vOkKjaK1r%CTEMq3Qzf^%>}6!d2hb$SNeDJ-mw5^5{qzVP^m-IjnN>xDOl_TPt1z z^_xQ9m4_mJow~p3?4%i#;7ycqY}VTc*%IV?%h?jFB@*ep#L}4#`ozZPu@m2p=u{k&5P%<W7cOe`6LC+d&Ltz zJyVyAN_VTu9JyI_j_EiXrk>6Jr9>LtPqQAY$EMCmtbz@Q7_u-V!i$4(f*EVeQ~9hF zChA%2TJDJ97v;-ao$csyqHeT;f-s-DhxFeZyUE{B{khH6qjqEkLeeo?__ zE&Mh&B8(bBQ#~k;2X!YHi4O)rG^k^%`fKW4p2yT&o9mP$>ZVkqnpK5kxVi%6!FJgBsIv4Rs)es4AWx)3E-=`xbnzk?vi~ln;MaQ zs+EP(NI8LW=75*vks9eXwGkc5@g+>xH|SQ?Q5tcdJiRIC)|fTRAE5Wrofgk!<&J8x zouYhJC^JbZPqIZ_!xe0HmMEyx``<&Z%W%{OiFU^Lya@`BNgVA~Hd0|N6DX*4{g?$% zr?paPJnVimbEY}Nfq2m^-cQ}i27&!Y1Py$vH;?2KAip$ST}_m9^Ltp1)={Bj&h2-t zbOOxRDL=c}9V+|o^RbFvcQVlF%Qi?LbJdu|kZM@V!_Z-MPOeCG{kNb1Yaqa6a(>hS zJ4O=)E00MM1)h`~D~AzzcYc1>QDP?_jV6&YSW6rd?(tBi42!4Z1d_kQm@$n6gv1@u zDT~wC>$UTvj-%k(1o%1)^G|PLJ|JfyO{5H@LbU>+v$gwmQh|^`*$2SFx0|Y86LSc_ z!&VV^Kb;L}PLd%BsaFS*Pw5v;(s<08P`6^4RT9rPI>Wn^CO661!^OyBmG$-M`BCSo zMOLw*e>p$u*x#=sS#YWedQ#vcV-x**lTdWwz{V41e7|5q-Pv~6yn+-RQjI(ZgFsX| z{0n_~k>P4mYDql_g{_o2N2QXwvn1B`#@I|5kNhcH#m;Jq+{=oHD|Q)>qx_hJLMhEK zxe2M&+_h1Nl&nUP2}NI z0|>H~a6+$m;Ln-9$>M6mUw_~}(PE3e*E^QVIJce^LUNPLDMBsnjNCdsMw9I0OBoO? zABLRQRzcwiERHb33JUU?j%k>&M-suq3H$?;D6ONP7khDOMAdt1PA1gcvrBh(T+0=S zz|24>FX2`1=T~H{%IbhPUn%bBhD@1z(Ip`nQi( zz6_w#{`=1P>G8#z!=u*gR`dMgcj$=Q!~EjL-j?9MC*lqS1?<8{vBQ4q=F(CHk>(eS4ZX2x2x z^R2Dd<>eC0NI$E1shqDIjraRd$VB1jcSBwTt(#rt4Bh;tLz?@?E-Oqp z@p;j>^4~pY+`5y|5At5qWK(PTbO4*9e50;pEksz7ZAn>$AX^5WIut|nTVuA_$QthvspJz0t5&XAEhn(5p7)W)(eRjssmmb`z`IE=FBSb z1XT%)RY5Qh7dGHgBW6h)Fy$+rd!DU9Jp3p5T@5Rz#l;3!mWYIUmkqn+`g%sIu5J;Z zdy^515^5Ycz*00~@_81B5x(+FZN=16>HMg(sf*jf#?;uW(uw3-=V36WK^nKHQYWr4 zv93ae#ZVQbPnefLf=#RNqohP?*3w!HScct2o*MS5%D>e^V@#7_BjJrC6m|K9dUDub zn>WXy6%?)9p)rN{CZQpZ2C3xdGXYVK`ZS77jkJBI>Z7ivrgMSY_1BAxIb|nPGLJqS z%gsVCI@(j&QdOUVL#;k!Oe7^E2DFEzuA*XLTf6v_e^HLnJdki{Y(lJTnUC8 zN?bHGW0co3pp7IK4iOSgu6cZkc17jv-`39hY0a888*>prk29JKRrwlKoX<)1DYBz1 znWNw>K3$)J0+9Jn<bm=&2S0kgT{Ijl>Kwoj$9jicQgqJ>#JqAL9uJh;Y;Nni>nBPomJ?>9yBKWu5 z^IP+q$Bg>5Bp5M1kuY9vEzn24Jc|0bZS@FXG26B7YD^MW48S>nH4z2lF-uYdO3bd~ zAYtU6jkT+1>y3n8vdAd`)1c#^fw3NqXcC5vt7q8ihvE^|KK=8z#_t>JjkWs5dg(~3 z&l;=Sjn$nW=Hg$n28IjNvfQnj-zL?9lbxEt<4MQ_zOxH*pMyK6Z7;|E&`ICsu2KYN zL7I_a7JcQt3Br>HF_f59Bjyw1M%=iG>6FN8P!9WROs5Zj8V%{Jmr?2ATrzTU)MHYVDKzW0(AR{1KA!V91HOE0V-2 zOCuK}b90Q*0O*)Ldp42MkCL^Op6=In^W#OQ)&9_G!+#FL2hhU{{@2L;n0ONyf6jdFCk3{4ZCD zr~KI3k-M7a>-8_bO@>tJ%S)Qf_Q%tR$8}A-GEk&wfSeqRS_h1e;OIpvo zep6h^-qnt9uk#U0HgS0Jw%zJ6ikW-SyuE$Bg&tkb>NtO5e)rGpw zVYCEX7bejq^DmN^MxxK+3vhP95V;>LTZKi10%^POMz&9>WzJCgS(=0q2`!SCaqwqAa_j#1WJPhS9 z90GzgG;J2z*!Z>fhR4@5_L*PX*w`RLMtv5m++0`;Tw7R_v2tVM$waVP-*i)5pwh;Z zjSX!J!JKK=fnd0*=5^T*!VnJ}7fb_8U&hK*;YjR3LSp8z;7UhmV~HM>XUL&g-8QUh z#gALRe;$v-Y{i<(*eufh1#H@^k!>zmQnMU9aRsy$x}0>dcX+IDRalka`bZ!PXQ1)$ z+!}tV{d^(wRft65(c& zl3!a@Zu1Vd%J`w`w+FGY=_?c}m0QD-&h$XGG;wSF`+%XBjXX?cZQPHlol)}ZZRNH$ z^E2n?h1(SNtK5=qHmbhs%qp9$0Mb1uUEjQ!&;9^#C15l?k58hcj+?Iwqjsz+gA9Fr zwZ%&{x2gIqp%ppV_;LiKV?Bgs9r+ACpl7-_rqs_r62OOs_xx|?&y{Shv;e^OTu*75m@WcKI zPtIZ{Sd`3$UIN@+_&o3e;#6!;aEJn7n_W`WD?Pz1cb55XJF z@%Te-lsPjW#{u{p?#pL{!$yrC&6(XqKlxJND(B?_pE059I~x1?L9Xs8WoM$6Eh2VQ4%b7FV#lM%FJMt5e z&(NrnJMbaaO$OCclXhOpvqDS_o zb-|yjgtHIcv-5y2ylFES{TX|AK5E5#xCFJw+{&e>&Dqi!)c%Z}JrA|A9iBn$Pub{Y z368qAC0VU>>KT`dUf^bslie3qYk61^0-O2}bJer~>* zqLG#Xy8v(%o?`*GH=vy)<57X1nG}|1+(%6ILmG^1M9x0!g9C%(-sTgUB-9%cN+wb8 zuL)LYfi#Ws+c5{XR)O(kmf|P{ac*M3ty*C^Yh{NemUK&G$_}$He@%{XI?O(A;I8Te_coLukAb|Lv{nYI_f1X z7VCAgkA|f*;Q{KP`ItpQgd~=GwL>?e#a;wU$Yh*yyG;|EvbM1f zM`{Z*(#toiE?2z3qqzh}orE3VE&GfLtqgf`>S&AT4*z_ZcCivUNN zGtGa9pzEZg)6G~(T#!2@Z=EPpxWuc+lOcvw zhmhaG7>*}``E{3)d11$-Cz14WQ@6M?Q4&^fIzIp&vJ4rw4^>4+Sb_9*Eh{_yT2cHv zc(B8^)#3OGCxwtC4`z}H5)84Y)_$8gd6&>-8>aMzf7nANv!vabzztt{B;eZPM_)_D zW~j_XWFpesu(x@Zgi_$ibUXvN{B?nuk?uYQfE=C`GNdx#p6O-mWuA#8IXshRv3tTJ z)&+TB$fzG;Ftd`i6!0hr%kSb+;Gq?M*8z=2n??gBx+Ug7E&3mxk^RGiwv^lkDDPbl zgM>lS@HG&8A=AD?!az9De(Q4Qlp^NXCrgmY*(4PyKHtrhN=jjlIS=#O0E-4GsTOm# z=>S9Jy8`NU&cizCVm(;Vg;k?rC~;4}ECOyj2bS+a<1z!;CuZ!y@3+2xwzwH5h!z2^ zTOshZjg5m-`S{t`0FDY@hWr}t5E_x~t!K~IA0I^vF~s)qa7COJk*nuotJi5kY~5vj zTs(@aJvoNL7UTeDX){w<4K_PwzRNu2I{y*r`BdDB6Em`8n2HL84x#}@sG#S`O8T|@ z7Qd`@bc+8Xk^&m1P#DqADd5`JhL0P*2Q8`m|V=|Vli`SSe=oc|>Z@7q!X)-K& z?PM@|cYc0G-m(OpYjcP-Vm?V&43QUC+YPK`&=@ir7LC3bX3D~Fz(OkD{5OOtziGY$3!{+qrlld>1Fc6{{*J zBIgi`8TEtt3YWb zjVzuH-?$|&ALkHcDObcdz6#sOAXdmXz6#sOAXdmXz6#sOAXdmXz6#sOr(o1P>_}B` z!ih$Y|- zUY|jBza(JdG_p~JjfOfXxAtH`(!Yk^tB=h%=tZ8+s7?+bqaG^6bj}^C>>lj}VUSGC zQn;hxl4$b`X5EOURV21^-wcTEEpm%7={jeH&g%%TxyYA?gU9fI!$d`IIw>ZZe9JtR z$dDon@Q}Wy-sNOGZ^EY4BTYGl`q!kt%%s!uy2TQ4-jb|4n6q{sj2PT?Xi|~AZ%KFO zW$H0H18QD&D+8zHG#;B|pd{x3pErPLF9wg*O}5|ymo2NETfHSCjop%N6)HIw)_ATK zc^}&-xYM1BLS8n_Pk9kp!A1cy9UgPPK#yC1g378m;y!awXfx{n5(f!8jl2R}W}+a1 zf3t4Mg4-x?OmG`&T)xtwqF@2RZW88nHI=d zyJ=Ah{yGY?YP;-2j2m|bc!#k}dY>gwK+Dr>2a!%{7t-m2RCOB32D4}_;@mx(r_h^y z>J3>3wzNwFPySHr3!N1xCU$GdE_>6235mjst(k82v#B6QRP`LuPLkfaQI@*x0kS5=d>RC^8p# zPm7)16!_eU&jGG!G8ec<$J7gwsS$)E*}04TE#~;!61b)UzZ_kfDoC$ou`5JS=Gh_9EpACyaUeAW9S5TB@eH3^0ydbPPNPt6`8iJn&hR=uMvko{b|8{P`?)3E*DL06YzgW}XEO zZYz%m+9sZ*@+0>Ir?Srb)y3KQd-xRW1o9M4qK-q`fm=& z8XM@f95%qLoiqkC?Nrw?E9YhaDids!z| z+C)8n#!Xha392F>>x*D%-{A&1yrY$}NWIe(p}@zjT(h4CAbCfs-|uFYLH=qf^o>n} zOvZW{W(CYI0AK7huSGV_-@q5aAi_v0l~5qR4Vu4np4Z+TH}`9ucg<%nUd}Yh=HP!Q zp}-O}aIkq8H9mZGw)EkvGo}x@n`xmtY2o0^B7g;=!UBRqh6mAW@sNdoOn$g5GyL!$ zFRgso0qtLrA+i8Zw`l>bUKH6Ki-2B^LAv53Cny_^`JE#4A-~}}79Q=IlB#xRlvx#7b%0=3}<1Sz? zAOTBLzbj>e;#2jmeR{yJqmWa71%HJf)o=Qz8dM8P5m`G`<*e41oaE1JdPajd$9}9iO5Ov7 zFQk0%e{qgySbNWoEzC_))#uaNlmGZh{(BO$*CFrKmD=aTO3~DmKN9(?QI%-rkS%x2 zGM_C6Jf-YR;C4XOBLL6I7=^%#gp5Z3ZbIHp(vYq^@H8+kCHx}*&%H4UfoESDWX_vn zCU7YNcEC_((s6Z$G-iI9TS9r+DBE?EWNP6+Im%q7FF<$~RahmfEOgWPf8gS?hzK8Dh!X^|_*8 znhLzcq1)OX#ktVQTFgRrMI*HJx1xl_<2VrPDd-^9GZfN$C?Dh|hNUQEF|jGp>Ace# z5VEj&v>1Fg+HB?uNVsk=mzv@B&d%Q#jDaa8!p)Lcquk`?)L|t&CUA- zfqOh=XPk%H2@6t08&f(J)5s&^n5&=%s5aoy2si;GONnV1vQT^OI;hr+1fNRpml3}X znLl8)9u=%H;x|d^n|HRTf^0Y20MfIjM{?j{A_w;V}iVMJWZS&Je?9qFN@1 zEh>otaP^eg*Dj5V0$2SAYC2rt1$iKffscZyc}0UzZs=uzkAjF$-O)xtitvj9pCN$G z1YVlGcbPSxA%HFfJS&3U6L?MlolW)<5%giet$EJ^UM7Mr1$>48Ium%A6nJ0Y1;ru0 z6!6CtKrKAQmlHtU8GU8xGmp%d7d`VhJXG$qaa*jkL5b{{N9|Dr&-}1|s?=Ek?kkF% z1zYYb%bPAng*w@C23IC-F2&$x2%7*rBX1gE^X$WZ8fWCNv&E#%gvFyE0&2aDsmIRp z=^$>&dD@5!WGijaT~qelY-%mA=H{-b;+bF5AbG>%GnAB748Fq=o!QIg#o~3sm1~wt zrvZOR8coLcrOpfllVGF^yvPljhQZ4p9v9J?r1P&U+YyiJBYKktJvirRL~pF? z(hk;lQ)&@2n39RNihO2rfFZ*dIye+T{?~*}7ztT4NQOX~AoBP~Rs353lUve#B014G z0fB$7y1lhkeNuoJ#)y3^h;l4E%_`8-jpbhJ;@21~xh^jnAL`!qm`{c*wl!9BZO%Wv zX`jAr*!AYoI`{Nr^Y{oRmMQbmEnI2+G^PE%6s2b?n{^}opeo+oWkWd}u5cu{5*AAr zk)i#F7x~=1zG&~%YwYmqi-I_%#$w*@;*;JU8A_*A#e-P!tsP{I_LAy)G$Tg za;x~`5-$P=c&_|nmQQM!*(9g))0@r*?y8ZB;aV!Adx9(h4rQCOZV5#g=;w!3aPmII z8Xe%6VeBmL0enl^@RNa_%~y6yx{Z6#z+LoomW3!3QK1MAYn+Fol;qWk#dw?_b+VVX zyiaGAaGM8Qd4s;j;{0~T3Udr0NsMwD?W!vNU2_nr@0-%6RxN+X#BG)2&%|lWJc9-2 zPQG~pZwU3buj3#|ScI8j`p)ST%9%(7-35`BF$g5*N`_eKNCdvA@>J zl+T?}I~Pm8+uBF0pj!ewQ$g1TUK|TYmaCmRbLN@C#fwxeUaDkq3GhNgqF!^~oa4OV z@ZPeZ1$>?@PaXJq=DPwVxIM#6saiekqt&M^gE+I)r;Wp-75AJ6KJ`~C1pm+io+aQ5 zJk}iWk5!~|Hh9}-%>n;dg*Xj(Q5T8N;@E)eu*g^Uy!;tek+MY@M0iUs4^~QVVSbVz z)rGsnXT8Z_lLS$pZ<2^7fyXwDh?I*@EE)N!fEL z97i;e0$ATViIT^$$W$Y8s>B2O7&!#p<(or2JTPxuiT-XrBG!daj!zyJTZ{L2$Yd+e zIIB0S@XRgg+C^0E#r^Y@XK=&*nZ;*Z$TP~$xFmS=f-~hPWt1W=9*?dLae-&5-DGI+ zkUBRm93ev9?@Q`;^K}p| z@)s!w)G%QtkM-89UCZaN4q(EEpsK#qbs1#3{7_&?WfX*Bv4JOd6&A4sy@pOY3rH?l zvJ~MAlVoh`FK`I?ZCdIDe{EQ4UM(8Sr`}SqoFIlQVN0t8r7zV*0l6_7SwQ&!jr#%; zUy^*{p7gsV-RI9|rX|b)x*z?P0#q7WqoEat(r7@>%8M}-04j{0u>qCPZYe-EkatNk zhVl)qvvzC0dEPqM{Zn?kO~LsvA7|rd=PB+t(WQ1vcAj%!KFSVVtQ1nNvWcnfGqbYE z5_OSEQTj?nkV^4+l+s6A_bz=@NTRP>^r#4>uUzh^2&J!F=%@&#uUz6tt5@e2H~Ip# zjb@-!Ue@TAwEwiKM&JlLiwaTtx|NFxQTnv&F<>iNL4%IH!*r3~=xt*ydD^osy5 zRYjM2EIs1POBK5R1q_I6E~856K;$;>YyvnX((f^JH|LWqyt9`iEC&jqfW zt`C&gMA19w7wurJT`R~Mdfmvr5Rl{d;3%igdFyjs7y$T~i)0Wp@vpG-UHD$eUE+mY z-V0~gzVqKl;3cflF^!jc3R=LmA$kyqBz3F0wc(*DS~n>evcM!=B2ktAcdX#Wz;%-X z;JqM;=qPBU1D8KKbHEcia6RAiz!RFa3R%GaUVmBN{=Vk3UO=PT_Es$}@(jqrPXB4| zJ_oj0;?n%o-39&O%7MQZERIaJsv_VMQRt`h7{Jd|d`&rU6M>TjzUZeMc~1H1sR6U+$$!9pxQ3tZb~+?d0X9hcE+TEL(0%vR$T z1E1$HZ!?>v68GE_xZ^ut0Q~+=5#_*(z3A;t{$Q7gxxh32^cL`kJ49rGkElpk452R_ z7DAXsmlOlXrs(q{R9mu;k+U3b8f}xAPYGNTdGkQH2@hFJbKa(IaB8jc1W*S z8JS(U&@@lx`^^{OmXNs=u1)5Lz%3zjDO{V(OVHW)61#QPEO0Gtl`-5CoDbG4l)Iax zJDRG0@R)ibL!a7_kYBEspE4H*KMt-6d_IbBz@`LB5_fq#u&&+ufgWZtsFS!*kSu~~ z<x$=?kiNn|u)aKw&BC$Oj2h^7dpoir!J(CVyT|F{G zl}Ewh(n@f<2o83p+eg4b6I#(?=34w&bTBv|Ef&M!k?Amr!@8MPF&!pxSW1FN!y(-c z^KrB`A4T&6~PTq?N1mvI!27WmL|FrtU=%>PJ93c%*5>YT7 zGo##r^7@>7ixDvxu|vn>Fu-UX6LYJ*xLo?xh`jRGAiO5wkW4p-dVCW3y2E-2ek_aL z{qWG6*kljFZ4n094WFs9qI={=FVHO=MPnZLt9;Z&8SH{6j$6|GuKuFFogZB;MMA~!y({!!h`E$$RNR-xq9mpvIa2Ml z!^|cL`e4BxO39N)SrY5LXZtX6dvjnP8h2Cxw!qM9z&=*IQ8`%K#B0Dl zR-BOmtN-zF6y~8pB%2$i4{<6v;P*WAiy~aXSduAWR7$NzS&tH{+}+(;O)w~YvIj6e zZJK}n-X%01Oh5oiIO#&hxgZh=4a07|QdwCc?*;2mLJ|hirKl{C8>n^Gc*~L`hz3s~ zxfJu4>D@km(>O#t>F+{%d>ZyXQMQFJEkbxAR|H+uwcn?B#!vtw)_{$!8)G8vobUgJESS z_kZNGLVkJ^^MMl!r#1nBT|hc`hJ-rL;G-bV<;sfNu(Cl2Ima}5PIVQbQ%4wUdXPL3 z^5x@GXrXfNIiuBKI5!6uMDqwjGYC5Sl)QzKh)`3-iy4FTq?pn}3hEvOCJBj3DfpA{ zKIsQ6^x;j0^%N6EDwuuaUz0#eBQBHG4^Vg1WXK}ot8!M5ltghcRpcg|>g1>%k7Fjr zJn|(y(-Jtmj}OFH&29{{!?Y1nJ8DO%pEIc zeSD4j+yj=26H=7*36IDp+z!{lW$^pjy({z4r)r6w!V;|m>aV9JyNkW9!128y)P5CA zC?}Xa@{*)L+aAPt1<{~hkwn=z;R)N=(6J2o4D{tj3wjeN#zCA{3B*7U^w?AV@Hvj_ zH=+SPpTR*9=u#&{!i3FF-Y_WEC$gcWctYfi&-9kn^L959ASPJY*CqQpog?BgITWNT zHQNzZ25wjTdTdO_gP8gZkIEU^k~1LWJhGz(QLeU<%BW%XqM79Wkjmc%PHvuj+^hsz zc`q2DZkW9kN90O+_At;w63vYnmOHmFc(-ysWN2=1Xovoz;LMgLjxp#cy@#s8r83D((5%B231CE0g&UQPUquuS%57vw&-?>0ecHsr%A&Uhegh$wB zWkn~)an>07;}4%JC~YdglpNN%Kqqo{Ct?4vWIx$W_tD!Qo~M${ADnbhktY9;H&(*6 zL!f;mRChI9=r%9~u5s4U#_hl+w4^vT+)fnHIH$g94halY?TC~AR1Vdhjaz=27pGgzwQ{b>o`al`DbI5IEC!4S&xp#4H7ft zarq8*>wm1N4(tC|a2!c?vMQID{B4g^tHh>r3S{kS`}XSDdSk7=vF;8`$3X+dqy`Mr zSlw={J|n%D(aY=_6pZ)jpN-$2uFGLp%g22NgYM+#u7@e_y4}#dyx}CeWd21G(@4l; z%_5J3B%_ZrAzm1;D7hHXn~NUzrx)PVv}MjBSDVLyX3-1o`-_-S|3Za)5c2me(_c3j zQz0&fjQZfMhXtjxZ9L8|19qW8cm8+dpN;wkX{4?6x`AfmViE`Be=~alX=*R04PSjB z57BO;vG8%-wHT3|bHa`hl|0u*WOX}5`>uc#DSBT5n=GLPOVYIS-dmo2oTxYk@SRHba?5-;2Ip%R(aKoUixMyONF4?r6j@V}7kb3SIHOE%2-Zs|iCG?U-Xr&bi z8FE4f4<5#SnyVJFl=Go(p=vdwuH54f! z-CnIG+RK77SU#^4omttwwNN@tb-RegN2Q*p-Y{TS45i1OwkBwmB;0YlZ%tTF z4JHJZ$+_{}QXFy3td2poM5go7ijwlmQ%Xphka!YF2D6(ZrmX`ewHn}_5!C15x|gAQ zk+iSjer*fYU!Onold=E4KYQD59<(k_PS0DNhuD1W&ushe*30M5b~5(g=PzFF{AK_B z5}zXbFJ!wW@0E%`J|{&50`}nrsf#rUl&@)MlnIe+Nh0vkBB@`qr=2ndx^t-3@Dkjv z|0+4(v-+=O4Z*4m+hV;^*?`gzDpLR@5xch2Rr460F*KC2*fgycoOMHAD+oK^Ltol; zs5v1R+NYQx8yh~C(;&3pXI>%!{B2{SvH^B&8*geHO~-M-!KS)hzu5$g`avubAOomE zRJVkakS0tdrYG;qK5qT1AR?s-1-R8jqZjg?)*Tf4@$A2Ap1f@xoxZJ){Cb||TS)Wm zBARb(9Gw1ga(;N+B8MH)ZvFTB!*=U{yg6-?<_S^U0ZH;7vo>}J*rcZnyVq1`(!(-n zqIX}`U(|29Dg%Z7HV`m!k9wCo26})Ug)BN#gVCXx%(>Xq|LC3Z-YRmFtX3 zR-JISBp*;>t(z-dzPBYOgG-J?V?ObF1+>!s1ea_q2@B5rmyv`E0M@KxlPQ9|y5xf3 zv}4ccU6cI$y-2fan#46u0ZN5)8mZ62J!~Ml>%cw%Cw-4-;$@3o8tR;_TQ5-?S#4oZ zzN}GEvd@45YNrwE#atM!?ySQ8kaJXL;wdr9Ete8Vrgy6YNM+Yq%euqZii&Ou$g7k6 zFu-XcJ=V||K_k#^6TwG#M0KB?I%!YT0DM4$zhSfOE|xQi$?VNnF@@b#kck(@9{l*@|kx6zfNRuUTotZW7dhC@fxBM@=20haEL{5PPn# zV}6aB{~F4tTDxCLLGnZ_zwLiCzF@T}pU55Zs_Py(JPC-_{FCsqPTGo+h1Woy>D&C? zVVqJ*)Au-!gFzrgO36snP2|`Qhmd77;@5bNqc?`-|`{{Ir6qWAy1U@#=AYEuvf$rOcdcq>*a@1sE8 zS2QH;G|uxF{AOb!CSxVT0`nZvKX^>W)VrkM{wet(O~fYYO#%?cc_@JK?jI_1qre9% zzDo~SLW58#AJn@}@@1d9@2%ZRWur(XJPZayC%>TLCv~!&Dd`;fgkBIC~K1S zb7W;vXYm@Asi)z3K6vGI$OpUR(>oUX#U04*%cU+4?RU z|FgCI>@WWRB|b%B|1OkRsW{$aM5VF%nN4@en+JX>72IUtDG&cb%haxNcJU^0kW94_ zAqj=Th)8LiC0NgWzxgwp>R-M#8UN3I^5#Z3)I}(- zl9%-x`R8}_8*;2QzY;Me!eHRs!!0xIR`cMvRUi2)%63*$N|PGc&T89#Cetlk|NQwk zn(vw}zx7a7Fz@_7d-l>j|IfBwY<>6F`Tr81uXF#C)V_kZyt4i6V)?X*&OZjDAaiDQF?{TQDXXoOh{A(3k z5d80nZgzTp(L6glI^1u*K5Fe%FHV{l)kr;bcprz=Y|Bn-|9$)L{Nu$>r-vs$w?3L4TBlL}g9p*i zY+By)xY;>xwF~% zqtj}iG>;3WrV|;L_dRQNI=`H@5AuD}>n7W|b=2&fAMSTr&G!B~2Va#BQ!pBP!$PDp zeY2Qn1}H<{9VIshca(G@Ge_A!dN22Dr*;1RtYjo*bm_2UGM+cHlf(UH=lsp#QR(EO zz@s906NK~TXJe*0!N*ny&in!E2a!^G1mNQ3Pdv+ERd{hQPU@tC=3|vl1U*S;G6cWQ zC`cqGpfr)3GYHdac0nY-t3k!>C7fV1leTA553(VmJv)f{T=^rW4j&Z8apqoGS(J8q zy4EIaH($R#JU{;Li{?JCM_?GvCW>jV7bM63sv~m9Lfm~+ILP7I>>+|NkX+J7jwULA zp#*)=`Peyc9bbHG9?Qc33>cmqRjZBUq!+*rCF`tTO755birf-^S0x!TEe=mQ=gp&| zR$GBlffFoNkSZ(WZOD5RQt63=MhW^*%6-wB2uuzc@Kxy{aUH{i|jqdsWRi01=%-dkqyY>&DtBNG0VxhM($xRns4xEwNX1 z{11n^L6WJubNsts}*;vsRk{3cUCKAcc`D+up37Is#Yq^_W9wP z=KlF<`=kEVG9*?jKfO8L*FPKw5KId$V=)h_m4n01dHeA7`}4!o6W!=Q=XVNtRIU8l zZklm_jp@{$%>L=gdGqi@-YNS2$xg>=!b+xOHHpo%+O2~_2SCjHK**JB`ab3z5+fRh zLU_f8;jkHVVKFRVh0`WZPj1MEps}?Di<*esmg-{-k@n( zF&)uZIcuLDpPj?ryEr&(UmTt8HziH?sw!^)YHkm7&uT@U`GV%@5t5)T{2(q7NZvJD zCsGv5$R$IH$+G>b#;JL5aB+UB4~^U$7^6%T9ib9cfOd6V;RBV$fdFR%&A}Ce{RiTn z9X3ULNUN0(&7;EuWR;y<(^VtwRx6d`R;SZ^n;t#QRQ9UpLq^P~;QnOtDUen7K$*k5 zsompcbFIP7%*S#-FB|5!Xw7P6IK}SbDK0^-ZJ5l%8?h)6EBKxLRn7k6m?m*> zvu>6zPnQD>IKQTt)>9KDGZ(c?`R?gLsefJAvZJ$b`OePLt!U>BVb?41m19Z!?D*oK z^*S9y%ElK5tvAj0N9TLl(wHg#(EaqrNbiGmD0y)9s@c^W@{w|D1#b!Cxg8|JwVmrokca+hGgyUF^ZHo*c2dde%NYc)x!RmwS~2krVm6n!9M$D8-sSl}Zq~iRskuEsO#a)Pp~QKKVpy|0dPdJkTon{RhbG znRfGroYW$cJJ|2rM^&;y-tZXnn1jktIc=HBIP#?Hhn1CqA(_Mop&wLc0-3~NohaOP z$)^I0f3H^VD(%+W*02BZN36bKpQ!rApLnL~8`&c?58UG&n)-%wM&<#2z^SNjs6#LV zhS~OJkNvY?7yY&>w^6IzK5btV^ZUaH-Sdl%fsq^2=BqRGHr2`sIO~%`5QNdOUI`9L zRDo+Hq&*haNyo${jhGOav~?;U&8XIs=lOm6NR9;YJNXO8Xisvd%P3CV38Wq7>5{(i zR8kdAb}Fg%#+i!MVV-KMS~=`or0Ue7Ay5fyi3FBF;l8jIla~t~nW-$XoXk9HC?kW+ zN4HFjEf`+Ovh&Bx%eI+Erz76ZA1@>BI*;-qnO85CJKRC*ym@%kaRs?TGR_d{3RIkh zLl`De)M1|5R6gzt!KKHv2&Q|uOS>+lcr8Q0IvYhOxQDW|>q1)F%<(K8%$(5`vaghn zT2%mPg&-bRZwalmvbAdVeo(LLC)x`Ov%(!Fa4LI@^r3E+Qd(rx5Gp=b1;@)L{3P;O zOd2fl8rsCsuyuHf#6?IQBX}@{NKzHG$GOD0|1DbkX!zY2uML3qGn--v z8AOkfSEQqe2mi!e{pr&@MOSx5ilyI|(n;B{GE}lUYTBT6(qFstlrWt&Jqj_fzr!g#>{_1p^AF`)Y z|6)#^Y57mk`~3sn0lS~KHt#;c`PB-SYh+hV`Vsz;Z5+XRcWNZvMu@dzBm0K<1 z*LAXwm&=IC-4emlj94<{7!S=cIh+!g&2}|=;`sg1`Qh17>*DO~MQ8tA3)q4VOiCu> z+zSSinR!DtqNTZ67F4ZT^@EgEQ`o_G)6*bN-S|&v^#~zP;6L>jwszQi3aXjL(Zb>$jMRNtonU3Al25A^oZqq6(f);$LHDr=cGYfCC9g=sXIG7A5{Bg2t8cf-?X7{j z`j4tnzI-CpRs6n6_V!41t4e;)s$FdK-hh;$wt&R22s8P~(QL1}x@Nasug+4!T+y&# zh~HK}+e6%?I;6j$7Ae;yuSCiNv*&jZ_|cPu^n-MkJSJCaa}>__4$f@5^~UVbQ6Ri} zKjecz@P2}^fm93|Nie?fc*tXMK_f^8IHJIqD&Bs`XuMbbjeXi0RV&`>aKhlPo$r5m z@x#l%%kSFEKbV9ee7*g{&bIvSBa`e@f3>5Uy^e#yFiHDw|NT1{l!rbx9Z5cO5%R%+ z#cx@1%zf6T*Jjt_COro0>FRbhRZp$T@3d0t@Z`||3Vr!-JIB30o|2E&| z8&M_IPphBhXm`I8r^_$R_DR0S>SsOuyKlrdV)Zi;>`snTl|RE!RZ`8228_3CI3&|@ z1A+?YE=RpbA>Ha{Sa*p~?Zs@Q7NTj zvP8;EN+eWj9D8N(o6O?qv;~?kS67wB4u6KB_lGpzTU`Sgrn>q$(`9#Scl)kNZVA1< zBu_r$WJ$s&<1vfZR=3v4-IH~f-LvGhp90JcxP4bmg{JDN!C}?yT19F|iAs!_M`$QG z5p)XXs|4y8qti@}k&yM1S`r7N5%WO^&MJ9O~5 zc0L^!1AURg6hjt<2IdMNN)8Y7#3`nzmb^US%GF5NsLA$+2PL@SpdlaF+!EKU>NM9! zU;l=^Bm;KD<7}_bz@zV0x6>1n9R^q5rwJpyAd)M1&Erc!{Gi`wF^iILN_tda*{bUy zgSag8a(H|4zVW(qPzl6^?0=!+ub98LRe=F(HJxLvNPNh5+m^EE+mrYDq^#zetUJpd zjO2TKG&ZDztGl}T8Hc$`MUWE1&*~cDIU!HKd2{~FdHtK6lmEe!#zMj7x8K^@QtkTz zQqz_yVecsSGrX=vLyUtcVsWE#A^)|uUO~*&*L&5*?Qg%;;Qw%`u7^R$2zsmg96|Az z1W@@)uz!&)@?F>dl{hx1&uZY^)xa=?v;~Vu^|!6iTmKhNzFh;q}X11cQi%o2o7fL?*=&rAw8$UX+T;2?oobKra+mxWBmT4{mew^&b4 z#Ht09)CLLJ&Yg%HiO9FFim9S|T+<*?&E3}4agfiVR_5K}S}#*!e!H3#cve3@t5v0F zQ@yKXth@WCC+DqS&+{i+{jj&X=7C<`98TPm`6obT;G@&G7q46Inja2N+u%oZ+&XXO z!4wQsU0usbz$m4yJHII7(5mXEo-Gc$K^k;g?GK0h#$_AWNHx>uyxrVKU-8^8@7k^A z!CqBff9Y?TMv7V&M~5e^R6H@n)dC61Bdgn53ds)uPQGOW)ZSDZ)pVGXH}*ISlhkng zbz*;QUFGf%atRduo$u9+oEgOkA!OB_Q~H-AQDz{JI@U>zEU>=nX{fg+-W7+&q*zmO zk_XnaXewWj=2eU-#sZ^=slCZSzPCeu&Egy))z!}*TJ6`T zoz{hVFZ^wf7)?0&oqYRkX{#ijusKZtdVY2av}}m-2|TytShu&CUpj|JM<4SeWN2j3 zN%OfCo%BCl5qaklpEFn)&~`h@4v-epMY)@~DhMLs6K_bYl`NFF$TOBIdG#u@2lb#RSP!i0UaeQ|2%NNj z0j7XUmF}7%QM2kWfudWHR9FAs%nNYAnIQmk-t~4;^E!}QQeVLKmfdrAaIFfV+X`&) zomz5)Tw>@wUDQe+p&3og5pqb13j~iMeR_)S&|D+(>f4uP%vfve{(RyH3Fb@9sTIdO z-O9zdI-`QxrJ5TG>L0akf`mMDFqo7aXj_hZP2*^(A%AJMPx9!&vtpTHPEOBT`C)og z3i|M#F@q&R5;CocmxnohK-ZXjJ?-p#+8(WbhIV)G=hi5FWn06dpT(jBZ_N1+4U)`j zS%}P}_aJ;`LN5X+*_@?0d*I}&ZgY)H^}eIPQ;#KW=97$s6hz}mvghhwYK;5_3%w&3 z9$MV}rdGakCkJ{9#p;(D>RHK9sF7c8tev8<)V+2=eg7zk7-VQCuF^>otyZi37FE-Q zGcs!N+95hUv;^Q;u&=R*@AHsPV)dhQGBQgj$GBTr@Iwxd&raLt&69JoXqVN`8ky`q zQLyzcn%i(ui1+vu!cG^X6{T9vmGjesQ%nv`aZNB2It{%^C}qEpMT2BW{Aol-f#if! z%$`mYB0yy$n=>fH&o2oLgG*MhICD?YQlFwp6>lsh((SE2gFh|STzcMDRUb>Q39)`) z!oDU$7LEm(2vbteD7mlM6JMnc4yR-oU`SGe{Xu?K;#0w{2NI>_KNN`*ax#&F>9;St zWG#q9!l)1R#JrLJioCM$$C4j;j02$^VomC7O(F%MH%ZL2nJMxR*kNsYS@g6kD+elZ z8RWW=7`>E`V6vc-VmHhqFJD<&Dh=X@4@Bm1Y|HE`#*Bk|Q+;VH#Gm`>x#TFxoUT&v z4&uGlH9x?}f$FO4R9)B2oJUwc|NL43>F*P%`LY2Hr$LS`{U9c_F)=^LZ-2A;t*QA) z(dqEyE!ideDvx%eYq*VREYCse;J0Q*TgOE1>4|}*k_)g)46;9%nUi$|Iem(*yo8k9 zV;)3_$Q~@!MlX*VQTK#YZ7lMbQL9g);HEAT>RqxMtStiOaO3{i*na-v<%{hG6p*XQ zVQVz^v`k|C=JI%2gX7&%D76Z92%wU#hO zYBXK3b!AzES_wg)P%;Rv7;EWe{;W93dSnG(3TK<}L}u&urQ;SX5U(U$W_4m3;fH?hZaH zdy4bJ+t~SG^)tY{tGFY%irq^#b!7xI@1NOJ?3q+Px9DYgd&#D^3BP1YS(#B6DHMx! z63Sdrph5+`k4J@sX_;SfF!|yqPd@E}m38;`C-UFWLH_$$$|+J^C3v@dwg;7Oy8k7s zpPk9wk>5cvWX?p&8MgIX?XFT8u;ffW=#7`qY5!+7%>?(@bk9)NNPj7rF4;6sBr7AM zmrUS_1ErygOji4X_iY^`Fkz*K9AIsRFeI40aT2kcG4f`8fhx-bZctbCQHw~m%rnQD z&=qdE)n{r-i|*0Yf+R8d9b45~)|MC|vT8R1dj;~tedKaS+~`WIo%qw63+-z7?)11d zTT`Z9w7ZYD-QP;Q?Lfs+ zg)859qNSxzKGIS6j)h|uV@($D+LYwblz>3v48PrS4sZr{ogKh4hY0m87oFC*i}~k| z&Eq3HvPw6GinaV4wC<*zB4t%#f?ms@|AT}7?6YmullkBFp#F9-y)&&Pwv))zF1R$_RCJ<3zj~{cl@-}nNl+S|j*eTi2LO~{WwlGe$Gi_UqoeQq43E2Xq6C3tC%g3*a`uVGPwzHAz6=P+D4 z(j>IKOO4%6_MVj3%#kh&_IxILnyxbhqN|*=e&vekdW`I0uKpH%Q`=F#ZhF8fyz6Xf z$+!VYw0{6GiTeH#AGCRbj3m93t-XZCCQ?PWc(VHW&HI!6ljd>j)7I~I`qmuL$fxk) z1bwBjHj%vS6^nCRLqa}KUq7qrC#Hgt)`kfpauM)TT?R_jRk>~V)(!ZDV9Ce-KBLL7 zUtF;jNLU+CmUnwGD_OA(xyy;%mr$IQiX#=kQSL_WBeHQOk)t`Q~ z;?Q+8j+qcgNJp_Z>k?Pue?68<9q_2GdsmhHZq9|SY<$@hpTnVQ#$80T$YC|2H!x0> zRJAjk)<2*2UsLaLGFEV09G8aD3I5HFdsR|>_QD1uf`7A9y<2Sv$AG|2$O4K#QP>)XEwolKS=dJzIlQ$I& zN1fSKv$gQq5eN}P1AYmADQs6W6vd9&^@MLDo&#~Ykn2*9C5=bj(#Reg*$wWIS~G1+YPq||_E;m!rLNmjq3)`7Rkap0o!B4m|B}2A z2#^pHmX`z)0xyImf5Xc{a2^DbADHA32o3~7ek36afvlKdmfv^Rx?A<4WxT|K&m&dc zI``aj&pr3tbI+2JM@TF6Gl4761nDk-JRxTzak(KG$7{$H!_&JJy9v*QniC+=e9#M3 zN)dlM{Hi#cOOLt^7;lf68!XyQ$eMU#!nT=~pr8enj(cRPX7?|WP^YwwJ$chp ze7)WVxfa|GA@)rWBs4sY zVdku~fP2<%wX)HM8#v=FJBW6(ymkDWl~Sw*R$76nD{We*0yNepVfJ{-r1?u`3V9NN zYGJ80ot%cdw93cFLn6mS5}^YVjA|y*kmeQ`#=h)pen|a}@L~mNamI~1_#Pb+UW#&a z$A@He*eZ}AYog2EAdUTc&=J>D85fn6Bbm_&jfigik|}IRwn`j=ls^$MOZBiSw><$T ztaJc70w<@YuekY@cV-p2Q7kd&?t+MY*lxUiQs@j^!n4>jLlHHYJnmR8_y zxed5Z_ciL zf!%}=3ohEJZ)!WQ(L5cnQg#~EO!frrj5!^7ZQ3uzFc z_PmUjQaBA3^QjbDY2q^Je`o7^H^E!IX1GraZxifEMcG`R0eOiuq(VMp*gDBuh6luL zOmt9*5;Sq^J84E1y&W7`oWZb;b-x4RY&;U~3CMLZgpmVFdbEvbH%7d0?O@yWy4W7) z1%y;JeZyvM$EfE^NXy-dGcIYIgb%W2yG%858C9t$#Xj(i~Z zzhbF`#qNwed{Vd$*QFkxL+M?NB~OJzlK63!h$q{uIO?35pn+u2M_j~UrysJ{`$$1- z2O%0fxh)~4Gi=_SbcX5XNmK^jmiU`w6aV~yUT zE-?aX9SJwh*+nt9Ab_HcMMpf@+-byw|8ejcN;qD4nj>$mK72n#!~)|ND( zE`IF^;V!~HiakXGXm2k0t|xe}0ww82+{PUHqUJX^joM@PA|B=pmIWv*NaoyH{%bow(N{(6I!c#$MMtqRUS+)_cD9H`HxY<&(P_Pq$?8+xv8W>T>m624a? z`TsNMu(%y(i69@J0FmFU*%9##As5B#Q1uG6={X`xi?(3TX4$B60=q2n&4f60u-NIy z#|`lfatdqcRotuKWH8ub;w(ll)(5+s*YD-=^zPu2wln!^e!jSvUoD-h=7_MTtvVJB zUTC)}c(a`M*Ta1eVIV&zQ6K=Nd4?XZU2nZxUM49}QT4{5L5s`=*dQ{OhQ-s*HL6Jt zOT%Co6iDS`>dY2`QF5TmvgoKR+7!n~>Jy#G6udZ8;v*fWf5pxX*b^T%TXx{11D3lJ zA0Du)Do?^DjudYz#l=c>{NxKJ0WRFU108YlyG7p)#$!nU7Yew%0m}i2#Q-&rfb+zu zDV7FqNCR&}oQ;urx56OhhGn9=74f_L40|K%594)UWiur6AoRAn^La#KZ)x1j9dFC@r2T z#eed|h5QMkCN5F5R46YLE4VD)sjDYaOT}5k^Q*Cwu;1Dx_jNVDwM+cV#CxUCZwECc z#)e$!uy_da3@67=?@djQ`&%%;WvRqtIH_)VE3sRX!@7{+Pi#qT+j9+j9aoxCRkA$^ zR7Z?_R^Q+NP}0eHgV2zA8sC!ddx<)71sDZsLITtaz03k*Nxp3r($w}GN+iUhu`Ld- zH%f0!J()E0F9t(*42lrG>u!=wA6T677Ipg_1+^AP?+F9#5Rha@7LPo}T3j4iX`SiuN5q3`u~Y?oDsWY}7z%UoB722H_7(NIk*&mV(JwJL%Bl=% z@{&ZD$_r9j3~2aBK2J@L^99kdBu>L?D-3GnfJXjAP)%%SaFZh9)QN%cWjWdi!FV2! z=VPY5n|QG{?8x21r|Km;+R)R8#J+v(eSB>41G-InAU%rxN=bKM9Q(J_C2uhxc~FsU zbQT8g7UWova(sxx>?pEvk{gvD6acis0hm@_kRLQ*S-2Ag_A1d=jjix3D%F96S{CS7 zVEhh81WDkt|Dg+}v5M?xOz^IRpT)x=n-Iii@+Q z+bZBi=;;hU%{1*D;J2Vhg%wUki~gjSgOIoy(~unE-Ic;;p>y+Y6NwVVFQn;u3-(T_ z1wG<+l-`@19-lfnF)`6GwpwESFZlk)RjfqD|2C))&I{ zIX__iU7grM?CYA?8jtTdFhy`CEtwcG9dP=-P&R54{}Xw@qix(0jC*qQ{S0ZWQrr!> zABzY_IFzLK4DUPGeW2~(zMvz>KNB!8-iXl7El*BjhL$}>c7qm!e)tGcTLoyx5`rPQ zGXPOn7VI71wVP`s)1*KI6Viw>4S)LzdFim7L!Wx)vd%1hrWUahEout*L977`gyjjG z5!&|=syN3p+FApefL#dpxI#0!$@fY!Xn|8XJGFbTQ_QJ4OL2IXXvaxv(wm2B=3m>5tL-@ctdO` zXd}X1hEdS2MeP7uKsp(4g)<%s(;3BXxuJ}C7MMC?ZL|*QkK{vyRYiK~?}79lB^lYH z1htSn&q;*IvgYVF5p(VC0PDfDt$96hv4O@wa-w6Tra}Cn^nn<9$05r{r8(Pe5L*$Y zi~$toJQmfGieMO(q3zs;bebg?(0XQ?9^tsbYUHnCRYS=Jj}XY=$S2NHNdFeU=#cd( z;5wo-7~#gXn7gFC9U;0(Lf_>tv*^uuD@L8WI^x>c+!xuc(_C~gjIhHkhu8s=s>7TX zxJrP9?OF{&2Ra#0g~YclfVPv#WJDII*^vxhfNn~l)}-N){DU5HD#w?RFr%_fN^T|{ z(&(LA2jp^iT?`P)tX`y$iOtAr5649J5d08}?ut96Lw-XQsiiGnR_3 znAnrh@BmqCEDe}S{@GHYf=xEq-Le(Jxhl4l?sc zLKb0B%ywnbHQVV6Lw>(XkX%weQ9;`Q1na)0?{a{Sqfr7T_Sj4V0j#Gb%Ys*5iU1UOfm&7L8y$1EK**)p)xY#ak9UN$nnIcjmC zPq`1Bp5LZm2Mw3xJ99%E_X4&t^U%#6(Gxmgk~$RB@rf-17X5AXCr%Q!Z3kYM0Rm8? zw@PA9NS9fIq|OPsVTuRHT^F!V3hG(thLjC<=`EJs*e2CinviEg!M)flYX|o6U}0j+ zRT6t1c)mA|q!ON~6VjDEhRw$b+`523NNU;1YKHALLNFTo2r~7Pv9YH$_M_k-M)iij z9mc9736RF#N#TauTJ$}>X#k5cf3jz!>aU4y?%37IuM3NZ1jP~%)7%wY(u0P1-Xd0u zIr3>$9d-wZ774HCj>(H539Q}l*V$?(+mk2&;!%PW$ z9D+t4D}6P2BV!n7VmKE50SJ8d3Rm zJHF3~4-|Nr@=~UDv_bByX5D~BV(LVpMge@)i%3KEDR##!HRv#Z2kwePg8k7>!=8|Q zKD44;7Y&7a@EMg8lg@#!odtE{Q1k%Z4F`3jE|c#2{c@Up6YudntE0ZjQ=<+^!zH&$ z$o}w{-Gvp|Pjg&$7x;#xc#Mnj#jwP{b$TV75|aOpgW1yJNEPH~XTf~w%$efi86|-j zVR;12%=2~b*&wkypR>U^osEDV3HUivN&-1bE;n%2)itr%*nWmL>jpHdK|gC++_0ENyR=ADIko{OoEt1i~?mC`VAUs%u*E%IB2+KH&~Tfb+{ziuDZRmtl=zi4z7x7 zrT0kdj+MKR-m_ThaOxk3+u(tam#l4v?#0*u!R(l(R1NK*F)}79MFS2~1*wdbzN`8q zSVfT48+N!s0%PPB9ZPgf673jKF8w0WEE|v_wi8U)$+w@@Rp@w)!%h8-^0QEfx?1@E?vi9AEo4o)aXQ5qWLt%GI499DYr zg2f^YE?DW47qq+S6(Rd3F2g`uBZf5HW7DoDsb-1y3YzXP(dHp$VWjzW$&Lp`+aXPU z$|{4qz6aVtV+`PU*|6m!4T96#u5I9ak~mnvtek*FqD&Yx6xugO$zDgYKN?6?DOOhJ zOEdZTv!zOvoK;A!U&J|C&$m=H#`Ra%VN?v~(Zp@|VKmr$i{0g9ziL5zRPewgjfk?u zk{w{D_~o?Fa7CJxZHP_J4zwFQXP<%E7SFfEI2TwVPzzWMHbxx1wkK-b6dh7onzs`I z62LO`D;HF2)8Nkwk#QttB+e2PcQNadgDR=+jPb1FYEuk1(TIa6h#nS~a#$X$!)U3! z)^KZQ@x!s6Lr#;gdkmPix`e}Jco_#fYZ~lqzk{9aYp}DIe6X{|!LmF~%5c$ReZb}s z6Meb&m{Ge+J!*^_8F#`K7ums~>~I`Tmklnm1FCKh2wYiriaJrMka~+OBvQ2h3SZ@< z+gth(HU01aO7(=)szi3w4iSsgiL)+%-UQzTL;O~$x=7MMauBpb28#A*;|vH1!LlOO z=AK;-Mna4r`ty`p`%yxpn9#+lhU{= z2Rzb~nKgOx+RQ{|A~R`?iS|JS3`-9uKJFx!zZ9zL%3lzE#MK$8x`Ne^4L^vmfFKT4 zqwN-pEF)#d9X}fM*k_V4N-ZCRpFp5+ECIbbBAAF>NaNJ(5H#Dh4P2jqrYJionnEFL z1CnEj_C4xZ*UeCbZ$w2+Of(oI=v*iIvk$rc>Ke~@IG9eQTadI`AI!qgEx3|p7l}Vu ziOJF}z7mbC>f&t)mlwXuVi^?2kDVPqwlIFILRUuYcTe$+jZqoWPbR&`z|qm|!Vp{p z7f3XaZ1CBW;qfB{v4_r)qziEuD|jr>L6aQD22lR_3J*$D3xeQUApRB%>J5KesReTN z#L21arY5o*{`Pp}kJtQW%MRdpwC#@*{X86Zy>Z8n#zWY$u@eBRSUyfNPNMf~cDR8+ zT{Cg&nqm5H$_-bEyDI00njJ!5rBCN8XIF16lq<#3q6OS|LZ>p5nd4)U*j&n2tA+An zZsfw97nUc+UvOdNstf56smb-%^FNb5z7u`Aa+Uc*7}_;%*20Ib+z*2^{T8gOAhMFp z6_MsvGWbx6*IWkaVYHo}M9nd)==CkBF3@znRaWwy`J6Rf&uzAwU28z(5x-3yJC-?4 z8Ray3aFRZd>@|5>rF9akGFJLD{re>SJ5M7JPg_QG^|2ymog6-%A-4@D@o%~*$E^cC z<)oJ@uausgjt8ji!2<5%@NR~jVY7}2I-#VjXoxV@qrPBFc7xIA55~9xM97sPxl<3i zG^b9z;M!}hV=FTX+~)Z9h8scbfHPhX{N}igSKhc_9YeZu3)qbYXh0jM(Z$!If$ies zB>pzshq@WKO+^jdvW1MUEIkMBHO3UwHtfKzp$!K&CEx9B*}*XR=h(63E0(8m+v$~+ z;~lG`z~tEX1N0b$J$zh*%7Mmv>K50IBiL;D0Z#bEic+v}$bj8Sxe>@$@=K{1@)j)Vfa0i=dX{ikSunKpg)uy{nGC{0v_`Y`87Ql75quUM0D-J}x)2Nd) z9aBbotzgiP3ovyx*6MrXAh}OM=pY?)WCRzQ3$y7xVNf0XCm%>BYY8E3{9Zfu6X)dI zh)K%Y>yn3deJT27OL>1>@Wh|?VVV5HGWmy(Y}${wUm&TQWzyUM%W0w073RVu^t^%~ zksHsIei*0~U^QH3Ao_4X28te6oHLRgvE(VVMzZdOk@Uy~@4^N24vnW{jo>FE-KUdN zaX>b@v`8>cupK(z=(qycUE;4KBuz}&j&bto3{M(n_~c`7h9|@9omqj1gs#~hWW>}N zbRLhOD>7TIze-m(VGwmnSdBJiPJ%GL6p#~kL3BRn@22E;_`u}{G%ZP1N=MShhjO9n z-5?VqejM9&Xhjon5tGsi(|a6+4x$AgMMr)k4nlfG&&|>-UD~dh2`x593H=jm)N0-J zob$KDMT2{qEx>3oc6e-%oY<@q2AE~pwGcPqVMzv3Tt#%&4NRp8`OE(5<>~i~Ec?hZ zwoPMKZ3?ktfpKiR64Kn$92Ab^!n%8RjwY(;_j93|KXHNDy}Og$z1xtoh-6kef6MAp zzIrwnw-nY_N-Q9A)KijtBfopMd>`L)HYB@MVx2VXB}9nSJ9QZ4OJiem*Q8@g-;U~* zv^P^)SSnQtMs(D7$+*ZZMMP-c*4s#>Rd#km=g75&U)uzBJ;IK@jksTI!6Ef-Ip!)eBNy(4=Q z0-R8d`5yZoz>tWMiOFa%9**I?ml^T}&vpuG4lP8#9f9o)J0dWEBcQ`>i+wMy35FA$ z93KxLNvp;#EnHBBj^;ve<&~z9l%aFhj?@|lr3yHe*^&Ek!>|oA!sW;zbaJiQiD@u3 z=tX|mXIC@Oi%J#q%hg*8<(ze`R?(qU0oPGPNS}A3ZY_q%br!)bfX;>;aRmFqhje+J zsmp7-bb0N8yEKmSRF^JK9k|O=N|!x3H2!OZnuv4Pjts_915ltVIu2ZOZLiP1XG!D! zp|{uCUexXr`Z>~AtQVW?+v9T&Q@_qqFW?NIVNyj3%naBKR*J@n3m}tX4PYG1<*WI5 zp*_iNMYdNxPxX~FVn8WgK|jZ#*7Wx{vS4_a#f0Di`P&|r$-~3o48DH~4dp4=1D2N+ zN@-aaOVzW*#WT$3sZ>D-FW5C~)khQ~$zu28`sIh!-4>Lu!bRO;k2L65lAuq#$2#YQ z?H1CKpaV)3p#&;MGdXdvasW(-Nyov9t|Po9affOZO0^v?@rvI{9T>E{_@2AyZP^Xi z!8}#tr2tsf;ssJWO{)lE83si{EhW^s8@KpaJRso*t2|(n9-=(o(#tEblulxNkI(Ej z9QaBcTD+|Fyux^$m0plusx^J0oE+P(;M(b;d*ZK0ff(I>>>LeOm(cBu0mJdj^m!W` zTTlL6o(Vec90@E(%fT>B?Cs=AM>a$3(a-66;D5)xVn1@kY|A{#MQpE;mVA)7pkinH zrW;~soeaBFjX|tv0&LlU*|e$mm4s}WJ+o7or8mxiD~WG%pP!`?aU3j`7UNLu!x!g7 z-twg3G|Fw94j}}SiYN!YWjTvOIZ{cU>JnGS<$4dfJ&4FoEYdI3oz`S8lD7s?D~s0{ zz@?O}f;{ag($TmFW`N+`Os1B`U$bS>k?ZQyh0;$`wanyzYbAp@jNfkpT5f9%;(gR^ zG@yfoJ4=mzf<;l67U$37{0O88&c_tMaD!=3zz=XtY0YkjI41^nf54Hc=n!-Sy44e9 zF+RBfFUbNNFAuT?d$#Ux8M4&$Zr}i77NlDhx9TYMw3hrZS`U(!3uS$reT>jF4*K;2 zV27c*?iquz)z!ebm+?1#Pt%^?GQT>TujW_FrBZeOEN_Zk5Amr2lZ6cxXHOWU!~ipY znXuKOBNebqI8ji9br|FKD-_QRz=;B(gX<3v&JaV7jUQ(nJF=No4|3nkso^;Yd+Hze%b@y~*@nL!8nWpaT9QyNXRW{1teuJbO`~Uz1^$=*?vMXX zq#-Ln05&cCbtJ;sUR!gcg=qJ2fBYLt>HS5pw_?cTUHx7P8QcDEXC)7 z&{iJxDYs1np`u#?IITXA*%#y;2XPSd(zR(e+-MiLxSYY3>p+J+bYaN7CQAWz)n)Wm z-1Qh75|%t^ctai4PU^2*7?NC-VyaFDl41zVXD?^*97BXv5ewShE_3gswm&<705)6E zE@30)4<=w|k$my`!(0wnEcuRL6jNc~aaalr_OL$~bikGbgFiIDh}{aTJ8>;hj(F!n zcs#wwiPgy*Pg{UDp)jTN&5l!4dWzCUV%}}*S^=-6>D&XFrrpf#>u1vSKvBILasw%=_i?1XWHq$ zd6eX{=WJ?Bio{A(3-CdITpIf>Gs(;OrYA%kk6-{9OI+>xl4oRO&IrVX7I6dbcUtY) z0x!Jslz8EZg}6;Jb&|@oarsiTM|&fYydfj`J@0x@5!nd9YUHolj$flc`BZ`njP^g01S#};2EC-R$A!X0^{3v%OA5@zaj@FfXT}P zBZJ1I)ZoRTA1vg|b{yy^XmPF)F~GbbpsMW3agtCvU(&GX)POiuMRKAbnV$H4}gVKHv$S* zOvXVnuE(pyw(KwjHVc`-H)+tWv9v!tMwurnM?KIIc+)(;T!ED32G*_xtX*&(cwo^= zsc+TvXc!mzQmuP~UgZ(ixzY4V(c!!9w>^jEXF^IeB;OakqUXRJL^@n-hJU|&<4VW6 zp60}+F8#_kxg1DK$mst4q*tk~IIsG~vP9uFNprsrNsinRUYcE-NbHh|mQ=XO9li|n ziJK7^ICGR;tHD-u!Z1}K`g$tRzji~C-Wt~Jc7p)}qmhsLWI8?e%L(0Pt3m1?hcE;M z5AmSD0$^kvM(08p%n%q>J|Ok#>k#4y(?+|tx%(op)b=*7z`Wss^I#GEW{sqzZ`rQP zs(izFf4zhgzfmgN&T8Z~q2G>j={@n!>G6roHL|A?0+_QrTaDjBE8TI!R>R(vIgS!k z-o+__Rw+EHm?FZ2>>1hK+FpcBc5MfY<0Fbf0x)ecZe)$ozC#{O=hE`{J2Kl#WJn8O zMEz0ea2lk=&*D9;{{hn=1X_R`*KFjcUsb}y=VE!X#VxJ2(ez1d25;Ok1~*o;oYg@3 zh=||@#M%I<1|*%jQo}6kbpY>fy8$|2+0jObhLLZzNWx@-J$0m?EtYd}Y0LD)nE3K+ zX`zs_(xWv;u7A0QlR;EU=gKqWAU%fD2DG*vS_(72w1gpBchz+F{_9)Y&RrPYJBmvr zE0OgQw`HYRlmdBF^P4R{gjVWoVSa%=+klOxl`1c>zk^oOO3fBd(?5ytua!!XJeQ%c9RL&Af;9I$ENc7GaJx3NaIkA)-Nm&n8mr0E>B3v>fS9 z;sAs|d%qlG`g_`twmSh@tX#X0Mv&H9!Dn||ltnc0L_YJDp-FRah`kW?GYn{XYR+jJ zu+f4+m~uTgI!k`nwqsmk^t|0{kOny`y+?ValT}}4!VO8ZZn%N7WCzhMuF1g)^YYI# znO@;edMuL!GY)H-FP^@AVg6)Nvxd92(`=l~uDM=zr`c$@9?giy%FxfQ&KFOY^X2os zAT(TRo0J$9DHjSYaMT;iFUzwM0N1PgVApOEu8xa7>&dYf*f&M5?jyKlY6Oji@GB=L z@8m3OG|@*H)Q=%7aiMsooX5`kmGhNqVPW-reqnyKxHwnJ^#PBADK1v3`T6-m8GXf< zJP#S|j^iC}>o8H2z?m^*qN`5?%dJDDp#;v1AQO^(A~*}z4iiBMoEbqTw);eIhHM9i ziKGV7jHtLRnL?Pwnu%x?#>=zFm#1=c#Q6m{MoO)NC~)BxL~Ha`a)Og(D1s*^y_Tbx zrBG#_FIfswZi?j%Bm>MIgC6Gwk4MMeX{9sK{z%SpxP(=DFL@?d+M{(C#UqsawYq;V zrKM(r-op)U&Cj1>QzRCmXMxHZ$8Z;Smi-wUmu@2kUlVc&5lyYoY(=|l(6|yA9|4`+ zE@KcJ(BtGqG7gnZx0Qf^U^mlvQPVA&yu<{1Emw<0dqct70H3c+`#wnkwFQAMZ6Qj2&}=n9|&uO!&ofbMy?*P{+J$>vVmLTTMJkUaIq4*IRD~T zCcG7@iRiN|O{Q^B8!s(MgTrE}DkNx6eB;$-fKbeCwV;QyFKyX@Ty!d}^qE8>d3?AQ zT1w$9eIA7^Rwu|hjAq(lDV2PA*B$-;V4w1ZjA~Lh~eAm*oCW|kF3@s9gH49NsAZcVQc{6W&4&2{%PC3b_ zjj(rd@)Y_6r%#CjFtR+|Zna=Ay)uG+Z}{8fcOm=ln9NTxfGcvqvV+L2+oaSmNf@a# z5Hk>%TkHh(uBjSGyht^Y_CXuAQBvC)H$`B9WrrlLhk>(0kS|w@bNQKSseB&z0T2VK zr3JU&t?i~c?5&U!hc8++W=IxIjuK1ziEk~Mu18sqX4%A-Kuvo`ewreLg7~=3TIya5 z!WXJCuXUs<_FA8+jxWPMHF;gmI+dBcE;AuEYI_wHx-3Hrug#5G*Je&;CII^Hq&23b zrZVRnl{+Q6yoM<@7mmZb!2}U|hXQLdxhNgqBrqRx_oxhrIRG&!yT{afj+X*j1(TDC zay1D4>a-q&7KyM7v>>>S4%C6hK?guK8P?<&7Dgbw*M%9EZ(QjBoZ=TXoHugR4+*Rv24_AWw8*uK2iCgDSZWoV9S0~8_!sLn5S|7!igU#6&ik4@>y-o_B=-(xSkuiHn#FN`%`JzN-&I5gU?6qN@JwKm4*(PN}oy=r8&`_O$r~# zvXO5{W+g6ZaT3FqfPRwJY|sF5ss@ml{aD*}aJ9#q;jZY|Le{K=%9xsSSz%-|Y~q>G z6_TQ_Q;J$4sU)f!N(h+*21p`PUn6C#Kt?P)*uwM=o`grDEnV>14J) zhF2&^s2++nf!J&*t7FmUiVGPQ&BLrwLl~F=I_As)Kubi;C`yr>>B)2^>|eD{IQ@_t zBf|U%Zt}^=hT~^jOtrz!wl~n|igT6RNN$9>_5@%PG7||&yMVFZguB?g0e>fW9W5_| zE8_RL9|jkOGsh88nX?6XAv}ohXgH8fh>#zpl??b-nmsb^C#OgNw$M+z(A$HM_jTJ2Y5#hB)*kAf)o^V&3_F)zcH1Dqq z1!l>^d4FB1j^0Ir#rLp@R>=4+*?3iOE`&kebIt^QyEPa1O(cbc(InPx*9?RW9~X?n zE-9xcAW%W&*madwe89C7rD*-RcbG&x94v03? zUE?eP;!>f!P^=JTs4Ez_18d;Q7lId#Mi7E=JE`#)v9i;c3p?5X+Z!-|)Tanv;Iphi zw0wF9qYC$xb^^QCcvSEqthEC-+RZlYFoHp56Yd&8lx~wFU zr*&UF;0!NE0=a?Nx3=MKLFZ_C*!F|Xqk&9IcJ>Y1AOaPKlI~J)FuqIhqZ@3}vn`q$ zuHW2f@`yD{?PL2a2BTWPXR!mYjka8mwmZIdkG30aAs=mbd{rN9H^LGhtRsF*$0q^k zML4r2Xxc5{hJX~LrBMoYtAJlC>J0uy4BEl#2R|hTu;W(FI?giQAnK7XcSfC0|$nY>k+R?)NrQhXoJU%wSs;)dQ9`) z@g1mD4x@L;fH`3k-MEQM?g&-DJoj!^3yIHO3yc%hks#5rvd00hRo$_&Xyod32U-{A z3mJlwIL{(QtqK89Z#Nob`pv+Mr*w# z)WBpyI$^<5 zjEqJk@^LS&>uY0Si&Qts>H= zoWN_OWTbXe;DPb5i)89;&X##u11A9ky}^kE3w1L&S$*BugpOWi6*hZlqWp%Vuc1;-Nz;BdL9T6HLE4Yw7ZYY!-f3JO`4_j`{ zaFXv_*?B8&OAcMQx}=fQXiScn>~yRpTVuVj1{Z<7y$QzWtegc#_F94KMIb%d z8KFH_aJAlkkL8Ea_etFMFsKsGB$2WybOtWN&~I#YxwJBIfkR@P)T!>rWWA3Yp04po ze#4;=R~E3OKiEBDd@Vt-HpLWSH3zRj+RDUsq=6wqld>EmF7AW|c}aBS`C7#36TTuG zipAMdm$?yYY|9hCTySy;tBgl@(}wyGS&LDLH{vhGjB9KwE+)+!hNz237cK`TLy%Ui zA7^pwq9T~>Mx*j7j~B^Uf{*&BvN*Lb6i2*7rzoH}dPG*N=UmVr<>Xh-`u--+@=2HhDo(8i+F}J|C(5(~Q@#=QLsq8SGM2_C z`&%~N-KIJtv||29n4QiX&t^x)G?3hNiEbX@h8;jBz8qMYE*X*%8j zljo*F*?2YCp#mHohe@-mw?9;8VyD5h;hhZ^PL4O*11Kqn@|Z%G3u4Wg*8mj zwiJm@{TP@N!&134Q>avmi)UiLNKl#sOXbp1p#h z6rR!S!(`1Mq3e2WHCTlmnh}EWiMhX}+WkBY3=tIZB8(R(yMIgUb43=G*c%FqwGFm_ ziAcjziDe7lu*b0+7Bb*&~8Ad;7{U=SZG|5f7 zl{}Yhh4EY9bklChfw{sOGjjmHB^EW_UK7lIRApZ{jLHmZX|i7YF^1s)uCpS&nG8|Z zp8HIe;Ceh4DY+g$q5KWp42%yCY)m?u%6`ogs~U&UWesfGp}bl3UJKZWONgu)gfJfH z*oeIis@QB~u36{nf=jHSs1BdWr_Qw;kvz!}=-u~R1nwKOd zcLo%MVl?9`h7Zc{{XRwqdSr5YocL-RC~uhzH-ZMuX-m?hWJdt{-dEpeOtAv;Q# zd7jdcS^3l#h!bCeNs1*DIZWeei#oXom`@jmB@Wc7p}f(Z#l)J;1X-Fy5g+}`OGL^e@x)pt zhJA~Tc0YR;Jp=B4|7xg+WJTY_NwtDkf-Zb`%Wa=a4#vth)Owv_kDZL!; zF2Q0QUf><=@ahO_+w7`r_Qd7M$dbHVsR!3`G9d=_e$~1(d6ViiIsh)Zn%lILcq zYk&tp!sIG`iP50`rI?vcV}m*6CvCfs87i)(v_PJp9GuaVJAj$e(s_{HV=z0S&A)F> zGQnKPS7&gcS^;>UOwkKPA=DDgloqRn#i|)&(^MY{a5jOix8-j_#5Hqm4@2y02DuV& z(x?P5x41#3RoA`y^YQI_j=P%9(|f4@Ic$XOWMawD-F9x$Xc7(Si3(QFacaI}eKDbI ztl1YajX@~~0~>p$`z;sO<}ygASb*7{!vvI&7sGGuQYpovpH-%fXH!c;DG46s4pic9 zowH3cOlxJZRmIqldaq=4^v{r(p7P)ERjUfT*Nv;vzQ2oCKHS)nOL>!}x#p>@#gx}t znrp*`A+fn4X$M%di5Fc-7hI16JwM?_O|Wwx!VOw%S?J|>CJ(3&-!}Hcc~7tr#@^m^ z(bJen#Tl&sOExREa8n{hBQd`{& zcgg*62-cwoNulvJ_NUx{J7DT0NJW9$T;PpWsl#5NZ8;$&*p?kgNoR!5{f5Iq=hCA$ zr1wOC9U=eLSi)DU^Uzz5HrUxGy*Dhr?TDXwa69fykUKbAu?nyQ#@8b>er+8pvZh)t zE`Wu6rCKQ8TsR+3fz%tvPV8xVVtVRiCqBW~S|EA++AES8W;Jf1=>(;~U3Wckk`Qm9 z@6a5#a82+YFy*`Ypxy;RS?$DWn&W8zFYM<_hPZ?;V!tMI4A`n@#x`_qo8;$P)ihz@ zV=D8OZZ{fM_onBt)rEaPY%o1Okql=Ru$YOh$7d#Ulm#r&hDLnViT8!Um2VI|KK98H z99NwI>~{mfIdu&BsvP9b{c+ZGz1tL4tnz|9@5w~# zHem|PL1#+){8CMkN+=?X80^FF%j@QYXLhv%v2P2Yk@?aw+Xi?^q0@%rC;E;hQez-r zvhK%n^E?R7Ujv@*hC%FC8;@5$U@1fH!C1-uJH2kO_vdOR#OG^K24X2`J_-l^pU5qs9U47&;Z*DpwgAcpH#|G0>?~?=7vUn138pRGUcTgY6Bsw!vIZ*ZhWCBLa-3 zpvOL^89^aRGL@j$Sb;hs0||$30ZaTnHj2a;^fHI=misbf;Nt!Yd-eu4w$g=T@hw&q67yQP-o;lkZ&W0q!FYV6pNjZOj@WazkZOZ+5LQ%0#F zt&$;U5zM=NNC?g?Hss-kA4bJi4ySEE>VA8z;nvQghf8BhGybJ~_&n4i15C*-!&bwt zL2x4@=k$pi@d%x@=@U1y2|>RidQBs7apN8tOJ^F4&iKuiA40(6lw#eOjl{Y!%|8&1 zQP`Cy&en9xZc8X61;VpUCd3BFT|^Vx43e;jCfYHl1loj;qclZmBnQnZq1JTU@7qHZo~D~lV&9md9ijQ zrkP z)B=Fm^=7zBIJO^+v46dAP{okv^BY7pOx*PezbHnc{|M^g!F83s^^|1>O;=C2i7BqS zYEn*OCe(C{-b#krfd#A>o}_Q6EqkgS>IeJMLe4GC=Bou-Up7`lz-`6qS#WdVJjgH3 z0*paF#%~p+{RS_{n@7(vT@u5&K^DcICrj5yeNRwQSP?fRd_$pRXKeWE6}QpY1=a$L zHhc%9_vX$m&Mf8^3d<8K3$G&#B#TTAvIVBES1-O2T!tT z%}7oFIip)ZQqQWhnF(U2XEhr=agFG-)^*^qFCnoW5CWDO&ftQF>4#mtf$)EN1lZ91 z#S~wo%QGd!MmSigcblf1>HW{3K+!%Yt-lOP%OYse)rOn|aIK&Q6jglb0xwDPkoOM5 zT94_ZrkJD79V#33bm-Vm2^hj|#sV;y9##V6eq2Pl!{k)#q*Ap8w7qk!60f(A7!s^D z?Bbb0mO~$Us|M5pmg$)guB)NZGhkQ!VqY5U%zPog2+l2`Wed>K8qi@w!(woywYRwg z`xIK~QS>jk>e%^X&1257v&R!VNVqW@uZQ5tV5<;xXr0=kY|4mnX2(t)KB0Z+xuz?FC|g|aFkX;xa5CP~U` zeEpF#--sm4N0&K|zu%uOo0Tt8+y+cmX_GWqp4>)}4hF(0Cm!X(h=h!EW6UE}Z<#$g zfjS4#a{B^pR(6dmioWjUcf1enmbn+}PfVI^e{RQ0`-5w>!o~0)!+Js}vLyZ8zEsyl zT@(O8P$)u+*@kmnjm7+XlaOLxbQe+J(i(^5y@y}0t7c;3e$=?pDtQz)E&6lfE z+t{ZC9ZKd4)xs>OoST^`R4Q}l=I75_B#Vw4xpu>SiEz^v!YJQD!^D5B zw(NEY3p=pZCUE&{Dr`MBItv>u7=-5bLIWzo@w#OA7rnZV1gQCAb6Wyu9Y#xm@3d=? z`P=wCZ%?fXiS3y!1-nVvu0UMknoJJ}qGz(;k0$$K(wp~u{GPuS+%z3Gi~@HJqhS1g zR%l=XuoKwEj$PloJ+QStxmzgQaU(E6@+cI%upPhn4~s>wIrF(PCRHpp40 zG835zDeTDJQQKUrwqcdLir%bW+k`>RLdwHjex_O~pI^PTP_AJ8LH{5p@gl|EiVYk| zOR*n`$}`r8uBrK@B_gyknQR7nTdLyfHyp9KZ1R9nO_Xy&?Ymy4&m_z1rR)8U;?iK0 zl4ZQoc~?XZZ9Gz*_)CEzhGE`$yFp`CkXZu)ip-b2dm49JQhYs9til62kKgr zpYqE4Gwm?)n^db*TzvLf=6%j~ss1ZYq-H_Ddfgcqp+z3~HNO#u3eYG;KR_7X-fYaU zzn553ML@X+Env=YxRna#^nCI3?F;iKu@fN}AK$^gtRvZM1qNF%!2h^4nB|x)kEGp^ zmF$fS&_HX!T?g8wKeU#;A&Pv>OdzM?@8e zVOKil<7S6V$(r8BLFjqBFG7w{GdDVjv_J#e4%$p{ZpXmJF*YD<*)^KL$c&;;m)y{R zX)bJ^H8v4=+7F_B_!%`jbYAv@=-_dAuVNesqTm98A8t~Lp$`nrH#N2VINejsGl4*ZB?8OOkx$_5fa*nyFl*% zHtZefpq^(o?4TbmE~}p$HoaAx4oq(q;9=9dUm>0}FhPtPn@ED3%xgkBbzX02!(ey7 zi50#%qM40*IIO9SAwJ4;s}D_|T%}F&>}n0kzH_eSkla#2tOp4Q;p8Ekc`Afa*L}OI z4FY|jPAmd@UJ5npH|C~$v<~kuIb26jPuQiz2~gwZl&Ou3q!m*lbj|$_(F@^`#6XiO+Q}?9N4sX0MiW*i4nEIYFFecF?xq9 zDPQcDFHL|n0uIEUIz*L6Mc@bEQdOanc(s=*n#8hZ4O1}*=u|K-2m`hHToL-02V4?HfZZs*pG9HlBwL1P!!URJe4BaLD3S)qtx4gBI2XS`2IrP~d$o11No!v;xT6qcGLT zJ?wi8c(CS2!C@~0dDsanLZMB+3q$^_zky3x0=oh;b1INB2r6;akdycy52a(FS65v%HYRuri{TQ$cqeVT1GmyH zcTbO(hY;i?!6YLR?vQchM0#(wFqc0!UtP^(AM(|uQn}h;zPZV*%T?BLWd%n~nKI8Q zwB7eD%K+{S!g5r0H!HnYxV>7=ug;Vf=Za_WilQ>kBvgdSp_$zzpQ%S_Xa^mZafQd~ zg`zLhr9Bffut{CkF6EfBO?9`Wt?QVllU!hyx`gPW2?}?3ydGAHYrg9n4IWz`^J1;oSf_k4xPjN4hm73sjjNb*fUa^db$Z7CI+y= z1qn!Y{7CjW=}%yp?_Na2wb|!xf3i=9g1%-s2R%J3dU<*bJ|Y8%y`CJ^)m&?uDa|wr zdOA1sa3FW(7BcmB=SEoT5+cFYn zTUhxU5oOnimCde?#7$zcg&QhjLT#;*34dc=dg`YtJ#*HDkt9wYxnTY{rn~gD${6(X zOXtIxWIHo|B@3=DexD@V0x8Z8QL+i=UN>>|1Rln96W2|W@LPVeK#%ES&@>d2kICU4 zJ)Gn-N0JI-R!mGP%&GoWm}>`BNz6J-7nP)|4wImd$V!avtkcyCf^Nl;9kpo+g8dw* z46)~jcaSnDxH?GYZ{I&ydNvcl(tybPO-sjtr5|4O>z_oI9 zm9|8!Rx8zf^;{(vk~A3cIZ2Im%+K`mnGhViue))7t!N4*Vu3+)b))J2k&2bQ=Y$ltWYB&=WpDc18ZZaoS@ z_DP9w#ZgLx1Up{8JkBU@dA>y#XUvUsulJiRJ7CUc5j_-2n|rE;+rZ>Ng}NJrhV!A$ zcVe?e-!XVI)qKw}LYnH*j)J;6!Gds20`s5ZdVFoe_d^Ia-1QA8`W%Y4JfRqXnvrdi z2?Xd^V0=9SNL4kDt3yMTyL=Dt?)trjE*Hfr}LinI+Zz2Ye8z=+Da;PGs zft$#Cgwi{_yKOg6=WD)rWp<+Gd!g&V;IO)-M@zh#x{HuKoe8^d8e@HIdPy+#T~I)g zJfIu8Vj?V8R~PcPSI?FU`Pqv84jUJZw#9B@0qyLC#o2NpUnwmvoh|1p1s!y`FrUA@ zFpHkeoXwXFozoV#oGX;it4)*%v1@%yh+!=sd`1$1>Qf>hNgm{9OjDAdNuHAY%s!_i zKhteWbPIRl;#QW(37{`;(<)LHnqevKd!0Sn)B5B}dyI*`$M`y97cj*5Au2<0Id`H5 zrDFX6=VYwxLC3+U0{s5N<_ zxG7vJ9_|fi>-cU?aM%$W9Felleze1Za2_89VdMw+GAL35kD*-?R4IsEXo*yA<=?9r7PasbOz39EmigL;#Y^3hlN2i`ILzl9EYha#3uQ~dw`@obpi>f9cL0GX%=SH;ZfBtw4L;l zV!10Ot}@~mXWheUd)@UMP_E)*YijmE?0w4*M>jn zI>z%a^>`Fsw27Or+uvQ}6I25_4AMNdG!gb=@}M+hYILL))&qAV?y}xbnl4$`nMph- zB%clvEk*+_s2<3!M`mPuY}|*wX?G>(gbBlthD+d(2j-JoFMmDcSz0spnWnN>7nVb{5vkvoK=baQNrMCx z98a~pP>jx2#?{#O*|D1nIgkP=cq4cYXo{L*v|&eb9ybQ~@uDkU5>?UYVwW66WjL&Z zC#+Ugcg5JrK6In?$jr!9dlRCwc$_vGxL)KlF2;L2I@vtQqJ6XIKwh9vTowg~sI>w4 z3a!7hz=WZOD3RRdsvw>n7};(k>`!##Lq13}DaY3a197T(7dzx>?Q`lL|B803;F#<; z)X4bw)N#*X+sy{s7`iG#bOX?oAwiH(jp(|`Cpmtf z8qt#+e^8DGhh$V6eD%m`m3F71DNurPB`IB8v9d#;V|Zlxm9~E#GLu|NMmP)xc(jx> zQfS)`s*Ui-6|sGYXUA6zc4639I;>(n0<6PMbuS5E6=y1ktMiovp{tcRUMy7$)1bKS z`8fEaI$sf2cAG>Zv3y@AK+|{J`Yu)$$t?iM4Ho$TdiGiaA^;gs3fy(q!|tnyPMMu1 z4wVb-E$9H(BdNre6X>!c%dYBtWp$>sxLBB}mddMz+l!TIC70eKH8?v`(iqSA-&O@yr!Oyr$I-&VurCL}ll+AgCw7E!dKkcN3f$caw z7&B!%P8Gi*^ou$6Xt+_Q7-c{tU?z-3{79y?MW2HdGZK&!rR!nYk+}9xgqv=wB?%pL zpf&(BMB^COYL9J98J!4ANmW;_u2xG6Gx_T3*=lvEBFLo0{OS3^EP_XBtPh-#t|w?Y z4J_(K&-e-i^N1jK1v<7MOIo$lY*6R<5_@>GK3FP~QJ+C`d_4D%Hpjv9*WI>;#SZi4 zinC|L8ylu3+UrgrKBugS_CUz!<*fskq=z!$vRB+1Abe+~CnN{s9 zcIoZi=1HN4*h@MwvJG7p2}Vh$MtG2XlSY}@GZBa}py_ae5*ADIprZ zACYrn1dzb7j_yz?*eec+SP7w3!=U6fcFlA;!Q7g4n>eG~9NtXwGJj!`Auyr_C|^+= z(DSStO~^nG#yyxO+RhNuBtO%eCIU~zgt>0gKp4?On@>Sp7Y|Ob0EslDJJPvcFVVX!HJPZAHP=j;Q z8^Z>fvk>Q7(rc>NpjX#X607P&PN*Z!u*{G_-`;Fw$gZD><&9bK=nqQlL(E|%>LUF? zR1+w2xF!XtKafI3Z+_w$h+<;Zc}_O7CO!Ztm3G}U^xR0_V6~FH40xh)KLBv8KCJ@W za4r}ex=kAwc+nkNM z+EH?rNEu>i%WOnZD?Zt0h#lLZ3c8`Bg^ra4EaBJ6rrRRua5>ql`U7j&->IM2@GG!} zCAYOyE+Mg5Ts#97if79CYO%BkN^{`$g?TVnoG(png~ z?dX4e?X`G_fsdq_>#ftBjG6`09J7575iMsrMEa{X#HD`fj|h5JUln;;0c=6f0gHv( zR%i3o{OWA641AI4H};apD7IFt?Vi^O3Ykt z1LBAnd{UD;lGF`rjA+Kh;F)L(#@fTOXy8Rd;-+AB52SRoqDGA?wnfc{fjdtqfD*kJ z_~}49a3)!|fo$PEEW@^@iOH8=0_Onv9^YhE#dPVSu?|2WlYzMB=Sc<-letkc+;?Xe ze%k5AGDw4^S}R+*=$O_?v22OLDeGJawL3iO4z#PP?|#EsqOXjF{XDp>zLyN&y9req zV*G`GdCrz{7%tXJXHE05$)r3ag)7emsAN;d?s*+Rc~plP>o-A4>|g&o!E^svE=CadBKC@#*G#Di$}a;x16wGzZw zix@GqV`}_<0DRhB2qPc>6pRHxVqm7n$Q+O!g#`8T|@{@A|UH6 zMx`Rb))JSn$d{|dx%^DER6f6Yu2Lwc zIJI4ea9n1aM z(m|N|wU}=A{DvdERW}+BZg+X>HyqPNpa-|-43C?3OZ?M`;r6;QRJX|FTSjyHT)eS$ zH5v;jS-_J2itYR&;=Sy|Lfb>N_EWhySDY{OVGI|r$oLHh|Le%pYT+GVR(mL!#|^w< zBEZ172saM&k?H*RSzqRwG4gD{5PNbH*# zdR#u~t7Bi+P{u{3-$xmmjVa)B#;Yi4;mB0&dX?4bK`*A%l_bQF{wDUQXm|J!+w(HZ zI2GtCod?0T+i0*O>Y5$mxT!F*8x0u98e(y=Qq9lL7s}jNc1Lk(wR(Q3VA@}lEz?Tx z<(HPoTx2p?^J>5!ONJEr7--#9bF`~Q3&Fd-we8$xb?ICJ)alkgC75(7-je~+?+4%t z;dIg`S1d~Sq3ITTJS48@mjwsts9*ezAQdvN3@FE&b_)qJ{9j3ABmK`Ls=2b%v|Hv{ zZ0PKakMr2d+_YPoJzAdj1-qqL7rGv*1hq~z>%<^b!J@Jhho)H}iA|tsx9BKj>qHMD z0J{^#Md5+~))31DO*=ZF{0-a;j14pF$dD9-mcmIio6w7Z=Q}XtI%=**8vo6jK?lsc z9t8H9zXdVFBz#BPFZvEFI*ERh$}{z_;5s+M-CQ4DIc%K7+hfB<-Lg4MaQTQ;`6Kf8 zI2gjZ8;*?d5%}PAlbVSxB?CB!$foFU!w#U6LG077DVnfDe0w5}9b5$K0c-*5PS=^% za!Uqq9qv@3!1dN~Q4j=3t5XobR>Q8rD%^>3*6@|0wB|2X`4p~h`2Hrq70NkmA`XP+ zeO$BSLn`SKkicxVqH4AW)*!Ikk>9i}+9vAyHkj9Xf~TDmLe?2ti@uImeK%4_yGOqm(U1WIT}9}GgzkaStGl>#Y23+D;MYl6b;CSu zLT2@9v1YSwNL((HiZ@(AMc7u7$BWd%mXHXc+dVA$*&-HVETp8D#(P8B+HjMqU(pf% z4PkWFE)b7WA|!f74eU?y>J!*Q0IRo|f(XuRFqHQj(QE`pFaCN)F9)#cZ()rpF*bS4 zu5Gqk`0SwvTf`S>-AGwyN`Ds`)mmV@RgYVv-+0$Vq!2}J&UPC_IM)2uF27l-b5pZS2vxU>W@GCD3fFA01wOU%8 zIa`>yxnqGYSe_}D&MgUTWjz@2SjDeL^RBm<_naBbVbo+4uMswdx5sYv={*Ulj{FGs zF2#%Pw=2qwgY^gw*k#PT`yQz*F#8^&wn97m2C57~S+*n;O_eF}tyUQy2>O;Rf%0Lp zWQbb|ze*u8@ecH)pm@9qig-#H7aYk7O6bPKg@n<`w|He36+aFeJIfQlAVRF!hoe-40=42iDqzOnN(l6V|x|$hX2EbbT)Y zh`BL=6h?Ls@wgu|0J#nQj;XlksR=CMQ?;2Dj~|xd-EB93&a6u_WSGY$Yj^!tXeWKo)^FF3`Rd25+AYV9V9Y(qpPO3Jd2T@4JJ%{T z9C{7XW5$!3tI)bkg3^fbn_#3(;x?fP`O0jdF@J7uOZO9NAa7Fc-Ek}2*>V5(`m z-q4dj>W@J1@eMnRO*vU^v^)zNO*9W!{n>XP6B82?r>?#l|2r`;q5gYv>eSTGf z9wJDlL3YayvVJSdzPKLv>!L!R(sq?;B0B9B`DGX^`Vj=vAbr!^YPnRZ#(o9(CVLGs zlQ6Ms-~^)BR>4&geC@|#P^qpfzw(=4^qHnkTU{iS;H5u3j zp03)4y9FJkQNv#kjjiI@%?WMf6H`t&JjIC8VVavs!^J}~w-bgY;bm@3F+`dY-m@Mn z?Dv>qJ;er=(`HM2sn3!4R+yQv-D>$kB)z83QU=vUnv4Nx#V^9;Sp{;L)tDXVgC>k@ znT^6nTjV~be!B1f6&x~@2{#VZN3Z>V^3*AH|DTw;=E?p4Qv3{GkzI4W?3x{Jq*5e8 z3@1Y!9otJWD_Vp$^V~#g7%bR3pz1cE-zG&qaZFCg-C)2EPo0{WNHNdt9n`ecj*1=$ z-U)N*$<%_qQ>GBpqobx)*~tkoHkKL&x7jXsQvtK5aq=m2eg~>Vz&f_K5k;-l8Y$$DexJ@}Cr@6RnaE6JCa15Pxb9?@B(BNY zEjPP0nI#ua*$rqnqK&(VdF$lFgauZvPhr;~>`Z_#bG>zpoM;*0SdNd61B@tZH95hk zm16e5^d2Q`2iH?b@5Q9)fR&XL5NcN8UgIkt+)0MK*>NKB!p{UCjG-~Xp3Cnv8__y5VM z$tU;!OY!sLON(cok$O&QXlUpe#j~^Jp`oYTJ~VXM_22olp`oG6zWnX`hlYl}V?Do+ z9~yesE57R+_T@uEL!frHyf8HMk}HRX?)h&+Lth^n8oK9ihKAY`LqmUe*U-@PeM3Xv z-+KLT-g3jx(9qM?ZayqI(;j+b z{de9`dt~U5`yTn+eGfjZe(xVXrGC%C<-h!t@f+X$g{v-q+l`k$`?B|3wtVkTK5*ra zKI3VdpFRK7Z+*wtYV|*;Jn*dTQ$P5(fBj!R^V>iCk*|IA&wpp@f!d${(D(g8<|lGP z-}eVEue{^J^!wg^?ETqyzQg{PKfCzCkA38$UxE)@yzBYz{QimNhrj(-rOwmd_tSrP z>_^`C?e{$I_NU(Pv~NB8p*MZcD~4Y27vK8dwO73S<+uLO`@a0LfBut)9xlzkd*-s6 zXSeRyd+SCz{mJNJ{e^DsqwjpvJ#V__slW37`<35#;BycB>qE89^FMRXCm;CF4}9Ue z@4f5KzWn9)|KK}b{<+uwbt8P;{lEOumCn!o?K5BbhF`wtn3cWh%x_%xdk@xs>g&H# z-})b~eM9QGXPR?w`|5YT^Q+JH-yPgFb^nKda`U;~Q{Vrg;yXV453l@S^CLID%TIq5 z6r5n`foHz*i=X(@)%*VHjbB=CeP{hG(G@AieQFM#yQ%s1Pu=?Y?|J>tco%*& zy!MSRyy5l}&6nkF{66UQg&za75#EB|M#68!P%Up#cxgWpKM^FQDFfqUNbP;GPQ zO%JR*@Zg&-eC4mNz3Y>I{=HlO=D#90@qO-z)a};kNB--|+yCTMdoP&#zaRb0dx!76 z{1f%J{blI~FZ=RSz3sQWe)^YQ|4;wvV_&=RUAO)HduD&`^-p=t*;l_f`(N*PRr*gq z^B32B;B(&@4TZllKL4rp4}9!TQ#af@^_O4%*}J}R<*}8i3!?y>Kx4nJ`0(@Z`>_xH z!uQ_t$}9i)&dlP?XJ7s_|HEIp=7AsoME!05y8F(*fBmOF`X>u7|MoL4ZZuAO^B=DH z$RqFlz31QeW1slh7cLck?t{PhxnKJAfBE;-_##Kl39$`JsD9 z?tR^7|NWNfH{SUdx30W5_|yM!^;aL5O+WYY6R-U4JMOsiHE(`%_QRvk-a2*vH{VwO z;PY>Lb@<}V`@QzV-&OwjGe7pG5By$m?5hvVI{)w3T|e&3ufKKu-XHwPgI}Ba{D1lX zzwh+$b1wh2?QdAy?+<=u={H~W)q7^0HPq^ZzxdA|f8QOy`d2^s!16tX(c2fEHvGW- zFaP%Me>VHP<3D}thoApbKQ{l}m!EiL(fg;L`MuZv#ksGt z?fU=zlAAvL19v*FLcnIHzy4jn{<6P(#$8{zeDP_)yFQ%$-ReEByVrjS{Ki{en!D;> zA6jyriJE=KvmSod@~eLPd2hJuhvr`K)Ym;Y_m3a><4=6M`Gxn4zxU6+{&So6|Hx~8 zKmGIf9Q*j^rytq->ed$@tbgmhcRl?V7EZtJmeim9{g+p#zVxblPk-gr?|ORL`oq#? zH@`XmhELx%f5(H1^B?`z)4p*3#+#Pz{f7sB>C1onsfXV4tq=X~l>hO@YtFv3{J=Ba z8%I{}eEq5R+urx!JHPj`GynIuU-ZAe^{e0h=0_j-qhEbEeYyAHZ*G3i_dnxVUw_Ys zp8r!n_KnhmU%%|w$A9WIKmFtgfir@qkmy@$R$QQ!Hy+h2UwoqMyNu21~e`{tT|{*Jfa`1db=$9tZ)TG_q`|Lv83 zH}|7I^yZKK?6u9m{?_v9r~cQq&nP_S$DZ<;G}*8Si}7&Uf#8@C~1=|LWZzf6LoG`FCIcfBv_B_K*MMm4Exkcb9(m?WbM}uY37F zeYAMu1J8KbKc!Bcy7dhwVd}SDd+fJ<;CDvqkK8x)^k4t?2QJ?AmFKNKG8F#)$1)F} zyX&FPzUXI{R^IiCfApf~@7-vX-*nHhj}JZT-!gA_?H_*e&)@ZhSAPDAcYXNRzw3=J z{G+ek`T51|_doSZKRop#pLo~E+uYxL$qjG)wcq-+&BFb6K6U!9KJ^pf+uvTPPHbk%>R&=eXG%JdT*g!?}d!{6WqT;T* z@9+P7o9BI3X6D{=&pG$pbI(2Z+;h7fiOKOCG%5zVvPHk&a?9BBpXSjMJ0>^S)oU5F zFFpO}Ui8)pFA_>u=fzb=TfN^KylT{*G?76`_`9?v!!vY0h?2MOJ8pblWO%2fq(ZY` zKGX8ykXe}l*JI~a&8|-EQm!}s`r9|B^I!8abPcan^-6c3SDMHTLYGBph4;SNBXTtR znr%(Hn%GgdH+-Neq8DUjY}m1F#EQqqE>Cg$Eq{ATzyo;WPU{ipvC#sTE>pH2a``-P zR%rIn1+!V@MAjMnZ=vRY4nEjf0%h-8FZbj*RZJSwr&2qT&18 zMm&qNx7*$&L$~*Z2PXwx;5o{7<1-^0LawsL#{79eo?XHfxx;_6T-OP1yH+h2V zv#RG3qk@fjg*sj1>{2T3-zcrjzL`8C&xiX--zBAQz#MO{hHKRf`IW)P)!0OL;Cd==w@_DzX{|dXl34-hA47$?SU!Pi;B3YK)<&&YQO>KCJ{i3`6 zF=+#HI~*~S``ZOP9TaDmUUav9#omtR2P&pmJ{0Hmm=$`czdYww&-gE)`3?SQwC!S? zfv&yM9V%0|k0eexn)IaYsA);+-`r->H^UAFRn$K8ZJHV?hH z%FXOz&M8L32#+nb6S;=_Zr*)b<6T#Idok_tI~*Vb2e@Thu|>hkRT?jM9x@tdxLf14 zb}m}+`qivC^*8OdJ0JG2OIi>k-Ew(zWck#N=hMsz+f7M*ReR@d*Uy`Ojh?+FZ4cJj zv2vWI%aHWiv||;%rDMRequ@PKtFFZls>|~CTp9i>N}D#FedmGa;LR>o8mE`%WuJ`S zmLWJeF}73emCmwvvj*rUB-(3)}0XWizDkH=_la(sAc)=Eug{ITPTQC8 zx=kFChGXJ;&1ci*M~Ut)ZPSl-7wo%r|I?WgwktDd_7RU;>*exmC%Arv#qQP>gZd(x zwae{>1`qsn>PAEH)(OrQesoQf;AO7q@n~IX@aB??C$lC$y1!C$gjd~uZs%_DcjBc{ zF&n%m9ToPu3Z5;~TCvpN_@sF+!z(Mg_NhNu6Ud)GEO?pgmO}K3e%}hMmxk4B58dj5 zhPf*{wLkXp;I5;Z1K+O>+n6hio>KTa2F%Jd*3)o4GdNDG?96rdF1;o{=av~HFmP23 zBsbV)&ReBn@OzlAlwp{+raY+ZnEdqBF2d3+HrfL&{qE^LW)<5!GxuzG@7br{o76nM zaXn_x@ZYQpPT0`>w#FKnYxa59d*>tUyl$5Kyy$NO4 zU2?BcaBIhxKkmNdfKHuz1XNX~yS7XGnG)m|G!oA5%LzF5IPnqV^cc;mesJI3 z!D~)W8lAObG3}1s!jUfe$7@P2zbU-?{8+%XkNy_-R?RrK{MEVi-kA@b(9qgB*P{>H zMgOTiCwm%SFMn<=JF(-$1DDd>r;b|9S}ZRw+n0F4Vo~YV-wQi$a^2?_9c6?#Z{E47 z%O|~bvuhr;)|so^HD~QNQjN zM!mnBH+KB?m@T1;1bfYY&zUC58ZxZ^rcRp%f*raBtl9DTbfClIN%Jn2T+h5M_K(_r%KK2~-Yz^z7_?zWjOM4ryXzC)@y96=iwf>u zEQvgG!hpVdjUe42%(K4tqT^XZ4a_s$wY;7OM0a{$cipmK?N+W|!6tq{$to2b#KQ2jgD-Q~*i22~H8uZ8ie>H+gRCc(>&I}LjLV5VU1x{vJ9 z(F1Ll+_*B}Y31#W^W8$yuVyd1@ugGUDy?^8Hhnm9=6!+D6$nEpZkeL<}5b6?KMaJRx4W!LYNUGGsp zW~pl*nlGI_-%rxLC`j}AbKlzTiZ4YbYgX*5uH0X@k$)|={jupQ{bw{R%igR#dRoD? z>+|YH$AZX9uZw%G}y5%-UI0|$&)48CmbsE zI_q7Sah1gm+2yM*ugdNkq+R)L@w2(>*0EO?1pB-0AT z^P@C&70g)u$Eda87uGJJ&z zE9qP&x>R~d&Xinnx&F2yZO-I(z7~dV+;A8ok7|n5b2{2uN_WRq&wW_wZ*z-hxAI(ONyoYUIt;3=(<#k5IITm& zuE5m$!-Ac?Hri#r@U@t!voJdUlTQlztf(yTWkzJu6N>Xn`fGmrjJq;+WEeD|Yx3j#C`dVP!kUYVD**|Ial=4a?7@ z#u~Zp-j-{eu_-xzwr{zojdu=ulDXfYLqq$u=Q{N_*|%%Qd!0PyJeTD1>f|L2PTAQm zZ#?r7ckrvTy*B2|>gX%z^gbeG<>(&SK?ysL?p$U2dGo@+niPvno69AUisY##ZZ4WG z8&>=2NvD+$&p8s9b>R6drfBVAvw$kaAD=_FjFs+QeL2yKTQ{P|3auo|WS^Ob4t5D2 zlpdL9o_3Pm-{kF>e%V0@!U0vRy>D*h>g?&{D;QpLC?3tw7e+3(9H_&9IoEeScGsFh z3lISEIlQ{zuQy%VH?#`8+Wt_{pg~$pH)l{_v~_hD8AIh?sy((MUR5(4Q!WN? zRU}8w=~xqxv|8Kv7kZB1ox)lA2kPV&)%G$usv zKh*c2;x}6T*=q09(q8GQ=ievf?bhrhlGnZQVLmVGpY4^PcL0s}B2YxP8{Iqo($u6! zQ&yCuIpquscD^3M*4xRIXCd>t9au5ozyX$7pu`g`D)OFYF!+Yan)^5qpzV{#%x-c&zviELd9R{pl=$xmiIU=B2 zz@Timgyh)`uX|S)PA=aO3(dTLzb?5aY(n$B)~nCVsh5n-_8aHFrAP0YYr#G*qcS3U z-+_ClXhctbVHEev-Ofp2N!dH|CElqsd!?ri^Nl~6H*8^jO0HgA8ng4-iu}t*#P*K$Kb3uYG>5xqG&I!W@sh#H!3k((+%&`6xDB zbQbZdtR2H{dMG|j-Q+#a$Ya@uTZy-M6JQ$6H!(souxpjx)7SpR&jvASpS{|`U-02^ z-ji`YWfmFbx_ehxw$ovpKNx?adi|4uE=OLz^LIL86SkS&GylF#o`F_i^l)kMgNuC* zovHR3VyVM8f9Oo@DO*;6rh#i3&;5+Vi~oE0jE!rIic@@bpX_iA`X$>v;cBn+ArI%W zq~TjuAkvDY`_=Pa6$LJL{cS6^%(f6nxAR!0BY0Xg@cd{U#`!&7Z2t`&qf!iS+%HsU zDb7@T@qhPwk)hb-HmQO)uvhjZ0$Sz{S21i=)h|R!zAnBG zYT`ZD#$Qfw^~y`EGM`}4FlT!lXx{RuX?Y>%J7Y!CPwOZSW^JrE>a_x+_nj^-vRl3|HP+}3G*IWD&XEJ7K9%nA&OYoS*n3=Z@$|w@z7ZDj zPfZk+0Ta$MbQtFk7{=bxxIIW)682`?b1#PnX(?FTg0hY)7w!(86wJIUoo4Q$>0-XS z;X=H1dPB#|yr_ZhNWbdJPFdZzIq{?t-CMdx4rnf!kE1;-*m-Eg2}u8!O6K-=i=TxL zJU?1d-F|`{ZEWz|OFPe0PaV=rhjBi2i1W<$m%7dtFUc+u`Qy0XJGg98?9F+sv1!{E zeaMLH)zMMY#r%9tMBYl%+fSy9zHzKq!dbIOn*qAjLoY@9G6jcX@LE&z5?3CGXvd)! zl)T(M{cHhOVbUXIR90+nu6;=#1>P~e(ubry(HMM7Vf#L6#M-^P&PqIn9GtgrjG`{G zL$CDMwfPiAn|kI(PMe=8+;VZhO=ea`WUt+N1qOg?-i3`vZ;@m@aospd(dT~r{qW-C z%XonSLaT)zQx1qW;;F5{{V-_f3zrT9oRxWQ@yD{JX8IanXQsLRtb#H&{V=s%a6(zqrb)fksjug0V?{h$_rpt5dF-PpeR?*)j&dFLHu}g2%T}H<@ z1;09pXugSdg}s7jEOptK@v6|~%lIXuUEWCdYq;wio0E1F?vljEMQGKcPQJl2VvO7# zZ#5pVJ6qgA_F;O>xXjD+*~5aJ`($Z}HTR98g*2?OT%%iRR#mM(D>U)=Mz^?crs-l{z${{{KAIgZNbTsi zYyHqknWqw`euM`5^_rDDZT|XbL25svaZ9t};ztBKTR&U7h`&lV;$FvDk+o0bjNyqR zPaS`;_Lz>}Xm*cett5W@`Z%3qGX2b72CQ3dX3z*I#)NWRD-CCF&-#zbLTF0KMkScR>k4>k#QZhyxloq09Oo+yAupzR~uAN$nzmr4Lm*wrh2 z2v!_5>X%3RxeH2?ep}(it26Orr}&mKgY(d`f!UK1e(9AyBy#26al5*`uw60H>W0^ZSABNCN9~>&ZZCS*EK9PP zd-C^-9A?-8`qr#E#enyN7k2c0cw}sk>`4h8z0!wlEH*H{F+uV0*H1U*`d9UFoZynz zdDL&gnk$yz_$=2-;wSP}^^|CzK7Gkm)5RR&%Obnl_By9?+m)# zaZuMC_M45~+?}!G(%|9&3-A3gO+UV5o0ADHls7A%Zp&LdZf%*dJSL(_-*LW0SDgvT z_V0sNWVPd5n>=I;uC(T|atF=d`!d9>{C&LV)J`Qv*DqCd2tKT_HmoMQBx-cnD*9HF zVCSJ-`g|PpiFN9@a}h1gm^}9k{4jM%nTCG( z>&(0<!`%N*9l>PW-uZ``TR z$0xkUC^K?E*yLT$2SitRD3Eol`#AJpsFlRO6&()Soz{*o(W9p1 z>z?kn=a==V{3u{>_~W0C$*AwO-bCPps4S+}}X@zYedo&9_%F>}LOVY)TpTUNYWW|aJ*A%AWa%W>$!JN*`p zim4e^Gk|y4#IqZ2d{js4wez30v2U1QhTG19YA?P|*4ksW?KrWw#u=sTdHY) zjPu90E}7g-Be$FHgIzrd5d2Zk2#A0~duAVecMeeXk7w;BDEx)lqD~Vrrr#erb zw|HD{!A7I~W2>*_e~d_Ue*S*Ms*9R|d7s7^oxQZ@%HX(?G$*^Kdh;z89jr`?HP#Ls zBTNr}a%q@uezn)5?Hfvt)!h$v(Mk%Z=OcZGzg=|qy-zAGTwX!aHU0PO>cCN6}MDeoA z@vb2qr_tp*k@TxOAI?sNahQD>ZzC!@YrD5&WVUQ76=OlqT{(7rF9a?w>5rRp z_?jZ2++AyXtWm9LxL6odx2Gs)`ElPDK8)n~cd}!p{&BV=(jIybT4m^lBXD-yRwV7A zPxorG!Fg$3ia{F8)f2C67`yClmG>?SD;wUP{xfHm_Q>`jAU}B!HbRQ!(ISlnF(*=U zf0?yyVnRo(>dG;H)5uY#?BMmIM!!qr)eZMVXuj8`O*|~lE=!&lYt$p%BJR-<9F1Q~ z6q$?0+1wZG_blIVl3QknTi-T140!nMl%ogcn{^mHF#XbrjBpH=fy&|j_u4{T9W3}ndW;mx<#__7h+? z74L6X-6i00Ry;GlqL_ z`Gmdfp6#EollhEY4G%GBcPcvQSWp%GI0Ii3{vK=O25-6Q?`D_ND}0D__XL*}InmBR z?z;{jbO@VV_<}huvfNz3`E5yL`?EZ1;kGyRLXPd)b}WmMmEC;f?YVU$u1&2TL(9yZ zw|<_>yE!_8;tYv}>8)|@@Tm9fdAizb=QwJ;47}m9sXxAyT@jhRb3x7kTQliy-I5O< zt{yn?tMSmKmiRE6)%);(d1+c}Va?JFHqV!r?6=$>5Fchy>RfasO4nf5w4+1AatW)) z%ipi6WHDw|<5BL(&OGz^kIaB#cG#6`bCcfouC>ZsrG;s&o$;{nL)x4dM@}nrSLEE|9cEnX&@0_Rv-bq@$-~MQR z`0K6tIr(=o>XWJ}pN_cHzJ9=|mk~PBwWr`#BN{t zY8}tUV$A66Rz9ol=)mT?A0IQTj|`qT=t4v3^|zyL%lGa&Q|+IcU=qA+^yzUv&%zX6 z^wW=aecaXjJ%7?s|Lo%z7d|u5TQy~6OuIfewibsK=js#>q8v%D88i0=wCj9(ckzVN zWA4mkEiB#av|-$&pxXf!qjY^ecP5UwHu>Y~liXo%FAk=!j@L>$m)ZH#y|u zVSO2IOP1BgXuO-#&Rp+3!x^1e(OaiMbfMFX8I_lep6u5iGvz(je)A#yPXiVN<{U1l z4oXdUW*_hcC3~PLlIxgJzxM3GUC8c;6 z$@(ZA+e7i&Z*%6pDwREoFRB~IH}}Zv5us@xsGYJS;C|uZ-Ge%LvI~rtMe%|*-i)s4 zwrcvh9-RFqL*NZz>+j@h7TnHwYg?%J!#nrW{p!IlB8*HgLIq}MLmu<_;T^GyLt=Fp@g)Oq*9QiKFei3Td)n4y>yUW4Ljyo*~ z+^#$O3tj4->|!7k1R>6^g|fGLa$8x?S?qU@UOkcrf0>wkx_6C6p|JNphcH}t3U_@3 zs)MwwZybGnKllqcB<9xC>h*oS?&-)B~`FU>mt_{*(JW9(m)<))k+ z#BzFN(1pRi8M?7Y!lkSI83}8Hor7LMM+08J%zIA%E$C%U;Qnc2ZEkqY98^EksqdhM z{11zxdR2)k58KxpjQpHt`FQ{06;a*Jp3tMO#zoiVhF^8Gk>HEwrh!{OnMnIpSHypK zKgdT<_uzXwLz=eBUQhAJvn#QA7W4W(ua>;BY=~*UV*5s3S+|7qlUH?coca5_31xBB zpZfu4ACy^_$E`~)<1%+DeoK1x>(kD@=!a8tw{IAGeI+t=2@L?I;*t6>#%OkJH9i7ma^s^P8@65mV=ED#(+uk9| zOjnj%7HwVs;&6GgZt0u6MRj|ZMFsII7|))M9KN<_r)j-Lx=$)7lGp8@e*J>Yk`*H+ z^2&N9oSzb!?l5%Rq@%X?7$1zw*}Lsdtk_B`ey}@cjNA2~ZgsyM&OgC^{fYB2Te#ug zv%VD?lX_Mp0C|1i+Y}Tu6nkHsJb+uKm%#AI>#-gfw7vRhQjsurtZ||1t?RdrV)Ocy z^?zEKGom&s;mfldo=dX+oU_iTc1(Fmo}~Md)mmllC1cH}J-zO~o8Hqw(}k}kudS=< zHdiye=jr`WPZ=4zuC$pkt z-afgdzoe}$>}@x3Lv=;b#>-VXc_+_&sgjoucN#nTs`oLwTDu(AQFe?h{c7F4BJJ+y4@~@!r+0o&JbEQT@M(m!eOzYUChgGJ@ddeVmA54Zb(e2% zo>^O@y>U;{Z)=TH;x9WT@~3iZbMyN2j7h#}u|049;D%lLot7`$8EfRJo7_;cBsQvl zxOUu|bsc8q%53hJKCiJ~@cfV7F=)7-^Y~C>*>90gw03TI)pbj!BD>mkDMmWci|a>f zFFG;yjQ&a|3y-`WyH^)}PSMF5tM&5tj0v}{TWc+-j$Y4uTo&hD9i*6(JO37D`&qBk z>h%^o2K~COciv1LhK}H@{_V}C%ikE*#ORy6wd)mWO20fo(Yb8*qgU+1>Vtkb^E zTU9Yqq$AOuUjC{0{$a_=uJU)*QANW$_Ypsw7`kyx+%{&$ZLf`c=jg=MBS-T~a+9a0 zec=>e|H7|2xzw_!4kLl{{OR))Xylj$M-|<;2(B?_3_XGh$BJIK{BcC0gvtmm4-1AJ(XFTG{pVoLKE$cBSIC zR|+Ffj$ z)5sswua8=iZTw~S=>4C(XWu;tpYOixL&soaEn}@oSC6dH*nD~3^VloF&%Cu=vanny z2F;h=T|U##H6(*)T5ns^zd!b>{>>e&(ORR+r9F2Ct=;i#Z_?cvGsMTuCp@mS_}E|a zV!AM9)w~Mlob4O#rZ~qxG#iyaYu>DwawuQ?)5$&#}2Vo`P7uSIiem}_RqT_C>f(OnCl zn=f{ycmu%0h#8f5x^epkk!Bt2eiVydb78GdpM&cH zQ@fi4FSA^lzgF&c-tF>c=xmwhq+d`)cR!l>XK>HL zCx2wh=Q2t@KHU(<>y}%8R?n^;eZR{6!20XLgHzUDGcREzO9U3PH;T`Sg1Z$|Y`7Pl zr`cCmt5fXm8)Lrozu#e7;QhR0+aUTogD$cfP{u9z!sXFWBt_{hyy;>BX^iLquivkU&Xq2pwjrc0_OlO?}=#qV>J;1kmS z`H?kqu+Nc0tDgDocag8TMh;P0(;PW>0S0^28=#<=uLLcpd#bi@F5$F=dCEd zj&$uaS&^^5a_Q)?I*bJ8Ejh(jgRZBND&t)(Yq{H)_+{+iAxp-{W<2 za+tYJE9u;jKTCrwPuJRn+Z5f&yZGl7Y0}7=zBMs+duRTddftA-oR5`K|ph z!qt2Q>&3YWVHU&E<#Xa)@O0!^{nf5Vx{M2|{M_aAzJ83i@df(7F0C4fw?FGo??rc* z%=6Drmg+DZR+MLM(b^+>uV3@#2moxii_H#-5-Y31z&4eVLElR~3z zJzA}$(5zVSMYJXD<%uHg9tnZlVvQ0tUqrdQ@vYu+CQ$(%?`ZqWxqSV#$G6b30;}0m zk~{TudD-vjHO04+EJxc`+jimkn1QZ+yyuOL4NBmYX=lrK zZAmV2Jm8?|GGqbgW8~{{<9Rt}%io!VSkZQd{Ze~n_7_K^$4|UVqV6)L4O!4D-N9Vs zd{nsMzV3kIw=R`V7ROB=@$t_7!&A#=Dp*=yysh44`-Fv#9g)DezGRP6&k%O+8Gub$ zkC{+SpYo7{Irbr4N9z=K{k*yt%P^~8@$$Rq_|$&*SV)NftdG^%_1LCyXyx77u5;c< zxg(`E>9ixm_fD_B-eqITj1Nx+%+=dJg1&mGR+7`|%BRm$B+CZrocJa4`aG{#zo*#! z?b2Y2!mO@7^Me9+-+ej#-CIeVooV-F_6DhRw|!BLW*IkX%^sQt_bYmqrxo0O!<{)} zyn`)jfWkGq>w9+$vq{<4@9C}So#>aRXu3Fj-j$P^w!QLMRiBHSwQh9@>yee7)s5!w zaqsXftC}sRyF7V&?8Cb!hrn?Kcb1;BFbQ6E4y$DJt~hE`z}ple?VOeWO7~ho!RwV; zb=tYukuIMEE=Nc1eYCmnjOazTyqBHZoEmFHXNSD1t3Avw9UQst&gZ=Gc^w6{lV@!W zwa&V;mr*q^sN_|a{`I=Z%u4OfIqRrWZMh+ijY|Py-!C z_d7-_Cfg<1^k7_$+j-NE`KX)qL+Q!|d3`jn*b>Fu7ZaJWH{W!B*f+gnQToGByPDL~ z+O{#$YuRTDKF!Q5K6~rdK~Bo_>)!dj=e#whXFF)RILsgU`a%AA{Y-yh#p>b!n|lN1 zA{O^fzq0FmujgEw^pah6f=y>*uFQ4Qyt_*$V{{fTy0g>fS5}jmqvJd_E}HW(boCcA zrw^Rdx9;!JzEytW*sN!(SNVt@8YHc`R#Z31;ed;#i^K1}McI~{uiWXyu(6uG@xj$u z6FXh4yvqGm`^o~lLHjfY7MK+$FJJF7`>fdjOgM0E=emSHEX+9@MA`Rma>n^N{P%Nk zNKNpo(p;(`tF2>b?a0?(veb3XvvEGi$XdYRb%ri*;IvNOc$2p)&h6_rK4y=zwntv# zL~vY>$Y1E@&z`Naggbm(G?Y%Ko1g5Jjzb%|PAh5Y(xvCxdFA!!-o5+!V45$TPN(;D z)pT)ia3BKimM&fDYO2HN-o1N5#~raoKfQAO7Y)a0RY1?eH&f|(gvVXB<|LPJAC z!`X3)!@dc@^Z(a}S^oR|@UPkVui0`4Bd)_@Mf{C~FU@}6Isav0ZrVKmi=~Z~#ee6& z{*9li!#PCi{xDF&g8(W?FGgdk@_cjDPxrFKY6-xov)>$mKJjn<=ma$KWG;+II89F_ zlWhW_Py`E@h@b!l@#H8hivUmv#1IL_02B~_$xuWh6yYz)OjLXz0+FjSU*iubfG8wt z&{X-(VT?#{1xolFz!;H25)2aoC@A3r%n&FXurN2q5tKzpAr9USED_QGKm>9j5eH}; zQ5paUQA94~0CX=Uwo2a8X*9#e)3JcF7!*QH8BQ^l_@d5d>IT53obtvX)hT=jgck~- z04%0bXHhufMX1DPfD$N44HrQ~5GbJm02YEMf-pH(DHcJnfCDJ6`Bc)<9BaG{wK_!N z6?H;j2`p39QMRluID7(O78jPtP%wf8BWzG4g(VQjf@Nl|ygyByTHfbzsgE=lz)(k>UeyY zed=hmWE=s+LoO0|K|B1wh|EB*PKr|RH6_L|T#8^207|9Q%;5?~Kqz3N-U@^QOeJJ` zD{7V^vTdM#2E_n?QrSmU^}emKNv4D#m<;nb4Qw_J!eJ>3ZgoI9DX$ZeA>>@!G$#mg zJDFPgRgy2tJ4mQJyUp-aaZ3ps7hiG=wJNFPFm9zgTb(z_iwDR`00yC9WTuL*br@M% z**aeO@ALrPt9Vb+n+c&Eb$vujvM{m<7LH$&QP((xNdj8aPgG@sxJDu&iCo+oc1^Su zMH(=TY_}2fCfp`2CmuTVE7Y`^QHWGcDCzbhIc`rmd(g>e;_4#=l~IpP3I96BL~7-n zJ(}>YCBHmSBn;+5fR_xE!92j(gS@vvB7lW*6e2IFAQ z8#%#KmT!d-By|Kk$aa8W^|=%;82mjJ;gAIgO2JY$zsT?ZFvswfp<0_>G6cmfitpM9 zQrw8bWRQdhu`qZ}Q@OG-odkb-!KbP&1HurITnqs?khZPCJR0jxC+m8V2((ahN)EI_ zA-zqMwNS+ZSOhW2JYs*3KuR-zn>=N2P@1^~eQL^-(3j1yBi=~_nCfpKf(Y>vN)}MB zK?TOdEa=~37|l=}pC1zui2!54Er(pQ&i-cejkDH7FKT`UC}rPdI-KZ5&Gi5|tu&6F zZ}qYr!Kb#85&}AaGSIDseN1FE{f6N?(F?#U0;&w2t)h<}^2@rmn9`w#RgPV!~-joboHK>3=p=G{Z@R@&+j7 z4PZZ_eo4hoHO=D6d7-UXgH2_eDdc^lvngbh6T$=nBH?&x$(Ck_ldY>&}IfG*HGhmJX~J_&JJJYgO{oU$toaK1?K->Vh0a}2!?>7pTiIrs1J~(wi&@hQgCMpHGICyA0iDoETKlwKgSwF090UJ z7Jp6E5LMf#VnD?=yoBR@yZ|qYZ>tun%s--1lvZ)uiAEtI=~r&ccxg(WCsFl#1d zFG>7CElHt2-p4CwyuH1nmsgOBqhFA-!`J9+QSg6B>kq3yH6pwm?L8f*snPP)u5GpS z|B~#VpynvjzNg-(V*iv{Q<6?IBy4gnh<#dgf;%@0b-Z}LHW)6{;hfZ8!-f=R4sMizEmC3*M0kHP@1&; zO_J4nxn=*@DQ|548nrFGQ);xDn@)niL+w|+H(%e1Qz!Fl9;%;66*(O2MIeT?p(mXM zfLy|d1jJ?W2ntB#A`t_SV-QAMz@dyT@KS@yQUw&q5Tblj@`-{xRr3@R99jWHxHp>! z``=>&3X#{KU@TnbAWVj_cv5*YCYYO=ioYY$)CFPyPbvo}NNw(6XR5Bfhd1C!*8L~w z5<}vaJL^`arfzT>X(IvrW%As}>OY@C5iEvV?KiXU5QcXaQMt{u;9ca3*ZBG9x7s~s zlfKtERHytH8B|yN5G73_jwmhL(x=^6y`@V#Tn3>MP^79&U<#NtR$&0*2;v_E1$iO} z*DYcUn=KmF=1oXPWgDt_fO2<#e@grs^{Oq9<__|vq!OB<6}1w`B$2FVEBD@R2PKm>td5V2WK?9xaPR0cp|sVw5_MpjF{d3(0a zlK2kWTBR08?T5)#ZvOuW5l)Q(1OE&q)a6w_Mv0W#lx`~(9%Li`3M zg*R2_pX-Z8d+-PQL(Lp*VT^vgR~pOwZF;^NQcHg1yOS#D`>{t}A&5d%OSQ>N1k_+^ zyI(}H@ycTMO^UTO=(G9us1h25EB!mmiYBWr6c&SMMB9uqtFIVkO*T$RfPe(yLqBe! zHQ7j|AWgv`wQjKe1*(2z&i^i5KVqJJm$Vkf+V`lN1%`p{QW?ey7dKx+mh!g z)f!c8R#gOHe@joPlkykUlsW}%)l$uRSCPyKRsN;`=q24ILcz~!(0-@~j_V!Fu zQyX(j>i~K{R6t-rl=0WYv|5k>m^dKBm4W2p(qVMk|N02r|F3_|O1Yc!-!y{Y?V^>hKf?uw~h>ENFaK2w^e~fQ5kOR@NLFo+-rRjkL1m zjpUCs6_|3Zcow#n7S`rw);5+lwzgbLGfN0GwH#>!f!3y07LYB^(%Q~i*%QUr^W@^qcH{+O&WLaBT+L)PISXj^aPq%#c_pR|C0sfpb;NKhn z=4Q>$e_L6bn*KNb|BYYM@sAr!t!RK2Lz>*o{Xw+=06av(he=zimHqVpH7ovq`D-@* z!$6T7!k8iu6+-{o__sDQZ9e`jE&rSU|COIw|Kr1-a<_1(5l$`f$VWiAu2($+)Pjuz z(5;mVJz|_o<@g#(`GQ;^wo=K=v}G+@@`ZA3rmPh%#_(2zbk%b>UYK~s*I-JF8xJLO z0E_>JsQ5q7|7zo34Dn&P_-84A?~Z>{>lX9B<$v@4zw-N80t$gyo%$@*IZ z$FkYLvHs@pH~)W!i2oD)uQvWMF(?xKd-H$G@o#DK-}wJme*e?)|Mls%Z9~WMo8#Z? z{~aR!PxL=N{>cR#yK!~Kw#VQ6Jyr0X@o#2kZrN=7+gO|0{5SspjUOn5rz_X?VP-T? zDpft2nXznGrnDwoAcQnD3)W=-paej;vml;~i9%$07xg$CF(?6rgi8q^&z;i%z{K6t zVS=02FfuU$C;=d`Gz7$83_v6R6fT1#7|ex5uq=XzbweZoCIcmW5anY`9wL^CU{Jz? zShNsC3^lqR6bgk}5IYM&g=`wk!|_&@Q1?uL7zW8OHYNjkp-n^{77NuLnM47mnVD(0 znVAhsDiP8`p$G+n@(G8jnxmxgfyPvkPh$e)H%d9-+@Uc69+}mICI(?DF&Y645`(aa z1MrmD(y(!A7~{H*aL!Did@7CQAwCN8#_=Hx2Peh{wS*-=RTY|iptbPus5B%~#V8>x z3z2ixJvhpLnPk>3rds`G-l6}sO#k<5`|rE@pR@@7)&%fv{cmYu+1&qYZfa^}`Jev( zH-3hOz$6jE1w~D=Mgme01;vmILNS`5A>bi`Kn!945<~_8vJg;4X3JE-A`yUuK`09I zAtFw>d1VFwOL!tVAC?FKbx$*+F+mO=kRgB^BkK!ER0x^F8@89DC_Zn1VIV9b4nzsR zi7b^q&l3{Dm<%Q7jur{^3=L@{6vE(DNje9JjG`F=KvNJLKpdg`n>ebfDxn6FL%an5 zrdnYaC_*ix68>HNI1Ub0{rn3JrJj}Ufy!)zhK2wN2^wcJTtibi6mdn3s#LYw z_?3Y|jE&PwfZ`DQc}mi#x-imgm#-xl8UV;Zq0%N`@*yq^N|@1jq$UIO8gCsIz5}b++95y>t&V^73B!e&(jIj9#4`a(Q2xSW8Fdt$Q4Pb0TDGD*A za*+s@2$|$N0un9)DpWaudQ)UeWV|aV5=8)*l0*prq9_;vAc7X6z@oT8J^^AmCIh&H z4J0REkU6;d04yN{9-oRaDTtdgP3gi~Crk!np%_~=c$iXz&r}%;Y@8C3IHnYZ!$29t zRCYF7Nv$D4uS#(77vB zOrl|oZHR+sA`&JS#6p-VxI}aeS1we>RO6$_iwIM}5trfw5`8%gA8CffpY9YqPO}zqm~Cv01g3o51RxHRNNn3^Dyr*2 z{4;qf(E~!oFoqE^+PL{H5t6DFQAo)An)m~CYEXHQQH(F3r3fq`dfihl8IO5m5Xuo? zlTbu1#hY&loCW~YPF`d5x=QDKP3yF-cN)cjQafDISjL~fqiTM-viX_nh8luRRSt=t zvZcSEZvMK$`R7%RisBY(=X;8W)EP}A98e|Ewnro~D4f#JQxF-%A&BFJAPR{9Z9tO0 zQl^OvN&-a0$L$0R;3E=BQ;{$z5G+(F-6SwvFG&#c)D;&JA&Qp6i1i&1J|U0h{@yEEMABh z;WsUzoHLt&p%j`*Edr*5iuWc!0-%V9c$7f^#tVV?auI|w0Ei`I0d(8~45hPL*l}MS zbs!&Cg}ClxQVs*Pfhd-XWUy2OF;(r5hMr+#!}v(z&|EE0hM!i)#0EdadFvybxh>^~6%Fx3iB)kw5ksxyNLIjwI z)rB|!B4GfCK)?V{NQ}s!AW$k5MW~(>C@dq#lnCJw`B0j7Rx9o~qQ^$Etl6ksB7?;c zlk6X+0u-@AWMYxwByW4B&v;j+tK)P>R~+p|8_M~Z~|G)E3@-||2SuI;!GFs3Pg zX#n1US0j){#+#BbJR5-mRK{Zf=dbb|E&(iD#VEBgK?g2dN;RO47a+xr3z#rE)SwXR z01!t6slB6ynrg*Ks2r8t048z_;sXkNN(*l6JLRFzV5NdreG4AeVvPQXE0N6=AzU_j zg9h8valC_@BTLLTBu9fp$OM^6zbcb3x)2Fd0Hc_UiOMB_3BC%EATnt1Fq)y7VNFqo zDUWt?n$wJf0!)bcOfH2`;t{uIU=bvQFx+xfo{Yum{fB9#GHEeoArKQq5E)b17fpzz zwd{;Wmu_?VRKxy%hb}QMwM;P6qAOH_N18Bds+C9$ZD^=^McRrSWL=%!Q7)2z+{)F;?12K>;Wn z6iY=AhwObB3OY){h=;~-)rs!ze*yl11U9PKTrJZ!Wh{{5 zM6`!ha22A5esgN^@Cla-v~%#*1WKcE;A z*%NMS-1x?UMbfbl5QX>?ES#k+1yKYO`wnth2qcjyt*Wnz zC$ajGkQ?JtVNeJcWKm5jeNh~MPabZsxZObxcnX=6-0Wsf-oE}x0 zl<*9EYj~5E^R$+mNneq8GVx6d5^07_L8~y}dcaYPXQHi!hy!a_K}Tx$OcFdWS0!V)$XqI?1ILJ)xNfB+aGhGZeIM98AI#?v+s z`_;Z~f@5=>n=zldZ=@}40w%ah!{xQnzlH%AB*9>u;p!U|!zLjh2P5E~O} z2muKC6%3oBP8q08Cgo<+uWDIA$hFe+l_3BW4)NqNYE!kDz)>#LSckYUh{=<01MKa=ISusqlLntiTJoAwC4IiMO0cK z@?r<-L5iTtbU{)S62RfgLUKXl1FqB@rYIj^3BSpM%4xzOfP*M6BnXtrP*rop8v%@u zW#v0w2!vauWFA-%roMP+vN|DsK252l-f~F4fCqx%dQiPMm7I+{aILx>iSQHglusOB z3L=4246w4aFsC)$rzM;o)KyB9Yf5P!Ho2{c*r-#MQ%3=7PbQ({i|UC8`Klyh1PMi5$oN+`zy9B~?n zoe;uQRBo}clx?YjAR+-8_dT0)M4buv@PU;_+z|;rZhj(Dl#mINhskZc502ta(>tw{ zJZgFmoia@Zrp{T6g$Z&87hZ}zlaTK00bnE0+5NN z0_9E-{tbo1NEqduC;aS<-K!eh&9@&KLmC>}2qrdw02><{ps~Mjle6jlwbXba>;y7( zBmiRoED<6o#K*Z2+;S63MHGwy!NgP$ti+6Hl-y8iiezhEoK|uMQ|b4~ARS`|8-LG`|B=R&#HM~rivLRccCU^ONXHc`tNJPaW2 zYgT0mW&jeTMN`D~C;(%m9|wbE41gDcAk^i|jroUFtwJaZ08E5ZbG($+@Dmm+ z8E}U)hvi9ys30i7B0{(u^{mpJN|2$PLh$B^l^wq5yypawGjIe#P$H`cHzSU z0fefer<#YdVX7fXfbjrjA+7og)$qXNT-BmRxwqdq`bo_oLsYoHIN@RH4n?eSXCIM3 zfX8%#XR2)zaS(TW;VnOsN)GO4Uif2%>f zC1vL@r6>f6rPOvP-o6*bJIan$l1M$OAw;<0snl3XtGlHgE=BmR>LsKIe|*bA6gEv} zE|Nw^l~Z0VSWfwgP@Log`Cr0?@2o!KW0bfy?l$ldrph0p{H6?c1GsW5f{TPVzNf-) zIDo$~A2DVC#;Ur;fq0{>wMgtwkn>REDyQY(nywbFr;2AK;E`X54KXE~+Xk#PFijx< z7|e%wAc`rS$5Mo^nopYT*br}&^VE`()SbbK9!(+GJ=MaSEIELm}BbL@bpPamkb~j0jR}axT2- znQ-ONZgVSZH!5+JRE|HIifJ^;Pe*kEWk!&fH7R5E@Kwqb^hQ*rjSZS5iBzNm|AQTRTzY05*JpC z+&CdZr4bZgQ<2c9-A+P%s0F=Iq*800MxjTW#MlrX7kpK$GKLTdg$2HvW~i4XVB_GV zge@k4c%&CjfFfeTr%SSl1Y^=1S%44WOI2lr8!8*t=)Dz*5QQ?CztV$3K!F7S6fPCP zJeY_pCt}|*rDDaAC%iNgp_+>#GKyju#TO5R*fjxV0Ej}WKzj8KHpUtQ>l;^_L=`b8 z z>Wz#PqVAp{#=Hm)gCzJk!$k*$Kt4=7Nl}CgwP~5(*1%_FLrhg8OtKNSp;~3)%`lp> zum}F!nyZXT{p|pWzzFp{JOGe3-Pbe2-{De=$YrXRRx|(*fUro8LeoM}2n#_(d=6ku zcwq=3R(oqkqp2|dF?6i{8El$#s2Gx=Fb~6}073BufT1Ccde?d=xmsota*|Zr_-k!< zuc<{xr4W&#gwX`a2{FKUD2P|1D=(>PS%lgU9cgB3Ll$Vhhor*84UxdquxbT;KyCZ2 ziBYKxS0_dQ2N07`8tp-1Pb&;p(iW!FsV9KMdm7mrc;8TZ$DRye^H5RXDJNAL7g9P} z|F*l7tkx!f=~qMJcnAt17`u_vOr^dsBxCTDT}=jUEAL^EHlgds8Lh@<>Owz~6&OTJ zRI}umOi3#SpmGteprs^XARm+xI$DgglL$5;!U0sL!rZ`62*7Z`#%B;jg2_-2rsf#} zl+qlaV%XFoc9a6tc)|=X&rv?%sudJLxEMOgg^*g{yDKPcEJWy2lmkeGL27~RK_XBX zNx`?HM@BXt%%rz+kdh9tfT$=YH4N!d02{EdHZ}eK*n8LRHf|&VbU*V~V5#gzazs*; zUkP_Tdud5=bVic3lI-jpCszc!K@#I;qXVENGnVgfzXt`N8~q}iH1+UAeP&{@8;?Sv zP$(4Yf&OM<1DTFSibHp&?yDf#J{*x*kSoIB{G~Q>s+}B??}gQw)XPLrajoC3#x4`bjm@O`Hu`?=?a9f(-o^J@=pt9y0pwE9 zKb>k@=-}x50PUcIlYIq&`ig!&dwX0_9f6|^2iH@8I%HB2&F1%Zh3|a7jglW-^~0j| zdq{?;u`tbI$~nn9Z`2bD&=xe0`mYa;nz@hJ)D_my-Fn6Pr zhd#p^YZhG;lW$HdI%N>FqTf>)z=u9~qQ-*o^y7%}Y13g7U$*mISwrZhx=Jc7?kF`J zD(k^Pi7sA53%rL!QSO^+D07gOrj5@Qc3{uE=OpwAhb{u@J80D)!MkG`HhZXB_62`x z!p2zg?OjNvYS#^g`laFiYw?#TJ?daD8TFYl<3(pl^`wv^fT*H#ZV*amci~hewJWA8 z2lTwQ;G4c(D7>Ff0Q2T`@!V#SnN6%$ESMpLovP134ZAzfeyk{9N#fWc36v5-Qre5+ zd&Gs4I`JzJu~SvRB4V1uL!<2Pszs9=((5dnGU|4gQhMOuClb>@EM`|mKC4;+CY5jn z%QClPPREt(D#gRL!zHI^_wKIX_~V`j-Wwc zQk^=pW-Wl5OH6vfjQDHzn^h*T3NiVKg&<9-RY10pJa=A80J24!j8*vEF~U-=Qh6&- zgYvT@YN-EzxxKT=LiyinD@5ny?Zv@)TYi$u_Ay`n@9sQ*v0IS;yN~g|@8o&%#6)*R zLooS<3-9X*4Ty=ThPgykpdm3aTmv>EK6>(`(QqAmahTpa6CYhstnCDV(QNAo zXK2KNfL*Ij_D{63PhVJHQ#qlbzM?S3B4DMCYHH5gpFbz}Iql?XR(%jxUfZU)hQ7jV0w;`++L+ThCVL5r#{M`1j#Lh62 z=m1H;nlDXs1HPayo}pIDCm!?3RtCqF2&jU|`uA#x=Aq{yA!aT<6cP*xCRc}vrkBV0 z#cZwo^r-F7RJoc<#n|AqT6~IHEh%THMb$5&__loY{Rz1u{QG(sYUyj1%C6z7MN*4| zSFf6$(5JMSTAiEUeapmOUT;SoElTF;O-x#WQ$rY zGYP2GLXr3*K&=*pbf|gt*m?&Tt!5OejE{0mvKX1j(CFL(0Cu3u+5+xSq8dAj;)S;| zDLT;TISoCMv+twAs;~>jcG{?Jl_|6iSJ>KdrK=7Mwld*L^lp*oR+S4?+k(YXShG&k zLMHG)VHJyBvd<&|6`IyLyqVz9-v5Jxw1UK8cqec74=xW+b8HR_#cQtNEc2q0OvQ(t z-`hfB8H+adeXe8>cxQfmX>JujIDLC|kpp6t?nOjAAU){MnznvvCSGMVXMW2{4|Ie! zbGYjYZ;Ozb3Udh_2-Em!Z-%3k;{;W114rlgF8v5iDvJ1_%8*5Wz&%Cn*v)fkx zF|*nHVwYcS>Ry$&QxsYHu5tW$_;jBb0WRRMmMGNVS|i4;=WHL z@g(ulrh~vd2!?!$5PbQvmDnz(Hs%ym6GCzpj)NKEM9C>SpqFF_UomRqi1HK?foO;@ zia7IQ9r)1k6>m3wpy7xm1|L52vgyoI57N$rUAH9bKyWUIJkT<|v{WxGr(|Y2?_1-O zeU{MwT~0_45iZ&?S}qmTeEr|k-R|>T{?Far-R{#z{oh?YpFek=pes7NlF4=fOR!^qG?70r?JhUj;Up|mk_f!BHq?~ z%%r=k9gwsC0903%LAIYQ0< z5Uu}ETU@3!-S0AFQvLV0NIlxsyo88WpVse^Bt%Z_&Be2@wU}xbXwWNWJO!w!hui!b zB68bXm2Nb#oDmswt?k57#972C5JQqrRXcKOHBqEhO7odyR{NB+lVJ^lOs@#vW79}c zQS)!Fy6tDJoo)2r-S*4YP7}5FaD*XoDkY+=2+*|BenX`NOtsfENmf}XI#=Bxk+|E; zoIi3s{l80hkOs7CfBX^bWv^@(l}I%!P~SQwfiX?`JA?&-Yy@Vl=u)6xn~zy2*sNqJ z?$XeI+i~20dxSb9HGgQL=4DONtD+Nq*IZ2R2d>%k24M8k$r|NOLPE7p^WwD0e(039 z0(Mo6L;z3fD5<+pFn1V8IOi`Un4;Zww~Is^fjUetj3lmvjs zM2|wkV-eYI3}cB*<39l{?6$i*$Y(@^-%HyWqH-GvhOP-XF+ohmX%y&`!@yqYs0DN# zurc-8jea1Qb#?t-g0m||>YNY&>02fq;6G>9o6PvfKr*Aym|~}M=CC%Cpfb4+Ecw{Z zCaL_AT7qQBv-2OK2NXK5c7AeU;#yAk2`8N2NtUPYZRSlf|bFW?floNh~{6mqT+|#VS0P!B>ju%7V9sYkNIE7r*Hp z{*sjIC>NKa+@xOR*ykuR=c1tw&DFw*J5@{K$EgbG5tpSmsI(9>c>q`3UASDZm$-7} z++iDyJw(y2HDtHK!r|KcfGAUXiJ@8-*CeCSykRH)gUhZ6M@zocib(1$=H;29)$66$ zVx5DY5#Up)T_@>GOj?cgYLwdS&c$OfP;gyAzoO<+qJMQ83l9TTRUeNBkH>?1KOU5y zw5=g_%@emNzHmV%Dzau0>L8tvOe0IJ&3w(u6`6FelUY~w{kSk67v}vf%r|+PS#6Oz zUuoxBt=1AVvUwp<>9Cq;Q$|7kM!wss6ghGw%h8zYZ$ayoZIoU9J9ZgcOE5-q!l|Z9c+2(vC_+j z3^i2LE2D~>+B#EnJ@jEwRh|)TDV({v(-z^bG|$>%)RkAOfjL|8Hc@CoSI|E->TH^_ zWl)$+FjkJb@+4%7aaU2V2J%$RmKn~SpvBXIq)zoTs`Ka1+E(y$YFp;+sf_0?@0{pi6~~0K5>;pYX!%ilVj=|-frh?lC8O_6?gmv zt%q7^)zwU^!_^)|L~ZUqLV)Nj}M@I=6lKGMB@q&F3ax&LVOs zl2B8qZ6h9MFarli{iSVsMfpWsQf1TBxj~Zs15bmk^4djlW*I9}CxhPtrK(e~o`vau zciY`(OBsG9REe56imY|%?mW}nq+}h#TLl^o2*N>tt}zcGlNAkN^E1b~DG`d&bnYup z6&zu@z(_RjOqJZUn8pO^y@Et1g-xeu%W)1%%I5VEzlHDnNAC{K(fj_<;eP+(@a;+Ow-BxZY?T|p zW{sJ8Z$@kKWhhbQG{FUGp~DeU7-+{lP{(bs?UfS(!CsKh!tbS#Iwr*AEy-jqQ+1b^ z(rRow)bEB*0obf{IwXBIQB$UooMlVJJlNW*{;X5dZ)x|q6u@3G{B7iv1FrB779$Tr z%7bIhkjV)e*y00#bKuk&Ad_-MfK>vW8t-Kj+b6PV(@`AKKVpKe@yvu2FoCL$_WP&0 z$}xi^HzTH+w0>~c*VnE#pYgFtYo??BcW^8xEr4etr$HrM+_$&WmU47;pN0{L2t$KIKBPl;4p7A5G<#9=hr_KGM+drCRyMlt}DjiF*x{>W^y0 zU~#)_WK)6QD5`EJZ3D`}QmQU(oKlkFT)R~D3SRn-N(Bl|2&WPP^1CI^Om+dq%sam4)AZB(rUsgT%3Sf%8GF z<{`|0Y6jgP5#o=;(*}sI+}tK*I>l5dSWNG8@aC3V3TK6-VbGN}s8KbqM$*l*!pI(` zJNn~u$IlY`f9~$QRa+idu>W^=pXK9!K7ana`?&w##p9fNsssQv&uzc+qCajlP3iZ4Mv* z{28JE>+k5x7Xa})+dYxy!wnj~ct%1m4{VX6FW%7VkldH0Ho8`Jr^^taX-8ksfDOZ( zX8y%?r6u^kP4c+39&iEw-+A%kX^#It>%Mr@|J}(`a_?b{yzJFS{(UB$=UQ2|V<&5P z&o|4a?SM71tc@?M7!8(THgj=X&Pmrg|0}G2apf&{1F%s3E9C!py3>7>|L)|;8NlS% ze%0zW6u-JSmS!LRW|w#_<#+X>w%++p@tkH>M8s1V&{_W-oo>Df8}JupG7mU;JW4BM zLuYSQ7ItGgAD$WxoOw4FxU%XF-$D>j!OXNZ>YYd#ImDnIRjP-6>i+oBypWiWi9ChZ zx$=SpL@}@B$)}ngYylRK9?~)A{uL!Z{Vc)%v$5=!*Z~&Z|2}<|kN^7g*^6h7{QoYV z9RDv(lcA_yv;9ogi_FeYx#}vT8p29kb^rL5_YKSJBj%rH*w++GZ*t@eYq^2dhSfyt z*L`fDeh{#0M8hGAL*Gd+B@Cl>xOV!Y8Y;(}KVvUjGt)|1Z^YR&+iebC_9?+zYKFN) z-jyC|Lgtl5*2K1Yd3=fj>QR}*(iaxKtfg)efj3epiK}S{$=;Pf7=8iViA{ic=O+$v6$iZI5xn1f)+$4v?prMpl;t3Yy&t zC_^XTNyA~urEZ1auy9cqAK2GPjB%j%fJz;B-f~DwFLk?7oWi(qjya2?-05#VR=;y3 z8`X|39|dUBg1LphLpLZip#J!;udZMFvjqRw5o5%%*1wDS|BDyT3;92GANl{CJo6lx zvtfSP)z`DS$Y1g>r!{tOBm7595~Y91raC7$^D4P`U9;I@Cfi<>r*=v3>vrkIZ9#FD zcDAsOT20qUr|k6VlvxZxc|_z|1GUSc(hn%}a!5n}()O^GhglWL0$W{qF>JTwMza+E z2kOV3$Kp_~PyXL|Ubz2#`uxRX{`Wh1K9?jgHWS@96J4GxH&;mKfLU-|WC~|Cif@+l zuW(S&OZmR1Jo7BS{>{N|ed~XBcQ-HpJ$=!AT>p3StZ@D}bZ~6wV72rAd8Uza(Q!dI zv{GTB0?7Ht|E22wYv>6|l-m`db$!c0to#4-BokzMxaWVwqOXysiUKMLQX&O70vItv_5USfzQZGA(f7di@sf zryjL6_w+2Y|EIx2T5xAmR~0mW|9{%ud0DXkeD-MnbvIAFvv{4G{;JqA?bLkW+!Q%4 zRTedCUe*HbHNWM}x1c?TA+>|$H1QR!xK?I!t<)Cj_!avH&`*{z?3)nm2Slh1+7Oe- z>}f8A0l;Ub)E)0Qg-hw|WwdSHz~K-pLQ88m)f42d+Lyg#Uy^8-zL8%_a?Inaf)pd> zFSuPQyRs>7sGlcmK;lBu&UXL;mm%*G$xV0@;>Q8ut|g!n(VW+sQ&rVy7NxPz75V#% zVU``hUsOt$8YLm~NzvTIeOqQ_Qc^dIs(J#h;WVQW4XJc8Vc0j-T_<%`?^d#a@H{0r zFRMFuYp&A2Bz#IkXy6UU9yukPGXI=-Ec9Ji<`v5@!x|J>tR5f zwLH^%B)DBdxt7{M9Ro1ne$^XVWpcEf=~===wdGuflIMk(*2T+h(+WbdU@`ZI$d*c8 z_jI(!EXPSJr3MN$EcTF%PMtN%YoX4Nh8;1 z+akn~m@wJQybhRXEzj98Qc%Bq z=`FLfWWdNTjD;U^jBsfVR%}%hXzL8UeEAY}d~($hlW850Zhy8bxAdw>oKpdzq`L+D zbKXoZVr;s#W3}3HCdW(jD7(9qtn_3x_v)4MIv)X zRZ51X!p>q*x=i#jN3|#~JeQTtAGE#-n21vbv}I#hr{xQuvI6U(>V^Kjf*`fnCb9HX zj}{9uHN_V9Oj(dp(qm-__U=|ZS@!6GR%1P1!)Qo&m6x9M)V@BvIO!iBUhW^fe)lG~ z!XO}#nMEFAJ~PfBs5!!cAo;8lJ{iX2D$fSn-|5@)i#KNn=l^?j`Tp(EyW@k){ll~J zew#IzRdZ1%r*F?LE>GSazdo4L%L1pJ<~$Zwi;X6Lz1i`2;U0vpzC3=re^7ynM2%dtsdwj9Sgm1(R-Phd9;#zOtcBpuG+0Pt8BkCA z=jXq^J=?$h`S7S}_*EHFjFoR^f$?3DOv=Q@T2Ph&_;beh%RU;mzmwS+85O@SQp>s- zMN9mb)bo+ddW*~sSE9+iqj%>Q2WOZ4)6>h7{&B^mRH(^ul>D9D*D5+Y?n7U{ygk2| z!{nCP;;K7Y$Z{$zQ8mMvzZh=Sg0|4xs!K2ZW4-IHVAs3iqAS4nfLB~$%yk9r#q#&k z)4Jx_{K`rE2Ij8zl;zwu-2qE4YNc)F&*N5ZKV8lR85OA^pjRZx?^Z6hW{PB?C7;qO zq!hRk#T}|t-XWvFE4-ZNl2Obpmv8VJ$u(Ct=qkn2ItH~S2#ZX{M8(`E0iKmz@nq?& zq;$T)sPeWb+f-D3SEL`Qjl&kVk}a5TM#P>+gt(Y+A|@>G=QNZrnr~`^X%KT#r>T6= ze5oG(y~9_^YL%M56l+%Nev1Z7c{l|1iHGflLHYKz zFr{OzDJP#J+M46puOZaT)#0o4d1^g=su^XLZ>Q&?70ym2^ZX61hWYp_ECkQi%OY_8 zu`}EA@z>(-w)p5$Jai>QxFD>8kXk!-#cmBL4EJe1VifUdJnf-lGG%<0T@>_Bazv+8 z_E7f?tpT0uNxEQ1uh`8K7}4jY(2?haB42nB>lAsuRN8qQ`B;*3$+0BknMPzGx@WeK z6WlYKWcZBeNDR$+6%%y;XF)*2@jEEeLtz{Q4K$aZS5AOtuzLZf(+lecVqLQGCef%k zO$B3Kx1)lYx_&Yiy)I@Kq#CgWb;1!Fq`owh@BFK2*Ekp<45x=<=I6H=4NmF6(kfZt zw5L^>#=C@U)7#t3k@b(5i2O;yBy_G8OX;7b2HX`Ilx!yYvb6kx}>X z?B&ayLi~sB?qmGdJ9+NJv#T=RKLl6)7m5Z{vgesGroLTSDZ>#ao~2(i@o37Lo9pC- zvYs&2?XTU>tNYL;pZj+(GXcdPJ3 zy1#GS3(erBh8tShsj94Y9i&x(F~=2cPWO&8+Ui{|bVr*5K-M8`1sEPZ(rSWpj~;1@ z!F2qx3}HO_q&@niEx6(SrhU?uz0!MhN_%uldvr>33G~q^?be;rzInTY2WQbyQ>3nN zOG~S`-f45{)H{gP25V&pwZ-)xJ=7jO)b80sZT-$;cj5+@XVVE-hmhjAuf&4|gTFjH zIlS0^ec3;Ib6$z_xg9L$v9!j>W*Ohg734I~gdBudrN!nO>6hB*C+#`b`CD~e z2j=1Ee~&H?PWrEp4la-O`=^UfyE7u1s2Q>pv`lKIdaEr{WifyXvdi;>v-fk@K&ELy z_*Ja~5wxrh-Syg4hwLRz^BV5GUk+;Qy&7(BLdy5rJo03)@I-9^xHzg1Mw;Ccb`$z_ zv37Rw^Wp#1#2Y6g`e|v*z5BU#4vO7iXGir~k9knBAI#Iz+D+y?=3?)-pe-#DMk{rzDJ6@PD4e^3 zTrVXNA|69kJcg=x3{~+Ms^T$J#bc<7$50i{j90qY`po-Cc#DLR&me1COW%ip+wEsD z*%p5U>i_NWpI;mgTwUng<1~^Y^|3AeTqUD;v5;&E{k4QHnj_bYg+eu;E1a@30BY0e zCBSTHsdP1HOX|*t`L7#fVo4p_V|bN+H8ZDgA+ACVYP`cJBd$Hwl3_+FtF9Jj#5A{- zKqL9K>P8yLgOtmS>x{+DS~fu`T5Nu0+g#q3JX3R#1$o6tZp%EXs{K+ksd`3Is?>M( zV266Iz#pD+;-ltah#2K zgLdZpl`p^5T>ai)zkkucJb(M{Z13Rm-PvKKswLtylq1wkj)=Yg@H_t@{zr&l%6#(5 zr$UV$AgOR%F$c%3EeDxvy{U4?a@s#Xzt@YZJTMPf?YK&W=?vY>yQ?e((p5p+o(5_n zW%MQ=M+u=w?_Bw}RjHo!v*^HR+0Ghu8Rbo`dVDNz?JG`^sN`x{}&cay``}LZ78wRr;l00@bdYF$z z4}EC1%;CKKM@;yvr503k8#T?TJJU0Serf)`c(`*ePAV5=;o9V*NJVx|;=n?(CrLdL{L}^@4VZ73;WOFgZqtkKw^`Y@J3ym3dJM_= z7?KmMF%IW4@gJ|eB~nRL@U;uqD2Z+j-0>c>YAh%JEiL-Nvq=7X{wy#5b)PhGJSw^z6Hk7v|+U43`t8ABR`woS>IX&NnbeHRX?c!ao{d<(}9!0xH(e6>SyLZv< zQL@YAExGRve!;U){%cQ2Fs0*=ak6S33*^6@=iTQy`EO^Z`|?r#yNhQ7onk2o4+WA8 z>3K%i6B43fOaq^WV-#WUBOVjcZfu~72^C1h5wHX#CL{>ZIABAaNQs8yZM96Wq*nyY za-H`$^cx!}Bx7xuwy6WN5MSR%|NB-Oy$ypIVj6c9 zHl4B%z27@WKINj(9#h$Y|7!3X?ctxi1OK%zCgYC!kNqjG!cN-I5PKiv2!UZz<4Idw zM~x@#A^zBS(w5Vx@#Oz&Y@qj;Qx*$!xPKrT?TE8~5>GbT)F-&3%W?M4hrZU!o`viG z?4ZAYe9)fytM@T?{qOF)eBRCF|LeZ&K7abS{_o=1KqfTe`Trg@8XwXhzi&>Yj6|=~ zxxT)3{hk;fceW4}2#1Ib)jDYDCC@?}q<&RX9O5yVDk(8xc03RDC^bqOFGhLSTs_7rv-4dA}e z1sXCYh2%IA2&2+zD;d7|w`Hs^)Bd)QPojX$V7geSn*4h_Bs?UN2;F3_)A^XZYE!ml z1xXYOwM)neK_7l0!8Cuj}Qeor|8 zCq_Xf5sgL*rD#Xpc6axOMoSN5x83djfE3}YUr*aRts#;4srr8U9z~p8QFWXq-0se5 z%nF7$^a&4UYKmw$;#f!?dot$4&=*jnoj^cW4*gZyM}?{VL*g~@nph=K?eP16*)AJ_A4iZ@?^@dw63Yq zxIx7yfu!VHS^2Me_KCL6Ry4KdXD+P!1{3q@H*Q+XJxEr`ouu-=7Iv(4yY@F3WP1d)8XF;7$hfg60WB5; zgg*y?*2hU?FqrG$maup0v}1j}%4rAtQyL}+sGy*vi94sDTf&Y}^`0^=^KECa1A?%N z6MGw_KHS%Oa$&s{>^MezdE&W2XX!^^Jms|G+5txQL_O=oPCm(Xd8_#yJ=x0*_fcF} z3B(A82y>3_bCbV8gAczC(5BCb0PiL2`#M+_kjZ z$rj+J1Un${JjCY)4T>s?CD7zxN8)jviY3^Q_(7wK4M59+x=gTv7Ylc$^r5*CD$#r3n;nY&xr9?wlsv%@0ue_)U0%ByZ#4t5~B zkSKYM$JBq8mHFDg-hHj8a0xcPe zFqaeu!3hV3yr^NBWV(k-GWZ8A~TV~LSZIoRUN(58|iJy4Zj zPY5R&h5pAM)rrK$jU0gfcQ7(P%yRY_@RMuCKNhKNEi0>tojLO14LZ!CMb~a+F!4Zy z#I;C+)z~SK59?#+{)I$G8l2LQ`ee8qj^<*gR6eYao%dgDb}Q8b~JG;S#y0#pc^#US$)Sc*vSRMn%~|H`UPL71Xm<3Y{r+iUM({A7HDagw8Y0(Y zjXMdzTzVUEU(Z^kL7U90Rx>wx=$67M zfqa{_G#Hx4Ks7P2>_#Ez{6SDm`m7H-GN>mrrP%2vn7KGQM{hIBR)5yGvcPn{ z7VV_^9jlvR+AL6siNJ@nK*;#i8lmlxNf`@N1s6V@Jy!a~iw>vr;o;lStLDA0Qc@X#r7v z{{g54$8thKX|LYz@L3;rbROb5E9;CgY1fL92VDxWCsUvxdfyCsjo5)y%5|`_f1;#6 z7{6sEl4+6Wfj#TRPLeWu?#i;~`7EJ4L`1CxJ0&5v=AA;#8QrP1a`(6VtmTaEVkZ_0 z4qGMGO%L`lW4l~9sH*yT>?~Yc^K8E!+GDX(gJG1{&tnJT?3nSF9xZOri8+9dbWk2) z*Vu!*MpxMBezoQ_gPmFEO*ji#EcV!RN=vLN)j7*422LbYqABx98});LT@&A2#`VyE zg@bL?#gs{MiK8f(Ilr$tl|=mxn1=&%pT|a{HR*V6zOu0bcEWgio{qePh+Nu9hz2e~ z;aYrxuSf=WZsX{LNzy}m5Z?n02^w>PrM^fF=h5(rXaBWm-Cd~E?3%w%aG6Hq#s<$t zPEj~Iw9z|3MsWZ;J@&6~=n+4&wFx364aax31aHt_I=gh>ToP4)ow_Pz)8mS^?rn1f zfwB`UjG9bhBW-^qvy2gV;_lf>ndy!i}qCQdlkO zlH4Pf`M8?LXI7R@1!nMp`8b|J z5P*mB+zNJn#X&Xm$zVqvSm9g(s!5JRflc@bcHfqGX#Lp9Br2@(m^+I@NvFiFt2FGx zSB&F!o;72~O*2_ZJGRgqG;Qj;M}7F1s?!_e<*`g|Ra#yTb_xkd=gK=^z^IRqPQufb zLAb?7V+U;-Gjk7gG%nCv3oH*6cFJ?GR?<$I-!h52;)X)Wq!i;iSkWf&F5KF@m<5Lq4 zR%5OZ39xdG7+)E=Yr&42k)Vccy%Su`#(#%g1`qGKL4zb3_{ulanLsOxd(6jddAQFF z8a#jYba!Rq$zaC@FkfKRP(nLNI)#VztaW8MDG%oH9XF{#?y}6Zv@$qres0j<^OphI ztYAzF&vzN@WOF4{?pe81CUle_1=tT2Xy9fgxUcPe-LzAcyCLVL+c!=but8x?5H^+! zaET?ZJcS?^KkFFiYNIppe!h-&yb1B+fbjC0`h1Tkj-SfM9|cOPqfI6!)<(hTD(*F! z)_Q0spLT!#eT1>Zvw7dGv%6wJ9iLov#AFITbf9T{pa}34*%Vvol=++D&MCpcUcP*3i7CO)rVh#PE50-@{(xdr+L&;;%k%PsLvIlH1hff(`DC}wbK+mM>jXM^QFFmu2>b-!`GY#KR{`)^d7W!{XBL=Je-FcIEBW;G^~hWHwHfm&K?G$ zZqT6F{Mvia40aZU@w)-`a&E%+?Iq#+9EsVW>i(a#uPp3&M2KVNSDCwL?DU}+Qso{j zZnQLbMzH@Yr;@x4J+kD5dXaYMpNpa)xwLae{)mZ?4-`W;Xz=43x=z|zbP_F|LgBjR zp>5{ym{aKL^%ZtZ+Q*RjF!{}<$F6#tP?wU zG*a^Kg3zHisBg+Wdu z8S5k=u_U875agb*v`*U5gs@nHVX$N9=7A!{z`8!{M9l9m)}7X%orwA30pMos*g0BE zKJ#hk!63%Kx<>49${@IyIvrH13Dp^0movu*$61A7ZvyQ3f#BzBPZAmQfMMieNadal zsa8ftpjf6RC0;fH+k>N|b#7XK9j%@@RwwPMW2l22b7X*n`GdpFtzl>Wg;pLr4-hXF z*7adWP@j0XbU9^u?EAjLg~d>IVHxbK4$(TFwPL51wZV<{#I^b6u;Zqex%E?Q`dD8} z+}pDj1y2q;^Y7E=U?;gwe+ZaCw}c&Uu2shz>?9Q*3VPOa-5201Qd5JmoC*V4zQ6m> zwTOcnJM}ae%d0T%5kqUlPCX6ADk_Y7!_QjwEJHiBG#E>&FvPv0X^pf~PlHikg>k=# zF|e);JM}aeE2%K_hq_rBrSBd3H@=ARRfg?@nzfrpm* zkg%AL5MT2g(+)vn)r`(|cAw9hBC86p{I3<>=mzbbzUv&5DdRI_Ya*`goJ1#}Q~F?B zXK#>(vxf$|&tDwV!L|Y(e(jW+)aL7JPl;?6p#}Eb#$wslf=!EjdJu+`xo17r?m6s? z#2e1y3fIsZ1RveBOKHZX2lm{cL3d|o_3)vk*l{vYmGzj@`OGM`s zG8eSU9!sKQX7Ti3p7q2^r&lB-LY#6oTg(|P$h5LDU~75S z!j(fJuNnWSlL9Wrj#*hJZmrcvaGTG1a{p$q1D=crpCsWSE}_aBw9mrtB}h1w6XXR{ z$;qH91V(LAE`dt*o}b&Golj9fJt`G@5fS!?$Xo*6puX#M4cb;)K!*#_)q@!l@EYP7 z>xR&Xv#AZO8;-SqDaWG`^^j+iPFp|I^;K88_5cGha8`NDl zb|jq=7RxI1+@N14By_N$$_vEe2egyh=LS9hy81=zj4%yiPA(>#hzSewo7W9GrXiii zQ^kIjlnrrGOr_MZByx6lRgn6G6CcVEAK{TC98K^Qh)c2O5#ken?LLq<=*8F7FJcFP z6=FH;m`aP$V+xMqAd4b{w)H+YsQY#GwFU$Gw5~XKW1^Hg(qOj!0}=<{ z?O93Phq!62h419BGk??i%k5b??9AV^{&IU(4m6Vu|emNUA=POaO}ziiaF1^0Zm$8(9LI#efjdyJzK z7V6943Bi7#Hh9zMy=pPmW6qtUow;7=85<0ob51ucr7P`z4GwP5;IqR3+LU#K$8kh@ zsHw!n=63F@g1U#AKXre6+59pn$IjgNXk~HHIPs}SQ1fu2q}>MX9J7#0#w(b#$*Mh} za5-!wb;)el>+?(-ItE0_y;(#!R`2iTxecytv6I^9xaO9bm1RvUA;75|3BSr~-fz%3 zFg9dAx6$FqUdriMRt`njEC3=~N3kOyvfF)b6FYiD7y8sSNP9HcF~_lGkYlRc5pLFu zopg6Qi-RgXPnIhyrtB=IYzyL^neuwMat=FR$CdMlx(~LzR<4}GP8C;9nep|6@FKw^ zCQo8w@2IRj!5u$0+O-8wi32ni$T1e4Uw;mExEgDT_Ui+D_`B-@kEiy+2=j3akY&|d^aF7EQY$f-Z6l2S(LX+d+}HX>%%<`cY3?Lvp{AMX z&COY)voZPTdZL;zn6^{uO)!@$%};A&`fktgG^oVx-_VmM7c_eEq=){&VgM=@I#IK| z0{-B%^ZTarW2@2F*g%;K=a7fZK%-yyL}D5URdfS=Ftm@}pQFR+G?t)5l6dS~4*ARz zZ3AxGW7AF=z@;-`*Dc99ap)5+Bo6%+*A2E*8!e~gR- zQPB(th=$ry(vQJ050UVSat7f8+vs9K1tOtS6I>7ARz zW4J_z#cz`Ex{)-r>bB8%tr4IvQ0<&z6q0LA6S@V3N-BjLLHPWH( z%@71Mv|1KF12hWoSm#^w zl|Z1rhY1=(rWO|sHIs6-$dq5TQ9lr@*vH)E$hg~|vk1k6U59#$Htb;!?n~&Oiai~t z`8jo5pu}Jp*sYxr;%8TFqtVyd_auu@K(0stCQ2Mm+c>cwWy60GPa5+#pNy15t(mRu zMeV#pCMShNp?X*K35f_dH$3!D=-c*$Imvb8G^crLwn;E&RRi5^wPxeMI&zZ2 zxMYZ#1op0kK*Q{C^FtI&uZz-tjV!@N74f_Tl!eWvBxsXBog}`MFtlO7@zl1XpuWao zMc?|=p;+TAN;79`3Wh}-63w6m(Jdrh!EIdvj==+Pa&o2KVC1RYUF~8{?s+Gju$epq zYc?LYqSs7#t7HlRD2YER*^79@hy0*wO6E?0C2hUIyII-vJ`0Q5Ss=v{+DHn3O*TWj z1cj09F-Tj~-fc=eP6eY$JZu~53ndoulH`vaCC7BO+%th=N06-9tU&3MdDY!*@3eOY zdaP-?ZM8O02Sww{$q?&biYW+$g;}@9I5OKjNThmrSdo&5qsUITU1yr~uO}=Zx!qbd ztE6n-*9^?uy=wWIp(b?O$${2P_}w+*AJy2CER|*fYKg*Fqd_c5oy9Z(-UJSJv=4B9u{O9 zk@mQaJ~zb#bK<{_)ru3%9%??{**SjQ{L*eT4#Om5qCtcph=HlGNTJu$Nu)Ne(y=d$ z{I4*mg;}+@CS|iK%v4Z;d=?TkoT;{CGRRDgq}2@Bo-j!)8>D6>XPBwH*6f2aFv|q^ z&B}$~b+$)g*jB)>IuAfh2~E&W>TOrn8{{Z%&}bZv05LuU`q2E5+2fo;-j!1gB&lc& z;tg5K@CaA*=MaK}f4e9Y^5Gye(7+hj)Aga=w*Ah$bD_{9)T4Xn~2$tZd}5P{dQ4x;mMX#jH9v&I~oHzRvZB94}U!_*VF8f@DpL z2CN0tn1OVitQBb{$Sc6IJOc?53JPnTh9kzOrc~@rfYop%g{k`LNS`R~M9DEIGZJmx z<_^QC3r+YRScH)49>m2#TTBMq>YqP?0dQXUvpxQEU>4W8i7}iocaUAHqY3jkgxN6? zC}?R!0a9X4z|lf>L;urjAY@@uf44wo+JoL( zz&u*&1*mu7r~4^=dzzSW_E0~##xnumKxpj2pSEH3Drqr={1hA(ySq=Hl>=>0&J8#a zJV2;HDWC|@SS4yQ)*O#TiJBVNlF>>OoJ^Hu`XSX-R9M?@>627aJM@8XqD|Eb`l-5-Ax_OxmErvQ-PFFK_G2A-+6 zbHzG__Mk-22XjnuokomPQf5~!-Qygu0_V?Rz=j=7!D~CIr9GPl zTZY9XXg9lK>MN8p76n{53t!RWA2H!ni4f;RBWO>}^!FmGjm)_*z&yY%7D$U34TEC( z&L~PTam`swL`Z_<=yYkTZ)j<*6_V?gfx2}?aSOLJf?H~@-O`qe3{Ksk(Kjsfoq)st zIAB8@pexKN9tK3f)(6Esrl9|XghxWmDHGf1S{>GBTDzx4GGYpez@9kKY77!7@hSAE zYDz7S(p#|~TAAmE@=`bXtF+SUKOm&%LEmHkP}=Uzymm|b$P`K%OuJlAW6sNmUgN5) zM#;;o#t$WE`Jsrb!mCEv4CG3JWB&NxmUZU;%YtSNfi~zH#5eB z^pZ-^ONrY7YZ&=8??IkPh)~!%lEV=ylhuuXml$NdNK2sLR<#3d{6tMhM zs#$B9X``XqvIG&^rPt0H6igp{EU^_1Qh7)qBccsT^u+4OBqw$piA36NG?GC`q%+Z=y#UjxmheCW zs@69lk(Sn=YmYM_oa-g$G^#iOoP4ht|ESRSX76Ad^?yCz28gFLq)NVOH>@P|;WVMQ z-#0f>;@d((hs!m*3I?jHoW9>fI&Q2_1x!>H^A0H-0M?nT82(*P)S z7JBfn#GyZ&nHx2b#)81yjEZe52f?!7WTbiH2aow=wOQ73>5ngWpN~k_f9XHnAw%+` z{}b-MAU}0qKKFN?k6vQ`r`;Dj-cL_EKebXjLDJc1a#<7y_jqqJ@5Y5 zI(q*6#g;v)Crnx&shQBo*hZ1IF#tDhpqwe-;EzBb0H$z2&}L*=^C2{%Ar%wi>t&FM z2MxC(`T`W05W&_+3w-DkDo$7s`haaoVDUjbhLZr63Wk6Hf#uJz*%;L79GgyoBfnc` zV~NE_(ZRkVKXnRdnZrrPCtiR#X&C@o8q^JK_S>4VxHTkW8g6OoRUEAdcpAW>$m2YFUCUPSG5Uc@nMj>oy2{%j2hC2XzKo_!YPpK^JhnLgcEf7_Wa__*}?hcyYqvy?eypVYv;#l|NQ*dw`cp#tHYDSi~ZM^{j)dc z#karqkMwZJSxCoODp?ge|pE zC`_1@YpB|UsW(^aYF>C8CW(xIyz^N}v;tMzv6-Algioo^>Q*CJnB09@fgNh?ZIT#q z&_;dqk<8GLgk(geu0%!Nd`qP2CIyX=3{%(BAyG@6V^4y?2kcftEpv4q@~xVdg)R^F zsgRrwV=XBGd=t$5j6bW898Lm{cOH?UEFJu-oNRe>%` zVYt)+?`3&Um+A7gh#vxrPj3Pwk4>@@Bh+MU#6za!MWDbR6~kyWPB|ITPj+Kb!UG7M zNk^2Uh%?DNrZX>tl6j^-9|}o9;JQ)=d2IklM$pOvD_;hYqLl6vfWjn_kBN+IzZGu+V7uc_cU7`hWd-59ZI{Lr$<_yD-=39{asvc5H;MD7glu zpSjmm%f4wAOw$}ft#zJ}a}+y=uEQ44XB!=09#F#VaA9==?w%r_`oKzD&qISok8#aw zjg6?{wt|KpK|>`YDX{fA}qpuGn` zsGH({vIJdd7*8W>^bhMQN4+oF&)Y9y*zn0z+s>#1g8=qzXR}Kng?Dg8Xs+C?oxhRL zGd7S=>ojGH_G5Qv8+ElZxx1^V&bGSSe%?lhdas0eQzHi-wi2zddw0}RrxoB7!+7NU z+434K^iRP;_+w0%&>#N^xOlEtW+^V7JTYzzR(t7SquX^|1>6riPoAXC1>nk%_+8CnfWGighGdWPH*)l~IZ`)?8FcvW&SqaIwI?re;67cYeHH%c+ z03c0O(=H5Vvkb>}dv;7p1R>g=gmBKdk@B;sR&u?;f565fs~Gu}1fUAf9n75FKGCZ- z&f}rJ);1=B0Ixke4QJ?DaUa#=DtbfJ`V{0_5u5XmL3NT~6=Atj(;eMr<6P~UvGIEv z5#kTA_fa*Pn#24*j>}e~ad`6cTZCS{`Wt%kL_1RCmI`dN=*g2tQt-VJ{IE$vXlwv! zh#Ya`i8?2%^RZ~RogNa4xLg<3X|J6roi}O*D@?U{_(X#BLL0r&GN*Q~%GJ&pK-aIi zpImU|*{7AveSkPyYtJz?b~Plai0TwRVp>YgTC8Oo1YafH+LTG+=Am;+ol6!)Sy;2p zJb6-_OsfX|cQvhxDd5SI20|aYzoVb~7yY9iO8qX4WjTjyCbPu_W>?e()~4qE!A1X2 zRlTrx5$VBAZL+CBq7FM+G|5*xj>#ow9Qbnmxf=lLcH2+e=7!Ch@q>Z2;wdJw=ai1Q z5f?Q`AQpin7x-o;bz~eJPv0^e93mV=oMCU07{*BB_>r-U`2d}pE0MXp7Zl!J%sB~V zCppQqCvqBWygPk!*55xodDD7-*l(S_*?)I@+CMtla$vUS@Qj5?=J;#OUL3z!Ux^x4 zd1(i|ji&5MZ*iQ!MHZaNLl+aqq~w|2elJ}0fDt`X%~h2)%rR%PLb2#Ykv|qM& zTKvV2R;Oz}DF8*8k!8Tf)YHv`%qQ)C>JvK_6VpP8zoiB|QLJUmF$>DXfklLI@-x@& z+v;_4?H+L!5gyEP*IxsNCuu|QHpCw@rbmg%rYkq60IF4n{VQs2_UtK^PN&4DSdw6- zWZ~n}w`UjqlZzfojNW0jSgZHsq@T2Fu_4s~Iz3LQx`{2PGZO{uC0CN@t(*{kP33z`_)Vv z-RrA>4BSSg12kyG)M0?bkFFlW-jcem$)L*C7765a2|6>8o>; z>DLa;=yKf$uP3j=Kn}hR%v-gL42N1M% zpic%#ScT2O+oS!Ig>Bijn`#FgQCP<@D4c*Ysv*gY;>cJtnSRXgleZTK=WY4P#H!B# zYW*Lr+G#jLJPt!}Jukh>R18F1dDhkU(A+(5YK0^qcq`eN5)Z#(-~~=1t00;ai=is` zLQBba_FB;P7BL@f+Cz$i4;W}VFf?$-q88|2tLo;Kd?FrdQHj(v!oFquf2)q20UM7& ztZ+ATwTFX*o6uRZlO!9xJ^-r?NEIJ!8>JPN=sJmX?qx@qG?FKdJnW`X)S4id2vO@@ zQWfp@FZ!?h=jO}bP)AOqjyjseQ9D6$A50c_9Oj~kIBP?P;h09!IQZd&_{^p z3ccA?E(vqNtMdcs$ONiCa6W~zr=(M26c+lxnaGWRU_t-XAqHTc6vT`JRCT4zHQudQq-kW;flta zneY!GDqCnvN_EsBAAl zWpX$3Y6JP4MJXg19RHVF&aA}xC1XK2dUt+sRxAM~d5E)sqy?;XpF#ikuMaOy`p1WG z_nlDi_nBtKTwz)9wusX!8jvv&ie$@SROp)rPDL$tZKNlsuA;Pm`xYN{02yI8khUf` zQ5>iG6_0kzd8Xx<{x8+X&d$!xi)YW^-<_SE{J%Th=R5z_efsj*)2A<mEB3xvm5 z2@$B;rIvp3S?6GKuY#2LU zxO>8(-(kEYs*a6MD0Q>~*#VcglG#s89KO_XB2Eox1eLu*-*{5SlAk3F=-|3HjwVaYBkj= zI+xsB{YGj7gqcYgnIpqn)1TBZXcL&;6w@#p z+u(HI9aheD%K1)828QhnA@~9OUchSB&TQ7nZp;$QvK%Ke-)ih;b%t~MEGHRpf$c0} zJep@@C|nIv`#u}5VO_|^k|4-~IR7>W2ADSMV5~OkC~&F@&t%=0ad2_0(3Ws+)=fY% zwbZQ|te|CL@o2>xWE`QvlGhodj{UA}JG{xYwzts@yCaeeQn>hPxlh5OOcCLKg5O;d zUt3$&h#neHAGP8^5B`0FZjcvC)bg9CiCUxGfo@&{1cs*u(qN`q9mN6I93}4LuA`dg znV|i~C0s#4eStO=B6qCKx(Ro>Wp+7r=$ztNYMg6bt(SKsH%?|l8tN@a0i!#Km|vLe zj32qS9-ZrHZpb&+jA3XATSPnBH5r;rqDyHb9zPBUH}TDzN&@`YY!~FXWdgvY3vn6; zl12e(CH-hYZzJtktt7qwoHD<-e7<`1Tg0?Xa&73p1Y6kzBglps=%Mb;PPdW4CA>)? z)+UsFoiOX`0Z!i=>&%wP#now;7pAMy?MyKnwLi0wo@gDeDX}KC2A`%$FxNIF^@_G( z)tei1ZKRhZVaiw4TpRpw6`u_CG-guE6pP$Y+#+luLV%zS&O_D zNL--h=0di39HLEi1PPfW|Gw356N6YMUK_%ommf1&C2qoI7Dt4`Pse(Yj-Uj{-T-cO~(Ig5}kr1AiUmV7nfrzS4qX z&wf##j)8GzeE!roeQlIalBRm93TxEZP&00U{Fw&CJv#2?oyqQsl<0QL0jOO6l1EBKK{FaP=NTm1s* zO}2-cL(H2RNok$rFZAJe9S6|vv!g8Y;JHMO@$3%n~MV^ISvK(tOMblf%_{C6shECHJe?{8H|w* zs`C&n$}FTBt4=Nigjt?pBZ_6YT@2*+G*?^!5uMbnw}8b(9hF|r%KUQ;T@O9gs6nd5pM7&>7`S=qDDcb+bmK*p@-$X$=hkDRu$}tiw}_BLyr< zq1Ex+79gO89vZx5TaMqQI=Iv`g!nig{ZG)+Ez@%-7= zwrWf-swC?P_#=lb9#0S*<@SGl2^|C^fK5#u&L#w3QN5=$GTugJi4D>#m||>t9R)Xr zRLdc`MsgaB>@|`0rk=7ZqnZaTdpfIQ+tNAj{)5NpqDRSqIABL$cZumq0M?R zF7r0{GY!X#6JKFtP`trP21NxL=t%7rGU!y_CS`#v)8Z8KUKj%+q%DXxHqhb7YPh#E z)<#jCmQ`ssZSbk&-ojq=!8%tXq~X}Kr6g6YU*B|$qPHN=weBX2 zgJ2tltk4zQjUpT4>6P#{LYw1gSIrV+>wsJsnEObdE)aV2cb&)s z{inXVl-T-4)Ram?QRiw% zBadq{_aTcz-;$RJQww*o<(zvP5*&@(B-u#_4#>-x#F1^E8T%B*Q5#YfrF_<^Q(+i( z3%P)x2R2-87Rn_1E~r}IK0*f|7CLpW3FVWBFBv;Fku1q1ymP6((1F7ZH=PUFo^S@q z5?H7j_?4?r6zR1-3kf=Xufqq~YZJQzCyGq*04B28FVUnonk;Du9 zzYn}SQluoOdF_G0{$M~49#5onygT0APeia`Y}9`pb&)AIN3KGicWgE%TJt;;5Zdwu z>&j3(lJNjDT!^hOQUj6`qBa6v6?qz%6`rs}aGHf83yaN4j(nAo0bUjWFwMg?Oz{Ji zE=%DaAsN^umg?rH3s5>#trR`9&J{0NE>JjPCU+9&>kkE45d%aIJ9lw7GX5U z3UQV!(m1<&QM4CD|BNW|^!}g`w5u+`2agB%5Ax%qX?!#VKpCoOtXhxX5q~cgvm7p5rg^&(^Iey)U44rGhr`Yy`F_|W|fxma2$6!7A6{vwuexD zDu7NJ4K_BL?rg|DCDDd`M7%c*)rNJD3ILM0fa0syO;-ZBbhVvAv||wLAf4KWm$ zY+pn+!jx$nlZ_A{keUU{R>hzxXhJkSs+T^qLSDcDB8^ln5JW;;NaJ>3SN4t~AeRop&?d1OQi0eOD*|e#A(&6 zBwi*UrYeJt^T4{-yGiBOs4_~hfy-`x=bH(%8&IuExvYOo22^Ei!oDhU-?p%B>|{+@ z;FWm8z#a7Gp;i}#S3Kc)PQ}3eAcUhd6H9(CtNXrD$f_e(cj96vqpr~y&h$I#=FjrD z&2vR5&nGS-`W{&K`X}yKECx1MA`vz~Q@91bgW+Dmct7_T(WX5KgrJ$sjo`EeV*YOZD4)pcL*QwiKSzLmxG-KxF%Xq(MsOwukX0I+cvb`LK zAMiciZXJ2|r6{w5yg#h*U&gU7^;(0N$<9Lwzn;JbY_seZP6p z$YZRfPVciB8`+E}h`MToE>MszeHC|0w(CrkJWqI}Cu*T4sw+t*Yp8KTwA`!EcYT#m za}lC*fjXR3YoTO2T`vM1K#r#v`=jLY<#6WS)H^Sv81?}>KAL;%w-4T_ zB(U-eKN9QVrJrkJ3!O%Bpqmd^@A%W{sds$d>$CG(V}p@J9{y=G>oadU_t=qJ0h?t`BC!pFS<(+7w0Kn-iJ@90s8?U6DJdE<=yl{q*I zoaxa!Z|c-8T2jYRVdrMSZ^!CDKHXxuDR{oCoA*aw-g|dqZU%&~?-fT}xKr zGkizQyuiCMDO(oWdP3kc@bpNf8?~QD+X{>|wDzU~dWWjqt}M5!%exfj9V# g!rQ-H6=(n3|MtKA@Bjb%D*yoh{~`SIo&bUi0L>gzO#lD@ literal 0 HcmV?d00001 diff --git a/assets/artifactory-ha/artifactory-ha-4.13.000.tgz b/assets/artifactory-ha/artifactory-ha-4.13.000.tgz new file mode 100644 index 0000000000000000000000000000000000000000..79a2d99f927155f5877829ee57f14a2726f32c23 GIT binary patch literal 158049 zcmV)CK*GNtiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMZ{cH=gZFrL5l6bS7Z+ewp>?7n2wm;KbXJMr|z{#i~kIWw~k zL_!kU6u|(XZB4iL?1OyY%k7i=4sIlP6(zg7Ct35%q%9IC6o5jZs!*tcl;a8XIiU-8 z2D|$+NV&Iw^YE*?dwRWI@A1Qj^50&sSNyl%-`)GF|FHLP_wmEWPxhXC)$2d(@Akd| zy*tFA_DL9r^sC;j+bVYMck;j}A{=r|A~xs%;6n~WGWC4Od5Anrx;_#Vf>AI4F{C^~ zw6YjQA%YCK5uBp|$Wv7Z#`q^h879#HT=qLKj?!Q1fME#c@I9d*hW-Vdigy!2=a91pV4UDE0GyDJ0T=~f z{|GQd1zfK)BLc}8=P?^}yH{6N-unp^-68X?g?hJxeSwcDNa2+?#e9~G6NacyB90<1 zE6M6zUo0NhokPYE?J^F>A?g+uSV*QM_fEX<;%M5rK#MCv12*Wm_V{&NAfb0$5THvE zv(6mih(jD9D$Ald#Nhzoh;bN(h_e5acBTV>nh&|G!P~4NfE@hwl>l2gVT>fyM-sg0 zyy|$Vx1CEflMlWAp4aR3I$xTk@1GT(0(oA-FhT5&H-JX|-+$73^r&Ct|9ek%@A?1d zcs9TRn!qIFKux`1papK=bvD4+3^RZkfZ&(m+c&P_vK$3qfDQeNF!X)I7~nHxYF}YK10OyB z?})y(cj@ApQlSn#p65l|4zq zaD;q{I8zV+aKU_GK)gl^_4OT`Bk_GhaZ+!X?qI-&5f~#tE)m5+fFh7E(RGEEr@15Z ztRV%2rk$}~dlDm$!>MZN9pPvIj%k1>AQKQ%G(i+aJ`(fL-zl~Lc6XYgg1wy*_Npa0 zxiF4Hj2M6+Ba#Tj6ke-gVqn{VmTxnlI~@QF1_SWnMh~KefEw5L1V^ut{-HL=^r!xo zjdY<@@q?c*PUc4u=KI9#XD`tdM+5M&Q(L0&@h1`{b5#BIElDC?{4~M=@*yn)+yGic z@*x-F7X(Pi9e|5bWfFIAg~L!#iBDpzzHa{Y)#>r~=RX|3JwT;c!;u8AoiSCI`{!0|~m!PA6F zso9b(H#WejU@LXPu&5U%g6VVv%;FF(x{_|YRzJQS$+o@~8$&1MTe26D>`mVQy2eZn z?Y5q!YKCQ@jw4_RBy#*hj%WlqzC_{Tf!)m#AHKw}k`ZVIjjko65NKH!g!n@2IY}tA zhx98o8i?SHi2EKmk*fnpc3jnfSo1=U0b>-BD>aP~K-X{{%dK)bXRpM1cgO1OadAu) znF$teRzUqQmca}JR$_k^gP1S`pg_t^Crop(@dB_I`FOHW186th0fiR>Mau{Tki*w# zVfOy9BvYxEh|Y_@HF!}Fh;7}c2yzs79bhUCT^P)9)P)J35sLpMHQp{AL%-V*|CPG0Y<2)RO$6JdBt(j%3g}6QoqwQ#m8*?<>gtS^6u)jLXp+DfnV2#eUa*3^igdR27-4UUxP&I{K3a zSuv=ZChXZCjd}P$&4gj{rDj)5PU+SxUdFak#kCZNbC zRFd}ye2Lx5q{sGxhKKnS!;<{C+jF$qQ}l%k>G0dukH->4bVuYeHpOST?K%_;GV zHspK)U@eLC?FRTU^2vOT)JlZ{UqGU8VMCRCNiGF4pC^%&I+Yq16UGJ5-$JmBC)Q6- zuP3v%cl6Y%?q=om1QzC1o5y4#z@jFoKv` z#^TeDOl^o)5ObkdyTKR;sazCQd%p)pNRGDTN8%55f#Z&-@QP3aT5}=+a^G&m*6T$( z))WLNMp1wwUkZZMX8xA7Z;W{a=h#>`#~~RT6Q}upm_14-uJizjJPn+{DATSc=T{@w*#~ytv*B~Kq*<9g)Vq=g!v+U z!AXdy*=ZzqW+A*pw*!%hIH{e0qTdo^^W{03%gJ>f^>^Q5$GrCAM2t+YH`lL1JjYel z`rj8TJ(86=N|tzcd}hf9Cu+t<|KA(6vtXun53pV4OV8!n+j$@WEl2|1{x~`_!m#1= zfm!4M;t+?*?ga?VDSc8U5_m8UDess%whA3ke5vM3VJ+Gd5|F?-q2U7%B6x}9jwW{p zG1&mkV=l-rp<%w}m6W=ra$|KdlT$1KTyq>VKEYT4iuF=>AXNiCL(JIbM0-r3Y6|5W zp9w@$HR5$DROl9&-DEHpCk|osdkYst>p1i3wYb$+g7@y}ezp-|6HG51oQ_uJQy( zAS(1!z-LfuenzjnLP|r-ETEhSbwi;pn(bbu#>LxpN1Zd-h{cp>gO=!?Vs%Lvo+uFt z98KO4enJsL5m!>&z81zoOfjLDFMyPd)7@}blv)T?-HS4^C6N;F-yNSF0vEi6*La@H zmF$B8MVLaFfszu%K;Z}lS&Krc@0mv|75!mfO6jr_MoY>}b`t6!Us0}xRP{F#5-HoX zl;O2@BMbgm=th17bPednf4>G?sW>UCr6g(+qX^6qr`VTP zL?xSFLL3U9vWQLdPrN7IHQ3HpGux4S3LKM5tzVrHjgj1heyuXuiALY5HqD0ls~DqS z#r*y%p-3|$a96c63PSi+gYE!eHB>oP3SlvC=|GD?5DKS|$Yl4$@|McTyH_KCE>Xl2 z80H0YS?-6SP}rf6_YN?votjwa>ayfZ=wBr9^0E@iSJ)VoNW2jLmKGBr5kSzNI2!GqY(@G6#>nYr#RDctUob zn=*BJH^*~C5U@l)Ujx2X^Q{AX|_)B*SSHekB*1^X>@Qz_4V4=v(Z5hOmGx?T7W96o zbw*XxWr!znO2VeQ$D%}H#hkTCzftxS1tR8WLlIBL=&%N=5)apn{DNOyMF#R zCyAeP*s)u)tXke&$l)iD&%n)1*I4ZB-luRcZMO`&u@ppo|LR(FY}>6Gdew|s$@O!; z3UR;*M|5@Cs3!|~c)Nh}@b^n0hCi%KBSNi`{g(&XDGzu?QB2%~hA+C=@O&ZSDUk*% zZPt2cJ)0rpxDgol0HK^PVEh&|Ot77ES=wo;&t~L`0h&b8q?Wb`AOn;T4z_UsdOIo6 zRXR20=}zPChL~{|asLYwoDrEtGw7OI6DsX7Clp`e5KYk`^I@oV@l*j@pJLezbd`fT z)Bk!_mCwzdD&d#$s{mn`h%91%X31E=No$+0InM-Lz9h2cB(Oc(bYBp{(zgZiEic0D zepd-W9RQS8m>QRilUlBQIa03dywdyM!q`Hks(4+iYSs&FXAXqR5okGwbrWPCkP^7RQLOjou zohbEUwMI+*R_gp)5+LhT+Hv)G$+JHFCnpq6ku=q2Ua^(E&Dq6P9Z_ilMF2${Q_Jh3 zqPL&1t9l(;MwuUmk{@9zcg`fjza>bYd4dbH@W5fwh!&9mDK8UwJ|$1U;M}hCwQ9z= z#2N1*Kq75B6m|Sm@ggyb7z+Uvnw~pD*I;kgQ6NqrV*pEfo1t*7YHzu&bZN5ofz;di z`R0eW!_nE{>G|u!Uv9Q^fAemSi>0o5vKj472g48rx^u30llSAR@UvEp9=$y|K0O=0 zI~&-(`|1o;jhc}alZRI{uy26B5*z{1KWVU)TBG=r@R{`YRE~Pm25C)cslOw{ zxjJ0M%p4o((;TM9Q_rGyiC=XdbhV|kkhg7`|l|2BH1gAQA))(6PO z`%ADic`%j9wz+#9#XZGfmB+2qPhq zwnMc&MuY>3)WM2${*oM!M5d^=8tPwf$kf_>tmB0$tC~VY`jIL*UM?o%^kB}}(>>lC zeX0rxLsT!e5vsk{S$o9vBSVyZ3!~s$<(<1BU%)6(KiyL#PiJv7JDxrT5q;KwriZ@z zw_pNT@f7_=u0z`$8@hUTKx}O2c>;PUxk{&|U?p?x6Xd zjjsIUsgoA(dLBxIjq+N2FNP>ZCWDG2?PD&F?+w%FSV~KQH^OKkea$j3a~K!*CA)s6 zqvZ7mkIe?)qiZ+`@@E7%*>)`otD{J*jyMG%C<@wuKw?ZZ05!62H1>wQ7tgDuheaGF zQyek9=8q$!U5Di!pgwLXF9lgf)H#uFi(3Mu{tRCtmxMv;ro+rfd4b&ZLj)sv;3{8U zp|R+o`MLGsL+V`)ocY3)-c_FQJa>QxZf>@8-|CJARyY6O8~;D4@!y^;!gzVQ1iO)* zCFUj5cHYe3ChI6#5-@U;m7@m~U1CZi=}~MSiqAg@36#)5XC5n z5DLs{$lS9P!_oJ80c5fm3Od>;<}hpbC)4aen-G1UYZ*Sk6+w55gqk2_q zCne{*-gkYcP2IP{zn!1`aC$gA7!^S5DzDdS2>bhoqftZUM-6qY)(`)7b~-%YKYsV> z==%bMWo@rhHLdgRP_*Az?cnA4$?@?U*~j7j+0jpjh2s6<_}Dd$4&Ic@=ZnAn<$QFw ze|mU!e)#UE^Ph$}bYA6r-xcqDjTWb9VoS9O(0rk#Pd9?LHB!l^+1CrS(C5U*2gd{O z3SR@U(2irx)#qqFMpWwJ3~c)er6}UzLRr9Lisz6njO?K=LrNJmP!{m)5}Vq>0AMpn zQDEG`LNcA=XqsJpu*A~zoh63Wm}j$E;O55mDf_GLi_#0ULH59|s@*gE5Tl5Db9n9f znMd1myFFD<@jox+OJ3&DmbLxigR6v%N?WoTH7_0Kv|0%_wupSsCls9!5{~e{kVMFS zk#7@EfOkF5L;TyEiAuTGqO91}D=J?XDqpM0*DWf)pI@gJL~?!d$=qW})!F&sdmNWh|`jxpef-!4wlL+g1^6WC^hv1uPzi zR<+H-=!Oif04kMi3IQQ9`KAcJZuVfpXDH(8Dp33Jv8z2#{V&>7RBKAefaw6Mcdu}` z3I;|&%Y!m+^T4V{xP1pRN5PuWtQ=ltgtD3xNETi$hn9E2&7f;GQ*l$vYEfP5E8N5p zPeQ{1aNY-Fe_-7O>dJfmr^*f76FLmIxpA!m7IU;3Hf~*djdiO_m2c|k(=_!6`qsOz z?zp;b0SKMiU=HN#tRtEBzN}eux5#St!-o=Gs3Eg~nHliJryR}(#mdrJTd*6;O>M#1 zzcjNoe!Lm3bKBn*wAeE%ynzk00&W_Wns_Lw?`;aDx>V|STP95*F4RzTbxW~2ea*-v z_5ZEwZC%~k^}3`FWehUE;(8qF>Q@YSzzOQLErNMHYtOeU?A5=N+gM#yZO=GRZ zBT#htZwt(-WS|+hRf8u(jHOP2K)V6H#Zkgh9&1z4(=|NpFR06ckKnh2WZR(HmIiB2 zh}!8s{amadr8Z7O4V;P@D6g49Uu(A_r(u9f>{V@24K)%PF6GC?IwiJTw}+G(V})vQ zb`!OsT52P&-3W|B_1ctX0JNdC24+W5913}dl=yY_#o$!-y|p@3IvqQjnDewkoEy(X z95^AA>l=y($LSH86evP+CGFra0{!0ZLjYOM)sfPQbU*8yN^{ml`b<4F2LeNUl} zP7uW;$UK;PdNg0A7yTZT?#GQdJ;KvnnXh;M5ABj z$jNsTCXZNtHJ%2)+EbR`;8$gx$YO!W`>arf9tbc~UJA-~pKH77cAtg)1AVfD8Q^f5 z-mI5*OZlkaU}hgsoz0MCkxz{ikRp9BEUyqLoF>vqD)JZRfFZ<}C^8Wp1jEGgS4_!R zT`thyPsEEl*Yj9K22uAJx-iDw%f5Dc?9LDjxeD}xBg`=j4^Rjf=_D&3^$EmbLXqIv zY(_#!B9&h4k5q$sLeXVeBH51(q$96*>t6ki`=D=FeX<_x)pg-7oulGIfn6o!| z3Dq1w>r)y|@@Ig`h+V#brlKGopB>uK#PBpC6zP*{z5Z07Ey-}^@B)D(u7swrc$t0q z+dMR}sycfA+lT%PjdWav{M}n$d^%AMw^T~w@{JmKeT~rUTTwC}BYHeZ1*v{|LBx)e zA`crgH!7g~sK7{hJ%Rn~qON3r+J*c<*)0k@vtPZi>S$j#$91ZzInD!cHN*bQuu}$t zMFi*ASFXiEd^Kmk3SJT!NA_*&Bz{NeaJs1|3Bv~ht2q8Bgx#K-FaOKE%wGH}p~xMFWZcPQWvj*9vK{9ZiXCP!UC=da zR*sZDyn>k(kx(#$H1J7aj@9!`7(;$4J)+;1x=c%9-m$viWXiy^uU%K(v(<+MseFk^ z1YGyUa=qMcNwlFN9eQb?J9*+D-5$%TNY=Vp&Mr96YpZywEsv@n$fIE+Rf!@8!?U53 z7G4hbU;lVw;rvVyl<|jq?mTo}Si09Ue+F@6zmaeC{84~|=Z<7v?u0p#46NTTK>3lK z$qw&jSrz+NPM(EXeS=I)K8~iQ!Sr{F22ELzLac7l%qNA>6oE~aP0%~Zksp9f1P0GR z5^)@6L2cKZbHn8i^*8yJeZ&#p0d7ti&UK9?W4AmqA3jvzE3`Q?Tta?z;T5FF={EH} zXWz*++%>J1D5LVrv#utiPTiE&(@?Pidux5s<|>3$9^BkK>*fFyp%=I2HZ2tE$W}^# zI@N<@z3z6wNXG$^fglkKrSIAyuU|#QK@pg| zL^F7a34K9H5(TGZjH74W+=pTZPQKU`ZKc1K z59Pn(%I$Vv5vt-aho(+h4Iuri9)=EFw2-bY&z*mf2r)+)p`JTZ zmwwO$<9>tv6dSA*1qJgCWNap7)5z&b>5%1v_~b>zXRDA|GqaT}#hoy>U(Z!#EkQsp zB)-qO^6%ApYgBPXbL(`olK#uHJ4613vIxJ}>j|pNeizH?L-?cM1xHLpVG%(4&$`){ zVjXS0dLe_EJ?omEm7}G=m4^#dtj`$|JjTddSe%j4`#O;2Nv4R?MaCG!kEY6?y`e$cFH89Lf9yv5_fcFAaaYWYUC2L7DpI92X3(2At>NyLu!ry+?EHADa=O%z0c2kXh ziHyn7JQnY}d>%jRnqTdVEuV^;ug$qjy-OI9_rN0`?PtNEU&sT^XWg2wMKeZ;)33qR zOPFEV9B(C0*B6zTi9!Gx7VarQJm7F%c9OS{CNaMd*G+NmDMF#-yB9hcl0(VT1gqu zo>M+ns+K3*bh~7Gcc5ZbfordBE!7t+sJB%aEKu#VhC;`4qiuScd)X*Ie-5!Y*Tv6i z?Yk4IxUKSid!_qRDckF+AuGtH<*EM!vgB=6=lUkawNc>4XLeJ5X(uyEd<+)y7Kv;D*Bl(AR9>6jrG3mJgHVM=4>SIe~xf~ z4kMo~VgcqgS{zl4byM*SqsCGz<0tQ<>v^rfC;gmjKYP1!d;0=i@|FY@R>Ehw@3|JO z*Q+d*YE8DHP#_399;&gjrLoX5OWq`-+l?AIOxDnkAHYS4FXm3M#*@Mt>QI*JyD9F|AyN6{Qp} zt*mV$mX%)@uM?FK`!%ZCN2-cdjgR$pH9VBnX@sW{3Vx*FsfkKfMx~}?hD}|8br3p% zd^X~X5b5;9b?6kz6_F`^UXDtY#?j7$C%sAq*4EN%RP;O3&s!_yU*xRwvmMsmTJz2% z%`dNGe>MgC{@CdL*yzh08?DV=?yWd$S#feq?p9|LQjK4(y0tt-Q_v_0QH?}tKD9^9 z0`{z%RxeMY45nOG6)HXyx>chjR8(w_bE&Q-mZi8<>J)5mc*S(y!uCkmwUmlrgK1%R zY1PV##+g-5wp1f+PqZxCNXvOz(SXtlYAY+tN(-v3DQi_=)%LDRLR<;oRSaUQ16<>v zx8)h6YOL1eW!>AjK#K=pQ-z!yJZ}p)OD$V@7;SGCA3n%NJ`4AHlhm6kM&=fJR6VqcFZX)Zy`EJ$n#G~h zw4LQ6u3!|}^D4a~FK40omct)I{iwZ1C=2E;E%lo(F@1(3lFz(6S6Z^71h7<&Eep;|ks9?l1as}ovGGV&vhk_Fov&aM6ItvVV4*EM; z<2ozI$xr)CoeHHPlHLmVIzAEiXD0WEPSJUZRII%Wl8hMJBKooiZf;zeBt5?L-DeU} zmx!%B(*RcmrzThc%m5tf{8HPA4AfISsspgQW4Ae9n4G>ThP@@<`_+p$6`UeeJ7DB^wh zY6KulgKwa~Ou5QymZb%RX&PNoMTJLKi&$_xc`}Q~Ap+xt3Sjm+86z4Yj?y-b++=a7 zc4QGvGHw9g3XEiiAm~f!>*z#GpoNs3Q?O}Fq6zbG{CxAnyH}(0qZ6525U6xj`Y#pC zSf(!(b74=Di7}jhG}BR}i-sATrO;NKa#hKPG4wHCm>_fNtt7JJSjQ{<`#)P#M@0y& zoI||Dkbj<`NYl^v`zJt|E?FUV9Z;b^wzCYHa$;nPnwVmi<>DeyxG=o3bfsqL^4IaX zbmlG?fnxSOoxU^>ObiB>F!E*atvKO2Z>6*{ZBrD7&`0JSM-krlVr0C2uyj~Czd#FJ;XlOF zTv8Ns#q;v;`=fW@gg(E1)cec1k0?J+XlMhyy1FVt)TmwdyP^WCAB|OjQZgpI zd)fEIwL&jeJw!Zh2h;zvLy~f-$YfoJjveG`bW5oG5h1!AIAdpv|^24wkeRX^_s2CNy zNAQZ}x@)H;OS@W}LbLtk{B8%}kr8s6++PP-nbbwqdY3tonwQnimsX@#StRqG%#TyG z6XXEw^$fCAK8u6Wx72O0{3&zg%g636Io9Pdt8{opt*K!;tSL^0l-(k_KjfV>&kkuN3T z4(?)w!Yk&~kXxRh&AI>JuGe$n*v%29IWF^Q!WhFE_u7_qW&#Y^Twivp^xsK^QBTNM^|Unws~C-w+2 z6}eW(npZQ-kxDiim4dCCB*NPXLz5%~cw(Y8n@@63pT8k6cnL$n)@T~#c9aHZCjh4T zOpi{${?WmyI%rN+ENz(>$Xu`n(ugF~N2jvj0Q`Nc-}BV}9(DJ2w;llbqMyD$y{Y?H#r|e9HCN^vV_Up>3JSd8dx;N(RG@vs1C2^TOV?0J;>ptRkMapDWqlo z0ccV++!z#pmZmh7T2Bk~Mi;oD1+?Y+~ z*}SD;jb&v^h1l58>HgB6FjPEKlpLfVtD@}x6<$I>lzJzvgDRh}G1|NrpJPg-zqL`= z%URg7;LT$jf|xloG8zdFoap3(V&d&Ag#y(3H0_@mZIuLGrj%+(5>U<&06~D12{Hgj z(Uc1O$ymtk(nNZi=E5*5rc+LkQK2AW1u6|hZt;~Fk;0iKooeDyUAjn386GBG4bt;N zDE4Ma-&SEo@1{_`YD~%X!W}1*38GReamZxiw5*&9bLO%L$1&nX)z6pU8-+BzkIiVQ6<-*3+4QmAPk(z#K*i48t_-vsoQt{8$Wq{J(M{_+}!pN zNGZzG7R+2hmMOMCs?DykbMla7iRm-DLpJLGGc)HZ#;neTkuW3{r+?(c8^d44sU6+)Rh=fQqHBqB?hKB7nk5D&1JJQ>x0jQABoYHVVQ)ysJP z1$Mu&0rsUe3Y!cCm;#EJ+>2Ev7qtPI!nP7;m#LSC5CjXhso{zY8Zu$OHOCh9CKfps{6X_bpj;24#BB?fdnohqt9JQxJx37y>Vgiu)fYL=L?M!nt zCv-6YPXBxCWUu`=kx8w4^YmpXRDsH>yA@UYjzRWLWvN_8)ANj9NMiOAl~xJOrRJmJ znrqP6nh|B-m|UunO693kVY{9)(SxaDy}1_sOyAg9iU*+oSigQhzg}uOk0oRIORwKc zU&(}^=`Y5@qNPpl!MXgkLN$@ZZDo`dOEs4jRt&G0a!gT>g15mGam#>Z=-3dmA<869 zpmSV~P^j|wY5oWRCn2IRI}}ms!eoLYd4Q7X3etUCp3LJ3a7+nDiW>8nFSM8*3?q(* zrhc~2e}W+nw5%`t>@YInj$jGS4AQ`P3gqFsJgZP%y5{JefrtPYaqOB_bE_}S(aK3o zLNZ+lJsLRq?bW0!mcn<*)Xx z{D3t#+xpJ#{U_d*C{l>93n22z>UwP#%?GLx7**S>iM9YN2 zY3935AuF+9NP-4%B$%sAHmo)*|W!Q!h;E<|wsjd$2SAj!w?UaA5o>p(G#;P5IvZDi(^*Lv7+PA4R!m z>Tg#poEN}##n3+Yq32T$T=xPk#1HM1;a#AGkZ(2`(He9*whfLUu4a6H_!=!(wn^D^ zK#@8nkqTgs zAHKzod8_3wA-TynMs6!s>hFG6sVeP6o+InM-lHB zg~HejbAo)?*pL@&ds$lMhgnwUCvwu?5lJafE*EpJ=L)H1702e5GACe)IKXq6jS^0~ z`i5W!sCNS`6;CnaqWfC5XKq0J3q&=u#KZ{hgkdhnNjY!HZsin#m=Z17aHv^AoP^;C z39-KzfTPJf!cPRnM$*)`0Zu4Zj83N4RQiVH^o=7Bq{AsTWqo)XCKBMoLgjDy;*F|dLr=|Il{fQb3}r9N{SZyr=JT{SKsiBNFV5v5 zwwSWW50hY-$N!+lkz4lZy0RhF!<*tDs>!=V5oc*fG)-A<7eJ=Pe`+gQ|)KU$KfOdNitG-twq-I@g?&n%!2fGh@ zy>y(kFQZDA)L3Lpf<<)!)rOwNw8)c3g#rvkHAtxM>JTj*f{UuJ3_R>req?EhIshEa z<8#5!&gJD&J(iDp^L#NuaOZjt1%0nyH41f@hGcp!#Bj(JlLcUFQ(fmghe1Gr3(U`i zAqxJ!DMsU5Ub_4za5nY!;Q-@&zqQFYm1Ppxn!>*-=<2f(`lYWt7BR&*IDnmThY*hj`zhv+1CejbO2U$sqSWF^@ z)R!X8Y5Cl5tCXB6)wn%(cH2J=t?$_s{v(?!CAzG&|7B7S(DR&eqbLvy!|W8<$?^vG zOU$JY+(Xtb}!bffnn) zyFiN!o;Ks0%lHBMV$xtVdNb(HpISXek|n8)#mDhXFw1NX3i8axhLI}#vhm?x1EiHS1{_a-atjfd zfa8FV07rq?3wi>lQeQk!fGUQ;Ee(vD4IZ9=?eeB7nGSdkwzhUGS)Cyc>dJym=FiX^ z27=9?0_6p7~`%oRCFbn?qn6Rxrn~N3bM{{&0?|<-|RoN zP_}ohe-jR{1pf^Cn}XS=c#T9~4w>T!UnFDnK>I1E8yxRQfCTsla!FrFm&}AAU|;=^ zP}B)&>2=0F+O^taj04V*}`@WSX- zZ+ZFQiU642j3?&4{{Q^<|J65*{^!5{AK2C=J#|+4KmYxI-w+>$|MTDfPaXCf$~{vT zQOt3K2B7fB`&e!0H|_;m4D_G!#J;1Gz&ImY4j&B;kp4h>-_B5~AI@ zP(?Jx8=$D8q#uekScYCnu~VOHH}92vy6f)Au<}J2<+UJoh{!ildO(OTQG}Rs!4_g0 zmcL?3#_Ie=e?Ji~>gGq?h3v}fOjL@Ym;J7aoYb8m81k9!80Hv;2PlNu)mcRm6Ntlv zqO%!AY(_$PvZt7t5+c*$k5q#)9C`Xumt~0*-)$frd9J8?^*inZQw~g@tOt8_U3lE9 zLiSNjzcPXxjozeQ1vALg#b=x|vW+Dsfm|6pw0#E3HzMp?1o{~0EsW(+reffN(mTMo zBA5b$hI;m9o~u2~+tpG)B~R1TAXN^(B9U_PbCuh7huKY&IgH>G1>nTM=in#lUn-ZS zbQv|ZPL-=3vvKjt#Gss712n-A3LZ!&R&&3_Tx&^NAEODO2q=%%bf(56Nxg9M&a2u7 zS`wt@9b9HZ-|bQ1&&s_tkvZkjbrt?PwnKKb4W8MrURZUshmqqt zRn;8lfp+2wFq0=#Ku3L5N9hcc2uD*3UJ_|6z_#=zG8?PBP$-*`>0_&Qpinm;vPykQ7zj(Xaw?QEN zBMk?@F~0_ndJiAU!RLt1aU{p%dkTG|QhUe^sAj*vMt*kB-g3hS^0FJ7SwCFg`ti|H z)i%EFCX9B+IO?M45{$*Dy2vWvCo}}ED|R5z-+kisyq?z|JnB7uT(dLn)$eBg%1x_w zH?ETrK1;t-N|jEaU^drv z0b~FIhGIzNy=`;nGz~+Ut0ZHOL?&A5gVN3GQna;@OkEhkaKW+9+?bL%;xm-w~iA9BybV;UD>94h51bW>B100hFC}Z7^=VJ&buM#5XaJ| zPV-^ChK)mgw$xqVObGF$$AV+M97AfoG~jw(-`n-}mO;}IzYE~Z+pqpTpF$uY6D5{) z-yNSFjy!(NZ{J3**Xuog`0y(op{DR}|5301=&Sz2-oxF;4})r@<#u zu_2uxRF@NC=ypVSbA?Qw-T~V+NmnxH&Z}EK&W?0m?0nPq0Y48<-yOaC9<;9UP3Idi zuz3+)bpc$Ug}h=D3EAXAr>GMh?DikztP20N&5HFf1WzV&%9ABNJJ%<&}(7wX<~ z^ED*d4Jdo&D^*x^z!h)g#|(H=Z!@0seDlNTaR2o1?EKyE?V;}YQp`W$)3MH;ZEx%b z-u#~6D9@Q|*sLk&94>jBFT+Cxez)hKWge>g{d`%sTNCaldp;iz{p<13ySw9{1s-aE z-wg--H|L>-x~y(*eKyQL;Zw(nimWImj87?IzlFA=W9MLaHhei89S%BYMBPpFd76D> z3>ixA>pzgeIC8=BJDN%lUY?%}N28yQPY<4NZkr3EQ^bMmrlGK;z2a0ImU{2fw>LK+ zUqx>st!lbNU3>corWC~>>*J32^q!F@hJ5zi`5;X~))=^^S2qs$2t+?0KLoBDAfE(i zr=u5$)vx^EjtscPmWK|)*0TyNU#|Bo`A~!-utH)XSBVY{U4Bgr+?fy3Ij1|(!rqH-PCvtHq)W&rjsH4+;THwd#tpW6``jOz!8^u zZ#cXVg3ttAr2zm;5S5%GOq`5E>H(TYY&d_d} z;xx8y`&D;xd?4k`!f3=KXiLi>aC|b4NrWQ)yyQn7sZ3x_EzO&o;IgEqa)XKV1JtgA zE!nK;5BRS4U2mWqZ0wQD&Qe5yY%Dd?+x6t}VUE?|NN3}qq|wZKt^STg6dCgn&L@l%F>xWq7r+K)$oP;h!U zIs?O#BM%%+q;6#bj9wrVtJ8i17nb{_gEXY6loaX(B`xQ=5HF6S!%LI~x)D=o*{Qw! z5;7wi1mK6EX;j&$eXfEj{&nQWzv(l#c<59*r51~KHeUw2nsBu?-0wElj=Db{( z_@#kJPS0L-e;9syq|RZbiS1h$1>cU4=&hK@IiUyyh(jDQuSDkR-Zi1shbt;bkY{2% zdGF`fsXSFxL5A(CEPZp+`Rm)i7Nckev_?uY8`{yyph<0R9PyhQBZ8is z9=#o&{&N0l_b`LZEqAbj$X?U)M$$1hw!^nC4^KaFukT>bF6<+3VVo0cOzaB#-O-6) zP1zCHt*C@00Re0VTpu`c%ln730Fyv$zxkm|Gg1>?jR5}PfEO<;G@ZMc-AZ&zbG;PX z{KPe4D!BX`m_&ZY2W~as2FQw|S?51r*<7qV=nnRtV2_qbm2GwTDzS z_oYYFU~$(2T3k-b)7+>s%ZD~K+f=NovT5gz7FQaZ(KIFGkOlZHfgzq?6aW~=Ch=GYoKDkYOIN%!fGP9nOyYmrJJlhi5{Q&shj2*=g1KPv(KQJG2cK&(ny%N42J>S~I8 zq75$-aQ+u;cSX(1SSNL!QJo2H>0Gm1y7_l?^PMl|>5$v1U^*$=EkaT3)PdAzj>W-E zfjjySrxk!@qi3xaA$ObbkC5dq_o`AdP{8t4BMUpVG+`60`r8C_{%CIV1Ls=@IOon9 zqWJeF()eifCKpM5DcVyMxhn5@w%TAQDS?R%lBgP%+4HU>5wd%<1?9IsB z*y`$=z`^nbuLHg-i$vZ8zG*YE463YU1XmQ+%h+O!J{O8>$1~>RZMpUS{!(urM#{;;>%h zOGjOWKsm}K8+nPQ#-(VvFjrTDCzYoF}a=IX``4bAze$ z<_>U7RST6YUe8+aOl1oqhf~{DCjlvw$1qD{wY@?s98R4b@DXq_;uJ?yn?5Z7n&?c} z-4EF{^Kv0in|yNQ1GWj3m&{9;*zrYns*9*tX**!YZeNbY^VaPbx(F)blh<}ziBhL} zf{P)}GflkvCpHlJ_)-W(%8-4@p_LC{U)xZQUYA3)m#E#st)Sm#@xwSa7Q&^=9>%em zT5Clp#xZyfSR7&woPh(jYt3GjoMT(s;k*JR+KXbRv;bAJ-g&>$9#c6q+DNJb4ca*} zd=f8A1gYiw3W*o{X*NZ@pGbF6XJ5i8!Iz%e_`bCJ+yDBf*8ek$5#^@As^qPl)!S(H|Lpbp zd;Prs=Wf6MWbfYp^K(4;%#Ia-!ITIJcpNsCDw)T=bjR+WR!_tFpX10K6T%s%Fm`>4 zf;AbylJ(#3?>;K7|J}#;{@~{>j9Kz3k@_P^SjsmbYSx)SG2)R*|6NxEWd@b(J&-G}q7$0cn*PqL{;} zHfx(B?UDA|(1o;f&!BW6P82YGPrKsDuE@gMnQZ@m{=}Y3pM%-~PZ**(PvCM99JiRT zoyt?}{GVT%sPCWFPd)#)J}CD9S6vTYeGgbB|2=+Et3rso3 zuy4hobCmUauc-e$ z+Pk;^e3qwR|H*~t(HVqTtpt!J8M@sH&&X@l1zwS0I9uel|Mks{o4qmTk$0@5HLPQ6 zEUk6Bt8HuAWcEeozuo$moL_JKtMh72LT)Q?An8{(D%@XorKT^F@+1<+P> z#7|~toci(ac5lgx{!?F_66@vay=P*4+FKfzPP94~YOp|lxDP4$J9%31f0IX;x;UDU zySD%I9z87De|Pux?(ILH#USS54Oo3qUi}j){3}@zk{BQ8Xb6l`lQT zjZdrfuY=#ObN2gHoAaOD-O~E+-|PRM86{&JN4;A*1NOA{XFe`e$lX5=xZfB0?=VG^0O2+F$qQ}M50Xv z#Cjp!h;k)90_`Q7j|=&a$SEJ@r-{q(X_$+FM&P#u$y|>r z($Ve6mZkEYfHjBQpS`h0eQma|`h+bRT0w#p%zX^~i==cs^eNc8YUzImgSY#7&*J|8 zEdHgO(0?B$pAy(ToB!Rh`8;#Db4Gt}y}f_h>i;A_ZXAq1P5iI^?xUjpx8LvG>;IqS zX%H=B^3FMqhL;eBa2%?zoc8Xd%!u8~{uptXN`oXgz>FqRYIvCh)7!fK3p_sm?q%KY zs!Oh2X9Ql)g;Q^9OLvgf5L;{8AmNf3vhupN-EIJ|NvR(964BkelYYvlJ^yDMax_Uo zwz3CUBmeLB9zA?qjQ_Fwq<8QC`B@&Dox?b0*?Hbb&-Z9${$1t{e{kO2=tL(+Lk)nw z?{5_FdUuL!GmuEUTVu#|rcBn%X?3Z6t*~|gNa6r;G~yI;G?fX=+$M{Ggp#iVK7z>f ztDRExZ?i=iXc|+C>ctc0kX{GvwW#?v{cTCz>&O)?bawzMZVRruHohxDOKnba4x)%~ zsEu3MAS3^RCG&3a;<7~51YuX<6Tzl;rpMHK2^o^1texf8pB)vMi_PHfqsJ_n=OO-n{zVAQMnkW6rh^zP!Uyord)BUv|PLZca^D3FIIKBuWf zS{=S*iAPG?rg+q>>ocQve7%7J0~8{T4ql$fR6!ggb{vg3q&$f$NKKV?gRvW@<^Szy ztVCrcI+HKx9JrIq)h0w|f(gc6*8i=~NlSN5O}C+^y0H3E`MH9azasR6;yI)XO;Qb9 zOq6#ggu1b+@oz^~tFSJWAL?g_1rq`jLV@lT5Mu*40b?YO&ljHOIZv&cw;$RSt8qLp zkc2{h6e1K0>^T8249OLcC9C@4lQ{xOoa+Y@)f+7|jp!7IBy;~Z&(#cv2>cy5o7-1Y z#DVLw7zc;~*NuoP)hpLd`sI#*dj|GELr!FqPG0N~gKoD;^3_9N*(C-weMQ$C(Fleo zgbI1D3wB@pxeq>qDMc~Z`cD9UI6FJ(Zh?;gUR{8#4_fEjz1iAvz}L@#v)k)A;Ga)( zYc?QymQK>C;F_L*raDPjdK&iZ+5w5s)6#UG*mEi&eO;o<91pl-c2|OL7{iuN;+)F9 zRb&iX%NWB}-n1x^kB%O5y+^m_cEt{PhW|F;Zz|o%MyGA3woD6N9 zqB*%lD>oJr#=o7ABnrTUgn|(Y%|*-x%aNH7d*~W+PX@otJS56uuXs;zB!hDbS-jNj zn$lL9ch5k7+Nq&Ooo0X{hWJqB8W_Gt3sybM3~{+VtCC=U2xM6ogaig)LdhH$1F7@0 zo>A3d;ipL>OcxHa`qc&yHRV_s@<`e>s0U9GxAWp1(f)nlp;gPf3{tiZ3);uKBtU#zpvI$5YbXFRfu2(L0xg<|^RuYh z721p>kGs;D$}4R7CRk|C7{aRz-SbOmDE!bAA0AR_uG?0zkch&A& zXCk#nWf|($)>?_5^}T85tx$Fw6fni0Gymoj5?C(I`B1X$>v`+~$0roUkfL-I>{MvU zu_|K%*Ju9X+KKo!TJxHQlovUU;Lpfa1l-fwtzMa{>$D|hovy39WDsp$n<76y1W%?{tFK zuo5+Fx}{v>-nxWU+5p$z0&|3x&I^>&!RlIYvee>EBcC;RXlu}c7IT}Zt{kDe$($IB z@02I5Vg*bhjzbXn!2K6+ufT4VJBge1#-0|dkNS|+iXnAQw+TK=PuW zH2dtWfM1}oM4B#MNRuNCWJ4UKBS)LDDnSl_f)Wwb7$q@#Zc7Wv%il9+ejPbit%zC2wR z$6~CimD^1VLfH(X)N6yHX-$fT?}J8D()iM#+GTo6U5G}WY3cuPV5|L%XuvDp>UR2oY+a=)0*o5M6z8sDY z&wm^V?A{)(YqTkF!)gRewwcVK-C}2zb(Km{XWnTA;Q}r40IGET+OaDlyl(Q867D(` zNWERE;>9v@NV9>IN|e4d$*PSMb21!_em*`u_*4{=&uFqb)tLIXqns4VYShyP`Mabb z(_SNX%~M@KuR#r{!Xf)wgUb?%Ue4iY#VnmJ3K8NCk%iig?eXM{U3&h?}jhm9F{m$y6-k#lt9;< z!o%niQxeTl#D9Vmi^Y>u@r+QiBazgbVy`$!{c({#Cr^QOmHXXaP2{mF%uTJM~{BJ*z_pNnVf@S62CG#<&55T6pHlgf4 z+qY~wk}!`ahx(g*%Rb_WSIWhC&Z0blKYXabvi^icFT2XjpKCbWZVFvQhF<1`qB>k^ z<@4IE>BvpBeYh?D3cl!p!LH;|Ui2?-G;{rAF{WxGSFS{B6PH~}T?;AQF{{FL<;aLF zC~f_vA5BgO`0+HJtNU-ovq62RoUaJg0(3YGk#)qd`1`_h8Qwrc?DT7 ztBfFaowDV)f@S%I8#GG~{E8=f_ZDLFw%$U_5C<;GyF)c3@h0)&I6AyUsjG3>GhvfM zIz>tV89WEl6L$ifKe6tgn6rF4$)p!g0jg+0Nc9Jp%3I?L(FjFTbo~lP0dTx;x=s#< z{041VGz(zzmS;Z(?i)IhGplTM+U&SO2X1bpb7tC&mE7NQmk~d+fxg)+UxR$}E$$Wi zFh^3Dkv`NcMn0Zkf1Qp=k*N`F0MIq^K^H}wE@FZs?&kbxX6-r{6UOU07vc%>7k-HB z1)f&OtM&q!qKjFDI|-;=>FKw;cL}KQFsUbXs*j)<-nLQSR1Zr#O8x&f~R#S`pNn;Jc=L z8%;rq+V9~dJdQc@-p{YAcbImFmVw1Jcyd2>-_NhtRBsrY-3Cojec40_1X)3xZ*$<$ zfOXLk*!EwqSYa*QiJKjiS9ecd=GeX3Of7NSU%%T+U9<1rF}tSspXv|>+*u%$Pj(ms z?hj->-GR&!a{Jy_dn*j$ErQ{O*-S^1>JPk3~H__ zTGySd3o96+Y)ni7c2<8wvN}h5(-O(jtgkQ!x$y}Tc_&u`DssS@Q7!Z(@9|x6S+c6` zTDK*eN62ctP^pQrucCY5h;bN(h`KnMkky7=)ad2`)RTWjxmHy6#n0Vq2JntuuA4Lz zb=Gx4$+(hT+uv>bhS1->M+GZ?+(gN_mg3U!6#y!_PUE3w7J%m?NaDC`RE^iud2xgV z-#kDeTr3Mend?VI#XRJ=RY=SH*i^-{RL=zBFrnydMiHBlFlYy`SSt@Rf1RKm#L^Xn zHT7ePV1OgUSS|hKOWckE3$6W*X|T|fJEFqk_|(&3OPVPFtf!h4D7yf&nYLLXL#?a~ zwODU`3J>umY9#Pnf!on{zOCOedFMNFN7P*yom&%k9^ReMb{^y%k#-*FN|Y@ifE?xNTkoA7wHJ=p*2qJHT-r`;DjG+?7||9usdc4D4>=5R1m6@1Yl-_;UA2FEdR!K8U?ocIax(WJ|6fdy1wvSzFq^F{ z6C9#3f)xg%igSguaE<$?Q&m=ZW>ORrhPC(KpuU{Gd)zuYZlQX$11O}^9FaI~?qJn% z4|6|-q+`b8x$V5PdT^d*GBwCI8n3zuqg`q5?wa!HAKoHosm$`*3aqPWv9jW)Jcua? zlx6!tic_v+o$a8gfHlC&7p(`_VB4@@EwO2|&mB=+vUbU~u^5eTfP6@o#Uv>gYi&C! zRV^Bj>M~3$_g5AF8R^7S*(lg=2TSr1HAm_xH3%mYA;T})qgbo~fO)e9YQ{oZbF`y; zcu6pfI3DU&^cfE$6Yf;uV2H3#E$0YJ(F9S7f`f$OXgcy|C`dvaO^>D#NnamcBR`Q2 z@Hy%63gPLD4?w@yE9hQDuk zWRgyYGf={aC`r}QU8k3<=eB`9xczgRi9pFVE;A`t763#hWD<(mOTwB z8f)uUY7I`YiB(j#J97zWb_iH|%9i1w1g$CH+WP6U){@R zsgF-Hwkx!xhpFwN)F#=r%(e~2#k(1N1$&LHByGL|Yr9ERZVuzSCf^d^Tl+-bd-dMR zr#G(hZMUb`m-SYd=S_3H#*HuiHcrL046NDH^b=vOS`oN+Y7x9+N8UDWym#MQ&z`3* zJn~-U$hQ!r?jX-aq3abnE?O&k+gWr5_fO2Jx3?BDwe0}M$|dIPtkAu+G>TT2ZSL@@ z&58tbyXJ0x8di5?b2nRHHS`sg2HV-Q(SLMh*U@^Te*sC2U|nvJh788Fr%`Ag^Th$q zndcb(7kY!|xZeNAZb_8R&`WW>%&5hrt(Uf>mO?@fe;3RVhk|h$G)sM1GBnC`X~Va- zcQZ;^`uWy)GNmG?+1pFhw2gj~{sOB4vZRgTrvY&4uWVElZZnDHZZvxI=U%8pXKzV> z*Z};!ReM>L|DU~g?P}xJ8pr#ZPoa|ho&pCOU$`ZG+O-Ifl+y%wfSjJLo~~G)k!_Xn zXpS@kxR?KD|1WLb$1}bFNz-%ii#FIZTU*lB*1m5!68c#~@|=c-7&-ZOK}6WyLSwrm zc~%^zMap6=k}_CFpbt+TbR>Ci6dy*TOTzy6WV`%iXLKH^rQ;R*#*AR1*_e3X!gv@R zV-$82o5JRi&ceLqs^Z>X{0Du)dw0u-48qSxF}-rei&ebMT)ce{IEpw>s4bMPrdj`r++XA~>mJuC!I-88 zH<%_;;y{f*{#d~o{f7#edWkX!d)m5b_eqZ1E7vrQU!rpsA5p=JET=4eRm4M*ulP5> z(h{mhWkowp^$B0r4H}KG4%)7L10L~TVdIRYB%M)2!Mia=gwxz|8{=Hnz5(;lOb4vF z&qUxBu5bn~huD2w#`Ar))7`x-Z=UI6_6e$9NU5T}u=vNHeRlp6K1=a`k>i{UibRln znR{R+|8IA?omQ*F|GV3rC;tCQK0YtUSthn_3=_Z9n|--7^RDCzpEcvYF-x#akD^Cn z`7>iz%u=e=GnSL7FqQ2RXZ+3U&T7Ux5%04h$FURE>x-9}T2%Ut3xZ=6_he$I(CWX^ zf2AAd^RM*e-TB$Y)xqi2OZ5Ky&BejdF}l1uJ3l`@LODYjCpQvL2^S?yh%f(@UXU9~ zZqea)2d8h2-=4i`j$^bo%JWRT+}aw_d{p$C5gY5?U$DPotDmsGZVA05a*6X+iG%s@ z*3rMxQ=@9jcG?t6t^%`88UL%OjmXJ>d z?tNG%2?M&2V@0ustkBy3qV4A0I?6{lMzFOyz ztCM=**vz-nS8^CmvV=ysK3C1Wr5`+GMXJr!MHb_nT;?3-WC)brn3ZpC0EMri-%)DL zBS4)i#C=XenE|MgE!k_5QY7MiA`tJv#UD83<;CO$8Ttb2>1-+wW$ycBfT2|;O<8VY z7~N8n=voxxEn8GjS2ql9IOQBd&zr^q-F$@wfmDj19z~-JrD>c(=yxPWxU;h>igCEr zdVDYV?0!T0p?zxf#Rqqev-^$hdBEljTGpb$w59)d2u_ts1l0rD?Q%aH0}u;f`H8Cj z*eUApG+mMBesdf~S;GUe7#-A2Hf1?lt7}`2<1tNV#l5KqbQzlU>P?l8s3M+AOc!4A zVvgkN_nD!N0=XuWP4pZ}a@Hj*dyFGwFz`0|;}4azs9==MvE{)RvcqSbGDu@fun^Y8 zbnbua1_&OW9hkW|SZi2sEOZ6}z!4|dUx8`_t>e8;jqog6>kEuJ(~~?!0U|h<^W~`N z=Y#um@$52x0yE$8Q4gKTHs4ak5ls1zr+znjPR&A>pI==hZ)|pzAd+8(nV9~{*Q98A z37R$QRnUNS4#XSIimdkWA)V!H44aa_tXb=64@lSm{1q9}wAzVZ_250*jKj+d^%}pQ zU;ME`_dZhKo^8UfI7_1}aW!JfAJUZnF`C#sVgvkpB<=ehE&RqVwQWt7FY+07KB-Hb zo?o4|IwN`N+C){s8T0x23<``%LUMBS>YTHT@SGBHmQJrm?U1 z7`mx1+cliz(N^4Vx@DYSCE^oPk+M&!oDx6T=_P z{!stObhjLP8EBJH$=L9peIqPZt}N`Jrn;w{bCO|B)8V}&1hv+#5Oh%lYPV50I zFUr|{&P%{Z9>PW*3yvZ6YcdgAIWI&`;;&bxsQez;L`d_s!Hr^Taxf3U3P_He?==%| zcgi!EJ`H8e{H=ZL!E2hUf{OP5H3kh>5)%%>w%mj8mU>JzX*q9MaAfqe+TE4mJQ_78 z_dY(FS|9BcRb0kp!l;|T1I}6v$fcSQD-fIrk{_sjIQX7SL^YualFJi{)RXA&0Lf<` zXBA!RgAzCKq35iKMvn)23+DYH!XLtc7GAgM5;%3GKO8B09eKTSIpRK)TsyH(xFuye z&lAy%c>ai+6k!Q)-k8^9^0;GWoZjG^NWhCwMvar@7e-Tg7nNKp<*zGVsi?jbzC54Q zkQwGdw58VtZYS;RdTjct7~<>lj2bC={@cOD)yeCF!>hB4A3yy4?Bw*r_s2i}fxdm* zp||9+J#gPusA9#=PybN)TK(={CT3|6-IZ&Cp_0WptUTrdDa0b)hH~^+IY< z_ms&>{Jh_1>6#0R!*!Zm$%Hn$citR@sd6GU&wf0CzC5F#8fVRfv}9a40sY&9;a`(U zE&Lh$VvY@RPOAS}U3H0hIo8)SQ&x6jO>q^)q*gQaOhbWdxDqZ6#l;@t!T9{V57CI- zrl@gIYjROxV=re$iQO~ny|Pioj3xvT&TyY5G^eCgtr*8~`4ViP!|%?1IQ=+FKhHn# zSnaAmM#JiR72J9Bn!+rbm=osPB|h7;H9yv4hP)+bduUfD3=v(9ux2}+meg7*;7`?h zMpgVD9+^?k!@KEjG0k5yexy@7W>H;zo}kB_CA`Lf@kZQ#2qS(_ERPDZNF&tv6*X>A zrz$n4;br%EXnAvVWzC^`8~UIBQJSgAfQ4yCP{-G1W0sPyKgJ=L9W1zf zuCoxYp0v#|xjvg|;>01fo?B)qs@_haycqYkBz%jp}OXC#wy= zs~3*}i#j;%ICwoI|;S74SR~yTodl06KU)o$}P&A`~M1E1E?w8d% zJGgp+G{qnek#r@{sLSn0Z7N8!)Y zSNwXFo_qQI$@zyL4o9VYyr{M+^$WNV_FDO z@hf~=f!W_*f4Kba;Ntk`!_mRj!K;JI;}7pIC3f$Q?`yLw@vmwGr%ZFMJch@BD&JLV zMV)nTAqdxG5(22Q8`Z8|8Q~==^g=f9bhMAgJ?=N;SoL<7iZAAogAHh$dSdFAS@P;k zia9^Hy!_$p;^<>h%ydxZa#Um9e;DOhD9cgLBFH}`1)1??VmEuMOX$r|1*&jxzt-Tg zWQ&dIBg`vyNq)H?f4g}5(O4T#?#SpYNZPLR8t6f=He(lGiTrDEzLcu@XT(t zx6nL?k;>}OwRf5lLgi$u9-K8}&-OcOHAYP22MNW(uM+NkS!Fc!-S2VndsYR7s2YcL1Lmw|q}9s&x|=#cTQy*|d@uuApAq5TRn^Vo=1)~j*@z(}&>^!i zAIk*-X8ec*LHK!63~B0>=&3_Dg9mGnlp?ZvU~8iuPYq%&x-(i7uxxUc9^Vi?nW~v# z-hQ5AJ|s#+e)$b@4VAY3pIDtQ;5hlZsQ^`sAl1$z%Ar`~L=M8qklekdX^d8z8(XUZ z4x!lS8OcjvLT83qTFF0@`$$`|mzcmGe?Z2SoyOdSpHcbnV|sl+;(Z8m%Fnh0lKK@W zgGL85`Z!o4MD9q0wn&=uNyccJH-ebJ(Sq}1BCnfRLI)(8Lb6^O2&BTN3jNqbH?jSnbR~UJjKbm3S3+%@7^fSvwH(QaNo^>-!RWFqA(gs`xktJ z&$3)Je;MCZ-!Y5fS_v9<2T4k&)+?F%aMwR8P#QLSJ)dlS?3*i*# zYjyZ|mZISK8P1}aH_MYd^~s(38ehwopr%aBZsk$*9i&)1=_!YQ%{cu_Rs$VEL^OW|+*g7{sXrpnK|WoZy(I zM2K4Y3!iux1(rtp3)5g}CXYmg<@Kqj!v$%k1hAfJmZ0ns%-OUp3MeeHG}Q8Y_owiL z-jJCD9z5_c`VPnX3zK&^kw>EL(&{{zxI=i4Lfaw8MEmhdTdWJ?@(*(eKdo7DoiFepp4TjaC1fruycw!W5sQRfS9#p?J??H(!Yn+R}*< zTREmlBVj|GiTk{q0;?wL7xjKnRkP=nR#o$|L1sv}&g7^DRE2$&_+9mLr3hPT+|m1g zu~bP2697;t)#Dr|G{tYrgf%BpuI{zZo*w5mfLewUw{kX)aQ_G;C$DpZ=2j0vg(C12J*XWF1I+U}(EdUZrL=EHzURvUqndbM#J z{3#`!p!>Z0bw+Hr*LbqEAekEEXPT?F3chAq+A^dM&&gs=&y=b$>#Djs9@s)uaUV%xMN&&pXsc)6du_vMld!N>~Y>GfF9Wvk}&%7OjoIH{_IU0UA90z2(AuNZ96P*ZPl z%0t}Owfi9N_H5twy|-*09$GM}X$P_7Mm}t?N8MhtjQ82wkK-?2#9O}9HqZ2V&)>LN zuRqx9eZNhc4j!171%Ceup!JnkY=nlt4@-x#Ps5*@%N(cvL+onbnB9FkP9AF>M- zSo=e&=f*gD>_a^Tc*Yg-r}k@}({Q%-p7|J^WEZ%L0`MPE=Bw?$`}onUPx06fipI{W z@;ZX{5%As;6!6?6m^HGSXpwO6+WUHTjPOUoT#X`eU-@`M8-`#n5`g{qvu*nO^e3-; zvvTDZ&>J41ZB=RN6)me4wri}p`Xi11Csymtq|^;aVcw7`={B> zpXSSe3+`|g_yzG^tm)ItmP~V}ajzkllB*U;@O#Acz9kRp!-jjf^SI8#`8YCVHS{HI z6MlH~%!uoygRSd*WF;guf_448{L7|xrAy9Rt4{i7gZ@h1(lMQp(CdvPpLXb3TyGq; zTg=Ns3n#;VUF)j#y2w$=?3nemFJZC{vg)+t+CRm7R20;gC zjr7um<@Y0S)e3BFK#^Bs$cc!_>mXgv3d90~obA$e|g zLyw&NyC5R$@1(I^l0qxaQ~7Y+H&MBcMjxKC>`3z7C_aovmxTTC$#(h4&gi{WOUEnr zjTzy0voZ0&g%M;rDlhEKI)%+6orQVJRmH%+c>4UQpHN)bGLnw)6VDnMr;O8l(ugFf zL;3S%#%Q%#t=;Wy_~8Pwb@#q#bvoU>&KIcl@uuxQg~&1g zqV?dh%9Hzxd}aqG!L9>;Yet-4#Y1pL|DmEHUqZr!3gT#9?~5j7TQ}{MYnsL{(YgQn zihpUPQ%Y@}^yB`m6HD zmXG`eOGt3i6EApb*?_5NgmofS?Hllj{|XytEG22ZLg~x9Bf@EJ?1klpg9eYFurk<3+y8~nf1jqYWb^l619Q%QyWK9I|Mp(1{dE36#plt_ z|0_i&Pi$Z&8xTeR7ZOSJs)5wnh4EDj!4$zOryi4G3DE^AJ;p58p1$F%$YyNjeJ1l4 z6@8vQi}HU{OZ1*1;5`1nJthCOTf5yS{{JaHK8Lq_Tsfhtb+$#B!YAkY59j0gBqJ}; zS%&{zkQFoW+0L3V7CGVHlS$c8<9;Z6RMzH!s)$A}19gvRBdGeNVJZUG>C+Z~s$bCG z-6m-i+6U(vu4~Z$h0(NP9n9B@u7ZBPehsD`&?_LnpF4m3^76C)vybUV`z*-+;ShZ! z{=c`~>P+$foz@fo{}i8RM({)f#t}{ul$U8!OLTR3zJkIs@thSo1dh*I z&vK3RIk>~~_rt%g9(&y!Ty6GXl^0yxnp*lxtaA;7nM>}$Sy_Y``Bn5o+OOS|Y{qP| z1(#LT=~jR!QJ2nR7{%Vkj-Uo1H*y4r<0& zf>y_5+=uc63y%soSDRPvbve45t}f0Y^@A5?USo|$W91n-(Nu_pCp(m!W6%#xP6e?v znS8nO480d5M*Rs=E23lylrt2KNObM$XdpHS-|v$F<3v^3r0Eb9*<%VK6?^<7jF?5K zlt-p6n&5yMA>bLhlmbJ9lVpMf$zkgZy}&)5Gh}aaBxowXA5np*KsZH)(*gOI7p-t% zU;N9-51;Kt{1>~s{$pf@g%09pe;42TLjBXPv_D$||8qaf*nhCj{eSHEuf3hJ{in0t z*?qGAe2Pzrm5Nf8he}UyS>iH2ODA|u@w5`$`6h|lo@r&H!+(LW_5e@tTod+U=U)Z> zHnN-OW5j>#wRg+*U-|gc`Tqo;8HHkJXOih4&#Irx%%V~uyMHFwL(cn+L90$~DA)V^ zQyh^-hbmc8=2M# zeR})Pm+yk86OnV84v+NWsda!O_Y(cSQfl=a*dkoHfwFyWwg^~z{!6*cW1QVP17P0y z-`#1IG}9oSvMS zgUvo%Xg2FpYXo9I!^PkTGQJ`Fkc~6U30nR3o11pCz1?gzTC1peh%?-$3C$@H&F_mo z(Tu41hUOkm^7(8^@>|BQgWSqK$#HwdS8)6{M^LLbUI=(Ch1A2#6|CO$KY`Nk1a{Xv??VGb+s7C`;&)_Hj%liR0wLr8wH^u9mht^NmpkVxDMX$dk(WIsdu3@VLh8 zC`uhXlrvtIiQ!H$KU0>TEPK6ppsR118a)1!FQA(BtiFp@=U+z8%a+`k@9693d8Oz0 zd9BPpbum4ktx7CLZcAS#OTbzDj;Rdp`ODlgbCzVW%V%*Qk8me#xe>Ph%Lmuw^o9qAU>~*I6f8D40KcD6^JE?!k<};7#C9LZ-^Oq|tVW#Z$-F}IFhxeX+ zxz(rXmKd$TpKs6Jd^kF}_~v=r{&{-v?)aPM9r*kFOVo(b^WQY!KhV!#qu6wg5(yz0QbWZoB?@%pKkv{wzc_w<^3QLc zuaRiP^b-=dKhW<;kQjX>wj{MY-`W~}wQi7nP16|VBLYa~3|7EGe0}ov_?zczi9n5Z zj+$EvrW)su4G9c&zTJw+%~o0@@&+3b9HT~ieQF8J2vQdfX5aV~ttzl`us>F7r~gol z!X<geP*iavaoxd993e$w9 zL;s0Yo%2Bx)OZ~X|38+Fo_}e;yk#tt%SdhrP>~>z+=x+1Zedw(u|O&iJoZ*M=LPXr z^BFpXG`^{+Aar{C!-oYXBw?Hk0s!*7rb7~Ms>HA{!Ktt)aVh$f7JT^qA$OZU-+mg^2kTTwQ9VkNrD+pv~}*XJfU%Y-X2?zuV?uJUVnE|yF|fOr4wB7~1q$)`GDNzKrtDphWC zWp$sbC+1ZAGdX0WYHL=HFd4J-lH{uVe#yF2gZ@ukWe!~`6 z+Qk+Z*&#J1x<~g$04A&(*SUwyL^1iV^PY z?22OSyGcvqlvU?t$E-96)sLS9J9M8ty4S&4eCO0>p@X;(#rS<4r>ipDvx)<%Y#K_( zcu3BRBvH!LRIkvf-whwA;ojxvS1VhE{x+uvt6Jco$5MErrhcl}pXt}jJ?y6OpefA{ zS(;;-5^hP(v?E;=Brmd6yOA*2Fcmxia3X*A8v5xs&9rzeE_~52uvAh0pn2WNa8Q;r(h zQh)y_x{9RkW5+k)tMB1*og*Qy?FY z@_^3Zy|2RW8pF~TF^rU)a+ zJ-MmnVV|#LM58><{MD#^Xu6ZJTmnl7Q--k`Lrw_3J?hRRuGZsE$8vk5_tG1 zd{>%sP)N@_I1iu7H4=+Gb^oOl3$3O2#EU6v5xLKD&a76rD2jEp2Yn1(y}?@4>R7qY zgSFkod^|3{Me<0AgKI0D?e$zb((*5wt&*JNVtz)%g?#Vb|%o1I^-n;YgR$ zL#3rDNm-WSy0aIUN&LtTsVjgbq|RuB624D>q~<#9yN>W5V*(CB^B zRNp+7iQ_q1Rmg-kjtcu&5GaZHFwjuGYP=5YX21RBFPpYmZNcpR_~Wak6rMTC!Sjk` zuMw!9S8l?^Y{9xj5>wR_wAqQp{goUiCW~(o?MDmL|$A=GF7u{4Pmw$J8 z+I3ua%Bj6Rduhoy%O^*azeK;)dR3OO^3Anps0h-TR2D=WmM&iVeZ|7nyjM+8B}fkm zEUaBLuRq`C+(UFu{7)A5A6@})PW)fH-RYF;|Ltu*#s7Yi&)oPQKNKee=aMatpi98B z_=pN#Wb(d#Rm8)kD*%5U!8nV?3p`$V_qh=*i-#~gdhE-XrUy5eCXx^;M)!aIE3mnz zPt9i@|G!_ykMJ{(|L^SXmE*r#ttbBfNj?|KI6!%kux;?soTy|9^_lQu6-;TkU=x ztoG9d-PeUkm`3h%!|zK^&S>yHbD;U%_GS(Ku-5+}thr79D;}?G*Bd^!P@~?NuS_rH z9HicQUHDfGj2V0FJ$`boE0Bd>&Oo;Gwi&IqmRb0=$*#HLcrc)mA0b-#(+osrfU3Xp z7Fv``5H>DwIy5cH>VBP1v9)k#G?BDXt&bVc+S2i?3q-Q2K-M`StP47=D_S1=k1pQr zc#eyER>$Vb-e}cfnYHNpnEFAjGqJ6Ugk2WdSpl%qxfoS;@oM4}B4LApB+&&nOH}UG z%tKX%f8Wh5Th8Y~34;@=-E*@xL3|975%;1Qac_Jd(3RW;_AY%wAE^_0XpekAQ|_6@ z%9*0o=cpq6M}JECUvor~F&(CilgArlUj2uiPAUJpz1{6T^?&>%pJ(VC=aO@PP@{Gp z-Hu3#`UOp5Deq)By2e8ynk&!H)rbls@dzYFBuUUPVSVMjpy_Z^o^PDf8v?O;-uF@z zdWKRm1YH8HWtiOf2G;~m2bg+%@?ELmi&+TQ{1Fm4p1LQ*F^@k`ozjcQ`}}N z8_hnxUfF2o<7{Q)|66&6{((7Vg+M1q$6}?KarO&|@|7ly3EooAarVo~*$=137ngtb zmM--vo&Uq{4o=@3zdd`?9LJ9~#?15IZtb?at@8PAwV%%aC;2=>e}B!{5FG?`fS_5T z{BJrW2^+2)B#AD@2z&y{F@j;mYBn*8iZMxZ5=+en9*`%hxw7)?8Tx6v+3q%5KcfaZ z$T&^V&L--#I_;GWw6SsW?)>cH>frQhV`F6l9mFw-Q4fHN<}U-zhE2+P2n!nkqcHxC zBxA%$#srmEuWX?ASqv2+y}6hqL5cKUv%S~cK@IeimO9WW%Zd1T4Wzl3TU)ocw|c;c zjUk07DM%WTt(b}|!IQ1OzrHwov*m&Rn}+l^fb`7!MgIWbH@xo^66iZ&!lZ<(pqXJUA66~7e?{+pr&n-AaX|{Da-bWKn--RX3WWeaP-rN zaN_12RuYR@B(`!auEmxLaVt1!WGrsj>^kpz6SLc}LGKNnInq!=Z$0yXz&HNfTW0Q^ z?WN}4S=m5mSx(3FR}u%=Q4j)cM`*hd+WU3{xoXD#V9KBB*X^4v@6DYhaNBKm4U8Af z9Rs5E!XKQ(=)23SODKe^s>g!74-tj#{7_NMpNNtx&osT&rV^XsX#FmpjbNa za1LLSK5D-xtrO}OV$x@KD91y8nR@MJx6^F*9E_HQvA@(>cRz=z!5}CJjz&fz zI+&nBt%Jxp&dG2BRy%(_BF8xy6p0{~@bu4 z`ZB{jKTe3e6))+pWYrd{KKQlZ1ig}S^QH16qE|GWz-j(+V*_2@(mWcGSV|bzgsbcWfns)> zf|YB)*%Uq`%`7b#^K_xqN@bM1GJ^iMxAo&%Ef-p~OKa ztO&&!)Otpo#7YEH3$O1koXa1Fj13cF+}>`0-HHJgA-3Jmf!KD}-9&cGL|S{L`^sNr z#U5~ibbl5UlNg9n%CM?~O0UYCH@E**53Olo6~yHMP6Y9=+qT%1`TvlH7*?>OJ#`Nr zk;q7lEjzhcuWK43QoQo(sGvcDhg#HPx8*7;sGqRtTK?RZGMBow;mG0HTysy|auUtX z3yWsyY#TAauJV}VoJOJtT-1IG6qCzUeXaflKc90pCi#dIQeMc(P-l#+SDYqwt)@fd zT9A5GXI-p|Bx5C5hH~YQ=A)ty1Pr9Sm9Sw0r#PA9G!jxA)R=7b6V~4vV|nnmLfyKd zoI?;wvA*EB+HtGdwyWtjeGw2{2cl&_=sSH;5FMwMRh zCG`{HAnW2)8i!z{o|Fr{Rdj>6nYBtYLm3mfJe&VcriGqPbEnyA#H3Gg+Gw{LytC7@ zN3rM6(GUJn%u`?7O_IhLqiNpL7m?r7Q%T>#u*&Ck<`?SY{+p;OroEI58UjO-59NLF{*5T4w`&h@^m$e zj+sTLyVNW?pT#U3uD~)=Xyz#pOHBz$`f?+8Br4$QAHZXUkOBdXQOa_wK4ANjR#CObA6m~SVT=k<5M|WP z6D@%aNvabX6|zaKvs?)GvlelGd#hE74n;7I!EzZEYtgf*3m# z!Lv9?lrIWJSgCRe8-g1Q-C~|f#;iHbYc6GU$-tD|R6dle2qjT?>)W9qcN4FHNLuW7Rjobcs?)_R9R} zs-`>8T?=~0f>wg2cVR&9tBQm=bUUKa2;oF9G$grFWwI=xB$k)7yofSR#~3bNNgDEs z!m#E_7x|t{)ZJ@F1499bWD*vLuDi`UwKI1PYfIAY?Yad~!oZkug7OhgQ5&5rROA&| zaw}b4T{_s7EW@={3P1&?J_!oEz9K`KI$)LrTT5I`FPh2&^@jB5w{^(HfP`-tjS)^K0M9(^ionWeGAVpqka&c1Ya@ZI7|OxID?FUr7H6kuU+QD4 z^ty;K9@7-;pEN~dI;1Mb8u`@IYPMVT)0ec+CpZrTDY=84o&)g0zQ0{!JAKZsNviol zLvaM5k?h@Kn!jfJNJ}^`K{D-mtEOE|NaQq0kbGQ`<6yEMnKcL25xhMvq_VLuT>NE%psf3j}H0h&t2u0(_}jX2ZFoCDsi04|qJ zjHMKkPckNfTpS-9y*maC5W~ny(lgW_BQO*yElPk4qgq57(~Hsly(3~zwRf+~(%{Vqj0w*^A~KdatckC0g^2 zd7tJf9#eJD#a7M&8aRK(WPxfs|(^tk~H2vV=%#ZFX|!0S8XBcS%Z| zCLHHn4SV^2Z>w?0c>yR$2&Pdh+@={PHxO0#qItK~ZZ+?|65jSSEj_{bW}bRSF63eW zXnk0^M&darhN!)S5pM4@@LBJzn@O~q?HxOdR*9>q6}_axl*I3OazSDW;;1}KPFpi> zJxIoKig?o-LOGy{#P=W>p=v}7!xtn{7B>@ZaC!L_<%Ex=;G)-$lR+X;kgwq=FK~i> zJb3q3a+)H_3r_rDyLQ;}%p#U5$BeI!N|CyqhypQ~zgZjb(4TJ$` zC6==arl2iT&6N%Gj>U8!6~>+_6xl<-@5(($)NgLceLG}#`8^9oZEtz@EYz9aEEkF> zrSv$~8=1yN-POsXz*1POtkhb{L9G7^i2{PzwWB)vGtmj!8hCi1?m54Fm3@E5yuS>8 z*#-XcY5B=6#MCJ{|J_91l9nQV!CXaV(-ieGP9SLEP#Lv*PTF&mw!Fffkaz5cAi>7L zJ*+L^In!3Id_*Qv94wMp3Whj}K;==5;70_BqVL6bb&WI{j&w=FgRHFCC`zb2g^_na z4OBeVMtOvV=1TBNK9cvRPYsrP>@KsJo!XdHAk;$;^~=GjRqJY5Pb*M8Dq;{6Ap^U( zu#pFr%$@hc#DH~;-1zq*omT#5%1$ka)Afa??*2ltGM(N+L1yhH$YM|O56C|ivd%Xz zn!C;RejvWimVeZqcZ?TY?s;bkGwg1&{U@-ews&z!x~{#s%4=LC<@n8igxP@hCtQVq@Jwx;YBym*}G-`xm%W&|%jLh?|7`i$iw=Qwk~Gu^3p_w?-Q__CSbX*yth4EL=A zv28&t;ZxaZ?tOAn*lF%Lth)wl?*hniP9vNo6Kk9@SHEF^AcN%$**XDD=kOI%PlF!Z zClV0RA)Hy!PiT}({O~zHzh8~OQWPbuh^;5f+$A03{tq#~01KB1IBi&SjfC!R0myrd z<0v6<-$85}h&yFkR3@$SqgR>)=a}(3#&HYeunaZqe0pk_dEzpudVrZrd$<<4(kl3A z&n(Qg7SrG1NlBt6F}h;o2o4shwpc_0$~q`mTAs6cQJ)NyKZ>AL zyGD%>_KO0qh8+Xl$Xz?~b~yFAfG~V3F1!EeHVZ*cdLFN~Dicmn z!iF@0sDp7fmw@*I0`641n>xk^Es<|KsrFFaGunv@<;#uNVV0iOF|OkhIM1#gSo5On zGH76_zV(CU9Nd0UOt*1Hz=fNmyt9k zX*5w5LZO5E3^&x-Y1+W&+W~tOJ34J-+;8qRyReDA2g%qtm#2tMyN)6{+QuQ*x@_X$ zM6QXPsM9rEwIAmg+irJNsGsnlwx*%JgIL}viw!DLc{F?AyX+xlvr-v*Mj|Tdp&@ae zg#J1#!jotpY?ifIhwTf4Y-?H?a}IJj@-K|0@NZF;%Q}idm!KS{qEMc1WdoD%qiZq& z4I&W?MJ%HxCQ?fdG3rkO9Y&2LSI|z{&6lQDhLH$@1;mTD27#6nk&!4DMx->+v+xF} z#Spb15s~k28GttM*-dh#p)PPV>#J2?ws*Z9+%08Ede?!R-z}afW#8i+J=0U7CpSYbm0(f{ zfQ(h;!b&De6T|58;fHo@#PGtj8Fsp9|L)g4+XJx8?A9NXG{v{nw% z5s~^n6=O+kv0XA;algO=BoRc}u7do-rS}_{L8cTC2ttH#o$2%Lm}$j!f%98;Z4opk z5$2*4nCXYnrsP(InyRHn37)VbR~&=f!hWWB>>u=2&7k^f$MKk^DhReLi|g_0+=twR zo%>u`S>X;O&|cZ@+=Q|0VQ+inyB%E1o^|E;E{BWjkfj6VZ#3$mW`UknCcql4`HaQ^ zJoF#xtvh5a-FK$%4ms}SYtt(c0#kuSTvT;GIo$lIEPnMI_g#u6R=q4Jb); zag07=3Bf7op-qRGBb#pN4z@x%SO?^Kd!m76gH)hFA@yptVDwkqcg7Ge-FTUR_HMId zAheoY%d<;yhlXa~9G*j(niiCszX+BhT;wD9MHE;xTFvgx9B2>}W$*Hw(=m#bw(T@x zU*sLY_wEfUP`88R#k01%4M!hGQbAkyaIoyUCO%N&aQgbv$~cq=)EnVfP+{bVa-G*S z!bdpA@^24zx0K%vi56+ZrK)T=cgES>>V2wr3shm1x}psy?R`Zjo#q`{v!vn? zK<9-8>RVEjmH3E7LYsTMH}dbidV+vW z*Tb>4FJTk2lM|s6O!GVgIkNB;tz(HWRQJGPB)PVq)AqsM3%#n8J0`hYk{HV@lmKHY zwZbVIu?`=VHyO#jC{mUZ6v=ly@sLCI_+CkRg`^$r;DNzFp7#dwG`hjQj}VMTJV*HugCQYrDo3tsUx$@n2JuGS@c7IUtOXFCeAQ=Wwpo z!Na-cx4yEk1804a)DxF9!vGkOTMxx#q}-xSMlN1WIMjBkQS+C`a4HC5wyqPSqDEz7 zfP-z*ro-?NSZY`4!B%PU(t3^PuLNped$7Q}HYtC1D$mg#ji!``^(Ah2fHA&SYD*}dCX&f;l98O|^oBSDI~Ku?ca#S-1w(TzS)a}sKz&FW zQ2K$?w4}zOG85#${>jT&?5#oDrvJYv-M-fAtOyh^mJ?M_z2DVOW1KmttqQ1fxWI0+ zz313K*Hugi?{cZL-QjVjYaCc&R+UpsVwZ)oS1JlnMV!7cjCx=zJyWW3Pu^ZqxI6!c z2Xoiv;sZ^#Uzm~%HW@@0E*fA8_YxR_5?rKE(?VG&}g1UktS8Alg)3CDQ}McbH$RPHN1GilM{d6s7i9u4 zT}{xrpF89rxjeYNT1Yjoy7c2#X&%8e5;kP+C6`|sVjl8SZM3uth^M7)sZ&q$JdqcJ z0ZQmKv0lWOMWTssMH7$luPg<_Ik^^F&~hT*lH7Gz(3ouLEGyH0qM-+EaF&qfC?6;5 zZW^tMY0Tfl9k+*VEho9mR!fpSnif_h7UuVCX$C_c9AIqO|fU zIL&>FNYnlETwihDtgiN) zU%+@)z&GH=*tcVJme>#L+>s#mEQq#GnZ|WyY7MIO2o!$@qm)7HZ-;LiD*I-n0NU2} zCfM<$-jw8fJ>`%#?YEi}1T1=9v3jLl+>U5Y63sTk6rCzy`6MIX_%^4WL(cN4-CE{? z(}|9C7$D+Q8mIC1Cz_S@YSo?|!lFTi8@F3Mu9W#q!Re60S*mj|?D5>GXZIs75LcNn zq=vO=QYYhBgia{-7$K1^5(lM z^y(O09RJ_@lZ)dc^!n@q9h{=~=Wi|!j*h?l?}-x}7a~{gu@SMLrMkrn9qUR{^pjqf z4=ONh9RIvl{$^bw>J94hU8FXz0fRDV2&lK)+-ctRnySpR`IgFcNFjSNy1vCchEnf1 zr~QO%Z0JfCQe;SC`_5Xg)qK(1=>ZO>Oy?E29vT}P4zZ056)vkYBh}KcAhZE}H%z{y z&v!>ym`tQE(Ip}1C(pe7^O|31$?^tCE!Sisz~l(fOE^%Wsfol0gG*35SuaTr&%;38 zdX6m8E?s0)^r3`$Q;bYTkN`o!O9E0j;Uq!Ww$QAqxY2^zsPsz zn+>96LF{_jscsj}Ty4o~nt>s5HX6v^@}QlYrF; z^;2LYR+%LH1K70H^-gby@^!#wYtut>#6&JU$TmT(v)lw7E$;aFVfz7kM!mcoVNPPz zHQt3x3LPyfxr8>F_&~QU(CsBKYd3d&AYBWj9bl%bBO=ZURk}iD607@p3YCt5;snMc zbqj+z2KAILd5h%HmUTfiq26T=6)70dz;A7WUL-TuRuXH?1k!|pL2J5vjS(DlttNPj z<23f)q61Y9$i(rml&mXhz*u3X5Te38zNUl%xQ3kNM&Yr(Y3i@27?pe^m#4%@gi3Oe ztX+BgV@8BRNySk3>uAZ?3C+f!scQ15FcWq4Kx>wE6CJYjhUk1N{9jg(bj%{*-ojO(t7bPgL1< zP`Aa^_kutzRbxkc9Gywm2H<l5LD zb;)r%Q)kiS;`dpRqmlBQVTi&B>^v$W#Ruwg-#TSM!W_?o^AqhkbON5DL{1_pVtXYs zO@x^@!cN5qi?EQc2g4?tg^GXG<)k_Qzk_Jjp6{s(oC;o`Tv&JthU?Z07w~VBT6Q{v z^#getwub3gE^t zSg!Kvz1FFCO`ljrijee5)7%iKugm*A#5|ZbtE40l`jH<>ZX4qy*+gR!(_*Yb0x=(w zDz_g1c6;jy>Vlv{lf5B4mq@71c{Hg#CdO+T77K;k#I{RiSw_HXHMcz=FTzBxdAscl zkLHB)BJr4O*X5>FNKZQ6Rmp|w{*5d1-Q-147KgenDQ$PD>2|&6Y&2LyMT3?3VAo}< zO%GBT(kpL@_ZM$r>r`Jv6Zqo+-3c<7)ICoUqHp-P-_!*IsV2O#bzGMi@*vt%x{N)n z<*5f<6IwV~P6BUve5`9C0w+ERf|wyCZB?&tXeyte91nf+wXeEGxvVk|`}rjhcx^fZ zKol7iFHaj8Cu1szsWk76W7C?J;j}GJ&*<1#pverQYo+dp#UzcI5#!{XvE-8eN_sw6 zyLwJa&=Dy`3L2EHBiRdUu0wQGzewYRGzSDjafz_rv>L$XJ9O*S(!am^CmO5zYQBM_ zqhoarGTwRNzg((ZGa@(!J;Rj8^&qruvO(w&EP?1v?WzyMrW$x0>d@Tr^7MJesUSDx zrmeygyj(fsoUL*cM>c#Gt`r}Iy)gABprL68%!L*r&OwMctQ2NC&GxPZ+L^gF(-NK! z#blQybHMbA=$homQZE)g73EZulceC? zAUCdip!XeUccbVsEtSPtym#&K*e+=fHXB)IcpeugG(2+_6Bdb-6~WS z$%nz--a9*$@0czRoa8Dcz)lrqFjt|YsGz&G?f#nJbXbHWZI4SUw38`A)3eS_7p)bd zVv8XARB|cZdQn%?@wcX10b8Mdsz^rn9xr7?1Z_7|Xemw-A8^MlO1%l(TaB^-!_U^( zogqC&ESn%~bN!WMoilWBadqQo)oxMATBI_kd$4|~!LhO6t-QR6}hX9Q5 z0zW)~DBw~}qlj!;@m5$nPOL<7AFK^Z?sR5N-}xwv|0~dwrbxW4FNbN!Wv>3e-UaqM zp!aR_e{I*c-%TU8Z=nrZGsF2v)o#^MmD+KF^O10QK_h~bd{j2YwDncvvOnr@nl?{d zs+=8X@>WPF6PL04sb|7$riGxZtFa2E%0UX|uw5|+@B*9thVX8`oTUGDH_UlZZ%c7a z#V%$ON#5lYA)WJP6*=I)%2j2;n4ns*H%_Nw9N(<14BBM{$;92b#0jNnc;%=ZQA%c{ zR7}ZH3>8?th1yx4-_LTvK<{rQo74SfK%BNcI7%#M-X{75Z z-4af0U2x#D{!Z^#!1fvP_MW^I1BmD$B&X@5B?3;2P0Ky*Vb~hxQ@=V=@ zL%5%J2vF=1EE(yh_tsuCIuS3DBqJ(%yoHiq+ofSH<9OQloF87!+O*Af283-7LYUrA zc`rpc#|cfbR54vzpiizg{CWw+Z{IV)wq4ME>DtitY+nwW`~b#qsbob5#FFPyJJfLiY$$$buXZ`>+el_X8_AaG=LztZ!pKtH zzOlU81cb#!p)ib~LS_l?B;m$@2+hbT}yd0 z;!{oeJrMn>!dyjV`j|x4wKUwfo2?S{b>3O8L{s4Z*Cjx5<{c&rXwL##VA^d5!6q(f zhs%Nx?1A3XnjGXlEP=#Mv)%Pz*!&l5iQAt+u2tqN<@WGfzsBqDBnRt71*kKf z4-M5wqNIq!$|#7YszR_!l2bWy4(fgdRM!;GRk?LjgfdKR2f-#SEOVxJn)?odOIg_W z?~-!gGFuQ&t3CP_oneAka&%zg-*edtTESZoU+?tWlmdOv>{}yU#$trioHk6+ZC4o} zXO&yzpxT51kEPhiq97zSjD3}B!;2K6cTAT)t%s8|=M&{C2V0wPquJDgy{W-m)+bM# z$sMg7z54L};_bRe-8QP$(T+B7>+C-ho3h{9ZlN_5#x+ruh#<0>s6M;4d1jKJT-6`c zb&C;8(SB>c4Sb2*jc_4y5_>qf82tUxZcdjX^FqEsa@SEmU@?)aR`|766e0CY#UL}{ zt~!S>VmDy@&WBOeo6kDDy~-aB=Kjw?3pJ0Tz$6=__ZsL|ToPHN4Z?Daw+zR9odM%u z?^VEdF7m1JXXePQ!Pzl>pLIXPIyM14sznC6>A2B$e-0z97d%}agq@#*W@P^9vMZc% z(y&$!y~h?^F zLKP3`8Wl2ECCsE_D6ef}AbL)8pI%unu)$j*c)xZyx9_eAUHK%>7Rww2*K2Ms&`Az5 zi9PBxTVYdr`A(_R8@vM||7F((HH9sQ)^4#tavLKSo51Iu=<3`~e5+a-ue%{!Fn>EF zXsf(gA*9#G(KSiqo@PxZp3au|AaUsH(GPf|wJJtiU>U7|yyKS9oxlGpSnllRHayTU zgj<@#5$3U9YpZ3-0|PS%_MJ-CZ8wZdL|A;MyN=avdvW=l8o^5!mc;_4EQS7XiwxpL?sqE(Io5Q2@#^5v$Q_kJ z-+8H$2wJ;hC}y`Q)EzVFBlQRFvfQuyygkjh8z`bts+Eh7~evH zM9tR97f+wR#3zi1-Fka+czk+!{J3MZTCLXZ_BQ;#)oPXg-`Q<B z{Nn8B{h|DN6P`LcxxBhKdG%g?0|44hbYzRvisp*OW>wE<6^W5lx5iLl5t3{8SXJn; z)w*qn%%;4oZ4IPN4GP+G`1TyAi>E5{^e5=jw5VxIWsViY5qhB#tEsSdvNB$bPazhu zY{Kbqlp}VV5-w#SWxaypSB%qNVLT0|>J3#6N}wUfX>LSPy$&7%WQY@V44|iwC{it` z>xN$-XKO4}H8%}L6^4PIq#O)G>zZ(zDh*y2hy$cI5j099x>mGQ-&v|5=?6`sG0ydX zP4wCn!7X^k1QBjk?S`8@TGdciVJZTx(RKAIyCr;6Tl^&wG*$oJ1Z5Lz!Cyns2_JF= zI2z*=4~fb>A0SagBaPUml=@-%{fWXJ18jd~ZmFau#?cz3>uP(%h-NBOXpm1(MmXf$ ztnIY^-#QE@wFR~C22hcU9H*cQi4o>fW>OI8I_i^@3}{4g5<>UzbX)!-D^}4O0^j<7i(ImfAR!Ge;M8p32GRnX+~_E zQBadq$0#*T7ho7n*ymmmWc>+KR9KzeF^MULdLZ7ke_;H2iYY({r^Fcekfbzs1ZZle zVGqEW?PoRKL}MtNUa6K-CkgKS9{?1;gD^mO~>L&EB+mF;5YBT9 z#kO>auEbV@SaTVuL87Lv-*=E@B#r4E>XU@suDew@BAnh}@B_;Q5vyeikYiM@fu6mF zq}IS7-Um6IrEnBuIfkTu&c=#Y$)S+3bgHr@jv0^`g4uC`IJu#)m7BhaXA_YG_Zc^T zF>bcmKTR5#yyb`>X}+oAjc-RRfkS~9r$Y*bN2m6DnjafJH3*LXCMqwVUOh?8#x#5j z-^0RiGRD-NPpD@nDMhZ!rYa)HNisnRO|N0$`ZNVPkvjOg*>tFgHoy^F5}V!~X%}@0 zDY-g?4cx9DN>;A#_{tqGp8V=oZZhN$9=d`L}sr%ltWi~)ib%?W+Mw@aM`ZxhPy5;h{6oii=H8x3k3j9SU zZlUBl<-#2nSbwoO^D45u%O8WK9!_YiL-GYW0-m2qXWjHdm*Qa7n(l(>5n?uE^sr zpyZF^(x5H@m6M17C+|;!aoiyk@%x?evXg zg)R$qx#p~1nemR9&y@*|M#x(rBw0v*qNF&G3w~q;!cxM^NM7K?kl!uiNqkGCtdX*` z0Xr|~4gA@NMwkz!;>0F6$tR5gCu9>*&dCjnAlA5io14%8=q{|ZE#itJOmRBL&TStz z-IHw7eUlNcu37=#Xu-nQ+k7$K@?sE{r$(%}&Vje64eELubdI50@Lzv-*2rB%vK-pt zS5CT1#4Fh0{6UG#wg^ zhEQ|&`3HYZtRtL2@ieUfj{Bxzwz}&nFTY?WWJ+lP0YWETDddI7=^<|AR+zi4iB1M` z|E(@0a+*t;wwsdEp$^3vV)-*LIjy*_xeLq6)|?5^fCYm}C9IJ0llq&c2%`kwih|~H zstFm|TGIx3Cli#o;w%OScY;D(XjR+6iQMK)%(TpYj6qV(!E>HYN|b0sCZmk%lVTJN zcgFOUXQV21JD8|ZLn~Mqfel>in)vMMQkBXaD^{@GL>I)j3^ifsF`hWiR^~zwEG9xl zf1Z>FTO!3q$kyL9EhXXq%-+bM+KhCctx8U|=~N+D5Jy^LLh@2AH^;kPu2{WlUCp!* zIT}iQC3;HV;3T3Mh2EUL=xen@`I(w1wwWgWj(rW+s2Q{Gjj0SbPL!5 zF-;|%DD6>r!w2QlB}`px&edoPM~=LaImt0iH;vrvsqmm3q?4)1c>~)49YJhDFo?Y! zH#K!{O12miDK~9;!UT|L?v9(Dn=(OE;8SL)q2#8xr-1>;>3WD6;VM0l=@SQ`xWP=O zuj+8o;&oL;QSZN2{Nz@zo}OKu93HPC$PH0Fse~Crirn5f{^{~qK*dR!T3OgH50p_o zF_di3W%&%zk;-K?G0Xn)Yo-RAK}`gvu(`;(dSI$oxN=>A*l>;#f`wG4d@H?v#hq5j zW)?3En%Lmz*4nL5KviNU4qyAsJRmavT!#iILN`F~dQc4NdW9A_37cy51&ssJ0euQX7BxxZ zVr&Z``4nRqi_-thc9wY>EU;HdrSdR=wMvzrf@-H_`cn&2=eMX_BBxb=*b2saB>W*P zKb%~BclQ1Y{cvz` zad3Kda(s!-E_}EA*=uxg`Xl=O? zRG<*?X%@={=<4L^?eQi$Jv(ijoW8y|Iel~d?)da-6TLgWIQ;J5^y=W%$=j2wAAy8k zpIn_DU#jqd0}bQ+;Nt4!@cr9^3v~Ye;{5FLSlzbDTbPgpy5wdo6;KWlLYRrt3PW;jKL>QlVrWWJL${{G)nG8}gOz4oL z5n11~-tNu7lxrJgdYP?!=Y_!Nrbub znaf+;-qoT=^0J}}t65kcQ>brfsyEZ)tG>lxZKhA$U?r!WFh#IK#^PI=__o7qByyHz zct|!uCMa@UHK5??Hp0oENS$y4mtaLC2(&=qQLr9rU?SExfexjBUN*#O7}l7M;~NT2 zQr(z<2|@KDnBWEtUY&p!O>_{+J3+33;k-rD>WgdO4&4)f*$0#1*D<%*ViqjBssN z(H-Z4bLTD7mSZdgfxe;Ih`Kp#H||fgu;C^&kt^WV)C%*r9yNMmqs2uL@bT%9yjQEj z;NbUz^Yi1=qmzHWlw0Vk0jux@KXgz22B_RxUlKy-YQYyabr?lxO)z3LqY2@vPL$H- zHk~F9eT)SnX_PRbn0}w*=$hmLt^W4Ms#8)D9GTm0Vu(p)XezDG)1;edP1TInMjP*p z8sJ~9Bhc1CO%)?nB(cgQ(0FL=z`M3R-z+pyoTNFvvyMJTbUCoW_KJfsE_XlTBgaSDcO$%9wrT@iXdb?^%`z{7%C zf4p8f<9D^@8E53cJQ~p(!zrCJ@wdrjGWi4jW?HtEysUq~eSi$1gWF zVClVX&aTOrE$+T--)L{}H0YH8i&I)R5Iu4db@fopQd`p3hXg7} zQ*CZS@Qt>(1sgNaipdD4aYE29tgj5oIR?8<8k>}Vh)Lx|rkz$a?XyBYr}EkLC>rM= zTS8Z`GzAGNTR~=wCB5c~-SHLlUfCM_hJTz{Gx3^dJqG}B**wQt+&n?Pg7a&0nB1zG#sy0c}2 zpiLwe= zvhqq5lA!Kg^`L74CpJN#O|>Y9b%ny8yyqN1$HGc!zUx-&Qjil$(tKs5*X#AM7_BUk zFzh{BK*pv7vf>B=onsZtX?xpv#RMozks!1dp=*+7?=vi89QCR-%$Afoo{}!P7x7Rcw;HsgyPz5HND<@tHZmF|z z8iy1eU>Z(lvqC&Eo93iFFUiR_2Nv(win zZ{A-VNWJu1x9mzjD3?OF?Pj)A{MuGkrmE2kmoc`=WCU`U7Sq z^b-f?08kh5Q*ai#49+o$OBb@6Y({g`NnFTL3=XTngGSb5@a`y;&jqRc1XIJcFkGYY@YA~Za4!KY|fN}5+ z=P(GR(oSP`?PFj~F2w})cCUQJjZQyyx#gj~bk!QwyTW8jg#&Inpkv`<1U!>wPFsbA z9)-xl8uuyXWw}wh_%f^K=`>0h7r$gLp=!_|YF{~!O--n^>&@v@S*~l9W~?h1WmH{5 ze}(&^KVd=;$u3XhNNnL0Z4oY&VnHS}@m%Wb+=`eYLd({DUdR_mol( zI08EB3N*Bh4ZUz~@o{vnK{ zk?JXBb{8`ddo)pLj*94$vluel$=Jj)g$Kb=0X@zkZ{~`M+@Z!ciadryU z$DH$M3ftJoU+Or@Z$TwWPru6<9I+T6seHBrK;||2YWC5oRD`-d!Hc~SiXW1XMXgS2 zaORZhi0x@W!;pEXj6Xs<>-3J4p5HO_tu_44{L1d6v+$0_-VKexqLJPLTPY%azWWa? zk?AXS-#Vm*zJTx}q; z^F$iDGdLj)Yx}MLdEHTjUObYJSeCPC!kya*Z&=%-r&hjgST9zqEX{nMxh^>>k6)BU z-FWPZly~H@%K=oLv=;fA%NJr%-u&D$Y%f`bg(Na-@bW1X3XAaS#mVCNd#EFNC3pU| zgo>eLE}D&-e-@pGZPk=nzVA0!!@T4mKt)5>pBn%gIYx^9F43hKE;+?#|N zbEzY?=e14rBnIDp=8=zM7PDX1*R&bZHs;d4jAFZJ3bZq3$l70a%)jiIpJB%=NkW#p zfa%nWDs%d`2!6-_}cCwFI`MOM6+0?yve*^)GD|W)YCrNDdoiu8QK`M`0a)&_vM9o zvPHE)`jmzSGU>RNHHE0_j01OIZTXPR6`T$Lxm)ZW8(%*LIynWHSP_RpVggWn(`GF6^CKJhHlWn#t!TcHdk9?S$#{c-l{CIJ#hXY zo`6|dl_ApI3NWc&ZqqK~4`ht>lC0G=4P}NY3M6R?&^f8h&+$siEa&eJyPz_Mm)NI%VZUAO!vc*bxNY?~Cs-lJPUw*Nd*C>YKz zTjqY^jU8h*ogQ^7J-t;xoR>y z<+;pF^T_MML29jdo{SlID?wvx#xKd3>F;f9Ubc>ntF~)uWpZ8ogBNK8t=UR5e`vi% z<^UX(RQ!JeBj_xsp;%FEp z_3Ld%e5{IeXE_UXW_nZ)C2Q-b){kBA!%5}pl{Q*AepL4&mkZ%4ZvXI))GAO%51x80 z?=p-$n-zl?5Q)yu8FntZ4vXDlguAGOecFEK<9%6<#3PKxfiJGZYa}&ifEf^q0u zm1dZlqoto5oHNu-QY2wL8QMYtaT)N_k1Xl#CIb@qL&&)a(f0|1R6B6fYyRBTVLtG9 zphs^Ej>wkuY+>Ljv>=m&zvlx5a_v-%d$0U?)f-lK_p9Hky1NUmQnKrxbA?(XKVw>4 z#O^aQtM09GzrvM$@LEJ~cz4%P`9~YoyXMc`es{OuIz2o;YoGQWzE~lJn2r1>l=VBU zx9zjjRjV48IZ?TJaM0>@#f5C8dmYlq+~;5jt%FXhXAo1jJ9BbzD{AwZ&M*J}tLarq z{8i<%WAtk^ue)ia2V|t>vl!CS4phe_w_+~_XgrnMPOy45^gIf6KHGE$3XNNING7j^ zeTe!}P#1!SC-qTWk7?*JXPiueT1LK;_q$IJ4Cslh!aP#{ZSBkfgbsh&)B@y8{n9=B z>8neVCd^ECS9PL$_)|}c<(ib`>ClP-yEv*@82DE#E9m{nG+^mk!AY=C<~x-Ob$QV3 z`B{N4PbyR5%abPa$QF62GQ3VXiKf#?zL6pY2n$bghg@BP>6)bAoQ!9J&1z01J^0fI z2X%--Q1@gAZ$9!}_v&w4rflZcQS$A@nHsCw@RoX*L$U~-Q^BCc?xw3{rS)K)vcj9c%QIK1rZ6$R}3&k>OCcO8@@ zhLG&;_TO9_{M71cNx2%KFL0E-f6QS9dT?&iKl@Po_nvkmU}AutU0fT@qVQTE^Jh2Za0zg5|sWhKCe`^9n$hJ z^_pol{AgGTe_c2Js4WTwELa4Mas85F3J~)88{5Wg3pfG4oE#G#`qL>(h;8qyQqq(u zgZLWO^|rNd*kWG0V@RSQ)x(Bmc=1_vO-0(+_ba$wJB~7oe{GAs3=!9}2jEnY_slfV zcBOUR7pfJ0XPf+iD{$q9-kvO5p;KQ5weFGY?aG8D)T0R%YY>82xk#o$NI-{7=tKnZ ztuw}F_!3mh?AJUITy`jl=h$|S{BHlL3!GC)v}-}xgNJ@`z@TJ1%mlOBm&Be@_QZS%U9VX$F7?miX5!n5X`oZf<&|_W?+#hyTzo=U7s`e~GE~HOvk^o{bE|j!*%Vx|Fj`NEL{79dY=n0f8HW z!6Z=#es!0#M3i)C5Ui%~d_!c|#ibuZaxl>(Ts>uS*x-iFxek0Ctc*Z3a1><@LFrGW zS~kNt5EgO_`!P~Y=(Z2A_7)KkX#fII5y~iA=CA;7=kLV@S_!$SZlf_tE z04jVG#e}*EWE#oEn!an|)&w5aJQ14N3=|n)Z*{qcxKbE1ggJ*);#caj8yjXb7wwIW zO|r4kX?1&~c@BR;PT!3U!&wX`XJf;uKsX&{A&`e|8ozZz=PH)2*oY(1Y4O(*+M-#r zAL{s^-Zc$f0A5jNvd_toC4j#<^Ho+j1-k@~__+`~&e<#kk`#5WghX$F1QECyTy&fS*^6|KQCm~pCt*@RAtk7)CB5m*QwfI*;B zIExb_3Uyi$2!RgL>lA-^C}J_oH;{=Wh^UvQkcRjqwUml&D=K7H^hfvQ+NZh%dE9Ip%l%xCc-}m3 zuNhy8@0#arTQ14FrZg?f3=O>IkaPvaXmmf=?UcC*C)TIX(s6NeV!7fTH3U7-!p7Aj z#^}$&%d5eWkjnC7!3XtoEN)IkS z^?s4Q{G2?aapDBN`>gf|?^!8aY(*^VLn|p}R2L)X|7Yne>J-AxHI{U0v#gp&6Dm%B z*~QOPbEM)SBtC{B2kcs`Ddrf>$27yK@eKhfo%46YLd@GVWt_O)TroB^aT|H&C5L9` z))(4J%&0flHgp-SkVQ9D5i9G-n9a4XuDtZtoQlQ~HHoKT-hfdkBvS4qiDE4q^lmrU zQ?gSoNwh>DhY-<rqG;;NRbQ}`?&|C+;D&!VJg${l+Dp*1x<5! z?SpPAG)~n0t{8x(BZjM*5p26FpHv2AZ7W~wDdyH9rmuB+F~)_E4T3&`-iUJl&uMkM=aSREOE_xbqV}z zBnwDWWTd?|hhl^kEdVB7qCz|pr8pzb^Q1J&@t*sos_k$Z|CH z?If_V_JmG#N=5Pa37w{)Jr!2XN;;Zv0@ZEW(lKE4)Win1~0Q4dpK~_O9fZ;zun+T#CbrSlR_Y!*O z5QOt#p&QMFF5$@&2+RT6<@09D5T3_`pz}j9Lx33U&SIJ87tVadFsLX=u$xm#xL_jwAc4atfO zz$TmA-49@{i9hwN_VTRk2(3PZsZ*Mf`kLlBz;kdQOU2c)Mprq5QHxghfw zASGwYnS(VjxgR~&T;1G|M88!9yNvKc;)^D;6g2$DlV5V_aipPCAa$CF>4BdJQIg?_Q3cPeN#y)ivThDx;26_ApDo7`sbRTkFF z;`%PE_V^oQ8ap7}f@RQ1E^-f!7%?+a0aii>-pNgn-1`ke=s52PIH=IEc!K$oqMfpa#;~s4#Ba4d`bW@kHvEl*7#g5vE?7)2;y86cUR+-G}2Lvod)|Iaw)7NlZze3?U?2 z6*{o%kYhRvU1R)OE7q_zo~P9fAqvtRqU)^G$Gz8TguhL0Z9!>2rI4+%_Zo(fmec3q z8+8Sq=AU1wH}ONAH%LEn=sU9vY7?af@G_a^7|O^Hh2NZ3EVg0?L+t$8CbjFK4Vr^Kd1}%?A z)bPSNz_S7cu@b1CSwI(~_H`eK^&0XL9qwDHX#iY*)8#B1ve;{n66H_0ye(*a6=rpF zYFy^+dvP@ci_(q(@YtgtKY408#d9!?kl!GJd5~wsnk-=Mw?Q}LI23%G;gHS51RoT!SpME)zh;;d7%McS<7F0=xlRj=64PaI= zSj)mXs>{Ta)>F0t^Psm&BiE&;X0>%`pw+<434q*DX@W1Fe7zFvo^wHx8nw#$FA=wC zis7yNjsPMX!Ppn(*Dw=jqWq!t z^O%L|w`|sJ71ABdQ%^*l{$A@~{v|qU&=CB>3}mb*H0}`QC0c8$EOY~~ZWsynQ#)@> zCh$m%^pb`4HRDLX*26c8l1rASnv78A|DB9tHZ{yewa?ElDK_a~wOo!yukYm%BcHMW zT%EdUEF-%X^FYbO*ZT<)$mLz$x=?dAtsFC09?oZzOny_vf6&^-#?Hn@F3-PUEb}3m zON!#(8yma1@?@QoBuXgci+h3J)l4sB>`)S^AIbW5#?-l+A-8Hav{kmu?ur>T%~g1^ z?*DvwmP>!MC_GbFc z$!w3L%P?6YiP4hm zbmHWbVNS1IIWoIoh1kg|8vx@D!3+U8lrp$d+1P;hoHUpOxhj*TXK^kglcsS1Nc+{x{*=5}ryfZqKm^9dRL00l8t@c> zS+$7fN8<&iP{51*YZf=6cx3Ex=McUvmY&5yfEJjIk(QS3^iv^|!CQ)d%J4FDMKaP0}E>Kq{AAe0?@DaSe3)8%Ayz z?f^PVG)st&VyEEgB~NK`2B9B^Z@`@W7=A8gTgb^0C0W&KVi z8OEY?S=U~IIdY`nrt{DJpg}B(=f}jJl6o{v>V+e>eofaJw|l1|AF#PvR>KKbrDawASd`|NYb)F*SH zh)X#e#rALXn%Xa&ZRf?d^BaxzE9q}8L_s)1KTKje2M&h1r4;H&;UVhQ0x1gB779=| znmACx5#n*F07Y@vIWCcQ|Nj$*(g}J&YDT;esU!R>rf!hRD2*1FuMj~wZz#9EOkM`c zNth5ssnw9DGBIG_52+vFj?DXY0^^Ai4rvA)@AJop{p0qVPP6l&f8Ol9BP_fo*EIIU z%sGZNQM#VxJkPS$WMvLC&diDd+YHN4QKJ?=34Ys?!>kY~FVq*vU^rLEW)(taaj-{T zBVX-T(1DSRaYbvbe#0rEHr`#ic#ZfMNvK&76cU*G=wtF5j2quc!MJ2DH! zKkVPa$M@J6E%NPlf6Li*wzs$J-9DXouUh;TH>I`G?jZZ@-ibr+)XMGw) zL488~P)s4MBdPi_ir;-lh&R0&+2RlTc4_O5DD6%~nfmSDUiDwSz(Luga8}6i30T<{!KejiSK3~kAV+AeMc z4_^|@A*&nCVHRwH<^vA>gWQfCkXa~%c@`rgURIbp=6Nn~<~UZsd>! zEFYvT4tZ&{$UAnV;l7p1S%~)I>z&-rlyz-;I*Uhn%ackpBJ1v!*In6ZSOQOKM>98? zOa+Btu1GBjS#~O`+qxE5x_GIn%Zwje-Q>j|vU!Q^Sa>Ef>`Qi_8f}!!QsFWxojCMG z@#BIq>d{T`NA;3kZDX6x8Pn@f^{TkA3*wZs;bH?)|Ie4faR)R?Rp zE~-k(shOG1f&hQd-e=Kqg2+4;DLKf3sO@?;%A%yq!`KJB9!fh^>FuzVeX>!=A{BGq z@*`Ox78oZ@zb@F*$g?$4V_l5ZhQ8TyT(%-!MCQx9)*3>#yjLp8&9j(|@SA4~WUL4E zb;CqgAhs=kLnk*OM9&U>YIOj#w%h9fnu{!=yjapgN+8PurYOb&LL3_fAZCvd*pFqhvfBX^Q6^1ZyvPv$?Nm8L%&%EzFyK{tok)o0Ej~lwBc#|F8f=nT zD3QeAuIt14xr~dlK9{e=h<5IdnR^BPxzU7SxP=b)3sg)95tn@?6Ta$lL;0jU_3<#8 zO(h1QAEup^;U3A@#}g^WFj*Z;A|#+f25?J9tJ(o@|4U3v&4kXV^84n?D<8mxyhJhp zT<~y>?-KA}Jxi8^el0GLg-0gd)F zikJ)nSX*1YTR3-*?$x6^ltw~fhopR1fqz510TyedOzVKfR|V=!qR>wwuoTe|!UV-) z(-Aic0_{JyGXLo#x1<9P@zfV#sgkME3Cr-O(sk(;sx4a@)6BYyloo zWv@W}*Ulwo7(>?ltuoo`NmHHBgD0tnDP-!FT5MW_auP>TLe_ncY}E`uG%;>=D-)T; zv#`l8z-qMxUtDrAZo6R@K z(>SvXMl{ybab;I*p8Ls>+Xp}3-APQ)W~C0(gzAh385YL^n|hh>49IT*=Zi4XvccgW zX$T!R@-Sx0XNQ4Jmh@lpDg-E-Xekdf+`_>w61bVc339eeFmSg*9)W^i>h zP3lWlp3jC@a7me%QSU4a<}$})8jR?9S;P<_*3X04$PX3nsp+#(wy{4hs9%~Xr+C*8 z2Z=p}8oah_zvqo`aQXd`jf+DpJ-9S>xZyozG|c^Q6fhZe0tB>zzYzS%9sAeJjsj1+ zHDpt#$`WURr$)t{Q5;3rnOKIrwdBE$;rAs_0}pigh7HG2bd~9%{7!YN^f&3QEv`@w z$8&v2_Yn@&^HgVLC!joBhvo99z!z?Ub}ZPeV(`cZ84+ujuYvqcc0a2Rh0#sw;;OJi zb6tWvQO;{wu@8zR0A(w@9vDl+({b@fV-#Exvp-)9k9I=m5`Il6-^mOa$5-hl!Ic7H z>M*}pQ~sygxY|xOqh@X z;h$vt2s#M5#vqvngH$Mqm38=7!s|ieuzuoCd7p+}KZ$+!ir3d5+R#qM%uc3(t;SN* zqY}D>Kbe|N*fG749m&5@$Uccb0~(HIbRYUbpT-u` zSZGRv@|dmsF15#WkF1eXV}WzLij2ZScb*Md+0!v*B|BW~<7anwDF;}Sxs5D#IST?Y zP>VR^{vNG00R8HDzL-rKm~r--WQz9im|e1%d=whyli~uOpUcxlg3-!ELs=l46FSYu zndh;(q%NcCDVbx`*i?AIGLnGsF$)61-PoTdh$p)keP_KCTW7WNc%XwmG7_=G7fMD4 zEdftbv!T>Rqc=vTMVw=48Zca0#WxIQh`7~Q3slZZ#QMVCV~LKRaQ>$K{^`JoF(H3dvVaL5$=yd zEF`Fz!$w_HD47z}Ep=iq>ma6xXKGF#9MGPEG=hS2MB&k@aUg~TPw(jYB(EDdebS<+ zvD^{%z%gQyCDP`R0$vwta9e1A_)5_P>FTLZg`F+jIYMP+a1l}$- z(T6t)_y9I+JY(9;3kEb;{?b}BiK5e~R^)&PM3=+A&|eoNt(r=uq9*}2%}_lwBgw-` z^x9;M%~bG+pYjRhjG`#LjBvMd?*KvNbrNuCCPQ=*V%vgJ!=;WJC&Y#nA})2L6N7Wb z=Ga-W$T3q-9TEZ~!^nnTnwW7YjJxEZ`4gKL=3mlKhU=xPfF2Yq2F9k+D@mRwPGtj8 z=JycHICIvB{TzjCb6KCzOYAa=37-u)`=6QEe3Aes>q$iDb>w>w3|~X7n(fyX}XCQ(eHOA}dc6QbQs@Hg|Ct`sI? z76(fc^rWB_u&;V7p7^2I2i@+mpoTwn5z}hjgh;D7;#BdMV8luxD#k0QMVFV5SVZW|WMyCy5icsEEB-yq&~-8(e1J+#lTBsUQ_*P| za~sX7)SL$kaFXN$5TIV*c0>I`T^F#K6133V_1;oclzHYwRAza;%CDh6K z4bmHKLw<8Lbm+5~u{~nZINYN*e2==5z1v&+_V)I6?^b^Hj9IPUnjhcUGdcxv}Af7xu$I;izR>rmGHtcC6|jU>PKNcW=ZTb=>cB2iLFC; z`$zGejk(L>^4C^`dRWI7=sI1o+-0G>F1cs^oc$L(rny zhI~_X+B`+o9+yK?NZn?Z^RfqQF@kT#lE;%P#3@qMbE8eJ%_E73EY&0m;yFot5f#^m@-A7Yu&FP(vsvp`RWR1kFz7wOUr-Nq^BnMp_@audZ@_;x5= z_&dr4Kg}W2Vbh5FP~)5?W0_7yrpL>`a`HTtM?wy~#arrgu=O$Tx!5|-O~h-;pVQ~q z#&gw1twd63qfQ=!8*<`7iWa?LjO~&?zohl#4eB6!Wv5MM?QAlci$5K?1nO+dbF6GK zr>wl{b*tfHn{P>69huBT39|Vn1QzpY`?YomxGKu2`5!$x^3Nzm5?c z^>7vh_3Irh^+P#@^^gDjRR49OR$q5EY6~eKvWZo) zv(snpcor~@SLzaga`4qO-^8&#R8psT*8YK`Ak9z70mTP>}s4rt{Cg42|isyU@bTx!Ue5+k9V-VXgIl_%)cb_4@DCn&38z)T=vW7&CeW zPhIJm#4}h_Q@g(xBND?Dkj984^$uY%8zRdIH(43_7Bb97vlKZ98 z{Lt^VI`3N@_)q(w)i+zt)e?&Mf?DTio!)*~r^ICZTXrm;gyS*&%XqJ3VAg<#vTiKP zx_oy>ocFjHu&RQ|5I?_5lBuY#?>Exz{wpNNS-fA(Kwl5^c~8qPdHK8q`#VN!MzI?3 zV}+R{CZ$=YK<^2{EbUZX%QQ2>?XyMOGBrJS-%b0n=q8=f>J@gdkPq$Cx1CnEo7oUK zeR6?bLKazuRuqwBwR3THdC6kIsKkmcFRhiTJ|JNU_$AE3E9Ui+n1=k4#eMK(!N9j4 zjQ0p*7E09Y(xceip2m}fv>A6>2c1@Lzj$B|+1L*~LPJEd0yCmAJ*j638nZO&J6mKE zFW5fUUVh3JDW6~AzIYi&VWMrDy6uA~OyVdA1eplJd{k@d>1Si(7yBrRZ)of>&)(SB zAY(>77E6pR%)_l-QRIW<#>TT5XZEG8CaXXmjAt7g>b(Q8&u)Cqa8>oS^3o3i+;9oJs!%E7SvN8J$qD~p% z)!O_6O-i#M2r2@_aIFA!$MNNe4mZ*@&|Flf)sPd(TFrd8q5>lA!^j3h0N%0U@(os6;r*p8WUY5uS29$1Q zW<_#`_F#wDY;wT?h9dC8D_(g-GOpHn-dypR+MV7}UB00S3Z@tF3REip@z>{%{$#na z-eK1)=ImUkG?_dT&cu6i8(UjjTd!Wcfd6i7ZRP&E{c`KY&VOvb*m|+^>cy+?cfbFS zt?lo>-}(MO$krDf>4MLUCp7+#t

NKe+!RpEcz!X9!Kn1O&K%baDH0X)2Yu8bFF? z3RX4Wxs zgOOibK7Yh=ba1aAGV2*3L``tOXsk@VCJ657+xF=%LMv`gsXJ!!MrzX1M_tyGte-EU zkbFdTxbd(2&j8Y;&*c(5hb5{(*9|{Cb6pJwh#6;GD*VOHizzkKV#tpwCS~I^O4!E6 zo~(%YL!MwXe+Wnta3C&dQJj({ZV^5f;`&XfkFm1g{t5Hq0Pr6&KRLoY8eA-#Ngj8I z81cDcSvBr_0`X)_I14Vp{gip&m|?ydnt3S*qwcu$aTmABIl^G&nh@j2Q}shK0F=QL ze-IQn!!=kB^1yUQEn7WQ{UB$`1us>U#Y$$pS}}Ypx|BC#G0lQ^1n1&6#+f935UMa| zWy#lvsSmZ(-*k5*LWA?Sd4MmwaZ*aFf5qlcp?AgRDLu|O z_oJ}yg2drt8Z&RN+dbafp8Q~pSje3|O0vG|PsieROtb-GZB0tKk~d2E!<{r%1kkl& zul+DR&k{Dp|SY4=RGmza;BbA-DUteSN`1o+AzN>{(4uC4u8_QCU*u z?wC!OnvDB&Qkp3yT?S8zr$um9`r3Hke$uCEGADd&AOoe%tJkaWB3PBea~j2o+3Z8DriNeW zGcoBrqAp0l1$|sj=3T@SlKCJRF{;%&AXF4Ws#uJAUZxk9QJfVB_d26tJF6IGy$v7t ze75L~te_XA@PBJWC-4)8qfCaA3+XPX^?oR|KB0?|w=5~mp=~5NM$?uAu^43Xqg}hi z4oOwR7vij>Icqa+nJQzTkz6p_S%;iNF(V&Keo_h~UlGkk;cm)W^(1DjKA}8eaUFt# zCp2S|Pm;;h#j0-xzE@{83H^=)SE8ZkheegV?yg}@nkAQn2nhPPz!BAZ5 zIXXki45Fk=R~DbLi_VIw@zSdQ4qEVw7rP}o?%%fla0Pb3s*?rZ|D~M5=P%{-FXc2- z=8sWMm+FKIcIe*Uw*I!A(>AlqyQ0pyGX1~w$A2UJk>C-G=kac;F&Wqgmu32bauUbG zUL5Lx$>0>u^o6;YX`I+;^5Y!lT(&vg%NGtIhehNv)DBbIF7`r&XHs_zp&6h(4%KUd zGD#{puXMm_XqeqTiFBrEuogG7<~^wLK%Dv_oz8$`6GxsjLehl9vrq__y~1Q>(A@Cx zKCit$)YnFC-be9h1D_usAWw_fJo ze_y_)o9OjrmAa^M9R2(4^h z$kVISkE}1w6jm6@FGY|N-r;&n}`O!+1RLTzzerI0;)zwrm-Kv>*}_1 zi_V4^9jHOPWwj(CfWesPn$e}G125%ra^d#9(6oTaDfM9x4V4uE0B2ZEgx3$=HBaBR zj?dmY6Hmc#>=DC96Z<5NBDoxphUqd57nPnht zFU73%W-uq9Zh{+~TmnBd3Gmra9_tG-_ZV$+^7`!fu-|DNx0+q)LvN?Flxtd+6}ONT z1xFSbaAV`}?B~;7`=mwMUD9d&*G0S2IwVJD9nw4{QfMN7{M#_9k%^Yih6-YUa>a+h zlZpceubh|8?Z6?h&(*g+2g*b0UJ2z9vO>|sADZruQQ+zF>w_)l@6O9X?HdL8l6@}C z=JhoZSmkIcgls_8UHNUs<~F8Wmh-;BsJz9>mI|~L3vk8e=xYqrbA9l+Tp+~ZqB>(! z7a*@UupwhEQw7riO`Q!L1)M7PrreL|I%1!|(yBAbWX8uU8;T*J;lst-LX2$TTy7Fd zbW%J8VX9dx&8MQBj>QV9=X1fYDo3eW3o{LRN?4|7QHj7mUe1C*Fcb05 zN4k=Skt^BJd?T=};v0g+t#8&tdwyBzp!eCA&ETLi~(1|P`twRzSGHBi6 z4CescM9il@1bHFJ- z{f%p*Fvh3?f-IX1Su6qGWS>>M%QT9D1{UChTAC(XO>g3d17h!!L7p+-OI1VsJ4?h|xPt|(mqG(z1t;yeYkGFIVW97Sm5yU%M z$6?`otS2h{cmnCfqX}+NRcF^BotfNhnFs&_p^@FFW5pq7foC3PiYYOjA3AG^@`5>) zFgGV%XNv}tmC6T5EIfsUSk@X{Ku4C0ugIo@l>4|Nsx;<|4;*qt{Xj-UNe?UAgK~A_|4W?LAau-`NG0cC6h2GHO%%s-<-+(ZAzUUq6Gs9H0+?LHuOsaQ$0iz! zH7m*mlcFExy@m~7w+R}CWG`MCTTO1G&)aHQBIa1%#L*2hKjv#PxL;^NVn;ll?O$sb zIeQ+>1c&SovRe*!0(R@+o$$&b9XXSw$3Ri&oAN#*IE9v`&haSrN4`)gg&>h9QRZ27 z4EXqAbc6dy?1KbRb`+T~iYGJ>{3+j|{_LCTU!OnXle;j|=@eiSChSWYe;&5~Z0~OG z7VJN}+ke@AzQ(7_{`1ZsjY$)4DSqH5bG%)^rMObL2z_xd)4)VbIYE#mm45=9Zi9eK z=xrqsOxP*{TDk9?C1XFl9Iq5wm>4%+g$nFA`ZG(jC=hFvqWCmcXtl)YH)RVo{0 zPXc3qG!EwGg-a$ZCfiwUQFLJ^BTk)^A~kgneLG5jR(O9nfOQ1~Su4g}y$Pbx9{Ko= z#UAO!LL+I1NhI`>m~?39j#*5O>5!9?S&;blK@iP6(oJHTu+hBW$DUrQ(hJovh(`4> zi#Z*xiC7WB)s{A70eUDA1$sEBkIHudBiO|pDS;$du6BSm# zR5lpMsVtE*YimTMhJn`*mmx|H+}elCr8CaRyC&E|cq)bv1w9Nk@+-oTfIcS;hG>CK zl$!{POEu%(sCx=ntVI8rKGaq?bP1> ze^}`L**oF?%}-JOkAi4OgD)ulACmvOTd!W^<^Rt1%fICR*Z3@x%m3c;0{K)FQ?3c9 zl9>{eeD7@UIDh-Xf|QWoB0mILtp`3jK}b9FlR`FpmC?-7`H_>E!hDB#^gUu3v01)J zqYd%u_xEP;^H~s_M}hCovlUHON+{?|b;*>3&MPcU&Ng|*$IpzvY}foNiDvGYENEq6 z6tN6pvCR=ns%5FDiEUA#HGoCUv9>bge{)2ABYzb9xyf~yIVg%LL=+fm6_UH#0leY z#jBkCZ)fY}U;5wI`TXD2|Ng+6GD-d1O7XV;>_z*6pW^;c82^&Szg71CZr=X)^84Mb zzxMyv`20Ece?knEy$lL^1wmjbNnm9Pv~Ck{RR!23pgf_s2WTgROQO(XcC3fH@Mo{g z*ZJi3KY|gU^kWVme~~tp?*A9Bc6VRq-~V3jZoT+x|9_3o+Bfx~AJ!qDqOwMg0y^TA zqvPh={)dJ&xA32*4J*WdcKaX1UsWtY@V}?3*jcaNJU>5fA2i<_w;ERewAr^Rm4k~; zr*+!vzi)NA?X%NHb-Pmexzjv9Z*}_JgHHRr*YABeZ}mIpCx@*!4GaHkm6ka?JNT*9 z=^vb(oS$`D4GaI4e_EAFw{_ZW_uB7U{hwMN`tO^^7os11&O+`d{xu*w^vAyEv9RA4 zom(SafNN0xi&t#UE8P!WsNa3p?6eO1kn{MWbKI~H+5sKdFXF(;m+ZCHk&(y)`@1LJ_dv80fZo^82^x}$#o%Z`y zr`Vhq``0X9T+dt{U1?UbL}`s~t8>~sDH+;~vl!5k7S>gYZ?SHADCH}+j+@VB3=VGLO+=|GlJIXJ!${Mv2xF3uNFl1^7$ zG;S^**=hTr+3g**j~5Ou^j*r6BR_a(d}hy-B>2$k!k#~5mwqT8J$;B}@n)_Ou!trX zhjh_TR$9@}WnQMxn1y~KdV-lE*NEtm&K2*69Nf1hZc7poM6=Kt5M3dRR7(5sGLnH; zsb@O{I+?Lo)>fT6HC%%UJIyz5+P#zi>NgKSJc7W;Fi}j0Lq9qB9|t>!A|%U4r9|52 z%SrfCm~t^cm^=@9D4OnfKXiMolm3V1iP#JvfZ@tv8D)ed?SnWJqSLt&(l7lLr6vB3 z;xS*MecJ6ckB?g&*^CUFXR&OlvPRy*OM+Nsp3pFni7EV$3}@UA8RsO3M!s8t;eurA z_L`@M&EvCEF?|UQJsLzIvy2jw`(TP1mY4|hS0zXqmJ%G$k(P`ETt~x8O?w-1Qb}cx zmZ$1pR{CRxB^p-dPotPx$cClrTFrghw~Qm;p=l4Uhnpk;EWRngobf9?P` zO#a8JRGOV$`>1))JL`Nio$M$0))U49O@G>tS_ThwV%QG4p&bR8D5-JU=H)cdrg*Xq5r$?&U4W&2p zriud=#gzw3ZahY$?IJRt!gZsRmK1xdXJ-JtwvM4Q&pQZqK4D?P*YG>@E8G0zgeI|n zThq%|oR>oc98-CA)THFbBA2OHJzXgIufC}}W)`kkIkR+Y%6XfssTMr$NyqZe`APq< z^(G}EbmRVE>!^8g+-q35K%i89sCtSq((@oCB{ojO%CFuyn#lM)@Rrsgs(!+=9#m-~ za*`Lf(VI`xw7aDZDjARxg{``fVmkjuAo>`u32Mw))%#pWz!|~D#TmCuDWqzz*ATx- z^fHZtzvu)ld@OFjuaMx(s-Abw4lfRRaJXB<4>QPD)xtqj%ls}rCG@S|yrH{in4IeM z*X?s56FRMKcYp6S%s+ zVuz%#u`fEu7Fi=l5j?s}!=en@P&YEz>G}afk&Ia~i?M}Ezp}KESsXY-_HB=REa~yD zR^`6ZX}xXz@^8PzoDFkFIU9fAo^m$wTj-(YzTBp9HZptUp@u(WS2!DT6D(;%v%TiA zf0l63r>bBhc+~5c%lmeSamZ!cK=( zGZdr3L#8dO((d+Cb7~n0Gy)qcfuT@jZ&<78%O#i0RF`<1&b*A2)s7wXmHwM5% ziY1iM%CxGP{2*`F&r}o!qJp<|%EHTN26?aaEg+lS3SxE<5=~s;XQ9VpQfG-P8f%M9?;}6iYLyeaQ%apcT+qzptYaaT;{p-CVoivNmouD z{1bDvrC0N`yQ(tISo;0Kd6I8fxmhwQs<}aRGyUP8AF2JXrv2Yr_TPWK+kUlqFVu;w zGLaTmibUGI${JCoL(QwoaBgJK)hn{Zw5^yI0ARu7UcJkjDesXNg=9!UX%r^wM@Xd% zn!C-(uLKfmX;#(;k22#+6rzkJN(Cqb8SAE+e>AVSfpI3jBvT zsot3voqIE$43eB@H>8esFW;G(_zGL|UT;qQu&nFL-Kl@b?@slL-gUaH z-ED2&e}w(FwfUlK|LJOa|D`>ES8>U+Vk+cgf23XZghY^_hhlm0@&6vU3ZAisEQrDp zYzc8~Bg0vu1mxN2@dp5Eg0Mmi>GKo9BXY&q6flt!jQkU<7DhJ?Il#kZLIt;kurw2v zj3WeoiVz%Js>_;PHBX#e9QWGi$F2VP+kW@pT?@p50wzdi)4~k~!K~deo6v=boGY4E zjnudDRpYsS)u{AGEIEO3oXwKyEIEtc)7YoOfPs_zxeh|!wg`^~2hn(v@^08{P z^DEXmKIjV_^nfJuDI=Cy!Xo>m?y>87I12)@v;W;T`Tcj@YV{wMHokl$Ru#XuNTWfl zEsOk`H@leKI|403vViDeS=2e&t2y-h(Eb}e5i1o30C#c>3N-|Y`Zgx(K zHL7=N`1jxPZ+Z0&C+uF(vBb|n$|6>d8VKG+M^E#kITB>@{*gr+z{MpEGXUWCE55ok^;M(u`xS41SYa9EH!O z-JuC2Uqpp+%dgz%&1pVUDTUUKg?HX?deB(>D2-1%YmJ4LVBNhic#y zQxpkVox!;r=GN?-hI zy;i}V%dZ<&{r69wZ1^8sDhy0SpLQ?8rlOemkolRj{~=rC`+@l@$-Ft;Ny2+oUkin_ z1Ph7vX={5c{T>4!wVMV1+3l9*13btNd+e4^{TadOA2q65X-3dyrK1VxVF(m-lU`xk&xA4Le_UQRyDvZ zgDu!kAlEoJABbfkv#By#p!&^g>5ixxjS_p5knO^bC`=LgZohn1RE-eT>wq88Nvqc^Hd8{#s;(C_VARrTnP24NP*v8G*OrX9!8z!*I`7*D z+GQKWh?OhT>ogD0SG@4cyH2Zl*s#R$m;RP3BxkFC+&*ok>WQ9QrI4ULQr%WsNRa?I z`7R=0A6a!PC3AXY(ph;*wY0Ah^K0WM&;B5mK+b>WdwC+~sAwgGRLwD^e~Br|5dy8F zMr^Xe`pT=JVoy9P+WJY+mU@y4uV>+0+#vO>7_pRnF28Wd&*)j~M&N}&{P5Bb{e+Pq zilz>^;0(ok5)qFLXCpW=d(n{}l-?_yf1vyAled6ekI?1x3E+a&)5S+p!MSDWYeM`>L+mB z610B*J@-queSG|(NFg^z#ylxGx2BT5r7I%NT;fFxRtBuy8Dj@%i|L}=FI^RE0x?63 zl`PfrB$}SFlu{Y+;a1=Y)mi@Fjwg{vUcJ~_ji{`39F5d%h38c4PocOp6a|Y#_V;r< zsEDFsJu;4axn6}WaN7DAgaR&A$~9%Grj-!_Wv3#ss{gt409Xv*l;%f-RJt48_xBrPLN$Qbcc|%#`8+!KFy;p0YEvP>Ae*_iB+a zRu;QIesZ{I=4*|q6~|G^%H@5{PzAG#RUifVZ(Fy1LOz!m3`!8%7IbfD96pNV&&|$h zv3qc>cnq1-vtFx6W=Msi5BC{OEb)_oDNDTA%;^Q%X5#j=yZdo_QoVz6_wc8}WP#Et zS@g45mGH&`AEKHh50xzK%xw5s{aM<2S%X5%8J4rp9K4k+t~z5ql?q(-Skhr0$!SP_ zIGrVpto_Air>A=_Cp4# zs7Ti6Bqq(a?N6bVE}Yg;%hwLOGsKqw+zaM07DfkA5Y1xwV`gXMmQc{RUt94*+9&5{ zonG^_M^>#;y;GgZ^NDO*anXYXS8eeLpVGF|#b|}8m2<6kc6f$aa44<`rhKA-I}3#F z7qD=YjEOf7>BJY3aE@uBXhJxcY(#Mudg9t}MQGq(v697ka2Gx5Q#Pn_#*!*sqq+ls z8lrjOey_?phFue4{oo1vhKyM-NeR{m{n^2L>YCI! ze`Xl*!Pzy7A=(gpOgOn2`|g;y!3-V}(ETLjk;<_b!Q(JYJdYq{pd>hOC!VS44v3BS z9o1KE`m#LZic%60QQVPaK}PGoFYck_nv;A;|S|7Jx}n8d=2! zQs;CO7pW-~g9$S|{qEI(totEP81*2Zv^(+k$-dEl%xzfgvCox5tj-anrbxChoF#hL zOlPz6&9FALENa-5wL=M93|Kd!N3TRnFj%ljv0LVnSNn#QN;PpDjd<>IZ0hW5`WXj# zQ+}ymi0>}tbtz*c%TyJLw;wmE>zP?I)w&x*U&Co!X~w$sRe734;=q!+S~r(<@b6q$XQVucB+OAUDx8^23DZH3t<3c2KUT8;`5)_ysLX* zRqw9Y{N5tpeW$8}&q_l|ez+TFeyH9-oA;G0rL1B1ip{e+f*$uzY|a}R@aK2*vi$vu z&3{j#D<+MVIdhThV!2I1K39~OP{HowQZCvwo?nrexbc%`ANSyub??__;@?m~{Cg*r z6sfHeyj$)}qT){XzodGX8QeYj6%0dqPo$DzTiw;}E0qyT&c%gZdkLLg{>0|F;2v|{ zbF-_pzjT_e*t|GN1|qwg%;1OvqoIsUmV6Oinl?rd!qN^o!X$J-KoGrs7P8wZ%4T(d z%9jUZ(5&gh4vDqMGshUvHL_fFM-FLK9<7#u#1uK!QY>p~3?ZqSh2Xsc<>3KJx#LLN zN(@f?@u;s{4d0!ew3b`Sqh6t> zPcz{?(oP3r5#8csmTi197xMZUz%g)0Up@7w>bN&--R*=xidUiKX0sA#Cn~UWCoG=$ zAs9MKd>6#k2WVH;v|18{#F%P4jnn}lUlnq?fw7hak2_b%eK5JsLJX=Hu>`}ffyL17 zidM?3w_UE>Q@riIS>SC4CKd~heC>&r=6L)-C&4=wOj(S{C&6n|Ooy5Y2sF;g+pWw7 z&h=fP1Gst_gZaQhFjFhub>oMK`A=Cfmds~|) zi@%8;7k59-cdoSP?JU%}%bq;fpC?G*e+n`VDWjhOU|HBP3H%U%kacgQ>G|2W{8RW0 zPC-8un&19@MhF->Fj-T1NoBy57%2_s2{@zLGAF8eRg%aU#PB#+TO)@u)Q*MMejJ66 zdtGgPjyG96ppr59@u*K|5UD@4dL-z)S2u%H0fS`X3Z^GjohVngUaPXUChAHJN_AyV ze%)B`5x@O-L|SD%exM#!%^`u2;%5(7VI1)!TSLZql-9s8VIvhe+*Wv#Ult zXyiAu^(p+;-j%*?il7DeI#XNHZa|{jKY*GxC_i(h){d-f6kpnM;b<*weWf$sY+o8803<$i=MBrFelR!Z z23-BG*-;dDEN)oxPtU4k=5;cS8Ry41kG!$$5SQw|6N{zxqtH>cE%|=;z=1B``0_ix z&<9J?T}8Dh^lCzHfsREi<;a|6lB6Xc24YrP&Pk|HaM} zx0)@S=&4uRL83_o(Fo|WoKlMc0g}gmg#?>bwG)2T{0_+>GWCQSq|7Pl{y9)a)O9IP zkI&wA&U(#W>)`D4sG{1Dd$y`s3$GnM=YBYfuHY}(+iGq`v0{Eb;oC4u{7cBH0e?n; zC$2Ho43DCKp$TKR=#Ri|6CvcHkcj!$Kcfkg*x!Dzzn$3MBHjih*00{BlYd{iuVhD9 zBZfh*dS}du&|L_AgLflyy9pVmlV!L0n|YT`*aa^*0ixz3e#lEH36m~%K?q zS*^UlDV;D?B&-?7W;H`aY^ZA5qEbz(IZB0Mi$G82jHhqR=JB9Qgpp;~D}>ZPh@=Pvn^!M`1#T&uVz>5hFog z98|u=&josxVUp2i+$HCajQxBUO$tYlaWw5@zQ@@)y8%z$>aO0eKQpZb&o~1=Rq1T) zUy^CWxeu3ucA_vNCQ&SuaaU+E$(W*fB?_6cw48ObCnC<_8=%>+sz%@IbULjkV?Xxn zDUFkPU6)S(WmR%k1FM>&Syb8zjT+QcnFXt-ODTLRddBlPw+cAB-o1C;$FmXbYK;5a8E2b8!}`6 zf!v$>slz7GHOodaiyIn>Zun6tY(lnXI7BFaX2-0&hgD}58hrw#gV2QR?C!mMNygDE z=D9u44igq%)1YC!d`Wh8$p-vi)tzKDkrZt6B=Up=ESI_Y?&)Wf_NDd-Oi6+B-zK>M zlem~&vEl3)yr;o)SFG{`VdbgxLKhoP6dzMLk7-EDRAndP={B*d+1{hN6Gp|2vMz-c zv4bMZ8270k)G1}opj9Kk6HOpr+b-I@&DI`A+>rGDAAA1-AIVW2io-Hs!#9cHhI=7| zfGM|TSJHYlBkittjqCx>N~2xbl184HwY}EL+SYW9)M%!A+})!G+5!9H-kWg4BZfc> z*vqjj3d8O{^Q>RXy zI(6#QdGz)Irqx4X=8qfVR z?F~LH&S`pP4F=F7Fp|R~_yU(j;5%jwpW>7Id zb)-S~k>>@xl>8AeolPXzN)wk!=Q~@+y9wUvBZm8=@HWPtG$EVoQy?pm1`A5guoaTG z3=fFgnCPHlC1~u{w@;5OdfPp+ID=sY>wa6rS$ibh5RhwO2qOoUWPbzEZh&~G&XKWC_f#qNwed{Vd$k4im0htj(cOP&gcB=O@c5l*&Vag1_mj0TcIA8`?boqot( z?;-`U;rVFr2_?~Ql!S(;q$D>)!ZfuCM=W?WhBMFwx$HV4 z-K4qwWLx^%`V2BQF~AuhfW(dlIT8qqs;l1U&=Dt-aD?z`&Rum#nthFW27yp6kzh-m z+Cz=rpe`{2YE22Zh_j1ga6te?8%q@Ncyp%~6aL56XDH^#ty|e$P^4YY=&WBi8$Qgf z!E!^=gj)Eu$Ar5G`zZDl^`N;tA4T7@5}66CW~Yu%>3Wkt52NY<6D9T&H}0Rzb^sq^z+ zhsQr2JG??1St~RysjJhU{_xixw8V=f>1j!D2I7_q;^aVmHf8Ix53%osC*RO>bu*O+ z-H`CTBFX=sLWjlGFiQmacrOUtTGT!<$UyB9#8LD-Sq-6nk{7~C#JLW`D3LF z5%#oI)1bi%jd~GpmXq$Hzv&@#<>w>{1fVoe(c`u4EVjzaBn2v}-Z(U9k=X#NMCQ`4 zc=~ySYLdfJFX#n1T$zJ8v-zN(9O%+4Ix3Ae#Q~D~B+6t8UK}d%kq*0)Vc-*bo2U@P_-w8Y786@A+skHrC;%Hi?`EC(bO z1JpbMjuWS*P#Ta*+qf)}1&LP{DH@)z{Q}Y5Ch)r~FDEYR4}%q8q*EmGAaqt*$?=mL`$q=d73krzRN^t5)WE!w*saN7UC8h!wxqW0@v6Cq zD@~~?*@gtFDMmi4Z*Tx8>EyUZXh=N`uE_VjL>)OF^n)ZJ0qTWbW`Th?-?k!YYC0Ar z5@ONN7KhgxrFTR<8P@bK217SBiV(i*u8~b27@YD3b^GlH(k37a& zTo_qt9CMgEBgc0yPhUEMpkjwk0;UN<6bB@sCu;;}7!^sA;B4-P2i+=7c)Mt?K!-BA z5O{!nIsL$Ph+@HCF!h1TpjEp{Fk5H@#Di-(Ujlq8a8ex=>CPl=l6$0VQ zvcKws!7L!p2XuQk@nWr-fxUuH)iY+W6ip)%`u4H+;jzi}=r-+uWIy&RCEbBR?B7z6 zyv2azK}ELFG3ePVkYhp0@gWW~gTTZ|Zd86y0MH5tU_^aEe$a%a;acFC^F&|Ow!*Wh zR0k4jS)gNq_B$LAB!N$pe^P6;s`iTrx!bf?h~FB=xXvS;l7N*onX7bDYOM4~nK8Mc z0%<0s&qPa-5alF8GX~^iI9qT+(36yd0{3H}L)E+>W7Qo8Ei&QE&7IXMHu^7-LjVw~ z+X%R7VtOopRS`TNJsstznVPu<+&Xlqu)?Wm(Vz5k5E55o8j?f2yAt>;bZpYDAyK0E zh16_k%3RCWp+nq`k{iP#gZuXl4GlH5t!7w1ndHX4k-_1ieFwybJ`7mo&Hj-=B@dirYT-V-ev9hmz!m=6w^p4>TOy7qkTVrvnBCs{z`%<;jW7(6YhEuF+!94<8|F zs{m~pLNFwE1|aInl(`0+Ms0y)niPnjLmE-0>aLzIFCDgXM5ms)tTRiWu0^Osi<$y{ z5NZHjVYwG)gmztoD$enYwpNcOU>CwY&W{+~V}Ddf~BOL2IHXvc|b z(;;gKAE@jlyxJm*HDng!fFBAr6FZM*HKEnEvKxoHC6;R@5`4?@71?dp>tkkM;)q>2 zei2)bh_jxk^ARhQpD`A&TO?R;-N46*2XWO57?g?OVb%4Pso-RU4g12xL>wm2BjLi}^KG5`8uPZL^PRS>c|Y(nhK)K!jhcq6$1*kv38W&|hG6(2I=MkQ63*=BgV?33 z^q`tFTkr{9U+UbD8^c{=z?i=gdx9QB}mRFpQxZs4}wM4wWz88SYTJ}V4WG)!mUiK z`Gt)$q8Sf|SeBRERR>g{8Q@D6KN0H{iiYbWhHr$n#Yis+ts`i`bwy!^?T4$lt_&{H zgb<_oFQ|o&d5TWjKF+HVy4jSM>}tppHa^+oTV&#d;@8bG@iW~&LI}OO#FOHco7c5vyI3yKd^E6>6yL zp4DD3fPuz4kE>Dv0}q7!k%+>U?V_IR1`%}`%?i@4WnCF{kxA|sp5TtCBjE;m-4rbs zl}5FSEm3TrVfPWVPkrJY$+0PHY0wVvZ@Ay4p~7Wo>j86gLa?ENi!?>7-EtU`$y4~2 z{fabN3&CJ*B*b~E7|ekfC*9E+-jT&A+3v|lZ25J&fcBr+1r(kE)ubz)?5EA#R&0l* zcg{F26S%a{kM>d>*v^W(3@sunXOk2%bx38$G5VAp#RNM)>x0D(1_7+qv1TJ4H~9Cs zxp-s=A;(_t5Fl2lL(GPs%^Awl#m>l*Q%>j!ykB+k#eo3FCdSf7i0d&+2TisN>@*w3 z0E(B5%x{ibTCzEigzPsMcF0wkM>^EI?A{gxoNN1LUp?*e3<`EObN42HW%&%dD=F>MJ$KGoj#K zOqR6+`*^T0G3F|XJr5k$8AMVE&(vP&${xe!;{|`~=w5vYo_gw^;`pKBs z(;E9x@DQU))m`;N)sX~9WA7w?$*xbk4&O9@!I(eZGg9@}#5Q;A>f~00#Y2K(35XHy z3NGnEy*zIbtHm6+w5krf14N62*K^0@#gGKnuDXkCwUg~h6aZnVFq#u;F?6TQ@Q}8+ zSb`!t(fU4;@arN*RFH~GFasX_F zKZ&00bRw?x8s~8c5&9U(1LTd2fh2;WJ98+V3_i4Qhhu+;q>bC^NVmWQzFR@sjI*rJ zqV4$Uee9$nk0S|_@a+_Wm`V1dMUDER4g>tN=vfMf=W#c*^&0+4oMn<7j|%o#b_<63 zX$m#)h|MBGRDRu#@3X=K1zx7Sl&Kjkkvpp~+oO?~QKC?z0KV!)q#^qhyJMCbG?~8x zcf}#W{%EIRPe?u=TG6hBhC)5~w91K2=fKy_g1WISdO*|-2X&(^lh*tFY?6Hw?(saU zV|0_JMjeudOKugD{o!G|3oEjp=D2Jv@HI*C7#HJx=*WBKX663C8? zfyw-lBNNj{lmudg1%wgmNf45VQJ?^Qw@M?8S*oHg2Mt%uDyuT94wod` zRkwGRHJl~R!BtU>pA>s-fXk`vyd% zsLNrhAeE8QcO{nus|d1s$@G^wtz=9RN69)~~xrgW&Ww%S$+)Bn}qPD<@!@C=(hDh4#%+ zG8d8T54uuSCW`Zu`O)m;(R{H)&MG9=FXEiE;~J_OW4rTp=y_p;)ermhnyr|w;3>Pbq0sa@X`);OgGrEP6s>I(O}2U_+ZDh zgJpS~l;NVs(E;m6O!VdUV@B=H^r$gzWZW@ZTwr?JvcqvWEjGBo^r*VsC2(ckDe6SN zNa`)JkVw(~D}0raZg1&F)bzsxDAf~Ey%?B5!$&MqALN)4$wAN# z87SJLi8CO?1j~w8>wC5x7zi{?MDfXR*qb#ConN1XMORAwrfS5v0znC#7Wy} ztVKtpj0UkKc2XL&<$y(B?MzzGr!BpZA-WO)2YLF}R9Bfi5%^|Xq%@vX6N-}s~ir1V4$zHUb??cTot3>NtQeB{CJM*mMJM%fK*^XUn z)LPbn$Rd6l-nA>Whce1x^k5%-AlYlOv`XtRR%MLjVfyzz`gfK_ARacf=tjqin02^! zPm0_&?8CoBO*wW2@F^#~?A|RsIUEi!vIh&e55nsha+=LLB;Ov#dB+eCSG}if^`h(%5`8? ztDp)^oJJR4i+ZMwkCXUYe-rAaXV(-paK#idy0Y{fyw?y@P+l@Uvy3(z+?0H`v0{3? zZ3+8L~BFO|XzvQ}+%Qg=# z!nLT~fV|>B)H{s|Nz<`kYp)dy`e6a4md4uX-q=m<6CYYg$L#CFh35QpazhwY6aUEv z(o7pdNE^S`4*kSAIhR6`vi4EQL%Ti`{j#OJIWBngPkXOS{$82~a>U2AgJJ1!GE!&-^tD7*0Iwh<|n=&V!A6^Q`3A-RVpYwP7<#+hN z<$5$NNm@!r(!hsuq3T^X6C-{c+IDC~6L1QX((scT9EB#L1s_FIej^S-dPUF8(kz|X zu9*ofG)D>j6Km9b#dfUYSA<1_+nOyv|3v8USS2~JStSfG#{hXL(y*5hAyWI) zVU#bmjrCoVjwyYcs$0^=XntxYU(9LIQQyVmBDWL~p?O=cB9&Iz*$tf|7piV~8JLv- zJNj0`y2-eDGmnh5QXP+_I9iyP(Nk7=6+aTGp+wOpyC}vc_AwhNXbW|U(~;xzcN?I7>6Pi9r8tR5k-Xbc^&H3V3=HF z5ZpXyEtvsFup@j(mlx@}Jk+AgLtE}rJIaGCx;(h$E)ObQw&l?9uRdxb&K&CNj-|Sw zKudHixL})3hkcKc#+^fNEHs>;(INC>q_J2pHr}_#zCH+P`(Nm zb&CzsplL{gKK35#nBzCYf{r^w0?W~I&`cA1J3QBv%@7;(bGjb*-(j!Vj~p@E zERS*#+eb)CK8RgVp|gF>_OY{0ie0LPAm$NCujlZ#AM;7Ox?IGbvjIdD>K@qjnEW0l~YOOf8MSX3L~0*VU&BrIV&=naM8K zN(yrrzuyG3+|~lb`>0v1LJJ9ZmKuF8i=xg?Paenl5l9o9kI94n64Ri7>*1Kvvf1!) zP7Lh+fFo1UA!rA5t4GUXd~5-pkp(zd=w=PJZQa>2WU1+G&jQ3ONVh6()luqc&A5KB z=*2G=%KA9_7@=tx^y_-S^nH8L(FS9ytATMZ<8S<)raix6a(*mZ%FY+^`O@ZDUKhLW z<5LAD3mYoVp3qH+0cQTvVH=5#RKU*QL_q=8VYJ`RQ9M%sCkliXu0KFHLkvCEew?<< zz@&C-C7Q7X!onMz6JGyF&c9HkG53;$j~^3>36?>Qs1N37UISwr`FVQLcGeymW+o~6 zcb<>&5I4=l3YOjQuli}HtQ+YvmSLmF@rNO!3Z)P_X45F@ghK_`BQoTjV9s3C^aHzG z#J&a(4U^_3v&GWH=ow&BX|S7S*9gAdFl_YWPFXhkWgAhe!xKFgC2Y5{Rfj%dTS27m zq%bW&%YKM715(mt=eZOQanszXVA&0Cs-JesnUOAISu%`VbAEtoib?j%XHOU^flRZG%ZP}m$lGY zYt~N3{kqY!#{&OLe|N_JI?|98AOIVY{@M}YY%VO=!PFHGk$h%FrOtqerUTu)l#bxq zm7tD(-Lb6JbQ~|Pby$ke1);4x>QHX$20}%*1aL%sAhR#XS{C9U=A~=WY`DQXuyHwq z72ARqduT(Sdrjs&>Z;4=tGMeiI3z52So4NDs_l!uvY}6MRf?%PEl7$XFrU4Q!E+1| zRz)mmI_u26liL1F4+2=L2kV55m_L|+ok8-&M;~S~z+lOD1f!S=1CPT{V6cas!Jq>+ zBpCdm21e*sU|fr9iE_l7C;UCh4Nk0PYERMtya|OVr6aKmVy@N8W97`8v?4zt{f%_rSl~X zi%ty)Q&q$#3NmR@oqiIFUq_l+0KEaKlpvNe9bkH%xeogGITmSwbh&{7d}NOdEiaK&UCBx5_gN^ITqePFVX8GMrl%`!{-!()_rqH@#&ErB<} z^ULK(S#Dsg8^Blx$AJT;jfDDEO^=3gp)b|CH|SLsVV&tu?h_rpD{jNFXnrQ7L__lZ zgfrn-a1D_T7n|YV&t5v$G%lt&v8hYH@=YcKk`gje|9;Y|R9Bo=ePdaoaGSWfUxXw_ zZXYkr9+^n&l8Tm;zsw!JH1mm@5g0gglvysrdazeBRX+N9zZd=5_DOncSTP$_1`PBE zF6xu%^w=-Qw`=t(sekN4ALJawg8~bHzC{=u^Px9NU>I4C)T^&Rh$Bp^jq>vP^TABR zSw0{0h69d+Y4n@Xmyo_?yDqEp4JX~jJWl*Zscc&Ffn9@cBgiB-#6L#{hf){Ho=ON{ z#&AqEehaO1%l7M4b6w^*N>F(hrv#d(@Tg*n2;;M7WP58k0WJ=ztcE0MWbog7LrTw1 ztMXsW{tcaqsu0#eQXC}c#mS)|t}N{XcGr!Saoii#C0Mv~O1RlIEij0WC<+O{h{3p# zHAedmc{Gwq%Hwa!Y%h@^DS#36N2S9NkQ6@)_q5IjOoI?;0dickk)M852@{@+<;fPe zwDMBTC9xU2aZ?-ISd8SX2GU1F1Xm%}21qp^>C~0zWm&I1cwNKx&;iQ~mV7jfY`snr zCKK$bBmLM!ArqFiOb!i*FOTM@av3ApU$*4>mm4@4L@|G?FiH;612}C!ebu6+Ftal= z7_xD)9Ch!%xV~zg#OPi#F+;Kv885W!MuJ5tkVj>=R(E}9B#!1Lr|7dKSgjd}!VLS{ ztJjRgSne?WllcA`i3G`WN$SSyGNX!FQF(X*oeZ_Q4=uec`pnYIduXqtC7Njw=1`*$ zGoffA8U*-kBE=4{nAb(ik?thU(Wbwr4Qac*pw7y*3uy#ty%l_R$3Nwgjtn==llTv4f-J_sDjPON<^jYgN)9V$SjROvSYclNc`DT|+$kE%B*6^BnkFX>Up+OsFRoeDURbMD_oWwXC%smyR&9r7 z#A9XX$L1#|4i~b8tP!pbi#|t_V^6Vf zCY*|k;F75kG#0|IoSeLqqp(^-AEi(~ny|#Fi6ez9cGfQ*FP3ss^T)GOlk*eP>0&86IhiYDA- zHF_mE!O1cd!IP6-%Tdfys4~x&ECngo#PSA`0cL|i4|9Wuqhs$Pr8Cj~NX~M&gjI4Q zekNGjqeU2mBb56!T7NI4rDlWPzzwdyOEPDI2&UzBPcM02eEQt1EmEZ;rNXlgy8>wptHvnFqRCNWX+QC;Ma_07 z>(MNm_!6jQuE|dmgisJ4*ICP`7lZJHs?0|^QWg71pQ?^8!#_BDQN}o!8onqsBsOX| zMHad&L-P-1`i(=WeW@XU{yS_8D5*kn&^cpjJ;~A$D=B@UI2_S7{GD>EfJ4M_j`fu*nw?gD}Svsm6ojp z%{U|Q`N(Z)j5N4X(;-?i^yr;w|y;behqcWh1HajBy$6+MSZC$r5lyh1@jbziIr#AZub9n&sXT*$C!9_9!&gn?E_m z$$)g(p^JuW ztYGPn2(MNB&eAvYguCLj_p)f9Nq12wFiRdzx{FeE^cE5DV zb;NTU^>NRwAt@w`Cbo8a#6Vbealtt3k}_Y)&yOC>jb2W8ABS5D&m=n{1}U9~(BdTl zB`mawSOE}W)P*vcKQcc)F`1j6&Q9erf{_cMgWHKT6+R5jUJOLk=2>+Y)5#5~3za9@ zS$$)trKM)4M^1FaiouKW9IxFS1wS^;!LhEHBltWP)jgy4VJ;~=Yi+-2M~fm zGp_Lfv9i;c3o}>(t4q*>)Tanv;Iphiw0yb`gCh5%!57zj=0!Ut^U;wf4hH440J_DT zo!@>k*j6Iq%3Q|@vUpd)qnb@_sMtv!0+iihWX*>K^5be{t6Ks04v;njRk$fW1K~|g zS-}Gc)wZ|W=S&tOKrHM{`KY#R*&Z0IEAJH9e(F?Yd|e6W&3g>!?&3FpcTX1}4-PzR z`q0Wd6OJF4)hanJh!i5Otntm;v&=)cg$TKidm~1Jr%}Ih094OLML92wdqi~+s6G<&CGAt&6;Pn8;=U!hvkN62kYsY=?BnDEyHy! zXj~Dm3Akb?d4V(bvZ0?~DJ{sWFBVScE?xs&UPa#@$Nd}$8>xWfKGrjYl50t2euDLL0TH6VAgZ^wW7}8Z^WP- zyngUgasb<7WQ;w`W0}3i|t*_(oO6UYWaYCa} zRDlaD=m)k#yed({(V7(*JZ>B*=!c`nBHlZ$1tXQi=v^{kPS`{@uHlk9LKQH_zK+#G z;8l=H;ptJxq97!)`k8;hTtU5vq({+NB~qC)hZ%b-4^sqm4dSz zC6+{n;xuQ7Mcgp$HvvPZ2m5tcwkviyN}_s2B+;2A5W6twm>TUq&<(wA1_AUOwCDTn zhJS_`1XnTvIGI1re#{Zs(-|o`{8mSm3iq9qsNq!}TQKy{$hSidhleRq5lCIjQMb0U zh(%!D86~Z8{k83phSG78l)n@^@x>XVwccWCU@{>cv*59L&9$^8DTRAKP7ltC3Vme- z2NzG%ZyM;;7B`K^22op~cjnp=cFe(@U$RP!j7B8#aXYT-Xk!jJ9MiHh=%h67daY_Z z%anFu40M9N*edY}lwxCn)PdaJ%3>~CMWjzTffq>0$jD8B0|xyTlBvBpTju2mI0+bN z4^Avt7&ViV)z^wm=;&2eVY7!O%B@<_HPyl-AF@l4PP$xffh0rdRHjh`kyxX@=AA8z zG!46KpKRM4XQ3ZqEyM~&3LyTDqCJqP&7-||W$U+}=fTXiScn z>~tJSw#Is44Nd`bbr}qf8yN%iZPY#62|#kV*++XW;%dE}9?Q3*?|r!MUQi;QNg`zv z=nPzdzFS>sacQOF0*k~rsZ-sF$$AqvJT2pq+^R(*t_)yEf3SPR@LGamt&1tbY7Sn5 zw3UwSNCQoTCS^HBT-*r_@{;Jt^RpA9CNjdrXqprIQ zBKair02QZJ4Q;W4vKFKoo-W@A`yngSu4_xk{2O{3X+aR?2ZLn6ilt-ma6eMVy7ARO5;{b%L0c!OfB2##sy#uce6NQw+&eG-K$l zM^id7Fw6u96fLp@Y38}QkaAmI{vygT{+znw4bXXR%J&|EwVwV?lBITXOkv}j(c>L@ zVGBORyoWjFwsX|X;mlqZj?fPGCz{g_wW7;vhPxkNBcSg3V$$}5jBY2>?P8*p#;gmr zhjszic!U^-6gJ-(z+jylG`k6vz!al)Ib2x77;Q_D=+uvaIWf!>@}s$8abo&N=obm{ z<6x$cpUD+U$HDl-B=cs#H3V&vLrds3BJrcH5;)B}DIpieoVpc|43oEZNjm&xip>zE zA^kO?D+(%!URm5!$0Yl+A^fWCnCd+Gj&;{wyLSuEX!c>UW{}XeorW5$!Vb*{!SKY~ z*-~wNo(7r-if|Ez3zXfz#r8QT3rp+`g~i$uTfju5VX4Hjg)fO8n@j%B$>}^oOW+RPNr{*@CfE<5gZEgt> za{@`QG=@0OCN~&3geS8_GJP=ib!3Br&-&pdb{Z8DBAcP@3;IF*?vDliMT2 zS6f4QLua@VG-ys+k{%`92hjfpB6OnGk#J)8CT`gt*~7zuUJTS-Tmr)XKzLdl7*M>+ z!)6_r<3R_G+5*6Yv`in7uIXqAxb^isx5;m_qlBL4DGiyGPkn(nF(aD;Sz_&8K<&y> z)-Jw3)7t`^-mPi|Xd&aYs(>4HvF#}|O)Exm*_&6i@wc-?wzM$HkncFdvoaI< z1%v=D6|ux`bENyix@$WDttG*)o=`86Rj8(P6s}$}$Wc0!pLorlo77I==<)5S5TR5=V+#Lu<@br6B?-dKV=yvf{R&y}{C; zByc^IZ$;{7q&;YFUdBBplC~_8TAdd+wIU|1QKo7ubQ8F2IaS5-wME&47F zs};Orbm8q=Zkt?kKt6;=mYzDaP8VW?Nm`05rI$UeC0MA#3%nCKyjsHA*1Ia}J#l$5 zvN$hS>cKS|Pl#^4Un5=Wyh)=p+5#?7pHm5kIL}Q#ssU~R37xC>8AgNpmttl*j1A_L zpCa3Z%ur!9r77}!U-yir+yRW{XO4s927}oYZT=l|k`Crnwls!x~JfU^m-ofUT(BCZ*4I2d9_Gsu;IeOe`exy5xetx?^(GauiM=eVWm zJh_4TAIC=6W-62%t!?KzjV9KR9;;xr9cRRMtRp6rjWwGhrZy;LYhXjqbhmEf+FTk5 z6$&uZv6z4o@?yC4bt^&yxonf(!R5cS3ca(l1q7$rMc#*t;Lkrku=wu4MSpcMbdV$W@9h9;x4!z z0eXJSjhbNR-i8~r(6Z3Z@k}022fl6Whx49bBMiO0>7u7Gk%}`|=a+0o?8PMSo{J~3 zdn#Ubu6x}ctC8(7r;Lcf{tVtk(upScX%9Y9`AK&DM+Q9QuE1EOqARC++&1a*_5Fz5iSpomQ-PpA4=&kXex7J=nl6%Ra0j=xuUSEx3sdp-qsMnkGGxK z0>+|IJ0V`tTVxvSvq|fjerSxSn=qn9(@>}&`PVF{D@v$%%yfdk8#n>1)us3h;bVQv zwz#nHwJG5qr;TQXI&Gm<;n%X_rFA81r$)8k+Z9C6&K`LZszA!SwknX)ep9|@Q~4`% z(VRKm461vTw@doy%T!L$0 z|2~iiJi9i<8>>=>y+GS?OiHj7)02|U2%o!Ei-XQ2`!7juhya^H{;h$SujVJAvluL~ zvrlrPSA5$PKXc$}*qI=AaJFIRC(MN-4ehb)x zYt?GyXfL{Sk)wUQmx>T;z662aSdg;o@dc#hWNo2@X^e(lE4&?T*m8Jti}OiqY}E*1 zB8cep7|DM2yN2MLIvRad4sz%II15p|TNhTW@`60?@kDDiVG7J{XDagfnVKS%P(&Cp z*xTWk*UAS^?`j7^-xfe4^QB|93Gk9arwz-E^&N|)MpwRMt&ipUc@Uhxx;)+Wg3zxv z9It%9Qij}yvEu!A+TCDp&ecqa&yPeIh^2@HdrwObw5{VWdZlqxXJaAHZN~^Y62Tqf zA8}M~VWd&->I0W~bJG!NeApE})|jT+pB$)`)kaRY_kISQX7dP>zfhl2KE-5mW6(&? zZF{}tczkMdV*2tfZ6UnR|GHKXF0?6Eb|y8##5!?8@iALV zL};|Vuzmy>T0oq!g~ZH{x{gDZBng>U1(J}GLQ(`-=)K~&=`6aWHH|69PjJAz(9AOz z7VMyQoz#*%oVreJ%+f4NjV&`U(Mccz8Ctg75_bt2V9LPYL}0qhcg38GybJ~_}tba15C*-zRidW|4)ap?vbOLGMDkGi$G>qEffltSH@jl{S#$v+T|QP`Cy%-JDJ%jAYQyG>2v z15RQi#N3E9Bg}|t?va5~W|or&#je`UV%)66A}`i%#5B{)g+RJFjoD^Pxoskd zbeiA>akhwOBohy@<03Q79h~eGg57mriHmze;WuQ4^8# zs)%zH`Sf9xOGUb9=2YFLG%EH^WKrn_WQ+Fs24Xr^SUE)4L8t`)vFqh#Ko9qTEx3|dq@;U=cA>Z(pT37IgWW3*Q?)D8?_ zgzzMNLv7hs^-w?9looPqW-MFE(fYEX8Un7GC>;ft=Z=Hy^ccVxbYlEgQQBxoNHuJ_<6i^eaQC&C507nQ^GeCN_NJoyI8cV)pcM@!C=X?KyqXJ*!1Xhb}BbJ zG)KBtE<29oM(!)vxapwv==0nM)hQGko;?&I87IB8rXJxjq<2#G+ zv1~7WBAr$af9yvFy935f%qP+ywdDep;YQl*WM#exdTIr=7FfoWJ_lhg&Q?X-I1dr| zFJYoQ!d*(G+Y~nBHGu`FY2kF=4LV}E+wPF+t^=0JYqNtV*|bI_CxDFBEg-IE)!9r3 zvDvnoO*C;%2jAO$Le`rZy`1$SZ&zCGlMLL4)oRtPy-mc zXF|Ac1dX-s7;n>(;ip^@xI|AGs49p6>k zW$ik;Yl^N~QG98un9_d+aqSFdlOTkcsMTFBFr5Gxd+-m)S1nwK1EEl{7aL@tJ}^B< zJ=hy{s(gkEP+a8%j)vn#}o6v5VdvWxMPP6UI?O18Qb*)yo8180Rj|xSWq`%vg>Kdzy0w4$qMQAbGaHgfP zn18PmQtXS?A_|;YCs(H^7mLWp=%0~}8mm|hS%hHw$9hCP(Bg_2Zx2wVQ4W3~S_^l3qd zlF3{tHwKEwMn`kS;`p)2$>RpeqGJcPS+!p%+_d>H$kx#?@n7?Gv*E+s8Z0*mT>hF0 zTgMKL!fG9QzP`QCfQoRuE*bt4PQ^t6RR6KQErGKLgBj1Y8s$L$ZTOzIr&fj7_RN-o z-K0!gATDuDrUwMkGg zNRCftkIWx865O9GQru6`8;BogTv&jtWrkJsaP_?1yMbKobB|#yq?X(oG&JY=&X4EX zeZXP^$QUj1Kp-kf5AkQR_XqQWj28Cup#=>8)CL_z^Hh@edP;EVja*;~xT#zE89^wF zc?0@#sBsku_uYWb2) zUbI}U>OkAcOtq|mxs|A%4ntZ5=lFD*1#4Va9Z`;(f-4FxP_7B+iT6J4#-%=;76MX$ z(JPz(qV!`G;sx;z>SVV8E70?iw8k?fG`NyHkEEWl9lB4^1{vdEYA7`%g&mn|YMVo9 z8&=6{!WnbR%h1ahNO>5~j+XL;=7p7Ui5!`>vhoGtTmQ=6b(oVx~Jv$ueH)yd@&rHXbQY z{Fy)z!_e=%t)MY0a;WyP^@h&S>KdczgVkk49t$HR4+Q+k19h#*PkH72(S{$mHL6uA zEjfS1FxU(eGaN;t)y%chk_S!8?|^huVdL#4Ajf0NR18P7gS3>< zrMe%Yrw<*g08QU@W|lnDhaFJ0sD85Dv{iB1GKp1yJ4k3P?gG6%ST)z6g?b)cGQCc? zxS)Qr-Sk#*+A_UWfZI*)PK9{fzyvX_Z6XPBGOsc1)Oo$40loDuCsz1ohh{eHVY{X_ zg!mB8ZFFeS$yM6K&u*k4*>{fBEs|SGi1i==A)Gv9Gf((1Xt{5j@IEF#)s<&>Iu7)*bB|q|R72R6HcUr(6UpY5gFuVzT@O(z=of^BS{<&4=$Bhu5?X+*D889Rq3I-MRjB=Kep&cRbdIzr za%+KSj^g*7E(e_nTv-b+gu2})RITy6OYRrY+b+HrLCT!2(xM%IEA2ZR+!?sOh_0L{ zs<9K))nZZM(j~$ni&s@$t_loVSQ}_Dur)w|ceo6o^i|vnAa8fVR3rDW={4ZMvKx5Y zy$s}G$E*m2Hk~dE`LoUjE@cU92~5waK*}Jf$U)3M9Tbffo9obyUtkd|b@ShKy1f|a zbK*)Vhr5U_=N_#35CFl;y_+$dh*AYa#&yDYXhz0M|51Bp+u2L7+xi`Bdax3V$Y}MZmJ{*D7BpUEz>3FW;D#C+ z63%d~4C~aFZg03a!QSYd$li!;7@eM55mbMQj`x%7jEs7yEu98wY)hY?u4Cn|Pn2DK zMmoLN7d8pS7H+7B3AMFKCj58YQp^voD1`rF z;6_0*fBVkC(zBTWmIg#-FPqsDm)kq;Kxav()tHa@5m)>^6MMwd1g;fI^Ry*uHD4@c zOUH^CpQOPE&q->mV|KKY&xBC+^~6ghDbJLOsy5(b}D6C(H1wiU8r>(sYIRW z5(yv`QWsp(u#T`-IO;8#D`U_Z!ugvzAUB|aA=xtZG^k|7!Q)>~j5oN;Go5nx~n_e8u=q@OrNFLA)T`>_B zO7m0Mt4l`!x#_V&E?dk`&m1jei@7N1LT)m9b#4qj8$FsW zXga4Yt~iz}99Nqt6JnM-m=Mic-ujHh0*y|IfFya49o0=qb~JuUvZI@vlI&=!DT!LR zV;8rwMD~K{^46^)Wua-7;-=TxLp`mJt+a=k=zEy2Gj;((j31&h6qa)*dQc+N4{%P# zl1r2*ZF#rt)4$`CtWMOY)=F3##VTqC5Ko2zR0p-Ln07U>>0<#s8tk+tPZT$WOU1*z z=4>6_%?S=WVuKx0*4aO`7J?*5!F2{plI7 z_3aX~2y}KKu00||ND*>dThm7DlGskH^~VtjZLu5;kdyz#ss7|lNS7R5R?>&DXM(sd zd&Pr|?E@bMdx7JwGPwq(pAULZnoZN_2snAmc7EjEu9L)(mI!SyInE6VzQ zqXr2p3CBF!2ZhpJg;I_iAZkSqGLM}=9u0cYL#?VlA~Yj$cROtQ(8@d0u9JO19q(JJ z>f?m3wk;0}gQoK-6E8TnQ&|X2^0D^-ae3+l5>PwNFo@GE^s2){s$E2O(ld(Xx|q01 zi(i;^53B7J+p$2QgpaY=(NIN8pcjQ8>sZ-xtXK8+D(W=RE9d{Am~}D4tdEN@z?Ck` zcqO?N)C$}A!DGht(73MkXcXz0?C)1df5Gs8pz|x!qApQcKWn*+c^wf+p|C7Ei;T-i ziha`uCRUj+ZwhJEbZSH|m@>U(dh_FxD|f^Jrg9b66;p^OD-gR}H9|cy{BGAVo`0#w zo$#WK-GuGV?jj$h8qju-=HaD@upgZVr5;nQBek#|xEpbc^}bJc$->S|;z1$)bP#JX z>T*G~L3T0FBim-<-u6wqB{_$582U6^0*6FM_uoos>{cwGU&j&GiIy-n!$xPGz)b6j z)f^Vl&>BvVuMl~zYCOb4FD8_d?T-=l9P3EQ{W=XPc_69*O-GfT|6VtuP;sBkeoXQv`D(QoqlD=G{h<1~Do)o@#la zXq~OJtFhy=V=EQ1D+N;UMsO@p6E($P$qeK?ZVd1vMOQo{s-o7#ExDGDK(bFl{ujoxo*WjQ4nSvU!X}J7&?Yyg(nlEDE+!YXkBXT4!g0 zAx#ZYBDo7CK|EV9Fzu?}ndrucd=P6=4zCTm;#B=Ew$0Pp;nY3y741;L(b;dPk@1nK z<;XF{54ENvE~CfxhfS(5@|5n_9`Pu)n{~G_v{Z!X1`tt(1VKVIqKk$fT#M2~U& zRyiJQlToev)g!A_kvo-$0wpL{lG4Q$E7J#240lYwitL};%p_-$5w?Q?9x5e`6xw#Z zQq|vaMQjt|*>V+wo$ps?wyRi=0BgHb-Ae*k#hJ?C(qu74=tfE$Pv=Xy5iqgnxH$Nu zG+7i^c7sGBv3y^9LCv-7$~smS$t?iM4HmcnI_5$ZA^<6n_v}U6!S1VwPN}sT4wduG z6=(t5A*sY>W9Tv`%dXO7aeg#EJ)IjZn8i-5G9-Qj9Vn5->yBB7P*(+O*3-iWv#WiPCnk?1)|ad;Mj*UYCRpI#6o> zYNBzpYqiZbri@O6rKGAWl;%tMsnKj{{%EN*Qxs&cLh4uAxm1dR;yCy`8<2Lvp!fVlTn{ReSAFkkk-e+^VhAmhUq5r<_fcC zgc}>CCfe)vB0i_AiS|Iq=;bT|o1}-*>M@(~6W}XKhc`b#(T%O6#FeokVG~RrhEo(u z@{K>v`6;Yq+G>PmCAx*NQ?P((LR7jYMhBbr{JyaeBgpoM~$TqQ+B>KExM3o;uyH zH4a;4r|i~AC%Urn3oT)rP|U~LXp`=BM{+F|b7aJ?`(uqR1F;9jNXfpk=p-eLP;&*^zif8xa=K?8>ZA`xEt83M9yBdk3UL%kFjBc1Zk_gXyx8arHxb#M| zL1qlZ`G)kGDmLiVMU=#~E+;sVcY1ke*0K$}gw4G@e-sw`mA+KAQ>I3~6^8@05f zWDJoq#L$*n3W9ogvQH5^wnY_mO-YL=Rt7MHUyI9jouI?zWV`AQtYK%TeqzHf!ZMcJ z#!MlP#OB2G5im7zq>wF5)}dp8>D*QG zW7$%6er%!uT%=^%72YebeVl4IuvZ|yG{GM$TWGSM!Wy$R8lMQCDGcPT>?+hx%v^RA z;)oc0Qj z(@ravK^iR8TG`4)$FydGWlI!JS;u@Bxx=IGKvm4J>1rW z)MJQeM(#@g0;`AmS9qt(;EG*h=fwDxK|7lGm?Z7NPw`_Jl`sXrW>(1+b>HFKk%{Sz z@nR-FUd$LL45PVGalL*!v+rX2lIih_?F%yd1{VFsLVp^h_ZpWPdz1D+bC}*<%Oec? z(@27C>968?@)!~CB-PQeNWgGway=PU{F#cRm{d&K=tRjE!r+%;66976g=B8|9Ev{+ z9yFJwr;(HzA%u`S_y9FNbQ0$HLvApv`Z~R+4FgGIBz_D&FfKKK0TdTZsbpP5!e~m= zi52Sj_?0!H({b4kTOLuuM5^$0HdC#oTn8%8C#Xz6gq(y*-E7?PufHS(_4fAeWTw# zbz60-ZMxMK-C}=?AT?$N=9uke5;~;tA!OY4{2+%0j8_`^g`F-Gd~tJ<3RmA=6fc}N zG|atfdc;ydrqcEStkuyk4yc)RT=x-!onuF}3O#IaqshFu0w$)%^Ws6Yb-C46g<1(> ztVM_z+A$;iz6E?5jt>JM02GV`Kw@B~$H*Lz?1w96^-9yTu_LFUHZbHF7)W%|Yske- zSzrlMiPosN@H8|GHBojMAblW`L8E*s15;b51EXp@pInV*CkvAqz4(&Ott~_dP9h-d zEn1}_#?}&+u*eol6XV&@Qoe9}{#Y?rNXQ$WLUOfrSoA=9UX}sG9%D3WX=JAn2%&LP z2jbMW9Ks%%ZT83m5DzwI4*6m!TPV#>=0~%W^M%~Z%91AU~se-K`^pu3UmM_cejC5N|NvRo9b(SqrYIs?Qa7bBD7v;{3LeS|^PbolAh4t@@_~lTO7OGC=x$ z7hEBnPCDd@X$e0x-C~d1#1);gU>6;AioX`5Lgu+H<#^4kBVmUBD~W8R|LH_ESC(pK zU0;h0ot^P<9$T4fW<6q$mZyEntVgU1Ee}nUjyA#Dl;XDtP5zBcsGuW&A4eS&Q4KwV>5Eq1&z)3V~&YOY5b|IL~~ z3ryM$1m=Rf0x`qHd`H_)yB3_VV*MtSXX;_Wwl0V3nGU>i*f@!|$C8P40D;*E+?pBKWwTmc2Nn#VSF;^xQ5C@@a=YB{JhY6L zTt9Hk8U(I~KK5Y%8rX>nH7Xv>7II_r)A_O7{KOc5&Wi214qpB%)Kr!Nr6uS=B5!~L zp+#b7>Q%dJ2i0}p*J0VNtOGj$sA0+w40c!-MB~=dC1^(wVyzI|^(LH(I|Y5;T%;C@ zc52XQerhIP%rRAn6n2a@JDQuEidC0Piw>a|%Tc^%u9`krgbqZTfkmRItc6sVPG+yi zEj3vDVR!x|a}ZCZkadREqOagp--;B{?$IemG-LolR}tDPp}S@DDmE@%8g??{xfN1Y zT{BP1kXgOztl60D6PL@l;tl6h5w;TN@gnuGA|yg+bq|YvR)~cd3n}TP_TG@T*4(5< zujmN>`Yir5fW{q1~w;oqZ8Oh0IRo|f(TA6F_bqO(X0hVFaFv_FMF`&u3(KS zHa2;|EH5|e`0No4wg@lMT9LBCl>QbpD%Zhay%M%Yzwxe#NFj>cxM^33a4fs^b$+u{ z;ii7+yKpb5fk6?x1|A`X0U5SBq}2*oyXkh0+&(}%K*}qI1}?_51Iiy zjN9ZZlkOt=6`k)poevU)FzGI$7VOj}b1@9cY0@lRCGApcj3FoxFR^(0v`9H2Ozhh-!T>UI5mOAe5y7x!tuibyslw;&>FL8h7A4qrFOLU z^;*?-mKnuu81sF!9qr$(uebeJX++Jc?h0)CrP7Fe8F+SW%Jc*1T@Kgv-$_kqe`Mxo z_|XG%eN4C7wh|n=p|t#-wvoOQ?Ak5A71~MPv-R8ZW4`)vt47^20~m5o{O7usbe^lw zbdJ^YRf}GOw3+d^<|?!nlb|$W{3aM_}@hv}B6? zLYSzTw$t<2kNP7Jd~nH3V^dC=8!eB*Y7NZ;R)03#$I#Hw(7^)-@V`StL+Zc#_8;8e zGkjp^z`lbA4j$TnsAp*S(7~boJz!{CM;i0fK-)sk(3bmB2loj1;Zr@5z%G%d=f8&wN^ zZaeJa46d2AdKHf70Aw_HQ!SS$S@d|7p;is@khTb|9qcs>%JiLO2Bz{7J)&<{U2j== z8`K!sDxR+LlDz^grBT&g^tG+R+06)Teu7Q$WgKmQq`NT0fK6irwFWP@_Xehxvx7Se9 zd?T1}NbruINe(Bb%(ViAnC$P@wMq{Ufq{WUFSyFIv6~7QJB*W0q4PUP_*Dq&VE<5} z;RJRS%mU+Nx#3m8pbrLJ5GH>fTm{Cijin%{&zDIdfAsrEIz7DaP--YOlo}qnXy~GS zX_B}mZPxAd%5a)oIHi}MSq+v>67$x+p&cbQ>N@U|$|e#(hHx;vFH50z-!u@Eb_7RvOjndMcH&9Wde80T^|iz_f8b9r9^0 za7oq*u{=tobt;uI63Gp}?Ai6eCpVH(UZy4B2X39h%&iduYhd6z(-2C=(5s_qvtCE6 zZ6rb#%Ov+D5T^qL4|;G%I3$PZD##?CpJ4MuBPVHbq}{v0UgoCZ$)28( zn|gYFvwrj6TyaTHPtQ3EmmeAH`4#%#AAjgAukPs?wkF21rM0jA>(^ET>#Em0@QWXQ z_}HsP-tRy0C13mOZydRKU(O*eny^!2ZM;H>j*`qSJ1#-~!hm+AS9 zPrah}t`j34ddIGhq~HB6^T+>i>Up32^k?pcr%#-_AGB`OqJHZr6)% z{nh)Pef8rnIp>$pxciMyer3-qzxm6*D!=j-uekC#AG+^l|Ni%PKad}L&*)i~kF8v@ z@z$ke@=L*~%Jb~ZXWsqB>)&|&g1R9e|a1pyR7z(FJJkMC*S-U=fv;$hi-k|C0FmQ zy)1L-Z`daiR~!HSEB^&Q{J#T5?+f$ay!(PXf1Z5zf4||Q*T3)X@^a4`PtTpc^Gzpy z_%DY}e(4{dvhox6m6@U6u=ggeHV!}dw7GZu{i`;fJO2MZ^EWs2-f;F8D{uSf{BNIi z-{YOtx7^O58gNS`kNp3+M}<2LHcReyej#Xd%k(mN5B50pvV97 z!O1T#e)O|nNnCQn{(rvj4^RGl_pZ79C;DG`$9XsX?#KS*DOcRM`wQ2mrY}GGigVmM z?!EBzOTSoo+kdRT`v*6F^)r7z^@?9T_0&>z?=SxK!cRZ={*Rw`)9-%q51%)ad;Q1$ z^y_ba?~niUwNHM@RcGCD`uy+i2XER_|D%sy|F`fpdtP$E2R3dWy7o;I-~H&ZFFi5vQEc*EEJ^NNvMul?qgbMN=Q@_!E8 ze|jwWth4vt`0LkPbM0&2^rrM3{m)oAc>6EjR{7X@SH0SQ!Sd}+ZJR`VsHXXa45-_g_C| zEudB(`_q5F>qFPP{o5};J$rqw|LUo8dQac}ieG*5Yw2h2`GYI(IPdp=ckh-PANTYB`^|g4ap>1qeqwJt@y3bE&br)s>i7E} zc$WEzdv17t@t*7E-t+DAzwyLdfA&D;Cl~+k7hd+&-@4X%6#_Ok^0Qxi@5}!A+><{% zd-@#jwmXu4Te|)YH@GhVen5f0gg<}FOEMSy$K5m5Q&F=gJpF;E&%Ww|&%Wj4bH-o! z_&3}+{-aNS;fuejed~RL@BfFNy?*)j7r*wC$v?h+*InNjd2r+YmG9hH`Q`ghKJibc z4!_}w#6SGtzWM$4zUqdcm4ir|KO{Gx4rN2!w>%c zm%jer{$cR`n;tju);mA(vU`8}%(FkSa;o;kgWsxt{O3Ked^>7pFRIzkN?TfrXDzU^6sxa{|{&8Zu`^EKmWXqOO3)Cuitf7&(nXBy5)7B z`_4b!_N^PgasF+0y!Y2`ectDPdhIu+S3mOjdtbEw#b3Ow?``(qyzr8@zVid`T+ZEo z?c+zj{pH{D-|>#(O8%*DDBpeJ=H|1XJoK%hZ#?N6Cr^&N`oSOn=qZ2o;tv&`eesLo z=l=M--}*lXuK(1}Z!li<|GVWEnFk;DoO8bZ(SN?@MSpVmUvK>St53iDz878i(|4SF z<;8FRi|TW}w)T_1_?7wf8Gu``UNTy5s*pc;H*f7rghx7p^~b z?{)XR>D+Jp=9ORgj~{>ZousT^If6 z2|v32;xE7cKNG7jddY3Kz5dVMc){;|`)}@?p8A82zxmb^|75@6Ee9|7lz&O(@^h!( z{JzV7`K%W#e_;1Z5|ANbNO z7o5Io;pgXFe(N(%yzp4@7kAyaxAD32zxlLR4F2U;tKS;_;?w``(7!K!ckaGle&w>p zJ+Hj#CvSh|?`58GW9186qK@b4}VUkS3NRo*&6GB9a zz2kzrSh1{qZ6IPp1S?i_t*A7+A|f_Wv3$>zgoL8F?fw0qZ}YtG%FNt*?m6e)d+xdC zoO|w4=k&rmwTpMRKG$10-tK`kuhZ1113eWvH#;YNjXM1~WG7>blwhD&mvqm3al;4`ic=V0{$RYr4*i>Yjzhs%-%WVhDN1E->yJeV*K6(9W>h#(h z&RaYV`Z}l1PLOZ7v_7_MLhExotqWR=-~6ij_MP@$*8dzoZNtu8SX;O9k@}wf)2nwL zc@k7I96U1=-X*thUv$5+^z^RFgPz41GA40v-}mdc-m^mQa5ld{{1d**SXXS+sh5*`@0@BkgA`I$87T?Rw)jTjmQojOo9Vz$EBu z;M(;MQ+!@Jr62An+H>>Xr&GmTFLutfL%ugxDHKo$i>5k}EFLE9b(fiYh z>z|7@j`pw(X6jo;Ec8lGLTgGQ))!|yo;vQ~y(RjC{cHB}+jdaAlP-u$SRF9-u(;b5 z@Jy+};st$=j-B~3ru<3!ZngWX!i2L1MlAH&P=H=G?f%5zrCBA{*SIqO^Nb~JS|0hh zfBRwm-tU)3ugMk1k1u$g0A^)cnCN+&>bKOO^wc$(>(c4En_( z|Cl2)cw?fujefUxUAH~N&Kb8G-oB#SG|LV{<4rf0_NW*%!nF3-**8(#nu|VFN`CdI zvPT`~?=!0LQ9%`@#w*$-ojS&42LHU+SugqAo}AFLk5V48P7c?v=mB@{8u9DNvBR0-Zk@qI~r9z{aXA%=lDMir)N(T znw*|d%}r@NX5Ynhp9w>kbLJ_^O82B3vz=SA@wbAuYrXaa$H$o?9_zQQZTHC}-TJC; zwL|7IpYKbUp5O^Xm0^uaf6g=~ewYE^GSn^OgH9jl;?1&KmWAqVwZH+DZeG5uK?RxUSW@p=ZC((ls973 zmV^yab49yte#@CC$?89_=h`-FdxNdohyJ?t%kho;(zuM5^Un&mjGe>ej*8upp1ta` zbK$;LkH*ftP<$=(mNX=8%ZY#kZM%93WYN&-tqJ;{QtqruekUBMOexI2bD=o))Um$I z<-dy3U8DVKyUsnDHK4CerjLRD^U(M7@xbG1w6LNUu(@p+vGAySpGWtnh-R$($Q>5n+iCvw z%e|hK-&!-vJ2L%B_QLC5+te&GcsG3QheM~{=bJw&7~`~gvhb>JUME$@JDzhV+16rZ z?G&8P=@0t$+VnbYCf{T6?KOoXm8GpFeK38WpJ@C%h<7~3yI^wZwcDlFI@Jze;MI*0 z#N^HjmUS!)*T42WsJf%_YoX<@i}zHP@2y!QyqehZ$fPA9lRq!aUT-*TV*b@@Gi!$8 zr;Zsjm(MjwJ=-SeddOPwnfyc}1*>-DgC~;W1E2G6Mep`Klrm!Sgo?g9H^-k#TD2>` zJm{m|>}C6Fy45U=>)<-T(1?}%*Kn8TM+CmSiSPQ@PWd%AFDPtL&#-lccYQuRx;lfX{3}uU=Sgq!XT|Al z&!4>f_n|9d&aary$mu1h;Vi#g_4@VJ-vhrGJ=r#L^86I3Xst6gX80NKI&=9fgVeK` ztfRk2jp2wBywgg0;@#2T*Y_AyeG|*rC%kz6{v!LzXBLTF6@ygU1usKF%YU!wv5>B| z{~@;5VEne>Bl_0pJ!#+dyz*3K$bj7A{AaTK5k^H*mQ8QD_foLz_WfhO6%6X4>Sn}B z7C*IoS0NT9=wE*j^s^$*V$iR6K*cfhp?;aaI;}S>pC)=Fv8^54X-%(eBzerHMDu+o zGjfM>`n|fP?^*6EJ5_wy^V-`dJExC(7i4SZ&5wbRBU_Gq;Fo>%UGMgC??n(9QN5_M z-D30CZ5ct#p%-O$-}s&^Y3H@WrZyQI4&CVk<1^3R1N3d(&e+bh4G@C|&qDWf*EqUWHu&d=VP%q+dRvFKIh zQSe@X^PPKPLSrLV$HZS;j+YocGzh%&upn?y*WBUJ7gFM8hsE8RE*%i%Qs%d?hdAqi zTv)Nrt>;{WRJ)u9oEK+GY9u`IkVFDJpXV%-*1TkiAHiSNn-6HARbPy`a~nY5rd z)7{KBFJ)`=r^|QW%*$!*WGCOTv~tFS@({sO2{J{NAF&{pCB39`6CC^zNH2 zPA=?{z8Pj8{=LxPK<`=Hi#fN7FZU|14C|XMhNrlkE_wHJe49gq@_x5e|x#fzpZF*Yn*}nC?Q677yXIfch+WgP%+1Z|N z{PI$^3M;ey*W^rX9VBY=UbSw?uuj?G$=eQZTjum-{hY9>b+(y~mx^PRX%j5HJ@q|T zFAp}6Pb?dhb0{op-}9+#$%=W_p%u#CzeH^qA>Xn5Qi?ynW^kv)2B~&wfm06bZx_=i zJvPr~=W%XN%eTXOWQQk#CSMo7$k1qXVM%GOaBmJp7+o)>O>@!{gA)IOCQ(e=U!wnBq3YT`{bW-st$f z2fFW9{=%p|QyH+iq)YndbMKS$cIdZ}C~DpWvY(gs%=S+<*@vpWij?s!hILK9I3e}n z_{GIL-E#&;cwCF*nr!3ahPH;O1HtGx0_v`D(5@w&U&lsstK41$W*sEJuIrM%SrxQz z+l{0%t)Vq1eT=iGyA-rs;I)0)!QDv-D>h_j-@U&XIzKZbw(AZHBNl90;E|`VKRC2Q zXrFBF98O#=JB}Mc1dV*Cd9wPa8h0TeeT~im3sY^P;QtPe^ZHNe%L=sCZd$x-ww1X_xf= zZ+M=kRo(Zt3c9bqce7zeZI{~tuzeqc%GUUY-s$PQNogIkeUhj9=A~3*K9raJJTg$Z z_JW5*P~qSfeZyDzVZz#gk>nRp~GME%-%-a=Z7~CxYHxvd5CpGPin3Vf%^}c?Q28!md3Yw>@hR^N*O-ds^;k z7j(ZW$!|r{rDQMvyp#%?$<|30UU_#~etMjGYj>-6yli*7*{82|D@rij3=S&n7&Jcr zvHRA65gwv|oySblfh&)0-H*pAOx;doWY3&$5cbJxcCkQd*(t>!RXB-rPYzrcEU*vg z`!%k@)NS;%H?=cs4Z`C0oGdDIUNmQOqWNv8x6yv1L;Hq)D%ll~eb7_1`>5=~$vJI; zRJKV^EtTb=qtCI7Sm*YcCEnD#)yGg4{buBIf7kmv*I`R%m$qIqXGg@?2=*QML>o_i zPn#W|&nG#ge{P+b7uVYd=}}qUCadEncY$1HeAD>QKK=Q#2($-AcnnY-gG_%aXK#5o z?^#UmbHkLCEk`>uMnufGxb0Nsg#KNOSm!qP_n6Z1V*6>*`Ps#i5CZqR`xlN)yfKqA zV&|5*A2MRQw06_?v^iI$%3ES}>+$$u*N=2bK4Ts0*vq(bz{U6=w&*|tQENh8%94Gm z7CdHt@yi{P&gAozmYvoO%}VUbcPZ|sBs!)`djFk|_4?gZI=zn@ykhtEGcw=)`)BSM zuB?e|)g?V~#c3L&wViWgC(g&%zCl>L zDC8LX>;+3^1_5cM`L&tBGda243VUXcO+I2hC@4MAe(q-P`NKU25Z|4=EDC$g8D>9e z_tXw7*tGJ2lTXVdAG_E_FE0Mgy%i%UWr)aYOSgRnRqdWT3_s)?y^Q%TWqQ^k)pnDi zcUZ08_>H(h%v@Rl3xHbsOie|X9HR9_e79|Q@9u625PwJX+lY4LjZ9P=}lKi!Yn z-dn^7O7S2nZZx>*Bzlmsrt^-Wn+)c>FYy^xba|)yL;~r@8yA*7C#I z@uJPGgSW35FgEi<%7l+lzu+!Y(d)Q6|473m(Hkx-1CQB9FJtzzjPPiA+cKSfCCh~@fU3}zu`Q2$>i$zX z04HznlHMOHiW~aV!@d03#i_q6_7~Jx`f=9GqR2)gPzti#1N_^aeanZu*!lg&SlnOtlz z=i|Nk7rpd7Z4eCk_Q%K-r5Bbw5Y$+9TJqs|-mH;?A}g17bL~0DAXRwN7j(OkaktgM_Rm{oK3q^3 zx5&$>=5wOJFf5LJrZ4}XWvA5!slwIwmidRg?06z{t>DS}(vA6ZQhM~+vhFCjxYa@D zlZHvfCiIeg&Clo7tkQ1fA4M#laMbhR8MR$jS&F<)2aP{e+M#Ay(xjKminqB(GJ;ZI zm$|P$_Gwe>GNh|dR(nsIQyq+x+T*XR%ML{OaGx(AS8muK+PEra!{V0<&C_0dK0Tv? z<2GQLoa6>DPf!J}To)T7*no(>+==*?U`lrN1yRYsHc37QDopBhA<&L7u7FSkR`{q6ld#xE(}c6QIWlp=WK_Rb7HW$wVS7w#0sExJD2 zAXQj;yE0FaH*aKD(Hir;BPy?+{-{dvc>aFyvJ3iQd7nm_pSif}a=)d;JKde1n#{7B zyT5#AqJ?4DaB+IfJ$5652FW+2)l``ZJ$?K)?8dz zyz^{9xux=DyQA$RTTf&vwjt?Pwmq1(875$MXT4RGw>9)>!OCp$;9+6Tq6*gR&f9aG zyPpr6SKO0O=ZHN;a+#08mPGSvs~D*`p=MWM&Z471F9KOw-l+)KZfox-*wu5&l#))_fh6R|_oD~P zu{=hsg(%_J=G>pAZW@!^8mqW`B*ZFqs1-M2)zD$@b_!|+`5}y;s}si@lxCNv%}g}! zly1B9;UNNzpNo~5b4NPf6YcdYTYa2g>P%?gjz%na(5-cc_sz0yHLQ2~#bd3j_aqHA ziR$Lr^X7@2)3;{7X<3$+2;DrgEq6ijPWQHqpsVYY zr_Jhtvsqe;Yv|DGs<^GcX_lol_7^L>F zecy4RbZPNk671Tdy)7!+g+9tkVkZ^vO(Jwn@ha_)fKjT)y{rk2!5g&deyaIldLF@^COEmX}H(UwvcFyS% z(_g-0wCCcSc#m+O?FaX}Mvp6a!5$e~W~1c&GC#KE83Da<+r9aGj?;=39NXe09fFcv z_%(yCPN*Et$jqF%YNqGA=|+8)nvomRn~(`ivbJlh-o&p>%m?#cN(mK^-ESeK3`P4*KTiUQnYP}N8#l- z#OKLs-A;A^J^Dyfw-!eaL=BY2gXNDGWqc2~bk@~i4wSDF?1I%E>N!+ zdo5nHA<_JV;`FgUu7AFp*LkMrqvIuugOwHQwk+&^!MdR3=)T2o51mvRFV49uILNx% zs!O`7-bvYS2e^}-2JceM`|Ki4cvV*D>{+d-R`#8Ddw!xyVX18W-a8|<8{CBv#LSD> zsO;~3t&O~Lugl@nF|RkC&N+QMqc*jo{ORC}Eo*z7c&RdyuQ=(`vP~SX+gPEo5i7aR zjG_eN_LX?zx3`|AaBaT*Hs>zj?7TUX%MFQdQ8xN1D`cEG_0d0Whugqvg|$zy&? zG~ai!>e-_S7r8CVU#%24+72JK#XfM^Z6nxb$Dl=%ri*k*M`p|}? z*Q_bKLtC`HwWDbC$>F!BaORY(cV9hnZ1}BE+o8rme%n$8Umf>x`EmZhw-@>`mnRvd zp3Q9gZdc48?+-nzgniDNci-#D`f#@zy|t?_=fXq9ovw4ArCx~ZUa?d$=)1~~rZ>oh zxuc?8Qrd{?Is6c{)I~zh_v%t^G@F=FWiz*YXakpAm(Mk2H%pk(?2T8Zt_x{&oANjwnB2YUBV34Z4JFwaBxST zHh$cEi-mE5@HIE$t2!*3bhZ<3uVsIDb@Zy+x%&CHGTu5BD1Q&g{dBLg-wT!bYvxmz zkcV#NPq~#y|0nv}ZXJG$6n*YHXv)C7gZ8)!N{tt8%FJDv$TqGuDIbc>by*+#F3x2x z>fGMNs-D(}&KeH-Ac&9IxE`8OtES~ikK zsplSjy?JrC%Zt+7b!Yl;++X!=$Ku|ITGJ`{;+3APp|4-&J!k$B{<11; z@5B*~*ZrsTsh#59z0c>QhPF*7xS}iHQB-yy?#lf;P4BR;iK1rjq-*CL=Pw>SMo`*0`P}%Zbk_kR#~yaN%lcqZ#@*q3Z1F}$(fu6>!@aMC zcc}U0;OS%B*PnPFv&F0LKI{HOZ*1o$$v|HB_m27bpNj%6jO)cOHA!aq=5<;H^x0B* zIJHomIKra9>*lqahq0MGN_##n&ly}Dm;CkFb-(#pe@tI#UOl|5I8WAb{&Is-pW+cV z6Q5oS*}?4Ws_!W@P*m4cbeN$Z(|KArbB94-cCBjQGw%F0k9KFgTzY-&jNqF6JN#cP z6&+oFr`L9CUNY!(@M<-p}F5!#3?2K5+db|tHWBD^$ z2aWmkbAVALR`bUFbILeQ93BvuTk_M+b=Qn=<)MNZ!FQ(r3-WrN&D47(C= z#JSqJ)4AUYM?7S%x)EGCyk#a=ulQ7lVBfoI@h#cmWjn&`uNP-KR44A+vnjMFKi%|V zi6Lu1<(;GAa_oKf@jWG_r%e~QPZ}7pu*LP;rEzTwpX|6Kv_F6OZp#gAXDqw!X?S}0 z?#rtq7EfO>9yxcAWn5su7-^Q)M>RJ)0Z+eDbGOj2Ama!(OX;8*A7b?cmvcEff{-rjzn zx0|+EG-q3)xu0>`=i>Q^aXn)Um%drqYHBX-c(3GnmCNkszjsYQV}dcwH;SKEJH&AAu@R?Cm$=*d=5^Y!yx_|^qr4FYFMrDzee;@w!R*TT zRf0#QO9LvymD6))-Nc-}n6z2G%64m?pI3Ixn_|Q=5}h%87(qv46g~6JsBb~k{M1a`&4xAplnHd#XE<%!a;4jNgs@fS~Gm< zCU(Xx|24a(8!fFx4xcX0O`EjyE3fF<1p3e#m#~5wjTH$Lwu~ZS%|QY-2lDjf-f1rDv?yK-`&@f#U4~8O*D=hcyZ#u_-_<7S6%>}b zK6ON&_fGQ36|XAhyvRe2BheMzP9ncgx;Auvw#Cpv>oR<{uHA3m*TTshGhk{`hqDQbC8@+A}83wdnh0KKoW(6Yn3t z>Z(mKD@`V{owi1LMiS8>|H(~l@MGE^?6$-qV$o24>#f1kmQ!11-QHfjU0Qv3=+DcFB|ukY{EGsUT_>_;Ux?kA zVcehj)mz_lvp$=nxO6%AOPuHv()0PDU#DYVVh2<_3*Ifv5425)->v`ULfTi`pr>(8 z)e)`_6Q(}yV3|Dcz~<|=<}+os!xv5KbUW=*ipgGs&?lAQUU3!Y@7>>UAmS(3ml4El zw#s@O7_^0Q)J)g^1J>EKetO? zP_bul%GVtRq3veGt$llI=aF%D1s&X7r>rzcJ=_0}l5o3|)s8Wag}3uA{Bc>HI;5(5 zRf6;GDL-#M=Q4Qu$MOR?a~D+fjB{G-WwV&`;_MS~7R%1_OUfPaWb7H!aV z`bWP$y{+&UXA#?d$*tL+xl@hDM#bHHxZFUg|77-8$%dUTj};nrN)FqUXr7|~BF^(o zQ00bGDN68YYp0*io;F=^bOR$RtdcuEtxadompz_d)xX3H-jHaX(r?$ZbY*d z<`_B|I?Xwk(A%q9z|0Ye;mN#G!)(R&4QYjL`&{)s`_JZmjD1~ZF*D~(**nWfd&ait zpQO+X$n-;tt@hXj!R_wVMaymzbx;CNYqw_IM{U>E(T?l(^mux6QXA%_@%o;w zU$*Du?%Y!TtfJe6^#(WFMR&?d&+5Pk@x6O+s(sallkFbAJ@Vn*;{)Kx{M!r8+FC{| zJd2gHx;{Bu|w@Xi98Pv+5K>R_sQ{dZw4$pyMA+` zIg=ats;2s&u%ut?%G+P^M&-2@RgasxG0Gw9_HI^1@9^SRS*GuIpIqAVpk57cm{Z}6 zY=>$+IygD)z~<}r<|`hGx57u}2cs>{ylQFTd-n=Hz^c#6mitecK7Z5Q_<(-Mj@?_1 zn0yk=Uo&&4eBHQWhYlvOWBDB>x(?`T#Oiq4eDOHvRL4%NOG~%i2xdR*;P61cWOiOR zJuIH+-K1*)r@Kyn zYr)KR)%SFrHRSdE)8|YxL&Q&(7lk_B?KK0jy?gSNbKAR}XE>%8Z+8~0J(F;GhPVEm z?M4~HvIOyM-PgaeAIBcH)OXF?=^vw(f3!x-3i(kO3~<=e$)_w*Q*u*<{HH!o!jII>ghPfVL<&z9N2tv=2jz+^IQj(15X zpbc1Qkh);Og0n6B^E!3x*l|?^BZ$dlGCOjhWJ-3M!K<9!tc6xex=D1rBE(CFiN2MXsv$3)s!nU?%+gMGs8p5-+=h@f~wzA?` zSxtU=c%x1QDI$bLs)iM;t*HtV6wDWTdU|>uZsT3|jEP;|DFH(H-4H9=aH%Vqd}Pf0_Y^Y7=x|J^Uc#f z-OG_`B>7Gia+61B?6$coDpa2F56ex_V02Bf-M24{d zB?MqNipazg;w6=dN(iVBg(mYg@qhw|QllkXhH$OKoQOvnQ)5IH2nFbRNyG9kc@ zgkk_&8w&zKTqTEiL_4rd%m4rh$cH36pm9VQ03b#Yg`5X4{ngm2dCO!l%<4|Z0v=LO z4CykQW-R$do6qzOfV!Ltz#z>jd{;ye1)%^erBi3oI1)wZ#AbjRC`An)K_n0;V*mga zi73M{1z$ZZ!eJ2)P+#+@rlmgCL>pRl$iyq!gupTw*VIwBtUYjqB*Gj%EW=Sy#eoqn zD3QZ5h-b^Owo%`orcEt*w3wt1kbzPG5a6RO-hc#JCzRNysG#WCF1mdfZNce)ixZN^A3~#H0iD|43ju|rK?x`m5R&k_(x1%PPG{P2K@>7vXBDt%D8|Ptq*Q@c`Tz}qOopy-5~C1?aUd!Ky*4Roxu;8v zTZ|mRAOMuh>6OC^R6!`j0Dm0BVFBRbOWoTb6TxBy z3Q?C-kc??sfVoh2qfqSAMiL-f|2793cDA!Nh`-9>hFroW7_~Og>teH*LEdIOXbf_BWfa zTeZgc)9W)p3wxdAaEw2_)&tbCQa5|P)yvK#pPEZbBfjw8X5J1 zFq(u&8eST*r5@r`>l%~J-@~K&E8CAV1r|awy#8=#HUrdqs8Ip|AujAwVILA)w^%VTdQxh&1>PN1~v=Q8@l}me4ofH#K3X{K`0jenX9|M=+Tb z+(SlBpYQUAOhXRK=o$3SvBnGlm6*TnpA$7?)nun5#5!r#rs&uyX>ElqZ9qox0sWd99fjwbDU;*Bo$Pl+`(=?pVcC+CA$6Ps2! zg5hEm!lp@n)U@nN)%2g>)tF(qDYI*X%335hz?AtN7s0no{aS?8{pky0m=ZyS_3ZwQ zS^VoT1mturZQH(F8&cD@eJv;}&RvW9a@OP+f(t6Xh zD^8otrYux{BURLNaFKu*){LI?5CICA5E7A>#Um&nQ%EE%K!HIRc>#wyy1-uxDn}Dg zfFopiUGm9-0!{NY6I>esM4C5s2K!%Q0}4^spkN$g%t08AaRhQjJto*#SxLV$r0EO9 z0D)Wq(2$zl!ya^97vBKDkE;7m&?SYW4L$4jR#x6{Gijp${Au#Msp@|}g%Vf_H`;I3 z-yw|XEV6R5X(77Ei>UGUqu*%vSdaZ)=g^(@k5m8L>$plwxLbCu6je0b_@=o zGEkzaO=1dI)>UBvQWg0Rf`S4GM93B?hE0zt}p8J!5{1oEp@bkGTL;n)Rpq?u)L>fPFS6Jubuky6V$BWutnVIGL!)tJerH>uv+F`(DTu0? zrZXFx zppP8KI5E=tdkAas579$F0)nJiGqy=hk}*yVgWfAOzi*mUCL4_}Zjy**s+LU>psi^B zF!GHKE4v>YR?Sx|nVqAv$Co&s+ujTNW%V-oYE%cPl_pR3YsgW>h;K<7g5^y{|O1D zjeBzhRO5L6S?Q#W{GSs}+W0q9Hq{?9KQ5RW88bgBml_!}v{+)80Uk11Gi_9Jq(iA8 z)I%mhwDm@d(AZEWeUGC%Br z#{c>Z-2b0{^~M8jfRREn9OFn3LDb*T#&_=jwX(Idu6O>^-rmvrzw@8}#!pCHvn>;l z_w}<$|G2h6lQhbyk8knFD|9g)mn(<_Q5@s&VO$1EVU7Tia_PSr06-s};sHZAwj4W# z5Eeri&I7PW(8k_@=OAzpI6{1ZqsU5NYY#dIMMJC|og9Yjg`RO&e6ff$q^dDcVegya|%flzKs>zY6#oPW}?*)p4||hl_SU2%Ff!# zcCeK_&(`Wc;qsl|x8}bJ{Cm!Te{cTVSlia0{|;9F&HsPpr#t@%g{ct<&|pea&fFgq z3jiQMWI~wIr5f?4|F2o`|I1&!`L8}y&z8bCEG8|6e_afGXZ~B;+B-J5|M$Q7|L^?F z%z#mHP!I_LUa$a?VGuBhn(BZJ$BJQQroJ>^sZ?@6vLFXR#aszh7~^_*xVVk?cVpXd ztT=cK&LFDz3nC#YsFoQ3BBGKj1dsCe0z|L`Vqj!}NotuAZB175iH1;6A_3}#9)KyN zQV>-!=zn>DCXIqtAy_6tP$~7d2tldFKsk9lS$zpRj)H34tan}eG6aXH00vklgri}h0+awQliV;y9duf@3Zfy}(MUYG zOmbt}SXn!=oot5;A>W!2`#vFoH$=2AhyukB5P-rYbY&zgh}1z}hYJ`Wr;eiuIV83` zF86-oR$#^qfI4PRJ(JCVA`v9OA)znTLI4W$)KwZg%AiIqkVJrFg1U1tI&VfaM6v5=H=|n}#}vkBI0~y#jUW2@d1GHKzWrp8SsnB?<^*OF&c%{cHN4gSAzC z{m;(M;XnERZ~V0SpAby6xt&LAc(jR6Ewa=$WA!sY8|-)h(?M=5A?s*{Fg#P zSRwtp1i*Lazm-FS{h!@``rp6u`@819UBfwG^WB-_)UcAnw;HF%_&?GA#QdiWc-%Vc z9M^^1^Zq4K@ICvFwL|^08p7p081Y~*U{eo z1F6J0pbUVd@<ezfJo&M7?cSh4kHqg zLUrb8rBbPN$cZ#$F<=3KwYr415=2*4ho`lrUWb%Ydx~b0&Ht*s~Br*M~+-3 zW<)_MC4ve`hnkilz3zd*))3EN1JpNKcoDo|umJ&;^@n8! z4Gj{inwc>uD5S!x8RA z9FqX6eg2X3DbQkD`$QK-pgJ3^nHhjWqPo?Jkic{fT|y9}8d0n@e{oQZaS579P&_i8 zLrof87e?wuc{BvW000~mt5C=v_#zTmpkmNQ zelk9dG~HW_k|;qHW&yyWx|F#9i~$xB5Qi|_f(1Yl45AJ{A%KO4Xgq@Zq7Vkja0?2Y zh6_9{H%h^WP#J_n7zakULPUUZ6&QrF#R^ymamfZSu9+N#*m8wL0?Wi~>KzG*7y%ko zd4P6PR7=!x2T&qW0hpRZ833Xvr~(jCgOR|Yxj{VvQU!(sd{V(tkT9q#7&KlBVx`68 zAfc(~(uFln7!G1l7*{iQ*m6Y3*60FUf)a{2wj70{K^$VM`$;*Q3XVFnhH?>N<<+M0unfiOm~Pu5TTW!ppG*RkpU7!OfeepzyVx=$}nK`D1Ucy zVvZl>?EwfOzCtV}k$i<% zeWZqTP?AB41mbdH{UduuBgeE9M3F)wp)xu`QaLd=0ZUTmsg*La4^fDej$~gBBqo{} z`KJ#Jk5{in0%kK?qkySj>i}esog#&b}6xcmLsr?>~%kdY!nuNK`2jzjYScKoM^rwa0UR-fgE**moy@$DWTK2 z*r^)^wAA5Kx-bBISJeFN!shQ3H}n+L6*&}s>X!b5xcTz}=bslj8j2f;o$mmUKySYZ z9@-bKJ;Ljp|1O9Ohhk_6Js!a!9!Z=a5>d+3W138$Cqg7bLQTK`AtIwC6$OI^!9mrd zn*v72B^g2;y5&O>MA>i}alQj0FcOjhns-Fo^w=UhRIS|rOi+O%Ocr@`LW@RHz7VPl zjsSv4B|>%^1z4LR907>>LSnj0$%GBWARIsjU9;$9;`C(}7!Qbmg#cR-!6W}23(Non z3LIbynE(@Di)z7UP6L`6UqDJ0}}-bW6}{3BrzP6r}Hf*61a1k?^)s3K;r zfW!h8Vt^&VNGk#u!A(#iL6neiAic^3BMLwYssJTONf=7|gRvjswX+&s89^r>mQhO% zfeh7%91%9?Y@OqoWM5;EQY!lfM-VARgt{fvYi2z#v_R8{MZk&_@c|@A0F;pN?l=Ts zf=EcHkU%I4fH-0fz$6sFC?=k_yOCb>n!ywSA`?Jza$iqW;Sx;I^d0?yUFHapM6Nh)6_lY{sC7lv=1Y_g_Tl5E=ofGxUIbBpPCAQbg2Mz#|ci z-lmhQNhBBz>F`9`(nyVJpNVcfLPHmj=3qjB7_Q4-20%36Uk9X)@m3TJzdE1*ow8pi z2#*-V970H{*AtQsVtS|rnKoVkIVxdNZPJ253N%2f3fFo^PYlhLnG~9uaRXQ?Fh~d} ziA6c0uJ6=Y3nJ7@l;&H+zy>qwM{J#3z69ZOsVktker}^&z1=ucp&2!yWnwnSRvUiV zq}qtc*diFka5k!t0hYu*N`~N2zkv)ht*rq~9j4Arz^hL)0Sd4rS7e18Ldi!$AA=>3 z7{UnMSDo5{p!Xl9l}-i8#v>s%iXb>!-4{B;WRl*%O#kLrCK1>I!PEZ&aFU%m8W3A|J?W~9Zj)F1_6p)`Ki1=SaHxQH%L#6&$)k(>s zO$@Cb=oZj2*-%ql2n%q{_6?Lm5*O0$PHZ0tV6jXr5=0^4XoW}wp%{}+^fsCqM-EJS z=K)7UgjSn#ikS=0cD@(V&pwJ^>iRo z|EbSCon$l(*hhMHh4oY0ki=nXg@>=e0b>0p3x<<+$w-Ja$u&~zJ1iO0I46jg9AQ0% z{FxDDM(%vs>g3359AWbzwgdr%kdQ4x5h zEP|yC2ciTf9VZGr5|ZI+t*Xi4Np9d|l;2)14v*x69J)!hHH`-dsbkxeN?*U!cL!fx z@ox@1KrVLYgSw*xn879;D5P2rfD-EeII6&K@;#LjjeboQBHz?2AXU}H8>lc+MY0}Z z!?AX7;#hI4xHfixRA^5vj~Yoz+BUv5y(!IkVnc6O6C<9=+}40ZhM6vC4FTRKI`(kqE$a zMF0$uLU<%B6LXl2@w6GlHrdxYIM&Cx9`or7vzpT;U`dEH@<5BmLWltvB*S2W;o7d2 zf%WhsIzfq`Q2;1GNY{!MLI8PCsWA-eqfRTRI*W3>@^~DhYih%?Qoc0RW z8*uas(%_?c(p9L{c5pzbo;a|KP=*nikg}b~5n!<=a4DFeE}y z-ni)lmGA%y3)0+(Mnfq5AV*MK{U-{E;23owg{ba<5NfXD)eo>tsPmvPn(#>AAS#Fq z2XP$LG)KM>!NgovzY|14gjPyE;1W!G^Psakq0CmgRMKyGlwH6V!3a61U7XG?N+k@@ zT<=Gkx&-Pc9xxt}K^g|w+u7PMbUn?a(SyDVkhZR=^+TQO_DENwx|}u&STmijnn6NW z#@I3lCk6~G6RY2G%?OBW0v|eeB<*cgW5}biS6>+i%2dSe0j7t!Ru~>_UYCL@QYz4v zH4flL&`A1nNL5koB;=^u(vIW-il!0Hq&h>Vywe2f&e~xhiK-f)7RpTntt+JcCk@ip!QO5livUK=DFGR@z$a~N03<^c z;z$4%)mzUfN4i7;NysIX*qcQ{U^GlEDGZIrh*vkmBI?{ov|Oh+g`*0H{EPIc10W!S zlmIT3i`1?z;u{J{k!aezKza)5x>qx|>pM{DVlwL5h#);!fTN=$P}g6C#;JS%Iz3-V zHGxWf48Rxw%ftu@2?=gQH1xu0h=MU7f?NqA)R>WtQXVl~BpWm0G?Me4zCMNuf-*A$ zJVa^(H%ljAin9C;(|$FaE>F8xnQUfbRhUc`-TNBfi`rR9&U1o7SSF@n)g{2U)XI53 zkkFavW~i+AGNeIMq<^cNHB-vN5|M8D8L~D%#> zVUY+zHQ`_NL-8=plqA9Uf_P-3=0YtzFa=+;r%?wd)XjcMGT?{?7nmSCTHBt8)rBS? zG6?XUMDk4IHBm3X8q6>SpTf(+f<&WU;31REB(w!`9rH$nkS6oF9|Q^mQ5c7OWaL7I z!P6lg;6&boQD3>7^_#!99b&1%F|rjcrn31E4zlT_gny|) zq9t|bu;nNON#(RRlxW|d<{hm@t4X9EwGbk$@N{ZNwbI>C4VNQAFYOX?L^!HpAsQR4 zmCJ(m3A<@*@>QAKL)JQ|xxbLC8;A8Y?t@AYq5w^w}qW-21)&uwoOvOiH>fX~~ zL_8qGLWo$f01HiB3xfE@8YG<))GAcB#c4RTCTWEmYQk|zc+?lt8>VJ*^MEx5Mi&Br z!9qv?qL|upEJuV|{L^vQkZ;uG8?aG@C{Q}~O{NK1)8b^^_j;dv8w>xV3lO`$XGn4$XCPlL=Vc*xHezo5s1WCw#Qy^c&r{Q_BiShg#B+Pt;bP-cM4Jv);Z| zciY~GAoVAtemyx#t_1&y(f`Egza&N*l~Ob4IMgQOA{C6=h-gI_Hxq^7Kl2Tz3LZOaT z6Gteo9k~;hOAr+#tUH@ev_;G)L{@)FGib9SJ#1*ThvKa|N|M-Bjn^(#2bcr+$RsMj zLq=@N$TV;w5lrmT0m|M@hb+nvWkXvFZSvM^+7ETj42i;zwp5C=dM(wtn-?qCb7?j%Fq?wG71 z1#v;7+Nw$HW>FZV3=4=1qQR2fCeIrph>+?A7HM)oA&^e7=Q^4;l#N#4l)rKo10ae;AM{?!Rc0*bd?}$;0C~(b7dj)rbTssYK0n3)1*TmGdVdxR6z`I)g0PpgLHOs7VI`kaJh# z+$TXoC=QFL9H0z9=TRLoN?8U-kS=wf$=C{7Q6g%Mp&y$p?+K~u*YSi@jaM7hR7<4Q zSe<#ak;SJj0Ez4suD`#RMndv6SH;jqaw!066HJ0{b_71r6q``O5g|s!o>4TpjM9*# zp@(>*9VZFukmmG4M;)CBTRsTL^TUyxLGt>gbpMaV(sKe6=>*trSb4aWH2q? z8$ln?a$D={$J8fPNKwoKq!g68trY1CjwZAPTPym!BS7IjkrE4pkf0Yp7b@`6S3`lH zf?8Yo(ErEYyT7+>D~qE0*QLJ#N9j7TQ;W8oXMJ|ozKZRp{+8o-TTZ&xO?xefge24y z!4jYyHO~Fp&xZj(f=^Mh{K$^^eQjhCkHKIt7!2lNZYZvO&!DO`x@f30DRo&y7~f1W z-7y>2BW1g4rdl~Wm;`)bW?YLS+CuZ=#7XrOgaaut{Sk9v#>!C?`%+Q})xfZaL!p+M zV9H1f%xDsS(0BNpAT9}8iZU$VBEnP)JkXSpOSSE%W$9)JDD^Fs<#)_qa*xM8k!1Kw zJSLXI$RQr5gRse(mUG*#3$((bE@O zTj(D;D46bOBt?bp)PChBa*TD_`n4@fPgoqS@pUH$zX_jhHD-geXv1n=^$~kXCvP+2PQo`6ckeCd zRW8QFt5*fT>0GD=^x!?6_nzJZMrm6aX?uFTEb3X?WyE5_1L7w$b!KMjk!&&;cLH*0 zmRRS4;tn>>ZxG}i^dr#WyL2~{V29%~FY)zIuMqk(CJ;@pzkj&Ddx|{A!=Us*y*{9Q z1MT+u`{>tS_K#!(E*98lV`qYS(%4zz@wApy-$0Ld-ya?A@18zhN2j^U79eMw{$*8L zNBf8UeYA!4kM<-4^6S}fCJ0AApS*up(Fg)Rvj}|80rr3iNjhtf%|hRLyn&KGy7CW$ z+{cg%Tj64w#h0ZEv);%j=AdtDANJntAGUKJv#HB$(bK@&&UBEDv8tQ5y$^5q>$~aG zzY5(*6hOOeBYxF5(SVlvRmLeEJwlw2g$dWXRqv!;I;Hwgl<||%uZ&9a`0d&L zzmDIZobI2T?H%-cZw~j*_V$17eKlVVE9=2Ri7H-13%rL!vG$v4D07e& zO=x9PnZg$AnfDP1JQ6_{KJ_fLDv;paI~ufiP`B(0{@ex`pybhx%8_6@~l?0!hx4#&b?=2%NWhj;RLJf#MJEE5S@9Pbpz~;*TMq9-< zkKUi|_Z{(BEZRrC{NLSr{`6@<{_j5If4i0E$rByj8x6r_1`Kd6Cn^ml(a9buM?<1x zcq_}TCr?@}J1znaQac#pp$m$Y-BQ&hhy187I8=yBG-AHbE@dZsM@r?Z3}`N?n9xAo zRB3ZN@bWUy^G*CovU~ANYmq=oTFnT0;52Y=RSvWiQqG@}-052st0sS=i$4 z#x)Lo{ki~5pzc~6Fl{82g^L8xxq%S}9$E{SKx^dB1mNO9ECsH;zK+&dR8lq{bquYk zVD8zG#hmPC0$R0^v%U@>oia4m{>MpZfDwzVzEKnhdNviCM91&@r*BX8`)9qqcLzsj z$Gv|4*Y_uTuYXuOkB7t+J~XMrVs$#Hg;NzaE2o4f*Cm<|I}FKVuiV35x4$?Z7TCf@ z5{xB@5B9Z!(ljE8bewHOFa(`ao00NYn(O#yo-VS^n=^3EHX z6cw4ePXm|a?2{=s+WmsDurdl>W(tjiD>inh>8b;R(@b#*kjO zkcsnBSjBuN*_RR%x3-DJ(N6Ga%tjy{#n-PHhIjOSZ~yGzILGF|HK*Yk&N445$drHD z`rY9Ii&>7Iwg1=555j5ER4cH+g`aOT&Iv_VJZ z+p=NGviLeeU%y(6sa?*QG$Gh4{s)bI)ad{!en@a}k5;*&G5DS#G&|-=EwLrxZ>M;M z1U@GSqY=48QyRo3wR<6m%E7TQ{x-R3oa7+)E7+ieJtjIK-IBG_xZ|emzLS>v@Ry((QxqBcZg5<=|8$?&j?Uq*hA8CVIwKZc;>c@88T`WCY)BpRF}l+L>Hqsy z2%@|F(%EvhobElErulxx`UGgE4m^6(!*mk5g(= zLUB^}2ZQ{Ns(s3W{U~A)M?0?z4PPW>xO0)mN-~YSjn+Ks3e@KMOj$bX7Okzz9>9{N zjec0K9vA`0oH!gu*du9&4w;5xmUMfO8%i6k`Bd_Zszf7hy=M$ZEJzq1MPLlSXE zgo~vDoRj}=tGkug|7~w?J$=ys-Ny6f%jOewL8m+5j5ne_k$c4JsYHuAAv@^F=GU(+ zS*o@FIn?2~lzL9G&_mSjq>V|Qrx*L?lU5qoT=$`}ZT%TzpN=T;5Dr6?iJQLRIHA^VU6;b=%) z9CHFbf9RiyX`9waQsR3YjO@Y5R%I`Q)79Egg(TG4O9=TM5_i2GGbsl%1G4s$eCDsD zOl5&a7?XRA`Qrx|*3RqZlVZV{h#abwjI5Btnt8i0fMG-fF+%OX^UmMpmX&Eu^}7g} zRR8`KsYeCtC?TTdr}c*<3!PPaZT>8*&!^fs8uW@8PXTJH;kK_sM0R`2(v2dP6C&bB zX)kdYMl6gd5JQqJTRE01wU5fNGlxlLwMj`k8P>qb^nygYY#K@`YX9SP*Ll|2+Ccx= zbzXM1+Q`|(A%?`*lyFB9pl-!^ON9YUw%684v{}G6FSel=iv{J& zD-4@)+U4V_`Z&RBRy5&?Nz1HVA1u4SkhR9@r}#b%3sYHm0uA>iL`* z*Zao;oPROmG#L9p`i6=7_^+99D%5ULkj*a8R_E!QS*%SbC{FGJOFlZ;B*kA-bC4`~ zZvLI`0EO1o&QC5(T*vA@;e_>_WQl5itM(eUd$?BXjaaUoY)7vVl>jNp5>&UA%uh>Y zP_jX3RF~8%xfiuYzEu4T9!vEJrB(8MHtoT#8{xp~`QZc~#Z%PXT5b{=p?zs=FN@^` zu-g!;w}Q<~60|0mwPmRVv20ac49#T~tMFU~Un!<53*H#6&2@V%e$zYo1u5537A{1& zNxjOk*C-}y(a?nE8sWsAss-_5RfYVxi_#lZnv0n{fJ^Q!k(jfW*m7mbWsK(JbNeEXr?8JX`(G_87y%$;$Nxk{JJX5rKy%bw)a?sNPd@8l8 zEX|2st2SW`Q^Va_JQf43Hx=|NYAz)DSGO_uFi=(X;dt zT3u8+tTtK`q2Ig_eUn=za^y;uqcPXtoYpJbn0xo#oH<4@jN&p02?>iR$R#DNpPCYr zZ)=7uTk^U1ZGcRGc;WG3V+pOCe#~IgTqgAjV<=NHwm@a&YiI?(%s9+i$p$D+lNGA# zr&{1Mi6q~ZuAcH_lco1183L}TS4PM=O?#&1YDn6ksyqkgLO8RtWzNH0X=cs&s4K75 z0CT3|O`x!_YE&On99k>JB+RK#hFU94$rkEx%ObSq{7ikqowq(4qP9vCnxpFWdU>fd zwQPI6KNq3UY{t%V$}G?7IiEBu>NTKES+k>u zv)V;nfik^8EQqf>CvS#{l3ltKRCBagWIA;ndm=5g8Yk8zFj{pK+Edy24&eBc2%&n2 zVB9(X2GRVdEkw3wJt)|*~re0o2Rm{5kTl=?myUqDHM9jiH)aC8~XKn1*w!Znzd% zRV@@TwjAE-v9~A=7aXsR&Po*5X_Oa5^|g_F`()X8T(yX+;e3HdBAzm$Y{HNv3;qWP z(%h=rOF|#OZKE}mcsR*FlTlzXaRhV3gs4|pf2OZrYdLJ%d~Wi^EF=d!3FC$w6I4Ef z890KgFOKdNMJ%|j?80*{EUbdfthfKO>vW$jWK^9{ zC2Hd^G?v@jb!P8L$tFha5;W=)$kb+B01*vf^V0|9DdCdRRAx?B793$Z#{fI;c$nN` z>c+rR5d7;(zu*w^bENM|h3sr6j_=_xquzT5nPDC#lm{o zE@D#_{DaW|wSNoRR?&_XCMYSJ*FOCgeC!>5*zco{y~BgO-s!>nqn+OZxC%5?u3*L+ zP?PqN)Tvgu6sL}paib187$G@JP8|7&YTJG>ArR~dc`SG=v}80PI*(c=_p7YC0NGVj zgtbC#!5?5VlK+|&SZNxHS+-Oh`RnV|pH)_=brlvV1#l-B{sywj0q6QRi;)YNMZhs{ z$ixH} zKkcwToF(aIKIZjaix4&J7ZpTpt1dEBUDUKC5sq>+ZZ)xiDysplmJAa(ISf;$!!5Lc zFh`ff_f^VV$U9|cyaSJ94hcJ<4^ZCG@kH20md*l(VOUI(1Xd(c9?$i{OQNzdjYlRJ zb-OGjo*aEr;xa)=U{KO7D3KBs(p9nxSE*QJalZL?-o)7~KhkrZ?XS^jLFrUKU^{!@ z;)Avl4c^?icYBLWaxXj0&0(t13N8lj$zelKPYz2jfB}FsQ{i=oQqoe{BD?Dl1`p3Q zo(1B6B(@>W3{Mw{05T{4$M)8XeEyH^=iTjx_#e0NSfLN^g%M6J#A3NA4oE4f__%{E zx~+2>csr>LMr%q0_OQS^EtK9CHj1g3F>A6jLVhWUC#1eQT;RaND*n_J3TWVwK%i$z z5A`K)e3wgfuS(%e=KG2ePIL8m#l|f?9$GI4POHcix{M085h=h{(5$S})3!zE3TY6w z^A-y8=msFpwY;M*U)5dm59egIVRBbm2J(QcM$JQ3lR$H8QK?v!f& zUc1>OyMSu4mIM?)Ovis}ut__s*?Au}sKuWJ_ z|5u)^9TJFW28o$E%1j;@$QM4@;D7q^KWF^cS8IF7*wW{Ag>sLB8$H(9t_t7PZcw)m z)K0CMQrI1aG{DhpFWFZ#8xOIVY@i=hV)T@cfB6DwK-72i^()NL52kw}^oJ`neDRC~ zu4R8&!O`b$XiaGJ>p~k{C%e;SC|0+ltWJP7YMQy;LK2*2{jidzdH26hpKj&(|Fh>0`Co74$uY~) zw0DxW72D5bvCHfXRcyaHsyRq_%kCfFm1t-SKc8O>(WO3kGIcK@%$QFA}UsTVY<%gJY^l6w*F|9X>*fiU14kzX*;KugtSs=OM z4r)Vs#a7lgsCvzO4t?rUktEFG2EMF|QIcjW1-~feH*Px7Ky(DyU_KhYf#`4L_n6)F)%&?Vu6%x#XG3 zf<8GJJ$8+r?Xh{IBHtx{CjO~H`5El`m`;RlY#sET24rvg7&Xj{Pyim zPM`Q~ZE8)?B3XiPlCJpSM9zRdCe?(^=}1OLB`C&xW3H|A7|KVd$}@OCI=yoptkl_bUAgM{CN87j6^ z1UP&ClKc*bR13c7ljYCc{#}WvgtItu34F~T%P29$E=V+lA~7eqnxITdW!%Pd^?kC- z|8dWP{C`LTPl|Laz5n0deo?spf6)Kj&eN3tzflwaunnws8(=;;AtO0dYpY!tVP=o0 znUWTdArk_iwSzKN96i@%aUfdeS^|1bazD=rL5)%q0iJ2jv2)+$&Rcf==;T!Pu#Mco zvjG2BdPTnY5nvwwfB7uW|F^fdAMC$w<@r(*wm6#x#i=&WS4AFJeiN3j%(mW#_|KRm zMxP~GxD=j3HeVfQ?9Y<2NgmK-Jni-MyxVlg{Op*FO!@1bLJmeNv#e8UxL>f|N;{j| zN28`IGRj)o$4swQnfVZur_gOQP_uq21IJ}vO7Z#3^st_XSr*9xTU~iRY|TQnEX4m| zd&hcvUzz@Y>&3I@dHMhO%Lo1ctvt4AXoVb?ga*sFaFqyqbsI!R(6l#->vR4Ex0-Kd zqqrS$c=7eGFLqY9{ zWc~HuLUmVsPuO$><@bb5oCzvhsDS00yID-^Wk}$G^Jj8d7?$|~G{-p&1c@$e^HcMt z3EdQH7mP8RfuRf_PwAAfSfrIRubTi=(M|@c60_9AFtm78P_D?yx>~H#O!+}YwCZP( z{XY$G-vJBWrmCR&{r~C9?QUNG^Xyso!T;k{o@PhuCY~Nu`422}(7rCxFI5(`8`|Xq z?X_31`4((Zpk-YVRr&bmBcmRqu%86N zyer5Ys*q~NSaLByFdb%z% zf+}yQ#FsX=2pV+&GK{945@CqD6XL}_iH@v$Bq{Y+uNBj%s?jbAI902znBUX_{6(d} zrce?vj})DJ?6+mUJtcLssA?uN>h(Js(SVAXH6Qv-b=OIq<+~NkCsCdfte4fD+clTz zUyx`@18CrFgk5q>A_~q1Ebwet>WXD}O~VG~;zb+a>?)R=)lUQcW(%aAOvWJH1}fj0 zF0%+YWvV+5qO**S&zYECa+k%J=}PEeoPzLEVnr&n#~};E2_G zT1Bqb%odk4BN?mm|H)8yUA|XUJbSreo`TG(ZQ!z{EYr9W9Z6cra#)=2JBduH*sObG z2W<{%u*oO6w;lI$?#)%f7qv1;USYB3>X1Lt8WOAzsnyV04O;VTB=OHd>+7hEW5L?R zUfc=04A6jjs1px%;NQ3C3c0a>M5m~YI-~7@J)bu4kn;an#s4Y+zdVavFarGS6^ zy3>eHE(>3N+T}An_h_WEtriv-xd#lP?T@N7m}7OLG+t^^28f*ZS!20Ec|SL_71^XI%U^ zVsYTL(G~jbPSz?ypK&zidI5D#<}TaDOR~`NN>^vol~?;Ax9KjtTUITe&Ix+?@+I2z z$i*g~Ocw;HWCt$kC`6DpStVe3Qkhy=eZRwPpaDrO4t(7vuxd(M0=jCp`a-eQQo$&n zwYy2nH$Rh=r;e(bsHtH4_tuMZb<;La&Qh(tlZ?9%i()~E$q2hS30FSJ?y|Flpupo{ zZB_j}U$KI?@+Y?f8><>skvCbRD&=0yAgJM7rtb(}cI#|hAiRK?7 z8y*>L9be&un5y|ouy?yh!$nm=XgNN69j;1(i~Pw|P3@b5)1%(IgR{N;Hy_^SmK|I` z=vj;c9L;n{B-DoJ2JPJBcw`ul%TMlUf5-3pr*BX8`~Q7-_VNAUhj;sDdj}`w{k9u$ z=Jvc!j^Cf0o*jL7_h!GQmpP%U+I8Hr(Vme2_I9s#+N(r!(XMw73%p08Dy&v8^gJHU zPWF!v4|XA|^Vz%id;1lrNN(5~Hua%jh1CWIx3M-^Rx0<(;aRATIWe}-KU04$iDf`N z?)Ce>zCYPJ`}yFoYWP)qi*|t6oMUEOB$F~hw-J;Ty-aNSx%+Ry<#}^i^0lA-rNx&qjs)wFen2n=4Agf<$?y|)Fotn#Y;8)vD$T7 z@OW5qkrv>)$1Aij=B8(W`A36=r**}%dCf`u2IlS>9QD5s&-RacZw~j*P7nL@MY$Q_ zZPX4}yY%4KY)5WzRJ5QwJ?x(ypX~p*c5a>|J?ug^4*l{luD)|mxQ_@3VKUI)~i54b1j3N zX}Te>Cx=TydvdrKsD;S%8$KfJD}XaS+_t_t@DHZQAPRETq5zO3ph!yIJcb26J#Hd)~*<+V{~g1Xx;oh@g} z>FV3Z=9FU*a>f153ebKnEXp~%K}@#o+q@NFvdAfPZoEC><5`(?QFg_al+HI8RvId0 zn+nU#l++`XssH>|vIXDW;%yY zX3N|jqwJs#Dd(Q0>Jl5sT?Ile*!GJ>Niv6>Ytdw`t!0Ta*UUAjGS||z$THW~5_DO2 zm$l5fYTiMi(M^dtS1lp4-TmFvw|MJUGpvXyaWk_VEPQcLKqO6K_+TF&+OE3D)szu+S#36e4U8mO;oow%5QC zr2+Xz3Ez zu!FudL0ltQtwK&qy2{{eN<11*chEaBWzj5)PWl%)q*E$(Q1>luNauDmnG$&}A8$rk zvXqr88&Fp0TNZcu{f6fY&)cAQmCIhH^EmXdAbk;GLB=zM^+I~bY#}SVW2$u{f1>sY zQDNKKbrlnwMa=hUF#Z5Vc2E%eehZcEnwi*SCDQlYc~V_oq&Y}Vjc2)u){ytAM8(N0 zI3?O06`WYrlXK5a8`4?K&&g~9{Qx_;snt_P|M6!`c>Y+*1&fU3R_Pgs{zb}rEtQ{ib6|efE@WHy z@(|SF?w;l1KddtT^YfR_x1Z+YKXtbs;y>KVb1RV@D)YTV3f-HE2AWMXqPp^z%dzrJ zM|jXfzegb+y7yh?xt-V&I)n5#5nLjHwNwhzB$f#>Q52HPdnlEkDq5c#d1CSYzVQeY z8aE9>P?Vil%4#>Cq#_tKVJK?4w*pZt-}T&36g2>3gHbF2!$UNRhTz;`G>Z9PTE?-O zFdpJjJjA1Th)3}dk79*>$Pe)-?mw^(@hBeRQPi%y+7A!$C?4Wb%-;td;!*t1iAV9x zo2GpmMt|RHK#H2fXtv5S%I2EJYt5LhHmDsES zTX%9Tz$vs;B>B>rm*DnyPY#Yx`w)7gQPhO$9u|Qx2@$Xulyx50B~VuN(vS%5VI-CU z7q7@*SdG!9v0Kyz`4GJ2A$W`RtSWemt=F=`j%4yQ%mQ~3v4F*VmrbWspf($g+UxT$ z*#Gy@?k^|rkKTXipY6VX_wL}dhRUmQL=^gNxM$1FIs<{8&-r_p-F*;G`zZuTu8M2M zY`V$#IQ7%~5Mt&b#7y?N$q+LIL@c~9-TY?s5Xa^QQ_teFXDBxx9O(ogPZ~R(v z9cWSZgNxE)_1c+Ih4yDqcld);a=}}{^__FcPEqNy4h;WRGAN;giHqr zn!D#g(;NZ-HEmfQ(wns_59JG-{uSK2zw9^Is}TR;-n#ke|y8Gmw1)8%8Dv{x#^dzu!CA{pGB8dfJ$I;K-evVIdlG z5Z%Ym2ZyK4Srqg#qP}R(sXm+>HfueO{EGdc@pkYKGVUQ{+(XE?6^D$gkP<)Qi0{5D zTxS$HaVPb?F6F~17q&vv=XxoLDEAQB?jf|@Luk8)&~`Q^A41zbgtjX#qleIT525Xr zG>fZUmxH#XZavK3Z&11guLtfr9OJhi z5$?`SOaG@C?S2b!*qYGl?S)me?O+!SOITTTxwwS7xs?Pa%(vAvGGQJhA|mS624K@g ztTE0pl{IZH?x&flInO(@Vk9?Z%39TasYz=ygH~DU2XnYbJFl&1bq4`rkw+pVm<~Q? z<^j!Ei~>SD`H6?brK1_bC~0P`+_DY6Sr!~)pAE6^WDbz|^6Txzl_D@E&iyI#U`UC! zR*$WX+8*U{K;=5-YJ-)9PwAyRXs>tLJL|vyaI(8!Z*&tzG!P@yo-i(6rzdcE%zpiM z55=5Bum8@G9;*Hc3IX*~9{2yw0fQC3g8Ib1zFuiFWAqm5DN0L=rn-iTwlWHa(mAWM zOR#bF;pAX0$`Wkt{N3C9JO8f~N6pZYu8CyWOR19^N_qD1j(h$7o!WrpfhmLIp4{jy zlgcPVN_A#Hr9j%Myg8e`+1D&x`KoL;O547k9mh&_zfauH-6(8|t6BuU=L&#B^;e;cHo}+{ov$FxIN90N;XUr$jyQ5Mlqm zM%Zt_p6^|niF;MFn=@%;dfEkl7k1}?O=!cR^2T*!x7t@B9b4_x7*iFyFUv**y>%~?v|HJc#{13PB*!dqWx+a^0ik`ecCWq>%|EtO6 zFhAQuAqxDhr(Q5@QDrgM^7D1G$umnI126A zDGh4oqB4KMvu}>MJv?)t1^ItOu(w$9pZWa%>5He&bNqjM`^EMH|G$l=a2He>m`Isx z=$QHzbKH52T!wwZ-Bi%ixlmQ%j0~HUDEZdO^>R83NrUDgBTT+sc$shTkYVo)_Hp1! zM%8{t@$t+;kc= zADE)~){_si@tcuKB=cH{MDnergQBC-)!P)T3{+(eRaiC56OrWc(_Zd2yz-D`PUWu%#txl;qd~PI=3kgvI2)g+)Jj z=E;B0pXcSj?$hTF^53mIi%53HnEa+hyIlJ#mF;qE-=c6=)AMaece(CYF5czZzeD-% zL9}}i?H)wCZ$z~Fz9c)HJ@u|P`;up_{O3%FKc(Yp}jz zjpq?M#zK%N;7Bl}=2_Xc3}fnhG#H~0yXSaJxYK%sPA8Nj9*3~l5uXs>M`NE2Rfc35 zj5kn3d@Se%0RwRBJr2CqBNULavLIYj(E*94?!W)nx`W;a{tU4IYD$n$NFwCZfH*B@ zuYcATEF!H(Xcv|s`ncOi9*ua*8B?(d|5xC*oZ(;5Cj8&Ln2a~&|IDBKBG^nD8e;c6 z4iQ+8wVpWqGHg9@hWNbo#1Yf5_2mC=JwhLGL|M$y!QMV^Ibp>9Ag*XR)FXIPm5bOP z_i=sCd*-hHll|V_yM1TsE#F7&`rqDu{(L*P{<|-`&tE>Q|J!&TAsw2#|KEqL)~EE3 z-`6HWgnVan^YZf2b^vA3cyk?5j&Ok3P_BcHTJkKwe(GR4#Q`3ZsoV_tj0-YFYwu6? z-n{Fts|Ak(M5f^cbIK755LmHtI;1`oGZ0%?fQ+QhJ1(1sK9v%Y(`x<9BJ@jd1BE`3 zJ#j+NCouuzypW}EkExi%Ln&h?ruUk>MMTJ^+LKGH@;ei}-fBI1gia6t&)!L^H5d$B z7I5a1)(=SThR_efo`-a0WV%%CJNmWVwW&%2F0k*T=}ck`;4eZTy95Xh0ueDUb|rFK zEnvRT1sXCYxQKAb5k{r6Rx*11Z%13nrv0rWkAyy(!ECWWHu=wZNTPrU!c~(yo15p! zD~GamBO#)g%S}Q|2>SF3@uw*Sa=Z?oteXu)lSJgST5mMo6uyv)12iNk=4Lm5?r|9M zw6$~n21c}wMl7;{mIPx_92+4C3))rf)4)K>9b{o~f;k!z5+FgiP_ELKEIL;(9KAg_ z`WHF~B#QV37=m{62sY5jk4Ydr==V5cQz9lL20|7rl-&b9-u(0UBs+pIVxB|U=DGv( zdmIrkDCJZT-fDGFigwg>y4ydtI%*)>@((2GUjFse+3F05z)$7($MHIUtj)kyM{2T!XB-3MbQARH7)N+YYH3@^l5b_@ul4K^ zgu?GmR6f@xEt>$<1WG~m;M{;2)pCcR~97XspH~A|x z`1Jb#t$B=a@CL)4r=r54F!p^7GH9*UQHXdbWF9w@Xk*9r*Qv&Lf*oBPxw5>{G|c3Y z)lCoDl4alJvl7}-@$;g2a-iwa;yd?Q6jazzIxdH@WpI?iPRKYFYz}@(umcj$eSEIa zps0gc08JKl1Rgi3Sb`ma?{)!IK38b)<+S$}qW*ndf_N(8Xr5)gKp$ckwubwM3 zI2au~_dh$BI<@6V7C15t@3 zS!$G`E~yY#4XlCgFpNk@lyWYk2VaHYxRM>+45JZ-Z0yL2%VFkro|Rxn`RX5&XiB*h z;*!V|W$j*}eHBob22`Z+qx7Y~L>XkM7EzcsncPNTfssceup*kFH7P~9a2IenArZ;k zSe(C-ClV7NcmVp}!ASq1m$S!!pIox&yhv>;Sy@Hw)X0Zd=pc(0RlAeH#61xbS0W8o zW2ZzuY>u6~7ZNRLa7qK}k>O%Es>M#JeApa2cP}JL?7%JKl1r-=JEihrbL`x`ka&d# zJ^vEVY6ZBu`sLWEjGaC}R|sOLAMC-gTr$xddtL+EwGnpVu8wobJ86L4ha~7v=tv+I zp_qCo4$cF18EhcQnp6ywHjV{ruTBYcg$7&8?^qf;xu|UQ?OmZ?@P*o2jHC%69Ek@? z9WZf&duxI{&^`wj=mJM~B1f-e&$2U0H;@MPj()h;J5KB*?&q^Y>{MSv zO-T|vYOz5>&e9;Q@L3&p!jjvW@*cs_Ac&_!5*a%t3oUYixhx2X3v2C8pB2&$B(-m( z!B9K~s_}tgHxfbpdqFYjvpVbuznRRGVyBy6=Jc?SNZ>}Z8?nM!{#oJ50@r{>w3F(0 zjBbW0yGJP|0v}QWA&aKQ7;NuI78=sPTN>0Qo)xaFc(gEfaCongv(h~)$>Tpq`_(gB zvK%q^sUSSYG~hWL>1|#$yflQ@c~*`cC3n;`cm;N|ddRA@VLw1J$`(?6{}HGK$6`VP zVXoe9@mU>qq_nno)MRCyFec1ek@BETA?9QX6h!ZuL9Y-yH1L{XXYWW#e=vT-OaxOR z&pmrqi=DGDZ_8BHqdCuK3FST_Y9-hy2`N^03e{(HtJc!p-|(}NGrEnPn9n(El~_03 z+eeS>Z0?|{>gTaDcWu?#e%-gnV5b4YD6gN#4#W=9<1am0T%jX<03E47L)@&fdv}d4 zvD3Y_<}`zyS>R407O<`D<=e4kwsPhZCEpaBa88?uWj z6XXnsp+B?!zKp0K@^7EH*w^=YY&2Stj_2x{jTNvH#M6E{@)9DlX(u5XxCn)7@d>^l z8Qj^8qa!BB4%&slDriX1I3if6i`1ZwhL=41uSDx^LnUWd|31QH8jULx>lax?;ppI? z51fo*A9i}|UEshaUS@0KLC!r=5yS$JHWjYbH5lcH$X__QHZqnU zE7QiUM6R^3tA77U@r9*?J5(k1#iCI@^Fo$c5<7S=}W5>>7T1h*mPz{>a)QzG#QcUHUj78-kSZ>s- zay8f~)=Wb|I>#BqVgNxCEiwu zod)M~RCBA!!8?u;57A&jgx}b+`jxd5SI#Z3A{Wjs-lbUVGNW5LcII0?>-5ZknjBh` zyO&lwa}sb0v2AHEV$oDbvQ?NX1Tn0fBNi=<+?8O*&ZW@6YTk+qr$h8ZkoTowxVh&F z4U!1uOW!$XLa5B|F&~ZP{ytY|@ch}+?WKt)gB=r8eU80C3GF0_Anw<*(v@Xpk*MQ4 zcA|ycHJEN`X>eBjT%p02uLHDJ!IW5=CLnOBb^&)P1Lj|26gTzgQ|R*b)qPej=VHCAY-0z!y%6^FwI_yj z0y>OaL^vGQI9iKH;E`zIbIx_2m0(Aw^9-0r`Z@<*ZOjPCY*aElpq-G(QFA(0<|u1c zng!MJot?E-i5)x|$cWA+2)H0_-T=)jJjk6{b8H?CA3pXf5s?Zf*=a^|yU_ z?A$}V7+6<_9Zo&s;?m`m>9OZ|5*G$T*@dOCvphtrd{&B`My427$^qHr5yX~vV&+Oz za_M*K&gRaZRdVHK#s)RmNo)=717^?-VaKgCd8xrpQt`f^XEk@BKE5Cg6&Q&mdxOo6eK2IH=l)@rfSK!LHS2IEe5tyN;Dkpg3J4aVK>S*wzFnkg`@rNOuZ zuDq%}tC<4h8XAn-C!(9dPW_F|;u?%QC-8_H;&g=NWr;-2HVeHyrY8+2|WC@Rcef#udjS; zvYDmkcmil!cT)?tbn^LLnBeA~)%Z!|uruOsBNkUU6<;CvXs6;zvvA$B=L!wFTU*PA zlr6=Mm6fcl$9$f$dyAY^VF&i|p6kl<(i}$;Yh@|f536d%mD;$9>eh5D%)p<4`DHBF z6btG?GFKJTM0w%lV8}!z-W0=f@En&hxK3lasmgetGl9t$1|kZ@>3kn2-ls%TR{1)EXT{Tbr$8e&|lhR`TtQxk4E7%R`@2#-e8MXpIiZakD%gPrT^ zm9u<@22@b&?-3u*N=_432)>{p8L@~YJO_oqbSOuvzPM|iqhNiyb*=hE?1XivEZO5P z>=Ln&AP`?NBoSmqghLk~=pH>+sJm+H2s$M!7FFnhGkRcQLzd@=#rJ3@H_sJ%e!cod z?2It=q`*bqVo^w{q{S?ohlJO=G@Mk}r{wOl zVor2sOYk8k=Aznc3jpF1vz1RX(2p89Z=R!)GR zm{7@zRjDq#>~^m)&gGt!=mrgTex^Q|lf?$^v(f=W*knlHdoQ1r#85HV`6rppM^F|! z=VW$|F|<RPr;EJ8;tP{wc* zf<0dz*>$6LdM~jW@3kE5)J7=E*qq{Apd#H;y3+2}!14+WzE}*vp=^`85e~@?YD+P( zy^;GWq2595pSrJJw!aR_u~Qo>w=70(L_Eq9)ZCwlxi>*O?^r+uiz=A3%IPa66wJM} zq%N3AgVN8mq2ht1+?$0Y!t(v?JU79W4R%tSWZSzWv$BjQ2^=7-IQE?7(PWZ|dX&5D z0*>p$nT@!ccvce!qZ~WQ9p)h0|Bp4=Mi-mYn#Z8a7+T@ig=oQ)a9th>AuJo#HWZA~L32 zL{&izGO1ej&5_|iRz;@j^6;$oxk3Yvx#uKuC|mj%n#WGaxZJhM@l%JL`=%niLW6v4 z?v6PFHgbC?Vn^U{{UN;?I|AQ_B&x|Hx$Pk(n-)8*KyFhu+AEYQla zQ(=hq-C3ZOW2eFp?Ypx;E5}ZSA=-Cmfo8DN$a?y_vzo5JPWh(wZS7er1P?!QO7DkW*Q_c<3m#dz0uUXjk2!9WxL0%{l#kdVjCvj2;cK+Za6wc21a2Af2uJ z@rDMTTp(-O9o$pbjs0V}wk}z8epgv7u8Eyi%cvYxyh|M6DUl38#m|x~WYFnwBG5UR zy@sotPaDb4-v)A03(>%_RFwV z8ER}2N>i`TcxQJLV_Gc&}l72{_)BMR%(hLZQ2Fljgiy>Hqt)X?$ z>4b7b0uD0GjKz^wmcx=tRO{{p2jhG+8#+pFjRhWq83^ng9=fDrl8Jq%t{+;hHwppD z1i;KGMgh50G@)9MsHB41Q7P$27rP)4m!r@*XQ!A3X}Jx=={Nv8@4!IKHxP@E8&QB8 zUBrGsB0Qu%6_T34FU3*wc$^~1ElmG}Mf5M(k&n2GH7Q$wnWoASl`Ef3Gi!)NlmtReXjlakjC&g5h;kN~sGSiR$3Bh>2&!Kvw+1Lz zkVt|i*fXd!3xfr6raDHEt|RlwK6m8el9Sr%*ssmOeFwp2(E73bqdXa_)!9Ku@pMQc z*)xRy<4OF#sxF||i7AA-xlVGQw@p8NA`qVi?j&LXi#hOGD$ta9q_U^9_%4**L2Wh~ zwevle6${$M0Va_RfsF#;Pq37gEwCEkIEbhHv_?AAtsGoc<+=$eW>D(4R zr1N^ptX1OAV4Y}!gGI8DkiB8XgHFfbXMjdN9;@upo)ie=_aH%Iz~thhfnrkD7Mb!Z z2laf;iha~BM;6)rS&NWQ*kz!$Xw4pW;m(i#CE1fsKq47~isYG?yaT&6GeW%Vs%^D; zDwnumA@a!u@xjP00#yx8ETGx&58?`K!0C~ZJdP#4h0u%Kd526)blN2VM1|snUDYEb zB$2+Qq<=x*rY9VcTt`-Oil=6q1cPijFppkPFP2lQHx8^~ol1-ghS&v(BI*%aLZCr* zxcMP+rq)Gizgm`HqlyT;9LmCGQxayCqs=5DE!VW6!ExobBcZ;;K}Fx{$SPUmEF?)g zih^Mg2ShPwPE-p?S8(H;fTQsMoSa<9HyF8ccbB`EL}P*~z=NC|J$V||YyurgubF_f z$rJ)m0-sCSi@3yt2&!^QYA3*uw%XwB9Mfu_g+*;GkYWjC<_Ewgo1s~PT+8+tq%CUh z=LH_8g3%-%I@*3nibYXLD*H_-$84_KX9CL-CRwvtfzm4T`d`k!o&R@Wh&Bu(CJ!4x zz?{h!ab}n+&n~OL7&CFxLzJ9S*ge03xlz z4|J=&sDU=jLRD+$a>A7Vnzh}_W~G?!d5QyS0|X_YGt`D|H*=u16NV{|h!S~8(teE$ zC6Z`^Ob8#Z?%@;QjbvfTVjv8Qq!!G-4oC(7n@O^0MfpS*j~RJFv8rT;Z!uWGx9Rx{~ zbd3m35Cdy_ooF7a3$Gl!#X*kZ2Cde? z2oU2z^g6|0nK=(y-yF%@zjk{giO ze)PW`wKsKAG_LDiEGzuPN}@;@Gj}5zD&|hBL37YSfLP?|i0Ge*8w(vpLe&SMZHA^X z7i!v-P)R|Pp6XK2i21USfg*DaGYLdA3mFYWN5bF@9dDo{E;2L1mCFJiPmS?aG9~j_ zb#9y)YLfb+sn zXZ+VdFD|8|msrygVAO1%9`;+U)5Cre5JuCKxr#T^Hc;p=;pGYXh0mRVy|pW4A?PfX z+rCy2DLHw>B>eJ2_LydTCp0rk^d=#R{FzBJAUm`{wPD+l=i*FUoE6Y1n~EhtQFfLOe z+3ss+QvqLx+nGvc@>Fp-l|*#!r7JH~pKMaXC4u>{H- zUDwks!(&nexS&|^;51{D;-B{3*Qe9apJ@e@mTnSzVeGn0VO`6?R^W`Zlw|o1-0jTp z)Neh4BYN&|s5Bfc_0LWVAp?{A-GTe69q7FSf>%er0D6W$?N9036Rp8U`&0MT%XO34K(@@Ku&GoCG+iy08c??*MH83# zzWNL&9ZT#zf5nZePfH^lK!RU%N_`CSraB5qv1^zLB%kz_X8W9KpXSVorj#RDPKnmf zq0fe!ih`x|4Oi02Nm2J@m+qu|%9&05buFGHXxAr;)YUlWZ34Kk7QUp%KVuS6DLM3s zLeQ?9>Bl^K6_oRWgn57yfG-SYw5|(fMp251%ZSB<2gFa*PG_e2BXtt)1mv=#q3&Ez z+`%1%VAzz`mCpeKl_y-MYL@vy@#(S8hS*QNNZ{B2#a$+$|BSdx0vu7sH_#dRPJU^C~y2=|elve){AvF)m0_n%ncCYH%E$t&y zC}}Y5a!!q!m-oHKMOlrKmlv%cOVILT5m$v*t+E-&!*o^hN>;S?hooXZ9(G(q16R3M z+q&X%J?2Rj70EX<#)R||3luStivwWcXh?i^sh5eA@brZkQCI1aFr@6DU)ZITd^Qk| zhq`hXc*!;_LUT2uGgQc*7G^LZ0rHi-%rPC#zZ4{t03T1qOsSgJX8h{Q< z8(}010JcJOoMuD3AuT2sEFuNFGY<=Fgo9Kb;z)~VgOW?S0Sd90m~kW$sncpDgAn@2 ziFSQVr%J+u+atNY2?>?723@-mwI#VSAII4JIhKgef4tt`G|DA zm)_GYG9<6OpK$jD`KkNzxwrLv^b&hNZNJ!Ze|oz4lk;NJBSVUV&QF^WV`9WNeLA$L zo=+YfKJUKj96o>kV%?}Y6DF;6DU2&*Y@kpXctMmGp+bsE9Q^641Hcpx2+9CFYrBa? zG@yK<57F5KQE(-#Pv<&kkTI_Yo7jYk6BdL%VN()VydRI@B!Gp4!6!gq`7>-bDV03O zrc+?a?!2FzVVo#EvJOy<0;bhYzu8$+q(ExN5sE?GxPG`pA&XA00u&$_AaNHDV_z$7sYl^%S@(t(p; z#3Gm2m_Nh5f2PuE>w{L()K1R4)2RP+4|doYb8*!Uh;W8PU?+?1EFNEf`K_&UIQ`b% zk$-TeOf-LM@BG%b#`RnK>sM`_^{d>3viQ(Q-bgguhEYRaQAOQlpADhl+9u$+t+KQJk~rd%@_!U6b2K~1azXxlE}^gRwZ6JYV%QrtVm0tk7wx# zn8hND1?Z-2Uktro)S}zdHY_fYqM^7XBtXU8$6SU59{RKg><7J<2&CArwDCAgwhg@t zwOSoeA>FJPgp@}!(4DKe zRiXrLjgyF=nS zdxv`mCxG+gw|l+Qo`ZV&8Z07H9rL&xbTIx>rrfSk+*M7gqi3aZ(m|;cbmT@MF`-wk zrs_n0418A3OB4r5W@8}lydqXzJ}Dz&odns|IV;IR>0|ZfU!ZQjc8#<#a8M5}G=?M~ zBPvuS%Ja6fJXJSIXtZRQ28|dJxzr=<3b3|=-HOX)F3&@rQPZ-(=D{B2BBH}sNlF0U z1V>&b5(O6#rgF0Z!=m>g3HlQ{5)#vrnItbZ;4CB0QiQ_2zShCQ6dP?dfTi=^rs`OK z1_sX}nyHa1{mM+vpsP=|c|Mz1#|D4XF}{?oE$ zVu0lsi-|5`^v~!+IF7JKTCD@|n4^Hmy#`C-WQi$(GAPj(q{%I}z75t+yKo;IpjfqL zUBRT6kczuW{ABzPXrOElBOG{a>d&klHR;PiCuBZ@~mM@k%X zvX|V%j3aY4Rx;8M^NI0)F@v@IUpP2+SjR5yW>o33^vP@<|9zP3Grwmll>z+v)5-qv z;lXb2^x*wbTF*GwC}Gf+{CPa&f(m2368hLB6R=6)=&TfmGbQkzmG^X(E?57@#}`?qK+crIf%NVGoB|&QrSqeE&sGgOa7PTY{AF zA;w)*jB(d44mDeScFHhU*e6(3D_(^*_Y!`K8<{z@bA>a88+-JCkvYBOC}q zDk(>8F zOPlLxO#H3ebzaF;lAg`Rz)(DUsQKq)zqj{qgpe7AeA7Seot(`u?AU)eI1G7ZeTdcp zi(v=0pdGnrhSc*&u#-x~EVEE$IXHZeDDl0F73gDgMg4dKJvLF*9xJZ-7*_Jg z^k#6smvRZK&+?PJ<|tM7z#ojEIj+Sw!G&r z?x*F8``Px+)+=Xgd+X_|=dWHpo3proa=Om8S=t(7zbe0)bDCK48o`TsiKUE`d~Gtb z*O$JNR_>TAP>yt!1R-0k-~uiAt$dz4Tj@;S50=#ZNwcJ55X3e>z%V|2V!~okv0H*$ zm2uKpvym#19Wrkn7GHwiAsph_g|?E&R8RCdCZHuAV;ZEQ(!i$mf$=N{A?TG7f{r6H zqMyy_nngM}tr0&`#6OKv6BwOg6GlE54qf%EuB zRrjA%N?j~MZ$JLiQC?O?u6q0NpGYYtOi&b@lmCVh!Sd`00&l8lc&tx+Y=kZ-xrCcf zE!W9Cs;#HLtu^t6cJ$^c7cF!hbU;XV&_0fQN)oXVjyQn3r^uro$ai+&B#lOwMe4w* zy%gny91!AwqzeUy^f6p7MZ{IH!Xv_CUwNJfW%Ho?*G~&lHX6p$ z(72t$y2?@S3+K7>vT*v?$lQtgJ}56T>Dn};@DA*xw9U5hG}mg%j29l%I!?DZ^Rc_N zfx7BOy}K=`&a}GiJa^E6QW(Iz$&o_{o|3C^+kgh7bl?=jcx3(TxUCNQgR=mBj0xlF z;~#*F=cOkxg^MRov?IN_!nLr`?b^=j_J^$}Pg3`GaHba~Du9>huVLT;Q!x>AQ~+~m zOo!*w;GFNEPlh@#FE8!;UKWiv@sP!0Ga#3Iv-|3&XPfD{uR-B;r6iwQV??lsBQnJz zqMw^|k*%<9E+&9Vwcdbd@wTDQ%i5&^)Jt5j2#-MuoMIJYB33L?ZUcZcSxq_7YmGrL zHk*y*lOPYq5Yd20Sz4<)v#6G$yT-rI#yopF^egef9w4Wkwj{UYa=F!yhsw53oBRX3 zMpPco(52))vd3jEPi5;AY7gxbZ3FfKc|(=&e$`sqh}T+Bpx}<~8>cE1x|3H0ntY zAkNm>wR~0WYob(7XB9qVO5u`qdCE2j{vxWisgw-$<(%A5tx|o#!Y~VKwwWhSij!&X z!vB|?*7+3h z+H1MVrXFo7bxYAHT<$nZFwk18e192LT(|2yb+nn0aU=&JTk;g`;WMS<$T*ztLZn4`j@PKSAf(E~J+C!mYm>M-d6cW}=jHCSvM8QtE?) zqqm)p2ffbm+r1C(j(dlP>lV!BG9qJUo4Er>&RNO)c~aCcH@Ifd8%Q1&l){RDH4j`& z1U4qLUF|cq{hr!)BwF-HukWg^1TC9>Lv%12Glzrjmh;lt>O?PInTu`nNdm~ry!3oF zrmkuxU>@L;f8#j*d8XXVp$uYfyI-Q zC$R(J)3yC|;`3+A%_)F#m0|CKYV#(ef1uMT@hBF=pGjHx-SPXA)85hP4obYHVYL{y z>4GBF)?NqJaZ1)roB^$wC}1zK%R=wPghZFrEHfa5u}OCYd$+nRl02Y9fnR#T3>N*< zP|W0+N2d{UbP_F6UZZz-`2N?k{ddQw|4!O|J<~Y@5=DGUed>q|G-$-sp^t-e`!dIv zirK-j;67iOg~RC(k!06GUlTH) zM0OI;e3X%pdE99oXj2_^GRJ|EIP@L4#ddTkkWuXWDhu+2_@P9JR_+1D*^t0)XiB}; z&Z>$BJVI~eX$E#PB?yD>BS0-?gY+N}5fvv+o}+ZXW@!4NONAjxUMg?Hbinm(WeQr& z+3%r68@u&QW=mRaWQYfy z-L4c)K$-h7!SwB!HtE*==)aHNpYHb^@mc5l%K&O3@R+-|;ViioDcAZ*2Es2~qij6T z_cCkhRu&Mvp6pCXjG3agJ|dw}5YgcKU2Q2C>54%;g>q5^h3g$xf1N^y&aCHy~Mju%VS! zSfI-!Tb!F6VbVyRIP$RTMp0*iY$8OR4@p(D*E{XK>Gk!Of1ph<4L9Y{Bo3Vf$vv>! zjN%{{$I@CGDiGupE>^+TH6cEI2bj_#&yGTEc9ly)Te+zmiz+sr><_{p!P!&LDbWfG zb>K|oMnEv9f2kmMFi#TV#BoRs6Q(FV(^`_1j%{d0o1AVTz5r1dm|29w)ng@g|Fays zML8HG3NY2PoGyLlV*A>2L&tYWQI}4IEgG+70uU;JF<}Jjsbbd%A_f5&ESlSb6s_)r zOmS+Z2OP^7%4AGGMl|BW=AFPbEm<5;>C8c8qRfB&2ze0;Q%Ev6{y%m(y%L+3j5&$W zhyMOau>|-fposY-Enr+6H2NREIXFG)y*mH{z=VPyXPOyD63cLZ9nlNwlQ97o>v9++ z`s%=`sKqX|^kmhQl=dIr&LfW?*!v$_*X}DnxNqbs z%xNy^Bwd!j7UdI3LA1e>1e6rajt0RlF;!)?4ZY;?&EK15q!r_ll8B) z7#+*&d7(b$uK(v-`Sri`qWiG^Z{vA{{x5sq-rcsX?E61I1rC)S+u0^9`IS`nv6M;$>E&S*2)rW~nSugnLShSJ8&uq1af5F(EwcW_XpFYip7Pua zmSY9;)_;3vx3d0sx3{-f>;EB=aWatmeg&BNYtyz$Up~!U|A>BgdUWvO^^rdg?o!9x z{eOF>vi>CpSgrquNQXR`5FI`tt=%}&IN0K80~oW8i;*G7r2@Jd(`2>P|EtBKV z-i-~+TmMgXtMY$mx3fC`KS){-S^BKx&0}>SB3h+vz$9bkNTy@l{C04~9 zmqTco+IbXU^E5>GhUI(gf9(jThvn;-xBho_s`7tld!_$-m{c}E z*HEZTJPxl<- zXWk_)dU5^ewL9mXC*9q4x4rE@`EjrP<9_GqkN?+QokJE$%dP*VRsWFYp8t3EYU}^W z?rQx%L@KZU0u0%3fYOrw=zoMqOR|Np-N;p%n&z(m=16}_)iHbh@9ypI*6#necb}}* z|3jo!i@Zc!Pld{ZFjSV$Myo~Y{<%{Ew^TpgRGxKJSGUbdWD#v zJ%=-i?c$SDHVj3kV1Wz@JjRBQ4N}mflHV0Gy-PmbIxP(wuZ!rC@kIaqhK^a0!z!{1 zPbKp#GXKIR_||--yul75DugWd%=!(kd{aTev{7fPMN&2>Snk4c{$!gGBOhcs-8A)W z$SaawgAFJl869>>r{n+Vw><@D*=c)e$04NEB4;KnVFh&`U)y0`))0n&jf8_Dcp(V| zSwj?xwN1hz!4Qd-leOc)8=jq{Ot3gx!{SUYGy_NGf~DRt4+FM^K?k>5Ny@w=#|Y5) z3`&wSzzPsxSA{jbEnxjk-s(4U8DU0un7X zIrt}H_%b`@5_+RxN0Z|WU^4}IesK0PEX+3tua8Nt4Dz^s} zi>;O{-s7>?qhjQlavg$o=u1txh|aQ9*?T5(|AUb+e9TheX?y>|8(7ZNjat`LxOlSqdg1l!V;z=5NsLWQrBiB?>VgIvoo8|$!^pV zEVCRdCdu8{&D|N!muESq#Wl7wkMSVSD9vycGA)}Bg_nq#G>R@GeF!hDL$8BBBZlzP zvFdEE%$>w zVyTLX>q-IegX`DCxMiTPi-kDOqby7!=9zj>&TADF%aw%t&j}Ce%je#!Uv~^VVjnZ8 zzoECvaqWo)SnZNdyDjBMt1sb6K{5JG9rXKhOS(V7#dGD7cot>GQbH z5;)h(Pqt*In6XpOoJ1tD)wp5U($XP35$Ka4Il)<}t7Mi_R1%^`(#hG0llEx8p)?B? zplM#@Fa>0$iyZl>_W4jx^-sAdBYMS76&zcaY!{NMn8f{2%43eW8sjh{V;-3o6yg>&4Bi^S`gFrsbWBo^ee=E)7EF3c(i|Lw1=(hgy*F*39!7K08 z(YvEplI()GL!hlo)_AOrH9u+hwIU+OWvQK)3bZ&t|FF#>Qoi{B5sDOuRurKVmfa=R z7^pe@_WYkwJNSy4#Q@9Ow>YT-Q`st{r-20TKCLLkgvi`@j;As2^c zV`az)IVVF9nygZQosse6!g{8bMG*-{vP{d#4KaM=mTcY4OICy4zG{Oq?=ClL>uLGe z5GrPwxfpNh=&K&}v?q}VLL=PMry}#xJSOY%6czJ~{l|u5N5t3QLmGd!TWvFVQ?0{( zoF^=WpO)8CIDi~*vdW!p zlpe)b@T0hG`RVOjd_Yi6=n}U_Qx`j__{RK2e)|K1xM*?23gNA!9h`oOH~=Clm-ddP z;_$W7PN<`%R^fzM&?7V*iZ9gZ_P`%QZ3ihpR+Uco$_54Ev+MX{6%h96IyicOjYU=B+>2>Y2iywNd>4ngZK4-c}iPp%lzlm*Z8!GNX0 z?Gksd-G2Sty@iR{99llfvu4ZQJce`RNSWJh6>vngUYv*2BQhz(Rzx5Wf2zHAXt%%C zea0%V){h553p~9%BXa+Tj2GHv8^G!6U(M-~$IU&VY+cJ8awiicIQM$mn9$3(*JBk|>f+R!{3u{hIG)zs+;$F~>}KrK^m zr_iN!HHwaM;I8DFJNYd8@mUj(B*UM3v^-15jR)5!=$20-{C}3_B7^56E;92NGQpEd zhVjJsaE~VfM5NA-+kR&sKwP)BcgZ-|!|l;WEJ_CM~Tw zM-zL7<=`#bcyb}1USQ$A7)vKh6Aq+YURv6XQAXRD=44SDSGfd>%TFej}SFJ*lvEDd>ZhSYV*4r&AI zK+5v#D4{Fod;*HDzW&uEZ+Og12kh9+YfSvF(Q@S-RAHL!=cupf4_Z2SK8=cQ4 zK`eOXY9@*LSa?O)L;Y;4B}?=qJ(A$!u2oamRn(s-#|j!x>|oti}W)N<6T z`Q%8pks3D$eMRW&x~w9=kfFG@t@eoB33B-u$XXuDb@LfJMVAaBkJnQK6ulE!WF4QV z86#;W1+fT2J*WK(Xwm`X$Fmei4I1@+#Ph&Y&M&DvtFmhvMO&?ui7XBKnWu^w@D$pl zo20eL%}qOlHk<-79NxHlq|^5Ce^T^NH^el}YG`)rVnZ@J`5z655786VWZ^LpqcIt? zF+`$jwaD`VbP~5&9dZ^m-~ryuDD=IF@?$BkpOg$QfX72k%uS6gB<#%P)QyRR=% zRRxzC*$C7Jzp2UqWv|g-Uv2tP*h^_TF=uOq+Pk&e+27FMM^Kf4oMIA{N1(CeLOgMz2ELQk;^zv|3@8#U)Zbt|&$@ z%cU?5KvCH^8R&~H1c4g!D|NX5_XNf8nzdb3lNS~lMID!Le?^`=c|wZuk`gB=1@lwu zMIn9Zzz;7p@JK`t=@gQg5B#rv=_kxfdRddy;F0Y%URs?{RL1FhiR zESXE8=J&tsNB^zztIJi_bDKVKU5%M*ZeH|NC9HGV!Z04HvZSDj>h*QYt7}6FF{+w4 zkD^Ty^IBCHH6|3O#t|&rB>fTR#_LQkN>eLKeL~iU$+jFNh_noGjA(NC|(^ElAcONAJN+vH}>y$QkT2jvh}7DQqZ{=z?17B)O3K7^Ss_^j5Z zLNoL(dk$D_I@DR2N?41M7SOc7bp(b0gOM@_q(*uv8R7}EBu!|(Ms=Y@haD=g5^mFQ zhKw6pLfP;uTc0Qj!vr2Pa`FyQPxY;d-hd5dBJUwxYimG8#q7}aTq!NUKK7aiOc`T% z;ExLAa39vmEWH5+>RX(1b>qnb3H_)~mXHaWN@f^7@oV zaOG`Qt}CGU};l0r#p<)}#l=OH#(hiMkE7VQrNdt(&NRS_FX> zo?s|LEp*q#@Pr4i>>LRX4(gc{HP+6xrtX9fieo~3dcLy^_KZO*Xz}q4+$d>67b~o( zm~sh3gaPZ*)Wp9@cwjhk<;nw|==|zuaqThTd8(|(Vq^40w1Kt#zVhm%$$(B}kSDOB zDq>Y9-<0c-$q0^cP$Qk~on2smie|WKLEAjr(!KHUYXMRhwnKOvR%bHgK9#d!`RLog zjLs0)y2Oiso32>ViWNN^D>^dQgO=H`egzBOVgtZFj_tEYefT;_u~R(&HbC z=gOY3OMY7m_}V5}GvBWLq4`y%!a0l&*VX4?qIOv;9(qq63e4>uEL0ofB1#8WC!~_{ z5{65M^Q<0Fjc-W#pw)EBJv0F>bkH;_k`aJekHd#D=Tg50mPd}`XLrH_59 zO%~-L=Z&4MDA*@&<7h&TV|hvvBugbjlZR%4>Stv?81w78>O*Ou&ACdIJ>~(6pgBnr zO?))IR%dmLqK_Cg5L(&9UsHkhurzg7iV>*`lR4E?byO;rXIs*{lrLoB!_+K}+qsCv-$=t?0iDKdQqE(9v3CKIewnC%`pqmMLvJj5sIF*8CD z+zGJ2w>E;K(k3u{EDf)Q9#^}3!J|_SCSWPt^9QB8M;{Zp8nq7(e&CT$AK0V|-)*Xp z08$J&jyDyoYnS|{i~HjicDkvgX^la_Dbdad^^YipM&T8ULF(_4egq?mo9Sv};n zc5Ceoj8~y+0&5AA5!kgd6@gNal$KGraILR_E)4UXK?#TOsVMZLP@%S+lV7Tfa#*|O z@*9d|X%-H`KFvU=vwvy>PLz(J$iw0_m^vsyNq+T{`Z+cKFKkl%<`*_;{_J2{O`yb8 z7g#~V=2O@M!KiGVoxL&~vNzE}h03RFRSvTc+LZXreN5n!voVK(;oT6 zHd~~n=AE)DZ2|Zy6d5=bL`5NG&N60M8uo=`M?96s@K(!F&l)x5g>a(8OY8c&>5jU5 zta4ELO;R|BupHQt=%-YEwkGRXYs{jq^?&RzPh-R24rUj=tZmkeB8}1A4t@X#x z7E=39HSp~7lyR|D^t7kY+y00}LZ+kBn^B@*Qn;^O|uOMI1vZF#VZ}Ot)2# zG>@d9kYK}TK$FbG>IRc3FlsTrnXm28-hCd6ETy56cc3UOmMTk3J5Z6DK!u;D%-_|& zG!g9~Ji0JT>D*u`L=~Lkz?KZeGyTm8Ax1L&s z?k(9OJNxZ6`ET$YF%=D@q|h1Lk0K++Scgr)u2>365GhcG=&57g*H)+b4#VIiXi{kV zn#jqxSR1N>KSjs&-b8*c`{5DJV$nq zhilzp&#+D7dfoP)R`4F4KCSsMS6~y!%9FY3$@~HsrET-0tlQPHn9bU*Q=T&sv&f9p zg&wJvEHWMfyrC+~y9%jCwI`aC4p2P;6}~PuLrHcrya*n)KvUd3P&6}gc^R*3f zUisJ}gq-Hc0=^<@!%1y35k`Nln3v8j3=aapstJLGfuJ1=h)_x z?6kA&l+!FB_0#n?Lfei%*ZRF%6@x zb#eN?ElM1swlxI-=afJ=&9#p=%MA@X&8YzJ&K>{d*8iPCz|F;f-KpZgZtrie@ZTRK zwOZyBsAd~twL#2w1?th8ki+Ax!xtpuJQB*Fgv*VJ3Exp7+dGu9un-Ss%?kJR+fPfb zf6em5)HU7Bb;y$qarlXZ?3N`<-h1hbJri*M~`;K5acFSK+t|_rHTMV%a2N z&&IM_`XkmQkGF1b9hu8HWm%r0@`WZz%9At%90?;CC}0=4L(B7>@2GD*r6(pX&LY1w zb*vAHqFmysPs0HbY<$JiLq1Mu%82`49lx{dwO!&L+U5L`_n7+He;H<)CS6XFhH*w* z@Qj7q&aJCXk7cw|R0TkQmHaeGWKJtn9Mt|^rhh`Teps+`bnb7kX9|xm|HD%_c-B8_ z=&P?i;a91Y?#};Nn(}lG=f^aM|8H+^SNZ?${!V+v{~sbP!T--kDfrC6z$>pA2m~(A za|-VWVh3xFV+DGr?0i6>ukghnpYJ%of=(0o!=o!2g#nyIk7NbyHt9Z7@Zkk>EHVjS zoke8D5%Zx)m#hb2KO-)@`-M$h;wCg3`5E^$RqeJ*Ttrqff4qS^9(NG3D1c8C22{K4 zZWs<$qp=_tAA8z^yA6U7GfLsQ^05;oAfc1sb3QoN+Bi9hhE*qu% z8mFoc^(rcfr**rf`c5d^pQ=pLH|Kd>Do28lrr9FoWcibaF>zhu*L%Ty7(&#|hVOk% zow^wJkHxP@hx%Go3^b}f?LH&!@A1jO+1dNIr!UUP(dp^iQ!om~^{6BLsi0r#7TK&{ zYmqY>?D_}cmg)qNU{J2Q-hdm>dsFO-F^R89+976|KHiG#{b&gTj_rvCf)7) zCr>vf{07*bHEcg>g1~=VvQBWf!RQ*CXD;#I;r^)izih-XH*qmQhu%`AapQ6gW}i;2 zcpZ`h`le1_zp^uHdx*yD`epG!Mu(ML^2rU!xZcN#^O>*0l~}B@c1}EnFQ>ALsnNYu#caTM)MM$CDJ@kDwP+K7PoKalt3*eM zjFn_DKiz%*N9(-Lu>W^Doof8A-Mzh4{J#fDOYHx@7%P(kssty&RHmxth|Z22l_rT_ zwpcOixw=(=k)K~!U^*ifjeRk~Svlhqc(1;x*QetEBM;HXDcJuS^D77yuQw@wq2m)Y zZkK2$to<2ytTf}kNLb(3UeUhguY;&hSN(F1d3|dYaR2UIwyRd`_3xhU&i`@pEWrNf zp8wjryH)($D;k;*9I^@q}9g=cE zdaO_7J|y^<5o;%hE&{Ex0Dl#5SI3~7;268Ey6VLnu>FQu1_|qL_|Ea56#B04o3r{p z%na}r^gBi}$fHP6JG;*d?+g1#t>#HJES||THN!&vZeMghij_uS;rVLOX}SYTDQ}&I z*3#3Z39Qb-QfXN4GLvnklKtnUyYK%(IquAt0OsufJDt5J)&2j;lfBjc{}5@3{r@G4 zSqg#eP{D^Rytu=y9WV3@K_0Gd8_V%;nw7xiJj7M}SF$x^UoLUS6Z2>F0`kPVZmbmL zk)!GZ?WpEkxRK~pS&7~wwCkB=1WShD6^pezp@NnXbw>$XUT7lr*f5|xW7!UZ& zU?pntWhrAiGD+E5v!!WNVT5FpYrSP(u@fFXZ^zm#XI@W?pM>ZsTUD9E1VqcA6MaoX(H+ zBVin{kF&mcWNM#&*;Jp!`kR#~`3D_0NB7vt-}4%%Z8hKulee}_L+9XuGjc% z_D3`MX*j49R^syO>@PUSm$GbBu5&d@u4Ci>?*8uDcif;_Snyk5@KY$8+M3lS@a?6$ z^ZzV~lz=vG2bjbE+xzY6`G0R`x3l8^50RGQ|8W4ZDivH)1ue})ng_ z4;@Dv&0l{*wkdaC|9KWJX8ti({@dTJ`G4&0uh##Aq$Sq>3HW`5F@geU9N{6$2-VsM znEkUj08Scp5+1Tlt$U@IsQ5g1aoOoXJ%w*P{cu6PFr{M4wmTwS>t_*kj_MlED*#|WeX1Mt8{kxOdkY!Vcel61(@HB$A*bb7C-8>&WMi5^r1Ai{aHp5@usg%u`M>SxG|C{2;_j1m&YU_O7+GaS~HTe9MUFB}0E>x!XwWhlzTLZ50 zAtqmQy@CwYwMMWdGM=)aRI%Atgr^1z2vGaLy!tU)Ne2(0c+FL~Q}?ZgLDo^&>fV3K z%HBYzlnx>H_89feK%3dC#RWZa)h=nxp7Leb3{_2Kwd>>F%;i46QPbUD$21LT&?~0b zyfs;pG*;{5+g%^!XU4w^d-XB2|Gmr|c?Z*LZ&!XJM-54j+)UAH*8oX~In=_Jv%4rd1_J*qW4BYVR|$ zuI}e7!U_Si)(Ow_hqF9#pq+L$Q>8fs$wg+JkxZ5$%MQ^^_+4#0O8(25A(h1ST1`ux zwyf`~WIQv&L(cI`YQth90_gAY@3B_c{2+dh-MRt6lvAR=F?+0Z-B>=1e~nvOsNVru z^E@eT{UDw_l9@G%HwL)!!IsZVmf|ndYqjRjRlb)Qy5hJ6!k6*XzbBIyewCSvX@`5o z)0g1hb%xq}fG_ z);>RloPyrsd|rPylX}xpCH|-!7N_-E(DQS_(v8yPUxl`1x~W2eRJRbY3iGz z)Dq*HJFzTO``X-Xnpj2l#U_?j{L*u)`1Xr*V^dq^cjW@ywQ}I79WNV*Dp+jw1Tf2e zcjo?Kg_-yQTZk2ZVbNVg)=OL zHQF|lisEAkj+go51zNXhknklotLDD7#OaDvS%W&py?NKLb#X53RRZ^4~wv6-+?&&=PyK2J~0+Q%AC zLJz)&&EB&P@{eH@($wH{%cEAn`eDE%V+WqABUKS)@ukR|wQ1FtW-geo&D2zbjK#Fa z2cCX6Yh#*fPYf4C%GSAvt92b_qcB!f>piH#il=T3vs+NMC9a5fQw-x8b6NFN=)}Dg>WHd1M zn4i^3rmZw)RKD*n%dq$TXX-s6B1+T(eq0N+y{MG!8W z4riJDnz^F#pVQ$C_}5d;vsnUgV`;X}6zIQmp?3`-9Ur$8TPC$!XDg60nT*<+*(Q(NZ+pKQ|84Kd{)+!UL~4-}nq@3SXAT@$g#GX3VFaN)659U&*vL)`BQlCSNqCwG zB1SBV;D|*4hBAzYn}(f)@#fxS;Sk9~2SIFJ1v{op+IvvJ}){(nx3yrXHzb3u+@90|uyQvN6F zXO15RjBa7Rl>h1YSEA1Yw)HpSh)b^j)1!kIuaEq3uuL7Z*Z+Qd`$^URtMg=gwf-L@ zwRFf)y&81jR)D&5oCES3gm5iA{$pKB78;KiV@~rV?2D}kvtFo~(~@~MmXH4GIIR{r zfAzm!oI1|s<>iEqBPU>q6pZ42$kgGr6ev}m?X38xAN`N|xTl1%0t7}?Vhcq&aO>se zCDhoXV&ps`l6+z+o{&5VXvRz~psNxc_d^&5T@@(%HBFo`%VAfBPlxF`6WzDD8uK0>iOU z2`30rJr)l?`M?S;4B~J<%0HCc8*Z5=I6*iug62D0&ftD}MocDm^*q6%8YJrwqi^;#RW;j9~gaVPHTW zgo6PCgImG+n)t_$!L#x4W5>CXL_yq;fW@*qSW4!k8}g!vD?Kms*GxC$=wpHhz~eZ{ zv#(9h7fd(Kjkk2V!zW)S{cQ-nf4XsQ$Yl+t`Et(alUX>>lJn$(k;^7{+&LwG=5#|Y z{Yw>kUV|`vr>Q=WT8x;{hM|A4n@++?3&L8p!#f3?I5_wSoLnVG$ozET58K z!^ALFs}1wJNvjR>J4rU5tpxR(&OQvEogO*xL1*LC^p852)CSUuAov|@nE#xCbRIue z_}i-;^Seo_9rHU$Hlr;;)6WvOn;2~gWB&nX;>=`DCU->g*GJ8h;_V;nEi3Q0bKC?* zd!C?o%j$6Q{iGGE{Z5k2YODC~Q@O2VwTs}{KkS@rB=mB5jQq>Z0z1%P77{Vyc@z-r z8T8-L&D<;^wWX||vp9<;`s02{p1yo^Nq7o^_GfRZWVMGhp}jB)vv9?2zoWF`w%QpYkoIrwQGJS$!4~5kg{!Ny8sINSDl|KmCq;(#aZy<#X#LJH4r11 zS^yFjO&Q@u9P60$sQ~Eo3A}=sHk+0iJGl;{$UvwQN=E!zo9SEOjC^v&82Rm;9fjeK z^_Gsx0PWZya|W`EZgy$<$3|aPS*FL)AjcU=VVjkwQ!%3Qu*TAqr?9uuD6)a*zsNv- zo`@Bfi}mSON%ID>3hR7{{queV0h91d9BQ|iOYLK>KD#VoV@!Ci&)zxA)DXNabuTo4 zsLFXPr^KD-gBeJ(>@@bRs3Cnl`X($u?wsZfWE14+CAmQ#A)7(4Smfy!8H{_it~QVs z4rIYoX8^uj786m$dJu+v0$1(B%{1Ch z?UCHGR($sRNh?14og|yjf@CTDJQ=1mV1)=<)fJE%DVWX_WJPg2Mu?Yd22ZeT;Ls?@ z`Q&&&E(=*2ImM+E9E}_-#Y3nq8>Rf3&{)a9QU-+QBI5~gNkuxL>XdCO3rZDK&zky$ zb<#ACIveC~aDo9o`)d}ijM~4Wv|_X0NwV2&L)f`#;;adyt>N~_6-`3`$*9NF{;C&X z(*tyWqx|xYsXmaE5PnU~y&($+wEqfCDiK=M0Np7({@-E9(Wo7r_f|XRcav5-=68}x zM(wyv=VQj)keB-Et%@0=*!08A#F@!3+FC%f29wK5%n?^%sJx+Lc9stY;YZkU&7b89 zO-6n@Dt-UQdP^55RH&{ms$^;!$Pa8X4`{>;q}m=ouy5o3xsvWRkS1;u#1{M}Mr&46 z0od&$!O%m3XREP1*3KH=?%~;?N!amY*60t4`;444mj$;8Y&Z+9Oz{{p_V4*44CF?uZco@bX9Ves1 zdBtKm86Dcibo|b~-|+(03u)|i+FrW9<2XqkMJGH8`*Uf9&K^t%#o|xQhbH&|$dPLY z(KVfjH4+XAI%J=%VYKeGO$KYz^sAl2AbqO;b8?2njQW(Hmw{ zs)IO06CyOxF%}{@upwX7<2z2kdb!oBJ&XrY>j5Mgt_#BfUJAk;VibO0@{L?G>|>Tv z62=3bjuG+~5kG}J78oQ#PT_+XByk$|nJTQux=zc?K6_%dN|2uAY0;A1JY|qu#2RH{ zcev9c*mOma0@iF1%R#AFKq^$o+Eid^zF*qx2U9 zX5<}@@-ZtrjBS$Rfu3Tn=WY_anm2$&>beTeF$jgEQ;=XHJG77Jp(5mQ7!OMnyPoSf zwBKh!yygL$NA3aSBx4>Fkx-`6U8?Am(cpa=X6!8tfC&FRx3aVF-)xB*p1uqnNA3sn z$~~dkNCn~30~wS`G61r(rn8G{W zd3H`C?EtuXi_=n?-PZ9$75;%uUehEAW8fO4vea{f?~7%sBhLpmK}oO)N>IKG<7q@7 z{k#Vd+_U-`p>_?aEn*YfBE%@hWhNbO<`*`>o_zfH2wN+u$^|%CzgJpw2>eR~i$w@f z=dcpN`ojjSg$NBu_a+g1%t#iFnUDos(-@ZIP=1|pS$>MnHVGFZ>_uTV!Fu76bi~3` zRQp2mYdy9tQbcA^Jq6D_&ua!JR(*1JWMZNa9B>z+NwWB-IDl^x`d7{j!f`PcpFUY~ znliz;A-(-w7WYkbrrTSm)aW3IiWd96uY!iL_^NASqH470lY_If_is;MSi!zQY4TIb z$6d#kuCObAVUtrfD8HG}UG~AqL}Z#KiB_f0N}Q&0l^@t-W{n`aE?J?9{iYRzP^;`e zr=?ApOt)6nQ+esnTuYKGm23b37x?Y@(V3rp%;d_F*>t$%nw??ynQqlI`_gv1ZejYS ztRB+@dhNEmVPZTrnJ_L=UuTK>I;y?}|?^y zj9A4yd$j%`@3DRs!N)p^JSbsBLi^01s1~z=euk)>Wc4?r3=!i~pM`(2WHyq)~`y(0;nQ)vpTL*um5F4ws YN~^R=-(>p#0RRC1|M@C4m;kg409cDc zVQyr3R8em|NM&qo0PMZ}dfPU#Fy6m)6{zf8+igfmj+1oNBD9u+twr-rm{nKYsL8f3P#?Z+`{) zcZfsnlQ0hHSN&VJRqWg!Uxm#0J)g-JR~RtBYy~DNO^>4 zWig5Z1Q~K77@{G_Q&k7X_(wz;CeaXF4mvQ7)1Ob=!M6Lj<0Ix#9CP{ZU4$J1P4Cggai!0$On6e zfFUa2x}6yjNX|Hq*|68Uy1H`TPpIe)340dmy$<#SKBgdrSMC(^Su#!-q8^Djiny#K ztM@#ycvvrlj3e4(9F7CjD=e^pOiAvYc;Uv;v~z*xSA_a(*m3Of>o`C{?>N9mmn3GL z5aNhK93d*pq7dR>2ynzW3<5;i|4BR30YJ@%T-M+ys|X+me}5^!R!$fr3H6W!Z#qB5 z5vOo&bvLHOPdwg}aGYHW!U-k4ON_3p>T29dgVnh-gs|g2aUb{loiDv0{+B%k^1OsW zg4i8z0FC^A@OWqE$&(`gfB5*xJ^%k4&l=cA6PN@XsHqnWw7?DA&KfwIVFoY*5d6G* z^u|$KmLnfbaDYUC7w8I71g>T%0^STpk{N4|GenUKekKWEGm->8xQNIVxSBx@<|F~4 zo=0Ecjj zPSF%IPUl156Ym01*KjUOvO*_G5R8yV5of9@01gP}rtWJrS6|=45Q*<=iiNtn>DC22 z7=bYYDtNe6!d|r`XBEbAfDr>QU_{Qon7eB=Obl!q(DH2tbgKh^!C(kJ z+~`5H5K!a#p5W*;(m&MBnEuq?vXL&7Dt_=1#z}Y>VZKMqM)m?taWn)UJGCVWAAcl4 z5~Aw2M<51CA~+B{_uG$`xOU}i}f_L zz8^*tG6WkRx_Xa2^t(gQ{Q(8xd4XYzg`pln9`ZrLkO!IIAAII2dtvw&JIDqrs z-(Q{{zv@~2_;w`Q`c|;gPP*V_FRpNq^$nnF%;eB+>RGB@=@#lZ0@fBT$1mWBMv&u6 z6wDvk-7GP%OAISlkmhXYT0#ndmJUIHF9erP0wHgwU#XGV1ye!XbHRyJ4S?ihRSf`! zJR$jmF$&0)n#KsAYZ%6Ib6Lz1E3w|*vU+=598*PRf;XBKP(O@iFhhZr*wMrwCJX^6 zkaE%qV+#6s4p@vlJejKjw43gL!i%AzWdwZ4;cGNEyX9Dtsg&eJ=f&R|yeJ67M(9xl zIr7~OFqMaL@tl$XfftY=-)yX6d?*Pt9cNUWt$x9`eB!Yl^g|r=V8UmF;(tpWu}8vhC`rM4)W9Rf}hu}e}CNRB4=meV9aa;d38E;!_1LV|!?soh-^)`NpR30&5sqM8EY z02t#}lq9i!Azp24=szh+l@#+$=y%vdEPa6@KPEWh*_)X7=Eo(XW2^F1&WQT^3UY6j z{t7VTax_N@z8FfeQM4aJjhF*fMdqm2owc=&{-i-x463FHd-g}UI%13yhFn$lZ~`L2 z0YhABy$YCEB?8<702Lt2z!XJ@3Zl`gTL7LUK_I_#6bgoqi~`vKz%~?!{l0^vDMd_< zAc};l>kq*M2251aOX>ymE>PsFK~4*qj)8ZAE>j8-YyMEd1QdCMN^+hNCU)e1{!7wV z!Vx`zd^QBVPEOd+FLTO!8E4UGev))2TrYr(4VCCqQH%%7fu2y5y8`>JETSbM4Iy74 zrsR6=jEO&Y82-1Y*B6xnI7UH+3#V{0!JZ>Ufs}(*e8N%si3esl1VPGe6od)mf=z@l zN?;JA{6O$A!#Y?DJw+sPrKFM-kczmYxvj$krbRh5^7@BdjnGYBLZDqTa7b#5i9bRC5-$u72*s*@qh?6I0zx`2Sw|!_r^GMXkn;(EwItHFYv5hv zkuXGRr9y!(AW<;4p-R3amjVgHBoYh}Da9uyj0>Q@1z;0Tte>u4PiAdz>8VxS&C2Ns zEcAD+s>f?~pGy#|&MB!)$ayw>R5sDjOx^HG%Gie-j)l}<1TnRY#iw^nZHQM8bD@bk z{ul^xTohG%zY9i4j<)1S;tzI# zxlvh!!|4zVw%tc=-|^8H!^j!*9lHHUC?#ppcT8}e@)F8QoIu8|2=#}c+s%E*2D+~5 z!8I4->5K7K{SuokigtZp(3;>B-HmTHx*bJE*Lx(2l&mPe3?B6*SB-_{BdU3*daD6I zG2uu3SGWU=oG{dkfbt=DwDWMg1GMU?K19SvDLtDNE|_wJ`8<8WNr0%?VkBE;0lY-F z1Chx#sb)>lZway)a)?4Xx!p&D?IYYZue~@CBh&AP`c;5KTvcuGs#xiftkh9L#M|RD zOE5T5GdBAF-l#1FGqr7i%`!uJCKuh-0|97G5^(fxbY`Sr!{U9jx_!hU4wQ)q5Sr8W zq%I`zU>s83F?DR+*{AqY&6mPjv?oL#fpbEG2OvQ363MMhZVO_v0SaR-$S|QnzUGw_ zx20BNbuklAEXiB58Z$orSOJRlQg|SB0zN~`n6X5AOrdHD6fOg5%q6*eHj?0qW)rr zekn9)(Cu^rGM%bEtjY`%HXoB~ivzk32kxNL$(b5D1w&TlDT%;PXr_SApw#t@CV7RF zPM8@BIS~qm!dW!iyG-qHEA~U3qSzS4RFztj{Zh;=34#+PErG+yTf$E$VkqKDVB6Dj zH;5@F6!STdVsN_g?G^>!M)U-mN9y{)lfl>P^7027CVEFDN_hF>q83eZ(oi8xnmp zh_sJsWpi=?3%ypB6uNX0FD@&Qe2I`q}Ktm-f?triRj$W zqhiQwV0X+&kZ>g1Q!gED63lDh=VL-R;}pidF^(XeGfpUSuS26z$cYQ2X|fVWQ;b78 zMSKXv3My#$D`R96Sb)8|!bq(cbz+d|Bbuc`EbZg=hzDdUC{OKbnPTq%D9v>aOnl7U zfK2nRwKQ1%z>t>+R#jI~i@x>;YX?ze!pDnk(BpaQ0$r9TfnAt`@s?1GIVQRyeZMI+KwDkz#1U^B_JLQgkYYH zRb?~N;*b^E{L({rgr}OVGqX`r5`xF>wcsF6Tp?+Orc9lB%5jKD!biv>k=UajKF(yC z1F=iX(*?<%rHM#vqBzRng2M=NkR7OSV*G)?-}hhaX+25K>Ct@jThKd#6vO>-@0da_ zFcMNsk!1FJs)Zrwh8I4jz==VR#JpD$IeV9o_9}U5Pt9^Kz~k?M=ijD2`0HQ6l@Okt z&{>;H09F^B!J8=aD;bcLwfzNK@J2y@w)h$=*VOkaa5|^b~|e(7TibvMV%N59s-aiSn3Y^V_sb9moNz>!r;U2DkcXRd7zTe_3Nid) zX&T{PPxW6O^rk%EsnE2Yga*%h+3cJWl{TAgCq4D^)CGt>XNR+Z1qo+{y&@v8t~n20Q5e`d*8 z!AWbIuepjFVbEV>wc;?7Y(T zk6>(}QdPXJRW<8{wlmMP#R#;V!@3Ewj}T{sTqv=#5x6dD%2u{gE>mcZqPDHsC9B&i zlt|B~%}}Rngd2`1TVlWgyE$u?I{))!{lkeoMm(V?h7@JOHfHL~fk=5CJWz)R^7KNK zS1?p1BaCG2JG%Y+CZ5jzNm}rP_=*(v0*J#**@;s3NNcpzZ>7#35g%Enwp~Y$mpl^F ze{w?M6iNGL=5ATp+ng1~FBP}SaW9O?37?E|SB?X&d{N4ul5gVXcZ2S49z=>F#20_O`| z*<>@?+YAN)@^$AN@h0!*R^h;_8a+HZIX*qxeS0>vy}{K{qZ&0Mb)+DaHz3e{utNUz zQ5=wYh$8-V32Nr1F2)hcxe)*+6tNjN)G9HV0BM)rjbr1(tVE#9KN-Bd<&%eJdonAe z|4wiOME|6bR%(snPr_%?A5uB8NgJd!rKSFk5a;R)5;JqwqK`nB9#1`s+Shv7dC=7s z&O++v4GtDOcSe4q#R}ppIhEV!73U!*R_k+C;~gbfnmo)uiFhcZr3BZ?W(5pcz(>9 zlIQf2RoR0EwzbrwiTiM(c8LelFH2LiD8fj9r0q~`j}hU3B6XM|ouecNB#|kqt%my7 z8#1+aAL~e=%BrRik$#p+j+cwc_y(Bc=yZ=a=Y^_5!VuMqZG>uX3f3Mgy<>>7Z(-zr ztGrj&-2>ZfyxMFP6Tph6=r?jL;t0e6#1RmxlPix^ z5tckmvLrpa2E3*grnr{&_c7qp77r(&a5`gG#!Pk*`47Y zR2*r)YkAIX7)8fYR0{kMMsw+gm4OLiT-=N7`k7vm*BM+k8-kCH;U37F5zx)HXi-=l zIcgQ8TL6M0zYPc^#zX^9Bl|{UZ&-TqTw1y!#6dE}5!37ZI6~T;R`PxIaYG&F%QB+Q ziF{k!1|aoj_!2oJ@KX;KWlMF-8#jSnAEk898k=ZD z0*Gzp5LyjkZ|`61F`_8Y71zc@cR zK7J$nxVv|D_~SvL_@FpGc8$aRH|6sA;zvK9j}G=u56;dH-u`(0<8BU}mpOlM#d}|) z`6-&%lB@z0&b7qpM9{WCDw#CK#)YLOM6{hQ1&ui5$?yVN1SI?ide5^iiBd9Ft&Iw2$&;eR8Eko_XxCY}KII?O}-N618_+-p%*?CKSj zuM3s0RpsjzmEVWg>7|KWpF9$}EQ#Duh8PjNOq8W4BpkIY<_bwn_Fl9i-2hrQ;nEP_ zsy<^uT9vV&y64gdItNosuxwk!MUf@MY80?|99Y%X3!@t_v;?SBvMGcW$mE+M{JPnL z37?^etLriC$H%VrEcLl)Q&FucAp@oZtlquE!7>;ar7RE1yv+lv9^v*K%p3x1MzeBw zmEp;1QXpA)xfojBS2csK*-XXlC96es)va(zMLY=&hM@c2AA3XVeoRl^eLq!khg_k< zfSVh~Dqt~3t6}5HrPo-mx>WfRi#|b9kDzb8`|6IXiwJ#e zWg3-pcQb_ zsMG}4NPTQmDAlD>|JpKX3UQ%^qN`hq)ro6HE~%eyU2p5^)~?qDeJEp)`489QP*=ZV zz#Er+wVQfPvndUh>trq1-tC~u!yOd7+-n+ZB_4sIZ+u%|RwVsnUtq;l!Mw6=J`*<`(`5p=&A|{O}Byyzpl#J0J!xVrqR%RgqhZO;Rtqd+%^WeMwciSBRayXfnrli$$ z`h8$ks{5W`e+UNshy4x!Q|oVzXow@}1NDkR51k;2iJy5b_w{JLNUy>@C|x8Qamdjm z2}a76Zz2`w^Sy#Imas%vl-_7C)F5@vwIX?ojSUc2O@f>W7&D0MbNmPI}_PC$zE zVX(X^q;Q%@$Ee7gn*)XbU!urFIS>pJ%U>}iV|AfGe?Ji~>fFs^6)i*EVd%ja_bvz8 z(Xlr}FyJcq363zwFxW={oTrmK_)dAIPaqBwiUikYGZIK5sq|&nuj4$e=(jA99LR>! zkr$wK$39s%{`MJq(c)gZyai!j;-bh;A|FQHd$zw!6}0N zPZV=>9C`L7`0alG74Dd0EqM{roaX8S5Ki((YRW!bzQd)W)g7N5*ukstG$It~gI`VB zDz1}U%OSi#Ac-rXDJ))OU;YsWCNxq4{G#%72wgL07&}Bd>4b znJpno!ZD)9lT=0-r1vfCupIInFY`(Q$}I_uloJuy%Pxyb&Z0fCAC$d}z*GCxbE}Sa z9qT&Xs%qWt18_CN-pp_+2K;#hL+mL}T_G8oqf`YiiHu+PrggBrCDbF`RFnk40}zo? zbJC3h;Iv1QlRW_5jF2=EfH^2nTSwFdU~?L80}_GVpGKk=F!CYwfez^;A-#Hi@IZV9 ze+6Q*A93hiZ0XPHpQ_$F-IP#A=IB0KRHlX$*IbJRVH^i@Sz3l35x5uVt#FzNQnv@y zmb%G8u4U-5s&hy18uicVpLj~4z)3|EVm@mBu%Tj*Ux>?Q+*w<^T zcwj6~fgi|IS0k{9BKx~%yK*CbvAg&B-HCb= z0_;EQO6KKESXYvP_4_#}Ke98~xwtH=g0srWvoNb~kcr91(bP1U{%+BrDGO4F)h(L& zq%fKyu+FjxdMi2d1F(+3@EJ%Vj)N@t=!$c0xcq_sCf~A;IO1Et$?2K7uCZk7lt<>n zhYEa!qGX0kh=vZlf)sUoO?}UqPI3+ROsgfzsQmJ@r^%>OH>LG7RBXWBTA#PMSzwh1 zH#bjvIRHiI#jUwb3&lFJl@g#%^&nZVdp$7H(Pw1bK?HrdX0L>71Q@4~qv>4B(?955@`FmWsz1~YgRVahpy4{rW>(+xb^pI4iQido5?=U|vHDqCwuAUYg&0;TNzN?pB4t{_l zj3WL9hnS1in)_W>Da6qzh7`SvrE4QSkXJ_u6##0#wciUZl3!-$d#d%8JT!HHX#nY8 z^)PhsoVoNOdDi_mi4f~5`_8kj)TJLZ!MNXGKg9+sMM1&5eI~3to@ z@+4El={#c$;zv{EGJqm!D@cX6wOcJ{+%B^c_E7xkw|>d`5eFf>24=lVt9m1kzn2k; zBeL>xS!u)m#2fBiY@V%9&lyn_{`RY8k!ab-C_dz{mny9b#3+u!SiJA?Fn-!Izn1M^ zD~46OsUG^zbx|)MiEk=oEmz1rCO<@*(NVy)sn|6&<$6fL6yeJoCdX0GYER2IkXDr~ zWPplIj1%ud-Dq9DjjXP0!~#`p1hYImDz@qjsM^*XXmGcejh7LH)5EBu6ukS>2#g+rA0I9)0L%L3c*UY(+~@S1!+lp%aQ2 zo<=yD$`Q-Gk;9iSQ#wn)(@3U`J-CiBHO{jVRP`qbv!+(fyi0BUB_$ExmpSD$ODOTK zieecRRDNBK{xT4+(fkBrTDc4>N-17iS=&Y|E59mUCn}}xYgDz5R28clAM5LKcqsq5 z5uQfKe@BB;6Sk?0N=?ZOo4Nw4AanxxY{cgQ()ms6&?%HFB2)al7?moGqn%GidhZ0R ztfkke=y#@{w^qu($m!K*JAS#f=AB8JUtY)lYzp@MDarjQ$(K7NS(&}uTX9yh;^dgz ztxi~^8oyX|Yk3_&L8Bx

%y)E+ep*wbEGy*!CB+H6@>sQ6ImR*jNSQL#PFrMj9} z7UEK=Q?Q4-S4<~!YmbCoOQ{Gpm=<=IR;?^)oLTmKPBqf@T+XtMw4A3U4JfUkwz9G; zwV>LXvX%u_ZSSfi#HH|E#vrylz&fj0{Q_!x2B{jWHF;T{_!nsY0IaL{e8XpL0cQy- zD{#zj7au;zMx@)j-ZR82)#A-fe$QyBE8YF+WqNb2q#KDZ;6*^j*+s9r(UY<^Q}={> zy-Dg#6(e&CJ*pmB#g}_M>t4^Q9L?g;Y1+<`v{o>Rkq%vMZavFcX!cwGbEqG+H^XGX z+%=Rz^R<-EaD@E%&yPR(;cf<}4F zj#(h;WY;}S1P+}HCxmkV14d*Br7Y=(ydViYdFwMv(f~P>_jJcHPMx`zp(8)&EDz?g z#^&4Ik*ujxnQZB>CNd7Tyu5Fqsi=3r$CT+<8;~Nv;6%pbk*EMD`6&pKfa5qoxga4j zny_2$mbrLZeV0`QZ1+_x(;2w}A&g9vpZcNTM8#!s!KO|e0iJ=uR@S&qDsb}S9#iKe zX&9Iz0bj>p;oi)oF3?&1E|Ch=l|hmLCtCz>b-~SzBl9Z9m!9)fBI*#a*=0J>vf$JN z3xFAb1D%p)Gm*hasz-GQwzupy!?{TVnqt^r@O@DIy$Yqbgrgz&X@&zNqe?{x`G8*$ zG5jj>pA4HKU$6%m^_={eh2P*@#cI&et7O_JL&G>yRN+CH#L@+V`F7lKvS8)ToB2cFtSQgZd{~#@~wgyINq6`SU84i3ab3U0Yo31m3 z?3-ws%jQ6|BPPii&jRF)v-p?|VU{!*sC2&VSfLdY=5PWO@xFaI0+6Kv29R&2T%|(F zGKs-7^QNexqAROKEI6J#tHk2~f$>}gX?mTE5seT>X`4opu((t^vWO-bHvmThBbi_X zdQu)aJP{LUA!Vl_YZ{Yi!dx6bTmSI(<>>tIMCKy{D#MNbOT|K!84tx=*wbV}l%^le zbQI~LVFqU@v?ZrpRq|jAJo$LojpqQ{r zXFQa7%AtP=BTohxiW9C=-ATL4CPi@oJ!IZ-6!9%lMf{dJ0<)W>Xp&`Pnqodn#xh-p znlzahLW%IX(Pw_v`??KKNO_{U!Pj{XBd2OC(<%yxp%TR?&*eO>mAvhy#ty|9Nls!No9i zr+O6hAc$$Jhh=rEvSTpev-5;vQOb~m2F&yo3rQEGM?}%>p7?JC98NA!R0O1|XfQCw zOoEa{>rgQw^!fFp{@>0$MEQ9_0~_eo)m0IqM(uLY6BStfXe$ipT|28$ z+STF|n(Zg&i8=(2jF8*p5IW4tq)waGyUeZ9ysUOdw4zzcBAGv7ew?b^0*ByX-ymD% z#WyT{OC9OTpEBpReCXejt63hiN*Ayd2`ClyvVg)z@B#srPy|K~!LMfOR0P{!6>a>g zbh59(2%&U;^NGh?c*R^8!he%UE^n1LHs}c@it*l*_9%>ei`_pL0`Qd1H&l&x&yZz{K*V3DIeIE+| zFaXwBnNA@|lzhS-7Q=yMMRnF-g zHgkrkMI2A>;;L9wWMcBIidwm+^p3+5yK_th))Zpm)eLi_(hNqWFv})o=w`yuBnbeX zm|(KzlN^s{ZwT~Xz(8;$ng-z1@S0OX57`XUwfg?KAeqzNUV%FS%Dy#+Wzr6y$wle5otU7(bw zXo{ojG)+kzUe7i@)<8^105+w1nU>%bPA1p`GGMc@c!b%!rBPR9WlQ>BThocY(w{I;>`s&%rXQ=~ zYyTZyLO_&eCJlQkd#JIuyceHiN~H6!(Y4Dtm$TTiV;h2)IWsaE2^XB`v}0o8?fhf{ z)cZ8ymlwR6X$TKqjt&likCgS$2Zzy=3jE1fh}_b;d74JSH!G%74vk--+hGMN zjgxG#gc*@?l_s5P;!$0?NUabqCOr+(^#UliRY~7gVMXtzP`+wR$@SbBCzA=HQlRLP z$)ww|axMy!!y+8Vh!?dsZm-UXsyf~1i4z`W43mB!DV1aN9`0Uc91-GJBDz=_PrBzA8^MPHXo zp8WThluW-pL5Mn>IO5-L|FZqv$@a-#w*U6+KDmknpHX}uk6|g>gT3>wK*!6F@olL1 zc0{})4d04{%M{#}fLqhAkTlq=flJw0F9r`E{!NvLp)-tY{{0>=mXOpGRxPCc7X1et?W4PW6Ez%dH4 z)l*7*kjiDqJ}oeeLkLbe!-BMwi!YWrT-y@?l!q(QsF^0;M(z~+dMRV`JK>zFlyFY< zFgg8S4WqDeDXM#x{wDW+yU{aOuN>bYthg2jh&%% z2nLV!>-XXHLc4b?SUaXWrbJf?8)3}nT2S|QBaU}X{cNfK2m|bEXfthyWOI?3h-~Zm05hnfc}>*nNt(dIP(IDofgd?_0 zcLgzjNvJj}NT!g))w%6*Oh7rG;1DUpg-&Xxj#|eF4!D%?5mQ;{WSRGZ1Bmu?LNqSx z8!n244pqN52w|59L7r!VwTghObC+3rgMMQZ_xED^;5ws7L?TCS9uExYZea)M+FM3M zxZHu<@+S4C+okM`qH>~TdeAi4R;Q3-R4^n#12_`QRi+MATaa>fQ%U9&L?F*N6(vO4 zL1c`K8D1}`d>Yar*m&6A=ybC5qibv6K++^Qdou##xzO>1f~(R;@qhsoaXJT^(rYP~ zcu)Kx=p}UkFv;(wa^}uqsKSbC%_`>%(9*ha1S2Sr`S$G1=-WLcR-BrnHS^`{&B%V= z$?PZwO;>aRGu!m>07$b1&_M`P5-N`yA0G=K*iHD1$lh-5?QY4X$M973SB#ivHLmD& zJePJx=>e(LP_ElM2_T;k8s;=ksjr}jB@{8`DGXx<9ln3aQehHzf~7(wYQiuB4(*$T)S1lwOBYGqwjibGPW^T>gf}tr1EB z($JJE%&%ghcs$T%3-eKwd#e6+#KL(F97hc8GY`5R<-l<+&|Lh`J`(N)nhS|#tr4wZ zr(@gI7~*Qi_jX^SIm2)vBDU zGEbwOtGAS=*Ur(Ko*3sc?rsP&h`AKeo^=QPes`nOu~WddLZh<=4kOI7gC^DyY;Z6A zIqVeWw>2fw8R<j2ON`vk1O0~8hiE0AFx6+;`O>qL9 zVyeaq9Qi}AkK%yLLlp6jQ4x$CFejRq?E!hgwx1!~qUv0z5eF=__mNp9b8 zb^|rWzEKEzJdAs~LF}i4PKLF*51NQ6@*E2{F3{w|E?NXb06b7=F z<$j2!Y+HER8=#yKuIK0SL|RN)fuds5Y^;eqKLD!Bbufx z_Xi-eTYqnX5CUCV!62!-&;CC5zuyj zr|Nq(LTc8Hu&Q#^-{coy%*FdMqFH!+bG8aOZmS1OsX>b-;gt?z-MSy1+QWZ>%#8dBVWDYIe>M6T`?s zcU|Hs4^m1Ppxn!>*-=;~6jmlYWt7BR&*IDnmThY*hj` zzhv+1CejbO2U$sqSWF^@)R!X8Y5Cl5tCXB6)wn%(cH8fEt?$_s{*uj=5?xl>|1zlu z=y}e#QRIt-VRnk_n0SqQ@p(kzgv|0?k)}cY)>^JZ--@mp9w>1)cy$w@ntY z=I$&%0G80SOy8I5dYwGDxYw490{(0BKb{KR@VWc#)-P^r@v*(2X(6HF*qELeHyG() zlFRj~2S_Vv40K%q$|=MK0^Kh72yoeoYKHJ+2G*`*eq|VlIehF zU}Iy;lGPdFpsp-fXWk5jC@(uJhvQ6Q&5jbaMyrchdx5;J78rFscfZME`+2Uvwq_|) z4FFQT$yB6BQB!u7xJq@s`>@}7lfg$ND)*6&wo zR$7h*K_Tw zQ!--#nM?u#eQO~ZnV)B40{-DhJGFDH&z_tYkRj(C4eD0Nu-B6kVjhuVT)aDNYPhZ$ zUrZ=3&P=h5mj;F-hYVELtq6j(5S-)>HK;aY^@EV8bB_X(AIC)qyd>h)x+(^JzoHe~n-y<~j|BJ!a&=xwSILASU|-3QP}C`B>2=0K zY{O-Xdm_qeX~VNT-0v@dEO!B9Z4KzqSwJY**aJ8QLPJK3l^`6RWJk(!zU8HaD*|A8 z*_@aw@c;AQ|5x7t`k(*)e_&Hv=hS)U|NQs=eM3AL{Lg>?KXqVlDECZV5HTkU8i2wh z@ARtAQn7_Q}^_|hwyjm&@1mvEMKZ)SNP9Zh|*-LIGOwXVCr!pav|l;?riAtKKNz5xNgL=j@jHCjkuSpJGB8LOih z{ryC|sGA>ky|5>*8Br-wUJiOH7*TJAV8Ca(W0+$Y?4tl?w^0Y0CMFOE2}Nf!ir9<< z@_bIQGbIsb71ZlkhP^JnWr-BVZ73aiJg7VN>AJD~sk@QR^=R}aJ#?Qzp3=4PUC4NL zOnganJg|?{%a;Ib$9a8Nas*>};HP+_AfgU1C-tVlu%Vv4Pv&ax=B-aDppt84YPKl{ z3z0~5^Rt-S(sr}U6(Nk^6#3x9z~|sc=};*tUiwIyTBpjBjoG-kWinA-oIaZ12>B1B z*QUABVQzAyt&h=!Pz00vXHCb-NF=kCTs?JjY4%^~(cihDn5@ zsRb{IG!|e}I@_2%OWvWAO+`r%JOB|XH78YefYTmHGr$Aj%?L3!Khm@Ov~@&X05+%b zwh(Q0e;SEiz{rQx2ih_xA-#Hi@IYqx_$xS$Q8ePvyD*m~^{iF&-szT{Di$1BZ$Ijn zPM-(bA-3Vrx~iJ;qwQ3CJytjm<~{b-z)KvUF@n5&?%&Z|$M_7$18Z3{e~yh=$){2t z`hr6aAY)00WY`=NWl4PFkj;!ZrZ32)yOpo6b_a8}V_M9)iJ0|X_8T|Fi;fwY<3(5d zW}pBvjy=~SJyC)6OjX5OF3rXDC+^?eZS4UdkbXylA?TW4!$lqDwFqqv{~5fS1q! zIF8twz+n4{+jsl!VECy2_;Jma^{`=|YudJod)%Yiz4x>9JEc_Vb4wB)C;apDcnQy{ zLBC(&TD91>s-f)MU`}@eGM(aR>S{+798E|n^SIKvY}w#&(wJ$jwFOHNfZr07 zAeX5d_Y=yymbGSju04&dcGP!8gu~PrsyRr8rnxI?2ii+V$>KlY z=BE3vj$qEaDh#Jky?tN&--OY~9GWfXDji15aU1{{fPkSGQh8O`T(eArCgv*1NEwld z?fIZ|*|-!NEFe<{MlhIj>@g>%Bt(3Ml6Ju_aE=<$bb9&e&OH2qyFI0SA(7Y;PLj(cK`9Culj>Wj|bad zf&N`|aM6=64(V6@Tens0+#lrGBhi#Xo&@^lv-IMYLXo@+q8v4mZ~WUWaq5TNuREOv zH#oJXbhbiWPRLZ75#h}hGUad!Y}RCe$e?#$-ty^gNq@D@H*FvA)9&fp!?&+M>l)v5 zz7YePmq%3>zy+Gi+XP%_W9CkQE#V?#FRXb4@XDcicH5EBz(3iehs9iFlQ%_BYPywC zEy+~`jQ_k3q_uAe;OhWg$Aoflv^zRGI6Z%T@bk0vO%kJsu>ep(j?N5SgNNH&%VWL{ zkT)Y>{X+))W`#kh2L8z&0sI6qbulF~5TvBYiLy)E@m#B^E7$Rj&x84HAgzuZU!q{H zZml+7Ig#CfvS*&s>r@9E@kV~kfH(Cv<4MofKa39cP7lt`-|ikA=#DSM{1ZMM>$uT& zz-{2o?+K3boVkY0nu6Vf1yA?O@KAx@?Kx!&&Nameth`$?l@?H zhZ^8_!$E)NJk(H^)$NVXhWRIa>Nru66~%<{DMjqJ!1itH?C+lKzStcd3_E8;-9z(u zn)qQ18A|VFKaimma&gN$no9RyoS*EDMn4^&?mt`KG?xRXhy%w-Lm5fs`&1pOxo^|A zH#Z<(MQp+;Zo1$j5dD0-102Uk z9`VsuM=uboU-`iu9h|*88FmIPc%?!CF?s4J~Fx=;=dn z$YshA4ljftG(lJCWp5KOBj+#?C*uHnf;iN@yz~J7Yl)b-$$OP13en#8`jpm$=N!+| zkQE!bWpn8P=W6M>+py+tba49P;aBZ`sy!v%T@bOtS3&VVqONeB=0Lqde6a z+D%iO#zt+w>Q0XLrMy`fjhOgtX*mF0kAyLaP{f~=T!$l-mZ)1x^XAsCEUBs7U?MPd zw6|DGHf#C=zUzP2AF4xldnB`i0Z||uOU?AQU3nIkV|6&vi4Z8cV#;mAbO|FBD?}d+*cWL@6wGBbvUjl$xjA$+*&ecpjqu$ z!Rf*14D6m9y5Mjkbt@Af@&ch)9bFr^u-q?wAwSJxqfjp>X}NRwczzrmT%t6niI_sm z=<4Q|kQq_m2S4nZMwO-6QGUd*uI64|Lq8g-inC~2}Qt19O8hvB{El6Z3(SDDNq4n zTocd7eIH(@@>Ep?8Fa0(^vzA@???a0AE6G7)D{sAHtY7M>f53g8NEj#FB$9dWk%*B%2d1(@9d#GA_biX!*I$1vM$rstjg(|Iw8N8OliJ)k;x{)& z1U)%DJlZ||`TW!FVFsC7?qCIxy{6}lq+@Js2S+asPCs$4?_kd^>?21o&IvUpT!H=W z@I8^h$(~Q)Fmm`2*y5RY93(f9b%x)#RrMX^+ zZGPe!F%?|?4NM|0;{&%Ea06t?(X8{cu52z=p4N9U;H}VY=Mr9Srv^{;=a)W=x_>_V zQ+xhU=%2XkR zAu_kPz(>Go5_#b9L-{8TN6BP@uR+(zfSK!?3eB@ZJY|*dW)XUM_V1M0cMdD_J*GI~ z6VUw&GvTGXx9Ens4=jGH%OM^<%Zo@UobA6=;b5bo0NCTZ%urSjs}-)X-Kfg_XXPPP z&3)++HCWvBfEJgNa+@})%;KR<%{CRQs%+Z1qs5iR;WJGMIb;rgOJIN}82JFkvFwi9 z`3WiLvOE`U2u{Jk7N+w37!ymN3QZ~U&ku{XB0v29~x+u2}aTN~T9ZQHhO z+fF9)=KDM6yr)i8SI_*{(_K?f_2+u-`5F-p%w~RrB_?}}d^`kN#S?ZkBLgE8 z=bP9fdNMc~^yo3yf{#Zt3goS=B*~&!7<26KvT_fJzytHuoFu=m%E>}EA~o`=qwqx= zXSN~!x!@ESP9R)!NB*%%Wdiq5!SrF1U9~3t!plbc+cc)5vzv)3V^-o61~FXox!^g= z$o_6|Z^wI#4b6`T@fj^T;cIqeAkoB@ifYke(EU(_IL7tze4uRYxh-nvOF`QcLi>)3 z&`W2BKjqiBXc9rx_F;Z7gQ#aXi9}K6v>Glv898I!{-41>*$STOQ@JY@vjv^zV_WpS z*2{TqY_;$zD2Qxjw5zLQA-7sM0)C%ANur4t_0({;*=}{3xE2GeDlLM6V3r!-3Uie| zD#3ckXr$^v)IkBz!!fQ3hakG5-0MYRdIj#)qVB>H%mmP@nf3%PhsX!XkC69APYTX| zT%Jw;R1-cuHmUjE`LFyFFL&`mryY-ezCPaHO!?bU@esrCC$ilj!}|q|2}Os*U{h9= zGDHk8Uqr*hjxdS^Sq8MQPbq)1(qT*2G0Y&#LFo+Qo4#ghyl~X&E?dE#P4`KGV}0r* z&~YqVe#qidXW)3y?80C*V4IggK!?zt6$5*9DZ0Y1HG%IU|7~?Jjq-+!RiIq#$Bx90Bukwt;G@b{UA&xF=pf4! z>aQf1SZC|qHkcOvDXQs27Oh7})NC3YAT49+^F~KxXcfyXgx&|Hi%yeGmmDo7|47o8 z;I3+#t$53$^udxHjc5~Hny>XHL080kJH=^bX03ZC+Q}qI&|jx!k(@~7<+p88lu1Hj ze2Pu%bs|6h4os@jsnqYX(Dbn+(S_p4S!-v37s?QHXpZMkk!$VQt#5%6f>4mk*|RpC zEr8~RO^a#)Vs%*73*HZAb-cpa65ROirnN&Q(*6B83->oqOB8`oS zby_bC@iNMq)B=t02F(11K#p^HF8!yp8q~>8Ruf$~TLiSPagpx0iD2|XM@|*yDs3)iQE0yCUrg@6*BlO zr#Y=EbBxzn^p-$XcJLG7{wOwTKXwVD3vc)*I(D!BlK_^L0ChF+Dl6pW0_ey~SjnR& zY*js9OGcII8TAD5KMnjHExQ*XboLf%F~cNnRZTD+#$kbU!IYE$o%*#!!PR>;(KwF= z+A8WwYdj7Snm-kBu!fEZ-b9&dX~f}NnHCMjT=RHmj-I-bJg)H4nE9e03onf{)tBM4 zooQn(z!QecG+xJQ{M$g{^apS{%s%@Fn2mDYp-JFdQP}&}U%=vn??nJNflDRtrF2uB z?UPg4SC%0X$!_ z$I@V|CyQ&f@UF!_kA#FALoC*)FATc|CsQ8R88huF;Qy&#Iyw29r1s`N0snZG)P51# zAZBmY0B7zr?sxLd2ghf>ND6{{1K*)v7GUi)1AIjx<4$1I%r-5@;45wCBDtkT1_UGxunh0&Tan-1x8+Nk8Tzsamx6u-)l8dTAWO zO(Qm+d%D`}>p6~j&!dwXgPpCSikfU%nyh6rCc8&JTeN}k4;NLw?gX`?Ukf`vN{K*1 z{_~yxej6*6#bckxaiOZqkp=BF=QM>P-tv?M`!x_`MWXI5xw+{(0T(CokPem~9Il*e7Qlvcga2NIYQvB;-IkjVOpRbJj%F3qJ>6AL-?;o_i&N55pgk z-zJ0lLIIO=^LGeXlFcooOsuk2&)zHc>07(Nunx?Izn<|Gm}m$De21l31-bu~@I37+ z?giHt{pf76IbIgK(gtlr$G=Hf!!FVL4B67Y&j&6lmkfHewcn&+)%N4RTrN6L1*Ec zjE%Onc-iROv1CJqkEG@84;Cx{7rQ4FnE;=q<4-fsj@GZ1n*(2;?2^LCHQ|3S9yP!v z>;e8XS#^#EoB|E~Y{g1-=J5KzE_J_~<+>Q)i@UdUihlS~g_SM6Bi^YTf!n1@*mqWf z*yVk#eBUj>v+MN=(99hNtTNuxYVt+Px@1)Vi*F&z8Lxm|eptegTsG2v^KVKdiU*5z9O!I1z zZlMK3hDIlpQU?bK^L~V}qa$4eIgyShy+Svp*zwcvGAOoqrRMw^A0GfGbePogLMw1* zk3nWBQ2=E^g;R$*oKw`UnD!O@n@HoOpxBI3{guaU(cO4<=rS$c2Wm^|PrG}HQHwuP zhfmV|$PD-+&+{c_ZV<{=m_k0*f zk$BNhP7L8L)0Ai2qdu+HxOogM#ktWdEP}|qkT$7im{e{JCDO%wd}ZxEr4-}n(3)m? zs7#VmpeU2XNLk*?ULldSbu9KaWDRZz_aVKzn zF{96WG!OnI@%>u>12~{e{m z>pbLCXh4jhz_yNnT# z{jBMGF31PC5`DF;00jmXh_przqllwj7>IxFaw-^NUv2$PL-tGwVA^L)f(+}4!Imvt zyd}9SX>kT%x_NzVO|oBG>-?j`iodA{v~jV=+Z3xl@mj_l>_un9x**(jMj9?=9qur(@OVE zX&cDNbmicl8=F%A%f0!)h3MSQBH4f^L$OuIa>$~JV{_EfwUDQ&#Qzch?cs>x48oIb z;;wP3RYn2lOz%#BSie;1$;cWJTu9X#q|GJ@d89V45iM*vvz5-*71J@#iw9G%hq2R) z2UbJVv5}8)g_88=HEWs#M0Ua@2X^gy{|PG(tE$Q;@ppcai7ER4W&Td(!aHH^SX`I; zXLc>YSCnoIfX5ecMqvuWUab``~!p4<0Yj@PGD|`aaaG7ED6GS8BjrC9WYk6uaw)gRw#&WU{=HL#jIB}y$nf<_3hD4^3 zFjJ1SV{$|_(*b9C_Nr|Iq(jic)G=(xZ6SFCe zP5nr*$&FQlbug|lP94qT6kJi}6Zu~9aOGw^s>y2c4jf4H>{>`j41@K8*ZDa&V5VMS}l@_~7-s+O)>AY|t)m7hNZ_N+T8D+Wd<4fx!FYq@D-C za=0Duv6#9^?V?j()9XpA-d0lf*yi7m@?3i%8;};$U#|rbCxQ9W)G7?-b9`zDZ;&=;k2?Sie zIy9*Oso8%$`C!1p-DS?qLJtTugO|)dR7{4{Do#HmnP;XX_;XL`Md=ygaj1Z|rQKo^ z77N_Rt7|>2x5`WY36Vim_t@oq8FD(^ZT6u8Q(Z!crh^Lvw9|qg_Km=OQB%J?thxj9 zLE@v|IzkrZjR!GVoOHmBf;yC>q*IyhTw=RlDHF1zQ?iKmH77A!l|bB_gyieYbQ=+Q z=ehf$d&mExAEz)w#D$KsN(eeKiLSo_x$DaBI!G%_G%)W?!JT~lH5iE*iP28=K$zJ5 zP#MMVRlKg-ZC*Spj;}&o#w_qcAmSB9V?YCq{_#=#fCOm+t^cE{&x=A5JJ{yKsMs}k zJ0B`%FUeeE^Pn?j=hrJBpxXX!bU+8h9!L|2~1#}wQ4H`#jE1h=F zC@CG{H?oGz*0)C2Rm+xOH=Zt%{E!WwJHVOq7fWuPS;P zWv;3Ux;#9j)>|m9DzDtPa-46QCDi>>&=He-V-iO@>TmI*o!KT!kVd{01?UB#i~P(_ z{p;&2{G2Z@pZ|+{5!`%uEYuESOU%%8*F6)~K`J&{6q4ANQxXFQGGlWqd%tT1XtMYE zm86s0nx#hKa3>7sZGsPZ*-9s%QyHNT4W;Yo>yczJ9rJ19G*)-NH2%WNSeAXn4H5h? z!*gv0Xc^BoJ?{=_*H&qP^v2u&CBkjFDc@?D7PW{OCt0kjYC;jX@LZVI&bwr%Gzb?m zvzee6Y~f9LKsMS~aa@ClmZuCS7CWO}EuW1yRvjKJnAz-Yvc0u#JVr;LnsLPI%ZRIh z<}7K_?qXJ7`71rnt*h?ZN3`C_E>^x=pWRUPBG7_NVZj}*H9NC!&t^Wfn~dLi?rcb8 zdF8DiK`sklk4M=y_IVIVX|T6_8^~rq;jJLJYvkV2WcQQLzGtsb<@xqu zxdcQ0{Tp_9^xWSC$72HKn_$|38qQ$vSA6Q{&KQf&wqlo#5!DzTX?W4JV1Z&3UYKPo z&!$n9Os+_l$Xo@DZfULpS6sG!koR7^MNMjqOpYJ;+iu8giy+MX1`rrucI7!2U{5<- zu7$1HLX@~C@iWn|w!z*$G38{0!oky^Gzu z%gfZ;S42Ju54f&ef=YZ9k5|1*sZl;8`fd;Lr7uB4PY*94pw`o)*0;OIv-!iw)yeM5 zhOCx{TSIk>-fqAGT)N%qSlz0wVZ2=myi$2YTc}m=f!B|EtJ38%9J(fbAV08UdQ`zy zqSUP}6mPx|{^<;7eY89Z&9R;b2jJw@4lJYmm7`(gUe5GnE5SvTcvM<~aPRtCsJKh~ zGQFhTPcHyRAxPx82{Hu&tt)k4E?iRzwV1YW*|o%$AKS8^Z#**!vgMBzt44ASo3Uq! zRTQN3tl-jP7vHwPcbEP@5K5Qk8{{oxeFJ1c@*@{qb4 z%F|YGtJ(1rR<)tp5hR<)_8MZexS>&4Zv%A{txJ?zF7N`TI{tEU;v|T}xls91W(i3h z-f4kz2bc2(A#+Xee|^3{PBVLapPBrR`PS_GZhSnBAS?YO`8 zrm^$@mR;WOP8(r+F@Ny3w#@l*;{re(KK5PSr9RIKhdp`RhF+6yB!R?Nd$JE-C#*pX z8^$waICR@}(q>b+$EEqsTVw6DfyCp(gN5RzPbrz@4HO)7akL=!D2}nXIYe%E-du8r{mBVmJ=~y4k?dnuQ0F(iGi%07Fe)V`?u{Jf8=b;!Q zOUT>kE<0TF1d`JOXeJlovDSFQ6X{jj^I-QSw1hqhD-2ZAJlKZb# zK5hDKhJpEPW{h|Wrxo8;*T=D_+Xme#j{DHd7YCg|Z^idM*?0#_aP1~_72OJ&Yh$xN z+1rA#J`vhR{(JI|UTkfD$fMY9MO3*JR;VUjI2)j8kLMg&XzPo+=WP z2<2sVBdu}|8svF2QD7A=;Key*ZO*B!aE$`c;-j%+%$h$&?~#9|k1Z1InDd{KM?M!0 z)tQZ#__jV|R#8p>C~B+ohsMKm=F#*}C?{}q!j-H4WId~?^y2IuMJ$6^&C=6pz%`CP zgS1viFVnBFbASA&GIdhS^>e6OUiU1sPzO}!<*>M~NstpyfJBrwQ=OIDoTHU20v9foh!<QL>Cm%HMUBKn zP*j(_S0NIqXEfe(*(_wT!OKQK>pi8EEDSh!5+u9$&BiE+4=$Git@r`e=l~=!1+mMD`WxL6HTU;vJT@gByj16>- zh%DvnC@$!jW-f*$cET9C*t5f$;49a3uTTxEwUAp~Es#5nZF||f{l1f%E7>Isy!SRo zqb*2<*F@XSc^Bw))f4;5LP)<+$;Z8@{@crP{OWIi`ZXXtoJ=>{R2Kss0J8h-utOoM3qM4;I## ze`kaX4s`%1Zfh5Mp{sG3EP4jtg|;#gsU`ES_4nsrDzd{{S1IfYX>UzN*70}KftD6m z7AZ}f^<_8aB9anK9qGl!FrNg8?FrEO!l?Zc;?w01Z*?>qmarom)^>;!WmRd{G}3)i zc5tB8lAfAaBluSlvF3?hFc#H2oe(V{zpilynY$WoG5em{`X)~~>FmaiphXh4yQ0It zjoH)qS^>T_`kgf#DVxFrIjw>|!eVSxIGybxk&dxLmWagKwt}Ww^Vag#7j z3p2!oiN?x&0qTb_cAxDS`#Zn~csCvW*|Kwk3BpW|6(M8k|d5j16aV)O#fh_+bd+H-VZ{MeYfI^GZ0w`3HMb^mu%O z&8Yr2T7kbadH(m!Rj9;`K*DQYyv>JiT)f(eH_UXQi}Q?XVqm zvx?NpI7IRoy+wUtn^G>FVlPOIp&OUe-IVbRxzyz?nw=?pdq?{HYd@;mK0LR^ z%QG?u>GTT)fZ}bOt)D+o@LxD$tHn&@_WE$??D`7?>wB)r#JdEO6O@@N>Q(NA05QD0 z(9c(P3Y$Y;{V;sFstDj1so9)`%3zr`X1{zYPMwLbyNFYu$clTI@c7oBI$w_x9Dtta z{R>#TZSG~5)9#-`%A8_E{ex*R_#@1pt2I3jdh$0YkrYy6A}E&8N{q%7){q5YPM7PI&4xH=@JoX) z#PV1}lWs)vp?18DN3=0dSxeZ}h)eUvLJ5Vxq@=JcvW{P4mG#Hh^NWF9iKMO-g{*4< zqBU(?00<-2q&E_7?#Ud!5uWq<+}1Cg151C=vAhYl=pezN(A?HT9eNWw=(at7w5AUz zw*p{FmM(3`M+*bUo9v@BRe0O1dPz9roBW$cjzqQG`9EWpoml+|L(VZ}oP%R8+J|JH z+t{SEX0sG`e>ewCJDu3PpOG}bxZMBIYoyOxy%G>;h%$a;g42DwwzQe%3zMMRKSZau z0$2p>#wQ}W;h4`LmKU&<2*zu3R6&A^Q)!KZ!nz!#W%n%=qg$-Fm~}DfTAP-gpa7$( zSq17ENRlAX%xl`JlyP_9c{{OKd)L?5lp}j;7k6Eu4IcX990Q@YAd4wx}>cg^ynR<#vwPWl9 z;UTxhdw|vPS7?#z*VEg(aM(MJa@d9XMHfA3q&S2n(Gtt93c$H1XEg0NjAiJrk zmovNNg*a}@1t zjVSlvZWS5kRm{}T$KS9f5P(zB55Noi9^op%bq)5Xd1qh2f!zf+Fxz^0Nt(H14g73j zz*+WKze09N@D>YZt$5j7;d7hGZo0h}jxx0EGUMTty ziKK^*SwHv?qALM(mqZ~TCo>>oJRQ%`)rzNyY*R?VWP)zN{Z252Op;?3X6Fvf}8*1HLa&wHj$vwJ-7K z9Zu7~qq(MnU*eG#wK`Dh4#d(Vh1#XgBK{nxEu!}1RY z8;aR8x?R!OeZi}NzL!5F=P6{q3F>aAgjT?Qt+9=x;Kj5ml( zUr0Y2Z`-L3o{8f$X0b3uS(iTS3NN4TBfBtfM8={}KLWLtiXOgqyC)+gHVd(&{T_xp zek9CxOiyC}%AHpSmKQYWuu>A>kN3uS1{1eonx%V?MmqF<7}p5YVz^grV*-Ge1Pzm$0+>- z%PYfPOdND8P3JP{QEWfdMiAc5t|%oNs;U8$@po>{5Mb_K!37MXnO2M-;$b& ziJ|U2{djy_u9B*{*niQYI{Pn`9i4hhQBmvacUV0q=Y^P{ZUerF9!Hj*+Ujy>lCsXT zxP66PBUO=CV3_NAArT`{rTlWAtW3|J&gpgQTlPn2c6RaxMNlz!HDd0p?TdwQs4Ww* z5=nTb@TrM;Rq68l%=+7{3gn=w5EvWqkh=O3?m2aa<9kimiqi=2-UG2r} z6ejHZkugsuvkYpqvXdJaq@*P!8QtFf99J9Z^}tl>;9|FO-g=9p(b8G=p> z7*~ZsKu&kK->g}XMdQV5?sz+mK7U86=aR96G#mOmZZpHxl}CjgZ;X6^mV6E2j{$rD zD0z3@{?#$pc9bJ(zg0lcuq2{ym~607+nFt`4)%!}wktc%8sjPMU<51)f|Rb;*V zNa{bfauR0dn+ZPB(My#SD_%@7cve5w7g3daCgau3lqTQ$j*bw`FeL~hjEVzJlM8Sj zz6K~qgf*i*FoeFCs750>P&?MNb%kt$sTD#3KAJ#M$Ulf=2o3cbr0*vn-Zq9dVush< zJZz_j7oeEgv*{;ROpQNEt)gaXzm}jQ7dBiyT%11lKKBo|`i2spdK@g-yT7*j?#}uu zT1J#3$3asyDf~9k@d(X05*w^!>i2U}mEB!H>1HTNE>8azIrYxV{X1qyX8R>UQM#;! zw>1;PB%>Oi#q{TCP6B5;JhvgFIYt)YgK3@BXDm*GUt<3sHcF1F&mg=wI|Ijl!)T;N zac--T))RZ}ZWy_AL`6&a(@@UT$Xm8II>tq1Evx4!WIsxL55!Ahh*)sN#={xq8g{3N zsd39&)fV;TdcbGj(95gwCYugklG*X)M`ux+#8ToKU=}0&gi%fLwOvh$jCfJ5`MOV& z<=LvI&(^+ZwO2=9TIA(yW?}UsE!7l)N+IG^jhS0eAWzL7l=+9yoycT8$U8RR%9c%D zLs&?_Hy|8&4780aQqFmXI;6e)ZJE`e4@X?9YD%{KFKFY^57P-KmfWei!>=yI9c#-k zm7&BgjQKJ=X55E59ir9Vmt)xenFR+)mYUArsO?<5tA2%O>PukSxKnNxNRD$^iVIms z2@RL8!M9^7T_6w73!o3giu>mgDWlH0YwrR^&fT?pf3_q+%CUvY{Uj1a^18zC0uzYa zJY^fetHg1&D?oncL7!k((ijMj_-ks72_(`;XeXtl_TKb}G>2ymZwBQkvRxZ{7zn<5 zK|73}G=ayzqf-)#L9u>uYLJRvOGY+Js@?vcHdkx(cPpRse=yEBPuGxwBFi46g28dk zz!YYQ5iQ2SQbc9<$Ekt)(8dz;w;=hQewNRj)=sYHl6P~k@w&fWo5N5Y_5UA8A>Us= zW=}C!hJm@3q-MO2e>K2{xDKXFa{sC!W$!)eKpkqp=xlS6jF85F1*3#{FK25w{XSY`)6@(a2>*uuSq6jG>pJU$to2vgs zJD>WfsGYD)G45uA_u}B$Bq`tHIpt{+`g8!L!65LFrj~a0e7jy+pE;z~)7aFWyJbS0 z3F=)1LpY;^#w##j&+=gUw!i-QzmH#^`@eMj4?bPnVNU3U3M@_E)v~fE&W{@dgJwp^ zikQYK=Q$pb0YIr{o2|4tdHNQrzV|}%Me135W(!(SR_9|0QBsnS2W5@bUO z?g*^ZEM@L&fmsZT$p!8F&bnNS6fz;2XuB#XQBd}Nf3+MO*!D#uHPUHe8{YMj$^^AO z=M^e$w)6#L&Jfam@AiQq7TnlX3NX2cpt_TtS65C4gz*HvP&VTGdy&om{12-k@$WfZ z2eT{6!nQ*duBpYAYzh7*T|B7zNj?R^1OF_cwS)4aQQgQfa|5hmUXCTE8Bi+y>nW?_l3Im53&= zme+84*$#@8+}q!>@fqi$)w`9L#HHz46TNc$_cZuYo&`gC4oj3fCf%~Wdl&yNj0ZzO zvWlu++17RLpI?dbaqnGIj?ru;+)hvcFJ zOi3eMiHIf!9~sNnL_w~qLCs8mij2mVa!__Ky;pOVUToN6D9dQIHn)?$cM9B?OA?C@ za#_j9x6W{yg&4ZZUimJqrTvU|RC+Y8w7Ni@^X&y2;!j)s$um~o4m8EBR5!-h_|HF7 zq7@9pf4bYC{D*m${+M&bmCx_7=l~;+d|`^VKm%M;-!NCOQ$id#GdITpZ{=5TW^cM?aJ{+yzG<5v{M%t_vpiYl zF)B{iEGvCq>0cD6-hu3?Pd|nfSxKa~2xkHJk#y{ylvo59GCFn#dZ=Ue(Lg=xA2e2D zmDL7OV3v=zQ?CA<(VjAh7_M-SXh;+S8n=y_@{C@0nLOOix_XLy2Rk_K4FmYjpVLh` zXSRLtN;XL7TZ)?9iw~^6hNnCLebo&g*6WQ>4tiQA0O@zO6s1}lJzv7)=#Z>n0k#yb z?7oq{0*qHc|Hv^^Oq{)*Of;qMKOf!6(WYMWCqu&piXth;C0G973*YJk-)91Prg(7| zMYSU9;Fo%u=~^GYpTDVB5!ZrnDgnexj>ee+&w1IPya%vvBDkj0XRj-6GhUHuK5(02 zAg?i$4{Yp$UZ1h83_@9muxFDO{sRH;TesUNXt#@h${O!8+~QK_hd(@Aa`z!HkHfJVzhX43 zn;*3-E7JkoT2DCX)zu74T|-5cng9+{*PT=bF#6U3=UvP}&$?<{7Ehzetl_R;9jR(9 zGU-!f$G~LXQbgSAy|0;H6k7+Q-+q^rM%h=UWR?N;l;~9}mj{*DMQC<5l{!ZF3n|S_ayH<3*igx~RJR z50TgSBu&b=4p=<6eCkA|YsMjA85U@6LCeD(B(i#1BKg^huSd`-b_(f5-p)~eIeBB# zQ?J{g{frw8;X$~^1>u7>^+U;1Gla1RG+d9v!yR&D!xN0Ct9Udm$L#Wui|(~(S=RU4 zP6>(l7x6no)^@VX82RQ2`R0G|X7hL9-p1nKYgRJ6c7{laKWX7I4rC1J#SC{{OsAXQ3vj9UtNC|H7s0T zI=i-Cb#3)Dc5Gd3ZS~|nGY4$GD2IbS^fVIksyRFO#?M?bBCR@ehAU3Os2xT-zRRNr zJcITxBu((P`}`sqZ?@s4Sz-NV4vxSl^qd}3<#+Xj+@mo6Czoy{i2*m~x^UBy&X=FO zH2O;YyK%x}XkId*^|$?h)VtCVM+JrKeyOQnyMBJ%&Iq66G$hh`pKqCMzwKRU1T6S z`?RKbz3J8n=9GBgLcdhuivdw2y-Cw{K{y}9(>1Lo`> zIJ!-YB=r>PnQ13dc{x-A?fCU%9PUB0j$U`jHJMOzuGF!N6_LL9(p0=*uS3f3e60y6 zXSA2V7y0t9oX=B|%ly^~<+XoMYj^gvh}3hknoKp-vF8He3N)v> z>ViH3u3zs*M`l0?!iAV;%~)WC%_d<8@aCqmL;2I!^8*g}{bVV`Z$-g|k>!*Raoe1R zNJd#u=cEQqKyH9zHWBhQq?5nX7lCo z{rqh42aj>Pd)N}r2$&vl!dZyv;NghH$BTUJIp{7a3Xt{YKnF_~E-VKQ-Jjwd+M3Pb zGSixUM#LDjIl(Z3(nwo-<50y`q%V^mFJiNXFpBd+f98-NuBtO;M`-ZGb@w*1O zIRsPN4hb@o#8Tt**|-YpE_Xo2G^rJXcf`w<2TYy0+^s8cd1buPq zi|rbV%T4?A5rxPH-Gj%LgE}e|YHA1=3%)+pu!&dNtX;OD1!}vK z3^E)~aMh@vK(PLGFy1~#+0}?FU-W|YaohbEWMJLST1GhV^xBu}`wz`hKznjoNP&N- z`Qn(Qxk&xzMPAEe)V+tvoNWwY={(#wlyv@7A<6IgD1YrFuzn?|Zil1D$fv%a4+R}# zRLOi)0lES8Iw!4GP)oSMTn7eN6a2-1`z(O|aAUn$)6-vDwd1S*^~o>{)Q!K8*acnz zwzke*dl z_rcL*|6sPePx`Ho?aY|m zhPnELWmgM3myFnr`c;}9&l|>U0giePPH28kVbJ9MwIjGuUx>k;@j5cOG+txUKK{Yq_90XCIRK-ELzVlx7-WcbV%N>42Im` zr^=oPwG(}D`HJMtw42lKvA*i$^>4wXfHM_FX>**&*(CQ>$inXX2;|| zbrWXxL@{<0)@{hmU!xZz96xOLGHu)`7QVFEbko`b}@3?(= z8=I4U+C_Z?D~2f4EwTzl8CUE(v_PtSAKr{MmztG7ttm~)E$Ol7?J3CV5eob3K&B+@ zP#7$wA&z#s>bsri>|_7=eyGooQyu3v_=t+qvNLBZ84K=B-b~iSyS0wv(_|Ct^*!XH zlY&ZOz^nBNdwJhKzaA|#spP7a2+k$@mkqypi-3x3*|wlKG$bXJb@qvaQz`*L#4uPP7*XZ7G5!!9J6iU7k@vmS($7d`OdfgI8j@<5B;P7~Uc2}v7hg*c+v z%}_;g8$(UoIzehA-aECHUGh7%2N>=^*6y-0A}5c}fe?saWQLjWpg-=V{JUmnjqP3== zF>-v_mVeornVm>~jZnP3jwSdY5n1&t|Kbg4@0whpk@rZy8%YE`FT0-8>}Exx;2}!JGgC>Fd)9_VWwzn2J1^i8UhM5n_cB`_1Rh z%k+zYYTG2r_q_(_```7ob)NWZEN-ONxt74+>j zp>E)LX^2=amxbLr!$VKa^bL3yf$-41IOJw5y+A@m<7ntY5 zORT`!g*bJS_Oey+6s&!vxrap@^oq-r>WbI3HS1A56#>gz8LNkCniXW-{@gv+k+;(kCz`p|tlc{KUa>FjM) zV%Yu#2u;HwF5>hncOG8TebEnuAh0|f*X{&F@H_nHq;`ZV2)?GWQMDYU&0nXk)RH=& zinWzQu6iN{dZtkOT|}LxyYY~+yHLU$y{R5{rvg|U^K&|C`7oB^$oIrle(iGgAf9X> z1{LOXMfrlrS`eib7s^D0G53DcyInQ?H(CSZm@qn9p$L#Wt@>6VJWuZa(a|#u(TIrE za?^5iXKPD$a87I_=DqWYTk}?-lq&9t?NK_)WaD__F$h=^vtF{fnW&3l%>~hmB7CDQ ztg?zZxt!#jq%hQuqAY=NhuNEp_q8)C%=wCnhhG+~{H$9}>h%A}1IwiBwlkc?cD=Nc z5h0+#y=X!uACn(m&0%=G(7G#RxF`$F2r@(DuW-VKvfF`5;X%tvUi(96QK6e=TxM!C zI%q@1>jC`1)!PQ77P6I_Cw=SJM*IXRJ0xP2gZ*@7o3{k$Ci;9D50;$bQ6eR#ol8Tu zv`DfERZGEl)ZUGA2b;QZS+^Fj*nnEu z`^|r*_Put66K8q#J&J zX4PM2Z4DX*nS?3`)$)9@UStcq-DweS|A(JZ8$`Vkg^~_1geTV8E zwHZ5he1R5J?sn0akBz2lxQ9_CO&NAf+SjGAgDUlH%j25D^i6%MT^GI|`Q3$p21p+D z0nTr<6tb<{I>iwK)?+}m=hKgd=kszDUyzEQ&1|_C`d(+h-JR-fqUts1oIZ*Mm3k+~ zx8s{S)A}!swlqM7ZZOiM6fQ~INX)e7t5kY{QP(!kLY;~e@KmfH1F-@P=dSx(THhk< z2vgR@kg&P>cPaJ!*YUhYM(cIrjIHwS1n z^|N)V%PXQwB8ClH=&;s!ulagL49&c=P<)Zfza!TC;Gp=bSU7X3c-ndH=+NI6;2$!x z`3xZpj|*_@D;~K(*`?*m_fKgXn&i~pUp}FDX$Tzgdd@dN_kNoRm z7x0%FCePIAyDaMUDgT)^0=!wdBmSH`0CsqOe2;@S-_syjPP#wql+mZw6k) zVd^@$$2p-|-b_p#a9(eGXYCJ?YS3_xY5>!d>o(c_lJ>?J1kII%^+S68xt))h=xp7-G%wQ@HNiDPayp{4_{&r@p$c>6oG1xP!%Xg7*qRi!j!(7CXa2`jNTHEh2^xIc1 z(TKikBirlS8c&AqQK#>z??O>5b=Kj5Iv8u3Ah8Q|ug<|hk9{-}lYoC@a}ey(i`UDO zBC0{YJ5yEdkjKI>1q|namJ$w(#`XUJdO(H0 zK&VkWk8VdKL;aGbiIjJ89AD!h5z)#MbTy*FNIU|G5lK@tOj%!fFK9O0l;;~4^oBt2 zq4&KMg`S{{3_+JbYdI$adPfo!_VU;D2%Tl=1hEX>lqjK`aFo)FL@UwJ<%i3HakBCR z9kTJ5W$2%WmnflJtVBavY{7pO`YTcYKYR=RYrYr_x8#4!pW-Ila)A0czAkg9)h1Rp zB5|9qY(#y0y|NJ%<9ub~|66&2{)stdr9dY~$6_VQIs1jg#Y#jIg16Ljoc*$L_QUD% z#pNHprAvJ(=l}4#gVQ(1Z_nODE+W%{NfB%d9=aYP%pntsPY={m5 zIzZ4YPyRO>l9UZs4$@Q?;{!ec<@ms`Vl|tD#pRe}1xci40}ntw#+4^e&`&$jezf;9 zYN3DN40Sr2sN3$gS2oc5Jb@a1-smQ+OAfOib-K|WYN4OBoPbVQLB!8%Ab-8s+Pb~H zjeZ$$HjH96hNO?QBw0+h5-Rc(PqzN?`r_=(mIwZ84e4uu^u+r`{{Y{&yzdnf>uw^u zW+Lr-xWb>?23s5rN_e-EwcP$$@m0Zs++u-mcN z?O5zy1D_qz5JOSmf(*)3kixybEnhz(G1~4_CO7MKcm@elT!uNCXpmy4{E4OVT+QG_ z{glPm^5;H5oQ&BGNzj0^v0oIe9?h;nv-{klxv_CFme}E}c(Jj8E;K;9%41S+8jBtn zo$R+jF@;>!*Xm#J^Eqc@QjAC`kQA(kI^1&I%+y;4D2*xaN!Q-Ut8?Z2D3Xjh84!*} zgcC=@Lt2c=J`gaF@>a@*Eu7(WQqWkma*N4UKV|)`F%|{kTOr?WDZ>Mp>DL!LSG#UC zJ9agfJDS@LMB9MqJX;Dx*V0$*X<#|Y-l=`F^lt{;b9i^E#HwO8OAhe~y-H%d#vvG~ zC%Kllif#}$vvy@>C}*OOXY=1FD)7*sTTd=<)NUoDPjS}jv|GHp+p|Zp=g-l1EDaeO zrsPt&mm-oSIip$8Q>UV*-A?)`oKqpmrUwJYAj~AVzzt7%8=^S3v0xD{5E)}?=e(;} zoSgGc^XZa0owsYQ1F^zq`g_w&y648(v1@C`Igz5&4MBu+#?hDvfrpYi6eZ83uqZ`S zDIShZ*wapQ~-leEF3c3jce;2%V@#4qBr0?pbEKbLEk1T8|a*q8mnyH9ZV3mFM$9>j5Qg=DBv833Q-cJFcqo# z1r152vjG&cb*4xuj7d4cos5p5sm}A|Xli8xy()(TdWTv%)*w>MHln~EqPua5m_F+0 z0G>dvNn&ucoEa`uhfv!hw7(QW9mkGwn$wI-vEprc&vY!;*-?@x4CT1OITph2w~lTo zw(b!f5e-y{lN+4HB$0aFfw3c3kE?!9*@`}Q+=1Ld&o=nu;Yeti|kP^uxED&AyqC2%ScMfYy(w&{A1yRDl zm~n!N5zbHtohwx26 zT>A_GYocC(J4n%vR*lWb9X0YL$(ItWpGWOK{7^o(C$b%Nx@H#L-KuI=FnPgCt{1Y? z!-Mk=hu@w3aEfRq3W5_UGjhfX1h;j_#ejrw7)=n)CIHVo>Gwo0#y8RH4fa6yEmoG~3z6~BXg>S;%vcJuTlE%XU40zpdd zV7KQ0Jh$&xO-+5yu1Ti(K}&H2p^@y}Vp_ar{76eUFF-Qwd8-CpJjxu2f~F~wk1Mh~ zdgaD`X2+hs*g3(;n7C*6Yo3*7P+n;o$64#N*YLWYWaE3g_PwfgVoVD=~(zX-St5%5YscT7H@uJ}JwL&5xiY8dv)~5>AaWbT$ z;1gw%je}u~l}=fc)K>)__F&ox1Cu&@Td#oWn_gX;9s&49FPbTisczK;t$N#`Rd2u3 zt9w(Fea(&i*PlxNx7U@S z?%ny>#nr*-)yBrk209riZwwW>0g;m+5#wmWN`zBrN(DC*&Yaq7mC&`G8^;(GUMjx5 zz9~gSL9Ft+v5_!PZ1G?q<(Ua9H#YuSK_s&_JGt|K11CtSBvRru$=v5^*vtR>wjPIq zmwB;yzPlBJ;C^9o_a?v^O2v^A3{0fD|w5s$nflmn_v zeGifmsz$^xd_iJmam&yt=rxy@Z&5+`SPCwB{Wuw<5(W7hj*Akf=*NS1ZzZQGnf^Ezm$1fHnmMt6>V-G8L_C zpm!{x1F10fRF$P30)AJmZ>)ZELq4-ZZZE%Qp{VUG&%T8^)0^eo+)_$U61|aGV$@xo zm;fw=CCW;zr5wcizmPZ}m_0kHqrXeN8QL0nc%be%zxIQDf7iUf41d`J{_<)0$zHT= z<@|ROc}rS~_yuzn^+Pk%%Q=CzcZbTT-E-2Oo3!N>?u5K!Hv|bb4(?%X2``woaup*o zk>X&PCQ>lOaSSStYBD(@NR)lJGu=qr(<5Dy@E|K|Hi}a!PhspGPy-c@wNV~np}7*g zQjFyN=~IK{9(&7dX1C`0R_6f-^$?E0VC_HUH>n&ux_nzvPV$x@K)6k>sP6V>p7x@R|pBh=` z<@0DS>O2d?*V*!q+VigQg3CScE@6hm!#{)o6F2@*IY!IZwa|9SPn@j zW>1uyA_`9M7>!v{rUdm#j3w33LT+ouZo!MkiT>Sf-R}B=AV*_*LOwDw+=H1h?tK-Y4xGRtf$fTLEMbd1*_!#b6 z2V%#9Si+~W8|{B`QrM059oE|hYwrRma6x07rW0$NGFQK0fFOev4A~sC$T@t))YG5` z_lX2Vzz&fBTqB|T zTLAJN<2X)9(svL$2I6j&7L`fs{OFY?!8vC9u5sJ~IV?jByPuvKW}diQsvcnG(jKlw zuCy9{+A|BYqs8=hcv6w5NrJA}IL3w41Fn?lfc^%uL|#C#1P9}}1yS|vcxY*rN*PId z=p1uACI#Wb!FgukR86%NLmVeVtVAg%X=|IGgSKy=g{~~A+318|IkmH#WS*MiUf(mX zw?oTdPur;oKgkBHXDmvJ1-aLi4x4j-S?5yRjtN%l8rO3Lf(|LEa|a>D6J^ZjWrq4> zp!`t;t=ctejj&%)Z#C>j;zr)KBkzP$Zwd&*x8id9pW9I>$cbE?EGCDXBqS>+PDRh- z)mCM~DN5Op#t?Nd&gT;Fen7z8dUsRT_@E{79VgWus(VH|aiR97@jA@X)4IlWTmk3V z)dOo@oL>gban!edu$+V2ws4oQ|L#N`17X`@Mr*V&b5MY_LiE|qwh7!34n*4n;YrCt zigr245|YIeWg!$gxX*Ay^<|_De7+s9SF@wjM#g8+ezXmn=zEZijdOX5=ysYYqN{Bj za;>W-4o>8n$cZ{#!)1~?$JkD1TZQ@w4{CcF>N|+#owC@VGLuKM2foW5QZ_3Fu4*F@ zRrJu1I8Q=<9Twq9v=2sAZPsD?+#uVYmd2ceT#oz;qZ#~LROPa+V$c;R$C)UV=Udsp z+&BhpIoL?IQAFwLYA1QoSaVBQ-z?dTBX zq)THXGXXz}b#N^g2@u+Ptr59H+rZJRuU388+4FW#-$&fHSnBIQ&hHjal(O&fj-DyV z+>@Ijmr5|H1VA=~a$%(trHNs5dGhA!_~M;J=@)#1-N3sw1Dmk*q*U5C3C(EQ!P7Gw z7kGzRa$im8s#|Ufx+vuBH5(@5e%MC^?6v{h4Pz^mdX%!EPJIwBkSG$u;Z&t;2*HYy zW+3E<+z^kCbS9|94k+Xr=TV z(L!@uD>iblTC9x%T$#Bj60uPW>5M{g4!JW!Jwe)@iGsu+!0zrrnt}}h! z9W$-jE^vP9lIMaZB*t7+0yF(E+Kk+)P*b(kD8&<27K&q#TiDMGkNtz*ZWvTw?Km0J zOa;MKWpO=zllzdHuydbFD=XZA1lp_Gog)~_9`=q$zB|FS>{(Zi?+UoM4p}x({zju7 zY8L2OWdf|xn$Kt)z(fC`-nv7^(tUUO?vUeNUcN;po1Yp_iPkpPd^K_%0q=~^Nmg){ zl(Af+rosR{G@vBaiI;uGQi3zkLnDWoBb)8Y9c+bkunx%e_Cy2C2B|=UQtH)e!RUW* z-x)(X9(gQb>)wvK20}a9wmiEMcW7w#&EYwUouC~3B3OoSS&ZZtabVGCN87t|pg~ZS zy~_(u$0$+Sw$q4xk#_*!yEmvn+g&6tp0&LlIQlr23fj7dgJstZ@qrSD)7O_)#-T)@ z-Uz>f?A0U6bzaj5AK?PazdhKN=soMxNfvXdDjUw7b9OiR&@TrA#TNcUJOGwZJ5`M- zfuK?yZUBYeRQxh4`|b-XKbkCCRIksV8_X&AdTy~m35iq8RYKwAwmF0X^-C2w4UE+~ z@zE)})wHKfF!JZfn?t8&4oYZ{GNgRNh5sX?XL!|*JW!T^J=I0-)%#5E7O281bwwLa zI?oiHbfY`8W=X{(fbMe()VHK4EAbJFg*NwiZ#=7eBU7@N)-9C%$rN4i-rYCv29mqH zN^IuhEvDN4>j?rjT@NSPzJyK8PCL$D%^e3AiC4ge_*7U@3Xa zhM*huyu^W?m-Y&ff$UzBe#H&!hq>mQfgh;{hvYS9{r1|Ah9lHG8N|KhHux5K6e7`sI4G$tbI;`=xjG``sL+!m1{#n@&<75?2>v4za(%i zG#tGGec+byM3Ak1`g{TBS{*!GXnyM}`#Nye7fC&FNiz(95xezJOh(Er+GOP7)r3QBw;nZr zi43QLAZF`2F)C_YH3m4?Hf=f#AAzM-3{k~sD?yHUX}w1DR|2)KJy_t|2Do?FOrE1X z8j+NT^(Ah2fHA&SYD*}drjp5Ul9PfK^oBSDyB5K& zca#S-14DBnS)a}sKz&FWQ2K$?w4}zOG85#${>jT(;;li)rvE>$+`iW9tOyh^mJ?M_ zz2DVOW1Ksv?HZ_axWHc2*>`MUTl@Ybh`nk^)Eyq@DG8m3sxGQY?6Oey>x%-^q#7t; z81=wbdZtw6p1i%JaCiPs59XfD#Rr<~Jl9L+l0kCL`jP}Og?kAMK`Ab?cx39Tz*VdR zXc7n7Cip5X2tdCgML~F78e5=H`Gux>4x&xvRWdz5e24k9YNLY2I5#37;MM!}ckg9e zbwKR_ynK+cVnjIPHo+NV!y(Kv^R*yVxX(edg#navGFY?4AauffZ-q-`Cl`a%4zim8 z(0tn5bF|s@a^#*h;-X9dreZca_j89FB$o%b-w3JURhNF;uFNBtM#_fFz2x#sL(D^d zs*RR*0r9ldEp_T?o+pZOFhD82Cf19XuvkR+Rz!G=|HCpcoRe#@1?7y3Ey-PnB~8ed z&ayJKjaz!q7H27mM#VT?chhLsOk@5Y?z%nfXgSGcwpx#sT z-GkAofuZ-n+{-M;h|a<1?FLl*1Zb_fi4=>GW5d2-E40*D=+7;1$5SpzfykZY z;I!~9B9Z&&xxV6FuCDf+U%+@)z&GH=cxK1wF0mihxg$aBTM!+eGL7rZ)Ui?P5h(r+ zMkRyT-wxk4RQ1hB0kos-O|au>vnk2+$ z{ojcb9G9X{?y(WEpryLSOC9SQmk%m1Y@GbOR{dsOBI*t5@?E4huK|NHXb7mc z7wtxOy-1Z1G~ZIW4jE)m#@Dx)Cs0Nd7qp*}jSXGtLW&G&V&7TowWH_JZVzxcWje3G z)o0$=aENVesBl@G8L5_j1)&Y7>1^^PeZD)w!ek=-6?%h?b1a?Wgp6OMq*?#f&>T(UJ{VP38yK- zwmnl_#f`R9f^6Ejrv!L@&#L3x6Th_Em1aW^oGVe#Y2>7}H;h)=b(#A*gJ11ylFKjh zj_xk2A9VQI9Pz13d=?AbHnIf3u-vICmdysywjlPr>{Pc4XI4TM*E9!1Y-_-HE9qA= zjNycQ)oKY+ph{w`Vmx1YL+#ZJHD}qv76d&Hm`iWnUT(V^GwyxpHZ`@|tc6+VO-^DT zpi4(xMjPuIrxU=inWfK{0@3k6bW8$PH`GsojaX%p@DE_qR@XbdA13~1oD zHbF0vnQJSFwPpfoLcyRlUB1Q$4!Twoyv1>r_;1mHDhFiZcvwc(l{8?iFjELo;T~U8 zLIGSu&T^yhSl=}DS5%BjF_Ozu;Uq#Oxk%Qoy!{CyLZPH$DExJ_WbA}yW6)GJc~qE* zx_Y4OcPB!JEW05(-^zF-=6D{QpJ>ma6YvxzauQ1s+bfxABFwxIc56mhgoSK-Fl@3}sQA}iPXF}!;P-q_ zUEoyk0_DQOQ!w0i!*BurHmPN&Ggv>6r*UgiVe+x$t0R);Y88)EM!c66CPngujWNyY z3^stG%~IQLveAJNSni}VcIs2A*o`0hAqi1caYd{wOeqezBSZxkgtis`*xIF9YI8dt z2$!F=z29mCh)j7y{_qqRarE<-P-~{vxQy$lY(6Pw|p+m3& zqBpgxJ`9^`;Blx!bH~fm=NYGh+>o1&3QzEI<&1N-&QToO@L9N0d=&P>)SrNcrX4UB zT8KCYA>y!BnCV8HJqxrub8V(2JRge5E=%Wt>6h^}DUPLHEP5)+sUasx!L>POo;Y|x z@)XBJ;>6RQVbI1yemf*Z4<#ircW_2-b(Ohs1^Bi_y4~#FRdA6!`zql+|%h(%Sx~R1`c*E`0p{hte4EFZk*{yxYba~*UP$>a+swjuK3LQlSofB_e8m5hj> z?S=|1#cApT?z%;3Hi3JqQ8i%r*&2H@q{o=$6NGK9zmlvAh7K;SPF^1zUY%Y1_~E;= zcgIjd(K&(L^&=-s&=c6 zs??4XT#SUv3mOre7Ne>urlYSKm;KR%)3kZwQswM8lea=bnYfJQPdyW6Gc5#NU5#}x zRSr@xhn<=^fEU>8H-vZlp)X5z;wtR*?h#t6Wtkj0vh0 zd*gI##_`SC%Aj3UkWAc-OPo-OhF6Zt5v62CO2w3%2v~3!ajpXyedsQYz@4HWjOngU zods1!`}UOqh87;c=QZ#^cq*n^?-(z%pjoWzDcurIY+Z2Rv;Iy$tAXt^oA|pgY?k=~QRxE*!%ByhDIuk6^_}H@&y^qS1+Xu_PHW zRk~GFB)^VJ!(7Jk^vrX9csXm+Hrp8xc034SdPD8K6ypM?G{aKGbZLP;x!UmSB^1AB zo(Z<&g7z!dhPG$>av-MZG!nXw7eJ`ou-gZ>LN}`Sb`HuXOh;D1j=~wOgz3N-HnCwD zGte{76wr2SH5IQn6ND*UWFn8*0QD}9FaCLa@!?>RaY}UQx+69LMCGaLSTP60UPURTQCW!}+u{}M8woj!gsC zwdJ1r0P5}s`IG~1lM3{4epW-1i*M93uLa|Fu<@bEMX8pGC4<6@XyRb(*1(v%*?Xqj zoP=OgZJvb^V?!52mBIL)r>-VAcxL2@@sdNFW6X_Y^KO>7c~yDKsnjbUxf$`Pru-g= zesy84qBea@BI{ZjKC_#x67_Z7S+7D<;Q!YpKnms^CJSia0$O0&9S6ZCE@+3#f)MP1 z-q)HOC*KeyNJRc-3ZYoPXrOadcOO^ACK3jV!g=I`WS|%AjdgWO$5<4o~{4 zI=+*-m=|A7*EW5Bco#*y1g-5x&pi+}l)3xdrxT*Y_#0>GwQkkQNpi5B*MK_H`Or{} zBu>jDtc-$arYZ!xBsrBM=b%2Tf$Ey#xhl7Aicp5B;~?0ig=Nn4ZuHDSa48GV{JW&u zx6BsA(`t{tMQ51cl^h+I`1f75f>!Vr#Me9hHl;w{GtaD%E@uhCSwUN-=(ej2P_Wu9 za!_r;fX7m7WKj^38pgiLwc%w3(L1I~pVq@kR`7}Pm4mHKxY2BC!T!`>F6)!0&g72P zj$VCufAMzRqi!2j>u5(CxOMiQiA{Od-f5#X6~;ADm53m+ny5azws~fnqC(Xl)OCvy z%h0p-vkvejayP=IC`jVr;9~HfRd#c_6qy(D4U)T#`T>iHT(#1#wW0{AXDSAn5%<(N zgb}v`*6(~6b-nql!`rL;;b1=dIcTBgQ52YDgY;el{fbK>i?u;mj`5b^q^~nz9PIrX z*v>^hRsPHzxivUD#_zN4hgc^jphvaHKsQ}C+TPD$r1gTQ%Y(4{bI^>;KV5c(b52^; z>Y-Oz3(`;l$t9SXcQNnNf~#s`E`g7QMaKLPDo7FDK*!mD@t8o-5tP!gO%pLa>SDRi zTDn!vF~}+f&!!o?C)l9qAt|hlFi(0m>Dy+u`6CAmWUd zx>4K6U+$esr#E;9ME=Wd8`KoG99p}@0?BQRSz-d8dtzJXcH&#r(s{|~jPCsX-;x#1Zf?T^4MVu4 zX%b_e__em$raUk(gJ3^;BU2_G1X`%Ciz+oHRnc9_U?uz-@@-QjID}iRm=Dw1an!Nv zwG`T)_m*9Z9WMo9FPKA2w+bSP)>Q4uwkcHMx|i9P>RKEQ!g>&5(=X*#Ff^vwfz6j; z1JrTDxI~1-cY52g+8r-0zuO>q>B6#Dpp0eEA8wIByvY6S+Ch#rU0=L9I5cuct#oUU#S4-rN04 zyR+Td-~9_}KQ0>epHd3#e`!B>tm@?cBp)>Iqwn>%`c9wmr18FVqxL5H2hK_N))hx-@NMI#S_c<#2?atK?@YtSzgG7voci#Vnt2 zIvf><-DZSKc|}>6pg8 zIKxAt^1}y6l<`O-wkaiZn0|kvu*U$~UzuAfsfls4M(MiR9xj(m35)?I$<_g*?r{CraUAlk}6L|s)o0cyi{T+l3K-PB^^b9Q4egI^IwU*@Yu&0 zG)|gE9cL5u9VbEynBddY1%qR34oJaqCR{+DBxU(cYSmSY)baqh&2WMmMrE2Y8|M^M z8P(NEP16Md1{3zVR}7hX!W8~hXLn2zilJtQH|-x7zn)?W5N0Vc20kPy%^d-nnQ7Pq zaAtc>jW^L4iW^wrTb+N8FKtS0DhW{at?Ew@wtT^Gw~Q6gtVOdoZ30YGwKRl_0z*M8 z9Y!m$)gabfmS~VnscY;V+1#^=qJKuOX>5 zFo^d-mS!0o#YB!Fsh_j4;#G1eWUP^@^oU~yB!Pf)oFYzcC~W1XZ-&`KB*lHk&0mb0 zZT3%-1}1MgB1l$js+i#05li7vAjavCLUGWkJ)h>shEENG$0f|{c(~`P)f6FShzmTfKH^Iylyrfs+J9K441^FcSqVqokB{k z4q*eg>xYt+>pQ-7$E#<+9$9ZZyMRWm(RZoELjnu-1ZY?X8=EDCS>Zyx#dss~o8F-) zRLM!4riN{cvOlJUW*$cF0O|tFRfUesq1T_(i4|s-xo$nsd|UW}3RpJe@RHv9WQ5ZJ zVuNPkWwF~Ht=c)QYFO&Nw``dW5L5=@ETi$J+=V_)fsSsud@lpxqs)xmP@V#R(TQ6q zxlV;}hXvMOY|gxjEbsEiV3~tbsRl!`)Z`d5|}g;c#+;j?fRhbKi1xFhuwYWwBQ zr=%4tYx#@5>9LW33cS^Z%3xH)r4S~|UL~9vG4coCcKdaH|^bxMe*LK?G1kM$C`~{T! zaaNLJ{w zRF`YPnw1&vnE70p;CO_*1wxXA^e0M+1G(TwRw67VyqpvzP7V3pGM*;4RLU9|%UZDW zg5JQNt$2j_P%2Jrg41Hs8gN235#^lRuo&WjtGBsv-$MsrrEL*cz+j5gId*P)t?9mD zo9>&OaCOxR_(lsBzTW1G`IZ-husk(l&2{-i-PHf3RE4c{fPqNudd~r8HtGym{T~N15UG{(P#)Y zcb|Xo*Tg!)DHJ%<3gEbJnp&&7p7QDoWmqbAko#|S zAyLpm(zM-_f(~`K%n-|;fyrsbea&51R<`C$h!!juR1;yPl%Le!G(#Ar_*Rs(kW)>` z(AI-C$UB*!!WCyRIJgrO;zFz14o>VgXJV#h_G1i^Y60HuY*L{_BQhCfRG$>1Xt*<` zuRJ4FsoTLsb{bm2!U$~O{?^22SC^`E<3zE7od{hJ-!c@z&|^GtoUO`*AfQWxivBz) z54J>#jgV2lY1%%*|Czm!L$w*{URbr9Y}2Viupo}K#)K4=dTWk%y;!k&)w-H#DGD@{ z_)7GYzQIXMa|-=4ebLuyhw?KuQEan8{2luSu2C~)-y2gIZk#AB^(d1i6=SaasAHN* zI#JrA@P-dcoJ*LxAe^hC7>*o!BXd$Umhr2p3pOIJQ(A|L3@EPBnUS(`#JUxD1ISHF;^#x4=(gA%6L#8vyl5%W| z75Nln7>m;X%yw3J8Z59^?4 zNFX)!Ss*+_O09vETO+|c(_W3sNJp8t*|R|nHku}KS?>+p zFMXzzGI?x=px()A1W*%YPPiZmQH~&a47@GT11agkHs!D?(U22G_!E6XKqDh}B=%T5 zFkZVLt_$>(?xB4Fdl9-a0*KH--$stMg#$t4_REFnpkhE8+WBafg~vpA5{=lj9Rc*8 zu0M>fE1-$iV7%$9PFhX1$s!QCOR!*>jX_mG&6um$JLohjVov*dE3DE%hjiLLYfh8d zH+>t_TmfpO_9Jve1*lGh%cp+8T&~N+9s-MMf1(sv(7dIJ<=6o1Vxj_^jTLOuZJ0j$ z!lAkb#W-<1s;a2|)3gxb=B^_snuS&mF44*5DtdKrd2(qM_lJ|K@6O&|p&t$|E)Gtw zPL40p*@f?xKYNW1PJcw-pPU|TB0`l1_%4TdHaiojVMr3sOzKV$*h#VBQxkNnmI@Ri zKFwm;09~D2y*=JUr)Q_FlhfB1C#P?Y-yNS`ZK8L_7l+>+oL(KgI(d6?^&^nb>yxX~ z<4YAjaG+tFA6#6W9KL^haDmR>U!0#^9;@3{c?(mLLMPjtWdceTLYOg8T46{oIL|rD zIhEo$On9JUGlBjb$Mx)`%GxMIIR;(Duxl!SvkMket0pU^uKlcFjrAR^)5@%(y=M`6 zYnN2M^p@g2O~HA7B5z&lVKqz3V@mZ6&Gcq^eATxYtj+X^8?5BCQ>F-Z$XIeqQ{Q%YjYPrn91qDR z$OL7fGy6-fZX=uy%FGEja0%8#fV)7p9s-uFRmC`%QrE$T*{gJ&)FVn;P5^>!;cZ1#-)lWIIyw zRjwA*1KH?TR0QrG5~1(dt<;2+DrpxC*3$#*<_8fiS?YO1tjw+5B4EVTUrR>n*eKu& zl8*DDIF9ZtMIISwo3PH51O6-zygKi&HUqmh2^o+qQE!Y`n$(!iF&_gbGQzc8MR%M_ z&YibRTaK|11bTaFBkJa~-MBx|!iJmBM6Q5aQ!C8hderENjTRS0z{jUY@?NbAgM;4> z&d-lek52yeLT;g}*sH=9{Lnr58=!J)eMtzRs|8=!)L|5%HNlA0jHZOET24xv+jN>d z^coh3WO2%bV)}iK<7-j~wEFAst4>Ktacpk8i6JJHMX9ttPm_+&nyTxpjW*sHHNgM6 zjzC)nHC2pQnI zbR&dnPYP-mh?%*$jE!rxPh7|fct{N<&~$t?=M)Urk_WHKyCU>_>fje>Qilb#{&>A| z#_wv)GtS6?c|4*whEqCc;;)m*Wb!-u)wETucv*jk$2E~8p3W4K&!!&`iq_-0^-tkF`G6>&VRpY_37h69tGA!J+_a-SD+s^gzq5L}PY zLK1qD?4e`MR(vaEuwDi|DuM@^B=84{-$w9;WxFIKK*12XZIo$BvY{cnA*yP*FK}vW ziIdmG^t_@kf%>2SrxO2fThcw|7&GJlJG*FSwM7Ok8VCx^RFV5aV*{4n z>$vP1f!PA=%l3Bm2G4?i2Cz7lbpz3(AaPN0vT{`^NBiA@nY6VntA(UOg$tKCVuO_y zIzUo=PAkd&Ep&CuD(QYIkRryJ>Rm4&1QDyPSy_3@aDr4)x2k=I5|-JryFMgPK_a!e zDZw||;udVoKr1FAoFyqizp%bCBo`R$I$2`U@*yUbm$`OY(X7u(`JBo**Q02hgKP<1 zWzrN4sBPDnGnV$E6}#gr=)JNv_)YmZvu5Ho6Kev>r!XrEGm?{D--Isu(;c{UEsaA~ zX2r`k^e6Z7HKP@&Vu%>)h}{5g!O*x&3!3XM#M-x=^-Z9$W4Sgtr-H0~z3yz;AZQcG zO(c~;imT~jw{|Sm6M&mZaSS6ta^jo9*HzsSkEzIY)NJjEB+?{Ne;yJ!ykc#xrN+w2 zD^>D=ItYq;x^``16U5p~3xrtL68y;rI|{)%b_Nh)cqpQ5-6~)Td`d}HtgQ5Uy*?JB zl`y|I)}S>c`F#|E^Ij++%ThvGaRh?Sv5M`qeQeZu%MuL4B1OajC(slYrVpwCoXfTS z=nfs^xejSwSF3rb>TqFHX7t}BLGM(-fbYpe6~oOSKS5)tIXWm-5n)T8mam zjo;eMS+X7|vo3W<>IDnxYRR}TQ{FPPU(hj$EM<60e@!MUnkK4G4%9T_vG)2MxMA+qmRoKvs6&nMv7KJ)AjU~;@b;F z%-)L%37a{zS_WeH0#eQGe7<8T^ksl7YPG;Ql;fCGfv97!1;WBsrB#ca<0S-5S1Qc= zv|0+)@C(w@bc}UfiPjeCsUKCLu1NKFWCNX$705zMOEU_~uYWvv_x9@m)vsUElz<0^ z7DCmAj8;y(?%7h6<1`5gJHRxY%w~<$V)o8k!xt+^uf>meoW4N6fwKMgAJ5)je7OAa z^6L2A2Z`*5!?V-ZCvV}x0NK5;*=%zfQbgr}Lb98;_-UzwCq z22|b6V`Es08CMoxl>`v(5NaVk!4|ADP~WEcN-etUDy6?xn_#LyJVC0tUWIPF3+<#p zV=!A4P+kxX$SoSv48lt*b$h=OI#wK=oU5`RF&le%X`4p$&|;uYwu6o{rs*1#n~PRn z!`|qmBd@V8D~r4=yZ|M`?qb(pb*O_Y{c~_~4r9N+cnboBYA8sHNUZ@BOsFowSr!wx z&U8t+jNFFJ$d!;1LwjL}V+9)Y8XiN?M=hJ4V$SzxxhI1_8oh-?KcxXC)+Ovp@_423 zW;T*XYuI&Flt6J=FdH7WzNt?SQtg=iJ$kXyiO?Ip2jBt73J0n`F(tqp7d$_^yn1tS zeEH%0;PUc^vx}pbPuH%?K8cGIHdB{PYGvr}cAdUOe;-fu75Qz;tDMnd=oi7V92cXP ztG`B4ZS$trGKl=XihhGs!Mz>SY9%CQ30a2~?MCRmkqEqNxIckO7=btEr_L9A$7z-lQU1UScY#~SMPjN-=Nd~nIR2f0wjb3z_MFqrE;NcYs;t6_Z(Y3W= z!gXIk4$cb@GIVLC7pUN+@|x(G>e|aM(Dq)t4fLaWg}*S8J`@|U?NeZ&jv8nux>FwP zJ~Sou`KH)JxjIvc>o(@fgn1>Q*}$)fV@meh@jRhLakM@sD!JXzFwJ}bqU^)tPRKW0 zMkC^lEzsZ3-X49pIDUJ4aC!XU^x)mG&t{z5o6j)jVF=%QiNunx0T> zTtZ>)E*z9_;i@c36WE z=1a(G7gw*1)PLbgUr*F`{#UIFw+i23p4?&%W)G(t9=p==RrKd=ksnZEE|g#J4K~E% zm*Mp7tPARS|Idr|h0nC&XFA2(1&<8MQJj}AS9ja(@#_5m>D>k}-Fw2Y$fyN*x!QR{ zABK(rw6i22xh-dTA)>pnc)8jc-uLCZm#aIAy{v7458Rgul;t<235{iUq#luFw*#Qu zYcHyA&fbWo2Kbe2=*-xKMi9Xs?A`~$)F$lhylY;+d5GAZ>^_?T#S=1{R--$MC~M#M zm!fmep$+=G?e?s&J`)uz%8A_BVOLe-4;~t`xu6(|5gS zWku?$Aekh}>nMc`BYRctY1%Ave=DSvBMwrjl@CYS%Zb_Za%=cS<_UkqKDa5is+Um1aTmFDc9>t z*?k;eBa%to%1lHURmNi&KUKl%*L6|$CH0i=4!%C|w)<Ydz;?Q|2-q!*|Cw7H}!K_V=%rbrz@+19$g*Z%up1^@w)lI1wf?%l84&o&kb z3muafON))x#K`LEq#KBUj0!q*S0UlsUGzA-uA>4~5 zsIOANdw@k{Nb=yHQr#b+Z!p*{n1vuVGQx$3^{~hlRA>{MLtUdda+jnI#BX4IWZ15l zw{_aorlhtu*sNRT90*C0h-HbeTXC~nVLkn+4OCuC;I%D&abHWNFNj(Dt}RBnvPpNd zN0>L%m9(mOe))Nvt_5E%hHDoa(d>R@+Bt~yWzeDG-&7| z0{gv<<>pvc-;}erEJ|{JYM=KezoWDPiXNeZ0{x3<8vJ=6F0cv&viRf5r^smu9n!{aAg^;_u%znhNC&0U$ zhM}MXhj`@v-W903lk0)|8v5f(D%gJ<6zq2?9Dz|ii@S;O0Y>o+C)>HPRKq3qAk~xc zOjgX(k;Z#-Q7Hqjh2=D~ttFvt0e&uIJAl*Rob6VK1}JN4GHe4i05N(h8HH^{2dp5O zG8_cgB?Y$k=oXOdp9TsU!`WrSTu*#&+gMGfN9{^SFO}1ywn}bEd12!%VVF3e(}`Uf zFKNXQqj@d>^-ho4-R61E+~ay;1|_q=Y3gYS9V3LHyY^9=pn(+g4GA9B+KpIemfHgg zXo^jVx`w9UOYB}b33V^J1*1#u1(Ut%9gf01`2^6jId~h#!;q=;ka{|D?@50; zxMHbxFw*k^M?oRcNi(KgHJNSlT;`g2OFCluy^GDu*0FKb z_L`cR9EyMPBn_c8S4rj%&DYTEfTz*~?p5#J9-McZhxd;JkmVhcAixwZqXF^%!mdT$ z9-QkK3qs#$#5_+n&95=Tp77Z@gAJivXw)*JP^i0SF~oHPI#$KVYgw-=Utl2^j9({x!;)eWGTIw=*_Z~QZ1w;BZsO+!bnFdfuVkmhQn%|HC~KtYG#z!PNg%!`ZlUH^ zQaA97xE70|+coiDSvQTZSd_1f#bi}F2_QXG4T_pgs(e`8+n1X^bO$U+yVE2z0STU! zgCbG5-l~ZT-0t0D03~rhPHWd&o_L&!v}!qvbf$R}4<%`957>`wu*%8!>XlYnc|lzB z;{g}URh<6ek4!62LwlauTHc%(Y1U?g=sbyr(H1!u&5FfpFDk}(*12{fygJC?-bip{>!))8_r1( z;;Q4?*wuF*MY9+2AO=V-r*zDA%R7p6SC7!i-lDz9G{w$j>=`L4OIy9DyV^*Ss=-lq z@`@CINP-kl_&Q?(=qsCKeD3T!q{R%{DEAPnwu&xb+U4cGEc-Uvcp@V&LMmbDMxiG# zcXLiYi_PcJ_;L)tI0{c-{TZ-(LrllS(b9f-eVzQw*hDP1aiGEr(M@9Mv_yX~EBjV^#a>OLFt}niqYuWD zkY#fPJHcF@?^Q0;;X$_-*bHCpR3^ulJB@Y87W5NUC8gL8xa3ue09hIJ(d_2S)mIt6ZRjThpna26iUd9OR zIY4_Zp*>g7R`4r)l;6}Rcgs_|0!v5C;CFg^SbKzmT@5gHvKw2h{TUuZvbgaEP;u)1|pq9u@`%ut7;~vn(W2)CD+?kaRT=l_4UrI(Kk( z+Nn2B8?A!)iUfRs$~82s($^>uHUcd_Bc-=9&-6+s_c2%ROA+Oo_qw0#S2|$AMup^d z6Duo0X%7?dN@dF<4Ik6AnOeh-hNkehRpZCnJdePFM$qWjuUVi0LSBF4x|o>(2jJI} zW5T0gGGQrk-F;O`sxqZ7-=1^5z@Gf{ zZH>M38`q-;fvg}$nyH{|OYM9hL@Rvfn)HD)a1})Ut}I)jlR)~m?vm@R%9y3przsV4 z5P@2`2&O_vNc&94LG_} zH`$FW*LL@kc(pl$Ul9|Rn`v{R)jaQhcDNLiGa(Xhtc8TrzE{NW$pKXsgaE44LkJ<3 z2G=Z{WoDj(+$c*1s&t-4V4X3IrkI=M-z8X136bQ`hgd@${6k-$V@Y)lCPv(s{d5IN zi|?|=Ggk!}!27E(NLfO|y$r%$0n2k`^Q`V=B#1Ny(tCPfp6n88&qVOEsmTcH5vkCo z1IpP3BpF04kJt)TzrZNLpp`fRE4#~SDoPG$7%nINd_$xY#$}K|S~1Zi97JVW+3<$W zxb}waEgh?<=PAe>Jk>uJYS}Y23~#NYs&`O<%hV=BmC7{v+mJ@QVl(v6ZK(9sFNNheK$ zaXI+NH@a}eX3FFwkU4h*ES?5om?^Xbu#7PPO<#(pH8#Cc`sgXMe0dQhXo~p?^(;U{ zF4BTm&cA<(gQyU|tr)fKcTo&jUFOqoxH63>2M;Cm_O$FASFK(MIHC`z9Rs!46^5n5 zG#ukt$I#9^^i)r$GRQYIBgV1lI!NMZ%%b$02LrJ|^tLa*xBPV0JY8mIQRT`xwi@Fn z^K3cDdq#s#+V?+iU)SCFGk5jR8u>4^ql+FsWj|N-_a35*FSM6Sy7;%)$u)I+{yyG$ z%=TKcCZ4!qFBr`yY}cM0n{iHX;-ferbdW;ElAIsvyE?8=AXQBok(m`ifdML42Y>K6 zg+7A|bVOy`OI>z--E8KfxxT(Z*4JB&c8Ao@;TPlvUSBs1$#8Ji*S!k3+F>>Wxdmsw zT{m>5{OpR2crwZ@el3A5nlq4tsF^I7 z>NnEAiP%Gg&UeaFtk}Q?5u7nsN#+XXEJ@8-UPW8<9#VN(lwX{ z(}z_Mn~+fPf^C*f0*1sD6s__*h>atTbb1nSj}Ege3@UdX=6N6yy9tAcd4gBTpiwfM zuZ9P~x>7=6``OSLErzgIQTwHghaobtP8FCBX)H$h1~Qt2G4-=l)Zn|Mrc#k@MY;0| zd^9fC0o5hQ<3`(VPjk0P!O{v)ZC5m50+L7{yVEpK<9I|UMwV1Lr@AeFv$2SC+bl2k9P)9zn{_2&{+&Y~0g0m7=zxm(;q4EtJCBErZT0dr-P znn667okfjnmdx5RFsJfpNsVXQ7{GOv5Et_k&PtY zE){~Fb8V>fsMh0%Fo>eB+wI)MYAAUo2;In;--QcC0U9nUaz18CP|HW}@3RrT4&rID zf#~P1nsVI%YJ{Q8`cpPW8x>UB;UN&vRN*^O61-v%a~*@esu97q+w$_ISJt+&+MZy> zE@E0`XUAlm2-zS=Cs@8Pre$&5wOYdn_)``h7C-OK%{<2dDM zLMOHS-8Qn=lqN%#?h=*`%z8B$Fxp5tkfq$nur|A5I3UdlXuLq6_`K-G7IW9P!}VyU zt}RP41!$GF6};DgEOSg!PI_TH?9;)O7_Oc%f%4XKOeaR}M60mfuvhs~lW%H>WtfD# zSzjq~#c`-8@1^$uhO4`MSKc_w-nh5p(8bzgI??$W#qSe3$$WtpS29~V0l$>TG&dGC z&S^T@CAD-sv8X`St1Y)M=G9&=Sq%SM7XS!$nyyb-dJ`vC=W!SeW|fNdQ<-xzPHrGr zMl^)Xg`gb6KS8z#;~TXv2AEqD5cLR#0bCPFG7qbfU)-V5XH@XUdamB>I_c%9K=|=$8rC6aX9uWprV_^ zew&4`EpC+beggu3$7psN@GK@bBt$X-J-OuWz6WC^w*z^%q{0`(H@G_hB(GAbV^rkT z{xrpWHV{oLp0H@m4$^_Sso~VVUEUMYXAr!@AUhxhYuGT@cU>TYu}?~7I*n^^BSlNX z8-cYiM%sbE(Uol7=1oqFAyv!)4E~P|Ta_|<6(MDd_lS*JxOeyPheX$UtNSyEqeu|N zwVVz21W(CF=Bg@|vet41iTuxS~v}2BSE@ zJnQ0%9neWG-f}lb(Ou~G?}IpkgyyR>c4@khAjEtLAUv8Dw!de7MtC9I;C&p zt*wsdDCtj}HwB(vG7dZ$ZDb4M_}19tfh55W<#g`(>$ zh2!pP)x+P%x2}M+pFyyz?7oIBWaaek_(mO%C;5w7>W_m+=OWVAA^JQmUE@Tl9^7GO zd5bJoqM|@&6^pGHE>4ej8@b>t;c#2`Hi@Sbz5*|30_mpJQACQr*<66L*U20>l{f|v=E)*OI~zW*8r;=G0=M~C}P zrY`^k;%qw0x-8b(qd5BKpXlb`unf%(a+mUWS@SnuGKYjrUlF>E;(+jvQ=+v;TcFTh*1osY_F zEKZHIRF_CPMPF58JCk4WW)n28Xdr+MSnt(L_gNU<7^~HGPC&JA046MhDJ@K=I$?a)w8}PM9Q3N$%c1ndEV=_4YT3}* z50F+Wbui_V*Ik16a~4ce%%=Sy6dX?m^QKvNaAmdx(YG}4_ zL52yN7#gLurzf%$Yqhsrwnzi(d%5AryDx~_P6wHrB)b;lK*>1J%L-D|xXZ$jFL--{@K~d#and#`UOxHeu>>-`KcgrS?Pf0CrvV88ry*k6vI=R1_RCY*Vm5XUB*!cb42HsrheG}G;644Cs>PjV!$VKZ|rBEpWs5eWq zd9Px{9R|ChlAG?#ps6I{fw4Z7+VYZyJPY-#T0}*qab;5|;3vT~OZMVqXe@Q_5Z)F` zPm^%(+3$XTu$vX$t<``dygO@m?st(noV7alwZecrD*?z^f(+%N-Duqx3ryy4ow5L1 zAC%*OfY6&aNWDx+sqBC8*4jw<)zj^-8%b!m2Vr31X-WcQI|V~Axo49z@FO{V1B&m* z&~qu-Lh_e5wFRy9^^7Lh*S#z&teHy5OulB4;uAwKC{D3f*$1t479h*u--q$wiX|i% zQ_LSc2&YmbW-KP%M3Ig8VDy*N-!L*j;$&)5QagY1~IP4yjds^o+#mw zddTr~e|*?IZoX;NTOYdT_0BuOqHA(ZlR%7|XJ{Iw$y&~0&DJz4RiUwGR*d-2Fbx&e zYw=0Y+pg?pg-Cv(ULb+tSRt8J2$?3~E_sb~wO>I!zkJbdw8WcC$N$=(oc%(K8=J4} zl7BnKBIg;W+3iyv4BRk?rnlbhs~7Ip58f-dUfJ~f$<+I2FdxWmHo3%%``Q3M98i_yL-=oK4Z1fiCcB{MT?RZ;To9<4Rj{R3J zJfHQUW4pE5WjgWtiFgyx$cvL<4gai7;yA30X%LAaq%{OpTLkgD?+EcHS3_6)aBmm3 z?upWai6~RM{oAYVs~6ZQcNk4;>%?;i5mbJgCbW@xxxbfd2yAqe zMqR6yd82+w3&q7ZR^_MT%r?=L)TmYGhC}it!JM_a{ajRp4G@69EufcMxIHqB1W&i4 zFsSefdGSHT`9f#aNy1zmp?Pzl3kcBMo_$~H&sl3RWfMhPjmC9L!O6BYA+ya$# zU3W4~hIu`dN^BzQ?v&SE+U8gWy403wgLpg<5W<-PwZIM9t1PebnxpXIr5Z2O8EtvZ z7k^0gC6;613dvA2xuI%wuVj=8XHseIq0fsS=k!tcZbFA_p{s04`4z7v)5rz$V$5q> zLkwLmK?-WE$pqLkmZ3bTC2Sb*RA#`&d25a(N`C6b7j9= z1-uvu(7Mnym~1&#Dyh!1gbne{vpGE0hx)o;xL zETZgPvO%K|1V#sY#J8wDUuN%pmIQg0q(mJIM&l=1>jlQAq1?xXivSE4ZT=hINe z!Q*>o*PnJ3dK?dja8K#80Zq8nfWUE2S}gILX)FjBvN#-;Xb{3dD4uc>#zVOR3?_zw z7vRG5ng$_Q9!e=|anwz?AykeDni@6Fn8bd85rO7C_BnAQ^7^!X(rBO84;uUA_4(N$ zgfiW??*5+Lc|y#{f}rw`>%YO~cK?k0LDGag6aV`ZJ;Nb;AF!LuRU?dt1q5IO7BoH} zuaD2(=HjbL%L|hm1yPV1eV(H+q=*a+H^?-SAN$m+g74^4K<22+T} zf%wkHP&;)sqaZ!duivm?5Gi{ch?8SCpyNpmVxbwqackzZ$yU}fhZA+jtt^3)RuNj)1TgXOAvU7roISCl?;{6 zlZKy4=cQe!wrFaUF>dC+2?oXzMjAto2e?v|Sivbk8=jc%54JK~CD7M{rjXE`Cz(kq zBnX$nY*vGElEiUJRs)}Gt{E0!$Tyn726+iRTCk5HOz=oG8 z1G9{kQxMihoD^py?^+*lxg9P;Xt44OPA8H3O4Ox>Vvh4_e#}G@iUPe83Krn6aXj zR7_K<6D?RIjs-UKG~phQUjp72A*4l}!ylOk9yiiI+U4zTV3Q^IOIigtXEOrJ!vr_C zv-23P)j0vq9nd5@7|A|en~vH`O}FWy9Z%BQf|=*jJ{DY1CSlY+i^7>qEt&Z;`o0~0 zM6mVqa5@Yk6=2o0;3!+zALrCBP0&+3Ylw}+oj?t~wrIWQb#ZV8{*sN0O)T5EbjWhU zq{?WR2hlKO(oF>bXaRq2T&ck*xMpq~`r63B&e$qToQ1yX759co9A8_`4|%1@gNWh# zl7IydAbi96qd2~@P?YZ!TBYBlVYfI!c^vok1?XeIRo_?0N+h5>oQmc2C{Gz~MgW(i}=~CdwH$EAm0M1o7SqcL~N6@vL9`(UA@= ziHXmb4tzVNGa2Ab$l&P|=_gRhF2TM6eDN^5SzL&c3pL+mksiPgA2VEWJXR`&f~Sq# z_<%(;31U=Rf(e!#Ml|5iUN|HEETZFJ0P%J+>*MQyX5#MUGywkn)U({S+|%wM7Go?ikdp313j#8!(NNN(fsK(e$L@g7`qSZ_19x6_ z&J;QU8cKk|_nd>X)AreM!y$u^a=zybM&5tN+*54~;)Hnz==EBcH7$4mlSPAAfLs7W z7V(bhES{#nNN2PLzAZoms38^2M5Hh_ zHQ94(5^8D|_ABP=5Y@{#Gv=OD9CE-G`O%)!JUu$g65bT1+D+J{ShU$}*KBOC-Tk?! zh_PpbFqm-W{m#<#A$)$Rw@$wtKCkU4u5!o(6GIVy67$rB$Y?HzTzr%*3kU%3sASV) z9l1-?!Dwnk)Nv|Hg^{ux<@5rd6Gv*S%D7`X5%5Kuwr$WKGLOrl+#2l3tO9 z1+=zw9kX`78>tguz6$x-%TuVRdk{~g_qr8QLq{?F+{;YNRE|eMBa5e=WQu=#^dock{8wjhcq6QDh%^aM@c*+=OImn3?yB(0jP zBTr=1*XNz%_H$!c`HK3|Ic}Tp*UZ$aDOytCA!7sWd()8jV8JF+rft8VL%qfKu0;hY z8l-A@4uF7HI{byUyvT6XP%2414Y{e5>Y!3d?pXqBlQ1?i#v?xEv)CC$k$V{)apfih z0?O+&J5^VxRA1BKs{;M;9ap9A}c02Vd~;TM$oVb*)UcUBMyae zl^oQ6X0yWhOBhOxy>J%Ltb!##*i@P-$!*1}tYbL)U5t}#Z8>5+#}V6DgcF*MUB(IF z(>`baJr#>j0^npdjS0Pu1OI{U>nN^f`)g066D78owB9yU#)bK;5K`!5K@n65@bV9@2eI(&=IE6nziPAX!dASppLR6l&9*Bfm zICiP(mT9>hV$sKx^3erYiGMh|XmyXz-nKjS_B&-To-h=h z^LV)tQr|up@iJhX4ldfAvy<*o^SJS*QSWp=oE-1}>7t_5;m;8i^CpUTQs6QVeSy$n z4M<^65HlSP6E>u2oRIj^3{$rO?(t?MIrGr2X>sb-~Anr9yH1PoQHFwEy-IUh?aq?4#g04 zc(grCkP*XJsuG-svIBZ0h{s3-Z(ihK?7Kcosb||1(i`qVu65OQz*&sgE^%lQ?a~{* zO9$iK+gtbc_V#x7RzADNsMc=H$N9W=g@Df@-&NxDE^)+=d?qx}3s4G6Fx>g`mOjL` znm_Av9SIh*09<@oINQ!~TP&O*OHqq&sQ4ot_ZEZaD!Wt_ZE!;oD`yx3NhW;}XF3yc z38hG~2E|(OUGuz{U;w{N`)kMN8Bb^g|CZ^HbM%dlRHw1e&f_FiOQlk>IKJAvmJHA5 zO>I+gW*K;b$^gbPA=m&XHi)BI!qOyQ(pJ21JX-~S_>bb9i<#4s@(Wj%@{|s)YG%o` zwVYO6?jn9Xn2uSLQf+q|mE0BxQ(-StCz9{1gTaIb znct!eow&;QnsgQBBbkssWrGv~Y#NCl#Ykk=T1u+{)3CeDQNx^7@mn4=CNv$@(zup} z+!HV4k;8ng&m2v|DO#FCV+ipLLc=&3W|E)JICwd#)yOv#(&nD3mb&bkiUn@wUoX4N znYS_p^SFd%xl!7T^7fQ>sj^PVqE^t#fao5nLMJi}l@2H#Ts0l)C$F%2Tg zE=qScdlL}H4LX1Ti2`$H5$3RzEKg5aSl(ahgqs2hl zOwMP8`s8^ikBm|97LTsaK>^78=VIwRH)Cp3{+vF?HlC|C)=D^)*7W3~d_zV)NC~4C zjImtu+n7|Tyg`X%w`|j~=FTPKnfU3+DNtKno?>N_IpO6pP6iBw29@W}qTupMlO(>K zx&7Fmxjgu%p!v;*izkfwZW@ePJQZ!c+FYWJIC+%SvCAq5aAUS>?9~_~uDk(j0lGX2 zCKHxs7bpq4NrIG-f7Dj5x7TWEe8nOw1x$@jf*SgI)S_t^)~>g))Q{y5RzLpZQ|-6) zwc4t;zBU(9b-PyGs#SM>d=URRbD+6^o9Av$kxZPDm7QIIC)1E|JZG20J_mD7^S&JG zLnXDF+e#7a1*u1xSzJo%O%R?2;6sT~HIjI$&4_Ea37rwK4GOToCUo}nqtS>iIvLGf zoXf4wvc>oH2-aEsd$0y$wp#n6x+bX2A+_o@=_ia{!8KSmZ7nfd*=?Vok6rTmn|s>L0r8M(cf}1^+Y;8eOyHTrDAw zUO*6Qq+AteUm-x9HWnvcieXIZvb;n{$OY!jD7DBs-??>#OCtg7N_h|llRbRz2O zV~(`U|9Y8t<}X{*GuQ{Q-q&nQ9z`!fH;?X}aiaSDSe_<4LEfy2$-#+*KH(P$F%Y?#SjUHLf$HKDpgE zXf-*s*QmydR zZ6Cx@n#5r!z{KDXq*_zgLhI|lx<_$xLld9*?)v&V88Pa!M8@XAWZ>$CMP62}uRoh| z=3eS*vI=C{c(%T-?m{qT+D*V2&Z<6LUIt-^3ohnNHJF`@x{D}$h1&H9DTz^-BWiBqGlr{|9; z5LKMWPDpg;bRv)XXEyn`t|>~I3Rcz$A=14tr)czZu}Q${X-p%ZD%GZ_ zWI^))oC!w<%%C|0EjlG{(Tzo%G6o4_Id2=mj)Z(8U2+&mWtRa9F)5?+fgu$u)S-Rt zE+yL>RETA)Lf&C!0l7h;dN7=2?%YYj_#{T-03#E&yf{c???4nMG6xwUL=AArXrh#) zX1v+cx6RXEg&*g$yA zhVwV30Xm|BH6@IT2Ql`L_{k9_u;60iOz^luM32uE$*O+mQ+=l+!dZ9;)||`-0|)cA z%}fYE7#)mCZ%1*doMWh|Toa-nd8k1|dJxbr3-t#wk6~%6J9%JQcb3f_N=uNlE=!yhO^XKgL*Rg7>K zyT!nwQUJxgF19?gM1E{-8ItRQIt6ncc9p3F+-F^H;eS2#@3#C`YO+NIbMA^-CmmvJ zz&!0zK<@8roQHTPnxv($x>s!WIqX8{BS4F_aUHG#5#y<-5V$O_oD3|A6ZXSQ*{*iGwGm5 z4o}df$7#_Q|`u)6uydTmH(aAIZ`se^h=! z!6jL(3clUF?dmfb(j3_%&z`O6p(L>V%_~c)d@y2TrUv6a8tG)xIjaVSPH8)QGyQD^@T||9w?f zSo`~uaKx~aDx8tN*&~ia%yBkvw6^|$ORa@>Spp1PXX(oadk#wAef&r5x94zaQC;$m ztPITjs#`TxYZ(20?k`?D^jRoc{RQCW;ytr_D5`+YZI)bGkWOhSIx)b&+? z3FW+t+6F@47|D`+nL!+11*{9IVnY6B{U0@Noz${YYTiJl)tx2*`JWsu;Fy}zX|^w4 z$jHD;FV|gz5t(-o<`shAxh5jjtqkq^lA*}Z`x@Bf2b!}qn+x)*YcNFj?3yJ>;4}9P z<;=ZE!g*Y0w^pmdU0PK#&q%@XhTQIcE^&WTeH1AreAQxq^^;U>ZpeHs*nRh1VC|wZi zgGfq!LKY)$Sz4Od+DJK!+8`MrqGu&0yB-iXB2^t55Jx4;AZyt*s*HU`az7hckDSB_ zBOgmXDFKo%87f7^wv@GMX~I}-OnJ(Z8u;4C%}q4o`D-Xbz<-XiU|^ZCP_ZXjh3q_p zKZ)+Y(b>E=p&Sm%r9)D1i$+tKFX0uNc^SkOn}l?b)BhQN_te?On7x!e?fh$>n(d;7But7qBzBtx%G$WLWJV}|XES|E1&XS_>!m9rcQt*ox zJ0&vi-!}hr0d~%;lR5AI5>DayOE~>YIJL_BIl}2enQ+bu-Tm9<-?nnnraiq&%A8BX z|4V-SH~i|e*}52`%i z_B~IgGh&^IEl(;TX-bl5BpA$YVKA*wX?WkAm);-3buTyWrI9aWyZ`DNs=uB;^U2-+ zUYx&e)ejrp)3Z*a{ggXj^I3fVyZQa*%l!TCix7+A43jM zdU?qPsc7Jv_4Ud++;E#cpsIIdk_0i_u5Nj^XrG6Ebvi<}td_NpBjO~sA~_w9>gt7e zYfJ~;l&U$@rbb5kAf0ha<$sYE>qa768NxqnFN*}}Phm_z+yu)rIR!yv0^rlW+}7u0 z$1&RG#vtG!L{2k&KX?Hd(A#l9}JQ|Ov;O=WK?gsek?Tlv<~xs527<@|5Z zpKZRdrCe0S1YEHhn&$%a91a1O6NF){sLqPihIrEJ*pM-nnSg18BAxa<6^>M{O}QSk zc|@E*)2h?7SpDObbw!ZS@ZtPrA$m4hOID)obj1v+>vKV`Djler z3p3+*23Y1lQ8~9iUQWYMB{yNW5IqZwV8-IlN1Bo}p%NI9ME>)}t^Bnn^^aLbuTD%j zxFZB(wxODhqi{yXETy6+fP_s)tB|3E^cuH#IdXuOu00)3qm8{lEXa2R5$LTE4hh8a z9$KKlh2(qz*BQTjiK}8U;&i0V*tb0LCX5GH7{yp>;A~F@vMQG~A5Bv~zKPcK>5qD( zJ)mMIj&Gzzk#tE1-|JvZlbK9vFGgauC;s-Nx57a@jnchM(V1BCZkg4_@0W~~GPAg1 z6EUzPju^R$M7z+yDkhGBCNl*49#PKnxd0?T|BY*ot}Rh=D=w5D>g zSw{0lz(aPUwiS<@g}%9+DWb%bd1$O9$_wID%-kGwotPO^Rx0Nnac~zFY*|ZmAssr> zCBaU)DA#dIRN0#`-t)*24MOQeBrWK0=STEleS@Vo*8E0d^uoiSV$k>oi6<#n6IOmQs9#?7_f-5HIKBff(h&^anz4#0>afz@K3Q{1Jf}_BIBHgar7)D zH*u28lnLXrlyI3zOl%3r2w-qA92{w;*f-HwqDfIsm}LFP@3q4{yG>CsB(ZpDEH$}| zp0?C%AZB0RB=HRrKPE#ms9#7yVnsZj>|bjWId>LM1%>SQ>?MaQ0nvJRCA{)TOO9me zHc({xCcn2Br;yUrJ{~8*Fc2c8U?g%UvaVG}5OqF^Z*U!nb&z718U-eblQ9hiead^N zfAvZAujkKratB5_nLxmSG5b==pNI87TRU4j1^v&~i@)?gU*jp$|GW!^BT~mxN)QI= z3{MwuD6Uj4qCjlSG&Ez4oM3n&mDK@^Zo`m_>F;quCUkHGF;)qB4Dt=qp9XO1h(q*( zI%vx4W)4Aqr3&g0v)GzxGhqYrWBXvaTdAy>Mbd{npq z-mWaq|DW#0Z>yqc8t*<-a82!6LF)arL4D4XNH2=(IyX5GJPi2L4VsaGR5(p0whs1RgHswrG9C3+C z(%&YHR_m;_i~jC#h?8e68DuSiD6}fAw6qn|s&-Ic0UN4hsyNXbaQ8udOiG8lWNX{o z@itwb^#dBYTbpk3{g%wZfR)Z=3%k0l&yK)6FP`$hV*ZQkUwZj`sl~s9{I|W8zyEu+ z^YZ0i>;G#!E996_WfuYWdu%*OXBba{V=h~o3i&LVMjYifPUw&Z5l=0zutIENgMhrs z0zR{{LR7*PxD6RF3@ihu_C6cXDQDze9dsc)V?!8JJc@MaRE*#O@|;u{q6RuuW)_%) zRAUBuF_c%yE4=vn-n%6yO2sV@vr-Q{{XVYMs2`p*ys^I`?@nFGsa&`_b+`U+Gu?&U z^k2Oa{{Q(D`TsDC`!xK5?EfMDzq9$OApdP|ZvMspzs9qOFaLY<3#3y~OqnL2tYvag z^1ZjU%{*!I`ZTXKBPtjUG&Ye>H@-Ogc0ScKWWz$hASxXOiN=-(|76F(I7oL1 zB;lCT683RX3b_T1n&VN!58NqaP|xS)<_pqr=ZI0(b;E$CE=vdhGJ;fRD7YoP&2pSW ze02E8*>K!}v*AE`zh`m;gjguUx;-QN`$P?9O%8yU z-ljj20Zr$8xfwxDvt-JCBz{bI$k>GJZ2k!Oft=r#CTepMEov>9{9M|YlFTt?BAA`+ zEDwxM1@m$ZL9J zZEwE(OaA*h&;MTe?@v4_lg!SoG*b1ydeXk&Q(XTk<6lzwx5WAvi`_o|z5IUjFa7^l zdHyx}e?knAy)1h21KRo@yjR}V-z;tY9CqO-e&JXJ8n-DJv_fzufIFtQ2dGViqoj~^ zww;F&{a4T5Q=i=W$6y4={g}r`U!;wN>;J{8ot>92^Xq^6)nDuXt2`^;)cQeG1BZ&r z3ONetkXMe5>ufXlr&~WiKW-k>-yApgobGA8 z>r^TS7p+#~w9|dxXtkSXr+d|{O68YU{rtSq>b4JB&GSyT^WnVFZJnPSHs0(x_^(r1 z=J4#`=SHi0aCUNj)^6-M_*?#TDwTHQwB779-#5BHH$HUV*N-m*9$n5N9;CrFM0V(o z0^es*w=0laA#DiPpzIf~*o;@&AKFmA{jT0>9Cjgv@I~u*&%w|RXuy7vgigL>yK!*Q zYIZ(!e>!WP{@nPWYpA2FCpAa&Yo65Gokpv)uI9j^qjvSvv%^NWd8q4v$#>uvn)#{z zzW(m)q>*)nUekB+m=!@D);sk#^>zaWUYA$kS3t`dBUb+hdzU%7Ey zZ+Dsp?MA(I@Xo@Qg_NhkfHRs5Mx{vS>gF-e0hour4W-Zr8%oxZg-{NTF9f}|8=Z^u zIgq5$RU4I?i+gt3JgB!jN6q88or{72<>^rnKGZ)GGsOu$G}^G{57}i9$xF`wd|CYI zz;IYZm5WE(XeTSRXlODovrbH-AQhNks>Kx|Fw&{lgNTFqwv5}7#ss5T=-hz=!HiUf z_~XPn>WqQ$$xh12f!YIVOT_z(0)HiPyX9O00s<44#y}XIB6Hype=*07M$n6L1w3FKgP` zkdsQrdo({)e>vGlizN0O>!(pnP2`@V{&Ff61+IHsf73YLb26((r(%$slbk15I)K|lh(5d`%baJ3RoCFX|NoB`yDu>N>r`3FO(P^HY zszQedzrBy_m%6aST~#la2qE6*~{kVCEtg>AwTGi67Q>mOZ+U@$=Z0RYcvgdS0jA*Ff z=b_{2k*d9*^kUvne!!x*vS7*e$MCeB2j)|>YLwEPVt4t31|Zkg&~@f{3xl1HS(Ne> zd}qFL%^xQ;O@iAsJ$=P-IgG93|7uWjeUZ~tte#Dj{Htrqj@HB#D_c{yqKvn>8frn~ zzBDXvou70M8*efoLN@LmHje5S$DKVV=LnSX4^>YQMz$Yhpv1!2bMmt{ipSD_53HrN zi)xT^+kz@Kewc5?E$l@E5JHftSU5@D*}`Io0#l+2O@O2R3(y1d$c_s#@4+)~xU1DS_|& z?)L|~hRUf{d)+)2JfYQSxA%8nLnb=Yn9H%i{`jMfMYf$S*ZhMmj{_NC5ckBta~_Uk zpY6#Tn#I@@_s=gmD88{1KMt>K*M8h6%|YZgp)G}dgflOFBO|XT_pt7)$X%c!w z;7MiR^cIC(pTwpI7>lj zCQ(-5A+@PE+?O_&Ez`0#?ZrK}>Qai=c_Qpl-4%4Jm&(_YjlMiNadqa z6@c9s1Rhc(p_EppR?VabdAfe4yf82-cvENjyNsuh_e!4v?Ce(Hvx_0o#1VcP`79wd zmJVv_ilb)g@Z=DeA$5Yy!&QhFsG486(z>&OGScoBm{w7u;Tu+S|Q+WoqC{EX{kpIQ7M{t}j=o{*Ygt>Wf}=y5v7V z@Ar2&2khQ$Zrp!_^|!h4qHO)?YI^-;7{IN#q**Z(^0GhHCVPS-$e@Q}dhzoA9;gbg zvHC2GqaiE_acm>~X{s3H+3E2I2-E~_h3L{3q=d)him?gAL{8E3Pmo#^-+1HzH%oYP z>D-8%OR83lY_alIGit0X%I7><6=%|5Y zFFR%&=dakT6SqO&+pBIF9~gv$46fM;9xwKcZwcemFx_)D@u;{$!g$yY!f-|$1SR8j z$g$ofAFDMmKmO3IR{!p3<;zFn zRPnt-_V$Rg>5$*@Y8Ml|BakvA2?z|!FcVK<%=Vn>s#$i;S)_!yreO()Pt`jU#C@hi z`UbT~g(^iQQn4|!e}{n|Jxj@Dko7W7$h9Pn(jMQ#nr$_XG=+`>KJYHXco^{bGR4>+ zl#gm@FzF8BFiv=vMi2~sOo1^~1_vRd$)59xecT*7mBE{E%HY?|-+p}gm0NfJcqC2_E{RC*jX-dwybmid-D#Q9jg6VUE| zBUY7P>aEjajq081{{6T7TVB1x0lOD)9Pt@IImF391I9ZK91hdt0D=nVzA$=UWaz4Q zFz*5(_vK=wmKtUEduyB@JgF1`f3{|`dzPMEW(^hqZb`Q**`UUuYFBk|G=xOOCu~4y$Ya9k46d(I7NshsoJEeoGPC^IS zxMu76TX$!Z*VW`_& z0YpjjP<5PQiXy?w(^#4saT7IBzIiwYHv}5SLz7$LoH-=`@f{U8!EcoQdAocO`zB}-V8hBMNq9Mcxxj2OgaKr4s0rx&$1?ZZmI zyP|$q#$RCm-ev^=x~>W)T_!#ht8EEc^zG?|S}D~+ku_`DgRwY|k0*NQVC#0OcL?S_ z6G7%&{8U#F&nbES?NR63j`!`(>3`u$W7_#}QTffyOVAw(#R&-@^D}4vO*YB*J@YHE?wsx< z;N5DVnL<{AMa22ExwVVy-QU6Mb@Fkuto-VDUhtJdxv$-G%g9HZXzJuR=pv5ltkBqfcA1h0-# zvbwEfRYRC%&;-0kkc*=eWoYp1xf<%hlM>Hzfe zdT}C67LNcqz{h8AyKfrr>hGIpEwCdxX>{tvW=a4#)zyLoj8fW~^+jF|Rb@SSY_Zr4 zjzPQ8dfz|3so9Iftg^R$tPCwg#|K!Wl} zbxTPhMF3#rI}d<+A@@S~Y6ZeXyzEX6hoHT&jvuGwxkor`Nv6KTYUwGsfv@9OPV1+<} z=rV|cl#wuwCmy-r4B2}c6QA{`L)bDq@lg<#o-3+%TY8ygpHi9(8JK48m8^&4#5 zrbR)NPvE#EVEyq&?n}FQeEgvZAvZ?GI4M52qLRL4Ga~j};>QeT2DIIlvIC^WY*OwQ z&I&exF++@*ES2(Pm^@=Dr7#e{slXSav-~g^jbop@da=12P+99Z9;(v{&xzQdB5`Oa zG8TvI@8@Vx0Y$-jXl(a#z6wj=wDAit1)QpkYRW`S$6^9yyCQL_|8L<2xMa_;0lnT8 zImvz<3X)VCut~CeHU+y5_(scS%lFhdOUND!Mbl-a)Dl`yL@yz0NO6MTP^4B**&bRb zME1XXHIEr9joqI=I9xRIwffXZk~kyfa$GH_pmuQzpdkNk<2FdiQ-MLJ1fVSe_l73X zqd@*rZ=Dv=gJZ>Gz?`0S8bvUDDg=Ev&uCz2kcLcY;>BXl4$v+Wr>C8rk6YvF9hAF= zpDHE`l+M7SoyD?%*B^L@YLYxuvJ{zV|4H~PY`v^O!R8Fj*%LeO*u@nx&gVjbqaI6J z%qKYsDTpT1bkEkmxQu*)iQW+t4<+tD$(gU*3qWrZ#-hi8+MWXnHS&*xwNnO5?rUA@ z`^Q1VAQcs{l}=*NT-W^+IoZT%8MS=w5S>2W1mIdQx3MTbh{JfA$dA^_$W5Vualf+U zLz*Y&XRS{Cv_qDyQoU2i`LOv|~_IXgVVEI1VB1XDiI za4-#p>=&|Vn2v})i|9BIoN$I|qG(DusBA=W7Wv}Xa7AbsT(OeLd2kgy>M83~IblhW zZm+rxKMmGAcfD6-9Ye1PzJ73peM3epoNzMbI;FZ+a^J9LzRZyl&d4Z0m!uTygZ%8_ zIdw(KoWC&i_~7iCCE#rcHYS|hjDo?448kc~B%t|8#AB6XFNVuu79B`_llC!3YS%$ zr~UT)POfw(Kcx-|0LlrcArUDXdajE7vj;He)^Qz$~kOUPF429cYN zn9J#yxoI%Akc1=XKG|PQ86z&uW^7H~EJ9Ma;F3@>46Yei4@#GFj%sTazJl;H0f$H~ z#y>^1cx8pWQMWCbGFPsp%+T6r1Hq+&luL@2Mw`-Pg@Khp6bo>Kw80I4OyQilO9K8g zo3%9-PWA4J&F&rY-FK=w*sSbH&JSl}>qGSp+PtsWkZi^76`R>Ig6{XvY{vI=D4##j z%JPpZHv1!uub5O;=F~+J#d4j5ysjuwp@QCLK)GnsxPC=o;>1s$ecXjx*4^KpiNB$O z_jrOs;imCBH%=i)%Gt%S}le`d3s zbB{UhxzW|qUp7ovY*rj3BO?1Cox&CeN<-upDN0F>4F+`+l7J~Z<PuqJt|7sf+GSF`v9wH!;=mTf4O zQm=sN=c(`>siyG z+f8c$=Wtii0S0;zp}wWtZggzS?>^K|j&aFK-54s?ihWSJn^uODk#ZJlJqG2M`_N~2i{#;C5$iE18|WMm9tSRAaZkVENe$D->X zi6h9pu9iN>lPqpf>4^Mv)Fm{G)lV%R2{`Z7$siNJAep!d)02r#l&e#(Q(0LNb)^KQ zP}!BQ_vSp}+fPTNQHJpY^{{F#5*R5yyFdz~n5T9P>E}^e1N(%HRAhG>(REI>^wUuz zy56gKWSv;xU z9bKFroYqeoA2)xySG(qzMm~iTC+I7=K}2G+mn_aQ4GH6+e7)_cBc^O4%MBSsq#ML% zD&H;l_^4#p4dO0m>4*P>3u|(-!#2LatN!Q5QCIDC0joSN{PBE z8S3%b+tyj9-f0}1ogP(GJ95odHEH3oBj7xUhVd2rlGs*rBZ?LC^9gUGI1Mf#s|Ngx zLth+YsuqnRgP|#7w`h;RZd1YJ;)sax*Pl^^N!)KgxZjT5Z!z8mB-XFqWrKfTxv$tg zTqA};uX<;UiI80gzQMDRx!eSg)5)@%{LQRQ$LxX^i~v#c5g+ngN`^@npPGkz)z!c! z?sToZz$qOwRU}$7w#}*qMJ%Xl)}j(kt2s!8V)KHY%oxw^n9c1$mxyA=&{qhqe~`q{ zPjUY!PL34;KaS-q0`5a%`AcIRD1&OnNui|RDyu=MvUV`2;&1G$)qES>XkTRO4D-Iws%Av!#4nP-?*XU$YOGiQC zyAztEvzjiQ{pD10S_7w=gIN^X3XK}jRGB%mr%TS8zxhOAPa?@{SO#N%uYkL?%3YTu zA2WwY9GF--C>t6q?vNF*W$(va+8x1SB~^3AOLy=)*(F$tc5y#u*gMb)c(^7O>R@b3B3ZD_lh_v=u$<@S(bLx^%}Z?)n1KT0zYTH& zDseHoV!^pnxKD%Yu0-Vt!pakAg)SDJC_bWc95a`eiONpIvt{B`ZR}CpiQ?iyS(VI+ zxM7iGjPulwYL_xc&{-pY5Dg$-+b!z7&DI_V+~D*pD?~~4%$Rv0n^46UMWG`agrdkG zjxeAj7bjyeFRD@iN;Y-d)K_l0aNQV>LEpe-a!#7iF-uv3FsfU-aDl5l@FO~gQ+##X zem{!w{UMvM$mb-Eh|DENB5`h6Ss@n_AwlrM`xY!EzDrK)m5N$v<}z7+XIpwVfvvuv zxUU*t=jfA~wz}RUb!%vVQEGy{#JFY9A+2MQotn!*=Wc!5<;aS!k4F|F7+!+x_e7ja zkA!yyatjn;cwninPQ}=*p%pGoZh~lm?(x__C@-dus4`1tk?sZaJz_bhk7)$gFY|SL zxp|nP^azrKH3j%#`O%l+mAi({pHj%dpg;a4?9U zCW&ma%LT_GrOuH+JW)xr7%=+5y*?HK;xyr+^LSf=sxwgU9tL9Hv>FlnJdULJOAeu9 z3Mth)b71aE1&+DkMIXLG6L{J6Rhp@3{mB<;@98tB$iyLEVE`<0bnr-EEUHJfCc7>u z8Ql@GtGW0l!Z7eXh2aR7t~{#cNrUR8R+vwoDEn6VF99n3}l|*MVZQ4p9ayC z^YvRnqe3za@`<+IRRG4OuUxU(%yaf8~e2he2Dkh(S*~hB1)V zRG^WAwAr+^&zynnMPlF3YjM-7WM)WkuZZ#gJ#kpP$)ZGH+WwWhR*#MIzy_ujX%m@ULLp0G9Y{JfTS}4p_l$c6b0&RUL%Q>?v$3&C_}9K0~W4Od4JZcnf8>CVZ>wbmF%B z;9e4^=3(SP7F{oj%dRjgaJpQPQ?;EEfxHd^chPRN_I~)`hsx>O=IO8ab8GX3{Q0(Z zc5%M9wfTKT72Vq0+?1JMbk&oy)3;~YPaU{WzY(JeDT>Y;t&?UO(&D{(u~|899+td+ z0Y<{{WQO;3gLpDS`!e%h3G;&6_Op1Uqx>Q89R$a(-tFwV@ij{zEtPo;$LyBxQE!ch zbtA%`SyJk@k3u?xOjCK0?9KvpZ+brGzkmZMHu9l_X;>|}*Y$TNbHiMJ&!?(%RDQci%6L>YJ4|z_|jbg6%0BN%st6aT(g*-EfIWWR4hqClR3{0 zx}gksI}EN_BnjPcJOEoxo(2&L7W#t{A0!XD2|~oIKmGsMdlUFbs%mjKfPk+R{p39X z74TB&nIuEfoy@?185-!xG7~0Ahwco_kO`SeS9MaPyQ-(EIt!V`;m>=n2!hK)Wl@30 za|aPz(NP5SvFHO-1X+B@LlMD^MFIJKcdNSh)~#N$49g?>W0I;{=bn4+Ip>~x?z!i< zID%_1H4MC|Kvm&jO`?0Qdpg8J`hhVoAVB6O9K47MYeY1DAv5{8q;W3J*2vm z!89U%Y#)8^Z<{QeEYl{4Hlw&w+#P5`@hv$nS`2UzRCpQf)@@^2_prd__#lU=uB)OX zHzGd>07!)c&?&yaKXAh0`mAfKW7uAmwnDQgR0m>eS-@?9^gDDThyx$T|HNhsdFdAc za#v|D5Wg~xVVws$#TQoMc&_4QuCdS~VaDjZ2&5e0K4U#e%q=G#n$p5=!>PbAm!7yB z6sR8sZmPx@9V@OlP{^1)w->CIGvI%*9s&S+-8#XkeS_VpQ#0TM__WL0%@ovGU=?+f zC@YkT7XC>N2X!23Os?eM=&lIb3vKQ<3Q&~@aUli698hOdMcu?TAZ+n}On-@--EFee6_iC)X5{T&tBg6->Q-y4t4 zI1oipCM}*AJ{?f{K8JT|O%kv( z*FBC1INkVjB_1@xsUAC(s<4yKsX>&uoucnDB~zB5{z4x z>!8GgsA`7pX0hX8#T)UKYOSY~6 zZfD>boc>U#&B%7^Im&2cfvhvyCeR`I;bMr8sYnj}O%RZ9PXwwYoHmPS8up>0X9&@cRWNHZ6;2{DDbo0q$DQJJQUzD+YGPpJg4VpaXn$KO_ z+71yN!&l$=FXQk{ThT||3w1=bvAtMiBS&)4>5hv6Zas))&>;rQ1um{)U`{EU)pbqR zVqjRuv2C`lYOz?1Wr3{f^57ZhvIJ@cay`=fpo*SKcw)rNDDRWvn{k^oa^_YBi3F01 zI<7K{2PrtY1*E615hhg!(Ik#blQZ*z<2=YRS#oq6F`ri#co~^*@!VG$Gc;N3w4seT zuANW}*ePsOR(Ly>vWZV15xFV^LkH2(dE61RXFmdjimuRu=+dmf8}vXHJI|!t;hliF zV^HBHqRsGk(AJ*?iZ_>?V1?Pr4y6;UP+QRnyWI&^Y$owDonXZVMMRfP?1^c(h%7cr z0GLSr?o>|(xol9lWzn{Zx?Ob=fhvC0nl4`)za8C0YRB1ZCG5Dy=X6zw-0lvl$K zv&l{xd7mc?w6jO2$T$eaDXLiybh)kfG1W&4jbl7Xk`IFT!ct#*yix=D;ZDrU+BD#iof;u9Bg!Axqne|-cO8GqUMA3DIo=1>A<%xH= zz$U+?LOMXdp?=GX2$!NQ2kfEagY^wuXelD=)`P*hJehCluh62^APm}uL)>c>f;nLC zN!KL9%Oaed?;d|d#jjogTC-;b$ln8sNmpz>PMe0U7$!~coG>k_a7m#b>7hC>%xP;% z*RZY}i4w>pAeC;%$Wyu%WBmNI4|;ddb@f6KSvKr;!}}gJXSXaq14n3ynpz)G{f@b|Yfb3x-jhiDL7xL7Lp$q1> z=~3;xf%Bai4!ZXOW)Sm`#U9dA*FXmeD9E85TMP_ZGw@H8By2{tO(zBzpweiS(4L?z zGp^%0C-{WPAD|byfMQZ$&rCPCY_LI2vDEwwuD(*xy-X;m7nNr1KrtTlnivh0M3D!k zWwt@Bgl4LhJF-Wxy>S8~#~|R~T6Vmdp&EGyG&>fAOyXoz6lsm(D7-61xx6*w_@*Pi zAdRAvoJpfNXqn!k0Tjyo;gOMIye9IwqfjR+#|RI;6pKN0dZFN)9n|RMEuyuUU5ixJ zp=W?lNW6OPh`b0A!`gXkf=WAHo>&FomkJ{}p(gxr%7k~NE$l8q2JUDb2Wt2^79*la zSrLo@kirK12wnvGy33tp5$NkKkFqDOI2bTv<=lS5oJyKnm$#k-_jWQBS6Rlrdk6vg zDAA+v8y*8r1qD}TUppz@(EJsS{=t$qY^lTD0u?w`4q7wjlt7EB<0t2_{enIYBuql5 zQxIYz+6;vn_C*2)yw8GrDRe#03qzYLps(0j#@X?RVjrQWV6dMuQv(nCECNLJj@!|B zmcOAuV(OJLRozK^X4P%jqR;^52vaHXM7a6TVW z(XN7pLL&I2#)-`4K*!FExv?a6Krjpkb|Z>O<@J6fO26^fcrUACaFHiY9h`=XZxxdL z;bprD3%Z}=xU8)3B}wrp7o&q=j)8OJNI1eI|7`=^slldUknHXT{izKb`UW=$3B)kV zLuhiI&v}sz9J_mSRzIiH5s)o`x6kB~KsMvU4U~0toNd;!kl}S3HpyyGi%hc%7YY;U zkjeH=Fp~vs`4$Bg3~CRmLY^2BZ>T_;;2hJc4gNf{TaCJ@Ku92;XA)88&$35>00k8< zu1RU(ihYDqfEl5j1U`u<1=6}><;hKBnyRSILF?0Mo>rL^hl`W#ipx9A8cq}EpsJ`! zbRM@ZD~WB4k)ljnYO)acZROc{7kitmGyI~7o zR$+AYr0PuKi!pqQvcd)?v3?9U5j}x*%i6ezZ97$VeC~{OIB^D>En}TGzY@BX>^vR; zm-S!))bIfLVYMRJ71#(byoNP4sX7Cyo1J81!7D9eEYFa%gYCjrlw1umC%_114kg;L zO`$gpwkgro+X83PqfGWqREB}Hh72h?$0l8O5X%y+6(rqZsLzAV!btM#;uQ}xmmHG( zlvV~eEEAOMd<#JLWu2l0EeMa^YIYLklSG#Vdm-`DVLI@Nw0Q`pBSxaTXC_ zi6PZSLGdF|rr{_zD>FKBJ!`s}_j2}0sI7SUwkYQUg$1erB~QnQZm-R=7B@i$SC;nL zF&7fR2#G6aOl#TTw=y^5aLP!OCCKlh+rS%DT-_PrnM2j4C~mA12T~9|>>ElTeK4WB zL#6S&k==+Mwp1N*6n|Z1z@*h494^I6I@oU6V7qG_Yq?UoLf=5Z2+3m*pu zEFUqpm#dE%w%gOAM!4Z|hb(cfYA?wO=fSD4z`3eT%fG9ZLp zmSwS)_iUKD%iIx!f36j4KXPbP3gm)4fxaO=>x+%8T`d@lrRU{D>^IEPY;Z)vXdqjn zAf+~gzwk(QW=hBEV`A;G_E?9~!ukgVFf=_J`?wrl{*tM#%YT9S5mjd-<_a=HCN0}V z3IYdIHJ6I?W*II!u32uq+di3&5o-BB{1^f`Eg|UTAi-Gd9CA-hbwHt%okaBsNQ$z> zqRAA(mLS;@>fa-gb(I`N=tPvY#8`(xh|Senn}5i##>TyjhxOT1K@U=()(7=4RJvSA zvy1p2jQV7$biWdgZP-A|5-Klzq(U<&wyoIMwql@dMTSU*A9qji^_@{M+)pezPr;GV z&FK!<3AW+eK)l0eo`>gcDX>4Z7bjityBI}d(KR^9j_&~VJ|FciC5i<>P%RK^TDNm~ zYeuLAa#Z{3HOH=Lk55`NZLZapwF*Vm*4x|}s}0-dPMcx2X_njO=tUI;0nm!&Z8+m3 zd_S%_lMvL=?Q4&2B>zSXXAFm{di;=89UUmq^~ub}u~T}|nZDGZ0t|mb*Tgzvt6Dg< zIg}h8?nw_Onzo(3ZKS>JUE4;F+!k%(nyg#r{TcT0>G0FhBjq3Jj+*t{T4>XiI15C{ zw_tP>k`*tmkTj>@!8_c2%@Gi7gv-O^@zJdDrIP8|MxkwH(r|SYfYX+L7_fVpWK1;GrQR+)^hG(CsctB)zjPO7$=g$oX9ioctmR_#Xo&x#cz zM~rl$wwQ)a*wqU~%SH*mXi*A!9nz+!QicnX zndDHUkye*S`T0n7B2xplUd%(hTzwX~X-TOJ^l(_8b;kKxK+182 zxzgsHYx{BH9yup{lG64;%|p806a7+AUKkg=`lr2-Cx0VP{>EjS_GRuDaOP$jH`l;O zl<9PohA=Tbk3vZJ#B;P31}fUf4Cfh$Jgk#}+*cImG{u_~ehQVQxUsD%+O*Bwwhg|6 z<0&gm=t)!M>GY^rCmZcqBq%4S8kujnUC}2D9IwPAO^m3Tbn?jzcSvS<^~-REJDm9G zafXPPuJI~lMAWHw9+#mjJX?k}Mx+}vh&Uy*Mw>7vw&NcP@CmzgxIg#at>NFH4VPt; zv?OsZ9Z3mo%9*Nn^-K)=vG3a<6-~fSL`ubp&U+}7AuYU7l=(O8Ah=g#-^|U@p6!~t z(0q3k(?9k`jpYne+j_EJG`OnU0yOve0gri{6Ps4T0NpgZ7UU*0EY3lSs)%+QwyZRv z_p-KndBJl=ntfyh`KD2*Hi1}HKpXO1F=_5e4hoG6VV&ENAc-n!{hX=hk3*p5c9i3D zJ0vNKaAu{gCyxy!hc_ntmW+Hw*a9-kJtg5M@^d@*^Z2T>!TGI1>!hJ5Axxy|sly0g zN*l|&#vK#-mc_87`L5K!P%6_SMMr!Wjtk$CMTF#SJr!44rF%EHj~vfi*(sprTomY= z_vdoHGSS?obSTbGdz9Bhfg;(Jt;Tm!jEz^TyK&<5IzS24Xza0N0t5*=nW&BiZB7eXd#NLziEJmJdZ8d%B^S(0sxF2B zGzJ}dT5OqqO)!+`WL2B3Q|tXwG@Nm|!7s;*e$Ae8}YW3zlehU1j< z7;`wX1f3isb|M>0RySSCsj;gr-E>nK`OC3WdeRBym_S8`R0bSN5W#)!fZZw-lVcT( zo2_e;s_P+G6F#`hV`W_)Q=!Xa7Tu+Elxr(=xpvWAt`)kh%Ax*WO~gfSys>X^1C4n~Wgx->Y8H9*A;oaA*oB0CSn;c;aAT0~m5A9bH~DH0CY7cPLh&6x(?v zUeQ~w1BsRApL6$_(`w$(5Km>jQUJ7S@c^!!7N`iKNCt(kT5_m+VchIvc7uc-jCmI} z$tKFQlwf%Un$n5A-(yj~jR$10R&-s}k<4)j<B~a2XqLk98}lk^d8ExYVt^hdv%^(ucEi> zQQ4tI`kA`Z0o@Drtwh!G>eUCZCv_{MPs@UKl&*m>z(hCWsU`QXshE`cy81*=YH2E# znXFS*Vu-`M^G!g?ZH?<_9aZyrU4zPw>yg2#t!ooQnws9QHGtiMWU2DJIzm0I zA~L`*tdFvfVVe4vek~iQj$=%i(#zPQG*IrP{Egm|wC5-Hk98-9lVj;rYIxx+ zFT1<$pj`zb3mq!To={JT0qXveVH>y|DS#b9iGo~Y!$`j$C3waFN))JTsQv)v4EE}= z^y9dux+?Ko3%407Ak4f$IpO7x`1}hQa_64Y@Zn>^cY=A4o#KO0lGi|4LVg~cFwEJP zhM94S{^jRmG{glnv4CYg{40K1E9(Zj3}x6La^6FqQJGQ*HM40Db`or?axiC4 zUUgg}n?bP#FAbCS^d~dJeO-HiO}W7?m|X+-*2A#Dk85Sw;FncYtqf22nANcL>Q)*0 zm~9!Ax}3^1t!u_hWEtR+Cd<#IXow5uP65k$cvJkeR?ZA`8OoAD%bHaLQSQC}k>0ZAFm=g_h!OR)JvmW*geq1Yq2EUBwtqDhxO-Ira zU-i<)Yimv0$+%xOdit2*f9~(v_+LgEECCF#PVTQ|QO@f4xZw_*{1WMBT2yKesAw|K zg=^^mu5~Hu;MXRN^+`^(M>CPktpsu}p8HZJvJm#OCU_@*jE zbRR(i($~0w<4Z3iBMnBtA+(SiynZ{yo)vKX%C+o)CsN`n&eVx3)B5F0;Tml=x%`3* z^>@Ev>VnFK0LENvOw}}5@kdgLfigGAb#Kp+Of#ycVHBbr@K2OgXXRRd;NMlK_(f=`xw_p#j1tIFstHuvR_8$TYE#24pe@%D zX#^eg6Zilq7?f+F{25B55pW*>1)6Rc6snkvF3A|CS0%QnIu20jl^JxBrmI<+_Q$)U z>?JCPJ&+Q3onC&q9$c0iD02!>=D=29fAza8yvF;6gm4sL)nxm`PfbX1D zGBuK)2^!Hl{=U!bGc|n{k`5J{@xC89akQ+gBRR22NWbt+A_1ZtGQs$M+$&dC+^hOV zvqYgbVRJvB;~cq7UTOBgM52&XC{oUp7w{#SPt**IlReCfEuF;crS)g!`7Ry0pr--fvB$P~ta2WmOw5K+(dMq z{j;;JJ$5u7sRRKg6jK%NZ$U}d45ye^=Xj1I1m#z8LZC4Mj~J$qFb;i&m$#DXqT--} zG(>SD#rw@sxb*C#D*rnAuOC#D*YzTZvV#PTC^@u_DoZN*9Q8(Q33}Z*#+>Y` z8fZgX6oCYwQ=!~Q8^d)6Kk7_G`SF)|w&%zYWx%lZqtIa|h_avgYg+9CCYKOM0diEc z(cArs8phuj^OMakY1zqwh3{r~jmy%@jhR5sYQTMjRd8NM)&Q;s#O=BwjWp}Et?wuq zHr!yT?xX{Ukt`N*!eop+38e4tODFu&meKYW_T|RZKu15Q401&j!Q$*A-{9?Fik|`i5{;BIQh@s6^;31^g&$6^fRlE0K*o z{R8CLq@FJ*k@OJ#+b$NANO#YA@+Xe{RU#3b=MvYAmt{s}v!Z&}6UbzU)qP0mWj1D( zWZr{o9VyXFiZJ^Y1)B*)a-)HPPbZS?0I7M|Z8_W>$2rpU_oN|d*9wZXTsxCSkkng2 zdv{cng>~_`7LAr6NpsK@d*;?pBOv9eJx-g{^F`fuB8F+W8}aXfZM50^NF}`DMMV1i&zJ z7MN2Dn5+Gw&%xx_1N56dGiO1#cxo7n1@o&%POp=VdcFWZiot#)*AfT%Hl&j%SUKh`(cn@ZFG&jZspm>Ev?_xGgXSDwgwS4J!2c$!gMN)$P8atx{Jsu96- zaY<>&fs-Rhm1KD_MD239+3SQZRWCpE9_eZC<1V{5<5Hp>{l|p1*);=(=1K0aS$IbDM^E_ z#S&A9v7WqzH!uU3VrsFdn<)Fzv}*H3r=miiVKm~$hiaik1l|hHBeTQ?2{NI(T_wl0 z3Zz&qN`DmEeX75kA#ZInfG+=z0P>oLP<4WQFBvfchtjD5xS1g!P=Z(}dga#m>p1%i`loBi#g~l8!rhq^~zKzHm{s1U7Uc`A!N+;^9kK0@)9tvtEp0S z&>?BU+a6)9D#|id@j*_nN6N`Yo|-I5JQjohCwuw&X+~1(VOs|b;WCamQ!BC|!dFj7 zX4>9cwSrcY;)y|w6p2KZ1#2hZG%^amn3qgVU)XX^I7w=a(06|F6!HY6PjPL~G}2ir z7InLGvfn1l6rAdSWO}%-H`z6uN^b?04cH6SoWLz~X*;PGMJpuO;j>1ex7TLz;Tm@htR2Arb|@`EYASiYQNB}b%Lgz;?!q>G z2WZD?Z%JTvgcqgr774_MUU*at_#6P4l%8V-d-g>ENdrb zwl388ASrzrhM;2K92ifFznLfZ{+S&=G%5o4DdBsyan&?+JL9Uh3zTl%)w8ayv3LZ! zZv}>FxQ2?n{Ds;~S}F;WaR%UfBR9A)lFOBn4zW-$>$<-_hp0Z8a_gw3+&JxL>N8A% zGfwYWd5w8>l%Nt(tV5sKZDpsB_xWhq`-Bo*8?H(dtUntUKHznuw;;)lxG>?wjxPrN zFsoT&0VG5VAT;}NVA(;{9yjT8Y+wtPSq_yJG3TiS>jY1HDyH`GEDV29`#=qYFG{L)<7wF-lwLjqybx%RY=n__Xg! zE=voSp*p#6i5RK&`Cgzql>Uf1VR7;=WB+B>I)bRkIgHzxEsWs>3Sz1|Y)v3KTY_{9 zTAty8heh%*2dKdeOadKoW*wk8qQ(THh|lyS+Y{Dq+K23Z@QD#-{*W;F@MOdOvuSGD zpl36aaCCjWnM6~fiG=ppU`nSh5}bAcVLzqMq38zm9TRmlG6Ih9-zUxj+Zto5AW>4e5Q3y24)WLCnhz9Shpy`h=ujQTE(l>hvciCxgq_=_ktqG>UEPmK;O>ouGD`+tP z95&Po>7OM_j|w(Bx}7w&4YpM(_S#kfY9VGcp|#rs4#K>J3dW(3l(FH|Sl7m$u1%Qt z(RFL)8RthtAi4bz6kdFxgkEjJUI0iKQBe9*8^(J3`g_I(lLI{o#>oZILG4(YG9UVG zFA5^)^UPZl@#s9)g~$`tyuP8+Qqi)LBgY0}h2TYa&a2%W1VkDJL*o<%;!sa|pf7`s zp^9MiSv?C@9uJOhc6A-JsbP&UUUGr7>LSEh#BxtYO(?zfT^~<)G=qg8Ubu!Z^B1~Db27!TTyr?==PmE1LFXu zKv}=5OF1t*VnB8lzwonrB7olI!1b!5YbmqObX+x`$NL4ALO7H)ym@t&dFhrACifA) zGIR#k1#$8Nk+sZqM-xPS*5xnKEVFJFFLnw@&czF=xg!8m6 zs0WncWmzES5&LE*jcHw5o*rf_dun+glaie^!KDc*psQWDB48nI041`!*c7R`o_P{l0f zDg}0E;rJhPpI5cb2>ef94nLIGRkGk~CMa97mx=`ZqLp0S!2n~!L>b42je5cy*_b`K?N+tj$^GDf_Jw#U3Mv5B0l~E<< z#ZGe6uyd~o4B0e#%b^FyyQV}`APFsp-5TZuQh_P63%5q~*Oo>ba@$E<{*vv)VP}lg zdJCz6NtJYnz$5pXrAbRtGUt9CJv>$v=*t^8sCb%u(SWZOxo89yh{7~EGnbCAW)80X zkd3;r;&5ULmnfbcVl>Og`% zkLv1`%5NnNOR6(-C)=3b>bPU&ORjWp2Ki97H^V)kH^NmN78)cg*cM+UDU|GgANVFX zY`!(ci9d6t`z^mM-gKer4z}acy>XSTG2UX*-Ekn<8tsKP*a_5`DbUudBoxpzU$hO= z1<{Uj6X`jFs`b{oEnkYhSEIfg!7z?YVksMed*HP0So!G+hgLE!(C{56ajI)^Sufy( zr{aAiE3c6oR|-(LKj=B4e=I?;mfa~rW)6};(n`j5xPjz`CSf^BT+|7<RN!(T za|8v7^`k6~6-)%V->8|Fa$iVVLSodL1>p>QAq3)u21Vhu)XQdTI5)CAQaXI<1jg~b90{JB50EM7d32l*qGV8`lwk+QW{lSuH z6s4u{@%k3`SGP6gCQ>oK$%%KyR>k8@Edh{T=n`2xoJrNzwU}vXdd$E+c%z8N76=v! zQq42WNf5*c4{j7+ZX7`{kt_uQpF&6`q8UPWIhx#-fnvr$AZTF`B$?-mOv-Iu{8^Mk z;yGp88z76^|^2W9rs&<$;WeIhyi zU@Ib4Ltgj+astYZFZvC~O~_U<*(%0*Y1AU)d#HBd8jTR)5JT=e1t_$0g=9A&8kk^I zEr$zj7-DS+8lA*3&>)7PbgHW-lj$4W;KxORR4*7xr-pjc!&^abUq6jzKs5vnoI{K0 zHlXo?p%N&~J1!yT-#N8%AnGS?t&?=<%NU&@LPPRvz*b~T61lOsppJ3&XNCDy+A*b7y;iPdo{{XsSZ1KoHO!KDS%q$zA%gynxi(R)yq^Y=8x+0}`T|PN-$MHw<&`Ch zhC*s>k_s?ZX-F&4Y~hn?8`8r}CVay|*-&-U6}7FP2{@8+ZR?)vf(n-v{NKO~!yhRB zVH3cM#^9N?W2vlef)38p`yvCnKqc?MMix}N=!Uc&*N z%?j;iJVf4lt}$7HVS2ep@$q=8@Ha4Gy1#j#V+x`vtk+&*Rp}5a$iR&1@QYP-SwK!) zOyqz=2;l*@jVRh+7`crkUY&wfGF`m=4fVN2Sj;gb#?$EIJQAI!;2@sV|JdpW%NZ^k z?e9fXdnJkSnE?SIIL$nX@dhRNegUHcRWiA~LSnTglviYq8^(h6Xp7UM#G3&8UrT^a z#5>|ojJJquhK<*7f1vAtxQcT?ygwkGngg5w(Ku%2X?m(JYyAcq-GMBZ>Tc62k0ZQ+dS6wK`D6J~+oVv*O z*K!?QaX`2g|pf3#n}i)r;S+JJu;!% z5C%&3k3IUVCEw2xCuB@$s_>m&bRxi?ar%2@s`S$k0aPkt(mT!J&I^l{VY;N2gm?4= zd*Qr71)(EfdhsN49|pZy)HvxjZ0UK<5#i>Ew+Y51WKox`WMuWN?qFk3>Y^ttbt6^# zDR_;j_|)Mzl3f}qVxq8LkT@ghMtk8p?lqOPXq8lH zzqlZY48&pu)A`mdkuR|rgr45k#QQ@y&}@K&WG%4>1deBw==@PMaqyx=gC4iY#KYhE z$wh?ABk}4I6Un+oN4t=AMEqhAAE%A!ewG+G2M z!I)DHhp@;^CujjK0ts2D_#Q@s#FrvwT8|v&gr5S-1Y3J{?Oj`pZ_RUD(RCi3hyC{=Cu}+9YmUmkbD2dG>PQbY zu&RzT5Ia^A6Y|cQ1rbwvDP?hB{m68yXrS6$5)I`mFxAwkf@1PwSj9P_rReQvk!k(e z3?!lC6pwHQ%5is)vt>Fg&`RQ~^0C47Ua@r4&X9iL21Qwu4u1xV|Ts z@Fq=j?WMM6Q(gzsTuT-Vj?D#4TZhbs9(08raJ>TT{E!nh#?QS3CuqKBp<3V>KcE_7 z+vtzSdyJ3JkM<@)Pwqqt!CSg)5m#wi9-5#>b2srHb;7KHz zXpEn9|Rk;!GB1$xiqL!(4p zfDHE+F%cQrz6&QB;;hRV1!AWhIJdfH7(fu_2vrulgikNH-xbwBGaQpo9XWof_v1F*sJ^{ zcP}1iJZN{zt`&>Cz|VU)(JD=t0JGki3Vgn&rbr|dRz?)|QpDv|iouhI+5tbd1(2Kh z+%{VUNTlFyL$g9-$3m%5S1eiOZMl3NnBcEEcXy4zkE`{^%WtrRAy;9n@c5l-C)f)M zHDm7Q2W}a#rHC1SPsIqd#pBOLrFp21ghC!&iV@VLf@{P-5U5_kNh6-syB3Y+CL@x> zunT-FaZOd{S0c&=HVxQAu*-i6ywPaK_fo8;4!oMk>*urLRT^Kw}Fi4 z6LBptGihWeX~^lgl{d0jfsqvSDCRWA7(`*N68IV!P|M^X@!%^!VSo3XB0dJy+#z1e z1vx@8TL=341~=8|3-S8=zv~6@ls4hY+O&qBSSL&=zUFHQD2=KI)~^6Z3kY+z;5+kO zmT6*<#8>7;g~X(!;0!@}^IetZN3}5D39<#fkHHEagtn z++`JtmZJmjo|11H(~&4AM!gT1Z4?US@pE?Y+A=!N&Td(f_`oBv;$yA^nqg){G`I0U z2{ZFa2Rvx_Pl7pX=mS2G1>@*(brl3DJ@+(ztT;h-ZBTnm_IQ&fr7k-LZ_wy7s!5lOToPYE=o zzk<>f!I3OBL(zopGS)GZD#xEp_&45EMF5*OE5xD?rXi9h-lCay0#-w4j-4O{>&!d^ zMaamiu4NC|R?f&9=0w=6gd)$@ZbUSb%mqWbQHk4TQMqjbh}4?k268rwXCM;~_T`a_ z^^hm{f;xWw7H1(zUKrgV+m2S;sX-jMWG_x2(@XU&W^TdTOD?es>?1U(3+iJJ<#Rzq z*@J0Zg#KOz*;}~frk>PFpr)&QSoOU$30`WQiT^9PRai@e&#S`DRp8T?RW23opxLA9 z5~WcwmLrQwBfv|v<1HYnsri*dm=%P003f?=(&sS8)?zW%ZWq>T7<&2q>M;#NSAEPc zf|Ka~f_b=jTcu_@WrRWtnkSx%$*;O9GfsRa4A>aejSR5^1t>l|&fXAPRy94u4;EyF zY#!=P4)>7yvc4GtPVF1s2sZU>1d&F@r(MA5};o9{j zUlW8BRya%volpqb8S~ae#>nUAfHI)Fla>ae^Szq~y9Sd3JtOU-c<+wC4z1kly$)ov zMvp?GW`v9MdM*dKb6Vf*=v+vR_X1Um6EkCLI2cBrm03f9@AQU`X4vs<@wl-0qdz>@ zWpH*PKH&x_Ef**ZH_&D|EAs`=6Dz1yz%s1#Iq-9FRx0A=@etPk945je)FoHCO<+T> zCNKjv&g|~%L5D4OTOU&ObwE>jEp+fWn^qSW1dx!11%&l12AjzsmaA5?2_~*#gVrhz z+>a&1-UCd)R9>rJ@lgA)Vl)u?Pn8QcWPOp{uL z8I(p?&}^s;-U*;uL3y1u@wo%MFw28qJ0!C1(@9J*M}j*by1N6#6e`hX_%Aqe#nu&t721l8D+Y+vvg%7( z#gzQhhH7U}p9CgEU!iE(u4=kKS%rQ;DzBkJ91w+^F;T(;b%1K?B!azEB*v#NfUJ~b zI4o+6y;ylMt!|1-lzFHo2(w(5#qMMri$}d?kG}ft(bsIz|1-8Ixo^tl%VkaiDvq4L zav~U{b!#IGo~W6+EAi|JW0gZvZnO$b!i-n{_#+`d5eb=(3Uls%zc5=i&L5;0c|F{u z4YOdqU;{{l^G`u+Y zL}uC67IrMOU%XYz91PbptXG90i__mN$aD?0MFC(Gg`l*kZ#YrWS?ql;Q&RMc$|?%% zS?4gn_IL;EqMKN{9@P{oE??qmi5ce(?772vqF$gjK{w-;C!X5tU)10%68>&w88H#; zikj9KNfbgLni`<{bgpW={r10 z7qsI%3O%M%vULX(bXUdR3d6zniWcclZ5UhMvoU!}Un)J8?Cu^L=owBXlxS~%a>LkG zCE~@C1&aF#b_0&%47(Pvbm+(i=FyWN;Ig^gV)*f9DOz%b|u< zXj}v@RCG>+`7ajWhY4%LcuT@r&1YC<3SyHgx_c7S44c9aZHN~a+*Hb!bn=4ba>W4J zT4t(Z4a~*d>Z$Qc3lkh4kJHNdE+SluoA5N0p_cn$H8(#iqFKRHS3lZ?@Ew%m({d3_VxX zM93E6=7t-QBFO8i1{YJ5+tF6h9UI^j)htP1Bu9~{OD<_ZEf>1ZN}Dh|ZP{)u{0y5d zIWJqbyLdjfY_~=p1`Av?rn*I>_Gld4?{7pKKf zmYUuoPK&0u2ym(CU8@og8yKU;rA;_Rj^{O`oj9*2mvnos&WUBdS*DrwdswQe^&!5* za~m95aB_t<;jtKM*Gtg5AnpHLCT_ zP37Aacu+*-Z>Ir2!yWd?hyw{djAMPmEJ+Bjb(kqgX3GzXsVTY zUB(UyREr_7mYj!Cj00=Y)bcgMfdzFIP}^{c7%?!|z!AAfjOy2wgfAA#moh*B0@lTz zL5L!cvcMO?rJ_N_@oF_wG>m2C7N%HCLuj-tJRD*#*2&EQD}ISsI*bGYXNOX%8iR*@ zxKKW?0IveA>tg)SE=2y9_qGU05KT}{5~^(y!X!a%A`6lrHd+=*2(hs1l!Ul7!GML`jhMws=YK&2^b5gm0^=$bz_~kPCy~YB{AL zup?QRI54zWT6qXkK`syyYSkza!7mpn5>kMbD83M(kaQ9v6=Hu27Yj$Yox=%5&#Y^! zUFdzS;vjQ@3$md5P?vg#Ds`UM$^8s^OU3srNS@P0T2$k2p?!^m+XKfJLCFcC8ahFB z35y7qh=>Q7J*uixDiCN!HlQ$286d!G6a$_6Dog_K+vRZ8@I5S8224F`x%N_v0YB^z zi4bU0t6=b-)i!W0OJGG{a!v(Y20=j&BL1nNXe`@YhIY7s1+bLOf8FW!LZFYbl9KgT z5n0YXJ@4oMFj4OHjA2`lDj+bfZOThCGOzR>@n;4;;vJkcHjvjP0TYvP)CU~+va4EN ze_d9|bOZTIX0!Q{rg!T(wUl>>pP0K*Y9y5C(IG2y0)%TbhI`Qziv5s?wK?69@No_* z(PjfAKnGX{3~*e6<9{@ivI1Wnd1Olq6D`bMmjKc;Y1tXL5;eT=bYDD}OI{pIJR;@{ z8Qq+S&Ug3pCO7vFk0ntI`Pfh@JzS=-x#6wT!?fk-D7rNz%RDF0cEP7Cb%Zl8;wY?c zN_4(w%Wyh5)|DFU?c0DPis(3*Qeh^CWOn0Xre30>k3xOHp&nS+PHX4w)j*qTlt20g4hMXZD6QY`qm4X(XtxN~+l71li zq*x1}qrF_|8~J{*qod3ObT)ctP>{;hbQN{Ryp+-;(v68Qk$`0mNI-btM|jLhZ3;_% z_QE0_n0+tokB{jP&<}XdLDdM0YLOoGk4OSyzA8smbl1veD&QIgRf8L<1zFTTR0)Xr zs3j#h5JZ)GPs z!mO>`ggK^OlSFRAR4_>@+AtyZ2yes$gLNuKL6D``RoxOvL9mbwmE`XE(ru(925t}} zjkm8IEZLheV9ABZmwS2~0l@Hm3DA9StyPm<4O&C*UgSVPVSyi=#&21fKT}>uYZMH-N zaD~*FkThf?v@%=0Np%{o4xHA7n$^2lVmKgq(h$|Kj0>bMmpr5R5-8c%G{OQ=on;^TDt>1sQ;EAPgAkp$v}(YQnD(Lht&H zlA4E|k6Y}KS!>oZ9YfRYrRtV!Es-=;Rw462Cak<@wA8TZg~1H2f((lI0a?%m7h!sM zY#_O1cw@RJ*_{c#L(WC1Z?TeEfGc~?V0XGFnMn-}ZA>RKJwedvp8n*Po^JT8YhyAk z>72AUd2>&CtJp-C5H(xFgh*t0@iP(%G&m&;lK4TgOEx9RuJ9>Ib}ev9l3kUiBdR9T0u~}Wl|&vnnV;AEN3tEw7w>3FEiEmGM6)Y0E3+$tTE)5bH{d2#J3MnPR3yi z8&T5oZcAr>hZ$M5m`|0BuquXC&=0`w3>l~Vv_Z3p7gEkb}4KDSkMZG?)%QerLNj&NwRFvX=AhsAAT#o<+0JSq%rA(n+_N3m8>(s4=! z9kUX%%`+U39&QyVWm+zzR&XQp+79H^U>CjArs^xgGGbS^^{S(5DRa;=lV=psx+R)E zrvGZm@~}{7vY0aVfMY3*1>YqfdJYhlr;Z^3@#A!WFv~)2I=rOTMPMb}qgc+diL0de z`C0dn*`6~@4Wx(BHa6Min`jaEBJCzkEtw6Cs$N<{og{ko_`f|wF50R0aYA=drOPam zBr6A7AwNHO&AIM7*QF7SEIp&m%>wC<>}X+ZeqmZf5#{Z(iel{55#bC9O(U~NxeTY+ zR~?`tlL_%AlU7Y;Ml^x})t(|JKMp=}ha8{^M{#vA1-r8Xq2el0>Ve_cE5~U5xgM7z ziZ*l+HflSIe3e>2OF^2KmnA}fWD%5dOr?R;j68T@#1-Uywd|0E?wQz)Lip|=)MHeq zKvh9@!j&UiW#L}(MY|$7+hrI! zY$cV(n)i;COvt(nNG2M=)Ifo?6x~VH<@2~vz^@cragUga(h$4wTU3(GI(XGuRXKyb zJ6VHmG~vn_d03s&;a=QN8x0K8wI~;(H6HG4USrXkS+uSw&{r>uf+e)t0Dpv5+g_ku zQbQDL?({IDo;BT7jl5Hv>PDM<5b9F)j}7YLRQW2l#M4^i)V=ZzZQsC=`EQ7m@s(-i z@OO+~YD@2s_yt--uW|fh zIUX#LQ>}jK;mxYRnM%NbVvH-!=<*CJ)d4{am(9Kkte;EFBzuw(mVyCZDkBXS+P3WB zytC|v*aFnEW(f{E$H@;ZRk0oh)>5as=M=DrGttAt{h1J@8z^x+m>TZs1bq{xg)V;# z_h(qiF5#ONxoPq0VmOCuZrl%PKJeOlj~?(GH0-u8>Zszb`Y~GuV@s=M@UfMM(H*InoGJO{>C~ z5mnQM(JM?ppJSJY8-o-h3is-XEa zu&|e4##g|&M;N`!(6Ok~q*b$pJPDpp(TB?$gC#N*T; zLdgyT4pnMi?fEg&t`|Dg0WZ6!w=dw**oNe*-crc-8u`FI>RJ5QNyvsNBMI}&u}XGU z@8#Y|7RZDGIbY#k6T=3+I+l=FG$#^F9dU|f3=eusAs@r5e$3Z5a>JuGD1HpF2P@PT zsSTo-K+%IMGk|IX$z=5Qc3gE)jIBEFkxg!i*8xhTT_p=W(Nr_oK*?STJk+?a19+f5 ztpHrIFQ^|nQzDguU&!P$fP);6+C1Eou8Rw7tK{l7!vNB3+EsucL}FP6lgduCn!r)D z?XgisKT1MjDT5ttu}Rl0`aAm=_G4?rK$n!X2x6rGh50ozWfUDZP$-| z_!&KmG`BL8PC>QVH@E=|^leBdhx<~4Ak_=D4D^HEzW$z!Qu|04`cj3i0EPLLE7id) zZI#Ezm>so`uQcut(YByAGt3FHk`cFH)WdASLxkc?hDd%53~{KI`Xh{;RZ~TtqOBKo zQv-uNr;c?ehm&L7eQ97pBiqP%y#m8QsfJx+T1ST_=wo3CjW!cl-G;>CW8qVS0l(!# zg_^OO%gF2KMhx1i@f~sIhSGv9W9;w@^#vpAVT5(?!XbICV0sQDbTlg78W((vffxoa zctQXa8pYu44gwp_Fz+_tJ={y>*bZ1?{NWeFIe5k^&-l|?rN(PG{+@Ll>o2%#9~fbpw7x6A)vHG6{*SZk`i^H zYyjnJQZ*-ZG~se!q{g_(^MaHQm~07Yy_h$$s^koJq4Uqo?;0|TOG^J`qP;H{C#lnF zs)&w-UT!kM_2}c7;JcE)K<1(R6S$4CLSiR0TZm@Tqab#k3%Y;)JZ;pd_t8${!8Z}zV z9pvuzM#|U{RDvplc1oW3C%jQupq!`x1qdOS zT*K^X5-QyDjq??1gh}WHdB?g?qx;<;Z5kbDE5?63{o;n_@Sj zmCLPGD%6S*qb+>I;EEaG_eJ1SG9BFo3_!+N05}Gwb_~w}(Pn*G&7Y#$1`6a<#0CmK z11*tSdiA-u%quKrDxr+Bf+wM&Z;8^w0PX{p3=-p07?{{X92harZth`^VBfL;ZbS$>CI$nUH@& z=Oegvt#LGSe904TBTV92WT$&pUSr;h3yrDIRCsIUHQ7O+sn7IE9v9Ri`={o^t#)E4 zE|KAv1dV8;V0*Itam?0?m;&ezwRS&bIQvtsU@*tQo@_D*N9akN6Z_07id|tPC3$br7Go0-2?@4>kveWv8 z#)h{J^~ly2VaZgY^U0whJQuN8TrLghW6qJnZv&O>SuJqXs6cq@iZj}Fr9$T%pmL@D z3BkBs@jMTZd|wAwFuRi)xnhvR4^B7R;}UU2tt?naN44TF1u2kuv`#%

BlCG1H68Ik~q1^T&0_3hyVuD2774jvTFUU9WmZYJ3{I3?pl zwl(HB%k^kYW<314P}%Cjf_)LE*`=&pZ4mhyOC_?`dh3p(YwGpS5V=@1A`&Ytl-#9_ z@$ciXXrMX;rz>&heq!(lr+;D6^ZAjM9wz=bd)Xj@V-GEiNr(#55^WNg_MYr5D1E{7iSqCH7@1taU`baaWRtQ&w_{`jXlArZC+}u z%cXQ3h@&>NGt*VC8M5*`YaQgoFN}==a89#!esnNuKK$&pPM5uAG4JB*P$3jrvKomo4 z?I_&>up+qSbCT5aR24x9WljD<*1Vnr&0gPWmgt0{CW`Wa^dy(OeFZ(9 zD(cv2AbsYpDqMcMZ>(5EePPynh7Kg`*LEa!F)Q7(h5Bx3diJZ{#Q^iPKV)X=Y-)McqD5zQ zrxV&^pfiXW%Cf4;8j))C4~Es=^^_+N+~&)aJ1mm-G~!`41k%N&I3QQj*#BI7pRHM_ZY&Q{Waq7a`WE#3UI;z1$xrSzCOCl z;J$HHRjga+21AF+V>HpqEru8cG%=|!L?5II>Luk>PN>I4DjXI@!cK5-+ksd}*o+C{BJ5C=N1f~r zGZ>Ag87-377TFshpz zpQTBDS8VIVNSq()Boym^VO2b?a!LU|6mQV|7N9+uQoW2lUE4NUO{K!t$vD$Z!=`~n z6=}n53IlS*9vXiA4v6)AR)f8v$)&hfa$;qRhL>l4Z#2BSrV6hL!H=|ly$|kmX}c`r z@ukLnwtN;O{poJryl(zQmu>vM(!63~qWSFr76)!KzT{)nTmuW^{&Sm(9;gyrOqNac zN7t-@XSoqJ$F)328{=DzCvWY?8B-b+-{a!n4l`&e&t4Lw;IM>m2b%kBKxo3>`$1{K z*+;_!CQaP`1+tW8$0KH_9r2!v(AVYhCd+d+h6HlpAimfqLIWNqTB>&J?yifN8cdiN z-lrorN_iAA1z*Z0cQpKRcm#bw2r3=p#l(LOk>RCD_hZDh`FrWb8?OCwCQ+(rRQR@E z5iTZaL{^`Ng=5MTn7c!1^H>dnLVU3VdC`q^8J@k)`8}m zs8KG)&65jgsI@qwTfvN!C^qo$hD0itI?n?q2m3O2-kYIPk#C1)A+JD+?ULr6oeH)p zxz!x;un>!2P~5y|U_q#<-_z9Z(;>M97N2=t0x4!pflMwZg8wTUEz8XXvm?aoF(qh( zit~ZHk!em8gZ-b1!U*0B)sPQ3;l^*XK*n(@xS1cqCgG#hNTm-$He=DD=92+c!IT>o zSjqa3CVT+E3fN!6IDC;A{r4L9N{u4}`7Xe+rDAtf6pU#(GJWL3&Bg6qkxaPuJTRx0 z9L*L*T#S9#dZq|55n{pNLK>7#M{xVBzdV^(MY`dZ^-Dp{Xw0HBs+%vD-6WDNHub!6UC*g*g`PC;ffJ@`c7Ku zoVOI2ErERA*s;OVqTGv&llqdxu5z%m7C1pCDMS~K<{rF72D!Q{v zwt;p%>@cm3t1GPRnpyO{) z6C}U$(^W?tu_>K#tA|u%h^#U=HN`^QR%OnNqKnY7+y|%@FJ^59`9j)d!Wt)SKm$9p z;91_7CPjBN7urzaOuICLqTT7U)a6rx5}BWe)ndJLhCm@}g_ly-o3>AAL^WnhgOX$= zTH>#IAG;bFxW^B2yrQU7_6#rbZFS8C=*p{FFx0@c%9Uq}3@gw7x;?}x}P&9j>G z(xS{Ab256wZgtqU)p3_cz;)zu`Ll%Im9d%!s{C6awM!sX`B@fL)tgvdTtYE&h?nkI zD#uy<&Je#EHP^$n`ciWztY^dgPLRGN(5w8khkYFoUUIo%pjThaZxR80GS#|8buGZf z6UKOzpB~ABpK|v98wZa)avv~StpDc=DtF~Mc(N=zX=Bf0V<$Q!N>vh=nppec@ zyQC-A%c$3GMRelSvRQPdkEBC+)k@(6ZO|Z55`7vi7Ww^CSbWZ>06;pGVR6NXW>-zK z^6hij(F)|d`EEh}wu_z%7>K(2pvH>Ul&3n8rnBU$Bsvo5!q!T;1G#Vwta*Qa(c##~&&hsg1x9i}ADCS4iH zh027L^wg}zP2rAQzY295WLxTNB10&k0u>sIUrRge&MIp9$=4WXvm$1ErM29!FqIFL z+)yx&LxnzW2on(J0{2h)&@~sp0_?6M*Uq2jFtWC10Bgxbk6ObR{q>kj&?{e;JWkFo zFyum}uD^l7=W+VOC=WKGS@pfg!%bf~*loPc3%A_?832kp8o7E1PRsdSqWXzV*NXKQ zPZGs3Z*c_)#gP;h^R0*i&sId)iYV^ciYV>RRzz9aWhYYN1uDkmYaS=j9Ip1+Eq7T@q>EwNicDwyHvnNtA;ui*u*L;7dylWofWWY7Mbc zsiB^Uuo2Y;No+~x>6@%!u3>0{wpYLJpt6Wcg|obJohQ(?W}QA}1(B8O&_G9@Xm{HN zdcQ(67s5`Wy-3W05;eceA}MYAaa$kcN$Z1P!2)10z5v0xr9xmxZ9VNIs9oU7N z*(;UixIiWfo~w~eO{uUS47;sJvaLw6tw^$ZMUwj7gv4^*UYDey%WyMdVFN6V546{z zTnbIQgt)R0m0jvz5vP`cLVAl<*FM&(mv9)R6W*lulxK#mP`hbnv~D0P_=4i&>I9Vd zZ+Drg;p>-TEDNo>C!jHI1 zhDyI-j8rVY@Xwohx1#)3l;4W-D~s~Y`>;=`!R8UViqm*yVf`H4{8bNU@Fh!r7JPpn z!65V8`O6dC6oLQsx?sT%xm+fKX4(Ds{%@xccm}t)lyHxd|Na9TQMX#?1$C?Zj_@TH z0IWwdT~x5|sq4%RpHO?Ui7LS%6N+Zb1~7rlVmX`9 zcl+)NE;T2^Q1Mxb=+5&WDy*p7kKvst*D~S(8VM>jZVgj02oF9;gI0K|Ro|iXr@QRN zOqEP0c)xe0rJc2BPnp{vK=8#itwcAHsR%1wEvI)4hs9ae!Cy36PgBF%Y8A#jov^|{ zAv(RCI@q>eCDpJ=G0dmlrV~PoOd)Jm2OZg<64#;%2JTBsv_Pi=I##k%aR8yqr>YUQ z=z|MRYnW6a&?lja#>^FcqlQqDijb*jZuJF+)9g^xb8T2mQq7#930DoGGb_3y#OHbO zubt>fb_K|2?%KnbE!9D&4Hq@?&UC?sVOc&f*7y|zQC6y(g`Z|kc9VK+N#xjwPFouB zbJ1@brLZ#3Yh8hIGZOaZgk`aBF<0!%56i2O^G0%;CW%xg!#fb>?hS-i?ZP_k0@Gx> z!~Ex%QK2i~y3qRO8A9^1(IlD9H4kW%-xViCVM~{Wblcl+YYW#sOUy6>2*FtL>C%uL z!D#w)hOir_YZX<3sxmOZgNBuULgXzaHaLgdi40!XOEqO$qi+FNnNkr(zzBGGxf&>{ zd1j3;R*gNIGWC?1&_>KYWs3TYOhAo@&yT~BopY(dq(!+bty|%!hE z>~+7Q-kfXA{%wQeTvnTNBMJ=ymKc|uS(Nj3cS`~r{254rOQ=uCPe1Pv7mWMf17m;O z>PlU8C1m^?RF-g6hl$7B6w{|SWj4Q*mx*(aR`w69G^;du`@`*>H=vg$Q#8}p#%x~}e}pw{VbbEAZ!pS{X2Tp= z0V zE+eh)QJhixYP8}K&&-9mbjND$5`t3_!vhO?w%--*B&f%0+~q{aHQ{lb8b~_En(u!5 zwa;Nu@VJNKZ(wd+8p~d8Ua2);vA^qEeBj|OoO=yJwrshsB+|?p2r9lAdYaOY7sg$o z(BBae#l}r&!1o>rd4yCW*p4o&{#Kxig6@wjmqyVXiUtT*`|Ru8Xw2k8spTYiVgSr?$)-HVwdD+!r&TmuFPv7%^L7}@K-)v>QQz@NOk2xQxV0+kmI^L4k^;Fus^>JjCo)wX-$UPhPNK8Xyxm3&_oop>4 zAxJ-%51hkyKt(u!;>X(9-+N;&*jnw%nHccs4aZ$_ESUE=nv7OvBkwKnn%s^$aW#`SOCPewR#cuFt@n(j@=4 zS{4>TyB4UKuKk8<z z`bbPo=Gn@G4oZFy{38)mNX-H%LXG1w5y+5*Rsg1gaACfFT^DoS3Fv)Ly2RsuLTVWK z;y?6%T>XzjQF;F$yrTHc`f72@-jDzD&qsr!Xe3s^tE^TEgusrKx&&gp9-uEhB(oW8|C)ynyoL)v7cT7~fwZVrevQ>GrcX7#Pp za879k>f!F4f&#;hr-XOLF(3jin6BeMR_Vo`9gW1=RDrb+C%1%LvvxIkYEk%HoqxJ; zx}H>8S?H!=^R>5te1NaC(r6n^)&}lFquoI54rhxf(hg%gg$~J&mP6t)mJ)#Mmzrs| zIJxrbx~^b7y?O^0R2|bOLaUN!+*(Bn!aK2wrlZ0Rax@R}ELOg-_#9K-aJj`&`O05! z0AFq0AB!Z9me^w3#sC#%z;Q?+dRf7a@3b!!k_4~7(hF#k_f!RU_W7kM&=h8%5Vd(-G zd-{U24kJBx$_%#-f0N^I;aoPHK2Ro#rnG@g1fAbioIFkLa2FbxN3~S^!$s8fi#bP> zf!BGlf4L9LjszA(pu5FyiaB3#*^At%0phM^y9H)CPq3{?31?LhN+Ir_NTfWxXf4gQ zI5vK9P<-cT_)_V$M-PZcn@p;i+RJtl#0EGisE}7*B8i=tiSn6f)8&=vhEJ1a}L8qFOK=hk8b3HV#@}iWOs28^pGb0jmu?ThPA5yGQDk7%K7YE!6j% zfv9^eotnbk7gg5r&oW89mM{^rkfez(q8bFLqQQJf@^a>xLfGj4Aetey0O@u{yk%pDgZMU0cUq8ZE*L zkx|gCTjHbZZk8;%ysPEC+qhGz9bqs*bP7Sd<1k&^I$Q6PX%?fmXMem zNopg~ndBi!q}CiR5@bQDxS12KwN;!tGOBHy(>Bg&GjUFi8MmMtCd>j-)Qmn2a z)c`kV?Rv9+?~tQJAI^Mq(K$;ZIggnzrFbHoKz2RDPN&NZyhBE_hy}(A+c7o4^iAmo z2%042!L?D;u*uwcZ50DSSDz4zJb!(<8?JKePx)?%hOtTW)oLJ;##UTT!P=LAXZt^D+Wl%MaPWAFx$v zih$50UDh*5(n`08$Gi&^&~617s{N`EFfq$N?%BoZ+wAndIE{+(lD`Kh~RG>Tl^GIBY-lI9x4u{L^cxR{3c%~hCXATM8$KM~*Tr?FHdVl=_`Kkt)o z$Y1{a_3OXj>khtu<<|biO)$dvSYxdUjFo+IGNJM|yMq;mzf@ zH>WrM_2K&T?r#k+)c2#~H9y{dxc%Gd&BghLvzv?ai>tfK(>J#tzPo(W08Wu(9O^F* zfl1`YpOun}D9VnwYd9_KVOiVp)nm5tv}oeeEv(jU{5q#!#MfP?MyB3;Qnem7J-=V+ z)&M~lM*f&gcoT;P7aSZF9poK{2>PHuAoLwMeXYYfOdrP_;CPmm4Cq4>iK39&eVq(d z6K0ky(;~D4n)gFXt;1%~5@`NZXt75CRmOvP3a&NxPM0oZyIOb`n+K^th7b;L&Q%HU z=A~KCv?{wSXj2`0vrtQT4yCkG_8W zhvU~rua3X^^6Rhv{PiD>j$gh0^Pm4fjy4WS!;{)=`-h{ozg3;wXY#xtXO;rasHTN` zT*xV?$U8q}FModNV~>hD_dXerQ*s+qWys$o)>;62rfmbxy26;>f;6pnc3zN6D`ST# z#2W1E_f=B zLvLs2#S3z+7#I^ZH%#yB91n}I91oBG{Kd|zA>QU120+7`ibieQ()T9TO)qirh5ce&|jQcABgVnv8AM zOGlATcfXVGNme!!s`Cq+eyZyg{10EbnhRZ5JQHU)!<{S;B+}Qi&E!IK0y)Szp69TU zjoQH;snvu+&^F=j2yBZ@h~1O>Yy zkX=AF6WJVp|IU>*79%}M<+DYaL61#B`-KraSTtnrMrq)5zU)-6f(22Z;UKcMAE9g| zXjnAzqy=Pj(d((SDq}l4PJm3&%FThN@=360Y-VoJYo!QjqcwdE%V&Pdwt#JpfWmMD z1O&?DF5be(Zx#CIXOT6w&!em=xi&g9Lvm>zwV4{Udf`&R`OA=xf0ACR4rvt;eiM}> zI}8RZp&^9eKHh|7+#=n$eXZ#{G|jPVqiUBHf)YiEaqt!n9NSy$awFI+leV0PI_Lf< zN$5kbn_oZ*iJ&ueJjJaJ@#CJQ8yn-N`#*PrXg^FGLZ|>HclY`rOI}KydbmeTT_~Q5 z14sfvpCZx@<+35kw~W&?WE=5cniq%+A3!AYNb!^-2*tTsuIsNSYzT^CXQ)7*)x>n8g<@&NP zCt(y68qk01hZ2a|KthSZNJ5rP#)Fg9kXenvSeeyAOPP~RUQLZnR^8gtz}DD9MbVB| z!o=DJ=<>_Qjifb!BKpM62L?~>St3$Y3MVe7YI=&EUo#P3cgEbA)Z_E=z}>9hHh!oA z+8L;cCHm^-8&3uJYx~kR5oe0y(u_5Qw;*X#XuzBIv)hwta{dH#xcXujaT$Q!|?^0jAv zWtT$!lEI?_Wl^@Lbee=O1Y&7UT3YCjgIbTA76z;wD$fBcFCmkHEVIN0+a62Ofd#{5 zMt(S{tZJjZAvVIIPfkkK3rK6WL65>(nvBU}+sSA28%aJ^%8n09<7SCn;D;P3EbNyX zb^haSy-V(Y5^X8Zr(Tfuw(Tj}@74PJB8V||WVE{j<<2;&!-ZLcr z`3WGDnuzcyii`o_+yM+3w0ydjM&E_O^#sm-^$Ed@>AsuS+_@LVUv1W)^wNnZq=3ewK}0@;DuZd5GhF3yeI^U}(CC#C(v+ zb5B8hA3!-Q{J~x6%txdHrikLmNCt??fXaa4Sb!vrHykL9Fa$6rlHz>GBclMCnxUL>4%f!Yn{kISasJ`k^0iRDm{3Q?Yj4xM&1CdFH!?hH~{d(>5=grIehv09E zS*@c&9uhkRUPR=uk`u|*4f-$LpK^R5xSZVhu)?{!)1%V~e4%~P$QqNOpke6tY#m9b z>U7hAOC*#A2PR$sDvrf5@-c$|;Zw=K%>^0sQL)xPz~rEGfsX(`E>Yij-Z_`pnoNGR4_A!TL<53Em>l zgbw|qQJCBU$Saa)TMYt?h4Q2F{Gfh57qJk1ccc*o<8j<_2>kFM8Bm}&;f9NKsD>&7 zu25qaRF4q=iSbeJQ^6%QBgqT)zepL&ZP!fL2+Rfl>cna%9?eO@V9mx->+oW)ArWj~ztd7sAx-Zs=^qkAv3Y zqvwc!@O@l#mVfkozRr)-zCW;LW_c<0fd`91wFzE04v?ix{`^I$8B6CBq)UXwc(38+ zcH`j#@GGHC{`s=N>lAb1j%QmW%_LoS4ZS<`mJ@Xcfn#Mr&R{YwH>Qx9U&W=oGyvIR zQu`S^0{$#mRdE`uGCtwp@{UI4O_D@gUzw_f|9 zkL&qtX!_}WKR;U8`1)bY)$`^2MD^HxKrP4spb{`PhOgX~RemN#Ogw4fTv6BL_H2U@9HCwGOfU!+)EKsnSgn}MY@GTz^Vh}xm13oQH zfRN*BdxQP%-)xvNZV`>GJOYO@L}&~g2nU)NLgZmpXa9I;Kak8 z|N0J24>q*J+Nzyf}Q=7fb3_LA%3>FsE?p{-nCgnbt0PD9;~ zPUnyy>K7`-*ACff6Es<$$WcLs>Ekv}BU+hI#g=;|9X8WEmD*roI}Lu6FeCXw{$+o^ za($5*#5@ch%hVw#VsL`CJW$&W9F2}?Dg^P9ANG?ESv+^!=|fR{wgV0`Nn5?eH0^Ae zwp59}){ZmB7?n!L*o4a>M-gZD+1d!7q*u*lD(b=XYA6741KDl*zFB4Q;T>Fh{pr@Q zh{Wn$vfKs1KAjP-l{)#!)59mUnfZyk>mnMQ;^C%;0>kB|@4#8O>nlp}_ zfvVIe<;eQ3R3cv&mRr0q)JnU<3yy`ya7w&{yev6@n6M^}R#4ZY$)xw19-}zVatf~9 z`+8+UTa5lDJ@P?G>L0xGhpXYC2pUj?;y>c}jGyS|d%J2aP=9bg$fztKD624rlb*M;)$_aB_ z9VX3FNK>z!1o<`yv^i>BgZ(8^zv|hK_oXk>ec=@E;5}XLO2e%le6Gy|n0q1%Mdm2J zDn6DfW+X*Ye(-%`(HCTR>j;Os_`WKN+zFXEKh^@)tip=J`01>>WvFIE<6ov!RUwrZVnogVr(HajDMGnR6d$jJws35k#CR_NA{@M)-OrJ#TnmRz?M#Q0# zr0~J5fkq*)<{^~Bm~Phf(aiy3-jMv!>mbD+ZbdB#w`hrGEW^n~aEFIkUO>XVp;Kv_ zNzU}uvqeK?>KtYc{|ztQjEa_|U7KlT zgoO#V^SXT3m%3PuWs^%uQff9(UcyR)(39^QP_x}D^dMTR0j5zQafxVPYPdLtOFRnp%o-yPB90Qrr%(Ke%=- z{BI>AS8x4g+>O)EqxNKF+9os&@;F)hFZY8|=$yCB=Pj;}rYRCUJeu6g0y>7!vkLcJ zAhE`LfjRdc&$B}&O5{5f<-unc$oe=K=X(PNc~fc>Mfr%5Hygoom((QVG72n=h6P?i zMSIL(AD8}EZo!zWm<*ic(sr;=%We-0H8Z1V(5w>be9}(*%Dp;tt&@DAJtvH7ME@0E zz`d~PAn3|UyfeQYJ<=E42TDs`?r?w~h%#TUf=DM8kH1?Rnayyaq z2S`v0730uL%Iog4=aLnso!@VL&17g$8K zYc^(YTgE-HaSOlRL5x!u9}Eoyzl>|Snha??jTWqzrN0b+h0h7Z$GcLtp}0plA~xWv zADa4`yXn5n&SqV|!oqf)k3|2Z7WVn7BrFuLx?|zI6%_QO5p~WPZCsE6c_diPyT)^^D1xg?>jYx>qxr(2^1(?qtgBcQkH6KQ#y67HmO{r-z?) zhXb7hiv4wpOO4G?oknj4IlXK+DiMQ)1}@FgNynaDgmu%ELQCu!sgFtMh=I{Lce!H| zJda5iNXHotd*wHoYalN_Z%c&szR1#VlaVk}YOgWX-WH4~u9F3gU=eb#KlN>ns*bRC(TK(ij$DybXT}sKUjRcA4;gu%nF21z8H6 z$&g7U09sQPc*1|CX)8E>1kEFN5<0;sx0k!)q~7~Ua0LCFe+D|XAmw-k#2QWhQUXS| zB4~K*v$rA!&o>tGNG^-@&d20?AI-2Ov61t?e7*zxDF{+5E&S7vEk0b)neJGv;WtO5 zwy6}TBg$o8Bs6SDP2ddf@^5o*+3#25S&f7=rY1hEk9|uA-Z6GH^-M_){-}uZTHR?(x?HFv6-GvP#o-JGBjt6TT^iYy zFRrg;9M%A7K3-x>mUML7 zMC>KC)jVZk2+iq2J5W|&v0!g%!`_yR+%C@?^&#_#&m8r{vi>>n4?0`zEdfFw5Q31y6&Gm1Rw$Pci(@k_}+`lRo z5Jxy$EOiU3-%h^>B}uoudnkp=u{1seqOQQHO`qLS?x8G5+TEVI9XFU;f!er_it5$r zB$1sF8IEn(42sX7tfhVe=cTWp^)>Rx$gH?3YpA==D%gSNs*^#F;cP;RHjgSD)vkcg zlBh&x`-aj=+<298a2^H}YnWR=0Ta(A00TrBB+9;ANKL}@rOu`}X2f3(q!y$$U_>PR0067Cd6-5F;Zhr14G%4Gt^dTr72Ba&Gf zz?h-3nwo!%2@PvH?6;$u@^jeJVf1HAEv9Mqm2I&zbVn&wjkrt(1;o^P50q5)JjY#z z>a89!sFgq1c9x}yW36*$cjvPnSUpc3{ffDWoaiq7s@g!#!|c|hNQC#bV3Su`WY5LN z9kQD`R2I&3Zr-pGsh>3-E?VpMc8WD`SY_#kn-i6(rB}Lm9zKhYw^&s}7bvuL#c_In zKkR2~_RNkRU(B8Vu^z0lN{x8X+3g6DHljgQ-t=BOe$vCzgy+<|;p7KV0bMj5{e@Z% zcMc<5c6NvWJz><}6RNosoFy|db&7PzHe3e5#S%XS|JND^Of6GCY<;%O^rzOuIH++& z2?N%zj5C^Qv}>|e{@_>A8`cvr7Q!7^EZ?E?97q%>AC+zN5sim331e!S2=W|;GQ3C7 zggahWTBums)VZIciZt#Aw7|- zi0xGK>sdE41tM~BP7vJ;kRb5ak|^9xk@Qs#r;eYYsAMNK8j$Nd2-&v9ZA}9(=CGPD zh%_>I%w>HcJEutP^>|+siv+?cXH=J)7&xt?oD2;qj<(gY=B?;MMcFBpxf)+`ubFsd z4*Lz7)dcs)#fBZS_LPCo4koEpLSv$sXGgl_9%D9!Zdz;wX@bwMLwdK2vG>g)pAQLJ z0K^=*=dI!}uI$}257}wWDh>UY<%r6Cc@`tlGyT>ydsUUD$8yGhWeQi)E{ZJm#qvH1c|B|qs;~`e}^e+LpQDg z?-?KYrdN2bLRalkX9^*qqe+#cAGZp;u4XADp*A=V1C6x?Wah`!PS-8^KJk5OY$%t8 z#~_UgGgsqbF5v5DyQjOO#MD(t%v=>KAhu3fxKR$&>6tbWr!AXRh`fI?_o(#ycl;os zh^KfsE+V;o&WBKl)k*-GqD{lXAszRU)b^=k&HC){&N6JQ}%HwfUvW9zZyI(2o<3S9h zMpr>|<0i9GK?0TNl?7+UI_1gxH0JJ4eH|eSmbBf9bM6V5^7@yloO)Wsr9Fk-Jt-+wu5~UacK=^mO zEhJWf$TSnPJGy_7ABG3(XlDovB2ja_S&~Ps?0duAJYsu~F`;(eU)Mmh%HYoo!+O?< z`6P+x-Z+L4;v2NmtZ#U4$k0%~POvgVGy(O~Fe*3q`C9=lxdhu1@`h_{Rl!rU?*B^K z&)^h{MJ+Wsb&H5!;sg)RYiVR@8Z7+Dn9mwM4b4%f zn*~a#ZD5Tcj?;novIaqrb(QL3o;tnqqs!vmQr1E%R%@5=1X?)EBsR!t;!ps392R{KCZ=~h8-fLohppzRUaswS93R|H%NrBi){?XHc}L} z(sBaY!<~~02R>J}t1h!S1w+GqkiZ>M`fS&wIBchh(qV)Ddqg@TY@GEYZ&9IHWVS-_ zrMKOuJBp4SDgjhD^LLv*=}40$>p|fnZ$u}HPVHMG=sYPtx{(Rl`A3q<8A=z+{2V- zlH4as-epZ`b}Eh6o11EcNrKR-Rbs34MGfK$ z|4I!UE1YU0Go7Vy4Q3J+M$U9c%-Ta(zz0KX^^?67@1_=_dNaYYH6K#G$3hCU2F0>X zkF}L6eAaNRdb8@5=Y`UmKJHxlxqZO9QViN|P?!~$%dlu3(DJ1xc>QevL54babx-_T z^W5phfS<0!Y-3oUwb-?#DCZfzWIKz@{W_$IjcC2R3R+SeaU#oRGS+dZ6(1# zx#L~5>4(}=k{F!o0#}+c<0cM{ffh7vLj*5dX6$9|3Ift02yluK% zLFi1g``=6}TDP)>$=z&Mc0fsVKRR`PCs{f(|A{gT`z1l+kn)3*jYqLqo@P=<0Jkx7 zg_wnWYbEwDLXKU9)0S_W$5un*Ok-+BLqMzm+oHFnyvE0Lm<17&)QJ}|?USb0g=u}t z5e8O#K0nc)fn4OW#1hQJix4*JZ%(cBv>L9n>LY9P40)Y|2$S&o$E@~@7p+it7*?G* zZBM#!jn-JNoRGF_g2mAa%0j8AnX`Ip?l-+t|sYFT&og1su zF&`$gOi42EvNV_VZo%kTxR9RF<_*Lvf_GWcN=Abs3!q7Ow!8T)cWY#h90nyjt#fUh zSv?%W79Dym4hL|!L5QE>z({5Eh*B218wzYn8N4Zib?gVCKsz{=NuQ)U7OJbRnh|rN zdL4>%wjeYATA0WaS6B)6`SZYGXzxZSX3iOUikW`!6#6ggs?C7J8)9?)Aq3W-pdrPt zgC;@lH6u6HXZOBd=+$`tvJrT;ClTB#2KHs(ZNDeY^}#yRxjRG4M(m5G9o!&S(tHh> zWW|tkl7Tf+2YNd@ngMN4&&J#%HYOaEj@I5^pLW_s%2-r@05<{w80k)M zlEl$OhJLSah*uS#C`NdEFsha~*X(rj`dt{NT{g&qL(psbjO4Bt12Mx&1V$Mb&5*h& zswEBOf)`q{Swd>vn8WlBwsf`UUQt|dw8t)oZdKxK(dOuw`qe$an*6z11i`@dp&(56 z+`YWJRjlx$D-o8~5XQ9ggDQB~gMFPDcLJ7dxd^VqxD`)FM?>V(u~7O=buoS6X6JM3 zTW)t2ItN0YwSc6Fj~+!%t`)_l&=fR0YvChIH2_daUH<#sgHnUCZBh7b@A2&*!MR6$ zHBM%5s8-McM@vQC#hU(EGP?>Z$=aZ~UZMxiu9b%0^M;nfeeT$^FrW5f%{UZ<2BVj1 z_j_cZEuWt$r|qantrBeBq8ASXFJBqMFNfkB$bLQmQ(Swv7af!_RWuq=kcRFHZKCc` zI$>Oj-hmCbzBkn+U+v=}a(%W%YST$Q!ikkgtL_^@`wissRa{MOyh15ts;d&;<#FNI zaw(PAKqxc8wZI6?U|Z1^)T~9y-*WP@p{gN`-K6k$2lJ>Yi9;$njTMD>OMj-(KmO#& zMe#4}pmW68JJk?@MfBERr%ilYzwLDXpT#IMjJa(FU8%_D8k1`CB_`iKwdMB~vPn*wLRGU5< zspNM$igJg^Qc(VedMnZW&R?TEA|Xh1FXoY%vZYM<7+pq+6iNRVIRC}c_B57M`FQ)biw=DqJPRXKf zAD4o?><(Tfpn?NZN)|)=q;HwC&IQ3cb2{KY*3JnbdBYE7I^aF@ZB@`t@Hwj$xAj6x~(J*}!F|&7u?JVtYAYN-&{h!q?B%}}{_$x_K_?fN0 zR?vMJh!}0k>LX<5IOk7cI}?b=OXs`% zVLC^*P|s3=RkFn>o1Iy?I?{Fb;%*u(=~GaqwPnpJ&#YN<&{^;azmiKoxoF8Z*1tgi zoLki{Q?R{p$w%z|$V5uXhOoLz=j%S_k_GI(A265%R@Ks=e zS?_k=DtPeQ$@)I;ml43TA5FY#)y22aZ~bc&v;~Gv0)jG(Bj)kh6B%xk~I9RhlXY=b>^;lLL1KVJmagt$` zrWa9^9Qq8QH_x4U9u{Q7<~a~RAj$m4+_}7)VSer|n8>s57Mr?Z((jMkT?(N^6cdwO~7!lb_k9<4V0425AxHB=n>S$em0hZGLPnBv?vVy{&nzWn{d*;0W;*LdA6SS z$^fhJk5LP*^RUK%495MThMH4M#yw#cv-dmiqItQL&B>|DLU_O?#!SDhKIqT+Z{!JE za5A614$8Eb5YV^v8*6(gxHB6aEPCZvx~_MfS;zDSHrG`5=GvCPqJ^cR#xtT$6g$ z@HocoC}nB2f~)Q??`zE%qkNZpjFLqu%X)o3i3{Um)EQSt?$x3XjHkGfe`U7BTn=+V zU*M&sNKbJ$wwo);l>d8|2hjDTRG0u)CmQ6T6wXIp6rxV2^wc!jg8F7*>8dDL4yRn0fi+lN}OiXX7Tqoc-0wP6Ef)OnAH+QITybAay4fZrV zxPjO!M71a~Jd-ZaCE;QnCE{pyIpyX9_GCwXHwk24=?RVtH`V8Y4odqc9BsF&`H|wz zy0avylF!03HZZrJE(0_>udY?kBJjKgZN&*3$nhtc2Kq7PL~;O>-(Uv=i6aceUO4(T zrwKQIG=6}U;mS>b*fUn$q%ac3UOo|d%EFaD&vcO(L7r(A-1VBFy}}x6kTfHQM9@9V ze?v|pLDT;`<7_-uiO)1CrbCbGZYU0qQ@7zH=a578>M; zPMp@0otx1XnJ+Uu8MpFo{VX$gug9zT(h#pmW&5d*xvdXah@fM z*kR}J^O!SOHphCd0dIY`*$p3U)_r~i=Gtx>HEN6vGT5? zLi-VRVZ%3+LGD*{=xk48ypcZePC1UES z{3jmNB1Ug+$^Z26F|`F5CJnG+b`2UPTRUtX&M0vYCFK@BgHlTW76tC6fzw~B!mI&$ zrm@;Y27?!tq3K^(kkmMJwYC3V9N0Q}rNQ>j#)(I4qBt6-Hx?qGl=@DUdC2(K+P&yR zcvVnU7i~Nka+QA|hU0pR(elqCObJ(jczLGCUZC9AS~|R(^2j6`$nn2cIyE9AbT>y_ zb5n8Piq%L(sv0AF+0NPS>gDorsz)4$`an`PSYe&}j+SJ!q&z!{sa=k2#Y8X2SN3`N|f!uw5l6Eh_2ko6tzIjTbHaG@>$$7qH(!%#q*82;;~ z_z94v&toe{$gl`96qEy4%AvKg6;#wlHG18M%vr!6cG zC_9cYa4T+}0GO$FaKe_S4B~xZqs*bPQSjX?+%jodvrJ02tSyh4SU8LWeR%xir_V@5u}k2i9G<(b^-x`_~e2H_A%++)65A%V!4!keT0wcHH*S!(=-WZlIjb) z%x*|Wb3W#u_j5JA!cOGtx$h`-#|?P67+f0Ve0|Gfilo%N7eKJG&UIS_|iT*teZ-7_nNDI@&v_+{py-`4X3!%qx$;n__@Z*Gky1*;7|FKed|_qcm4)DwTQ2fGs=h(c1{UtG)*}n z+E1|i;HF)=Ysv>8?bHS6_%&hj5owWAgP;P2fwK2;0KMpN!j*~;W(whv74BqW(uDMI!Ez-$9 zeZz#I7tKGm-7^`hT`;RdKVv7<(V0mqzT$ljcOLfopztM?#3xsFuv?{ykr)>EIg%=b~Pm;gzJsN(Pqsy8>B03DnDUr@s^!iW0Az3(t@h&u_oAB&z+Q zQ19MJ9D&+3&|7S)-s`X|BvvhPJh*FOSXB^n1gyk87N%iI^L3Ks3S%~Qr*EQQXbGph zAN={U&ENCt()QEZ-JKU3`t$aH>Ggxv&;Q-@)B2_NMW}aqb943e_?2~YT|@7C{L%YO zn)t^1{dBP{f4P4W8+3W|a}`G&^l6Z80V+&4sZar+ldw{FZx|tQQ}%lLn@88qqUA@- zcVMdXGW(F^5z8#!D8TrTtOoiiL?>phZU)WWiz^(6`P-o(BO3y`i`2}2xZ=5Hi&wi} z=`gQ)&%nx^0++xxp{7MGY_ky~OsD<9vT<08mHHLQOSr87vA(vxdpRy$Iy1^7TV#>t zRn0OxGIr0jCwsCs4yC_qdqq^PFx)=i5)*e;*l+e6@}qYuzvnohXWL+VFsLp9)Vq7oD+ZKB&3b^ps=ZcD)YNZG_m`zS;;`Yb zKDu#phQTHcMUh={cIkDuRPKFdb=2n6ehPdM%leVbD?sc~$$`;eY3~&3q8ZcCC5=BQUa&6`Gri%xi zfv#a25kV+ULMuqyyv3sg=DWX6J!A>O=+U86rWKlgl!N?g{4F%6gDN6?4#xF9cb)q* zqCebe!i5&Jj}3?iFo~vVxF7$UqlouFpeRyxkGveHeX5xWjpJhl=6YSbybcI@nDD+S zO^9ha*NG&12$(8ocL_w(xgfT*&F*t-4_=o<&WbNqTWEq9GAwl7jHbEEn0bO}6UL)T z8R7*BEuc3(lEDzh5h6!T%iJzK(+PN-k_&w6iZmD^KqY_TlXZ zKmy`lk{!6Ekam5{hDh67q zLo1JGNl5KJxt7L12?P>LpVzGd5d}TChHBa{MR$7Wcz#A_;=Y$p6S)nCO`Z8Uj%U{{ z5-IW`CrON_E=y<}H4)g?P}mTW5`K0?bbF!xMIoUWi{(h#Bo2g@JUZw*x4m_8LCF-*T|A|gFsTy$*;?>!EO@L$?=yOjoTmyV7eki9k#)@kWKqba1 zIjKi<7y`8|0I!1uSsE#(w}&dH$0T&`fq6sLN7aPLf42A24`UW1VICv`1`OZo$w*2> zB41Bc#73dhNWGbXy1uH4^f}(3PmQJa`;2%JLKi8uK3reFbDK(OZ^d4da0&35S`w?u z0e`MDyID=RLGk;=PUSLDcy1eu+>^zkt7 z2sH$e=SOD6Nhfh>({uRx!oY9}3%TJr16oj#I&4@i$S|fU6PlC~U=%bJ*Gj>MOCD$9 zr#r)M1%6=j3(bxsz@612g38T~GIwEI1(V@quY2Hlo8>HyuI>3}_4)I?vbN{bGI+3b z`?nySe68HhP7ilbRjX?Gt|ajuQIU^{oMzL}fC2`r8gN}jR8mBCY%EL*-CF78vwMk8 zJ;DPXNWHf;_7>P(HQY5jQSr@oj_!d1r(h0DZKBg1Q6XfNq??;7d=h?tZ=Wf!<-x%7 zQ^Lx$kAbQTON&AQRt(2xi0Ow(2|f1!m2Z^1*!7Oj1wK)?s=sPbR||RHUwNRBH`TqC zB)?A7U8jQpYPT5lPS%Fwg3BZMvHh4Jmeo!l(FQS4*K`K;m#4>frsmMmzyutlE@za< zu5M|DYQ+AgoS`z&cMvZ~S2cw%naImT#8;keSFmSJ7BEll&c-*7+lgOy0*bsw@j^3v zw^hzuOV?_|{P=E=mNLzqi@au&BXTQDn_EjE2+E?MVumGcaL|Vsq4$dMj9HHPyx+U$ zK4IowY7BM1P0?}eU|fK7a72k3WiS6waHA4|!Ov#RQfL{&9vnQ%aL?l2QfVxj-r&@O zs#aMrXwMw9xCmQsA!)M@EyLH(|93W=Bq@rw*oH5gU4*W706clM*+pvq_s+$mO|rNQ zulVyXA}2w_xO9EEhgt*m{yop1(GR}obyMu~3H}wgYO+Oh@C(AZkrn<~ z-lEFySu38pc8cro8!P<71=f)|>nMLWqc5$J#u8X#!<&iE!o<31+RXZCkAu_1`QK+V zmZn-k;7X>R6gX*WW*WM-Jr*uAWZlgMfylZSXk9A(>fG@md_W7@ zLD}iR!^_AW^5Z?ixw0<(NK>*j^E*c*38;f$YX<|h3%+s|V~<15xNEH=;yrgKl|X?~ zl}`(28`q#$Fs)V`k_83xF_G>Ge)wjh8?gqP&aHhh_gE!gZ*=41HQh67)i0Ns-{P)E zHb*15GiFx}8+D(r9ums`$w(%XV3gvR2`2APVDgw{jg=DJ<8)ish4*%TXKGo5d}RK? zxha}D+`a6es(>atQE$D`%ky=*^Aw>oXP78;Zs-1Rh?_nIB}pa?{9*2gi8Q9a>g+Z3 zX-#Rv*hFk~#dq#9LD*8BuW*x^p1`{r=owJPYukyY6f61c&)Cy7;K3>ZNfe6fM&51GQ-g#EuMXMCY6XGzlIg&Z{I?hJ? zn8^=)@~ByF85x5$C#^;*VA@=ai%9(NCm!+er;qX5<;Terf4eibFAnAM=qVHHYtELE zJ8?KuwXO|n%SJ7fvhxkUgx}J}3U*eU2(!siSMHuwRaQQ*eyjS@?}$yOUdW1VJv&oh zZL?l2eD>D{QD!iTGX)%D`W?Er&Ww00Zkvnmnp85F* zDo`3E-GLl1J7&3&s3XX~vM3_qxraBehXI2y%A7FE^m@E9>f|8jJ@^J>JdYKS*RF7I zsPiB$^TIFl!2Un1^ScGN7;U#)xi%V21AdktVO36x z9Q1>(xKHja8&IutF@-tzVvd0W4Kast)Zz0oBYT;noa}054dawkVaoQ(3dEZjp=AV? zw|q$~XaGOd-d>NLEz~4SgF5suK$d-fw%dVQW3~EuiDo>7EryvA)^mPZstRe8Hak*6 zeeWS5Iv*xS5ejfZe)n9=%PgU%0C4SP5a%UFZ2mi+HZxn(zF7-PiXwj~6zIuV^FAVv zp|Wc}C=M`fHTiuWTQtmuGbQ?X8b`>@F+_r`Ez=U;Oa<>BBv zd>x=4jqy=YcF`znZ%k|QL$7{o$r;akA(;JH1$dwac(m)(b^v1n6q?o?-Zkk{j@1W z2y0q6L}4$m3Rm?jsx)ZZ-9g?BM-StYBg97)~i>1O3@fa4Fnb0S1 z0`>@sV}H|w#CEu~aGe8(KIbzVI@&NQF>6!kAmb)F+)LkN6KMG69}_&VFDvu}9oE9e_&cm3dy3m=;{D8jVk z8))>4Wq##$UH-Z=6?C)OHgquN{A*W6LMw-vWGBcu$Y$TUIMHm{O`-I zX(r@*;~~-75m<{;z-r@?Iw?i&Kpn_4DQEAicVol9`LG+qu~i_5;*xM=@^+oL zOoB6$k)lauPQmCHn=N|)`No>Dpi75g6HbmI&zG&w1|H6}eh0PIe$my?$k-hAR4NwRwbR{ae${E3bgQpg$>-S*A{Un(VgqcIQ6 zA1cdzh(aIf~-`?;5ZFCb)iE5Mg9r0NY7p~_Bdx0yAP zaO545Fn7p!z@_JKNCaNwh`9;;wj+Woq`YIXm)OCQP8eNY^Nviqgk!;f+b1k0#FxQv zQ;5%uqAYqc>7RqA$Y81*J1xiwSOjV4tZck}0CgsE6h8Lm5=J3S7EzLkX#Fda7z*YZ zqjH!~!I@9`ryov+TP2=BG5+o!uZ1aWQ-x!S$Xi!pe4BQFyyq5Q|95hB@z*6>|2HWG zjl;I>=b1=>?L~|A|8LGdEiT&s?0%-v%*p1WWsz^AgZ7^_&$QT1%$sSq7Vk7xZz%oC zaUQMz`=Xm`vz7YK*8e?{dHrwnXp61%&41vFhq1A^f4ICJmgee>`wR(X>W*^ZZEEIL zX`yhZ@gpI%kul=|wCwxa;Yd45*&!L-$!V{m3{L+|6imjY*{$JGA&6>2oO>FucK44f z&o%N&@MO?vJJGt11Abv^U4gnmJ0!`NTs{#ghC(3*dJhLsoUwF9LE}j<&+LV)wK7JQ z^q9-EVDSoRk!i6-F-9)&Ln^jXyf9)G1tlvcdE&tXXNCf7Fja$H?MN_t1SaQU!48pk zR>;&z@~MDLH=t(3<9f{^LFj0iw)s#nWXO8(p76a0hHYSp7>L9WV5KVobU-#~{oLvP z41}|Ahz|Fe03p)3@-WgIfs%j=RM6YpmVEo3oQT+LJnV7A?H~I$y=+tPz{Uol z>pGx7UJV?5;6`Fjn?Kj&zM@K zyy=*d;?gCwgvm5lC1?&vg`6f^Q`dpKB21UsrnNdCL4$A$ywzz!v0vq-FqKYJ4q2+H z6|Mh~Xo@T){a-oWw59LWZ3}{)l(SI)bM8L@r|Zs}~-V%u+^V%-ef4dO)H% zVkq*FuhHfa+BH=E7Rji#n~ClAnIpV|klL(KP&II&bDJ~`@+U5{OhA1Q>x zkQs65mM?2UlN{|yj4G5F;S6cH$6XJtHs7ZOd+OCQdwPj*1t13f5S|4pkf9=Teett4 zby51fO2HuEG9tr+tTTdyS;1MJ1meZT#__ct?AACdw+v6IdgAR)zn3}PFKI1jui%!R zn+|KV(JKM-YYwL#or_-w^jRFe=rqiJLs-I8D@O$&TH<5=h54gl3I<2f_FRpEU;w@dm_GK&7RTyhS`|oQ*Z` zACKh!au+})H9l1Wrd?C@4dd zDoDfuslU2}UO@uX$w=J;Y4)p(G%<5I;xl}yi1Pr=sl8&p(!(}?glnTea`l7tD|rJ= zgD1pU3FvadnS=)u z5fK3Rd@ew~!`;xHw~Z!f@%{j51<@f)a3#ce9 z$0$+%Fwi{Ln{-3&26f0c_foh^Q<4;llj-S(K{-%IzEAeURif~tO#W}--dYJ$c+)*> ziD*ccEZNt9`ALdDaWs_CX>Y2VtNE*oe`|AozgRtC&)^XPeNY#Q)u0_+Oz9tA>fYv@ zt_6QvGFHkci!QOBbH3U~C5CDwF??!jb`j8ZrXlAB8|QS8He#Bs<_ccH^e>rWe;w1Y zPy=9p-8Cx}VH^KIjmUBt#EN911{-PNq4)kDNV>;RdUm}?pFlH~-f97Y(hz%ev+L7= zPaQv?3#6j{rb@znX0UjRl`pqck!SDk&j}1m%R3sK4HXewz`5%S^htsgWMA>z2%BKC7?1Ys+3Ko zGAHH8V4#P}=$^Wkp&8UsBHV@5{gLvO@sGRn+P{fOo_QIE1A^A*j?Z=l(Wia(JW=7A zW3XNQNh=~>GFYGGv1u#dDp5nMC!7%#W<3^_Jp?;RT5NR_u}@)Jx~Fn>@SN)%!pWr| zA{BO!rr|>UJY=;Ju}*4s&{gpov=kks(3tx_tNEa#w!#pPW(kGnV97>c4&yP}eGYq~>^xcf0B#xxS|t_hShK`&Q%hVwomz!+XojDbF2qY=H=Ir$X4ixoq8L9f zg|x9SC}#-j>N1S06_ED5g392Y@$`~!K{9GJ1TOLkA;rIa%8JlfUg0@ex`mIPQa4@G z1W0c>{k&HuQO|FAEs=tHtK60f1#1hke6tGUg}##5vg05`aff~qYwvfQkb6CC|MtS+ zf+lqbE7S1QWOHxZxwh6q#45z@Xio2TviiXer{|z43C_~^ciF>U#oJR? zf>i$_??+=Vvi8VqGBiCeU~AR)z?%@0;MUb!`M+}6R~GBh#}`l#yvxQh7v(l7d31W? z7QfGzCIZQ4hyL>nD+dA%iwP*;;<_j)k5VKbaS_i(Nc#;j#gC;RUVy-hkKa#-3>rJ? zHyNcHE;dlmQ(LY(fREfom*2DpS!E1=Li4M@Z_1!Hssd>=vapDzHFC14Z9BE5+`zq` z{QZ4CsIl7xvX91n|DHRpcDNS3`F814I7hrztKe~Gsd5=Sp;)?1@<^7@cJzm&uPf#c z?_`-vAa&vR=3$;K8&U-G+0AzDUT)Ttl^1-?(u&oY2gc(OEQRfPG_;MYz~Lo$;NSv3AW1&@6QWayh%j%GO){H6TQJ6CEji)!A74a(0F zI}@@^YRv}VSyWg$8(yY}d8w zW*m4$rT=DJ;ABdM%zOk9wFDbcwC>KAC)g~oAeQY8GX*7W&}H=B7pKEi_ijFUC2F4_ z&q69xo>Hgh7INKE8NcIJt;1hh>~@)Mf3Y=e=t+B zg6ECe?Se$etpk%)HPX11EabV&8oAMK&@{nUGu!EW181xD%fm&n&;Dvn&bWh`8-Js$jHm(a&dzWV(| zd}p70*l!dCs{O^tJ0AWhzGQ)^)Ea?V$S6YN`Z)I66aAnMb{1GRh^fX<4!vetre>#3 zjLbWku9iCfxzA{1K}y=QZ5h+#SKcIp(j{Mcu~ti+Tk&)^rgqFR zy0Fx^GfRtEiCR2y`Y$r>)OqP4J7z+mHJ?^vv{=JN(rE{{3gDlWUd#DBLfiRqTg1?X z2>rteKLgVPgbvldkY$WiyAOw$X(-g~oI5T}BkuYCY9#X^%szyK&AsrZOMXQ)oz+fm zp-le8wv!J_6z0dQ4PK3uK1RG-d0A&sVodqskVMnUcD|_xZ;6dJ%v|Ea^qT|u2>6j6&HL}rt zyFq|VTtr2hQUk5KBxAF`G;7J}Q>|W8sT1AeXv8QJ$*R;Wh0$I8l1!)w*~zR3nR)xX zU0~M1FlEgBeM9jb7hdP|$jPrXPp2H^EXmfnvRN#%`C_CNFK?n-ZQR~fuNO+FLYr~# zd3S=p<&j6nzd)BSU)OIxeo!0k<82_UMw6?c12a6lYSV%^DeA})cdOO&GHcd+lZEaI z>u%C@KA-<-Cu;#}Q>*m&1oScIb(TT9HlEdSpSviS7JayqPt?3dyD^NlA-nJ^xH-P6 zwJNw3OTBU940TX>kU=OCCEu@AM<<}EsBHhX;qF~Ep=h$Prs4*YqVM7r2)Gf%We#7f zw7mG@*T;WVT4Zjd0-!@kPwfY?xe8*@wf?t8!^j=bI?sBZj;xyUKGj&$iTqzwicLov zU-chUYWHt4d&yKVw$47%%NZ{jJSTe6#`I9kA`3;YqHIp{4p|5cfob-J8!TcxO)s2o z+MNwg+6SZ+rvKBouu#9(<$kcn2hh*{ECneasSHg!r7aQK)V@mC;p|tY+|Nuq6+#(H zz1G&(46K{T&lwW9x>jL0HJMz06NT}_`{Ykww_Ma578RC!CiW;p^V3#&Ohd4tkQgk^ z8M`C395cth#kIs7w7z6EgEDmR*5(~%mcp%=pqgTc?`c?Lg!F0`zu()Zl_Jj5sG!aQ zCNfa{81hq11?#w}K$sf0Cyn8PZPcQkltyrf!jQs%bis$}Y9Ck>QDis$=!w!!+GSMAQcaBJZ zyIDomDq@z!rfw1-UTRKTmP*Y!-$zgiNJ%!B$ zUU|O5;_8NltG8S?ngxa8OgrYfWv2TAu^bJk^qS34uz8()x4`*LPIBPH#r-=qB0`fo zf3f_>=f~Hre~;8vk684M%w!(=+s$Z9Mu2$7Hz4VCje%uO} z1WU*0A?wxZ42=JAAN5kgm!?1Mcj8(b8)nLb;qiK_KDcy(r$cOPN}T6S`cUGlDJ-VJ zM|!DRPI8sj>A!>AVKO}FcggY{uaH^Nrz|gx;;K`hNBD_+HIU09Nq_9}!zDG$+-}sG z=&>oh%g2Dy!vLy1dnQ>=f5U;J+k4{7uAobXE&qFu@>5Yf5p5j5cE| z?wT&@v!*q%1?d#+ZzNMIsA4UBCwmP$=_R)OM!zRy^@kw7h z8*Qt$dfeC%u_uxBp4M;Ql(3_;&&ID7Qmp@OD30?vOdzW{#`ymxLuMjI`>Zd~Rh=+@ zW#^!dr{BoYx3aX4sl5a=L3UkH%U8JZCxybxWt`XS6GVmGR;2aaxO>6I{D1PMyk9OqjPA3d1H+ z7(1jZMHet{Ejv=Pxa>*KU1kc+k%mZy+ ztDlP6`pFShajR5O1?r9&1&Icse(4a2h;u(o_(?`pw*2&twyemb|)!H4qkg;Be)ax^VXOmJ)RZ zg`7$F*)_0G3R);LRV6aab--*{NJ-*BJNsX7wyMezj6LQu1lCdq2?xf_b&eILE(csVe(Aa5h zJf=`g+3*w-gazfRV+P^6TY5B)cQZy-cbuiW(pZu}%+NDkxX z3nuq-U+rtU6ddt-J0JKUzhoBgnK@PFaUrI~au!(c(^8aAJo zTQrs7w<5{NK@{WHHjUp=gLkc=DmQR#w2n7y1bu$Mc1Qin`||@ z7N90ZWDuPy`u@Z9BEKvVxoiiQDw~q>rJ+Gxs(dNNYpcaVhp)P}Zf0*Bt(8Y{zf~Nc_OKRRjKXKz z0}*G`?J#5^F8!ncQSM?eQ>#R|2~2S!1)__u;%$iqn5j#BC0V^?m_`}OCM_}Bh?tIx zaD4!PH}BG3I;kZF3klOW0vw!AaA1LBG$PBvL4<$#2-C&0Q zO_ABun3;Wk{6;6USNka@!tCynlYQ|aQr}URQuO71r{7EVmxEeYF5m%f@q>*j< z1NeXH`#uN+?FQyHuk5G~RE!5gi^u}RdCsN(GJjQzvuXK1!uh3e2zl%$pyETlh;+#u ztslNvhHEHbGYmQzBJ?F-XO>>=pMW2)eUeszN0v+=NzEF1&-%|q9Nnrf{{f?fgix;lXK*7qXZo+-2kxo&wYnrs(stUi}ZA=cde^jK*eN%1P-Z$|CnopyM* z*lMO>I3+>$mm8U#f}%qJQ3Y~wSs8JfH3$Ck`=mo`W=$NEJ$&rhLjUy=uJ}Hxut*n; z<-u|KdM>Ga_FXq_4*9`huA(O#+GL)7mJHo)4R^c|k<}6y0QZZs5bJ%{^6qvX@KIMj zIEgd3(rlSLojaIiOPFyIW;atnvDmIbaKAkJ>Tdgc{LR9^#o^LL1)3n>o(aL#on*Dz z^MF%gLB4-ySazA>tE!e?|5Wo>Ffc&8Sg$hj-HRHTrfv4&ef#EZ7u~H#W2LOU>@Qb9 zYD|kA)*D7i!JV-rd{xcE!=$al@OSFT2qn{zWTO~&4evvz#&o$#$>AZMdv*NygU6!b zcY{1q2MC0x(XW&O&=w)*Nk>KXAJ6t1I&N@uuXDAy=Bp4Wc)&xB>If4gRK;M3lnvc1 z-;^T7K~1B5P1x(yt-=+sb!8-+=Ap>FY5^L8IHe15<8I-FAE8b5fM*O2#G`?c>9$Kn%qkF9nt_vX%vmH3R&AP^L4*tPaFG8lvmN zo01F)<z13^2ghq`b!xJkFsqNuc=N;Bqvf9oK|E@?G%tY z`eN`$^6m%-d?I7AM0%%JIhh246U3zVPR`f+LqE59gs~I_Uq)>;Dg>2tp&MvQwQUie z3oDfn+;xNO#+9=?$G(BsGv-hj&iE$dOai*+m+*{DP%lo#Tdi%X!|@v@IN+7G=F}#J zwBDIbBEd`C&6z-K*z5Z8cZ2X*XgU)@Ln-+41xKQZ?^B;TrlOAe zUY+T7nDg5L4C_Pw+Dz>tTKcpf%z@zVqF9@>;(D_qA*WUBwTo)*5YEx9Uxh0e&(jX7 zx>I6>sqgAo#D_(ix|WOhXYCrc-3Mi#CAX;!YJvvc%*-o>_BIv9#=14dFZB4QGn#FR zbXDzGML)D}A9K50lh0E3F~`!8gp>|w_llG4W)F6C4mNj3i9DHN;Xnk^0y8J+jgbPb zX3=J-_DopCj>tjsx`xIY(MXKC3fQw=x{?{Q^k)(-1fC#AnwCBJU-8tLj9NRJY;qK4 z-9vh5M63OCK?tsd16mT#ZE{a7NcTCN_p^r>^D#C~qb9 z3}{SI+m*3T6ZnzpD?RO6>WC0?1 zoT|x0>7N8lMxkZ^%42EGmWhtOl#Uo|8~Dy@L!&p8zR%~PPyl^LEdA{-W04A3dYcA0 zw%2)gA~7i{FbL!z+!f?r>N zAR%&9R>-ov(;yezOopHuduNxHnc!;%zg+(*r0JNc9~2~tPV{UrvG;x_h9Fi}gcj?Gh?6$Cmv#SpZ{B!>!hGPudl*tqTo9uX|VHWKzw}2kn1isPct59l{IQmvYq(zAax6#;NAejBxPB*?z zKg;~AENr|^-)|pfJl9nAU-zchcF^__C-NRI*5Ve|u$5hmH3tfa8TuVT_w>?+3JS3$ zex0i_#VW;j?EY2|zsh;g4Aae7E6@mpr1?X(XE6#u&#tFZd1jAk?8q=5lpmB*q?>zSE4}E9 zCUUvkCYWI$$keA5F*aEB3a>*ZI1`b7>FXrb9`mcB(5%es5sBQ_P^ zC9Yh?yex71vEQtHzed30FosvLQM=J0_s=XXDM;-$%$+x+f+8S} zYUY(!;o>Fp-$u8M@>1$mUMAfdrwcK`gayuGB-2*udxa_}U9w0yn~0Y1HZ!L-r79aJvKdM(!vF~H;KH+@>nb0Fj$3`!xi;`Q~S_miwSN2-0i z!A=>Lu)LwY*lF6z=66vcbJ11Yk^n83A?++HC;3(R%1iV8h=YW^bu(cSprnzR=(;R zVzi(nXjJr7@dV7@;WL92e8jmsAB!LJFamKtNb2RC4s63|<$61o_ReUr9V_^wt>KHf zJhq#gnd|8r8Sn4!&-)6*EXB)M1rU{ro4RZIS()>-ai)uV*wUU}VDSAu4^I)#$36Jv z?&9)a_1yW-L292iFQ3=P*|hN6M{^$B!%uXYTvTPd>Erp_f>Zvjif`^G38Z5Q{zGe{ zZKtQ#HTdr3<$izpczu7h?Cq+8Qpvx`{%H2&F*q$8u{!^D_Qn3CN}^`uP!z-vC(e+d z>z`m8m`;GIi5*KY@$fQRzb)c4R(%1~cY$oRK^e4-cbcXnxeLmjtHFt~3EmjwE$4Qg za_H`MU6A#2F3yR55uC{1ZPq-lzQ73GMYWe7H4DD0$&6@MoiTq${-I{Z57=ahQit1baF;0l}ALc~w8(x0k?||8L+x=kNPN zmJg9AZdBRvcuk|{-szQ12BixQcl{U+IS6y$>{`3#-dEsNM%GNS@a3~eWt)1ZQqW$) z+C&Na-X$hd{2#-G1_&Qhn=xCFn|T2NmZ5^g;9h7yb{7|R_^uyra>q>5?BA!@1oH-P z3+C{Ucp|#QS*br$nH?N>8{3Z!%s%*HVPB|3y9<(UXHKRkw6@tjD~E-#NY=zzr0yY& z%LjnBT|N-Z0~!&LE-qa@Z>~7wqU$|=L43R!8-gp%rsZ?n zMVEgeT3;&mK>(^v>Tf3ZWe&WiX2mt@LR&@`yVq@`j^>{;0URpuG)1|1t{S%`f(e2h=AVS!k&3g@^V?5AeNC#X2V}uK`IM2xUPMwAygL9z~6pz=NXzQ{! zdBY=QviNmEFgmeLuAT9h)M;2C>E9n%U|Ncs;!1xI2-MBOCP%C4deQZ;Sen`^{X~A} z&-sI1wb`FTw~R4vg&EKd+4WO(0z1B3l~sa>wo zl}!b^t+jO>`pJXkMZ3&BR1xhG*Gf$i-4h5Vo-v9hFMl3w1GpE$a^yliTx9Bw?A@P4 z@Vfo$C{cL=%+Q@e>~wC@d2%uswCKV2`z;U=4A zU$U`4Pdof|3s5FjJ`lzV0=P3dpKP`7UPtAX7;pAGqotQj(le+wJI+dDs-3^>LPsj03UB#PJ)H``S|e8 zJ{0POS3e$VI!H*jNE@CF-xr<__BM}%VJTzzSd6qQ9ikfVKAy6xJ_g}}v*6x0C9LOv zaURIzXsVH`&{Ym|?Uc;H%7t91Z7kdymawvG5R?TDF0|h84?t#~MM~!&#U}8E^MEvY zPhDUsAFca5xLop*^01J}SIaaCaYx*LOQK-f!7?AC{JnFj^2KAa&y?~v<*3g=ITyC- Tg!-I?@}URINB9LE>dXHC+X`l; literal 0 HcmV?d00001 diff --git a/assets/cockroachdb/cockroachdb-4.1.200.tgz b/assets/cockroachdb/cockroachdb-4.1.200.tgz new file mode 100644 index 0000000000000000000000000000000000000000..5ce844838d2b81921dd086478f403055ced8b0fe GIT binary patch literal 20191 zcmV(}K+wM*iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMYMd)qdaIKHp-DbAy0HgQ*^B|Aa zuOJeVP*Vg0fOa&Azx(gO0YHKjDan_nb1`4Eu?QX<+|CW>67lF^^xi_z&pcEgH>FE)@~~ z(Z6+H^}+p3Y$N+bcp{#yy2PLo9t@l-OYXsY1!FRvgbij0Y*VQ0oQCNrfnIo#g9yu1txtP(PoVZ`Sh z7U?cs8$m9^DO0n2oJ%Sqo@%JN-L`*9ihpmstCpc$7;aj~fEGH>qyC^8+w zg*~+ZS)L?sdBUQ_5RN9tT)h=k(o|^zA!tlf#YiHD@cF6(0Pp|=oieF(4>6CTTk0iu&Lh?kxi{n#>xjyn?=K=hU=OAZ1Ph#K~R9p(CC@=+V0t=o$5)^XD(kT## z*2x{~PbWhh+d&Fk#8l825+)V!$x#>_}iobyf3Pg;V5=1OC5oYOBg3M^d zCJQ~9If-U0r4W&fj9J1Ib5LG4yn#8J&J?gTO7fT*I3!_zr!mZkh%a?_TtJ%7$5d!s zBQB^!aF1y?4WT>D@@@~hp9W8(?w0OIBQJ;W{)62>0qA$dAJZ)F;P+=-kpv|BI|Y`) zc%er(;Q}HO&8X~woDn@q^n#|zLNA(L6N(cs&lAP6gd!ZNxFAysF}+|Bl_8vJkTRc4 z*e5$-GS4zD^u9Alj|M+{Hv*Ez`d{q3(UzTN$f$^Dsx&x0fo!&rEFuZa>70uNL?i{0 zNDgB=Q<^I~km1grfrI!DVQ23TW}K%~X)dY{mp&R7RIrKO{S+9UP_@u~kz&i3$(d0= zZUFOKDwq=$&0tK`C8a5zF0&U)EG`&J zt3ZRJ7ZyH+RlelE==;1;z33EzP zg}XeL)XcZWRTH5U=qD!e-){Iga?Ks_SH<;5mFdIz@kfEngJ6+Z<7YEkXR~;TnV}x?8xrK<&$1J6B4>t$)Q0!y`hdT;)Ql7=gCKNAr4y5$5 zGLT+nXm*zuBQShqO4xO`LCXEZV|UVwNJu%*$%ID8K$>QSN!;$mnbcr5=x{<3Njt@= zkT@1pN=FQNn$pPZkOp34PDXv>82pcr%_04ZX_oMX0U~L{)3_?-r&1BU9BM|C+YXwH z0D%b;Qkg@Q(jIPGJ?&$f@JqwM6gO=Z$2SEs4ywWCC5dLh6rF2guiFtJ$imxu1it^v zi(`1K_l73cdX`g4V;XOv{E(pD0pkUN)0^QfkMVfv-jUznn^$})fhc_t$e3SHBWI|Y zpmN3&+)}4!FJ7LU=uZeET{a$=J~u}Et+FSnoyGq!cZ3iJem6V zD>~0OGUJ%Z^FXUUF)BfN{R{*6%PaVpQ=!={&M^HHQN6im)Nz(^9#5&VtVEBe2a*dV zdq7pBm(XxJKBtP!HB)maWGqQEouC5sAB86%PZVwqjgVt)QA9H(EhCralT1)$m;!R& zo?*rX=d_G%cgHeIbL4k-kYnQf*7&9F&%khOw*LpmTlLn~!Vn%Oj?CPfx(Q1t5=ebk z?FPY}XD2yk<))^eGCUxLn|UboU^FM60$c_SIu1nqfpdPYp@CBqG*)cwxa{LnBg=M9p|U z)h7jFt{J=*g0N$Y3=*>%B3mGN56Qma4m_Q(X)X-)XR-%#a<11^*b`nIuRa}!wH1dOGDJqSFd@R)@(gppcgbbn6gqb;QLY02Kp zebd#8-8IKegVMs;In7iFu|cvkaur)T1oiEVRH``e*f=E#!Yg4n?zkcJtAvCk3BN>n zg-7SWClg7H7~rw6P|pt^qkK_qX+~X4Hj|LBIa56=i|A96BoGNAXL>u&S<2>mc{T8a zozsNPIFEr(?9L~#q0gS>M$cdfN2%7&q}w=lrY;SQ!B+;TCPHQ2`)$zai}P z`*T^{5`|8&5o@vh1bIo6Fq$gaLvTiO(<_zh22~< z$~A2cZ^9}(eQ-&&YGM?1#j37C>8X<+6MKX`U8+=`ds>{FlR)Z0qpaw(>2taW%vRA# zfn~YI!fCdR-MJZ`3X;tVie(k&5YEb1RqYr_xLEXXBK2^nVenjlAkn$*giTXp%MIa$ zBTBjAbE5QklLZKxC0g_|!tGpd21jONhQ>iu%lQPTmY5XNgh6u_vxPOT3|B=OjZU+9 zs@IsMc3?9KnP6Oa#MnVzXtBZ!7KyJOm()xU%@n3*O)xAQ!O=PqE#h-6_D%GM36-+_ zYj1i=-fyr*!5;^*@)#o}vfCOl#jnkNms$;0sG%a~aP21aQcui$j7~&jtwtE`e|mOs{Nmu% zo8y;usqE7e*u#vQ5msEvz+sGjdMnrJZ4HOdXCMPHnW%s zsy8?aa+=>@+aPA5JX+r3Kaxf^<8I{*Py8Zvn+8Y2>1rQdwZYJnuj6cRC$!8SFiRT?tJrj3wn%X&yOU4ABg$CF>!a z@I;@Fch~??i(iwJOsQTVcdPK02$CdJOT9)%H4x_H)4Q~gScWjLy0>M)o`Dg$bQ%W< zOSR5F&CT-b&3s8x9Bf9Uv}%~MD%m+P#;=hBg4Sg*ts0kuU@g61= z0~bUv4M7&zpye&%_U5nyx_PBnV;nqubNJ_zHwTA5{_^tphoj?{zq~&9|9(0B+wtKq zFW#LToE^P6wjY2Yh(qY^JehT?_?*&6P%Uqfc`1t`OFY)Upe||UXrB@}(nFK>cMD6L_E^SAj7nZ^R{pJ$E4`I-^#ua_?K+?ppS52;^5`<~?^0jvoYAuKf z+I;n&r}od1#=Ny!*%tP^+=X`-iJ2@;wf+)*z zH_wY-oV{aju=AP~E*nPn+x)vuM^bUYB2<92q*#2b=~zTkq&U9U1N~%do2AJ}|1mvz zduYDL-|_agxIzS&iYzjKp#b3it_r&DHzPFZ@9a;7Nf_l`>tw*BhZ!pQBL_az?MBud z%#^WAj%fi+cYw;=$PFU2S92+xnmGw=W7l9c#)zQt5;>BJahy4ZQfn!tj>3i!2A;jx z2<@&XPj>e|(oH($#iK>HyfpSSv+=^&01E?8;dF;M>lMwo)SK3M$sD~khA^D6s!1y0 zB!)3b@Cwk=SDb~{SdiR`xULFeF3ZOWi+s(Z=+bVxO(aHtb$s#g8Uo@{XYCSVy~jqG z5ZA#TCE#hYFn5~>%c__!j!%K63eBx3O>3nk~BL<^w1XOtP8~u3>mLOH{`cECJQV?9y^3| z%F<7^VMK)r=BQ)~9KO|9nUpydLrAESG>ya})0{seYNk2gwpKf5Tq>vdY6Y~(YgHwF z3-`rR%MTVCquw1aySfG{k;@Z@w+9&&=E_LVx3Rl8;j(z8{>qbFQ{7Zcf*OstM9oId zWNpbef^!7?K>--;P9zRyJc1F5r!SZog&lXZW|W7q! zSBD8<^8#DvRO#;M-NiuLZ1g<;#^v=vnqKSAoZ#YYXxuvZlVpFVD2)8TI-P=Jq6AjX zuU$J&$oy~rr*B7L`Ke~GibFT(wtwC2j(XPQQRpf0A|-R?+zip0E*Vd)3Dj}&)M8fZ zK98-=<}R62zTD#ommZKCsGbF9?Y~atD|)1&T$dS_G=<00Y)5a>gP%@&)*3Hj;Hd@l z!=GRF^gH-Zc$3leRFUZ1s#rcEZmVoUhRZF{xN&5KIF|zIhQ^gmU@wv3&I8{e`2YCW zE@0`+CyiStYE(^@E~Gc=k;pJL8Ik9-aUvjR9v~Cq2b0&jg%lh|1-gKeRhuFk+zh3)yoOfM>{Z3a;QR@eMK!akCVni4efk zdz5i!zr_mT9sk{};7w;9jg-}yPu&glwdX$*{8t(&oH+aM&hH&+`49Q{R8Y}*mT1bk zef;L^AP1gi58LDA}`tWMx^JfVEYJ$V9 z)-YQdS-xb~>LwgWG@5^>$@A$&*BX z+=URXt^#B44>d|BCg(s{I;vbibW7z>J6%>cIsVP{dU+ky=Q!tQxMaIvvk*wCt8=7>#Cq z$>a>90C~k-e7ta;YeT~xGz*DTf&zZP6a;~om%>h9g~^`_xgrQqMA~nZhbrx?%lZB> zMwGZWc5H536?w!TVF}0BH1@ljF1bN@UkmZwO1CtvL3TH*LEs@Cdc%<)6FuP6Xg&}G zGcMKs9qqkN=X<@sF;KW%Llj>~q)I>iaxIBS zBy-9mI`#GtFT1l)EVG_($~uGsQF?-vwF2N#LcFc@KBdNFj3Jl=E=a;k7sgVg@1Qfk zdFv!)9I}&)?QqPtaHmc;c)W6ZZoy-HG#?wAY;#k0ucArb)>biFLpWt=MB&(PtY^xC zHesT8eTQO~3&rs!!dm}24Ms;TeGNOEK?pyR3unf{<1>UC9iL8TCxq8pZgS8(7Y5_4 zqi0R=zma*e!A!sxNLh;ev#;mGpZ@PzYQ24VLCET&D2eARg?C5ganV#cm~e4PL~Qs4 z+HsJS7uf~Svyi7noK(f*+}pA>l30Pg>Gbt=OFhO<#eC>P38TUlb_8EEMo*vMu+OyA z>qg^A;BKgzJ?c+2)JY3Fke@%>X&i2Ep(gBk<^;21fqtWmDzQSrSe|v{)c{=<^Nx1G|8xtp~~(c z70^2Qzdxww|9RSfvU@N8e~st!=k0GgFF$40#mcj{QkNa)n{7+j&Fy8CSQocOyLVCk*5*tJ;i^r`67>kPv=w%aCSVhv86ehY-zFBahGtd0*T-NVjl9Kn<@A=k$jyq!Gu+E!Rs$;x>vpY; zHkx`Z5c<#_;!uYBo3F6{HJg+(V<1)J=b~+ad*$sqgbQuJN80_E36`n}bpIfOKgezk zvcY9z_;x?G{kyVHy$zs`md(4S7vK5N6(`IHbZa&Owk#K@J}iGV%)f1tJ@|qVIa)#K z{#O^ezjSYY_UiPZwD%ei`$WpU7T#2Ft@b|aO(D9X&l+VlbwP3~Kabx%2=3 zmR;HbvveAsKSzuC#b9|4-*oCd&q=v@;(Zs8&8Gdo2jO7nHbW;_);7=Wtyj;@?=6bl zKflA%EdN{eS@4A3K|0WN`G0qwEy@4S?(P3y=kaW0O{R#)b(1wZK7`J90qtPtER74V z`xBnfO3Gg`CQ(RoHRFQ)-CPtFw7N5=io`^bVUhH9L#vE!kCs>bsKFrn1wQ6nQPbM@ zqnpuW9?ID^%2X@5v@%!dY|L$!x~%{z_^!U-tq-A!ebcwbkvk5?i|W@dbfW@5FEiSo z-C9}~M2}TCo1bUWds2REje5pL*Z~MMxBNlyJd;Cs->vvvnDydnrWC*$`oG)X*;}&zKfSO2@l~Fh$;~aiqyNrE z@DQT`VYt84(!40!p;L|5uHrCMw$rEk*xHoW8Sd~apP4k-eb5qOdC`%<&EqRA!}Q~0 zuIdq%mgEUc+4%6BE_(3L?xh9yY)WBdxPu8@@2ZEy_?LB3vQzW#I0X&+OF8KcLv>c{XtlhZTd%c#Z>Dtr ze6^=p{`-}WF@ouC1i;nu-(dIYU`hTP?B2_NU*+*UlOH$vmU$^JN1nF-f4o}QZA?@& zyOk=Bg;nnL`CIDqcxZ2^)Zd+XzzIig`fS!tZ)?C(c9z?(!)@1Mv*}zh5zniTJn!^o zzzsS>JqCYGN40L;yo0g3D`de-?JP--}l|& zqQrYnrZn`T8%@QOCexw+8xFVO+cnn3t#VrMrtdI9)~Vk zvn}XgjrsHr=HNC1&|L-w-s*ug{CNwbaDj2v(sq1X)0_zfKICOZO*b)RG6OT*GI=gY zn#P!j?DPa4d-qRZFQ8lm@fIjQ5Vx9^z^~}wT9n!BC}b2Z-epbz^rrUlE1l4%R6!(# z_wMlYq^OgI{wNnN)Up|ZKMLC({yUN;_3*dlC*H?LW!W_sKy>WFzza}m3~1$0)w!gp z5{rzpBDfh-{<0(ixtJ#`J+B0b93B)AO89jp%XM`dmwk9zlZn^H=!TZlQwDLv)zz@Q zog!1Xy6VVJ9?ZM&8t9nbE&md-E--~L;AGhmG?eYZ?2_}Ni_qQ*I*cN$O zI|z)>R$%f)(##li|Dn$ z=W5&F8vLtn6!xLG2;Zhp(uRHu;?-aS>H3u&x{Ww{4fa2O4jaKY_Iu3$H5dWo|>iO)cs~9R3v1uSN}QYDXnPzo9yG? zR(^oy?bOVD%S>w(4EDg_(JB`}?MC|6 zpft4WUE{uJoq_QF=ID3u1a(&qOG)w?lC$0Zg6B39wlrctYOj9B(=z_2jYf$|e#OAA zc~bu16&_haWJP+F0-;I8-1Ptsl7wGYlIvYC0#Pm%pZlebRt)C3&$tSR^}2y33z(n* zmTSi1w=Q7WAK_ApM9b8dcR`8Ob<)=ip=%P@)DborlRR^WtmW33a4`q6Y{9=7)^~A9 zdHcQWuk6Nqdd+qiENOaew_Q_J=2L3Qe(p5KEf_RyF*M`+A0OA&Y0SBjN|5Z|X0cjs zm+xYg+VA$7NQdHHcA_*khA_eBRLy8^2}vtm!^%O8<7=jCx_ynVUB?Fe`-;o|a!<4T zpYb?mQsh{-%~W2!g%+?b{_Dxpr}g-+y}^@v`TuJ?My`L$;}^wxe~0T`k?xHmSa{jr z+{w%ArF&uh_Z8OVzpJEPFC6Wg!@WK%#jCdV?cu-oslB_Wnf~8V;s^Vz&;L-j|LpDV z-P8ZC@~pPy8}4wQ)8Sv5E41ZwXiDH_(Y*Ll2vX?<9F@GufI#!SB~QqYaZ-O|{<6uq(q-O`EQYuFy|vIS*i zzE^Vrd-dOOVIqqj(~mYyuiw)aJZ#`tTktrgjjgY)IzbS09HG&hyTZwC%C8>6)m8ZU zv+eWh$`7-t(w>LEAs2giOD?wJ`>&R)!Q*2OZ^_8iBBMiCDw=vug>eV|Rr0jsmO8Az zK~!ye<#xh87k0Z^Z%D(Eq)`(|+Cl-`~6U|M@D<12{94 zbj^vxLN)XglcrR$O}G8x_!OhSm@UmnNi>6u$H3B#an1K~C4F=3}7cisskfCuo-h31s+ zFqEejXGtQJlf*=y!I&oe(l4%MVR;}-WTnFR9}`n5Gjv@B$$4t3TVvrS1jrX{=ymyLv!bRa$nDdk=jwP1)1WRw16`e3rru0Ves*qV|)sjy|ab@Sd z!1%U|1ko~qheWl3@lpOoDxz|^eL;k5YUGmmG)GWiP9GaMalP%`m^H+C)Td$nwn82N_q^K%}CBDI)ijv1ePS{MfHaz$1BqZ)|@K? z(H4&c1>6likXR{A|7gnFW53)lSgS~KuK!>135_!sv8h=;rWol~#6?*okGVS0KOH#i ziz?!U%gW~sa?=$KGG{XibHYq5vL0@EQ?g@v^7hdFEnS^Q8B7v#!Levx&(d5)ilu6#2ifJxqhr%6MOC;4$fO9EqM-efl>aFjD=oBytj~}j!|Jkax zY3!`XQqVH00`N6PwI&#;WmFYUr!!NnoTo7n3scI}E}mYBcSk@ZT-rK}GfEOQ!*z=3 zIG;j6yxP{QC5czlfPC7pVjR|$s(L;D`?2qTQtGmO?oKV@9Y48+sVQ2#?w zwo;xS^*ONmobQ9$dEn&bm`x^BXzJm*LBZm;QrF77jrUsHU1)8VWc=o zO;e&XG&we@2BtIpzB+&RlIgu)%-VZE}z}U`ThfX2mRX<%74+Ph5mc&^tbl^+}&x&|NZQ~{>#^SEbT6D z1UAd+&{pyGx;Y*0uTJk)3BSD<{98nuRjX!fxD#A7d25tbJ>1-UmS-_h^i&C==(LtD zvjIr8`SN%&9>2yVnbTA?oUp~@X;=rZdZ;|fTzE2f9Xiwe0iEvp#!#mLa@9kN8``3{;+XmivB4 zPCXG}qxmx3das5Rk$5w3=E}7uO|uEmkDGtpoe>e&5`JqM$OMgFNWMj^O>uv9?2 zx39nR*6zKvyYH^|-`(xNTkOHsUAWV4@2P1YwrtG`j5WrqItgti%GXX2xRycv29;yl zsJdWWFts>Lh?KU{uJdH5ziK~BZ9uLw?%$x0%>y{*m|7L1J!YJrV{n7zFg+k}di2BD z%ahlTCAlk%mM{>c^X$jKQrH`pIN$?a#O?LKC4HSS;vXx-dDHV{XF_n7f zx&k_S4l$NcL&e~bT3H_p#g9i}5@bXY8bh9K>zx}GVJwQ9S9nHwu9gAWesy=1ert0J zJ0Tn>(5ylMPfgh&mXQP&u-iVlnc}A-oI>DHe9??}TE81O=o`k0)3Vi70wO z1qezcPq*r$Jf(V%D#8*8^i!5-niPYcqWTtZ2yUCvWNt17<+i3B+k@wS{NwHejBbng zd`?pp?Cm{&_Q$M zuo{gJcW#T^jPFLhQNtI@wT0SIGVg493D$#$zrb)G@>H<|c3Y|xeJ*lLKV;C?je4Ie zh4Aao!_TK@2WKz8fA{M2_19NdVfE$re|d3?9O&V-iy$@i-Hum-fM=c{ zAn^qiib-lJKb4l8ttMob*1oMs)yS_w)v&9Uic~EN*_9ppunIk9QZup&kl=y}W13|= zZR~RGSIb*_dD5=;v+g$GQ^lo1- zRM(7Wu3Pu6^{lVjT8(V$V-k=&W=ik+#*tQ9T(@7tCK|7<#k4U&{)XUNP2hFDQR@KZ z;_G;0HakRJU4`-@3jJeZ$n6V`p&~7)9lkmI^U0fo!ykV+{PE!U_~ol+ z+)8UppoOST!(M4xGMZjAtb1h3)D?Q+kqbRFVK84EqwjQy+0olm}S3Kg$5Y7(Y zHuhK)JXqD^O-W^2_v`OWVxmaQL=9f!t%=8{^jF)p>EDbAUi+?Q6?bf0_0?3t+yR;y zX~V5d!Y^(aD8duMv}lL zGuP}i>_tmmn+jf(H1Ets;<%cEb(d*qA-{E3>btsvz3s(o1Ji1mlBT=Y4Lna;FICq# zS>F`+<^yVUyxz?9dZlYk>3@yj@RC9wPAsBuLP`9SV2Zv;BWjB%Y|fnR3%oB~VpEUl zN9YFK>p`jbC;KnVf$DbsQPyb2a`Oh>ym}0FN3JF=wart?Ocg=Oxa-zvgXwES#Ms~e zf%1+w$Nwok#%)`(`_=(~>+=8XE$9F4-`9WsI!{sm?d}rl=*@G@NWRY-R-vvkxEofG z{k$@-rwb#Taeh7oJ(j@U02cvm_L|vwCmhoYD(XXMi7;u7Pq|IR$>)0L-UhlrMVl-1 z3Y?{iyZd!?g$6xgiGDWg2P<@gbv64Nw1ZWe!3wRQMQC5C4Ono7N(#=^jo>cJ`O9#Z z+bqFd=A8ApUMu^rn(a2}e`)&_f7Bg^YWvJm3Ai)Qq1$;4T|uJ4`#OTC*9K%KPD(kq>QmAeAmME^1w@ zxbLs0jat%O0tl%0$LWu6eu5VVX9wRMoW4B$(?5AS3}5~`d3o^S^~-P`-*F$S<-cdU zdrxZhe+Rq$o%{MPU*&mFabEk8CUZEP5urMr_uh*Sj~kq-{H;^`dkX@S9Xg|_6##k= zB|MLVlqhyVA=YvW8|R9~aQc^5UNXtfg9q?}NBNwlMkMQWzQcU!Oag(iU~~ffLZ4uI z34Ega5CmPyFn?X+I831cJ}+VvBVh9^p+z6gsVs!=xhP@~NdhdLa4|P+uvwPyh3?Gj zs0SI6B9N30JKw^8yJ@<-ybOyuNyu2@jKw^{+$!UQZgUaMsKmSjfj5)EB~!D&Gqudr zJo&cMIo3qU6;*)PpC#upEX}ZY!#;2UGd7)3VJ7vhpx8z-MJ2p21MYOb@#9qo;q%Tn z@b<4Db9D35V>Z63F%=08oTU>%q!M|gazWuS7K>mL6L<=vHjQ_*6~g-$SY`!14=-67 z^Gk`=cP;7wawV;JP@$JP<;o#JTCvk|bbt5ah&pYW$Q=tb!KPf>x@LixnaJ$6553RSr zxFLtz+e_7Od%qnE2 zOLL5iF=4t|bmcVD6`NSz2~QG!i2=}^Z$P7$XFwocq-1VW&&r6HLe5R@x@Hd(|3r9W zHFJCr$4ivvq!3X%ozZAyoXqudgBD&jJppgG7QU&*7d5QprQ!2!4FbD5G8?O)ZH6SD zakt}4{IZ<|HN!uJ5sOd~h0%Nw*dIp2I%*C`*#;Vkc|0}|dA6*#vY(eJ9=)+_0uPrk`JiGid1^cSg3F=HiPUM6FHK?}Sb!i=XO{4}GfD~(ZQQhIHWWJ!wrLsHi* z{gfpvVk$w8ZgRm{T!7#?dhi=OLo?qiY?>pdBjRL@2L1jIY@`9iOrC?0(=#gc)S+{E zG&6XS1+X*{xC^;}nA(5qt%lR9$#jGQ!b%i8d+$hpV^XPFoScakBD4n=uxWb11Wz?D z#Xtk81W%{Q!dnMi8I7qCAQnJsz|2^%N0P$n=?g^EyTu)qc@j*;jnRV2(e_A*oT7ui zkuCIovYcv;fjXVu)<9%ZT-UciXBu zN_dRN+tgpnO)OP8gxWMVOy8C{Wy>mV**fK;?a_oJl8&}8cSKqeD_4VLPSPBigv*ZM zWsGRVhW}7K|6gOpR&@Kt??rtcT*f zvH9w3A0x!?kvDkPhNsnh8%3!vpYo-+Xf&LLJs8>3g}26G$xSL-rf&!#0!Qn}QXhJX ze&u6x(yZ?c`@22BjzKqeDL7Z7t+3NU+Sj-Xu(;XMw&|J5O`aTqRK{OjyPBE|O3lA2 zg_O)1Yue@bT<)qtv8wE;eG$``2bc)@C?d-w?5vh3Ln`ACQ5Ru@VF7}t8Y)1sm zs4c+E&eZ$qMo^2RXOiL?Q!7kqN(GC2;VQ6Q=mifZETN{07PRoN-2fjbQkX!I!UQN4 zj0Q6cq09&oI#dCOk?~bM%~r= zqK0rb%Vp10T-3aXB$s3%Q5T3&B^sG)kCFbTz0N59eNGpnPUlVP)%BW@H11UhKS`vP zRLl`Bk*E-JmQcL*Tk6rdOO=0MpSn@?`ef-hgWGot(5mBwG50ht$fc&7DV;E7$Z2sS zDj^A zyHoe;>Dj@_nf~kGhnJnUY4ZUMwg(QRU2Oe$O$PHeIDw0m$RdpC2ygfKPI@9ZWaCrFg^b}sd zdGYcT7x?hi!O?4Y`{vcr;omB&Z(eNloSwZoIru??IyFEKPTw4Z-89)n6g++M{MmCl zo&=NKNk142=<|S#_r}4Ko&KOtp3{DRcTZ2D*8A;Z{q)A~;RV$*?)~r`&(j$HWl!0* zb!QA#Y*ML68WRyO4Pb8|EuMdTvNwM6d*V6R5YPCJJN@`~#B*mIp3WTkE}IHc*c&X3 z)Nh=5)|Q)vT`g-GwlTpbuSlLoGaz`$%LNe&Q;7(Cw>@x686*+Is*el(g=ZKV z--Am`{@w(Mir)N%r_#PZ8cT(8NdsfMwbNEwQt%W_d+c~iOKf{~=WVGF$7y*(z9MM3dOQnmd6v*ELJ8u)i|Tlzes-dY#Tr53Y;@gm?U z4dJyZ;$72aP%<_tKZqlMC;(UFV@r{Lduh0Qdq+~Sd%UJQw~>w;;O*W7n-O3l9 zv}|4Z4zwOum9^7X-wFEsaQId7G$U%Z|LC&~3_^d<_uqWD z`W#j=&|ZD+{;axJpF^3^C@eh_-}gTl-$30U?Or`9x7ey3(Rk>G7d!oM5bmyA`x||^ zbK@^}*MErvKA|$7Q%Jd(lf?Pe@KlEICXHx8RwF*2aG^{}Gv|vU6&W*3LZP`tMg?9~ z>CfzyWg*8%O!B0mJ&J*T%4nolQ>wsHvmQ)Xin_SZH~yiezk>6fyu1+){*%Wvm!xTF zavW;*hH`bM^CCAE6vIHNE9j3-@nEh9^>0;a9GAgecJxZ#So#eWSDYS?_q`wBRUVzQ zWMNa1p*z+k!7JmK15+*|8<0pDyA}dMj|%InP~N253O8B|SnB7UG@WbFl?YU4@Uj3e zQY`aD+n({C@F$91FrLd|u7;h?59YEP=OO6tSXKFC9 zm$cypNo2T~C#{@6_yp~RwBYB?7g&4*0RiF=x~3()GN_h>s4alc_tIDuo>%VThGr3; zXFSE|h$XL&w+V@8eFk}2+Pm!e_I-jL+l@JDx6WDZ2EA1Hq%fCkHJx*_v9YsOdi-GjUirv~#B?8TvQ77YrGiZs z=J=)@m1!m|(AX9BO^cI5q^0m79N?N(aZVB#7iO&63 zf+v)yT$A82RhL>SE-0E-@^DU(Pos0H^;GQ@hW__UV+;GG8yHu<3*w5g+Arj`1!258 z8u1S-{#(W)?$CGJ=yc91E?!1XNSIXCwC)<~pFRICyPGOrd4=n)xr%Z3fX?~Ln~icZ zR{4-kSVF^2=L@_oTuatGU*H9mkzhtuzR9B@7_>M4r1J#=_pFB>1RFPA4dHqijw%VJ zMyuc-7J8st!WYM<5Sz?Y8(}!A-0H6Atcqcg5^wbvUzRVM^jGMfE;m6?WBC5V252>6 zXdMMt!#~vmah1wFlE6~yO$a6--bxI2_Wp1!6g>*V-yt3)koQhEDc-pR{O9e8)6my zYx1e|d?Xo(&~ZuYCv=`+7{|IXj{4U_u!f<_vDgY9l+1cBT(5hni zy#M@K1P1}I4o~qhtVbTV@591~X^i}ak6foaJsk};gjL70#88px2CH1fP?62{pNF9} z6K*_>9)@MO^(J$uTSI1|v#*8W(d3w`w}MKVuG{x@488OWt+LI?Wm*{ZV3bQLY+Of% zaRz>Z2gU6m1iK)L+ByFMqt912ILnO{7#cD3wfLeYa+=S_n@eAtuWt*6)iTO;$>ANo z1?j3RBUSXUUU#JR9CpxK{{ETuri6ysDkQl)Mx!PfE)uaFN7hBUo^3nDgC z@9rE!KT%yB)E77?F_h!ASDSMl#LD7@9hQBMbj0Q&kY_1(~j{hwB#%^Sr(`+E!0)`J~`M zahG>ZQUj5aP19DD^iK9+y?orrhyVU<{q=|UPd;oe;@ni%YpG4waF%fnwUlj`iET__ zyx17STl19S`nLhj7dUa@%tbYHj5RYM${Wn&jaPY1HlXq>Z=x@s8fa}4`$qcmDhz#- z>;@R3dfJZW7Z_>q*QYjXDkwE$h)se@ZjH6`c!zUXVAwu~tr)JDM>~gs1Hb8QMHR!D zQdzSVXN6T{)#j^Wcq6Mw1BQ(^0&N(s*?d(DHTaujXyOokR$PPs*2FtnQ~)ddUg!A& zBYUlN^maoun=ot@vs+~Btcvy;3~wf5S21iAvscO3o1uAIiXAf<@e3*zEz{UChs9^> zr}4IPSYp^bjjQHxGc<25+f>ULv}^PSW66_TQOrmQJjIkv=+>{epzE)EZZ6xb&X-7!&U8N%G=rpYjOQzvI5*4h9(n=2Y(4A%>R6i?ut|@cZFdkQA!hrCauYJFudDU zt{v%?vs_0T6X&;Lc&n4LDyREs%~{?I&6{GVHMErmn*x609AZf7|M9VJv}uK~o*rs& zo<+9AaFxMkHHKy1raNZH=yc zYYbPZp;ZiQ!76c|($eTCgP5E*IhAn!E^I2-d$chsy zySpLRYsyj74F5ZHXDAZinba>bqA3xK_ke}9ghfP9C=xv1a+RACg4eZxqlv}J@4Dww zYM{=i&x@a22eaFFb68J}vku=HhGn^;=DX1iF+|6|3Tn+5u5wIi!O%-k(um=kVrkKH zSPQFIjNZ#lvbwultTNKXH4YD7;K=w6m?JSk&ugTMo6(wfKZoG_xeP2UOmQ??iD9e5 zLxCZg-Vn<#FzSa-Zbof93|k!@G*4+qCfdLU;--EMH4IxF9)3SRhsIhTjaHGD_zsT! z59*$Mk6P~?Z+=p$7_xLKs5ExO`W*f=V~QqBs%qj;Q=18~sziG`cEw zL6b!f2>k8f^(%DzH{lsJ|F=GHxm0{^g9!?W&ci1nDU3a4dO6cjST!dv#weJ;44XV) zlRUe@ME~W*Cali9`z?I)%^AzS`DR#TdCFyV9^ZSws!!D*S^SG#CYuB>hy}Z#LfQx) zIFMd`h#p+hM@eGR+hd05GM9zf#nod|WHTxAC}as)fDLXmwbm677&Fzw)XB!v_OZ>P zoKhOwNfb20fV{TQIyb#VK4=$VXUvi_x zq%h#9@N?3;be^dmD6xP{SWj-6VuBDY(EjgA^oMw(_3ctok^c%Bp8x86F(mbcEt%j5 zY-?*Ty6zXOVoZ=>WYb?FqKNN~tbdjZspz~$yjx&D-UY!g<<>REczE*i;Ou2FN*I&$ z{7;?Quh)lncJSRR11z-an}o+KhNI)N&fAlt*9RwmgFnCgTMx!0!LalfFAtAiAH3Qs z`bG%X==kXP^ySH!?%++W-@hKbdiV0Q^LVhc`=kehe!t%j_xf9Z>ex>P*Vz&;U%fm$ zgKyyblQ*xc{S^D-zp8tK#hOFAaeirTrE!BV4!P!5j|X~nud}#6f4tTKR8-7aYLXZg z=g+3Cz~k4gf7Nwyt@mk{{@v3qp&Vlow$<-D-_eL*-qqY}J}vD5OQR%@sRTi%c|u%k zh-Nf8Zwx%O(KuB0K(cw3v}DK3cq~UYAu>nF$0oxVnOrj?hl+!);^V^LU3izv>rf8aFKB{s(WZ9(Db=V{V1x(75o4E3=^&o76y6=# zNj->MD3brO+B@#9rnqg~dew9vF-H#TWJP3=xl3TQH21DQEk9~0E|_p}NlXS-Ox%FN ziAg3rC(#Tikz=M$yOJ1({@4ggxMuBH2$rNI3ua+AP-D2hk5zj@g6I9`eM6+Q$S!9* zPi!FmSQCwedK#BM&wAV!Od2BUDykHToQE3h_P0e2;Y&J(v1Y-=k@%jlgkNas{b&Lt zT~sF5cnrhD1dubOm#0X&1ZXZP5?bbp>yz zdKQ?{M3YL4kcT`g6WC&OKgz$(%&EISXJ*UjAvGP@)wvZkF=)%kvo6a}kU+zgS3};2 z-iBEtx|^i1YD-+TamuQ;L{MIarM*=tr8fH>M{+R1MK&7ps@z@wmUB7S==+_1Yx=C~ zErvTr$lhFTCWU0p9?gQ3x~wi4j~_`$__Xl|>EG8Mp3eI)3_o;^22Th5o#!z4<8XIp z*#BerZ0|{b=P3;Ec7=*m^qdke+V_&z4+?<0lp$dAdelNnQp{`dCwDj|Gu!@>NIl!=y+_igli2e*LTPo?M` z6GgW5s}5dFyzhS)+WNHn)kYm7#Ty7EU&#b51KIUzcPuVPFNOf0H(A50j{XkY>$74P zv`Cm$u?Ay>EV_Z2xL26w-V;~p4IO2Ze2NT=sIp9;tTVtWXf0{3&cjILx!lHeXPBYD z&cSv}ql5?=SOfxN`F}8`6E0}5;CV2nQ0MW_5YrF z<)AR7zsdy`6{?PEyeJD$X}Q*>GI>GM#R$s6tEFQ{2*+H}p<&-B4p1#3M$}zs=q31t zB*`yD@hlCv0M$f)EOc7d5-+Tt-IS_OpTc_Pr^;OJfBv~^&EY?Hhx!l66GZpt?(pZX zH>jVxS67y!6uF5qK_e#J0D4U;P`wSn3zJpGcyt>H;jEY=ETM=g3(TzG&YKez8R4|B zK;wsan{KFOEwPcyuM`n2DRnybA5Qoj(<1Adrm?u7enQic(_%v~3|&yk{$AWZ7s_E# zzJlkmUpmWWrv2g1FSRK7^3SJRJ+u&3YrZ*ES(&YgPC>uXt6eK?qGC{Qi^- z;)8-rP&&uh-0cVMNA#uq2d)wA9~P2jfuJOw)4Qz!y}JH$e=yj6R;&N~r2q8Eef{UJ z@l@+S+d8AQi#Y->T52{M!YJ}og1dRuG|{h3OQ_*8(imz?HKTy1U<2dJgtO?_tp58zsTu{X zmLTK;@7`>|)48TC7ZiwyW=zpY<$@%b8gWMQB!p9AD>PiKAh|Vzvc}d&N0DDc zVQyr3R8em|NM&qo0PHa(LwR3pmuEe-S?l)amBr5tdk zNg~1wCIE&q(Ff2yfG??ghqq)PW0nkQ)IJ#zp}YwR z*>~$oold87bZ}sPcRHQ=@6OAkm*4FkbUFw7d!5eS!FQeAgM)+p@1V0b3g)ClDk8q? ztcQun^M54{3Gh$po`Z7YG;9-HB62WCjxBV=KF3apyM*aZ^DjQVD3opEKbI~^yV|0(_-6PBP{ zs{mNQ|9da@r}+P6r?ch%O{5(-#Q{l}0z2`BUFwU%bDSLrs6bzFF##HZ;M_2y<{q%@ z19u}72*D&GA@yO*SrVcIA`oK1$5bys44kz5D$BYeYSe|6MwvEgX>6KfGy=`AfuLg) z&JIAt6@t`7ru>dF27QD?Vqgd_5D8Pm@g+SqtuJ(ai^nqzOL?m(O@$G3;U80Z&@xP8 zs5%d|poxhZNr&pcjnLeImi@BfTh(UmknpNJL&IG_$t+-t^MWl`-EK?v3A25iq!Ujf6ORx09?4m zNf*o<2+q*EP5LMzR46q8p|&LSC;{+TH{+rUXP>B4(q!UbfWGR&1@HMI3=)Qpqvt_z z#!xhn@_ZI4jwaz=4HnA(S^8i4BMgc6hvd=9I%a|XKRVjqtLguv-GhUz{@+CUY?f&2 ziJk9O7h2j9?Y7%`=G}A^a4~G#KX+O$Yy)j$>e{^j2l^_@jfLg_MNzi8U_qPwIm^9L zu>zV1K_)5Wys)%S&~;9F=Vm8hfrHP(m`8e}ph_5OAgID{8tv>}Rcg%WVWo~`_?hJu zOi~FN4O@*Bzf9vdZEtb%c)&9ewgwDSxz(KFzY;C2ip4g2aioanua3(x3PA(Rtx3IH ztbSqxG?}<7_T*aI+uH8by{MbmPX#if=omrq(tg$$>Cc);oS`sQW5%Bi z&@$^8olY3b_To8zZkh6%VoGbs&0ZaiQ?qDVTD4un?75rEDtWEiYSdh(8RC@tx4EIo z2lc&5VG>UdSi^L*atm`q&T}C>W$OPbpM zD-2^s6w3C+<;_{oQ=inTI2QT;4vwbx|NDpA{r@J?&4@&|FyV z>kBqV=U={fj`J%|1f-rmpweus0#ozaW|r#Sa9~J81R)m)q|Xy&4jI$tFF=V&*Kq)z zzzA6gQW2HNCSXOKAu6+*XsYB~4hGbxgc)a_+38u)3IX?%5F_j51fN9EM;P!V3Sfky zVds4VSyF>+FEf5~)yt;0#TcrTfHYU+dg*$3&m_9!b=Q3;LH4 z1K#Z`b9O)8y+5TQVb<^G0*UF*f+w-;!iQGtH>0}+W^R4>(26w)QemVr=ccVRM$tDF zhNxOE^zKKR-*-g$BmIXjkSNrD1<26;mBc}s7n^FoJ&XpQ5gIN{$Xb!Mt(33hUIK@- zK_2P6HDOF^_>4%o$`V!CHH=62QeI+o`q(EMe1_t+2=* zfPKblyWcwI!6Ob>I>$5`@CRcdF~v^`BQ5IWJY0!XJj}9;CzjexVGVJyj;H3SkVPqV z>BKd4J|eLkapf&Laan^E8TjFNd8C@wY%v^*S8p*sv)A#e^evR3iwS;AG9SS6O}g$8 z2%9l*tI^kBkU*bC0gZ;uhRIK9;p5pSGBHOssfp5P(dhwL(kffdF4O(K#(_pTZHg_8 zE1T#!Ba#ico=Y4g3?!OBv=W?R*n4TE9;(WClQ@MH$Cnlal8adY3J@@IRXWmuus{AT?ZiB&7~xi`l}PGP_ryO09gmk-<6fMB#}Dh zXQw3svVBE4UaWLbW;P-Qyud#bDljl^j%q}j@JV`L>$SjpZ^Kz?p>Nsw?U(W~oJ2nn zR83B_p#7w}l@q#H&@p8=#GngGBv>jWVkoPXU1+)H$bbZaKq+58d3t<$dVSXGJ!?%@ z9KSv+=VCOjL$iaDf~XxOns}WqBoY18ZMWNLIF={5e_N_)Md4dLMN_m|=(+(aH=v@1 zAk>X)l%|H7fFrn5Ek27rx>zU%KNt z{@b^W)Or&Z7~7t<>v7hYFfs4o2Y>c>~L#bH;#2nkc8ziMT%;EMa4 zb>ZgZs#KP_rLRmRccsyQP?iY183~jl&Vnu+R?0_8#XnOy-48HV=YT9^w8%~pskBerH-N@@&pey0h2_L;&A3W{aijCsl|Yv@3UXC6lW zX&SKh-bhzC(fcV)vk8nV`qUIRH@{z}XFt9BxtXTcfG~-57PpP7qNAz(zXT8K+ygM6 z$bxj6(^zK3zc!COEvNL-SW>ynva)QNt9q)9$3(Ol?YD1}zTT|1V;;yxO(l3thQxkw z_Y<{W_fQ@Y)`;7*F*5qT_>Eg>9VDcXmc(B;wp_jCX@scj=)wgc0~|Lt4{&T+PHFn; zXF!j=0-B7rj0xXl-x3)mGRtaf41n5zb#0Z6t2NK-Cr^JlJAQNX%g3wB>zl_n^a>~? zv@;}$*5?^PpFg{BN7bkh#Ir-&iyml>gU2>1%Z9e z)x6=V3G()XmQACiUoc;FvA<|;GIj8^UHbP*bK*bj)@}`7f-j2y+TTB{$A29i?QP>f zHj&E5;#H4II}Zmr>783czWKm>rCn2Ylx$C!u2WF?kw?sf^Ju^?BV#k=*;Ws}p#$_M zKEt;>$dsZBS9#>Yx5bHHC(Yr16D+V=xO?{6~7>n$O|x>zmtp;kI75VmSW>uCq0{|GtvD=bQ1O&GrtKWG!qRSgVq- zbzp5BSe0SktOILmmTe4J`W60?^O4;XrzJz}KD(vD_@=)4-@q)Toa|N{H^v-U!a)Gh$^iGQ2K_Toh6xhL;p=egG>x6X43Ff= zf1s}%j|NEEww~aBINn(LJizuhB!#B<|IOve@f$A;)`(*P|L^X1>i*yTqr+|d$41f) zT#iwUDc(8e)s2(<)eUovj$In1ds89EALDSG9e5|n5S^VJIJY+kWq0+111?;~_ArD^ zAmjlZOrZ3*gsEW-1|ar=R_m|OxEt|7e*#p>#NG%FzyJQb{-q5%Uoo&Q$HE;l{n|#> z#?6T>9vA4AAeyU&(wmT`pn&VnMgea0dMeLrXR!4+y^Cmdq;9z0-=%pZ&3$1yYOTBh zXN=!zLG1G|)KXN#GDH>)S0>Z31j4&`C`f>YEc+)61P`+>5G3?*pjCuReT*dj_B6W(jfO){ zjwrIgxb6ES7-BoEemDBhm}WV}Wj|mTqKh@x&OvXrN^jvC`_vi zvpcbhQcoI?ASkKA#m{#+^9_OO5%GPruWN0UqK=bW2gaOo;e+i7kOoeX@pC&OE8@3Y-+Y5td2Gem6P-~sRY59IcjeNPA6bmYrx;OFJ5|5E=)5g=3 z{wHzl3M4^@YqJ3s?f+g*>Hovd;r9N=jijCYJ;j{Ooew(e2U#$9%G=K%CPE8nR(ba= zK&I7{)r2ED9HCSYqZn`zk|^EL>9UYZWzN7|8kq~r#^y1`TgFKsUw{+yI~01SAUR8{ z6Gw6L3L3*umfmh05eX4$H7gOLbW7s>?G<#PK^+&alPJ=Ct!Qj6K<|Ep2ggi}crqLT zXF>4+xU`$G8G8GLrfE{w+#A%v-?|Fkmi2};9z>w5xp;rCy=_4B{O zgWc`>UmHpJblWiNF%gvX8Fry5jLdl50{dQQ{mo7=G3VLmTjufwlV^g0yCz7@zAc(N vA@BK+k%2a}G1l2rLp@ZAMnl=!+Lqh2P203h_e}pE009601o97=0Du4hO-4#o literal 0 HcmV?d00001 diff --git a/assets/datadog/datadog-2.4.200.tgz b/assets/datadog/datadog-2.4.200.tgz new file mode 100644 index 0000000000000000000000000000000000000000..7240ccb53a7c03f03f13627975ee0b31b5425646 GIT binary patch literal 47754 zcmV)lK%c)KiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0POwycH6eLD2%Va^%U50yOZ=-lJDu#X?u<;tEqo+Y;DWw+8u4T z0+En}nj%;Lw5^rqH_mH(FYrCsd6IA7MuH?rQNG1pTO6Z}MFJBOz{JGF#Ju>BL!Zn# z{W+w(y@ZS4Zx8@JBph-~Le^~n;6V-pGHZK~^8mFm>3E28JjKZGf(TL` zBI+zgQGg&rtq?9y7ig+#zzF|@D8nS|g6rJ|jH2Xc^L4Y~Bj!;Yarxp{)d9U33VCBr z1e`hN5$kq3H#awJ4RiiS+arqx_Cy`?U4Lr@_!_nGVuo+qA>tjpn00)A9FQ3qzuvih zeb|n|S>p;VZwU2Sx6uL%5@Jp$4rh%PfPv_%{Bwag#a?3pamXPK5tXIU0^*oEbr#jH{NF4GGLtNm&wxAe`&Q&}?G(;RRtM&}@ zc|4KTM2p8{mW+a|)wnhzz1Kcy@9pd~obzwi|1}I^#2$wMRIdNs-NU2(z1;fW-#OaZ ztpBHYwzj}An!-5XK#>5L5}I3!TU%g+Q1Wt)f(7u27cWq#SO?$)1PIa)EC@wiQ6X8G z#AA6X&k=P;0PHkGt^XZC3Kw!AonIqLv5!CtFfJA-XaOQw1q?*d)Yxj+ zb-Ms;fo9VNJ&l84E%1DfWF_!N34t;XN8e0v!xh`nR@6AR- z&w*g_DQYmnZ_(0;lq{yu!c0u?lEfBa3{SunT7n6h5~>DC(h8t)$l9thMbqxRm>mFH z4WM!Cf^Uv{m%ZcjH{;&$Wc+sU^LGtLR|dD331}naQN*2-D=WQc2q0Y+=)yO1?9Bn= zgd&!75QmH-=nDe#D1x#)1R=TsBt*KSCsV)>-&P|fu|XVBz~L2QAfm`aJ_3f>I7cGkSkvHba%K%-YK)l^)X2(d= z@R{KJr34{(7X)#L|A>*Pp*9On01N_h1DHo5QFTrjX8?vi=<9O*Ir6R;K#<`;57gyc z?=^BkOppOBs+m_l;Vp&)l3Wh_6$%-+nInn-R6pgEiOP{c<6sAPb4a1b#gyD&K3Dq< z5$FlbC=$K%(!t#VUx8C{gQy1?0s-Qp<~9i9#YFxgu$eETxoDV#!Ln^Cy_3tBL&{Y< zP*=_tK%s9wE0BQDe9=BxM35@N64=r>Kuj#BH*W{qVhEUIH*$!PueuMJD7us%Lc)`e zBowuD&&*!o1tj*{GeTwol3PW(C$vyF!y%GlMTep(qGBO-#4vTPcPEI$-A+V_STL*| z5XGKYTTegR((~K?;bd@nJZg*i)D&*flv=I*)Aysx!NvHj_im71qnJAh543=7wD}fH)%Qg%@5`W7c zWsfVF4*C8#roqZCm2T!%_rzK%=^jH=FidAJwYV-{a`aAZ$pgLHx4?vu0Ku?;_{mfY0!j!~<0!zin1IvL zd%Gp0x@14=sA@_5g7IY1Q0U6b39eb|LZ6sSpHM zk6pr<7`_0jRegn)U3v1*q|OT4u9hVM1Pd6+-IYuw;%eH#8SxQN(8a1XEJCznmSDd9 zRN4T7!?#l+YGcw7@*E63)KW48ykV`(D_t{NNy#DN-B|po%Y5_p{r7{5v%%$HG(I~& z9*j?W-w#f|v(6ruy*Ca?H6s3_jaT(hQKS>C0m|T3;#ACQ9nfu<^+4*Jf^5pz%w0ab{=(V%k zC_oFzDDwS2)kS4hv2}3{y}9@c$+fPy-nRG^a>-_xUi6Yd0FML#@`Q*vS*q<)9p@x; z-9(~}0dPWMF4_|NPbFv4WjcCrxg5-2e$yk=0?lv4v1RwW?l(X6PTvp4yWcf)-}aJk zd*9`RcAv}yPiKBPH%^OqB%I<|OkpYo)MKmG29rS3{PdClw7}em31;t_QnFAdRg3bh z!|k>>%z$Gu6FUz(PUHjwUGY6v_zEpdUx;8)XS)vlx&l%%3mB77`(9&s-eh+c6{F72=&OslaHd23tvkttp|cq`_9E zLHYk&r>rf{?t0A7NVfA631WG!T-o)MT%{u5eTZ+tFcq3T$7TwTw34^Azw0baj<8Sn@NyjDVRl> z9vy-zoHbdZZ$h9^@Y5U~nAP(IT z74#J>!4y+;0|O!V6Fx`u21^k@>4G#%l!C1|f#{RG=b=dKHj-7saH%FtNzO!!Mku(s z94^e{$99%t%>h&lU==F(sjpZd%unVu1s*`kd>M^OT{5 zn8CFck?M6i=`u_Dtdv?xR?Eo-fmT#k0^t04sB83J&;KoXlg zt~dk?c_j3+Xl2@z%9f*@f>veqxm^}g>_G6WNS`M(uT?@MOEn`bFRLMk2BhYaOX&}K z9A86@vbUyEualjXH7IWa8TQ8V?{UoF4B51}6_8mg1>ItZ$C0)Aif8-my3?CiUqR>v z!M#|HQl)2mD@j3YTn6XJwrcWF{`VFLaLfH5Di|Dq2xDH2?K{pED6Z0 z6A_=;cTV~iE|DN;9LmMh8=fRXbRu@Nn8i|+BNo|0?6*j;QYq`-z@@yt(jySgBnF>z zgx`x^$pLgJ<6yK{xs*kjnkyMbiw9iD2_Y*Opf`M%2tYWTZ3`Jpp6R~c-8;JLhN*$I z1d+7(9JPelQhUkPJyISykCal9(@g16kCR6aaHbNYf6voYVef{~;wes0a-7wCuX%=o z(c)O(Am0U=Rql_VVV#6gKR;1CPxT8vQFda2a-sab)XNpzwkO2w9;KgK=^rHw1iwdB5tS{q@hZI)ov)uI^7Zm09* zm!cLcxUMW`!>%LLS#4U!P$j?#!P64t0(_mKlNx#}%(6022XU_xLB?+U;$7;3#Gx|h z(Py2QAu26_C}Jdt*E-(KD2(PfoON(GrI2wNdpxG7qw(x)S+*|ry>dZNG*Y%>qWbAM z?2bccM$J0W;c(?xUZ@6GW>OQILZ#Yd%8bRdH;30qY826Qiaficg}yj77|M`rNXZ1P zq)fYPP3p9&JTP%8$gL>FruJz-8ifq=M}k7z5%P>(V5GI#=r$q@fheM6Dm#yEqiaZ& zp1KO5q{%MW$)lr??UOJR66aOrfLP`h#r6uiWCTLQ0~}rn_N1Y+c%o{`<>>q1tamBx zW9T9=Mb|*YFR}Pi@|-4nZvwEz2?z@i>Sl^NEvfP zQLqFs1ki8IiI-FnQ-PHpy?j)R6(GP|EG~SF12i)VSH;7W>R%Gu4Gsb@p$J}q4}zO` zJOJnxdEo#4pZ^!Mylfk-7U)cH*qJ~!|6re26nDcv3M&N=FUNs6fQRYX0 zin>0g$m4`Ai>L_L`k)fvi9Fv0hx4mldrEU^r(1oI6P!CN>Oa3xC; zMiHb7LX*x^i~-YQ0E@Nq>(D~LlxOsv!V@!3e;kytxlM(dRUXf;cyHy4W(azY2UQ9vl754>ZDk+GW*%v-i&-6f_s zUL~8bVEP#kfYRMLBhXx)AD@GkEt2F4~^NHn2`XsFzrCeo}K&oK*;1$I`ggHKQ#vqoTgPZIuS+=6Xne$*&xWBEp2oS>~#gZ`G>6 ziICU37P+P$6Zgzc#w3-Y&Y9W?SZLLuvMlU&bnZ?{kmO{rlL3qh9tmVWmhlf z$hKAzl|UqGWfZdstS&g2o)JEzh&lQv$|*mUHO%+)MTJqzQgoh{u84reX-O7wuK9<)frt){(emZ3(4| zNU0sUWR;<1Yy!Ewf8}6*&vqn%t$+4f|7=)O1VKa*n@hJ1rRL!`2q|2Zr9jrC+4#$t zgMemV#xPKz*_CdNxn&w)53;gzNlpMH(`++I{cV7!;5)DjuyzzFq69cm03`##A^5Qe z7Q|1S9t@~1*v;WMfnGV|GP<+u^c^SG?I0rlOZEy}eBbLAY!n6PJm-=gW-Ipm#K>M1 z2LCP%4rLP*X}@t>2$7}A4kA)d)>E#PdH<+F!?TbGg22jXuh&XwjogRf&W+@h9RI2?3-N%qgVH zM9TOhMig5I53 zmAPty)Tq&bG5(;sPbb3yy!1xA0+_y-J~-IF<85YEoXcKmTGuPi+f8*$@u0R|pCAxH zCOB7sIig}pU9M84#{xY8WBp4B5UjJ6nV6R9LjDdkYm4D8FcV^FhV`sw&8~V`_KZUb zqc?olInEjKD`?V@L0{e~--nkdyxulcvuyP&?*30H59K9btsCe2-3Kq0?2n*$Cu@jZ;+vRURo<~GR@4PAz8U=I<>2D1 zcRD^9e)qz0KfJ%cbCh|leAWF_gh(qu#stWp&);8+`#+wK24~}8Z#4SH`Ni>fFY>~# z7S*iPlsgscO)ASvO+C5tknuwg@B(v|O0y<>kQq8t*bIUf#a*zsv$HS*ix%>HyLWi> z4$F56V!iUY+doVw=1VVtj8(hbpXpF6azW^7eNjzr-BJUt_1rFnL#9UJhpqLYX3&h^ zYtdtIByCO!EsvPcOU@Fd^1YNY=g5zhgu#&Zvl0#HrE+1D|B7>Ky3RU~F+2;!!L%iS zb+#l(jdMN7f>2wt82hLrDz_NQ86(@nAW0?5`KMDHV!nK^0aB)n30N5i;9H>9Z6ObA9QVVy}6MfMe_9 zV4BN0MQlz2zYBKd`zgdhOp*2eD9_rVkJp{K4B5P3DUj7uC^^2}a?RmOz;3=@hF6=z`pfsp+KoH+8up^AhmK$-gKkXWkN(G8(j0fD|!Ix4A>b<&nQ zTLyn)AfSJ$Nl~Yk3x&{og8(onsyAl-7Vvfy(-|^DC*Qme6W=d=)n4Xqy_QW_&XF4W zN${3zNP`zlYq%ON_i9UU6HS7qY&53?)b37ah)dO6iFm!W1-{3juU+3r>dK|-wZVIa zrg0z-p#8HG5UTfLqE$Sd#7l31XLGHh42g`wlNd*}*K)4|CtOG8QP5=YBlemXx=O*86_Ql#-yv;UiK1hb()}(B;&EKsY~ubvIoO39_;hfGQo`dep9{17jbqiNE?l)yy*X|8C$4d8C?nCvf@GD@GHmn*oc|a|fnoVC*3oYFpm`6;U1;i}y<1sD>xw5XSYG+Jq`5L70q+W%ef`qUd< zZmG&W=6JYm><|`E0M>h;n7UaEDGa$l%tu1Brb}}yFJ79oB1Bs$F4EKM-|{v9#Wk|N z3Bc#N^p`t1XeQ1!f*_m4Ft^~fvv}g)t*VTq{xTq8-rX~uq}MBK4en`UP+?o3qF}ym z{l2)h?x)1BDdOJTZPX-f5ni|VcH6rJOH*=2xQrTg31^j>((jk%1hXxXH0WuaHx4!1 zXv?W?i{4_U^pV+c2_9KQkmCssFkhwzR|C%kV35)3Gj>k~w+PV%=1fUGizq-G1xvuL zaHPZ^*=DvX7Q&d2Hn-JEy@jIQwk`XqNIgP$(-90)^C%(mNaZj?3m9_j8Dz6jNHSw7 zB`vqB-^TvqdD(x|GZ;8FrutQ;0e?~3fW!@<{Xmuhk<>D%NVTO>RdHm8X*In<^22Na zE{t|msO_HAJ2wuBO=u)mO?u(}vM}w?(SCAqAlQ`g?)6#jBGpiY+s8E<)wfSV#wo-) zWLf>esen@)rSifLI9#K0j2?d6>I_!CN^xAaT%%)@MKlgjSBB`lh{K*iwitX_J?ciw z1Yb^GtJrrY_Hy!CX{}`F<>Z|Xz08XCiN^b&`sOs55v|Qr#&K5Vl&RZ%I{98^WdS27 zMT7KwU2MCjV+&h_Z5ElnRRh)nqn}6P-toJWGwb)oV08ZeqCc=+4KFWx$&0hWWu}h! z{r$yx@3`L^UFvry!~Xd6y#F@ei=2j_ya&mVc^PH;V9xux9Yss;V5EQhOmbi2bm2W}~Y;z7BEKAikEQ5Gcdp~ycHqkWi-A*UXGPjHR zIObh0Y$Ws0%CT%%0Wfqim^v_)n408xgFH zlLW=fG~m371g>kg>Ps|GdXWZ7FVjH9g&HWoRLj$OjZ4a^>8*c3`K;#GbyHeB!S)5| zbD!a&d;DYUF1nSx3VyT8sDGb$m#H}$YwtF@W!uHhPMzJRy1M)#=jxGZ)edV^NvRt$ zeOxlFH4)E{NNb5iMY3>&RQs0{jJOx6cro3=7MVnt0}s4Ksxx9f*2ZISk4)@?%|`cm zIY_<9c!n%Q(0)Is0C=oH5^WX2s6OM-d1OPFB*5Umlnu;^UOln-%U|1sum9iMgwNqQ zv@zgY%Yg4u>}(Tbpcf1bQ!lns1KV$g=f_qaqVKxk#V;S5S7_Pns#H7QHMflcu6UzD zmNq~A_97oqAV4(fi93WrYH^*KEaejzi#)#RP}i7}K14KggEuz50K~Bw0tvO(Adw@S=!p-RLU>}6Y_#w?upG=W1#^DtTmDjdT z@^0p?FfZ1Qmrr;pz`xBTgO^GR#!;9F)NJ;49S~5z*ZtMhxw^bO8Ys4qb2#3TL!cy2 zEtY}+&7hYUxhcPIO&Vr|S)oByx~jcoB&=ZglVy^#R&v|pac}r;JUHupe>yk@D7?Og z)C48j282rUV6CXaMf)3-8gfwxU7hoqPoiT-i*ZQ8vAmEUbCb@e4B_A5H3Z&_k~mTk z+Hg2)198p(B-F0KgrP*1)F$2&WZK_OAo?iM`3H!d^~o55W|P{(fXMNIJT(nXk;~Tn z1{}4eHcEZ`eQ`UE85%3B$Lc&gmd9U5KeM2|`?ds@5roH@V9Y5ilZf>q4nq~RU>(c& zLP}n!z2kiBNmD7Ahd&NOLovC$w${ZnyjJ)&&GNGG+t{;>-j?$4S`CVJpj9c;WKX5&bfig=Uwgi_N?};NmWr0x0SzK5*X6i0n@UU=l9x1d*uThik@XdU$`p^ z(Vp4~qIBF0GR>{OVob)pdxp+YwEQFibPn~kNZkNBhsAr4JH%ZnGOkq$Bt3<;A66-> zpcSR?1`R6lztpSod@KIc3Yt%KK`s5*g|ie|;nZK|Fsf8#y#!98h0 z$H$D*VoqECQbsDZ`t}5-D#fgf-OqP^&mQ+40)g!Lc-xd$s*hsdGsn@~Su}%e7PD~0 z8CWob&kD1NraH&QAW{qr=_(zwPe7e!a8%`sirq_1|`O5BB$V{|0s*41&qpBl&ZRl3qZun4O=s5labBm}*=%144jla5@4#R9#lJZgd| zx@jzM7;_;7F4Hhk4Cw^s8hVl!)j&emQm)|?!9^;^38@7}Q9e|+DBDqG1^3aTRA+!h zM}H=;VxI#-AHHXUN148=644~Uco);VPR#QsIW`B?{1ZVWY zi;o}cV)X*t%&|8IIP`+pmxdfyXbC)Jr}zR!xOIh=FKp!G?T|vStw#X`Oj@zrfe6IN zXdt04ekAZdeQIny=p(^_>@&EyIKNQYAbjkn`xVHd-p*A^z&#*#4Htb$n z%pwqn90zjVXNW5b)>EO=0&A=r=OL1ZCvj#M%Sh~R5KJjbFBCb&FaVHOP`s!eM~%jL zD7VcS7OM{V$5~fJGklk1hp&Z5%!xBG>Li<}adfnyX=q(?m@9DC?dC`htUkn~F# zH7F{Q%_Dz1XIYoX`jWGU6c9`U+wj^u)RsRf$Zwv_O!>6m5eE z;q!)4%Yhq25m+EPlQI7^l#d^i785I&wmI}QK^uJf)KV=ahNat$Nu0@MEcPUY8V<$o z7W0_uFo1yS9ilOm|BA8JUK)O^=pLy=CNjvSjFu_Wj*Hd;EOqjJERMkq6(Ez&P#c_t zCV>w_+ty&9kW-x{g~KZZ#26zVg(c)?Nl2Lhh?Z%QWfeU~Outn4#SABzA}G+jc`=jC(K?MUA+?i7s>0z6FE=L2)$I zE-QP9h@xvu;-vXTrum85)(_hv^Z()A?$PG_{}j*1kDaf;HC}Y3%p=$&Uqtgi8eSxwz<-PJgpfj_~>wChLYnR^*xID`%tWVkyqSO-n5yJpav5IjgF>g2iffRIEo{Kg_FBq604~h|FWRbD7mHnM! z6lnV(sj@cWAZFm@L|LC5pN&LW8T2?p-m7+_7y3nu{Zvz*45su*PzM=bZK^PoIo3m& zFi&jkTAWkm^^uZkT2e65W0Calg-l9>L7;nGIz_3>X%WAf74tEf8B?aTK&`10$Jk^^ zO7y$m)~5~&&txPNl&oGP!8P-CZ3H8VLp}w~FInqL*33au?XE+w)$2^tu{E(`*%=lB znVMWpajKMbw5gb2S*lsu9ecFZ-#_Wr{*=av&_kg4KboL9Zr)*CULYRRPzTdg9a8R4 zsvjn6vGz#P$0}CQ8yI1wf;r33>=%L%&om`zm5lpbm1jn2%~~qsKfxcdI7&TPccZsx zxw6OBq{1k=Ldzz2Sv3l;)*1$f{_BZ`A){853D#XhkrT3tm2$`@^;XbHE0cw#$Qjmd zuzcO?5tA-mQA9~ZvD}{`Y*yoxP;~*{8=km^O5S*<F=B18 z<>|`pH<+7t1sDxH=5s>vKc(`fef71pb-UheW(TIS>;!RWDy%yegeg{6?7HHBgstfF z?!j7}&f4@5mhGnKN!wkdoVgQ9k;lP@N^QAO+=+w!2hkHt7Ww8|u-o1}T(MB{5Cx=F zV{^FH*pyO#RcDIZ>%qZ(eOgHD5P%Ln444ebRn9z>?&zHMDOS6^nXa+cpt%FpaCo0G(Q1E9ezT}E}cH>sLX6G8x4vj;t;%bZDl%7UP5xv2oPi{2n z|N3kD*9b@GR|Rs6!Wj-xy&=xHaz~KQD)Bn8Q+1cCZf1cv8^b1ZdXIqz5 z-j%L(Ju1jF-N3tI^VhzVxm~nzg+sq91OaV;)>t481<`gJ#u!rXwQX^Xq#+DUs~SoJ zsLfOdGn=De(Ps0GJS%iT^W(?N!Qj)UR{Ey=c<||yid7GzD7Q6gpUWDT9%T?rhVyRm z{@ci+`l7U0R|QM)Ta#tBwjRCJ0ItoHq@&P_qI4jV>f+$vO${KsskvUg3m;qFGzNGr zbJdunBP))9%2M_~8@wI{Wv-n;yM~m}1{UL$kdndEB-xPZ>X8>yG`hmk<>}}rMDcW) zSY*nW16@!~xw3!>Bl8Z2co8pT5WciE^HsfGcOxj{|5;DF^hWwFyFoSo-+jHa|2oV6 z_jZq7?{E13Q#`Bqf1bT3f|2d^RJI9Z97oG}f5cKwpE^)EIQ<%oMG@|X_dhD{Pd$1q zON~mWVcB--{U}C?{0tXCW$ncI^G|?7U&!tU8jx{)lO0+>?#)lF>6U%G8`YQ!8nQ)+ z;t4X1+@qO0?U|X{&~kiF@KGh=MMqy>k8wC9vW<0AqHGTL4v$#8Fcec^(WYAT?UD%+ z`kQvxR9%e%@G>{^IZ&@ay9$S7&jr9xqXWGfkp&XCF30_kA8SF=^6{rn>qtJTpC3OO zQ@7@-H6&Vc1Ts)Ht?|ej&^>AA9`%m8c*{z@CUQ6Qoa{x@Dy}oF&^;X6#MqowABn zs2`gtq`sCD$mY#$&}@0l-%?IWXUq;f-vV9)S`-x3DWF55G+$lD`7Bdk4N&4No<5fA znE;hj)|gVM2asc4b%(9!+}UYrr#GOEm)FpuI$x)FZya*9J= z&88T&mgsrg?|>FxMhHxSOhgS{eAQ<27lQp0%3p#1348)Xd*BNVO1uftL(P6sRhO2l zzu#HSsgI@YsqgJIi%uQ$ zD+3j@eem!94mgRuxvPjB;Zqbux5(3)W0f&}^@6J2gNmz5X00iblMMMNooF%yBX1Ia zpk&d_yaxI%@-13kplSYFrMQ{9aBgR*TRm53Db;nYE3|ar`u6?zgNw7l72Br8MACKQ(oYurh!@4(4 zNgk3itWMA0j86wY4eBD60IZLi)!N`cFE4uI{`uJtCvV2Xi}RmOjt3WR3do#cnr?7E z4tl4TKaPjz7ne>LhlhuUcGayU;8f;ll!MwoeLuP!T#S2f24|P!lu*Z`!NpG}edU>6 zGF-0c}pj|;=PGypl$hN>pxggLuQ~_O? zi7TCCATJ?5iOKlg;IenzyA*_YdOGM|o}4?zwhNjv$X%9x2DcGm2=q_;K*r`Q>wkZI z@&4>=a8cFyri>r562gz?BL{W6rd}H4Ij3EIQ9^}4J7(>O_$R|m*Dj>r1c*bG3j;wO zQ&iHy_oKo1`25Z2vUfRh_pLB?R_)=%d4Dh(ttO93D5vLdMt81kg+^Yxu9y%v3%L8F zM96E0#7AP$m3SQHbfnknQlZWXQWVZfaO=v7Ze3lac(_{H)=DQFPDy5PSUgd~Vr!)` zC2HS_=a`ozT)XeeJC#jlRV4+G4&ksGTz;o42=_H8Arr>Meafgj)HpY-)S97PpUg6t ztfseIWUG2@WFvl+&|N+hQ(bb-M5%JZ&g4^HP0C5W_3YxWugJB*)}{rv?v&-#TaL*p zr6rRvUdBDCe+Di;0pEMf49G$+lAw`whB677S$iy#8jiut@r^Ao2xW?>8w5zGB^eST z8K4|d5FsjqTd3$|*97~<$UO)!!z4_%WtkU<<6hD?o0q6aJ;%~#ail^F;&7&;)~eTo zTja$YlQ7Gm<;BG)b8BL8kK+AF`rPY^Lp_{CBp|cpTOnpA zpwhdKXl`+54&>do;^4m%9D?R{vx=H@1G+AA^aj!e zp(z56=mYm@-!xE$K&=7Lj_no#UC`97`sQP^et+tLGn$!*;%gkB8S-7$yP1`nlvKT& z6UNU}W-V9Mn4urj5^0s;$+6p*%_OolHHRn1nyl0W*&di(P;RPf&l5eX_x~IX_esb&g;?5{ z8`q%ZKw4HbBPt}kkVGhCb3EnR*?%J(JRjj8X3_(o1(>`&@9JZhjt<@}(^hor%vfZ( ztT#+DMX}WYm2*rcnPfib08Ry19CCPt8vjG?D{`k1#bh4{t+6i=S`1c`i%6cqLTqFb z2LlNZif1?kKH@svd5X%KyJMyyo#!&iNz}hMIakIrGAXM}hccvOf%qK74DdN6@oWwP z;=w=wNYPkpU$=3Pv3gWzWlr-Bh$!(8V?YNZXxww#-BT^T*Exkhu*e(p4}c*VEk`Cl zmG&?)wVh1)x219Ecogf%N8o=*v{ZH}85BVq>gxSibDaBb%Nkcj@-3O2FpXa-qh+cL zsn|1uqQb}$bQ(Dcw?0Zax!6X@B~aZ%o>JXxs4QO;F|OirMi}`jhk$rTRcQ24zu(wO z>FgNOpX3Y=gLsBRZP1u}J{k5+7IFD*n24Z>1JZg@tM2&^0lNLkN}i{s;+~%qGJpB4 zVaazYvF^K=aVbhQj2Y$yA^Zn1%!;*XgfpU_&dF;eFt?zVD`XOO(@efZGnO)-B~9pD z#l}}T5Dk$N3VtUs4PoGemtsu@WH!U$>{VmSWbq(W#W4>7(t-C>j1U#Aey;Lziv|Q; z%B<^i1m2t+15O%S@<)I}#J~gz2JjLFjOft%Iw7ZyjxI`VgAdsreh`QhhgD`pgW*gN zrAqm?5R~!F0*5V$TD*K=P z!@ZpRf3&;5(f>WkbC;l^#o)=#t6&*-ujJxNz`36lP~vK}5&j=u_*WeMJc573s9~na z885=35;@^OIgpk6fT^N?g2~YV3cW1OCVWI55QU-N3!*tZix*&jucCJLvPT7e)PH{N zmG(TJa{jMU@jt{4uuA{)I&c58dvv(7;r~za)MeyV1_&EQ{%je!xinA=U0cFP57DeK z=em}g$)rhzjk1u@N$+=d4lTPFSx$VB?;=V#@kr1Gm;IsTX3$tS3|;LgqpOT(9)fmr z;VVD8?adnIG;0{?Y?kC>EXgu4sVus~biwOFCX(ypta#`zFcSmY zCn2XK2tLQEPmpMN2^O2>zghlu<0e1O@;x}%mk^cf<50f)dPhbEcInZI@_#m5;{x8_ z4s50W*G?h+`|j>W{(q8ZwQskRkM@l__gy(@;vl|}`k%zG>*1rZs!3m`x_$e!vB!NL zkAwebgdCam_?~;gO8&oBi2uHSxXJ(eBu|z8M`gTzv@M`WXPfQd>9+%GeV1+qMXFeL zKPZE+*%ChUQ-}ZK+5I+vRs6r;|FO4wxW9@2@FY(a|JSrJ)-T606zJ?ZlX|N8|K7pw z-eEre!{N?G{(q9E&i(I`By8GT1Apd(O*-FWX{M%fI!W>~RRzk+6?HH;E1IGBLE*Tb(%dkF5HVA9O%=S`MXOSmqe_1I!e=~!3epD2fl2tSxgp#nANoBqxJ zXnSOl61#Z>F7)K=61Gr51H$jO1#jHLE=ZgGK}z;qCaB9cpgiTpk|c-O_TF(BbBjKl~?)76m=T3 zc8u!>kTEUd=xT*e&eS{QV46kLR^wC5n0A*WY-O-&MaZq4xvrS6dcAyna=lb0u(MjI zpSi9KQJ1&9c*>mgYgP6`X7UheTfZMLW&9tQ&vp5`P{AG3-Q_FSn(p%KQ*KG5JPVag zb*s`(*=6&2rv!>On9s|$E}4}IxRRtP%k>$`XIp8>d39w$DcOT_uWIC+$}hQMvZ*?G zAf5+~aj$ub8PZv8-l;ElPbXK~rnYqb9KSmmjZV(b ztUvBIV9#J$S0QG9%=5sGvGj zZ(09LGPwSagZ|sfj9rf481ANOEV8<32Cw1?8l%vU2o5=u*+$03rL83Ymx6wJGP)d` z-52Z~hCO@Qv&x5rgO?P|(Cs_Oy*X(9*UMjE>z}{L|L?T^{_C%;-#+ea?|=PCzxeId z|N8aU_N%W}7kl+ZvkIM8MSP|Z2cY>gi7EJCmHYrO3;*x``G2?=DeSkw2?vXqaWFx^ zC%nZ_1gQ+wES)+TxS1o008~E#&qW6lWTQ#%yPWib>in4{Kpj^ynpp@Z8fAhd>feSXpZ zaWJ~P=v|&)j0gWYJUzcyGxuyR0(SXLe|6r`wA8~TfK)IaHuIxVSglU^xJhIBSZPev z9OUztu9&i#Nk-SYkj$pH^h?J@d~N%yI$8sRRad$ty6l!Hx5liw?9JR1y0WCZp9#v( zFE47zRF_Tk{j-iboD?328fwwPBXj`Ita+}nhU+iil?i978oNiD%OZe#9Db=jipu{`V=K z%5CTpYcZ;B$CYa-XFx_2A31~YL1XVy2B zd`o`U(AAAD*aB}85>@j6bhCma#Z)8r=)}s~$2wO&Bz7%zUDZMc6R-tN0D9trsgvB}$3oPby6mslI8e{2RMafbLNqC`azrQ#&6J$72Q~y-viT`XCd$el*DI4lL*l;;XDdWT8 z7>ni&}tekoill!e)iSu;x^9$Rf=q4Bnp{ z%Q2my5K%!C&~PYla$Gv`N&S*V)U+CN%w;u6n*9X(DS_R2IX82v?H2Z%P71ANEssil zMMJ&2QJ^kh{A9`rPjy-U@KJ!0ADR&F-FQds(Rm!yz*Z6ZI+lh7ER*sS&9Gc0nJnKq zl%=H}4re!LGAHCpQIfVyNVypJMXu9rJ%HP0jJA{BY$pTyTV5o{2>{@irn<;x^1}l( zFp)(It^7_VOjRSH{JYRx0TPTN=0I2MztcEiNI7E}uV4K$b^3QUVeiekK&zX~`~Q-{ z|C1)(&o%yNY4}sCmQ5CZu*t&zS6YzS1Sb!q!CCjH^Ax;)6Y^=ZY94CUbalEvv1he} zcsvuwt%uy)+zmX_4XpNZ-NBqP)kgH6H~3a?dsjxakw zwS95`(m*Z0E4*=wUXo=KW%=bA_u0CxySedMIV<+q+WyVwZ$_8B%h9nN^Q6MVIScQe zIE5rUB_0eeDV$ERSBc))`PumNyx%(=UtaWn_~E3#2Cn&b?uj;`c!tAc#I;F6724+) zCvQ&9#>a!pjPrCItnfD_5yIm1OrX;4x9X+@2<+EMiTifBMUFM;EU*GJU zS9WerG9kL&xktV^g#pvf&e?4xAB`p*J@C?O7_zcF_Byr>R=6~=KMvHlSFdt(l}ADc zs_CDfUG`4S1{Vo6_fCs@UTw^h-LS7nycZNt2BM%kf%l80>*D?P>yd@~`_W+h!^vrp zAZsD{p5buz0}fCjSe1hTCy+9(;YDPNq4Er693CF(zz^$gQZYj#;$0#Blk{k;+@wb5 z{kMa4Hh(4|4Z$1l%b=KruAH+Cc#dUaL93agcMtmYI8U zEjjltQCNJowue=t65uetZRY8X#v#WGq*j=Zsk40<&mA;7;#}2ff|ov~;AL{!N!P1) zh3Gl$Q#?u*Y!kF4-}C|m!^&}RFXh^k?Cem@(JaHf9+%OpA!aC1-sX|2BYzlTvK-mh zqXI*YcC>D7xnfm^o99sES0+miL1bLuWoA`wQEc<$cFRV_Z(;88PaA6W*3Em>#E zI;vFlO2<=h4-vA^IkEX6>h2$jcy45A9A>HqWEK%Wf_z>w*#Vh#v0?vre$RcPQzN0m;M%`0$n3jhzmZ=ZG&`&}~+wI?pEvSRAior;_U@gNi8-cnY_ z0&*3skib@km@3sAx}!~LE#~SlQ{}2-cf_fKXK$iVb^oLDecbyVXvO{i;oeRm|J(k~ zCjaM?Jns9S%*{?Sj}N{dQ};l+7>Fd9{9aIKh$SJBWs?1?>*VIX5Seu?(N`uHG9hm97e^r-l3 zPeuQIo~rX-VM_1V#)|Xb-rnIs{`|Llv^oDh$>To%*)yL#{@Gui)9H^PFP14UNyyPH z*JjNyf)gBIj?*B<(3eN7(a$59qUTJUr^F8v0p9!`US9Onud~5rTJ&VtAD^E0-^!zu zb!2m>XVGGUd>{Fp2@W&-Qy$^W8Lkemm5n8bs(T(w?2YG+r;?QdZgz94E#Ky=RfxB1 z9$an6<>%INnb}8^cs6y(A42rFLNr7{M;5y8PWw<2z=K|xEQlWm$kqJ-PdeGJRe}fg z93WywJL#8_(CZs9;c=d-{hw3lp$G5+Sh4>f9PI4p<3GOM+uQ8_Pw}|-e{1Hm+rRbU zIqm*;)cxAsd>)$LJVwt%?<>(-rS)CQO9DoVjB$OXuS34DMT-uX29vO7RHwwdzy7~U<<~0^9j27z}!etk$+XU_ob{;m@tuXf394quwA^+Q3 zFY)K;;Bx%q`RKCPpD9LxZ}mm~)^{&5Dr;M8V<*Ep z5eBj;r$0W6MAIMt71K+9Ofs#Nr;=Vff%NJL=5WSxbavT$GpcM%*7+0sPH+gCpt)Xy zA@Pw)3e#hk#l|fnKRZ7jjAd5-(YQCtq4h#;@&7+Y!a6OysDW5S{Cao|&yVkdRuO(p zta@n-mO7~Q&d$y+rFZVy__S)_cCS&%gn=&~obkKC<;6+Anp>B_zSmf-LQoIc zdI;uV-)jU*1C6(XkP_IMIr<@vwLKV+NC) zBBUCurS!0UOOvKV8y8B5T}OALv57-`+wF85+L`)_nF5NLL93~H(fEWBj*voVJq(h- zbHD!D1kFy(c_#s?}8qOtNypY2U;!vX{q?}{D1cj4~qW3 zha36tNuDbCFF6nWwIsmkM#~?4^{ya=^hvaAoroh}>jHT(WeBu>Ak;&3Y#Bhm+qp!G z=uYB>u4}?IZG^?ull2DiR)3BIUryKy6mq(hAvRhO+Z9sb4}=b&H*cNGd=%g#_;>Kd zxcx&M1oGZQh;gkm!oe5+>lOG2&@JX*7kmOwVu`8laW>pPjwp{=c#Rev-%D|4U}x?Elh4S1eLxZ>tVE`p}m>AeNNP zd+BCfd&_SBs)Dh(8>$S#DJm4>Sn*{fPB54vPwan!)#&uW`ABayuHfAEaaW&X?8WTXH}zKb+qgBl}2h zz!fhMTzE0$d1MiRWEydO6qHtdZZO8&JhhR7ka}T6|R&row#Iz4P*in z)WT?;_;hXznrSq?jH*ghZl*Y;@$5=El8aAQh-vq6ji7>6O_YQUtPFei{BGQy*HcIS zyRQalh5Wa3SiJvxy~+RfG*7ksm(c({CM(JW#;nPAijgr3oTs$ns>qk?@|3?UBdJ*b z50LpwJ=N=f_h9!ZZ~uRIxWCE&^(2oVU@L{k9C=r*>r4`0w@;ZR-c%hSV1(bI<=_@G zj>DNUuy>s(WU*pCNfx0<*PAExxG68OxOUs=7D^>*xuZPnL_29P(x_X+C7vMDi_hPWuS@%})+y1%}$=J#sPsB@~usdSZF{uis3x?R+@-gAu_)>}16*|=CKs6xQ3a+il((Ne?$ zhH?jlv}YqT7uMhEO0exoC1zEf90Gk3GEO0uq^&Bq^3xzKT3RCnb-P?7^J82ZgxK^-1C}nMfMGELF6mBu5oN% zrOjkwBULt5ZyR-Lmg^vr3)24psI1u0OEJk_ZPZ63dzIeJqqjz8G*!!a`=2#sy2B{d zj6AX$30?jUD2Uyx&Sbs3=e5+U^3G)L!bEr0>4?@Rni($7mshy-QcwM>uOdjNNl)&A z>2C9#*Dk6jxnok}FF1^NbS%LZbkz`7cUURF>*&&r#BHf!vvf%2=NQEd$ z_l~1<@2)stJ^+1Wmwv^)KnV+28-*e(twx}lm6qEOWD-r)Nk)~|9~FAWNq}fpe{z@g zh^ABI@h&(cBX5rUI6%or$oL~6@loysOIT7wTi9#B$!isRh0rb-{1L-d^pWeo)v?NP zvdg)2ZH4CGbSn0bWretEia4cIrc{_c&m(cj6CtzM13H18IUs)eRAV)z$!r}qvJzUc zZCyC4gCjl~Wz?aXqEiHdm2-dXd`;Zg4!tUbq&j~xxP3;ryIk*z}bPFQ7~0Y2ukrEhJ4Atl$? zM-0H26CZKpapapozHD1MHK+4q2gPIC21X=j7%+q~J#3>}xQGHIVZa~&ERG^V1$?6P zybT2b^hDd3dE^?=r7Zq7X;KymFyqKpqnMM4KrPTmF*SYTNcE_?tau_Kj?y#j)uB;Q z#yp@mdS< z?deaz$%s?Y-9G`Rcrl8nQ+x}Wt=|{7%}fl_F9H{#uC%-(aN&2~s#*ykL-uBt ze}~sFRl)*z1E~zE3SO$v38vn6-vR;Ym8|{y;&vP}G*0S`HC<=igR<)^+o1Fb0BQ!y z8~w)BrmU(be;nWi&bMj@X)l_Fe(nwViJzkUH;-To-Eu@j7_=5DYEw%dejdsGbN}%0 zC@=pV?(J^mzo&Q{3T9U<0QX1xfbA@x$w%*?v>IBzumXG`Lj+t*peH$*Es18tH;GI7 zRqH0Tq^g>^AOXtAsvD8>;YChOP@45K&}_}FP`iF;TyugbvLHzajjVvShR#+h_q8;WyGnP35*|n!1Ky+gD$UA!=q_NoCQm#LH_$C;EjD(&QgAr2f5u z+?zLAt=7E>`+FSvIGk6-*dhm$rG-UW)-Vm>Dn|5J+Pnz|bR6nW{t%vi8k z1`m+SU3GJmQS>IQ%W)Ci4O$WLTjE5>JQyIVORxxf`W&Ti#h9@ z_Q8I0>i$dY2lf4a^ugBQmG9L2NT1#O8Q5{y)us_l{y^7)j?|x_FI{=nFYT$@k~R`d zCyQJ}BoyUk8XNi6Iy0N2a&mUoXJ!j0@JmyS1Z_ujl!4|kAK(i%2M<6JHR|9dYNd+($GKYj0y7v2vQ!^T7 zJvQ~vIf4P7|Fc=_LLFfGIO?dK@AX@CEhl;qimqO(_%QBn%7tZsTW?r|JnLsf$?ekq z%prFyg*+Dj7^3x(;%VnLT z-{kO|YkfnT&xbajw<_+lJjL^$%A0tfc+dG~#rbdVVD~5=|6^~H|Nm*8EzldDfVXL8 zOIMUGR}>Gip2`@Y_`ZqJ@r;{wU9Y=VqT#t3oSQ>{N^CkJCEsA6i z7QF~Lh2B+N%=@N7ioqnBjwNENVN9awu_&2V)_8C)8vhZa7>$(;cwKZZ`@{bb)lQY= zcpfYvi}4i>g1X?&&)>bpK>(~c98&i@_Cq$7s>0Qfbd}??(MVKCB*h1co?Rx=-J2by z0k}6j=vncgmI>_jI};!jFZ!qnw5i3xp43Y>yP!GhzZ;Hw{mb#-;^OSQxorxvCG%hq zux1zhk~-&F-uF#8@0ri?HS|0b@q+}C^_sE5Tk6fn5%qYG|1!a$Uw9Wy3$N%^{*?!# z8RCw&%<*>aV_J9_5btU{L!9FUa(oP3FIn-Wx`!yfj+Wyo4$zpwa8|5E5iHd4Hhgbq2#p= zvE}$gVd#^E>jPqLq|}GvWUEi^?x_#%I?^f2^&w`k$Tnt(GiMV*h$|T@@rgvPHnKPE^ZNrF4m>q7Eu$ct$>+$SsYgJ)*&d}P|Q)&diR@Mpb3jd z$=>Pd`9GT3QgkNHieVh2LES#3CF&e36&XGZ9$C;IGrxp168h-2*#*1X`7bhtnE0~u zdjIvo?$>(G@u{?X9$73<$VKgJk97Pu(W{T2GGEZG z^`((-;UlZ4v;A zJt}&HbkZg(v@*(#aW`a~Pz~(3jz$_pWmG1|Kvu!|806D%!GMupW9)^Bn z3xsGU?SH|`h@vUJMLxK}d=CEYRU4d#!4i;A))Xj#2vHE=5Vafa#&monn3R=j=&TLh&8@yvzw^# zReJ)j8eg^fB5Hi~|8H!8pCH8~X5i#_z#8p{lHZZX8*S_(*iq#u`Mt3P&i`>XxEM)T z`5;~D({mF)%=+*D*gJbOI6Z&UUic5)M)msN+uhsC<$v7WJ9xdZ|9FyT3mhv70Nxyi zGZc_nqp`IG`sNqF420wcz-x#D8KH~MDT!xu@CI`*$4qSSoi~{O7*7C)Gqw#Pimv5q z5kJ8dia3A_P&7ppg&vad_uBjIgWX2sEARup1(>lIDMny^n*lq6~NOM5#9{{AO z-wOr?I;aD9r>y==ls*bxE@H;P1c8Ht{a0yQJEE=k(yIvg#EZp|LvbRpPR$kyDEcEt zj5F}>K(a z)c)I|21QmYUyD|HzMm8)Q*eCz>$rb@cG){Q8(jQ4{&;fMKYf2Z*dF|+{P)wZ-OGmd-p?H=`fG37+n+RFNqVVNv`KFFq5!^G($-cAew?YaDieT3S+Kl zrDP%2ju?Qi4-WR*jjzD5UNAu3&S*BrPt*A*%z+Ry zL_GpNggCH(O9~d_TV-mZf@h|cjtoY_bly!ytZWd3cu_Y4Uc19?1H0?|uw4Jr7! z_wE!-0^(gIaXXca4qo0s24FxD^p|SwL#E~}GXp7G+EYXx1ms4U>Im9C7rcUT8M++| zZli!uMCIAUb^(?1B-+U2fk`3no8=?R5XP`t;9^X*4lYjC6K(<(eI7MhodoE_XQs))uCFk%j~PpwH|d)QF|viLGBwC&Tk0trLT#{fpXeTU6bVq2l!e=m=)6`*f*BHWH;@h+%qdPt*+%ZrqXsu z*#z+$ghDMc2#Eh5d+)N{NRA{5_S(M!BXw0gQgn)XMsPanT&1L}RA+=jEh(zHZd4u- zq=O_A;$z#bC_ zjMj08x}=9=4gwEG9tk6&*hI3plkO5u)iGw=j>WVJ2MI{UdghuYB=p&MWFO&)EZsRe zx;i+#(qg{mCF+|N`8y>PQf=2h1@b&)BTNIN4uZ8rqLw=;JydiHDJZ9)%ZrNQoN8T} zoQ7uagO-P>9XVuN7=n#MB>-E~PA_0<@@CjxLni!rp&mdUVL?;`=c`|15>djhUay(m zpWL=GTp*0th=?JH^}ei-?sg3EXE^Zn@~ArUw^RNVMx+rb&seknxV!<|+fLq%Q*pt% zo5KC*@Bp2Ee{iUY%5D)Ame{6(s~AN5cy^F(;ao>{c=<|MJ88X{o)ds!5PVrQHjBzI zOkkz%Pu@ zAqO1d8-kSQui<3O_bSlB0%HCtHTR7y_9`y>BCBk$El3~)mycx#6-`snjkKqH zXXMlL>XLMwXtdU}B+)of`A|C$o~eU6iZgT+M-54&bxuhSaC9FBJl5=}V;zYdAZsk| zR=^qXNS$(l{0HWmMMTz=5$cZ7fZj;rP+_qMc{&46_KCV%fv7*CgP}--eaYk1c*%JR z#zhAy$c~P#4&Q&exI8|;Iz9Ms+_965q;i%djKwDvic@0jn!`^bB>B3dNOVIGmx~_z z=s39f3s&Mgh~O+}kl?0qgCh>`-ULkD-QDHl4=WL*qeT%k z!eOzqtu1v=V1bBeH-_ygzwhp)blWy`>rBkb*^z8FB#}b?R?cm1*7hf41;7j`d~ z@<Y9VJvm`hH{X!-`Lxoqs$$zPPwL`1A4UrODgXNp$*#=Gf*9n@WKAkp;R| zavYK1Ca3hsY9!JgcCtOF+l-XoQ3yr|**412i=)gY<9!2_f@SGOS*#2fk9cn8(nW+Q*gsDAXR7bmnH2A)~@I2>CR)PFTjd zk~>D8I=|Em?HimiTjv#aStXMTdR>BpIJ9ovO6j?w5Gj<<8WDBPl#;Ic-EJFm;>*p) zA`}O}bG4Ex#kH(XaBrA~&{cW~NkeuUs2fiPIP_AT02`UFuVhE*DlmtIUNrjJtVhpw z$Em#Z_O%5|cGHm;mXA8kUk7!}qxAHXb|_Io3HEc!Klf|%kb2t1_vdP4oZS z+TGf1?d1KxTD!X||F6d=iT{`5eAfT^`K8gb-QM1s+wkyLP`AC3yBC9E0Gv!#;~fuF`7i8=mL!tp5)%Qmq?-FvOA>j9Hu-M{X!aSUVM55T!@N zK4%I0@W)zr$ITJ_xv1Y$0HhPM6o_ej3Zq995h2YHmcuu>kjGB5*yAe~{b2O2G>}tO z3=wx(ENo0z{%pYX_1rg1N?34iKC^xwY_qpai5G$3Y5x*AN^*d{Ba;+dk0S7ZH(zZaeoIAfsIID=#xJA0 z4ib2PXkXG01w`FTqBubR{^38Hkl7OyHR|x-a&aWLe@WBCvDk>)pW!wL(umIj+xi3| zV-0|l78+>RaV`kSBKzMz{HG1qL^Rv*!;G4*~fvE&Fx z1PM%i7Ad@Bn(w=N-)%q+<c{9Pm0J_H80^DR1;d={IImxyGC|s}UrYHe_5}_I zi+MT>`p)h}=j+j|ii#n?B(LSZWN(Vift9XHY$G~U>&I|(XdG;4Qx_<}ZkcJV^yj@H zB{wQ_v=-1$OrEK%TPeg9a-2(MK(n-rz=P$V1~Aa%cmD1C`2F$0#WASW|J0FihzN#* zEtnww>;zqtu`<}eFP{}HPHY^=KjfJxiJC4s9EN$8t-OqyI)yf0S4%HlRj-s%JPy>3 z?_xewo7l{&(E#wX(4)UQ2sIk=l9>(O`tIM34lWOlKK}XY;Oyk;r{ll<2_tHmK4h`)0l$#)it_C-0)cV~N!0K(Ff>+6Yu$Ja z!yJ_lVd{LPoU}~V!@>&riHu?OC0>^Gnq8CeMsoR;^DmOCOMG^luHj@kvPgBuq5%#} zgnj*3M~zLnvM}k(?g$68PdEr)>LOcYFmAf&3?LWBhv&zau*}{WeyIj<`m9I}_<^O|4eNtX{uvYf&>ORygS1s zO^akPD2}8bNEm65>pirLy`SAY?@H-W$_!HUp5?cJQ4``&dGpGd$>sR+0OIbxLNPDd z%Eidf9nG6F77U#bzQEgUbA{ua6YOc3yRw#90aE0paMo1_1(i~@eMe9|gCKbxtB(83 z_t`CwT&<{E9OQRa?(``IbPAU@8_v31{2esrHFzriCq=a`ZuET-XCs>Ll>8Yhm0cx31p30xu zg?5YmYyCQE22r!?v#t>}B=ltrBe>Y0PY6{sJL1A#otXb-14 zL*k*AiYH`AYASY;!#9K0OGxVk_a#XS+a0l-4l0F~@u&cQHU>MkIz?8!ug%lHVBp2du~4eQ$end-Ls1 z3wv9nx8?2i-|qL`?BTxG-`+g5oHs0^PExReN zqfg-=0+Y9<{SQ*MZn<}|GB{ZN^MC%Y|L_0(zl|4DFi_HWTElXW(~>1p5mWRAF=vlC zW`mU}1JfbyvWIYlmhEUV?wWX z)DIm*Q^TU1hxUHX+?Fs${n+=_AGD9C$O&w`quu5VGfhSkEbYOC6~N=cK=~QsFpQYoamp9bBR ziX8SfZRA}TGdWDexNbtFjl_o_63AmjyMJiEYqj5HOU1Bu-8PFffqn^GlXXFdT+ZslPfi~UN8+Ws#Rb`*y&(;gBT?*^1 z{3M`RwLq#4h|Nz;i}3lozr~F60-0`=6S*6WFpdUVn|5j4 z2O=;V^2GDc(ody1FA?UP^(Y(%iFlZLM5!UUy+oCU@i6PyejvGDSKjEtNOC`Ud%^0Z zA_OCVyQeytsP0Z1^o%f|#W%U9%XRGgjm&Qi{oAX= z(^$Yms2;l^k(M6JyHL3*z$T#NMv>Rj<}YRMrBso4nK;g;2i1kGG{P+roC^LhULVCYfk*yUVl}1F8CjP?O0ZC@DaQt&!8Fv2iy5vxqYxeDbzt0 zOdpP>-V>JNj*AweSMF)%d_=RJ$t#+rKjrD?n4i8jVok_|>^Prz&YYLI%KiLu-Mp)B zh#@gjV%A0bl{(m<&%$8bMQ6rTi#=tMT!tn|g&|I7(p07+xLowq(=69<4l;%uZjQ$C z9L}8$D+-C7qguO7S!vxn_R~(~wJR4ii#%nG*3OULkVz)uHSH1KNpqTvN-SRd#Z#*I}^?A{y=Ck&IotH&toIPH-g~Ld_aEEPag`0q@<_L#&&478tJbVX}BJ=D& z?SK@5CFnHaw2a-wqriD_G*%lh1yy&}v^&CFaS}Oz-6Pm&Ft^@3&$9Kc%`GRTP;kI6 zv68*JMBs{qLk*SD5#REwWMjxr4no-m5%WnKzFopde3W$2Z;xu5)2L;^hp$O$i*I zj%@GxHtHlP=d>@H{GsDC&|&%}r&u?Auw(r*Z5q)AD{B=|2LI7Do%MB8sT@#pMS9By zuSVokF1YnPB97p*r2^8V$|wSiWrRlg(0ImXr)(Oj*2XdeD^uY$8NY)zpEr_!{@h8z z4uMc*YbZO)*-{@*8xQ0Rvthj|cu#JK|L*Ac`%iy{9!ias_vkE{;~eE49a&GdSEam2 zEU8sCLmTJ5u~1pC`7ltCG46q$HQrZu6E7zGWV{j$QDwor+auuq8^TC-^{=>a=5y#O1l1= zI?P6mHU-iMJeWz2ut+2DAfd^s*ySE|_O;7Z{Wb;CcJNI-2bZ4>^IY$baKnLkF=@=2XI}1&U(76R@}$WoB{;>SDgE6eqOYj=Tm)Jf@KPl) z^APPLi}>*T>6s`u)xAbZu`?`sTN}XXEc?X_dO-z2FJEN523{Z*A?p)~UpyN!l$C{b zXr6Z!N3(X2=+I~&@HIgkUi!@l`cp3plLi9(%{=HqnqS9IsVunNvp#PYCXKOK&nBVi z@F{E{@4sEfsTiY|>P>)e9*DG6$iWTdk#0QLfM`b>kPTr&1v`{N1QoQ0eMs_&Sik?2 zIH0_8p8oK0b}^tl4r1Lwbx`8mdx%xB%QALNMI6dWgX((l-b6b|W#XJJJg+BE9)>iZ zI1L6rP@k0RZBo*t9%3nxlv6hgkVpA-##&QwCp$PhSr#I`zB2c{CN-svX60uoLz9O| z@`&3cIhbo6Pq56bdA3OtvS@~DksS1sj+DTR!p45Ysh&L@oP9uNEPB3_x<{Qit*yPq zc1gpq^7nUdx&%LZP9cmZkZiA-$t zXH?2aGu0u+CQT-pX-$D3VQ9Ier7S>Qrk|8$WBFv_@K_n8pK@7P3@FdfGHpW9F7+iZm%Q#m2fSzcMtvEy)M(;sgn)AA@U{=6X49;YlUJZDH#lC7hB&@$3kPjPFK z!D>=Ti*Hxku<)))UewMssHNW29w$0~6y_)#iy=JN_nxu?;PkSvHb6gso^eo{G$rqp z(Mv9{pgr|~GZxH*Mj1aP{pFOhxV;9Rx?Rj9KHsA=OKQ&Ms969rS_-b+-Yh##JdROJHa^WrWKjI-tQ3 z5tD>7J*bw@R1@TxHp&wwS&#Lo*L-BzJqk(b>t76>RU04N+kW3Bq zHE3({)T7re`HTiH|^%ON$ z5VKR}5fk&wic%)~LL(f8&-P-ouozGl)NDFKvq*DL9zbqInq`n?)=iTo&1%C`l!ZwH ziCw4|AF61%HA!>e`|MVwWz;%>+lY#+QXto}%5bHW2wAP@6D^AeLg}3ZJwKl5#o#@9 zd6Z;_e1&uewqI?MiC+a5fER_&tt^2w$9D^oMt86xO|~q<%Bk=%8E2g-8DMf-()js*{*@``zB$0>IL(BDYo=oQ;#$yy9P9y zN$%cfOOUiIeb>Bab*`Khy9OTFthS6QOW!s1NK>_IfHu#XAZc0r%9&=}%-gsfE z#;B0bXH}Nry=jw%lU|RF!WyJG2t$92aDcGa7_uJHEhUju-aM8~!vu*!xjcsiqJpC^ zqBqnhgQxs_{T_9E*2DgganZD~G074(g*4}kO;*_4qYF)nh%wtZAkUi&NuF~tMggC8 zA#sUMM048WuOtmT@UP_?a5+?-0FWu_E@YgbQ0^FT1t53f4UUR*(r*AL_zVV2Bx$N? zKg~x8LH$(3zs(20*CUpD)R`r=qiQqxtT|*sAR;`$1=Moe$YqZU0@4%QXfOjJd>ULg zd!|RkNW#LC0Hfg$H|443}8JwLmqyg8Q)UH033!m8nI|PX%2MFhlaY_s0SX;v@CVkDAIiV_~9oyF%n9KG#@{HK-bjw zS0u@mg-OGr-ca5+uwc>gUFfrjMAPn`S<+Y?AkzaJ;LrRLx@er|tk*{E_cb|R4Jm7B zsq6?|H(wC&fM(tkzEVyri{=zayf$VFgyJW@8k#C9lNs}7p1{*Bi;_k#pF}fl85s0E z zynw4rw6lo;ChJo#$zq#yl%&n4fk_IgpAbH?_>YT{CPkNvb(osz!G$v+9egbjlm`>m z;nMXxjvR>=nfTXVmQI>F!G+6%39m}F%pFX)iZn^K2G^$}Drwr{6 z&~QGxtudk8gH39-&|)=7qjO)C5GO|(Q*lL{OnE@k=v^}+qkQJUd-MT5t~So3@)*0O zK%63JRvV{SmQEU<-jINBem24PBhC86GcRgPTePyKsTZ$8gxWyD0@Q@Sevnlb+$wf= zcXtbIChr>T(J8d4B2ChEMVm6xNc4;+)24znxhR|yt~YbvYq9|}pE$c);=LwAnu*t& zdvs<(p|0*Xm1T+dnha?sUT-GfYo68Cm{9Ifr?t5`dO*^YTyLh`YgWWTk3yP~>&?`A z&5AaPG+UdSALzWk0W<8HlsGl+H7nvQlQiH=SwlWsKti)K4Lo^rEm1V{XAJhdsbUxLRq31P)eFo_470dZABdP2&5@hKTnm=RMVy666GoIl zFlHZfeu`_PO@~4MI;6cJI@662w1$_RoUQ@bpPNi}`@32ir;q zJv8rXIKujo%?O8*IAO$YOopyRg_fr5bkQexEJfk{O^=PbG*HoL5?U(IT$PFybb96m zP>3TuB7#KjJg9o?vgqUV5(Ly4^dclZ+8-yWY*`>=cL_f$ym{)=0eWd-6^!x7f90Z6 zrsJuXuakrjC?Lc$nOAhwCmoqbjYqjvSydDGngoajawqqCEDpq@lk*;Re*1mK&`z0M z6M9&X3lU*K26bO_8iuACBd%LZtav2!+4y;LGF|S`IrDuQ3_d9|0b6Ko{sE2f-KPNG zVCq9$j7%GgG&hjpX~xW)8O^iq!P+o}A}rFB8htCt&X-yiJ!=$VKgbb+O5z4r6410#vnj~V6*=;q2mCY}jS1#(+aMy@$G-yc}|gT|vI z;0^YE7`XTRNc+6*0zJFbUVV|GeOkxUDH%=f1uFHink^=faZ~kjQ{uzkToS7GC!n-eiGJE*_pw zUk7`Ng1;)IRdo{>0K-zVCU~`0MbTvPGn@IGd>*(Uyba`Bt`QX}#l%}R7cAI2IL$|c ziUYDrBc3)WdzO;qC=e;*xJ@KbVB!0T5~OmaLiw3DD-nX9nnjG!~ZUQlS!%k-elkSYD-jk zd52U{S1Iigi_w#~Nrm4OseDoBihiJ+6iwF07vFeW+Y#4wC}L#H;*7sCYOJ~lGirdN z=dr-V-I42;!CNMzXwUfYt;Rs1z-(5L$20$0{5?l@y0ni>d%-}5x9X^sqYu)3(lsKM z=cRTmL89JPMHNaZn1D>IAdpBoz^~ZMl?WN7l343r#fU8ma(%&K8krfZTz2+(`BypT zAnG+dnsW#)kjv`hr6b|iJ=N#Y5={uqFpeq8X}2L!0ZMhNG#li`BqQJ;GJuUF?YLxu z#Zx?%mLh0H*E5Uw(9q)`wG*u-HFDGo;vk|(fOm+~d5#BdZb}3qS`+PL<0d9J)7%rc zj>Dv&Wy+|eamf6b&}MkCll9K$Wc``Zeo8Av>NK@m&S4Ej5YQ%Z`7WEaxIpz%zTncf znZY8co+weMnbBWrn;S?c6t9Fm{eOeGf5}sT)(jyW_gT3mKHXyFkx3aXhUBAcc9pP! ze#C*M$neyLoHGNW1yj6q$somTGY$1r(aiE_AN4pekd#VYwm+2i)yI4A-@(mE))hQc zx$k+3+sQ|I+<|P_Vw}yA-;*V`%=R*@gmLxFa56Mo7|)1|5@jx|5Y2 z2xjaJYZ1lvcIH*QOMO-=O0G*U=zTVH>uC$%2_9)sf$6X)moH<(Tki@UC6X34$i&~+O*UDX69=AY{CbTS@n(!Si zSiVkDt=cM@&dSNTf}Y9bvvv^m9fd$;-k~JN4o9;r)8m!K8%>1xmepq>T!25Q{!82FQ|9EnW3c$Em_4%-qa+>^=Yfkj{S!g}F(6-G{(+$8=bb7NP{77MrT zmW)Sl%{mbDTz?ZkCo4_gu_440!1l7Ls!j5aic78`1a_815k)i6xFV;hlZ3tKBFUMR z&nGd(s^P^Ti;MDTdja86tUTApT3d+Mb0~6+IqJ+fgB^blf>7t0>I=>q@#ZJfx!hI8 z7ZG(uEGK=&@=&=i8`rwxMXK{Suuy9M<#5h@yOssk%6|ZWEHT0p-1R!p;>FR zn^!xjoj}yV7O+wW+zWMCpczv@ZRucC(S@@Gy^>W{d>iHS0~F$;og;N7gQ*EBu2DAq z?vTuxVeRpuA)iVxGDMsiN3t{zPPP20wnc@jI~f_?NuwhV_<;tSn-Z1)WiWc0gt2k0 zYzgv5ehE*x=9pz?2y1$Am!*N6=G=5vM+a(d+fvGdNyN_a3GSXB(yFQHtd_-e31Na_ zvo)4hg=5L{`MOyh3A(uD<<4UbMAF8#@#1Vxb+*`80gsiVuV2v^N|8!G&!aNlz)08C7_#Qg{jW^S;;Ull3VtM zIL;!i%4@XssN_!jMyG)D6!FRTJ?QMKc{!hZWE}#UZ-0&ea}d%*+!R1`6aL4G&OFZT1Hp7T}?D)_P-~5DAp8N_8QNbJV(aA z2%onLXE8)F^G{F|R1DxOh-=^Uz5#>5%*vrp(yk^fx8& zthv`yY_W5?1?2qcN3V}3Ym{vkouxL5WZ5w1=Zf2#%T%d;E2eHLKH32JI2LB%Yoa`l zbml7yF=$G3(Y-RX0E#&|g>`mpRh`NSy}4nU3H8NA#Lk9pD_q44lW2*JbcxLQ5t}4~ zk|Qhe_a_djBUd|MUDsp|Z4IKKdk^P%hdrOFu8<0*`^IQOX)V5YAvlj@;)(U1*hH_( za*L=Ur%>H#liB>Dd$smr(J;Z=+1tvbe5MKC!yEX8Mf(chLH!xXL6wn8N|~ZSsfc1* z`<}`<=GeqXWF0h~HYNBu23|Wp?l{zobawNIQ6yHgdiVK|)tyiToPIr^aqcEG5y4gNjU%&WNikC78ag zJ_VVV+0Q)I)XKEfwLZztJEE6ihm23!55h(w6x8dAG>nPMKHTT{!yi1zA^u5g4%nYr zh#w2vnO0v$xq!tz)R*Z#-{7Ic#6QMxbKsJL_+GLErmmpF(GvEnucIRa2vo4OJTcVS zcz@5T`RwVL`t)D3vv;(=`a)ROW5FvSKZcM5Hg?=|n4LQ1%XCULX#`N($DkRhjk&yeQ6_{NKIB`lF8W;}2 z!2S87+WQ)p>Jk1JO1!uZVjbcXhLzxANCiwSXB)s!7F2xeQ$6CE3_iVlX`p+>6_Wa5BP(zDIh9_XO}#GgSO6>)1Lty=fOvDppBxZj{8!K-1gLOz-zgrsz( zIj*@f7HxTVh%pP|iQyT-ni*$XyB@Z}_)N&Ow3_ix+{YNCos!OM-+52ijpo!~?0R>P zmxuQniI|@HrKq%8UwgY=wqW)LMZ$2VC?Pj-H&Ps>2KT-Lv@=U|Wjx%;oa;L6PQ^{_ zt4N73iYwG*ZS;{=r8I5-B9>RDufBs`gln<-b_qA8A7f~^d$#V!tUF0^qMXnwAChuD zD=w(w1J1pKxRZ9tyIfHznCvr7-dsYf;aZ*lL%U%Ob~;DZ=3WXGg}O_4qM`s7p>NdQ?XdY7WzlL@8CXZlL4jM zMg7yzwG=?MfWX?)2gj3CfM<)mF|X z2SQ)OirCVNZex2)ldQreo;EHdP)IPo`t&_+>OCq26#MyCTsaD5(XX@EX#UCnA0sCl zuE^+@vy?x{!7rePo0FH*oMh_(`b1czdKRR3gHAsx8TgZCYk4JbFoX&eFyDNK`9`}= z3WEi-zANQz7NR1V2)EmC2W}hMWy*J77RN09wX?b5V15Lw$(hReO!)x*6kq7O zA}UT7!L6}Zpte=wuGU<0P)qb{kNwjyF03tD5(1y$wqRe6$QAcFprb(rT;piOv?U%Z z^#syVv z9V+tZYH8_d>S_ZXUs>2z(c6-X0Io{K3tL7^GE?4niV>B#6>xA6kjAzx*FV^wfzR6( z4nW5n``T+@yh?BBr=Y!SkuO2I%6H={?IzKqLi-|6!M3XuIsk3TyZGR%yu54!5-)0a?kfdS6C`ppGVH%~$zI=5Jx22F_QE(cv^NJRQ2-YqSVDqh7>gi^ zz|(d)(2A6rh`fw>{+d{6p@|fHAh4UK6nEUWRh^rX`SYtzMVzuP7?K3_#0Ls4|Cv(o z?*KkwxM%PhrdYrG+xiH$0e^A6XxsxqdR%UN--fidKDp0T?fKBfdU%+&2@CEJcWWOa zSpKF-%p@^Bf5EDAV;P8cV9>>)f`-kz;q|_={k1&(->6^5Ux1IikTS6%=bMwRuCGbZgyd^aQ8XelbH z$`kPO|M>cMe}4Ztv}71Jqxk#Z2F|6_uB3f4Oqbs8`?Y+v;WR@uf3~XukKOmNx|FVM zkHD()_Fe3>4-0N8b@u63eT?57e0=Zm>4S&-@GvT+GoK%K2jO|;?5N!GUCCyqZDh(r!`U>*dHzs^=4IG zGp`6;#!{UmLoch>29XtMO<$_+9x&V?G-Y}m=pKWruj=?ngoI3X5%q8tnp9Wn5KgBn z`k1=*snsh8j?#S*)>je7@u8vI$h`A0NJ3=~06E)qb-BO#`WAHVfRfaPNpzagRp%*d z63TdRJR}nKcXY)qM_9JNa6UV!2LH2f`Jg9e*_5&Zv}S7(Muq$x;#FG{C+dDE9}D&x^lr=j^IzlVXCG0Kz3*vPgII z_sc(r1|rE-kSigFDjg0%%u*Z({T2u0$A?UX9EM6?nHDEHyC*x7Q@c?nVM z){jJ3GfCrke!N^6Xm0ip3O3=kO+KJLURG7{sQ9zHa0=3JJSFF;(ETPQ>L-C_UP(GG zV+ekdc3=hqk|lFPHn1dFuz(|Zn=xo7Hu~oD3SGgU+Bu17Y{5rq5DMc1kr|y&kO@oJ zUXe{&4i#FIYbaKw4xjnf?h?QAvFQ!IaZw{=S)MN=H)~oRl1~}EmVBekQ1S;||? z7~IRHYW`<(^PdTvmgQl|l<`_gKvH8u2*`ve3}mv7m#QE2dX0|#%vLx4E;8OFskWwF zk8x+>gJlVYqFbP@Z4CpODQG7Z*23T3l;dpm7(3r;THf9CD!Bfh^k0mPb&f5elYYg;SQd2ul=f!vhy;Qipk`0_LK} z#dhy9;IFiB!6Og4ey7UKqqoPSZ#36f`JM4}2^Y0S74N;Mf^C6HEV|bmc}7L*ez8`~ z^(ZoXNvJHlf*tBtOX6D8|C;@kx9JD`9UF`|V};VFW4(8wxCJ8*PZE3KQQt_lvHqK} zWS2qEx2)2uWASHV5Ys(S%MBA*gJw2qN*W~1Ib*^?iV{7w2QK@a|Ns6UZAr-5w{%JB zG@`TQKvr^r`<9`Z3D8)QPrn4>Sy9OD}b241ZI(4=ZvB2MjWtCG^u|EZN3(eVF znJa5GejN@4`sV}sghur0QBUC(i?3uG+yis}=Nh@=^D@pkcp0br*30#S1(s_tjdd+l z)npY46e=GX#zS#nGYfW1UOn#OG^}#)@^USIHWSUjaqq2DujpJt7rvZZ% zNk-HPjV(6uA4Ct@5*b10R}xuNuM^II3U!}D*z6?}a}os?&8%bqtNq~K70iqN@|)-ACsH)yhs_X7+N~zo z>xl@XQFvabQ~;bNQfyS=^dF91#iL5dz(;817y5!eyBkui{NpX`MN!UD>*W*aicY&k zgW;FYQ6u`SNwn*VkmDk3l^i;s+JL zynjdwZ7R5(Q0I)m2p_vyUB$~h#VGp8Z;4=Md%Kogbd!jb`3?8`=>qfyggEf96%R7C z#t*Twpo+F$C(C)8aW(fFpuR{rbgz56xZ!634K}8&-S*t+*agnowvEL%UWu`4lu|E% z{?6@u7u8z%S>4_wzQcI`X70%@vS)w({f=~ zv3IK_)oZ4x#@*VN`H1p@*o^nU~ z(e7|RfW$4cmfS+FqNMN`kpg_)s1jc4ybgazapLcRywTO%w{;!keQAL&rjX_boIqdNJ%Fgn7qhA6!eR-zJ^|Ry9J5+%JFDZj#lI{=mBT*;% zLy3kQyTur!&a7s7YP%98E{u|Mpn~Bv)9(o`{ETAnCTYeqzAUr3RiDiH)&%ksJFx0o~~ zEN8>Phm1In+V|nuIA27{gN1I`Vn0Y=CkfRhK8@U3x~n zaU+sYB(+eG-A5wA+a=qhe;c9BXXI_1LYLhWA_c<6%CA*A%MZtD=zbv#Sa9kvR$_r6 zx>pEgdeLN{M5-Q>RgJo5#3JUS!(^1FFj^COHSbWOMhv3j7LdYC{<9&S(}fS?nZm_m zFXFPQtdFg=+pfqZi}4#H5)rO+=UFkWqVE2HOEB@L;iW%9Qm-Q@HH7`*Av2L8Nrp-T z_|QJ{V`%XuJRoU-CHD9|o}D7XFFi;|5QOy9{pxo2s!s4&Xi(6e1@lz?c6)gtge@HB zC`I(|5!+TfYm*9m5XwgFG4+D9r)RXtVSums37VW#5z3F>_*a^ibISZ0S#2Zihs&Em zk5qFh@b}%_k65SnK!c^AU;E@=IzMv&I-vs`Xu}Z6WP}(&Fk%ZNRPiSrB{iN<)o<1Fx&$l z>u5o>FSwau3m;{-_ChX}7x=^IgN{?#B&o#^zMN#{W}Dd{1T}_SdtI`?ubk=F-m<`O z5lr~F^zl6=xvZ{Jbjr_F*r&<8Gx%?dzsC4}%!j{)lHtttD+x(NH~`whJsI$LDt#ix zss}kr+S>aUVKqh}MuUjoGY4A*or4-(Wt~g?GASEuWAo=>a~JO1gxyXL%!c3CPF%Dr zO4K4gNGT0WMR0<=ERuQ$vIRmPv{1G5{j6oKu<&wn@cPGLv8%q1GVQ8GtRyDVD&YXM z{u($_<1cBFXTk?gR$)Z0TDmxo<5qk`!hFJ&MQY_whw0h#bV!Hk-EYrcBr25?7)y3r z+h4JZGiKNF@p8Qz6%^ZTJJCHvu@;lfy4q_GlyMH4!L*8hlQ;d8wK>k@OMGc;W8K09 zYyQ)1=b!oZ<7q8lfZtY1>P98`85g+8NmOvNkEqt*3` zkXP47mlha5LPY>Cy_=XX3Gc{D!Rq5Y6F@Vbj=2%340li9q#0$-K*+&eTm4@uk&+qiq|M zL9T1|B5&*S%huNC{mSE)|A~EDUrUedbEnUA02GuOhJABuOGnF^l|6f_PFhXd)mF~) zbX-^0r-!4ZttE(c=KraC8=X4;+1EVTR|$&AbvNEaKl}RHK#{d_<2zwNB;KF(72BJ| zX$_qTZ7oOuOTNrG;2Q(R-noX)OM&cuHuNHmGlI3q@6k}Lfo4!o)lpzq+c@x(3p)If z(L!;j84oXPEN_?Rz^wQ@DFET}-JGSxXcTWe|AqJ$@j=BwBxo~oY#y3UkR~wY8u||s zg^ov?NGmp@=2OH2Ml)#crnFuNTk1|-|KrnuxAC@Z9*bUUgnj#IIvt-hFG7p0Gx{!626;@c2vo3hQC|O_9osK$4jgr`|!%Z!SNu z={vty^2;hxH_7wC}x~Nu7N?Z5n@Ns*scsRn~+P|#W?3o7WiDIZ3$-Duw*v7dWK1ipLUTiW;jsfa9&{r$e> zoSdO@23*3DJ;+rkjP|h)cqp#ZjESO)`+~dXJlP?{D?ChT4}PrkM&??h+NdNo=P3v& z(zSORIwet^SvBYq`*lKYp+N@D;$1VT)p+51`>xkEZaTxh0G}SvLv&U{Dc+Gww!AIM z$KAzmTk>qW6TSnD9V!4Lh`;JS`@{{t;Dzk#panL=LloD$9;Sy&V4}bm83gv+eu?8j z7cM|DubAf3IZS>N5b_A|V7txc@pB$7V?~N>RDSi*8z}iGaUBtXNQE`menzA=&P^vk zQC46Mdo-J8pFG)}gkqknUqyqGeQ2!sgtX5W4^?1G#h zK{C{#YQ;!qnokJ`Mzh5)7Bke(a6aD81TUhcr+UV^zoigDgWS@6W-!lZ5m9ikkW~Xz zn7g*VvYn#CwN2mArE3nWn+2%B5&u!O^s&yo(I#VQGe{As4J_rxpOwE^USJ)2!OwLG zJx<1-5lZ;B(4IOr*8JcgkscoX(jE)!8 zy;QA(v2i>sJjal>`R*M0lMd<{=?Z$k`tJl?e$@85_gdwM@VW{vqDnxq$GgUx0_hmjD@v?mZOH6Jn0ZwmDjp9505AYlsHoqmYPr%atIgxV>%{8-GV&( zum{AailpV8{MRy$(>r>Iz$JHF@m8|0OkdJ3vjMsyNE@~1H>VbBA{0~Tdz-?=QHELVhA$NbM zk9XauMTN|8TQtk5x%?UW2=xo!t3(~gl+k+OZ{VSqkj7B!vJzqn90l) z&1l|PqO6Cu4EnJY?NiHCibGj%(L0T3^m9(=ac-T^^8neGekBX%S1P&Y)6JyHI%e;pm}>;1o(a7# zTj?^5u!%!|RisvnY`uCGaK`1!7M>NLd8)k$PLT(!naa7^+I;QX(#ZkFtGd{($W$U; zjCvpk?Ksg1CBk`Ay}Th=nL6s|lQ>Oulm@1y+s$MsW}~8NF*LN^RjoLdIsZJaMjp>L zJlQY0<{LjQ%|S4J60v=+e*JurcoSFr+e`<+GyqP3Qa6WR6*rl>u)K60#bbZP5kJqkM_J?eY74s#Kv;$)l=etkIoxDZFLwguSb=bZvbml|t3$x5i5aTde-6 zoPpa4$Lu;iX3yUG4BB8aq`GhxRjX`1Ei}1x{q3wypaF}M<}Xz|{Wfj4OEpbH7M>1t zvIJScgoE?Xdlsd6227Y?p4a0riYrrPCp1X$DU8HLL$_TTUMYCIV@({yaiPj{Yh^fe z(MdI)5=JpfyNlv3@x4rUTzXRkZH=-_gdv-T(_Qo_UGs|}TxEvHqAjIM(MGsRD35)( z=paXItMdW|d(c3%-wnq8wWK=KW`!1*82IUpc1C~Ka`;mXFYI+-9?Ztb77eLlQbZpp z-m#v1liSFU3Z`M7%;dPYNB91)S=P8T0{AnQ(QCV3)P1*4w08Wwp1&H43El6>wv4O0 zV&JQEB&g)0rtY_AOwSnFNLp)xv_6Fi+y5L%1umkQ?%8O;tNo*x`s=4`B6Mj?!|jjz zS|V4H*4deXfRwj-Im{7CQLS}jd#01wLccC^g-^q@Ama919H&g+$nuwl0q`<#^i?M@!4R^ zZ-$vzZb1>yhM;ThW9f~=GxXKe)76vo0$klOSo0?+Sw%D$f1b+H*iNwP17q7uJG5BT zBlcs;zzIk)tl^TjxcU0>Ip*^8rMUkoIjhsdYGr?}-KgP`uGZ2RU)yruWJ|B8_wHA` zUoTbPx0h&Wa6mBkhcr-#mxDKTL|keYnw)dS3T!wrxo$^y)c~z`L9#40ujn-*sux9F zmg{a_Fvk(2vTL>={_J$VUfPq-)EI``&n8*lxq*caUrdv}_tP52Y%cChst_KBd zi)M`-IA_*L=F?BFp)_Re(iJA&{O_J_?%ub1T(962>E8s!>=s)ENR9-`hu#KWSn0y9 zLS+B6*5aM-U+&(553Alde}fZ;lZ0$xwS1AO@3PL9AhmyT2-*q6lNrd*m~ndvlKxvP z0L|XTUJIGT!(I!~!BEBnC3m{e___kQ$Z@53zS6k8a>2zuuXxJQGP!cmJP#&l93!LZ z(?hHp{T9Nk!t2$eP(~lyXs-NsoWDSFqglW1U<~sTUR0h#ZUuLzni-W8ibSh=^-&{Y* z1-qLZkTTZS*ELUFG8Y+rkTYJc4GnQ#-_^f3Z6BL4rOxWAjpd8TL=xfsEQG6BGE1H3 zzFj?H2&nQS4TSv$_UQl9-W4ts06?pVuVQ5!j=Nb%-lzEFg5*-JOdOY)kQXXvCfWS+RlmlPut=~B;(Vvu$ovxwaIX1wZO@?9r zRc+8xEc(IT^lBvyEeMAHL1+6YNXwy@;nka;al(AXT$1@Vz#_AHs4)!ymbCq8Vqm@V zKgRCq+XrV?47R=_)DZ{PU0r=*0R3ZB4uNZbw4eFQr->8ndtyj;z22hbOAw}UmCA4x zDIb}ZY6&GC!`{q{BqP|BUz#_r5K1t;l_8&f!RE$Q&20Y4{BgA~glziobn!_4bnw_02plsaMg5_$RMk7=8 zy{0_g98PJagaAr+=`NjgI7Eiym;z=B6=}UZMUO%9pMtpjR?9%Szxm$G(QH}aPmwhG5`UF?%ZfGijGR>EmQtOy=z z^E2h5i*DDog{f-|B49u@7fZ(1_s(_LoK2I`@8ciIiBejnQbE;aO$eH{pw}ho#0eHN zCF5nA2+clEw_XlzPIfLzir29v`X}~e$<7g8y8^^Nl7mb`tJlIw_C7u(YvrN}o8wY#jdud*XE#?- z9E?&Ksx}QYZ2hmovy}EhGI*G9kq}!L$e^e69f`DXONDbz6@1&CpLmOEOdXd1RfaKp z&3WBcm+x5+wK}PP6^0_#e7(Gbk6cev5Dl!_QuP(J5e@*YXVvoyX%ScD-y4#xHZsL1xnfh-*X=qS)g*Am0t;N> zR!tiLzO+7k`EU5tsDG77Ql|{`*^cV%fdMSGeyL|Vjt(aaVhfb(RAn7vbxSLBACQ|( zTk_O8jg`+a`MgxO$M7p;N4&<}vi&N3wo_i=^Fm$pQ;;l6LE?cXPa@H=beh~dX;4oE zEraMR`sR%-QLK0qQ8v#5bga{R1TCHj=vkGZ5D_%u zJeWcE&7$Zkgnp9!>LO7NoCdJZqgx0sw*5HX{6cu3`Yx}-3!yUlm#qLIto$qC17#n4 zrnRL0W>=i(sNV#r8cZKj&WZz;A#a^N^S7K8V0cs9R}ksANt{AlTnFjRJHVcs;R(*6 z(i`>tNZ0HK2+tbn%O%J&q+=Ow{@huge)VsCe%7ga2NwOn3rpnd++$fSb0+$Ak-&{a z<|O8C-{aMF#x_d@0>~mqk;vPg&VQeI)yVX)_yO|>3Gw{6JS4X_P35+My6;`Oub+K8 z>;LVGCDmzGmb3ALgv9M2i4I#gk~);$nLX~^6TrEr5Cll$qX322kuwXDCd?UYQus{2 z*v!1g1>e$d%gu2c_uQBfyYM`mZLAyc<9;kp*^Oz|;aK#5S%IgTt#rVSaG@8hTD{kT_q^j z_cG0Yeh8`MPO*RJBBka@Y8Kj!h8Ws#Q}laK!gas%!8T^(e!JQ(lYFAYbZ=dV{?-Vs zom>flPYZAJ$9Y!j`|?&DcrcPXj;M8%Zs*3<=&e^wUY+#V&W?dPq{WIG!6$d?y*eiE{2T?Y}%Wbu24r z_l)oLmEk^a!XbK7_#jCnQXqL&Jd+sG;|Ls&h|0WBI~Mb_eRas>0Rzw1Ow++b67on{ z8te^y`QDr-{V2H2#=D0OZ3}L{V%pOZc2ae+I4D1;d(F2=8+i-6oId_|eEDTGE`agp zIa&yRyyyLn3tDFrcmCJaOU81`m4g8OO1P4)t+sJ!NC7gQE@ZdyQ7Vjm^S6&qyYiZJ z6xEHbqQ38uKgX|r76kO8#dCwRP5hSgSkFAzP?~A4eTaKX;x_zl)8flBIj=rkc|G z=zSGnP^lqBtfJC6s_!-)a>$}ZrB8EbgzFSSTIh3!g7Cpy=+`rW21d0aJJPZ$2fes- zA|G{;;Po6#ECy-hf8XTgCK#;5#oJel3Q?{ag7YrWMV|?Lv_q76GCz&M)6Z!v_%l6CgTN1wye!D>nfx_+QV9K#t%WtdQrr>^-Y)+_X4EO|$Txu%aeiY~doy`I;+)TZYj@-y2eEj~iQniUr<%aKe z8o{09WN|({#VSi4mP(qQye>Kcr;LF!Wi z0C#>^Bhlh9AH*|d*?Nnn4R>DYW|5;(PK#bTB@h{!uYgv(G~k};dNr}{O#-A6>LL4T zU|Q6uY{TiAn54knMLmyvQ&NJryGE63Xgw@Nr?np$r@eRy|7xvgBff24H2gY^1bGl^Z z!{owShGj|t^W0jS*D`(BL@BLwzk1&nqe6f%=K*8hTOnCA3R{#=`Flm2zY2w6@XkWQ zef2{U$D;*le!%Z{x-5p0t{5F=SX2!v!0Y7>0u zp1-qP~j zd#%B+fX1eeCcKjcUHFVTDe&zLDeVK%wEzGB literal 0 HcmV?d00001 diff --git a/assets/dynatrace-oneagent-operator/dynatrace-oneagent-operator-0.8.000.tgz b/assets/dynatrace-oneagent-operator/dynatrace-oneagent-operator-0.8.000.tgz new file mode 100644 index 0000000000000000000000000000000000000000..6911e8d552af99f59282472255b8d9a060d88a4b GIT binary patch literal 30369 zcmYg%Wl&sAv@P!L3?AIwf(`EOkN|-Y++7EE5ANhdo@)o3IWW21Ii4;`b9yD%R)g_K*dLx-<(&E>#H`ujghvnfV!TZfU3T| z?H9+dK02CCVhWb_4lrk8sQ&n}_p4GxNR3hZL?4O5;8elg27_(saJtsdt@{LQt6#I( z*3Tl=Rk5+~%Yv2|PwuOzKX_9|Q8R(CW!Q-%boTH#v2cr-BFS|T(8BhhIV*eV$0H0k<^!V^z*ZW+?x5dyPCd>or$AMbNq>`fm8hJFfiYf5-+`{S)n0zj}^c?Sl zo*5NNMofJ8>g4Zl`vJEgGdndiGbI-%12{NTQ93w;PknLHg;|^F9lRISQFAfw=L|}g z;=y1|f*a!T&xV7+WKQC%(Y8^LEG&vKUjU4t>M$d=+6*YT!odp{6u2Zs&|#-x*aX=W zChL|_$Ip9@KnTW5gRc+}ZTLQd{!~R&?+_S`*a?j>ZOO~}qR5TZ1&bnmD_#WV&jUy> zZQy4L!_kxsvDPeEg2~|#N8nRti>FCU)YH(=#A3I==po7K+BK{!EIMi=x`4$(Jq^Ho z-V5yLwZ>L&-|VbCs$z}sNDG4+ypIP>nMI+7Xv9L(5Ms#%)6^KJT7r6|N`g9BR(@~VaytyB%={a@0&sx;NWIdaZ~A{Zm@u6kCMDAAm&Cp z_`sd+a1p+2_Ir{Z=?DwxGs%nyJu_2wKDSMWH3CnddupLznpv%om3&>~56S4m5PcL~ zxlAO5lH_teZy)9{v2Vg0Y7lwOS2G%vV(uqXH88`7sTjO<$QvVFS-I~lbiSi>p8C}( z9*q69=?_Z+_!uz>hZs~t)o>{6_;Y@=pU@C634yI3t~8L&xvS)E|wA2aAka zErb&)9+hq)iw!70LasKz=StEI`hsY-LxXcefUU#~fHSBHmV?#6m}x|!RZWgV3PDqv z*>xyl6wyq>V@+{slFx^vuw*%>&EU*@MKluzo(Q3|0?lxL5R%ht#BmV)v#-*S zbk&%}wq`cjs>J)g70f~^5OeAZlq7)oG0AAS#lk2G1AWA2rE%fOF%RjRFbk zV1oFxc7*_-6BEp!Km(qjG`UL22N|v;xL;SL6HOLem-0372q^n;SgnJ{59y2HDn80J zJhenbQUKeT8RKOn)pVc{Qa)!%oM94v^NogfI+BuNb|hL55wTI7!AF4AddIVLY#FhrF{s8s>gQ;EeT3g;SE1Hu$tLaash+ijdzTv z^lcKZ8g6#5NXi~*B5T)t0`12h4g(yVZm3O_0Y9K}z`0@IMYauko71Gj1(WH>h5T1;lPviUg8A9_|R4*Q>IDR z51t!S5afd92ri#ACD8!Apre;tc2|Rf&o*4$yKV15eVH+FHDNy@GLU>3Ss;;1hoZ!r~7Ze3r#Q7pq9VR$H82<&G^8b&Sd}~8qk_omzJ!AV14CSLkWb6 z#&H<SDMa1B$woztzr#<(d;^sE zyik!TV3aobhzF}af-3m7pr}>RlF)uV=KL248jcZY=nM4nCzKnV1F;%XOx*HGe%}=t z-b5=znP|Y>k=IOc@jgDn_yY-Qjx0q}Q79MP)}`yJ@| zs6U$6Ak-e;YtcG}j877(y#sgxmC+&Zf{e-#Zu_ZUp~iC{q2G$1FxhPX?5AF+Ld8mY z$95I}Rx(=VQ%B~%a|Np2sU+l$5%vH2}of%{~5Ly5;;a5GRU=qOXKLhuibFJUhx69T@mrzh4K9 z36RQ;bgW|<#MdoLi3~~M1Ejr|SX%=*AZzHnHT5)hhJVL;W;yyBl9+V)Cwt20XF(*| zC$M0Ys^^F5CrV`Gcu)F(P4LCqE_Uhd5pME~!4jp1@v?;HATeu{_~Q<&@RKdwFd*Bg zKwQMeb-PoR$h$!zu`u)x(&gP3?V8zMRU6G;V694AFp$Hza#p%7I=z=<%uE-M4@W-? z*4Y2x#}cDUreHDvX{{83{|5A=AF_}i9?-aOcgHDmi=DH!@2NLp&$Y1vMjMQ>_YE!) z_ytfLA$cG*kB}{}HxKCxV%j1Ir6bMqfeZa*RvyUn3Z8;*FK~Bg^=@LGAPW_VM!_D3 z6dtsT4kWR=HQJjV@bs7_l43kr);OoTHC7U>@Pp2w9W|F5Hi=Z%b<$vCO z0+oD)7L-B1%Sn&(K__0C`qDs*VHXIvy=giJM5{3MMn9p~C|Pw3T~JE2!%c$_J0j?k z6z!xQsi^11!Z3)Qk-_g7#8|TQ9-e6Q|JOxFq3e$#Hhfnc`VF{hJVcGLUep*bUaklk zgK$_ogrgO~-Y+$|Qqp9q5V&#Oc*!}szHQ4nj)-4CG{7r~U?YHvAt5K^W3)|-@ETen zFNX3r6s=Xq4(af_qjKiW8@sTQB3D12e2v-0`dU9%(=nJW7YPIB1-FBrZekcm%Y%r0 z&yUgiw2utg>F1?c?udp%-2t#!u1;oyk}4x?V}Q@OIl=c%=R0z#4t1mWNz&v%!1RmuBdNY}f$=l<#VU?7@#zsaOBGj`E{ zCcq0pFbXx5YMM)Oqnipb;ZQW_l3fm*F68UPw zJftC&wpwrA%GL5yduz{xR)u`%s8ky{W_JIGWbsj`8_!lnsHt3j^8#5+Hi?%H#*i5= z#Xfni1M6c?|E~%%dJXDcECB^9WJdwEdg%o6KZnTXSW>3F(PAk`4oWG|_S~O`#?YkZ zmrHm?Rqpb!nx7}8a7A^A${->?Cp@V9_zGwdto7PJdMuF*hH8E9y#_JRmC?P2{d=B$ z<*bAv-u45f{j(d8e2vmS*Qz_d{5|y|pamw-*a$iyV3W+KS&)vP*bIoVRUXHb&K{ZU zXP?BV7Aw9r4wcy5J&5X#6;e|Y42Fhu=<8o}*iRhn^x_As8kRPsDwIY_+9|_x8Lj{Q zC8?#%opg9D+=k#Q5JFe0X+HJ!-h2?V`ZlQ)@m1wAV_BS5tpV@#pYOEY4GyNeyQXGf z(XfcjSLPH-SR3$uB2mE^Bp%n5pvI#&-fqm1&U`^a$i%a(NKr8wL_deivd`wgGti{K zf5+=j9#%@wf9*)1i?1K`cL2rK2eiY2dFPEfj;27z1rWP)v>;noPuuc@mbCdf%RUP* z@#AW8O7EwErm>l3%m}LGG(G_`ZyC9i`N!Yp4ElQH*d$dSq4X8+eh)1xM|y?6=ge~n z$>(W_fwwsYR}BvzQ7s9}-5G=EKdLx3pVCF*pYbijk~g-LS430UBo;9dVZ_}=L%K^! zD$HR%Km1Z3-z_`*V0N`z8*(;LY=4|)Y(2X^E2lTEJne&N7iKeHLp0ZwGlfP5Xaq2A zq!67BYe;kV1TlpVY6T!D*;u3Tga~<=$Kn~^yN6h(G$4Pwgy$HFG%uIN)S}B}t%ph1 zZv2Jc;@vB&{<_-<;(Y|U;rA<*F~3n2%nU#|#ox<{aT&rRC-|M8(|JF$;!~3T@w8!qUNX&!q*P8Ti z5D;Xn_nRro=8w06qdX`-jW^WqH1)rl3hifv-pACXTW6exIQ6fXqC+zJ?N0QU@^%~@ z#&DD_2kbRcQV>Yv2_`POyn4P+94a>`!6J`7D>jAo*)A6osBm=oACQicGI-a`fsvG1 z)4pAS*t7-oVg7?%KEoh7I(npC38ONm5ICR)%!3~qOkk!6!xxYkp=pflKMbg~r-F3s zFUH)B7NyZ}{kt%J*V+MFgO8X5miw_^sOc&~r2^sQHzl$s5Mv9#cyH=40%bvoFxgvB z$S5jg;}EJCE%^+pNu_?qZia#=pEK%q`a=o+$vYi=OCLCbex6#*%ZBD(zDYfxgZOaq=a3a;KolkU`8-@axvtu* z26C$nuxkflX*8q2>Kc&p=hZh5rq!@CnXSlLsjzTv1;Bq!I7lZk-_n!BdO+mS7M8!i zXXW!UHBGwxxJu|!g@6>J2=6Ld9$c#e&pbLBJ-W=8H@Y_r(EwWs<73VN-C=#RM|ET^ z!o4ttGFe{x1xe%i_<(ZMHlr2mn-yg}-Zy8@uM)h|udQ29Ri6;SpHO`Ko!;C2`LNW% z{~!1CV?*`3EU|jiLxR#5QYF>u!plmdiHggP*l9;e4W<_I8_qbzb9PnYfTV?1ez3ue z3(j_zwuRR#M(|ty(ZDjgNkIeD~bnY;XBkgBDnK9qsLU`BG)cnu(S&_wC@YgQbXn6g>&|&n{() zbqWt3&e&d&a2d}%vH_bL)<#7m|KcFJ0os@)X;^yU%&j`h67bFLiloryaa!b!lb?g$ z8fuem#|$6-GLiCyK4(dr z0nM9q7~g#^jwIR%)iv}13DQ4W_45V0PWyj0{(T$!ovM$3>oA`T z)8I!_$jvVHYgDn${Z|McB(t^~46-Moy{C7ozaej-F7mzJPeF6un@|(b85Vj4Xy}cE0@PRrYJ72d%V-W0JPTdx zDL#`*(_sElnaFSi(o)LxdQtym{_kyRky+L^h50uD02jr-g-4avD2T`@J%10u$DxKG zMzJ;;KDVP7S615Y^Qj$GB|*#wqExLoA`$~ExERT2tT|j@dLskucUIJ z{Ub0xNrmB~gExq%m(tk`LqMB2QdZ@gL@zC$IPY>=E5fIfVab6@-opVKV@u7Ow!nm` z_}KkI&bs;*Jltq>ICNHrTH)6}31=XB;i#%HM45wFn!b~a5?wVRodUH zlX+UG`z2k(fv9qd_G%GfVa28eNN50PVq(*1|Ip~TE`YvyT~)^t21uW6W0}|p z5JY#Tm2V=a*RhVZAF06~kcOwF!9`L&6ybT18xj}rV-^qR)xO&p-e5n?0Cvy>ODe5o18nBcQK!zo2j;U#*j0HhcaxFua1a0eevO z7-h^2=wB9kCMfbgwD5%r18N)MhxofcJ4w^166bY0A7*kN>bjN{VToYCY;6!hER~ir(WKmwgkZ3qd;G=+(}<1|;yr zbdCnZkEgAFQn8(a*D8^8V{1Hubp}mayHq=Apeg)0 z<+p4h$la#zW$Em{Er4q8ru4o-@pnTXH{UVTet+Q$aVpe^{{`Kz{UFD>OXEjQRIP@6 zYN(MIGZR1CZ(#h^eR#^@irsIahV(b&9n^Wc*F+~AXig@<&41OT6e{^dRSI2-cWi4 z0N?V~OxCkZvrThni{A!~U+Av}O+W>Lk%1Do>P&!+#NT60PSQP5IAY74#J&mENOE}_ znoLZDsX=R?(ucS2JOtTF%2i4@b#abc`JBIU!_}E!kIzcxW#)9vBBD#Hw9ss4jeeGB zGBW_1JYIT(o`AHwlBn}Z*5}u?uyFcvh`7lAQ7}WOZVunP7D^_|7qmsC|IuTlCgB;f^}f`1_7c#8=9U>HAJE zfjBdKGd(qBZ{7+vzu^mP1cmaJag8DFiypsDAU{@My6C9r@d8DS@t+;0{$Ag=4`;jQ z*#D>-qt{Zo+6hyxk$*w!M&)w@yG&a5OS>1qLY%TlC;nhHMSYjSjz*dtnq^<{TJDy- zinC@|qkNmKRLuAS5R&D8#MXaEkixbJjajOJ3^ctEWzt4OF%nw)QUmWWY#>3o`IMBq zzi`3gax&a-dn75Iu@~2sAqJe|Ksg0Bsk>)tNo;;gYtE0dE-~^i#XjEuaPHOxgvNt2 z%fVt8SJ%e=~=5e3h=div`>Ty-`NKk>sgeIK*}#Pe8U<9H~{ z&o`1I^S|>Mf&*R5rh~ii>foep5x3yY@VzVwn!l|mFYFBMQ)2iZytjA@9sZ15$rRR{ zC(c6wb5PwVWQ~sz`&+uVvte&k8M#}Q(0KLuSo9}QtI{#@l_D%E@-ii(nn2}@G*W6N zlTmD%q?Wea33Y?k4ZaxA`}^#OD;&1BSgB26$qJqsHDWv^>u>T>#bB1m0R=SQ_QPVy z?T(!*HOo zOOI4p2?GCHKT4mJF3)%EUFbOW%}4&Hf|u`{R`c}{N(!o3qfxqgCfo)?`Xq#*y7XVO z%o~-s-XAaDJNLVa3FfMzBc#cbtU6$iH#EYs@KU3f1d9q*o&BDO1*u!pk?%!Kuck?P z!shmEV}-qA;@Qj4D#*rT!H)J0K7Pn^KfjU$7c3aC2t$aLv7N|=S{qEjgsC{E3si;x zh-}iD3d8nj{wDPtF-Od!WtY!X7uD=p^K7iQ6&0!WzzEMW*M;nlS*Oomv2Y=!kkcMS z;9X00dT<1F8{$V2;O66P&65bD>d4B5XZ-yT8+#(j5?*X-@mM-wtw08oZb2aQC~dYG zf+kir+l@l0RVtibjyq^A!>5bJuL}UIHeNU`f3p}+j(_Ls0@WTG8pYvEz`AU6goK4` zz9^My)|=A8Qt!hH9c(y)-Gna)a{0JC;R*(xJI3L1ijWKGWQ-hei%eKk;A@aS!*5nO zAnl;=q@`c3y+Tr;Kz3a$o@nykSRKtYZb7-m1Qx;hz8ZSSs)AK_{M_-tAvsKDT_$Gg zB+EcAoOO?YW1pxRzYZZX9D9po4~w`>)C;X9A(h17WxM%xRrSMW%VX++6xC+!!FOH7 ze(h`PrVvmTlPW0_0o>ogQn@YIaTv5w<{1UoQkc&bu4dV8ylUFat_X!zHgz5Dc}n@L zNdPCFl=4|xCZvT%bFBcNw&l$FCrWfa1`{*PdIMax2Q&64!R8$#vf$8V^rC?p0@>PJ zkA|wxNMp=eYjnBMkiV9IMKfwrhwP3j-d1x#%vHP^Y1(mGtQe1G^y7)PZb_%fH(IMU9T$UOT5!#viuI%u*%bm^gGNuhC(%{5<0 zG5OGXx};3Y=9`t2MuC;ODRJOBbow&gdwkl|RO=U|JcK4aW?xIz{USaK4$E;Sah36D z(&5>rt4(m@J}sWQiUNN8<}am6Zd4o%xIgw1g67PswYf4HVH*yQBAV3GeHdP}SJWsY zpI}nsR?)Ore3*oM2AsW&wQ5v%gFBqbH^)3bd0lLcR~+3TksIVt)Y*wRH95`&`DK~SO2`#BSf4>M@}-_el-Mgxc2N&#`5 z0rgKS&HO9NLSrO$9~+u+P9J;oko~0J$Uiex3Wc|u+~G@e{p1oBfOXNK-jOjs!-Fa? z|M4=O%Pp|eUc7r{}92n1<;6(+cp4En()KEr7#oOd)7 zx{O>c8Xw9)$uiz#Y5$Ig6)8Ngf@hepG~+(-M>8Lb0tHDu$g9Ga0)Kae(p|c7C7_yx zvY-_PvwQvSTJB zO}rdEvSJ;qNgie;Gj#KzL&)jb$=`P7ZIz`=vnG15g;|pu+`?g+C&z-h2c<+xh0{|B zyRgY~#Uf_5P!q!vaUJ!5WVH<>r>Z5Ew!Aa&Y61&IG-Ec6Sb{~e{a_2RAY?iwZWp7G z!tzhHOhY_$m17;u+S@S0wC#6E*m;a8HS^)-N2 z(8t=X=>B!BsVGHwt}#oc+$;$qi85xBj`8P765-akWC0htyhScfOm*&$_^Pgy4FoX% z07S6o7%DTxR^@mNI)di;J$zht32;HKDdj&%NOzPMQL-jpav{;-05QHK*DJC_He|=f zk7*Ljk44z!p*QHGj{qv7ZahLI2Qp!qGK8_T7-Z9I7Ea6XanCc@As|9|>1>Q6W6!fD z@|1Z{1a*usL1G63vQHRW&)9lA*q)i1R54O}+ZlHR613F9U=$l+fCVXvjacBGSFsxJ zsR%ruEj}wlZcJgJYcDIDM1tiZ;eV73~F1>dXyU)rKj3V=>o%aa_Wp_Hl8 zZscA01~QqCKN^&GiCc|0fQSG^e=NL4qzbO@$emL5KK)h*q34%Io6Q&-1z9(l%>Jnl@z0u7+Wyx-G$(<<32E| z!DksA(@iKQ&?~s>2!93E*9-**e^?l4O4AL#OT1wo{S|QvONkZ*{O4L2o4!*hS6CC| zZWZVE^Ep3N3*5OA*DB{)Ta?BBo@#X-c*Zgj zg<<{l1Y*W;cX~O2q3_a(7L4vD`&p97Zqxg4jWIngK4n`nm{@O|zoB@Fb9{TD@pa;w zC$=2MF{r_Kw}+##ssf0O>!PW*v|Y`}u?*vt%RSiffw zr}Msk39>WAVsyJSLS2(tkt_d<*9Awj@}P`eJemG4inlG(*3LkVU@9k5{LsqPABOYi zx#w(7!|4*Bmam6|H2xl4DF}(G8_XM?j*lid3rwBD!ON{3Vs5}B2)1vG&~PEc9o^Qp zsn9~e&?sRfjS)06jGv9sG@5!gyGeow^HGzH=K(tgqynf7LlMlsF=_m1B*ZWi)(ECo ze3`Po`N{b;VS6xlxksivd9Vylo8%s%@XH2OCY#v4W5p%55pQ&zpt!++rOMU#190ZM zP>}Z3k?WuMe?aN6zE9%W`wA)@h+?A(B2oko29&-(5?rFoga$bv=@y!*RH|LuN&3N} za`0vQ4TRWW%%rb$Rt(^9cz*`Q7*FxPGT&p}s$J+)2a?HU^ z&$XKj?q~HFk%SD+CkR`Vvu;vuy8ccBeJpi@Ob0EZk`g#V3|C0bh(>p((FN4^=OPS9 zxW46K(Sre#y%+u=;j6cj-nW1N#2|0elFA7d#IeJXY_nhmzI`99!-`0T6W63YF@9lv zh-xsJGiIr!w}Tp9RnHh&`rMzcuigci@SNe(q}eRCCl5)67(1z^9hw68m$A8pDYOqk zXx}l;W`9~U%@-?jWrrCI%GxJZ=h=-!MX^o+iXkZc)D-T=5V(I3sW zUI$hN!}#{(VD*O@a`F|4Nja-|q#l=Hbv=t$I};%qJ`x?c)p03Ku*ccXXP|1?u(YL? zT$ngttQyw~Iy|p~2Hj}iF+o9vwK%-8H|E)|sG)Zlbp%5Axp%85H!TP7=!1kX?5!nNBLQ|&}m*){d>18Y!%#`KxL#@Hf!(+D_ zL`wGK8V@ghYiW%UrSZNz8@Cg*iE*oTFf#GLF`pPJ6t+l`9}jzp;;|^{i=6DDQ1q97 z4WrlnrSAe3r2GCsMuh)F0WWWdAkg-23B~FR3h~dk!`))2g|HOVi?CrRJc|zegS`sW{MGRV z0+K}$=*-Mye_!)PyBEiQQq$r~pt(kDX|P~q|9xoTrpTK>?vrb(TD$m<8cmY?pUvUs z844-Se((;iB7$}Kx|gi*sHSxi2_TnDL#F-`zVI8H6*hHq))j>A(Bown9fLXmhRJl1 z159YRHly&j!;)g$LX}L|ZJmemDMTIdPqw!tpRpC;Vcf_R`xt4~_s=sQa_Tl)>@Jzf zIW2}s=|@A~xOaKcW88R$zhVEX(7~y22s1L<3Ajh1J1t2L-4`;BaHrn25>`mpj*oMe zV2}AJr+cO9-bbcgG%3@?U>Mq2T|lHveemqw>94m({sRMlh(tAnO+sjnkq7*kB*6~5?aSC6bhvCMi31DY7>x2nM(v6&RXfep($7v$F zlfE$#Icvzf8Ue1};#TaL-zoL64ptWqGAlD(RwKEYfh3|_R93^kjrasTpGy^+DR_gh zw@)-ZMCL_I@uN3OOP{d!hKMX@N1=4FjBI5oFba@|Eo?xXRN5t}y*~&ZqS2EIj;D|J z`dJNUaB|6eDY*@!Ntc}dljShDbUCTNl>mjWGW92tNSFVj_S9_`f9%3PTdP3< z2iIqLU;3jPKcsP9Mj6#m*Rk4!O;6N3I2v63yn!+~NXB|SIpCrnwLis@*n9d(S?Ic9 zpoG-Xd;%$YNCDwv(9Z`vjI~%OEk!32S$IuyD0$}=DXRYxrn`g4?6b0wi=1B00h)p< zz;H$j;#G>Y=1!Hy8zsJYt1>Zqd^d0o*YO81w8;F<=YPtTg!uYS!Z)4 z;%fyM`)3c<`*vS(oN&0RAPzUy2BP1-^jP7MjvfTRkw-Jo7ZBV;@#s6JQUjsm%4|_0 z(o;dH(FVfIB_r8myCn^%%&cj_wtsLSB&CpO)=5PZOCKpM;+$n07}nycnd%x!HEKVw z@K()ARx_dH*I2L0Ijr4}M;V+)7NlKcgtqG_dd?g6vz((gU!rlTs^5hPwKu_IFqmxm z`!A^RzScqHimYXGjek5-*BX}#uQQfQ<(Dv5Ddv|qc5?gZ+|yL@3h%1#Yw;61C--LS z5tOf5@wJTn>9Q5Q9)>;&8{m%v7;VhPl2Mj`v3G2+j@sXN1mMs9<39!sz%#$xcD}iiaNtT;7P3`bMass6?N1c&>GUZ z_rN~;nYM;vq#L~PLetzf@hCI!skSK90+S`E^_3x=ybWcgk=SV(0Sy{ss%Bpa& z(<|Xjn#ZiKVi$> z^D%8Mk?1){?Mlrv5N!XLMTWhX=ODOemf7pQ!T?lE%e;*>cMn2%ya*bN{GpXeyyC3B zCE|#qfx+4V^Zj2~$yn~eXDmh^a94s`-ijDNVf&|$;Iz>a&(!2NeyI(g(h_ncX z1oux2Jv7{aZDzTpEgam3Qoi_YMf=$$XZY1U)#7=-N{d07C~W1@-mlcG%%P(&3h;L3 zjc6rbFy+3(Y`TQe9FAH z)6I>-j16;tA`Gtx48bn~QA0{azH@wmt598h!lw^nQd4M2ghx;ym){{O+?TU$Lir>K zF?ggU^+(M0{w@KiZRSqa{HXT$y$%JM+=z)$8k~Z*A?s3hDi%B+GvYhQBrc;I;GG{; zW|#o;GjpA2_^kOy>KluhIJF7gX)RHv0%??;WHM7%)Rc+r6lJ4bOc19a!Q~15rkTrz zRU-p)S447%H*rUz}Zcc|qJktXjy*+6K3!@o&#sj$ZzPkF(4 z{h{cJv)3GM&7;B>hxoWGy6qbxD9e$oTE!C52c_?-Wog9A%#&-=g2Fa z9dX(DU6q5t8TGjj3ha`#*T1^Tn@;m3R*#QDeJMwjiKiPe8Y<$N1sIzJB!G#-4E&v5 z+-t^zXeR6{yef3($8a=acoJ80EZI?{4Ar@%^tJ|)vqqSsisf#zn?%SP$wDVN3o+3l z^jEVeA&?1W$ql&_e5Uwl24O2_+gRsIqoi<+-#kVV=4p(QH}$*XWCpXL+KQ1!K9EOiX>Qg7eZDEhZ-VEpv&} zUv5LAH};j;39CuA-N9tcbs3XUPALXsoH?FrWD}f&Axy-{0}(HEWpd&+BqMY#w)6jN zM;`Sv9(K$u$S8(@`t$xJn_}15_l6xr>woK=``TZM|j6r|8sHub*u6x(M6y1nHSw0Vr*uFjw@)OR^WRjgNRH2ERAmT5+u;VXomBPeRp>-S+=bHzp z1V?}QS2rfagbz)dbYUY#*I`M!)PC!ioFeZRnZ|ceL#8|=G{$MNqC-INhJj2gPR$v- z5oa$nvCx)u{}l&JLsOD6lT!8qpl;?;|K1Apn6VEI6HZEx!qfFDa%XALP(Gvrq2cYc zC_C+AoSe7_E_p6DbotaD*P`CgY4UyAkR@@%!q1|mXpC8OlE~?JTJ2F0gpst6n?Bq8 zsrV-lLXwol`=O=M6*?NKO_ge=EllgZ4K0SqD-%ZZ!;PN1G^l;o|W#XQp#3qr)7*Ri)SoUsu zjHuse7O7nz59jN@=Ucb@4@<+fkH?_BpZc`sQ5n9=wIvik0*-c`UJ}$NB_>PzTY2eH z4ESptCHq;eL@?L;|2=k`mRsx(@Z3*aMZ9in*j)b6eAxZ_!>a1Y zkFak)R#F1zgs=N%T^2mM?*6euJ9+sc9(dZ`j%qdauYA3_uAv7Q-WyFDuF@p96c?FZ z>aWcmCKh-3r`iC>qMMz(Wtf4Qy<$Ocx07oFF5^bWCZ5uZ(5C3bi(_2;*obHw$7voq zBkd|v)OW!Zs=kMz-?Wzn(3Y;FuTRH}tK#I3oW(5xe;;lBT<2_F=Bc~4NwjTjwC;k> z8^UDq7LF4qxz!j|PoIZ>B+`hVd|{lMMCMpPD_fEf5iiITST?%0fBM(_wngK3-)x+i zCpeeI8HU%Y=@%yKh5h$=!g)6@izbYJ=b_u?G3LD2JnFWq3(>7!^mE>ZM63PZzt2*< zeeH7Vlz~@=QMZ1E6*-+ z3UUECPSczyvd1J#DfE{=$(v%LqG=c*N&#T|HPy&TE}Q&atK2X}Y-h;-+cp)Q6;qE)OP3`FD| zLj9+9@X+;(rm?5_f~N?kDE5Ve;FrdoxTksibDr6mpQj%98tqGyg6iF{^Kuk@`g#5} z4#-V?je&Dow-%S;KE?s}^mi4pGlJMtHImX)6jrA(PraJ}{w9aGbD+cgkyAIZI~OBf z>+z*w?Dwv(^B1D#bv}2`JIpkB=Q0ky-y9V>vKr;s4+;X^muADQT>6zyKYX-b23NcW zyWAPC_7g+Gel`8_?5Q?Yfa3F>OJ{I!VZXF;>}Ws+W!)C-m7%p6vX!dP{?IN^d%%Q2 zzu9>%s^#Z1HzGAsTO-I|6>@sSj)~`@th;dla}(>Ac$hY-j~~m|Lm3zp9ZvhUUv(yH z+`A`dbCg#X$U8`$#?}k+^cJ9^%?+ssyqJXhzO!m#{aE3!S*RX+SmU#*M8q9>Sd_p!WU&APQ+ zhq5Rw_Q|N&i_B^gbB~FiY@So*n1F76XH!~f-+MYwXaxBFeYwR$FoJU2O&F(#VSKPH z;W?4GaOelmH6JcEzGQcyw7n78$#h6dv>)u%IANHOr>N&1IqKhcVI_5$p2oOY*h{B} zkr0yJI{czYGY0G1w5#FZzJ6XOy-pMBN>Ydm4O|k*U%ggUz~HtB-i`0NTR7mX(@b>S zyvwA4(PL)E0>;2G$^5L#mwctsLJoSi>Dy>O2;!-miUzT z7ASBN9DHj`xiP;fBN zBlEFc*I^eJQjn!Aqi0r=Gg#!^K{w$Ixm<)m8$t z2Yy?8FLpftMUkLG!{KzD1*lihQ`Uam(P;_|o=SR*Rcr3jkcl zHo5hCJ?k~O_hzbmwC%N@Ufca6*=G0m zLWLOt;L>>c4}zCJC{Mn%&wI3QZV7p}f7mVNKk4pjy3COOHecbmLe}P!w11T@J^OhE z+-g`L)M@_wFWR{O^g&VnJ-J!5_8J_{`UL8V6*8~G zCDvRSkMNw^sEIXWMR(IsFO%`;Ds%h-GQPJRwzHf0b=-d3dE;nxYRfQHS2H5q?`F4I zL43K)y$FCTKRmTRFR*>qCvI&qy$3uO06SLD-*QW=cS5x`dh@5T=8rza| zua<1aCC*PRMCS*gc71Sd7gqYs+X?Cw1!tC>lb-iOoXxX=t1gb_lacrHRNi0Diz}q! z51ziDuSVq5oko41o;HYv9e=hqmo@G}`FZ=TW7pn6we;KZ{RGL4-{$Ah?F1@^VTo?5 zTS#-FE4%J3x;WYGe9z7BA}v~VQ+tl3C34{8WT(#aSdve}LR}Y_yQJYgI3^kdzs`F( z%Xs!y1iVcbb&F&simMqcwAH7R^?fWz`VxQiN%K7`RQ{D*NZ`CM?5%qu7rDHNjxH#o zcv{XSBpL3n6G#lY@kohsl_4WXuggHs8QQk0QAMC4^5>VYKz9&!Gw}IXJguk)Y&EtiH?t|=Ikol5Vd%tYGv5?a3SvTst{924bz(~jS ztHMYS#2bus*Xv^HhqJxx42k9K&5V1}>~&ZS5v0t&`9eaDyZP-tv?iK%(ZfR8w9{YS z^!allCs(9AhTrR{lXw=P7GGAS8t46o_QQ5*Zawg zj&1C3myf#qi*aX6vJSonS)sg2l&cU998B&i6Q|U?;xly&nb*fato$PcMWJEA*cmtOz)_)t` z9wJrTfV?~2li{-y>uJ77>mej$(vN`Db~UFUV!HF+Wws#S+=m0x7h4CNjbqHnrEJdg zfUmz^)GyXtAJ!wMOrf-$NAXjgdtmt*rORsdJZEg~D{$)equ+$I-Q<0{ac9NrSOBXZ z<#8fvHJ;}k zSF3-e@8VxCvSwG_Ht_{Lr}KP8GwcM}E5v`j%p!-Mc4M1*PZzzm=f4(yU|aJ)6kHvP zh58BNHwX4xT*Mwqyij?COT0F>?(h!xwNs%|;M<+%dz%G(u^DO7uE3(G5y5Y5`W-IT zD=6=dfhmY>Lf(ABzS9mV2ymeCbA*-!J8eQt=GFBpV^8&a)5S&MmfvK1xKF=ypPWAY z&M*}NAHMbkFsgr>rnk+Ypvs;3_S$ls_}1V!9R8V~f(6yiWGp|K^tH>#ewbWpET-!2 zZ#?nGf*;}{t4$BB1THHsw z;_`&`*~G{b=yG{Ie(?ZlyHz=id-{b;)gL$=QbvQXn<3~S`eZyg#M+&Z(A9IchEKD7 z0DDtpNFy&NthSOstinU}X1{(;rULak==IZQ#5<>8T&ngGy6B(2dU}nFP+#k|D0^D* z!tXn~8G9L`k&f-}`j-$CsSDzMhT=ZRiO?};D#D29FYhkf{ z1f5RF1O#$}WM}v5(}%4J##+=r_U}&QUh4HiY;9FvciX849Znwtr`HoB*wuSe`VNKV zC&M)pvLv9sBAR(7ncjg(`;Xyw(m7M4(=`;4$`LIh_>mq~fBsJZ(KRm0&N`&twf&Us z=O_2?{UqhgxBD(Gn^#=3!D{G4P3mGVqTUYO{o2&}sG*gq?`0Vm5H*+oWBWMD)>U`? zk@V*lKY0FsJuVJA@Xpew=No$8dhmmd6|a9{&U|qMTZ@p$F3bS zz?P*ynt8AK+gTspo;d96^On5a9&G&)d0=n8UrG;CyJ?5IR+Dp=6?C)p8CscYx%7Pcu%lgH`C`qM406%FvU2Np z)PsvZYu9=CWb%tu9ag?}a@ID}k5fJ-khv>ggQ?MZ<?hpg6hBCi$UD6{7%S(#Q3+<1-e>r6N z%R8s0eQ;)lRONk>Rrd^scJnLVVRc+r}N4)o|!~WJQ=GD97+r}kK*pabF5cr%t!lsMiQ2`8)wdcVM@Dj;<~iSFA;lZJ@dxmt!*FJo*TCL zzc<3O&xNka3?Yc=OwHY)LkME`n6nDvi?5U05;OiqHU04XlOn`SaOU#0nz`Hkr~8hd)VgtmD_}`Iul>MNK9Oxz4+bvgo4l5I-&zX z%rItb9hy6sAS|H-p&*K0Eej_iQR4%Se7oWYWf(#1d67VGh!`UO=H82mFJB^rjva1! z5?Dekd?5IXfFl4@-+VFaO%3&S|b2(kRKw>_~nkqyr$R`siRs`{7M9-*seMr~9O z#50DMUPT}2<5r?Cr3wTwedP)S_gy)N&>tex_&zThai$R zZ@lZ{0}5w_*!}Y@R9DNR)(|35M0gDTXY)ilY|P@xFGgA({Uvl!uhcdr)6ocH#1VpX zq3cn@uZJ2>-THQ$c8gy4&wLBDL!1<}#{R7&CUm-i`0}2zFGF`HmlFRmo!;}yTmPE2 zA2k9{BbLj1JBAZoVu_SCp^M&o>Sp{Z3}G0pl#$&mkKSC;QJF=|+ul2LJF%R|nAxpk zh}8O5-HFQtk#S||O|KABX6?+i5b?7oZh1*3&d}%;#G0N1ET0aoIR4IX;(?cmiS3EF zTh9~VnNTA8)+a*p31j~@8A}xzAIF7^8S`1^Y3&eN!w6#0ln`TAg6Kby_%?!=#>GB& z%QKD8TBNe}~8!te)PAl|tpZu5vfiETehXhRVFCljyr9!!j0 zM@(#=ar44CUp-XX<7O+hUly= zD_wQxgpg@_CeJ69e~?H_)hq}lp5zslJEsgat$2|jKKg7BvD#R*vRFXNXKi9`h%udb zXnN1k9?ujKMb;84nuK8?1*7-gG4s>7&AT7%6}ruS(+9>A+fEEkB=Y;)4s7d}F?*Eb z#co7u+meYB=A}RK)3+;rc-iqvZ9&hl%?obb5`KBCI^5i2@em^B$~5}z+@4Voxo0pHU{@<1Vy`jkXxH8%nGMzkL`^u1?ONmu`pfzH} z`gWFth4u^Yx4mqcQPOcpRh_z5yO?>e5{veJ?pT#b^wB(2*ZzV1U(ug*+WTy1Mt#;z zljmEyJlp4|W5ppE^;x$)+B0;kaBGC);Vt&hvbtMrSv4B^KNs$=YyUvO#QM}dM>k|! zI{rMSul=+6A=@g%=CET1(tXdg2#5{BFIL8m&h)wUWIQw!JJ29hd;mq&M&xRh3%;<%b)3|*R zT-N3XcAhl7dT6kMpsH(LXy3V_e&L+QQcgh2)E`u~l|P;=zBF_1kU8<2W({6_VAdM- zoTEMG&3m`3XXt>Qb_HQlILgZ}eE0RJihA9ZsMpSI%dGs(p?dZGWxA?=9jkoh!T(Mr z7VGQVCoWmCB+K#H!a1g&Z~N+&b(t?#@1F9=ZMH4{ay)#CdEaMk()-4?yP(L5d9RAf zpZUs{8}Isfi@|azrOTKE+ryCr`{hsb%tL=&c>ctr57pK@vL|lnXY0S%wPWb|R}ann zHGTE~$H^<7SwCLj*gvF3II{RI$L>{epVmcfB!0Vd^UL4dQ9rPU9frSs{M*}K+`Xgx z_BY?sROJtTx%1aGwlm8f@xc9v;_Mbn~=eu|K%O4*6 zz;0c6&#t~#_T1I(nWgm7=lWE_aM-1d>A#(ZFIb}@H}=e5)Nc6kH*c_ao$t7a)!oOJ z_W1tLFNaRwUaBh{aQSGTszb{Yf2lh(^Gwg9FTGbZx30LGeasj4ZT$4R{-)EKGrfcX zeeKygf^I)04=uc{wod139h1~ubGlw1W*Jm%{=6r#wj$%3vRiC-DeUVnr6CP@@C(-+*_d_FaVV~HQkrdU z^hzSqGPC~9PPH}tY&nzmwjr$P|E^P~waKvU{Al*DL-*CCTUUfuJA_AWYx7w9yFUJT zfNfs-e~oR=f3&3C&12PLhuL-z2$DkWjm!J5J@R2qkN;g>clgYv)5($ce)Apo*R8z% z`kj5A{dU>8>LEn6`HI5wKJonx+x8B!M*O&F@!|2CONnYn(yd|nj=G4uFOR(YlXkU^ zRZn-geS6C0+Cv?Q+Ngq9V&P!oy2_ik)=AwK4`2KuwL1OH+tZdUebu(hcq6c;pX+kMw0d0q zf_@IYu6U-^@xs#&y}M-T;?Gikb&NZ{e5|FqrYBLI-hX1kqu(Zl*Vfz{27Urv?6pxR zHh0W;vHHzP%U&z2Uzpftx1&Qp+tbzQkL>Ja89C3q_nVsX#2qL9jOQ#RL{-;E7@B*}L6aPcD-d!L-=*l^F_7~_#2j}_N1LGU;NKDW6xdLXFF`BR}>%WO1v52 z7Kh3G1?nAsO{;!a8hzQIRor3NyXF{SVKDzVl4_qg4x&RJQJKZ0cZt@2$hf(#N4S zm~v4)lnFVec<^z0>aboHPtEQ=6PqE&%|14ms7>$k!*ij=LCfpfj~qm(LL%**1`(>T zNc-lPsCQFBx}cxo=4ox;3h8DaJBa9WX7T<7ju-0MClU`1`_JV1_9>yOcTVo+I5m4q zZ+o`7>zJL-4=hd%|7D(odjbmE4;?!9-3@lji)IAzCv9>=I@>ot_N=43ee5$K;jhh# zy3Rb!%(RKMEg4TtQA}KhHdEY=p2RF-%%q{yhTmd4^G5jkn})<6+F1c?%gz;i_}kug zl_#uG=g(E_p8S2sj8XL+%+ns|rwYrcPhEr8a>qjA+0f4RPD6-Su3uf(e&prNbLw8s z>}>xfa!;2JMn06<_MtS}*~80roqq0_Tdm6LXAHIdx07W+Z0z=XBJE#wvoIx^a%}a8 zc%=3g%Z(8ZCuzB#MM<;aYZB_Y?Dmv?@eP&l@BwLBM@(x!_&gG2}$t0cyze;jSQ z@AY@u=GUjbNhFyzuloj|Y4|y=I{l+5#IvD@F%=&kKI!|8o4@GP(Xswb_Ww5Yejgjq z-+%JvUtd%{O^k=PMA);p#J%6sGNA9p4(8>NxN#NH$Evp7w{&CM{Q4y!o$avNe0P1; z`?#x(M3Qx|<<;bHN8S9I{>n4#JQhrHFXQWy01&k_@#=By~!tpBi5+z>UPb1xc11w@7|gE-GVhki0Ycq&i|Hd zf%DSGe6w`Njy)edRY=UMzUz&=qt-+5kqS#)`{|#mEc0s9PySppJ!bWjdwLPph%wI| zAUZg<&>SQZlg+Q|9}n@H%MucAX@ZH0r0 zgP+*%)%{wRUOcxh-MTis(`}bhucSYcY)$Xe{!aVM_^IQ&*P18Qw|Vj14I9aJ)84Sw zFfk|6+jPEb?v3^gvUkO{K}0E0ZN4)M%Ft%+Gg6o8>x0ewG!4Ec&{`yKml~^y`6(3iId(jyw7o3|myT-V=#Ch&)nFSR?*h zy5S{*Wvt_n4o_$2h5HmA{A9AKZO^~P7``3+>Pyo%!I;r!m>ejlQF?rE8|ZBbZfd&cmEYxWEx$n>WQYl}l-HW1PJ?D^XjMxq5P&xD!jV z>f01noIPKE^mOmpVVj?+n?RgT{yzC~ZIpgz$Be`dmbwYVNN!_@wFcO3?z3cH!UmdaaK)ZJ`ClFJ**{_TIT2XU;bzS=tM|Lhs4W0f; zR{~MonW>9HdW?Fz)LIi`yZKz``uMNUr2ls0=i2{g?_1#HsLFghKzJnVvJVivK2i=> zAxoyGp8c3)5;|SYq(Yrj)6>-%IYAFWe$?1iJ=ImH69r`TUN5>oz2d41tnP(X zL4P75i%JNJdquB;?8-w7@x{6Vi4q{;l9~JaPIdS6Br}i*!FYFC$@DpO9^d)S_x=Ch zce=WI)$+?8|LTt2>mDFpx%&+B(XZvc9{JwCPQS2i{{@j>e)EQ4c;>PHa^;2(f9dG-vI$zg->i_x|7s+D46QFwKj>K3* z^bcIuuIRfrx%|&|zi!9dAez$kqzg)NFstq6Bdpg8Lcl{=>Z}`w9Cq1+h zpn2+>JHEAZw!Z9d#?K&oo0m!_U%3B7?X2xg%gt%to%<@ZksUpFTeVJIn4~6+3X6{le!jja~nR z*Khy3vm(0{bNqvNIx}+e&b}Q}d+zwy!;w?Zx&Ipb>-n2bdgFobdAA<8%QGL?_4G=A z|8>uP?j!E9hdy)8S1#8tD?Yyaua-T&e)p|=9=X##^M!A$`oB+o{L5(t?|a=2<9BgABL98Miml%mz3i)zuRU?_(LKhGcfH}@f86n<13&n|?B{o#J#&8KPp<7hXU!?& zE2%%kS8x^(q9Yfi=I?RfLfCm#FchC5>W-W0j#!CCFDXRiD59mBhB{@J62`&Qlf%-%hL zJ`y?qGv|Ee%V*%XTq|r}_L*B|zBu`#>u&q$M`r(dZ29u-(nqg&>L0J)cIFoZ>NI;- zYwex4F+bV(%@sG!T(x0EB>S-|rk=Zd_3~eCzxVa}GuN#cJGgTC%*aPiy!Nx%=Vqp# z^k%fFy}!Nv$_*|L3i1R!pB68C`wK%16JOy7T#K z{`%$};$yAZ^A7y{-mmPO2BP@l2`eJyRge69$CJxGw(^OYdw?2OM1Fhrm0O;>JGkPh zGnT)1^co_@gLhF^e&VF~rKS7mCuS~KF@5_pnPuBopLONT>Z`8*##0ZUb@~S$s{C^L zYY*;uV&?wo`~Gz3K=6s_@^zQ>(Prs`^wDHQFPdxJIo`bE=pHzMR{vS<$>fQT(ZGZgW z@O$2R#>_Jpy?J@$feThVRr}>-mlx?z(y6tN{nmb3+w-g8gR{3i`6ut$nVtQII}h9t ziCq4%EAJlt;dO;mA35=^@r#P`+Q;_Z_`c7~Ox`m4t~bAU@kMW39y$NkHT#UeIC78$+Z^qZf&;@K5f-1wHSe*FD=_sILc@~!Vb8o%`ojy-;g@}fEQ z3vSm1zxlhF$@k2bTEDnq`u??%<&o?6%lBOR?cy(9fA!m^XKt(heBi}BPwp6)-Sy@F zb>JRr2DeUq_nDFHiSMSr^z1Vq+V-xeKCt$>7q?A6yW_l>C!a8``N^j~k(_+u;3rPm zwe33p7oWc8;U_=6?TtUX`0CXMpWboql{26F^}ElEM5xndw{2e*`S8EJ{~e`I41YWl ziA1Cf7H`>j+57&`_ssqO^m?iLKRXXP@*8C-P4)E;42*H$^-Z|$+KAh%_B02+#_IN(ef3==K8<-YYR*1^cFTD9&BEzq5%X&RdMg-r%q zRkL1Ms3DU~CI`sXKFTx8?!-`Ej7d(m`lt!rG$!1kJ~oknV*5_(p*|+c^ihuMSM{O3 zQckP_m6zk5o-KY)qk+;>N ztDjFtg*9|kSlzdNT|?Jgsx{Qd$GJYrAL?U-WLGYRr{|=K(S6joS*;HB)$O_t0yXT4 zKGb(^XegbE{&LZoAm5-F>fntJH;uXyJ}9rP3~=o6s_hLT3_5tyrygmy=A)t%l+Iy0^k#q!-<0Ltk)P z)lskqh8Y+S8=ad8zt|go1rro)PAzT};a*R;wQ6?*%ce6~E&79$S+AOPy}wkowaQv* z+^)O*jv45K6vI!p+7;u)npyP+sZDxyN_S1IxR&bKb$Sg2|6je9A|r)M8>E;hyB3Ux z{J2tov1%IiLCUo!*M@o+q!^lp8N3P8)%(cS~Fd}L7x6M)W^_^JLueG0?R}bWDZ6kQwmX@rQ%#v;17|26!|Eh zq++pXjM{pbwqB`Fi=hU~M};*p{?!MKUI^sq|BRrq5KJ5&m~a>wo;yxnYx~x_4bw36 z#=25tF$kar);H{G)o!{+1OO~e0DxtW698ZZj$(K|8fPe(V(3IPAy6zGivmy`8x&w@ zK1y>GODCd2j7*x0(g}*C*{F~_R0t?D3?Kpv&Dhrt3K#*R8zy-yus~SCf)SE)k$F6KY&@Qb^R}wHw$yl=;jZn9^s;=<5VzuEv1o#&m^d5dW5>$Z`8X3z z!X#WY&XGy^D4U>|xDe&JLxmt^A)1U+Oe_(N@voh)b4dn#oo9}LuX9Vj{zvHRN5uQ# zm${D&1lZ$?_8Eqw1TGq5s5HEfa+JVCnFPf!LX@NUWR#6l3=;?E3`rP5g!Ws3ql8#A z8Ed~!5IRp&jKD?{F)Bf#cwo<1oJu632>_gUG|7Z{Mtjgil1wZ_IUX9tg-{9sx+juE zyaXQ=7-}m8!p1~DJP!T%L^R2frZE6P zSUn8FhlTd|a=RoXKu##J(d3~e76gzx^M%DUDbl3KCy8J@=$PfndrqJPKFV<6idZhn zC#V<`O)%|IY38t^5M{`m?Z%|o+dC0udYjKL#u-Siy1m0+IOL6^MBR7-K$m{?F_)neOQ3tag6`ZA%S(f6nmpTawEf`pmu`DR5G?S= z7X%A@=jes!2zbW0V|MUDW{5`<37C#cMg;=UVX-?qDa7Wkz53x-?@`bk{|M|H{|M|H z{|M|H{|G{te}vc^|G@hW{|K=j{t;q5{38f+{L>zk@DG`+!#_ld4*!67bNnN)^Z2Jz zn}6E#b@&I0UH$>VI{X9g z=kbrg&Ep>!wTFK?#Ww$R8h81pQ_&`zPV@Q24*#?p&+$*EqD?rR=7$v9{L^WCEci#D zfq;(1Cj@c+Kl>*H$20$Qf5_;FXoHI%n-lvUDPHz~E{vRoB=~Zij)Lm5!k3e#1Rtkrjy37J)aqo0{OUqaH64)5A~Ic zZgG$dG2l!Y7qn{CwWXq?$M`iPn=rf8-^iE7T1_pW&Elp}S`+OlnJaT;U*M20OldW3 z3Rx)+rISIqrkT>F3AZ#X1WJ9vDUJz^k=$mxylK=^%*0fgD|2#P3*=hT-|8n?idqq5 zE^H^68`-UwYz~TJ$>vB-YROi{l!mL7k=$lfxTIRus)?3lZsbRDlBaDlOleakDOnpm zJuMk!wpu9<8%fE^w@`f}FPR(dtz*@CaZ|RpjxCOD;j*)-VCkm`v*J??oRLdr%nouqKsl(dq!;GWUu~!(w)sft0PpfSSwqCNC-I|jw z*lc3HpgIX{_#(QP-dHP+wVaWhWMMH+V=K!_=0;c-MrxjwEkr9~ft5w%qckrlqUPga zOX3ocfTCJM5QqHcC% zRpP?-1zJ{7AX|kN4h*i8rfKB!G*a^|oc3Bc$NR|2`Y4w&vO$57Ey>4LftN)oKsmmJ zgH)iTJr<`uAB(7oMdYCXIoQfN$O1j2JS3)sLXdLcx*{SLi^xH0wuwP*G4Cj17S_)r zHSeGR)*}g6)f}W|SlP<*iiqfv2(oJ&3N#l(d(d}!BU)6~n`~1K_?pB`OejIiD_k;a zOT$|yOT%7LG7*i{Ea=3PhO^x3nBinA6)0k!D~TCKwkiP*@`0>o zec3`D7PEB0r+p>IGswyYIOnxws}Nwdz{qMI_8~x)A;_xMRMdi?h{PQ%cid z_cXE!fh=Y{@KbDQd`U#KY#9L-vz#nS0@#J3R$5Yeqlf~{lP!rwVjlXmlpN0~szGBD zbR&U`J{G~g4NtZZLu^IN!d`lcnCEfM1HCpCRTGq>vt1gAMiZ+A4hMM$5#KMgVBIBx z39!Es%taHMRy6^1i(!8Q!^dfllP!tCmIUjtLVNd$CBztKYf+8YD7Nr(4c^_MOuzMQjN2xM@4iLe<0*?vi z!d|6XvM4ba{6?&>N>6>r6-ERZA?@V2lGKYtV%u>B^QBSf&!zYJqGrl z;5xCZ3ah9UUlt9B2U-O8JD6xyoi-jaikfvpJj@7)_7>HbZc0-lX2H^jGx3p48z;)c zhOxC)bxI;_N&(nnfyNLEh_tDy83uuV)V!zUJRiZBR^CT71bffpAVp)J?qCOtO|Oj| zDM8869qa)8b+98qCf&gf7L9pr?8y4qr)iYtS!@}sl1>?=G{GUjeFmoqe*o4BN(Qws z=sf`5&o~O;g_ZKb))ckU1RerzKq_j!QZXmeE2M_@Uv;R>lVzOJqN?0=5t* zs~K9hDlJ9Lu&TJoy6e3*>rH9g*7}GsG}K3t-x_F4=_zMY*W6Kvw_pAo<&aQ$ksvs% z_u7$b$*z`^K2NuAP>n~0 zzV+RQBX=V7Lz{6tH0vH&FVae2NUQdp;@xO}UXb63@tH(#ke}$0Jh2qwA15I`2Dl3H zED|dYvN90Dv=D@aL8=L52(^Izu$bpCxNaI;Jr7g@ZrH*>#RoW-tqcp{jw~89(4Hb@ z32Z}%r>F*lJJ6|CJnVZdl;eFxl^6u?)fA)$91gMohfQQvAiRY45Mls5(Iv40^bR36 zEd%6Qc?c622***H4j`OUL<2%wmcY0LvJm*86-YY>)Mq)Q8Vm_@RG?Rh$FOd&0jmPk z$jYMT6WSIHUKTTa2-{ho(2>bQXdJ?hihxo)ERG&kn24;3Cj+Fa5(}XW_W1w>l|UIo z0M#u;)qI?WlqwTo2m>JW7EueU8mz&WtqO!GAREwqfYdy|BS5}@EF%DTF8DO74Kqk-NKw|JP@*vE{YKBlGvVg`? z5SlaC0+~|~y7Aa5(6R`rj}~At!xDQ4Ago24k_Ma6SPY?jpfyo|cttHZ7^q9k`xwFn zAJPU%P{PoT!(R5Q0E@>mV!DR8+($YNnl1q*_Ea5~gGVB~8Yl70{s%a!9bo09%=stU?-`WfYJV z!eU~R281%KA{rj?T`}9lq9I_l0BN3p!~%!LP>=o5KCxw0f{=`);ouXYP6|E>Lm)`U zA*|$ONWCqog;{UT_I#Syo+3&tGC@Y-^9;(t+A}^jX+gF$A6rr&s~JxrepFyUKiDK8 zGmRmo3LuR&c#?WU7;mLOhaAfB3|2Ls97l)}hak-b9a@@))jX_MKvtG+`&J9m3?!y} znb^D$C?fbKIR+4rT7htpLzW~U2)}$jz+t-9LTQ3|EmVW_4mB0gV6d8T2$raY0Ern_ zf%U5?4}s1h#jp^M185InBBZpCW@J2^gEX>2Y$rU=1PE{|&9{)Kc}fnj z#h_785s2=r43DgWOZ-3t{G&-qiL3&_3h)C+^AM@8csPJ`)qoU^1KmQ}rKnN>sY}Qc znE>_>S*aFQM=kIJtY%v{kYEoPBqC2qdtmQ8vMOYMU{7$M5l$k0XXRNX7lzFU@Co)j zfW6K7#J7mwK>Cm;n5U>IAB&ocEz(9%)GRp?Lcq}$@x>qvT?>98$TzVH+z9O<71d}Y zW*lVl9&nkGqalT8A_%i#oCWJg9Yxh3LweK-kIb^|BQk@BGzjFtkZgDgZYN zZ69b6&dZS$2DqYyMA#Qdy){G1pnzbYmFF=@l_8ZYuvi5=tN z>A3pBDS*)J#>9GafZp$h@Jl(s0y%)jjS8jVd{U}yX%@ydJ6m&%Ss25Ot=#6R@|aLj z7Rm)ICtR;M8EC^7SzA@w)HZFdYU~!jT+5qX+a1r(j=S#eg`o`+N1HX z;bP$6bgF#>ns4Hq=gBI>R|J1pSqJ8|^ zQpHRFoE)wT0XIR;0`muC4rrSu`3dwFWUJ~Zz$t(uXBA7~&8jKL7B^gSP$o>vk9 zTM#+cSMn&pL8=)ZQIIhM9FX<26xC>#vrWKBMco*aGIW3fgRDgnM;%#3tZcROp&D|r z33yr|F&s8QCnTc`le59537}?4|3`Bz+0-s8o3Y=_hwh*~S;sA)9J zas`*9WLOQRWaHMLNm75&syv0)ZVReg}E*=2nNMOBL>y*fzs zA-it6cEhY2x!FJrnBdV?BoR;!L%)GE}t9hRutTvxk66(?)tQgL#!YHFce zcD?HNGz$kGFE*?0Al26$5vs!6Rtby3=Rxr@D^!Q!6<`ONsLy_DLvZt{HSKvV5m90I4-Df1=amZ*dXOL zn)*?wYMurhU2EuM{ix*i@g{z0_pkOx})B-K3eyU(MDXmzi480DRrBm*N>9nt! zb;_ULQ?E~%4ZB{`>+XCl9qW}(7K_f}OCKo~b4R%Lk!sN$w;MI8=ukx}r#GfdO+T)+ zu`s5Tr;2q=FE0!(%7`i{I3*texHuEGx2@P7ZJS2M>Ctg+!uF`nWlHOv=5STNMB|R% z6TksKo6}$JFYG*Bju)$r-c@JGwyS!v-mAVNQ^cW&(w-_x()*tEhL4cwib914 z2vu8KWXbBp+*NA4Vb>^cLT`XUQAVR!T5PHI{PFuc>!nPGdS|ofM@@U6i!K8%5n;Tn z-5s@_sL&+L@j$YV`&|s6>&05HHoNPc|6~pdn$4HIGs0`O0_tsVBlJ1cLqH3! zscbq>LuSpB$2aw2Pmk?ll4) zUHyW3qEx0f>4q0NE_8nTewvHShU2bYL)Gkt4(#3`@=CL$H|n~pJH*Ru%^A?_x~5OM z&VUp0fzw~tUC(Y*%(^j9t~>pccDcWOZQxu|=nt#sM1IYE@W_>~*P%j!D78oZ8B$A` zP<^=8$0qbT6?QDIp^Eh~WsXy12rxdg?zqKjRWDO^onYL>U8VN2;u^RXHs~U%XI86} z*3d(C)hW$xG<0Xuu9Jvti`j6S#cGF_Vcz!pOxsAnHdhbr4zMQ_X}qh6#wuC3mwn3HL} z;ie~atY&K*~#H`y@lhUxn0YSD4;yk z*Q3McdGX``fN)2${>g@}*U0n($GurjHtbd}3yS)>pIL;zRw*hEfPN$q+3oMsA5kflE>xc_jU8-DmI!lD* zmOEYAJvs!@C8DmP+9o-tD3a#2=k1-8=q*Y~<6&B8I#k_uDMt@a4mvQZ*GhUB=AYNK z&65Okosa}eI@NUa@?slNYgS#eYS#7Fd@sDB>5l5fvY*p6yI$_yk+Gr)D<;)cv+kNz zssSw*fX~pbVbQKxBV+{QwmbFW04S0SLKVk>u*1N4j+n^SaWw5LrYW=T9tVzHY#8%w zw_!9P2AYqUU8-12VGdO+mrbZDR;gll3~$2JCMZL9smY?_=;f|8A2u-6PmNS{NE!69 z=~6|9DimwgE@qT;$EEbvq~0*~x~4}d2p*uUxq2B|)ruqwEu@f4Tm($K*hYop9$fYM z)Vv6{8;N!sJM)r=BiaRh!C_u@M~-SAjzeA6?XsTJtGedejUJ_9yR1`AyB-#;*>$&J zSIMfvdUD<~PQd^RrN12wQ@CdaG7^DYGYG+g=$DK!U#}hPY}jD}(){CBHPNkecm@#G zcNg+9aaTvNJ-z1j0IfQ1qp7*ghE73x3ju=z`YP*=+0e^>^one>Pnddj**$eCgMQ2~ zNjf@>LeuWhhj%1L#!W~6qgS76SM_j~1&p!h;$iw*Ty@&vonH}9QvH;p>%T|B;1ucg=0Yw5N0I?C7o3jhHB|F}0D1prP00IvrHqW}N^ literal 0 HcmV?d00001 diff --git a/assets/falcon-sensor/falcon-sensor-0.9.300.tgz b/assets/falcon-sensor/falcon-sensor-0.9.300.tgz new file mode 100644 index 0000000000000000000000000000000000000000..6506a9f7dfc0038f408c7d98384bd286947002bb GIT binary patch literal 6457 zcmV-98OG)xiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKBlbK5rZa9{IN?8$c%J7-aL?4&)-<>qm1x6L$7Jh9uGPSS}X zaz&vA0Tuuyt8t!rKE(40f1l(x_(KwuD9d(y>D`U_!j>suvAY2FA9mp}VTs^vQ1^o%7qJj@$ z`XnMnQUAFU|1I8&QdEhgg|@E_;5%eFBxV_d7La1W#Jmd~x8M~}t_6Hwj!<&cs32jb z(kN9NO@zT^qIIE$gF#|IC<`J^L>|$^j8}at$t=#Oo|L0fp-cqV$hB!V2!OE#&3tIu)!m%!C7(OsK|0m(q-iIiYL_85v26EGBF$Wcq&= z*#aKow`7EHVB18kNp*aWlqh9_7KMt3j(^uNEzhd_#g(ZsIVXxdr~J3G-Iy`TQm zp0@m-5>}$RZw0VU{(rf*DF64L?Cd|t|IhJkz!8o~$uzjRhp~|Dy&6Xwa5kX|r~(2% zAN=sLZ{#@98dDfkhNi(0CX7ggDUp@(7vhmZnKjGIk;uP3A*5U^6mT_3KkiBx*ObL-F+#rKBl3 zzS)65lMH4Pp%79(;naQY7~Lq=*aFcc8$!>{lf5U&gOtA)n*`tK*wegzy%jGm`#W_e?5{2sW7U^>5giYA@q6?z_?^=>2(B9i1c82 zem3AcF#{%eW~OvTsJ83bube`pcFvU+1!R&WXrRv{0F5%I+`{_SygxxnMLLAtohWh> zVvQr3nqS2KD*UgB`&F1<+VnOb#z>6fG#}kcFrRW%ie&hniOl>tqIOBxek8N@m)R~- zySDk5Q1;&9`Mz)n1@Cc+a{k`pRY)&eRg~r>q~tP zGG?9pf4cun8pwiVl(lm8ztt zZ}F1y@)8J7;ZS%})5vTkB&1@-nINeGqHDX)t-yG}k{nEg(rVz=Wk2XBF_QRONhPLc z;6&sFLyb<-IrM8u)F_g;R$+Ftq?iIJwaAI431LnHn4TojblN67DU}wvbqNk?(a+}F zKp?3Iq`zb8T?)ucrLF3dsE})*JZuRPGpe+l1F_7bBZe@RA`i8hr^CvlI65VUL^u-3 z1xllEEf;`H31vpxh0I)GLZKU#@Ry9cI65Bg0TyL)06N_=I&#XmW>GPL91%9!XpfoFU6Bh63C@t9sh zuipa?3wdfjMi$3Ii9{oidIW2`!EYsDHaul4FpGU0{SzH*+g_Uy3?&Lin2=H-D3N2! zc`!(hDKe*DfYF?4r(Uca+Z@d;KaO6VRyMCOdAH)|#Tb0($^r30$=ks09o0^(ju1-Y z3lZZ+8RR{-YuH;EzzvJ(xaR1hbzE_7<@Yz?I#V^AKU)fh&u>1h4URQ09FX{pW0dP# z;n{k5OXLbkxgJCBFRK3+)mwn&2EF+r>;BkUdcmBU-Qq(}W4_73bCJY6e?sL`0QnhY%NL-_CkC{I|K zt|BgW!>?+kkYS>QeCdaXgB9e7KB!$&^BpOQxCwd2R1E4E;D-+#U9RA_QfORY!ZMVc zaFSu#AI%-0YBimroYG{mzhmO5NB)LvT%@(%iHHlAuI88%25~nP)|BB1wrL2rT-VB8 z6#UB5Op-*D+(yz%h3m<)y$)QbSF2=JyIGt#6c*IS<_h8)X&7&U^C(>h<rphsJRq z)9eRQL^*1b5>1Bn$G`*?lS zYm|VOdi~~2qefhx2}-I-hTRfB&>SvEYrpQ0tU<$ySKl1GJbeA?@a*OL*C%K14__R) zZk1W)Lmo7Bz>Rc~gl7nUzQFl5{Mp9hjosDm(X^&xYlCdMmRqpNU0>)WH0^D&`taQQvr7KgMU-`1jBgrePQBn{DS96Slox zL#*lUWdAiXe?jVZD1p_u1}CMi`9fCF9q?ZQc^4vDf84|jQ3WOj;mT8U$mc{Slb69l zz0*>?%VNFpYFapLc1O52TP83&7FgWwZz!M(q?8Ost{|cbO-qSKy8uO*o9Lj&i z#N}wER9W#-1GwSZXrK5t9J=Ac=vd)x>2v34z1zgzO%mN&8r@1F-Bv2ygJk-&`CEEb zZD9AsjOs}n4ST2)2U!yhEc?|-kWbMXLyMnD&LD;>;FPDxHGH)~Z~|z-P`3BUh6^P( z-`MmE0TVLCcJ2wtl3N7~fYTR)=#zYU{l{if% zn3fDH2_{lJZHYPaj8KyWfI!3qAL#ElLZC zHgO1)06ifZW)tK!9I78F$VJI@l{n-=QuZL&QeDH}hKsKh%tXmj__b6TN`*jm4N4L{ zL21U|4i%fO0x6Z2?0F3EgBi%YUP6wj8V+%9rh=6@0&-PKn_ELP9K1Mkr^={MPBE>H zO=}z*WYAceTE+D|I%#8A)(=Ln=fWij!KhU8k+^Jxjm*>#-VR2T57cBE`pGst(xOZz zFqjfKV008_lnw&WkAA74I9e?A!Afti3VQWZDuWi_Cg+6c$*^-o-!@rVBW>7ADNX^+ zy+y6%_HC0VWn@Kn8%?s7w5+#vl|8irc9US$>fX(#ijowkQ8!=0Z>rW)BKxxBD|#4C zhTm4bP$w&Tgx`c?Fp*s|M)+;VY_I4k3f+;G+wQReKl#kCLZo#nvRw#xsX@6@d=O z69(EH)YMYS9?!X?0JH65IGYzfErer&N)c%jL}Y1Cd!!H=Hg~q-7VtMEUrbXp$Thpb zbS)&EQid6(!52+#N}bpe2t)%NtWK!1a$0#dei*@*vLOw|g%kx!Hn*r#$2{}pBh`ZL za~kX!umF7k2zTth#cG+`mY&ykUnNf4BKukp zt7P~xi>yU-L}i_|3v0#k+L5o({MQY!pxva2sicC{D4tOS!!&Kf+QCtLsb`osIn-8)C$xD8H0?8k&BU0o^69fqn4*=MMm(R z@HE;0j+t|RHw%eldTERu=3B`8oD*AwF?K01AWY6aN__|%o34o{6I zr=mEcdSHJ#^rLw6yBye`)r(0sFh8n4)szn!KqHb|l!bNiRP;Djvm$yNkH|&zIM%uO zEF{gM$Nx8K?AsSd$0~{oDSpL7M=?#23|w<5evRU(N<@l-{{;Ed-v4io4~~8~j`Q?h z$5?azv-joB?qdD#-p)h*|7UqNu21rhqPOndFPl}0`D`{@3h!=J#YArdXluGeg|7&P zqLhVD*f$bK*9AHwi6ohzf+;0HpyV#iQ=vAFV!}k3_ETiWFvc{}m`u1}BBNDgrjR&A zu5ALlo)>5fl!(?Oxlr&w|L^~Mlix_VoUoZqspl!=Wip9!Au*1kjnJt&^ttYbA}@$0 zBg&|rN731&%{G_+Hz5i}h#WL3pGxX8$h`|Y7RH+~g9k&T)G%mN`p9AQ7!GpsyWnul zh|)9(+g9=3&ExM+w@l05ONpHg4!%F#g1+|`Us>1CNZRNzd@Dr8TAhx0MmfUfx8ENd zpl=9ICMexJw_PwhL2M4i*bfp_yK4h>MVmL*Fw`+<%eD6Ujk}^l`V*P_BJ8kcz zKNhlYLy{ZDy|rOIfAFB1MfWcoV#}7wG=z4s!K@_bRjb(W5mWe%Xn0*9Kb_FA4r*hn z!g$z^pZztmwUh<&6nR2XMbT~yZ(LYF0fEb}p1psz-%)~L+Wp|?g>=@hI6X^Nm+bgZ zfA7&#d11F@&SpC+L)0WV4)nT5le10 z*_>>PgPBN!t)giac(;?}_VI4)y6(l7KAKgAhkkQRqQ(V4bPhsO*13PNIa5g zn)o8#V0K!ivhLg=snY2=&O$)ez)J`>>nJt0*l2DmUU>%ReGaWtKIr!yn0^i5ye`3M zm)6*lAHq{R89$5CFN=CHF4j_w!@49F+-SmNxlkGyy+AgvBPGN}m<&k^RX@U4Epg{e zf{;#kRE1!2K{BncplU?S`nFp(-Jb(qx*{$yhKZQj;%H-DHyguKY9`L2Tj6gRcD7=x zZgQc+eO&L?t!npGMF&e;%@+mNYN?}~+74|iv)dcJ3zNDIYP)kBkBxN(f*>T+vK9Qf zF?=Ir#jI_hB-SjT&Ma`U)?hNSwIPOpC0eVkVAZMJ52_rGX+n*VDNyEAsj5uf&r%~6Y7y?` ze}kQTuju-ACj}XJ9>yvew~v!keJDl?U}qIdvVw3tv1+6_ngas6vyG zS&c@BoBmam=_(pGl{TVYmRvdL4YRkPRQ3##!<&;Ij4V1j{B`tn(S`amyl;Bt_`= zs|68&h2>bax4z+>jqLXO#@TCcikfJ7(DJb0R zDDObLz3cuAcAD9$8`e4Yr4yy}JNB&Q>T7p34x>uDaEV3CSHmY&&k;i?h$J~0Vbm(d z1z)C1WnIk_T-y`4OM(MgRIPCoUBO8O7`mS;IBG6bThZnQ&sBY`&<)x~SHu3AXMKws zJ+}a3(1P8mxNp@vc9>pNI z*kH|2oi`fX3@uHvrIuG#uU2)leq9S|^47OCxKhJ)Xt{fdZoscaw3;lRkXt_Q$Lt}S z6l->nyPI$Q2q9YTVx~Ky<0jHgIwj}*3RwC(E9N4Mk~vs)yU?~URNzO zcvuCOUL3*Z;ftfKn+;^Zyb`>c=S?5sO1ryXMNtbYBLr7%0h>forP287?40fLBd;`D zV5*!6D699|)}3evXT2>j3=}2rP>@d5guq-LNTrY)W&8<)ENNNW{uAT>?eiZ}6n%*# z&GA0ZfY#N2K6$#oc>cTh^vj3ypU?4ho&QA9Esk;EZFtR-OAEWci#xihQpoz=qf?b} z<-Rt)ITIx9dq-V$4xv13FmV zeN=_u3cWK~a!qrDW&Qy&vDawD~v-CvHK|d?K8E(mvsBoqNVrxX9W# zkCvkjkK&#$u6C|nkpJt-T#bdnGmoDIwX)9079b9T-Q6yK7ZHyP?j|Hcz=A?d)K=;g%vH=g&tZ|bp*gpef`nWudtHRa95?z_|V=73GDVb%oxPKv@&VAJ?*pyVIRD`SyU z9ZSQ9&oMyw)0t9S%aju#wPDD~y)mSC9x$X3Qr`#;e)C$5^S9fWmqzfr z|1I!~d2Y`ze~=+$bwL9pD9tLaQQmX}uAS)M*6E9Hzx(kdsP=Y;T6vBswYLQBs8r=BbL9yq#Z)7X|HjVZeSOmB3hc-Wm-wdBhkpG_r zU522hjQ-x-pDiTVgGNlNe{>MTsmsF>oXuf`^^vEqcmXIPc>zG0Vz`(TZpqPL?6Pz8!6Y>~|@7GN{BFhN1A}N}As%OW2 zMPbJ3jSR%pOa$;HXo680Xwy892t&ko@>NpE(mxhUkWs`%aEMW*mvD*9t0Nv7vrfiQ zq}wi*bK?qhS&NftQ75}gQbrl6>&mfzRokN=sEjpIXMA0LZy&KZ#L7*FE>IL+{xh3* zS5%v2uDI#nm)sEH;tv<+E9U0SYAG>oheld;Nz zhoMA@v9CVBgzge56!CRsZZ8fGC1CS$SHXs%QO{V0B+ z#c*P9e2H>UVk13K(EIt8I7%t%mE2S^mT(kIM9V!n)p@Cy;SdFV)_U>z%#q)_GnJyU zpRC`PXIEAb5)edGr01K3=gpBx)3%kS<`0^@OkXMSlM`q+Y|e)#tC)NrhP%@|^k5Dd z=WiRu0XKkQ}4Wxs$i}AVSG|R2~;D z?jqT;6BpS4BpHa8zMUa~5Pb%Qh>K|hg{tz1pMiBhu6LCQrHxft(SfftRTdWj?^ln; zPxL2J^BA8?ni*0_jNb|j(IJZ@!UqZ%ek2BQ1j5x(?f8Ws4J#=LiO?;$l94KNVkc_K zq2g1N$Sjfa`ZA8Tsul+?YhEL@T<`d748=qm0(#Q%8P`i71SQk&W>C)arsn zlUc#kWD7%5k?#>E2Ntws=Hl$v!!dN>C=(QC;TK`F;Z|0e?_2?xqVe%{DkefAQh1v2 z6jrI^_0(E6>WzUF0jOs;qP~4zVu^F{JPfy*w=r*+Zv;F>=v4*jEr($m(`;FjgQb|7LyPU0SltNy| z7+`R98V1>wa%*O)o?LL3Ko;k!`El$45+=~lc! zKkhf@*SIIv0ffa1VlO0wj?Mm+=0DS9y;v=grt!ZMQKgVh zWQ$aTBn(b7MSJ&!Gl@bumJNXbGEQn#iJe#njj-&@ zN3vVY$&O3n)K>DTA-tVFcUtt8UMlFU-mph{bY7f%Q>LV&|1-;NqoAa!T$23sDROoe zxwyI3Yd!-3yY6a`F+5R2yj?jyDso|}t}LuxcdvLl|3ZM3I1R@Y}&x&r}Do+3V+LSIy! zMlj)nX364$h~t^u>(<)q;^c8p#5$)p_*Gdtx~jTLObs;^WrrfF?Euaal80wckqVX> zP5DJtRV7_5i}a4LsCDh=-mBiY?l5~i;k7}|;=L?i=+{D|+B>{(p9_7xjJ$57W_wCo zx~NIdMHLby(XHHN?Jwi2vzr5y)T@DbnW;t13FoSCMT7wuCP;c zl(hJpEzy}eT%W$iqQ?0xSkJ=AH}Wo2@5?bru!}t)#0$C$EFj>vo6ug?a!lhMZqADl zY9V zd_LH0Z)v5t>*mNwdJ3o7QA(HM@anQ|7~ zm8se{s%YN^vZmN^DOJgl8wh3^A}A=7#rpO?TE9Q}V3e2~Gnzqx%G*;vAFXX#OkJ$# z$}~ne0#6{RSwTG-23F;=Or93 zNB+?)V@H*=n9B<|dFXF7o;to_Wp5>U-H^9Eb?7C4lDl2C4;h~|W-5ahAA4N{nCK*m zYLgZth$YCFsy-EA-1mvHNV-5D&Qrw8OCv4daj5QCS83s-Mf}t;iBc3qM&5hXmWi7) zq6$^ds_DF4ow6JVdczJAugt+Ws`aN-J`|Gs!WfzNu{=T@mo^So9m8~CZs12b0%aWh zU}?QYc~tEu;uLW;TrUnoI;c8UgBmRSPG~u4t#L={mL_)-Q(cL48C4aAE#3{-Asg2$ z4LaVeLIU0y-Eg8o)}1UziDhE#EA^CWb;An8?)E*+B{HKh6hiT0q98ruhD%AOLgSsp z@O?woCdra-RutqbwPC+k6D1SaP;J7Tex;*ab@%QuU(>OKQ7R+cHV8bUFc{O;M0$0W zUO9}(pcu|6-C`$;^XzV)9H9y5nhv7Rd0uj%k{SOxZ6%UHic0o`B@w}iBw1{^QZ2Tl z;d#jup0&BqHqCohHwW>J1tZp{5!!l%O21Z%poLQljD+($S9+N*EG(0_%2Jhf2Hy+i zrI}Cld<4VGhj5aHy)@(qvo{Oglh^Fxz<#NW-iNH;&R(FFR)<+N*Jd+=)x>q^;TTO? zz?YAkQhN5p&=UGQt=@r@9rI4@^8UR%_D@bdR%Rnh%_D6p!*6T_uJw&=zihA;(0_iX zC@#THiXxRLzLG`63B?*&P}05T*O(x0U-NYW6{PDXD_0O0nisIVpqY7VMV! z66~~?+#RVy+n5itR`@?uk>CG$b4&J?>1%giM?qLkM;O)m-4KCMQl*+uhm9OL_eT6% z(k1rrXL$H8qq-v+OHtj;I`43~@^sh=s%8WAg955>H3=@G{7OQtc&lZS1-yM;Y@K$S zASx)5w;o!J4Kzs`ID}mxf{b*T1%E90=;&NvY;aWP!qiSv{_LRP`kB!8LX_f5ZxyP7 z+D1A03R7Pu`@)agtLw_bEN4+?5sEMNG0`F0Q}Lew-a5{RKxI(b_z`d~gsWouLPFH9 zA6(^Gc<@uDp9r6!)EtuP(^%&rJKR&620yhud2`pflyPd&E*$+D`LrQ4j_HHVdKr#w zLQ<|c)&nb6;>jU7O&!a;2eiy||HZbZhlof_;K6I1W=a*D(bK(V+!6JPDSNgk@RALn z7#aO*U^Bk<$zL_U%;l}78{-#{C2ptIZt9Re8zYJir(J9wdK&q41?WO3^d1$5R1Iiv z!C(oTP{pbR`pZ#R07EN+`OD*wIy)qS1T?%9d1DF{iae5jV#iI3SZ6X?u(yy5jHatLj|#CNu+c17yKi1k^y# zl-SjF=e%FK_=v03WQfv zhKD0Q%V?t8p29{_5f7khAE?+dJHIDTLa-lD`%r;~tyil$0oXI$cd{$P+c0_~YjfhB#LJE-?YOr4g0yc?C#Pm!fMihb*CC>~sla*gjT^)a7fsp&4c7@XL2Z^tpMTG+6(zNT)$> zB*0InEm68ryH_2*OFwSpj?qME!CgCd+~h7^hw+t2K0p`V|R z{uguRJ6UhJuaspY*A|il+VCVd!j-hClVd-Guu$14WH3*thvzMMU4yiDs^&E`CU0Tg zwIh#3XI5f@cbeWFy-G`8DZAd!!X&5cT_^b)N%A5O_K7*7QVuq@XKQ2$t7DmxM_a|r z8cQB?Q085GRFt{+^?Xg5xlXbatDk&Vq@U_*S+U}vZ_`#aTQi|oc0G~NaP(wvogS;f zMjU}Q$uTsan~uXlZfPmQR5HBqY!HliknI_!rM?Rtyda@2U;SLE6D-a{nI`I>k6Ch( zDnHf`Sh}TN(Yw^Kf6X?jcRvgKQNVH?Z$q1@ctNDG{X>gDZJEAeCau^AJFp1$6kjHW zD3)>H`R0OM8@Z`;uU~Bj=p75RbG7BW5sIE8kX-~8%V)v80Efgg?@9Deg}?qp>8%oC z?DX<5gz7v$__H4pGdfQ9)7wU-+9koflrAaf&!IXspE?z0nUV((1QTvh zPT%*PDP_P$C^homp))Ydh<|q(Ne-^5*UF?eTgC0c77|=7A?@36^K*QeKNJ({dAdoXCXtwC+1ieb+n@Pu5X#II5 z$OBlEY>yXnxV5~ih_JI_XMKRLt$MnyPq^O=Rz1)b)-wmtRckvy4NQff=Kh{+8LCI0r!EkGslToGAGtXMMPU>lvlw;j;mGkwiAB!7@lr z$Z#FJpIQ%0$5K<6(xUj%$A|DABAtqHEyepnxTTg(N_TmZgO5BY5>Rqz6jV6kaYMs< zrylv8oIbdYs1Vb#dM8jJmWdlbXbu!yH*erHj!`K4Ee4Yn3|4hXp>qfjOoe?WdJ$6e zW8dgesW1k%keIN!-umC?Jm>0aqLh-9z{w>o3*H?iwh9)0E*W^a7Iu+Y8!nrnHJ2DF z7}UbTQI#aJJ@;a-wi?B!Fcsg;7j__eD4{hM-~G;;)wSpwn9P-V-c!<5WGmv$PaWm- z;pcgepOtU^?Q2gNA~(?9#)Lop;{mJGqRP->)CG7Sf=?6ueI+Yi)JrR z;`kU2XMXrf=aS8plRuaZHvSa+RKwaBe?r5kW3Boo&Si8ayXvM(RK!7PKKRRtrk3l` zS7twliq~`$N|kjWHRwj1{#T8aIJ)ZmVj}HKsrxVOcBiG`U(YOGy5m?Qs0fxb^;9S{ z47{#uZ5%1}lj+nf2oilC@UozBWg--pFb;~AV_oA8i?^!dushHr3RHRfLg)?jxTusIW4Vp-JW74mEgCtTX` z5Y>yY5^$bbN)vL{=9*BQSV+6eR*kWJdFe0C+p866VA{u6O`14iKK}rfV1*;e()pe^ zAF@3XGR`ob^&G0MdZ3XnYj%Ycd6Eg;6q_MQgE!%xb22@*;q=!4_9%uJmTIRIKOO(O zuNX>572K2rp5iVmA!!+TwN3_`Nr`wJ4ULw&E=98!(Uv)TXFiz|Ke%+==q(~$cgPrH zC~u*Yutix0DS6B#IcA>==v>&bEHA~N)n*a!PP)m+MdV7tKbt^b|Ey|U3@bo`Hk5YP zV6U8YRK{8+$SJ_ThBJ5&m6M#qxWvU?ZV+s&Z@@j*(Ok?}gk|}@V$+mt+VN#K^b_V! z-t?Kxj?KkN`ZCk+`F2JlEAyjzbW@)_NtVeF&Pb&ga5^0BzaA-N6nF)d(*~yH6S4HL zsHp9wmHKKWl@^AltRCbxI< zFyaZwhSk}q^x9Utidl`P@6M;uG17Kbf1FX$Pq8RFL9#vg8>1b#>j_*3&ZWup^eYzD%(z$4Wfg8Uw3Lwj}SWP9> zB=aD!D5b1xrsGLMnQUa7Bb~)gvKkHuN#hPfv{_*Us>(o`;o-gF7PD z=bWw46eGtIyo$Gf*Zo+=scAGX_H~znatUlwOD^g6bgd_fQRlNn#9_L05MlP^@sst? zuYX_Kl&$F^CWzO`%hJEQKJ}zbEOBTwiET2ff#UkQ#GhPlWHOkb{=qWd1v}DEI)Vpn z-waIyeQ?otb^r_Aw8fcs`|(H=Pu{ZDnuk)E>v6Bx!HLDU(g>Apx9*~^>IbY*xX#Ge zW*Zezc-LRt;q^@Dd#wvR#L?BC*WFSr#On!~aBB2x2K-$(B5V_K>7Wgi?~^tbXEjZk zkRR0RI>M`N456KuHNDQ|nv~sYPi}>8@b#(q=pQu5iBjG3OjE|n-o=99V^>L==^Es=1Z*YIt*^OuC8@$A^?vFpQ z?oGZ~>^t=);}5|kbc_&{f8YYI@aSM0;JZ3UF$Tll@KH5na3zp4=@MvFsn`pMWx>z_e!C<2 zzce{4TEOL*IX!gQ%x8TWtlM^Rv5|!;4;idxTX=(909REREsLwwGN1>J8|W@qcy>Zx zBl}Sn&3~srE%x_e3yxioi!BVp>ab>KD_QbK*43?1bmRQC`w=v%ooGje13s>MN@W?W z4=;c|g(Ny22b!$`ikG169go?na5WxlbqY4>FMMMPC+8=7nh8V4$P28(9RdQ*AK1_Q ze*Jv)lZZn|77(jGt zhJyAo)(UeRRZI(VLJFIG!6FlrV&y+ST>bcA4O_ombd%@&cH@mTa$DDt4W1y6p632R z%O~0(*JA;h)i;y&rCylCM7;lk`RHsmQG#55NT+Mbo*<%l5mBwGa&Ax##k#E0;zy#P zRUul%S!<&RFLOzjg2H?K$9XIwT1HD`U9J6FMt2>)W656&*8FdSJ58>%&5uf{adV1W zOwJlBgNwIDKj#85_t|G2LyeQ+2=aYlF_N+Qc;-FaZ>RXf#k#7RxP5AK3s0NNpf)ExS1+1 z-V0>WCbd*j;^x*QV%mKgB#-fJ>deER3f2>IKba1O6>xUHj#Dvna9oG4>IR!z%Yf!; zZR`;0K6APvL~h=*6d;ex6Y7$MAk~+jCRfJSMM~{ zgG?MbY7E44ahNNUTlv|3cjDgR5dTqKPgcm}Hr9J7qn68Tt(-bO`GnBc86-YpLs3sw zi%ezxl+%7{#Xa`3H>7N+A;QkZB@}K{pdw;==IiOR?7R0SO6u#`E!w?bbT=nBv9)r> z>QQRhypGM!etpIbPht=FD9?^U*3bq&7tb=pr<-Tcq@>A%9VNQ*vl)aClIVwI@^NXX8yDoi7NP@H&r?@PrE&AHwP1WmuEY zsuqy9CbqnYkVWZqFelm`A{^ik%EPaDSugT%qBdQf%Y-<2@0ng=c>Yk(zEdVzg>_V# zPhxeJX*1y2#8I)0+qEH6=9HpRT6K7-p{dKpLdn=um-|j<>T_P7s}1_oQcu}@SGZ5t z*VJf?-sXWT0|ocaqz_8`O(xbn2?ZPV)gK!)iJ0}2In~3TW8G_zj%;E?t18` zIynwRsp2%!nROc>^SenwQwS?I!_N0+eL>yhQq|!#D770jrJjKl6M!uV$x%K$#>QlI z|CJsx=Dgi8jG-k!r?s}!9E=(yz(&wrijis){Rw8W;c~A5p3^sNWotVd%aq0ZAf9HM zuwrw(WRJBdz^OhiikLb;kAX$-W~!`MBv6u*y7%JuVF)U@kJ05KU1qMtqXRapZ>7tM z*0#&FF*iBkw%oXY!^B}kMh8>vS8Ox1?M$Oln*;0LXq%1L93l+Tqv#mr#IGuoRaXmb z_bl`)S|1;G&MjU2$dx75KmLZyBk=PnH;lDqrzs2TbpD_$(I_dXvVk$F z%m%K~^4EtUY45h=Y*>MOm_N{kl9{4@I$b%|+m9z0luR}na?n?fMr{P=_|6a*SU>PK z5o|j_U$o*7mN7smKyX8DsgZ$Om;fxW`9z7puqpxB8;%IJV38mclFacTsDV^{16MH;LSqKL@tkMt&?lu^R61prfE*#`eJZX%? zjf%l9_4w0)vIc5v?;{wvhY67h;eaGZ3!xwg1wI3VWi(`L2x^GTPFQdY@h>XKe1!&` zVglpeXjWU3m2go1PT6lCCP1~c=W8MZWN(>VE&*s{(3s^eaNx6Lg5dV#j-}k1C)*Rx z3R%@@rN$AahRA|&aY77GfZ&BZg2}}SQ1C;9LUvb%a4~`cTi>8^Rrj^wrbmQSz@AXk zBa1>{=jFe>xo{WbR;2&HdzzrPgP&I=5V0V#Mq$c71}HE=PM67;gK;}hxe1{+seuY) z4)VPmkc)emTj>GTP}PX7R9oqIIIdK1Q$4LK!z@q11KyQHvn=6g$>GBfgi*^N7_>1-O32Cr^5iZP~C`+R9oP< zA)vUM12A9<3ic5k*9V*~7vv_44>( zxfua=P~Zb*pfDHYx(PBE^lvGHZ5S8uQeFoyu6Xtr7L;`z)4xZt`Gx6o`jDQGQ8x`i?6upij9u+J3chG1+xu~WIbHKEZPzrOY zAESVAx&d~79EfGx%Va4DLRQbf;4-!UCKWupe`L{9noVeett?UyRyqwirE;iUc`LD|D{q9Id*MNpHbyoC?=i~`gOiv>znvb{)C=ZMC0+t`W5ZFrJUU*# zO|@*`Yy(@o4TxLu~<3Jz^~iqNUC-{RdJPYN>p1bd%_S znfEpaP5}pwX-WJ7LCl=mv>E-7#pkeTY(^ExA{9!(-FL$<0~leGK|fhUY%8p6ijCab zRCLW?O63e~kjoa5j9GCw=OV6Bk)~6vYE$Wcq@I88k3tWAdau(l)BN#M(l&EJaCelB zCSgQ}+Vq@8NSh7GfT?#m-D*rz6oe(@;9)}UW10?l+TuLh4E~><^;}^?Ak*2VDb$O* zYy$F&yCJZe+_To7YnbG0^KP81^qa*09tIcY{*o8;4u|R@Ix>y*pyX+4G z^yVH3E!Y!sbMKS{>}&(>rTWK6|G*$d+R6Ykk^$nCJeZLlsZt;|)r#1_I7i6tk$%td zM=I305Sn^=I0$>FPQ)va!v>58)|Pw#7v#oX3Tdr19_$qr71+Y23E)!CHto%LC5Huj z_Gb9JL4%wV7{R?T|0?}IFsRad{H^r#kez=k{l*?KnlY zgP{H~637MtKpV90FC!&GZ2x7XzhiV!F3fiFV2;1x>-WdM|+r#`j0vJh}395R< zpsKe$00Xw5U=d0{RWArs_5OtgRXwnCJuJBQU)2NKD~3S{G$oYIt+oqN8sBS4Ee8CH z*c&;@v=&3LCtAvb;S5g1kx%}JLLrpvvhcZQ+qsPj5S^>3cRUtY$;8|v6`P0m4ZWX> zh1|=b6bAUt{-7rXg0;yHen$KZ%%jj2 zP#5Zz@A(MdAN&7P-=t6-> z5zKlZwOI^Oek71!;Z|z{x=>&}xbasN{#AWoQ}6$SNeLXR`r+&_YOQ){6(D#Z_dvQA z)WZD05(b$d-CGILy~E*%U<(#W7_56q!MfK8Y8a6etb0MuCdlC4|8(zPFjy??fyF|R zEQHfv-OJMkLkiZtAY3@e9V8Y|c_tRHmjjH!i>nV*DgP}k@WlpKN>Jel!omVuNZ6#{ z!hsGh9RJoOs8asFuFIixhm((>`}WA|r>RcpI90T{ClL*(1F~dbz%7Iu)Dp-9aX?ZB z4Fn$xB*-cehFk)3z!``GdKDn}AkRP?0Cu(k_fr4kfPY{R2Lxn+IUo_SR{_ic2Gl7K zXCMv$;~XKEKpYVIQ$ZHn7UG}Wro;Frr4hj31ctL1Nh+2+9%;>;~khkl(M%EzQ zTr)8doo0I(Yf+1utT8`Xn{D%EN4WY*&4`L3lzJ2^G?EhbH`gkLU{|9ojY&0YO(Tl> znjb}ER@TuOF%nVZ2P@6BkdJC7y2i6|%<_?zM}|`s`<^Qp8p0-~*35ywcF#K_Y(sJ) zeweF>PZWrr)-D++#??TeNun(KMyG@ATQ)a-my*+>ksPoPs7bJsOM{;En~AedNu5?- zDkv{^ne*cPkWmv-HRz^tn^XeJ{?FPEO39UaCH6guIDxmPzo0Sq7F~xv1Zy6LYEarJ z5p}UM)a22IVE?<-Om%liW2K}#J)Zn?a;g`zes*;$*S-2xi+bBTwY~3jB|T93Z421B zEb94;>bbPOQ#S;RDPCgbY>wnKd?K( z$hhY^o#T(8skKV7ip_*4+RY7!JZA}PUZdAiCNzkuOY{$haj9F`gK8*jBP-8V(D|K2~yysJ# zQ_u0U{*Qp@99*OeVHClID@KjY@@DWaY;>g}*`Gftzb4kgqL*kH>tJ$lamd>u-F#?t z+DROJ!f-7aRiv!=QP<~=a*M5EUanPg+fo{gZ=!{aU-z4`Q;6nx5%)lS$4ZDjm26;Z zb3s{ZDijJ;zfQDA&G+F@KTt5TQ&6LNdb{+M{5j3X_ql3Ifogu7aEUNvax;+LC_tNw z!o=U%j*=>?{4_l0iF4eAFg_I`!B)xYRjvurYz1S{bV}ybJef$u^qyt#xp0xbh-LN9 zj+a?5A*%F;p~)6h=*YTRTt$co^GycGD7FsVZBgBUz1;OBzyhNKNSt@ZW3g{ zWs$f0S0Rh~y2RsVvo5CWvTFl4lw{2_u#4$Z3Iz%*r(>G{gqFhw!@|N@>|eMYJEiHOr*hNz zN&0l-x@gwhjrzClgM5a|T$D|&{|orZLp6A#v{ zzO_yVdrzo(JYe&)(R!LZOj*>k(PC=&BiVfRD)MS zC3D%yT)##QtN$U+;qwwimqw6WDMU1f)99j|7%CGq=w@})k1#yR9K-hYgo3hQK%Iwe z#gPItT-@21{Dmt{DiN?czcl@!%wCS2OU~NHB2|M#dS21CG>1SWd`2NGCAIxqlax`$ zF5Sc$wRrc!I*&hD}QZV1=JhbZxUdcGAMTr{EU6OIZdz1vgfP4C68 z%&&XN>vp<6+fnJR@GZW;9!~k^h5VFv-N(((Q$7BdYnrj#(wWrv{_;M1bp;vD(E>MC z_B!0B+3EKF=gzac0zw|os66gRBdS*Sp4)puZ%lw5>kW^y@9qm<@Alwpy5s#%V*H5! z9VIz_?tQ-(<=%$8-*x8rUEM`%%1`inc#YX1<8cl?cedO6wE3+H#4J8)<2v<&ymdx}*h=Cph21Abt$2g)l- zR^#ycxy+<65&CRDGREq<+HW>-WSj^1$@}wnKKD)8#J9X2>10R{!pQu@OA{ zE%|QwaJj^M&42FV9g(BaWq1i~T+wc|h5vQfI@a8(nHkgTh(t?Hy;}&?##O8U)tl@J zv**PW{E8j#OYShyoBh;kNzGmD>eSQ7jDOVT^WaN&HKmoHkKG@Eo((U(p0uO%M_J8c zx;Mx9y)LwugSMNRjO(eM*N{x#u~q>p)Up@KDFM^b{TsWtmHk-2Vhw=%BI(|r%g1hw zaPj=@Cvu$oug$xsjF>qRohHra@qKF0q^{fm-H)6zfabs6hV)$l+HXL>R_!WTj{dDH z=CXZ@^r@itT1j@-`Q?Ma2jI_^7Qxx;Uw;1Qk87vCi_Kjl{tSHP3n$HE@1EzF?IUfv zoaVTgd>@?~{2dmq5;E*sx1*TP0kI_W?(e2XF7BsA5`?5O`CP`Fr-%u(S%4$RRGoEl z+&3Su&*(3&$7T*6bZ!{P%;4%!vSR$Fb)d?vMSlSP5iVi_{w(WJ0@Ft`C6y z3B#8h)06?=)8SI`e%#_@NBQN!l)hPnqTur*-t53|o_VyLX`7 zu))jd1gP)_+(IT?Y6IF%yPsX`_jYbJ-WI$^iVpp|K3k6qJoP_gF}-RJ>2G%U8NOV6 z`6XZK{im6Ou={PFgXof<`?P6pp$G6gTC+wM*l|0O)zal>GeknA@9!#kLyQb;pYkX1 zI+?OxeJ7CZ`*fb1kZwNiRpB-^ej6tXtiOJZUD)*Nr_@iqF*L2QRnt#n_|S1-+}HJh2}2ht+b&aG$Fg6y$r1@VhFasbf^3hAk@EGnx*%CXVv~xQYLxocQ?BK zy{E^1q$}1uB^J66Np-Ogxcb5NRa^#4_Ug2pg>Mq6J z_a?ZjM!);=qpX=v-b49KjfccnV23fV!JzNqp!3n`wW|2;^xoqvdHsZWom(^GCIeNd z%=YDr{cn#D+gk@7zkhO@SAX2g+Q9kMRW}m%zi!;nbS#py+vA@Z}}jet(8g2ZOuYTr%_`Nlw@K4@#kRkGa$Sv>146 zv^LiZoXxh|w^b59`^i3IJmC4zX${{lGxbE5=XC}fv$8$U;m_AHTOFq{@3H&mLCtI- z$2Yd4h3b)}7aPyf&i#$~#8|&p!1o+Iz+^rB=5gEBB$iHg=fRME+MkmvF@4pZ+qa5r zEsn`0z@I7%P;m13$G5dXSX3o zl06q5mnTONH=)48^BP^_ancu1aT+LGCaLP$dTXfR+uxV%;ktVzPw+opy~&BYkXvUo z?=J8GZpRiPU-;O@0_@iw_cR5EKWk(Q`nF8KSNELuT~vML%3O8@PDk5+cH@mHweK%i5Gx6~jvaEoBXKzU=>NJiVNOh2NWx!P^E6o%%~ksJ z{pQO<=i%=SA(EQ`|3!(N*b2f)&oaOz7MbLl0MNeWa?^cjuxx$P=PJFJ;C!I@GUnwe zg^R@3bT^^qBClzp)5zH6V*K=yILC{gr|f|6m*!=s!=-twEQ+tcsmU?cr9xTT^CKa_ zz4!AD-UBec*=!OkR*!YJtmWRrd9aMR%hz*<`&xfJXkf8s&Y%D0KDqf|9pJl_?2H9G z`tmYc1~24)-uwIe46t+QxnW~&)B5!ZlFQf9Z&h0}2Us3e!y(kdR^1iazqWx zu`bEAi6?OElG$>GegZ!GB@^$Ccxy=W5=v1wf9g-E!OY^3ZnMj&-k7zv!;l z-K?0_!|%STk4v%<_hdHF`ex^`TRds6*Kt_4*vt%krL2iROKUm9PjlX4Bq1Vs`f{=9 z|2De{e7)UJ%<<{II^t;1@WI%uyPq67x$rz28k-V0Y@T?`irs))F}FHteGEw#mn@aZR6^8T3Q5D6q{{Ii7hTKZgXvHwr>ae;+_iuI-BWN zn;w(N7dE?J7l9uhKKEM^TI=&Xe1AQB=YR2(0(3czx3?$I`YmuXFKL$p>?rYj3Oyv5 z(Chs8(pyRSwd*1CQ|oPd9zBViA6w7ySr5?X(o`%|pWkpW?lRkby79R=%|5~MOSLV( z#aqx9>J8tGw5$@kQ_Y-**QlJy8tp&7@ltxOb|yAQHXje%H3S|WM_WQ-mYo*g0X?T0 zVkFGb*P(|K-8-Wd-7iZYu>hAPTrpo# zeD~+5(R?$mNfy+kOZS@M@HwViNIJ5Hjn`;qxas_SIb?{W} zSaK>AL0yWW%aFjezG<>i^! zzH-fHrdNJQpzU>MtOvO7O`hZR`o;{nzcqIXmyBs8cb8J#+giO}_HTKqKJlt>JTLEt z*9YE)EMndWz1}_(lHa)di>+O)oP=9%R`EETZoi|r#bJKE-H~OQeehxi4)FC)b=_v@ zclu0S>rd*p-p6Y`SFc|V@ObS!iY5D*{lYpY`V&%P61qjg6hzj{J>3 z2HR&x#hCMv{)n8KEvW0m_m$4zIjwDe)$zx*QDs^+o*>Iw64a&P*tGbDJ&`~C2caOb zj8F!RmbEOLY(Sw$hKxWsLleU7wTNEWO9NjgFXPQETO;h4LdH1UmS)T%qKrye{#y4v zZj=JKOQ$jZPK2jfS+updy30)M)Hv;4=Ybs7;cmW4iB&{8Wr!V(PF8{ZAoiFUG26=^ z!Rc3X+BQ~=PqjB>@s2T9?xRt4B5kzTx$aBj?~yMg{yy9=vf-a-Pm&)&s;AOPo(t?+wj&e4e;94% zoABeIPcQTB*0E5iME^{S>;_Xch!Bx8k%oAReBuasy6gvQ-De{ohf0R*2yd#M9Av~) zvOs-8IO^Ow9f%2f9>5|f=kb7Hfs>DyBD`J1ga|)Ea^t*m<>{C*9jm6k?}68fH(rcgw^o>`w$p-e(gF#Aal}AXv|Jvvc*pp=;AVY}O5?Wo7iUpD zzY1!Y={aj$-0{BajeoaeE}U?#r77E4kNhfu#V+@V6VjwJM`!qz`B<~7eJ+N5m+>*g zj92{6cYhPrcq^hI?$zCLHkSwdp4;fwjt5gc)!?8JnyhYFxy->RRDSq*d0II=DUx5MN9&f#Ehv}_py4Sx1-G;QB%?iZ z>Sq%({1WK@^lsLf@qs3xH5FU)VntIuVl!|!OUBP^hyuP>lx z@X5*2)y7{}%S~L-_LB?Tc`x+yroaMRkmOB6f612GnHVl)zd<6PKr#8A=dOc zFZZ@QY%D!8hu#pbwXWPBxbyuhjrWqoY}A~>H#}X&gT_vT`O&w@kljwm?lxpcG|!T8 zOBgEx>>>_%hQj6t!k*l~yPSY87X=mI;y$-4DMms?NkIXtlYF(*FK;0o-<0_oOh4Xr zz(!osMeo1RQ^@Illy(?az>=XN5-QYL9g;!X!`rwCMdzX2`=%M69UZz%WQ_y&doIBp z?VXKXdW7{g=g04J4w0^?ScwPcvtfZJSQONqql)ahE9g(S;W+-Dti|ZIC!?t<=qS*% z_%Jz|(2^U6iO|np%I^joaNs`M>GHG4PAT;6q(vL?_=uC;y&*#AF>*tZUeinR*Wd~@ zkNyF-(mgKa8-sFzqe1s>KOvyEyIXX%--9LhPEqKBv{l`agb^3_hPPl0>m^|6+ts#E zj)))^xMb@1T}7OB<#s%C^LYH5-Iv{)Fj0~&s4GCuG)#||CEKs7hsKRA&-})IZ+7Gm zQ2Y1S;e@7?1sW@Zh8s{8cbGnsb%UdzO|8b*MOPvNdDy0AEg0m7}Rux!*p6t&CuUUo%JS zn_OvB)aO$Tjz*FqX^`I@&7n1#<1lTV!jB})PFM?4B|)6~elEHQ>s|5G8uag&g#kftkJmP9`o zlt#Nm9%A}5p>VPdS^#S}GK$u2wVbs7y;l*73e6?bodG)}MgEOtOlD47dUPa0KjLC( zJ)lR^9-d($)-~nX!$F56OREawrcLv%H%6bGIdW4Lxk&^`)$2=X@Vtc&etA&axMV@3 zrjvI6D9<(WT?IXNUR^+p!F0^7r8W|AQG3EBJ3|9;>PNbg>=z$F`fG&~2wcOMWAA1A9~nxlKV+jbN)PS@jD*fQ?0rkh*K9@)k08d`dnEMZyM9E2sA&v; ziVWcG56glUwS?lH+8?2m7v@++z{1QmwsOPH*T1cjH3-`M;TyBFy zu%^2xWp+V4;-I}jziSLCCTT+H(wWJ}_yu(Nkv#`}L!|KUpW&QtBx-3O(AwE^!0^XRhR^*FE4X)M zEVP^?4>O4@g6V|P0n3^_YlSvR1UDq|%wo|!yNQk)9`0?S{>63HzCArQAY@49(Vk!&a z8@+HVX_bnzl1=dX`ItI!S9YzhQ0PEx%9?tpWVL08Mo!pI^$nhrXZ7rx)O7i7eFv9I z)}HsS(OfICC%@(-7uX^g=FvfuVF`2d`};6yj#ku5OGYYHNPQK6#`CLat9gnYRYA{= zbTd-GLS0OQzYN3gO=D>M-H|_GO-!a@>)Y)-5iHXjflu+`wjNDk1}2*mn^S~ms zAe0NM5pJj3FF4reC^oPu4<+XwgsSlMxeU5HAPsHFq!3 zQE!+UzFk#$w7V=58mE)m>1}hd_NAF_y~|2|Q#*$ZhNp~q$egew5J!QAVa9g zQug|XO)u5(xmVmJ;Q@RkMQ4kXt!^w5E3@S@%yB;n4}%{A?b;0IzD|wp|7Peez@+`u z6341aM}2vr&awt7?}|XK&5uf4Dw%&|xOR^m31#Gq3Gz}HR*fA8m*m>K$w$*Ppp^bg z5=fKly?YXYeor?EeZWeIlsmCfzHk2l7I*$aQ5Kh^y*OjaNkfoU0sL1DC z_N3r&<->&%hMGNnAl5PyNz?cZc|}<>N^c+}bzVdVp$v;K!oIbcKJ*juyRUum{_V>= zV94+AV~|~L0Xu4uM}5ulxaQR$o%xYV$4~Bq;~MVS9@rQ(~)VFAh(?m5`4Vd%8F3o z!A5()%6GKjQ4gwP)!J$R5Q(5c88O3k`@`(;113pwe*eq>1>F6X+#rBiDK>S0MxGAY zENS)(64@OpkV@HY5g{1oAXR}R6!3Vxs{RbbR@7nfLhk=8W0`+$%3x(BuEv(<3;<=ZiU5x}t&8{JTW~xUW;D0f8 zfc^fxfyd=#$-J~?sIJ@!_z9mJ7{L}QbAVr+oLro(m`>k6&zBtkN!cx|YFqscJH07Z zJ|2&{l#G=s$?|3A%wqo1#L|m!_qQ_Ll!7vuq{Oc&l;wp>he26MXqpuhC}u`=sg4a* z>JC_6N>yjQ42*chQKUe011V!46rN9+&>K?5BezP_1yLCxqpne>RU2Pvzqb{2G=rIh zG|f3Ym-LuSkL~B?^!#ZzlPFWjEwO91vEB~s2-ehVpdm>ZoJJNGt^HUD6ehy533C==KJVpGppN%W`fra@_xcpgX{PH)@d3lFiqZCL(U+Qmgl6W-xy}auuvI0may1rG|Ao0pZ3X{N4NP(AMT<+4W&b^3V>Q?$Bw21`(yP;v4RKBM za%omj{99H{5~k!#U_a^FP1xhdieOd;W{jj@~pD)FK|nW zu)#Z8x!6wRBs?QD7jqPAajky3az#nz$;nDhH_WS5WWYfEUVgWbj#BJ5xXQ?e31d9nJe=cvE4`Q2#z4qjd5obFMY!@lBWHNr34VjO zy$xNuYvB~vy8!3k@!Ro*zBfa4_zRFw-D4}??UoGuvvdZw<(w|Sbx>d4=PMo%@z3## z8+%CI-eO9@2hk_EjV*7#4~XvP?@p#zXl?b>ekqAEl6p^gg8;S^@@%n zm6}A&O0L)SG}`fpna^}W9u8Z#Oq%`AJ%aVw4?*O&alO5_yXCth44LLNpRqv!#|rBazB|rG-M}w1HXEBwnTKmMc|{(&M}o%hs1}a_@`v;gqPV* z!rQ9do2rNoDZumdSKCKWkl)h(`2gWRTEzafwh8@3-r(NzcDxs(!u9C+>Dml?@>k7= zqt9=bwfD1Zk>O2+3_Z>oelG1QXD3y0L?A&0v7Fr^v#mhYlMKmHL)wT1IX^<+9jjhu z-AKfXU#Ktdzg1tqR)$xMZP(y*z+??*@Na7((X9FxVqN9efh2EcW{Mldy19KDTUH0z z6Z-uFLU;D5<|(MJ`kRlRNokOwr4AWCPWPwsD2g=~5#1so>* zzgdEOXo`HnH3_g&<+8j~^RPGnpqpsBR(Og&wshsC`+};Gc>B}l#=N%9pO0uuG6n@Z z2|03zm~QoPgV&HuButvo7!y7-aAr@ZT}`-TtvAb*=(7_#)1N!ktBtMUoN}@5r|zD< zS5W$~wnS3#`}sOr0-}YUptojD8iwkll_ zA)IcBRh6p1bkM9abW#tL=F|?>SZkFDT%Q><>g`1JaqqLryTzJgNkH0)v)aODlc6NL zeTJSYeD*SWJlQAtrX+;~Zyp(wH0xkGlNv1Q|Ja-s7Ywf7`?(Hj*e$T=d4QarPlIPP zW|iqH=gM&Uc;2@u5m1w7Z}>?N(UQ?U8yf0cy%6BGr`3w6Qc>VlZfIW&S5KP?g|(oW zGrAt*b(IzOvh{Q(`?;EKLM|3urQg-0mNN!<pM!BkyWSgmnd38jbqESlnlZOCo?RUzUAM2=<^B0rpI%vwQERc8=F6DsWBH`*EPn!asjW&Bikv(+Y&;>benVaQ*moV;j zYWY#!o+&rQ;by=$NU1V;ri&|pto@~RvD7TRSZC9gI2W-+`9y<&G;r@@=P8UOu%Nj1 zxNKHmmuvpmhmta-%o>@ovp&H;MS4R;Z5t9*O@S-e;hgbod19x^tx{Ji+{5U=c7>in z@v=5sM8LMQfnD}Vc}m&jt!&+|cFJG+`w~fGY?K*kRMl0KS#4EWLndFM^v^ECBeJ~5 z?ZZql8Wn%=CkCG1`(0mm{0__K*`^kHyP6dir*xm>-?8FvNcpoi>3!U}Qrn2+^EUMv zT>kJE6-ZmeG^@F5Q)aj9TAjm4BEuq!p2W z*cK%Sb5{xq+)H^dApdDm#&KVx&6-ov1uGpAw3lg+Jj| zc^NtqkWSa27E%9fJ@zZ##*-e5aM2Uc zaEX3Rw6~-y5ie5YS0Jp!SXjZ(z`i>e0&K}SK_yLq+4m2i`U7^&>w+m$CU0&9(LTbw zR@r{)J&koQgk2FsiTnuLKV}}0B958%X**u>mH50TImD47%Xntg2sm@g9@Msv+^WnG z^-q4Y~+a)Fp`@j*_mJV z)WpmD80{Iek90qI*fgJP>i@{?`-~%W&q}M^Z+4Sim?h+GEju(Awi>Ya<+Bl8h{r&# zlnA&TITczn-)&6dUK~ZwLOqA=y?CWR3VcCc#axjA_lg(l1O^uNiqGv(Ik;iBcA#!- zB3@jCHQe2WmPPB$FBdqcjokf~3jAEyD?GPD;oyeVDu}v~i&*);-NnR3Z2)W(-|-L0 zCISFp`yNNo(V+wBGoT|*_a8uhX99p%fGgT7$>8o{{Ertc1DM}CFlNI2lXouM-yl>Z zMo4PQ!;-qB-IbvDI&TcmF~d-C_tp+#1!vT!yDHUX-5kely?~arNMd_OpfvxoPXP>1;R3zYxLr2hHR_ zYVE8VLw#I?UzEzj9!;U|o&^u<9{w4;2ILq^ntYYgYc@S-1?>B^z&%c1jplfASaZzVVY|FsqAp@PtD)R;+bv0v%k zTFk#1-9kgWezacYPQO&yS4_0;fRS+kioQ}fIr-}ja4jl-z)P5;vBhe0Gtk|wtLz%m z)<2BJgg0|ynp87m>n8gbTTpsxN$aa;u@T@l){__RtF)n-VdVC8#Y_S$Ha)63zxN`S zZ%J)h>i^?I9e=Bnp+@nKF1EWA*>PxbgAxTQO-H?uCVr%wbyV8SP1o3D{_Ya!`Ie(= zXiD;jn4s{+JeYr~!|@Tui5{+o0Awu@0QQFe`DpGpp}QQ~-GK8w=o>y@|3_}j7CzLt z25R5ESrs>3DoAa7{E)CXrZhV99^_cA@W<{GByqLEE)(>lRTsuf)=xwMmvab&Kwf}{ z#sr`x^|h|jhk>-8-PQxDoepGQX()Tg%V}R@k+Oh6ax$qJhM+!U1Qmq6S2EsRH9i}W zB~EQr_U5zlDn(ai(1K#9DB3mxc`ibX065EdgXd2c<}x;V#=J{9dOF#EYDI~d^4v;z zwQJz-N5dW9>fYoL{Qq6XTmymA8OHp3y!wa^a3d9*dPo^>8d9I`SuQTaBF0nyx$U8s z1(gagh^DMhxMw0snb>v(2^)`SKNjToxHupJpUbtEvuQ)AR7LoxNZ8In@@P$-ucWNF3#P3`mc?Q znCOYkMMZggX1~dNu;dp$M2hJ3KW}<+F;72SQtRFnq1SwA#1OKT{-tlLG?6`)E<*>F zFEjv8@tO;$eAps!_dwPR=4%ssGCrUfQzqIM@O{sN#Cm{Vr+D`Cls;f#&6pN5eO5V5 zE$a$1y#0;MAhetID`=Dc7$J`5r|r%LQU|W;vc_n6tReXvvJrkUz_+W{ZPx7n=J z9ugvF!W4Z(p>p~-jPFg#DcAQu%{WH7cT=Kn8|UsOj}cJI>hcL>=+k&|e}8x%k07j_ z?HBTc&+oHQWWGgxJ=VJSsduq!{g?Nhb|#wCBAhID;L)&B&a?Bn${{1~G>&)PM>0Eu zT$`BEUiz4GCI*0V-ffSTYongcdBa=UJ@PP4-4Eb!5~7+lP-A0f(b2yr2Lz|Il%zAC)cv>i_v&5QU zYka5&p&gsTSf;xSOf+P>z|j06V7`1}I}InGA$?#|$q52} zHN~)whw)*BfV;p)otQfGlcodTkV=VhGqMy&{t<^BOjqNxpjypWtpGs{$A<9d74uaN z{*}LjcY_PqfwtWkm$aNNoL`%-oi|meyevI z2!Bsl7q^92I9B`1w)D-HHNRyr96Lla3Y05CJN&`b){-BW zS=xFwHkE25o%NF8CJWlDd+fCGn?!?ul(0Xy0|BE$RJWY_ZR^i41!%g+ZXd%na_Mg< z@cUaRUmid~sec8$!Pc)Aa8c?_t9;;n<$$-FUdbIjW}Vm5Kt{OQb##h#5zpZgT|L?0XHh7 zu0OEdfq#Xc0P)kSj;Ghz)c~*NxE8qL5c6_|cP)_>RsE8z+am!IzcSStxm0@D#vg5$u@LC!rjmhmGv z?!Q^`>IJq+WF^^Q^|bip?8ua}$hXlHkwp0T5H7z*;A&ipXVhW-sh*U6k*_h2Bx72z zs_$X*j%^Zn8xAKh4(!7${Q;2I+7sxC{(lH_2UtagGo3jyVCxxUZtVRSzPa7ih9OUG z@|Rbm>c#h{m2NSbXDxvI?KK!A#5@iRzzTO?OC^p4e6N@hzhYjSvB z0;%el_=E8Tu$mudt}s9`uehAXtP~T8fERYw$yp!LiYxeDz4?F5+` z14H{EzKw* z1KDEFvG9I}B(JZVne2T@IRhkksd##w9yiqXI2Rr_*+#x>U&4I%YBLiO z>d6-~32Koa>)b9?|JXv)OAzMBeV#wf@#_9@f@ow^k?y&wpY7zI2{H9)(9=^81cnDK zW1GuoWLv)c$qmWsL=~Ru;5DSZqKS z;Crnw*w0~k$KZe5$i5#nY^{6wbNNJONzISbZ0Qazw`XUE_xAGen9YmmBS&;c&ll0l zUpRpDySFb<_jiXO&)e8(>JbP&_Va17`g)v&F<0t(!g}j6$hzx0<`S-vN<>5v6@1Kc z_4Ndr2x|DhR4At&nQT*BWmXiex*f@AtJx8%)#&dd@h4<#NlC0x%zjW~5mX@BWqhST z7PesLx++KMav}-Z_JS^@szltYeyOjTTkgEOn>rWCd>*FJ!P{rO$xduhs_=XPEm8a}u zn~fil`}yPYnSuQ(lO#Kf&qV)MMH~uu!LoxJ_k5UFFqu`c&2X#~9+oQIvOsIB`qY~B8MSGzS9HP^AvXAV9BrrNHmld(;X9gaBoejG%(#$d%ZK`GUs8SYwv1}!Uh(xs zQMB+Qih0$feJAH8KD1XAL&5Pjd#Qm;NE zO#LuYLr1OC;EbFxD6y`_^L`gRn;^SruD5>N%M|P8rT5tbj-MQ%uLG~@zC-F1*;xir zlNPriSH8NL{lAUhsSM8Tj_lr|1w65d(iOS%S(<=?>=}kVtyoy#8C8`Dr`a2q3(N{_ zTIugmnk1|QN#s)Yl4dNzH$xisDHgm^MIw>ph=a^LOlqEatMESa=|r6YqetV6To}K1KMa^CazR4u+7+>Jd23M-ofelBo!IjP(zCCQ~ioTy{ ze3eS6EzZTRZp|QIbMQ^{#kd*96-@eFqvTkdU1EpGtY|pHT$TD!!4bXA(7pNo-OgWq zVS}kpN|7Pc#+3WCdsK<=kGk$Q>}V??FDSpO(-ekq?2)~`D{w63Qb2CRu)8BUs=n3s ztITv$b82Mp(1ks|y=tOA&AHKY$r_{au|D-(Ok(kLqX&I8#KA@#Fdaqz#jHHY%_YlZ zL|_>c!ZC1|F)F*HWhVaK$!86Czpvb_BbOu*B)jT~TOE8sStv?@&QQCgzD4n-SVrns z3JL=)F*eS;U;f2%tg8Hixt1~a1GABqE2Wr2@`j>hri;9#hkH7W1VWzB?P|h16{+w?zC51I) zB4@_yyQIIj%hX_AeSkSCydOQneUw9f5{Bl%H%lt-r2@&>o7K$n;~iEasaYog2x_q{UZ@n$8&Ez*#3Q;2(-Qccz%7staMH+>ZP1Ma!ZPKJG$1Cq{6DSJZs1U>m z#owhVQHjqmO%yxM&nWsO_CXw8Q*G5Yqn&$=toW9-aAM6L8`Mfs=>Yb@a+j(BMLa_e z0p}@(=WdDKDYawxGC}!{M*+Lr4CX4np+S$zo9#u3YXG3wW(<81}_?kw(sAsDvg0z5;_gj2VIxxPktwuWq!5%Ks%IDio= zZkYaLgp`UkMC;FGX4mu-(zANDDk2{IYY|hwDH@59C{#^N&T8w4(IhhG{u(pA~at$jI zC8;@Ju4_CFM9%O2!YI>5hM22Kr2H_8^Qs=G{_tkHz_E9DOH9_V*y#@EPgT)WWBYH< z(bOV8#-qEv)=jv-03ipC2pthtyGHU09hZiDpl?_2lxAzRU-opT z#F3a+1pbJ?NjIBlnp6ne}2Gcnl5(Qu0oSY0?^bdbytRC}GH|Xv1Xw*{17VQ^2 z$n$?~gV?t{p)J#xh@XN&cZz2)F+bj9x3+%qW;7Urhkcm&D#;(=v{+KE3k#(0DD#Ez zEKN8WT=5CUz`a6>bxDq0-~{`XJl!rW@9oG(Vtk+=n$zn*kgvRXDqg&f;*@-E1mHrX zW3Li~r52y4({=%pJM3>853{05YG>e)5g+N`&QjH{+nhb+5Hs*Dby3(kD4%yuI3mL& zD6z^1T45k1NDO7=p8%jGo-d;V?sN68J+`AWK*xHud{iBBR^aa4ZuuY;fd5i-UT6eJ za)1FYhh1Pt&A1O1_jRaQ*5|bBz!csT3f` za)(}@DyyN?opzY+HKaJLf~m~g+BQe13O%6IkjZBNR=5oKrmSoLXZ~95Nt&7A%?g|g z6cRGw431dDhOM=~Zd4&>fH_zEx))mw=nF)Wc^8n75OO^N)U_9%8a%8fIF`Mx>|~{+ zIu*sUHjbcWWg8I564OsVuN!n;<8sG#1wN;4zXmZ?X#pBcU(5mYuhcApA&J@11=+PJ z`hU&9m3R~s=fr&BuOi4f&v=bor&VA@9p>fK4p8c@03qEl-xL91;CZRD!|_J98+Kqr zfg{0d4V)YUgpZQvukh^|P+u@U11(PSdEc8!@Wc0AzYbeWnq7By8$npH03!AqA;7xQ z>wQ=A&LIV6D;v#-?j7(;GHe3gZroe=rsTI`LTc18R{;Ij6RV&{7~tNyy8-y58e{J^ zh`zS~Ha*~6O#y`?C>R5Mp&p%H;-^?1Vk2z@AdXKXU1Rgt2NrSmh&?EP{r#Kj!L|;Ev4APP5{M`f{aXy-_}@2sxAd{SWI11bhV30pB(u;8X$~U?Os~w-o;0 z?=SD*7_24vV_gDubR_1`6^@837Ak{QBysfei5%LT%`iU;|v0 zeR9_+e5pbkfXxa64++3_U9~-+C41frMw*2@x+Oe^?P*=0+7a4MpH7$;IBXmhDXwkjd+yXukhv zu6c!$Rln~!T(*p}4Y3(6_<4P%+;xq! z)mB_7LG@<{!RHHe5^r7FYAP%vRiB!#K6Tz*_Fzc^sm55tmA-&+xnB9Q^O>jhw}bB+ ziLAaDtJ`|k#XGDAk1oSZ-U?NmT|XTWUjIk`O+^&yWs9k1w710So-Sj7Y0(?ln7`80 zsAAxg4%VesYr+xLp~-Aad)jE5`sv>3?WeL`vj=$<_Mx1WWt>CY&(bq(KaB?n{!XZ7 zUF)&FDHIgOQZb^7$nvB+8Ckot6N);IIcalmD0D4qWu0DBSjr7Z1~>K5#k#%SLx^>| yS<#o{3a;rT9k^w=C&caH3&lh$&mMEsyB27xQd3y~s9#n10H#FP72FCu-2VehN>3pG literal 0 HcmV?d00001 diff --git a/assets/haproxy/haproxy-1.12.500.tgz b/assets/haproxy/haproxy-1.12.500.tgz new file mode 100644 index 0000000000000000000000000000000000000000..a4248f5cf7c1b2241c98651da05fa9c29fd6f4fd GIT binary patch literal 12583 zcmX|o1yCJL7bO}jI0Ojp?h@P{?hXm=9^BpC-8I48A@Fc_4Nmaj5}d~@-@mmx)m2kd z)zx=y_sr=t=bj;rLBxUj?*Qnb7>#Ar*i2;Ex82Q6^nT=)elR=bkM|hnjw*@H&C4FQ zqsBmz#ZQ4lfU>vc=m0}Lkx=zTNQ@_&TZ-G+OMM8EDuH(W@;PppNGf%MrL)XMrlTn^ z2xzM*GpJh;;O9*Q&hNa3fO~|HJ@6g6H$q5B$R4EcZQC2tH+Q|`P}t_DF-~tmG!MSx z`Cj$AqmHVNjf%)wL7b-<%8@)mIE#;Ee?uCLMjuZ#z6{?BgdsK#l3xTD5p_!G|V(jRj39LI59TqE#F|k zAvi)F1_es;?-w|DIyeW7r0RJ%j!(U8)z$y7q=-12xdR3>-pA(GQ>CGRAxK2(%pXn^6%aXjxJP*n0E_V2 zJOM1pIX9|(Z_$GD_JZCt5uwIqWMrFV9W4By6h_d&ClsAx=3f{`#-jios*{q2GMiv{qa z)GF{sP=g;KGWcN8*YH`!ribSk3HGV`S)5^Eu&)paWyYcPIVyBnL*?Y6HpXxdYh~Ek zB2^$>Bj$BO7k;q1$S0F?!%U9v(1G9C_jq&j5FEp$8ZHxV6K9#ru0p4OWB5KQ-#pOE zh9xHXd@?wC^GBr}wfqd5b?dM@0__djO+1pTe5FD`(a?}C`Tc-BI8%lfnm}hlw|_$^ ziD{gP-6<0`$#GrubIJ~}=jD}vS1v_JRulE=V8TPTs|?4BZXf^IJCt%X6Jv>9QeuE} zvfYYjDw?2JZsRZ0=1m1U0VfAL>)Zu$#1_Uc@g(I>K_@v0WuyA-CVaBHPmiC&A{#KN zu@$rE2mKZ14st1YXnVfE+4M)zu>CV6CuJEPr7ju?FD&!vKLX9>Q6AqukuspDD*S5J zGsH_(uiq9>IgRUZq4K`pJ2;RrAFPeR=UlsBMBal+%Cy{pJ2B&tU-^|#nFi$jt1v8j0y+~UH=>T>bYymLrUo# zr{A24i6qzEEtP7*S|N-1?@F8hg9iJodcy?{_7A$H;l+d)*tv*3-0-`~B z=F$ib_0*YhV!}F~V?#@E?Klp!=}Wkramo}p#}&{vog2nqZ&e%Jp;S@@^C%xqf<0xN zlqJQtb1_Y5#4oA;86Q)43(pT^&ydI${|fo@(VRK-v)u>!wLpOJkEYn?YX_3>S7o&5 zM{O}D%D7~yWL63;I3)N+c5je)A9=>KD~>m2pK)+(p294YQ}kx38#lqia?{^T3Vn-5 zaqC^DX6Fto0`RK$>a(+Pu6Vpf)L}m+sw17{BRWo}RjLCZLpC0jVAY7YpXi8%Supu& zPsTA`9SgafH^s*ZU)49xk89$C1jJ6F1HA%jj1j|skbGt^h=WT81|T5{I5z+_?%4Vn1xuha1mG)82N*0xgeQw84Zj( z7UdxH?l9|x5A>^m3yy^Fexw`gmO*|TvHwKdveeWYuyb7B4v6p`x7=^%l}gcQu|<4T zz(B^96^Qc-fOZ_^{pYvOmu`-eP66ZTJP{%oxQgLAIDED}KA36`P4snsOalJ##{BV# zb0-P>iz|Y2Cy>>UKmHCSs-mF;DifLm-tnug2_p@|xKI{sbPM+cwu%)|IBzcWXgX+N zh`1<6wtP3j)bGs>RuG=;-@IIKAAhu;|C33#kC!up1SD65IZHAoo3`qC)N(@JJ2OiX zbUBexI>(SrK)A$e=v-3T!(01E1;sfCO)DQU4n@^9frz++3&ZqNW-*2U=HrJ^3|=F- z^0djH60zByy53bkUB6@W(utD<;-IFm6m4h3o6)Xocm&eG;EoGDzTkcnLBQDpN~ zg(ok2ja(BK(Be41wL}s%PhX_E)`VW(rj+A#iV}g#C@U#-KoTCF>714UE#jN|J^9$g zew&Y2bU!eoJ|7WBT*#(D*_#EmS(H(oiD0KqLuo03OF%jBNoz6dDTPhcgU=*&g==v%OXC>(_1LZpI)qEyLDX5u9=Xc{;}jsU%X zLF9-Xc-+^N3Qd2qT^Kd#<`*meMhq*0H9Qpl8=L^NY<6HR zwbXoT*as`3{;+Y5sDUiXW@m-Y6$sL9eL;5Rw0g<6K;D035prJ?8^*IX)xMQ=cBt4> z?%SC2-K%y!;eZSW1vkl0w{4V18$}j`Y_nl|sn*5KWz{eH$qfFQHZC+&-(s{Ul5tiqOiWWJSgRQ3TIr&u(O?=YPx$IE?Ow)6)vlW}vr zIV45}10x!$GfZrslIG9Q`?Q4+K_|2~h|2QZ6G=F?hS*NBX)lcPs!yeD9wt>-jU+P5 zud&alNt$+;6kCUO!gfi&=yyAwL4`YpOJqfBoyXefM~Stb!r~}mN*3t`u<3>8oZ6vD zuSPfj2ticCCyS?Budazwrb)ARi{r!eOgG=05w5BR0&*!u#8deM*XC7sY#`w6?aMpl zXW-9Hy%4Z2`~2GRGRaRp7reWg8zNQ*h*Yc(Q9B=zUypsH{9phUZmC}RElCa{i3Fjm z(hn+898Y7;8s>-WFPiWC>s41RED>?Le@md|wTHqZqtfG06dw7g(7^gTCx!y8e&;=N zQ~XXDS&n?M3qcu z%deLpL)oisQ-vf18Wbo>Yvk-l#K)@-7|1)Z6#GcaF(5|}`^cX&J|nYn2Qta@2!b+C ztXrZWtm@Q@{7;F=(5_0uJH8vxtjfbjdq>MNM;RhLegR1S!d?#-`@1) z4e|{0!QJ>FZ2$}{9yqXIn$aCw5~kFIVetcPqk4UVYK>IqO`6(otaK?#+2KmGaf88S>I2{VjLuD?#IF6 zDYvsY5s0qicC(mE{1x}v$Dz+m%A@}@JaDN~76`9scev2>9h+GLc8!RX%N{?uo_)-m zB|XPkQtv>AWwQs_n+GHmv3BPUmQN`0F3-q_WgK)^fm~(mLiOo91gJz0d%n8+MJHXd zS18FmSNx?odRiD0Pd->0(n-ao!W(Ef(m7Hugp}c6)Yxz`x0;h2?tFOZQSmcvfH~OG zAggPz7dKZGRJJx<$@Eo-%1QnDtq}9hFJ0`p>ul^w@)nxsN+GJaa3AO8H;(;NjLeI8)OFfkHEkRNHF|e;Tub%r*EP6|$E`5H?N`oE!Hq$8xl zR5V5r4^mg;hn5AZ;^|hH}aYf5w|$he2MN3N3vyR&zub@5FC zJ`I1nq)w$f=1l%A zPlzhvk;(o9LF&j~M1G*5GcB_mcen=wTw%6+{t1snJDfZ|7} zM(&TTs@539R|gyCSIdV0H(cu*NLgbeQVajg5ZIJ&q0+S5GLpkuI-ag$SWcBZYMg#H zxaha$)9)d{nu#MT=wd-{!a5N~39gUR%S;&|)<$isuvZDL%ui_>j>)!c;>iRKGuFI=5u(mG`gl zAbEl#UAVaoI`#@Zbug(kKksqm^HzOpPb9AB-|_F3Xh%1!HOTdgWfC?eo%`J5(NUYx zkA88-60rH?EWoMhPyY?XgB}=q*9lcRT6<~pR6Qbw*=10PlPqw;P>0T`PI6QdA;tn4 zu@Z?_3c=SGbou)WN>Npbq{C{?pz*DbM8) z?`b9Fr(7ZaR@O=+uynz*0ClntyuBH#zLAoWG~Wc^RiptmuiFxDcoc%x1Y}Rcg!uL# z=P!R2YkUn2d#a4T`n#2T){^Uv6E|^T^mc^cmOXz{xT{H}&#&MJOffW4@uF0~dr>!F zLE^*5`Rr+R_>5bcb|cbd?3!>BP!HY~U>F1T{QrM0%xA#LueHpC6ipv+gUSX=V3IZ- zVSl3exniA8_BZrciuA9n^V6-BGkcnTsRQdA2LqAr>QzCR=IY%0y>_4~im^Nyf*N@5 zCmG)HpCU>W3;65-TbSGL`%O2;^8{m>g_1KoM_}6}$P=}puK(Yd=oeWH9Ae(^uG^Ji zh1E5^j)`*WEAHx-}&(dHS?w(z)st&h^IResUhXm=Joma#<}RI+@0X5=^zB z5nzksO2PX!>UIz9aO35C-rM&zB#x}$XXqQ3qZa=(r1b3feb|o6B%OP$s&o#Y)AMWK z@KQ*k=F|e13p*AuVJTDwrFz)yDKDbAqW?#XE5Vuvwn;_FHHU#NL7_9V>oV-Rm4f_S z5l1KkjI`#S3Q`GInw+T*V|ogO|p2F^&9y!+A?YrYMQ&9JFBnI z>l!Ebe_97?cvCofa4~%2ma5pXE{Hu+JE2P2Z+2bHvKb%CZZ;EHZs zNc?(0T$_*bnBKZFIz^nf1G{IIH_2||l?mmUDlsHD*OszU zhte^7TZwFttMBjY<$ry$_jtAmo>87brlOmp#{0lc-y*9+j-53Q1^Pg4BaTX-lOBwA zfXUO`!=P|MR8qd7b}(2usmC9*kZ8jHc8c6dUA%etT|-`ww({)R-MXzb>9Di{F(j|l z*>07(dI0VZjxBCdjtdDS(9@}*+!LhuIk7Es+)R;PO&6SOBI~+NgQ2lX5j!5)rP!;f z!PFn0Z8w3uS-q9|cPm}|f#<}dNDI@3{mKD5^NHUpQuDfRB`?|!ogD+T#aCmxx(d{BhS zQ$)@7ij%&iZS2gqd0XS9lR6k_#yD-Dg}mpLoPXD6mq>o+&YNXMBsF!8D5(J+tX z%_?g7jjs5`KKiS5>(tJYnC&lG9VaYv;i{B6PkZ6^CVF;x`z4H)*md_v-EbdiiZA@# z^n#umd~CMr>>(?m;Zmp5$tgu{W0rw>NNma-+|vb<9(j#7E6+t`6q}d4s4JO46S5u| zUTw?J`nW@}_#6{wvT4I2w-CBLL@J_I}+3?Jm+j}EI3JZ*yGRA zr_Tr{k8ClBaY9STp)c8JODWZtpyRH+Wwj_Denu@3<%lm-eOAiPXOE9h8L|5OrCrKp zSe|A$s_y#NnEq#bVxhJ~t(O3XuCkAx%Hm@$_7T4M08NHh0MS2mgc{&TN$nI^eGd5E z2e{-lJp}`1C;S!BU&pVRFH48~+z|rCJ7F)E`)=Ndm{2aqVP|DK1!?yyIpOjmDRjYP zi}V@wLi?2QcDN6!sRf1fMWgAY2j?aV{Yu_3@PhDF#aaaH%Ea|;|At3FE_<70pPveT z)i=$-CuYBphLre|zYP?wh+MS%KX3sY6jpJYP7-E_FLY4+fDch)v- zfp!`j82QQPw7NbT7aMb~pKxC*?X$ASzHw*8YF8a#Oqn3-BVW?}V{U8S%E4OjUiWjt zaWve!sF%LsqJsjt{~RKB&K-XL8RQdJ)IB_FU}{yz-n@d}vugV>oI*=V+pkvT^E%_l zbKLNIWROo-QFs5Wfw5H`Tj2jL|K!ih0bnn;qqp zTiya{fNlM)0PnR~r23oH9qMUaKFhvpnFnt+F(R7y5D~0s00V256!TI757c}|;rq)V zG%6yQs6yWBF?o%yQcyzDe@tG(=CcQ(HbI0}i*6wwb=+>J@Gt!;e=WTg>0FZx0)sei zj78|B|Ep3$?w1i&@xtEer4W`o)|YQNLd|N)I$|8ul1Wo>yIj)Tj?Qs(x#T5DG@G`; zdP*zb%4Qr?M2}5!HqodCneTsn8j{PqEHVeSPyT@;JxMIM;w3U@8oqR`qt5a}>O6ik zZUFfId_uHE#Nn5ph>4*d@+_vRA z3f4`s(duYpsx)_0w?b`+mviJ5q%XACuMX2en%8#j+jsiQV87;Hxd33nw(ib7U;%se zE3790kb%8>$Vy(R7GQe^_VERT#$rl=gng=$w+QR~mtRjQjyXMuZBqz;(kq(0VDQK7 z#F*(9kUw3bFK-a*p^^tI@sve1dtW}c6s~QQV)-(1tdv?Q`p*0>L=i3aAFw6f0HoOM}g$3;n02VbyK=%nK zyx%Uq(^w8?FTk$!tH`aoOmmg{7wR!6U6X$0*#h_ZB@&gHuouym6Cv?aPJH~K9WIN@ zTA}BBBxVy-yOe7&%Ha5Gu`T^X>5qZoYT^4S3us_XCV+|HoCqq%R_j(){`+ zcNquYWZyigy&z;SQ~f7+(REi6jGpZ^e^Qd0Rh_e8rRdZba1WHPd=xzAsHwYV>tBQ5 zHoWy$Z8-Z+W64%#Q8^P7;%+Or^DS-@n5abovVUBo^*Ni} z56U`QwR>$nlPH3?q-T$A7xrANR}pB&kK0*iD=8n_67Rn6n~uw_8-O%OjP4CoV7D$%lZ473i>XG*xppqc+ZZ zj;Ai<99!v!R$FDKdG{rwV}7+DeTP}2=~iq%O%zC&d0u2`?aKXaD_vqh9L7)SCH!cK zot!?PK}&_=lG~t=y!&vVKW!+zo*eGlRu-o<10P=6>Ya=Nr#V`kgPz9byf0(6`($;1 zjVp=iEo@VZmgQFIMj^1!pC0;ktO7l61DX@!fEWOUQ~>(=3m_m{^XhN_bms%V<|a+Y*b@(#d2{(#iXss)#M;V$=s;P3RCVF{y*R_N$-bPbMJoJKt;yp&BgSAQu^$k~~Tjgs8AGMRt!L5^njpk-^ zC*hA28t%?vGrX}GV}Ee_wtc?FF%ULPvDg5^*dDKew;L%hX^-epu~x#GD#m=4xS76~Za{5ElPG&hnAq#Ws_8}nu65l3lk zav=v=f{*53%uZKBTQWE!Zn~16G3%#q_!~ow7(=5_3;)4aGfw?cATh^VBN*y2{G+9f zL?JhEh{@8uZSXfVy)@cmqKZ)ess7~zVM-hE_9R0XC7~pp*djYfwsVs`*Mgt#*Ih~x z@$J;CQqh6Mj3!TjY%^877MSMS2(0^y&No#I2cVCOJSe8j!4{<)7r~RlsVF@>nGg^y zijjJHh)D2`;|K8kdhGW!z`*t^W_#ytLCL@kq~OiJ3)q&l*$%LM0CanRbt9ndXNM62 zI=IC>)M1ynz0=s>o@pbRZ}ZW*U6Un=T!kZtxPBgVCgr{8x z*uNpl#JzdU3NQ=@5D=ZUJ%Bxu*KP~60H4`M*3*jM^Yzc$iQn6qf7JTfl)Sf95ON0s z_hbb5S_Varx4dOerCRqJ*bC#h^CbXb1X2unC|_~71N7hb!uQiiHE_uy=xPi7y+m?F zAsD>VJz{Ya&_p)tb^{z=l^+9}B31{0(*Ffryi~vg9euMBI$+aku4=^Hwyz}TrA^3} z>967;%f=4Bxb>R$3 z8SPv$ahW2^>I^y`tgi;k-YspnIxqoW5Mgv^0fd)`AqX&Md4y6D7+QwKRG0`7q|_Hj1`>mpIHQk786RVp&Bo9 zMr=wfb6UdGRa>H=Q=F~>P5FTVplI32-lr-~3qDM0FnNY9+C9curE}`*J@-wO83ZgK z;B|L6iS*0I%JlB}lJp!80=$Iu`P;s0?A|bMryYumLt zGI1{B@eUU%pYc~(^4YjxCaf@(%A&8Fd^ZTbXnciKpR)A2E#Q8p!UYcI8lwlnM_HRR zVN@$uc`Gzh63OXn2e@bdp>yZDaX3(;4?<3-7PI!YN|?~uuq!G7I0L=^@59rQefAqT=XDUF=`+auYy8n348?7oQ2&yuGB+koHVFuJN%x zZ?3cJNM||f$QT;w`6(Yt`997jo6;SbjtaGE=dPNwRA>b)#T)c2o(_j#H!;*32E{tjGqTF zO&Y9((2lqAwmxD|?_!E}hP zB&H9@>}cP2#F;zQo=O>YY9y}y>?dSWG=*+unB|2OhhiILU^U=nl*EV&SZtc9=D=3p zcKXcpMWhsr>`X?)ntHgQe3=Y_ehmple#AY!h=SZlkRoP1@tsZg6QIRa)+(FKWQ{pD zHU=Rln|JxFwi`3(=!EK3h{-yyiij43nyZxyggdCr2BnwvjH%>2N!T9YWHQv#kE|5flX%y# z@GN>GDbby&c5Ic3BFPV8=xo1cP>HcmXr>qz2XwQt`F&!tQ~Y81p{cxAFeptEs>&;` z|9rK{63>BkCSS;h2hI&2wO5^Vs<10D;F5k}o?`!sr=gHtOn^O#L*vJo#AKUtE3>~p z3}z{tDA62lw@w`Y;}VQ$5a)9ahQNy7Vduf#iO;@sDBFmf9w`|sD6(sY2Hhmu&ZqGW9q1L4a6=CB}bKd%6GIkBV|`= zj3NaFlCv`qnSWrpVk#c=IovOk;ox4lo*s9h&^TeKHr zl=SKAdeABlC4JWI8L6G#I)Qb6tDAz z5xR9lUFO#4={_>TatZ8!BE=lO8q7eE{kR>0Qx*43zIps2|M)NJ4Mb{y-)guO8RQZM zx|EcfVsPHWfNPj>LPq>w$u#_5{WLXw;fzc?$&*DRa}hehLM*L?jJ;60xaHJwrd5J_ zc`e+o<1+JQjLt)pSwpKG%Z=*LR@6B+#ogN{nQk*NdMFN~J(NwEuV)BX$k3nEy9Jb5 z+r0^yaTzjHiVCs*8XyV(DEkO=#U=)%I2|lkd>YJdJ>1kQ>VlSnNhM_1*<*y8_WvxO z^g5ty87!m<2jgYHhdIf-7~vdDtp)AgtMiw}#^ofMhU|*{$V7=;`P=>B{s;ZKMF|p{ z+)DZEOQ9aN0v|p74JvtQ%QuEg;LRp?@s+`WZktWF9@D3oe4SV0Qp4TA)jR&xux+Jd z! z@*T`+ECQ=cmfBhIbZ1$N-sZq)@v(N_o>K38OU%mNNYCC#Rdc^bC)dVgOsCOWos8k4 znuOvsRN62r>A|LyV-6ESdVhpOQ@rOl@h}Y&ve*!$;y{IkzzGy zaM6SAWGMwx43wJ^3d;~hDor3E+;^kVAN9#nD1PC{&J8&z<39s)MQq_yBs*)SI0?jj zWUa?`2HJ}@_}dpKxRdmZJwcjlQpsJyw)pU|&2@_Mp1zQ7PZV1J?Nj09Q#!A=QPQT~d^1=q4*%o3I) znjqM2SmCF49M<=7knLB-;*yK>MYcbm*X_6be>%%Z zuvF2A>Kme{5>Nw@!)*Pw#mjI$Xu-epV8cUXrnl&d;W}OVRCrY-(Ep!ohYhc+5d&>+&a z&eS@HEcAU)$SOiRjWOn!w@JHZTs~R`UFG2yUS7ZmVhVv0(!K95l(A9sA)TUoH|Av%ESY50Woo(H zepRzoyv^#R9Q5jOC`|S}@g9}-)z5YP(HMsEOFYGsXW$RhDtlJWkHvcUgPtgbCW5h4 zdHm#;z1j@X)o?!5COag~Cq+D-xB(p73ez3gN$On@6zYC$n~qCHYbFu7O~2ALg_8+&e6GU*cyX&-J%2TEX=5 zwqr876fvr!47h??PN}9 zQA(7Bet>y%dABHNm1C&K9LcTDe^G|UDL;u*b+%#R_~;Yzd-w-kKGF}$;>@B{eyOb+ z(1T1KyrlsKU5y!~Tj16v?0gR{%wA5Ti8Y>VUu}w1T6p2vW2%CQqD!e6 zQoA6r6O!c2!8E@sQd}ek50kYjzZShTdxcL7rab?Ck?nqp%!LRoPWXl1Ifm)5Y#<%% z7nfurW+)=K(E+vi4i+_c;XOE~&k?mZvKXdJEf;*HB*;mY^J=r@yY)TK)ds{xwq_Hx zBpxcm`(93Hc04Ist@YFUl}H1B%Zu=RypjjfoS)`inLm-!K{e{Z`m)C}um;S{UVmS7%2i^B9P({4^Ih~RRc=wsB zJaa3&A=}Q#$lm$^Qs1&4s}!WUP# zO-R&Cv}de-@Vvb?Rv>qG4-T1sCT%_qptVl91xE~bE9R7q-;oYslQwmby!eO!tYd)K zW&QRV;E}xi4anKTsO%iPorQZGejh?v+`nv~n*c>80P=tkvJ6<#R_FuU?i?!t-mvx) zXuU1Z0jq!mxCJ<;IamoeJ%6eBp?MmhYZ2Iax4q5!7Z`~+hk)}+HSvDwI&6deD-D2k zH>lb)pxfm2au4GF@^+~-pWc_~1(1Hc*L~Uku6Fw8#lCFmG(g}z z&M8pd4v_x4U%!1H?$^81`o-V&eMTKtpxga{0F4a*{kaC>Kx;kp2EMz8e3(zZ18XAe ze0wsC1?EJA`M>}7MeGl0+v?f=_I?w$h~H0d0z&QrW?7#BVq&7^m-odRzXe<=bfBoN zhs+&kH@=glJwc@PA z#3UXPzGp1X(okx{!d%hzog>X=5QjS$(Hcmd=bOke@q;cbvyU;2eM?1DAzyKwD0#Awc$EwW1>2s@cL=$Mi6(Z@oaQ*7z2XfT@mN z%fz$%5L00Rxg^cl4Y(k^XnP9~kp0_^&P=EWV%Sc>uhb5@Lut=46t!`^eK(q?&wx?I zj)XveO9JX5eZtBsw;Q0Y{=hwf$fBvxPsUfgYX*DR$Oom_nxQgPv7|w>1XbElS>@A* z`-hYc*IWVtTsH?nVXHxvBcarLa$WO(1tO-!q%E@{U*9fZ+e4e;jfqs1MaDmF z&MmpsP}3oIGyXtC-s^=KJM|uuRiIrO=eJg3s24cIPrI4wA-EJaV4-k{L^fnVFhhDi z)Gc+}WGl#%_esXjx`B)yWp~e>luKv`6E)_ZNuf`DJ9VA$)nJVPrtZXvBeByI6Y-stX><<8=jU5MaFpm{r#T^;0_(N7-}CH G>i+07kfMCHLf(L?YfW=*c2Pe3@1YJmQcL?t88bZhd!6Enp!QI_$cV2$~ z@45KqYA(8~x@x+nyUsZ@F&Kmh|2+UJ!n@B3np_qNssbv$!u;mEx?Gl8{B{Of!UF2L zx&o?tj`p9OEq%2$T*MTt9Gwu30|Pyl1TN2Ef7L_sr?Uq-68$a=)h9Rw6SnRR)ZYxg z5uQIN$wi~rBd||4L!6Ay+I={lSPx@R&?s^ob$6$8exD}!i=DXp)ZC{rb0c&L_v-Wl zn|I@{8zJ0jt8)J62Iuy67VO_;asz?&tgpMkR{nIYtbBt>y4<;R!PnPa&jn|fL|I~3 zcaWMPH>b;bUaqDJy>2R~#GwNL`?T8@A<`l@0qimu)P=@0nY3?^dhi%CqewqFaih_h z;W)>>C8ck!qRdGI5Vk@Gq&=ZNuF2cr+b*%Q?pMK2u?$jHRE0FOv5A}+^jROngM>sf z{ua>8a5s>mxO$SSlexyn+p&|rmNpxYt$H7(aNn?$OTeu>n5SM`7a|o5IvS^qHG=Y- zVWLgOaglWY%u#_ABDkXRb@!5M) zS^SHlsMq_?L8|)Q5%Doix+|2dO{0{r*WgF`Ye%@h@|K?FqPU_^nYg)hi0D;%>7t9s zP@1_PAY_!{ag?EaWu_XDv~u;HNk!A79@HB`b+y-&%wJs*_Z3Lks!%ghOSvx`s=H_} z7-d0+1Zuuz!m8hKF^|K)SM=Pcb+LH+i|rNq^v|d8Jc7gi5Z=SMg3%r!^J^b!CV>_B zX^=9|p7fj(uXLHf{Dz)&5ijtWVOTVd+0x*-&~8T9N{U!6ORnh5?|~*D^7hsnnr~#r zEdyIMn~-Gb#+%BN)=hAyGu(KbP?E+{)ghN=**Qnv*~ISSx5|*_>!Cw`ib3L@z%lze z^U>%RWn8xn86Mu28_T~ev&y=$8$H7E&-=6}G$?=M9Y-SeSL$)37<#oPy;AtFC+rlS zAMkS3#w&zuy6K1y-+l{qr)SCD+jb+{Na;t-!dP_wE<-t!bF;r;k}O18M3NZlNqx{5 zwvB1N{+u(_*wcrS!e!;kZP9JRhaIjk@!c_b{Twy)i#SsL03uCMUWn0Hc*O@~%IJUj zB3Pt_k|uR7m{t16ceiMMe$Qk>NzblsZgsqxYv|*(zn{p98IZD~i-cc^2A+%m{%DWm9qh43UK&NfJXNz<8$ zB|M&1vvbevjL2>Kcgti1Nn&1MOL)%(BL~{ zuO(85;uN8$-G=1mWh=7VBoJb*u7AOl#ci}}vt{i-{!EyuS{UCl0v>g$ z08$N-fJ5EqzF^B>!Yh<;mOsHc_&p85b_2{PuS2XnE>HCa@s{@%AfZAPHtfWll501! z7%tLgoRF>6S({4?b3dvh6JttLbnvVYw;Sow%Q!bn#tD{+&n4;!o@A<65AoS@-wVGM@->B=T@%|APYviAgd>SRNHtmu7iD8#&y zZ$@$)`K{O|!e#6wa$$<*u5u77Vuf%xl){mpw(3PZGnn`S$%!%)$$=Im?R z<=c!FL%2{AjcJ$>-e;OCozDd5=RMS^_D}UH$4%tbgN1MV)jj><11O8R3tp*iAsD~m zPDvgVRLH9f#HZJ*Eb#prn7HES(qg{&VblW@D5Zs`^mA*dbl*qK!dK02?qMGv5g$DN z1WoC69TB5Malb(V&jb8VTUvu|@2v^Ga+S;{t0j(*%g2@_Cuez-E>pjHEkwY}{xLKR zB;D&Q5x=ge7R+~B|GCB;mMFpgduJbgBuq3BMKiuD+zkPr|L`C4VNS#V7bCZxkfgEv zc*&8{!MJAcpn;XtW+gMDjZ~)|j2mNl0{6MR!=4@~1ev`d{hddJ(nt*De8)3;|1?U# z+x@c7Ojkecg|+D>)LC}h#Tzd-)dfHF?h0eX#dydjVc(9kZ*v5UsZqpxkiVtznB?Ut zuVfHm*>UG7<|AaFDEUiE`rSA{o} zduyqMkvtOTi1LaUMy(l4O-l$^5{NfiuaXasS(Rq(<@G|}6lSDZX|blQlnl$CB>r^7h7p}YX3m9(*0|7DsgQjD+Q~v+ah*n4N|yygFToI>ADwzh zz#V!7?7v!iyl;H!6D}LhNjgv|kgNwLmXG}q;p}B}xdiL`JEInZzKQ{n!YC|p$Y#+| zRE!Jxh&-lwMJhgG=YIQ*?33L2A|HUkq*Q@k4??ZN$g)iQcqWF_?Y|K+wDfkLQ$tY( z#ckD?qUX|v>d6Z%SYv2o1G2_SXI;{yJ_&{SN~KWM6lfDKf6Uli$tWLWwkdw&v;LAe zCrW!9xV#c6imj-;kcNGZ8wN|?d?Zh3IW}!#Nk-p(7QW=>fmYvvjFAPJn#2z?%baL} zuRIkk$9W_la}d4a<@P;iB_|T(%8Sd#)yqjhzk>Wjf<*kTcK44ruPsAOAd-Xi6DBz( zIlsjz3g-bic^gnMjrxR%sH{Yv%4I2Tl(~*JbysrYP;(DP!R$k*y%~c8lP1F}H&Ina zy6ow9W``{)2r(ELDdm~5Z;~TPYbQ5dMfVi-l&tJwIROd`ddc~v5{Z8!HmS-AQn!&Z z6G=bXBw_nC88By<@P42CB*UOSVWp?fGm};fNi?%NF8*eGlOj{>$wNo;agc*N<+3>Y zn_tcNXN|t_nj>|RG$aLhyQ%wlx(r$qYDY%OS1RV``@I&epNtLDq(>{F6Rb@O! zTl8vRkICS6$|Y}35O#0oQO2qXgC&x11QyHj1hm0X3|)5>rfO4Bo{;7=Pva0(NTd2u zyx`+2kSn!P{*^P;^yQ|t(o);Mjmt6vBvRw`SvJkKo~%}$pIqv6!p5hQ{zcA1cza

R%gqPC2iQ}CrXt{ppdpn9Et|l{>&j;BJ+Mpb-vkB2e@htV%ea1RC;cW-C&~0wdlk+>xKD@DXyX`jxRdGSNS%?0ce) zn9lORcXszz9@Rq$O6ZM|&@khl-Alwo5uYfe#zI`h_%fVWY({N8Ix;nws=jKDKiqTY zUkx(c{^7Hw2Uf?M%AlmxC5_XHgU|alP=zv%xqnUvtvOc9|b9RHM zCR;^CtcVxjRh<8)O>xH{6t9eI#(%OZGw-_dvUr&MZCNTTHi>EkS!_ zTvK|KfH%esbj1_Xy=g)L&jra+IT2~R=Eqm|lr1W3T2xiQFwg65X4ye{;w7c$FYvks z#XN#QDjf&|wip!d=*|rQE)LEU5o}EoIB$RgPH$TuA-aH%AZ(2dj4oU2_*DF;duhjV zoER@4LGAE(6&}96z%;bXlABb;Bv<-+WXqTZo&lC%#_1^&BHsnDvI1iR zK+7&?fHPz3Gh_$w*#OcoXu{E1eqLZQXRj|GeLPHutmQzC?DT`YN~)T4#nSlp9k|w$ z$Cs-i#2VmtpQXxvViR23P(oKRc>3X*8Cd2aXlXdqSwDgh?HB=0=gj4|z}eZ!Yc#B9 z$PKWfX8!;l1q5B;kPT>?J3_|5lT+HJb19jZm(yPXZT-7Cy<^8pbmmu_EhGS}jfBRM{U5NM^qZKPzk=7&^WFc(-(%b1ZHU3i=gyLBv#8LM6h0 zInk>i^fUC_hO^dgX`ycgElmFjt!=s%a(TGOQqZ35bQ0dC;ym`&jW0T0cG$@8xo$Bc ziGF^6Hu{zM-%u)p##f}BVIq-i=Y)Ff)fy7xr&VOlXojUT4|m_G0!J|`o6}t(%jF_2 zkj>d#PSBlqs^@1O82v(;*UWVp*1uW^8;xGN1M$MHNfE8Kzi>O!Ud>@0MuQd_Q8O#e zoZXF6-KQHmzW6q;ywU0^vb}yy;Jy3GSX|=OWNXesJ~Y8bwz&iODDG#4Me|CTPGfI< z)9HetK^)n~j-NNTX6%u8Uf;&)8OZ2e_ar$VXZ>Ci7Er1bAz2?V-6Sj4w>1!NR0>g9 zS9>D{N7o-TGx5!KnAg=G4PCRdv8>Q@(dEAH>5=MJ@>%3>EHkHGXjsfXwmHD$=w}>_ zgc)zDEQrm^<*;aK9lydF31cC&3g)QOMIWyHrptcY65L(-U749Jf!hM9skYm2z{_ZZ zId14Gd9l!i*hg7JpN5}*imADU^p)E%abxy*RclrE-%y3$6TROIY&8&B<_;u$YdDMe z2Nf(}2C-I+r1N%?8MSR16twQSyY_6lOLd_sMh=%c~@mI&C3IUHRDRSf~I*;H0MU~cdE<2A-ao8vzWE$F3^kR?KV&$MWrSDrPK#5tLd-e}jO33|Tx}L%!Ad%ngL1_yH zi^Zh{+4{-9tRFN)>qFsEjl$t~=sPJF{P@iV-)G~C9I32Fr_ypoBx+XEX&z%%9TIYN zTc(TTSi=uaI!&N%#7ofW0Lv+p`O|Z>6@7fw80r(Q^7e!4YJT#%Ho%TsZv}b2e9`b9 zA_WZmn09B127^gD082{tC*WF`%N87DfVyj2t*HNpQz{5+^izs=Eq~fdMrDopKw_es|E$PF zKpTPNuAiB;iSy3jVb(aSJQacIMj}e<#^kY$hBqGqlS5cjbw!awDj{lqv)*4eBDvdu zcrw{xsBP4=dA;?0?UvfnkLLK+uABA;sb?pH^6%kZp$6(?6k~H*188M8ssAF&$4HLK zrbUuk)ENHR8Zsx(MU{Bb+vO@4{NJm7lI|jySgLw01{hp5^Z9rK2<^W%c$yH8 z+^l{@D{c*6SqANT)1AhWAwhpHwyO6fS`faYMWI@nTQ`oRRDA3V4styQ$-<$~5bu@jTN8 zI`lZXeF=GAyA4qIAy-|%=Re=T?!Ntj-NGVjOVWY%XF&1>-2R2mTuWWLRkL@FI#KGe zi@^ik@xra7sx(SsN47+}T1bV1U-t12hq0F6edshvF8Kq1wi;}|2|W4hJej(*&tC%n zXH5CUPXKup5wdtSdI@~VB;L;!6C(2B{kzvu&>C3ONEDzsrD}nL3>E)(DvI@iH9U*0 z#`8HnOq|(l%!k~F(o$ntp_U1_U-oE7zIwJePMp%&d=x<(wr^?DR zqLVc1asbg&&^fz8Wi|og;J8Xj*o@nl%4bz$SW;^`ovH!u25d>6MPJ#%M5yv7oJV`g7Mz$W$6&WuIuaY;{g>e{z^lfZZ$;PXSEy-BlWn8Aq4S!mc zvFRFp^tzEB`En)aoBAHf0_+soIlXYN$vyk{@ZG_>EoE*BFsnuFY$dN4hR>YcRNq1T zU~};1wAn+j0c-;87?iqW`Ljl30$WmtS6xRhm37~xj^}4_)o&f@6*b>$t4zVg*+k+8 zF#j!d|CM4PDu|)`o~KwZUy^ zBFbME>)1KYuhHn79I`(V&w10KSl2SXSLQFIIr?BsM&aRWIdt>w3&&*H4U#WM?r?4R zOqFL4E?uiLN%K#n`H}X$Y&0*a@w{BaVoie zp3eiQMc{fAqDSwTiLn(g$XHYjhpvBEy;q;p0j$ZI z?eyR&u;Kbm=cz{`wW(>4r}bwl`3X*CYw{zpA5>U@VTCrcINX$;EzR_C9MXtV+i`#o|< zXt`d|{Re>UxK~ybCs^>MoBNZa3&@+I`9=tByt)H#QAqqb2K4}b^ zH|vK^7qV;d_Be+eoyPA8$xBLDDhshEprG1Q{=ycDn(FNJCFjmW__h$SRKwSU&{V2R zJ{vC*kod{eMEZ;?yDH(?85SokQgo16n*SgxU3}be&})<0hL(3O4b!h+3=^q~?Z(?8@#CN`)svt8 z_&L%3L>W1XIzA2(w1Yi{Oa2Xc_;nU8)gJ8WPCQQdbA^8K_350|Um}f#nv$;~(*jNo=Sp9l3 zblR@9Z>9&|CbvJ%R`B%HFc7GpiKJtb^H(e;vFM{!kJ1nv9y>u9u@q<0`!|(1ZDX_= z3ozc|xa*=2if~;seCGSInU9jkTv-MafvZgQ)1P!`oOu zbnN8}Gp4>d?1<^94II_RWQd%>P|^yMa(}hIJ(#q~y9RurKj23uWR+ef#gl7n6c`RP znQw@Y%i1{9%HZtmW?_&T;zte9)c?EBZ&YhpkIS!q!+26LIB{GsSRJ!udyqM1`imRm zImW8+Ue*~c;IFZw+;XGcKgP!Rxnf!TewX_0L5)aq z5hd#VwtzPCl7qy&5OK6|<<*Zy>LSgts%UIR!}o?{Q(yA(=SD2$%uP28lJ13!Q#?*q z?6VgoKq-Ox{knbInzC5pce+u@Xts=D@PO;X(&@Yp z*laS zPr}NI1vM8*mhgQ;MV8-Ps#|1GilUtT17C4XOnxk%@DA7Og>sFrWR`5-LVMCSdCn0> zeT~#97o<;74mu*U)MU`;qs%%UYK1eNPB-s=O)iJ0nvl0W3VptgX89`gr+1(2ZBD`X zhvwPNUiDKg&IQT&%xq+}hHvS0?U!sk^=g(5j2`tdyUz(+363RV$KF2v=)UPEY&PQE z=soB7*}Hjub=k!|L_x`{J@>p=Z#$wlop`K-hFYS+lIe9G9)EQH7NM{9lJ*J>efu6~ zQRicm`U-*+o?zIpw!zdL7HRnmYgGC7N$1g{j$VX!Q@LuKysAQXIKJ9?|-`F zr&_atYh#7)?$Y%VXnXh#)r9l>5lJ7_3dGrrB1|NZ6WU&AyiBJse&dA2UbCL4=PpU{ zvGapMWr(?D;LHg1mL#*j(p+V_bqh|$l$*WlI4#2n2wIL<(8#cZDHv3ROM$0?sEQDi ziU>A1#lA?zNX%WQbxjk+p&>A%_c)vSp-h^)f0r5yRZzmF79mjLJ=H=}ha&RbvMN_t zMv5M32+!Hd(|M^S@}|FL34VuRSA=6{5pDr4OVD5?;X@jjx{0;6w~{HsKq~rDd-hE? zLVvDUk^E_qiDU0mE}nHJDxS32mgZ)~z$ZhOYABO7@^MimK>W41i6}jbLw9fBQA(9#D1o$EEaewnJn(~qd1)TTAlFd6NLbM`6M4|27u!mLtx^hglQ+j1V#T@ z5V7tj5tmHvyiIPpK){1tKRm$>AvtjEI}+as0Eat!0cSKVcaZkvtXptgGOvHbKS`*> z+1ia?7v16L1&MHA?u<)i|6Zp39oQT7`n1NhR1OX?yaB|IaTlNR4Hc{J0BPy@vM05h zr+il{qv@nCX8}02+d$0A_5S#@^$AQ-83j=2x?Z^RX~sx4KQ7-_Agh6{X%{_@v^#;D zYqlxpH#`zASk}JI4q);EDjO;aCIdG=S@bKQVZoxO0qK7t6dL$OH;`h|wFB}hg8(od zwuQjT(5a~fptl9N#l6EZghSG1TL6b&3hohpcYbmxp`kHjVI?c8rUq3j0Pje@93NPO z{{)b%w|~K}S6;wzUCrX>d=AVmKnn--(V6nEJ28k?pQv)Z(?p+PVQGm&5#>coQ(sDo zn{9sw4DbOW{D%O}9q}#T+zGTNpB4dN+l3|1yO#)3{!@kUdVtSvA*gWBN4mmA7$nTI z7zUnS!uBG;p(aN(^?g}{{?L5D&oenB=ik87w-*p^P3gt(eC{zUe=YrA1F~81Gh`oV zUOEKYQbwL2H@8oV(^W7CE5F1H{Os)g5D@Wn0?V&0(aF#-bb$bHZ3rNEgs||UmB2a! zo!z3JyimM;v(B^iA{_q!3NHl5WdL300X(_naPyK-EBKn&8}#Azzkykb z>!m9|cN+8IKWCWJ$uNipdbb?hv-*WK&WmNV(gpIbT zT8d`v=m7#T177wV(EbuCO&Yx+u8xfTAS-%=iNR@M#B`Zq$s-J+kKR21gMdHX080*M zFRgrS;{O&y`_d*Q5dOfy6oVKxvWc;ryM z`l$VxWbEb{(KSCwrXphXgNyJsr^T=Ta4Ta-N>>6%rb*%Ubhh$&*YYupyOeHyLDF`_ zHVa$BrX+u4y-6g0>S*nY$awd2oC@aCx3qeeRI%WngI$F9qY={w{{E|ygO-b1`qXzs z#_M*2n(_N2n%d!H`-eZr3GjA0-VI{(*=^IxyotH~S&@=IBI2ty-tgg;l4Eh_`eMN&BEr|3P!ze=>zq#vm6n z3HtdyC1qV@AlI@?R1YN+2|mVEu`T?vm?;oM#eSzq|DWb-KerHires4`?(#wz?-MH= zZHoF!G};mNKSeuyy`SSVLb`C8TKb7#ea0t%oGG^TgDH5gY=aekS@F SKz>m}0?1RgSP0>W2>%aaG&xiN literal 0 HcmV?d00001 diff --git a/assets/hpe-csi-driver/hpe-csi-driver-1.3.000.tgz b/assets/hpe-csi-driver/hpe-csi-driver-1.3.000.tgz new file mode 100644 index 0000000000000000000000000000000000000000..68a3925decf1431f2c9096b1a6e269f3fa127cd0 GIT binary patch literal 9098 zcmV;5BX!&#iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKBvbK6GpX#U2h=%Vtgwem!e)a4Xwz4a7HiB)UMe3I?dmNz90 zfhIXC0E5g7D05@K&;Du-oCGhCqMSTUs$vQlbocc1H9glT#-=A|)8}-IymdMvT)Gny z2H$P2wA=0W@!_HVx7}`6|LwGo55MaiygWQOI6m5MAAZ;F9JcrOzk~J$X_#3OAqoGk zy*93D1K<%!0ycC#B4vOsWi1c6qyvh67h=L?guJ#I#{h}IW<)~l zLRqRD64Q^!1!Yke#vO;marS4&J#gEOkHX_Lmio~Nyv85|Pl+N77zY{&NrHezLy#kc z*S&K%y}p1m4P4jwXVOO=p+w<~m?l8VSae&hQH-v~!j_PXlOeV|7D+-QcLX4zng+xf?EuVR!MT9^pRBa!}ZX6ArJDl7z z?u)L|R5UwHxHe$&U#9^P!fC=OM)KXY(}WNGB$A2Kgsa!*Z=8_Olw1V_LqY?~+^ii< zAIJaOHq!wx{1+oSCL!{GIJF%jSi(KjKvMmH@5P))K~4c^VBl?TsBuK z_J2%*1jU9OzykZ*Vd5=78~#NQpiSXrL>cp%)O2FeaRmet-fbgFZs645JS;k_;v+;UF=L10qqljVoE_V;k4g_on0gf@qP-z6ln|LgYS){DH6R_bMRjms&8ZgJ%*@2&#su4-fj5{KU zWFe8%11da0TVWDN8WTB!n0R-pW!86T4+}4R!|N^#NFZ?6@u^U}x@10{vPd&E^3c9k zv=%z$^z}&(P7*o7NK#J&bTn4&w?`!YAdq*V(XfB^h!D#Es7JH=zoP$H=d>>0y+6Np z^$55t&~6h zX#D_V8g@aT)W%#+Vtf@Uws<4#!Vj&lUmaD;IsY7!$k!pb3MzpO^lu%fyN<2b1Rn=9 zLTFT-i29}h&AgWOI<6UUUMhg@M-zRhn(xNQIrR~~faFQ!!SR9qNyF=8Frc5I(aeEi zd)@pu`w3eQ(Okm7uBnQy=AJP0D(WpQ(cvq3PS-(qiSmybWJ~V;m3O(70)=)ZV8yR?lVQWv2hnA2vPiuQeiE6#pH) z+^_immq#yOKKuV|6l;71hGXQXER2;~Yy9I?$L$=tZDmVHO!_pSlA>^xE3~G>{e{ZZ zs(k(GG@DH|LaLNvp04n?ln_j9+TD-BrK~mX^ih(Ib4Me;tG+j%J0VKq6G^&RlFJj+ zO%q?r%c?gq^Dm+Sdl$WBNhG_LJq$w1bS$i>TtM+Gkwx?(+NF0mSxKm>brlr-s5;5_x3xE7k4)*k8 zrH`rMP+<}Ei0DGc0T39VCmC07074?Y(Hj+-3G)CHB{Ptw8e~5$P^wB$f-(<|DVzm) z>-5u&`KOFIO{xs>GZ!PUS>TU|gCxhl!9FHoYJbQU?uG zQcs(|6umWp=D~;wd5Q9#@w?1StKvr@&Fh^SP(M>H@F>=d|2YGVo#%~C64$$M?Ti5l7;SSDoW&vZfl3(YV@n zBO12BrFWThwZ??E0@_y`Zwcnzp%kq+NQN|uIr}_O&t3Jr+GWN3wlZFJ@LYKZU*PwI z$x5G_7)3`wQ~hP<2Q?*4pYjUXq57yt+`Kvec>bmyM?sF#sr4Fn{3nvU zBH(}xmx0QLwO`-;DCT^L(rXo#Fw_AU#pvn5&;l@p#cZ{3IAe>rqXurZX47!L877iQ zHphAvw66S#(!BOEM)ceBqD}lPF;Y%N{7LO;tF}+`W-Zm9m0K> z7oL44S%92Wa#~Hm!2mtkg-dq+8NEanP5B*8x)3oR-MoEDNh2nk9Eo4_UMyD78SldR zXDUkRu^jWYVudfdaL`_pge2lfybRhXMg|bWp(~{ z|FHc$|Fey<%KT4d=I4_6xYnFcHrqomR64%uWRDWf6{mSto7k}k)|k?<5KMX4WR3!{ z{b?MH^{+RFqnl-ywQw9#Avswt(Np{7bfS6Pw2yL`0m=-8Vn$O%1+Tt;advg_@%-xM z>in0R>vyOByy>01f4xNNC`cD8R6-4o*OJBEN+^h*bCJx8$HI^(UH#N(^=Z@+qsAUI znx6VU5248i&?=JLDlE>J{YJG?2h@$<)*q$Wj+z~y*RgNGh|l(hjekXv_Ig~iCp-2Z zKA&aC|L2FF&TlT?ot@uYp1eJ;Bm8I1!s)Kl%T=#%F#Sf^s?x^1=?eN|GcZuL%2isR z?8H=~r=~7{#jJa30Y(1LG-HO*3v_th`Xi)*S@rkTxvo zOA4}5UK08Fz+2gWH{D%R^ElmQGpiY=uTOe6AFj`@7BZxQY974a$@TTG@2<{PfH{lK zTHQ@Kk%Fn;rlgky*U@-(aeeaB8*8ji-(CLv?&|Hy0*Ec6;Z!a!Ot_*+#0lV*|z|Vz8%wDi5 zESs~1^&c}|G zj%z<&ZxR8e*DNHV7C>5NHb6m~G4ZhS4277?15kaNbzKsf0f|4)cPCM+u2!KLi-D*n z*jo1A`YxhT^0{fUgUtaAs$yLP$zoYLJs_fCKR}s8`W%7*9lHM!g=oVRk@U^y(^Y1s zT<63&i!-UyVeXBEH@(EC)&xBSMKO||#xl!Rt%7M&IoJiNJr_h#&o`Xxp0Dg{C97v@ z{W>Z2T1B1O|OueJpF9Q_rZ%D6BW*d8=Iy-j#&u*{ziaY;BfheS+gZm#zGR$0=pWx zINMlf1K7rUa|UCbb>3ig9lEy9Bl z*@N*G;49_tmQge2FY4oUgvm6)Z0V?#>cz4gr;jo^W_YllXynsqxM@e$w_rum{||c7 zy0copT^?A}ZwFk)MJwNFlj+lbdZE*Wtdr)n|1raWbO+DsF~EcU&9tT1j7y(q;qfb30++PN8;fop&$Jgd-aX|AZ*$|4jgCeZSkk{< zIR1!XbRF7!EV;CgelR^VoaLOZ+;m|7#2iS;n!$(-4M!hL-Fo^!Vp`Z(GRGYzLb5P@ zq|bz-dR|~7iIB&4m_>X2t^3R=-?F6JEJh&nTvffg@`wcKR_8}?xvRR3ZI98`aJ_3`nC}4A8=8I7 zPW|z$QeoG=5#?{q6xA!-DhZWkY=$ycdex~uVLjm-Bbm3s*--}U1&MrMQ7{2I*o6Rz zk6ess40;!ZGE!6kMhduZ`)WOFvxt8)S>z3dGfk4m824#Z#9b$}8r^bff;vZ9oYp7` z?;}aAZt;?PU!G9D=L@!J!*at?;|uLh@u%{IiZhmkXE(UE8+=L^wP|hj+XEIV)q;AADCyB6p=D=- zms&Try=cmqpvq#vS~EI-qyE}!12>qEw6^aFa*-<_DDL~;DCl?##_8Tm7*MApxC9JUqeBu2c)%D-|?asmT{U2K?h4E#&M`bz1tL#`=M*R$s zwKrL3TdL=6pDu3!F729Lv_rc1X=x>6VMksUzBE-!UbsKg0EPPtN@xt!&*Ij;#x8sT z8u@D2c=*j+`B5r!_1{EsYu^UDK>rUq?dtvCFWa5x`#-i)j5dC6dK$W~;6=dLT@piM z+-X4LT0d{pDRjeZXSG7o*wx1YMvsW3Bgj-xKcZYgUP*dJc2~Y>)@4 zFATh0X9vu%#y7c`nB$nTM5Nc~2_ORQ5h4Zwi-yQ;bs%6Hqdz;nzDUogvRARX&JLVp zx1K{|ghA+vQ7fgOY3`wIbm0y$Zh#oEB=BK`L9E)sF=S)Azg;OjkU+8_$`NvB2WSL? zL?&EciF*@0Px98;>*0jriK5K3qK^T)2XBPlovS0J8S%IR zUt_OJJ+<^yOYvYU633MdeWqD{vp?zT``T5!SH4RgUoc>;m0ty}0C$>VSQ^KHHlpE-_$|;dQre4|9`yyvYP*GAMHQ;|80~F`TydGZ|xwU4%kK_fePTq2nVVt7B}xv z!iH%aYsU`LApgPvL|tP|nT{exF{*m0!L-pt=Q)~qjwT*V#MbQpO#d&|J@qRui~RrL z%gX)louh-7&*T5Clr&-Nm6FBfwL~qGJ2ua>y=_3F0S$AAB#C^&{SD6l6jmv%H49XL z^DWK=71+7y8KJ4}OT)PW&KcACX@6D%7jtZ@$qLsd$o~qtdazLfC(#h$`@22(eyr5u zd*Qh$x7%yFb*&9clC`q(tJ1jb3g)tjoqv|e18XDzZ!0itNy-vRduy`v05I^ z6#gt;><-0qb~m*xRiA18QO5%3pJNgkq0N?e}H z<1&Y9`CH;{;g7=4r?%XiDHZ>Jb$)X8_S_BqP2!mE|2qf!2i5%l!NJk<`JY=UJMg-9 zu07+K@r(n;;h&iy*OnW+5#iEt-j5JI&8`01i;!>2-W+E0xASN2mR zu^OA9?=;~GJw?)oeiF%K53b*wU+=*wM)KXYvRhZL&)?|CCy}U!4*G_K2t8@SBsoIL zRU{OnC+Qf04F=SsB!HNBcdC&bV|O>N5kSvyna}RP^phLQ@EhAP@J=-(_d8rfmX=@(Rh*69;W;!5! zS8P{`=b(3TrAg?S!Tv)r9mIs+*n~j|j}le05Hm4jLXFKvtLAbdt%d`p+^k};)JhSk zL8Xo>z4UAKxZp$CK)-(7J8vrW)hexl8>vfo=#5QI!g0O;^wO`PQoaD3q3}4>cePdD zu23`}gINFRd}+=u^WLpgDuBK?Um&}UsD{KhY^V)Y;KC`1ppU>JrJHa|qXE0!gIgc_ z$x!`}oOq~y+!G$%YWChD=ZxRFdL`(9<#3%Z)vQnn>qV$VKM4XbK{33zH8*G}_!omq zCVLzOMpFHKsSN4uu3JNXv8u*8<2D~%`OLfnl1LU3NxhQnsYcW5)9Z`Y+a!=QCUOKl zW156p#;Sv{Qd=wQbBmQfq)T9w5!VRxid{v;2qS4N`E=u^+S+Io|14q6m-nWXvnLzI z>RiabsR63T!Vn|h*!FB#`pIh8goHtEK893|lD@uIu6SdJ$C`!1cw7B|^;;nkQkfA9 z!j^$mxO8mSj6(;Uh1MEy9>)yGJcy{2zXs&h=X$LyadzPwn zp<8uILH((<@YW6rZo7_i;`=%_)0qbqesoQPv%eL|Fp3ews)xWLsAO@QGXur5w7n%bICk6F0NPqa@l1cpGhb|OesV+7* zk&-}3LBxvvp+t?1k#p+%7#VG|4pdm?e~5>i_$lvCGu|iqIp)0I(~~H4Fwu|F2z0^{ zxF<$3vrm}nZJqdWp=UJNXK?xMJ#cI$N*7?D{6#-t_YvF{nsaMt)N>|zLa7W}F+6|i zf^jw~gsTHpZ&>uJN49W|^M(qe3uH{Fc2_CetYNd+s;Z<~QPU3u67G%6^Q!n*!MN5l zZ5p5?e26kbQ(#=$BSmECyN8Hq)8csb+13Be5Lzu_5iM(YLCT_{j%WHjtxb8wl-L=R zRdwYoF#-tz4XI6^(nya;_TcpD%qU63B$)ljzP41#)|8x2hTp2qNuZC2(W9S~vJmBn z`N}$gU?GC1^S)F$*^qIBm=jM=^c9DT+JrFm&?|-0V@fPfFbHqq^vwmBJKchb3)fZ? zk$9tA-ysnxhi{urffDX;@=ABfr@idwZ?{1BFiG9XZP8fWx?r5uJyl&o?iA7Jp^qx? zQkDcTl4?+=c=*WrG!bjwlfV7i16vn#p(Iw_4zskTM)ZiIW1G%zsLm3 zH(o09KO~Oz0-6vvI0v+7|Np`Mab^DJ@bKVy{pVK7g884-CVggUejz=zof)5}=IWoP zRP^8DzS;Vp9@o|MxWDc~utn>?ULIHV|7H8|`TUQq6uSa?`BJJ4T8l54k8lwUm>T#4 z%&ff_c6p8U^y&Dmai@=xr0bbZ^}+a8cJa_zb})WvZIc=CvFJSwQAiTTU5Jt(D6V?S z&ZcuKr?q9Pu7~Cvqv~tBblWUuGBmyJohyDQcBCt(I0?#V901|57_-Ba98f_i_02`| z`a2b#o%Aj~9$b4P46~)#F=sJyNsFs+N3ovFDJ}B#^ZB_h=!6*?=+4UKopn+KeQQRI zNhLZtUc7amN(?KjhwDf%B}u4XeO4hwxswkcF3!?4kX}JM^@*G)<_O7E$Xt%|G6x+ltpt;)--e>E$K_bIhj=6WfK84Ag4H@CmHm-*kyVy>e57%rWU3@t;dyq zFkOERrU<1PXfMnDwEB~E!To)_w5hFqO8Z1 zS3l^TT(#^M7Oh#%(B4 zPf?NP8FoF#e;N<#$*aeH+WTdL$gd+3uSkIUWYbjWiISy=xVFb(4Qw7e6K74vtZppQ zQD4Up@|O9y6d45-1ohD}cwru9)2?i5!BRxz8xhz5vNMww(NR++U6@jjwOLSd{*o@>g?BPlU}g;b(RDMq| z!5bfAWiJM>e{?*PKgJGQF13_pS(6_H-1Awoe{{SpVTqEkZ_KG}sDK#LonFSq(5Zb| zeT0rOy>>f?UItj$l#@ZytJ@LvS0gIGTY`HU*yZV4jW&r?w`L0my^%fwA*9ib#c>lO zzcHDx6k_Cs8j#&Rt9>6tflSZd(o49J__Otzr_jX$m0qTkGWRsAqtX+&=5$ufnV)zP zh_p*7YdSRskjkbA2xPMPL-dNC!y1N64o(*;PViQfn5PeD{>Hto! zI2I`NK7`HjAO$_Y?HMWC5`YY0Fww0C+G2Wkos&pVjAS{oHRmcxK2de-$pJ);#GYBU z{i?Gbi-f$P>_#EGk>LV0St`!k1dFuyoE8S{uRBLs*teGkdN&H+jp346%+3aI&|Zf# zC7|=!aB|A`=Y! zMXfimx7TW&05;kW#Pjs6#Y5G|lQ$nuj6kHPfGPzb`p}e?KEbR%ap7tfk2Kty{^Uk| z{UCYK5NI^KvFF3hWn2l}wsitaahr`V6bCHW`7M_T-8kj5hc6Xtw?pHJ6ejF00R1!}QpvD8j1cbwmzEdN)@|7Kg*+{tFn{`_u<`M;y% z>iJ)X$4AG{`QL4nti!ub6UKz={q)`H$u#L{kX>k8l;0=`wqs@WvT)XndShm8FiJuP z?0E`ya;7<5SwA$V4rG7ob8QTc!rW4o2y?ba5R^{%R8=$}JCE3?Y+|tixM-9bUVk`F zq5Tg(Atz@@pRoW*RAik#FK4Qq>mggI;pNTSg$5T+#!0tz=Pk+R>at}gAbB#~kaTB# zveZdGRpQfh)qJ`OYnp3lPv7RW$9erFsgIXBF=!F>Pp$IL<+(hU=c3F13jhHB|I+o7 Il>qbr0Nu>#u>b%7 literal 0 HcmV?d00001 diff --git a/assets/hpe-csi-driver/hpe-csi-driver-1.4.200.tgz b/assets/hpe-csi-driver/hpe-csi-driver-1.4.200.tgz new file mode 100644 index 0000000000000000000000000000000000000000..22acf87bb55940aedbbb6c3982cfbf6818315ea7 GIT binary patch literal 12871 zcmV-NGPunjiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMZ{bK5wQIKDsYujrEJYT~`<;a9Syx?Fv|wrAto#PQe8Wa=t6 zWkVz+VNC)Y0FiELM+6&#yyWwi3r79 zw1}q$OFDA&*c}r&iHEVkTy?`#>Q~iV=C5~r90hC^Vk$*1L_%WT^O+}lNC+&2>h0rc zH=^U#1D-uH?u$XIqi}9@;MRbd|8*81AzC3K30A5v4iO0~4O4VGKA!%6b~Y^lLuQU* ziXI-~5b;(i;RTDihc(n>qQYZ-*J7!bSCBi~dFrmoVZYycZr%lzm2vB=XiwTK!RC%Elv}ruwt*<+Jny%B7g`$@IR*?KXgWnhe%57 z!-xdB!#VZ>#4$_}CukU80g}NGL!<$A;4GXV)L+b&IP$2Mr%O^t7>WcaJj8RQg>S6m>;p!~P+56LL zIF025Q%O7xu%$=UdV7MRp9SUvXt(V@uaOW+|LC7ud%*FS2+3y{2;H3b%||6%{+B)9%=j{C>E_1{MO*S~syhA9aLAh6WRT+Sl=E>vXkCU^jU z?)~vcOZ949e2WnEwF{=44PYbvxAxPzE!(dHJ{}Q@p`AA()H`kH%zJ68qiZ4#R|;VF zi?Kdc®#Iq@<44wA>zgEvR|PZHk7Bc;CDojEW}ef_t=^NeF8F`#seQ5*y__$@|( zc4PrXk)A=f^$Rx8b$_YGP_q#*#2$(T2Ejt?IG1MLBZ328fHHOh5)x$uNd{6GNUw%7 zO_TGhTh&*Y2qMDXez$cw0_!3hAl9=J*3H$w5ebhZ2$aNv{tLt>2#EH zn`>@})%iJ*)=HGU!oNZH3`J;20wM_(U8O3msOf%0|6m;22km`$1!D~GDkEP0vt9Qt zp^U>mv=9E$-iJT_$V8A6A^7kY(Iu=mJ($b+Eh2W@0I?yK=pdD#Mlo!adKSqCLj8eS zP_v$`5KH7Ei3VvT*%PFjM3?*=tNGN$z|cWNQ9j-i;0KC01jFJ0teWWjH@RAA(GzYgEGy9`2iFr6@w-_ z$iC`es#=hNQU}L0&Vu>u^sfoR`ftpq#KWhaXC!nHP)8u!cgte?Z6dZ+i#TDN$eBLw zywVFMWzUby8YZx+9)c6ZNvM^0dp5bGcO-!sHX_f z?r07~zR$4`?|yi7dVYR$aeKSpE_R&0JIVgKWgb0pdDOv6k`S|4zB}rR608*uV&0Jx zj*&0k9lR;dp+G52r+GpdPO;RsaRSG+x;Rf3AQx!iwr<%)hv!Eyv6DH*oDgbAU!Stxx?;ftf z(u;xZxH=tsD_q@c)sTP7oPJWx=^P94&nM(^3x6=}>tw+kQ!c^b^?;t(yxDPgoy^Wr zzXPTDjF|;nlffntPSZNm5tQYdVU0#Cwgjj$CW8_#!_0Ct`jlWRyt8>z{TAm6%Ua@b0MJh2w-vk3Tg}h_Mm&}S!7E-KYm|RG3gRHn1@{Sc>7%R@F^<>PK z9cF#?+X$X!G=NoEt%;$&9pkx%@&3=*(FqHi(MpbJN(aGVBxmP@58z)#SF~t_D{EDw zlfg48H_6M*@mdfSwt1ahz7SrSkzQk<*TS>ENfuy^a%X8Bz@riNz3;Nlw*nPa*6$hV3Vz8Jt!e@zr($}#dLXc*vi zka+HM{ibbU{)Z;fdiMbr&WracCU>{c|E{O0n@#m(K##oz93Kb`&k?)voe z`=>ibvDBzGjLXnj-~`&)S-VrG%qK~-f-h6$qu4>eZ0vU>__~TSl^7||sNnn;ypHy1@Q7xa zla9rXg;}QsjzuDx^Dk#uxE_StwajWSJ<;0Uk=7>9v>dTvTTXhcdA4PgpV5rV9(`@V z>s}}|)^(@nkT$#-8}7A49HlP2QXAc*nn20VNmYTWX`H=3y}tYT_TpwCL2^UY!Mi@a zz5V6W&G`~AtMDupF9{_QFy&<#^cA==9M3OrPyhPC%G0w?S3iBa`FMJDR=Sb{Xe-mF zLC)aXkrsiySet8%O8iacTzF2VB*0_rXKXRkJV&?WnG5;;0KT?w|L6AZ^!(%HRr}XW z2NVSC@j3y1Av|PiUlc}pVsRZYUvzZGhJhrj%yT{WfMV=p9|QwAK@t$1nb!pfEaM0W z6~xEp`fqAa0^+y;DdH?bV3#SkKILMZN*B5L2$RBZp1_=ICm{R;(o zk+|AH>pElkSc&EZqxpDR`to`Q+gN%XC!DnaQj-&E1+n5VeCbnjF{=ZRf0`~`OpQzB z*Vz{_?UnU%rm+}^nu6_R|6jgDgvQ@GCeGLyks#03E=U&1Otmyh!eM}AOm*G05gB*? zAsmayG!YNY>%}gW!P^>JY;jDsXt>`cHdN*vIg6BR*BgNGV#ac*cv@w6*Ker9;1f4D z%8Qs($+~5*DH3_LXz&8jPz%D96B`b@*9(ia!seAyW1ZlBsUWBYSSA%}CBj1VD#Sy% zgsX+-c5NbA% &l!Z3;pxl>jm)$YMD#s8D;2XsT!8E&lHSA_<~6i^W#Q<*;>cfP zXfHq{EQ~)NrwS80>Kv2hR_TdGL{YjznNgh*$4@hGwopdt#7z$`KteQJ@P;JC)3SNh z@XmZfksar`&fxM?wCSAP#pJXb$G)(v{8)J)TSj}qc$w%|lTFF|MI5mX>zOH-`<%7Zb3@dA=qFmXG0Z=Cpx5)jQ8NDYYlJN>i6m)-Mjaz2`rURv-^7)Q* zvnH1yiZKWsvF6ONM%k>DCva4u%=9VSLjG8Bn$BtG(ky9*T#~A`+}D#!{ZwwfbdjGG zunpz?Gg(?sr)HcRIM3;uZqB3Hs2{aJs{i{r5>IH-mkm4jf*aclE8|n4xNDYj(@w@S zQy@XBf)E>Wq*umnz5Re9;#@YVQJ%4oEKGjV)r^Ub&~GG!^YrS~mDev_!xnT)LnZr+ z7OLhMY4@7#pg zifg)EpL46uEp69gdMW4mJIDEEvcDtBQw|UI>eRv5a#`aQvf~`jUTnBAx3KoUk z8Qa=tY|nZA^_>`Bn(d$Jh%Mpd4GWFE^gGRZLsCXN$v3rAd7}SnEMl6;n8N1Vuw?nJ zkKmjUU0eEbuaq;1-<0<(H}%8!t}X-GsG~)MA_CyU;vXJ(f0! z@NyZ`Pa1`pMA)c`mxGV}@TXcmQ?TIWpyoJqF9)fN^|^Vpz?2Z%z%{V-qb{pmscjm- zS=$zUGJA8QG0g4RtVU$#uC13Uq56`tYu{qupl51z#WT31OAO#vsNE>&Xg!Od&WX+{ z;bm_hu2w1`YR*|(tN&12|HG}avPKP%`uZRJ{>jNn{`>C-hbO!GAKPe-Z=BTJX~xdE z3Or4i+5lO*=ww=AvaXzDwj^SvisYh-k?yORyXj7avH|?wQ8Rhf{fPuvbpM7Wv`6Ys zx71mCAAScyedXjH!ykV<_hOf{+Wl{AqcyAlEZqM`2mRxG{hxk+SO0%2&Fsb>%u2)H z9lQz{dx#@wPY>GAzSY0C%Qke|l=rht(%#qQQTO2Uga{x4IQ}gr9Qz;{goxedu^VS{^3Zq!Y9P3d6!Cpg%C>mp3>eC`-V_WI`hO_zXrbh4z zMH7XYnZ*zX>=C>P_8z+04ymwm75EZ)omr{IK`-~i1}KVh1dgL*d$;chh)u4AObbl6&u!uQXFX0I|S49l~;cS3T?|Ps~t}RS3m?QAQtG zzwerHS?uaOG`-apz_bLYeUO29Rf?wbFsGwhYi#F;lMr)s6d|77)64T)5!8<9{*9UL zxpmmCt==l_KdUo55k0y6*FSudv;W?_efwr-|81k`gS)*wIJ>=0q8hNbx0j7`EcOWJ z+|m(KZ&hhufRlV5DPlYcdPQ2|{iXjGQ(-mYOfruJ1NeM)UHHIL4yHY)w9}oJxpQWG zp8nYIV^j|Gr}z|A2E0A15Cb?^?Xy%FXiYvp6}|K?PuZmRg&&`)`_xm8Dw*kS=yNRd zA=dvK%R*Qi|B^(y{pPJRr|5NdN1C?y^A5`v|F5hDzgC6tUDfCkBz6|v|Cv^4|5+cd zqn)_*tiXlwzc)wu_<#TCcxV4@qix9kb3OjGjleQs8?gj)fSiEx`4@k>41m{Z77VJL__1U9O76bE~{vb6TbSC)WMy z%e*bH{|--1`nmYu$m*OAd^@%wbVBL$7Dfj?8abgSMgFhPL@A7NS1l{szx~ zo!q~*PJtabFYzqcA?Kz~gbT};nDfq<6=^-mdgcsQ^Qk&>DpYzv_U~|32iDZ#h>kJ* z@bDUbn5u2@gYdcuwYtt6+;_+b7}s{~4^#Vz*ZuULBNPbS-cP&34-fFiABLLKyit@l z;PTzwZgT_G`KR-B1$_}B{kGuqRQJ?hg#Dt;tBY?DqJ~BF@uJr)dzd?3j1Wg5me%mD zTAz6@Ly@J{q;^HJ>ruKInYD2K;r#jBa=xnN^#9Gp>G{WtZs>1vjC%claCG=Kum6vZ zj(72&t+YLOe|@1f(GiQbuCX>j{tfO7Qr2 zs+55z$em>|LVf(LJCR|q4*{NHrICcj!m2G$7U+oaP$(U%rJ0XGe@S|%bS(8@ey1UQ zNg*O6l6VvcN*g7YdPKL?+S`L`jcG#DkQ}4Xovc;0@Zay?pnGuA>cB@P zq}#(+ZaEpoM*bs?lPXKtZ*|}XdkUqWhcT7$Yq`5}kz(ynD5fng#yazQ&jw2?BWSn5p>X^kjf>&SWcpoX( zJvF}eTdi{(VSRZ37=_0P@h0%~Ed5TkwFuzaP?=XRVDieHCHS3PnCybSI=j8zSLWXk zt07~7{nx;hL8J_t`3mS&v{>p7y+DX&df8^LLB!rf*>!n-fKRvjy%9#rtWqo6F${U7 zkHnJMtTKs7gzwD3TJp@DS2E7g_34d9;o5{tRvqamLj2B#Tr%S*RyB#(v2mRBXx3WQ zKbUPeVoGr;5=*@)0_AyYyV6VERzEvhk&X1@_tzI4wSD!L*1!$dCAW*GCUDbg{SI)Q zybZbbJHR;>9w(7TarLGFnSu2`TfcXzTivszS`N_ft=}PF;}3X>gEAC9u(1|YK^M*t zg&_t;)!u}ALPzZWHQf7n7?0H-k|PhRKOPaM_nN%-m~+POyE+qm#O82Yzvn||nNcr8 z&H8Z=fH8{U)%|Jkh-N~;zZ_jLdCjrFRH}bpDM5O_-z`Dk?W#xhiBQaO#eA$-jqwms z51Y>C<{6+^vJgq)Wq40bn%th=Ow@Dnv)>e-jLtP6=mJ zpTf*Lr~1U8rRUa#bM{CBhWt6KuLuMRBZUeH@Dt3ltEI2NTJtOXhU$-yP!h)BJmles zUBz2SX*3TDp-dC!m`O4~)N-CXaWX1nL^r6?ZME+2?^~L?l~^ikK}&PYMuJN-X%Kvp-iBGnST0jg*-Sb z3(3MezjZAWXyu$)cL$ESm~2RM>ENnEqSByj2Y-l%*porB#i(!*Fd&oJ7AEC(?d2YI zXl5pz5ri{m^BUa#{O2ns@t^-ZfP3fJyo$Jkn@@Kw(%AR#d!kogu%;w?V&L{GnXH^f5TMI3pOcxoHzLUeaYsOQcp zMc3OCEW{lTO)-+9gQ(xZ-=YASA{t^}4NsX&E1Jd{O)XK*ZqAi(kdGKs@X2U|bx9G! zTuJEcHQeX8%J7oul|UoH9Yk%iPcffM)N~U{1~GLx8Gj=}Dx%FrTMeW8SZE<(k?Wc% zJdz+#riI#4m`~M?vXh#R7mGyQ3@#nc6z6QuB5Mhp%gVNC(Kvd6BN^cr=!3`DZh|$ML^AP zC~%!ey@#3l(aRXuQ-Tb6)co(^?87DagsXi$>%wh>Ju;dBM&4w;k02HavF|$_fh9cP z**m=pzrIfY{Pi9XAIFK9zjx)qeHV-p(Q7WzgI;wH`&gM_YKH=*Qn`4FhEJ@yyYLg^ zfWK+A=`zD6gxCMJ01S@svY4`8HnM`$a2*K!Mz(RzlYQ7OJMr$J;(`?z_AuIp7Lbj-du#ax9)X_ zB4KtzDoV8aQvM#|v-yDL?nM`F6tGmpt{q^}3~K#xpLv=It@%z3_{8g<#{oWZZ-Rxi z+v41Pt8&Qwu07Szn{R@HNZB`%DKR!eAqfcLW?{aTklSO_!;y4mls!H$io|y6CH!WO z>3jQXYdCQko!_CxHtes~FbxJhGX9|KL>mdZHH%{W=%&FhCHFnGHI1n=V=*@&E31)o zjRoY%E?gU9*Bl4Y84w|2EMCKJF%~9j#CQ_H(Docwp8MAc=1Uu_2K2rHsJ#YHYMkVR zvv_Qj4aeg+Kzxqp1W}3u(S`qEv5C0^g26u+p`hk;8zAoil*WrGk=jY|6u;|bRKQ0p zco5(POjx6UDB?42(M`T2P`T~9pk>v@D0~m3vDaRsAwfV2!)I6a%2Ci?q z@KGr;A4^06qXW)9U46c}{Oix3FR%XA4gGcWKn|1%Iej1=rUI)yVNP!~cE(Tx!A9~? z>F>bw@*Nd;8X<3jllS4U+fR3Zz!<)MxIDYKy1iHjVGCkkZ%#{;?u$K7`QBRY{0Bvm z&N2$|2G4*N)&Dpu-2Xa0KJ4$#f40#Uoc}C$=u@@1oj}ocPJEu5s^3q`?SGH^ru0Wr zG_d1wf89i|1^fT_=Ra7|8J$)4EW|P(;M_IzG6OxOFCl8)d#5Ty%=^j$G-T1 zgLx{`nT{si*kICm8cUj|H9-rkL&xZ65@I1y7!82NLEvUQrPVRJx%!7D<6c1-o6=zU z=QeMDV3MH?TJNtf6g3nvlDsL7g6u#o0O7F+rv=JP5m-G>3oJ=Ko*vk2+C8{H-XuMs z_RKkyErQ##Cpy|Sxi!(FQGmu>Co>=W1CTt%DZEeA2v(hX#wboP`Z21MvgMD@P) zEYjf<6Z+=j_H&y4Xi&6~hP10_j91FD)p)5c8A>GqN#*DwPhw7lB%VGoMtXlIoSV3- zhS89&X;C0q<$|h~J&q_m&ZDYq4}B7nyptcSmKMo?=3u1xVETOW3Wa#-(a3MKY}Waa zJ`kY;pO^ptl}H1USZzgf62g33Agcy1aaaz20ba>t#5tN3o>D9y8Gl#?^W>EmfPEa3 zrmXby&zI*(z_}95T2vk%qor2(mtU@5z!E2?h9z)2ntmleCo5bkc#M2%EgYev#r@Ng|Po6)uCU1eQvYryJ=PSe^M43 z`yEpjyR*7Cu;~8p(Q&T+-{HZ@;oF`4zm3+w;vQm&nw#CttnTuv>*Xf+VhcQLfZxnv zpKI7<)_6Gr=2Gi~ae0ND+khSYhEH0hraKCVIUF|K^VV*912wgaQh_*$a4E8xJB=C5 zk|-8smffUV6i$`Y&nTJ^<2qZhXEPOzVh~;T;-=O$*-MNiNLtB__!#FeTNcp!ta}-B z;M~M&3vbkE^AemEVdmneZ}yfxFGo~g8?hEaIYKVVm8v%x{wx|VGy2)}-!?e-Ek)6i z2&h*!jfFl6ZG^%ZjdzaR7ucJ=?Z(w@owD}F_0Gq&HYg{!~jP-gcP2hQ7k;2M2mOlrclHbA?c1z142 zne~@U#L!2iSBD!Ie&q((Qs$tJx-75-%OWln#$Z9G6(SfOJvXCKA z#lRtozM8>*wK(KDCS?ASuMbj+Lb8@gIT4dAhB$VT9f`=T-F6IQ!96pF%L)S_H(1tL(r0 z=sSb#|3a&>|8n1+TPqDdeaxm~hKjZclnjyMlFQuxf0d z!J0-{)j&miEZ<{yX!I1VO#bI~++8MSZokRBj7C_P|Nl0h|8sPBvdjP3O3RlHT{r7K z74oG_Qzhy>Mw4xAoN~#L#N*ijt{BBj>4MC0im7y}9tK3nzgKinLOLTP%5XP$5vuRg zmUXF3>u(iu`b9>)RA`+FH*=1lki*{@vratDuEGtZtM1E8L9%6w7JWeom zFTXp1l60b7I86rgs)%egme6(IU^ufc=K2qP==HQnA$1ZqNNrKKR zy3T{?<%-c^?^dO{TJIJ?PN`+?6to&>Rb3T>FltNaSEHHj2)<$# z#5A9-ksKDfSH;Vi%al7F;#E4qXE@EpYX$quB0nub8oNqa#te?S;QD=kXw}ry*0Y|c%qT(Qs z1KSv#It22l7STzGd6O1_a^Ju-4)dQvFsSE#Gz4wJl?l2M^BR_PdL^fB)Q#!bnb-;; zdI2Yh`hnhIB+p4jF07hx1=3mzRAal+t(?Mwm)+56gk83n@x0BeZ(Y|!iYjgL%oH6( zpeOo(XB{)k5JjevLvB$Lxt<#^SH>(=5ZTaZQq9KM*(^f8nTkO3Tf$}J$=xF;Ca`sK z0?&EiuwAPXYT@Qv=Dyl<+g>lBEpPuD;kJweP;dVq9K3m(|Nhs}@y`C=PV00!unh+w z;hL>`0FM1r53%me3fm$~p9c#OefHgPfs>mdBdoo4=v>EOAL_D;!V%w3%R+ABP zHLcPn+Ju$;9S=Es{!Grl?~MCZW3ITwv7MYi+}YXa*c> zBE{5!XDhRray^8O*Z`bL7|GsAiz)Tel0b}$o{y(E=%I*oG^W&4t_c0T^h+o|Zou66 z@d@pnl;Vm$gz6e*`b#KD8CXpHh!IoCHSd4~M3?f2hoQ2N(>hp^=_1RN=_}}_9H-xf zOA2Qw#K9R7*wDMMY#XA!BD3fysy3s)`vtrb`e!a%&o_>_TV1+~t!tKdux9m}v&u-W z4i(qAoP}vDc02XTH}E`FtMrS;iCvYB4`bm# zs~{4FvHn^?dH34eO%?af3$&Ym-?M&^-3UcV;7c-F%QKTTY=|+$0i$EF)QMRJ!VMlR zV!>SZ+^S}USt(I8KAB0BZvDjcvtlwAd+pvv*z1 zZ%_Yk<+;?{<}6Mqz0CR4vr^-T-b#~7EdA!}{^M+4#Cuh=)U!fC-@)vyk+I)#_ zwrS2)^ozMdVAj!Zut3+7_ZT(x1HIWw1S?IfC=$s@taw^}j>$?}vqq1aL%&2yJA!^u zI%QyUT&e*85`uYT{u$4rT3w|~Kv}|L;_@b%L1 z-=#7?Ok0ru@#e6f%l|t(?C-w+yPdY3{EzL&ed_|g^^xA%5br#;d*!AdJY{&-MDJpO z`HyL!EPEb@3OJhf-KIl4Ur=-7F~5Zc7OSH2U^Pa*-eRuHvSGi~LLkkeA0_IzA_4$t zB$ID->u=z!>ajI+njRdV$xiN-lY+FLBrfP;sPnIOFuF>tLT@n*w*h8p-z<7vIMY_F z^Eo1gV^In&jax(4OuOaTu)}mtFxPK$=$Jc763E^+HXaeGj$T*>D~7C`3?%a<7Ze0D z{mmR|Ka97P7*o!)T_MO+0>Sw}U&L`|{@HFnB|?=|yg10z6vy(H$`W}>!eklwROqvM zgv{|BmO_92T4^RySp=-ea%nKEIr>$;MXCEx!Al!*G63c|@l`a_9rDM;o|QMmd=WIQ zjhw}#shV-GfGk)-w`;O&GPyZo&T-UF`XsSKXh%I;ctoM#Xd$ui;H&`3On(4AlDK@Z z8a9q5NGzJL$%<3kKF65l_YJGgMXt?fol6f!kYDtfJMa@CLCHB+<#fIuFLu{fZB6`t zCmno++aHVXe;gkj=KcS-hle}=e;e)T^1n*BW(z?8#~LlW{E>fL2n7_e&V>W=9oEYB zstE{`-dSJg;>XfgKQcEyO6i)kC2xGBDO-7Nl->I%a#qt@AIZHBcWKwT_0iuu`R2Q)>ediVmw)DI{h|q0|W{jSv~ps@3Yk5yonHEvzs7w1g^LZ()2z^tt;|0 zcS5Rfg*a@!+MSTaUzc!xt2wyqxD454%`g6HOcMDd#UC_Y4fwG)>x0=D~cMIxn7c6vuO5v@3yI?&^ta-Pf`gXx8 zz8Ng*pVizgs7w5u;3)I>X3b@n+7gbn%^^MT553NO@kb+g}15?hpX=y zl-)GQE&fXP43@lU(C|}w6^ZrJoOfDPHnH+3xDas3CeXSBsl02jUCa5;Z%C5>ZgNYvA-THw}s}Rer3d_NGA*PW?TDHEtTzi=0JUanXH)b#ELr_-;{k z0?muOchF!)jVsT-jN1ndXVmOUD0J$o_9~{$Kq5>(Rk3{`mH6Mb1Ao;K zzq(LgO^k0lY5%z}!lI=AEPkf#QvSb#l>e%L?2{z?H*;4Py)M?3p}JMF7x`+ucdr0psDoAFtD0Bs^XLE5k94+WlLPNaVLh&Uy5 z>^^oRiR$qY(HI3voN#F_xRKkl+e`gHFaeChkTI$2y}=NJ!1^q@ho#rk1DpT)UB!*= zC}{$c8p8s2pL6W7FvQe+)kAd(H6rFi5P!UW!WrM-C_o+#F_m{pInV89-vaeM z5=z22gn*3+1($v&RrJ#ao#v`FDWb=0NQ;v#(xMR;X(~|0qO_3Wn$%FR?pVA%=1@jm z18R7oFYZG0O_Af|;IM2rVdPCfV4)pZGBTN_%Cs_@DZudI=c^yrB~XG$Jz-7`4!6iE zzr{GlcRr4kycogZ$(u_07&&aI)KijWO?o(E*OTP%anJ|3YskX^VOImx(lNcwI9#`-PgPkIfgr-5CaebmFoR4wakhysiR25*As z7(+bZfG1AfNInxeMKi&Ur8{q%j-qyTP5F>~< zVXEstP2#*W^V03uc*ca)Pgf1Tt%)l3zw;+|dcr=|Y-+OqH#z4C;{GGz_|Ae}wA=@v z@Y&FEFBZ`x46#p?SFH@VA@Uy7Bz4eob2Lam*UvpgWm^o84j9bz?1A){&h+7k3S9*{ zW7(>m&avb()raZqKlNO^HWA-<2kVhY$UDOB)L?fqT(C_V*?F5Fk=C9?X3+Zj;3PHs zUMGg$of_}XP|3u>*$9sM>rf^Gw4N+Sjm*6b>>8`pbezjDiNFE&B-^O8RI^UtE)p9V zjQZQt7E?@p#+xX~D-sR^yett6{6(`ju(vmBld`LKKOoOzJjuv9{qXatVF;^1XF3w> zNixMfArbY5vo73J(MZF+8_w?3+bi*l{f7MbF4D;d^@Pg|w=LSq*vL)rCfIw}tbL&< zV8PbUT*iEBT88SQXnWB*%I zMD#wUG2UzBJtVjof(#i8FrqH$Mko-tFwgY{TWaDup3(ItDEe9GOK!=8Ow#MzQL;r6H<}>>mXuW l{<^Q{u-cA!Zt1pbyS8h)wrf@G{{;X5|NjLE*X{t40RV6>qGtdA literal 0 HcmV?d00001 diff --git a/assets/hpe-flexvolume-driver/hpe-flexvolume-driver-3.1.000.tgz b/assets/hpe-flexvolume-driver/hpe-flexvolume-driver-3.1.000.tgz new file mode 100644 index 0000000000000000000000000000000000000000..e8b9a12d762d7b74fcde4a41b69efe297900286d GIT binary patch literal 8836 zcmV-~B75B*iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKBhbKAJG;C$w<=%x2=CbJeL*&ZjWdva?%wlm|MB=*{w8o(Es*&z52iX{$cNj{{D-D{r$tA_j(6E^!h&^?7jE_ zdS9dQbx$TF;Xm{q-B!JG|DQZ0Nth&(vP29#fRIQMvq=yVDPs&M>xRfB9aD@3kPZ1mPkSq%=nB*i4lxxjDe?Mg)!j>bHXVZ#V9~B z7$KyJ|3yF($zZ`U4iaZ+OeBiH^L8S}7ZK2zVt&ygAu}3Ya5krkb0B|DCIgsj{?YLD zOw}5I;y|c)QO=64Uy6<`-AT*hp0`tW%nAkD^0*KeMx40q*1xs2x=b{0r(nVcj|jPK zu=sFc-@7d?eQawooOi<1^LA3g$qc2ET_X}+V-gLZ|3CJE{^84@AM`yXxD1yk(TpaZ z8WJUdioZFNEM)Njs0ao11oAlz@q%$V0RLt0WzWywz0+WH!yPdXJ#WV%1EG>w;Gi-V z?-wZ!;C3uLLzoj+#`{))ha8ETN2A3yVjV8@`1uL}gPGg(4%`qbL14&|$joa!(VRho zghlx*&{I|M0-1O7Bcbv=RbBP_JzvipGH2W~{|w;zrBHN_iBt3Gc>q)U^=0>a*wVnA(PbCzL~VMMRWiC>dYWn!h13 zoLVNaw2qura(auQQYSlB)4*%t0f6B#1L$T#BZapZYQ)UY<~Vljh;$A3t}5mLQ*{4o zz*v}8fT4TNF#HZk5`pEr;PTy=P2Q+#1E9&6dEU+ryjE*KE&N=gchz1XnPf8}X-MLDG4O=* zO&cnjV+=s@3_TBEX9uoO)<6giHnIY)qE+h}XOo0+C6~tF!Ve5^wSdPY7K%U?hH2iu zEn6kkb`@o}ZJ<=Zg(OKtc;tD8Bk10;WK1UmJyJ29QF(TLaWw$H)A!4FZ-1%0OOcN+ zSWLsk08UtVjoeCl&kN^updumZ1;;VH9l$R{;A_V9dpimk9kV3C&~R-{bM+N(sZgV* z&5^5Yl%O0yzo!IP(Ch9U=t3MPx>hDSNQCV44R)N)i9}s<0P{5LL_`w(DOB%{*(}W@ z=F)Ef{?Uy5izRUM@oKq$=W>b$VKW;IN4-7veJ8+gjNCW~K!z_y>O=AR_P)UhoTa~I*Bq>6~G9?xMnK32eh>{#JyU~D45N4><+I{Auoc8=@OQgI+W3BzlS(XmK_tzO* z&H8_#o^{`yzdyYSabFB1<^M0sPdxzxPxr@ANiR97~B* zC9M>nQ@^!?F7Rx*juMrMx%rJVD^N9k=#*u(Xbz0SSs4}(d@#-jRq}j}oYM&5PO;x4 zgu{LPlg_TP@tEF%-zkA%66xOt+hZeQNzukQi{l0SGb6EfX97u6-H*Wghz7bYFI5|= zPl^YJBohdN&Cs<#bnnL$<4AzAcC|pjNU7pdS;#+*7Me0A@2*r?rQV1X!{>o_HU{e` zH9)MDC#;uKzoQavXdElEIa5Y6QTDb%-eS8Up;e74vFW&=ZT_*KZ(gRgz(xZQixSd* z)two<+I);1JPW!QD8Z#6nyFmiT6w!Qf+?qo9E1OFqVsRUuR$~IZZqrJephCrGt6o! zS?{PCVm;J$-k4G`8DYHfaO*mLYv)|ro8Q*;4tKyYjY){$|92n!KmDzG{a3TEr{|H+ zI{9z65yo`#aBuKB|8M{2US0kl^q%~`-{t9aI^H!+q5&N1QGQF(`aazZB~ixNpkk() zNnu}U&(i?De5tZg{TlA?y}WvrXZ=H{7VbLQim{v@|5*r!(m4jcF@^p6dsEgLLjELX zBNF=q_;SCSzq9g2sJHf=eqWevzCkn>K^k&k=Xg;F?u;=8_XXq@j zDlla!2aW|(_Lo`tsXJ^w-xn0s60e=C;d}*2U4%>jKo#L|o+De9XzO%?FQE-sL(w|4 z(k%7|@JaRcAB-m8@A?h!%EEAe|M?qY)!-3ngVs>AjdI3?(gw(UZJlb4cc2Y|Tc!n$ zU7kv7SzW*4fq)+q+^W3qKQHI_68@F4n{=iMyuD{iovAk4JdXY! zXF?*sWHDAO06p#`lT*g&zjUNvaQ#vQlyzHegNDG14p(qDvle(3qcGdYB&Aw*ivfJ{ zE&H*}`=9OhQXZdHme64cC~S#2@{#^JLFw-*5h?V)dNW&>skPGtIaTBk5))}wN*EJ5 z+pL9M@Ut{ha_oU^ZQP96R#d+tjM4nsu4$ZOBA41*(U1kd3w~cVdHf zoY+d(+1Xj*LL^N^w_rslMZEjw40}T@0L%`Ejd~zy+73{pCfrP5ti#q!m6;MqZyXo^ z5y6>`>u+Jt=DUIO@;oSlSZ#Ao|J4&$THd1Vs*q|XAVA({ zE5aq=GLMEiif_n5*l(gDEZ(gUegMkYdx!Fd@oOjE1t3a94%-U5*OUwSk;>_Briv|C z9ylob-Ej`dW_x^qW?tWxrSa8K-qd{L}aok9S&1h;KOy&dU&pcA@&H1l? zzB&DH`o{TI#LYQ9$|K#X4kbfs9hWHv6$ndljm|U6!$6k;`kFzMgKEQ%SHOEvh+;#V zbHZabS=Ew`DXbUSz?ad`*fhmr^CZEM}rOAhCNN9nZ+N+Cz*|V_(zI##TNlO}c=~u*B^Nkwj z7bRjk#&8kF=yJi77%_#u`kmmvLzqH`Yzyj<{a6jXK7uu!p<*DcG7mO04sr;u z-yD57zg$^;Sr^JHUtFGlI6FDL{PXOh4&gOtv+4{I7;==q@%hr!_y#E0Q=BUp zP;>lGGwIGR-+z0Yos*{Rs9c?1emFb+4im~brPAl8TbeK7<^$siW=Fh`JWsk||zt&81SDrDQ_PS*c&BIR;8u($JOSBx-A8 zZhxFJsa2C~+h${&kZ@s+z_#>}rLt=e(>}bN2on(vh&6v=>wguHY#OJjZBCWXGNsSpmMKpbLwM4d65s za$z`{S*M-7w7En!R)e>1a;39x1(C&~ZLPXr^3r7yS zm*b?JiXt1CYAZ@@P4Mk;T&Y1fp}Sdy6+_0eL@b2FS+s(y)Jr%ldUa*RC~XP*?-Gnm z@R)^;v{>Sre^$S*@b|WOd({(?l#FOhCB@oa0g05+=U@H(>d&K-w`cGC&(3EO$L!`J z2YV_)5|i4g=Ou6Q8s(wMW0|hfBvxt%?azgLz}d;h1qezpA0zs8y`!e5qn|Ymi*+UD-vr|t2OO4 zDq|b9)us=vY0#C~HK?wpvjR$4tW_OaRl89)+Mv%(DoL0hQga(>IFtsf)rK_-v|4wk@%ESs_nc&}OTX2*8KjSR}8sy$@QdwYfZ zY?BQ=AvsMZCl*L~51pg*t>;y9#TAl{C*19(ej zX^fBwy#uW*$WX@lZf|D{e^b`lpGxrmhY5rCb~bw|qF*)?%x`RpRZ}pNn6` z5FQxv+72?0GDsQE&pf27_?Xq1ORn<%_+lw?LbqwJ6y1jKjkGU=gC9ozas-?(F1(ffR-mzCm88)OwhxdG(009z&gGVta=;LSsU ziv?Q(E~&i13bw7a1{4?e3Y*mY=CE>asWs4a8BlX1W6iDfc;)2j`R30${V!!gc5LQ_ zhw6Z9^uPY$lKt23^$(x)zwhz5;&h}$UK!x|zu2fjvie`XRK)20y}zut1m&i2Kv{Q2 z5;DQ4Gg>I#R#eY*Gs|x+dt0uqr(a@Zc>U71)isOs6JNgAYtN2~q$9P;Q;cVUn0EC= zYNngzrD^x~o#Jm>-SoSbJ_W$f;Y=C3_6OjupXCCb8>Ew|^atQ~e)b!_n{&LKG`|%@ zzZ6**B1RY$s>^EiW7WVxvwHHN0dxh_14hxU{;<(lc`E81mIoW!17+Ru>imO^3XH4* z<&!w22@dvyec$m)=JA*|R5V6R{ayddm;CZWzu)ugGCjXv{{G(o{Fhyjv5xy8rjPJYT-J_kuQEQr@}0Upfg;y@{a|8I>#69X7OV9=i<{o2jS7~GQ`rq3-?EhR_{|7H#Jgxul z^6Wey;fj-(&3ivZ__RHU&p&RPO6<8#JE6V_jdGrHCeOd3^S9UxJD_7fsu23``2+|y|?NqlNMC|~XF+Rn8kCwd;}ycic8b+C(| z5{2h=;Ez;Dj%4OiG`~8yAN2dcI4Eh&y^hI*;1-OikerS(-8~Rlnldgi@;Y!yl28@i z3vN}#6qBnd9ZT2``n_HC|33V95Zs#Es1qh(gk}9*5Qy;U`06Yl@^VtF?SCy%p5%ym zwmhZy8LiLWJu7HF0iJsuc*{7}x|Cm*9jh_c*JVo-(%j6=k_n^9M0FNJH33WpyX5Bdb{Yp)>z2LUn5BmFh#=NB=XM&9- z95sCX;|ebI#gqchlX#(Lc6A%!zrmT&v-O{vlZ;s$vm2ccMlWAAre^7dc~$kg6sq|p z^bUiuiD>K+HW$`YUR*po9l%8n2Wrn9fGdo@&7&JJNU6WPyH5MF>f2X)Dvc<5Lu$p8`5OV6n!EbWfS#7auTBYaYJ}w7X@<8_;3pfC1X}WOYbWv z1|QQUTctc3ZP@eoaJ4oR-H+|+r*@{Dvktd}G} z1&ei#K%F&=h$%)|TnCC(?DZ7)pdeY`d8alerV2h2swBxrD-Rj-yy0-DopKLL^}3vO)XmdcPqkRh zeW=fpsOCM*skHTF4JO00%wkfUphR0Ix3Q|4mWyUXL6hd}0!S2brEMr_<#fbwRV!8# zys3&-0{{8?%3S84!)pUin-IgwlpiW_F)XIqP+9%Szer&;PMJ0uX`)89$bexQ4viSq znR%2UsKi6DE>ohgQY%#z)t-X<5^or~i*{IoB7qVdvx zhoh4ZNAHeLPl8#rz2~GmirFZ)uN_FwA!1>s#=zV=>P*5K4GnH~+I_36lzL7T7%UB$ zZT%^A<=0PL`N#~DdfAM~5;d;{N;L*b!BXm}xf$Q;QsxBx zQ0a?ycJA!#z(sCvCQPF6j*&~E^A)=up$KPs{o0R4ud}`!CpCF)^Q_KXtLm{7xlZ53 zxKhaCMF3ZbfJ7&IcJe<*C<%>)L3XFfapzU^JIhQAe8uW#EW%w#SdO%^Qxm<{o5Q@s z2!12d@z*KD&woGhj*K63WUP_pa{EEQrwi`~{eA!k!L7n0VY0M@|0c5ZKYsdKSN)@1 zB){XL6q90$Cp77@6ceF{8|b4PK`x+js(dwNzN(+ z2kfFUYd(n=aKreul6KnP`XabBzSd$^8((y74%>bBJU_JdFzao9m{X!(h|8{B}BQsco-XHjS4x707(G)v{5q?zBt# ztUASx&8Ai{^&G`ruc9LP>9A@;4y}4JRZ~I0@G|p65vQ8 zy&B1CWCB91PY+axST07Amt>~`R$8sONEsdB;|I8 z=1MuY8!Ci`dAN~XBU&5LKCFe+NQzwzV?Nq(R2=^r7q9ftf7&g6ejWnhlgyZ@%(Rhr zVHoHv{r13yOO?Ej%`HTdd31N|SEx4Gr|$~c3~%iMf@b(=p0l-vjW z$~bJzOJmEvQl@M%GYUd%zg4Z~4{8t7vU;f9m17uQ6kE(6>|Byl&a#PN7@0{5zf|ft zCUiE`TPMtgr(dc3EgKo^Kyt+>_?96B z&&wH?a;BD6;CX*%nb}E?1vAMaS;pZiCgHVasaZnhLi_rr#EN@Gz%h%jg|h4g78$-R zP~8eml(Iq5m{N)aT(gCY1D(w-(}6vg-P$hCWc|K{~y2<>3;$k_iM*5Ci%@AqHS*Z8KToa{FNER@=Xc9LXdLL)FFyu z3^^xSqDQ^AHidouXE-l@3OY+;I;V2sSLj&QsCLY4)`YwjTN#DAQR$>cdxwB zJMUY$EnD`?+~m?Uv{eLiWyyLa+~!NLTVm*3^qr%a$J%X=VD2v|Lin_{Um#%Rg>gcp z$Y)dt%?-Ch*|`rqM>!9;D^Yd|ZHRQ*611m#vn7hgSK=V}y4X*z&c)lYSUbaQ8MB^m z<$?Rhe({G6fLor_SNiq^-Jfz#Uw5%|o8)HfZjP81|F`4ifvLvUBvI}oZW*ZZ)^vAi z7s`hHyn^Kwcl^|8Qhd;Vjl+hH+hMJ@Rs>z-2-OyIL|&Sg!U{xenT*>0^N?M9B^nH&7|tO(f1gQp5_`~%!DM7SHgUz3z> zsEk9mx-;}tVb8wD5jysz*KyIQsM$h^LwcbG@$ueoqRAk3L2q!LVmq7L4qYn7a$(?^?yg|ckrd6(MeTA7^i6W{{WiYPeJL~CrdY+!A=jqw-`F{Zb0RR6VyY(ah Gv;Y9{TY7Q; literal 0 HcmV?d00001 diff --git a/assets/instana-agent/instana-agent-1.0.2900.tgz b/assets/instana-agent/instana-agent-1.0.2900.tgz new file mode 100644 index 0000000000000000000000000000000000000000..2691693f550b1a9bfda8bc763f31d3fa05e40cec GIT binary patch literal 10460 zcmV<2C?nS&iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKD1cH1`A==|nW;K=>PaXyQ(d`V}tR@XYN?U{O-*jkp|PN&ml zK_n!hrT`WIrKm~Hv*cOwWM|<?CtICy*fNp|L^VX75{G^e7*Ol_Tk=M`&D~iy_ate{si_mNkrX~Z~@t$ z_8yF@$lM>~frL;21*U{|JOBbHU_?iL0ELK6mRUVA-4~TJ0Ne4{Z9*pDk&qmvCH@pz>fZ zGp=CBD$R(FXmfvWf6tG}$eTb+1jGa}-tn3MO(2ds;8#lg0mFQN$^UhT@Bq*<_|<&O zYRqsHVL0)Bg%iXp>&)yCca=55NPf!76DY=z_(ROcH8c_Z&8zB0oF*(l zstIfhkFXdg1J!P(Y%5o%8PebmF>h-7Tif6B_y4-L=RNhf`%<2~{-44qL44B_z+(O1 z-rIlms-XW5+lNQb`u{PWEj91}=0J=QQ0)(9V;qc?wgLkL5{^Ou_4fhf2r#5aqOK_w z^b|5o6P|wI0CG+P39#E()UX8{bwC6K z;#Dx?B#OE;!oeKy7zNVQ<6t&c9RkRY3cRL21+M{TRXgA~n!!1jQi^Gqmr+bZ-!U@* zWJq>PtVaQGKM5*_7z{%_5HrSN8gh-)HCVyB4_*nCpb=sYD)(OKpWm zWRkYV767SLC`j2o~H$S&u7-lMdMPkJO(Lp5SUW^%u*eRJ#&fnKxbTp)49~l0mr$P%tX_GU%4D z*Y=NG)fhAScCPed3jF+{cYS2k~&}a#ctIO-llgrmj@fc{;xNbONi}Bp_&aRf> zkWgxPft=4M3zzV6-0S^#d3Cy!7Xz)9m(z>hQf_W#q2&ynUi1ta^*Z5lG-95bCYkQ6 zf|Ye#?9MX^l>CC;!buzf-GBtap2Lc6xkrecL-bxjMUEB*hxw zu0%Bz(s1z^iYdp!=pSh}$k!l-(r8t)(S#;MWG1jN4B-?J;8cDgMH`|)G8$nr0_u+` zifF7Tj1v}9j`)rT6#R~v0c`a$aXg8oNpl$^!pC?h@{_X|Bi+P7lyHFjfal=r|5LebxYUGG96zM8KPoZ|& z#yq7A6Kn5ei+sgvgkXr+S%d;X70R4>mHT=>GfRU2$iS$uvvi53DX{?a0}QV{|Hwa7 zW|6Wa_g@_yc^(_UKuft-YSyc7k58PHlxfrf0s%vEK_y3_`ej>9TC_Mo$3Y-_Y8_Yz zdbx7T0ZTa71yL7Z2r9Lc9(U(MK&a3fiiDuAVfB^VSb}x|OqZG?M5H~0LXdDdS|sFQ z5=FXOp-C*QRRy$isTk9+hk}G*F*oLCEzjLzQHO20UZf2Fj>1%9=Jy`$l)nY8&~FK5 zh=aatIp4CT6+~aM*O&TXhN4KX9;7b+JUArdH%@C6FS zghq6v+OMos@;IJ)*W^Fv$?yN!CgrV*%j>hAFW!m`;8=40^XlmEps@dUbl5(8-v4`y z=iR#|z(ept>WddrdH6r*J>YcfX{X|2IHoRj+A&*(dUn1;a~~9+I&d)Jv;-4sokdx;>FHWIz5{N9%zD=nhvp$f zaYX0JnzZT>lYmN7ULcSVfg?3{NagQrj^3fUnhO?^-_bh~V-!t55|0=R5qS3w_*eQ+ z&%cnBK70VpCPN8FO?^xN{_R;=Hk;|5sq8Y}eD&g|%bP1>teX|Z_h&!tl&Yj1$yWK- z<;B_U#qpc79l(X0y;_CI|2Pte5h(B!Me|+7@&wMEhO&mI;#9IOCmzMVm0LRL3>lpO zIE6TZ0~}#7*X1x7QZ~^`7fRAi&Zm=-JFIN2lh-%B>$9tcvTA}#1a>Q%4wTJmy7T6F#NfD!WHLaiAF#_o!4;kWf5M@YP9(< z?)cvM5Eutp4a6K5a4kHuFD^G05kt`UAKv^Q-Y7uRc-QG|b-#1H&}m*dbc`FS zY+BXCroZS?5gedsX)~*`jasH$nd{%i)f&8)W~w@&ZTxQoG;SOB7+XtDgCtK&8OWbj zUDWm1d@*z4q6*4s{N1~>o4v5doweh^->HL2^wgg3D+Txs^P{m6klGGW6kYioW+myB zj=pLISSso3(;!p!e)1~=U5)$WFa+O8`+I@}455HhXQqCns^|0NU7t=Sl)P4jHOtl3 zTSqou4OfOEO|dI3WBEv(T@5*PA(uvAerOeYP`R=uBG9B2Ez64XI$|Mg4(9n9X28ix zayjGkaZ4$LMJyYQ;oq~BxH%m+tz`WW0w`xy?et(5X1o;w_dd z1&w6Gjq9$Wmp1U?HmZ}{Q`>J3ed_Fgy^>O^{s)HxEQ|lzYkys^|G#b@?myfAkMWpU zgR+Y4ru-Y%i(L(%Tu|2?CSeC?Un|e*k4}1O|L$GtF0f#t0c!fqb_wct1AtLS9Wz}w zYqei)((u81Krjgr5#Uh5k&B%UxQyX%3Gy__g?ZG`8w#%qAdqxb?armsz>=cx!Qj;) zA^~_0eoLsxX_)dvZ<^5veQy1KuyYYKQJ#XTaopRKd85_(iS7(nG(y$7spPF%o*-P+=zdZdt&5x9$iDlFwz%7_W_sA1 zvYFX}C6SIlC6rv5)yvJ*YXi3l8g`Y?NMDQ*jKuhN`C^LLfOo*pjS&)!U%V!OG5$NF zNvvKDpa{l|Up$cQr>9_lr30RV3>YQ$MGoXHXhfK+|7QkR0S9_35K(TxHHaKrKE=mS z9N_>;J3f79;Cl!1-<>$FetshR*kx zh9%}?uMa2@j7AY+PE*rKOo_xNph!4!D{4~ZbPhMjaE|&Eq*e$LS`vrmS6mI3ATgut z4wI1?#x;o6>Om{(oQkgIr*81|#AN+W$1SW(l)EBaVeh3(VXQtE$Wre^ZXl>480j%% zh?39GjfA6IO=TfVrkaa%W6c)Q!u^4#o~53j&-JWe{|zt+<#@ig8Mtiy-+pzJxBvF{ zjt=*p?Z3x(*0uk>)t%wL+6?5$;8zp~WeM7S5BEr571FAXLDty+kmK?S4J9XK6a7At zG3{CQJF03^kWOL?8qNTHo=(2#r&j+fLudly4J3nEw*GG)9v1ySUhO^me>}=lxs7|G z8vhN9|3Evrmdae@v7e7negjDYBLJH*!<6AdS;MvsTDHy@ltlV))?~#{`Dh4F<3%wC zFc6744>SIF+0nj};zI`kN-mI!C#H$8vDm=49HvpW>4$tAH6)>OJR#I(@*pTcoI{3{ z`<^<{*bH-&LGf)Cj&qfdC8nI?L8O8gjV&?65#k`wvf0jY)r5mUwbQmq?E@Jy;3kNT zGPhdH6&Qet{-4jeKodY&h?oz0v91A=}Kpnp-kI;Zd zk#YZYJJqi8d(=HqWnPL=V0(oM)1*;EXUYf3MAsL3`}q(+6&_>|=uQg_NS%NvlNtet z2sY20RONDb*GU?s+@wP&;h3Hj&`FxV$IxJ-yA5>KQ4OJ7f0}qiC_~KvaS8(EA9Xj?e~MAjDj~kWFXCzb)!U z2Q*boF4&g;ZD-bA-qI`Qb};@hrL(1qk_By?*?!OF-WUDU*?;L4>u0zB+F$PC2R z?YE!pzsGngHG!NJoNZ0VIUoy@sftcBo;8_83FDZzQnT_@^{L(;%0WO*s}hFwP}1$Bt2v#Z;)*Jmf!msct= zTCNt*hHDOeKKGBxDOqarYMlSNyf|A5KGU8xP)prEr(Ktj;3Ug(!y=bbmBX=+uw2Jp zB>S_A)9&T@#d3jHq!nFJ;CV!=HE%`w(6z9AfA&)qj=wQF=@dQyv+VjF&CNb-@mYV~ zD?ZAE(|XuP={JzsQzw__(($ zvMiD-wN{o>a>X{w;BTPevXqo-5WB`e&ERj0SexH+9fD1^%e9EMcs512N|w0>(Ko%b zt91xg@HZx9n|X5`DVsc;Yf0JS*`Sn9FM4ar`S$dpx2C8ik`2(D&-uL))!$uTcW+;x z_pZ+_R-`$PWCK*!CI4LAy2+;kU6GGEwCizXsrtw9568Ec-4gaKa2(54#uK%t4%)2) zK!;9xNR!;yrdw9|{i2A@bSMpGC=ks-G8|?_6Ani@eDEJXyir@tV+6x$t{csNPTszI z2SPjrFKmR@QG35);ZsO4y#o%whYxQ+^Pm6h{O{RYEH24qA})t-)Ymh{C~K@TDlSiJ zjn3-HS;f=VOw8(A7m9HwT@ouRwUQ8t`nvimU*9)m0`U)4E=iEi!96aoxf* zqoLGGt>f4UB?7$_dH!OCr#M0*yNB$2oYE+npf_^e$*UJwIvue4sN}d>P_5!uTZ<)R zL9OCfTWbngb8*cnWVN;VoG++Z{OaP2=x7PfVu@UBJXls64_etOyu}4&a8%u+ComXe zf||HE+Fh7P1g)Ba7EW%vz5t3R0}ZHrZn~(^C>5VG3Rp4z>p;tpr^5D2-*Qg=DuKp1%}Znir~D5 z0!l*O0S9|~xk3U@5KTn(-T7MZQq5lHZw*MrV^ZHYoY3Bt6u;E^xKV(n65KnG_WYwo zkb*cVwq!o(|N2zsuLf9!#&#u*PSXDzg|gjBS}q-z-HKMN+$L*Qq>wfppuB5Vo6|bK zdsdf#I=_py;x5>uPsjnCOdtu1v^83TgwF@`ZHteKhD4(olwR=&p%}FH!Jq#OS}=}V z=H8a37B!~i8=Ky~*_7khKL- zPZNPH@H&^qJguZsDr22}#5e@R$sodfj6y&O$iz`rPN_+P?lRJg_K4YB257F%TtEwY8cYs|A{rdeP;@bWNfhFUA|L|4282@#6@I3w>(ztgMs+EvImFw`)z?10-O3J(saXF|JSJKUT5ts`mZ6_Wc#{toGk%pePoyXWQ&n#5v$ikbN{mZIbW5%Gh9bP_>4G2ir=xGl)&ugU}5{B7+# zOC$=vGjCF2q|w)9Xo%l-Ktrxb?5dd|7+#WSp51;_EDjoS?XY_JhFxx~Q-#m@x)>rl zTBl0hvR@ln<$_}olyz+QJjT^c^E$lg61K|MO!by*&E5nPOgg}>_b2de2fR8uIymym z?rTLCHI|TLuC8=cwOJCO4rpA-x5s4OP=1)NF-hLme^25#Qn|BXWWwz0iVnFBVXXfC zU$QW%oBxd;A~Z=ZAG8QqX8#|ykBa$!UL8Hp|Bv#loOZP)-&-#3d96A6ff3M~UQzr9 zj_p;R{P_3BD4OVas}15{jq0XX1e6h&YZ(SeSLz+|)w7>d*#H~J3U>^&r*w*?3q=~&hmv9eBV zc<2AwF`<`~sG5=_X~2RA6XbjTY45ftC_~;BI8g%{{BY6(A!gk3M_9DfznXl{ANRQ zL3^*5|D}DffA}2#^(fC)dONdceti0f`KOPNeERtFare!qkDNw{9I?N=7z+{ePOCMW z&C*lDfKFOFpFT=uAwGQ^QugWN1P6@Tyl9_3iZK+QKI$z3{^{fS^{0=Qv3yT;weZtN z7^i8__@|FU$OU4Ogz(eH5Jh+@{~F`bSpKgrauD-RA2SSt`KOOC5p<$9ERXXTLq3$Dn5Nw*E`5JFq(7B{ZAjYUNf8m%mIxBo}_mJ|D5>^){DWC5Hz#I z(#?#P){gIaTT~_m%A>wIDUuxM18GH^qcjdjp&Ch)^?`bC2@Nm+D@rmoEXIVG)dX0c9D~5DW0~rOq^< zR$nh)`ru6Cnn8U{w7KsL5w0nOBE132q$n6t*73ZT+1*v%%leznJnwImfeGd6CI`lM zB_v_V?WgtBebPJ`4soE`7JNr%Xo}dbly~|1>Hz|((~jg~+w=^|1qTDjwX1^4X;8Y$ zjzM$FJtVoC(p1ucO#ZIma~J4klJ2`)_Ej??7}}c{T*eH;Dmj8gKqpv~3fWur@>lbv zqaW(4v;<-kb*-08+OXu?Ar|48@0}E)O~^5Q3PT}2XGM0^*yySs5JyPmtrwA z!j!-W$l*1GkyId+eZdX6D!uGd+5hdpvlnj-vAO-n_U|l^Y}{O!5SsfU@n|fx`b!-P)^I^%@GcUvBR>63cn~+sicql=Jh-Ed#J{P`M#fo}TVx zPaDH20>|AqyWsrdZ&$~?>#LiS>zk`Hsj-fK?12dlQJUpOYNO-s8>RiN0y3k5+N*{n zF}s$s98nH25~`V}oC!gROHYcP_czSA*tJP*V75__-lT=JmoGl-Izpmgr;Uj z_;7Yg*fRE9HCp8FePIzOLGWAw$g7Th38P#NAzEK9R@ZI+d9^@=PX9v)PY@;M%dy)34p zjQqXIzo<&+sb5eKCsA|{gy|gEGIQYPd`j#III6(tvM1o^{@h9S)EV$+=F4I$vX`ZO z>F0<#SF9g*zDa^Xwi(QoHo@1aD7$kXj8drpCnw!wewW!4z-A* zGjcz$b=WfYa?8ekk*L?03uz@~OHy~Ws`kDbFB|E7-k1o)hA=?I3C*(iIFG}gTpiY- zeQz2}Wkh+=)5l{dbP|PDt!8)ST6U)hsejyk^91Y_(suO=?1drL`xkCDFtrB}$I)Eh zfQ&#)mrU62LI2%{$KtNYUKR@2FA#N-hUW)yVnP??G%WuLC@XcsT7;nA_K%*Z^>PuD zeV3?{V)lWI!#DWbH4uXSQG5T1*h}~DN~%S^loNW(=oY1B^p@dz2%k!|B-qMyQ;a)*;P!%HersVJvF;x9vcFU))2QW_yh03KS-B2Ga_5m%S|ua593 z*((J6_cNkO6GNJoX1%H5Nhbz33qgLxke}9F-qxGg--G_%lTGVRh;gBFUOU0Z(r%X4 z7vvm|$V3{Wt0M&cpMQA@qYRPhf(4Odb0RXujB2)~kYVLYQrJ(cNBC4WXHCYbz9#BS z$IQTtOPi-(*Ta-34t4Ti6avR_Bh5-s+#Gbu7-*ThN=O5Dqo~D^Na9;a!drdYd}~a( zxYd4Ol(aG*me!VmRo-p%Eywv2_UdLh#XOGS9Jte=agRY^dUn5ph=FoemLS|?`Oowy z_R2X1>Nn4#e7**gLt(wmv;9{`kECxZ*sIz^)4NNSr-y8!Ih$ws+$oQ+i&m3aC1=r; z`Mlq5nw~WL!^hiYs*B5WTk*#+QeHK%9DHZb@3k+By3WgZzmDjB8>9TGrdtHG+K|#VR&lIZ=mX7v6 z=cCwLK7GGe7v*Sgq7Vsf3JDa9361CoBc3_nDbrVbMpZ+q*%&t-oGvkx6-=64z@^rL z13E>&yx7XT5}IO+n(DY;s~UR@``&mkoT4d;Xsk?EIov}uNJb+}M%If?c^vS}sm`*) zAVc=zF`5WzM#x4E9e4^|3U26LIQHyd@SoveP>9qmC^nVITZP#OsuLv2`8Hbm)IsWT0p4H>O{(#|MV3pu671Nrrso77%zYJ49UqKR#5vz~>V!D8e z^7_0%T^nux{Pxd3$)VMWaZZ1*|n2JHUL&V(v>%^KQ#!Uz&VvLB8Dne~I8gSbj z=%m0Z(~p?Pr~|l=_FfMnO+wyO6 z7-uY+ zxn#=xec0A6@DF7>A1YkpIe&N9Ld7K8`n+r1!yV=R-Su_X4q!ECjnlZG%4vN2<#vVB z_@ihu6)#-kS^I!5Vm0#>_d%C(j^*mlZvR7uItxOdUB(bebT&^@*QQ@=9CzO|?C(63 z^mPhqvmz;Yk(Z@Yyd8S6plZF&2Pn%ml694shWtNk($BlCSBtaoyw z-ea-u-+3cS3hzFOr0pL)REw0n*B3JC6v^|dud1tH)HpLP<`{D1Vg0#gZB>V>5)u3adodJp_1Lc8gm zU402X#^#n;&||C@{^A}}>#M)4_n5nRzW`yFbUF+B!|6rOUo45mZvD%<#qH@uZ>cb< z%`;_v$(f~*{i!7Mxy&)wJ-%9Qr4o5zUFpv#1eM0bW~_+4%~%nIP=_V_)>;x7%af8# z@r4-^PIy2yx9$~Xi&tPyLACchj1p<-W-PkV1^-cIc8#ZgS)g^7NG}xZMm+spIb=J$ z)q*JP``%ABx!iz`DBSnU7xmgpd<;dUqn=PFrRJ;?6T8phD<@&qk*abtZl|f`Oo!S& zRX!^ybiLU4HV|-7@@x6bJ*v)^-j(3OGK)9*3eg1{-091EO01leGk#KO?RFzDT&P z@_+=`7={V~m(#Yc715wl(`_`EL1jA92^PT!5owvA(8=j)FS<;xm#8@Ht#8Ob|GAFP z1?_y#W_569ZJB?$Y)CAN%c$zb_2>A7178Jv0sWN`78xgXpO+8wWx*Kt;%b#6?kbKK zA8c2IVYn)OK?KHX_R*r~jq)I?iFv_XF}iDq4d$zjocq|=RU&+9SElFZ`FVbxpXXUSRiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKDLciT3yZ+_-qF;Ce&v0IapY$xf}Zg-z+yS=_ioE+Ot&wagp zEkuqatVx0eKsjpS_qV?TfZs(@l$|*3miWPz_+>B{05gNn44~_;ge^JsDO-}*mo|%# z6Uq4SctN;yRwVEr-M5TJqtUa&L;Zg=8dd*~_xGPY8Xu}hp6`#JjvtN2&&K1?BN*Mg z<_;wmlJG~Pd)HNM+#jTnFl3TQ%0e-*09+!8&*qLxr1a6DZ0I7FbVkveKt#9s5K^+>p`h~+J&+6n5|TNBTwwKe3*ab< zeClec!Am+rcjfx%SPQ1OUPu{<$#6KQauH7*mjy%9h!Y~ou(3_lRjj5j-`w0d<}oFf zo5*%qC^3}7IPw|s#BhJKKOT<8L&KQ8KiVJJKASW9;=6C`IVUT7&JjZ=3g=cpXebE{ zk&B6C0|tcp6NosO#lG+O#9NU6omFN580jbX$75?lZwMB17d7cSwtboQp6FWzQO5&v1^-#R4RMIF=B#BrU=zOWLZrku=;wV_OK+G zPhem)|G=`yY^Er$6oHU=cvSeVNd6jAj^0VkX*j=h7wE-44d-X`kY$%o-=Q08XZpvzI7YgIm2pdZ+-Pcf9XGVo$x z0W6Wz*=hna;tR9@FeFnS^Y7QV`j)B-1L+Ir8dvHi^>*Q^%cZ_bj*Y#Vz(9RpFd>Z< z84N6KPhKyPbLyEZpL-JgiA$sYml#Aoktl}eudhxo9r;e)wT=z?f3)uZKYunJ_xk@K z$`woIJ;()-wYC5jM1Yc#L~jpx98N5y4dN-f(g#~R>mnj9e*OMEI2Xo+ch1wRaC-}L zl;C0HvsHkh6kz)>NPPXZm*Dnx@VTY(=P4cL|IZ8bBjm!7(cN6Z4fB70JgUt9{n67= zKmQ-3ynjFZ!a98ykCcvC`IsY-2qddTtyNd>YfOBN zRse}2-5AIE0S$Hiyi|3lh6$LWOJac_Sb#-@LW^KV(f0%pj^NXPN`nf>1r@L}U1{;0 zoL{PEX*dTFp}V_{q!hPhY0+6Gn)GHSp7fc<2Rg~m7dfTB=tfSy&O6EAea&4|;L~Lq zP7n!|a{p$$macBiV8m%CXE6Ayu>UFs6>6s5Z3a!#XET^CP{useof>h~NA-44d)az; zY|+#DrJSL^qzkL_qyti6>*t*GZt?ka3DopPdOv?hlKJ|B>f#5G>{6-~PK}_4e-#rY z>oSW~1~l=i7(cfb>&snB2m9~(v5?3)^YLzQ&?fxna9qKE_Q!`k{{Jw=vTeJBr}HUs z9TLk0;N0HY@87R4 z8E$WFgTHfIjXI0RzQLDCM8D%Kjx?fSLxHqY1h6?~m~`c_MMQ*wI;P1@S345=qlZ2w zALl6bf1e8TAtF*EHa5hOm%ebLFMcGphC&h?&$Fio75#rO9zE^#|3j3!tNw4yP^h&4 z(A@-pwgL6HQOODlVPe(fYKES|XnQ3tg!#mZ|&_`I5SLl zWmbQ(_)5NOVw$PiIzEkd>M;Lv;O>smzzy^N`SbC(>i_K@?DzBkAxd%nlPD7TR6ohO z{mxT7M>*8&={U>*d@@BpG0Y^2T0(#735`-sV4w&VK#XLznkz{Y;r4cr1Oau$$y-(Q zSwFHsP9>RFpGju2eoRE@n$VgF3>uDgH1K7i2}vXFD6&rMa?}Ya!iY6l_9qvQmC7-+ z()trd3%#m}U*h@xT;Hv0I(ARTE>e%B-K05Uc_vIAMct6#k_TK(oV6_E1hBci9ln1L zH1zOYdb3$z0~qA6$^dR}Ck2v{%!@)yYJF3P>=qt2*iIhyg%9v+%p{g6V7ROXrISRh zw=aG^J%3vlZ!T3Mm)ED^vP?9ma&h|I+2z&6e{UpHkX9|Bqmx%>mzQU+&wqaP{ngQx z`f&XE{M)nd8YypQzk^s3NyB-Tg5a`nM&~itF2e?v-X6U?JNX1mEs0OPZP_|MdUbmF z=IHqJld%BZZ# z%7 ze*nq;n*=_5fKVxcP{LO^ku~L9sX9$J%pV}7ghTT}Qp4Iy-KsR!RZQwRs57b?464Zn zEUK1beqd3j`NGL>mHRz`FJ3VZCono3jhfl3TH7{DYbMSs5*692S$67oo5oCma557c z8Glw{e66cX7pgX9lT=GJ9qx~s1%BUYamV$42mGgM3bsapHs*gHj4Jrg{=xoXkN-SG zDd9g}Ky?Ol;uuvR;3-OyfL62~Q5_Yn}`4em#BRU@n>joENurk+c_i9^rF z2^`PA{@P#w#t>%d-1nb#Wz*UX*it1j{=9A=mTEMgZOZKB*j^8YSpYLa{g`9wO@2$L zpNUw#vkVf!v9KIyGx1ZMFkX$2H3jE1x}FS;?BV5De=xEs-Z;KEJ-RwgzI^}YB>l1$ zd8>~<3hLqMY^FhTIA10j6yecUyxEo=Vyd2*P|0PdzF%1N{J21un!#*$eh;NElTT~ zlkB#}XSS%u8kviOK^8Wt7@(37S~o-H_Q~nX)2q`gan-R z7Io17W}$MAouHfYKla!3|LEYL&;NgrQrSwMrYoo(|43oqHTb5Bl9VeoAzw%2*ZALi z{(bJ!VgA>y5Pq(4---d9PB@>uK%Au?f3sZOj*nSB@xAU5<_iv>z%*jSV$IJ zB&PKQHI!L(`zi;En9w_CzK`6VW9VGRQ=G=s_fT&w&yIjtj+_H$WPwRUr7XOn0SZZi zXaZsE=N?eq0IXlkrU?MV^E98tf5T}gksmWZ4#H$*{9l)^&rPt+Q7n$Kh*#RR~ z?lu-r6e->{s!Qly7PW*)etO8Iay$w&^Y5)xbW*J2ve2|gIO^#lnKWy*12-InWE{`S zK2Z|aH}~wy%?i!ANx^FZ612KEL%HC08#-Q)j|P7xgNw~GktcB&UAEif}>(lELiM&YOXJlOW^3Tc}RcDC=0WT z4ndoia?D&$$&mPFMX?7Y^dKNB;Hc_=I4n?0PA7p^j3dx+#!Bbzq-x7$K@f*ju7+Cq z&}l3g7ef!1=nn;*+l0FdD$$iO$03QRtr-u^qzb&pS@%CFa9SDurs$#FD0elk^=U)N zYli<^yy}vY%EjsBRkmi)T~L;}mUjM{$OW$iMZ+0#({VG-0!=XkFiuGOZ(lg$Rs8pr)MJnB7RRz>cFOkdvbV0w!cG>(uTj@;6jgPopWe9$~IG z1qlfv4ipnNNaqVF_JBI*=6RbiwR`dA_lvKA8GZ={(TJ7M^zfzo+YCL<3-2(#GxH2ws@dQita3`u9jd4*r;2Kw&P~uZ}c)xqkn{th{ z&PH8XGvd0hG>=*mT9a-gKQKEPe2Ut)?f6cutJzkHr`B~TrFLFq4!!BvC&F})nkx$$ zb#A9*dUWZjlCF?+q%LF6oM>_uHhU%2a?a#gxCf{2s89y~grPWRQh#;eJ88z?%MGfc zz~Z)oZ94m|zEn*S;he0LIEw2o;lNqDBULS|aANFPsNAtcEPC~95{7kEohb&f&&&4RiM z?YDO(Iz!gfBl>V(b!CoRxx+LS0`1Ny$H*rxdf;iN(=6bL#5r{#Kt4ya3%%>; z?`%*^*?O|1uXG)YsY~63B^@E|^jyuxsdjcNEA{q=yR=O^9N+3AoIba&VGfe&eU0AN zXezz0k(S=q=zWde*XVtXKaj7{k*L8_wt#hhFgRBg$I*^W8Z9b8HXB-0J-~bqs5$VE zlW>kOw#TDU`^cIx9uPTEqx@jMgG`dy(D>x$@n9Dav6hF7Y@5;A%{{cKv+s6he6^JN zH_>t#L|p>E*Fp)6jZ08xu9Ulk03{Gvf;MS@dueROgh5PXuaROJ8}WdJ339E*j?@o9x9a~rWb?jQ{*RdU0?ANin^y}Du z9lNpg>)4uyd(6D|HCjsVYpj*t*XVtX-q+}Tjn>lp8Z{4pG|YT6xlQ7+*MYWH1h|o< z*4q*D?vPR+F|Q?~-hi4evwh~8UstGMO3fHWCPDHA2@F=d2fwipO{TM&W*S*#a)Deu zz9V*PGgbR6{o2xJ>GxUsNhxOOFNiSX(ip<#r2T?+Pzva8t^9tboP9M2lfk0*_2nIJ z+T|tTNc7&6ThpSw3qPPoJP$pHklSYHF__Wh=LRdIJ!yX<*^YViWhS=>T@<4$B?Vp0 zs^4G>v;O;(S@nA5RX*LNb3>1kb=$8o@)fWp@_c2IZF=mo2+_8O3UGWGk9YU`823*_z}!-m-?H zd>l3t7IPqCE3)RagpUbE!1jOy+;v=T3rxV4-~?;|P{6hz1#Amcz}D@p`B9(tQao#B zTWhp+53YMVhE?O}1SC>g;=MA>df?x7wWEY`pM#r~ox~mc&;M zh)LT@mTHRAs=wBCe%~zA@?05Tv&^Fc2G_V6?5*jM!C5%yN;Umu^peiVJRcVND;Vf| zgRT?1&RyKb5xfH^*XiN>T*NI`6Zwl7zLGAC*UnmO|YIgf*n7jfKb4tLi@GD%>2(ZyY@tnm}HFgc=UiaEUK!A`o; zZC-olg>julS$aK`)Xr$+>tD4Z?5bYVwC3^%NWskvx64OVml=GsKwfGo70IbCIs(Dt zFjV!jFoE?tkyL8NoZyqdB*yL6t=7JO-b)=*9U%oU^|4Ax&Lj(yNu;i%NSu}ndR-+; zvo<<#swY8_IVyBd65nSxU9?Z^p*beX4z* zYF|jT*Do2(w>js&dCcfs{H{6o@WTT2jA{YcR2K!YFKLtqtc79CH_Jzps3a=rY}<|i z;x4MwMAxGO+CppOB+Np5Kgq3E>&oUn!X#EjKMsU{lAKhQfhIaQv7?NouZDv%S*ccQ zi@C1ZUxUglF%6K+=@P@-2=9p9-A!ptvZL#m) zLNgBzH5zy=p3KB&9oRyYZf;FC9CV8?!W}{gK%3QxDcgh(9&GzWhmgTGX>Oat1zp#F zcTIV04FL2xkFBLU*#GaB`q%>Q|4wrt?+ofcWa?uZkiTWL3pRoH_e=oXlmywCW&?O% z56E|>S_jYZ&t_yk_>z(z*^ejQrx(!`D6dlgpi z20FC?@3oM62eS2``@P($&ZD#AgIyu??cwtdxddB4=P5A0f#S!2%{ytt&NHo>hUg5F ze+r0vOL)A?vK(rc=55fpSqX0-*&P-yu7)=?zbhnOTn}%GOm%|8*TL@Y(Uh&A@J^$( z3-a0p{=PS;x-oe@l=Q9%?8R~2ki}lhGg&g~K@`g*m3Qk*_FAfcs_gcX=v!0V+ac|} zJEXWbQcR}h9a7wzNhYc9cS><@q^eWj@0Q}eamH7NP;+0UdG3uQH|M{%oei|O!z(% zzR!g3GvQ6?GvWJ8_&yW9&xG$Y;nzx^317=@p9$Y*!uOf*dFeCZ%cakR?=#_BN}mb; zX)@s(Z)xS>YVZEiWf4{zQJOdU37v+lq09W$!tW)R-$4+P_&%l??`yoeek>$%I8Vp1 zq0BfOn>+e@)HBcdjpzp zw-2<4NQpe0!2jL(pD#byyZ_wT`Eg|b$4_7G{EwqQe6jn_-4E%PFL!r$c7A;E>bt8q zr$5o%4?l)+aBaSQ*!dApf9gnNclV!vS!3m$eH~AchbU3lG?X^uw&8jLlCPyZoWsA^bj`179O)iLK3gfrq3_{O)x#ALckATr zrS5&XKtFg}yC^U5^PkycuwXh}J*hMA>ok!)F|o;td_{uwoMASDtG6$7-QX?=U&9;P z*+njDLRuw$pPXRCQQK+5JS1;Dsl3&Ofl2E7$TRgU?|apNm&C||z*CyX0K znuTtuVzLhL$eyNtQCvlhL}|H zgaLJp7ZC{Iq!mD+1`i_)YqBd?Xb4W^=3n}))>*Q%Yq8H$~mF}h?GQc7nUsLRrO*msHd4r zeuk~Ed0KLvto8RSzOje18M^Wx5Q{V+vjry2A`E{|KmB7Jz-vzsF!j}|>XIN%^@Ewq zmGG~dWoRfdXkObfNQ0;A2aRuBAR&?yUkkb&AW7+6mQ+aDorcvepAZL1zg*Z1krpXjb0|ru`d!i#!BiJ!{!88caqePJv$3VF!& zl@}83pB=UgnP%@?v)W;tXrQsI49x<)q6sr|*q8{`_)FY{6q-WlGF61>aA~0WFE!Q( zaGdLTWah{nX3<8svBnAF)TivN8h%Gn)CCFE;OFszaM=n7uCZ8$E81&8E^9+;gd{R9 z>4vgK$eZ&@yWad#zmNo0lb^Jm3gk=lG%-EH*Iz4C(B!lzjYDhQ$5zCI2zkXxDDD=&$L|f^unrFh;_sP`9##LSGSP4)FGOw*Xpy5jl=W;QD(Y9nc60t2peP&{k zm$B=j5VN@MOb{Es*ZUhbJrvST#F8pcIj?n3(%PEuUnqm)QorSqjF+ZIS_Qd2(9_Z^ z$iWqlYcoM?7<@~7(Qxnk@H%8Sbvfdjwau0tO(i8h{jGMzZ6`shhMT5G>hE2kk3`_N zg!&CnoN=D?n3^)%HFZPW61}AQZPY+OLOMfHyV_}$x>}KM`BDpHp!sgl`djJoTp6}& z@XDn$q6N!w{!NR^HZ3(bl;@)~c0tt%$+*&A=1M+Wi0fh`(bG_a;qjV=-UJ3_@JD{k ziJyEesBrl4C(BSp?`_J5y7;IspQK!WC2Zq;ES250Q=e)mF^KdogyB-Hi}aau_6<%K zj9u&SZ}&PzqtWQu;i3LN8jY&|$NPt)N8>~F$n*X2)A6Ix{{FM^^G7iHlnqZyEF|HN zM)$6(+PFVRArVa#4-hY)I@Oiqoa)?f%0lP*D~+!%$5WJKY?*2NHX9Q^m?3do1YE5& z=&WYGQ6TT%Lpq{h&@|{A_3Qu~xV^R4N1a^)b*<#8m{>NrKE+TP9*nke$v1K6DYxu+ z{`J?H@}haXe;dALvF{gnOBqTi76_V*0!7tH%#o9!t#F$jJQ5M*)uj^)OLdyhHf8p5 zT)Yuv9`TG&Kj!#``P5xaK$+W2%<7$GkO_~4jv?VtW`Q}C)u?q6(eF5mqeMB|P^hZ( z4nRIcvWF9MVB}N0aeQ%lbak41`TosG`lS*}EmfDaOqnb}Jv6YQn7}y;vDf>bxOC9} zmC?SX^53lgN6!wQSM~q+u-E?&Qi}S2nQHgTM6cadjc-(!-BhJt*wjLz=x()J1s8h) zgKBkfdpod1gs!S4Vq9h#N`0BY;bEG%B?+ISe50@ahq)|D2{)gT#ZT7%jq~4GpdT2_ z^uBd$n*UD^$L0Ayes(ZE?C1YOl*jPKoL3~oU&NJ*~zJ}oQN~Ma(1YP zWN4n_>|fSn1IrppuYWi{y}10nJ1~v&|K-{7>G|d9$Eah|{2x8vugw3a<7dzM`Tr2* zF}(4Kiwov^$g`a*FR6>6K%g_YLGaL}=G^j#vnACVkb2Mj-=j3n|BKV3lUJus;N8ED zP595#XNT4Kf7tu~4^tk)i?4)Th`iZpPKBjyeKE$Wb3oKuJvl*YhVIJstD!siM%&Zj z1-fjBd0Tlb-*^;^qPr6tp(s0GY@~6Sk^DU{4ynCVLjH# z^Lj%~g380brN5?BZCk%p`Hp&ctC%aQ8*S zTY1})YzruXdZur)ke!xaoPHa6=wp&(VFZ~<3_6J{eciOnwxgKOu}v~r&B;5a$&Z!e zSOg-itJf#5CvfC>5HTV2Mut+WfQF?_QJ;Ix7fYl5CsAZ`Bwm2`wgDUT|NiLd+WPP5 z_-U{IAEG=isafU!<$BYyerz%hKkcMh*cn#5o1Ed3O?3|iorfkH)~IzWRSm^Dj|yqL zFH@W1SifWQQ?xx3%PLu(iDi`y&+{*>Zf2*!=xj1MMSC;Z&fu7?n^Kmg8_Zc8dT{mj zRWd-c(W~$8L8Q?_m@(gHH!wx@*Qeq2#7d{B$6S%ebqaeYhOsCGpoR%$8qSNCe^*AU aFMa7tU;1+I^8W(>0RR8Sdljt!A^`xdJy9|M literal 0 HcmV?d00001 diff --git a/assets/k8s-triliovault-operator/k8s-triliovault-operator-v2.0.200.tgz b/assets/k8s-triliovault-operator/k8s-triliovault-operator-v2.0.200.tgz new file mode 100644 index 0000000000000000000000000000000000000000..89e8d7b126ecd9de12eb656496d503a2b5baab86 GIT binary patch literal 12362 zcmeIZLv$u#8?7CiZ_=@yj&0kv?WAMdwryJ-b!^*7$2L29PrmP9t@Drn;i*Bbeb;^_ zwVoQ(wQCn)Gz>b(e-0ou2#t}XGNXy49J{P17n?DQI-{uyo0YZ-7rTPGI=h^Pt+kQ8 zsi&%v1D~XstsTgvuZ{a=Ta%^0g~pWYvsR;yN*X@LmD0;WXWV9T^3ZtGwoC2e_M$Ku znNc=`CP+$gSx4_DJ?|?zVZn#xhMbQiEdUQ8AhX|)pzkStAUP)_q*f6i9Y35wI{w;! z25{ukFQ)o9Y%^odl+7a`yZ}-rOFaPx2L~DWxp?#N0%#mb9sHL7^bcj(7lr7YzL*uIE+1h|ywl6;6iInBm92hC+wT znX$eY_!;!PA^?2W=ZIIh`NxCo?Ci$MGN>bpXCHC$vU{RPkuWgFU#wi*ycu`|SS{Vf zp`BFyM9-6oZ8;-aZLE5E=*AVDXcgVblQ2~G!8Ck zMq~R8GO`4|GqL7?Z;g<{`iq+9HAV9LjoggLnHJ6w5H1uJ!@UW_WehmJSX^B7;qSzY zeFzjuk%%v#B31$A+4m3%IlQ30{A=2M+mU2JCEN?>y!{}Di;V9nKA_Aely?&^PO8632}N&4z}oI6+M7pXME$Qns}>N69^TJEf4TM>VHg>q2_dfqoY?2Z8e z5{?mM7|kNQerhB+fPH zyty+;CPC)GKM4JcKl39J zf8IaolsR*DoM-LM=~o8S+fAbQzZ4TPrh=LuttVQ846txd_CFNyE@omRc1^(bR@18x zmzh9WE{jDCQD_HlNivP(8;1rE`g8s=q6Bb;C5Vb<^_1!YK)ae-3GysX(yQnT;Zc~L zU*2L;2HJSFP4f`t-k5RoTI5Y2%kSXDkj@x7lNWoBl1(r9rd3q?RIaR03kQU$XC1<9 z&a50DOynza250^=I?IO;=CPP&CDw#B#ReO=Fhn15h;xktWk6=E@ z)oNz1AWDL3FJc$lhu_okXa!lD@7SsE>~e+d6fQpU&+ z4mIq4;v4u=FJ1e)a&}U%W(-skN5Et3D}|85C5SFgeZ7A9N^|FC4ZIFQ-+aDL(+!3r z=QZv-DJX46P!=|-6lM5KY5^|fx}hQG4vL6V4yM|)D%)Zb8N1#yea~#fgn`(9Q8ooI zHP3+}BvXV;Nngsq)FGj_{#ZW`2}^vKNK@s0`eBpee>|2;NOz;01k~2;IA~AiCyTk( zBL5B$%->F5%tv+$ACrLs(=doIdXGBL+*iH%0+nMx%JAg=uXiFd?|EP=ap=Ymkgar( zIUB*A?TQvS%>~@bUWQv;w)7@%_;b>LX|W4GRQyQOXNF6e9^=dr1||bk!u(f$nTn~6 z_H2fC9q>iTz+F;Dq z;zfDmjpGrCvfyomVh=k;Uq~#^saH{7QUySgh8?Lt47s85`>f6HYHl`vR$2S5sHJ6~ zMPe*-rzN|xp_=S^Bnw~a#QzX1SxQO|rC*b`kz(NZUM739`Cp@_9>1Dh<_ z?-zXN1P7hNDx=0J-fx3bS5D*^wAt7YSBFHK01gMukMpkEX%b|mXy5)^s9`NH z-iXvAwS5Hk@Z%WzT;M8X7mI!|x#jKnT^xbty|~44(ESKIfRIv!GfTE;;sHitLjm}2 zZ=Ock>Lnc_8cH%eHUNnd8&5cr*Uo5LSyTwAlA&uwoXUr_`|Z4|I=Q+zU)~_!|KVd( zJnpJ|PCQanSxH5lEoNq%WKTQ1PVC@neDY-W8ZYq&oYWj<>dow*ulm*c@0<5@yL+h+T6~NyT7QhrCsPK0 z-Uvxs0SQG#D+FrORGC0$8bm7{|E88k-XKclq@|tnG{Cr>l0R3rHDr#-1qUW3^S^Ny z3PqIv>U`bYog$d4IjF?j-ieqm!2XTRt{NHZRL>J3LzmUdH_*LY*nWn94LXGiix#J{ ze2*(SU>mW_Q9Xu)S8OH`eV1R^YCb5kaF{c{q9%i*b+lagH5emzH+(j{KE9m!dAFTy zaTbp_E0YU6Q{WD#ib=Pu&Xn!F%$d!?zRFt8@{~JSVYMMtJMl2d<2degBh(T&=xtxZ zmDa{v@h?`}Awer)`Fj6t4b11|!r2!fEKvpAE4!y=-SIHLJ6!VX9oFcMdcf72Jjw(? zTRFxL2Lf$Ylk%;HypkgbF`4NSYWYi2nvVqedkqrq{ zQRRZkj2g-3Fb(=wQuu;YFsyl0K7+8S8Tn0&krm4^!1w#7j>hizW$0&bd@!G+QtEi8 z>E?`dT^}3K^f{%r)&QlvP@l7AEKI}WUY)|zf{Mo3inDmE>J2eQtECihc0BlT&Y6;W zs=f}!o9>B8xT#RseoJMp*54dthGXT7zv`Jov0N1B@Taz80VM6GW zQ0_W$NI?om+~KtR!JcR{)gIMZ{-}5W`ynFDs!g6JlVq#vv+F;|qB3e2&;=Xi*HOH;fzruf zg-7tZO8k+LWkU@Y%jQFff=DE6^H;MK43@618FuP6$`K)CMvHn_Ak~&Xx+nzD!9RB& zIRzO1%?Wc07Y-dn%RBT*p176{I|@xjktd#u^Cvn;0{e=WeouQZvBeU}G81$dZPHuGbWVLNqDP=MDo7dI@vKT+4bstQwi9Lnmj8=(}G0sqoqLq{XV_Y|w zDp_-cWFpt2U=vf0wG=Xo?I2??6L0yiC=$H9pFP)qC*c{7iv-EkR90G|f9BWTAZw*TRf~u{II^d1_4@G~j|ZZ*MAx z$UB;I@K>t{W{=tC^s6j%FqTCYqZy8|s)=Efj%9L9mYf|0c&(d*QRC$cv=};OUN4?+w zHdD#F;1r+V*&>QsS7)c)=a9p*&~vtoHFYcwUAQV)b-94@n4`EaxT>*bqFYH(HxQu|C{A7bD!sz8o2qxd)=iiKsRZaIoD!n+KA6=qSC@$En-NCv|S`s zNrCDwRoVrfQzC%uIB^grfS3$z+2&1xgj^!Bg%u8MZCOu_nlJ%nic(tXS0TE}#Gyr4 zw=dQf546>kd0;_T@7ihA#vdvzm1`%ZCC)wwa&YvJ(Sa}%w`<&=F*ZOHhmjK^)C0I)o_4p#|YwtoZh-3 z!sC>cEZdv*`392{6r8xqp!TTSSC!C_9nJ88+m>`?FXlSbpzNcGQJIY6e9{o#8%^pI zK$AtO)7?8-7+^|u?(#u^lE3K7X`%e-{u~EWD#>f2nZr`)AGfDddDa9ymY!=|K3Dja zZ1mQ1q?)5Bm{Z(})3<-E6tm}nztKsxd_^DKG1!cTgPfAgKB%-@W*ln zm`??Rky!t8QZ<0Wx10-v!iRyvujuNOVaNr=rBP)FUV9l)*K7^2Dy4b4OqJEkX$wqavgu*0xU z=enQ>q`3I1w=o0MwX;=8g!Dz0`!&s)YN*Kvi%Zk(rV;AS`KzpJ`qnRKgp&}|= zd2TZQM7JhzE)Xz`Jo#IrkQubU@7=$g6pFim>*R19Ejoo%~&WqDp%F)uM)0* zkT0T~{C3PI|1m^wuF=_1S3!ODB$izcsf$^79`_SggzatQt|_u4c@*-|qcjfrz=~F> z@a_T|I6wZ6g^gJQsV;;Dqd9?YW!Q7BNvO+())s;!Q;TnFSin&~bFH5vG0n(eM?cKh zQwIC_Xz)*W&`SdY;eS=x$NI}ru!HejVAJ@fd>@Nu@txs8&FZYhY?ZlqvhWAM#j zeayZuer1h4I2oOTpt%N<#uDpRXe(DOhPPm~%zH&DlKBAc{<65Ee5vw(eVC$Ty zxMlC3L#@pQtC4;>^oQn`XU%L&=7sjb3djk*vLX$so-l7&5e3}jRT}D;R65aKfgwqD zRy5J5wq5QUBTf*@Mq_2U4jGAFNTTznOSaPIuq~z@8?2O1B{FK#&*kA6C4Vr;E94W| zbg7Pa8yKE0ee7ecTbb@adZefUmmQuY=t3h9YxP_hN@;H0Ym4jRg9=?=?`*StZJw|&%a*SHy;m~ z_n8_=gIVhsxyb#j(sc^^{g88wMYt7)FyX=}KFD@?>dtc=V^9wEqGH$1Y{9KQI}>zy zvoI|%ZL3(R6p%Jcb1}rZd{588#%{AR zy%N2Z-1|O8V>L)=@Vj#L2Tyow^M**DIVZ<7R73Xl{bmiar;)D2a~g=ER5yb3pBIfT zLwBJZsQq+m5;jDOm6@E8t;3ONz=N`XWW$N5l|PCCl^Pw3b!=grU@8%_MTk~%;(Fcb zp9?-2euHa~1RVb-RD1TIbfrn%b1CbdrQ!p_u)rltiKe``J=tb)P@yOFX=*qTw*!iN zFU8Jk`@JWu=66|)j*bV@#3-q2S=D0PA!-_WhIXewUY|MJ=*S!V{nEX!t#XE$EkH?q6=WSndI6Qv~$j<&Pd?TBh(vwa{uj8m{iBkM78vk=q1y zflHUWun+cIU~zyp=={!!Oal9WcSq1iR$v!4Qo)MHocSBa`=flpwK;HKzsDP;Q}%0l z+lx|^(is>=-HUc0SiDWrO@OTkGLUUnq>Fk7c{e}WXsF1|Jq>)ku%@p_Yz2maD>S3MWx?bBurG_{eSz)58tC5HZz%h zDzOstUyd>6R|Id)g@d4gj5?&CTxVOzP<^ ze+F&TpZ{E#WWV{3q1a3tMXX^wmWt&>&OMPp!*nQpX!hSJOgHksh9!eYov6gqw=PEL z0DNohZ|9BqQ2M`92pyq9o#>Ao-x;~ECQ$19#O zU1Lvu#}=^>)H4+~(B+>>o4(qn;aWYtuDHd$iUPBkz ze^szjmgo@$QdVj=B2R`-B?1J~HhJmBYZi~BwDUx!gh|`_Y7#y&ekv^PG(tMvST^rk z4!OUTN24*PFrO_mssG~C^BpudWq&wWbEsGLE^|gZN@AE|SSt`JSk`IYoLHIvQ}aOd z^ikg>XC)H1sxK&FeJQ)x*MZ`6CUPBX9i9C()oAYthj}KEZ92baqVObSgV?7VL->N8 zY!nO=kmpt`t^^{#527my=3{FN+J=hQAcUY!1)-JJ(rDE~sssRy(lnM;wt6!cHE%K4)#9j;#X6zd0wI~Z@!7a7d{{{ETt_=f@OBdV6pd0-=g6HPL{Ej zJ@RlNA?K_r6U_X*u*;&L0(72pGhkmFKDV*%qDtJI9t4&BxsHhX@_fy8yJbJt*<3{6 zj=y`p^6?+qRT`HC1xyQ5U7fS573>xj;%YRn?BHX)3$jn(Qtd<0dfxZ~$km%;*T}`z zwtcWj3r+F5Rw}B(c^NywZM|&(dbD{6&Y^7b*-(`_ZeZCCJ&xretM(?6lSYlCRfz$Q zc-WfY;4{*acmR4Z*NmT(B4?OIDETa}b%>3?&M$+V1jbub4)|JBFrth?RQ&o?n0X0S zG(Il!3{n~*ab17_EGqPHIs6FjA~(+oG3BDnB?}I#wVTjZ1K=XHL!D$i8*6OX|%v z>WR?49LMefJU8&NKUNTxgJ~}#w*na~a&G7hvMn`c%}c&SPaT{a4s3yXpIR(=N+IAu zWJs&t6m2}Q4fZ4n!b$y$2kIo&iyLec@+lAMHzzX2i?(+(C5Gt>>Y3{q*}A_YdjH;E z0y3$M`g_qoiT`>OdQSbCO~X4bkY1@$`~LpcqZZ-`80AA~E|(cH3x{ojTKDoUYu^J@ zchhUeN+9)M0LDv5j3%7OZ=PvtyB}meBVBhkREo{N^G+mIPC9aS0UEaX8WQStF`SfD zBwR$meH7`>#}f@QYa(DuFBnr>aos-Lsg4YwHwFuolF8#~qX(Np0)u2f}oA{IEJSW}Ivq z=U7|ZWs)+Rf3J1#N{H2mgL54esc?4vB4-K#IrMm1t8qjbpY^>xzn+UgK3*$DYZ%hH!k z?o#>_M+Akz?ecK?;Zo!CurOn(uFI@AS9opdXRVSOsCsltzcderq>zF*n+D?95CKn( z$!}GY39+jF*O)rS^nwTNnq zOk8zPxc+=8XK(pnh{2LO`Tk}3$(2cNjp>T=_XiR(gqBCdy9`Mq16mxiqAYJL_i_tc zT#!U2@wFpjsa?VYTcOY!-?aWLhVjEqKma{2WMCJL=Pt$hkm9b!=>pxwIaB9 z1^=;%13hQ-RAUS)V@D!IM7S*h2}M$7TUr@~TkY?>?`Mxkj^30p>;zq2DP&NE?0h=U zoeR{uB(xlA#STvS<#9=BJi2jLVL1AKW=`Y<*Mhwwu_t@%x#v|C!xpNN_8eO+re!s= zKW);#QXoC5gFRa}TmC8P)12ZwlQY>w+`KmvA#2u9()O^Y<}7%w^^labfP z6sRXxBFc}EHO`B{f%lS|hK6>&8;PZu*4nd~XySnMfB@+{(Em?TKbE9SPRZW0@^H}_ zZgSCxCj7QjF^c-d7v`q+p-`b|>%=J?f3{(4atdNrz&;LXgLd%}Xu& zBquhJMe#NGkjvmBaUuI0&aTll0A$6uC2Dd&`1E`@R4^GRRl5gAchA zxSlna2(33^b_v>=1g&?F{7=2}@c8J+3{g1rRLL}1-dnI`;_sKZaoiB^@tW6aju@S0 z^90y~^!|%Ew>xrz$o>l<$K5-wFX+%{0eEIL)&GhQzB7dL$^XFXH^KH7fV*nApB?$; zO}&5S=1=L!{(c81n9g4Rp;P@yEq`>yo6tTJtwZ~XeAqgA-PU*cJ>y?sjD61T)8+r( z1ncy{V5sE@YX2(OX7`s}MeR1%#UcJClK)bBtj6Z@P4nY=r`}W@n#Ln>cT|$TfeU`l zehZA6yJ{&70(+v%{qF#R`lUN1XR?aB3$f6}(j58n&L)X=^b?`UFkVlYa04=y>hP{t z${89oo>z(m=F7>=$p!`o>cKxgYv~%d1plG*Z?&2t@czf=Rt|w%QT;m}DMjE;FbV$- zP|}2;aa;<7pslO_Ii3p61n3F6A*Z!lHC#5-wHK@?75?hbtZzxmfTYtRA5qQ0&)p92 zb)(VnlI4hM;Jdxi5Wo8qx1u3iZMVYRs;{>D!y9paSwvm>6AM|3T0}icM|}d&dd83y zbTv;Ns!}zf1(tdN*L%)*sL`xJz$hV>SWW&jmn}Ov{7laff0WbXz$d-(2@{6{84e6j zFs8#oGO<5rO-5jXPgld41RQH+j#zAU$t75p$R**dJcGfKZ!V}~kgmDiw8S34cx@T4ITKY;ZZ2mhd4bX8due!Q8!1F=Zu`P) zDkvL71GX0VB7QNr69;YjM(`1{6Qs5o*>uvV!oQF_L#*4@jLR|d3E7)91lq;0H}L7b zaO?;=fFnIJ?+f~iAU$#%_hInecy5wxosWpE*~{M?9gF?W-^ASGcQ6d$Z)fBdS!!o{ z?ueYnzQ3wl2(z2cj9cDzFb}D%QehSzS(wgbb-j)eq8fSE`CQjZ0GCTK0ZA@s^5C`xWL6P zBrNSZ$Ea)P8Q`Og-rDkPk{l*`fu8)~$nJ{-OIn5iOWKx#CjMw4F5PAk*TN0IkONqq zLiLpst!Yhl#OuS1+wNwyj5W)1HD7z$P6Rl%sg+h9?btA_GZ>3S@~@H~+3Bi2gL zs<7+lE$lemo<&2wpG?AG=Bp7U`)0Tr4MnA~wZmy7Yd}GSG z#QMW+JXAyWJ>b|DPKMfqiH~#45g*MBh0y@-HRg>o?Jb^5i%ge+78IRFnaHYFp8k-AJrqsvaP0GE9>F=2z&%Vi{o+6?Lc3NJ+`Fd&fQd=_1E_5pb(r#7; zQe+3O-DVHET}6k4re_Z8Zlm1ftF(c*CDSCW2sOCstsY80w$UYGyH?f9Y}7l*;Ty59 z>t^)n91Gi?jWJxzyRsSV-+UC4RWBwjSXFSnTpYpiYx66n@6_TjQ3FauxiJ-+&`sD_ zT8z316Ivq6LlLCLU3vQrSQgj#^JW_vfJl*&CQ;fiqnTFc^=AhD^_z{Zo@KJtawHwB zWEP#)Wd`ehr`On2)`F}v>_s(>(dJV$omH^LRNr9uTJ%4`aJS+=U})lh`wfO2DgV&y z(s?W>;3}9JioU_{ZYwqHLhQPn<&#DaLYK(ZrpJ0`u8CE+-fye!j{Buu^QNH9j7^7z zWnbzOeFXA8^(mp*QoKTFhBZ^Z#<~^N()zk2P+Y#a^@_-y3toowb7P*(l2mSkNAUuT z*6ZQ_%Y_XFyZ<*AHq8GYF3d6e?hy_t2oDL}odw;Ebmz@@j*UM8-ecHzBlI!ymg}Qf zirxJ(&~W30ageW-6)vs1sHzSv< zADSXsfLXNPmD!q1^T-0u5(a*Oj^%_mtD7mERMWph+zU zk09KhET%ogQITMhICXC_|Ndbes*4naQz}!4*NLoy){&;(!0kF-POMieS zt=XWf;=26VO9f}o{a?HnZ{(av_J4RU zKodD{kJI#GWEGQhNb;`(3M}pg@5$B-Ru-GC<4r?P&5xwO;hCa&4S;Aw5*G&Idwv|M zhW9NUzwM=5a>6vEUOURR2Nk2iUV))0Ajy$D-mnhFF$In5-WN{>&(bEie=lp!5RNBI z`+#weszm^P0MqZ)(X?;B56=7HHo4Fx?SdiH0^=c7d#XoOiz|UM%2oEfU)oOMF;ig& zF^>+ri=bW!y|bMuQ!=i}r3fS`C; zziS~ACixmaT(MK*d4Z;;qNsd^qKb$>()%uLy5tZVx%hmRvYXZ+S!fmwCK`>mW6SwC zNba{-uH%Vm7J*2W{MMAA_5cznM+N0l6ya8P@-T)W6L!m0JxH%CCi?y?BSrp5F#L&# zB<}QjdJzIeoHuZ`@8Ca4hC0sI?t7a>X{6alCpIQb3&Q%x2-4M7BgE01Hx$|GQTw|# zn97Vn-)i;s4D+BKK8!h{S@RgdMPf8?hl>I5=Ywp$Hyf<^qb0Wfmx-I5Xe1=IFDI?y ztsdRtp3Xwb7P1yPv`l&z1S2gz}wqqybM!Vkivj(^WxZUmItO5R@KkImP zuLmZVj~b}10tXL@jXwP&ly!j`XXk!aM|*9P9_1OXXpKh1y7^k!7qr|~_{f8hhn_rV2X-VKrp|J>> zs{s4HJ{jwnY{>ZWOml0fSYedKh40OUw%FtG42a7Y)EnNHZ{wKxW3$j{HqHOSi*!`1r`_*c{f6!`eKJ!=5^C)~sA zgp7^KU_fP9G!`;M##i@jgW`vBjhnc9~nl&sAsDAt6 z;(z$R{#!iw2_!^*0}iH0-0sWl=^b6`G9a2`pSAuu?OqY$v|hEJ&C4|LzY6C@Dgpud zvvP6P5Bam;w2SgkQY)v3_6w zPOt%!^Q5m~j#tC-ddI(57X(x)^2&SJ@`cej;?IfrDuWNry3*+r1b`n8mM*1eutkz` zxsIWkW09DM21mZ_Ms$kI=UE-oyyadWNsp^S0V1|0T2q2$q)_rAX@2%^N1l!Yn7{2z zo6@d0$|mDe_BB~WSBJDc zVQyr3R8em|NM&qo0PMY6dm}fJAnKm853@Wk^LQSylxM2Sqohbtmn!ypPty{stg%W` zlak%NUM~mC1W8!QL>fR!qUAc@{`B+VmWjNPNs6T^yNUkVB_e@900;yEfrx-h7HJi=m(ZPZIx7loF|7{)|x4&q$kB^(JuvYq>#Bp3vQLyk$nIyC@X$e~Xr4Ht6mqXs5>E}|TdG4eVfgp>z} z78aw(N01>WfHTwqx6ud*%BsN-e~&1`B{Ik_KZZ?`V4>6bGkjuO-_!jvy z;0iJXdWh%*p{;5!X*7hF*?Lwt%NwhLh3fp-*+VE_RqU`7JWiA2yRkq1Nt)~I1u zz@Bm*vd-R~!L8wv*&d$331WLbnGolGiaBb8!K9`-ky;wHyENX-X6;i?-9}P+{og@9 zLTu9vVDb7t6e+v@_YYg!_5U1c;*$~d#nRsazmh1Q?tl2?;=h2~vG0R`a4-@LFb;hmdBAZLO3>x_4*7GyqA(9h|ULy-eDJg z0~vO^5uXl_OA)`2Y|9%l`3vl*Mz{}LiXcZo=TA_8D0Y*APLQDEIAcm?&KUdX>zhHZ zf6;y4OJ!bl2ZJ9j`=>?dAV?9tCbuXkL})2SGj}OY*O%Y*EuE&A@B_vPg%bpb z+(mZ9n0b-Q!7Z8tihhYOMP3bv{Ujh+;*%3o(3hA{R4qq-6L;IM;RDzKFaXf=C}K>^u$XaG3#1zXDDXmp1HLOr&BNm{qA1`% z42HEBRNbo7VGZ#Pc=~iKBoXl69mhcdM-+?%E&xV+D%$c;z%le0@bRteJg-VkY5X@s zO?KOt<1s_L1KLxt1FokC5Sbx_3mAs}T>jzv_Jm=?1n(o%LsWitrx@KKz~+HVNq~Qq z(v@ILqN3)mVB{0`R#Glvf|@5vidn`Qjj&V57iC?K%peXf@)C@rn&`lGJCn8z`9 ziUjz&pzAu=kxK;-szj_^FeX$|wT306DF8?04mD);kdlYF-8aP%MU8lp;x!;UN=d|# z7+bjk8C3a{l4vpom@~N{VHd?qMhs~{gy8BX!mXI)cwd0N5Nv}9a7i%6lZeW4x>O&H zV+P<6mo-vCqpYe{oc!}dLeNcQc?;N)Ju~C1BrGsOKDh^wA`l?4lTrjd5Cy*A3A#SO zqFa*m;*kgOz}!$j#!&9mQ^APdG~YDAj%I|=-vtpvo}3RK2e%{W-ZBk``Ov-n0ga}F z+{Unkcq}qlLw=T>)g#OHuFY|6@0<9qzm=q790md?utpC6C4O{8R&NHe9}l7fC~|R# zQNaJA$4;OVe}$fhRRjG68gl_#gh$P8?m+Ge?Al>&&7t5&3;Hm*iWRF*-lowyUScGP>LNvm}+FY|x zp9kaRv~B%<$zB0AC6Vum%`-l-m`zLmh@094gijH@$4nLVq1{QtHtrC;rO-2@b<5#7h+eS$VKAdmD=Z&bSO}TVc00!k>X7k`eGl7r;igL zI}-1;cEe@|+Wavpsn;O5DUu>I_vW!%6hdnXy_3jUYy3C_!A}OyPF$Y1$omL&l4>$d@4q)xh z-rlY2xa`j1i19t$-cZU%u;H>hA?%ASAA5pUk*Fu@yX>y(x`?rpL>TS>UEfjl9VkmU zN`$S|7@YZnDx^RiQbCdS0Y^+(B>R=?D6{1Mx|wT72;;vZN<>$8W{5)%ayVF6)G@_` z(03UK=@{f|iZzVA@V)+U(?18Zh)GeEA>J@s2$LE+s}LTG?=_IAtmRB0n|SEXL4LIV z>zmiKA&_b+5e3ftaL<6+bB}_*AG~iL({HYtzYH#0XMaEY<(sRk`PtRO`QY{4zUVLv z!#*KA0iP42L>HN&*PH&iJa59t!zgf(oc;1zqq&eN@5Ho<(`d|8AT#SyH@yo+5eG1s z1I8tXjRO2jg#0FAo%r(@s{BOg6oXoqqg7Amu_#1T4pluf`rrZVVnRYV6TxFc|b?=G>z%*5_)pmeXyI)1V zueb*5)OO;&*X2hijC^17zIv@@2;*dm+*_7n=lXCYYjr^Vmk7=qn8a%S)}Bzd18~nxPq?^A4!Dn$7oE<@$JrvsGHnf;#)EPK>(I26ZfC zCoWCnYUsXh3W-6wB0hHK9nkgf;ha_NN2>s*!$Z@J9lIYp`Ht+^Jvlr|^<-fW)W%Qb@F2>YIbG2n!vQ_Uq$;hc3qYrk0oUd7hukiKi&oRQ|wM9t3hKNAWv*(|K4nNn$3nRKR`-C=Dz~53y&a^oYu51S-elk zEr>$3jj8*Eo9h#;V^en!W~)a*;~wAQ5P29j2%YSSUwh}6@gW%x`L9FM$WXK}lugt? zG6o$`SJ; zg8NJrvcT?`jid;6Eg&8mARoD$PLcq9~MM3s8) zmk9d5^&T+eOn;TzSO?VQzd8?%$4DG0>lb9;PLUV+=(j71#)w)O7o_)q+=!!>t;UhO zsd`nf)!=xH1I*_NKkE#pwAW&(UQtXa=JOLV>0(AkNNLYTb1l?aeHT+DjySSLA&Kpn zF0_=oF4d|kts2Kl&bdJRp3qyx{*p!0s0H?if~IOA@do0AkNLd3&<;42tOJCIGR(LT zrNJHXBYpZ#-?ztw`1i7ifXMK#r~{gf{dc$qfHxY*-|hWIQ)Xn<<`;yc*or{vdifN~ zaaB^(48ee<1=2)ly%)R(kVt9;L*j|?;E-~~?KIy$QLD4=)WMF-M}mOFnbU`OmMA8i z^vns#)D`I=FDenMr@(`aPogjW?XYBy7G-Q@I z@xl@E%^4bIPSv#?HGpEAd=g9?j_3?{nLD<7%%|XrFfQ1WIedyO#Xgt%*hK+DHHv10 zqaP^d68%tDD?N&c^>J1zSp4EUqCh=ev~a@)=2GNb@CWPaLSba^@2Xq44ycRM0!|bX zy0#h$$sd)DpnxVtQgpfBRAdOG?!?gpr*Pm>7$S3} z0DjXf^=C2~W^8K|{3!_t9h#Z7ZVH$LG{j+0!z1c1u7DqEHwJoJL)&gARO@q`M33jS-D3ZgOExH5L+$h@vb#06EqGRgF zsCW$02XXPsXeF%X6kCm_?8o6y6dGD+hQw2!hcFC(vd&S^RjSZighDHuq6vEFfJLLM zM@1^sQ$wxfbtBfCjg7YY>{QX<42G7}w=0*1ysTn!Z=#O8ZiO6qnv;qOl1tp8IXF4L z8C>`J!!u(qptMwi!zpD)tkOR_70fVJ0HhhFl0L*?y`kY;3r?O~RLI>?K^kID-kagT z)+=g#q`J^(pa+g<0DV0P2I$4*b+4m9djv6g!3yP$ukY|uweqd#5isELBbnRt;<1>5IN+oQdBQ9g2^IG z<}P(z0(L+Ty3?3QwBBBcriOwvZ7pWb?S0Lg^O^(Ac)K)N>e3dVF@q0cl9F>)EB9Gx z2w5y*HJh?XR{GQ8t+KRm93%1KF^HI8%`gzF*N~Pi z=%7Y&;!qO9@ZJb9I|(C?sGn#e!-;kK0X-Osfq1juZ0*Uab-OB1w=Bbgjm9cdyjO_b zZaDlYTQuGTUbrOS5C@138($5fZ*Dn$E6E>@<{Yu#8ea{kB%=O&C^+wLf)C4WD5+(5 z)6lS%q2eDJKvGa=>rHsb5Z6U20d>P@=n`77_;2ESc<0(3mGxp_T8~`CprFbokLG8A}ng6JWn9l)a5OR;&sOvYGDK*Zn#4HvF@>w5jekB76L zUcIVi>Clzpu3lK37+yy-bT})-9A z{{uAR5!g+1hp%=)-EiajE~tOms;eCF&&$TYzp7Ur7pjmDNS5>BwKwiOGnOn`YTg1j zw{2P$S@C9**=dz-LR7B4?#mJ1=XWa!RJlWR4%$s~Y26S< zey-ZkO;~sCSA=S>Duy^15k55rQEH;)cNlo`Zc+Y_SD%nyb1CmPQzNQ0s5btI68*in?HS> z7uPlzC<6u@NLR%M(BE<3NGC|^jDAi?ID+o2CFj>$`^SxDquFTHt%7G)cL(4c2e&|8 zIstvT1O_RSWl{U+O=JJ?KtR}Q9oZnRD87Rn#Z~*tI1UG(|MtXby=lEp!D&h)ntQM7 zsqEwZM(apH-%o#eBfh-OHEa)UUz)sbYH*bSt)?8z0GkISn9qpx?3BJ>gt4T3X{Ms7 zcNg4G5mk3A3XE81{2rk|^9D(vDdrIaf;6%0R#ukcm$HIki7Qhll1aR*>}ufD3>S> z6X!z;B+4-u(WYttr78O9B^#T>g=a!k*~#Byd9F zIRfyW1Xe4$X2@SMEW2VTzF>H&v5V|&%ADl_&d`$vLG<3xlM_;eW|9*3c1)%u4(Vu~ zY1WL5kPW=|ag2za9nkfCa?jLtmY6v*Hv5pd3RmkA0uOnD>X2t&_nBc8l13CNnM=bj zz2Zn5*Ul4bjGE<`cpBezrnmOm4!AL%bl-NtOwb|@z&8=YfmqG|26~AF2FHlThL8!w zjub*dAG?rsKr7X*HY*X0a!Pz3QQ1@O!reNc;iwM@N2akNa# zG`D?jQvFV>yZr?+W{n~tR|&bVmU8MGMH8UDfiZ$SqNpQ;PzIDQ#hxn~kZOK)t*Wfy z8hsVKq;X++7%g)G9YqsIH6>k1CMPjyZGWUf9(a+d zn{P~jEYixG6Bd$HLaY7AM=Mm+u8kLO2O0+)V16T03;mNOZNPRq_kk0os*p3f5V!V-VyR#`d zx>mD%u6L5dnY1j8;l~CEJC<-eMX?cmVzecsl^i5C9T7;qbpSE!As1>!VnHgs#g@hb zVh)uEq7OaF#6a&w2^c9N%^1HfBid96#UPQ{P#$Vaeh#3lYKvHSk(OXZ{gigo_=rC@bKv4~%> z7|5PRyWRj7@$_K^0wnNKGct z40G(dE{W6*rwnRiGtdFz8N*LClrJa(BZ>p5j*uql>nEZ3lcGyBtaEl^sLOJ5)=t z1C@ppgTFb;*sa!fYCG{HU8#2Bzy&*?8^mtW@wp~8jX=_JSxUTet%%+UBKABjkHp~` z6kRu@+MyQj&UY)yuX+4Z=A1mov9F>%(fCj@FwTuWk!CY)4 zVh4%IRtl0MpN#fqP}JI+MLx%liET9V#Og2*JJPm0_CGQLPFLG}oAXlQ^r}S`n34$O z>eDrL64yK!@u^ZCDTg;J`iYKWWW`1i=P7Az#OcRk+S^@Jj`IYu%YY}6 zyCz=F(8NX=6FP%j$UP&-q+{5MgbO|9+hYEow$Js&eU4d*;9@#;$usFRHyOM&qn=`E7024o))Ryf5&)J z8DeAU{Wpli8J=@Ltxn zQ>s;FQh#C#h<6y>>x!CG97n}ElKP!E%8I5F%n(b_ikQ@MC9e2*jNG~Fqg4L)N(s<& z_Xi=7;=?42bd5yTj0I?BAhz;;L>?3yBmd z`&xq(yZdLpe-pX4hAONBhUebxq*i9|l0nGH0ij4zw$4gOi&+z^nn@#S<^bNpa^8&IS8ZwUZ_l z+S+kiMlFE%%u(NTU^9wXSXzkX8}3$`nytlL0{Zjf0cM*=yNj-w=d zwX2%3+0*ch=#N=^VJEmoERRXUckTE_0?8sKZfFNdn7E-6$0NJYXPS7sjk%M#@tU|{ zEMeXvxiO9KM0#|7gQdfX7)5!!5rj5UdGa{Xn7HB4WFTp3JG^TRo2~B2o43Q`gOj(d z)8XOa(P39|PgqPqO0_fC%BEdC&V=zI@_kaEFR2P5kT_%|=tw>y0DJf>p{&LhTy0GVVdBtSbEqYpBEh%h9ghP(TkQ*_^uCW4IJTRt|nKj}qEFTh2meglm6|JOh$rqZZ3*wFUe-E?JhjVcvjQN;6PXgn} za6&v$>t=9TmyX`@ipU%{B#fKE=`J|wp6-I)OYD;55 zY~S$_=Q66DzS8l~E|BN*FE&w zape;qqd;yp<9#$f8XtSkacews4vyW|&gl5)$a(D@wPEXxH)^(y<7(F^fU4T@{uqwi zDMtIq_=5EYTr8z{_*7=#oVn4WoE9G@_yl#blz(D&1q;>I?>v z^mP>jK7|x{@r8)-k&X9Dtszy#fH=bW1bS>Y9q3ZCGi@vNzjlrGK*kjKU%Tem{J(Z} z-*2 z9Z)tN8R-TtA@tB&A@wl2Yr3EStyw4IyU&>B&zOFvE7M}5VC@3lBo8X$tT^YfU z;((7q{a=~$udJSdrrKSF+RFY;QK8(4GV~XiXv5YsC&q?Q@14u$Iv>}fbmlEhMLZ^DsmB@5)#SIaw-N-Xg z((k#sgnY~BEfqJa5|d8@sIMVh=-XDCqqKnu?}S^sT5zz zdSuyhd~HEQ{jDD%1iu08k_+npUI+EzIy7PNR$DC2*pV&kLfVS$qKs#zi#4>K%F##4 z$H!RudZ{g}7Mx9Al|hx=$gcYg{JQ?5UI|E*jY*u-NdQblu4Pj$ODmIQHBvBCFLEW` z1WLX4_y|hIA~~birpTW)*mO@)(xN(=)MTZ6i{=u!lT#rSmsi}ejL?v8 z?ted_IT(hbp(6#_elKZ!3)QW}DsInCopklzuPE zl`D39-il-XKfZ1?4xHvL`0uU8@$-`Q+RY`QJwL{n3$aW)%vT)uoQwSmW8cz8&bSS-Y&RDDx$q09vFZZ`l9g#xJ7eW8}s;yTzNe$tBC&MAVLOXV;WYQ z!O*T{RUtF198_=+AS!XumF3$nWBbWKdC94LbIqvBx2aSkrlhnyH==j8>q~Ww5^h2P zU*5?ZpgSY)eM#kSYJMxn=r3>4d>4GFo>_^@E4k7EU-D37-r~T!9Gg;(RRE6x`b8G2 z&tO=Ozr_HsF{Kr7wUbJIXwk4ODgs&E0!uXPpkLRAj9A^l8)7Kp+Y zs2r>M;|Fo}7*jI)JDmBTpk(Q7lb(#19(FmX-__&3(YgTtstDMZL(!@@jDAVw#7IOI zbt!ikSO6+NdDXP0l4#?8rrCtx1XS{Ik&|&2kQeZVn)Lxp#vzvGvw|a-2XbmYf@AHT zEm)#hTGGX$CRhrdDZ`eCA>cwLU7Z$P^vR*u(;J_J#CTU)Kyk%*9Vs*15`tKb2pW3+ zCB#=C)533nlmB4y1Ux!AK!KY%s(tEfscm|uRCfQnz&>i_HkR6d9A)f3_FMZ0+xP#U zC1vzW#SVfXuZSux*eJ1qt6V?lNuo3aMyT$9yH-tz2p#R{Rx|PSJ2jyFwxp$;O}jPa zDR&vdUm{dfPwg2`a;uoM;_86k9JOibJ+2P#*-&{k4sX$Xh`o9T)U5~KSLjH6*9NLq zlm&YYz{Y4)0GF^U-BH@}zhM1K+fpYnd2!6wRk^^D_1|i>+nM#he|U7bUH{LKGRx9T zdv@7rrIKEINkEZ;^;g+2$}x@A($O^+C|^@b-v;;%1UT?ez`=n)n1#qyi(0<~CBeyu zInGnjJEh9eYMpTkIhyDQd6Y=&cJ)%RsWO8PgNRO0@(92TKHLP_^Usg-6|d>rAZj2U z5RH*FW}qOnXcj#HOwUxx-xVaq4dXM{4yH~V{w^1YSO;dYIFEtVke>wnZr~ZEK;|%E zW<5sN@R_X)`MXF<`M=pAH9@Vj2`rQU4%$Z<{@*@qZtee`B~|4Ame^(Uo&xq?&WJX` z;|0Fb$T!EVtSB9dN#$Nxlm}=ckJE*472C4^{M57a@l)ygU*rI@VjIikzy1B}`fnW` zZSDV`C4Fw^zr63>CqDr)8=b1hzrubb2f)Oit=@@S0`l^9r6!E0q758?x(TVUG9>#z zX~E;tvvCDz#uYL?n2MumrK=_b@DyCj}r)d2CZsq-jFYwdVUT9v{uE z$ST9};&;u(s;z%_iribat^#n$`afuA{Xh5j54Zkb&yz~TvJ*MsMHZ;(5~DkD&ln-hx+gSm8GKCr7CC{6i z1nDHF&<%)}eG0I#C*#Julmv~R(-4wa$~C$FDfLM4xW#3`Z$J}6>mZ9Z3hr_ksYfX< z2iL>yMfd#g|FhR04to9Xd;MYW;`HkB?BY73RMycWR(UqOQS7xXrumI}eq|X-?=Me# z=VcgW4e{a3x8<6TjQ&9ZHbn&a5t?r2nl2*Nl@@4aR-B))LGR*pcyo2yz3vT$7neU2 z_rBmIwiKUSnr)i9>R-O^U4PrV84SDUz5ez4?nU?A60&_u$t?d)oNHv<@6f!D#`yv( z-=7sgka15+T(TS#cp<^ools^PVt%6(E16l#e(j|BSB7!qV8sk$9~2mwrCQPfiw)Pi z4BkTQN7mKS?@`YFTvJ8)-#|DPji9smO`Uc2$* z8u^??>YCq@gnt>gwCyp#AACtnTY-44$)EkWrDc=%g4<8c`pt+H4_y_GqV*3 zMMs)09Gmrey`i&H{Bp59d^NL0%JIvMp!kwJq!4E%c0@^@G{cR5S?`QG0NtfZ>W(HE zrcrTZf_Aoi+(wLY;*XkqmJvIoHM-TTm?*|k!0(73&5-LuJS+cfVIRjrOR&~ktje*7 z$0nZ?0VO0^@e2!JCTcsQ6;7X+8x{~sS` z;(zTQwzu*Bo+o9_fQjsv*Zh`Af$Ir@-zX~j%;X*7BYikG>|{ZQY5-V5?NiWa(dcL7 zaxH2VT3UfB3W5dWQ%%y&$gvv{Y5zzwZA_7Jp_7Ah?|Mubb z{QoRz<@@+m)RP;%t1q@XutIpHwDHBIQqfPy@;kd$d=Wxn* z&BCGL#F|T?YjTU?>r#{HaFJVh#cP$%V4STS5bo%g3^K@kYNq^*soMVUjhyh#{Ydsd zt%IZN`EUQQwcY=pC7G}o*<~bOEo>m}Uz1bJZmme}oJQzXVHnO>Q~JHsl-gwi!b{6F zyird--f`kXJgWjbWp}i!tT(#)-j2bcgq*8PG1+$3KJh8;joxU}CQQm#SWHcPC(%dH z`+;JPE(7^&`SP(CC}o?B&!w%4tegwe$(113HUSwGTl!({Wh4_{1jo-!EpXiv0gcPT-6A|IxwGL6-lw58GS&&u2+8D2#lL$2{bL z177(tkB{vlzDcja0@*S_ve30KU#y{D29%|3U&7_Cgo=k(LIlLuUxgB`g^np_%}p!Q z?m~C?@&V0;1x*=%>Rscra++VWE6+(Cugj^U-a%mKF*^PX>yJ(N7+cqDvewfAm4-M(~e=M=^~Y#Wml@uNM5^pO5H~CrkxGO3~TaSo%ZCm zI<7L(LuEhazuf6_DH0Ga_FH((lSv>A66K}Voqfb$>#pJ5KI!f?a zkNGWVrCLWD<`}h@S({SMrf^=|Y(?CqdBy?~7lovWT4ml=U70IjKYhu^!dR@yj6K^c zXhy5*#8V40TS}_AbBc&OtdvGRv&5x|^m0vc4n~>RS{hzO)lg0~n*)qyA)lXO+5wMM zikFPk#t=HH~QSjEPM5{9-$RL*(9l%ar-?`n~iH;odW<4un@~) zPwXt8jlz&ne(`otL`vEW%o{l&qBG`<@k1HImhDW*eQ*jnJk$QxR`2pY+KX!x52A)L zir9Qa9u{%lC63Oi#tZ$N_d(7h{3EaAq_Na?re3oKKi1i_z6W> zeQ!Do~d7zVb;ii1L^V zYK-HM3-*e)fGu0=E3{B8>O$U)ePOft5D$V0&qT{>H<*fkB0*J}o<=4xL;*{*qed(q zuwpO^xb1>~6sxn{G(r{FE=AD80b=Zmk`YR;fhp(VyX>LFoD}z_2>N{bYxX0dyaRGk z4#akVp?`{eI3FOF1Rm>vb~9BbL=?;SpVZe@`s-NvtY1$lVpHOK9kAbQZkb;Z-c^|2 z8oKw&l}hyQ>(pPM{H~&hUofkCNxiD0weBD;RzxpVgl9V;8C#wz%dsPLEoJYMwYs3H zX18dXRH0S6xrWXZRMh7#qNBp%PtxRq1=`%~w*`8`%39q8!@pOd^6D#QBiRcyjwMCP z!V6W`Jc0_^$D+|Rv{GKDdPkS2{=h0)$3?hSsJsHwWvWK7Ox?I}IBgx`5`?N|mqy#N zA{SK%we=arEXsHj6n5_9{PN~>c-6oB{_M2ZA9kdwMmq+i??U*hF9I| zZ!3T*1abP!vg+QbxaP_E&EUG%7lZxw?7a7MnamDRR&BSrqGXI^fW-LqaV-tWcUFs* z$)eC`N!==|&WuC9_x|#_H~gW0cHJ9Zbq9kVF8ilTJ4Vrra3l@18zEtQLJ?CNRG38C zUNokK0G2SO6so<8?l=K9;=&7jx6=)Uh&XJ~3~sKCwELV5vzD@3)pS678G?LM>q z6fS^j`)l4KY&}{y{pQoqLUqK~rH6FSo`W7X(x;C{69`g7rDNZ6AyN!puiNkShu4?i z^)5c$*i}K=8ofNWD-B)Iie6>d1P^-FVOtmB%?+6~aX66Lbu_re;rEE*aZVFt#_8;0 z&^x*5_lAS-&aQ^v_xfjVOXSYSNAOYwbY7+1!q=LYcPUf?>j}H7TyU8baWm)*PX^z| zQg&qtB939BPhY*s(*QUbD~3QU!R=})<;C2*17@o=N!9iWn6mw{$+pI?_FK?ug@;tt&a(! zl+b=W0juKiefRvPH`oLsvIvVYsftJ$DP=oWg8!g*aozv>@N`hZcI#8lL)O{bJ8r!> zIyg8!+JCc;4w|oz;rO+8*gW2cV|37lBkwPy{pR3!f4_l)31Ym#P{8TDfyv(C{=wlv zyS0hH-6!3XZ+pWZy8ZWS40Za3>>kqD33R7u)fpdjzdyTpHyCahmjS%P!Gx`aQt$fw zX$T zSoVQ|g+-SgRxWziKV0^|8=hPat_MT0!&`rFOH~TIE<)lD+p;2Botx zuus1LGr$nv1$>Iq&*6Z3?E3&pV;c}c#=!Nr-HXeZivh?a?PcI|0#LvriU6NNuE0i& zlbLGP+;IaA=>&1ne8iB~ke49oL%JUP4E(VVC%_|!$>=Uqc!vNC<^Ybz$mM_pfKM?4 zBQ%9~n9%ga$ya;pYBkCzAUz~2A69jBwL)+D=Sz>4Yh$RIShD^Ww4#=teHqf8<}N`p zZ3^ZyxV-6~^oIT3;PU+Dy2|M}$8`qMJgbiw@gsRIu#lkezWgdC^TI$Ob;Vy*_7dh` zkH`u|m+_Hjp`s*YTPpM#`0&9|xH=M7XRIBr98sYpQd`=h((Y>Pt|elNC0!AK2 zfr}RC`nor#XT6J)-teY>RuP4Apc}UTkTcc)rhBrfJJz+xFJ;=95A~?mDSF_D2GAd> z5GCejeTcnR;AJW}TMmLQdUkqZ9`z^{ERC%|v9215=fm#lX}>opIpu|uq+i8i!Mc!_8Ca;yEB&+U zc@(iifnuS($9bnD3yRe`ioC#ye%TU5!kY<5rhsC&V4?*U3&e8LV;X<=3I%q!x93cEiZoj#NM z-anRYe^pC|(rfI@wRqWf^=7 z{KIIKx7Qt60Nd-1&w?;FeBH5i=h?dRY~6Xb?mTh!)}6;5y{$XX#~ZSbda?3xUAcd^ z*EXQgM@CQngu*clpjbN(b1;Sr?)KjGyKlP}-7;zMiM=SNhkb_wmv1)DKZdD-xYN;u(+*=66+&U7J6v!V0%$M}5UloH) zn##4p!79l}y;2eo4-NFgEJ-mtHyx|adbuR^c1zXvIPnop-a=8Otjx`}2FGI@q~^us ztl7>-d;h80`(N?VY^{f&7r+12+CM(p&%Xb^-)wH*|9XxjXzWX^8dIU)zb=1ADJ~`0 zfC+7zemyLb4}*% z0Hywwp8*P7;^ANd#)QhtX#tmvrS?%fi+b{TD<*Oeo3|sW8JgnB6looygd@PmZO(8o z^ieS3Q*bC~>CYhfCbn3NJb)fTOpyly;<(VABJl^~goS5+*a(;$)khv6xJozAB(p4Uodk@ai5;jcxgOHr`NJk;#6u}vQAqJ0e zX?2GnCOk#ArEeL3_|SRNY_`-;e8_;7!Rek1yd4A2Y`@x!>x2ZH65mI1t6NqkyI04^ z>XL2(tqAdC3y-hwa!p)Vf$jA|E$`oPJ085p!pPDkua~8z!fa>sSMa!`c7X;n>1$4* zXlj-9=FhdvqtGdMB`A1g263Qt7k|z~*ZpAquGzpc(1+3!ZTROnn-ap+!QuY?KFJoW z=|TOsG37Hq`2sy}I7QGy6iC-UM^7iH&)|atC+O>TvstfHK4RRV=nneWgB;cWoSlNQ z+i(kH?;1`(U0yjCSJF_kV_ghF-CE}>7e0@Gw7wlCOA_8J>h!O>mvf}yYHta>htxx!_zQfgiU^W_7>>;+@mB(= zXlCT5l${#|%T?VNay&yM;`&?bb+Z_^z{`{@FH8}vUf7;Mh3$3gLHfA78I z5e+Y|eOJRz_m6%XTcIpR3_Y`v^rtkmlJ?9`=_%Jm?8UpGO|Y`GY*6@zo<)$eWv)04*5N1O)567@Up1I@BR)j| zmuEe%h$|FK-zrX}X|zPC>Zo}$94y2ygIo40p_=|52NNoU(&{>YJ1y4#H(SSt2O0f; zyV*L}>i?f3Wi>x)qGRQL{!>iAvHpJ?`Tmlt1N-_guJ^QC2aV1ZMt~Ej&noEZ>RjuI4;qlSxqFhBAxpyeIH8iNhARyentF$sY@uDucJG21n zCC@_S<{tSo?Zob2T=nKL_XsPa&mn@06e=S!;~Eq@Pahzb2s5B$wK%9qpzf0cSSx5p-`+;AM>#EV}L# z+&2`LR$h;>d*OdgjYjb(ExAOl#{YGcBuC`3l`nyp@c-svj{hIEj*qwe|2fj*g791g zn?PYqu4UyEy{viRTR?f6zWP;AB?))HZ#A2_F6d4M*kks^*Zkj~dajGoI_p0q-i!p8 z6S|T0-#R>OXV-uGu(e(P&yg0b|BB0hNwJW4?-jLFFKNTJS%xM%984N6p@@jZINOUE z$yE%XSdJ@U6E+eTwt?h^1ii(P4Xs{7&%;8>gT8{6RA0!D7C|UMCM6yMARr)4vCDee zHBUvBR2CQ@Ud+H(T%B1C z?ySke4V#QY4{|i%6mm4tro4O}q7LX2-^an^Mi%&p{077oG-PX(q$)Ah$P=0Yz;s$M zd&VzR(G;`S$I`Crk|^Lyt;qAmQ@#lKcgme7OugQYa-lj>By7TUETr=VF{Qm z=uWXL`b)VrRH~IEPKO0^VTg~C>PeW7W=`v(QYtvbOuch-B#+a+9a|f7V{f#vwXtp6 z&c?QF+u7LG#@g7nt(o6^zR&x|drr@p>FJ(xM%`Ui_gzT433ArrEi~XVf{ORm zfYPrL-ECkCnl5=`h$YfoT&U^PM|z^r zPPTgyMkqI7%`07`^VNp-9p8`VOH&WOw`;w-3y7ulBh0w5RetJZsS#?*DA9r%d3bfg zl&9m(OVpwi4CVc@N>Ut|F_doflJD-zbm0vLNhG_Nooz=;sx%2cN1N$K>7rump<=ky zMXUNXXyZmoCG50fk}&W6K7Jw)ao?3$JVc^y{=`%Ly(lTRH{EZ-3!2Ku447U|g=w-a zVg+A?UMjcHRvzRb!OrV%tW!knDLF4?zzL|-INF^2N>01AClH$IF~G@ryIjgvKF}zY zEJsKjVf4;bi)fl_s^Z~wlI9NlL64mvw-$CX+<@`?EB77!yQz@bHLJ4isMfIbgj3>` z4&OMf8QrAeA8rgs=a};sPsy#a_%wB1V7M}!-qo}J+t;kq1(yq8N6?nYeirnXkHV`F zC`q9QQw?Ni13P=C)DA%GQVgW(7aiCXJ|FZG)z+55&@Ql)&EEob(2oI%%;Ww&7o^QS z@u_ClLwc1FSBcUkV-)*OUkDDEyxA>IJQ&!0g|}JO{XWM-;_L-%XnpMfguSbQ-f61) zY^nZ(eagZQ+6TWad*yQ*ZSti#NAP2?>|Bb|hv{FAut&1U@GST5zSU^*niVSV`FZAc z9Y@Ve+yowC)f)CYvNK z{40&ijHKm!=Z&9yWc>oO_J^wTOb!ui$sV$1S?fG1a6KKdYywFDiHt{>XinPM9>N2* zfoXK@5NAiB#wpscFuj+MMtL*)p<2Dqg->)URA3#EdWd3BUE&`9IwV=0zSw$+ujdjz zaqt8j;X51`pXH6kgb>g85(Ya_`ZVNkX(=Hx4oueQw-wWz*ioiv6rqbP&P>z}%jy2O zRUhtlzm*&0uu!EX)vDKa_?Xw`Zz7}D@Y9}1n5~|ye|xs=Thg;ME^MqqY!ViwwuL)S z4(9W~pQ8Jy|5g^r@zZ$_XgGVmH3Qq1Xr)d{oJ0jUt} zy_|^chkYHB;XC|o>t%A~sc(H&+6qInJeM(se4!Re318ipViu;nHA2HR*9c z#amiC<5u*)UdKhJv|oH3oh*`hx?8FuRY+4H2_L-N`j#`291*_l_MhO&=u*IksDPV`+=z7Q3md7`}Y_WXTy5E=2XK9{dbR|c1 zc|;=^^kRTCL`iH|3U}-P-;2?ez+v{QWly1Hkd)$TevpFAOGQOy{4(_!Ha>~|YV}~e z%}aHAB?7nD)x-{)wC))6LY<+d8IZi>aFh+y&Pm7#7mFz;*GiJe%^<@l4k*vyhsf z^^dc4CssY)!a8p+)ca*M+;`){MvmC;5x&z_A?K9r&A}7OP)*lAuwv2#pYq-$q!rSE zY1vSWO+a4jlYQX#mbSY-kiCNJ?FPQgXO?{3jH1+y;l1W-xb-x7Et~B?hqty9V0Bom z2HDT}09KShB z?$VObL&MER_7l@Hdz2L~9RxB}Yce3clC?v#W`b=Q%o7;VPx~@fk^wCWMI+pwwW>M@a(K zSXCJzp1Hx0c9hOBODzO;+aGB{=?9Xb*2fJMlmJpc2`S7*l-E14``*>)eCt*wT+m}l zJ`4*r81NxUtWHr^3dCPXrPd>}1YFTDhgQ07El+}jfz;0{ORN104?9kb03Ziog|&3n z@XNnAqH4~<1$+z9E5$NQ+BL9NeFoUo^Pg_(JN0DX_mghbC7L`?-wd&Cf-(uQZcykLDffWH z>yK^=IkB6NAVOyi!IWAi4U#XLD0q19_8AUV`TiKPsH;&Wi^`|9Ql@SWIc)dq`G`55 z$jFobN!{D?4UXEQAZ*8LU+q^d;6+Q>-OfS;d39nd;C8_o`7r=*Y~Yu;35_!RiOu1^ z0eT5{&97_cV*CSL$p{~=2(#b<{^G-Aa0F3aYR_+NUcMhjkFqpTuDDTVti(Ie*dvvi zxPvtQE_lI~9M3yOtnYYKtu&2i<@!|qtE#a;R;~vPzh_Q)kbNh(_y{u+4_j^jpkV%VulMA2u()`TR0mMqocU1A9ORnx$e*U8_ z^{RG2s?==Ow_TiiVA?L2*4xdiWfvfyQtfAUD;Gqej9oD;;SkvN<7|3rip?iKk|-&s z0Op$Oi;Z<=mm;j@rN^&Ewqnr*KvLN?4ISXcS^y}1yc#;F0UC6zZLa$Z$Rwqk{D*|l z2&p1yeDt!S@Uz)%d#(KBoaUU?jC)naVF*S``=>V#@5s&i#-&R!`#m*8(^w&oR>fLK zAHs{pfX<;VY2K@${=n--iwQTM>?1!T=eUpqNl75py*XDF?+W3&PLgRZbCYbl^uR=1 z_O$VsT(Vu&Ohovn?XElJD>QXTTc>I;^|e7NLb*dC`XdTT)E^mV z_S5v!^nI&J12l!Y$M!%&pTb+p#7MXS|!W=@>S)}wd)p|l-pig z2R{u_G>;8Z+G!dVXWF+EJ#KlQ>6mD|5#c*$!M~ka=6-(XwFYIWhk{o|T~@#wcSgX_ zz<@fyJ5RM+e5X2+ac9phkX^3uT;`*s7$WuZ!y6~eBk(Lf{vr!!jgCgvl)=G+vRw_S^d z=pvEEf030Uhs{qVbH#%HtUljV@PM41_7XNJD{X+<0^sBt5X5L}d+)Q5%DT{U-WsMR zKh4e#5tkevB8(|SqiIScpw~KKC@7KZgE!wv(@ZiglZfikLWt}%balJk6SZ(qh>?)u z|BqEAi*_s+!Q!~~&Y29&4FZOF#)Yrd7QaMJp96KSf@^>$!d)FtK(DlvM6btY99qZy zqhS6+5$!_Bp z*d1R~Z5wY)UQJlx0pqDx=hM<`F2N^ffm*=&p|9m-AW&<8I00w@?>6}+NO>|lB~E+6 zME9b)ZLr}CG_!I85IbF7{N=%V2`K#pGSh=9BHI58?**BGZSZbgus$f>0qo>5FM+me zSKPbBCFh@lPB2<-h?*0?_{O{Z_&9Byui2&&K@uPn>Ax%NTiUjOeJR>4Xl%?Kd#G&L zrMJEkcq}7_#ZTZa%_I;tuJs<2JAn3XgL9jF5Tu-CI>s&K^B2Bjm<4K9@&MzP zoWB&*f&TvlwkLqINq~UQz6`}Soq_UA1cZ|kS85ujo-H_z9Q9q`uuksNWV0>+RDgC| z6|e?59bHNU$$+!y=V?#=%FFqgan5xHs*aPlg7#H2K+*l$F#!E4(DXo%@cIUH`u0hC zggpdmiEK3j6~+OqO-d7A(Gzx=KnVrZrMABsGQ( zs3L*$2~gShz(b8Uo~OboeDWvwM{m(8ZudHmL7eBVWnik2&{WsKFBNQuCI|f;;*)r^ z9)87yDLKte`1j(2R?a0LzByT~$!O3LJesN%9&1>RU@GD1z0!zbf?t18M#S3lq=wyE z=YwzY)Tq~tmZ-#V?}1sIg$Q=nbrV2W1G4gu)uTsAAskjx74;&Vkn(TJ44rC`sFoCq zqg$6M5pEQFPW)-ye%}DPWf)HRZVIW%JaN@VA3MhN_r|Jc*LUJ`tyrg-t6B0zNGPaOmdri&G9pR zS-2}T8rage1mshgxFzD>puRK3xh>PpEM*d{!=_$O(C;l=c&%ebS^?kZlD8{wg=A!` z_a;)@0AEpo8XbNa=SQKU3b4$7g$s$8VK({MO;-Y!(4P;9^?d`9`4-F+Nde+8kfks{ zArY*6qcsl}!UW3mmy#$OJM7Eq%Td<^IaI+3DXJrcAu}gC9`1B($qHCY?!ViGZ>|I& zH9;iS{pgw9#xMy=yUFYJEruu7hmxLGBuBol;(FKuW(y}X-*Ze8^Wc9qX6D~feBggR zC%+#gNL2L`6_F!OK;6AM5H}r;@gH8Z0ZNa#0eEEs;)NFej|uUIvxD197kBxmD9||! zXJvG%Azth`2#FqdMKvA6S7dmz0UpbzVZ$HLPU9a9~Bys;hX^no@lu8L2POHZd)st(Le$Tsz0}UkUe62XMckO91G}AnsIPaet6o{_)5` z;Ee_qbtzovOOYNj5OpMfc%2_O=X+rr;ikEddwE$nl_R|OcIV5K87&eKji^P_r2Wqy zIT!EmbN?2}WyJXC#7rxyZ|?vi$e~7BOc3}r(g8vxLx#t$yK6v>$?xWD2+%h8V%w&A z>#Z9w*jN+gchN6_x-2WoTue0cmIrE=8j&vkT+rXY4p<`TK?2% zqK?`#bSB4(EgS)XMSi&k#ptUaZ$jOo7#rls%l0ZmJlUbC6)o0Dv5?dikm>|O2xZaa z|3d;ZuLVkvbO)CJ=MJW0^k4*AR{_Qk3M-Xu; z2$#*j-TdBOUV5T0L@aFw*Pp$x%s&-^aylyY41dJXxIh&F*wsB5ogK)f zp)%++Aa!6mW$&uW$H;QyNFl7V_#xsqA6M!(x0pR?WUnsB7T+zW`Bsk>p=S#m3WcON z?xXiX)+y9klXwOXCJ3EFBcx_-ujLidK(1&v{hZ6faztm5H!rBC6nBgogjHLX=%2Z9#yn7;=1k%e6{zl6b! zaFImczu9B6g+Q3rVuv`s2aj=NNB6gvPGj?}a-4 zfaHYF16ZQE3LopeUyki0Eyl2$gn=&89uXawlS8Hw=h>zB5D5*c_!jVDMqk9ilZY+T z9RGZ(ErM%dnC2kkX`79Q0xL}Lr;zk}#gx2AEk_6`YTk<5BU#uvH}{z4rWP7@b65Aefu)#6lq ziT!~fN<6LDUzp#UMgIeYU?2!P9aJ_ct1H7!9j`bl85z=GO4GCg%$R1|Y3Ehl`AhpW z17QBd0Nb4J{GT^Iblz^X7H%?u8h@y08hm~jopy{pYY6{*aP$Wltzw<03+&e0QLB_u z2=+=gpE3DWm0n8t`Ful*c*W>y%dGDAiu_J#~CRo4+>BuCh#p{ z?F=hF^P_>A0_&sx-g%Fx{lMs{ziGBmX@weUDoieN6}8=IL`23Wb;>GrrPlGE48A^h z`XdQ8lOt`klR$#<;JpBhD30|}W55oNrTGrfz6Et-;}vx_74Rr`*wXvDZveVQ`vXM2 zK1TYmalS0RfV%J01bJZ%avRP6-;)3PJ^B44A9$k>`K25L`HBX-04w}~ zC4InTz)PQ|8$b+*_}J$^4+IcD-Q>G=_%8qfIA1q{7yiKi-e3_U9{`U?ZVdeebnaYC~9g-l0d;4(=eD3m> zccMcA{FNsLfn!x&SWvB2*`P%rIi(jEY;>v!)q`g})g9Z?Fbpv1+uEMp1QHRlp|-yG z&nCL}|6UgwC{O=CLzqm?(75dlRzFg|kQWy3`hkvWA^3iTR5&a%IrwqNz99t2 z3S>p5RE^hf7<7XMNjQK9`8#9p+cQf(B%ve3W`r`PBc7~NRA#`w$c}wrD2?I(c5E$v zK(B&o2{)cnA}KTZ_xsF8)!w1J`ysHL!GO?&qJFH}H6bO(a9ViNVW$4_1et7G5$+5S zjiN9f4C%nb-B!b>50MX3WWuaPFQ9#+VyO<^P|}d(KvbG3!3nc{LQC^e1q5s)--!>` zBRLmi+<`7+TSzz!X-@E)M$dxgKn1;5#-HgoKY-Z`^-=zDUWYBZwpg7 zOafzFV=eB|U(S^$g!-1NJq_*)<$IP=EkHreK)2ddG^OZXJ7?7u2|iJGzq`>=Tzf_J zZOL6&vRjY4+^IV{3sU|BJjVz}Xfy$r^b#Se5p5J)0;8&y@`fcp2!uV=oBLufk_`0z z?F=ohDgFk&Rm}=xje=W|X%+w_FFB92*=sIUAqPLIMv5$(Y#W7U!4B)1d>s!D&BZJb z64^p|d&d9)VpDYO=DyA%O~d8V+a@{skKXqt!mfWAfdS;m?NRJd*mOOUE)q7u_ZI(j##Tx# z_cb>+EaPR@{xmx)8<~%$wr4Y2?Y2MAx?@55a4+ue`h76@yZ%)2U{bw3RFmqXfIU>+ zVd$1fPwG0JmPIJRC7a%CsHa<>C*q#p6%aF9n$s^=03K&23>arRw7TSCfc_7~Bwa&tf zf40P?)9a4ZY~Cm>+*HXj{gWjf;juK$;PoQ1yl# zm`S`ZdmK1F%sTvm6p)|G$p|gfw(Ha>W`mNwX1}DH!eV|21#GsW1ICUT-K!dzANR}J zW~@KEov{Nw<6vX9H-0Y29m&;aURVz4-5V;hLL|L2T;glS2w1Un^?awda(9ik)~CNG zI93L`#Z2lW>ptyD#5!Ek@A60(FVV$uhecSLrTa_t1KDfnl;cd?nP?)b$tArqKcTtH zNjE*$-42)QSwip#|7Yqt3zzZfSHO2G7MxyC>%PBWQQrZ#YCOa#chkldhyo4KraOm74=W?~6E_EUoq^KWm7xE2 z`L|tQ`)RcxG$3NlIq3qYZALDo=i45G46n-|ujAe)^rBTvlHGaakt=I}d)kVqU_?l2 z)S3^PLqVJc?@Js%iyp(!ofAPfZyC|6xt~kORS=nm5w4}4vb_X(>g9uo&6}6p^3h7Q zEDrIs!=He~g~+zT(6^|3x0+Sc_dxsCq2K0ktUf~S`LZsJU#5(#2T~nnEVb2K<*V-> znS0k`m)+TQtSNTgukQ}G0%vU0xwP=D>Wt1f2v8;x@ZyxXGVr5PmMBJbhEo_pyI`uA z4NPi-eo~Vgbi%yR1uca~F|sv}xZE+q8u!C4X>^-xdMZCP#|@P@`IDk|>(B?Jp(cO* z0ngIfJKGhJ4$cM}pFeQ|2swJC4|DMemZnoEW|i zV%xDxO#a0!Mxh9yyyo8~j&MDw1?D+0c$+Fr$&vC8l&(*{5kvofEbB=Bv|Goo%!WnWo6>o_I zn?OI1onWE$6Ers=Y$JdZiVPpE3zOk8GBLGmeYF8w+M@k7cnuBEx493P0=@4}wSMX* zY|)UrNIL6${pM4S?aL;G@1$~&{jDs*dOS)Il0P2J6%q)P%f-FD&Sbtu{zjQ~BFOgP zKJ}2OP;a$qVlvh_l$0+ZE5#iF{k_Z6ddt=OA5!jH@if3FW?`pm>IUXRLdW8Ud7*gZ z(_XPHw%P+pl8^P0JbU)+mT&7+n=5v*zyH;jWK3M5g6IrJ{|Nl4edT8`1^mbQ zSa%Q99*MsP(%k}$odLzq<*UM3oufsunBG>=ahs;oGZ#GKK0_X}4cCR+HfItN3`E3$ zv?oGQ^weFHt6<^*ll`k)r0-C}u$;0I=%4`&1ME;z@M^mryYu-_HGPifk3FcpfYDdD zv6*vG>dstU6OAX_RKi_3Snn)i-7dh>z~5h8GvGJsHFBJ^%}~iA)#MqN6Fiwu(W+OP z$at9pxmSXJjz>LYEEp*hVG=7g#%#mEcTf^EK@ff%0bcS`g`d{Bq3Q#?i=6~804M@} z4+gxQ_{8!=`_cGJ zHhR8l%;4v9L{dn+i5l8Ly}A&p&-O6 zK(c){qY9lelFx+SuY=2^eJTfubk>CYK}S|e)WXy1(Blr7zd9)DmRae_%C{&8`^4N4 zHaKCWJg>Yyr1cNFmkPEB{eyKgkZd{niks{OVLO8b3Uf`h)o)JTjwUvan z=0_Ojxb@A4OYP|&Fh4q_^duh1Y7kL>tmLl-7v7-iasBz6H}rsoJpdb==WS3IN*AD*TF%AJTcqjeMP_I|jdw<~ZtAL{x5 z%r4HS+D`}8VW4i_hZTM=6Jy_W05+`dCXjev;h+u4!h5omGkO5CalaMHoKrm6-)aF#hFk7GDqFJ&SNW;_GxLZ_6CkU64{_&p!El~Oa%GEPP-&A zpZ$bMbAWh%nvKaH5tIijY~-eAG=GaoqJw@!hyH*win(c8C6ikfxo;`qA_wO(PR2Z9 zzNPy3j`wd3GJP90{rmY`kq?P;?*n$XlkcP})8A3RLzl|7+%KaNpO{}(WkSk6H%9>_ z(c^G?AWu##^*31;-iFr*bq{iqvrxl)0NbTYJMN_kF2X0xZE^qXe*dhEqcjIA1TO~= z6QKw0>xP}AHKy@EyGJVO@sT~^4(eUTNGVjT+Hii>&$RP_M5*}6xR3^x$y73>e@4Cy zyp!nO-!~sNw_Ob9>gr1!vLNjppp-vWnl|4O18@c@5OP`G?{|n9AqgIojc?ZAadV_n zDpm*@mlMB1PamW*+^JKn1cTM1ivHZ1v(`+R-Tx$(56C%duO9>AZ|HW(8;U0kFvFE3Rm`Dj_gYYE zVHzLaFU?74ctiLNF!><*#E-DOlD%&Z_6F{F1^|K+aQ+&rn?qXca)qThfH-L2ywh+A zxSKp))&Z*6_YH9X(RlSbK@$4G_0G5qXOVa-@5i?55PZXp~94Cz(rpQ z;es$>q`xx;2d+1nkOVn(A{-1eso+W&`!vHyuLn@j1V@=j*x7BYPxKJOXg+8 zQMJNLF=y;yltx1!Z6M&5tnMz3bGJrshQF>*q$ovx9q#=!HgN6KZ$B%pHx&N-35|&P zBLg10#1a&)HJsHa1?d7`@05qA*(epk{n^wF3=^6F#`{y7CszF48i2X-T24Am?u42o z9q#s9XHtbM2sS3jISLq*Q0rq6c8Ldk);LV-NP{xPXc2}~B^e(>m5G9Zpu`_J9gqFs zAFav>=8LHECCexj-zb(*pb7Pn95eh}@86c;!LhHv81B%h8>0}J!xPWe%oAYzl(QdiOxGfE9IWa&S^8pvLDma|}U z>?Sa{wu`=TNu56{v+6L9_yhL}?wuj)ZI4P~#Qq)1l6Mtr=iBeu(D{H)2=c)1C{(1) z(K&%l`FD`ac)@K#V|w(mb@D!e{+}PpA1i^#H>kZ~FB;DpO>Zkp8pWQjPshq8jkV!3j@9ijBiD~ibNm(9r9xE}PO|w72I8jL!&>9( zdi;2V`;98~mF~K{S=tdx}kz?Uk4xA}0EQsqiye8b%oS?Ns7@6$@0X zDIAHR6c`+el)b8vOp3~NO>ao)r2oW#$%KWB{P9X6x%$c?{BM;~%bi#t1DM&esK+G6 zH0@fg=}XR*YNI#Dnw|4egdZ3&P*UC{jcRr>?cEfvkfJl`RE@IJQ;_iWg&DV?R$H?6 z?g_c`b^I~x7U7kXlQbrPWu1PeJy8Es{r>zXHy53sVi<$vbpn^hUzn2PiV(F`yYlab zl+*{=BJ`{Usilx$p(?8v1hFdj3s;$WJrIs$$2F7S)C^Ya6wvagl+f}?#Hp@wlzJPj zB{r!EMB4$@Ar~cUiSo;`YMj=a%LD0YPix0%tYWo=esYA*f=2Hhac2*UYlKdz0`L zfERq!6|}=tWX-sYP%P1AIbxKO_cStSe~M{nrm47J99OUKq++3sb-XRVA?354sji{h zX3H8>Y5DpvD+sjB%jcY(>1XOAj29m(B(XLHT!I~bkS==0lHsBm{Pv5UN~aFk%61^y z2>TA)9Cpc=Ha)*imd*TUAS`FlaYkL>Rp<&h3?6){erIkk3Y#I0GrA=*myDU-(bI416v;4R1OqgVHHtF5L<94y?Brtv zR3;0$)G@ez#u7XOw1rT|zcgSqwGJ%;HVb42z`Rf@To#EfWCwQksHmkf@6DO}>ti`v zg~{Mcy?JJ0M>mjNUTLH#(|Qv+&P>c?*nv61V}Z`;AK-9!u}>u^Tx z?1^JGp#7`UfwkL3eP+!FFw5GnE0>?~Ylr}KL7>i;nE&J{CQ?n)X?@GnXMLe}^w+x5 zz)D<5J!K#380@+~6|)BgV(EOB9d7MLm=Wi@`_SoXY^y!zD--hvZx>?d@0nMbU41^U zv?(LO0jhsgWKmz`3)yGA+v968^SM>oRKjK^xB>a~;0uBMvBbB_6^cR5%_3Nai5t~i zo15SYx%vP(O6sZm$~TuV_~Im8uBxJg1s5tMrW_GHj!>LrGep<|*zBm4*uBkC zmRM6F)eE3?X4F@M5_f?dZ zAkO!myu!YP*k1c)eQ@92*|ZPgL1vHA*)IksM}m9Nm69`0KU3v8i&lMOq}{K;*DGYs zt~@UL$Lew-g4j#B=T#LOj)B=gPZKXHOAdA^o6|(oyR};M65ii4a%1=WSwFJc@y?Lv ze#XF9x^*ENM$}1?Z0)urr-1ExJMIsXAec>$`$Z~v)cdmTK0@1DjP@yI4&|R(Qpy~d4^oh1|rP|uY~(T`$HvW4^<6u9AFVz*cKURjeakNHhC{Sh zb|fKUr{!TTg5B^S2sS#5k!5o%QQGx_3IU6K{PA(6g8;qV3tdj!$0qqiPDPc&y}yl9 zYUP~8u(zXg)lQjt347JPl&A|#Lrd)XtRTAJHz_HWr@LwV3q#I|plIfh1xoDV3vGmlkFznu_%=p>p3=Eq3#xu>ERR=l_y7YMo5V zFVu0HOZhR|Y;Dr<4qy5e9di2|E?R_`6xctReObGVl)l}mL!rTQ74>XeHGa#n9_i>>wbfu-EhKngG1l5m6b^<0CVY6hZe30E zpG1F^i6gBfaB<}$oEgJ)<)wkYo4zvwik}^y3;1iZEsgovB9wL4;$cH#u(**x#Ki>F z-2_=JqC;@n#ZSXL|kkz040+#%Sg$_EqsO_Dd$-ZnHFOyec^^c8aQiTc^_^g|Q}<%d5T z?)Ja{SAZj19N~O^qMHmIf8ek;i91Ookf~Nq{j}EgEU>LT1lp;9)QnEo10!(DSyb3z z_si$jWlyDJ%)k5JTwdm@*KqD&9D*c5T!sao%5@N{#|>0?d!<)L#lkU{J>uoe+wP^EjtqYkL^{B+L?#@&SIcOYkYu zfBaHGL3M{R{HjH&bb)G6tRg(p+Sw+ATaaie#-YFb8I&}&;YXP(#IZ${ykhI<6NZk* z`&b`S%U7F`h2&``i9#@Ak}Fm~!-LpL!j3gP48)HLV*jD?fqH=K))CuMDk>v{ur*rSJs$ z4ec9z93-v?6G9+7pC!!h0P0|cRVFFau?OMnPR_Sy9Vh^D!QREN$}OM!)f_ruCf<~GV+c2ZJ(@k6ObmLuI?TR=C0`Gu3!-mEJcXSfEIbR zkR_>xfe^oR=&+pDm6Oah!yFijZScO>cQ;f-JaeX9(M19dkq2AqOy)Hyax)F(GH5ie1wUPs+c7OT*VCxDK3PCaFty&PaM0;c{~n8F+zt*Ix4AvXoO9fD(RL z5toSmsv~drm<)`K8x2TdGg1cA{eQ_+Q6j+sB`}AcUD59cM*v>vbW&wrfg8%jp#QudPO~0MTRau>I!j>H_2bM2u$hkIfIi3OijKj9+~SYksDzS zsLGhxZYzd^dZVROP9Fr*`gU=ylTQYpZ;dJ{o7N3sq)|ZRG z@^(APAeveFLL|K}7T10GXM6gHa(>gBJI!3#!84%yhp57^;IviRi1`5x&S?i z0N-YckD7Z6Fa%!u%bGu|-oNGj!<0F+vC%DrpGsj-?vt_(AuiId^%5NV#US`s0;&}& zL<*lCnfkdeSr|*+E}W9Q5VS?{C$mb5@*#StJ_eO1sr;vUJLCS&&oEro3M$ft1r%gQX|1Hk>jGHtPI z)N)6`0KS!97yV%`um(dP^dHr0pBLxV^L(9NE|u&HAvj$5VH2W_1y+X1QL1@i={5G# z$5TWn07aCoHH*|iXzLnBJ>8sWLGBvbBRsT*>P)c2CS{ee8uE$Y_v1wmyUGI^?Fl+_e~qp^CobSs#a54X-#e|*s6DPsy-2=aBZ9QYp^Cj z3JzbXcu{$-2#KE^j5A`edG_9w!yJKln3}Jj)1K>~D_eB{!U#A{;YixX2 zKo15_FYMLueX^6Y#JiIELB26c;u`07=Wex!hXn+6Jtr7RJeb6OQ#To2^KH}z_SOtJ zXM&h12WUX4>DRYuY;-w+XMW~z?$H$% zF9Bvd3v}zTqLbSUZCO)Pn7Jk+utW&2gZIo(AyXM!%xnQ{Bn+1o3y@@!+fDp`l1&%` z{DLEDsRn(I_SsT)!6WT|_XK5HbUj{`PuFcK4S7=JaR)#OYl-{6BC7kek_>7IrTC7X zUm5)9v!`RdH{vszRm>r6=3rO4s4H`*WF7ZG!XE)u+i~HD#j>)(vD1WC3CBbIgga3^ zpCC=;aDDk{xO1q0RR-F}{}&oBS^DK>Bw^GspU&wH0X@|qMNxkBpp!t>4jmCjx+9n5 z`u;S917As~ppQk^n&@Q-`0@jSet=p}&??mALo z?67-KSCXxmR$JabhzbjafN1vD!%zl=hF4R5LsRQ^6Pq#LdFZm7T$30fN-B|2X0(15 zwxhwYO&%8r%lXKTSzOwh{@;3)PB66v1_f3_LVg5@c<@UMJ47)r}RCe!MoPJ$tVrXB;LfNv(XZf4+|>MsndA=!e_+<>K?gnbC753mI?wt zA7+o=JRdHRKJO>*EM0Trx1D?5lCUF`5EVoegJ)SR=K+qpkWIS{i#u@QfhI@K;61xC zyG2{a{V`dmiDhS**CwYS(}!xc!G{_PA-zw1y?va)&1>-vFp!AHA5SsUG(q6n7~5>E zdx?cL@b=3y4@#rIQJ<_a@QCAo1s)t-Ut`REyBi~HzN2`NCWmSZ0l^COX2$jt?;i%IqaUkxTZQSxm*<#c( z>-_ZnN7%GIDAPA45n707#G6;e={F<>M$8IgR+lnWB3IArUAcC-v)j_Bex~)7*ng(k z+;7PG(bvglvRQD&uVPe?K*ylvZ10=z%Gxu*9hfg&u5eWUYE7b_``+%iX%>7x zKEO}wl>3zK%z zf?@fB9{4!Cnq~2j&cu+0or~`)Os{>uaK~}?lXlNhZdx1%}>EryD!3oXy)G?%vS$Df3H6ZKfUjijR*d9{<2>`(k#X)V5; z0WGlyxI&uk-8X_cN^w5OGg3cv?f%3Dr64FXhKvu42^z1-RMwEB1!?LC zpR;wB_tL5E4HzNSnM#O{EYB7lCYwPJ3*0gW{uAV?Phl)FMnRU*;3h|VGjw4xJd?Mq;F}Ur{&G z(hL*NAgX50<{!D)hg~nk&LDIxPIE)@rNjZ7jv?%nSp8jZVu?K-(q4Y4?z^SsLA$w>Suqoz&9SJF;kl(RmM=@OH9WBNiG_FcRKQ8kXa6ToDAFS2F z`7`vy+KyNvrhmQ%`KDeE>&~v^YJZ(|s(70y*V3j+RPuc)AT3ROkcu^Go(!BQ68eZO zJP`}(TgP1uLJb=)9>G!fYI!8)Oq6$45X;D`bwYr>+#&W8*7Xy3dqehbq-ZBgb!82u zp6}YKjAmmQ6pX&wdM7pPBK&zp3#kRWh#xiI4e5pbB)E)5+pu#~*S9SaTA*a&9?Y@Q z`c;V7FB|Exu{Fq0;%Y=DdNTzTwb1-yKXD3QrT#BUQChASG|OB$ZCGC@G<|PxLxELh zXdyc%wyjwS*9ryou*7?R8Pq{a%;{|D_=Hi9A{)>Tp~S( z$w?`WK?>0a%>jHvhq*0YrMl&)z9%|c7Ls)XUB^#ni|i|$@*Ic{dP$y8pmxA>NzLA; zjP+3U1pZ8mGE!O1-r7qI>q!NA8|BDVH_YAF@^i$7`bnDEKV6rIb-b17Hk;N*tOvaY zQj@$2sWP@h)eCeRA^eZ$epU&`n+5VEwq!(IF*#+EhXwLd7Dz64ImGKmXtsG5uFByD z{euO_bnVX~nOgAMP)_mti`BN|o!>A1t6l#rrzcC|sM;S!0I^0byg)7 zATgkt(^%*U@~HnNG0@c{7Jz#bFd2i#_g2qTXMf(Gzq$sSN)^DAGz# z7EQfe!&v*H=&YemSkv>j8s>6z{2-k?-$0pPGL@AIJS`o?Wb#Rew^Sy*@`Mu4w*>i$ z5yG$KcxAUq!-3kVch+_F(oT|Q*e=1oNy56Sg7H}RtmZ=Y;mPu6qY%1sF*_5gRGtyt zS&j0}+_Q64UeF{^H|a_hF_X$d9 zWg@^b|2%Z4!@ry~|IaGL&Eo>D=T$4##MnWn@nE_aXkS+poCB4a?2M`^-7>_ecn-<~ zv3j+37uCNWPHY&)(t4p{-ay1j4<{4}DX99X*MVon(w>6ZrGNjAsdo&oBy6*`W81cE zc5J6(+qOE~v2D9!+qP}n=ooLFnfYeE-}_hXI;!fr*E-j_NIgJ}+>#3!zZ2GL^PC=! zw5TDJW4hO#|2AUoi!>S5q$WRsIwDWF1uE?y>89!vR0?7o^5eYnkl zdg`sSA_(izJb&4$9jLc7@qujxeA+txU`I0%3_8t@CQ_$?~mOKQn8$9!yi; zju)ryiPCT?wwo}DY>3uD2e6aSFlTW^+Nj{_VQkVTjb}q0u$y^aB1@)mF{fpowLa-Y zaWouZPsS^H;u{_(DWa>;hLTs#UKiaR7AcxV19%1kchSAQ5$2dAbBhy#&!uOc&+NQD68^*mE%s0>)duTekt_#s`yV~77?{M zFk76JY_kCMd2!~AcH2=<)v5Gb+=>r}$4W+q3<~G}Y)gOM- zl&I{r?>24sXNdVnsB7ng(jO6O>&fu0EWdGkXC?Csy22KtKMPHV26``2K{zb{R7XX# zy$!WA1*O;Ut-5Cr?x>{e%(F1OHSgGG8JU6kkM)5Z)IQw zj_n?dx+dgVA+1ZUmZDwn064fI!4z&_I`Ri&WmN0~8eft+*7KkmJ;4!r zNoRjT?s`M+JzNHlPt^vgOw8GmuNmsqu17(fV@BmU$Qbtnfx7dB|NJrU_5-uqewkb?l7zNJ!}SmbJGJgV zLRRl{i9icvNPqw~B8a&M?p4H1+Wdn}0mvJO7YpxA-V*~KvATuG7u1UVoFUxj^L)qS z2hgYcvefGchx|BQpw?xPO+c?aFQMy@WBQ_$+||!>iS4VMQ0; zE~LR5X`>@{l8V62Nx6ZTa7<`#xPcf-#LVonbrI3o9GypvMtAk1&&MS6jsIZ0Mq8wP zOb1tWLCQ$OxO%62A-&G@#RK||*J>u}p*nN$`ETgi4W&Fzf>w|&TsW_Q#oj|ALGer3 z-Mqh20b4=G==!8i8@F*i`i|fY;e+ZT`OQ;8wnu=Ea~Kme8yNx}>#&{mg>l^W-ymq= z)PuCg$=^VQkOHj}mu|`TW3+J-I*b{!EL1I3iVXOz!fm(_PIqPIKc@PkGPZ|FBKEFG zF_|)WogDv<<5RU`7TIy8;8c7HSnv(djl(g7Efaa**R^75Ut(-Z(}*NS=X;=gf=CO` z`P-5Q##d1qpjF22FS9%Q3VioLHRa#YC6y5XPv6|o6*);fQkwxJ$L{GxOpow<;)VJ@W>7uY z?2j2VC`K&9fqc-vuR~t-)V+NpC!;Q`oouLj?nSY2xnG#{GsoS#W682u|B7$Abu@h2 z0W((_zxXz(tE{9t;yQ#Tb3n%f`y<%GI{uAcnMSAc7cGLkH`>ge;+p z9r#GpXPQST1W%?EIQiq6;qBAozG^L(>AP;_$lL2efW;UI4I`mrwV203dg$ArSDEKt zA`LQcArwWVum}q#kMwbnI*9ga%*g7?1S&Jyqd^(7%K5hN0?e+7#;KE)dVf`=Ts|@h->+E9>A%r4M-h`8&Z{eD`KoCP?fj6%FyaSD9ugbhX_G-~j z=$lW~q7jpVc{*$Mo^n1>KSeGgV=9(J1{!89O~@6jjSe~fL+sLFrf#oKh|NS6fpfL9 z-1AGMVaZS~M(Z%~LhBg(hj0r7e#Xgo6}z;tal;-IKb>r}*pfAg%r|FfYDk4c=Cj(G zL?``IR%NbjN>^1ii9R5I_GbuX47*PVVI=uN@#&)La-{)(pE6PhB|mX_M#u8vQjmr9 zr$m7`ryb!Vlxd7FZgpN^OA4#czo_mbhn8-JvT2bbCR!u0aRizsQTsW($@awaB>AoE zCGi;a6BYuJ1Fz%j0LtrkVtVwaUuZYy2&aqg%Aah6FZC7IFMSbv+^uEW!mXPN@tzgd zNA>o(o5zkC|L$JL<1g9%Q8>LbXFnOd&5(~gK6O^UnONEOGsST6=nT*MH;>A&Fo7 z60Na3m;l6*>atLHh_m!Cvce;{fY<;5z#M&6Q17G7W&au+DJ#IyYs<&M@j@VoC?@^r zN$@+w=MU&A1>UP3)ZERf>x&#GDyHt*$iYJ1l_-d3Q$A#&zU>tjo*N?KSn`jaLLn6l zJgl&~1lBlOgA6CjV^R2L)%wh1c@2pp5V^e=FAuelpSyo*F^WgA+K}{5zKs&UH_bZ9VMiKmvCm? z*Doqxat|buK5V38rxTXNB2SaWAzY+F4FKib9} zarGQq;K1o+Lcs0i`X!th=s0>s$a%`UMjo_1*&W(h65L!-$ngx)E~&}c>Vmynb%>Ul zzDu3iYI1}e^MVDu4@h2y!s&}A{Dna9u{(Vi5{NXs1W2Ix43ljI64 zR-CH=h*r%8kOU8FkEkYymb9m!1(7KEEi?|;9f}A6n2b)?Xa;{MCzhKfLA?y>4!vFm zKThG3@t7+1jkz)=h22YlU0j`QxGFRHvgA7X8I+I=aNNrt3(%p1JkY!nkSH(`xS%vB z(mrTTKa%yYd{uZ6i`N|dKirJ4uD|?j_XaW1tfFKumhXtJLyjPsylEa{FoBrm1$@VL zVS|aAu|=p_6+svV8M+MAI%m~9g!aILF~@gGUI&Xs;qxp77yx-t0yNh;XztUHC8(X7<$%=a0T}-^ zi$+t2*T~dL%-itkV88_WUj1PT93y5jDm7y2!$fc;0^`G82(0Ktn}LU?LmPeXQ4CP( z&_S0Svet5gMO)!)z3>DKeQIO%()&;0IEWs_ridH3D$21g`D6gf@#Fjx)WdXE|IdM= z4dqxmEtQ`pa{=CL;PA>ki%b?;hui@coFUcEr{k#VG($;s`zfhYH@*{m)m2bx%Qmk4 z!d>yqZ2omg-;35ZeOtL-8`}PoYCc2R>pA&RZ625EOjpip=5$7r@^`y!M6IWQij&IN zoaWKrQwL4e7y=sZb`tJ#veOV5#UqkdF3djog&hSHiDuo5ek1!xqA;ZsbU0w=zPRPi z92*Ik5Gt$!gV6$mu=@&qZjil;SD>pi=%QT6nVI$RXfj5`3J24Fy~^$9lJI;&N)1O3 zf?AMtWm&0~dfaQGf7IXtWUh(CSNHb+r2DXsMbJ)oJo~c65RfD0|M><5)pvr$Tt(gqt~fWzfUroyoFDYMhuWB} z+Y^w&=IdQK%?~b{--BwIHn5N)ag#dgksaCRQE*BUpZK_o8dP~PPOy^{RK~{YQ@cmi zNTl5#d7&Hr_a1a?dB)$nay_ATHL;<3TOd9|nD%_#)bah~zawE`SSYMBl>A}bmZtWO z>NSP_hN=v%%F@bfIx`_Q;%sh$P-gEzS~t3bAM(Q%omLANz&)RB7>C}+_T)~TcItgW z<)|!`5^P*DwK0gS z#-C-0bO;x%o&sC7_nFAd45EeNOhfZs>IFKan>W8rgOwypC1FyBGNGM(d_yQIx@yc~ zKO^25v8nP+eB&0K^gt`#8^b`0Oi2`ml*T>yKCTX0Xb@eAC;=#_Mm?QjUMsfkt!0y6 z3@a=NT=0(;(Y=Y%n&PT9^fn4DhSFei+a#R%xwPz`4Epgj7xsr>@+Z~?7=nfc`ABLr zB7AKzWF}LzTu$NmbZ+bIUlCD1T6p;=mPGoHU?YaHt5&3vK(pHC3+9r*woMoa3rmmc zjD-waXcUK0p*}*&UuBzMp5JW3lQ_XtSjp1JoHM}ZYg%{Kz~{>75gCsU!PICfxJ)I+--YF~JzL`e zUsb9i-;p6I-E+!uD9VYhS@_#*QW)L?TALivhZCXgS z{=LlGFo&!P*a$jh-|IW=L%fCnZp?E=gci=vL7ixko6o??3Sfa`pNuiXFbuQ#`q{My z@2Ms!eQk=3n@N-vns-DcR#?<7(v4u{w8+~vNZL3g4eRx>W_bw(Amp|0JS!JlvIngonNXFJ7&su zr{ChCx@%<95tQlv5#+J%+BxZzAJ<*BxJ;xrj{1p}!batcp>#pqO-h{|{c2t+7Lz|j zqwu73#&+N!C{ARj9}CIW6=q~KRIWTyc52x$ClVT=ig17T;qkyWp4PL99rfhrV0Z9R&bA6;UTUiPzS=BeXBmgs*&#ChIa zt-G#u4CR-j<_JTV!FaIN9fk&|iZyY(hcZk1-LUlFUJ}}7cMVYS(I2}HP}q2*#{!>? z!o|vd!o2Sjyc<2yQpe8{Mj=<(H+)9F_s8Eb65>`iUiA7w8440RH=myXliDNBuTD!H zwodC);2;sLv*#Cb^ogrO=y0}eJX1UDcy4Brn)B_-?FM}olWTf2R|+e=kJjhf zK0I(Ej<7M`s^sJ~9@}0+S#|HfvwDEe{hwZaXkUa$+yz#lhA|k}(=i48B7W}-<5z;* zO~L;gyp0u%#OCGa_xx}A!eIlclAu{O;Ou|+tJ)^Kcyex#g%E)6@3tGh;%cy;D)#Oaha^HJ|cFDkhHo2c& z1+?VtU3k$0~4pR=_NF1NA;m{}`qz zZaBU%&5(dZEqs5D5XFFE`~IB=e{xlKNUGYR-ue1I6nHAxI~2!K6h%}nppfnJ+wV!Z z;-9=l9@@g8sW3H;SJ^CD*R#`X5{UHtx;QIIaY}w%g0M6UH9a0R`D;kAV*uz#$6ap! zDB>h>J4(oZ#^en@+>ocQ4K$rm0$ZRb<{%5I<#_g(IYb1%HFUzP`4Jl}gf|d`BPjvx zYIUr{_;98X<447afg-;0pvgo1r~l^BCBkHYN?v;G`?|M*p~SxYzgQ1k5^h!4vt85V z3lSOkf-7Y9&SCpeU^GUa^$=>sl@UI01(UpPMXah-;&4Um>aboaXLtUfw!Co(^=79%>t33=fi~ev?dsNcPPZ##MpfJlA$_GoDXKa_UkoJxj*Sv* z#IUtDf8f{;2k21@nW4?V)?Zf$5*(NBVh5;MmHNidx9BRpJtaS?&SO%YX{)}O+1Q$JLnaS%;p41H6+JGgM=1Mxj8Ch=?hdgQ+l^EN&q-K2V9l9CSZh+E}5iw#o z3Ykqh<6?`!lCJz)Y##mR+;>{gMCWoxZo&x#PTvfvb&6uqr+%?&XG1K$c4!EDgbSk< zM2}WZ6-qN`qQnl0ex&NvjFvioK2(cPylS8M=#vh3`dgI8rvgxeUe|(Nms8o1K`)5@ zr~2Dxrb>oZC0cGtuWgt&?(a!O;>844v3~d$8T|^&jr%} z-_+$6j*$Zh!3j7^@uVAE|9d0QT_6$v<0@b!9u6P^Jk^rcucXbXDk-ej!h{XaF`lE~ z4Ntj>RBMwc)fV3Z!$T;bvtI}LaVfuklBto5C&A@#s$H{`b$t+@(d(Q8BTRro(S|*h zA{x_KM6RK;dlX9(`)_M|%+F?b#hmPORWctK%$w`vz5R>_Yjica$oNoIjbz%k++|XI zt8^b@R4xnT+U62(^7Cb7t_zUdql{m26-K)tl@v;4Ve+uZmlZ>s6GOcVK(f0X49%XxL*q>RXkIcd(k=-dBcf*F;DUcbzIc*1CEBK3sAdnRhc=?p{zihY?NxlHq$iMEX zC(dhFiS8b6?}C!wk;*oeLm^N)06wrC(7DYbxm&4<WeOU$nT1a_FMZEivck+9B-sS%n z5r=mQ2zJ-{zqzDr4r7+JW)4G$3AI}^j=;IE&N~*uHEtED3s@^;4yekm1vskfMHg() zlG0M4??1vIuo|iZDv3rd=6I7mL~{s(z>W9w*3z{5Omz0mO9JUSw4@eb6tZO&KM<0# z-PE1Qz>6bHAzUb91>Z+0uo=}6bn$1P@oj247|`p9{zjO*yE=LCmX=7JHS-Aa3pWtl zcC~Touq~|kX|W607JL4wjatdhzNwzwF(b3-^pOVYiwgxh=Cf&k&u2ggtbS&K!DBpn4nN5=tV0JtZEzMn+@BqKb3c&8I%cyt!)E>sX&ioI=gfgyYH8-IadWk>( z;Tn_wwZP#bp$Mia2^hiw;c46%MDo`an^*_tAB@~L-N$2O{V)Z2iS^3@AXX;tiOp$c zaGL@HH8k#n$?GO!_eYZOXBL{Xvq@xbbHuOz1!KV!JlJztSXM*!$c9MGmX_?&QJv{G z(GK4oJKlOD78pQ(z)Jlck& zj?Qw!4o1#;-ZS4qe&L|#PFp~qW<@sots6R!LN}Rj_lKIZ6oo-Mi?>2Vste#Vcd6MyapWHVM>N!Iz!17UaxUD#$|hqOOReEU-^gE zbKWnZ5D)Ul)Q-HTxnd!`kEHrQH za2SaBxZA4E=e#e+Q=N!QviGK@0w;q#N?xJkL6XK$r5Z@GJ`dXoxsd+u#Wa@gCS!GU zFzi%*nkblJB+WD5LKjGnKN#r{tTzgtv~cdE_s!lCQ*Xolw+`HYC-o8DS7Yq5bAF(ijMd4ea&86pKKgqi*2P$B1rUb(Xx*Ji{s#e2 zT~uo*PklAWw|vjYX(>kvom60)zCeF3od|)$)%-bpbKKYuw1cX_f!9IPgiz-yN(*>yxu69S9UbtLq~l2QUjHLF zHl%(-Linnd#Rj|wL+MeMI;-R1ekDq}xHa@{sLd-MpKBU{XCY96X&WMESR_lJ+7O&i z1)!b%Rrk>tD3?0|bBv!S)sbr?*k{v|yQ>>U?F-DXo8>afm35T{4rfTR*+s@HOiu$R zurNhnL!!)+Q}Bw)>H{vkMTPTm7jD+VfIkEdN`WKNNSqsFCp{ssgAkM?N1)X~m5)?l z1mBx_nH>{rF~d58Cfz=5e7yNL5F%>6&a*kI)EY1XKXyan&?}hVgp*f`x3)9yO8$01 z^mcN~>#^POh`_*CwEU+V{s1#;0Qrf%&~tnId|&L|H^YFiFJ7e<^A(FuLrKObu0+zx zw~6XEUtq6Ff4f>g50kwe9&EVwLPLN+xW6B%S zku^4c*V0;gLE$q7iC6l+BuPEu3~N;!o{kGD@GdHfw0kf+|IVGXLaDx~fOPgzzxrqF#~<FlVNz|7fm@dQORhBg_F}Ch?#QA=P%t#Z;!m8={pPujk!q-nl z#jlM$z0wWs45GLy!6^wd=;9{HzXzEMgO<5Frp2mY;0CHY+8)Gyx)CJ_wp zIxtoKZb+y8C|bpktAI*aZWluWZ4k}%_bR&(x)&qp`l2ymjf|gA4V~0#%>;k02+DCC zd7S9Z4gQlBcERk#QLC7Ix+D1fZC9K-Y3Q%bLK)(??f5u}nD}y!1OP+p9*Dj@Ifhi`9jzQa4ABkzX|+}QC;FQ*KA(c z30d6vO^n1a?bixQ+4kpdg)$ttT^<#4C#4b@K52apo}xxdLFRvlwhu7 zV<<{qLnB|fGbGY%MNb5y^h_xQrR5lMt@l53I?W8gXQT2y2g&6WvNn{HDWn2Zf4ucJ zf8}l~$f$&*sVKc)`JEEYY3J<2Bhd8+;^Rf0a=0iE;i#Sa)>2OD#CiK={XrBpS^oT2t{11H=VU2C z)W}Ec)*TDX8x$1s#VU-Qq-Zf`6fOTTZIxjQU!&dDB=M*uVkBzF8IseHCRabg8^S{Y zvN85KnSJ=;K>cUIhYn>5xkt*=hh&9fiFmvf6vx{x2_}?;33;ARTEk#c*jOUkNUuNx z`oOn1bff45aI*Gk?*`Tg zMk)5uGjKk#JKJOLqRoKO&bpGbGq3;`E+#TrSwg9Hy%F4Yrl?7e_g=cm+Y!Tl!k3sR zfsZ=3%1@0!oH_{V69n&PP)&8VSM*Fl8QUe-)pEp#mhF0WFaS?8HZ zPr^*2SC-f7>%E^p?d%01KeG4?Hxc|Zx2Pv-TIjU+1#g&#DR&`;c9|i6;moDfF)9pm zBdb6dZBgYG|Dp9Ovb1?!?B42TQu-nrCcR_gSZN9)v~3ZG8{IhJqx|)0v8GC%|lIs8xzKUY0r-475%#rVFC=vDLecP2Dbwl5;w~ z!~N_PI4!DAJ8$G{C{=dal06)39vx>}y-#KSF#t9%P^V_x^v4&(b|0?=;uo?Du{P7!-!Fs^S{Dh&WQ-)fK6oQe`}7j?4QebxOW1UK zN&2D7b7{P18B;E^yY}bHbDcZ%JDvgKY1iAiIQ@Waj%vQu$K%&}zTm)KdIYk+X6`~R zC(0?FGoh<5lX%fyPdA8PMBg-SSmU`g%sUQc`hi7r*91N1$GLC%RF#tie}fc@gP6)F zG%A!Sq^$R@v$dR_gZ}$j$DunGfXi_<;qP(C1yi7+!dt`u2@+s#1NnnIDtwK6=)1ws9Ntxsn<^4|aeQ#dr zi8?pMvhi)*uv&F=bv+h_w3>bC-guEy(jNZcTd}0IPDiEMdCL5Dg28hkqD86)IB0*qqV66>IaE+42jg z7w?I+&{IrS%}?}xY&oJ1gp3+9F09iesyU|S9?;1at77r`;SltgUS&$i8H-#o0+=af zbb;_kxJoK!R&^L!!zNx;DVQ4RVh7UoFHenDbcEd>&jK5tJK`p&icRVqccC@kEKgTM zseb87-^B|Tr|EBuA^8<=j1@1Q>%jhuK%leaK!3R)^zZcj^@iLNw3vD=iqtiKL$RP6 zCYU*@VhQ@|IAudg-O(r$LL8!pN#UUGLEV=Rl3j(-0o#;eIh|mC|7im4Wwn~tmhyiJ zMU|Ibd4&Z?_@Mxi$$%n?Gl5y42lqx96+$^67p;#FnqCr*ohFR4?n>S?jiFaR!Oh-@ zHBJE#UfHVzK%?vwI9)z#O|c~Syi?EDcQ4StSQ!LG%o%e!*qSU^sxAjf<_+k;EmD+^ zA;hHp!B_@UbIq%M60v+WQaYAmgi_P{A+N9+c_xGHnWs*7 zVoz^8v=ZITQ45{mBu;%?(mtjV(ep3>V;i8Cb`;bgj0@7T`1md83o9eXG-dY5Mp6zN7ed5(ab@X|Acwcb4lkkabvj zT}51gXL7?H7EK#vQa&ln?%Ty>Rrr&rAB!hQ!a{M|ykIuGwM!yr86|f({XL1L+D=Ny zs+in zW89ohDuW`OIfJL_Q77B?qkux1<+qLtIxKHdqDTFz)ZpIm(TU=e){tf)bt3JwMgpfM zi!s}c+uLyKGOI=<9ZK+j!bhqt*k1YsA@ZSFODA>`9=cv|8Kur~4SYx^IH1Zbo*B>( zDEPg1Qu-ew#mj={9PQ#tq5zxWx|5op3>Kc2cN3<0q^#DSi%Gw)U*e=$R$P2rdKLmq z3XFH800J6Ce9jy2)z+h!Vv5$XM}M4^p(qH^SPk?sC3e%LiEAZFF zHy5?Z@nI!;++fb6tJnUxtw7yW*6+V{Vo?4!LOi@g3|iBjOmbh;N-+vRSzyo8Y90j6NbrUhOw(Y>Q6 zn#Ut0kfmrM63BOm#@0_Cnk$vqjmWMjaTqFc31Ldw=BVp_2pL>xD@pM&>3Phc68#F* z5@wW=xOK$ua+zh#u=656RCjV;wz>(F4a#kMDIJ$VPikj&Zl$SBL%j5& z=P*v?V+{VLX+76pW2(b#)XuS4wvpn7!&6fJz;$O)j&A#Q*~MzC#|Zzt#=ZHT7~{0p z{z4`(k(Xhr(CnC+iS{AGIOHfc!e79V*V3IJ4PlWOmr~_>o@0R<&HPQHDR4&HkecR< z*uwnlmvoChEfG;FW9eeYa$DObPw_A4aHn2&uMQKL@hxHVM0Nyw zZsZk{Sxy>CaIFhms<)KV@NoAP`_jk>MkGADO>j6f(sD3N@tVi+5+p=b8wDt1>jbR|Og>0)Oh%^xS$lS6wNT^|w~k={D{i#NQX9-%0dJ zhDlK2{~<1v7#lnJ7>~F!X5)^q_TkB@KL>?m4VXwASb3P^TQeBwmRyLGF|F4}Rz2nB z$0ps)&&`fmt|;%WrFb$lfnwLNOLOcrUj|w`_HM3f8Mn0HK7W+5LS{Die44OpYNRT` zM_91AtSKlHIU7V@hZBzhA*ezYj%Mz;pGY@5@Pao=lsWWzMcJ7Js<%V|@o$&I{#tOz}jub$Z*n8t#xqnrMO#gC! zyFz}`pryvoW`#;~!R7w&b)BcPf*`WCJf6TZ?o3u~%fvJBD`2Or^&rc7BeG4fU}rKp zpZk6aYN-N}%%4?!1`KV|-pT>n!GU@xca!ylAjI|rDJp61+D!HdL?Oo^W#kD{8sW4; zYu$i)m~k2^S_S!s{#)e4;}A<#L_Au#z=!^0O1ZzJg&)$uHW?O_-G#Fi!ZqHEE#O^0 zWtk;oM)RCu=>UHrkOj+XA|y)Keh{m)>Gom&-^8X!lAOAD!cyH+CGZ(J_pn7>rK-bq;aHsDt2>EsRv#2jir87@7Ac9ffU zg$4J~gw|T_JbhTa6D|e#x2}eYbxk3n27IsK^8PHD@9x{+{CmYfhh}tZ&6^;Hn(481 z4Zo=r4pBA}gDbYaig!CI ztScX}BxhUuh-s7*czU1iP}z*XTkr0<4M<}`mgsLh83Sf~oKRzwR}XTXM9va#97=H+ zJF>AkF8^APr>Q5s{>3R`DTKvKt>rnn=eLrT%bnkoYg?+}H zZ*bLHO~qH5sz8+~bZ#h)Hc%1;|tj>I|yq_XZDGI)O_*}ik)|36pfV%}YMqmkG zO^!a%`}iopqkDo%+}E7hcW)W^0p*W-@r0OQ%+x(_>hr@@1X6UiM?emfj(Wi{^WW##iO5=l=D3dJF=T zg19riwUuAEUJcJaY^zUar;!v({PgC3py6F4*wgLHKvpas5yW)^JT6jJhfRqOoDx&( zozojX+C-jNi!T*XoRF!NvnYj&14&_7-qr!ENE_+4Twh$%Dprx^!KuYQI@7Z^5`Ck8?;Q!v|hkvxo|~&zpCoL|dqG$;PM)z`qjKiG>&?=~j3h z@odd@2rGx?q|!;|WwAk_EQjOscEO-Vp6_GO^lm{_$>I7;J|re}-MQ(DpPCbEXJ_4c z&aoaFF|MfLzcMJF8$Dll32l^U#B%Pp2c(~pJ&QTCxn=ZBlEHwD6Z2Ux1qI+v_tD%o z^W-yeLB9$YBMQ9e=v_*#NvdXYgas^SELOdBNw;c_qeEHDR81$RV~=L%n^n|>t?R^w zrfg~3@iXk58Mp`gmW!1MA+%6fLA1{lVKkWElK?7*XRa5Plf*0$?!^uEHsp zJ25FVN0uP=P+0xpEN@jLLy9m1i6^qW;oK%z18_7nMGaa-CNEe)n2>FCMIoVJ&wOE< z;M&`M+@Am=Jjm%=2_FkTc+*f8nzJ9u!G2-t(7Zl3v>5q zRgnI2LqA4v{s=lBHc&5{8eCp8Z$osCO}N`pgJG)18pswTA+gN~*WG?KVg{2Ic0EN3 zN4H52ogJ1fA<2(t;~R;!1$2@tocU9C2HJ{s5 zVfBv}>wxM(PN^MLEm#_XKfs@wyub#21HMld(*%rJuO1Q2KnvGE$@1(1 zGIiND*9gbw7#A-)%MC#R%>{K>AE*6HCde+mw|N_G*7nNo6sCO&ZtD=&M(N>eck`q9 z`$@2uKZz0csb^hdVAM`c02gbkx&nm9>b;&!!5%7RpqbI|5vG?qG8N!p9qIs+e|Jz5 z>`0GF#RV&TQHh&Ree-SGP!-SjU)mSPa=n|hmp*pLULWGeT_;2n-kwIr8!+DMGp@|1 zLeaBK!B>Y|K;L*mn+eh7iK(?ZlSbdJu#8!!$Q-JLOzI-LB9Z4O5jQRwZz6s}g+V=F zERu}RQ&|8q0M1s%!1#V`l}py$&H{1JN*$J6X#q^gJ|O?X%d{MA z@v2gkfz0j@^jGroepxTcaZ7uBSnIFUL6U!JCG)-i6n_ZJ;LkE7ysvd6PnK+=KL~b zNdfuOSMG>_B#>*g%OYa1;uQC_Zm5$&1T#cGgi}qo2a`qZ(A>96cW}pq%EP*Rja50j zRv*>!%@=?QrBhGFeH_zLtJcS%4hehJbfN7I^_s@fcwz4QC$t07cVMd`Y8P)NWCzcl ztCfTF!VQVXPYBM46Qy%ZD!(@K-bBNhvjx2S(}ahiQRv)IP|w51SjRb(!BIqshNvbU zBya;9V#xX9iH_Z9y`2AQShx=d=Uh@Z&Ea^KOhn(=24zjK;s?24o%HGE`hz)vYMQ3a z()uHRRO7Q%5pHzRZRl7!lsasinm8*_qQR(AVT#U4t6B{q^%J;t=D!nL**|9i@YKMYX;UpMzX z?6N5Z#OWp;)`t5b8u}ackbfeI30)mBhY;TGBb+mkajKmX><=XB7zqCh@(VP)G5La1 zdy-|Hl12#T1RnRt@-J5EUY#o^ZtZyp3?ak~f=a2wolTnoHE{_r`MWSRUYVQJ1~0pO z*HC8oF@bjQ2`FQK6OG*@1nZ`Te+%{I6Cn(n{cAjh16o%$pE}mcgl@PmST8FKc+@?> zaWw#%9$?e`ikfi7frN3a7GGnX;hhJjg-Db-0qfXFwdPj(`k^|UtB?X7H`1z5c)M(% znEVicJxn+CONns36mRgjw3qWVV0`_`wU7lpzAL-d#?a2&IiN8?QFf2<$w2IAP)Z_S z=MW7DbUi#W#ShHZ;S);;B+r+}%iZZk86&(3v4lCAUsq?BH&o(H!Al01%kZNK$U&2^ zMH4AYI<)$BWB(QxLM2?izg^bal$0O~xyTNp4TEh3PW>VggU8Pn0h}?b=Q!V>t585x z9nDl7OlG)oyt-Ah)@{pQwNJ_SqshN`-_pL67nH{K-wM1;vaVyM1GTX_89FxT!hl(8 zn_Q$PaldjmmvhuDjRF34yQ!EokVo0^RBjeg6xL2L1Xmj&Ku4I`yY=3R;kUN|(>QZ9 zjGC9~xR{V6IB@{emzJR9orM<#)SBKOPZx0F793$C8GQa3O=w@Zskznc8|{hV=o=(v z1O^8QbhF96C?yi=&Q_~VNd%)6gg!JC6~*5|L*N8}nGkeUL+oJm)ClwwNc-e~eTXzH zXc(nE+My@0cxf2AY8*O-cLOa$v1>2ON{iQO>ll&Am4>}?on1qy-ohp1xKNMjHCs~; zMB_*X(kofS_Vg-ZM^55TaDCxKUa355x?93VD}T*n*LA<|>LugExv(lhR4h`#R>41? z*OUkNgjw|V@|(2M>^EwE{rR!6nBMy{wVNQ=A6|osjT>LCo;8e2`o3kn zlgXYFeO!eKbuySmOdXKJ4?22z0b@#&q)D2TE~WI3tNm#UcpDhQ!>ZeZ^WY~vzbljG zC)!TK)h@5$8bArVdqo04veQYcGma^kHh$)_>AMdc-|`gw z09wVM&p!~`3Al!_tlsIMbslBKOecEf+j1^`GZSCj%~fk59&zG%Azn2Cu5=oZ!QXGj zr%TRh9`DJq57}ynt^X1agdHG6XdQ-;6X=HWE==>vJ7agcq{0>_j!#5h;Na@svOF?p1@bb){||mZfxkh81m`rgh4#Rv`vtUV zH1H}hQ;7hCVl?&igrxcNbMxuR!du7la|sZ+PH=UW&>MWFGp68`f>+xJuN16U@3G)4 zu;NH%a#65iA-Nz!doUT><~)&$S-~c<2hy%?Ie#50Vs^Q)s4EhfXu1nYEW7Q)p(J&`gL0T{wW> zEC}r+25R6sBPUv5BF$CejQ4abv?3Px4UJ`fkLf8Cq=d64W7o0F2oBId!^j+sH@<2LiS8~CS~DBSw5AnFmHkhf-*)hGSM;} zSf+Km`ZQh(Fg+5SH2AlFU3=r>IVCnYMZ_+X%|YP`DL=0;D}w?S-1Ut-Q9jIOdM712 z+v(O`bfWy<6Bs;#_ukO)7E+jZ-36I4)L3nvGZIxzMek>41VK24UIZKuK-0PfXme?x zegkqWmOiV}p_MyOKkUqaDqG3|tx)A6EYJ{dl!O1EU2|Yh0$eC)+Hv~wjiSX_#-5%+ z*Re8Ai6yd((ekx;FGic&W|nj!GLB3gh@6q*4X2yERI;%eAD^pyV(j(#^NGD^)TWSE zxx@e2ke5ni@e+{N3SvZpi3b}Jy{A{=UneAH_zvEi6Bkb* z7?(X0R^Yhi!9ofkv)2_sRseYwC*HFmN|6U2jhp=QkY zDJ4*2;NO5CfpH46fn{Shh1Y6_*VvPIPVTJ!ApXe6uokJrlqN|@58~w$nTI~XGz1DN zpioc-iGosS6!1)$gGxaGG6nhQw8}Js0+b4Jkt!%ctDpd}f&$bEa*%6=R(S|EOH>ib zf+92v^0*pEP%V%kTOeU@kT7{Gx0gjg7bL6UuqToD*?vkvFDL}QAQ$|CTmTGmMFuDU z!XOt6XQ?6s#UK|L135Sb(*ZIl2FaiVPzD8H8RP?IPzajAG~f)1z%$4N&|nIP26;dl z2%9b_0@R)#IX8|)P0bop7dK>_dwMc|+RP@W#7;Io3y5~8jNK8x2D1E2c}J_7}xHxfSM zO=NcOfSjaL3xwzyV>eI`eKR5Yd&Fws6Z%8p^xEU}O#D1hFkQiP1=AHwUja-vdP~9S zvdC_Q(-ltN0G#fc5%jFbIXy>=GH_k|)c?ocySBG&D~aRh?a`;ek+Ykm$D$-Vc3Pd2 z?z%~u`qx~%w$ncQq*)mzA&E6fumosZP5l4t{|AE$!K*0wl1s%GiA4f~0Wg>u3}yza zrifh|*S{9c{iURcwbuUGYwZ;TxmMZND*IYxU#sk&!ZGE$>uT&fYmFVPHTKU`W3Sbq zZB3I|w|!qT&l&oZ`tzRMr?v9js66M!3T3yCuNCOeUV&blz1KRl{wesBB^30GLv$bpYT6eZTt##+M?!4BW z*SfQOSMM@%ZRPpfwepPC%JXNcJlE>Yf21TO>Z;!_+30*gBG0~9-4y&}8uJ1*qUFrE zIL5Be=U?*Nyuz2aJ}*CfH9HyfKVst7o0#<`Ci}GB#N6Q~rc-FHdYM|;nigHQ@;Ti% zV_c&PX>N9m`r3To%umP12k3|-=hi)$>+5D#o7KW~GuekPIbq`<_u_W%lKHNDdD7y1 zjoTTeuk$so^EF;0U*nAPc$|CzPIx8cp z=UeNnj9+P1#br7A9m}Iw0y+~*pTSCUAG4X!EMa?uTTF{;t35d(f0|Fm8xrB!L zgu8tgbh3Vu288|V>A~AP-N2HmFI$@It1`2K%d!B;5xQ5=w@-Y=zHf=8jc>mjOa{5n zFEQijnZDmkl$m_@-S#8$HK_JqvIc*X_TAyu!ZlsKLus)J|7d-G;+LVq8`hiCw&dGq zenMQm_Ge!-NB-;#*)?~lD~7E1C`<28HZx#P{=eV4naugEd-Yqi^1h|z?!?HGPq#Ix zQ4pJlJ-`+F!!K;?^TPVJCSdV}^(D>s4)=!HkdMkkvECA{w}iKY=I6F0TyGlIn})mH zG~`~azH8WB8~(qfUBh~RaM$|-=*t(Tn2OfeU-YoTR!H;Xu+~OzP8;=z>xUSO%7YqW zE`{~2HPw1N?@m+wybdqEEfF4QCBs2;7+sSIZJ!gP2@iJ%+rvkXzTJ8>*xD|XI}mX9 z3r8h)B}b3&xgSkgYgwwxH^|fV2}r)cdNZTnfBu`9GGq9zgva8&%y97CdNcC{ZDy7` z0$G*2KPrAA-VgJ`(rkUntp5wyO0ADt)<-QXj{W+mWqs7LK5D5%@vpXlUGGlTyOU3T z)Uwj{#G0!0_T=;5p4{|C#5!tQZ$#E-I_onX>%;m?=hLgb>oc9UXnt~)xTC;|1uRyf z4WY~283}PFCbxFwYd)8&$-~JRj82#1X|@)-oP=?JxgTW;T{n;ls-~D6=D{yYRul*` z(^!_5Qoy}trPS?4DrMg*mBrTS;KesT@=IaHQjsGCF5pLQka}bS#EacHg~(@C$bZ}YBPEGYJmnwbgs?Q=57M|ohFzg2Pteegm$ZmvEBAIv1dVr{ zZ!EF*;NAcI)_woahf3x--`IfInIFGRf}?rlRaS+@(wQki>Ye77$NUY^k#1^!Ao7TvyrRdvI z+PGaUxAjOXB3(|^ z%Wke-?7L^M0aCTqNE%DMtu1ti155APwto!6?C%}x@1gx;dtiUDRHQBI@1ZA`%6pBs z(4H+qTiA*Xc-IDOw~`Hv_>o-?)qU*Q_-b5oL-r?y{YW?Et`eeJOU;NB{Ximj7UJX# z_0X0xeC)`??cEd%0o|8_pME%}zyJEDe0y$0^`p*J=Wpxh^Lhj`?%@ar^FK+_hq!k^ zj?O#`Zmf;LU@+Ky^a%bR3SU_Z-Z;MRqWgs@|YPPbvDoo5|IQ4=!kHkDYH%wo#VvErvVuuExHd9>ZLB1)=}oT zLCQEuUgJ>ka1g;G^i;k?>aCUcW`w$L8S&7BCdl(y9N;7wEtgM6x7w=P6};PoZDx^!`L@E9hr6jOfA-0^}wHbAoUM$fp7JLjWAh z5l7Nsg@k664Zta-0l|^oVJ%R_#%;{fQ$5FHe_}>QjYqdQAOf&eg^fB0HI5PU|CGX8 zPrWq?6}>vr#S7DC&)2}&df|6FoegA39hpu(H(%3$p5nmC6s!6PGewFMvp-P^5lR_B zI6~yoXJRDmwn1BiZEEe97lzf^0Od(6!&R)OBaS(F1(vRQ$gF8@wi_)W~=i4{DJWSyZ$dBl=dbq20X_q7R3UU|yB4Nzuz_J;r1S}@5KkJ&rB+6*)|IkA$#eRO{)7wqvzmyh6e+ETAm5GE7EehYHIK!u3Yld@VQw7@o|dxN z3(Uy{p4YLFIAyb`EK*~BYBx_ihRj54&D{-ua8|lg+s9|6g z6L6FKtL2HW~3IV#8%}yVOV*lvC;~-o?@I^5uZ{sR!Sd3 zIP%a-iaqoL4shfOqOr%tkERJ>^_Go&`MtEhg(AlY!f}jJCQwra(Sw(GP7?IkZj>Zo z4lJ^*;-YS23~T7uBDWnhZ-VNRthV9ai9iLVSo1ZA-5e^CB6wPUxHzR7xlk~;2 zCT6B;!K)HOGvlm**PpxO?f=rjrpISEqRg4&n>hq%w*L=ycLqiK|IW_#qqY72E*@#H z5!5UveFWsA7OWzu&IbCCCg>OnpnXY_Y!mGT0lh#!`O_H@WE)8*19y%l2@Qdcd#|WR z0>Lr3kj^2VYhp$Gg5Wc;wgqcrG$fkV*(N$oIWRAYQV-6Kdy|AloJ3w{LyG#T;9J2Q zVJ0{x@*|WGF9n}gBs~MsX+SZ20SHbis>fCK~EF}a6;mUo(41$iY_385*$qlbI==k20TIu zzSu-N;U*f+P!B!R>?6S!64@hgsL1^PMrbGObTaWH`XsF~Y923ng7=cCnpUKRn!}lQ z>V$sOI}NCN*3&KvBeXTEEQv2$mNeGf5!$-QaFD`Gq0vKvCyfw2{hheHC+d@)6xkXi zaTCHv##>+mJ&#x_s7B0+{0cx&h`Bq1VF#84u#VvSYaC|&YRtUK4zd)Rvj~3A3;k#> z_AN%re2=&|c}gRW{fH!mE+`6BrBri%h^OY8Py1?Roe!Mhj-$O!u{A3_ln2m5yD2lH;~Zl?d(szrPv81vDI#eSJehGGkNW-L)?;Vj44fhOmsrK=>F+RL zj->P6#1F_5+c(;tArJ>0Js(FLCtRox+z*K)WEA+J&jrN;2|Ai#sJ_Wn3!h-o=rf2- zbTRYY8JgiZCJ|@}vWWn5lE5g+X$Rq?7YlOb*&r5clyMw!iHRSf!ylh+Z*PBxq|YRx ziTt7|*T7GRkgMk)d6j<@l-xutb!P}O)Ej!D`qu2xPUxUtaNv6e3`!%PGlUa@Lbi$6 zCJHyvY!i8#=wcJi9c!4yIun4O^tSbyA<=m@`I3|l-aH$>-h1`j&@A-#$ApF>%lQf- zQx3_*ey83ZU_Kj(QN@BRoG7FJm?oSR+f&oh6GUQwxth)oXu=^DWUy7JH%(%^RVEoHrg@y_HO=slFJsjA5jw@^!acfK<=5 z%IHX>;d3XGuTZs0(26%=cx9l?D}0%gOIvc7fDa$dBe&`!Fx%&4;(GDs#nU`tjZk+u z7<82aDLwVr2&qE)3WSWzq(~L}Kxaqp1VM(W8s&Znf~P4Tp>4U-*+8%Gr5~mtiqi0u zB!YJc2tHwA|Ktkk>4{lZOEH+E)47t95%q{%P@y#@e1yKO1uZ=rO+QeGJ(7nWlLTR{ z8I)ijLH!ZhDh$vP$dz%DYXQ6Drha}N39a6$dt|s^5kq@2l@bTQg`k-c=;a6v43y&;LF6*_ zlX)gAgz8rUa4rOj&&BEumnO5JBr}^Rj+CI)XEM)x=F)SL%sWPpsiq7Wv{Cq`NmURH zc8g!lj0vtOwL6Vu(d+>hjI0M>hkLDfI)Ls87)4g97&cr2@xsqka$EUhGnxjT)B&Zn zLydse+liMeZ<^T96IwpawAEFZ{<-GZM-4jUr{2b`{N(rl?hGfK^`{A*;0X7hil5gv z11#A84|X4K7xw?VySqE<{r_D&IQCUA%?OIHtK6?b0We!zAKv1UlM%bOnp8} zPg6z`7la#kTpAh*)&GZB=$QRDJq>)f?}yWVK&N!f6CAM^3xPg^S&V!HGr}^orJ`J?_xGW!%j!KBZfkq<_YFxIv=4! z8VFVRZR}xAM0vqY2xA8cJp~m)tb`X@8;Rv!3deqbMsUF8{yB!7$0s>!b-}Wc3DL+UEBM}FkZbR8Qa1hMZA0P*iGPkc=_O?9GoH-*03UR&IKy@XFT}1VoFB@PKa;s-xa%pjSuaND!xa>KW@sPbTzOnkSRHtYiBZIY)Ph5t z!ZyZL8)Pu8)07KMSMDg3tNnwQ6npwaOxJ$s2QS3^pCTT)!2o zuQ+(>q)UyYI)oEYO52!nO+kTq6!jqo~$hZaS!RgF263d{|g3DOs5mAry zq!q`fQNOd%5pSefh9+j^9MeFhDp|Enmqsp$dB)rTT3>KBp&5BSZkhm6&3?*h6K(8G zAcS>(vnWU)z-mR``x{s_18Cuh`#t?eAg2G$xQaYwH~VpysN?h+F9WvR0?zjNYVR(W zvejJWLfpu?Wk@<#2j%cpvZ`0qBbJmnB-r~k@i}=DxeACh;Aq=Gd3kRXY`7aJ=YBEj zbg&otk(4L!r+jgM8M~l~2W~Jln#Srk4Cz}LB!UA@k_dBxm^&k08jxfY5ohY4uISuZ z*J(5DQl>(qV!)D~;>DJjh1g}W_Dwr-kTO z*_hAtnNG^cB$azhobnms^o&Go6A|tT1b<9uC^ZG;kFtUGJkOWfQciw?AOy6*FfXL< zGctit5uDYK-#{j+;>=k^j{?h)tf!7JG*>r=5bzO>*)%6Fo){)AKTUjh);mp4PXi(a z3?wX9-!(=qoD9n^qV3E|tS2K&22kQLVkJ1*1VEFiSr3W{#tA+5#lF{%ru~gPppNxZ zOE~KlY+RM_vh5s0`O2;=-Gt1C$M z2B0qI`lZjF<$Vt8hEZv@2u8&t$+d@5tIEJsHqeRCTuuzt_s?pwY`_MSU@dFPI!tt}r$C)sWuTLr0V8zGteT2@O2K(C^>R&zx8;`i63p zMR3fs;hRQ;i)q{5-8D-rA(Apj$h^vysJ$p*Ko7};B%sr9ipV9%<3J7bD;(!~;egz( z>IH0OppvMgKS)ml5G+|OYlQUjfXpSt(}!WF^9n?m*nSyF2volbo|=AyPAQ)`8FdI0 zz>`&J@gp-g9E-o<)KG2(3^LB|OpMq^`5B?Zy0lkMMF(0)Y^bWuO@M`~N8Hd8Pr zRjW^(;Rkfe^mjV7OfU!;L077+zH|%&QjAi`W>d`i1UpL{%(?F>%-k7q&&Cs)j8m|2 zWrwT*oysC1^`u7wqk;541;FD-o2`sgDcZ;3OnK(uh(_~}rj_n`iYty2Dwr4orzZ1K za?w{pH+z#z9hm!<&-M<`Udm@A;=YS*_ZkIRDn~+{n9v}g7h)5k2!Te(nx%|R6hTP} znP5KvQvrAl`SLIq07$1e562FtVSs!=S#T~YwR+K6@m22xiaizYu)t_6wo2nP&V7*t zH5R?0Fm>2RQ~VakY&)VuTFyu+Au9 zbWLB4yYw{{&xU~36VR4}B5L$E@&k~K|B2o~NiFvTJR$}3j1$`t^h)?J{(KTAU zR_Z0j9Zfl=1^x45Pf^x6NlqyvbPPp6v%tC6>YPS-was`KppYV4HBdP zx0oQ$$ef`QF>oiKG@NL=Kpka@ekzX)wf%N!08UAYMkoF>6#9W2Arq$o1~g~_XjGE4 zN_*yk9t*ERr<8nchGib%d(S5GA-9mg% z2`DpwRg4oH5>66UpJ178UX_c10iE@WM^Do4H((9jnYaC`r183+AA3f5g4(d$r zIo}vT);U9F(KMOaCIYUHwVK2Fg6khS{F1NI#sdGJM~`*}`Sbs+!S?Pt{^w4fp@Uu!E+fzGfB1kL znfTE$wsCZIbzg{v1ZjaMl;9+dU}GdS9_b9n12iREi`ZT-vj_{QheU`V;=DF*udc)g zqeyqP1~5s305WqTN0jMNBzCwE?$G_If z+UaaLV8(utHwx?60ez@??qjKgSp%R>BprBvbtU#W`Tftc*GJM|V4tYMI4U!~9Gn)N zbm~S3?1mpchz*lQs}NF&uHYo|$C^{&O>=rn67=@)Vvhrw@NQ{l;4r$UF(r`v1HFFp?D_cM&EfHrdk<{7Y(T%P2JD&pL4h6Kwh+&z5BV@J9>Wj%l^}f32fc!vMlfZ2R*ZaHEMdX zib?k4tNRagi}hZH=BSRL^{f?~n{MNG(M8phU082AYN;?FG4?{FgM2bW(YeRZIgbEPNW6KY*;qe)gnf)*~0UXtj4e=&>ZO!MW z*3)k5X{rC)M$V<%SfKxJ?F@Dc`u}iiXYK!gC(nlu{cq5@AC4d|%ES+d;POvGF)Z$k zjLI}uG3X!n0R7RE_Ooi?X+}aq z$qC*J*WBBs5sVW*;uF;U57zq+)-6Dj?Jh%Sb${pR&ze{Wh>?yBVp3sp6{W~hU?yvr zU?|nC?T$U#@^9rvfj**y#DUOWy8rB=?zp@9dMd7W?F)=$C_p{(`H+Fvb#$69rt(ah zecgu-hPWOmBY35H_^=M1QV;XAQGl$kCn@c3DuGlGz^CTot3NH}zp^JJG$6}|11*sM z!>z|V1^K@Z)_*N1pN7KcoTa*e+dA7^i$j z6aP;*U~|sC1vl99VMp)IMwt)2jGd3;QT28?+Yl;$3!LzpqKbc-vPu+>N;^GWU`7(3 z!*P{eLI+fTE?!8L4z-gUe0(FW>vMF)JLH0g8pgrL2H zeVIQkcSeWab+aR*?)#2BF^Bh4!n>QO3q~FB2i(H;KI6{@3H0v09;Ix&l-=U%-jv

2}wVAXd=0WAADr*F*N;zaiQ3DCB#lwnETmG+wdFFZC zGv3vUB*8-cf2XMb?`*H{|GJxJMgHHQXkJ})3Q0v2FVH^dYn6XVm0xDQvz)l};N@1J z@=h&A)1Z7X4XTW#Q86w$lt%uvLTS_iO%_R`!ZWG^X%w{BBubW#44AP`B+Epk+}_su z{#`xG^8Zzm!7TFs+9~P(!<}{hr@MLD^8Y1RdTY-1Ww3wQt%Cg1QMCZX1QdPvfPSZb zgu0vEs**YWZ-+LakCsE$y)!c3ME7KL%;*V7kV_3N>!=_3UEPOwA3i`ebanM!*|rTd z5|D6H{`U(G1V9BkGlRoNbajQEm|vo(DNyO(P#6%~As8ywcc`I??u8r?Ek{*Vd2CUT zsTqD%2Q+2UF5gV2``Igm=1QSuMdn&bDvM#lIRRP9L2Jhd=ZH4Pe4TPG!X;b;EnmFb z?ujMA%Y!=k!;6Y1C1qMEh7zrT#*@1M?}wm+;zp_Y>;wxh{$MNamT9v6KDZ8I8JDnWr)yt#=HI zs#x-0;Cev#lefn|_P*8iRNvIp0h(7=g3PlQ;&*nYSsCVyW8V%)&+5zZL04CO9d#|f z+D+>B`F73QeB(oF74`KZvEE57L&3=SKDxU4h#2wEefIIUZub7S?&#hBZNC4e_!9lr z%}~jK`K|kLdf#jm)EIu>7@aR5nc(iLtA55qAf|dDwbx0;FKfHfQvc7!ttSSjx72=M zq5WrAjQ@DFyFFOz|9A1MX#Xj)wpK3x2;!%pOf=*>}Ok~VgyeX+w_3ZKM;FVwF)0Y36 zJYg#sfSURL*4EBW(f@aAFxXx5|GRirvH##WW_`n_vqYy~vlZx8PHbc1s_e8XXR@`m z)-NS+rt@CPjT`3f?4>nmOAOn>!C*R7b0;$dSa_9lI%f>tpP+~|mF(uSKO6g1V!s`s zC=G&~$UySy4&6632o|v+lqaGkM`Xd6l;%F4@;8ICm;}Bp*#QyKWFU-1lS|sk5=o=0t5J&z98X~k3$59SE?PjzQc~MQi*z9E2)*kvaHh*8 zIjXi+b>CY6s&3rM51n;|RrXj}D_b>LsBRLoRu`|tLnV!ELZqnPFc^k5oj;DgPD zfb1D7UJ@mr!g5;JlaJ_+lyXw^GN_@tN;m11$SzA=`!x_=HZIqoyxP2qeXD^_NOuN@ zg_PH}D@9hAXPH(+R}S3@GVz-g5`P8t!*5hJZdzBcPqOPowVhhBszu0f*s?v73b3}d zEGy)#nLE+S$6WQ6y7I6z+CFOsYxTpD+7a#66kPIHrQ$rlD!FZOav*2l;tGq#&$-sP zIcfpcSwNfJD6YH6>KIYKm?ynnM=um?vo)(ckiM}_WC^ybvx+x#rLug}2Dg>+iS9~W zS=gZN*mXzN2HJ9PbIz#OR;)@rybDQ;*89!n_M6$u+!f=6k(8#YLQ92f!0R)w73#$a z<Yrclj)1LN7jNWUg+t>7}f|59;wh*gHD<_08e4&#n*V5+3_|lTT)4Z}(px z9q+w-IX-y#_Qn3|qxQXYwZ?FZ9kr9s+dV8TwNl4rcI8|K;)X#udUbqoTZFmVX%Wr7dn7uqn1dA>g(pRlP7)m+chCum)m8)?HliwgRhMS6-P3q9f0And3sx(ueLZZLa4nXYS?L(*I9q z2VWujb8-I9;cn6Yd$_fZ|Gb-LMgQ+&8hVovQm~lUN_l8v%~=g)?m3_dw>6H6bk#j{ zPqhoiE32?Z2ZEP+1$RYq$w?$bT+WB5gk$ZwxG!r}yDert`I1}|E2cF!aMLjLy%A3+$<5}@+ zds?+$&hL0h?snPi;$5|clxGR`UQzy^BoANJcp6~F8qWxd1@_)BY^KEYjAu04%zXM#nZ?3v=0iJjFGt2e;_xbA;RDq&d z#wW6*x@^Hb@9w9JC6@&7@^{XgsbAMWP4 z0sdb+Z(BwH=zAi*dO2WSjnL*g1AT$QvNtDKw?Ne10kO&r5NkF1D}7q>e`(TOaR;!7 z|8H#%i~b*j$Lsu0ck)~-|F`tM`kKu%GX2q;82^zHlV>jrtEsuI`y)EteMBNRZ^tNz zP$+(&?*x~&om{L-8MrB3-$3T$SOF}-k+&DbGyFOY(W5~V7&{oZaOrrh$E$HLEj!4{ zbCksmu4T&|Kdt${^v1dk|G(|QR#E>SZtbk^|Gbmun*3izc7DYIpp@`Tu7f70x=f^_mnsU0EQP*>g2wtvulh#tV{c4a}GG+jzWQ>iT1bR}08k@d{a%2?k* z;SV3IOFxA~^Czgb11~A|e!u~aT#|HcBrDp18dcKROqvBuW0QYZ3Ad_Rl^kuVcLavH zLmW-@c}v~b>U4SwATGQF!DtQ(N3SU%pe#u)IY}ZM>>sGESTCBex9c@ro@GUwS4Wx0 z?SjgyLcTdpri5Ej;*v!^z>(Lmie6I>ydcFQ63SA|N{UpmhYzjT6#Y^lTvs8d8x`|` zw&tA+Ox0`M>o4~#r~j!t|Cdw)7wCV3o!#R7Ut7D|>;3X?UOjh0?|N-Cum7z_kG8h*>wmbrHC)Gk-O00oUdYKt zKan6ruy{J1Z_s|kI1U1N(fFxHYV%OtHL-*k1Pe*!kF7^eirMz4BJg&PQ~jbMv3n_4Rcco{|L7 z3F!80;nGN$z&{yaPCLb zrs4UBPClTn;4Uu+?~c$1)QvHpbw{WRmz&K94me~!7aO~-+_9l6)b%5u`#5+;0z5w= zE{#0a9iiR9ChDrY-Lkja;_U?cL7I@`Swh&123~iBh68kUg4B%LX=DoBIwbPj?RV?y z1h6Tj&M(eTe#Q%F_G_@|nh1jK2t9hdB}PQL`ODu|m1F?e6cf>&6rn>7dt_y*ZG1kW zlR}2rwiIY#!|}Abmd1wTse>Mzyh<5Irv!cf1noEjXK?bcjLnX-?X0jqEo`!kx;0}X z3aFr|W|-(?fAX60gM=^=l_q`>Hnz#4qV7jqsHn1F464V**a4RtpBy%V#1~-$W}Ax{ zNr*wrXNX+Jlo8Kh^X*_IHk!l6vbCP%u+f`^oJ)2+Omy<0dd)0_jocoU;Cw_+Q^ski zwoi*;UJsi>w11i3NOwl2BkC7p1ED~xuBmeDd48re7I!jJ`4IZgWu_peybQ(~8@RWW zco0e^^xsOy)49yZ2(woWoUJ$T!HMM5E=bXgO= z&=363=PZxSb!N)W2Up4cUQ>@~s+rIP#ncn(y+4gWu9wPR3mYrNTlGvGn*wccy5>yj zY<9K!^`1_EXLPLv*j#69D&m~-{N^nqR+1|fLy9T#OuTw8yq414ITXQRE&(OS1~q`AFMJ}<*_LQ1DyaB z3uR`RvAHR1tWc^G1N|T?phB}ySifDo=9;R=Je{XvNTP)>V(BUJeAvA5SruVxY`WcR z=r{HyV^wl$FMxwUPO_`Yq*yfz3pj-#wBRWtSqGb;QibWT3K%=R&mT6PyjbLNtysH+e+U7>g(Ac*>l*?a>sLEF} zoGivhRWYgk*^OgUJy{=7b^)H4EI)+(Up>s5!X`^@dSXMja-Jq+LK5KEe1^GRJag|lZ~Y#h&&yk|JTIT^9W2^bTvLwK>_Ic=mL;ym zcJ#WMYVKarioNK8(2!g0if;g$`b4QG$g&!E@{mFrlF)_k5yS{i+!^Tf*1E!xC!`YV zr(l<6ed{kHVF zQmCFRF*cdFXg@fOV^g@)?WEP%WLR8xa3nV6RQ%UrIY+OK4}=ork%;>^V0A2qp_7!6 zpy zSAowcBMJ*Z0w)ArBtGXP67+zPy3z=!6?QztL#K0d%^P|;lg^4t?<{}{Y2=G7wFdx1 z0jU`fFUKduo*Ss&Q>(#q&>l*NOT&;vo|FVWG?FqHhO8m6-^qY&iV?vPN{E-bP>oJd zmfX3f>VKnoyUsZ&_9oZg3l+kG&2;?;OW@Z%)SZt0KGS zvT<4HVqfsGD6-32S{H~$h;f|oGVrV~gp#ID$PP_56uX zJf~w3o9=@iChTD_3{MhT;o;#?mpQhZ2ZR~gmiHx@YZV{juMxg7z|9wLbgFq0SOT0RN|GSOkumc4HpK-wtYyk)&Qc1y6!-nKo z>IpiQJMtsDouhBQtK+9E)F2|@3(_*2gMqC zmdwRNo1(>(sfJ9DUu`|1+2rd$_+o8&F@gE=`je@1N@?&tlDxa``3$J)6f@sNIOQ`a z20!;wJ}b496$DH~d-)n~tMIdGnJbubwGN6SQHdomcS|KiGlD&mFsLLxKFz)rAcZ(N zQ}O_4z+M8c@Fi#fF_7C7D*8B^ z@d{WOKoY;6Nlx~6&Fo;E7&g@%I>WC1$^!=TfOwLU!pmPpkN2LEgj=7jQ3qTo<%Imd0)jkXx{_G3OUw0GRr3zc4mGEemcHTgO%KHIx{Mi z0wM3%sBh7j?c`0#JyBUf;)zksKk9 z13INW_jG6H^mNDFezfbv(Xkmkc5Xg!c&qgENnHfuxQF=Q_RT)o-ZsLQICwt zC2X~8kjOGR!=F9IF(oM44%fvIM@Z2Wb#U8!a1kHnKZR;bSjOgPf2(Uc}jHj3h|(Z zJw0*?k@5AHt;@~yA(2?fcsJY4e}tkm2s*O;T&tN;4R&d&IXTZc>C{*k2trqeA38s< zb_r zWSWM8OwH(D@&xZCQwF!#NifG^t8w@e#R-}Cmq=`wX1+VqmTd(}+2*v_&p~e)nWTZS zREq7m_~U->f}ENF`Cgg?_w@~1LK9;_I+e{bDtBk1(m76iDwMTIRulM0^CRPem|#21 zsWzctI4_z*0c{{s8(kN4IB4L(n^=y{Ll{TVxwnTet?_$)nYE_+EPAOM$xpCQ4rTR{ zDdfAsciZjfq{=-<*8Pzta=pO0Jw@2_5C$z~EKNQ3BtDPMtvRe~_Q-Z$5k(biV*() za|_2C1xyx~O~JT}4M=4v$unJ?idAI7*>k-zc6rcpBv4M#>o><}N+KedD8g2cv~RGc zn#y*q)sQ=`)Q6O|H&&)QXOpg%jrK1Qh4%_{FYiw-4}o5Oc*a&&V7Wk{=adDi~ngF=+NxYPvj<=60DJb$=<@JHW@D%M*5-W=^-?+Ot%LebQZE^CVN zfc3B|x_)1D>iz<(G8QJ!Q*zxCtmvgYW>I{y9#R%v08Ef7!2$Qx>54iAOL>`j$e)<{ zKGVZ#qad&M%QzrHz5JAVRP5~4R$Q0JUiOP>i~mN5ZGiDMcWobI zK`$Zl$fI0FCYMPW>1F6N&s!-VLziA!dfD^FgW{~&q9)sQ_5df=;{mfeV_oXFp?pE= zr(H>JyKj~&mJXB!0NOw$zpWUgx2-I1l+|Sk4ni{QEAqvbB{zP`Ss6}fsS5s;f!NsB z+9En6lg!jrxC)E9tnbpuB{7FTvKi>h(1u=2y`BKv*UZhnp5G=Sxb(YwM&_Ahr?DtW zlM(7Z7aORL&o6z(SylkH`yxF70IrbMi`Vq|C2>k0>dAaaVwBAO#EP%6^f~Z=Q_&;3sQ#TV z_RMEV3jFGa)SD7+VohX;r0paMb|7SwyhO3@8L-UY8kbueRf!VuD#Vv>BXf)kC&GY_ z3bepwzxho>oT-DljML<->$F3kV|K>O;l9ulq{oDzNz&7PFg?>!)}sxS^Y9-DB#U>R zEs(TQb%Et4rW;}Fav&rjAbCAd21ad~MR9#kTcu>ynrfK=!r@lAAv-)HC%3eMLK*0H zR-6l*LC+%``YtkF5k%vYQTRdv&&EyNoesmC=?cY5eFR%PB-r~k@i}=Dxy$ubUa;R% zFIfh#85$XCqihLkEZ`76zcqA<^y1{FFPnAcX|oBzMOrXvd1M6CDVflO=pYuYzn#)F z@{}mH!k4rb+q!qK&q4{M+}3U6inX?2aD2NAT;~6o6QSbw2yMOamx6L6gP{-@JE}&m ze8lUDyfo6DQV%S9!$YxrR8vtJ1e++L zrRKoj0{Ny#NV<=?GfK6Sl(An}OVB~+!8G1NG(vm79*JJy$is<;GBpRG7e7DW6ra(5 zqBk*#jyQJD9@;apkwa%B24tx@QCA-zv2v@XL=vhhB?^tuzf14FUu_^uaF!WK@UzK} zL6Vzy;rp{+d#)82rT_odzNDD5ahxP6uYiq0|Y-}oM2Cu3CiWrL@=uAAg=Nl z&1tH1wz{!cDAzh;N>9DB@GKvSRPWVueTefx7g>Ru zKyE|duzSN`)jhyB4Ry|39vGndkLz5D{LTI4pj2HpTzPe|fVlGY#pTY1 zJtACCxJoDWRGx(q;^}2H1yW8BpWz4%(E~;ZIwb+Uc&KU8uB!F|ECXKFuoYKQMHm<& zGsa`3DKi1}a;=M3j^TDQpGjvcK$N){*o(}GB{_FOG}19$XdH{F_sX=Q4|d)p9!ZEN z6xq3vB)R?kj9@PiTDeJ8Be|}?9GF|y%bf8@Rny9H_4*A81}tQoT_^Z6s5nM=00!{R1&631LEI$sL{M4Q^RBC}R|< zM7o(=wNJ##IqjVksZIIXY%C;NYIL38S(>CKt=4;Ml=BmS2Mo@>y)RX#i*$7vMj6Kw9ca3rN~+ z!GN+{7xK;vO+zM2Ye$A{<;T$M$xu9gZa~uZM#!Jj7>|S&@RVgl@1}fG1}8UX&-_HK zfi_^x5qTceQ(dlbo^79KmrevsiSog=EZ}%nk>c65k`j7pG{Y|*YuD1s0;zcua?^}l zQFfNyo7T&2z3kS@?pBvwM}UGY+$-tcTyokgdq9gp>FI3MbxwTfK&781q)H~wNDyid zU7ir4^(&RFx}s6(QK`-lPXnSd{M2|179AjSUCP^9mUBe3H=ubqVA*0boJbcpIAM7y#&Y1>`8>>gUT=v%o8*TMnjg!#>giEI*dI;K3mbQlW zlrHW^Q~j>Lp#k@FsiGAcER^ldxdqPpN$t5H^}quA-B1}|Z^XoFpp}faS%8>e4%unB z%92{W^C&t(WjA1gU{?8wjHm^gx<)iu6I!jeGz9@I_cJQQyv2SdF5$3}?zaxfY7>&R zv4LLU`Kj^`0ma64=-0HEMQ&9DX_Y9YGJCS|7u`VrOH<`8GgleIDG#6c>nba^)1u2ej-6Yvm7KAz;3Bc8NAcbrf%}>(euOCd#|4B)}XN;6B>?8 z`wH66WG?t;_FA)zaL%$=8TAEpN|TpIFr0JEBtd8YF~C!E|1PWn;7Gl|pAdKMW-QzK z2EN2S9Q$YzU2@RMgL6z~(PA7Iw&`-z52WanLUy-a?T$40%C85DB0I54e*qHqw zvli&)SssckR73eCLVh*1k{qKxWGYAC`ySu2b7Hvb=`{nL8aunNPJFuSO{qp&?$QG>)y+U)ff~&Yi2Jtn{Y%} z5xPaA3PzkQ@gI*&td(UVmM`pd9V+5V-ZpB^EqlVb0jZ}E^|uiB>3 zq(LleAK8z5o~br6?H%0p=Km?Bvh+C0K; z08(cL606io;NqGynYsvJ%R1Cpw`^azU6W50uB)1X8Ykng68?h{89D<;q) zslL&mwxE; zcEQM%8qUIqWaQ(}!6E*WM)-ok{v@G6J_B*fu-)obO98uefxbm`U+PHKag%NTT01SS zoff}Fr^R*DZ-p_dMQGz^9vF>x8pbvWd{=TXRgs>UE!qzZxhnf$Ecq<1Qv z;D!q$r5ozWUi?B5?z=buQM{LO3Tr-}dbBQp)H)Kvre-c|hQk~LXm zX$YfV4)*k&GzBZVS?B63UZDJd_4I3HmVIFn>We)C%Pa5eiS}M1u3Pm_-Uy4P zhX+p)T!&2~TfoW7kHk6>yJDBZ34=5l&u~Op?~jxuzA_XEAX>~-&~^dk;o!T$&}c_l zl)8LxZwz4zhizp9J+OXgW6Kjkat}An<^ay^H5{u?E{!6wz`-5Gq*78khj zu9~zjCJlDYoHraa+udECHn%!$&T-<;B$%y$)8bIJwT*RcWBuxEtQ7{)FVgSAUd^AG zmFbgY;}hf2t7320vUMySeW`Na78Us$GIQi4@t1Gl_-^psu-=f74@0aBM63x#Y~}P* z+Q#0JyHEWln?bdU*Zapog zLq3!7c>T?E4onwux52y!OVIv|M`0qJQ@7o{61V-Li zD2Bm#-nBKMDK|+NrwL8t@dfs+7)kv$i+J1#jWJy!Sc`H(VuHCK)y%V#2P7*kRij_gzd@3l$b}f%E zH}PY6zHtA;2Xs$Dcg#JjS65=i{!UMk^;P`5xN4biuJtP_LW28(!{$Js!ITLj_eArY`VM2u2(eE z(FCiyo)7QV8?u0mCz=OJlD0#_tHGAbRgOG#@dpyn3&by|L>jVWSl!loT0%m4t}h9N z>8W59tmKV{%GALB%x=vnYpW>Hzqy0aZU z@Ezhnz6QyTWlqkAnbjxC4FB1oHNoyo`)GOoWI_@l&vD9UB;vj+`=VMlNE(<{N0hBr z&$=`tU}pDS6`>K*Nm9>!Y>uA=yb~xA;`jt51pbCYZ7|e2or*;0TV;!xFiX@ix)#VjrT^U`eoIz#)}8;?#nAB5I#F8Bw`2 zB9H>0cJnZ&$1jCadP;CY62$2lQF$HY;Hm>0uW1(igeb(KJwBC?Yq zLrFOY1u@AMxIFou5*fyu75~p{=pe7_1@_V6;SIAyRJ}=`!06egj;Z6Cjk6k5HZBc`xCMH z6kBB^nDm%G725=wD4)`7xjx-fw2}iUeZA1rJxE3#8Irc3BcXmw^fCuWR|mbO9Mpk4 zg0;28{6&yaX_~;9YQoKJ+bJYYnk1OjwVN~aOhqARC1BxFi1M`%0_3CCk=Qbk9`66yozpARb(5cyTqRkrK#xB%K3AB(hf zUL|(!jvhVQ&Ow&v4P$LQe^-N-kge~l`cXg?l~7f4F^(~xHQ`&F&-_&OwGcM|%pbDE zxN$~`y+mW^(RhriJ7v6a#%`RBQ--Hx%%qFhm{X2}k68(MkTO>O6=O#D_;k(*vx=z1 zjbpXP9+M=YNg0wZ#uFT|(C3TFX>c)i&j@E@FQIWvyv1-ARZv}${VsM!jEFm7V?IkL z=K=A?(jTsjr!HCdeZp#*n6NRNdeyew0MQ2m8cz~JDnHyD64xJq;zUAAi>I%;*q!v9 z#l(efK`Q^!7ezSLb#J=23Bev)0HwLD36rV1>Y!9NqBzl5iLtQ|D|sHM1;800aWfyv z-2UD-a8avY`k-YI8`dZ&9@~sXOufeTW9qHmvf0WV*_&3AUPIl1Cbf$4e)1R;f^6fb zBA%>Gkb+TAP?U;qd{nb5QPd6-O{jncK+7l283Ny+ld9yuCnNMms7|WcY#TkpTsuO8 zHA85=CqgkiX#y#>i6(J|3RzypR=m}w`x7m=PqN%o0ldhEbahJ`05>~+fGQ_-~Hd{{XZW*_^;9EH}9Vh|Lb25#DDdQ{Jr7m z-qsE5hjgE7wnQy9F5267)q$ykwIbz}_fIRMu_Oi{yQ{ZwtD!(G)7$Ouy@bG*mYR>t zY|3gCSf!z6VCza$E5<8q_Eu1Hvk>qxI3%gT`zWSiY<&csTL*oYzjDk|X1!G1tI`Pxvr#cWvdlZ_7$m(YQ&pQZ1rAs5Hk_4!=xjHuW_)R$3XEyuT9j7Bn$ zMt;g1jHFXR2F9viDx_e=Gt5YJ5%6!ax>x;O`)!W3kxwb8#<;7$}_@-5;}&F zcw&Fb%o?CxZsm#J^dcfj_OnFrE@gbI&Q9vNn<)v>M6oUcQ8_ur1%oK2az@i6n2$xB z>}7st;kD^qg@Ljy(eM87yt` zV)LQ;ocr<=yEEcde0W8|JmrTwXB>Jan>wx7)>XYip5BW`S&z->rb+qEy5rq>*^9Dtd(Z3Gv2J z8lH-ErQ(mgWre8SWF=0emQ{;_vgdc)EnS)LB3sCYe}OTp$(R$+i?T)MU-H%x%w!^m zO>~-a6@!QZp<^bQ`9h`)0k;JG5orgsFUBy`6XUS94*g}ULonZ#iKuh|hVi*9UuLmA zU|*7LX)LncXs@=PJX(gis`0!# z)(X*#%Q4kbng|5fO+tE*yp)!K@(Dc^+Kkacw4(DvfZelGdWrNs^IyX88;qCMuVlKu zCDf}0V%M3jk>e0DXr_Wcs0*G-fd?D8Wl#u0(yoiD?<$$lMm4Y4XtzW++AYv}XvJk!4bWOt z8!cA)M%6lRnw8Oa!{Lq~$2~z0(&5{XQa}=3Jg9h&itQ$I+ zk{_X;`g``pi(t*jHl8|`Uk5jwrgBRy?I1Et1^zpf$mA%n5=~8<#c}uC_h#zNF5oxs zpZc1c+}L_TpCswK zGo0{TAX;{X+UqyR&yO5_$(L?pFc=JWA3cKq2ZKT3|KZNg_M^WIw;w+q3?J|A4hMf5 zYz>FIJAXriTj_D(Ng2n<-v-xitJt|O`mdfhj5PSXn|KI5a9~<#?D?3)HbMG+s^x$EfY9SEuG2*~AO(76EZ;rLM?M^nzE3DJZBZAz9aN9XO~%LnWs z!U+*L_fP_%1~t$jp&Poo>ZoKM0&VeAR3wpS{tTEvzVkvEOv`if_V6V-otub1J|j#h zAYq6jkLiqbAQae)1c5}&pJ-=KhPtm+Zr5(z9P)V#NI>YZn8?>}o;@EQyg596a_<40 z+3^5P2}ix2Q3_GrJfI#$zcU&MUFJ#mgTrFtIsz(tH+b*pJhNBbY`eA8{68#Uxqnc= zQ6{=u1yi4s5RjCoAdboGBi^YWS6x8Bol%{o<(@)gbkB@hHnX{Tcxh$aX)zaqHIL9f zM{nOa+La{shLEXQ zl$2{nBiss4(c9jHCKovI&^_I41aZ&X*br~B z*R_*l&rL3WiZvkxjtRJOFD0<%|W_QrLW z%E|pqHJAp%`0DhS1@rRNXfq9SdN(>v0|K|F*|cD(OXxT4*6=6Sa&l;XLS1LOrLL31 z_v_bqa#s?z)_ZJ-H`(iUQzW>$IVLS-$o`~rRFO5@Wb~4Wmf*$~ncfb?35`j@=T7|` zr7Tl1>bnYN@0fZ$d4oV{j%ntyl~bW~6X?L?^c+VVll zW-s(@AT5+-8|oeC%64-%rYhS&m)Df-{FBX!a#cI48v3khx(zkCYFa;2ExDc~zB(nj zc~-s}9l3r+??y$gZ~yi*;>iy*Uv5n;?RF8)>x|c0Uf7IDX{b)jyP@Pdn z6^Rr#(YeojKI&BG^!y@@soS6bj%OqgI|YZw!E$XhpZ{)c4|g6H&VRQCJG<-i-@AA| zeCU6J&i!x%(FqejAcA>33B|CuGcrQo^kIGUzv(=`jNxKpb*+^S(g2!qI;vbxr6I52 z4!x`ZB*Ju_LQTlVZq#ZVk~ca)<0Ilp8o6k98~*geqjWOyFHyIb0TZjXCl%oSH=U=D zwqK$okrWu~>~C15w>+I^h)bWDX7r(8)?}Rc5uc#$f3V(vux`E^^6y_%gCDgg5$gW4 zi@M|P>Rn1BdC{YN9aW~uX9+i(J3_;dMh?W*$s7D-t2mBFwGuL8?VUt&+fj-2qB81@ z2oR3#_F;hQF;L?VD9lLWb385JaHM>KTcVM(egqaGVy_UnLFzS>&yAka-z#fXbkIy)Q0D5~#W30`XNys^i{Hs0);3r_h9xcfmWNQCh_@I$Rq{>-uBxs2 zF|+*-Zf>|T!HkVQBesuo^hb&VDXMWCgAU?!ekD@uLwPQQzYuB6B)DcYBz7KiX)yCi z;K_hfNRuJ0st`Z=Kxr__xCXxLF>xO@t1;R3R%;rTT}*#8%9k!vTcDLHBet;m$35uQ z=t+A8(8AMff+du^_F-_%ySkl~U43O_e2U zNvpZ^XGmv_gwmvrU56lRY4Vy4UXNOZhSY<65j`Cu|2grzk^Fn0a87S-q~6MswUpaj`b(wSs$IsdQtXNiUXNPKuK%AC#g;s& zD`>S)rj|J2v0zlYA_yB*?{n^XPtqp5TD zEgZJr;CRQ>W6GPa&6rm>|Fs_XZ8h%0!QBr0>g~x9sc37F#!x&q)@gjy-DCRxNA0+j zkL1yo-GzFm?~*+UP{^B{Nu*W}&FU0vDDo0`sD=Itcuxk6nwI{6^>s6UUIT(Y#M$=RuKp{$>r3TMD;&P^@E z8=e}S{9@Hvk@Z_mh}ym{ITz(9_WEhaM`mAh2C9Hn4F0EfcUwP&r@jBDty%O`R764p z;>>Z_>=4@Q|2Y^AhsFFqJCBBgwg2Z`Jo)Gt8L{P945bie=1;(*vN0@Qe@srXYxA#c zTQoxO4X1oY6aPG|5HEm{Ak)B1{U)F zo$Uhu-+laO?f-u#&zHmhe~@(c8Hxdxp8if;nKreDB;rRo{TL8zZeXGH%0WsmHxW=} zKYSem)e#HxkW2(dTG})WdIzDhxV_GZti{8Z@~q1LAx~_G6crL1 zIP*^^k;bK<^e2J?{-S#THXL( zceC6$rio7zpUc z?lY1%b;<9tg+hta{N>>uym>a>Kd6E!HYlUQ2PA!(l{KdL6m~G>0#Nw?Zu?Ogh+^vH zTE|KLny&w!y?_61+tw1r@%eT5SK!K>Nt}sj$rACTvJB%SQ>7kgE6 zC2m-LK;D#A6^AIY#Jdo$r*cD>u_PC4hcf(aAZ4gF?A?$g^(pC#cv{cDd(209cXWL6 z?7-3Irt2CxO=i^Ae6c{DSF8o=N~ohNV@$~}m#=KC-IB2@Q}y(-B&ZxiD+~n_ZEQLE#szf1{#|qpJTrDm0fRsDK5C?*py)8qp)9b4XZnX!^k67;+9=t zqrPoCEi@2~cf#6xld#)3i^7!LrRsG@`_O!qHUO=JRT>2(F|W)2VR9p?t54AVK1K#ew{+$r`%2Hk2?~nll zLTp!wi)`Vzb0pwEVN5iwteE2A7~s*nJ3cBHezb ziaxSm#)3ZDMXijT|w1X6+v6$zpvq0lK#iuxZU0FUz+Lv;N)az(Eo$u z{rxTd-^A0M{#V%>z3^$0#f*plA@gR1g`as9(IdzRLVi)M{}q$-1-|qY-k@hdE+d*|4T8FYN$bz{O91rwEsOm-unM-=2?FKtL}Z4Xo_`C&~5m? z`mkCG4|rh~{0a$2Nh(rHNvm^->i6p<>Q@R^a!xhzZ~TDFh&Mu09Dq+b4ua_RLVkEj zCpZ9bMTvy`k@*SnUL;Yh%D5ySdiv^>V<_SJ=uxhxdL-Xibs70rDc{dua23oWi6ZfS ziYREg3(t9+&M!c1&lTT-o?0~Bdf8>o+vX8X#igVe9rp6#{DuDF{NhX*zbrhZzfdAh zfFxt5%A-s6_B6bI1V_XxKg{l`zh`kAkOc`-9H_wsMA6q7O`$j+JCGmcr^^odF-pe1 zhp^{~tfC0KlV%K%n=|hVKOCXLMsb1fM(FtH=-|jfXiB-0=|&rs(|8$0DY!)4)08a4 zq;8`Xw0V|2|8FL1{# zmHtr0E8#HGGs5RsinKS!)zR)%9&H_lg7ab`rUn~Wj%Mj~S6ppy4Tl&bybEiN!Fhe>;+ARAWi50;Gh)$Xa8iY|Jlg1Df^Eq=D>RX zir_gdEfG}E`FdRG%x#3YF&l+WeGYQNgk|~{NPp4Ft}V?3o~E%l6k@5KZ{MGi9v|Q&Q5sF6V1(YDNguitCo_^>=$ffc1J4)qYeMH2gd~OX zi+5u|=sYGQ(Ym5|wKd@cMYW00<;ANh4$W!a9*=*iXSMTxE%u)Who$rX@Mw6jJ^wfH ztV#d3?jv0+uhmX*3y?2=a0{f`pVfMWhd7>{7U3TR7Wui&n^cbR%Cp&4v*oQ-)|Fn< z=NDobC@)$s0~JW+D7Koq2zx)^0Ed%eAoO?5qfv&j0uonnoxTL|dKn${t8PE~-Ng5j zMpNkemPBx24yr2F7rbAI!LyiUcjM_$qn{pcA&fi&ynNG)omsc*D*rQZkxiYXgtC+2 zRCD_?Uba~WB`A7Cq5HTt8jS$Mij@Uwe<}WVHU3Ye$!K5$o9w@i4ov&6Tr&_v(fUR(XTl)WE^>~;p2jYsSM`QMjC6Wh_*2wTSZ)4e`Jid_mOR= z$8D%brHyTl^Kl&z!o5I(k-+bEmz`Rbx>@4u96~(89w+RS-uhKFgb5yKjl!yy3ARU+R7f z0Hh|Yho=7jXn4HM|F)55dHYYc9$t#&&^fwSv3#m> zxj_M4_g9BNksYq29%?w8T7X&6YE)}sX>FtiW!=f;G~i7d#JYLNVh^X}N=p}~ziXTW z1H`&g$7yXWsYa}Wu|_pw)Tht2HsMDqN{BG?}gyRd{Oqb`_qE;nFI+MlcVm z!qZxBB|Xw=G)RjqWjjiTED$0QZEIDDw)SE0jQ`MtUYU2ChU|_3TR{M%rJu4tqE1lHftVJ4G+HATI(!L>88Kf?R zR6(0N)B?F&q(Zo9lf#tvjEvs&@Oq6l8jE6yb3jQH;~AXwRV^1KR0OK)Eu)UD9=$Uu z`u;kG?;DV3H`6RFoL9c0J3_rUf1yK!SYXRQTSlN<381TJTjyn#lKxkNSP7X`r2n;m zR*|_IRCg|Dn@+|>ynC&zo&MI=FN&^4X6tE09SW?5{B9N5wMVapj@9GWq|GQ)4pt1m zZ9D#DpJnBLT>`*1#eX^3FU5a3IXT(N|2FZgX8&)M0m_emh5)g3Lbvq_|LOw7n$nuC z0b)DU|H=cz$}?u!5U|Qg+ZY2@IaW($mp^CAac0ZsW*vX6ov9jsT6JM9ake=RT2~|I zTDQS!A2wL67A08qk=KAJpw_CpT=x7=qM&8;mp1u-O#R>C@L(JNbtBKl&;KYvk3BNQ zS&+6ppCn+|DZ7PXer3sBlZOCQaF))a#Q!H8O=jLa&MI6+0r@Jq0|uDJcp`2xs*x4E zW~D@ixIV(MFQ_Vd_o&GH_vkk*_$GSy$YkPu!VBGyWK2guciuh9DA8&{o2*y;rN(7z zdGS>}tI+>3kMi1h3^daJBQyW&(a~VIrT?3FzW)1P9qm@gwg@@=?NaY3Ai{A_Ig3{7 zgFFao2GOC}_;)f%;oz`_-dG|?hDE#IZV3^31kPY0|d8 zjP0y*1+!U>eQ51LDfZ!CO6|FQ#Iqv**D3&H1OI1>|F}Qg@_!q79`OEe#(&fbKXClV z^|)NLH(dW_326KMA7^wv!zsDN_cFXqOC?Z~{BJlk?|(-JgKhlBjXbOEe`QV7ivP@Q z-c}!T#@AU%Ez^bssJJan0aPHyrAeq;x`;Iy=UXUe1S?!9Xt?58_ciV#i;@Pua3zf> zlu@G9&XqKEYMPqP>D=tQ-?oyuKk2hF{coWJYNY>%rvB&n_;73gw~^N%K>HdE- zJlN)c*vPZI{>Mi9TZexr)=yRZhrGnsNAaz}7R<0cwjkOyA+*a;vn>uZ9RfP2_%9U^ zUIkDN2w$@ns22Ny)>D%2Nn2|(H?3*tTEU_({eRJ#&cjRhF>T%7j>hzbnt~H zC=VKYL2bNM=moVxL*#{W(T;%^$^cr&U1*L*pi$-rh|JtF9I_hXJn(NwmuSc`jv3nn zcd}!sr>)yw-nSm=-IB4JL|IDuJbq}e6qY;pmSjiX(qMT|(mBCFI=?S_b6dj^h<0nL z*&-3dwsEWo<~*zq<~-DcId_aq{guxJ>rdyIsHn8rd8mmLp`X5ufgaT)Fx6C}& znl1RpmG*RHSc1xJY{G=tvN|c4uvc#^!GY^>yYp%4hcf^uf&?#DuQ4!i^`*@^x`opA zuPd@zPX6PEvxHFE(gCnR{5$i>j6ESe#C0u|F_d#}p z(V~avrIaLltW?u2+9HwuPBj~>xGLE!409BK5e2{Us_Ju6Ww>?Rn6`h7igxcR00>IY6c|;4w5>`@{1Z)Y>IPlX~K21??Pf_sn!4DiTocak(dHEuIRGKQ` zZDJnhfbU^-iE3u$>IWmhx%JZ1S1xA>ktlpZzej!u$QoCqF`j%Np=YKuGBaapySQ}A zQZ}7dx-haePwa-(nFeCm)1dWgOiKp#c1GcwwDht+%bov%2sK9j;ZKwPe}8yr>VJ-p zw*LPcc^>Zk7i+|@f@-TF(rZ^JiQcG%I(UB8koh$pHhILH$h%rLE_W9-j-X=F>T9Yb zsO*=K;Ex5BdW1wKiAr1w$y8sL6Zcg?+Mke+exuKF^gs5-ZG*qGu>U_fHtGMt(Ki44 zW}fxv|KrGe;nO6G87Kck=FOBW?*_r=JcD89by2SW)spiCzWXJ_H`otY|0;Fnwjt50 z+C0FPJQ{3BAGfl`T5|t)i2m3t|Jg6we;yrf{eL#{EWiK%4B;I&Lpkb$I~qizYi!5% z)xWCHj#hQUl2IL((KwpH6SXLO=P&dZ+wg}E7yb|eYHqztzSOhi`F}H6AOF9(`{%Xh@=3-(g!0 zRa-2adK(@irRhg|GSk*DcBKijC6}pgBUYckvVbZ|y)V zkHXsGy>)MBrEqWaG>xU>kQrsI$q=hH)SDJ*jT`E>3#`^ky;>Pp&4zO+tlC%3&OmASRsBR@>3YOz-Q5Vmbfg^5fPS{fYobw<+s@4%-SG*d@KQAQ%jGK-D>-_-D#$DFnyb+Nb>)8<4omzW`)^DC zH}HH5^ncmVUk`H(JXF9h-rCm}>#On5_$K+@?Zcn$^k1I4?F|4L=>O5-z8U}b;P`k; z|2Oh1FaI}ae_vJDF5>jwESM+r{rQF@iO_i8|w1basN3Bg`N^H8f@ z>pCL&_~U>iDeW0N&*Lyk<y5?rXeZ_HOnvkr8gS2rU4a2)shqZe(JNLdp9`QOR{i}TNBg0q7io8&~+Gl6YNfsG>0=LI3daVH2Ofo zrQku$99-p;%N4~#TK#hQN_CBnaXNn=7go+4t6RLg6TWoHBiu(^^zdFBu;|_U_w3w# zugpw-A^A-i?u5*Uik)(IXD{SZcU$@ZD@YLV`_J;?6 zUm$IxMw=DZ6);-BT{2d*z4jWzMAs~lXC~8U?G>Lutz>m4UP+_F$~H*oX>qA5+Fd$! zbPa%#jlE?#*}|{a2Vl2Xw1lW$G4^&z&R;cWaCtos{q!u4iCt9jwf8kE(gvlxEG-Mu z7Kz(HG?xWmk|4rf#ko=Ngv*5S7TpjLywxu?t+$HzT~ogy{C8u`j?usy;k6D9&f|J> zPmjLmC(rjtI@#m!OT})aX|wVA_j4BA|^N(#4K z;i$XHz@EwP9O3fl7E;glTO0^NdAl3^V}%UwZ}rK;O|x=EB*l7^ z8y6+r)L)S2Ha6D^%8DF^&zH74^#dC`{?)b)OSr{2om(I@ML*CX-jXqElSTn?1Am<0 z#3z&=9*QtPlz5+)sD+b@4yxeLT5_WDFFyvj@>FO;gYEM_#*`Q$Q?(z`dj!tM@&H?F z+ctZfQ&H{gm&w+#Qi=$fS)m2PVCG#=5-jM+6RZgqY&%cI^<1fBj-i>2p$XPoUfu*V z#eR?_GoT-h8YV=Vf%|j^h*w4p9b(sHE3IeGmcL}x`O}bHZTd7&E6kn- zXC0HL0j!_9T5d643tyfy?3xy2l>@3GA4nCP>Qo@r2aJp_)X18C-MnT~H6{}Do)-6@C${;_kIkC?} zWcHCeXQ`w|*2p1UA(c-Bh$S&uCV`Ko>XNN@OWR{sY9Y!`NwV-mK=N-1o{$TY z_~0E>#jw;?DBxBm^Qk(+b5l$G=npNad+LlcMY0|(Cx=xcQC+(+Wsg;JWubTt{6>ZL zp;hj)RWct{HdLMTsC|{S4PM#eialVu_`*+`1tqd1g!6gjFZ>c)oqw<`^QP){^bq=J zJ9PRM(V8VCMEO{&2)SV^SnPG1(cH3}WIcB=7xnaoS6s~G_Zp4OT1B#J6~{Iaq=JHU z>RwCMc4@YD187&VqxFl0TOjIK@pn0qa*N+zV9Bh1Ft?^#5At-j|LT_d4W6d>U&p2V zZwCj*+xTA_c^<<4%hV7(c=ESu7saZ)Z~48ZbILcfQ-8*6Z$=-x#$l_e{=jx}tracW z^u5X>vhlVH-z-hf^09r;wR(HJniO&ddfV)A8^|7KjCoVyI7{*NIpe-MzNPc|-!1hU zJWcT*27^-k&*S}V{GW|H4|)FEGr)Zf3E=GXc|B*)I?}$iG`u!4zE$O08*K9{Y@dp! zGyU(D`VF22`ad{1Fzyw_L8Dr+2GQ{wCFhmTYkFQ)q-;X64jO&;;Nu6pB%0W z#5LrFs~nEzlyG0Q#^lfSbUy!uX01Ob*bCYjf;8!Wj`k1D`~UE8EC1WbvjO{$HnD%& zCyKKG&6nbm=Wipd4OlI->|tH4kkf#i8&ERCy@^87Jq=i0A4)oX)Gi&^ zpmjR1CbgS2Sm?KXJS|KA*J%HDI4tM?J~-Oy|2OiimHw|r(U;8nSyTPX(Crp^KJ7)< zOP%fMJ&l%IW%jJA(|CcQOXl;esopk~r#Z^qvUoPuUaH}>vilS}i>$dF9#V#hK|dCP!tK#FLhz0$`RJn&II4!LTi&%MFmVs%4b& zpDHW$u`(r)jp?siG@>Xa=_QXAX^y#4!qtOr$C1}BJV=^76)j=pnz0cvER~HDP?9^M zt;|eTPb(#q9j2$6u%wvtJcn6r)j{h+{J}Jfj+s6Oc(6a&i zuN#u2{saf7SsKv^4r-jnuqaZBcfKzy!+sU8E+Vf0_eE?(%ce~?G0rWdxD&@EnYJ-o zGi({u0qF_DI8GhQ)^R39)asUF!K+|ikT{6$7bHwgYmen(re(2*QzBG(0EfR}r>gCa zXIU0S1@sAdWQwyOMZKS=(;oVS{>Y+K^i!V2YGaDdA@CYmGoCE=4hXyy_ z^uyUxl#l?Y{tW?nf$|=Qp0k5OG6M!5J?0uJ;-OnVoumJ?>mm^GMj_N>D501nDDXq# zI_`_B_g86@5N8LSMTLhkmo1Vac6$I2mf;P9e4cCWDow8FXpp7_K*BYZ^FF- z&=^lXWHFlh0in(lm)^$C6L*Y1I8WSk5j#)*pRU^%po@I6 z9p_!~z$KZ%?%rjP`b)B8=Xh1ySaqH+-X?MT)Q_rU{PO__diUy!M(_#m_(ehz@<--V zKPA+0`lx6T4c&wP;N<=Xl45jvaZZt7ZbZjnXk@!*tkaJ3Hp<70z2!pzQ24Zg5FVIT zbiKImix=0Uy20;**DxxIS53!T)?&0+utmWKlPWug4Jt!I>7yJzpMR08q+G4AIb6iR zzSG|Q_IOA8y^AP;6#!f)U!pNi@PecyVLx#St8`4%o#17#c|?Yno5qx`<%mnZff%`rs_>;Xs! zrI1FP7Kru!RLYzX$9NJYz%N01Cl{T~$>alyvJ?*<*eh{FLa9YG~QmkcP5U?CG_L*T6l3O&5k_ArDm`oYl zm(IyOtf?%XCD;?A^$Yx9)q(8B3Aq7Qh_`wp6Pr1XxOk%P-2uX$$7mF5BZ8>-tX00% zQIs&k3x6^^l+nN9_Z>&)GFhRF5;S4kG@7C$3qytuR;%)>65Dl*f&B2S*obhxOcETk zI^>SQWP|622!~NRCrMuNcJ2p6p?j2(2;R+Ulpum9b7g6}CSejNTCYqZEH8)8IB z%0}Uu9TL~B?Tt_jgLmY{9qP3?Pk6mHn_Iw&5Qn6{^I4teOh_|T66@7hJ@A&L@@Bo=#FT{4sw?Pylazm2)f|#N) zp}r@mWo+)Nr-=FsKfsA39@DR#ECK%CL}45#E4-&?=)Uh+@UL>GSL$_+P&CO9Yz zu}A1+e=wIdjb2cWJ5mO+=#k9-2S4E88@fUmr|&Dd#uSD}Ar}832vuy5h;z<&+;9of zJzfNy@XW>Z%ejM1OEVmBh8G7kVpQ9{l3@Rb6T5l$=z`gc}OfbbmL>B_*QD{IFM*;XYnM124xhcGL7UkV042MpQQI} zo(mp47j8m87W$M`zVU$$v*Q^E65oMILMExIYIPl$e0FvU*724xpmdV>V}j<-LJI%bml6m?;wCpdJx2w}laO8N0MYi1@^p{=VP z0b?S#l{suVrflvKG9?LN%g!XV+DHpd`z%-4;~8c%Yu56jNe0;pfX=g?zDo$`0N!(e z9Zw()3**<04tWS`)mcvt+MPOJMEl~CGg7Cwb zvW0_bPWIVeR8=sV_8%dQBKXlBZ*PQpj1lTt3Wx-v;D8Oh8eRUdy%${*I4O zlD2{PCW5mYrwYvmF6P=cWY<8ctyl;i(;?v`h*;135P4C?$ROxVC?|1e>U!ZfuAHAh zZ~<0soB85mua&E(IF>F9)(44w>nAxy6o-)GT*%t!6M6vziC+rXFDUBt<%2$~IPXx<+uUsL0jEz@AUvMCnCBC<#*&cJ5`ufW8HC z%U&QFWHW?Q#?MaX>g7nB8Qk86cnrP?Q}`Z9h|*JuF$rx!_5?2hJR4+0{(kWNLCN@^aj49^k$E&4g#Q9c3_;jiAIF7NUwy8if4Gh79OL#c3VM&R@3Yay{sQ+`ioH&Sp_0}d=s$PK$rsIspL zEJ2(wCJf4qgd_nu4x7EwL~%@hOrixJH@P;TPtg=%VQ?r}0l2s;d}^Z^@us; zWbV|M?WsR|`bE0u2l*7gEnTsu>|zN0a+#LMSfG6q$ zk~z+Me0W`x^f5lZL{{{y{u&|HMnq(r&lz-1rC})G_EiN~;UY>TOTyF*1}&S?lIOh| zSg}|0up>1fAvb#^F!mLeoqcm_ctPee7(h`O-tzqHTu4A-62fHjTf5dGYsnNZ|3b+$ z3-}F4eqsyp-6W%Fv_M$MN8nO<`u8hz`s#<6ztuJ?c;L+It}B+!G)6in-d`5$*5R4^CP$S#Mum87unnKTco2s(`3^i!hMv zx140gZfQ+0ZVglF&qC0fSQmlfb&f-CU`C8Olg{N z0H=ORis&^tQx^IqVpL@oT}_pM8WrP`*GC)x;whslxW_vC;Zj#XI#F(bS3wJ5bA0{o zl3?%eiJy|6!wD%Zj5=FsU^Em;SX$9F-LovJ+ALaayO#@0C(x3dyYk^z?e5yPDX72` z`GLvFCv?5XiZ-@H{ePBMUPU8dru_+B@BhtjhO1aMw}pQtR7u<%`V+d&LQ2Z~c4O|Q zw(W^3NEq9-Y)<%VvPQ15vF9g1Q9**$rqMJKlVx8CS`;(rh%SF%T)t=FdbmKMib58r zz99GpB!!&@R`7Kjpw+2YVQgYD@u&Bkf-8Lx>?s!qZ~)3h>*MEZ^vP&SjZ=3GmWk9) zh=;;#F(yfA+$GLsYFjop)o5cz85vY!djb(B*yHTAVn)D-3+uolk9=2of;7a+6K7m0 zgkDvreoj1+5RcKx`?{uVDSXV;R3eeGQf`W3o%x#FI?4iDCvZMluL+%B5RzzfCe*2* zT_$vnVnPx`LNAVdF;DE%3T@LOWPOROl)!?>>l3aR&q)jpXKyy(n>Bo`R&!q-?5>#J+ z+T&_UAT{W`Q%_4qu0_MuovYhv%^Qr`!~Mfa#9yI21whp@c`D^-*KeYbT%#yK*JpuG!jum- ze_hdVdLP54h718F`Ih*nk>s~OG0<||l?V~LIL!e0!b1Vc*RYyVk2TaAq26T#21;BB z-b3ax2eqtQl4R7#(DW^zG)liWvvPn@e$_*yQ zM4Y@_Tq3R_4W7@e<(jr6CvFz02W%5|*EC`ic>nG%7QS~+bG22swuKpegLxY z4zVv=!LOH&w~0P!$c1ZKEK8i*2bXMWh2I>IF5q1txZIHULD=&k~?*hWnt#V+DTA{C(YZPNs?e%I*m zwK+Edx14g*(63IA&C2pbBz3(R=eJ>fA>Ze>?F0#wt)x-PMDeQBLsRbMV!y>NNaYTr#DwiR0i&|I(5ZlOg3 zV&T?9E{Ol|nLD%t(wA*Ly!u6}&qW1kuWF!7*URAacuTc_^AJh~Z7l<>r`jcS?Ic?R z%i4ZJ(%UHcpe;om7Kq*G9COD2u4W8*Ek&VTu~MOX=Px>fzc_!<47y2|S8B$l%+nxt z5{Vw&{m3ofXhpi8yuK zRT*cUk!fXXcKN44RILI~ArG@cHAJ9xoa<$vR=7Y_g^bV+6v(KQ6n;M(45~n_S)AI~ z#zToytqmLERQpi186{J&X@^uP*{mfIb+TNeS@Xa(E2`RxX@p|~XTO7L3}m$ljt!u3{j}jzfBCclUGs&psfmZW zFWTBQu8X$u$}fw9?@MQ3#a+<`ruwF+0$kMuCK=<2$g*F3(Y*ZO^i023ikqPszC_iz zmG`!)0axxJI;^nlxh9?WO4m&Op{Q%ST-L#2Vs0CPffnEh2&D-QX^a!z6eavb zrC>Tn-JJMqEit~(Xb1vov~MRN6XM_0wNxdXs9T$55d}3fC3b)|h0KbK`1T;}AP|*) z;7`fqeiD%0ZwCDH&`*mTM_e-Cr>YE@5qg}3lR3g{*-+mjsyDEt^VCR#cfFE>GS$)| zUa#PqtPHLxn(e+`Ja@Ut3LSp;gssaiFQay>szUl9#*whB{-~asYYg4)sRJ8Sl@<}6g~q< zVI|mVAz?lEYWZMQQ%$15`u3{agDX4s5b{9Dq=^JhFe$J6g%9^e`4;7Gg=tR-t_XaZ z(J~{`Nu^~yF3LNklgDulAl0hcTr8Rsf)OZ2_?wjVtv zKEw)Dl2oB65pry@2-BxU=tVq^Zlu2zzYduDmgZ=?`)gn@SS0oOsc_5QYYuuyqbqg<)@G9b<_FV3tda1@h} z$N7swkB@-RamXfEuUK^}9Z{gy4>N-VP*@XBYo}MoRZcV90(ZHx;`_m{0*QvD1{laP zIYU&&v|=F@e99%~kE}yV2@lwc(gaVZ{)CJE)FDkH6v>=ig42@GU&T*ql`GUBBI+?j z{tn`D2{(;O2mt~{7k!URaH6XSaFSroUxa=flT?VdAoQ-NpptQ5(QMqYMut{Z!iq6C zolHRTY=qXVRL-*QTf-+{4#*HRRJM@2iir@Jjd0TlxZEgFHtNTZYT#uJzD)m!KHEB5 za^|b=uvxrAr%Nr_I^GDsx$~uV>IXoxCa>?jTC_vQ?T&#;r)%LhcUXg8-&xgop}wy+ zn~3JF+HBR;p4LHa?x+gAzMq0L)OXQ1_?mkspxQcC0js%B0%o~8Bym%cEc_4{)W0Qo zLM}++!&N;By$bg5BJz+@4b50R6hlSU_`yKCqKFh34Ax`rSc`*Q6)XsV@^V0WheuvP zeU-Q^fYIX@Bu>Z#1M_B+07HT{Gj@y0Tyuz^_-_G_8wfPRlZlny^OR5J*fO0Flu4wT zAhyNOu<@|7m1G(y(I9DC)F|26{aat>=>GN~i_*4oV`CRsqDuy!blv zCqNtT_0$cN-v)o$J5`wmj=gY)E&KMol|yK5Ky7$tJ@o_0z=XvvEAe!T|UpPRp;f~hd9Z0w1>_{lXKD5O@ zDs%?2egGCc;fE~Fe<9T8Uq=XsAi5T>P4N5O!0)#L4|BH8Rlt5)#zT3n^+RO!+~F3N zdIpZmh>>v|dWiiclrE~fpDA&}SsE=c$n64tk(UOOJU58Rre5ds??Udz1r9T)N=cf< z93{4nWZpoTDypDJsx|3zLBGJrL=Z6bzNj!L@-mwz&XZ-v_lkXry2nST#2S74s3a)+ z{5j{m7|~NuX{^V2E1CB&PZ|&>q@QacjXt>6eGVCkBp|ujub=eArb?oKz@!Vjv=3uG zyW%@+a<(Vm$s|eix5xRPd%GYp0a>U2Pa-nG-G(A-U16;Q+r!b+K|a+|tksxf6L8b|9f`Zn5H=Px&M5G~2~7ocl6Vt@A@9V$t9YXr`$=)Wb1Cs-LU)1u-1>Ab z(jlf~l0tsmurRt{W1wgF$fJbl31(SuCuwf3A?l=onu4v*r>W20_WKOQ=P^#_dugzfV{>xJ(LL4m#vxVuKEc#kR(a3o> zf0`Hei~P?@lVD(1obAev_M!#$L$<5JXdkr%>B)5+lM{%Me4c zt$R;%whhaIkOMQwW5Xrv`vx?HWiv zGQ1*0Qa$j9r4g`NP8yl3uIQ2IIkzSkr-Yxn&V%ItpF}k6;}8e;|0Icwa;99Hg)Jit zs2fC+4@MX{LAp*!e#?Qu+$@J*>WPf;gbo~9v(c$s4 z?}r{f9!#gh{pr{nA5Mqk>142fc=Y}BaC~xfL=GoTZmm8-`-A;Ke{j$rK6^WSHaa>P z9ewW(27{yH;mP;^|A*N}-|Ew8|1(Boi8h+{|NhZoY5yM_Z}%s zv0eOxr*B=AG9bn@aB=adq^y&Nv9sN{5AZbYfAOZg8urdW+S-OBH0}SBL-YJUJUlws z?*C0ZIQD;)Tl!|`;5g2I4&CqFBgZS!^^VZF;Jz)9bs@DhKY@X(CU4u0Kxj++Y0nA`1wOrYT(7WHl%< zeD?jIsKwZP68v|Pk(o=fyySwta4JcykpD7NyN{B=Xw}aD^7~&AMl`IkhW&qhax^se z|H*KB{%_>jkr}vE6fy;&Bj4@r+R% zpfLy)u@go}4TRu0Ait8S)j^B}Zml5a;CA;mYJ@4mnhml@P7bCA&Q31y()B5HjuQ{e zNRxX_t71fVa;lq4jSCZAwiw1^TZ;ijra4|LCLzcSFU{VBjm$kfLD zw=}|M0Q&%~A1D3|+Yt$w`7}-L*$n}{Tx3BYWVa*q?l(uFNvs=!4;blUYrZPjtHL5h zSwieXp-kWl521M!Mu{vX*455VyBN|IYGeeGW}q$`Mr#s<6B4tt7$EPl(aIea#5-qa z$0>PPS@v~#D@j4P-2+R0UI&glIF50$h?2DerDVcL%z9zo(@7erqW&Eu+Q}VJTpYx6 z?CMPjDfUGYO+^ZKIzo@0Jn8~N=#mu}BlO6NCLc&5ze#v=pL@c;Bns^j4nzp_-Vws93R*&XQ%9?4`h-xpN9jO zL;;_jO8yc3P=tm8{f(^a?5MRF`yv*g>lE+Vx>S|m{wxG7CwFqomujAFNO_e+;qTG7 zc;R8Ph(bz~YK8k|@lNJZE#Azd#Q!HduYx%8aPBl$6cBn>QoPX`1~0q>e3@24BLqt&H{~>FwK#BER;YEGoY8!2xT8C`n!CJQTJ&n3AXH zBCac9T@-yj1tSsgTqlWJ!1LgQ=8VV~>`-X7C>j`Rk*xfbl3>aj8sF#PAB7bf*#2=* zLO{4>6?|tnU=_#&oK^GLakt8%md`rq|NA)!7$@PTu~ih@K>zno_D>A@e=<1Q-_rk0 zJRd*qJwZ4AVgzy}c3DjCWAc2#hGjA*BlKkN^Jj;Za$erWQi`fdthm>OBg*v|cjJfE zWUGhzML}SLT&_uk%ZH>{tYpsYKn~Avf{qX1Pk(WhO{e}H>h%j?B=q2Kj_R2-sgi9l z`g)K4$Z+6Ked4i8G<3ps{!Tb_D4()6ScfPYlL^i!K{Q%uM;&y1>XX3Zrv$L|^3LT` z^mxo|;$OVEVr9X!JSLM}*Eyde=}-Vbgz!ryrR37PBFKjH1;>EAz_!gO7iWna9DkY* zto)b{t}Ihopw;LHw1D&-^knqB{RAs`=7YkaXn`;bT(!5I5sVW*OsA;#Z?yk!v}Zv3 zE^G}`EV-(`wWVn88oN(ttNGO>)NiV0S}!JiC!iogh%qE`dLH}2q`84H*{uRCTuk+W zHX7-PKYFczRF38;kAn;W2#T$w-oQj;RgZ9EcJPDh7lo9&KJr7xU5tIksqk~IH5C)g z7w@Ps@TL2gG9LZLQkFq97Ci5WQra?Ft?Bqs>Zfp0iVK@i4c&32#U4)a$U#Cn%+)hE zjtz-5H-%_(@!@wKuBRcv!liS*N};xT)J^ zsCqSlL2mHT?FQ(8gZIe!_)(pmLLll^OG8=hKEkmNGI}~f?|N!sF=xHs6geDBO20jF=7L!Zc2-pK3M)4)1i+St#{x{bbx~*4whLLa zrFC+bl8`M)%E00{rZ!Xx5Gy02oP0}TQ@~giom{})az*6jS8cdTj&H$3e)Yqd4W%kb zt74cd5*p{J@PVn>);YLU@#?yb*0F^Ytx3y;qSRQm@mlqaZM}F4A7ZTu(*^aAEThVh zt!-gd^cCGgyP+#8tlYG&p0c#xYUvtaR>lfqXtx{-R(90}?drFd7}zVX8>MBjSsf9J zhS7oxH_x!|9vg@?pw)UvB5&p96z%EKr?LWLP3Rbk+m_>Due>@+sDr%)wQIJ+} z?b;TlS8r4VZfV;pFTQfKii+KK#8s?8wc6?^s0w`x64H~X?qt=0tcp^DF~M4Rfrd6# z?t*E?u;jp&;H-?8)&8QM9k0jG3a~YrOGwea-Dl16KQ+ir-bR!C$NtH_F8@0i9t;k* z^1n?y4=eu@5v{gjz@^22Q9v%q6at_LQdlz)4nk!S?2;|hjN9gnoW206yCy6PS2MTo zXy@`*BhDLm)BGZp{Yn#y~d<7KHH3f zDilt3g#tMLT7*u|_wMJ<+HtUXBC?4isMqcc>NTDvJi%3+EzQ5HXY0&RHKwjh^VSZi7x&y3Y!fYqH+3XD}Z zHA`DYwaV5YM66hkGWJ^TC8{hK<$Zxe*}A5A=xr7`%0!e5b2OhTeLZp%N={k)$^EW0 z>s}q2D5EX|#e=J+VqQu|Tp3ey7E7)}c}0uMkkWExMWa2WWbG(o?&Z5dr?2g|Jby@d zQw*$xdhzp%_is*Lzf|J%fm{5KNwiRd_aSZpC^+-d`wN`TNBKsFomtt`)y3)A1GLAz zK}rLP5Kd-%b9FZ?P{H(3zhBgPUSm4InqoKz`q6A5P}fXh7SIx`)c)52mD+v-WTQ^M z2BxC6Z-=O=ov(wdDB#-xF7)g*U<>7XJD`<1^qMv*wdL)aER^CkZ4|2Rc0ik!hHY82 zP*m4IRJGIX0M{#_YnrOpEw^i2Q6bl~r09)Xf;H5`b+8Q;aLWcj(_04?)Vu9~RcLW* zpjW7Fmus$5ORXERXOGs=FqNHco6~ffwasXX z%y!_VzOn|cR8qDDD0Gpv5QPG=B}i4zSO->BEVc!$=?`mxYf8d);G1-THSIO2_*x=h zSD4kcYuAXiY_6m@tZS*H9jxZ63afkrUjE^^a%<2^3x!_Jd66=HcR7WG11Xq?MZilRm?pcoG73~zc6dBL(}uuv=?Zc7iKGM@odWjW)`-sGq~&o(&RYtGcHtS;*nF zAEs-e|1>UTKvQW<6a63VoAiHhbhwTGyOBrG860{o&VVi!VOwX=8Y?iiW0rFW)lFg_ z6%GQAbW>RL?vcrs`Ggk|RrkxA;5&{V&-7H_`uteIx(N z!TxZt_5a_^gL3@0E&son$H@PqZRxF@?w`+2*N_t-n^~Wp=tYj4o>-fTBruOOyS`G*M>e}Y zd!VwiM2nX+x@jx@359BRjV7fCizgxJSt6sdFJiuOeVVk>>&??N?#U5Iqe&Eu(A%>M zr%*ao$67512a^S4{*(OV%k!aFpy`E;(d1cX6>VQdi+YX~vBAu|E0)Gf^?Lex(k;H% zv`xEmR9~8mezVUS&wmlhu*?QD-TwxMLsR~DINbXGY~*PjG_sCSki7r)X7?rdq*87q z3v*!1t68Ps7xvNC&GN7GtdahU{9E1W|M9^=iT)pL_5T}rDw%&*PG^MyK#_ITx=o)wp|&G?BfcZ3(YpM+%tzvi)vpxvX- zGAc?2!2%U6t)NI#WQ@qmP4xfpu%!P#JlyL4H}ZS|`fsxX*d7C4<``Jcnm{unSY^_-_5@%0S)Ts8 zY<>H)FiJ>68x8b-a5OaYzZ@PPZRP(Pd3MkRPE(Tbw4QuAd5ZsW<_BPk9^=UeJR{U~ zcF^0oPrYmGoCE=y1<{z_;Qes+6eT3UseePjOHX-^L(kbkA(;V5L675vO#M6J z@wATrYu80ThrvCHLa515LNQ5D;D^L@+!t5xuhJ+X&JH?@7K`F`j(LV#s|*ohL56jh!d%7=Lh{xalHxp8P*& z2mOi@KguXNfANw!?7q*)mgD*!!F#-168-)y5{l*b|IdGa^YZelO&d-7e|TWV|2sH5 z+TQ;+^58g5*wGD_!Kt5xY`4xMr;k#c_k^!`X)**5<*Fs*5eLX z%cxGRx{2Ooi!n)1G|hv>t_ka5oA!BOhP6$aRt4b`x+0JY_&QB8a?So?)fX6o_XPI{ z03i>j7~x40QL2tg9C_45FaOWQ%ggiEFWpkp=Tlf2l%(k2CFVXAJ%J@IWzJGM-45#xj}2?nzVlj# zeif66KfM>c2%PLPWFW*7?$W#p_xjy$ooGmO->)e0%aoawm8m!KhakyNft=yI&% z$WvW!kRJm1W3Q!`eh2pI6Z-hMRrgS_Lab58t=;~FUUE{GV>aQnS~ppRb@$z9jc#6n zHIICL{sJ=puZ?n=_Rl(g=Md)`U!ywF`A+aQ42ve zU`QzSXJIS0!-jR}2Q7&RV6BF!Yv!KbL>`g66B}>Xm4Gj>OG`f8ccYBq*X}NJDkJ_; zlBRw*TMzEtu~s7WwctbEDslbRIo9uf>xQ+SHlpF8*>o#lomdL%u4A2_Vyz?#7D0ss zfb#hL>@ooH$J_49?pU`#nDaH4i~0r>bIIWG(25<$AFe zDGX{jRTXQQ6k%1ISH!wVlF(+XmBb5QbgY#W40ZrI)=FN7713S^>)fWjTK1%1T_lZI zd5Nrqbyd!YYb(~3St+`AVkNBeEEKKAx=3vCWyiXfew46Y6a82jYbBpXi`}Ru>G+bn zu{JfwwTX3o29Qqu=yuyh2HHiQk2VBb$sO`V2{xqqs2B99SVQKJwXE!wu(qcVxvs#v zB1OqE-B>HurE#ytdWCUc4Qoqslj~}%ZK+e1Lwr@NI}mKRj(-INTglDRf?%r&U%n*4 zwr6{(+Km<2WH!DV_2e;D;gg27mXv0d;a&-AYLQu2V=V>OYgpPVV$IXvw7Y`k33a~k z6-;%zsuu+V)@sh4)i7TXYc*|8)4Dd&0e!J`-H`m}TF1I6%TR}IbXRdSCL5}vd=;sQ zmZW?uU~Q%$s^vq<8ID%rLzY%an;{pV(!ZnR**I=`iqSIC<@ zvw-LL7n| z?bV;|D!~K2T{(E?QbhNeq-pFHwb;EI-{~Wl(BX{6E<9wqj;JUZrq)PAfjXE0q5G# z1jl&dr}t0M?cATtC3vosqXaJkLMix-IS8du%uphCK4qMfdRQoec-QeKtTWPJJ;Apw zH(JjqNx;-0Ou>GgZ-l-d$t|(KG$qO2Eg4fkC3}oo`;$FBD*YguMenCs5V-Va=6oRc zw^8DOvkb58^pzm0P9I4F^ab{dH0OOp7T6C)$PcH{e~)qaPwY>EDDxOXxzp_r@E)D9 z4-S7N+Q_3S^pV9N-|UdRl+vpByDuq2LWmp$0pZ42FJF2^Z=Wtt9sR%IF8?bZ0QL0$ zX#aR<(*Kje{+9l4eVuvFXD+y0kD}KjeWEcm5(~&se&~@qG{KWOaUH~ep0Qt7{y)hG?H>(Z|6m0* ziNZ;iBqU7P5fcQ_1cSQ|8sDdcTc1qkS@?l6u<+MK6a@n6-*lLG0j8$Wl(Fb>KqyK` znk6Ce(2bATx#x#7u#HQ6LeT^Vfr|!cL2yV>7;znw3n1V8{PyJtS|`(~Kk-R8xktAI zrT7Cu!~Fr{`a$QA`zpvL{g9)H9{X^jhEd8+y|F)=kp$)k4%^+Q&<^FcDR`1*IIuul z__I0G529O=JVoS&u=-Ip`q*ttKBQ(&)t7xv61$0#m z4%H#O#&>7399us79NHy`2~HWaK$06Az@X9la3bBp#z8dsK+%|_w}ga<&2Rt)EeTmf zDM2?rxn&KpIzOD1mCHm&)Wk@=#kVHuoJjmy}G!D}Ukqr^bS*rZ9CkgCB7 z$!Dclg`yY_!Xsi$_?$v2jC?UF5YeA|Vla@JfRu;BF;g8V$CAuBsi0}dpDc{Aa0@KB z_`VdX0VJvcsA&>tg<^$ThR23`>W7{obP~0V?eKO^fWqc>J0KH`7K z0qx@nq@iGJRIjRQJRy2-ua^fJrFvHQ;!_$(BF`H{eW5~o17`}{0Q!Oo_S1kC1r4w} z61G;wg_GIImnGXootGu6B$p)sXk3>2ZI&f~s#%siL5N6|b$(I5SWCd#FIG#{)fQ_B z;PQ+0uen^==bvMtp)kBRAXu^XM)X8UwkZ!>Ze2YRTp60g8Dk9xgN1yvAPcx*4Uhlk z^LNtBS+6v-RXXH#IP(>GL`|&E4^)!ekOa}moOl_Js1ON*CLTHg`+S2jetTL7!1P)4 zq6yt&ygZ3h_@g*g_qhFjKaRXUgS+SG+5HRd@dLRZq232_-xIx%2ipksUjC8c;M2=H zpQf~@bFjUF$7JhvIwg~IgnDnHE8Zva=^`Ohk|;0UL@)2iBumNTp?i#?Fu33C>BD4Y zE(=eDR^yRTlJsYp?~y&$@jhpf*pP^}R6i8CAOP|OYfLzBtaIph01pMS{8O~9y9AC< zuje>B=>G>4=*I+voE|#MxpN>*@_qRN513!Yfu8~qW0$+}J;GseV`G;w!e@eAUt^r$ zARxh0G(etD`K^XuD=7nWF6xcY{^8uIxKSpIBNP|-{NgQk%zvUWxsO5*)S*wg-YB{a zX_^qcKqN_`gmI7Z^3EDw;JZr>@q#3m9LxwE@z&vT3t%{vPW=VpNxIQvNQQxEijx%H z?@EaU6zxyNuvz-Lz;`g@uShs!L~l^lRXM6s>nS!d2+;GvWMj^nl?}T8S83ux6!Pg} zgocNrp@^m^Aro*057_n5EXebA>Zf11eyvw z{SZxq?9Sx`F^)n?KxFe8-~E^nIuF@7goX=_&IM*kMD64l|W5z)m!kRJ?|qj7=nxMb*PxDWEC{MC6%7L?0B5I4|( z?KT{U-d)yUkAz;KsuLqey)nf&Nqrm?;~}{iwnY3X3L{zMeO`nuk_B7x6kJYy;<>2b z52HR`q_C7-QLC>3=4;juXMBi78QB{-Ht>xR4B$O}di(YwM~}EcvjRnX<-nO z+X`Nn5WH@M27eWy0XxL;B>iiM4cNnl0d_4u>>gmF6M|EODZ-MiMSkcp4v1aWgD9K{ zi!BIO=TqbnFXMhO{5HOWuHX`RA7%Nimz!iuipSPpl%+~dMtm~L7U?5+`5d zaS))N-oAc?0zdpfh34Dy6Efio5&d%cDi133%efptGUfuBDV`7)oq~aYIHPhGZ=4Wu zoiDn%hd2+$%bMM&9V}i&fEtrIqor(#+>nGq@U**oe(9%a;>T?H{Brq9R8ofamW*HC zr6dV)U<{6oJR@$PKnc;DV2>pH8UR+(ybWd;fGwL!viQv6U&5%crTnAh90_b z{opH$SQ z03%;HQtAexJ&<`t6L#U?n`L}2{$Lc6EecjF%F+?qUo;5q1R&z+mPjRt3&r?_UGa`9 z;PPXlh}^Qk9??O^Bte)%F9GJ~$p{^)tY98U6k+f8jHa-9AJde?Xb&Cjvf;ReUCDhK zqA91_g>OT~jd_I#eTGwVi|;9dHn>D;f$!e)>hBqw6J)R;EMh4k)OZoyhG3%Phcm&X zp_Y#$@6ZOH=r7_V8nX`fNjQ^+j6S6qp?kx@@Q5*HtOGCJTwO98Z`kr!_~gUP3#mF@ zFWy|`o+tN(?tm%)UdYeN@mO8k_s9e%6g^G_d!5Jog4ovM%n#B&8(&^f@}Ik`LH??u z$y3i00VLSUN%LT_k`EBZ)CA5w&h1h3I01tzhU~7Ji!~S%xFBeO@7av&89E+$A^nd> z>|9`f(d6bo9D1j<++90N&CO(9WojkXk131%@j{Ixo~SX@nBe zPYCun@T(Vmyj*k+rx-LXxH)&-w| z#c#Wh!zk>FYQ)n8Voj|BK0t|$kC#h|d?OUNR+;joqBFIedjD++D?6x|}wl)&vAL<9-GRlNYm+2jM4 zFH1=j9U|JL+PpR!r-X5pX(4A4 zgRM%M)+A<{=v~tUO>L!2FWBty$W%&d2!PAESS~+g7q2M6?Eb(ih^rM~LKbm)|H4lI z9Q*n!K$9o95`L3^I18}9$iK47Aodr6&hv)*3`(CPRg@FU3K&$u!Io~HDv!0k`)38z z_1r)u@J-x78`|2)Ewlj#i+^W}t7v&AY%ilrd3jb@qi%1g+Z*bi>W0d>G&|GZqDzLzvcD>U0~!U2tv=MP{=?UVlfU7Qz#nv zAwj912Km{V%Y!$h)p#~|HmJYzi#b}8R-+198?{Dt-LFQk@z)dvwBp|R>^%VUE|$eA zynBiL6)@M!{n~-9hxrw-H^KYXH)UacTk^B@aO>16ReEj9@$xMxwzsU}Uw~Cqh{B(o zQ?%cSgsmK3Y&-y)ykdg&t(w{!2AYHuQk>nQx|REEh-ReQ?Uir3-}e3UYf>A@q3*0W zs;tJB4lCunyo)h}TjF_3xPDx?uegpV z*XPF}K|Q{RAiqiv^^1=<3sU6r+!El*=l;s$jI)w?8jw$n?G7jC_yGR&7gyPI>ffPW zzW@eNnLdAZIC^J12Tra6Mbj(@?h(6*f!7hjaSVvN&ff`#4&_tU2I~YxV=}=RC5T1~ zg8nBzXn1$0J_$VTEh%#pfWXM7=&=aP^y1AGE6Z*KG$xZ>*Eye}gr^?iKytqn?(_ri z{4_TjDV#7E@&enck!3~n(eJ#Z?ou z6u4?{J0ln;ewa>C@84+u-)PT(#@p?(%&Pv@mY*`OY_o{u2y9MaZpA|3rGQJRo?j@` ztL%+B*!*vixdVLyr3ao6)ccPf>b>uE+f6OEQ_e+;?U6(a9-EAT#rzVnz#j;rSt3G}Niz(Nh)hO`BKMckXwyAR6OCB~sSmuAyPH!QgP}%B)1NE6xI`QV4%2)!uOFH+Y%%F`Gzu*SYN2;}3yrz!dl^>~}TUDjHD!RPir zaqQ|+flA6|ZnJ2w0b&TEw0@9aKhWuS&Yg$3moDZ@%rO?y_S?H zRaVS%EwNhs&_B&Hc3IB-N~t9x!6NAmCbD|pU6+~tn?mVMJ zA@qC1biB*iV8K0c-7sGD5!mZSTq1Jp7t%WOh*q{k))C&E_Z!LQOlSN&>v) z?@?IhmdPKND3G!*_-RGzP+c?{mXc$EgvCrQF5U*xuSW-9B-(}EH!?a#wIXqFm$He7 zgQ;7@r4viVmqt*O^*LNcs~mI01f`=&3`MJ)XsAw6oq^7n@Kfqv7W+YuApM-AM1Wrx zwH#1fn18-OXF;R=e;$}^cq3@d{(n51U2*&W@pO7+_y1j#M*Dv+TB>{iGUb&|7loey zJZB(+|4awF(E?;%?lSm<+qLO0P%T=FoPtSjv>~<5iT0fnD!Y&wzG8FNQ<^EV`iu)h z?px4co`q!2WckR$M)>*|t#;5TV&EfGd-S|iaW3j%=TGOK+c*Qt{iI+v^;5<>E;M2O zNVXxi*Yw_l5)r=#=2%ST0%e7h%9;GU4?9Y z^=B;bF?)6vZ8|1Qb_;{QeHpQxkG z_VM}jwEOsTGZL8Ls}9o2?F1_B;*z5}S`n2^5@)d=hu6*@xA_qqoCX_j_^7ZA6USjS zuKDC>XQ<8kd0meWU_1LPHng@hDth|ANdIL70Ib&kqv2#S;_-izk;VUYQjGLJnGW3o z00~pOgKyo*p65a2l}0|y?O^~#iXDIebEdBg1*ku0ZxIK`_m0p#Z6E=2TJ1vt1xHiP zilmgFSr)4>gF`BEJ;07Z$rJfA(tIUsHD5?R92u}}AM9e8cNLe@1TPj!t`+p6TPiU6 znF5qp%u*RDQ45n;HFhmP5)lEE40ahLH-nv*t zzR9S`vt4V_oUJuU&eoa~M^Bm*M^7R}l&#rKUn1Z2%Y4l;g0j5MB0Z|dtB8r&s1Yf} z+9XK~O@9w~%1}S%4K8|;uLsrs<^|b>Qp2f1nvF1;3WTN_pDFvaY5OlH}pHp_h_1oPJ_%pNMo> zyl7!X_OMY|CVk!eT`0|vUp2DF8!*^c#@Z1sGLfno-Mlbop^KWW|7HM?I{e4*N;v;< zIkfSgPRb$TKkWiQxVVqfbhQwW6NiA*MJ(C_fk+@AN~ev80FmN9&IA3?sEZBpALpXk zY|$x3`k$l;*EIv`^#5df$?5;;cx3l~ofPx)AG{Hu3RSY{>Qy!anNmTt>f`kHC=)(! zNf06yNOGP)62+7-(e+>A1-WlV2r8c|k^@iWbmRG@3%Ps+NRSGz@Vrnn%rMV@&*5RI z_*Qhe5QWoXxoMJ^l^;)Xe34b{p^`7d`!t zZcR5$|5%6roQy}j{+|pdHvdB>#c2PJrbD;rPsGxy?ABE_>Q_Nw;{i51x+zfvJh?VO zpTsha;*4YGZL>J_J%lu2A#zfbC~j1R5oH`h=VoN+jq_WCin2Y!bxj*EQ8FD54-&@sQ*)92*`g06DQP(tvT2Iiv(}u9A&k1>(f*VJ!uOvknES9v(sfSCC|G zWPVV!TYJwX9#PVK?L8ORL6(Sg=E4=b5YT?FF+r`qMyLu-3_WBN+1w0lHr%<3?z{kR)_&el`2UDGDgDS)_(=w z5+qVlumtWCsv#AGBhg$8gm(V;w+95s-AUxYaOiaDE~C^}rD?MJ_s?jl_?-Ehego4QkwB(3T9EoG*Frzt`Qj_ozXQI5?%;2M*|hc^Y|1NY zI8uf596n7s$Wp@C^e;N-*C15!fiv$B{@gmlTZG=c^ES1d5k?si8W14{?_~!Bw3->U z`jWm~WV)wHC7RZB)=*{Pa58k?`IpS5*g(7R|!2(;iw*MJsn z))dV+6j60Q)M3)`$sUG~ThXJxL^~xRIjp~puZxHNGc%o%y#%1ujI?xq`5?(2gzSHE z31Hn+%2|`7^0&8un}v<%*LV)x!4vSp?CFL5k#}=*XA<@u zEmtuHeqNWBm3R*B;w89trsHAFNa}6vR9)^iA0rWzUm-D{M^cMNJ?K2|{tnUmm}N)U zeX?CSEOMW0)H=cKGvCYpsC^6CKYnQv|9MQ{ml!RZ27+qhKjX=W&;L2SoZ0-JofPx< z&#z=Q93c)=%tRXyI!r*Q=wNxopcwjgBSaFiT||lswk8pyqVemF95tU1Z#I-9c9o*9 zT8k}}6S$)oQ^BzNSX06JATg(M>~f(_Gx$_0K;0-*IqQs5iq!W%9Y85W?4wXkmH=<< zZju*H^qVswZ{y2_)Cvvzx%L1ElT-BrZ7* zr>4F3p6_w}IY{nt?RpmY?+`?*?5UFW|G)>op?bPhH(ug}AqazXT~B&mR<5R>fOHc_ zDR6zye*!LKhi;^c;H<0AuDI1LY;@;6|C%?cjVj7X&_*lWxoxj_J_1!u^O&Rq71{cC`H(gg_pLt?EXcu}E*uFnlidlXlO+SGcn) zIZ}SY3SkghGS#2}dd#ca$m!pwSJj1p{h%Y5KEEi>veC zK*74pAVIl<>mXQAFzYaAKn2Mx+9gWZ_E5bUqToSVnX55=6b(S&n~CgdJDG=TM!c1i;5!@RmK5D1ShGuL;LZ+ zXF(WzM>=~B5+6hvmF37K+xL623+Ux`FaEPM`f!)x9e(i;v-z+CiMIk2pAx^qoxN-% z{_XtlZOZO%w&sGr(OiN?`oFjbT<;KQjsBku1^quA4yRWCcTrr|?V0C*klO(j4vnK; z2`K z{5`}A#dR(nF9^y8=!fPd{ogPRc%A;AO~$qx;9~W`=yEgZwUJ=N}c|n2>buprQQE` zQ})>Z*ZzK@cu%Y450pjx$mmWjQ0E?C&b>gKXA0i5pv_lan&|(Au+O5@=>OUDijV(~ zM_2a#k4{Pp_)q!X|5Wgv7Up?KmG7uhRW?U;wu$EK9>r;h-h7j&&Cbx8$3bZtf;06% znN3$=lx1163d42(C@V3^5^Y!Fu2y1Z2GA?9xDLyzny$bMtxi^8hNJ!pEN}M8S77F) z54i#}jJjQcxqS3(t-!BqhuLKR*AVtylsfLYW@1oS`|LJrj_;LVfv=sk6Fz%Z% z=&LrIjbYxEdE>3A(3Ppc44yfx`!?LB8Av|OdyeDh|Gswq7Dqr2A}za>jD|*2drCDl znp8S%Xtd5iG)6)rw_-PoLFL&Gd*Whi*K8gjux@Fqg=B0Z)AAPXaSmLb7`ZnLYMX+K{DH+3l-r*sqFRzZrgCrU*E4 zA6oIt=B7X*%h-ZhlAmtTU9+X)8XW~czrUfNHCA`^8~#gf!19HjbOiOC!jgY&a>muh z+kbML_U~8Ip4IAG&XD0=Rd8D(s`XR1?!IJUWz7vHigvNuGQMcy34-sE`iZvz*Um+j zY>V6S*(%r$yb!(;+F>QRYZ?BTe`^kXgFR)A;_=H(ajGvJCs=zcz_LY;;Kv!K&=P!c ze*U}`e$KoVB@dx9--e;Yn}=I$iXWL_PgcyW{6v+|Ph1zycXt^iH-nv*Rb zA=rWNM(D;cUi}7tVWdWlUWKnSdojbBfIj#qF5;>8zS$B(1O zVC6mrA-KVJ>7xgOc<}}J86G-h-IWBSQxs0^=UdNz0uRA=?z;X9*F`_OKK$KHgYQ7> zEr9^bkXtdNGWbv1=<7U=L#YVpS9cS~p+W+_d2<0^hd+QM0O^Cb-h|+{U>#(FAk^Tb zsIr@)+HMG|i*l)`?jzrw_k0^i{x(TK#C{$M5!c?c>z6I6q!eg37c_l|{QnAL|Leys zzI$Gj@Fnuy1+3yONgYup8JXt7ATAFtkzdtgSQI2xWj85^HJ1uJXNmVAS*2`EK7|8c zS*nGkT&duOL#^pt9+P76p9|p+VG$E(aVPTYXi4I)jsv0{ohtyoh`I}YiFQ;EjD|F! zT^w%L;0~IGlGi5dB(6m9Tf_Qulfky zeDHm=^`*v(evW6$1xfWHG5u{U__dcN{@)`1XS?UWXX8sg|I2tXw)cN_Quc`dGEQKL z6?oL#pQXRp=Keg8(^z2uDKmenY(Sm7pF*lL6-cdxjC1w*<|O=d^37E>YmjeFJKJ1+ zMmeJla+24eB$VZkqqE0xx#MJ+<0K5k%yH7Zai&@0#MMHeDdvomZg>@0I}sGOm`A$H zs498qQI=7gxUE+1dhHlX~+|3#gEGvyBDR z?miDxn(Y6&%>OmC_}@;7;rYKR08q=PjD(e?N_*Lpe5F{f9T|4Vxy zPVdN}uurS<1=!<;XSo&};IN@cSAEn_th?Vq!;)T0#|%|*_E(qxOM8;o{9ne!!2a(f z|JTUk|2rv%iT|AL**|-Xpz~t{2R-#iT&U*>$x@~N`*3Ls zR#BXQy?E5<|KV&jWA*>&^6GMI^?w)Toiq0`xGhPYEOzi>OUO#p=ZGkptuC}+>4gIcTNOW7@7UA zn*=-t&tQqykbn8NzVmw&zBqA&T0)VW4M?0Yh(N#B|M>9v0j-(uoZEQ4jw9zEw-3%T zNYY+^6=VbSe=L5lzxbXE(EsxXPpbj^U;byhiv}g3h39|WZk)#;1ZnSmKmE4pz3(r) zuf6yEY`y8d|G(Zl=O11Y#M{*Q^zoOp*WV=Z7vN{Tey{}I0M|?6FXy=MRDJ&m_~$lA sz#2qZbI=!6>b`&YZ`S@Fj_vthTWqn#mcy3+4*&rF|AL!QQveJQ0D60tt^fc4 literal 0 HcmV?d00001 diff --git a/assets/logos/cloudcasa.png b/assets/logos/cloudcasa.png new file mode 100644 index 0000000000000000000000000000000000000000..7a6660f2ac1efdf42b5033982140dd597734802e GIT binary patch literal 21688 zcmcF~`6JZd_y6U6_GOf^ zFO>*k3dz3j%zU5TpTFVTFDCBXd+xdCo^u}OJnjP{gUhVU{LBCVueuMxf z2K2{TVBZeeb3?;)byCiydI^5PNxRJo3oNSER9GEVyw-^$c+AoKsHe+mql7XZLJaQ*d3cfWxR>TsE0LHR4GL9X7a_kHiU z%760}40|mEIjx$AuJ_zOSsXwN*qQ70R69pX0XP6an=GT0H65&BuozIIIVus@a~fyh zbrt)gsyTdgkb1k>wPoYO zl`#o!YM8-%T&mcNPdE*rW7jC3GnGQtt&1;@l@`Z+^~9uG8V2HV=b^f(sqkAAOp}Qr zbL)`CKy1^2B+q$7S+}~(tg~EvgB1cSop=(mo7uMLt7Y#9ZQObJJrP@g%WX# z$T-VZj)UcT##Xc}N96KxCt0`TXt+qYdDmb_mn?h1kmGoe&6PO z=!oRIYIxEHR-q$0c;SV1Qx^*lI>M*`8C!|mKepJwE#HbyMzp}+cbo%6LTWyLKq??S)OF^cp&l`IW!X}5d`BBN&?A$myiBiz%z@3E zXLws#Y!G|FhT_@cnLaB4R+!k4EuTp(< zC3t5cSN)}9pD3tJ*qDsZ6Cu|?s1UaxVu<)sWjoU|2R%Y+7+nG&Gquv@H-^-S5qR^5 zXW}}!(3NJ|HOBrjP#w7KgMUlFSOh+00Ns6_#`*92bsPYEVBWJS9+PNIkpS<(26SRL zY6H4R8x|K^7Ym3W0MI9~#K_2pCnaJNJT8TC;mO?K`rZs{3~B&&%(PQnTgmi%cmUmD zXm-F!=zqV~q8JLk4b+>{>EA;ii(tSbT6bI zKQcCYJuVSI*Ot5j-EG)WEl>*0d_vC&Akg;xVFUjkBWF#VRd1M7J7YPvtUjUA5ZtR^ zIL%NKOR3Uh>0rC-stf;g1wf$n#L`%J+5Ea93>jl#%ObW8-ux92x>{8F0;q$4aXc*NBas;bj z9FW9nXO0TS#7ey**Vwt>Imy}Qn}&RA`Fi>Zve(|?h4CtTa_duC?h^;8yCY19Y~OM={8`2z+} zSx#nV!Wke){n%Lj7wq8|QF79Ffz&>+Hn{Q?Z|H;)C?Q-9IxiUHJctRPlTWt)0NDWL?H68XS9xJVB6Ocy5ZY>B+0MH3#=sAFVoux&K6H>kCV3CAxAEDG3PQR3OKp35JYIej#tE|f)xtt43}D>9nyZffwxH%1mr z0tm=O5__IzO?tk1w)8i5`b`2xQk4t!*47Nd8NeX#+gG>5$t4{#%pLGVMVs-8K5}l> zM$Aj?0_te4VfVzAgmn2iR+5p}2o*+5Yndm(18dYD8%!HNz0}a6Jred$?aYeD)#%#B zZF7&fwGO2$PN{#Lp{W%CT>hPVzuaHI6ZM|RUo382KN>c_#0w&dTLr47xnOvAMUmWG z6x?SD<=%Kg2^*{r5T_9-nU~|7y=?2JV_QF7AbDm> zPju(k`!w#bo1&nJE+Mkb_d@YNxZlod%h=iLyEadf=#)b23{BtsI*|z1M!~!i;K!Nu zIWYtvXf_e2bPcl-e8%^+kwmP*nukXTty%RlW8XrMP3^K{9R8H}D^n z&VznwbZ@fz3Af3AspF`>BZy)WqP=b#8gE4z*7?NRdry8T7wI`<<4;(y z)F!ZDDb4Da6VT}UZHXtDLTnrTc3T*HqKlleS8STTxjBDJpwD>xEl_byLNIW5vjuy_}@GV8B;gtEk656py#-oBg3=#j${9~fEXi?nZQXtaYWE)KV zTJZJs1*ohumn~>9amQ&rId}WHG9O1o+V2PtYcbqz^#d3Ol*ny)9#O|8RKhHM?)%A} zS-7PO79zdtijXxPmkgh}BcTbCo;TSB{O=~xV--q9j?o@~r&)bDBa)2&`6U4vIpvi) zSOhqQOxbsiG4rinhQ6ISMYq0bs&SFRc;(_jz~(@r8Huj5{tem$Q%u68o6}c4v0Iu% zPRXkfmfqz+;yaPVLM|3e%#N(6pXGjo65lxEOD)PX!IE+bY_A)td>4T|!@#C7gClN< zK;zUG8;b2qN3p370zL2hIOn&HZdRQ3Ih$!1)Y{+j$>u~SaACKVeHbEiMJ8< zY3w54hcO)vFkhHh6iM4lCk9~?7McgHL#996uh0{V#>YPXUq-L%mFC(P@N)p_Tr17k zvCm`XuP{vbxl$YThF3c;;5DNJO=xua-F>NASCNtz3vAcb4>6y<2w^KkKcoUMDZGjJ z`Q*Oby+<%U1*n$2J^kG?oA-3JdcE&==gKq>L-8l`OZ|BPQ6WhW?8LMQeYfabrI{Y9 zrkt$V-@ng@8aRep#;DDXi3xqzm$<46xKyi3Kt{zBd5JZ88dSk$hN$QgVo736Hk{o*BNXvu zoo{!zr9oq%GjlqWVn0Rz%=ccp3}JPUSfw1Z2;wWu`sBS#L&K1jkcm+?%m0d~*b+G) zF!M~cvDfVGWf!$E!UM9fA$*-R4Va!RCcb}N9|n_N?^#UUwVLsfve6uFGb9}>W25Pl z0yxj{G}5{zhlZ$19^o(M*Vi`k$Hh12wO9iduy!r9;paJd3YhdT-#JW^!yB2(J|m{R zXnNlyM0S@!E0jkpq+)L1EA93tQ&0<-;n)kv`j`JuwyBYuh9{t~2DO0VSIZj24z5EU z>|@?^#Foe2zgAKK)%WUrVxZ4?%KDLuOlLgad`*Z@lJ&YF9fRgG&f8gyzoS0IH9Unu z1=Xz%o#2a+#6I52w*Ms>370ypcXt^_t%|OU@2^{Cr!O3->=~-LUpLOv`)2?g&U52G z4wlF3a9E_xk-JW}vY~O65377w?(6n~fKdtDnlxf;ARxWu#>{C9oFpc~SJ#Z86S z2Jb3`dj)Du5P%sG0J~Rf8jDW!Gjuq!C}+54*VO) z7Q?|r$ck!w7TEJyT1(S8~x38h}6DBal)=iUnGx3_AvG^e;DFuvwosTC%D z!+hY!xT_L>3U{DSSux^!{yMiVx%a76L#6jgt{o1fW>up0aX{Y#zqS>NPXd@Fck@kJ zuYk;@D8V8@ z9OO3IgU24*5-vc}Nq}Z>Re^X6k_0$s+TXk*a~Vz97hi9gQ1U9{fm3I;iUT!8%DlT# zH$I0me-5`AzYDpdvrSudAAlO?WlnL^+u#XGm~@8o0oh3RqX9|Gzd&qn8=8u8?RbRI zT9JMs@OJRhX4cw$xHF8$S#pE;1xcZ~QQ}o>vIKgLqjDz`EUWWusKmW50xmE#MQkKq(a z@C{UKfWp5%_jQIVQ%r7|JYMtZIuB_tn0Kz{)S}6t6tJL6d=TmGgC_*Dg%G#iHjMAn z0*Bi+avAOA@gBbt5iM-OTM1jC1H|@+mH&9;c-NtHwi`uyUluktg^qpwC<<^K-dj93 z>eF@h_a7yTiqEIDA^g8ZvnJb)OA|sKs#5h?7dC$7b{&oji4!9~wk}9O?&dg99+E39 zARZ1tbbDOYp;Tyg=%$7?dCu@c@l^37{yDK~-@a#lT{XF^T=Y}1FqQ(-pTZL^U^pfe zf0~Fv`mgC=vI1Cjv-;8g7US(?Fk&UJacw%5k+d#HdOn|9vxQoa4uV&HsXv` zFwJq8emNGNZ&<+0gzz;HJub@O?N+~@=H5#?#j=+7WHb2n zSiUMJ=r~9Rkz|OzQ_J+KF3CBLy5v7j#YHXyj}GwJtGd5t>g9jrN)N!yvZ;UP6==f4 zWTZa@MS}nn;@D&x*&0xYblLLDfX zqWi>$sQ5Ila{b81X`yM&Y%z1v#Phx}uN-;#+Vl7o}MV zPd37M@eCNFAlSs?SSOe-zNKe3{hIG`fXMaO7k^=`xHpdJTnhefVUe`4U!_Cd;*U-U zK2>8dh+VW?e}+^!@CO_neXyFXJ|>Z$%}uqa5EPOa9oq=0OZVO)kIAi;yJ_|pSFKR} zde&}dv;lZ<68lgdVwGLTdCi{=@C1R4InX>>Mbqh_~ zb|2D!tjNYw{%PWIImybc!r*Id!bcq6H+p&8(hMFHG=zfR|6IQ>j3jN*$*(v1T?z_} z=<`>$TcrM;Aw*Fc?Y4{l@p%8DlaCmtYDCku@5}z)mCm)gEs101Nr)V9Rwf*?uB8sM zJ6EzOC4dT?O1+0qWOSG4lV7kk(TW$$Exg4$rEVlCgo&$hwIbdR@-vq?ZMCY=B2*lA!}Oz|YT=nJdA<0_q;b_j z`EYUEO6`z$u=|OSNB&E*<+jjeaZ;;3L9>3bIp?#~MtSQ5`Ov9FdjMCpDIYO)zCmp@ zzro>i2C|*~K9(`%Y0`O!%5!tG_gQ|naV!f<2Jli5^hcze+Tg>#cKfHx-OQ8Q zA_|Yj0OSu8qOam|PnqR5!>JgY*ph}cuUYm>9rg&O8pDnFPm!f^H|Czo922` zSg79qgRQv>hH%SFX~D^pZTmBy12>g~hC}zz?6~rW_3+gGWNC$&foh+SYe;;+{$t09 z(h+|*Y_XP$;02@vaIFA8D6;OKzHfPt?Yxtlq5D>n6tU_nl;@klJq zd8x8&qoECMK6^%V{ipVbt!Ynt{jcbpz^U6}5tPYHg8(_RI(Lk&Y8|Cdn2R6|a3Ezc z!7)=F&(?PU?YZ}4GM5{_X23+%{(u4$b7Y2PYeM)c_P$$YuS#hPmGP|lXC-W_r}bNs zBeF)rDpAn$A{z&y!I_!*t;9-KFuyAmc`i3jHG7+}mKWJ*py~z?_|X`5#Vo@$6|PFAhOg=RjZ<}j*R?wz zd=rpBuCez?fYc|}bqt>3>FauA>1Cjw2#n(Ue-kp`E7%5)ZszUQNbTbdx10_tzX-T% zvNV=o!&0VAs2N=RqDR&i6q2f3ulE#k%Gz{Q>@^KIH1qRlI#bxk5sv?X+}qE9*5*ck zkBI9&nDn#T1J{-Y98DDPxH4}ci{#nLfyODh$ne9(Bg%=O-`Y7o0-CPCz~89GShbuE zHKSR1@B;T$+28ydboQw9(sy7=h7OhSSczlNmgd1~q#&r|<`w@v znWD;~Jb2EmiFjeE%((TiDpBp!X@tcHnMzOW0z*TKAs?=D(|TFwdug#C3t4S;3cE1#A=lTa?=nh>!)^W~)^>PqXYWZ%T&7y~ajpcnIHVADSA$N8 zWcl%3*RjpNm@lU5olLFgFC=mPbLrjfm*T>yGHtvOW4ML9D)b=j)Mg=MAsbg zrA%o^&DHTS;ggu%oDMnW>3@QqpmvL}jNP9cuIJaP@? zxC(tSUd%^WI{2wuvw!obtSG{W9AmF5t^3Gl7Q*@Oda|0

nV+<`GS=M@~vYPP<&# zR)7Ti+P$nN=s+Z{N?>;TamM}^^9!Wg;bA43QBdB25g;Q!Pe^tXqt($5Q zIi$Pz)dxKz{j?zh17UNN*t0UYY&f8gWaTe~jfGrUr>4!=6gi-=|NFZQw_@Ttpo8w zrX*{tMaDs#jDk`Wv%%r%x0JI4DEjhzZu;VO^E;jz@3mNQbR+@Bmm#ws+F+KaNA~s= z!N-D)vc~q%uf~f@j2bH6tHFxe(yPge;Qe%Vbg|0O#x<7W=EZjcIhd_h9vh9*E-pc7 z37CHcEveU*rk;k!B(wf|Q{&@dEaaMmVQSRX?0ytq5~jchybGo+hs+Ktf|!umAScK) z^XT58Zn$+*LsEFV>q1J3dW6^wsRyv~XKlh}m_M5q@b*iF>~5yC zxqu{Cps~Co75o~l1`tO4!~V`NXXX%sFG#o#Oz3s8ui~(uy*u%1ls-LqB#?#X66-a1b2ruse_NFZ@2#;kTGc{7+2SgOl=d_S zuF`uNzA@vHBg&vnIG%IwV2E#Us^RBT7LY6v^N(2iJ8geb5?uLd!@ZX=$LOF-HrK#t zpK;?KFZVJ5Afsd5okc{yM4*LMtFVz14_C!4sYhyD!-F&8yG(0n=(A6g{<0@~$As|c z+a-W`va-I7XrQ%N&448=Y6xL?->isiMKOphE!|9qb6M)p%LLPWQWPO0UmA^IKKU*Y z?%nOV4EYCX(A|~;`GUu4v`GUE(#_RhpaHIe)DyA5I>fD5<9_n-kzz zX5G=)9+DELfqf~zSq z!hO$XAhN1VmqO`+X~239?AE8i)qCSS4l+8-c=NuI&w*w|AM%qHltsW#{JH=a#EFD% z=WL#n=Ax-Q*!k+H3)B;lOZMOdR@14t4QsbeJc6Niq$ofM5{ywYH{J2bs0QJrnBBE# zSgZ2NVCAU|^$uZECM{saUbxPEjHradiF$r04%h|Pt3${Yihy53@WQPbQ zf#@qe298ep1<;#hnnVXP) z+!Ns7@2Nj$ISQ;0_@`?q9+V!Tl~AYqHpAc!G}1QWiz2636!L_pjT79Eh)MGkfz7 z9l}4?Phtp#9k47%%VC>S%Ay)iVDoJqzye*EuhDPurMpc39BoDn_vx?Z)SDTAA_~%V z2p;Ra480h7|Lb;~me6L6CC$IWtZqn~ti4WE%Kr;+B+~O1_&cAtwP?wM zQPzGS0(hG<6$NhVASPKb#~z5whU+$4qdyEf^2&jS7OiQ%nb?cKi=R9;%PWaMo(jfp zMF_y(`0sS|vf(w^@8>iS*#q+3psNMg0hE|mu8&5q0(MHVn=d2ebCbl3Q6YOndbkwF4R> z&+(kVa{;B>Ji?%9DVDG!1U$6sx}$XHp-|v0Kl3|Jklu>}2d8*E3$Ll_iHWIsdgdjZ zKxITk%20dikzlPWEu)*%CPS}c0H%ZqCT%2w4Hm|9h8M2(g2- zFS=x8h6QkN0$GxPXpmnHsQ7R)%m{65e?g}b1pp)ExAlo)ku9h{^37D)wBTj9?ZrUK z^nRjd{Xgq}y?E$8L+y{)my*ulO^$*)x#1dP9zzLf8f;-2+epI5>irG%b*X(aPgkvI5~dOkS?t zD`vrz97;pJ{*lSMf6W1q%vir0Va9W?2{H@$G2}nmfd|{l;RY;Wi4l=51IiX#TM3wd zp{qN2Ln(H2_kn{FekNnrUh|d)aP29*f&t|ANS06zlc(>RK2ERqWfij{oMu2C{%djW z@l68Q|AMD30@T@-V+-(FHl1|p39JIu;tLHViM&n*3zCrh4aJH2R^XH*T`%UJTIO*O zCIb0~8?Ci343{4jBR}X&WN0v(&5Bq5p$R?un;_${AEe;b_=>UGO6DAzRrVzT|L`d`; zbh{9a4c~Zj^45?b(2GNrFKIU`3@Wmd;()$%T3HZ1!Q4*nGE`_Tp*goH@O2JAE~QI? zaox}WT z3ZDI^FxE~iEKJLC){RDdDNpYf3GCI{N7V3Rv`gcbVm256-`_=>#{>;k#8EGkYzo~h zI&%92Y~=ZZrRN%EtJmk_l(AOa4(juuJn%q;PiLaz_Vf5(0efDRA!c z>4SFF7vFD;E)wTr%p^e3AwHltu68WUm*N1$qQ0q#3v`tO8kbA&TVi(Brt!G%A$h4t z!Ku>#$@K^skJ^LL>L~F!*3L`>WB~!B$j#=3TMXJ#yz+tpOJ+s@k{<(!8585?vya+e z|K%JPVPO5Gv)wplmJ?OOohYK4Pj7Vp5OL^84kabAV^GwAa_0Lm2&8Gy_qlv{SY zePmHx#s8)*;jM3j;3!*O3UUTA((wN$4f35~f3e993^{?%dJQuCQ8e18z}VY=mMg)T zQ4;{dwiOhVXQjZny2B-4G9Xysh$V{?0Fr7{FRmyDR=|`*zju{J^`vq#mgP^d4v-AY z$^ZvmyB?0cZ3z&Z7J>#wcyAZh!kq*L64gEp$-g44cYq*)*bZny82mc#sEGEi=DGy3 z-K>s~Dxjs=O+n|guk;WTM{xikOfB?F`WvdhhVMEu&UIpYt7HjTCjsG1fLjb)uHftz z0UMWA2Ei+b0ABL_2j8~2^^hpwRHq@@0t5g$-ir)wad@%|#RZAuKw7;+@Bl#K02TDn zzA~O*iLv7$01B^u2)@c5v5kZGRAG|3Z!*8_6D-H-V%Z@az}r;6sD9?*54IUm^lVO@ zGDd6|^x60E&wGBA{tLZ2mxutO-4p0u1^I@A6;;bf@Ac z43aQjXsRc59jam};j7;d#pAA~3TMGquhc-GeE6oj7;+ZSCWNBR;UJ?g`T&4Xe`@Z6 zx3kcO?Ex(az=@hw+RWcYt-_&%5d#4E72~IgXOE%hm2j{+$zr|;ME_&-U*f^G@#OPp zt2i_mCBXp%KWxHeX&u@dCP31ufQ%L@Yix@dWX#}=_SXRyJjjLxfYa_o!7MSfjhSss zvfjP8r~`-qfFphAWf_cD0^-O-__@CJS{L2bjk!)~@CYiXeKK&c4apqSetp8<&*4}! zBJ?U?B&Cgb@Sy6OGQiH!valXz;Y6Z!2+xx@SJIFpT}%LP-$n&X5^@4U;M-!T*)e?g z?(9I7qK%-czyU}p{Jt2S$>>xRnjl>O06X}AH#w|;v10==fOle~3*`_H-CHEW#Zl?L zo`?`H04_Wet`g`};_sX0tIx^~FGlWpaV&ERDMy4nFP)JfP)CP#`P z!U+F~LSyJzB%ab3I`{kdJTq#0Y-1bxwit>cxu#_8OIxtmkC;;G9Dt*Q; z2DCvRHZssdeHTJ24IV?yyQSp8y}l(spfd@GS9>o9kb-1}uk;1!;J^o;ap$3JVE$CH0z*ZN5nSt*#1r)x%y9fI^qnC8GqB5DZ`7R2M zo1Z}+)KQZl$_)>uCITj5Bricp zv=MELof+zSxkAFzzX2HDvDJl_`cR?p1wlNnnm;oh=13X?X*dPi-lPA4E|x>$gJUnVUL{kS$7 zZs{S(sPb=Ps)qVjTs|H}N*gsD6@R@&&jkQ_6FokTRv=ub;9(BcsqAU$RJS!0d)>9D8lN9}+QM z{+h^&M_2&hU-S8Iqm>L;1-Cm9r*E;5``iCx$JkxPpO#g51C=pzUYFHY_DY7@Vhtj&Yj8Fw$P_J3D^ptW9bfs;E9R zRR2^G5)gsvH67aOCRU=*HO;o8kmaIhp^7%2;cX#VO1L#hFpFgUUwa_;-&H+AxYX`>JW20=`AC;Nq@RR5I&2*U6Hdgk zy}qOitfB@b&DQzBgh3nNLmZjO_m?Bzd1J{a$uXr{V?=y_>N%F2tB-~`nXn%nnwN1iUu??gV;|a(8wyz(zzo6kkCLiu@ig6`zlnKB_9M8}!WPXj-mO~c9t~mjc z*p~VIo}yjP6cpYFWP==?iGb?Ykbv<022uC7r+~vv8o!EyX%&77`Hzh6!uTUmUKred zJkaS0W?X_~g%17Df@-cg1ClXl`7G(2!x0RV;P*-{9rD(AE{zlDa56-4v6QXYAFgOt zK?e{P_V(vb-l9dUCO->2xm=J4L~1}3#TaYNu4Lq%ZSA7=BNtX6Xp@>XSV~;QQ_fwC z0a~@lrQ9Va?X2+#`nR(vw?DOV$*``=|9vv@Rbuq4N-mxg>6Im1!6P>S6k|-1{o7bj zfQ$-h65F8@Ri=sN!YB{-rbNheLrLq0)Qt;ISz|G0gEdSJW z5EmXnA(>RQLcpM{9aFyd?nIUp#N;6sjA4E*pffP6gyy!4=v#^qTIL&K zBiTIx)?OrPp-}kw(IBdYrv+t5m$19{KkH+f^jt7^Kl^Prp6Qo~9>IQCC8CYUL~!e$ zdTX_hrvMjO0M2uH9`D@e^<^$j3xinfH-nQdo)yye>h%y0RI$2^E(hE-#?(g77V?d zRE`+_Y770_7X_xvfD^|HWK5uMju;3}y39#OPNm4F?WrjZ9Ltac*QlJxwL->?Y#9{M zs50$@ruA=+9NePx$)wZeLpi^(3O{!@yn|^>ggeK=se{iaS?RQN2;WGBiLmU|ZvbxZ zhoDSZpQl8Ln&K76?O@!QGZ5sYeepC}$eRifS}^Ve;@GKb9Rf#uKMsld;O$B_<^DIU zAH~n76A!c=$3|5(t9ct&%`swQA_|(;41C`;e9$Fa^(C48+?F8vctwLSEJ62Eip^uq zHB#J{JKXZ%)2EN!F0U*wC40lyx3XtTjDR0|^tR4*;9_UJnB_gh0p z(e1FJ#Ve1c&75V=_i(HF@mTZ}s>_cFn#T#T{d<>458Q@$uDSL;aEt0pMofO}3SF&Z zB8;w$)0>VTRA&fr)m1(gj=S>BY;}LN$^Vi)1#Ms6XIvHsqVz{!bW#>a&Hh<9G)fcOc`#?%6eGFSWiaX1I=@7I{GCp)3B7G!} z8CS|+_p;18Y8}!53DQL=Bgj-^y&oe^6$W1Q#`C1arJ>)zD5G7uatEH%c;M|sb@$4e z3au-6s@X*#HVJ9U8$H+5tO1jb9?K}ilqBjviff&EsmP&}z&eV?{Pz8n3~e%Zg>7_F zB+XaSW!I0oo(SmdpIl}KC9~GIGzX`Mm@i+YQ;`LJRr)V%)aCZhY7(BpahdJmA*zH* zxf+f9?oL-4vWhls9&n0122!%1-kZhDQ%0s>mCYUXyA%VZIXZgOE zeVKv9y&?MV$Z%B9J*LdjvFm=?Cng;`*Ep{rded*h=XWtiTATlz3Yw>OzBf4+ zLc1X7XC+BPkpPJ#vqCu|Qfz(kn9(=EZ;e-Q;c@RD52KlvZ;dv3 z8HVgZyt`_zCUn#DSjrWMU)6h_k9%*wc-2rnM|7g9mbE4c=s$!IsJ;UaQfsWe>XxbS z3+EcNy;x6-7Dn+*8PLX06vY$7;p3-HY*{`Z*lv-jU792R4e>pPv1_H@i)`$Rm&um> zV&l}vfGycL=vU=~lVm&@eilS&TKt*py>gB51NYmKpx9`kZ zl!;s!p^%Vm_CDGX;^gPNOV1pZPzGLce(hxI17Cw@HECnbN%APv>8ZFUBVhlw483I*ur)cn%y^Lf!VC6UJi$$+^vWwM4iUPmVb*tQ*bYENgX z{DYqZWr!`LR<7-2<*%AO(kEzzBp&A~(Or_Dv(sfDM1Bri=)tdxPL9-khMN9ks!0aJ6+e*2|Ip0+D-acl*M4Bxju zM1S#_(!NmWt&F&E4&Wu85c&Jg5Wzhk?sJr+=qPO&O6(0{_bwa=79(;uaS&AO@4fXVs8xn`xA69~#O`n|W;rO6 zFc-k@6i;{S%OeIv{i(;U4_CaQ>x&sOMi&}BkhOLh-MbN5vr9xRobC=*{pW z&I%4!9)7S5T9)EBq}%$W8ZVcxc+RQXtRLQN5J<)RT)*I1SR&5=*%bnvUG%pTVBWKb zz5I{Q=SUxLgo>DcW;2EIarT~G3aB?YujD~-kAY2S<$jUo@x_p zF$m|$fG4@1Yr4nKcT6XtY^JrwPWvVoh-NLlr0Q{>l$Gz6DGKiQSXtlrq5&DnV9b{d zc2YD)%`rcV@pczB58NmZZ=hciaz*oM<+{Ajw%zYNs&xzgr(Qgb;;80hobnDtxy;wK zWsRU64gDpQC7VH?Pz@OT{CP(XZS6c$Jgo5Ty_L#L2&}(#(h{26a!_CUi*XBm@H@h4 zyT0~udvgO_YRJ84L#93gRH0^^1-CwXUat$}M==r53HrS>(*6tue;2dMhY7V^ss_Y8 zvw95CzhG{(GK-R)iU+?3K}qi{XjqE~Sxw^5a2k1x?NC~^9zi{G{+cjaDTPU#Sjqxt zF9BnI6{PV%Ud|YFAWOl0vl%O z^a;Z0$FK>Ruv?a@f>C9`w^kWp-t;>LHdVVProVPIbVT8%|ZA4!ih7Z0@K;Fg2)eSqW$LyAO?odCcb(>;=@ZIdoVkI4H@z{xgpUHM( z4}>P3%7LX71!xX;!Ox9}$^=Ma5`ZeJ8d!O7RP{2({2I0weJ`OysL8I&Qf{5ZgPPCJ z2S?pn&%ooXvMkYhWIR$ox7_*7Hz$7bL$SA~l>*fv^# zG803nhc2Mt2rXgx2+*H4f_&2t=ih^W>Ofca@whay0P)08A2FQ!q9q*$wCqsET`3HvuZFmRZ;2YJgU04c-Fh|QB2P(pIUaaih%vE=%`ddYZhwui59&= zw~zwW(ovc4!HeNXRD%Y07FIp--pQ-)HcRa3KPGlPKBw*wnrbzxGq>Uo(H?Vosejo& z{@76938mak8AjbYM>;0K^;<0_q{puvz836&q+t?d$@C+^WA;#c7o3~9b>wS^zj5jn zHAQfL|C34oh6EiTEc@!8T3R+no4R?EnAUx2%QPMH@6p}-Ve`BL#v)4wayaKRCMM7V zr3Z}s)F<&{m&fMsw_L!MRZ#SlfH4(u(WLrZkC}Wo(hNT$HnKU&T zCff*6<=He#_rBADf75nHX-=CVGcEF+IcENL6qX?6{?*}2%=7Py<901>hNUfR((W^= z?+wwYmmJI(_EvLcspk7zi|@#B)_;VGdv7@mKX~k%+Jimo;U+<>Uz9A(nqT)P%jafu z+0Cw6L_WT<7UHqpW?)_cHfGM%i%h|-XKQIbpOWRjy%;zo4yHEy-XoK_CqG{bp@_ zcjt`naKodlg>+^0mb!mu!64!hTFcWD5@g+Ni=?BO?hfVa0k_fu%FcoYYuhsQ`zZf{ z4`|ikDycq0m_G^rp6+coJM^p#e&6SmGy;d%L!F&)uH{Xoe0GmlKds)J$v~d(9LMg- zXvl+L{!8G!T+VZ}a{j1{6I6DhXZ?-?&*~DW=ssFy!7x9|ol=?jlcVtfAtK^$0?+M2 z7d)BfnIZ+M%nOvfa(n%V$1ed%R|}GG&(efWB_gFfTf6VOnSd0o+oAVSrk7m%B}Jet zbNsoAE+UwKIS=tmfeT{cIgKk@F{XSVvJ$C3%*@N2Zw#%BDv_^YmfCMObuhetn}YOO z44++ajDh>iASn0F`f9O8!+F7pwNS`sWQMO3IxOVL# zY{CyZrH>7IE4Px|E`|RqbXT?BR+iGxTe@Y?&b?f;FTdUG+cc$L#=ZP-Up6y-P-<4E zzifmWB0Bgvp2BVqyj^tgu*AjaBOh`<-PF7>h)5q?zO^nGf8DM{$Kp&m&F5SFX!hKd zvYqkblV906koM){n!As=6%KQ7E2E8*k1wLJy(@S-5TjrTVcj1beO7lu2fB2}Anf;g z3*-A51o$Tg9(s$*))PRT=u8><&U+opA+dDE3bN1loK;{`J$Hdp zm<$(6VR}6-mJQ0#qx24}kqO0}1Z#T|rzLDOKEF^$0A3tuHYYcbBMKf569XTqqz?Ly z0PEH&eop{ZzYGaWNhVC|73j+bereO$1Oyc>1Nd~SvI~FdPMJfwJfdkBmy9pxR+kw= zQe_t=+^jE_grbzv*V+V8JUMG(^WwLCbO|Z2UMF4=eM_$NzXTxn4Xhtc|Lol%CT@X1 zlnhAD&fVo{+!}h5NRJMd0~MPJ2M%Mj1K+&#Kg6&dL$C~Ex0ne6(ay%7Av{H% zI^mkfP?N<-96kFrBjZHJ#*=#pYBO~N+he1{K#o|Ylw@VDWf>|4M89w7Zw#~}bMp$xC2G8gGWkQvv& zW$1m@QC>WBpldrPo12x!m;{!e+bEUe0k`#REi-lajOyzDtL54sp-TV%Ime+nxx`po zDw@WOYm62e(8W}Ry zf(=*`Di|R$cXk>%xue3{SKv?NW$D~R88*V&z}L;W#cAy(lky-b`*>VwL$Lb!;lqg& zI@ai@Eh<+8c0@Z0`+PN&OA*%1_U<@{lfno&cbxJf$&P=Z8KZUGdawK9@!M(p5XlI@ zBrrU`hl+hF?6+i1>@0NH|Di;vw99B}>9IRkk1S2GZ@r-4Q6KGhiXB!gc6 zO)&V#ep(cv1;4VvXTskfB8XX&$%&E&Gk#o+p=Wl5$OeWCD)^Jw@-Kz-wxAF&ZB#Ly z=8H&Y>HUH+8=+(v@X6!rS%sYPQAT&g%YZ$D6JEXt9*({V`qUp% zfDq`aRQ7o%5>a`yc)udnI5i+MULUn8M;L-I@g`z_X?%S1gsrkia$JP|`_nHx1z&(erj_=B`=f=y8|iok@_z$EvbkM8AV!9>>2yb&!?kNMwRP& z?9N*D%({mOTv?hyK8|{gM@>L4DrV7S)$(Th0ov5tt*vH4O?ucFDLf_4zze5XCbL9v1`n zz;y+t{$z7N*!`mWx}Jz>b1=<7_|g&;+(L{mdIM30#fh>`+&acbCUf_ol1c}^5myaQ zVx|(6jpXVsY|D9oUdz;5PKy}4_K(2_o2PwuGsNAS4;=BqludP%64XF#LK_bJwY))A z3y#}68gnH2tnj(Q?pCMQR$lD1O7D~(FGO;g&id^r#3@VYA(I5*fHY92@?2)?R64^NWjK<-u zEwc>vO(40V1^>18U5AI@0J7Y_w<MD%Sd9Bm7~Bh=3Vn0Rld|Pwbyq&TgvQd>jELqFi<1xy5 zxOzEZBsq~|5aQto^f2~}H1*7h+LB(`ZDdGmqwKJo^a40Kvn|bMf|E6BQ)5rFZUJPw zTKk~%Q~7SCA334(XSG73IN^`)jrUa@3NECwyX2m^1&Alxl2i~#+eUchqLYq%3OKH~ z|L@CYBUn${+?K}vv*`u$+g$z9HjZ&r9Xi42;=!N0)_U?zPcSQOWXl1^#=CzGQ*5JT^QMkd;P)iot0k zh#f|kblqiCqBLfU%VgiZ4maCczXhHi+@&~hBJ3@HEya)KZ7P10oSGrZljVFR)h?*y z)&lJeyU|t_6)N5+X9Wtvwp7wYgv{y$2qQhYtkB~oINg3>lmGEK6lG(_TOb}Pn5wJl`SWGbl4r7R_H17?r z4C3h6^cPuoabuXmb42lIgf|3gy(GA<&qMo$p~l&MhNZF2q(?7WUBq?fVEKGb9w6$) z_TL1R={Ol3qVf0V1ff0|DwkW%sr1?9?IUDk%4L1siQ8dN@dx$X<>P?6oVfQkCJym* zeNU2x`-|&~NXnoW7j^UN$+)3nHbJ-mPQXT-y9J3tPV#DTQ~1s5*x!Owsicop@OUq2 zaec{p(u!HG;~O?#*H#C_+AANwPwZ?j^j^ip#CJx|f2Ilm?dez5QI(Z;e=~8h;>D0( zf<1Q4eRBT!s*-zjRn8OAhTVRwres51Etm+%NN*ItA}-bWpuzVPuWvD2Fre+(o-u1# zAmq42E!EV`pDvwJtiOH>-@l3jO4Gg>s8?C*PwD8{ahp8gL&e{XBPa6G-*zXPNUTKk zv4NoRBNUk1JOE-#{W;q9${U+OoqP*1kbvnPK~Qy~GRDgRm~H~AB_Pbnh+BO>8?Xr( z8tMDg#46`dXg9`_8?tI6Dt8Fm+>p%Le7sSuV@~bMYLkS%%F(Qp=tWW8I?mMj3^taZ z&N^`e-7>BNQcX~q*M^-lek;#nu%nN;FA8Wik!jnph1{UvykCg@UJFJbA%?6d>>550 zPI3GbXtrQHi#l4Qx_Xvk_4)6I-T9oYc@t;*2pFbohe%Vsmptf{!0417Y+v%-)Dby3 zBoE**GAHGh#_b$9M#Gm458ms379mwRSydB774|e;luT0G`bZFuj!;y=5nxd~-q|Rm zd(p?M8&Rtt1In<)^Q3Av%%qawt<|L_ z{xa(Nb6_$nW|g(IfSYeb7!F_Lqov@KI?U13b;Za55_0d1ED7$i6^f>}GS0bY^dH=^ z)5TZ#9a%EzFWpLuibe;h(t`vjFcDWfQy})$a2h_u!#i2L)2N>tVPJ?>IY&uW&+Px7 z#m&0Ai^Q4l9W0@P+a4wzP?@{u#{utwk-HBf?Um+vWm&08M8SQu(IOjZJV%yoKT;+c zOitbCSTQs|7WN^i3SGS4K2UWpV4eia+Ta!GeM2!i@js)`YT!(TH0RO_$0?-4S}wQI zImvZ|$~GXQ>3{xE+ia_FI&II=SeT}t2j6|3*niP3snjH|KfigWLy)(TVqs`X#P(EbGF}l;_!Tk$#mC8T2+u~ zX`(2gcahnU`t?y*P59mTu8+%{smk)s`c;@Q9bquna%NWZmw@n$6%sl!o}yvAIs3WL zJpii>;6JjWkmf4WWrj!t5sxiqJ1jSQ@GOz7@|Vhp`5$FDuNGCHEJx(SzUb$2QniT$ zTY4T>74!Wa%~{s{yhMP2h(@3{p0hT;MHf4l!0Fv-OK<&o3`D!LQ`jY_Qw(g@^{IA`pP*iy zW~Az=JBx3s%5y=I(>Q(rD553ct27f0V+IRq>cs!~xIPi*F8J8UM!uQ{a#{8J*gzwT zr|$<~fV#$i+(6HsU{_cy>&O-DAwakhxuqmiRaVNn!fHK`{Uap{&QC4=d0cD>K}Bof z9eb~QWa%$z0zE7!w;>v6S z`!^bi0=ya7F%!sR<;e4)3Y>Hz6;Qf%>y}Q%l}hEm1oa0_PN(TiYC%x&S~wmrYgh$r z5j-Fo^E4&R&+BufPuM|jxvRpxFa^1If)AA=OQD~@c&W=FYI9{bfH!@M6k-V*9RZ#e zysx8(*BzF7K`E!d?VVOrI30rW;&9PV=Zrg(WT>_{UrfnMM~6-Ccoq7Sw&8u@A+p`Y{1*Dxi|8>3-#? zi&;7gWG%f__r6U0)4d9XNNZI(Oiw9;sf>7jPFy@Ls>`VQrdb&Qj98t-y`h67r~wTg zCVd~VpH=a6x#<;o<(h3Wd@)woyOCV0bFTd`LVi8Afefpgxv%f!{~&qw$)IrnJX;W$ zdRIXu78N-^ZbQI8fkYW`*sL{ubnjyQsXS@#^Z@mI3w1{)pyMFls%Ar<{hag!WjX-W zwS%%t+fb<$jePFqW2vYpJ}j(Z>IE35aWuLR9K1oi(Q*@*_;<0Ir8RY@qxp^Wob7Vi zAd(#BFzK2^lInN4k+Q3-mQBCKKtMYXO0AMSC;`LK7(TYG6Q&4Ch{i6Q6M}Ktve>{! zE(K)j5KgdsuL`>nc(^ZCYo1;OM5Efuy^i{!Xfi{PjsVTNSVNfD zall`2QCn}xGkjhYdsh~Kan`+d1F`8FFG3gVm0(bjnrH;ykqN$ltqU>3CMB7gNxe&R zl888#1$bl&scCG_ZZ+=LN&`YFB}jpf|7C%R+KZuT^~nR(GjI7bUqBEE#Wr+}zj!C& z4%S)v9Ax$u&VPQ6o?Z68Cg*$hxO{KqnNJ+^!T{liiRGz-4obRI=>PABADfcM8$*nd V`uAGI+V|3qZ1&kR@~qfV{|Ae7K7#-N literal 0 HcmV?d00001 diff --git a/assets/nutanix-csi-storage/nutanix-csi-storage-2.3.100.tgz b/assets/nutanix-csi-storage/nutanix-csi-storage-2.3.100.tgz new file mode 100644 index 0000000000000000000000000000000000000000..6c7a2b491087abaee7ab269ee8f709b5a6d771f2 GIT binary patch literal 11370 zcmV-wES1wAiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKDJciT3y=>E*V0#Dh!vAY%}eOdvEsl|1{ivwL2XC2@M~o z`R*PLk};J%8Wd^+F;8K@$a!j?nicicz3R5ly&2 zlu3o7h_Wdpz~h=4Oin1V0U!Ry`EufBf$>TmLJZ#ew7`Qd?gO%^v?gmUEd9Wq`Y zUD}TJEmG3!qi<;hKkd8Y2uuCvF=6W6rPoIv$0<{(cb$$&HX1Mg;}GroyZip|r59t$ z6sC*_Xv~bRN^cdPcUM@4ec4Q|15t{Z||Qe~$73 zosbDmBZbVY1Ftm@h3~yUA7)e{DiKEib@apA{)CGdD@8&yp%GL#Awh%%L31o99!EqX z#nG6c1WQRmM494f!Bc@0iIWH`B7M($q2&sWi6TPkzuuB54i+fpA@N>#FA$xe$UKrn zX@E+k1l&j36F`NDxi*1ch9)401vZx})Vp2m%5a2yF#C_H7^iK+ASpBtG(LUcpb3~Awl5*%FPDM4d0;ewz&f6u@5Ob142 zf+IAOKi}u?hr% zmgn#-G&O>e^E6S|zfHG81Mu7GbI;3(umk5463~zsd`sBe&?wTVXi^9b9Pfo49xSwo zzqtl4QgsBQzM^VIYknNip4o!D_;#L75 z8CVBqSP)BTnj0plFldMiR2?8axdmGEyhP)1%EAjynHr(pp|Ahj^*p_3ndJb7F=d`+ zIK4t;%fsLx^*l)eLDacfHWa(-?pC^Hv~t0HNb zp9X@Z4c(+0p38hRL#*&65px=lS}*rJJL$*Vu85;-wkPt#A|WGmJCU9j&0_=F(N{E& zPpG_>BXpqKg{dgEs_Ec+F7u}L;n4+Fvk@|rrpd3s4zB)4Xf+_>sN2~HtYX$l#_g29HC!-MU(|m8WPlN(gDnhr0e#O zkAC~j^NOl?BKVw!M4%fCi&DfFu;>GDnc#rv2K@KNQt;2Sr@#I7&%-Z&w9?K0pJyaW zh>*TY9$*SA)BpEh?N#{y&B5!}8~%Te^6RgIuh5*vBUse++NBl=IgItN1T!*1Uk!fy z&C|8K)7wO=GFr_7HJVT0cQDa?&(`bfMVYb|0b)c)Kd%W&pKlyaS|A|*lQBMZ&3AJm zgx2})wAR1^^m-qDrSWAtnb2F*>*v4-3*mQz>oMpY2xo0f(kNP>pHm!xGXvoyfnNCD ze-Z;7>MPxb?vX@e65v!4Bza8GKhiM~j3^>a-zStrq15UnifBxg(T71V-x@DqTu#m} zbzQAJ$%F*kzIQf3)=gr71V)pQ*2@9UsLJ%&RNG8gn_C)ri|tCotm~JDnohEjbuY8g zb#+=RtTg;u6?A|68M-n$Tz!TMcxIzwpp@2&9M{s*wGm7NWom+Yf06ya$X*4SX?Go( zYx})Ki-k$nY-D{jdV*o1E!CJ>5gwCh#mR;*daYe6j=cHZI-1ZO5+sTA0^Iv+5A{Cx z?$2ix3wuS(i|RxJp<1h7zo{7Pzqtv6K!rD?FdFZ}&gI*Bz=U8bi z<30H~rGkXcU`Ht7;TfCockBnAGV3(>(j)c9EZzJMUZOzuWe_|-04(AE-Tl2+RsP?7 z{bs}e&r$4}OMcFlT`p0NCxpovov4G}Z@*aqa7ltxP_;PbOp#l4%$ZaIQ>J8TYfsv0 zeg?zHk_NG1sf%jz@^BRKoA0?)CsY{!-9?m6DYG8K?Dg5jv6B=P}ABFW-6ZxIs zX);0{LJB;V?^AXpkJ!SS>KCR~A}H4*IPwI+;X4*B-gB+jlUh?k z1O6z97}eX7#Gl+nhZkJ>}pm z(i8*x$@c=mcu4v{LkUodQ}#Bh-Wp{k`ESPh-YdWo`TyqC-a%FV>qi^;{|w~?I_Akj z(CJK}z2WXR*-p?I3t+p4+~PQi2udZMk`cO2$0SgZ-P}R_3Ho<6qw@2FM&v&{uix+6 z<>CaBn6pcwN~;4-64|^MG;%b`eaEAA=dsf!C5cF&IEXxiVyuGMTWv^7^8o4ATN`pj zZ$B>Jr%P0V(+vqBhY%G^;IT=6S&L7!Zemiv=;NbzhJv)yuKSDj-B- zn6aNzywFSV_17|xbda@Q{c<$l_4oW?0RR@$LW`!=UcWy-eATNz)o^hb3L@p%PgLRFdZiN2v@$aXf&)=P# zem+0?;j{^rZv~G>l^4i3Cf}1u{f&KRw>1+I_?iqfBNeKe9ci$-YEy3zGu`cnR8(4s z^+yIejCbSLrAhCGQLI`c`wlKbz;q>DwcL{=Q|U@vX37$sFt1qUE-c2JWeeuW#Bo%Z z2{mvNVPV24Q-^=vI=(#ne0qLz@$T&WLlfud4%6`P&s#tjXD3Z{awI~oj@^PKI)v(a|7<%`E}Sz(n*e+FjClW<;a9*901Pss$ zuxv23c{)Phd_DZS5#Eg8NX>q!yh{XEJmAp?eK;Nx)esM`(9gs-tL3c&f73`(>F-1m$7&a3 zobf0ue(ZR_^;H{|hlNTcY2M>JTB&{1@Q7ji}J>|#IE#kiD*;5$oW*)(ADq-p#OHVEp@Ryu)yX`6nXvZDW| z;I3QW4Yb7n^ZMXb)&IY@`+9T!=UK{=`F}1IR%DV!>v@0*boL-e5cpiqR{$$W643x_ zePt~VQai+ZI+EG}F83#uo#|+a%c%Ja)afxQ)Yodus}-?vr6XS z>!GZ@n;*Vv1d)WPwTwj5;EFb08-|VK zAc&;DtVjyB?r1*r_g5f;^02Qpn-Rew5q;oE%Gsfd4%p0L(;P~M6FK8btvHW``lI>Y z5=&&ISzBe!pbnoZE>%c`IIMWpDpT4up-X(bZBwyiBH9eTes#~f=5t)vA=v4oT-goT z>CS9%;QwJ=j`!f~FXxV2)$OpdFfgTqx;L(;=XE_j)Unh!i5th#<2#l}oT$YK6(jU( zQT43N!k0GIo}jE~|BErce+1xC`+xUME&gM;Isfx4rDFeoU9Ih)XFYWNN*Zcp~X zc24p1pIO@P=`yI?4dMb0ipzL z^&%?a=M7fD4C<@^GSMBEiZEqm<4VAHP|wV${w*XCF~6lrXrCny!6Aq+jaNp*Hu|8p z24?rR+T;rTDaXw>PFmrTe`EpJ_dUC z)_Xc+`--yD9DIwLr1{cDpHhw*%6dWp+8DI?Xi~J!94ko9+~D{Ah!%c#S;77{^5E&t z{|#Tgd0n;t_jfn@|IbqD=l_b=b(uTxe*3L$-GocQ8qWheX!)IEMk`o_)g7=GXpAL! zeSioHxYlam{y4`E8WGGJ#`nc<<)Exx`o#Vgaw6534RX; z)w=m#KIGVMR+jMptKpmK{Xee{_BZE$pQY6Kzj!I3V}BRYQ@F&o^Wp%n9QIPasn#^$ z)mv`3ixF9UsptInmHUcKDY{qu>+Gr?jSH213$`Da%N={VQ@sKcdd1+D_3tvsZ!a|n z*^1^yLhB)Q7Xs_|u*p&$u%dZm1ZID!AYBL0a$~I#8fa2UI*zEEJq)ilNcTi6;7kb~ zMMU%oTuSvY>^i}%f@0&nl?5ys-n&ohms%FFue|K&!$g`W)WX;1R!o#%tW#jM?2^ok z#bIwzzWwxryFAnK3GiYhg9WW64Sz^t!rdc!&L*8lO0SW3_Qck4`%vqmT#D?LhQ}Tq`NwprTUc~ zZ^~I^{0noZr=m_Y*^RzWvo65JsVlAuy6!*unqaPmhhdmVbAfD`eeJchu9s{gO}s#* zj(%8Sz2@nwT`&A3vuImcXEN1KdcG;ANmnHUJwp`{a()ytwOYFacz2ScK{KuPDoBN-irQB~rq=7EJ)P6`Ki9XfV z$o+N$L%hf0^o@m3XSxi3SepjdPTP0|qFw9ROh|Osb zcNkT8{r$l4`%@9?UsxxYKbN`+-Q8<=z8nQECB0gI zRwBVKtpfc^m-Y33xC&-117L~%zq>oEp8ww88}4rO|K}+8J*<6y3!w3kcCP_m@1DoA zn^C*RvFtYC*>xPd?VIi++3jDU)+0X+-;CyakPj^Xbge7=8qaR_s)#h)rSqkUcvJ3O zn&iJfBT-DJjEl#)bbV?3&+e;g{?ENPoBjW1DKF3kR*DD)xjN0HqnjCFXq?hWE4?nG zrOZ-*$~1wnTO?;BiqJITVGym7N zkKVCpfjEONHA*NU0!46DoPTop`BHJnpLopUm^1Y0_!5OwNY9^AHGqE&`kp`jMGW9y z_h2?1=zrXwa?S=hpfL`v(*$xKN$)FP-Xz{v{up0-U->Fdys!SB_X2&wg7Q?Nvy)Tl z`HA3K1^0X!5V1pl9ZMmgBT|L;$aPJTG`7%&9FxMQEJQex9L@0DIq7-){sblFx)U@bf^_9r&u_;V zC_%^|#!?Y6FklDAgefiufe3xiyRg~NxFY7tQR(s^1CsMSf6pK8G@LULU@E0aVO?ybiuZWovJRswlNakMPn)fQTq%)~D<7Rr zApLGe6c?Y42N$36yu3GDTssON)xH_pYZ&d22Pve30N!_V4ENAJDUM#on#bugMXs zsTAHA-p`*~0c9>Va?jBg8WV*PWkqpi((=FdhiE(hFo?9mV(Txf>`XRb`u9Z3i}r8d z*l*7+(2=>M0sZHUDiWEQ_4?@TrynxN25~*(AYaftgpe%bbw`k0M32I^mszT6$ZU+V zFaQIRUg}{zN)<=P-ydD*-)4jrWg2t#um(Gcz+<_u}M z^X?M8fwBKMPMJ#4?$`eCV6ZpzhX*@ooT`i`un6=}2b%H_VJ4S7!Eyly%1ow}g=Rah zW|}>yRDzCEx5~g`2{>n>z^tMlxa&+I*NE83nKws^R><2Q%s36me`utjmme8z z>u2g-4UD55UY9yo5V{Thv|knRT@9zwg#|`WneZs$H-IB34w{9`x*fR6`f(oR<8qr? za_ehqG?QgBpi+_Lww#-w8_&BdI#ez);p|H3wJs+_27)GF4He5>rIu-?Si!sNca|lu z*Qj{s-Q^2TQ@P8QFQHdMvzQwTPb*fH#E|F?U4d8W3IXIota%Om9XbjWoog+p%Joj$ zH1T71cJVVHvmnI=d>cU8bnaDvMI@_nb64FED~aMeA=jhfu5!r7GtMP3MDB>K3~q~Y zMs}=_-vJAD2ia)4ZQYoDe+5mIj;mZ%hsEwKqEA$)6i3B1=kCg8#osl68e*9XIA7>y zARgLzMm4Mq#-4%UPRTTp)SV%eOf}bR2;1NMvbYd?O3AfSR6}+)Mv?pzvfoA7$ zmcw*n@gOyT^KiO4=(|!XWN8mg8J$kIl((X1BR@@NAQz8XRbk(``%)~>GBm&$NC}#9 z>fW~F1%r4ce7sD!j$WO_&oA_cE}2S>L=8X_QQjs9)FOeA(9~!1dF6_+)Y5m0+^T~e zbUTsT2;E)XPUKa_v)^-B8v~2zx0gUnL}*&VjxLcSs{I_u1y-}R`B$?{s%wCt{oGx_ z&m2G=gL&04&zbNziwH8GAPc~NDqf0JpIBJEi<5nA$G9dxFGqRy@*;RvR)F6s? zWK|%bJI}jJNI)kGL~t-G*a~JQU@`9ZB~j>_EDm7}`*A1x^`|R@#T1lyFfNKJ#FbX( zoGp$KHuHTmqY7R1CuTW>?ZGSG^G?lGKn?5r+6oCETM}c3|Hp^_?7IfZbogIB{AX)8 zxpQb3$%3?!;qcZK`=ZJ|hZ%=_24XO^3{M>1PNYMlF4PaL8g43Zc^H5ZY*ZF59$|2b z;|^d~_5U>a|8SD@1;JrV9>)i`%>TbzjsM(zb?|0??r-k@dzMl=b%zs5ZWV#! zda@-Icq$c--`l{u6EcBISUD?&iPR496hermguxLW*kU9CTF8RXhyI@b%3l9N`#906 z1_{eYenzO*;DFAnXmTE8S1J{b$qkY;iUxbHhdmD&1)FmAfyP8C948~h(kRMeT$)L} zg)#D+=3z)p#;OZJnIhs?gJCva?|)yuJ2%I;>?xx{u--}jz#Qh3N>DbfeOEfZXHFdD zu7nXf(RyA?8IkB_M!-RZtH&fwM6$DbkeUgePK_6;=|H7XJFV|}OssPzG#kZKNi^mu z3oD-@DqTgt*vmTlUA=WQ<=1Ab0P|={3V=eB0B33<58LL;Mk^WOY(Gni;5K8a{?S(B zEw#zNk|-58Y9SjFI7Hbrjj(8};~}%dBIe{HyJq}`eM?Cc$~-H+47l!|HP-cmbX*93 zg}ZC5&r=fuG|3afjxNqV?Oz5n5@+#FC4y<_6c`e8LWwMT#Y|Q>l(LYBXrWaEJEr+5 zJ!AI4?g=*!iNf`9Mdmm7s&@P_|JwUfBB3vZgvv!zrtgH{uW?>oyMG01ng~Wn~))k%UPwW+atJ5WA;V zPI3wJHbIzW{V+DBEbJc5iBL$8fKM6yC4($oqCE)TEaz(iS;TN;ECsVk8RG>KM7M!b zR)A)Gn&<~E^Z-xzsJP*mpPP^4lu@-XC+O)oRb0qHNaiFONILBo-RJ`?%>i*{+~jfi zA|u|H1xzc#z>Rb1$a32Zl&hg|ZAn-fu_aP*U3plZja)XOOS5^CjXMx#?>*7RW)J46 zXO3w1{QPlDFq0K@v1-EA_E5vos3o(7qydid-6+lqEL{TW>`Tkm8n0`TC_h8Ups}Rs z637+NXlgneu=h6eeKCb3VQE~>^I(s)7ay6yTS{!^R)AI_GyZHU^GzG)|Fbw}o4#0~ z8D?Q*_mWEk(LhnnJ!`}f7OYl5q!%lVAhw?w!ph~1a{;|Sz5I}!ps1s0#83X2%q5YQ z9F$FdwBP{!RNS8~Z>QQh@)di)mzIL<%tIS(rsfEeACX2qAxfmyApRht=ZUHSdRRE(c z`fLf#4qy4`!;DB$6gND$NpNx!!M0jO>wB zn5`-9$_j-S0|36RJ*#9fr|Bloj%>iK3g$shi#RvY; z=E*9p2xly$f!5^_o#@rPU|PdxT40auZmHsWDTkOMXKWSi?)T+pj2s?w9udr1F#~Xy z^p^(I-e+2YjiiVZh}eKYDyI--_%bwJD0knD#itD1AfyLu3X4SpQIg<9S`> z&5~lZcA?4gQXJjPXkf!wGwjDC;%q95=(RZ(*2MKanfPo?RGs=$fX0&?S?FSKx>d!L8r6%8pIX7qGv3R?RU`J z@?V1)U`ckYe9$YUIUzD8XhI>P&I#sRpxsTHF%W#KNe-$&8vE&8XSgjN09R zO-^UDy5qT1&99H?+Dz}80~Rpc<7S|60uC2Y6GWwgnSDEl<99?|z{xPJHE(UB07sFH z$i;OYH9cydjn=U=Yi8$I+GRE0=7d%92F|t>>}S9<~sg(hQfoRH|O+nj8J>l8w(a?7_O%0J4SURwa>U(SVHMn+;EW z96M$cWl39C9Ef7&reQGe-5`L{Yp$ekLfg`Xw%-bLQLz1u$TcS=@ik%a#Z!((gDbu` zNHz1ilMmRvEbWHXzhHT<(2JUN-HBwac4b!E?Cu(x%k1!)1zxGl|SLF;-6-1}|lH%Cu3;j%i4Rxt|3`Xl(8!vtB?jSz#GPxXi_?=|raUI|c!* zp_C3=wGXsg7Hm*>o#1t63aHL-k`U%UsqAdFfE%gn=;F*-y{?~jveepgD$o1Atksui z6Vr^aqk>UFi5cq5n1*OvfeCGt(3%cqkwgg(ZHI55qgwpxbqZUPI-=KbwUp-B9K~NXRsUAk+jZG83P8_X{hg_% zHGL~b(CGPsPNzgPP(HHiCftL%jkwT#XS{mYhUNiRVGZFQ_kL=@wmeR7F!vVi83mk5 zJwDr(%jAM7e2d_aESH4A!P#bP?X3lp#{}JwDC#@C{su2}|J`(%psoZ9RrdchLjCaW z`8ThkMk$%3Diy?kxh}U>9W|~rIBcqd z;S0GvR_YdOSoG`NDmtz^yH&nyKjeYboeD^zQmO&@7j$O4FD{)<-Xjf^Qk!~pEa&Mqp>sy4eLVzD-?{^V{>LWn_h6$_t5nH z#WA>3n)Lrx&q5cr4?;Dwwck>yF0%{Ab2Oa}=;GMym2&mDQrVq0nTE83s3trY83E*I zQ3R@hh;g$E2$610_K3YOsH}8g^pVk9#4zKM1e}G^z;pR0vDA7FW$N`oUCnvN;OiY1 z4H0Xl<_d0U`s-ihU(T=W5S97I;LD0_)@O@q@xJ@bn_+*r+aK4BR45K^;tEm(Hiz#Or*rq6?6ex zv9!Zxt|4+8YkD?QrnJ6p5N}*I+d89h&nVGH=kGq8jvRKd^EM_Z;?pS!>)l4##)GrX zG+jIUOcEw3+?-ets_QGYszI36hDmh`QZt`7SQZDXNwasz{+g(-dzv~#Kj8CO@z1Gr;!ucl9Rh0oRHrwylDlS(TS-2^tDdyU9vXr+}#+i0=|cpVyD4b|20Y*9tpacrkh zAHn^RW*SR}+H_0JG+XRkd3Nom;5|Km2Od-z<0vv-CDzDVMGB%5(1T==b}Ji@Z|9FL%_F9a#%Vl4!E)F|`(5RMj9`V*SC>1 z7oU#HF*Wr-iBgn}U6HD>Hl_=g0Q2J0vDdKpwRT|Mxlh09fdd;EU|jA6t=%ZGc^X}( zqm~_@Mf{ug-#h#A$ft11MA3Bm<}uE0e5mY|Hbs@#2;)3BtP*BX9J=+6ZkQp1;EnDu zjdgIgB+zw`!%lwF(T#gfdr>+yV7#jLyTjY<2)6ZX&v6xn(n*ou$$=Ai(RR{g$q|$8 zvn4AZDmgD+AoAqrN{nkWl|;PEI0-^*tT9oza-~EPUe&TP_D~`BfxAey9In%1tvi!s zbN*y={$z9h#B`wR{K?DG0TggBnP4iod=UqV2+d)Ethgz%wX!r;EMTP>&@jeA8GO>ip5 z10n7{57fj>5wVTHEf_QKrNi2*1vfVWtxv^0L%kc+wiV;P8@_BA_9dI-sD4RL<(Nnd z^?k{B?w2heHJuvix^&HzWtw_}Pt=Gub6 zSa-En8a0jVbhu!1r#L!|6IG9hv`eH7R>V=nZ?b#o-Q4>S-MDp2F`NEOG20#?jBdzy z#`$$Y-K+0AF+_BuwvopYOdEd|>v#VZSQw*p8Gfgis z4^6D>cwteMHWdr(oY>QGxyMOb4KA&yc~-Nq`D{XzCN^&c4uVwRVBtfKGYiBCM$V!I zT)SWBK?!W8@pK+CFl*GD2z#Spw$Ea9@3KNFEl$dW<~u`wr3Ja$9PXAU-QQN{){2+L zjg`*9DA?95#|-MbmDwSURX4C!gFD005(Z&NrVtB1N%azF&a;9^)YX|9#07CQjV`k= z?xAs0*cz1w1- zTIqT1pu0y1xhv|dfm8EmBuXY}Wb#Tv(p_yH7uU}%>Jz^Xw2&jSP&Jim@ZE=t)1T<}-H$Adugza~TR)Q1pH>92z5Ta8R}i`F z7vfm7fx<=KFlQmk&Q8%L+;3AJR+{4fKn%kE*J5dG-zsHE{--y)2M5*sZ*TVAY~uf( zqhxb!IDU==#p5UoekAo9BJj5t zHtEXqzThdk!AvdfG$aJO`AjDxhl5FWs(JnHu1eJQ@uc*3&#MexDZguJ*i2^WQyW53 z9It}ql4(C}0_P$kde-wR0|^Rj?(4bDeQgsAKSlSeq~h|?mOA>;KD=)iUEW^@+|sk{ zrOAAo5D`BXmVuWM`SirudXw0d6UvOvQMBU|Aq81(EC zuD2}Yl$Xs+`dA&VCVnpUHWQZa?L+z0VO_ZrDv!&_qkwGBa-S5KNl!BfCa-l}iGrQ3 z#^tK8G~G_5UWdr7I#{*{O){XF&%f5;r|Drdk54ow)wma)7Q5&uzHv_78hv2Ch$$N( zV=Tw`c7(oe=>B;ckBQLo3V7KB@8V!~Zx+rZ5p?w5{;l5i1}*t}E>&%QT{`=tB7;4g zxQ&9@$+cDoZRufEZ>V?Y0;^f6JEylGG(mNJ+4B%Y-Sg&U-%jTE1aW`dCHf2*brC$Dj00030|B7dDdjJ#x03u#jn*aa+ literal 0 HcmV?d00001 diff --git a/assets/openebs/openebs-1.12.300.tgz b/assets/openebs/openebs-1.12.300.tgz new file mode 100644 index 0000000000000000000000000000000000000000..9c6e94f231cf763db10ec146b48151e67d147415 GIT binary patch literal 12558 zcmV+pG4akHiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMYMciT9UH$JcVDR7kC?M|;HS-vHsvpwgp*iPEhj_tqgWS)L< zdToe=B#cRd1AuarPQLqda3jGxB`bE)Bfdyv5-9voC;){*6+j{sqA}|q&LHKz1q}SZ zto_;E-rhdg+mruqZ*S-S9}Kql{xaBovA4T>u)njt|CjB-&cW{XU%>YIp%kB(aY+BN z{ou0lmHSQ}7>0yHj!DRd4gfCX&?nQL3pw{u50k!&D900wydj7nWT+d$ z01bhbDhEdRJ)#Vga0uoD2S!oy=b$&(>1{h6VlKrIm+uZq$RQ39#h;J|t~jA^iok@> z^b2!lM3gY&JR0`<_xJZbU6?@OU{}x)AK9?qr|`Zv#e5czV}__pLXJY-b4k#5LwC}L zl;0D2*AF1$i1s5&{)t@9`le3^VttqRgql}f@v19d^`da<+@Zxip&lDLUEum8_PQbD zc#gVEVRyP<>=XCS`Ws&zUY$5yVBQ1}o2m&aD1g`>f;&uM*bB%U{(oup8~_x1@5F~R zaYP|U=&l#R&_j!|3_68MFxYdlt;9%7T_lS)oKswrtTNm%sppv%+}+-Go?3=C&+3n9 z-8uAQ#J~LB@~=aL5T*keC9Fg2;y)v7Y15 zF?7Xr^9)=?$Q9EI1NSq;XNZE!SEEBfksg!)n~~V}1Vxu3$dMUV?(gJEx$#GV&Wxl54Ii0Q!=YHghLWe@HE4- zj$m5H5%P(tgth>&kjL=?@EHQ<5ekoAT?ttg6EOlF8pl(BLnYvtgaC#fU_`V$pE=I} zpFs|UpifaKDko)I(sD^m83JSiXdH$(oF>%WL~H3eb4U{?7m&{c+%aV62-6|x^ye^9 zGCGbEQ8LFuqS}dq(N6AOvaXf2rC2;g1Ny{;{*tw{l6O`9dCM9KK1-fw8Qqsuo=S#U z2qQKl{5%rnkWv=tA;(t?Dze1T=%xufX~H~Ha{R6#mlL8^Opc=|g&w-%qH|2eh<1t8 zp!-xD4!xj_TnT7h53{>&07Ez}^qcM83sqlxAdE`HNqtugWB8LOW3c^V_r>1e<<8!= zdavdq(2;*mu+OF5pAN0(>!I+6B2DryzMPUx3~Hpn)fLT)DJJ{svm);zl=RC zcVm>Pz4Ad27##SZPkK7bgnANXy^&1BRo<)1s>?(5HZ$7W3P2)S#+KIjFQi9w{>prz=7jFQxO4Y6P3>VuiG(hx)#KSRJ#F>od&##L^qfQ zyoL^kbc$-JV8*9)6z0T_1Jr~?rK(5c%#a_cSu9V)$6@@j8*}WlipFpz2=bVsH)1i8 z5o9wMy}7u41sU?*y*oL|>AfZi02YDfN?(ap?QHvpA8Eb*zdHNGR3- zIGpCnO2_4b>W@AOWxi&1c3=qo1;;Kc>#AnmwGcY&Oz5vtll5Y%b>9g`6x`3SI|C3z zLZ?M@6mk$EXK&Won1sHU$B0z2I`5yIUmsuf_(#6B zGMeoF2L=28-tO*;js52_o@;9{JcA635eflTgB9|6K+d-Sa|RfPJZ546t(Un&=Rd$* zJVq|}!4z>25s!gx2>$p3^e&ZMrFRAc#3JY-@a2o+ye1TQix39bg}%Q~HW_=t{9caz zYzr(%3|trjgr!YLsZRic5Z#-7fkPiM1_*UxvG@+<0$dJa+McBi?7$W25L2rkPniI8 zc|FH@#}K%+Yr))GX%#?7Qu8t6f^x!=1gi}Lu^t!!27|~)&c*vfz#`;=n2EaGn$@|` z54sxNZMGJefhnG&5R8#e?uQ-6>2|x$9S*%AxImO)#!<)>cMg4sgZ$1)fH?FZmwJgZ z?t3U8VlM5vGQ9vKJ~FG=GkX^x15YSIu8SCZOFW~wcflos-ajbj=sa|h)M=8P1CfBD zf5nIy3sX|m5bVE^)p0JQOn{JZB+V&X2`^*OKyqiqSlUA5O38qc)SIM=2JSJRiB@rP z@*-_D(#R-uyu@ZWgLBo0in7udIiZ$(E13)kMYio{3y9S(2ZG|258XQed9pQP83|ny z1hLQ-0ij@y(Y+Et;>H0A)vg*Kp^rmk2n_pukGRahnc}ehvg%+!-2zpZZ_EI3ksE{4o;! zOo+G`V$68!O3wjDr|XLGR|tG!Oc!Z8pqqY`qjOI=9Ec$Z^xmt@Cz0}ejwr<*0-uGh z8oJ?W6}of;{bEyiHU;GFatkov+~i|l}IZFE-~Of z?>Q$Ep!XOQ5p5D?if!s0=HMRtzR;gDmc4kAaMOHDIBL>VCTPWS zpQV)kL&6{a+`d&UoCzlsm5j=eV$Hl=8el|m$S0ulpRD_ztdpar%3Vgzs(xqW&uUoF zUG&zFXjFRxLZym);aEN zqVkJ2N{hBkHxTVF3@H-Q_@{n_UPQ3|!<8HF0gN;*m#Xxj^G`BXDJTi$Z?HnO8HXHA zV&9CW;B+*kmJ~!>RM|DOrfhXJPl<@YN7p5(0YNc4I~mnVrx)V zcxgK*{nFe7I-TB9?ir60;|i$16%ik~8`8q{Wi6hFEDyahUOA})UkwFIX(8>^LAPKetqSRVYzyWl_S}g$z z`Q^q+@4-|Ep&kzHp})u$IarprPSPrd7iqmyUTFRl8^vrUQZ&Vk(|Qzh=wnZs7WICm z8maX5hLouw<~0e*@TW~zSAnz%LlRzUQ132JC8d6VIK^%W{ofNs@^SUZTK#W~Ll1}3 zhpK^1_W$jJot*ynV(;K!qyIg|^R@K9S4wpL)M_B{(IuJ)jAp2+;gSPDQAu8gCoCSz z@C2cFDoR(G)oDGkvQ@a|MWS66d68`0Jk8*=dA|BnGX4kMf=ArLW`L&k|MrVPVf^3U z+l>E@@#Mz;&v0rO%Z22tq=t+c0}^9-DDxo>Ms*_;5SDC1Ack|?q> z?GY&LquK{DzoDteN=f%Ej8>aRx}g_z6}InVN>Lu7I)) zAv92%=h9*;$%r=BE~TQX0R#+1P&w2yPH{M8+E*_-0;zI_;Is1Y6UcSZX1}=$?$Bar z)mpzd0wX?v><4LKupF%tB1}7|mJ%`_%ZZ7mwR)2h^`c?- z*g=@$qvm;6rOg#WnCzHI!{ic`*GxBeuhMZjt!3gxJOrKoRv&SB@t^Sx0?dF#t zo=XSja-izlD)?-tX&ac9&BWa~3$}`6#?=~p`I4(b1o^DI0^-Xm@Kb;7a_|+IZI5mX zX8S6pIlJBNMh*PaJw^R5v9gNUb1geS_4?mnu)kl}|JmK$-ROUh@zm>owo(S8h^0&Y zBPk_Uh_9}heXlB63tcRqB#95T23rlSXB-5?5??#%DQjX9KO(8|MI=V+OXB-DoW4`` zMh5_9A{u0>0CIPBYH@W5zP8|22`da)UA`p@;_)+3mIBiXPHEe;Y#&Sg(Jqh`1X{M9 zoXT|z%HIW(%ks7vDWY}^ilwTi(WR-%SJMFtolmO}I<~;7n|#$vgOkCRFF7SarT|~Q z49nhM!)Zp>;QwnH_Lp=gE}S)mgezk>_U%aW$=6Y=>n5 z%lyjl@WP7oE-*6<0=MxoTxunE zcJx-P_fn5#<6Ndg@;Q-7j?6r7QG-m-$CQKt3V9OK@1*Qh0(Lffdwg{;lT8N&-xPX%}mc+=us&dSG;MqI~j@tYXqb ziWN9NI=&ILSW5*&ukVQ^tLVFVi52}qMTVA$bNaC-R|b}FJdz^se3rbwXw41B6+f4{nx`gOnm}MPa z5g6=CEeyKSbZ2!|b+m=C|3p)YB0ypu#oU(0D*}u>&cW)DcBatFzU-<(a_>5!7j&$5r9q}Sep`{Ly^{3V87UW; zT0<(6(k7zgC`I#H6RQyz%V4OUKqOQHm9)AP1KxXuJS-lo94*pP1ikanU*smLu4Q(s zKttoOpZVNP&Z{DBpf|NDt05A#hcSi>i9x7>q8-OC)T1>G;-+->9DIuE^>#{tUcYB>NZTJ5ff*rEv&I2%zuF z*hCY*K|I6~VkZ+BUwAJ!JbZj7)dxAlsb~&P015qtiUN^Yw*Z5Sq~w&6JQPTVnVD!q z$YtD&r$ZQ35%LHrJ|j%!mqHgal#sDcCNLA+v*au4O?wHAv?LYkCTGiT=IAQ%VM<9H zb$&K3esV{*lTbAAj*6&+^goiNqE-L49I?!)3P}kSG=?BYq(tCsf~g2(ixFcM`3(ks zb0{i?R>T6eY-aE68mrBF5JzZ;IX1LxMBZ)e`m0r zwg2u6b~f?fkMrbugZ74OX#-9qWkn-!UcSmK!f6_f?dfg6<&bJDj*S_Xv=66;$yn)4 z)0vM7I4d3%QXixrG+L(HPw`u76>*Mb_GEog0cwt~I+QmyPoP_4Z^%CYbrwiO>$ldmSx;1nPWM+^Rvx5ooeR8h?u0J74 zfH~(wR3SrL5-}JBw@}D2MaF8VnnM)ANoqj1xman5EVD&cSR;kBv033&*Dbu_h;eYM z+NA4(&j04B-utO@3w{QJOvWZNW->!9W6G>EW|k2w7&O1_rP05|Q@j3?=i}Ok!LGId zZ1Dft-pQZ;zBAa{+1&r}C{Iq?%Ad>pNDD!IoU<)z-=%j@c|B^E5ytnVMb>q!5(^Fd zsLRE*xFLN*9!FJ;1`4i4btxYp9ji$Q_)4Bit9vBX)o~C#{|;YnzufLraOvHvK0}haL#v0s8{g8GI!wHaje0X46&lB^A3u!ek#*yQ0kq<6Zgf;yp{94HK~| z@yD_-9-oa~ogUwe&PJ!dU7s9YRfv=xbCXl8Eyc7bS!FD!r(2i}%#|Tc^nW=%y*R$S zIe9yJ)8JKBKWC{!H%n(K`%`{?DnWE|c6B{EJw3j>x&G~<43pG?S$Br~z#ded*a>VM zmZt~Xa#k^1<*uckX}5Z~^IOi?R4_G_7@BfeOAJj-W~M?nTa)Wt zE!|SHQ{9?(wcV9^GHtgz3RG6vZ>c4+GLq$XV5+l!r=Ajj&ZpM?Cltc;mbsN<0qgC5 zJKKZpy!~(c;KkYlYH8bDDz0Tqq1@MXS?jEeQB`#l7O0C*OA*LSJ^RMgmIlBQ z(^lT{@~C#LOyN&%(<(QSK7c`Mu#c{RL#=G1FLru6FQt8Sx6(M8+WayWtkm*nY*(os zCodETSG8h2Vyx%Ct*!3u=(o|$#rctBcClgCRL4vy>u*g9*2%;c{=>`T(e?4o(edli zyVL8NtLyX2(VJup#7tePry^3#%|7WxM24n)TCuvES-pq|@!Q3&wuMx0$1A&gy3`u^ zti&pplz1qLywSm(7w6}vz(cNVbaM~7F}=#edricstZZ^rmsONGzt&tI5gCZ++BRE42c@)K})hZsPUi5R|Rs10r} zFcwKMP$M}3l!p8*!~O=db297esHMjCRs~#-F5etq-yEG>=1;}5W4mXB@k|WWGaVD0 zSYa8QE3+X2YzC=1agU2mKSul>A!TV*@oz9=j3pD@oGMOGj3C)YNiR&3CVW{WW}xI^ z3xgFYh(CLDV5#CCOu98qWNXK7g> z>>iQ_`hUHK$#HN^t@HPj_ajC6!L4Gd`gc5s=4!kP!DgSp?45nf^5|O`fildhZ-9T| zIqVg$2(E63)APg8>Bak-U(T5RK*tm{u!{VN- zXdnAFD5Ld=cH)Ez&W+=#eI=pLcx+{eh-Q+vAwn*%B%7iTsZ%udzMD&8F}9G2xvw)R zC0*dx>PQA@Jqv0=l54jqWq&w4KfAs>mz$Lj-a(bUrp#!NerU0KDq&q7U!0yCj=o7u zEzSUu#4T%IE%D6E{oo3#nNI7dkx%tq85M+)bq0wf&9T}&Ascr^wRZGz?JEilZWH~b8&uo zy^hiCF@Qg@FUzw!w;(b3ThlmTDD)VBAqf`&i5Z9)oZ9PQbz_xC{)UjLkHE-y4%KmB zoz6&^>Le6zE>6zg+?s-+WEf%b6cJWP$wZrbPoNm<+D_>!auw`DtB|kEMc>1uD*wv{35d0_7R)S zlmy@{TtIoWoVEevPa`?JJWBoEl4JMUm?I7^kLua!QcnxliK3g~_375UqG(4^T{apEb@y?oirx$TtX z+xYAJiJxZwp9hEkHOBu94)zP@zwB@B|9X@sH*7q9=->Aq@|TZT%EoQ25D55{0{}O% ze{1pxYL59^G1l+T8soQ?*uJK)zD-2mCZcZ>(f4l=(I?$mjNeYtaVG0$DI_Uz9TI4_ z?9Hzv0#0*Pdss{emB-2pa(e$<&4zt-^Di(rapycLLc&cH)E4Mufpj&9PGT`gHr-U? zJzQ*eyO)Q9g6Nid1KI2=Z~C?_+@eak?LQUDgu|(#m)b}e(mrV+;d))GW6Cbx10t_E zwYhMKCWwL|5CaYy_WM)JXYsh_k|5bf%-=5F7lU|zuwUJAjY;|43t(a1@RrMXs z8e%G`zdt|y_4v2t3wST3?N_uYFGhQEU0#n)m#qL?zzae-^z(IC;{jA{&!74_$4@={ zM5k540JGZLtxc>&7+@~akG``_N~AaDQM*?qA&|Lakn++biD``onk;}`)8GWK1X z0?TUA%Hq?QaUF)gLeu7~e~)LxTiMX~4O#!nn+z0efYs@~%AwTt#eQ4%zyzZpAsYN4 zcEN&lr$kHbgpKK+)NW|dffUu#*bmEqq^5?0QbWU2S`r_|xb;~S*T%QUwk?(c-`E(} zWn(PkZndp3N&U2D##LnbF^!EI!<9v0dBat18eZ0NmCybyo33(LS1?@_)P^#6r|*T=ahQ@1vIx?fe_YPY$YB)@q7 zt>|3KNc2YO`u>!z)wT=s*}n^=OJV(Pm98dB`D)vT^<>)a;T5Q?vXNLzWMw4FZ7Eh~ z-|Q=Xm8W+9FZ6=dcm2|*;r`cyot;7c{LkI}&Hb;B@)U1FF5CL+cDrA5`_GoM?{eoa zSAp6sn!2=0Yy_1MtKI&yTXy63|A3vpLi<&;hWWIND6B3H-@w*heW%u{-m>NU zY({*qEy;YoN+X_;w||VT4}W>QlPFEGk8oC^De5WCpS0`+m!s?R%PJdzSdw%-%yiH&gOF~ut%^Lojdy4D-h(%r3j~Pdl z5+6Na-EW?T_5b!k{{D}_!HeC^`u|ZL-Sc7Sr7MgvbbD&`mwgwp=s2|rsI~v0l9Ws0 zql|?>W`HrD5sE*lQ-|+fszuFU)sq5Pw2EizZ-oTUX{=81)+a{}_iJ z4yO+p2AcZ+i~YU4{cq>R{-*yw#QO<_yUHxbEKA<<2AX8uDl`8_>3+UF#*_{+rTu>mbH4pF^#8$NH`o6Md%G`o zHvRuGp7r#9IZZD5^T8N#XnOpGT;<4VRGHTv)Ztr6`wHWNF`Pye&#{lD$Qzo2qM`4T z`wR2_n7L5d1F{K_cL*am#y;j)=?_0CZ9)2!STAOT@iWBl3B5}wh<6v}_Mt8aa5x0p z+MNDz2oCo5clUL&lZ(S_wv(geZyJXq_KqQKiWe%+5d3f{-j2e>57JhDio^J0_4hc6 zd=#LNLtkr2RY@mIjh^M-zXhdc^R#}7d8uzMes`{H-9-`o05zb>1*>AaGT?kX*eup}2XT`gzMG_kLiQwOK7bSqs%2`4V` zhv53~qOg10n(vLgthh9hDaX5!asB~kBt)Cp;;Em?@n2uBwvMGh)B1n!MPC0uI2i11 z#{b87^6q1r4U4qGL7h&k7o`(1n^1#?9?p;D+LMS*w^Ye&h zliFTAtOp!ZkEDzs_BoFH6buTdIFvCykQ;}U$d9K}b!i%c4Eu{77)eJH5`qYFv5YeD zd$GDr&AO}2Lq47(3XT>b46qAMi3|OU_YyLn5r%{k<6~F5KM45ugx>iCdK$$&RJXN2 zS9G8|0u#UpMk4X+CAZzPt?pmBN|aHPg+A^Pm-Q?whxof6qK~})uOxeK z#smMkz9W)D?90BxI91GMJ;!;S#Ga8LqG*OfhUX|-%`FuUr@X`@!hay&CBd@5gz6%6 z6Aeoylsvwmh@yYRm|>2X<8+I>lSN;?8XaoE^qelhSBF<8;NrcB$}}Euap)oHFQgY; zIH6G0H>OCIHS#?BdPO;qrml^S^9oG_JG3)kA*s6CXiM}M5F+KB2R#*-`k{ho${WKL zJwRj9SM;6>GO`n@LVS!u-gBJW+uJc@GiPQ9%Cbz{X%khEUH7njWpbo-Z9%u2#yy)- zax+K`(NsY6%1tgTYl{N6!J?~E-!4`BH34y`iJ23g<)5Le{TXXO_zZNr(D&6}I=2la zDdtdLj}6V}WS^AGr3b2y8E5(yPn}r2jv$2r;)pVHfp9V#%*<%QX9%bFx2l7edyexN zT$s$D{`m}!5OXPx3`UI^7S_y^D%Emf*OC)6&ES z$2FX`!txp14tj%~-gXO)72n zIZcvxD<<6{j;h(VD5p(WmX=e4qjt8<%4q?^I^@*gu>9!C=ec(b+0J&-I#SJ)rRUqK zGt#TZ)2rlEsoH^TX*q2^Snn3(Z98sow%sCV7e*Dq(V-LNS zpKjBhqSMMU(J3r!Y`Iyr8Ro1fKpf z_HGk65hY_}TIUKucZL|xPjp5h)1QINq=wj|w`I+$_Y_Ivq?L}Q9JYJ`O$=B zX_ZjoXjsSPCOV0s(rB9C*j;L(lQ{Gq)s=DwC>k6DU9pUlql7$IWSkzgB4O#QhdyKs z6cv!>c5#_puMpzbN{KBWt|(L)ajR*k@*zv;iW2HfA9)-VQj(XCCM-+KM~dU^G~ksy zsp5xHPo*nGGe5e)G$_%uDshzXq=p}*P*&uJ3c9F~kRm^>WtK|Xd46EVrxjXf1&&e) zDd$HumKFJ-EPgc-Qsjra&$dcJ3j9zdluAeqjz$x121^N)rTJl>M%7|LC+(&(O9Snc zA3hG_kKLGKzhXEm;Ha5l^89GRvNS&?2=bVsH;^Z~SeXixD#|K7n2HP%l5uFr<5*4; z%iwr(as3K1NT;fs=PGezg|=jCt`^Jk zTgV~w7aY5FLTa}QL-NE5d7`6S?!O^q>LV~RbP^m(ZtW*HA{f;P{2rk&0Tvl_2FK1`rCFy0M^+V64oW4gN%FyqSUN)0R{y({r!4ryX? z5(=T*iaNr1nfeT_i7ZB*%A$8vgM!x3<|X}gHGV5}Vc%u#lFU5S}K zcFs1C?Y6ZD6>wzEjm!7jU&uWm6OKY5oDrfELIY_n%VA1z9JI&b7(W}aY)*a9EbrIb zZkHhr?$F|A>2UU8EBX2REr4_?9X|!MTiappw&yq_Uq-5OJV*Xw3qbJO=W!zp(*?O&bohcoWn%K6&^_cQEgTrQbM4y@O5s$74LtQup1&(_e;j)J1bt2Xmy}_>gnx&XBjIVh*~hkJra`h(9eq z?M#42icg-p!lb)2CxBA~xpH*2aF{R)YbMwNEOuuAGH~=tdMntUWE_K!?-0m^GO!0m zK+Fi^j~D&01(aDBhtr|c1xJv>lq)U*(4~Yid4MR}0v?3{Ql7DTRxBJ~VX?;cVaslx!w#Q#iji0n8VMu01i+bxm9tmKKJgt|4= zYQ8i~r=qtdNLg_)0<6^p0Ebe_CQ=Y_n8qxm{@Oa^C*~yKu_)A9b&?6-7^$0mh?0Lw z0&uk}e=C7fOMce-YV(5`|K(*@GJs>T&ZEENQ$PL>4hFmV_}|^VgU$J$kMbn#F2)OU zHulhHEOHs<0P|;Z-jtU{2n<0-^jV|gB!i{M$vP&ce<(Y)2^277)m;-~LVN^62LLuB z_ctsa8&EfRG6ZtP?Eo-UNA`76@AH$S3@eX5YbC8p&TUyn`6u=1l(;~5bP~IY2D#-( zjFY9Zu5-t_KSSNvC12?JTRBbjYfxUpX%47b;Fe*#o*@l}!)eajS-!6amM*nlTlSX* zxCIxV3bs~w?AEdP*Ox5g60{_r?X0bkKZw-@pv&;O32LJwQ3caW+?47VUgmhTB-6`C ztW={1HAZDcR_OpMSE+5+D08lB)l3iQ9Hlf?tJQj1>OuXd&{R#eO8l=Xnxx>rRo5P8 zM{nCeE;?`3A}g|0?s&K2YD+{}Cbq_x-Oz93VD_qzDi)qE$HK%ppcTf4@v;@PRd|^? z15_|kB&cJXz4r}{)hcMofuM{;J=O>HcUj!Z{ktvL{4RP0d($oGIwq^V!d$6xYk5gl zR}*SehX=8}p$@CG#j3SQcWE12MQ;19)-=}YdTp&_(QI4AuheMy+O4Cv!sBWhQLb+nx()vhY*Z!o(iYip;*I^{hgYMaP%vRJjD*4*EURNGhet2NvipF zTe)RkX~-}e@pX+VfFXfQJHx=x17ZwI_t#t0^=*PE&32MNlg1o88G=q(74+uv&z#2S zzy8ZMH~lOPKApB~cu>2W_Bqb5Y`M1m3RTaq49b1rZM)nLd588NoI*XayfCMbC^uwI zw9~pif=XJV(^E;51HEm|Q_k;F*=1mid?I988nWjJI%BaD1xT$}XBsbnssd=Ns&p&Q zRJ5Ik_2pYm3!b z?AlpHf-A&14yTPK*<9RDzW=7NJGJ%@9TQ{$XfS@*NJVB7JyeY@y`;rjLzaQELg;c$ zP_wKp%~K6V$W{(ZNw`%h%gV#Jl>D+8iG9xsV5&!*(vm@oHu91U1bMf`QX2?|BnaZr zY_!Sz6}t$A_KLd*rNy+{NGP7qo^6-?gZ+aV$vxH?Ww9Br$JFX>Hv-l&n7d%%a1L9{gaV|_{j+De kQBuBD#8dBVZl2Avc{b1HseArk00030|272m=>Sv#0CSCndH?_b literal 0 HcmV?d00001 diff --git a/assets/portshift-operator/portshift-operator-0.1.000.tgz b/assets/portshift-operator/portshift-operator-0.1.000.tgz new file mode 100644 index 0000000000000000000000000000000000000000..28a9030bdc40f30dd8cd9b8ed6494df6dfdd775d GIT binary patch literal 3392 zcmV-G4ZrdqiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PGxVbK5pDpZP2HCPR5LeoKHGQov`IX6ntr&s$w1_a zL=6HA0LoDu-*3MGz?UTI;YZ|YtNmb0B(T_B>@F6Ig)$+vO6W*;MTU}SA$unYk=mb- zl)ZQw2!bFu+~2qVgCLmw-w%$CUi9~l_V@M<4|apY7eW6ZINW^!!4r+Y6mq4Bd=Wf) ztXbxMCqOtCnrJGx8h8L9(S(WE4~f2QaTy z9?9r?l!^*IfN|d=Syq1y{Jy{EMW{kaGi{%J@c=GLED$o0M_o=d9U~|Vb4m3CGDh@B z$P}mo!hyudHAAK97D}+(;DeEn5DKmd`Ej3xdFVZuQ;5Bca9rj|t0BJ>ded!v6>R!TzlO-|P3c z{(lot&bo2_G$k>b4*(J~p^X2T3?L4radHukk%=rtuDg_vBgzMqv2!#=c6}5Ur1EQwFkzrNz`sk5{9VMPdFJsr(>VExAl`sSt(bV zFox3gObI738p?i=Y+xL{5)Azr2iNF-!g8fio<|n(bI-wZLW})tOwG!Qs`nv5mZ4O> z&K~0mR@ncpc{gqUNBakdTl?Px+}`$HdS{<9!XwZL+9&|T$bJs(M!}SuCdLof%1X7JL${Cx$$DA-5rJA_TGU0o_qQh?6YcqynNWl<8k}CuyQiPxK zAxe%Km1BKGkwprKL|`r4;$MfPh%}Xx zpnFC&+)&0~h>$BorvhS$FQ{Ed%BK0Wr0J*jUpvo* z(zsTP43Vuj*S14vA!kj&yU)dT3ci@dn~@Nq^S2IkK6D;pWg<-lcjT(I$aPH}K9Xhr zb!As3c5oYt+gqSKWO=mAhxl-J=OxHeUnM;&gq0l&QQ4mJW7}APhi?37jc6E=li_i- zD{aSB?SBlaxh`MeV=i=s)`+wfiwjqx?r<_q(-q1w4X66sDfycIf9d)kx-dx!hC|9D z%Hs#^3RdQSg1zbWf46@WZ1X=Gfo57p4oT>fTqi=(&o(pSU%zsC-}kO5j|NZ#&XpnNQ|t$_%(gA{ah20BeQJlXv{%z(m~IJ5 zs?FwSkv+OSk$v3mM~sbJ;>b`=GWu^R@@$DfJ%BlRR^ltHu1lhna!=*M-!RlRd*k{P zWF3d0$n7TTky3wd72Luz!czYqVaCM7?5iJ@4O+GT+uuEy@&7^p=wR#rHvvumPqIwa zuKu)|{H=?(4a{cGkZrq|A11>` z$Z>61u9TqsySq*UcPP@7@MzF@)Lny`i$;EQ30-v>b!J%P;ER8x&BX`X;*PTbqar8D#5aNpwg5- zPdqSl`qbvYTMTKcmm9C`cxp{-^Ig~6*)6qycmDS1li*ePpMHOL_WWn}Xq*4p2+Wk_ zloi!HBX(B-;0c@-+E-!&D+R$ZcX08LtusfxAsBYj_kqfz{>icgWcKq zFW3vV{(lp&!2eHWn78SlKdygkv41~7meQCDiBB`eD*Hc}-T(Cub`Q7t-;KZyToA2M zas^s|n{~KJki#&iETTMyjD*)DM&)}u@GhYWRGwM20hJ(Q5Hm4!iBHPo?~M_;I_-?; zr16~a$lC#qu{{WbZ!?J_`UxYrp*n%TeCNYk&L$wZ?P*AY3?(qi(f9n*s}EONNc47~ zC{B2Pas?5U%JXBYd-ks*-}8r`WzYUCA0%AB`o{O0*%6^aOZzXzAm zV*i(C$EUB){4{#1F;?0C?(S^;-~N8Ewf~L4PUDuv+j1@UE?hC&e{7aL)R3$He!KAY zL(!<4tKN6UiNvU($V@m>H(z8P+N&16=UE@}BeE211x>l}D4y;4zX!AV!$6DulPv2> zBvFb_7YonDdL^a=R8%LTL!Do~Lw9Hk5 zpj1T2fbyv+DflyzE|Itb*9b#Kw|3eum z^XJKKfUWTVdq=bNKmCJ)-R=F4jlgvM55-R!xw8JcD*YUyCRP1suCz!m3zvF|Bg(0< z;#J>SS#hOScUR9 zXGAVI?o^@3Z~#@lD>BdWVYU7^GLbsPmJ(IU(5RJ|8r@J=l)Jmz0B-1_FdidN zjtF~&$et=>?y_IC+z<}JmbCgd&uFMpiO5-G7Vt6J4M8YkZX*bXO}RTb2sSNkb{85Y zC(M;_*wg}~WC9WmUdVX^LvfoGUJHpp`AC>mt=!ARRF`@liZsnR)f2m)k#v}AA(gxJ z*i$s_5*a4cgblgG9?59elFMCilSVt$JU2w=4vmzy*SO1vR#6wp*C?rtwTfPj{#uOY zk&(pZ+10x$v~i+#Qmvb+TEIp)l#fulmLn-riv@X<32Nen1R-S9gbpenrc}H0AXM7O z-iH(WI|26cQWg=7kq_q_PDqOEgecsAc#SAk*T`V{54)#GOM*&23sm0>ug z^${w2&}MAf-kMwBeHL3BwBJgdsZ?sGs|u{By-jAAaaZ6dZ#Ht5VP`P5$_?hO(ymE| z8v=g0{CT}$%A>~FsbV#KnR&Ax)7P!gkoiP_6}Ra!`Ux?!K)WBqT5|E$?tvwNZda7FyL zAM72@#D9mu!S??DMxdJPfwxm?fZG(q)E-uOT^JKd%_ekE-v2x|?K~*IRvI~FXPsXZ zRu@KVr!g~_kc9)A0D;g(nIJfJ$|!LF2F>Xlnvw)(PeUOX5^e&oMBIE(`LN{g104-u zM3}-lmh6-XPdKTv4Hlp3xX`U39A}8N1Qyl|S0P&=lFog8KB3bV@O9=hw2n+0YIeMZ zuBQ;(((bDm(Wowz627dd0#&_06v29}1I zxw4*RcDAq(sA+Wer!l74c{?-2HJad9ONwKRT=+M)e0RJ#)~a>7H0;HE9=m}YX>;~f zygg}h+F8nJRco{^r>?^WICaHw59hSt=5?GFLCizEXBl$kl0DdUy3rr!INRA>+j*|4 zi=DINwx4!cWzi>Pcq-X_Ot{glT~pU8!(E}iCv^xPRmqgEqrl}*=cnsWDc zVQyr3R8em|NM&qo0PH<$bK5qy{kr@WXXU$do8E|$ZQ1E)lFqtz+IrF^9^2`iolHiC z$Ri0A2(SQXN9*|h_B#Mb3Z$rq6W7_@3Lg@Y1aKYz&I`bCB)FD>waFN{?i^2u)ZvUI z?5hVX-EOyg*z4K zr6rO?p;iG&>8~gi6}%7Ey8%hl@^L@>HtYs5sz}mQ+gHbKI>M2ejxZ7u62i%t@-bZ4 zJ}*$Kver-85Kb^fG6-P9U!jzALDb8+$j8#8q`%Gwq ziX-!HGzm;&O(;icYhgkt>w}(%gs5;#_>}y;hB<)as;gtG1nx~`^#(aUrq|VEPLL(- z$gFkM(GszslJY1U5>5HIQ|7_z;v8}4?y!Iz%4+wwrAD*vwu%TPVE0$3;i51!TK ze{XNEyOsZsQFh=2M7;AIX;d1@O&mRX&!*a-x+Nq4|%=gjzhm3*?YQrZ+60XqjO!mBY%*0yOeS&aA$= zoTaGx@O=ITw0Q+uK&B9GCdeU@XhkXznBq*6p@pnaUegF6m6S&`CCm~ka?NmJaE+-l z?J}w+7+VzpVg!1E^Lmi+7$w|HXfy$iH}mck+)&0~hz>qlMzWZsZw{SFf_a6rK0H?#Nz{f-mPZCVG8ETX0R7I+Ji?MbJU1Wh?}82?$Ar^=T3g0coW_wE zpFTW?qZ9ZDznosecfrn1u(M-k^@xr$X}WM)6D0ngq0-7?%xFTjGBqWR-1O>qI@4^3 zlA}gtES^|Is$*Ev9%nShP9%~v)7YNd1qN98)Q8)n9^aH?HBmcX5-MyOpKj`(g_Wz@lOS8tTv2B*}5Rrq*q6n25WsJ>$a-|7l z7>B{HR8bALw-Em7%mh!)l9Yy-WN>%aQPHGh#fY&OjVT$=Ep#g&1lN>j2nuzUhF^XO z{He>b^*@*(OHry&r=M*Ku37(k-Co`PJKXObZrA@~l-t|RH*igpzFCeiq701%^CB^9 zi6+>GZ#s8(fvFX|{E!;mXmoAG7_l*uT6J_ zR53N*T%(jUM)+t4U~Gh%o=^o}4`-GmC$BF| zU1Rg96r(3$a5{oKK;k;d4LIeP=iX6WnrxXecq$+k`5fCd3^p~ZOs1ofr^UyTuSK1u z6*gi#Q}dqw%M#IlvH93~c$WNdy@cnES*~%3Yvt{|5j0k(9zpAGs{J?Bs`cjJ-eH=J*zI*|`u|z?@L;R|AEWr;d6K58bG;i(DUbVJU_D4s zlbC4IFGJC{w?KKsvUr6a3gPZ904LX!3)YY{4Xa-Cy6!4n0Zfo3p_+887+lpZmy>0~ zMab5(;gN%0)dox3*v$xx+rwG4)kPlJxVsCC#?K>Uj7CKDVK)F!h0||4PKb^sKYM(6 z0M2|0iN$iyvGPXQ6jnj-K~Vg(aVS`7O3kp5LlT8~gl-Nd4>TRQsL|{D&e#HuH6K=X zn%g>l8}8wuQ6`kzh}4ggM0kdhiueK}!DH2j!){)$jOTgWZr^{U6~#qqq2;;i_Ek8K z+QQvkf8nzxW4OC()q6Vg!nO--<}qD^!(SE#Xex(`<73LTU|E8{7+!i*&*`4Z;Xx$$ z$omA4nCfRlPx{d6h*Wo`D2FJ8YE`O9B=H;0W_cj@FXhlwFsM(ZB2rhya~{A8Zf`-0 ze~^SVwD|~>$H+D8?!f|-%A_y_`E?V`KfSrQtPo;j@;^wC^eeByc_HUGs=v>_I2I{Q zbf&^o#HVKs(Bd>1*qJnN+kb;hvPI~9Xcf_QZ{6k-KUCLI7_rPW51EJvYpnzniP6CL zmrY<^z5V{>`RkXLFE3VhVSWvX!X?Pw-j)tXYt^nmYjqTB4HZc$xcNonB{p`(WVzzX6lca%pqB=%m57_?4f(UOAIqiYjwJq` zQHe3MjyPN#|KzrifGQ}y{IzkUH)6bF;}Qz)%e;nZB;!FY8XK40?QH|%^Sv-5sqZ0g z7vUGOb0rc+fHtk^SLfd!436Kt{^9h;# y+%dvDG}3&vcqlPi&UsU1;cG)rakNy> zcuUc6E8i#b)R(U)Hes(*WevK!L5DfqtBcaTd)?Gz4LbgQ(j1@4E>nZns~YF#6j=KjMd7j zYPvnd@fpv|b91Q1$xy}Mom~waRyZco6ZTDs&k0z0KURm6_h(l zR0Xs0h|vlNu8rUQ+>HCu^1fb{>3*D`=y~FzXpToWF`JYEAYvQSezVbt# zb)B}|9oT$#z?cM%r{{uUg_D-`B-0Zia}g6xzqS2d?+#IuMMkTXG$CkTJ1n=uv3fXU z#@u}glF}cg$WqmZcdgb_XyFHq+zgB|PbAYqMTAj4wvTD5TJHltI1KMvsfcZ5@4TCN zEH;ABJ=);~|0^q};5fsDE_zJ9sQ z*Xj3^$CQshPtt9+V*hLlP%zAc)Wuv`F*E^yCp_;x1}Yo=hLPKDYD1%HgHMZ(Z!)%K z0&co;9B#*MW943&qG68Cp|m3zw1pikF2p00 zW&Xd4AI$w)4wbXg8rA|sM)nuN;Q3Y-( zv;Jf<9iWzr0iac2JrQEs>Vpx``Gu^-?`@~G+o?T`)#}3#M?zxTesfWD!2=bE6#G!h z+_*fjICfg3X(X<_XiqN29fG-Lh@Ine~q$C{@X)G z53~Wi?*8Yq?m>P3cYk+pEB_y(R5m2Hf!$A*-c7rnEYrn+PQb?67-@Sn0{|1Dlj#vSud@u;qOXWr3}MAIy_cVAWTO{i|t;G1wrrolI% zPSW6;{|k2DS0bs%6r7&CR6&?ZVVvV2q%o3?t0%>8|Bi-Cb^V{eJUaR1WthYd3S-Us zKj`)L>-pdIcenX}9;NIwR(n#UAiHaYxov0 zmgQ}Nw$0)Pa}fC(*R_|{&SLGQ(;>wWB8&uM;>I%D5U7ArrB!j1%GEaPO^GB4n$fG| z6M#I^0F~u+jyyM65PXEQq7gKgk8m1^S1-k+IA#g+Nu1lDLoBT86~WPVU^4O;tQ zH|#b8S&G*DUfTk<&N9ZpMOn(@XAYfvl#g(AI(jYinMBpZp#`++msb|hvVxPkC6<~c zBt~Epsa+iZ)Hyl(#c)cxR0JclbWFXgzb|z2+8AK2e0`q#B2P9#E5AK;RYwcq?fK6o zrwVKeKP*oP#4*z5=TdI1y3BR84lV04UHSdFsqUwPlOm}gc>eO@(z<3s!rRj&XjyKp z;gg4!f4r(;$UlP18)3b`|Bh>0E>Ty0aPN+Hh`YJRn-ZlBs3JreTc|iF3!_ zX|N!;NHLX`(!S_3bP<09ERmd=NN7#lwm-t)|^X1^qJ)6ICx1=EhS&tME^re)&C=D z+LlP-1Rv4|T(|$%+g-^2x_`Lc|9h0O<0X3yf_L+Wxwm(7b5ql|ohQc7AP^Hx0Qs15 zL}^1sjOdY&NeG@BN8;G6aWAc`Q@=)HGiL8ADxln%E5&tkn5QO;M3Q8jMpiXihsbv* zO)r@i3DGnnjLo3TJ_siU!Q&#Kx0h$ZKr<+L*}V!SN_l?gfohN$SMaVO9qv!raG5*Y ziA7}Pv-O4wAv4K_9hV5#xPPht`mI9wqfH_DBWg|g_(Bt@F*a66IME5)i3E=@)dSW$ z82o-S8hp5MqAn2?Dp*77EiRv_b^j;80PG ze*np5gvtR@XT`{2-0^-_x$v8c2iJSO0UHjVghAjT{q96WQ+UW(Ynx%tj9Knk`LALk0=*E4}G@7CwFgij_6NDG=?P0Im4J2~B@n0Wy zd*61u!AQs(B4ZmSdf_s;6!__}8X%9{ZNV2nQ0*NYwj-_PHKuw=jTB`X&ikQxI1hL;eA*z?${n>n@!C>K#1W?*BbXDM!2??6@FSnV7vYHp%4rS z4*=9e+zeDUEa(}~(L7^+ezd7|Twda}-Po*AUYq=4z?|NC;M5)uD5-8Ob0u4OJ)axP z{-lD##Gc1;%^YD~wx66I8+6c!y(Z%t+BO`z21nQFB^hswRN0~ti+MP;hKwHsZNh13 zuytd^Y!5l?9dCYowlZB-1JSj(ZZoaTVcxJ@+En>1e-cV#8TVYv5#OOaJ2mK3 zxKm&Li`7^1N9PHyRt^1%Fmf|Ls!`(G3T{H`?KQD ztp>SV9Wc|%L)<*pkS!w7Yxur2AYGM>sfd?PqQ*X!{^=VJ>sq@i1%A+a4H27%ua^^1 l?PEgDc zVQyr3R8em|NM&qo0PMYMcic9zD7ruMSK!E*@#Co3-Fn&SHJ-B-NlA3$hpr@NcCL4p zgeKA57?A`6fRcLR{P(+11(4vY^|0b(pAlzPtS0d&6bgl^LRCR6Rm|tZy#I~4U}-&t(p3J( z=(GE34(@-*L$ge1s=3J2Bp@WBnkHf%MpWyBgLJ+~`181)`tD^rDa?V0U6Phw9{u( z#*`M)REbzjyJ}zwTcD~)lS?W^$R&+AlU)_5{Z`e9s7!kpWSL@`ET=66!7mVeEYf@yfh>DbD8afb{OiCWJAI+dAK|qLPbFQ>pPDm`G3noJ@ z;B79HLBi58q#^D_glIZ1w=o0XNzNiZTM|kDD@R3=9EpTSOZaNBtPGG(catl+R8I+? zVOi6b!QIn@YNqtlb;1(Gh+;6hr-!q5LLW({Sf-ysYm&`ytD6jm7sZsxjA^FKJ{*e( zIpAPk@R$vueKmZNOE$=hB;nb7fbRlA@)E`g@jJ0IV0LAiBuk>)&@w`$q)Q@Z)gVt; zB$-wrA_0Gpv{0H%8A)kYKogN88U8rFsvKgNjW+Wnp z-5NH`p&14aYLH8QNi`d|*&LSSlUJZ3!4fjCTTi+?#^OJ)B^G%{Qx*i0m75O`V4@eI zm@i2Ao@9*0EGASkqKfH1S)}S(TLy6;kUcSkVwdfSU3X?BLlZok z2|}l$(1dFsYG@ROMM#tv6S6ZJrSL0dDG>Yic;hV(2uXO#Yb7^E&7$M&&7HSA2;`JT zh$$@#Mixvm!ZK%^NqJ&sW!?NfDde0P0!?{# z%xG+uk;r0YINVYcwmq|2kOB$O%bZQfF%J6!bZ>_AgdALJNeRm?xfGe<*W{8)j#Q)< zR3lrTGLlne7L67pW_co(P&OB_nIx87PROsn*=3uEs|E_q?i4LpTqKMX${?Q3W;`?G zB#Q**`3X6`0lTmmb6xQzpv@swiqA7(QJIL@@QG`BK(ly2GtCF?O+d%}rJU|p zeZ64I38{~m%4p%0Aw<{>dO{Af+6R;)Cbf5_QJTg(TQ_wh)aP}Q@T|DL+c>98)9?!o zwxh3y8gW0N8p^?Gcb~YCMEMDM(6#P$XMY1=qQs*E)0j?OQ=%7MO$wsLBOW@40-7R z>=J~1bM$Q~dwSCBu4S8cGntSXO%yYtpVJ&2-+PC?Opi zkI;pA4gKa)%q2~2Lv{wBBf|MCtKBN$ z>BMa`M!YsJ%Fe|M`d&RmQ~4hYmRVK@4R`}d1@J*L{{_blN9Y9uX#*v!b#k@fuq2+i zmkL_YLL||G@~q@iX1u1ExZQ&h^)B$wL#H?NOV|Tj6lHTy5JT4NB(SpI>9S)?011;Q ztcK)t!4yMjO~9tyCx@+*X`xH{*H?^QnB9%4i#{RCHs*<1MkcT$^u;YJMvY4`suH9& zw_btFRhPP&GFkA1d|OfV`)qI|SxR`OG))p(ii!p>+_Om}65Iw#N?$M6^h_A8VaQ^} zSrV(DEPUdvit^?6Lh0IzBO&31Qi=WNM<)4fxrb)M$jC}|X=~VLNt6^yGYJ9_p{92Q zm^KTAC*}*gWJZXaNs*#t<*Fe4di>LV2u)jo{Q-P|tgQtBlGDU)=13f;+bNs6eEn_ z;9D(OHjJ_Mz}8mbLZ`{|fDrp(&%XB<))TTDU(zgMaXF(Q+0B+jfX-%CFv!hLREoLf zVp`HnB~}qLl9Pmif!)UmntLG4q%`+ABMMVSKzm|wrRiK*qBnm|a3h)&(<0NwddzY? ziP`0PA|jehvSnoC?x>KgPeX9)3JX=dr!jG&1kax z7n7z-l#;7)@RdB+G+}jWY8yehozBgW$1vcP7K9F^`&Mdqi`{qf&yDRC`*bR6lYK(@ z?KZm|k2bapKgIPFb6m27HkVd&9R$c$ck_I2!J-S*&@_x*VpxV{zBJEC1m#-72--dl zu4$SlxGvy@g5P1joRCigYpMWVXq(|F>^#r}Kv32sBr=i_dAr<$&f)8`s^D{H`7lq+ zX4v90#gf@N?jTvjYK6>WK8JH!%-ORw&6HlSBwbr4R3WE}30lo}aA zg@G0clhwiKfUwz&MS4Qs39Eyn%m;cMa7!r?)==)SwLkO0l4bXrr8yX%hwt8>9-M^w zT0dMLH=O^EwnwAJ`OntIX#9Bo^Ch0sk}4!xzIB|HstaRj(7S zbP&7~WL8K}gei#g4)Q50wa)O*ytHriwATOGf+e}(fI5Guqu?9X|I5+VPGkLVk4HO? z>;FqUzy3OWK`wbZ0gHeU#q=^~uTz7TXu&4r#qhV^0#nMYNSejv@tw0hMc_IX*m46S zT*UkaLl{}M>zrjIcA2gBB(yf%H9K`1h15ryL)kuqN}fZ?Kj z1guA(U!biE>=Vzd@oE3vi75+4wwy)J!{Bg6tY;K9Qd-XdYxs^=XBveva4N$#izKno z_F>i(sbiPVN@Ti^B|=@9-U7G6c%rJ7z5?hcuWvu89-Jj2u$Ax_v4oXNSZimVsUm_s&H;CpF81yVZRNwI`$Ka?v}4_DN_bvDS-)c*F_?jfDN{uO)>& z<5`pxan~9MpZ7Hf@HgqB(eRr6W9?Rr^b)~74&NS@EN^F&N(LY^(C`hhLUvvO(HzsEe%&&gW7&F3Cs28|l^?%T_)SqlyB zvQ-|jMLJM-%yc0$A9Xd;Ec(fSowpA|l@+T_Xib=0DS)I&i3v|b=WbxW58$+9#jJNv zR417u05#Vm;^EFN@KvRI@!nh)4QdHtEW^&CO|)UzNyl_*I==-Yy!AxdvyAp2OyETSp`51+;Zgp{%OsHDl^}R)jd**KGliuA{ z=_G8LYE}6}ekp{mZ48~QpbJhsm@exuo!ITPi8#O<2|g$zYhJKA4(3ds33)c7JUQdD zGoGC}^Yj{dW;i=plR^M`)-Kp`jja7GUFK9T!V9+i`x;rZ#mxuUg%bHoyrqQNqqJxcrskfIX~g)LDndn3O`A+Ik_yRTjK^e|j(}eLW2x z@SGirrA#S0Xa9?w3PI8$TENk(Ou=Fok~W>K!dfZOUa%!H+R1C8^MpKeLYKb;{-R8U zHDd7aoP-9~9$i&!)RyOr*ew~#mwc#>7vlaRzy0>>uf)Jwfq;!Z{fl~9V%Vr`mzrz;HLPm@pjYye|u~5 z(f;#Ao(>(touHR;aO*?;Ji9ChTVECN1;wojfNc5V74E5Hn&b;Q4lZ~WPpb3oAZ41y zRMSZr74++`#F1u~&WGYN$_|sDLr`#HMMypop2bEQ+cK3@&cMq!$FplZHD;GAnSiGV zQ~H>xTx1Fld6cH}%K2_U+{ZnU<_XiR_2EQQiIE0ZY`PHQ0_&QcP3wfYmVU|Agp5b_ z*R+sIPsn&1y{!|@GL7CCuDn%BJtt4+N8grp;I-2)snc(xS|?7dpog5^IY}euXNO|z^MW; zT9~bsQ<`cvE0Xf%!vI@op(2{_Y~BYmP^!o@O>z;t@@}FZ1c<5q*x7v~MfOiItq@WE zc#yu?wPu;JPX3=WXFQurrWEU+#k;}#C<6RxpH=(+lxH!|=ASJF+~oiBaVIG6x#Rx-4U)v4PzV3q#jgWoQ+f+o)M)#T+w;MQV#pcNx6n z>?<()a2&P0{+;{(03DbIG|vaZw$uKzFdG}eE^wY_Q5xpX$0 zJ?DLVFPlx9wC=a&v0pO;khIBHGoG+@@|8{GLng1us*!;Q0MsGB{RYnV=C`X{byYvz z`M*n;S+V}>(I1~71>B_nzub7)T>qQnmyhfJOFWJB-#*?&{owav1g!|8dvgIoVm2-2 z6SC$REZf5=kI0}j`BZreLXhrnzpVwN=@hb}70iOdBo{Gq6nJr#!<(Az^e&BfEauL@ z?9ph!PEX(X;6&!#nbygjAgZ@?Pnaajh1CAw@XZ}j)NbaU@L+PE6Z2n)C&Bvo_DsR+ zGc;k}l8idryC-mw~F;U&v1_NTB`X*UA$6f_S+c@?z!jW<9Bau z1kLh*s%F8)YUMK`q~~%BF-pD1?%p{&!5B=4ho7{WQePE>626{c9+$I1CO4k(evrwE z7VdaVyo#ANFi`eckMSoE{+gyVixZwPb!Jm1OnOVFERBma?<>&FLxIj3Nfy zBPw6oRn;uhJ0zgH-)%^y_3k0Ts^}h{j^%l^0VnE(Ha zJomK!(L7hfQeP4aR8D@cWg^$dwZx)CkvsiRCO zm&dZ2EjL9jJwby^O`nBgif{;6p4-%i&GDJC;d-6o#bDL~Y)iUwZb0$24MV~P<9foww936kNyH}45aB0o&?Bj9^ z%Ql93dP)5%3r+JnfJukCahnF)48CD80?ad+@(fV_ourXHJF_{*CuBP)38K7G=N1%I zP7`KE>_lL1EN(4u!dd2QYI>g@aawc9FL}b|W~C)~_d|VNeU667c)fHais>S^+0bK_ zEn(Rq16nH0(uy{+d~ArEmPT5>)TI7 z*JNoGzv*O;^~$%|S*r$bwUZN&1>R@LvVrI>z=cEJId$5 zxN2vyAp33ujqja%Pjf_jyL;asoSmM&`ST5`bUwJ-xQ-8w-XEX-38$*&zi_uP?Z4mq z;o$h}#Qbx5cC>r?{hw)IZ6}Dkjc)Jw@XtE5h8M-{#`Wa%{r>w2`HpE!zl#}r5NODj z%V_+6+6?gR+1~p%Zw~fO-yfeHyxTu|fB5e7Plbz?=f)R9$LZnQgZCf)q}Z_D7KSrWefJ#`eRjle2g4_YcnA?Y_OmxFA1X$AI8HiXAFv z5eQ>8(RaJQqxbs{*PSzV;q?Hkx;r`A-TNK-gxG-gE^zS8hwuJObONrBt7+r$Ea?Bz zr~mxtOZk6|ceXZ~_djoMZ9MvaeUYd8pt`)|ws zTF|y=`nKdYPQ1^Zm{1HQ}2Mwn}G*xhH-+X9UyYJe1!ly%A zC8}=_=G$lYQ>dn*h3ywg-nQ))`L|EAD%MdYC#`Qz38Cmn;!;HMHmLYvkuz8%7M|G}&hfU6#W1*ykt-zhr+h zkopA$OIn%GH;BJ(Ccl7O(L;nC8+FVsJ9~}U<;sn^&DuK}&!vbuTQ?u>CS!aSmLCPH z&mobfe~0U`?cUK@y~{;prISdrm6%-))gtXC)8>cXn-a}Rt1Lmomh&8GUY>|*Xh*r* zc46<=yt$9Af|lN&`FV+JGEePg86sW3LjCzIW|!&iCCYR(m^FdFJ3ZZ;UguV*HOnhs z>V?RLHWd@L)Wb7d>2(IkzwfyM%)|;cuoqc%_9&EOcV}niBzhO3;vDvbNOcwL)h0TI z*m4jbtlDL6^o#D;x&}Q6xv{Mt1fx^G(JJ0cypyTbRf7qzG}p_0F6%v|EapWzA#dUG z<8~XZ{ca_|{*LtskDJ4*HnoP1Ih4slkLg&7lwN>|LvLgCE2Vn^ko^a`RpPu|p3qx8E%Wx99Yq z>lWXYtF3qPRxx&W9rw+g-IeUJy*IjT212bmSg4onkFWis&t$*k(>njR1paWR|F_8h zIDXl>|8@MB|NV zrPumPeInDHEtW<8Ena{0bbRrrYyE=_K0+IOBr>HX<=JQW1KpJWakRPFi2ojsHb#%@ z|4Td__y4Gg&rLSbgar~2? zy^`uwjSJOWM~o~`cW#N9iX_kRMCFqe7$C4Sm*SGg3}a4Hp7FFu9gl$A_b!&nUfhVz z%~}}A-QGw~-j|U7?)(tWiM|&~?{kSl(NR*&xjQE+KOY|LIa_4;uI>j?zOKAGs#ij4 zRjc2BG*$l`mwpWXXBPX^G9e#-cJDuAiq6={Qbjt!4>s&*EIK29PwPR2!WWk`c5177jpC42@ z!oRB+{BQeo?EgSaUsC?x8I7Cr|LEmo{`W8P+#+#ckBR_f@&{bmS9jmNzpw7yJ#}-~ zFX4WPTna5Bkxam$vDnAU=5)RQPA(QMeh7o>#4mds;bWskmf>UFQjp zxF#<|b|hK)!X6KW(9MfhCejy1i!udV473OE$aY2lS?}sSv}kZ=BJhV)8&h#+hN)O?7zUnSZ z!ZR1uU0ni4awb!*(CFia_No_)21#Z#tL9@P96k3^&scE3DduFxud$hL`87$zoJU}M zaa#yvyt$%^VESW7X5%s-TO$p^Umjjo0Qb$sTRxYNbt^I?3xxav@tn}9dI9Mk6xTv7 zv4QrGcjMTj8ZY6uBOL?VCGM|AoU&D>Ow+mmYBxYg0F)VGaFH)iUQ=ATMqY*+qrSo3W`4)vxHZ4n?)dA^Yqw1| zw%u1fD*6nsS1)=p&q$;rQi>wvk5=s;XY9CKc0FegQDStb>{W)>hY(A$H0W z^zI|ALke_dtt^)cUH!m|rlAjb#0`)?1z)Nf?_GZylwe?qqUU`wrSj8Kva z$w(y9T(Skr6u)H62mn|LE^n2ACKs{a%jS)}D9piT>SJ0x7hGoMAQKwjn$>n<^-3Z# zLeqF>i~QAKuDHfadP6(o4ylmp5Odf0af%|dm#m(!8a`I-T`ST2wb`=jSjJj)-IdB{ zf&8Ne0_HcwG<0y|F%em^tcF+{8m)UC!~WDYmQ}pJrByqoW_L#-W)5v4Gu6sgN1ubC zK05q*#o7gPfA6`2S&*hgAGZWn$`y&3W|3w-S*~J6G{X^u;*v?pV+M+sUFKH{9xWgx zBw5ht!sGe@A;$-Ac25uX&oJTB-?&kN_>438cQRwt@H4Z-LHe3f#bP3ICaD(EXJ&o8 z>=sCV)r;glK4cnQbvdX{6Q*;sBLZGSD*-s%lMA*aaZz5;jafj!L}eB>-WmZbx-_~} z(A}HCeI35+9daLgyG5fry}M%{H$%xZHk&*%x^DyvxaPWLcN>;naw#(4e3w*m^U+&l zpTUH-`&oUDU}fcL5X#)FSmEgK$Qz3htj#RO%Z#QxB2yY&7?mE5j%*S`$&hL7zdIqn z6ijmF6Lp_xcL2z7ddUe=Nyiv=dRu@MYk)VxXgwD%(jdxRZg;|)Yh1J2E1OjbPa7?o zEv2u)j#-0fjHV+hPMeW6%p%&CBKHM&IMFmK&U*R4nkjF5s&Kj$Zrpp>jKZ(CdWdB! z+_?9`8HHbO_N<((aHDVOU>a=l?)~Y(NvN-3KP+rl8M`uFeK>vtn4jU*#_)+}Gf9<} zMP&G@-_gC75WwGyma!v?r{9Y!05YFT8p9r(P^F!`|J0pRqbTRK(6@blYg8(bvZ&^8 z_PHcRvy)~^)>6bp#A47;Of%!JJ*dWgyJuIMAV*a@KN*MP9lx!%t>zGnNjv|YoLpyB;a5eqX@mqMm2JpQ}YFKk01BW{Qy^}o$o4o_R8ol87$)t zk+hX>Vx5$6mFuL8+Jn6^Tbd1{+$buQqyo5ix#GGyKG=PGupg$d0nPX|fXc3^5x)&h zEi5tH$vAIZaT01eSLaT3w{dKk=@`iAd@xWcT0{w%p%FCV&uHUZz$O> z1yfp`1CqQC2~W9stpz5HL8}ca_ITq8C}^e&+;W~O=SRY58dkQPIoFF~3T7M|-(g*h zqeK+(0DV~0aGHpz%?Uk(cFu5fs0G>hzRA_q9hVzmX?XJHWo7x=`V1umu-C`D>iWQ5 zovJgYj0j4Th{e?C$uu)Mf;8f9=~(lRcL&EOU}f}L9rd(&8(>Gh4CCw1YPFAFyjp<) z>XIn~Nt-@|az;_J(FmEMTzqRN`gXyWtDq>)Zw&pSdDf7KSAD0a`o1vQIx;?C$p)ZA zrA5rhxxJw89I{z^O>XxzX(h9IJ%3QvZOh7lhTw_PhU276OCAARoU(urT4-VL7r|W( zP8nM#smM579)OoH#9ZYGUE)q>1;V#j!~=Kh{>1U>>u|ftT@2pObAxrIS*EQ!j^!)O z_fbN5irmGf>Nytvdf4oN?FiY9Sy$lMV`oK+lG~QXq;sQ3`BKMc4R@={C}FFpg}7vi z5t@b9UrijobAO{|f9#v1Z_B-p#<8b^Z}yJOp-a(>xyF>YyP7@J^8?&P0UTkhU9Cct zizDb*i<@B|PdsLqOlnhRBOE&(j0YvSSJVkwGNr*RZM6+U-ilDS3d^0-za*prVim$E zNyHVCBp0!t>50rGjlk&71zrO|F9ip|81BoM8~Fr)F%@T&Cn%!W78v=Z;L%00G&qB> zmC}3%he#r8MBMu}0Lc;xs*lJF>406zDmk*qVA;5!CcoM~K*NQ43GzR00n}B$A|47ZkY?^1@CKt?qFx39ahCk2ZE4qc=huUOiwDEZLkZZFFz) z>|pPBo&3KAU6L>ipM#}PTxE%%aodZwj=yn#&ka$w$W422$YbrSd2Uey-~CQp>!W@i zUP`R{Zx4_dVM8{AWb{11FWFm2+kd_GXV}mj;RTt(NTKa)cO-tf9k>dI{sW$m$eD75P|#N-j6T(H|gOKM(yi z|5TBTre?@IBSOYZf=UF}w~&uhv#;fnMw&-VHBNOGEJ;JP7{USMnJIc!79BppRtJ&D zE?EXt`aCRIc;miYkfO{Cl%~;|?JF#ox17?b-1G=|`54}B7M(H*99J3*t4&uO*L4|; zGb^&FG+ucV-;_P<1xqYba9Rt@>jFb{a>*3zvVXKM#J}TX{eSikP7c3&_j@@1-0c6i zIocRC{eMPV+mHS~U*hTV|Ji4X&r#m`Arn^_IaI1(iu^x?vYF(~g5S6PK*+Se6Eq0| zBgW1JP4Gm=yQ&TZ1S}8j&f&0Eqv+++_0PH#D-8?`^#Sw@w{kD!{WknEC-M~rBm znXx)x! zP!~W*h2wJ(os&Yt(L+df6IIfLf7*rDQ8Lu*s@#u(cLN%ACyl0vi;}_=IMxPjdIA$t z<*J8^-P!Yk^M==SMpJff2N74TghB9=D2Q7n;QbOa4JvfC%6)8zjC`~boa460d$D*2 zmEd*`VkOlHRf^Lr%$Oct@e4kLC^9uXN~oR*nGSP0H)ONDv-5KNYHM@&{80w`cYCb- zhbH*nsgIlDKgQ#x{5RenJ^Futk;k3IK$Pf|Wf7CXpnhr-NOsBD)#@^T^f(@$`#pC3 zqbX*v`;U{~K?l4k|HIbHX8hO2*2~BIFJI*8*8hATq}_jay)xy#zI! z!rl@~6i<0V!3<_Zc`%JZkb=EF4g@kI=2^S)G9+MMBuh~Q8AGQwcUO1KgOF%(!Lrgm z-vsbr@5G)Vxt1qEaDIM1rD_q-D@9l&$zWhUitKfv28=2_7@NKZwSETJ&tM=5og4AY z=&6IjF9nm!Iz;UH^whFUT(hH80~EBgz<$8StP>} zsUc12zeGl_l+ihA^$TTG*Oa|B^XGpsn%0$&@#{4h-&*Y>ODRuYufcfN5Qp!~v@AtI z9ML%S!RdTI?Y@0es_Ll6Ef|={jgAcT;zl3TJ@THJWah^g#6d_^?&`B{r~lK5Mcg(aDuedOzwhnsOUmi zCS)U?ZO3$bW3V%$8-uN#+0I}(-q{*#PhY+Kn!VbY#jm!9(R{GExij7vZ;iLdXdVv; z(R4l`qwv*sI3D0pZ9quw-}m8XrdvTqIBnnZ3{^zs)_5c6!O%6}S28&9ST+KtYUe+d zY6zA9upxM)zX0<Q(%yvF3)vwGqTQ@|h4BB;ocm#(+W!BC*nhXS zw>KZ{zkk%z+W)P=p=nY8lhJdGO(-%x<18k*wIiUN#o1I~-KIQ}!kR^tbH?G>e4S`1 zifO{sLI@2nN+*9)Zzd$m6pvKsmUr37f+{j)EF;r`Cz^m5kP|U0O(a@~q!Vngm%&k& zeLH*(owfG9R7&(8cUlSfY7uqiW%J7|``(==@W0>$C8KM1VM# zMds}-UlG_{%q|ND1Xc7XsZWM^62q&4^R{vD7s|T9Xl!y7 z>IgW~whm@r|MdRD@!*Gpp9bF_93ObV*EYM|nIR2IX6(u=SdqnQ9X4lsLZBD}>uDKL zP}*1XoKb1d#T%1liZ%|YgTIp(FHU*>;>Co#;R;-N95Fb{{5gy>;mUdjf5>OPNY83DRg z>EII?340>_oN)nH(Y>LyQUP%L8vyp8)pXuh*oRirc?ss{KcC1sX0+(-x&pAermY8^m}~+d z%h3nyK>$3Qy%YKfy?SnsPEV6;R{G>a>H=dPF*(02?;2y}5Hshk(_SNcQ_XOPWx-C5B7 z3TDaUZ+7=Q5Bd8+YuddF-BwA6dun|mcpXZ03jS1;;rztqkEjCre_v?3(x#nvLEG?X z`26Sdp+$FvdYc%M!JP{*RUN*d_k@<*mfKor`|fWD^)d&zaW89J?tl*DF}i*jv9$6R zz7w>yn2*(vH=uPvpy$mt-+8Hh`27}CAGBp0YMJ1}`X?3Ftv$5?Z53(Ipxbti6Npp4 z2RfV3{`%XkNdf8ByYa5G=BF~02%_sT4MvBQdoO4qoAe!a2Y}Yz$$i)*-Xh&z7%eWb zcNSUrrUi#2Pxlpc8zQZ{OuUbime8&eZ91hI1E*VH^?}?Cx8pnRynWD?8*rag^Z5XO zBIlc1ukIw(G@xw@3k^Bp;ZS=Y8O+Zs(zD8J_+~8t&x^?MVzVqA4j?JH}!>7{vHFn`XztViPOiDU%IV;~Du*hm`Tllfh1yCbTrh zf(=g#Vzd1$3A+S44_d-rc$t=L4cN_JfYRB5_O3f`JASm)=1;3_u=jpGk@I&(FZ)Rp zBrPC#2IDr%)9nkdc^_Jv<89BTc&q7U`}O>9W$+4x3>MG8h}oZS(Y8Er+2b(TBDv@8 zP|t+WuK9`V#xY0e%FGPwB<7MuI$635xp6Jn@TqF1l;H^@=dr{@GE15!=l9xqYjH-M z#-z?GV!%YBPV<~enYOnTf8RF zBoIT6GFg2zmQ&mSEhO>lwQDN*Xsn;6Mh{R%-L6RnT^tocoN; zePG^zEyEMW;rIb?+i8F9vphR*zPmwu4{P%(Xj}H@PRsNCK)s)}xee_KCGAruNS@xN zNY3PKjk%x5`NsC$tj)KA)+s*S(AM>~+XH+LO=lIfE&FpnZc%Bw17a<-ceLc+0@_NY zT#4H|0}LAa#@1b|&24BKqHayT?E==7za5I|(B5?~(;{KAZT<4wG+fIohN&W|E@=sz}oO-jew} zc3ux!)IZv7Hj22o%{uUy`N<{JhKoofgXF?60pLBx6OC64l+fN)=k@L(4$Fj1b!a`h zbr%(DVM7M3GNu~02!hjbhQ2efg`mTn%lB78`|;*b$6pA#zQ7(T9r^#HQ2J?A0$R!Em& zXZ;QiQU8q&%eQcgTJK6+_ielLsCEwO)?deZojcjX^Sg;?My9OFKZs$q4WFn8FXXrvokmniY0$p9^ zN9Xd+tR}zfEc{>Du&8NiQ$fj@PmKz07i@NN zuy=fLdiHMjEzWi`y6oiO_{W3e`lm8*?8C{yal2+2K8De8wQm?bhQV?$L#GRtt)p~= znU)O`M^LRO*Nh>%DSWF&!Ck>y=~A*>gy}LCDdkzHleiJ13EHO}8T5wdT6)MZRFC`L0Q{v4G`UYW!f zbWsQbs=_zzQJS6TfwWS(j2ERVZ5N7SEip3Q^iN$rZ;$=#IwR1fiwK zO;g7d-WbjLyUYi^PU-cT1!F=sMx#;t{aMcBSuTYEXF|3{qk7c!dWlU>xHmF-o2j{i z_nGJRl@6HgxVqNCZo5XNH8h1;5@FgG^pcgunbH=>vR+pZ60UXZ{xHLN1`*F`M2&ze zS{nxvkSYJqLg|w3EG<1l3xbgvxqhk$=}H#5EXbp(e{lymd?Z-$o6ED8M`QXv$|#XGwp_LK8&>?h?dk1K=V<8EGE z(S%2ncg##>T}WJFs?pZVotK+Co5SapNoh8B_E!){X?Y#TNyFl1h4_+_vFltYyquv7 z{CDxGWvuA}{9G@YqzOiu4tQ1#aGgwThC0;-eLIosHoEM!&VW1A@m- z&TLVF13P>DiIgoRCigAWKj|?7=fnK~;wHeW(*a zk;sgYyj`O2D13NUm3i)XJu$KiHuX%gWVTM+4eVYKSP3kdg>zcW*|Rmn1Pyhst&{Qd z;69rU&GWOU9H1{g<6z6KAt3LPCKECql`nIuHIvzdJaK>4F9f008t}#ti8M8$zuk+1 z>U}oz$C@rL80ZKvOQnut_j7yG>^g~yG)FzmO%{e})Pe%7c^TueA)z1FgkDmffH}%g zj3tSt_<_POW~Iky&-Ka>56uXy*pOgB{tJTlS;RU?4OLAVFCn=mFtJuvJz&gJHWTtr zR)yPc#!twuO|Wmbh&jvbnND>z;eh7(07<0U6NBKST>8wY()Q57C~*d1=65;LQtpNv zip0yI2s@&bLJo2%GG>%>gACZ`UCKa8(6Wd2dLLfA2o(J5+_WOMN%)KrBf&8l2Ek!U z=RC7^|eh|wT^kUx;}r1>fi zw}Ji|dCv`%BqFOEV!TwHUQTih8V~1O2VarM-C8_s)B9H>9J*xZG|v%X8?cI~gJ7sc zBEx*?y|DwYzs#ss=FQ)G)<-2(cPGi53caxQ+VqZ#x@SS&VY%ZD*gRtFITsCrqw0*5 zyLe|CUTt*v*cUE3R9e^_n@50fDFs*VUe3&~2nk57%@^v?l(p{#OsNk2%h(M8T1H(v z1;u2()mf;$@eiWTBPOA|1Jz3ME(>$jVR`9Tb=De^-K@OWtCrk3vKfNCH9b$nlqMiO z03y%4jda_rPG;r~x@vr~SC!5QoWdvr$bwVJuSbTSu9q48+IVsoLx`I(`o^pzW@0Jt=S0BTa<24S7h$#pG-fd<`%6O|vo+r4-k>0Er@lP=g?WHdt?ago18mrFc zdFB>J+-SxT?1R?wQuI~>ZhdrNU} zVh{I(;88v>1-nsuR(JBu(=Oq=x9H0&_n()Cgy=s&eV=b=f8BQ!5YmmNb3t~jMbAS3 zNa?cr)02Bq`OMhWAWDNuGKCE3m3Znl$Epyqx1F2yTUus1TE(#hl{{~LP8z@8x#r8# z=+fX|g7;+*GR`BpX}3?Qh61chB!edhZvpI{qLWNYHuH*LA-lRGzM zxoOps_4&VZLw1bV&L5rE>$Z=J6U_60k>gYL2jqVpjkg>5-!{kNjmP|NU*dVvh;-R! zm+x~`GJ(?72F;iD(%+1u&l~I!G0Swagj5lD#S*$SK_2@=&=|ynyiAA|l7BdbXl2jq z*cz}>g{G`BRopsB=`~OJznHUUz(oM)bphuD82fWc6Ao8>LEa@!vxuQ3qvx$Pg4 z<@t!JCBVDn%HF6P64-YRY9kL`kbMkdyetx_x$S+278X1fQFCf}5K}EcgTCg#Ao32kl zjtjjAUXT+r$u%Xe>XJrMDCOcXZCW!kYk1$=k8L6gUJ!H=X=raLGg9K-;R&hV0tVNh z!Z{E1&E{o$2>!dnlhbu_w0BtDnu_5^Q`3($S__QTv;09mT7%W#4Wlx{BXp|C$7X486n9_+FEf5eC2U*Z{69`*5+vIasU4kPpAF$`uh5j7yNrX zcKt)Jm5~_2SfL*WGY0$ zXciEn7UJqm6;n5kGd`Q3V{<^rT#6!}khQ&16oqD#>B_5Pt*zBKo1wvhJ*&piuKBrj z*6cTbT@~py#I#2Ihgh5r9)VzeE40bRInE@GGkmLeuBP zCx*4P7AgGX{MY=H&6OuAp7xg6SJ2M97PKICUdkoG)dx^P(*dfD5UBy`^iN7p+A#ma z-P&kNxe$|ufNVk{s{mwKk+z`urtHvBA!b3SrP^KV8WoyUOS9*iGcQr9*2;G*nGFz> zwXWf+maltPPZcW4Vojr78!<-7H9a@;{gx37m1m-2S*-BhcrDh6$daXXLZB8| zE)9hiw;w$u8X)?=3INz5)G95b0@%jjwUg29eX5u%ki@kiu)bowK4f=7KY zH>69mH)&N#(`s4LR!p|n?oGfy$)&hnuG-R}K)BF4KQe#aG(Q>msX$gDEg;O3DhNz6 z-I&3_XP3pHAOA;Xh3`*KkI1pD;Ee}MteA`na`kYat2@Jf@)^Kq;#QCoZ~z!o3&Ly( zhGIS(zd>&x2MLH^Z{ub2{-^EH&iGOP{}RuW|23TQYzY2%0gD!btTnyB*8=cvabA~%XJqZG|6B`V z5fB1Z28^r`^3}5`RSbOizA8&UpO8-j!+0<&!Qr)_2=QE%GKL7y#|8^(R8~|DY0Cr=u`Tzg` literal 0 HcmV?d00001 diff --git a/assets/universal-crossplane/universal-crossplane-1.2.200100.tgz b/assets/universal-crossplane/universal-crossplane-1.2.200100.tgz new file mode 100644 index 0000000000000000000000000000000000000000..e0f4ceb701bcf5a4c29e6511338c0e73f81eff94 GIT binary patch literal 11597 zcmV-TEwa)diwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKDJa^p7gVE$b`MgQcaCX+L1$)8!(X6rm2?`A3<+h==nNzJ7u z5D7_GlLQ9wq?&o_+!Q*zPcOeMx)UUq%pa{ zjHA%?8Ra|)QH-~a#)t`Tf}-$?he+LSx4XZ)tN!nHyVd`B%wH_0trH6-gf|eBv434o{xkGu}A2ZkC`At zf`dLJh=~}p#$o}Hb7$hlD8hYsmkekc2kVD2-L2=(>FEGXdXcR!uK1i~{|U%cQzheP5M6atO~W(gx4 zyCa4I33EWWU}TWWwt)_r&pu>fueCj$}^G1+tg zP#i#nNGuSEaR7r!)=CDa7-PVQ6U+tNqKRsDK*bnH9FQ9lq$reFL}^UK1R@*_Fyp4- zf-qddH%Lhs$OZ|6gwY`N6?uFb3r0gw*m4hEIAbcubu2`}`&(P70f~LD2i_-d+!F`@6xx?#|$^ zJ3E8FZUxlmTM-Tj+6w82dPzKTuJPoSvViv;7ko))#|07(8RCMazDOB%T;Q195Fc~L z1(YNq@fFKBE(A!R0phZZkNmOxe~|juSY)l}8jcGzk+ms`92Z8u{DOYdjiX!DZb$}b zfHElf$Ix+s1u~28WTma{5Kj<8!9X^5tv+1KviO=i`S3G^6^;-I`w|@bpDoe@l$rHS z?0e1(2E3`VTes^xwfI`6d!|Nyx`0TS48NQ6dMY7q=4loLVO zqz~4#@@*YJppjh1r6_R#k~9p@X-ND@AKna4sW@kt<5)OOOapw0L+lI6`tbWFN6-*6 zqp`@}XgDNtrBXkf5TgLIV_9CwD#23hAU4uvorKXF5@05wOpt$#Mws{E{V$H=(|AZm zscyNRt#CU}!|)RO3=5?!xe!qQ8nbaaa2z&3{#z8Ik#1a*%k&SxuSs$^8ZkUV0tZK7 z$^~W@G?dMoA~v-FBGr^6cSe?1h!fudXv7d8#}S}LGJq=40Lo-b7@>@a$x(5?SA-)q>U+KIw?rZJF~xj#+3mgkx5RNc_EQCd zT=nlnxkr}9hx{GKtPlHpdpq0Nr++e-Wp04KlU6Nz~r_7rl-jb9U zs-baJv7&;O8+W6Rp=>%|ILk|Cw&#(>bXB!xcDYRYzuNHXHyV#gXoDqM$T zq%#9NNJnp}R0p!`Y;}Q|uCi)821F@XYF6L!w}@S1k%Y*{Q^pa1ph&6}hZm=PKrHT~Tiz!q>i7S4 zcyx63?)2)zo7aEuGaBNpzg?W29Dg`He0%)&^*-*;ni}_i0!K-R1m;_(XIICUp12eD z>7!-;*V{YTt?d5}y8GMf{og9ms|h5G`WOc!9&N&erhpg*ys?Nv$N9hi>;J&j7{%AB_aS9K zVlI%9e2uo-|8Rc)-32lP%HV7K5j-v3^Dga`+bb4r=-d!|+j+TI9l6kVUc#qO&j0)0 z|MP#q&ol)e#SqimOpB0UGw}7Eu4c9U563yaQ>u|Nsv@bQ{QkRyeqksi5MM%?XaixU zplH<(34#1E{Hl`F2$cu&HG=p%l{8!9444? zPbABm0$b#N_h5IwD*q4mcGmKL73ufix4wZJ67|)Va!5ifCJFv7l4SA6xDVfKefs1$ zvY2y3qlm^3q5%%MqcY@V4)Bn~7&`iU2i#AeoG}g~kB_(fF=C=GIfKN0mQe_i z%?rhMZY)+OrWr3|7BU1+pGY6(XMQpdC5d;P4ls+cz+5gg`3Z&O#9Ea<;A2V!F7seR zD|!PRxPwW*#L}1g45(6HlO{8_O(jkhJGZfGy*ak2BEJ|~)QhWiGWK!5CVDDBP9Ogk z{rd%YG|`Ya8xs$4Pg#TW<5Hcn(& zGMs4ZxY?GaG5MI{aH6)ZL_k0>2Qfwh1`|j*iASo%cW+(;9fD*@SD$!5uHSp=$PXn% zouwG~U41rWTlviQydE#*tBpZk*Xl?&bA#ES$R1(QQE(mUZAgfj%hFi+|1kV9B@A=8 zMZzB|yh6f-Wu>-Ubco%g+Eb^Frej~lA&V5C}Cbz$=0fyochA-u?-fhB{`XB-N-_6miTd+}9uLN5K z*z#|m7S7!n)>(r!X9Ww5K6I=D4!fj=)GIt7;M1r6?6Lxl;M1p$)raz0uzpLRq-+(H zZ`O%PC1=_SSZg5nElG%*vaq3<$|;U^32JJ}&o@?;ED>^ZHpH!*B^hmw{?ILVqoR#U zpQQ=V1c*IC+QG!jeM{_T+BrQBHw+XL6Fu%C&}Tz2yv(dD6_D zgN4scxtYpV)b3KypHUPxH=0+ogmrIww)y+uXk{;KL1-u zT5$jOEDV3P5enXSI=@s5Q1HHkZ*VNQ$p_8hR1^HK^j8B`;32=x7 zR#oQcz$^{b9&WSNl!5DhZH=&K0`-^a=EU?aaeb8iupKbnBprmrcYVyvdR8qU!tDFq z=wq1wTx!89+QzXUB2;klopl$3mN`QYPJ7u@7B(LcGmmouXBhfj-Lvjb5n@;(d)e~s+ zQZLYVqmSV{^<=qPWn~PVr?x6suKv_xxlC%|f9vD&p}?*C|C;|_Z+m;q|0_wx{v@Y* z$rknLljEoeD#)BsOhA>%)OoM%`xf&e*4MnG#Zsn}`I477Ebi57C|$&HNyvUk2e@1a zB}iR?NHF(gZc+HDDg3`0yJYB)4x z5=^740^*QzeGh65tyWVSU^cO-Sw9IQu^2+-BsKrlx=m?hL zj`3iD_rEx<>pH6-ecxQ$HwCiiIWnrJ5@ESd6G=upQf_JbJCz_d6T(*V8gxN>5II)h znhV;0$k7fiLH4I|%hA_?Di@-9`zRs!PT*KsPl|)-N{@cZ1&y+gYDv=f>y&}$eAAf^ zgTi~&sy)I&{T~vp|G3SepM~9=9opwZ^MG9@OldH6=hvg!*Gi|d-S&=(UQE9UuQyf1 zx3m#$&WTXax0!w}_>{7M#1)T)>cq&*Z5nvRFZYG;whHT0FGTC~Bxx!AZ$T%pw*B8h zE&hLZXMO&=n)K-LpU+(le5^RqMn|%#Ze(qQo5O2tISD>L|1TT;*~yL(mp@Am%g zn*Udl9wPqpxwCjZj?{7m$v*1VT7yelQECO4XU`|-%Y@ajxCKxBorQTKQ!8$K=C9ZmE+d=w)<_jGo=Xk8A^)1*OaiYYDn!I^qpf$ z*rBx*($ro$C>m~f1i>1Zdd0GnP$PP+alJL{`v@Kw>U4Z42_J zPi}?G^T#bVyvtDwS}Yov8s{3v)Aep z`^)pgqvO)lR!>R%gVCrw;{k>Qhk;T08*ftCvq%f()|Y1Q%~Glf@$ zMD~+VMWM<=QNLGtv{b9%29x%Ft#_x2GUdmpYQ5TZmg+Qn+R9RUi^r~N-Q}fQ`g-b} z+T*18_y25weAhfKTFXRl;!vEX*J5~R$y`9~)|Hn$wT>QTZ-goW! z^*nj~soV#e+ArO%+j8_i<;;J<)A-t ztTUx*&xLf=!<+qee@7004Y(R(xOjDVls^?2p$Uu_iiLXjiSzt|?3fA|qZ@PeHP+9B zHq6lFakDTQkT`g#rp*cU+^#dv$rEFxcjVlE{cm>$Xj%Vz-Cnn{{_pRv-+x<8dgS$g zVJCslK@E6xkAX4~=5`;bkZvBIfqU#6*6H6NEh+yOat3LU|9kt}wf$dje|IhaSCJN$ z|MzziSyseX>pc(m5sP3C=t@$@b?sO3XnrM4#C|qTCd>JlG+@;1Sn^mW^%4Nvcg6N} zc;I98vKz(1XX|n&Y&dx8(eu5Iw%a>codZQ>Sn3WGQ`Q1Km8A5j4~q+~nQGrn5sb5H zH#ibZcjT}eUDm0?_DQn$vEMaGhxRjxN14)(JDWdqSCM&8oZ>68pu2`W-5$(!!v=r# zz8f=md^sP1sVyvZbZ@t|jPJm-`u7HAF`t6Qnr$#V$=%pX?*Fnkl5K15)Sck${oi(X zzjpuQL2rBQ|G$#7g7g2yZGb3@CsO>?4Oiz<*<-BG6)KiWsEzH z=QO>>W530t%l+aM&+v?}*i?u4oBE{wmzjM>DHrC%KX+DGwtPHH<;+sTC70M8BHXam(%&A3VlKonIWQJ)NT8Io%5(*%(T}@1q z>O@({Ma+OwfowsSFLgh!I>Ed;5 zRGS>jY6CjWt!(zpe44eRL9<;*C4A;9hlF+IOGeh|qH9IAQaBsStQGSL{n_l2!;U7v zF^1bQ@yFIO0r*bgJxGPpkz{!(7^C+7o7b8-X}OkbPbDE5_F@ZdVxGB#kg(!aONgw~ z*RbC^b zW0W74yB0kAmor}n5)5!iZ=q!AKnz1Z`PAMvyE9q|qd*5A=*^(ke*zfDt*|U+jYla) zL6L_DARJg4$C5@QE<6to!w@1GVDAYSGUiL!Sh8v*rfjG*KpeYt*j)Y@GjTrPdXu$c zX0G*aY0z!@bB*^NPobWRNYia6QtAvs{1~>AMXe=mn5@WNGSf8jGz)gjm)S>~S_?>r z&uQmf%$6tFgV(!%HsayQ=I9bTIa6zaIr=&6{fbGls$F2+8>sTHo9PQ?PCK zf9!Uv??3K$d+Ya~SCSTv|Cs-g*ykU~w~l^Wfd7|${dtb}9}lYUKkn>x*YUqANe}S; z^K-xcw<6+lSAG4;t#Zt$e(O7yPdAAJe76Z-YK6^q>uzew_Tn}*s;l{aLdoTbxIRu+DmQP^9o%3%4+@jH7z_2 z?IxODmR1@`;$5c$%wjCC+6*aEYK&viH?3PNr+d#M6T%iSvdGPoS>TilEeF<95B{S3 zzvL5eE&RW|Q@j6bXLoxY|GkoA7Dvk9Yy2@^*vzndK8*#V;knw#7jbXUkvrec%f;&8 zfQZh^$GuO?mQ4*BNyC%WhP`WVQ5%DRIcBNs>nn#V#W`ywSKYNCOGu&Mn%B#8k=*7p z!s5}bK2@@~B$Demjgg?$z1bttDCL;(D((dscpBw03FL<~4N7pU8kL?U#c(XlJHm!! z)4)+td4-H4K^u5;pgB^xjmW4^8<4%oS3rsbb*hCwri9@DhLnMi!jRjCh!Z$Gf8)U= zjWGO>uP~-bKO{I7971x9K~6PagphI!L>&mIb8QSX6@c%MFT#oOD8O-$P$Fvzs=74o zNeD*d2FHNdD2=pz3-pEgP2hL3Ohd}P5)YZ;y|9ePG<&N-_1&oi>`fV`fA=eUA2cny z{%1!lStQ^reV}Fi@5#K1{cmq)9sjqI^d#&5s^bY8PBs=<6lmG84|L55Uw#)ze{a@?*pI4JUv;E(k z0_6d>fsZ6nY7j2>NMr+|^IZG55~==Jo6Z%DNEzI+#Gf)i^A6EMcXK}O0k=_cG_?WjXj2J|*AS5@&*%B@?B%N^fh$BFWpBRJv-HqcKQxBGy?WF8;i6$q1iM6a$$zEmOn zOytXwVYrVWTFi%MBTW=MD>v)RofgyowX}0pDOb>I9J|`bY344V&Hrb2xBCA7{`SuL z{C_2>;vCnwuBm~Z;Rh@yK=VS?-mI=&`17?G1sc{Kebf0_f?*DhT*Y@Alq$jukF8iLu!qG7dA_04 zL!--}-P1nI@!CT5(SpUg$Zr+4A0}ve9H8AiS-T3k$&b;uN7XkMro6f^rIRU_@@E9JvdrD~|6sKAR=-R`g2TX^|1{*B zt5;?+!Rl4UYt}OjHbXZ*)=+y7VY*bQy@(){oKk+msGvR#`*3x1Zsjz-_|W()f(AG* zUwaE-1Fp_qpM4#rH)!~>53dQ=?>k7@PZ?q)oB$`Wj|)qBcE?GG1y+^@V|q{0cw?putoz(CSf{K4w{zYeFA(x4WfGp6|H}AhjAOLSE}`J~ZwH#8Q@mBGE*O zClode9}zgJO`U5jDcvv*nn`rdpTq#L(EfkXz#o%Z_WwKkJH2ZBUw3;Q|GSd(Wd6S! z@LzF$;flEgI=_3RX;!*g2QA*<&Q3$}V;5%wZk1obyPwXbDx%F*x(8#uhZ}8o*eaRs zfy6_~B7GXS=xN zi<~tml_ReE9G6cM4cg-jGFwrV{hOKJ*#J)Uy=hrRWd%@o4#K%P)H~9$h3feMK8j_> z#pQ(h-ZHh}T8Vtn+RCEcSeaa_2i=DabY6vX5plh2`^tMtUHo~H22W+wcYJ|r^B>Wlr ze=m6jRIC3-uNwck+dWwC|5lQo9skdH>D0rCfj^0%XG&U#|3%2>@%O5xR{rnS?tkg+ zuK9l@={fQL6hE>i6ZMk3Uh)7#^e@VB` zJhh$w>~yR8e{XkpegE@H(nGjnS^{A{Ra`UJoE!4RTrcZQKeXp%y@%x-FY8o;XW)1F z;GUORb4nQI$MSWjOPSy1b7_^Sx?Ilk?6RsgJ9ahtTs3%HsfMOIT;*;A)4asAUB~t~ zsCbEeJD-xZ9tkko(&ZTa*XJnE z8u=e3iOVnwBJ4%M{rhM;|LN}USNZ>7e|`V|O40_r)9w|`7khpE?x*vYj?-QS2#5Ek z*bDy4*J|tB-^v__JVIXr9S(_4PzX2{m?eyG?2Z@;Fa(4PMh2;p40H(Zi{^`_N;h}C z^x%zn!PRAB6BVsAyidXKR_3$o`Ivjws_ z!XRNZNc98OrMPbHInIWZls3L4bRFksnyP?_EDTePhbj*fnzH6eqXNrgAJ^LRoPW?T zr25f&E^xwOfYon0N3-T;JXu&5vYVD@a2jIIae5xS(V^`{k&`!$^B0NCEeXRs{v<-z z7wdlg9#T_Ml99wI_TbG>eNYXm+itCBGoUeyHFBnvYU`W2H5BW} zIGOw2fG&r_hT}E$)nh%X<>}LKE1*8#@JY02`~iHd zi#ppLoY0X9zNyUw-B_A{>JmaaA~Cpb!l+zazhfx&$C!cZ8dK7DU%oqkb@uM`^@qcw zqqBFXSEi4@oUu*We5gB0xx^I3d3Wy*&)?`U-5FS#KDIa(a^i9mxc##K0C0k<1E9bA z^6>o4hpV$6j!zBfJ02XVs3AabiNm4$J>}~9V#8I+Ev^QE;W<5rkr2oq!Ar&kwe zCm+sF4o{EOfl(bs)9bF6MKY-gqAz2h10zCApj5)}jZ$JHR{`Si>-1pjUm=YH%;4A3 z2>%LPzjFW7tJXR_RBF`!KBkzfTQ8SB@+qa+`d@G7V80Uo-P_;UTibtElJcSMI~$eN zvJ@iixNw6QkqS`mk=r0QGQ&_yne45*zP#S>ON!nEQ+ z&?+ZiJE;;zC?jHW6e7+~v&+p4rJ6I#ggQ56z?X%TS-(2;ixEg}+~d(bM!({?W+T*; zRhi6p3FWhg*EEtpb~26MwQ(VSc7&3NXzAvv@}!)%h>XZffg)x4I>IdYlUm&Hx#&vj*~&7WDzj6J^7 zmzgp|cp+rw(OaDr_s7i9HA@ydLYEIqVSX}Xgf{4VM_7|y{ zYBQwuQ9ad>Lt>tTp1MRTFq@Y~E6at>VHhs38qPhY{F)?(`P)(U`%lwGx1~mT4xc4L zy{1ivM(I%Ysphw;9&iq4E6=$;keeZ|vbQR{?Cj35l!SU#3A+=*6=vDhIQjXXZKPCI z_5x53bfgu$I1Y#a#Np?|wD~|aq=5JArTQJrFeRYGE-lY z-!OzSQ;lAd5m;4(H$#YUK+*^ZhqpMQOx+0;Lxk=~ltz$pS^AcyVE_YdhK)$9vgi=R zm~idgug^8~S2>{~-InT@gE@cEAvBrcw!E#LqI?&^ckeCflmv=R%&ElF*iEIJm0cm5 zpiE+JsMA0?L#+s-n48c5eZ(@r>g?TIuoWdkp4}O2?%zr|9;TscGr%`Eq={VWrVwBu zY?B**Dymst8BcZbDAiXVpJT=e7dRF_Ds+xQL?UxpnKDu#eN0y&gqEmktuS*zk-HH6nP!>!Q{Vis$b75R%&>Vyso;X4B$>H099YF>;MP`b9u#ee7Q(Ppv10#k zJpZ}TVQ>=^g`S9(yY#_IE&e}y-QC^l`On_|`u(4kq!>l`>;^MN0^Em=ZyCBA`#~J1 zZiZF&8y03x$I(%}`XwC`z}vU>kd_0FoV{q&hp)amx;VSM)F<3mhyVQQD+eI4qIlm7 zPpLR(nB!PDPD}%wUFpz=-#J0S^irt0_M z{V$GFV)uG>Q|Pq|0rjsj8>a)uu{M@{#h8+Gx!|9^)wFDO_ESVv%R^s_C@Ecg~OsqutX!W`~3M z?6TW?`)`TkaO|fF1R4u`C(1ptG(P0-IA(p=-`m^S&OVuIIkRsl4C(DTBR3?(BYez# zq@S@UVGS^dI4^PjozCXV3emMSFf8KUB z;Ntl5-N}{8&jOfr?GM*@V&1V(h5OLaZFNe8O`{)vIR3e*^mfO|z?9%wlU%XkJt-q) zP;QL;HzJcg$2FZcHjL`2qxT&rySi83*8A?_qz|3UO$;TrW1D1U>%}R#0P0`$GPxIk zp5ldhw-4sAW%KIfWy9+l)85W7&s0jeAys(UbiRm|m(k2OH4n@;>!(z~^ObYP+F82u zSqXiMDQj#AM&s?9O@vWY?LB~AW8`wE^!7PGufNS=a5((u@#)oaNGt%RoF^rvKASGK zZaxnhcZq9Pu`zjdc6N1nb#Zupethxh2n~qRzSK0oLIql_g4 literal 0 HcmV?d00001 diff --git a/charts/ambassador/ambassador/6.7.1100/.helmignore b/charts/ambassador/ambassador/6.7.1100/.helmignore new file mode 100644 index 000000000..a0482efdf --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +OWNERS diff --git a/charts/ambassador/ambassador/6.7.1100/CHANGELOG.md b/charts/ambassador/ambassador/6.7.1100/CHANGELOG.md new file mode 100644 index 000000000..199e56fee --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/CHANGELOG.md @@ -0,0 +1,528 @@ +# Change Log + +This file documents all notable changes to Ambassador Helm Chart. The release +numbering uses [semantic versioning](http://semver.org). + +## Next Release + +(no changes yet) + +## v6.7.11 + +- Update Ambassador API Gateway chart image to version v1.13.8: [CHANGELOG](https://github.com/emissary-ingress/emissary/blob/master/CHANGELOG.md) +- Update Ambassador Edge Stack chart image to version v1.13.8: [CHANGELOG](https://github.com/emissary-ingress/emissary/blob/master/CHANGELOG.md) +- Bugfix: remove duplicate label key in ambassador-agent deployment + +## v6.7.10 + +- Update Ambassador API Gateway chart image to version v1.13.7: [CHANGELOG](https://github.com/emissary-ingress/emissary/blob/master/CHANGELOG.md) +- Update Ambassador Edge Stack chart image to version v1.13.7: [CHANGELOG](https://github.com/emissary-ingress/emissary/blob/master/CHANGELOG.md) + +## v6.7.9 + +- Update Ambassador chart image to version 1.13.6: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) + + +## v6.7.8 + +- Update Ambassador chart image to version 1.13.5: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) + + +## v6.7.7 + +- Bugfix: ambassador-injector and telepresence-proxy now use the correct default image repository + +## v6.7.6 + +- Update Ambassador chart image to version 1.13.4: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) +- Change: unless image.repository or image.fullImageOverride is explicitly set, the ambassador image used will be templated on .Values.enableAES. If AES is enabled, the chart will use docker.io/datawire/aes, otherwise will use docker.io/datawire/ambassador. + +## v6.7.5 + +- Update Ambassador chart image to version v1.13.3: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) + +## v6.7.4 + +- Feature: The [Ambassador Module](https://www.getambassador.io/docs/edge-stack/latest/topics/running/ambassador/) can now be configured and managed by Helm + +## v6.7.3 + +- Update Ambassador chart image to version v1.13.2: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) + +## v6.7.2 + +- Bugfix: Don't change the Role name when running in singleNamespace mode. + +## v6.7.1 + +- Update Ambassador chart image to version v1.13.1: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) + +## v6.7.0 + +- Update Ambassador to version 1.13.0: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) +- Feature: Ambassador Agent now available for API Gateway (https://app.getambassador.io) +- Feature: Add support for [pod toplology spread constraints](https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/) via the `topologySpreadConstraints` helm value to the Ambassador deployment. (thanks, [@lawliet89](https://github.com/lawliet89)!) +- BugFix: Add missing `ambassador_id` for resolvers. +- Change: Ambassador ClusterRoles are now aggregated under the label `rbac.getambassador.io/role-group`. The aggregated role has the same name as the previous role name (so no need to update ClusterRoleBindings). + +## v6.6.4 + +- Update Ambassador to version 1.12.4: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) + +## v6.6.3 + +- Update Ambassador to version 1.12.3: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) + +## v6.6.2 + +- Update Ambassador to version 1.12.2: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) + +## v6.6.1 + +- Fix metadata field in ConsulRevoler +- Make resolvers available to OSS + +## v6.6.0 + +- Update Ambassador to version 1.12.1: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) +- Feature: Apply Ambassador Agent deployment by default to enable Service Catalog reporting (https://app.getambassador.io) + +## v6.5.22 + +- Bugfix: Disable the cloud agent by default. The agent will be enabled in 6.6.0. +- Bugfix: Adds a check to prevent the cloud agent from being installed if AES version is less than 1.12.0 + +## v6.5.21 + +- Update Ambassador to version 1.12.0: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) +- Feature: Add support for the ambassador-agent, reporting to Service Catalog (https://app.getambassador.io) +- Feature: All services are automatically instrumented with discovery annotations. + +## v6.5.20 + +- Update Ambassador to version v1.11.2: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) + +## v6.5.19 + +- Make all `livenessProbe` and `readinessProbe` configurations available to the values file + +## v6.5.18 + +- Update Ambassador to version v1.11.1: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) + +## v6.5.17 + +- Update Ambassador to version v1.11.0: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) +- Bugfix: Fix Mapping definition to correctly support labels in use. + +## v6.5.16 + +- Bugfix: Ambassador CRD cleanup will now execute as expected. + +## v6.5.15 + +- Bugfix: Ambassador RBAC now includes permissions for IngressClasses. + +## v6.5.14 + +- Update for Ambassador v1.10.0 + +## v6.5.13 + +- Update for Ambassador v1.9.1 + +## v6.5.12 + +- Feature: Add ability to configure `terminationGracePeriodSeconds` for the Ambassador container +- Update for Ambassador v1.9.0 + +## v6.5.11 + +- Feature: add affinity and tolerations support for redis pods + +## v6.5.10 + +- Update Ambassador to version 1.8.1: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) + +## v6.5.9 + +- Update Ambassador to version 1.8.0: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) +- Bugfix: The RBAC for AES now grants permission to "patch" Events.v1.core. Previously it granted "create" but not "patch". + +## v6.5.8 + +- Update Ambassador to version 1.7.4: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) + +## v6.5.7 + +- Update Ambassador to version 1.7.3: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) +- The BusyBox image image used by `test-ready` is now configurable (thanks, [Alan Silva](https://github.com/OmegaVVeapon)!) + +## v6.5.6 + +- Update Ambassador to version 1.7.2: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) +- Feature: Allow overriding the namespace for the release using the values file: [ambassador-chart/#122](https://github.com/datawire/ambassador-chart/pull/122) + +## v6.5.5 + +- Allow hyphens in service annotations: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) + +## v6.5.4 + +- Upgrade Ambassador to version 1.7.1: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) + +## v6.5.3 + +- Upgrade Ambassador to version 1.7.0: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) + +## v6.5.2 + +- Feature: Add support for DaemonSet/Deployment labels: [ambassador-chart/#114](https://github.com/datawire/ambassador-chart/pull/114) +- Upgrade Ambassador to version 1.6.2: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) + +## v6.5.1 + +- Upgrade Ambassador to version 1.6.1: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) + +## v6.5.0 + +- Upgrade Ambassador to version 1.6.0: [CHANGELOG}](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) + +## v6.4.10 + +- Feature: Allow specifying annotations for the license-key-secret: [ambassador-chart/#106](https://github.com/datawire/ambassador-chart/issues/106) +- Feature: Annotation for keeping the AES secret on removal: [ambassador-chart/#110](https://github.com/datawire/ambassador-chart/issues/110) +- Fix: do not mount the secret if we do not want a secret: [ambassador-chart/#103](https://github.com/datawire/ambassador-chart/issues/103) +- Internal CI refactorings. + +## v6.4.9 + +- BugFix: Cannot specify podSecurityPolicies: [ambassador-chart/#97](https://github.com/datawire/ambassador-chart/issues/97) + +## v6.4.8 + +- Upgrade Ambassador to version 1.5.5: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) + +## v6.4.7 + +- BugFix: Registry service is now using the proper `app.kubernetes.io/name` +- BugFix: Restore ability to set `REDIS` env vars in `env` instead of `redisEnv` +- Feature: Add `envRaw` to support supplying raw yaml for environment variables. Deprecates `redisEnv`. + +## v6.4.6 + +- Upgrade Ambassador to version 1.5.4: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) +- Added support setting external IPs for the ambassador service (thanks, [Jason Smith](https://github.com/jasons42)!) + +## v6.4.5 + +- Upgrade Ambassador to version 1.5.3: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) + +## v6.4.4 + +- Feature flag for enabling or disabling the [`Project` registry](https://www.getambassador.io/docs/edge-stack/latest/topics/using/projects/) +- redisEnv for setting environment variables to control how Ambassador interacts with redis. See [redis environment](https://www.getambassador.io/docs/edge-stack/latest/topics/running/environment/#redis) + +## v6.4.3 + +- Upgrade Ambassador to version 1.5.2: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) + +## v6.4.2 + +- Upgrade Ambassador to version 1.5.1: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) + +## v6.4.1 + +- BugFix: The `PodSecurityPolicy` should not be created by default since it is a cluster-wide resource that should only be created once. + +If you would like to use the default `PodSecurityPolicy`, make sure to unset `security.podSecurityPolicy` it in all other releases. + +## v6.4.0 + +- Upgrade Ambassador to version 1.5.0: [CHANGELOG](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) +- AuthService and RateLimitService are now installed in the same namespace as Ambassador. +- Changes RBAC permissions to better support single-namespace installations and detecting getambassador.io CRDs. +- Add option to install Service Preview components (traffic-manager, traffic-agent). +- Add option to install ambassador-injector, alongside Service Preview. +- Add additional security policy configurations. + + `securityContext` has been deprecated in favor of `security` which allows you to set container and pod security contexts as well as a default `PodSecurityPolicy`. + +## v6.3.6 + +- Switch from Quay.io to DockerHub + +## v6.3.5 + +- Upgrade Ambassador to version 1.4.3: [CHANGELOG}](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) + +## v6.3.4 + +- Minor bug fixes + +## v6.3.3 + +- Add extra labels to ServiceMonitor: [CHANGELOG}](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) + +## v6.3.2 + +- Upgrade Ambassador to version 1.4.2: [CHANGELOG}](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) + +## v6.3.1 + +- Upgrade Ambassador to version 1.4.1: [CHANGELOG}](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) + +## v6.3.0 + +- Adds: Option to create a ServiceMonitor for scraping via Prometheus Operator + +## v6.2.5 + +- Upgrade Ambassador to version 1.4.0: [CHANGELOG}](https://github.com/datawire/ambassador/blob/master/CHANGELOG.md) + +## v6.2.4 + +- Fix typing so that Helm3 doesn't complain (thanks, [Fabrice Rabaute](https://github.com/jfrabaute)!) + +## v6.2.3 + +- Upgrade Ambassador to version 1.3.2. +- Use explicit types for things like ports, so that things like `helm .. --set service.ports[0].port=80` will be integers instead of ending up as strings + +## v6.2.2 + +- Upgrade Ambassador to version 1.3.1. +- Remove unnecessary `version` field from CRDs. +- Add static label to AES resources, to better support `edgectl install` + +## v6.2.1 + +- Upgrade Ambassador to version 1.3.0. + +## v6.2.0 + +- Add option to not create DevPortal routes + +## v6.1.5 + +- Upgrade Ambassador to version 1.2.2. + +## v6.1.4 + +- Upgrade from Ambassador 1.2.0 to 1.2.1. + +## v6.1.3 + +- Upgrade from Ambassador 1.1.1 to 1.2.0. + +## v6.1.2 + +- Upgrade from Ambassador 1.1.0 to 1.1.1. + +## v6.1.1 + +Minor Improvements: + +- Adds: Option to override the name of the RBAC resources + +## v6.1.0 + +Minor improvements including: + +- Adds: Option to set `restartPolicy` +- Adds: Option to give the AES license key secret a custom name +- Fixes: Assumption that the AES will be installed only from the `datawire/aes` repository. The `enableAES` flag now configures whether the AES is installed. +- Clarification on how to install OSS + +## v6.0.0 + +Introduces Ambassador Edge Stack being installed by default. + +### Breaking changes + +Ambassador Pro support has been removed in 6.0.0. Please upgrade to the Ambassador Edge Stack. + +## v5.0.0 + +### Breaking changes + +**Note** If upgrading an existing helm 2 installation no action is needed, previously installed CRDs will not be modified. + +- Helm 3 support for CRDs was added. Specifically, the CRD templates were moved to non-templated files in the `/crds` directory, and to keep Helm 2 support they are globbed from there by `/templates/crds.yaml`. However, because Helm 3 CRDs are not templated, the labels for new installations have necessarily changed + +## v4.0.0 + +### Breaking Changes + +- Introduces the performance tuned and certified build of open source Ambassador, Ambassador core +- The license key is now stored and read from a Kubernetes secret by default +- Added `.Values.pro.licenseKey.secret.enabled` `.Values.pro.licenseKey.secret.create` fields to allow multiple releases in the same namespace to use the same license key secret. + +### Minor Changes + +- Introduces the ability to configure resource limits for both Ambassador Pro and it's redis instance +- Introduces the ability to configure additional `AuthService` options (see [AuthService documentation](https://www.getambassador.io/reference/services/auth-service/)) +- The ambassador-pro-auth `AuthService` and ambassador-pro-ratelimit `RateLimitService` and now created as CRDs when `.Values.crds.enabled: true` +- Fixed misnamed selector for redis instance that failed in an edge case +- Exposes annotations for redis deployment and service + +## v3.0.0 + +### Breaking Changes + +- The default annotation has been removed. The service port will be set dynamically to 8080 or 8443 for http and https respectively. +- `service.http`, `service.https`, and `additionalTCPPort` has been replaced with `service.ports`. +- `rbac.namespaced` has been removed. Use `scope.singleNamespace` instead. + +### Minor Changes + +- Ambassador Pro will pick up when `AMBASSADOR_ID` is set in `.Values.env` [[#15025]](https://github.com/helm/charts/issues/15025). +- `{{release name}}-admins` has been renamed to `{{release name}}-admin` to match YAML install templates +- RBAC configuration has been updated to allow for CRD use when `scope.singleNamespace: true`. [[ambassador/#1576]](https://github.com/datawire/ambassador/issues/1576) +- RBAC configuration now allows for multiple Ambassadors to use CRDs. Set `crds.enabled` in releases that expect CRDs [[ambassador/#1679]](https://github.com/datawire/ambassador/issues/1679) + +## v2.6.0 + +### Minor Changes + +- Add ambassador CRDs! +- Update ambassador to 0.70.0 + +## v2.5.1 + +### Minor Changes + +- Update ambassador to 0.61.1 + +## v2.5.0 + +### Minor Changes + +- Add support for autoscaling using HPA, see `autoscaling` values. + +## v2.4.1 + +### Minor Changes + +- Update ambassador to 0.61.0 + +## v2.4.0 + +### Minor Changes + +- Allow configuring `hostNetwork` and `dnsPolicy` + +## v2.3.1 + +### Minor Changes + +- Adds HOST_IP environment variable + +## v2.3.0 + +### Minor Changes + +- Adds support for init containers using `initContainers` and pod labels `podLabels` + +## v2.2.5 + +### Minor Changes + +- Update ambassador to 0.60.3 + +## v2.2.4 + +### Minor Changes + +- Add support for Ambassador PRO [see readme](https://github.com/helm/charts/blob/master/stable/ambassador/README.md#ambassador-pro) + +## v2.2.3 + +### Minor Changes + +- Update ambassador to 0.60.2 + +## v2.2.2 + +### Minor Changes + +- Update ambassador to 0.60.1 + +## v2.2.1 + +### Minor Changes + +- Fix RBAC for ambassador 0.60.0 + +## v2.2.0 + +### Minor Changes + +- Update ambassador to 0.60.0 + +## v2.1.0 + +### Minor Changes + +- Added `scope.singleNamespace` for configuring ambassador to run in single namespace + +## v2.0.2 + +### Minor Changes + +- Update ambassador to 0.53.1 + +## v2.0.1 + +### Minor Changes + +- Update ambassador to 0.52.0 + +## v2.0.0 + +### Major Changes + +- Removed `ambassador.id` and `namespace.single` in favor of setting environment variables. + +## v1.1.5 + +### Minor Changes + +- Update ambassador to 0.50.3 + +## v1.1.4 + +### Minor Changes + +- support targetPort specification + +## v1.1.3 + +### Minor Changes + +- Update ambassador to 0.50.2 + +## v1.1.2 + +### Minor Changes + +- Add additional chart maintainer + +## v1.1.1 + +### Minor Changes + +- Default replicas -> 3 + +## v1.1.0 + +### Minor Changes + +- Allow RBAC to be namespaced (`rbac.namespaced`) + +## v1.0.0 + +### Major Changes + +- First release of Ambassador Helm Chart in helm/charts +- For migration see [Migrating from datawire/ambassador chart](https://github.com/helm/charts/tree/master/stable/ambassador#migrating-from-datawireambassador-chart-chart-version-0400-or-0500) diff --git a/charts/ambassador/ambassador/6.7.1100/CONTRIBUTING.md b/charts/ambassador/ambassador/6.7.1100/CONTRIBUTING.md new file mode 100644 index 000000000..443250b7a --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/CONTRIBUTING.md @@ -0,0 +1,23 @@ +# Contributing to the Ambassador Helm Chart + +This Helm chart is used to install The Ambassador Edge Stack (AES) and is +maintained by Datawire. + +## Developing + +All work on the helm chart should be done in a separate branch off `master` and +contributed with a Pull Request targeting `master`. + +**Note**: All updates to the chart require you update the `version` in +`Chart.yaml`. + +## Testing + +The `ci/` directory contains scripts that will be run on PRs to `master`. + +- `ci/run_tests.sh` will run the tests of the chart. + +## Releasing + +Releasing a new chart is done by pushing a tag to `master`. Travis will then +run the tests and push the chart to `https://getambassador.io/helm`. diff --git a/charts/ambassador/ambassador/6.7.1100/Chart.yaml b/charts/ambassador/ambassador/6.7.1100/Chart.yaml new file mode 100644 index 000000000..a1cc4f3db --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/Chart.yaml @@ -0,0 +1,28 @@ +annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Ambassador Edge Stack + catalog.cattle.io/release-name: ambassador +apiVersion: v1 +appVersion: 1.13.8 +description: A Helm chart for Datawire Ambassador +home: https://www.getambassador.io/ +icon: https://www.getambassador.io/images/logo.png +keywords: +- api gateway +- ambassador +- datawire +- envoy +maintainers: +- email: markus@maga.se + name: flydiverny +- email: flynn@datawire.io + name: kflynn +- email: nkrause@datawire.io + name: nbkrause +- email: lukeshu@datawire.io + name: lukeshu +name: ambassador +sources: +- https://github.com/datawire/ambassador +- https://github.com/prometheus/statsd_exporter +version: 6.7.1100 diff --git a/charts/ambassador/ambassador/6.7.1100/Makefile b/charts/ambassador/ambassador/6.7.1100/Makefile new file mode 100644 index 000000000..3271ecc11 --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/Makefile @@ -0,0 +1,37 @@ +HELM_TEST_IMAGE = quay.io/helmpack/chart-testing:v3.0.0-rc.1 +K3D_CLUSTER_NAME = helm-chart-test-cluster +CHART_DIR := $(patsubst %/,%,$(dir $(abspath $(lastword $(MAKEFILE_LIST))))) +CHART_KUBECONFIG := /tmp/kubeconfig/k3dconfig +CT_EXEC = docker run --rm -v $(CHART_KUBECONFIG):/root/.kube/config -v $(CHART_DIR):/charts --network host $(HELM_TEST_IMAGE) ct +K3D_EXEC := KUBECONFIG=$(CHART_KUBECONFIG) k3d + +test-chart: lint-chart preflight-chart-test chart-create-cluster + $(CT_EXEC) install --config /charts/ct.yaml && \ + $(MAKE) chart-delete-cluster +.PHONY: test-chart + +lint-chart: preflight-kubeconfig + $(CT_EXEC) lint --config /charts/ct.yaml +.PHONY: lint-chart + +preflight-chart-test: preflight-kubeconfig + # check if k3d is installed + @if ! command -v k3d 2> /dev/null ; then \ + printf 'k3d not installed, plz do that'; \ + false; \ + fi +.PHONY: preflight-chart-test + +preflight-kubeconfig: + mkdir -p `dirname $(CHART_KUBECONFIG)` + touch $(CHART_KUBECONFIG) +.PHONY: preflight-kubeconfig + +chart-create-cluster: preflight-kubeconfig + $(MAKE) chart-delete-cluster || true + $(K3D_EXEC) cluster create $(K3D_CLUSTER_NAME) --k3s-server-arg "--no-deploy=traefik" +.PHONY: chart-create-cluster + +chart-delete-cluster: + $(K3D_EXEC) cluster delete $(K3D_CLUSTER_NAME) +.PHONY: chart-delete-cluster diff --git a/charts/ambassador/ambassador/6.7.1100/README.md b/charts/ambassador/ambassador/6.7.1100/README.md new file mode 100644 index 000000000..01ea965bc --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/README.md @@ -0,0 +1,478 @@ +# Ambassador + +The Ambassador Edge Stack is a self-service, comprehensive edge stack that is Kubernetes-native and built on [Envoy Proxy](https://www.envoyproxy.io/). + +## TL;DR; + +```console +$ helm repo add datawire https://getambassador.io +$ helm install ambassador datawire/ambassador +``` + +## Introduction + +This chart bootstraps an [Ambassador](https://www.getambassador.io) deployment on +a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +## Prerequisites + +- Kubernetes 1.11+ + +## Add this Helm repository to your Helm client + +```console +helm repo add datawire https://getambassador.io +``` + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +$ kubectl create namespace ambassador +$ helm install my-release datawire/ambassador -n ambassador +``` + +The command deploys Ambassador Edge Stack in the ambassador namespace on the Kubernetes cluster in the default configuration. + +It is recommended to use the ambassador namespace for easy upgrades. + +The [configuration](#configuration) section lists the parameters that can be configured during installation. + +### Ambassador Edge Stack Installation + +This chart defaults to installing The Ambassador Edge Stack with all of its configuration objects. + +- A Redis instance +- `AuthService` resource for enabling authentication +- `RateLimitService` resource for enabling rate limiting +- `Mapping`s for internal request routing + +If installing alongside another deployment of Ambassador, some of these resources can cause configuration errors since only one `AuthService` or `RateLimitService` can be configured at a time. + +If you already have one of these resources configured in your cluster, please see the [configuration](#configuration) section below for information on how to disable them in the chart. + +### Ambassador OSS Installation + +This chart can still be used to install Ambassador OSS. + +To install OSS, change the `image` to use the OSS image and set `enableAES: false` to skip the install of any AES resources. + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```console +$ helm uninstall my-release +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Changelog + +Notable chart changes are listed in the [CHANGELOG](./CHANGELOG.md) + +## Configuration + +The following tables lists the configurable parameters of the Ambassador chart and their default values. + +| Parameter | Description | Default | +|----------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------| +| `nameOverride` | Override the generated chart name. Defaults to .Chart.Name. | | +| `fullnameOverride` | Override the generated release name. Defaults to .Release.Name. | | +| `namespaceOverride` | Override the generated release namespace. Defaults to .Release.Namespace. | | +| `adminService.create` | If `true`, create a service for Ambassador's admin UI | `true` | +| `adminService.nodePort` | If explicit NodePort for admin service is required | `true` | +| `adminService.type` | Ambassador's admin service type to be used | `ClusterIP` | +| `adminService.annotations` | Annotations to apply to Ambassador admin service | `{}` | +| `adminService.loadBalancerIP` | IP address to assign (if cloud provider supports it) | `""` | +| `adminService.loadBalancerSourceRanges` | Passed to cloud provider load balancer if created (e.g: AWS ELB) | None | +| `ambassadorConfig` | Config thats mounted to `/ambassador/ambassador-config` | `""` | +| `crds.enabled` | If `true`, enables CRD resources for the installation. | `true` | +| `crds.create` | If `true`, Creates CRD resources | `true` | +| `crds.keep` | If `true`, if the ambassador CRDs should be kept when the chart is deleted | `true` | +| `daemonSet` | If `true`, Create a DaemonSet. By default Deployment controller will be created | `false` | +| `test.enabled` | If `true`, Create test Pod to verify the Ambassador service works correctly (Only created on `helm test`) | `true` | +| `test.image` | Image to use for the test Pod | `busybox` | +| `hostNetwork` | If `true`, uses the host network, useful for on-premise setups | `false` | +| `dnsPolicy` | Dns policy, when hostNetwork set to ClusterFirstWithHostNet | `ClusterFirst` | +| `env` | Any additional environment variables for ambassador pods | `{}` | +| `envRaw` | Additional environment variables in raw YAML format | `{}` | +| `image.pullPolicy` | Ambassador image pull policy | `IfNotPresent` | +| `image.repository` | Ambassador image | `docker.io/datawire/aes` | +| `image.tag` | Ambassador image tag | `1.13.8` | +| `imagePullSecrets` | Image pull secrets | `[]` | +| `namespace.name` | Set the `AMBASSADOR_NAMESPACE` environment variable | `metadata.namespace` | +| `scope.singleNamespace` | Set the `AMBASSADOR_SINGLE_NAMESPACE` environment variable and create namespaced RBAC if `rbac.enabled: true` | `false` | +| `podAnnotations` | Additional annotations for ambassador pods | `{}` | +| `deploymentAnnotations` | Additional annotations for ambassador DaemonSet/Deployment | `{}` | +| `podLabels` | Additional labels for ambassador pods | | +| `deploymentLabels` | Additional labels for ambassador DaemonSet/Deployment | | +| `affinity` | Affinity for ambassador pods | `{}` | +| `topologySpreadConstraints` | Topology Spread Constraints for Ambassador pods. Stable since 1.19. | `[]` | +| `nodeSelector` | NodeSelector for ambassador pods | `{}` | +| `priorityClassName` | The name of the priorityClass for the ambassador DaemonSet/Deployment | `""` | +| `rbac.create` | If `true`, create and use RBAC resources | `true` | +| `rbac.podSecurityPolicies` | pod security polices to bind to | | +| `rbac.nameOverride` | Overrides the default name of the RBAC resources | `` | +| `replicaCount` | Number of Ambassador replicas | `3` | +| `resources` | CPU/memory resource requests/limits | `{ "limits":{"cpu":"1000m","memory":"600Mi"},"requests":{"cpu":"200m","memory":"300Mi"}}` | +| `securityContext` | Set security context for pod | `{ "runAsUser": "8888" }` | +| `security.podSecurityContext` | Set the security context for the Ambassador pod | `{ "runAsUser": "8888" }` | +| `security.containerSecurityContext` | Set the security context for the Ambassador container | `{ "allowPrivilegeEscalation": false }` | +| `security.podSecurityPolicy` | Create a PodSecurityPolicy to be used for the pod. | `{}` | +| `restartPolicy` | Set the `restartPolicy` for pods | `` | +| `terminationGracePeriodSeconds` | Set the `terminationGracePeriodSeconds` for the pod. Defaults to 30 if unset. | `` | +| `initContainers` | Containers used to initialize context for pods | `[]` | +| `sidecarContainers` | Containers that share the pod context | `[]` | +| `livenessProbe.initialDelaySeconds` | Initial delay (s) for Ambassador pod's liveness probe | `30` | +| `livenessProbe.periodSeconds` | Probe period (s) for Ambassador pod's liveness probe | `3` | +| `livenessProbe.failureThreshold` | Failure threshold for Ambassador pod's liveness probe | `3` | +| `readinessProbe.initialDelaySeconds` | Initial delay (s) for Ambassador pod's readiness probe | `30` | +| `readinessProbe.periodSeconds` | Probe period (s) for Ambassador pod's readiness probe | `3` | +| `readinessProbe.failureThreshold` | Failure threshold for Ambassador pod's readiness probe | `3` | +| `service.annotations` | Annotations to apply to Ambassador service | `""` | +| `service.externalTrafficPolicy` | Sets the external traffic policy for the service | `""` | +| `service.nameOverride` | Sets the name of the service | `ambassador.fullname` | +| `service.ports` | List of ports Ambassador is listening on | `[{"name": "http","port": 80,"targetPort": 8080},{"name": "https","port": 443,"targetPort": 8443}]` | +| `service.loadBalancerIP` | IP address to assign (if cloud provider supports it) | `""` | +| `service.loadBalancerSourceRanges` | Passed to cloud provider load balancer if created (e.g: AWS ELB) | None | +| `service.sessionAffinity` | Sets the session affinity policy for the service | `""` | +| `service.sessionAffinityConfig` | Sets the session affinity config for the service | `""` | +| `service.type` | Service type to be used | `LoadBalancer` | +| `service.externalIPs` | External IPs to route to the ambassador service | `[]` | +| `serviceAccount.create` | If `true`, create a new service account | `true` | +| `serviceAccount.name` | Service account to be used | `ambassador` | +| `volumeMounts` | Volume mounts for the ambassador service | `[]` | +| `volumes` | Volumes for the ambassador service | `[]` | +| `enableAES` | Create the [AES configuration objects](#ambassador-edge-stack-installation) | `true` | +| `createDevPortalMappings` | Expose the dev portal on `/docs/` and `/documentation/` | `true` | +| `licenseKey.value` | Ambassador Edge Stack license. Empty will install in evaluation mode. | `` | +| `licenseKey.createSecret` | Set to `false` if installing mutltiple Ambassdor Edge Stacks in a namespace. | `true` | +| `licenseKey.secretName` | Name of the secret to store Ambassador license key in. | `` | +| `licenseKey.annotations` | Annotations to attach to the license-key-secret. | {} | +| `redisURL` | URL of redis instance not created by the release | `""` | +| `redisEnv` | (**DEPRECATED:** Use `envRaw`) Set env vars that control how Ambassador interacts with redis. | `""` | +| `redis.create` | Create a basic redis instance with default configurations | `true` | +| `redis.annotations` | Annotations for the redis service and deployment | `""` | +| `redis.resources` | Resource requests for the redis instance | `""` | +| `redis.nodeSelector` | NodeSelector for redis pods | `{}` | +| `redis.affinity` | Affinity for redis pods | `{}` | +| `redis.tolerations` | Tolerations for redis pods | `{}` | +| `authService.create` | Create the `AuthService` CRD for Ambassador Edge Stack | `true` | +| `authService.optional_configurations` | Config options for the `AuthService` CRD | `""` | +| `rateLimit.create` | Create the `RateLimit` CRD for Ambassador Edge Stack | `true` | +| `registry.create` | Create the `Project` registry. | `false` | +| `autoscaling.enabled` | If true, creates Horizontal Pod Autoscaler | `false` | +| `autoscaling.minReplicas` | If autoscaling enabled, this field sets minimum replica count | `2` | +| `autoscaling.maxReplicas` | If autoscaling enabled, this field sets maximum replica count | `5` | +| `autoscaling.metrics` | If autoscaling enabled, configure hpa metrics | | +| `podDisruptionBudget` | Pod disruption budget rules | `{}` | +| `resolvers.endpoint.create` | Create a KubernetesEndpointResolver | `false` | +| `resolvers.endpoint.name` | If creating a KubernetesEndpointResolver, the resolver name | `endpoint` | +| `resolvers.consul.create` | Create a ConsulResolver | `false` | +| `resolvers.consul.name` | If creating a ConsulResolver, the resolver name | `consul-dc1` | +| `resolvers.consul.spec` | If creating a ConsulResolver, additional configuration | `{}` | +| `module` | Configure and manage the Ambassador Module from the Chart | `{}` | +| `prometheusExporter.enabled` | DEPRECATED: Prometheus exporter side-car enabled | `false` | +| `prometheusExporter.pullPolicy` | DEPRECATED: Image pull policy | `IfNotPresent` | +| `prometheusExporter.repository` | DEPRECATED: Prometheus exporter image | `prom/statsd-exporter` | +| `prometheusExporter.tag` | DEPRECATED: Prometheus exporter image | `v0.8.1` | +| `prometheusExporter.resources` | DEPRECATED: CPU/memory resource requests/limits | `{}` | +| `metrics.serviceMonitor.enabled` | Create ServiceMonitor object (`adminService.create` should be to `true`) | `false` | +| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped | `30s` | +| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `30s` | +| `metrics.serviceMonitor.selector` | Label Selector for Prometheus to find ServiceMonitors | `{ prometheus: kube-prometheus }` | +| `servicePreview.enabled` | If true, install Service Preview components: traffic-manager & traffic-agent (`enableAES` needs to also be to `true`) | `false` | +| `servicePreview.trafficManager.image.repository` | Ambassador Traffic-manager image | Same value as `image.repository` | +| `servicePreview.trafficManager.image.tag` | Ambassador Traffic-manager image tag | Same value as `image.tag` | +| `servicePreview.trafficManager.serviceAccountName` | Traffic-manager Service Account to be used | `traffic-manager` | +| `servicePreview.trafficAgent.image.repository` | Ambassador Traffic-agent image | Same value as `image.repository` | +| `servicePreview.trafficAgent.image.tag` | Ambassador Traffic-agent image tag | Same value as `image.tag` | +| `servicePreview.trafficAgent.injector.enabled` | If true, install the ambassador-injector | `true` | +| `servicePreview.trafficAgent.injector.crtPEM` | TLS certificate for the Common Name of ..svc | Auto-generated, valid for 365 days | +| `servicePreview.trafficAgent.injector.keyPEM` | TLS private key for the Common Name of ..svc | Auto-generated, valid for 365 days | +| `servicePreview.trafficAgent.port` | Traffic-agent listening port number when injected with ambassador-injector | `9900` | +| `servicePreview.trafficAgent.serviceAccountName` | Label Selector for Prometheus to find ServiceMonitors | `traffic-agent` | +| `servicePreview.trafficAgent.singleNamespace` | If `true`, installs the traffic-agent ServiceAccount and Role in the current installation namespace; Otherwise uses a global ClusterRole applied to every ServiceAccount | `true` | +| `agent.enabled` | If `true`, installs the ambassador-agent Deployment, ServiceAccount and ClusterRole in the ambassador namespace | `true` | +| `agent.cloudConnectionToken` | API token for reporting snapshots to the [Service Catalog](https://app.getambassador.io/cloud/catalog/); If empty, agent will not report snapshots | `""` | +| `agent.rpcAddress` | Address of the ambassador Service Catalog rpc server. | `https://app.getambassador.io/` | +| `agent.image.repository` | Image repository for the ambassador-agent deployment. Defaults to value of `image.repository` | Same value as `image.repository` | +| `agent.image.tag` | Image tag for the ambassador-agent deployment. Defaults to value of `image.tag` | Same value as `image.tag` | + +**NOTE:** Make sure the configured `service.http.targetPort` and `service.https.targetPort` ports match your [Ambassador Module's](https://www.getambassador.io/reference/modules/#the-ambassador-module) `service_port` and `redirect_cleartext_from` configurations. + +### The Ambasssador Edge Stack + +The Ambassador Edge Stack provides a comprehensive, self-service edge stack in +the Kubernetes cluster with a decentralized deployment model and a declarative +paradigm. + +By default, this chart will install the latest image of The Ambassador Edge +Stack which will replace your existing deployment of Ambassador with no changes +to functionality. + +### CRDs + +This helm chart includes the creation of the core CRDs Ambassador uses for +configuration. + +The `crds` flags (Helm 2 only) let you configure how a release manages crds. +- `crds.create` Can only be set on your first/master Ambassador release. +- `crds.enabled` Should be set on all releases using Ambassador CRDs +- `crds.keep` Configures if the CRDs are deleted when the master release is + purged. This value is only checked for the master release and can be set to + any value on secondary releases. + +### Security + +Ambassador takes security very seriously. For this reason, the YAML installation will default with a couple of basic security policies in place. + +The `security` field of the `values.yaml` file configures these default policies and replaces the `securityContext` field used earlier. + +The defaults will configure the pod to run as a non-root user and prohibit privilege escalation and outline a `PodSecurityPolicy` to ensure these conditions are met. + + + +```yaml +security: + # Security Context for all containers in the pod. + # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#podsecuritycontext-v1-core + podSecurityContext: + runAsUser: 8888 + # Security Context for the Ambassador container specifically + # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#securitycontext-v1-core + containerSecurityContext: + allowPrivilegeEscalation: false + # A basic PodSecurityPolicy to ensure Ambassador is running with appropriate security permissions + # https://kubernetes.io/docs/concepts/policy/pod-security-policy/ + # + # A set of reasonable defaults is outlined below. This is not created by default as it should only + # be created by a one Release. If you want to use the PodSecurityPolicy in the chart, create it in + # the "master" Release and then leave it unset in all others. Set the `rbac.podSecurityPolicies` + # in all non-"master" Releases. + podSecurityPolicy: {} + # # Add AppArmor and Seccomp annotations + # # https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor + # annotations: + # spec: + # seLinux: + # rule: RunAsAny + # supplementalGroups: + # rule: 'MustRunAs' + # ranges: + # # Forbid adding the root group. + # - min: 1 + # max: 65535 + # fsGroup: + # rule: 'MustRunAs' + # ranges: + # # Forbid adding the root group. + # - min: 1 + # max: 65535 + # privileged: false + # allowPrivilegeEscalation: false + # runAsUser: + # rule: MustRunAsNonRoot +``` + +### Annotations + +Ambassador is configured using Kubernetes Custom Resource Definitions (CRDs). If you are unable to use CRDs, Ambassador can also be configured using annotations on services. The `service.annotations` section of the values file contains commented out examples of [Ambassador Module](https://www.getambassador.io/reference/core/ambassador) and a global [TLSContext](https://www.getambassador.io/reference/core/tls) configurations which are typically created in the Ambassador service. + +If you intend to use `service.annotations`, remember to include the `getambassador.io/config` annotation key as above. + +### Prometheus Metrics + +Using the Prometheus Exporter has been deprecated and is no longer recommended. You can now use `metrics.serviceMonitor.enabled` to create a `ServiceMonitor` from the chart if the [Prometheus Operator](https://github.com/coreos/prometheus-operator) has been installed on your cluster. + +Please see Ambassador's [monitoring with Prometheus](https://www.getambassador.io/user-guide/monitoring/) docs for more information on using the `/metrics` endpoint for metrics collection. + +### Specifying Values + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```console +$ helm install --wait my-release \ + --set adminService.type=NodePort \ + datawire/ambassador +``` + +Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, + +```console +$ helm install --wait my-release -f values.yaml datawire/ambassador +``` + +--- + +# Upgrading + +## To 6.0.0 + +Introduces Ambassador Edge Stack being installed by default. + +### Breaking changes + +Ambassador Pro support has been removed in 6.0.0. Please [upgrade to the Ambassador Edge Stack](https://www.getambassador.io/user-guide/helm). + +## To 5.0.0 + +### Breaking changes + +**Note** If upgrading an existing helm 2 installation no action is needed, previously installed CRDs will not be modified. + +- Helm 3 support for CRDs was added. Specifically, the CRD templates were moved to non-templated files in the `/crds` directory, and to keep Helm 2 support they are globbed from there by `/templates/crds.yaml`. However, because Helm 3 CRDs are not templated, the labels for new installations have necessarily changed + +## To 4.0.0 + +The 4.0.0 chart contains a number of changes to the way Ambassador Pro is installed. + +- Introduces the performance tuned and certified build of open source Ambassador, Ambassador core +- The license key is now stored and read from a Kubernetes secret by default +- Added `.Values.pro.licenseKey.secret.enabled` `.Values.pro.licenseKey.secret.create` fields to allow multiple releases in the same namespace to use the same license key secret. +- Introduces the ability to configure resource limits for both Ambassador Pro and it's redis instance +- Introduces the ability to configure additional `AuthService` options (see [AuthService documentation](https://www.getambassador.io/reference/services/auth-service/)) +- The ambassador-pro-auth `AuthService` and ambassador-pro-ratelimit `RateLimitService` and now created as CRDs when `.Values.crds.enabled: true` +- Fixed misnamed selector for redis instance that failed in an edge case +- Exposes annotations for redis deployment and service + +### Breaking changes + +The value of `.Values.pro.image.tag` has been shortened to assume `amb-sidecar` (and `amb-core` for Ambassador core) +`values.yaml` +```diff +<3.0.0> + image: + repository: quay.io/datawire/ambassador_pro +- tag: amb-sidecar-0.6.0 + +<4.0.0+> + image: + repository: quay.io/datawire/ambassador_pro ++ tag: 0.7.0 +``` + +Method for creating a Kubernetes secret to hold the license key has been changed + +`values.yaml` +```diff +<3.0.0> +- secret: false +<4.0.0> ++ secret: ++ enabled: true ++ create: true +``` + +## To 3.0.0 + +### Service Ports + +The way ports are assigned has been changed for a more dynamic method. + +Now, instead of setting the port assignments for only the http and https, any port can be open on the load balancer using a list like you would in a standard Kubernetes YAML manifest. + +`pre-3.0.0` +```yaml +service: + http: + enabled: true + port: 80 + targetPort: 8080 + https: + enabled: true + port: 443 + targetPort: 8443 +``` + +`3.0.0` +```yaml +service: + ports: + - name: http + port: 80 + targetPort: 8080 + - name: https + port: 443 + targetPort: 8443 +``` + +This change has also replaced the `.additionalTCPPorts` configuration. Additional TCP ports can be created the same as the http and https ports above. + +### Annotations and `service_port` + +The below Ambassador `Module` annotation is no longer being applied by default. + +```yaml +getambassador.io/config: | + --- + apiVersion: ambassador/v1 + kind: Module + name: ambassador + config: + service_port: 8080 +``` +This was causing confusion with the `service_port` being hard-coded when enabling TLS termination in Ambassador. + +Ambassador has been listening on port 8080 for HTTP and 8443 for HTTPS by default since version `0.60.0` (chart version 2.2.0). + +### RBAC and CRDs + +A `ClusterRole` and `ClusterRoleBinding` named `{{release name}}-crd` will be created to watch for the Ambassador Custom Resource Definitions. This will be created regardless of the value of `scope.singleNamespace` since CRDs are created the cluster scope. + +`rbac.namespaced` has been removed. For namespaced RBAC, set `scope.singleNamespace: true` and `rbac.enabled: true`. + +`crds.enabled` will indicate that you are using CRDs and will create the rbac resources regardless of the value of `crds.create`. This allows for multiple deployments to use the CRDs. + +## To 2.0.0 + +### Ambassador ID + +ambassador.id has been removed in favor of setting it via an environment variable in `env`. `AMBASSADOR_ID` defaults to `default` if not set in the environment. This is mainly used for [running multiple Ambassadors](https://www.getambassador.io/reference/running#ambassador_id) in the same cluster. + +| Parameter | Env variables | +| --------------- | --------------- | +| `ambassador.id` | `AMBASSADOR_ID` | + +## Migrating from `datawire/ambassador` chart (chart version 0.40.0 or 0.50.0) + +Chart now runs ambassador as non-root by default, so you might need to update your ambassador module config to match this. + +### Timings + +Timings values have been removed in favor of setting the env variables using `env´ + +| Parameter | Env variables | +| ----------------- | -------------------------- | +| `timing.restart` | `AMBASSADOR_RESTART_TIME` | +| `timing.drain` | `AMBASSADOR_DRAIN_TIME` | +| `timing.shutdown` | `AMBASSADOR_SHUTDOWN_TIME` | + +### Single namespace + +| Parameter | Env variables | +| ------------------ | ----------------------------- | +| `namespace.single` | `AMBASSADOR_SINGLE_NAMESPACE` | + +### Renamed values + +Service ports values have changed names and target ports have new defaults. + +| Previous parameter | New parameter | New default value | +| --------------------------- | -------------------------- | ----------------- | +| `service.enableHttp` | `service.http.enabled` | | +| `service.httpPort` | `service.http.port` | | +| `service.httpNodePort` | `service.http.nodePort` | | +| `service.targetPorts.http` | `service.http.targetPort` | `8080` | +| `service.enableHttps` | `service.https.enabled` | | +| `service.httpsPort` | `service.https.port` | | +| `service.httpsNodePort` | `service.https.nodePort` | | +| `service.targetPorts.https` | `service.https.targetPort` | `8443` | + +### Exporter sidecar + +Pre version `0.50.0` ambassador was using socat and required a sidecar to export statsd metrics. In `0.50.0` ambassador no longer uses socat and doesn't need a sidecar anymore to export its statsd metrics. Statsd metrics are disabled by default and can be enabled by setting environment `STATSD_ENABLED`, this will (in 0.50) send metrics to a service named `statsd-sink`, if you want to send it to another service or namespace it can be changed by setting `STATSD_HOST` + +If you are using prometheus the chart allows you to enable a sidecar which can export to prometheus see the `prometheusExporter` values. diff --git a/charts/ambassador/ambassador/6.7.1100/RELEASE.tpl b/charts/ambassador/ambassador/6.7.1100/RELEASE.tpl new file mode 100644 index 000000000..d00d6b2f2 --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/RELEASE.tpl @@ -0,0 +1,8 @@ +## :tada: Ambassador Chart $CHART_VERSION :tada: + +Upgrade Ambassador - https://www.getambassador.io/reference/upgrading#helm.html +View changelog - https://github.com/datawire/ambassador/blob/master/charts/ambassador/CHANGELOG.md + +--- + + diff --git a/charts/ambassador/ambassador/6.7.1100/RELEASE_TITLE.tpl b/charts/ambassador/ambassador/6.7.1100/RELEASE_TITLE.tpl new file mode 100644 index 000000000..7aab5973c --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/RELEASE_TITLE.tpl @@ -0,0 +1 @@ +Ambassador Chart $CHART_VERSION diff --git a/charts/ambassador/ambassador/6.7.1100/app-readme.md b/charts/ambassador/ambassador/6.7.1100/app-readme.md new file mode 100644 index 000000000..d2ef7356e --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/app-readme.md @@ -0,0 +1,13 @@ +# Ambassador Edge Stack and Emissary Ingress Chart + +[Ambassador Edge Stack](https://www.getambassador.io/products/edge-stack/) and its open source CNCF counterpart [Emissary-Ingress](https://www.getambassador.io/products/api-gateway/) are Kubernetes native, high-performance Ingress controllers designed with GitOps workflows and developer experience in mind. The Edge Stack allows users to manage [Authentication](https://www.getambassador.io/docs/edge-stack/latest/topics/using/filters/), [Rate Limits](https://www.getambassador.io/docs/edge-stack/latest/topics/using/rate-limits/rate-limits/), [TLS](https://www.getambassador.io/docs/edge-stack/latest/topics/running/tls/) and more with easy-to-use resources for [managing your APIs](https://www.getambassador.io/docs/edge-stack/latest/topics/using/intro-mappings/). + +## Service Catalog + +The default installation of Ambassador Edge Stack includes the deployment needed to get started with [Service Catalog](https://www.getambassador.io/products/service-catalog/) and the [Developer Control Plane](https://www.getambassador.io/developer-control-plane/). Simply generate your [Cloud Token](https://www.getambassador.io/docs/cloud/latest/service-catalog/quick-start/#1-connect-your-cluster-to-ambassador-cloud) and add it in the Service Catalog section as you're setting up the chart. + +## More Info + +Visit the [Quick Start](https://www.getambassador.io/docs/edge-stack/latest/tutorials/getting-started/) page for more instructions, or check out our [documentation](https://www.getambassador.io/docs/edge-stack). For any questions, or to join the community, visit our [Slack](https://a8r.io/slack) and say hi! + +* Ambassador recommends a Kubernetes version of 1.16 or higher. diff --git a/charts/ambassador/ambassador/6.7.1100/ci/01-psp-values.yaml b/charts/ambassador/ambassador/6.7.1100/ci/01-psp-values.yaml new file mode 100644 index 000000000..27152824e --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/ci/01-psp-values.yaml @@ -0,0 +1,40 @@ +security: + # Security Context for all containers in the pod. + # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#podsecuritycontext-v1-core + podSecurityContext: + runAsUser: 8888 + # Security Context for the Ambassador container specifically + # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#securitycontext-v1-core + containerSecurityContext: + allowPrivilegeEscalation: false + # A basic PodSecurityPolicy to ensure Ambassador is running with appropriate security permissions + # https://kubernetes.io/docs/concepts/policy/pod-security-policy/ + # + # A set of reasonable defaults is outlined below. This is not created by default as it should only + # be created by a one Release. If you want to use the PodSecurityPolicy in the chart, create it in + # the "master" Release and then leave it unset in all others. Set the `rbac.podSecurityPolicies` + # in all non-"master" Releases. + podSecurityPolicy: + # Add AppArmor and Seccomp annotations + # https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor + annotations: + seccomp.security.alpha.kubernetes.io/defaultProfileName: runtime/default + spec: + seLinux: + rule: RunAsAny + supplementalGroups: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 1 + max: 65535 + privileged: false + allowPrivilegeEscalation: false + runAsUser: + rule: MustRunAsNonRoot diff --git a/charts/ambassador/ambassador/6.7.1100/ci/02-oss-values.yaml b/charts/ambassador/ambassador/6.7.1100/ci/02-oss-values.yaml new file mode 100644 index 000000000..4fb9ff60c --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/ci/02-oss-values.yaml @@ -0,0 +1,8 @@ +# install the Ambassador API Gateway +image: + pullPolicy: IfNotPresent + +enableAES: false + +deploymentStrategy: + type: Recreate diff --git a/charts/ambassador/ambassador/6.7.1100/ci/05-auth-disabled-values.yaml b/charts/ambassador/ambassador/6.7.1100/ci/05-auth-disabled-values.yaml new file mode 100644 index 000000000..769f8eb55 --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/ci/05-auth-disabled-values.yaml @@ -0,0 +1,8 @@ +service: + type: NodePort + +authService: + create: false + +deploymentStrategy: + type: Recreate diff --git a/charts/ambassador/ambassador/6.7.1100/ci/06-hpa-values.yaml b/charts/ambassador/ambassador/6.7.1100/ci/06-hpa-values.yaml new file mode 100644 index 000000000..56509eb8b --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/ci/06-hpa-values.yaml @@ -0,0 +1,8 @@ +deploymentStrategy: + type: Recreate + +service: + type: NodePort + +autoscaling: + enabled: true diff --git a/charts/ambassador/ambassador/6.7.1100/ci/08-single-namespace-values.yaml b/charts/ambassador/ambassador/6.7.1100/ci/08-single-namespace-values.yaml new file mode 100644 index 000000000..591785bde --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/ci/08-single-namespace-values.yaml @@ -0,0 +1,8 @@ +service: + type: NodePort + +deploymentStrategy: + type: Recreate + +scope: + singleNamespace: true diff --git a/charts/ambassador/ambassador/6.7.1100/ci/09-redis-false-values.yaml b/charts/ambassador/ambassador/6.7.1100/ci/09-redis-false-values.yaml new file mode 100644 index 000000000..e545210d5 --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/ci/09-redis-false-values.yaml @@ -0,0 +1,9 @@ +service: + type: NodePort + +redis: + enabled: false + # Annotations for Ambassador Pro's redis instance. + +deploymentStrategy: + type: Recreate diff --git a/charts/ambassador/ambassador/6.7.1100/ci/12-daemonset-values.yaml b/charts/ambassador/ambassador/6.7.1100/ci/12-daemonset-values.yaml new file mode 100644 index 000000000..9a581d94b --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/ci/12-daemonset-values.yaml @@ -0,0 +1,7 @@ +service: + type: NodePort + +deploymentStrategy: + type: RollingUpdate + +daemonSet: true diff --git a/charts/ambassador/ambassador/6.7.1100/ci/13-rl-disabled-values.yaml b/charts/ambassador/ambassador/6.7.1100/ci/13-rl-disabled-values.yaml new file mode 100644 index 000000000..a1dfe0434 --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/ci/13-rl-disabled-values.yaml @@ -0,0 +1,8 @@ +service: + type: NodePort + +rateLimit: + create: false + +deploymentStrategy: + type: Recreate diff --git a/charts/ambassador/ambassador/6.7.1100/ci/14-deployment-labels.yaml b/charts/ambassador/ambassador/6.7.1100/ci/14-deployment-labels.yaml new file mode 100644 index 000000000..33ebe5b74 --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/ci/14-deployment-labels.yaml @@ -0,0 +1,3 @@ +deploymentLabels: + label: foo + label2: bar diff --git a/charts/ambassador/ambassador/6.7.1100/ci/15-test-resolvers.yaml b/charts/ambassador/ambassador/6.7.1100/ci/15-test-resolvers.yaml new file mode 100644 index 000000000..0601ce9c4 --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/ci/15-test-resolvers.yaml @@ -0,0 +1,11 @@ +resolvers: + endpoint: + create: true + name: endpoint-foo + + consul: + create: true + name: consul-foo + spec: + address: ${HOST_IP} + datacenter: dc1 \ No newline at end of file diff --git a/charts/ambassador/ambassador/6.7.1100/ci/16-test-module.yaml b/charts/ambassador/ambassador/6.7.1100/ci/16-test-module.yaml new file mode 100644 index 000000000..d80bf9508 --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/ci/16-test-module.yaml @@ -0,0 +1,9 @@ +module: + lua_scripts: | + function envoy_on_response(response_handle) + response_handle:headers():add("Lua-Scripts-Enabled", "Processed") + end + + ip_allow: + - peer: 127.0.0.1 + - remote: 99.99.0.0/16 \ No newline at end of file diff --git a/charts/ambassador/ambassador/6.7.1100/ci/17-svc-preview.yaml b/charts/ambassador/ambassador/6.7.1100/ci/17-svc-preview.yaml new file mode 100644 index 000000000..a141bcdda --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/ci/17-svc-preview.yaml @@ -0,0 +1,5 @@ +servicePreview: + enabled: true +trafficAgent: + injector: + enabled: true diff --git a/charts/ambassador/ambassador/6.7.1100/ci/check_updated_changelog.sh b/charts/ambassador/ambassador/6.7.1100/ci/check_updated_changelog.sh new file mode 100644 index 000000000..1840c1799 --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/ci/check_updated_changelog.sh @@ -0,0 +1,21 @@ +#!/bin/bash + +set -e + +CURR_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" +[ -d "$CURR_DIR" ] || { echo "FATAL: no current dir (maybe running in zsh?)"; exit 1; } +TOP_DIR=$CURR_DIR/.. + +# shellcheck source=common.sh +source "$CURR_DIR/common.sh" + +echo ${TOP_DIR} +chart_version=$(get_chart_version ${TOP_DIR}) + +if ! grep "## v${chart_version}" ${TOP_DIR}/CHANGELOG.md > /dev/null 2>&1 ; then + echo "Current chart version does not appear in the changelog." + echo "Please run ambassador.git/charts/ambassador/ci/update_chart_changelog.sh and commit." + exit 1 +fi + +echo "Changelog looks good!" diff --git a/charts/ambassador/ambassador/6.7.1100/ci/tests/manifests/backend.yaml b/charts/ambassador/ambassador/6.7.1100/ci/tests/manifests/backend.yaml new file mode 100644 index 000000000..b2d9205df --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/ci/tests/manifests/backend.yaml @@ -0,0 +1,47 @@ +--- +apiVersion: getambassador.io/v1 +kind: Mapping +metadata: + name: quote-backend +spec: + prefix: /backend/ + service: quote +--- +apiVersion: v1 +kind: Service +metadata: + name: quote +spec: + ports: + - name: http + port: 80 + targetPort: 8080 + selector: + app: quote +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: quote +spec: + replicas: 1 + selector: + matchLabels: + app: quote + strategy: + type: RollingUpdate + template: + metadata: + labels: + app: quote + spec: + containers: + - name: backend + image: datawire/quote:0.4.0 + ports: + - name: http + containerPort: 8080 + resources: + limits: + cpu: "0.1" + memory: 100Mi diff --git a/charts/ambassador/ambassador/6.7.1100/ci/tests/manifests/ci-default-values.yaml b/charts/ambassador/ambassador/6.7.1100/ci/tests/manifests/ci-default-values.yaml new file mode 100644 index 000000000..0a1ec852e --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/ci/tests/manifests/ci-default-values.yaml @@ -0,0 +1,9 @@ +#env: +# AMBASSADOR_SINGLE_NAMESPACE: true +# AMBASSADOR_NO_KUBEWATCH: no_kubewatch + +deploymentStrategy: + type: Recreate + +service: + type: NodePort diff --git a/charts/ambassador/ambassador/6.7.1100/ci/tests/manifests/helm-init.yaml b/charts/ambassador/ambassador/6.7.1100/ci/tests/manifests/helm-init.yaml new file mode 100644 index 000000000..1fcf47dca --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/ci/tests/manifests/helm-init.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: tiller + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: tiller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: + - kind: ServiceAccount + name: tiller + namespace: kube-system diff --git a/charts/ambassador/ambassador/6.7.1100/ci/tests/manifests/helm2-values.yaml b/charts/ambassador/ambassador/6.7.1100/ci/tests/manifests/helm2-values.yaml new file mode 100644 index 000000000..d9c0c83c3 --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/ci/tests/manifests/helm2-values.yaml @@ -0,0 +1,6 @@ +service: + type: NodePort + +crds: + create: false + diff --git a/charts/ambassador/ambassador/6.7.1100/ci/tests/manifests/tls.yaml b/charts/ambassador/ambassador/6.7.1100/ci/tests/manifests/tls.yaml new file mode 100644 index 000000000..bc25cf664 --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/ci/tests/manifests/tls.yaml @@ -0,0 +1,18 @@ +--- +apiVersion: v1 +data: + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNzRENDQVpnQ0NRRHVzSjFYNE54NjJEQU5CZ2txaGtpRzl3MEJBUXNGQURBYU1SZ3dGZ1lEVlFRRERBOWgKYldKaGMzTmhaRzl5TFdObGNuUXdIaGNOTVRreE1qRXpNakV3TXpBNVdoY05NakF4TWpFeU1qRXdNekE1V2pBYQpNUmd3RmdZRFZRUUREQTloYldKaGMzTmhaRzl5TFdObGNuUXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCCkR3QXdnZ0VLQW9JQkFRQzJjcms1OTk0dklURnZpUGNJRjJpd3R0dVdpajFTeUZNSzVpbERieFByMmJCL3RmbDYKcmRwVUFlWkkrMTVDR2VHbi80ZitwRlFXODdwZ2ZvbDhlL3lCSTUvWStpdVIrQUY1bzhQV2h4aHBJdVk3RXdVbgpyT3ZJajcxaUZWa1Q4akRYZW9RWWdKalQ1MWh4SisyelVLZ3VtZDB6L05USEwrQndFbHZ4Z1ZuWlhUdlhsVGFiClBoWloyK3dZdDQvSnozN3lBMHJwNURKeTg5SStQNmVRSmNseUVyWmsvRUNuRFBxTlhDK1VyclVySXBsNkRScHUKdGZWOE9KM3BJZWc2YjBWQi9TQnRPNzFhMThkaXFPclFVREU5MEFOSWJsYWp0ODN5M0FIc29SNytpVGI0QXFvVwpiNG5LcVV1bEQ2QU0xVUg0TzR0SExIM05SemVOL1E1ZUtVb0ZBZ01CQUFFd0RRWUpLb1pJaHZjTkFRRUxCUUFECmdnRUJBQ045b050OVJXT2JOTTBmajg1cm9GUG1zRE1UWElFOU5SNmpDMjV1SGtpY0lnamtGd043NTFkTnQxT0YKZWZLSkFzTDlSWmZUNmVmMUMxOFlnWE1xbTF5Yis0Q1VWWU9RZW96MlgweEdyT1lLZUhPM0hqamNqcXZ1cUxTeApTQ2duVlM1NkhqZU15MzJBNnIxcUhBL1FsYkkraGJFbHN0MVNwYnFSOG95dE9oUzZpNFNWbWxacWxBRkx5WFRRCjZ6Nm5wc25lTmdXMXhkdDN2UkpleXVFWEFZL0Z0eUxmZnkxdk5uODhhTkg2Y2Z2eWJjaHNkaWlRNnVXTnowVGMKeVVodGZUYWFRVjA1d21KZEJ3ZmJndXF0UjFxbXdyNCtzcjA0MEhoQ0pSVmlRUUdHa2VWSVU5ZHFPY0ZkZk5FTQo5NmczU01YWGRrcVhBYzFFb2hZdEthMWwvNTA9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBdG5LNU9mZmVMeUV4YjRqM0NCZG9zTGJibG9vOVVzaFRDdVlwUTI4VDY5bXdmN1g1CmVxM2FWQUhtU1B0ZVFobmhwLytIL3FSVUZ2TzZZSDZKZkh2OGdTT2YyUG9ya2ZnQmVhUEQxb2NZYVNMbU94TUYKSjZ6cnlJKzlZaFZaRS9JdzEzcUVHSUNZMCtkWWNTZnRzMUNvTHBuZE0velV4eS9nY0JKYjhZRloyVjA3MTVVMgptejRXV2R2c0dMZVB5YzkrOGdOSzZlUXljdlBTUGorbmtDWEpjaEsyWlB4QXB3ejZqVnd2bEs2MUt5S1plZzBhCmJyWDFmRGlkNlNIb09tOUZRZjBnYlR1OVd0ZkhZcWpxMEZBeFBkQURTRzVXbzdmTjh0d0I3S0VlL29rMitBS3EKRm0rSnlxbExwUStnRE5WQitEdUxSeXg5elVjM2pmME9YaWxLQlFJREFRQUJBb0lCQUVOQy9qaDV3Z2E4QlA2cQpqdkFEdVV2VXpoV3N0empxczNyRUtaZzd2aXRvSU9La1V1cEFaOG9xdlJ4UTE0b2xBb1V0OXBRUlB4TUxIYjN2ClNINkZNeXprMWt4bXhtTlUvQzQ5Q3Jqdkt6ZXZieE4rU3BzNjY5NFA1L0RlRCs0RGpyQVI4ZHNhcGIwUmdCQ1AKZU5sdnRlRWdSbVdoSTB5ZndPMXdSMGM4dWNRaE5GcjNNd0lMQ1FES0Zpa2NDSi9GV0FmNXc4ZGFnYnBYTXAxawo3ci9ya1BFcVh6NnRxam04eWZZWlRoaGIwUE5LcSsxOGdkaCtLeTZPL1RnTVZ2d1BLVkIrZUhoQmJZY2R6VGYxCmxia3pVeUFhZmR3VlBTTnhVOWhzSzBqNExWZG83YlVkajZySHNXTlBWcm1Ib1VsUnNjcno2aDhPZlQ0bU9WTi8KRmhtcEhvRUNnWUVBNlVENVlWMUJrWEg4S21WRjhiVGVGVGlTY1IvRGI4TVlRY3NLNzQrNEg5aEFmbjR3d3ZWeQpidi9kL2NsOWZHY0xXN0w1QWM1WWRxNlNWZGFHRVZpVzVOTy8xV0wwN3JjaG8xZTRaSzlPemJiUllNWW51cWRHCmF5eGhoUks0R25ubzZXMTlMWWc1d1F3TUJvUzNSbFVxUWN3UU1ESiszMVc4emwrazdpODk0dVVDZ1lFQXlEMXIKZHVMSGRMcG9UWEd2ZjZIVk9HQ1pWczQvSXg1M1B1WnRXY1FkYkc5MDZNWHRwdldWdDN1ek8rVVd2WGJIWHBSMQpjZWVrUHRucTI4a1BFT2oyd3NoVFRQQ05OT0dUWE01SzREbTVjNjVaeWY0WVJjQ0NZNEpSSUNqWHExeE9uc21nCk8ydTZiYlVQWE9veXFmVllWK0wwK25zcHNLOUNCd0ZaMjJqMXVLRUNnWUVBbzcyZTBzQ2FaTFcxcFRWT3NteWIKY2g0eWZ3TWpPUE9sdFpvSlpUNW9yTUlzRkNBVnJ1YUtuRzAxc3hDYzdKV1JuWiszdVpMVyt3bDFaSmlocU0rZApyYWtRQTRYaUZ5bXJqWFRvMXBWU0pvcnQxSmVHRUR1WTdXZE1WaFJiOVFvYmZMSUZxODd6YkJjKzRkeU1vK3pwCkt5TkxRZXBRc2dzSDdYK3EwaUdMdWhrQ2dZQUlYQWdRZm9jMUtGTVNhSnliQjNhUFUva1MxcWxzSGVsOGhzSXAKN1RZTlFObnduZEsrRmFLYWRsK1ZNSXN5ZmJMMUQ5MlhVOFJYbTJGaXE1SWxjcFJhcldKTTQvNEJKeW12eGl6NgpEMjdlbFhqS0pnRjlaL3dKaTNjM2tIendlbm9OeHYwWmZmWGFmcVNWakhGeEJ2MFpMakJzQkpoSStBZ1pvc1ROCmxDUXVBUUtCZ1FESHVxNUVseU1RS2NZWm5tRlN6T2ZYWXNJYm8rZEJJTlEyNnB0OFdacGMydnpsNkNrQXV3TWwKQU9jRllrbjBXSnVJRXRubnhPT3Rwcnh0VGRIWGIvOWZWY090Unp2TitvVjN2OVNEalZjWTRESWp3MXlpMkt1Vwp6MmV1N1lCNExlbG13TFlHMEJUMWp0ejJJREUxYW85MzgybEpWV2J4Y1dsdHArWTFCRWhkdmc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= +kind: Secret +metadata: + name: self-signed-cert +type: kubernetes.io/tls +--- +apiVersion: getambassador.io/v1 +kind: TLSContext +metadata: + name: tls +spec: + hosts: ["*"] + secret: self-signed-cert + diff --git a/charts/ambassador/ambassador/6.7.1100/ci/update_chart_changelog.sh b/charts/ambassador/ambassador/6.7.1100/ci/update_chart_changelog.sh new file mode 100644 index 000000000..ee7bfeaa8 --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/ci/update_chart_changelog.sh @@ -0,0 +1,53 @@ +#!/bin/bash + +set -e + +CURR_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" +[ -d "$CURR_DIR" ] || { echo "FATAL: no current dir (maybe running in zsh?)"; exit 1; } +TOP_DIR=$CURR_DIR/.. + +# shellcheck source=common.sh +source "$CURR_DIR/common.sh" + +chart_version=$(get_chart_version ${TOP_DIR}) + +new_changelog=${TOP_DIR}/CHANGELOG.new.md +rm ${new_changelog} || true +while IFS= read -r line ; do + echo -e "${line}" + echo -e "${line}" >> ${new_changelog} + if [[ "${line}" =~ "## Next Release" ]] ; then + echo "" >> ${new_changelog} + echo "(no changes yet)" >> ${new_changelog} + echo "" >> ${new_changelog} + echo "## v${chart_version}" >> ${new_changelog} + fi + +done < ${TOP_DIR}/CHANGELOG.md + +mv ${new_changelog} ${TOP_DIR}/CHANGELOG.md +if [[ -n "${DONT_COMMIT_DIFF}" ]] ; then + echo "DONT_COMMIT_DIFF is set, not committing" + exit 0 +fi + +if git diff --exit-code -- ${TOP_DIR}/CHANGELOG.md > /dev/null 2>&1 ; then + echo "No changes to changelog, exiting" + exit 0 +fi + +branch_name="$(git symbolic-ref HEAD 2>/dev/null)" || +branch_name="detached" + +if [[ "${branch_name}" == "refs/heads/master" ]] ; then + echo "Not committing local changes to branch because branch is master" + exit 1 +elif [[ "${branch_name}" == "detached" ]] ; then + echo "Not committing local changes because you're in a detached head state" + echo "please create a branch then rerun this script" + exit 1 +fi +branch_name=${branch_name##refs/heads/} +git add ${TOP_DIR}/CHANGELOG.md +git commit -m "Committing changelog for chart v${chart_version}" +git push -u origin ${branch_name} diff --git a/charts/ambassador/ambassador/6.7.1100/crds/filter.yaml b/charts/ambassador/ambassador/6.7.1100/crds/filter.yaml new file mode 100644 index 000000000..bf0403820 --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/crds/filter.yaml @@ -0,0 +1,27 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/hook: crd-install + labels: + app.kubernetes.io/name: ambassador + product: aes + name: filters.getambassador.io +spec: + group: getambassador.io + names: + categories: + - ambassador-crds + kind: Filter + plural: filters + shortNames: + - fil + singular: filter + scope: Namespaced + versions: + - name: v1beta2 + served: true + storage: false + - name: v2 + served: true + storage: true diff --git a/charts/ambassador/ambassador/6.7.1100/crds/filterpolicy.yaml b/charts/ambassador/ambassador/6.7.1100/crds/filterpolicy.yaml new file mode 100644 index 000000000..88e3781da --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/crds/filterpolicy.yaml @@ -0,0 +1,27 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/hook: crd-install + labels: + app.kubernetes.io/name: ambassador + product: aes + name: filterpolicies.getambassador.io +spec: + group: getambassador.io + names: + categories: + - ambassador-crds + kind: FilterPolicy + plural: filterpolicies + shortNames: + - fp + singular: filterpolicy + scope: Namespaced + versions: + - name: v1beta2 + served: true + storage: false + - name: v2 + served: true + storage: true diff --git a/charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_authservices.yaml b/charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_authservices.yaml new file mode 100644 index 000000000..1c97d063f --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_authservices.yaml @@ -0,0 +1,115 @@ +# GENERATED FILE: edits made by hand will not be preserved. +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + helm.sh/hook: crd-install + labels: + app.kubernetes.io/name: ambassador + product: aes + name: authservices.getambassador.io +spec: + group: getambassador.io + names: + categories: + - ambassador-crds + kind: AuthService + listKind: AuthServiceList + plural: authservices + singular: authservice + scope: Namespaced + validation: + openAPIV3Schema: + description: AuthService is the Schema for the authservices API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AuthServiceSpec defines the desired state of AuthService + properties: + add_auth_headers: + additionalProperties: + description: BoolOrString is a type that can hold a Boolean or a string. + oneOf: + - type: string + - type: boolean + type: object + add_linkerd_headers: + type: boolean + allow_request_body: + type: boolean + allowed_authorization_headers: + items: + type: string + type: array + allowed_request_headers: + items: + type: string + type: array + ambassador_id: + description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\"" + items: + type: string + oneOf: + - type: string + - type: array + auth_service: + type: string + failure_mode_allow: + type: boolean + include_body: + properties: + allow_partial: + type: boolean + max_bytes: + description: These aren't pointer types because they are required. + type: integer + required: + - allow_partial + - max_bytes + type: object + path_prefix: + type: string + proto: + enum: + - http + - grpc + type: string + protocol_version: + enum: + - v2 + - v3 + type: string + status_on_error: + description: Why isn't this just an int?? + properties: + code: + type: integer + type: object + timeout_ms: + type: integer + tls: + description: BoolOrString is a type that can hold a Boolean or a string. + oneOf: + - type: string + - type: boolean + required: + - auth_service + type: object + type: object + version: null + versions: + - name: v2 + served: true + storage: true + - name: v1 + served: true + storage: false diff --git a/charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_consulresolvers.yaml b/charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_consulresolvers.yaml new file mode 100644 index 000000000..0f659d5d3 --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_consulresolvers.yaml @@ -0,0 +1,58 @@ +# GENERATED FILE: edits made by hand will not be preserved. +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + helm.sh/hook: crd-install + labels: + app.kubernetes.io/name: ambassador + product: aes + name: consulresolvers.getambassador.io +spec: + group: getambassador.io + names: + categories: + - ambassador-crds + kind: ConsulResolver + listKind: ConsulResolverList + plural: consulresolvers + singular: consulresolver + scope: Namespaced + validation: + openAPIV3Schema: + description: ConsulResolver is the Schema for the ConsulResolver API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ConsulResolver tells Ambassador to use Consul to resolve services. In addition to the AmbassadorID, it needs information about which Consul server and DC to use. + properties: + address: + type: string + ambassador_id: + description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\"" + items: + type: string + oneOf: + - type: string + - type: array + datacenter: + type: string + type: object + type: object + version: null + versions: + - name: v2 + served: true + storage: true + - name: v1 + served: true + storage: false diff --git a/charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_devportals.yaml b/charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_devportals.yaml new file mode 100644 index 000000000..291d2a66e --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_devportals.yaml @@ -0,0 +1,109 @@ +# GENERATED FILE: edits made by hand will not be preserved. +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + helm.sh/hook: crd-install + labels: + app.kubernetes.io/name: ambassador + product: aes + name: devportals.getambassador.io +spec: + group: getambassador.io + names: + categories: + - ambassador-crds + kind: DevPortal + listKind: DevPortalList + plural: devportals + singular: devportal + scope: Namespaced + validation: + openAPIV3Schema: + description: "DevPortal is the Schema for the DevPortals API \n DevPortal resources specify the `what` and `how` is shown in a DevPortal: \n * `what` is in a DevPortal can be controlled with - a `selector`, that can be used for filtering `Mappings`. - a `docs` listing of (services, url) * `how` is a pointer to some `contents` (a checkout of a Git repository with go-templates/markdown/css). \n Multiple `DevPortal`s can exist in the cluster, and the Dev Portal server will show them at different endpoints. A `DevPortal` resource with a special name, `ambassador`, will be used for configuring the default Dev Portal (served at `/docs/` by default)." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DevPortalSpec defines the desired state of DevPortal + properties: + ambassador_id: + description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\"" + items: + type: string + oneOf: + - type: string + - type: array + content: + description: Content specifies where the content shown in the DevPortal come from + properties: + branch: + type: string + dir: + type: string + url: + type: string + type: object + default: + description: Default must be true when this is the default DevPortal + type: boolean + docs: + description: Docs is a static docs definition + items: + description: 'DevPortalDocsSpec is a static documentation definition: instead of using a Selector for finding documentation for services, users can provide a static list of : tuples. These services will be shown in the Dev Portal with the documentation obtained from this URL.' + properties: + service: + description: Service is the service being documented + type: string + url: + description: URL is the URL used for obtaining docs + type: string + type: object + type: array + naming_scheme: + description: Describes how to display "services" in the DevPortal. Default namespace.name + enum: + - namespace.name + - name.prefix + type: string + search: + description: DevPortalSearchSpec allows configuration over search functionality for the DevPortal + properties: + enabled: + type: boolean + type: + description: 'Type of search. "title-only" does a fuzzy search over openapi and page titles "all-content" will fuzzy search over all openapi and page content. "title-only" is the default. warning: using all-content may incur a larger memory footprint' + enum: + - title-only + - all-content + type: string + type: object + selector: + description: Selector is used for choosing what is shown in the DevPortal + properties: + matchLabels: + additionalProperties: + type: string + description: MatchLabels specifies the list of labels that must be present in Mappings for being present in this DevPortal. + type: object + matchNamespaces: + description: MatchNamespaces is a list of namespaces that will be included in this DevPortal. + items: + type: string + type: array + type: object + type: object + type: object + version: null + versions: + - name: v2 + served: true + storage: true diff --git a/charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_hosts.yaml b/charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_hosts.yaml new file mode 100644 index 000000000..ccc7abd92 --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_hosts.yaml @@ -0,0 +1,246 @@ +# GENERATED FILE: edits made by hand will not be preserved. +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + helm.sh/hook: crd-install + labels: + app.kubernetes.io/name: ambassador + product: aes + name: hosts.getambassador.io +spec: + additionalPrinterColumns: + - JSONPath: .spec.hostname + name: Hostname + type: string + - JSONPath: .status.state + name: State + type: string + - JSONPath: .status.phaseCompleted + name: Phase Completed + type: string + - JSONPath: .status.phasePending + name: Phase Pending + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: getambassador.io + names: + categories: + - ambassador-crds + kind: Host + listKind: HostList + plural: hosts + singular: host + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: Host is the Schema for the hosts API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: HostSpec defines the desired state of Host + properties: + acmeProvider: + description: Specifies whether/who to talk ACME with to automatically manage the $tlsSecret. + properties: + authority: + description: Specifies who to talk ACME with to get certs. Defaults to Let's Encrypt; if "none" (case-insensitive), do not try to do ACME for this Host. + type: string + email: + type: string + privateKeySecret: + description: "Specifies the Kubernetes Secret to use to store the private key of the ACME account (essentially, where to store the auto-generated password for the auto-created ACME account). You should not normally need to set this--the default value is based on a combination of the ACME authority being registered wit and the email address associated with the account. \n Note that this is a native-Kubernetes-style core.v1.LocalObjectReference, not an Ambassador-style `{name}.{namespace}` string. Because we're opinionated, it does not support referencing a Secret in another namespace (because most native Kubernetes resources don't support that), but if we ever abandon that opinion and decide to support non-local references it, it would be by adding a `namespace:` field by changing it from a core.v1.LocalObjectReference to a core.v1.SecretReference, not by adopting the `{name}.{namespace}` notation." + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + registration: + description: This is normally set automatically + type: string + type: object + ambassador_id: + description: Common to all Ambassador objects (and optional). + items: + type: string + oneOf: + - type: string + - type: array + ambassadorId: + description: A compatibility alias for "ambassador_id"; because Host used to be specified with protobuf, and jsonpb allowed either "ambassador_id" or "ambassadorId", and even though we didn't tell people about "ambassadorId" it's what the web policy console generated because of jsonpb. So Hosts with 'ambassadorId' exist in the wild. + items: + type: string + oneOf: + - type: string + - type: array + hostname: + description: Hostname by which the Ambassador can be reached. + type: string + previewUrl: + description: Configuration for the Preview URL feature of Service Preview. Defaults to preview URLs not enabled. + properties: + enabled: + description: Is the Preview URL feature enabled? + type: boolean + type: + description: What type of Preview URL is allowed? + enum: + - Path + type: string + type: object + requestPolicy: + description: Request policy definition. + properties: + insecure: + properties: + action: + enum: + - Redirect + - Reject + - Route + type: string + additionalPort: + type: integer + type: object + type: object + selector: + description: Selector by which we can find further configuration. Defaults to hostname=$hostname + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + tls: + description: TLS configuration. It is not valid to specify both `tlsContext` and `tls`. + properties: + alpn_protocols: + type: string + ca_secret: + type: string + cacert_chain_file: + type: string + cert_chain_file: + type: string + cert_required: + type: boolean + cipher_suites: + items: + type: string + type: array + ecdh_curves: + items: + type: string + type: array + max_tls_version: + type: string + min_tls_version: + type: string + private_key_file: + type: string + redirect_cleartext_from: + type: integer + sni: + type: string + type: object + tlsContext: + description: "Name of the TLSContext the Host resource is linked with. It is not valid to specify both `tlsContext` and `tls`. \n Note that this is a native-Kubernetes-style core.v1.LocalObjectReference, not an Ambassador-style `{name}.{namespace}` string. Because we're opinionated, it does not support referencing a Secret in another namespace (because most native Kubernetes resources don't support that), but if we ever abandon that opinion and decide to support non-local references it, it would be by adding a `namespace:` field by changing it from a core.v1.LocalObjectReference to a core.v1.SecretReference, not by adopting the `{name}.{namespace}` notation." + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + tlsSecret: + description: "Name of the Kubernetes secret into which to save generated certificates. If ACME is enabled (see $acmeProvider), then the default is $hostname; otherwise the default is \"\". If the value is \"\", then we do not do TLS for this Host. \n Note that this is a native-Kubernetes-style core.v1.LocalObjectReference, not an Ambassador-style `{name}.{namespace}` string. Because we're opinionated, it does not support referencing a Secret in another namespace (because most native Kubernetes resources don't support that), but if we ever abandon that opinion and decide to support non-local references it, it would be by adding a `namespace:` field by changing it from a core.v1.LocalObjectReference to a core.v1.SecretReference, not by adopting the `{name}.{namespace}` notation." + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + type: object + status: + description: HostStatus defines the observed state of Host + properties: + errorBackoff: + type: string + errorReason: + description: errorReason, errorTimestamp, and errorBackoff are valid when state==Error. + type: string + errorTimestamp: + format: date-time + type: string + phaseCompleted: + description: phaseCompleted and phasePending are valid when state==Pending or state==Error. + enum: + - NA + - DefaultsFilled + - ACMEUserPrivateKeyCreated + - ACMEUserRegistered + - ACMECertificateChallenge + type: string + phasePending: + description: phaseCompleted and phasePending are valid when state==Pending or state==Error. + enum: + - NA + - DefaultsFilled + - ACMEUserPrivateKeyCreated + - ACMEUserRegistered + - ACMECertificateChallenge + type: string + state: + description: The first value listed in the Enum marker becomes the "zero" value, and it would be great if "Pending" could be the default value; but it's Important that the "zero" value be able to be shown as empty/omitted from display, and we really do want `kubectl get hosts` to say "Pending" in the "STATE" column, and not leave the column empty. + enum: + - Initial + - Pending + - Ready + - Error + type: string + tlsCertificateSource: + enum: + - Unknown + - None + - Other + - ACME + type: string + type: object + type: object + version: null + versions: + - name: v2 + served: true + storage: true diff --git a/charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_kubernetesendpointresolvers.yaml b/charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_kubernetesendpointresolvers.yaml new file mode 100644 index 000000000..88b73d2d8 --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_kubernetesendpointresolvers.yaml @@ -0,0 +1,54 @@ +# GENERATED FILE: edits made by hand will not be preserved. +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + helm.sh/hook: crd-install + labels: + app.kubernetes.io/name: ambassador + product: aes + name: kubernetesendpointresolvers.getambassador.io +spec: + group: getambassador.io + names: + categories: + - ambassador-crds + kind: KubernetesEndpointResolver + listKind: KubernetesEndpointResolverList + plural: kubernetesendpointresolvers + singular: kubernetesendpointresolver + scope: Namespaced + validation: + openAPIV3Schema: + description: KubernetesEndpointResolver is the Schema for the kubernetesendpointresolver API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KubernetesEndpointResolver tells Ambassador to use Kubernetes Endpoints resources to resolve services. It actually has no spec other than the AmbassadorID. + properties: + ambassador_id: + description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\"" + items: + type: string + oneOf: + - type: string + - type: array + type: object + type: object + version: null + versions: + - name: v2 + served: true + storage: true + - name: v1 + served: true + storage: false diff --git a/charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_kubernetesserviceresolvers.yaml b/charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_kubernetesserviceresolvers.yaml new file mode 100644 index 000000000..98b5d302e --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_kubernetesserviceresolvers.yaml @@ -0,0 +1,54 @@ +# GENERATED FILE: edits made by hand will not be preserved. +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + helm.sh/hook: crd-install + labels: + app.kubernetes.io/name: ambassador + product: aes + name: kubernetesserviceresolvers.getambassador.io +spec: + group: getambassador.io + names: + categories: + - ambassador-crds + kind: KubernetesServiceResolver + listKind: KubernetesServiceResolverList + plural: kubernetesserviceresolvers + singular: kubernetesserviceresolver + scope: Namespaced + validation: + openAPIV3Schema: + description: KubernetesServiceResolver is the Schema for the kubernetesserviceresolver API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KubernetesServiceResolver tells Ambassador to use Kubernetes Service resources to resolve services. It actually has no spec other than the AmbassadorID. + properties: + ambassador_id: + description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\"" + items: + type: string + oneOf: + - type: string + - type: array + type: object + type: object + version: null + versions: + - name: v2 + served: true + storage: true + - name: v1 + served: true + storage: false diff --git a/charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_logservices.yaml b/charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_logservices.yaml new file mode 100644 index 000000000..a726defe5 --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_logservices.yaml @@ -0,0 +1,83 @@ +# GENERATED FILE: edits made by hand will not be preserved. +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + helm.sh/hook: crd-install + labels: + app.kubernetes.io/name: ambassador + product: aes + name: logservices.getambassador.io +spec: + group: getambassador.io + names: + categories: + - ambassador-crds + kind: LogService + listKind: LogServiceList + plural: logservices + singular: logservice + scope: Namespaced + validation: + openAPIV3Schema: + description: LogService is the Schema for the logservices API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: LogServiceSpec defines the desired state of LogService + properties: + ambassador_id: + description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\"" + items: + type: string + oneOf: + - type: string + - type: array + driver: + enum: + - tcp + - http + type: string + driver_config: + properties: + additional_log_headers: + items: + properties: + during_request: + type: boolean + during_response: + type: boolean + during_trailer: + type: boolean + header_name: + type: string + type: object + type: array + type: object + flush_interval_byte_size: + type: integer + flush_interval_time: + type: integer + grpc: + type: boolean + service: + type: string + type: object + type: object + version: null + versions: + - name: v2 + served: true + storage: true + - name: v1 + served: true + storage: false diff --git a/charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_mappings.yaml b/charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_mappings.yaml new file mode 100644 index 000000000..c61eefb5f --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_mappings.yaml @@ -0,0 +1,431 @@ +# GENERATED FILE: edits made by hand will not be preserved. +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + helm.sh/hook: crd-install + labels: + app.kubernetes.io/name: ambassador + product: aes + name: mappings.getambassador.io +spec: + additionalPrinterColumns: + - JSONPath: .spec.host + name: Source Host + type: string + - JSONPath: .spec.prefix + name: Source Prefix + type: string + - JSONPath: .spec.service + name: Dest Service + type: string + - JSONPath: .status.state + name: State + type: string + - JSONPath: .status.reason + name: Reason + type: string + group: getambassador.io + names: + categories: + - ambassador-crds + kind: Mapping + listKind: MappingList + plural: mappings + singular: mapping + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: Mapping is the Schema for the mappings API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MappingSpec defines the desired state of Mapping + properties: + add_linkerd_headers: + type: boolean + add_request_headers: + additionalProperties: + oneOf: + - type: string + - type: boolean + - type: object + type: object + add_response_headers: + additionalProperties: + oneOf: + - type: string + - type: boolean + - type: object + type: object + allow_upgrade: + description: "A case-insensitive list of the non-HTTP protocols to allow \"upgrading\" to from HTTP via the \"Connection: upgrade\" mechanism[1]. After the upgrade, Ambassador does not interpret the traffic, and behaves similarly to how it does for TCPMappings. \n [1]: https://tools.ietf.org/html/rfc7230#section-6.7 \n For example, if your upstream service supports WebSockets, you would write \n allow_upgrade: - websocket \n Or if your upstream service supports upgrading from HTTP to SPDY (as the Kubernetes apiserver does for `kubectl exec` functionality), you would write \n allow_upgrade: - spdy/3.1" + items: + type: string + type: array + ambassador_id: + description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\"" + items: + type: string + oneOf: + - type: string + - type: array + auth_context_extensions: + additionalProperties: + type: string + type: object + auto_host_rewrite: + type: boolean + bypass_auth: + type: boolean + bypass_error_response_overrides: + description: If true, bypasses any `error_response_overrides` set on the Ambassador module. + type: boolean + case_sensitive: + type: boolean + circuit_breakers: + items: + properties: + max_connections: + type: integer + max_pending_requests: + type: integer + max_requests: + type: integer + max_retries: + type: integer + priority: + enum: + - default + - high + type: string + type: object + type: array + cluster_idle_timeout_ms: + type: integer + cluster_max_connection_lifetime_ms: + type: integer + cluster_tag: + type: string + connect_timeout_ms: + type: integer + cors: + properties: + credentials: + type: boolean + exposed_headers: + description: StringOrStringList is just what it says on the tin, but note that it will always marshal as a list of strings right now. + items: + type: string + oneOf: + - type: string + - type: array + headers: + description: StringOrStringList is just what it says on the tin, but note that it will always marshal as a list of strings right now. + items: + type: string + oneOf: + - type: string + - type: array + max_age: + type: string + methods: + description: StringOrStringList is just what it says on the tin, but note that it will always marshal as a list of strings right now. + items: + type: string + oneOf: + - type: string + - type: array + origins: + description: StringOrStringList is just what it says on the tin, but note that it will always marshal as a list of strings right now. + items: + type: string + oneOf: + - type: string + - type: array + type: object + docs: + description: DocsInfo provides some extra information about the docs for the Mapping (used by the Dev Portal) + properties: + display_name: + type: string + ignored: + type: boolean + path: + type: string + url: + type: string + type: object + enable_ipv4: + type: boolean + enable_ipv6: + type: boolean + envoy_override: + description: UntypedDict is relatively opaque as a Go type, but it preserves its contents in a roundtrippable way. + type: object + error_response_overrides: + description: Error response overrides for this Mapping. Replaces all of the `error_response_overrides` set on the Ambassador module, if any. + items: + description: A response rewrite for an HTTP error response + properties: + body: + description: The new response body + properties: + content_type: + description: The content type to set on the error response body when using text_format or text_format_source. Defaults to 'text/plain'. + type: string + json_format: + additionalProperties: + type: string + description: 'A JSON response with content-type: application/json. The values can contain format text like in text_format.' + type: object + text_format: + description: A format string representing a text response body. Content-Type can be set using the `content_type` field below. + type: string + text_format_source: + description: A format string sourced from a file on the Ambassador container. Useful for larger response bodies that should not be placed inline in configuration. + properties: + filename: + description: The name of a file on the Ambassador pod that contains a format text string. + type: string + type: object + type: object + on_status_code: + description: The status code to match on -- not a pointer because it's required. + maximum: 599 + minimum: 400 + type: integer + required: + - body + - on_status_code + type: object + minItems: 1 + type: array + grpc: + type: boolean + headers: + additionalProperties: + description: BoolOrString is a type that can hold a Boolean or a string. + oneOf: + - type: string + - type: boolean + type: object + host: + type: string + host_redirect: + type: boolean + host_regex: + type: boolean + host_rewrite: + type: string + idle_timeout_ms: + type: integer + keepalive: + properties: + idle_time: + type: integer + interval: + type: integer + probes: + type: integer + type: object + labels: + additionalProperties: + description: A MappingLabelGroupsArray is an array of MappingLabelGroups. I know, complex. + items: + additionalProperties: + description: 'A MappingLabelsArray is the value in the MappingLabelGroup: an array of label specifiers.' + items: + description: A MappingLabelSpecifier (finally!) defines a single label. There are multiple kinds of label, so this is more complex than we'd like it to be. See the remarks about schema on custom types in `./common.go`. + type: array + description: 'A MappingLabelGroup is a single element of a MappingLabelGroupsArray: a second map, where the key is a human-readable name that identifies the group.' + type: object + type: array + description: A DomainMap is the overall Mapping.spec.Labels type. It maps domains (kind of like namespaces for Mapping labels) to arrays of label groups. + type: object + load_balancer: + properties: + cookie: + properties: + name: + type: string + path: + type: string + ttl: + type: string + required: + - name + type: object + header: + type: string + policy: + enum: + - round_robin + - ring_hash + - maglev + - least_request + type: string + source_ip: + type: boolean + required: + - policy + type: object + method: + type: string + method_regex: + type: boolean + modules: + items: + description: UntypedDict is relatively opaque as a Go type, but it preserves its contents in a roundtrippable way. + type: object + type: array + outlier_detection: + type: string + path_redirect: + description: Path replacement to use when generating an HTTP redirect. Used with `host_redirect`. + type: string + precedence: + type: integer + prefix: + type: string + prefix_exact: + type: boolean + prefix_redirect: + description: Prefix rewrite to use when generating an HTTP redirect. Used with `host_redirect`. + type: string + prefix_regex: + type: boolean + priority: + type: string + query_parameters: + additionalProperties: + description: BoolOrString is a type that can hold a Boolean or a string. + oneOf: + - type: string + - type: boolean + type: object + redirect_response_code: + description: The response code to use when generating an HTTP redirect. Defaults to 301. Used with `host_redirect`. + enum: + - 301 + - 302 + - 303 + - 307 + - 308 + type: integer + regex_headers: + additionalProperties: + description: BoolOrString is a type that can hold a Boolean or a string. + oneOf: + - type: string + - type: boolean + type: object + regex_query_parameters: + additionalProperties: + description: BoolOrString is a type that can hold a Boolean or a string. + oneOf: + - type: string + - type: boolean + type: object + regex_redirect: + additionalProperties: + description: BoolOrString is a type that can hold a Boolean or a string. + oneOf: + - type: string + - type: boolean + description: Prefix regex rewrite to use when generating an HTTP redirect. Used with `host_redirect`. + type: object + regex_rewrite: + additionalProperties: + description: BoolOrString is a type that can hold a Boolean or a string. + oneOf: + - type: string + - type: boolean + type: object + remove_request_headers: + description: StringOrStringList is just what it says on the tin, but note that it will always marshal as a list of strings right now. + items: + type: string + oneOf: + - type: string + - type: array + remove_response_headers: + description: StringOrStringList is just what it says on the tin, but note that it will always marshal as a list of strings right now. + items: + type: string + oneOf: + - type: string + - type: array + resolver: + type: string + retry_policy: + properties: + num_retries: + type: integer + per_try_timeout: + type: string + retry_on: + enum: + - 5xx + - gateway-error + - connect-failure + - retriable-4xx + - refused-stream + - retriable-status-codes + type: string + type: object + rewrite: + type: string + service: + type: string + shadow: + type: boolean + timeout_ms: + description: The timeout for requests that use this Mapping. Overrides `cluster_request_timeout_ms` set on the Ambassador Module, if it exists. + type: integer + tls: + description: BoolOrString is a type that can hold a Boolean or a string. + oneOf: + - type: string + - type: boolean + use_websocket: + description: 'use_websocket is deprecated, and is equivlaent to setting `allow_upgrade: ["websocket"]`' + type: boolean + weight: + type: integer + required: + - prefix + - service + type: object + status: + description: MappingStatus defines the observed state of Mapping + properties: + reason: + type: string + state: + enum: + - "" + - Inactive + - Running + type: string + type: object + type: object + version: null + versions: + - name: v2 + served: true + storage: true + - name: v1 + served: true + storage: false diff --git a/charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_modules.yaml b/charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_modules.yaml new file mode 100644 index 000000000..f60fa89c6 --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_modules.yaml @@ -0,0 +1,56 @@ +# GENERATED FILE: edits made by hand will not be preserved. +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + helm.sh/hook: crd-install + labels: + app.kubernetes.io/name: ambassador + product: aes + name: modules.getambassador.io +spec: + group: getambassador.io + names: + categories: + - ambassador-crds + kind: Module + listKind: ModuleList + plural: modules + singular: module + scope: Namespaced + validation: + openAPIV3Schema: + description: "A Module defines system-wide configuration. The type of module is controlled by the .metadata.name; valid names are \"ambassador\" or \"tls\". \n https://www.getambassador.io/docs/edge-stack/latest/topics/running/ambassador/#the-ambassador-module https://www.getambassador.io/docs/edge-stack/latest/topics/running/tls/#tls-module-deprecated" + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + ambassador_id: + description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\"" + items: + type: string + oneOf: + - type: string + - type: array + config: + description: UntypedDict is relatively opaque as a Go type, but it preserves its contents in a roundtrippable way. + type: object + type: object + type: object + version: null + versions: + - name: v2 + served: true + storage: true + - name: v1 + served: true + storage: false diff --git a/charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_ratelimitservices.yaml b/charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_ratelimitservices.yaml new file mode 100644 index 000000000..97562444f --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_ratelimitservices.yaml @@ -0,0 +1,72 @@ +# GENERATED FILE: edits made by hand will not be preserved. +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + helm.sh/hook: crd-install + labels: + app.kubernetes.io/name: ambassador + product: aes + name: ratelimitservices.getambassador.io +spec: + group: getambassador.io + names: + categories: + - ambassador-crds + kind: RateLimitService + listKind: RateLimitServiceList + plural: ratelimitservices + singular: ratelimitservice + scope: Namespaced + validation: + openAPIV3Schema: + description: RateLimitService is the Schema for the ratelimitservices API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: RateLimitServiceSpec defines the desired state of RateLimitService + properties: + ambassador_id: + description: Common to all Ambassador objects. + items: + type: string + oneOf: + - type: string + - type: array + domain: + type: string + protocol_version: + enum: + - v2 + - v3 + type: string + service: + type: string + timeout_ms: + type: integer + tls: + description: BoolOrString is a type that can hold a Boolean or a string. + oneOf: + - type: string + - type: boolean + required: + - service + type: object + type: object + version: null + versions: + - name: v2 + served: true + storage: true + - name: v1 + served: true + storage: false diff --git a/charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_tcpmappings.yaml b/charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_tcpmappings.yaml new file mode 100644 index 000000000..f4c295245 --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_tcpmappings.yaml @@ -0,0 +1,102 @@ +# GENERATED FILE: edits made by hand will not be preserved. +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + helm.sh/hook: crd-install + labels: + app.kubernetes.io/name: ambassador + product: aes + name: tcpmappings.getambassador.io +spec: + group: getambassador.io + names: + categories: + - ambassador-crds + kind: TCPMapping + listKind: TCPMappingList + plural: tcpmappings + singular: tcpmapping + scope: Namespaced + validation: + openAPIV3Schema: + description: TCPMapping is the Schema for the tcpmappings API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: TCPMappingSpec defines the desired state of TCPMapping + properties: + address: + type: string + ambassador_id: + description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\"" + items: + type: string + oneOf: + - type: string + - type: array + circuit_breakers: + items: + properties: + max_connections: + type: integer + max_pending_requests: + type: integer + max_requests: + type: integer + max_retries: + type: integer + priority: + enum: + - default + - high + type: string + type: object + type: array + cluster_tag: + type: string + enable_ipv4: + type: boolean + enable_ipv6: + type: boolean + host: + type: string + idle_timeout_ms: + description: 'FIXME(lukeshu): Surely this should be an ''int''?' + type: string + port: + description: Port isn't a pointer because it's required. + type: integer + resolver: + type: string + service: + type: string + tls: + description: BoolOrString is a type that can hold a Boolean or a string. + oneOf: + - type: string + - type: boolean + weight: + type: integer + required: + - port + - service + type: object + type: object + version: null + versions: + - name: v2 + served: true + storage: true + - name: v1 + served: true + storage: false diff --git a/charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_tlscontexts.yaml b/charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_tlscontexts.yaml new file mode 100644 index 000000000..c7ff23605 --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_tlscontexts.yaml @@ -0,0 +1,100 @@ +# GENERATED FILE: edits made by hand will not be preserved. +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + helm.sh/hook: crd-install + labels: + app.kubernetes.io/name: ambassador + product: aes + name: tlscontexts.getambassador.io +spec: + group: getambassador.io + names: + categories: + - ambassador-crds + kind: TLSContext + listKind: TLSContextList + plural: tlscontexts + singular: tlscontext + scope: Namespaced + validation: + openAPIV3Schema: + description: TLSContext is the Schema for the tlscontexts API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: TLSContextSpec defines the desired state of TLSContext + properties: + alpn_protocols: + type: string + ambassador_id: + description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\"" + items: + type: string + oneOf: + - type: string + - type: array + ca_secret: + type: string + cacert_chain_file: + type: string + cert_chain_file: + type: string + cert_required: + type: boolean + cipher_suites: + items: + type: string + type: array + ecdh_curves: + items: + type: string + type: array + hosts: + items: + type: string + type: array + max_tls_version: + enum: + - v1.0 + - v1.1 + - v1.2 + - v1.3 + type: string + min_tls_version: + enum: + - v1.0 + - v1.1 + - v1.2 + - v1.3 + type: string + private_key_file: + type: string + redirect_cleartext_from: + type: integer + secret: + type: string + secret_namespacing: + type: boolean + sni: + type: string + type: object + type: object + version: null + versions: + - name: v2 + served: true + storage: true + - name: v1 + served: true + storage: false diff --git a/charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_tracingservices.yaml b/charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_tracingservices.yaml new file mode 100644 index 000000000..a106a22a5 --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/crds/getambassador.io_tracingservices.yaml @@ -0,0 +1,101 @@ +# GENERATED FILE: edits made by hand will not be preserved. +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + helm.sh/hook: crd-install + labels: + app.kubernetes.io/name: ambassador + product: aes + name: tracingservices.getambassador.io +spec: + group: getambassador.io + names: + categories: + - ambassador-crds + kind: TracingService + listKind: TracingServiceList + plural: tracingservices + singular: tracingservice + scope: Namespaced + validation: + openAPIV3Schema: + description: TracingService is the Schema for the tracingservices API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: TracingServiceSpec defines the desired state of TracingService + properties: + ambassador_id: + description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\"" + items: + type: string + oneOf: + - type: string + - type: array + config: + properties: + access_token_file: + type: string + collector_cluster: + type: string + collector_endpoint: + type: string + collector_endpoint_version: + enum: + - HTTP_JSON_V1 + - HTTP_JSON + - HTTP_PROTO + type: string + collector_hostname: + type: string + service_name: + type: string + shared_span_context: + type: boolean + trace_id_128bit: + type: boolean + type: object + driver: + enum: + - lightstep + - zipkin + - datadog + type: string + sampling: + properties: + client: + type: integer + overall: + type: integer + random: + type: integer + type: object + service: + type: string + tag_headers: + items: + type: string + type: array + required: + - driver + - service + type: object + type: object + version: null + versions: + - name: v2 + served: true + storage: true + - name: v1 + served: true + storage: false diff --git a/charts/ambassador/ambassador/6.7.1100/crds/project.yaml b/charts/ambassador/ambassador/6.7.1100/crds/project.yaml new file mode 100644 index 000000000..ac3a22e27 --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/crds/project.yaml @@ -0,0 +1,34 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/hook: crd-install + labels: + app.kubernetes.io/name: ambassador + product: aes + name: projects.getambassador.io +spec: + additionalPrinterColumns: + - JSONPath: .spec.prefix + name: Prefix + type: string + - JSONPath: .spec.githubRepo + name: Repo + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: getambassador.io + names: + categories: + - ambassador-crds + kind: Project + plural: projects + singular: project + scope: Namespaced + subresources: + status: {} + versions: + - name: v2 + served: true + storage: true diff --git a/charts/ambassador/ambassador/6.7.1100/crds/projectcontroller.yaml b/charts/ambassador/ambassador/6.7.1100/crds/projectcontroller.yaml new file mode 100644 index 000000000..93bf4ea65 --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/crds/projectcontroller.yaml @@ -0,0 +1,24 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/hook: crd-install + labels: + app.kubernetes.io/name: ambassador + product: aes + name: projectcontrollers.getambassador.io +spec: + group: getambassador.io + names: + categories: + - ambassador-crds + kind: ProjectController + plural: projectcontrollers + singular: projectcontroller + scope: Namespaced + subresources: + status: {} + versions: + - name: v2 + served: true + storage: true diff --git a/charts/ambassador/ambassador/6.7.1100/crds/projectrevision.yaml b/charts/ambassador/ambassador/6.7.1100/crds/projectrevision.yaml new file mode 100644 index 000000000..6457bef4a --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/crds/projectrevision.yaml @@ -0,0 +1,40 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/hook: crd-install + labels: + app.kubernetes.io/name: ambassador + product: aes + name: projectrevisions.getambassador.io +spec: + additionalPrinterColumns: + - JSONPath: .spec.project.name + name: Project + type: string + - JSONPath: .spec.ref + name: Ref + type: string + - JSONPath: .spec.rev + name: Rev + type: string + - JSONPath: .status.phase + name: Status + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: getambassador.io + names: + categories: + - ambassador-crds + kind: ProjectRevision + plural: projectrevisions + singular: projectrevision + scope: Namespaced + subresources: + status: {} + versions: + - name: v2 + served: true + storage: true diff --git a/charts/ambassador/ambassador/6.7.1100/crds/ratelimit.yaml b/charts/ambassador/ambassador/6.7.1100/crds/ratelimit.yaml new file mode 100644 index 000000000..30b85101c --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/crds/ratelimit.yaml @@ -0,0 +1,27 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/hook: crd-install + labels: + app.kubernetes.io/name: ambassador + product: aes + name: ratelimits.getambassador.io +spec: + group: getambassador.io + names: + categories: + - ambassador-crds + kind: RateLimit + plural: ratelimits + shortNames: + - rl + singular: ratelimit + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: false + - name: v2 + served: true + storage: true diff --git a/charts/ambassador/ambassador/6.7.1100/ct.yaml b/charts/ambassador/ambassador/6.7.1100/ct.yaml new file mode 100644 index 000000000..ee4f605c8 --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/ct.yaml @@ -0,0 +1,37 @@ +# See https://github.com/helm/chart-testing + +# note: all the values files in ci/*-values.yaml will +# be tested automatically. For each configuration, +# all the tests in templates/tests/*.yaml +# will be checked. + +################################################ +# github +################################################ + +remote: origin + +################################################ +# chart +################################################ + +charts: + - /charts/ +chart-dirs: + - /charts/ +chart-repos: + - datawire=https://getambassador.io + +helm-extra-args: --timeout 600s + +# namespace: ambassador +# release-label: release + +################################################ +# checks and validations +################################################ + +validate-maintainers: false +validate-chart-schema: true +validate-yaml: true +# check-version-increment: true diff --git a/charts/ambassador/ambassador/6.7.1100/questions.yml b/charts/ambassador/ambassador/6.7.1100/questions.yml new file mode 100644 index 000000000..bf13b9471 --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/questions.yml @@ -0,0 +1,84 @@ +questions: +### CRD Management +- variable: crds.enabled + label: Create CRDs + description: "Should Ambassador Edge Stack create and manage its CRD's?" + type: boolean + required: false + default: "true" + group: "CRD Management" +- variable: crds.keep + label: Keep CRDs + description: "Should Ambassador Edge Stack keep CRD's when the chart is uninstalled?" + type: boolean + required: false + default: "true" + group: "CRD Management" + show_if: "crds.enabled=true" + +### Deployment Management +- variable: daemonSet + label: Deploy as Daemonset + description: "Deploy Ambassador Edge Stack as a Daemonset? (Recommended: false)" + type: boolean + required: false + default: "true" + group: "Deployment Settings" +- variable: replicaCount + label: Replica Count + description: "How many replicas should Ambassador Edge Stack run? (Recommended: 3)" + type: int + required: false + default: "3" + group: "Deployment Settings" + min: 1 + max: 999 + show_if: "daemonSet=false" + +### Service Settings +- variable: service.type + label: Service Type + description: "Set the type of service, LoadBalancer (recommended), NodePort, or ClusterIP" + type: enum + required: false + default: "LoadBalancer" + group: "Service Settings" + options: + - "LoadBalancer" + - "ClusterIP" + - "NodePort" + +### Licensing +- variable: licenseKey.createSecret + label: "Create License Key Secret" + description: "Creates the license key secret using the License Key Data." + type: boolean + required: false + default: "true" + group: "License Settings" +- variable: licenseKey.value + label: "License Key Data" + description: "Specifies the license key to apply." + type: secret + required: false + default: "" + group: "License Settings" + show_if: "licenseKey.createSecret=true" + +### Service Catalog +- variable: agent.enabled + label: "Enable Service Catalog" + description: "Enables the Service Catalog agent for use at https://app.getambassador.io." + type: boolean + required: false + default: "true" + group: "Service Catalog" +- variable: agent.cloudConnectionToken + label: "Cloud Connection Token" + description: "Specifies the Token used to register a Cluster with the Service Catalog." + type: secret + required: false + default: "" + group: "Service Catalog" + show_if: "agent.enabled=true" + \ No newline at end of file diff --git a/charts/ambassador/ambassador/6.7.1100/templates/NOTES.txt b/charts/ambassador/ambassador/6.7.1100/templates/NOTES.txt new file mode 100644 index 000000000..359073a3f --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/templates/NOTES.txt @@ -0,0 +1,60 @@ +------------------------------------------------------------------------------- +{{- if .Values.enableAES }} +Congratulations! You have successfully installed The Ambassador Edge Stack! + +{{- if empty .Values.licenseKey.value }} +------------------------------------------------------------------------------- +NOTE: You are currently running The Ambassador Edge Stack in EVALUATION MODE. + +Request a free community license key at https://SERVICE_IP/edge_stack_admin/#dashboard +to unlock all the features of The Ambassador Edge Stack and update the value of +licenseKey.value in your values.yaml file. +{{- end }} + +{{- if or .Values.authService.create .Values.rateLimit.create }} +------------------------------------------------------------------------------- +WARNING: + +With your installation of the Ambassador Edge Stack, you have created a: +{{ if .Values.authService.create }} +- AuthService named {{include "ambassador.fullname" .}}-auth +{{ end }} {{ if .Values.rateLimit.create }} +- RateLimitService named {{include "ambassador.fullname" .}}-ratelimit +{{ end }} +in the {{ include "ambassador.namespace" . }} namespace. + +Please ensure there is not another of these resources configured in your cluster. +If there is, please either remove the old resource or run + +helm upgrade {{ .Release.Name }} -n {{ .Release.Namespace }} --set authService.create=false --set RateLimit.create=false + +{{- end }} +{{- else }} + Congratulations! You've successfully installed Ambassador! + +------------------------------------------------------------------------------- +To get the IP address of Ambassador, run the following commands: + +{{- if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ include "ambassador.namespace" .}} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "ambassador.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ include "ambassador.namespace" .}} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} +NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc -w --namespace {{ include "ambassador.namespace" .}} {{ include "ambassador.fullname" . }}' + + On GKE/Azure: + export SERVICE_IP=$(kubectl get svc --namespace {{ include "ambassador.namespace" .}} {{ include "ambassador.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + + On AWS: + export SERVICE_IP=$(kubectl get svc --namespace {{ include "ambassador.namespace" .}} {{ include "ambassador.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].hostname}') + + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ include "ambassador.namespace" .}} -l "app={{ include "ambassador.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl port-forward $POD_NAME 8080:80 +{{- end }} +{{- end }} + +For help, visit our Slack at http://a8r.io/Slack or view the documentation online at https://www.getambassador.io. diff --git a/charts/ambassador/ambassador/6.7.1100/templates/_helpers.tpl b/charts/ambassador/ambassador/6.7.1100/templates/_helpers.tpl new file mode 100644 index 000000000..58a1eb455 --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/templates/_helpers.tpl @@ -0,0 +1,117 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "ambassador.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "ambassador.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{- define "ambassador.imagetag" -}} +{{- if .Values.image.fullImageOverride }} + {{- .Values.image.fullImageOverride }} +{{- else }} + {{- if hasKey .Values.image "tag" -}} + {{- .Values.image.tag }} + {{- else if .Values.enableAES }} + {{- .Values.image.aesTag }} + {{- else }} + {{- .Values.image.ossTag }} + {{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Set the image that should be used for ambassador. +Use fullImageOverride if present, +Then if the image repository is explicitly set, use "repository:image" +Otherwise, check if AES is enabled +Use AES image if AES is enabled, ambassador image if not +*/}} +{{- define "ambassador.image" -}} +{{- if .Values.image.fullImageOverride }} + {{- .Values.image.fullImageOverride }} +{{- else }} + {{- $repoName := "" }} + {{- $imageTag := "" }} + {{- if hasKey .Values.image "repository" -}} + {{- $repoName = .Values.image.repository }} + {{- else if .Values.enableAES }} + {{- $repoName = .Values.image.aesRepository }} + {{- else }} + {{- $repoName = .Values.image.ossRepository }} + {{- end -}} + {{- if hasKey .Values.image "tag" -}} + {{- $imageTag = .Values.image.tag }} + {{- else if .Values.enableAES }} + {{- $imageTag = .Values.image.aesTag }} + {{- else }} + {{- $imageTag = .Values.image.ossTag }} + {{- end -}} + {{- printf "%s:%s" $repoName $imageTag -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart namespace based on override value. +*/}} +{{- define "ambassador.namespace" -}} +{{- if .Values.namespaceOverride -}} +{{- .Values.namespaceOverride -}} +{{- else -}} +{{- .Release.Namespace -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "ambassador.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "ambassador.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "ambassador.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the RBAC to use +*/}} +{{- define "ambassador.rbacName" -}} +{{ default (include "ambassador.fullname" .) .Values.rbac.nameOverride }} +{{- end -}} + +{{/* +Define the http port of the Ambassador service +*/}} +{{- define "ambassador.servicePort" -}} +{{- range .Values.service.ports -}} +{{- if (eq .name "http") -}} +{{ default .port }} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/ambassador/ambassador/6.7.1100/templates/admin-service.yaml b/charts/ambassador/ambassador/6.7.1100/templates/admin-service.yaml new file mode 100644 index 000000000..34db11f29 --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/templates/admin-service.yaml @@ -0,0 +1,64 @@ +{{- if .Values.adminService.create -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "ambassador.fullname" . }}-admin + namespace: {{ include "ambassador.namespace" . }} + labels: + {{- if ne .Values.deploymentTool "getambassador.io" }} + app.kubernetes.io/name: {{ include "ambassador.name" . }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/part-of: {{ .Release.Name }} + {{- if .Values.deploymentTool }} + app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} + {{- else }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} + {{- end }} + # Hard-coded label for Prometheus Operator ServiceMonitor + service: ambassador-admin + product: aes + annotations: + a8r.io/owner: "Ambassador Labs" + a8r.io/repository: github.com/datawire/ambassador + a8r.io/description: "The Ambassador Edge Stack admin service for internal use and health checks." + a8r.io/documentation: https://www.getambassador.io/docs/edge-stack/latest/ + a8r.io/chat: http://a8r.io/Slack + a8r.io/bugs: https://github.com/datawire/ambassador/issues + a8r.io/support: https://www.getambassador.io/about-us/support/ + a8r.io/dependencies: "None" + {{- with .Values.adminService.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.adminService.type }} + ports: + - port: {{ .Values.adminService.port }} + targetPort: admin + protocol: TCP + name: ambassador-admin + {{- if (and (eq .Values.adminService.type "NodePort") (not (empty .Values.adminService.nodePort))) }} + nodePort: {{ int .Values.adminService.nodePort }} + {{- end }} + - port: {{ .Values.adminService.snapshotPort }} + targetPort: {{ .Values.adminService.snapshotPort }} + protocol: TCP + name: ambassador-snapshot + selector: + {{- if .Values.service.selector }} + {{ toYaml .Values.service.selector | nindent 6 }} + {{- else }} + app.kubernetes.io/name: {{ include "ambassador.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- end }} + {{- if eq .Values.adminService.type "LoadBalancer" }} + {{- if not (empty .Values.adminService.loadBalancerIP) }} + loadBalancerIP: {{ .Values.adminService.loadBalancerIP | quote }} + {{- end }} + {{- if not (empty .Values.adminService.loadBalancerSourceRanges) }} + loadBalancerSourceRanges: + {{- toYaml .Values.adminService.loadBalancerSourceRanges | nindent 4 }} + {{- end }} + {{- end }} +{{- end -}} diff --git a/charts/ambassador/ambassador/6.7.1100/templates/aes-authservice.yaml b/charts/ambassador/ambassador/6.7.1100/templates/aes-authservice.yaml new file mode 100644 index 000000000..b4c61bb0e --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/templates/aes-authservice.yaml @@ -0,0 +1,33 @@ +{{ if and .Values.authService.create .Values.enableAES }} +--- +apiVersion: getambassador.io/v2 +kind: AuthService +metadata: + name: {{ include "ambassador.fullname" . }}-{{ .Values.authService.deploymentExtraName | default "auth" }} + namespace: {{ include "ambassador.namespace" . }} + labels: + {{- if ne .Values.deploymentTool "getambassador.io" }} + app.kubernetes.io/name: {{ include "ambassador.name" . }} + app.kubernetes.io/part-of: {{ .Release.Name }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.deploymentTool }} + app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} + {{- else }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} + app.kubernetes.io/component: {{ include "ambassador.name" . }}-auth + {{- end }} + product: aes +spec: + proto: grpc + {{- if .Values.env }} + {{- if hasKey .Values.env "AMBASSADOR_ID" }} + ambassador_id: {{ .Values.env.AMBASSADOR_ID | quote }} + {{- end }} + {{- end }} + auth_service: 127.0.0.1:8500 + {{- if .Values.authService.optional_configurations }} + {{- toYaml .Values.authService.optional_configurations | nindent 2}} + {{- end }} +{{ end }} diff --git a/charts/ambassador/ambassador/6.7.1100/templates/aes-injector.yaml b/charts/ambassador/ambassador/6.7.1100/templates/aes-injector.yaml new file mode 100644 index 000000000..03bd3bd95 --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/templates/aes-injector.yaml @@ -0,0 +1,161 @@ +{{- if and .Values.enableAES .Values.servicePreview.enabled .Values.servicePreview.trafficAgent.injector.enabled }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "ambassador.fullname" . }}-injector + namespace: {{ include "ambassador.namespace" . }} + labels: + app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-injector + app.kubernetes.io/part-of: {{ .Release.Name }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.deploymentTool }} + app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} + {{- else }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} + product: aes +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-injector + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-injector + app.kubernetes.io/part-of: {{ .Release.Name }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.deploymentTool }} + app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} + {{- else }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} + product: aes + spec: + containers: + - name: webhook + {{- if .Values.servicePreview.trafficAgent.image.repository }} + image: "{{ .Values.servicePreview.trafficAgent.image.repository }}:{{ .Values.servicePreview.trafficAgent.image.tag | default .Values.image.tag }}" + {{- else }} + image: {{ include "ambassador.image" . }} + {{- end }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: [ "aes-injector" ] + env: + - name: AGENT_MANAGER_NAMESPACE + value: "{{ include "ambassador.namespace" . }}" + - name: TRAFFIC_AGENT_IMAGE + value: "{{ .Values.servicePreview.trafficAgent.image.repository | default .Values.image.repository }}:{{ .Values.servicePreview.trafficAgent.image.tag | default .Values.image.tag }}" + - name: TRAFFIC_AGENT_AGENT_LISTEN_PORT + value: "{{ .Values.servicePreview.trafficAgent.port }}" + {{- if .Values.servicePreview.trafficAgent.singleNamespace }} + - name: TRAFFIC_AGENT_SERVICE_ACCOUNT_NAME + value: "{{ .Values.servicePreview.trafficAgent.serviceAccountName }}" + {{- end }} + ports: + - containerPort: 8443 + name: https + livenessProbe: + httpGet: + path: /healthz + port: https + scheme: HTTPS + volumeMounts: + - mountPath: /var/run/secrets/tls + name: tls + readOnly: true + volumes: + - name: tls + secret: + secretName: {{ include "ambassador.fullname" . }}-injector-tls +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "ambassador.fullname" . }}-injector + namespace: {{ include "ambassador.namespace" . }} + labels: + app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-injector + app.kubernetes.io/part-of: {{ .Release.Name }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.deploymentTool }} + app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} + {{- else }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} + annotations: + a8r.io/owner: "Ambassador Labs" + a8r.io/repository: github.com/datawire/ambassador + a8r.io/description: "The Ambassador Edge Stack Service Preview Traffic Agent Sidecar injector." + a8r.io/documentation: https://www.getambassador.io/docs/edge-stack/latest/ + a8r.io/chat: http://a8r.io/Slack + a8r.io/bugs: https://github.com/datawire/ambassador/issues + a8r.io/support: https://www.getambassador.io/about-us/support/ + a8r.io/dependencies: "None" +spec: + type: ClusterIP + selector: + app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-injector + app.kubernetes.io/instance: {{ .Release.Name }} + ports: + - name: {{ include "ambassador.fullname" . }}-injector + port: 443 + targetPort: https +--- +kind: Secret +apiVersion: v1 +metadata: + name: {{ include "ambassador.fullname" . }}-injector-tls + namespace: {{ include "ambassador.namespace" . }} + labels: + app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-injector-tls + app.kubernetes.io/part-of: {{ .Release.Name }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.deploymentTool }} + app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} + {{- else }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} + product: aes +type: Opaque +data: + {{ $ca := genCA (printf "%s-injector.%s.svc" (include "ambassador.fullname" .) (include "ambassador.namespace" .)) 365 -}} + crt.pem: {{ ternary (b64enc $ca.Cert) (b64enc (trim .Values.servicePreview.trafficAgent.injector.crtPEM)) (empty .Values.servicePreview.trafficAgent.injector.crtPEM) }} + key.pem: {{ ternary (b64enc $ca.Key) (b64enc (trim .Values.servicePreview.trafficAgent.injector.keyPEM)) (empty .Values.servicePreview.trafficAgent.injector.keyPEM) }} +--- +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: MutatingWebhookConfiguration +metadata: + name: {{ include "ambassador.fullname" . }}-injector-webhook-config + labels: + app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-injector-webhook-config + app.kubernetes.io/part-of: {{ .Release.Name }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.deploymentTool }} + app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} + {{- else }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} + product: aes +webhooks: +- name: {{ include "ambassador.fullname" . }}-injector.getambassador.io + clientConfig: + service: + name: {{ include "ambassador.fullname" . }}-injector + namespace: {{ include "ambassador.namespace" . }} + path: "/traffic-agent" + caBundle: {{ ternary (b64enc $ca.Cert) (b64enc (trim .Values.servicePreview.trafficAgent.injector.crtPEM)) (empty .Values.servicePreview.trafficAgent.injector.crtPEM) }} + failurePolicy: Ignore + rules: + - operations: ["CREATE"] + apiGroups: [""] + apiVersions: ["v1"] + resources: ["pods"] +{{- end }} diff --git a/charts/ambassador/ambassador/6.7.1100/templates/aes-internal.yaml b/charts/ambassador/ambassador/6.7.1100/templates/aes-internal.yaml new file mode 100644 index 000000000..b210d0b20 --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/templates/aes-internal.yaml @@ -0,0 +1,129 @@ +{{ if and .Values.createDevPortalMappings .Values.enableAES }} +--- +# Configure DevPortal +apiVersion: getambassador.io/v2 +kind: Mapping +metadata: + # This Mapping name is referenced by convention, it's important to leave as-is. + name: {{ include "ambassador.fullname" . }}-devportal + namespace: {{ include "ambassador.namespace" . }} + labels: + {{- if ne .Values.deploymentTool "getambassador.io" }} + app.kubernetes.io/name: {{ include "ambassador.name" . }} + app.kubernetes.io/part-of: {{ .Release.Name }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.deploymentTool }} + app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} + {{- else }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} + app.kubernetes.io/component: {{ include "ambassador.name" . }}-devportal + {{- end }} + product: aes +spec: + {{- if .Values.env }} + {{- if hasKey .Values.env "AMBASSADOR_ID" }} + ambassador_id: {{ .Values.env.AMBASSADOR_ID | quote }} + {{- end }} + {{- end }} + prefix: {{ .Values.devportal.docsPrefix }} + rewrite: "/docs/" + service: "127.0.0.1:8500" +--- +apiVersion: getambassador.io/v2 +kind: Mapping +metadata: + name: {{ include "ambassador.fullname" . }}-devportal-assets + namespace: {{ include "ambassador.namespace" . }} + labels: + {{- if ne .Values.deploymentTool "getambassador.io" }} + app.kubernetes.io/name: {{ include "ambassador.name" . }} + app.kubernetes.io/part-of: {{ .Release.Name }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.deploymentTool }} + app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} + {{- else }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} + app.kubernetes.io/component: {{ include "ambassador.name" . }}-devportal-assets + {{- end }} + product: aes +spec: + {{- if .Values.env }} + {{- if hasKey .Values.env "AMBASSADOR_ID" }} + ambassador_id: {{ .Values.env.AMBASSADOR_ID | quote }} + {{- end }} + {{- end }} + prefix: /documentation/(assets|styles)/(.*)(.css) + prefix_regex: true + regex_rewrite: + pattern: /documentation/(.*) + substitution: /docs/\1 + service: "127.0.0.1:8500" + add_response_headers: + cache-control: + value: "public, max-age=3600, immutable" + append: false +--- +apiVersion: getambassador.io/v2 +kind: Mapping +metadata: + # This Mapping name is what the demo uses. Sigh. + name: {{ include "ambassador.fullname" . }}-devportal-demo + namespace: {{ include "ambassador.namespace" . }} + labels: + {{- if ne .Values.deploymentTool "getambassador.io" }} + app.kubernetes.io/name: {{ include "ambassador.name" . }} + app.kubernetes.io/part-of: {{ .Release.Name }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.deploymentTool }} + app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} + {{- else }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} + app.kubernetes.io/component: {{ include "ambassador.name" . }}-devportal-demo + {{- end }} + product: aes +spec: + {{- if .Values.env }} + {{- if hasKey .Values.env "AMBASSADOR_ID" }} + ambassador_id: {{ .Values.env.AMBASSADOR_ID | quote }} + {{- end }} + {{- end }} + prefix: /docs/ + rewrite: "/docs/" + service: "127.0.0.1:8500" +--- +apiVersion: getambassador.io/v2 +kind: Mapping +metadata: + # This Mapping name is referenced by convention, it's important to leave as-is. + name: {{ include "ambassador.fullname" . }}-devportal-api + namespace: {{ include "ambassador.namespace" . }} + labels: + {{- if ne .Values.deploymentTool "getambassador.io" }} + app.kubernetes.io/name: {{ include "ambassador.name" . }} + app.kubernetes.io/part-of: {{ .Release.Name }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.deploymentTool }} + app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} + {{- else }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} + app.kubernetes.io/component: {{ include "ambassador.name" . }}-devportal-api + {{- end }} + product: aes +spec: + {{- if .Values.env }} + {{- if hasKey .Values.env "AMBASSADOR_ID" }} + ambassador_id: {{ .Values.env.AMBASSADOR_ID | quote }} + {{- end }} + {{- end }} + prefix: /openapi/ + rewrite: "" + service: "127.0.0.1:8500" +{{ end }} diff --git a/charts/ambassador/ambassador/6.7.1100/templates/aes-ratelimit.yaml b/charts/ambassador/ambassador/6.7.1100/templates/aes-ratelimit.yaml new file mode 100644 index 000000000..fdb2ddbcd --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/templates/aes-ratelimit.yaml @@ -0,0 +1,29 @@ +{{ if and .Values.rateLimit.create .Values.enableAES }} +--- +apiVersion: getambassador.io/v2 +kind: RateLimitService +metadata: + name: {{ include "ambassador.fullname" . }}-{{ .Values.rateLimit.deploymentExtraName | default "ratelimit" }} + namespace: {{ include "ambassador.namespace" . }} + labels: + {{- if ne .Values.deploymentTool "getambassador.io" }} + app.kubernetes.io/name: {{ include "ambassador.name" . }} + app.kubernetes.io/part-of: {{ .Release.Name }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.deploymentTool }} + app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} + {{- else }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} + app.kubernetes.io/component: {{ include "ambassador.name" . }}-ratelimit + {{- end }} + product: aes +spec: + {{- if .Values.env }} + {{- if hasKey .Values.env "AMBASSADOR_ID" }} + ambassador_id: {{ .Values.env.AMBASSADOR_ID | quote }} + {{- end }} + {{- end }} + service: 127.0.0.1:8500 +{{ end }} diff --git a/charts/ambassador/ambassador/6.7.1100/templates/aes-redis.yaml b/charts/ambassador/ambassador/6.7.1100/templates/aes-redis.yaml new file mode 100644 index 000000000..e0bbe1931 --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/templates/aes-redis.yaml @@ -0,0 +1,106 @@ +{{ if and .Values.redis.create .Values.enableAES }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "ambassador.fullname" . }}-redis + namespace: {{ include "ambassador.namespace" . }} + labels: + {{- if ne .Values.deploymentTool "getambassador.io" }} + app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-redis + app.kubernetes.io/part-of: {{ .Release.Name }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.deploymentTool }} + app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} + {{- else }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} + {{- else }} + product: aes + {{- end }} + annotations: + a8r.io/owner: "Ambassador Labs" + a8r.io/repository: github.com/datawire/ambassador + a8r.io/description: "The Ambassador Edge Stack Redis store for auth and rate limiting, among other things." + a8r.io/documentation: https://www.getambassador.io/docs/edge-stack/latest/ + a8r.io/chat: http://a8r.io/Slack + a8r.io/bugs: https://github.com/datawire/ambassador/issues + a8r.io/support: https://www.getambassador.io/about-us/support/ + a8r.io/dependencies: "None" + {{- with .Values.redis.annotations.service }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + type: ClusterIP + ports: + - port: 6379 + targetPort: 6379 + selector: + {{- if .Values.redis.serviceSelector }} + {{ toYaml .Values.redis.serviceSelector | nindent 4 }} + {{- else }} + app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-redis + app.kubernetes.io/instance: {{ .Release.Name }} + {{- end }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "ambassador.fullname" . }}-redis + namespace: {{ include "ambassador.namespace" . }} + labels: + {{- if ne .Values.deploymentTool "getambassador.io" }} + app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-redis + app.kubernetes.io/part-of: {{ .Release.Name }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.deploymentTool }} + app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} + {{- else }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} + {{- end }} + product: aes + annotations: + {{- toYaml .Values.redis.annotations.deployment | nindent 4}} +spec: + replicas: 1 + selector: + matchLabels: + {{- if .Values.redis.serviceSelector }} + {{ toYaml .Values.redis.serviceSelector | nindent 6 }} + {{- else }} + app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-redis + app.kubernetes.io/instance: {{ .Release.Name }} + {{- end }} + template: + metadata: + labels: + {{- if .Values.redis.serviceSelector }} + {{ toYaml .Values.redis.serviceSelector | nindent 8 }} + {{- else }} + app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-redis + app.kubernetes.io/instance: {{ .Release.Name }} + {{- end }} + spec: + containers: + - name: redis + image: "{{ .Values.redis.image.repository }}:{{ .Values.redis.image.tag }}" + imagePullPolicy: {{ .Values.redis.image.pullPolicy }} + resources: + {{- toYaml .Values.redis.resources | nindent 10 }} + restartPolicy: Always + {{- with .Values.redis.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.redis.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.redis.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} +{{ end }} diff --git a/charts/ambassador/ambassador/6.7.1100/templates/aes-secret.yaml b/charts/ambassador/ambassador/6.7.1100/templates/aes-secret.yaml new file mode 100644 index 000000000..9829d93fe --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/templates/aes-secret.yaml @@ -0,0 +1,21 @@ +{{- if and .Values.licenseKey.createSecret .Values.enableAES }} +apiVersion: v1 +kind: Secret +metadata: + {{- if ne .Values.deploymentTool "getambassador.io" }} + annotations: + helm.sh/resource-policy: keep + {{- end }} + {{- if .Values.licenseKey.annotations }} + {{- toYaml .Values.licenseKey.annotations | nindent 4 }} + {{- end }} + {{- if .Values.licenseKey.secretName }} + name: {{ .Values.licenseKey.secretName }} + {{- else }} + name: {{ include "ambassador.fullname" . }}-edge-stack + {{- end }} + namespace: {{ include "ambassador.namespace" . }} +type: Opaque +data: + license-key: {{- if .Values.licenseKey.value }} {{ .Values.licenseKey.value | b64enc }} {{- else }} "" {{- end }} +{{- end }} diff --git a/charts/ambassador/ambassador/6.7.1100/templates/ambassador-agent.yaml b/charts/ambassador/ambassador/6.7.1100/templates/ambassador-agent.yaml new file mode 100644 index 000000000..0d70f4c8b --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/templates/ambassador-agent.yaml @@ -0,0 +1,371 @@ +{{- if .Values.agent.enabled }} +{{- $allowAgent := false -}} + + {{- /* This next bit is ugly. */ -}} + {{- /* Case 1: "fullImageOverride" means don't bother checking the tag. */ -}} + {{- /* Case 2: Otherwise, if it's not a semver-style version number, */ -}} + {{- /* assume we have a power user and turn the agent on. */ -}} + {{- /* Case 3: Otherwise, if Edge Stack, we need at least 1.12.0. */ -}} + {{- /* Case 4: Otherwise, it's OSS and we need at 1.13.0. */ -}} + +{{- if .Values.image.fullImageOverride }} + {{- /* Case 1 */ -}} + {{- $allowAgent = true }} +{{- else if not (regexMatch "^\\d+\\.\\d+\\.\\d+$" (include "ambassador.imagetag" . )) }} + {{- /* Case 2 above: power user */ -}} + {{- $allowAgent = true }} +{{- else if and .Values.enableAES (ne (semver "1.12.0" | (semver (include "ambassador.imagetag" . )).Compare) -1) }} + {{- /* Case 3 above: Edge Stack 1.12.0+ */ -}} + {{- $allowAgent = true }} +{{- else if ne (semver "1.13.0" | (semver (include "ambassador.imagetag" . )).Compare) -1 }} + {{- /* Case 4 above: OSS 1.13.0+ */ -}} + {{- $allowAgent = true }} +{{- end }} + +{{- if $allowAgent }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "ambassador.fullname" . }}-agent + namespace: {{ include "ambassador.namespace" . }} + labels: + {{- if ne .Values.deploymentTool "getambassador.io" }} + app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent + app.kubernetes.io/part-of: {{ .Release.Name }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.deploymentTool }} + app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} + {{- else }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} + {{- end }} + product: aes +{{- if .Values.docker.useImagePullSecret }} +imagePullSecrets: +- name: {{ .Values.docker.imagePullSecretName }} +{{- end }} +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + name: {{ include "ambassador.fullname" . }}-agent-config + namespace: {{ include "ambassador.namespace" . }} + labels: + {{- if ne .Values.deploymentTool "getambassador.io" }} + app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent + app.kubernetes.io/part-of: {{ .Release.Name }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.deploymentTool }} + app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} + {{- else }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} + {{- end }} + product: aes +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "ambassador.fullname" . }}-agent-config +subjects: +- kind: ServiceAccount + name: {{ include "ambassador.fullname" . }}-agent + namespace: {{ include "ambassador.namespace" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + name: {{ include "ambassador.fullname" . }}-agent-config + namespace: {{ include "ambassador.namespace" . }} + labels: + {{- if ne .Values.deploymentTool "getambassador.io" }} + app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent + app.kubernetes.io/part-of: {{ .Release.Name }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.deploymentTool }} + app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} + {{- else }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} + {{- end }} + product: aes +rules: +- apiGroups: [""] + resources: [ "configmaps" ] + verbs: [ "get", "list", "watch" ] +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: {{ include "ambassador.fullname" . }}-agent + labels: + {{- if ne .Values.deploymentTool "getambassador.io" }} + app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent + app.kubernetes.io/part-of: {{ .Release.Name }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.deploymentTool }} + app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} + {{- else }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} + {{- end }} + product: aes +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "ambassador.fullname" . }}-agent +subjects: +- kind: ServiceAccount + name: {{ include "ambassador.fullname" . }}-agent + namespace: {{ include "ambassador.namespace" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + name: {{ include "ambassador.fullname" . }}-agent + labels: + {{- if ne .Values.deploymentTool "getambassador.io" }} + app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent + app.kubernetes.io/part-of: {{ .Release.Name }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.deploymentTool }} + app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} + {{- else }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} + {{- end }} + product: aes +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.getambassador.io/role-group: {{ include "ambassador.rbacName" . }}-agent +rules: [] +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + name: {{ include "ambassador.fullname" . }}-agent-pods + labels: + rbac.getambassador.io/role-group: {{ include "ambassador.rbacName" . }}-agent + {{- if ne .Values.deploymentTool "getambassador.io" }} + app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent + app.kubernetes.io/part-of: {{ .Release.Name }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.deploymentTool }} + app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} + {{- else }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} + {{- end }} + product: aes +rules: +- apiGroups: [""] + resources: [ "pods"] + verbs: [ "get", "list", "watch" ] +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + name: {{ include "ambassador.fullname" . }}-agent-deployments + labels: + rbac.getambassador.io/role-group: {{ include "ambassador.rbacName" . }}-agent + {{- if ne .Values.deploymentTool "getambassador.io" }} + app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent + app.kubernetes.io/part-of: {{ .Release.Name }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.deploymentTool }} + app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} + {{- else }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} + {{- end }} + product: aes +rules: +- apiGroups: ["apps", "extensions"] + resources: [ "deployments" ] + verbs: [ "get", "list", "watch" ] +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + name: {{ include "ambassador.fullname" . }}-agent-endpoints + labels: + rbac.getambassador.io/role-group: {{ include "ambassador.rbacName" . }}-agent + {{- if ne .Values.deploymentTool "getambassador.io" }} + app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent + app.kubernetes.io/part-of: {{ .Release.Name }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.deploymentTool }} + app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} + {{- else }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} + {{- end }} + product: aes +rules: +- apiGroups: [""] + resources: [ "endpoints" ] + verbs: [ "get", "list", "watch" ] +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + name: {{ include "ambassador.fullname" . }}-agent-configmaps + labels: + rbac.getambassador.io/role-group: {{ include "ambassador.rbacName" . }}-agent + {{- if ne .Values.deploymentTool "getambassador.io" }} + app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent + app.kubernetes.io/part-of: {{ .Release.Name }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.deploymentTool }} + app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} + {{- else }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} + {{- end }} + product: aes +rules: +- apiGroups: [""] + resources: [ "configmaps" ] + verbs: [ "get", "list", "watch" ] +--- +{{- if .Values.agent.createArgoRBAC }} +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + name: {{ include "ambassador.fullname" . }}-agent-rollouts + labels: + rbac.getambassador.io/role-group: {{ include "ambassador.rbacName" . }}-agent + {{- if ne .Values.deploymentTool "getambassador.io" }} + app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent + app.kubernetes.io/part-of: {{ .Release.Name }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.deploymentTool }} + app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} + {{- else }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} + {{- end }} + product: aes +rules: +- apiGroups: ["argoproj.io"] + resources: [ "rollouts" ] + verbs: [ "get", "list", "watch" ] +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + name: {{ include "ambassador.fullname" . }}-agent-applications + labels: + rbac.getambassador.io/role-group: {{ include "ambassador.rbacName" . }}-agent + {{- if ne .Values.deploymentTool "getambassador.io" }} + app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent + app.kubernetes.io/part-of: {{ .Release.Name }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.deploymentTool }} + app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} + {{- else }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} + {{- end }} + product: aes +rules: +- apiGroups: ["argoproj.io"] + resources: [ "applications" ] + verbs: [ "get", "list", "watch" ] +{{- end }} +{{ if ne .Values.agent.cloudConnectToken "" }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "ambassador.fullname" . }}-agent-cloud-token + namespace: {{ include "ambassador.namespace" . }} + labels: + {{- if ne .Values.deploymentTool "getambassador.io" }} + app.kubernetes.io/name: {{ include "ambassador.name" . }}-agent-cloud-token + app.kubernetes.io/part-of: {{ .Release.Name }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.deploymentTool }} + app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} + {{- else }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} + {{- end }} + product: aes +data: + CLOUD_CONNECT_TOKEN: {{ .Values.agent.cloudConnectToken }} +{{ end }} + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "ambassador.fullname" . }}-agent + namespace: {{ include "ambassador.namespace" . }} + labels: + app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-agent + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if ne .Values.deploymentTool "getambassador.io" }} + app.kubernetes.io/part-of: {{ .Release.Name }} + helm.sh/chart: {{ include "ambassador.chart" . }} + {{- if .Values.deploymentTool }} + app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} + {{- else }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} + product: aes + {{- end }} +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-agent + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-agent + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if ne .Values.deploymentTool "getambassador.io" }} + app.kubernetes.io/part-of: {{ .Release.Name }} + helm.sh/chart: {{ include "ambassador.chart" . }} + product: aes + {{- if .Values.deploymentTool }} + app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} + {{- else }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} + {{- end }} + spec: + serviceAccountName: {{ include "ambassador.fullname" . }}-agent + containers: + - name: agent + image: {{ include "ambassador.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: [ "agent" ] + env: + - name: AGENT_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: AGENT_CONFIG_RESOURCE_NAME + value: {{ include "ambassador.fullname" . }}-agent-cloud-token + - name: RPC_CONNECTION_ADDRESS + value: {{ .Values.agent.rpcAddress }} + - name: AES_SNAPSHOT_URL + value: "http://{{ include "ambassador.fullname" . }}-admin.{{ include "ambassador.namespace" . }}:{{ .Values.adminService.snapshotPort }}/snapshot-external" +{{- end }} +{{- end }} diff --git a/charts/ambassador/ambassador/6.7.1100/templates/config.yaml b/charts/ambassador/ambassador/6.7.1100/templates/config.yaml new file mode 100644 index 000000000..b2c2d64bc --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/templates/config.yaml @@ -0,0 +1,20 @@ +{{- if .Values.ambassadorConfig }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: '{{ include "ambassador.fullname" . }}-file-config' + namespace: {{ include "ambassador.namespace" . }} + labels: + app.kubernetes.io/name: {{ include "ambassador.name" . }} + app.kubernetes.io/part-of: {{ .Release.Name }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.deploymentTool }} + app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} + {{- else }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} +data: + ambassadorConfig: |- + {{- .Values.ambassadorConfig | nindent 4 }} +{{- end }} diff --git a/charts/ambassador/ambassador/6.7.1100/templates/crd-delete.yaml b/charts/ambassador/ambassador/6.7.1100/templates/crd-delete.yaml new file mode 100644 index 000000000..0099dedf8 --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/templates/crd-delete.yaml @@ -0,0 +1,123 @@ +{{- if and .Values.crds.enabled (not .Values.crds.keep)}} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "ambassador.serviceAccountName" . }}-crd-delete + namespace: {{ include "ambassador.namespace" . }} + annotations: + "helm.sh/hook": post-delete + "helm.sh/hook-delete-policy": hook-succeeded + "helm.sh/hook-weight": "1" + labels: + app.kubernetes.io/name: {{ include "ambassador.name" . }} + app.kubernetes.io/part-of: {{ .Release.Name }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.deploymentTool }} + app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} + {{- else }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} + product: aes +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + name: {{ include "ambassador.rbacName" . }}-crd-delete + namespace: {{ include "ambassador.namespace" . }} + annotations: + "helm.sh/hook": post-delete + "helm.sh/hook-delete-policy": hook-succeeded + "helm.sh/hook-weight": "1" + labels: + app.kubernetes.io/name: {{ include "ambassador.name" . }} + app.kubernetes.io/part-of: {{ .Release.Name }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.deploymentTool }} + app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} + {{- else }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} + product: aes +rules: + - apiGroups: [ "apiextensions.k8s.io" ] + resources: [ "customresourcedefinitions" ] + verbs: ["get", "list", "watch", "delete"] +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: {{ include "ambassador.rbacName" . }}-crd-delete + namespace: {{ include "ambassador.namespace" . }} + annotations: + "helm.sh/hook": post-delete + "helm.sh/hook-delete-policy": hook-succeeded + "helm.sh/hook-weight": "1" + labels: + app.kubernetes.io/name: {{ include "ambassador.name" . }} + app.kubernetes.io/part-of: {{ .Release.Name }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.deploymentTool }} + app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} + {{- else }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} + product: aes +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "ambassador.rbacName" . }}-crd-delete +subjects: + - name: {{ include "ambassador.serviceAccountName" . }}-crd-delete + namespace: {{ include "ambassador.namespace" . }} + kind: ServiceAccount +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "ambassador.fullname" . }}-crd-cleanup + namespace: {{ include "ambassador.namespace" . }} + annotations: + "helm.sh/hook": post-delete + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + "helm.sh/hook-weight": "3" + labels: + app.kubernetes.io/name: {{ include "ambassador.name" . }} + app.kubernetes.io/part-of: {{ .Release.Name }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.deploymentTool }} + app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} + {{- else }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} +spec: + template: + metadata: + name: {{ include "ambassador.fullname" . }}-crd-cleanup + labels: + app.kubernetes.io/name: {{ include "ambassador.name" . }} + app.kubernetes.io/part-of: {{ .Release.Name }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.deploymentTool }} + app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} + {{- else }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} + spec: + {{- if .Values.rbac.create }} + serviceAccountName: {{ include "ambassador.serviceAccountName" . }}-crd-delete + {{- end }} + containers: + - name: kubectl + image: "buoyantio/kubectl" + args: + - delete + - crds + - -l app.kubernetes.io/name=ambassador + restartPolicy: OnFailure +{{- end }} diff --git a/charts/ambassador/ambassador/6.7.1100/templates/crds.yaml b/charts/ambassador/ambassador/6.7.1100/templates/crds.yaml new file mode 100644 index 000000000..3b3bf16d5 --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/templates/crds.yaml @@ -0,0 +1,6 @@ +{{- if .Values.crds.create }} +{{- range $path, $bytes := .Files.Glob "crds/*.yaml" }} +{{ $.Files.Get $path }} +--- +{{- end }} +{{- end }} diff --git a/charts/ambassador/ambassador/6.7.1100/templates/deployment.yaml b/charts/ambassador/ambassador/6.7.1100/templates/deployment.yaml new file mode 100644 index 000000000..762cf2d9c --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/templates/deployment.yaml @@ -0,0 +1,282 @@ +apiVersion: apps/v1 +{{- if .Values.daemonSet }} +kind: DaemonSet +{{- else }} +kind: Deployment +{{- end }} +metadata: + {{- if .Values.deploymentNameOverride }} + name: {{ .Values.deploymentNameOverride }} + {{- else }} + name: {{ include "ambassador.fullname" . }} + {{- end }} + namespace: {{ include "ambassador.namespace" . }} + labels: + {{- if ne .Values.deploymentTool "getambassador.io" }} + app.kubernetes.io/name: {{ include "ambassador.name" . }} + app.kubernetes.io/part-of: {{ .Release.Name }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.deploymentTool }} + app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} + {{- else }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} + {{- end }} + product: aes + {{- if .Values.deploymentLabels }} + {{- toYaml .Values.deploymentLabels | nindent 4 }} + {{- end }} + {{- if .Values.deploymentAnnotations }} + annotations: + {{- toYaml .Values.deploymentAnnotations | nindent 4 }} + {{- end }} +spec: +{{- if and (not .Values.autoscaling.enabled) (not .Values.daemonSet) }} + replicas: {{ .Values.replicaCount }} +{{- end }} + selector: + matchLabels: + {{- if .Values.service.selector }} + {{ toYaml .Values.service.selector | nindent 6 }} + {{- else }} + app.kubernetes.io/name: {{ include "ambassador.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- end }} + {{- if .Values.daemonSet }} + updateStrategy: + {{- else }} + strategy: + {{- end }} + {{- toYaml .Values.deploymentStrategy | nindent 4}} + template: + metadata: + labels: + {{- if .Values.service.selector }} + {{ toYaml .Values.service.selector | nindent 8 }} + {{- end }} + {{- if ne .Values.deploymentTool "getambassador.io" }} + app.kubernetes.io/name: {{ include "ambassador.name" . }} + app.kubernetes.io/part-of: {{ .Release.Name }} + app.kubernetes.io/instance: {{ .Release.Name }} + product: aes + {{- end }} + {{- if .Values.deploymentTool }} + app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} + {{- else }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} + {{- if .Values.podLabels }} + {{- toYaml .Values.podLabels | nindent 8 }} + {{- end }} + annotations: + {{- if ne .Values.deploymentTool "getambassador.io" }} + checksum/config: {{ include (print $.Template.BasePath "/config.yaml") . | sha256sum }} + {{- end }} + {{- if .Values.podAnnotations }} + {{- toYaml .Values.podAnnotations | nindent 8 }} + {{- end }} + spec: + {{- if .Values.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} + {{- end }} + {{- /* Check if .Values.securityContext is set for backwards compatibility */ -}} + {{- if .Values.securityContext -}} + {{- with .Values.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- else -}} + {{- with .Values.security.podSecurityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- end -}} + {{- if .Values.restartPolicy }} + restartPolicy: {{ .Values.restartPolicy }} + {{- end }} + serviceAccountName: {{ include "ambassador.serviceAccountName" . }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName | quote }} + {{- end }} + volumes: + - name: ambassador-pod-info + downwardAPI: + items: + - fieldRef: + fieldPath: metadata.labels + path: labels + {{- if .Values.prometheusExporter.enabled }} + - name: stats-exporter-mapping-config + configMap: + name: {{ include "ambassador.fullname" . }}-exporter-config + items: + - key: exporterConfiguration + path: mapping-config.yaml + {{- end }} + {{- if .Values.ambassadorConfig }} + - name: ambassador-config + configMap: + name: {{ include "ambassador.fullname" . }}-file-config + items: + - key: ambassadorConfig + path: ambassador-config.yaml + {{- end }} + {{- if and .Values.licenseKey.createSecret .Values.enableAES }} + - name: {{ include "ambassador.fullname" . }}-edge-stack-secrets + secret: + {{- if .Values.licenseKey.secretName }} + secretName: {{ .Values.licenseKey.secretName }} + {{- else }} + secretName: {{ include "ambassador.fullname" . }}-edge-stack + {{- end }} + {{- end }} + {{- with .Values.volumes }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.initContainers }} + initContainers: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + {{- if .Values.prometheusExporter.enabled }} + - name: prometheus-exporter + image: "{{ .Values.prometheusExporter.repository }}:{{ .Values.prometheusExporter.tag }}" + imagePullPolicy: {{ .Values.prometheusExporter.pullPolicy }} + ports: + - name: metrics + containerPort: 9102 + - name: listener + containerPort: 8125 + args: + - --statsd.listen-udp=:8125 + - --web.listen-address=:9102 + - --statsd.mapping-config=/statsd-exporter/mapping-config.yaml + volumeMounts: + - name: stats-exporter-mapping-config + mountPath: /statsd-exporter/ + readOnly: true + resources: + {{- toYaml .Values.prometheusExporter.resources | nindent 12 }} + {{- end }} + - name: {{ if .Values.containerNameOverride }}{{ .Values.containerNameOverride }}{{ else }}{{ .Chart.Name }}{{ end }} + image: {{ include "ambassador.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + {{- range .Values.service.ports }} + - name: {{ .name }} + containerPort: {{ int .targetPort }} + {{- if .protocol }} + protocol: {{ .protocol }} + {{- end }} + {{- if .hostPort }} + hostPort: {{ .hostPort }} + {{- end }} + {{- end}} + - name: admin + containerPort: {{ .Values.adminService.port }} + env: + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + {{- if and (or .Values.redis.create .Values.redisURL) (.Values.enableAES) }} + - name: REDIS_URL + {{- if .Values.redisURL }} + value: {{ .Values.redisURL }} + {{- else }} + value: {{ include "ambassador.fullname" . }}-redis:6379 + {{- end }} + {{- end }} + {{- if and .Values.licenseKey.secretName .Values.enableAES}} + - name: AMBASSADOR_AES_SECRET_NAME + value: {{ .Values.licenseKey.secretName }} + {{- end }} + {{- if .Values.prometheusExporter.enabled }} + - name: STATSD_ENABLED + value: "true" + - name: STATSD_HOST + value: "localhost" + {{- end }} + {{- if .Values.scope.singleNamespace }} + - name: AMBASSADOR_SINGLE_NAMESPACE + value: "YES" + {{- end }} + - name: AMBASSADOR_NAMESPACE + {{- if .Values.namespace }} + value: {{ .Values.namespace.name | quote }} + {{ else }} + valueFrom: + fieldRef: + fieldPath: metadata.namespace + {{- end -}} + {{- if .Values.redisEnv }} + {{ toYaml .Values.redisEnv | nindent 12 }} + {{- end }} + {{- if .Values.env }} + {{- range $key,$value := .Values.env }} + - name: {{ $key | upper | quote}} + value: {{ $value | quote}} + {{- end }} + {{- end }} + {{- if .Values.envRaw }} + {{- with .Values.envRaw }} + {{- toYaml . | nindent 12 }} + {{- end }} + {{- end }} + {{- with .Values.security.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + livenessProbe: + httpGet: + path: /ambassador/v0/check_alive + port: admin + {{- toYaml .Values.livenessProbe | nindent 12 }} + readinessProbe: + httpGet: + path: /ambassador/v0/check_ready + port: admin + {{- toYaml .Values.readinessProbe | nindent 12 }} + volumeMounts: + - name: ambassador-pod-info + mountPath: /tmp/ambassador-pod-info + readOnly: true + {{- if .Values.ambassadorConfig }} + - name: ambassador-config + mountPath: /ambassador/ambassador-config/ambassador-config.yaml + subPath: ambassador-config.yaml + {{- end }} + {{- if and .Values.licenseKey.createSecret .Values.enableAES }} + - name: {{ include "ambassador.fullname" . }}-edge-stack-secrets + mountPath: /.config/ambassador + readOnly: true + {{- end }} + {{- with .Values.volumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.sidecarContainers }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.topologySpreadConstraints }} + topologySpreadConstraints: + {{- toYaml . | nindent 8 }} + {{- end }} + imagePullSecrets: + {{- toYaml .Values.imagePullSecrets | nindent 8 }} + dnsPolicy: {{ .Values.dnsPolicy }} + hostNetwork: {{ .Values.hostNetwork }} diff --git a/charts/ambassador/ambassador/6.7.1100/templates/exporter-config.yaml b/charts/ambassador/ambassador/6.7.1100/templates/exporter-config.yaml new file mode 100644 index 000000000..69b817f9d --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/templates/exporter-config.yaml @@ -0,0 +1,23 @@ +{{- if .Values.prometheusExporter.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: '{{ include "ambassador.fullname" . }}-exporter-config' + namespace: {{ include "ambassador.namespace" . }} + labels: + app.kubernetes.io/name: {{ include "ambassador.name" . }} + app.kubernetes.io/part-of: {{ .Release.Name }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.deploymentTool }} + app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} + {{- else }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} +data: + exporterConfiguration: +{{- if .Values.prometheusExporter.configuration }} | + {{- .Values.prometheusExporter.configuration | nindent 4 }} +{{- else }} '' +{{- end }} +{{- end }} diff --git a/charts/ambassador/ambassador/6.7.1100/templates/hpa.yaml b/charts/ambassador/ambassador/6.7.1100/templates/hpa.yaml new file mode 100644 index 000000000..18cbbdbf6 --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/templates/hpa.yaml @@ -0,0 +1,26 @@ +{{- if and .Values.autoscaling.enabled (not .Values.daemonSet) }} +apiVersion: autoscaling/v2beta2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "ambassador.fullname" . }} + namespace: {{ include "ambassador.namespace" . }} + labels: + app.kubernetes.io/name: {{ include "ambassador.name" . }} + app.kubernetes.io/part-of: {{ .Release.Name }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.deploymentTool }} + app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} + {{- else }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "ambassador.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- toYaml .Values.autoscaling.metrics | nindent 4 }} +{{- end }} diff --git a/charts/ambassador/ambassador/6.7.1100/templates/module.yaml b/charts/ambassador/ambassador/6.7.1100/templates/module.yaml new file mode 100644 index 000000000..6d481fef0 --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/templates/module.yaml @@ -0,0 +1,29 @@ +{{- if .Values.module }} +apiVersion: getambassador.io/v2 +kind: Module +metadata: + name: ambassador + namespace: {{ include "ambassador.namespace" . }} + labels: + {{- if ne .Values.deploymentTool "getambassador.io" }} + app.kubernetes.io/name: {{ include "ambassador.name" . }} + app.kubernetes.io/part-of: {{ .Release.Name }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.deploymentTool }} + app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} + {{- else }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} + app.kubernetes.io/component: {{ include "ambassador.name" . }}-ratelimit + {{- end }} + product: aes +spec: + {{- if .Values.env }} + {{- if hasKey .Values.env "AMBASSADOR_ID" }} + ambassador_id: {{ .Values.env.AMBASSADOR_ID | quote }} + {{- end }} + {{- end }} + config: + {{- toYaml .Values.module | nindent 4 }} +{{- end }} diff --git a/charts/ambassador/ambassador/6.7.1100/templates/namespace.yaml b/charts/ambassador/ambassador/6.7.1100/templates/namespace.yaml new file mode 100644 index 000000000..4535c74f2 --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/templates/namespace.yaml @@ -0,0 +1,8 @@ +{{- if .Values.createNamespace }} +apiVersion: v1 +kind: Namespace +metadata: + labels: + product: aes + name: {{ include "ambassador.namespace" . }} +{{- end }} diff --git a/charts/ambassador/ambassador/6.7.1100/templates/oss-migration-test-service.yaml b/charts/ambassador/ambassador/6.7.1100/templates/oss-migration-test-service.yaml new file mode 100644 index 000000000..17f3c288d --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/templates/oss-migration-test-service.yaml @@ -0,0 +1,33 @@ +{{- if .Values.enableTestService }} +apiVersion: v1 +kind: Service +metadata: + name: test-aes + namespace: {{ include "ambassador.namespace" . }} + labels: + product: aes +spec: + type: LoadBalancer + externalTrafficPolicy: Local + ports: + {{- range .Values.service.ports }} + - name: {{ .name }} + port: {{ int .port }} + {{- if .targetPort }} + targetPort: {{ int .targetPort }} + {{- end }} + {{- if .nodePort }} + nodePort: {{ int .nodePort }} + {{- end }} + {{- if .protocol }} + protocol: {{ .protocol }} + {{- end }} + {{- end}} + selector: + {{- if .Values.service.selector }} + {{ toYaml .Values.service.selector | nindent 6 }} + {{- else }} + app.kubernetes.io/name: {{ include "ambassador.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- end }} +{{- end }} diff --git a/charts/ambassador/ambassador/6.7.1100/templates/pdb.yaml b/charts/ambassador/ambassador/6.7.1100/templates/pdb.yaml new file mode 100644 index 000000000..4044fda60 --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/templates/pdb.yaml @@ -0,0 +1,23 @@ +{{- if .Values.podDisruptionBudget }} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: {{ include "ambassador.fullname" . }} + namespace: {{ include "ambassador.namespace" . }} + labels: + app.kubernetes.io/name: {{ include "ambassador.name" . }} + app.kubernetes.io/part-of: {{ .Release.Name }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.deploymentTool }} + app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} + {{- else }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ include "ambassador.name" . }} + app.kubernetes.io/part-of: {{ .Release.Name }} +{{ toYaml .Values.podDisruptionBudget | indent 2 }} +{{- end }} diff --git a/charts/ambassador/ambassador/6.7.1100/templates/podsecuritypolicy.yaml b/charts/ambassador/ambassador/6.7.1100/templates/podsecuritypolicy.yaml new file mode 100644 index 000000000..3da289039 --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/templates/podsecuritypolicy.yaml @@ -0,0 +1,25 @@ +{{ if .Values.security.podSecurityPolicy }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ include "ambassador.fullname" . }} + namespace: {{ include "ambassador.namespace" . }} + labels: + app.kubernetes.io/name: {{ include "ambassador.name" . }} + app.kubernetes.io/part-of: {{ .Release.Name }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.deploymentTool }} + app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} + {{- else }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} + {{- with .Values.security.podSecurityPolicy.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- with .Values.security.podSecurityPolicy.spec }} +spec: + {{- toYaml . | nindent 2}} +{{- end }} +{{ end }} \ No newline at end of file diff --git a/charts/ambassador/ambassador/6.7.1100/templates/projects-rbac.yaml b/charts/ambassador/ambassador/6.7.1100/templates/projects-rbac.yaml new file mode 100644 index 000000000..ed1087f4b --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/templates/projects-rbac.yaml @@ -0,0 +1,75 @@ +{{- if and .Values.rbac.create .Values.registry.create -}} +apiVersion: rbac.authorization.k8s.io/v1beta1 +{{- if .Values.scope.singleNamespace }} +kind: Role +{{- else }} +kind: ClusterRole +{{- end }} +metadata: + name: {{ include "ambassador.rbacName" . }}-projects + labels: + {{- if ne .Values.deploymentTool "getambassador.io" }} + app.kubernetes.io/name: {{ include "ambassador.name" . }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.deploymentTool }} + app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} + {{- else }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} + {{- end }} + product: aes +rules: +- apiGroups: [""] + resources: [ "secrets", "services" ] + verbs: [ "get", "list", "create", "patch", "delete", "watch" ] +- apiGroups: ["apps"] + resources: [ "deployments" ] + verbs: [ "get", "list", "create", "patch", "delete", "watch" ] +- apiGroups: ["batch"] + resources: [ "jobs" ] + verbs: [ "get", "list", "create", "patch", "delete", "watch" ] +- apiGroups: [""] + resources: [ "pods" ] + verbs: [ "get", "list", "watch" ] +- apiGroups: [""] + resources: [ "pods/log" ] + verbs: [ "get" ] +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +{{- if .Values.scope.singleNamespace }} +kind: RoleBinding +{{- else }} +kind: ClusterRoleBinding +{{- end }} +metadata: + name: {{ include "ambassador.rbacName" . }}-projects + {{- if .Values.scope.singleNamespace }} + namespace: {{ include "ambassador.namespace" . }} + {{- end }} + labels: + {{- if ne .Values.deploymentTool "getambassador.io" }} + app.kubernetes.io/name: {{ include "ambassador.name" . }} + app.kubernetes.io/part-of: {{ .Release.Name }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.deploymentTool }} + app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} + {{- else }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} + {{- end }} + product: aes +roleRef: + apiGroup: rbac.authorization.k8s.io + {{- if .Values.scope.singleNamespace }} + kind: Role + {{- else }} + kind: ClusterRole + {{- end }} + name: {{ include "ambassador.rbacName" . }}-projects +subjects: + - name: {{ include "ambassador.serviceAccountName" . }} + namespace: {{ include "ambassador.namespace" . }} + kind: ServiceAccount +{{- end }} diff --git a/charts/ambassador/ambassador/6.7.1100/templates/projects.yaml b/charts/ambassador/ambassador/6.7.1100/templates/projects.yaml new file mode 100644 index 000000000..21b021a9a --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/templates/projects.yaml @@ -0,0 +1,412 @@ +{{- if .Values.registry.create }} +###################################################################### +# In-cluster Registry for Projects + +# This mapping will make every host function as a docker +# registry. It's not ideal to take over the "v2" mapping, but there +# are a number of constraints that make this the least worst option +# explored so far. These constraints are: +# +# - We need a registry where docker push/pull and similar (e.g. crictl +# push/pull) can work with no special client configuration since we +# don't control the clients and we can't expect our users to +# reconfigure their clusters to use a special push/pull +# configuration. +# +# - GKE's push/pull implementation (I think it's docker) and crictl +# push/pull (used by default in k3s clusters) have different default +# behaviors with respect to localhost registries. The docker +# implementation is very permissive, it will try both cleartext and +# TLS and it does not verify the TLS connection, so self-signed +# registries work fine. The crictl implementation is moving in this +# direction, but the version used in k3s (based on rancher's fork of +# containerd at v1.3.3) is not there yet. It only tries cleartext by +# default. +# +# - We want to minimize the requirements for users to have the +# access/understanding to create special DNS configurations +# (e.g. wildcard or a separate dns name for the registry). +# +# - You can configure the docker registry to have a prefix, +# e.g. //v2/..., however without special +# configuration to override the defaults, clients can't push/pull +# from a registry served at a prefix. If your image is named +# /, the client will look for /v2/... endpoints. +# +# Given all the prior constraints we are left with creating this +# mapping for all hosts. If this is a problem there are a few +# alternatives we could consider. We can provide a way to limit this +# mapping to only one host so they can have distinct hosts for their +# site and their registry. We could also look into creating a +# daemonset that binds to localhost and proxies cleartext to +# TLS. Based on what I know of GKE and k3s its a good guess that this +# would accommodate both of them, but possibly not other clusters with +# different configurations. +# +# Another reason to lean towards an externally accessible registry is +# that there are likely some people that would want this as a feature +# so they can docker push/pull images from other systems into/out of +# the builtin registry. While it's true that security minded people +# might not like having this registry externally accessible, it's also +# quite likely those people would want to run their own fancy registry +# that scans/audits images, etc. The focus for RtC is really a smooth +# out of the box experience that functions end-to-end without +# requiring you to build your own platform. For more security minded +# people we should expect to eventually be able to configure an +# external registry and/or turn off the builtin one. +--- +apiVersion: getambassador.io/v2 +kind: Mapping +metadata: + name: {{ include "ambassador.fullname" . }}-registry + namespace: {{ include "ambassador.namespace" . }} + labels: + {{- if ne .Values.deploymentTool "getambassador.io" }} + app.kubernetes.io/name: {{ include "ambassador.name" . }}-registry + app.kubernetes.io/part-of: {{ .Release.Name }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.deploymentTool }} + app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} + {{- else }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} + {{- end }} + product: aes +spec: + prefix: /v2/ + rewrite: /v2/ + {{- if .Values.registry.resourceNameOverride }} + service: https://{{ .Values.registry.resourceNameOverride }} + {{- else }} + service: https://{{ include "ambassador.fullname" . }}-registry + {{- end }} + timeout_ms: 300000 +--- +apiVersion: v1 +kind: Service +metadata: + {{- if .Values.registry.resourceNameOverride }} + name: {{ .Values.registry.resourceNameOverride }} + {{- else }} + name: {{ include "ambassador.fullname" . }}-registry + {{- end }} + namespace: {{ include "ambassador.namespace" . }} + labels: + {{- if ne .Values.deploymentTool "getambassador.io" }} + app.kubernetes.io/name: {{ include "ambassador.name" . }}-registry + app.kubernetes.io/part-of: {{ .Release.Name }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.deploymentTool }} + app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} + {{- else }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} + {{- end }} + product: aes + annotations: + a8r.io/owner: "Ambassador Labs" + a8r.io/repository: github.com/datawire/ambassador + a8r.io/description: "The Ambassador Edge internal image registry." + a8r.io/documentation: https://www.getambassador.io/docs/edge-stack/latest/ + a8r.io/chat: http://a8r.io/Slack + a8r.io/bugs: https://github.com/datawire/ambassador/issues + a8r.io/support: https://www.getambassador.io/about-us/support/ + a8r.io/dependencies: "None" +spec: + type: ClusterIP + selector: + {{- if .Values.registry.serviceSelectors }} + {{ toYaml .Values.registry.serviceSelector | nindent 4 }} + {{- else }} + app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-registry + app.kubernetes.io/instance: {{ .Release.Name }} + {{- end }} + ports: + - port: 443 + targetPort: 5000 + +# The registry deployment. The deployment includes a persistent volume +# mount for storing images, a config-map mount for customizing the +# registry configuration, and a secret mounted for tls. +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + {{- if .Values.registry.resourceNameOverride }} + name: {{ .Values.registry.resourceNameOverride }} + {{- else }} + name: {{ include "ambassador.fullname" . }}-registry + {{- end }} + namespace: {{ include "ambassador.namespace" . }} + labels: + {{- if ne .Values.deploymentTool "getambassador.io" }} + app.kubernetes.io/name: {{ include "ambassador.name" . }} + app.kubernetes.io/part-of: {{ .Release.Name }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.deploymentTool }} + app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} + {{- else }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} + {{- end }} + product: aes + app: registry +spec: + replicas: 1 + strategy: + rollingUpdate: + maxSurge: 0 + selector: + matchLabels: + {{- if .Values.registry.serviceSelectors }} + {{ toYaml .Values.registry.serviceSelector | nindent 6 }} + {{- else }} + app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-registry + app.kubernetes.io/instance: {{ .Release.Name }} + {{- end }} + template: + metadata: + annotations: + foo: "5" + labels: + {{- if .Values.registry.serviceSelectors }} + {{ toYaml .Values.registry.serviceSelector | nindent 8 }} + {{- else }} + app.kubernetes.io/name: {{ include "ambassador.fullname" . }}-registry + app.kubernetes.io/instance: {{ .Release.Name }} + {{- end }} + spec: + containers: + - name: registry + image: registry:2 + ports: + - containerPort: 5000 + volumeMounts: + - mountPath: /var/lib/registry + name: registry-data + - name: registry-config + mountPath: /etc/docker/registry + - name: registry-tls + mountPath: /etc/tls + volumes: + - name: registry-config + configMap: + # Provide the name of the ConfigMap containing the files you want + # to add to the container + {{- if .Values.registry.resourceNameOverride }} + name: {{ .Values.registry.resourceNameOverride }}-config + {{- else }} + name: {{ include "ambassador.fullname" . }}-registry-config + {{- end }} + - name: registry-data + persistentVolumeClaim: + {{- if .Values.registry.resourceNameOverride }} + claimName: {{ .Values.registry.resourceNameOverride }}-data + {{- else }} + claimName: {{ include "ambassador.fullname" . }}-registry-data + {{- end }} + - name: registry-tls + secret: + {{- if .Values.registry.resourceNameOverride }} + secretName: {{ .Values.registry.resourceNameOverride }}-tls + {{- else }} + secretName: {{ include "ambassador.fullname" . }}-registry-tls + {{- end }} + +# The configuration file for our registry. +--- +apiVersion: v1 +kind: ConfigMap +metadata: + {{- if .Values.registry.resourceNameOverride }} + name: {{ .Values.registry.resourceNameOverride }}-config + {{- else }} + name: {{ include "ambassador.fullname" . }}-registry-config + {{- end }} + namespace: {{ include "ambassador.namespace" . }} + labels: + {{- if ne .Values.deploymentTool "getambassador.io" }} + app.kubernetes.io/name: {{ include "ambassador.name" . }}-registry + app.kubernetes.io/part-of: {{ .Release.Name }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.deploymentTool }} + app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} + {{- else }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} + {{- end }} + product: aes +data: + config.yml: | + version: 0.1 + log: + fields: + service: registry + storage: + cache: + blobdescriptor: inmemory + filesystem: + rootdirectory: /var/lib/registry + http: + addr: :5000 + headers: + X-Content-Type-Options: [nosniff] + tls: + certificate: /etc/tls/tls.crt + key: /etc/tls/tls.key + health: + storagedriver: + enabled: true + interval: 10s + threshold: 3 + +# The persistent volume for our registry. +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + {{- if .Values.registry.resourceNameOverride }} + name: {{ .Values.registry.resourceNameOverride }}-data + {{- else }} + name: {{ include "ambassador.fullname" . }}-registry-data + {{- end }} + namespace: {{ include "ambassador.namespace" . }} + labels: + {{- if ne .Values.deploymentTool "getambassador.io" }} + app.kubernetes.io/name: {{ include "ambassador.name" . }}-registry + app.kubernetes.io/part-of: {{ .Release.Name }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.deploymentTool }} + app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} + {{- else }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} + {{- end }} + product: aes +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi + +# The self-signed tls secret for our registry. We should look into +# generating this on install with a job. +--- +apiVersion: v1 +kind: Secret +metadata: + {{- if .Values.registry.resourceNameOverride }} + name: {{ .Values.registry.resourceNameOverride }}-tls + {{- else }} + name: {{ include "ambassador.fullname" . }}-registry-tls + {{- end }} + namespace: {{ include "ambassador.namespace" . }} + labels: + {{- if ne .Values.deploymentTool "getambassador.io" }} + app.kubernetes.io/name: {{ include "ambassador.name" . }}-registry + app.kubernetes.io/part-of: {{ .Release.Name }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.deploymentTool }} + app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} + {{- else }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} + {{- end }} + product: aes +type: kubernetes.io/tls +data: + tls.crt: | + LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVEekNDQXZlZ0F3SUJBZ0lVSVZrWlJGSkVJ + VCtOTlJiMFJ0TkxwZFp5TTVnd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2daWXhDekFKQmdOVkJBWVRB + bFZUTVJZd0ZBWURWUVFJREExTllYTnpZV05vZFhObGRIUnpNUk13RVFZRApWUVFIREFwVGIyMWxj + blpwYkd4bE1SRXdEd1lEVlFRS0RBaEVZWFJoZDJseVpURVVNQklHQTFVRUN3d0xSVzVuCmFXNWxa + WEpwYm1jeEVUQVBCZ05WQkFNTUNISmxaMmx6ZEhKNU1SNHdIQVlKS29aSWh2Y05BUWtCRmc5a1pY + WkEKWkdGMFlYZHBjbVV1YVc4d0hoY05NakF3TVRNd01qRXdNVFV5V2hjTk1qRXdNVEk1TWpFd01U + VXlXakNCbGpFTApNQWtHQTFVRUJoTUNWVk14RmpBVUJnTlZCQWdNRFUxaGMzTmhZMmgxYzJWMGRI + TXhFekFSQmdOVkJBY01DbE52CmJXVnlkbWxzYkdVeEVUQVBCZ05WQkFvTUNFUmhkR0YzYVhKbE1S + UXdFZ1lEVlFRTERBdEZibWRwYm1WbGNtbHUKWnpFUk1BOEdBMVVFQXd3SWNtVm5hWE4wY25reEhq + QWNCZ2txaGtpRzl3MEJDUUVXRDJSbGRrQmtZWFJoZDJseQpaUzVwYnpDQ0FTSXdEUVlKS29aSWh2 + Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTFRtZ21wb2szVVdCVkhqCjFqb2R5eG9LZFJad09Y + WnhiZ25ITXlMa2xxLzUydGdmTEJmVlU1TzB2aE5iVm5vcEVSRWdWV0pTd3dlN0dOS0EKSjlaWWxC + Qlc1Q1U5Q3FNalU2TTVOdTdiVWRQblNyNGRFSFlWcmhEakJYcVpDUElEaFhZS2ZZYWh0YlB4cis1 + egpueS9qQktKU2JwM3RWU3d5SEhsY3JJNHdOU2R1Q2x5UFplOFR0Q2hGQUxhcU5rWUMvclNGK0w0 + SWcwZmY1N0duClpFVmsyZDJja09Xbkp6akRXMGhYL3FUcXhUKzZwV2tUQThWQ0FVS2FabEY5VkRK + c20rOW1XM2dBWmZ5NWdFWloKajcvaktqNTd5R1BUR2xWQXhra2J2WlJJVWQ5LzVkVmE3V1RCYnlR + dkxvOEkyWWQ3S1h6Y3BjcElpS2hRREdPQQpHbGVoa2JVQ0F3RUFBYU5UTUZFd0hRWURWUjBPQkJZ + RUZGTDV5NnNIb09tV0FRWVVGano4VHNETGFnUTdNQjhHCkExVWRJd1FZTUJhQUZGTDV5NnNIb09t + V0FRWVVGano4VHNETGFnUTdNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHcKRFFZSktvWklodmNOQVFF + TEJRQURnZ0VCQUFZdHlnNDNDTEJsbVlvY0NkSjVpSlF0NTR0anFGU2hIMzdFd3h4WQp1QVExRHRW + a0Q3QngzUURZZ1cxeU1QYzFTRDhYenFUcWxjQUlOQTZwdVB0SlNPcC8wUUVqVFJSMkFSZFF5VURI + ClZOZEZzcHp5MGRnbllqOXY2ckl4akdOazVHZXI3cUp4TURaUUY0dC82NHZLYWNyOHZOQ3dnSmI5 + WEZaMTBjNlEKdVNSNVVVN1pMTWJPeWd4a0hPQStMMXp3S2pSaXZUb2ZMbExPOURQNUJwMk9hOGgr + TmZhVkJ4ZHFUS2l0UzFaOApnUnZhOTFuRHZwTjl5aHBiNFJVN2FoWW9tWGF4VE5ZVEJxVE1uZWhE + aWhPQjdBS2Z0VVErdjJWZ2VlM1FxaGJ4CjRUSlJpTTUxR2VIWEtoVWw5ZXBxRnBlYllIa1BnU1ln + bU1OUy9aT3JSWmFxajVRPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + tls.key: | + LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2QUlCQURBTkJna3Foa2lHOXcwQkFRRUZB + QVNDQktZd2dnU2lBZ0VBQW9JQkFRQzA1b0pxYUpOMUZnVlIKNDlZNkhjc2FDblVXY0RsMmNXNEp4 + ek1pNUphditkcllIeXdYMVZPVHRMNFRXMVo2S1JFUklGVmlVc01IdXhqUwpnQ2ZXV0pRUVZ1UWxQ + UXFqSTFPak9UYnUyMUhUNTBxK0hSQjJGYTRRNHdWNm1RanlBNFYyQ24yR29iV3o4YS91CmM1OHY0 + d1NpVW02ZDdWVXNNaHg1WEt5T01EVW5iZ3BjajJYdkU3UW9SUUMycWpaR0F2NjBoZmkrQ0lOSDMr + ZXgKcDJSRlpObmRuSkRscHljNHcxdElWLzZrNnNVL3VxVnBFd1BGUWdGQ21tWlJmVlF5Ykp2dlps + dDRBR1g4dVlCRwpXWSsvNHlvK2U4aGoweHBWUU1aSkc3MlVTRkhmZitYVld1MWt3VzhrTHk2UENO + bUhleWw4M0tYS1NJaW9VQXhqCmdCcFhvWkcxQWdNQkFBRUNnZ0VBWUxiMGRxdGVXclRoTnp6V0pk + QVQ2K0kzWXoyd214QmR3a0NMcUZZSjhoOWsKenpNclFicTlxalJ4Z3F2TWVoZEdscDl3eHRaMGlz + ZU9wOHY0Z0hKdkJxVk42RkxRUXhQNS9VUHppSlFkRld1TQozRU54cjVBN3RhK0tHRmVGSHM2Zkpk + TEo5WmF6TEhkRWxmbWUyOTFGZHZzWFJMdkVVNUtmQW90M2ZiVnNWWjFxCnRucVIzY0dET3JVQ00v + ZzJKZmVBYk5wSUJjTnlCV0diOGRQbm5SaHZRNW5YN1ozUnJiNTlhQnhOcldCSkFkbnEKOUtkS3BR + UmU4cjBiRGJ0WVZQamxXRldpOVluWVQ0WHpQOG9TU0t5a3R4TWZraEM2dlVKb0gwNHFOSmRkWjVM + WAozWjRKUm14RnlUZU1rUG0xa2dnSVVRZGJhRWp1WG0rOThOeXVkZitKcVFLQmdRRGx6SS9XMzZM + am1pRE9MSDVUCnFhZTFnazNMV2lTY3hwZzRhazEyenhLSlkrWUJiNnc4UG5EVmlvY2tPa0lsSERh + V0xzQ2VpRkJsM2lPSDlUWWcKQm9iY3JVZVNUbWdOaUNqSlpIWVhIUlY1TEN2bGE0UkhhcXNMWG43 + elptTE5GVW9YRlhaTkoyQzlqUEp5TStyQQpqOWJLWlFvQTF2NC9qOUdMTXN3eEJZem1pd0tCZ1FE + SmhxNDhrYmV0MlRTRFhyMUxuY3FMVU9wak1hQmNyOEJKCnpDNlBwK3F0ck01QVE1RnkwaHRoV2Zn + bDkzZU5vMWRQT2pCRDZ6amIyd2dNSHhBR2w1V0pIN005enFBSWJSaW0KbDFNcmsrUkprbUVGeUls + cU95TG9jNlg0V1pPN1BwejZPQkdWTExGOFlBR09UcldaRzZwUStDeVJWN3hHUS9PWAo4QlN5UVVh + d3Z3S0JnRWFXWG55dmQxYVlpb2txUzZlaFRuM0h4K08yRGRjR2ZjMmVnYXNFRW5xWGNCaHkyQ0l0 + ClAvV29OcmpmR0dCVDJVU3FtY3BZcnZHTG1iaHlqeXlwTkpYbXVEeHR6ektRNTQ1dFNJVHpEeHlJ + Zi9kWjNta2QKaityUEhRbmhJbXBDcHQ2T1hpZDIrQlZoalR1ZFRQZlhkeS8yZDJzb256S2hGOG05 + VWRHaEZkWGZBb0dBRkZ0QwpabVBoeGZIVzJCNU55TUdib0E4QVhoeTVNaU9lck5XdkxsdXIzUGRE + cmtJbEF4QXVLOXRHc2E4WnFIa0RiTUZYCjlzUmY3ZlZtRHJOa2p3WG8yUDBXd2Z1Sk50Q3VXTVdZ + WlNKL1FOOUVaYTBvRkU3ODY3WWk0YjlLcVBOZUwvaFIKN2x1aFlncmduVnRlQktWQ3d3TU9uVy9i + V00yc1lZQ2kxbzY1Y1VrQ2dZQUR4SUJmOGZUOURDS0NaZ1FvQXNDYwpvSzcvdzdDYk1hOEp5TjZa + ZDRiSlIrSzRzUEtQekd2M3dEandxRzFTRkN6UU1FR01mOWt6TWFYb09XdzNaN2NCCklIZTJDUXFF + N2NZdW1LYjFkOTFueU1qMVdQVC9CWEJKZzB3aUNMV0RjakdQR0xNWTJyeGsvMWwzL2xjKy9WVkcK + NjRZZUh1YlllOE9Iemp5UEZGSnJZdz09Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K + +###################################################################### +# Project Controller +# +# Comment this out if you want to disable the micro CI/CD functionality: +--- +apiVersion: getambassador.io/v2 +kind: ProjectController +metadata: + {{- if .Values.registry.projectControllerName }} + name: {{ .Values.registry.projectControllerName }} + {{- else }} + name: {{ include "ambassador.fullname" . }}-projectcontroller + {{- end }} + namespace: {{ include "ambassador.namespace" . }} + labels: + {{- if ne .Values.deploymentTool "getambassador.io" }} + app.kubernetes.io/name: {{ include "ambassador.name" . }}-projectcontroller + app.kubernetes.io/part-of: {{ .Release.Name }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.deploymentTool }} + app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} + {{- else }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} + {{- end }} + projects.getambassador.io/ambassador_id: {{ if hasKey .Values.env "AMBASSADOR_ID" }}{{ .Values.env.AMBASSADOR_ID | quote }}{{ else }}default{{ end }} + product: aes +{{- end }} diff --git a/charts/ambassador/ambassador/6.7.1100/templates/rbac.yaml b/charts/ambassador/ambassador/6.7.1100/templates/rbac.yaml new file mode 100644 index 000000000..1077c248d --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/templates/rbac.yaml @@ -0,0 +1,200 @@ +{{- if .Values.rbac.create -}} +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + name: {{ include "ambassador.rbacName" . }} + labels: + {{- if ne .Values.deploymentTool "getambassador.io" }} + app.kubernetes.io/name: {{ include "ambassador.name" . }} + app.kubernetes.io/part-of: {{ .Release.Name }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.deploymentTool }} + app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} + {{- else }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} + {{- end }} + product: aes +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.getambassador.io/role-group: {{ include "ambassador.rbacName" . }} +rules: [] +--- +# CRDs are cluster scoped resources, so they need to be in a cluster role, +# even if ambassador is running in single namespace mode +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + name: {{ include "ambassador.rbacName" . }}-crd + labels: + {{- if ne .Values.deploymentTool "getambassador.io" }} + app.kubernetes.io/name: {{ include "ambassador.name" . }} + app.kubernetes.io/part-of: {{ .Release.Name }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.deploymentTool }} + app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} + {{- else }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} + {{- end }} + product: aes + rbac.getambassador.io/role-group: {{ include "ambassador.rbacName" . }} +rules: + - apiGroups: [ "apiextensions.k8s.io" ] + resources: [ "customresourcedefinitions" ] + verbs: ["get", "list", "watch", "delete"] +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +{{- if .Values.scope.singleNamespace }} +kind: Role +metadata: + name: {{ include "ambassador.rbacName" . }} + namespace: {{ include "ambassador.namespace" . }} +{{- else }} +kind: ClusterRole +metadata: + name: {{ include "ambassador.rbacName" . }}-watch +{{- end }} + labels: + {{- if ne .Values.deploymentTool "getambassador.io" }} + app.kubernetes.io/name: {{ include "ambassador.name" . }} + app.kubernetes.io/part-of: {{ .Release.Name }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.deploymentTool }} + app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} + {{- else }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} + {{- end }} + product: aes + rbac.getambassador.io/role-group: {{ include "ambassador.rbacName" . }} +rules: + - apiGroups: [""] + resources: + - namespaces + - services + - secrets + - endpoints + verbs: ["get", "list", "watch"] + + - apiGroups: [ "getambassador.io" ] + resources: [ "*" ] + verbs: ["get", "list", "watch", "update", "patch", "create", "delete" ] + + - apiGroups: [ "getambassador.io" ] + resources: [ "mappings/status" ] + verbs: ["update"] + + - apiGroups: [ "networking.internal.knative.dev" ] + resources: [ "clusteringresses", "ingresses" ] + verbs: ["get", "list", "watch"] + + - apiGroups: [ "networking.x-k8s.io" ] + resources: [ "*" ] + verbs: ["get", "list", "watch"] + + - apiGroups: [ "networking.internal.knative.dev" ] + resources: [ "ingresses/status", "clusteringresses/status" ] + verbs: ["update"] + + - apiGroups: [ "extensions", "networking.k8s.io" ] + resources: [ "ingresses", "ingressclasses" ] + verbs: ["get", "list", "watch"] + + - apiGroups: [ "extensions", "networking.k8s.io" ] + resources: [ "ingresses/status" ] + verbs: ["update"] + + {{- if .Values.enableAES }} + + - apiGroups: [""] + resources: [ "secrets" ] + verbs: ["get", "list", "watch", "create", "update"] + + - apiGroups: [""] + resources: [ "events" ] + verbs: ["get", "list", "watch", "create", "patch"] + + - apiGroups: ["coordination.k8s.io"] + resources: [ "leases" ] + verbs: ["get", "create", "update"] + + - apiGroups: [""] + resources: [ "endpoints" ] + verbs: ["get", "list", "watch", "create", "update"] + {{- end }} + + {{- if or .Values.rbac.podSecurityPolicies .Values.security.podSecurityPolicy }} + + - apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + {{- if .Values.rbac.podSecurityPolicies }} + {{- toYaml .Values.rbac.podSecurityPolicies | nindent 6 }} + {{- end }} + {{- if .Values.security.podSecurityPolicy }} + - {{ include "ambassador.fullname" . }} + {{- end }} + {{- end }} +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: {{ include "ambassador.rbacName" . }} + labels: + {{- if ne .Values.deploymentTool "getambassador.io" }} + app.kubernetes.io/name: {{ include "ambassador.name" . }} + app.kubernetes.io/part-of: {{ .Release.Name }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.deploymentTool }} + app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} + {{- else }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} + {{- end }} + product: aes +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "ambassador.rbacName" . }} +subjects: + - name: {{ include "ambassador.serviceAccountName" . }} + namespace: {{ include "ambassador.namespace" . }} + kind: ServiceAccount +--- +{{- if .Values.scope.singleNamespace }} +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + name: {{ include "ambassador.rbacName" . }} + namespace: {{ include "ambassador.namespace" . }} + labels: + {{- if ne .Values.deploymentTool "getambassador.io" }} + app.kubernetes.io/name: {{ include "ambassador.name" . }} + app.kubernetes.io/part-of: {{ .Release.Name }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.deploymentTool }} + app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} + {{- else }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} + {{- end }} + product: aes +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "ambassador.rbacName" . }} +subjects: + - name: {{ include "ambassador.serviceAccountName" . }} + namespace: {{ include "ambassador.namespace" . }} + kind: ServiceAccount +{{- end }} +{{- end -}} diff --git a/charts/ambassador/ambassador/6.7.1100/templates/resolvers.yaml b/charts/ambassador/ambassador/6.7.1100/templates/resolvers.yaml new file mode 100644 index 000000000..43aa5ace2 --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/templates/resolvers.yaml @@ -0,0 +1,45 @@ +{{- if .Values.resolvers.endpoint.create }} +--- +apiVersion: getambassador.io/v2 +kind: KubernetesEndpointResolver +metadata: + name: {{ .Values.resolvers.endpoint.name }} + namespace: {{ include "ambassador.namespace" . }} + labels: + app.kubernetes.io/name: {{ include "ambassador.name" . }} + app.kubernetes.io/part-of: {{ .Release.Name }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.deploymentTool }} + app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} + {{- else }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} +{{- if hasKey .Values.env "AMBASSADOR_ID" }} +spec: + ambassador_id: {{ .Values.env.AMBASSADOR_ID | quote }} +{{- end }} +{{- end }} +{{- if .Values.resolvers.consul.create }} +--- +apiVersion: getambassador.io/v2 +kind: ConsulResolver +metadata: + name: {{ .Values.resolvers.consul.name }} + namespace: {{ include "ambassador.namespace" . }} + labels: + app.kubernetes.io/name: {{ include "ambassador.name" . }} + app.kubernetes.io/part-of: {{ .Release.Name }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.deploymentTool }} + app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} + {{- else }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} +spec: + {{- if hasKey .Values.env "AMBASSADOR_ID" }} + ambassador_id: {{ .Values.env.AMBASSADOR_ID | quote }} + {{- end }} + {{- toYaml .Values.resolvers.consul.spec | nindent 2 }} +{{- end }} diff --git a/charts/ambassador/ambassador/6.7.1100/templates/service.yaml b/charts/ambassador/ambassador/6.7.1100/templates/service.yaml new file mode 100644 index 000000000..a541c2234 --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/templates/service.yaml @@ -0,0 +1,81 @@ +apiVersion: v1 +kind: Service +metadata: + {{- if .Values.service.nameOverride }} + name: {{ .Values.service.nameOverride }} + {{- else }} + name: {{ include "ambassador.fullname" . }} + {{- end }} + namespace: {{ include "ambassador.namespace" . }} + labels: + {{- if ne .Values.deploymentTool "getambassador.io" }} + app.kubernetes.io/name: {{ include "ambassador.name" . }} + app.kubernetes.io/part-of: {{ .Release.Name }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.deploymentTool }} + app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} + {{- else }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} + {{- end }} + app.kubernetes.io/component: ambassador-service + product: aes + annotations: + a8r.io/owner: "Ambassador Labs" + a8r.io/repository: github.com/datawire/ambassador + a8r.io/description: "The Ambassador Edge Stack goes beyond traditional API Gateways and Ingress Controllers with the advanced edge features needed to support developer self-service and full-cycle development." + a8r.io/documentation: https://www.getambassador.io/docs/edge-stack/latest/ + a8r.io/chat: http://a8r.io/Slack + a8r.io/bugs: https://github.com/datawire/ambassador/issues + a8r.io/support: https://www.getambassador.io/about-us/support/ + a8r.io/dependencies: {{ include "ambassador.fullname" . }}-redis.{{ include "ambassador.namespace" . }} +{{- if .Values.service.annotations }} + {{- range $key, $value := .Values.service.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +{{- end }} +spec: + type: {{ .Values.service.type }} + {{- if .Values.service.loadBalancerIP }} + loadBalancerIP: "{{ .Values.service.loadBalancerIP }}" + {{- end }} + {{- if .Values.service.externalTrafficPolicy }} + externalTrafficPolicy: "{{ .Values.service.externalTrafficPolicy }}" + {{- end }} + {{- if .Values.service.sessionAffinity }} + sessionAffinity: {{ .Values.service.sessionAffinity }} + {{- end }} + {{- if .Values.service.sessionAffinityConfig }} + sessionAffinityConfig: + {{- toYaml .Values.service.sessionAffinityConfig | nindent 4 }} + {{- end }} + ports: + {{- range .Values.service.ports }} + - name: {{ .name }} + port: {{ int .port }} + {{- if .targetPort }} + targetPort: {{ int .targetPort }} + {{- end }} + {{- if .nodePort }} + nodePort: {{ int .nodePort }} + {{- end }} + {{- if .protocol }} + protocol: {{ .protocol }} + {{- end }} + {{- end}} + selector: + {{- if .Values.service.selector }} + {{ toYaml .Values.service.selector | nindent 6 }} + {{- else }} + app.kubernetes.io/name: {{ include "ambassador.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- end }} + {{- with .Values.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if .Values.service.externalIPs }} + externalIPs: + {{- toYaml .Values.service.externalIPs | nindent 4 }} + {{- end }} diff --git a/charts/ambassador/ambassador/6.7.1100/templates/serviceaccount.yaml b/charts/ambassador/ambassador/6.7.1100/templates/serviceaccount.yaml new file mode 100644 index 000000000..90c8ef085 --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/templates/serviceaccount.yaml @@ -0,0 +1,24 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "ambassador.serviceAccountName" . }} + namespace: {{ include "ambassador.namespace" . }} + labels: + {{- if ne .Values.deploymentTool "getambassador.io" }} + app.kubernetes.io/name: {{ include "ambassador.name" . }} + app.kubernetes.io/part-of: {{ .Release.Name }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.deploymentTool }} + app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} + {{- else }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} + {{- end }} + product: aes +{{- if .Values.docker.useImagePullSecret }} +imagePullSecrets: +- name: {{ .Values.docker.imagePullSecretName }} +{{- end }} +{{- end -}} diff --git a/charts/ambassador/ambassador/6.7.1100/templates/servicemonitor.yaml b/charts/ambassador/ambassador/6.7.1100/templates/servicemonitor.yaml new file mode 100644 index 000000000..b2c8122a1 --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/templates/servicemonitor.yaml @@ -0,0 +1,28 @@ +{{- if and .Values.adminService.create .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "ambassador.fullname" . }} + namespace: {{ include "ambassador.namespace" . }} + labels: + app: {{ include "ambassador.name" . }} + {{- if .Values.metrics.serviceMonitor.selector }} + {{- toYaml .Values.metrics.serviceMonitor.selector | nindent 4 }} + {{- end }} +spec: + endpoints: + - port: ambassador-admin + path: /metrics + {{- with .Values.metrics.serviceMonitor.interval }} + interval: {{ . }} + {{- end }} + {{- with .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ . }} + {{- end }} + namespaceSelector: + matchNames: + - {{ include "ambassador.namespace" . }} + selector: + matchLabels: + service: ambassador-admin +{{- end }} diff --git a/charts/ambassador/ambassador/6.7.1100/templates/tests/test-ready.yaml b/charts/ambassador/ambassador/6.7.1100/templates/tests/test-ready.yaml new file mode 100644 index 000000000..ec96235f7 --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/templates/tests/test-ready.yaml @@ -0,0 +1,24 @@ +{{- if and (.Values.test.enabled) (not .Values.daemonSet) }} +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "ambassador.fullname" . }}-test-ready" + labels: + app.kubernetes.io/name: {{ include "ambassador.name" . }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.deploymentTool }} + app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} + {{- else }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} + annotations: + "helm.sh/hook": test-success +spec: + containers: + - name: wget + image: {{ .Values.test.image | default "busybox" }} + command: ['wget'] + args: ['{{ include "ambassador.fullname" . }}:{{ include "ambassador.servicePort" . }}/ambassador/v0/check_ready'] + restartPolicy: Never +{{- end }} diff --git a/charts/ambassador/ambassador/6.7.1100/templates/traffic-agent-rbac.yaml b/charts/ambassador/ambassador/6.7.1100/templates/traffic-agent-rbac.yaml new file mode 100644 index 000000000..783c0aed6 --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/templates/traffic-agent-rbac.yaml @@ -0,0 +1,135 @@ +{{- if and .Values.enableAES .Values.servicePreview.enabled }} +{{- if .Values.servicePreview.trafficAgent.singleNamespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }} + namespace: {{ include "ambassador.namespace" . }} + annotations: + # Required because Helm creates secrets before ServiceAccount, but service-account-token depends on an existing SA. + "helm.sh/hook": "pre-install" + labels: + app.kubernetes.io/name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }} + app.kubernetes.io/part-of: {{ .Release.Name }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.deploymentTool }} + app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} + {{- else }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} + product: aes +--- +## Create a service-account-token for traffic-agent with a matching name. +## Since the ambassador-injector will use this token name, it must be deterministic and not auto-generated. +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }} + namespace: {{ include "ambassador.namespace" . }} + annotations: + kubernetes.io/service-account.name: traffic-agent +type: kubernetes.io/service-account-token +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }} + namespace: {{ include "ambassador.namespace" . }} + labels: + app.kubernetes.io/name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }} + app.kubernetes.io/part-of: {{ .Release.Name }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.deploymentTool }} + app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} + {{- else }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} + product: aes +rules: + - apiGroups: [""] + resources: [ "namespaces", "services", "secrets" ] + verbs: ["get", "list", "watch"] + - apiGroups: [ "getambassador.io" ] + resources: [ "*" ] + verbs: ["get", "list", "watch", "update"] +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }} + namespace: {{ include "ambassador.namespace" . }} + labels: + app.kubernetes.io/name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }} + app.kubernetes.io/part-of: {{ .Release.Name }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.deploymentTool }} + app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} + {{- else }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} + product: aes +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "ambassador.rbacName" . }} +subjects: + - name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }} + namespace: {{ include "ambassador.namespace" . }} + kind: ServiceAccount +{{- else }} +## If we install Service Preview cluster-wide, this means we can't use the 'traffic-agent' ServiceAccount +## as it does not exist in every namespace. We must instead grant new Roles to all ServiceAccounts (cluster-wide). +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }} + namespace: {{ include "ambassador.namespace" . }} + labels: + app.kubernetes.io/name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }} + app.kubernetes.io/part-of: {{ .Release.Name }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.deploymentTool }} + app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} + {{- else }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} + product: aes +rules: + - apiGroups: [""] + resources: [ "namespaces", "services", "secrets" ] + verbs: ["get", "list", "watch"] + - apiGroups: [ "getambassador.io" ] + resources: [ "*" ] + verbs: ["get", "list", "watch", "update"] +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }} + labels: + app.kubernetes.io/name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }} + app.kubernetes.io/part-of: {{ .Release.Name }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.deploymentTool }} + app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} + {{- else }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} + product: aes +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ .Values.servicePreview.trafficAgent.serviceAccountName }} +subjects: + - name: system:serviceaccounts + kind: Group + apiGroup: rbac.authorization.k8s.io +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/ambassador/ambassador/6.7.1100/templates/traffic-manager.yaml b/charts/ambassador/ambassador/6.7.1100/templates/traffic-manager.yaml new file mode 100644 index 000000000..922bc5df4 --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/templates/traffic-manager.yaml @@ -0,0 +1,190 @@ +{{- if and .Values.enableAES .Values.servicePreview.enabled }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.servicePreview.trafficManager.serviceAccountName }} + namespace: {{ include "ambassador.namespace" . }} + labels: + app.kubernetes.io/name: {{ .Values.servicePreview.trafficManager.serviceAccountName }} + app.kubernetes.io/part-of: {{ .Release.Name }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.deploymentTool }} + app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} + {{- else }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} + product: aes +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +{{- if .Values.scope.singleNamespace }} +kind: Role +{{- else }} +kind: ClusterRole +{{- end }} +metadata: + name: {{ .Values.servicePreview.trafficManager.serviceAccountName }} + namespace: {{ include "ambassador.namespace" . }} + labels: + app.kubernetes.io/name: {{ .Values.servicePreview.trafficManager.serviceAccountName }} + app.kubernetes.io/part-of: {{ .Release.Name }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.deploymentTool }} + app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} + {{- else }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} + product: aes +rules: + - apiGroups: [""] + resources: ["namespaces", "services", "pods", "secrets"] + verbs: ["get", "list", "watch"] +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +{{- if .Values.scope.singleNamespace }} +kind: RoleBinding +{{- else }} +kind: ClusterRoleBinding +{{- end }} +metadata: + name: {{ .Values.servicePreview.trafficManager.serviceAccountName }} + namespace: {{ include "ambassador.namespace" . }} + labels: + app.kubernetes.io/name: {{ .Values.servicePreview.trafficManager.serviceAccountName }} + app.kubernetes.io/part-of: {{ .Release.Name }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.deploymentTool }} + app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} + {{- else }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} + product: aes +roleRef: + apiGroup: rbac.authorization.k8s.io + {{- if .Values.scope.singleNamespace }} + kind: Role + {{- else }} + kind: ClusterRole + {{- end }} + name: {{ .Values.servicePreview.trafficManager.serviceAccountName }} +subjects: + - kind: ServiceAccount + name: {{ .Values.servicePreview.trafficManager.serviceAccountName }} + namespace: {{ include "ambassador.namespace" . }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: telepresence-proxy + namespace: {{ include "ambassador.namespace" . }} + labels: + app.kubernetes.io/name: telepresence-proxy + app.kubernetes.io/part-of: {{ .Release.Name }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.deploymentTool }} + app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} + {{- else }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} + product: aes +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: telepresence-proxy + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + labels: + app.kubernetes.io/name: telepresence-proxy + app.kubernetes.io/instance: {{ .Release.Name }} + spec: + containers: + - name: telepresence-proxy + {{- if .Values.servicePreview.trafficManager.image.repository }} + image: "{{ .Values.servicePreview.trafficManager.image.repository }}:{{ .Values.servicePreview.trafficManager.image.tag | default .Values.image.tag }}" + {{- else }} + image: {{ include "ambassador.image" . }} + {{- end }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: [ "traffic-manager" ] + env: + {{- if .Values.scope.singleNamespace }} + - name: AMBASSADOR_SINGLE_NAMESPACE + value: "true" + {{- end }} + - name: AMBASSADOR_NAMESPACE + {{- if .Values.namespace }} + value: {{ .Values.namespace.name | quote }} + {{ else }} + valueFrom: + fieldRef: + fieldPath: metadata.namespace + {{- end -}} + {{- if or .Values.redis.create .Values.redisURL }} + - name: REDIS_URL + {{- if .Values.redisURL }} + value: {{ .Values.redisURL }} + {{- else }} + value: {{ include "ambassador.fullname" . }}-redis:6379 + {{- end }} + {{- end }} + ports: + - name: sshd + containerPort: 8022 + volumeMounts: + - mountPath: /tmp/ambassador-pod-info + name: pod-info + restartPolicy: Always + terminationGracePeriodSeconds: 0 + volumes: + - downwardAPI: + items: + - fieldRef: + fieldPath: metadata.labels + path: labels + name: pod-info + serviceAccountName: {{ .Values.servicePreview.trafficManager.serviceAccountName }} +--- +apiVersion: v1 +kind: Service +metadata: + name: telepresence-proxy + namespace: {{ include "ambassador.namespace" . }} + labels: + app.kubernetes.io/name: telepresence-proxy + app.kubernetes.io/part-of: {{ .Release.Name }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.deploymentTool }} + app.kubernetes.io/managed-by: {{ .Values.deploymentTool }} + {{- else }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} + annotations: + a8r.io/owner: "Ambassador Labs" + a8r.io/repository: github.com/datawire/ambassador + a8r.io/description: "The Ambassador Edge Stack Service Preview Telepresence Proxy." + a8r.io/documentation: https://www.getambassador.io/docs/edge-stack/latest/ + a8r.io/chat: http://a8r.io/Slack + a8r.io/bugs: https://github.com/datawire/ambassador/issues + a8r.io/support: https://www.getambassador.io/about-us/support/ + a8r.io/dependencies: "None" +spec: + type: ClusterIP + clusterIP: None + selector: + app.kubernetes.io/name: telepresence-proxy + app.kubernetes.io/instance: {{ .Release.Name }} + ports: + - name: sshd + protocol: TCP + port: 8022 + - name: api + protocol: TCP + port: 8081 +{{- end }} diff --git a/charts/ambassador/ambassador/6.7.1100/values.yaml b/charts/ambassador/ambassador/6.7.1100/values.yaml new file mode 100644 index 000000000..17ebb9ab0 --- /dev/null +++ b/charts/ambassador/ambassador/6.7.1100/values.yaml @@ -0,0 +1,521 @@ +# Default values for ambassador. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# Manually set metadata for the Release. +# +# Defaults to .Chart.Name +nameOverride: '' +# Defaults to .Release.Name-.Chart.Name unless .Release.Name contains "ambassador" +fullnameOverride: '' +# Defaults to .Release.Namespace +namespaceOverride: '' + +replicaCount: 3 +daemonSet: false + +# This will enable the test-ready Pod (https://github.com/datawire/ambassador-chart/blob/master/templates/tests/test-ready.yaml). +# It will spawn a busybox container to call Ambassador's check_ready endpoint to validate it is working correctly. +test: + enabled: true + image: busybox + +# Enable autoscaling using HorizontalPodAutoscaler +# daemonSet: true, autoscaling will be disabled +autoscaling: + enabled: false + minReplicas: 2 + maxReplicas: 5 + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: 60 + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: 60 + +podDisruptionBudget: {} + +# namespace: + # name: default + +# Additional container environment variable +# Uncomment or add additional environment variables for the container here. +env: {} + # Exposing statistics via StatsD + # STATSD_ENABLED: true + # STATSD_HOST: statsd-sink + # sets the minimum number of seconds between Envoy restarts + # AMBASSADOR_RESTART_TIME: 15 + # sets the number of seconds that the Envoy will wait for open connections to drain on a restart + # AMBASSADOR_DRAIN_TIME: 5 + # sets the number of seconds that Ambassador will wait for the old Envoy to clean up and exit on a restart + # AMBASSADOR_SHUTDOWN_TIME: 10 + # labels Ambassador with an ID to allow for configuring multiple Ambassadors in a cluster + # AMBASSADOR_ID: default + +# Additional container environment variable in raw YAML format +# Uncomment or add additional environment variables for the container here. +envRaw: {} +# - name: REDIS_PASSWORD +# value: password +# valueFrom: +# secretKeyRef: +# name: redis-password +# key: password +# - name: POD_IP +# valueFrom: +# fieldRef: +# fieldPath: status.podIP + +imagePullSecrets: [] + +security: + # Security Context for all containers in the pod. + # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#podsecuritycontext-v1-core + podSecurityContext: + runAsUser: 8888 + # Security Context for the Ambassador container specifically + # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#securitycontext-v1-core + containerSecurityContext: + allowPrivilegeEscalation: false + # A basic PodSecurityPolicy to ensure Ambassador is running with appropriate security permissions + # https://kubernetes.io/docs/concepts/policy/pod-security-policy/ + # + # A set of reasonable defaults is outlined below. This is not created by default as it should only + # be created by a one Release. If you want to use the PodSecurityPolicy in the chart, create it in + # the "master" Release and then leave it unset in all others. Set the `rbac.podSecurityPolicies` + # in all non-"master" Releases. + podSecurityPolicy: {} + # # Add AppArmor and Seccomp annotations + # # https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor + # annotations: + # spec: + # seLinux: + # rule: RunAsAny + # supplementalGroups: + # rule: 'MustRunAs' + # ranges: + # # Forbid adding the root group. + # - min: 1 + # max: 65535 + # fsGroup: + # rule: 'MustRunAs' + # ranges: + # # Forbid adding the root group. + # - min: 1 + # max: 65535 + # privileged: false + # allowPrivilegeEscalation: false + # runAsUser: + # rule: MustRunAsNonRoot + +image: + ossTag: 1.13.8 + aesTag: 1.13.8 + pullPolicy: IfNotPresent + ossRepository: docker.io/datawire/ambassador + aesRepository: docker.io/datawire/aes +dnsPolicy: ClusterFirst +hostNetwork: false + +service: + type: LoadBalancer + + # Note that target http ports need to match your ambassador configurations service_port + # https://www.getambassador.io/reference/modules/#the-ambassador-module + ports: + - name: http + port: 80 + targetPort: 8080 + # protocol: TCP + # nodePort: 30080 + # hostPort: 80 + - name: https + port: 443 + targetPort: 8443 + # protocol: TCP + # nodePort: 30443 + # hostPort: 443 + # TCPMapping_Port + # port: 2222 + # targetPort: 2222 + # protocol: TCP + # nodePort: 30222 + + externalTrafficPolicy: + + sessionAffinity: + + sessionAffinityConfig: + + externalIPs: [] + + annotations: {} + + ############################################################################# + ## Ambassador should be configured using CRD definition. If you want + ## to use annotations, the following is an example of annotating the + ## Ambassador service with global configuration manifest. + ## + ## See https://www.getambassador.io/reference/core/ambassador and + ## https://www.getambassador.io/reference/core/tls for more info + ############################################################################# + # + # getambassador.io/config: | + # --- + # apiVersion: ambassador/v1 + # kind: TLSContext + # name: ambassador + # secret: ambassador-certs + # hosts: ["*"] + # --- + # apiVersion: ambassador/v1 + # kind: Module + # name: ambassador + # config: + # admin_port: 8001 + # diag_port: 8877 + # diagnostics: + # enabled: true + # enable_grpc_http11_bridge: false + # enable_grpc_web: false + # enable_http10: false + # enable_ipv4: true + # enable_ipv6: false + # liveness_probe: + # enabled: true + # lua_scripts: + # readiness_probe: + # enabled: true + # server_name: envoy + # service_port: 8080 + # use_proxy_proto: false + # use_remote_address: true + # xff_num_trusted_hops: 0 + # x_forwarded_proto_redirect: false + # load_balancer: + # policy: round_robin + # circuit_breakers: + # max_connections: 2048 + # retry_policy: + # retry_on: "5xx" + # cors: + + # Manually set the name of the generated Service + nameOverride: + +adminService: + create: true + type: ClusterIP + port: 8877 + snapshotPort: 8005 + # NodePort used if type is NodePort + # nodePort: 38877 + annotations: {} + +rbac: + # Specifies whether RBAC resources should be created + create: true + # List of Pod Security Policies to use on the container. + # If security.podSecurityPolicy is set, it will be appended to the list + podSecurityPolicies: [] + # Name of the RBAC resources defaults to the name of the release. + # Set nameOverride when installing Ambassador with cluster-wide scope in + # different namespaces with the same release name to avoid conflicts. + nameOverride: + +scope: + # tells Ambassador to only use resources in the namespace or namespace set by namespace.name + singleNamespace: false + +serviceAccount: + # Specifies whether a service account should be created + create: true + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: + +deploymentStrategy: + type: RollingUpdate + +restartPolicy: + +terminationGracePeriodSeconds: + +initContainers: [] + +sidecarContainers: [] + +livenessProbe: + initialDelaySeconds: 30 + periodSeconds: 3 + failureThreshold: 3 + +readinessProbe: + initialDelaySeconds: 30 + periodSeconds: 3 + failureThreshold: 3 + + +volumes: [] + +volumeMounts: [] + +podLabels: {} + +podAnnotations: {} + # prometheus.io/scrape: "true" + # prometheus.io/port: "9102" + +deploymentLabels: {} + +deploymentAnnotations: {} + # configmap.reloader.stakater.com/auto: "true" + +resources: + # Recommended resource requests and limits for Ambassador + limits: + cpu: 1000m + memory: 600Mi + requests: + cpu: 200m + memory: 300Mi + +priorityClassName: '' + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +topologySpreadConstraints: [] + +ambassadorConfig: '' + +crds: + enabled: true + create: true + keep: true + +# Prometheus Operator ServiceMonitor configuration +# See documentation: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor +metrics: + serviceMonitor: + enabled: false + # interval: 30s + # scrapeTimeout: 30s + # selector: {} + +################################################################################ +## Ambassador Edge Stack Configuration ## +################################################################################ + +# The Ambassador Edge Stack is free for limited use without a license key. +# Go to https://{ambassador-host}/edge_stack/admin/#dashboard to register +# for a community license key. + +enableAES: true + +# Set createSecret: false is installing multiple releases of The Ambassador +# Edge Stack in the same namespace. +licenseKey: + value: + createSecret: true + secretName: + # Annotations to attach to the license-key-secret. + annotations: {} + +# The DevPortal is exposed at /docs/ endpoint in the AES container. +# Setting this to true will automatically create routes for the DevPortal. +createDevPortalMappings: true +devportal: + docsPrefix: /documentation/ + +# The Ambassador Edge Stack uses a redis instance for managing authentication, +# rate limiting, and sharing minor configuration details between pods for +# centralized management. These values configure the redis instance that ships +# by default with The Ambassador Edge Stack. +# +# URL of your redis instance. Defaults to redis instance created below. +redisURL: + +# Ambassador ships with a basic redis instance. Configure the deployment with the options below. +redis: + create: true + image: + repository: redis + tag: 5.0.1 + pullPolicy: IfNotPresent + # Annotations for Ambassador Pro's redis instance. + annotations: + deployment: {} + service: {} + resources: {} + # If you want to specify resources, uncomment the following + # lines and remove the curly braces after 'resources:'. + # These are placeholder values and must be tuned. + # limits: + # cpu: 100m + # memory: 256Mi + # requests: + # cpu: 50m + # memory: 128Mi + nodeSelector: {} + affinity: {} + tolerations: {} + + +# Configures the AuthService that ships with the Ambassador Edge Stack. +# Setting authService.create: false will not install the AES AuthService and +# allow you to define your own. +# +# Typically when using the AES, you will want to keep this set to true and use +# the External Filter to communicate with a custom authentication service. +# https://www.getambassador.io/reference/filter-reference/#filter-type-external +authService: + deploymentExtraName: auth + create: true + # Set additional configuration options. See https://www.getambassador.io/reference/services/auth-service for more information + optional_configurations: {} + # include_body: + # max_bytes: 4096 + # allow_partial: true + # status_on_error: + # code: 403 + # failure_mode_allow: false + # retry_policy: + # retry_on: "5xx" + # num_retries: 2 + # add_linkerd_headers: true + # timeout_ms: 30000 + + +# Configures the RateLimitService in the Ambassador Edge Stack. +# Keep this enabled to configure RateLimits in AES. +rateLimit: + create: true + deploymentExtraName: ratelimit + +# Projects are a beta feature of Ambassador that allow developers to stage and +# deploy code with nothing more than a Github repository. +# See: https://www.getambassador.io/docs/edge-stack/latest/topics/using/projects/ +registry: + create: false + +# Resolvers are used to configure the discovery service strategy for Ambasador Edge Stack. +# See: https://www.getambassador.io/docs/edge-stack/latest/topics/running/resolvers/ +resolvers: + endpoint: + create: false + name: endpoint + consul: + create: false + name: consul-dc1 + spec: {} + # Configuration for a Consul Resolver + # address: consul-server.default.svc.cluster.local:8500 + # datacenter: dc1 + +# Create and manage an Ambassador Module from the Helm Chart. See: +# https://www.getambassador.io/docs/edge-stack/latest/topics/running/ambassador +# for more info on the available options. +# +# Note: The Module can only be named ambassador. There can only be one Module +# installed per-namespace. +module: {} + +################################################################################ +## DEPRECATED configuration objects ## +################################################################################ + +# DEPRECATED: Ambassador now exposes the /metrics endpoint in Envoy. +# DEPRECATED: See https://www.getambassador.io/user-guide/monitoring#deployment for more information on how to use the /metrics endpoint +# +# DEPRECATED: Enabling the prometheus exporter creates a sidecar and configures ambassador to use it +prometheusExporter: + enabled: false + repository: prom/statsd-exporter + tag: v0.8.1 + pullPolicy: IfNotPresent + resources: {} + # If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 256Mi + # requests: + # cpu: 50m + # memory: 128Mi + # You can configure the statsd exporter to modify the behavior of mappings and other features. + # See documentation: https://github.com/prometheus/statsd_exporter/tree/v0.8.1#metric-mapping-and-configuration + # Uncomment the following line if you wish to specify a custom configuration: + # configuration: | + # --- + # mappings: + # - match: 'envoy.cluster.*.upstream_cx_connect_ms' + # name: "envoy_cluster_upstream_cx_connect_time" + # timer_type: 'histogram' + # labels: + # cluster_name: "$1" + +# DEPRECATED: Use security.podSecurityContext +# securityContext: +# runAsUser: 8888 + + +# Configures Service Preview that ships with the Ambassador Edge Stack and edgectl. +# Setting servicePreview.enabled: true will install the Traffic Agent Service Account, Traffic Manager with RBAC, and ambassador-injector +servicePreview: + enabled: false + trafficManager: + image: + # Leave blank to use image.repository and image.tag + repository: + tag: + serviceAccountName: traffic-manager + trafficAgent: + image: + # Leave blank to use image.repository and image.tag + repository: + tag: + singleNamespace: true + serviceAccountName: traffic-agent + port: 9900 + + # Configure the ambassador-injector webhook for Service Preview Traffic Agent automatic sidecar injection. + injector: + enabled: true + + # If no injector.crtPEM and injector.keyPEM are provided, a self-signed certificate will be issued + # for the Common Name (CN) of `..svc`, which is the cluster-internal DNS name + # for the service. + crtPEM: '' + keyPEM: '' + +# Configure the ambassador agent +agent: + enabled: true + # this will be empty when it first gets applied, then the user will edit the agent to + # make it start reporting + cloudConnectToken: '' + rpcAddress: https://app.getambassador.io/ + createArgoRBAC: true + image: + # Leave blank to use image.repository and image.tag + tag: + repository: + +deploymentTool: '' + +# configure docker to pull from private registry +docker: {} +createNamespace: false +enableTestService: false diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/.helmignore b/charts/artifactory-ha/artifactory-ha/3.0.1400/.helmignore new file mode 100644 index 000000000..c7eb1e274 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +OWNERS \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/CHANGELOG.md b/charts/artifactory-ha/artifactory-ha/3.0.1400/CHANGELOG.md new file mode 100644 index 000000000..788bf661c --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/CHANGELOG.md @@ -0,0 +1,830 @@ +# JFrog Artifactory-ha Chart Changelog +All changes to this chart will be documented in this file. + +## [3.0.14] - Jul 31, 2020 +* Update the README section on Nginx SSL termination to reflect the actual YAML structure. + +## [3.0.13] - Jul 30, 2020 +* Added condition to disable the migration scripts. + +## [3.0.12] - Jul 29, 2020 +* Document Artifactory node affinity. + +## [3.0.11] - Jul 28, 2020 +* Added maxConnections for persistent storage type aws-s3-v3. + +## [3.0.10] - Jul 28, 2020 +Bugfix / support for userPluginSecrets with Artifactory 7 + +## [3.0.9] - Jul 27, 2020 +* Add tpl to external database secrets. +* Modified `scheme` to `artifactory-ha.scheme` + +## [3.0.8] - Jul 23, 2020 +* Added condition to disable the migration init container. + +## [3.0.7] - Jul 21, 2020 +* Updated Artifactory-ha Chart to add node and primary labels to pods and service objects. + +## [3.0.6] - Jul 20, 2020 +* Support custom CA and certificates + +## [3.0.5] - Jul 13, 2020 +* Updated Artifactory version to 7.6.3 - https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.6.3 +* Fixed Mysql database jar path in `preStartCommand` in README + +## [3.0.4] - Jul 8, 2020 +* Move some postgresql values to where they should be according to the subchart + +## [3.0.3] - Jul 8, 2020 +* Set Artifactory access client connections to the same value as the access threads. + +## [3.0.2] - Jul 6, 2020 +* Updated Artifactory version to 7.6.2 +* **IMPORTANT** +* Added ChartCenter Helm repository in README + +## [3.0.1] - Jul 01, 2020 +* Add dedicated ingress object for Replicator service when enabled + +## [3.0.0] - Jun 30, 2020 +* Update postgresql tag version to `10.13.0-debian-10-r38` +* Update alpine tag version to `3.12` +* Update busybox tag version to `1.31.1` +* **IMPORTANT** +* If this is a new deployment or you already use an external database (`postgresql.enabled=false`), these changes **do not affect you**! +* If this is an upgrade and you are using the default PostgreSQL (`postgresql.enabled=true`), you need to pass postgresql.image.tag=9.6.18-debian-10-r7 and databaseUpgradeReady=true + +## [2.6.0] - Jun 29, 2020 +* Updated Artifactory version to 7.6.1 - https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.6.1 +* Add tpl for external database secrets + +## [2.5.8] - Jun 25, 2020 +* Stop loading the Nginx stream module because it is now a core module + +## [2.5.7] - Jun 18, 2020 +* Fixes bootstrap configMap issue on member node + +## [2.5.6] - Jun 11, 2020 +* Support list of custom secrets + +## [2.5.5] - Jun 11, 2020 +* NOTES.txt fixed incorrect information + +## [2.5.4] - Jun 12, 2020 +* Updated Artifactory version to 7.5.7 - https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.5.7 + +## [2.5.3] - Jun 8, 2020 +* Statically setting primary service type to ClusterIP. +* Prevents primary service from being exposed publicly when using LoadBalancer type on cloud providers. + +## [2.5.2] - Jun 8, 2020 +* Readme update - configuring Artifactory with oracledb + +## [2.5.1] - Jun 5, 2020 +* Fixes broken PDB issue upgrading from 6.x to 7.x + +## [2.5.0] - Jun 1, 2020 +* Updated Artifactory version to 7.5.5 - https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.5 +* Fixes bootstrap configMap permission issue +* Update postgresql tag version to `9.6.18-debian-10-r7` + +## [2.4.10] - May 27, 2020 +* Added Tomcat maxThreads & acceptCount + +## [2.4.9] - May 25, 2020 +* Fixed postgresql README `image` Parameters + +## [2.4.8] - May 24, 2020 +* Fixed typo in README regarding migration timeout + +## [2.4.7] - May 19, 2020 +* Added metadata maxOpenConnections + +## [2.4.6] - May 07, 2020 +* Fix `installerInfo` string format + +## [2.4.5] - Apr 27, 2020 +* Updated Artifactory version to 7.4.3 + +## [2.4.4] - Apr 27, 2020 +* Change customInitContainers order to run before the "migration-ha-artifactory" initContainer + +## [2.4.3] - Apr 24, 2020 +* Fix `artifactory.persistence.awsS3V3.useInstanceCredentials` incorrect conditional logic +* Bump postgresql tag version to `9.6.17-debian-10-r72` in values.yaml + +## [2.4.2] - Apr 16, 2020 +* Custom volume mounts in migration init container. + +## [2.4.1] - Apr 16, 2020 +* Fix broken support for gcpServiceAccount for googleStorage + +## [2.4.0] - Apr 14, 2020 +* Updated Artifactory version to 7.4.1 + +## [2.3.1] - April 13, 2020 +* Update README with helm v3 commands + +## [2.3.0] - April 10, 2020 +* Use dependency charts from `https://charts.bitnami.com/bitnami` +* Bump postgresql chart version to `8.7.3` in requirements.yaml +* Bump postgresql tag version to `9.6.17-debian-10-r21` in values.yaml + +## [2.2.11] - Apr 8, 2020 +* Added recommended ingress annotation to avoid 413 errors + +## [2.2.10] - Apr 8, 2020 +* Moved migration scripts under `files` directory +* Support preStartCommand in migration Init container as `artifactory.migration.preStartCommand` + +## [2.2.9] - Apr 01, 2020 +* Support masterKey and joinKey as secrets + +## [2.2.8] - Apr 01, 2020 +* Ensure that the join key is also copied when provided by an external secret +* Migration container in primary and node statefulset now respects custom versions and the specified node/primary resources + +## [2.2.7] - Apr 01, 2020 +* Added cache-layer in chain definition of Google Cloud Storage template +* Fix readme use to `-hex 32` instead of `-hex 16` + +## [2.2.6] - Mar 31, 2020 +* Change the way the artifactory `command:` is set so it will properly pass a SIGTERM to java + +## [2.2.5] - Mar 31, 2020 +* Removed duplicate `artifactory-license` volume from primary node + +## [2.2.4] - Mar 31, 2020 +* Restore `artifactory-license` volume for the primary node + +## [2.2.3] - Mar 29, 2020 +* Add Nginx log options: stderr as logfile and log level + +## [2.2.2] - Mar 30, 2020 +* Apply initContainers.resources to `copy-system-yaml`, `prepare-custom-persistent-volume`, and `migration-artifactory-ha` containers +* Use the same defaulting mechanism used for the artifactory version used elsewhere in the chart +* Removed duplicate `artifactory-license` volume that prevented using an external secret + +## [2.2.1] - Mar 29, 2020 +* Fix loggers sidecars configurations to support new file system layout and new log names + +## [2.2.0] - Mar 29, 2020 +* Fix broken admin user bootstrap configuration +* **Breaking change:** renamed `artifactory.accessAdmin` to `artifactory.admin` + +## [2.1.3] - Mar 24, 2020 +* Use `postgresqlExtendedConf` for setting custom PostgreSQL configuration (instead of `postgresqlConfiguration`) + +## [2.1.2] - Mar 21, 2020 +* Support for SSL offload in Nginx service(LoadBalancer) layer. Introduced `nginx.service.ssloffload` field with boolean type. + +## [2.1.1] - Mar 23, 2020 +* Moved installer info to values.yaml so it is fully customizable + +## [2.1.0] - Mar 23, 2020 +* Updated Artifactory version to 7.3.2 + +## [2.0.36] - Mar 20, 2020 +* Add support GCP credentials.json authentication + +## [2.0.35] - Mar 20, 2020 +* Add support for masterKey trim during 6.x to 7.x migration if 6.x masterKey is 32 hex (64 characters) + +## [2.0.34] - Mar 19, 2020 +* Add support for NFS directories `haBackupDir` and `haDataDir` + +## [2.0.33] - Mar 18, 2020 +* Increased Nginx proxy_buffers size + +## [2.0.32] - Mar 17, 2020 +* Changed all single quotes to double quotes in values files +* useInstanceCredentials variable was declared in S3 settings but not used in chart. Now it is being used. + +## [2.0.31] - Mar 17, 2020 +* Fix rendering of Service Account annotations + +## [2.0.30] - Mar 16, 2020 +* Add Unsupported message from 6.18 to 7.2.x (migration) + +## [2.0.29] - Mar 11, 2020 +* Upgrade Docs update + +## [2.0.28] - Mar 11, 2020 +* Unified charts public release + +## [2.0.27] - Mar 8, 2020 +* Add an optional wait for primary node to be ready with a proper test for http status + +## [2.0.23] - Mar 6, 2020 +* Fix path to `/artifactory_bootstrap` +* Add support for controlling the name of the ingress and allow to set more than one cname + +## [2.0.22] - Mar 4, 2020 +* Add support for disabling `consoleLog` in `system.yaml` file + +## [2.0.21] - Feb 28, 2020 +* Add support to process `valueFrom` for extraEnvironmentVariables + +## [2.0.20] - Feb 26, 2020 +* Store join key to secret + +## [2.0.19] - Feb 26, 2020 +* Updated Artifactory version to 7.2.1 + +## [2.0.12] - Feb 07, 2020 +* Remove protection flag `databaseUpgradeReady` which was added to check internal postgres upgrade + +## [2.0.0] - Feb 07, 2020 +* Updated Artifactory version to 7.0.0 + +## [1.4.10] - Feb 13, 2020 +* Add support for SSH authentication to Artifactory + +## [1.4.9] - Feb 10, 2020 +* Fix custom DB password indention + +## [1.4.8] - Feb 9, 2020 +* Add support for `tpl` in the `postStartCommand` + +## [1.4.7] - Feb 4, 2020 +* Support customisable Nginx kind + +## [1.4.6] - Feb 2, 2020 +* Add a comment stating that it is recommended to use an external PostgreSQL with a static password for production installations + +## [1.4.5] - Feb 2, 2020 +* Add support for primary or member node specific preStartCommand + +## [1.4.4] - Jan 30, 2020 +* Add the option to configure resources for the logger containers + +## [1.4.3] - Jan 26, 2020 +* Improve `database.user` and `database.password` logic in order to support more use cases and make the configuration less repetitive + +## [1.4.2] - Jan 22, 2020 +* Refined pod disruption budgets to separate nginx and Artifactory pods + +## [1.4.1] - Jan 19, 2020 +* Fix replicator port config in nginx replicator configmap + +## [1.4.0] - Jan 19, 2020 +* Updated Artifactory version to 6.17.0 + +## [1.3.8] - Jan 16, 2020 +* Added example for external nginx-ingress + +## [1.3.7] - Jan 07, 2020 +* Add support for customizable `mountOptions` of NFS PVs + +## [1.3.6] - Dec 30, 2019 +* Fix for nginx probes failing when launched with http disabled + +## [1.3.5] - Dec 24, 2019 +* Better support for custom `artifactory.internalPort` + +## [1.3.4] - Dec 23, 2019 +* Mark empty map values with `{}` + +## [1.3.3] - Dec 16, 2019 +* Another fix for toggling nginx service ports + +## [1.3.2] - Dec 12, 2019 +* Fix for toggling nginx service ports + +## [1.3.1] - Dec 10, 2019 +* Add support for toggling nginx service ports + +## [1.3.0] - Dec 1, 2019 +* Updated Artifactory version to 6.16.0 + +## [1.2.4] - Nov 28, 2019 +* Add support for using existing PriorityClass + +## [1.2.3] - Nov 27, 2019 +* Add support for PriorityClass + +## [1.2.2] - Nov 20, 2019 +* Update Artifactory logo + +## [1.2.1] - Nov 18, 2019 +* Add the option to provide service account annotations (in order to support stuff like https://docs.aws.amazon.com/eks/latest/userguide/specify-service-account-role.html) + +## [1.2.0] - Nov 18, 2019 +* Updated Artifactory version to 6.15.0 + +## [1.1.12] - Nov 17, 2019 +* Fix `README.md` format (broken table) + +## [1.1.11] - Nov 17, 2019 +* Update comment on Artifactory master key + +## [1.1.10] - Nov 17, 2019 +* Fix creation of double slash in nginx artifactory configuration + +## [1.1.9] - Nov 14, 2019 +* Set explicit `postgresql.postgresqlPassword=""` to avoid helm v3 error + +## [1.1.8] - Nov 12, 2019 +* Updated Artifactory version to 6.14.1 + +## [1.1.7] - Nov 11, 2019 +* Additional documentation for masterKey + +## [1.1.6] - Nov 10, 2019 +* Update PostgreSQL chart version to 7.0.1 +* Use formal PostgreSQL configuration format + +## [1.1.5] - Nov 8, 2019 +* Add support `artifactory.service.loadBalancerSourceRanges` for whitelisting when setting `artifactory.service.type=LoadBalancer` + +## [1.1.4] - Nov 6, 2019 +* Add support for any type of environment variable by using `extraEnvironmentVariables` as-is + +## [1.1.3] - Nov 6, 2019 +* Add nodeselector support for Postgresql + +## [1.1.2] - Nov 5, 2019 +* Add support for the aws-s3-v3 filestore, which adds support for pod IAM roles + +## [1.1.1] - Nov 4, 2019 +* When using `copyOnEveryStartup`, make sure that the target base directories are created before copying the files + +## [1.1.0] - Nov 3, 2019 +* Updated Artifactory version to 6.14.0 + +## [1.0.1] - Nov 3, 2019 +* Make sure the artifactory pod exits when one of the pre-start stages fail + +## [1.0.0] - Oct 27, 2019 +**IMPORTANT - BREAKING CHANGES!**
+**DOWNTIME MIGHT BE REQUIRED FOR AN UPGRADE!** +* If this is a new deployment or you already use an external database (`postgresql.enabled=false`), these changes **do not affect you**! +* If this is an upgrade and you are using the default PostgreSQL (`postgresql.enabled=true`), must use the upgrade instructions in [UPGRADE_NOTES.md](UPGRADE_NOTES.md)! +* PostgreSQL sub chart was upgraded to version `6.5.x`. This version is **not backward compatible** with the old version (`0.9.5`)! +* Note the following **PostgreSQL** Helm chart changes + * The chart configuration has changed! See [values.yaml](values.yaml) for the new keys used + * **PostgreSQL** is deployed as a StatefulSet + * See [PostgreSQL helm chart](https://hub.helm.sh/charts/stable/postgresql) for all available configurations + +## [0.17.3] - Oct 24, 2019 +* Change the preStartCommand to support templating + +## [0.17.2] - Oct 21, 2019 +* Add support for setting `artifactory.primary.labels` +* Add support for setting `artifactory.node.labels` +* Add support for setting `nginx.labels` + +## [0.17.1] - Oct 10, 2019 +* Updated Artifactory version to 6.13.1 + +## [0.17.0] - Oct 7, 2019 +* Updated Artifactory version to 6.13.0 + +## [0.16.7] - Sep 24, 2019 +* Option to skip wait-for-db init container with '--set waitForDatabase=false' + +## [0.16.6] - Sep 24, 2019 +* Add support for setting `nginx.service.labels` + +## [0.16.5] - Sep 23, 2019 +* Add support for setting `artifactory.customInitContainersBegin` + +## [0.16.4] - Sep 20, 2019 +* Add support for setting `initContainers.resources` + +## [0.16.3] - Sep 11, 2019 +* Updated Artifactory version to 6.12.2 + +## [0.16.2] - Sep 9, 2019 +* Updated Artifactory version to 6.12.1 + +## [0.16.1] - Aug 22, 2019 +* Fix the nginx server_name directive used with ingress.hosts + +## [0.16.0] - Aug 21, 2019 +* Updated Artifactory version to 6.12.0 + +## [0.15.15] - Aug 18, 2019 +* Fix existingSharedClaim permissions issue and example + +## [0.15.14] - Aug 14, 2019 +* Updated Artifactory version to 6.11.6 + +## [0.15.13] - Aug 11, 2019 +* Fix Ingress routing and add an example + +## [0.15.12] - Aug 6, 2019 +* Do not mount `access/etc/bootstrap.creds` unless user specifies a custom password or secret (Access already generates a random password if not provided one) +* If custom `bootstrap.creds` is provided (using keys or custom secret), prepare it with an init container so the temp file does not persist + +## [0.15.11] - Aug 5, 2019 +* Improve binarystore config + 1. Convert to a secret + 2. Move config to values.yaml + 3. Support an external secret + +## [0.15.10] - Aug 5, 2019 +* Don't create the nginx configmaps when nginx.enabled is false + +## [0.15.9] - Aug 1, 2019 +* Fix masterkey/masterKeySecretName not specified warning render logic in NOTES.txt + +## [0.15.8] - Jul 28, 2019 +* Simplify nginx setup and shorten initial wait for probes + +## [0.15.7] - Jul 25, 2019 +* Updated README about how to apply Artifactory licenses + +## [0.15.6] - Jul 22, 2019 +* Change Ingress API to be compatible with recent kubernetes versions + +## [0.15.5] - Jul 22, 2019 +* Updated Artifactory version to 6.11.3 + +## [0.15.4] - Jul 11, 2019 +* Add `artifactory.customVolumeMounts` support to member node statefulset template + +## [0.15.3] - Jul 11, 2019 +* Add ingress.hosts to the Nginx server_name directive when ingress is enabled to help with Docker repository sub domain configuration + +## [0.15.2] - Jul 3, 2019 +* Add the option for changing nginx config using values.yaml and remove outdated reverse proxy documentation + +## [0.15.1] - Jul 1, 2019 +* Updated Artifactory version to 6.11.1 + +## [0.15.0] - Jun 27, 2019 +* Updated Artifactory version to 6.11.0 and Restart Primary node when bootstrap.creds file has been modified in artifactory-ha + +## [0.14.4] - Jun 24, 2019 +* Add the option to provide an IP for the access-admin endpoints + +## [0.14.3] - Jun 24, 2019 +* Update chart maintainers + +## [0.14.2] - Jun 24, 2019 +* Change Nginx to point to the artifactory externalPort + +## [0.14.1] - Jun 23, 2019 +* Add values files for small, medium and large installations + +## [0.14.0] - Jun 20, 2019 +* Use ConfigMaps for nginx configuration and remove nginx postStart command + +## [0.13.10] - Jun 19, 2019 +* Updated Artifactory version to 6.10.4 + +## [0.13.9] - Jun 18, 2019 +* Add the option to provide additional ingress rules + +## [0.13.8] - Jun 14, 2019 +* Updated readme with improved external database setup example + +## [0.13.7] - Jun 6, 2019 +* Updated Artifactory version to 6.10.3 +* Updated installer-info template + +## [0.13.6] - Jun 6, 2019 +* Updated Google Cloud Storage API URL and https settings + +## [0.13.5] - Jun 5, 2019 +* Delete the db.properties file on Artifactory startup + +## [0.13.4] - Jun 3, 2019 +* Updated Artifactory version to 6.10.2 + +## [0.13.3] - May 21, 2019 +* Updated Artifactory version to 6.10.1 + +## [0.13.2] - May 19, 2019 +* Fix missing logger image tag + +## [0.13.1] - May 15, 2019 +* Support `artifactory.persistence.cacheProviderDir` for on-premise cluster + +## [0.13.0] - May 7, 2019 +* Updated Artifactory version to 6.10.0 + +## [0.12.23] - May 5, 2019 +* Add support for setting `artifactory.async.corePoolSize` + +## [0.12.22] - May 2, 2019 +* Remove unused property `artifactory.releasebundle.feature.enabled` + +## [0.12.21] - Apr 30, 2019 +* Add support for JMX monitoring + +## [0.12.20] - Apr29, 2019 +* Added support for headless services + +## [0.12.19] - Apr 28, 2019 +* Added support for `cacheProviderDir` + +## [0.12.18] - Apr 18, 2019 +* Changing API StatefulSet version to `v1` and permission fix for custom `artifactory.conf` for Nginx + +## [0.12.17] - Apr 16, 2019 +* Updated documentation for Reverse Proxy Configuration + +## [0.12.16] - Apr 12, 2019 +* Added support for `customVolumeMounts` + +## [0.12.15] - Aprl 12, 2019 +* Added support for `bucketExists` flag for googleStorage + +## [0.12.14] - Apr 11, 2019 +* Replace `curl` examples with `wget` due to the new base image + +## [0.12.13] - Aprl 07, 2019 +* Add support for providing the Artifactory license as a parameter + +## [0.12.12] - Apr 10, 2019 +* Updated Artifactory version to 6.9.1 + +## [0.12.11] - Aprl 04, 2019 +* Add support for templated extraEnvironmentVariables + +## [0.12.10] - Aprl 07, 2019 +* Change network policy API group + +## [0.12.9] - Aprl 04, 2019 +* Apply the existing PVC for members (in addition to primary) + +## [0.12.8] - Aprl 03, 2019 +* Bugfix for userPluginSecrets + +## [0.12.7] - Apr 4, 2019 +* Add information about upgrading Artifactory with auto-generated postgres password + +## [0.12.6] - Aprl 03, 2019 +* Added installer info + +## [0.12.5] - Aprl 03, 2019 +* Allow secret names for user plugins to contain template language + +## [0.12.4] - Apr 02, 2019 +* Fix issue #253 (use existing PVC for data and backup storage) + +## [0.12.3] - Apr 02, 2019 +* Allow NetworkPolicy configurations (defaults to allow all) + +## [0.12.2] - Aprl 01, 2019 +* Add support for user plugin secret + +## [0.12.1] - Mar 26, 2019 +* Add the option to copy a list of files to ARTIFACTORY_HOME on startup + +## [0.12.0] - Mar 26, 2019 +* Updated Artifactory version to 6.9.0 + +## [0.11.18] - Mar 25, 2019 +* Add CI tests for persistence, ingress support and nginx + +## [0.11.17] - Mar 22, 2019 +* Add the option to change the default access-admin password + +## [0.11.16] - Mar 22, 2019 +* Added support for `.Probe.path` to customise the paths used for health probes + +## [0.11.15] - Mar 21, 2019 +* Added support for `artifactory.customSidecarContainers` to create custom sidecar containers +* Added support for `artifactory.customVolumes` to create custom volumes + +## [0.11.14] - Mar 21, 2019 +* Make ingress path configurable + +## [0.11.13] - Mar 19, 2019 +* Move the copy of bootstrap config from postStart to preStart for Primary + +## [0.11.12] - Mar 19, 2019 +* Fix existingClaim example + +## [0.11.11] - Mar 18, 2019 +* Disable the option to use nginx PVC with more than one replica + +## [0.11.10] - Mar 15, 2019 +* Wait for nginx configuration file before using it + +## [0.11.9] - Mar 15, 2019 +* Revert securityContext changes since they were causing issues + +## [0.11.8] - Mar 15, 2019 +* Fix issue #247 (init container failing to run) + +## [0.11.7] - Mar 14, 2019 +* Updated Artifactory version to 6.8.7 + +## [0.11.6] - Mar 13, 2019 +* Move securityContext to container level + +## [0.11.5] - Mar 11, 2019 +* Add the option to use existing volume claims for Artifactory storage + +## [0.11.4] - Mar 11, 2019 +* Updated Artifactory version to 6.8.6 + +## [0.11.3] - Mar 5, 2019 +* Updated Artifactory version to 6.8.4 + +## [0.11.2] - Mar 4, 2019 +* Add support for catalina logs sidecars + +## [0.11.1] - Feb 27, 2019 +* Updated Artifactory version to 6.8.3 + +## [0.11.0] - Feb 25, 2019 +* Add nginx support for tail sidecars + +## [0.10.3] - Feb 21, 2019 +* Add s3AwsVersion option to awsS3 configuration for use with IAM roles + +## [0.10.2] - Feb 19, 2019 +* Updated Artifactory version to 6.8.2 + +## [0.10.1] - Feb 17, 2019 +* Updated Artifactory version to 6.8.1 +* Add example of `SERVER_XML_EXTRA_CONNECTOR` usage + +## [0.10.0] - Feb 15, 2019 +* Updated Artifactory version to 6.8.0 + +## [0.9.7] - Feb 13, 2019 +* Updated Artifactory version to 6.7.3 + +## [0.9.6] - Feb 7, 2019 +* Add support for tail sidecars to view logs from k8s api + +## [0.9.5] - Feb 6, 2019 +* Fix support for customizing statefulset `terminationGracePeriodSeconds` + +## [0.9.4] - Feb 5, 2019 +* Add support for customizing statefulset `terminationGracePeriodSeconds` + +## [0.9.3] - Feb 5, 2019 +* Remove the inactive server remove plugin + +## [0.9.2] - Feb 3, 2019 +* Updated Artifactory version to 6.7.2 + +## [0.9.1] - Jan 27, 2019 +* Fix support for Azure Blob Storage Binary provider + +## [0.9.0] - Jan 23, 2019 +* Updated Artifactory version to 6.7.0 + +## [0.8.10] - Jan 22, 2019 +* Added support for `artifactory.customInitContainers` to create custom init containers + +## [0.8.9] - Jan 18, 2019 +* Added support of values ingress.labels + +## [0.8.8] - Jan 16, 2019 +* Mount replicator.yaml (config) directly to /replicator_extra_conf + +## [0.8.7] - Jan 15, 2018 +* Add support for Azure Blob Storage Binary provider + +## [0.8.6] - Jan 13, 2019 +* Fix documentation about nginx group id + +## [0.8.5] - Jan 13, 2019 +* Updated Artifactory version to 6.6.5 + +## [0.8.4] - Jan 8, 2019 +* Make artifactory.replicator.publicUrl required when the replicator is enabled + +## [0.8.3] - Jan 1, 2019 +* Updated Artifactory version to 6.6.3 +* Add support for `artifactory.extraEnvironmentVariables` to pass more environment variables to Artifactory + +## [0.8.2] - Dec 28, 2018 +* Fix location `replicator.yaml` is copied to + +## [0.8.1] - Dec 27, 2018 +* Updated Artifactory version to 6.6.1 + +## [0.8.0] - Dec 20, 2018 +* Updated Artifactory version to 6.6.0 + +## [0.7.17] - Dec 17, 2018 +* Updated Artifactory version to 6.5.13 + +## [0.7.16] - Dec 12, 2018 +* Fix documentation about Artifactory license setup using secret + +## [0.7.15] - Dec 9, 2018 +* AWS S3 add `roleName` for using IAM role + +## [0.7.14] - Dec 6, 2018 +* AWS S3 `identity` and `credential` are now added only if have a value to allow using IAM role + +## [0.7.13] - Dec 5, 2018 +* Remove Distribution certificates creation. + +## [0.7.12] - Dec 2, 2018 +* Remove Java option "-Dartifactory.locking.provider.type=db". This is already the default setting. + +## [0.7.11] - Nov 30, 2018 +* Updated Artifactory version to 6.5.9 + +## [0.7.10] - Nov 29, 2018 +* Fixed the volumeMount for the replicator.yaml + +## [0.7.9] - Nov 29, 2018 +* Optionally include primary node into poddisruptionbudget + +## [0.7.8] - Nov 29, 2018 +* Updated postgresql version to 9.6.11 + +## [0.7.7] - Nov 27, 2018 +* Updated Artifactory version to 6.5.8 + +## [0.7.6] - Nov 18, 2018 +* Added support for configMap to use custom Reverse Proxy Configuration with Nginx + +## [0.7.5] - Nov 14, 2018 +* Updated Artifactory version to 6.5.3 + +## [0.7.4] - Nov 13, 2018 +* Allow pod anti-affinity settings to include primary node + +## [0.7.3] - Nov 12, 2018 +* Support artifactory.preStartCommand for running command before entrypoint starts + +## [0.7.2] - Nov 7, 2018 +* Support database.url parameter (DB_URL) + +## [0.7.1] - Oct 29, 2018 +* Change probes port to 8040 (so they will not be blocked when all tomcat threads on 8081 are exhausted) + +## [0.7.0] - Oct 28, 2018 +* Update postgresql chart to version 0.9.5 to be able and use `postgresConfig` options + +## [0.6.9] - Oct 23, 2018 +* Fix providing external secret for database credentials + +## [0.6.8] - Oct 22, 2018 +* Allow user to configure externalTrafficPolicy for Loadbalancer + +## [0.6.7] - Oct 22, 2018 +* Updated ingress annotation support (with examples) to support docker registry v2 + +## [0.6.6] - Oct 21, 2018 +* Updated Artifactory version to 6.5.2 + +## [0.6.5] - Oct 19, 2018 +* Allow providing pre-existing secret containing master key +* Allow arbitrary annotations on primary and member node pods +* Enforce size limits when using local storage with `emptyDir` +* Allow `soft` or `hard` specification of member node anti-affinity +* Allow providing pre-existing secrets containing external database credentials +* Fix `s3` binary store provider to properly use the `cache-fs` provider +* Allow arbitrary properties when using the `s3` binary store provider + +## [0.6.4] - Oct 18, 2018 +* Updated Artifactory version to 6.5.1 + +## [0.6.3] - Oct 17, 2018 +* Add Apache 2.0 license + +## [0.6.2] - Oct 14, 2018 +* Make S3 endpoint configurable (was hardcoded with `s3.amazonaws.com`) + +## [0.6.1] - Oct 11, 2018 +* Allows ingress default `backend` to be enabled or disabled (defaults to enabled) + +## [0.6.0] - Oct 11, 2018 +* Updated Artifactory version to 6.5.0 + +## [0.5.3] - Oct 9, 2018 +* Quote ingress hosts to support wildcard names + +## [0.5.2] - Oct 2, 2018 +* Add `helm repo add jfrog https://charts.jfrog.io` to README + +## [0.5.1] - Oct 2, 2018 +* Set Artifactory to 6.4.1 + +## [0.5.0] - Sep 27, 2018 +* Set Artifactory to 6.4.0 + +## [0.4.7] - Sep 26, 2018 +* Add ci/test-values.yaml + +## [0.4.6] - Sep 25, 2018 +* Add PodDisruptionBudget for member nodes, defaulting to minAvailable of 1 + +## [0.4.4] - Sep 2, 2018 +* Updated Artifactory version to 6.3.2 + +## [0.4.0] - Aug 22, 2018 +* Added support to run as non root +* Updated Artifactory version to 6.2.0 + +## [0.3.0] - Aug 22, 2018 +* Enabled RBAC Support +* Added support for PostStartCommand (To download Database JDBC connector) +* Increased postgresql max_connections +* Added support for `nginx.conf` ConfigMap +* Updated Artifactory version to 6.1.0 diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/Chart.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/Chart.yaml new file mode 100644 index 000000000..6422c9841 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/Chart.yaml @@ -0,0 +1,29 @@ +annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/release-name: artifactory-ha +apiVersion: v1 +appVersion: 7.6.3 +description: Universal Repository Manager supporting all major packaging formats, + build tools and CI servers. +home: https://www.jfrog.com/artifactory/ +icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory-ha/logo/artifactory-logo.png +keywords: +- artifactory +- jfrog +- devops +maintainers: +- email: amithk@jfrog.com + name: amithins +- email: daniele@jfrog.com + name: danielezer +- email: eldada@jfrog.com + name: eldada +- email: ramc@jfrog.com + name: chukka +- email: rimasm@jfrog.com + name: rimusz +name: artifactory-ha +sources: +- https://bintray.com/jfrog/product/JFrog-Artifactory-Pro/view +- https://github.com/jfrog/charts +version: 3.0.1400 diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/LICENSE b/charts/artifactory-ha/artifactory-ha/3.0.1400/LICENSE new file mode 100644 index 000000000..8dada3eda --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/README.md b/charts/artifactory-ha/artifactory-ha/3.0.1400/README.md new file mode 100644 index 000000000..f9ad3619d --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/README.md @@ -0,0 +1,1587 @@ +# JFrog Artifactory High Availability Helm Chart + +## Prerequisites Details + +* Kubernetes 1.12+ +* Artifactory HA license + +## Chart Details +This chart will do the following: + +* Deploy Artifactory highly available cluster. 1 primary node and 2 member nodes. +* Deploy a PostgreSQL database **NOTE:** For production grade installations it is recommended to use an external PostgreSQL +* Deploy an Nginx server + +## Artifactory HA architecture +The Artifactory HA cluster in this chart is made up of +- A single primary node +- Two member nodes, which can be resized at will + +Load balancing is done to the member nodes only. +This leaves the primary node free to handle jobs and tasks and not be interrupted by inbound traffic. +> This can be controlled by the parameter `artifactory.service.pool`. + +## Installing the Chart + +### Add ChartCenter Helm repository + +Before installing JFrog helm charts, you need to add the [ChartCenter helm repository](https://chartcenter.io) to your helm client + +```bash +helm repo add center https://repo.chartcenter.io +helm repo update +``` + +**NOTE:** Passing masterKey is mandatory for fresh install of chart (7.x Appversion) + +### Create a unique Master Key +Artifactory HA cluster requires a unique master key. + +**For production grade installations it is strongly recommended to use a custom master key. If you initially use the default master key it will be very hard to change the master key at a later stage** + +You should generate a unique one and pass it to the template at install/upgrade time. +```bash +# Create a key +export MASTER_KEY=$(openssl rand -hex 32) +echo ${MASTER_KEY} +``` + +### Install Chart +To install the chart with the release name `artifactory-ha`: + +```bash +helm upgrade --install artifactory-ha --set artifactory.masterKey=${MASTER_KEY} --namespace artifactory-ha center/jfrog/artifactory-ha +``` + +### System Configuration +Artifactory uses a common system configuration file - `system.yaml`. See [official documentation](https://www.jfrog.com/confluence/display/JFROG/System+YAML+Configuration+File) on its usage. +In order to override the default `system.yaml` configuration, do the following: +```bash +artifactory: + systemYaml: | + +``` + +### Deploying Artifactory for small/medium/large instllations +In the chart directory, we have added three values files, one for each installation type - small/medium/large. These values files are recommendations for setting resources requests and limits for your installation. The values are derived from the following [documentation](https://www.jfrog.com/confluence/display/EP/Installing+on+Kubernetes#InstallingonKubernetes-Systemrequirements). You can find them in the corresponding chart directory - values-small.yaml, values-medium.yaml and values-large.yaml + +### Accessing Artifactory +**NOTE:** It might take a few minutes for Artifactory's public IP to become available, and the nodes to complete initial setup. +Follow the instructions outputted by the install command to get the Artifactory IP and URL to access it. + +### Updating Artifactory +Once you have a new chart version, you can update your deployment with +```bash +helm upgrade artifactory-ha --namespace artifactory-ha center/jfrog/artifactory-ha +``` + +If artifactory was installed without providing a value to postgresql.postgresqlPassword (a password was autogenerated), follow these instructions: +1. Get the current password by running: +```bash +POSTGRES_PASSWORD=$(kubectl get secret -n -postgresql -o jsonpath="{.data.postgresql-password}" | base64 --decode) +``` +2. Upgrade the release by passing the previously auto-generated secret: +```bash +helm upgrade --namespace artifactory-ha center/jfrog/artifactory-ha --set postgresql.postgresqlPassword=${POSTGRES_PASSWORD} +``` + +This will apply any configuration changes on your existing deployment. + +### Special Upgrade Notes +#### Artifactory upgrade from 6.x to 7.x (App Version) +Arifactory 6.x to 7.x upgrade requires a one time migration process. This is done automatically on pod startup if needed. +It's possible to configure the migration timeout with the following configuration in extreme cases. The provided default should be more than enough for completion of the migration. +```yaml +artifactory: + # Migration support from 6.x to 7.x + migration: + enabled: true + timeoutSeconds: 3600 +``` + +### Artifactory memory and CPU resources +The Artifactory HA Helm chart comes with support for configured resource requests and limits to all pods. By default, these settings are commented out. +It is **highly** recommended to set these so you have full control of the allocated resources and limits. + +See more information on [setting resources for your Artifactory based on planned usage](https://www.jfrog.com/confluence/display/RTF/System+Requirements#SystemRequirements-RecommendedHardware). + +```bash +# Example of setting resource requests and limits to all pods (including passing java memory settings to Artifactory) +helm upgrade --install artifactory-ha \ + --set artifactory.primary.resources.requests.cpu="500m" \ + --set artifactory.primary.resources.limits.cpu="2" \ + --set artifactory.primary.resources.requests.memory="1Gi" \ + --set artifactory.primary.resources.limits.memory="4Gi" \ + --set artifactory.primary.javaOpts.xms="1g" \ + --set artifactory.primary.javaOpts.xmx="4g" \ + --set artifactory.node.resources.requests.cpu="500m" \ + --set artifactory.node.resources.limits.cpu="2" \ + --set artifactory.node.resources.requests.memory="1Gi" \ + --set artifactory.node.resources.limits.memory="4Gi" \ + --set artifactory.node.javaOpts.xms="1g" \ + --set artifactory.node.javaOpts.xmx="4g" \ + --set initContainers.resources.requests.cpu="10m" \ + --set initContainers.resources.limits.cpu="250m" \ + --set initContainers.resources.requests.memory="64Mi" \ + --set initContainers.resources.limits.memory="128Mi" \ + --set postgresql.resources.requests.cpu="200m" \ + --set postgresql.resources.limits.cpu="1" \ + --set postgresql.resources.requests.memory="500Mi" \ + --set postgresql.resources.limits.memory="1Gi" \ + --set nginx.resources.requests.cpu="100m" \ + --set nginx.resources.limits.cpu="250m" \ + --set nginx.resources.requests.memory="250Mi" \ + --set nginx.resources.limits.memory="500Mi" \ + --namespace artifactory-ha center/jfrog/artifactory-ha +``` +> Artifactory java memory parameters can (and should) also be set to match the allocated resources with `artifactory.[primary|node].javaOpts.xms` and `artifactory.[primary|node].javaOpts.xmx`. + +Get more details on configuring Artifactory in the [official documentation](https://www.jfrog.com/confluence/). + +Although it is possible to set resources limits and requests this way, it is recommended to use the pre-built values files +for small, medium and large installation and change them according to your needs (if necessary), as described [here](#Deploying-Artifactory-for-small/medium/large-installations) + +### Deploying Artifactory for small/medium/large installations +In the chart directory, we have added three values files, one for each installation type - small/medium/large. These values files are recommendations for setting resources requests and limits for your installation. The values are derived from the following [documentation](https://www.jfrog.com/confluence/display/EP/Installing+on+Kubernetes#InstallingonKubernetes-Systemrequirements). You can find them in the corresponding chart directory - values-small.yaml, values-medium.yaml and values-large.yaml + +### Artifactory storage +Artifactory HA support a wide range of storage back ends. You can see more details on [Artifactory HA storage options](https://www.jfrog.com/confluence/display/RTF/HA+Installation+and+Setup#HAInstallationandSetup-SettingUpYourStorageConfiguration) + +In this chart, you set the type of storage you want with `artifactory.persistence.type` and pass the required configuration settings. +The default storage in this chart is the `file-system` replication, where the data is replicated to all nodes. + +> **IMPORTANT:** All storage configurations (except NFS) come with a default `artifactory.persistence.redundancy` parameter. +This is used to set how many replicas of a binary should be stored in the cluster's nodes. +Once this value is set on initial deployment, you can not update it using helm. +It is recommended to set this to a number greater than half of your cluster's size, and never scale your cluster down to a size smaller than this number. + +#### Existing volume claim + +###### Primary node +In order to use an existing volume claim for the Artifactory primary storage, you need to: +- Create a persistent volume claim by the name `volume--artifactory-ha-primary-0` e.g `volume-myrelease-artifactory-ha-primary-0` +- Pass a parameter to `helm install` and `helm upgrade` +```bash +... +--set artifactory.primary.persistence.existingClaim=true +``` + +###### Member nodes +In order to use an existing volume claim for the Artifactory member nodes storage, you need to: +- Create persistent volume claims according to the number of replicas defined at `artifactory.node.replicaCount` by the names `volume--artifactory-ha-member-`, e.g `volume-myrelease-artifactory-ha-member-0` and `volume-myrelease-artifactory-ha-primary-1`. +- Pass a parameter to `helm install` and `helm upgrade` +```bash +... +--set artifactory.node.persistence.existingClaim=true +``` + +#### Existing shared volume claim + +In order to use an existing claim (for data and backup) that is to be shared across all nodes, you need to: + +- Create PVCs with ReadWriteMany that match the naming conventions: +``` + {{ template "artifactory-ha.fullname" . }}-data-pvc- + {{ template "artifactory-ha.fullname" . }}-backup-pvc- +``` +An example that shows 2 existing claims to be used: +``` + myexample-artifactory-ha-data-pvc-0 + myexample-artifactory-ha-backup-pvc-0 + myexample-artifactory-ha-data-pvc-1 + myexample-artifactory-ha-backup-pvc-1 +``` +- Set the artifactory.persistence.fileSystem.existingSharedClaim.enabled in values.yaml to true: +``` +-- set artifactory.persistence.fileSystem.existingSharedClaim.enabled=true +-- set artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims=2 +``` + +#### NFS +To use an NFS server as your cluster's storage, you need to +- Setup an NFS server. Get its IP as `NFS_IP` +- Create a `data` and `backup` directories on the NFS exported directory with write permissions to all +- Pass NFS parameters to `helm install` and `helm upgrade` +```bash +... +--set artifactory.persistence.type=nfs \ +--set artifactory.persistence.nfs.ip=${NFS_IP} \ +... +``` + +#### Google Storage +To use a Google Storage bucket as the cluster's filestore. See [Google Storage Binary Provider](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore#ConfiguringtheFilestore-GoogleStorageBinaryProvider) +- Pass Google Storage parameters to `helm install` and `helm upgrade` +```bash +... +--set artifactory.persistence.type=google-storage \ +--set artifactory.persistence.googleStorage.identity=${GCP_ID} \ +--set artifactory.persistence.googleStorage.credential=${GCP_KEY} \ +... +``` +``` +In order to use a GCP service account, Artifactory needs a gcp.credentials.json file in the same directory asa binaraystore.xml file. +This can be generated by running: +```bash +gcloud iam service-accounts keys create --iam-account +``` +Which will produce the following, which can be saved to a file or copied into your `values.yaml`. +```bash +{ + "type": "service_account", + "project_id": "", + "private_key_id": "?????", + "private_key": "-----BEGIN PRIVATE KEY-----\n????????==\n-----END PRIVATE KEY-----\n", + "client_email": "???@j.iam.gserviceaccount.com", + "client_id": "???????", + "auth_uri": "https://accounts.google.com/o/oauth2/auth", + "token_uri": "https://oauth2.googleapis.com/token", + "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", + "client_x509_cert_url": "https://www.googleapis.com/robot/v1....." +} +``` + +One option is to create your own [Secret](https://kubernetes.io/docs/concepts/configuration/secret/) and pass it to your `helm install` in a custom `values.yaml` +```bash +# Create the Kubernetes secret from the file you created earlier. +# IMPORTANT: The file must be called "gcp.credentials.json" because this is used later as the secret key! +kubectl create secret generic artifactory-gcp-creds --from-file=./gcp.credentials.json +``` +Set this secret in your custom `values.yaml` +```bash +artifactory: + persistence: + googleStorage + gcpServiceAccount: + enabled: true + customSecretName: artifactory-gcp-creds +``` + +Another option is to put your generated config directly in your custom `values.yaml` and the a secret will be created from it +``` +artifactory: + persistence: + googleStorage + gcpServiceAccount: + enabled: true + config: | + { + "type": "service_account", + "project_id": "", + "private_key_id": "?????", + "private_key": "-----BEGIN PRIVATE KEY-----\n????????==\n-----END PRIVATE KEY-----\n", + "client_email": "???@j.iam.gserviceaccount.com", + "client_id": "???????", + "auth_uri": "https://accounts.google.com/o/oauth2/auth", + "token_uri": "https://oauth2.googleapis.com/token", + "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", + "client_x509_cert_url": "https://www.googleapis.com/robot/v1....." + } +``` + +#### AWS S3 +**NOTE** Keep in mind that when using the `aws-s3` persistence type, you will not be able to provide an IAM on the pod level. +In order to grant permissions to Artifactory using an IAM role, you will have to attach the IAM role to the machine(s) on which Artifactory is running. +This is due to the fact that the `aws-s3` template uses the `JetS3t` library to interact with AWS. If you want to grant an IAM role at the pod level, see the `AWS S3 Vs` section. + +To use an AWS S3 bucket as the cluster's filestore. See [S3 Binary Provider](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore#ConfiguringtheFilestore-S3BinaryProvider) +- Pass AWS S3 parameters to `helm install` and `helm upgrade` +```bash +... +# With explicit credentials: +--set artifactory.persistence.type=aws-s3 \ +--set artifactory.persistence.awsS3.endpoint=${AWS_S3_ENDPOINT} \ +--set artifactory.persistence.awsS3.region=${AWS_REGION} \ +--set artifactory.persistence.awsS3.identity=${AWS_ACCESS_KEY_ID} \ +--set artifactory.persistence.awsS3.credential=${AWS_SECRET_ACCESS_KEY} \ +... + +... +# With using existing IAM role +--set artifactory.persistence.type=aws-s3 \ +--set artifactory.persistence.awsS3.endpoint=${AWS_S3_ENDPOINT} \ +--set artifactory.persistence.awsS3.region=${AWS_REGION} \ +--set artifactory.persistence.awsS3.roleName=${AWS_ROLE_NAME} \ +... +``` +**NOTE:** Make sure S3 `endpoint` and `region` match. See [AWS documentation on endpoint](https://docs.aws.amazon.com/general/latest/gr/rande.html) + +#### AWS S3 V3 +To use an AWS S3 bucket as the cluster's filestore and access it with the official AWS SDK, See [S3 Official SDK Binary Provider](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore#ConfiguringtheFilestore-AmazonS3OfficialSDKTemplate). +This filestore template uses the official AWS SDK, unlike the `aws-s3` implementation that uses the `JetS3t` library. +Use this template if you want to attach an IAM role to the Artifactory pod directly (as opposed to attaching it to the machine/s that Artifactory will run on). + +**NOTE** This will have to be combined with a k8s mechanism for attaching IAM roles to pods, like [kube2iam](https://github.com/helm/charts/tree/master/stable/kube2iam) or anything similar. + +- Pass AWS S3 V3 parameters and the annotation pointing to the IAM role (when using an IAM role. this is kube2iam specific and may vary depending on the implementation) to `helm install` and `helm upgrade` + +```bash +# With explicit credentials: +--set artifactory.persistence.type=aws-s3-v3 \ +--set artifactory.persistence.awsS3V3.region=${AWS_REGION} \ +--set artifactory.persistence.awsS3V3.bucketName=${AWS_S3_BUCKET_NAME} \ +--set artifactory.persistence.awsS3V3.identity=${AWS_ACCESS_KEY_ID} \ +--set artifactory.persistence.awsS3V3.credential=${AWS_SECRET_ACCESS_KEY} \ +... +``` + +```bash +# With using existing IAM role +--set artifactory.persistence.type=aws-s3-v3 \ +--set artifactory.persistence.awsS3V3.region=${AWS_REGION} \ +--set artifactory.persistence.awsS3V3.bucketName=${AWS_S3_BUCKET_NAME} \ +--set artifactory.annotations.'iam\.amazonaws\.com/role'=${AWS_IAM_ROLE_ARN} +... +``` + +#### Microsoft Azure Blob Storage +To use Azure Blob Storage as the cluster's filestore. See [Azure Blob Storage Binary Provider](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore#ConfiguringtheFilestore-AzureBlobStorageClusterBinaryProvider) +- Pass Azure Blob Storage parameters to `helm install` and `helm upgrade` +```bash +... +--set artifactory.persistence.type=azure-blob \ +--set artifactory.persistence.azureBlob.accountName=${AZURE_ACCOUNT_NAME} \ +--set artifactory.persistence.azureBlob.accountKey=${AZURE_ACCOUNT_KEY} \ +--set artifactory.persistence.azureBlob.endpoint=${AZURE_ENDPOINT} \ +--set artifactory.persistence.azureBlob.containerName=${AZURE_CONTAINER_NAME} \ +... +``` + +#### Custom binarystore.xml +You have an option to provide a custom [binarystore.xml](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore).
+There are two options for this + +1. Editing directly in [values.yaml](values.yaml) +```yaml +artifactory: + persistence: + binarystoreXml: | + + + + + +``` + +2. Create your own [Secret](https://kubernetes.io/docs/concepts/configuration/secret/) and pass it to your `helm install` command +```yaml +# Prepare your custom Secret file (custom-binarystore.yaml) +kind: Secret +apiVersion: v1 +metadata: + name: custom-binarystore + labels: + app: artifactory + chart: artifactory +stringData: + binarystore.xml: |- + + + + +``` + +```bash +# Create a secret from the file +kubectl apply -n artifactory -f ./custom-binarystore.yaml + +# Pass it to your helm install command: +helm upgrade --install artifactory-ha --set artifactory.persistence.customBinarystoreXmlSecret=custom-binarystore --namespace artifactory-ha center/jfrog/artifactory-ha +``` + +### Create a unique Master Key + +Alternatively, you can create a secret containing the master key manually and pass it to the template at install/upgrade time. +```bash +# Create a key +export MASTER_KEY=$(openssl rand -hex 32) +echo ${MASTER_KEY} + +# Create a secret containing the key. The key in the secret must be named master-key +kubectl create secret generic my-secret --from-literal=master-key=${MASTER_KEY} + +# Pass the created secret to helm +helm upgrade --install artifactory-ha --set artifactory.masterKeySecretName=my-secret --namespace artifactory-ha center/jfrog/artifactory-ha +``` +**NOTE:** In either case, make sure to pass the same master key on all future calls to `helm install` and `helm upgrade`! In the first case, this means always passing `--set artifactory.masterKey=${MASTER_KEY}`. In the second, this means always passing `--set artifactory.masterKeySecretName=my-secret` and ensuring the contents of the secret remain unchanged. + +### Special Upgrade Notes +### MasterKey during 6.x to 7.x Migration (App version) + +**NOTE:** 6.x only supports masterKey with 16 hex (32 characters) and if you have set masterKey using `openssl rand -hex 32` (64 characters) in 6.x, only the first 32 characters are used and rest are ignored. Hence, during 6.x to 7.x migration, we trim first 32 characters and set masterkey, which implies 7.x still uses the trimmed masterkey of 6.x. Hence, `artifactory.masterKey` should not be passed during migration from 6.x to 7.x. + +### Create a unique Join Key +Artifactory requires a unique join key. By default the chart has one set in values.yaml (`artifactory.joinKey`). + +**This key is for demo purpose and should not be used in a production environment!** + +You should generate a unique key and pass it to the template at install/upgrade time. +```bash +# Create a key +export JOIN_KEY=$(openssl rand -hex 32) +echo ${JOIN_KEY} + +# Pass the created join key to helm +helm upgrade --install artifactory-ha --set artifactory.joinKey=${JOIN_KEY} --namespace artifactory-ha center/jfrog/artifactory-ha +``` + +Alternatively, you can create a secret containing the join key manually and pass it to the template at install/upgrade time. +```bash +# Create a key +export JOIN_KEY=$(openssl rand -hex 32) +echo ${JOIN_KEY} + +# Create a secret containing the key. The key in the secret must be named join-key +kubectl create secret generic my-secret --from-literal=join-key=${JOIN_KEY} + +# Pass the created secret to helm +helm upgrade --install artifactory-ha --set artifactory.joinKeySecretName=my-secret --namespace artifactory-ha center/jfrog/artifactory-ha +``` +**NOTE:** In either case, make sure to pass the same join key on all future calls to `helm install` and `helm upgrade`! This means always passing `--set artifactory.joinKey=${JOIN_KEY}`. In the second, this means always passing `--set artifactory.joinKeySecretName=my-secret` and ensuring the contents of the secret remain unchanged.. + +### Install Artifactory HA license +For activating Artifactory HA, you must install an appropriate license. There are three ways to manage the license. **Artifactory UI**, **REST API**, or a **Kubernetes Secret**. + +The easier and recommended way is the **Artifactory UI**. Using the **Kubernetes Secret** or **REST API** is for advanced users and is better suited for automation. + +**IMPORTANT:** You should use only one of the following methods. Switching between them while a cluster is running might disable your Artifactory HA cluster! + +##### Artifactory UI +Once primary cluster is running, open Artifactory UI and insert the license(s) in the UI. See [HA installation and setup](https://www.jfrog.com/confluence/display/RTF/HA+Installation+and+Setup) for more details. **Note that you should enter all licenses at once, with each license is separated by a newline.** If you add the licenses one at a time, you may get redirected to a node without a license and the UI won't load for that node. + +##### REST API +You can add licenses via REST API (https://www.jfrog.com/confluence/display/RTF/Artifactory+REST+API#ArtifactoryRESTAPI-InstallHAClusterLicenses). Note that the REST API expects "\n" for the newlines in the licenses. + +##### Kubernetes Secret +You can deploy the Artifactory license(s) as a [Kubernetes secret](https://kubernetes.io/docs/concepts/configuration/secret/). +Prepare a text file with the license(s) written in it. If writing multiple licenses (must be in the same file), it's important to put **two new lines between each license block**! +```bash +# Create the Kubernetes secret (assuming the local license file is 'art.lic') +kubectl create secret generic artifactory-cluster-license --from-file=./art.lic + +# Pass the license to helm +helm upgrade --install artifactory-ha --set artifactory.license.secret=artifactory-cluster-license,artifactory.license.dataKey=art.lic --namespace artifactory-ha center/jfrog/artifactory-ha +``` +**NOTE:** This method is relevant for initial deployment only! Once Artifactory is deployed, you should not keep passing these parameters as the license is already persisted into Artifactory's storage (they will be ignored). +Updating the license should be done via Artifactory UI or REST API. + +##### Create the secret as part of the helm release +values.yaml +```yaml +artifactory: + license: + licenseKey: |- + + + + + + + +``` + +```bash +helm upgrade --install artifactory-ha -f values.yaml --namespace artifactory-ha center/jfrog/artifactory-ha +``` +**NOTE:** This method is relevant for initial deployment only! Once Artifactory is deployed, you should not keep passing these parameters as the license is already persisted into Artifactory's storage (they will be ignored). +Updating the license should be done via Artifactory UI or REST API. +If you want to keep managing the artifactory license using the same method, you can use the copyOnEveryStartup example shown in the values.yaml file + + +### copyOnEveryStartup feature +Files stored in the `/artifactory-extra-conf` directory are only copied to the `ARTIFACTORY_HOME/etc` directory upon the first startup. +In some cases, you want your configuration files to be copied to the `ARTIFACTORY_HOME/etc` directory on every startup. +Two examples for that would be: + +1. the binarstore.xml file. If you use the default behaviour, your binarystore.xml configuration will only be copied on the first startup, +which means that changes you make over time to the `binaryStoreXml` configuration will not be applied. In order to make sure your changes are applied on every startup, do the following: +Create a values file with the following values: +```yaml +artifactory: + copyOnEveryStartup: + - source: /artifactory_bootstrap/binarystore.xml + target: etc/artifactory/ +``` + +Install the helm chart with the values file you created: +```bash +helm upgrade --install artifactory-ha --namespace artifactory-ha center/jfrog/artifactory-ha -f values.yaml +``` + +2. Any custom configuration file you have to configure artifactory, such as `logback.xml`: +Create a config map with your `logback.xml` configuration. + +Create a values file with the following values: +```yaml +artifactory: + ## Create a volume pointing to the config map with your configuration file + customVolumes: | + - name: logback-xml-configmap + configMap: + name: logback-xml-configmap + customVolumeMounts: | + - name: logback-xml-configmap + mountPath: /tmp/artifactory-logback/ + copyOnEveryStartup: + - source: /tmp/artifactory-logback/* + target: etc/ +``` + +Install the helm chart with the values file you created: +```bash +helm upgrade --install artifactory-ha --namespace artifactory-ha center/jfrog/artifactory-ha -f values.yaml +``` + +### Configure NetworkPolicy + +NetworkPolicy specifies what ingress and egress is allowed in this namespace. It is encouraged to be more specific whenever possible to increase security of the system. + +In the `networkpolicy` section of values.yaml you can specify a list of NetworkPolicy objects. + +For podSelector, ingress and egress, if nothing is provided then a default `- {}` is applied which is to allow everything. + +A full (but very wide open) example that results in 2 NetworkPolicy objects being created: +```yaml +networkpolicy: + # Allows all ingress and egress to/from artifactory primary and member pods. + - name: artifactory + podSelector: + matchLabels: + app: artifactory-ha + egress: + - {} + ingress: + - {} + # Allows connectivity from artifactory-ha pods to postgresql pods, but no traffic leaving postgresql pod. + - name: postgresql + podSelector: + matchLabels: + app: postgresql + ingress: + - from: + - podSelector: + matchLabels: + app: artifactory-ha +``` + +### Artifactory JMX Configuration +** You can see some information about the exposed MBeans here - https://www.jfrog.com/confluence/display/RTF/Artifactory+JMX+MBeans + +Enable JMX in your deployment: +```bash +helm upgrade --install artifactory \ + --set artifactory.primary.javaOpts.jmx.enabled=true \ + --set artifactory.node.javaOpts.jmx.enabled=true \ + --namespace artifactory-ha center/jfrog/artifactory-ha +``` +This will enable access to Artifactory with JMX on the default port (9010). +** You have the option to change the port by setting ```artifactory.primary.javaOpts.jmx.port``` and ```artifactory.node.javaOpts.jmx.port``` +to your choice of port + +In order to connect to Artifactory using JMX with jconsole (or any similar tool) installed on your computer, follow the following steps: +1. Enable JMX as described above and Change the Artifactory service to be of type LoadBalancer: +```bash +helm upgrade --install artifactory \ + --set artifactory.primary.javaOpts.jmx.enabled=true \ + --set artifactory.node.javaOpts.jmx.enabled=true \ + --set artifactory.service.type=LoadBalancer \ + --namespace artifactory-ha center/jfrog/artifactory-ha +``` +2. The default setting for java.rmi.server.hostname is the service name (this is also configurable with +```artifactory.primary.javaOpts.jmx.host``` and ```artifactory.node.javaOpts.jmx.host```), So in order to connect to Artifactory +with jconsole you should map the Artifactory kuberentes service IP to the service name using your hosts file as such: +``` + artifactory-ha--primary + +``` +3. Launch jconsole with the service address and port: +```bash +jconsole artifactory-ha--primary: +jconsole : +``` + +### Bootstrapping Artifactory admin password +You can bootstrap the `admin` user password as described in the [bootstrap Artifactory admin credentials](https://www.jfrog.com/confluence/display/JFROG/Users+and+Groups#UsersandGroups-RecreatingtheDefaultAdminUserrecreate) guide. + +1. Create `admin-creds-values.yaml` and provide the IP (By default 127.0.0.1) and password: +```yaml +artifactory: + admin: + ip: "" # Example: "*" to allow access from anywhere + username: "admin" + password: "" +``` + +2. Apply the `admin-creds-values.yaml` file: +```bash +helm upgrade --install artifactory --namespace artifactory-ha center/jfrog/artifactory-ha -f admin-creds-values.yaml +``` + +### Bootstrapping Artifactory configuration +**IMPORTANT:** Bootstrapping Artifactory needs license. Pass license as shown in above section. + +* User guide to [bootstrap Artifactory Global Configuration](https://www.jfrog.com/confluence/display/RTF/Configuration+Files#ConfigurationFiles-BootstrappingtheGlobalConfiguration) +* User guide to [bootstrap Artifactory Security Configuration](https://www.jfrog.com/confluence/display/RTF/Configuration+Files#ConfigurationFiles-BootstrappingtheSecurityConfiguration) + +1. Create `bootstrap-config.yaml` with artifactory.config.import.xml and security.import.xml as shown below: +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: my-release-bootstrap-config +data: + artifactory.config.import.xml: | + + security.import.xml: | + +``` + +2. Create configMap in Kubernetes: +```bash +kubectl apply -f bootstrap-config.yaml +``` +3. Pass the configMap to helm +```bash +helm upgrade --install artifactory-ha --set artifactory.license.secret=artifactory-cluster-license,artifactory.license.dataKey=art.lic,artifactory.configMapName=my-release-bootstrap-config --namespace artifactory-ha center/jfrog/artifactory-ha +``` + +### Use custom nginx.conf with Nginx + +Steps to create configMap with nginx.conf +* Create `nginx.conf` file. +```bash +kubectl create configmap nginx-config --from-file=nginx.conf +``` +* Pass configMap to helm install +```bash +helm upgrade --install artifactory-ha --set nginx.customConfigMap=nginx-config --namespace artifactory-ha center/jfrog/artifactory-ha +``` + +### Scaling your Artifactory cluster +A key feature in Artifactory HA is the ability to set an initial cluster size with `--set artifactory.node.replicaCount=${CLUSTER_SIZE}` and if needed, resize it. + +##### Before scaling +**IMPORTANT:** When scaling, you need to explicitly pass the database password if it's an auto generated one (this is the default with the enclosed PostgreSQL helm chart). + +Get the current database password +```bash +export DB_PASSWORD=$(kubectl get $(kubectl get secret -o name | grep postgresql) -o jsonpath="{.data.postgresql-password}" | base64 --decode) +``` +Use `--set postgresql.postgresqlPassword=${DB_PASSWORD}` with every scale action to prevent a miss configured cluster! + +##### Scale up +Let's assume you have a cluster with **2** member nodes, and you want to scale up to **3** member nodes (a total of 4 nodes). +```bash +# Scale to 4 nodes (1 primary and 3 member nodes) +helm upgrade --install artifactory-ha --set artifactory.node.replicaCount=3 --set postgresql.postgresqlPassword=${DB_PASSWORD} --namespace artifactory-ha center/jfrog/artifactory-ha +``` + +##### Scale down +Let's assume you have a cluster with **3** member nodes, and you want to scale down to **2** member node. + +```bash +# Scale down to 2 member nodes +helm upgrade --install artifactory-ha --set artifactory.node.replicaCount=2 --set postgresql.postgresqlPassword=${DB_PASSWORD} --namespace artifactory-ha center/jfrog/artifactory-ha +``` +- **NOTE:** Since Artifactory is running as a Kubernetes Stateful Set, the removal of the node will **not** remove the persistent volume. You need to explicitly remove it +```bash +# List PVCs +kubectl get pvc + +# Remove the PVC with highest ordinal! +# In this example, the highest node ordinal was 2, so need to remove its storage. +kubectl delete pvc volume-artifactory-node-2 +``` + +### Use an external Database + +**For production grade installations it is recommended to use an external PostgreSQL with a static password** + +#### PostgreSQL +There are cases where you will want to use external PostgreSQL with a different database name e.g. `my-artifactory-db`, then you need set a custom PostgreSQL connection URL, where `my-artifactory-db` is the database name. + +This can be done with the following parameters +```bash +... +--set postgresql.enabled=false \ +--set database.type=postgresql \ +--set database.driver=org.postgresql.Driver \ +--set database.url='jdbc:postgresql://${DB_HOST}:${DB_PORT}/my-artifactory-db' \ +--set database.user=${DB_USER} \ +--set database.password=${DB_PASSWORD} \ +... +``` +**NOTE:** You must set `postgresql.enabled=false` in order for the chart to use the `database.*` parameters. Without it, they will be ignored! + +#### Other DB type +There are cases where you will want to use a different database and not the enclosed **PostgreSQL**. +See more details on [configuring the database](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Database) +> The official Artifactory Docker images include the PostgreSQL database driver. +> For other database types, you will have to add the relevant database driver to Artifactory's tomcat/lib + +This can be done with the following parameters +```bash +# Make sure your Artifactory Docker image has the MySQL database driver in it +... +--set postgresql.enabled=false \ +--set artifactory.preStartCommand="mkdir -p /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib; cd /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib && wget -O /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib/mysql-connector-java-5.1.41.jar https://jcenter.bintray.com/mysql/mysql-connector-java/5.1.41/mysql-connector-java-5.1.41.jar" \ +--set database.type=mysql \ +--set database.driver=com.mysql.jdbc.Driver \ +--set database.url=${DB_URL} \ +--set database.user=${DB_USER} \ +--set database.password=${DB_PASSWORD} \ +... +``` +**NOTE:** You must set `postgresql.enabled=false` in order for the chart to use the `database.*` parameters. Without it, they will be ignored! +##### Configuring Artifactory with external Oracle database +To use artifactory with oracledb the required instant client library files, libaio has to be copied to tomcat lib. Also set LD_LIBRARY_PATH env variable. +1. Create a value file with the configuration +```yaml +postgresql: + enabled: false +database: + type: oracle + driver: oracle.jdbc.OracleDriver + url: + user: + password: +artifactory: + preStartCommand: "mkdir -p /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib; cd /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib && wget -O instantclient-basic-linux.x64-19.6.0.0.0dbru.zip https://download.oracle.com/otn_software/linux/instantclient/19600/instantclient-basic-linux.x64-19.6.0.0.0dbru.zip && unzip -jn instantclient-basic-linux.x64-19.6.0.0.0dbru.zip && wget -O libaio1_0.3.110-3_amd64.deb http://ftp.br.debian.org/debian/pool/main/liba/libaio/libaio1_0.3.110-3_amd64.deb && dpkg-deb -x libaio1_0.3.110-3_amd64.deb . && cp lib/x86_64-linux-gnu/* ." + extraEnvironmentVariables: + - name: LD_LIBRARY_PATH + value: /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib +``` +2. Install Artifactory with the values file you created: +```bash +helm upgrade --install artifactory center/jfrog/artifactory-ha --namespace artifactory -f values-oracle.yaml +``` +**NOTE:** If its an upgrade from 6.x to 7.x, add same `preStartCommand` under `artifactory.migration.preStartCommand` + +#### Using pre-existing Kubernetes Secret +If you store your database credentials in a pre-existing Kubernetes `Secret`, you can specify them via `database.secrets` instead of `database.user` and `database.password`: +```bash +# Create a secret containing the database credentials +kubectl create secret generic my-secret --from-literal=user=${DB_USER} --from-literal=password=${DB_PASSWORD} +... +--set postgresql.enabled=false \ +--set database.secrets.user.name=my-secret \ +--set database.secrets.user.key=user \ +--set database.secrets.password.name=my-secret \ +--set database.secrets.password.key=password \ +... +``` + +### Deleting Artifactory +To delete the Artifactory HA cluster + +On helm v2: +```bash +helm delete --purge artifactory-ha +``` + +On helm v3: +```bash +helm delete artifactory-ha --namespace artifactory-ha +``` + +This will completely delete your Artifactory HA cluster. +**NOTE:** Since Artifactory is running as Kubernetes Stateful Sets, the removal of the helm release will **not** remove the persistent volumes. You need to explicitly remove them +```bash +kubectl delete pvc -l release=artifactory-ha +``` +See more details in the official [Kubernetes Stateful Set removal page](https://kubernetes.io/docs/tasks/run-application/delete-stateful-set/) + +### Custom Docker registry for your images +If you need to pull your Docker images from a private registry (for example, when you have a custom image with a MySQL database driver), you need to create a +[Kubernetes Docker registry secret](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/) and pass it to helm +```bash +# Create a Docker registry secret called 'regsecret' +kubectl create secret docker-registry regsecret --docker-server=${DOCKER_REGISTRY} --docker-username=${DOCKER_USER} --docker-password=${DOCKER_PASS} --docker-email=${DOCKER_EMAIL} +``` +Once created, you pass it to `helm` +```bash +helm upgrade --install artifactory-ha --set imagePullSecrets=regsecret --namespace artifactory-ha center/jfrog/artifactory-ha +``` + +### Logger sidecars +This chart provides the option to add sidecars to tail various logs from Artifactory. See the available values in [values.yaml](values.yaml) + +Get list of containers in the pod +```bash +kubectl get pods -n -o jsonpath='{.spec.containers[*].name}' | tr ' ' '\n' +``` + +View specific log +```bash +kubectl logs -n -c +``` + + +### Custom init containers +There are cases where a special, unsupported init processes is needed like checking something on the file system or testing something before spinning up the main container. + +For this, there is a section for writing custom init containers before and after the predefined init containers in the [values.yaml](values.yaml) . By default it's commented out +```yaml +artifactory: + ## Add custom init containers executed before predefined init containers + customInitContainersBegin: | + ## Init containers template goes here ## + ## Add custom init containers executed after predefined init containers + customInitContainers: | + ## Init containers template goes here ## +``` + +### Custom sidecar containers +There are cases where an extra sidecar container is needed. For example monitoring agents or log collection. + +For this, there is a section for writing a custom sidecar container in the [values.yaml](values.yaml). By default it's commented out +```yaml +artifactory: + ## Add custom sidecar containers + customSidecarContainers: | + ## Sidecar containers template goes here ## +``` + +You can configure the sidecar to run as a custom user if needed by setting the following in the container template +```yaml + # Example of running container as root (id 0) + securityContext: + runAsUser: 0 + fsGroup: 0 +``` + +### Custom volumes +If you need to use a custom volume in a custom init or sidecar container, you can use this option. + +For this, there is a section for defining custom volumes in the [values.yaml](values.yaml). By default it's commented out +```yaml +artifactory: + ## Add custom volumes + customVolumes: | + ## Custom volume comes here ## +``` + +### Custom secrets +If you need to add a custom secret in a custom init or sidecar container, you can use this option. + +For this, there is a section for defining custom secrets in the [values.yaml](values.yaml). By default it's commented out +```yaml +artifactory: + # Add custom secrets - secret per file + customSecrets: + - name: custom-secret + key: custom-secret.yaml + data: > + secret data +``` + +To use a custom secret, need to define a custom volume. +```yaml +artifactory: + ## Add custom volumes + customVolumes: | + - name: custom-secret + secret: + secretName: custom-secret +``` + +To use a volume, need to define a volume mount as part of a custom init or sidecar container. +```yaml +artifactory: + customSidecarContainers: + - name: side-car-container + volumeMounts: + - name: custom-secret + mountPath: /opt/custom-secret.yaml + subPath: custom-secret.yaml + readOnly: true +``` + +### Add Artifactory User Plugin during installation +If you need to add [Artifactory User Plugin](https://github.com/jfrog/artifactory-user-plugins), you can use this option. + +Create a secret with [Artifactory User Plugin](https://github.com/jfrog/artifactory-user-plugins) by following command: +```bash +# Secret with single user plugin +kubectl create secret generic archive-old-artifacts --from-file=archiveOldArtifacts.groovy --namespace=artifactory-ha + +# Secret with single user plugin with configuration file +kubectl create secret generic webhook --from-file=webhook.groovy --from-file=webhook.config.json.sample --namespace=artifactory-ha +``` + +Add plugin secret names to `plugins.yaml` as following: +```yaml +artifactory: + userPluginSecrets: + - archive-old-artifacts + - webhook +``` + +You can now pass the created `plugins.yaml` file to helm install command to deploy Artifactory with user plugins as follows: +```bash +helm upgrade --install artifactory-ha -f plugins.yaml --namespace artifactory-ha center/jfrog/artifactory-ha +``` + +Alternatively, you may be in a situation in which you would like to create a secret in a Helm chart that depends on this chart. In this scenario, the name of the secret is likely dynamically generated via template functions, so passing a statically named secret isn't possible. In this case, the chart supports evaluating strings as templates via the [`tpl`](https://helm.sh/docs/charts_tips_and_tricks/#using-the-tpl-function) function - simply pass the raw string containing the templating language used to name your secret as a value instead by adding the following to your chart's `values.yaml` file: +```yaml +artifactory-ha: # Name of the artifactory-ha dependency + artifactory: + userPluginSecrets: + - '{{ template "my-chart.fullname" . }}' +``` +For additional information, please refer [here](https://www.jfrog.com/confluence/display/JFROG/User+Plugins). + +### Provide custom configMaps to Artifactory +If you want to mount a custom file to Artifactory, either an init shell script or a custom configuration file (such as `logback.xml`), you can use this option. + +Create a `configmaps.yaml` file with the following content: +```yaml +artifactory: + configMaps: | + logback.xml: | + + + + + %date [%-5level] \(%-20c{3}:%L\) %message%n + + + + + + + + + + + + + + + my-custom-post-start-hook.sh: | + echo "This is my custom post start hook" + + customVolumeMounts: | + - name: artifactory-configmaps + mountPath: /tmp/my-config-map + + postStartCommand: | + chmod +x /tmp/my-config-map/my-custom-post-start-hook.sh; + /tmp/my-config-map/my-custom-post-start-hook.sh; + + copyOnEveryStartup: + - source: /tmp/my-config-map/logback.xml + target: etc/ + +``` + +and use it with you helm install/upgrade: +```bash +helm upgrade --install artifactory-ha -f configmaps.yaml --namespace artifactory-ha center/jfrog/artifactory-ha +``` + +This will, in turn: +* create a configMap with the files you specified above +* create a volume pointing to the configMap with the name `artifactory-configmaps` +* Mount said configMap onto `/tmp/my-config-map` using a `customVolumeMounts` +* Set the shell script we mounted as the `postStartCommand` +* Copy the `logback.xml` file to its proper location in the `$ARTIFACTORY_HOME/etc` directory. + +### Establishing TLS and Adding certificates +In HTTPS, the communication protocol is encrypted using Transport Layer Security (TLS). By default, TLS between JFrog Platform nodes is disabled. +When TLS is enabled, JFrog Access acts as the Certificate Authority (CA) signs the TLS certificates used by all the different JFrog Platform nodes. + +To establish TLS between JFrog Platform nodes: +Enable TLS by changing the tls entry (under the security section) in the access.config.yaml file. For more info, Please refer [here](https://www.jfrog.com/confluence/display/JFROG/Managing+TLS+Certificates#ManagingTLSCertificates) + +To enable tls in charts, set `tls` to true under `access` in [values.yaml](values.yaml). By default it's false +```yaml +access: + accessConfig: + security: + tls: true +``` + +To add custom tls certificates, create a tls secret from the certificate files. + +```bash +kubectl create secret tls --cert=ca.crt --key=ca.private.key +``` + +For resetting access certificates , you can set `resetAccessCAKeys` to true under access section in [values.yaml](values.yaml) and perform an helm upgrade. +* Note : Once helm upgrade is done, set `resetAccessCAKeys` to false for subsequent upgrades (to avoid resetting access certificates on every helm upgrade) +```yaml +access: + accessConfig: + security: + tls: true + customCertificatesSecretName: + resetAccessCAKeys: true +``` + +### Artifactory filebeat +If you want to collect logs from your Artifactory installation and send them to a central log collection solution like ELK, you can use this option. + +Create a `filebeat.yaml` values file with the following content: +```yaml +filebeat: + enabled: true + logstashUrl: + resources: + requests: + memory: "100Mi" + cpu: "100m" + limits: + memory: "100Mi" + cpu: "100m" +``` + +You can optionally customize the `filebeat.yaml` to send output to a different location like so: +```yaml +filebeat: + enabled: true + filebeatYml: | + +``` + +and use it with you helm install/upgrade: +```bash +helm upgrade --install artifactory-ha -f filebeat.yaml --namespace artifactory-ha center/jfrog/artifactory +``` + +This will start sending your Artifactory logs to the log aggregator of your choice, based on your configuration in the `filebeatYml` + +### Install Artifactory HA with Nginx and Terminate SSL in Nginx Service(LoadBalancer). +To install the helm chart with performing SSL offload in the LoadBalancer layer of Nginx +For Ex: Using AWS ACM certificates to do SSL offload in the loadbalancer layer. +In order to do that, simply add the following to a `artifactory-ssl-values.yaml` file: +```yaml + nginx: + https: + enabled: false + service: + ssloffload: true + annotations: + service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:xx-xxxx:xxxxxxxx:certificate/xxxxxxxxxxxxx" + service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http" + service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https" +``` + +and use it with you helm install/upgrade: +```bash +helm upgrade --install artifactory -f artifactory-ssl-values.yaml --namespace artifactory center/jfrog/artifactory +``` + +### Ingress and TLS +To get Helm to create an ingress object with a hostname, add these below lines to `artifactory-ingress-values.yaml` file +```yaml + ingress: + enabled: true + hosts: + - artifactory.company.com + artifactory: + service: + type: NodePort + nginx + enabled: false +``` + +and use it with you helm install/upgrade: +```bash +helm upgrade --install artifactory -f artifactory-ingress-values.yaml--namespace artifactory center/jfrog/artifactory +``` + +If your cluster allows automatic creation/retrieval of TLS certificates (e.g. [cert-manager](https://github.com/jetstack/cert-manager)), please refer to the documentation for that mechanism. + +To manually configure TLS, first create/retrieve a key & certificate pair for the address(es) you wish to protect. Then create a TLS secret in the namespace: + +```bash +kubectl create secret tls artifactory-tls --cert=path/to/tls.cert --key=path/to/tls.key +``` + +Include the secret's name, along with the desired hostnames, in the Artifactory Ingress TLS section of your custom `values.yaml` file: + +```yaml + ingress: + ## If true, Artifactory Ingress will be created + ## + enabled: true + + ## Artifactory Ingress hostnames + ## Must be provided if Ingress is enabled + ## + hosts: + - artifactory.domain.com + annotations: + kubernetes.io/tls-acme: "true" + ## Artifactory Ingress TLS configuration + ## Secrets must be manually created in the namespace + ## + tls: + - secretName: artifactory-tls + hosts: + - artifactory.domain.com +``` + +### Ingress annotations + +This example specifically enables Artifactory to work as a Docker Registry using the Repository Path method. See [Artifactory as Docker Registry](https://www.jfrog.com/confluence/display/RTF/Getting+Started+with+Artifactory+as+a+Docker+Registry) documentation for more information about this setup. + +```yaml +ingress: + enabled: true + defaultBackend: + enabled: false + hosts: + - myhost.example.com + annotations: + ingress.kubernetes.io/force-ssl-redirect: "true" + ingress.kubernetes.io/proxy-body-size: "0" + ingress.kubernetes.io/proxy-read-timeout: "600" + ingress.kubernetes.io/proxy-send-timeout: "600" + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/configuration-snippet: | + rewrite ^/(v2)/token /artifactory/api/docker/null/v2/token; + rewrite ^/(v2)/([^\/]*)/(.*) /artifactory/api/docker/$2/$1/$3; + nginx.ingress.kubernetes.io/proxy-body-size: "0" + tls: + - hosts: + - "myhost.example.com" +``` + +### Ingress additional rules + +You have the option to add additional ingress rules to the Artifactory ingress. An example for this use case can be routing the /xray path to Xray. +In order to do that, simply add the following to a `artifactory-ha-values.yaml` file: +```yaml +ingress: + enabled: true + + defaultBackend: + enabled: false + + annotations: + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/configuration-snippet: | + rewrite "(?i)/xray(/|$)(.*)" /$2 break; + + additionalRules: | + - host: + http: + paths: + - path: / + backend: + serviceName: + servicePort: + - path: /xray + backend: + serviceName: + servicePort: + - path: /artifactory + backend: + serviceName: {{ template "artifactory.nginx.fullname" . }} + servicePort: {{ .Values.nginx.externalPortHttp }} +``` + +and running: +```bash +helm upgrade --install artifactory-ha --namespace artifactory-ha center/jfrog/artifactory-ha -f artifactory-ha-values.yaml +``` + +### Dedicated Ingress object for replicator service + +You have the option to add additional ingress object to the Replicator service. An example for this use case can be routing the /replicator/ path to Artifactory. +In order to do that, simply add the following to a `artifactory-values.yaml` file: + +```yaml +artifactory: + replicator: + enabled: true + ingress: + name: + hosts: + - myhost.example.com + annotations: + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/proxy-buffering: "off" + nginx.ingress.kubernetes.io/configuration-snippet: | + chunked_transfer_encoding on; + tls: + - hosts: + - "myhost.example.com" + secretName: +``` + +### Ingress behind another load balancer +If you are running a load balancer, that is used to offload the TLS, in front of Nginx Ingress Controller, or if you are setting **X-Forwarded-*** headers, you might want to enable **'use-forwarded-headers=true'** option. Otherwise nginx will be filling those headers with the request information it receives from the external load balancer. + +To enable it with `helm install` +```bash +helm upgrade --install nginx-ingress --namespace nginx-ingress stable/nginx-ingress --set-string controller.config.use-forwarded-headers=true +``` +or `helm upgrade` +```bash +helm upgrade nginx-ingress --set-string controller.config.use-forwarded-headers=true stable/nginx-ingress +``` +or create a values.yaml file with the following content: +```yaml +controller: + config: + use-forwarded-headers: "true" +``` +Then install nginx-ingress with the values file you created: +```bash +helm upgrade --install nginx-ingress --namespace nginx-ingress stable/nginx-ingress -f values.yaml +``` + +## Configuration +The following table lists the configurable parameters of the artifactory chart and their default values. + +| Parameter | Description | Default | +|------------------------------|-----------------------------------|-------------------------------------------------------| +| `imagePullSecrets` | Docker registry pull secret | | +| `serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | +| `serviceAccount.name` | The name of the ServiceAccount to create | Generated using the fullname template | +| `serviceAccount.annotations` | Artifactory service account annotations | `` | +| `rbac.create` | Specifies whether RBAC resources should be created | `true` | +| `rbac.role.rules` | Rules to create | `[]` | +| `logger.image.repository` | repository for logger image | `busybox` | +| `logger.image.tag` | tag for logger image | `1.30` | +| `artifactory.name` | Artifactory name | `artifactory` | +| `artifactory.image.pullPolicy` | Container pull policy | `IfNotPresent` | +| `artifactory.image.repository` | Container image | `docker.bintray.io/jfrog/artifactory-pro` | +| `artifactory.image.version` | Container image tag | `.Chart.AppVersion` | +| `artifactory.priorityClass.create` | Create a PriorityClass object | `false` | +| `artifactory.priorityClass.value` | Priority Class value | `1000000000` | +| `artifactory.priorityClass.name` | Priority Class name | `{{ template "artifactory-ha.fullname" . }}` | +| `artifactory.priorityClass.existingPriorityClass` | Use existing priority class | `` | +| `artifactory.loggers` | Artifactory loggers (see values.yaml for possible values) | `[]` | +| `artifactory.loggersResources.requests.memory` | Artifactory loggers initial memory request | | +| `artifactory.loggersResources.requests.cpu` | Artifactory loggers initial cpu request | | +| `artifactory.loggersResources.limits.memory` | Artifactory loggers memory limit | | +| `artifactory.loggersResources.limits.cpu` | Artifactory loggers cpu limit | | +| `artifactory.catalinaLoggers` | Artifactory Tomcat loggers (see values.yaml for possible values) | `[]` | +| `artifactory.catalinaLoggersResources.requests.memory` | Artifactory Tomcat loggers initial memory request | | +| `artifactory.catalinaLoggersResources.requests.cpu` | Artifactory Tomcat loggers initial cpu request | | +| `artifactory.catalinaLoggersResources.limits.memory` | Artifactory Tomcat loggers memory limit | | +| `artifactory.catalinaLoggersResources.limits.cpu` | Artifactory Tomcat loggers cpu limit | | +| `artifactory.customInitContainersBegin`| Custom init containers to run before existing init containers | | +| `artifactory.customInitContainers`| Custom init containers to run after existing init containers | | +| `artifactory.customSidecarContainers`| Custom sidecar containers | | +| `artifactory.customVolumes` | Custom volumes | | +| `artifactory.customVolumeMounts` | Custom Artifactory volumeMounts | | +| `artifactory.customPersistentPodVolumeClaim` | Custom PVC spec to create and attach a unique PVC for each pod on startup with the volumeClaimTemplates feature in StatefulSet | | +| `artifactory.customPersistentVolumeClaim` | Custom PVC spec to be mounted to the all artifactory containers using a volume | | +| `artifactory.customSecrets` | Custom secrets | | +| `artifactory.userPluginSecrets` | Array of secret names for Artifactory user plugins | | +| `artifactory.masterKey` | Artifactory master key. A 128-Bit key size (hexadecimal encoded) string (32 hex characters). Can be generated with `openssl rand -hex 32`. NOTE: This key can be generated only once and cannot be updated once created |``| +| `artifactory.masterKeySecretName` | Artifactory Master Key secret name | | +| `artifactory.joinKey` | Join Key to connect other services to Artifactory. Can be generated with `openssl rand -hex 32` | `` | +| `artifactory.joinKeySecretName` | Artifactory join Key secret name | | +| `artifactory.admin.ip` | Artifactory admin ip to be set upon startup, can use (*) for 0.0.0.0| `127.0.0.1` | +| `artifactory.admin.username` | Artifactory admin username to be set upon startup| `admin` | +| `artifactory.admin.password` | Artifactory admin password to be set upon startup| | +| `artifactory.admin.secret` | Artifactory admin secret name | | +| `artifactory.admin.dataKey` | Artifactory admin secret data key | | +| `artifactory.preStartCommand` | Command to run before entrypoint starts | | +| `artifactory.postStartCommand` | Command to run after container starts. Supports templating with `tpl` | | +| `artifactory.license.licenseKey` | Artifactory license key. Providing the license key as a parameter will cause a secret containing the license key to be created as part of the release. Use either this setting or the license.secret and license.dataKey. If you use both, the latter will be used. | | +| `artifactory.configMaps` | configMaps to be created as volume by the name `artifactory-configmaps`. In order to use these configMaps, you will need to add `customVolumeMounts` to point to the created volume and mount it onto a container | | +| `artifactory.license.secret` | Artifactory license secret name | | +| `artifactory.license.dataKey`| Artifactory license secret data key | | +| `artifactory.service.name` | Artifactory service name to be set in Nginx configuration | `artifactory` | +| `artifactory.service.type` | Artifactory service type | `ClusterIP` | +| `artifactory.service.clusterIP`| Specific cluster IP or `None` for headless services | `nil` | +| `artifactory.service.loadBalancerSourceRanges`| Artifactory service array of IP CIDR ranges to whitelist (only when service type is LoadBalancer) | | +| `artifactory.service.annotations` | Artifactory service annotations | `{}` | +| `artifactory.service.pool` | Artifactory instances to be in the load balancing pool. `members` or `all` | `members` | +| `artifactory.externalPort` | Artifactory service external port | `8082` | +| `artifactory.internalPort` | Artifactory service internal port (**DO NOT** use port lower than 1024) | `8082` | +| `artifactory.internalArtifactoryPort` | Artifactory service internal port (**DO NOT** use port lower than 1024) | `8081` | +| `artifactory.externalArtifactoryPort` | Artifactory service external port | `8081` | +| `artifactory.extraEnvironmentVariables` | Extra environment variables to pass to Artifactory. Supports evaluating strings as templates via the [`tpl`](https://helm.sh/docs/charts_tips_and_tricks/#using-the-tpl-function) function. See [documentation](https://www.jfrog.com/confluence/display/RTF/Installing+with+Docker#InstallingwithDocker-SupportedEnvironmentVariables) | | +| `artifactory.livenessProbe.enabled` | Enable liveness probe | `true` | +| `artifactory.livenessProbe.path` | liveness probe HTTP Get path | `/router/api/v1/system/health` | +| `artifactory.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 180 | +| `artifactory.livenessProbe.periodSeconds` | How often to perform the probe | 10 | +| `artifactory.livenessProbe.timeoutSeconds` | When the probe times out | 10 | +| `artifactory.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | 1 | +| `artifactory.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 10 | +| `artifactory.readinessProbe.enabled` | would you like a readinessProbe to be enabled | `true` | +| `artifactory.readinessProbe.path` | readiness probe HTTP Get path | `/router/api/v1/system/health` | +| `artifactory.readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | 60 | +| `artifactory.readinessProbe.periodSeconds` | How often to perform the probe | 10 | +| `artifactory.readinessProbe.timeoutSeconds` | When the probe times out | 10 | +| `artifactory.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | 1 | +| `artifactory.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 10 | +| `artifactory.copyOnEveryStartup` | List of files to copy on startup from source (which is absolute) to target (which is relative to ARTIFACTORY_HOME | | +| `artifactory.deleteDBPropertiesOnStartup` | Whether to delete the ARTIFACTORY_HOME/etc/db.properties file on startup. Disabling this will remove the ability for the db.properties to be updated with any DB-related environment variables change (e.g. DB_HOST, DB_URL) | `true` | +| `artifactory.database.maxOpenConnections` | Maximum amount of open connections from Artifactory to the DB | `80` | +| `artifactory.haDataDir.enabled` | Enable haDataDir for eventual storage in the HA cluster | `false` | +| `artifactory.haDataDir.path` | Path to the directory intended for use with NFS eventual configuration for HA | | +| `artifactory.haBackupDir.enabled` | Enable haBackupDir for eventual storage in the HA cluster | `false` | +| `artifactory.haBackupDir.path` | Path to the directory intended for use with NFS eventual configuration for HA | | +| `artifactory.haBackupDir.enabled` | Enable haBackupDir for eventual storage in the HA cluster | `false` | +| `artifactory.haBackupDir.path` | Path to the directory intended for use with NFS eventual configuration for HA | | +| `artifactory.migration.timeoutSeconds` | Artifactory migration Maximum Time out in seconds| `3600` | +| `artifactory.migration.enabled` | Artifactory migration enabled or disabled | `true` | +| `artifactory.persistence.mountPath` | Artifactory persistence volume mount path | `"/var/opt/jfrog/artifactory"` | +| `artifactory.persistence.enabled` | Artifactory persistence volume enabled | `true` | +| `artifactory.persistence.accessMode` | Artifactory persistence volume access mode | `ReadWriteOnce` | +| `artifactory.persistence.size` | Artifactory persistence or local volume size | `200Gi` | +| `artifactory.persistence.binarystore.enabled` | whether you want to mount the binarystore.xml file from a secret created by the chart. If `false` you will need need to get the binarystore.xml file into the file-system from either an `initContainer` or using a `preStartCommand` | `true` | +| `artifactory.persistence.binarystoreXml` | Artifactory binarystore.xml template | See `values.yaml` | +| `artifactory.persistence.customBinarystoreXmlSecret` | A custom Secret for binarystore.xml | `` | +| `artifactory.persistence.maxCacheSize` | Artifactory cache-fs provider maxCacheSize in bytes | `50000000000` | +| `artifactory.persistence.cacheProviderDir` | the root folder of binaries for the filestore cache. If the value specified starts with a forward slash ("/") it is considered the fully qualified path to the filestore folder. Otherwise, it is considered relative to the *baseDataDir*. | `cache` | +| `artifactory.persistence.type` | Artifactory HA storage type | `file-system` | +| `artifactory.persistence.redundancy` | Artifactory HA storage redundancy | `3` | +| `artifactory.persistence.nfs.ip` | NFS server IP | | +| `artifactory.persistence.nfs.haDataMount` | NFS data directory | `/data` | +| `artifactory.persistence.nfs.haBackupMount` | NFS backup directory | `/backup` | +| `artifactory.persistence.nfs.dataDir` | HA data directory | `/var/opt/jfrog/artifactory-ha` | +| `artifactory.persistence.nfs.backupDir` | HA backup directory | `/var/opt/jfrog/artifactory-backup` | +| `artifactory.persistence.nfs.capacity` | NFS PVC size | `200Gi` | +| `artifactory.persistence.nfs.mountOptions` | NFS mount options | `[]` | +| `artifactory.persistence.eventual.numberOfThreads` | Eventual number of threads | `10` | +| `artifactory.persistence.googleStorage.endpoint` | Google Storage API endpoint| `storage.googleapis.com` | +| `artifactory.persistence.googleStorage.httpsOnly` | Google Storage API has to be consumed https only| `false` | +| `artifactory.persistence.googleStorage.bucketName` | Google Storage bucket name | `artifactory-ha` | +| `artifactory.persistence.googleStorage.identity` | Google Storage service account id | | +| `artifactory.persistence.googleStorage.credential` | Google Storage service account key | | +| `artifactory.persistence.googleStorage.path` | Google Storage path in bucket | `artifactory-ha/filestore` | +| `artifactory.persistence.googleStorage.bucketExists`| Google Storage bucket exists therefore does not need to be created.| `false` | +| `artifactory.persistence.awsS3.bucketName` | AWS S3 bucket name | `artifactory-ha` | +| `artifactory.persistence.awsS3.endpoint` | AWS S3 bucket endpoint | See https://docs.aws.amazon.com/general/latest/gr/rande.html | +| `artifactory.persistence.awsS3.region` | AWS S3 bucket region | | +| `artifactory.persistence.awsS3.roleName` | AWS S3 IAM role name | | +| `artifactory.persistence.awsS3.identity` | AWS S3 AWS_ACCESS_KEY_ID | | +| `artifactory.persistence.awsS3.credential` | AWS S3 AWS_SECRET_ACCESS_KEY | | +| `artifactory.persistence.awsS3.properties` | AWS S3 additional properties | | +| `artifactory.persistence.awsS3.path` | AWS S3 path in bucket | `artifactory-ha/filestore` | +| `artifactory.persistence.awsS3.refreshCredentials` | AWS S3 renew credentials on expiration | `true` (When roleName is used, this parameter will be set to true) | +| `artifactory.persistence.awsS3.httpsOnly` | AWS S3 https access to the bucket only | `true` | +| `artifactory.persistence.awsS3.testConnection` | AWS S3 test connection on start up | `false` | +| `artifactory.persistence.awsS3.s3AwsVersion` | AWS S3 signature version | `AWS4-HMAC-SHA256` | +| `artifactory.persistence.awsS3V3.testConnection` | AWS S3 test connection on start up | `false` | +| `artifactory.persistence.awsS3V3.identity` | AWS S3 AWS_ACCESS_KEY_ID | | +| `artifactory.persistence.awsS3V3.credential` | AWS S3 AWS_SECRET_ACCESS_KEY | | +| `artifactory.persistence.awsS3V3.region` | AWS S3 bucket region | | +| `artifactory.persistence.awsS3V3.bucketName` | AWS S3 bucket name | `artifactory-aws` | +| `artifactory.persistence.awsS3V3.path` | AWS S3 path in bucket | `artifactory/filestore` | +| `artifactory.persistence.awsS3V3.endpoint` | AWS S3 bucket endpoint | See https://docs.aws.amazon.com/general/latest/gr/rande.html | +| `artifactory.persistence.awsS3V3.maxConnections` | AWS S3 bucket maxConnections | `50` | +| `artifactory.persistence.awsS3V3.kmsServerSideEncryptionKeyId` | AWS S3 encryption key ID or alias | | +| `artifactory.persistence.awsS3V3.kmsKeyRegion` | AWS S3 KMS Key region | | +| `artifactory.persistence.awsS3V3.kmsCryptoMode` | AWS S3 KMS encryption mode | See https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore#ConfiguringtheFilestore-AmazonS3OfficialSDKTemplate | +| `artifactory.persistence.awsS3V3.useInstanceCredentials` | AWS S3 Use default authentication mechanism | See https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore#ConfiguringtheFilestore-authentication | +| `artifactory.persistence.awsS3V3.usePresigning` | AWS S3 Use URL signing | `false` | +| `artifactory.persistence.awsS3V3.signatureExpirySeconds` | AWS S3 Validity period in seconds for signed URLs | `300` | +| `artifactory.persistence.awsS3V3.cloudFrontDomainName` | AWS CloudFront domain name | See https://www.jfrog.com/confluence/display/RTF/Direct+Cloud+Storage+Download#DirectCloudStorageDownload-UsingCloudFront(Optional)| +| `artifactory.persistence.awsS3V3.cloudFrontKeyPairId` | AWS CloudFront key pair ID | See https://www.jfrog.com/confluence/display/RTF/Direct+Cloud+Storage+Download#DirectCloudStorageDownload-UsingCloudFront(Optional)| +| `artifactory.persistence.awsS3V3.cloudFrontPrivateKey` | AWS CloudFront private key | See https://www.jfrog.com/confluence/display/RTF/Direct+Cloud+Storage+Download#DirectCloudStorageDownload-UsingCloudFront(Optional)| +| `artifactory.persistence.azureBlob.accountName` | Azure Blob Storage account name | `` | +| `artifactory.persistence.azureBlob.accountKey` | Azure Blob Storage account key | `` | +| `artifactory.persistence.azureBlob.endpoint` | Azure Blob Storage endpoint | `` | +| `artifactory.persistence.azureBlob.containerName` | Azure Blob Storage container name | `` | +| `artifactory.persistence.azureBlob.testConnection` | Azure Blob Storage test connection | `false` | +| `artifactory.persistence.fileSystem.existingSharedClaim` | Enable using an existing shared pvc | `false` | +| `artifactory.persistence.fileStorage.dataDir` | HA data directory | `/var/opt/jfrog/artifactory/artifactory-data` | +| `artifactory.persistence.fileStorage.backupDir` | HA backup directory | `/var/opt/jfrog/artifactory-backup` | +| `artifactory.javaOpts.other` | Artifactory additional java options (for all nodes) | | +| `artifactory.replicator.enabled` | Enable the Replicator service (relevant for Enterprise+ only) | `false` | +| `artifactory.ssh.enabled` | Enable Artifactory SSH access | | +| `artifactory.ssh.internalPort` | Artifactory SSH internal port | `1339` | +| `artifactory.ssh.externalPort` | Artifactory SSH external port | `1339` | +| `artifactory.primary.preStartCommand` | Artifactory primary node preStartCommand to be run after `artifactory.preStartCommand` | | +| `artifactory.primary.labels` | Artifactory primary node labels | `{}` | +| `artifactory.primary.resources.requests.memory` | Artifactory primary node initial memory request | | +| `artifactory.primary.resources.requests.cpu` | Artifactory primary node initial cpu request | | +| `artifactory.primary.resources.limits.memory` | Artifactory primary node memory limit | | +| `artifactory.primary.resources.limits.cpu` | Artifactory primary node cpu limit | | +| `artifactory.primary.javaOpts.xms` | Artifactory primary node java Xms size | | +| `artifactory.primary.javaOpts.xmx` | Artifactory primary node java Xms size | | +| `artifactory.primary.javaOpts.corePoolSize` | The number of async processes that can run in parallel in the primary node - https://jfrog.com/knowledge-base/how-do-i-tune-artifactory-for-heavy-loads/ | `16` | +| `artifactory.primary.javaOpts.jmx.enabled` | Enable JMX monitoring | `false` | +| `artifactory.primary.javaOpts.jmx.port` | JMX Port number | `9010` | +| `artifactory.primary.javaOpts.jmx.host` | JMX hostname (parsed as a helm template) | `{{ template "artifactory-ha.primary.name" $ }}` | +| `artifactory.primary.javaOpts.jmx.ssl` | Enable SSL | `false` | +| `artifactory.primary.javaOpts.jmx.authenticate` | Enable JMX authentication | `false` | +| `artifactory.primary.javaOpts.jmx.accessFile` | The path to the JMX access file, when JMX authentication is enabled | | +| `artifactory.primary.javaOpts.jmx.passwordFile` | The path to the JMX password file, when JMX authentication is enabled | | +| `artifactory.primary.javaOpts.other` | Artifactory primary node additional java options | | +| `artifactory.primary.persistence.existingClaim` | Whether to use an existing pvc for the primary node | `false` | +| `artifactory.node.preStartCommand` | Artifactory member node preStartCommand to be run after `artifactory.preStartCommand` | | +| `artifactory.node.labels` | Artifactory member node labels | `{}` | +| `artifactory.node.replicaCount` | Artifactory member node replica count | `2` | +| `artifactory.node.minAvailable` | Artifactory member node min available count | `1` | +| `artifactory.node.resources.requests.memory` | Artifactory member node initial memory request | | +| `artifactory.node.resources.requests.cpu` | Artifactory member node initial cpu request | | +| `artifactory.node.resources.limits.memory` | Artifactory member node memory limit | | +| `artifactory.node.resources.limits.cpu` | Artifactory member node cpu limit | | +| `artifactory.node.javaOpts.xms` | Artifactory member node java Xms size | | +| `artifactory.node.javaOpts.xmx` | Artifactory member node java Xms size | | +| `artifactory.node.javaOpts.corePoolSize` | The number of async processes that can run in parallel in the member nodes - https://jfrog.com/knowledge-base/how-do-i-tune-artifactory-for-heavy-loads/ | `16` | +| `artifactory.node.javaOpts.jmx.enabled` | Enable JMX monitoring | `false` | +| `artifactory.node.javaOpts.jmx.port` | JMX Port number | `9010` | +| `artifactory.node.javaOpts.jmx.host` | JMX hostname (parsed as a helm template) | `{{ template "artifactory-ha.fullname" $ }}` | +| `artifactory.node.javaOpts.jmx.ssl` | Enable SSL | `false` | +| `artifactory.node.javaOpts.jmx.authenticate` | Enable JMX authentication | `false` | +| `artifactory.node.javaOpts.jmx.accessFile` | The path to the JMX access file, when JMX authentication is enabled | | +| `artifactory.node.javaOpts.jmx.passwordFile` | The path to the JMX password file, when JMX authentication is enabled | | +| `artifactory.node.javaOpts.other` | Artifactory member node additional java options | | +| `artifactory.node.persistence.existingClaim` | Whether to use existing PVCs for the member nodes | `false` | +| `artifactory.terminationGracePeriodSeconds` | Termination grace period (seconds) | `30s` | +| `artifactory.node.waitForPrimaryStartup.enabled` | Whether to wait for the primary node to start before starting up the member nodes | `false` | +| `artifactory.node.waitForPrimaryStartup.time` | The amount of time to wait for the primary node to start before starting up the member nodes | `60` | +| `artifactory.tomcat.connector.maxThreads` | The max number of connections to Artifactory connector | `200` | +| `artifactory.tomcat.connector.extraConfig` | The max queue length for incoming connections to Artifactory connector | `'acceptCount="100"'` | +| `artifactory.systemYaml` | Artifactory system configuration (`system.yaml`) as described here - https://www.jfrog.com/confluence/display/JFROG/Artifactory+System+YAML | `see values.yaml` | +| `artifactory.primary.affinity` | Artifactory primary node affinity | `{}` | +| `artifactory.node.affinity` | Artifactory member node affinity | `{}` | +| `access.database.maxOpenConnections` | Maximum amount of open connections from Access to the DB | `80` | +| `access.tomcat.connector.maxThreads` | The max number of connections to Aceess connector | `50` | +| `access.tomcat.connector.extraConfig` | The max queue length for incoming connections to Access connector | `'acceptCount="100"'` | +| `initContainers.resources.requests.memory` | Init containers initial memory request | | +| `initContainers.resources.requests.cpu` | Init containers initial cpu request | | +| `initContainers.resources.limits.memory` | Init containers memory limit | | +| `initContainers.resources.limits.cpu` | Init containers cpu limit | | +| `ingress.enabled` | If true, Artifactory Ingress will be created | `false` | +| `ingress.annotations` | Artifactory Ingress annotations | `{}` | +| `ingress.labels` | Artifactory Ingress labels | `{}` | +| `ingress.hosts` | Artifactory Ingress hostnames | `[]` | +| `ingress.routerPath` | Router Ingress path | `/` | +| `ingress.artifactoryPath` | Artifactory Ingress path | `/artifactory` | +| `ingress.tls` | Artifactory Ingress TLS configuration (YAML) | `[]` | +| `ingress.defaultBackend.enabled` | If true, the default `backend` will be added using serviceName and servicePort | `true` | +| `ingress.annotations` | Ingress annotations, which are written out if annotations section exists in values. Everything inside of the annotations section will appear verbatim inside the resulting manifest. See `Ingress annotations` section below for examples of how to leverage the annotations, specifically for how to enable docker authentication. | | +| `ingress.additionalRules` | Ingress additional rules to be added to the Artifactory ingress. | `[]` | +| `metadata.database.maxOpenConnections` | Maximum amount of open connections from metadata to the DB | `80` | +| `nginx.enabled` | Deploy nginx server | `true` | +| `nginx.kind` | Nginx object kind, for example `DaemonSet`, `Deployment` or `StatefulSet` | `Deployment` | +| `nginx.name` | Nginx name | `nginx` | +| `nginx.replicaCount` | Nginx replica count | `1` | +| `nginx.uid` | Nginx User Id | `104` | +| `nginx.gid` | Nginx Group Id | `107` | +| `nginx.image.repository` | Container image | `docker.bintray.io/jfrog/nginx-artifactory-pro` | +| `nginx.image.version` | Container version | `.Chart.AppVersion` | +| `nginx.image.pullPolicy` | Container pull policy | `IfNotPresent` | +| `nginx.labels` | Nginx deployment labels | `{}` | +| `nginx.minAvailable` | Nginx node min available count | `0` | +| `nginx.loggers` | Nginx loggers (see values.yaml for possible values) | `[]` | +| `nginx.loggersResources.requests.memory` | Nginx logger initial memory request | | +| `nginx.loggersResources.requests.cpu` | Nginx logger initial cpu request | | +| `nginx.loggersResources.limits.memory` | Nginx logger memory limit | | +| `nginx.loggersResources.limits.cpu` | Nginx logger cpu limit | | +| `nginx.logs.stderr` | Send nginx logs to stderr | false | +| `nginx.logs.level` | Nginx log level: debug, info, notice, warn, error, crit, alert, or emerg | warn | +| `nginx.mainConf` | Content of the Artifactory nginx main nginx.conf config file | `see values.yaml` | +| `nginx.artifactoryConf` | Content of Artifactory nginx artifactory.conf config file | `see values.yaml` | +| `nginx.service.type` | Nginx service type | `LoadBalancer` | +| `nginx.service.clusterIP` | Specific cluster IP or `None` for headless services | `nil` | +| `nginx.service.loadBalancerSourceRanges`| Nginx service array of IP CIDR ranges to whitelist (only when service type is LoadBalancer) | | +| `nginx.service.labels` | Nginx service labels | `{}` | +| `nginx.service.annotations` | Nginx service annotations | `{}` | +| `nginx.service.ssloffload` | Nginx service SSL offload | false | +| `nginx.service.externalTrafficPolicy`| Nginx service desires to route external traffic to node-local or cluster-wide endpoints. | `Cluster` | +| `nginx.loadBalancerIP`| Provide Static IP to configure with Nginx | | +| `nginx.http.enabled` | Nginx http service enabled/disabled | true | +| `nginx.http.externalPort` | Nginx service external port | `80` | +| `nginx.http.internalPort` | Nginx service internal port | `80` | +| `nginx.https.enabled` | Nginx http service enabled/disabled | true | +| `nginx.https.externalPort` | Nginx service external port | `443` | +| `nginx.https.internalPort` | Nginx service internal port | `443` | +| `nginx.ssh.internalPort` | Nginx SSH internal port | `22` | +| `nginx.ssh.externalPort` | Nginx SSH external port | `22` | +| `nginx.externalPortHttp` | DEPRECATED: Nginx service external port | `80` | +| `nginx.internalPortHttp` | DEPRECATED: Nginx service internal port | `80` | +| `nginx.externalPortHttps` | DEPRECATED: Nginx service external port | `443` | +| `nginx.internalPortHttps` | DEPRECATED: Nginx service internal port | `443` | +| `nginx.livenessProbe.enabled` | would you like a liveness Probe to be enabled | `true` | +| `nginx.livenessProbe.path` | liveness probe HTTP Get path | `/router/api/v1/system/health` | +| `nginx.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 100 | +| `nginx.livenessProbe.periodSeconds` | How often to perform the probe | 10 | +| `nginx.livenessProbe.timeoutSeconds` | When the probe times out | 10 | +| `nginx.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | 1 | +| `nginx.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 10 | +| `nginx.readinessProbe.enabled` | would you like a readinessProbe to be enabled | `true` | +| `nginx.readinessProbe.path` | Readiness probe HTTP Get path | `/router/api/v1/system/health` | +| `nginx.readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | 60 | +| `nginx.readinessProbe.periodSeconds` | How often to perform the probe | 10 | +| `nginx.readinessProbe.timeoutSeconds` | When the probe times out | 10 | +| `nginx.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | 1 | +| `nginx.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 10 | +| `nginx.tlsSecretName` | SSL secret that will be used by the Nginx pod | | +| `nginx.customConfigMap` | Nginx CustomeConfigMap name for `nginx.conf` | ` ` | +| `nginx.customArtifactoryConfigMap`| Nginx CustomeConfigMap name for `artifactory-ha.conf` | ` ` | +| `nginx.resources.requests.memory` | Nginx initial memory request | `250Mi` | +| `nginx.resources.requests.cpu` | Nginx initial cpu request | `100m` | +| `nginx.resources.limits.memory` | Nginx memory limit | `250Mi` | +| `nginx.resources.limits.cpu` | Nginx cpu limit | `500m` | +| `nginx.persistence.mountPath` | Nginx persistence volume mount path | `"/var/opt/jfrog/nginx"` | +| `nginx.persistence.enabled` | Nginx persistence volume enabled. This is only available when the nginx.replicaCount is set to 1 | `false` | +| `nginx.persistence.accessMode` | Nginx persistence volume access mode | `ReadWriteOnce` | +| `nginx.persistence.size` | Nginx persistence volume size | `5Gi` | +| `waitForDatabase` | Wait for database (using wait-for-db init container) | `true` | +| `postgresql.enabled` | Use enclosed PostgreSQL as database | `true` | +| `postgresql.image.registry` | PostgreSQL image registry | `docker.bintray.io` | +| `postgresql.image.repository` | PostgreSQL image repository | `bitnami/postgresql` | +| `postgresql.image.tag` | PostgreSQL image tag | `9.6.18-debian-10-r7` | +| `postgresql.postgresqlDatabase` | PostgreSQL database name | `artifactory` | +| `postgresql.postgresqlUsername` | PostgreSQL database user | `artifactory` | +| `postgresql.postgresqlPassword` | PostgreSQL database password | | +| `postgresql.postgresqlExtendedConf.listenAddresses` | PostgreSQL listen address | `"'*'"` | +| `postgresql.postgresqlExtendedConf.maxConnections` | PostgreSQL max_connections parameter | `1500` | +| `postgresql.persistence.enabled` | PostgreSQL use persistent storage | `true` | +| `postgresql.persistence.size` | PostgreSQL persistent storage size | `50Gi` | +| `postgresql.service.port` | PostgreSQL database port | `5432` | +| `postgresql.resources.requests.memory` | PostgreSQL initial memory request | | +| `postgresql.resources.requests.cpu` | PostgreSQL initial cpu request | | +| `postgresql.resources.limits.memory` | PostgreSQL memory limit | | +| `postgresql.resources.limits.cpu` | PostgreSQL cpu limit | | +| `postgresql.master.nodeSelector` | PostgreSQL master node selector | `{}` | +| `postgresql.master.affinity` | PostgreSQL master node affinity | `{}` | +| `postgresql.master.tolerations` | PostgreSQL master node tolerations | `[]` | +| `postgresql.slave.nodeSelector` | PostgreSQL slave node selector | `{}` | +| `postgresql.slave.affinity` | PostgreSQL slave node affinity | `{}` | +| `postgresql.slave.tolerations` | PostgreSQL slave node tolerations | `[]` | +| `database.type` | External database type (`postgresql`, `mysql`, `oracle` or `mssql`) | | +| `database.driver` | External database driver e.g. `org.postgresql.Driver` | | +| `database.url` | External database connection URL | | +| `database.user` | External database username | | +| `database.password` | External database password | | +| `database.secrets.user.name` | External database username `Secret` name | | +| `database.secrets.user.key` | External database username `Secret` key | | +| `database.secrets.password.name` | External database password `Secret` name | | +| `database.secrets.password.key` | External database password `Secret` key | | +| `database.secrets.url.name ` | External database url `Secret` name | | +| `database.secrets.url.key` | External database url `Secret` key | | +| `networkpolicy.name` | Becomes part of the NetworkPolicy object name | `artifactory` | +| `networkpolicy.podselector` | Contains the YAML that specifies how to match pods. Usually using matchLabels. | | +| `networkpolicy.ingress` | YAML snippet containing to & from rules applied to incoming traffic | `- {}` (open to all inbound traffic) | +| `networkpolicy.egress` | YAML snippet containing to & from rules applied to outgoing traffic | `- {}` (open to all outbound traffic) | +| `filebeat.enabled` | Enable a filebeat container to send your logs to a log management solution like ELK | `false` | +| `filebeat.name` | filebeat container name | `artifactory-filebeat` | +| `filebeat.image.repository` | filebeat Docker image repository | `docker.elastic.co/beats/filebeat` | +| `filebeat.image.version` | filebeat Docker image version | `7.5.1` | +| `filebeat.logstashUrl` | The URL to the central Logstash service, if you have one | `logstash:5044` | +| `filebeat.livenessProbe.exec.command` | liveness probe exec command | see [values.yaml](stable/artifactory-ha/values.yaml) | +| `filebeat.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 10 | +| `filebeat.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 180 | +| `filebeat.livenessProbe.periodSeconds` | How often to perform the probe | 10 | +| `filebeat.readinessProbe.exec.command` | readiness probe exec command | see [values.yaml](stable/artifactory-ha/values.yaml) | +| `filebeat.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 10 | +| `filebeat.readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | 180 | +| `filebeat.readinessProbe.periodSeconds` | How often to perform the probe | 10 | +| `filebeat.resources.requests.memory` | Filebeat initial memory request | | +| `filebeat.resources.requests.cpu` | Filebeat initial cpu request | | +| `filebeat.resources.limits.memory` | Filebeat memory limit | | +| `filebeat.resources.limits.cpu` | Filebeat cpu limit | | +| `filebeat.filebeatYml` | Filebeat yaml configuration file | see [values.yaml](stable/artifactory-ha/values.yaml) | + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. + +## Useful links +- https://www.jfrog.com/confluence/display/EP/Getting+Started +- https://www.jfrog.com/confluence/display/RTF/Installing+Artifactory +- https://www.jfrog.com/confluence/ diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/ReverseProxyConfiguration.md b/charts/artifactory-ha/artifactory-ha/3.0.1400/ReverseProxyConfiguration.md new file mode 100644 index 000000000..851593236 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/ReverseProxyConfiguration.md @@ -0,0 +1,140 @@ +# JFrog Artifactory Reverse Proxy Settings using Nginx + +#### Reverse Proxy +* To use Artifactory as docker registry it's mandatory to use Reverse Proxy. +* Artifactory provides a Reverse Proxy Configuration Generator screen in which you can fill in a set of fields to generate +the required configuration snippet which you can then download and install directly in the corresponding directory of your reverse proxy server. +* To learn about configuring NGINX or Apache for reverse proxy refer to documentation provided on [JFrog wiki](https://www.jfrog.com/confluence/display/RTF/Configuring+a+Reverse+Proxy) +* By default Artifactory helm chart uses Nginx for reverse proxy and load balancing. + +**Note**: Nginx image distributed with Artifactory helm chart is custom image managed and maintained by JFrog. + +#### Features of Artifactory Nginx +* Provides default configuration with self signed SSL certificate generated on each helm install/upgrade. +* Persist configuration and SSL certificate in `/var/opt/jfrog/nginx` directory + +#### Changing the default Artifactory nginx conf +Use a values.yaml file for changing the value of nginx.mainConf or nginx.artifactoryConf +These configuration will be mounted to the nginx container using a configmap. +For example: +1. Create a values file `nginx-values.yaml` with the following values: +```yaml +nginx: + artifactoryConf: | + ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; + ssl_certificate {{ .Values.nginx.persistence.mountPath }}/ssl/tls.crt; + ssl_certificate_key {{ .Values.nginx.persistence.mountPath }}/ssl/tls.key; + ssl_session_cache shared:SSL:1m; + ssl_prefer_server_ciphers on; + ## server configuration + server { + listen {{ .Values.nginx.internalPortHttps }} ssl; + listen {{ .Values.nginx.internalPortHttp }} ; + ## Change to you DNS name you use to access Artifactory + server_name ~(?.+)\.{{ include "artifactory-ha.fullname" . }} {{ include "artifactory-ha.fullname" . }}; + + if ($http_x_forwarded_proto = '') { + set $http_x_forwarded_proto $scheme; + } + ## Application specific logs + ## access_log /var/log/nginx/artifactory-access.log timing; + ## error_log /var/log/nginx/artifactory-error.log; + rewrite ^/$ /artifactory/webapp/ redirect; + rewrite ^/artifactory/?(/webapp)?$ /artifactory/webapp/ redirect; + if ( $repo != "" ) { + rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/$repo/$1/$2 break; + } + rewrite ^/(v1|v2)/([^/]+)(.*)$ /artifactory/api/docker/$2/$1/$3; + rewrite ^/(v1|v2)/ /artifactory/api/docker/$1/; + chunked_transfer_encoding on; + client_max_body_size 0; + location /artifactory/ { + proxy_read_timeout 900; + proxy_pass_header Server; + proxy_cookie_path ~*^/.* /; + if ( $request_uri ~ ^/artifactory/(.*)$ ) { + proxy_pass http://{{ include "artifactory-ha.fullname" . }}:{{ .Values.artifactory.externalPort }}/artifactory/$1; + } + proxy_pass http://{{ include "artifactory-ha.fullname" . }}:{{ .Values.artifactory.externalPort }}/artifactory/; + proxy_set_header X-Artifactory-Override-Base-Url $http_x_forwarded_proto://$host:$server_port/artifactory; + proxy_set_header X-Forwarded-Port $server_port; + proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + } +``` + +2. Install/upgrade artifactory: +```bash +helm upgrade --install artifactory-ha jfrog/artifactory-ha -f nginx-values.yaml +``` + + +#### Steps to use static configuration for reverse proxy in nginx. +1. Get Artifactory service name using this command `kubectl get svc -n $NAMESPACE` + +2. Create `artifactory.conf` file with nginx configuration. More [nginx configuration examples](https://github.com/jfrog/artifactory-docker-examples/tree/master/files/nginx/conf.d) + + Following is example `artifactory.conf` + + **Note**: + * Create file with name `artifactory.conf` as it's fixed in configMap key. + * Replace `artifactory-artifactory` with service name taken from step 1. + + ```bash + ## add ssl entries when https has been set in config + ssl_certificate /var/opt/jfrog/nginx/ssl/tls.crt; + ssl_certificate_key /var/opt/jfrog/nginx/ssl/tls.key; + ssl_session_cache shared:SSL:1m; + ssl_prefer_server_ciphers on; + ## server configuration + server { + listen 443 ssl; + listen 80; + ## Change to you DNS name you use to access Artifactory + server_name ~(?.+)\.artifactory-artifactory artifactory-artifactory; + + if ($http_x_forwarded_proto = '') { + set $http_x_forwarded_proto $scheme; + } + ## Application specific logs + ## access_log /var/log/nginx/artifactory-access.log timing; + ## error_log /var/log/nginx/artifactory-error.log; + rewrite ^/$ /artifactory/webapp/ redirect; + rewrite ^/artifactory/?(/webapp)?$ /artifactory/webapp/ redirect; + if ( $repo != "" ) { + rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/$repo/$1/$2 break; + } + rewrite ^/(v1|v2)/([^/]+)(.*)$ /artifactory/api/docker/$2/$1/$3; + rewrite ^/(v1|v2)/ /artifactory/api/docker/$1/; + chunked_transfer_encoding on; + client_max_body_size 0; + location /artifactory/ { + proxy_read_timeout 900; + proxy_pass_header Server; + proxy_cookie_path ~*^/.* /; + if ( $request_uri ~ ^/artifactory/(.*)$ ) { + proxy_pass http://artifactory-artifactory:8081/artifactory/$1 break; + } + proxy_pass http://artifactory-artifactory:8081/artifactory/; + proxy_set_header X-Artifactory-Override-Base-Url $http_x_forwarded_proto://$host:$server_port/artifactory; + proxy_set_header X-Forwarded-Port $server_port; + proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + } + ``` + +3. Create configMap of `artifactory.conf` created with step above. + ```bash + kubectl create configmap art-nginx-conf --from-file=artifactory.conf + ``` +4. Deploy Artifactory using helm chart. + You can achieve this by providing the name of configMap created above to `nginx.customArtifactoryConfigMap` in [values.yaml](values.yaml) + + Following is command to set values at runtime: + ```bash + helm install --name artifactory-ha nginx.customArtifactoryConfigMap=art-nginx-conf jfrog/artifactory-ha + ``` \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/UPGRADE_NOTES.md b/charts/artifactory-ha/artifactory-ha/3.0.1400/UPGRADE_NOTES.md new file mode 100644 index 000000000..9c7f771be --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/UPGRADE_NOTES.md @@ -0,0 +1,38 @@ +# JFrog Artifactory Chart Upgrade Notes +This file describes special upgrade notes needed at specific versions + +## Upgrade from 1.X to 2.X (Chart Versions) + +* If this is a new deployment or you already use an external database (`postgresql.enabled=false`), these changes **do not affect you!** +* To upgrade from a version prior to 1.x, you first need to upgrade to latest version of 1.x as described in https://github.com/jfrog/charts/blob/master/stable/artifactory-ha/CHANGELOG.md. + +## Upgrade from 0.X to 1.X (Chart Versions) +**DOWNTIME IS REQUIRED FOR AN UPGRADE!** +* If this is a new deployment or you already use an external database (`postgresql.enabled=false`), these changes **do not affect you!** +* PostgreSQL sub chart was upgraded to version `6.5.x`. This version is not backward compatible with the old version (`0.9.5`)! +* Note the following **PostgreSQL** Helm chart changes + * The chart configuration has changed! See [values.yaml](values.yaml) for the new keys used + * **PostgreSQL** is deployed as a StatefulSet + * See [PostgreSQL helm chart](https://hub.helm.sh/charts/stable/postgresql) for all available configurations +* Upgrade + * Due to breaking changes in the **PostgreSQL** Helm chart, a migration of the database is needed from the old to the new database + * The recommended migration process is the [full system export and import](https://www.jfrog.com/confluence/display/RTF/Importing+and+Exporting) + * **NOTE:** To save time, export only metadata and configuration (check `Exclude Content` in the `System Import & Export`) since the Artifactory filestore is persisted + * Upgrade steps: + 1. Block user access to Artifactory (do not shutdown) + a. Scale down the cluster to primary node only (`node.replicaCount=0`) so the exported db and configuration will be kept on one known node (the primary) + b. If your Artifactory HA K8s service is set to member nodes only (`service.pool=members`) you will need to access the primary node directly (use `kubectl port-forward`) + 2. Perform `Export System` from the `Admin` -> `Import & Export` -> `System` -> `Export System` + a. Check `Exclude Content` to save export size (as Artifactory filestore will persist across upgrade) + b. Choose to save the export on the persisted Artifactory volume (`/var/opt/jfrog/artifactory/`) + c. Click `Export` (this can take some time) + 3. Run the `helm upgrade` with the new version. Old PostgreSQL will be removed and new one deployed + a. You must pass explicit "ready for upgrade flag" with `--set databaseUpgradeReady=yes`. Failing to provide this will block the upgrade! + 4. Once ready, open Artifactory UI (you might need to re-enter a valid license). Skip all onboarding wizard steps + a. **NOTE:** Don't worry you can't see the old config and files. It will all restore with the system import in the next step + 5. Perform `Import System` from the `Admin` -> `Import & Export` -> `System` -> `Import System` + a. Browse to where the export was saved Artifactory volume (`/var/opt/jfrog/artifactory/`) + b. Click `Import` (this can take some time) + 6. Restore access to Artifactory + a. Scale the cluster member nodes back to the original size + * Artifactory should now be ready to get back to normal operation diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/app-readme.md b/charts/artifactory-ha/artifactory-ha/3.0.1400/app-readme.md new file mode 100644 index 000000000..a5aa5fd47 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/app-readme.md @@ -0,0 +1,16 @@ +# JFrog Artifactory High Availability Helm Chart + +Universal Repository Manager supporting all major packaging formats, build tools and CI servers. + +## Chart Details +This chart will do the following: + +* Deploy Artifactory highly available cluster. 1 primary node and 2 member nodes. +* Deploy a PostgreSQL database +* Deploy an Nginx server(optional) + +## Useful links +Blog: [Herd Trust Into Your Rancher Labs Multi-Cloud Strategy with Artifactory](https://jfrog.com/blog/herd-trust-into-your-rancher-labs-multi-cloud-strategy-with-artifactory/) + +## Activate Your Artifactory Instance +Don't have a license? Please send an email to [rancher-jfrog-licenses@jfrog.com](mailto:rancher-jfrog-licenses@jfrog.com) to get it. diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/.helmignore b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/.helmignore new file mode 100644 index 000000000..f0c131944 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/Chart.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/Chart.yaml new file mode 100644 index 000000000..a61a09ff7 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/Chart.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +appVersion: 11.7.0 +description: Chart for PostgreSQL, an object-relational database management system + (ORDBMS) with an emphasis on extensibility and on standards-compliance. +home: https://www.postgresql.org/ +icon: https://bitnami.com/assets/stacks/postgresql/img/postgresql-stack-110x117.png +keywords: +- postgresql +- postgres +- database +- sql +- replication +- cluster +maintainers: +- email: containers@bitnami.com + name: Bitnami +- email: cedric@desaintmartin.fr + name: desaintmartin +name: postgresql +sources: +- https://github.com/bitnami/bitnami-docker-postgresql +version: 8.7.3 diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/README.md b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/README.md new file mode 100644 index 000000000..c2b848af1 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/README.md @@ -0,0 +1,576 @@ +# PostgreSQL + +[PostgreSQL](https://www.postgresql.org/) is an object-relational database management system (ORDBMS) with an emphasis on extensibility and on standards-compliance. + +For HA, please see [this repo](https://github.com/bitnami/charts/tree/master/bitnami/postgresql-ha) + +## TL;DR; + +```console +$ helm repo add bitnami https://charts.bitnami.com/bitnami +$ helm install my-release bitnami/postgresql +``` + +## Introduction + +This chart bootstraps a [PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/). + +## Prerequisites + +- Kubernetes 1.12+ +- Helm 2.11+ or Helm 3.0-beta3+ +- PV provisioner support in the underlying infrastructure + +## Installing the Chart +To install the chart with the release name `my-release`: + +```console +$ helm install my-release bitnami/postgresql +``` + +The command deploys PostgreSQL on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```console +$ helm delete my-release +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Parameters + +The following tables lists the configurable parameters of the PostgreSQL chart and their default values. + +| Parameter | Description | Default | +|-----------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------| +| `global.imageRegistry` | Global Docker Image registry | `nil` | +| `global.postgresql.postgresqlDatabase` | PostgreSQL database (overrides `postgresqlDatabase`) | `nil` | +| `global.postgresql.postgresqlUsername` | PostgreSQL username (overrides `postgresqlUsername`) | `nil` | +| `global.postgresql.existingSecret` | Name of existing secret to use for PostgreSQL passwords (overrides `existingSecret`) | `nil` | +| `global.postgresql.postgresqlPassword` | PostgreSQL admin password (overrides `postgresqlPassword`) | `nil` | +| `global.postgresql.servicePort` | PostgreSQL port (overrides `service.port`) | `nil` | +| `global.postgresql.replicationPassword` | Replication user password (overrides `replication.password`) | `nil` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | +| `global.storageClass` | Global storage class for dynamic provisioning | `nil` | +| `image.registry` | PostgreSQL Image registry | `docker.io` | +| `image.repository` | PostgreSQL Image name | `bitnami/postgresql` | +| `image.tag` | PostgreSQL Image tag | `{TAG_NAME}` | +| `image.pullPolicy` | PostgreSQL Image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Specify Image pull secrets | `nil` (does not add image pull secrets to deployed pods) | +| `image.debug` | Specify if debug values should be set | `false` | +| `nameOverride` | String to partially override postgresql.fullname template with a string (will prepend the release name) | `nil` | +| `fullnameOverride` | String to fully override postgresql.fullname template with a string | `nil` | +| `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work) | `false` | +| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | +| `volumePermissions.image.repository` | Init container volume-permissions image name | `bitnami/minideb` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag | `buster` | +| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `Always` | +| `volumePermissions.securityContext.runAsUser` | User ID for the init container (when facing issues in OpenShift or uid unknown, try value "auto") | `0` | +| `usePasswordFile` | Have the secrets mounted as a file instead of env vars | `false` | +| `ldap.enabled` | Enable LDAP support | `false` | +| `ldap.existingSecret` | Name of existing secret to use for LDAP passwords | `nil` | +| `ldap.url` | LDAP URL beginning in the form `ldap[s]://host[:port]/basedn[?[attribute][?[scope][?[filter]]]]` | `nil` | +| `ldap.server` | IP address or name of the LDAP server. | `nil` | +| `ldap.port` | Port number on the LDAP server to connect to | `nil` | +| `ldap.scheme` | Set to `ldaps` to use LDAPS. | `nil` | +| `ldap.tls` | Set to `1` to use TLS encryption | `nil` | +| `ldap.prefix` | String to prepend to the user name when forming the DN to bind | `nil` | +| `ldap.suffix` | String to append to the user name when forming the DN to bind | `nil` | +| `ldap.search_attr` | Attribute to match agains the user name in the search | `nil` | +| `ldap.search_filter` | The search filter to use when doing search+bind authentication | `nil` | +| `ldap.baseDN` | Root DN to begin the search for the user in | `nil` | +| `ldap.bindDN` | DN of user to bind to LDAP | `nil` | +| `ldap.bind_password` | Password for the user to bind to LDAP | `nil` | +| `replication.enabled` | Enable replication | `false` | +| `replication.user` | Replication user | `repl_user` | +| `replication.password` | Replication user password | `repl_password` | +| `replication.slaveReplicas` | Number of slaves replicas | `1` | +| `replication.synchronousCommit` | Set synchronous commit mode. Allowed values: `on`, `remote_apply`, `remote_write`, `local` and `off` | `off` | +| `replication.numSynchronousReplicas` | Number of replicas that will have synchronous replication. Note: Cannot be greater than `replication.slaveReplicas`. | `0` | +| `replication.applicationName` | Cluster application name. Useful for advanced replication settings | `my_application` | +| `existingSecret` | Name of existing secret to use for PostgreSQL passwords. The secret has to contain the keys `postgresql-postgres-password` which is the password for `postgresqlUsername` when it is different of `postgres`, `postgresql-password` which will override `postgresqlPassword`, `postgresql-replication-password` which will override `replication.password` and `postgresql-ldap-password` which will be sed to authenticate on LDAP. The value is evaluated as a template. | `nil` | +| `postgresqlPostgresPassword` | PostgreSQL admin password (used when `postgresqlUsername` is not `postgres`) | _random 10 character alphanumeric string_ | +| `postgresqlUsername` | PostgreSQL admin user | `postgres` | +| `postgresqlPassword` | PostgreSQL admin password | _random 10 character alphanumeric string_ | +| `postgresqlDatabase` | PostgreSQL database | `nil` | +| `postgresqlDataDir` | PostgreSQL data dir folder | `/bitnami/postgresql` (same value as persistence.mountPath) | +| `extraEnv` | Any extra environment variables you would like to pass on to the pod. The value is evaluated as a template. | `[]` | +| `extraEnvVarsCM` | Name of a Config Map containing extra environment variables you would like to pass on to the pod. The value is evaluated as a template. | `nil` | +| `postgresqlInitdbArgs` | PostgreSQL initdb extra arguments | `nil` | +| `postgresqlInitdbWalDir` | PostgreSQL location for transaction log | `nil` | +| `postgresqlConfiguration` | Runtime Config Parameters | `nil` | +| `postgresqlExtendedConf` | Extended Runtime Config Parameters (appended to main or default configuration) | `nil` | +| `pgHbaConfiguration` | Content of pg_hba.conf | `nil (do not create pg_hba.conf)` | +| `configurationConfigMap` | ConfigMap with the PostgreSQL configuration files (Note: Overrides `postgresqlConfiguration` and `pgHbaConfiguration`). The value is evaluated as a template. | `nil` | +| `extendedConfConfigMap` | ConfigMap with the extended PostgreSQL configuration files. The value is evaluated as a template. | `nil` | +| `initdbScripts` | Dictionary of initdb scripts | `nil` | +| `initdbUser` | PostgreSQL user to execute the .sql and sql.gz scripts | `nil` | +| `initdbPassword` | Password for the user specified in `initdbUser` | `nil` | +| `initdbScriptsConfigMap` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`). The value is evaluated as a template. | `nil` | +| `initdbScriptsSecret` | Secret with initdb scripts that contain sensitive information (Note: can be used with `initdbScriptsConfigMap` or `initdbScripts`). The value is evaluated as a template. | `nil` | +| `service.type` | Kubernetes Service type | `ClusterIP` | +| `service.port` | PostgreSQL port | `5432` | +| `service.nodePort` | Kubernetes Service nodePort | `nil` | +| `service.annotations` | Annotations for PostgreSQL service | `{}` (evaluated as a template) | +| `service.loadBalancerIP` | loadBalancerIP if service type is `LoadBalancer` | `nil` | +| `service.loadBalancerSourceRanges` | Address that are allowed when svc is LoadBalancer | `[]` (evaluated as a template) | +| `schedulerName` | Name of the k8s scheduler (other than default) | `nil` | +| `shmVolume.enabled` | Enable emptyDir volume for /dev/shm for master and slave(s) Pod(s) | `true` | +| `shmVolume.chmod.enabled` | Run at init chmod 777 of the /dev/shm (ignored if `volumePermissions.enabled` is `false`) | `true` | +| `persistence.enabled` | Enable persistence using PVC | `true` | +| `persistence.existingClaim` | Provide an existing `PersistentVolumeClaim`, the value is evaluated as a template. | `nil` | +| `persistence.mountPath` | Path to mount the volume at | `/bitnami/postgresql` | +| `persistence.subPath` | Subdirectory of the volume to mount at | `""` | +| `persistence.storageClass` | PVC Storage Class for PostgreSQL volume | `nil` | +| `persistence.accessModes` | PVC Access Mode for PostgreSQL volume | `[ReadWriteOnce]` | +| `persistence.size` | PVC Storage Request for PostgreSQL volume | `8Gi` | +| `persistence.annotations` | Annotations for the PVC | `{}` | +| `master.nodeSelector` | Node labels for pod assignment (postgresql master) | `{}` | +| `master.affinity` | Affinity labels for pod assignment (postgresql master) | `{}` | +| `master.tolerations` | Toleration labels for pod assignment (postgresql master) | `[]` | +| `master.anotations` | Map of annotations to add to the statefulset (postgresql master) | `{}` | +| `master.labels` | Map of labels to add to the statefulset (postgresql master) | `{}` | +| `master.podAnnotations` | Map of annotations to add to the pods (postgresql master) | `{}` | +| `master.podLabels` | Map of labels to add to the pods (postgresql master) | `{}` | +| `master.priorityClassName` | Priority Class to use for each pod (postgresql master) | `nil` | +| `master.extraInitContainers` | Additional init containers to add to the pods (postgresql master) | `[]` | +| `master.extraVolumeMounts` | Additional volume mounts to add to the pods (postgresql master) | `[]` | +| `master.extraVolumes` | Additional volumes to add to the pods (postgresql master) | `[]` | +| `master.sidecars` | Add additional containers to the pod | `[]` | +| `master.service.type` | Allows using a different service type for Master | `nil` | +| `master.service.nodePort` | Allows using a different nodePort for Master | `nil` | +| `master.service.clusterIP` | Allows using a different clusterIP for Master | `nil` | +| `slave.nodeSelector` | Node labels for pod assignment (postgresql slave) | `{}` | +| `slave.affinity` | Affinity labels for pod assignment (postgresql slave) | `{}` | +| `slave.tolerations` | Toleration labels for pod assignment (postgresql slave) | `[]` | +| `slave.anotations` | Map of annotations to add to the statefulsets (postgresql slave) | `{}` | +| `slave.labels` | Map of labels to add to the statefulsets (postgresql slave) | `{}` | +| `slave.podAnnotations` | Map of annotations to add to the pods (postgresql slave) | `{}` | +| `slave.podLabels` | Map of labels to add to the pods (postgresql slave) | `{}` | +| `slave.priorityClassName` | Priority Class to use for each pod (postgresql slave) | `nil` | +| `slave.extraInitContainers` | Additional init containers to add to the pods (postgresql slave) | `[]` | +| `slave.extraVolumeMounts` | Additional volume mounts to add to the pods (postgresql slave) | `[]` | +| `slave.extraVolumes` | Additional volumes to add to the pods (postgresql slave) | `[]` | +| `slave.sidecars` | Add additional containers to the pod | `[]` | +| `slave.service.type` | Allows using a different service type for Slave | `nil` | +| `slave.service.nodePort` | Allows using a different nodePort for Slave | `nil` | +| `slave.service.clusterIP` | Allows using a different clusterIP for Slave | `nil` | +| `terminationGracePeriodSeconds` | Seconds the pod needs to terminate gracefully | `nil` | +| `resources` | CPU/Memory resource requests/limits | Memory: `256Mi`, CPU: `250m` | +| `securityContext.enabled` | Enable security context | `true` | +| `securityContext.fsGroup` | Group ID for the container | `1001` | +| `securityContext.runAsUser` | User ID for the container | `1001` | +| `serviceAccount.enabled` | Enable service account (Note: Service Account will only be automatically created if `serviceAccount.name` is not set) | `false` | +| `serviceAcccount.name` | Name of existing service account | `nil` | +| `livenessProbe.enabled` | Would you like a livenessProbe to be enabled | `true` | +| `networkPolicy.enabled` | Enable NetworkPolicy | `false` | +| `networkPolicy.allowExternal` | Don't require client label for connections | `true` | +| `networkPolicy.explicitNamespacesSelector` | A Kubernetes LabelSelector to explicitly select namespaces from which ingress traffic could be allowed | `{}` | +| `livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 30 | +| `livenessProbe.periodSeconds` | How often to perform the probe | 10 | +| `livenessProbe.timeoutSeconds` | When the probe times out | 5 | +| `livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | +| `livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | +| `readinessProbe.enabled` | would you like a readinessProbe to be enabled | `true` | +| `readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | 5 | +| `readinessProbe.periodSeconds` | How often to perform the probe | 10 | +| `readinessProbe.timeoutSeconds` | When the probe times out | 5 | +| `readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | +| `readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | +| `metrics.enabled` | Start a prometheus exporter | `false` | +| `metrics.service.type` | Kubernetes Service type | `ClusterIP` | +| `service.clusterIP` | Static clusterIP or None for headless services | `nil` | +| `metrics.service.annotations` | Additional annotations for metrics exporter pod | `{ prometheus.io/scrape: "true", prometheus.io/port: "9187"}` | +| `metrics.service.loadBalancerIP` | loadBalancerIP if redis metrics service type is `LoadBalancer` | `nil` | +| `metrics.serviceMonitor.enabled` | Set this to `true` to create ServiceMonitor for Prometheus operator | `false` | +| `metrics.serviceMonitor.additionalLabels` | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus | `{}` | +| `metrics.serviceMonitor.namespace` | Optional namespace in which to create ServiceMonitor | `nil` | +| `metrics.serviceMonitor.interval` | Scrape interval. If not set, the Prometheus default scrape interval is used | `nil` | +| `metrics.serviceMonitor.scrapeTimeout` | Scrape timeout. If not set, the Prometheus default scrape timeout is used | `nil` | +| `metrics.prometheusRule.enabled` | Set this to true to create prometheusRules for Prometheus operator | `false` | +| `metrics.prometheusRule.additionalLabels` | Additional labels that can be used so prometheusRules will be discovered by Prometheus | `{}` | +| `metrics.prometheusRule.namespace` | namespace where prometheusRules resource should be created | the same namespace as postgresql | +| `metrics.prometheusRule.rules` | [rules](https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/) to be created, check values for an example. | `[]` | +| `metrics.image.registry` | PostgreSQL Image registry | `docker.io` | +| `metrics.image.repository` | PostgreSQL Image name | `bitnami/postgres-exporter` | +| `metrics.image.tag` | PostgreSQL Image tag | `{TAG_NAME}` | +| `metrics.image.pullPolicy` | PostgreSQL Image pull policy | `IfNotPresent` | +| `metrics.image.pullSecrets` | Specify Image pull secrets | `nil` (does not add image pull secrets to deployed pods) | +| `metrics.customMetrics` | Additional custom metrics | `nil` | +| `metrics.securityContext.enabled` | Enable security context for metrics | `false` | +| `metrics.securityContext.runAsUser` | User ID for the container for metrics | `1001` | +| `metrics.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 30 | +| `metrics.livenessProbe.periodSeconds` | How often to perform the probe | 10 | +| `metrics.livenessProbe.timeoutSeconds` | When the probe times out | 5 | +| `metrics.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | +| `metrics.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | +| `metrics.readinessProbe.enabled` | would you like a readinessProbe to be enabled | `true` | +| `metrics.readinessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 5 | +| `metrics.readinessProbe.periodSeconds` | How often to perform the probe | 10 | +| `metrics.readinessProbe.timeoutSeconds` | When the probe times out | 5 | +| `metrics.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | +| `metrics.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | +| `updateStrategy` | Update strategy policy | `{type: "RollingUpdate"}` | + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```console +$ helm install my-release \ + --set postgresqlPassword=secretpassword,postgresqlDatabase=my-database \ + bitnami/postgresql +``` + +The above command sets the PostgreSQL `postgres` account password to `secretpassword`. Additionally it creates a database named `my-database`. + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, + +```console +$ helm install my-release -f values.yaml bitnami/postgresql +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) + +## Configuration and installation details + +### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) + +It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. + +Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. + +### Production configuration and horizontal scaling + +This chart includes a `values-production.yaml` file where you can find some parameters oriented to production configuration in comparison to the regular `values.yaml`. You can use this file instead of the default one. + +- Enable replication: +```diff +- replication.enabled: false ++ replication.enabled: true +``` + +- Number of slaves replicas: +```diff +- replication.slaveReplicas: 1 ++ replication.slaveReplicas: 2 +``` + +- Set synchronous commit mode: +```diff +- replication.synchronousCommit: "off" ++ replication.synchronousCommit: "on" +``` + +- Number of replicas that will have synchronous replication: +```diff +- replication.numSynchronousReplicas: 0 ++ replication.numSynchronousReplicas: 1 +``` + +- Start a prometheus exporter: +```diff +- metrics.enabled: false ++ metrics.enabled: true +``` + +To horizontally scale this chart, you can use the `--replicas` flag to modify the number of nodes in your PostgreSQL deployment. Also you can use the `values-production.yaml` file or modify the parameters shown above. + +### Customizing Master and Slave services in a replicated configuration + +At the top level, there is a service object which defines the services for both master and slave. For deeper customization, there are service objects for both the master and slave types individually. This allows you to override the values in the top level service object so that the master and slave can be of different service types and with different clusterIPs / nodePorts. Also in the case you want the master and slave to be of type nodePort, you will need to set the nodePorts to different values to prevent a collision. The values that are deeper in the master.service or slave.service objects will take precedence over the top level service object. + +### Change PostgreSQL version + +To modify the PostgreSQL version used in this chart you can specify a [valid image tag](https://hub.docker.com/r/bitnami/postgresql/tags/) using the `image.tag` parameter. For example, `image.tag=12.0.0` + +### postgresql.conf / pg_hba.conf files as configMap + +This helm chart also supports to customize the whole configuration file. + +Add your custom file to "files/postgresql.conf" in your working directory. This file will be mounted as configMap to the containers and it will be used for configuring the PostgreSQL server. + +Alternatively, you can specify PostgreSQL configuration parameters using the `postgresqlConfiguration` parameter as a dict, using camelCase, e.g. {"sharedBuffers": "500MB"}. + +In addition to these options, you can also set an external ConfigMap with all the configuration files. This is done by setting the `configurationConfigMap` parameter. Note that this will override the two previous options. + +### Allow settings to be loaded from files other than the default `postgresql.conf` + +If you don't want to provide the whole PostgreSQL configuration file and only specify certain parameters, you can add your extended `.conf` files to "files/conf.d/" in your working directory. +Those files will be mounted as configMap to the containers adding/overwriting the default configuration using the `include_dir` directive that allows settings to be loaded from files other than the default `postgresql.conf`. + +Alternatively, you can also set an external ConfigMap with all the extra configuration files. This is done by setting the `extendedConfConfigMap` parameter. Note that this will override the previous option. + +### Initialize a fresh instance + +The [Bitnami PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) image allows you to use your custom scripts to initialize a fresh instance. In order to execute the scripts, they must be located inside the chart folder `files/docker-entrypoint-initdb.d` so they can be consumed as a ConfigMap. + +Alternatively, you can specify custom scripts using the `initdbScripts` parameter as dict. + +In addition to these options, you can also set an external ConfigMap with all the initialization scripts. This is done by setting the `initdbScriptsConfigMap` parameter. Note that this will override the two previous options. If your initialization scripts contain sensitive information such as credentials or passwords, you can use the `initdbScriptsSecret` parameter. + +The allowed extensions are `.sh`, `.sql` and `.sql.gz`. + +### Sidecars + +If you need additional containers to run within the same pod as PostgreSQL (e.g. an additional metrics or logging exporter), you can do so via the `sidecars` config parameter. Simply define your container according to the Kubernetes container spec. + +```yaml +# For the PostgreSQL master +master: + sidecars: + - name: your-image-name + image: your-image + imagePullPolicy: Always + ports: + - name: portname + containerPort: 1234 +# For the PostgreSQL replicas +slave: + sidecars: + - name: your-image-name + image: your-image + imagePullPolicy: Always + ports: + - name: portname + containerPort: 1234 +``` + +### Metrics + +The chart optionally can start a metrics exporter for [prometheus](https://prometheus.io). The metrics endpoint (port 9187) is not exposed and it is expected that the metrics are collected from inside the k8s cluster using something similar as the described in the [example Prometheus scrape configuration](https://github.com/prometheus/prometheus/blob/master/documentation/examples/prometheus-kubernetes.yml). + +The exporter allows to create custom metrics from additional SQL queries. See the Chart's `values.yaml` for an example and consult the [exporters documentation](https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file) for more details. + +### Use of global variables + +In more complex scenarios, we may have the following tree of dependencies + +``` + +--------------+ + | | + +------------+ Chart 1 +-----------+ + | | | | + | --------+------+ | + | | | + | | | + | | | + | | | + v v v ++-------+------+ +--------+------+ +--------+------+ +| | | | | | +| PostgreSQL | | Sub-chart 1 | | Sub-chart 2 | +| | | | | | ++--------------+ +---------------+ +---------------+ +``` + +The three charts below depend on the parent chart Chart 1. However, subcharts 1 and 2 may need to connect to PostgreSQL as well. In order to do so, subcharts 1 and 2 need to know the PostgreSQL credentials, so one option for deploying could be deploy Chart 1 with the following parameters: + +``` +postgresql.postgresqlPassword=testtest +subchart1.postgresql.postgresqlPassword=testtest +subchart2.postgresql.postgresqlPassword=testtest +postgresql.postgresqlDatabase=db1 +subchart1.postgresql.postgresqlDatabase=db1 +subchart2.postgresql.postgresqlDatabase=db1 +``` + +If the number of dependent sub-charts increases, installing the chart with parameters can become increasingly difficult. An alternative would be to set the credentials using global variables as follows: + +``` +global.postgresql.postgresqlPassword=testtest +global.postgresql.postgresqlDatabase=db1 +``` + +This way, the credentials will be available in all of the subcharts. + +## Persistence + +The [Bitnami PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) image stores the PostgreSQL data and configurations at the `/bitnami/postgresql` path of the container. + +Persistent Volume Claims are used to keep the data across deployments. This is known to work in GCE, AWS, and minikube. +See the [Parameters](#parameters) section to configure the PVC or to disable persistence. + +If you already have data in it, you will fail to sync to standby nodes for all commits, details can refer to [code](https://github.com/bitnami/bitnami-docker-postgresql/blob/8725fe1d7d30ebe8d9a16e9175d05f7ad9260c93/9.6/debian-9/rootfs/libpostgresql.sh#L518-L556). If you need to use those data, please covert them to sql and import after `helm install` finished. + +## NetworkPolicy + +To enable network policy for PostgreSQL, install [a networking plugin that implements the Kubernetes NetworkPolicy spec](https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy#before-you-begin), and set `networkPolicy.enabled` to `true`. + +For Kubernetes v1.5 & v1.6, you must also turn on NetworkPolicy by setting the DefaultDeny namespace annotation. Note: this will enforce policy for _all_ pods in the namespace: + +```console +$ kubectl annotate namespace default "net.beta.kubernetes.io/network-policy={\"ingress\":{\"isolation\":\"DefaultDeny\"}}" +``` + +With NetworkPolicy enabled, traffic will be limited to just port 5432. + +For more precise policy, set `networkPolicy.allowExternal=false`. This will only allow pods with the generated client label to connect to PostgreSQL. +This label will be displayed in the output of a successful install. + +## Differences between Bitnami PostgreSQL image and [Docker Official](https://hub.docker.com/_/postgres) image + +- The Docker Official PostgreSQL image does not support replication. If you pass any replication environment variable, this would be ignored. The only environment variables supported by the Docker Official image are POSTGRES_USER, POSTGRES_DB, POSTGRES_PASSWORD, POSTGRES_INITDB_ARGS, POSTGRES_INITDB_WALDIR and PGDATA. All the remaining environment variables are specific to the Bitnami PostgreSQL image. +- The Bitnami PostgreSQL image is non-root by default. This requires that you run the pod with `securityContext` and updates the permissions of the volume with an `initContainer`. A key benefit of this configuration is that the pod follows security best practices and is prepared to run on Kubernetes distributions with hard security constraints like OpenShift. +- For OpenShift, one may either define the runAsUser and fsGroup accordingly, or try this more dynamic option: volumePermissions.securityContext.runAsUser="auto",securityContext.enabled=false,shmVolume.chmod.enabled=false + +### Deploy chart using Docker Official PostgreSQL Image + +From chart version 4.0.0, it is possible to use this chart with the Docker Official PostgreSQL image. +Besides specifying the new Docker repository and tag, it is important to modify the PostgreSQL data directory and volume mount point. Basically, the PostgreSQL data dir cannot be the mount point directly, it has to be a subdirectory. + +``` +image.repository=postgres +image.tag=10.6 +postgresqlDataDir=/data/pgdata +persistence.mountPath=/data/ +``` + +## Upgrade + +It's necessary to specify the existing passwords while performing an upgrade to ensure the secrets are not updated with invalid randomly generated passwords. Remember to specify the existing values of the `postgresqlPassword` and `replication.password` parameters when upgrading the chart: + +```bash +$ helm upgrade my-release stable/postgresql \ + --set postgresqlPassword=[POSTGRESQL_PASSWORD] \ + --set replication.password=[REPLICATION_PASSWORD] +``` + +> Note: you need to substitute the placeholders _[POSTGRESQL_PASSWORD]_, and _[REPLICATION_PASSWORD]_ with the values obtained from instructions in the installation notes. + +## 8.0.0 + +Prefixes the port names with their protocols to comply with Istio conventions. + +If you depend on the port names in your setup, make sure to update them to reflect this change. + +## 7.1.0 + +Adds support for LDAP configuration. + +## 7.0.0 + +Helm performs a lookup for the object based on its group (apps), version (v1), and kind (Deployment). Also known as its GroupVersionKind, or GVK. Changing the GVK is considered a compatibility breaker from Kubernetes' point of view, so you cannot "upgrade" those objects to the new GVK in-place. Earlier versions of Helm 3 did not perform the lookup correctly which has since been fixed to match the spec. + +In https://github.com/helm/charts/pull/17281 the `apiVersion` of the statefulset resources was updated to `apps/v1` in tune with the api's deprecated, resulting in compatibility breakage. + +This major version bump signifies this change. + +## 6.5.7 + +In this version, the chart will use PostgreSQL with the Postgis extension included. The version used with Postgresql version 10, 11 and 12 is Postgis 2.5. It has been compiled with the following dependencies: + +- protobuf +- protobuf-c +- json-c +- geos +- proj + +## 5.0.0 + +In this version, the **chart is using PostgreSQL 11 instead of PostgreSQL 10**. You can find the main difference and notable changes in the following links: [https://www.postgresql.org/about/news/1894/](https://www.postgresql.org/about/news/1894/) and [https://www.postgresql.org/about/featurematrix/](https://www.postgresql.org/about/featurematrix/). + +For major releases of PostgreSQL, the internal data storage format is subject to change, thus complicating upgrades, you can see some errors like the following one in the logs: + +```console +Welcome to the Bitnami postgresql container +Subscribe to project updates by watching https://github.com/bitnami/bitnami-docker-postgresql +Submit issues and feature requests at https://github.com/bitnami/bitnami-docker-postgresql/issues +Send us your feedback at containers@bitnami.com + +INFO ==> ** Starting PostgreSQL setup ** +NFO ==> Validating settings in POSTGRESQL_* env vars.. +INFO ==> Initializing PostgreSQL database... +INFO ==> postgresql.conf file not detected. Generating it... +INFO ==> pg_hba.conf file not detected. Generating it... +INFO ==> Deploying PostgreSQL with persisted data... +INFO ==> Configuring replication parameters +INFO ==> Loading custom scripts... +INFO ==> Enabling remote connections +INFO ==> Stopping PostgreSQL... +INFO ==> ** PostgreSQL setup finished! ** + +INFO ==> ** Starting PostgreSQL ** + [1] FATAL: database files are incompatible with server + [1] DETAIL: The data directory was initialized by PostgreSQL version 10, which is not compatible with this version 11.3. +``` + +In this case, you should migrate the data from the old chart to the new one following an approach similar to that described in [this section](https://www.postgresql.org/docs/current/upgrading.html#UPGRADING-VIA-PGDUMPALL) from the official documentation. Basically, create a database dump in the old chart, move and restore it in the new one. + +### 4.0.0 + +This chart will use by default the Bitnami PostgreSQL container starting from version `10.7.0-r68`. This version moves the initialization logic from node.js to bash. This new version of the chart requires setting the `POSTGRES_PASSWORD` in the slaves as well, in order to properly configure the `pg_hba.conf` file. Users from previous versions of the chart are advised to upgrade immediately. + +IMPORTANT: If you do not want to upgrade the chart version then make sure you use the `10.7.0-r68` version of the container. Otherwise, you will get this error + +``` +The POSTGRESQL_PASSWORD environment variable is empty or not set. Set the environment variable ALLOW_EMPTY_PASSWORD=yes to allow the container to be started with blank passwords. This is recommended only for development +``` + +### 3.0.0 + +This releases make it possible to specify different nodeSelector, affinity and tolerations for master and slave pods. +It also fixes an issue with `postgresql.master.fullname` helper template not obeying fullnameOverride. + +#### Breaking changes + +- `affinty` has been renamed to `master.affinity` and `slave.affinity`. +- `tolerations` has been renamed to `master.tolerations` and `slave.tolerations`. +- `nodeSelector` has been renamed to `master.nodeSelector` and `slave.nodeSelector`. + +### 2.0.0 + +In order to upgrade from the `0.X.X` branch to `1.X.X`, you should follow the below steps: + + - Obtain the service name (`SERVICE_NAME`) and password (`OLD_PASSWORD`) of the existing postgresql chart. You can find the instructions to obtain the password in the NOTES.txt, the service name can be obtained by running + +```console +$ kubectl get svc +``` + +- Install (not upgrade) the new version + +```console +$ helm repo update +$ helm install my-release bitnami/postgresql +``` + +- Connect to the new pod (you can obtain the name by running `kubectl get pods`): + +```console +$ kubectl exec -it NAME bash +``` + +- Once logged in, create a dump file from the previous database using `pg_dump`, for that we should connect to the previous postgresql chart: + +```console +$ pg_dump -h SERVICE_NAME -U postgres DATABASE_NAME > /tmp/backup.sql +``` + +After run above command you should be prompted for a password, this password is the previous chart password (`OLD_PASSWORD`). +This operation could take some time depending on the database size. + +- Once you have the backup file, you can restore it with a command like the one below: + +```console +$ psql -U postgres DATABASE_NAME < /tmp/backup.sql +``` + +In this case, you are accessing to the local postgresql, so the password should be the new one (you can find it in NOTES.txt). + +If you want to restore the database and the database schema does not exist, it is necessary to first follow the steps described below. + +```console +$ psql -U postgres +postgres=# drop database DATABASE_NAME; +postgres=# create database DATABASE_NAME; +postgres=# create user USER_NAME; +postgres=# alter role USER_NAME with password 'BITNAMI_USER_PASSWORD'; +postgres=# grant all privileges on database DATABASE_NAME to USER_NAME; +postgres=# alter database DATABASE_NAME owner to USER_NAME; +``` diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/ci/default-values.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/ci/default-values.yaml new file mode 100644 index 000000000..fc2ba605a --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/ci/default-values.yaml @@ -0,0 +1 @@ +# Leave this file empty to ensure that CI runs builds against the default configuration in values.yaml. diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/ci/shmvolume-disabled-values.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/ci/shmvolume-disabled-values.yaml new file mode 100644 index 000000000..347d3b40a --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/ci/shmvolume-disabled-values.yaml @@ -0,0 +1,2 @@ +shmVolume: + enabled: false diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/files/README.md b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/files/README.md new file mode 100644 index 000000000..1813a2fea --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/files/README.md @@ -0,0 +1 @@ +Copy here your postgresql.conf and/or pg_hba.conf files to use it as a config map. diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/files/conf.d/README.md b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/files/conf.d/README.md new file mode 100644 index 000000000..184c1875d --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/files/conf.d/README.md @@ -0,0 +1,4 @@ +If you don't want to provide the whole configuration file and only specify certain parameters, you can copy here your extended `.conf` files. +These files will be injected as a config maps and add/overwrite the default configuration using the `include_dir` directive that allows settings to be loaded from files other than the default `postgresql.conf`. + +More info in the [bitnami-docker-postgresql README](https://github.com/bitnami/bitnami-docker-postgresql#configuration-file). diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/files/docker-entrypoint-initdb.d/README.md b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/files/docker-entrypoint-initdb.d/README.md new file mode 100644 index 000000000..cba38091e --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/files/docker-entrypoint-initdb.d/README.md @@ -0,0 +1,3 @@ +You can copy here your custom `.sh`, `.sql` or `.sql.gz` file so they are executed during the first boot of the image. + +More info in the [bitnami-docker-postgresql](https://github.com/bitnami/bitnami-docker-postgresql#initializing-a-new-instance) repository. \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/NOTES.txt b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/NOTES.txt new file mode 100644 index 000000000..3b5e6c60d --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/NOTES.txt @@ -0,0 +1,60 @@ +** Please be patient while the chart is being deployed ** + +PostgreSQL can be accessed via port {{ template "postgresql.port" . }} on the following DNS name from within your cluster: + + {{ template "postgresql.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local - Read/Write connection +{{- if .Values.replication.enabled }} + {{ template "postgresql.fullname" . }}-read.{{ .Release.Namespace }}.svc.cluster.local - Read only connection +{{- end }} + +{{- if and .Values.postgresqlPostgresPassword (not (eq .Values.postgresqlUsername "postgres")) }} + +To get the password for "postgres" run: + + export POSTGRES_ADMIN_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "postgresql.secretName" . }} -o jsonpath="{.data.postgresql-postgres-password}" | base64 --decode) +{{- end }} + +To get the password for "{{ template "postgresql.username" . }}" run: + + export POSTGRES_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "postgresql.secretName" . }} -o jsonpath="{.data.postgresql-password}" | base64 --decode) + +To connect to your database run the following command: + + kubectl run {{ template "postgresql.fullname" . }}-client --rm --tty -i --restart='Never' --namespace {{ .Release.Namespace }} --image {{ template "postgresql.image" . }} --env="PGPASSWORD=$POSTGRES_PASSWORD" {{- if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }} + --labels="{{ template "postgresql.fullname" . }}-client=true" {{- end }} --command -- psql --host {{ template "postgresql.fullname" . }} -U {{ .Values.postgresqlUsername }} -d {{- if .Values.postgresqlDatabase }} {{ .Values.postgresqlDatabase }}{{- else }} postgres{{- end }} -p {{ template "postgresql.port" . }} + +{{ if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }} +Note: Since NetworkPolicy is enabled, only pods with label {{ template "postgresql.fullname" . }}-client=true" will be able to connect to this PostgreSQL cluster. +{{- end }} + +To connect to your database from outside the cluster execute the following commands: + +{{- if contains "NodePort" .Values.service.type }} + + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "postgresql.fullname" . }}) + {{ if (include "postgresql.password" . ) }}PGPASSWORD="$POSTGRES_PASSWORD" {{ end }}psql --host $NODE_IP --port $NODE_PORT -U {{ .Values.postgresqlUsername }} -d {{- if .Values.postgresqlDatabase }} {{ .Values.postgresqlDatabase }}{{- else }} postgres{{- end }} + +{{- else if contains "LoadBalancer" .Values.service.type }} + + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "postgresql.fullname" . }}' + + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "postgresql.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + {{ if (include "postgresql.password" . ) }}PGPASSWORD="$POSTGRES_PASSWORD" {{ end }}psql --host $SERVICE_IP --port {{ template "postgresql.port" . }} -U {{ .Values.postgresqlUsername }} -d {{- if .Values.postgresqlDatabase }} {{ .Values.postgresqlDatabase }}{{- else }} postgres{{- end }} + +{{- else if contains "ClusterIP" .Values.service.type }} + + kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "postgresql.fullname" . }} {{ template "postgresql.port" . }}:{{ template "postgresql.port" . }} & + {{ if (include "postgresql.password" . ) }}PGPASSWORD="$POSTGRES_PASSWORD" {{ end }}psql --host 127.0.0.1 -U {{ .Values.postgresqlUsername }} -d {{- if .Values.postgresqlDatabase }} {{ .Values.postgresqlDatabase }}{{- else }} postgres{{- end }} -p {{ template "postgresql.port" . }} + +{{- end }} + +{{- include "postgresql.validateValues" . -}} + +{{- if and (contains "bitnami/" .Values.image.repository) (not (.Values.image.tag | toString | regexFind "-r\\d+$|sha256:")) }} + +WARNING: Rolling tag detected ({{ .Values.image.repository }}:{{ .Values.image.tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment. ++info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/ + +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/_helpers.tpl b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/_helpers.tpl new file mode 100644 index 000000000..708434856 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/_helpers.tpl @@ -0,0 +1,420 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "postgresql.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "postgresql.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "postgresql.master.fullname" -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- $fullname := default (printf "%s-%s" .Release.Name $name) .Values.fullnameOverride -}} +{{- if .Values.replication.enabled -}} +{{- printf "%s-%s" $fullname "master" | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s" $fullname | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for networkpolicy. +*/}} +{{- define "postgresql.networkPolicy.apiVersion" -}} +{{- if semverCompare ">=1.4-0, <1.7-0" .Capabilities.KubeVersion.GitVersion -}} +"extensions/v1beta1" +{{- else if semverCompare "^1.7-0" .Capabilities.KubeVersion.GitVersion -}} +"networking.k8s.io/v1" +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "postgresql.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Return the proper PostgreSQL image name +*/}} +{{- define "postgresql.image" -}} +{{- $registryName := .Values.image.registry -}} +{{- $repositoryName := .Values.image.repository -}} +{{- $tag := .Values.image.tag | toString -}} +{{/* +Helm 2.11 supports the assignment of a value to a variable defined in a different scope, +but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic. +Also, we can't use a single if because lazy evaluation is not an option +*/}} +{{- if .Values.global }} + {{- if .Values.global.imageRegistry }} + {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}} + {{- else -}} + {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} + {{- end -}} +{{- else -}} + {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} +{{- end -}} +{{- end -}} + +{{/* +Return PostgreSQL postgres user password +*/}} +{{- define "postgresql.postgres.password" -}} +{{- if .Values.global.postgresql.postgresqlPostgresPassword }} + {{- .Values.global.postgresql.postgresqlPostgresPassword -}} +{{- else if .Values.postgresqlPostgresPassword -}} + {{- .Values.postgresqlPostgresPassword -}} +{{- else -}} + {{- randAlphaNum 10 -}} +{{- end -}} +{{- end -}} + +{{/* +Return PostgreSQL password +*/}} +{{- define "postgresql.password" -}} +{{- if .Values.global.postgresql.postgresqlPassword }} + {{- .Values.global.postgresql.postgresqlPassword -}} +{{- else if .Values.postgresqlPassword -}} + {{- .Values.postgresqlPassword -}} +{{- else -}} + {{- randAlphaNum 10 -}} +{{- end -}} +{{- end -}} + +{{/* +Return PostgreSQL replication password +*/}} +{{- define "postgresql.replication.password" -}} +{{- if .Values.global.postgresql.replicationPassword }} + {{- .Values.global.postgresql.replicationPassword -}} +{{- else if .Values.replication.password -}} + {{- .Values.replication.password -}} +{{- else -}} + {{- randAlphaNum 10 -}} +{{- end -}} +{{- end -}} + +{{/* +Return PostgreSQL username +*/}} +{{- define "postgresql.username" -}} +{{- if .Values.global.postgresql.postgresqlUsername }} + {{- .Values.global.postgresql.postgresqlUsername -}} +{{- else -}} + {{- .Values.postgresqlUsername -}} +{{- end -}} +{{- end -}} + + +{{/* +Return PostgreSQL replication username +*/}} +{{- define "postgresql.replication.username" -}} +{{- if .Values.global.postgresql.replicationUser }} + {{- .Values.global.postgresql.replicationUser -}} +{{- else -}} + {{- .Values.replication.user -}} +{{- end -}} +{{- end -}} + +{{/* +Return PostgreSQL port +*/}} +{{- define "postgresql.port" -}} +{{- if .Values.global.postgresql.servicePort }} + {{- .Values.global.postgresql.servicePort -}} +{{- else -}} + {{- .Values.service.port -}} +{{- end -}} +{{- end -}} + +{{/* +Return PostgreSQL created database +*/}} +{{- define "postgresql.database" -}} +{{- if .Values.global.postgresql.postgresqlDatabase }} + {{- .Values.global.postgresql.postgresqlDatabase -}} +{{- else if .Values.postgresqlDatabase -}} + {{- .Values.postgresqlDatabase -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper image name to change the volume permissions +*/}} +{{- define "postgresql.volumePermissions.image" -}} +{{- $registryName := .Values.volumePermissions.image.registry -}} +{{- $repositoryName := .Values.volumePermissions.image.repository -}} +{{- $tag := .Values.volumePermissions.image.tag | toString -}} +{{/* +Helm 2.11 supports the assignment of a value to a variable defined in a different scope, +but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic. +Also, we can't use a single if because lazy evaluation is not an option +*/}} +{{- if .Values.global }} + {{- if .Values.global.imageRegistry }} + {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}} + {{- else -}} + {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} + {{- end -}} +{{- else -}} + {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper PostgreSQL metrics image name +*/}} +{{- define "postgresql.metrics.image" -}} +{{- $registryName := default "docker.io" .Values.metrics.image.registry -}} +{{- $repositoryName := .Values.metrics.image.repository -}} +{{- $tag := default "latest" .Values.metrics.image.tag | toString -}} +{{/* +Helm 2.11 supports the assignment of a value to a variable defined in a different scope, +but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic. +Also, we can't use a single if because lazy evaluation is not an option +*/}} +{{- if .Values.global }} + {{- if .Values.global.imageRegistry }} + {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}} + {{- else -}} + {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} + {{- end -}} +{{- else -}} + {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} +{{- end -}} +{{- end -}} + +{{/* +Get the password secret. +*/}} +{{- define "postgresql.secretName" -}} +{{- if .Values.global.postgresql.existingSecret }} + {{- printf "%s" (tpl .Values.global.postgresql.existingSecret $) -}} +{{- else if .Values.existingSecret -}} + {{- printf "%s" (tpl .Values.existingSecret $) -}} +{{- else -}} + {{- printf "%s" (include "postgresql.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a secret object should be created +*/}} +{{- define "postgresql.createSecret" -}} +{{- if .Values.global.postgresql.existingSecret }} +{{- else if .Values.existingSecret -}} +{{- else -}} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Get the configuration ConfigMap name. +*/}} +{{- define "postgresql.configurationCM" -}} +{{- if .Values.configurationConfigMap -}} +{{- printf "%s" (tpl .Values.configurationConfigMap $) -}} +{{- else -}} +{{- printf "%s-configuration" (include "postgresql.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Get the extended configuration ConfigMap name. +*/}} +{{- define "postgresql.extendedConfigurationCM" -}} +{{- if .Values.extendedConfConfigMap -}} +{{- printf "%s" (tpl .Values.extendedConfConfigMap $) -}} +{{- else -}} +{{- printf "%s-extended-configuration" (include "postgresql.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Get the initialization scripts ConfigMap name. +*/}} +{{- define "postgresql.initdbScriptsCM" -}} +{{- if .Values.initdbScriptsConfigMap -}} +{{- printf "%s" (tpl .Values.initdbScriptsConfigMap $) -}} +{{- else -}} +{{- printf "%s-init-scripts" (include "postgresql.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Get the initialization scripts Secret name. +*/}} +{{- define "postgresql.initdbScriptsSecret" -}} +{{- printf "%s" (tpl .Values.initdbScriptsSecret $) -}} +{{- end -}} + +{{/* +Get the metrics ConfigMap name. +*/}} +{{- define "postgresql.metricsCM" -}} +{{- printf "%s-metrics" (include "postgresql.fullname" .) -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "postgresql.imagePullSecrets" -}} +{{/* +Helm 2.11 supports the assignment of a value to a variable defined in a different scope, +but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic. +Also, we can not use a single if because lazy evaluation is not an option +*/}} +{{- if .Values.global }} +{{- if .Values.global.imagePullSecrets }} +imagePullSecrets: +{{- range .Values.global.imagePullSecrets }} + - name: {{ . }} +{{- end }} +{{- else if or .Values.image.pullSecrets .Values.metrics.image.pullSecrets .Values.volumePermissions.image.pullSecrets }} +imagePullSecrets: +{{- range .Values.image.pullSecrets }} + - name: {{ . }} +{{- end }} +{{- range .Values.metrics.image.pullSecrets }} + - name: {{ . }} +{{- end }} +{{- range .Values.volumePermissions.image.pullSecrets }} + - name: {{ . }} +{{- end }} +{{- end -}} +{{- else if or .Values.image.pullSecrets .Values.metrics.image.pullSecrets .Values.volumePermissions.image.pullSecrets }} +imagePullSecrets: +{{- range .Values.image.pullSecrets }} + - name: {{ . }} +{{- end }} +{{- range .Values.metrics.image.pullSecrets }} + - name: {{ . }} +{{- end }} +{{- range .Values.volumePermissions.image.pullSecrets }} + - name: {{ . }} +{{- end }} +{{- end -}} +{{- end -}} + +{{/* +Get the readiness probe command +*/}} +{{- define "postgresql.readinessProbeCommand" -}} +- | +{{- if (include "postgresql.database" .) }} + exec pg_isready -U {{ include "postgresql.username" . | quote }} -d {{ (include "postgresql.database" .) | quote }} -h 127.0.0.1 -p {{ template "postgresql.port" . }} +{{- else }} + exec pg_isready -U {{ include "postgresql.username" . | quote }} -h 127.0.0.1 -p {{ template "postgresql.port" . }} +{{- end }} +{{- if contains "bitnami/" .Values.image.repository }} + [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ] +{{- end -}} +{{- end -}} + +{{/* +Return the proper Storage Class +*/}} +{{- define "postgresql.storageClass" -}} +{{/* +Helm 2.11 supports the assignment of a value to a variable defined in a different scope, +but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic. +*/}} +{{- if .Values.global -}} + {{- if .Values.global.storageClass -}} + {{- if (eq "-" .Values.global.storageClass) -}} + {{- printf "storageClassName: \"\"" -}} + {{- else }} + {{- printf "storageClassName: %s" .Values.global.storageClass -}} + {{- end -}} + {{- else -}} + {{- if .Values.persistence.storageClass -}} + {{- if (eq "-" .Values.persistence.storageClass) -}} + {{- printf "storageClassName: \"\"" -}} + {{- else }} + {{- printf "storageClassName: %s" .Values.persistence.storageClass -}} + {{- end -}} + {{- end -}} + {{- end -}} +{{- else -}} + {{- if .Values.persistence.storageClass -}} + {{- if (eq "-" .Values.persistence.storageClass) -}} + {{- printf "storageClassName: \"\"" -}} + {{- else }} + {{- printf "storageClassName: %s" .Values.persistence.storageClass -}} + {{- end -}} + {{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Renders a value that contains template. +Usage: +{{ include "postgresql.tplValue" ( dict "value" .Values.path.to.the.Value "context" $) }} +*/}} +{{- define "postgresql.tplValue" -}} + {{- if typeIs "string" .value }} + {{- tpl .value .context }} + {{- else }} + {{- tpl (.value | toYaml) .context }} + {{- end }} +{{- end -}} + +{{/* +Return the appropriate apiVersion for statefulset. +*/}} +{{- define "postgresql.statefulset.apiVersion" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "apps/v1beta2" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Compile all warnings into a single message, and call fail. +*/}} +{{- define "postgresql.validateValues" -}} +{{- $messages := list -}} +{{- $messages := append $messages (include "postgresql.validateValues.ldapConfigurationMethod" .) -}} +{{- $messages := without $messages "" -}} +{{- $message := join "\n" $messages -}} + +{{- if $message -}} +{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} +{{- end -}} +{{- end -}} + +{{/* +Validate values of Postgresql - If ldap.url is used then you don't need the other settings for ldap +*/}} +{{- define "postgresql.validateValues.ldapConfigurationMethod" -}} +{{- if and .Values.ldap.enabled (and (not (empty .Values.ldap.url)) (not (empty .Values.ldap.server))) }} +postgresql: ldap.url, ldap.server + You cannot set both `ldap.url` and `ldap.server` at the same time. + Please provide a unique way to configure LDAP. + More info at https://www.postgresql.org/docs/current/auth-ldap.html +{{- end -}} +{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/configmap.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/configmap.yaml new file mode 100644 index 000000000..d2178c077 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/configmap.yaml @@ -0,0 +1,26 @@ +{{ if and (or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration) (not .Values.configurationConfigMap) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "postgresql.fullname" . }}-configuration + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} +data: +{{- if (.Files.Glob "files/postgresql.conf") }} +{{ (.Files.Glob "files/postgresql.conf").AsConfig | indent 2 }} +{{- else if .Values.postgresqlConfiguration }} + postgresql.conf: | +{{- range $key, $value := default dict .Values.postgresqlConfiguration }} + {{ $key | snakecase }}={{ $value }} +{{- end }} +{{- end }} +{{- if (.Files.Glob "files/pg_hba.conf") }} +{{ (.Files.Glob "files/pg_hba.conf").AsConfig | indent 2 }} +{{- else if .Values.pgHbaConfiguration }} + pg_hba.conf: | +{{ .Values.pgHbaConfiguration | indent 4 }} +{{- end }} +{{ end }} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/extended-config-configmap.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/extended-config-configmap.yaml new file mode 100644 index 000000000..8a4119578 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/extended-config-configmap.yaml @@ -0,0 +1,21 @@ +{{- if and (or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf) (not .Values.extendedConfConfigMap)}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "postgresql.fullname" . }}-extended-configuration + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} +data: +{{- with .Files.Glob "files/conf.d/*.conf" }} +{{ .AsConfig | indent 2 }} +{{- end }} +{{ with .Values.postgresqlExtendedConf }} + override.conf: | +{{- range $key, $value := . }} + {{ $key | snakecase }}={{ $value }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/initialization-configmap.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/initialization-configmap.yaml new file mode 100644 index 000000000..8eb5e0588 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/initialization-configmap.yaml @@ -0,0 +1,24 @@ +{{- if and (or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScripts) (not .Values.initdbScriptsConfigMap) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "postgresql.fullname" . }}-init-scripts + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} +{{- with .Files.Glob "files/docker-entrypoint-initdb.d/*.sql.gz" }} +binaryData: +{{- range $path, $bytes := . }} + {{ base $path }}: {{ $.Files.Get $path | b64enc | quote }} +{{- end }} +{{- end }} +data: +{{- with .Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql}" }} +{{ .AsConfig | indent 2 }} +{{- end }} +{{- with .Values.initdbScripts }} +{{ toYaml . | indent 2 }} +{{- end }} +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/metrics-configmap.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/metrics-configmap.yaml new file mode 100644 index 000000000..524aa2f6a --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/metrics-configmap.yaml @@ -0,0 +1,13 @@ +{{- if and .Values.metrics.enabled .Values.metrics.customMetrics }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "postgresql.metricsCM" . }} + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} +data: + custom-metrics.yaml: {{ toYaml .Values.metrics.customMetrics | quote }} +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/metrics-svc.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/metrics-svc.yaml new file mode 100644 index 000000000..c610f09af --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/metrics-svc.yaml @@ -0,0 +1,26 @@ +{{- if .Values.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "postgresql.fullname" . }}-metrics + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} + annotations: +{{ toYaml .Values.metrics.service.annotations | indent 4 }} +spec: + type: {{ .Values.metrics.service.type }} + {{- if and (eq .Values.metrics.service.type "LoadBalancer") .Values.metrics.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.metrics.service.loadBalancerIP }} + {{- end }} + ports: + - name: http-metrics + port: 9187 + targetPort: http-metrics + selector: + app: {{ template "postgresql.name" . }} + release: {{ .Release.Name }} + role: master +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/networkpolicy.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/networkpolicy.yaml new file mode 100644 index 000000000..ea1fc9b3a --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/networkpolicy.yaml @@ -0,0 +1,38 @@ +{{- if .Values.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ template "postgresql.networkPolicy.apiVersion" . }} +metadata: + name: {{ template "postgresql.fullname" . }} + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} +spec: + podSelector: + matchLabels: + app: {{ template "postgresql.name" . }} + release: {{ .Release.Name | quote }} + ingress: + # Allow inbound connections + - ports: + - port: {{ template "postgresql.port" . }} + {{- if not .Values.networkPolicy.allowExternal }} + from: + - podSelector: + matchLabels: + {{ template "postgresql.fullname" . }}-client: "true" + {{- if .Values.networkPolicy.explicitNamespacesSelector }} + namespaceSelector: +{{ toYaml .Values.networkPolicy.explicitNamespacesSelector | indent 12 }} + {{- end }} + - podSelector: + matchLabels: + app: {{ template "postgresql.name" . }} + release: {{ .Release.Name | quote }} + role: slave + {{- end }} + # Allow prometheus scrapes + - ports: + - port: 9187 +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/prometheusrule.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/prometheusrule.yaml new file mode 100644 index 000000000..44f1242dd --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/prometheusrule.yaml @@ -0,0 +1,23 @@ +{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ template "postgresql.fullname" . }} +{{- with .Values.metrics.prometheusRule.namespace }} + namespace: {{ . }} +{{- end }} + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} +{{- with .Values.metrics.prometheusRule.additionalLabels }} +{{ toYaml . | indent 4 }} +{{- end }} +spec: +{{- with .Values.metrics.prometheusRule.rules }} + groups: + - name: {{ template "postgresql.name" $ }} + rules: {{ tpl (toYaml .) $ | nindent 8 }} +{{- end }} +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/secrets.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/secrets.yaml new file mode 100644 index 000000000..094d18b49 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/secrets.yaml @@ -0,0 +1,23 @@ +{{- if (include "postgresql.createSecret" .) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "postgresql.fullname" . }} + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} +type: Opaque +data: + {{- if and .Values.postgresqlPostgresPassword (not (eq .Values.postgresqlUsername "postgres")) }} + postgresql-postgres-password: {{ include "postgresql.postgres.password" . | b64enc | quote }} + {{- end }} + postgresql-password: {{ include "postgresql.password" . | b64enc | quote }} + {{- if .Values.replication.enabled }} + postgresql-replication-password: {{ include "postgresql.replication.password" . | b64enc | quote }} + {{- end }} + {{- if (and .Values.ldap.enabled .Values.ldap.bind_password)}} + postgresql-ldap-password: {{ .Values.ldap.bind_password | b64enc | quote }} + {{- end }} +{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/serviceaccount.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/serviceaccount.yaml new file mode 100644 index 000000000..27e5b516e --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/serviceaccount.yaml @@ -0,0 +1,11 @@ +{{- if and (.Values.serviceAccount.enabled) (not .Values.serviceAccount.name) }} +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} + name: {{ template "postgresql.fullname" . }} +{{- end }} \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/servicemonitor.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/servicemonitor.yaml new file mode 100644 index 000000000..f3a529a96 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/servicemonitor.yaml @@ -0,0 +1,33 @@ +{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "postgresql.fullname" . }} + {{- if .Values.metrics.serviceMonitor.namespace }} + namespace: {{ .Values.metrics.serviceMonitor.namespace }} + {{- end }} + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} + {{- if .Values.metrics.serviceMonitor.additionalLabels }} +{{ toYaml .Values.metrics.serviceMonitor.additionalLabels | indent 4 }} + {{- end }} +spec: + endpoints: + - port: http-metrics + {{- if .Values.metrics.serviceMonitor.interval }} + interval: {{ .Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + selector: + matchLabels: + app: {{ template "postgresql.name" . }} + release: {{ .Release.Name }} +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/statefulset-slaves.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/statefulset-slaves.yaml new file mode 100644 index 000000000..b6d607672 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/statefulset-slaves.yaml @@ -0,0 +1,299 @@ +{{- if .Values.replication.enabled }} +apiVersion: {{ template "postgresql.statefulset.apiVersion" . }} +kind: StatefulSet +metadata: + name: "{{ template "postgresql.fullname" . }}-slave" + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} +{{- with .Values.slave.labels }} +{{ toYaml . | indent 4 }} +{{- end }} +{{- with .Values.slave.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: + serviceName: {{ template "postgresql.fullname" . }}-headless + replicas: {{ .Values.replication.slaveReplicas }} + selector: + matchLabels: + app: {{ template "postgresql.name" . }} + release: {{ .Release.Name | quote }} + role: slave + template: + metadata: + name: {{ template "postgresql.fullname" . }} + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} + role: slave +{{- with .Values.slave.podLabels }} +{{ toYaml . | indent 8 }} +{{- end }} +{{- with .Values.slave.podAnnotations }} + annotations: +{{ toYaml . | indent 8 }} +{{- end }} + spec: + {{- if .Values.schedulerName }} + schedulerName: "{{ .Values.schedulerName }}" + {{- end }} +{{- include "postgresql.imagePullSecrets" . | indent 6 }} + {{- if .Values.slave.nodeSelector }} + nodeSelector: +{{ toYaml .Values.slave.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.slave.affinity }} + affinity: +{{ toYaml .Values.slave.affinity | indent 8 }} + {{- end }} + {{- if .Values.slave.tolerations }} + tolerations: +{{ toYaml .Values.slave.tolerations | indent 8 }} + {{- end }} + {{- if .Values.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} + {{- end }} + {{- if .Values.securityContext.enabled }} + securityContext: + fsGroup: {{ .Values.securityContext.fsGroup }} + {{- end }} + {{- if .Values.serviceAccount.enabled }} + serviceAccountName: {{ default (include "postgresql.fullname" . ) .Values.serviceAccount.name}} + {{- end }} + {{- if or .Values.slave.extraInitContainers (and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled))) }} + initContainers: + {{- if and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled)) }} + - name: init-chmod-data + image: {{ template "postgresql.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + command: + - /bin/sh + - -cx + - | + {{ if .Values.persistence.enabled }} + mkdir -p {{ .Values.persistence.mountPath }}/conf {{ .Values.persistence.mountPath }}/data + chmod 700 {{ .Values.persistence.mountPath }}/conf {{ .Values.persistence.mountPath }}/data + find {{ .Values.persistence.mountPath }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | \ + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + xargs chown -R `id -u`:`id -G | cut -d " " -f2` + {{- else }} + xargs chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} + {{- end }} + {{- end }} + {{- if and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled }} + chmod -R 777 /dev/shm + {{- end }} + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + securityContext: + {{- else }} + securityContext: + runAsUser: {{ .Values.volumePermissions.securityContext.runAsUser }} + {{- end }} + volumeMounts: + {{ if .Values.persistence.enabled }} + - name: data + mountPath: {{ .Values.persistence.mountPath }} + subPath: {{ .Values.persistence.subPath }} + {{- end }} + {{- if .Values.shmVolume.enabled }} + - name: dshm + mountPath: /dev/shm + {{- end }} + {{- end }} + {{- if .Values.slave.extraInitContainers }} +{{ tpl .Values.slave.extraInitContainers . | indent 8 }} + {{- end }} + {{- end }} + {{- if .Values.slave.priorityClassName }} + priorityClassName: {{ .Values.slave.priorityClassName }} + {{- end }} + containers: + - name: {{ template "postgresql.fullname" . }} + image: {{ template "postgresql.image" . }} + imagePullPolicy: "{{ .Values.image.pullPolicy }}" + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + {{- if .Values.securityContext.enabled }} + securityContext: + runAsUser: {{ .Values.securityContext.runAsUser }} + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" .Values.image.debug | quote }} + - name: POSTGRESQL_VOLUME_DIR + value: "{{ .Values.persistence.mountPath }}" + - name: POSTGRESQL_PORT_NUMBER + value: "{{ template "postgresql.port" . }}" + {{- if .Values.persistence.mountPath }} + - name: PGDATA + value: {{ .Values.postgresqlDataDir | quote }} + {{- end }} + - name: POSTGRES_REPLICATION_MODE + value: "slave" + - name: POSTGRES_REPLICATION_USER + value: {{ include "postgresql.replication.username" . | quote }} + {{- if .Values.usePasswordFile }} + - name: POSTGRES_REPLICATION_PASSWORD_FILE + value: "/opt/bitnami/postgresql/secrets/postgresql-replication-password" + {{- else }} + - name: POSTGRES_REPLICATION_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "postgresql.secretName" . }} + key: postgresql-replication-password + {{- end }} + - name: POSTGRES_CLUSTER_APP_NAME + value: {{ .Values.replication.applicationName }} + - name: POSTGRES_MASTER_HOST + value: {{ template "postgresql.fullname" . }} + - name: POSTGRES_MASTER_PORT_NUMBER + value: {{ include "postgresql.port" . | quote }} + {{- if and .Values.postgresqlPostgresPassword (not (eq .Values.postgresqlUsername "postgres")) }} + {{- if .Values.usePasswordFile }} + - name: POSTGRES_POSTGRES_PASSWORD_FILE + value: "/opt/bitnami/postgresql/secrets/postgresql-postgres-password" + {{- else }} + - name: POSTGRES_POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "postgresql.secretName" . }} + key: postgresql-postgres-password + {{- end }} + {{- end }} + {{- if .Values.usePasswordFile }} + - name: POSTGRES_PASSWORD_FILE + value: "/opt/bitnami/postgresql/secrets/postgresql-password" + {{- else }} + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "postgresql.secretName" . }} + key: postgresql-password + {{- end }} + ports: + - name: tcp-postgresql + containerPort: {{ template "postgresql.port" . }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: + exec: + command: + - /bin/sh + - -c + {{- if (include "postgresql.database" .) }} + - exec pg_isready -U {{ include "postgresql.username" . | quote }} -d {{ (include "postgresql.database" .) | quote }} -h 127.0.0.1 -p {{ template "postgresql.port" . }} + {{- else }} + - exec pg_isready -U {{ include "postgresql.username" . | quote }} -h 127.0.0.1 -p {{ template "postgresql.port" . }} + {{- end }} + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: + exec: + command: + - /bin/sh + - -c + - -e + {{- include "postgresql.readinessProbeCommand" . | nindent 16 }} + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + {{- end }} + volumeMounts: + {{- if .Values.usePasswordFile }} + - name: postgresql-password + mountPath: /opt/bitnami/postgresql/secrets/ + {{- end }} + {{- if .Values.shmVolume.enabled }} + - name: dshm + mountPath: /dev/shm + {{- end }} + {{- if .Values.persistence.enabled }} + - name: data + mountPath: {{ .Values.persistence.mountPath }} + subPath: {{ .Values.persistence.subPath }} + {{ end }} + {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }} + - name: postgresql-extended-config + mountPath: /bitnami/postgresql/conf/conf.d/ + {{- end }} + {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap }} + - name: postgresql-config + mountPath: /bitnami/postgresql/conf + {{- end }} + {{- if .Values.slave.extraVolumeMounts }} + {{- toYaml .Values.slave.extraVolumeMounts | nindent 12 }} + {{- end }} +{{- if .Values.slave.sidecars }} +{{- include "postgresql.tplValue" ( dict "value" .Values.slave.sidecars "context" $ ) | nindent 8 }} +{{- end }} + volumes: + {{- if .Values.usePasswordFile }} + - name: postgresql-password + secret: + secretName: {{ template "postgresql.secretName" . }} + {{- end }} + {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap}} + - name: postgresql-config + configMap: + name: {{ template "postgresql.configurationCM" . }} + {{- end }} + {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }} + - name: postgresql-extended-config + configMap: + name: {{ template "postgresql.extendedConfigurationCM" . }} + {{- end }} + {{- if .Values.shmVolume.enabled }} + - name: dshm + emptyDir: + medium: Memory + sizeLimit: 1Gi + {{- end }} + {{- if not .Values.persistence.enabled }} + - name: data + emptyDir: {} + {{- end }} + {{- if .Values.slave.extraVolumes }} + {{- toYaml .Values.slave.extraVolumes | nindent 8 }} + {{- end }} + updateStrategy: + type: {{ .Values.updateStrategy.type }} + {{- if (eq "Recreate" .Values.updateStrategy.type) }} + rollingUpdate: null + {{- end }} +{{- if .Values.persistence.enabled }} + volumeClaimTemplates: + - metadata: + name: data + {{- with .Values.persistence.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value }} + {{- end }} + {{- end }} + spec: + accessModes: + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{ include "postgresql.storageClass" . }} +{{- end }} +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/statefulset.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/statefulset.yaml new file mode 100644 index 000000000..66eaa01d1 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/statefulset.yaml @@ -0,0 +1,453 @@ +apiVersion: {{ template "postgresql.statefulset.apiVersion" . }} +kind: StatefulSet +metadata: + name: {{ template "postgresql.master.fullname" . }} + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} + {{- with .Values.master.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.master.annotations }} + annotations: {{ toYaml . | nindent 4 }} + {{- end }} +spec: + serviceName: {{ template "postgresql.fullname" . }}-headless + replicas: 1 + updateStrategy: + type: {{ .Values.updateStrategy.type }} + {{- if (eq "Recreate" .Values.updateStrategy.type) }} + rollingUpdate: null + {{- end }} + selector: + matchLabels: + app: {{ template "postgresql.name" . }} + release: {{ .Release.Name | quote }} + role: master + template: + metadata: + name: {{ template "postgresql.fullname" . }} + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} + role: master + {{- with .Values.master.podLabels }} + {{- toYaml . | indent 8 }} + {{- end }} + {{- with .Values.master.podAnnotations }} + annotations: {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- if .Values.schedulerName }} + schedulerName: "{{ .Values.schedulerName }}" + {{- end }} +{{- include "postgresql.imagePullSecrets" . | indent 6 }} + {{- if .Values.master.nodeSelector }} + nodeSelector: {{- toYaml .Values.master.nodeSelector | nindent 8 }} + {{- end }} + {{- if .Values.master.affinity }} + affinity: {{- toYaml .Values.master.affinity | nindent 8 }} + {{- end }} + {{- if .Values.master.tolerations }} + tolerations: {{- toYaml .Values.master.tolerations | nindent 8 }} + {{- end }} + {{- if .Values.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} + {{- end }} + {{- if .Values.securityContext.enabled }} + securityContext: + fsGroup: {{ .Values.securityContext.fsGroup }} + {{- end }} + {{- if .Values.serviceAccount.enabled }} + serviceAccountName: {{ default (include "postgresql.fullname" . ) .Values.serviceAccount.name }} + {{- end }} + {{- if or .Values.master.extraInitContainers (and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled))) }} + initContainers: + {{- if and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled)) }} + - name: init-chmod-data + image: {{ template "postgresql.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + command: + - /bin/sh + - -cx + - | + {{- if .Values.persistence.enabled }} + mkdir -p {{ .Values.persistence.mountPath }}/conf {{ .Values.persistence.mountPath }}/data + chmod 700 {{ .Values.persistence.mountPath }}/conf {{ .Values.persistence.mountPath }}/data + find {{ .Values.persistence.mountPath }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | \ + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + xargs chown -R `id -u`:`id -G | cut -d " " -f2` + {{- else }} + xargs chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} + {{- end }} + {{- end }} + {{- if and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled }} + chmod -R 777 /dev/shm + {{- end }} + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + securityContext: + {{- else }} + securityContext: + runAsUser: {{ .Values.volumePermissions.securityContext.runAsUser }} + {{- end }} + volumeMounts: + {{- if .Values.persistence.enabled }} + - name: data + mountPath: {{ .Values.persistence.mountPath }} + subPath: {{ .Values.persistence.subPath }} + {{- end }} + {{- if .Values.shmVolume.enabled }} + - name: dshm + mountPath: /dev/shm + {{- end }} + {{- end }} + {{- if .Values.master.extraInitContainers }} + {{- tpl .Values.master.extraInitContainers . | nindent 8 }} + {{- end }} + {{- end }} + {{- if .Values.master.priorityClassName }} + priorityClassName: {{ .Values.master.priorityClassName }} + {{- end }} + containers: + - name: {{ template "postgresql.fullname" . }} + image: {{ template "postgresql.image" . }} + imagePullPolicy: "{{ .Values.image.pullPolicy }}" + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + {{- if .Values.securityContext.enabled }} + securityContext: + runAsUser: {{ .Values.securityContext.runAsUser }} + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" .Values.image.debug | quote }} + - name: POSTGRESQL_PORT_NUMBER + value: "{{ template "postgresql.port" . }}" + - name: POSTGRESQL_VOLUME_DIR + value: "{{ .Values.persistence.mountPath }}" + {{- if .Values.postgresqlInitdbArgs }} + - name: POSTGRES_INITDB_ARGS + value: {{ .Values.postgresqlInitdbArgs | quote }} + {{- end }} + {{- if .Values.postgresqlInitdbWalDir }} + - name: POSTGRES_INITDB_WALDIR + value: {{ .Values.postgresqlInitdbWalDir | quote }} + {{- end }} + {{- if .Values.initdbUser }} + - name: POSTGRESQL_INITSCRIPTS_USERNAME + value: {{ .Values.initdbUser }} + {{- end }} + {{- if .Values.initdbPassword }} + - name: POSTGRESQL_INITSCRIPTS_PASSWORD + value: {{ .Values.initdbPassword }} + {{- end }} + {{- if .Values.persistence.mountPath }} + - name: PGDATA + value: {{ .Values.postgresqlDataDir | quote }} + {{- end }} + {{- if .Values.replication.enabled }} + - name: POSTGRES_REPLICATION_MODE + value: "master" + - name: POSTGRES_REPLICATION_USER + value: {{ include "postgresql.replication.username" . | quote }} + {{- if .Values.usePasswordFile }} + - name: POSTGRES_REPLICATION_PASSWORD_FILE + value: "/opt/bitnami/postgresql/secrets/postgresql-replication-password" + {{- else }} + - name: POSTGRES_REPLICATION_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "postgresql.secretName" . }} + key: postgresql-replication-password + {{- end }} + {{- if not (eq .Values.replication.synchronousCommit "off")}} + - name: POSTGRES_SYNCHRONOUS_COMMIT_MODE + value: {{ .Values.replication.synchronousCommit | quote }} + - name: POSTGRES_NUM_SYNCHRONOUS_REPLICAS + value: {{ .Values.replication.numSynchronousReplicas | quote }} + {{- end }} + - name: POSTGRES_CLUSTER_APP_NAME + value: {{ .Values.replication.applicationName }} + {{- end }} + {{- if and .Values.postgresqlPostgresPassword (not (eq .Values.postgresqlUsername "postgres")) }} + {{- if .Values.usePasswordFile }} + - name: POSTGRES_POSTGRES_PASSWORD_FILE + value: "/opt/bitnami/postgresql/secrets/postgresql-postgres-password" + {{- else }} + - name: POSTGRES_POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "postgresql.secretName" . }} + key: postgresql-postgres-password + {{- end }} + {{- end }} + - name: POSTGRES_USER + value: {{ include "postgresql.username" . | quote }} + {{- if .Values.usePasswordFile }} + - name: POSTGRES_PASSWORD_FILE + value: "/opt/bitnami/postgresql/secrets/postgresql-password" + {{- else }} + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "postgresql.secretName" . }} + key: postgresql-password + {{- end }} + {{- if (include "postgresql.database" .) }} + - name: POSTGRES_DB + value: {{ (include "postgresql.database" .) | quote }} + {{- end }} + {{- if .Values.extraEnv }} + {{- include "postgresql.tplValue" (dict "value" .Values.extraEnv "context" $) | nindent 12 }} + {{- end }} + - name: POSTGRESQL_ENABLE_LDAP + value: {{ ternary "yes" "no" .Values.ldap.enabled | quote }} + {{- if .Values.ldap.enabled }} + - name: POSTGRESQL_LDAP_SERVER + value: {{ .Values.ldap.server }} + - name: POSTGRESQL_LDAP_PORT + value: {{ .Values.ldap.port | quote }} + - name: POSTGRESQL_LDAP_SCHEME + value: {{ .Values.ldap.scheme }} + {{- if .Values.ldap.tls }} + - name: POSTGRESQL_LDAP_TLS + value: "1" + {{- end}} + - name: POSTGRESQL_LDAP_PREFIX + value: {{ .Values.ldap.prefix | quote }} + - name: POSTGRESQL_LDAP_SUFFIX + value: {{ .Values.ldap.suffix | quote}} + - name: POSTGRESQL_LDAP_BASE_DN + value: {{ .Values.ldap.baseDN }} + - name: POSTGRESQL_LDAP_BIND_DN + value: {{ .Values.ldap.bindDN }} + {{- if (not (empty .Values.ldap.bind_password)) }} + - name: POSTGRESQL_LDAP_BIND_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "postgresql.secretName" . }} + key: postgresql-ldap-password + {{- end}} + - name: POSTGRESQL_LDAP_SEARCH_ATTR + value: {{ .Values.ldap.search_attr }} + - name: POSTGRESQL_LDAP_SEARCH_FILTER + value: {{ .Values.ldap.search_filter }} + - name: POSTGRESQL_LDAP_URL + value: {{ .Values.ldap.url }} + {{- end}} + {{- if .Values.extraEnvVarsCM }} + envFrom: + - configMapRef: + name: {{ tpl .Values.extraEnvVarsCM . }} + {{- end }} + ports: + - name: tcp-postgresql + containerPort: {{ template "postgresql.port" . }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: + exec: + command: + - /bin/sh + - -c + {{- if (include "postgresql.database" .) }} + - exec pg_isready -U {{ include "postgresql.username" . | quote }} -d {{ (include "postgresql.database" .) | quote }} -h 127.0.0.1 -p {{ template "postgresql.port" . }} + {{- else }} + - exec pg_isready -U {{ include "postgresql.username" . | quote }} -h 127.0.0.1 -p {{ template "postgresql.port" . }} + {{- end }} + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: + exec: + command: + - /bin/sh + - -c + - -e + {{- include "postgresql.readinessProbeCommand" . | nindent 16 }} + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + {{- end }} + volumeMounts: + {{- if or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScriptsConfigMap .Values.initdbScripts }} + - name: custom-init-scripts + mountPath: /docker-entrypoint-initdb.d/ + {{- end }} + {{- if .Values.initdbScriptsSecret }} + - name: custom-init-scripts-secret + mountPath: /docker-entrypoint-initdb.d/secret + {{- end }} + {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }} + - name: postgresql-extended-config + mountPath: /bitnami/postgresql/conf/conf.d/ + {{- end }} + {{- if .Values.usePasswordFile }} + - name: postgresql-password + mountPath: /opt/bitnami/postgresql/secrets/ + {{- end }} + {{- if .Values.shmVolume.enabled }} + - name: dshm + mountPath: /dev/shm + {{- end }} + {{- if .Values.persistence.enabled }} + - name: data + mountPath: {{ .Values.persistence.mountPath }} + subPath: {{ .Values.persistence.subPath }} + {{- end }} + {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap }} + - name: postgresql-config + mountPath: /bitnami/postgresql/conf + {{- end }} + {{- if .Values.master.extraVolumeMounts }} + {{- toYaml .Values.master.extraVolumeMounts | nindent 12 }} + {{- end }} +{{- if .Values.master.sidecars }} +{{- include "postgresql.tplValue" ( dict "value" .Values.master.sidecars "context" $ ) | nindent 8 }} +{{- end }} +{{- if .Values.metrics.enabled }} + - name: metrics + image: {{ template "postgresql.metrics.image" . }} + imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} + {{- if .Values.metrics.securityContext.enabled }} + securityContext: + runAsUser: {{ .Values.metrics.securityContext.runAsUser }} + {{- end }} + env: + {{- $database := required "In order to enable metrics you need to specify a database (.Values.postgresqlDatabase or .Values.global.postgresql.postgresqlDatabase)" (include "postgresql.database" .) }} + - name: DATA_SOURCE_URI + value: {{ printf "127.0.0.1:%d/%s?sslmode=disable" (int (include "postgresql.port" .)) $database | quote }} + {{- if .Values.usePasswordFile }} + - name: DATA_SOURCE_PASS_FILE + value: "/opt/bitnami/postgresql/secrets/postgresql-password" + {{- else }} + - name: DATA_SOURCE_PASS + valueFrom: + secretKeyRef: + name: {{ template "postgresql.secretName" . }} + key: postgresql-password + {{- end }} + - name: DATA_SOURCE_USER + value: {{ template "postgresql.username" . }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: / + port: http-metrics + initialDelaySeconds: {{ .Values.metrics.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.metrics.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.metrics.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.metrics.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.metrics.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: / + port: http-metrics + initialDelaySeconds: {{ .Values.metrics.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.metrics.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.metrics.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.metrics.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.metrics.readinessProbe.failureThreshold }} + {{- end }} + volumeMounts: + {{- if .Values.usePasswordFile }} + - name: postgresql-password + mountPath: /opt/bitnami/postgresql/secrets/ + {{- end }} + {{- if .Values.metrics.customMetrics }} + - name: custom-metrics + mountPath: /conf + readOnly: true + args: ["--extend.query-path", "/conf/custom-metrics.yaml"] + {{- end }} + ports: + - name: http-metrics + containerPort: 9187 + {{- if .Values.metrics.resources }} + resources: {{- toYaml .Values.metrics.resources | nindent 12 }} + {{- end }} +{{- end }} + volumes: + {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap}} + - name: postgresql-config + configMap: + name: {{ template "postgresql.configurationCM" . }} + {{- end }} + {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }} + - name: postgresql-extended-config + configMap: + name: {{ template "postgresql.extendedConfigurationCM" . }} + {{- end }} + {{- if .Values.usePasswordFile }} + - name: postgresql-password + secret: + secretName: {{ template "postgresql.secretName" . }} + {{- end }} + {{- if or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScriptsConfigMap .Values.initdbScripts }} + - name: custom-init-scripts + configMap: + name: {{ template "postgresql.initdbScriptsCM" . }} + {{- end }} + {{- if .Values.initdbScriptsSecret }} + - name: custom-init-scripts-secret + secret: + secretName: {{ template "postgresql.initdbScriptsSecret" . }} + {{- end }} + {{- if .Values.master.extraVolumes }} + {{- toYaml .Values.master.extraVolumes | nindent 8 }} + {{- end }} + {{- if and .Values.metrics.enabled .Values.metrics.customMetrics }} + - name: custom-metrics + configMap: + name: {{ template "postgresql.metricsCM" . }} + {{- end }} + {{- if .Values.shmVolume.enabled }} + - name: dshm + emptyDir: + medium: Memory + sizeLimit: 1Gi + {{- end }} +{{- if and .Values.persistence.enabled .Values.persistence.existingClaim }} + - name: data + persistentVolumeClaim: +{{- with .Values.persistence.existingClaim }} + claimName: {{ tpl . $ }} +{{- end }} +{{- else if not .Values.persistence.enabled }} + - name: data + emptyDir: {} +{{- else if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} + volumeClaimTemplates: + - metadata: + name: data + {{- with .Values.persistence.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value }} + {{- end }} + {{- end }} + spec: + accessModes: + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{ include "postgresql.storageClass" . }} +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/svc-headless.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/svc-headless.yaml new file mode 100644 index 000000000..5c71f468d --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/svc-headless.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "postgresql.fullname" . }}-headless + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} +spec: + type: ClusterIP + clusterIP: None + ports: + - name: tcp-postgresql + port: {{ template "postgresql.port" . }} + targetPort: tcp-postgresql + selector: + app: {{ template "postgresql.name" . }} + release: {{ .Release.Name | quote }} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/svc-read.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/svc-read.yaml new file mode 100644 index 000000000..92bdda80e --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/svc-read.yaml @@ -0,0 +1,42 @@ +{{- if .Values.replication.enabled }} +{{- $serviceAnnotations := coalesce .Values.slave.service.annotations .Values.service.annotations -}} +{{- $serviceType := coalesce .Values.slave.service.type .Values.service.type -}} +{{- $serviceLoadBalancerIP := coalesce .Values.slave.service.loadBalancerIP .Values.service.loadBalancerIP -}} +{{- $serviceLoadBalancerSourceRanges := coalesce .Values.slave.service.loadBalancerSourceRanges .Values.service.loadBalancerSourceRanges -}} +{{- $serviceClusterIP := coalesce .Values.slave.service.clusterIP .Values.service.clusterIP -}} +{{- $serviceNodePort := coalesce .Values.slave.service.nodePort .Values.service.nodePort -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "postgresql.fullname" . }}-read + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} + {{- if $serviceAnnotations }} + annotations: {{- include "postgresql.tplValue" (dict "value" $serviceAnnotations "context" $) | nindent 4 }} + {{- end }} +spec: + type: {{ $serviceType }} + {{- if and $serviceLoadBalancerIP (eq $serviceType "LoadBalancer") }} + loadBalancerIP: {{ $serviceLoadBalancerIP }} + {{- end }} + {{- if and (eq $serviceType "LoadBalancer") $serviceLoadBalancerSourceRanges }} + loadBalancerSourceRanges: {{- include "postgresql.tplValue" (dict "value" $serviceLoadBalancerSourceRanges "context" $) | nindent 4 }} + {{- end }} + {{- if and (eq $serviceType "ClusterIP") $serviceClusterIP }} + clusterIP: {{ $serviceClusterIP }} + {{- end }} + ports: + - name: tcp-postgresql + port: {{ template "postgresql.port" . }} + targetPort: tcp-postgresql + {{- if $serviceNodePort }} + nodePort: {{ $serviceNodePort }} + {{- end }} + selector: + app: {{ template "postgresql.name" . }} + release: {{ .Release.Name | quote }} + role: slave +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/svc.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/svc.yaml new file mode 100644 index 000000000..299e8d0b7 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/templates/svc.yaml @@ -0,0 +1,40 @@ +{{- $serviceAnnotations := coalesce .Values.master.service.annotations .Values.service.annotations -}} +{{- $serviceType := coalesce .Values.master.service.type .Values.service.type -}} +{{- $serviceLoadBalancerIP := coalesce .Values.master.service.loadBalancerIP .Values.service.loadBalancerIP -}} +{{- $serviceLoadBalancerSourceRanges := coalesce .Values.master.service.loadBalancerSourceRanges .Values.service.loadBalancerSourceRanges -}} +{{- $serviceClusterIP := coalesce .Values.master.service.clusterIP .Values.service.clusterIP -}} +{{- $serviceNodePort := coalesce .Values.master.service.nodePort .Values.service.nodePort -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "postgresql.fullname" . }} + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} + {{- if $serviceAnnotations }} + annotations: {{- include "postgresql.tplValue" (dict "value" $serviceAnnotations "context" $) | nindent 4 }} + {{- end }} +spec: + type: {{ $serviceType }} + {{- if and $serviceLoadBalancerIP (eq $serviceType "LoadBalancer") }} + loadBalancerIP: {{ $serviceLoadBalancerIP }} + {{- end }} + {{- if and (eq $serviceType "LoadBalancer") $serviceLoadBalancerSourceRanges }} + loadBalancerSourceRanges: {{- include "postgresql.tplValue" (dict "value" $serviceLoadBalancerSourceRanges "context" $) | nindent 4 }} + {{- end }} + {{- if and (eq $serviceType "ClusterIP") $serviceClusterIP }} + clusterIP: {{ $serviceClusterIP }} + {{- end }} + ports: + - name: tcp-postgresql + port: {{ template "postgresql.port" . }} + targetPort: tcp-postgresql + {{- if $serviceNodePort }} + nodePort: {{ $serviceNodePort }} + {{- end }} + selector: + app: {{ template "postgresql.name" . }} + release: {{ .Release.Name | quote }} + role: master diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/values-production.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/values-production.yaml new file mode 100644 index 000000000..d34e326ee --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/values-production.yaml @@ -0,0 +1,542 @@ +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry and imagePullSecrets +## +global: + postgresql: {} +# imageRegistry: myRegistryName +# imagePullSecrets: +# - myRegistryKeySecretName +# storageClass: myStorageClass + +## Bitnami PostgreSQL image version +## ref: https://hub.docker.com/r/bitnami/postgresql/tags/ +## +image: + registry: docker.io + repository: bitnami/postgresql + tag: 11.7.0-debian-10-r65 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + + ## Set to true if you would like to see extra information on logs + ## It turns BASH and NAMI debugging in minideb + ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging + debug: false + +## String to partially override postgresql.fullname template (will maintain the release name) +## +# nameOverride: + +## String to fully override postgresql.fullname template +## +# fullnameOverride: + +## +## Init containers parameters: +## volumePermissions: Change the owner of the persist volume mountpoint to RunAsUser:fsGroup +## +volumePermissions: + enabled: false + image: + registry: docker.io + repository: bitnami/minideb + tag: buster + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: Always + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + ## Init container Security Context + ## Note: the chown of the data folder is done to securityContext.runAsUser + ## and not the below volumePermissions.securityContext.runAsUser + ## When runAsUser is set to special value "auto", init container will try to chwon the + ## data folder to autodetermined user&group, using commands: `id -u`:`id -G | cut -d" " -f2` + ## "auto" is especially useful for OpenShift which has scc with dynamic userids (and 0 is not allowed). + ## You may want to use this volumePermissions.securityContext.runAsUser="auto" in combination with + ## pod securityContext.enabled=false and shmVolume.chmod.enabled=false + ## + securityContext: + runAsUser: 0 + +## Use an alternate scheduler, e.g. "stork". +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +# schedulerName: + +## Pod Security Context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +## +securityContext: + enabled: true + fsGroup: 1001 + runAsUser: 1001 + +## Pod Service Account +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ +serviceAccount: + enabled: false + ## Name of an already existing service account. Setting this value disables the automatic service account creation. + # name: + +replication: + enabled: true + user: repl_user + password: repl_password + slaveReplicas: 2 + ## Set synchronous commit mode: on, off, remote_apply, remote_write and local + ## ref: https://www.postgresql.org/docs/9.6/runtime-config-wal.html#GUC-WAL-LEVEL + synchronousCommit: "on" + ## From the number of `slaveReplicas` defined above, set the number of those that will have synchronous replication + ## NOTE: It cannot be > slaveReplicas + numSynchronousReplicas: 1 + ## Replication Cluster application name. Useful for defining multiple replication policies + applicationName: my_application + +## PostgreSQL admin password (used when `postgresqlUsername` is not `postgres`) +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-user-on-first-run (see note!) +# postgresqlPostgresPassword: + +## PostgreSQL user (has superuser privileges if username is `postgres`) +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run +postgresqlUsername: postgres + +## PostgreSQL password +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run +## +# postgresqlPassword: + +## PostgreSQL password using existing secret +## existingSecret: secret + +## Mount PostgreSQL secret as a file instead of passing environment variable +# usePasswordFile: false + +## Create a database +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-on-first-run +## +# postgresqlDatabase: + +## PostgreSQL data dir +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md +## +postgresqlDataDir: /bitnami/postgresql/data + +## An array to add extra environment variables +## For example: +## extraEnv: +## - name: FOO +## value: "bar" +## +# extraEnv: +extraEnv: [] + +## Name of a ConfigMap containing extra env vars +## +# extraEnvVarsCM: + +## Specify extra initdb args +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md +## +# postgresqlInitdbArgs: + +## Specify a custom location for the PostgreSQL transaction log +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md +## +# postgresqlInitdbWalDir: + +## PostgreSQL configuration +## Specify runtime configuration parameters as a dict, using camelCase, e.g. +## {"sharedBuffers": "500MB"} +## Alternatively, you can put your postgresql.conf under the files/ directory +## ref: https://www.postgresql.org/docs/current/static/runtime-config.html +## +# postgresqlConfiguration: + +## PostgreSQL extended configuration +## As above, but _appended_ to the main configuration +## Alternatively, you can put your *.conf under the files/conf.d/ directory +## https://github.com/bitnami/bitnami-docker-postgresql#allow-settings-to-be-loaded-from-files-other-than-the-default-postgresqlconf +## +# postgresqlExtendedConf: + +## PostgreSQL client authentication configuration +## Specify content for pg_hba.conf +## Default: do not create pg_hba.conf +## Alternatively, you can put your pg_hba.conf under the files/ directory +# pgHbaConfiguration: |- +# local all all trust +# host all all localhost trust +# host mydatabase mysuser 192.168.0.0/24 md5 + +## ConfigMap with PostgreSQL configuration +## NOTE: This will override postgresqlConfiguration and pgHbaConfiguration +# configurationConfigMap: + +## ConfigMap with PostgreSQL extended configuration +# extendedConfConfigMap: + +## initdb scripts +## Specify dictionary of scripts to be run at first boot +## Alternatively, you can put your scripts under the files/docker-entrypoint-initdb.d directory +## +# initdbScripts: +# my_init_script.sh: | +# #!/bin/sh +# echo "Do something." + +## Specify the PostgreSQL username and password to execute the initdb scripts +# initdbUser: +# initdbPassword: + +## ConfigMap with scripts to be run at first boot +## NOTE: This will override initdbScripts +# initdbScriptsConfigMap: + +## Secret with scripts to be run at first boot (in case it contains sensitive information) +## NOTE: This can work along initdbScripts or initdbScriptsConfigMap +# initdbScriptsSecret: + +## Optional duration in seconds the pod needs to terminate gracefully. +## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods +## +# terminationGracePeriodSeconds: 30 + +## LDAP configuration +## +ldap: + enabled: false + url: "" + server: "" + port: "" + prefix: "" + suffix: "" + baseDN: "" + bindDN: "" + bind_password: + search_attr: "" + search_filter: "" + scheme: "" + tls: false + +## PostgreSQL service configuration +service: + ## PosgresSQL service type + type: ClusterIP + # clusterIP: None + port: 5432 + + ## Specify the nodePort value for the LoadBalancer and NodePort service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + # nodePort: + + ## Provide any additional annotations which may be required. Evaluated as a template. + ## + annotations: {} + ## Set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + # loadBalancerIP: + + ## Load Balancer sources. Evaluated as a template. + ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## + # loadBalancerSourceRanges: + # - 10.10.10.0/24 + +## Start master and slave(s) pod(s) without limitations on shm memory. +## By default docker and containerd (and possibly other container runtimes) +## limit `/dev/shm` to `64M` (see e.g. the +## [docker issue](https://github.com/docker-library/postgres/issues/416) and the +## [containerd issue](https://github.com/containerd/containerd/issues/3654), +## which could be not enough if PostgreSQL uses parallel workers heavily. +## +shmVolume: + ## Set `shmVolume.enabled` to `true` to mount a new tmpfs volume to remove + ## this limitation. + ## + enabled: true + ## Set to `true` to `chmod 777 /dev/shm` on a initContainer. + ## This option is ingored if `volumePermissions.enabled` is `false` + ## + chmod: + enabled: true + +## PostgreSQL data Persistent Volume Storage Class +## If defined, storageClassName: +## If set to "-", storageClassName: "", which disables dynamic provisioning +## If undefined (the default) or set to null, no storageClassName spec is +## set, choosing the default provisioner. (gp2 on AWS, standard on +## GKE, AWS & OpenStack) +## +persistence: + enabled: true + ## A manually managed Persistent Volume and Claim + ## If defined, PVC must be created manually before volume will be bound + ## The value is evaluated as a template, so, for example, the name can depend on .Release or .Chart + ## + # existingClaim: + + ## The path the volume will be mounted at, useful when using different + ## PostgreSQL images. + ## + mountPath: /bitnami/postgresql + + ## The subdirectory of the volume to mount to, useful in dev environments + ## and one PV for multiple services. + ## + subPath: "" + + # storageClass: "-" + accessModes: + - ReadWriteOnce + size: 8Gi + annotations: {} + +## updateStrategy for PostgreSQL StatefulSet and its slaves StatefulSets +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies +updateStrategy: + type: RollingUpdate + +## +## PostgreSQL Master parameters +## +master: + ## Node, affinity, tolerations, and priorityclass settings for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature + ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption + nodeSelector: {} + affinity: {} + tolerations: [] + labels: {} + annotations: {} + podLabels: {} + podAnnotations: {} + priorityClassName: "" + ## Additional PostgreSQL Master Volume mounts + ## + extraVolumeMounts: [] + ## Additional PostgreSQL Master Volumes + ## + extraVolumes: [] + ## Add sidecars to the pod + ## + ## For example: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + sidecars: [] + + ## Override the service configuration for master + ## + service: {} + # type: + # nodePort: + # clusterIP: + +## +## PostgreSQL Slave parameters +## +slave: + ## Node, affinity, tolerations, and priorityclass settings for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature + ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption + nodeSelector: {} + affinity: {} + tolerations: [] + labels: {} + annotations: {} + podLabels: {} + podAnnotations: {} + priorityClassName: "" + ## Extra init containers + ## Example + ## + ## extraInitContainers: + ## - name: do-something + ## image: busybox + ## command: ['do', 'something'] + extraInitContainers: [] + ## Additional PostgreSQL Slave Volume mounts + ## + extraVolumeMounts: [] + ## Additional PostgreSQL Slave Volumes + ## + extraVolumes: [] + ## Add sidecars to the pod + ## + ## For example: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + sidecars: [] + + ## Override the service configuration for slave + ## + service: {} + # type: + # nodePort: + # clusterIP: + +## Configure resource requests and limits +## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +## +resources: + requests: + memory: 256Mi + cpu: 250m + +networkPolicy: + ## Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now. + ## + enabled: false + + ## The Policy model to apply. When set to false, only pods with the correct + ## client label will have network access to the port PostgreSQL is listening + ## on. When true, PostgreSQL will accept connections from any source + ## (with the correct destination port). + ## + allowExternal: true + + ## if explicitNamespacesSelector is missing or set to {}, only client Pods that are in the networkPolicy's namespace + ## and that match other criteria, the ones that have the good label, can reach the DB. + ## But sometimes, we want the DB to be accessible to clients from other namespaces, in this case, we can use this + ## LabelSelector to select these namespaces, note that the networkPolicy's namespace should also be explicitly added. + ## + ## Example: + ## explicitNamespacesSelector: + ## matchLabels: + ## role: frontend + ## matchExpressions: + ## - {key: role, operator: In, values: [frontend]} + explicitNamespacesSelector: {} + +## Configure extra options for liveness and readiness probes +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) +livenessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + +readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + +## Configure metrics exporter +## +metrics: + enabled: true + # resources: {} + service: + type: ClusterIP + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9187" + loadBalancerIP: + serviceMonitor: + enabled: false + additionalLabels: {} + # namespace: monitoring + # interval: 30s + # scrapeTimeout: 10s + ## Custom PrometheusRule to be defined + ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart + ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions + prometheusRule: + enabled: false + additionalLabels: {} + namespace: "" + ## These are just examples rules, please adapt them to your needs. + ## Make sure to constraint the rules to the current postgresql service. + ## rules: + ## - alert: HugeReplicationLag + ## expr: pg_replication_lag{service="{{ template "postgresql.fullname" . }}-metrics"} / 3600 > 1 + ## for: 1m + ## labels: + ## severity: critical + ## annotations: + ## description: replication for {{ template "postgresql.fullname" . }} PostgreSQL is lagging by {{ "{{ $value }}" }} hour(s). + ## summary: PostgreSQL replication is lagging by {{ "{{ $value }}" }} hour(s). + rules: [] + + image: + registry: docker.io + repository: bitnami/postgres-exporter + tag: 0.8.0-debian-10-r72 + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + ## Define additional custom metrics + ## ref: https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file + # customMetrics: + # pg_database: + # query: "SELECT d.datname AS name, CASE WHEN pg_catalog.has_database_privilege(d.datname, 'CONNECT') THEN pg_catalog.pg_database_size(d.datname) ELSE 0 END AS size FROM pg_catalog.pg_database d where datname not in ('template0', 'template1', 'postgres')" + # metrics: + # - name: + # usage: "LABEL" + # description: "Name of the database" + # - size_bytes: + # usage: "GAUGE" + # description: "Size of the database in bytes" + ## Pod Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + ## + securityContext: + enabled: false + runAsUser: 1001 + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) + ## Configure extra options for liveness and readiness probes + livenessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + + readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/values.schema.json b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/values.schema.json new file mode 100644 index 000000000..ac2de6e94 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/values.schema.json @@ -0,0 +1,103 @@ +{ + "$schema": "http://json-schema.org/schema#", + "type": "object", + "properties": { + "postgresqlUsername": { + "type": "string", + "title": "Admin user", + "form": true + }, + "postgresqlPassword": { + "type": "string", + "title": "Password", + "form": true + }, + "persistence": { + "type": "object", + "properties": { + "size": { + "type": "string", + "title": "Persistent Volume Size", + "form": true, + "render": "slider", + "sliderMin": 1, + "sliderMax": 100, + "sliderUnit": "Gi" + } + } + }, + "resources": { + "type": "object", + "title": "Required Resources", + "description": "Configure resource requests", + "form": true, + "properties": { + "requests": { + "type": "object", + "properties": { + "memory": { + "type": "string", + "form": true, + "render": "slider", + "title": "Memory Request", + "sliderMin": 10, + "sliderMax": 2048, + "sliderUnit": "Mi" + }, + "cpu": { + "type": "string", + "form": true, + "render": "slider", + "title": "CPU Request", + "sliderMin": 10, + "sliderMax": 2000, + "sliderUnit": "m" + } + } + } + } + }, + "replication": { + "type": "object", + "form": true, + "title": "Replication Details", + "properties": { + "enabled": { + "type": "boolean", + "title": "Enable Replication", + "form": true + }, + "slaveReplicas": { + "type": "integer", + "title": "Slave Replicas", + "form": true, + "hidden": { + "condition": false, + "value": "replication.enabled" + } + } + } + }, + "volumePermissions": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "form": true, + "title": "Enable Init Containers", + "description": "Change the owner of the persist volume mountpoint to RunAsUser:fsGroup" + } + } + }, + "metrics": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "title": "Configure metrics exporter", + "form": true + } + } + } + } +} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/values.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/values.yaml new file mode 100644 index 000000000..e14709a5e --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/charts/postgresql/values.yaml @@ -0,0 +1,548 @@ +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry and imagePullSecrets +## +global: + postgresql: {} +# imageRegistry: myRegistryName +# imagePullSecrets: +# - myRegistryKeySecretName +# storageClass: myStorageClass + +## Bitnami PostgreSQL image version +## ref: https://hub.docker.com/r/bitnami/postgresql/tags/ +## +image: + registry: docker.io + repository: bitnami/postgresql + tag: 11.7.0-debian-10-r65 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + + ## Set to true if you would like to see extra information on logs + ## It turns BASH and NAMI debugging in minideb + ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging + debug: false + +## String to partially override postgresql.fullname template (will maintain the release name) +## +# nameOverride: + +## String to fully override postgresql.fullname template +## +# fullnameOverride: + +## +## Init containers parameters: +## volumePermissions: Change the owner of the persist volume mountpoint to RunAsUser:fsGroup +## +volumePermissions: + enabled: false + image: + registry: docker.io + repository: bitnami/minideb + tag: buster + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: Always + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + ## Init container Security Context + ## Note: the chown of the data folder is done to securityContext.runAsUser + ## and not the below volumePermissions.securityContext.runAsUser + ## When runAsUser is set to special value "auto", init container will try to chwon the + ## data folder to autodetermined user&group, using commands: `id -u`:`id -G | cut -d" " -f2` + ## "auto" is especially useful for OpenShift which has scc with dynamic userids (and 0 is not allowed). + ## You may want to use this volumePermissions.securityContext.runAsUser="auto" in combination with + ## pod securityContext.enabled=false and shmVolume.chmod.enabled=false + ## + securityContext: + runAsUser: 0 + +## Use an alternate scheduler, e.g. "stork". +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +# schedulerName: + + +## Pod Security Context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +## +securityContext: + enabled: true + fsGroup: 1001 + runAsUser: 1001 + +## Pod Service Account +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ +serviceAccount: + enabled: false + ## Name of an already existing service account. Setting this value disables the automatic service account creation. + # name: + +replication: + enabled: false + user: repl_user + password: repl_password + slaveReplicas: 1 + ## Set synchronous commit mode: on, off, remote_apply, remote_write and local + ## ref: https://www.postgresql.org/docs/9.6/runtime-config-wal.html#GUC-WAL-LEVEL + synchronousCommit: "off" + ## From the number of `slaveReplicas` defined above, set the number of those that will have synchronous replication + ## NOTE: It cannot be > slaveReplicas + numSynchronousReplicas: 0 + ## Replication Cluster application name. Useful for defining multiple replication policies + applicationName: my_application + +## PostgreSQL admin password (used when `postgresqlUsername` is not `postgres`) +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-user-on-first-run (see note!) +# postgresqlPostgresPassword: + +## PostgreSQL user (has superuser privileges if username is `postgres`) +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run +postgresqlUsername: postgres + +## PostgreSQL password +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run +## +# postgresqlPassword: + +## PostgreSQL password using existing secret +## existingSecret: secret + +## Mount PostgreSQL secret as a file instead of passing environment variable +# usePasswordFile: false + +## Create a database +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-on-first-run +## +# postgresqlDatabase: + +## PostgreSQL data dir +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md +## +postgresqlDataDir: /bitnami/postgresql/data + +## An array to add extra environment variables +## For example: +## extraEnv: +## - name: FOO +## value: "bar" +## +# extraEnv: +extraEnv: [] + +## Name of a ConfigMap containing extra env vars +## +# extraEnvVarsCM: + +## Specify extra initdb args +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md +## +# postgresqlInitdbArgs: + +## Specify a custom location for the PostgreSQL transaction log +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md +## +# postgresqlInitdbWalDir: + +## PostgreSQL configuration +## Specify runtime configuration parameters as a dict, using camelCase, e.g. +## {"sharedBuffers": "500MB"} +## Alternatively, you can put your postgresql.conf under the files/ directory +## ref: https://www.postgresql.org/docs/current/static/runtime-config.html +## +# postgresqlConfiguration: + +## PostgreSQL extended configuration +## As above, but _appended_ to the main configuration +## Alternatively, you can put your *.conf under the files/conf.d/ directory +## https://github.com/bitnami/bitnami-docker-postgresql#allow-settings-to-be-loaded-from-files-other-than-the-default-postgresqlconf +## +# postgresqlExtendedConf: + +## PostgreSQL client authentication configuration +## Specify content for pg_hba.conf +## Default: do not create pg_hba.conf +## Alternatively, you can put your pg_hba.conf under the files/ directory +# pgHbaConfiguration: |- +# local all all trust +# host all all localhost trust +# host mydatabase mysuser 192.168.0.0/24 md5 + +## ConfigMap with PostgreSQL configuration +## NOTE: This will override postgresqlConfiguration and pgHbaConfiguration +# configurationConfigMap: + +## ConfigMap with PostgreSQL extended configuration +# extendedConfConfigMap: + +## initdb scripts +## Specify dictionary of scripts to be run at first boot +## Alternatively, you can put your scripts under the files/docker-entrypoint-initdb.d directory +## +# initdbScripts: +# my_init_script.sh: | +# #!/bin/sh +# echo "Do something." + +## ConfigMap with scripts to be run at first boot +## NOTE: This will override initdbScripts +# initdbScriptsConfigMap: + +## Secret with scripts to be run at first boot (in case it contains sensitive information) +## NOTE: This can work along initdbScripts or initdbScriptsConfigMap +# initdbScriptsSecret: + +## Specify the PostgreSQL username and password to execute the initdb scripts +# initdbUser: +# initdbPassword: + +## Optional duration in seconds the pod needs to terminate gracefully. +## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods +## +# terminationGracePeriodSeconds: 30 + +## LDAP configuration +## +ldap: + enabled: false + url: "" + server: "" + port: "" + prefix: "" + suffix: "" + baseDN: "" + bindDN: "" + bind_password: + search_attr: "" + search_filter: "" + scheme: "" + tls: false + +## PostgreSQL service configuration +service: + ## PosgresSQL service type + type: ClusterIP + # clusterIP: None + port: 5432 + + ## Specify the nodePort value for the LoadBalancer and NodePort service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + # nodePort: + + ## Provide any additional annotations which may be required. Evaluated as a template. + ## + annotations: {} + ## Set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + # loadBalancerIP: + + ## Load Balancer sources. Evaluated as a template. + ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## + # loadBalancerSourceRanges: + # - 10.10.10.0/24 + +## Start master and slave(s) pod(s) without limitations on shm memory. +## By default docker and containerd (and possibly other container runtimes) +## limit `/dev/shm` to `64M` (see e.g. the +## [docker issue](https://github.com/docker-library/postgres/issues/416) and the +## [containerd issue](https://github.com/containerd/containerd/issues/3654), +## which could be not enough if PostgreSQL uses parallel workers heavily. +## +shmVolume: + ## Set `shmVolume.enabled` to `true` to mount a new tmpfs volume to remove + ## this limitation. + ## + enabled: true + ## Set to `true` to `chmod 777 /dev/shm` on a initContainer. + ## This option is ingored if `volumePermissions.enabled` is `false` + ## + chmod: + enabled: true + +## PostgreSQL data Persistent Volume Storage Class +## If defined, storageClassName: +## If set to "-", storageClassName: "", which disables dynamic provisioning +## If undefined (the default) or set to null, no storageClassName spec is +## set, choosing the default provisioner. (gp2 on AWS, standard on +## GKE, AWS & OpenStack) +## +persistence: + enabled: true + ## A manually managed Persistent Volume and Claim + ## If defined, PVC must be created manually before volume will be bound + ## The value is evaluated as a template, so, for example, the name can depend on .Release or .Chart + ## + # existingClaim: + + ## The path the volume will be mounted at, useful when using different + ## PostgreSQL images. + ## + mountPath: /bitnami/postgresql + + ## The subdirectory of the volume to mount to, useful in dev environments + ## and one PV for multiple services. + ## + subPath: "" + + # storageClass: "-" + accessModes: + - ReadWriteOnce + size: 8Gi + annotations: {} + +## updateStrategy for PostgreSQL StatefulSet and its slaves StatefulSets +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies +updateStrategy: + type: RollingUpdate + +## +## PostgreSQL Master parameters +## +master: + ## Node, affinity, tolerations, and priorityclass settings for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature + ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption + nodeSelector: {} + affinity: {} + tolerations: [] + labels: {} + annotations: {} + podLabels: {} + podAnnotations: {} + priorityClassName: "" + ## Extra init containers + ## Example + ## + ## extraInitContainers: + ## - name: do-something + ## image: busybox + ## command: ['do', 'something'] + extraInitContainers: [] + + ## Additional PostgreSQL Master Volume mounts + ## + extraVolumeMounts: [] + ## Additional PostgreSQL Master Volumes + ## + extraVolumes: [] + ## Add sidecars to the pod + ## + ## For example: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + sidecars: [] + + ## Override the service configuration for master + ## + service: {} + # type: + # nodePort: + # clusterIP: + +## +## PostgreSQL Slave parameters +## +slave: + ## Node, affinity, tolerations, and priorityclass settings for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature + ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption + nodeSelector: {} + affinity: {} + tolerations: [] + labels: {} + annotations: {} + podLabels: {} + podAnnotations: {} + priorityClassName: "" + extraInitContainers: | + # - name: do-something + # image: busybox + # command: ['do', 'something'] + ## Additional PostgreSQL Slave Volume mounts + ## + extraVolumeMounts: [] + ## Additional PostgreSQL Slave Volumes + ## + extraVolumes: [] + ## Add sidecars to the pod + ## + ## For example: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + sidecars: [] + + ## Override the service configuration for slave + ## + service: {} + # type: + # nodePort: + # clusterIP: + +## Configure resource requests and limits +## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +## +resources: + requests: + memory: 256Mi + cpu: 250m + +networkPolicy: + ## Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now. + ## + enabled: false + + ## The Policy model to apply. When set to false, only pods with the correct + ## client label will have network access to the port PostgreSQL is listening + ## on. When true, PostgreSQL will accept connections from any source + ## (with the correct destination port). + ## + allowExternal: true + + ## if explicitNamespacesSelector is missing or set to {}, only client Pods that are in the networkPolicy's namespace + ## and that match other criteria, the ones that have the good label, can reach the DB. + ## But sometimes, we want the DB to be accessible to clients from other namespaces, in this case, we can use this + ## LabelSelector to select these namespaces, note that the networkPolicy's namespace should also be explicitly added. + ## + ## Example: + ## explicitNamespacesSelector: + ## matchLabels: + ## role: frontend + ## matchExpressions: + ## - {key: role, operator: In, values: [frontend]} + explicitNamespacesSelector: {} + +## Configure extra options for liveness and readiness probes +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) +livenessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + +readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + +## Configure metrics exporter +## +metrics: + enabled: false + # resources: {} + service: + type: ClusterIP + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9187" + loadBalancerIP: + serviceMonitor: + enabled: false + additionalLabels: {} + # namespace: monitoring + # interval: 30s + # scrapeTimeout: 10s + ## Custom PrometheusRule to be defined + ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart + ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions + prometheusRule: + enabled: false + additionalLabels: {} + namespace: "" + ## These are just examples rules, please adapt them to your needs. + ## Make sure to constraint the rules to the current postgresql service. + ## rules: + ## - alert: HugeReplicationLag + ## expr: pg_replication_lag{service="{{ template "postgresql.fullname" . }}-metrics"} / 3600 > 1 + ## for: 1m + ## labels: + ## severity: critical + ## annotations: + ## description: replication for {{ template "postgresql.fullname" . }} PostgreSQL is lagging by {{ "{{ $value }}" }} hour(s). + ## summary: PostgreSQL replication is lagging by {{ "{{ $value }}" }} hour(s). + rules: [] + + image: + registry: docker.io + repository: bitnami/postgres-exporter + tag: 0.8.0-debian-10-r72 + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + ## Define additional custom metrics + ## ref: https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file + # customMetrics: + # pg_database: + # query: "SELECT d.datname AS name, CASE WHEN pg_catalog.has_database_privilege(d.datname, 'CONNECT') THEN pg_catalog.pg_database_size(d.datname) ELSE 0 END AS size FROM pg_catalog.pg_database d where datname not in ('template0', 'template1', 'postgres')" + # metrics: + # - name: + # usage: "LABEL" + # description: "Name of the database" + # - size_bytes: + # usage: "GAUGE" + # description: "Size of the database in bytes" + ## Pod Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + ## + securityContext: + enabled: false + runAsUser: 1001 + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) + ## Configure extra options for liveness and readiness probes + livenessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + + readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/ci/access-tls-values.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/ci/access-tls-values.yaml new file mode 100644 index 000000000..2ba5a7af1 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/ci/access-tls-values.yaml @@ -0,0 +1,9 @@ +databaseUpgradeReady: true +artifactory: + masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF + +access: + accessConfig: + security: + tls: true + resetAccessCAKeys: true diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/ci/default-values.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/ci/default-values.yaml new file mode 100644 index 000000000..01310a3b7 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/ci/default-values.yaml @@ -0,0 +1,6 @@ +# Leave this file empty to ensure that CI runs builds against the default configuration in values.yaml. +databaseUpgradeReady: true +## This is an exception here because HA needs masterKey to connect with other node members and it is commented in values to support 6.x to 7.x Migration +## Please refer https://github.com/jfrog/charts/blob/master/stable/artifactory-ha/README.md#special-upgrade-notes-1 +artifactory: + masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/ci/migration-disabled-values.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/ci/migration-disabled-values.yaml new file mode 100644 index 000000000..148618353 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/ci/migration-disabled-values.yaml @@ -0,0 +1,5 @@ +databaseUpgradeReady: true +artifactory: + masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF + migration: + enabled: false diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/ci/test-values.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/ci/test-values.yaml new file mode 100644 index 000000000..0ee7cbdd2 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/ci/test-values.yaml @@ -0,0 +1,14 @@ +databaseUpgradeReady: true +artifactory: + masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF + persistence: + enabled: true + +postgresql: + image: + tag: 9.6.18-debian-10-r7 + postgresqlPassword: "password" + postgresqlExtendedConf: + maxConnections: "102" + persistence: + enabled: true diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/files/migrate.sh b/charts/artifactory-ha/artifactory-ha/3.0.1400/files/migrate.sh new file mode 100644 index 000000000..e35bfdbb2 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/files/migrate.sh @@ -0,0 +1,4339 @@ +#!/bin/bash + +# Flags +FLAG_Y="y" +FLAG_N="n" +FLAGS_Y_N="$FLAG_Y $FLAG_N" +FLAG_NOT_APPLICABLE="_NA_" + +CURRENT_VERSION=$1 + +WRAPPER_SCRIPT_TYPE_RPMDEB="RPMDEB" +WRAPPER_SCRIPT_TYPE_DOCKER_COMPOSE="DOCKERCOMPOSE" + +SENSITIVE_KEY_VALUE="__sensitive_key_hidden___" + +# Shared system keys +SYS_KEY_SHARED_JFROGURL="shared.jfrogUrl" +SYS_KEY_SHARED_SECURITY_JOINKEY="shared.security.joinKey" +SYS_KEY_SHARED_SECURITY_MASTERKEY="shared.security.masterKey" + +SYS_KEY_SHARED_NODE_ID="shared.node.id" +SYS_KEY_SHARED_JAVAHOME="shared.javaHome" + +SYS_KEY_SHARED_DATABASE_TYPE="shared.database.type" +SYS_KEY_SHARED_DATABASE_TYPE_VALUE_POSTGRES="postgresql" +SYS_KEY_SHARED_DATABASE_DRIVER="shared.database.driver" +SYS_KEY_SHARED_DATABASE_URL="shared.database.url" +SYS_KEY_SHARED_DATABASE_USERNAME="shared.database.username" +SYS_KEY_SHARED_DATABASE_PASSWORD="shared.database.password" + +SYS_KEY_SHARED_ELASTICSEARCH_URL="shared.elasticsearch.url" +SYS_KEY_SHARED_ELASTICSEARCH_USERNAME="shared.elasticsearch.username" +SYS_KEY_SHARED_ELASTICSEARCH_PASSWORD="shared.elasticsearch.password" +SYS_KEY_SHARED_ELASTICSEARCH_CLUSTERSETUP="shared.elasticsearch.clusterSetup" +SYS_KEY_SHARED_ELASTICSEARCH_UNICASTFILE="shared.elasticsearch.unicastFile" +SYS_KEY_SHARED_ELASTICSEARCH_CLUSTERSETUP_VALUE="YES" + +# Define this in product specific script. Should contain the path to unitcast file +# File used by insight server to write cluster active nodes info. This will be read by elasticsearch +#SYS_KEY_SHARED_ELASTICSEARCH_UNICASTFILE_VALUE="" + +SYS_KEY_RABBITMQ_ACTIVE_NODE_NAME="shared.rabbitMq.active.node.name" +SYS_KEY_RABBITMQ_ACTIVE_NODE_IP="shared.rabbitMq.active.node.ip" + +# Filenames +FILE_NAME_SYSTEM_YAML="system.yaml" +FILE_NAME_JOIN_KEY="join.key" +FILE_NAME_MASTER_KEY="master.key" +FILE_NAME_INSTALLER_YAML="installer.yaml" + +# Global constants used in business logic +NODE_TYPE_STANDALONE="standalone" +NODE_TYPE_CLUSTER_NODE="node" +NODE_TYPE_DATABASE="database" + +# External(isable) databases +DATABASE_POSTGRES="POSTGRES" +DATABASE_ELASTICSEARCH="ELASTICSEARCH" +DATABASE_RABBITMQ="RABBITMQ" + +POSTGRES_LABEL="PostgreSQL" +ELASTICSEARCH_LABEL="Elasticsearch" +RABBITMQ_LABEL="Rabbitmq" + +ARTIFACTORY_LABEL="Artifactory" +JFMC_LABEL="Mission Control" +DISTRIBUTION_LABEL="Distribution" +XRAY_LABEL="Xray" + +POSTGRES_CONTAINER="postgres" +ELASTICSEARCH_CONTAINER="elasticsearch" +RABBITMQ_CONTAINER="rabbitmq" +REDIS_CONTAINER="redis" + +#Adding a small timeout before a read ensures it is positioned correctly in the screen +read_timeout=0.5 + +# Options related to data directory location +PROMPT_DATA_DIR_LOCATION="Installation Directory" +KEY_DATA_DIR_LOCATION="installer.data_dir" + +SYS_KEY_SHARED_NODE_HAENABLED="shared.node.haEnabled" +PROMPT_ADD_TO_CLUSTER="Are you adding an additional node to an existing product cluster?" +KEY_ADD_TO_CLUSTER="installer.ha" +VALID_VALUES_ADD_TO_CLUSTER="$FLAGS_Y_N" + +MESSAGE_POSTGRES_INSTALL="The installer can install a $POSTGRES_LABEL database, or you can connect to an existing compatible $POSTGRES_LABEL database\n(compatible databases: https://www.jfrog.com/confluence/display/JFROG/System+Requirements#SystemRequirements-RequirementsMatrix)" +PROMPT_POSTGRES_INSTALL="Do you want to install $POSTGRES_LABEL?" +KEY_POSTGRES_INSTALL="installer.install_postgresql" +VALID_VALUES_POSTGRES_INSTALL="$FLAGS_Y_N" + +# Postgres connection details +RPM_DEB_POSTGRES_HOME_DEFAULT="/var/opt/jfrog/postgres" +RPM_DEB_MESSAGE_STANDALONE_POSTGRES_DATA="$POSTGRES_LABEL home will have data and its configuration" +RPM_DEB_PROMPT_STANDALONE_POSTGRES_DATA="Type desired $POSTGRES_LABEL home location" +RPM_DEB_KEY_STANDALONE_POSTGRES_DATA="installer.postgresql.home" + +MESSAGE_DATABASE_URL="Provide the database connection details" +PROMPT_DATABASE_URL(){ + local databaseURlExample= + case "$PRODUCT_NAME" in + $ARTIFACTORY_LABEL) + databaseURlExample="jdbc:postgresql://:/artifactory" + ;; + $JFMC_LABEL) + databaseURlExample="postgresql://:/mission_control?sslmode=disable" + ;; + $DISTRIBUTION_LABEL) + databaseURlExample="jdbc:postgresql://:/distribution?sslmode=disable" + ;; + $XRAY_LABEL) + databaseURlExample="postgres://:/xraydb?sslmode=disable" + ;; + esac + if [ -z "$databaseURlExample" ]; then + echo -n "$POSTGRES_LABEL URL" # For consistency with username and password + return + fi + echo -n "$POSTGRES_LABEL url. Example: [$databaseURlExample]" +} +REGEX_DATABASE_URL(){ + local databaseURlExample= + case "$PRODUCT_NAME" in + $ARTIFACTORY_LABEL) + databaseURlExample="jdbc:postgresql://.*/artifactory.*" + ;; + $JFMC_LABEL) + databaseURlExample="postgresql://.*/mission_control.*" + ;; + $DISTRIBUTION_LABEL) + databaseURlExample="jdbc:postgresql://.*/distribution.*" + ;; + $XRAY_LABEL) + databaseURlExample="postgres://.*/xraydb.*" + ;; + esac + echo -n "^$databaseURlExample\$" +} +ERROR_MESSAGE_DATABASE_URL="Invalid $POSTGRES_LABEL URL" +KEY_DATABASE_URL="$SYS_KEY_SHARED_DATABASE_URL" +#NOTE: It is important to display the label. Since the message may be hidden if URL is known +PROMPT_DATABASE_USERNAME="$POSTGRES_LABEL username" +KEY_DATABASE_USERNAME="$SYS_KEY_SHARED_DATABASE_USERNAME" +#NOTE: It is important to display the label. Since the message may be hidden if URL is known +PROMPT_DATABASE_PASSWORD="$POSTGRES_LABEL password" +KEY_DATABASE_PASSWORD="$SYS_KEY_SHARED_DATABASE_PASSWORD" +IS_SENSITIVE_DATABASE_PASSWORD="$FLAG_Y" + +MESSAGE_STANDALONE_ELASTICSEARCH_INSTALL="The installer can install a $ELASTICSEARCH_LABEL database or you can connect to an existing compatible $ELASTICSEARCH_LABEL database" +PROMPT_STANDALONE_ELASTICSEARCH_INSTALL="Do you want to install $ELASTICSEARCH_LABEL?" +KEY_STANDALONE_ELASTICSEARCH_INSTALL="installer.install_elasticsearch" +VALID_VALUES_STANDALONE_ELASTICSEARCH_INSTALL="$FLAGS_Y_N" + +# Elasticsearch connection details +MESSAGE_ELASTICSEARCH_DETAILS="Provide the $ELASTICSEARCH_LABEL connection details" +PROMPT_ELASTICSEARCH_URL="$ELASTICSEARCH_LABEL URL" +KEY_ELASTICSEARCH_URL="$SYS_KEY_SHARED_ELASTICSEARCH_URL" + +PROMPT_ELASTICSEARCH_USERNAME="$ELASTICSEARCH_LABEL username" +KEY_ELASTICSEARCH_USERNAME="$SYS_KEY_SHARED_ELASTICSEARCH_USERNAME" + +PROMPT_ELASTICSEARCH_PASSWORD="$ELASTICSEARCH_LABEL password" +KEY_ELASTICSEARCH_PASSWORD="$SYS_KEY_SHARED_ELASTICSEARCH_PASSWORD" +IS_SENSITIVE_ELASTICSEARCH_PASSWORD="$FLAG_Y" + +# Cluster related questions +MESSAGE_CLUSTER_MASTER_KEY="Provide the cluster's master key. It can be found in the data directory of the first node under /etc/security/master.key" +PROMPT_CLUSTER_MASTER_KEY="Master Key" +KEY_CLUSTER_MASTER_KEY="$SYS_KEY_SHARED_SECURITY_MASTERKEY" +IS_SENSITIVE_CLUSTER_MASTER_KEY="$FLAG_Y" + +MESSAGE_JOIN_KEY="The Join key is the secret key used to establish trust between services in the JFrog Platform.\n(You can copy the Join Key from Admin > Security > Settings)" +PROMPT_JOIN_KEY="Join Key" +KEY_JOIN_KEY="$SYS_KEY_SHARED_SECURITY_JOINKEY" +IS_SENSITIVE_JOIN_KEY="$FLAG_Y" +REGEX_JOIN_KEY="^[a-zA-Z0-9]{16,}\$" +ERROR_MESSAGE_JOIN_KEY="Invalid Join Key" + +# Rabbitmq related cluster information +MESSAGE_RABBITMQ_ACTIVE_NODE_NAME="Provide an active ${RABBITMQ_LABEL} node name. Run the command [ hostname -s ] on any of the existing nodes in the product cluster to get this" +PROMPT_RABBITMQ_ACTIVE_NODE_NAME="${RABBITMQ_LABEL} active node name" +KEY_RABBITMQ_ACTIVE_NODE_NAME="$SYS_KEY_RABBITMQ_ACTIVE_NODE_NAME" + +# Rabbitmq related cluster information (necessary only for docker-compose) +PROMPT_RABBITMQ_ACTIVE_NODE_IP="${RABBITMQ_LABEL} active node ip" +KEY_RABBITMQ_ACTIVE_NODE_IP="$SYS_KEY_RABBITMQ_ACTIVE_NODE_IP" + +MESSAGE_JFROGURL(){ + echo -e "The JFrog URL allows ${PRODUCT_NAME} to connect to a JFrog Platform Instance.\n(You can copy the JFrog URL from Admin > Security > Settings)" +} +PROMPT_JFROGURL="JFrog URL" +KEY_JFROGURL="$SYS_KEY_SHARED_JFROGURL" +REGEX_JFROGURL="^https?://.*:{0,}[0-9]{0,4}\$" +ERROR_MESSAGE_JFROGURL="Invalid JFrog URL" + + +# Set this to FLAG_Y on upgrade +IS_UPGRADE="${FLAG_N}" + +# This belongs in JFMC but is the ONLY one that needs it so keeping it here for now. Can be made into a method and overridden if necessary +MESSAGE_MULTIPLE_PG_SCHEME="Please setup $POSTGRES_LABEL with schema as described in https://www.jfrog.com/confluence/display/JFROG/Installing+Mission+Control" + +_getMethodOutputOrVariableValue() { + unset EFFECTIVE_MESSAGE + local keyToSearch=$1 + local effectiveMessage= + local result="0" + # logSilly "Searching for method: [$keyToSearch]" + LC_ALL=C type "$keyToSearch" > /dev/null 2>&1 || result="$?" + if [[ "$result" == "0" ]]; then + # logSilly "Found method for [$keyToSearch]" + EFFECTIVE_MESSAGE="$($keyToSearch)" + return + fi + eval EFFECTIVE_MESSAGE=\${$keyToSearch} + if [ ! -z "$EFFECTIVE_MESSAGE" ]; then + return + fi + # logSilly "Didn't find method or variable for [$keyToSearch]" +} + + +# REF https://misc.flogisoft.com/bash/tip_colors_and_formatting +cClear="\e[0m" +cBlue="\e[38;5;69m" +cRedDull="\e[1;31m" +cYellow="\e[1;33m" +cRedBright="\e[38;5;197m" +cBold="\e[1m" + + +_loggerGetModeRaw() { + local MODE="$1" + case $MODE in + INFO) + printf "" + ;; + DEBUG) + printf "%s" "[${MODE}] " + ;; + WARN) + printf "${cRedDull}%s%s${cClear}" "[" "${MODE}" "] " + ;; + ERROR) + printf "${cRedBright}%s%s${cClear}" "[" "${MODE}" "] " + ;; + esac +} + + +_loggerGetMode() { + local MODE="$1" + case $MODE in + INFO) + printf "${cBlue}%s%-5s%s${cClear}" "[" "${MODE}" "]" + ;; + DEBUG) + printf "%-7s" "[${MODE}]" + ;; + WARN) + printf "${cRedDull}%s%-5s%s${cClear}" "[" "${MODE}" "]" + ;; + ERROR) + printf "${cRedBright}%s%-5s%s${cClear}" "[" "${MODE}" "]" + ;; + esac +} + +# Capitalises the first letter of the message +_loggerGetMessage() { + local originalMessage="$*" + local firstChar=$(echo "${originalMessage:0:1}" | awk '{ print toupper($0) }') + local resetOfMessage="${originalMessage:1}" + echo "$firstChar$resetOfMessage" +} + +# The spec also says content should be left-trimmed but this is not necessary in our case. We don't reach the limit. +_loggerGetStackTrace() { + printf "%s%-30s%s" "[" "$1:$2" "]" +} + +_loggerGetThread() { + printf "%s" "[main]" +} + +_loggerGetServiceType() { + printf "%s%-5s%s" "[" "shell" "]" +} + +#Trace ID is not applicable to scripts +_loggerGetTraceID() { + printf "%s" "[]" +} + +logRaw() { + echo "" + printf "$1" + echo "" +} + +logBold(){ + echo "" + printf "${cBold}$1${cClear}" + echo "" +} + +# The date binary works differently based on whether it is GNU/BSD +is_date_supported=0 +date --version > /dev/null 2>&1 || is_date_supported=1 +IS_GNU=$(echo $is_date_supported) + +_loggerGetTimestamp() { + if [ "${IS_GNU}" == "0" ]; then + echo -n $(date -u +%FT%T.%3NZ) + else + echo -n $(date -u +%FT%T.000Z) + fi +} + +# https://www.shellscript.sh/tips/spinner/ +_spin() +{ + spinner="/|\\-/|\\-" + while : + do + for i in `seq 0 7` + do + echo -n "${spinner:$i:1}" + echo -en "\010" + sleep 1 + done + done +} + +showSpinner() { + # Start the Spinner: + _spin & + # Make a note of its Process ID (PID): + SPIN_PID=$! + # Kill the spinner on any signal, including our own exit. + trap "kill -9 $SPIN_PID" `seq 0 15` &> /dev/null || return 0 +} + +stopSpinner() { + local occurrences=$(ps -ef | grep -wc "${SPIN_PID}") + let "occurrences+=0" + # validate that it is present (2 since this search itself will show up in the results) + if [ $occurrences -gt 1 ]; then + kill -9 $SPIN_PID &>/dev/null || return 0 + wait $SPIN_ID &>/dev/null + fi +} + +_getEffectiveMessage(){ + local MESSAGE="$1" + local MODE=${2-"INFO"} + + if [ -z "$CONTEXT" ]; then + CONTEXT=$(caller) + fi + + _EFFECTIVE_MESSAGE= + if [ -z "$LOG_BEHAVIOR_ADD_META" ]; then + _EFFECTIVE_MESSAGE="$(_loggerGetModeRaw $MODE)$(_loggerGetMessage $MESSAGE)" + else + local SERVICE_TYPE="script" + local TRACE_ID="" + local THREAD="main" + + local CONTEXT_LINE=$(echo "$CONTEXT" | awk '{print $1}') + local CONTEXT_FILE=$(echo "$CONTEXT" | awk -F"/" '{print $NF}') + + _EFFECTIVE_MESSAGE="$(_loggerGetTimestamp) $(_loggerGetServiceType) $(_loggerGetMode $MODE) $(_loggerGetTraceID) $(_loggerGetStackTrace $CONTEXT_FILE $CONTEXT_LINE) $(_loggerGetThread) - $(_loggerGetMessage $MESSAGE)" + fi + CONTEXT= +} + +# Important - don't call any log method from this method. Will become an infinite loop. Use echo to debug +_logToFile() { + local MODE=${1-"INFO"} + local targetFile="$LOG_BEHAVIOR_ADD_REDIRECTION" + # IF the file isn't passed, abort + if [ -z "$targetFile" ]; then + return + fi + # IF this is not being run in verbose mode and mode is debug or lower, abort + if [ "${VERBOSE_MODE}" != "$FLAG_Y" ] && [ "${VERBOSE_MODE}" != "true" ] && [ "${VERBOSE_MODE}" != "debug" ]; then + if [ "$MODE" == "DEBUG" ] || [ "$MODE" == "SILLY" ]; then + return + fi + fi + + # Create the file if it doesn't exist + if [ ! -f "${targetFile}" ]; then + return + # touch $targetFile > /dev/null 2>&1 || true + fi + # # Make it readable + # chmod 640 $targetFile > /dev/null 2>&1 || true + + # Log contents + printf "%s\n" "$_EFFECTIVE_MESSAGE" >> "$targetFile" || true +} + +logger() { + if [ "$LOG_BEHAVIOR_ADD_NEW_LINE" == "$FLAG_Y" ]; then + echo "" + fi + _getEffectiveMessage "$@" + local MODE=${2-"INFO"} + printf "%s\n" "$_EFFECTIVE_MESSAGE" + _logToFile "$MODE" +} + +logDebug(){ + VERBOSE_MODE=${VERBOSE_MODE-"false"} + CONTEXT=$(caller) + if [ "${VERBOSE_MODE}" == "$FLAG_Y" ] || [ "${VERBOSE_MODE}" == "true" ] || [ "${VERBOSE_MODE}" == "debug" ];then + logger "$1" "DEBUG" + else + logger "$1" "DEBUG" >&6 + fi + CONTEXT= +} + +logSilly(){ + VERBOSE_MODE=${VERBOSE_MODE-"false"} + CONTEXT=$(caller) + if [ "${VERBOSE_MODE}" == "silly" ];then + logger "$1" "DEBUG" + else + logger "$1" "DEBUG" >&6 + fi + CONTEXT= +} + +logError() { + CONTEXT=$(caller) + logger "$1" "ERROR" + CONTEXT= +} + +errorExit () { + CONTEXT=$(caller) + logger "$1" "ERROR" + CONTEXT= + exit 1 +} + +warn () { + CONTEXT=$(caller) + logger "$1" "WARN" + CONTEXT= +} + +note () { + CONTEXT=$(caller) + logger "$1" "NOTE" + CONTEXT= +} + +bannerStart() { + title=$1 + echo + echo -e "\033[1m${title}\033[0m" + echo +} + +bannerSection() { + title=$1 + echo + echo -e "******************************** ${title} ********************************" + echo +} + +bannerSubSection() { + title=$1 + echo + echo -e "************** ${title} *******************" + echo +} + +bannerMessge() { + title=$1 + echo + echo -e "********************************" + echo -e "${title}" + echo -e "********************************" + echo +} + +setRed () { + local input="$1" + echo -e \\033[31m${input}\\033[0m +} +setGreen () { + local input="$1" + echo -e \\033[32m${input}\\033[0m +} +setYellow () { + local input="$1" + echo -e \\033[33m${input}\\033[0m +} + +logger_addLinebreak () { + echo -e "---\n" +} + +bannerImportant() { + title=$1 + local bold="\033[1m" + local noColour="\033[0m" + echo + echo -e "${bold}######################################## IMPORTANT ########################################${noColour}" + echo -e "${bold}${title}${noColour}" + echo -e "${bold}###########################################################################################${noColour}" + echo +} + +bannerEnd() { + #TODO pass a title and calculate length dynamically so that start and end look alike + echo + echo "*****************************************************************************" + echo +} + +banner() { + title=$1 + content=$2 + bannerStart "${title}" + echo -e "$content" +} + +# The logic below helps us redirect content we'd normally hide to the log file. + # + # We have several commands which clutter the console with output and so use + # `cmd > /dev/null` - this redirects the command's output to null. + # + # However, the information we just hid maybe useful for support. Using the code pattern + # `cmd >&6` (instead of `cmd> >/dev/null` ), the command's output is hidden from the console + # but redirected to the installation log file + # + +#Default value of 6 is just null +exec 6>>/dev/null +redirectLogsToFile() { + echo "" + # local file=$1 + + # [ ! -z "${file}" ] || return 0 + + # local logDir=$(dirname "$file") + + # if [ ! -f "${file}" ]; then + # [ -d "${logDir}" ] || mkdir -p ${logDir} || \ + # ( echo "WARNING : Could not create parent directory (${logDir}) to redirect console log : ${file}" ; return 0 ) + # fi + + # #6 now points to the log file + # exec 6>>${file} + # #reference https://unix.stackexchange.com/questions/145651/using-exec-and-tee-to-redirect-logs-to-stdout-and-a-log-file-in-the-same-time + # exec 2>&1 > >(tee -a "${file}") +} + +# Check if a give key contains any sensitive string as part of it +# Based on the result, the caller can decide its value can be displayed or not +# Sample usage : isKeySensitive "${key}" && displayValue="******" || displayValue=${value} +isKeySensitive(){ + local key=$1 + local sensitiveKeys="password|secret|key|token" + + if [ -z "${key}" ]; then + return 1 + else + local lowercaseKey=$(echo "${key}" | tr '[:upper:]' '[:lower:]' 2>/dev/null) + [[ "${lowercaseKey}" =~ ${sensitiveKeys} ]] && return 0 || return 1 + fi +} + +getPrintableValueOfKey(){ + local displayValue= + local key="$1" + if [ -z "$key" ]; then + # This is actually an incorrect usage of this method but any logging will cause unexpected content in the caller + echo -n "" + return + fi + + local value="$2" + isKeySensitive "${key}" && displayValue="$SENSITIVE_KEY_VALUE" || displayValue="${value}" + echo -n $displayValue +} + +_createConsoleLog(){ + if [ -z "${JF_PRODUCT_HOME}" ]; then + return + fi + local targetFile="${JF_PRODUCT_HOME}/var/log/console.log" + mkdir -p "${JF_PRODUCT_HOME}/var/log" || true + if [ ! -f ${targetFile} ]; then + touch $targetFile > /dev/null 2>&1 || true + fi + chmod 640 $targetFile > /dev/null 2>&1 || true +} + +# Output from application's logs are piped to this method. It checks a configuration variable to determine if content should be logged to +# the common console.log file +redirectServiceLogsToFile() { + + local result="0" + # check if the function getSystemValue exists + LC_ALL=C type getSystemValue > /dev/null 2>&1 || result="$?" + if [[ "$result" != "0" ]]; then + warn "Couldn't find the systemYamlHelper. Skipping log redirection" + return 0 + fi + + getSystemValue "shared.consoleLog" "NOT_SET" + if [[ "${YAML_VALUE}" == "false" ]]; then + logger "Redirection is set to false. Skipping log redirection" + return 0; + fi + + if [ -z "${JF_PRODUCT_HOME}" ] || [ "${JF_PRODUCT_HOME}" == "" ]; then + warn "JF_PRODUCT_HOME is unavailable. Skipping log redirection" + return 0 + fi + + local targetFile="${JF_PRODUCT_HOME}/var/log/console.log" + + _createConsoleLog + + while read -r line; do + printf '%s\n' "${line}" >> $targetFile || return 0 # Don't want to log anything - might clutter the screen + done +} + +## Display environment variables starting with JF_ along with its value +## Value of sensitive keys will be displayed as "******" +## +## Sample Display : +## +## ======================== +## JF Environment variables +## ======================== +## +## JF_SHARED_NODE_ID : locahost +## JF_SHARED_JOINKEY : ****** +## +## +displayEnv() { + local JFEnv=$(printenv | grep ^JF_ 2>/dev/null) + local key= + local value= + + if [ -z "${JFEnv}" ]; then + return + fi + + cat << ENV_START_MESSAGE + +======================== +JF Environment variables +======================== +ENV_START_MESSAGE + + for entry in ${JFEnv}; do + key=$(echo "${entry}" | awk -F'=' '{print $1}') + value=$(echo "${entry}" | awk -F'=' '{print $2}') + + isKeySensitive "${key}" && value="******" || value=${value} + + printf "\n%-35s%s" "${key}" " : ${value}" + done + echo; +} + +_addLogRotateConfiguration() { + logDebug "Method ${FUNCNAME[0]}" + # mandatory inputs + local confFile="$1" + local logFile="$2" + + # Method available in _ioOperations.sh + LC_ALL=C type io_setYQPath > /dev/null 2>&1 || return 1 + + io_setYQPath + + # Method available in _systemYamlHelper.sh + LC_ALL=C type getSystemValue > /dev/null 2>&1 || return 1 + + local frequency="daily" + local archiveFolder="archived" + + local compressLogFiles= + getSystemValue "shared.logging.rotation.compress" "true" + if [[ "${YAML_VALUE}" == "true" ]]; then + compressLogFiles="compress" + fi + + getSystemValue "shared.logging.rotation.maxFiles" "10" + local noOfBackupFiles="${YAML_VALUE}" + + getSystemValue "shared.logging.rotation.maxSizeMb" "25" + local sizeOfFile="${YAML_VALUE}M" + + logDebug "Adding logrotate configuration for [$logFile] to [$confFile]" + + # Add configuration to file + local confContent=$(cat << LOGROTATECONF +$logFile { + $frequency + missingok + rotate $noOfBackupFiles + $compressLogFiles + notifempty + olddir $archiveFolder + dateext + extension .log + dateformat -%Y-%m-%d + size ${sizeOfFile} +} +LOGROTATECONF +) + echo "${confContent}" > ${confFile} || return 1 +} + +_operationIsBySameUser() { + local targetUser="$1" + local currentUserID=$(id -u) + local currentUserName=$(id -un) + + if [ $currentUserID == $targetUser ] || [ $currentUserName == $targetUser ]; then + echo -n "yes" + else + echo -n "no" + fi +} + +_addCronJobForLogrotate() { + logDebug "Method ${FUNCNAME[0]}" + + # Abort if logrotate is not available + [ "$(io_commandExists 'crontab')" != "yes" ] && warn "cron is not available" && return 1 + + # mandatory inputs + local productHome="$1" + local confFile="$2" + local cronJobOwner="$3" + + # We want to use our binary if possible. It may be more recent than the one in the OS + local logrotateBinary="$productHome/app/third-party/logrotate/logrotate" + + if [ ! -f "$logrotateBinary" ]; then + logrotateBinary="logrotate" + [ "$(io_commandExists 'logrotate')" != "yes" ] && warn "logrotate is not available" && return 1 + fi + local cmd="$logrotateBinary ${confFile} --state $productHome/var/etc/logrotate/logrotate-state" #--verbose + + id -u $cronJobOwner > /dev/null 2>&1 || { warn "User $cronJobOwner does not exist. Aborting logrotate configuration" && return 1; } + + # Remove the existing line + removeLogRotation "$productHome" "$cronJobOwner" || true + + # Run logrotate daily at 23:55 hours + local cronInterval="55 23 * * * $cmd" + + local standaloneMode=$(_operationIsBySameUser "$cronJobOwner") + + # If this is standalone mode, we cannot use -u - the user running this process may not have the necessary privileges + if [ "$standaloneMode" == "no" ]; then + (crontab -l -u $cronJobOwner 2>/dev/null; echo "$cronInterval") | crontab -u $cronJobOwner - + else + (crontab -l 2>/dev/null; echo "$cronInterval") | crontab - + fi +} + +## Configure logrotate for a product +## Failure conditions: +## If logrotation could not be setup for some reason +## Parameters: +## $1: The product name +## $2: The product home +## Depends on global: none +## Updates global: none +## Returns: NA + +configureLogRotation() { + logDebug "Method ${FUNCNAME[0]}" + + # mandatory inputs + local productName="$1" + if [ -z $productName ]; then + warn "Incorrect usage. A product name is necessary for configuring log rotation" && return 1 + fi + + local productHome="$2" + if [ -z $productHome ]; then + warn "Incorrect usage. A product home folder is necessary for configuring log rotation" && return 1 + fi + + local logFile="${productHome}/var/log/console.log" + if [[ $(uname) == "Darwin" ]]; then + logger "Log rotation for [$logFile] has not been configured. Please setup manually" + return 0 + fi + + local userID="$3" + if [ -z $userID ]; then + warn "Incorrect usage. A userID is necessary for configuring log rotation" && return 1 + fi + + local groupID=${4:-$userID} + local logConfigOwner=${5:-$userID} + + logDebug "Configuring log rotation as user [$userID], group [$groupID], effective cron User [$logConfigOwner]" + + local errorMessage="Could not configure logrotate. Please configure log rotation of the file: [$logFile] manually" + + local confFile="${productHome}/var/etc/logrotate/logrotate.conf" + + # TODO move to recursive method + createDir "${productHome}" "$userID" "$groupID" || { warn "${errorMessage}" && return 1; } + createDir "${productHome}/var" "$userID" "$groupID" || { warn "${errorMessage}" && return 1; } + createDir "${productHome}/var/log" "$userID" "$groupID" || { warn "${errorMessage}" && return 1; } + createDir "${productHome}/var/log/archived" "$userID" "$groupID" || { warn "${errorMessage}" && return 1; } + + # TODO move to recursive method + createDir "${productHome}/var/etc" "$userID" "$groupID" || { warn "${errorMessage}" && return 1; } + createDir "${productHome}/var/etc/logrotate" "$logConfigOwner" || { warn "${errorMessage}" && return 1; } + + # conf file should be owned by the user running the script + createFile "${confFile}" "${logConfigOwner}" || { warn "Could not create configuration file [$confFile]" return 1; } + + _addLogRotateConfiguration "${confFile}" "${logFile}" "$userID" "$groupID" || { warn "${errorMessage}" && return 1; } + _addCronJobForLogrotate "${productHome}" "${confFile}" "${logConfigOwner}" || { warn "${errorMessage}" && return 1; } +} + +_pauseExecution() { + if [ "${VERBOSE_MODE}" == "debug" ]; then + + local breakPoint="$1" + if [ ! -z "$breakPoint" ]; then + printf "${cBlue}Breakpoint${cClear} [$breakPoint] " + echo "" + fi + printf "${cBlue}Press enter once you are ready to continue${cClear}" + read -s choice + echo "" + fi +} + +# removeLogRotation "$productHome" "$cronJobOwner" || true +removeLogRotation() { + logDebug "Method ${FUNCNAME[0]}" + if [[ $(uname) == "Darwin" ]]; then + logDebug "Not implemented for Darwin." + return 0 + fi + local productHome="$1" + local cronJobOwner="$2" + local standaloneMode=$(_operationIsBySameUser "$cronJobOwner") + + local confFile="${productHome}/var/etc/logrotate/logrotate.conf" + + if [ "$standaloneMode" == "no" ]; then + crontab -l -u $cronJobOwner 2>/dev/null | grep -v "$confFile" | crontab -u $cronJobOwner - + else + crontab -l 2>/dev/null | grep -v "$confFile" | crontab - + fi +} + +# NOTE: This method does not check the configuration to see if redirection is necessary. +# This is intentional. If we don't redirect, tomcat logs might get redirected to a folder/file +# that does not exist, causing the service itself to not start +setupTomcatRedirection() { + logDebug "Method ${FUNCNAME[0]}" + local consoleLog="${JF_PRODUCT_HOME}/var/log/console.log" + _createConsoleLog + export CATALINA_OUT="${consoleLog}" +} + +setupScriptLogsRedirection() { + logDebug "Method ${FUNCNAME[0]}" + if [ -z "${JF_PRODUCT_HOME}" ]; then + logDebug "No JF_PRODUCT_HOME. Returning" + return + fi + # Create the console.log file if it is not already present + # _createConsoleLog || true + # # Ensure any logs (logger/logError/warn) also get redirected to the console.log + # # Using installer.log as a temparory fix. Please change this to console.log once INST-291 is fixed + export LOG_BEHAVIOR_ADD_REDIRECTION="${JF_PRODUCT_HOME}/var/log/console.log" + export LOG_BEHAVIOR_ADD_META="$FLAG_Y" +} + +# Returns Y if this method is run inside a container +isRunningInsideAContainer() { + if [ -f "/.dockerenv" ]; then + echo -n "$FLAG_Y" + else + echo -n "$FLAG_N" + fi +} + +POSTGRES_USER=999 +NGINX_USER=104 +NGINX_GROUP=107 +ES_USER=1000 +REDIS_USER=999 +MONGO_USER=999 +RABBITMQ_USER=999 +LOG_FILE_PERMISSION=640 +PID_FILE_PERMISSION=644 + +# Copy file +copyFile(){ + local source=$1 + local target=$2 + local mode=${3:-overwrite} + local enableVerbose=${4:-"${FLAG_N}"} + local verboseFlag="" + + if [ ! -z "${enableVerbose}" ] && [ "${enableVerbose}" == "${FLAG_Y}" ]; then + verboseFlag="-v" + fi + + if [[ ! ( $source && $target ) ]]; then + warn "Source and target is mandatory to copy file" + return 1 + fi + + if [[ -f "${target}" ]]; then + [[ "$mode" = "overwrite" ]] && ( cp ${verboseFlag} -f "$source" "$target" || errorExit "Unable to copy file, command : cp -f ${source} ${target}") || true + else + cp ${verboseFlag} -f "$source" "$target" || errorExit "Unable to copy file, command : cp -f ${source} ${target}" + fi +} + +# Copy files recursively from given source directory to destination directory +# This method wil copy but will NOT overwrite +# Destination will be created if its not available +copyFilesNoOverwrite(){ + local src=$1 + local dest=$2 + local enableVerboseCopy="${3:-${FLAG_Y}}" + + if [[ -z "${src}" || -z "${dest}" ]]; then + return + fi + + if [ -d "${src}" ] && [ "$(ls -A ${src})" ]; then + local relativeFilePath="" + local targetFilePath="" + + for file in $(find ${src} -type f 2>/dev/null) ; do + # Derive relative path and attach it to destination + # Example : + # src=/extra_config + # dest=/var/opt/jfrog/artifactory/etc + # file=/extra_config/config.xml + # relativeFilePath=config.xml + # targetFilePath=/var/opt/jfrog/artifactory/etc/config.xml + relativeFilePath=${file/${src}/} + targetFilePath=${dest}${relativeFilePath} + + createDir "$(dirname "$targetFilePath")" + copyFile "${file}" "${targetFilePath}" "no_overwrite" "${enableVerboseCopy}" + done + fi +} + +# TODO : WINDOWS ? +# Check the max open files and open processes set on the system +checkULimits () { + local minMaxOpenFiles=${1:-32000} + local minMaxOpenProcesses=${2:-1024} + local setValue=${3:-true} + local warningMsgForFiles=${4} + local warningMsgForProcesses=${5} + + logger "Checking open files and processes limits" + + local currentMaxOpenFiles=$(ulimit -n) + logger "Current max open files is $currentMaxOpenFiles" + if [ ${currentMaxOpenFiles} != "unlimited" ] && [ "$currentMaxOpenFiles" -lt "$minMaxOpenFiles" ]; then + if [ "${setValue}" ]; then + ulimit -n "${minMaxOpenFiles}" >/dev/null 2>&1 || warn "Max number of open files $currentMaxOpenFiles is low!" + [ -z "${warningMsgForFiles}" ] || warn "${warningMsgForFiles}" + else + errorExit "Max number of open files $currentMaxOpenFiles, is too low. Cannot run the application!" + fi + fi + + local currentMaxOpenProcesses=$(ulimit -u) + logger "Current max open processes is $currentMaxOpenProcesses" + if [ "$currentMaxOpenProcesses" != "unlimited" ] && [ "$currentMaxOpenProcesses" -lt "$minMaxOpenProcesses" ]; then + if [ "${setValue}" ]; then + ulimit -u "${minMaxOpenProcesses}" >/dev/null 2>&1 || warn "Max number of open files $currentMaxOpenFiles is low!" + [ -z "${warningMsgForProcesses}" ] || warn "${warningMsgForProcesses}" + else + errorExit "Max number of open files $currentMaxOpenProcesses, is too low. Cannot run the application!" + fi + fi +} + +createDirs() { + local appDataDir=$1 + local serviceName=$2 + local folders="backup bootstrap data etc logs work" + + [ -z "${appDataDir}" ] && errorExit "An application directory is mandatory to create its data structure" || true + [ -z "${serviceName}" ] && errorExit "A service name is mandatory to create service data structure" || true + + for folder in ${folders} + do + folder=${appDataDir}/${folder}/${serviceName} + if [ ! -d "${folder}" ]; then + logger "Creating folder : ${folder}" + mkdir -p "${folder}" || errorExit "Failed to create ${folder}" + fi + done +} + + +testReadWritePermissions () { + local dir_to_check=$1 + local error=false + + [ -d ${dir_to_check} ] || errorExit "'${dir_to_check}' is not a directory" + + local test_file=${dir_to_check}/test-permissions + + # Write file + if echo test > ${test_file} 1> /dev/null 2>&1; then + # Write succeeded. Testing read... + if cat ${test_file} > /dev/null; then + rm -f ${test_file} + else + error=true + fi + else + error=true + fi + + if [ ${error} == true ]; then + return 1 + else + return 0 + fi +} + +# Test directory has read/write permissions for current user +testDirectoryPermissions () { + local dir_to_check=$1 + local error=false + + [ -d ${dir_to_check} ] || errorExit "'${dir_to_check}' is not a directory" + + local u_id=$(id -u) + local id_str="id ${u_id}" + + logger "Testing directory ${dir_to_check} has read/write permissions for user ${id_str}" + + if ! testReadWritePermissions ${dir_to_check}; then + error=true + fi + + if [ "${error}" == true ]; then + local stat_data=$(stat -Lc "Directory: %n, permissions: %a, owner: %U, group: %G" ${dir_to_check}) + logger "###########################################################" + logger "${dir_to_check} DOES NOT have proper permissions for user ${id_str}" + logger "${stat_data}" + logger "Mounted directory must have read/write permissions for user ${id_str}" + logger "###########################################################" + errorExit "Directory ${dir_to_check} has bad permissions for user ${id_str}" + fi + logger "Permissions for ${dir_to_check} are good" +} + +# Utility method to create a directory path recursively with chown feature as +# Failure conditions: +## Exits if unable to create a directory +# Parameters: +## $1: Root directory from where the path can be created +## $2: List of recursive child directories seperated by space +## $3: user who should own the directory. Optional +## $4: group who should own the directory. Optional +# Depends on global: none +# Updates global: none +# Returns: NA +# +# Usage: +# createRecursiveDir "/opt/jfrog/product/var" "bootstrap tomcat lib" "user_name" "group_name" +createRecursiveDir(){ + local rootDir=$1 + local pathDirs=$2 + local user=$3 + local group=${4:-${user}} + local fullPath= + + [ ! -z "${rootDir}" ] || return 0 + + createDir "${rootDir}" "${user}" "${group}" + + [ ! -z "${pathDirs}" ] || return 0 + + fullPath=${rootDir} + + for dir in ${pathDirs}; do + fullPath=${fullPath}/${dir} + createDir "${fullPath}" "${user}" "${group}" + done +} + +# Utility method to create a directory +# Failure conditions: +## Exits if unable to create a directory +# Parameters: +## $1: directory to create +## $2: user who should own the directory. Optional +## $3: group who should own the directory. Optional +# Depends on global: none +# Updates global: none +# Returns: NA + +createDir(){ + local dirName="$1" + local printMessage=no + logSilly "Method ${FUNCNAME[0]} invoked with [$dirName]" + [ -z "${dirName}" ] && return + + logDebug "Attempting to create ${dirName}" + mkdir -p "${dirName}" || errorExit "Unable to create directory: [${dirName}]" + local userID="$2" + local groupID=${3:-$userID} + + # If UID/GID is passed, chown the folder + if [ ! -z "$userID" ] && [ ! -z "$groupID" ]; then + # Earlier, this line would have returned 1 if it failed. Now it just warns. + # This is intentional. Earlier, this line would NOT be reached if the folder already existed. + # Since it will always come to this line and the script may be running as a non-root user, this method will just warn if + # setting permissions fails (so as to not affect any existing flows) + io_setOwnershipNonRecursive "$dirName" "$userID" "$groupID" || warn "Could not set owner of [$dirName] to [$userID:$groupID]" + fi + # logging message to print created dir with user and group + local logMessage=${4:-$printMessage} + if [[ "${logMessage}" == "yes" ]]; then + logger "Successfully created directory [${dirName}]. Owner: [${userID}:${groupID}]" + fi +} + +removeSoftLinkAndCreateDir () { + local dirName="$1" + local userID="$2" + local groupID="$3" + local logMessage="$4" + removeSoftLink "${dirName}" + createDir "${dirName}" "${userID}" "${groupID}" "${logMessage}" +} + +# Utility method to remove a soft link +removeSoftLink () { + local dirName="$1" + if [[ -L "${dirName}" ]]; then + targetLink=$(readlink -f "${dirName}") + logger "Removing the symlink [${dirName}] pointing to [${targetLink}]" + rm -f "${dirName}" + fi +} + +# Check Directory exist in the path +checkDirExists () { + local directoryPath="$1" + + [[ -d "${directoryPath}" ]] && echo -n "true" || echo -n "false" +} + + +# Utility method to create a file +# Failure conditions: +# Parameters: +## $1: file to create +# Depends on global: none +# Updates global: none +# Returns: NA + +createFile(){ + local fileName="$1" + logSilly "Method ${FUNCNAME[0]} [$fileName]" + [ -f "${fileName}" ] && return 0 + touch "${fileName}" || return 1 + + local userID="$2" + local groupID=${3:-$userID} + + # If UID/GID is passed, chown the folder + if [ ! -z "$userID" ] && [ ! -z "$groupID" ]; then + io_setOwnership "$fileName" "$userID" "$groupID" || return 1 + fi +} + +# Check File exist in the filePath +# IMPORTANT- DON'T ADD LOGGING to this method +checkFileExists () { + local filePath="$1" + + [[ -f "${filePath}" ]] && echo -n "true" || echo -n "false" +} + +# Check for directories contains any (files or sub directories) +# IMPORTANT- DON'T ADD LOGGING to this method +checkDirContents () { + local directoryPath="$1" + if [[ "$(ls -1 "${directoryPath}" | wc -l)" -gt 0 ]]; then + echo -n "true" + else + echo -n "false" + fi +} + +# Check contents exist in directory +# IMPORTANT- DON'T ADD LOGGING to this method +checkContentExists () { + local source="$1" + + if [[ "$(checkDirContents "${source}")" != "true" ]]; then + echo -n "false" + else + echo -n "true" + fi +} + +# Resolve the variable +# IMPORTANT- DON'T ADD LOGGING to this method +evalVariable () { + local output="$1" + local input="$2" + + eval "${output}"=\${"${input}"} + eval echo \${"${output}"} +} + +# Usage: if [ "$(io_commandExists 'curl')" == "yes" ] +# IMPORTANT- DON'T ADD LOGGING to this method +io_commandExists() { + local commandToExecute="$1" + hash "${commandToExecute}" 2>/dev/null + local rt=$? + if [ "$rt" == 0 ]; then echo -n "yes"; else echo -n "no"; fi +} + +# Usage: if [ "$(io_curlExists)" != "yes" ] +# IMPORTANT- DON'T ADD LOGGING to this method +io_curlExists() { + io_commandExists "curl" +} + + +io_hasMatch() { + logSilly "Method ${FUNCNAME[0]}" + local result=0 + logDebug "Executing [echo \"$1\" | grep \"$2\" >/dev/null 2>&1]" + echo "$1" | grep "$2" >/dev/null 2>&1 || result=1 + return $result +} + +# Utility method to check if the string passed (usually a connection url) corresponds to this machine itself +# Failure conditions: None +# Parameters: +## $1: string to check against +# Depends on global: none +# Updates global: IS_LOCALHOST with value "yes/no" +# Returns: NA + +io_getIsLocalhost() { + logSilly "Method ${FUNCNAME[0]}" + IS_LOCALHOST="$FLAG_N" + local inputString="$1" + logDebug "Parsing [$inputString] to check if we are dealing with this machine itself" + + io_hasMatch "$inputString" "localhost" && { + logDebug "Found localhost. Returning [$FLAG_Y]" + IS_LOCALHOST="$FLAG_Y" && return; + } || logDebug "Did not find match for localhost" + + local hostIP=$(io_getPublicHostIP) + io_hasMatch "$inputString" "$hostIP" && { + logDebug "Found $hostIP. Returning [$FLAG_Y]" + IS_LOCALHOST="$FLAG_Y" && return; + } || logDebug "Did not find match for $hostIP" + + local hostID=$(io_getPublicHostID) + io_hasMatch "$inputString" "$hostID" && { + logDebug "Found $hostID. Returning [$FLAG_Y]" + IS_LOCALHOST="$FLAG_Y" && return; + } || logDebug "Did not find match for $hostID" + + local hostName=$(io_getPublicHostName) + io_hasMatch "$inputString" "$hostName" && { + logDebug "Found $hostName. Returning [$FLAG_Y]" + IS_LOCALHOST="$FLAG_Y" && return; + } || logDebug "Did not find match for $hostName" + +} + +# Usage: if [ "$(io_tarExists)" != "yes" ] +# IMPORTANT- DON'T ADD LOGGING to this method +io_tarExists() { + io_commandExists "tar" +} + +# IMPORTANT- DON'T ADD LOGGING to this method +io_getPublicHostIP() { + local OS_TYPE=$(uname) + local publicHostIP= + if [ "${OS_TYPE}" == "Darwin" ]; then + ipStatus=$(ifconfig en0 | grep "status" | awk '{print$2}') + if [ "${ipStatus}" == "active" ]; then + publicHostIP=$(ifconfig en0 | grep inet | grep -v inet6 | awk '{print $2}') + else + errorExit "Host IP could not be resolved!" + fi + elif [ "${OS_TYPE}" == "Linux" ]; then + publicHostIP=$(hostname -i 2>/dev/null || echo "127.0.0.1") + fi + publicHostIP=$(echo "${publicHostIP}" | awk '{print $1}') + echo -n "${publicHostIP}" +} + +# Will return the short host name (up to the first dot) +# IMPORTANT- DON'T ADD LOGGING to this method +io_getPublicHostName() { + echo -n "$(hostname -s)" +} + +# Will return the full host name (use this as much as possible) +# IMPORTANT- DON'T ADD LOGGING to this method +io_getPublicHostID() { + echo -n "$(hostname)" +} + +# Utility method to backup a file +# Failure conditions: NA +# Parameters: filePath +# Depends on global: none, +# Updates global: none +# Returns: NA +io_backupFile() { + logSilly "Method ${FUNCNAME[0]}" + fileName="$1" + if [ ! -f "${filePath}" ]; then + logDebug "No file: [${filePath}] to backup" + return + fi + dateTime=$(date +"%Y-%m-%d-%H-%M-%S") + targetFileName="${fileName}.backup.${dateTime}" + yes | \cp -f "$fileName" "${targetFileName}" + logger "File [${fileName}] backedup as [${targetFileName}]" +} + +# Reference https://stackoverflow.com/questions/4023830/how-to-compare-two-strings-in-dot-separated-version-format-in-bash/4025065#4025065 +is_number() { + case "$BASH_VERSION" in + 3.1.*) + PATTERN='\^\[0-9\]+\$' + ;; + *) + PATTERN='^[0-9]+$' + ;; + esac + + [[ "$1" =~ $PATTERN ]] +} + +io_compareVersions() { + if [[ $# != 2 ]] + then + echo "Usage: min_version current minimum" + return + fi + + A="${1%%.*}" + B="${2%%.*}" + + if [[ "$A" != "$1" && "$B" != "$2" && "$A" == "$B" ]] + then + io_compareVersions "${1#*.}" "${2#*.}" + else + if is_number "$A" && is_number "$B" + then + if [[ "$A" -eq "$B" ]]; then + echo "0" + elif [[ "$A" -gt "$B" ]]; then + echo "1" + elif [[ "$A" -lt "$B" ]]; then + echo "-1" + fi + fi + fi +} + +# Reference https://stackoverflow.com/questions/369758/how-to-trim-whitespace-from-a-bash-variable +# Strip all leading and trailing spaces +# IMPORTANT- DON'T ADD LOGGING to this method +io_trim() { + local var="$1" + # remove leading whitespace characters + var="${var#"${var%%[![:space:]]*}"}" + # remove trailing whitespace characters + var="${var%"${var##*[![:space:]]}"}" + echo -n "$var" +} + +# temporary function will be removing it ASAP +# search for string and replace text in file +replaceText_migration_hook () { + local regexString="$1" + local replaceText="$2" + local file="$3" + + if [[ "$(checkFileExists "${file}")" != "true" ]]; then + return + fi + if [[ $(uname) == "Darwin" ]]; then + sed -i '' -e "s/${regexString}/${replaceText}/" "${file}" || warn "Failed to replace the text in ${file}" + else + sed -i -e "s/${regexString}/${replaceText}/" "${file}" || warn "Failed to replace the text in ${file}" + fi +} + +# search for string and replace text in file +replaceText () { + local regexString="$1" + local replaceText="$2" + local file="$3" + + if [[ "$(checkFileExists "${file}")" != "true" ]]; then + return + fi + if [[ $(uname) == "Darwin" ]]; then + sed -i '' -e "s#${regexString}#${replaceText}#" "${file}" || warn "Failed to replace the text in ${file}" + else + sed -i -e "s#${regexString}#${replaceText}#" "${file}" || warn "Failed to replace the text in ${file}" + logDebug "Replaced [$regexString] with [$replaceText] in [$file]" + fi +} + +# search for string and prepend text in file +prependText () { + local regexString="$1" + local text="$2" + local file="$3" + + if [[ "$(checkFileExists "${file}")" != "true" ]]; then + return + fi + if [[ $(uname) == "Darwin" ]]; then + sed -i '' -e '/'"${regexString}"'/i\'$'\n\\'"${text}"''$'\n' "${file}" || warn "Failed to prepend the text in ${file}" + else + sed -i -e '/'"${regexString}"'/i\'$'\n\\'"${text}"''$'\n' "${file}" || warn "Failed to prepend the text in ${file}" + fi +} + +# add text to beginning of the file +addText () { + local text="$1" + local file="$2" + + if [[ "$(checkFileExists "${file}")" != "true" ]]; then + return + fi + if [[ $(uname) == "Darwin" ]]; then + sed -i '' -e '1s/^/'"${text}"'\'$'\n/' "${file}" || warn "Failed to add the text in ${file}" + else + sed -i -e '1s/^/'"${text}"'\'$'\n/' "${file}" || warn "Failed to add the text in ${file}" + fi +} + +io_replaceString () { + local value="$1" + local firstString="$2" + local secondString="$3" + local separator=${4:-"/"} + local updateValue= + if [[ $(uname) == "Darwin" ]]; then + updateValue=$(echo "${value}" | sed "s${separator}${firstString}${separator}${secondString}${separator}") + else + updateValue=$(echo "${value}" | sed "s${separator}${firstString}${separator}${secondString}${separator}") + fi + echo -n "${updateValue}" +} + +_findYQ() { + # logSilly "Method ${FUNCNAME[0]}" (Intentionally not logging. Does not add value) + local parentDir="$1" + if [ -z "$parentDir" ]; then + return + fi + logDebug "Executing command [find "${parentDir}" -name third-party -type d]" + local yq=$(find "${parentDir}" -name third-party -type d) + if [ -d "${yq}/yq" ]; then + export YQ_PATH="${yq}/yq" + fi +} + + +io_setYQPath() { + # logSilly "Method ${FUNCNAME[0]}" (Intentionally not logging. Does not add value) + if [ "$(io_commandExists 'yq')" == "yes" ]; then + return + fi + + if [ ! -z "${JF_PRODUCT_HOME}" ] && [ -d "${JF_PRODUCT_HOME}" ]; then + _findYQ "${JF_PRODUCT_HOME}" + fi + + if [ -z "${YQ_PATH}" ] && [ ! -z "${COMPOSE_HOME}" ] && [ -d "${COMPOSE_HOME}" ]; then + _findYQ "${COMPOSE_HOME}" + fi + # TODO We can remove this block after all the code is restructured. + if [ -z "${YQ_PATH}" ] && [ ! -z "${SCRIPT_HOME}" ] && [ -d "${SCRIPT_HOME}" ]; then + _findYQ "${SCRIPT_HOME}" + fi + +} + +io_getLinuxDistribution() { + LINUX_DISTRIBUTION= + + # Make sure running on Linux + [ $(uname -s) != "Linux" ] && return + + # Find out what Linux distribution we are on + + cat /etc/*-release | grep -i Red >/dev/null 2>&1 && LINUX_DISTRIBUTION=RedHat || true + + # OS 6.x + cat /etc/issue.net | grep Red >/dev/null 2>&1 && LINUX_DISTRIBUTION=RedHat || true + + # OS 7.x + cat /etc/*-release | grep -i centos >/dev/null 2>&1 && LINUX_DISTRIBUTION=CentOS && LINUX_DISTRIBUTION_VER="7" || true + + # OS 8.x + grep -q -i "release 8" /etc/redhat-release >/dev/null 2>&1 && LINUX_DISTRIBUTION_VER="8" || true + + # OS 7.x + grep -q -i "release 7" /etc/redhat-release >/dev/null 2>&1 && LINUX_DISTRIBUTION_VER="7" || true + + # OS 6.x + grep -q -i "release 6" /etc/redhat-release >/dev/null 2>&1 && LINUX_DISTRIBUTION_VER="6" || true + + cat /etc/*-release | grep -i Red | grep -i 'VERSION=7' >/dev/null 2>&1 && LINUX_DISTRIBUTION=RedHat && LINUX_DISTRIBUTION_VER="7" || true + + cat /etc/*-release | grep -i debian >/dev/null 2>&1 && LINUX_DISTRIBUTION=Debian || true + + cat /etc/*-release | grep -i ubuntu >/dev/null 2>&1 && LINUX_DISTRIBUTION=Ubuntu || true +} + +## Utility method to check ownership of folders/files +## Failure conditions: + ## If invoked with incorrect inputs - FATAL + ## If file is not owned by the user & group +## Parameters: + ## user + ## group + ## folder to chown +## Globals: none +## Returns: none +## NOTE: The method does NOTHING if the OS is Mac +io_checkOwner () { + logSilly "Method ${FUNCNAME[0]}" + local osType=$(uname) + + if [ "${osType}" != "Linux" ]; then + logDebug "Unsupported OS. Skipping check" + return 0 + fi + + local file_to_check=$1 + local user_id_to_check=$2 + + + if [ -z "$user_id_to_check" ] || [ -z "$file_to_check" ]; then + errorExit "Invalid invocation of method. Missing mandatory inputs" + fi + + local group_id_to_check=${3:-$user_id_to_check} + local check_user_name=${4:-"no"} + + logDebug "Checking permissions on [$file_to_check] for user [$user_id_to_check] & group [$group_id_to_check]" + + local stat= + + if [ "${check_user_name}" == "yes" ]; then + stat=( $(stat -Lc "%U %G" ${file_to_check}) ) + else + stat=( $(stat -Lc "%u %g" ${file_to_check}) ) + fi + + local user_id=${stat[0]} + local group_id=${stat[1]} + + if [[ "${user_id}" != "${user_id_to_check}" ]] || [[ "${group_id}" != "${group_id_to_check}" ]] ; then + logDebug "Ownership mismatch. [${file_to_check}] is not owned by [${user_id_to_check}:${group_id_to_check}]" + return 1 + else + return 0 + fi +} + +## Utility method to change ownership of a file/folder - NON recursive +## Failure conditions: + ## If invoked with incorrect inputs - FATAL + ## If chown operation fails - returns 1 +## Parameters: + ## user + ## group + ## file to chown +## Globals: none +## Returns: none +## NOTE: The method does NOTHING if the OS is Mac + +io_setOwnershipNonRecursive() { + + local osType=$(uname) + if [ "${osType}" != "Linux" ]; then + return + fi + + local targetFile=$1 + local user=$2 + + if [ -z "$user" ] || [ -z "$targetFile" ]; then + errorExit "Invalid invocation of method. Missing mandatory inputs" + fi + + local group=${3:-$user} + logDebug "Method ${FUNCNAME[0]}. Executing [chown ${user}:${group} ${targetFile}]" + chown ${user}:${group} ${targetFile} || return 1 +} + +## Utility method to change ownership of a file. +## IMPORTANT +## If being called on a folder, should ONLY be called for fresh folders or may cause performance issues +## Failure conditions: + ## If invoked with incorrect inputs - FATAL + ## If chown operation fails - returns 1 +## Parameters: + ## user + ## group + ## file to chown +## Globals: none +## Returns: none +## NOTE: The method does NOTHING if the OS is Mac + +io_setOwnership() { + + local osType=$(uname) + if [ "${osType}" != "Linux" ]; then + return + fi + + local targetFile=$1 + local user=$2 + + if [ -z "$user" ] || [ -z "$targetFile" ]; then + errorExit "Invalid invocation of method. Missing mandatory inputs" + fi + + local group=${3:-$user} + logDebug "Method ${FUNCNAME[0]}. Executing [chown -R ${user}:${group} ${targetFile}]" + chown -R ${user}:${group} ${targetFile} || return 1 +} + +## Utility method to create third party folder structure necessary for Postgres +## Failure conditions: +## If creation of directory or assigning permissions fails +## Parameters: none +## Globals: +## POSTGRESQL_DATA_ROOT +## Returns: none +## NOTE: The method does NOTHING if the folder already exists +io_createPostgresDir() { + logDebug "Method ${FUNCNAME[0]}" + [ -z "${POSTGRESQL_DATA_ROOT}" ] && return 0 + + logDebug "Property [${POSTGRESQL_DATA_ROOT}] exists. Proceeding" + + createDir "${POSTGRESQL_DATA_ROOT}/data" + io_setOwnership "${POSTGRESQL_DATA_ROOT}" "${POSTGRES_USER}" "${POSTGRES_USER}" || errorExit "Setting ownership of [${POSTGRESQL_DATA_ROOT}] to [${POSTGRES_USER}:${POSTGRES_USER}] failed" +} + +## Utility method to create third party folder structure necessary for Nginx +## Failure conditions: +## If creation of directory or assigning permissions fails +## Parameters: none +## Globals: +## NGINX_DATA_ROOT +## Returns: none +## NOTE: The method does NOTHING if the folder already exists +io_createNginxDir() { + logDebug "Method ${FUNCNAME[0]}" + [ -z "${NGINX_DATA_ROOT}" ] && return 0 + + logDebug "Property [${NGINX_DATA_ROOT}] exists. Proceeding" + + createDir "${NGINX_DATA_ROOT}" + io_setOwnership "${NGINX_DATA_ROOT}" "${NGINX_USER}" "${NGINX_GROUP}" || errorExit "Setting ownership of [${NGINX_DATA_ROOT}] to [${NGINX_USER}:${NGINX_GROUP}] failed" +} + +## Utility method to create third party folder structure necessary for ElasticSearch +## Failure conditions: +## If creation of directory or assigning permissions fails +## Parameters: none +## Globals: +## ELASTIC_DATA_ROOT +## Returns: none +## NOTE: The method does NOTHING if the folder already exists +io_createElasticSearchDir() { + logDebug "Method ${FUNCNAME[0]}" + [ -z "${ELASTIC_DATA_ROOT}" ] && return 0 + + logDebug "Property [${ELASTIC_DATA_ROOT}] exists. Proceeding" + + createDir "${ELASTIC_DATA_ROOT}/data" + io_setOwnership "${ELASTIC_DATA_ROOT}" "${ES_USER}" "${ES_USER}" || errorExit "Setting ownership of [${ELASTIC_DATA_ROOT}] to [${ES_USER}:${ES_USER}] failed" +} + +## Utility method to create third party folder structure necessary for Redis +## Failure conditions: +## If creation of directory or assigning permissions fails +## Parameters: none +## Globals: +## REDIS_DATA_ROOT +## Returns: none +## NOTE: The method does NOTHING if the folder already exists +io_createRedisDir() { + logDebug "Method ${FUNCNAME[0]}" + [ -z "${REDIS_DATA_ROOT}" ] && return 0 + + logDebug "Property [${REDIS_DATA_ROOT}] exists. Proceeding" + + createDir "${REDIS_DATA_ROOT}" + io_setOwnership "${REDIS_DATA_ROOT}" "${REDIS_USER}" "${REDIS_USER}" || errorExit "Setting ownership of [${REDIS_DATA_ROOT}] to [${REDIS_USER}:${REDIS_USER}] failed" +} + +## Utility method to create third party folder structure necessary for Mongo +## Failure conditions: +## If creation of directory or assigning permissions fails +## Parameters: none +## Globals: +## MONGODB_DATA_ROOT +## Returns: none +## NOTE: The method does NOTHING if the folder already exists +io_createMongoDir() { + logDebug "Method ${FUNCNAME[0]}" + [ -z "${MONGODB_DATA_ROOT}" ] && return 0 + + logDebug "Property [${MONGODB_DATA_ROOT}] exists. Proceeding" + + createDir "${MONGODB_DATA_ROOT}/logs" + createDir "${MONGODB_DATA_ROOT}/configdb" + createDir "${MONGODB_DATA_ROOT}/db" + io_setOwnership "${MONGODB_DATA_ROOT}" "${MONGO_USER}" "${MONGO_USER}" || errorExit "Setting ownership of [${MONGODB_DATA_ROOT}] to [${MONGO_USER}:${MONGO_USER}] failed" +} + +## Utility method to create third party folder structure necessary for RabbitMQ +## Failure conditions: +## If creation of directory or assigning permissions fails +## Parameters: none +## Globals: +## RABBITMQ_DATA_ROOT +## Returns: none +## NOTE: The method does NOTHING if the folder already exists +io_createRabbitMQDir() { + logDebug "Method ${FUNCNAME[0]}" + [ -z "${RABBITMQ_DATA_ROOT}" ] && return 0 + + logDebug "Property [${RABBITMQ_DATA_ROOT}] exists. Proceeding" + + createDir "${RABBITMQ_DATA_ROOT}" + io_setOwnership "${RABBITMQ_DATA_ROOT}" "${RABBITMQ_USER}" "${RABBITMQ_USER}" || errorExit "Setting ownership of [${RABBITMQ_DATA_ROOT}] to [${RABBITMQ_USER}:${RABBITMQ_USER}] failed" +} + +# Add or replace a property in provided properties file +addOrReplaceProperty() { + local propertyName=$1 + local propertyValue=$2 + local propertiesPath=$3 + local delimiter=${4:-"="} + + # Return if any of the inputs are empty + [[ -z "$propertyName" || "$propertyName" == "" ]] && return + [[ -z "$propertyValue" || "$propertyValue" == "" ]] && return + [[ -z "$propertiesPath" || "$propertiesPath" == "" ]] && return + + grep "^${propertyName}\s*${delimiter}.*$" ${propertiesPath} > /dev/null 2>&1 + [ $? -ne 0 ] && echo -e "\n${propertyName}${delimiter}${propertyValue}" >> ${propertiesPath} + sed -i -e "s|^${propertyName}\s*${delimiter}.*$|${propertyName}${delimiter}${propertyValue}|g;" ${propertiesPath} +} + +# Set property only if its not set +io_setPropertyNoOverride(){ + local propertyName=$1 + local propertyValue=$2 + local propertiesPath=$3 + + # Return if any of the inputs are empty + [[ -z "$propertyName" || "$propertyName" == "" ]] && return + [[ -z "$propertyValue" || "$propertyValue" == "" ]] && return + [[ -z "$propertiesPath" || "$propertiesPath" == "" ]] && return + + grep "^${propertyName}:" ${propertiesPath} > /dev/null 2>&1 + if [ $? -ne 0 ]; then + echo -e "${propertyName}: ${propertyValue}" >> ${propertiesPath} || warn "Setting property ${propertyName}: ${propertyValue} in [ ${propertiesPath} ] failed" + else + logger "Skipping update of property : ${propertyName}" >&6 + fi +} + +# Add a line to a file if it doesn't already exist +addLine() { + local line_to_add=$1 + local target_file=$2 + logger "Trying to add line $1 to $2" >&6 2>&1 + cat "$target_file" | grep -F "$line_to_add" -wq >&6 2>&1 + if [ $? != 0 ]; then + logger "Line does not exist and will be added" >&6 2>&1 + echo $line_to_add >> $target_file || errorExit "Could not update $target_file" + fi +} + +# Utility method to check if a value (first paramter) exists in an array (2nd parameter) +# 1st parameter "value to find" +# 2nd parameter "The array to search in. Please pass a string with each value separated by space" +# Example: containsElement "y" "y Y n N" +containsElement () { + local searchElement=$1 + local searchArray=($2) + local found=1 + for elementInIndex in "${searchArray[@]}";do + if [[ $elementInIndex == $searchElement ]]; then + found=0 + fi + done + return $found +} + +# Utility method to get user's choice +# 1st parameter "what to ask the user" +# 2nd parameter "what choices to accept, separated by spaces" +# 3rd parameter "what is the default choice (to use if the user simply presses Enter)" +# Example 'getUserChoice "Are you feeling lucky? Punk!" "y n Y N" "y"' +getUserChoice(){ + configureLogOutput + read_timeout=${read_timeout:-0.5} + local choice="na" + local text_to_display=$1 + local choices=$2 + local default_choice=$3 + users_choice= + + until containsElement "$choice" "$choices"; do + echo "";echo ""; + sleep $read_timeout #This ensures correct placement of the question. + read -p "$text_to_display :" choice + : ${choice:=$default_choice} + done + users_choice=$choice + echo -e "\n$text_to_display: $users_choice" >&6 + sleep $read_timeout #This ensures correct logging +} + +setFilePermission () { + local permission=$1 + local file=$2 + chmod "${permission}" "${file}" || warn "Setting permission ${permission} to file [ ${file} ] failed" +} + + +#setting required paths +setAppDir (){ + SCRIPT_DIR=$(dirname $0) + SCRIPT_HOME="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" + APP_DIR="`cd "${SCRIPT_HOME}";pwd`" +} + +ZIP_TYPE="zip" +COMPOSE_TYPE="compose" +HELM_TYPE="helm" +RPM_TYPE="rpm" +DEB_TYPE="debian" + +sourceScript () { + local file="$1" + + [ ! -z "${file}" ] || errorExit "target file is not passed to source a file" + + if [ ! -f "${file}" ]; then + errorExit "${file} file is not found" + else + source "${file}" || errorExit "Unable to source ${file}, please check if the user ${USER} has permissions to perform this action" + fi +} +# Source required helpers +initHelpers () { + local systemYamlHelper="${APP_DIR}/systemYamlHelper.sh" + local thirdPartyDir=$(find ${APP_DIR}/.. -name third-party -type d) + export YQ_PATH="${thirdPartyDir}/yq" + LIBXML2_PATH="${thirdPartyDir}/libxml2/bin/xmllint" + export LD_LIBRARY_PATH="${thirdPartyDir}/libxml2/lib" + sourceScript "${systemYamlHelper}" +} +# Check migration info yaml file available in the path +checkMigrationInfoYaml () { + + if [[ -f "${APP_DIR}/migrationHelmInfo.yaml" ]]; then + MIGRATION_SYSTEM_YAML_INFO="${APP_DIR}/migrationHelmInfo.yaml" + INSTALLER="${HELM_TYPE}" + elif [[ -f "${APP_DIR}/migrationZipInfo.yaml" ]]; then + MIGRATION_SYSTEM_YAML_INFO="${APP_DIR}/migrationZipInfo.yaml" + INSTALLER="${ZIP_TYPE}" + elif [[ -f "${APP_DIR}/migrationRpmInfo.yaml" ]]; then + MIGRATION_SYSTEM_YAML_INFO="${APP_DIR}/migrationRpmInfo.yaml" + INSTALLER="${RPM_TYPE}" + elif [[ -f "${APP_DIR}/migrationDebInfo.yaml" ]]; then + MIGRATION_SYSTEM_YAML_INFO="${APP_DIR}/migrationDebInfo.yaml" + INSTALLER="${DEB_TYPE}" + elif [[ -f "${APP_DIR}/migrationComposeInfo.yaml" ]]; then + MIGRATION_SYSTEM_YAML_INFO="${APP_DIR}/migrationComposeInfo.yaml" + INSTALLER="${COMPOSE_TYPE}" + else + errorExit "File migration Info yaml does not exist in [${APP_DIR}]" + fi +} + +retrieveYamlValue () { + local yamlPath="$1" + local value="$2" + local output="$3" + local message="$4" + + [[ -z "${yamlPath}" ]] && errorExit "yamlPath is mandatory to get value from ${MIGRATION_SYSTEM_YAML_INFO}" + + getYamlValue "${yamlPath}" "${MIGRATION_SYSTEM_YAML_INFO}" "false" + value="${YAML_VALUE}" + if [[ -z "${value}" ]]; then + if [[ "${output}" == "Warning" ]]; then + warn "Empty value for ${yamlPath} in [${MIGRATION_SYSTEM_YAML_INFO}]" + elif [[ "${output}" == "Skip" ]]; then + return + else + errorExit "${message}" + fi + fi +} + +checkEnv () { + + if [[ "${INSTALLER}" == "${ZIP_TYPE}" ]]; then + # check Environment JF_PRODUCT_HOME is set before migration + NEW_DATA_DIR="$(evalVariable "NEW_DATA_DIR" "JF_PRODUCT_HOME")" + if [[ -z "${NEW_DATA_DIR}" ]]; then + errorExit "Environment variable JF_PRODUCT_HOME is not set, this is required to perform Migration" + fi + # appending var directory to $JF_PRODUCT_HOME + NEW_DATA_DIR="${NEW_DATA_DIR}/var" + elif [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then + getCustomDataDir_hook + NEW_DATA_DIR="${OLD_DATA_DIR}" + if [[ -z "${NEW_DATA_DIR}" ]] && [[ -z "${OLD_DATA_DIR}" ]]; then + errorExit "Could not find ${PROMPT_DATA_DIR_LOCATION} to perform Migration" + fi + else + # check Environment JF_ROOT_DATA_DIR is set before migration + OLD_DATA_DIR="$(evalVariable "OLD_DATA_DIR" "JF_ROOT_DATA_DIR")" + # check Environment JF_ROOT_DATA_DIR is set before migration + NEW_DATA_DIR="$(evalVariable "NEW_DATA_DIR" "JF_ROOT_DATA_DIR")" + if [[ -z "${NEW_DATA_DIR}" ]] && [[ -z "${OLD_DATA_DIR}" ]]; then + errorExit "Could not find ${PROMPT_DATA_DIR_LOCATION} to perform Migration" + fi + # appending var directory to $JF_PRODUCT_HOME + NEW_DATA_DIR="${NEW_DATA_DIR}/var" + fi + +} + +getDataDir () { + + if [[ "${INSTALLER}" == "${ZIP_TYPE}" || "${INSTALLER}" == "${COMPOSE_TYPE}"|| "${INSTALLER}" == "${HELM_TYPE}" ]]; then + checkEnv + else + getCustomDataDir_hook + NEW_DATA_DIR="`cd "${APP_DIR}"/../../;pwd`" + NEW_DATA_DIR="${NEW_DATA_DIR}/var" + fi +} + +# Retrieve Product name from MIGRATION_SYSTEM_YAML_INFO +getProduct () { + retrieveYamlValue "migration.product" "${YAML_VALUE}" "Fail" "Empty value under ${yamlPath} in [${MIGRATION_SYSTEM_YAML_INFO}]" + PRODUCT="${YAML_VALUE}" + PRODUCT=$(echo "${PRODUCT}" | tr '[:upper:]' '[:lower:]' 2>/dev/null) + if [[ "${PRODUCT}" != "artifactory" && "${PRODUCT}" != "distribution" && "${PRODUCT}" != "xray" ]]; then + errorExit "migration.product in [${MIGRATION_SYSTEM_YAML_INFO}] is not correct, please set based on product as ARTIFACTORY or DISTRIBUTION" + fi + if [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then + JF_USER="${PRODUCT}" + fi +} +# Compare product version with minProductVersion and maxProductVersion +migrateCheckVersion () { + local productVersion="$1" + local minProductVersion="$2" + local maxProductVersion="$3" + local productVersion618="6.18.0" + local unSupportedProductVersions7=("7.2.0 7.2.1") + + if [[ "$(io_compareVersions "${productVersion}" "${maxProductVersion}")" -eq 0 || "$(io_compareVersions "${productVersion}" "${maxProductVersion}")" -eq 1 ]]; then + logger "Migration not necessary. ${PRODUCT} is already ${productVersion}" + exit 11 + elif [[ "$(io_compareVersions "${productVersion}" "${minProductVersion}")" -eq 0 || "$(io_compareVersions "${productVersion}" "${minProductVersion}")" -eq 1 ]]; then + if [[ ("$(io_compareVersions "${productVersion}" "${productVersion618}")" -eq 0 || "$(io_compareVersions "${productVersion}" "${productVersion618}")" -eq 1) && " ${unSupportedProductVersions7[@]} " =~ " ${CURRENT_VERSION} " ]]; then + touch /tmp/error; + errorExit "Current ${PRODUCT} version (${productVersion}) does not support migration to ${CURRENT_VERSION}" + else + bannerStart "Detected ${PRODUCT} ${productVersion}, initiating migration" + fi + else + logger "Current ${PRODUCT} ${productVersion} version is not supported for migration" + exit 1 + fi +} + +getProductVersion () { + local minProductVersion="$1" + local maxProductVersion="$2" + local newfilePath="$3" + local oldfilePath="$4" + local propertyInDocker="$5" + local property="$6" + local productVersion= + local status= + + if [[ "$INSTALLER" == "${COMPOSE_TYPE}" ]]; then + if [[ -f "${oldfilePath}" ]]; then + if [[ "${PRODUCT}" == "artifactory" ]]; then + productVersion="$(readKey "${property}" "${oldfilePath}")" + else + productVersion="$(cat "${oldfilePath}")" + fi + status="success" + elif [[ -f "${newfilePath}" ]]; then + productVersion="$(readKey "${propertyInDocker}" "${newfilePath}")" + status="fail" + else + logger "File [${oldfilePath}] or [${newfilePath}] not found to get current version." + exit 0 + fi + elif [[ "$INSTALLER" == "${HELM_TYPE}" ]]; then + if [[ -f "${oldfilePath}" ]]; then + if [[ "${PRODUCT}" == "artifactory" ]]; then + productVersion="$(readKey "${property}" "${oldfilePath}")" + else + productVersion="$(cat "${oldfilePath}")" + fi + status="success" + else + productVersion="${CURRENT_VERSION}" + [[ -z "${productVersion}" || "${productVersion}" == "" ]] && logger "${PRODUCT} CURRENT_VERSION is not set" && exit 0 + fi + else + if [[ -f "${newfilePath}" ]]; then + productVersion="$(readKey "${property}" "${newfilePath}")" + status="fail" + elif [[ -f "${oldfilePath}" ]]; then + productVersion="$(readKey "${property}" "${oldfilePath}")" + status="success" + else + if [[ "${INSTALLER}" == "${ZIP_TYPE}" ]]; then + logger "File [${newfilePath}] not found to get current version." + else + logger "File [${oldfilePath}] or [${newfilePath}] not found to get current version." + fi + exit 0 + fi + fi + if [[ -z "${productVersion}" || "${productVersion}" == "" ]]; then + [[ "${status}" == "success" ]] && logger "No version found in file [${oldfilePath}]." + [[ "${status}" == "fail" ]] && logger "No version found in file [${newfilePath}]." + exit 0 + fi + + migrateCheckVersion "${productVersion}" "${minProductVersion}" "${maxProductVersion}" +} + +readKey () { + local property="$1" + local file="$2" + local version= + + while IFS='=' read -r key value || [ -n "${key}" ]; + do + [[ ! "${key}" =~ \#.* && ! -z "${key}" && ! -z "${value}" ]] + key="$(io_trim "${key}")" + if [[ "${key}" == "${property}" ]]; then + version="${value}" && check=true && break + else + check=false + fi + done < "${file}" + if [[ "${check}" == "false" ]]; then + return + fi + echo "${version}" +} + +# create Log directory +createLogDir () { + if [[ "${INSTALLER}" == "${DEB_TYPE}" || "${INSTALLER}" == "${RPM_TYPE}" ]]; then + getUserAndGroupFromFile + removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/log" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" + fi +} + +# Creating migration log file +creationMigrateLog () { + local LOG_FILE_NAME="migration.log" + createLogDir + local MIGRATION_LOG_FILE="${NEW_DATA_DIR}/log/${LOG_FILE_NAME}" + if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then + MIGRATION_LOG_FILE="${SCRIPT_HOME}/${LOG_FILE_NAME}" + fi + touch "${MIGRATION_LOG_FILE}" + setFilePermission "${LOG_FILE_PERMISSION}" "${MIGRATION_LOG_FILE}" + exec &> >(tee -a "${MIGRATION_LOG_FILE}") +} +# Set path where system.yaml should create +setSystemYamlPath () { + SYSTEM_YAML_PATH="${NEW_DATA_DIR}/etc/system.yaml" + if [[ "${INSTALLER}" != "${HELM_TYPE}" ]]; then + logger "system.yaml will be created in path [${SYSTEM_YAML_PATH}]" + fi +} +# Create directory +createDirectory () { + local directory="$1" + local output="$2" + local check=false + local message="Could not create directory ${directory}, please check if the user ${USER} has permissions to perform this action" + removeSoftLink "${directory}" + mkdir -p "${directory}" && check=true || check=false + if [[ "${check}" == "false" ]]; then + if [[ "${output}" == "Warning" ]]; then + warn "${message}" + else + errorExit "${message}" + fi + fi + setOwnershipBasedOnInstaller "${directory}" +} + +setOwnershipBasedOnInstaller () { + local directory="$1" + if [[ "${INSTALLER}" == "${DEB_TYPE}" || "${INSTALLER}" == "${RPM_TYPE}" ]]; then + getUserAndGroupFromFile + chown -R ${USER_TO_CHECK}:${GROUP_TO_CHECK} "${directory}" || warn "Setting ownership on $directory failed" + elif [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then + io_setOwnership "${directory}" "${JF_USER}" "${JF_USER}" + fi +} + +getUserAndGroup () { + local file="$1" + read uid gid <<<$(stat -c '%U %G' ${file}) + USER_TO_CHECK="${uid}" + GROUP_TO_CHECK="${gid}" +} + +# set ownership +getUserAndGroupFromFile () { + case $PRODUCT in + artifactory) + getUserAndGroup "/etc/opt/jfrog/artifactory/artifactory.properties" + ;; + distribution) + getUserAndGroup "${OLD_DATA_DIR}/etc/versions.properties" + ;; + xray) + getUserAndGroup "${OLD_DATA_DIR}/security/master.key" + ;; + esac +} + +# creating required directories +createRequiredDirs () { + bannerSubSection "CREATING REQUIRED DIRECTORIES" + if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then + removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/etc/security" "${JF_USER}" "${JF_USER}" "yes" + removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/data" "${JF_USER}" "${JF_USER}" "yes" + removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/log/archived" "${JF_USER}" "${JF_USER}" "yes" + removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/work" "${JF_USER}" "${JF_USER}" "yes" + removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/backup" "${JF_USER}" "${JF_USER}" "yes" + io_setOwnership "${NEW_DATA_DIR}" "${JF_USER}" "${JF_USER}" + if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" ]]; then + removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/data/postgres" "${POSTGRES_USER}" "${POSTGRES_USER}" "yes" + fi + elif [[ "${INSTALLER}" == "${DEB_TYPE}" || "${INSTALLER}" == "${RPM_TYPE}" ]]; then + getUserAndGroupFromFile + removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/etc" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" "yes" + removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/etc/security" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" "yes" + removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/data" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" "yes" + removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/log/archived" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" "yes" + removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/work" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" "yes" + removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/backup" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" "yes" + fi +} + +# Check entry in map is format +checkMapEntry () { + local entry="$1" + + [[ "${entry}" != *"="* ]] && echo -n "false" || echo -n "true" +} +# Check value Empty and warn +warnIfEmpty () { + local filePath="$1" + local yamlPath="$2" + local check= + + if [[ -z "${filePath}" ]]; then + warn "Empty value in yamlpath [${yamlPath} in [${MIGRATION_SYSTEM_YAML_INFO}]" + check=false + else + check=true + fi + echo "${check}" +} + +logCopyStatus () { + local status="$1" + local logMessage="$2" + local warnMessage="$3" + + [[ "${status}" == "success" ]] && logger "${logMessage}" + [[ "${status}" == "fail" ]] && warn "${warnMessage}" +} +# copy contents from source to destination +copyCmd () { + local source="$1" + local target="$2" + local mode="$3" + local status= + + case $mode in + unique) + cp -up "${source}"/* "${target}"/ && status="success" || status="fail" + logCopyStatus "${status}" "Successfully copied directory contents from [${source}] to [${target}]" "Failed to copy directory contents from [${source}] to [${target}]" + ;; + specific) + cp -pf "${source}" "${target}"/ && status="success" || status="fail" + logCopyStatus "${status}" "Successfully copied file [${source}] to [${target}]" "Failed to copy file [${source}] to [${target}]" + ;; + patternFiles) + cp -pf "${source}"* "${target}"/ && status="success" || status="fail" + logCopyStatus "${status}" "Successfully copied files matching [${source}*] to [${target}]" "Failed to copy files matching [${source}*] to [${target}]" + ;; + full) + cp -prf "${source}"/* "${target}"/ && status="success" || status="fail" + logCopyStatus "${status}" "Successfully copied directory contents from [${source}] to [${target}]" "Failed to copy directory contents from [${source}] to [${target}]" + ;; + esac +} +# Check contents exist in source before copying +copyOnContentExist () { + local source="$1" + local target="$2" + local mode="$3" + + if [[ "$(checkContentExists "${source}")" == "true" ]]; then + copyCmd "${source}" "${target}" "${mode}" + else + logger "No contents to copy from [${source}]" + fi +} + +# move source to destination +moveCmd () { + local source="$1" + local target="$2" + local status= + + mv -f "${source}" "${target}" && status="success" || status="fail" + [[ "${status}" == "success" ]] && logger "Successfully moved directory [${source}] to [${target}]" + [[ "${status}" == "fail" ]] && warn "Failed to move directory [${source}] to [${target}]" +} + +# symlink target to source +symlinkCmd () { + local source="$1" + local target="$2" + local symlinkSubDir="$3" + local check=false + + if [[ "${symlinkSubDir}" == "subDir" ]]; then + ln -sf "${source}"/* "${target}" && check=true || check=false + else + ln -sf "${source}" "${target}" && check=true || check=false + fi + + [[ "${check}" == "true" ]] && logger "Successfully symlinked directory [${target}] to old [${source}]" + [[ "${check}" == "false" ]] && warn "Symlink operation failed" +} +# Check contents exist in source before symlinking +symlinkOnExist () { + local source="$1" + local target="$2" + local symlinkSubDir="$3" + + if [[ "$(checkContentExists "${source}")" == "true" ]]; then + if [[ "${symlinkSubDir}" == "subDir" ]]; then + symlinkCmd "${source}" "${target}" "subDir" + else + symlinkCmd "${source}" "${target}" + fi + else + logger "No contents to symlink from [${source}]" + fi +} + +prependDir () { + local absolutePath="$1" + local fullPath="$2" + local sourcePath= + + if [[ "${absolutePath}" = \/* ]]; then + sourcePath="${absolutePath}" + else + sourcePath="${fullPath}" + fi + echo "${sourcePath}" +} + +getFirstEntry (){ + local entry="$1" + + [[ -z "${entry}" ]] && return + echo "${entry}" | awk -F"=" '{print $1}' +} + +getSecondEntry () { + local entry="$1" + + [[ -z "${entry}" ]] && return + echo "${entry}" | awk -F"=" '{print $2}' +} +# To get absolutePath +pathResolver () { + local directoryPath="$1" + local dataDir= + + if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then + retrieveYamlValue "migration.oldDataDir" "oldDataDir" "Warning" + dataDir="${YAML_VALUE}" + cd "${dataDir}" + else + cd "${OLD_DATA_DIR}" + fi + absoluteDir="`cd "${directoryPath}";pwd`" + echo "${absoluteDir}" +} + +checkPathResolver () { + local value="$1" + + if [[ "${value}" == \/* ]]; then + value="${value}" + else + value="$(pathResolver "${value}")" + fi + echo "${value}" +} + +propertyMigrate () { + local entry="$1" + local filePath="$2" + local fileName="$3" + local check=false + + local yamlPath="$(getFirstEntry "${entry}")" + local property="$(getSecondEntry "${entry}")" + if [[ -z "${property}" ]]; then + warn "Property is empty in map [${entry}] in the file [${MIGRATION_SYSTEM_YAML_INFO}]" + return + fi + if [[ -z "${yamlPath}" ]]; then + warn "yamlPath is empty for [${property}] in [${MIGRATION_SYSTEM_YAML_INFO}]" + return + fi + while IFS='=' read -r key value || [ -n "${key}" ]; + do + [[ ! "${key}" =~ \#.* && ! -z "${key}" && ! -z "${value}" ]] + key="$(io_trim "${key}")" + if [[ "${key}" == "${property}" ]]; then + if [[ "${PRODUCT}" == "artifactory" ]]; then + value="$(migrateResolveDerbyPath "${key}" "${value}")" + value="$(migrateResolveHaDirPath "${key}" "${value}")" + value="$(updatePostgresUrlString_Hook "${yamlPath}" "${value}")" + fi + if [[ "${key}" == "context.url" ]]; then + local ip=$(echo "${value}" | awk -F/ '{print $3}' | sed 's/:.*//') + setSystemValue "shared.node.ip" "${ip}" "${SYSTEM_YAML_PATH}" + logger "Setting [shared.node.ip] with [${ip}] in system.yaml" + fi + setSystemValue "${yamlPath}" "${value}" "${SYSTEM_YAML_PATH}" && logger "Setting [${yamlPath}] with value of the property [${property}] in system.yaml" && check=true && break || check=false + fi + done < "${NEW_DATA_DIR}/${filePath}/${fileName}" + [[ "${check}" == "false" ]] && logger "Property [${property}] not found in file [${fileName}]" +} + +setHaEnabled_hook () { + echo "" +} + +migratePropertiesFiles () { + local fileList= + local filePath= + local fileName= + local map= + + retrieveYamlValue "migration.propertyFiles.files" "fileList" "Skip" + fileList="${YAML_VALUE}" + if [[ -z "${fileList}" ]]; then + return + fi + bannerSection "PROCESSING MIGRATION OF PROPERTY FILES" + for file in ${fileList}; + do + bannerSubSection "Processing Migration of $file" + retrieveYamlValue "migration.propertyFiles.$file.filePath" "filePath" "Warning" + filePath="${YAML_VALUE}" + retrieveYamlValue "migration.propertyFiles.$file.fileName" "fileName" "Warning" + fileName="${YAML_VALUE}" + [[ -z "${filePath}" && -z "${fileName}" ]] && continue + if [[ "$(checkFileExists "${NEW_DATA_DIR}/${filePath}/${fileName}")" == "true" ]]; then + logger "File [${fileName}] found in path [${NEW_DATA_DIR}/${filePath}]" + # setting haEnabled with true only if ha-node.properties is present + setHaEnabled_hook "${filePath}" + retrieveYamlValue "migration.propertyFiles.$file.map" "map" "Warning" + map="${YAML_VALUE}" + [[ -z "${map}" ]] && continue + for entry in $map; + do + if [[ "$(checkMapEntry "${entry}")" == "true" ]]; then + propertyMigrate "${entry}" "${filePath}" "${fileName}" + else + warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e yamlPath=property" + fi + done + else + logger "File [${fileName}] was not found in path [${NEW_DATA_DIR}/${filePath}] to migrate" + fi + done +} + +createTargetDir () { + local mountDir="$1" + local target="$2" + + logger "Target directory not found [${mountDir}/${target}], creating it" + createDirectoryRecursive "${mountDir}" "${target}" "Warning" +} + +createDirectoryRecursive () { + local mountDir="$1" + local target="$2" + local output="$3" + local check=false + local message="Could not create directory ${directory}, please check if the user ${USER} has permissions to perform this action" + removeSoftLink "${mountDir}/${target}" + local directory=$(echo "${target}" | tr '/' ' ' ) + local targetDir="${mountDir}" + for dir in ${directory}; + do + targetDir="${targetDir}/${dir}" + mkdir -p "${targetDir}" && check=true || check=false + setOwnershipBasedOnInstaller "${targetDir}" + done + if [[ "${check}" == "false" ]]; then + if [[ "${output}" == "Warning" ]]; then + warn "${message}" + else + errorExit "${message}" + fi + fi +} + +copyOperation () { + local source="$1" + local target="$2" + local mode="$3" + local check=false + local targetDataDir= + local targetLink= + local date= + + # prepend OLD_DATA_DIR only if source is relative path + source="$(prependDir "${source}" "${OLD_DATA_DIR}/${source}")" + if [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then + targetDataDir="${NEW_DATA_DIR}" + else + targetDataDir="`cd "${NEW_DATA_DIR}"/../;pwd`" + fi + copyLogMessage "${mode}" + #remove source if it is a symlink + if [[ -L "${source}" ]]; then + targetLink=$(readlink -f "${source}") + logger "Removing the symlink [${source}] pointing to [${targetLink}]" + rm -f "${source}" + source=${targetLink} + fi + if [[ "$(checkDirExists "${source}")" != "true" ]]; then + logger "Source [${source}] directory not found in path" + return + fi + if [[ "$(checkDirContents "${source}")" != "true" ]]; then + logger "No contents to copy from [${source}]" + return + fi + if [[ "$(checkDirExists "${targetDataDir}/${target}")" != "true" ]]; then + createTargetDir "${targetDataDir}" "${target}" + fi + copyOnContentExist "${source}" "${targetDataDir}/${target}" "${mode}" +} + +copySpecificFiles () { + local source="$1" + local target="$2" + local mode="$3" + + # prepend OLD_DATA_DIR only if source is relative path + source="$(prependDir "${source}" "${OLD_DATA_DIR}/${source}")" + if [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then + targetDataDir="${NEW_DATA_DIR}" + else + targetDataDir="`cd "${NEW_DATA_DIR}"/../;pwd`" + fi + copyLogMessage "${mode}" + if [[ "$(checkFileExists "${source}")" != "true" ]]; then + logger "Source file [${source}] does not exist in path" + return + fi + if [[ "$(checkDirExists "${targetDataDir}/${target}")" != "true" ]]; then + createTargetDir "${targetDataDir}" "${target}" + fi + copyCmd "${source}" "${targetDataDir}/${target}" "${mode}" +} + +copyPatternMatchingFiles () { + local source="$1" + local target="$2" + local mode="$3" + local sourcePath="${4}" + + # prepend OLD_DATA_DIR only if source is relative path + sourcePath="$(prependDir "${sourcePath}" "${OLD_DATA_DIR}/${sourcePath}")" + if [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then + targetDataDir="${NEW_DATA_DIR}" + else + targetDataDir="`cd "${NEW_DATA_DIR}"/../;pwd`" + fi + copyLogMessage "${mode}" + if [[ "$(checkDirExists "${sourcePath}")" != "true" ]]; then + logger "Source [${sourcePath}] directory not found in path" + return + fi + if ls "${sourcePath}/${source}"* 1> /dev/null 2>&1; then + if [[ "$(checkDirExists "${targetDataDir}/${target}")" != "true" ]]; then + createTargetDir "${targetDataDir}" "${target}" + fi + copyCmd "${sourcePath}/${source}" "${targetDataDir}/${target}" "${mode}" + else + logger "Source file [${sourcePath}/${source}*] does not exist in path" + fi +} + +copyLogMessage () { + local mode="$1" + case $mode in + specific) + logger "Copy file [${source}] to target [${targetDataDir}/${target}]" + ;; + patternFiles) + logger "Copy files matching [${sourcePath}/${source}*] to target [${targetDataDir}/${target}]" + ;; + full) + logger "Copy directory contents from source [${source}] to target [${targetDataDir}/${target}]" + ;; + unique) + logger "Copy directory contents from source [${source}] to target [${targetDataDir}/${target}]" + ;; + esac +} + +copyBannerMessages () { + local mode="$1" + local textMode="$2" + case $mode in + specific) + bannerSection "COPY ${textMode} FILES" + ;; + patternFiles) + bannerSection "COPY MATCHING ${textMode}" + ;; + full) + bannerSection "COPY ${textMode} DIRECTORIES CONTENTS" + ;; + unique) + bannerSection "COPY ${textMode} DIRECTORIES CONTENTS" + ;; + esac +} + +invokeCopyFunctions () { + local mode="$1" + local source="$2" + local target="$3" + + case $mode in + specific) + copySpecificFiles "${source}" "${target}" "${mode}" + ;; + patternFiles) + retrieveYamlValue "migration.${copyFormat}.sourcePath" "map" "Warning" + local sourcePath="${YAML_VALUE}" + copyPatternMatchingFiles "${source}" "${target}" "${mode}" "${sourcePath}" + ;; + full) + copyOperation "${source}" "${target}" "${mode}" + ;; + unique) + copyOperation "${source}" "${target}" "${mode}" + ;; + esac +} +# Copies contents from source directory and target directory +copyDataDirectories () { + local copyFormat="$1" + local mode="$2" + local map= + local source= + local target= + local textMode= + local targetDataDir= + local copyFormatValue= + + retrieveYamlValue "migration.${copyFormat}" "${copyFormat}" "Skip" + copyFormatValue="${YAML_VALUE}" + if [[ -z "${copyFormatValue}" ]]; then + return + fi + textMode=$(echo "${mode}" | tr '[:lower:]' '[:upper:]' 2>/dev/null) + copyBannerMessages "${mode}" "${textMode}" + retrieveYamlValue "migration.${copyFormat}.map" "map" "Warning" + map="${YAML_VALUE}" + if [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then + targetDataDir="${NEW_DATA_DIR}" + else + targetDataDir="`cd "${NEW_DATA_DIR}"/../;pwd`" + fi + for entry in $map; + do + if [[ "$(checkMapEntry "${entry}")" == "true" ]]; then + source="$(getSecondEntry "${entry}")" + target="$(getFirstEntry "${entry}")" + [[ -z "${source}" ]] && warn "source value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue + [[ -z "${target}" ]] && warn "target value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue + invokeCopyFunctions "${mode}" "${source}" "${target}" + else + warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e target=source" + fi + echo ""; + done +} + +invokeMoveFunctions () { + local source="$1" + local target="$2" + local sourceDataDir= + local targetBasename= + # prepend OLD_DATA_DIR only if source is relative path + sourceDataDir=$(prependDir "${source}" "${OLD_DATA_DIR}/${source}") + targetBasename=$(dirname "${target}") + logger "Moving directory source [${sourceDataDir}] to target [${NEW_DATA_DIR}/${target}]" + if [[ "$(checkDirExists "${sourceDataDir}")" != "true" ]]; then + logger "Directory [${sourceDataDir}] not found in path to move" + return + fi + if [[ "$(checkDirExists "${NEW_DATA_DIR}/${targetBasename}")" != "true" ]]; then + createTargetDir "${NEW_DATA_DIR}" "${targetBasename}" + moveCmd "${sourceDataDir}" "${NEW_DATA_DIR}/${target}" + else + moveCmd "${sourceDataDir}" "${NEW_DATA_DIR}/tempDir" + moveCmd "${NEW_DATA_DIR}/tempDir" "${NEW_DATA_DIR}/${target}" + fi +} + +# Move source directory and target directory +moveDirectories () { + local moveDataDirectories= + local map= + local source= + local target= + + retrieveYamlValue "migration.moveDirectories" "moveDirectories" "Skip" + moveDirectories="${YAML_VALUE}" + if [[ -z "${moveDirectories}" ]]; then + return + fi + bannerSection "MOVE DIRECTORIES" + retrieveYamlValue "migration.moveDirectories.map" "map" "Warning" + map="${YAML_VALUE}" + for entry in $map; + do + if [[ "$(checkMapEntry "${entry}")" == "true" ]]; then + source="$(getSecondEntry "${entry}")" + target="$(getFirstEntry "${entry}")" + [[ -z "${source}" ]] && warn "source value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue + [[ -z "${target}" ]] && warn "target value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue + invokeMoveFunctions "${source}" "${target}" + else + warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e target=source" + fi + echo ""; + done +} + +# Trim masterKey if its generated using hex 32 +trimMasterKey () { + local masterKeyDir=/opt/jfrog/artifactory/var/etc/security + local oldMasterKey=$(<${masterKeyDir}/master.key) + local oldMasterKey_Length=$(echo ${#oldMasterKey}) + local newMasterKey= + if [[ ${oldMasterKey_Length} -gt 32 ]]; then + bannerSection "TRIM MASTERKEY" + newMasterKey=$(echo ${oldMasterKey:0:32}) + cp ${masterKeyDir}/master.key ${masterKeyDir}/backup_master.key + logger "Original masterKey is backed up : ${masterKeyDir}/backup_master.key" + rm -rf ${masterKeyDir}/master.key + echo ${newMasterKey} > ${masterKeyDir}/master.key + logger "masterKey is trimmed : ${masterKeyDir}/master.key" + fi +} + +copyDirectories () { + + copyDataDirectories "copyFiles" "full" + copyDataDirectories "copyUniqueFiles" "unique" + copyDataDirectories "copySpecificFiles" "specific" + copyDataDirectories "copyPatternMatchingFiles" "patternFiles" +} + +symlinkDir () { + local source="$1" + local target="$2" + local targetDir= + local basename= + local targetParentDir= + + targetDir="$(dirname "${target}")" + if [[ "${targetDir}" == "${source}" ]]; then + # symlink the sub directories + createDirectory "${NEW_DATA_DIR}/${target}" "Warning" + if [[ "$(checkDirExists "${NEW_DATA_DIR}/${target}")" == "true" ]]; then + symlinkOnExist "${OLD_DATA_DIR}/${source}" "${NEW_DATA_DIR}/${target}" "subDir" + basename="$(basename "${target}")" + cd "${NEW_DATA_DIR}/${target}" && rm -f "${basename}" + fi + else + targetParentDir="$(dirname "${NEW_DATA_DIR}/${target}")" + createDirectory "${targetParentDir}" "Warning" + if [[ "$(checkDirExists "${targetParentDir}")" == "true" ]]; then + symlinkOnExist "${OLD_DATA_DIR}/${source}" "${NEW_DATA_DIR}/${target}" + fi + fi +} + +symlinkOperation () { + local source="$1" + local target="$2" + local check=false + local targetLink= + local date= + + # Check if source is a link and do symlink + if [[ -L "${OLD_DATA_DIR}/${source}" ]]; then + targetLink=$(readlink -f "${OLD_DATA_DIR}/${source}") + symlinkOnExist "${targetLink}" "${NEW_DATA_DIR}/${target}" + else + # check if source is directory and do symlink + if [[ "$(checkDirExists "${OLD_DATA_DIR}/${source}")" != "true" ]]; then + logger "Source [${source}] directory not found in path to symlink" + return + fi + if [[ "$(checkDirContents "${OLD_DATA_DIR}/${source}")" != "true" ]]; then + logger "No contents found in [${OLD_DATA_DIR}/${source}] to symlink" + return + fi + if [[ "$(checkDirExists "${NEW_DATA_DIR}/${target}")" != "true" ]]; then + logger "Target directory [${NEW_DATA_DIR}/${target}] does not exist to create symlink, creating it" + symlinkDir "${source}" "${target}" + else + rm -rf "${NEW_DATA_DIR}/${target}" && check=true || check=false + [[ "${check}" == "false" ]] && warn "Failed to remove contents in [${NEW_DATA_DIR}/${target}/]" + symlinkDir "${source}" "${target}" + fi + fi +} +# Creates a symlink path - Source directory to which the symbolic link should point. +symlinkDirectories () { + local linkFiles= + local map= + local source= + local target= + + retrieveYamlValue "migration.linkFiles" "linkFiles" "Skip" + linkFiles="${YAML_VALUE}" + if [[ -z "${linkFiles}" ]]; then + return + fi + bannerSection "SYMLINK DIRECTORIES" + retrieveYamlValue "migration.linkFiles.map" "map" "Warning" + map="${YAML_VALUE}" + for entry in $map; + do + if [[ "$(checkMapEntry "${entry}")" == "true" ]]; then + source="$(getSecondEntry "${entry}")" + target="$(getFirstEntry "${entry}")" + logger "Symlink directory [${NEW_DATA_DIR}/${target}] to old [${OLD_DATA_DIR}/${source}]" + [[ -z "${source}" ]] && warn "source value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue + [[ -z "${target}" ]] && warn "target value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue + symlinkOperation "${source}" "${target}" + else + warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e target=source" + fi + echo ""; + done +} + +updateConnectionString () { + local yamlPath="$1" + local value="$2" + local mongoPath="shared.mongo.url" + local rabbitmqPath="shared.rabbitMq.url" + local postgresPath="shared.database.url" + local redisPath="shared.redis.connectionString" + local mongoConnectionString="mongo.connectionString" + local sourceKey= + local hostIp=$(io_getPublicHostIP) + local hostKey= + + if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then + # Replace @postgres:,@mongodb:,@rabbitmq:,@redis: to @{hostIp}: (Compose Installer) + hostKey="@${hostIp}:" + case $yamlPath in + ${postgresPath}) + sourceKey="@postgres:" + value=$(io_replaceString "${value}" "${sourceKey}" "${hostKey}") + ;; + ${mongoPath}) + sourceKey="@mongodb:" + value=$(io_replaceString "${value}" "${sourceKey}" "${hostKey}") + ;; + ${rabbitmqPath}) + sourceKey="@rabbitmq:" + value=$(io_replaceString "${value}" "${sourceKey}" "${hostKey}") + ;; + ${redisPath}) + sourceKey="@redis:" + value=$(io_replaceString "${value}" "${sourceKey}" "${hostKey}") + ;; + ${mongoConnectionString}) + sourceKey="@mongodb:" + value=$(io_replaceString "${value}" "${sourceKey}" "${hostKey}") + ;; + esac + fi + echo -n "${value}" +} + +yamlMigrate () { + local entry="$1" + local sourceFile="$2" + local value= + local yamlPath= + local key= + yamlPath="$(getFirstEntry "${entry}")" + key="$(getSecondEntry "${entry}")" + if [[ -z "${key}" ]]; then + warn "key is empty in map [${entry}] in the file [${MIGRATION_SYSTEM_YAML_INFO}]" + return + fi + if [[ -z "${yamlPath}" ]]; then + warn "yamlPath is empty for [${key}] in [${MIGRATION_SYSTEM_YAML_INFO}]" + return + fi + getYamlValue "${key}" "${sourceFile}" "false" + value="${YAML_VALUE}" + if [[ ! -z "${value}" ]]; then + value=$(updateConnectionString "${yamlPath}" "${value}") + fi + if [[ "${PRODUCT}" == "artifactory" ]]; then + replicatorProfiling + fi + if [[ -z "${value}" ]]; then + logger "No value for [${key}] in [${sourceFile}]" + else + setSystemValue "${yamlPath}" "${value}" "${SYSTEM_YAML_PATH}" + logger "Setting [${yamlPath}] with value of the key [${key}] in system.yaml" + fi +} + +migrateYamlFile () { + local files= + local filePath= + local fileName= + local sourceFile= + local map= + retrieveYamlValue "migration.yaml.files" "files" "Skip" + files="${YAML_VALUE}" + if [[ -z "${files}" ]]; then + return + fi + bannerSection "MIGRATION OF YAML FILES" + for file in $files; + do + bannerSubSection "Processing Migration of $file" + retrieveYamlValue "migration.yaml.$file.filePath" "filePath" "Warning" + filePath="${YAML_VALUE}" + retrieveYamlValue "migration.yaml.$file.fileName" "fileName" "Warning" + fileName="${YAML_VALUE}" + [[ -z "${filePath}" && -z "${fileName}" ]] && continue + sourceFile="${NEW_DATA_DIR}/${filePath}/${fileName}" + if [[ "$(checkFileExists "${sourceFile}")" == "true" ]]; then + logger "File [${fileName}] found in path [${NEW_DATA_DIR}/${filePath}]" + retrieveYamlValue "migration.yaml.$file.map" "map" "Warning" + map="${YAML_VALUE}" + [[ -z "${map}" ]] && continue + for entry in $map; + do + if [[ "$(checkMapEntry "${entry}")" == "true" ]]; then + yamlMigrate "${entry}" "${sourceFile}" + else + warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e yamlPath=key" + fi + done + else + logger "File [${fileName}] is not found in path [${NEW_DATA_DIR}/${filePath}] to migrate" + fi + done +} +# updates the key and value in system.yaml +updateYamlKeyValue () { + local entry="$1" + local value= + local yamlPath= + local key= + + yamlPath="$(getFirstEntry "${entry}")" + value="$(getSecondEntry "${entry}")" + if [[ -z "${value}" ]]; then + warn "value is empty in map [${entry}] in the file [${MIGRATION_SYSTEM_YAML_INFO}]" + return + fi + if [[ -z "${yamlPath}" ]]; then + warn "yamlPath is empty for [${key}] in [${MIGRATION_SYSTEM_YAML_INFO}]" + return + fi + setSystemValue "${yamlPath}" "${value}" "${SYSTEM_YAML_PATH}" + logger "Setting [${yamlPath}] with value [${value}] in system.yaml" +} + +updateSystemYamlFile () { + local updateYaml= + local map= + + retrieveYamlValue "migration.updateSystemYaml" "updateYaml" "Skip" + updateSystemYaml="${YAML_VALUE}" + if [[ -z "${updateSystemYaml}" ]]; then + return + fi + bannerSection "UPDATE SYSTEM YAML FILE WITH KEY AND VALUES" + retrieveYamlValue "migration.updateSystemYaml.map" "map" "Warning" + map="${YAML_VALUE}" + if [[ -z "${map}" ]]; then + return + fi + for entry in $map; + do + if [[ "$(checkMapEntry "${entry}")" == "true" ]]; then + updateYamlKeyValue "${entry}" + else + warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e yamlPath=key" + fi + done +} + +backupFiles_hook () { + logSilly "Method ${FUNCNAME[0]}" +} + +backupDirectory () { + local backupDir="$1" + local dir="$2" + local targetDir="$3" + local effectiveUser= + local effectiveGroup= + + if [[ "${dir}" = \/* ]]; then + dir=$(echo "${dir/\//}") + fi + + if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then + effectiveUser="${JF_USER}" + effectiveGroup="${JF_USER}" + elif [[ "${INSTALLER}" == "${DEB_TYPE}" || "${INSTALLER}" == "${RPM_TYPE}" ]]; then + effectiveUser="${USER_TO_CHECK}" + effectiveGroup="${GROUP_TO_CHECK}" + fi + + removeSoftLinkAndCreateDir "${backupDir}" "${effectiveUser}" "${effectiveGroup}" "yes" + local backupDirectory="${backupDir}/${PRODUCT}" + removeSoftLinkAndCreateDir "${backupDirectory}" "${effectiveUser}" "${effectiveGroup}" "yes" + removeSoftLinkAndCreateDir "${backupDirectory}/${dir}" "${effectiveUser}" "${effectiveGroup}" "yes" + local outputCheckDirExists="$(checkDirExists "${backupDirectory}/${dir}")" + if [[ "${outputCheckDirExists}" == "true" ]]; then + copyOnContentExist "${targetDir}" "${backupDirectory}/${dir}" "full" + fi +} + +removeOldDirectory () { + local backupDir="$1" + local entry="$2" + local check=false + + # prepend OLD_DATA_DIR only if entry is relative path + local targetDir="$(prependDir "${entry}" "${OLD_DATA_DIR}/${entry}")" + local outputCheckDirExists="$(checkDirExists "${targetDir}")" + if [[ "${outputCheckDirExists}" != "true" ]]; then + logger "No [${targetDir}] directory found to delete" + echo ""; + return + fi + backupDirectory "${backupDir}" "${entry}" "${targetDir}" + rm -rf "${targetDir}" && check=true || check=false + [[ "${check}" == "true" ]] && logger "Successfully removed directory [${targetDir}]" + [[ "${check}" == "false" ]] && warn "Failed to remove directory [${targetDir}]" + echo ""; +} + +cleanUpOldDataDirectories () { + local cleanUpOldDataDir= + local map= + local entry= + + retrieveYamlValue "migration.cleanUpOldDataDir" "cleanUpOldDataDir" "Skip" + cleanUpOldDataDir="${YAML_VALUE}" + if [[ -z "${cleanUpOldDataDir}" ]]; then + return + fi + bannerSection "CLEAN UP OLD DATA DIRECTORIES" + retrieveYamlValue "migration.cleanUpOldDataDir.map" "map" "Warning" + map="${YAML_VALUE}" + [[ -z "${map}" ]] && continue + date="$(date +%Y%m%d%H%M)" + backupDir="${NEW_DATA_DIR}/backup/backup-${date}" + bannerImportant "****** Old data configurations are backedup in [${backupDir}] directory ******" + backupFiles_hook "${backupDir}/${PRODUCT}" + for entry in $map; + do + removeOldDirectory "${backupDir}" "${entry}" + done +} + +backupFiles () { + local backupDir="$1" + local dir="$2" + local targetDir="$3" + local fileName="$4" + local effectiveUser= + local effectiveGroup= + + if [[ "${dir}" = \/* ]]; then + dir=$(echo "${dir/\//}") + fi + + if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then + effectiveUser="${JF_USER}" + effectiveGroup="${JF_USER}" + elif [[ "${INSTALLER}" == "${DEB_TYPE}" || "${INSTALLER}" == "${RPM_TYPE}" ]]; then + effectiveUser="${USER_TO_CHECK}" + effectiveGroup="${GROUP_TO_CHECK}" + fi + + removeSoftLinkAndCreateDir "${backupDir}" "${effectiveUser}" "${effectiveGroup}" "yes" + local backupDirectory="${backupDir}/${PRODUCT}" + removeSoftLinkAndCreateDir "${backupDirectory}" "${effectiveUser}" "${effectiveGroup}" "yes" + removeSoftLinkAndCreateDir "${backupDirectory}/${dir}" "${effectiveUser}" "${effectiveGroup}" "yes" + local outputCheckDirExists="$(checkDirExists "${backupDirectory}/${dir}")" + if [[ "${outputCheckDirExists}" == "true" ]]; then + copyCmd "${targetDir}/${fileName}" "${backupDirectory}/${dir}" "specific" + fi +} + +removeOldFiles () { + local backupDir="$1" + local directoryName="$2" + local fileName="$3" + local check=false + + # prepend OLD_DATA_DIR only if entry is relative path + local targetDir="$(prependDir "${directoryName}" "${OLD_DATA_DIR}/${directoryName}")" + local outputCheckFileExists="$(checkFileExists "${targetDir}/${fileName}")" + if [[ "${outputCheckFileExists}" != "true" ]]; then + logger "No [${targetDir}/${fileName}] file found to delete" + return + fi + backupFiles "${backupDir}" "${directoryName}" "${targetDir}" "${fileName}" + rm -f "${targetDir}/${fileName}" && check=true || check=false + [[ "${check}" == "true" ]] && logger "Successfully removed file [${targetDir}/${fileName}]" + [[ "${check}" == "false" ]] && warn "Failed to remove file [${targetDir}/${fileName}]" + echo ""; +} + +cleanUpOldFiles () { + local cleanUpFiles= + local map= + local entry= + + retrieveYamlValue "migration.cleanUpOldFiles" "cleanUpOldFiles" "Skip" + cleanUpOldFiles="${YAML_VALUE}" + if [[ -z "${cleanUpOldFiles}" ]]; then + return + fi + bannerSection "CLEAN UP OLD FILES" + retrieveYamlValue "migration.cleanUpOldFiles.map" "map" "Warning" + map="${YAML_VALUE}" + [[ -z "${map}" ]] && continue + date="$(date +%Y%m%d%H%M)" + backupDir="${NEW_DATA_DIR}/backup/backup-${date}" + bannerImportant "****** Old files are backedup in [${backupDir}] directory ******" + for entry in $map; + do + local outputCheckMapEntry="$(checkMapEntry "${entry}")" + if [[ "${outputCheckMapEntry}" != "true" ]]; then + warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e directoryName=fileName" + fi + local fileName="$(getSecondEntry "${entry}")" + local directoryName="$(getFirstEntry "${entry}")" + [[ -z "${fileName}" ]] && warn "File name value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue + [[ -z "${directoryName}" ]] && warn "Directory name value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue + removeOldFiles "${backupDir}" "${directoryName}" "${fileName}" + echo ""; + done +} + +startMigration () { + bannerSection "STARTING MIGRATION" +} + +endMigration () { + bannerSection "MIGRATION COMPLETED SUCCESSFULLY" +} + +initialize () { + setAppDir + _pauseExecution "setAppDir" + initHelpers + _pauseExecution "initHelpers" + checkMigrationInfoYaml + _pauseExecution "checkMigrationInfoYaml" + getProduct + _pauseExecution "getProduct" + getDataDir + _pauseExecution "getDataDir" +} + +main () { + case $PRODUCT in + artifactory) + migrateArtifactory + ;; + distribution) + migrateDistribution + ;; + xray) + migrationXray + ;; + esac + exit 0 +} + +# Ensures meta data is logged +LOG_BEHAVIOR_ADD_META="$FLAG_Y" + + +migrateResolveDerbyPath () { + local key="$1" + local value="$2" + + if [[ "${key}" == "url" && "${value}" == *"db.home"* ]]; then + if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" ]]; then + derbyPath="/opt/jfrog/artifactory/var/data/artifactory/derby" + value=$(echo "${value}" | sed "s|{db.home}|$derbyPath|") + else + derbyPath="${NEW_DATA_DIR}/data/artifactory/derby" + value=$(echo "${value}" | sed "s|{db.home}|$derbyPath|") + fi + fi + echo "${value}" +} + +migrateResolveHaDirPath () { + local key="$1" + local value="$2" + + if [[ "${INSTALLER}" == "${RPM_TYPE}" || "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" || "${INSTALLER}" == "${DEB_TYPE}" ]]; then + if [[ "${key}" == "artifactory.ha.data.dir" || "${key}" == "artifactory.ha.backup.dir" ]]; then + value=$(checkPathResolver "${value}") + fi + fi + echo "${value}" +} +updatePostgresUrlString_Hook () { + local yamlPath="$1" + local value="$2" + local hostIp=$(io_getPublicHostIP) + local sourceKey="//postgresql:" + if [[ "${yamlPath}" == "shared.database.url" ]]; then + value=$(io_replaceString "${value}" "${sourceKey}" "//${hostIp}:" "#") + fi + echo "${value}" +} +# Check Artifactory product version +checkArtifactoryVersion () { + local minProductVersion="6.0.0" + local maxProductVersion="7.0.0" + local propertyInDocker="ARTIFACTORY_VERSION" + local property="artifactory.version" + + if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" ]]; then + local newfilePath="${APP_DIR}/../.env" + local oldfilePath="${OLD_DATA_DIR}/etc/artifactory.properties" + elif [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then + local oldfilePath="${OLD_DATA_DIR}/etc/artifactory.properties" + elif [[ "${INSTALLER}" == "${ZIP_TYPE}" ]]; then + local newfilePath="${NEW_DATA_DIR}/etc/artifactory/artifactory.properties" + local oldfilePath="${OLD_DATA_DIR}/etc/artifactory.properties" + else + local newfilePath="${NEW_DATA_DIR}/etc/artifactory/artifactory.properties" + local oldfilePath="/etc/opt/jfrog/artifactory/artifactory.properties" + fi + + getProductVersion "${minProductVersion}" "${maxProductVersion}" "${newfilePath}" "${oldfilePath}" "${propertyInDocker}" "${property}" +} + +getCustomDataDir_hook () { + retrieveYamlValue "migration.oldDataDir" "oldDataDir" "Fail" + OLD_DATA_DIR="${YAML_VALUE}" +} + +# Get protocol value of connector +getXmlConnectorProtocol () { + local i="$1" + local filePath="$2" + local fileName="$3" + local protocolValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@protocol' ${filePath}/${fileName} 2>/dev/null |awk -F"=" '{print $2}' | tr -d '"') + echo -e "${protocolValue}" +} + +# Get all attributes of connector +getXmlConnectorAttributes () { + local i="$1" + local filePath="$2" + local fileName="$3" + local connectorAttributes=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@*' ${filePath}/${fileName} 2>/dev/null) + # strip leading and trailing spaces + connectorAttributes=$(io_trim "${connectorAttributes}") + echo "${connectorAttributes}" +} + +# Get port value of connector +getXmlConnectorPort () { + local i="$1" + local filePath="$2" + local fileName="$3" + local portValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@port' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') + echo -e "${portValue}" +} + +# Get maxThreads value of connector +getXmlConnectorMaxThreads () { + local i="$1" + local filePath="$2" + local fileName="$3" + local maxThreadValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@maxThreads' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') + echo -e "${maxThreadValue}" +} +# Get sendReasonPhrase value of connector +getXmlConnectorSendReasonPhrase () { + local i="$1" + local filePath="$2" + local fileName="$3" + local sendReasonPhraseValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@sendReasonPhrase' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') + echo -e "${sendReasonPhraseValue}" +} +# Get relaxedPathChars value of connector +getXmlConnectorRelaxedPathChars () { + local i="$1" + local filePath="$2" + local fileName="$3" + local relaxedPathCharsValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@relaxedPathChars' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') + # strip leading and trailing spaces + relaxedPathCharsValue=$(io_trim "${relaxedPathCharsValue}") + echo -e "${relaxedPathCharsValue}" +} +# Get relaxedQueryChars value of connector +getXmlConnectorRelaxedQueryChars () { + local i="$1" + local filePath="$2" + local fileName="$3" + local relaxedQueryCharsValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@relaxedQueryChars' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') + # strip leading and trailing spaces + relaxedQueryCharsValue=$(io_trim "${relaxedQueryCharsValue}") + echo -e "${relaxedQueryCharsValue}" +} + +# Updating system.yaml with Connector port +setConnectorPort () { + local yamlPath="$1" + local valuePort="$2" + local portYamlPath= + if [[ -z "${yamlPath}" ]]; then + return + fi + if [[ -z "${valuePort}" ]]; then + warn "port value is empty, could not migrate to system.yaml" + return + fi + ## Getting port yaml path from migration info yaml + retrieveYamlValue "${yamlPath}" portYamlPath "Warning" + portYamlPath="${YAML_VALUE}" + if [[ -z "${portYamlPath}" ]]; then + return + fi + setSystemValue "${portYamlPath}" "${valuePort}" "${SYSTEM_YAML_PATH}" + logger "Setting [${portYamlPath}] with value [${valuePort}] in system.yaml" +} + +# Updating system.yaml with Connector maxThreads +setConnectorMaxThread () { + local yamlPath="$1" + local threadValue="$2" + local maxThreadYamlPath= + if [[ -z "${yamlPath}" ]]; then + return + fi + if [[ -z "${threadValue}" ]]; then + return + fi + ## Getting max Threads yaml path from migration info yaml + retrieveYamlValue "${yamlPath}" maxThreadYamlPath "Warning" + maxThreadYamlPath="${YAML_VALUE}" + if [[ -z "${maxThreadYamlPath}" ]]; then + return + fi + setSystemValue "${maxThreadYamlPath}" "${threadValue}" "${SYSTEM_YAML_PATH}" + logger "Setting [${maxThreadYamlPath}] with value [${threadValue}] in system.yaml" +} + +# Updating system.yaml with Connector sendReasonPhrase +setConnectorSendReasonPhrase () { + local yamlPath="$1" + local sendReasonPhraseValue="$2" + local sendReasonPhraseYamlPath= + if [[ -z "${yamlPath}" ]]; then + return + fi + if [[ -z "${sendReasonPhraseValue}" ]]; then + return + fi + ## Getting sendReasonPhrase yaml path from migration info yaml + retrieveYamlValue "${yamlPath}" sendReasonPhraseYamlPath "Warning" + sendReasonPhraseYamlPath="${YAML_VALUE}" + if [[ -z "${sendReasonPhraseYamlPath}" ]]; then + return + fi + setSystemValue "${sendReasonPhraseYamlPath}" "${sendReasonPhraseValue}" "${SYSTEM_YAML_PATH}" + logger "Setting [${sendReasonPhraseYamlPath}] with value [${sendReasonPhraseValue}] in system.yaml" +} + +# Updating system.yaml with Connector relaxedPathChars +setConnectorRelaxedPathChars () { + local yamlPath="$1" + local relaxedPathCharsValue="$2" + local relaxedPathCharsYamlPath= + if [[ -z "${yamlPath}" ]]; then + return + fi + if [[ -z "${relaxedPathCharsValue}" ]]; then + return + fi + ## Getting relaxedPathChars yaml path from migration info yaml + retrieveYamlValue "${yamlPath}" relaxedPathCharsYamlPath "Warning" + relaxedPathCharsYamlPath="${YAML_VALUE}" + if [[ -z "${relaxedPathCharsYamlPath}" ]]; then + return + fi + setSystemValue "${relaxedPathCharsYamlPath}" "${relaxedPathCharsValue}" "${SYSTEM_YAML_PATH}" + logger "Setting [${relaxedPathCharsYamlPath}] with value [${relaxedPathCharsValue}] in system.yaml" +} + +# Updating system.yaml with Connector relaxedQueryChars +setConnectorRelaxedQueryChars () { + local yamlPath="$1" + local relaxedQueryCharsValue="$2" + local relaxedQueryCharsYamlPath= + if [[ -z "${yamlPath}" ]]; then + return + fi + if [[ -z "${relaxedQueryCharsValue}" ]]; then + return + fi + ## Getting relaxedQueryChars yaml path from migration info yaml + retrieveYamlValue "${yamlPath}" relaxedQueryCharsYamlPath "Warning" + relaxedQueryCharsYamlPath="${YAML_VALUE}" + if [[ -z "${relaxedQueryCharsYamlPath}" ]]; then + return + fi + setSystemValue "${relaxedQueryCharsYamlPath}" "${relaxedQueryCharsValue}" "${SYSTEM_YAML_PATH}" + logger "Setting [${relaxedQueryCharsYamlPath}] with value [${relaxedQueryCharsValue}] in system.yaml" +} + +# Updating system.yaml with Connectors configurations +setConnectorExtraConfig () { + local yamlPath="$1" + local connectorAttributes="$2" + local extraConfigPath= + if [[ -z "${yamlPath}" ]]; then + return + fi + if [[ -z "${connectorAttributes}" ]]; then + return + fi + ## Getting extraConfig yaml path from migration info yaml + retrieveYamlValue "${yamlPath}" extraConfig "Warning" + extraConfigPath="${YAML_VALUE}" + if [[ -z "${extraConfigPath}" ]]; then + return + fi + # strip leading and trailing spaces + connectorAttributes=$(io_trim "${connectorAttributes}") + setSystemValue "${extraConfigPath}" "${connectorAttributes}" "${SYSTEM_YAML_PATH}" + logger "Setting [${extraConfigPath}] with connector attributes in system.yaml" +} + +# Updating system.yaml with extra Connectors +setExtraConnector () { + local yamlPath="$1" + local extraConnector="$2" + local extraConnectorYamlPath= + if [[ -z "${yamlPath}" ]]; then + return + fi + if [[ -z "${extraConnector}" ]]; then + return + fi + ## Getting extraConnecotr yaml path from migration info yaml + retrieveYamlValue "${yamlPath}" extraConnectorYamlPath "Warning" + extraConnectorYamlPath="${YAML_VALUE}" + if [[ -z "${extraConnectorYamlPath}" ]]; then + return + fi + getYamlValue "${extraConnectorYamlPath}" "${SYSTEM_YAML_PATH}" "false" + local connectorExtra="${YAML_VALUE}" + if [[ -z "${connectorExtra}" ]]; then + setSystemValue "${extraConnectorYamlPath}" "${extraConnector}" "${SYSTEM_YAML_PATH}" + logger "Setting [${extraConnectorYamlPath}] with extra connectors in system.yaml" + else + setSystemValue "${extraConnectorYamlPath}" "\"${connectorExtra} ${extraConnector}\"" "${SYSTEM_YAML_PATH}" + logger "Setting [${extraConnectorYamlPath}] with extra connectors in system.yaml" + fi +} + +# Migrate extra connectors to system.yaml +migrateExtraConnectors () { + local filePath="$1" + local fileName="$2" + local connectorCount="$3" + local excludeDefaultPort="$4" + local i="$5" + local extraConfig= + local extraConnector= + if [[ "${excludeDefaultPort}" == "yes" ]]; then + for ((i = 1 ; i <= "${connectorCount}" ; i++)); + do + local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") + [[ "${portValue}" != "${DEFAULT_ACCESS_PORT}" && "${portValue}" != "${DEFAULT_RT_PORT}" ]] || continue + extraConnector=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']' ${filePath}/${fileName} 2>/dev/null) + setExtraConnector "${EXTRA_CONFIG_YAMLPATH}" "${extraConnector}" + done + else + extraConnector=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']' ${filePath}/${fileName} 2>/dev/null) + setExtraConnector "${EXTRA_CONFIG_YAMLPATH}" "${extraConnector}" + fi +} + +# Migrate connector configurations +migrateConnectorConfig () { + local i="$1" + local protocolType="$2" + local portValue="$3" + local connectorPortYamlPath="$4" + local connectorMaxThreadYamlPath="$5" + local connectorAttributesYamlPath="$6" + local filePath="$7" + local fileName="$8" + local connectorSendReasonPhraseYamlPath="$9" + local connectorRelaxedPathCharsYamlPath="${10}" + local connectorRelaxedQueryCharsYamlPath="${11}" + + # migrate port + setConnectorPort "${connectorPortYamlPath}" "${portValue}" + + # migrate maxThreads + local maxThreadValue=$(getXmlConnectorMaxThreads "$i" "${filePath}" "${fileName}") + setConnectorMaxThread "${connectorMaxThreadYamlPath}" "${maxThreadValue}" + + # migrate sendReasonPhrase + local sendReasonPhraseValue=$(getXmlConnectorSendReasonPhrase "$i" "${filePath}" "${fileName}") + setConnectorSendReasonPhrase "${connectorSendReasonPhraseYamlPath}" "${sendReasonPhraseValue}" + + # migrate relaxedPathChars + local relaxedPathCharsValue=$(getXmlConnectorRelaxedPathChars "$i" "${filePath}" "${fileName}") + setConnectorRelaxedPathChars "${connectorRelaxedPathCharsYamlPath}" "\"${relaxedPathCharsValue}\"" + # migrate relaxedQueryChars + local relaxedQueryCharsValue=$(getXmlConnectorRelaxedQueryChars "$i" "${filePath}" "${fileName}") + setConnectorRelaxedQueryChars "${connectorRelaxedQueryCharsYamlPath}" "\"${relaxedQueryCharsValue}\"" + + # migrate all attributes to extra config except port , maxThread , sendReasonPhrase ,relaxedPathChars and relaxedQueryChars + local connectorAttributes=$(getXmlConnectorAttributes "$i" "${filePath}" "${fileName}") + connectorAttributes=$(echo "${connectorAttributes}" | sed 's/port="'${portValue}'"//g' | sed 's/maxThreads="'${maxThreadValue}'"//g' | sed 's/sendReasonPhrase="'${sendReasonPhraseValue}'"//g' | sed 's/relaxedPathChars="\'${relaxedPathCharsValue}'\"//g' | sed 's/relaxedQueryChars="\'${relaxedQueryCharsValue}'\"//g') + # strip leading and trailing spaces + connectorAttributes=$(io_trim "${connectorAttributes}") + setConnectorExtraConfig "${connectorAttributesYamlPath}" "${connectorAttributes}" +} + +# Check for default port 8040 and 8081 in connectors and migrate +migrateConnectorPort () { + local filePath="$1" + local fileName="$2" + local connectorCount="$3" + local defaultPort="$4" + local connectorPortYamlPath="$5" + local connectorMaxThreadYamlPath="$6" + local connectorAttributesYamlPath="$7" + local connectorSendReasonPhraseYamlPath="$8" + local connectorRelaxedPathCharsYamlPath="$9" + local connectorRelaxedQueryCharsYamlPath="${10}" + local portYamlPath= + local maxThreadYamlPath= + local status= + for ((i = 1 ; i <= "${connectorCount}" ; i++)); + do + local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") + local protocolType=$(getXmlConnectorProtocol "$i" "${filePath}" "${fileName}") + [[ "${protocolType}" == *AJP* ]] && continue + [[ "${portValue}" != "${defaultPort}" ]] && continue + if [[ "${portValue}" == "${DEFAULT_RT_PORT}" ]]; then + RT_DEFAULTPORT_STATUS=success + else + AC_DEFAULTPORT_STATUS=success + fi + migrateConnectorConfig "${i}" "${protocolType}" "${portValue}" "${connectorPortYamlPath}" "${connectorMaxThreadYamlPath}" "${connectorAttributesYamlPath}" "${filePath}" "${fileName}" "${connectorSendReasonPhraseYamlPath}" "${connectorRelaxedPathCharsYamlPath}" "${connectorRelaxedQueryCharsYamlPath}" + done +} + +# migrate to extra, connector having default port and protocol is AJP +migrateDefaultPortIfAjp () { + local filePath="$1" + local fileName="$2" + local connectorCount="$3" + local defaultPort="$4" + + for ((i = 1 ; i <= "${connectorCount}" ; i++)); + do + local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") + local protocolType=$(getXmlConnectorProtocol "$i" "${filePath}" "${fileName}") + [[ "${protocolType}" != *AJP* ]] && continue + [[ "${portValue}" != "${defaultPort}" ]] && continue + migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "no" "${i}" + done + +} + +# Comparing max threads in connectors +compareMaxThreads () { + local firstConnectorMaxThread="$1" + local firstConnectorNode="$2" + local secondConnectorMaxThread="$3" + local secondConnectorNode="$4" + local filePath="$5" + local fileName="$6" + + # choose higher maxThreads connector as Artifactory. + if [[ "${firstConnectorMaxThread}" -gt ${secondConnectorMaxThread} || "${firstConnectorMaxThread}" -eq ${secondConnectorMaxThread} ]]; then + # maxThread is higher in firstConnector, + # Taking firstConnector as Artifactory and SecondConnector as Access + # maxThread is equal in both connector,considering firstConnector as Artifactory and SecondConnector as Access + local rtPortValue=$(getXmlConnectorPort "${firstConnectorNode}" "${filePath}" "${fileName}") + migrateConnectorConfig "${firstConnectorNode}" "${protocolType}" "${rtPortValue}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" + local acPortValue=$(getXmlConnectorPort "${secondConnectorNode}" "${filePath}" "${fileName}") + migrateConnectorConfig "${secondConnectorNode}" "${protocolType}" "${acPortValue}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${AC_SENDREASONPHRASE_YAMLPATH}" + else + # maxThread is higher in SecondConnector, + # Taking SecondConnector as Artifactory and firstConnector as Access + local rtPortValue=$(getXmlConnectorPort "${secondConnectorNode}" "${filePath}" "${fileName}") + migrateConnectorConfig "${secondConnectorNode}" "${protocolType}" "${rtPortValue}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" + local acPortValue=$(getXmlConnectorPort "${firstConnectorNode}" "${filePath}" "${fileName}") + migrateConnectorConfig "${firstConnectorNode}" "${protocolType}" "${acPortValue}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${AC_SENDREASONPHRASE_YAMLPATH}" + fi +} + +# Check max threads exist to compare +maxThreadsExistToCompare () { + local filePath="$1" + local fileName="$2" + local connectorCount="$3" + local firstConnectorMaxThread= + local secondConnectorMaxThread= + local firstConnectorNode= + local secondConnectorNode= + local status=success + local firstnode=fail + + for ((i = 1 ; i <= "${connectorCount}" ; i++)); + do + local protocolType=$(getXmlConnectorProtocol "$i" "${filePath}" "${fileName}") + if [[ ${protocolType} == *AJP* ]]; then + # Migrate Connectors + migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "no" "${i}" + continue + fi + # store maxthreads value of each connector + if [[ ${firstnode} == "fail" ]]; then + firstConnectorMaxThread=$(getXmlConnectorMaxThreads "${i}" "${filePath}" "${fileName}") + firstConnectorNode="${i}" + firstnode=success + else + secondConnectorMaxThread=$(getXmlConnectorMaxThreads "${i}" "${filePath}" "${fileName}") + secondConnectorNode="${i}" + fi + done + [[ -z "${firstConnectorMaxThread}" ]] && status=fail + [[ -z "${secondConnectorMaxThread}" ]] && status=fail + # maxThreads is set, now compare MaxThreads + if [[ "${status}" == "success" ]]; then + compareMaxThreads "${firstConnectorMaxThread}" "${firstConnectorNode}" "${secondConnectorMaxThread}" "${secondConnectorNode}" "${filePath}" "${fileName}" + else + # Assume first connector is RT, maxThreads is not set in both connectors + local rtPortValue=$(getXmlConnectorPort "${firstConnectorNode}" "${filePath}" "${fileName}") + migrateConnectorConfig "${firstConnectorNode}" "${protocolType}" "${rtPortValue}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" + local acPortValue=$(getXmlConnectorPort "${secondConnectorNode}" "${filePath}" "${fileName}") + migrateConnectorConfig "${secondConnectorNode}" "${protocolType}" "${acPortValue}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${AC_SENDREASONPHRASE_YAMLPATH}" + fi +} + +migrateExtraBasedOnNonAjpCount () { + local nonAjpCount="$1" + local filePath="$2" + local fileName="$3" + local connectorCount="$4" + local i="$5" + + local protocolType=$(getXmlConnectorProtocol "$i" "${filePath}" "${fileName}") + if [[ "${protocolType}" == *AJP* ]]; then + if [[ "${nonAjpCount}" -eq 1 ]]; then + # migrateExtraConnectors + migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "no" "${i}" + continue + else + # migrateExtraConnectors + migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "yes" + continue + fi + fi +} + +# find RT and AC Connector +findRtAndAcConnector () { + local filePath="$1" + local fileName="$2" + local connectorCount="$3" + local initialAjpCount=0 + local nonAjpCount=0 + + # get the count of non AJP + for ((i = 1 ; i <= "${connectorCount}" ; i++)); + do + local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") + local protocolType=$(getXmlConnectorProtocol "$i" "${filePath}" "${fileName}") + [[ "${protocolType}" != *AJP* ]] || continue + nonAjpCount=$((initialAjpCount+1)) + initialAjpCount="${nonAjpCount}" + done + if [[ "${nonAjpCount}" -eq 1 ]]; then + # Add the connector found as access and artifactory connectors + # Mark port as 8040 for access + for ((i = 1 ; i <= "${connectorCount}" ; i++)) + do + migrateExtraBasedOnNonAjpCount "${nonAjpCount}" "${filePath}" "${fileName}" "${connectorCount}" "$i" + local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") + migrateConnectorConfig "$i" "${protocolType}" "${portValue}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" + migrateConnectorConfig "$i" "${protocolType}" "${portValue}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${AC_SENDREASONPHRASE_YAMLPATH}" + setConnectorPort "${AC_PORT_YAMLPATH}" "${DEFAULT_ACCESS_PORT}" + done + elif [[ "${nonAjpCount}" -eq 2 ]]; then + # compare maxThreads in both connectors + maxThreadsExistToCompare "${filePath}" "${fileName}" "${connectorCount}" + elif [[ "${nonAjpCount}" -gt 2 ]]; then + # migrateExtraConnectors + migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "yes" + elif [[ "${nonAjpCount}" -eq 0 ]]; then + # setting with default port in system.yaml + setConnectorPort "${RT_PORT_YAMLPATH}" "${DEFAULT_RT_PORT}" + setConnectorPort "${AC_PORT_YAMLPATH}" "${DEFAULT_ACCESS_PORT}" + # migrateExtraConnectors + migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "yes" + fi +} + +# get the count of non AJP +getCountOfNonAjp () { + local port="$1" + local connectorCount="$2" + local filePath=$3 + local fileName=$4 + local initialNonAjpCount=0 + + for ((i = 1 ; i <= "${connectorCount}" ; i++)); + do + local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") + local protocolType=$(getXmlConnectorProtocol "$i" "${filePath}" "${fileName}") + [[ "${portValue}" != "${port}" ]] || continue + [[ "${protocolType}" != *AJP* ]] || continue + local nonAjpCount=$((initialNonAjpCount+1)) + initialNonAjpCount="${nonAjpCount}" + done + echo -e "${nonAjpCount}" +} + +# Find for access connector +findAcConnector () { + local filePath="$1" + local fileName="$2" + local connectorCount="$3" + + # get the count of non AJP + local nonAjpCount=$(getCountOfNonAjp "${DEFAULT_RT_PORT}" "${connectorCount}" "${filePath}" "${fileName}") + if [[ "${nonAjpCount}" -eq 1 ]]; then + # Add the connector found as access connector and mark port as that of connector + for ((i = 1 ; i <= "${connectorCount}" ; i++)) + do + migrateExtraBasedOnNonAjpCount "${nonAjpCount}" "${filePath}" "${fileName}" "${connectorCount}" "$i" + local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") + if [[ "${portValue}" != "${DEFAULT_RT_PORT}" ]]; then + migrateConnectorConfig "$i" "${protocolType}" "${portValue}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${AC_SENDREASONPHRASE_YAMLPATH}" + fi + done + elif [[ "${nonAjpCount}" -gt 1 ]]; then + # Take RT properties into access with 8040 + for ((i = 1 ; i <= "${connectorCount}" ; i++)) + do + migrateExtraBasedOnNonAjpCount "${nonAjpCount}" "${filePath}" "${fileName}" "${connectorCount}" "$i" + local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") + if [[ "${portValue}" == "${DEFAULT_RT_PORT}" ]]; then + migrateConnectorConfig "$i" "${protocolType}" "${portValue}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${AC_SENDREASONPHRASE_YAMLPATH}" + setConnectorPort "${AC_PORT_YAMLPATH}" "${DEFAULT_ACCESS_PORT}" + fi + done + elif [[ "${nonAjpCount}" -eq 0 ]]; then + # Add RT connector details as access connector and mark port as 8040 + migrateConnectorPort "${filePath}" "${fileName}" "${connectorCount}" "${DEFAULT_RT_PORT}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${AC_SENDREASONPHRASE_YAMLPATH}" + setConnectorPort "${AC_PORT_YAMLPATH}" "${DEFAULT_ACCESS_PORT}" + # migrateExtraConnectors + migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "yes" + fi +} + +# Find for artifactory connector +findRtConnector () { + local filePath="$1" + local fileName="$2" + local connectorCount="$3" + + # get the count of non AJP + local nonAjpCount=$(getCountOfNonAjp "${DEFAULT_ACCESS_PORT}" "${connectorCount}" "${filePath}" "${fileName}") + if [[ "${nonAjpCount}" -eq 1 ]]; then + # Add the connector found as RT connector + for ((i = 1 ; i <= "${connectorCount}" ; i++)) + do + migrateExtraBasedOnNonAjpCount "${nonAjpCount}" "${filePath}" "${fileName}" "${connectorCount}" "$i" + local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") + if [[ "${portValue}" != "${DEFAULT_ACCESS_PORT}" ]]; then + migrateConnectorConfig "$i" "${protocolType}" "${portValue}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" + fi + done + elif [[ "${nonAjpCount}" -gt 1 ]]; then + # Take access properties into artifactory with 8081 + for ((i = 1 ; i <= "${connectorCount}" ; i++)) + do + migrateExtraBasedOnNonAjpCount "${nonAjpCount}" "${filePath}" "${fileName}" "${connectorCount}" "$i" + local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") + if [[ "${portValue}" == "${DEFAULT_ACCESS_PORT}" ]]; then + migrateConnectorConfig "$i" "${protocolType}" "${portValue}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" + setConnectorPort "${RT_PORT_YAMLPATH}" "${DEFAULT_RT_PORT}" + fi + done + elif [[ "${nonAjpCount}" -eq 0 ]]; then + # Add access connector details as RT connector and mark as ${DEFAULT_RT_PORT} + migrateConnectorPort "${filePath}" "${fileName}" "${connectorCount}" "${DEFAULT_ACCESS_PORT}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" + setConnectorPort "${RT_PORT_YAMLPATH}" "${DEFAULT_RT_PORT}" + # migrateExtraConnectors + migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "yes" + fi +} + +checkForTlsConnector () { + local filePath="$1" + local fileName="$2" + local connectorCount="$3" + for ((i = 1 ; i <= "${connectorCount}" ; i++)) + do + local sslProtocolValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@sslProtocol' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') + if [[ "${sslProtocolValue}" == "TLS" ]]; then + bannerImportant "NOTE: Ignoring TLS connector during migration, modify the system yaml to enable TLS. Original server.xml is saved in path [${filePath}/${fileName}]" + TLS_CONNECTOR_EXISTS=${FLAG_Y} + continue + fi + done +} + +# set custom tomcat server Listeners to system.yaml +setListenerConnector () { + local filePath="$1" + local fileName="$2" + local listenerCount="$3" + for ((i = 1 ; i <= "${listenerCount}" ; i++)) + do + local listenerConnector=$($LIBXML2_PATH --xpath '//Server/Listener['$i']' ${filePath}/${fileName} 2>/dev/null) + local listenerClassName=$($LIBXML2_PATH --xpath '//Server/Listener['$i']/@className' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') + if [[ "${listenerClassName}" == *Apr* ]]; then + setExtraConnector "${EXTRA_LISTENER_CONFIG_YAMLPATH}" "${listenerConnector}" + fi + done +} +# add custom tomcat server Listeners +addTomcatServerListeners () { + local filePath="$1" + local fileName="$2" + local listenerCount="$3" + if [[ "${listenerCount}" == "0" ]]; then + logger "No listener connectors found in the [${filePath}/${fileName}],skipping migration of listener connectors" + else + setListenerConnector "${filePath}" "${fileName}" "${listenerCount}" + setSystemValue "${RT_TOMCAT_HTTPSCONNECTOR_ENABLED}" "true" "${SYSTEM_YAML_PATH}" + logger "Setting [${RT_TOMCAT_HTTPSCONNECTOR_ENABLED}] with value [true] in system.yaml" + fi +} + +# server.xml migration operations +xmlMigrateOperation () { + local filePath="$1" + local fileName="$2" + local connectorCount="$3" + local listenerCount="$4" + RT_DEFAULTPORT_STATUS=fail + AC_DEFAULTPORT_STATUS=fail + TLS_CONNECTOR_EXISTS=${FLAG_N} + + # Check for connector with TLS , if found ignore migrating it + checkForTlsConnector "${filePath}" "${fileName}" "${connectorCount}" + if [[ "${TLS_CONNECTOR_EXISTS}" == "${FLAG_Y}" ]]; then + return + fi + addTomcatServerListeners "${filePath}" "${fileName}" "${listenerCount}" + # Migrate RT default port from connectors + migrateConnectorPort "${filePath}" "${fileName}" "${connectorCount}" "${DEFAULT_RT_PORT}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" + # Migrate to extra if RT default ports are AJP + migrateDefaultPortIfAjp "${filePath}" "${fileName}" "${connectorCount}" "${DEFAULT_RT_PORT}" + # Migrate AC default port from connectors + migrateConnectorPort "${filePath}" "${fileName}" "${connectorCount}" "${DEFAULT_ACCESS_PORT}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${AC_SENDREASONPHRASE_YAMLPATH}" + # Migrate to extra if access default ports are AJP + migrateDefaultPortIfAjp "${filePath}" "${fileName}" "${connectorCount}" "${DEFAULT_ACCESS_PORT}" + + if [[ "${AC_DEFAULTPORT_STATUS}" == "success" && "${RT_DEFAULTPORT_STATUS}" == "success" ]]; then + # RT and AC default port found + logger "Artifactory 8081 and Access 8040 default port are found" + migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "yes" + elif [[ "${AC_DEFAULTPORT_STATUS}" == "success" && "${RT_DEFAULTPORT_STATUS}" == "fail" ]]; then + # Only AC default port found,find RT connector + logger "Found Access default 8040 port" + findRtConnector "${filePath}" "${fileName}" "${connectorCount}" + elif [[ "${AC_DEFAULTPORT_STATUS}" == "fail" && "${RT_DEFAULTPORT_STATUS}" == "success" ]]; then + # Only RT default port found,find AC connector + logger "Found Artifactory default 8081 port" + findAcConnector "${filePath}" "${fileName}" "${connectorCount}" + elif [[ "${AC_DEFAULTPORT_STATUS}" == "fail" && "${RT_DEFAULTPORT_STATUS}" == "fail" ]]; then + # RT and AC default port not found, find connector + logger "Artifactory 8081 and Access 8040 default port are not found" + findRtAndAcConnector "${filePath}" "${fileName}" "${connectorCount}" + fi +} + +# get count of connectors +getXmlConnectorCount () { + local filePath="$1" + local fileName="$2" + local count=$($LIBXML2_PATH --xpath 'count(/Server/Service/Connector)' ${filePath}/${fileName}) + echo -e "${count}" +} + +# get count of listener connectors +getTomcatServerListenersCount () { + local filePath="$1" + local fileName="$2" + local count=$($LIBXML2_PATH --xpath 'count(/Server/Listener)' ${filePath}/${fileName}) + echo -e "${count}" +} + +# Migrate server.xml configuration to system.yaml +migrateXmlFile () { + local xmlFiles= + local fileName= + local filePath= + local sourceFilePath= + DEFAULT_ACCESS_PORT="8040" + DEFAULT_RT_PORT="8081" + AC_PORT_YAMLPATH="migration.xmlFiles.serverXml.access.port" + AC_MAXTHREADS_YAMLPATH="migration.xmlFiles.serverXml.access.maxThreads" + AC_SENDREASONPHRASE_YAMLPATH="migration.xmlFiles.serverXml.access.sendReasonPhrase" + AC_EXTRACONFIG_YAMLPATH="migration.xmlFiles.serverXml.access.extraConfig" + RT_PORT_YAMLPATH="migration.xmlFiles.serverXml.artifactory.port" + RT_MAXTHREADS_YAMLPATH="migration.xmlFiles.serverXml.artifactory.maxThreads" + RT_SENDREASONPHRASE_YAMLPATH='migration.xmlFiles.serverXml.artifactory.sendReasonPhrase' + RT_RELAXEDPATHCHARS_YAMLPATH='migration.xmlFiles.serverXml.artifactory.relaxedPathChars' + RT_RELAXEDQUERYCHARS_YAMLPATH='migration.xmlFiles.serverXml.artifactory.relaxedQueryChars' + RT_EXTRACONFIG_YAMLPATH="migration.xmlFiles.serverXml.artifactory.extraConfig" + ROUTER_PORT_YAMLPATH="migration.xmlFiles.serverXml.router.port" + EXTRA_CONFIG_YAMLPATH="migration.xmlFiles.serverXml.extra.config" + EXTRA_LISTENER_CONFIG_YAMLPATH="migration.xmlFiles.serverXml.extra.listener" + RT_TOMCAT_HTTPSCONNECTOR_ENABLED="artifactory.tomcat.httpsConnector.enabled" + + retrieveYamlValue "migration.xmlFiles" "xmlFiles" "Skip" + xmlFiles="${YAML_VALUE}" + if [[ -z "${xmlFiles}" ]]; then + return + fi + bannerSection "PROCESSING MIGRATION OF XML FILES" + retrieveYamlValue "migration.xmlFiles.serverXml.fileName" "fileName" "Warning" + fileName="${YAML_VALUE}" + if [[ -z "${fileName}" ]]; then + return + fi + bannerSubSection "Processing Migration of $fileName" + retrieveYamlValue "migration.xmlFiles.serverXml.filePath" "filePath" "Warning" + filePath="${YAML_VALUE}" + if [[ -z "${filePath}" ]]; then + return + fi + # prepend NEW_DATA_DIR only if filePath is relative path + sourceFilePath=$(prependDir "${filePath}" "${NEW_DATA_DIR}/${filePath}") + if [[ "$(checkFileExists "${sourceFilePath}/${fileName}")" == "true" ]]; then + logger "File [${fileName}] is found in path [${sourceFilePath}]" + local connectorCount=$(getXmlConnectorCount "${sourceFilePath}" "${fileName}") + if [[ "${connectorCount}" == "0" ]]; then + logger "No connectors found in the [${filePath}/${fileName}],skipping migration of xml configuration" + return + fi + local listenerCount=$(getTomcatServerListenersCount "${sourceFilePath}" "${fileName}") + xmlMigrateOperation "${sourceFilePath}" "${fileName}" "${connectorCount}" "${listenerCount}" + else + logger "File [${fileName}] is not found in path [${sourceFilePath}] to migrate" + fi +} + +compareArtifactoryUser () { + local property="$1" + local oldPropertyValue="$2" + local newPropertyValue="$3" + local yamlPath="$4" + local sourceFile="$5" + + if [[ "${oldPropertyValue}" != "${newPropertyValue}" ]]; then + setSystemValue "${yamlPath}" "${oldPropertyValue}" "${SYSTEM_YAML_PATH}" + logger "Setting [${yamlPath}] with value of the property [${property}] in system.yaml" + else + logger "No change in property [${property}] value in [${sourceFile}] to migrate" + fi +} + +migrateReplicator () { + local property="$1" + local oldPropertyValue="$2" + local yamlPath="$3" + + setSystemValue "${yamlPath}" "${oldPropertyValue}" "${SYSTEM_YAML_PATH}" + logger "Setting [${yamlPath}] with value of the property [${property}] in system.yaml" +} + +compareJavaOptions () { + local property="$1" + local oldPropertyValue="$2" + local newPropertyValue="$3" + local yamlPath="$4" + local sourceFile="$5" + local oldJavaOption= + local newJavaOption= + local extraJavaOption= + local check=false + local success=true + local status=true + + oldJavaOption=$(echo "${oldPropertyValue}" | awk 'BEGIN{FS=OFS="\""}{for(i=2;i?{ZA$HxqETC|*rM91T19KmqNu$$X|1YRlo%n3 zS`n+nc3z*~_xy3L^Y8id#FfkCeV+S%@Acg4xkVZ1J*K8)r38UM)S4Qqh9D5w3xgb8WhxZ$y7!lHJ>wj;~wuKHH9WHeEq3jp9ZuE;pLqRwC$gNJ!(mo7B+{+cd}K+&8Pi!_0FjO5@8*ZzD}2r^##exEvognS+-{g{^6tp z?)N?|i<14ZoBG#7@~T5-j~XwSWPM+(3%fg{vsbgSZ!4kOZ9uu&gXi#;nuC`CiY{Sw zV%j!!B^&4HNe(ZP6RMff`7Jr6{@hs0t$fM^OOyG@-73;sCR;V8KQWOo;(z`#;7uN0{C(}fj z5@n%ouSwo25b(_DLVkPxNgzV7HK<<9ra*J8%b2H2?j*W-SA4d-@b|EozhM3J*N`8F zvthBl;e6p4nBymM**1$N){S1%@1+h=syyr@LJ8L_ENqes3Pk((nf;{e&%eUEIZczi zon7kPeF;>CV|2s$T|HjBz;1^>_h3;DI*uid;cNp#N0Qi^b?uMtu#!|D&bSesUd0A2 zN{2{Q2fM3X-Jkcy+AYdfVo{bzHGVT)(mSa7xXT|HQ4WERCViYA-sxNeUajfA`>7|b znNg7W@L^0+35VsKqyacqE^{9_rksZ`!VyLNsCa^+ODjnJ7-&Ji^fZRR+Qyp75u{V2 z&5j12eP5i#%3Sk1a0((z(9|N*cA(qfC$K;3oegg^ntf?qvvM0tmVH8i9>~89)S6+j zaY(#ErYd(rRU5NR4cjKsBlW88`b63V53^=Wbu5PTbOtX-m+D{S8-#D63i0bx=!T2lZ;~EkuE`n^ zhA28GWj_#TN!w zF@{uiw}r|Q<;}Rt1`b;zMDX*2gbnpbu7cqd8MnU|mbO!+GSq6U?*Q|TSi{*SBbku# zVC{ZAF=i4IBl#VF>MBP6YyRC?zu{#s$BMrG-Z=T$nXo?oQvX}Ibi{MnxZOcb zp)Tr}T}o+blPrnnl&xvJtt=gU@Y7UDvf5+78*Ovgo`Sr842uwqVQ7p}ih*_Y=TRlj zAZ2dDd_b@u#siV8w2{??>ZJti?drZ-s%*v4BO9z9q7#A(l?HZFFQ&_tphkV%ckz7ue_fp9I zvvBT2imY?!DVU3NzH50lH1E+?!h8}c79V>5s2mnAUsmeMh4DWqjTERRJ9f<~tZ3uw zcfB)>!K@PXy%LsM;&HCE8b=1>Ug8U=u}mi8|Mt6j_Ux<4?u_AXR;hAt@cVMPM1_F; z8Aj=X6hy~lcZhe8@>A)@l!(xX>gx0_`GV0aEkk;`AA1V3t^PP=6iEyAdn>@Tsr3pQ zv@h75U0Ux(Q0@pKF6&muEFCW4iff^>EiG^mbE>6sEwEoT#M48&1acXBXTLl^$osZ##d`E6CGQha8#$QZp`Oe0h9+a_0Lzxrc<3G4)xYNd;Y-GDfWl^8q5tBLe&sKReV;NS;-bvmh z?rRCPTH}a?R-tE3qsuA!*%5kDOKvDSXO{+6-}XuRxJ#FwbIVf7Lbodc>Hq@VD9G;& z()T{S)f-u|g_(Gvj%@ul;IyH{$x%NGAJkC)$uV@_^1v?BYem9kAYNB|p#8g0fS^I{ zp}O6jir+J9JH~{Kskf9X2UiG%t`O$t&q?;h#Dlhr8hDlOlz^rnonEVZyUu~9zoCVi zjRw%6N>&)@nK@Ug5AUE8Jdfn51}t}OUt~ksck3|Y4cPambR>#%_~0Z zm3J!hyiYUt2fxr$HX^Vd0--b!o&IBZJ4YJ_>UxiA{T7#B4X;y2QXxmK`5ZX2ktLu2 zLckVdrl~mtD~gazwWUGl7$O9S32UYG{SHJs=s@n0*va-+LT#NdCz@@@pUG1yww9!i zd6+PFKKIRTAs^r-@i`Ev!iDZJ*=ECXq-$$m#MoBd^Q1lMadKud`woe)rZmZ8KR!-! z-KO`G|KWA0haH-jd~yHP`!2%nzZ^2E!bp2sb)M2IO3cPgGjo;`^|xiKns2}>CKu1T zF`_!c?Jt`QCewU<$2#oHhv)RAS2>tHhz{RF@50#6zE7Obs~u;O#qjQ3Eo3-+6Eh6=};!U2!uJ`%#i#MyF$_-tb=7v-(;-CXij`(+0CdR{nKqTGQA;WE+hvbzYVmx3dTK4WIqgJHBF}~!dl@H}C zSYW{kC~=;4{MdI9B@F8CAnXnwVpncN){qeN1D@j+$Wo}|x;sR<%|8HHS3-Y9yVZ}C z#ATr_MIs!F6Eg$sQ`cjK`slZm)6mxsv^m>$=7;u&XEs}`#!f6HXX7n?yx;v%#ZbGX z;pK7|I3C&v4gCcPY<=p$)DwItnny)?bR)xLY-pRJmJo^Cv>S@*d`(b`#$2fObA< z)dzn2iLaR)(eaA@*~1cmgTfD|P!AK{zKrg=-Orkm~Ko9}b0&UvrB- z3@WK=O*@C8Ysgm~hYw)JYp2{SLkhneH(X=Tws-e?p8h3_=qzz2E#bgH8Ig$Yn;F0a zb$4)aCw+ofsrnh7GQ4T4zsn_2s}DBXv0Lxt6%)HG#x|&*x)MTz&U2(cj7#d%a~4n*N;-`IFKLEfjkgN!@r4LJD+mDz-4rekj( zlEhc&G<9j!71MCuH|1Au(3GfT@dU?JS`gYFmsZxdVRizFh_53s5@JJWRqsN8h_m`@ zeqlU)WSXpa+ZL}c7u;sC@>nLjxrX(WQ)9{ew>4{@Ak$-VbM2(I_At#7H1PPHl-w2E zv(e}9ZQ_}Yr(PU8>l39)R?`^MC`_kRMfmskTIpYuh%SYyTJ)YR5zHeG5xd{6%l<=Y{uz}Yo)P;Y#h8@53cIO<2FMBa2IN< zX#j&cqrW=qc)u-B{+lRSPVJI0T2&%@A2Mr45KZcXnQl+|l$}r`E;~_X*6&%Zv(dBq zXDegDSHPdHfIpb*_q_@M757;reU(q~|Ctg=+0JH95J?)@+1vZ_)%1d7wMf|_GSLm5 z3H4T2?0q)Do%9L-tQBhe>Y^^<7^a&w&+5bM^)-h@;BeBry2fGf=b!iY@#}m@248`I zV*71NtBtP&mZ<-M)h&Bhg7u0NmAD9?RT_q$h;F>)-Og`z>+XF@By%?Lfuxl~=I+yf zIzA5z+zem@r0KZEe}Hp@hY?LInSJm@@d?aIMt z9!iJr>7}B1_pSj}CO_ytyKm4nPpwm;(kwWKYs<6K^tkr(b!+u%`mc%eh429YWjc$; zY`a@!zCA&BOapKo$hZqTZM%L;r2U2go(6IG-N1A^zxp&8$13m-x_-nIzA%|Lw~KFk zwrC8US+sT_BN4iR{HXG6o@5zpI2CdNPL4!&w%3+p>6 z`n7qjg+9oJ6mt1?8HZHp`;F{>>!qbBdQ{)1f$a9#7pLX0kOs&Qp161M{ zzq66q{kQEDvQnNUvH0Mn4NI9xduYs$S`0-n3pod#Kr&xn_mup+*t%fx9!%3H16sRf zCJDSEwCBt;+iM-YV7*-(l>8Sc`ih)>R?ao^c$Tz%V{uAk=W2CKK;Nt?a1w6*iUv2Z zzY-m6pTdl=ZQ!keB_|t|p810hp;S$Ro+S~~K|^DLEr2?7b&0goO%l-q;f*)^4xQOo zzw2i7Rz_ng-vu1V&4rQ25DO(il7lQScF^bVy9djpIU+#`hihkH@mZ1Q8m+C``-TA14)|81jCN-VGdR^zKz57*U8`+E zQFBqe>_yIN>z!=LTA3kC5F+adzpgewPLes3=Todedy{p2&8D-kYsy=3D;(nMg-foI zXGzjfqLCdzkS-cfSC*+wLmjn0M^z9?qV$_6EB`-5767v&8&0Hrf1;D5jLHlyu+tFd zRn6%b^j-=mNS)-yi&pf(dX!f1TfTwz1cANG!HT=MXQQMIXbujrurA=R)8m@!A%O8z z-}Sx38{~Ny;cV2h2Vi-Kte`-O9esaay%UB60haehEQ>-+><=*RO1zJ2}gty zD=<_IK1p8Ii^h~{v;%q{e<8|LWak5sge2d4<`;5>wM^@ISq%MNke}#|+Lmd3;}zO$ z0BwL-P0{bTUW(@#UHW9LfhxnK?{tb^HkQYQrR27@&i*NQ{xiHfh@pfJV4rhX6GcQM zXhmzq(W;w}_40g=0Y9vT{epaMv$#meqIcq_G#k6gX!B%{x0glPGMA2FXAE#|Aprce z6GJvARBMYj_WI1VWWVIrq8@kS0vmvUduDOXsC%zZvpbmxrFMjSdxqD9w@Y8qLJ*`v zMjBaAJA#0r=oQ|*2bSc6RAztP`ndjUK!?0YO_uC6}4S;7R+NclF4 z634K%mw~jU$x>8cY}HRlaW)=7`Rx#WcbgtfHZ#QGwugHF?m2H(@$AcK_XIFklAHY@ zsw{v2IHrxA?sI_g6h6o7RaJ5(SvLUqK;Y!zYL`8+ACyfInFE@x_Bd%ZzuyLk<0qNM z%De_q$CHUu_K%z>Da{fC+}UYxOly0VbL$*JhwHn!4iU#IsK3gl3zF4XvhrvtViKYL zy0{K}+Fy3gkL>WR zDyTse349IB-md_lD>D+cOgE6vzB92ni~s{(9YAQlRgEateY|SVezW!Qf7oij=(suE z#}T8zpPIbK|7sQ23vmDPPp=@Ypf>xn6K9wbH%a=Tiy5O-PiS|BREaI;W^bg|O>;u;4eS>Tl$0*n7H@O_DX$5JdtNfF>OH-VNw@ z&Ut-9xDW{H{(uw_c+y8uN+nqEU{N>z3C~U7g#|pCHl%|zFWn+rF|L+Zw9nQ>Jx2Zx z7f~uLd~;kKbdy32cw_%g04hdo>aU){M9a;DUhyCqHZuI(!B8_{cth9~)Du) z9CsgPyTqio&khhxwtPL3!A=Fkhyc`F3w%ref^JVDWRF4wQ_72b-3@r^!YdRJgdp;p zRmhZ{|521l-x>7uRjp(0K&4D=JwQMSQy@N-uK z0{WZEJ05NxF4D<}W(5qWMO?tF3VHucfo`Ot_T8&>Ssgw!+iQjUCgskwfDgeh$?5}D z)J;jhXv}8~a^TE7fa?@8)_`}YH>DMupnmb(2Z@38?*odNNM`u0$R2r8s9bgkL`zwU{_kt#qO?iUeU1+jJChByj}fr2jZV~+y_*68;EYC)BIJ! zqxCBPZSV^4A`K#KIb*)Qamy*87_emTxe)p5%awK!nB(`K8RpAN2RPlCmbUd?b1>`Nf$eopTuQ7)S2g=7J)DUku;Y)r zP`x^}Wfr++@sg@l8BJEPXhe z2)4vAsy)(1U6cO^BZ`i^qUSw8PojN1y*s3}=_|3i|* z9!5<5&o7aK=8H-W@BWO%m%-a}Y_Dg(KIM!9qyj|XM9tqDYx$_R$|(zczF`4?XL%(_ zL-Hs~

sCPb@d4#iMxTw1P!CIbM}-ztF`V#Th=K!tjm{;>cl*pcKEIR!oQjpu;>s zhj)RNF2|Y3_cl#5rC*!*XCyC+VJDEDf>cKZzKZm-nk`%nP z$sb!*L1bht!RcS-6b<-YlAiqMn1w1y$`X`Qa%Lx!*%`0cp{s?2LjZT;mY8~oO1ugw zgI_HUUSfX%qz}X_0UDu;IsS%vrEJ=n;n`;%^C>L8fVbi$9K`0QRlLa- zx@v&%NKIl?Wql0@f70NY+VARF@Uv%@` zf05e>>_@f(MELC}-mIw_Z|<-0PIgh0Q@dY<59kVF)_e1cq^6gV?8GUiJF^7g7E`H)~GXO-rm8ok=wCA z-U(e}dL{LyZle^*2eDRktn&Xmc#jMa_;O)7riHKw(*`H|bN6^K3;cUCb7Wd@Wn4yR z#Y9CUnY=U^cC@>U56FW=v$E8ihSZ3-q#bnu9yfrvnf|@bNt0xW5+?POLUI$&PZ*5C zl>Qjr;74pzx6!s2~;RZ}Ej^}&Tm-a|2eH^(qS8L+L*Y|B(A>(z8C($g|lRD2(&bV0ezKnettBuV(U90JTnE(Fq6ZG^(Q3mnB z!#WB&uRG_fCs26fMp`Vzg5`4{;@ww2Wzg^vt|a!TTL8!`HIDZ+`MZMuHSt7e>KRs zx$zo?_>7XgnQtT<=IEPzpq?j{&0F{ah;?jxT#94#m+V*>kkV^TFQG<|&M5BF)ZLCZrheNuS}hZbgx5v! zPCQ)1-$QL%Y;jI2)mJqk;81j(az`z7q3t*QfnxNLc658FrmcQ)W1Xs>*6^0Fau8Mm zA@?ydh_u)Ke}!9l!OwQt6k-ucObo4AoC;9SjXl9DQr6anr-f@D1d?#X-ubUEomAF$ zl0Om+CxfH}s)4tyCrmS0uS(hIpw^;@b~agY&k{1s@$qO)#|OT<@1%eP*~yuqkuAIw zoZ>_@pDqJ5eJZ6Yt>XM7=QYtIA!J;|Pn+-hb^e$27+IR*FmJuZcMPzGqP5)@Uu&)A zMEyp_f|LI-9Nw>u2YZ84ES83kO9KNR+YyB5GOqdqTlg+zrRyiYdtmtXIzN*ourQQg zJAp~o_TmERQCaNIv+AH7Yqs9Ql+`ae=o16y=VHW6SA=;I7oWR_I*2m#51K!pOh*@j`8tT zBP4+%crJ`A^!76Zg6zk$%ufTnj#*yMZ*#SJ^k)wn-mc~eAluQq_3v)u5~}b{j4jhu zj|Wg}P1nx)%9BA+(v96zdl^YZg~I!$@zW$u5+y4w;-^6{b&j9s^W*>Ir+mwcfd*4S z0?@Wp=u$Ra_d{HARyEVC&`2CPJZ`pZZ5wzEh$~(%CXASIB5%%bu9IYr%f| zW+oIXn@MYBS(F$AT20;U1*FE*8kVLoqYZ6_9%{@#gL4tVCrfbDaal?e?RJ*`cjwO= z@Mf5((=gCMAh86~k&vdB`YHp-x$93V3yY0G-oKR)MZF_$(wqj)Gqwop_QpQEZ9&4i ziq&#JVJET3?X!6^eR&Yhdp`Z<;pw-$Jc4MVX4(GF&&~BW#ZPZ~!m@sTLG}FJKo?e@ zGCBDGwlQL#YcQV~c;btlluL&Gj1grQ^XOEoK27PZEA}V}h_1Ik48Z=7OYR_9b?L%H z%v4)1lUy~Mub0kITs(kTb3}7G^4NNa`sVm~9y<&<^mF-^n`JL21xKcZkjOT~6;8xU%8wdR8-ko=*;fr5YgD>q81YU?UF&4FgVI8l#l|`wB3E) zY_+$I+T{LdyS-yw`BX_}!pMf>)JB7uqeu>Dc6IGQmK{7x6vWAy&X*4 zNmr(;JzW-jyC?VSAhHejfW4yy9!Xw zVWiQ88TJdb3H@5}S>*E!YVcAwDLre^|R_=5_o%xG-I5 zJjUZm21o3T3QiwF80&(fmp1P7wnW;xfq8g}jDsV(5fqB(f;bPzX=y3rl*y=oGpMDjb@RD^4ytoVlrU@p@nE@4%@ zs~6L+X7`VI#AO*?M2W>ZnWb^x|H-z%25L<^;q4muN0x9Ssu~Sf$X~8p~ zZB}VA{!=D0T2S47fj*&M&!tNBt}-z9Gb?n=hZQY>c0}h<&iyF~Q`8-|r6qi9?CB8Q zJCi$UbxfaKXI=$8re96CgFYb6Gak@lvs++F5CTX_yTwt6Z%#%#B9-`tbtcCr zo4vzX7FgFd+650o5-!?u7*1*Y;IDq=Ax_ZyK(;01k*lEl-samx~JdR5?x2kd)D zz|jU1`P09&xP`Jeojs+Nyz(K?uCH}-oW>bpw6#9!6< z&HsKCV)^!iolU8gE)}&QpZ7XIpD6((HvoNX7ffNMe)hqb1n*7Q*Emnq5()7!Htn3h zUYaz_098-Nuc9-CaP6pX-Iq9Dtbm4+!l-cz^bktd{~4{c%$@ez9Ir@PD+Ev4ojx*)^P4*=5u0Bb z!o2*=H6OZMUC8|f7p3pgz`?%(SOY%*|ex#JHQd{MJxA67~-h<-;4Ml;G9+ZtB>XoanmQc$`V z;IS6C+Kz%f+5XdzJU7v3??+P~lE9h9aF&gz><%ld_wMQbG*|(wfc2y=u}%51UYq+s|?bjX3dEUD~^tgv}gjk~lS~EkbKn@Ia(Gt<7O)p{fn`?i;=!gG)t@RBS z!knz7$J*0&p7t_9PrZ)f^=s0`9qaVc#w0L8S?+MjmlGmzF=_Z9~C?ByYI8q~iORbkkWwiAf3H`Btx{hPq8qmXJewl)`B=5xfkvk&-5-zzDJUZoN| zetSJd=#Nmiutv;O#JQ+5*<+WG$>k(4f@n43(lxhqy8{iOORxrRSrdu2LbUhI@VVWI zh-YmSve$p~aHh27Qr27JMfI|%=(V?5*2aj2xXpozBk^{0=w!A_+HXIhsCI}fMD}%m z7`qOmakvuFHbHIy(&}5Bn}t@Z0U{PpgxpEc9+oe>y%&4H|KdJnk>B;hk(ZZhyeof= zF(ETTPkADMszkz7v)M6yk&LZva&TVDE!ITvWV*8P3DyQ70=_i9f6!{`=b|K-AT%CX zra}J#7*)L`vp{F_e1{SHqOM)#1&sp99L+`2O_4kGeQ)2-cs(p&xjG98aTlE41SnlT zs3B(NkS1{7)9!(%OciC5K)K23ICVz0#qnRZV5Ukz?xd?B!K4kq=eb95kaS$H9S=7` zny+~;7J9-YhwEufU)frh%xs$+{Bw^5Mr@;0xC*#+D?-%7t0xY{m&9N!=yenrMw&hy zsAvq6+_^RUspOP_!cQiZ|H$DJ>0V z8=dd(f4I}6Cj=5 zP1I*_?dAvN%Q?&zp>HOQqkiN7_a5A$FLnusjSlm-gHoq2P!CZQ@Ix)2e_) zyDet7p7W@@E0(koM37UEMgIokE$Dy4$yvbhxX+ui?D)m0CDPoBxObP7&tP`c=dKt> zDrsFe=jJ{$88F6OQeN1?bOw*i2$%QF*1|~BG6g-hqkXD+mkYQCpXQC$f+ow*2@S;- z{Wcd~rj=gujEO)og1nI!MDUinF!J~QjV0zP3Ut+y3v{QT3nCllIo8_ScV<&N*E=~` zCzow9ZrsBV_>Ygf6)+#wR}c37^z?JqS~{*K%~{FJvIToc&UWoWug%g2%T!^Cq43P! zu#sS0qM2fnYK40H&}$kwyZ5z(6=DrC-UObwBwdPY9Lsf0E|x(iu^lbW>q+sZu1j3W zpT^LH$Er2J^^WRiGjyv|&dBslA({IxGyaS^t5c0`jM{yGj6^^=DnRUg;&WN=(@bCX zinDn;vIk!yBz%>WkV|)MUHmPlY_9tMe^gZq63lT#??66>1R?O39?r;jI)UrTrXCLt zZ>jD9mlQQ!B&dh{|Du0XusjSa(}Vz*r0UO<>4L6vORTTQOF5CByt&KG%`Nc_@C3l; zF5o!dy?ghA7#O0tapOiB3~> /etc/hosts" +{{- end }} +{{- if .Values.artifactory.node.javaOpts.jmx.enabled }} +sudo sh -c "echo \"${MEMBER_SERVICE_IP} {{ template "artifactory-ha.fullname" . }}\" >> /etc/hosts" +{{- end }} + +3. Launch jconsole: +{{- if .Values.artifactory.primary.javaOpts.jmx.enabled }} +jconsole {{ template "artifactory-ha.primary.name" . }}:{{ .Values.artifactory.primary.javaOpts.jmx.port }} +{{- end }} +{{- if .Values.artifactory.node.javaOpts.jmx.enabled }} +jconsole {{ template "artifactory-ha.fullname" . }}:{{ .Values.artifactory.node.javaOpts.jmx.port }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/_helpers.tpl b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/_helpers.tpl new file mode 100644 index 000000000..8f9dc060c --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/_helpers.tpl @@ -0,0 +1,127 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "artifactory-ha.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +The primary node name +*/}} +{{- define "artifactory-ha.primary.name" -}} +{{- if .Values.nameOverride -}} +{{- printf "%s-primary" .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := .Release.Name | trunc 29 -}} +{{- printf "%s-%s-primary" $name .Chart.Name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} + +{{/* +The member node name +*/}} +{{- define "artifactory-ha.node.name" -}} +{{- if .Values.nameOverride -}} +{{- printf "%s-member" .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := .Release.Name | trunc 29 -}} +{{- printf "%s-%s-member" $name .Chart.Name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} + +{{/* +Expand the name nginx service. +*/}} +{{- define "artifactory-ha.nginx.name" -}} +{{- default .Values.nginx.name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "artifactory-ha.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create a default fully qualified Replicator app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "artifactory-ha.replicator.fullname" -}} +{{- if .Values.artifactory.replicator.ingress.name -}} +{{- .Values.artifactory.replicator.ingress.name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-replication" .Chart.Name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "artifactory-ha.nginx.fullname" -}} +{{- if .Values.nginx.fullnameOverride -}} +{{- .Values.nginx.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nginx.name -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "artifactory-ha.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} +{{ default (include "artifactory-ha.fullname" .) .Values.serviceAccount.name }} +{{- else -}} +{{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "artifactory-ha.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Generate SSL certificates +*/}} +{{- define "artifactory-ha.gen-certs" -}} +{{- $altNames := list ( printf "%s.%s" (include "artifactory-ha.name" .) .Release.Namespace ) ( printf "%s.%s.svc" (include "artifactory-ha.name" .) .Release.Namespace ) -}} +{{- $ca := genCA "artifactory-ca" 365 -}} +{{- $cert := genSignedCert ( include "artifactory-ha.name" . ) nil $altNames 365 $ca -}} +tls.crt: {{ $cert.Cert | b64enc }} +tls.key: {{ $cert.Key | b64enc }} +{{- end -}} + +{{/* +Scheme (http/https) based on Access TLS enabled/disabled +*/}} +{{- define "artifactory-ha.scheme" -}} +{{- if .Values.access.accessConfig.security.tls -}} +{{- printf "%s" "https" -}} +{{- else -}} +{{- printf "%s" "http" -}} +{{- end -}} +{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/admin-bootstrap-creds.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/admin-bootstrap-creds.yaml new file mode 100644 index 000000000..b344e86b6 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/admin-bootstrap-creds.yaml @@ -0,0 +1,15 @@ +{{- if not (and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey) }} +{{- if .Values.artifactory.admin.password }} +kind: Secret +apiVersion: v1 +metadata: + name: {{ template "artifactory-ha.fullname" . }}-bootstrap-creds + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +data: + bootstrap.creds: {{ (printf "%s@%s=%s" .Values.artifactory.admin.username .Values.artifactory.admin.ip .Values.artifactory.admin.password) | b64enc }} +{{- end }} +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-access-config.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-access-config.yaml new file mode 100644 index 000000000..6552d45dc --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-access-config.yaml @@ -0,0 +1,15 @@ +{{- if .Values.access.accessConfig }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "artifactory-ha.fullname" . }}-access-config + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +type: Opaque +stringData: + access.config.import.yml: | +{{ tpl (toYaml .Values.access.accessConfig) . | indent 4 }} +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-binarystore-secret.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-binarystore-secret.yaml new file mode 100644 index 000000000..2e7cac758 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-binarystore-secret.yaml @@ -0,0 +1,14 @@ +{{- if not .Values.artifactory.persistence.customBinarystoreXmlSecret }} +kind: Secret +apiVersion: v1 +metadata: + name: {{ template "artifactory-ha.fullname" . }}-binarystore + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +stringData: + binarystore.xml: |- +{{ tpl .Values.artifactory.persistence.binarystoreXml . | indent 4 }} +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-configmaps.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-configmaps.yaml new file mode 100644 index 000000000..1385bc578 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-configmaps.yaml @@ -0,0 +1,13 @@ +{{ if .Values.artifactory.configMaps }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "artifactory-ha.fullname" . }}-configmaps + labels: + app: {{ template "artifactory-ha.fullname" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +data: +{{ tpl .Values.artifactory.configMaps . | indent 2 }} +{{ end -}} \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-custom-secrets.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-custom-secrets.yaml new file mode 100644 index 000000000..c22188a64 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-custom-secrets.yaml @@ -0,0 +1,19 @@ +{{- if .Values.artifactory.customSecrets }} +{{- range .Values.artifactory.customSecrets }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ .name }} + labels: + app: "{{ template "artifactory-ha.name" $ }}" + chart: "{{ template "artifactory-ha.chart" $ }}" + component: "{{ $.Values.artifactory.name }}" + heritage: {{ $.Release.Service | quote }} + release: {{ $.Release.Name | quote }} +type: Opaque +stringData: + {{ .key }}: | +{{ .data | indent 4 -}} +{{- end -}} +{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-database-secrets.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-database-secrets.yaml new file mode 100644 index 000000000..9ff71855f --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-database-secrets.yaml @@ -0,0 +1,22 @@ +{{- if and (not .Values.database.secrets) (not .Values.postgresql.enabled) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "artifactory-ha.fullname" . }}-database-creds + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +type: Opaque +data: + {{- with .Values.database.url }} + db-url: {{ tpl . $ | b64enc | quote }} + {{- end }} + {{- with .Values.database.user }} + db-user: {{ tpl . $ | b64enc | quote }} + {{- end }} + {{- with .Values.database.password }} + db-password: {{ tpl . $ | b64enc | quote }} + {{- end }} +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-gcp-credentials-secret.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-gcp-credentials-secret.yaml new file mode 100644 index 000000000..c6a2682c8 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-gcp-credentials-secret.yaml @@ -0,0 +1,16 @@ +{{- if not .Values.artifactory.persistence.googleStorage.gcpServiceAccount.customSecretName }} +{{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} +kind: Secret +apiVersion: v1 +metadata: + name: {{ template "artifactory-ha.fullname" . }}-gcpcreds + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +stringData: + gcp.credentials.json: |- +{{ tpl .Values.artifactory.persistence.googleStorage.gcpServiceAccount.config . | indent 4 }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-installer-info.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-installer-info.yaml new file mode 100644 index 000000000..e58ec41b3 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-installer-info.yaml @@ -0,0 +1,12 @@ +kind: ConfigMap +apiVersion: v1 +metadata: + name: {{ template "artifactory-ha.fullname" . }}-installer-info + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +data: + installer-info.json: | + {{ tpl .Values.installerInfo . }} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-license-secret.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-license-secret.yaml new file mode 100644 index 000000000..3f629c6e4 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-license-secret.yaml @@ -0,0 +1,14 @@ +{{- with .Values.artifactory.license.licenseKey }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "artifactory-ha.fullname" $ }}-license + labels: + app: {{ template "artifactory-ha.name" $ }} + chart: {{ template "artifactory-ha.chart" $ }} + heritage: {{ $.Release.Service }} + release: {{ $.Release.Name }} +type: Opaque +data: + artifactory.lic: {{ . | b64enc | quote }} +{{- end }} \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-migration-scripts.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-migration-scripts.yaml new file mode 100644 index 000000000..fe40f980f --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-migration-scripts.yaml @@ -0,0 +1,18 @@ +{{- if .Values.artifactory.migration.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "artifactory-ha.fullname" . }}-migration-scripts + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +data: + migrate.sh: | +{{ .Files.Get "files/migrate.sh" | indent 4 }} + migrationHelmInfo.yaml: | +{{ .Files.Get "files/migrationHelmInfo.yaml" | indent 4 }} + migrationStatus.sh: | +{{ .Files.Get "files/migrationStatus.sh" | indent 4 }} +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-networkpolicy.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-networkpolicy.yaml new file mode 100644 index 000000000..371dc9a5f --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-networkpolicy.yaml @@ -0,0 +1,34 @@ +{{- range .Values.networkpolicy }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ template "artifactory-ha.fullname" $ }}-{{ .name }}-networkpolicy + labels: + app: {{ template "artifactory-ha.name" $ }} + chart: {{ template "artifactory-ha.chart" $ }} + release: {{ $.Release.Name }} + heritage: {{ $.Release.Service }} +spec: +{{- if .podSelector }} + podSelector: +{{ .podSelector | toYaml | trimSuffix "\n" | indent 4 -}} +{{ else }} + podSelector: {} +{{- end }} + policyTypes: + {{- if .ingress }} + - Ingress + {{- end }} + {{- if .egress }} + - Egress + {{- end }} +{{- if .ingress }} + ingress: +{{ .ingress | toYaml | trimSuffix "\n" | indent 2 -}} +{{- end }} +{{- if .egress }} + egress: +{{ .egress | toYaml | trimSuffix "\n" | indent 2 -}} +{{- end }} +--- +{{- end -}} \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-nfs-pvc.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-nfs-pvc.yaml new file mode 100644 index 000000000..6ed7d82f6 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-nfs-pvc.yaml @@ -0,0 +1,101 @@ +{{- if eq .Values.artifactory.persistence.type "nfs" }} +### Artifactory HA data +apiVersion: v1 +kind: PersistentVolume +metadata: + name: {{ template "artifactory-ha.fullname" . }}-data-pv + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + id: {{ template "artifactory-ha.name" . }}-data-pv + type: nfs-volume +spec: + {{- if .Values.artifactory.persistence.nfs.mountOptions }} + mountOptions: +{{ toYaml .Values.artifactory.persistence.nfs.mountOptions | indent 4 }} + {{- end }} + capacity: + storage: {{ .Values.artifactory.persistence.nfs.capacity }} + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + nfs: + server: {{ .Values.artifactory.persistence.nfs.ip }} + path: "{{ .Values.artifactory.persistence.nfs.haDataMount }}" + readOnly: false +--- +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ template "artifactory-ha.fullname" . }}-data-pvc + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + type: nfs-volume +spec: + accessModes: + - ReadWriteOnce + storageClassName: "" + resources: + requests: + storage: {{ .Values.artifactory.persistence.nfs.capacity }} + selector: + matchLabels: + id: {{ template "artifactory-ha.name" . }}-data-pv + app: {{ template "artifactory-ha.name" . }} + release: {{ .Release.Name }} +--- +### Artifactory HA backup +apiVersion: v1 +kind: PersistentVolume +metadata: + name: {{ template "artifactory-ha.fullname" . }}-backup-pv + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + id: {{ template "artifactory-ha.name" . }}-backup-pv + type: nfs-volume +spec: + {{- if .Values.artifactory.persistence.nfs.mountOptions }} + mountOptions: +{{ toYaml .Values.artifactory.persistence.nfs.mountOptions | indent 4 }} + {{- end }} + capacity: + storage: {{ .Values.artifactory.persistence.nfs.capacity }} + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + nfs: + server: {{ .Values.artifactory.persistence.nfs.ip }} + path: "{{ .Values.artifactory.persistence.nfs.haBackupMount }}" + readOnly: false +--- +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ template "artifactory-ha.fullname" . }}-backup-pvc + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + type: nfs-volume +spec: + accessModes: + - ReadWriteOnce + storageClassName: "" + resources: + requests: + storage: {{ .Values.artifactory.persistence.nfs.capacity }} + selector: + matchLabels: + id: {{ template "artifactory-ha.name" . }}-backup-pv + app: {{ template "artifactory-ha.name" . }} + release: {{ .Release.Name }} +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-node-pdb.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-node-pdb.yaml new file mode 100644 index 000000000..d588e0a85 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-node-pdb.yaml @@ -0,0 +1,20 @@ +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: {{ template "artifactory-ha.fullname" . }}-node + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + component: {{ .Values.artifactory.name }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + selector: + matchLabels: + component: {{ .Values.artifactory.name }} + app: {{ template "artifactory-ha.name" . }} + {{- if eq .Values.artifactory.service.pool "members" }} + role: {{ template "artifactory-ha.node.name" . }} + {{- end }} + release: {{ .Release.Name }} + minAvailable: {{ .Values.artifactory.node.minAvailable }} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-node-statefulset.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-node-statefulset.yaml new file mode 100644 index 000000000..af5ce966d --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-node-statefulset.yaml @@ -0,0 +1,711 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ template "artifactory-ha.node.name" . }} + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + component: {{ .Values.artifactory.name }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +{{- with .Values.artifactory.node.labels }} +{{ toYaml . | indent 4 }} +{{- end }} +spec: + serviceName: {{ template "artifactory-ha.node.name" . }} + replicas: {{ .Values.artifactory.node.replicaCount }} + updateStrategy: + type: RollingUpdate + selector: + matchLabels: + app: {{ template "artifactory-ha.name" . }} + role: {{ template "artifactory-ha.node.name" . }} + release: {{ .Release.Name }} + template: + metadata: + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + role: {{ template "artifactory-ha.node.name" . }} + heritage: {{ .Release.Service }} + component: {{ .Values.artifactory.name }} + release: {{ .Release.Name }} + {{- with .Values.artifactory.node.labels }} +{{ toYaml . | indent 8 }} + {{- end }} + annotations: + checksum/binarystore: {{ include (print $.Template.BasePath "/artifactory-binarystore-secret.yaml") . | sha256sum }} + checksum/systemyaml: {{ include (print $.Template.BasePath "/artifactory-system-yaml.yaml") . | sha256sum }} + {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} + checksum/gcpcredentials: {{ include (print $.Template.BasePath "/artifactory-gcp-credentials-secret.yaml") . | sha256sum }} + {{- end }} + {{- range $key, $value := .Values.artifactory.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + spec: + {{- if .Values.artifactory.priorityClass.existingPriorityClass }} + priorityClassName: {{ .Values.artifactory.priorityClass.existingPriorityClass }} + {{- else -}} + {{- if .Values.artifactory.priorityClass.create }} + priorityClassName: {{ default (include "artifactory-ha.fullname" .) .Values.artifactory.priorityClass.name }} + {{- end }} + {{- end }} + serviceAccountName: {{ template "artifactory-ha.serviceAccountName" . }} + terminationGracePeriodSeconds: {{ .Values.artifactory.terminationGracePeriodSeconds }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: + - name: {{ .Values.imagePullSecrets }} + {{- end }} + securityContext: + runAsUser: {{ .Values.artifactory.uid }} + fsGroup: {{ .Values.artifactory.uid }} + initContainers: + {{- if .Values.artifactory.customInitContainersBegin }} +{{ tpl .Values.artifactory.customInitContainersBegin . | indent 6 }} + {{- end }} + {{- if .Values.artifactory.persistence.enabled }} + {{- if eq .Values.artifactory.persistence.type "file-system" }} + {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} + - name: "create-artifactory-data-dir" + image: "{{ .Values.initContainerImage }}" + imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} + command: + - 'sh' + - '-c' + - > + mkdir -p {{ tpl .Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir . }}; + resources: +{{ toYaml .Values.initContainers.resources | indent 10 }} + volumeMounts: + - mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} + name: volume + {{- end }} + {{- end }} + {{- if .Values.artifactory.deleteDBPropertiesOnStartup }} + - name: "delete-db-properties" + image: "{{ .Values.initContainerImage }}" + imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} + command: + - 'sh' + - '-c' + - 'rm -fv {{ .Values.artifactory.persistence.mountPath }}/etc/db.properties' + resources: +{{ toYaml .Values.initContainers.resources | indent 10 }} + volumeMounts: + - mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} + name: volume + {{- end }} + {{- end }} + {{- if and .Values.artifactory.node.waitForPrimaryStartup.enabled }} + - name: "wait-for-primary" + image: "{{ .Values.initContainerImage }}" + imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} + command: + - 'sh' + - '-c' + - > + echo "Waiting for primary node to be ready..."; + {{- if and .Values.artifactory.node.waitForPrimaryStartup.enabled .Values.artifactory.node.waitForPrimaryStartup.time }} + echo "Sleeping to allow time for primary node to come up"; + sleep {{ .Values.artifactory.node.waitForPrimaryStartup.time }}; + {{- else }} + while [ "$(wget --spider --no-check-certificate -S -T 3 {{ include "artifactory-ha.scheme" . }}://{{ template "artifactory-ha.primary.name" . }}:{{ .Values.artifactory.externalPort }}/ 2>&1 | grep '^ HTTP/' | awk '{print $2}')" != "200" ]; + do echo "Primary not ready. Waiting..."; sleep 3; + done; + echo "Primary node ready!"; + {{- end }} + resources: +{{ toYaml .Values.initContainers.resources | indent 10 }} + {{- end }} + - name: 'copy-system-yaml' + image: '{{ .Values.initContainerImage }}' + command: + - '/bin/sh' + - '-c' + - > + echo "Copy system.yaml to {{ .Values.artifactory.persistence.mountPath }}/etc"; + mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc; + mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/access/keys/trusted; + cp -fv /tmp/etc/system.yaml {{ .Values.artifactory.persistence.mountPath }}/etc/system.yaml; + echo "Remove {{ .Values.artifactory.persistence.mountPath }}/lost+found folder if exists"; + rm -rfv {{ .Values.artifactory.persistence.mountPath }}/lost+found; + echo "Removing join.key file"; + rm -fv {{ .Values.artifactory.persistence.mountPath }}/etc/security/join.key; + {{- if .Values.access.resetAccessCAKeys }} + echo "Resetting Access CA Keys - load from database"; + {{- end }} + {{- if .Values.access.customCertificatesSecretName }} + echo "Load custom certificates from database"; + {{- end }} + {{- if or .Values.artifactory.masterKey .Values.artifactory.masterKeySecretName }} + echo "Copy masterKey to {{ .Values.artifactory.persistence.mountPath }}/etc/security"; + mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/security; + echo -n ${ARTIFACTORY_MASTER_KEY} > {{ .Values.artifactory.persistence.mountPath }}/etc/security/master.key; + env: + - name: ARTIFACTORY_MASTER_KEY + valueFrom: + secretKeyRef: + name: "{{ .Values.artifactory.masterKeySecretName | default (include "artifactory-ha.fullname" .) }}" + key: master-key + {{- end }} + resources: +{{ toYaml .Values.initContainers.resources | indent 10 }} + volumeMounts: + - name: volume + mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} + - name: systemyaml + mountPath: "/tmp/etc/system.yaml" + subPath: system.yaml + {{- if .Values.artifactory.customPersistentPodVolumeClaim }} + - name: "prepare-custom-persistent-volume" + image: "{{ .Values.initContainerImage }}" + command: + - 'sh' + - '-c' + - > + chown -Rv {{ .Values.artifactory.uid }}:{{ .Values.artifactory.uid }} {{ .Values.artifactory.customPersistentPodVolumeClaim.mountPath }} + securityContext: + runAsUser: 0 + resources: +{{ toYaml .Values.initContainers.resources | indent 10 }} + volumeMounts: + - name: {{ .Values.artifactory.customPersistentPodVolumeClaim.name }} + mountPath: {{ .Values.artifactory.customPersistentPodVolumeClaim.mountPath }} + {{- end }} + {{- if .Values.waitForDatabase }} + {{- if or .Values.postgresql.enabled }} + - name: "wait-for-db" + image: "{{ .Values.initContainerImage }}" + command: + - 'sh' + - '-c' + - > + until nc -z -w 2 {{ .Release.Name }}-postgresql {{ .Values.postgresql.service.port }} && echo database ok; do + sleep 2; + done; + resources: +{{ toYaml .Values.initContainers.resources | indent 10 }} + {{- end }} + {{- end }} + {{- if .Values.artifactory.customInitContainers }} +{{ tpl .Values.artifactory.customInitContainers . | indent 6 }} + {{- end }} +{{- if .Values.artifactory.migration.enabled }} + - name: 'migration-artifactory-ha' + image: '{{ .Values.artifactory.image.repository }}:{{ default .Chart.AppVersion .Values.artifactory.image.version }}' + imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} + securityContext: + allowPrivilegeEscalation: false + command: + - '/bin/bash' + - '-c' + - > + {{- if .Values.artifactory.migration.preStartCommand }} + echo "Running custom preStartCommand command"; + {{ tpl .Values.artifactory.migration.preStartCommand . }}; + {{- end }} + scriptsPath="/opt/jfrog/artifactory/app/bin"; + mkdir -p $scriptsPath; + echo "Copy migration scripts and Run migration"; + cp -fv /tmp/migrate.sh $scriptsPath/migrate.sh; + cp -fv /tmp/migrationHelmInfo.yaml $scriptsPath/migrationHelmInfo.yaml; + cp -fv /tmp/migrationStatus.sh $scriptsPath/migrationStatus.sh; + mkdir -p {{ .Values.artifactory.persistence.mountPath }}/log; + bash $scriptsPath/migrationStatus.sh {{ default .Chart.AppVersion .Values.artifactory.image.version }} {{ .Values.artifactory.migration.timeoutSeconds }} > >(tee {{ .Values.artifactory.persistence.mountPath }}/log/helm-migration.log) 2>&1; + resources: +{{ toYaml .Values.artifactory.node.resources | indent 10 }} + env: + {{- if or .Values.database.secrets.user .Values.database.user }} + - name: JF_SHARED_DATABASE_USERNAME + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.user }} + name: {{ tpl .Values.database.secrets.user.name . }} + key: {{ tpl .Values.database.secrets.user.key . }} + {{- else if .Values.database.user }} + name: {{ template "artifactory-ha.fullname" . }}-database-creds + key: db-user + {{- end }} + {{- end }} + {{ if or .Values.database.secrets.password .Values.database.password .Values.postgresql.enabled }} + - name: JF_SHARED_DATABASE_PASSWORD + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.password }} + name: {{ tpl .Values.database.secrets.password.name . }} + key: {{ tpl .Values.database.secrets.password.key . }} + {{- else if .Values.database.password }} + name: {{ template "artifactory-ha.fullname" . }}-database-creds + key: db-password + {{- else if .Values.postgresql.enabled }} + name: {{ .Release.Name }}-postgresql + key: postgresql-password + {{- end }} + {{- end }} + {{- if or .Values.database.secrets.url .Values.database.url }} + - name: JF_SHARED_DATABASE_URL + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.url }} + name: {{ tpl .Values.database.secrets.url.name . }} + key: {{ tpl .Values.database.secrets.url.key . }} + {{- else if .Values.database.url }} + name: {{ template "artifactory-ha.fullname" . }}-database-creds + key: db-url + {{- end }} + {{- end }} + - name: JF_SHARED_NODE_PRIMARY + value: "false" + - name: JF_SHARED_NODE_HAENABLED + value: "true" +{{- with .Values.artifactory.extraEnvironmentVariables }} +{{ tpl (toYaml .) $ | indent 8 }} +{{- end }} + volumeMounts: + - name: migration-scripts + mountPath: "/tmp/migrate.sh" + subPath: migrate.sh + - name: migration-scripts + mountPath: "/tmp/migrationHelmInfo.yaml" + subPath: migrationHelmInfo.yaml + - name: migration-scripts + mountPath: "/tmp/migrationStatus.sh" + subPath: migrationStatus.sh + - name: volume + mountPath: "{{ .Values.artifactory.persistence.mountPath }}" + {{- if eq .Values.artifactory.persistence.type "file-system" }} + {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} + {{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }} + - name: artifactory-ha-data-{{ $sharedClaimNumber }} + mountPath: "{{ tpl $.Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir $ }}/filestore{{ $sharedClaimNumber }}" + {{- end }} + - name: artifactory-ha-backup + mountPath: "{{ $.Values.artifactory.persistence.fileSystem.existingSharedClaim.backupDir }}" + {{- end }} + {{- end }} + {{- if .Values.artifactory.customVolumeMounts }} +{{ tpl .Values.artifactory.customVolumeMounts . | indent 8 }} + {{- end }} + {{- if eq .Values.artifactory.persistence.type "nfs" }} + - name: artifactory-ha-data + mountPath: "{{ .Values.artifactory.persistence.nfs.dataDir }}" + - name: artifactory-ha-backup + mountPath: "{{ .Values.artifactory.persistence.nfs.backupDir }}" + {{- else }} + {{- if .Values.artifactory.binarystore.enabled }} + - name: binarystore-xml + mountPath: "/artifactory_bootstrap/binarystore.xml" + subPath: binarystore.xml + {{- end }} + {{- end }} + {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} + - name: gcpcreds-json + mountPath: "/artifactory_bootstrap/gcp.credentials.json" + subPath: gcp.credentials.json + {{- end }} +{{- end }} + containers: + - name: {{ .Values.artifactory.name }} + image: '{{ .Values.artifactory.image.repository }}:{{ default .Chart.AppVersion .Values.artifactory.image.version }}' + imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} + securityContext: + allowPrivilegeEscalation: false + command: + - '/bin/bash' + - '-c' + - > + set -e; + {{- if .Values.artifactory.preStartCommand }} + echo "Running custom preStartCommand command"; + {{ tpl .Values.artifactory.preStartCommand . }}; + {{- end }} + {{- with .Values.artifactory.node.preStartCommand }} + echo "Running member node specific custom preStartCommand command"; + {{ tpl . $ }}; + {{- end }} + exec /entrypoint-artifactory.sh + lifecycle: + postStart: + exec: + command: + - '/bin/bash' + - '-c' + - > + echo; + {{- with .Values.artifactory.postStartCommand }} + {{ tpl . $ }} + {{- end }} + env: + {{- if or .Values.database.secrets.user .Values.database.user }} + - name: JF_SHARED_DATABASE_USERNAME + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.user }} + name: {{ tpl .Values.database.secrets.user.name . }} + key: {{ tpl .Values.database.secrets.user.key . }} + {{- else if .Values.database.user }} + name: {{ template "artifactory-ha.fullname" . }}-database-creds + key: db-user + {{- end }} + {{- end }} + {{ if or .Values.database.secrets.password .Values.database.password .Values.postgresql.enabled }} + - name: JF_SHARED_DATABASE_PASSWORD + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.password }} + name: {{ tpl .Values.database.secrets.password.name . }} + key: {{ tpl .Values.database.secrets.password.key . }} + {{- else if .Values.database.password }} + name: {{ template "artifactory-ha.fullname" . }}-database-creds + key: db-password + {{- else if .Values.postgresql.enabled }} + name: {{ .Release.Name }}-postgresql + key: postgresql-password + {{- end }} + {{- end }} + {{- if or .Values.database.secrets.url .Values.database.url }} + - name: JF_SHARED_DATABASE_URL + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.url }} + name: {{ tpl .Values.database.secrets.url.name . }} + key: {{ tpl .Values.database.secrets.url.key . }} + {{- else if .Values.database.url }} + name: {{ template "artifactory-ha.fullname" . }}-database-creds + key: db-url + {{- end }} + {{- end }} + - name: JF_SHARED_NODE_PRIMARY + value: "false" + - name: JF_SHARED_NODE_HAENABLED + value: "true" +{{- with .Values.artifactory.extraEnvironmentVariables }} +{{ tpl (toYaml .) $ | indent 8 }} +{{- end }} + ports: + - containerPort: {{ .Values.artifactory.internalPort }} + - containerPort: {{ .Values.artifactory.internalArtifactoryPort }} + {{- if .Values.artifactory.node.javaOpts.jmx.enabled }} + - containerPort: {{ .Values.artifactory.node.javaOpts.jmx.port }} + {{- end }} + {{- if .Values.artifactory.ssh.enabled }} + - containerPort: {{ .Values.artifactory.ssh.internalPort }} + {{- end }} + volumeMounts: + {{- if .Values.artifactory.customPersistentVolumeClaim }} + - name: {{ .Values.artifactory.customPersistentVolumeClaim.name }} + mountPath: {{ .Values.artifactory.customPersistentVolumeClaim.mountPath }} + {{- end }} + {{- if .Values.artifactory.customPersistentPodVolumeClaim }} + - name: {{ .Values.artifactory.customPersistentPodVolumeClaim.name }} + mountPath: {{ .Values.artifactory.customPersistentPodVolumeClaim.mountPath }} + {{- end }} + - name: volume + mountPath: "{{ .Values.artifactory.persistence.mountPath }}" + {{- if eq .Values.artifactory.persistence.type "file-system" }} + {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} + {{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }} + - name: artifactory-ha-data-{{ $sharedClaimNumber }} + mountPath: "{{ tpl $.Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir $ }}/filestore{{ $sharedClaimNumber }}" + {{- end }} + - name: artifactory-ha-backup + mountPath: "{{ $.Values.artifactory.persistence.fileSystem.existingSharedClaim.backupDir }}" + {{- end }} + {{- end }} + {{- if eq .Values.artifactory.persistence.type "nfs" }} + - name: artifactory-ha-data + mountPath: "{{ .Values.artifactory.persistence.nfs.dataDir }}" + - name: artifactory-ha-backup + mountPath: "{{ .Values.artifactory.persistence.nfs.backupDir }}" + {{- else }} + {{- if .Values.artifactory.binarystore.enabled }} + - name: binarystore-xml + mountPath: "/artifactory_bootstrap/binarystore.xml" + subPath: binarystore.xml + {{- end }} + {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} + - name: gcpcreds-json + mountPath: "/artifactory_bootstrap/gcp.credentials.json" + subPath: gcp.credentials.json + {{- end }} + {{- if .Values.artifactory.configMapName }} + - name: bootstrap-config + mountPath: "/bootstrap/" + {{- end }} + {{- if or .Values.artifactory.license.secret .Values.artifactory.license.licenseKey }} + - name: artifactory-license + mountPath: "/artifactory_bootstrap/artifactory.cluster.license" + {{- if .Values.artifactory.license.secret }} + subPath: {{ .Values.artifactory.license.dataKey }} + {{- else if .Values.artifactory.license.licenseKey }} + subPath: artifactory.lic + {{- end }} + {{- end }} + {{- end }} + - name: installer-info + mountPath: "/artifactory_bootstrap/info/installer-info.json" + subPath: installer-info.json + {{- if .Values.artifactory.customVolumeMounts }} +{{ tpl .Values.artifactory.customVolumeMounts . | indent 8 }} + {{- end }} + resources: +{{ toYaml .Values.artifactory.node.resources | indent 10 }} + {{- if .Values.artifactory.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.artifactory.readinessProbe.path }} + scheme: {{ include "artifactory-ha.scheme" . | upper }} + port: {{ .Values.artifactory.internalPort }} + initialDelaySeconds: {{ .Values.artifactory.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.artifactory.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.artifactory.readinessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.artifactory.readinessProbe.failureThreshold }} + successThreshold: {{ .Values.artifactory.readinessProbe.successThreshold }} + {{- end }} + {{- if .Values.artifactory.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.artifactory.livenessProbe.path }} + scheme: {{ include "artifactory-ha.scheme" . | upper }} + port: {{ .Values.artifactory.internalPort }} + initialDelaySeconds: {{ .Values.artifactory.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.artifactory.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.artifactory.livenessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.artifactory.livenessProbe.failureThreshold }} + successThreshold: {{ .Values.artifactory.livenessProbe.successThreshold }} + {{- end }} + {{- $image := .Values.logger.image.repository }} + {{- $tag := .Values.logger.image.tag }} + {{- $mountPath := .Values.artifactory.persistence.mountPath }} + {{- range .Values.artifactory.loggers }} + - name: {{ . | replace "_" "-" | replace "." "-" }} + image: '{{ $image }}:{{ $tag }}' + command: + - 'sh' + - '-c' + - 'sh /scripts/tail-log.sh {{ $mountPath }}/log {{ . }}' + volumeMounts: + - name: volume + mountPath: {{ $mountPath }} + - name: tail-logger-script + mountPath: /scripts/tail-log.sh + subPath: tail-log.sh + resources: +{{ toYaml $.Values.artifactory.loggersResources | indent 10 }} + {{- end }} + {{ if .Values.artifactory.catalinaLoggers }} + {{- range .Values.artifactory.catalinaLoggers }} + - name: {{ . | replace "_" "-" | replace "." "-" }} + image: '{{ $image }}:{{ $tag }}' + command: + - 'sh' + - '-c' + - 'sh /scripts/tail-log.sh {{ $mountPath }}/log/tomcat {{ . }}' + volumeMounts: + - name: volume + mountPath: {{ $mountPath }} + - name: tail-logger-script + mountPath: /scripts/tail-log.sh + subPath: tail-log.sh + resources: +{{ toYaml $.Values.artifactory.catalinaLoggersResources | indent 10 }} + {{- end }} + {{- end }} + {{- if .Values.filebeat.enabled }} + - name: {{ .Values.filebeat.name }} + image: "{{ .Values.filebeat.image.repository }}:{{ .Values.filebeat.image.version }}" + imagePullPolicy: {{ .Values.filebeat.image.pullPolicy }} + args: + - "-e" + - "-E" + - "http.enabled=true" + securityContext: + runAsUser: 0 + volumeMounts: + - name: filebeat-config + mountPath: /usr/share/filebeat/filebeat.yml + readOnly: true + subPath: filebeat.yml + - name: volume + mountPath: "{{ .Values.artifactory.persistence.mountPath }}" + livenessProbe: +{{ toYaml .Values.filebeat.livenessProbe | indent 10 }} + readinessProbe: +{{ toYaml .Values.filebeat.readinessProbe | indent 10 }} + resources: +{{ toYaml .Values.filebeat.resources | indent 10 }} + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriod }} + {{- end }} + {{- if .Values.artifactory.customSidecarContainers }} +{{ tpl .Values.artifactory.customSidecarContainers . | indent 6 }} + {{- end }} + {{- with .Values.artifactory.node.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- if .Values.artifactory.node.affinity }} + {{- with .Values.artifactory.node.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + {{- else if eq .Values.artifactory.node.podAntiAffinity.type "soft" }} + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + topologyKey: {{ .Values.artifactory.node.podAntiAffinity.topologyKey }} + labelSelector: + matchLabels: + app: {{ template "artifactory-ha.name" . }} + release: {{ .Release.Name }} + {{- if eq .Values.artifactory.service.pool "members" }} + role: {{ template "artifactory-ha.node.name" . }} + {{- end }} + {{- else if eq .Values.artifactory.node.podAntiAffinity.type "hard" }} + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - topologyKey: {{ .Values.artifactory.node.podAntiAffinity.topologyKey }} + labelSelector: + matchLabels: + app: {{ template "artifactory-ha.name" . }} + release: {{ .Release.Name }} + {{- if eq .Values.artifactory.service.pool "members" }} + role: {{ template "artifactory-ha.node.name" . }} + {{- end }} + {{- end }} + {{- with .Values.artifactory.node.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} + volumes: + {{- if .Values.artifactory.binarystore.enabled }} + - name: binarystore-xml + secret: + {{- if .Values.artifactory.persistence.customBinarystoreXmlSecret }} + secretName: {{ .Values.artifactory.persistence.customBinarystoreXmlSecret }} + {{- else }} + secretName: {{ template "artifactory-ha.fullname" . }}-binarystore + {{- end }} + {{- end }} + {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} + - name: gcpcreds-json + secret: + {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.customSecretName }} + secretName: {{ .Values.artifactory.persistence.googleStorage.gcpServiceAccount.customSecretName }} + {{- else }} + secretName: {{ template "artifactory-ha.fullname" . }}-gcpcreds + {{- end }} + {{- end }} + {{- if or .Values.artifactory.license.secret .Values.artifactory.license.licenseKey }} + - name: artifactory-license + secret: + {{- if .Values.artifactory.license.secret }} + secretName: {{ .Values.artifactory.license.secret }} + {{- else if .Values.artifactory.license.licenseKey }} + secretName: {{ template "artifactory-ha.fullname" . }}-license + {{- end }} + {{- end }} +{{- if .Values.artifactory.migration.enabled }} + - name: migration-scripts + configMap: + name: {{ template "artifactory-ha.fullname" . }}-migration-scripts +{{- end }} + - name: installer-info + configMap: + name: {{ template "artifactory-ha.fullname" . }}-installer-info + {{- if .Values.artifactory.configMapName }} + - name: bootstrap-config + configMap: + name: {{ .Values.artifactory.configMapName }} + {{- end}} + {{- if or .Values.artifactory.loggers .Values.artifactory.catalinaLoggers }} + - name: tail-logger-script + configMap: + name: {{ template "artifactory-ha.fullname" . }}-logger + {{- end }} + {{- if .Values.artifactory.configMaps }} + - name: artifactory-configmaps + configMap: + name: {{ template "artifactory-ha.fullname" . }}-configmaps + {{- end }} + {{- if eq .Values.artifactory.persistence.type "file-system" }} + {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} + {{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }} + - name: artifactory-ha-data-{{ $sharedClaimNumber }} + persistentVolumeClaim: + claimName: {{ template "artifactory-ha.fullname" $ }}-data-pvc-{{ $sharedClaimNumber }} + {{- end }} + - name: artifactory-ha-backup + persistentVolumeClaim: + claimName: {{ template "artifactory-ha.fullname" $ }}-backup-pvc + {{- end }} + {{- end }} + {{- if eq .Values.artifactory.persistence.type "nfs" }} + - name: artifactory-ha-data + persistentVolumeClaim: + claimName: {{ template "artifactory-ha.fullname" . }}-data-pvc + - name: artifactory-ha-backup + persistentVolumeClaim: + claimName: {{ template "artifactory-ha.fullname" . }}-backup-pvc + {{- end }} + - name: systemyaml + secret: + secretName: {{ template "artifactory-ha.primary.name" . }}-system-yaml + {{- if .Values.artifactory.customPersistentVolumeClaim }} + - name: {{ .Values.artifactory.customPersistentVolumeClaim.name }} + persistentVolumeClaim: + claimName: {{ .Values.artifactory.customPersistentVolumeClaim.name }} + {{- end }} + {{- if .Values.filebeat.enabled }} + - name: filebeat-config + configMap: + name: {{ template "artifactory-ha.fullname" . }}-filebeat-config + {{- end }} + {{- if .Values.artifactory.customVolumes }} +{{ tpl .Values.artifactory.customVolumes . | indent 6 }} + {{- end }} + {{- if not .Values.artifactory.persistence.enabled }} + - name: volume + emptyDir: + sizeLimit: {{ .Values.artifactory.persistence.size }} + {{- end }} + volumeClaimTemplates: + {{- if .Values.artifactory.persistence.enabled }} + - metadata: + name: volume + {{- if not .Values.artifactory.node.persistence.existingClaim }} + spec: + {{- if .Values.artifactory.persistence.storageClassName }} + {{- if (eq "-" .Values.artifactory.persistence.storageClassName) }} + storageClassName: "" + {{- else }} + storageClassName: "{{ .Values.artifactory.persistence.storageClassName }}" + {{- end }} + {{- end }} + accessModes: [ "{{ .Values.artifactory.persistence.accessMode }}" ] + resources: + requests: + storage: {{ .Values.artifactory.persistence.size }} + {{- end }} + {{- end }} + {{- if .Values.artifactory.customPersistentPodVolumeClaim }} + - metadata: + name: {{ .Values.artifactory.customPersistentPodVolumeClaim.name }} + spec: + {{- if .Values.artifactory.customPersistentPodVolumeClaim.storageClassName }} + {{- if (eq "-" .Values.artifactory.customPersistentPodVolumeClaim.storageClassName) }} + storageClassName: "" + {{- else }} + storageClassName: "{{ .Values.artifactory.customPersistentPodVolumeClaim.storageClassName }}" + {{- end }} + {{- end }} + accessModes: + {{- range .Values.artifactory.customPersistentPodVolumeClaim.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.artifactory.customPersistentPodVolumeClaim.size }} + {{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-primary-statefulset.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-primary-statefulset.yaml new file mode 100644 index 000000000..9de929da2 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-primary-statefulset.yaml @@ -0,0 +1,835 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ template "artifactory-ha.primary.name" . }} + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + component: {{ .Values.artifactory.name }} + version: {{ default .Chart.AppVersion .Values.artifactory.image.version }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +{{- with .Values.artifactory.primary.labels }} +{{ toYaml . | indent 4 }} +{{- end }} +{{- if and .Release.IsUpgrade .Values.postgresql.enabled }} + databaseUpgradeReady: {{ required "\n\n*********\nIMPORTANT: UPGRADE STOPPED to prevent data loss!\nReview CHANGELOG.md (https://github.com/jfrog/charts/blob/master/stable/artifactory/CHANGELOG.md), pass postgresql.image.tag=9.6.18-debian-10-r7 and databaseUpgradeReady=true if you are upgrading from chart version which has postgresql version 9.6.x." .Values.databaseUpgradeReady | quote }} +{{- end }} +spec: + serviceName: {{ template "artifactory-ha.primary.name" . }} + replicas: 1 + updateStrategy: + type: RollingUpdate + selector: + matchLabels: + app: {{ template "artifactory-ha.name" . }} + role: {{ template "artifactory-ha.primary.name" . }} + release: {{ .Release.Name }} + template: + metadata: + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + role: {{ template "artifactory-ha.primary.name" . }} + component: {{ .Values.artifactory.name }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + {{- with .Values.artifactory.primary.labels }} +{{ toYaml . | indent 8 }} + {{- end }} + annotations: + checksum/binarystore: {{ include (print $.Template.BasePath "/artifactory-binarystore-secret.yaml") . | sha256sum }} + checksum/systemyaml: {{ include (print $.Template.BasePath "/artifactory-system-yaml.yaml") . | sha256sum }} + {{- if .Values.access.accessConfig }} + checksum/access-config: {{ include (print $.Template.BasePath "/artifactory-access-config.yaml") . | sha256sum }} + {{- end }} + {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} + checksum/gcpcredentials: {{ include (print $.Template.BasePath "/artifactory-gcp-credentials-secret.yaml") . | sha256sum }} + {{- end }} + {{- if not (and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey) }} + checksum/admin-creds: {{ include (print $.Template.BasePath "/admin-bootstrap-creds.yaml") . | sha256sum }} + {{- end }} + {{- range $key, $value := .Values.artifactory.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + spec: + {{- if .Values.artifactory.priorityClass.existingPriorityClass }} + priorityClassName: {{ .Values.artifactory.priorityClass.existingPriorityClass }} + {{- else -}} + {{- if .Values.artifactory.priorityClass.create }} + priorityClassName: {{ default (include "artifactory-ha.fullname" .) .Values.artifactory.priorityClass.name }} + {{- end }} + {{- end }} + serviceAccountName: {{ template "artifactory-ha.serviceAccountName" . }} + terminationGracePeriodSeconds: {{ .Values.artifactory.terminationGracePeriodSeconds }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: + - name: {{ .Values.imagePullSecrets }} + {{- end }} + securityContext: + runAsUser: {{ .Values.artifactory.uid }} + fsGroup: {{ .Values.artifactory.uid }} + initContainers: + {{- if .Values.artifactory.customInitContainersBegin }} +{{ tpl .Values.artifactory.customInitContainersBegin . | indent 6 }} + {{- end }} + {{- if .Values.artifactory.persistence.enabled }} + {{- if eq .Values.artifactory.persistence.type "file-system" }} + {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} + - name: "create-artifactory-data-dir" + image: "{{ .Values.initContainerImage }}" + imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} + resources: +{{ toYaml .Values.initContainers.resources | indent 10 }} + command: + - 'sh' + - '-c' + - > + mkdir -p {{ tpl .Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir . }}; + volumeMounts: + - mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} + name: volume + {{- end }} + {{- end }} + {{- if .Values.artifactory.deleteDBPropertiesOnStartup }} + - name: "delete-db-properties" + image: "{{ .Values.initContainerImage }}" + imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} + resources: +{{ toYaml .Values.initContainers.resources | indent 10 }} + command: + - 'sh' + - '-c' + - 'rm -fv {{ .Values.artifactory.persistence.mountPath }}/etc/db.properties' + volumeMounts: + - mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} + name: volume + {{- end }} + - name: "remove-lost-found" + image: "{{ .Values.initContainerImage }}" + imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} + resources: +{{ toYaml .Values.initContainers.resources | indent 10 }} + command: + - 'sh' + - '-c' + - > + rm -rfv {{ .Values.artifactory.persistence.mountPath }}/lost+found; + rm -rfv {{ tpl .Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir . }}/lost+found; + rm -rfv {{ .Values.artifactory.persistence.fileSystem.existingSharedClaim.backupDir }}/lost+found; + volumeMounts: + - name: volume + mountPath: "{{ .Values.artifactory.persistence.mountPath }}" + {{- if eq .Values.artifactory.persistence.type "file-system" }} + {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} + {{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }} + - name: artifactory-ha-data-{{ $sharedClaimNumber }} + mountPath: "{{ tpl $.Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir $ }}/filestore{{ $sharedClaimNumber }}" + {{- end }} + - name: artifactory-ha-backup + mountPath: "{{ $.Values.artifactory.persistence.fileSystem.existingSharedClaim.backupDir }}" + {{- end }} + {{- end }} + {{- if or (and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey) .Values.artifactory.admin.password }} + - name: "access-bootstrap-creds" + image: "{{ .Values.initContainerImage }}" + imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} + resources: +{{ toYaml .Values.initContainers.resources | indent 10 }} + command: + - 'sh' + - '-c' + - > + echo "Preparing {{ .Values.artifactory.persistence.mountPath }}/etc/access/bootstrap.creds"; + mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/access; + cp -Lrf /tmp/access/bootstrap.creds {{ .Values.artifactory.persistence.mountPath }}/etc/access/bootstrap.creds; + chmod 600 {{ .Values.artifactory.persistence.mountPath }}/etc/access/bootstrap.creds; + volumeMounts: + - name: volume + mountPath: "{{ .Values.artifactory.persistence.mountPath }}" + - name: access-bootstrap-creds + mountPath: "/tmp/access/bootstrap.creds" + {{- if and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey }} + subPath: {{ .Values.artifactory.admin.dataKey }} + {{- else }} + subPath: bootstrap.creds + {{- end }} + {{- end }} + {{- end }} + - name: 'copy-system-yaml' + image: '{{ .Values.initContainerImage }}' + resources: +{{ toYaml .Values.initContainers.resources | indent 10 }} + command: + - '/bin/sh' + - '-c' + - > + echo "Copy system.yaml to {{ .Values.artifactory.persistence.mountPath }}/etc"; + mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc; + mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/access/keys/trusted; + cp -fv /tmp/etc/system.yaml {{ .Values.artifactory.persistence.mountPath }}/etc/system.yaml; + echo "Remove {{ .Values.artifactory.persistence.mountPath }}/lost+found folder if exists"; + rm -rfv {{ .Values.artifactory.persistence.mountPath }}/lost+found; + {{- if .Values.access.accessConfig }} + echo "Copy access.config.latest.yml to {{ .Values.artifactory.persistence.mountPath }}/etc"; + mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/access; + cp -fv /tmp/etc/access.config.import.yml {{ .Values.artifactory.persistence.mountPath }}/etc/access/access.config.import.yml; + {{- end }} + {{- if .Values.access.resetAccessCAKeys }} + echo "Resetting Access CA Keys"; + mkdir -p {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys; + touch {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys/reset_ca_keys; + {{- end }} + {{- if .Values.access.customCertificatesSecretName }} + echo "Copying custom certificates to {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys"; + mkdir -p {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys; + cp -fv /tmp/etc/tls.crt {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys/ca.crt; + cp -fv /tmp/etc/tls.key {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys/ca.private.key; + {{- end }} + {{- if or .Values.artifactory.joinKey .Values.artifactory.joinKeySecretName }} + echo "Copy joinKey to {{ .Values.artifactory.persistence.mountPath }}/bootstrap/access/etc/security"; + mkdir -p {{ .Values.artifactory.persistence.mountPath }}/bootstrap/access/etc/security; + echo -n ${ARTIFACTORY_JOIN_KEY} > {{ .Values.artifactory.persistence.mountPath }}/bootstrap/access/etc/security/join.key; + {{- end }} + {{- if or .Values.artifactory.masterKey .Values.artifactory.masterKeySecretName }} + echo "Copy masterKey to {{ .Values.artifactory.persistence.mountPath }}/etc/security"; + mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/security; + echo -n ${ARTIFACTORY_MASTER_KEY} > {{ .Values.artifactory.persistence.mountPath }}/etc/security/master.key; + {{- end }} + env: + {{- if or .Values.artifactory.joinKey .Values.artifactory.joinKeySecretName}} + - name: ARTIFACTORY_JOIN_KEY + valueFrom: + secretKeyRef: + name: "{{ .Values.artifactory.joinKeySecretName | default (include "artifactory-ha.fullname" .) }}" + key: join-key + {{- end }} + {{- if or .Values.artifactory.masterKey .Values.artifactory.masterKeySecretName }} + - name: ARTIFACTORY_MASTER_KEY + valueFrom: + secretKeyRef: + name: "{{ .Values.artifactory.masterKeySecretName | default (include "artifactory-ha.fullname" .) }}" + key: master-key + {{- end }} + volumeMounts: + - name: volume + mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} + - name: systemyaml + mountPath: "/tmp/etc/system.yaml" + subPath: system.yaml + {{- if .Values.access.accessConfig }} + - name: access-config + mountPath: "/tmp/etc/access.config.import.yml" + subPath: access.config.import.yml + {{- end }} + {{- if .Values.access.customCertificatesSecretName }} + - name: access-certs + mountPath: "/tmp/etc/tls.crt" + subPath: tls.crt + - name: access-certs + mountPath: "/tmp/etc/tls.key" + subPath: tls.key + {{- end }} + {{- if .Values.artifactory.customPersistentPodVolumeClaim }} + - name: "prepare-custom-persistent-volume" + image: "{{ .Values.initContainerImage }}" + resources: +{{ toYaml .Values.initContainers.resources | indent 10 }} + command: + - 'sh' + - '-c' + - > + chown -Rv {{ .Values.artifactory.uid }}:{{ .Values.artifactory.uid }} {{ .Values.artifactory.customPersistentPodVolumeClaim.mountPath }} + securityContext: + runAsUser: 0 + resources: +{{ toYaml .Values.initContainers.resources | indent 10 }} + volumeMounts: + - name: {{ .Values.artifactory.customPersistentPodVolumeClaim.name }} + mountPath: {{ .Values.artifactory.customPersistentPodVolumeClaim.mountPath }} + {{- end }} + {{- if .Values.waitForDatabase }} + {{- if or .Values.postgresql.enabled }} + - name: "wait-for-db" + image: "{{ .Values.initContainerImage }}" + command: + - 'sh' + - '-c' + - > + until nc -z -w 2 {{ .Release.Name }}-postgresql {{ .Values.postgresql.service.port }} && echo database ok; do + sleep 2; + done; + resources: +{{ toYaml .Values.initContainers.resources | indent 10 }} + {{- end }} + {{- end }} + {{- if .Values.artifactory.customInitContainers }} +{{ tpl .Values.artifactory.customInitContainers . | indent 6 }} + {{- end }} +{{- if .Values.artifactory.migration.enabled }} + - name: 'migration-artifactory-ha' + image: '{{ .Values.artifactory.image.repository }}:{{ default .Chart.AppVersion .Values.artifactory.image.version }}' + imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} + resources: +{{ toYaml .Values.artifactory.primary.resources | indent 10 }} + securityContext: + allowPrivilegeEscalation: false + command: + - '/bin/bash' + - '-c' + - > + {{- if .Values.artifactory.migration.preStartCommand }} + echo "Running custom preStartCommand command"; + {{ tpl .Values.artifactory.migration.preStartCommand . }}; + {{- end }} + scriptsPath="/opt/jfrog/artifactory/app/bin"; + mkdir -p $scriptsPath; + echo "Copy migration scripts and Run migration"; + cp -fv /tmp/migrate.sh $scriptsPath/migrate.sh; + cp -fv /tmp/migrationHelmInfo.yaml $scriptsPath/migrationHelmInfo.yaml; + cp -fv /tmp/migrationStatus.sh $scriptsPath/migrationStatus.sh; + mkdir -p {{ .Values.artifactory.persistence.mountPath }}/log; + bash $scriptsPath/migrationStatus.sh {{ default .Chart.AppVersion .Values.artifactory.image.version }} {{ .Values.artifactory.migration.timeoutSeconds }} > >(tee {{ .Values.artifactory.persistence.mountPath }}/log/helm-migration.log) 2>&1; + env: + {{- if or .Values.database.secrets.user .Values.database.user }} + - name: JF_SHARED_DATABASE_USERNAME + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.user }} + name: {{ tpl .Values.database.secrets.user.name . }} + key: {{ tpl .Values.database.secrets.user.key . }} + {{- else if .Values.database.user }} + name: {{ template "artifactory-ha.fullname" . }}-database-creds + key: db-user + {{- end }} + {{- end }} + {{ if or .Values.database.secrets.password .Values.database.password .Values.postgresql.enabled }} + - name: JF_SHARED_DATABASE_PASSWORD + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.password }} + name: {{ tpl .Values.database.secrets.password.name . }} + key: {{ tpl .Values.database.secrets.password.key . }} + {{- else if .Values.database.password }} + name: {{ template "artifactory-ha.fullname" . }}-database-creds + key: db-password + {{- else if .Values.postgresql.enabled }} + name: {{ .Release.Name }}-postgresql + key: postgresql-password + {{- end }} + {{- end }} + {{- if or .Values.database.secrets.url .Values.database.url }} + - name: JF_SHARED_DATABASE_URL + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.url }} + name: {{ tpl .Values.database.secrets.url.name . }} + key: {{ tpl .Values.database.secrets.url.key . }} + {{- else if .Values.database.url }} + name: {{ template "artifactory-ha.fullname" . }}-database-creds + key: db-url + {{- end }} + {{- end }} + - name: JF_SHARED_NODE_PRIMARY + value: "true" + - name: JF_SHARED_NODE_HAENABLED + value: "true" +{{- with .Values.artifactory.extraEnvironmentVariables }} +{{ tpl (toYaml .) $ | indent 8 }} +{{- end }} + volumeMounts: + - name: migration-scripts + mountPath: "/tmp/migrate.sh" + subPath: migrate.sh + - name: migration-scripts + mountPath: "/tmp/migrationHelmInfo.yaml" + subPath: migrationHelmInfo.yaml + - name: migration-scripts + mountPath: "/tmp/migrationStatus.sh" + subPath: migrationStatus.sh + - name: volume + mountPath: "{{ .Values.artifactory.persistence.mountPath }}" + {{- if eq .Values.artifactory.persistence.type "file-system" }} + {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} + {{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }} + - name: artifactory-ha-data-{{ $sharedClaimNumber }} + mountPath: "{{ tpl $.Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir $ }}/filestore{{ $sharedClaimNumber }}" + {{- end }} + - name: artifactory-ha-backup + mountPath: "{{ $.Values.artifactory.persistence.fileSystem.existingSharedClaim.backupDir }}" + {{- end }} + {{- end }} + {{- if .Values.artifactory.customVolumeMounts }} +{{ tpl .Values.artifactory.customVolumeMounts . | indent 8 }} + {{- end }} + {{- if eq .Values.artifactory.persistence.type "nfs" }} + - name: artifactory-ha-data + mountPath: "{{ .Values.artifactory.persistence.nfs.dataDir }}" + - name: artifactory-ha-backup + mountPath: "{{ .Values.artifactory.persistence.nfs.backupDir }}" + {{- else }} + {{- if .Values.artifactory.binarystore.enabled }} + - name: binarystore-xml + mountPath: "/artifactory_bootstrap/binarystore.xml" + subPath: binarystore.xml + {{- end }} + {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} + - name: gcpcreds-json + mountPath: "/artifactory_bootstrap/gcp.credentials.json" + subPath: gcp.credentials.json + {{- end }} + {{- end }} +{{- end }} + containers: + - name: {{ .Values.artifactory.name }} + image: '{{ .Values.artifactory.image.repository }}:{{ default .Chart.AppVersion .Values.artifactory.image.version }}' + imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} + securityContext: + allowPrivilegeEscalation: false + command: + - '/bin/bash' + - '-c' + - > + set -e; + if [ -d /artifactory_extra_conf ] && [ -d /artifactory_bootstrap ]; then + echo "Copying bootstrap config from /artifactory_extra_conf to /artifactory_bootstrap"; + cp -Lrfv /artifactory_extra_conf/ /artifactory_bootstrap/; + fi; + {{- if .Values.artifactory.configMapName }} + echo "Copying bootstrap configs"; + cp -Lrf /bootstrap/* /artifactory_bootstrap/; + {{- end }} + {{- if .Values.artifactory.userPluginSecrets }} + echo "Copying plugins"; + cp -Lrf /tmp/plugin/*/* /artifactory_bootstrap/plugins; + {{- end }} + {{- range .Values.artifactory.copyOnEveryStartup }} + {{- $targetPath := printf "%s/%s" $.Values.artifactory.persistence.mountPath .target }} + {{- $baseDirectory := regexFind ".*/" $targetPath }} + mkdir -p {{ $baseDirectory }}; + cp -Lrf {{ .source }} {{ $.Values.artifactory.persistence.mountPath }}/{{ .target }}; + {{- end }} + {{- with .Values.artifactory.preStartCommand }} + echo "Running custom preStartCommand command"; + {{ tpl . $ }}; + {{- end }} + {{- with .Values.artifactory.primary.preStartCommand }} + echo "Running primary specific custom preStartCommand command"; + {{ tpl . $ }}; + {{- end }} + exec /entrypoint-artifactory.sh + lifecycle: + postStart: + exec: + command: + - '/bin/bash' + - '-c' + - > + echo; + {{- with .Values.artifactory.postStartCommand }} + {{ tpl . $ }} + {{- end }} + env: + {{- if or .Values.database.secrets.user .Values.database.user }} + - name: JF_SHARED_DATABASE_USERNAME + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.user }} + name: {{ tpl .Values.database.secrets.user.name . }} + key: {{ tpl .Values.database.secrets.user.key . }} + {{- else if .Values.database.user }} + name: {{ template "artifactory-ha.fullname" . }}-database-creds + key: db-user + {{- end }} + {{- end }} + {{ if or .Values.database.secrets.password .Values.database.password .Values.postgresql.enabled }} + - name: JF_SHARED_DATABASE_PASSWORD + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.password }} + name: {{ tpl .Values.database.secrets.password.name . }} + key: {{ tpl .Values.database.secrets.password.key . }} + {{- else if .Values.database.password }} + name: {{ template "artifactory-ha.fullname" . }}-database-creds + key: db-password + {{- else if .Values.postgresql.enabled }} + name: {{ .Release.Name }}-postgresql + key: postgresql-password + {{- end }} + {{- end }} + {{- if or .Values.database.secrets.url .Values.database.url }} + - name: JF_SHARED_DATABASE_URL + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.url }} + name: {{ tpl .Values.database.secrets.url.name . }} + key: {{ tpl .Values.database.secrets.url.key . }} + {{- else if .Values.database.url }} + name: {{ template "artifactory-ha.fullname" . }}-database-creds + key: db-url + {{- end }} + {{- end }} + - name: JF_SHARED_NODE_PRIMARY + value: "true" + - name: JF_SHARED_NODE_HAENABLED + value: "true" +{{- with .Values.artifactory.extraEnvironmentVariables }} +{{ tpl (toYaml .) $ | indent 8 }} +{{- end }} + ports: + - containerPort: {{ .Values.artifactory.internalPort }} + - containerPort: {{ .Values.artifactory.internalArtifactoryPort }} + {{- if .Values.artifactory.primary.javaOpts.jmx.enabled }} + - containerPort: {{ .Values.artifactory.primary.javaOpts.jmx.port }} + {{- end }} + {{- if .Values.artifactory.ssh.enabled }} + - containerPort: {{ .Values.artifactory.ssh.internalPort }} + {{- end }} + volumeMounts: + {{- if .Values.artifactory.customPersistentVolumeClaim }} + - name: {{ .Values.artifactory.customPersistentVolumeClaim.name }} + mountPath: {{ .Values.artifactory.customPersistentVolumeClaim.mountPath }} + {{- end }} + {{- if .Values.artifactory.customPersistentPodVolumeClaim }} + - name: {{ .Values.artifactory.customPersistentPodVolumeClaim.name }} + mountPath: {{ .Values.artifactory.customPersistentPodVolumeClaim.mountPath }} + {{- end }} + {{- if .Values.artifactory.userPluginSecrets }} + - name: bootstrap-plugins + mountPath: "/artifactory_bootstrap/plugins/" + {{- range .Values.artifactory.userPluginSecrets }} + - name: {{ tpl . $ }} + mountPath: "/tmp/plugin/{{ tpl . $ }}" + {{- end }} + {{- end }} + - name: volume + mountPath: "{{ .Values.artifactory.persistence.mountPath }}" + {{- if eq .Values.artifactory.persistence.type "file-system" }} + {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} + {{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }} + - name: artifactory-ha-data-{{ $sharedClaimNumber }} + mountPath: "{{ tpl $.Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir $ }}/filestore{{ $sharedClaimNumber }}" + {{- end }} + - name: artifactory-ha-backup + mountPath: "{{ $.Values.artifactory.persistence.fileSystem.existingSharedClaim.backupDir }}" + {{- end }} + {{- end }} + {{- if eq .Values.artifactory.persistence.type "nfs" }} + - name: artifactory-ha-data + mountPath: "{{ .Values.artifactory.persistence.nfs.dataDir }}" + - name: artifactory-ha-backup + mountPath: "{{ .Values.artifactory.persistence.nfs.backupDir }}" + {{- else }} + {{- if .Values.artifactory.binarystore.enabled }} + - name: binarystore-xml + mountPath: "/artifactory_bootstrap/binarystore.xml" + subPath: binarystore.xml + {{- end }} + {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} + - name: gcpcreds-json + mountPath: "/artifactory_bootstrap/gcp.credentials.json" + subPath: gcp.credentials.json + {{- end }} + {{- end }} + {{- if .Values.artifactory.configMapName }} + - name: bootstrap-config + mountPath: "/bootstrap/" + {{- end }} + {{- if or .Values.artifactory.license.secret .Values.artifactory.license.licenseKey }} + - name: artifactory-license + mountPath: "/artifactory_bootstrap/artifactory.cluster.license" + {{- if .Values.artifactory.license.secret }} + subPath: {{ .Values.artifactory.license.dataKey }} + {{- else if .Values.artifactory.license.licenseKey }} + subPath: artifactory.lic + {{- end }} + {{- end }} + - name: installer-info + mountPath: "/artifactory_bootstrap/info/installer-info.json" + subPath: installer-info.json + {{- if .Values.artifactory.customVolumeMounts }} +{{ tpl .Values.artifactory.customVolumeMounts . | indent 8 }} + {{- end }} + resources: +{{ toYaml .Values.artifactory.primary.resources | indent 10 }} + {{- if .Values.artifactory.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.artifactory.readinessProbe.path }} + scheme: {{ include "artifactory-ha.scheme" . | upper }} + port: {{ .Values.artifactory.internalPort }} + initialDelaySeconds: {{ .Values.artifactory.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.artifactory.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.artifactory.readinessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.artifactory.readinessProbe.failureThreshold }} + successThreshold: {{ .Values.artifactory.readinessProbe.successThreshold }} + {{- end }} + {{- if .Values.artifactory.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.artifactory.livenessProbe.path }} + scheme: {{ include "artifactory-ha.scheme" . | upper }} + port: {{ .Values.artifactory.internalPort }} + initialDelaySeconds: {{ .Values.artifactory.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.artifactory.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.artifactory.livenessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.artifactory.livenessProbe.failureThreshold }} + successThreshold: {{ .Values.artifactory.livenessProbe.successThreshold }} + {{- end }} + {{- $image := .Values.logger.image.repository }} + {{- $tag := .Values.logger.image.tag }} + {{- $mountPath := .Values.artifactory.persistence.mountPath }} + {{- range .Values.artifactory.loggers }} + - name: {{ . | replace "_" "-" | replace "." "-" }} + image: '{{ $image }}:{{ $tag }}' + command: + - 'sh' + - '-c' + - 'sh /scripts/tail-log.sh {{ $mountPath }}/log {{ . }}' + volumeMounts: + - name: volume + mountPath: {{ $mountPath }} + - name: tail-logger-script + mountPath: /scripts/tail-log.sh + subPath: tail-log.sh + resources: +{{ toYaml $.Values.artifactory.loggersResources | indent 10 }} + {{- end }} + {{ if .Values.artifactory.catalinaLoggers }} + {{- range .Values.artifactory.catalinaLoggers }} + - name: {{ . | replace "_" "-" | replace "." "-" }} + image: '{{ $image }}:{{ $tag }}' + command: + - 'sh' + - '-c' + - 'sh /scripts/tail-log.sh {{ $mountPath }}/log/tomcat {{ . }}' + volumeMounts: + - name: volume + mountPath: {{ $mountPath }} + - name: tail-logger-script + mountPath: /scripts/tail-log.sh + subPath: tail-log.sh + resources: +{{ toYaml $.Values.artifactory.catalinaLoggersResources | indent 10 }} + {{- end }} + {{- end }} + {{- if .Values.filebeat.enabled }} + - name: {{ .Values.filebeat.name }} + image: "{{ .Values.filebeat.image.repository }}:{{ .Values.filebeat.image.version }}" + imagePullPolicy: {{ .Values.filebeat.image.pullPolicy }} + args: + - "-e" + - "-E" + - "http.enabled=true" + securityContext: + runAsUser: 0 + volumeMounts: + - name: filebeat-config + mountPath: /usr/share/filebeat/filebeat.yml + readOnly: true + subPath: filebeat.yml + - name: volume + mountPath: "{{ .Values.artifactory.persistence.mountPath }}" + livenessProbe: +{{ toYaml .Values.filebeat.livenessProbe | indent 10 }} + readinessProbe: +{{ toYaml .Values.filebeat.readinessProbe | indent 10 }} + resources: +{{ toYaml .Values.filebeat.resources | indent 10 }} + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriod }} + {{- end }} + {{- if .Values.artifactory.customSidecarContainers }} +{{ tpl .Values.artifactory.customSidecarContainers . | indent 6 }} + {{- end }} + {{- with .Values.artifactory.primary.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- if .Values.artifactory.primary.affinity }} + {{- with .Values.artifactory.primary.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + {{- else if eq .Values.artifactory.primary.podAntiAffinity.type "soft" }} + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + topologyKey: {{ .Values.artifactory.primary.podAntiAffinity.topologyKey }} + labelSelector: + matchLabels: + app: {{ template "artifactory-ha.name" . }} + release: {{ .Release.Name }} + {{- else if eq .Values.artifactory.primary.podAntiAffinity.type "hard" }} + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - topologyKey: {{ .Values.artifactory.primary.podAntiAffinity.topologyKey }} + labelSelector: + matchLabels: + app: {{ template "artifactory-ha.name" . }} + release: {{ .Release.Name }} + {{- end }} + {{- with .Values.artifactory.primary.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} + volumes: + {{- if .Values.artifactory.binarystore.enabled }} + - name: binarystore-xml + secret: + {{- if .Values.artifactory.persistence.customBinarystoreXmlSecret }} + secretName: {{ .Values.artifactory.persistence.customBinarystoreXmlSecret }} + {{- else }} + secretName: {{ template "artifactory-ha.fullname" . }}-binarystore + {{- end }} + {{- end }} + {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} + - name: gcpcreds-json + secret: + {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.customSecretName }} + secretName: {{ .Values.artifactory.persistence.googleStorage.gcpServiceAccount.customSecretName }} + {{- else }} + secretName: {{ template "artifactory-ha.fullname" . }}-gcpcreds + {{- end }} + {{- end }} + {{- if or .Values.artifactory.license.secret .Values.artifactory.license.licenseKey }} + - name: artifactory-license + secret: + {{- if .Values.artifactory.license.secret }} + secretName: {{ .Values.artifactory.license.secret }} + {{- else if .Values.artifactory.license.licenseKey }} + secretName: {{ template "artifactory-ha.fullname" . }}-license + {{- end }} + {{- end }} +{{- if .Values.artifactory.migration.enabled }} + - name: migration-scripts + configMap: + name: {{ template "artifactory-ha.fullname" . }}-migration-scripts +{{- end }} + - name: installer-info + configMap: + name: {{ template "artifactory-ha.fullname" . }}-installer-info + {{- if .Values.artifactory.userPluginSecrets }} + - name: bootstrap-plugins + emptyDir: {} + {{- range .Values.artifactory.userPluginSecrets }} + - name: {{ tpl . $ }} + secret: + secretName: {{ tpl . $ }} + {{- end }} + {{- end }} + {{- if .Values.artifactory.configMapName }} + - name: bootstrap-config + configMap: + name: {{ .Values.artifactory.configMapName }} + {{- end}} + {{- if or .Values.artifactory.loggers .Values.artifactory.catalinaLoggers }} + - name: tail-logger-script + configMap: + name: {{ template "artifactory-ha.fullname" . }}-logger + {{- end }} + {{- if .Values.artifactory.configMaps }} + - name: artifactory-configmaps + configMap: + name: {{ template "artifactory-ha.fullname" . }}-configmaps + {{- end }} + {{- if or (and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey) .Values.artifactory.admin.password }} + - name: access-bootstrap-creds + secret: + {{- if and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey }} + secretName: {{ .Values.artifactory.admin.secret }} + {{- else }} + secretName: {{ template "artifactory-ha.fullname" . }}-bootstrap-creds + {{- end }} + {{- end }} + {{- if eq .Values.artifactory.persistence.type "file-system" }} + {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} + {{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }} + - name: artifactory-ha-data-{{ $sharedClaimNumber }} + persistentVolumeClaim: + claimName: {{ template "artifactory-ha.fullname" $ }}-data-pvc-{{ $sharedClaimNumber }} + {{- end }} + - name: artifactory-ha-backup + persistentVolumeClaim: + claimName: {{ template "artifactory-ha.fullname" $ }}-backup-pvc + {{- end }} + {{- end }} + {{- if eq .Values.artifactory.persistence.type "nfs" }} + - name: artifactory-ha-data + persistentVolumeClaim: + claimName: {{ template "artifactory-ha.fullname" . }}-data-pvc + - name: artifactory-ha-backup + persistentVolumeClaim: + claimName: {{ template "artifactory-ha.fullname" . }}-backup-pvc + {{- end }} + - name: systemyaml + secret: + secretName: {{ template "artifactory-ha.primary.name" . }}-system-yaml + {{- if .Values.access.accessConfig }} + - name: access-config + secret: + secretName: {{ template "artifactory-ha.fullname" . }}-access-config + {{- end }} + {{- if .Values.access.customCertificatesSecretName }} + - name: access-certs + secret: + secretName: {{ .Values.access.customCertificatesSecretName }} + {{- end }} + {{- if .Values.artifactory.customPersistentVolumeClaim }} + - name: {{ .Values.artifactory.customPersistentVolumeClaim.name }} + persistentVolumeClaim: + claimName: {{ .Values.artifactory.customPersistentVolumeClaim.name }} + {{- end }} + {{- if .Values.filebeat.enabled }} + - name: filebeat-config + configMap: + name: {{ template "artifactory-ha.fullname" . }}-filebeat-config + {{- end }} + {{- if .Values.artifactory.customVolumes }} +{{ tpl .Values.artifactory.customVolumes . | indent 6 }} + {{- end }} + {{- if not .Values.artifactory.persistence.enabled }} + - name: volume + emptyDir: + sizeLimit: {{ .Values.artifactory.persistence.size }} + {{- end }} + volumeClaimTemplates: + {{- if .Values.artifactory.persistence.enabled }} + - metadata: + name: volume + {{- if not .Values.artifactory.primary.persistence.existingClaim }} + spec: + {{- if .Values.artifactory.persistence.storageClassName }} + {{- if (eq "-" .Values.artifactory.persistence.storageClassName) }} + storageClassName: "" + {{- else }} + storageClassName: "{{ .Values.artifactory.persistence.storageClassName }}" + {{- end }} + {{- end }} + accessModes: [ "{{ .Values.artifactory.persistence.accessMode }}" ] + resources: + requests: + storage: {{ .Values.artifactory.persistence.size }} + {{- end }} + {{- end }} + {{- if .Values.artifactory.customPersistentPodVolumeClaim }} + - metadata: + name: {{ .Values.artifactory.customPersistentPodVolumeClaim.name }} + spec: + {{- if .Values.artifactory.customPersistentPodVolumeClaim.storageClassName }} + {{- if (eq "-" .Values.artifactory.customPersistentPodVolumeClaim.storageClassName) }} + storageClassName: "" + {{- else }} + storageClassName: "{{ .Values.artifactory.customPersistentPodVolumeClaim.storageClassName }}" + {{- end }} + {{- end }} + accessModes: + {{- range .Values.artifactory.customPersistentPodVolumeClaim.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.artifactory.customPersistentPodVolumeClaim.size }} + {{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-priority-class.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-priority-class.yaml new file mode 100644 index 000000000..417ec5c06 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-priority-class.yaml @@ -0,0 +1,9 @@ +{{- if .Values.artifactory.priorityClass.create }} +apiVersion: scheduling.k8s.io/v1 +kind: PriorityClass +metadata: + name: {{ default (include "artifactory-ha.fullname" .) .Values.artifactory.priorityClass.name }} +value: {{ .Values.artifactory.priorityClass.value }} +globalDefault: false +description: "Artifactory priority class" +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-role.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-role.yaml new file mode 100644 index 000000000..c86bffddd --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-role.yaml @@ -0,0 +1,14 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + component: {{ .Values.artifactory.name }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + name: {{ template "artifactory-ha.fullname" . }} +rules: +{{ toYaml .Values.rbac.role.rules }} +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-rolebinding.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-rolebinding.yaml new file mode 100644 index 000000000..4412870b1 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-rolebinding.yaml @@ -0,0 +1,19 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + component: {{ .Values.artifactory.name }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + name: {{ template "artifactory-ha.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ template "artifactory-ha.serviceAccountName" . }} +roleRef: + kind: Role + apiGroup: rbac.authorization.k8s.io + name: {{ template "artifactory-ha.fullname" . }} +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-secrets.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-secrets.yaml new file mode 100644 index 000000000..260e516b9 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-secrets.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "artifactory-ha.fullname" . }} + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +type: Opaque +data: +{{- if and .Values.artifactory.masterKey (not .Values.artifactory.masterKeySecretName) }} + master-key: {{ .Values.artifactory.masterKey | b64enc | quote }} +{{- end }} +{{- if and .Values.artifactory.joinKey (not .Values.artifactory.joinKeySecretName) }} + join-key: {{ .Values.artifactory.joinKey | b64enc | quote }} +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-service.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-service.yaml new file mode 100644 index 000000000..68b467ea5 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-service.yaml @@ -0,0 +1,107 @@ +# Service for all Artifactory cluster nodes. +apiVersion: v1 +kind: Service +metadata: + name: {{ template "artifactory-ha.fullname" . }} + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + component: {{ .Values.artifactory.name }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + {{- with .Values.artifactory.node.labels }} +{{ toYaml .| indent 4 }} + {{- end }} +{{- if .Values.artifactory.service.annotations }} + annotations: +{{ toYaml .Values.artifactory.service.annotations | indent 4 }} +{{- end }} +spec: + type: {{ .Values.artifactory.service.type }} + {{- if and (eq .Values.artifactory.service.type "ClusterIP") .Values.artifactory.service.clusterIP }} + clusterIP: {{ .Values.artifactory.service.clusterIP }} + {{- end }} + {{- if .Values.artifactory.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: +{{ toYaml .Values.artifactory.service.loadBalancerSourceRanges | indent 4 }} + {{- end }} + ports: + - port: {{ .Values.artifactory.externalPort }} + targetPort: {{ .Values.artifactory.internalPort }} + protocol: TCP + name: router + {{- if .Values.artifactory.ssh.enabled }} + - port: {{ .Values.artifactory.ssh.externalPort }} + targetPort: {{ .Values.artifactory.ssh.internalPort }} + protocol: TCP + name: ssh + {{- end }} + - port: {{ .Values.artifactory.externalArtifactoryPort }} + targetPort: {{ .Values.artifactory.internalArtifactoryPort }} + protocol: TCP + name: artifactory + {{- with .Values.artifactory.node.javaOpts.jmx }} + {{- if .enabled }} + - port: {{ .port }} + targetPort: {{ .port }} + protocol: TCP + name: jmx + {{- end }} + {{- end }} + selector: +{{- if eq .Values.artifactory.service.pool "members" }} + role: {{ template "artifactory-ha.node.name" . }} +{{- end }} + app: {{ template "artifactory-ha.name" . }} + component: "{{ .Values.artifactory.name }}" + release: {{ .Release.Name }} +--- +# Internal service for Artifactory primary node only! +# Used by member nodes to check readiness of primary node before starting up +apiVersion: v1 +kind: Service +metadata: + name: {{ template "artifactory-ha.primary.name" . }} + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + component: {{ .Values.artifactory.name }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + {{- with .Values.artifactory.primary.labels }} +{{ toYaml . | indent 4 }} + {{- end }} +spec: + # Statically setting service type to ClusterIP since this is an internal only service + type: ClusterIP + {{- if and (eq .Values.artifactory.service.type "ClusterIP") .Values.artifactory.service.clusterIP }} + clusterIP: {{ .Values.artifactory.service.clusterIP }} + {{- end }} + ports: + - port: {{ .Values.artifactory.externalPort }} + targetPort: {{ .Values.artifactory.internalPort }} + protocol: TCP + name: router + - port: {{ .Values.artifactory.externalArtifactoryPort }} + targetPort: {{ .Values.artifactory.internalArtifactoryPort }} + protocol: TCP + name: artifactory + {{- if .Values.artifactory.ssh.enabled }} + - port: {{ .Values.artifactory.ssh.externalPort }} + targetPort: {{ .Values.artifactory.ssh.internalPort }} + protocol: TCP + name: ssh + {{- end }} + {{- with .Values.artifactory.primary.javaOpts.jmx }} + {{- if .enabled }} + - port: {{ .port }} + targetPort: {{ .port }} + protocol: TCP + name: jmx + {{- end }} + {{- end }} + selector: + role: {{ template "artifactory-ha.primary.name" . }} + app: {{ template "artifactory-ha.name" . }} + component: "{{ .Values.artifactory.name }}" + release: {{ .Release.Name }} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-serviceaccount.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-serviceaccount.yaml new file mode 100644 index 000000000..6983c1d12 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-serviceaccount.yaml @@ -0,0 +1,16 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: +{{- with .Values.serviceAccount.annotations }} + annotations: +{{ tpl (toYaml .) $ | indent 4 }} +{{- end }} + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + component: {{ .Values.artifactory.name }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + name: {{ template "artifactory-ha.serviceAccountName" . }} +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-storage-pvc.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-storage-pvc.yaml new file mode 100644 index 000000000..e0bfa6b11 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-storage-pvc.yaml @@ -0,0 +1,27 @@ +{{ if .Values.artifactory.customPersistentVolumeClaim }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ .Values.artifactory.customPersistentVolumeClaim.name }} + labels: + app: {{ template "artifactory-ha.name" . }} + version: "{{ .Values.artifactory.version }}" + chart: {{ template "artifactory-ha.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + accessModes: + {{- range .Values.artifactory.customPersistentVolumeClaim.accessModes }} + - {{ . | quote }} + {{- end }} + {{- if .Values.artifactory.customPersistentVolumeClaim.storageClassName }} + {{- if (eq "-" .Values.artifactory.customPersistentVolumeClaim.storageClassName) }} + storageClassName: "" + {{- else }} + storageClassName: "{{ .Values.artifactory.customPersistentVolumeClaim.storageClassName }}" + {{- end }} + {{- end }} + resources: + requests: + storage: {{ .Values.artifactory.customPersistentVolumeClaim.size | quote }} +{{ end -}} \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-system-yaml.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-system-yaml.yaml new file mode 100644 index 000000000..cf8ffbac8 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/artifactory-system-yaml.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "artifactory-ha.primary.name" . }}-system-yaml + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + component: {{ .Values.artifactory.name }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +type: Opaque +stringData: + system.yaml: | +{{ tpl .Values.artifactory.systemYaml . | indent 4 }} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/filebeat-configmap.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/filebeat-configmap.yaml new file mode 100644 index 000000000..d2db2a067 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/filebeat-configmap.yaml @@ -0,0 +1,15 @@ +{{- if .Values.filebeat.enabled }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "artifactory-ha.name" . }}-filebeat-config + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} +data: + filebeat.yml: | +{{ tpl .Values.filebeat.filebeatYml . | indent 4 }} +{{- end -}} \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/ingress.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/ingress.yaml new file mode 100644 index 000000000..262647f9c --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/ingress.yaml @@ -0,0 +1,102 @@ +{{- if .Values.ingress.enabled -}} +{{- $serviceName := include "artifactory-ha.fullname" . -}} +{{- $servicePort := .Values.artifactory.externalPort -}} +{{- $artifactoryServicePort := .Values.artifactory.externalArtifactoryPort -}} +{{- $ingressName := default ( include "artifactory-ha.fullname" . ) .Values.ingress.name -}} +{{- if semverCompare ">=v1.14.0" .Capabilities.KubeVersion.GitVersion }} +apiVersion: networking.k8s.io/v1beta1 +{{- else }} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $ingressName }} + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- if .Values.ingress.labels }} +{{ .Values.ingress.labels | toYaml | trimSuffix "\n"| indent 4 -}} +{{- end}} +{{- if .Values.ingress.annotations }} + annotations: +{{ .Values.ingress.annotations | toYaml | trimSuffix "\n" | indent 4 -}} +{{- end }} +spec: + {{- if .Values.ingress.defaultBackend.enabled }} + backend: + serviceName: {{ $serviceName }} + servicePort: {{ $servicePort }} + {{- end }} + rules: +{{- if .Values.ingress.hosts }} + {{- range $host := .Values.ingress.hosts }} + - host: {{ $host | quote }} + http: + paths: + - path: {{ $.Values.ingress.routerPath }} + backend: + serviceName: {{ $serviceName }} + servicePort: {{ $servicePort }} + - path: {{ $.Values.ingress.artifactoryPath }} + backend: + serviceName: {{ $serviceName }} + servicePort: {{ $artifactoryServicePort }} + {{- end -}} +{{- end -}} + {{- with .Values.ingress.additionalRules }} +{{ tpl . $ | indent 2 }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: +{{ toYaml .Values.ingress.tls | indent 4 }} + {{- end -}} +{{- if .Values.artifactory.replicator.enabled }} +--- +{{- $replicationIngressName := default ( include "artifactory-ha.replicator.fullname" . ) .Values.artifactory.replicator.ingress.name -}} +{{- if semverCompare ">=v1.14.0" .Capabilities.KubeVersion.GitVersion }} +apiVersion: networking.k8s.io/v1beta1 +{{- else }} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $replicationIngressName }} + labels: + app: "{{ template "artifactory-ha.name" $ }}" + chart: "{{ template "artifactory-ha.chart" $ }}" + release: {{ $.Release.Name | quote }} + heritage: {{ $.Release.Service | quote }} + {{- if .Values.artifactory.replicator.ingress.annotations }} + annotations: +{{ .Values.artifactory.replicator.ingress.annotations | toYaml | trimSuffix "\n" | indent 4 -}} + {{- end }} +spec: + {{- if .Values.ingress.defaultBackend.enabled }} + backend: + serviceName: {{ $serviceName }} + servicePort: {{ $servicePort }} + {{- end }} + rules: +{{- if .Values.artifactory.replicator.ingress.hosts }} + {{- range $host := .Values.artifactory.replicator.ingress.hosts }} + - host: {{ $host | quote }} + http: + paths: + - path: /replicator/ + backend: + serviceName: {{ $serviceName }} + servicePort: {{ $servicePort }} + - path: /artifactory/api/replication/replicate/file/streaming + backend: + serviceName: {{ $serviceName }} + servicePort: {{ $servicePort }} + {{- end -}} +{{- end -}} + {{- if .Values.artifactory.replicator.ingress.tls }} + tls: +{{ toYaml .Values.artifactory.replicator.ingress.tls | indent 4 }} + {{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/logger-configmap.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/logger-configmap.yaml new file mode 100644 index 000000000..87fe8999e --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/logger-configmap.yaml @@ -0,0 +1,63 @@ +{{- if or .Values.artifactory.loggers .Values.artifactory.catalinaLoggers }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "artifactory-ha.fullname" . }}-logger + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +data: + tail-log.sh: | + #!/bin/sh + + LOG_DIR=$1 + LOG_NAME=$2 + PID= + + # Wait for log dir to appear + while [ ! -d ${LOG_DIR} ]; do + sleep 1 + done + + cd ${LOG_DIR} + + LOG_PREFIX=$(echo ${LOG_NAME} | sed 's/.log$//g') + + # Find the log to tail + LOG_FILE=$(ls -1t ./${LOG_PREFIX}*.log 2>/dev/null | head -1) + + # Wait for the log file + while [ -z "${LOG_FILE}" ]; do + sleep 1 + LOG_FILE=$(ls -1t ./${LOG_PREFIX}*.log 2>/dev/null | head -1) + done + + echo "Log file ${LOG_FILE} is ready!" + + # Get inode number + INODE_ID=$(ls -i ${LOG_FILE}) + + # echo "Tailing ${LOG_FILE}" + tail -F ${LOG_FILE} & + PID=$! + + # Loop forever to see if a new log was created + while true; do + # Check inode number + NEW_INODE_ID=$(ls -i ${LOG_FILE}) + + # If inode number changed, this means log was rotated and need to start a new tail + if [ "${INODE_ID}" != "${NEW_INODE_ID}" ]; then + kill -9 ${PID} 2>/dev/null + INODE_ID="${NEW_INODE_ID}" + + # Start a new tail + tail -F ${LOG_FILE} & + PID=$! + fi + sleep 1 + done + +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/nginx-artifactory-conf.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/nginx-artifactory-conf.yaml new file mode 100644 index 000000000..eb1f0e698 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/nginx-artifactory-conf.yaml @@ -0,0 +1,14 @@ +{{- if and (not .Values.nginx.customArtifactoryConfigMap) .Values.nginx.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "artifactory-ha.fullname" . }}-nginx-artifactory-conf + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +data: + artifactory.conf: | +{{ tpl .Values.nginx.artifactoryConf . | indent 4 }} +{{- end }} \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/nginx-certificate-secret.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/nginx-certificate-secret.yaml new file mode 100644 index 000000000..2c1430a18 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/nginx-certificate-secret.yaml @@ -0,0 +1,14 @@ +{{- if and (not .Values.nginx.tlsSecretName) .Values.nginx.enabled }} +apiVersion: v1 +kind: Secret +type: kubernetes.io/tls +metadata: + name: {{ template "artifactory-ha.fullname" . }}-nginx-certificate + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +data: +{{ ( include "artifactory-ha.gen-certs" . ) | indent 2 }} +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/nginx-conf.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/nginx-conf.yaml new file mode 100644 index 000000000..5f424d52a --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/nginx-conf.yaml @@ -0,0 +1,14 @@ +{{- if and (not .Values.nginx.customConfigMap) .Values.nginx.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "artifactory-ha.fullname" . }}-nginx-conf + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +data: + nginx.conf: | +{{ tpl .Values.nginx.mainConf . | indent 4 }} +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/nginx-deployment.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/nginx-deployment.yaml new file mode 100644 index 000000000..4327e7479 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/nginx-deployment.yaml @@ -0,0 +1,192 @@ +{{- if .Values.nginx.enabled -}} +{{- $serviceName := include "artifactory-ha.fullname" . -}} +{{- $servicePort := .Values.artifactory.externalPort -}} +apiVersion: apps/v1 +kind: {{ .Values.nginx.kind }} +metadata: + name: {{ template "artifactory-ha.nginx.fullname" . }} + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + component: {{ .Values.nginx.name }} +{{- if .Values.nginx.labels }} +{{ toYaml .Values.nginx.labels | indent 4 }} +{{- end }} +spec: +{{- if ne .Values.nginx.kind "DaemonSet" }} + replicas: {{ .Values.nginx.replicaCount }} +{{- end }} + selector: + matchLabels: + app: {{ template "artifactory-ha.name" . }} + release: {{ .Release.Name }} + component: {{ .Values.nginx.name }} + template: + metadata: + annotations: + checksum/nginx-conf: {{ include (print $.Template.BasePath "/nginx-conf.yaml") . | sha256sum }} + checksum/nginx-artifactory-conf: {{ include (print $.Template.BasePath "/nginx-artifactory-conf.yaml") . | sha256sum }} + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + component: {{ .Values.nginx.name }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + spec: + serviceAccountName: {{ template "artifactory-ha.serviceAccountName" . }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: + - name: {{ .Values.imagePullSecrets }} + {{- end }} + initContainers: + - name: "setup" + image: "{{ .Values.initContainerImage }}" + imagePullPolicy: {{ .Values.nginx.image.pullPolicy }} + command: + - '/bin/sh' + - '-c' + - > + rm -rfv {{ .Values.nginx.persistence.mountPath }}/lost+found; + mkdir -p {{ .Values.nginx.persistence.mountPath }}/logs; + volumeMounts: + - mountPath: {{ .Values.nginx.persistence.mountPath | quote }} + name: nginx-volume + securityContext: + runAsUser: {{ .Values.nginx.uid }} + fsGroup: {{ .Values.nginx.gid }} + containers: + - name: {{ .Values.nginx.name }} + image: '{{ .Values.nginx.image.repository }}:{{ default .Chart.AppVersion .Values.nginx.image.version }}' + imagePullPolicy: {{ .Values.nginx.image.pullPolicy }} + command: + - 'nginx' + - '-g' + - 'daemon off;' + ports: + # DEPRECATION NOTE: The following is to maintain support for values pre 1.3.1 and + # will be cleaned up in a later version + {{- if .Values.nginx.http }} + {{- if .Values.nginx.http.enabled }} + - containerPort: {{ .Values.nginx.http.internalPort }} + {{- end }} + {{- else }} # DEPRECATED + - containerPort: {{ .Values.nginx.internalPortHttp }} + {{- end }} + {{- if .Values.nginx.https }} + {{- if .Values.nginx.https.enabled }} + - containerPort: {{ .Values.nginx.https.internalPort }} + {{- end }} + {{- else }} # DEPRECATED + - containerPort: {{ .Values.nginx.internalPortHttps }} + {{- end }} + {{- if .Values.artifactory.ssh.enabled }} + - containerPort: {{ .Values.nginx.ssh.internalPort }} + {{- end }} + volumeMounts: + - name: nginx-conf + mountPath: /etc/nginx/nginx.conf + subPath: nginx.conf + - name: nginx-artifactory-conf + mountPath: "{{ .Values.nginx.persistence.mountPath }}/conf.d/" + - name: nginx-volume + mountPath: {{ .Values.nginx.persistence.mountPath | quote }} + - name: ssl-certificates + mountPath: "{{ .Values.nginx.persistence.mountPath }}/ssl" + resources: +{{ toYaml .Values.nginx.resources | indent 10 }} + {{- if .Values.nginx.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.nginx.readinessProbe.path }} + {{- if .Values.nginx.http.enabled }} + port: {{ .Values.nginx.http.internalPort }} + scheme: HTTP + {{- else }} + port: {{ .Values.nginx.https.internalPort }} + scheme: HTTPS + {{- end }} + initialDelaySeconds: {{ .Values.nginx.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.nginx.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.nginx.readinessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.nginx.readinessProbe.failureThreshold }} + successThreshold: {{ .Values.nginx.readinessProbe.successThreshold }} + {{- end }} + {{- if .Values.nginx.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.nginx.livenessProbe.path }} + {{- if .Values.nginx.http.enabled }} + port: {{ .Values.nginx.http.internalPort }} + scheme: HTTP + {{- else }} + port: {{ .Values.nginx.https.internalPort }} + scheme: HTTPS + {{- end }} + initialDelaySeconds: {{ .Values.nginx.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.nginx.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.nginx.livenessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.nginx.livenessProbe.failureThreshold }} + successThreshold: {{ .Values.nginx.livenessProbe.successThreshold }} + {{- end }} + {{- $image := .Values.logger.image.repository }} + {{- $tag := .Values.logger.image.tag }} + {{- $mountPath := .Values.nginx.persistence.mountPath }} + {{- range .Values.nginx.loggers }} + - name: {{ . | replace "_" "-" | replace "." "-" }} + image: '{{ $image }}:{{ $tag }}' + command: + - tail + args: + - '-F' + - '{{ $mountPath }}/logs/{{ . }}' + volumeMounts: + - name: nginx-volume + mountPath: {{ $mountPath }} + resources: +{{ toYaml $.Values.nginx.loggersResources | indent 10 }} + {{- end }} + {{- with .Values.nginx.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.nginx.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.nginx.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} + volumes: + - name: nginx-conf + configMap: + {{- if .Values.nginx.customConfigMap }} + name: {{ .Values.nginx.customConfigMap }} + {{- else }} + name: {{ template "artifactory-ha.fullname" . }}-nginx-conf + {{- end }} + - name: nginx-artifactory-conf + configMap: + {{- if .Values.nginx.customArtifactoryConfigMap }} + name: {{ .Values.nginx.customArtifactoryConfigMap }} + {{- else }} + name: {{ template "artifactory-ha.fullname" . }}-nginx-artifactory-conf + {{- end }} + + - name: nginx-volume + {{- if .Values.nginx.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ .Values.nginx.persistence.existingClaim | default (include "artifactory-ha.nginx.fullname" .) }} + {{- else }} + emptyDir: {} + {{- end }} + - name: ssl-certificates + secret: + {{- if .Values.nginx.tlsSecretName }} + secretName: {{ .Values.nginx.tlsSecretName }} + {{- else }} + secretName: {{ template "artifactory-ha.fullname" . }}-nginx-certificate + {{- end }} +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/nginx-pdb.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/nginx-pdb.yaml new file mode 100644 index 000000000..8310377a6 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/nginx-pdb.yaml @@ -0,0 +1,19 @@ +{{- if .Values.nginx.enabled -}} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: {{ template "artifactory-ha.nginx.fullname" . }} + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + component: {{ .Values.nginx.name }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + selector: + matchLabels: + component: {{ .Values.nginx.name }} + app: {{ template "artifactory-ha.name" . }} + release: {{ .Release.Name }} + minAvailable: {{ .Values.nginx.minAvailable }} +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/nginx-pvc.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/nginx-pvc.yaml new file mode 100644 index 000000000..68a89cea0 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/nginx-pvc.yaml @@ -0,0 +1,26 @@ +{{- if and .Values.nginx.persistence.enabled (.Values.nginx.enabled) (eq (int .Values.nginx.replicaCount) 1) }} +{{- if (not .Values.nginx.persistence.existingClaim) }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ template "artifactory-ha.nginx.fullname" . }} + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + accessModes: + - {{ .Values.nginx.persistence.accessMode | quote }} + resources: + requests: + storage: {{ .Values.nginx.persistence.size | quote }} +{{- if .Values.nginx.persistence.storageClass }} +{{- if (eq "-" .Values.nginx.persistence.storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .Values.nginx.persistence.storageClass }}" +{{- end }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/nginx-service.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/nginx-service.yaml new file mode 100644 index 000000000..d0e10e248 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/templates/nginx-service.yaml @@ -0,0 +1,79 @@ +{{- if .Values.nginx.enabled -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "artifactory-ha.nginx.fullname" . }} + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + component: {{ .Values.nginx.name }} + {{- if .Values.nginx.service.labels }} +{{ toYaml .Values.nginx.service.labels | indent 4 }} + {{- end }} +{{- if .Values.nginx.service.annotations }} + annotations: +{{ toYaml .Values.nginx.service.annotations | indent 4 }} +{{- end }} +spec: + type: {{ .Values.nginx.service.type }} + {{- if and (eq .Values.nginx.service.type "ClusterIP") .Values.nginx.service.clusterIP }} + clusterIP: {{ .Values.nginx.service.clusterIP }} + {{- end }} +{{- if eq .Values.nginx.service.type "LoadBalancer" }} + {{ if .Values.nginx.service.loadBalancerIP -}} + loadBalancerIP: {{ .Values.nginx.service.loadBalancerIP }} + {{ end -}} + {{- if .Values.nginx.service.externalTrafficPolicy }} + externalTrafficPolicy: {{ .Values.nginx.service.externalTrafficPolicy }} + {{- end }} +{{- end }} +{{- if .Values.nginx.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: +{{ toYaml .Values.nginx.service.loadBalancerSourceRanges | indent 4 }} +{{- end }} + ports: + # DEPRECATION NOTE: The following is to maintain support for values pre 1.3.0 and + # will be cleaned up in a later verion + {{- if .Values.nginx.http }} + {{- if .Values.nginx.http.enabled }} + - port: {{ .Values.nginx.http.externalPort }} + targetPort: {{ .Values.nginx.http.internalPort }} + protocol: TCP + name: http + {{- end }} + {{- else }} # DEPRECATED + - port: {{ .Values.nginx.externalPortHttp }} + targetPort: {{ .Values.nginx.internalPortHttp }} + protocol: TCP + name: http + {{- end }} + {{- if .Values.nginx.https }} + {{- if or .Values.nginx.https.enabled .Values.nginx.service.ssloffload }} + - port: {{ .Values.nginx.https.externalPort }} + {{- if .Values.nginx.service.ssloffload }} + targetPort: {{ .Values.nginx.http.internalPort }} + {{- else }} + targetPort: {{ .Values.nginx.https.internalPort}} + {{- end }} + protocol: TCP + name: https + {{- end }} + {{- else }} # DEPRECATED + - port: {{ .Values.nginx.externalPortHttps }} + targetPort: {{ .Values.nginx.internalPortHttps }} + protocol: TCP + name: https + {{- end }} + {{- if .Values.artifactory.ssh.enabled }} + - port: {{ .Values.nginx.ssh.externalPort }} + targetPort: {{ .Values.nginx.ssh.internalPort }} + protocol: TCP + name: ssh + {{- end }} + selector: + app: {{ template "artifactory-ha.name" . }} + component: {{ .Values.nginx.name }} + release: {{ .Release.Name }} +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/values-large.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/values-large.yaml new file mode 100644 index 000000000..ec05d2add --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/values-large.yaml @@ -0,0 +1,24 @@ +artifactory: + primary: + resources: + requests: + memory: "6Gi" + cpu: "4" + limits: + memory: "10Gi" + cpu: "8" + javaOpts: + xms: "6g" + xmx: "8g" + node: + replicaCount: 3 + resources: + requests: + memory: "6Gi" + cpu: "4" + limits: + memory: "10Gi" + cpu: "8" + javaOpts: + xms: "6g" + xmx: "8g" diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/values-medium.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/values-medium.yaml new file mode 100644 index 000000000..33879c00b --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/values-medium.yaml @@ -0,0 +1,24 @@ +artifactory: + primary: + resources: + requests: + memory: "4Gi" + cpu: "2" + limits: + memory: "8Gi" + cpu: "6" + javaOpts: + xms: "4g" + xmx: "6g" + node: + replicaCount: 2 + resources: + requests: + memory: "4Gi" + cpu: "2" + limits: + memory: "8Gi" + cpu: "6" + javaOpts: + xms: "4g" + xmx: "6g" diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/values-small.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/values-small.yaml new file mode 100644 index 000000000..4babf97cb --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/values-small.yaml @@ -0,0 +1,24 @@ +artifactory: + primary: + resources: + requests: + memory: "4Gi" + cpu: "2" + limits: + memory: "6Gi" + cpu: "4" + javaOpts: + xms: "4g" + xmx: "4g" + node: + replicaCount: 1 + resources: + requests: + memory: "4Gi" + cpu: "2" + limits: + memory: "6Gi" + cpu: "4" + javaOpts: + xms: "4g" + xmx: "4g" diff --git a/charts/artifactory-ha/artifactory-ha/3.0.1400/values.yaml b/charts/artifactory-ha/artifactory-ha/3.0.1400/values.yaml new file mode 100644 index 000000000..f0ff3a1c5 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/3.0.1400/values.yaml @@ -0,0 +1,1551 @@ +# Default values for artifactory-ha. +# This is a YAML-formatted file. +# Beware when changing values here. You should know what you are doing! +# Access the values with {{ .Values.key.subkey }} + +# Common +initContainerImage: docker.bintray.io/alpine:3.12 + +installer: + type: + platform: + +installerInfo: '{"productId": "Helm_artifactory-ha/{{ .Chart.Version }}", "features": [ { "featureId": "Platform/{{ default "kubernetes" .Values.installer.platform }}"}]}' + +# For supporting pulling from private registries +imagePullSecrets: + +## Role Based Access Control +## Ref: https://kubernetes.io/docs/admin/authorization/rbac/ +rbac: + create: true + role: + ## Rules to create. It follows the role specification + rules: + - apiGroups: + - '' + resources: + - services + - endpoints + - pods + verbs: + - get + - watch + - list + +## Service Account +## Ref: https://kubernetes.io/docs/admin/service-accounts-admin/ +## +serviceAccount: + create: true + ## The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the fullname template + name: + annotations: {} + +ingress: + enabled: false + defaultBackend: + enabled: true + # Used to create an Ingress record. + hosts: [] + routerPath: / + artifactoryPath: /artifactory/ + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + # nginx.ingress.kubernetes.io/proxy-body-size: "0" + labels: {} + # traffic-type: external + # traffic-type: internal + tls: [] + # Secrets must be manually created in the namespace. + # - secretName: chart-example-tls + # hosts: + # - artifactory.domain.example + + # Additional ingress rules + additionalRules: [] + + +networkpolicy: + # Allows all ingress and egress + - name: artifactory + podSelector: + matchLabels: + app: artifactory-ha + egress: + - {} + ingress: + - {} + # Uncomment to allow only artifactory pods to communicate with postgresql (if postgresql.enabled is true) + # - name: postgresql + # podSelector: + # matchLabels: + # app: postgresql + # ingress: + # - from: + # - podSelector: + # matchLabels: + # app: artifactory-ha + + +## Database configurations +## Use the wait-for-db init container. Set to false to skip +waitForDatabase: true + +## Configuration values for the postgresql dependency +## ref: https://github.com/bitnami/charts/blob/master/bitnami/postgresql/README.md +## +postgresql: + enabled: true + image: + registry: docker.bintray.io + repository: bitnami/postgresql + tag: 10.13.0-debian-10-r38 + postgresqlUsername: artifactory + postgresqlPassword: "" + postgresqlDatabase: artifactory + postgresqlExtendedConf: + listenAddresses: "'*'" + maxConnections: "1500" + persistence: + enabled: true + size: 50Gi + service: + port: 5432 + master: + nodeSelector: {} + affinity: {} + tolerations: [] + slave: + nodeSelector: {} + affinity: {} + tolerations: [] + resources: {} + # requests: + # memory: "512Mi" + # cpu: "100m" + # limits: + # memory: "1Gi" + # cpu: "500m" + +## If NOT using the PostgreSQL in this chart (postgresql.enabled=false), +## you MUST specify custom database details here or Artifactory will NOT start +database: + type: + driver: + ## If you set the url, leave host and port empty + url: + ## If you would like this chart to create the secret containing the db + ## password, use these values + user: + password: + ## If you have existing Kubernetes secrets containing db credentials, use + ## these values + secrets: {} + # user: + # name: "rds-artifactory" + # key: "db-user" + # password: + # name: "rds-artifactory" + # key: "db-password" + # url: + # name: "rds-artifactory" + # key: "db-url" + +logger: + image: + repository: docker.bintray.io/busybox + tag: 1.31.1 + +# Artifactory +artifactory: + name: artifactory-ha + # Note that by default we use appVersion to get image tag/version + image: + repository: docker.bintray.io/jfrog/artifactory-pro + # version: + pullPolicy: IfNotPresent + + # Create a priority class for the Artifactory pods or use an existing one + # NOTE - Maximum allowed value of a user defined priority is 1000000000 + priorityClass: + create: false + value: 1000000000 + ## Override default name + # name: + ## Use an existing priority class + # existingPriorityClass: + + # Delete the db.properties file in ARTIFACTORY_HOME/etc/db.properties + deleteDBPropertiesOnStartup: true + database: + maxOpenConnections: 80 + tomcat: + connector: + maxThreads: 200 + extraConfig: 'acceptCount="100"' + + # This directory is intended for use with NFS eventual configuration for HA + haDataDir: + enabled: false + path: + haBackupDir: + enabled: false + path: + + # Files to copy to ARTIFACTORY_HOME/ on each Artifactory startup + copyOnEveryStartup: + # # Absolute path + # - source: /artifactory_bootstrap/binarystore.xml + # # Relative to ARTIFACTORY_HOME/ + # target: etc/artifactory/ + # # Absolute path + # - source: /artifactory_bootstrap/artifactory.lic + # # Relative to ARTIFACTORY_HOME/ + # target: etc/artifactory/ + + # Sidecar containers for tailing Artifactory logs + loggers: [] + # - access-audit.log + # - access-request.log + # - access-security-audit.log + # - access-service.log + # - artifactory-access.log + # - artifactory-event.log + # - artifactory-import-export.log + # - artifactory-request.log + # - artifactory-service.log + # - frontend-request.log + # - frontend-service.log + # - metadata-request.log + # - metadata-service.log + # - router-request.log + # - router-service.log + # - router-traefik.log + # - derby.log + + # Loggers containers resources + loggersResources: {} + # requests: + # memory: "10Mi" + # cpu: "10m" + # limits: + # memory: "100Mi" + # cpu: "50m" + + # Sidecar containers for tailing Tomcat (catalina) logs + catalinaLoggers: [] + # - tomcat-catalina.log + # - tomcat-localhost.log + + # Tomcat (catalina) loggers resources + catalinaLoggersResources: {} + # requests: + # memory: "10Mi" + # cpu: "10m" + # limits: + # memory: "100Mi" + # cpu: "50m" + + # Migration support from 6.x to 7.x + migration: + enabled: true + timeoutSeconds: 3600 + ## Extra pre-start command in migration Init Container to install JDBC driver for MySql/MariaDb/Oracle + # preStartCommand: "mkdir -p /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib; cd /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib && wget -O /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib/mysql-connector-java-5.1.41.jar https://jcenter.bintray.com/mysql/mysql-connector-java/5.1.41/mysql-connector-java-5.1.41.jar" + + + ## Add custom init containers execution before predefined init containers + customInitContainersBegin: | + # - name: "custom-setup" + # image: "{{ .Values.initContainerImage }}" + # imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" + # command: + # - 'sh' + # - '-c' + # - 'touch {{ .Values.artifactory.persistence.mountPath }}/example-custom-setup' + # volumeMounts: + # - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" + # name: volume + ## Add custom init containers + + ## Add custom init containers execution after predefined init containers + customInitContainers: | + # - name: "custom-setup" + # image: "{{ .Values.initContainerImage }}" + # imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" + # command: + # - 'sh' + # - '-c' + # - 'touch {{ .Values.artifactory.persistence.mountPath }}/example-custom-setup' + # volumeMounts: + # - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" + # name: volume + + ## Add custom sidecar containers + # - The provided example uses a custom volume (customVolumes) + # - The provided example shows running container as root (id 0) + customSidecarContainers: | + # - name: "sidecar-list-etc" + # image: "{{ .Values.initContainerImage }}" + # imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" + # securityContext: + # runAsUser: 0 + # fsGroup: 0 + # command: + # - 'sh' + # - '-c' + # - 'sh /scripts/script.sh' + # volumeMounts: + # - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" + # name: volume + # - mountPath: "/scripts/script.sh" + # name: custom-script + # subPath: script.sh + # resources: + # requests: + # memory: "32Mi" + # cpu: "50m" + # limits: + # memory: "128Mi" + # cpu: "100m" + + ## Add custom volumes + customVolumes: | + # - name: custom-script + # configMap: + # name: custom-script + + ## Add custom volumesMounts + customVolumeMounts: | + # - name: custom-script + # mountPath: "/scripts/script.sh" + # subPath: script.sh + # - name: posthook-start + # mountPath: "/scripts/posthoook-start.sh" + # subPath: posthoook-start.sh + # - name: prehook-start + # mountPath: "/scripts/prehook-start.sh" + # subPath: prehook-start.sh + + # Add custom persistent volume mounts - Available for the pod + customPersistentPodVolumeClaim: {} + # name: + # mountPath: + # accessModes: + # - "-" + # size: + # storageClassName: + + # Add custom persistent volume mounts - Available to the entire namespace + customPersistentVolumeClaim: {} + # name: + # mountPath: + # accessModes: + # - "-" + # size: + # storageClassName: + + ## Artifactory HA requires a unique master key. Each Artifactory node must have the same master key! + ## You can generate one with the command: "openssl rand -hex 32" + ## Pass it to helm with '--set artifactory.masterKey=${MASTER_KEY}' + ## Alternatively, you can use a pre-existing secret with a key called master-key by specifying masterKeySecretName + ## IMPORTANT: You should NOT use the example masterKey for a production deployment! + ## IMPORTANT: This is a mandatory for fresh Install of 7.x (App version) + # masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF + # masterKeySecretName: + + ## Join Key to connect to other services to Artifactory. + ## IMPORTANT: Setting this value overrides the existing joinKey + ## IMPORTANT: You should NOT use the example joinKey for a production deployment! + # joinKey: EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE + ## Alternatively, you can use a pre-existing secret with a key called join-key by specifying joinKeySecretName + # joinKeySecretName: + + # Add custom secrets - secret per file + customSecrets: + # - name: custom-secret + # key: custom-secret.yaml + # data: > + # custom_secret_config: + # parameter1: value1 + # parameter2: value2 + # - name: custom-secret2 + # key: custom-secret2.config + # data: | + # here the custom secret 2 config + + ## If false, all service console logs will not redirect to a common console.log + consoleLog: false + + binarystore: + enabled: true + + ## admin allows to set the password for the default admin user. + ## See: https://www.jfrog.com/confluence/display/JFROG/Users+and+Groups#UsersandGroups-RecreatingtheDefaultAdminUserrecreate + admin: + ip: "127.0.0.1" + username: "admin" + password: + secret: + dataKey: + + ## Artifactory license. + license: + ## licenseKey is the license key in plain text. Use either this or the license.secret setting + licenseKey: + ## If artifactory.license.secret is passed, it will be mounted as + ## ARTIFACTORY_HOME/etc/artifactory.lic and loaded at run time. + secret: + ## The dataKey should be the name of the secret data key created. + dataKey: + + ## Create configMap with artifactory.config.import.xml and security.import.xml and pass name of configMap in following parameter + configMapName: + + # Add any list of configmaps to Artifactory + configMaps: | + # posthook-start.sh: |- + # echo "This is a post start script" + # posthook-end.sh: |- + # echo "This is a post end script" + + ## List of secrets for Artifactory user plugins. + ## One Secret per plugin's files. + userPluginSecrets: + # - archive-old-artifacts + # - build-cleanup + # - webhook + # - '{{ template "my-chart.fullname" . }}' + + ## Extra pre-start command to install JDBC driver for MySql/MariaDb/Oracle + # preStartCommand: "mkdir -p /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib; cd /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib && wget -O /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib/mysql-connector-java-5.1.41.jar https://jcenter.bintray.com/mysql/mysql-connector-java/5.1.41/mysql-connector-java-5.1.41.jar" + ## Extra post-start command to run extra commands after container starts + # postStartCommand: + + ## Extra environment variables that can be used to tune Artifactory to your needs. + ## Uncomment and set value as needed + extraEnvironmentVariables: + # - name: SERVER_XML_ARTIFACTORY_PORT + # value: "8081" + # - name: SERVER_XML_ARTIFACTORY_MAX_THREADS + # value: "200" + # - name: SERVER_XML_ACCESS_MAX_THREADS + # value: "50" + # - name: SERVER_XML_ARTIFACTORY_EXTRA_CONFIG + # value: "" + # - name: SERVER_XML_ACCESS_EXTRA_CONFIG + # value: "" + # - name: SERVER_XML_EXTRA_CONNECTOR + # value: "" + # - name: DB_POOL_MAX_ACTIVE + # value: "100" + # - name: DB_POOL_MAX_IDLE + # value: "10" + # - name: MY_SECRET_ENV_VAR + # valueFrom: + # secretKeyRef: + # name: my-secret-name + # key: my-secret-key + + # TODO: Fix javaOpts for member nodes (currently uses primary settings for all nodes) + systemYaml: | + shared: + logging: + consoleLog: + enabled: {{ .Values.artifactory.consoleLog }} + extraJavaOpts: > + -Dartifactory.access.client.max.connections={{ .Values.access.tomcat.connector.maxThreads }} + {{- with .Values.artifactory.primary.javaOpts }} + -Dartifactory.async.corePoolSize={{ .corePoolSize }} + {{- if .xms }} + -Xms{{ .xms }} + {{- end }} + {{- if .xmx }} + -Xmx{{ .xmx }} + {{- end }} + {{- if .jmx.enabled }} + -Dcom.sun.management.jmxremote + -Dcom.sun.management.jmxremote.port={{ .jmx.port }} + -Dcom.sun.management.jmxremote.rmi.port={{ .jmx.port }} + -Dcom.sun.management.jmxremote.ssl={{ .jmx.ssl }} + {{- if .jmx.host }} + -Djava.rmi.server.hostname={{ tpl .jmx.host $ }} + {{- else }} + -Djava.rmi.server.hostname={{ template "artifactory-ha.fullname" $ }} + {{- end }} + {{- if .jmx.authenticate }} + -Dcom.sun.management.jmxremote.authenticate=true + -Dcom.sun.management.jmxremote.access.file={{ .jmx.accessFile }} + -Dcom.sun.management.jmxremote.password.file={{ .jmx.passwordFile }} + {{- else }} + -Dcom.sun.management.jmxremote.authenticate=false + {{- end }} + {{- end }} + {{- if .other }} + {{ .other }} + {{- end }} + {{- end }} + database: + {{- if .Values.postgresql.enabled }} + type: postgresql + url: "jdbc:postgresql://{{ .Release.Name }}-postgresql:{{ .Values.postgresql.service.port }}/{{ .Values.postgresql.postgresqlDatabase }}" + host: "" + driver: org.postgresql.Driver + username: "{{ .Values.postgresql.postgresqlUsername }}" + {{ else }} + type: "{{ .Values.database.type }}" + driver: "{{ .Values.database.driver }}" + {{- end }} + artifactory: + {{- if or .Values.artifactory.haDataDir.enabled .Values.artifactory.haBackupDir.enabled }} + node: + {{- if .Values.artifactory.haDataDir.path }} + haDataDir: {{ .Values.artifactory.haDataDir.path }} + {{- end }} + {{- if .Values.artifactory.haBackupDir.path }} + haBackupDir: {{ .Values.artifactory.haBackupDir.path }} + {{- end }} + {{- end }} + database: + maxOpenConnections: {{ .Values.artifactory.database.maxOpenConnections }} + tomcat: + connector: + maxThreads: {{ .Values.artifactory.tomcat.connector.maxThreads }} + extraConfig: {{ .Values.artifactory.tomcat.connector.extraConfig }} + access: + database: + maxOpenConnections: {{ .Values.access.database.maxOpenConnections }} + tomcat: + connector: + maxThreads: {{ .Values.access.tomcat.connector.maxThreads }} + extraConfig: {{ .Values.access.tomcat.connector.extraConfig }} + {{- if .Values.access.database.enabled }} + type: "{{ .Values.access.database.type }}" + url: "{{ .Values.access.database.url }}" + driver: "{{ .Values.access.database.driver }}" + username: "{{ .Values.access.database.user }}" + password: "{{ .Values.access.database.password }}" + {{- end }} + metadata: + database: + maxOpenConnections: {{ .Values.metadata.database.maxOpenConnections }} + {{- if .Values.artifactory.replicator.enabled }} + replicator: + enabled: true + {{- end }} + + ## IMPORTANT: If overriding artifactory.internalPort: + ## DO NOT use port lower than 1024 as Artifactory runs as non-root and cannot bind to ports lower than 1024! + externalPort: 8082 + internalPort: 8082 + externalArtifactoryPort: 8081 + internalArtifactoryPort: 8081 + uid: 1030 + terminationGracePeriodSeconds: 30 + ## The following settings are to configure the frequency of the liveness and readiness probes + livenessProbe: + enabled: true + path: /router/api/v1/system/health + initialDelaySeconds: 180 + failureThreshold: 10 + timeoutSeconds: 10 + periodSeconds: 10 + successThreshold: 1 + + readinessProbe: + enabled: true + path: /router/api/v1/system/health + initialDelaySeconds: 90 + failureThreshold: 10 + timeoutSeconds: 10 + periodSeconds: 10 + successThreshold: 1 + + persistence: + enabled: true + local: false + redundancy: 3 + mountPath: "/var/opt/jfrog/artifactory" + accessMode: ReadWriteOnce + size: 200Gi + + ## Use a custom Secret to be mounted as your binarystore.xml + ## NOTE: This will ignore all settings below that make up binarystore.xml + customBinarystoreXmlSecret: + + maxCacheSize: 50000000000 + cacheProviderDir: cache + eventual: + numberOfThreads: 10 + ## artifactory data Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClassName: "-" + + ## Set the persistence storage type. This will apply the matching binarystore.xml to Artifactory config + ## Supported types are: + ## file-system (default) + ## nfs + ## google-storage + ## aws-s3 + ## aws-s3-v3 + ## azure-blob + type: file-system + + ## Use binarystoreXml to provide a custom binarystore.xml + ## This can be a template or hardcoded. + binarystoreXml: | + {{- if eq .Values.artifactory.persistence.type "file-system" }} + + {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} + + + + + + {{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) -}} + + {{- end }} + + + + + + {{ .Values.artifactory.persistence.maxCacheSize }} + {{ .Values.artifactory.persistence.cacheProviderDir }} + + + // Specify the read and write strategy and redundancy for the sharding binary provider + + roundRobin + percentageFreeSpace + 2 + + + {{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) -}} + //For each sub-provider (mount), specify the filestore location + + filestore{{ $sharedClaimNumber }} + + {{- end }} + + {{- else }} + + + + + crossNetworkStrategy + crossNetworkStrategy + {{ .Values.artifactory.persistence.redundancy }} + 2 + 2 + + + + + + + + + {{ .Values.artifactory.persistence.maxCacheSize }} + {{ .Values.artifactory.persistence.cacheProviderDir }} + + + + + shard-fs-1 + local + + + + + 30 + tester-remote1 + 10000 + remote + + + + {{- end }} + {{- end }} + {{- if eq .Values.artifactory.persistence.type "google-storage" }} + + + + + + crossNetworkStrategy + crossNetworkStrategy + {{ .Values.artifactory.persistence.redundancy }} + 2 + + + + + + + + + + + + + + {{ .Values.artifactory.persistence.maxCacheSize }} + {{ .Values.artifactory.persistence.cacheProviderDir }} + + + + local + + + + 30 + 10000 + remote + + + + {{ .Values.artifactory.persistence.mountPath }}/data/filestore + /tmp + + + + google-cloud-storage + {{ .Values.artifactory.persistence.googleStorage.endpoint }} + {{ .Values.artifactory.persistence.googleStorage.httpsOnly }} + {{ .Values.artifactory.persistence.googleStorage.bucketName }} + {{ .Values.artifactory.persistence.googleStorage.identity }} + {{ .Values.artifactory.persistence.googleStorage.credential }} + {{ .Values.artifactory.persistence.googleStorage.path }} + {{ .Values.artifactory.persistence.googleStorage.bucketExists }} + + + {{- end }} + {{- if eq .Values.artifactory.persistence.type "aws-s3-v3" }} + + + + + + + + + + + + + + + + + crossNetworkStrategy + crossNetworkStrategy + {{ .Values.artifactory.persistence.redundancy }} + + + + + remote + + + + local + + + + + {{ .Values.artifactory.persistence.maxCacheSize }} + {{ .Values.artifactory.persistence.cacheProviderDir }} + + + {{- with .Values.artifactory.persistence.awsS3V3 }} + + {{ .testConnection }} + {{- if .identity }} + {{ .identity }} + {{- end }} + {{- if .credential }} + {{ .credential }} + {{- end }} + {{ .region }} + {{ .bucketName }} + {{ .path }} + {{ .endpoint }} + {{- with .maxConnections }} + {{ . }} + {{- end }} + {{- with .kmsServerSideEncryptionKeyId }} + {{ . }} + {{- end }} + {{- with .kmsKeyRegion }} + {{ . }} + {{- end }} + {{- with .kmsCryptoMode }} + {{ . }} + {{- end }} + {{- if .useInstanceCredentials }} + true + {{- else }} + false + {{- end }} + {{ .usePresigning }} + {{ .signatureExpirySeconds }} + {{- with .cloudFrontDomainName }} + {{ . }} + {{- end }} + {{- with .cloudFrontKeyPairId }} + {{ .cloudFrontKeyPairId }} + {{- end }} + {{- with .cloudFrontPrivateKey }} + {{ . }} + {{- end }} + + {{- end }} + + {{- end }} + + {{- if eq .Values.artifactory.persistence.type "aws-s3" }} + + + + + + + + + + + + + + + + + + {{ .Values.artifactory.persistence.maxCacheSize }} + {{ .Values.artifactory.persistence.cacheProviderDir }} + + + + local + + + + 30 + 10000 + remote + + + + crossNetworkStrategy + crossNetworkStrategy + {{ .Values.artifactory.persistence.redundancy }} + + + + + {{ .Values.artifactory.persistence.awsS3.endpoint }} + {{- if .Values.artifactory.persistence.awsS3.roleName }} + {{ .Values.artifactory.persistence.awsS3.roleName }} + true + {{- else }} + {{ .Values.artifactory.persistence.awsS3.refreshCredentials }} + {{- end }} + {{ .Values.artifactory.persistence.awsS3.s3AwsVersion }} + {{ .Values.artifactory.persistence.awsS3.testConnection }} + {{ .Values.artifactory.persistence.awsS3.httpsOnly }} + {{ .Values.artifactory.persistence.awsS3.region }} + {{ .Values.artifactory.persistence.awsS3.bucketName }} + {{- if .Values.artifactory.persistence.awsS3.identity }} + {{ .Values.artifactory.persistence.awsS3.identity }} + {{- end }} + {{- if .Values.artifactory.persistence.awsS3.credential }} + {{ .Values.artifactory.persistence.awsS3.credential }} + {{- end }} + {{ .Values.artifactory.persistence.awsS3.path }} + {{- range $key, $value := .Values.artifactory.persistence.awsS3.properties }} + + {{- end }} + + + {{- end }} + {{- if eq .Values.artifactory.persistence.type "azure-blob" }} + + + + + + + + + + + + + + + + + + {{ .Values.artifactory.persistence.maxCacheSize }} + {{ .Values.artifactory.persistence.cacheProviderDir }} + + + + + crossNetworkStrategy + crossNetworkStrategy + 2 + 1 + + + + + remote + + + + local + + + + + {{ .Values.artifactory.persistence.azureBlob.accountName }} + {{ .Values.artifactory.persistence.azureBlob.accountKey }} + {{ .Values.artifactory.persistence.azureBlob.endpoint }} + {{ .Values.artifactory.persistence.azureBlob.containerName }} + {{ .Values.artifactory.persistence.azureBlob.testConnection }} + + + {{- end }} + + ## For artifactory.persistence.type file-system + fileSystem: + ## You may also use existing shared claims for the data and backup storage. This allows storage (NAS for example) to be used for Data and Backup dirs which are safe to share across multiple artifactory nodes. + ## You may specify numberOfExistingClaims to indicate how many of these existing shared claims to mount. (Default = 1) + ## Create PVCs with ReadWriteMany that match the naming convetions: + ## {{ template "artifactory-ha.fullname" . }}-data-pvc- + ## {{ template "artifactory-ha.fullname" . }}-backup-pvc + ## Example (using numberOfExistingClaims: 2) + ## myexample-data-pvc-0 + ## myexample-data-pvc-1 + ## myexample-backup-pvc + ## Note: While you need two PVC fronting two PVs, multiple PVs can be attached to the same storage in many cases allowing you to share an underlying drive. + + ## Need to have the following set + existingSharedClaim: + enabled: false + numberOfExistingClaims: 1 + ## Should be a child directory of {{ .Values.artifactory.persistence.mountPath }} + dataDir: "{{ .Values.artifactory.persistence.mountPath }}/artifactory-data" + backupDir: "/var/opt/jfrog/artifactory-backup" + + + ## For artifactory.persistence.type nfs + ## If using NFS as the shared storage, you must have a running NFS server that is accessible by your Kubernetes + ## cluster nodes. + ## Need to have the following set + nfs: + # Must pass actual IP of NFS server with '--set For artifactory.persistence.nfs.ip=${NFS_IP}' + ip: + haDataMount: "/data" + haBackupMount: "/backup" + dataDir: "/var/opt/jfrog/artifactory-ha" + backupDir: "/var/opt/jfrog/artifactory-backup" + capacity: 200Gi + mountOptions: [] + ## For artifactory.persistence.type google-storage + googleStorage: + ## When using GCP buckets as your binary store (Available with enterprise license only) + gcpServiceAccount: + enabled: false + ## Use either an existing secret prepared in advance or put the config (replace the content) in the values + ## ref: https://github.com/jfrog/charts/blob/master/stable/artifactory-ha/README.md#google-storage + # customSecretName: + # config: | + # { + # "type": "service_account", + # "project_id": "", + # "private_key_id": "?????", + # "private_key": "-----BEGIN PRIVATE KEY-----\n????????==\n-----END PRIVATE KEY-----\n", + # "client_email": "???@j.iam.gserviceaccount.com", + # "client_id": "???????", + # "auth_uri": "https://accounts.google.com/o/oauth2/auth", + # "token_uri": "https://oauth2.googleapis.com/token", + # "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", + # "client_x509_cert_url": "https://www.googleapis.com/robot/v1....." + # } + endpoint: storage.googleapis.com + httpsOnly: false + # Set a unique bucket name + bucketName: "artifactory-ha-gcp" + identity: + credential: + path: "artifactory-ha/filestore" + bucketExists: false + + ## For artifactory.persistence.type aws-s3-v3 + awsS3V3: + testConnection: false + identity: + credential: + region: + bucketName: artifactory-aws + path: artifactory/filestore + endpoint: + maxConnections: 50 + kmsServerSideEncryptionKeyId: + kmsKeyRegion: + kmsCryptoMode: + useInstanceCredentials: true + usePresigning: false + signatureExpirySeconds: 300 + cloudFrontDomainName: + cloudFrontKeyPairId: + cloudFrontPrivateKey: + + ## For artifactory.persistence.type aws-s3 + ## IMPORTANT: Make sure S3 `endpoint` and `region` match! See https://docs.aws.amazon.com/general/latest/gr/rande.html + awsS3: + # Set a unique bucket name + bucketName: "artifactory-ha-aws" + endpoint: + region: + roleName: + identity: + credential: + path: "artifactory-ha/filestore" + refreshCredentials: true + httpsOnly: true + testConnection: false + s3AwsVersion: "AWS4-HMAC-SHA256" + + ## Additional properties to set on the s3 provider + properties: {} + # httpclient.max-connections: 100 + ## For artifactory.persistence.type azure-blob + azureBlob: + accountName: + accountKey: + endpoint: + containerName: + testConnection: false + service: + name: artifactory + type: ClusterIP + ## For supporting whitelist on the Artifactory service (useful if setting service.type=LoadBalancer) + ## Set this to a list of IP CIDR ranges + ## Example: loadBalancerSourceRanges: ['10.10.10.5/32', '10.11.10.5/32'] + ## or pass from helm command line + ## Example: helm install ... --set nginx.service.loadBalancerSourceRanges='{10.10.10.5/32,10.11.10.5/32}' + loadBalancerSourceRanges: [] + annotations: {} + ## Which nodes in the cluster should be in the external load balancer pool (have external traffic routed to them) + ## Supported pool values + ## members + ## all + pool: members + + ## The following Java options are passed to the java process running Artifactory. + ## This will be passed to all cluster members. Primary and member nodes. + javaOpts: {} + # other: "" + + ## The following setting are to configure a dedicated Ingress object for Replicator service + replicator: + enabled: false + ingress: + name: + hosts: [] + annotations: {} + # kubernetes.io/ingress.class: nginx + # nginx.ingress.kubernetes.io/proxy-buffering: "off" + # nginx.ingress.kubernetes.io/configuration-snippet: | + # chunked_transfer_encoding on; + tls: [] + # Secrets must be manually created in the namespace. + # - hosts: + # - artifactory.domain.example + # secretName: chart-example-tls-secret + + ssh: + enabled: false + internalPort: 1339 + externalPort: 1339 + + annotations: {} + + ## Type specific configurations. + ## There is a difference between the primary and the member nodes. + ## Customising their resources and java parameters is done here. + primary: + name: artifactory-ha-primary + # preStartCommand specific to the primary node, to be run after artifactory.preStartCommand + # preStartCommand: + labels: {} + persistence: + ## Set existingClaim to true or false + ## If true, you must prepare a PVC with the name e.g `volume-myrelease-artifactory-ha-primary-0` + existingClaim: false + ## Resources for the primary node + resources: {} + # requests: + # memory: "1Gi" + # cpu: "500m" + # limits: + # memory: "2Gi" + # cpu: "1" + ## The following Java options are passed to the java process running Artifactory primary node. + ## You should set them according to the resources set above + javaOpts: + # xms: "1g" + # xmx: "2g" + corePoolSize: 16 + jmx: + enabled: false + port: 9010 + host: + ssl: false + # When authenticate is true, accessFile and passwordFile are required + authenticate: false + accessFile: + passwordFile: + # other: "" + nodeSelector: {} + + tolerations: [] + + affinity: {} + ## Only used if "affinity" is empty + podAntiAffinity: + ## Valid values are "soft" or "hard"; any other value indicates no anti-affinity + type: "" + topologyKey: "kubernetes.io/hostname" + + node: + name: artifactory-ha-member + # preStartCommand specific to the member node, to be run after artifactory.preStartCommand + # preStartCommand: + labels: {} + persistence: + ## Set existingClaim to true or false + ## If true, you must prepare a PVC with the name e.g `volume-myrelease-artifactory-ha-member-0` + existingClaim: false + replicaCount: 2 + minAvailable: 1 + ## Resources for the member nodes + resources: {} + # requests: + # memory: "1Gi" + # cpu: "500m" + # limits: + # memory: "2Gi" + # cpu: "1" + ## The following Java options are passed to the java process running Artifactory member nodes. + ## You should set them according to the resources set above + javaOpts: + # xms: "1g" + # xmx: "2g" + corePoolSize: 16 + jmx: + enabled: false + port: 9010 + host: + ssl: false + # When authenticate is true, accessFile and passwordFile are required + authenticate: false + accessFile: + passwordFile: + # other: "" + # xms: "1g" + # xmx: "2g" + # other: "" + nodeSelector: {} + + ## Wait for Artifactory primary + waitForPrimaryStartup: + enabled: true + + ## Setting time will override the built in test and will just wait the set time + time: + + tolerations: [] + + ## Complete specification of the "affinity" of the member nodes; if this is non-empty, + ## "podAntiAffinity" values are not used. + affinity: {} + + ## Only used if "affinity" is empty + podAntiAffinity: + ## Valid values are "soft" or "hard"; any other value indicates no anti-affinity + type: "" + topologyKey: "kubernetes.io/hostname" + +access: + ## Enable TLS by changing the tls entry (under the security section) in the access.config.yaml file. + ## ref: https://www.jfrog.com/confluence/display/JFROG/Managing+TLS+Certificates#ManagingTLSCertificates + ## When security.tls is set to true, JFrog Access will act as the Certificate Authority (CA) and sign the TLS certificates used by all the different JFrog Platform nodes. + ## This ensures that the node to node communication is done over TLS. + accessConfig: + security: + tls: false + + ## You can use a pre-existing secret by specifying customCertificatesSecretName + ## Example : Create a tls secret using `kubectl create secret tls --cert=ca.crt --key=ca.private.key` + # customCertificatesSecretName: + + ## When resetAccessCAKeys is true, Access will regenerate the CA certificate and matching private key + # resetAccessCAKeys: false + database: + maxOpenConnections: 80 + tomcat: + connector: + maxThreads: 50 + extraConfig: 'acceptCount="100"' + +metadata: + database: + maxOpenConnections: 80 + +# Init containers +initContainers: + resources: {} +# requests: +# memory: "64Mi" +# cpu: "10m" +# limits: +# memory: "128Mi" +# cpu: "250m" + + +# Nginx +nginx: + enabled: true + kind: Deployment + name: nginx + labels: {} + replicaCount: 1 + minAvailable: 0 + uid: 104 + gid: 107 + # Note that by default we use appVersion to get image tag/version + image: + repository: docker.bintray.io/jfrog/nginx-artifactory-pro + # version: + pullPolicy: IfNotPresent + + + # Sidecar containers for tailing Nginx logs + loggers: [] + # - access.log + # - error.log + + # Loggers containers resources + loggersResources: {} + # requests: + # memory: "64Mi" + # cpu: "25m" + # limits: + # memory: "128Mi" + # cpu: "50m" + + # Logs options + logs: + stderr: false + level: warn + + mainConf: | + # Main Nginx configuration file + worker_processes 4; + + {{ if .Values.nginx.logs.stderr }} + error_log stderr {{ .Values.nginx.logs.level }}; + {{- else -}} + error_log {{ .Values.nginx.persistence.mountPath }}/logs/error.log {{ .Values.nginx.logs.level }}; + {{- end }} + pid /tmp/nginx.pid; + + {{- if .Values.artifactory.ssh.enabled }} + ## SSH Server Configuration + stream { + server { + listen {{ .Values.nginx.ssh.internalPort }}; + proxy_pass {{ include "artifactory-ha.fullname" . }}:{{ .Values.artifactory.ssh.externalPort }}; + } + } + {{- end }} + + events { + worker_connections 1024; + } + http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + variables_hash_max_size 1024; + variables_hash_bucket_size 64; + server_names_hash_max_size 4096; + server_names_hash_bucket_size 128; + types_hash_max_size 2048; + types_hash_bucket_size 64; + proxy_read_timeout 2400s; + client_header_timeout 2400s; + client_body_timeout 2400s; + proxy_connect_timeout 75s; + proxy_send_timeout 2400s; + proxy_buffer_size 128k; + proxy_buffers 40 128k; + proxy_busy_buffers_size 128k; + proxy_temp_file_write_size 250m; + proxy_http_version 1.1; + client_body_buffer_size 128k; + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + log_format timing 'ip = $remote_addr ' + 'user = \"$remote_user\" ' + 'local_time = \"$time_local\" ' + 'host = $host ' + 'request = \"$request\" ' + 'status = $status ' + 'bytes = $body_bytes_sent ' + 'upstream = \"$upstream_addr\" ' + 'upstream_time = $upstream_response_time ' + 'request_time = $request_time ' + 'referer = \"$http_referer\" ' + 'UA = \"$http_user_agent\"'; + access_log {{ .Values.nginx.persistence.mountPath }}/logs/access.log timing; + sendfile on; + #tcp_nopush on; + keepalive_timeout 65; + #gzip on; + include /etc/nginx/conf.d/*.conf; + } + + artifactoryConf: | + {{- if .Values.nginx.https.enabled }} + ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; + ssl_certificate {{ .Values.nginx.persistence.mountPath }}/ssl/tls.crt; + ssl_certificate_key {{ .Values.nginx.persistence.mountPath }}/ssl/tls.key; + ssl_session_cache shared:SSL:1m; + ssl_prefer_server_ciphers on; + {{- end }} + ## server configuration + server { + {{- if .Values.nginx.internalPortHttps }} + listen {{ .Values.nginx.internalPortHttps }} ssl; + {{- else -}} + {{- if .Values.nginx.https.enabled }} + listen {{ .Values.nginx.https.internalPort }} ssl; + {{- end }} + {{- end }} + {{- if .Values.nginx.internalPortHttp }} + listen {{ .Values.nginx.internalPortHttp }}; + {{- else -}} + {{- if .Values.nginx.http.enabled }} + listen {{ .Values.nginx.http.internalPort }}; + {{- end }} + {{- end }} + server_name ~(?.+)\.{{ include "artifactory-ha.fullname" . }} {{ include "artifactory-ha.fullname" . }} + {{- range .Values.ingress.hosts -}} + {{- if contains "." . -}} + {{ "" | indent 0 }} ~(?.+)\.{{ . }} + {{- end -}} + {{- end -}}; + if ($http_x_forwarded_proto = '') { + set $http_x_forwarded_proto $scheme; + } + ## Application specific logs + ## access_log /var/log/nginx/artifactory-access.log timing; + ## error_log /var/log/nginx/artifactory-error.log; + rewrite ^/artifactory/?$ / redirect; + if ( $repo != "" ) { + rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/$repo/$1/$2 break; + } + chunked_transfer_encoding on; + client_max_body_size 0; + + location / { + proxy_read_timeout 900; + proxy_pass_header Server; + proxy_cookie_path ~*^/.* /; + proxy_pass {{ include "artifactory-ha.scheme" . }}://{{ include "artifactory-ha.fullname" . }}:{{ .Values.artifactory.externalPort }}/; + {{- if .Values.nginx.service.ssloffload}} + proxy_set_header X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host; + {{- else }} + proxy_set_header X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host:$server_port; + proxy_set_header X-Forwarded-Port $server_port; + {{- end }} + proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + location /artifactory/ { + if ( $request_uri ~ ^/artifactory/(.*)$ ) { + proxy_pass {{ include "artifactory-ha.scheme" . }}://{{ include "artifactory-ha.fullname" . }}:{{ .Values.artifactory.externalArtifactoryPort }}/artifactory/$1; + } + proxy_pass {{ include "artifactory-ha.scheme" . }}://{{ include "artifactory-ha.fullname" . }}:{{ .Values.artifactory.externalArtifactoryPort }}/artifactory/; + } + } + } + + service: + ## For minikube, set this to NodePort, elsewhere use LoadBalancer + type: LoadBalancer + ssloffload: false + ## For supporting whitelist on the Nginx LoadBalancer service + ## Set this to a list of IP CIDR ranges + ## Example: loadBalancerSourceRanges: ['10.10.10.5/32', '10.11.10.5/32'] + ## or pass from helm command line + ## Example: helm install ... --set nginx.service.loadBalancerSourceRanges='{10.10.10.5/32,10.11.10.5/32}' + loadBalancerSourceRanges: [] + ## Provide static ip address + loadBalancerIP: + ## There are two available options: “Cluster” (default) and “Local”. + externalTrafficPolicy: Cluster + labels: {} + # label-key: label-value + http: + enabled: true + externalPort: 80 + internalPort: 80 + https: + enabled: true + externalPort: 443 + internalPort: 443 + # DEPRECATED: The following will be replaced by L1065-L1076 in a future release + # externalPortHttp: 80 + # internalPortHttp: 80 + # externalPortHttps: 443 + # internalPortHttps: 443 + + ssh: + internalPort: 1339 + externalPort: 1339 + + ## The following settings are to configure the frequency of the liveness and readiness probes + livenessProbe: + enabled: true + path: /router/api/v1/system/health + initialDelaySeconds: 180 + failureThreshold: 10 + timeoutSeconds: 10 + periodSeconds: 10 + successThreshold: 1 + + readinessProbe: + enabled: true + path: /router/api/v1/system/health + initialDelaySeconds: 120 + failureThreshold: 10 + timeoutSeconds: 10 + periodSeconds: 10 + successThreshold: 1 + ## The SSL secret that will be used by the Nginx pod + # tlsSecretName: chart-example-tls + ## Custom ConfigMap for nginx.conf + customConfigMap: + ## Custom ConfigMap for artifactory.conf + customArtifactoryConfigMap: + persistence: + mountPath: "/var/opt/jfrog/nginx" + enabled: false + ## A manually managed Persistent Volume and Claim + ## Requires persistence.enabled: true + ## If defined, PVC must be created manually before volume will be bound + # existingClaim: + + accessMode: ReadWriteOnce + size: 5Gi + ## nginx data Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClassName: "-" + resources: {} + # requests: + # memory: "250Mi" + # cpu: "100m" + # limits: + # memory: "250Mi" + # cpu: "500m" + + nodeSelector: {} + + tolerations: [] + + affinity: {} + +# Filebeat Sidecar container +## The provided filebeat configuration is for Artifactory logs. It assumes you have a logstash installed and configured properly. +filebeat: + enabled: false + name: artifactory-filebeat + image: + repository: "docker.elastic.co/beats/filebeat" + version: 7.5.1 + logstashUrl: "logstash:5044" + + terminationGracePeriod: 10 + + livenessProbe: + exec: + command: + - sh + - -c + - | + #!/usr/bin/env bash -e + curl --fail 127.0.0.1:5066 + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + + readinessProbe: + exec: + command: + - sh + - -c + - | + #!/usr/bin/env bash -e + filebeat test output + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + + resources: {} +# requests: +# memory: "100Mi" +# cpu: "100m" +# limits: +# memory: "100Mi" +# cpu: "100m" + + filebeatYml: | + logging.level: info + path.data: {{ .Values.artifactory.persistence.mountPath }}/log/filebeat + name: artifactory-filebeat + queue.spool: ~ + filebeat.inputs: + - type: log + enabled: true + close_eof: ${CLOSE:false} + paths: + - {{ .Values.artifactory.persistence.mountPath }}/log/*.log + fields: + service: "jfrt" + log_type: "artifactory" + output: + logstash: + hosts: ["{{ .Values.filebeat.logstashUrl }}"] diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/.helmignore b/charts/artifactory-ha/artifactory-ha/4.13.000/.helmignore new file mode 100644 index 000000000..c7eb1e274 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +OWNERS \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/CHANGELOG.md b/charts/artifactory-ha/artifactory-ha/4.13.000/CHANGELOG.md new file mode 100644 index 000000000..8d287d283 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/CHANGELOG.md @@ -0,0 +1,1048 @@ +# JFrog Artifactory-ha Chart Changelog +All changes to this chart will be documented in this file. + +## [4.13.0] - April 5, 2021 +* **IMPORTANT** +* Added `charts.jfrog.io` as default JFrog Helm repository +* Updated Artifactory version to 7.17.5 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.17.5) + +## [4.12.2] - Mar 31, 2021 +* Updated Artifactory version to 7.17.4 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.17.4) + +## [4.12.1] - Mar 30, 2021 +* Updated Artifactory version to 7.17.3 +* Add `timeoutSeconds` to all exec probes - Please refer [here](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes) + +## [4.12.0] - Mar 24, 2021 +* Updated Artifactory version to 7.17.2 +* Optimized startupProbe time + +## [4.11.0] - Mar 18, 2021 +* Add support to startupProbe + +## [4.10.0] - Mar 15, 2021 +* Updated Artifactory version to 7.16.3 + +## [4.9.5] - Mar 09, 2021 +* Added HSTS header to nginx conf + +## [4.9.4] - Mar 9, 2021 +* Removed bintray URL references in the chart + +## [4.9.3] - Mar 04, 2021 +* Updated Artifactory version to 7.15.4 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.15.4) + +## [4.9.2] - Mar 04, 2021 +* Fixed creation of nginx-certificate-secret when Nginx is disabled + +## [4.9.1] - Feb 19, 2021 +* Update busybox tag version to `1.32.1` + +## [4.9.0] - Feb 18, 2021 +* Updated Artifactory version to 7.15.3 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.15.3) +* Add option to specify update strategy for Artifactory statefulset + +## [4.8.1] - Feb 11, 2021 +* Exposed "multiPartLimit" and "multipartElementSize" for the Azure Blob Storage Binary Provider + +## [4.8.0] - Feb 08, 2021 +* Updated Artifactory version to 7.12.8 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.12.8) +* Support for custom certificates using secrets +* **Important:** Switched docker images download from `docker.bintray.io` to `releases-docker.jfrog.io` +* Update alpine tag version to `3.13.1` + +## [4.7.9] - Feb 3, 2021 +* Fix copyOnEveryStartup for HA cluster license + +## [4.7.8] - Jan 25, 2021 +* Add support for hostAliases + +## [4.7.7] - Jan 11, 2021 +* Fix failures when using creds file for configurating google storage + +## [4.7.6] - Jan 11, 2021 +* Updated Artifactory version to 7.12.6 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.12.6) + +## [4.7.5] - Jan 07, 2021 +* Added support for optional tracker dedicated ingress `.Values.artifactory.replicator.trackerIngress.enabled` (defaults to false) + +## [4.7.4] - Jan 04, 2021 +* Fixed gid support for statefulset + +## [4.7.3] - Dec 31, 2020 +* Added gid support for statefulset +* Add setSecurityContext flag to allow securityContext block to be removed from artifactory statefulset + +## [4.7.2] - Dec 29, 2020 +* **Important:** Removed `.Values.metrics` and `.Values.fluentd` (Fluentd and Prometheus integrations) +* Add support for creating additional kubernetes resources - [refer here](https://github.com/jfrog/log-analytics-prometheus/blob/master/artifactory-ha-values.yaml) +* Updated Artifactory version to 7.12.5 + +## [4.7.1] - Dec 21, 2020 +* Updated Artifactory version to 7.12.3 + +## [4.7.0] - Dec 18, 2020 +* Updated Artifactory version to 7.12.2 +* Added `.Values.artifactory.openMetrics.enabled` + +## [4.6.1] - Dec 11, 2020 +* Added configurable `.Values.global.versions.artifactory` in values.yaml + +## [4.6.0] - Dec 10, 2020 +* Update postgresql tag version to `12.5.0-debian-10-r25` +* Fixed `artifactory.persistence.googleStorage.endpoint` from `storage.googleapis.com` to `commondatastorage.googleapis.com` +* Updated chart maintainers email + +## [4.5.5] - Dec 4, 2020 +* **Important:** Renamed `.Values.systemYaml` to `.Values.systemYamlOverride` + +## [4.5.4] - Dec 1, 2020 +* Improve error message returned when attempting helm upgrade command + +## [4.5.3] - Nov 30, 2020 +* Updated Artifactory version to 7.11.5 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.11) + +# [4.5.2] - Nov 23, 2020 +* Updated Artifactory version to 7.11.2 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.11) +* Updated port namings on services and pods to allow for istio protocol discovery +* Change semverCompare checks to support hosted Kubernetes +* Add flag to disable creation of ServiceMonitor when enabling prometheus metrics +* Prevent the PostHook command to be executed if the user did not specify a command in the values file +* Fix issue with tls file generation when nginx.https.enabled is false + +## [4.5.1] - Nov 19, 2020 +* Updated Artifactory version to 7.11.2 +* Bugfix - access.config.import.xml override Access Federation configurations + +## [4.5.0] - Nov 17, 2020 +* Updated Artifactory version to 7.11.1 +* Update alpine tag version to `3.12.1` + +## [4.4.6] - Nov 10, 2020 +* Pass system.yaml via external secret for advanced usecases +* Added support for custom ingress +* Bugfix - stateful set not picking up changes to database secrets + +## [4.4.5] - Nov 9, 2020 +* Updated Artifactory version to 7.10.6 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.10.6) + +## [4.4.4] - Nov 2, 2020 +* Add enablePathStyleAccess property for aws-s3-v3 binary provider template + +## [4.4.3] - Nov 2, 2020 +* Updated Artifactory version to 7.10.5 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.10.5) + +## [4.4.2] - Oct 22, 2020 +* Chown bug fix where Linux capability cannot chown all files causing log line warnings +* Fix Frontend timeout linting issue + +## [4.4.1] - Oct 20, 2020 +* Add flag to disable prepare-custom-persistent-volume init container + +## [4.4.0] - Oct 19, 2020 +* Updated Artifactory version to 7.10.2 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.10.2) + +## [4.3.4] - Oct 19, 2020 +* Add support to specify priorityClassName for nginx deployment + +## [4.3.3] - Oct 15, 2020 +* Fixed issue with node PodDisruptionBudget which also getting applied on the primary +* Fix mandatory masterKey check issue when upgrading from 6.x to 7.x + +## [4.3.2] - Oct 14, 2020 +* Add support to allow more than 1 Primary in Artifactory-ha STS + +## [4.3.1] - Oct 9, 2020 +* Add global support for customInitContainersBegin + +## [4.3.0] - Oct 07, 2020 +* Updated Artifactory version to 7.9.1 +* **Breaking change:** Fix `storageClass` to correct `storageClassName` in values.yaml + +## [4.2.0] - Oct 5, 2020 +* Expose Prometheus metrics via a ServiceMonitor +* Parse log files for metric data with Fluentd + +## [4.1.0] - Sep 30, 2020 +* Updated Artifactory version to 7.9.0 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.9) + +## [4.0.12] - Sep 25, 2020 +* Update to use linux capability CAP_CHOWN instead of root base init container to avoid any use of root containers to pass Redhat security requirements + +## [4.0.11] - Sep 28, 2020 +* Setting chart coordinates in migitation yaml + +## [4.0.10] - Sep 25, 2020 +* Update filebeat version to `7.9.2` + +## [4.0.9] - Sep 24, 2020 +* Fixed broken issue - when setting `waitForDatabase:false` container startup still waits for DB + +## [4.0.8] - Sep 22, 2020 +* Updated readme + +## [4.0.7] - Sep 22, 2020 +* Fix lint issue in migitation yaml + +## [4.0.6] - Sep 22, 2020 +* Fix broken migitation yaml + +## [4.0.5] - Sep 21, 2020 +* Added mitigation yaml for Artifactory - [More info](https://github.com/jfrog/chartcenter/blob/master/docs/securitymitigationspec.md) + +## [4.0.4] - Sep 17, 2020 +* Added configurable session(UI) timeout in frontend microservice + +## [4.0.3] - Sep 17, 2020 +* Fix small typo in README and added proper required text to be shown while postgres upgrades + +## [4.0.2] - Sep 14, 2020 +* Updated Artifactory version to 7.7.8 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.7.8) + +## [4.0.1] - Sep 8, 2020 +* Added support for artifactory pro license (single node) installation. + +## [4.0.0] - Sep 2, 2020 +* **Breaking change:** Changed `imagePullSecrets` value from string to list +* **Breaking change:** Added `image.registry` and changed `image.version` to `image.tag` for docker images +* Added support for global values +* Updated maintainers in chart.yaml +* Update postgresql tag version to `12.3.0-debian-10-r71` +* Update postgresqlsub chart version to `9.3.4` - [9.x Upgrade Notes](https://github.com/bitnami/charts/tree/master/bitnami/postgresql#900) +* **IMPORTANT** +* If this is a new deployment or you already use an external database (`postgresql.enabled=false`), these changes **do not affect you**! +* If this is an upgrade and you are using the default PostgreSQL (`postgresql.enabled=true`), you need to pass previous 9.x/10.x's postgresql.image.tag and databaseUpgradeReady=true. + +## [3.1.0] - Aug 13, 2020 +* Updated Artifactory version to 7.7.3 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.7) + +## [3.0.15] - Aug 10, 2020 +* Added enableSignedUrlRedirect for persistent storage type aws-s3-v3. + +## [3.0.14] - Jul 31, 2020 +* Update the README section on Nginx SSL termination to reflect the actual YAML structure. + +## [3.0.13] - Jul 30, 2020 +* Added condition to disable the migration scripts. + +## [3.0.12] - Jul 29, 2020 +* Document Artifactory node affinity. + +## [3.0.11] - Jul 28, 2020 +* Added maxConnections for persistent storage type aws-s3-v3. + +## [3.0.10] - Jul 28, 2020 +Bugfix / support for userPluginSecrets with Artifactory 7 + +## [3.0.9] - Jul 27, 2020 +* Add tpl to external database secrets. +* Modified `scheme` to `artifactory-ha.scheme` + +## [3.0.8] - Jul 23, 2020 +* Added condition to disable the migration init container. + +## [3.0.7] - Jul 21, 2020 +* Updated Artifactory-ha Chart to add node and primary labels to pods and service objects. + +## [3.0.6] - Jul 20, 2020 +* Support custom CA and certificates + +## [3.0.5] - Jul 13, 2020 +* Updated Artifactory version to 7.6.3 - https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.6.3 +* Fixed Mysql database jar path in `preStartCommand` in README + +## [3.0.4] - Jul 8, 2020 +* Move some postgresql values to where they should be according to the subchart + +## [3.0.3] - Jul 8, 2020 +* Set Artifactory access client connections to the same value as the access threads. + +## [3.0.2] - Jul 6, 2020 +* Updated Artifactory version to 7.6.2 +* **IMPORTANT** +* Added ChartCenter Helm repository in README + +## [3.0.1] - Jul 01, 2020 +* Add dedicated ingress object for Replicator service when enabled + +## [3.0.0] - Jun 30, 2020 +* Update postgresql tag version to `10.13.0-debian-10-r38` +* Update alpine tag version to `3.12` +* Update busybox tag version to `1.31.1` +* **IMPORTANT** +* If this is a new deployment or you already use an external database (`postgresql.enabled=false`), these changes **do not affect you**! +* If this is an upgrade and you are using the default PostgreSQL (`postgresql.enabled=true`), you need to pass postgresql.image.tag=9.6.18-debian-10-r7 and databaseUpgradeReady=true + +## [2.6.0] - Jun 29, 2020 +* Updated Artifactory version to 7.6.1 - https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.6.1 +* Add tpl for external database secrets + +## [2.5.8] - Jun 25, 2020 +* Stop loading the Nginx stream module because it is now a core module + +## [2.5.7] - Jun 18, 2020 +* Fixes bootstrap configMap issue on member node + +## [2.5.6] - Jun 11, 2020 +* Support list of custom secrets + +## [2.5.5] - Jun 11, 2020 +* NOTES.txt fixed incorrect information + +## [2.5.4] - Jun 12, 2020 +* Updated Artifactory version to 7.5.7 - https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.5.7 + +## [2.5.3] - Jun 8, 2020 +* Statically setting primary service type to ClusterIP. +* Prevents primary service from being exposed publicly when using LoadBalancer type on cloud providers. + +## [2.5.2] - Jun 8, 2020 +* Readme update - configuring Artifactory with oracledb + +## [2.5.1] - Jun 5, 2020 +* Fixes broken PDB issue upgrading from 6.x to 7.x + +## [2.5.0] - Jun 1, 2020 +* Updated Artifactory version to 7.5.5 - https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.5 +* Fixes bootstrap configMap permission issue +* Update postgresql tag version to `9.6.18-debian-10-r7` + +## [2.4.10] - May 27, 2020 +* Added Tomcat maxThreads & acceptCount + +## [2.4.9] - May 25, 2020 +* Fixed postgresql README `image` Parameters + +## [2.4.8] - May 24, 2020 +* Fixed typo in README regarding migration timeout + +## [2.4.7] - May 19, 2020 +* Added metadata maxOpenConnections + +## [2.4.6] - May 07, 2020 +* Fix `installerInfo` string format + +## [2.4.5] - Apr 27, 2020 +* Updated Artifactory version to 7.4.3 + +## [2.4.4] - Apr 27, 2020 +* Change customInitContainers order to run before the "migration-ha-artifactory" initContainer + +## [2.4.3] - Apr 24, 2020 +* Fix `artifactory.persistence.awsS3V3.useInstanceCredentials` incorrect conditional logic +* Bump postgresql tag version to `9.6.17-debian-10-r72` in values.yaml + +## [2.4.2] - Apr 16, 2020 +* Custom volume mounts in migration init container. + +## [2.4.1] - Apr 16, 2020 +* Fix broken support for gcpServiceAccount for googleStorage + +## [2.4.0] - Apr 14, 2020 +* Updated Artifactory version to 7.4.1 + +## [2.3.1] - April 13, 2020 +* Update README with helm v3 commands + +## [2.3.0] - April 10, 2020 +* Use dependency charts from `https://charts.bitnami.com/bitnami` +* Bump postgresql chart version to `8.7.3` in requirements.yaml +* Bump postgresql tag version to `9.6.17-debian-10-r21` in values.yaml + +## [2.2.11] - Apr 8, 2020 +* Added recommended ingress annotation to avoid 413 errors + +## [2.2.10] - Apr 8, 2020 +* Moved migration scripts under `files` directory +* Support preStartCommand in migration Init container as `artifactory.migration.preStartCommand` + +## [2.2.9] - Apr 01, 2020 +* Support masterKey and joinKey as secrets + +## [2.2.8] - Apr 01, 2020 +* Ensure that the join key is also copied when provided by an external secret +* Migration container in primary and node statefulset now respects custom versions and the specified node/primary resources + +## [2.2.7] - Apr 01, 2020 +* Added cache-layer in chain definition of Google Cloud Storage template +* Fix readme use to `-hex 32` instead of `-hex 16` + +## [2.2.6] - Mar 31, 2020 +* Change the way the artifactory `command:` is set so it will properly pass a SIGTERM to java + +## [2.2.5] - Mar 31, 2020 +* Removed duplicate `artifactory-license` volume from primary node + +## [2.2.4] - Mar 31, 2020 +* Restore `artifactory-license` volume for the primary node + +## [2.2.3] - Mar 29, 2020 +* Add Nginx log options: stderr as logfile and log level + +## [2.2.2] - Mar 30, 2020 +* Apply initContainers.resources to `copy-system-yaml`, `prepare-custom-persistent-volume`, and `migration-artifactory-ha` containers +* Use the same defaulting mechanism used for the artifactory version used elsewhere in the chart +* Removed duplicate `artifactory-license` volume that prevented using an external secret + +## [2.2.1] - Mar 29, 2020 +* Fix loggers sidecars configurations to support new file system layout and new log names + +## [2.2.0] - Mar 29, 2020 +* Fix broken admin user bootstrap configuration +* **Breaking change:** renamed `artifactory.accessAdmin` to `artifactory.admin` + +## [2.1.3] - Mar 24, 2020 +* Use `postgresqlExtendedConf` for setting custom PostgreSQL configuration (instead of `postgresqlConfiguration`) + +## [2.1.2] - Mar 21, 2020 +* Support for SSL offload in Nginx service(LoadBalancer) layer. Introduced `nginx.service.ssloffload` field with boolean type. + +## [2.1.1] - Mar 23, 2020 +* Moved installer info to values.yaml so it is fully customizable + +## [2.1.0] - Mar 23, 2020 +* Updated Artifactory version to 7.3.2 + +## [2.0.36] - Mar 20, 2020 +* Add support GCP credentials.json authentication + +## [2.0.35] - Mar 20, 2020 +* Add support for masterKey trim during 6.x to 7.x migration if 6.x masterKey is 32 hex (64 characters) + +## [2.0.34] - Mar 19, 2020 +* Add support for NFS directories `haBackupDir` and `haDataDir` + +## [2.0.33] - Mar 18, 2020 +* Increased Nginx proxy_buffers size + +## [2.0.32] - Mar 17, 2020 +* Changed all single quotes to double quotes in values files +* useInstanceCredentials variable was declared in S3 settings but not used in chart. Now it is being used. + +## [2.0.31] - Mar 17, 2020 +* Fix rendering of Service Account annotations + +## [2.0.30] - Mar 16, 2020 +* Add Unsupported message from 6.18 to 7.2.x (migration) + +## [2.0.29] - Mar 11, 2020 +* Upgrade Docs update + +## [2.0.28] - Mar 11, 2020 +* Unified charts public release + +## [2.0.27] - Mar 8, 2020 +* Add an optional wait for primary node to be ready with a proper test for http status + +## [2.0.23] - Mar 6, 2020 +* Fix path to `/artifactory_bootstrap` +* Add support for controlling the name of the ingress and allow to set more than one cname + +## [2.0.22] - Mar 4, 2020 +* Add support for disabling `consoleLog` in `system.yaml` file + +## [2.0.21] - Feb 28, 2020 +* Add support to process `valueFrom` for extraEnvironmentVariables + +## [2.0.20] - Feb 26, 2020 +* Store join key to secret + +## [2.0.19] - Feb 26, 2020 +* Updated Artifactory version to 7.2.1 + +## [2.0.12] - Feb 07, 2020 +* Remove protection flag `databaseUpgradeReady` which was added to check internal postgres upgrade + +## [2.0.0] - Feb 07, 2020 +* Updated Artifactory version to 7.0.0 + +## [1.4.10] - Feb 13, 2020 +* Add support for SSH authentication to Artifactory + +## [1.4.9] - Feb 10, 2020 +* Fix custom DB password indention + +## [1.4.8] - Feb 9, 2020 +* Add support for `tpl` in the `postStartCommand` + +## [1.4.7] - Feb 4, 2020 +* Support customisable Nginx kind + +## [1.4.6] - Feb 2, 2020 +* Add a comment stating that it is recommended to use an external PostgreSQL with a static password for production installations + +## [1.4.5] - Feb 2, 2020 +* Add support for primary or member node specific preStartCommand + +## [1.4.4] - Jan 30, 2020 +* Add the option to configure resources for the logger containers + +## [1.4.3] - Jan 26, 2020 +* Improve `database.user` and `database.password` logic in order to support more use cases and make the configuration less repetitive + +## [1.4.2] - Jan 22, 2020 +* Refined pod disruption budgets to separate nginx and Artifactory pods + +## [1.4.1] - Jan 19, 2020 +* Fix replicator port config in nginx replicator configmap + +## [1.4.0] - Jan 19, 2020 +* Updated Artifactory version to 6.17.0 + +## [1.3.8] - Jan 16, 2020 +* Added example for external nginx-ingress + +## [1.3.7] - Jan 07, 2020 +* Add support for customizable `mountOptions` of NFS PVs + +## [1.3.6] - Dec 30, 2019 +* Fix for nginx probes failing when launched with http disabled + +## [1.3.5] - Dec 24, 2019 +* Better support for custom `artifactory.internalPort` + +## [1.3.4] - Dec 23, 2019 +* Mark empty map values with `{}` + +## [1.3.3] - Dec 16, 2019 +* Another fix for toggling nginx service ports + +## [1.3.2] - Dec 12, 2019 +* Fix for toggling nginx service ports + +## [1.3.1] - Dec 10, 2019 +* Add support for toggling nginx service ports + +## [1.3.0] - Dec 1, 2019 +* Updated Artifactory version to 6.16.0 + +## [1.2.4] - Nov 28, 2019 +* Add support for using existing PriorityClass + +## [1.2.3] - Nov 27, 2019 +* Add support for PriorityClass + +## [1.2.2] - Nov 20, 2019 +* Update Artifactory logo + +## [1.2.1] - Nov 18, 2019 +* Add the option to provide service account annotations (in order to support stuff like https://docs.aws.amazon.com/eks/latest/userguide/specify-service-account-role.html) + +## [1.2.0] - Nov 18, 2019 +* Updated Artifactory version to 6.15.0 + +## [1.1.12] - Nov 17, 2019 +* Fix `README.md` format (broken table) + +## [1.1.11] - Nov 17, 2019 +* Update comment on Artifactory master key + +## [1.1.10] - Nov 17, 2019 +* Fix creation of double slash in nginx artifactory configuration + +## [1.1.9] - Nov 14, 2019 +* Set explicit `postgresql.postgresqlPassword=""` to avoid helm v3 error + +## [1.1.8] - Nov 12, 2019 +* Updated Artifactory version to 6.14.1 + +## [1.1.7] - Nov 11, 2019 +* Additional documentation for masterKey + +## [1.1.6] - Nov 10, 2019 +* Update PostgreSQL chart version to 7.0.1 +* Use formal PostgreSQL configuration format + +## [1.1.5] - Nov 8, 2019 +* Add support `artifactory.service.loadBalancerSourceRanges` for whitelisting when setting `artifactory.service.type=LoadBalancer` + +## [1.1.4] - Nov 6, 2019 +* Add support for any type of environment variable by using `extraEnvironmentVariables` as-is + +## [1.1.3] - Nov 6, 2019 +* Add nodeselector support for Postgresql + +## [1.1.2] - Nov 5, 2019 +* Add support for the aws-s3-v3 filestore, which adds support for pod IAM roles + +## [1.1.1] - Nov 4, 2019 +* When using `copyOnEveryStartup`, make sure that the target base directories are created before copying the files + +## [1.1.0] - Nov 3, 2019 +* Updated Artifactory version to 6.14.0 + +## [1.0.1] - Nov 3, 2019 +* Make sure the artifactory pod exits when one of the pre-start stages fail + +## [1.0.0] - Oct 27, 2019 +**IMPORTANT - BREAKING CHANGES!**
+**DOWNTIME MIGHT BE REQUIRED FOR AN UPGRADE!** +* If this is a new deployment or you already use an external database (`postgresql.enabled=false`), these changes **do not affect you**! +* If this is an upgrade and you are using the default PostgreSQL (`postgresql.enabled=true`), must use the upgrade instructions in [UPGRADE_NOTES.md](UPGRADE_NOTES.md)! +* PostgreSQL sub chart was upgraded to version `6.5.x`. This version is **not backward compatible** with the old version (`0.9.5`)! +* Note the following **PostgreSQL** Helm chart changes + * The chart configuration has changed! See [values.yaml](values.yaml) for the new keys used + * **PostgreSQL** is deployed as a StatefulSet + * See [PostgreSQL helm chart](https://hub.helm.sh/charts/stable/postgresql) for all available configurations + +## [0.17.3] - Oct 24, 2019 +* Change the preStartCommand to support templating + +## [0.17.2] - Oct 21, 2019 +* Add support for setting `artifactory.primary.labels` +* Add support for setting `artifactory.node.labels` +* Add support for setting `nginx.labels` + +## [0.17.1] - Oct 10, 2019 +* Updated Artifactory version to 6.13.1 + +## [0.17.0] - Oct 7, 2019 +* Updated Artifactory version to 6.13.0 + +## [0.16.7] - Sep 24, 2019 +* Option to skip wait-for-db init container with '--set waitForDatabase=false' + +## [0.16.6] - Sep 24, 2019 +* Add support for setting `nginx.service.labels` + +## [0.16.5] - Sep 23, 2019 +* Add support for setting `artifactory.customInitContainersBegin` + +## [0.16.4] - Sep 20, 2019 +* Add support for setting `initContainers.resources` + +## [0.16.3] - Sep 11, 2019 +* Updated Artifactory version to 6.12.2 + +## [0.16.2] - Sep 9, 2019 +* Updated Artifactory version to 6.12.1 + +## [0.16.1] - Aug 22, 2019 +* Fix the nginx server_name directive used with ingress.hosts + +## [0.16.0] - Aug 21, 2019 +* Updated Artifactory version to 6.12.0 + +## [0.15.15] - Aug 18, 2019 +* Fix existingSharedClaim permissions issue and example + +## [0.15.14] - Aug 14, 2019 +* Updated Artifactory version to 6.11.6 + +## [0.15.13] - Aug 11, 2019 +* Fix Ingress routing and add an example + +## [0.15.12] - Aug 6, 2019 +* Do not mount `access/etc/bootstrap.creds` unless user specifies a custom password or secret (Access already generates a random password if not provided one) +* If custom `bootstrap.creds` is provided (using keys or custom secret), prepare it with an init container so the temp file does not persist + +## [0.15.11] - Aug 5, 2019 +* Improve binarystore config + 1. Convert to a secret + 2. Move config to values.yaml + 3. Support an external secret + +## [0.15.10] - Aug 5, 2019 +* Don't create the nginx configmaps when nginx.enabled is false + +## [0.15.9] - Aug 1, 2019 +* Fix masterkey/masterKeySecretName not specified warning render logic in NOTES.txt + +## [0.15.8] - Jul 28, 2019 +* Simplify nginx setup and shorten initial wait for probes + +## [0.15.7] - Jul 25, 2019 +* Updated README about how to apply Artifactory licenses + +## [0.15.6] - Jul 22, 2019 +* Change Ingress API to be compatible with recent kubernetes versions + +## [0.15.5] - Jul 22, 2019 +* Updated Artifactory version to 6.11.3 + +## [0.15.4] - Jul 11, 2019 +* Add `artifactory.customVolumeMounts` support to member node statefulset template + +## [0.15.3] - Jul 11, 2019 +* Add ingress.hosts to the Nginx server_name directive when ingress is enabled to help with Docker repository sub domain configuration + +## [0.15.2] - Jul 3, 2019 +* Add the option for changing nginx config using values.yaml and remove outdated reverse proxy documentation + +## [0.15.1] - Jul 1, 2019 +* Updated Artifactory version to 6.11.1 + +## [0.15.0] - Jun 27, 2019 +* Updated Artifactory version to 6.11.0 and Restart Primary node when bootstrap.creds file has been modified in artifactory-ha + +## [0.14.4] - Jun 24, 2019 +* Add the option to provide an IP for the access-admin endpoints + +## [0.14.3] - Jun 24, 2019 +* Update chart maintainers + +## [0.14.2] - Jun 24, 2019 +* Change Nginx to point to the artifactory externalPort + +## [0.14.1] - Jun 23, 2019 +* Add values files for small, medium and large installations + +## [0.14.0] - Jun 20, 2019 +* Use ConfigMaps for nginx configuration and remove nginx postStart command + +## [0.13.10] - Jun 19, 2019 +* Updated Artifactory version to 6.10.4 + +## [0.13.9] - Jun 18, 2019 +* Add the option to provide additional ingress rules + +## [0.13.8] - Jun 14, 2019 +* Updated readme with improved external database setup example + +## [0.13.7] - Jun 6, 2019 +* Updated Artifactory version to 6.10.3 +* Updated installer-info template + +## [0.13.6] - Jun 6, 2019 +* Updated Google Cloud Storage API URL and https settings + +## [0.13.5] - Jun 5, 2019 +* Delete the db.properties file on Artifactory startup + +## [0.13.4] - Jun 3, 2019 +* Updated Artifactory version to 6.10.2 + +## [0.13.3] - May 21, 2019 +* Updated Artifactory version to 6.10.1 + +## [0.13.2] - May 19, 2019 +* Fix missing logger image tag + +## [0.13.1] - May 15, 2019 +* Support `artifactory.persistence.cacheProviderDir` for on-premise cluster + +## [0.13.0] - May 7, 2019 +* Updated Artifactory version to 6.10.0 + +## [0.12.23] - May 5, 2019 +* Add support for setting `artifactory.async.corePoolSize` + +## [0.12.22] - May 2, 2019 +* Remove unused property `artifactory.releasebundle.feature.enabled` + +## [0.12.21] - Apr 30, 2019 +* Add support for JMX monitoring + +## [0.12.20] - Apr29, 2019 +* Added support for headless services + +## [0.12.19] - Apr 28, 2019 +* Added support for `cacheProviderDir` + +## [0.12.18] - Apr 18, 2019 +* Changing API StatefulSet version to `v1` and permission fix for custom `artifactory.conf` for Nginx + +## [0.12.17] - Apr 16, 2019 +* Updated documentation for Reverse Proxy Configuration + +## [0.12.16] - Apr 12, 2019 +* Added support for `customVolumeMounts` + +## [0.12.15] - Aprl 12, 2019 +* Added support for `bucketExists` flag for googleStorage + +## [0.12.14] - Apr 11, 2019 +* Replace `curl` examples with `wget` due to the new base image + +## [0.12.13] - Aprl 07, 2019 +* Add support for providing the Artifactory license as a parameter + +## [0.12.12] - Apr 10, 2019 +* Updated Artifactory version to 6.9.1 + +## [0.12.11] - Aprl 04, 2019 +* Add support for templated extraEnvironmentVariables + +## [0.12.10] - Aprl 07, 2019 +* Change network policy API group + +## [0.12.9] - Aprl 04, 2019 +* Apply the existing PVC for members (in addition to primary) + +## [0.12.8] - Aprl 03, 2019 +* Bugfix for userPluginSecrets + +## [0.12.7] - Apr 4, 2019 +* Add information about upgrading Artifactory with auto-generated postgres password + +## [0.12.6] - Aprl 03, 2019 +* Added installer info + +## [0.12.5] - Aprl 03, 2019 +* Allow secret names for user plugins to contain template language + +## [0.12.4] - Apr 02, 2019 +* Fix issue #253 (use existing PVC for data and backup storage) + +## [0.12.3] - Apr 02, 2019 +* Allow NetworkPolicy configurations (defaults to allow all) + +## [0.12.2] - Aprl 01, 2019 +* Add support for user plugin secret + +## [0.12.1] - Mar 26, 2019 +* Add the option to copy a list of files to ARTIFACTORY_HOME on startup + +## [0.12.0] - Mar 26, 2019 +* Updated Artifactory version to 6.9.0 + +## [0.11.18] - Mar 25, 2019 +* Add CI tests for persistence, ingress support and nginx + +## [0.11.17] - Mar 22, 2019 +* Add the option to change the default access-admin password + +## [0.11.16] - Mar 22, 2019 +* Added support for `.Probe.path` to customise the paths used for health probes + +## [0.11.15] - Mar 21, 2019 +* Added support for `artifactory.customSidecarContainers` to create custom sidecar containers +* Added support for `artifactory.customVolumes` to create custom volumes + +## [0.11.14] - Mar 21, 2019 +* Make ingress path configurable + +## [0.11.13] - Mar 19, 2019 +* Move the copy of bootstrap config from postStart to preStart for Primary + +## [0.11.12] - Mar 19, 2019 +* Fix existingClaim example + +## [0.11.11] - Mar 18, 2019 +* Disable the option to use nginx PVC with more than one replica + +## [0.11.10] - Mar 15, 2019 +* Wait for nginx configuration file before using it + +## [0.11.9] - Mar 15, 2019 +* Revert securityContext changes since they were causing issues + +## [0.11.8] - Mar 15, 2019 +* Fix issue #247 (init container failing to run) + +## [0.11.7] - Mar 14, 2019 +* Updated Artifactory version to 6.8.7 + +## [0.11.6] - Mar 13, 2019 +* Move securityContext to container level + +## [0.11.5] - Mar 11, 2019 +* Add the option to use existing volume claims for Artifactory storage + +## [0.11.4] - Mar 11, 2019 +* Updated Artifactory version to 6.8.6 + +## [0.11.3] - Mar 5, 2019 +* Updated Artifactory version to 6.8.4 + +## [0.11.2] - Mar 4, 2019 +* Add support for catalina logs sidecars + +## [0.11.1] - Feb 27, 2019 +* Updated Artifactory version to 6.8.3 + +## [0.11.0] - Feb 25, 2019 +* Add nginx support for tail sidecars + +## [0.10.3] - Feb 21, 2019 +* Add s3AwsVersion option to awsS3 configuration for use with IAM roles + +## [0.10.2] - Feb 19, 2019 +* Updated Artifactory version to 6.8.2 + +## [0.10.1] - Feb 17, 2019 +* Updated Artifactory version to 6.8.1 +* Add example of `SERVER_XML_EXTRA_CONNECTOR` usage + +## [0.10.0] - Feb 15, 2019 +* Updated Artifactory version to 6.8.0 + +## [0.9.7] - Feb 13, 2019 +* Updated Artifactory version to 6.7.3 + +## [0.9.6] - Feb 7, 2019 +* Add support for tail sidecars to view logs from k8s api + +## [0.9.5] - Feb 6, 2019 +* Fix support for customizing statefulset `terminationGracePeriodSeconds` + +## [0.9.4] - Feb 5, 2019 +* Add support for customizing statefulset `terminationGracePeriodSeconds` + +## [0.9.3] - Feb 5, 2019 +* Remove the inactive server remove plugin + +## [0.9.2] - Feb 3, 2019 +* Updated Artifactory version to 6.7.2 + +## [0.9.1] - Jan 27, 2019 +* Fix support for Azure Blob Storage Binary provider + +## [0.9.0] - Jan 23, 2019 +* Updated Artifactory version to 6.7.0 + +## [0.8.10] - Jan 22, 2019 +* Added support for `artifactory.customInitContainers` to create custom init containers + +## [0.8.9] - Jan 18, 2019 +* Added support of values ingress.labels + +## [0.8.8] - Jan 16, 2019 +* Mount replicator.yaml (config) directly to /replicator_extra_conf + +## [0.8.7] - Jan 15, 2018 +* Add support for Azure Blob Storage Binary provider + +## [0.8.6] - Jan 13, 2019 +* Fix documentation about nginx group id + +## [0.8.5] - Jan 13, 2019 +* Updated Artifactory version to 6.6.5 + +## [0.8.4] - Jan 8, 2019 +* Make artifactory.replicator.publicUrl required when the replicator is enabled + +## [0.8.3] - Jan 1, 2019 +* Updated Artifactory version to 6.6.3 +* Add support for `artifactory.extraEnvironmentVariables` to pass more environment variables to Artifactory + +## [0.8.2] - Dec 28, 2018 +* Fix location `replicator.yaml` is copied to + +## [0.8.1] - Dec 27, 2018 +* Updated Artifactory version to 6.6.1 + +## [0.8.0] - Dec 20, 2018 +* Updated Artifactory version to 6.6.0 + +## [0.7.17] - Dec 17, 2018 +* Updated Artifactory version to 6.5.13 + +## [0.7.16] - Dec 12, 2018 +* Fix documentation about Artifactory license setup using secret + +## [0.7.15] - Dec 9, 2018 +* AWS S3 add `roleName` for using IAM role + +## [0.7.14] - Dec 6, 2018 +* AWS S3 `identity` and `credential` are now added only if have a value to allow using IAM role + +## [0.7.13] - Dec 5, 2018 +* Remove Distribution certificates creation. + +## [0.7.12] - Dec 2, 2018 +* Remove Java option "-Dartifactory.locking.provider.type=db". This is already the default setting. + +## [0.7.11] - Nov 30, 2018 +* Updated Artifactory version to 6.5.9 + +## [0.7.10] - Nov 29, 2018 +* Fixed the volumeMount for the replicator.yaml + +## [0.7.9] - Nov 29, 2018 +* Optionally include primary node into poddisruptionbudget + +## [0.7.8] - Nov 29, 2018 +* Updated postgresql version to 9.6.11 + +## [0.7.7] - Nov 27, 2018 +* Updated Artifactory version to 6.5.8 + +## [0.7.6] - Nov 18, 2018 +* Added support for configMap to use custom Reverse Proxy Configuration with Nginx + +## [0.7.5] - Nov 14, 2018 +* Updated Artifactory version to 6.5.3 + +## [0.7.4] - Nov 13, 2018 +* Allow pod anti-affinity settings to include primary node + +## [0.7.3] - Nov 12, 2018 +* Support artifactory.preStartCommand for running command before entrypoint starts + +## [0.7.2] - Nov 7, 2018 +* Support database.url parameter (DB_URL) + +## [0.7.1] - Oct 29, 2018 +* Change probes port to 8040 (so they will not be blocked when all tomcat threads on 8081 are exhausted) + +## [0.7.0] - Oct 28, 2018 +* Update postgresql chart to version 0.9.5 to be able and use `postgresConfig` options + +## [0.6.9] - Oct 23, 2018 +* Fix providing external secret for database credentials + +## [0.6.8] - Oct 22, 2018 +* Allow user to configure externalTrafficPolicy for Loadbalancer + +## [0.6.7] - Oct 22, 2018 +* Updated ingress annotation support (with examples) to support docker registry v2 + +## [0.6.6] - Oct 21, 2018 +* Updated Artifactory version to 6.5.2 + +## [0.6.5] - Oct 19, 2018 +* Allow providing pre-existing secret containing master key +* Allow arbitrary annotations on primary and member node pods +* Enforce size limits when using local storage with `emptyDir` +* Allow `soft` or `hard` specification of member node anti-affinity +* Allow providing pre-existing secrets containing external database credentials +* Fix `s3` binary store provider to properly use the `cache-fs` provider +* Allow arbitrary properties when using the `s3` binary store provider + +## [0.6.4] - Oct 18, 2018 +* Updated Artifactory version to 6.5.1 + +## [0.6.3] - Oct 17, 2018 +* Add Apache 2.0 license + +## [0.6.2] - Oct 14, 2018 +* Make S3 endpoint configurable (was hardcoded with `s3.amazonaws.com`) + +## [0.6.1] - Oct 11, 2018 +* Allows ingress default `backend` to be enabled or disabled (defaults to enabled) + +## [0.6.0] - Oct 11, 2018 +* Updated Artifactory version to 6.5.0 + +## [0.5.3] - Oct 9, 2018 +* Quote ingress hosts to support wildcard names + +## [0.5.2] - Oct 2, 2018 +* Add `helm repo add jfrog https://charts.jfrog.io` to README + +## [0.5.1] - Oct 2, 2018 +* Set Artifactory to 6.4.1 + +## [0.5.0] - Sep 27, 2018 +* Set Artifactory to 6.4.0 + +## [0.4.7] - Sep 26, 2018 +* Add ci/test-values.yaml + +## [0.4.6] - Sep 25, 2018 +* Add PodDisruptionBudget for member nodes, defaulting to minAvailable of 1 + +## [0.4.4] - Sep 2, 2018 +* Updated Artifactory version to 6.3.2 + +## [0.4.0] - Aug 22, 2018 +* Added support to run as non root +* Updated Artifactory version to 6.2.0 + +## [0.3.0] - Aug 22, 2018 +* Enabled RBAC Support +* Added support for PostStartCommand (To download Database JDBC connector) +* Increased postgresql max_connections +* Added support for `nginx.conf` ConfigMap +* Updated Artifactory version to 6.1.0 diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/Chart.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/Chart.yaml new file mode 100644 index 000000000..c263ba2f5 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/Chart.yaml @@ -0,0 +1,19 @@ +annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/release-name: artifactory-ha +apiVersion: v1 +appVersion: 7.17.5 +description: Universal Repository Manager supporting all major packaging formats, build tools and CI servers. +home: https://www.jfrog.com/artifactory/ +icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory-ha/logo/artifactory-logo.png +keywords: +- artifactory +- jfrog +- devops +maintainers: +- email: installers@jfrog.com + name: Chart Maintainers at JFrog +name: artifactory-ha +sources: +- https://github.com/jfrog/charts +version: 4.13.000 diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/LICENSE b/charts/artifactory-ha/artifactory-ha/4.13.000/LICENSE new file mode 100644 index 000000000..8dada3eda --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/README.md b/charts/artifactory-ha/artifactory-ha/4.13.000/README.md new file mode 100644 index 000000000..4cbe9ff29 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/README.md @@ -0,0 +1,1267 @@ +# JFrog Artifactory High Availability Helm Chart + +**Heads up: Our Helm Chart docs are moving to our main documentation site. For Artifactory installers, see [Installing Artifactory](https://www.jfrog.com/confluence/display/JFROG/Installing+Artifactory).** + +## Prerequisites Details + +* Kubernetes 1.12+ +* Artifactory HA license + +## Chart Details +This chart will do the following: + +* Deploy Artifactory highly available cluster. 1 primary node and 2 member nodes. +* Deploy a PostgreSQL database **NOTE:** For production grade installations it is recommended to use an external PostgreSQL +* Deploy an Nginx server + +## Artifactory HA architecture +The Artifactory HA cluster in this chart is made up of +- A single primary node +- Two member nodes, which can be resized at will + +Load balancing is done to the member nodes only. +This leaves the primary node free to handle jobs and tasks and not be interrupted by inbound traffic. +This can be controlled by the parameter `artifactory.service.pool`. +**NOTE:** + Using artifactory pro license (which supports single node only), set `artifactory.node.replicaCount=0` in values.yaml. + To scale from single node to multiple nodes(>1), use Enterprise(+) license and then do an helm upgrade (Each node need a seperate license). + +## Installing the Chart + +### Add JFrog Helm repository + +Before installing JFrog helm charts, you need to add the [JFrog helm repository](https://charts.jfrog.io) to your helm client + +```bash +helm repo add jfrog https://charts.jfrog.io +helm repo update +``` + +**NOTE:** Passing masterKey is mandatory for fresh install of chart (7.x Appversion) + +### Create a unique Master Key +Artifactory HA cluster requires a unique master key. + +**For production grade installations it is strongly recommended to use a custom master key. If you initially use the default master key it will be very hard to change the master key at a later stage** + +You should generate a unique one and pass it to the template at install/upgrade time. +```bash +# Create a key +export MASTER_KEY=$(openssl rand -hex 32) +echo ${MASTER_KEY} +``` + +### Install Chart +To install the chart with the release name `artifactory-ha`: + +```bash +helm upgrade --install artifactory-ha --set artifactory.masterKey=${MASTER_KEY} --namespace artifactory-ha jfrog/artifactory-ha +``` + +### System Configuration +Artifactory uses a common system configuration file - `system.yaml`. See [official documentation](https://www.jfrog.com/confluence/display/JFROG/System+YAML+Configuration+File) on its usage. +In order to override the default `system.yaml` configuration, do the following: +```bash +artifactory: + systemYaml: | + +``` + +### Deploying Artifactory for small/medium/large installations +In the chart directory, we have added three values files, one for each installation type - small/medium/large. These values files are recommendations for setting resources requests and limits for your installation. The values are derived from the following [documentation](https://www.jfrog.com/confluence/display/EP/Installing+on+Kubernetes#InstallingonKubernetes-Systemrequirements). You can find them in the corresponding chart directory - values-small.yaml, values-medium.yaml and values-large.yaml + +### Accessing Artifactory +**NOTE:** It might take a few minutes for Artifactory's public IP to become available, and the nodes to complete initial setup. +Follow the instructions outputted by the install command to get the Artifactory IP and URL to access it. + +### Updating Artifactory +Once you have a new chart version, you can update your deployment with +```bash +helm upgrade artifactory-ha --namespace artifactory-ha jfrog/artifactory-ha +``` + +If artifactory was installed without providing a value to postgresql.postgresqlPassword (a password was autogenerated), follow these instructions: +1. Get the current password by running: +```bash +POSTGRES_PASSWORD=$(kubectl get secret -n -postgresql -o jsonpath="{.data.postgresql-password}" | base64 --decode) +``` +2. Upgrade the release by passing the previously auto-generated secret: +```bash +helm upgrade --namespace artifactory-ha jfrog/artifactory-ha --set postgresql.postgresqlPassword=${POSTGRES_PASSWORD} +``` + +This will apply any configuration changes on your existing deployment. + +### Special Upgrade Notes +#### Artifactory upgrade from 6.x to 7.x (App Version) +Arifactory 6.x to 7.x upgrade requires a one time migration process. This is done automatically on pod startup if needed. +It's possible to configure the migration timeout with the following configuration in extreme cases. The provided default should be more than enough for completion of the migration. +```yaml +artifactory: + # Migration support from 6.x to 7.x + migration: + enabled: true + timeoutSeconds: 3600 +``` +* Note: If you are upgrading from 1.x to 4.x and above chart versions, please delete the existing statefulset of postgresql before upgrading the chart due to breaking changes in postgresql subchart. +```bash +kubectl delete statefulsets -postgresql +``` + +### Artifactory memory and CPU resources +The Artifactory HA Helm chart comes with support for configured resource requests and limits to all pods. By default, these settings are commented out. +It is **highly** recommended to set these so you have full control of the allocated resources and limits. + +See more information on [setting resources for your Artifactory based on planned usage](https://www.jfrog.com/confluence/display/RTF/System+Requirements#SystemRequirements-RecommendedHardware). + +```bash +# Example of setting resource requests and limits to all pods (including passing java memory settings to Artifactory) +helm upgrade --install artifactory-ha \ + --set artifactory.primary.resources.requests.cpu="500m" \ + --set artifactory.primary.resources.limits.cpu="2" \ + --set artifactory.primary.resources.requests.memory="1Gi" \ + --set artifactory.primary.resources.limits.memory="4Gi" \ + --set artifactory.primary.javaOpts.xms="1g" \ + --set artifactory.primary.javaOpts.xmx="4g" \ + --set artifactory.node.resources.requests.cpu="500m" \ + --set artifactory.node.resources.limits.cpu="2" \ + --set artifactory.node.resources.requests.memory="1Gi" \ + --set artifactory.node.resources.limits.memory="4Gi" \ + --set artifactory.node.javaOpts.xms="1g" \ + --set artifactory.node.javaOpts.xmx="4g" \ + --set initContainers.resources.requests.cpu="10m" \ + --set initContainers.resources.limits.cpu="250m" \ + --set initContainers.resources.requests.memory="64Mi" \ + --set initContainers.resources.limits.memory="128Mi" \ + --set postgresql.resources.requests.cpu="200m" \ + --set postgresql.resources.limits.cpu="1" \ + --set postgresql.resources.requests.memory="500Mi" \ + --set postgresql.resources.limits.memory="1Gi" \ + --set nginx.resources.requests.cpu="100m" \ + --set nginx.resources.limits.cpu="250m" \ + --set nginx.resources.requests.memory="250Mi" \ + --set nginx.resources.limits.memory="500Mi" \ + --namespace artifactory-ha jfrog/artifactory-ha +``` +> Artifactory java memory parameters can (and should) also be set to match the allocated resources with `artifactory.[primary|node].javaOpts.xms` and `artifactory.[primary|node].javaOpts.xmx`. + +Get more details on configuring Artifactory in the [official documentation](https://www.jfrog.com/confluence/). + +Although it is possible to set resources limits and requests this way, it is recommended to use the pre-built values files +for small, medium and large installation and change them according to your needs (if necessary), as described [here](#Deploying-Artifactory-for-small/medium/large-installations) + +### Deploying Artifactory for small/medium/large installations +In the chart directory, we have added three values files, one for each installation type - small/medium/large. These values files are recommendations for setting resources requests and limits for your installation. The values are derived from the following [documentation](https://www.jfrog.com/confluence/display/EP/Installing+on+Kubernetes#InstallingonKubernetes-Systemrequirements). You can find them in the corresponding chart directory - values-small.yaml, values-medium.yaml and values-large.yaml + +### Artifactory storage +Artifactory HA support a wide range of storage back ends. You can see more details on [Artifactory HA storage options](https://www.jfrog.com/confluence/display/RTF/HA+Installation+and+Setup#HAInstallationandSetup-SettingUpYourStorageConfiguration) + +In this chart, you set the type of storage you want with `artifactory.persistence.type` and pass the required configuration settings. +The default storage in this chart is the `file-system` replication, where the data is replicated to all nodes. + +> **IMPORTANT:** All storage configurations (except NFS) come with a default `artifactory.persistence.redundancy` parameter. +This is used to set how many replicas of a binary should be stored in the cluster's nodes. +Once this value is set on initial deployment, you can not update it using helm. +It is recommended to set this to a number greater than half of your cluster's size, and never scale your cluster down to a size smaller than this number. + +#### Existing volume claim + +###### Primary node +In order to use an existing volume claim for the Artifactory primary storage, you need to: +- Create a persistent volume claim by the name `volume--artifactory-ha-primary-0` e.g `volume-myrelease-artifactory-ha-primary-0` +- Pass a parameter to `helm install` and `helm upgrade` +```bash +... +--set artifactory.primary.persistence.existingClaim=true +``` + +###### Member nodes +In order to use an existing volume claim for the Artifactory member nodes storage, you need to: +- Create persistent volume claims according to the number of replicas defined at `artifactory.node.replicaCount` by the names `volume--artifactory-ha-member-`, e.g `volume-myrelease-artifactory-ha-member-0` and `volume-myrelease-artifactory-ha-primary-1`. +- Pass a parameter to `helm install` and `helm upgrade` +```bash +... +--set artifactory.node.persistence.existingClaim=true +``` + +#### Existing shared volume claim + +In order to use an existing claim (for data and backup) that is to be shared across all nodes, you need to: + +- Create PVCs with ReadWriteMany that match the naming conventions: +``` + {{ template "artifactory-ha.fullname" . }}-data-pvc- + {{ template "artifactory-ha.fullname" . }}-backup-pvc- +``` +An example that shows 2 existing claims to be used: +``` + myexample-artifactory-ha-data-pvc-0 + myexample-artifactory-ha-backup-pvc-0 + myexample-artifactory-ha-data-pvc-1 + myexample-artifactory-ha-backup-pvc-1 +``` +- Set the artifactory.persistence.fileSystem.existingSharedClaim.enabled in values.yaml to true: +``` +-- set artifactory.persistence.fileSystem.existingSharedClaim.enabled=true +-- set artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims=2 +``` + +#### NFS +To use an NFS server as your cluster's storage, you need to +- Setup an NFS server. Get its IP as `NFS_IP` +- Create a `data` and `backup` directories on the NFS exported directory with write permissions to all +- Pass NFS parameters to `helm install` and `helm upgrade` +```bash +... +--set artifactory.persistence.type=nfs \ +--set artifactory.persistence.nfs.ip=${NFS_IP} \ +... +``` + +#### Google Storage +To use a Google Storage bucket as the cluster's filestore. See [Google Storage Binary Provider](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore#ConfiguringtheFilestore-GoogleStorageBinaryProvider) +- Pass Google Storage parameters to `helm install` and `helm upgrade` +```bash +... +--set artifactory.persistence.type=google-storage \ +--set artifactory.persistence.googleStorage.identity=${GCP_ID} \ +--set artifactory.persistence.googleStorage.credential=${GCP_KEY} \ +... +``` +``` +In order to use a GCP service account, Artifactory needs a gcp.credentials.json file in the same directory asa binaraystore.xml file. +This can be generated by running: +```bash +gcloud iam service-accounts keys create --iam-account +``` +Which will produce the following, which can be saved to a file or copied into your `values.yaml`. +```bash +{ + "type": "service_account", + "project_id": "", + "private_key_id": "?????", + "private_key": "-----BEGIN PRIVATE KEY-----\n????????==\n-----END PRIVATE KEY-----\n", + "client_email": "???@j.iam.gserviceaccount.com", + "client_id": "???????", + "auth_uri": "https://accounts.google.com/o/oauth2/auth", + "token_uri": "https://oauth2.googleapis.com/token", + "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", + "client_x509_cert_url": "https://www.googleapis.com/robot/v1....." +} +``` + +One option is to create your own [Secret](https://kubernetes.io/docs/concepts/configuration/secret/) and pass it to your `helm install` in a custom `values.yaml` +```bash +# Create the Kubernetes secret from the file you created earlier. +# IMPORTANT: The file must be called "gcp.credentials.json" because this is used later as the secret key! +kubectl create secret generic artifactory-gcp-creds --from-file=./gcp.credentials.json +``` +Set this secret in your custom `values.yaml` +```bash +artifactory: + persistence: + googleStorage + gcpServiceAccount: + enabled: true + customSecretName: artifactory-gcp-creds +``` + +Another option is to put your generated config directly in your custom `values.yaml` and the a secret will be created from it +``` +artifactory: + persistence: + googleStorage + gcpServiceAccount: + enabled: true + config: | + { + "type": "service_account", + "project_id": "", + "private_key_id": "?????", + "private_key": "-----BEGIN PRIVATE KEY-----\n????????==\n-----END PRIVATE KEY-----\n", + "client_email": "???@j.iam.gserviceaccount.com", + "client_id": "???????", + "auth_uri": "https://accounts.google.com/o/oauth2/auth", + "token_uri": "https://oauth2.googleapis.com/token", + "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", + "client_x509_cert_url": "https://www.googleapis.com/robot/v1....." + } +``` + +#### AWS S3 +**NOTE** Keep in mind that when using the `aws-s3` persistence type, you will not be able to provide an IAM on the pod level. +In order to grant permissions to Artifactory using an IAM role, you will have to attach the IAM role to the machine(s) on which Artifactory is running. +This is due to the fact that the `aws-s3` template uses the `JetS3t` library to interact with AWS. If you want to grant an IAM role at the pod level, see the `AWS S3 Vs` section. + +To use an AWS S3 bucket as the cluster's filestore. See [S3 Binary Provider](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore#ConfiguringtheFilestore-S3BinaryProvider) +- Pass AWS S3 parameters to `helm install` and `helm upgrade` +```bash +... +# With explicit credentials: +--set artifactory.persistence.type=aws-s3 \ +--set artifactory.persistence.awsS3.endpoint=${AWS_S3_ENDPOINT} \ +--set artifactory.persistence.awsS3.region=${AWS_REGION} \ +--set artifactory.persistence.awsS3.identity=${AWS_ACCESS_KEY_ID} \ +--set artifactory.persistence.awsS3.credential=${AWS_SECRET_ACCESS_KEY} \ +... + +... +# With using existing IAM role +--set artifactory.persistence.type=aws-s3 \ +--set artifactory.persistence.awsS3.endpoint=${AWS_S3_ENDPOINT} \ +--set artifactory.persistence.awsS3.region=${AWS_REGION} \ +--set artifactory.persistence.awsS3.roleName=${AWS_ROLE_NAME} \ +... +``` +**NOTE:** Make sure S3 `endpoint` and `region` match. See [AWS documentation on endpoint](https://docs.aws.amazon.com/general/latest/gr/rande.html) + +#### AWS S3 V3 +To use an AWS S3 bucket as the cluster's filestore and access it with the official AWS SDK, See [S3 Official SDK Binary Provider](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore#ConfiguringtheFilestore-AmazonS3OfficialSDKTemplate). +This filestore template uses the official AWS SDK, unlike the `aws-s3` implementation that uses the `JetS3t` library. +Use this template if you want to attach an IAM role to the Artifactory pod directly (as opposed to attaching it to the machine/s that Artifactory will run on). + +**NOTE** This will have to be combined with a k8s mechanism for attaching IAM roles to pods, like [kube2iam](https://github.com/helm/charts/tree/master/stable/kube2iam) or anything similar. + +- Pass AWS S3 V3 parameters and the annotation pointing to the IAM role (when using an IAM role. this is kube2iam specific and may vary depending on the implementation) to `helm install` and `helm upgrade` + +```bash +# With explicit credentials: +--set artifactory.persistence.type=aws-s3-v3 \ +--set artifactory.persistence.awsS3V3.region=${AWS_REGION} \ +--set artifactory.persistence.awsS3V3.bucketName=${AWS_S3_BUCKET_NAME} \ +--set artifactory.persistence.awsS3V3.identity=${AWS_ACCESS_KEY_ID} \ +--set artifactory.persistence.awsS3V3.credential=${AWS_SECRET_ACCESS_KEY} \ +... +``` + +```bash +# With using existing IAM role +--set artifactory.persistence.type=aws-s3-v3 \ +--set artifactory.persistence.awsS3V3.region=${AWS_REGION} \ +--set artifactory.persistence.awsS3V3.bucketName=${AWS_S3_BUCKET_NAME} \ +--set artifactory.annotations.'iam\.amazonaws\.com/role'=${AWS_IAM_ROLE_ARN} +... +``` + +To enable [Direct Cloud Storage Download](https://www.jfrog.com/confluence/display/JFROG/Direct+Cloud+Storage+Download#DirectCloudStorageDownload-1.ConfiguretheArtifactoryFilestore) +```bash +... +--set artifactory.persistence.awsS3V3.enableSignedUrlRedirect=true \ +... +``` + +#### Microsoft Azure Blob Storage +To use Azure Blob Storage as the cluster's filestore. See [Azure Blob Storage Binary Provider](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore#ConfiguringtheFilestore-AzureBlobStorageClusterBinaryProvider) +- Pass Azure Blob Storage parameters to `helm install` and `helm upgrade` +```bash +... +--set artifactory.persistence.type=azure-blob \ +--set artifactory.persistence.azureBlob.accountName=${AZURE_ACCOUNT_NAME} \ +--set artifactory.persistence.azureBlob.accountKey=${AZURE_ACCOUNT_KEY} \ +--set artifactory.persistence.azureBlob.endpoint=${AZURE_ENDPOINT} \ +--set artifactory.persistence.azureBlob.containerName=${AZURE_CONTAINER_NAME} \ +... +``` + +#### Custom binarystore.xml +You have an option to provide a custom [binarystore.xml](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore).
+There are two options for this + +1. Editing directly in [values.yaml](values.yaml) +```yaml +artifactory: + persistence: + binarystoreXml: | + + + + + +``` + +2. Create your own [Secret](https://kubernetes.io/docs/concepts/configuration/secret/) and pass it to your `helm install` command +```yaml +# Prepare your custom Secret file (custom-binarystore.yaml) +kind: Secret +apiVersion: v1 +metadata: + name: custom-binarystore + labels: + app: artifactory + chart: artifactory +stringData: + binarystore.xml: |- + + + + +``` + +```bash +# Create a secret from the file +kubectl apply -n artifactory -f ./custom-binarystore.yaml + +# Pass it to your helm install command: +helm upgrade --install artifactory-ha --set artifactory.persistence.customBinarystoreXmlSecret=custom-binarystore --namespace artifactory-ha jfrog/artifactory-ha +``` + +### Create a unique Master Key + +Alternatively, you can create a secret containing the master key manually and pass it to the template at install/upgrade time. +```bash +# Create a key +export MASTER_KEY=$(openssl rand -hex 32) +echo ${MASTER_KEY} + +# Create a secret containing the key. The key in the secret must be named master-key +kubectl create secret generic my-secret --from-literal=master-key=${MASTER_KEY} + +# Pass the created secret to helm +helm upgrade --install artifactory-ha --set artifactory.masterKeySecretName=my-secret --namespace artifactory-ha jfrog/artifactory-ha +``` +**NOTE:** In either case, make sure to pass the same master key on all future calls to `helm install` and `helm upgrade`! In the first case, this means always passing `--set artifactory.masterKey=${MASTER_KEY}`. In the second, this means always passing `--set artifactory.masterKeySecretName=my-secret` and ensuring the contents of the secret remain unchanged. + +### Special Upgrade Notes +### MasterKey during 6.x to 7.x Migration (App version) + +**NOTE:** 6.x only supports masterKey with 16 hex (32 characters) and if you have set masterKey using `openssl rand -hex 32` (64 characters) in 6.x, only the first 32 characters are used and rest are ignored. Hence, during 6.x to 7.x migration, we trim first 32 characters and set masterkey, which implies 7.x still uses the trimmed masterkey of 6.x. Hence, `artifactory.masterKey` should not be passed during migration from 6.x to 7.x. + +### Create a unique Join Key +Artifactory requires a unique join key. By default the chart has one set in values.yaml (`artifactory.joinKey`). + +**This key is for demo purpose and should not be used in a production environment!** + +You should generate a unique key and pass it to the template at install/upgrade time. +```bash +# Create a key +export JOIN_KEY=$(openssl rand -hex 32) +echo ${JOIN_KEY} + +# Pass the created join key to helm +helm upgrade --install artifactory-ha --set artifactory.joinKey=${JOIN_KEY} --namespace artifactory-ha jfrog/artifactory-ha +``` + +Alternatively, you can create a secret containing the join key manually and pass it to the template at install/upgrade time. +```bash +# Create a key +export JOIN_KEY=$(openssl rand -hex 32) +echo ${JOIN_KEY} + +# Create a secret containing the key. The key in the secret must be named join-key +kubectl create secret generic my-secret --from-literal=join-key=${JOIN_KEY} + +# Pass the created secret to helm +helm upgrade --install artifactory-ha --set artifactory.joinKeySecretName=my-secret --namespace artifactory-ha jfrog/artifactory-ha +``` +**NOTE:** In either case, make sure to pass the same join key on all future calls to `helm install` and `helm upgrade`! This means always passing `--set artifactory.joinKey=${JOIN_KEY}`. In the second, this means always passing `--set artifactory.joinKeySecretName=my-secret` and ensuring the contents of the secret remain unchanged.. + +### Install Artifactory HA license +For activating Artifactory HA, you must install an appropriate license. There are three ways to manage the license. **Artifactory UI**, **REST API**, or a **Kubernetes Secret**. + +The easier and recommended way is the **Artifactory UI**. Using the **Kubernetes Secret** or **REST API** is for advanced users and is better suited for automation. + +**IMPORTANT:** You should use only one of the following methods. Switching between them while a cluster is running might disable your Artifactory HA cluster! + +##### Artifactory UI +Once primary cluster is running, open Artifactory UI and insert the license(s) in the UI. See [HA installation and setup](https://www.jfrog.com/confluence/display/RTF/HA+Installation+and+Setup) for more details. **Note that you should enter all licenses at once, with each license is separated by a newline.** If you add the licenses one at a time, you may get redirected to a node without a license and the UI won't load for that node. + +##### REST API +You can add licenses via REST API (https://www.jfrog.com/confluence/display/RTF/Artifactory+REST+API#ArtifactoryRESTAPI-InstallHAClusterLicenses). Note that the REST API expects "\n" for the newlines in the licenses. + +##### Kubernetes Secret +You can deploy the Artifactory license(s) as a [Kubernetes secret](https://kubernetes.io/docs/concepts/configuration/secret/). +Prepare a text file with the license(s) written in it. If writing multiple licenses (must be in the same file), it's important to put **two new lines between each license block**! +```bash +# Create the Kubernetes secret (assuming the local license file is 'art.lic') +kubectl create secret generic artifactory-cluster-license --from-file=./art.lic + +# Pass the license to helm +helm upgrade --install artifactory-ha --set artifactory.license.secret=artifactory-cluster-license,artifactory.license.dataKey=art.lic --namespace artifactory-ha jfrog/artifactory-ha +``` +**NOTE:** This method is relevant for initial deployment only! Once Artifactory is deployed, you should not keep passing these parameters as the license is already persisted into Artifactory's storage (they will be ignored). +Updating the license should be done via Artifactory UI or REST API. + +##### Create the secret as part of the helm release +values.yaml +```yaml +artifactory: + license: + licenseKey: |- + + + + + + + +``` + +```bash +helm upgrade --install artifactory-ha -f values.yaml --namespace artifactory-ha jfrog/artifactory-ha +``` +**NOTE:** This method is relevant for initial deployment only! Once Artifactory is deployed, you should not keep passing these parameters as the license is already persisted into Artifactory's storage (they will be ignored). +Updating the license should be done via Artifactory UI or REST API. +If you want to keep managing the artifactory license using the same method, you can use the copyOnEveryStartup example shown in the values.yaml file + + +### copyOnEveryStartup feature +Files stored in the `/artifactory-extra-conf` directory are only copied to the `ARTIFACTORY_HOME/etc` directory upon the first startup. +In some cases, you want your configuration files to be copied to the `ARTIFACTORY_HOME/etc` directory on every startup. +Two examples for that would be: + +1. the binarstore.xml file. If you use the default behaviour, your binarystore.xml configuration will only be copied on the first startup, +which means that changes you make over time to the `binaryStoreXml` configuration will not be applied. In order to make sure your changes are applied on every startup, do the following: +Create a values file with the following values: +```yaml +artifactory: + copyOnEveryStartup: + - source: /artifactory_bootstrap/binarystore.xml + target: etc/artifactory/ +``` + +Install the helm chart with the values file you created: +```bash +helm upgrade --install artifactory-ha --namespace artifactory-ha jfrog/artifactory-ha -f values.yaml +``` + +2. Any custom configuration file you have to configure artifactory, such as `logback.xml`: +Create a config map with your `logback.xml` configuration. + +Create a values file with the following values: +```yaml +artifactory: + ## Create a volume pointing to the config map with your configuration file + customVolumes: | + - name: logback-xml-configmap + configMap: + name: logback-xml-configmap + customVolumeMounts: | + - name: logback-xml-configmap + mountPath: /tmp/artifactory-logback/ + copyOnEveryStartup: + - source: /tmp/artifactory-logback/* + target: etc/ +``` + +Install the helm chart with the values file you created: +```bash +helm upgrade --install artifactory-ha --namespace artifactory-ha jfrog/artifactory-ha -f values.yaml +``` + +### Configure NetworkPolicy + +NetworkPolicy specifies what ingress and egress is allowed in this namespace. It is encouraged to be more specific whenever possible to increase security of the system. + +In the `networkpolicy` section of values.yaml you can specify a list of NetworkPolicy objects. + +For podSelector, ingress and egress, if nothing is provided then a default `- {}` is applied which is to allow everything. + +A full (but very wide open) example that results in 2 NetworkPolicy objects being created: +```yaml +networkpolicy: + # Allows all ingress and egress to/from artifactory primary and member pods. + - name: artifactory + podSelector: + matchLabels: + app: artifactory-ha + egress: + - {} + ingress: + - {} + # Allows connectivity from artifactory-ha pods to postgresql pods, but no traffic leaving postgresql pod. + - name: postgresql + podSelector: + matchLabels: + app: postgresql + ingress: + - from: + - podSelector: + matchLabels: + app: artifactory-ha +``` + +### Artifactory JMX Configuration +** You can see some information about the exposed MBeans here - https://www.jfrog.com/confluence/display/RTF/Artifactory+JMX+MBeans + +Enable JMX in your deployment: +```bash +helm upgrade --install artifactory \ + --set artifactory.primary.javaOpts.jmx.enabled=true \ + --set artifactory.node.javaOpts.jmx.enabled=true \ + --namespace artifactory-ha jfrog/artifactory-ha +``` +This will enable access to Artifactory with JMX on the default port (9010). +** You have the option to change the port by setting ```artifactory.primary.javaOpts.jmx.port``` and ```artifactory.node.javaOpts.jmx.port``` +to your choice of port + +In order to connect to Artifactory using JMX with jconsole (or any similar tool) installed on your computer, follow the following steps: +1. Enable JMX as described above and Change the Artifactory service to be of type LoadBalancer: +```bash +helm upgrade --install artifactory \ + --set artifactory.primary.javaOpts.jmx.enabled=true \ + --set artifactory.node.javaOpts.jmx.enabled=true \ + --set artifactory.service.type=LoadBalancer \ + --namespace artifactory-ha jfrog/artifactory-ha +``` +2. The default setting for java.rmi.server.hostname is the service name (this is also configurable with +```artifactory.primary.javaOpts.jmx.host``` and ```artifactory.node.javaOpts.jmx.host```), So in order to connect to Artifactory +with jconsole you should map the Artifactory kuberentes service IP to the service name using your hosts file as such: +``` + artifactory-ha--primary + +``` +3. Launch jconsole with the service address and port: +```bash +jconsole artifactory-ha--primary: +jconsole : +``` + +### Bootstrapping Artifactory admin password +You can bootstrap the `admin` user password as described in the [bootstrap Artifactory admin credentials](https://www.jfrog.com/confluence/display/JFROG/Users+and+Groups#UsersandGroups-RecreatingtheDefaultAdminUserrecreate) guide. + +1. Create `admin-creds-values.yaml` and provide the IP (By default 127.0.0.1) and password: +```yaml +artifactory: + admin: + ip: "" # Example: "*" to allow access from anywhere + username: "admin" + password: "" +``` + +2. Apply the `admin-creds-values.yaml` file: +```bash +helm upgrade --install artifactory --namespace artifactory-ha jfrog/artifactory-ha -f admin-creds-values.yaml +``` + +### Bootstrapping Artifactory configuration +**IMPORTANT:** Bootstrapping Artifactory needs license. Pass license as shown in above section. + +* User guide to [bootstrap Artifactory Global Configuration](https://www.jfrog.com/confluence/display/RTF/Configuration+Files#ConfigurationFiles-BootstrappingtheGlobalConfiguration) +* User guide to [bootstrap Artifactory Security Configuration](https://www.jfrog.com/confluence/display/RTF/Configuration+Files#ConfigurationFiles-BootstrappingtheSecurityConfiguration) + +1. Create `bootstrap-config.yaml` with artifactory.config.import.xml and security.import.xml as shown below: +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: my-release-bootstrap-config +data: + artifactory.config.import.xml: | + + security.import.xml: | + +``` + +2. Create configMap in Kubernetes: +```bash +kubectl apply -f bootstrap-config.yaml +``` +3. Pass the configMap to helm +```bash +helm upgrade --install artifactory-ha --set artifactory.license.secret=artifactory-cluster-license,artifactory.license.dataKey=art.lic,artifactory.configMapName=my-release-bootstrap-config --namespace artifactory-ha jfrog/artifactory-ha +``` + +### Use custom nginx.conf with Nginx + +Steps to create configMap with nginx.conf +* Create `nginx.conf` file. +```bash +kubectl create configmap nginx-config --from-file=nginx.conf +``` +* Pass configMap to helm install +```bash +helm upgrade --install artifactory-ha --set nginx.customConfigMap=nginx-config --namespace artifactory-ha jfrog/artifactory-ha +``` + +### Scaling your Artifactory cluster +A key feature in Artifactory HA is the ability to set an initial cluster size with `--set artifactory.node.replicaCount=${CLUSTER_SIZE}` and if needed, resize it. + +##### Before scaling +**IMPORTANT:** When scaling, you need to explicitly pass the database password if it's an auto generated one (this is the default with the enclosed PostgreSQL helm chart). + +Get the current database password +```bash +export DB_PASSWORD=$(kubectl get $(kubectl get secret -o name | grep postgresql) -o jsonpath="{.data.postgresql-password}" | base64 --decode) +``` +Use `--set postgresql.postgresqlPassword=${DB_PASSWORD}` with every scale action to prevent a miss configured cluster! + +##### Scale up +Let's assume you have a cluster with **2** member nodes, and you want to scale up to **3** member nodes (a total of 4 nodes). +```bash +# Scale to 4 nodes (1 primary and 3 member nodes) +helm upgrade --install artifactory-ha --set artifactory.node.replicaCount=3 --set postgresql.postgresqlPassword=${DB_PASSWORD} --namespace artifactory-ha jfrog/artifactory-ha +``` + +##### Scale down +Let's assume you have a cluster with **3** member nodes, and you want to scale down to **2** member node. + +```bash +# Scale down to 2 member nodes +helm upgrade --install artifactory-ha --set artifactory.node.replicaCount=2 --set postgresql.postgresqlPassword=${DB_PASSWORD} --namespace artifactory-ha jfrog/artifactory-ha +``` +- **NOTE:** Since Artifactory is running as a Kubernetes Stateful Set, the removal of the node will **not** remove the persistent volume. You need to explicitly remove it +```bash +# List PVCs +kubectl get pvc + +# Remove the PVC with highest ordinal! +# In this example, the highest node ordinal was 2, so need to remove its storage. +kubectl delete pvc volume-artifactory-node-2 +``` + +### Use an external Database + +**For production grade installations it is recommended to use an external PostgreSQL with a static password** + +#### PostgreSQL +There are cases where you will want to use external PostgreSQL with a different database name e.g. `my-artifactory-db`, then you need set a custom PostgreSQL connection URL, where `my-artifactory-db` is the database name. + +This can be done with the following parameters +```bash +... +--set postgresql.enabled=false \ +--set database.type=postgresql \ +--set database.driver=org.postgresql.Driver \ +--set database.url='jdbc:postgresql://${DB_HOST}:${DB_PORT}/my-artifactory-db' \ +--set database.user=${DB_USER} \ +--set database.password=${DB_PASSWORD} \ +... +``` +**NOTE:** You must set `postgresql.enabled=false` in order for the chart to use the `database.*` parameters. Without it, they will be ignored! + +#### Other DB type +There are cases where you will want to use a different database and not the enclosed **PostgreSQL**. +See more details on [configuring the database](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Database) +> The official Artifactory Docker images include the PostgreSQL database driver. +> For other database types, you will have to add the relevant database driver to Artifactory's tomcat/lib + +This can be done with the following parameters +```bash +# Make sure your Artifactory Docker image has the MySQL database driver in it +... +--set postgresql.enabled=false \ +--set artifactory.preStartCommand="mkdir -p /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib; cd /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib && wget -O /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib/mysql-connector-java-5.1.41.jar https://jcenter.bintray.com/mysql/mysql-connector-java/5.1.41/mysql-connector-java-5.1.41.jar" \ +--set database.type=mysql \ +--set database.driver=com.mysql.jdbc.Driver \ +--set database.url=${DB_URL} \ +--set database.user=${DB_USER} \ +--set database.password=${DB_PASSWORD} \ +... +``` +**NOTE:** You must set `postgresql.enabled=false` in order for the chart to use the `database.*` parameters. Without it, they will be ignored! +##### Configuring Artifactory with external Oracle database +To use artifactory with oracledb the required instant client library files, libaio has to be copied to tomcat lib. Also set LD_LIBRARY_PATH env variable. +1. Create a value file with the configuration +```yaml +postgresql: + enabled: false +database: + type: oracle + driver: oracle.jdbc.OracleDriver + url: + user: + password: +artifactory: + preStartCommand: "mkdir -p /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib; cd /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib && wget -O instantclient-basic-linux.x64-19.6.0.0.0dbru.zip https://download.oracle.com/otn_software/linux/instantclient/19600/instantclient-basic-linux.x64-19.6.0.0.0dbru.zip && unzip -jn instantclient-basic-linux.x64-19.6.0.0.0dbru.zip && wget -O libaio1_0.3.110-3_amd64.deb http://ftp.br.debian.org/debian/pool/main/liba/libaio/libaio1_0.3.110-3_amd64.deb && dpkg-deb -x libaio1_0.3.110-3_amd64.deb . && cp lib/x86_64-linux-gnu/* ." + extraEnvironmentVariables: + - name: LD_LIBRARY_PATH + value: /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib +``` +2. Install Artifactory with the values file you created: +```bash +helm upgrade --install artifactory jfrog/artifactory-ha --namespace artifactory -f values-oracle.yaml +``` +**NOTE:** If its an upgrade from 6.x to 7.x, add same `preStartCommand` under `artifactory.migration.preStartCommand` + +#### Using pre-existing Kubernetes Secret +If you store your database credentials in a pre-existing Kubernetes `Secret`, you can specify them via `database.secrets` instead of `database.user` and `database.password`: +```bash +# Create a secret containing the database credentials +kubectl create secret generic my-secret --from-literal=user=${DB_USER} --from-literal=password=${DB_PASSWORD} +... +--set postgresql.enabled=false \ +--set database.secrets.user.name=my-secret \ +--set database.secrets.user.key=user \ +--set database.secrets.password.name=my-secret \ +--set database.secrets.password.key=password \ +... +``` + +### Deleting Artifactory +To delete the Artifactory HA cluster + +On helm v2: +```bash +helm delete --purge artifactory-ha +``` + +On helm v3: +```bash +helm delete artifactory-ha --namespace artifactory-ha +``` + +This will completely delete your Artifactory HA cluster. +**NOTE:** Since Artifactory is running as Kubernetes Stateful Sets, the removal of the helm release will **not** remove the persistent volumes. You need to explicitly remove them +```bash +kubectl delete pvc -l release=artifactory-ha +``` +See more details in the official [Kubernetes Stateful Set removal page](https://kubernetes.io/docs/tasks/run-application/delete-stateful-set/) + +### Custom Docker registry for your images +If you need to pull your Docker images from a private registry (for example, when you have a custom image with a MySQL database driver), you need to create a +[Kubernetes Docker registry secret](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/) and pass it to helm +```bash +# Create a Docker registry secret called 'regsecret' +kubectl create secret docker-registry regsecret --docker-server=${DOCKER_REGISTRY} --docker-username=${DOCKER_USER} --docker-password=${DOCKER_PASS} --docker-email=${DOCKER_EMAIL} +``` +Once created, you pass it to `helm` +```bash +helm upgrade --install artifactory-ha --set imagePullSecrets=regsecret --namespace artifactory-ha jfrog/artifactory-ha +``` + +### Logger sidecars +This chart provides the option to add sidecars to tail various logs from Artifactory. See the available values in [values.yaml](values.yaml) + +Get list of containers in the pod +```bash +kubectl get pods -n -o jsonpath='{.spec.containers[*].name}' | tr ' ' '\n' +``` + +View specific log +```bash +kubectl logs -n -c +``` + + +### Custom init containers +There are cases where a special, unsupported init processes is needed like checking something on the file system or testing something before spinning up the main container. + +For this, there is a section for writing custom init containers before and after the predefined init containers in the [values.yaml](values.yaml) . By default it's commented out +```yaml +artifactory: + ## Add custom init containers executed before predefined init containers + customInitContainersBegin: | + ## Init containers template goes here ## + ## Add custom init containers executed after predefined init containers + customInitContainers: | + ## Init containers template goes here ## +``` + +### Custom sidecar containers +There are cases where an extra sidecar container is needed. For example monitoring agents or log collection. + +For this, there is a section for writing a custom sidecar container in the [values.yaml](values.yaml). By default it's commented out +```yaml +artifactory: + ## Add custom sidecar containers + customSidecarContainers: | + ## Sidecar containers template goes here ## +``` + +You can configure the sidecar to run as a custom user if needed by setting the following in the container template +```yaml + # Example of running container as root (id 0) + securityContext: + runAsUser: 0 + fsGroup: 0 +``` + +### Custom volumes +If you need to use a custom volume in a custom init or sidecar container, you can use this option. + +For this, there is a section for defining custom volumes in the [values.yaml](values.yaml). By default it's commented out +```yaml +artifactory: + ## Add custom volumes + customVolumes: | + ## Custom volume comes here ## +``` + +### Custom secrets +If you need to add a custom secret in a custom init or sidecar container, you can use this option. + +For this, there is a section for defining custom secrets in the [values.yaml](values.yaml). By default it's commented out +```yaml +artifactory: + # Add custom secrets - secret per file + customSecrets: + - name: custom-secret + key: custom-secret.yaml + data: > + secret data +``` + +To use a custom secret, need to define a custom volume. +```yaml +artifactory: + ## Add custom volumes + customVolumes: | + - name: custom-secret + secret: + secretName: custom-secret +``` + +To use a volume, need to define a volume mount as part of a custom init or sidecar container. +```yaml +artifactory: + customSidecarContainers: + - name: side-car-container + volumeMounts: + - name: custom-secret + mountPath: /opt/custom-secret.yaml + subPath: custom-secret.yaml + readOnly: true +``` + +### Add Artifactory User Plugin during installation +If you need to add [Artifactory User Plugin](https://github.com/jfrog/artifactory-user-plugins), you can use this option. + +Create a secret with [Artifactory User Plugin](https://github.com/jfrog/artifactory-user-plugins) by following command: +```bash +# Secret with single user plugin +kubectl create secret generic archive-old-artifacts --from-file=archiveOldArtifacts.groovy --namespace=artifactory-ha + +# Secret with single user plugin with configuration file +kubectl create secret generic webhook --from-file=webhook.groovy --from-file=webhook.config.json.sample --namespace=artifactory-ha +``` + +Add plugin secret names to `plugins.yaml` as following: +```yaml +artifactory: + userPluginSecrets: + - archive-old-artifacts + - webhook +``` + +You can now pass the created `plugins.yaml` file to helm install command to deploy Artifactory with user plugins as follows: +```bash +helm upgrade --install artifactory-ha -f plugins.yaml --namespace artifactory-ha jfrog/artifactory-ha +``` + +Alternatively, you may be in a situation in which you would like to create a secret in a Helm chart that depends on this chart. In this scenario, the name of the secret is likely dynamically generated via template functions, so passing a statically named secret isn't possible. In this case, the chart supports evaluating strings as templates via the [`tpl`](https://helm.sh/docs/charts_tips_and_tricks/#using-the-tpl-function) function - simply pass the raw string containing the templating language used to name your secret as a value instead by adding the following to your chart's `values.yaml` file: +```yaml +artifactory-ha: # Name of the artifactory-ha dependency + artifactory: + userPluginSecrets: + - '{{ template "my-chart.fullname" . }}' +``` +For additional information, please refer [here](https://www.jfrog.com/confluence/display/JFROG/User+Plugins). + +### Provide custom configMaps to Artifactory +If you want to mount a custom file to Artifactory, either an init shell script or a custom configuration file (such as `logback.xml`), you can use this option. + +Create a `configmaps.yaml` file with the following content: +```yaml +artifactory: + configMaps: | + logback.xml: | + + + + + %date [%-5level] \(%-20c{3}:%L\) %message%n + + + + + + + + + + + + + + + my-custom-post-start-hook.sh: | + echo "This is my custom post start hook" + + customVolumeMounts: | + - name: artifactory-configmaps + mountPath: /tmp/my-config-map + + postStartCommand: | + chmod +x /tmp/my-config-map/my-custom-post-start-hook.sh; + /tmp/my-config-map/my-custom-post-start-hook.sh; + + copyOnEveryStartup: + - source: /tmp/my-config-map/logback.xml + target: etc/ + +``` + +and use it with you helm install/upgrade: +```bash +helm upgrade --install artifactory-ha -f configmaps.yaml --namespace artifactory-ha jfrog/artifactory-ha +``` + +This will, in turn: +* create a configMap with the files you specified above +* create a volume pointing to the configMap with the name `artifactory-configmaps` +* Mount said configMap onto `/tmp/my-config-map` using a `customVolumeMounts` +* Set the shell script we mounted as the `postStartCommand` +* Copy the `logback.xml` file to its proper location in the `$ARTIFACTORY_HOME/etc` directory. + +### Establishing TLS and Adding certificates +In HTTPS, the communication protocol is encrypted using Transport Layer Security (TLS). By default, TLS between JFrog Platform nodes is disabled. +When TLS is enabled, JFrog Access acts as the Certificate Authority (CA) signs the TLS certificates used by all the different JFrog Platform nodes. + +To establish TLS between JFrog Platform nodes: +Enable TLS by changing the tls entry (under the security section) in the access.config.yaml file. For more info, Please refer [here](https://www.jfrog.com/confluence/display/JFROG/Managing+TLS+Certificates#ManagingTLSCertificates) + +To enable tls in charts, set `tls` to true under `access` in [values.yaml](values.yaml). By default it's false +```yaml +access: + accessConfig: + security: + tls: true +``` + +To add custom tls certificates, create a tls secret from the certificate files. + +```bash +kubectl create secret tls --cert=ca.crt --key=ca.private.key +``` + +For resetting access certificates , you can set `resetAccessCAKeys` to true under access section in [values.yaml](values.yaml) and perform an helm upgrade. +* Note : Once helm upgrade is done, set `resetAccessCAKeys` to false for subsequent upgrades (to avoid resetting access certificates on every helm upgrade) +```yaml +access: + accessConfig: + security: + tls: true + customCertificatesSecretName: + resetAccessCAKeys: true +``` + +### Artifactory filebeat +If you want to collect logs from your Artifactory installation and send them to a central log collection solution like ELK, you can use this option. + +Create a `filebeat.yaml` values file with the following content: +```yaml +filebeat: + enabled: true + logstashUrl: + resources: + requests: + memory: "100Mi" + cpu: "100m" + limits: + memory: "100Mi" + cpu: "100m" +``` + +You can optionally customize the `filebeat.yaml` to send output to a different location like so: +```yaml +filebeat: + enabled: true + filebeatYml: | + +``` + +and use it with you helm install/upgrade: +```bash +helm upgrade --install artifactory-ha -f filebeat.yaml --namespace artifactory-ha jfrog/artifactory +``` + +This will start sending your Artifactory logs to the log aggregator of your choice, based on your configuration in the `filebeatYml` + +### Install Artifactory HA with Nginx and Terminate SSL in Nginx Service(LoadBalancer). +To install the helm chart with performing SSL offload in the LoadBalancer layer of Nginx +For Ex: Using AWS ACM certificates to do SSL offload in the loadbalancer layer. +In order to do that, simply add the following to a `artifactory-ssl-values.yaml` file: +```yaml + nginx: + https: + enabled: false + service: + ssloffload: true + annotations: + service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:xx-xxxx:xxxxxxxx:certificate/xxxxxxxxxxxxx" + service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http" + service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https" +``` + +and use it with you helm install/upgrade: +```bash +helm upgrade --install artifactory -f artifactory-ssl-values.yaml --namespace artifactory jfrog/artifactory +``` + +### Ingress and TLS +To get Helm to create an ingress object with a hostname, add these below lines to `artifactory-ingress-values.yaml` file +```yaml + ingress: + enabled: true + hosts: + - artifactory.company.com + artifactory: + service: + type: NodePort + nginx + enabled: false +``` + +and use it with you helm install/upgrade: +```bash +helm upgrade --install artifactory -f artifactory-ingress-values.yaml--namespace artifactory jfrog/artifactory +``` + +If your cluster allows automatic creation/retrieval of TLS certificates (e.g. [cert-manager](https://github.com/jetstack/cert-manager)), please refer to the documentation for that mechanism. + +To manually configure TLS, first create/retrieve a key & certificate pair for the address(es) you wish to protect. Then create a TLS secret in the namespace: + +```bash +kubectl create secret tls artifactory-tls --cert=path/to/tls.cert --key=path/to/tls.key +``` + +Include the secret's name, along with the desired hostnames, in the Artifactory Ingress TLS section of your custom `values.yaml` file: + +```yaml + ingress: + ## If true, Artifactory Ingress will be created + ## + enabled: true + + ## Artifactory Ingress hostnames + ## Must be provided if Ingress is enabled + ## + hosts: + - artifactory.domain.com + annotations: + kubernetes.io/tls-acme: "true" + ## Artifactory Ingress TLS configuration + ## Secrets must be manually created in the namespace + ## + tls: + - secretName: artifactory-tls + hosts: + - artifactory.domain.com +``` + +### Ingress annotations + +This example specifically enables Artifactory to work as a Docker Registry using the Repository Path method. See [Artifactory as Docker Registry](https://www.jfrog.com/confluence/display/RTF/Getting+Started+with+Artifactory+as+a+Docker+Registry) documentation for more information about this setup. + +```yaml +ingress: + enabled: true + defaultBackend: + enabled: false + hosts: + - myhost.example.com + annotations: + ingress.kubernetes.io/force-ssl-redirect: "true" + ingress.kubernetes.io/proxy-body-size: "0" + ingress.kubernetes.io/proxy-read-timeout: "600" + ingress.kubernetes.io/proxy-send-timeout: "600" + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/configuration-snippet: | + rewrite ^/(v2)/token /artifactory/api/docker/null/v2/token; + rewrite ^/(v2)/([^\/]*)/(.*) /artifactory/api/docker/$2/$1/$3; + nginx.ingress.kubernetes.io/proxy-body-size: "0" + tls: + - hosts: + - "myhost.example.com" +``` + +### Ingress additional rules + +You have the option to add additional ingress rules to the Artifactory ingress. An example for this use case can be routing the /xray path to Xray. +In order to do that, simply add the following to a `artifactory-ha-values.yaml` file: +```yaml +ingress: + enabled: true + + defaultBackend: + enabled: false + + annotations: + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/configuration-snippet: | + rewrite "(?i)/xray(/|$)(.*)" /$2 break; + + additionalRules: | + - host: + http: + paths: + - path: / + backend: + serviceName: + servicePort: + - path: /xray + backend: + serviceName: + servicePort: + - path: /artifactory + backend: + serviceName: {{ template "artifactory.nginx.fullname" . }} + servicePort: {{ .Values.nginx.externalPortHttp }} +``` + +and running: +```bash +helm upgrade --install artifactory-ha --namespace artifactory-ha jfrog/artifactory-ha -f artifactory-ha-values.yaml +``` + +### Dedicated Ingress object for replicator service + +You have the option to add additional ingress object to the Replicator service. An example for this use case can be routing the /replicator/ path to Artifactory. +In order to do that, simply add the following to a `artifactory-values.yaml` file: + +```yaml +artifactory: + replicator: + enabled: true + ingress: + name: + hosts: + - myhost.example.com + annotations: + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/proxy-buffering: "off" + nginx.ingress.kubernetes.io/configuration-snippet: | + chunked_transfer_encoding on; + tls: + - hosts: + - "myhost.example.com" + secretName: +``` + +### Ingress behind another load balancer +If you are running a load balancer, that is used to offload the TLS, in front of Nginx Ingress Controller, or if you are setting **X-Forwarded-*** headers, you might want to enable **'use-forwarded-headers=true'** option. Otherwise nginx will be filling those headers with the request information it receives from the external load balancer. + +To enable it with `helm install` +```bash +helm upgrade --install nginx-ingress --namespace nginx-ingress center/kubernetes-ingress-nginx/ingress-nginx --set-string controller.config.use-forwarded-headers=true +``` +or `helm upgrade` +```bash +helm upgrade nginx-ingress --set-string controller.config.use-forwarded-headers=true center/kubernetes-ingress-nginx/ingress-nginx +``` +or create a values.yaml file with the following content: +```yaml +controller: + config: + use-forwarded-headers: "true" +``` +Then install nginx-ingress with the values file you created: +```bash +helm upgrade --install nginx-ingress --namespace nginx-ingress center/kubernetes-ingress-nginx/ingress-nginx -f values.yaml +``` + +### Log Analytics + +#### FluentD, Prometheus and Grafana + +To configure Prometheus and Grafana to gather metrics from Artifactory through the use of FluentD, please refer to the log analytics repo: + +https://github.com/jfrog/log-analytics-prometheus + +That repo contains a file `artifactory-ha-values.yaml` that can be used to deploy Prometheus, Service Monitor, and Grafana with this chart. + + +## Useful links +- https://www.jfrog.com/confluence/display/EP/Getting+Started +- https://www.jfrog.com/confluence/display/RTF/Installing+Artifactory +- https://www.jfrog.com/confluence/ diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/ReverseProxyConfiguration.md b/charts/artifactory-ha/artifactory-ha/4.13.000/ReverseProxyConfiguration.md new file mode 100644 index 000000000..851593236 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/ReverseProxyConfiguration.md @@ -0,0 +1,140 @@ +# JFrog Artifactory Reverse Proxy Settings using Nginx + +#### Reverse Proxy +* To use Artifactory as docker registry it's mandatory to use Reverse Proxy. +* Artifactory provides a Reverse Proxy Configuration Generator screen in which you can fill in a set of fields to generate +the required configuration snippet which you can then download and install directly in the corresponding directory of your reverse proxy server. +* To learn about configuring NGINX or Apache for reverse proxy refer to documentation provided on [JFrog wiki](https://www.jfrog.com/confluence/display/RTF/Configuring+a+Reverse+Proxy) +* By default Artifactory helm chart uses Nginx for reverse proxy and load balancing. + +**Note**: Nginx image distributed with Artifactory helm chart is custom image managed and maintained by JFrog. + +#### Features of Artifactory Nginx +* Provides default configuration with self signed SSL certificate generated on each helm install/upgrade. +* Persist configuration and SSL certificate in `/var/opt/jfrog/nginx` directory + +#### Changing the default Artifactory nginx conf +Use a values.yaml file for changing the value of nginx.mainConf or nginx.artifactoryConf +These configuration will be mounted to the nginx container using a configmap. +For example: +1. Create a values file `nginx-values.yaml` with the following values: +```yaml +nginx: + artifactoryConf: | + ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; + ssl_certificate {{ .Values.nginx.persistence.mountPath }}/ssl/tls.crt; + ssl_certificate_key {{ .Values.nginx.persistence.mountPath }}/ssl/tls.key; + ssl_session_cache shared:SSL:1m; + ssl_prefer_server_ciphers on; + ## server configuration + server { + listen {{ .Values.nginx.internalPortHttps }} ssl; + listen {{ .Values.nginx.internalPortHttp }} ; + ## Change to you DNS name you use to access Artifactory + server_name ~(?.+)\.{{ include "artifactory-ha.fullname" . }} {{ include "artifactory-ha.fullname" . }}; + + if ($http_x_forwarded_proto = '') { + set $http_x_forwarded_proto $scheme; + } + ## Application specific logs + ## access_log /var/log/nginx/artifactory-access.log timing; + ## error_log /var/log/nginx/artifactory-error.log; + rewrite ^/$ /artifactory/webapp/ redirect; + rewrite ^/artifactory/?(/webapp)?$ /artifactory/webapp/ redirect; + if ( $repo != "" ) { + rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/$repo/$1/$2 break; + } + rewrite ^/(v1|v2)/([^/]+)(.*)$ /artifactory/api/docker/$2/$1/$3; + rewrite ^/(v1|v2)/ /artifactory/api/docker/$1/; + chunked_transfer_encoding on; + client_max_body_size 0; + location /artifactory/ { + proxy_read_timeout 900; + proxy_pass_header Server; + proxy_cookie_path ~*^/.* /; + if ( $request_uri ~ ^/artifactory/(.*)$ ) { + proxy_pass http://{{ include "artifactory-ha.fullname" . }}:{{ .Values.artifactory.externalPort }}/artifactory/$1; + } + proxy_pass http://{{ include "artifactory-ha.fullname" . }}:{{ .Values.artifactory.externalPort }}/artifactory/; + proxy_set_header X-Artifactory-Override-Base-Url $http_x_forwarded_proto://$host:$server_port/artifactory; + proxy_set_header X-Forwarded-Port $server_port; + proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + } +``` + +2. Install/upgrade artifactory: +```bash +helm upgrade --install artifactory-ha jfrog/artifactory-ha -f nginx-values.yaml +``` + + +#### Steps to use static configuration for reverse proxy in nginx. +1. Get Artifactory service name using this command `kubectl get svc -n $NAMESPACE` + +2. Create `artifactory.conf` file with nginx configuration. More [nginx configuration examples](https://github.com/jfrog/artifactory-docker-examples/tree/master/files/nginx/conf.d) + + Following is example `artifactory.conf` + + **Note**: + * Create file with name `artifactory.conf` as it's fixed in configMap key. + * Replace `artifactory-artifactory` with service name taken from step 1. + + ```bash + ## add ssl entries when https has been set in config + ssl_certificate /var/opt/jfrog/nginx/ssl/tls.crt; + ssl_certificate_key /var/opt/jfrog/nginx/ssl/tls.key; + ssl_session_cache shared:SSL:1m; + ssl_prefer_server_ciphers on; + ## server configuration + server { + listen 443 ssl; + listen 80; + ## Change to you DNS name you use to access Artifactory + server_name ~(?.+)\.artifactory-artifactory artifactory-artifactory; + + if ($http_x_forwarded_proto = '') { + set $http_x_forwarded_proto $scheme; + } + ## Application specific logs + ## access_log /var/log/nginx/artifactory-access.log timing; + ## error_log /var/log/nginx/artifactory-error.log; + rewrite ^/$ /artifactory/webapp/ redirect; + rewrite ^/artifactory/?(/webapp)?$ /artifactory/webapp/ redirect; + if ( $repo != "" ) { + rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/$repo/$1/$2 break; + } + rewrite ^/(v1|v2)/([^/]+)(.*)$ /artifactory/api/docker/$2/$1/$3; + rewrite ^/(v1|v2)/ /artifactory/api/docker/$1/; + chunked_transfer_encoding on; + client_max_body_size 0; + location /artifactory/ { + proxy_read_timeout 900; + proxy_pass_header Server; + proxy_cookie_path ~*^/.* /; + if ( $request_uri ~ ^/artifactory/(.*)$ ) { + proxy_pass http://artifactory-artifactory:8081/artifactory/$1 break; + } + proxy_pass http://artifactory-artifactory:8081/artifactory/; + proxy_set_header X-Artifactory-Override-Base-Url $http_x_forwarded_proto://$host:$server_port/artifactory; + proxy_set_header X-Forwarded-Port $server_port; + proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + } + ``` + +3. Create configMap of `artifactory.conf` created with step above. + ```bash + kubectl create configmap art-nginx-conf --from-file=artifactory.conf + ``` +4. Deploy Artifactory using helm chart. + You can achieve this by providing the name of configMap created above to `nginx.customArtifactoryConfigMap` in [values.yaml](values.yaml) + + Following is command to set values at runtime: + ```bash + helm install --name artifactory-ha nginx.customArtifactoryConfigMap=art-nginx-conf jfrog/artifactory-ha + ``` \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/UPGRADE_NOTES.md b/charts/artifactory-ha/artifactory-ha/4.13.000/UPGRADE_NOTES.md new file mode 100644 index 000000000..b3326dccc --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/UPGRADE_NOTES.md @@ -0,0 +1,42 @@ +# JFrog Artifactory Chart Upgrade Notes +This file describes special upgrade notes needed at specific versions + +## Upgrade from 1.X to 2.X and above (Chart Versions) + +* If this is a new deployment or you already use an external database (`postgresql.enabled=false`), these changes **do not affect you!** +* To upgrade from a version prior to 1.x, you first need to upgrade to latest version of 1.x as described in https://github.com/jfrog/charts/blob/master/stable/artifactory-ha/CHANGELOG.md. +* Note: If you are upgrading from 1.x to 4.x and above chart versions, please delete the existing statefulset of postgresql before upgrading the chart due to breaking changes in postgresql subchart. +```bash +kubectl delete statefulsets -postgresql +``` + +## Upgrade from 0.X to 1.X (Chart Versions) +**DOWNTIME IS REQUIRED FOR AN UPGRADE!** +* If this is a new deployment or you already use an external database (`postgresql.enabled=false`), these changes **do not affect you!** +* PostgreSQL sub chart was upgraded to version `6.5.x`. This version is not backward compatible with the old version (`0.9.5`)! +* Note the following **PostgreSQL** Helm chart changes + * The chart configuration has changed! See [values.yaml](values.yaml) for the new keys used + * **PostgreSQL** is deployed as a StatefulSet + * See [PostgreSQL helm chart](https://hub.helm.sh/charts/stable/postgresql) for all available configurations +* Upgrade + * Due to breaking changes in the **PostgreSQL** Helm chart, a migration of the database is needed from the old to the new database + * The recommended migration process is the [full system export and import](https://www.jfrog.com/confluence/display/RTF/Importing+and+Exporting) + * **NOTE:** To save time, export only metadata and configuration (check `Exclude Content` in the `System Import & Export`) since the Artifactory filestore is persisted + * Upgrade steps: + 1. Block user access to Artifactory (do not shutdown) + a. Scale down the cluster to primary node only (`node.replicaCount=0`) so the exported db and configuration will be kept on one known node (the primary) + b. If your Artifactory HA K8s service is set to member nodes only (`service.pool=members`) you will need to access the primary node directly (use `kubectl port-forward`) + 2. Perform `Export System` from the `Admin` -> `Import & Export` -> `System` -> `Export System` + a. Check `Exclude Content` to save export size (as Artifactory filestore will persist across upgrade) + b. Choose to save the export on the persisted Artifactory volume (`/var/opt/jfrog/artifactory/`) + c. Click `Export` (this can take some time) + 3. Run the `helm upgrade` with the new version. Old PostgreSQL will be removed and new one deployed + a. You must pass explicit "ready for upgrade flag" with `--set databaseUpgradeReady=yes`. Failing to provide this will block the upgrade! + 4. Once ready, open Artifactory UI (you might need to re-enter a valid license). Skip all onboarding wizard steps + a. **NOTE:** Don't worry you can't see the old config and files. It will all restore with the system import in the next step + 5. Perform `Import System` from the `Admin` -> `Import & Export` -> `System` -> `Import System` + a. Browse to where the export was saved Artifactory volume (`/var/opt/jfrog/artifactory/`) + b. Click `Import` (this can take some time) + 6. Restore access to Artifactory + a. Scale the cluster member nodes back to the original size + * Artifactory should now be ready to get back to normal operation diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/app-readme.md b/charts/artifactory-ha/artifactory-ha/4.13.000/app-readme.md new file mode 100644 index 000000000..a5aa5fd47 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/app-readme.md @@ -0,0 +1,16 @@ +# JFrog Artifactory High Availability Helm Chart + +Universal Repository Manager supporting all major packaging formats, build tools and CI servers. + +## Chart Details +This chart will do the following: + +* Deploy Artifactory highly available cluster. 1 primary node and 2 member nodes. +* Deploy a PostgreSQL database +* Deploy an Nginx server(optional) + +## Useful links +Blog: [Herd Trust Into Your Rancher Labs Multi-Cloud Strategy with Artifactory](https://jfrog.com/blog/herd-trust-into-your-rancher-labs-multi-cloud-strategy-with-artifactory/) + +## Activate Your Artifactory Instance +Don't have a license? Please send an email to [rancher-jfrog-licenses@jfrog.com](mailto:rancher-jfrog-licenses@jfrog.com) to get it. diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/.helmignore b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/.helmignore new file mode 100644 index 000000000..f0c131944 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/Chart.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/Chart.yaml new file mode 100644 index 000000000..2f858e60e --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/Chart.yaml @@ -0,0 +1,23 @@ +annotations: + category: Database +apiVersion: v1 +appVersion: 11.9.0 +description: Chart for PostgreSQL, an object-relational database management system (ORDBMS) with an emphasis on extensibility and on standards-compliance. +home: https://www.postgresql.org/ +icon: https://bitnami.com/assets/stacks/postgresql/img/postgresql-stack-110x117.png +keywords: +- postgresql +- postgres +- database +- sql +- replication +- cluster +maintainers: +- email: containers@bitnami.com + name: Bitnami +- email: cedric@desaintmartin.fr + name: desaintmartin +name: postgresql +sources: +- https://github.com/bitnami/bitnami-docker-postgresql +version: 9.3.4 diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/README.md b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/README.md new file mode 100644 index 000000000..319291bc6 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/README.md @@ -0,0 +1,680 @@ +# PostgreSQL + +[PostgreSQL](https://www.postgresql.org/) is an object-relational database management system (ORDBMS) with an emphasis on extensibility and on standards-compliance. + +For HA, please see [this repo](https://github.com/bitnami/charts/tree/master/bitnami/postgresql-ha) + +## TL;DR + +```console +$ helm repo add bitnami https://charts.bitnami.com/bitnami +$ helm install my-release bitnami/postgresql +``` + +## Introduction + +This chart bootstraps a [PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/). + +## Prerequisites + +- Kubernetes 1.12+ +- Helm 2.12+ or Helm 3.0-beta3+ +- PV provisioner support in the underlying infrastructure + +## Installing the Chart +To install the chart with the release name `my-release`: + +```console +$ helm install my-release bitnami/postgresql +``` + +The command deploys PostgreSQL on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```console +$ helm delete my-release +``` + +The command removes all the Kubernetes components but PVC's associated with the chart and deletes the release. + +To delete the PVC's associated with `my-release`: + +```console +$ kubectl delete pvc -l release=my-release +``` + +> **Note**: Deleting the PVC's will delete postgresql data as well. Please be cautious before doing it. + +## Parameters + +The following tables lists the configurable parameters of the PostgreSQL chart and their default values. + +| Parameter | Description | Default | +|-----------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------| +| `global.imageRegistry` | Global Docker Image registry | `nil` | +| `global.postgresql.postgresqlDatabase` | PostgreSQL database (overrides `postgresqlDatabase`) | `nil` | +| `global.postgresql.postgresqlUsername` | PostgreSQL username (overrides `postgresqlUsername`) | `nil` | +| `global.postgresql.existingSecret` | Name of existing secret to use for PostgreSQL passwords (overrides `existingSecret`) | `nil` | +| `global.postgresql.postgresqlPassword` | PostgreSQL admin password (overrides `postgresqlPassword`) | `nil` | +| `global.postgresql.servicePort` | PostgreSQL port (overrides `service.port`) | `nil` | +| `global.postgresql.replicationPassword` | Replication user password (overrides `replication.password`) | `nil` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | +| `global.storageClass` | Global storage class for dynamic provisioning | `nil` | +| `image.registry` | PostgreSQL Image registry | `docker.io` | +| `image.repository` | PostgreSQL Image name | `bitnami/postgresql` | +| `image.tag` | PostgreSQL Image tag | `{TAG_NAME}` | +| `image.pullPolicy` | PostgreSQL Image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Specify Image pull secrets | `nil` (does not add image pull secrets to deployed pods) | +| `image.debug` | Specify if debug values should be set | `false` | +| `nameOverride` | String to partially override postgresql.fullname template with a string (will prepend the release name) | `nil` | +| `fullnameOverride` | String to fully override postgresql.fullname template with a string | `nil` | +| `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work) | `false` | +| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | +| `volumePermissions.image.repository` | Init container volume-permissions image name | `bitnami/minideb` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag | `buster` | +| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `Always` | +| `volumePermissions.securityContext.runAsUser` | User ID for the init container (when facing issues in OpenShift or uid unknown, try value "auto") | `0` | +| `usePasswordFile` | Have the secrets mounted as a file instead of env vars | `false` | +| `ldap.enabled` | Enable LDAP support | `false` | +| `ldap.existingSecret` | Name of existing secret to use for LDAP passwords | `nil` | +| `ldap.url` | LDAP URL beginning in the form `ldap[s]://host[:port]/basedn[?[attribute][?[scope][?[filter]]]]` | `nil` | +| `ldap.server` | IP address or name of the LDAP server. | `nil` | +| `ldap.port` | Port number on the LDAP server to connect to | `nil` | +| `ldap.scheme` | Set to `ldaps` to use LDAPS. | `nil` | +| `ldap.tls` | Set to `1` to use TLS encryption | `nil` | +| `ldap.prefix` | String to prepend to the user name when forming the DN to bind | `nil` | +| `ldap.suffix` | String to append to the user name when forming the DN to bind | `nil` | +| `ldap.search_attr` | Attribute to match agains the user name in the search | `nil` | +| `ldap.search_filter` | The search filter to use when doing search+bind authentication | `nil` | +| `ldap.baseDN` | Root DN to begin the search for the user in | `nil` | +| `ldap.bindDN` | DN of user to bind to LDAP | `nil` | +| `ldap.bind_password` | Password for the user to bind to LDAP | `nil` | +| `replication.enabled` | Enable replication | `false` | +| `replication.user` | Replication user | `repl_user` | +| `replication.password` | Replication user password | `repl_password` | +| `replication.slaveReplicas` | Number of slaves replicas | `1` | +| `replication.synchronousCommit` | Set synchronous commit mode. Allowed values: `on`, `remote_apply`, `remote_write`, `local` and `off` | `off` | +| `replication.numSynchronousReplicas` | Number of replicas that will have synchronous replication. Note: Cannot be greater than `replication.slaveReplicas`. | `0` | +| `replication.applicationName` | Cluster application name. Useful for advanced replication settings | `my_application` | +| `existingSecret` | Name of existing secret to use for PostgreSQL passwords. The secret has to contain the keys `postgresql-postgres-password` which is the password for `postgresqlUsername` when it is different of `postgres`, `postgresql-password` which will override `postgresqlPassword`, `postgresql-replication-password` which will override `replication.password` and `postgresql-ldap-password` which will be sed to authenticate on LDAP. The value is evaluated as a template. | `nil` | +| `postgresqlPostgresPassword` | PostgreSQL admin password (used when `postgresqlUsername` is not `postgres`, in which case`postgres` is the admin username). | _random 10 character alphanumeric string_ | +| `postgresqlUsername` | PostgreSQL user (creates a non-admin user when `postgresqlUsername` is not `postgres`) | `postgres` | +| `postgresqlPassword` | PostgreSQL user password | _random 10 character alphanumeric string_ | +| `postgresqlDatabase` | PostgreSQL database | `nil` | +| `postgresqlDataDir` | PostgreSQL data dir folder | `/bitnami/postgresql` (same value as persistence.mountPath) | +| `extraEnv` | Any extra environment variables you would like to pass on to the pod. The value is evaluated as a template. | `[]` | +| `extraEnvVarsCM` | Name of a Config Map containing extra environment variables you would like to pass on to the pod. The value is evaluated as a template. | `nil` | +| `postgresqlInitdbArgs` | PostgreSQL initdb extra arguments | `nil` | +| `postgresqlInitdbWalDir` | PostgreSQL location for transaction log | `nil` | +| `postgresqlConfiguration` | Runtime Config Parameters | `nil` | +| `postgresqlExtendedConf` | Extended Runtime Config Parameters (appended to main or default configuration) | `nil` | +| `pgHbaConfiguration` | Content of pg_hba.conf | `nil (do not create pg_hba.conf)` | +| `configurationConfigMap` | ConfigMap with the PostgreSQL configuration files (Note: Overrides `postgresqlConfiguration` and `pgHbaConfiguration`). The value is evaluated as a template. | `nil` | +| `extendedConfConfigMap` | ConfigMap with the extended PostgreSQL configuration files. The value is evaluated as a template. | `nil` | +| `initdbScripts` | Dictionary of initdb scripts | `nil` | +| `initdbUser` | PostgreSQL user to execute the .sql and sql.gz scripts | `nil` | +| `initdbPassword` | Password for the user specified in `initdbUser` | `nil` | +| `initdbScriptsConfigMap` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`). The value is evaluated as a template. | `nil` | +| `initdbScriptsSecret` | Secret with initdb scripts that contain sensitive information (Note: can be used with `initdbScriptsConfigMap` or `initdbScripts`). The value is evaluated as a template. | `nil` | +| `service.type` | Kubernetes Service type | `ClusterIP` | +| `service.port` | PostgreSQL port | `5432` | +| `service.nodePort` | Kubernetes Service nodePort | `nil` | +| `service.annotations` | Annotations for PostgreSQL service | `{}` (evaluated as a template) | +| `service.loadBalancerIP` | loadBalancerIP if service type is `LoadBalancer` | `nil` | +| `service.loadBalancerSourceRanges` | Address that are allowed when svc is LoadBalancer | `[]` (evaluated as a template) | +| `schedulerName` | Name of the k8s scheduler (other than default) | `nil` | +| `shmVolume.enabled` | Enable emptyDir volume for /dev/shm for master and slave(s) Pod(s) | `true` | +| `shmVolume.chmod.enabled` | Run at init chmod 777 of the /dev/shm (ignored if `volumePermissions.enabled` is `false`) | `true` | +| `persistence.enabled` | Enable persistence using PVC | `true` | +| `persistence.existingClaim` | Provide an existing `PersistentVolumeClaim`, the value is evaluated as a template. | `nil` | +| `persistence.mountPath` | Path to mount the volume at | `/bitnami/postgresql` | +| `persistence.subPath` | Subdirectory of the volume to mount at | `""` | +| `persistence.storageClass` | PVC Storage Class for PostgreSQL volume | `nil` | +| `persistence.accessModes` | PVC Access Mode for PostgreSQL volume | `[ReadWriteOnce]` | +| `persistence.size` | PVC Storage Request for PostgreSQL volume | `8Gi` | +| `persistence.annotations` | Annotations for the PVC | `{}` | +| `commonAnnotations` | Annotations to be added to all deployed resources (rendered as a template) | `{}` | +| `master.nodeSelector` | Node labels for pod assignment (postgresql master) | `{}` | +| `master.affinity` | Affinity labels for pod assignment (postgresql master) | `{}` | +| `master.tolerations` | Toleration labels for pod assignment (postgresql master) | `[]` | +| `master.anotations` | Map of annotations to add to the statefulset (postgresql master) | `{}` | +| `master.labels` | Map of labels to add to the statefulset (postgresql master) | `{}` | +| `master.podAnnotations` | Map of annotations to add to the pods (postgresql master) | `{}` | +| `master.podLabels` | Map of labels to add to the pods (postgresql master) | `{}` | +| `master.priorityClassName` | Priority Class to use for each pod (postgresql master) | `nil` | +| `master.extraInitContainers` | Additional init containers to add to the pods (postgresql master) | `[]` | +| `master.extraVolumeMounts` | Additional volume mounts to add to the pods (postgresql master) | `[]` | +| `master.extraVolumes` | Additional volumes to add to the pods (postgresql master) | `[]` | +| `master.sidecars` | Add additional containers to the pod | `[]` | +| `master.service.type` | Allows using a different service type for Master | `nil` | +| `master.service.nodePort` | Allows using a different nodePort for Master | `nil` | +| `master.service.clusterIP` | Allows using a different clusterIP for Master | `nil` | +| `slave.nodeSelector` | Node labels for pod assignment (postgresql slave) | `{}` | +| `slave.affinity` | Affinity labels for pod assignment (postgresql slave) | `{}` | +| `slave.tolerations` | Toleration labels for pod assignment (postgresql slave) | `[]` | +| `slave.anotations` | Map of annotations to add to the statefulsets (postgresql slave) | `{}` | +| `slave.labels` | Map of labels to add to the statefulsets (postgresql slave) | `{}` | +| `slave.podAnnotations` | Map of annotations to add to the pods (postgresql slave) | `{}` | +| `slave.podLabels` | Map of labels to add to the pods (postgresql slave) | `{}` | +| `slave.priorityClassName` | Priority Class to use for each pod (postgresql slave) | `nil` | +| `slave.extraInitContainers` | Additional init containers to add to the pods (postgresql slave) | `[]` | +| `slave.extraVolumeMounts` | Additional volume mounts to add to the pods (postgresql slave) | `[]` | +| `slave.extraVolumes` | Additional volumes to add to the pods (postgresql slave) | `[]` | +| `slave.sidecars` | Add additional containers to the pod | `[]` | +| `slave.service.type` | Allows using a different service type for Slave | `nil` | +| `slave.service.nodePort` | Allows using a different nodePort for Slave | `nil` | +| `slave.service.clusterIP` | Allows using a different clusterIP for Slave | `nil` | +| `slave.persistence.enabled` | Whether to enable slave replicas persistence | `true` | +| `terminationGracePeriodSeconds` | Seconds the pod needs to terminate gracefully | `nil` | +| `resources` | CPU/Memory resource requests/limits | Memory: `256Mi`, CPU: `250m` | +| `securityContext.enabled` | Enable security context | `true` | +| `securityContext.fsGroup` | Group ID for the container | `1001` | +| `securityContext.runAsUser` | User ID for the container | `1001` | +| `serviceAccount.enabled` | Enable service account (Note: Service Account will only be automatically created if `serviceAccount.name` is not set) | `false` | +| `serviceAccount.name` | Name of existing service account | `nil` | +| `livenessProbe.enabled` | Would you like a livenessProbe to be enabled | `true` | +| `networkPolicy.enabled` | Enable NetworkPolicy | `false` | +| `networkPolicy.allowExternal` | Don't require client label for connections | `true` | +| `networkPolicy.explicitNamespacesSelector` | A Kubernetes LabelSelector to explicitly select namespaces from which ingress traffic could be allowed | `{}` | +| `livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 30 | +| `livenessProbe.periodSeconds` | How often to perform the probe | 10 | +| `livenessProbe.timeoutSeconds` | When the probe times out | 5 | +| `livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | +| `livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | +| `readinessProbe.enabled` | would you like a readinessProbe to be enabled | `true` | +| `readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | 5 | +| `readinessProbe.periodSeconds` | How often to perform the probe | 10 | +| `readinessProbe.timeoutSeconds` | When the probe times out | 5 | +| `readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | +| `readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | +| `tls.enabled` | Enable TLS traffic support | `false` | +| `tls.preferServerCiphers` | Whether to use the server's TLS cipher preferences rather than the client's | `true` | +| `tls.certificatesSecret` | Name of an existing secret that contains the certificates | `nil` | +| `tls.certFilename` | Certificate filename | `""` | +| `tls.certKeyFilename` | Certificate key filename | `""` | +| `tls.certCAFilename` | CA Certificate filename. If provided, PostgreSQL will authenticate TLS/SSL clients by requesting them a certificate. |`nil` | +| `tls.crlFilename` | File containing a Certificate Revocation List |`nil` | +| `metrics.enabled` | Start a prometheus exporter | `false` | +| `metrics.service.type` | Kubernetes Service type | `ClusterIP` | +| `service.clusterIP` | Static clusterIP or None for headless services | `nil` | +| `metrics.service.annotations` | Additional annotations for metrics exporter pod | `{ prometheus.io/scrape: "true", prometheus.io/port: "9187"}` | +| `metrics.service.loadBalancerIP` | loadBalancerIP if redis metrics service type is `LoadBalancer` | `nil` | +| `metrics.serviceMonitor.enabled` | Set this to `true` to create ServiceMonitor for Prometheus operator | `false` | +| `metrics.serviceMonitor.additionalLabels` | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus | `{}` | +| `metrics.serviceMonitor.namespace` | Optional namespace in which to create ServiceMonitor | `nil` | +| `metrics.serviceMonitor.interval` | Scrape interval. If not set, the Prometheus default scrape interval is used | `nil` | +| `metrics.serviceMonitor.scrapeTimeout` | Scrape timeout. If not set, the Prometheus default scrape timeout is used | `nil` | +| `metrics.prometheusRule.enabled` | Set this to true to create prometheusRules for Prometheus operator | `false` | +| `metrics.prometheusRule.additionalLabels` | Additional labels that can be used so prometheusRules will be discovered by Prometheus | `{}` | +| `metrics.prometheusRule.namespace` | namespace where prometheusRules resource should be created | the same namespace as postgresql | +| `metrics.prometheusRule.rules` | [rules](https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/) to be created, check values for an example. | `[]` | +| `metrics.image.registry` | PostgreSQL Exporter Image registry | `docker.io` | +| `metrics.image.repository` | PostgreSQL Exporter Image name | `bitnami/postgres-exporter` | +| `metrics.image.tag` | PostgreSQL Exporter Image tag | `{TAG_NAME}` | +| `metrics.image.pullPolicy` | PostgreSQL Exporter Image pull policy | `IfNotPresent` | +| `metrics.image.pullSecrets` | Specify Image pull secrets | `nil` (does not add image pull secrets to deployed pods) | +| `metrics.customMetrics` | Additional custom metrics | `nil` | +| `metrics.extraEnvVars` | Extra environment variables to add to exporter | `{}` (evaluated as a template) | +| `metrics.securityContext.enabled` | Enable security context for metrics | `false` | +| `metrics.securityContext.runAsUser` | User ID for the container for metrics | `1001` | +| `metrics.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 30 | +| `metrics.livenessProbe.periodSeconds` | How often to perform the probe | 10 | +| `metrics.livenessProbe.timeoutSeconds` | When the probe times out | 5 | +| `metrics.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | +| `metrics.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | +| `metrics.readinessProbe.enabled` | would you like a readinessProbe to be enabled | `true` | +| `metrics.readinessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 5 | +| `metrics.readinessProbe.periodSeconds` | How often to perform the probe | 10 | +| `metrics.readinessProbe.timeoutSeconds` | When the probe times out | 5 | +| `metrics.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | +| `metrics.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | +| `updateStrategy` | Update strategy policy | `{type: "RollingUpdate"}` | +| `psp.create` | Create Pod Security Policy | `false` | +| `rbac.create` | Create Role and RoleBinding (required for PSP to work) | `false` | + + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```console +$ helm install my-release \ + --set postgresqlPassword=secretpassword,postgresqlDatabase=my-database \ + bitnami/postgresql +``` + +The above command sets the PostgreSQL `postgres` account password to `secretpassword`. Additionally it creates a database named `my-database`. + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, + +```console +$ helm install my-release -f values.yaml bitnami/postgresql +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) + +## Configuration and installation details + +### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) + +It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. + +Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. + +### Production configuration and horizontal scaling + +This chart includes a `values-production.yaml` file where you can find some parameters oriented to production configuration in comparison to the regular `values.yaml`. You can use this file instead of the default one. + +- Enable replication: +```diff +- replication.enabled: false ++ replication.enabled: true +``` + +- Number of slaves replicas: +```diff +- replication.slaveReplicas: 1 ++ replication.slaveReplicas: 2 +``` + +- Set synchronous commit mode: +```diff +- replication.synchronousCommit: "off" ++ replication.synchronousCommit: "on" +``` + +- Number of replicas that will have synchronous replication: +```diff +- replication.numSynchronousReplicas: 0 ++ replication.numSynchronousReplicas: 1 +``` + +- Start a prometheus exporter: +```diff +- metrics.enabled: false ++ metrics.enabled: true +``` + +To horizontally scale this chart, you can use the `--replicas` flag to modify the number of nodes in your PostgreSQL deployment. Also you can use the `values-production.yaml` file or modify the parameters shown above. + +### Customizing Master and Slave services in a replicated configuration + +At the top level, there is a service object which defines the services for both master and slave. For deeper customization, there are service objects for both the master and slave types individually. This allows you to override the values in the top level service object so that the master and slave can be of different service types and with different clusterIPs / nodePorts. Also in the case you want the master and slave to be of type nodePort, you will need to set the nodePorts to different values to prevent a collision. The values that are deeper in the master.service or slave.service objects will take precedence over the top level service object. + +### Change PostgreSQL version + +To modify the PostgreSQL version used in this chart you can specify a [valid image tag](https://hub.docker.com/r/bitnami/postgresql/tags/) using the `image.tag` parameter. For example, `image.tag=X.Y.Z`. This approach is also applicable to other images like exporters. + +### postgresql.conf / pg_hba.conf files as configMap + +This helm chart also supports to customize the whole configuration file. + +Add your custom file to "files/postgresql.conf" in your working directory. This file will be mounted as configMap to the containers and it will be used for configuring the PostgreSQL server. + +Alternatively, you can specify PostgreSQL configuration parameters using the `postgresqlConfiguration` parameter as a dict, using camelCase, e.g. {"sharedBuffers": "500MB"}. + +In addition to these options, you can also set an external ConfigMap with all the configuration files. This is done by setting the `configurationConfigMap` parameter. Note that this will override the two previous options. + +### Allow settings to be loaded from files other than the default `postgresql.conf` + +If you don't want to provide the whole PostgreSQL configuration file and only specify certain parameters, you can add your extended `.conf` files to "files/conf.d/" in your working directory. +Those files will be mounted as configMap to the containers adding/overwriting the default configuration using the `include_dir` directive that allows settings to be loaded from files other than the default `postgresql.conf`. + +Alternatively, you can also set an external ConfigMap with all the extra configuration files. This is done by setting the `extendedConfConfigMap` parameter. Note that this will override the previous option. + +### Initialize a fresh instance + +The [Bitnami PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) image allows you to use your custom scripts to initialize a fresh instance. In order to execute the scripts, they must be located inside the chart folder `files/docker-entrypoint-initdb.d` so they can be consumed as a ConfigMap. + +Alternatively, you can specify custom scripts using the `initdbScripts` parameter as dict. + +In addition to these options, you can also set an external ConfigMap with all the initialization scripts. This is done by setting the `initdbScriptsConfigMap` parameter. Note that this will override the two previous options. If your initialization scripts contain sensitive information such as credentials or passwords, you can use the `initdbScriptsSecret` parameter. + +The allowed extensions are `.sh`, `.sql` and `.sql.gz`. + +### Securing traffic using TLS + +TLS support can be enabled in the chart by specifying the `tls.` parameters while creating a release. The following parameters should be configured to properly enable the TLS support in the chart: + +- `tls.enabled`: Enable TLS support. Defaults to `false` +- `tls.certificatesSecret`: Name of an existing secret that contains the certificates. No defaults. +- `tls.certFilename`: Certificate filename. No defaults. +- `tls.certKeyFilename`: Certificate key filename. No defaults. + +For example: + +* First, create the secret with the cetificates files: + + ```console + kubectl create secret generic certificates-tls-secret --from-file=./cert.crt --from-file=./cert.key --from-file=./ca.crt + ``` + +* Then, use the following parameters: + + ```console + volumePermissions.enabled=true + tls.enabled=true + tls.certificatesSecret="certificates-tls-secret" + tls.certFilename="cert.crt" + tls.certKeyFilename="cert.key" + ``` + + > Note TLS and VolumePermissions: PostgreSQL requires certain permissions on sensitive files (such as certificate keys) to start up. Due to an on-going [issue](https://github.com/kubernetes/kubernetes/issues/57923) regarding kubernetes permissions and the use of `securityContext.runAsUser`, you must enable `volumePermissions` to ensure everything works as expected. + +### Sidecars + +If you need additional containers to run within the same pod as PostgreSQL (e.g. an additional metrics or logging exporter), you can do so via the `sidecars` config parameter. Simply define your container according to the Kubernetes container spec. + +```yaml +# For the PostgreSQL master +master: + sidecars: + - name: your-image-name + image: your-image + imagePullPolicy: Always + ports: + - name: portname + containerPort: 1234 +# For the PostgreSQL replicas +slave: + sidecars: + - name: your-image-name + image: your-image + imagePullPolicy: Always + ports: + - name: portname + containerPort: 1234 +``` + +### Metrics + +The chart optionally can start a metrics exporter for [prometheus](https://prometheus.io). The metrics endpoint (port 9187) is not exposed and it is expected that the metrics are collected from inside the k8s cluster using something similar as the described in the [example Prometheus scrape configuration](https://github.com/prometheus/prometheus/blob/master/documentation/examples/prometheus-kubernetes.yml). + +The exporter allows to create custom metrics from additional SQL queries. See the Chart's `values.yaml` for an example and consult the [exporters documentation](https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file) for more details. + +### Use of global variables + +In more complex scenarios, we may have the following tree of dependencies + +``` + +--------------+ + | | + +------------+ Chart 1 +-----------+ + | | | | + | --------+------+ | + | | | + | | | + | | | + | | | + v v v ++-------+------+ +--------+------+ +--------+------+ +| | | | | | +| PostgreSQL | | Sub-chart 1 | | Sub-chart 2 | +| | | | | | ++--------------+ +---------------+ +---------------+ +``` + +The three charts below depend on the parent chart Chart 1. However, subcharts 1 and 2 may need to connect to PostgreSQL as well. In order to do so, subcharts 1 and 2 need to know the PostgreSQL credentials, so one option for deploying could be deploy Chart 1 with the following parameters: + +``` +postgresql.postgresqlPassword=testtest +subchart1.postgresql.postgresqlPassword=testtest +subchart2.postgresql.postgresqlPassword=testtest +postgresql.postgresqlDatabase=db1 +subchart1.postgresql.postgresqlDatabase=db1 +subchart2.postgresql.postgresqlDatabase=db1 +``` + +If the number of dependent sub-charts increases, installing the chart with parameters can become increasingly difficult. An alternative would be to set the credentials using global variables as follows: + +``` +global.postgresql.postgresqlPassword=testtest +global.postgresql.postgresqlDatabase=db1 +``` + +This way, the credentials will be available in all of the subcharts. + +## Persistence + +The [Bitnami PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) image stores the PostgreSQL data and configurations at the `/bitnami/postgresql` path of the container. + +Persistent Volume Claims are used to keep the data across deployments. This is known to work in GCE, AWS, and minikube. +See the [Parameters](#parameters) section to configure the PVC or to disable persistence. + +If you already have data in it, you will fail to sync to standby nodes for all commits, details can refer to [code](https://github.com/bitnami/bitnami-docker-postgresql/blob/8725fe1d7d30ebe8d9a16e9175d05f7ad9260c93/9.6/debian-9/rootfs/libpostgresql.sh#L518-L556). If you need to use those data, please covert them to sql and import after `helm install` finished. + +## NetworkPolicy + +To enable network policy for PostgreSQL, install [a networking plugin that implements the Kubernetes NetworkPolicy spec](https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy#before-you-begin), and set `networkPolicy.enabled` to `true`. + +For Kubernetes v1.5 & v1.6, you must also turn on NetworkPolicy by setting the DefaultDeny namespace annotation. Note: this will enforce policy for _all_ pods in the namespace: + +```console +$ kubectl annotate namespace default "net.beta.kubernetes.io/network-policy={\"ingress\":{\"isolation\":\"DefaultDeny\"}}" +``` + +With NetworkPolicy enabled, traffic will be limited to just port 5432. + +For more precise policy, set `networkPolicy.allowExternal=false`. This will only allow pods with the generated client label to connect to PostgreSQL. +This label will be displayed in the output of a successful install. + +## Differences between Bitnami PostgreSQL image and [Docker Official](https://hub.docker.com/_/postgres) image + +- The Docker Official PostgreSQL image does not support replication. If you pass any replication environment variable, this would be ignored. The only environment variables supported by the Docker Official image are POSTGRES_USER, POSTGRES_DB, POSTGRES_PASSWORD, POSTGRES_INITDB_ARGS, POSTGRES_INITDB_WALDIR and PGDATA. All the remaining environment variables are specific to the Bitnami PostgreSQL image. +- The Bitnami PostgreSQL image is non-root by default. This requires that you run the pod with `securityContext` and updates the permissions of the volume with an `initContainer`. A key benefit of this configuration is that the pod follows security best practices and is prepared to run on Kubernetes distributions with hard security constraints like OpenShift. +- For OpenShift, one may either define the runAsUser and fsGroup accordingly, or try this more dynamic option: volumePermissions.securityContext.runAsUser="auto",securityContext.enabled=false,shmVolume.chmod.enabled=false + +### Deploy chart using Docker Official PostgreSQL Image + +From chart version 4.0.0, it is possible to use this chart with the Docker Official PostgreSQL image. +Besides specifying the new Docker repository and tag, it is important to modify the PostgreSQL data directory and volume mount point. Basically, the PostgreSQL data dir cannot be the mount point directly, it has to be a subdirectory. + +``` +image.repository=postgres +image.tag=10.6 +postgresqlDataDir=/data/pgdata +persistence.mountPath=/data/ +``` + +## Upgrade + +It's necessary to specify the existing passwords while performing an upgrade to ensure the secrets are not updated with invalid randomly generated passwords. Remember to specify the existing values of the `postgresqlPassword` and `replication.password` parameters when upgrading the chart: + +```bash +$ helm upgrade my-release stable/postgresql \ + --set postgresqlPassword=[POSTGRESQL_PASSWORD] \ + --set replication.password=[REPLICATION_PASSWORD] +``` + +> Note: you need to substitute the placeholders _[POSTGRESQL_PASSWORD]_, and _[REPLICATION_PASSWORD]_ with the values obtained from instructions in the installation notes. + +## 9.0.0 + +In this version the chart was adapted to follow the Helm label best practices, see [PR 3021](https://github.com/bitnami/charts/pull/3021). That means the backward compatibility is not guarantee when upgrading the chart to this major version. + +As a workaround, you can delete the existing statefulset (using the `--cascade=false` flag pods are not deleted) before upgrade the chart. For example, this can be a valid workflow: + +- Deploy an old version (8.X.X) +```console +$ helm install postgresql bitnami/postgresql --version 8.10.14 +``` + +- Old version is up and running +```console +$ helm ls +NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION +postgresql default 1 2020-08-04 13:39:54.783480286 +0000 UTC deployed postgresql-8.10.14 11.8.0 + +$ kubectl get pods +NAME READY STATUS RESTARTS AGE +postgresql-postgresql-0 1/1 Running 0 76s +``` + +- The upgrade to the latest one (9.X.X) is going to fail +```console +$ helm upgrade postgresql bitnami/postgresql +Error: UPGRADE FAILED: cannot patch "postgresql-postgresql" with kind StatefulSet: StatefulSet.apps "postgresql-postgresql" is invalid: spec: Forbidden: updates to statefulset spec for fields other than 'replicas', 'template', and 'updateStrategy' are forbidden +``` + +- Delete the statefulset +```console +$ kubectl delete statefulsets.apps --cascade=false postgresql-postgresql +statefulset.apps "postgresql-postgresql" deleted +``` + +- Now the upgrade works +```cosnole +$ helm upgrade postgresql bitnami/postgresql +$ helm ls +NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION +postgresql default 3 2020-08-04 13:42:08.020385884 +0000 UTC deployed postgresql-9.1.2 11.8.0 +``` + +- We can kill the existing pod and the new statefulset is going to create a new one: +```console +$ kubectl delete pod postgresql-postgresql-0 +pod "postgresql-postgresql-0" deleted + +$ kubectl get pods +NAME READY STATUS RESTARTS AGE +postgresql-postgresql-0 1/1 Running 0 19s +``` + +Please, note that without the `--cascade=false` both objects (statefulset and pod) are going to be removed and both objects will be deployed again with the `helm upgrade` command + +## 8.0.0 + +Prefixes the port names with their protocols to comply with Istio conventions. + +If you depend on the port names in your setup, make sure to update them to reflect this change. + +## 7.1.0 + +Adds support for LDAP configuration. + +## 7.0.0 + +Helm performs a lookup for the object based on its group (apps), version (v1), and kind (Deployment). Also known as its GroupVersionKind, or GVK. Changing the GVK is considered a compatibility breaker from Kubernetes' point of view, so you cannot "upgrade" those objects to the new GVK in-place. Earlier versions of Helm 3 did not perform the lookup correctly which has since been fixed to match the spec. + +In https://github.com/helm/charts/pull/17281 the `apiVersion` of the statefulset resources was updated to `apps/v1` in tune with the api's deprecated, resulting in compatibility breakage. + +This major version bump signifies this change. + +## 6.5.7 + +In this version, the chart will use PostgreSQL with the Postgis extension included. The version used with Postgresql version 10, 11 and 12 is Postgis 2.5. It has been compiled with the following dependencies: + +- protobuf +- protobuf-c +- json-c +- geos +- proj + +## 5.0.0 + +In this version, the **chart is using PostgreSQL 11 instead of PostgreSQL 10**. You can find the main difference and notable changes in the following links: [https://www.postgresql.org/about/news/1894/](https://www.postgresql.org/about/news/1894/) and [https://www.postgresql.org/about/featurematrix/](https://www.postgresql.org/about/featurematrix/). + +For major releases of PostgreSQL, the internal data storage format is subject to change, thus complicating upgrades, you can see some errors like the following one in the logs: + +```console +Welcome to the Bitnami postgresql container +Subscribe to project updates by watching https://github.com/bitnami/bitnami-docker-postgresql +Submit issues and feature requests at https://github.com/bitnami/bitnami-docker-postgresql/issues +Send us your feedback at containers@bitnami.com + +INFO ==> ** Starting PostgreSQL setup ** +NFO ==> Validating settings in POSTGRESQL_* env vars.. +INFO ==> Initializing PostgreSQL database... +INFO ==> postgresql.conf file not detected. Generating it... +INFO ==> pg_hba.conf file not detected. Generating it... +INFO ==> Deploying PostgreSQL with persisted data... +INFO ==> Configuring replication parameters +INFO ==> Loading custom scripts... +INFO ==> Enabling remote connections +INFO ==> Stopping PostgreSQL... +INFO ==> ** PostgreSQL setup finished! ** + +INFO ==> ** Starting PostgreSQL ** + [1] FATAL: database files are incompatible with server + [1] DETAIL: The data directory was initialized by PostgreSQL version 10, which is not compatible with this version 11.3. +``` + +In this case, you should migrate the data from the old chart to the new one following an approach similar to that described in [this section](https://www.postgresql.org/docs/current/upgrading.html#UPGRADING-VIA-PGDUMPALL) from the official documentation. Basically, create a database dump in the old chart, move and restore it in the new one. + +### 4.0.0 + +This chart will use by default the Bitnami PostgreSQL container starting from version `10.7.0-r68`. This version moves the initialization logic from node.js to bash. This new version of the chart requires setting the `POSTGRES_PASSWORD` in the slaves as well, in order to properly configure the `pg_hba.conf` file. Users from previous versions of the chart are advised to upgrade immediately. + +IMPORTANT: If you do not want to upgrade the chart version then make sure you use the `10.7.0-r68` version of the container. Otherwise, you will get this error + +``` +The POSTGRESQL_PASSWORD environment variable is empty or not set. Set the environment variable ALLOW_EMPTY_PASSWORD=yes to allow the container to be started with blank passwords. This is recommended only for development +``` + +### 3.0.0 + +This releases make it possible to specify different nodeSelector, affinity and tolerations for master and slave pods. +It also fixes an issue with `postgresql.master.fullname` helper template not obeying fullnameOverride. + +#### Breaking changes + +- `affinty` has been renamed to `master.affinity` and `slave.affinity`. +- `tolerations` has been renamed to `master.tolerations` and `slave.tolerations`. +- `nodeSelector` has been renamed to `master.nodeSelector` and `slave.nodeSelector`. + +### 2.0.0 + +In order to upgrade from the `0.X.X` branch to `1.X.X`, you should follow the below steps: + + - Obtain the service name (`SERVICE_NAME`) and password (`OLD_PASSWORD`) of the existing postgresql chart. You can find the instructions to obtain the password in the NOTES.txt, the service name can be obtained by running + +```console +$ kubectl get svc +``` + +- Install (not upgrade) the new version + +```console +$ helm repo update +$ helm install my-release bitnami/postgresql +``` + +- Connect to the new pod (you can obtain the name by running `kubectl get pods`): + +```console +$ kubectl exec -it NAME bash +``` + +- Once logged in, create a dump file from the previous database using `pg_dump`, for that we should connect to the previous postgresql chart: + +```console +$ pg_dump -h SERVICE_NAME -U postgres DATABASE_NAME > /tmp/backup.sql +``` + +After run above command you should be prompted for a password, this password is the previous chart password (`OLD_PASSWORD`). +This operation could take some time depending on the database size. + +- Once you have the backup file, you can restore it with a command like the one below: + +```console +$ psql -U postgres DATABASE_NAME < /tmp/backup.sql +``` + +In this case, you are accessing to the local postgresql, so the password should be the new one (you can find it in NOTES.txt). + +If you want to restore the database and the database schema does not exist, it is necessary to first follow the steps described below. + +```console +$ psql -U postgres +postgres=# drop database DATABASE_NAME; +postgres=# create database DATABASE_NAME; +postgres=# create user USER_NAME; +postgres=# alter role USER_NAME with password 'BITNAMI_USER_PASSWORD'; +postgres=# grant all privileges on database DATABASE_NAME to USER_NAME; +postgres=# alter database DATABASE_NAME owner to USER_NAME; +``` diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/.helmignore b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/.helmignore new file mode 100644 index 000000000..50af03172 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/Chart.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/Chart.yaml new file mode 100644 index 000000000..e6bac7873 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/Chart.yaml @@ -0,0 +1,20 @@ +annotations: + category: Infrastructure +apiVersion: v1 +appVersion: 0.6.2 +description: A Library Helm Chart for grouping common logic between bitnami charts. This chart is not deployable by itself. +home: http://www.bitnami.com/ +icon: https://bitnami.com/downloads/logos/bitnami-mark.png +keywords: +- common +- helper +- template +- function +- bitnami +maintainers: +- email: containers@bitnami.com + name: Bitnami +name: common +sources: +- https://github.com/bitnami/charts +version: 0.6.2 diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/README.md b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/README.md new file mode 100644 index 000000000..e04391a3f --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/README.md @@ -0,0 +1,274 @@ +# Bitnami Common Library Chart + +A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between bitnami charts. + +## TL;DR + +```yaml +dependencies: + - name: common + version: 0.x.x + repository: https://charts.bitnami.com/bitnami +``` + +```bash +$ helm dependency update +``` + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.names.fullname" . }} +data: + myvalue: "Hello World" +``` + +## Introduction + +This chart provides a common template helpers which can be used to develop new charts using [Helm](https://helm.sh) package manager. + +Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This Helm chart has been tested on top of [Bitnami Kubernetes Production Runtime](https://kubeprod.io/) (BKPR). Deploy BKPR to get automated TLS certificates, logging and monitoring for your applications. + +## Prerequisites + +- Kubernetes 1.12+ +- Helm 2.12+ or Helm 3.0-beta3+ + +## Parameters + +The following table lists the helpers available in the library which are scoped in different sections. + +**Names** + +| Helper identifier | Description | Expected Input | +|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.names.name` | Expand the name of the chart or use `.Values.nameOverride` | `.` Chart context | +| `common.names.fullname` | Create a default fully qualified app name. | `.` Chart context | +| `common.names.chart` | Chart name plus version | `.` Chart context | + +**Images** + +| Helper identifier | Description | Expected Input | +|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.images.image` | Return the proper and full image name | `dict "imageRoot" .Values.path.to.the.image "global" $`, see [ImageRoot](#imageroot) for the structure. | +| `common.images.pullSecrets` | Return the proper Docker Image Registry Secret Names | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global` | + +**Labels** + +| Helper identifier | Description | Expected Input | +|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.labels.standard` | Return Kubernetes standard labels | `.` Chart context | +| `common.labels.matchLabels` | Return the proper Docker Image Registry Secret Names | `.` Chart context | + +**Storage** + +| Helper identifier | Description | Expected Input | +|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.storage.class` | Return the proper Storage Class | `dict "persistence" .Values.path.to.the.persistence "global" $`, see [Persistence](#persistence) for the structure. | + +**TplValues** + +| Helper identifier | Description | Expected Input | +|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.tplvalues.render` | Renders a value that contains template | `dict "value" .Values.path.to.the.Value "context" $`, value is the value should rendered as template, context frecuently is the chart context `$` or `.` | + +**Capabilities** + +| Helper identifier | Description | Expected Input | +|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.capabilities.deployment.apiVersion` | Return the appropriate apiVersion for deployment. | `.` Chart context | +| `common.capabilities.ingress.apiVersion` | Return the appropriate apiVersion for ingress. | `.` Chart context | + +**Validations** + +| Helper identifier | Description | Expected Input | +|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.validations.values.single.empty` | Validate a value must not be empty. | `dict "valueKey" "path.to.value" "secret" "secret.name" "field" "my-password" "context" $` secret and field are optional. In case they are given, the helper will generate a how to get instruction. See [ValidateValue](#validatevalue) | +| `common.validations.values.multiple.empty` | Validate a multiple values must not be empty. It returns a shared error for all the values. | `dict "required" (list $validateValueConf00 $validateValueConf01) "context" $`. See [ValidateValue](#validatevalue) | +| `common.validations.values.mariadb.passwords` | When a chart is using `bitnami/mariadb` as subchart you should use this to validate required password are not empty. It returns a shared error for all the values. | `dict "secret" "mariadb-secret" "context" $` | +| `common.validations.values.postgresql.passwords` | This helper will ensure required password are not empty. It returns a shared error for all the values. | `dict "secret" "postgresql-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use postgresql chart and the helper. | + +**Warnings** + +| Helper identifier | Description | Expected Input | +|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.warnings.rollingTag` | Warning about using rolling tag. | `ImageRoot` see [ImageRoot](#imageroot) for the structure. | + +**Errors** + +| Helper identifier | Description | Expected Input | +|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.errors.upgrade.passwords.empty` | It will ensure required passwords are given when we are upgrading a chart. If `validationErrors` is not empty it will throw an error and will stop the upgrade action. | `dict "validationErrors" (list $validationError00 $validationError01) "context" $` | + +**Utils** + +| Helper identifier | Description | Expected Input | +|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.utils.fieldToEnvVar` | Build environment variable name given a field. | `dict "field" "my-password"` | +| `common.utils.secret.getvalue` | Print instructions to get a secret value. | `dict "secret" "secret-name" "field" "secret-value-field" "context" $` | + +**Secrets** + +| Helper identifier | Description | Expected Input | +|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.secrets.name` | Generate the name of the secret. | `dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $` see [ExistingSecret](#existingsecret) for the structure. | +| `common.secrets.key` | Generate secret key. | `dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName"` see [ExistingSecret](#existingsecret) for the structure. | + +## Special input schemas + +### ImageRoot + +```yaml +registry: + type: string + description: Docker registry where the image is located + example: docker.io + +repository: + type: string + description: Repository and image name + example: bitnami/nginx + +tag: + type: string + description: image tag + example: 1.16.1-debian-10-r63 + +pullPolicy: + type: string + description: Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + +pullSecrets: + type: array + items: + type: string + description: Optionally specify an array of imagePullSecrets. + +debug: + type: boolean + description: Set to true if you would like to see extra information on logs + example: false + +## An instance would be: +# registry: docker.io +# repository: bitnami/nginx +# tag: 1.16.1-debian-10-r63 +# pullPolicy: IfNotPresent +# debug: false +``` + +### Persistence + +```yaml +enabled: + type: boolean + description: Whether enable persistence. + example: true + +storageClass: + type: string + description: Ghost data Persistent Volume Storage Class, If set to "-", storageClassName: "" which disables dynamic provisioning. + example: "-" + +accessMode: + type: string + description: Access mode for the Persistent Volume Storage. + example: ReadWriteOnce + +size: + type: string + description: Size the Persistent Volume Storage. + example: 8Gi + +path: + type: string + description: Path to be persisted. + example: /bitnami + +## An instance would be: +# enabled: true +# storageClass: "-" +# accessMode: ReadWriteOnce +# size: 8Gi +# path: /bitnami +``` + +### ExistingSecret +```yaml +name: + type: string + description: Name of the existing secret. + example: mySecret +keyMapping: + description: Mapping between the expected key name and the name of the key in the existing secret. + type: object + +## An instance would be: +# name: mySecret +# keyMapping: +# password: myPasswordKey +``` + +**Example of use** + +When we store sensitive data for a deployment in a secret, some times we want to give to users the possiblity of using theirs existing secrets. + +```yaml +# templates/secret.yaml +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" . }} + labels: + app: {{ include "common.names.fullname" . }} +type: Opaque +data: + password: {{ .Values.password | b64enc | quote }} + +# templates/dpl.yaml +--- +... + env: + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "common.secrets.name" (dict "existingSecret" .Values.existingSecret "context" $) }} + key: {{ include "common.secrets.key" (dict "existingSecret" .Values.existingSecret "key" "password") }} +... + +# values.yaml +--- +name: mySecret +keyMapping: + password: myPasswordKey +``` + +### ValidateValue + +**NOTES.txt** + +``` +{{- $validateValueConf00 := (dict "valueKey" "path.to.value00" "secret" "secretName" "field" "password-00") -}} +{{- $validateValueConf01 := (dict "valueKey" "path.to.value01" "secret" "secretName" "field" "password-01") -}} + +{{ include "common.validations.values.multiple.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} +``` + +If we force those values to be empty we will see some alerts + +```console +$ helm install test mychart --set path.to.value00="",path.to.value01="" + 'path.to.value00' must not be empty, please add '--set path.to.value00=$PASSWORD_00' to the command. To get the current value: + + export PASSWORD_00=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-00}" | base64 --decode) + + 'path.to.value01' must not be empty, please add '--set path.to.value01=$PASSWORD_01' to the command. To get the current value: + + export PASSWORD_01=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-01}" | base64 --decode) +``` + +## Notable changes + +N/A diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_capabilities.tpl b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_capabilities.tpl new file mode 100644 index 000000000..c0ea2c70c --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_capabilities.tpl @@ -0,0 +1,22 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Return the appropriate apiVersion for deployment. +*/}} +{{- define "common.capabilities.deployment.apiVersion" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for ingress. +*/}} +{{- define "common.capabilities.ingress.apiVersion" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1beta1" -}} +{{- end -}} +{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_errors.tpl b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_errors.tpl new file mode 100644 index 000000000..d6d3ec65a --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_errors.tpl @@ -0,0 +1,20 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Through error when upgrading using empty passwords values that must not be empty. + +Usage: +{{- $validationError00 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password00" "secret" "secretName" "field" "password-00") -}} +{{- $validationError01 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password01" "secret" "secretName" "field" "password-01") -}} +{{ include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $validationError00 $validationError01) "context" $) }} + +Required password params: + - validationErrors - String - Required. List of validation strings to be return, if it is empty it won't throw error. + - context - Context - Required. Parent context. +*/}} +{{- define "common.errors.upgrade.passwords.empty" -}} + {{- $validationErrors := join "" .validationErrors -}} + {{- if and $validationErrors .context.Release.IsUpgrade -}} + {{- $errorString := "\nPASSWORDS ERROR: you must provide your current passwords when upgrade the release%s" -}} + {{- printf $errorString $validationErrors | fail -}} + {{- end -}} +{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_images.tpl b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_images.tpl new file mode 100644 index 000000000..aafde9f3b --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_images.tpl @@ -0,0 +1,43 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Return the proper image name +{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" $) }} +*/}} +{{- define "common.images.image" -}} +{{- $registryName := .imageRoot.registry -}} +{{- $repositoryName := .imageRoot.repository -}} +{{- $tag := .imageRoot.tag | toString -}} +{{- if .global }} + {{- if .global.imageRegistry }} + {{- $registryName = .global.imageRegistry -}} + {{- end -}} +{{- end -}} +{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +{{ include "common.images.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global) }} +*/}} +{{- define "common.images.pullSecrets" -}} + {{- $pullSecrets := list }} + + {{- if .global }} + {{- range .global.imagePullSecrets -}} + {{- $pullSecrets = append $pullSecrets . -}} + {{- end -}} + {{- end -}} + + {{- range .images -}} + {{- range .pullSecrets -}} + {{- $pullSecrets = append $pullSecrets . -}} + {{- end -}} + {{- end -}} + + {{- if (not (empty $pullSecrets)) }} +imagePullSecrets: + {{- range $pullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} +{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_labels.tpl b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_labels.tpl new file mode 100644 index 000000000..252066c7e --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_labels.tpl @@ -0,0 +1,18 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Kubernetes standard labels +*/}} +{{- define "common.labels.standard" -}} +app.kubernetes.io/name: {{ include "common.names.name" . }} +helm.sh/chart: {{ include "common.names.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector +*/}} +{{- define "common.labels.matchLabels" -}} +app.kubernetes.io/name: {{ include "common.names.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_names.tpl b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_names.tpl new file mode 100644 index 000000000..adf2a74f4 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_names.tpl @@ -0,0 +1,32 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "common.names.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "common.names.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "common.names.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_secrets.tpl b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_secrets.tpl new file mode 100644 index 000000000..d6165a294 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_secrets.tpl @@ -0,0 +1,49 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Generate secret name. + +Usage: +{{ include "common.secrets.name" (dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $) }} + +Params: + - existingSecret - ExistingSecret - Optional. The path to the existing secrets in the values.yaml given by the user + to be used istead of the default one. +info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret + - defaultNameSuffix - String - Optional. It is used only if we have several secrets in the same deployment. + - context - Dict - Required. The context for the template evaluation. +*/}} +{{- define "common.secrets.name" -}} +{{- $name := (include "common.names.fullname" .context) -}} + +{{- if .defaultNameSuffix -}} +{{- $name = cat $name .defaultNameSuffix -}} +{{- end -}} + +{{- with .existingSecret -}} +{{- $name = .name -}} +{{- end -}} + +{{- printf "%s" $name -}} +{{- end -}} + +{{/* +Generate secret key. + +Usage: +{{ include "common.secrets.key" (dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName") }} + +Params: + - existingSecret - ExistingSecret - Optional. The path to the existing secrets in the values.yaml given by the user + to be used istead of the default one. +info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret + - key - String - Required. Name of the key in the secret. +*/}} +{{- define "common.secrets.key" -}} +{{- $key := .key -}} + +{{- if .existingSecret -}} + {{- if .existingSecret.keyMapping -}} + {{- $key = index .existingSecret.keyMapping $.key -}} + {{- end -}} +{{- end -}} + +{{- printf "%s" $key -}} +{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_storage.tpl b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_storage.tpl new file mode 100644 index 000000000..60e2a844f --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_storage.tpl @@ -0,0 +1,23 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Return the proper Storage Class +{{ include "common.storage.class" ( dict "persistence" .Values.path.to.the.persistence "global" $) }} +*/}} +{{- define "common.storage.class" -}} + +{{- $storageClass := .persistence.storageClass -}} +{{- if .global -}} + {{- if .global.storageClass -}} + {{- $storageClass = .global.storageClass -}} + {{- end -}} +{{- end -}} + +{{- if $storageClass -}} + {{- if (eq "-" $storageClass) -}} + {{- printf "storageClassName: \"\"" -}} + {{- else }} + {{- printf "storageClassName: %s" $storageClass -}} + {{- end -}} +{{- end -}} + +{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_tplvalues.tpl b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_tplvalues.tpl new file mode 100644 index 000000000..2db166851 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_tplvalues.tpl @@ -0,0 +1,13 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Renders a value that contains template. +Usage: +{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $) }} +*/}} +{{- define "common.tplvalues.render" -}} + {{- if typeIs "string" .value }} + {{- tpl .value .context }} + {{- else }} + {{- tpl (.value | toYaml) .context }} + {{- end }} +{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_utils.tpl b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_utils.tpl new file mode 100644 index 000000000..7d02f2ef6 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_utils.tpl @@ -0,0 +1,26 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Print instructions to get a secret value. +Usage: +{{ include "common.utils.secret.getvalue" (dict "secret" "secret-name" "field" "secret-value-field" "context" $) }} +*/}} +{{- define "common.utils.secret.getvalue" -}} +{{- $varname := include "common.utils.fieldToEnvVar" . -}} +export {{ $varname }}=$(kubectl get secret --namespace {{ .context.Release.Namespace }} {{ .secret }} -o jsonpath="{.data.{{ .field }}}" | base64 --decode) +{{- end -}} + +{{/* +Build env var name given a field +Usage: +{{ include "common.utils.fieldToEnvVar" dict "field" "my-password" }} +*/}} +{{- define "common.utils.fieldToEnvVar" -}} + {{- $fieldNameSplit := splitList "-" .field -}} + {{- $upperCaseFieldNameSplit := list -}} + + {{- range $fieldNameSplit -}} + {{- $upperCaseFieldNameSplit = append $upperCaseFieldNameSplit ( upper . ) -}} + {{- end -}} + + {{ join "_" $upperCaseFieldNameSplit }} +{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_validations.tpl b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_validations.tpl new file mode 100644 index 000000000..62635b30e --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_validations.tpl @@ -0,0 +1,219 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate values must not be empty. + +Usage: +{{- $validateValueConf00 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-00") -}} +{{- $validateValueConf01 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-01") -}} +{{ include "common.validations.values.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} + +Validate value params: + - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" + - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" + - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" +*/}} +{{- define "common.validations.values.multiple.empty" -}} + {{- range .required -}} + {{- include "common.validations.values.single.empty" (dict "valueKey" .valueKey "secret" .secret "field" .field "context" $.context) -}} + {{- end -}} +{{- end -}} + + +{{/* +Validate a value must not be empty. + +Usage: +{{ include "common.validations.value.empty" (dict "valueKey" "mariadb.password" "secret" "secretName" "field" "my-password" "context" $) }} + +Validate value params: + - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" + - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" + - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" +*/}} +{{- define "common.validations.values.single.empty" -}} + {{- $valueKeyArray := splitList "." .valueKey -}} + {{- $value := "" -}} + {{- $latestObj := $.context.Values -}} + {{- range $valueKeyArray -}} + {{- if not $latestObj -}} + {{- printf "please review the entire path of '%s' exists in values" $.valueKey | fail -}} + {{- end -}} + + {{- $value = ( index $latestObj . ) -}} + {{- $latestObj = $value -}} + {{- end -}} + + {{- if not $value -}} + {{- $varname := "my-value" -}} + {{- $getCurrentValue := "" -}} + {{- if and .secret .field -}} + {{- $varname = include "common.utils.fieldToEnvVar" . -}} + {{- $getCurrentValue = printf " To get the current value:\n\n %s\n" (include "common.utils.secret.getvalue" .) -}} + {{- end -}} + + {{- printf "\n '%s' must not be empty, please add '--set %s=$%s' to the command.%s" .valueKey .valueKey $varname $getCurrentValue -}} + {{- end -}} +{{- end -}} + +{{/* +Validate a mariadb required password must not be empty. + +Usage: +{{ include "common.validations.values.mariadb.passwords" (dict "secret" "secretName" "context" $) }} + +Validate value params: + - secret - String - Required. Name of the secret where mysql values are stored, e.g: "mysql-passwords-secret" +*/}} +{{- define "common.validations.values.mariadb.passwords" -}} + {{- if and (not .context.Values.mariadb.existingSecret) .context.Values.mariadb.enabled -}} + {{- $requiredPasswords := list -}} + + {{- if .context.Values.mariadb.secret.requirePasswords -}} + {{- $requiredRootMariadbPassword := dict "valueKey" "mariadb.rootUser.password" "secret" .secretName "field" "mariadb-root-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRootMariadbPassword -}} + + {{- if not (empty .context.Values.mariadb.db.user) -}} + {{- $requiredMariadbPassword := dict "valueKey" "mariadb.db.password" "secret" .secretName "field" "mariadb-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredMariadbPassword -}} + {{- end -}} + + {{- if .context.Values.mariadb.replication.enabled -}} + {{- $requiredReplicationPassword := dict "valueKey" "mariadb.replication.password" "secret" .secretName "field" "mariadb-replication-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + {{- end -}} + {{- end -}} +{{- end -}} + +{{/* +Validate a postgresql required password must not be empty. + +Usage: +{{ include "common.validations.values.postgresql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where postgresql values are stored, e.g: "mysql-passwords-secret" + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.postgresql.passwords" -}} + {{- $existingSecret := include "common.postgresql.values.existingSecret" . -}} + {{- $enabled := include "common.postgresql.values.enabled" . -}} + {{- $valueKeyPostgresqlPassword := include "common.postgresql.values.key.postgressPassword" . -}} + {{- $enabledReplication := include "common.postgresql.values.enabled.replication" . -}} + {{- $valueKeyPostgresqlReplicationEnabled := include "common.postgresql.values.key.replicationPassword" . -}} + + {{- if and (not $existingSecret) $enabled -}} + {{- $requiredPasswords := list -}} + + {{- $requiredPostgresqlPassword := dict "valueKey" $valueKeyPostgresqlPassword "secret" .secret "field" "postgresql-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlPassword -}} + + {{- if $enabledReplication -}} + {{- $requiredPostgresqlReplicationPassword := dict "valueKey" $valueKeyPostgresqlReplicationEnabled "secret" .secret "field" "postgresql-replication-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlReplicationPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliar function to decide whether evaluate global values. + +Usage: +{{ include "common.postgresql.values.use.global" (dict "key" "key-of-global" "context" $) }} +Params: + - key - String - Required. Field to be evaluated within global, e.g: "existingSecret" +*/}} +{{- define "common.postgresql.values.use.global" -}} + {{- if .context.Values.global -}} + {{- if .context.Values.global.postgresql -}} + {{- index .context.Values.global.postgresql .key | quote -}} + {{- end -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliar function to get the right value for existingSecret. + +Usage: +{{ include "common.postgresql.values.existingSecret" (dict "context" $) }} +*/}} +{{- define "common.postgresql.values.existingSecret" -}} + {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "existingSecret" "context" .context) -}} + + {{- if .subchart -}} + {{- default (.context.Values.postgresql.existingSecret | quote) $globalValue -}} + {{- else -}} + {{- default (.context.Values.existingSecret | quote) $globalValue -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliar function to get the right value for enabled postgresql. + +Usage: +{{ include "common.postgresql.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.postgresql.values.enabled" -}} + {{- if .subchart -}} + {{- .context.Values.postgresql.enabled | quote -}} + {{- else -}} + true + {{- end -}} +{{- end -}} + +{{/* +Auxiliar function to get the right value for the key postgressPassword. + +Usage: +{{ include "common.postgresql.values.key.postgressPassword" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.key.postgressPassword" -}} + {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "postgresqlUsername" "context" .context) -}} + + {{- if not $globalValue -}} + {{- if .subchart -}} + postgresql.postgresqlPassword + {{- else -}} + postgresqlPassword + {{- end -}} + {{- else -}} + global.postgresql.postgresqlPassword + {{- end -}} +{{- end -}} + +{{/* +Auxiliar function to get the right value for enabled.replication. + +Usage: +{{ include "common.postgresql.values.enabled.replication" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.enabled.replication" -}} + {{- if .subchart -}} + {{- .context.Values.postgresql.replication.enabled | quote -}} + {{- else -}} + {{- .context.Values.replication.enabled | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliar function to get the right value for the key replication.password. + +Usage: +{{ include "common.postgresql.values.key.replicationPassword" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.key.replicationPassword" -}} + {{- if .subchart -}} + postgresql.replication.password + {{- else -}} + replication.password + {{- end -}} +{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_warnings.tpl b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_warnings.tpl new file mode 100644 index 000000000..ae10fa41e --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/templates/_warnings.tpl @@ -0,0 +1,14 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Warning about using rolling tag. +Usage: +{{ include "common.warnings.rollingTag" .Values.path.to.the.imageRoot }} +*/}} +{{- define "common.warnings.rollingTag" -}} + +{{- if and (contains "bitnami/" .repository) (not (.tag | toString | regexFind "-r\\d+$|sha256:")) }} +WARNING: Rolling tag detected ({{ .repository }}:{{ .tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment. ++info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/ +{{- end }} + +{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/values.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/values.yaml new file mode 100644 index 000000000..9ecdc93f5 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/charts/common/values.yaml @@ -0,0 +1,3 @@ +## bitnami/common +## It is required by CI/CD tools and processes. +exampleValue: common-chart diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/ci/commonAnnotations.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/ci/commonAnnotations.yaml new file mode 100644 index 000000000..f6977823c --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/ci/commonAnnotations.yaml @@ -0,0 +1,3 @@ +commonAnnotations: + helm.sh/hook: 'pre-install, pre-upgrade' + helm.sh/hook-weight: '-1' diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/ci/default-values.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/ci/default-values.yaml new file mode 100644 index 000000000..fc2ba605a --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/ci/default-values.yaml @@ -0,0 +1 @@ +# Leave this file empty to ensure that CI runs builds against the default configuration in values.yaml. diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/ci/shmvolume-disabled-values.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/ci/shmvolume-disabled-values.yaml new file mode 100644 index 000000000..347d3b40a --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/ci/shmvolume-disabled-values.yaml @@ -0,0 +1,2 @@ +shmVolume: + enabled: false diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/files/README.md b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/files/README.md new file mode 100644 index 000000000..1813a2fea --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/files/README.md @@ -0,0 +1 @@ +Copy here your postgresql.conf and/or pg_hba.conf files to use it as a config map. diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/files/conf.d/README.md b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/files/conf.d/README.md new file mode 100644 index 000000000..184c1875d --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/files/conf.d/README.md @@ -0,0 +1,4 @@ +If you don't want to provide the whole configuration file and only specify certain parameters, you can copy here your extended `.conf` files. +These files will be injected as a config maps and add/overwrite the default configuration using the `include_dir` directive that allows settings to be loaded from files other than the default `postgresql.conf`. + +More info in the [bitnami-docker-postgresql README](https://github.com/bitnami/bitnami-docker-postgresql#configuration-file). diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/files/docker-entrypoint-initdb.d/README.md b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/files/docker-entrypoint-initdb.d/README.md new file mode 100644 index 000000000..cba38091e --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/files/docker-entrypoint-initdb.d/README.md @@ -0,0 +1,3 @@ +You can copy here your custom `.sh`, `.sql` or `.sql.gz` file so they are executed during the first boot of the image. + +More info in the [bitnami-docker-postgresql](https://github.com/bitnami/bitnami-docker-postgresql#initializing-a-new-instance) repository. \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/requirements.lock b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/requirements.lock new file mode 100644 index 000000000..72e1642e2 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/requirements.lock @@ -0,0 +1,6 @@ +dependencies: +- name: common + repository: https://charts.bitnami.com/bitnami + version: 0.6.2 +digest: sha256:740783295d301fdd168fafdbaa760de27ab54b0ff36b513589a5a2515072b885 +generated: "2020-09-01T17:40:02.795096189Z" diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/requirements.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/requirements.yaml new file mode 100644 index 000000000..2c28bfe14 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/requirements.yaml @@ -0,0 +1,4 @@ +dependencies: + - name: common + version: 0.x.x + repository: https://charts.bitnami.com/bitnami diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/NOTES.txt b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/NOTES.txt new file mode 100644 index 000000000..596e969ce --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/NOTES.txt @@ -0,0 +1,59 @@ +** Please be patient while the chart is being deployed ** + +PostgreSQL can be accessed via port {{ template "postgresql.port" . }} on the following DNS name from within your cluster: + + {{ template "postgresql.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local - Read/Write connection +{{- if .Values.replication.enabled }} + {{ template "postgresql.fullname" . }}-read.{{ .Release.Namespace }}.svc.cluster.local - Read only connection +{{- end }} + +{{- if and (not (eq .Values.postgresqlUsername "postgres")) (or .Values.postgresqlPostgresPassword (include "postgresql.useExistingSecret" .)) }} + +To get the password for "postgres" run: + + export POSTGRES_ADMIN_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "postgresql.secretName" . }} -o jsonpath="{.data.postgresql-postgres-password}" | base64 --decode) +{{- end }} + +To get the password for "{{ template "postgresql.username" . }}" run: + + export POSTGRES_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "postgresql.secretName" . }} -o jsonpath="{.data.postgresql-password}" | base64 --decode) + +To connect to your database run the following command: + + kubectl run {{ template "postgresql.fullname" . }}-client --rm --tty -i --restart='Never' --namespace {{ .Release.Namespace }} --image {{ template "postgresql.image" . }} --env="PGPASSWORD=$POSTGRES_PASSWORD" {{- if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }} + --labels="{{ template "postgresql.fullname" . }}-client=true" {{- end }} --command -- psql --host {{ template "postgresql.fullname" . }} -U {{ .Values.postgresqlUsername }} -d {{- if .Values.postgresqlDatabase }} {{ .Values.postgresqlDatabase }}{{- else }} postgres{{- end }} -p {{ template "postgresql.port" . }} + +{{ if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }} +Note: Since NetworkPolicy is enabled, only pods with label {{ template "postgresql.fullname" . }}-client=true" will be able to connect to this PostgreSQL cluster. +{{- end }} + +To connect to your database from outside the cluster execute the following commands: + +{{- if contains "NodePort" .Values.service.type }} + + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "postgresql.fullname" . }}) + {{ if (include "postgresql.password" . ) }}PGPASSWORD="$POSTGRES_PASSWORD" {{ end }}psql --host $NODE_IP --port $NODE_PORT -U {{ .Values.postgresqlUsername }} -d {{- if .Values.postgresqlDatabase }} {{ .Values.postgresqlDatabase }}{{- else }} postgres{{- end }} + +{{- else if contains "LoadBalancer" .Values.service.type }} + + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "postgresql.fullname" . }}' + + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "postgresql.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + {{ if (include "postgresql.password" . ) }}PGPASSWORD="$POSTGRES_PASSWORD" {{ end }}psql --host $SERVICE_IP --port {{ template "postgresql.port" . }} -U {{ .Values.postgresqlUsername }} -d {{- if .Values.postgresqlDatabase }} {{ .Values.postgresqlDatabase }}{{- else }} postgres{{- end }} + +{{- else if contains "ClusterIP" .Values.service.type }} + + kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "postgresql.fullname" . }} {{ template "postgresql.port" . }}:{{ template "postgresql.port" . }} & + {{ if (include "postgresql.password" . ) }}PGPASSWORD="$POSTGRES_PASSWORD" {{ end }}psql --host 127.0.0.1 -U {{ .Values.postgresqlUsername }} -d {{- if .Values.postgresqlDatabase }} {{ .Values.postgresqlDatabase }}{{- else }} postgres{{- end }} -p {{ template "postgresql.port" . }} + +{{- end }} + +{{- include "postgresql.validateValues" . -}} + +{{- include "common.warnings.rollingTag" .Values.image -}} + +{{- $passwordValidationErrors := include "common.validations.values.postgresql.passwords" (dict "secret" (include "postgresql.fullname" .) "context" $) -}} + +{{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $passwordValidationErrors) "context" $) -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/_helpers.tpl b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/_helpers.tpl new file mode 100644 index 000000000..68cd0dc0e --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/_helpers.tpl @@ -0,0 +1,501 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "postgresql.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "postgresql.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "postgresql.master.fullname" -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- $fullname := default (printf "%s-%s" .Release.Name $name) .Values.fullnameOverride -}} +{{- if .Values.replication.enabled -}} +{{- printf "%s-%s" $fullname "master" | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s" $fullname | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for networkpolicy. +*/}} +{{- define "postgresql.networkPolicy.apiVersion" -}} +{{- if semverCompare ">=1.4-0, <1.7-0" .Capabilities.KubeVersion.GitVersion -}} +"extensions/v1beta1" +{{- else if semverCompare "^1.7-0" .Capabilities.KubeVersion.GitVersion -}} +"networking.k8s.io/v1" +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "postgresql.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Return the proper PostgreSQL image name +*/}} +{{- define "postgresql.image" -}} +{{- $registryName := .Values.image.registry -}} +{{- $repositoryName := .Values.image.repository -}} +{{- $tag := .Values.image.tag | toString -}} +{{/* +Helm 2.11 supports the assignment of a value to a variable defined in a different scope, +but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic. +Also, we can't use a single if because lazy evaluation is not an option +*/}} +{{- if .Values.global }} + {{- if .Values.global.imageRegistry }} + {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}} + {{- else -}} + {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} + {{- end -}} +{{- else -}} + {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} +{{- end -}} +{{- end -}} + +{{/* +Return PostgreSQL postgres user password +*/}} +{{- define "postgresql.postgres.password" -}} +{{- if .Values.global.postgresql.postgresqlPostgresPassword }} + {{- .Values.global.postgresql.postgresqlPostgresPassword -}} +{{- else if .Values.postgresqlPostgresPassword -}} + {{- .Values.postgresqlPostgresPassword -}} +{{- else -}} + {{- randAlphaNum 10 -}} +{{- end -}} +{{- end -}} + +{{/* +Return PostgreSQL password +*/}} +{{- define "postgresql.password" -}} +{{- if .Values.global.postgresql.postgresqlPassword }} + {{- .Values.global.postgresql.postgresqlPassword -}} +{{- else if .Values.postgresqlPassword -}} + {{- .Values.postgresqlPassword -}} +{{- else -}} + {{- randAlphaNum 10 -}} +{{- end -}} +{{- end -}} + +{{/* +Return PostgreSQL replication password +*/}} +{{- define "postgresql.replication.password" -}} +{{- if .Values.global.postgresql.replicationPassword }} + {{- .Values.global.postgresql.replicationPassword -}} +{{- else if .Values.replication.password -}} + {{- .Values.replication.password -}} +{{- else -}} + {{- randAlphaNum 10 -}} +{{- end -}} +{{- end -}} + +{{/* +Return PostgreSQL username +*/}} +{{- define "postgresql.username" -}} +{{- if .Values.global.postgresql.postgresqlUsername }} + {{- .Values.global.postgresql.postgresqlUsername -}} +{{- else -}} + {{- .Values.postgresqlUsername -}} +{{- end -}} +{{- end -}} + + +{{/* +Return PostgreSQL replication username +*/}} +{{- define "postgresql.replication.username" -}} +{{- if .Values.global.postgresql.replicationUser }} + {{- .Values.global.postgresql.replicationUser -}} +{{- else -}} + {{- .Values.replication.user -}} +{{- end -}} +{{- end -}} + +{{/* +Return PostgreSQL port +*/}} +{{- define "postgresql.port" -}} +{{- if .Values.global.postgresql.servicePort }} + {{- .Values.global.postgresql.servicePort -}} +{{- else -}} + {{- .Values.service.port -}} +{{- end -}} +{{- end -}} + +{{/* +Return PostgreSQL created database +*/}} +{{- define "postgresql.database" -}} +{{- if .Values.global.postgresql.postgresqlDatabase }} + {{- .Values.global.postgresql.postgresqlDatabase -}} +{{- else if .Values.postgresqlDatabase -}} + {{- .Values.postgresqlDatabase -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper image name to change the volume permissions +*/}} +{{- define "postgresql.volumePermissions.image" -}} +{{- $registryName := .Values.volumePermissions.image.registry -}} +{{- $repositoryName := .Values.volumePermissions.image.repository -}} +{{- $tag := .Values.volumePermissions.image.tag | toString -}} +{{/* +Helm 2.11 supports the assignment of a value to a variable defined in a different scope, +but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic. +Also, we can't use a single if because lazy evaluation is not an option +*/}} +{{- if .Values.global }} + {{- if .Values.global.imageRegistry }} + {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}} + {{- else -}} + {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} + {{- end -}} +{{- else -}} + {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper PostgreSQL metrics image name +*/}} +{{- define "postgresql.metrics.image" -}} +{{- $registryName := default "docker.io" .Values.metrics.image.registry -}} +{{- $repositoryName := .Values.metrics.image.repository -}} +{{- $tag := default "latest" .Values.metrics.image.tag | toString -}} +{{/* +Helm 2.11 supports the assignment of a value to a variable defined in a different scope, +but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic. +Also, we can't use a single if because lazy evaluation is not an option +*/}} +{{- if .Values.global }} + {{- if .Values.global.imageRegistry }} + {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}} + {{- else -}} + {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} + {{- end -}} +{{- else -}} + {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} +{{- end -}} +{{- end -}} + +{{/* +Get the password secret. +*/}} +{{- define "postgresql.secretName" -}} +{{- if .Values.global.postgresql.existingSecret }} + {{- printf "%s" (tpl .Values.global.postgresql.existingSecret $) -}} +{{- else if .Values.existingSecret -}} + {{- printf "%s" (tpl .Values.existingSecret $) -}} +{{- else -}} + {{- printf "%s" (include "postgresql.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if we should use an existingSecret. +*/}} +{{- define "postgresql.useExistingSecret" -}} +{{- if or .Values.global.postgresql.existingSecret .Values.existingSecret -}} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a secret object should be created +*/}} +{{- define "postgresql.createSecret" -}} +{{- if not (include "postgresql.useExistingSecret" .) -}} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Get the configuration ConfigMap name. +*/}} +{{- define "postgresql.configurationCM" -}} +{{- if .Values.configurationConfigMap -}} +{{- printf "%s" (tpl .Values.configurationConfigMap $) -}} +{{- else -}} +{{- printf "%s-configuration" (include "postgresql.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Get the extended configuration ConfigMap name. +*/}} +{{- define "postgresql.extendedConfigurationCM" -}} +{{- if .Values.extendedConfConfigMap -}} +{{- printf "%s" (tpl .Values.extendedConfConfigMap $) -}} +{{- else -}} +{{- printf "%s-extended-configuration" (include "postgresql.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a configmap should be mounted with PostgreSQL configuration +*/}} +{{- define "postgresql.mountConfigurationCM" -}} +{{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap }} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Get the initialization scripts ConfigMap name. +*/}} +{{- define "postgresql.initdbScriptsCM" -}} +{{- if .Values.initdbScriptsConfigMap -}} +{{- printf "%s" (tpl .Values.initdbScriptsConfigMap $) -}} +{{- else -}} +{{- printf "%s-init-scripts" (include "postgresql.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Get the initialization scripts Secret name. +*/}} +{{- define "postgresql.initdbScriptsSecret" -}} +{{- printf "%s" (tpl .Values.initdbScriptsSecret $) -}} +{{- end -}} + +{{/* +Get the metrics ConfigMap name. +*/}} +{{- define "postgresql.metricsCM" -}} +{{- printf "%s-metrics" (include "postgresql.fullname" .) -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "postgresql.imagePullSecrets" -}} +{{/* +Helm 2.11 supports the assignment of a value to a variable defined in a different scope, +but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic. +Also, we can not use a single if because lazy evaluation is not an option +*/}} +{{- if .Values.global }} +{{- if .Values.global.imagePullSecrets }} +imagePullSecrets: +{{- range .Values.global.imagePullSecrets }} + - name: {{ . }} +{{- end }} +{{- else if or .Values.image.pullSecrets .Values.metrics.image.pullSecrets .Values.volumePermissions.image.pullSecrets }} +imagePullSecrets: +{{- range .Values.image.pullSecrets }} + - name: {{ . }} +{{- end }} +{{- range .Values.metrics.image.pullSecrets }} + - name: {{ . }} +{{- end }} +{{- range .Values.volumePermissions.image.pullSecrets }} + - name: {{ . }} +{{- end }} +{{- end -}} +{{- else if or .Values.image.pullSecrets .Values.metrics.image.pullSecrets .Values.volumePermissions.image.pullSecrets }} +imagePullSecrets: +{{- range .Values.image.pullSecrets }} + - name: {{ . }} +{{- end }} +{{- range .Values.metrics.image.pullSecrets }} + - name: {{ . }} +{{- end }} +{{- range .Values.volumePermissions.image.pullSecrets }} + - name: {{ . }} +{{- end }} +{{- end -}} +{{- end -}} + +{{/* +Get the readiness probe command +*/}} +{{- define "postgresql.readinessProbeCommand" -}} +- | +{{- if (include "postgresql.database" .) }} + exec pg_isready -U {{ include "postgresql.username" . | quote }} -d "dbname={{ include "postgresql.database" . }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}{{- end }}" -h 127.0.0.1 -p {{ template "postgresql.port" . }} +{{- else }} + exec pg_isready -U {{ include "postgresql.username" . | quote }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} -d "sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}"{{- end }} -h 127.0.0.1 -p {{ template "postgresql.port" . }} +{{- end }} +{{- if contains "bitnami/" .Values.image.repository }} + [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ] +{{- end -}} +{{- end -}} + +{{/* +Return the proper Storage Class +*/}} +{{- define "postgresql.storageClass" -}} +{{/* +Helm 2.11 supports the assignment of a value to a variable defined in a different scope, +but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic. +*/}} +{{- if .Values.global -}} + {{- if .Values.global.storageClass -}} + {{- if (eq "-" .Values.global.storageClass) -}} + {{- printf "storageClassName: \"\"" -}} + {{- else }} + {{- printf "storageClassName: %s" .Values.global.storageClass -}} + {{- end -}} + {{- else -}} + {{- if .Values.persistence.storageClass -}} + {{- if (eq "-" .Values.persistence.storageClass) -}} + {{- printf "storageClassName: \"\"" -}} + {{- else }} + {{- printf "storageClassName: %s" .Values.persistence.storageClass -}} + {{- end -}} + {{- end -}} + {{- end -}} +{{- else -}} + {{- if .Values.persistence.storageClass -}} + {{- if (eq "-" .Values.persistence.storageClass) -}} + {{- printf "storageClassName: \"\"" -}} + {{- else }} + {{- printf "storageClassName: %s" .Values.persistence.storageClass -}} + {{- end -}} + {{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Renders a value that contains template. +Usage: +{{ include "postgresql.tplValue" ( dict "value" .Values.path.to.the.Value "context" $) }} +*/}} +{{- define "postgresql.tplValue" -}} + {{- if typeIs "string" .value }} + {{- tpl .value .context }} + {{- else }} + {{- tpl (.value | toYaml) .context }} + {{- end }} +{{- end -}} + +{{/* +Return the appropriate apiVersion for statefulset. +*/}} +{{- define "postgresql.statefulset.apiVersion" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "apps/v1beta2" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Compile all warnings into a single message, and call fail. +*/}} +{{- define "postgresql.validateValues" -}} +{{- $messages := list -}} +{{- $messages := append $messages (include "postgresql.validateValues.ldapConfigurationMethod" .) -}} +{{- $messages := append $messages (include "postgresql.validateValues.psp" .) -}} +{{- $messages := append $messages (include "postgresql.validateValues.tls" .) -}} +{{- $messages := without $messages "" -}} +{{- $message := join "\n" $messages -}} + +{{- if $message -}} +{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} +{{- end -}} +{{- end -}} + +{{/* +Validate values of Postgresql - If ldap.url is used then you don't need the other settings for ldap +*/}} +{{- define "postgresql.validateValues.ldapConfigurationMethod" -}} +{{- if and .Values.ldap.enabled (and (not (empty .Values.ldap.url)) (not (empty .Values.ldap.server))) }} +postgresql: ldap.url, ldap.server + You cannot set both `ldap.url` and `ldap.server` at the same time. + Please provide a unique way to configure LDAP. + More info at https://www.postgresql.org/docs/current/auth-ldap.html +{{- end -}} +{{- end -}} + +{{/* +Validate values of Postgresql - If PSP is enabled RBAC should be enabled too +*/}} +{{- define "postgresql.validateValues.psp" -}} +{{- if and .Values.psp.create (not .Values.rbac.create) }} +postgresql: psp.create, rbac.create + RBAC should be enabled if PSP is enabled in order for PSP to work. + More info at https://kubernetes.io/docs/concepts/policy/pod-security-policy/#authorizing-policies +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for podsecuritypolicy. +*/}} +{{- define "podsecuritypolicy.apiVersion" -}} +{{- if semverCompare "<1.10-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "policy/v1beta1" -}} +{{- end -}} +{{- end -}} + +{{/* +Validate values of Postgresql TLS - When TLS is enabled, so must be VolumePermissions +*/}} +{{- define "postgresql.validateValues.tls" -}} +{{- if and .Values.tls.enabled (not .Values.volumePermissions.enabled) }} +postgresql: tls.enabled, volumePermissions.enabled + When TLS is enabled you must enable volumePermissions as well to ensure certificates files have + the right permissions. +{{- end -}} +{{- end -}} + +{{/* +Return the path to the cert file. +*/}} +{{- define "postgresql.tlsCert" -}} +{{- required "Certificate filename is required when TLS in enabled" .Values.tls.certFilename | printf "/opt/bitnami/postgresql/certs/%s" -}} +{{- end -}} + +{{/* +Return the path to the cert key file. +*/}} +{{- define "postgresql.tlsCertKey" -}} +{{- required "Certificate Key filename is required when TLS in enabled" .Values.tls.certKeyFilename | printf "/opt/bitnami/postgresql/certs/%s" -}} +{{- end -}} + +{{/* +Return the path to the CA cert file. +*/}} +{{- define "postgresql.tlsCACert" -}} +{{- printf "/opt/bitnami/postgresql/certs/%s" .Values.tls.certCAFilename -}} +{{- end -}} + +{{/* +Return the path to the CRL file. +*/}} +{{- define "postgresql.tlsCRL" -}} +{{- if .Values.tls.crlFilename -}} +{{- printf "/opt/bitnami/postgresql/certs/%s" .Values.tls.crlFilename -}} +{{- end -}} +{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/configmap.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/configmap.yaml new file mode 100644 index 000000000..b29ef6040 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/configmap.yaml @@ -0,0 +1,26 @@ +{{ if and (or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration) (not .Values.configurationConfigMap) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "postgresql.fullname" . }}-configuration + labels: + {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: +{{- if (.Files.Glob "files/postgresql.conf") }} +{{ (.Files.Glob "files/postgresql.conf").AsConfig | indent 2 }} +{{- else if .Values.postgresqlConfiguration }} + postgresql.conf: | +{{- range $key, $value := default dict .Values.postgresqlConfiguration }} + {{ $key | snakecase }}={{ $value }} +{{- end }} +{{- end }} +{{- if (.Files.Glob "files/pg_hba.conf") }} +{{ (.Files.Glob "files/pg_hba.conf").AsConfig | indent 2 }} +{{- else if .Values.pgHbaConfiguration }} + pg_hba.conf: | +{{ .Values.pgHbaConfiguration | indent 4 }} +{{- end }} +{{ end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/extended-config-configmap.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/extended-config-configmap.yaml new file mode 100644 index 000000000..f21a97654 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/extended-config-configmap.yaml @@ -0,0 +1,21 @@ +{{- if and (or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf) (not .Values.extendedConfConfigMap)}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "postgresql.fullname" . }}-extended-configuration + labels: + {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: +{{- with .Files.Glob "files/conf.d/*.conf" }} +{{ .AsConfig | indent 2 }} +{{- end }} +{{ with .Values.postgresqlExtendedConf }} + override.conf: | +{{- range $key, $value := . }} + {{ $key | snakecase }}={{ $value }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/initialization-configmap.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/initialization-configmap.yaml new file mode 100644 index 000000000..6637867a3 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/initialization-configmap.yaml @@ -0,0 +1,24 @@ +{{- if and (or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScripts) (not .Values.initdbScriptsConfigMap) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "postgresql.fullname" . }}-init-scripts + labels: + {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +{{- with .Files.Glob "files/docker-entrypoint-initdb.d/*.sql.gz" }} +binaryData: +{{- range $path, $bytes := . }} + {{ base $path }}: {{ $.Files.Get $path | b64enc | quote }} +{{- end }} +{{- end }} +data: +{{- with .Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql}" }} +{{ .AsConfig | indent 2 }} +{{- end }} +{{- with .Values.initdbScripts }} +{{ toYaml . | indent 2 }} +{{- end }} +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/metrics-configmap.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/metrics-configmap.yaml new file mode 100644 index 000000000..6b7a3171e --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/metrics-configmap.yaml @@ -0,0 +1,13 @@ +{{- if and .Values.metrics.enabled .Values.metrics.customMetrics }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "postgresql.metricsCM" . }} + labels: + {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + custom-metrics.yaml: {{ toYaml .Values.metrics.customMetrics | quote }} +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/metrics-svc.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/metrics-svc.yaml new file mode 100644 index 000000000..b993c9971 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/metrics-svc.yaml @@ -0,0 +1,25 @@ +{{- if .Values.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "postgresql.fullname" . }}-metrics + labels: + {{- include "common.labels.standard" . | nindent 4 }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- toYaml .Values.metrics.service.annotations | nindent 4 }} +spec: + type: {{ .Values.metrics.service.type }} + {{- if and (eq .Values.metrics.service.type "LoadBalancer") .Values.metrics.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.metrics.service.loadBalancerIP }} + {{- end }} + ports: + - name: http-metrics + port: 9187 + targetPort: http-metrics + selector: + {{- include "common.labels.matchLabels" . | nindent 4 }} + role: master +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/networkpolicy.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/networkpolicy.yaml new file mode 100644 index 000000000..2a7b372fe --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/networkpolicy.yaml @@ -0,0 +1,36 @@ +{{- if .Values.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ template "postgresql.networkPolicy.apiVersion" . }} +metadata: + name: {{ template "postgresql.fullname" . }} + labels: + {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + podSelector: + matchLabels: + {{- include "common.labels.matchLabels" . | nindent 6 }} + ingress: + # Allow inbound connections + - ports: + - port: {{ template "postgresql.port" . }} + {{- if not .Values.networkPolicy.allowExternal }} + from: + - podSelector: + matchLabels: + {{ template "postgresql.fullname" . }}-client: "true" + {{- if .Values.networkPolicy.explicitNamespacesSelector }} + namespaceSelector: +{{ toYaml .Values.networkPolicy.explicitNamespacesSelector | indent 12 }} + {{- end }} + - podSelector: + matchLabels: + {{- include "common.labels.matchLabels" . | nindent 14 }} + role: slave + {{- end }} + # Allow prometheus scrapes + - ports: + - port: 9187 +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/podsecuritypolicy.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/podsecuritypolicy.yaml new file mode 100644 index 000000000..da0b3ab11 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/podsecuritypolicy.yaml @@ -0,0 +1,37 @@ +{{- if .Values.psp.create }} +apiVersion: {{ include "podsecuritypolicy.apiVersion" . }} +kind: PodSecurityPolicy +metadata: + name: {{ template "postgresql.fullname" . }} + labels: + {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + privileged: false + volumes: + - 'configMap' + - 'secret' + - 'persistentVolumeClaim' + - 'emptyDir' + - 'projected' + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/prometheusrule.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/prometheusrule.yaml new file mode 100644 index 000000000..b0c41b1a4 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/prometheusrule.yaml @@ -0,0 +1,23 @@ +{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ template "postgresql.fullname" . }} +{{- with .Values.metrics.prometheusRule.namespace }} + namespace: {{ . }} +{{- end }} + labels: + {{- include "common.labels.standard" . | nindent 4 }} + {{- with .Values.metrics.prometheusRule.additionalLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: +{{- with .Values.metrics.prometheusRule.rules }} + groups: + - name: {{ template "postgresql.name" $ }} + rules: {{ tpl (toYaml .) $ | nindent 8 }} +{{- end }} +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/role.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/role.yaml new file mode 100644 index 000000000..6d3cf50a4 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/role.yaml @@ -0,0 +1,19 @@ +{{- if .Values.rbac.create }} +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ template "postgresql.fullname" . }} + labels: + {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +rules: + {{- if .Values.psp.create }} + - apiGroups: ["extensions"] + resources: ["podsecuritypolicies"] + verbs: ["use"] + resourceNames: + - {{ template "postgresql.fullname" . }} + {{- end }} +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/rolebinding.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/rolebinding.yaml new file mode 100644 index 000000000..f7837388d --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/rolebinding.yaml @@ -0,0 +1,19 @@ +{{- if .Values.rbac.create }} +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ template "postgresql.fullname" . }} + labels: + {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +roleRef: + kind: Role + name: {{ template "postgresql.fullname" . }} + apiGroup: rbac.authorization.k8s.io +subjects: + - kind: ServiceAccount + name: {{ default (include "postgresql.fullname" . ) .Values.serviceAccount.name }} + namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/secrets.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/secrets.yaml new file mode 100644 index 000000000..c93dbe0bd --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/secrets.yaml @@ -0,0 +1,23 @@ +{{- if (include "postgresql.createSecret" .) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "postgresql.fullname" . }} + labels: + {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: Opaque +data: + {{- if and .Values.postgresqlPostgresPassword (not (eq .Values.postgresqlUsername "postgres")) }} + postgresql-postgres-password: {{ include "postgresql.postgres.password" . | b64enc | quote }} + {{- end }} + postgresql-password: {{ include "postgresql.password" . | b64enc | quote }} + {{- if .Values.replication.enabled }} + postgresql-replication-password: {{ include "postgresql.replication.password" . | b64enc | quote }} + {{- end }} + {{- if (and .Values.ldap.enabled .Values.ldap.bind_password)}} + postgresql-ldap-password: {{ .Values.ldap.bind_password | b64enc | quote }} + {{- end }} +{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/serviceaccount.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/serviceaccount.yaml new file mode 100644 index 000000000..17f7ff399 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/serviceaccount.yaml @@ -0,0 +1,11 @@ +{{- if and (.Values.serviceAccount.enabled) (not .Values.serviceAccount.name) }} +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + {{- include "common.labels.standard" . | nindent 4 }} + name: {{ template "postgresql.fullname" . }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/servicemonitor.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/servicemonitor.yaml new file mode 100644 index 000000000..d57b7fb48 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/servicemonitor.yaml @@ -0,0 +1,33 @@ +{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "postgresql.fullname" . }} + {{- if .Values.metrics.serviceMonitor.namespace }} + namespace: {{ .Values.metrics.serviceMonitor.namespace }} + {{- end }} + labels: + {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.metrics.serviceMonitor.additionalLabels }} + {{- toYaml .Values.metrics.serviceMonitor.additionalLabels | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + +spec: + endpoints: + - port: http-metrics + {{- if .Values.metrics.serviceMonitor.interval }} + interval: {{ .Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + selector: + matchLabels: + {{- include "common.labels.matchLabels" . | nindent 6 }} +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/statefulset-slaves.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/statefulset-slaves.yaml new file mode 100644 index 000000000..54d24099f --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/statefulset-slaves.yaml @@ -0,0 +1,345 @@ +{{- if .Values.replication.enabled }} +apiVersion: {{ template "postgresql.statefulset.apiVersion" . }} +kind: StatefulSet +metadata: + name: "{{ template "postgresql.fullname" . }}-slave" + labels: + {{- include "common.labels.standard" . | nindent 4 }} +{{- with .Values.slave.labels }} +{{ toYaml . | indent 4 }} +{{- end }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- with .Values.slave.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + serviceName: {{ template "postgresql.fullname" . }}-headless + replicas: {{ .Values.replication.slaveReplicas }} + selector: + matchLabels: + {{- include "common.labels.matchLabels" . | nindent 6 }} + role: slave + template: + metadata: + name: {{ template "postgresql.fullname" . }} + labels: + {{- include "common.labels.standard" . | nindent 8 }} + role: slave +{{- with .Values.slave.podLabels }} +{{ toYaml . | indent 8 }} +{{- end }} +{{- with .Values.slave.podAnnotations }} + annotations: +{{ toYaml . | indent 8 }} +{{- end }} + spec: + {{- if .Values.schedulerName }} + schedulerName: "{{ .Values.schedulerName }}" + {{- end }} +{{- include "postgresql.imagePullSecrets" . | indent 6 }} + {{- if .Values.slave.nodeSelector }} + nodeSelector: +{{ toYaml .Values.slave.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.slave.affinity }} + affinity: +{{ toYaml .Values.slave.affinity | indent 8 }} + {{- end }} + {{- if .Values.slave.tolerations }} + tolerations: +{{ toYaml .Values.slave.tolerations | indent 8 }} + {{- end }} + {{- if .Values.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} + {{- end }} + {{- if .Values.securityContext.enabled }} + securityContext: + fsGroup: {{ .Values.securityContext.fsGroup }} + {{- end }} + {{- if .Values.serviceAccount.enabled }} + serviceAccountName: {{ default (include "postgresql.fullname" . ) .Values.serviceAccount.name}} + {{- end }} + {{- if or .Values.slave.extraInitContainers (and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled))) }} + initContainers: + {{- if and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled) .Values.tls.enabled) }} + - name: init-chmod-data + image: {{ template "postgresql.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + command: + - /bin/sh + - -cx + - | + {{- if .Values.persistence.enabled }} + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + chown `id -u`:`id -G | cut -d " " -f2` {{ .Values.persistence.mountPath }} + {{- else }} + chown {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} {{ .Values.persistence.mountPath }} + {{- end }} + mkdir -p {{ .Values.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.persistence.mountPath }}/conf {{- end }} + chmod 700 {{ .Values.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.persistence.mountPath }}/conf {{- end }} + find {{ .Values.persistence.mountPath }} -mindepth 1 -maxdepth 1 {{- if not (include "postgresql.mountConfigurationCM" .) }} -not -name "conf" {{- end }} -not -name ".snapshot" -not -name "lost+found" | \ + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + xargs chown -R `id -u`:`id -G | cut -d " " -f2` + {{- else }} + xargs chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} + {{- end }} + {{- end }} + {{- if and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled }} + chmod -R 777 /dev/shm + {{- end }} + {{- if .Values.tls.enabled }} + cp /tmp/certs/* /opt/bitnami/postgresql/certs/ + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + chown -R `id -u`:`id -G | cut -d " " -f2` /opt/bitnami/postgresql/certs/ + {{- else }} + chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} /opt/bitnami/postgresql/certs/ + {{- end }} + chmod 600 {{ template "postgresql.tlsCertKey" . }} + {{- end }} + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + securityContext: + {{- else }} + securityContext: + runAsUser: {{ .Values.volumePermissions.securityContext.runAsUser }} + {{- end }} + volumeMounts: + {{ if .Values.persistence.enabled }} + - name: data + mountPath: {{ .Values.persistence.mountPath }} + subPath: {{ .Values.persistence.subPath }} + {{- end }} + {{- if .Values.shmVolume.enabled }} + - name: dshm + mountPath: /dev/shm + {{- end }} + {{- if .Values.tls.enabled }} + - name: raw-certificates + mountPath: /tmp/certs + - name: postgresql-certificates + mountPath: /opt/bitnami/postgresql/certs + {{- end }} + {{- end }} + {{- if .Values.slave.extraInitContainers }} +{{ tpl .Values.slave.extraInitContainers . | indent 8 }} + {{- end }} + {{- end }} + {{- if .Values.slave.priorityClassName }} + priorityClassName: {{ .Values.slave.priorityClassName }} + {{- end }} + containers: + - name: {{ template "postgresql.fullname" . }} + image: {{ template "postgresql.image" . }} + imagePullPolicy: "{{ .Values.image.pullPolicy }}" + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + {{- if .Values.securityContext.enabled }} + securityContext: + runAsUser: {{ .Values.securityContext.runAsUser }} + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" .Values.image.debug | quote }} + - name: POSTGRESQL_VOLUME_DIR + value: "{{ .Values.persistence.mountPath }}" + - name: POSTGRESQL_PORT_NUMBER + value: "{{ template "postgresql.port" . }}" + {{- if .Values.persistence.mountPath }} + - name: PGDATA + value: {{ .Values.postgresqlDataDir | quote }} + {{- end }} + - name: POSTGRES_REPLICATION_MODE + value: "slave" + - name: POSTGRES_REPLICATION_USER + value: {{ include "postgresql.replication.username" . | quote }} + {{- if .Values.usePasswordFile }} + - name: POSTGRES_REPLICATION_PASSWORD_FILE + value: "/opt/bitnami/postgresql/secrets/postgresql-replication-password" + {{- else }} + - name: POSTGRES_REPLICATION_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "postgresql.secretName" . }} + key: postgresql-replication-password + {{- end }} + - name: POSTGRES_CLUSTER_APP_NAME + value: {{ .Values.replication.applicationName }} + - name: POSTGRES_MASTER_HOST + value: {{ template "postgresql.fullname" . }} + - name: POSTGRES_MASTER_PORT_NUMBER + value: {{ include "postgresql.port" . | quote }} + {{- if and (not (eq .Values.postgresqlUsername "postgres")) (or .Values.postgresqlPostgresPassword (include "postgresql.useExistingSecret" .)) }} + {{- if .Values.usePasswordFile }} + - name: POSTGRES_POSTGRES_PASSWORD_FILE + value: "/opt/bitnami/postgresql/secrets/postgresql-postgres-password" + {{- else }} + - name: POSTGRES_POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "postgresql.secretName" . }} + key: postgresql-postgres-password + {{- end }} + {{- end }} + {{- if .Values.usePasswordFile }} + - name: POSTGRES_PASSWORD_FILE + value: "/opt/bitnami/postgresql/secrets/postgresql-password" + {{- else }} + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "postgresql.secretName" . }} + key: postgresql-password + {{- end }} + - name: POSTGRESQL_ENABLE_TLS + value: {{ ternary "yes" "no" .Values.tls.enabled | quote }} + {{- if .Values.tls.enabled }} + - name: POSTGRESQL_TLS_PREFER_SERVER_CIPHERS + value: {{ ternary "yes" "no" .Values.tls.preferServerCiphers | quote }} + - name: POSTGRESQL_TLS_CERT_FILE + value: {{ template "postgresql.tlsCert" . }} + - name: POSTGRESQL_TLS_KEY_FILE + value: {{ template "postgresql.tlsCertKey" . }} + {{- if .Values.tls.certCAFilename }} + - name: POSTGRESQL_TLS_CA_FILE + value: {{ template "postgresql.tlsCACert" . }} + {{- end }} + {{- if .Values.tls.crlFilename }} + - name: POSTGRESQL_TLS_CRL_FILE + value: {{ template "postgresql.tlsCRL" . }} + {{- end }} + {{- end }} + ports: + - name: tcp-postgresql + containerPort: {{ template "postgresql.port" . }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: + exec: + command: + - /bin/sh + - -c + {{- if (include "postgresql.database" .) }} + - exec pg_isready -U {{ include "postgresql.username" . | quote }} -d "dbname={{ include "postgresql.database" . }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}{{- end }}" -h 127.0.0.1 -p {{ template "postgresql.port" . }} + {{- else }} + - exec pg_isready -U {{ include "postgresql.username" . | quote }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} -d "sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}"{{- end }} -h 127.0.0.1 -p {{ template "postgresql.port" . }} + {{- end }} + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: + exec: + command: + - /bin/sh + - -c + - -e + {{- include "postgresql.readinessProbeCommand" . | nindent 16 }} + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + {{- end }} + volumeMounts: + {{- if .Values.usePasswordFile }} + - name: postgresql-password + mountPath: /opt/bitnami/postgresql/secrets/ + {{- end }} + {{- if .Values.shmVolume.enabled }} + - name: dshm + mountPath: /dev/shm + {{- end }} + {{- if .Values.persistence.enabled }} + - name: data + mountPath: {{ .Values.persistence.mountPath }} + subPath: {{ .Values.persistence.subPath }} + {{ end }} + {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }} + - name: postgresql-extended-config + mountPath: /bitnami/postgresql/conf/conf.d/ + {{- end }} + {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap }} + - name: postgresql-config + mountPath: /bitnami/postgresql/conf + {{- end }} + {{- if .Values.tls.enabled }} + - name: postgresql-certificates + mountPath: /opt/bitnami/postgresql/certs + readOnly: true + {{- end }} + {{- if .Values.slave.extraVolumeMounts }} + {{- toYaml .Values.slave.extraVolumeMounts | nindent 12 }} + {{- end }} +{{- if .Values.slave.sidecars }} +{{- include "postgresql.tplValue" ( dict "value" .Values.slave.sidecars "context" $ ) | nindent 8 }} +{{- end }} + volumes: + {{- if .Values.usePasswordFile }} + - name: postgresql-password + secret: + secretName: {{ template "postgresql.secretName" . }} + {{- end }} + {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap}} + - name: postgresql-config + configMap: + name: {{ template "postgresql.configurationCM" . }} + {{- end }} + {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }} + - name: postgresql-extended-config + configMap: + name: {{ template "postgresql.extendedConfigurationCM" . }} + {{- end }} + {{- if .Values.tls.enabled }} + - name: raw-certificates + secret: + secretName: {{ required "A secret containing TLS certificates is required when TLS is enabled" .Values.tls.certificatesSecret }} + - name: postgresql-certificates + emptyDir: {} + {{- end }} + {{- if .Values.shmVolume.enabled }} + - name: dshm + emptyDir: + medium: Memory + sizeLimit: 1Gi + {{- end }} + {{- if or (not .Values.persistence.enabled) (not .Values.slave.persistence.enabled) }} + - name: data + emptyDir: {} + {{- end }} + {{- if .Values.slave.extraVolumes }} + {{- toYaml .Values.slave.extraVolumes | nindent 8 }} + {{- end }} + updateStrategy: + type: {{ .Values.updateStrategy.type }} + {{- if (eq "Recreate" .Values.updateStrategy.type) }} + rollingUpdate: null + {{- end }} +{{- if and .Values.persistence.enabled .Values.slave.persistence.enabled }} + volumeClaimTemplates: + - metadata: + name: data + {{- with .Values.persistence.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value }} + {{- end }} + {{- end }} + spec: + accessModes: + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{ include "postgresql.storageClass" . }} +{{- end }} +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/statefulset.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/statefulset.yaml new file mode 100644 index 000000000..0e6eefebb --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/statefulset.yaml @@ -0,0 +1,514 @@ +apiVersion: {{ template "postgresql.statefulset.apiVersion" . }} +kind: StatefulSet +metadata: + name: {{ template "postgresql.master.fullname" . }} + labels: + {{- include "common.labels.standard" . | nindent 4 }} + {{- with .Values.master.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- with .Values.master.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + serviceName: {{ template "postgresql.fullname" . }}-headless + replicas: 1 + updateStrategy: + type: {{ .Values.updateStrategy.type }} + {{- if (eq "Recreate" .Values.updateStrategy.type) }} + rollingUpdate: null + {{- end }} + selector: + matchLabels: + {{- include "common.labels.matchLabels" . | nindent 6 }} + role: master + template: + metadata: + name: {{ template "postgresql.fullname" . }} + labels: + {{- include "common.labels.standard" . | nindent 8 }} + role: master + {{- with .Values.master.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.master.podAnnotations }} + annotations: {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- if .Values.schedulerName }} + schedulerName: "{{ .Values.schedulerName }}" + {{- end }} +{{- include "postgresql.imagePullSecrets" . | indent 6 }} + {{- if .Values.master.nodeSelector }} + nodeSelector: {{- toYaml .Values.master.nodeSelector | nindent 8 }} + {{- end }} + {{- if .Values.master.affinity }} + affinity: {{- toYaml .Values.master.affinity | nindent 8 }} + {{- end }} + {{- if .Values.master.tolerations }} + tolerations: {{- toYaml .Values.master.tolerations | nindent 8 }} + {{- end }} + {{- if .Values.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} + {{- end }} + {{- if .Values.securityContext.enabled }} + securityContext: + fsGroup: {{ .Values.securityContext.fsGroup }} + {{- end }} + {{- if .Values.serviceAccount.enabled }} + serviceAccountName: {{ default (include "postgresql.fullname" . ) .Values.serviceAccount.name }} + {{- end }} + {{- if or .Values.master.extraInitContainers (and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled))) }} + initContainers: + {{- if and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled) .Values.tls.enabled) }} + - name: init-chmod-data + image: {{ template "postgresql.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + command: + - /bin/sh + - -cx + - | + {{- if .Values.persistence.enabled }} + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + chown `id -u`:`id -G | cut -d " " -f2` {{ .Values.persistence.mountPath }} + {{- else }} + chown {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} {{ .Values.persistence.mountPath }} + {{- end }} + mkdir -p {{ .Values.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.persistence.mountPath }}/conf {{- end }} + chmod 700 {{ .Values.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.persistence.mountPath }}/conf {{- end }} + find {{ .Values.persistence.mountPath }} -mindepth 1 -maxdepth 1 {{- if not (include "postgresql.mountConfigurationCM" .) }} -not -name "conf" {{- end }} -not -name ".snapshot" -not -name "lost+found" | \ + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + xargs chown -R `id -u`:`id -G | cut -d " " -f2` + {{- else }} + xargs chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} + {{- end }} + {{- end }} + {{- if and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled }} + chmod -R 777 /dev/shm + {{- end }} + {{- if .Values.tls.enabled }} + cp /tmp/certs/* /opt/bitnami/postgresql/certs/ + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + chown -R `id -u`:`id -G | cut -d " " -f2` /opt/bitnami/postgresql/certs/ + {{- else }} + chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} /opt/bitnami/postgresql/certs/ + {{- end }} + chmod 600 {{ template "postgresql.tlsCertKey" . }} + {{- end }} + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + securityContext: + {{- else }} + securityContext: + runAsUser: {{ .Values.volumePermissions.securityContext.runAsUser }} + {{- end }} + volumeMounts: + {{- if .Values.persistence.enabled }} + - name: data + mountPath: {{ .Values.persistence.mountPath }} + subPath: {{ .Values.persistence.subPath }} + {{- end }} + {{- if .Values.shmVolume.enabled }} + - name: dshm + mountPath: /dev/shm + {{- end }} + {{- if .Values.tls.enabled }} + - name: raw-certificates + mountPath: /tmp/certs + - name: postgresql-certificates + mountPath: /opt/bitnami/postgresql/certs + {{- end }} + {{- end }} + {{- if .Values.master.extraInitContainers }} + {{- include "postgresql.tplValue" ( dict "value" .Values.master.extraInitContainers "context" $ ) | nindent 8 }} + {{- end }} + {{- end }} + {{- if .Values.master.priorityClassName }} + priorityClassName: {{ .Values.master.priorityClassName }} + {{- end }} + containers: + - name: {{ template "postgresql.fullname" . }} + image: {{ template "postgresql.image" . }} + imagePullPolicy: "{{ .Values.image.pullPolicy }}" + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + {{- if .Values.securityContext.enabled }} + securityContext: + runAsUser: {{ .Values.securityContext.runAsUser }} + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" .Values.image.debug | quote }} + - name: POSTGRESQL_PORT_NUMBER + value: "{{ template "postgresql.port" . }}" + - name: POSTGRESQL_VOLUME_DIR + value: "{{ .Values.persistence.mountPath }}" + {{- if .Values.postgresqlInitdbArgs }} + - name: POSTGRES_INITDB_ARGS + value: {{ .Values.postgresqlInitdbArgs | quote }} + {{- end }} + {{- if .Values.postgresqlInitdbWalDir }} + - name: POSTGRES_INITDB_WALDIR + value: {{ .Values.postgresqlInitdbWalDir | quote }} + {{- end }} + {{- if .Values.initdbUser }} + - name: POSTGRESQL_INITSCRIPTS_USERNAME + value: {{ .Values.initdbUser }} + {{- end }} + {{- if .Values.initdbPassword }} + - name: POSTGRESQL_INITSCRIPTS_PASSWORD + value: {{ .Values.initdbPassword }} + {{- end }} + {{- if .Values.persistence.mountPath }} + - name: PGDATA + value: {{ .Values.postgresqlDataDir | quote }} + {{- end }} + {{- if .Values.replication.enabled }} + - name: POSTGRES_REPLICATION_MODE + value: "master" + - name: POSTGRES_REPLICATION_USER + value: {{ include "postgresql.replication.username" . | quote }} + {{- if .Values.usePasswordFile }} + - name: POSTGRES_REPLICATION_PASSWORD_FILE + value: "/opt/bitnami/postgresql/secrets/postgresql-replication-password" + {{- else }} + - name: POSTGRES_REPLICATION_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "postgresql.secretName" . }} + key: postgresql-replication-password + {{- end }} + {{- if not (eq .Values.replication.synchronousCommit "off")}} + - name: POSTGRES_SYNCHRONOUS_COMMIT_MODE + value: {{ .Values.replication.synchronousCommit | quote }} + - name: POSTGRES_NUM_SYNCHRONOUS_REPLICAS + value: {{ .Values.replication.numSynchronousReplicas | quote }} + {{- end }} + - name: POSTGRES_CLUSTER_APP_NAME + value: {{ .Values.replication.applicationName }} + {{- end }} + {{- if and (not (eq .Values.postgresqlUsername "postgres")) (or .Values.postgresqlPostgresPassword (include "postgresql.useExistingSecret" .)) }} + {{- if .Values.usePasswordFile }} + - name: POSTGRES_POSTGRES_PASSWORD_FILE + value: "/opt/bitnami/postgresql/secrets/postgresql-postgres-password" + {{- else }} + - name: POSTGRES_POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "postgresql.secretName" . }} + key: postgresql-postgres-password + {{- end }} + {{- end }} + - name: POSTGRES_USER + value: {{ include "postgresql.username" . | quote }} + {{- if .Values.usePasswordFile }} + - name: POSTGRES_PASSWORD_FILE + value: "/opt/bitnami/postgresql/secrets/postgresql-password" + {{- else }} + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "postgresql.secretName" . }} + key: postgresql-password + {{- end }} + {{- if (include "postgresql.database" .) }} + - name: POSTGRES_DB + value: {{ (include "postgresql.database" .) | quote }} + {{- end }} + {{- if .Values.extraEnv }} + {{- include "postgresql.tplValue" (dict "value" .Values.extraEnv "context" $) | nindent 12 }} + {{- end }} + - name: POSTGRESQL_ENABLE_LDAP + value: {{ ternary "yes" "no" .Values.ldap.enabled | quote }} + {{- if .Values.ldap.enabled }} + - name: POSTGRESQL_LDAP_SERVER + value: {{ .Values.ldap.server }} + - name: POSTGRESQL_LDAP_PORT + value: {{ .Values.ldap.port | quote }} + - name: POSTGRESQL_LDAP_SCHEME + value: {{ .Values.ldap.scheme }} + {{- if .Values.ldap.tls }} + - name: POSTGRESQL_LDAP_TLS + value: "1" + {{- end}} + - name: POSTGRESQL_LDAP_PREFIX + value: {{ .Values.ldap.prefix | quote }} + - name: POSTGRESQL_LDAP_SUFFIX + value: {{ .Values.ldap.suffix | quote}} + - name: POSTGRESQL_LDAP_BASE_DN + value: {{ .Values.ldap.baseDN }} + - name: POSTGRESQL_LDAP_BIND_DN + value: {{ .Values.ldap.bindDN }} + {{- if (not (empty .Values.ldap.bind_password)) }} + - name: POSTGRESQL_LDAP_BIND_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "postgresql.secretName" . }} + key: postgresql-ldap-password + {{- end}} + - name: POSTGRESQL_LDAP_SEARCH_ATTR + value: {{ .Values.ldap.search_attr }} + - name: POSTGRESQL_LDAP_SEARCH_FILTER + value: {{ .Values.ldap.search_filter }} + - name: POSTGRESQL_LDAP_URL + value: {{ .Values.ldap.url }} + {{- end}} + - name: POSTGRESQL_ENABLE_TLS + value: {{ ternary "yes" "no" .Values.tls.enabled | quote }} + {{- if .Values.tls.enabled }} + - name: POSTGRESQL_TLS_PREFER_SERVER_CIPHERS + value: {{ ternary "yes" "no" .Values.tls.preferServerCiphers | quote }} + - name: POSTGRESQL_TLS_CERT_FILE + value: {{ template "postgresql.tlsCert" . }} + - name: POSTGRESQL_TLS_KEY_FILE + value: {{ template "postgresql.tlsCertKey" . }} + {{- if .Values.tls.certCAFilename }} + - name: POSTGRESQL_TLS_CA_FILE + value: {{ template "postgresql.tlsCACert" . }} + {{- end }} + {{- if .Values.tls.crlFilename }} + - name: POSTGRESQL_TLS_CRL_FILE + value: {{ template "postgresql.tlsCRL" . }} + {{- end }} + {{- end }} + {{- if .Values.extraEnvVarsCM }} + envFrom: + - configMapRef: + name: {{ tpl .Values.extraEnvVarsCM . }} + {{- end }} + ports: + - name: tcp-postgresql + containerPort: {{ template "postgresql.port" . }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: + exec: + command: + - /bin/sh + - -c + {{- if (include "postgresql.database" .) }} + - exec pg_isready -U {{ include "postgresql.username" . | quote }} -d "dbname={{ include "postgresql.database" . }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}{{- end }}" -h 127.0.0.1 -p {{ template "postgresql.port" . }} + {{- else }} + - exec pg_isready -U {{ include "postgresql.username" . | quote }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} -d "sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}"{{- end }} -h 127.0.0.1 -p {{ template "postgresql.port" . }} + {{- end }} + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: + exec: + command: + - /bin/sh + - -c + - -e + {{- include "postgresql.readinessProbeCommand" . | nindent 16 }} + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + {{- end }} + volumeMounts: + {{- if or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScriptsConfigMap .Values.initdbScripts }} + - name: custom-init-scripts + mountPath: /docker-entrypoint-initdb.d/ + {{- end }} + {{- if .Values.initdbScriptsSecret }} + - name: custom-init-scripts-secret + mountPath: /docker-entrypoint-initdb.d/secret + {{- end }} + {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }} + - name: postgresql-extended-config + mountPath: /bitnami/postgresql/conf/conf.d/ + {{- end }} + {{- if .Values.usePasswordFile }} + - name: postgresql-password + mountPath: /opt/bitnami/postgresql/secrets/ + {{- end }} + {{- if .Values.tls.enabled }} + - name: postgresql-certificates + mountPath: /opt/bitnami/postgresql/certs + readOnly: true + {{- end }} + {{- if .Values.shmVolume.enabled }} + - name: dshm + mountPath: /dev/shm + {{- end }} + {{- if .Values.persistence.enabled }} + - name: data + mountPath: {{ .Values.persistence.mountPath }} + subPath: {{ .Values.persistence.subPath }} + {{- end }} + {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap }} + - name: postgresql-config + mountPath: /bitnami/postgresql/conf + {{- end }} + {{- if .Values.master.extraVolumeMounts }} + {{- toYaml .Values.master.extraVolumeMounts | nindent 12 }} + {{- end }} +{{- if .Values.master.sidecars }} +{{- include "postgresql.tplValue" ( dict "value" .Values.master.sidecars "context" $ ) | nindent 8 }} +{{- end }} +{{- if .Values.metrics.enabled }} + - name: metrics + image: {{ template "postgresql.metrics.image" . }} + imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} + {{- if .Values.metrics.securityContext.enabled }} + securityContext: + runAsUser: {{ .Values.metrics.securityContext.runAsUser }} + {{- end }} + env: + {{- $database := required "In order to enable metrics you need to specify a database (.Values.postgresqlDatabase or .Values.global.postgresql.postgresqlDatabase)" (include "postgresql.database" .) }} + {{- $sslmode := ternary "require" "disable" .Values.tls.enabled }} + {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} + - name: DATA_SOURCE_NAME + value: {{ printf "host=127.0.0.1 port=%d user=%s sslmode=%s sslcert=%s sslkey=%s" (int (include "postgresql.port" .)) (include "postgresql.username" .) $sslmode (include "postgresql.tlsCert" .) (include "postgresql.tlsCertKey" .) }} + {{- else }} + - name: DATA_SOURCE_URI + value: {{ printf "127.0.0.1:%d/%s?sslmode=%s" (int (include "postgresql.port" .)) $database $sslmode }} + {{- end }} + {{- if .Values.usePasswordFile }} + - name: DATA_SOURCE_PASS_FILE + value: "/opt/bitnami/postgresql/secrets/postgresql-password" + {{- else }} + - name: DATA_SOURCE_PASS + valueFrom: + secretKeyRef: + name: {{ template "postgresql.secretName" . }} + key: postgresql-password + {{- end }} + - name: DATA_SOURCE_USER + value: {{ template "postgresql.username" . }} + {{- if .Values.metrics.extraEnvVars }} + {{- include "postgresql.tplValue" (dict "value" .Values.metrics.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: / + port: http-metrics + initialDelaySeconds: {{ .Values.metrics.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.metrics.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.metrics.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.metrics.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.metrics.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: / + port: http-metrics + initialDelaySeconds: {{ .Values.metrics.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.metrics.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.metrics.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.metrics.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.metrics.readinessProbe.failureThreshold }} + {{- end }} + volumeMounts: + {{- if .Values.usePasswordFile }} + - name: postgresql-password + mountPath: /opt/bitnami/postgresql/secrets/ + {{- end }} + {{- if .Values.tls.enabled }} + - name: postgresql-certificates + mountPath: /opt/bitnami/postgresql/certs + readOnly: true + {{- end }} + {{- if .Values.metrics.customMetrics }} + - name: custom-metrics + mountPath: /conf + readOnly: true + args: ["--extend.query-path", "/conf/custom-metrics.yaml"] + {{- end }} + ports: + - name: http-metrics + containerPort: 9187 + {{- if .Values.metrics.resources }} + resources: {{- toYaml .Values.metrics.resources | nindent 12 }} + {{- end }} +{{- end }} + volumes: + {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap}} + - name: postgresql-config + configMap: + name: {{ template "postgresql.configurationCM" . }} + {{- end }} + {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }} + - name: postgresql-extended-config + configMap: + name: {{ template "postgresql.extendedConfigurationCM" . }} + {{- end }} + {{- if .Values.usePasswordFile }} + - name: postgresql-password + secret: + secretName: {{ template "postgresql.secretName" . }} + {{- end }} + {{- if or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScriptsConfigMap .Values.initdbScripts }} + - name: custom-init-scripts + configMap: + name: {{ template "postgresql.initdbScriptsCM" . }} + {{- end }} + {{- if .Values.initdbScriptsSecret }} + - name: custom-init-scripts-secret + secret: + secretName: {{ template "postgresql.initdbScriptsSecret" . }} + {{- end }} + {{- if .Values.tls.enabled }} + - name: raw-certificates + secret: + secretName: {{ required "A secret containing TLS certificates is required when TLS is enabled" .Values.tls.certificatesSecret }} + - name: postgresql-certificates + emptyDir: {} + {{- end }} + {{- if .Values.master.extraVolumes }} + {{- toYaml .Values.master.extraVolumes | nindent 8 }} + {{- end }} + {{- if and .Values.metrics.enabled .Values.metrics.customMetrics }} + - name: custom-metrics + configMap: + name: {{ template "postgresql.metricsCM" . }} + {{- end }} + {{- if .Values.shmVolume.enabled }} + - name: dshm + emptyDir: + medium: Memory + sizeLimit: 1Gi + {{- end }} +{{- if and .Values.persistence.enabled .Values.persistence.existingClaim }} + - name: data + persistentVolumeClaim: +{{- with .Values.persistence.existingClaim }} + claimName: {{ tpl . $ }} +{{- end }} +{{- else if not .Values.persistence.enabled }} + - name: data + emptyDir: {} +{{- else if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} + volumeClaimTemplates: + - metadata: + name: data + {{- with .Values.persistence.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value }} + {{- end }} + {{- end }} + spec: + accessModes: + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{ include "postgresql.storageClass" . }} +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/svc-headless.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/svc-headless.yaml new file mode 100644 index 000000000..49131578a --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/svc-headless.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "postgresql.fullname" . }}-headless + labels: + {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + type: ClusterIP + clusterIP: None + ports: + - name: tcp-postgresql + port: {{ template "postgresql.port" . }} + targetPort: tcp-postgresql + selector: + {{- include "common.labels.matchLabels" . | nindent 4 }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/svc-read.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/svc-read.yaml new file mode 100644 index 000000000..885c7bb04 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/svc-read.yaml @@ -0,0 +1,42 @@ +{{- if .Values.replication.enabled }} +{{- $serviceAnnotations := coalesce .Values.slave.service.annotations .Values.service.annotations -}} +{{- $serviceType := coalesce .Values.slave.service.type .Values.service.type -}} +{{- $serviceLoadBalancerIP := coalesce .Values.slave.service.loadBalancerIP .Values.service.loadBalancerIP -}} +{{- $serviceLoadBalancerSourceRanges := coalesce .Values.slave.service.loadBalancerSourceRanges .Values.service.loadBalancerSourceRanges -}} +{{- $serviceClusterIP := coalesce .Values.slave.service.clusterIP .Values.service.clusterIP -}} +{{- $serviceNodePort := coalesce .Values.slave.service.nodePort .Values.service.nodePort -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "postgresql.fullname" . }}-read + labels: + {{- include "common.labels.standard" . | nindent 4 }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if $serviceAnnotations }} + {{- include "postgresql.tplValue" (dict "value" $serviceAnnotations "context" $) | nindent 4 }} + {{- end }} +spec: + type: {{ $serviceType }} + {{- if and $serviceLoadBalancerIP (eq $serviceType "LoadBalancer") }} + loadBalancerIP: {{ $serviceLoadBalancerIP }} + {{- end }} + {{- if and (eq $serviceType "LoadBalancer") $serviceLoadBalancerSourceRanges }} + loadBalancerSourceRanges: {{- include "postgresql.tplValue" (dict "value" $serviceLoadBalancerSourceRanges "context" $) | nindent 4 }} + {{- end }} + {{- if and (eq $serviceType "ClusterIP") $serviceClusterIP }} + clusterIP: {{ $serviceClusterIP }} + {{- end }} + ports: + - name: tcp-postgresql + port: {{ template "postgresql.port" . }} + targetPort: tcp-postgresql + {{- if $serviceNodePort }} + nodePort: {{ $serviceNodePort }} + {{- end }} + selector: + {{- include "common.labels.matchLabels" . | nindent 4 }} + role: slave +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/svc.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/svc.yaml new file mode 100644 index 000000000..e9fc50456 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/templates/svc.yaml @@ -0,0 +1,40 @@ +{{- $serviceAnnotations := coalesce .Values.master.service.annotations .Values.service.annotations -}} +{{- $serviceType := coalesce .Values.master.service.type .Values.service.type -}} +{{- $serviceLoadBalancerIP := coalesce .Values.master.service.loadBalancerIP .Values.service.loadBalancerIP -}} +{{- $serviceLoadBalancerSourceRanges := coalesce .Values.master.service.loadBalancerSourceRanges .Values.service.loadBalancerSourceRanges -}} +{{- $serviceClusterIP := coalesce .Values.master.service.clusterIP .Values.service.clusterIP -}} +{{- $serviceNodePort := coalesce .Values.master.service.nodePort .Values.service.nodePort -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "postgresql.fullname" . }} + labels: + {{- include "common.labels.standard" . | nindent 4 }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if $serviceAnnotations }} + {{- include "postgresql.tplValue" (dict "value" $serviceAnnotations "context" $) | nindent 4 }} + {{- end }} +spec: + type: {{ $serviceType }} + {{- if and $serviceLoadBalancerIP (eq $serviceType "LoadBalancer") }} + loadBalancerIP: {{ $serviceLoadBalancerIP }} + {{- end }} + {{- if and (eq $serviceType "LoadBalancer") $serviceLoadBalancerSourceRanges }} + loadBalancerSourceRanges: {{- include "postgresql.tplValue" (dict "value" $serviceLoadBalancerSourceRanges "context" $) | nindent 4 }} + {{- end }} + {{- if and (eq $serviceType "ClusterIP") $serviceClusterIP }} + clusterIP: {{ $serviceClusterIP }} + {{- end }} + ports: + - name: tcp-postgresql + port: {{ template "postgresql.port" . }} + targetPort: tcp-postgresql + {{- if $serviceNodePort }} + nodePort: {{ $serviceNodePort }} + {{- end }} + selector: + {{- include "common.labels.matchLabels" . | nindent 4 }} + role: master diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/values-production.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/values-production.yaml new file mode 100644 index 000000000..c08014549 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/values-production.yaml @@ -0,0 +1,594 @@ +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry and imagePullSecrets +## +global: + postgresql: {} +# imageRegistry: myRegistryName +# imagePullSecrets: +# - myRegistryKeySecretName +# storageClass: myStorageClass + +## Bitnami PostgreSQL image version +## ref: https://hub.docker.com/r/bitnami/postgresql/tags/ +## +image: + registry: docker.io + repository: bitnami/postgresql + tag: 11.9.0-debian-10-r1 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + + ## Set to true if you would like to see extra information on logs + ## It turns BASH and NAMI debugging in minideb + ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging + debug: false + +## String to partially override postgresql.fullname template (will maintain the release name) +## +# nameOverride: + +## String to fully override postgresql.fullname template +## +# fullnameOverride: + +## +## Init containers parameters: +## volumePermissions: Change the owner of the persist volume mountpoint to RunAsUser:fsGroup +## +volumePermissions: + enabled: false + image: + registry: docker.io + repository: bitnami/minideb + tag: buster + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: Always + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + ## Init container Security Context + ## Note: the chown of the data folder is done to securityContext.runAsUser + ## and not the below volumePermissions.securityContext.runAsUser + ## When runAsUser is set to special value "auto", init container will try to chwon the + ## data folder to autodetermined user&group, using commands: `id -u`:`id -G | cut -d" " -f2` + ## "auto" is especially useful for OpenShift which has scc with dynamic userids (and 0 is not allowed). + ## You may want to use this volumePermissions.securityContext.runAsUser="auto" in combination with + ## pod securityContext.enabled=false and shmVolume.chmod.enabled=false + ## + securityContext: + runAsUser: 0 + +## Use an alternate scheduler, e.g. "stork". +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +# schedulerName: + +## Pod Security Context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +## +securityContext: + enabled: true + fsGroup: 1001 + runAsUser: 1001 + +## Pod Service Account +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ +serviceAccount: + enabled: false + ## Name of an already existing service account. Setting this value disables the automatic service account creation. + # name: + +## Pod Security Policy +## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ +psp: + create: false + +## Creates role for ServiceAccount +## Required for PSP +rbac: + create: false + +replication: + enabled: true + user: repl_user + password: repl_password + slaveReplicas: 2 + ## Set synchronous commit mode: on, off, remote_apply, remote_write and local + ## ref: https://www.postgresql.org/docs/9.6/runtime-config-wal.html#GUC-WAL-LEVEL + synchronousCommit: 'on' + ## From the number of `slaveReplicas` defined above, set the number of those that will have synchronous replication + ## NOTE: It cannot be > slaveReplicas + numSynchronousReplicas: 1 + ## Replication Cluster application name. Useful for defining multiple replication policies + applicationName: my_application + +## PostgreSQL admin password (used when `postgresqlUsername` is not `postgres`) +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-user-on-first-run (see note!) +# postgresqlPostgresPassword: + +## PostgreSQL user (has superuser privileges if username is `postgres`) +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run +postgresqlUsername: postgres + +## PostgreSQL password +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run +## +# postgresqlPassword: + +## PostgreSQL password using existing secret +## existingSecret: secret + +## Mount PostgreSQL secret as a file instead of passing environment variable +# usePasswordFile: false + +## Create a database +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-on-first-run +## +# postgresqlDatabase: + +## PostgreSQL data dir +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md +## +postgresqlDataDir: /bitnami/postgresql/data + +## An array to add extra environment variables +## For example: +## extraEnv: +## - name: FOO +## value: "bar" +## +# extraEnv: +extraEnv: [] + +## Name of a ConfigMap containing extra env vars +## +# extraEnvVarsCM: + +## Specify extra initdb args +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md +## +# postgresqlInitdbArgs: + +## Specify a custom location for the PostgreSQL transaction log +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md +## +# postgresqlInitdbWalDir: + +## PostgreSQL configuration +## Specify runtime configuration parameters as a dict, using camelCase, e.g. +## {"sharedBuffers": "500MB"} +## Alternatively, you can put your postgresql.conf under the files/ directory +## ref: https://www.postgresql.org/docs/current/static/runtime-config.html +## +# postgresqlConfiguration: + +## PostgreSQL extended configuration +## As above, but _appended_ to the main configuration +## Alternatively, you can put your *.conf under the files/conf.d/ directory +## https://github.com/bitnami/bitnami-docker-postgresql#allow-settings-to-be-loaded-from-files-other-than-the-default-postgresqlconf +## +# postgresqlExtendedConf: + +## PostgreSQL client authentication configuration +## Specify content for pg_hba.conf +## Default: do not create pg_hba.conf +## Alternatively, you can put your pg_hba.conf under the files/ directory +# pgHbaConfiguration: |- +# local all all trust +# host all all localhost trust +# host mydatabase mysuser 192.168.0.0/24 md5 + +## ConfigMap with PostgreSQL configuration +## NOTE: This will override postgresqlConfiguration and pgHbaConfiguration +# configurationConfigMap: + +## ConfigMap with PostgreSQL extended configuration +# extendedConfConfigMap: + +## initdb scripts +## Specify dictionary of scripts to be run at first boot +## Alternatively, you can put your scripts under the files/docker-entrypoint-initdb.d directory +## +# initdbScripts: +# my_init_script.sh: | +# #!/bin/sh +# echo "Do something." + +## Specify the PostgreSQL username and password to execute the initdb scripts +# initdbUser: +# initdbPassword: + +## ConfigMap with scripts to be run at first boot +## NOTE: This will override initdbScripts +# initdbScriptsConfigMap: + +## Secret with scripts to be run at first boot (in case it contains sensitive information) +## NOTE: This can work along initdbScripts or initdbScriptsConfigMap +# initdbScriptsSecret: + +## Optional duration in seconds the pod needs to terminate gracefully. +## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods +## +# terminationGracePeriodSeconds: 30 + +## LDAP configuration +## +ldap: + enabled: false + url: '' + server: '' + port: '' + prefix: '' + suffix: '' + baseDN: '' + bindDN: '' + bind_password: + search_attr: '' + search_filter: '' + scheme: '' + tls: false + +## PostgreSQL service configuration +service: + ## PosgresSQL service type + type: ClusterIP + # clusterIP: None + port: 5432 + + ## Specify the nodePort value for the LoadBalancer and NodePort service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + # nodePort: + + ## Provide any additional annotations which may be required. Evaluated as a template. + ## + annotations: {} + ## Set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + # loadBalancerIP: + ## Load Balancer sources. Evaluated as a template. + ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## + # loadBalancerSourceRanges: + # - 10.10.10.0/24 + +## Start master and slave(s) pod(s) without limitations on shm memory. +## By default docker and containerd (and possibly other container runtimes) +## limit `/dev/shm` to `64M` (see e.g. the +## [docker issue](https://github.com/docker-library/postgres/issues/416) and the +## [containerd issue](https://github.com/containerd/containerd/issues/3654), +## which could be not enough if PostgreSQL uses parallel workers heavily. +## +shmVolume: + ## Set `shmVolume.enabled` to `true` to mount a new tmpfs volume to remove + ## this limitation. + ## + enabled: true + ## Set to `true` to `chmod 777 /dev/shm` on a initContainer. + ## This option is ingored if `volumePermissions.enabled` is `false` + ## + chmod: + enabled: true + +## PostgreSQL data Persistent Volume Storage Class +## If defined, storageClassName: +## If set to "-", storageClassName: "", which disables dynamic provisioning +## If undefined (the default) or set to null, no storageClassName spec is +## set, choosing the default provisioner. (gp2 on AWS, standard on +## GKE, AWS & OpenStack) +## +persistence: + enabled: true + ## A manually managed Persistent Volume and Claim + ## If defined, PVC must be created manually before volume will be bound + ## The value is evaluated as a template, so, for example, the name can depend on .Release or .Chart + ## + # existingClaim: + + ## The path the volume will be mounted at, useful when using different + ## PostgreSQL images. + ## + mountPath: /bitnami/postgresql + + ## The subdirectory of the volume to mount to, useful in dev environments + ## and one PV for multiple services. + ## + subPath: '' + + # storageClass: "-" + accessModes: + - ReadWriteOnce + size: 8Gi + annotations: {} + +## updateStrategy for PostgreSQL StatefulSet and its slaves StatefulSets +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies +updateStrategy: + type: RollingUpdate + +## +## PostgreSQL Master parameters +## +master: + ## Node, affinity, tolerations, and priorityclass settings for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature + ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption + nodeSelector: {} + affinity: {} + tolerations: [] + labels: {} + annotations: {} + podLabels: {} + podAnnotations: {} + priorityClassName: '' + ## Additional PostgreSQL Master Volume mounts + ## + extraVolumeMounts: [] + ## Additional PostgreSQL Master Volumes + ## + extraVolumes: [] + ## Add sidecars to the pod + ## + ## For example: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + sidecars: [] + + ## Override the service configuration for master + ## + service: {} + # type: + # nodePort: + # clusterIP: + +## +## PostgreSQL Slave parameters +## +slave: + ## Node, affinity, tolerations, and priorityclass settings for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature + ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption + nodeSelector: {} + affinity: {} + tolerations: [] + labels: {} + annotations: {} + podLabels: {} + podAnnotations: {} + priorityClassName: '' + ## Extra init containers + ## Example + ## + ## extraInitContainers: + ## - name: do-something + ## image: busybox + ## command: ['do', 'something'] + extraInitContainers: [] + ## Additional PostgreSQL Slave Volume mounts + ## + extraVolumeMounts: [] + ## Additional PostgreSQL Slave Volumes + ## + extraVolumes: [] + ## Add sidecars to the pod + ## + ## For example: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + sidecars: [] + + ## Override the service configuration for slave + ## + service: {} + # type: + # nodePort: + # clusterIP: + ## Whether to enable PostgreSQL slave replicas data Persistent + ## + persistence: + enabled: true + +## Configure resource requests and limits +## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +## +resources: + requests: + memory: 256Mi + cpu: 250m + +## Add annotations to all the deployed resources +## +commonAnnotations: {} + +networkPolicy: + ## Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now. + ## + enabled: false + + ## The Policy model to apply. When set to false, only pods with the correct + ## client label will have network access to the port PostgreSQL is listening + ## on. When true, PostgreSQL will accept connections from any source + ## (with the correct destination port). + ## + allowExternal: true + + ## if explicitNamespacesSelector is missing or set to {}, only client Pods that are in the networkPolicy's namespace + ## and that match other criteria, the ones that have the good label, can reach the DB. + ## But sometimes, we want the DB to be accessible to clients from other namespaces, in this case, we can use this + ## LabelSelector to select these namespaces, note that the networkPolicy's namespace should also be explicitly added. + ## + ## Example: + ## explicitNamespacesSelector: + ## matchLabels: + ## role: frontend + ## matchExpressions: + ## - {key: role, operator: In, values: [frontend]} + explicitNamespacesSelector: {} + +## Configure extra options for liveness and readiness probes +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) +livenessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + +readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + +## +## TLS configuration +## +tls: + # Enable TLS traffic + enabled: false + # + # Whether to use the server's TLS cipher preferences rather than the client's. + preferServerCiphers: true + # + # Name of the Secret that contains the certificates + certificatesSecret: '' + # + # Certificate filename + certFilename: '' + # + # Certificate Key filename + certKeyFilename: '' + # + # CA Certificate filename + # If provided, PostgreSQL will authenticate TLS/SSL clients by requesting them a certificate + # ref: https://www.postgresql.org/docs/9.6/auth-methods.html + certCAFilename: + # + # File containing a Certificate Revocation List + crlFilename: + +## Configure metrics exporter +## +metrics: + enabled: true + # resources: {} + service: + type: ClusterIP + annotations: + prometheus.io/scrape: 'true' + prometheus.io/port: '9187' + loadBalancerIP: + serviceMonitor: + enabled: false + additionalLabels: {} + # namespace: monitoring + # interval: 30s + # scrapeTimeout: 10s + ## Custom PrometheusRule to be defined + ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart + ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions + prometheusRule: + enabled: false + additionalLabels: {} + namespace: '' + ## These are just examples rules, please adapt them to your needs. + ## Make sure to constraint the rules to the current postgresql service. + ## rules: + ## - alert: HugeReplicationLag + ## expr: pg_replication_lag{service="{{ template "postgresql.fullname" . }}-metrics"} / 3600 > 1 + ## for: 1m + ## labels: + ## severity: critical + ## annotations: + ## description: replication for {{ template "postgresql.fullname" . }} PostgreSQL is lagging by {{ "{{ $value }}" }} hour(s). + ## summary: PostgreSQL replication is lagging by {{ "{{ $value }}" }} hour(s). + rules: [] + + image: + registry: docker.io + repository: bitnami/postgres-exporter + tag: 0.8.0-debian-10-r188 + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + ## Define additional custom metrics + ## ref: https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file + # customMetrics: + # pg_database: + # query: "SELECT d.datname AS name, CASE WHEN pg_catalog.has_database_privilege(d.datname, 'CONNECT') THEN pg_catalog.pg_database_size(d.datname) ELSE 0 END AS size FROM pg_catalog.pg_database d where datname not in ('template0', 'template1', 'postgres')" + # metrics: + # - name: + # usage: "LABEL" + # description: "Name of the database" + # - size_bytes: + # usage: "GAUGE" + # description: "Size of the database in bytes" + ## An array to add extra env vars to configure postgres-exporter + ## see: https://github.com/wrouesnel/postgres_exporter#environment-variables + ## For example: + # extraEnvVars: + # - name: PG_EXPORTER_DISABLE_DEFAULT_METRICS + # value: "true" + extraEnvVars: {} + + ## Pod Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + ## + securityContext: + enabled: false + runAsUser: 1001 + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) + ## Configure extra options for liveness and readiness probes + livenessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + + readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/values.schema.json b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/values.schema.json new file mode 100644 index 000000000..7b5e2efc3 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/values.schema.json @@ -0,0 +1,103 @@ +{ + "$schema": "http://json-schema.org/schema#", + "type": "object", + "properties": { + "postgresqlUsername": { + "type": "string", + "title": "Admin user", + "form": true + }, + "postgresqlPassword": { + "type": "string", + "title": "Password", + "form": true + }, + "persistence": { + "type": "object", + "properties": { + "size": { + "type": "string", + "title": "Persistent Volume Size", + "form": true, + "render": "slider", + "sliderMin": 1, + "sliderMax": 100, + "sliderUnit": "Gi" + } + } + }, + "resources": { + "type": "object", + "title": "Required Resources", + "description": "Configure resource requests", + "form": true, + "properties": { + "requests": { + "type": "object", + "properties": { + "memory": { + "type": "string", + "form": true, + "render": "slider", + "title": "Memory Request", + "sliderMin": 10, + "sliderMax": 2048, + "sliderUnit": "Mi" + }, + "cpu": { + "type": "string", + "form": true, + "render": "slider", + "title": "CPU Request", + "sliderMin": 10, + "sliderMax": 2000, + "sliderUnit": "m" + } + } + } + } + }, + "replication": { + "type": "object", + "form": true, + "title": "Replication Details", + "properties": { + "enabled": { + "type": "boolean", + "title": "Enable Replication", + "form": true + }, + "slaveReplicas": { + "type": "integer", + "title": "Slave Replicas", + "form": true, + "hidden": { + "value": false, + "path": "replication/enabled" + } + } + } + }, + "volumePermissions": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "form": true, + "title": "Enable Init Containers", + "description": "Change the owner of the persist volume mountpoint to RunAsUser:fsGroup" + } + } + }, + "metrics": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "title": "Configure metrics exporter", + "form": true + } + } + } + } +} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/values.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/values.yaml new file mode 100644 index 000000000..f45c4183d --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/charts/postgresql/values.yaml @@ -0,0 +1,600 @@ +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry and imagePullSecrets +## +global: + postgresql: {} +# imageRegistry: myRegistryName +# imagePullSecrets: +# - myRegistryKeySecretName +# storageClass: myStorageClass + +## Bitnami PostgreSQL image version +## ref: https://hub.docker.com/r/bitnami/postgresql/tags/ +## +image: + registry: docker.io + repository: bitnami/postgresql + tag: 11.9.0-debian-10-r1 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + + ## Set to true if you would like to see extra information on logs + ## It turns BASH and NAMI debugging in minideb + ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging + debug: false + +## String to partially override postgresql.fullname template (will maintain the release name) +## +# nameOverride: + +## String to fully override postgresql.fullname template +## +# fullnameOverride: + +## +## Init containers parameters: +## volumePermissions: Change the owner of the persist volume mountpoint to RunAsUser:fsGroup +## +volumePermissions: + enabled: false + image: + registry: docker.io + repository: bitnami/minideb + tag: buster + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: Always + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + ## Init container Security Context + ## Note: the chown of the data folder is done to securityContext.runAsUser + ## and not the below volumePermissions.securityContext.runAsUser + ## When runAsUser is set to special value "auto", init container will try to chwon the + ## data folder to autodetermined user&group, using commands: `id -u`:`id -G | cut -d" " -f2` + ## "auto" is especially useful for OpenShift which has scc with dynamic userids (and 0 is not allowed). + ## You may want to use this volumePermissions.securityContext.runAsUser="auto" in combination with + ## pod securityContext.enabled=false and shmVolume.chmod.enabled=false + ## + securityContext: + runAsUser: 0 + +## Use an alternate scheduler, e.g. "stork". +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +# schedulerName: + +## Pod Security Context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +## +securityContext: + enabled: true + fsGroup: 1001 + runAsUser: 1001 + +## Pod Service Account +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ +serviceAccount: + enabled: false + ## Name of an already existing service account. Setting this value disables the automatic service account creation. + # name: + +## Pod Security Policy +## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ +psp: + create: false + +## Creates role for ServiceAccount +## Required for PSP +rbac: + create: false + +replication: + enabled: false + user: repl_user + password: repl_password + slaveReplicas: 1 + ## Set synchronous commit mode: on, off, remote_apply, remote_write and local + ## ref: https://www.postgresql.org/docs/9.6/runtime-config-wal.html#GUC-WAL-LEVEL + synchronousCommit: 'off' + ## From the number of `slaveReplicas` defined above, set the number of those that will have synchronous replication + ## NOTE: It cannot be > slaveReplicas + numSynchronousReplicas: 0 + ## Replication Cluster application name. Useful for defining multiple replication policies + applicationName: my_application + +## PostgreSQL admin password (used when `postgresqlUsername` is not `postgres`) +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-user-on-first-run (see note!) +# postgresqlPostgresPassword: + +## PostgreSQL user (has superuser privileges if username is `postgres`) +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run +postgresqlUsername: postgres + +## PostgreSQL password +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run +## +# postgresqlPassword: + +## PostgreSQL password using existing secret +## existingSecret: secret + +## Mount PostgreSQL secret as a file instead of passing environment variable +# usePasswordFile: false + +## Create a database +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-on-first-run +## +# postgresqlDatabase: + +## PostgreSQL data dir +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md +## +postgresqlDataDir: /bitnami/postgresql/data + +## An array to add extra environment variables +## For example: +## extraEnv: +## - name: FOO +## value: "bar" +## +# extraEnv: +extraEnv: [] + +## Name of a ConfigMap containing extra env vars +## +# extraEnvVarsCM: + +## Specify extra initdb args +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md +## +# postgresqlInitdbArgs: + +## Specify a custom location for the PostgreSQL transaction log +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md +## +# postgresqlInitdbWalDir: + +## PostgreSQL configuration +## Specify runtime configuration parameters as a dict, using camelCase, e.g. +## {"sharedBuffers": "500MB"} +## Alternatively, you can put your postgresql.conf under the files/ directory +## ref: https://www.postgresql.org/docs/current/static/runtime-config.html +## +# postgresqlConfiguration: + +## PostgreSQL extended configuration +## As above, but _appended_ to the main configuration +## Alternatively, you can put your *.conf under the files/conf.d/ directory +## https://github.com/bitnami/bitnami-docker-postgresql#allow-settings-to-be-loaded-from-files-other-than-the-default-postgresqlconf +## +# postgresqlExtendedConf: + +## PostgreSQL client authentication configuration +## Specify content for pg_hba.conf +## Default: do not create pg_hba.conf +## Alternatively, you can put your pg_hba.conf under the files/ directory +# pgHbaConfiguration: |- +# local all all trust +# host all all localhost trust +# host mydatabase mysuser 192.168.0.0/24 md5 + +## ConfigMap with PostgreSQL configuration +## NOTE: This will override postgresqlConfiguration and pgHbaConfiguration +# configurationConfigMap: + +## ConfigMap with PostgreSQL extended configuration +# extendedConfConfigMap: + +## initdb scripts +## Specify dictionary of scripts to be run at first boot +## Alternatively, you can put your scripts under the files/docker-entrypoint-initdb.d directory +## +# initdbScripts: +# my_init_script.sh: | +# #!/bin/sh +# echo "Do something." + +## ConfigMap with scripts to be run at first boot +## NOTE: This will override initdbScripts +# initdbScriptsConfigMap: + +## Secret with scripts to be run at first boot (in case it contains sensitive information) +## NOTE: This can work along initdbScripts or initdbScriptsConfigMap +# initdbScriptsSecret: + +## Specify the PostgreSQL username and password to execute the initdb scripts +# initdbUser: +# initdbPassword: + +## Optional duration in seconds the pod needs to terminate gracefully. +## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods +## +# terminationGracePeriodSeconds: 30 + +## LDAP configuration +## +ldap: + enabled: false + url: '' + server: '' + port: '' + prefix: '' + suffix: '' + baseDN: '' + bindDN: '' + bind_password: + search_attr: '' + search_filter: '' + scheme: '' + tls: false + +## PostgreSQL service configuration +service: + ## PosgresSQL service type + type: ClusterIP + # clusterIP: None + port: 5432 + + ## Specify the nodePort value for the LoadBalancer and NodePort service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + # nodePort: + + ## Provide any additional annotations which may be required. Evaluated as a template. + ## + annotations: {} + ## Set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + # loadBalancerIP: + ## Load Balancer sources. Evaluated as a template. + ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## + # loadBalancerSourceRanges: + # - 10.10.10.0/24 + +## Start master and slave(s) pod(s) without limitations on shm memory. +## By default docker and containerd (and possibly other container runtimes) +## limit `/dev/shm` to `64M` (see e.g. the +## [docker issue](https://github.com/docker-library/postgres/issues/416) and the +## [containerd issue](https://github.com/containerd/containerd/issues/3654), +## which could be not enough if PostgreSQL uses parallel workers heavily. +## +shmVolume: + ## Set `shmVolume.enabled` to `true` to mount a new tmpfs volume to remove + ## this limitation. + ## + enabled: true + ## Set to `true` to `chmod 777 /dev/shm` on a initContainer. + ## This option is ingored if `volumePermissions.enabled` is `false` + ## + chmod: + enabled: true + +## PostgreSQL data Persistent Volume Storage Class +## If defined, storageClassName: +## If set to "-", storageClassName: "", which disables dynamic provisioning +## If undefined (the default) or set to null, no storageClassName spec is +## set, choosing the default provisioner. (gp2 on AWS, standard on +## GKE, AWS & OpenStack) +## +persistence: + enabled: true + ## A manually managed Persistent Volume and Claim + ## If defined, PVC must be created manually before volume will be bound + ## The value is evaluated as a template, so, for example, the name can depend on .Release or .Chart + ## + # existingClaim: + + ## The path the volume will be mounted at, useful when using different + ## PostgreSQL images. + ## + mountPath: /bitnami/postgresql + + ## The subdirectory of the volume to mount to, useful in dev environments + ## and one PV for multiple services. + ## + subPath: '' + + # storageClass: "-" + accessModes: + - ReadWriteOnce + size: 8Gi + annotations: {} + +## updateStrategy for PostgreSQL StatefulSet and its slaves StatefulSets +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies +updateStrategy: + type: RollingUpdate + +## +## PostgreSQL Master parameters +## +master: + ## Node, affinity, tolerations, and priorityclass settings for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature + ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption + nodeSelector: {} + affinity: {} + tolerations: [] + labels: {} + annotations: {} + podLabels: {} + podAnnotations: {} + priorityClassName: '' + ## Extra init containers + ## Example + ## + ## extraInitContainers: + ## - name: do-something + ## image: busybox + ## command: ['do', 'something'] + extraInitContainers: [] + + ## Additional PostgreSQL Master Volume mounts + ## + extraVolumeMounts: [] + ## Additional PostgreSQL Master Volumes + ## + extraVolumes: [] + ## Add sidecars to the pod + ## + ## For example: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + sidecars: [] + + ## Override the service configuration for master + ## + service: {} + # type: + # nodePort: + # clusterIP: + +## +## PostgreSQL Slave parameters +## +slave: + ## Node, affinity, tolerations, and priorityclass settings for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature + ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption + nodeSelector: {} + affinity: {} + tolerations: [] + labels: {} + annotations: {} + podLabels: {} + podAnnotations: {} + priorityClassName: '' + extraInitContainers: | + # - name: do-something + # image: busybox + # command: ['do', 'something'] + ## Additional PostgreSQL Slave Volume mounts + ## + extraVolumeMounts: [] + ## Additional PostgreSQL Slave Volumes + ## + extraVolumes: [] + ## Add sidecars to the pod + ## + ## For example: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + sidecars: [] + + ## Override the service configuration for slave + ## + service: {} + # type: + # nodePort: + # clusterIP: + ## Whether to enable PostgreSQL slave replicas data Persistent + ## + persistence: + enabled: true + +## Configure resource requests and limits +## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +## +resources: + requests: + memory: 256Mi + cpu: 250m + +## Add annotations to all the deployed resources +## +commonAnnotations: {} + +networkPolicy: + ## Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now. + ## + enabled: false + + ## The Policy model to apply. When set to false, only pods with the correct + ## client label will have network access to the port PostgreSQL is listening + ## on. When true, PostgreSQL will accept connections from any source + ## (with the correct destination port). + ## + allowExternal: true + + ## if explicitNamespacesSelector is missing or set to {}, only client Pods that are in the networkPolicy's namespace + ## and that match other criteria, the ones that have the good label, can reach the DB. + ## But sometimes, we want the DB to be accessible to clients from other namespaces, in this case, we can use this + ## LabelSelector to select these namespaces, note that the networkPolicy's namespace should also be explicitly added. + ## + ## Example: + ## explicitNamespacesSelector: + ## matchLabels: + ## role: frontend + ## matchExpressions: + ## - {key: role, operator: In, values: [frontend]} + explicitNamespacesSelector: {} + +## Configure extra options for liveness and readiness probes +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) +livenessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + +readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + +## +## TLS configuration +## +tls: + # Enable TLS traffic + enabled: false + # + # Whether to use the server's TLS cipher preferences rather than the client's. + preferServerCiphers: true + # + # Name of the Secret that contains the certificates + certificatesSecret: '' + # + # Certificate filename + certFilename: '' + # + # Certificate Key filename + certKeyFilename: '' + # + # CA Certificate filename + # If provided, PostgreSQL will authenticate TLS/SSL clients by requesting them a certificate + # ref: https://www.postgresql.org/docs/9.6/auth-methods.html + certCAFilename: + # + # File containing a Certificate Revocation List + crlFilename: + +## Configure metrics exporter +## +metrics: + enabled: false + # resources: {} + service: + type: ClusterIP + annotations: + prometheus.io/scrape: 'true' + prometheus.io/port: '9187' + loadBalancerIP: + serviceMonitor: + enabled: false + additionalLabels: {} + # namespace: monitoring + # interval: 30s + # scrapeTimeout: 10s + ## Custom PrometheusRule to be defined + ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart + ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions + prometheusRule: + enabled: false + additionalLabels: {} + namespace: '' + ## These are just examples rules, please adapt them to your needs. + ## Make sure to constraint the rules to the current postgresql service. + ## rules: + ## - alert: HugeReplicationLag + ## expr: pg_replication_lag{service="{{ template "postgresql.fullname" . }}-metrics"} / 3600 > 1 + ## for: 1m + ## labels: + ## severity: critical + ## annotations: + ## description: replication for {{ template "postgresql.fullname" . }} PostgreSQL is lagging by {{ "{{ $value }}" }} hour(s). + ## summary: PostgreSQL replication is lagging by {{ "{{ $value }}" }} hour(s). + rules: [] + + image: + registry: docker.io + repository: bitnami/postgres-exporter + tag: 0.8.0-debian-10-r188 + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + ## Define additional custom metrics + ## ref: https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file + # customMetrics: + # pg_database: + # query: "SELECT d.datname AS name, CASE WHEN pg_catalog.has_database_privilege(d.datname, 'CONNECT') THEN pg_catalog.pg_database_size(d.datname) ELSE 0 END AS size_bytes FROM pg_catalog.pg_database d where datname not in ('template0', 'template1', 'postgres')" + # metrics: + # - name: + # usage: "LABEL" + # description: "Name of the database" + # - size_bytes: + # usage: "GAUGE" + # description: "Size of the database in bytes" + # + ## An array to add extra env vars to configure postgres-exporter + ## see: https://github.com/wrouesnel/postgres_exporter#environment-variables + ## For example: + # extraEnvVars: + # - name: PG_EXPORTER_DISABLE_DEFAULT_METRICS + # value: "true" + extraEnvVars: {} + + ## Pod Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + ## + securityContext: + enabled: false + runAsUser: 1001 + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) + ## Configure extra options for liveness and readiness probes + livenessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + + readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/ci/access-tls-values.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/ci/access-tls-values.yaml new file mode 100644 index 000000000..b82db72d7 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/ci/access-tls-values.yaml @@ -0,0 +1,11 @@ +databaseUpgradeReady: true +artifactory: + masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +# To Fix ct tool --reuse-values - PASSWORDS ERROR: you must provide your current passwords when upgrade the release +postgresql: + postgresqlPassword: password +access: + accessConfig: + security: + tls: true + resetAccessCAKeys: true diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/ci/default-values.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/ci/default-values.yaml new file mode 100644 index 000000000..1ebf93823 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/ci/default-values.yaml @@ -0,0 +1,9 @@ +# Leave this file empty to ensure that CI runs builds against the default configuration in values.yaml. +databaseUpgradeReady: true +## This is an exception here because HA needs masterKey to connect with other node members and it is commented in values to support 6.x to 7.x Migration +## Please refer https://github.com/jfrog/charts/blob/master/stable/artifactory-ha/README.md#special-upgrade-notes-1 +artifactory: + masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +# To Fix ct tool --reuse-values - PASSWORDS ERROR: you must provide your current passwords when upgrade the release +postgresql: + postgresqlPassword: password diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/ci/global-values.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/ci/global-values.yaml new file mode 100644 index 000000000..e6fb0c283 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/ci/global-values.yaml @@ -0,0 +1,47 @@ +databaseUpgradeReady: true +# To Fix ct tool --reuse-values - PASSWORDS ERROR: you must provide your current passwords when upgrade the release +postgresql: + postgresqlPassword: password +global: + versions: + artifactory: 7.12.8 + masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF + joinKey: EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE + customInitContainers: | + - name: "custom-setup" + image: "{{ .Values.initContainerImage }}" + imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" + command: + - 'sh' + - '-c' + - 'touch {{ .Values.artifactory.persistence.mountPath }}/example-custom-setup' + volumeMounts: + - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" + name: volume + # Add custom volumes + customVolumes: | + - name: custom-script + emptyDir: + sizeLimit: 100Mi + # Add custom volumesMounts + customVolumeMounts: | + - name: custom-script + mountPath: "/scripts" + # Add custom sidecar containers + customSidecarContainers: | + - name: "sidecar-list-etc" + image: "{{ .Values.initContainerImage }}" + imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" + securityContext: + allowPrivilegeEscalation: false + command: ["sh","-c","echo 'Sidecar is running' >> /scripts/sidecar.txt; cat /scripts/sidecar.txt; while true; do sleep 30; done"] + volumeMounts: + - mountPath: "/scripts" + name: custom-script + resources: + requests: + memory: "32Mi" + cpu: "50m" + limits: + memory: "128Mi" + cpu: "100m" diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/ci/migration-disabled-values.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/ci/migration-disabled-values.yaml new file mode 100644 index 000000000..6c1e2587f --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/ci/migration-disabled-values.yaml @@ -0,0 +1,8 @@ +databaseUpgradeReady: true +# To Fix ct tool --reuse-values - PASSWORDS ERROR: you must provide your current passwords when upgrade the release +postgresql: + postgresqlPassword: password +artifactory: + masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF + migration: + enabled: false diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/ci/test-values.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/ci/test-values.yaml new file mode 100644 index 000000000..efe3241d8 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/ci/test-values.yaml @@ -0,0 +1,12 @@ +databaseUpgradeReady: true +artifactory: + masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF + persistence: + enabled: true + +postgresql: + postgresqlPassword: "password" + postgresqlExtendedConf: + maxConnections: "102" + persistence: + enabled: true diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/files/migrate.sh b/charts/artifactory-ha/artifactory-ha/4.13.000/files/migrate.sh new file mode 100644 index 000000000..e35bfdbb2 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/files/migrate.sh @@ -0,0 +1,4339 @@ +#!/bin/bash + +# Flags +FLAG_Y="y" +FLAG_N="n" +FLAGS_Y_N="$FLAG_Y $FLAG_N" +FLAG_NOT_APPLICABLE="_NA_" + +CURRENT_VERSION=$1 + +WRAPPER_SCRIPT_TYPE_RPMDEB="RPMDEB" +WRAPPER_SCRIPT_TYPE_DOCKER_COMPOSE="DOCKERCOMPOSE" + +SENSITIVE_KEY_VALUE="__sensitive_key_hidden___" + +# Shared system keys +SYS_KEY_SHARED_JFROGURL="shared.jfrogUrl" +SYS_KEY_SHARED_SECURITY_JOINKEY="shared.security.joinKey" +SYS_KEY_SHARED_SECURITY_MASTERKEY="shared.security.masterKey" + +SYS_KEY_SHARED_NODE_ID="shared.node.id" +SYS_KEY_SHARED_JAVAHOME="shared.javaHome" + +SYS_KEY_SHARED_DATABASE_TYPE="shared.database.type" +SYS_KEY_SHARED_DATABASE_TYPE_VALUE_POSTGRES="postgresql" +SYS_KEY_SHARED_DATABASE_DRIVER="shared.database.driver" +SYS_KEY_SHARED_DATABASE_URL="shared.database.url" +SYS_KEY_SHARED_DATABASE_USERNAME="shared.database.username" +SYS_KEY_SHARED_DATABASE_PASSWORD="shared.database.password" + +SYS_KEY_SHARED_ELASTICSEARCH_URL="shared.elasticsearch.url" +SYS_KEY_SHARED_ELASTICSEARCH_USERNAME="shared.elasticsearch.username" +SYS_KEY_SHARED_ELASTICSEARCH_PASSWORD="shared.elasticsearch.password" +SYS_KEY_SHARED_ELASTICSEARCH_CLUSTERSETUP="shared.elasticsearch.clusterSetup" +SYS_KEY_SHARED_ELASTICSEARCH_UNICASTFILE="shared.elasticsearch.unicastFile" +SYS_KEY_SHARED_ELASTICSEARCH_CLUSTERSETUP_VALUE="YES" + +# Define this in product specific script. Should contain the path to unitcast file +# File used by insight server to write cluster active nodes info. This will be read by elasticsearch +#SYS_KEY_SHARED_ELASTICSEARCH_UNICASTFILE_VALUE="" + +SYS_KEY_RABBITMQ_ACTIVE_NODE_NAME="shared.rabbitMq.active.node.name" +SYS_KEY_RABBITMQ_ACTIVE_NODE_IP="shared.rabbitMq.active.node.ip" + +# Filenames +FILE_NAME_SYSTEM_YAML="system.yaml" +FILE_NAME_JOIN_KEY="join.key" +FILE_NAME_MASTER_KEY="master.key" +FILE_NAME_INSTALLER_YAML="installer.yaml" + +# Global constants used in business logic +NODE_TYPE_STANDALONE="standalone" +NODE_TYPE_CLUSTER_NODE="node" +NODE_TYPE_DATABASE="database" + +# External(isable) databases +DATABASE_POSTGRES="POSTGRES" +DATABASE_ELASTICSEARCH="ELASTICSEARCH" +DATABASE_RABBITMQ="RABBITMQ" + +POSTGRES_LABEL="PostgreSQL" +ELASTICSEARCH_LABEL="Elasticsearch" +RABBITMQ_LABEL="Rabbitmq" + +ARTIFACTORY_LABEL="Artifactory" +JFMC_LABEL="Mission Control" +DISTRIBUTION_LABEL="Distribution" +XRAY_LABEL="Xray" + +POSTGRES_CONTAINER="postgres" +ELASTICSEARCH_CONTAINER="elasticsearch" +RABBITMQ_CONTAINER="rabbitmq" +REDIS_CONTAINER="redis" + +#Adding a small timeout before a read ensures it is positioned correctly in the screen +read_timeout=0.5 + +# Options related to data directory location +PROMPT_DATA_DIR_LOCATION="Installation Directory" +KEY_DATA_DIR_LOCATION="installer.data_dir" + +SYS_KEY_SHARED_NODE_HAENABLED="shared.node.haEnabled" +PROMPT_ADD_TO_CLUSTER="Are you adding an additional node to an existing product cluster?" +KEY_ADD_TO_CLUSTER="installer.ha" +VALID_VALUES_ADD_TO_CLUSTER="$FLAGS_Y_N" + +MESSAGE_POSTGRES_INSTALL="The installer can install a $POSTGRES_LABEL database, or you can connect to an existing compatible $POSTGRES_LABEL database\n(compatible databases: https://www.jfrog.com/confluence/display/JFROG/System+Requirements#SystemRequirements-RequirementsMatrix)" +PROMPT_POSTGRES_INSTALL="Do you want to install $POSTGRES_LABEL?" +KEY_POSTGRES_INSTALL="installer.install_postgresql" +VALID_VALUES_POSTGRES_INSTALL="$FLAGS_Y_N" + +# Postgres connection details +RPM_DEB_POSTGRES_HOME_DEFAULT="/var/opt/jfrog/postgres" +RPM_DEB_MESSAGE_STANDALONE_POSTGRES_DATA="$POSTGRES_LABEL home will have data and its configuration" +RPM_DEB_PROMPT_STANDALONE_POSTGRES_DATA="Type desired $POSTGRES_LABEL home location" +RPM_DEB_KEY_STANDALONE_POSTGRES_DATA="installer.postgresql.home" + +MESSAGE_DATABASE_URL="Provide the database connection details" +PROMPT_DATABASE_URL(){ + local databaseURlExample= + case "$PRODUCT_NAME" in + $ARTIFACTORY_LABEL) + databaseURlExample="jdbc:postgresql://:/artifactory" + ;; + $JFMC_LABEL) + databaseURlExample="postgresql://:/mission_control?sslmode=disable" + ;; + $DISTRIBUTION_LABEL) + databaseURlExample="jdbc:postgresql://:/distribution?sslmode=disable" + ;; + $XRAY_LABEL) + databaseURlExample="postgres://:/xraydb?sslmode=disable" + ;; + esac + if [ -z "$databaseURlExample" ]; then + echo -n "$POSTGRES_LABEL URL" # For consistency with username and password + return + fi + echo -n "$POSTGRES_LABEL url. Example: [$databaseURlExample]" +} +REGEX_DATABASE_URL(){ + local databaseURlExample= + case "$PRODUCT_NAME" in + $ARTIFACTORY_LABEL) + databaseURlExample="jdbc:postgresql://.*/artifactory.*" + ;; + $JFMC_LABEL) + databaseURlExample="postgresql://.*/mission_control.*" + ;; + $DISTRIBUTION_LABEL) + databaseURlExample="jdbc:postgresql://.*/distribution.*" + ;; + $XRAY_LABEL) + databaseURlExample="postgres://.*/xraydb.*" + ;; + esac + echo -n "^$databaseURlExample\$" +} +ERROR_MESSAGE_DATABASE_URL="Invalid $POSTGRES_LABEL URL" +KEY_DATABASE_URL="$SYS_KEY_SHARED_DATABASE_URL" +#NOTE: It is important to display the label. Since the message may be hidden if URL is known +PROMPT_DATABASE_USERNAME="$POSTGRES_LABEL username" +KEY_DATABASE_USERNAME="$SYS_KEY_SHARED_DATABASE_USERNAME" +#NOTE: It is important to display the label. Since the message may be hidden if URL is known +PROMPT_DATABASE_PASSWORD="$POSTGRES_LABEL password" +KEY_DATABASE_PASSWORD="$SYS_KEY_SHARED_DATABASE_PASSWORD" +IS_SENSITIVE_DATABASE_PASSWORD="$FLAG_Y" + +MESSAGE_STANDALONE_ELASTICSEARCH_INSTALL="The installer can install a $ELASTICSEARCH_LABEL database or you can connect to an existing compatible $ELASTICSEARCH_LABEL database" +PROMPT_STANDALONE_ELASTICSEARCH_INSTALL="Do you want to install $ELASTICSEARCH_LABEL?" +KEY_STANDALONE_ELASTICSEARCH_INSTALL="installer.install_elasticsearch" +VALID_VALUES_STANDALONE_ELASTICSEARCH_INSTALL="$FLAGS_Y_N" + +# Elasticsearch connection details +MESSAGE_ELASTICSEARCH_DETAILS="Provide the $ELASTICSEARCH_LABEL connection details" +PROMPT_ELASTICSEARCH_URL="$ELASTICSEARCH_LABEL URL" +KEY_ELASTICSEARCH_URL="$SYS_KEY_SHARED_ELASTICSEARCH_URL" + +PROMPT_ELASTICSEARCH_USERNAME="$ELASTICSEARCH_LABEL username" +KEY_ELASTICSEARCH_USERNAME="$SYS_KEY_SHARED_ELASTICSEARCH_USERNAME" + +PROMPT_ELASTICSEARCH_PASSWORD="$ELASTICSEARCH_LABEL password" +KEY_ELASTICSEARCH_PASSWORD="$SYS_KEY_SHARED_ELASTICSEARCH_PASSWORD" +IS_SENSITIVE_ELASTICSEARCH_PASSWORD="$FLAG_Y" + +# Cluster related questions +MESSAGE_CLUSTER_MASTER_KEY="Provide the cluster's master key. It can be found in the data directory of the first node under /etc/security/master.key" +PROMPT_CLUSTER_MASTER_KEY="Master Key" +KEY_CLUSTER_MASTER_KEY="$SYS_KEY_SHARED_SECURITY_MASTERKEY" +IS_SENSITIVE_CLUSTER_MASTER_KEY="$FLAG_Y" + +MESSAGE_JOIN_KEY="The Join key is the secret key used to establish trust between services in the JFrog Platform.\n(You can copy the Join Key from Admin > Security > Settings)" +PROMPT_JOIN_KEY="Join Key" +KEY_JOIN_KEY="$SYS_KEY_SHARED_SECURITY_JOINKEY" +IS_SENSITIVE_JOIN_KEY="$FLAG_Y" +REGEX_JOIN_KEY="^[a-zA-Z0-9]{16,}\$" +ERROR_MESSAGE_JOIN_KEY="Invalid Join Key" + +# Rabbitmq related cluster information +MESSAGE_RABBITMQ_ACTIVE_NODE_NAME="Provide an active ${RABBITMQ_LABEL} node name. Run the command [ hostname -s ] on any of the existing nodes in the product cluster to get this" +PROMPT_RABBITMQ_ACTIVE_NODE_NAME="${RABBITMQ_LABEL} active node name" +KEY_RABBITMQ_ACTIVE_NODE_NAME="$SYS_KEY_RABBITMQ_ACTIVE_NODE_NAME" + +# Rabbitmq related cluster information (necessary only for docker-compose) +PROMPT_RABBITMQ_ACTIVE_NODE_IP="${RABBITMQ_LABEL} active node ip" +KEY_RABBITMQ_ACTIVE_NODE_IP="$SYS_KEY_RABBITMQ_ACTIVE_NODE_IP" + +MESSAGE_JFROGURL(){ + echo -e "The JFrog URL allows ${PRODUCT_NAME} to connect to a JFrog Platform Instance.\n(You can copy the JFrog URL from Admin > Security > Settings)" +} +PROMPT_JFROGURL="JFrog URL" +KEY_JFROGURL="$SYS_KEY_SHARED_JFROGURL" +REGEX_JFROGURL="^https?://.*:{0,}[0-9]{0,4}\$" +ERROR_MESSAGE_JFROGURL="Invalid JFrog URL" + + +# Set this to FLAG_Y on upgrade +IS_UPGRADE="${FLAG_N}" + +# This belongs in JFMC but is the ONLY one that needs it so keeping it here for now. Can be made into a method and overridden if necessary +MESSAGE_MULTIPLE_PG_SCHEME="Please setup $POSTGRES_LABEL with schema as described in https://www.jfrog.com/confluence/display/JFROG/Installing+Mission+Control" + +_getMethodOutputOrVariableValue() { + unset EFFECTIVE_MESSAGE + local keyToSearch=$1 + local effectiveMessage= + local result="0" + # logSilly "Searching for method: [$keyToSearch]" + LC_ALL=C type "$keyToSearch" > /dev/null 2>&1 || result="$?" + if [[ "$result" == "0" ]]; then + # logSilly "Found method for [$keyToSearch]" + EFFECTIVE_MESSAGE="$($keyToSearch)" + return + fi + eval EFFECTIVE_MESSAGE=\${$keyToSearch} + if [ ! -z "$EFFECTIVE_MESSAGE" ]; then + return + fi + # logSilly "Didn't find method or variable for [$keyToSearch]" +} + + +# REF https://misc.flogisoft.com/bash/tip_colors_and_formatting +cClear="\e[0m" +cBlue="\e[38;5;69m" +cRedDull="\e[1;31m" +cYellow="\e[1;33m" +cRedBright="\e[38;5;197m" +cBold="\e[1m" + + +_loggerGetModeRaw() { + local MODE="$1" + case $MODE in + INFO) + printf "" + ;; + DEBUG) + printf "%s" "[${MODE}] " + ;; + WARN) + printf "${cRedDull}%s%s${cClear}" "[" "${MODE}" "] " + ;; + ERROR) + printf "${cRedBright}%s%s${cClear}" "[" "${MODE}" "] " + ;; + esac +} + + +_loggerGetMode() { + local MODE="$1" + case $MODE in + INFO) + printf "${cBlue}%s%-5s%s${cClear}" "[" "${MODE}" "]" + ;; + DEBUG) + printf "%-7s" "[${MODE}]" + ;; + WARN) + printf "${cRedDull}%s%-5s%s${cClear}" "[" "${MODE}" "]" + ;; + ERROR) + printf "${cRedBright}%s%-5s%s${cClear}" "[" "${MODE}" "]" + ;; + esac +} + +# Capitalises the first letter of the message +_loggerGetMessage() { + local originalMessage="$*" + local firstChar=$(echo "${originalMessage:0:1}" | awk '{ print toupper($0) }') + local resetOfMessage="${originalMessage:1}" + echo "$firstChar$resetOfMessage" +} + +# The spec also says content should be left-trimmed but this is not necessary in our case. We don't reach the limit. +_loggerGetStackTrace() { + printf "%s%-30s%s" "[" "$1:$2" "]" +} + +_loggerGetThread() { + printf "%s" "[main]" +} + +_loggerGetServiceType() { + printf "%s%-5s%s" "[" "shell" "]" +} + +#Trace ID is not applicable to scripts +_loggerGetTraceID() { + printf "%s" "[]" +} + +logRaw() { + echo "" + printf "$1" + echo "" +} + +logBold(){ + echo "" + printf "${cBold}$1${cClear}" + echo "" +} + +# The date binary works differently based on whether it is GNU/BSD +is_date_supported=0 +date --version > /dev/null 2>&1 || is_date_supported=1 +IS_GNU=$(echo $is_date_supported) + +_loggerGetTimestamp() { + if [ "${IS_GNU}" == "0" ]; then + echo -n $(date -u +%FT%T.%3NZ) + else + echo -n $(date -u +%FT%T.000Z) + fi +} + +# https://www.shellscript.sh/tips/spinner/ +_spin() +{ + spinner="/|\\-/|\\-" + while : + do + for i in `seq 0 7` + do + echo -n "${spinner:$i:1}" + echo -en "\010" + sleep 1 + done + done +} + +showSpinner() { + # Start the Spinner: + _spin & + # Make a note of its Process ID (PID): + SPIN_PID=$! + # Kill the spinner on any signal, including our own exit. + trap "kill -9 $SPIN_PID" `seq 0 15` &> /dev/null || return 0 +} + +stopSpinner() { + local occurrences=$(ps -ef | grep -wc "${SPIN_PID}") + let "occurrences+=0" + # validate that it is present (2 since this search itself will show up in the results) + if [ $occurrences -gt 1 ]; then + kill -9 $SPIN_PID &>/dev/null || return 0 + wait $SPIN_ID &>/dev/null + fi +} + +_getEffectiveMessage(){ + local MESSAGE="$1" + local MODE=${2-"INFO"} + + if [ -z "$CONTEXT" ]; then + CONTEXT=$(caller) + fi + + _EFFECTIVE_MESSAGE= + if [ -z "$LOG_BEHAVIOR_ADD_META" ]; then + _EFFECTIVE_MESSAGE="$(_loggerGetModeRaw $MODE)$(_loggerGetMessage $MESSAGE)" + else + local SERVICE_TYPE="script" + local TRACE_ID="" + local THREAD="main" + + local CONTEXT_LINE=$(echo "$CONTEXT" | awk '{print $1}') + local CONTEXT_FILE=$(echo "$CONTEXT" | awk -F"/" '{print $NF}') + + _EFFECTIVE_MESSAGE="$(_loggerGetTimestamp) $(_loggerGetServiceType) $(_loggerGetMode $MODE) $(_loggerGetTraceID) $(_loggerGetStackTrace $CONTEXT_FILE $CONTEXT_LINE) $(_loggerGetThread) - $(_loggerGetMessage $MESSAGE)" + fi + CONTEXT= +} + +# Important - don't call any log method from this method. Will become an infinite loop. Use echo to debug +_logToFile() { + local MODE=${1-"INFO"} + local targetFile="$LOG_BEHAVIOR_ADD_REDIRECTION" + # IF the file isn't passed, abort + if [ -z "$targetFile" ]; then + return + fi + # IF this is not being run in verbose mode and mode is debug or lower, abort + if [ "${VERBOSE_MODE}" != "$FLAG_Y" ] && [ "${VERBOSE_MODE}" != "true" ] && [ "${VERBOSE_MODE}" != "debug" ]; then + if [ "$MODE" == "DEBUG" ] || [ "$MODE" == "SILLY" ]; then + return + fi + fi + + # Create the file if it doesn't exist + if [ ! -f "${targetFile}" ]; then + return + # touch $targetFile > /dev/null 2>&1 || true + fi + # # Make it readable + # chmod 640 $targetFile > /dev/null 2>&1 || true + + # Log contents + printf "%s\n" "$_EFFECTIVE_MESSAGE" >> "$targetFile" || true +} + +logger() { + if [ "$LOG_BEHAVIOR_ADD_NEW_LINE" == "$FLAG_Y" ]; then + echo "" + fi + _getEffectiveMessage "$@" + local MODE=${2-"INFO"} + printf "%s\n" "$_EFFECTIVE_MESSAGE" + _logToFile "$MODE" +} + +logDebug(){ + VERBOSE_MODE=${VERBOSE_MODE-"false"} + CONTEXT=$(caller) + if [ "${VERBOSE_MODE}" == "$FLAG_Y" ] || [ "${VERBOSE_MODE}" == "true" ] || [ "${VERBOSE_MODE}" == "debug" ];then + logger "$1" "DEBUG" + else + logger "$1" "DEBUG" >&6 + fi + CONTEXT= +} + +logSilly(){ + VERBOSE_MODE=${VERBOSE_MODE-"false"} + CONTEXT=$(caller) + if [ "${VERBOSE_MODE}" == "silly" ];then + logger "$1" "DEBUG" + else + logger "$1" "DEBUG" >&6 + fi + CONTEXT= +} + +logError() { + CONTEXT=$(caller) + logger "$1" "ERROR" + CONTEXT= +} + +errorExit () { + CONTEXT=$(caller) + logger "$1" "ERROR" + CONTEXT= + exit 1 +} + +warn () { + CONTEXT=$(caller) + logger "$1" "WARN" + CONTEXT= +} + +note () { + CONTEXT=$(caller) + logger "$1" "NOTE" + CONTEXT= +} + +bannerStart() { + title=$1 + echo + echo -e "\033[1m${title}\033[0m" + echo +} + +bannerSection() { + title=$1 + echo + echo -e "******************************** ${title} ********************************" + echo +} + +bannerSubSection() { + title=$1 + echo + echo -e "************** ${title} *******************" + echo +} + +bannerMessge() { + title=$1 + echo + echo -e "********************************" + echo -e "${title}" + echo -e "********************************" + echo +} + +setRed () { + local input="$1" + echo -e \\033[31m${input}\\033[0m +} +setGreen () { + local input="$1" + echo -e \\033[32m${input}\\033[0m +} +setYellow () { + local input="$1" + echo -e \\033[33m${input}\\033[0m +} + +logger_addLinebreak () { + echo -e "---\n" +} + +bannerImportant() { + title=$1 + local bold="\033[1m" + local noColour="\033[0m" + echo + echo -e "${bold}######################################## IMPORTANT ########################################${noColour}" + echo -e "${bold}${title}${noColour}" + echo -e "${bold}###########################################################################################${noColour}" + echo +} + +bannerEnd() { + #TODO pass a title and calculate length dynamically so that start and end look alike + echo + echo "*****************************************************************************" + echo +} + +banner() { + title=$1 + content=$2 + bannerStart "${title}" + echo -e "$content" +} + +# The logic below helps us redirect content we'd normally hide to the log file. + # + # We have several commands which clutter the console with output and so use + # `cmd > /dev/null` - this redirects the command's output to null. + # + # However, the information we just hid maybe useful for support. Using the code pattern + # `cmd >&6` (instead of `cmd> >/dev/null` ), the command's output is hidden from the console + # but redirected to the installation log file + # + +#Default value of 6 is just null +exec 6>>/dev/null +redirectLogsToFile() { + echo "" + # local file=$1 + + # [ ! -z "${file}" ] || return 0 + + # local logDir=$(dirname "$file") + + # if [ ! -f "${file}" ]; then + # [ -d "${logDir}" ] || mkdir -p ${logDir} || \ + # ( echo "WARNING : Could not create parent directory (${logDir}) to redirect console log : ${file}" ; return 0 ) + # fi + + # #6 now points to the log file + # exec 6>>${file} + # #reference https://unix.stackexchange.com/questions/145651/using-exec-and-tee-to-redirect-logs-to-stdout-and-a-log-file-in-the-same-time + # exec 2>&1 > >(tee -a "${file}") +} + +# Check if a give key contains any sensitive string as part of it +# Based on the result, the caller can decide its value can be displayed or not +# Sample usage : isKeySensitive "${key}" && displayValue="******" || displayValue=${value} +isKeySensitive(){ + local key=$1 + local sensitiveKeys="password|secret|key|token" + + if [ -z "${key}" ]; then + return 1 + else + local lowercaseKey=$(echo "${key}" | tr '[:upper:]' '[:lower:]' 2>/dev/null) + [[ "${lowercaseKey}" =~ ${sensitiveKeys} ]] && return 0 || return 1 + fi +} + +getPrintableValueOfKey(){ + local displayValue= + local key="$1" + if [ -z "$key" ]; then + # This is actually an incorrect usage of this method but any logging will cause unexpected content in the caller + echo -n "" + return + fi + + local value="$2" + isKeySensitive "${key}" && displayValue="$SENSITIVE_KEY_VALUE" || displayValue="${value}" + echo -n $displayValue +} + +_createConsoleLog(){ + if [ -z "${JF_PRODUCT_HOME}" ]; then + return + fi + local targetFile="${JF_PRODUCT_HOME}/var/log/console.log" + mkdir -p "${JF_PRODUCT_HOME}/var/log" || true + if [ ! -f ${targetFile} ]; then + touch $targetFile > /dev/null 2>&1 || true + fi + chmod 640 $targetFile > /dev/null 2>&1 || true +} + +# Output from application's logs are piped to this method. It checks a configuration variable to determine if content should be logged to +# the common console.log file +redirectServiceLogsToFile() { + + local result="0" + # check if the function getSystemValue exists + LC_ALL=C type getSystemValue > /dev/null 2>&1 || result="$?" + if [[ "$result" != "0" ]]; then + warn "Couldn't find the systemYamlHelper. Skipping log redirection" + return 0 + fi + + getSystemValue "shared.consoleLog" "NOT_SET" + if [[ "${YAML_VALUE}" == "false" ]]; then + logger "Redirection is set to false. Skipping log redirection" + return 0; + fi + + if [ -z "${JF_PRODUCT_HOME}" ] || [ "${JF_PRODUCT_HOME}" == "" ]; then + warn "JF_PRODUCT_HOME is unavailable. Skipping log redirection" + return 0 + fi + + local targetFile="${JF_PRODUCT_HOME}/var/log/console.log" + + _createConsoleLog + + while read -r line; do + printf '%s\n' "${line}" >> $targetFile || return 0 # Don't want to log anything - might clutter the screen + done +} + +## Display environment variables starting with JF_ along with its value +## Value of sensitive keys will be displayed as "******" +## +## Sample Display : +## +## ======================== +## JF Environment variables +## ======================== +## +## JF_SHARED_NODE_ID : locahost +## JF_SHARED_JOINKEY : ****** +## +## +displayEnv() { + local JFEnv=$(printenv | grep ^JF_ 2>/dev/null) + local key= + local value= + + if [ -z "${JFEnv}" ]; then + return + fi + + cat << ENV_START_MESSAGE + +======================== +JF Environment variables +======================== +ENV_START_MESSAGE + + for entry in ${JFEnv}; do + key=$(echo "${entry}" | awk -F'=' '{print $1}') + value=$(echo "${entry}" | awk -F'=' '{print $2}') + + isKeySensitive "${key}" && value="******" || value=${value} + + printf "\n%-35s%s" "${key}" " : ${value}" + done + echo; +} + +_addLogRotateConfiguration() { + logDebug "Method ${FUNCNAME[0]}" + # mandatory inputs + local confFile="$1" + local logFile="$2" + + # Method available in _ioOperations.sh + LC_ALL=C type io_setYQPath > /dev/null 2>&1 || return 1 + + io_setYQPath + + # Method available in _systemYamlHelper.sh + LC_ALL=C type getSystemValue > /dev/null 2>&1 || return 1 + + local frequency="daily" + local archiveFolder="archived" + + local compressLogFiles= + getSystemValue "shared.logging.rotation.compress" "true" + if [[ "${YAML_VALUE}" == "true" ]]; then + compressLogFiles="compress" + fi + + getSystemValue "shared.logging.rotation.maxFiles" "10" + local noOfBackupFiles="${YAML_VALUE}" + + getSystemValue "shared.logging.rotation.maxSizeMb" "25" + local sizeOfFile="${YAML_VALUE}M" + + logDebug "Adding logrotate configuration for [$logFile] to [$confFile]" + + # Add configuration to file + local confContent=$(cat << LOGROTATECONF +$logFile { + $frequency + missingok + rotate $noOfBackupFiles + $compressLogFiles + notifempty + olddir $archiveFolder + dateext + extension .log + dateformat -%Y-%m-%d + size ${sizeOfFile} +} +LOGROTATECONF +) + echo "${confContent}" > ${confFile} || return 1 +} + +_operationIsBySameUser() { + local targetUser="$1" + local currentUserID=$(id -u) + local currentUserName=$(id -un) + + if [ $currentUserID == $targetUser ] || [ $currentUserName == $targetUser ]; then + echo -n "yes" + else + echo -n "no" + fi +} + +_addCronJobForLogrotate() { + logDebug "Method ${FUNCNAME[0]}" + + # Abort if logrotate is not available + [ "$(io_commandExists 'crontab')" != "yes" ] && warn "cron is not available" && return 1 + + # mandatory inputs + local productHome="$1" + local confFile="$2" + local cronJobOwner="$3" + + # We want to use our binary if possible. It may be more recent than the one in the OS + local logrotateBinary="$productHome/app/third-party/logrotate/logrotate" + + if [ ! -f "$logrotateBinary" ]; then + logrotateBinary="logrotate" + [ "$(io_commandExists 'logrotate')" != "yes" ] && warn "logrotate is not available" && return 1 + fi + local cmd="$logrotateBinary ${confFile} --state $productHome/var/etc/logrotate/logrotate-state" #--verbose + + id -u $cronJobOwner > /dev/null 2>&1 || { warn "User $cronJobOwner does not exist. Aborting logrotate configuration" && return 1; } + + # Remove the existing line + removeLogRotation "$productHome" "$cronJobOwner" || true + + # Run logrotate daily at 23:55 hours + local cronInterval="55 23 * * * $cmd" + + local standaloneMode=$(_operationIsBySameUser "$cronJobOwner") + + # If this is standalone mode, we cannot use -u - the user running this process may not have the necessary privileges + if [ "$standaloneMode" == "no" ]; then + (crontab -l -u $cronJobOwner 2>/dev/null; echo "$cronInterval") | crontab -u $cronJobOwner - + else + (crontab -l 2>/dev/null; echo "$cronInterval") | crontab - + fi +} + +## Configure logrotate for a product +## Failure conditions: +## If logrotation could not be setup for some reason +## Parameters: +## $1: The product name +## $2: The product home +## Depends on global: none +## Updates global: none +## Returns: NA + +configureLogRotation() { + logDebug "Method ${FUNCNAME[0]}" + + # mandatory inputs + local productName="$1" + if [ -z $productName ]; then + warn "Incorrect usage. A product name is necessary for configuring log rotation" && return 1 + fi + + local productHome="$2" + if [ -z $productHome ]; then + warn "Incorrect usage. A product home folder is necessary for configuring log rotation" && return 1 + fi + + local logFile="${productHome}/var/log/console.log" + if [[ $(uname) == "Darwin" ]]; then + logger "Log rotation for [$logFile] has not been configured. Please setup manually" + return 0 + fi + + local userID="$3" + if [ -z $userID ]; then + warn "Incorrect usage. A userID is necessary for configuring log rotation" && return 1 + fi + + local groupID=${4:-$userID} + local logConfigOwner=${5:-$userID} + + logDebug "Configuring log rotation as user [$userID], group [$groupID], effective cron User [$logConfigOwner]" + + local errorMessage="Could not configure logrotate. Please configure log rotation of the file: [$logFile] manually" + + local confFile="${productHome}/var/etc/logrotate/logrotate.conf" + + # TODO move to recursive method + createDir "${productHome}" "$userID" "$groupID" || { warn "${errorMessage}" && return 1; } + createDir "${productHome}/var" "$userID" "$groupID" || { warn "${errorMessage}" && return 1; } + createDir "${productHome}/var/log" "$userID" "$groupID" || { warn "${errorMessage}" && return 1; } + createDir "${productHome}/var/log/archived" "$userID" "$groupID" || { warn "${errorMessage}" && return 1; } + + # TODO move to recursive method + createDir "${productHome}/var/etc" "$userID" "$groupID" || { warn "${errorMessage}" && return 1; } + createDir "${productHome}/var/etc/logrotate" "$logConfigOwner" || { warn "${errorMessage}" && return 1; } + + # conf file should be owned by the user running the script + createFile "${confFile}" "${logConfigOwner}" || { warn "Could not create configuration file [$confFile]" return 1; } + + _addLogRotateConfiguration "${confFile}" "${logFile}" "$userID" "$groupID" || { warn "${errorMessage}" && return 1; } + _addCronJobForLogrotate "${productHome}" "${confFile}" "${logConfigOwner}" || { warn "${errorMessage}" && return 1; } +} + +_pauseExecution() { + if [ "${VERBOSE_MODE}" == "debug" ]; then + + local breakPoint="$1" + if [ ! -z "$breakPoint" ]; then + printf "${cBlue}Breakpoint${cClear} [$breakPoint] " + echo "" + fi + printf "${cBlue}Press enter once you are ready to continue${cClear}" + read -s choice + echo "" + fi +} + +# removeLogRotation "$productHome" "$cronJobOwner" || true +removeLogRotation() { + logDebug "Method ${FUNCNAME[0]}" + if [[ $(uname) == "Darwin" ]]; then + logDebug "Not implemented for Darwin." + return 0 + fi + local productHome="$1" + local cronJobOwner="$2" + local standaloneMode=$(_operationIsBySameUser "$cronJobOwner") + + local confFile="${productHome}/var/etc/logrotate/logrotate.conf" + + if [ "$standaloneMode" == "no" ]; then + crontab -l -u $cronJobOwner 2>/dev/null | grep -v "$confFile" | crontab -u $cronJobOwner - + else + crontab -l 2>/dev/null | grep -v "$confFile" | crontab - + fi +} + +# NOTE: This method does not check the configuration to see if redirection is necessary. +# This is intentional. If we don't redirect, tomcat logs might get redirected to a folder/file +# that does not exist, causing the service itself to not start +setupTomcatRedirection() { + logDebug "Method ${FUNCNAME[0]}" + local consoleLog="${JF_PRODUCT_HOME}/var/log/console.log" + _createConsoleLog + export CATALINA_OUT="${consoleLog}" +} + +setupScriptLogsRedirection() { + logDebug "Method ${FUNCNAME[0]}" + if [ -z "${JF_PRODUCT_HOME}" ]; then + logDebug "No JF_PRODUCT_HOME. Returning" + return + fi + # Create the console.log file if it is not already present + # _createConsoleLog || true + # # Ensure any logs (logger/logError/warn) also get redirected to the console.log + # # Using installer.log as a temparory fix. Please change this to console.log once INST-291 is fixed + export LOG_BEHAVIOR_ADD_REDIRECTION="${JF_PRODUCT_HOME}/var/log/console.log" + export LOG_BEHAVIOR_ADD_META="$FLAG_Y" +} + +# Returns Y if this method is run inside a container +isRunningInsideAContainer() { + if [ -f "/.dockerenv" ]; then + echo -n "$FLAG_Y" + else + echo -n "$FLAG_N" + fi +} + +POSTGRES_USER=999 +NGINX_USER=104 +NGINX_GROUP=107 +ES_USER=1000 +REDIS_USER=999 +MONGO_USER=999 +RABBITMQ_USER=999 +LOG_FILE_PERMISSION=640 +PID_FILE_PERMISSION=644 + +# Copy file +copyFile(){ + local source=$1 + local target=$2 + local mode=${3:-overwrite} + local enableVerbose=${4:-"${FLAG_N}"} + local verboseFlag="" + + if [ ! -z "${enableVerbose}" ] && [ "${enableVerbose}" == "${FLAG_Y}" ]; then + verboseFlag="-v" + fi + + if [[ ! ( $source && $target ) ]]; then + warn "Source and target is mandatory to copy file" + return 1 + fi + + if [[ -f "${target}" ]]; then + [[ "$mode" = "overwrite" ]] && ( cp ${verboseFlag} -f "$source" "$target" || errorExit "Unable to copy file, command : cp -f ${source} ${target}") || true + else + cp ${verboseFlag} -f "$source" "$target" || errorExit "Unable to copy file, command : cp -f ${source} ${target}" + fi +} + +# Copy files recursively from given source directory to destination directory +# This method wil copy but will NOT overwrite +# Destination will be created if its not available +copyFilesNoOverwrite(){ + local src=$1 + local dest=$2 + local enableVerboseCopy="${3:-${FLAG_Y}}" + + if [[ -z "${src}" || -z "${dest}" ]]; then + return + fi + + if [ -d "${src}" ] && [ "$(ls -A ${src})" ]; then + local relativeFilePath="" + local targetFilePath="" + + for file in $(find ${src} -type f 2>/dev/null) ; do + # Derive relative path and attach it to destination + # Example : + # src=/extra_config + # dest=/var/opt/jfrog/artifactory/etc + # file=/extra_config/config.xml + # relativeFilePath=config.xml + # targetFilePath=/var/opt/jfrog/artifactory/etc/config.xml + relativeFilePath=${file/${src}/} + targetFilePath=${dest}${relativeFilePath} + + createDir "$(dirname "$targetFilePath")" + copyFile "${file}" "${targetFilePath}" "no_overwrite" "${enableVerboseCopy}" + done + fi +} + +# TODO : WINDOWS ? +# Check the max open files and open processes set on the system +checkULimits () { + local minMaxOpenFiles=${1:-32000} + local minMaxOpenProcesses=${2:-1024} + local setValue=${3:-true} + local warningMsgForFiles=${4} + local warningMsgForProcesses=${5} + + logger "Checking open files and processes limits" + + local currentMaxOpenFiles=$(ulimit -n) + logger "Current max open files is $currentMaxOpenFiles" + if [ ${currentMaxOpenFiles} != "unlimited" ] && [ "$currentMaxOpenFiles" -lt "$minMaxOpenFiles" ]; then + if [ "${setValue}" ]; then + ulimit -n "${minMaxOpenFiles}" >/dev/null 2>&1 || warn "Max number of open files $currentMaxOpenFiles is low!" + [ -z "${warningMsgForFiles}" ] || warn "${warningMsgForFiles}" + else + errorExit "Max number of open files $currentMaxOpenFiles, is too low. Cannot run the application!" + fi + fi + + local currentMaxOpenProcesses=$(ulimit -u) + logger "Current max open processes is $currentMaxOpenProcesses" + if [ "$currentMaxOpenProcesses" != "unlimited" ] && [ "$currentMaxOpenProcesses" -lt "$minMaxOpenProcesses" ]; then + if [ "${setValue}" ]; then + ulimit -u "${minMaxOpenProcesses}" >/dev/null 2>&1 || warn "Max number of open files $currentMaxOpenFiles is low!" + [ -z "${warningMsgForProcesses}" ] || warn "${warningMsgForProcesses}" + else + errorExit "Max number of open files $currentMaxOpenProcesses, is too low. Cannot run the application!" + fi + fi +} + +createDirs() { + local appDataDir=$1 + local serviceName=$2 + local folders="backup bootstrap data etc logs work" + + [ -z "${appDataDir}" ] && errorExit "An application directory is mandatory to create its data structure" || true + [ -z "${serviceName}" ] && errorExit "A service name is mandatory to create service data structure" || true + + for folder in ${folders} + do + folder=${appDataDir}/${folder}/${serviceName} + if [ ! -d "${folder}" ]; then + logger "Creating folder : ${folder}" + mkdir -p "${folder}" || errorExit "Failed to create ${folder}" + fi + done +} + + +testReadWritePermissions () { + local dir_to_check=$1 + local error=false + + [ -d ${dir_to_check} ] || errorExit "'${dir_to_check}' is not a directory" + + local test_file=${dir_to_check}/test-permissions + + # Write file + if echo test > ${test_file} 1> /dev/null 2>&1; then + # Write succeeded. Testing read... + if cat ${test_file} > /dev/null; then + rm -f ${test_file} + else + error=true + fi + else + error=true + fi + + if [ ${error} == true ]; then + return 1 + else + return 0 + fi +} + +# Test directory has read/write permissions for current user +testDirectoryPermissions () { + local dir_to_check=$1 + local error=false + + [ -d ${dir_to_check} ] || errorExit "'${dir_to_check}' is not a directory" + + local u_id=$(id -u) + local id_str="id ${u_id}" + + logger "Testing directory ${dir_to_check} has read/write permissions for user ${id_str}" + + if ! testReadWritePermissions ${dir_to_check}; then + error=true + fi + + if [ "${error}" == true ]; then + local stat_data=$(stat -Lc "Directory: %n, permissions: %a, owner: %U, group: %G" ${dir_to_check}) + logger "###########################################################" + logger "${dir_to_check} DOES NOT have proper permissions for user ${id_str}" + logger "${stat_data}" + logger "Mounted directory must have read/write permissions for user ${id_str}" + logger "###########################################################" + errorExit "Directory ${dir_to_check} has bad permissions for user ${id_str}" + fi + logger "Permissions for ${dir_to_check} are good" +} + +# Utility method to create a directory path recursively with chown feature as +# Failure conditions: +## Exits if unable to create a directory +# Parameters: +## $1: Root directory from where the path can be created +## $2: List of recursive child directories seperated by space +## $3: user who should own the directory. Optional +## $4: group who should own the directory. Optional +# Depends on global: none +# Updates global: none +# Returns: NA +# +# Usage: +# createRecursiveDir "/opt/jfrog/product/var" "bootstrap tomcat lib" "user_name" "group_name" +createRecursiveDir(){ + local rootDir=$1 + local pathDirs=$2 + local user=$3 + local group=${4:-${user}} + local fullPath= + + [ ! -z "${rootDir}" ] || return 0 + + createDir "${rootDir}" "${user}" "${group}" + + [ ! -z "${pathDirs}" ] || return 0 + + fullPath=${rootDir} + + for dir in ${pathDirs}; do + fullPath=${fullPath}/${dir} + createDir "${fullPath}" "${user}" "${group}" + done +} + +# Utility method to create a directory +# Failure conditions: +## Exits if unable to create a directory +# Parameters: +## $1: directory to create +## $2: user who should own the directory. Optional +## $3: group who should own the directory. Optional +# Depends on global: none +# Updates global: none +# Returns: NA + +createDir(){ + local dirName="$1" + local printMessage=no + logSilly "Method ${FUNCNAME[0]} invoked with [$dirName]" + [ -z "${dirName}" ] && return + + logDebug "Attempting to create ${dirName}" + mkdir -p "${dirName}" || errorExit "Unable to create directory: [${dirName}]" + local userID="$2" + local groupID=${3:-$userID} + + # If UID/GID is passed, chown the folder + if [ ! -z "$userID" ] && [ ! -z "$groupID" ]; then + # Earlier, this line would have returned 1 if it failed. Now it just warns. + # This is intentional. Earlier, this line would NOT be reached if the folder already existed. + # Since it will always come to this line and the script may be running as a non-root user, this method will just warn if + # setting permissions fails (so as to not affect any existing flows) + io_setOwnershipNonRecursive "$dirName" "$userID" "$groupID" || warn "Could not set owner of [$dirName] to [$userID:$groupID]" + fi + # logging message to print created dir with user and group + local logMessage=${4:-$printMessage} + if [[ "${logMessage}" == "yes" ]]; then + logger "Successfully created directory [${dirName}]. Owner: [${userID}:${groupID}]" + fi +} + +removeSoftLinkAndCreateDir () { + local dirName="$1" + local userID="$2" + local groupID="$3" + local logMessage="$4" + removeSoftLink "${dirName}" + createDir "${dirName}" "${userID}" "${groupID}" "${logMessage}" +} + +# Utility method to remove a soft link +removeSoftLink () { + local dirName="$1" + if [[ -L "${dirName}" ]]; then + targetLink=$(readlink -f "${dirName}") + logger "Removing the symlink [${dirName}] pointing to [${targetLink}]" + rm -f "${dirName}" + fi +} + +# Check Directory exist in the path +checkDirExists () { + local directoryPath="$1" + + [[ -d "${directoryPath}" ]] && echo -n "true" || echo -n "false" +} + + +# Utility method to create a file +# Failure conditions: +# Parameters: +## $1: file to create +# Depends on global: none +# Updates global: none +# Returns: NA + +createFile(){ + local fileName="$1" + logSilly "Method ${FUNCNAME[0]} [$fileName]" + [ -f "${fileName}" ] && return 0 + touch "${fileName}" || return 1 + + local userID="$2" + local groupID=${3:-$userID} + + # If UID/GID is passed, chown the folder + if [ ! -z "$userID" ] && [ ! -z "$groupID" ]; then + io_setOwnership "$fileName" "$userID" "$groupID" || return 1 + fi +} + +# Check File exist in the filePath +# IMPORTANT- DON'T ADD LOGGING to this method +checkFileExists () { + local filePath="$1" + + [[ -f "${filePath}" ]] && echo -n "true" || echo -n "false" +} + +# Check for directories contains any (files or sub directories) +# IMPORTANT- DON'T ADD LOGGING to this method +checkDirContents () { + local directoryPath="$1" + if [[ "$(ls -1 "${directoryPath}" | wc -l)" -gt 0 ]]; then + echo -n "true" + else + echo -n "false" + fi +} + +# Check contents exist in directory +# IMPORTANT- DON'T ADD LOGGING to this method +checkContentExists () { + local source="$1" + + if [[ "$(checkDirContents "${source}")" != "true" ]]; then + echo -n "false" + else + echo -n "true" + fi +} + +# Resolve the variable +# IMPORTANT- DON'T ADD LOGGING to this method +evalVariable () { + local output="$1" + local input="$2" + + eval "${output}"=\${"${input}"} + eval echo \${"${output}"} +} + +# Usage: if [ "$(io_commandExists 'curl')" == "yes" ] +# IMPORTANT- DON'T ADD LOGGING to this method +io_commandExists() { + local commandToExecute="$1" + hash "${commandToExecute}" 2>/dev/null + local rt=$? + if [ "$rt" == 0 ]; then echo -n "yes"; else echo -n "no"; fi +} + +# Usage: if [ "$(io_curlExists)" != "yes" ] +# IMPORTANT- DON'T ADD LOGGING to this method +io_curlExists() { + io_commandExists "curl" +} + + +io_hasMatch() { + logSilly "Method ${FUNCNAME[0]}" + local result=0 + logDebug "Executing [echo \"$1\" | grep \"$2\" >/dev/null 2>&1]" + echo "$1" | grep "$2" >/dev/null 2>&1 || result=1 + return $result +} + +# Utility method to check if the string passed (usually a connection url) corresponds to this machine itself +# Failure conditions: None +# Parameters: +## $1: string to check against +# Depends on global: none +# Updates global: IS_LOCALHOST with value "yes/no" +# Returns: NA + +io_getIsLocalhost() { + logSilly "Method ${FUNCNAME[0]}" + IS_LOCALHOST="$FLAG_N" + local inputString="$1" + logDebug "Parsing [$inputString] to check if we are dealing with this machine itself" + + io_hasMatch "$inputString" "localhost" && { + logDebug "Found localhost. Returning [$FLAG_Y]" + IS_LOCALHOST="$FLAG_Y" && return; + } || logDebug "Did not find match for localhost" + + local hostIP=$(io_getPublicHostIP) + io_hasMatch "$inputString" "$hostIP" && { + logDebug "Found $hostIP. Returning [$FLAG_Y]" + IS_LOCALHOST="$FLAG_Y" && return; + } || logDebug "Did not find match for $hostIP" + + local hostID=$(io_getPublicHostID) + io_hasMatch "$inputString" "$hostID" && { + logDebug "Found $hostID. Returning [$FLAG_Y]" + IS_LOCALHOST="$FLAG_Y" && return; + } || logDebug "Did not find match for $hostID" + + local hostName=$(io_getPublicHostName) + io_hasMatch "$inputString" "$hostName" && { + logDebug "Found $hostName. Returning [$FLAG_Y]" + IS_LOCALHOST="$FLAG_Y" && return; + } || logDebug "Did not find match for $hostName" + +} + +# Usage: if [ "$(io_tarExists)" != "yes" ] +# IMPORTANT- DON'T ADD LOGGING to this method +io_tarExists() { + io_commandExists "tar" +} + +# IMPORTANT- DON'T ADD LOGGING to this method +io_getPublicHostIP() { + local OS_TYPE=$(uname) + local publicHostIP= + if [ "${OS_TYPE}" == "Darwin" ]; then + ipStatus=$(ifconfig en0 | grep "status" | awk '{print$2}') + if [ "${ipStatus}" == "active" ]; then + publicHostIP=$(ifconfig en0 | grep inet | grep -v inet6 | awk '{print $2}') + else + errorExit "Host IP could not be resolved!" + fi + elif [ "${OS_TYPE}" == "Linux" ]; then + publicHostIP=$(hostname -i 2>/dev/null || echo "127.0.0.1") + fi + publicHostIP=$(echo "${publicHostIP}" | awk '{print $1}') + echo -n "${publicHostIP}" +} + +# Will return the short host name (up to the first dot) +# IMPORTANT- DON'T ADD LOGGING to this method +io_getPublicHostName() { + echo -n "$(hostname -s)" +} + +# Will return the full host name (use this as much as possible) +# IMPORTANT- DON'T ADD LOGGING to this method +io_getPublicHostID() { + echo -n "$(hostname)" +} + +# Utility method to backup a file +# Failure conditions: NA +# Parameters: filePath +# Depends on global: none, +# Updates global: none +# Returns: NA +io_backupFile() { + logSilly "Method ${FUNCNAME[0]}" + fileName="$1" + if [ ! -f "${filePath}" ]; then + logDebug "No file: [${filePath}] to backup" + return + fi + dateTime=$(date +"%Y-%m-%d-%H-%M-%S") + targetFileName="${fileName}.backup.${dateTime}" + yes | \cp -f "$fileName" "${targetFileName}" + logger "File [${fileName}] backedup as [${targetFileName}]" +} + +# Reference https://stackoverflow.com/questions/4023830/how-to-compare-two-strings-in-dot-separated-version-format-in-bash/4025065#4025065 +is_number() { + case "$BASH_VERSION" in + 3.1.*) + PATTERN='\^\[0-9\]+\$' + ;; + *) + PATTERN='^[0-9]+$' + ;; + esac + + [[ "$1" =~ $PATTERN ]] +} + +io_compareVersions() { + if [[ $# != 2 ]] + then + echo "Usage: min_version current minimum" + return + fi + + A="${1%%.*}" + B="${2%%.*}" + + if [[ "$A" != "$1" && "$B" != "$2" && "$A" == "$B" ]] + then + io_compareVersions "${1#*.}" "${2#*.}" + else + if is_number "$A" && is_number "$B" + then + if [[ "$A" -eq "$B" ]]; then + echo "0" + elif [[ "$A" -gt "$B" ]]; then + echo "1" + elif [[ "$A" -lt "$B" ]]; then + echo "-1" + fi + fi + fi +} + +# Reference https://stackoverflow.com/questions/369758/how-to-trim-whitespace-from-a-bash-variable +# Strip all leading and trailing spaces +# IMPORTANT- DON'T ADD LOGGING to this method +io_trim() { + local var="$1" + # remove leading whitespace characters + var="${var#"${var%%[![:space:]]*}"}" + # remove trailing whitespace characters + var="${var%"${var##*[![:space:]]}"}" + echo -n "$var" +} + +# temporary function will be removing it ASAP +# search for string and replace text in file +replaceText_migration_hook () { + local regexString="$1" + local replaceText="$2" + local file="$3" + + if [[ "$(checkFileExists "${file}")" != "true" ]]; then + return + fi + if [[ $(uname) == "Darwin" ]]; then + sed -i '' -e "s/${regexString}/${replaceText}/" "${file}" || warn "Failed to replace the text in ${file}" + else + sed -i -e "s/${regexString}/${replaceText}/" "${file}" || warn "Failed to replace the text in ${file}" + fi +} + +# search for string and replace text in file +replaceText () { + local regexString="$1" + local replaceText="$2" + local file="$3" + + if [[ "$(checkFileExists "${file}")" != "true" ]]; then + return + fi + if [[ $(uname) == "Darwin" ]]; then + sed -i '' -e "s#${regexString}#${replaceText}#" "${file}" || warn "Failed to replace the text in ${file}" + else + sed -i -e "s#${regexString}#${replaceText}#" "${file}" || warn "Failed to replace the text in ${file}" + logDebug "Replaced [$regexString] with [$replaceText] in [$file]" + fi +} + +# search for string and prepend text in file +prependText () { + local regexString="$1" + local text="$2" + local file="$3" + + if [[ "$(checkFileExists "${file}")" != "true" ]]; then + return + fi + if [[ $(uname) == "Darwin" ]]; then + sed -i '' -e '/'"${regexString}"'/i\'$'\n\\'"${text}"''$'\n' "${file}" || warn "Failed to prepend the text in ${file}" + else + sed -i -e '/'"${regexString}"'/i\'$'\n\\'"${text}"''$'\n' "${file}" || warn "Failed to prepend the text in ${file}" + fi +} + +# add text to beginning of the file +addText () { + local text="$1" + local file="$2" + + if [[ "$(checkFileExists "${file}")" != "true" ]]; then + return + fi + if [[ $(uname) == "Darwin" ]]; then + sed -i '' -e '1s/^/'"${text}"'\'$'\n/' "${file}" || warn "Failed to add the text in ${file}" + else + sed -i -e '1s/^/'"${text}"'\'$'\n/' "${file}" || warn "Failed to add the text in ${file}" + fi +} + +io_replaceString () { + local value="$1" + local firstString="$2" + local secondString="$3" + local separator=${4:-"/"} + local updateValue= + if [[ $(uname) == "Darwin" ]]; then + updateValue=$(echo "${value}" | sed "s${separator}${firstString}${separator}${secondString}${separator}") + else + updateValue=$(echo "${value}" | sed "s${separator}${firstString}${separator}${secondString}${separator}") + fi + echo -n "${updateValue}" +} + +_findYQ() { + # logSilly "Method ${FUNCNAME[0]}" (Intentionally not logging. Does not add value) + local parentDir="$1" + if [ -z "$parentDir" ]; then + return + fi + logDebug "Executing command [find "${parentDir}" -name third-party -type d]" + local yq=$(find "${parentDir}" -name third-party -type d) + if [ -d "${yq}/yq" ]; then + export YQ_PATH="${yq}/yq" + fi +} + + +io_setYQPath() { + # logSilly "Method ${FUNCNAME[0]}" (Intentionally not logging. Does not add value) + if [ "$(io_commandExists 'yq')" == "yes" ]; then + return + fi + + if [ ! -z "${JF_PRODUCT_HOME}" ] && [ -d "${JF_PRODUCT_HOME}" ]; then + _findYQ "${JF_PRODUCT_HOME}" + fi + + if [ -z "${YQ_PATH}" ] && [ ! -z "${COMPOSE_HOME}" ] && [ -d "${COMPOSE_HOME}" ]; then + _findYQ "${COMPOSE_HOME}" + fi + # TODO We can remove this block after all the code is restructured. + if [ -z "${YQ_PATH}" ] && [ ! -z "${SCRIPT_HOME}" ] && [ -d "${SCRIPT_HOME}" ]; then + _findYQ "${SCRIPT_HOME}" + fi + +} + +io_getLinuxDistribution() { + LINUX_DISTRIBUTION= + + # Make sure running on Linux + [ $(uname -s) != "Linux" ] && return + + # Find out what Linux distribution we are on + + cat /etc/*-release | grep -i Red >/dev/null 2>&1 && LINUX_DISTRIBUTION=RedHat || true + + # OS 6.x + cat /etc/issue.net | grep Red >/dev/null 2>&1 && LINUX_DISTRIBUTION=RedHat || true + + # OS 7.x + cat /etc/*-release | grep -i centos >/dev/null 2>&1 && LINUX_DISTRIBUTION=CentOS && LINUX_DISTRIBUTION_VER="7" || true + + # OS 8.x + grep -q -i "release 8" /etc/redhat-release >/dev/null 2>&1 && LINUX_DISTRIBUTION_VER="8" || true + + # OS 7.x + grep -q -i "release 7" /etc/redhat-release >/dev/null 2>&1 && LINUX_DISTRIBUTION_VER="7" || true + + # OS 6.x + grep -q -i "release 6" /etc/redhat-release >/dev/null 2>&1 && LINUX_DISTRIBUTION_VER="6" || true + + cat /etc/*-release | grep -i Red | grep -i 'VERSION=7' >/dev/null 2>&1 && LINUX_DISTRIBUTION=RedHat && LINUX_DISTRIBUTION_VER="7" || true + + cat /etc/*-release | grep -i debian >/dev/null 2>&1 && LINUX_DISTRIBUTION=Debian || true + + cat /etc/*-release | grep -i ubuntu >/dev/null 2>&1 && LINUX_DISTRIBUTION=Ubuntu || true +} + +## Utility method to check ownership of folders/files +## Failure conditions: + ## If invoked with incorrect inputs - FATAL + ## If file is not owned by the user & group +## Parameters: + ## user + ## group + ## folder to chown +## Globals: none +## Returns: none +## NOTE: The method does NOTHING if the OS is Mac +io_checkOwner () { + logSilly "Method ${FUNCNAME[0]}" + local osType=$(uname) + + if [ "${osType}" != "Linux" ]; then + logDebug "Unsupported OS. Skipping check" + return 0 + fi + + local file_to_check=$1 + local user_id_to_check=$2 + + + if [ -z "$user_id_to_check" ] || [ -z "$file_to_check" ]; then + errorExit "Invalid invocation of method. Missing mandatory inputs" + fi + + local group_id_to_check=${3:-$user_id_to_check} + local check_user_name=${4:-"no"} + + logDebug "Checking permissions on [$file_to_check] for user [$user_id_to_check] & group [$group_id_to_check]" + + local stat= + + if [ "${check_user_name}" == "yes" ]; then + stat=( $(stat -Lc "%U %G" ${file_to_check}) ) + else + stat=( $(stat -Lc "%u %g" ${file_to_check}) ) + fi + + local user_id=${stat[0]} + local group_id=${stat[1]} + + if [[ "${user_id}" != "${user_id_to_check}" ]] || [[ "${group_id}" != "${group_id_to_check}" ]] ; then + logDebug "Ownership mismatch. [${file_to_check}] is not owned by [${user_id_to_check}:${group_id_to_check}]" + return 1 + else + return 0 + fi +} + +## Utility method to change ownership of a file/folder - NON recursive +## Failure conditions: + ## If invoked with incorrect inputs - FATAL + ## If chown operation fails - returns 1 +## Parameters: + ## user + ## group + ## file to chown +## Globals: none +## Returns: none +## NOTE: The method does NOTHING if the OS is Mac + +io_setOwnershipNonRecursive() { + + local osType=$(uname) + if [ "${osType}" != "Linux" ]; then + return + fi + + local targetFile=$1 + local user=$2 + + if [ -z "$user" ] || [ -z "$targetFile" ]; then + errorExit "Invalid invocation of method. Missing mandatory inputs" + fi + + local group=${3:-$user} + logDebug "Method ${FUNCNAME[0]}. Executing [chown ${user}:${group} ${targetFile}]" + chown ${user}:${group} ${targetFile} || return 1 +} + +## Utility method to change ownership of a file. +## IMPORTANT +## If being called on a folder, should ONLY be called for fresh folders or may cause performance issues +## Failure conditions: + ## If invoked with incorrect inputs - FATAL + ## If chown operation fails - returns 1 +## Parameters: + ## user + ## group + ## file to chown +## Globals: none +## Returns: none +## NOTE: The method does NOTHING if the OS is Mac + +io_setOwnership() { + + local osType=$(uname) + if [ "${osType}" != "Linux" ]; then + return + fi + + local targetFile=$1 + local user=$2 + + if [ -z "$user" ] || [ -z "$targetFile" ]; then + errorExit "Invalid invocation of method. Missing mandatory inputs" + fi + + local group=${3:-$user} + logDebug "Method ${FUNCNAME[0]}. Executing [chown -R ${user}:${group} ${targetFile}]" + chown -R ${user}:${group} ${targetFile} || return 1 +} + +## Utility method to create third party folder structure necessary for Postgres +## Failure conditions: +## If creation of directory or assigning permissions fails +## Parameters: none +## Globals: +## POSTGRESQL_DATA_ROOT +## Returns: none +## NOTE: The method does NOTHING if the folder already exists +io_createPostgresDir() { + logDebug "Method ${FUNCNAME[0]}" + [ -z "${POSTGRESQL_DATA_ROOT}" ] && return 0 + + logDebug "Property [${POSTGRESQL_DATA_ROOT}] exists. Proceeding" + + createDir "${POSTGRESQL_DATA_ROOT}/data" + io_setOwnership "${POSTGRESQL_DATA_ROOT}" "${POSTGRES_USER}" "${POSTGRES_USER}" || errorExit "Setting ownership of [${POSTGRESQL_DATA_ROOT}] to [${POSTGRES_USER}:${POSTGRES_USER}] failed" +} + +## Utility method to create third party folder structure necessary for Nginx +## Failure conditions: +## If creation of directory or assigning permissions fails +## Parameters: none +## Globals: +## NGINX_DATA_ROOT +## Returns: none +## NOTE: The method does NOTHING if the folder already exists +io_createNginxDir() { + logDebug "Method ${FUNCNAME[0]}" + [ -z "${NGINX_DATA_ROOT}" ] && return 0 + + logDebug "Property [${NGINX_DATA_ROOT}] exists. Proceeding" + + createDir "${NGINX_DATA_ROOT}" + io_setOwnership "${NGINX_DATA_ROOT}" "${NGINX_USER}" "${NGINX_GROUP}" || errorExit "Setting ownership of [${NGINX_DATA_ROOT}] to [${NGINX_USER}:${NGINX_GROUP}] failed" +} + +## Utility method to create third party folder structure necessary for ElasticSearch +## Failure conditions: +## If creation of directory or assigning permissions fails +## Parameters: none +## Globals: +## ELASTIC_DATA_ROOT +## Returns: none +## NOTE: The method does NOTHING if the folder already exists +io_createElasticSearchDir() { + logDebug "Method ${FUNCNAME[0]}" + [ -z "${ELASTIC_DATA_ROOT}" ] && return 0 + + logDebug "Property [${ELASTIC_DATA_ROOT}] exists. Proceeding" + + createDir "${ELASTIC_DATA_ROOT}/data" + io_setOwnership "${ELASTIC_DATA_ROOT}" "${ES_USER}" "${ES_USER}" || errorExit "Setting ownership of [${ELASTIC_DATA_ROOT}] to [${ES_USER}:${ES_USER}] failed" +} + +## Utility method to create third party folder structure necessary for Redis +## Failure conditions: +## If creation of directory or assigning permissions fails +## Parameters: none +## Globals: +## REDIS_DATA_ROOT +## Returns: none +## NOTE: The method does NOTHING if the folder already exists +io_createRedisDir() { + logDebug "Method ${FUNCNAME[0]}" + [ -z "${REDIS_DATA_ROOT}" ] && return 0 + + logDebug "Property [${REDIS_DATA_ROOT}] exists. Proceeding" + + createDir "${REDIS_DATA_ROOT}" + io_setOwnership "${REDIS_DATA_ROOT}" "${REDIS_USER}" "${REDIS_USER}" || errorExit "Setting ownership of [${REDIS_DATA_ROOT}] to [${REDIS_USER}:${REDIS_USER}] failed" +} + +## Utility method to create third party folder structure necessary for Mongo +## Failure conditions: +## If creation of directory or assigning permissions fails +## Parameters: none +## Globals: +## MONGODB_DATA_ROOT +## Returns: none +## NOTE: The method does NOTHING if the folder already exists +io_createMongoDir() { + logDebug "Method ${FUNCNAME[0]}" + [ -z "${MONGODB_DATA_ROOT}" ] && return 0 + + logDebug "Property [${MONGODB_DATA_ROOT}] exists. Proceeding" + + createDir "${MONGODB_DATA_ROOT}/logs" + createDir "${MONGODB_DATA_ROOT}/configdb" + createDir "${MONGODB_DATA_ROOT}/db" + io_setOwnership "${MONGODB_DATA_ROOT}" "${MONGO_USER}" "${MONGO_USER}" || errorExit "Setting ownership of [${MONGODB_DATA_ROOT}] to [${MONGO_USER}:${MONGO_USER}] failed" +} + +## Utility method to create third party folder structure necessary for RabbitMQ +## Failure conditions: +## If creation of directory or assigning permissions fails +## Parameters: none +## Globals: +## RABBITMQ_DATA_ROOT +## Returns: none +## NOTE: The method does NOTHING if the folder already exists +io_createRabbitMQDir() { + logDebug "Method ${FUNCNAME[0]}" + [ -z "${RABBITMQ_DATA_ROOT}" ] && return 0 + + logDebug "Property [${RABBITMQ_DATA_ROOT}] exists. Proceeding" + + createDir "${RABBITMQ_DATA_ROOT}" + io_setOwnership "${RABBITMQ_DATA_ROOT}" "${RABBITMQ_USER}" "${RABBITMQ_USER}" || errorExit "Setting ownership of [${RABBITMQ_DATA_ROOT}] to [${RABBITMQ_USER}:${RABBITMQ_USER}] failed" +} + +# Add or replace a property in provided properties file +addOrReplaceProperty() { + local propertyName=$1 + local propertyValue=$2 + local propertiesPath=$3 + local delimiter=${4:-"="} + + # Return if any of the inputs are empty + [[ -z "$propertyName" || "$propertyName" == "" ]] && return + [[ -z "$propertyValue" || "$propertyValue" == "" ]] && return + [[ -z "$propertiesPath" || "$propertiesPath" == "" ]] && return + + grep "^${propertyName}\s*${delimiter}.*$" ${propertiesPath} > /dev/null 2>&1 + [ $? -ne 0 ] && echo -e "\n${propertyName}${delimiter}${propertyValue}" >> ${propertiesPath} + sed -i -e "s|^${propertyName}\s*${delimiter}.*$|${propertyName}${delimiter}${propertyValue}|g;" ${propertiesPath} +} + +# Set property only if its not set +io_setPropertyNoOverride(){ + local propertyName=$1 + local propertyValue=$2 + local propertiesPath=$3 + + # Return if any of the inputs are empty + [[ -z "$propertyName" || "$propertyName" == "" ]] && return + [[ -z "$propertyValue" || "$propertyValue" == "" ]] && return + [[ -z "$propertiesPath" || "$propertiesPath" == "" ]] && return + + grep "^${propertyName}:" ${propertiesPath} > /dev/null 2>&1 + if [ $? -ne 0 ]; then + echo -e "${propertyName}: ${propertyValue}" >> ${propertiesPath} || warn "Setting property ${propertyName}: ${propertyValue} in [ ${propertiesPath} ] failed" + else + logger "Skipping update of property : ${propertyName}" >&6 + fi +} + +# Add a line to a file if it doesn't already exist +addLine() { + local line_to_add=$1 + local target_file=$2 + logger "Trying to add line $1 to $2" >&6 2>&1 + cat "$target_file" | grep -F "$line_to_add" -wq >&6 2>&1 + if [ $? != 0 ]; then + logger "Line does not exist and will be added" >&6 2>&1 + echo $line_to_add >> $target_file || errorExit "Could not update $target_file" + fi +} + +# Utility method to check if a value (first paramter) exists in an array (2nd parameter) +# 1st parameter "value to find" +# 2nd parameter "The array to search in. Please pass a string with each value separated by space" +# Example: containsElement "y" "y Y n N" +containsElement () { + local searchElement=$1 + local searchArray=($2) + local found=1 + for elementInIndex in "${searchArray[@]}";do + if [[ $elementInIndex == $searchElement ]]; then + found=0 + fi + done + return $found +} + +# Utility method to get user's choice +# 1st parameter "what to ask the user" +# 2nd parameter "what choices to accept, separated by spaces" +# 3rd parameter "what is the default choice (to use if the user simply presses Enter)" +# Example 'getUserChoice "Are you feeling lucky? Punk!" "y n Y N" "y"' +getUserChoice(){ + configureLogOutput + read_timeout=${read_timeout:-0.5} + local choice="na" + local text_to_display=$1 + local choices=$2 + local default_choice=$3 + users_choice= + + until containsElement "$choice" "$choices"; do + echo "";echo ""; + sleep $read_timeout #This ensures correct placement of the question. + read -p "$text_to_display :" choice + : ${choice:=$default_choice} + done + users_choice=$choice + echo -e "\n$text_to_display: $users_choice" >&6 + sleep $read_timeout #This ensures correct logging +} + +setFilePermission () { + local permission=$1 + local file=$2 + chmod "${permission}" "${file}" || warn "Setting permission ${permission} to file [ ${file} ] failed" +} + + +#setting required paths +setAppDir (){ + SCRIPT_DIR=$(dirname $0) + SCRIPT_HOME="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" + APP_DIR="`cd "${SCRIPT_HOME}";pwd`" +} + +ZIP_TYPE="zip" +COMPOSE_TYPE="compose" +HELM_TYPE="helm" +RPM_TYPE="rpm" +DEB_TYPE="debian" + +sourceScript () { + local file="$1" + + [ ! -z "${file}" ] || errorExit "target file is not passed to source a file" + + if [ ! -f "${file}" ]; then + errorExit "${file} file is not found" + else + source "${file}" || errorExit "Unable to source ${file}, please check if the user ${USER} has permissions to perform this action" + fi +} +# Source required helpers +initHelpers () { + local systemYamlHelper="${APP_DIR}/systemYamlHelper.sh" + local thirdPartyDir=$(find ${APP_DIR}/.. -name third-party -type d) + export YQ_PATH="${thirdPartyDir}/yq" + LIBXML2_PATH="${thirdPartyDir}/libxml2/bin/xmllint" + export LD_LIBRARY_PATH="${thirdPartyDir}/libxml2/lib" + sourceScript "${systemYamlHelper}" +} +# Check migration info yaml file available in the path +checkMigrationInfoYaml () { + + if [[ -f "${APP_DIR}/migrationHelmInfo.yaml" ]]; then + MIGRATION_SYSTEM_YAML_INFO="${APP_DIR}/migrationHelmInfo.yaml" + INSTALLER="${HELM_TYPE}" + elif [[ -f "${APP_DIR}/migrationZipInfo.yaml" ]]; then + MIGRATION_SYSTEM_YAML_INFO="${APP_DIR}/migrationZipInfo.yaml" + INSTALLER="${ZIP_TYPE}" + elif [[ -f "${APP_DIR}/migrationRpmInfo.yaml" ]]; then + MIGRATION_SYSTEM_YAML_INFO="${APP_DIR}/migrationRpmInfo.yaml" + INSTALLER="${RPM_TYPE}" + elif [[ -f "${APP_DIR}/migrationDebInfo.yaml" ]]; then + MIGRATION_SYSTEM_YAML_INFO="${APP_DIR}/migrationDebInfo.yaml" + INSTALLER="${DEB_TYPE}" + elif [[ -f "${APP_DIR}/migrationComposeInfo.yaml" ]]; then + MIGRATION_SYSTEM_YAML_INFO="${APP_DIR}/migrationComposeInfo.yaml" + INSTALLER="${COMPOSE_TYPE}" + else + errorExit "File migration Info yaml does not exist in [${APP_DIR}]" + fi +} + +retrieveYamlValue () { + local yamlPath="$1" + local value="$2" + local output="$3" + local message="$4" + + [[ -z "${yamlPath}" ]] && errorExit "yamlPath is mandatory to get value from ${MIGRATION_SYSTEM_YAML_INFO}" + + getYamlValue "${yamlPath}" "${MIGRATION_SYSTEM_YAML_INFO}" "false" + value="${YAML_VALUE}" + if [[ -z "${value}" ]]; then + if [[ "${output}" == "Warning" ]]; then + warn "Empty value for ${yamlPath} in [${MIGRATION_SYSTEM_YAML_INFO}]" + elif [[ "${output}" == "Skip" ]]; then + return + else + errorExit "${message}" + fi + fi +} + +checkEnv () { + + if [[ "${INSTALLER}" == "${ZIP_TYPE}" ]]; then + # check Environment JF_PRODUCT_HOME is set before migration + NEW_DATA_DIR="$(evalVariable "NEW_DATA_DIR" "JF_PRODUCT_HOME")" + if [[ -z "${NEW_DATA_DIR}" ]]; then + errorExit "Environment variable JF_PRODUCT_HOME is not set, this is required to perform Migration" + fi + # appending var directory to $JF_PRODUCT_HOME + NEW_DATA_DIR="${NEW_DATA_DIR}/var" + elif [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then + getCustomDataDir_hook + NEW_DATA_DIR="${OLD_DATA_DIR}" + if [[ -z "${NEW_DATA_DIR}" ]] && [[ -z "${OLD_DATA_DIR}" ]]; then + errorExit "Could not find ${PROMPT_DATA_DIR_LOCATION} to perform Migration" + fi + else + # check Environment JF_ROOT_DATA_DIR is set before migration + OLD_DATA_DIR="$(evalVariable "OLD_DATA_DIR" "JF_ROOT_DATA_DIR")" + # check Environment JF_ROOT_DATA_DIR is set before migration + NEW_DATA_DIR="$(evalVariable "NEW_DATA_DIR" "JF_ROOT_DATA_DIR")" + if [[ -z "${NEW_DATA_DIR}" ]] && [[ -z "${OLD_DATA_DIR}" ]]; then + errorExit "Could not find ${PROMPT_DATA_DIR_LOCATION} to perform Migration" + fi + # appending var directory to $JF_PRODUCT_HOME + NEW_DATA_DIR="${NEW_DATA_DIR}/var" + fi + +} + +getDataDir () { + + if [[ "${INSTALLER}" == "${ZIP_TYPE}" || "${INSTALLER}" == "${COMPOSE_TYPE}"|| "${INSTALLER}" == "${HELM_TYPE}" ]]; then + checkEnv + else + getCustomDataDir_hook + NEW_DATA_DIR="`cd "${APP_DIR}"/../../;pwd`" + NEW_DATA_DIR="${NEW_DATA_DIR}/var" + fi +} + +# Retrieve Product name from MIGRATION_SYSTEM_YAML_INFO +getProduct () { + retrieveYamlValue "migration.product" "${YAML_VALUE}" "Fail" "Empty value under ${yamlPath} in [${MIGRATION_SYSTEM_YAML_INFO}]" + PRODUCT="${YAML_VALUE}" + PRODUCT=$(echo "${PRODUCT}" | tr '[:upper:]' '[:lower:]' 2>/dev/null) + if [[ "${PRODUCT}" != "artifactory" && "${PRODUCT}" != "distribution" && "${PRODUCT}" != "xray" ]]; then + errorExit "migration.product in [${MIGRATION_SYSTEM_YAML_INFO}] is not correct, please set based on product as ARTIFACTORY or DISTRIBUTION" + fi + if [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then + JF_USER="${PRODUCT}" + fi +} +# Compare product version with minProductVersion and maxProductVersion +migrateCheckVersion () { + local productVersion="$1" + local minProductVersion="$2" + local maxProductVersion="$3" + local productVersion618="6.18.0" + local unSupportedProductVersions7=("7.2.0 7.2.1") + + if [[ "$(io_compareVersions "${productVersion}" "${maxProductVersion}")" -eq 0 || "$(io_compareVersions "${productVersion}" "${maxProductVersion}")" -eq 1 ]]; then + logger "Migration not necessary. ${PRODUCT} is already ${productVersion}" + exit 11 + elif [[ "$(io_compareVersions "${productVersion}" "${minProductVersion}")" -eq 0 || "$(io_compareVersions "${productVersion}" "${minProductVersion}")" -eq 1 ]]; then + if [[ ("$(io_compareVersions "${productVersion}" "${productVersion618}")" -eq 0 || "$(io_compareVersions "${productVersion}" "${productVersion618}")" -eq 1) && " ${unSupportedProductVersions7[@]} " =~ " ${CURRENT_VERSION} " ]]; then + touch /tmp/error; + errorExit "Current ${PRODUCT} version (${productVersion}) does not support migration to ${CURRENT_VERSION}" + else + bannerStart "Detected ${PRODUCT} ${productVersion}, initiating migration" + fi + else + logger "Current ${PRODUCT} ${productVersion} version is not supported for migration" + exit 1 + fi +} + +getProductVersion () { + local minProductVersion="$1" + local maxProductVersion="$2" + local newfilePath="$3" + local oldfilePath="$4" + local propertyInDocker="$5" + local property="$6" + local productVersion= + local status= + + if [[ "$INSTALLER" == "${COMPOSE_TYPE}" ]]; then + if [[ -f "${oldfilePath}" ]]; then + if [[ "${PRODUCT}" == "artifactory" ]]; then + productVersion="$(readKey "${property}" "${oldfilePath}")" + else + productVersion="$(cat "${oldfilePath}")" + fi + status="success" + elif [[ -f "${newfilePath}" ]]; then + productVersion="$(readKey "${propertyInDocker}" "${newfilePath}")" + status="fail" + else + logger "File [${oldfilePath}] or [${newfilePath}] not found to get current version." + exit 0 + fi + elif [[ "$INSTALLER" == "${HELM_TYPE}" ]]; then + if [[ -f "${oldfilePath}" ]]; then + if [[ "${PRODUCT}" == "artifactory" ]]; then + productVersion="$(readKey "${property}" "${oldfilePath}")" + else + productVersion="$(cat "${oldfilePath}")" + fi + status="success" + else + productVersion="${CURRENT_VERSION}" + [[ -z "${productVersion}" || "${productVersion}" == "" ]] && logger "${PRODUCT} CURRENT_VERSION is not set" && exit 0 + fi + else + if [[ -f "${newfilePath}" ]]; then + productVersion="$(readKey "${property}" "${newfilePath}")" + status="fail" + elif [[ -f "${oldfilePath}" ]]; then + productVersion="$(readKey "${property}" "${oldfilePath}")" + status="success" + else + if [[ "${INSTALLER}" == "${ZIP_TYPE}" ]]; then + logger "File [${newfilePath}] not found to get current version." + else + logger "File [${oldfilePath}] or [${newfilePath}] not found to get current version." + fi + exit 0 + fi + fi + if [[ -z "${productVersion}" || "${productVersion}" == "" ]]; then + [[ "${status}" == "success" ]] && logger "No version found in file [${oldfilePath}]." + [[ "${status}" == "fail" ]] && logger "No version found in file [${newfilePath}]." + exit 0 + fi + + migrateCheckVersion "${productVersion}" "${minProductVersion}" "${maxProductVersion}" +} + +readKey () { + local property="$1" + local file="$2" + local version= + + while IFS='=' read -r key value || [ -n "${key}" ]; + do + [[ ! "${key}" =~ \#.* && ! -z "${key}" && ! -z "${value}" ]] + key="$(io_trim "${key}")" + if [[ "${key}" == "${property}" ]]; then + version="${value}" && check=true && break + else + check=false + fi + done < "${file}" + if [[ "${check}" == "false" ]]; then + return + fi + echo "${version}" +} + +# create Log directory +createLogDir () { + if [[ "${INSTALLER}" == "${DEB_TYPE}" || "${INSTALLER}" == "${RPM_TYPE}" ]]; then + getUserAndGroupFromFile + removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/log" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" + fi +} + +# Creating migration log file +creationMigrateLog () { + local LOG_FILE_NAME="migration.log" + createLogDir + local MIGRATION_LOG_FILE="${NEW_DATA_DIR}/log/${LOG_FILE_NAME}" + if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then + MIGRATION_LOG_FILE="${SCRIPT_HOME}/${LOG_FILE_NAME}" + fi + touch "${MIGRATION_LOG_FILE}" + setFilePermission "${LOG_FILE_PERMISSION}" "${MIGRATION_LOG_FILE}" + exec &> >(tee -a "${MIGRATION_LOG_FILE}") +} +# Set path where system.yaml should create +setSystemYamlPath () { + SYSTEM_YAML_PATH="${NEW_DATA_DIR}/etc/system.yaml" + if [[ "${INSTALLER}" != "${HELM_TYPE}" ]]; then + logger "system.yaml will be created in path [${SYSTEM_YAML_PATH}]" + fi +} +# Create directory +createDirectory () { + local directory="$1" + local output="$2" + local check=false + local message="Could not create directory ${directory}, please check if the user ${USER} has permissions to perform this action" + removeSoftLink "${directory}" + mkdir -p "${directory}" && check=true || check=false + if [[ "${check}" == "false" ]]; then + if [[ "${output}" == "Warning" ]]; then + warn "${message}" + else + errorExit "${message}" + fi + fi + setOwnershipBasedOnInstaller "${directory}" +} + +setOwnershipBasedOnInstaller () { + local directory="$1" + if [[ "${INSTALLER}" == "${DEB_TYPE}" || "${INSTALLER}" == "${RPM_TYPE}" ]]; then + getUserAndGroupFromFile + chown -R ${USER_TO_CHECK}:${GROUP_TO_CHECK} "${directory}" || warn "Setting ownership on $directory failed" + elif [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then + io_setOwnership "${directory}" "${JF_USER}" "${JF_USER}" + fi +} + +getUserAndGroup () { + local file="$1" + read uid gid <<<$(stat -c '%U %G' ${file}) + USER_TO_CHECK="${uid}" + GROUP_TO_CHECK="${gid}" +} + +# set ownership +getUserAndGroupFromFile () { + case $PRODUCT in + artifactory) + getUserAndGroup "/etc/opt/jfrog/artifactory/artifactory.properties" + ;; + distribution) + getUserAndGroup "${OLD_DATA_DIR}/etc/versions.properties" + ;; + xray) + getUserAndGroup "${OLD_DATA_DIR}/security/master.key" + ;; + esac +} + +# creating required directories +createRequiredDirs () { + bannerSubSection "CREATING REQUIRED DIRECTORIES" + if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then + removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/etc/security" "${JF_USER}" "${JF_USER}" "yes" + removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/data" "${JF_USER}" "${JF_USER}" "yes" + removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/log/archived" "${JF_USER}" "${JF_USER}" "yes" + removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/work" "${JF_USER}" "${JF_USER}" "yes" + removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/backup" "${JF_USER}" "${JF_USER}" "yes" + io_setOwnership "${NEW_DATA_DIR}" "${JF_USER}" "${JF_USER}" + if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" ]]; then + removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/data/postgres" "${POSTGRES_USER}" "${POSTGRES_USER}" "yes" + fi + elif [[ "${INSTALLER}" == "${DEB_TYPE}" || "${INSTALLER}" == "${RPM_TYPE}" ]]; then + getUserAndGroupFromFile + removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/etc" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" "yes" + removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/etc/security" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" "yes" + removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/data" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" "yes" + removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/log/archived" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" "yes" + removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/work" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" "yes" + removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/backup" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" "yes" + fi +} + +# Check entry in map is format +checkMapEntry () { + local entry="$1" + + [[ "${entry}" != *"="* ]] && echo -n "false" || echo -n "true" +} +# Check value Empty and warn +warnIfEmpty () { + local filePath="$1" + local yamlPath="$2" + local check= + + if [[ -z "${filePath}" ]]; then + warn "Empty value in yamlpath [${yamlPath} in [${MIGRATION_SYSTEM_YAML_INFO}]" + check=false + else + check=true + fi + echo "${check}" +} + +logCopyStatus () { + local status="$1" + local logMessage="$2" + local warnMessage="$3" + + [[ "${status}" == "success" ]] && logger "${logMessage}" + [[ "${status}" == "fail" ]] && warn "${warnMessage}" +} +# copy contents from source to destination +copyCmd () { + local source="$1" + local target="$2" + local mode="$3" + local status= + + case $mode in + unique) + cp -up "${source}"/* "${target}"/ && status="success" || status="fail" + logCopyStatus "${status}" "Successfully copied directory contents from [${source}] to [${target}]" "Failed to copy directory contents from [${source}] to [${target}]" + ;; + specific) + cp -pf "${source}" "${target}"/ && status="success" || status="fail" + logCopyStatus "${status}" "Successfully copied file [${source}] to [${target}]" "Failed to copy file [${source}] to [${target}]" + ;; + patternFiles) + cp -pf "${source}"* "${target}"/ && status="success" || status="fail" + logCopyStatus "${status}" "Successfully copied files matching [${source}*] to [${target}]" "Failed to copy files matching [${source}*] to [${target}]" + ;; + full) + cp -prf "${source}"/* "${target}"/ && status="success" || status="fail" + logCopyStatus "${status}" "Successfully copied directory contents from [${source}] to [${target}]" "Failed to copy directory contents from [${source}] to [${target}]" + ;; + esac +} +# Check contents exist in source before copying +copyOnContentExist () { + local source="$1" + local target="$2" + local mode="$3" + + if [[ "$(checkContentExists "${source}")" == "true" ]]; then + copyCmd "${source}" "${target}" "${mode}" + else + logger "No contents to copy from [${source}]" + fi +} + +# move source to destination +moveCmd () { + local source="$1" + local target="$2" + local status= + + mv -f "${source}" "${target}" && status="success" || status="fail" + [[ "${status}" == "success" ]] && logger "Successfully moved directory [${source}] to [${target}]" + [[ "${status}" == "fail" ]] && warn "Failed to move directory [${source}] to [${target}]" +} + +# symlink target to source +symlinkCmd () { + local source="$1" + local target="$2" + local symlinkSubDir="$3" + local check=false + + if [[ "${symlinkSubDir}" == "subDir" ]]; then + ln -sf "${source}"/* "${target}" && check=true || check=false + else + ln -sf "${source}" "${target}" && check=true || check=false + fi + + [[ "${check}" == "true" ]] && logger "Successfully symlinked directory [${target}] to old [${source}]" + [[ "${check}" == "false" ]] && warn "Symlink operation failed" +} +# Check contents exist in source before symlinking +symlinkOnExist () { + local source="$1" + local target="$2" + local symlinkSubDir="$3" + + if [[ "$(checkContentExists "${source}")" == "true" ]]; then + if [[ "${symlinkSubDir}" == "subDir" ]]; then + symlinkCmd "${source}" "${target}" "subDir" + else + symlinkCmd "${source}" "${target}" + fi + else + logger "No contents to symlink from [${source}]" + fi +} + +prependDir () { + local absolutePath="$1" + local fullPath="$2" + local sourcePath= + + if [[ "${absolutePath}" = \/* ]]; then + sourcePath="${absolutePath}" + else + sourcePath="${fullPath}" + fi + echo "${sourcePath}" +} + +getFirstEntry (){ + local entry="$1" + + [[ -z "${entry}" ]] && return + echo "${entry}" | awk -F"=" '{print $1}' +} + +getSecondEntry () { + local entry="$1" + + [[ -z "${entry}" ]] && return + echo "${entry}" | awk -F"=" '{print $2}' +} +# To get absolutePath +pathResolver () { + local directoryPath="$1" + local dataDir= + + if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then + retrieveYamlValue "migration.oldDataDir" "oldDataDir" "Warning" + dataDir="${YAML_VALUE}" + cd "${dataDir}" + else + cd "${OLD_DATA_DIR}" + fi + absoluteDir="`cd "${directoryPath}";pwd`" + echo "${absoluteDir}" +} + +checkPathResolver () { + local value="$1" + + if [[ "${value}" == \/* ]]; then + value="${value}" + else + value="$(pathResolver "${value}")" + fi + echo "${value}" +} + +propertyMigrate () { + local entry="$1" + local filePath="$2" + local fileName="$3" + local check=false + + local yamlPath="$(getFirstEntry "${entry}")" + local property="$(getSecondEntry "${entry}")" + if [[ -z "${property}" ]]; then + warn "Property is empty in map [${entry}] in the file [${MIGRATION_SYSTEM_YAML_INFO}]" + return + fi + if [[ -z "${yamlPath}" ]]; then + warn "yamlPath is empty for [${property}] in [${MIGRATION_SYSTEM_YAML_INFO}]" + return + fi + while IFS='=' read -r key value || [ -n "${key}" ]; + do + [[ ! "${key}" =~ \#.* && ! -z "${key}" && ! -z "${value}" ]] + key="$(io_trim "${key}")" + if [[ "${key}" == "${property}" ]]; then + if [[ "${PRODUCT}" == "artifactory" ]]; then + value="$(migrateResolveDerbyPath "${key}" "${value}")" + value="$(migrateResolveHaDirPath "${key}" "${value}")" + value="$(updatePostgresUrlString_Hook "${yamlPath}" "${value}")" + fi + if [[ "${key}" == "context.url" ]]; then + local ip=$(echo "${value}" | awk -F/ '{print $3}' | sed 's/:.*//') + setSystemValue "shared.node.ip" "${ip}" "${SYSTEM_YAML_PATH}" + logger "Setting [shared.node.ip] with [${ip}] in system.yaml" + fi + setSystemValue "${yamlPath}" "${value}" "${SYSTEM_YAML_PATH}" && logger "Setting [${yamlPath}] with value of the property [${property}] in system.yaml" && check=true && break || check=false + fi + done < "${NEW_DATA_DIR}/${filePath}/${fileName}" + [[ "${check}" == "false" ]] && logger "Property [${property}] not found in file [${fileName}]" +} + +setHaEnabled_hook () { + echo "" +} + +migratePropertiesFiles () { + local fileList= + local filePath= + local fileName= + local map= + + retrieveYamlValue "migration.propertyFiles.files" "fileList" "Skip" + fileList="${YAML_VALUE}" + if [[ -z "${fileList}" ]]; then + return + fi + bannerSection "PROCESSING MIGRATION OF PROPERTY FILES" + for file in ${fileList}; + do + bannerSubSection "Processing Migration of $file" + retrieveYamlValue "migration.propertyFiles.$file.filePath" "filePath" "Warning" + filePath="${YAML_VALUE}" + retrieveYamlValue "migration.propertyFiles.$file.fileName" "fileName" "Warning" + fileName="${YAML_VALUE}" + [[ -z "${filePath}" && -z "${fileName}" ]] && continue + if [[ "$(checkFileExists "${NEW_DATA_DIR}/${filePath}/${fileName}")" == "true" ]]; then + logger "File [${fileName}] found in path [${NEW_DATA_DIR}/${filePath}]" + # setting haEnabled with true only if ha-node.properties is present + setHaEnabled_hook "${filePath}" + retrieveYamlValue "migration.propertyFiles.$file.map" "map" "Warning" + map="${YAML_VALUE}" + [[ -z "${map}" ]] && continue + for entry in $map; + do + if [[ "$(checkMapEntry "${entry}")" == "true" ]]; then + propertyMigrate "${entry}" "${filePath}" "${fileName}" + else + warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e yamlPath=property" + fi + done + else + logger "File [${fileName}] was not found in path [${NEW_DATA_DIR}/${filePath}] to migrate" + fi + done +} + +createTargetDir () { + local mountDir="$1" + local target="$2" + + logger "Target directory not found [${mountDir}/${target}], creating it" + createDirectoryRecursive "${mountDir}" "${target}" "Warning" +} + +createDirectoryRecursive () { + local mountDir="$1" + local target="$2" + local output="$3" + local check=false + local message="Could not create directory ${directory}, please check if the user ${USER} has permissions to perform this action" + removeSoftLink "${mountDir}/${target}" + local directory=$(echo "${target}" | tr '/' ' ' ) + local targetDir="${mountDir}" + for dir in ${directory}; + do + targetDir="${targetDir}/${dir}" + mkdir -p "${targetDir}" && check=true || check=false + setOwnershipBasedOnInstaller "${targetDir}" + done + if [[ "${check}" == "false" ]]; then + if [[ "${output}" == "Warning" ]]; then + warn "${message}" + else + errorExit "${message}" + fi + fi +} + +copyOperation () { + local source="$1" + local target="$2" + local mode="$3" + local check=false + local targetDataDir= + local targetLink= + local date= + + # prepend OLD_DATA_DIR only if source is relative path + source="$(prependDir "${source}" "${OLD_DATA_DIR}/${source}")" + if [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then + targetDataDir="${NEW_DATA_DIR}" + else + targetDataDir="`cd "${NEW_DATA_DIR}"/../;pwd`" + fi + copyLogMessage "${mode}" + #remove source if it is a symlink + if [[ -L "${source}" ]]; then + targetLink=$(readlink -f "${source}") + logger "Removing the symlink [${source}] pointing to [${targetLink}]" + rm -f "${source}" + source=${targetLink} + fi + if [[ "$(checkDirExists "${source}")" != "true" ]]; then + logger "Source [${source}] directory not found in path" + return + fi + if [[ "$(checkDirContents "${source}")" != "true" ]]; then + logger "No contents to copy from [${source}]" + return + fi + if [[ "$(checkDirExists "${targetDataDir}/${target}")" != "true" ]]; then + createTargetDir "${targetDataDir}" "${target}" + fi + copyOnContentExist "${source}" "${targetDataDir}/${target}" "${mode}" +} + +copySpecificFiles () { + local source="$1" + local target="$2" + local mode="$3" + + # prepend OLD_DATA_DIR only if source is relative path + source="$(prependDir "${source}" "${OLD_DATA_DIR}/${source}")" + if [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then + targetDataDir="${NEW_DATA_DIR}" + else + targetDataDir="`cd "${NEW_DATA_DIR}"/../;pwd`" + fi + copyLogMessage "${mode}" + if [[ "$(checkFileExists "${source}")" != "true" ]]; then + logger "Source file [${source}] does not exist in path" + return + fi + if [[ "$(checkDirExists "${targetDataDir}/${target}")" != "true" ]]; then + createTargetDir "${targetDataDir}" "${target}" + fi + copyCmd "${source}" "${targetDataDir}/${target}" "${mode}" +} + +copyPatternMatchingFiles () { + local source="$1" + local target="$2" + local mode="$3" + local sourcePath="${4}" + + # prepend OLD_DATA_DIR only if source is relative path + sourcePath="$(prependDir "${sourcePath}" "${OLD_DATA_DIR}/${sourcePath}")" + if [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then + targetDataDir="${NEW_DATA_DIR}" + else + targetDataDir="`cd "${NEW_DATA_DIR}"/../;pwd`" + fi + copyLogMessage "${mode}" + if [[ "$(checkDirExists "${sourcePath}")" != "true" ]]; then + logger "Source [${sourcePath}] directory not found in path" + return + fi + if ls "${sourcePath}/${source}"* 1> /dev/null 2>&1; then + if [[ "$(checkDirExists "${targetDataDir}/${target}")" != "true" ]]; then + createTargetDir "${targetDataDir}" "${target}" + fi + copyCmd "${sourcePath}/${source}" "${targetDataDir}/${target}" "${mode}" + else + logger "Source file [${sourcePath}/${source}*] does not exist in path" + fi +} + +copyLogMessage () { + local mode="$1" + case $mode in + specific) + logger "Copy file [${source}] to target [${targetDataDir}/${target}]" + ;; + patternFiles) + logger "Copy files matching [${sourcePath}/${source}*] to target [${targetDataDir}/${target}]" + ;; + full) + logger "Copy directory contents from source [${source}] to target [${targetDataDir}/${target}]" + ;; + unique) + logger "Copy directory contents from source [${source}] to target [${targetDataDir}/${target}]" + ;; + esac +} + +copyBannerMessages () { + local mode="$1" + local textMode="$2" + case $mode in + specific) + bannerSection "COPY ${textMode} FILES" + ;; + patternFiles) + bannerSection "COPY MATCHING ${textMode}" + ;; + full) + bannerSection "COPY ${textMode} DIRECTORIES CONTENTS" + ;; + unique) + bannerSection "COPY ${textMode} DIRECTORIES CONTENTS" + ;; + esac +} + +invokeCopyFunctions () { + local mode="$1" + local source="$2" + local target="$3" + + case $mode in + specific) + copySpecificFiles "${source}" "${target}" "${mode}" + ;; + patternFiles) + retrieveYamlValue "migration.${copyFormat}.sourcePath" "map" "Warning" + local sourcePath="${YAML_VALUE}" + copyPatternMatchingFiles "${source}" "${target}" "${mode}" "${sourcePath}" + ;; + full) + copyOperation "${source}" "${target}" "${mode}" + ;; + unique) + copyOperation "${source}" "${target}" "${mode}" + ;; + esac +} +# Copies contents from source directory and target directory +copyDataDirectories () { + local copyFormat="$1" + local mode="$2" + local map= + local source= + local target= + local textMode= + local targetDataDir= + local copyFormatValue= + + retrieveYamlValue "migration.${copyFormat}" "${copyFormat}" "Skip" + copyFormatValue="${YAML_VALUE}" + if [[ -z "${copyFormatValue}" ]]; then + return + fi + textMode=$(echo "${mode}" | tr '[:lower:]' '[:upper:]' 2>/dev/null) + copyBannerMessages "${mode}" "${textMode}" + retrieveYamlValue "migration.${copyFormat}.map" "map" "Warning" + map="${YAML_VALUE}" + if [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then + targetDataDir="${NEW_DATA_DIR}" + else + targetDataDir="`cd "${NEW_DATA_DIR}"/../;pwd`" + fi + for entry in $map; + do + if [[ "$(checkMapEntry "${entry}")" == "true" ]]; then + source="$(getSecondEntry "${entry}")" + target="$(getFirstEntry "${entry}")" + [[ -z "${source}" ]] && warn "source value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue + [[ -z "${target}" ]] && warn "target value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue + invokeCopyFunctions "${mode}" "${source}" "${target}" + else + warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e target=source" + fi + echo ""; + done +} + +invokeMoveFunctions () { + local source="$1" + local target="$2" + local sourceDataDir= + local targetBasename= + # prepend OLD_DATA_DIR only if source is relative path + sourceDataDir=$(prependDir "${source}" "${OLD_DATA_DIR}/${source}") + targetBasename=$(dirname "${target}") + logger "Moving directory source [${sourceDataDir}] to target [${NEW_DATA_DIR}/${target}]" + if [[ "$(checkDirExists "${sourceDataDir}")" != "true" ]]; then + logger "Directory [${sourceDataDir}] not found in path to move" + return + fi + if [[ "$(checkDirExists "${NEW_DATA_DIR}/${targetBasename}")" != "true" ]]; then + createTargetDir "${NEW_DATA_DIR}" "${targetBasename}" + moveCmd "${sourceDataDir}" "${NEW_DATA_DIR}/${target}" + else + moveCmd "${sourceDataDir}" "${NEW_DATA_DIR}/tempDir" + moveCmd "${NEW_DATA_DIR}/tempDir" "${NEW_DATA_DIR}/${target}" + fi +} + +# Move source directory and target directory +moveDirectories () { + local moveDataDirectories= + local map= + local source= + local target= + + retrieveYamlValue "migration.moveDirectories" "moveDirectories" "Skip" + moveDirectories="${YAML_VALUE}" + if [[ -z "${moveDirectories}" ]]; then + return + fi + bannerSection "MOVE DIRECTORIES" + retrieveYamlValue "migration.moveDirectories.map" "map" "Warning" + map="${YAML_VALUE}" + for entry in $map; + do + if [[ "$(checkMapEntry "${entry}")" == "true" ]]; then + source="$(getSecondEntry "${entry}")" + target="$(getFirstEntry "${entry}")" + [[ -z "${source}" ]] && warn "source value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue + [[ -z "${target}" ]] && warn "target value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue + invokeMoveFunctions "${source}" "${target}" + else + warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e target=source" + fi + echo ""; + done +} + +# Trim masterKey if its generated using hex 32 +trimMasterKey () { + local masterKeyDir=/opt/jfrog/artifactory/var/etc/security + local oldMasterKey=$(<${masterKeyDir}/master.key) + local oldMasterKey_Length=$(echo ${#oldMasterKey}) + local newMasterKey= + if [[ ${oldMasterKey_Length} -gt 32 ]]; then + bannerSection "TRIM MASTERKEY" + newMasterKey=$(echo ${oldMasterKey:0:32}) + cp ${masterKeyDir}/master.key ${masterKeyDir}/backup_master.key + logger "Original masterKey is backed up : ${masterKeyDir}/backup_master.key" + rm -rf ${masterKeyDir}/master.key + echo ${newMasterKey} > ${masterKeyDir}/master.key + logger "masterKey is trimmed : ${masterKeyDir}/master.key" + fi +} + +copyDirectories () { + + copyDataDirectories "copyFiles" "full" + copyDataDirectories "copyUniqueFiles" "unique" + copyDataDirectories "copySpecificFiles" "specific" + copyDataDirectories "copyPatternMatchingFiles" "patternFiles" +} + +symlinkDir () { + local source="$1" + local target="$2" + local targetDir= + local basename= + local targetParentDir= + + targetDir="$(dirname "${target}")" + if [[ "${targetDir}" == "${source}" ]]; then + # symlink the sub directories + createDirectory "${NEW_DATA_DIR}/${target}" "Warning" + if [[ "$(checkDirExists "${NEW_DATA_DIR}/${target}")" == "true" ]]; then + symlinkOnExist "${OLD_DATA_DIR}/${source}" "${NEW_DATA_DIR}/${target}" "subDir" + basename="$(basename "${target}")" + cd "${NEW_DATA_DIR}/${target}" && rm -f "${basename}" + fi + else + targetParentDir="$(dirname "${NEW_DATA_DIR}/${target}")" + createDirectory "${targetParentDir}" "Warning" + if [[ "$(checkDirExists "${targetParentDir}")" == "true" ]]; then + symlinkOnExist "${OLD_DATA_DIR}/${source}" "${NEW_DATA_DIR}/${target}" + fi + fi +} + +symlinkOperation () { + local source="$1" + local target="$2" + local check=false + local targetLink= + local date= + + # Check if source is a link and do symlink + if [[ -L "${OLD_DATA_DIR}/${source}" ]]; then + targetLink=$(readlink -f "${OLD_DATA_DIR}/${source}") + symlinkOnExist "${targetLink}" "${NEW_DATA_DIR}/${target}" + else + # check if source is directory and do symlink + if [[ "$(checkDirExists "${OLD_DATA_DIR}/${source}")" != "true" ]]; then + logger "Source [${source}] directory not found in path to symlink" + return + fi + if [[ "$(checkDirContents "${OLD_DATA_DIR}/${source}")" != "true" ]]; then + logger "No contents found in [${OLD_DATA_DIR}/${source}] to symlink" + return + fi + if [[ "$(checkDirExists "${NEW_DATA_DIR}/${target}")" != "true" ]]; then + logger "Target directory [${NEW_DATA_DIR}/${target}] does not exist to create symlink, creating it" + symlinkDir "${source}" "${target}" + else + rm -rf "${NEW_DATA_DIR}/${target}" && check=true || check=false + [[ "${check}" == "false" ]] && warn "Failed to remove contents in [${NEW_DATA_DIR}/${target}/]" + symlinkDir "${source}" "${target}" + fi + fi +} +# Creates a symlink path - Source directory to which the symbolic link should point. +symlinkDirectories () { + local linkFiles= + local map= + local source= + local target= + + retrieveYamlValue "migration.linkFiles" "linkFiles" "Skip" + linkFiles="${YAML_VALUE}" + if [[ -z "${linkFiles}" ]]; then + return + fi + bannerSection "SYMLINK DIRECTORIES" + retrieveYamlValue "migration.linkFiles.map" "map" "Warning" + map="${YAML_VALUE}" + for entry in $map; + do + if [[ "$(checkMapEntry "${entry}")" == "true" ]]; then + source="$(getSecondEntry "${entry}")" + target="$(getFirstEntry "${entry}")" + logger "Symlink directory [${NEW_DATA_DIR}/${target}] to old [${OLD_DATA_DIR}/${source}]" + [[ -z "${source}" ]] && warn "source value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue + [[ -z "${target}" ]] && warn "target value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue + symlinkOperation "${source}" "${target}" + else + warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e target=source" + fi + echo ""; + done +} + +updateConnectionString () { + local yamlPath="$1" + local value="$2" + local mongoPath="shared.mongo.url" + local rabbitmqPath="shared.rabbitMq.url" + local postgresPath="shared.database.url" + local redisPath="shared.redis.connectionString" + local mongoConnectionString="mongo.connectionString" + local sourceKey= + local hostIp=$(io_getPublicHostIP) + local hostKey= + + if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then + # Replace @postgres:,@mongodb:,@rabbitmq:,@redis: to @{hostIp}: (Compose Installer) + hostKey="@${hostIp}:" + case $yamlPath in + ${postgresPath}) + sourceKey="@postgres:" + value=$(io_replaceString "${value}" "${sourceKey}" "${hostKey}") + ;; + ${mongoPath}) + sourceKey="@mongodb:" + value=$(io_replaceString "${value}" "${sourceKey}" "${hostKey}") + ;; + ${rabbitmqPath}) + sourceKey="@rabbitmq:" + value=$(io_replaceString "${value}" "${sourceKey}" "${hostKey}") + ;; + ${redisPath}) + sourceKey="@redis:" + value=$(io_replaceString "${value}" "${sourceKey}" "${hostKey}") + ;; + ${mongoConnectionString}) + sourceKey="@mongodb:" + value=$(io_replaceString "${value}" "${sourceKey}" "${hostKey}") + ;; + esac + fi + echo -n "${value}" +} + +yamlMigrate () { + local entry="$1" + local sourceFile="$2" + local value= + local yamlPath= + local key= + yamlPath="$(getFirstEntry "${entry}")" + key="$(getSecondEntry "${entry}")" + if [[ -z "${key}" ]]; then + warn "key is empty in map [${entry}] in the file [${MIGRATION_SYSTEM_YAML_INFO}]" + return + fi + if [[ -z "${yamlPath}" ]]; then + warn "yamlPath is empty for [${key}] in [${MIGRATION_SYSTEM_YAML_INFO}]" + return + fi + getYamlValue "${key}" "${sourceFile}" "false" + value="${YAML_VALUE}" + if [[ ! -z "${value}" ]]; then + value=$(updateConnectionString "${yamlPath}" "${value}") + fi + if [[ "${PRODUCT}" == "artifactory" ]]; then + replicatorProfiling + fi + if [[ -z "${value}" ]]; then + logger "No value for [${key}] in [${sourceFile}]" + else + setSystemValue "${yamlPath}" "${value}" "${SYSTEM_YAML_PATH}" + logger "Setting [${yamlPath}] with value of the key [${key}] in system.yaml" + fi +} + +migrateYamlFile () { + local files= + local filePath= + local fileName= + local sourceFile= + local map= + retrieveYamlValue "migration.yaml.files" "files" "Skip" + files="${YAML_VALUE}" + if [[ -z "${files}" ]]; then + return + fi + bannerSection "MIGRATION OF YAML FILES" + for file in $files; + do + bannerSubSection "Processing Migration of $file" + retrieveYamlValue "migration.yaml.$file.filePath" "filePath" "Warning" + filePath="${YAML_VALUE}" + retrieveYamlValue "migration.yaml.$file.fileName" "fileName" "Warning" + fileName="${YAML_VALUE}" + [[ -z "${filePath}" && -z "${fileName}" ]] && continue + sourceFile="${NEW_DATA_DIR}/${filePath}/${fileName}" + if [[ "$(checkFileExists "${sourceFile}")" == "true" ]]; then + logger "File [${fileName}] found in path [${NEW_DATA_DIR}/${filePath}]" + retrieveYamlValue "migration.yaml.$file.map" "map" "Warning" + map="${YAML_VALUE}" + [[ -z "${map}" ]] && continue + for entry in $map; + do + if [[ "$(checkMapEntry "${entry}")" == "true" ]]; then + yamlMigrate "${entry}" "${sourceFile}" + else + warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e yamlPath=key" + fi + done + else + logger "File [${fileName}] is not found in path [${NEW_DATA_DIR}/${filePath}] to migrate" + fi + done +} +# updates the key and value in system.yaml +updateYamlKeyValue () { + local entry="$1" + local value= + local yamlPath= + local key= + + yamlPath="$(getFirstEntry "${entry}")" + value="$(getSecondEntry "${entry}")" + if [[ -z "${value}" ]]; then + warn "value is empty in map [${entry}] in the file [${MIGRATION_SYSTEM_YAML_INFO}]" + return + fi + if [[ -z "${yamlPath}" ]]; then + warn "yamlPath is empty for [${key}] in [${MIGRATION_SYSTEM_YAML_INFO}]" + return + fi + setSystemValue "${yamlPath}" "${value}" "${SYSTEM_YAML_PATH}" + logger "Setting [${yamlPath}] with value [${value}] in system.yaml" +} + +updateSystemYamlFile () { + local updateYaml= + local map= + + retrieveYamlValue "migration.updateSystemYaml" "updateYaml" "Skip" + updateSystemYaml="${YAML_VALUE}" + if [[ -z "${updateSystemYaml}" ]]; then + return + fi + bannerSection "UPDATE SYSTEM YAML FILE WITH KEY AND VALUES" + retrieveYamlValue "migration.updateSystemYaml.map" "map" "Warning" + map="${YAML_VALUE}" + if [[ -z "${map}" ]]; then + return + fi + for entry in $map; + do + if [[ "$(checkMapEntry "${entry}")" == "true" ]]; then + updateYamlKeyValue "${entry}" + else + warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e yamlPath=key" + fi + done +} + +backupFiles_hook () { + logSilly "Method ${FUNCNAME[0]}" +} + +backupDirectory () { + local backupDir="$1" + local dir="$2" + local targetDir="$3" + local effectiveUser= + local effectiveGroup= + + if [[ "${dir}" = \/* ]]; then + dir=$(echo "${dir/\//}") + fi + + if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then + effectiveUser="${JF_USER}" + effectiveGroup="${JF_USER}" + elif [[ "${INSTALLER}" == "${DEB_TYPE}" || "${INSTALLER}" == "${RPM_TYPE}" ]]; then + effectiveUser="${USER_TO_CHECK}" + effectiveGroup="${GROUP_TO_CHECK}" + fi + + removeSoftLinkAndCreateDir "${backupDir}" "${effectiveUser}" "${effectiveGroup}" "yes" + local backupDirectory="${backupDir}/${PRODUCT}" + removeSoftLinkAndCreateDir "${backupDirectory}" "${effectiveUser}" "${effectiveGroup}" "yes" + removeSoftLinkAndCreateDir "${backupDirectory}/${dir}" "${effectiveUser}" "${effectiveGroup}" "yes" + local outputCheckDirExists="$(checkDirExists "${backupDirectory}/${dir}")" + if [[ "${outputCheckDirExists}" == "true" ]]; then + copyOnContentExist "${targetDir}" "${backupDirectory}/${dir}" "full" + fi +} + +removeOldDirectory () { + local backupDir="$1" + local entry="$2" + local check=false + + # prepend OLD_DATA_DIR only if entry is relative path + local targetDir="$(prependDir "${entry}" "${OLD_DATA_DIR}/${entry}")" + local outputCheckDirExists="$(checkDirExists "${targetDir}")" + if [[ "${outputCheckDirExists}" != "true" ]]; then + logger "No [${targetDir}] directory found to delete" + echo ""; + return + fi + backupDirectory "${backupDir}" "${entry}" "${targetDir}" + rm -rf "${targetDir}" && check=true || check=false + [[ "${check}" == "true" ]] && logger "Successfully removed directory [${targetDir}]" + [[ "${check}" == "false" ]] && warn "Failed to remove directory [${targetDir}]" + echo ""; +} + +cleanUpOldDataDirectories () { + local cleanUpOldDataDir= + local map= + local entry= + + retrieveYamlValue "migration.cleanUpOldDataDir" "cleanUpOldDataDir" "Skip" + cleanUpOldDataDir="${YAML_VALUE}" + if [[ -z "${cleanUpOldDataDir}" ]]; then + return + fi + bannerSection "CLEAN UP OLD DATA DIRECTORIES" + retrieveYamlValue "migration.cleanUpOldDataDir.map" "map" "Warning" + map="${YAML_VALUE}" + [[ -z "${map}" ]] && continue + date="$(date +%Y%m%d%H%M)" + backupDir="${NEW_DATA_DIR}/backup/backup-${date}" + bannerImportant "****** Old data configurations are backedup in [${backupDir}] directory ******" + backupFiles_hook "${backupDir}/${PRODUCT}" + for entry in $map; + do + removeOldDirectory "${backupDir}" "${entry}" + done +} + +backupFiles () { + local backupDir="$1" + local dir="$2" + local targetDir="$3" + local fileName="$4" + local effectiveUser= + local effectiveGroup= + + if [[ "${dir}" = \/* ]]; then + dir=$(echo "${dir/\//}") + fi + + if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then + effectiveUser="${JF_USER}" + effectiveGroup="${JF_USER}" + elif [[ "${INSTALLER}" == "${DEB_TYPE}" || "${INSTALLER}" == "${RPM_TYPE}" ]]; then + effectiveUser="${USER_TO_CHECK}" + effectiveGroup="${GROUP_TO_CHECK}" + fi + + removeSoftLinkAndCreateDir "${backupDir}" "${effectiveUser}" "${effectiveGroup}" "yes" + local backupDirectory="${backupDir}/${PRODUCT}" + removeSoftLinkAndCreateDir "${backupDirectory}" "${effectiveUser}" "${effectiveGroup}" "yes" + removeSoftLinkAndCreateDir "${backupDirectory}/${dir}" "${effectiveUser}" "${effectiveGroup}" "yes" + local outputCheckDirExists="$(checkDirExists "${backupDirectory}/${dir}")" + if [[ "${outputCheckDirExists}" == "true" ]]; then + copyCmd "${targetDir}/${fileName}" "${backupDirectory}/${dir}" "specific" + fi +} + +removeOldFiles () { + local backupDir="$1" + local directoryName="$2" + local fileName="$3" + local check=false + + # prepend OLD_DATA_DIR only if entry is relative path + local targetDir="$(prependDir "${directoryName}" "${OLD_DATA_DIR}/${directoryName}")" + local outputCheckFileExists="$(checkFileExists "${targetDir}/${fileName}")" + if [[ "${outputCheckFileExists}" != "true" ]]; then + logger "No [${targetDir}/${fileName}] file found to delete" + return + fi + backupFiles "${backupDir}" "${directoryName}" "${targetDir}" "${fileName}" + rm -f "${targetDir}/${fileName}" && check=true || check=false + [[ "${check}" == "true" ]] && logger "Successfully removed file [${targetDir}/${fileName}]" + [[ "${check}" == "false" ]] && warn "Failed to remove file [${targetDir}/${fileName}]" + echo ""; +} + +cleanUpOldFiles () { + local cleanUpFiles= + local map= + local entry= + + retrieveYamlValue "migration.cleanUpOldFiles" "cleanUpOldFiles" "Skip" + cleanUpOldFiles="${YAML_VALUE}" + if [[ -z "${cleanUpOldFiles}" ]]; then + return + fi + bannerSection "CLEAN UP OLD FILES" + retrieveYamlValue "migration.cleanUpOldFiles.map" "map" "Warning" + map="${YAML_VALUE}" + [[ -z "${map}" ]] && continue + date="$(date +%Y%m%d%H%M)" + backupDir="${NEW_DATA_DIR}/backup/backup-${date}" + bannerImportant "****** Old files are backedup in [${backupDir}] directory ******" + for entry in $map; + do + local outputCheckMapEntry="$(checkMapEntry "${entry}")" + if [[ "${outputCheckMapEntry}" != "true" ]]; then + warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e directoryName=fileName" + fi + local fileName="$(getSecondEntry "${entry}")" + local directoryName="$(getFirstEntry "${entry}")" + [[ -z "${fileName}" ]] && warn "File name value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue + [[ -z "${directoryName}" ]] && warn "Directory name value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue + removeOldFiles "${backupDir}" "${directoryName}" "${fileName}" + echo ""; + done +} + +startMigration () { + bannerSection "STARTING MIGRATION" +} + +endMigration () { + bannerSection "MIGRATION COMPLETED SUCCESSFULLY" +} + +initialize () { + setAppDir + _pauseExecution "setAppDir" + initHelpers + _pauseExecution "initHelpers" + checkMigrationInfoYaml + _pauseExecution "checkMigrationInfoYaml" + getProduct + _pauseExecution "getProduct" + getDataDir + _pauseExecution "getDataDir" +} + +main () { + case $PRODUCT in + artifactory) + migrateArtifactory + ;; + distribution) + migrateDistribution + ;; + xray) + migrationXray + ;; + esac + exit 0 +} + +# Ensures meta data is logged +LOG_BEHAVIOR_ADD_META="$FLAG_Y" + + +migrateResolveDerbyPath () { + local key="$1" + local value="$2" + + if [[ "${key}" == "url" && "${value}" == *"db.home"* ]]; then + if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" ]]; then + derbyPath="/opt/jfrog/artifactory/var/data/artifactory/derby" + value=$(echo "${value}" | sed "s|{db.home}|$derbyPath|") + else + derbyPath="${NEW_DATA_DIR}/data/artifactory/derby" + value=$(echo "${value}" | sed "s|{db.home}|$derbyPath|") + fi + fi + echo "${value}" +} + +migrateResolveHaDirPath () { + local key="$1" + local value="$2" + + if [[ "${INSTALLER}" == "${RPM_TYPE}" || "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" || "${INSTALLER}" == "${DEB_TYPE}" ]]; then + if [[ "${key}" == "artifactory.ha.data.dir" || "${key}" == "artifactory.ha.backup.dir" ]]; then + value=$(checkPathResolver "${value}") + fi + fi + echo "${value}" +} +updatePostgresUrlString_Hook () { + local yamlPath="$1" + local value="$2" + local hostIp=$(io_getPublicHostIP) + local sourceKey="//postgresql:" + if [[ "${yamlPath}" == "shared.database.url" ]]; then + value=$(io_replaceString "${value}" "${sourceKey}" "//${hostIp}:" "#") + fi + echo "${value}" +} +# Check Artifactory product version +checkArtifactoryVersion () { + local minProductVersion="6.0.0" + local maxProductVersion="7.0.0" + local propertyInDocker="ARTIFACTORY_VERSION" + local property="artifactory.version" + + if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" ]]; then + local newfilePath="${APP_DIR}/../.env" + local oldfilePath="${OLD_DATA_DIR}/etc/artifactory.properties" + elif [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then + local oldfilePath="${OLD_DATA_DIR}/etc/artifactory.properties" + elif [[ "${INSTALLER}" == "${ZIP_TYPE}" ]]; then + local newfilePath="${NEW_DATA_DIR}/etc/artifactory/artifactory.properties" + local oldfilePath="${OLD_DATA_DIR}/etc/artifactory.properties" + else + local newfilePath="${NEW_DATA_DIR}/etc/artifactory/artifactory.properties" + local oldfilePath="/etc/opt/jfrog/artifactory/artifactory.properties" + fi + + getProductVersion "${minProductVersion}" "${maxProductVersion}" "${newfilePath}" "${oldfilePath}" "${propertyInDocker}" "${property}" +} + +getCustomDataDir_hook () { + retrieveYamlValue "migration.oldDataDir" "oldDataDir" "Fail" + OLD_DATA_DIR="${YAML_VALUE}" +} + +# Get protocol value of connector +getXmlConnectorProtocol () { + local i="$1" + local filePath="$2" + local fileName="$3" + local protocolValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@protocol' ${filePath}/${fileName} 2>/dev/null |awk -F"=" '{print $2}' | tr -d '"') + echo -e "${protocolValue}" +} + +# Get all attributes of connector +getXmlConnectorAttributes () { + local i="$1" + local filePath="$2" + local fileName="$3" + local connectorAttributes=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@*' ${filePath}/${fileName} 2>/dev/null) + # strip leading and trailing spaces + connectorAttributes=$(io_trim "${connectorAttributes}") + echo "${connectorAttributes}" +} + +# Get port value of connector +getXmlConnectorPort () { + local i="$1" + local filePath="$2" + local fileName="$3" + local portValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@port' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') + echo -e "${portValue}" +} + +# Get maxThreads value of connector +getXmlConnectorMaxThreads () { + local i="$1" + local filePath="$2" + local fileName="$3" + local maxThreadValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@maxThreads' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') + echo -e "${maxThreadValue}" +} +# Get sendReasonPhrase value of connector +getXmlConnectorSendReasonPhrase () { + local i="$1" + local filePath="$2" + local fileName="$3" + local sendReasonPhraseValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@sendReasonPhrase' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') + echo -e "${sendReasonPhraseValue}" +} +# Get relaxedPathChars value of connector +getXmlConnectorRelaxedPathChars () { + local i="$1" + local filePath="$2" + local fileName="$3" + local relaxedPathCharsValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@relaxedPathChars' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') + # strip leading and trailing spaces + relaxedPathCharsValue=$(io_trim "${relaxedPathCharsValue}") + echo -e "${relaxedPathCharsValue}" +} +# Get relaxedQueryChars value of connector +getXmlConnectorRelaxedQueryChars () { + local i="$1" + local filePath="$2" + local fileName="$3" + local relaxedQueryCharsValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@relaxedQueryChars' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') + # strip leading and trailing spaces + relaxedQueryCharsValue=$(io_trim "${relaxedQueryCharsValue}") + echo -e "${relaxedQueryCharsValue}" +} + +# Updating system.yaml with Connector port +setConnectorPort () { + local yamlPath="$1" + local valuePort="$2" + local portYamlPath= + if [[ -z "${yamlPath}" ]]; then + return + fi + if [[ -z "${valuePort}" ]]; then + warn "port value is empty, could not migrate to system.yaml" + return + fi + ## Getting port yaml path from migration info yaml + retrieveYamlValue "${yamlPath}" portYamlPath "Warning" + portYamlPath="${YAML_VALUE}" + if [[ -z "${portYamlPath}" ]]; then + return + fi + setSystemValue "${portYamlPath}" "${valuePort}" "${SYSTEM_YAML_PATH}" + logger "Setting [${portYamlPath}] with value [${valuePort}] in system.yaml" +} + +# Updating system.yaml with Connector maxThreads +setConnectorMaxThread () { + local yamlPath="$1" + local threadValue="$2" + local maxThreadYamlPath= + if [[ -z "${yamlPath}" ]]; then + return + fi + if [[ -z "${threadValue}" ]]; then + return + fi + ## Getting max Threads yaml path from migration info yaml + retrieveYamlValue "${yamlPath}" maxThreadYamlPath "Warning" + maxThreadYamlPath="${YAML_VALUE}" + if [[ -z "${maxThreadYamlPath}" ]]; then + return + fi + setSystemValue "${maxThreadYamlPath}" "${threadValue}" "${SYSTEM_YAML_PATH}" + logger "Setting [${maxThreadYamlPath}] with value [${threadValue}] in system.yaml" +} + +# Updating system.yaml with Connector sendReasonPhrase +setConnectorSendReasonPhrase () { + local yamlPath="$1" + local sendReasonPhraseValue="$2" + local sendReasonPhraseYamlPath= + if [[ -z "${yamlPath}" ]]; then + return + fi + if [[ -z "${sendReasonPhraseValue}" ]]; then + return + fi + ## Getting sendReasonPhrase yaml path from migration info yaml + retrieveYamlValue "${yamlPath}" sendReasonPhraseYamlPath "Warning" + sendReasonPhraseYamlPath="${YAML_VALUE}" + if [[ -z "${sendReasonPhraseYamlPath}" ]]; then + return + fi + setSystemValue "${sendReasonPhraseYamlPath}" "${sendReasonPhraseValue}" "${SYSTEM_YAML_PATH}" + logger "Setting [${sendReasonPhraseYamlPath}] with value [${sendReasonPhraseValue}] in system.yaml" +} + +# Updating system.yaml with Connector relaxedPathChars +setConnectorRelaxedPathChars () { + local yamlPath="$1" + local relaxedPathCharsValue="$2" + local relaxedPathCharsYamlPath= + if [[ -z "${yamlPath}" ]]; then + return + fi + if [[ -z "${relaxedPathCharsValue}" ]]; then + return + fi + ## Getting relaxedPathChars yaml path from migration info yaml + retrieveYamlValue "${yamlPath}" relaxedPathCharsYamlPath "Warning" + relaxedPathCharsYamlPath="${YAML_VALUE}" + if [[ -z "${relaxedPathCharsYamlPath}" ]]; then + return + fi + setSystemValue "${relaxedPathCharsYamlPath}" "${relaxedPathCharsValue}" "${SYSTEM_YAML_PATH}" + logger "Setting [${relaxedPathCharsYamlPath}] with value [${relaxedPathCharsValue}] in system.yaml" +} + +# Updating system.yaml with Connector relaxedQueryChars +setConnectorRelaxedQueryChars () { + local yamlPath="$1" + local relaxedQueryCharsValue="$2" + local relaxedQueryCharsYamlPath= + if [[ -z "${yamlPath}" ]]; then + return + fi + if [[ -z "${relaxedQueryCharsValue}" ]]; then + return + fi + ## Getting relaxedQueryChars yaml path from migration info yaml + retrieveYamlValue "${yamlPath}" relaxedQueryCharsYamlPath "Warning" + relaxedQueryCharsYamlPath="${YAML_VALUE}" + if [[ -z "${relaxedQueryCharsYamlPath}" ]]; then + return + fi + setSystemValue "${relaxedQueryCharsYamlPath}" "${relaxedQueryCharsValue}" "${SYSTEM_YAML_PATH}" + logger "Setting [${relaxedQueryCharsYamlPath}] with value [${relaxedQueryCharsValue}] in system.yaml" +} + +# Updating system.yaml with Connectors configurations +setConnectorExtraConfig () { + local yamlPath="$1" + local connectorAttributes="$2" + local extraConfigPath= + if [[ -z "${yamlPath}" ]]; then + return + fi + if [[ -z "${connectorAttributes}" ]]; then + return + fi + ## Getting extraConfig yaml path from migration info yaml + retrieveYamlValue "${yamlPath}" extraConfig "Warning" + extraConfigPath="${YAML_VALUE}" + if [[ -z "${extraConfigPath}" ]]; then + return + fi + # strip leading and trailing spaces + connectorAttributes=$(io_trim "${connectorAttributes}") + setSystemValue "${extraConfigPath}" "${connectorAttributes}" "${SYSTEM_YAML_PATH}" + logger "Setting [${extraConfigPath}] with connector attributes in system.yaml" +} + +# Updating system.yaml with extra Connectors +setExtraConnector () { + local yamlPath="$1" + local extraConnector="$2" + local extraConnectorYamlPath= + if [[ -z "${yamlPath}" ]]; then + return + fi + if [[ -z "${extraConnector}" ]]; then + return + fi + ## Getting extraConnecotr yaml path from migration info yaml + retrieveYamlValue "${yamlPath}" extraConnectorYamlPath "Warning" + extraConnectorYamlPath="${YAML_VALUE}" + if [[ -z "${extraConnectorYamlPath}" ]]; then + return + fi + getYamlValue "${extraConnectorYamlPath}" "${SYSTEM_YAML_PATH}" "false" + local connectorExtra="${YAML_VALUE}" + if [[ -z "${connectorExtra}" ]]; then + setSystemValue "${extraConnectorYamlPath}" "${extraConnector}" "${SYSTEM_YAML_PATH}" + logger "Setting [${extraConnectorYamlPath}] with extra connectors in system.yaml" + else + setSystemValue "${extraConnectorYamlPath}" "\"${connectorExtra} ${extraConnector}\"" "${SYSTEM_YAML_PATH}" + logger "Setting [${extraConnectorYamlPath}] with extra connectors in system.yaml" + fi +} + +# Migrate extra connectors to system.yaml +migrateExtraConnectors () { + local filePath="$1" + local fileName="$2" + local connectorCount="$3" + local excludeDefaultPort="$4" + local i="$5" + local extraConfig= + local extraConnector= + if [[ "${excludeDefaultPort}" == "yes" ]]; then + for ((i = 1 ; i <= "${connectorCount}" ; i++)); + do + local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") + [[ "${portValue}" != "${DEFAULT_ACCESS_PORT}" && "${portValue}" != "${DEFAULT_RT_PORT}" ]] || continue + extraConnector=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']' ${filePath}/${fileName} 2>/dev/null) + setExtraConnector "${EXTRA_CONFIG_YAMLPATH}" "${extraConnector}" + done + else + extraConnector=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']' ${filePath}/${fileName} 2>/dev/null) + setExtraConnector "${EXTRA_CONFIG_YAMLPATH}" "${extraConnector}" + fi +} + +# Migrate connector configurations +migrateConnectorConfig () { + local i="$1" + local protocolType="$2" + local portValue="$3" + local connectorPortYamlPath="$4" + local connectorMaxThreadYamlPath="$5" + local connectorAttributesYamlPath="$6" + local filePath="$7" + local fileName="$8" + local connectorSendReasonPhraseYamlPath="$9" + local connectorRelaxedPathCharsYamlPath="${10}" + local connectorRelaxedQueryCharsYamlPath="${11}" + + # migrate port + setConnectorPort "${connectorPortYamlPath}" "${portValue}" + + # migrate maxThreads + local maxThreadValue=$(getXmlConnectorMaxThreads "$i" "${filePath}" "${fileName}") + setConnectorMaxThread "${connectorMaxThreadYamlPath}" "${maxThreadValue}" + + # migrate sendReasonPhrase + local sendReasonPhraseValue=$(getXmlConnectorSendReasonPhrase "$i" "${filePath}" "${fileName}") + setConnectorSendReasonPhrase "${connectorSendReasonPhraseYamlPath}" "${sendReasonPhraseValue}" + + # migrate relaxedPathChars + local relaxedPathCharsValue=$(getXmlConnectorRelaxedPathChars "$i" "${filePath}" "${fileName}") + setConnectorRelaxedPathChars "${connectorRelaxedPathCharsYamlPath}" "\"${relaxedPathCharsValue}\"" + # migrate relaxedQueryChars + local relaxedQueryCharsValue=$(getXmlConnectorRelaxedQueryChars "$i" "${filePath}" "${fileName}") + setConnectorRelaxedQueryChars "${connectorRelaxedQueryCharsYamlPath}" "\"${relaxedQueryCharsValue}\"" + + # migrate all attributes to extra config except port , maxThread , sendReasonPhrase ,relaxedPathChars and relaxedQueryChars + local connectorAttributes=$(getXmlConnectorAttributes "$i" "${filePath}" "${fileName}") + connectorAttributes=$(echo "${connectorAttributes}" | sed 's/port="'${portValue}'"//g' | sed 's/maxThreads="'${maxThreadValue}'"//g' | sed 's/sendReasonPhrase="'${sendReasonPhraseValue}'"//g' | sed 's/relaxedPathChars="\'${relaxedPathCharsValue}'\"//g' | sed 's/relaxedQueryChars="\'${relaxedQueryCharsValue}'\"//g') + # strip leading and trailing spaces + connectorAttributes=$(io_trim "${connectorAttributes}") + setConnectorExtraConfig "${connectorAttributesYamlPath}" "${connectorAttributes}" +} + +# Check for default port 8040 and 8081 in connectors and migrate +migrateConnectorPort () { + local filePath="$1" + local fileName="$2" + local connectorCount="$3" + local defaultPort="$4" + local connectorPortYamlPath="$5" + local connectorMaxThreadYamlPath="$6" + local connectorAttributesYamlPath="$7" + local connectorSendReasonPhraseYamlPath="$8" + local connectorRelaxedPathCharsYamlPath="$9" + local connectorRelaxedQueryCharsYamlPath="${10}" + local portYamlPath= + local maxThreadYamlPath= + local status= + for ((i = 1 ; i <= "${connectorCount}" ; i++)); + do + local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") + local protocolType=$(getXmlConnectorProtocol "$i" "${filePath}" "${fileName}") + [[ "${protocolType}" == *AJP* ]] && continue + [[ "${portValue}" != "${defaultPort}" ]] && continue + if [[ "${portValue}" == "${DEFAULT_RT_PORT}" ]]; then + RT_DEFAULTPORT_STATUS=success + else + AC_DEFAULTPORT_STATUS=success + fi + migrateConnectorConfig "${i}" "${protocolType}" "${portValue}" "${connectorPortYamlPath}" "${connectorMaxThreadYamlPath}" "${connectorAttributesYamlPath}" "${filePath}" "${fileName}" "${connectorSendReasonPhraseYamlPath}" "${connectorRelaxedPathCharsYamlPath}" "${connectorRelaxedQueryCharsYamlPath}" + done +} + +# migrate to extra, connector having default port and protocol is AJP +migrateDefaultPortIfAjp () { + local filePath="$1" + local fileName="$2" + local connectorCount="$3" + local defaultPort="$4" + + for ((i = 1 ; i <= "${connectorCount}" ; i++)); + do + local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") + local protocolType=$(getXmlConnectorProtocol "$i" "${filePath}" "${fileName}") + [[ "${protocolType}" != *AJP* ]] && continue + [[ "${portValue}" != "${defaultPort}" ]] && continue + migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "no" "${i}" + done + +} + +# Comparing max threads in connectors +compareMaxThreads () { + local firstConnectorMaxThread="$1" + local firstConnectorNode="$2" + local secondConnectorMaxThread="$3" + local secondConnectorNode="$4" + local filePath="$5" + local fileName="$6" + + # choose higher maxThreads connector as Artifactory. + if [[ "${firstConnectorMaxThread}" -gt ${secondConnectorMaxThread} || "${firstConnectorMaxThread}" -eq ${secondConnectorMaxThread} ]]; then + # maxThread is higher in firstConnector, + # Taking firstConnector as Artifactory and SecondConnector as Access + # maxThread is equal in both connector,considering firstConnector as Artifactory and SecondConnector as Access + local rtPortValue=$(getXmlConnectorPort "${firstConnectorNode}" "${filePath}" "${fileName}") + migrateConnectorConfig "${firstConnectorNode}" "${protocolType}" "${rtPortValue}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" + local acPortValue=$(getXmlConnectorPort "${secondConnectorNode}" "${filePath}" "${fileName}") + migrateConnectorConfig "${secondConnectorNode}" "${protocolType}" "${acPortValue}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${AC_SENDREASONPHRASE_YAMLPATH}" + else + # maxThread is higher in SecondConnector, + # Taking SecondConnector as Artifactory and firstConnector as Access + local rtPortValue=$(getXmlConnectorPort "${secondConnectorNode}" "${filePath}" "${fileName}") + migrateConnectorConfig "${secondConnectorNode}" "${protocolType}" "${rtPortValue}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" + local acPortValue=$(getXmlConnectorPort "${firstConnectorNode}" "${filePath}" "${fileName}") + migrateConnectorConfig "${firstConnectorNode}" "${protocolType}" "${acPortValue}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${AC_SENDREASONPHRASE_YAMLPATH}" + fi +} + +# Check max threads exist to compare +maxThreadsExistToCompare () { + local filePath="$1" + local fileName="$2" + local connectorCount="$3" + local firstConnectorMaxThread= + local secondConnectorMaxThread= + local firstConnectorNode= + local secondConnectorNode= + local status=success + local firstnode=fail + + for ((i = 1 ; i <= "${connectorCount}" ; i++)); + do + local protocolType=$(getXmlConnectorProtocol "$i" "${filePath}" "${fileName}") + if [[ ${protocolType} == *AJP* ]]; then + # Migrate Connectors + migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "no" "${i}" + continue + fi + # store maxthreads value of each connector + if [[ ${firstnode} == "fail" ]]; then + firstConnectorMaxThread=$(getXmlConnectorMaxThreads "${i}" "${filePath}" "${fileName}") + firstConnectorNode="${i}" + firstnode=success + else + secondConnectorMaxThread=$(getXmlConnectorMaxThreads "${i}" "${filePath}" "${fileName}") + secondConnectorNode="${i}" + fi + done + [[ -z "${firstConnectorMaxThread}" ]] && status=fail + [[ -z "${secondConnectorMaxThread}" ]] && status=fail + # maxThreads is set, now compare MaxThreads + if [[ "${status}" == "success" ]]; then + compareMaxThreads "${firstConnectorMaxThread}" "${firstConnectorNode}" "${secondConnectorMaxThread}" "${secondConnectorNode}" "${filePath}" "${fileName}" + else + # Assume first connector is RT, maxThreads is not set in both connectors + local rtPortValue=$(getXmlConnectorPort "${firstConnectorNode}" "${filePath}" "${fileName}") + migrateConnectorConfig "${firstConnectorNode}" "${protocolType}" "${rtPortValue}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" + local acPortValue=$(getXmlConnectorPort "${secondConnectorNode}" "${filePath}" "${fileName}") + migrateConnectorConfig "${secondConnectorNode}" "${protocolType}" "${acPortValue}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${AC_SENDREASONPHRASE_YAMLPATH}" + fi +} + +migrateExtraBasedOnNonAjpCount () { + local nonAjpCount="$1" + local filePath="$2" + local fileName="$3" + local connectorCount="$4" + local i="$5" + + local protocolType=$(getXmlConnectorProtocol "$i" "${filePath}" "${fileName}") + if [[ "${protocolType}" == *AJP* ]]; then + if [[ "${nonAjpCount}" -eq 1 ]]; then + # migrateExtraConnectors + migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "no" "${i}" + continue + else + # migrateExtraConnectors + migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "yes" + continue + fi + fi +} + +# find RT and AC Connector +findRtAndAcConnector () { + local filePath="$1" + local fileName="$2" + local connectorCount="$3" + local initialAjpCount=0 + local nonAjpCount=0 + + # get the count of non AJP + for ((i = 1 ; i <= "${connectorCount}" ; i++)); + do + local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") + local protocolType=$(getXmlConnectorProtocol "$i" "${filePath}" "${fileName}") + [[ "${protocolType}" != *AJP* ]] || continue + nonAjpCount=$((initialAjpCount+1)) + initialAjpCount="${nonAjpCount}" + done + if [[ "${nonAjpCount}" -eq 1 ]]; then + # Add the connector found as access and artifactory connectors + # Mark port as 8040 for access + for ((i = 1 ; i <= "${connectorCount}" ; i++)) + do + migrateExtraBasedOnNonAjpCount "${nonAjpCount}" "${filePath}" "${fileName}" "${connectorCount}" "$i" + local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") + migrateConnectorConfig "$i" "${protocolType}" "${portValue}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" + migrateConnectorConfig "$i" "${protocolType}" "${portValue}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${AC_SENDREASONPHRASE_YAMLPATH}" + setConnectorPort "${AC_PORT_YAMLPATH}" "${DEFAULT_ACCESS_PORT}" + done + elif [[ "${nonAjpCount}" -eq 2 ]]; then + # compare maxThreads in both connectors + maxThreadsExistToCompare "${filePath}" "${fileName}" "${connectorCount}" + elif [[ "${nonAjpCount}" -gt 2 ]]; then + # migrateExtraConnectors + migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "yes" + elif [[ "${nonAjpCount}" -eq 0 ]]; then + # setting with default port in system.yaml + setConnectorPort "${RT_PORT_YAMLPATH}" "${DEFAULT_RT_PORT}" + setConnectorPort "${AC_PORT_YAMLPATH}" "${DEFAULT_ACCESS_PORT}" + # migrateExtraConnectors + migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "yes" + fi +} + +# get the count of non AJP +getCountOfNonAjp () { + local port="$1" + local connectorCount="$2" + local filePath=$3 + local fileName=$4 + local initialNonAjpCount=0 + + for ((i = 1 ; i <= "${connectorCount}" ; i++)); + do + local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") + local protocolType=$(getXmlConnectorProtocol "$i" "${filePath}" "${fileName}") + [[ "${portValue}" != "${port}" ]] || continue + [[ "${protocolType}" != *AJP* ]] || continue + local nonAjpCount=$((initialNonAjpCount+1)) + initialNonAjpCount="${nonAjpCount}" + done + echo -e "${nonAjpCount}" +} + +# Find for access connector +findAcConnector () { + local filePath="$1" + local fileName="$2" + local connectorCount="$3" + + # get the count of non AJP + local nonAjpCount=$(getCountOfNonAjp "${DEFAULT_RT_PORT}" "${connectorCount}" "${filePath}" "${fileName}") + if [[ "${nonAjpCount}" -eq 1 ]]; then + # Add the connector found as access connector and mark port as that of connector + for ((i = 1 ; i <= "${connectorCount}" ; i++)) + do + migrateExtraBasedOnNonAjpCount "${nonAjpCount}" "${filePath}" "${fileName}" "${connectorCount}" "$i" + local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") + if [[ "${portValue}" != "${DEFAULT_RT_PORT}" ]]; then + migrateConnectorConfig "$i" "${protocolType}" "${portValue}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${AC_SENDREASONPHRASE_YAMLPATH}" + fi + done + elif [[ "${nonAjpCount}" -gt 1 ]]; then + # Take RT properties into access with 8040 + for ((i = 1 ; i <= "${connectorCount}" ; i++)) + do + migrateExtraBasedOnNonAjpCount "${nonAjpCount}" "${filePath}" "${fileName}" "${connectorCount}" "$i" + local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") + if [[ "${portValue}" == "${DEFAULT_RT_PORT}" ]]; then + migrateConnectorConfig "$i" "${protocolType}" "${portValue}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${AC_SENDREASONPHRASE_YAMLPATH}" + setConnectorPort "${AC_PORT_YAMLPATH}" "${DEFAULT_ACCESS_PORT}" + fi + done + elif [[ "${nonAjpCount}" -eq 0 ]]; then + # Add RT connector details as access connector and mark port as 8040 + migrateConnectorPort "${filePath}" "${fileName}" "${connectorCount}" "${DEFAULT_RT_PORT}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${AC_SENDREASONPHRASE_YAMLPATH}" + setConnectorPort "${AC_PORT_YAMLPATH}" "${DEFAULT_ACCESS_PORT}" + # migrateExtraConnectors + migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "yes" + fi +} + +# Find for artifactory connector +findRtConnector () { + local filePath="$1" + local fileName="$2" + local connectorCount="$3" + + # get the count of non AJP + local nonAjpCount=$(getCountOfNonAjp "${DEFAULT_ACCESS_PORT}" "${connectorCount}" "${filePath}" "${fileName}") + if [[ "${nonAjpCount}" -eq 1 ]]; then + # Add the connector found as RT connector + for ((i = 1 ; i <= "${connectorCount}" ; i++)) + do + migrateExtraBasedOnNonAjpCount "${nonAjpCount}" "${filePath}" "${fileName}" "${connectorCount}" "$i" + local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") + if [[ "${portValue}" != "${DEFAULT_ACCESS_PORT}" ]]; then + migrateConnectorConfig "$i" "${protocolType}" "${portValue}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" + fi + done + elif [[ "${nonAjpCount}" -gt 1 ]]; then + # Take access properties into artifactory with 8081 + for ((i = 1 ; i <= "${connectorCount}" ; i++)) + do + migrateExtraBasedOnNonAjpCount "${nonAjpCount}" "${filePath}" "${fileName}" "${connectorCount}" "$i" + local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") + if [[ "${portValue}" == "${DEFAULT_ACCESS_PORT}" ]]; then + migrateConnectorConfig "$i" "${protocolType}" "${portValue}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" + setConnectorPort "${RT_PORT_YAMLPATH}" "${DEFAULT_RT_PORT}" + fi + done + elif [[ "${nonAjpCount}" -eq 0 ]]; then + # Add access connector details as RT connector and mark as ${DEFAULT_RT_PORT} + migrateConnectorPort "${filePath}" "${fileName}" "${connectorCount}" "${DEFAULT_ACCESS_PORT}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" + setConnectorPort "${RT_PORT_YAMLPATH}" "${DEFAULT_RT_PORT}" + # migrateExtraConnectors + migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "yes" + fi +} + +checkForTlsConnector () { + local filePath="$1" + local fileName="$2" + local connectorCount="$3" + for ((i = 1 ; i <= "${connectorCount}" ; i++)) + do + local sslProtocolValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@sslProtocol' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') + if [[ "${sslProtocolValue}" == "TLS" ]]; then + bannerImportant "NOTE: Ignoring TLS connector during migration, modify the system yaml to enable TLS. Original server.xml is saved in path [${filePath}/${fileName}]" + TLS_CONNECTOR_EXISTS=${FLAG_Y} + continue + fi + done +} + +# set custom tomcat server Listeners to system.yaml +setListenerConnector () { + local filePath="$1" + local fileName="$2" + local listenerCount="$3" + for ((i = 1 ; i <= "${listenerCount}" ; i++)) + do + local listenerConnector=$($LIBXML2_PATH --xpath '//Server/Listener['$i']' ${filePath}/${fileName} 2>/dev/null) + local listenerClassName=$($LIBXML2_PATH --xpath '//Server/Listener['$i']/@className' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') + if [[ "${listenerClassName}" == *Apr* ]]; then + setExtraConnector "${EXTRA_LISTENER_CONFIG_YAMLPATH}" "${listenerConnector}" + fi + done +} +# add custom tomcat server Listeners +addTomcatServerListeners () { + local filePath="$1" + local fileName="$2" + local listenerCount="$3" + if [[ "${listenerCount}" == "0" ]]; then + logger "No listener connectors found in the [${filePath}/${fileName}],skipping migration of listener connectors" + else + setListenerConnector "${filePath}" "${fileName}" "${listenerCount}" + setSystemValue "${RT_TOMCAT_HTTPSCONNECTOR_ENABLED}" "true" "${SYSTEM_YAML_PATH}" + logger "Setting [${RT_TOMCAT_HTTPSCONNECTOR_ENABLED}] with value [true] in system.yaml" + fi +} + +# server.xml migration operations +xmlMigrateOperation () { + local filePath="$1" + local fileName="$2" + local connectorCount="$3" + local listenerCount="$4" + RT_DEFAULTPORT_STATUS=fail + AC_DEFAULTPORT_STATUS=fail + TLS_CONNECTOR_EXISTS=${FLAG_N} + + # Check for connector with TLS , if found ignore migrating it + checkForTlsConnector "${filePath}" "${fileName}" "${connectorCount}" + if [[ "${TLS_CONNECTOR_EXISTS}" == "${FLAG_Y}" ]]; then + return + fi + addTomcatServerListeners "${filePath}" "${fileName}" "${listenerCount}" + # Migrate RT default port from connectors + migrateConnectorPort "${filePath}" "${fileName}" "${connectorCount}" "${DEFAULT_RT_PORT}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" + # Migrate to extra if RT default ports are AJP + migrateDefaultPortIfAjp "${filePath}" "${fileName}" "${connectorCount}" "${DEFAULT_RT_PORT}" + # Migrate AC default port from connectors + migrateConnectorPort "${filePath}" "${fileName}" "${connectorCount}" "${DEFAULT_ACCESS_PORT}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${AC_SENDREASONPHRASE_YAMLPATH}" + # Migrate to extra if access default ports are AJP + migrateDefaultPortIfAjp "${filePath}" "${fileName}" "${connectorCount}" "${DEFAULT_ACCESS_PORT}" + + if [[ "${AC_DEFAULTPORT_STATUS}" == "success" && "${RT_DEFAULTPORT_STATUS}" == "success" ]]; then + # RT and AC default port found + logger "Artifactory 8081 and Access 8040 default port are found" + migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "yes" + elif [[ "${AC_DEFAULTPORT_STATUS}" == "success" && "${RT_DEFAULTPORT_STATUS}" == "fail" ]]; then + # Only AC default port found,find RT connector + logger "Found Access default 8040 port" + findRtConnector "${filePath}" "${fileName}" "${connectorCount}" + elif [[ "${AC_DEFAULTPORT_STATUS}" == "fail" && "${RT_DEFAULTPORT_STATUS}" == "success" ]]; then + # Only RT default port found,find AC connector + logger "Found Artifactory default 8081 port" + findAcConnector "${filePath}" "${fileName}" "${connectorCount}" + elif [[ "${AC_DEFAULTPORT_STATUS}" == "fail" && "${RT_DEFAULTPORT_STATUS}" == "fail" ]]; then + # RT and AC default port not found, find connector + logger "Artifactory 8081 and Access 8040 default port are not found" + findRtAndAcConnector "${filePath}" "${fileName}" "${connectorCount}" + fi +} + +# get count of connectors +getXmlConnectorCount () { + local filePath="$1" + local fileName="$2" + local count=$($LIBXML2_PATH --xpath 'count(/Server/Service/Connector)' ${filePath}/${fileName}) + echo -e "${count}" +} + +# get count of listener connectors +getTomcatServerListenersCount () { + local filePath="$1" + local fileName="$2" + local count=$($LIBXML2_PATH --xpath 'count(/Server/Listener)' ${filePath}/${fileName}) + echo -e "${count}" +} + +# Migrate server.xml configuration to system.yaml +migrateXmlFile () { + local xmlFiles= + local fileName= + local filePath= + local sourceFilePath= + DEFAULT_ACCESS_PORT="8040" + DEFAULT_RT_PORT="8081" + AC_PORT_YAMLPATH="migration.xmlFiles.serverXml.access.port" + AC_MAXTHREADS_YAMLPATH="migration.xmlFiles.serverXml.access.maxThreads" + AC_SENDREASONPHRASE_YAMLPATH="migration.xmlFiles.serverXml.access.sendReasonPhrase" + AC_EXTRACONFIG_YAMLPATH="migration.xmlFiles.serverXml.access.extraConfig" + RT_PORT_YAMLPATH="migration.xmlFiles.serverXml.artifactory.port" + RT_MAXTHREADS_YAMLPATH="migration.xmlFiles.serverXml.artifactory.maxThreads" + RT_SENDREASONPHRASE_YAMLPATH='migration.xmlFiles.serverXml.artifactory.sendReasonPhrase' + RT_RELAXEDPATHCHARS_YAMLPATH='migration.xmlFiles.serverXml.artifactory.relaxedPathChars' + RT_RELAXEDQUERYCHARS_YAMLPATH='migration.xmlFiles.serverXml.artifactory.relaxedQueryChars' + RT_EXTRACONFIG_YAMLPATH="migration.xmlFiles.serverXml.artifactory.extraConfig" + ROUTER_PORT_YAMLPATH="migration.xmlFiles.serverXml.router.port" + EXTRA_CONFIG_YAMLPATH="migration.xmlFiles.serverXml.extra.config" + EXTRA_LISTENER_CONFIG_YAMLPATH="migration.xmlFiles.serverXml.extra.listener" + RT_TOMCAT_HTTPSCONNECTOR_ENABLED="artifactory.tomcat.httpsConnector.enabled" + + retrieveYamlValue "migration.xmlFiles" "xmlFiles" "Skip" + xmlFiles="${YAML_VALUE}" + if [[ -z "${xmlFiles}" ]]; then + return + fi + bannerSection "PROCESSING MIGRATION OF XML FILES" + retrieveYamlValue "migration.xmlFiles.serverXml.fileName" "fileName" "Warning" + fileName="${YAML_VALUE}" + if [[ -z "${fileName}" ]]; then + return + fi + bannerSubSection "Processing Migration of $fileName" + retrieveYamlValue "migration.xmlFiles.serverXml.filePath" "filePath" "Warning" + filePath="${YAML_VALUE}" + if [[ -z "${filePath}" ]]; then + return + fi + # prepend NEW_DATA_DIR only if filePath is relative path + sourceFilePath=$(prependDir "${filePath}" "${NEW_DATA_DIR}/${filePath}") + if [[ "$(checkFileExists "${sourceFilePath}/${fileName}")" == "true" ]]; then + logger "File [${fileName}] is found in path [${sourceFilePath}]" + local connectorCount=$(getXmlConnectorCount "${sourceFilePath}" "${fileName}") + if [[ "${connectorCount}" == "0" ]]; then + logger "No connectors found in the [${filePath}/${fileName}],skipping migration of xml configuration" + return + fi + local listenerCount=$(getTomcatServerListenersCount "${sourceFilePath}" "${fileName}") + xmlMigrateOperation "${sourceFilePath}" "${fileName}" "${connectorCount}" "${listenerCount}" + else + logger "File [${fileName}] is not found in path [${sourceFilePath}] to migrate" + fi +} + +compareArtifactoryUser () { + local property="$1" + local oldPropertyValue="$2" + local newPropertyValue="$3" + local yamlPath="$4" + local sourceFile="$5" + + if [[ "${oldPropertyValue}" != "${newPropertyValue}" ]]; then + setSystemValue "${yamlPath}" "${oldPropertyValue}" "${SYSTEM_YAML_PATH}" + logger "Setting [${yamlPath}] with value of the property [${property}] in system.yaml" + else + logger "No change in property [${property}] value in [${sourceFile}] to migrate" + fi +} + +migrateReplicator () { + local property="$1" + local oldPropertyValue="$2" + local yamlPath="$3" + + setSystemValue "${yamlPath}" "${oldPropertyValue}" "${SYSTEM_YAML_PATH}" + logger "Setting [${yamlPath}] with value of the property [${property}] in system.yaml" +} + +compareJavaOptions () { + local property="$1" + local oldPropertyValue="$2" + local newPropertyValue="$3" + local yamlPath="$4" + local sourceFile="$5" + local oldJavaOption= + local newJavaOption= + local extraJavaOption= + local check=false + local success=true + local status=true + + oldJavaOption=$(echo "${oldPropertyValue}" | awk 'BEGIN{FS=OFS="\""}{for(i=2;i?{ZA$HxqETC|*rM91T19KmqNu$$X|1YRlo%n3 zS`n+nc3z*~_xy3L^Y8id#FfkCeV+S%@Acg4xkVZ1J*K8)r38UM)S4Qqh9D5w3xgb8WhxZ$y7!lHJ>wj;~wuKHH9WHeEq3jp9ZuE;pLqRwC$gNJ!(mo7B+{+cd}K+&8Pi!_0FjO5@8*ZzD}2r^##exEvognS+-{g{^6tp z?)N?|i<14ZoBG#7@~T5-j~XwSWPM+(3%fg{vsbgSZ!4kOZ9uu&gXi#;nuC`CiY{Sw zV%j!!B^&4HNe(ZP6RMff`7Jr6{@hs0t$fM^OOyG@-73;sCR;V8KQWOo;(z`#;7uN0{C(}fj z5@n%ouSwo25b(_DLVkPxNgzV7HK<<9ra*J8%b2H2?j*W-SA4d-@b|EozhM3J*N`8F zvthBl;e6p4nBymM**1$N){S1%@1+h=syyr@LJ8L_ENqes3Pk((nf;{e&%eUEIZczi zon7kPeF;>CV|2s$T|HjBz;1^>_h3;DI*uid;cNp#N0Qi^b?uMtu#!|D&bSesUd0A2 zN{2{Q2fM3X-Jkcy+AYdfVo{bzHGVT)(mSa7xXT|HQ4WERCViYA-sxNeUajfA`>7|b znNg7W@L^0+35VsKqyacqE^{9_rksZ`!VyLNsCa^+ODjnJ7-&Ji^fZRR+Qyp75u{V2 z&5j12eP5i#%3Sk1a0((z(9|N*cA(qfC$K;3oegg^ntf?qvvM0tmVH8i9>~89)S6+j zaY(#ErYd(rRU5NR4cjKsBlW88`b63V53^=Wbu5PTbOtX-m+D{S8-#D63i0bx=!T2lZ;~EkuE`n^ zhA28GWj_#TN!w zF@{uiw}r|Q<;}Rt1`b;zMDX*2gbnpbu7cqd8MnU|mbO!+GSq6U?*Q|TSi{*SBbku# zVC{ZAF=i4IBl#VF>MBP6YyRC?zu{#s$BMrG-Z=T$nXo?oQvX}Ibi{MnxZOcb zp)Tr}T}o+blPrnnl&xvJtt=gU@Y7UDvf5+78*Ovgo`Sr842uwqVQ7p}ih*_Y=TRlj zAZ2dDd_b@u#siV8w2{??>ZJti?drZ-s%*v4BO9z9q7#A(l?HZFFQ&_tphkV%ckz7ue_fp9I zvvBT2imY?!DVU3NzH50lH1E+?!h8}c79V>5s2mnAUsmeMh4DWqjTERRJ9f<~tZ3uw zcfB)>!K@PXy%LsM;&HCE8b=1>Ug8U=u}mi8|Mt6j_Ux<4?u_AXR;hAt@cVMPM1_F; z8Aj=X6hy~lcZhe8@>A)@l!(xX>gx0_`GV0aEkk;`AA1V3t^PP=6iEyAdn>@Tsr3pQ zv@h75U0Ux(Q0@pKF6&muEFCW4iff^>EiG^mbE>6sEwEoT#M48&1acXBXTLl^$osZ##d`E6CGQha8#$QZp`Oe0h9+a_0Lzxrc<3G4)xYNd;Y-GDfWl^8q5tBLe&sKReV;NS;-bvmh z?rRCPTH}a?R-tE3qsuA!*%5kDOKvDSXO{+6-}XuRxJ#FwbIVf7Lbodc>Hq@VD9G;& z()T{S)f-u|g_(Gvj%@ul;IyH{$x%NGAJkC)$uV@_^1v?BYem9kAYNB|p#8g0fS^I{ zp}O6jir+J9JH~{Kskf9X2UiG%t`O$t&q?;h#Dlhr8hDlOlz^rnonEVZyUu~9zoCVi zjRw%6N>&)@nK@Ug5AUE8Jdfn51}t}OUt~ksck3|Y4cPambR>#%_~0Z zm3J!hyiYUt2fxr$HX^Vd0--b!o&IBZJ4YJ_>UxiA{T7#B4X;y2QXxmK`5ZX2ktLu2 zLckVdrl~mtD~gazwWUGl7$O9S32UYG{SHJs=s@n0*va-+LT#NdCz@@@pUG1yww9!i zd6+PFKKIRTAs^r-@i`Ev!iDZJ*=ECXq-$$m#MoBd^Q1lMadKud`woe)rZmZ8KR!-! z-KO`G|KWA0haH-jd~yHP`!2%nzZ^2E!bp2sb)M2IO3cPgGjo;`^|xiKns2}>CKu1T zF`_!c?Jt`QCewU<$2#oHhv)RAS2>tHhz{RF@50#6zE7Obs~u;O#qjQ3Eo3-+6Eh6=};!U2!uJ`%#i#MyF$_-tb=7v-(;-CXij`(+0CdR{nKqTGQA;WE+hvbzYVmx3dTK4WIqgJHBF}~!dl@H}C zSYW{kC~=;4{MdI9B@F8CAnXnwVpncN){qeN1D@j+$Wo}|x;sR<%|8HHS3-Y9yVZ}C z#ATr_MIs!F6Eg$sQ`cjK`slZm)6mxsv^m>$=7;u&XEs}`#!f6HXX7n?yx;v%#ZbGX z;pK7|I3C&v4gCcPY<=p$)DwItnny)?bR)xLY-pRJmJo^Cv>S@*d`(b`#$2fObA< z)dzn2iLaR)(eaA@*~1cmgTfD|P!AK{zKrg=-Orkm~Ko9}b0&UvrB- z3@WK=O*@C8Ysgm~hYw)JYp2{SLkhneH(X=Tws-e?p8h3_=qzz2E#bgH8Ig$Yn;F0a zb$4)aCw+ofsrnh7GQ4T4zsn_2s}DBXv0Lxt6%)HG#x|&*x)MTz&U2(cj7#d%a~4n*N;-`IFKLEfjkgN!@r4LJD+mDz-4rekj( zlEhc&G<9j!71MCuH|1Au(3GfT@dU?JS`gYFmsZxdVRizFh_53s5@JJWRqsN8h_m`@ zeqlU)WSXpa+ZL}c7u;sC@>nLjxrX(WQ)9{ew>4{@Ak$-VbM2(I_At#7H1PPHl-w2E zv(e}9ZQ_}Yr(PU8>l39)R?`^MC`_kRMfmskTIpYuh%SYyTJ)YR5zHeG5xd{6%l<=Y{uz}Yo)P;Y#h8@53cIO<2FMBa2IN< zX#j&cqrW=qc)u-B{+lRSPVJI0T2&%@A2Mr45KZcXnQl+|l$}r`E;~_X*6&%Zv(dBq zXDegDSHPdHfIpb*_q_@M757;reU(q~|Ctg=+0JH95J?)@+1vZ_)%1d7wMf|_GSLm5 z3H4T2?0q)Do%9L-tQBhe>Y^^<7^a&w&+5bM^)-h@;BeBry2fGf=b!iY@#}m@248`I zV*71NtBtP&mZ<-M)h&Bhg7u0NmAD9?RT_q$h;F>)-Og`z>+XF@By%?Lfuxl~=I+yf zIzA5z+zem@r0KZEe}Hp@hY?LInSJm@@d?aIMt z9!iJr>7}B1_pSj}CO_ytyKm4nPpwm;(kwWKYs<6K^tkr(b!+u%`mc%eh429YWjc$; zY`a@!zCA&BOapKo$hZqTZM%L;r2U2go(6IG-N1A^zxp&8$13m-x_-nIzA%|Lw~KFk zwrC8US+sT_BN4iR{HXG6o@5zpI2CdNPL4!&w%3+p>6 z`n7qjg+9oJ6mt1?8HZHp`;F{>>!qbBdQ{)1f$a9#7pLX0kOs&Qp161M{ zzq66q{kQEDvQnNUvH0Mn4NI9xduYs$S`0-n3pod#Kr&xn_mup+*t%fx9!%3H16sRf zCJDSEwCBt;+iM-YV7*-(l>8Sc`ih)>R?ao^c$Tz%V{uAk=W2CKK;Nt?a1w6*iUv2Z zzY-m6pTdl=ZQ!keB_|t|p810hp;S$Ro+S~~K|^DLEr2?7b&0goO%l-q;f*)^4xQOo zzw2i7Rz_ng-vu1V&4rQ25DO(il7lQScF^bVy9djpIU+#`hihkH@mZ1Q8m+C``-TA14)|81jCN-VGdR^zKz57*U8`+E zQFBqe>_yIN>z!=LTA3kC5F+adzpgewPLes3=Todedy{p2&8D-kYsy=3D;(nMg-foI zXGzjfqLCdzkS-cfSC*+wLmjn0M^z9?qV$_6EB`-5767v&8&0Hrf1;D5jLHlyu+tFd zRn6%b^j-=mNS)-yi&pf(dX!f1TfTwz1cANG!HT=MXQQMIXbujrurA=R)8m@!A%O8z z-}Sx38{~Ny;cV2h2Vi-Kte`-O9esaay%UB60haehEQ>-+><=*RO1zJ2}gty zD=<_IK1p8Ii^h~{v;%q{e<8|LWak5sge2d4<`;5>wM^@ISq%MNke}#|+Lmd3;}zO$ z0BwL-P0{bTUW(@#UHW9LfhxnK?{tb^HkQYQrR27@&i*NQ{xiHfh@pfJV4rhX6GcQM zXhmzq(W;w}_40g=0Y9vT{epaMv$#meqIcq_G#k6gX!B%{x0glPGMA2FXAE#|Aprce z6GJvARBMYj_WI1VWWVIrq8@kS0vmvUduDOXsC%zZvpbmxrFMjSdxqD9w@Y8qLJ*`v zMjBaAJA#0r=oQ|*2bSc6RAztP`ndjUK!?0YO_uC6}4S;7R+NclF4 z634K%mw~jU$x>8cY}HRlaW)=7`Rx#WcbgtfHZ#QGwugHF?m2H(@$AcK_XIFklAHY@ zsw{v2IHrxA?sI_g6h6o7RaJ5(SvLUqK;Y!zYL`8+ACyfInFE@x_Bd%ZzuyLk<0qNM z%De_q$CHUu_K%z>Da{fC+}UYxOly0VbL$*JhwHn!4iU#IsK3gl3zF4XvhrvtViKYL zy0{K}+Fy3gkL>WR zDyTse349IB-md_lD>D+cOgE6vzB92ni~s{(9YAQlRgEateY|SVezW!Qf7oij=(suE z#}T8zpPIbK|7sQ23vmDPPp=@Ypf>xn6K9wbH%a=Tiy5O-PiS|BREaI;W^bg|O>;u;4eS>Tl$0*n7H@O_DX$5JdtNfF>OH-VNw@ z&Ut-9xDW{H{(uw_c+y8uN+nqEU{N>z3C~U7g#|pCHl%|zFWn+rF|L+Zw9nQ>Jx2Zx z7f~uLd~;kKbdy32cw_%g04hdo>aU){M9a;DUhyCqHZuI(!B8_{cth9~)Du) z9CsgPyTqio&khhxwtPL3!A=Fkhyc`F3w%ref^JVDWRF4wQ_72b-3@r^!YdRJgdp;p zRmhZ{|521l-x>7uRjp(0K&4D=JwQMSQy@N-uK z0{WZEJ05NxF4D<}W(5qWMO?tF3VHucfo`Ot_T8&>Ssgw!+iQjUCgskwfDgeh$?5}D z)J;jhXv}8~a^TE7fa?@8)_`}YH>DMupnmb(2Z@38?*odNNM`u0$R2r8s9bgkL`zwU{_kt#qO?iUeU1+jJChByj}fr2jZV~+y_*68;EYC)BIJ! zqxCBPZSV^4A`K#KIb*)Qamy*87_emTxe)p5%awK!nB(`K8RpAN2RPlCmbUd?b1>`Nf$eopTuQ7)S2g=7J)DUku;Y)r zP`x^}Wfr++@sg@l8BJEPXhe z2)4vAsy)(1U6cO^BZ`i^qUSw8PojN1y*s3}=_|3i|* z9!5<5&o7aK=8H-W@BWO%m%-a}Y_Dg(KIM!9qyj|XM9tqDYx$_R$|(zczF`4?XL%(_ zL-Hs~

sCPb@d4#iMxTw1P!CIbM}-ztF`V#Th=K!tjm{;>cl*pcKEIR!oQjpu;>s zhj)RNF2|Y3_cl#5rC*!*XCyC+VJDEDf>cKZzKZm-nk`%nP z$sb!*L1bht!RcS-6b<-YlAiqMn1w1y$`X`Qa%Lx!*%`0cp{s?2LjZT;mY8~oO1ugw zgI_HUUSfX%qz}X_0UDu;IsS%vrEJ=n;n`;%^C>L8fVbi$9K`0QRlLa- zx@v&%NKIl?Wql0@f70NY+VARF@Uv%@` zf05e>>_@f(MELC}-mIw_Z|<-0PIgh0Q@dY<59kVF)_e1cq^6gV?8GUiJF^7g7E`H)~GXO-rm8ok=wCA z-U(e}dL{LyZle^*2eDRktn&Xmc#jMa_;O)7riHKw(*`H|bN6^K3;cUCb7Wd@Wn4yR z#Y9CUnY=U^cC@>U56FW=v$E8ihSZ3-q#bnu9yfrvnf|@bNt0xW5+?POLUI$&PZ*5C zl>Qjr;74pzx6!s2~;RZ}Ej^}&Tm-a|2eH^(qS8L+L*Y|B(A>(z8C($g|lRD2(&bV0ezKnettBuV(U90JTnE(Fq6ZG^(Q3mnB z!#WB&uRG_fCs26fMp`Vzg5`4{;@ww2Wzg^vt|a!TTL8!`HIDZ+`MZMuHSt7e>KRs zx$zo?_>7XgnQtT<=IEPzpq?j{&0F{ah;?jxT#94#m+V*>kkV^TFQG<|&M5BF)ZLCZrheNuS}hZbgx5v! zPCQ)1-$QL%Y;jI2)mJqk;81j(az`z7q3t*QfnxNLc658FrmcQ)W1Xs>*6^0Fau8Mm zA@?ydh_u)Ke}!9l!OwQt6k-ucObo4AoC;9SjXl9DQr6anr-f@D1d?#X-ubUEomAF$ zl0Om+CxfH}s)4tyCrmS0uS(hIpw^;@b~agY&k{1s@$qO)#|OT<@1%eP*~yuqkuAIw zoZ>_@pDqJ5eJZ6Yt>XM7=QYtIA!J;|Pn+-hb^e$27+IR*FmJuZcMPzGqP5)@Uu&)A zMEyp_f|LI-9Nw>u2YZ84ES83kO9KNR+YyB5GOqdqTlg+zrRyiYdtmtXIzN*ourQQg zJAp~o_TmERQCaNIv+AH7Yqs9Ql+`ae=o16y=VHW6SA=;I7oWR_I*2m#51K!pOh*@j`8tT zBP4+%crJ`A^!76Zg6zk$%ufTnj#*yMZ*#SJ^k)wn-mc~eAluQq_3v)u5~}b{j4jhu zj|Wg}P1nx)%9BA+(v96zdl^YZg~I!$@zW$u5+y4w;-^6{b&j9s^W*>Ir+mwcfd*4S z0?@Wp=u$Ra_d{HARyEVC&`2CPJZ`pZZ5wzEh$~(%CXASIB5%%bu9IYr%f| zW+oIXn@MYBS(F$AT20;U1*FE*8kVLoqYZ6_9%{@#gL4tVCrfbDaal?e?RJ*`cjwO= z@Mf5((=gCMAh86~k&vdB`YHp-x$93V3yY0G-oKR)MZF_$(wqj)Gqwop_QpQEZ9&4i ziq&#JVJET3?X!6^eR&Yhdp`Z<;pw-$Jc4MVX4(GF&&~BW#ZPZ~!m@sTLG}FJKo?e@ zGCBDGwlQL#YcQV~c;btlluL&Gj1grQ^XOEoK27PZEA}V}h_1Ik48Z=7OYR_9b?L%H z%v4)1lUy~Mub0kITs(kTb3}7G^4NNa`sVm~9y<&<^mF-^n`JL21xKcZkjOT~6;8xU%8wdR8-ko=*;fr5YgD>q81YU?UF&4FgVI8l#l|`wB3E) zY_+$I+T{LdyS-yw`BX_}!pMf>)JB7uqeu>Dc6IGQmK{7x6vWAy&X*4 zNmr(;JzW-jyC?VSAhHejfW4yy9!Xw zVWiQ88TJdb3H@5}S>*E!YVcAwDLre^|R_=5_o%xG-I5 zJjUZm21o3T3QiwF80&(fmp1P7wnW;xfq8g}jDsV(5fqB(f;bPzX=y3rl*y=oGpMDjb@RD^4ytoVlrU@p@nE@4%@ zs~6L+X7`VI#AO*?M2W>ZnWb^x|H-z%25L<^;q4muN0x9Ssu~Sf$X~8p~ zZB}VA{!=D0T2S47fj*&M&!tNBt}-z9Gb?n=hZQY>c0}h<&iyF~Q`8-|r6qi9?CB8Q zJCi$UbxfaKXI=$8re96CgFYb6Gak@lvs++F5CTX_yTwt6Z%#%#B9-`tbtcCr zo4vzX7FgFd+650o5-!?u7*1*Y;IDq=Ax_ZyK(;01k*lEl-samx~JdR5?x2kd)D zz|jU1`P09&xP`Jeojs+Nyz(K?uCH}-oW>bpw6#9!6< z&HsKCV)^!iolU8gE)}&QpZ7XIpD6((HvoNX7ffNMe)hqb1n*7Q*Emnq5()7!Htn3h zUYaz_098-Nuc9-CaP6pX-Iq9Dtbm4+!l-cz^bktd{~4{c%$@ez9Ir@PD+Ev4ojx*)^P4*=5u0Bb z!o2*=H6OZMUC8|f7p3pgz`?%(SOY%*|ex#JHQd{MJxA67~-h<-;4Ml;G9+ZtB>XoanmQc$`V z;IS6C+Kz%f+5XdzJU7v3??+P~lE9h9aF&gz><%ld_wMQbG*|(wfc2y=u}%51UYq+s|?bjX3dEUD~^tgv}gjk~lS~EkbKn@Ia(Gt<7O)p{fn`?i;=!gG)t@RBS z!knz7$J*0&p7t_9PrZ)f^=s0`9qaVc#w0L8S?+MjmlGmzF=_Z9~C?ByYI8q~iORbkkWwiAf3H`Btx{hPq8qmXJewl)`B=5xfkvk&-5-zzDJUZoN| zetSJd=#Nmiutv;O#JQ+5*<+WG$>k(4f@n43(lxhqy8{iOORxrRSrdu2LbUhI@VVWI zh-YmSve$p~aHh27Qr27JMfI|%=(V?5*2aj2xXpozBk^{0=w!A_+HXIhsCI}fMD}%m z7`qOmakvuFHbHIy(&}5Bn}t@Z0U{PpgxpEc9+oe>y%&4H|KdJnk>B;hk(ZZhyeof= zF(ETTPkADMszkz7v)M6yk&LZva&TVDE!ITvWV*8P3DyQ70=_i9f6!{`=b|K-AT%CX zra}J#7*)L`vp{F_e1{SHqOM)#1&sp99L+`2O_4kGeQ)2-cs(p&xjG98aTlE41SnlT zs3B(NkS1{7)9!(%OciC5K)K23ICVz0#qnRZV5Ukz?xd?B!K4kq=eb95kaS$H9S=7` zny+~;7J9-YhwEufU)frh%xs$+{Bw^5Mr@;0xC*#+D?-%7t0xY{m&9N!=yenrMw&hy zsAvq6+_^RUspOP_!cQiZ|H$DJ>0V z8=dd(f4I}6Cj=5 zP1I*_?dAvN%Q?&zp>HOQqkiN7_a5A$FLnusjSlm-gHoq2P!CZQ@Ix)2e_) zyDet7p7W@@E0(koM37UEMgIokE$Dy4$yvbhxX+ui?D)m0CDPoBxObP7&tP`c=dKt> zDrsFe=jJ{$88F6OQeN1?bOw*i2$%QF*1|~BG6g-hqkXD+mkYQCpXQC$f+ow*2@S;- z{Wcd~rj=gujEO)og1nI!MDUinF!J~QjV0zP3Ut+y3v{QT3nCllIo8_ScV<&N*E=~` zCzow9ZrsBV_>Ygf6)+#wR}c37^z?JqS~{*K%~{FJvIToc&UWoWug%g2%T!^Cq43P! zu#sS0qM2fnYK40H&}$kwyZ5z(6=DrC-UObwBwdPY9Lsf0E|x(iu^lbW>q+sZu1j3W zpT^LH$Er2J^^WRiGjyv|&dBslA({IxGyaS^t5c0`jM{yGj6^^=DnRUg;&WN=(@bCX zinDn;vIk!yBz%>WkV|)MUHmPlY_9tMe^gZq63lT#??66>1R?O39?r;jI)UrTrXCLt zZ>jD9mlQQ!B&dh{|Du0XusjSa(}Vz*r0UO<>4L6vORTTQOF5CByt&KG%`Nc_@C3l; zF5o!dy?ghA7#O0tapOiB3~= 3.1.0" + ## Description / note + description: This CVE needs to be fixed in the alpine base image of nginx container. + diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/NOTES.txt b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/NOTES.txt new file mode 100644 index 000000000..019ed74df --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/NOTES.txt @@ -0,0 +1,118 @@ +Congratulations. You have just deployed JFrog Artifactory HA! + +{{- if .Values.artifactory.masterKey }} +{{- if and (not .Values.artifactory.masterKeySecretName) (eq .Values.artifactory.masterKey "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF") }} + + +***************************************** WARNING ****************************************** +* Your Artifactory master key is still set to the provided example: * +* artifactory.masterKey=FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF * +* * +* You should change this to your own generated key: * +* $ export MASTER_KEY=$(openssl rand -hex 32) * +* $ echo ${MASTER_KEY} * +* * +* Pass the created master key to helm with '--set artifactory.masterKey=${MASTER_KEY}' * +* * +* Alternatively, you can use a pre-existing secret with a key called master-key with * +* '--set artifactory.masterKeySecretName=${SECRET_NAME}' * +******************************************************************************************** +{{- end }} +{{- end }} + +{{- if .Values.artifactory.joinKey }} +{{- if eq .Values.artifactory.joinKey "EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE" }} + + +***************************************** WARNING ****************************************** +* Your Artifactory join key is still set to the provided example: * +* artifactory.joinKey=EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE * +* * +* You should change this to your own generated key: * +* $ export JOIN_KEY=$(openssl rand -hex 32) * +* $ echo ${JOIN_KEY} * +* * +* Pass the created master key to helm with '--set artifactory.joinKey=${JOIN_KEY}' * +* * +******************************************************************************************** +{{- end }} +{{- end }} + + +{{- if .Values.postgresql.enabled }} + +DATABASE: +To extract the database password, run the following +export DB_PASSWORD=$(kubectl get --namespace {{ .Release.Namespace }} $(kubectl get secret --namespace {{ .Release.Namespace }} -o name | grep postgresql) -o jsonpath="{.data.postgresql-password}" | base64 --decode) +echo ${DB_PASSWORD} +{{- end }} + +SETUP: +1. Get the Artifactory IP and URL + + {{- if contains "NodePort" .Values.nginx.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "artifactory-ha.nginx.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT/ + + {{- else if contains "LoadBalancer" .Values.nginx.service.type }} + NOTE: It may take a few minutes for the LoadBalancer public IP to be available! + + You can watch the status of the service by running 'kubectl get svc -w {{ template "artifactory-ha.nginx.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "artifactory-ha.nginx.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo http://$SERVICE_IP/ + + {{- else if contains "ClusterIP" .Values.nginx.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "component={{ .Values.nginx.name }}" -o jsonpath="{.items[0].metadata.name}") + kubectl port-forward --namespace {{ .Release.Namespace }} $POD_NAME 8080:80 + echo http://127.0.0.1:8080 + + {{- end }} + +2. Open Artifactory in your browser + Default credential for Artifactory: + user: admin + password: password + + {{- if .Values.artifactory.license.secret }} + +3. Artifactory license(s) is deployed as a Kubernetes secret. This method is relevant for initial deployment only! + Updating the license should be done via Artifactory UI or REST API. If you want to keep managing the artifactory license using the same method, you can use artifactory.copyOnEveryStartup in values.yaml. + + {{- else }} + +3. Add HA licenses to activate Artifactory HA through the Artifactory UI + NOTE: Each Artifactory node requires a valid license. See https://www.jfrog.com/confluence/display/RTF/HA+Installation+and+Setup for more details. + + {{- end }} + +{{ if or .Values.artifactory.primary.javaOpts.jmx.enabled .Values.artifactory.node.javaOpts.jmx.enabled }} +JMX configuration: +{{- if not (contains "LoadBalancer" .Values.artifactory.service.type) }} +If you want to access JMX from you computer with jconsole, you should set ".Values.artifactory.service.type=LoadBalancer" !!! +{{ end }} + +1. Get the Artifactory service IP: +{{- if .Values.artifactory.primary.javaOpts.jmx.enabled }} +export PRIMARY_SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "artifactory-ha.primary.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') +{{- end }} +{{- if .Values.artifactory.node.javaOpts.jmx.enabled }} +export MEMBER_SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "artifactory-ha.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') +{{- end }} + +2. Map the service name to the service IP in /etc/hosts: +{{- if .Values.artifactory.primary.javaOpts.jmx.enabled }} +sudo sh -c "echo \"${PRIMARY_SERVICE_IP} {{ template "artifactory-ha.primary.name" . }}\" >> /etc/hosts" +{{- end }} +{{- if .Values.artifactory.node.javaOpts.jmx.enabled }} +sudo sh -c "echo \"${MEMBER_SERVICE_IP} {{ template "artifactory-ha.fullname" . }}\" >> /etc/hosts" +{{- end }} + +3. Launch jconsole: +{{- if .Values.artifactory.primary.javaOpts.jmx.enabled }} +jconsole {{ template "artifactory-ha.primary.name" . }}:{{ .Values.artifactory.primary.javaOpts.jmx.port }} +{{- end }} +{{- if .Values.artifactory.node.javaOpts.jmx.enabled }} +jconsole {{ template "artifactory-ha.fullname" . }}:{{ .Values.artifactory.node.javaOpts.jmx.port }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/_helpers.tpl b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/_helpers.tpl new file mode 100644 index 000000000..f8417e945 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/_helpers.tpl @@ -0,0 +1,302 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "artifactory-ha.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +The primary node name +*/}} +{{- define "artifactory-ha.primary.name" -}} +{{- if .Values.nameOverride -}} +{{- printf "%s-primary" .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := .Release.Name | trunc 29 -}} +{{- printf "%s-%s-primary" $name .Chart.Name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} + +{{/* +The member node name +*/}} +{{- define "artifactory-ha.node.name" -}} +{{- if .Values.nameOverride -}} +{{- printf "%s-member" .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := .Release.Name | trunc 29 -}} +{{- printf "%s-%s-member" $name .Chart.Name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} + +{{/* +Expand the name nginx service. +*/}} +{{- define "artifactory-ha.nginx.name" -}} +{{- default .Values.nginx.name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "artifactory-ha.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create a default fully qualified Replicator app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "artifactory-ha.replicator.fullname" -}} +{{- if .Values.artifactory.replicator.ingress.name -}} +{{- .Values.artifactory.replicator.ingress.name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-replication" .Chart.Name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} + +{{/* +Create a default fully qualified replicator tracker ingress name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "artifactory-ha.replicator.tracker.fullname" -}} +{{- if .Values.artifactory.replicator.trackerIngress.name -}} +{{- .Values.artifactory.replicator.trackerIngress.name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-replication-tracker" .Chart.Name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "artifactory-ha.nginx.fullname" -}} +{{- if .Values.nginx.fullnameOverride -}} +{{- .Values.nginx.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nginx.name -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "artifactory-ha.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} +{{ default (include "artifactory-ha.fullname" .) .Values.serviceAccount.name }} +{{- else -}} +{{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "artifactory-ha.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Generate SSL certificates +*/}} +{{- define "artifactory-ha.gen-certs" -}} +{{- $altNames := list ( printf "%s.%s" (include "artifactory-ha.name" .) .Release.Namespace ) ( printf "%s.%s.svc" (include "artifactory-ha.name" .) .Release.Namespace ) -}} +{{- $ca := genCA "artifactory-ca" 365 -}} +{{- $cert := genSignedCert ( include "artifactory-ha.name" . ) nil $altNames 365 $ca -}} +tls.crt: {{ $cert.Cert | b64enc }} +tls.key: {{ $cert.Key | b64enc }} +{{- end -}} + +{{/* +Scheme (http/https) based on Access TLS enabled/disabled +*/}} +{{- define "artifactory-ha.scheme" -}} +{{- if .Values.access.accessConfig.security.tls -}} +{{- printf "%s" "https" -}} +{{- else -}} +{{- printf "%s" "http" -}} +{{- end -}} +{{- end -}} + +{{/* +Resolve joinKey value +*/}} +{{- define "artifactory-ha.joinKey" -}} +{{- if .Values.global.joinKey -}} +{{- .Values.global.joinKey -}} +{{- else if .Values.artifactory.joinKey -}} +{{- .Values.artifactory.joinKey -}} +{{- end -}} +{{- end -}} + +{{/* +Resolve masterKey value +*/}} +{{- define "artifactory-ha.masterKey" -}} +{{- if .Values.global.masterKey -}} +{{- .Values.global.masterKey -}} +{{- else if .Values.artifactory.masterKey -}} +{{- .Values.artifactory.masterKey -}} +{{- end -}} +{{- end -}} + +{{/* +Resolve joinKeySecretName value +*/}} +{{- define "artifactory-ha.joinKeySecretName" -}} +{{- if .Values.global.joinKeySecretName -}} +{{- .Values.global.joinKeySecretName -}} +{{- else if .Values.artifactory.joinKeySecretName -}} +{{- .Values.artifactory.joinKeySecretName -}} +{{- else -}} +{{ include "artifactory-ha.fullname" . }} +{{- end -}} +{{- end -}} + +{{/* +Resolve masterKeySecretName value +*/}} +{{- define "artifactory-ha.masterKeySecretName" -}} +{{- if .Values.global.masterKeySecretName -}} +{{- .Values.global.masterKeySecretName -}} +{{- else if .Values.artifactory.masterKeySecretName -}} +{{- .Values.artifactory.masterKeySecretName -}} +{{- else -}} +{{ include "artifactory-ha.fullname" . }} +{{- end -}} +{{- end -}} + +{{/* +Resolve imagePullSecrets value +*/}} +{{- define "artifactory-ha.imagePullSecrets" -}} +{{- if .Values.global.imagePullSecrets }} +imagePullSecrets: +{{- range .Values.global.imagePullSecrets }} + - name: {{ . }} +{{- end }} +{{- else if .Values.imagePullSecrets }} +imagePullSecrets: +{{- range .Values.imagePullSecrets }} + - name: {{ . }} +{{- end }} +{{- end -}} +{{- end -}} + +{{/* +Resolve customInitContainersBegin value +*/}} +{{- define "artifactory-ha.customInitContainersBegin" -}} +{{- if .Values.global.customInitContainersBegin -}} +{{- .Values.global.customInitContainersBegin -}} +{{- else if .Values.artifactory.customInitContainersBegin -}} +{{- .Values.artifactory.customInitContainersBegin -}} +{{- end -}} +{{- end -}} + +{{/* +Resolve customInitContainers value +*/}} +{{- define "artifactory-ha.customInitContainers" -}} +{{- if .Values.global.customInitContainers -}} +{{- .Values.global.customInitContainers -}} +{{- else if .Values.artifactory.customInitContainers -}} +{{- .Values.artifactory.customInitContainers -}} +{{- end -}} +{{- end -}} + +{{/* +Resolve customVolumes value +*/}} +{{- define "artifactory-ha.customVolumes" -}} +{{- if .Values.global.customVolumes -}} +{{- .Values.global.customVolumes -}} +{{- else if .Values.artifactory.customVolumes -}} +{{- .Values.artifactory.customVolumes -}} +{{- end -}} +{{- end -}} + +{{/* +Resolve customVolumeMounts value +*/}} +{{- define "artifactory-ha.customVolumeMounts" -}} +{{- if .Values.global.customVolumeMounts -}} +{{- .Values.global.customVolumeMounts -}} +{{- else if .Values.artifactory.customVolumeMounts -}} +{{- .Values.artifactory.customVolumeMounts -}} +{{- end -}} +{{- end -}} + +{{/* +Resolve customSidecarContainers value +*/}} +{{- define "artifactory-ha.customSidecarContainers" -}} +{{- if .Values.global.customSidecarContainers -}} +{{- .Values.global.customSidecarContainers -}} +{{- else if .Values.artifactory.customSidecarContainers -}} +{{- .Values.artifactory.customSidecarContainers -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper artifactory chart image names +*/}} +{{- define "artifactory-ha.getImageInfoByValue" -}} +{{- $dot := index . 0 }} +{{- $indexReference := index . 1 }} +{{- $registryName := index $dot.Values $indexReference "image" "registry" -}} +{{- $repositoryName := index $dot.Values $indexReference "image" "repository" -}} +{{- $tag := default $dot.Chart.AppVersion (index $dot.Values $indexReference "image" "tag") | toString -}} +{{- if $dot.Values.global }} + {{- if and $dot.Values.global.versions.artifactory (or (eq $indexReference "artifactory") (eq $indexReference "nginx") ) }} + {{- $tag = $dot.Values.global.versions.artifactory | toString -}} + {{- end -}} + {{- if $dot.Values.global.imageRegistry }} + {{- printf "%s/%s:%s" $dot.Values.global.imageRegistry $repositoryName $tag -}} + {{- else -}} + {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} + {{- end -}} +{{- else -}} + {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper artifactory app version +*/}} +{{- define "artifactory-ha.app.version" -}} +{{- $image := split ":" ((include "artifactory-ha.getImageInfoByValue" (list . "artifactory")) | toString) -}} +{{- $tag := $image._1 -}} +{{- printf "%s" $tag -}} +{{- end -}} + +{{/* +Custom certificate copy command +*/}} +{{- define "artifactory-ha.copyCustomCerts" -}} +echo "Copy custom certificates to {{ .Values.artifactory.persistence.mountPath }}/etc/security/keys/trusted"; +mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/security/keys/trusted; +find /tmp/certs -type f -not -name "*.key" -exec cp -v {} {{ .Values.artifactory.persistence.mountPath }}/etc/security/keys/trusted \;; +find {{ .Values.artifactory.persistence.mountPath }}/etc/security/keys/trusted/ -type f -name "tls.crt" -exec mv -v {} {{ .Values.artifactory.persistence.mountPath }}/etc/security/keys/trusted/ca.crt \;; +{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/additional-resources.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/additional-resources.yaml new file mode 100644 index 000000000..c4d06f08a --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/additional-resources.yaml @@ -0,0 +1,3 @@ +{{ if .Values.additionalResources }} +{{ tpl .Values.additionalResources . }} +{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/admin-bootstrap-creds.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/admin-bootstrap-creds.yaml new file mode 100644 index 000000000..b344e86b6 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/admin-bootstrap-creds.yaml @@ -0,0 +1,15 @@ +{{- if not (and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey) }} +{{- if .Values.artifactory.admin.password }} +kind: Secret +apiVersion: v1 +metadata: + name: {{ template "artifactory-ha.fullname" . }}-bootstrap-creds + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +data: + bootstrap.creds: {{ (printf "%s@%s=%s" .Values.artifactory.admin.username .Values.artifactory.admin.ip .Values.artifactory.admin.password) | b64enc }} +{{- end }} +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-access-config.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-access-config.yaml new file mode 100644 index 000000000..4eac505bc --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-access-config.yaml @@ -0,0 +1,15 @@ +{{- if .Values.access.accessConfig }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "artifactory-ha.fullname" . }}-access-config + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +type: Opaque +stringData: + access.config.patch.yml: | +{{ tpl (toYaml .Values.access.accessConfig) . | indent 4 }} +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-binarystore-secret.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-binarystore-secret.yaml new file mode 100644 index 000000000..2e7cac758 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-binarystore-secret.yaml @@ -0,0 +1,14 @@ +{{- if not .Values.artifactory.persistence.customBinarystoreXmlSecret }} +kind: Secret +apiVersion: v1 +metadata: + name: {{ template "artifactory-ha.fullname" . }}-binarystore + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +stringData: + binarystore.xml: |- +{{ tpl .Values.artifactory.persistence.binarystoreXml . | indent 4 }} +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-configmaps.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-configmaps.yaml new file mode 100644 index 000000000..1385bc578 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-configmaps.yaml @@ -0,0 +1,13 @@ +{{ if .Values.artifactory.configMaps }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "artifactory-ha.fullname" . }}-configmaps + labels: + app: {{ template "artifactory-ha.fullname" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +data: +{{ tpl .Values.artifactory.configMaps . | indent 2 }} +{{ end -}} \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-custom-secrets.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-custom-secrets.yaml new file mode 100644 index 000000000..67473fc58 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-custom-secrets.yaml @@ -0,0 +1,19 @@ +{{- if .Values.artifactory.customSecrets }} +{{- range .Values.artifactory.customSecrets }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "artifactory-ha.fullname" $ }}-{{ .name }} + labels: + app: "{{ template "artifactory-ha.name" $ }}" + chart: "{{ template "artifactory-ha.chart" $ }}" + component: "{{ $.Values.artifactory.name }}" + heritage: {{ $.Release.Service | quote }} + release: {{ $.Release.Name | quote }} +type: Opaque +stringData: + {{ .key }}: | +{{ .data | indent 4 -}} +{{- end -}} +{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-database-secrets.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-database-secrets.yaml new file mode 100644 index 000000000..9ff71855f --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-database-secrets.yaml @@ -0,0 +1,22 @@ +{{- if and (not .Values.database.secrets) (not .Values.postgresql.enabled) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "artifactory-ha.fullname" . }}-database-creds + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +type: Opaque +data: + {{- with .Values.database.url }} + db-url: {{ tpl . $ | b64enc | quote }} + {{- end }} + {{- with .Values.database.user }} + db-user: {{ tpl . $ | b64enc | quote }} + {{- end }} + {{- with .Values.database.password }} + db-password: {{ tpl . $ | b64enc | quote }} + {{- end }} +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-gcp-credentials-secret.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-gcp-credentials-secret.yaml new file mode 100644 index 000000000..c6a2682c8 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-gcp-credentials-secret.yaml @@ -0,0 +1,16 @@ +{{- if not .Values.artifactory.persistence.googleStorage.gcpServiceAccount.customSecretName }} +{{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} +kind: Secret +apiVersion: v1 +metadata: + name: {{ template "artifactory-ha.fullname" . }}-gcpcreds + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +stringData: + gcp.credentials.json: |- +{{ tpl .Values.artifactory.persistence.googleStorage.gcpServiceAccount.config . | indent 4 }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-installer-info.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-installer-info.yaml new file mode 100644 index 000000000..e58ec41b3 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-installer-info.yaml @@ -0,0 +1,12 @@ +kind: ConfigMap +apiVersion: v1 +metadata: + name: {{ template "artifactory-ha.fullname" . }}-installer-info + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +data: + installer-info.json: | + {{ tpl .Values.installerInfo . }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-license-secret.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-license-secret.yaml new file mode 100644 index 000000000..3f629c6e4 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-license-secret.yaml @@ -0,0 +1,14 @@ +{{- with .Values.artifactory.license.licenseKey }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "artifactory-ha.fullname" $ }}-license + labels: + app: {{ template "artifactory-ha.name" $ }} + chart: {{ template "artifactory-ha.chart" $ }} + heritage: {{ $.Release.Service }} + release: {{ $.Release.Name }} +type: Opaque +data: + artifactory.lic: {{ . | b64enc | quote }} +{{- end }} \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-migration-scripts.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-migration-scripts.yaml new file mode 100644 index 000000000..fe40f980f --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-migration-scripts.yaml @@ -0,0 +1,18 @@ +{{- if .Values.artifactory.migration.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "artifactory-ha.fullname" . }}-migration-scripts + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +data: + migrate.sh: | +{{ .Files.Get "files/migrate.sh" | indent 4 }} + migrationHelmInfo.yaml: | +{{ .Files.Get "files/migrationHelmInfo.yaml" | indent 4 }} + migrationStatus.sh: | +{{ .Files.Get "files/migrationStatus.sh" | indent 4 }} +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-networkpolicy.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-networkpolicy.yaml new file mode 100644 index 000000000..371dc9a5f --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-networkpolicy.yaml @@ -0,0 +1,34 @@ +{{- range .Values.networkpolicy }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ template "artifactory-ha.fullname" $ }}-{{ .name }}-networkpolicy + labels: + app: {{ template "artifactory-ha.name" $ }} + chart: {{ template "artifactory-ha.chart" $ }} + release: {{ $.Release.Name }} + heritage: {{ $.Release.Service }} +spec: +{{- if .podSelector }} + podSelector: +{{ .podSelector | toYaml | trimSuffix "\n" | indent 4 -}} +{{ else }} + podSelector: {} +{{- end }} + policyTypes: + {{- if .ingress }} + - Ingress + {{- end }} + {{- if .egress }} + - Egress + {{- end }} +{{- if .ingress }} + ingress: +{{ .ingress | toYaml | trimSuffix "\n" | indent 2 -}} +{{- end }} +{{- if .egress }} + egress: +{{ .egress | toYaml | trimSuffix "\n" | indent 2 -}} +{{- end }} +--- +{{- end -}} \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-nfs-pvc.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-nfs-pvc.yaml new file mode 100644 index 000000000..6ed7d82f6 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-nfs-pvc.yaml @@ -0,0 +1,101 @@ +{{- if eq .Values.artifactory.persistence.type "nfs" }} +### Artifactory HA data +apiVersion: v1 +kind: PersistentVolume +metadata: + name: {{ template "artifactory-ha.fullname" . }}-data-pv + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + id: {{ template "artifactory-ha.name" . }}-data-pv + type: nfs-volume +spec: + {{- if .Values.artifactory.persistence.nfs.mountOptions }} + mountOptions: +{{ toYaml .Values.artifactory.persistence.nfs.mountOptions | indent 4 }} + {{- end }} + capacity: + storage: {{ .Values.artifactory.persistence.nfs.capacity }} + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + nfs: + server: {{ .Values.artifactory.persistence.nfs.ip }} + path: "{{ .Values.artifactory.persistence.nfs.haDataMount }}" + readOnly: false +--- +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ template "artifactory-ha.fullname" . }}-data-pvc + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + type: nfs-volume +spec: + accessModes: + - ReadWriteOnce + storageClassName: "" + resources: + requests: + storage: {{ .Values.artifactory.persistence.nfs.capacity }} + selector: + matchLabels: + id: {{ template "artifactory-ha.name" . }}-data-pv + app: {{ template "artifactory-ha.name" . }} + release: {{ .Release.Name }} +--- +### Artifactory HA backup +apiVersion: v1 +kind: PersistentVolume +metadata: + name: {{ template "artifactory-ha.fullname" . }}-backup-pv + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + id: {{ template "artifactory-ha.name" . }}-backup-pv + type: nfs-volume +spec: + {{- if .Values.artifactory.persistence.nfs.mountOptions }} + mountOptions: +{{ toYaml .Values.artifactory.persistence.nfs.mountOptions | indent 4 }} + {{- end }} + capacity: + storage: {{ .Values.artifactory.persistence.nfs.capacity }} + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + nfs: + server: {{ .Values.artifactory.persistence.nfs.ip }} + path: "{{ .Values.artifactory.persistence.nfs.haBackupMount }}" + readOnly: false +--- +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ template "artifactory-ha.fullname" . }}-backup-pvc + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + type: nfs-volume +spec: + accessModes: + - ReadWriteOnce + storageClassName: "" + resources: + requests: + storage: {{ .Values.artifactory.persistence.nfs.capacity }} + selector: + matchLabels: + id: {{ template "artifactory-ha.name" . }}-backup-pv + app: {{ template "artifactory-ha.name" . }} + release: {{ .Release.Name }} +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-node-pdb.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-node-pdb.yaml new file mode 100644 index 000000000..cb45027cf --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-node-pdb.yaml @@ -0,0 +1,20 @@ +{{- if .Values.artifactory.node.minAvailable -}} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: {{ template "artifactory-ha.fullname" . }}-node + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + component: {{ .Values.artifactory.name }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + selector: + matchLabels: + component: {{ .Values.artifactory.name }} + app: {{ template "artifactory-ha.name" . }} + role: {{ template "artifactory-ha.node.name" . }} + release: {{ .Release.Name }} + minAvailable: {{ .Values.artifactory.node.minAvailable }} +{{- end }} \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-node-statefulset.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-node-statefulset.yaml new file mode 100644 index 000000000..18f5de1ff --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-node-statefulset.yaml @@ -0,0 +1,777 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ template "artifactory-ha.node.name" . }} + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + component: {{ .Values.artifactory.name }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +{{- with .Values.artifactory.node.labels }} +{{ toYaml . | indent 4 }} +{{- end }} +spec: + serviceName: {{ template "artifactory-ha.node.name" . }} + replicas: {{ .Values.artifactory.node.replicaCount }} + updateStrategy: {{- toYaml .Values.artifactory.node.updateStrategy | nindent 4}} + selector: + matchLabels: + app: {{ template "artifactory-ha.name" . }} + role: {{ template "artifactory-ha.node.name" . }} + release: {{ .Release.Name }} + template: + metadata: + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + role: {{ template "artifactory-ha.node.name" . }} + heritage: {{ .Release.Service }} + component: {{ .Values.artifactory.name }} + release: {{ .Release.Name }} + {{- with .Values.artifactory.node.labels }} +{{ toYaml . | indent 8 }} + {{- end }} + annotations: + checksum/database-secrets: {{ include (print $.Template.BasePath "/artifactory-database-secrets.yaml") . | sha256sum }} + checksum/binarystore: {{ include (print $.Template.BasePath "/artifactory-binarystore-secret.yaml") . | sha256sum }} + checksum/systemyaml: {{ include (print $.Template.BasePath "/artifactory-system-yaml.yaml") . | sha256sum }} + {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} + checksum/gcpcredentials: {{ include (print $.Template.BasePath "/artifactory-gcp-credentials-secret.yaml") . | sha256sum }} + {{- end }} + {{- range $key, $value := .Values.artifactory.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + spec: + {{- if .Values.artifactory.priorityClass.existingPriorityClass }} + priorityClassName: {{ .Values.artifactory.priorityClass.existingPriorityClass }} + {{- else -}} + {{- if .Values.artifactory.priorityClass.create }} + priorityClassName: {{ default (include "artifactory-ha.fullname" .) .Values.artifactory.priorityClass.name }} + {{- end }} + {{- end }} + serviceAccountName: {{ template "artifactory-ha.serviceAccountName" . }} + terminationGracePeriodSeconds: {{ .Values.artifactory.terminationGracePeriodSeconds }} + {{- if or .Values.imagePullSecrets .Values.global.imagePullSecrets }} +{{- include "artifactory-ha.imagePullSecrets" . | indent 6 }} + {{- end }} + {{- if .Values.artifactory.setSecurityContext }} + securityContext: + runAsUser: {{ .Values.artifactory.uid }} + fsGroup: {{ .Values.artifactory.gid }} + {{- end }} + initContainers: + {{- if or .Values.artifactory.customInitContainersBegin .Values.global.customInitContainersBegin }} +{{ tpl (include "artifactory-ha.customInitContainersBegin" .) . | indent 6 }} + {{- end }} + {{- if .Values.artifactory.persistence.enabled }} + {{- if eq .Values.artifactory.persistence.type "file-system" }} + {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} + - name: "create-artifactory-data-dir" + image: "{{ .Values.initContainerImage }}" + imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} + command: + - 'sh' + - '-c' + - > + mkdir -p {{ tpl .Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir . }}; + resources: +{{ toYaml .Values.initContainers.resources | indent 10 }} + volumeMounts: + - mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} + name: volume + {{- end }} + {{- end }} + {{- if .Values.artifactory.deleteDBPropertiesOnStartup }} + - name: "delete-db-properties" + image: "{{ .Values.initContainerImage }}" + imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} + command: + - 'sh' + - '-c' + - 'rm -fv {{ .Values.artifactory.persistence.mountPath }}/etc/db.properties' + resources: +{{ toYaml .Values.initContainers.resources | indent 10 }} + volumeMounts: + - mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} + name: volume + {{- end }} + {{- end }} + {{- if and .Values.artifactory.node.waitForPrimaryStartup.enabled }} + - name: "wait-for-primary" + image: "{{ .Values.initContainerImage }}" + imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} + command: + - 'sh' + - '-c' + - > + echo "Waiting for primary node to be ready..."; + {{- if and .Values.artifactory.node.waitForPrimaryStartup.enabled .Values.artifactory.node.waitForPrimaryStartup.time }} + echo "Sleeping to allow time for primary node to come up"; + sleep {{ .Values.artifactory.node.waitForPrimaryStartup.time }}; + {{- else }} + while [ "$(wget --spider --no-check-certificate -S -T 3 {{ include "artifactory-ha.scheme" . }}://{{ template "artifactory-ha.primary.name" . }}:{{ .Values.artifactory.externalPort }}/ 2>&1 | grep '^ HTTP/' | awk '{print $2}')" != "200" ]; + do echo "Primary not ready. Waiting..."; sleep 3; + done; + echo "Primary node ready!"; + {{- end }} + resources: +{{ toYaml .Values.initContainers.resources | indent 10 }} + {{- end }} + - name: 'copy-system-yaml' + image: '{{ .Values.initContainerImage }}' + command: + - '/bin/sh' + - '-c' + - > + echo "Copy system.yaml to {{ .Values.artifactory.persistence.mountPath }}/etc"; + mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc; + mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/access/keys/trusted; + {{- if .Values.systemYamlOverride.existingSecret }} + cp -fv /tmp/etc/{{ .Values.systemYamlOverride.dataKey }} {{ .Values.artifactory.persistence.mountPath }}/etc/system.yaml; + {{- else }} + cp -fv /tmp/etc/system.yaml {{ .Values.artifactory.persistence.mountPath }}/etc/system.yaml; + {{- end }} + echo "Remove {{ .Values.artifactory.persistence.mountPath }}/lost+found folder if exists"; + rm -rfv {{ .Values.artifactory.persistence.mountPath }}/lost+found; + echo "Removing join.key file"; + rm -fv {{ .Values.artifactory.persistence.mountPath }}/etc/security/join.key; + {{- if .Values.access.resetAccessCAKeys }} + echo "Resetting Access CA Keys - load from database"; + {{- end }} + {{- if .Values.access.customCertificatesSecretName }} + echo "Load custom certificates from database"; + {{- end }} + {{- if or .Values.artifactory.masterKey .Values.global.masterKey .Values.artifactory.masterKeySecretName .Values.global.masterKeySecretName }} + echo "Copy masterKey to {{ .Values.artifactory.persistence.mountPath }}/etc/security"; + mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/security; + echo -n ${ARTIFACTORY_MASTER_KEY} > {{ .Values.artifactory.persistence.mountPath }}/etc/security/master.key; + env: + - name: ARTIFACTORY_MASTER_KEY + valueFrom: + secretKeyRef: + name: {{ include "artifactory-ha.masterKeySecretName" . }} + key: master-key + {{- end }} + resources: +{{ toYaml .Values.initContainers.resources | indent 10 }} + volumeMounts: + - name: volume + mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} + {{- if or .Values.systemYamlOverride.existingSecret .Values.artifactory.systemYaml }} + - name: systemyaml + {{- if .Values.systemYamlOverride.existingSecret }} + mountPath: "/tmp/etc/{{.Values.systemYamlOverride.dataKey}}" + subPath: {{ .Values.systemYamlOverride.dataKey }} + {{- else if .Values.artifactory.systemYaml }} + mountPath: "/tmp/etc/system.yaml" + subPath: system.yaml + {{- end }} + {{- end }} + {{- if and .Values.artifactory.customPersistentPodVolumeClaim (not .Values.artifactory.customPersistentPodVolumeClaim.skipPrepareContainer) }} + - name: "prepare-custom-persistent-volume" + image: "{{ .Values.initContainerImage }}" + command: + - 'sh' + - '-c' + - > + chown -Rv {{ .Values.artifactory.uid }}:{{ .Values.artifactory.gid }} {{ .Values.artifactory.customPersistentPodVolumeClaim.mountPath }} + securityContext: + runAsUser: 0 + resources: +{{ toYaml .Values.initContainers.resources | indent 10 }} + volumeMounts: + - name: {{ .Values.artifactory.customPersistentPodVolumeClaim.name }} + mountPath: {{ .Values.artifactory.customPersistentPodVolumeClaim.mountPath }} + {{- end }} + {{- if or .Values.artifactory.customCertificates.enabled .Values.global.customCertificates.enabled }} + - name: copy-custom-certificates + image: "{{ .Values.initContainerImage }}" + resources: +{{ toYaml .Values.initContainers.resources | indent 10 }} + command: + - 'sh' + - '-c' + - > +{{ include "artifactory-ha.copyCustomCerts" . | indent 10 }} + volumeMounts: + - name: volume + mountPath: {{ .Values.artifactory.persistence.mountPath }} + - name: ca-certs + mountPath: "/tmp/certs" + {{- end }} + {{- if .Values.waitForDatabase }} + {{- if or .Values.postgresql.enabled }} + - name: "wait-for-db" + image: "{{ .Values.initContainerImage }}" + command: + - 'sh' + - '-c' + - > + until nc -z -w 2 {{ .Release.Name }}-postgresql {{ .Values.postgresql.service.port }} && echo database ok; do + sleep 2; + done; + resources: +{{ toYaml .Values.initContainers.resources | indent 10 }} + {{- end }} + {{- end }} + {{- if or .Values.artifactory.customInitContainers .Values.global.customInitContainers }} +{{ tpl (include "artifactory-ha.customInitContainers" .) . | indent 6 }} + {{- end }} +{{- if .Values.artifactory.migration.enabled }} + - name: 'migration-artifactory-ha' + image: {{ include "artifactory-ha.getImageInfoByValue" (list . "artifactory") }} + imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} + securityContext: + allowPrivilegeEscalation: false + command: + - '/bin/bash' + - '-c' + - > + {{- if .Values.artifactory.migration.preStartCommand }} + echo "Running custom preStartCommand command"; + {{ tpl .Values.artifactory.migration.preStartCommand . }}; + {{- end }} + scriptsPath="/opt/jfrog/artifactory/app/bin"; + mkdir -p $scriptsPath; + echo "Copy migration scripts and Run migration"; + cp -fv /tmp/migrate.sh $scriptsPath/migrate.sh; + cp -fv /tmp/migrationHelmInfo.yaml $scriptsPath/migrationHelmInfo.yaml; + cp -fv /tmp/migrationStatus.sh $scriptsPath/migrationStatus.sh; + mkdir -p {{ .Values.artifactory.persistence.mountPath }}/log; + bash $scriptsPath/migrationStatus.sh {{ include "artifactory-ha.app.version" . }} {{ .Values.artifactory.migration.timeoutSeconds }} > >(tee {{ .Values.artifactory.persistence.mountPath }}/log/helm-migration.log) 2>&1; + resources: +{{ toYaml .Values.artifactory.node.resources | indent 10 }} + env: + {{- if and (not .Values.waitForDatabase) (not .Values.postgresql.enabled) }} + - name: SKIP_WAIT_FOR_EXTERNAL_DB + value: "true" + {{- end }} + {{- if or .Values.database.secrets.user .Values.database.user }} + - name: JF_SHARED_DATABASE_USERNAME + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.user }} + name: {{ tpl .Values.database.secrets.user.name . }} + key: {{ tpl .Values.database.secrets.user.key . }} + {{- else if .Values.database.user }} + name: {{ template "artifactory-ha.fullname" . }}-database-creds + key: db-user + {{- end }} + {{- end }} + {{ if or .Values.database.secrets.password .Values.database.password .Values.postgresql.enabled }} + - name: JF_SHARED_DATABASE_PASSWORD + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.password }} + name: {{ tpl .Values.database.secrets.password.name . }} + key: {{ tpl .Values.database.secrets.password.key . }} + {{- else if .Values.database.password }} + name: {{ template "artifactory-ha.fullname" . }}-database-creds + key: db-password + {{- else if .Values.postgresql.enabled }} + name: {{ .Release.Name }}-postgresql + key: postgresql-password + {{- end }} + {{- end }} + {{- if or .Values.database.secrets.url .Values.database.url }} + - name: JF_SHARED_DATABASE_URL + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.url }} + name: {{ tpl .Values.database.secrets.url.name . }} + key: {{ tpl .Values.database.secrets.url.key . }} + {{- else if .Values.database.url }} + name: {{ template "artifactory-ha.fullname" . }}-database-creds + key: db-url + {{- end }} + {{- end }} + - name: JF_SHARED_NODE_PRIMARY + value: "false" + - name: JF_SHARED_NODE_HAENABLED + value: "true" +{{- with .Values.artifactory.extraEnvironmentVariables }} +{{ tpl (toYaml .) $ | indent 8 }} +{{- end }} + volumeMounts: + - name: migration-scripts + mountPath: "/tmp/migrate.sh" + subPath: migrate.sh + - name: migration-scripts + mountPath: "/tmp/migrationHelmInfo.yaml" + subPath: migrationHelmInfo.yaml + - name: migration-scripts + mountPath: "/tmp/migrationStatus.sh" + subPath: migrationStatus.sh + - name: volume + mountPath: "{{ .Values.artifactory.persistence.mountPath }}" + {{- if eq .Values.artifactory.persistence.type "file-system" }} + {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} + {{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }} + - name: artifactory-ha-data-{{ $sharedClaimNumber }} + mountPath: "{{ tpl $.Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir $ }}/filestore{{ $sharedClaimNumber }}" + {{- end }} + - name: artifactory-ha-backup + mountPath: "{{ $.Values.artifactory.persistence.fileSystem.existingSharedClaim.backupDir }}" + {{- end }} + {{- end }} + {{- if or .Values.artifactory.customVolumeMounts .Values.global.customVolumeMounts }} +{{ tpl (include "artifactory-ha.customVolumeMounts" .) . | indent 8 }} + {{- end }} + {{- if eq .Values.artifactory.persistence.type "nfs" }} + - name: artifactory-ha-data + mountPath: "{{ .Values.artifactory.persistence.nfs.dataDir }}" + - name: artifactory-ha-backup + mountPath: "{{ .Values.artifactory.persistence.nfs.backupDir }}" + {{- else }} + {{- if .Values.artifactory.binarystore.enabled }} + - name: binarystore-xml + mountPath: "/artifactory_bootstrap/binarystore.xml" + subPath: binarystore.xml + {{- end }} + {{- end }} + {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} + - name: gcpcreds-json + mountPath: "/artifactory_bootstrap/gcp.credentials.json" + subPath: gcp.credentials.json + {{- end }} +{{- end }} + {{- if .Values.hostAliases }} + hostAliases: +{{ toYaml .Values.hostAliases | indent 6 }} + {{- end }} + containers: + - name: {{ .Values.artifactory.name }} + image: {{ include "artifactory-ha.getImageInfoByValue" (list . "artifactory") }} + imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} + securityContext: + allowPrivilegeEscalation: false + command: + - '/bin/bash' + - '-c' + - > + set -e; + {{- range .Values.artifactory.copyOnEveryStartup }} + {{- $targetPath := printf "%s/%s" $.Values.artifactory.persistence.mountPath .target }} + {{- $baseDirectory := regexFind ".*/" $targetPath }} + mkdir -p {{ $baseDirectory }}; + cp -Lrf {{ .source }} {{ $.Values.artifactory.persistence.mountPath }}/{{ .target }}; + {{- end }} + {{- if .Values.artifactory.preStartCommand }} + echo "Running custom preStartCommand command"; + {{ tpl .Values.artifactory.preStartCommand . }}; + {{- end }} + {{- with .Values.artifactory.node.preStartCommand }} + echo "Running member node specific custom preStartCommand command"; + {{ tpl . $ }}; + {{- end }} + exec /entrypoint-artifactory.sh + {{- with .Values.artifactory.postStartCommand }} + lifecycle: + postStart: + exec: + command: + - '/bin/bash' + - '-c' + - > + echo "Running custom postStartCommand command"; + {{ tpl . $ }} + {{- end }} + env: + {{- if and (not .Values.waitForDatabase) (not .Values.postgresql.enabled) }} + - name: SKIP_WAIT_FOR_EXTERNAL_DB + value: "true" + {{- end }} + {{- if or .Values.database.secrets.user .Values.database.user }} + - name: JF_SHARED_DATABASE_USERNAME + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.user }} + name: {{ tpl .Values.database.secrets.user.name . }} + key: {{ tpl .Values.database.secrets.user.key . }} + {{- else if .Values.database.user }} + name: {{ template "artifactory-ha.fullname" . }}-database-creds + key: db-user + {{- end }} + {{- end }} + {{ if or .Values.database.secrets.password .Values.database.password .Values.postgresql.enabled }} + - name: JF_SHARED_DATABASE_PASSWORD + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.password }} + name: {{ tpl .Values.database.secrets.password.name . }} + key: {{ tpl .Values.database.secrets.password.key . }} + {{- else if .Values.database.password }} + name: {{ template "artifactory-ha.fullname" . }}-database-creds + key: db-password + {{- else if .Values.postgresql.enabled }} + name: {{ .Release.Name }}-postgresql + key: postgresql-password + {{- end }} + {{- end }} + {{- if or .Values.database.secrets.url .Values.database.url }} + - name: JF_SHARED_DATABASE_URL + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.url }} + name: {{ tpl .Values.database.secrets.url.name . }} + key: {{ tpl .Values.database.secrets.url.key . }} + {{- else if .Values.database.url }} + name: {{ template "artifactory-ha.fullname" . }}-database-creds + key: db-url + {{- end }} + {{- end }} + - name: JF_SHARED_NODE_PRIMARY + value: "false" + - name: JF_SHARED_NODE_HAENABLED + value: "true" +{{- with .Values.artifactory.extraEnvironmentVariables }} +{{ tpl (toYaml .) $ | indent 8 }} +{{- end }} + ports: + - containerPort: {{ .Values.artifactory.internalPort }} + name: http + - containerPort: {{ .Values.artifactory.internalArtifactoryPort }} + name: http-internal + {{- if .Values.artifactory.node.javaOpts.jmx.enabled }} + - containerPort: {{ .Values.artifactory.node.javaOpts.jmx.port }} + name: tcp-jmx + {{- end }} + {{- if .Values.artifactory.ssh.enabled }} + - containerPort: {{ .Values.artifactory.ssh.internalPort }} + name: tcp-ssh + {{- end }} + volumeMounts: + {{- if .Values.artifactory.customPersistentVolumeClaim }} + - name: {{ .Values.artifactory.customPersistentVolumeClaim.name }} + mountPath: {{ .Values.artifactory.customPersistentVolumeClaim.mountPath }} + {{- end }} + {{- if .Values.artifactory.customPersistentPodVolumeClaim }} + - name: {{ .Values.artifactory.customPersistentPodVolumeClaim.name }} + mountPath: {{ .Values.artifactory.customPersistentPodVolumeClaim.mountPath }} + {{- end }} + - name: volume + mountPath: "{{ .Values.artifactory.persistence.mountPath }}" + {{- if eq .Values.artifactory.persistence.type "file-system" }} + {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} + {{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }} + - name: artifactory-ha-data-{{ $sharedClaimNumber }} + mountPath: "{{ tpl $.Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir $ }}/filestore{{ $sharedClaimNumber }}" + {{- end }} + - name: artifactory-ha-backup + mountPath: "{{ $.Values.artifactory.persistence.fileSystem.existingSharedClaim.backupDir }}" + {{- end }} + {{- end }} + {{- if eq .Values.artifactory.persistence.type "nfs" }} + - name: artifactory-ha-data + mountPath: "{{ .Values.artifactory.persistence.nfs.dataDir }}" + - name: artifactory-ha-backup + mountPath: "{{ .Values.artifactory.persistence.nfs.backupDir }}" + {{- else }} + {{- if .Values.artifactory.binarystore.enabled }} + - name: binarystore-xml + mountPath: "/artifactory_bootstrap/binarystore.xml" + subPath: binarystore.xml + {{- end }} + {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} + - name: gcpcreds-json + mountPath: "/artifactory_bootstrap/gcp.credentials.json" + subPath: gcp.credentials.json + {{- end }} + {{- if .Values.artifactory.configMapName }} + - name: bootstrap-config + mountPath: "/bootstrap/" + {{- end }} + {{- if or .Values.artifactory.license.secret .Values.artifactory.license.licenseKey }} + - name: artifactory-license + mountPath: "/artifactory_bootstrap/artifactory.cluster.license" + {{- if .Values.artifactory.license.secret }} + subPath: {{ .Values.artifactory.license.dataKey }} + {{- else if .Values.artifactory.license.licenseKey }} + subPath: artifactory.lic + {{- end }} + {{- end }} + {{- end }} + - name: installer-info + mountPath: "/artifactory_bootstrap/info/installer-info.json" + subPath: installer-info.json + {{- if or .Values.artifactory.customVolumeMounts .Values.global.customVolumeMounts }} +{{ tpl (include "artifactory-ha.customVolumeMounts" .) . | indent 8 }} + {{- end }} + resources: +{{ toYaml .Values.artifactory.node.resources | indent 10 }} + {{- if .Values.artifactory.startupProbe.enabled }} + startupProbe: + httpGet: + path: {{ .Values.artifactory.startupProbe.path }} + scheme: {{ include "artifactory-ha.scheme" . | upper }} + port: {{ .Values.artifactory.internalPort }} + initialDelaySeconds: {{ .Values.artifactory.startupProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.artifactory.startupProbe.periodSeconds }} + failureThreshold: {{ .Values.artifactory.startupProbe.failureThreshold }} + timeoutSeconds: {{ .Values.artifactory.startupProbe.timeoutSeconds }} + {{- end }} + {{- if .Values.artifactory.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.artifactory.readinessProbe.path }} + scheme: {{ include "artifactory-ha.scheme" . | upper }} + port: {{ .Values.artifactory.internalPort }} + initialDelaySeconds: {{ .Values.artifactory.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.artifactory.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.artifactory.readinessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.artifactory.readinessProbe.failureThreshold }} + successThreshold: {{ .Values.artifactory.readinessProbe.successThreshold }} + {{- end }} + {{- if .Values.artifactory.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.artifactory.livenessProbe.path }} + scheme: {{ include "artifactory-ha.scheme" . | upper }} + port: {{ .Values.artifactory.internalPort }} + initialDelaySeconds: {{ .Values.artifactory.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.artifactory.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.artifactory.livenessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.artifactory.livenessProbe.failureThreshold }} + successThreshold: {{ .Values.artifactory.livenessProbe.successThreshold }} + {{- end }} + {{- $mountPath := .Values.artifactory.persistence.mountPath }} + {{- range .Values.artifactory.loggers }} + - name: {{ . | replace "_" "-" | replace "." "-" }} + image: {{ include "artifactory-ha.getImageInfoByValue" (list $ "logger") }} + command: + - 'sh' + - '-c' + - 'sh /scripts/tail-log.sh {{ $mountPath }}/log {{ . }}' + volumeMounts: + - name: volume + mountPath: {{ $mountPath }} + - name: tail-logger-script + mountPath: /scripts/tail-log.sh + subPath: tail-log.sh + resources: +{{ toYaml $.Values.artifactory.loggersResources | indent 10 }} + {{- end }} + {{ if .Values.artifactory.catalinaLoggers }} + {{- range .Values.artifactory.catalinaLoggers }} + - name: {{ . | replace "_" "-" | replace "." "-" }} + image: {{ include "artifactory-ha.getImageInfoByValue" (list $ "logger") }} + command: + - 'sh' + - '-c' + - 'sh /scripts/tail-log.sh {{ $mountPath }}/log/tomcat {{ . }}' + volumeMounts: + - name: volume + mountPath: {{ $mountPath }} + - name: tail-logger-script + mountPath: /scripts/tail-log.sh + subPath: tail-log.sh + resources: +{{ toYaml $.Values.artifactory.catalinaLoggersResources | indent 10 }} + {{- end }} + {{- end }} + {{- if .Values.filebeat.enabled }} + - name: {{ .Values.filebeat.name }} + image: "{{ .Values.filebeat.image.repository }}:{{ .Values.filebeat.image.version }}" + imagePullPolicy: {{ .Values.filebeat.image.pullPolicy }} + args: + - "-e" + - "-E" + - "http.enabled=true" + securityContext: + runAsUser: 0 + volumeMounts: + - name: filebeat-config + mountPath: /usr/share/filebeat/filebeat.yml + readOnly: true + subPath: filebeat.yml + - name: volume + mountPath: "{{ .Values.artifactory.persistence.mountPath }}" + livenessProbe: +{{ toYaml .Values.filebeat.livenessProbe | indent 10 }} + readinessProbe: +{{ toYaml .Values.filebeat.readinessProbe | indent 10 }} + resources: +{{ toYaml .Values.filebeat.resources | indent 10 }} + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriod }} + {{- end }} + {{- if or .Values.artifactory.customSidecarContainers .Values.global.customSidecarContainers }} +{{ tpl (include "artifactory-ha.customSidecarContainers" .) . | indent 6 }} + {{- end }} + {{- with .Values.artifactory.node.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- if .Values.artifactory.node.affinity }} + {{- with .Values.artifactory.node.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + {{- else if eq .Values.artifactory.node.podAntiAffinity.type "soft" }} + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + topologyKey: {{ .Values.artifactory.node.podAntiAffinity.topologyKey }} + labelSelector: + matchLabels: + app: {{ template "artifactory-ha.name" . }} + release: {{ .Release.Name }} + {{- if eq .Values.artifactory.service.pool "members" }} + role: {{ template "artifactory-ha.node.name" . }} + {{- end }} + {{- else if eq .Values.artifactory.node.podAntiAffinity.type "hard" }} + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - topologyKey: {{ .Values.artifactory.node.podAntiAffinity.topologyKey }} + labelSelector: + matchLabels: + app: {{ template "artifactory-ha.name" . }} + release: {{ .Release.Name }} + {{- if eq .Values.artifactory.service.pool "members" }} + role: {{ template "artifactory-ha.node.name" . }} + {{- end }} + {{- end }} + {{- with .Values.artifactory.node.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} + volumes: + {{- if or .Values.artifactory.customCertificates.enabled .Values.global.customCertificates.enabled }} + - name: ca-certs + secret: + secretName: {{ default .Values.global.customCertificates.certificateSecretName .Values.artifactory.customCertificates.certificateSecretName }} + {{- end }} + {{- if .Values.artifactory.binarystore.enabled }} + - name: binarystore-xml + secret: + {{- if .Values.artifactory.persistence.customBinarystoreXmlSecret }} + secretName: {{ .Values.artifactory.persistence.customBinarystoreXmlSecret }} + {{- else }} + secretName: {{ template "artifactory-ha.fullname" . }}-binarystore + {{- end }} + {{- end }} + {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} + - name: gcpcreds-json + secret: + {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.customSecretName }} + secretName: {{ .Values.artifactory.persistence.googleStorage.gcpServiceAccount.customSecretName }} + {{- else }} + secretName: {{ template "artifactory-ha.fullname" . }}-gcpcreds + {{- end }} + {{- end }} + {{- if or .Values.artifactory.license.secret .Values.artifactory.license.licenseKey }} + - name: artifactory-license + secret: + {{- if .Values.artifactory.license.secret }} + secretName: {{ .Values.artifactory.license.secret }} + {{- else if .Values.artifactory.license.licenseKey }} + secretName: {{ template "artifactory-ha.fullname" . }}-license + {{- end }} + {{- end }} +{{- if .Values.artifactory.migration.enabled }} + - name: migration-scripts + configMap: + name: {{ template "artifactory-ha.fullname" . }}-migration-scripts +{{- end }} + - name: installer-info + configMap: + name: {{ template "artifactory-ha.fullname" . }}-installer-info + {{- if .Values.artifactory.configMapName }} + - name: bootstrap-config + configMap: + name: {{ .Values.artifactory.configMapName }} + {{- end}} + {{- if or .Values.artifactory.loggers .Values.artifactory.catalinaLoggers }} + - name: tail-logger-script + configMap: + name: {{ template "artifactory-ha.fullname" . }}-logger + {{- end }} + {{- if .Values.artifactory.configMaps }} + - name: artifactory-configmaps + configMap: + name: {{ template "artifactory-ha.fullname" . }}-configmaps + {{- end }} + {{- if eq .Values.artifactory.persistence.type "file-system" }} + {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} + {{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }} + - name: artifactory-ha-data-{{ $sharedClaimNumber }} + persistentVolumeClaim: + claimName: {{ template "artifactory-ha.fullname" $ }}-data-pvc-{{ $sharedClaimNumber }} + {{- end }} + - name: artifactory-ha-backup + persistentVolumeClaim: + claimName: {{ template "artifactory-ha.fullname" $ }}-backup-pvc + {{- end }} + {{- end }} + {{- if eq .Values.artifactory.persistence.type "nfs" }} + - name: artifactory-ha-data + persistentVolumeClaim: + claimName: {{ template "artifactory-ha.fullname" . }}-data-pvc + - name: artifactory-ha-backup + persistentVolumeClaim: + claimName: {{ template "artifactory-ha.fullname" . }}-backup-pvc + {{- end }} + {{- if or .Values.systemYamlOverride.existingSecret .Values.artifactory.systemYaml }} + - name: systemyaml + secret: + secretName: {{ default (printf "%s-%s" (include "artifactory-ha.primary.name" .) "system-yaml") .Values.systemYamlOverride.existingSecret }} + {{- end }} + {{- if .Values.artifactory.customPersistentVolumeClaim }} + - name: {{ .Values.artifactory.customPersistentVolumeClaim.name }} + persistentVolumeClaim: + claimName: {{ .Values.artifactory.customPersistentVolumeClaim.name }} + {{- end }} + {{- if .Values.filebeat.enabled }} + - name: filebeat-config + configMap: + name: {{ template "artifactory-ha.fullname" . }}-filebeat-config + {{- end }} + {{- if or .Values.artifactory.customVolumes .Values.global.customVolumes }} +{{ tpl (include "artifactory-ha.customVolumes" .) . | indent 6 }} + {{- end }} + {{- if not .Values.artifactory.persistence.enabled }} + - name: volume + emptyDir: + sizeLimit: {{ .Values.artifactory.persistence.size }} + {{- end }} + volumeClaimTemplates: + {{- if .Values.artifactory.persistence.enabled }} + - metadata: + name: volume + {{- if not .Values.artifactory.node.persistence.existingClaim }} + spec: + {{- if .Values.artifactory.persistence.storageClassName }} + {{- if (eq "-" .Values.artifactory.persistence.storageClassName) }} + storageClassName: "" + {{- else }} + storageClassName: "{{ .Values.artifactory.persistence.storageClassName }}" + {{- end }} + {{- end }} + accessModes: [ "{{ .Values.artifactory.persistence.accessMode }}" ] + resources: + requests: + storage: {{ .Values.artifactory.persistence.size }} + {{- end }} + {{- end }} + {{- if .Values.artifactory.customPersistentPodVolumeClaim }} + - metadata: + name: {{ .Values.artifactory.customPersistentPodVolumeClaim.name }} + spec: + {{- if .Values.artifactory.customPersistentPodVolumeClaim.storageClassName }} + {{- if (eq "-" .Values.artifactory.customPersistentPodVolumeClaim.storageClassName) }} + storageClassName: "" + {{- else }} + storageClassName: "{{ .Values.artifactory.customPersistentPodVolumeClaim.storageClassName }}" + {{- end }} + {{- end }} + accessModes: + {{- range .Values.artifactory.customPersistentPodVolumeClaim.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.artifactory.customPersistentPodVolumeClaim.size }} + {{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-primary-pdb.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-primary-pdb.yaml new file mode 100644 index 000000000..cc4dfab65 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-primary-pdb.yaml @@ -0,0 +1,20 @@ +{{- if .Values.artifactory.primary.minAvailable -}} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: {{ template "artifactory-ha.fullname" . }}-primary + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + component: {{ .Values.artifactory.name }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + selector: + matchLabels: + component: {{ .Values.artifactory.name }} + app: {{ template "artifactory-ha.name" . }} + role: {{ template "artifactory-ha.primary.name" . }} + release: {{ .Release.Name }} + minAvailable: {{ .Values.artifactory.primary.minAvailable }} +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-primary-statefulset.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-primary-statefulset.yaml new file mode 100644 index 000000000..c86a8b1cb --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-primary-statefulset.yaml @@ -0,0 +1,897 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ template "artifactory-ha.primary.name" . }} + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + component: {{ .Values.artifactory.name }} + version: {{ include "artifactory-ha.app.version" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +{{- with .Values.artifactory.primary.labels }} +{{ toYaml . | indent 4 }} +{{- end }} +{{- if and .Release.IsUpgrade .Values.postgresql.enabled }} + databaseUpgradeReady: {{ required "\n\n*********\nIMPORTANT: UPGRADE STOPPED to prevent data loss!\nReview CHANGELOG.md (https://github.com/jfrog/charts/blob/master/stable/artifactory-ha/CHANGELOG.md) \nNote: This applies only when you are using bundled postgresql (postgresql.enabled=true) \nIf you are upgrading from a chart version (< 4.x) that has postgresql.image.tag of 9.x or 10.x, make sure to pass the current postgresql.image.tag and set databaseUpgradeReady=true \nOR \nIf you are upgrading from a chart version (>= 4.x), just set databaseUpgradeReady=true \n" .Values.databaseUpgradeReady | quote }} +{{- end }} +spec: + serviceName: {{ template "artifactory-ha.primary.name" . }} + replicas: {{ .Values.artifactory.primary.replicaCount }} + updateStrategy: {{- toYaml .Values.artifactory.primary.updateStrategy | nindent 4}} + selector: + matchLabels: + app: {{ template "artifactory-ha.name" . }} + role: {{ template "artifactory-ha.primary.name" . }} + release: {{ .Release.Name }} + template: + metadata: + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + role: {{ template "artifactory-ha.primary.name" . }} + component: {{ .Values.artifactory.name }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + {{- with .Values.artifactory.primary.labels }} +{{ toYaml . | indent 8 }} + {{- end }} + annotations: + checksum/database-secrets: {{ include (print $.Template.BasePath "/artifactory-database-secrets.yaml") . | sha256sum }} + checksum/binarystore: {{ include (print $.Template.BasePath "/artifactory-binarystore-secret.yaml") . | sha256sum }} + checksum/systemyaml: {{ include (print $.Template.BasePath "/artifactory-system-yaml.yaml") . | sha256sum }} + {{- if .Values.access.accessConfig }} + checksum/access-config: {{ include (print $.Template.BasePath "/artifactory-access-config.yaml") . | sha256sum }} + {{- end }} + {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} + checksum/gcpcredentials: {{ include (print $.Template.BasePath "/artifactory-gcp-credentials-secret.yaml") . | sha256sum }} + {{- end }} + {{- if not (and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey) }} + checksum/admin-creds: {{ include (print $.Template.BasePath "/admin-bootstrap-creds.yaml") . | sha256sum }} + {{- end }} + {{- range $key, $value := .Values.artifactory.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + spec: + {{- if .Values.artifactory.priorityClass.existingPriorityClass }} + priorityClassName: {{ .Values.artifactory.priorityClass.existingPriorityClass }} + {{- else -}} + {{- if .Values.artifactory.priorityClass.create }} + priorityClassName: {{ default (include "artifactory-ha.fullname" .) .Values.artifactory.priorityClass.name }} + {{- end }} + {{- end }} + serviceAccountName: {{ template "artifactory-ha.serviceAccountName" . }} + terminationGracePeriodSeconds: {{ .Values.artifactory.terminationGracePeriodSeconds }} + {{- if or .Values.imagePullSecrets .Values.global.imagePullSecrets }} +{{- include "artifactory-ha.imagePullSecrets" . | indent 6 }} + {{- end }} + {{- if .Values.artifactory.setSecurityContext }} + securityContext: + runAsUser: {{ .Values.artifactory.uid }} + fsGroup: {{ .Values.artifactory.gid }} + {{- end }} + initContainers: + {{- if or .Values.artifactory.customInitContainersBegin .Values.global.customInitContainersBegin }} +{{ tpl (include "artifactory-ha.customInitContainersBegin" .) . | indent 6 }} + {{- end }} + {{- if .Values.artifactory.persistence.enabled }} + {{- if eq .Values.artifactory.persistence.type "file-system" }} + {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} + - name: "create-artifactory-data-dir" + image: "{{ .Values.initContainerImage }}" + imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} + resources: +{{ toYaml .Values.initContainers.resources | indent 10 }} + command: + - 'sh' + - '-c' + - > + mkdir -p {{ tpl .Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir . }}; + volumeMounts: + - mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} + name: volume + {{- end }} + {{- end }} + {{- if .Values.artifactory.deleteDBPropertiesOnStartup }} + - name: "delete-db-properties" + image: "{{ .Values.initContainerImage }}" + imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} + resources: +{{ toYaml .Values.initContainers.resources | indent 10 }} + command: + - 'sh' + - '-c' + - 'rm -fv {{ .Values.artifactory.persistence.mountPath }}/etc/db.properties' + volumeMounts: + - mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} + name: volume + {{- end }} + - name: "remove-lost-found" + image: "{{ .Values.initContainerImage }}" + imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} + resources: +{{ toYaml .Values.initContainers.resources | indent 10 }} + command: + - 'sh' + - '-c' + - > + rm -rfv {{ .Values.artifactory.persistence.mountPath }}/lost+found; + rm -rfv {{ tpl .Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir . }}/lost+found; + rm -rfv {{ .Values.artifactory.persistence.fileSystem.existingSharedClaim.backupDir }}/lost+found; + volumeMounts: + - name: volume + mountPath: "{{ .Values.artifactory.persistence.mountPath }}" + {{- if eq .Values.artifactory.persistence.type "file-system" }} + {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} + {{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }} + - name: artifactory-ha-data-{{ $sharedClaimNumber }} + mountPath: "{{ tpl $.Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir $ }}/filestore{{ $sharedClaimNumber }}" + {{- end }} + - name: artifactory-ha-backup + mountPath: "{{ $.Values.artifactory.persistence.fileSystem.existingSharedClaim.backupDir }}" + {{- end }} + {{- end }} + {{- if or (and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey) .Values.artifactory.admin.password }} + - name: "access-bootstrap-creds" + image: "{{ .Values.initContainerImage }}" + imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} + resources: +{{ toYaml .Values.initContainers.resources | indent 10 }} + command: + - 'sh' + - '-c' + - > + echo "Preparing {{ .Values.artifactory.persistence.mountPath }}/etc/access/bootstrap.creds"; + mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/access; + cp -Lrf /tmp/access/bootstrap.creds {{ .Values.artifactory.persistence.mountPath }}/etc/access/bootstrap.creds; + chmod 600 {{ .Values.artifactory.persistence.mountPath }}/etc/access/bootstrap.creds; + volumeMounts: + - name: volume + mountPath: "{{ .Values.artifactory.persistence.mountPath }}" + - name: access-bootstrap-creds + mountPath: "/tmp/access/bootstrap.creds" + {{- if and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey }} + subPath: {{ .Values.artifactory.admin.dataKey }} + {{- else }} + subPath: bootstrap.creds + {{- end }} + {{- end }} + {{- end }} + - name: 'copy-system-yaml' + image: '{{ .Values.initContainerImage }}' + resources: +{{ toYaml .Values.initContainers.resources | indent 10 }} + command: + - '/bin/sh' + - '-c' + - > + echo "Copy system.yaml to {{ .Values.artifactory.persistence.mountPath }}/etc"; + mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc; + mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/access/keys/trusted; + {{- if .Values.systemYamlOverride.existingSecret }} + cp -fv /tmp/etc/{{ .Values.systemYamlOverride.dataKey }} {{ .Values.artifactory.persistence.mountPath }}/etc/system.yaml; + {{- else }} + cp -fv /tmp/etc/system.yaml {{ .Values.artifactory.persistence.mountPath }}/etc/system.yaml; + {{- end }} + echo "Remove {{ .Values.artifactory.persistence.mountPath }}/lost+found folder if exists"; + rm -rfv {{ .Values.artifactory.persistence.mountPath }}/lost+found; + {{- if .Values.access.accessConfig }} + echo "Copy access.config.patch.yml to {{ .Values.artifactory.persistence.mountPath }}/etc/access"; + mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/access; + cp -fv /tmp/etc/access.config.patch.yml {{ .Values.artifactory.persistence.mountPath }}/etc/access/access.config.patch.yml; + {{- end }} + {{- if .Values.access.resetAccessCAKeys }} + echo "Resetting Access CA Keys"; + mkdir -p {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys; + touch {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys/reset_ca_keys; + {{- end }} + {{- if .Values.access.customCertificatesSecretName }} + echo "Copying custom certificates to {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys"; + mkdir -p {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys; + cp -fv /tmp/etc/tls.crt {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys/ca.crt; + cp -fv /tmp/etc/tls.key {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys/ca.private.key; + {{- end }} + {{- if or .Values.artifactory.joinKey .Values.global.joinKey .Values.artifactory.joinKeySecretName .Values.global.joinKeySecretName }} + echo "Copy joinKey to {{ .Values.artifactory.persistence.mountPath }}/bootstrap/access/etc/security"; + mkdir -p {{ .Values.artifactory.persistence.mountPath }}/bootstrap/access/etc/security; + echo -n ${ARTIFACTORY_JOIN_KEY} > {{ .Values.artifactory.persistence.mountPath }}/bootstrap/access/etc/security/join.key; + {{- end }} + {{- if or .Values.artifactory.masterKey .Values.global.masterKey .Values.artifactory.masterKeySecretName .Values.global.masterKeySecretName }} + echo "Copy masterKey to {{ .Values.artifactory.persistence.mountPath }}/etc/security"; + mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/security; + echo -n ${ARTIFACTORY_MASTER_KEY} > {{ .Values.artifactory.persistence.mountPath }}/etc/security/master.key; + {{- end }} + env: + {{- if or .Values.artifactory.joinKey .Values.global.joinKey .Values.artifactory.joinKeySecretName .Values.global.joinKeySecretName }} + - name: ARTIFACTORY_JOIN_KEY + valueFrom: + secretKeyRef: + name: {{ include "artifactory-ha.joinKeySecretName" . }} + key: join-key + {{- end }} + {{- if or .Values.artifactory.masterKey .Values.global.masterKey .Values.artifactory.masterKeySecretName .Values.global.masterKeySecretName }} + - name: ARTIFACTORY_MASTER_KEY + valueFrom: + secretKeyRef: + name: {{ include "artifactory-ha.masterKeySecretName" . }} + key: master-key + {{- end }} + volumeMounts: + - name: volume + mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} + {{- if or .Values.systemYamlOverride.existingSecret .Values.artifactory.systemYaml }} + - name: systemyaml + {{- if .Values.systemYamlOverride.existingSecret }} + mountPath: "/tmp/etc/{{.Values.systemYamlOverride.dataKey}}" + subPath: {{ .Values.systemYamlOverride.dataKey }} + {{- else if .Values.artifactory.systemYaml }} + mountPath: "/tmp/etc/system.yaml" + subPath: system.yaml + {{- end }} + {{- end }} + {{- if .Values.access.accessConfig }} + - name: access-config + mountPath: "/tmp/etc/access.config.patch.yml" + subPath: access.config.patch.yml + {{- end }} + {{- if .Values.access.customCertificatesSecretName }} + - name: access-certs + mountPath: "/tmp/etc/tls.crt" + subPath: tls.crt + - name: access-certs + mountPath: "/tmp/etc/tls.key" + subPath: tls.key + {{- end }} + {{- if and .Values.artifactory.customPersistentPodVolumeClaim (not .Values.artifactory.customPersistentPodVolumeClaim.skipPrepareContainer) }} + - name: "prepare-custom-persistent-volume" + image: "{{ .Values.initContainerImage }}" + resources: +{{ toYaml .Values.initContainers.resources | indent 10 }} + command: + - 'sh' + - '-c' + - > + chown -Rv {{ .Values.artifactory.uid }}:{{ .Values.artifactory.gid }} {{ .Values.artifactory.customPersistentPodVolumeClaim.mountPath }} + securityContext: + capabilities: + add: + - CHOWN + resources: +{{ toYaml .Values.initContainers.resources | indent 10 }} + volumeMounts: + - name: {{ .Values.artifactory.customPersistentPodVolumeClaim.name }} + mountPath: {{ .Values.artifactory.customPersistentPodVolumeClaim.mountPath }} + {{- end }} + {{- if or .Values.artifactory.customCertificates.enabled .Values.global.customCertificates.enabled }} + - name: copy-custom-certificates + image: "{{ .Values.initContainerImage }}" + resources: +{{ toYaml .Values.initContainers.resources | indent 10 }} + command: + - 'sh' + - '-c' + - > +{{ include "artifactory-ha.copyCustomCerts" . | indent 10 }} + volumeMounts: + - name: volume + mountPath: {{ .Values.artifactory.persistence.mountPath }} + - name: ca-certs + mountPath: "/tmp/certs" + {{- end }} + {{- if .Values.waitForDatabase }} + {{- if or .Values.postgresql.enabled }} + - name: "wait-for-db" + image: "{{ .Values.initContainerImage }}" + command: + - 'sh' + - '-c' + - > + until nc -z -w 2 {{ .Release.Name }}-postgresql {{ .Values.postgresql.service.port }} && echo database ok; do + sleep 2; + done; + resources: +{{ toYaml .Values.initContainers.resources | indent 10 }} + {{- end }} + {{- end }} + {{- if or .Values.artifactory.customInitContainers .Values.global.customInitContainers }} +{{ tpl (include "artifactory-ha.customInitContainers" .) . | indent 6 }} + {{- end }} +{{- if .Values.artifactory.migration.enabled }} + - name: 'migration-artifactory-ha' + image: {{ include "artifactory-ha.getImageInfoByValue" (list . "artifactory") }} + imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} + resources: +{{ toYaml .Values.artifactory.primary.resources | indent 10 }} + securityContext: + allowPrivilegeEscalation: false + command: + - '/bin/bash' + - '-c' + - > + {{- if .Values.artifactory.migration.preStartCommand }} + echo "Running custom preStartCommand command"; + {{ tpl .Values.artifactory.migration.preStartCommand . }}; + {{- end }} + scriptsPath="/opt/jfrog/artifactory/app/bin"; + mkdir -p $scriptsPath; + echo "Copy migration scripts and Run migration"; + cp -fv /tmp/migrate.sh $scriptsPath/migrate.sh; + cp -fv /tmp/migrationHelmInfo.yaml $scriptsPath/migrationHelmInfo.yaml; + cp -fv /tmp/migrationStatus.sh $scriptsPath/migrationStatus.sh; + mkdir -p {{ .Values.artifactory.persistence.mountPath }}/log; + bash $scriptsPath/migrationStatus.sh {{ include "artifactory-ha.app.version" . }} {{ .Values.artifactory.migration.timeoutSeconds }} > >(tee {{ .Values.artifactory.persistence.mountPath }}/log/helm-migration.log) 2>&1; + env: + {{- if and (not .Values.waitForDatabase) (not .Values.postgresql.enabled) }} + - name: SKIP_WAIT_FOR_EXTERNAL_DB + value: "true" + {{- end }} + {{- if or .Values.database.secrets.user .Values.database.user }} + - name: JF_SHARED_DATABASE_USERNAME + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.user }} + name: {{ tpl .Values.database.secrets.user.name . }} + key: {{ tpl .Values.database.secrets.user.key . }} + {{- else if .Values.database.user }} + name: {{ template "artifactory-ha.fullname" . }}-database-creds + key: db-user + {{- end }} + {{- end }} + {{ if or .Values.database.secrets.password .Values.database.password .Values.postgresql.enabled }} + - name: JF_SHARED_DATABASE_PASSWORD + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.password }} + name: {{ tpl .Values.database.secrets.password.name . }} + key: {{ tpl .Values.database.secrets.password.key . }} + {{- else if .Values.database.password }} + name: {{ template "artifactory-ha.fullname" . }}-database-creds + key: db-password + {{- else if .Values.postgresql.enabled }} + name: {{ .Release.Name }}-postgresql + key: postgresql-password + {{- end }} + {{- end }} + {{- if or .Values.database.secrets.url .Values.database.url }} + - name: JF_SHARED_DATABASE_URL + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.url }} + name: {{ tpl .Values.database.secrets.url.name . }} + key: {{ tpl .Values.database.secrets.url.key . }} + {{- else if .Values.database.url }} + name: {{ template "artifactory-ha.fullname" . }}-database-creds + key: db-url + {{- end }} + {{- end }} + - name: JF_SHARED_NODE_PRIMARY + value: "true" + - name: JF_SHARED_NODE_HAENABLED + value: "true" +{{- with .Values.artifactory.extraEnvironmentVariables }} +{{ tpl (toYaml .) $ | indent 8 }} +{{- end }} + volumeMounts: + - name: migration-scripts + mountPath: "/tmp/migrate.sh" + subPath: migrate.sh + - name: migration-scripts + mountPath: "/tmp/migrationHelmInfo.yaml" + subPath: migrationHelmInfo.yaml + - name: migration-scripts + mountPath: "/tmp/migrationStatus.sh" + subPath: migrationStatus.sh + - name: volume + mountPath: "{{ .Values.artifactory.persistence.mountPath }}" + {{- if eq .Values.artifactory.persistence.type "file-system" }} + {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} + {{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }} + - name: artifactory-ha-data-{{ $sharedClaimNumber }} + mountPath: "{{ tpl $.Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir $ }}/filestore{{ $sharedClaimNumber }}" + {{- end }} + - name: artifactory-ha-backup + mountPath: "{{ $.Values.artifactory.persistence.fileSystem.existingSharedClaim.backupDir }}" + {{- end }} + {{- end }} + {{- if or .Values.artifactory.customVolumeMounts .Values.global.customVolumeMounts }} +{{ tpl (include "artifactory-ha.customVolumeMounts" .) . | indent 8 }} + {{- end }} + {{- if eq .Values.artifactory.persistence.type "nfs" }} + - name: artifactory-ha-data + mountPath: "{{ .Values.artifactory.persistence.nfs.dataDir }}" + - name: artifactory-ha-backup + mountPath: "{{ .Values.artifactory.persistence.nfs.backupDir }}" + {{- else }} + {{- if .Values.artifactory.binarystore.enabled }} + - name: binarystore-xml + mountPath: "/artifactory_bootstrap/binarystore.xml" + subPath: binarystore.xml + {{- end }} + {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} + - name: gcpcreds-json + mountPath: "/artifactory_bootstrap/gcp.credentials.json" + subPath: gcp.credentials.json + {{- end }} + {{- end }} +{{- end }} + {{- if .Values.hostAliases }} + hostAliases: +{{ toYaml .Values.hostAliases | indent 6 }} + {{- end }} + containers: + - name: {{ .Values.artifactory.name }} + image: {{ include "artifactory-ha.getImageInfoByValue" (list . "artifactory") }} + imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} + securityContext: + allowPrivilegeEscalation: false + command: + - '/bin/bash' + - '-c' + - > + set -e; + if [ -d /artifactory_extra_conf ] && [ -d /artifactory_bootstrap ]; then + echo "Copying bootstrap config from /artifactory_extra_conf to /artifactory_bootstrap"; + cp -Lrfv /artifactory_extra_conf/ /artifactory_bootstrap/; + fi; + {{- if .Values.artifactory.configMapName }} + echo "Copying bootstrap configs"; + cp -Lrf /bootstrap/* /artifactory_bootstrap/; + {{- end }} + {{- if .Values.artifactory.userPluginSecrets }} + echo "Copying plugins"; + cp -Lrf /tmp/plugin/*/* /artifactory_bootstrap/plugins; + {{- end }} + {{- range .Values.artifactory.copyOnEveryStartup }} + {{- $targetPath := printf "%s/%s" $.Values.artifactory.persistence.mountPath .target }} + {{- $baseDirectory := regexFind ".*/" $targetPath }} + mkdir -p {{ $baseDirectory }}; + cp -Lrf {{ .source }} {{ $.Values.artifactory.persistence.mountPath }}/{{ .target }}; + {{- end }} + {{- with .Values.artifactory.preStartCommand }} + echo "Running custom preStartCommand command"; + {{ tpl . $ }}; + {{- end }} + {{- with .Values.artifactory.primary.preStartCommand }} + echo "Running primary specific custom preStartCommand command"; + {{ tpl . $ }}; + {{- end }} + exec /entrypoint-artifactory.sh + {{- with .Values.artifactory.postStartCommand }} + lifecycle: + postStart: + exec: + command: + - '/bin/bash' + - '-c' + - > + echo "Running custom postStartCommand command"; + {{ tpl . $ }}; + {{- end }} + env: + {{- if and (not .Values.waitForDatabase) (not .Values.postgresql.enabled) }} + - name: SKIP_WAIT_FOR_EXTERNAL_DB + value: "true" + {{- end }} + {{- if or .Values.database.secrets.user .Values.database.user }} + - name: JF_SHARED_DATABASE_USERNAME + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.user }} + name: {{ tpl .Values.database.secrets.user.name . }} + key: {{ tpl .Values.database.secrets.user.key . }} + {{- else if .Values.database.user }} + name: {{ template "artifactory-ha.fullname" . }}-database-creds + key: db-user + {{- end }} + {{- end }} + {{ if or .Values.database.secrets.password .Values.database.password .Values.postgresql.enabled }} + - name: JF_SHARED_DATABASE_PASSWORD + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.password }} + name: {{ tpl .Values.database.secrets.password.name . }} + key: {{ tpl .Values.database.secrets.password.key . }} + {{- else if .Values.database.password }} + name: {{ template "artifactory-ha.fullname" . }}-database-creds + key: db-password + {{- else if .Values.postgresql.enabled }} + name: {{ .Release.Name }}-postgresql + key: postgresql-password + {{- end }} + {{- end }} + {{- if or .Values.database.secrets.url .Values.database.url }} + - name: JF_SHARED_DATABASE_URL + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.url }} + name: {{ tpl .Values.database.secrets.url.name . }} + key: {{ tpl .Values.database.secrets.url.key . }} + {{- else if .Values.database.url }} + name: {{ template "artifactory-ha.fullname" . }}-database-creds + key: db-url + {{- end }} + {{- end }} + - name: JF_SHARED_NODE_PRIMARY + value: "true" + - name: JF_SHARED_NODE_HAENABLED + value: "true" +{{- with .Values.artifactory.extraEnvironmentVariables }} +{{ tpl (toYaml .) $ | indent 8 }} +{{- end }} + ports: + - containerPort: {{ .Values.artifactory.internalPort }} + name: http + - containerPort: {{ .Values.artifactory.internalArtifactoryPort }} + name: http-internal + {{- if .Values.artifactory.primary.javaOpts.jmx.enabled }} + - containerPort: {{ .Values.artifactory.primary.javaOpts.jmx.port }} + name: tcp-jmx + {{- end }} + {{- if .Values.artifactory.ssh.enabled }} + - containerPort: {{ .Values.artifactory.ssh.internalPort }} + name: tcp-ssh + {{- end }} + volumeMounts: + {{- if .Values.artifactory.customPersistentVolumeClaim }} + - name: {{ .Values.artifactory.customPersistentVolumeClaim.name }} + mountPath: {{ .Values.artifactory.customPersistentVolumeClaim.mountPath }} + {{- end }} + {{- if .Values.artifactory.customPersistentPodVolumeClaim }} + - name: {{ .Values.artifactory.customPersistentPodVolumeClaim.name }} + mountPath: {{ .Values.artifactory.customPersistentPodVolumeClaim.mountPath }} + {{- end }} + {{- if .Values.artifactory.userPluginSecrets }} + - name: bootstrap-plugins + mountPath: "/artifactory_bootstrap/plugins/" + {{- range .Values.artifactory.userPluginSecrets }} + - name: {{ tpl . $ }} + mountPath: "/tmp/plugin/{{ tpl . $ }}" + {{- end }} + {{- end }} + - name: volume + mountPath: "{{ .Values.artifactory.persistence.mountPath }}" + {{- if eq .Values.artifactory.persistence.type "file-system" }} + {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} + {{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }} + - name: artifactory-ha-data-{{ $sharedClaimNumber }} + mountPath: "{{ tpl $.Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir $ }}/filestore{{ $sharedClaimNumber }}" + {{- end }} + - name: artifactory-ha-backup + mountPath: "{{ $.Values.artifactory.persistence.fileSystem.existingSharedClaim.backupDir }}" + {{- end }} + {{- end }} + {{- if eq .Values.artifactory.persistence.type "nfs" }} + - name: artifactory-ha-data + mountPath: "{{ .Values.artifactory.persistence.nfs.dataDir }}" + - name: artifactory-ha-backup + mountPath: "{{ .Values.artifactory.persistence.nfs.backupDir }}" + {{- else }} + {{- if .Values.artifactory.binarystore.enabled }} + - name: binarystore-xml + mountPath: "/artifactory_bootstrap/binarystore.xml" + subPath: binarystore.xml + {{- end }} + {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} + - name: gcpcreds-json + mountPath: "/artifactory_bootstrap/gcp.credentials.json" + subPath: gcp.credentials.json + {{- end }} + {{- end }} + {{- if .Values.artifactory.configMapName }} + - name: bootstrap-config + mountPath: "/bootstrap/" + {{- end }} + {{- if or .Values.artifactory.license.secret .Values.artifactory.license.licenseKey }} + - name: artifactory-license + mountPath: "/artifactory_bootstrap/artifactory.cluster.license" + {{- if .Values.artifactory.license.secret }} + subPath: {{ .Values.artifactory.license.dataKey }} + {{- else if .Values.artifactory.license.licenseKey }} + subPath: artifactory.lic + {{- end }} + {{- end }} + - name: installer-info + mountPath: "/artifactory_bootstrap/info/installer-info.json" + subPath: installer-info.json + {{- if or .Values.artifactory.customVolumeMounts .Values.global.customVolumeMounts }} +{{ tpl (include "artifactory-ha.customVolumeMounts" .) . | indent 8 }} + {{- end }} + resources: +{{ toYaml .Values.artifactory.primary.resources | indent 10 }} + {{- if .Values.artifactory.startupProbe.enabled }} + startupProbe: + httpGet: + path: {{ .Values.artifactory.startupProbe.path }} + scheme: {{ include "artifactory-ha.scheme" . | upper }} + port: {{ .Values.artifactory.internalPort }} + initialDelaySeconds: {{ .Values.artifactory.startupProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.artifactory.startupProbe.periodSeconds }} + failureThreshold: {{ .Values.artifactory.startupProbe.failureThreshold }} + timeoutSeconds: {{ .Values.artifactory.startupProbe.timeoutSeconds }} + {{- end }} + {{- if .Values.artifactory.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.artifactory.readinessProbe.path }} + scheme: {{ include "artifactory-ha.scheme" . | upper }} + port: {{ .Values.artifactory.internalPort }} + initialDelaySeconds: {{ .Values.artifactory.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.artifactory.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.artifactory.readinessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.artifactory.readinessProbe.failureThreshold }} + successThreshold: {{ .Values.artifactory.readinessProbe.successThreshold }} + {{- end }} + {{- if .Values.artifactory.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.artifactory.livenessProbe.path }} + scheme: {{ include "artifactory-ha.scheme" . | upper }} + port: {{ .Values.artifactory.internalPort }} + initialDelaySeconds: {{ .Values.artifactory.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.artifactory.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.artifactory.livenessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.artifactory.livenessProbe.failureThreshold }} + successThreshold: {{ .Values.artifactory.livenessProbe.successThreshold }} + {{- end }} + {{- $mountPath := .Values.artifactory.persistence.mountPath }} + {{- range .Values.artifactory.loggers }} + - name: {{ . | replace "_" "-" | replace "." "-" }} + image: {{ include "artifactory-ha.getImageInfoByValue" (list $ "logger") }} + command: + - 'sh' + - '-c' + - 'sh /scripts/tail-log.sh {{ $mountPath }}/log {{ . }}' + volumeMounts: + - name: volume + mountPath: {{ $mountPath }} + - name: tail-logger-script + mountPath: /scripts/tail-log.sh + subPath: tail-log.sh + resources: +{{ toYaml $.Values.artifactory.loggersResources | indent 10 }} + {{- end }} + {{ if .Values.artifactory.catalinaLoggers }} + {{- range .Values.artifactory.catalinaLoggers }} + - name: {{ . | replace "_" "-" | replace "." "-" }} + image: {{ include "artifactory-ha.getImageInfoByValue" (list $ "logger") }} + command: + - 'sh' + - '-c' + - 'sh /scripts/tail-log.sh {{ $mountPath }}/log/tomcat {{ . }}' + volumeMounts: + - name: volume + mountPath: {{ $mountPath }} + - name: tail-logger-script + mountPath: /scripts/tail-log.sh + subPath: tail-log.sh + resources: +{{ toYaml $.Values.artifactory.catalinaLoggersResources | indent 10 }} + {{- end }} + {{- end }} + {{- if .Values.filebeat.enabled }} + - name: {{ .Values.filebeat.name }} + image: "{{ .Values.filebeat.image.repository }}:{{ .Values.filebeat.image.version }}" + imagePullPolicy: {{ .Values.filebeat.image.pullPolicy }} + args: + - "-e" + - "-E" + - "http.enabled=true" + securityContext: + runAsUser: 0 + volumeMounts: + - name: filebeat-config + mountPath: /usr/share/filebeat/filebeat.yml + readOnly: true + subPath: filebeat.yml + - name: volume + mountPath: "{{ .Values.artifactory.persistence.mountPath }}" + livenessProbe: +{{ toYaml .Values.filebeat.livenessProbe | indent 10 }} + readinessProbe: +{{ toYaml .Values.filebeat.readinessProbe | indent 10 }} + resources: +{{ toYaml .Values.filebeat.resources | indent 10 }} + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriod }} + {{- end }} + {{- if or .Values.artifactory.customSidecarContainers .Values.global.customSidecarContainers }} +{{ tpl (include "artifactory-ha.customSidecarContainers" .) . | indent 6 }} + {{- end }} + {{- with .Values.artifactory.primary.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- if .Values.artifactory.primary.affinity }} + {{- with .Values.artifactory.primary.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + {{- else if eq .Values.artifactory.primary.podAntiAffinity.type "soft" }} + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + topologyKey: {{ .Values.artifactory.primary.podAntiAffinity.topologyKey }} + labelSelector: + matchLabels: + app: {{ template "artifactory-ha.name" . }} + release: {{ .Release.Name }} + {{- else if eq .Values.artifactory.primary.podAntiAffinity.type "hard" }} + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - topologyKey: {{ .Values.artifactory.primary.podAntiAffinity.topologyKey }} + labelSelector: + matchLabels: + app: {{ template "artifactory-ha.name" . }} + release: {{ .Release.Name }} + {{- end }} + {{- with .Values.artifactory.primary.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} + volumes: + {{- if or .Values.artifactory.customCertificates.enabled .Values.global.customCertificates.enabled }} + - name: ca-certs + secret: + secretName: {{ default .Values.global.customCertificates.certificateSecretName .Values.artifactory.customCertificates.certificateSecretName }} + {{- end }} + {{- if .Values.artifactory.binarystore.enabled }} + - name: binarystore-xml + secret: + {{- if .Values.artifactory.persistence.customBinarystoreXmlSecret }} + secretName: {{ .Values.artifactory.persistence.customBinarystoreXmlSecret }} + {{- else }} + secretName: {{ template "artifactory-ha.fullname" . }}-binarystore + {{- end }} + {{- end }} + {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} + - name: gcpcreds-json + secret: + {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.customSecretName }} + secretName: {{ .Values.artifactory.persistence.googleStorage.gcpServiceAccount.customSecretName }} + {{- else }} + secretName: {{ template "artifactory-ha.fullname" . }}-gcpcreds + {{- end }} + {{- end }} + {{- if or .Values.artifactory.license.secret .Values.artifactory.license.licenseKey }} + - name: artifactory-license + secret: + {{- if .Values.artifactory.license.secret }} + secretName: {{ .Values.artifactory.license.secret }} + {{- else if .Values.artifactory.license.licenseKey }} + secretName: {{ template "artifactory-ha.fullname" . }}-license + {{- end }} + {{- end }} +{{- if .Values.artifactory.migration.enabled }} + - name: migration-scripts + configMap: + name: {{ template "artifactory-ha.fullname" . }}-migration-scripts +{{- end }} + - name: installer-info + configMap: + name: {{ template "artifactory-ha.fullname" . }}-installer-info + {{- if .Values.artifactory.userPluginSecrets }} + - name: bootstrap-plugins + emptyDir: {} + {{- range .Values.artifactory.userPluginSecrets }} + - name: {{ tpl . $ }} + secret: + secretName: {{ tpl . $ }} + {{- end }} + {{- end }} + {{- if .Values.artifactory.configMapName }} + - name: bootstrap-config + configMap: + name: {{ .Values.artifactory.configMapName }} + {{- end}} + {{- if or .Values.artifactory.loggers .Values.artifactory.catalinaLoggers }} + - name: tail-logger-script + configMap: + name: {{ template "artifactory-ha.fullname" . }}-logger + {{- end }} + {{- if .Values.artifactory.configMaps }} + - name: artifactory-configmaps + configMap: + name: {{ template "artifactory-ha.fullname" . }}-configmaps + {{- end }} + {{- if or (and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey) .Values.artifactory.admin.password }} + - name: access-bootstrap-creds + secret: + {{- if and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey }} + secretName: {{ .Values.artifactory.admin.secret }} + {{- else }} + secretName: {{ template "artifactory-ha.fullname" . }}-bootstrap-creds + {{- end }} + {{- end }} + {{- if eq .Values.artifactory.persistence.type "file-system" }} + {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} + {{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }} + - name: artifactory-ha-data-{{ $sharedClaimNumber }} + persistentVolumeClaim: + claimName: {{ template "artifactory-ha.fullname" $ }}-data-pvc-{{ $sharedClaimNumber }} + {{- end }} + - name: artifactory-ha-backup + persistentVolumeClaim: + claimName: {{ template "artifactory-ha.fullname" $ }}-backup-pvc + {{- end }} + {{- end }} + {{- if eq .Values.artifactory.persistence.type "nfs" }} + - name: artifactory-ha-data + persistentVolumeClaim: + claimName: {{ template "artifactory-ha.fullname" . }}-data-pvc + - name: artifactory-ha-backup + persistentVolumeClaim: + claimName: {{ template "artifactory-ha.fullname" . }}-backup-pvc + {{- end }} + {{- if or .Values.systemYamlOverride.existingSecret .Values.artifactory.systemYaml }} + - name: systemyaml + secret: + secretName: {{ default (printf "%s-%s" (include "artifactory-ha.primary.name" .) "system-yaml") .Values.systemYamlOverride.existingSecret }} + {{- end }} + {{- if .Values.access.accessConfig }} + - name: access-config + secret: + secretName: {{ template "artifactory-ha.fullname" . }}-access-config + {{- end }} + {{- if .Values.access.customCertificatesSecretName }} + - name: access-certs + secret: + secretName: {{ .Values.access.customCertificatesSecretName }} + {{- end }} + {{- if .Values.artifactory.customPersistentVolumeClaim }} + - name: {{ .Values.artifactory.customPersistentVolumeClaim.name }} + persistentVolumeClaim: + claimName: {{ .Values.artifactory.customPersistentVolumeClaim.name }} + {{- end }} + {{- if .Values.filebeat.enabled }} + - name: filebeat-config + configMap: + name: {{ template "artifactory-ha.fullname" . }}-filebeat-config + {{- end }} + {{- if or .Values.artifactory.customVolumes .Values.global.customVolumes }} +{{ tpl (include "artifactory-ha.customVolumes" .) . | indent 6 }} + {{- end }} + {{- if not .Values.artifactory.persistence.enabled }} + - name: volume + emptyDir: + sizeLimit: {{ .Values.artifactory.persistence.size }} + {{- end }} + volumeClaimTemplates: + {{- if .Values.artifactory.persistence.enabled }} + - metadata: + name: volume + {{- if not .Values.artifactory.primary.persistence.existingClaim }} + spec: + {{- if .Values.artifactory.persistence.storageClassName }} + {{- if (eq "-" .Values.artifactory.persistence.storageClassName) }} + storageClassName: "" + {{- else }} + storageClassName: "{{ .Values.artifactory.persistence.storageClassName }}" + {{- end }} + {{- end }} + accessModes: [ "{{ .Values.artifactory.persistence.accessMode }}" ] + resources: + requests: + storage: {{ .Values.artifactory.persistence.size }} + {{- end }} + {{- end }} + {{- if .Values.artifactory.customPersistentPodVolumeClaim }} + - metadata: + name: {{ .Values.artifactory.customPersistentPodVolumeClaim.name }} + spec: + {{- if .Values.artifactory.customPersistentPodVolumeClaim.storageClassName }} + {{- if (eq "-" .Values.artifactory.customPersistentPodVolumeClaim.storageClassName) }} + storageClassName: "" + {{- else }} + storageClassName: "{{ .Values.artifactory.customPersistentPodVolumeClaim.storageClassName }}" + {{- end }} + {{- end }} + accessModes: + {{- range .Values.artifactory.customPersistentPodVolumeClaim.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.artifactory.customPersistentPodVolumeClaim.size }} + {{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-priority-class.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-priority-class.yaml new file mode 100644 index 000000000..417ec5c06 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-priority-class.yaml @@ -0,0 +1,9 @@ +{{- if .Values.artifactory.priorityClass.create }} +apiVersion: scheduling.k8s.io/v1 +kind: PriorityClass +metadata: + name: {{ default (include "artifactory-ha.fullname" .) .Values.artifactory.priorityClass.name }} +value: {{ .Values.artifactory.priorityClass.value }} +globalDefault: false +description: "Artifactory priority class" +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-role.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-role.yaml new file mode 100644 index 000000000..c86bffddd --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-role.yaml @@ -0,0 +1,14 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + component: {{ .Values.artifactory.name }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + name: {{ template "artifactory-ha.fullname" . }} +rules: +{{ toYaml .Values.rbac.role.rules }} +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-rolebinding.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-rolebinding.yaml new file mode 100644 index 000000000..4412870b1 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-rolebinding.yaml @@ -0,0 +1,19 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + component: {{ .Values.artifactory.name }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + name: {{ template "artifactory-ha.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ template "artifactory-ha.serviceAccountName" . }} +roleRef: + kind: Role + apiGroup: rbac.authorization.k8s.io + name: {{ template "artifactory-ha.fullname" . }} +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-secrets.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-secrets.yaml new file mode 100644 index 000000000..5870428ca --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-secrets.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "artifactory-ha.fullname" . }} + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +type: Opaque +data: + {{- if or .Values.artifactory.masterKey .Values.global.masterKey }} + {{- if not (or .Values.artifactory.masterKeySecretName .Values.global.masterKeySecretName) }} + master-key: {{ include "artifactory-ha.masterKey" . | b64enc | quote }} + {{- end }} + {{- end }} + {{- if or .Values.artifactory.joinKey .Values.global.joinKey }} + {{- if not (or .Values.artifactory.joinKeySecretName .Values.global.joinKeySecretName) }} + join-key: {{ include "artifactory-ha.joinKey" . | b64enc | quote }} + {{- end }} + {{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-service.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-service.yaml new file mode 100644 index 000000000..baacb970f --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-service.yaml @@ -0,0 +1,109 @@ +# Service for all Artifactory cluster nodes. +apiVersion: v1 +kind: Service +metadata: + name: {{ template "artifactory-ha.fullname" . }} + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + component: {{ .Values.artifactory.name }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + {{- with .Values.artifactory.node.labels }} +{{ toYaml .| indent 4 }} + {{- end }} +{{- if .Values.artifactory.service.annotations }} + annotations: +{{ toYaml .Values.artifactory.service.annotations | indent 4 }} +{{- end }} +spec: + type: {{ .Values.artifactory.service.type }} + {{- if and (eq .Values.artifactory.service.type "ClusterIP") .Values.artifactory.service.clusterIP }} + clusterIP: {{ .Values.artifactory.service.clusterIP }} + {{- end }} + {{- if .Values.artifactory.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: +{{ toYaml .Values.artifactory.service.loadBalancerSourceRanges | indent 4 }} + {{- end }} + ports: + - port: {{ .Values.artifactory.externalPort }} + targetPort: {{ .Values.artifactory.internalPort }} + protocol: TCP + name: http-router + {{- if .Values.artifactory.ssh.enabled }} + - port: {{ .Values.artifactory.ssh.externalPort }} + targetPort: {{ .Values.artifactory.ssh.internalPort }} + protocol: TCP + name: tcp-ssh + {{- end }} + - port: {{ .Values.artifactory.externalArtifactoryPort }} + targetPort: {{ .Values.artifactory.internalArtifactoryPort }} + protocol: TCP + name: http-artifactory + {{- with .Values.artifactory.node.javaOpts.jmx }} + {{- if .enabled }} + - port: {{ .port }} + targetPort: {{ .port }} + protocol: TCP + name: tcp-jmx + {{- end }} + {{- end }} + selector: +{{- if eq (int .Values.artifactory.node.replicaCount) 0 }} + role: {{ template "artifactory-ha.primary.name" . }} +{{- else if eq .Values.artifactory.service.pool "members" }} + role: {{ template "artifactory-ha.node.name" . }} +{{- end }} + app: {{ template "artifactory-ha.name" . }} + component: "{{ .Values.artifactory.name }}" + release: {{ .Release.Name }} +--- +# Internal service for Artifactory primary node only! +# Used by member nodes to check readiness of primary node before starting up +apiVersion: v1 +kind: Service +metadata: + name: {{ template "artifactory-ha.primary.name" . }} + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + component: {{ .Values.artifactory.name }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + {{- with .Values.artifactory.primary.labels }} +{{ toYaml . | indent 4 }} + {{- end }} +spec: + # Statically setting service type to ClusterIP since this is an internal only service + type: ClusterIP + {{- if and (eq .Values.artifactory.service.type "ClusterIP") .Values.artifactory.service.clusterIP }} + clusterIP: {{ .Values.artifactory.service.clusterIP }} + {{- end }} + ports: + - port: {{ .Values.artifactory.externalPort }} + targetPort: {{ .Values.artifactory.internalPort }} + protocol: TCP + name: http-router + - port: {{ .Values.artifactory.externalArtifactoryPort }} + targetPort: {{ .Values.artifactory.internalArtifactoryPort }} + protocol: TCP + name: http-artifactory + {{- if .Values.artifactory.ssh.enabled }} + - port: {{ .Values.artifactory.ssh.externalPort }} + targetPort: {{ .Values.artifactory.ssh.internalPort }} + protocol: TCP + name: tcp-ssh + {{- end }} + {{- with .Values.artifactory.primary.javaOpts.jmx }} + {{- if .enabled }} + - port: {{ .port }} + targetPort: {{ .port }} + protocol: TCP + name: tcp-jmx + {{- end }} + {{- end }} + selector: + role: {{ template "artifactory-ha.primary.name" . }} + app: {{ template "artifactory-ha.name" . }} + component: "{{ .Values.artifactory.name }}" + release: {{ .Release.Name }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-serviceaccount.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-serviceaccount.yaml new file mode 100644 index 000000000..6983c1d12 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-serviceaccount.yaml @@ -0,0 +1,16 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: +{{- with .Values.serviceAccount.annotations }} + annotations: +{{ tpl (toYaml .) $ | indent 4 }} +{{- end }} + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + component: {{ .Values.artifactory.name }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + name: {{ template "artifactory-ha.serviceAccountName" . }} +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-storage-pvc.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-storage-pvc.yaml new file mode 100644 index 000000000..e0bfa6b11 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-storage-pvc.yaml @@ -0,0 +1,27 @@ +{{ if .Values.artifactory.customPersistentVolumeClaim }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ .Values.artifactory.customPersistentVolumeClaim.name }} + labels: + app: {{ template "artifactory-ha.name" . }} + version: "{{ .Values.artifactory.version }}" + chart: {{ template "artifactory-ha.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + accessModes: + {{- range .Values.artifactory.customPersistentVolumeClaim.accessModes }} + - {{ . | quote }} + {{- end }} + {{- if .Values.artifactory.customPersistentVolumeClaim.storageClassName }} + {{- if (eq "-" .Values.artifactory.customPersistentVolumeClaim.storageClassName) }} + storageClassName: "" + {{- else }} + storageClassName: "{{ .Values.artifactory.customPersistentVolumeClaim.storageClassName }}" + {{- end }} + {{- end }} + resources: + requests: + storage: {{ .Values.artifactory.customPersistentVolumeClaim.size | quote }} +{{ end -}} \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-system-yaml.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-system-yaml.yaml new file mode 100644 index 000000000..aaa1be152 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/artifactory-system-yaml.yaml @@ -0,0 +1,16 @@ +{{- if not .Values.systemYamlOverride.existingSecret }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "artifactory-ha.primary.name" . }}-system-yaml + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + component: {{ .Values.artifactory.name }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +type: Opaque +stringData: + system.yaml: | +{{ tpl .Values.artifactory.systemYaml . | indent 4 }} +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/filebeat-configmap.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/filebeat-configmap.yaml new file mode 100644 index 000000000..d2db2a067 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/filebeat-configmap.yaml @@ -0,0 +1,15 @@ +{{- if .Values.filebeat.enabled }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "artifactory-ha.name" . }}-filebeat-config + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} +data: + filebeat.yml: | +{{ tpl .Values.filebeat.filebeatYml . | indent 4 }} +{{- end -}} \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/ingress.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/ingress.yaml new file mode 100644 index 000000000..53f7c93ec --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/ingress.yaml @@ -0,0 +1,149 @@ +{{- if .Values.ingress.enabled -}} +{{- $serviceName := include "artifactory-ha.fullname" . -}} +{{- $servicePort := .Values.artifactory.externalPort -}} +{{- $artifactoryServicePort := .Values.artifactory.externalArtifactoryPort -}} +{{- $ingressName := default ( include "artifactory-ha.fullname" . ) .Values.ingress.name -}} +{{- if semverCompare ">=v1.14.0-0" .Capabilities.KubeVersion.GitVersion }} +apiVersion: networking.k8s.io/v1beta1 +{{- else }} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $ingressName }} + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- if .Values.ingress.labels }} +{{ .Values.ingress.labels | toYaml | trimSuffix "\n"| indent 4 -}} +{{- end}} +{{- if .Values.ingress.annotations }} + annotations: +{{ .Values.ingress.annotations | toYaml | trimSuffix "\n" | indent 4 -}} +{{- end }} +spec: + {{- if .Values.ingress.defaultBackend.enabled }} + backend: + serviceName: {{ $serviceName }} + servicePort: {{ $servicePort }} + {{- end }} + rules: +{{- if .Values.ingress.hosts }} + {{- range $host := .Values.ingress.hosts }} + - host: {{ $host | quote }} + http: + paths: + - path: {{ $.Values.ingress.routerPath }} + backend: + serviceName: {{ $serviceName }} + servicePort: {{ $servicePort }} + - path: {{ $.Values.ingress.artifactoryPath }} + backend: + serviceName: {{ $serviceName }} + servicePort: {{ $artifactoryServicePort }} + {{- end -}} +{{- end -}} + {{- with .Values.ingress.additionalRules }} +{{ tpl . $ | indent 2 }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: +{{ toYaml .Values.ingress.tls | indent 4 }} + {{- end -}} +{{- if .Values.artifactory.replicator.enabled }} +--- +{{- $replicationIngressName := default ( include "artifactory-ha.replicator.fullname" . ) .Values.artifactory.replicator.ingress.name -}} +{{- if semverCompare ">=v1.14.0-0" .Capabilities.KubeVersion.GitVersion }} +apiVersion: networking.k8s.io/v1beta1 +{{- else }} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $replicationIngressName }} + labels: + app: "{{ template "artifactory-ha.name" $ }}" + chart: "{{ template "artifactory-ha.chart" $ }}" + release: {{ $.Release.Name | quote }} + heritage: {{ $.Release.Service | quote }} + {{- if .Values.artifactory.replicator.ingress.annotations }} + annotations: +{{ .Values.artifactory.replicator.ingress.annotations | toYaml | trimSuffix "\n" | indent 4 -}} + {{- end }} +spec: + {{- if .Values.ingress.defaultBackend.enabled }} + backend: + serviceName: {{ $serviceName }} + servicePort: {{ $servicePort }} + {{- end }} + rules: +{{- if .Values.artifactory.replicator.ingress.hosts }} + {{- range $host := .Values.artifactory.replicator.ingress.hosts }} + - host: {{ $host | quote }} + http: + paths: + - path: /replicator/ + backend: + serviceName: {{ $serviceName }} + servicePort: {{ $servicePort }} + - path: /artifactory/api/replication/replicate/file/streaming + backend: + serviceName: {{ $serviceName }} + servicePort: {{ $servicePort }} + {{- end -}} +{{- end -}} + {{- if .Values.artifactory.replicator.ingress.tls }} + tls: +{{ toYaml .Values.artifactory.replicator.ingress.tls | indent 4 }} + {{- end -}} +{{- end -}} +{{- if and .Values.artifactory.replicator.enabled .Values.artifactory.replicator.trackerIngress.enabled }} +--- +{{- $replicatorTrackerIngressName := default ( include "artifactory-ha.replicator.tracker.fullname" . ) .Values.artifactory.replicator.trackerIngress.name -}} + {{- if semverCompare ">=v1.14.0-0" .Capabilities.KubeVersion.GitVersion }} +apiVersion: networking.k8s.io/v1beta1 + {{- else }} +apiVersion: extensions/v1beta1 + {{- end }} +kind: Ingress +metadata: + name: {{ $replicatorTrackerIngressName }} + labels: + app: "{{ template "artifactory-ha.name" $ }}" + chart: "{{ template "artifactory-ha.chart" $ }}" + release: {{ $.Release.Name | quote }} + heritage: {{ $.Release.Service | quote }} + {{- if .Values.artifactory.replicator.trackerIngress.annotations }} + annotations: +{{ .Values.artifactory.replicator.trackerIngress.annotations | toYaml | trimSuffix "\n" | indent 4 -}} + {{- end }} +spec: + {{- if .Values.ingress.defaultBackend.enabled }} + backend: + serviceName: {{ $serviceName }} + servicePort: {{ $servicePort }} + {{- end }} + rules: +{{- if .Values.artifactory.replicator.trackerIngress.hosts }} + {{- range $host := .Values.artifactory.replicator.trackerIngress.hosts }} + - host: {{ $host | quote }} + http: + paths: + - path: / + backend: + serviceName: {{ $serviceName }} + servicePort: {{ $servicePort }} + {{- end -}} +{{- end -}} + {{- if .Values.artifactory.replicator.trackerIngress.tls }} + tls: +{{ toYaml .Values.artifactory.replicator.trackerIngress.tls | indent 4 }} + {{- end -}} +{{- end -}} +{{- if .Values.customIngress }} +--- +{{ .Values.customIngress | toYaml | trimSuffix "\n" }} +{{- end -}} +{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/logger-configmap.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/logger-configmap.yaml new file mode 100644 index 000000000..87fe8999e --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/logger-configmap.yaml @@ -0,0 +1,63 @@ +{{- if or .Values.artifactory.loggers .Values.artifactory.catalinaLoggers }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "artifactory-ha.fullname" . }}-logger + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +data: + tail-log.sh: | + #!/bin/sh + + LOG_DIR=$1 + LOG_NAME=$2 + PID= + + # Wait for log dir to appear + while [ ! -d ${LOG_DIR} ]; do + sleep 1 + done + + cd ${LOG_DIR} + + LOG_PREFIX=$(echo ${LOG_NAME} | sed 's/.log$//g') + + # Find the log to tail + LOG_FILE=$(ls -1t ./${LOG_PREFIX}*.log 2>/dev/null | head -1) + + # Wait for the log file + while [ -z "${LOG_FILE}" ]; do + sleep 1 + LOG_FILE=$(ls -1t ./${LOG_PREFIX}*.log 2>/dev/null | head -1) + done + + echo "Log file ${LOG_FILE} is ready!" + + # Get inode number + INODE_ID=$(ls -i ${LOG_FILE}) + + # echo "Tailing ${LOG_FILE}" + tail -F ${LOG_FILE} & + PID=$! + + # Loop forever to see if a new log was created + while true; do + # Check inode number + NEW_INODE_ID=$(ls -i ${LOG_FILE}) + + # If inode number changed, this means log was rotated and need to start a new tail + if [ "${INODE_ID}" != "${NEW_INODE_ID}" ]; then + kill -9 ${PID} 2>/dev/null + INODE_ID="${NEW_INODE_ID}" + + # Start a new tail + tail -F ${LOG_FILE} & + PID=$! + fi + sleep 1 + done + +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/nginx-artifactory-conf.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/nginx-artifactory-conf.yaml new file mode 100644 index 000000000..eb1f0e698 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/nginx-artifactory-conf.yaml @@ -0,0 +1,14 @@ +{{- if and (not .Values.nginx.customArtifactoryConfigMap) .Values.nginx.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "artifactory-ha.fullname" . }}-nginx-artifactory-conf + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +data: + artifactory.conf: | +{{ tpl .Values.nginx.artifactoryConf . | indent 4 }} +{{- end }} \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/nginx-certificate-secret.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/nginx-certificate-secret.yaml new file mode 100644 index 000000000..29c77ad5a --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/nginx-certificate-secret.yaml @@ -0,0 +1,14 @@ +{{- if and (not .Values.nginx.tlsSecretName) .Values.nginx.enabled .Values.nginx.https.enabled }} +apiVersion: v1 +kind: Secret +type: kubernetes.io/tls +metadata: + name: {{ template "artifactory-ha.fullname" . }}-nginx-certificate + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +data: +{{ ( include "artifactory-ha.gen-certs" . ) | indent 2 }} +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/nginx-conf.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/nginx-conf.yaml new file mode 100644 index 000000000..5f424d52a --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/nginx-conf.yaml @@ -0,0 +1,14 @@ +{{- if and (not .Values.nginx.customConfigMap) .Values.nginx.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "artifactory-ha.fullname" . }}-nginx-conf + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +data: + nginx.conf: | +{{ tpl .Values.nginx.mainConf . | indent 4 }} +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/nginx-deployment.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/nginx-deployment.yaml new file mode 100644 index 000000000..0bc7ae48c --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/nginx-deployment.yaml @@ -0,0 +1,217 @@ +{{- if .Values.nginx.enabled -}} +{{- $serviceName := include "artifactory-ha.fullname" . -}} +{{- $servicePort := .Values.artifactory.externalPort -}} +apiVersion: apps/v1 +kind: {{ .Values.nginx.kind }} +metadata: + name: {{ template "artifactory-ha.nginx.fullname" . }} + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + component: {{ .Values.nginx.name }} +{{- if .Values.nginx.labels }} +{{ toYaml .Values.nginx.labels | indent 4 }} +{{- end }} +spec: +{{- if ne .Values.nginx.kind "DaemonSet" }} + replicas: {{ .Values.nginx.replicaCount }} +{{- end }} + selector: + matchLabels: + app: {{ template "artifactory-ha.name" . }} + release: {{ .Release.Name }} + component: {{ .Values.nginx.name }} + template: + metadata: + annotations: + checksum/nginx-conf: {{ include (print $.Template.BasePath "/nginx-conf.yaml") . | sha256sum }} + checksum/nginx-artifactory-conf: {{ include (print $.Template.BasePath "/nginx-artifactory-conf.yaml") . | sha256sum }} + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + component: {{ .Values.nginx.name }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + spec: + serviceAccountName: {{ template "artifactory-ha.serviceAccountName" . }} + {{- if or .Values.imagePullSecrets .Values.global.imagePullSecrets }} +{{- include "artifactory-ha.imagePullSecrets" . | indent 6 }} + {{- end }} + {{- if .Values.nginx.priorityClassName }} + priorityClassName: {{ .Values.nginx.priorityClassName | quote }} + {{- end }} + initContainers: + - name: "setup" + image: "{{ .Values.initContainerImage }}" + imagePullPolicy: {{ .Values.nginx.image.pullPolicy }} + command: + - '/bin/sh' + - '-c' + - > + rm -rfv {{ .Values.nginx.persistence.mountPath }}/lost+found; + mkdir -p {{ .Values.nginx.persistence.mountPath }}/logs; + volumeMounts: + - mountPath: {{ .Values.nginx.persistence.mountPath | quote }} + name: nginx-volume + securityContext: + runAsUser: {{ .Values.nginx.uid }} + fsGroup: {{ .Values.nginx.gid }} + containers: + - name: {{ .Values.nginx.name }} + image: {{ include "artifactory-ha.getImageInfoByValue" (list . "nginx") }} + imagePullPolicy: {{ .Values.nginx.image.pullPolicy }} + command: + - 'nginx' + - '-g' + - 'daemon off;' + ports: + # DEPRECATION NOTE: The following is to maintain support for values pre 1.3.1 and + # will be cleaned up in a later version + {{- if .Values.nginx.http }} + {{- if .Values.nginx.http.enabled }} + - containerPort: {{ .Values.nginx.http.internalPort }} + name: http + {{- end }} + {{- else }} # DEPRECATED + - containerPort: {{ .Values.nginx.internalPortHttp }} + name: http-internal + {{- end }} + {{- if .Values.nginx.https }} + {{- if .Values.nginx.https.enabled }} + - containerPort: {{ .Values.nginx.https.internalPort }} + name: https + {{- end }} + {{- else }} # DEPRECATED + - containerPort: {{ .Values.nginx.internalPortHttps }} + name: https-internal + {{- end }} + {{- if .Values.artifactory.ssh.enabled }} + - containerPort: {{ .Values.nginx.ssh.internalPort }} + name: tcp-ssh + {{- end }} + volumeMounts: + - name: nginx-conf + mountPath: /etc/nginx/nginx.conf + subPath: nginx.conf + - name: nginx-artifactory-conf + mountPath: "{{ .Values.nginx.persistence.mountPath }}/conf.d/" + - name: nginx-volume + mountPath: {{ .Values.nginx.persistence.mountPath | quote }} + {{- if .Values.nginx.https.enabled }} + - name: ssl-certificates + mountPath: "{{ .Values.nginx.persistence.mountPath }}/ssl" + {{- end }} + resources: +{{ toYaml .Values.nginx.resources | indent 10 }} + {{- if .Values.nginx.startupProbe.enabled }} + startupProbe: + httpGet: + path: {{ .Values.nginx.startupProbe.path }} + {{- if .Values.nginx.http.enabled }} + port: {{ .Values.nginx.http.internalPort }} + scheme: HTTP + {{- else }} + port: {{ .Values.nginx.https.internalPort }} + scheme: HTTPS + {{- end }} + initialDelaySeconds: {{ .Values.nginx.startupProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.nginx.startupProbe.periodSeconds }} + failureThreshold: {{ .Values.nginx.startupProbe.failureThreshold }} + timeoutSeconds: {{ .Values.nginx.startupProbe.timeoutSeconds }} + {{- end }} + {{- if .Values.nginx.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.nginx.readinessProbe.path }} + {{- if .Values.nginx.http.enabled }} + port: {{ .Values.nginx.http.internalPort }} + scheme: HTTP + {{- else }} + port: {{ .Values.nginx.https.internalPort }} + scheme: HTTPS + {{- end }} + initialDelaySeconds: {{ .Values.nginx.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.nginx.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.nginx.readinessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.nginx.readinessProbe.failureThreshold }} + successThreshold: {{ .Values.nginx.readinessProbe.successThreshold }} + {{- end }} + {{- if .Values.nginx.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.nginx.livenessProbe.path }} + {{- if .Values.nginx.http.enabled }} + port: {{ .Values.nginx.http.internalPort }} + scheme: HTTP + {{- else }} + port: {{ .Values.nginx.https.internalPort }} + scheme: HTTPS + {{- end }} + initialDelaySeconds: {{ .Values.nginx.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.nginx.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.nginx.livenessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.nginx.livenessProbe.failureThreshold }} + successThreshold: {{ .Values.nginx.livenessProbe.successThreshold }} + {{- end }} + {{- $mountPath := .Values.nginx.persistence.mountPath }} + {{- range .Values.nginx.loggers }} + - name: {{ . | replace "_" "-" | replace "." "-" }} + image: {{ include "artifactory-ha.getImageInfoByValue" (list $ "logger") }} + command: + - tail + args: + - '-F' + - '{{ $mountPath }}/logs/{{ . }}' + volumeMounts: + - name: nginx-volume + mountPath: {{ $mountPath }} + resources: +{{ toYaml $.Values.nginx.loggersResources | indent 10 }} + {{- end }} + {{- with .Values.nginx.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.nginx.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.nginx.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} + volumes: + - name: nginx-conf + configMap: + {{- if .Values.nginx.customConfigMap }} + name: {{ .Values.nginx.customConfigMap }} + {{- else }} + name: {{ template "artifactory-ha.fullname" . }}-nginx-conf + {{- end }} + - name: nginx-artifactory-conf + configMap: + {{- if .Values.nginx.customArtifactoryConfigMap }} + name: {{ .Values.nginx.customArtifactoryConfigMap }} + {{- else }} + name: {{ template "artifactory-ha.fullname" . }}-nginx-artifactory-conf + {{- end }} + + - name: nginx-volume + {{- if .Values.nginx.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ .Values.nginx.persistence.existingClaim | default (include "artifactory-ha.nginx.fullname" .) }} + {{- else }} + emptyDir: {} + {{- end }} + {{- if .Values.nginx.https.enabled }} + - name: ssl-certificates + secret: + {{- if .Values.nginx.tlsSecretName }} + secretName: {{ .Values.nginx.tlsSecretName }} + {{- else }} + secretName: {{ template "artifactory-ha.fullname" . }}-nginx-certificate + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/nginx-pdb.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/nginx-pdb.yaml new file mode 100644 index 000000000..8310377a6 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/nginx-pdb.yaml @@ -0,0 +1,19 @@ +{{- if .Values.nginx.enabled -}} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: {{ template "artifactory-ha.nginx.fullname" . }} + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + component: {{ .Values.nginx.name }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + selector: + matchLabels: + component: {{ .Values.nginx.name }} + app: {{ template "artifactory-ha.name" . }} + release: {{ .Release.Name }} + minAvailable: {{ .Values.nginx.minAvailable }} +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/nginx-pvc.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/nginx-pvc.yaml new file mode 100644 index 000000000..0e573f383 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/nginx-pvc.yaml @@ -0,0 +1,26 @@ +{{- if and .Values.nginx.persistence.enabled (.Values.nginx.enabled) (eq (int .Values.nginx.replicaCount) 1) }} +{{- if (not .Values.nginx.persistence.existingClaim) }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ template "artifactory-ha.nginx.fullname" . }} + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + accessModes: + - {{ .Values.nginx.persistence.accessMode | quote }} + resources: + requests: + storage: {{ .Values.nginx.persistence.size | quote }} +{{- if .Values.nginx.persistence.storageClassName }} +{{- if (eq "-" .Values.nginx.persistence.storageClassName) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .Values.nginx.persistence.storageClassName }}" +{{- end }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/templates/nginx-service.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/nginx-service.yaml new file mode 100644 index 000000000..594717cf9 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/templates/nginx-service.yaml @@ -0,0 +1,79 @@ +{{- if .Values.nginx.enabled -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "artifactory-ha.nginx.fullname" . }} + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + component: {{ .Values.nginx.name }} + {{- if .Values.nginx.service.labels }} +{{ toYaml .Values.nginx.service.labels | indent 4 }} + {{- end }} +{{- if .Values.nginx.service.annotations }} + annotations: +{{ toYaml .Values.nginx.service.annotations | indent 4 }} +{{- end }} +spec: + type: {{ .Values.nginx.service.type }} + {{- if and (eq .Values.nginx.service.type "ClusterIP") .Values.nginx.service.clusterIP }} + clusterIP: {{ .Values.nginx.service.clusterIP }} + {{- end }} +{{- if eq .Values.nginx.service.type "LoadBalancer" }} + {{ if .Values.nginx.service.loadBalancerIP -}} + loadBalancerIP: {{ .Values.nginx.service.loadBalancerIP }} + {{ end -}} + {{- if .Values.nginx.service.externalTrafficPolicy }} + externalTrafficPolicy: {{ .Values.nginx.service.externalTrafficPolicy }} + {{- end }} +{{- end }} +{{- if .Values.nginx.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: +{{ toYaml .Values.nginx.service.loadBalancerSourceRanges | indent 4 }} +{{- end }} + ports: + # DEPRECATION NOTE: The following is to maintain support for values pre 1.3.0 and + # will be cleaned up in a later verion + {{- if .Values.nginx.http }} + {{- if .Values.nginx.http.enabled }} + - port: {{ .Values.nginx.http.externalPort }} + targetPort: {{ .Values.nginx.http.internalPort }} + protocol: TCP + name: http + {{- end }} + {{- else }} # DEPRECATED + - port: {{ .Values.nginx.externalPortHttp }} + targetPort: {{ .Values.nginx.internalPortHttp }} + protocol: TCP + name: http + {{- end }} + {{- if .Values.nginx.https }} + {{- if or .Values.nginx.https.enabled .Values.nginx.service.ssloffload }} + - port: {{ .Values.nginx.https.externalPort }} + {{- if .Values.nginx.service.ssloffload }} + targetPort: {{ .Values.nginx.http.internalPort }} + {{- else }} + targetPort: {{ .Values.nginx.https.internalPort}} + {{- end }} + protocol: TCP + name: https + {{- end }} + {{- else }} # DEPRECATED + - port: {{ .Values.nginx.externalPortHttps }} + targetPort: {{ .Values.nginx.internalPortHttps }} + protocol: TCP + name: https + {{- end }} + {{- if .Values.artifactory.ssh.enabled }} + - port: {{ .Values.nginx.ssh.externalPort }} + targetPort: {{ .Values.nginx.ssh.internalPort }} + protocol: TCP + name: tcp-ssh + {{- end }} + selector: + app: {{ template "artifactory-ha.name" . }} + component: {{ .Values.nginx.name }} + release: {{ .Release.Name }} +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/values-large.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/values-large.yaml new file mode 100644 index 000000000..ec05d2add --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/values-large.yaml @@ -0,0 +1,24 @@ +artifactory: + primary: + resources: + requests: + memory: "6Gi" + cpu: "4" + limits: + memory: "10Gi" + cpu: "8" + javaOpts: + xms: "6g" + xmx: "8g" + node: + replicaCount: 3 + resources: + requests: + memory: "6Gi" + cpu: "4" + limits: + memory: "10Gi" + cpu: "8" + javaOpts: + xms: "6g" + xmx: "8g" diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/values-medium.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/values-medium.yaml new file mode 100644 index 000000000..33879c00b --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/values-medium.yaml @@ -0,0 +1,24 @@ +artifactory: + primary: + resources: + requests: + memory: "4Gi" + cpu: "2" + limits: + memory: "8Gi" + cpu: "6" + javaOpts: + xms: "4g" + xmx: "6g" + node: + replicaCount: 2 + resources: + requests: + memory: "4Gi" + cpu: "2" + limits: + memory: "8Gi" + cpu: "6" + javaOpts: + xms: "4g" + xmx: "6g" diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/values-small.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/values-small.yaml new file mode 100644 index 000000000..4babf97cb --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/values-small.yaml @@ -0,0 +1,24 @@ +artifactory: + primary: + resources: + requests: + memory: "4Gi" + cpu: "2" + limits: + memory: "6Gi" + cpu: "4" + javaOpts: + xms: "4g" + xmx: "4g" + node: + replicaCount: 1 + resources: + requests: + memory: "4Gi" + cpu: "2" + limits: + memory: "6Gi" + cpu: "4" + javaOpts: + xms: "4g" + xmx: "4g" diff --git a/charts/artifactory-ha/artifactory-ha/4.13.000/values.yaml b/charts/artifactory-ha/artifactory-ha/4.13.000/values.yaml new file mode 100644 index 000000000..f0b943cc4 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.13.000/values.yaml @@ -0,0 +1,1710 @@ +# Default values for artifactory-ha. +# This is a YAML-formatted file. +# Beware when changing values here. You should know what you are doing! +# Access the values with {{ .Values.key.subkey }} + +global: + # imageRegistry: releases-docker.jfrog.io + # imagePullSecrets: + # - myRegistryKeySecretName + ## Chart.AppVersion can be overidden using global.versions.artifactory or .Values.artifactory.image.tag + ## Note: Order of preference is 1) global.versions 2) .Values.artifactory.image.tag 3) Chart.AppVersion + ## This applies also for nginx images (.Values.nginx.image.tag) + versions: {} + # artifactory: + # joinKey: + # masterKey: + # joinKeySecretName: + # masterKeySecretName: + # customInitContainersBegin: | + + # customInitContainers: | + + # customVolumes: | + + # customVolumeMounts: | + + # customSidecarContainers: | + + ## certificates added to this secret will be copied to $JFROG_HOME/artifactory/var/etc/security/keys/trusted directory + customCertificates: + enabled: false + # certificateSecretName: + +initContainerImage: releases-docker.jfrog.io/alpine:3.13.1 + +installer: + type: + platform: + +installerInfo: '{"productId": "Helm_artifactory-ha/{{ .Chart.Version }}", "features": [ { "featureId": "Platform/{{ default "kubernetes" .Values.installer.platform }}"}]}' + +# For supporting pulling from private registries +# imagePullSecrets: +# - myRegistryKeySecretName + +## Artifactory systemYaml override +## This is for advanced usecases where users wants to provide their own systemYaml for configuring artifactory +## Refer: https://www.jfrog.com/confluence/display/JFROG/Artifactory+System+YAML +## Note: This will override existing (default) .Values.artifactory.systemYaml in values.yaml +## Alternatively, systemYaml can be overidden via customInitContainers using external sources like vaults, external repositories etc. Please refer customInitContainer section below for an example. +## Note: Order of preference is 1) customInitContainers 2) systemYamlOverride existingSecret 3) default systemYaml in values.yaml +systemYamlOverride: +## You can use a pre-existing secret by specifying existingSecret + existingSecret: +## The dataKey should be the name of the secret data key created. + dataKey: + +## Role Based Access Control +## Ref: https://kubernetes.io/docs/admin/authorization/rbac/ +rbac: + create: true + role: + ## Rules to create. It follows the role specification + rules: + - apiGroups: + - '' + resources: + - services + - endpoints + - pods + verbs: + - get + - watch + - list + +## Service Account +## Ref: https://kubernetes.io/docs/admin/service-accounts-admin/ +## +serviceAccount: + create: true + ## The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the fullname template + name: + annotations: {} + +ingress: + enabled: false + defaultBackend: + enabled: true + # Used to create an Ingress record. + hosts: [] + routerPath: / + artifactoryPath: /artifactory/ + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + # nginx.ingress.kubernetes.io/proxy-body-size: "0" + labels: {} + # traffic-type: external + # traffic-type: internal + tls: [] + # Secrets must be manually created in the namespace. + # - secretName: chart-example-tls + # hosts: + # - artifactory.domain.example + + # Additional ingress rules + additionalRules: [] + +## Allows to add custom ingress +customIngress: | + +networkpolicy: + # Allows all ingress and egress + - name: artifactory + podSelector: + matchLabels: + app: artifactory-ha + egress: + - {} + ingress: + - {} + # Uncomment to allow only artifactory pods to communicate with postgresql (if postgresql.enabled is true) + # - name: postgresql + # podSelector: + # matchLabels: + # app: postgresql + # ingress: + # - from: + # - podSelector: + # matchLabels: + # app: artifactory-ha + + +## Database configurations +## Use the wait-for-db init container. Set to false to skip +waitForDatabase: true + +## Configuration values for the postgresql dependency +## ref: https://github.com/bitnami/charts/blob/master/bitnami/postgresql/README.md +## +postgresql: + enabled: true + image: + registry: releases-docker.jfrog.io + repository: bitnami/postgresql + tag: 12.5.0-debian-10-r25 + postgresqlUsername: artifactory + postgresqlPassword: "" + postgresqlDatabase: artifactory + postgresqlExtendedConf: + listenAddresses: "'*'" + maxConnections: "1500" + persistence: + enabled: true + size: 50Gi + service: + port: 5432 + master: + nodeSelector: {} + affinity: {} + tolerations: [] + slave: + nodeSelector: {} + affinity: {} + tolerations: [] + resources: {} + # requests: + # memory: "512Mi" + # cpu: "100m" + # limits: + # memory: "1Gi" + # cpu: "500m" + +## If NOT using the PostgreSQL in this chart (postgresql.enabled=false), +## you MUST specify custom database details here or Artifactory will NOT start +database: + type: + driver: + ## If you set the url, leave host and port empty + url: + ## If you would like this chart to create the secret containing the db + ## password, use these values + user: + password: + ## If you have existing Kubernetes secrets containing db credentials, use + ## these values + secrets: {} + # user: + # name: "rds-artifactory" + # key: "db-user" + # password: + # name: "rds-artifactory" + # key: "db-password" + # url: + # name: "rds-artifactory" + # key: "db-url" + +logger: + image: + registry: releases-docker.jfrog.io + repository: busybox + tag: 1.32.1 + +# Artifactory +artifactory: + name: artifactory-ha + # Note that by default we use appVersion to get image tag/version + image: + registry: releases-docker.jfrog.io + repository: jfrog/artifactory-pro + # tag: + pullPolicy: IfNotPresent + + # Create a priority class for the Artifactory pods or use an existing one + # NOTE - Maximum allowed value of a user defined priority is 1000000000 + priorityClass: + create: false + value: 1000000000 + ## Override default name + # name: + ## Use an existing priority class + # existingPriorityClass: + + # Delete the db.properties file in ARTIFACTORY_HOME/etc/db.properties + deleteDBPropertiesOnStartup: true + database: + maxOpenConnections: 80 + tomcat: + connector: + maxThreads: 200 + extraConfig: 'acceptCount="100"' + + # certificates added to this secret will be copied to $JFROG_HOME/artifactory/var/etc/security/keys/trusted directory + customCertificates: + enabled: false + # certificateSecretName: + + # Support for open metrics is only available for Artifactory 7.7.x (appVersions) and above. + # To enable set `.Values.artifactory.openMetrics.enabled` to `true` + # Refer - https://www.jfrog.com/confluence/display/JFROG/Open+Metrics + openMetrics: + enabled: false + + # This directory is intended for use with NFS eventual configuration for HA + haDataDir: + enabled: false + path: + haBackupDir: + enabled: false + path: + + # Files to copy to ARTIFACTORY_HOME/ on each Artifactory startup + copyOnEveryStartup: + # # Absolute path + # - source: /artifactory_bootstrap/binarystore.xml + # # Relative to ARTIFACTORY_HOME/ + # target: etc/artifactory/ + # # Absolute path + # - source: /artifactory_bootstrap/artifactory.cluster.license + # # Relative to ARTIFACTORY_HOME/ + # target: etc/artifactory/ + + # Sidecar containers for tailing Artifactory logs + loggers: [] + # - access-audit.log + # - access-request.log + # - access-security-audit.log + # - access-service.log + # - artifactory-access.log + # - artifactory-event.log + # - artifactory-import-export.log + # - artifactory-request.log + # - artifactory-service.log + # - frontend-request.log + # - frontend-service.log + # - metadata-request.log + # - metadata-service.log + # - router-request.log + # - router-service.log + # - router-traefik.log + # - derby.log + + # Loggers containers resources + loggersResources: {} + # requests: + # memory: "10Mi" + # cpu: "10m" + # limits: + # memory: "100Mi" + # cpu: "50m" + + # Sidecar containers for tailing Tomcat (catalina) logs + catalinaLoggers: [] + # - tomcat-catalina.log + # - tomcat-localhost.log + + # Tomcat (catalina) loggers resources + catalinaLoggersResources: {} + # requests: + # memory: "10Mi" + # cpu: "10m" + # limits: + # memory: "100Mi" + # cpu: "50m" + + # Migration support from 6.x to 7.x + migration: + enabled: true + timeoutSeconds: 3600 + ## Extra pre-start command in migration Init Container to install JDBC driver for MySql/MariaDb/Oracle + # preStartCommand: "mkdir -p /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib; cd /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib && wget -O /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib/mysql-connector-java-5.1.41.jar https://jcenter.bintray.com/mysql/mysql-connector-java/5.1.41/mysql-connector-java-5.1.41.jar" + + + ## Add custom init containers execution before predefined init containers + customInitContainersBegin: | + # - name: "custom-setup" + # image: "{{ .Values.initContainerImage }}" + # imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" + # command: + # - 'sh' + # - '-c' + # - 'touch {{ .Values.artifactory.persistence.mountPath }}/example-custom-setup' + # volumeMounts: + # - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" + # name: volume + ## Add custom init containers + + ## Add custom init containers execution after predefined init containers + customInitContainers: | + # - name: "custom-systemyaml-setup" + # image: "{{ .Values.initContainerImage }}" + # imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" + # command: + # - 'sh' + # - '-c' + # - 'wget -O {{ .Values.artifactory.persistence.mountPath }}/etc/system.yaml https:///systemyaml' + # volumeMounts: + # - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" + # name: volume + + ## Add custom sidecar containers + # - The provided example uses a custom volume (customVolumes) + # - The provided example shows running container as root (id 0) + customSidecarContainers: | + # - name: "sidecar-list-etc" + # image: "{{ .Values.initContainerImage }}" + # imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" + # securityContext: + # allowPrivilegeEscalation: false + # command: + # - 'sh' + # - '-c' + # - 'sh /scripts/script.sh' + # volumeMounts: + # - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" + # name: volume + # - mountPath: "/scripts/script.sh" + # name: custom-script + # subPath: script.sh + # resources: + # requests: + # memory: "32Mi" + # cpu: "50m" + # limits: + # memory: "128Mi" + # cpu: "100m" + + ## Add custom volumes + customVolumes: | + # - name: custom-script + # configMap: + # name: custom-script + + ## Add custom volumesMounts + customVolumeMounts: | + # - name: custom-script + # mountPath: "/scripts/script.sh" + # subPath: script.sh + # - name: posthook-start + # mountPath: "/scripts/posthoook-start.sh" + # subPath: posthoook-start.sh + # - name: prehook-start + # mountPath: "/scripts/prehook-start.sh" + # subPath: prehook-start.sh + + # Add custom persistent volume mounts - Available for the pod + # If skipPrepareContainer is set to true , this will skip the prepare-custom-persistent-volume init container + customPersistentPodVolumeClaim: {} + # name: + # mountPath: + # accessModes: + # - "-" + # size: + # storageClassName: + # skipPrepareContainer: false + + # Add custom persistent volume mounts - Available to the entire namespace + customPersistentVolumeClaim: {} + # name: + # mountPath: + # accessModes: + # - "-" + # size: + # storageClassName: + + ## Artifactory HA requires a unique master key. Each Artifactory node must have the same master key! + ## You can generate one with the command: "openssl rand -hex 32" + ## Pass it to helm with '--set artifactory.masterKey=${MASTER_KEY}' + ## Alternatively, you can use a pre-existing secret with a key called master-key by specifying masterKeySecretName + ## IMPORTANT: You should NOT use the example masterKey for a production deployment! + ## IMPORTANT: This is a mandatory for fresh Install of 7.x (App version) + # masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF + # masterKeySecretName: + + ## Join Key to connect to other services to Artifactory. + ## IMPORTANT: Setting this value overrides the existing joinKey + ## IMPORTANT: You should NOT use the example joinKey for a production deployment! + # joinKey: EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE + ## Alternatively, you can use a pre-existing secret with a key called join-key by specifying joinKeySecretName + # joinKeySecretName: + + # Add custom secrets - secret per file + customSecrets: + # - name: custom-secret + # key: custom-secret.yaml + # data: > + # custom_secret_config: + # parameter1: value1 + # parameter2: value2 + # - name: custom-secret2 + # key: custom-secret2.config + # data: | + # here the custom secret 2 config + + ## If false, all service console logs will not redirect to a common console.log + consoleLog: false + + binarystore: + enabled: true + + ## admin allows to set the password for the default admin user. + ## See: https://www.jfrog.com/confluence/display/JFROG/Users+and+Groups#UsersandGroups-RecreatingtheDefaultAdminUserrecreate + admin: + ip: "127.0.0.1" + username: "admin" + password: + secret: + dataKey: + + ## Artifactory license. + license: + ## licenseKey is the license key in plain text. Use either this or the license.secret setting + licenseKey: + ## If artifactory.license.secret is passed, it will be mounted as + ## ARTIFACTORY_HOME/etc/artifactory.cluster.license and loaded at run time. + secret: + ## The dataKey should be the name of the secret data key created. + dataKey: + + ## Create configMap with artifactory.config.import.xml and security.import.xml and pass name of configMap in following parameter + configMapName: + + # Add any list of configmaps to Artifactory + configMaps: | + # posthook-start.sh: |- + # echo "This is a post start script" + # posthook-end.sh: |- + # echo "This is a post end script" + + ## List of secrets for Artifactory user plugins. + ## One Secret per plugin's files. + userPluginSecrets: + # - archive-old-artifacts + # - build-cleanup + # - webhook + # - '{{ template "my-chart.fullname" . }}' + + ## Extra pre-start command to install JDBC driver for MySql/MariaDb/Oracle + # preStartCommand: "mkdir -p /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib; cd /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib && wget -O /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib/mysql-connector-java-5.1.41.jar https://jcenter.bintray.com/mysql/mysql-connector-java/5.1.41/mysql-connector-java-5.1.41.jar" + ## Extra post-start command to run extra commands after container starts + # postStartCommand: + + ## Extra environment variables that can be used to tune Artifactory to your needs. + ## Uncomment and set value as needed + extraEnvironmentVariables: + # - name: SERVER_XML_ARTIFACTORY_PORT + # value: "8081" + # - name: SERVER_XML_ARTIFACTORY_MAX_THREADS + # value: "200" + # - name: SERVER_XML_ACCESS_MAX_THREADS + # value: "50" + # - name: SERVER_XML_ARTIFACTORY_EXTRA_CONFIG + # value: "" + # - name: SERVER_XML_ACCESS_EXTRA_CONFIG + # value: "" + # - name: SERVER_XML_EXTRA_CONNECTOR + # value: "" + # - name: DB_POOL_MAX_ACTIVE + # value: "100" + # - name: DB_POOL_MAX_IDLE + # value: "10" + # - name: MY_SECRET_ENV_VAR + # valueFrom: + # secretKeyRef: + # name: my-secret-name + # key: my-secret-key + + # TODO: Fix javaOpts for member nodes (currently uses primary settings for all nodes) + systemYaml: | + shared: + logging: + consoleLog: + enabled: {{ .Values.artifactory.consoleLog }} + extraJavaOpts: > + -Dartifactory.access.client.max.connections={{ .Values.access.tomcat.connector.maxThreads }} + {{- with .Values.artifactory.primary.javaOpts }} + -Dartifactory.async.corePoolSize={{ .corePoolSize }} + {{- if .xms }} + -Xms{{ .xms }} + {{- end }} + {{- if .xmx }} + -Xmx{{ .xmx }} + {{- end }} + {{- if .jmx.enabled }} + -Dcom.sun.management.jmxremote + -Dcom.sun.management.jmxremote.port={{ .jmx.port }} + -Dcom.sun.management.jmxremote.rmi.port={{ .jmx.port }} + -Dcom.sun.management.jmxremote.ssl={{ .jmx.ssl }} + {{- if .jmx.host }} + -Djava.rmi.server.hostname={{ tpl .jmx.host $ }} + {{- else }} + -Djava.rmi.server.hostname={{ template "artifactory-ha.fullname" $ }} + {{- end }} + {{- if .jmx.authenticate }} + -Dcom.sun.management.jmxremote.authenticate=true + -Dcom.sun.management.jmxremote.access.file={{ .jmx.accessFile }} + -Dcom.sun.management.jmxremote.password.file={{ .jmx.passwordFile }} + {{- else }} + -Dcom.sun.management.jmxremote.authenticate=false + {{- end }} + {{- end }} + {{- if .other }} + {{ .other }} + {{- end }} + {{- end }} + database: + {{- if .Values.postgresql.enabled }} + type: postgresql + url: "jdbc:postgresql://{{ .Release.Name }}-postgresql:{{ .Values.postgresql.service.port }}/{{ .Values.postgresql.postgresqlDatabase }}" + host: "" + driver: org.postgresql.Driver + username: "{{ .Values.postgresql.postgresqlUsername }}" + {{ else }} + type: "{{ .Values.database.type }}" + driver: "{{ .Values.database.driver }}" + {{- end }} + artifactory: + {{- if .Values.artifactory.openMetrics }} + metrics: + enabled: {{ .Values.artifactory.openMetrics.enabled }} + {{- end }} + {{- if or .Values.artifactory.haDataDir.enabled .Values.artifactory.haBackupDir.enabled }} + node: + {{- if .Values.artifactory.haDataDir.path }} + haDataDir: {{ .Values.artifactory.haDataDir.path }} + {{- end }} + {{- if .Values.artifactory.haBackupDir.path }} + haBackupDir: {{ .Values.artifactory.haBackupDir.path }} + {{- end }} + {{- end }} + database: + maxOpenConnections: {{ .Values.artifactory.database.maxOpenConnections }} + tomcat: + connector: + maxThreads: {{ .Values.artifactory.tomcat.connector.maxThreads }} + extraConfig: {{ .Values.artifactory.tomcat.connector.extraConfig }} + frontend: + session: + timeMinutes: {{ .Values.frontend.session.timeoutMinutes | quote }} + access: + database: + maxOpenConnections: {{ .Values.access.database.maxOpenConnections }} + tomcat: + connector: + maxThreads: {{ .Values.access.tomcat.connector.maxThreads }} + extraConfig: {{ .Values.access.tomcat.connector.extraConfig }} + {{- if .Values.access.database.enabled }} + type: "{{ .Values.access.database.type }}" + url: "{{ .Values.access.database.url }}" + driver: "{{ .Values.access.database.driver }}" + username: "{{ .Values.access.database.user }}" + password: "{{ .Values.access.database.password }}" + {{- end }} + metadata: + database: + maxOpenConnections: {{ .Values.metadata.database.maxOpenConnections }} + {{- if .Values.artifactory.replicator.enabled }} + replicator: + enabled: true + {{- end }} + + ## IMPORTANT: If overriding artifactory.internalPort: + ## DO NOT use port lower than 1024 as Artifactory runs as non-root and cannot bind to ports lower than 1024! + externalPort: 8082 + internalPort: 8082 + externalArtifactoryPort: 8081 + internalArtifactoryPort: 8081 + uid: 1030 + gid: 1030 + terminationGracePeriodSeconds: 30 + + ## By default, the Artifactory StatefulSet is created with a securityContext that sets the `runAsUser` and the `fsGroup` to the `artifactory.uid` value. + ## If you want to disable the securityContext for the Artifactory StatefulSet, set this tag to false + setSecurityContext: true + + ## The following settings are to configure the frequency of the liveness and readiness probes + livenessProbe: + enabled: true + path: /router/api/v1/system/health + initialDelaySeconds: 0 + failureThreshold: 10 + timeoutSeconds: 5 + periodSeconds: 10 + successThreshold: 1 + + readinessProbe: + enabled: true + path: /router/api/v1/system/health + initialDelaySeconds: 0 + failureThreshold: 10 + timeoutSeconds: 5 + periodSeconds: 10 + successThreshold: 1 + + startupProbe: + enabled: true + path: /router/api/v1/system/health + initialDelaySeconds: 30 + failureThreshold: 60 + periodSeconds: 5 + timeoutSeconds: 5 + + persistence: + enabled: true + local: false + redundancy: 3 + mountPath: "/var/opt/jfrog/artifactory" + accessMode: ReadWriteOnce + size: 200Gi + + ## Use a custom Secret to be mounted as your binarystore.xml + ## NOTE: This will ignore all settings below that make up binarystore.xml + customBinarystoreXmlSecret: + + maxCacheSize: 50000000000 + cacheProviderDir: cache + eventual: + numberOfThreads: 10 + ## artifactory data Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClassName: "-" + + ## Set the persistence storage type. This will apply the matching binarystore.xml to Artifactory config + ## Supported types are: + ## file-system (default) + ## nfs + ## google-storage + ## aws-s3 + ## aws-s3-v3 + ## azure-blob + type: file-system + + ## Use binarystoreXml to provide a custom binarystore.xml + ## This can be a template or hardcoded. + binarystoreXml: | + {{- if eq .Values.artifactory.persistence.type "file-system" }} + + {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} + + + + + + {{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) -}} + + {{- end }} + + + + + + {{ .Values.artifactory.persistence.maxCacheSize }} + {{ .Values.artifactory.persistence.cacheProviderDir }} + + + // Specify the read and write strategy and redundancy for the sharding binary provider + + roundRobin + percentageFreeSpace + 2 + + + {{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) -}} + //For each sub-provider (mount), specify the filestore location + + filestore{{ $sharedClaimNumber }} + + {{- end }} + + {{- else }} + + + + + crossNetworkStrategy + crossNetworkStrategy + {{ .Values.artifactory.persistence.redundancy }} + 2 + 2 + + + + + + + + + {{ .Values.artifactory.persistence.maxCacheSize }} + {{ .Values.artifactory.persistence.cacheProviderDir }} + + + + + shard-fs-1 + local + + + + + 30 + tester-remote1 + 10000 + remote + + + + {{- end }} + {{- end }} + {{- if eq .Values.artifactory.persistence.type "google-storage" }} + + + + + + crossNetworkStrategy + crossNetworkStrategy + {{ .Values.artifactory.persistence.redundancy }} + 2 + + + {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} + + {{- else }} + + {{- end }} + + + + + + + + + + + {{ .Values.artifactory.persistence.maxCacheSize }} + {{ .Values.artifactory.persistence.cacheProviderDir }} + + + + local + + + + 30 + 10000 + remote + + + + {{ .Values.artifactory.persistence.mountPath }}/data/filestore + /tmp + + + {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} + + false + {{- else }} + + {{ .Values.artifactory.persistence.googleStorage.identity }} + {{ .Values.artifactory.persistence.googleStorage.credential }} + {{- end }} + google-cloud-storage + {{ .Values.artifactory.persistence.googleStorage.endpoint }} + {{ .Values.artifactory.persistence.googleStorage.httpsOnly }} + {{ .Values.artifactory.persistence.googleStorage.bucketName }} + {{ .Values.artifactory.persistence.googleStorage.path }} + {{ .Values.artifactory.persistence.googleStorage.bucketExists }} + + + {{- end }} + {{- if eq .Values.artifactory.persistence.type "aws-s3-v3" }} + + + + + + + + + + + + + + + + + crossNetworkStrategy + crossNetworkStrategy + {{ .Values.artifactory.persistence.redundancy }} + + + + + remote + + + + local + + + + + {{ .Values.artifactory.persistence.maxCacheSize }} + {{ .Values.artifactory.persistence.cacheProviderDir }} + + + {{- with .Values.artifactory.persistence.awsS3V3 }} + + {{ .testConnection }} + {{- if .identity }} + {{ .identity }} + {{- end }} + {{- if .credential }} + {{ .credential }} + {{- end }} + {{ .region }} + {{ .bucketName }} + {{ .path }} + {{ .endpoint }} + {{- with .maxConnections }} + {{ . }} + {{- end }} + {{- with .kmsServerSideEncryptionKeyId }} + {{ . }} + {{- end }} + {{- with .kmsKeyRegion }} + {{ . }} + {{- end }} + {{- with .kmsCryptoMode }} + {{ . }} + {{- end }} + {{- if .useInstanceCredentials }} + true + {{- else }} + false + {{- end }} + {{ .usePresigning }} + {{ .signatureExpirySeconds }} + {{- with .cloudFrontDomainName }} + {{ . }} + {{- end }} + {{- with .cloudFrontKeyPairId }} + {{ .cloudFrontKeyPairId }} + {{- end }} + {{- with .cloudFrontPrivateKey }} + {{ . }} + {{- end }} + {{- with .enableSignedUrlRedirect }} + {{ . }} + {{- end }} + {{- with .enablePathStyleAccess }} + {{ . }} + {{- end }} + + {{- end }} + + {{- end }} + + {{- if eq .Values.artifactory.persistence.type "aws-s3" }} + + + + + + + + + + + + + + + + + + {{ .Values.artifactory.persistence.maxCacheSize }} + {{ .Values.artifactory.persistence.cacheProviderDir }} + + + + local + + + + 30 + 10000 + remote + + + + crossNetworkStrategy + crossNetworkStrategy + {{ .Values.artifactory.persistence.redundancy }} + + + + + {{ .Values.artifactory.persistence.awsS3.endpoint }} + {{- if .Values.artifactory.persistence.awsS3.roleName }} + {{ .Values.artifactory.persistence.awsS3.roleName }} + true + {{- else }} + {{ .Values.artifactory.persistence.awsS3.refreshCredentials }} + {{- end }} + {{ .Values.artifactory.persistence.awsS3.s3AwsVersion }} + {{ .Values.artifactory.persistence.awsS3.testConnection }} + {{ .Values.artifactory.persistence.awsS3.httpsOnly }} + {{ .Values.artifactory.persistence.awsS3.region }} + {{ .Values.artifactory.persistence.awsS3.bucketName }} + {{- if .Values.artifactory.persistence.awsS3.identity }} + {{ .Values.artifactory.persistence.awsS3.identity }} + {{- end }} + {{- if .Values.artifactory.persistence.awsS3.credential }} + {{ .Values.artifactory.persistence.awsS3.credential }} + {{- end }} + {{ .Values.artifactory.persistence.awsS3.path }} + {{- range $key, $value := .Values.artifactory.persistence.awsS3.properties }} + + {{- end }} + + + {{- end }} + {{- if eq .Values.artifactory.persistence.type "azure-blob" }} + + + + + + + + + + + + + + + + + + {{ .Values.artifactory.persistence.maxCacheSize }} + {{ .Values.artifactory.persistence.cacheProviderDir }} + + + + + crossNetworkStrategy + crossNetworkStrategy + 2 + 1 + + + + + remote + + + + local + + + + + {{ .Values.artifactory.persistence.azureBlob.accountName }} + {{ .Values.artifactory.persistence.azureBlob.accountKey }} + {{ .Values.artifactory.persistence.azureBlob.endpoint }} + {{ .Values.artifactory.persistence.azureBlob.containerName }} + {{ .Values.artifactory.persistence.azureBlob.multiPartLimit }} + {{ .Values.artifactory.persistence.azureBlob.multipartElementSize }} + {{ .Values.artifactory.persistence.azureBlob.testConnection }} + + + {{- end }} + + ## For artifactory.persistence.type file-system + fileSystem: + ## You may also use existing shared claims for the data and backup storage. This allows storage (NAS for example) to be used for Data and Backup dirs which are safe to share across multiple artifactory nodes. + ## You may specify numberOfExistingClaims to indicate how many of these existing shared claims to mount. (Default = 1) + ## Create PVCs with ReadWriteMany that match the naming convetions: + ## {{ template "artifactory-ha.fullname" . }}-data-pvc- + ## {{ template "artifactory-ha.fullname" . }}-backup-pvc + ## Example (using numberOfExistingClaims: 2) + ## myexample-data-pvc-0 + ## myexample-data-pvc-1 + ## myexample-backup-pvc + ## Note: While you need two PVC fronting two PVs, multiple PVs can be attached to the same storage in many cases allowing you to share an underlying drive. + + ## Need to have the following set + existingSharedClaim: + enabled: false + numberOfExistingClaims: 1 + ## Should be a child directory of {{ .Values.artifactory.persistence.mountPath }} + dataDir: "{{ .Values.artifactory.persistence.mountPath }}/artifactory-data" + backupDir: "/var/opt/jfrog/artifactory-backup" + + + ## For artifactory.persistence.type nfs + ## If using NFS as the shared storage, you must have a running NFS server that is accessible by your Kubernetes + ## cluster nodes. + ## Need to have the following set + nfs: + # Must pass actual IP of NFS server with '--set For artifactory.persistence.nfs.ip=${NFS_IP}' + ip: + haDataMount: "/data" + haBackupMount: "/backup" + dataDir: "/var/opt/jfrog/artifactory-ha" + backupDir: "/var/opt/jfrog/artifactory-backup" + capacity: 200Gi + mountOptions: [] + ## For artifactory.persistence.type google-storage + googleStorage: + ## When using GCP buckets as your binary store (Available with enterprise license only) + gcpServiceAccount: + enabled: false + ## Use either an existing secret prepared in advance or put the config (replace the content) in the values + ## ref: https://github.com/jfrog/charts/blob/master/stable/artifactory-ha/README.md#google-storage + # customSecretName: + # config: | + # { + # "type": "service_account", + # "project_id": "", + # "private_key_id": "?????", + # "private_key": "-----BEGIN PRIVATE KEY-----\n????????==\n-----END PRIVATE KEY-----\n", + # "client_email": "???@j.iam.gserviceaccount.com", + # "client_id": "???????", + # "auth_uri": "https://accounts.google.com/o/oauth2/auth", + # "token_uri": "https://oauth2.googleapis.com/token", + # "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", + # "client_x509_cert_url": "https://www.googleapis.com/robot/v1....." + # } + endpoint: commondatastorage.googleapis.com + httpsOnly: false + # Set a unique bucket name + bucketName: "artifactory-ha-gcp" + identity: + credential: + path: "artifactory-ha/filestore" + bucketExists: false + + ## For artifactory.persistence.type aws-s3-v3 + awsS3V3: + testConnection: false + identity: + credential: + region: + bucketName: artifactory-aws + path: artifactory/filestore + endpoint: + maxConnections: 50 + kmsServerSideEncryptionKeyId: + kmsKeyRegion: + kmsCryptoMode: + useInstanceCredentials: true + usePresigning: false + signatureExpirySeconds: 300 + cloudFrontDomainName: + cloudFrontKeyPairId: + cloudFrontPrivateKey: + enableSignedUrlRedirect: false + enablePathStyleAccess: false + + ## For artifactory.persistence.type aws-s3 + ## IMPORTANT: Make sure S3 `endpoint` and `region` match! See https://docs.aws.amazon.com/general/latest/gr/rande.html + awsS3: + # Set a unique bucket name + bucketName: "artifactory-ha-aws" + endpoint: + region: + roleName: + identity: + credential: + path: "artifactory-ha/filestore" + refreshCredentials: true + httpsOnly: true + testConnection: false + s3AwsVersion: "AWS4-HMAC-SHA256" + + ## Additional properties to set on the s3 provider + properties: {} + # httpclient.max-connections: 100 + ## For artifactory.persistence.type azure-blob + azureBlob: + accountName: + accountKey: + endpoint: + containerName: + multiPartLimit: 100000000 + multipartElementSize: 50000000 + testConnection: false + service: + name: artifactory + type: ClusterIP + ## For supporting whitelist on the Artifactory service (useful if setting service.type=LoadBalancer) + ## Set this to a list of IP CIDR ranges + ## Example: loadBalancerSourceRanges: ['10.10.10.5/32', '10.11.10.5/32'] + ## or pass from helm command line + ## Example: helm install ... --set nginx.service.loadBalancerSourceRanges='{10.10.10.5/32,10.11.10.5/32}' + loadBalancerSourceRanges: [] + annotations: {} + ## Which nodes in the cluster should be in the external load balancer pool (have external traffic routed to them) + ## Supported pool values + ## members + ## all + pool: members + + ## The following Java options are passed to the java process running Artifactory. + ## This will be passed to all cluster members. Primary and member nodes. + javaOpts: {} + # other: "" + + ## The following setting are to configure a dedicated Ingress object for Replicator service + replicator: + enabled: false + ingress: + name: + hosts: [] + annotations: {} + # kubernetes.io/ingress.class: nginx + # nginx.ingress.kubernetes.io/proxy-buffering: "off" + # nginx.ingress.kubernetes.io/configuration-snippet: | + # chunked_transfer_encoding on; + tls: [] + # Secrets must be manually created in the namespace. + # - hosts: + # - artifactory.domain.example + # secretName: chart-example-tls-secret + ## When replicator is enabled and want to use tracker feature, trackerIngress.enabled flag should be set to true + ## Please refer - https://www.jfrog.com/confluence/display/JFROG/JFrog+Peer-to-Peer+%28P2P%29+Downloads + trackerIngress: + enabled: false + name: + hosts: [] + annotations: {} + # kubernetes.io/ingress.class: nginx + # nginx.ingress.kubernetes.io/proxy-buffering: "off" + # nginx.ingress.kubernetes.io/configuration-snippet: | + # chunked_transfer_encoding on; + tls: [] + # Secrets must be manually created in the namespace. + # - hosts: + # - artifactory.domain.example + # secretName: chart-example-tls-secret + + ssh: + enabled: false + internalPort: 1339 + externalPort: 1339 + + annotations: {} + + ## Type specific configurations. + ## There is a difference between the primary and the member nodes. + ## Customising their resources and java parameters is done here. + primary: + name: artifactory-ha-primary + # preStartCommand specific to the primary node, to be run after artifactory.preStartCommand + # preStartCommand: + labels: {} + persistence: + ## Set existingClaim to true or false + ## If true, you must prepare a PVC with the name e.g `volume-myrelease-artifactory-ha-primary-0` + existingClaim: false + + replicaCount: 1 + # minAvailable: 1 + + updateStrategy: + type: RollingUpdate + + ## Resources for the primary node + resources: {} + # requests: + # memory: "1Gi" + # cpu: "500m" + # limits: + # memory: "2Gi" + # cpu: "1" + ## The following Java options are passed to the java process running Artifactory primary node. + ## You should set them according to the resources set above + javaOpts: + # xms: "1g" + # xmx: "2g" + corePoolSize: 16 + jmx: + enabled: false + port: 9010 + host: + ssl: false + # When authenticate is true, accessFile and passwordFile are required + authenticate: false + accessFile: + passwordFile: + # other: "" + nodeSelector: {} + + tolerations: [] + + affinity: {} + ## Only used if "affinity" is empty + podAntiAffinity: + ## Valid values are "soft" or "hard"; any other value indicates no anti-affinity + type: "" + topologyKey: "kubernetes.io/hostname" + + node: + name: artifactory-ha-member + # preStartCommand specific to the member node, to be run after artifactory.preStartCommand + # preStartCommand: + labels: {} + persistence: + ## Set existingClaim to true or false + ## If true, you must prepare a PVC with the name e.g `volume-myrelease-artifactory-ha-member-0` + existingClaim: false + replicaCount: 2 + updateStrategy: + type: RollingUpdate + minAvailable: 1 + ## Resources for the member nodes + resources: {} + # requests: + # memory: "1Gi" + # cpu: "500m" + # limits: + # memory: "2Gi" + # cpu: "1" + ## The following Java options are passed to the java process running Artifactory member nodes. + ## You should set them according to the resources set above + javaOpts: + # xms: "1g" + # xmx: "2g" + corePoolSize: 16 + jmx: + enabled: false + port: 9010 + host: + ssl: false + # When authenticate is true, accessFile and passwordFile are required + authenticate: false + accessFile: + passwordFile: + # other: "" + # xms: "1g" + # xmx: "2g" + # other: "" + nodeSelector: {} + + ## Wait for Artifactory primary + waitForPrimaryStartup: + enabled: true + + ## Setting time will override the built in test and will just wait the set time + time: + + tolerations: [] + + ## Complete specification of the "affinity" of the member nodes; if this is non-empty, + ## "podAntiAffinity" values are not used. + affinity: {} + + ## Only used if "affinity" is empty + podAntiAffinity: + ## Valid values are "soft" or "hard"; any other value indicates no anti-affinity + type: "" + topologyKey: "kubernetes.io/hostname" + +frontend: + ## Session settings + session: + ## Time in minutes after which the frontend token will need to be refreshed + timeoutMinutes: '30' + +access: + ## Enable TLS by changing the tls entry (under the security section) in the access.config.yaml file. + ## ref: https://www.jfrog.com/confluence/display/JFROG/Managing+TLS+Certificates#ManagingTLSCertificates + ## When security.tls is set to true, JFrog Access will act as the Certificate Authority (CA) and sign the TLS certificates used by all the different JFrog Platform nodes. + ## This ensures that the node to node communication is done over TLS. + accessConfig: + security: + tls: false + + ## You can use a pre-existing secret by specifying customCertificatesSecretName + ## Example : Create a tls secret using `kubectl create secret tls --cert=ca.crt --key=ca.private.key` + # customCertificatesSecretName: + + ## When resetAccessCAKeys is true, Access will regenerate the CA certificate and matching private key + # resetAccessCAKeys: false + database: + maxOpenConnections: 80 + tomcat: + connector: + maxThreads: 50 + extraConfig: 'acceptCount="100"' + +metadata: + database: + maxOpenConnections: 80 + +# Init containers +initContainers: + resources: {} +# requests: +# memory: "64Mi" +# cpu: "10m" +# limits: +# memory: "128Mi" +# cpu: "250m" + + +# Nginx +nginx: + enabled: true + kind: Deployment + name: nginx + labels: {} + replicaCount: 1 + minAvailable: 0 + uid: 104 + gid: 107 + # Note that by default we use appVersion to get image tag/version + image: + registry: releases-docker.jfrog.io + repository: jfrog/nginx-artifactory-pro + # tag: + pullPolicy: IfNotPresent + + # Priority Class name to be used in deployment if provided + priorityClassName: + + # Sidecar containers for tailing Nginx logs + loggers: [] + # - access.log + # - error.log + + # Loggers containers resources + loggersResources: {} + # requests: + # memory: "64Mi" + # cpu: "25m" + # limits: + # memory: "128Mi" + # cpu: "50m" + + # Logs options + logs: + stderr: false + level: warn + + mainConf: | + # Main Nginx configuration file + worker_processes 4; + + {{ if .Values.nginx.logs.stderr }} + error_log stderr {{ .Values.nginx.logs.level }}; + {{- else -}} + error_log {{ .Values.nginx.persistence.mountPath }}/logs/error.log {{ .Values.nginx.logs.level }}; + {{- end }} + pid /tmp/nginx.pid; + + {{- if .Values.artifactory.ssh.enabled }} + ## SSH Server Configuration + stream { + server { + listen {{ .Values.nginx.ssh.internalPort }}; + proxy_pass {{ include "artifactory-ha.fullname" . }}:{{ .Values.artifactory.ssh.externalPort }}; + } + } + {{- end }} + + events { + worker_connections 1024; + } + http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + variables_hash_max_size 1024; + variables_hash_bucket_size 64; + server_names_hash_max_size 4096; + server_names_hash_bucket_size 128; + types_hash_max_size 2048; + types_hash_bucket_size 64; + proxy_read_timeout 2400s; + client_header_timeout 2400s; + client_body_timeout 2400s; + proxy_connect_timeout 75s; + proxy_send_timeout 2400s; + proxy_buffer_size 128k; + proxy_buffers 40 128k; + proxy_busy_buffers_size 128k; + proxy_temp_file_write_size 250m; + proxy_http_version 1.1; + client_body_buffer_size 128k; + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + log_format timing 'ip = $remote_addr ' + 'user = \"$remote_user\" ' + 'local_time = \"$time_local\" ' + 'host = $host ' + 'request = \"$request\" ' + 'status = $status ' + 'bytes = $body_bytes_sent ' + 'upstream = \"$upstream_addr\" ' + 'upstream_time = $upstream_response_time ' + 'request_time = $request_time ' + 'referer = \"$http_referer\" ' + 'UA = \"$http_user_agent\"'; + access_log {{ .Values.nginx.persistence.mountPath }}/logs/access.log timing; + sendfile on; + #tcp_nopush on; + keepalive_timeout 65; + #gzip on; + include /etc/nginx/conf.d/*.conf; + } + + artifactoryConf: | + {{- if .Values.nginx.https.enabled }} + ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; + ssl_certificate {{ .Values.nginx.persistence.mountPath }}/ssl/tls.crt; + ssl_certificate_key {{ .Values.nginx.persistence.mountPath }}/ssl/tls.key; + ssl_session_cache shared:SSL:1m; + ssl_prefer_server_ciphers on; + {{- end }} + ## server configuration + server { + {{- if .Values.nginx.internalPortHttps }} + listen {{ .Values.nginx.internalPortHttps }} ssl; + {{- else -}} + {{- if .Values.nginx.https.enabled }} + listen {{ .Values.nginx.https.internalPort }} ssl; + {{- end }} + {{- end }} + {{- if .Values.nginx.internalPortHttp }} + listen {{ .Values.nginx.internalPortHttp }}; + {{- else -}} + {{- if .Values.nginx.http.enabled }} + listen {{ .Values.nginx.http.internalPort }}; + {{- end }} + {{- end }} + server_name ~(?.+)\.{{ include "artifactory-ha.fullname" . }} {{ include "artifactory-ha.fullname" . }} + {{- range .Values.ingress.hosts -}} + {{- if contains "." . -}} + {{ "" | indent 0 }} ~(?.+)\.{{ . }} + {{- end -}} + {{- end -}}; + if ($http_x_forwarded_proto = '') { + set $http_x_forwarded_proto $scheme; + } + ## Application specific logs + ## access_log /var/log/nginx/artifactory-access.log timing; + ## error_log /var/log/nginx/artifactory-error.log; + rewrite ^/artifactory/?$ / redirect; + if ( $repo != "" ) { + rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/$repo/$1/$2 break; + } + chunked_transfer_encoding on; + client_max_body_size 0; + + location / { + proxy_read_timeout 900; + proxy_pass_header Server; + proxy_cookie_path ~*^/.* /; + proxy_pass {{ include "artifactory-ha.scheme" . }}://{{ include "artifactory-ha.fullname" . }}:{{ .Values.artifactory.externalPort }}/; + {{- if .Values.nginx.service.ssloffload}} + proxy_set_header X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host; + {{- else }} + proxy_set_header X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host:$server_port; + proxy_set_header X-Forwarded-Port $server_port; + {{- end }} + proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + add_header Strict-Transport-Security always; + + location /artifactory/ { + if ( $request_uri ~ ^/artifactory/(.*)$ ) { + proxy_pass {{ include "artifactory-ha.scheme" . }}://{{ include "artifactory-ha.fullname" . }}:{{ .Values.artifactory.externalArtifactoryPort }}/artifactory/$1; + } + proxy_pass {{ include "artifactory-ha.scheme" . }}://{{ include "artifactory-ha.fullname" . }}:{{ .Values.artifactory.externalArtifactoryPort }}/artifactory/; + } + } + } + + service: + ## For minikube, set this to NodePort, elsewhere use LoadBalancer + type: LoadBalancer + ssloffload: false + ## For supporting whitelist on the Nginx LoadBalancer service + ## Set this to a list of IP CIDR ranges + ## Example: loadBalancerSourceRanges: ['10.10.10.5/32', '10.11.10.5/32'] + ## or pass from helm command line + ## Example: helm install ... --set nginx.service.loadBalancerSourceRanges='{10.10.10.5/32,10.11.10.5/32}' + loadBalancerSourceRanges: [] + ## Provide static ip address + loadBalancerIP: + ## There are two available options: “Cluster” (default) and “Local”. + externalTrafficPolicy: Cluster + labels: {} + # label-key: label-value + http: + enabled: true + externalPort: 80 + internalPort: 80 + https: + enabled: true + externalPort: 443 + internalPort: 443 + # DEPRECATED: The following will be replaced by L1065-L1076 in a future release + # externalPortHttp: 80 + # internalPortHttp: 80 + # externalPortHttps: 443 + # internalPortHttps: 443 + + ssh: + internalPort: 1339 + externalPort: 1339 + + ## The following settings are to configure the frequency of the liveness and readiness probes + livenessProbe: + enabled: true + path: /router/api/v1/system/health + initialDelaySeconds: 0 + failureThreshold: 10 + timeoutSeconds: 5 + periodSeconds: 10 + successThreshold: 1 + + readinessProbe: + enabled: true + path: /router/api/v1/system/health + initialDelaySeconds: 0 + failureThreshold: 10 + timeoutSeconds: 5 + periodSeconds: 10 + successThreshold: 1 + + startupProbe: + enabled: true + path: /router/api/v1/system/health + initialDelaySeconds: 30 + failureThreshold: 60 + periodSeconds: 5 + timeoutSeconds: 5 + + ## The SSL secret that will be used by the Nginx pod + # tlsSecretName: chart-example-tls + ## Custom ConfigMap for nginx.conf + customConfigMap: + ## Custom ConfigMap for artifactory.conf + customArtifactoryConfigMap: + persistence: + mountPath: "/var/opt/jfrog/nginx" + enabled: false + ## A manually managed Persistent Volume and Claim + ## Requires persistence.enabled: true + ## If defined, PVC must be created manually before volume will be bound + # existingClaim: + + accessMode: ReadWriteOnce + size: 5Gi + ## nginx data Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClassName: "-" + resources: {} + # requests: + # memory: "250Mi" + # cpu: "100m" + # limits: + # memory: "250Mi" + # cpu: "500m" + + nodeSelector: {} + + tolerations: [] + + affinity: {} + +# Filebeat Sidecar container +## The provided filebeat configuration is for Artifactory logs. It assumes you have a logstash installed and configured properly. +filebeat: + enabled: false + name: artifactory-filebeat + image: + repository: "docker.elastic.co/beats/filebeat" + version: 7.9.2 + logstashUrl: "logstash:5044" + + terminationGracePeriod: 10 + + livenessProbe: + exec: + command: + - sh + - -c + - | + #!/usr/bin/env bash -e + curl --fail 127.0.0.1:5066 + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + + readinessProbe: + exec: + command: + - sh + - -c + - | + #!/usr/bin/env bash -e + filebeat test output + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + + resources: {} +# requests: +# memory: "100Mi" +# cpu: "100m" +# limits: +# memory: "100Mi" +# cpu: "100m" + + filebeatYml: | + logging.level: info + path.data: {{ .Values.artifactory.persistence.mountPath }}/log/filebeat + name: artifactory-filebeat + queue.spool: ~ + filebeat.inputs: + - type: log + enabled: true + close_eof: ${CLOSE:false} + paths: + - {{ .Values.artifactory.persistence.mountPath }}/log/*.log + fields: + service: "jfrt" + log_type: "artifactory" + output: + logstash: + hosts: ["{{ .Values.filebeat.logstashUrl }}"] + +## Allows to add additional kubernetes resources +## Use --- as a separator between multiple resources +## For an example, refer - https://github.com/jfrog/log-analytics-prometheus/blob/master/artifactory-ha-values.yaml +additionalResources: | + +# Adding entries to a Pod's /etc/hosts file +# For an example, refer - https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases +hostAliases: [] +# - ip: "127.0.0.1" +# hostnames: +# - "foo.local" +# - "bar.local" +# - ip: "10.1.2.3" +# hostnames: +# - "foo.remote" +# - "bar.remote" diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/.helmignore b/charts/artifactory-ha/artifactory-ha/4.7.600/.helmignore new file mode 100644 index 000000000..c7eb1e274 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +OWNERS \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/CHANGELOG.md b/charts/artifactory-ha/artifactory-ha/4.7.600/CHANGELOG.md new file mode 100644 index 000000000..d39066f5a --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/CHANGELOG.md @@ -0,0 +1,989 @@ +# JFrog Artifactory-ha Chart Changelog +All changes to this chart will be documented in this file + +## [4.7.6] - Jan 11, 2020 +* Updated Artifactory version to 7.12.6 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.12.6) + +## [4.7.5] - Jan 07, 2020 +* Added support for optional tracker dedicated ingress `.Values.artifactory.replicator.trackerIngress.enabled` (defaults to false) + +## [4.7.4] - Jan 04, 2020 +* Fixed gid support for statefulset + +## [4.7.3] - Dec 31, 2020 +* Added gid support for statefulset +* Add setSecurityContext flag to allow securityContext block to be removed from artifactory statefulset + +## [4.7.2] - Dec 29, 2020 +* **Important:** Removed `.Values.metrics` and `.Values.fluentd` (Fluentd and Prometheus integrations) +* Add support for creating additional kubernetes resources - [refer here](https://github.com/jfrog/log-analytics-prometheus/blob/master/artifactory-ha-values.yaml) +* Updated Artifactory version to 7.12.5 + +## [4.7.1] - Dec 21, 2020 +* Updated Artifactory version to 7.12.3 + +## [4.7.0] - Dec 18, 2020 +* Updated Artifactory version to 7.12.2 +* Added `.Values.artifactory.openMetrics.enabled` + +## [4.6.1] - Dec 11, 2020 +* Added configurable `.Values.global.versions.artifactory` in values.yaml + +## [4.6.0] - Dec 10, 2020 +* Update postgresql tag version to `12.5.0-debian-10-r25` +* Fixed `artifactory.persistence.googleStorage.endpoint` from `storage.googleapis.com` to `commondatastorage.googleapis.com` +* Updated chart maintainers email + +## [4.5.5] - Dec 4, 2020 +* **Important:** Renamed `.Values.systemYaml` to `.Values.systemYamlOverride` + +## [4.5.4] - Dec 1, 2020 +* Improve error message returned when attempting helm upgrade command + +## [4.5.3] - Nov 30, 2020 +* Updated Artifactory version to 7.11.5 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.11) + +# [4.5.2] - Nov 23, 2020 +* Updated Artifactory version to 7.11.2 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.11) +* Updated port namings on services and pods to allow for istio protocol discovery +* Change semverCompare checks to support hosted Kubernetes +* Add flag to disable creation of ServiceMonitor when enabling prometheus metrics +* Prevent the PostHook command to be executed if the user did not specify a command in the values file +* Fix issue with tls file generation when nginx.https.enabled is false + +## [4.5.1] - Nov 19, 2020 +* Updated Artifactory version to 7.11.2 +* Bugfix - access.config.import.xml override Access Federation configurations + +## [4.5.0] - Nov 17, 2020 +* Updated Artifactory version to 7.11.1 +* Update alpine tag version to `3.12.1` + +## [4.4.6] - Nov 10, 2020 +* Pass system.yaml via external secret for advanced usecases +* Added support for custom ingress +* Bugfix - stateful set not picking up changes to database secrets + +## [4.4.5] - Nov 9, 2020 +* Updated Artifactory version to 7.10.6 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.10.6) + +## [4.4.4] - Nov 2, 2020 +* Add enablePathStyleAccess property for aws-s3-v3 binary provider template + +## [4.4.3] - Nov 2, 2020 +* Updated Artifactory version to 7.10.5 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.10.5) + +## [4.4.2] - Oct 22, 2020 +* Chown bug fix where Linux capability cannot chown all files causing log line warnings +* Fix Frontend timeout linting issue + +## [4.4.1] - Oct 20, 2020 +* Add flag to disable prepare-custom-persistent-volume init container + +## [4.4.0] - Oct 19, 2020 +* Updated Artifactory version to 7.10.2 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.10.2) + +## [4.3.4] - Oct 19, 2020 +* Add support to specify priorityClassName for nginx deployment + +## [4.3.3] - Oct 15, 2020 +* Fixed issue with node PodDisruptionBudget which also getting applied on the primary +* Fix mandatory masterKey check issue when upgrading from 6.x to 7.x + +## [4.3.2] - Oct 14, 2020 +* Add support to allow more than 1 Primary in Artifactory-ha STS + +## [4.3.1] - Oct 9, 2020 +* Add global support for customInitContainersBegin + +## [4.3.0] - Oct 07, 2020 +* Updated Artifactory version to 7.9.1 +* **Breaking change:** Fix `storageClass` to correct `storageClassName` in values.yaml + +## [4.2.0] - Oct 5, 2020 +* Expose Prometheus metrics via a ServiceMonitor +* Parse log files for metric data with Fluentd + +## [4.1.0] - Sep 30, 2020 +* Updated Artifactory version to 7.9.0 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.9) + +## [4.0.12] - Sep 25, 2020 +* Update to use linux capability CAP_CHOWN instead of root base init container to avoid any use of root containers to pass Redhat security requirements + +## [4.0.11] - Sep 28, 2020 +* Setting chart coordinates in migitation yaml + +## [4.0.10] - Sep 25, 2020 +* Update filebeat version to `7.9.2` + +## [4.0.9] - Sep 24, 2020 +* Fixed broken issue - when setting `waitForDatabase:false` container startup still waits for DB + +## [4.0.8] - Sep 22, 2020 +* Updated readme + +## [4.0.7] - Sep 22, 2020 +* Fix lint issue in migitation yaml + +## [4.0.6] - Sep 22, 2020 +* Fix broken migitation yaml + +## [4.0.5] - Sep 21, 2020 +* Added mitigation yaml for Artifactory - [More info](https://github.com/jfrog/chartcenter/blob/master/docs/securitymitigationspec.md) + +## [4.0.4] - Sep 17, 2020 +* Added configurable session(UI) timeout in frontend microservice + +## [4.0.3] - Sep 17, 2020 +* Fix small typo in README and added proper required text to be shown while postgres upgrades + +## [4.0.2] - Sep 14, 2020 +* Updated Artifactory version to 7.7.8 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.7.8) + +## [4.0.1] - Sep 8, 2020 +* Added support for artifactory pro license (single node) installation. + +## [4.0.0] - Sep 2, 2020 +* **Breaking change:** Changed `imagePullSecrets` value from string to list +* **Breaking change:** Added `image.registry` and changed `image.version` to `image.tag` for docker images +* Added support for global values +* Updated maintainers in chart.yaml +* Update postgresql tag version to `12.3.0-debian-10-r71` +* Update postgresqlsub chart version to `9.3.4` - [9.x Upgrade Notes](https://github.com/bitnami/charts/tree/master/bitnami/postgresql#900) +* **IMPORTANT** +* If this is a new deployment or you already use an external database (`postgresql.enabled=false`), these changes **do not affect you**! +* If this is an upgrade and you are using the default PostgreSQL (`postgresql.enabled=true`), you need to pass previous 9.x/10.x's postgresql.image.tag and databaseUpgradeReady=true. + +## [3.1.0] - Aug 13, 2020 +* Updated Artifactory version to 7.7.3 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.7) + +## [3.0.15] - Aug 10, 2020 +* Added enableSignedUrlRedirect for persistent storage type aws-s3-v3. + +## [3.0.14] - Jul 31, 2020 +* Update the README section on Nginx SSL termination to reflect the actual YAML structure. + +## [3.0.13] - Jul 30, 2020 +* Added condition to disable the migration scripts. + +## [3.0.12] - Jul 29, 2020 +* Document Artifactory node affinity. + +## [3.0.11] - Jul 28, 2020 +* Added maxConnections for persistent storage type aws-s3-v3. + +## [3.0.10] - Jul 28, 2020 +Bugfix / support for userPluginSecrets with Artifactory 7 + +## [3.0.9] - Jul 27, 2020 +* Add tpl to external database secrets. +* Modified `scheme` to `artifactory-ha.scheme` + +## [3.0.8] - Jul 23, 2020 +* Added condition to disable the migration init container. + +## [3.0.7] - Jul 21, 2020 +* Updated Artifactory-ha Chart to add node and primary labels to pods and service objects. + +## [3.0.6] - Jul 20, 2020 +* Support custom CA and certificates + +## [3.0.5] - Jul 13, 2020 +* Updated Artifactory version to 7.6.3 - https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.6.3 +* Fixed Mysql database jar path in `preStartCommand` in README + +## [3.0.4] - Jul 8, 2020 +* Move some postgresql values to where they should be according to the subchart + +## [3.0.3] - Jul 8, 2020 +* Set Artifactory access client connections to the same value as the access threads. + +## [3.0.2] - Jul 6, 2020 +* Updated Artifactory version to 7.6.2 +* **IMPORTANT** +* Added ChartCenter Helm repository in README + +## [3.0.1] - Jul 01, 2020 +* Add dedicated ingress object for Replicator service when enabled + +## [3.0.0] - Jun 30, 2020 +* Update postgresql tag version to `10.13.0-debian-10-r38` +* Update alpine tag version to `3.12` +* Update busybox tag version to `1.31.1` +* **IMPORTANT** +* If this is a new deployment or you already use an external database (`postgresql.enabled=false`), these changes **do not affect you**! +* If this is an upgrade and you are using the default PostgreSQL (`postgresql.enabled=true`), you need to pass postgresql.image.tag=9.6.18-debian-10-r7 and databaseUpgradeReady=true + +## [2.6.0] - Jun 29, 2020 +* Updated Artifactory version to 7.6.1 - https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.6.1 +* Add tpl for external database secrets + +## [2.5.8] - Jun 25, 2020 +* Stop loading the Nginx stream module because it is now a core module + +## [2.5.7] - Jun 18, 2020 +* Fixes bootstrap configMap issue on member node + +## [2.5.6] - Jun 11, 2020 +* Support list of custom secrets + +## [2.5.5] - Jun 11, 2020 +* NOTES.txt fixed incorrect information + +## [2.5.4] - Jun 12, 2020 +* Updated Artifactory version to 7.5.7 - https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.5.7 + +## [2.5.3] - Jun 8, 2020 +* Statically setting primary service type to ClusterIP. +* Prevents primary service from being exposed publicly when using LoadBalancer type on cloud providers. + +## [2.5.2] - Jun 8, 2020 +* Readme update - configuring Artifactory with oracledb + +## [2.5.1] - Jun 5, 2020 +* Fixes broken PDB issue upgrading from 6.x to 7.x + +## [2.5.0] - Jun 1, 2020 +* Updated Artifactory version to 7.5.5 - https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.5 +* Fixes bootstrap configMap permission issue +* Update postgresql tag version to `9.6.18-debian-10-r7` + +## [2.4.10] - May 27, 2020 +* Added Tomcat maxThreads & acceptCount + +## [2.4.9] - May 25, 2020 +* Fixed postgresql README `image` Parameters + +## [2.4.8] - May 24, 2020 +* Fixed typo in README regarding migration timeout + +## [2.4.7] - May 19, 2020 +* Added metadata maxOpenConnections + +## [2.4.6] - May 07, 2020 +* Fix `installerInfo` string format + +## [2.4.5] - Apr 27, 2020 +* Updated Artifactory version to 7.4.3 + +## [2.4.4] - Apr 27, 2020 +* Change customInitContainers order to run before the "migration-ha-artifactory" initContainer + +## [2.4.3] - Apr 24, 2020 +* Fix `artifactory.persistence.awsS3V3.useInstanceCredentials` incorrect conditional logic +* Bump postgresql tag version to `9.6.17-debian-10-r72` in values.yaml + +## [2.4.2] - Apr 16, 2020 +* Custom volume mounts in migration init container. + +## [2.4.1] - Apr 16, 2020 +* Fix broken support for gcpServiceAccount for googleStorage + +## [2.4.0] - Apr 14, 2020 +* Updated Artifactory version to 7.4.1 + +## [2.3.1] - April 13, 2020 +* Update README with helm v3 commands + +## [2.3.0] - April 10, 2020 +* Use dependency charts from `https://charts.bitnami.com/bitnami` +* Bump postgresql chart version to `8.7.3` in requirements.yaml +* Bump postgresql tag version to `9.6.17-debian-10-r21` in values.yaml + +## [2.2.11] - Apr 8, 2020 +* Added recommended ingress annotation to avoid 413 errors + +## [2.2.10] - Apr 8, 2020 +* Moved migration scripts under `files` directory +* Support preStartCommand in migration Init container as `artifactory.migration.preStartCommand` + +## [2.2.9] - Apr 01, 2020 +* Support masterKey and joinKey as secrets + +## [2.2.8] - Apr 01, 2020 +* Ensure that the join key is also copied when provided by an external secret +* Migration container in primary and node statefulset now respects custom versions and the specified node/primary resources + +## [2.2.7] - Apr 01, 2020 +* Added cache-layer in chain definition of Google Cloud Storage template +* Fix readme use to `-hex 32` instead of `-hex 16` + +## [2.2.6] - Mar 31, 2020 +* Change the way the artifactory `command:` is set so it will properly pass a SIGTERM to java + +## [2.2.5] - Mar 31, 2020 +* Removed duplicate `artifactory-license` volume from primary node + +## [2.2.4] - Mar 31, 2020 +* Restore `artifactory-license` volume for the primary node + +## [2.2.3] - Mar 29, 2020 +* Add Nginx log options: stderr as logfile and log level + +## [2.2.2] - Mar 30, 2020 +* Apply initContainers.resources to `copy-system-yaml`, `prepare-custom-persistent-volume`, and `migration-artifactory-ha` containers +* Use the same defaulting mechanism used for the artifactory version used elsewhere in the chart +* Removed duplicate `artifactory-license` volume that prevented using an external secret + +## [2.2.1] - Mar 29, 2020 +* Fix loggers sidecars configurations to support new file system layout and new log names + +## [2.2.0] - Mar 29, 2020 +* Fix broken admin user bootstrap configuration +* **Breaking change:** renamed `artifactory.accessAdmin` to `artifactory.admin` + +## [2.1.3] - Mar 24, 2020 +* Use `postgresqlExtendedConf` for setting custom PostgreSQL configuration (instead of `postgresqlConfiguration`) + +## [2.1.2] - Mar 21, 2020 +* Support for SSL offload in Nginx service(LoadBalancer) layer. Introduced `nginx.service.ssloffload` field with boolean type. + +## [2.1.1] - Mar 23, 2020 +* Moved installer info to values.yaml so it is fully customizable + +## [2.1.0] - Mar 23, 2020 +* Updated Artifactory version to 7.3.2 + +## [2.0.36] - Mar 20, 2020 +* Add support GCP credentials.json authentication + +## [2.0.35] - Mar 20, 2020 +* Add support for masterKey trim during 6.x to 7.x migration if 6.x masterKey is 32 hex (64 characters) + +## [2.0.34] - Mar 19, 2020 +* Add support for NFS directories `haBackupDir` and `haDataDir` + +## [2.0.33] - Mar 18, 2020 +* Increased Nginx proxy_buffers size + +## [2.0.32] - Mar 17, 2020 +* Changed all single quotes to double quotes in values files +* useInstanceCredentials variable was declared in S3 settings but not used in chart. Now it is being used. + +## [2.0.31] - Mar 17, 2020 +* Fix rendering of Service Account annotations + +## [2.0.30] - Mar 16, 2020 +* Add Unsupported message from 6.18 to 7.2.x (migration) + +## [2.0.29] - Mar 11, 2020 +* Upgrade Docs update + +## [2.0.28] - Mar 11, 2020 +* Unified charts public release + +## [2.0.27] - Mar 8, 2020 +* Add an optional wait for primary node to be ready with a proper test for http status + +## [2.0.23] - Mar 6, 2020 +* Fix path to `/artifactory_bootstrap` +* Add support for controlling the name of the ingress and allow to set more than one cname + +## [2.0.22] - Mar 4, 2020 +* Add support for disabling `consoleLog` in `system.yaml` file + +## [2.0.21] - Feb 28, 2020 +* Add support to process `valueFrom` for extraEnvironmentVariables + +## [2.0.20] - Feb 26, 2020 +* Store join key to secret + +## [2.0.19] - Feb 26, 2020 +* Updated Artifactory version to 7.2.1 + +## [2.0.12] - Feb 07, 2020 +* Remove protection flag `databaseUpgradeReady` which was added to check internal postgres upgrade + +## [2.0.0] - Feb 07, 2020 +* Updated Artifactory version to 7.0.0 + +## [1.4.10] - Feb 13, 2020 +* Add support for SSH authentication to Artifactory + +## [1.4.9] - Feb 10, 2020 +* Fix custom DB password indention + +## [1.4.8] - Feb 9, 2020 +* Add support for `tpl` in the `postStartCommand` + +## [1.4.7] - Feb 4, 2020 +* Support customisable Nginx kind + +## [1.4.6] - Feb 2, 2020 +* Add a comment stating that it is recommended to use an external PostgreSQL with a static password for production installations + +## [1.4.5] - Feb 2, 2020 +* Add support for primary or member node specific preStartCommand + +## [1.4.4] - Jan 30, 2020 +* Add the option to configure resources for the logger containers + +## [1.4.3] - Jan 26, 2020 +* Improve `database.user` and `database.password` logic in order to support more use cases and make the configuration less repetitive + +## [1.4.2] - Jan 22, 2020 +* Refined pod disruption budgets to separate nginx and Artifactory pods + +## [1.4.1] - Jan 19, 2020 +* Fix replicator port config in nginx replicator configmap + +## [1.4.0] - Jan 19, 2020 +* Updated Artifactory version to 6.17.0 + +## [1.3.8] - Jan 16, 2020 +* Added example for external nginx-ingress + +## [1.3.7] - Jan 07, 2020 +* Add support for customizable `mountOptions` of NFS PVs + +## [1.3.6] - Dec 30, 2019 +* Fix for nginx probes failing when launched with http disabled + +## [1.3.5] - Dec 24, 2019 +* Better support for custom `artifactory.internalPort` + +## [1.3.4] - Dec 23, 2019 +* Mark empty map values with `{}` + +## [1.3.3] - Dec 16, 2019 +* Another fix for toggling nginx service ports + +## [1.3.2] - Dec 12, 2019 +* Fix for toggling nginx service ports + +## [1.3.1] - Dec 10, 2019 +* Add support for toggling nginx service ports + +## [1.3.0] - Dec 1, 2019 +* Updated Artifactory version to 6.16.0 + +## [1.2.4] - Nov 28, 2019 +* Add support for using existing PriorityClass + +## [1.2.3] - Nov 27, 2019 +* Add support for PriorityClass + +## [1.2.2] - Nov 20, 2019 +* Update Artifactory logo + +## [1.2.1] - Nov 18, 2019 +* Add the option to provide service account annotations (in order to support stuff like https://docs.aws.amazon.com/eks/latest/userguide/specify-service-account-role.html) + +## [1.2.0] - Nov 18, 2019 +* Updated Artifactory version to 6.15.0 + +## [1.1.12] - Nov 17, 2019 +* Fix `README.md` format (broken table) + +## [1.1.11] - Nov 17, 2019 +* Update comment on Artifactory master key + +## [1.1.10] - Nov 17, 2019 +* Fix creation of double slash in nginx artifactory configuration + +## [1.1.9] - Nov 14, 2019 +* Set explicit `postgresql.postgresqlPassword=""` to avoid helm v3 error + +## [1.1.8] - Nov 12, 2019 +* Updated Artifactory version to 6.14.1 + +## [1.1.7] - Nov 11, 2019 +* Additional documentation for masterKey + +## [1.1.6] - Nov 10, 2019 +* Update PostgreSQL chart version to 7.0.1 +* Use formal PostgreSQL configuration format + +## [1.1.5] - Nov 8, 2019 +* Add support `artifactory.service.loadBalancerSourceRanges` for whitelisting when setting `artifactory.service.type=LoadBalancer` + +## [1.1.4] - Nov 6, 2019 +* Add support for any type of environment variable by using `extraEnvironmentVariables` as-is + +## [1.1.3] - Nov 6, 2019 +* Add nodeselector support for Postgresql + +## [1.1.2] - Nov 5, 2019 +* Add support for the aws-s3-v3 filestore, which adds support for pod IAM roles + +## [1.1.1] - Nov 4, 2019 +* When using `copyOnEveryStartup`, make sure that the target base directories are created before copying the files + +## [1.1.0] - Nov 3, 2019 +* Updated Artifactory version to 6.14.0 + +## [1.0.1] - Nov 3, 2019 +* Make sure the artifactory pod exits when one of the pre-start stages fail + +## [1.0.0] - Oct 27, 2019 +**IMPORTANT - BREAKING CHANGES!**
+**DOWNTIME MIGHT BE REQUIRED FOR AN UPGRADE!** +* If this is a new deployment or you already use an external database (`postgresql.enabled=false`), these changes **do not affect you**! +* If this is an upgrade and you are using the default PostgreSQL (`postgresql.enabled=true`), must use the upgrade instructions in [UPGRADE_NOTES.md](UPGRADE_NOTES.md)! +* PostgreSQL sub chart was upgraded to version `6.5.x`. This version is **not backward compatible** with the old version (`0.9.5`)! +* Note the following **PostgreSQL** Helm chart changes + * The chart configuration has changed! See [values.yaml](values.yaml) for the new keys used + * **PostgreSQL** is deployed as a StatefulSet + * See [PostgreSQL helm chart](https://hub.helm.sh/charts/stable/postgresql) for all available configurations + +## [0.17.3] - Oct 24, 2019 +* Change the preStartCommand to support templating + +## [0.17.2] - Oct 21, 2019 +* Add support for setting `artifactory.primary.labels` +* Add support for setting `artifactory.node.labels` +* Add support for setting `nginx.labels` + +## [0.17.1] - Oct 10, 2019 +* Updated Artifactory version to 6.13.1 + +## [0.17.0] - Oct 7, 2019 +* Updated Artifactory version to 6.13.0 + +## [0.16.7] - Sep 24, 2019 +* Option to skip wait-for-db init container with '--set waitForDatabase=false' + +## [0.16.6] - Sep 24, 2019 +* Add support for setting `nginx.service.labels` + +## [0.16.5] - Sep 23, 2019 +* Add support for setting `artifactory.customInitContainersBegin` + +## [0.16.4] - Sep 20, 2019 +* Add support for setting `initContainers.resources` + +## [0.16.3] - Sep 11, 2019 +* Updated Artifactory version to 6.12.2 + +## [0.16.2] - Sep 9, 2019 +* Updated Artifactory version to 6.12.1 + +## [0.16.1] - Aug 22, 2019 +* Fix the nginx server_name directive used with ingress.hosts + +## [0.16.0] - Aug 21, 2019 +* Updated Artifactory version to 6.12.0 + +## [0.15.15] - Aug 18, 2019 +* Fix existingSharedClaim permissions issue and example + +## [0.15.14] - Aug 14, 2019 +* Updated Artifactory version to 6.11.6 + +## [0.15.13] - Aug 11, 2019 +* Fix Ingress routing and add an example + +## [0.15.12] - Aug 6, 2019 +* Do not mount `access/etc/bootstrap.creds` unless user specifies a custom password or secret (Access already generates a random password if not provided one) +* If custom `bootstrap.creds` is provided (using keys or custom secret), prepare it with an init container so the temp file does not persist + +## [0.15.11] - Aug 5, 2019 +* Improve binarystore config + 1. Convert to a secret + 2. Move config to values.yaml + 3. Support an external secret + +## [0.15.10] - Aug 5, 2019 +* Don't create the nginx configmaps when nginx.enabled is false + +## [0.15.9] - Aug 1, 2019 +* Fix masterkey/masterKeySecretName not specified warning render logic in NOTES.txt + +## [0.15.8] - Jul 28, 2019 +* Simplify nginx setup and shorten initial wait for probes + +## [0.15.7] - Jul 25, 2019 +* Updated README about how to apply Artifactory licenses + +## [0.15.6] - Jul 22, 2019 +* Change Ingress API to be compatible with recent kubernetes versions + +## [0.15.5] - Jul 22, 2019 +* Updated Artifactory version to 6.11.3 + +## [0.15.4] - Jul 11, 2019 +* Add `artifactory.customVolumeMounts` support to member node statefulset template + +## [0.15.3] - Jul 11, 2019 +* Add ingress.hosts to the Nginx server_name directive when ingress is enabled to help with Docker repository sub domain configuration + +## [0.15.2] - Jul 3, 2019 +* Add the option for changing nginx config using values.yaml and remove outdated reverse proxy documentation + +## [0.15.1] - Jul 1, 2019 +* Updated Artifactory version to 6.11.1 + +## [0.15.0] - Jun 27, 2019 +* Updated Artifactory version to 6.11.0 and Restart Primary node when bootstrap.creds file has been modified in artifactory-ha + +## [0.14.4] - Jun 24, 2019 +* Add the option to provide an IP for the access-admin endpoints + +## [0.14.3] - Jun 24, 2019 +* Update chart maintainers + +## [0.14.2] - Jun 24, 2019 +* Change Nginx to point to the artifactory externalPort + +## [0.14.1] - Jun 23, 2019 +* Add values files for small, medium and large installations + +## [0.14.0] - Jun 20, 2019 +* Use ConfigMaps for nginx configuration and remove nginx postStart command + +## [0.13.10] - Jun 19, 2019 +* Updated Artifactory version to 6.10.4 + +## [0.13.9] - Jun 18, 2019 +* Add the option to provide additional ingress rules + +## [0.13.8] - Jun 14, 2019 +* Updated readme with improved external database setup example + +## [0.13.7] - Jun 6, 2019 +* Updated Artifactory version to 6.10.3 +* Updated installer-info template + +## [0.13.6] - Jun 6, 2019 +* Updated Google Cloud Storage API URL and https settings + +## [0.13.5] - Jun 5, 2019 +* Delete the db.properties file on Artifactory startup + +## [0.13.4] - Jun 3, 2019 +* Updated Artifactory version to 6.10.2 + +## [0.13.3] - May 21, 2019 +* Updated Artifactory version to 6.10.1 + +## [0.13.2] - May 19, 2019 +* Fix missing logger image tag + +## [0.13.1] - May 15, 2019 +* Support `artifactory.persistence.cacheProviderDir` for on-premise cluster + +## [0.13.0] - May 7, 2019 +* Updated Artifactory version to 6.10.0 + +## [0.12.23] - May 5, 2019 +* Add support for setting `artifactory.async.corePoolSize` + +## [0.12.22] - May 2, 2019 +* Remove unused property `artifactory.releasebundle.feature.enabled` + +## [0.12.21] - Apr 30, 2019 +* Add support for JMX monitoring + +## [0.12.20] - Apr29, 2019 +* Added support for headless services + +## [0.12.19] - Apr 28, 2019 +* Added support for `cacheProviderDir` + +## [0.12.18] - Apr 18, 2019 +* Changing API StatefulSet version to `v1` and permission fix for custom `artifactory.conf` for Nginx + +## [0.12.17] - Apr 16, 2019 +* Updated documentation for Reverse Proxy Configuration + +## [0.12.16] - Apr 12, 2019 +* Added support for `customVolumeMounts` + +## [0.12.15] - Aprl 12, 2019 +* Added support for `bucketExists` flag for googleStorage + +## [0.12.14] - Apr 11, 2019 +* Replace `curl` examples with `wget` due to the new base image + +## [0.12.13] - Aprl 07, 2019 +* Add support for providing the Artifactory license as a parameter + +## [0.12.12] - Apr 10, 2019 +* Updated Artifactory version to 6.9.1 + +## [0.12.11] - Aprl 04, 2019 +* Add support for templated extraEnvironmentVariables + +## [0.12.10] - Aprl 07, 2019 +* Change network policy API group + +## [0.12.9] - Aprl 04, 2019 +* Apply the existing PVC for members (in addition to primary) + +## [0.12.8] - Aprl 03, 2019 +* Bugfix for userPluginSecrets + +## [0.12.7] - Apr 4, 2019 +* Add information about upgrading Artifactory with auto-generated postgres password + +## [0.12.6] - Aprl 03, 2019 +* Added installer info + +## [0.12.5] - Aprl 03, 2019 +* Allow secret names for user plugins to contain template language + +## [0.12.4] - Apr 02, 2019 +* Fix issue #253 (use existing PVC for data and backup storage) + +## [0.12.3] - Apr 02, 2019 +* Allow NetworkPolicy configurations (defaults to allow all) + +## [0.12.2] - Aprl 01, 2019 +* Add support for user plugin secret + +## [0.12.1] - Mar 26, 2019 +* Add the option to copy a list of files to ARTIFACTORY_HOME on startup + +## [0.12.0] - Mar 26, 2019 +* Updated Artifactory version to 6.9.0 + +## [0.11.18] - Mar 25, 2019 +* Add CI tests for persistence, ingress support and nginx + +## [0.11.17] - Mar 22, 2019 +* Add the option to change the default access-admin password + +## [0.11.16] - Mar 22, 2019 +* Added support for `.Probe.path` to customise the paths used for health probes + +## [0.11.15] - Mar 21, 2019 +* Added support for `artifactory.customSidecarContainers` to create custom sidecar containers +* Added support for `artifactory.customVolumes` to create custom volumes + +## [0.11.14] - Mar 21, 2019 +* Make ingress path configurable + +## [0.11.13] - Mar 19, 2019 +* Move the copy of bootstrap config from postStart to preStart for Primary + +## [0.11.12] - Mar 19, 2019 +* Fix existingClaim example + +## [0.11.11] - Mar 18, 2019 +* Disable the option to use nginx PVC with more than one replica + +## [0.11.10] - Mar 15, 2019 +* Wait for nginx configuration file before using it + +## [0.11.9] - Mar 15, 2019 +* Revert securityContext changes since they were causing issues + +## [0.11.8] - Mar 15, 2019 +* Fix issue #247 (init container failing to run) + +## [0.11.7] - Mar 14, 2019 +* Updated Artifactory version to 6.8.7 + +## [0.11.6] - Mar 13, 2019 +* Move securityContext to container level + +## [0.11.5] - Mar 11, 2019 +* Add the option to use existing volume claims for Artifactory storage + +## [0.11.4] - Mar 11, 2019 +* Updated Artifactory version to 6.8.6 + +## [0.11.3] - Mar 5, 2019 +* Updated Artifactory version to 6.8.4 + +## [0.11.2] - Mar 4, 2019 +* Add support for catalina logs sidecars + +## [0.11.1] - Feb 27, 2019 +* Updated Artifactory version to 6.8.3 + +## [0.11.0] - Feb 25, 2019 +* Add nginx support for tail sidecars + +## [0.10.3] - Feb 21, 2019 +* Add s3AwsVersion option to awsS3 configuration for use with IAM roles + +## [0.10.2] - Feb 19, 2019 +* Updated Artifactory version to 6.8.2 + +## [0.10.1] - Feb 17, 2019 +* Updated Artifactory version to 6.8.1 +* Add example of `SERVER_XML_EXTRA_CONNECTOR` usage + +## [0.10.0] - Feb 15, 2019 +* Updated Artifactory version to 6.8.0 + +## [0.9.7] - Feb 13, 2019 +* Updated Artifactory version to 6.7.3 + +## [0.9.6] - Feb 7, 2019 +* Add support for tail sidecars to view logs from k8s api + +## [0.9.5] - Feb 6, 2019 +* Fix support for customizing statefulset `terminationGracePeriodSeconds` + +## [0.9.4] - Feb 5, 2019 +* Add support for customizing statefulset `terminationGracePeriodSeconds` + +## [0.9.3] - Feb 5, 2019 +* Remove the inactive server remove plugin + +## [0.9.2] - Feb 3, 2019 +* Updated Artifactory version to 6.7.2 + +## [0.9.1] - Jan 27, 2019 +* Fix support for Azure Blob Storage Binary provider + +## [0.9.0] - Jan 23, 2019 +* Updated Artifactory version to 6.7.0 + +## [0.8.10] - Jan 22, 2019 +* Added support for `artifactory.customInitContainers` to create custom init containers + +## [0.8.9] - Jan 18, 2019 +* Added support of values ingress.labels + +## [0.8.8] - Jan 16, 2019 +* Mount replicator.yaml (config) directly to /replicator_extra_conf + +## [0.8.7] - Jan 15, 2018 +* Add support for Azure Blob Storage Binary provider + +## [0.8.6] - Jan 13, 2019 +* Fix documentation about nginx group id + +## [0.8.5] - Jan 13, 2019 +* Updated Artifactory version to 6.6.5 + +## [0.8.4] - Jan 8, 2019 +* Make artifactory.replicator.publicUrl required when the replicator is enabled + +## [0.8.3] - Jan 1, 2019 +* Updated Artifactory version to 6.6.3 +* Add support for `artifactory.extraEnvironmentVariables` to pass more environment variables to Artifactory + +## [0.8.2] - Dec 28, 2018 +* Fix location `replicator.yaml` is copied to + +## [0.8.1] - Dec 27, 2018 +* Updated Artifactory version to 6.6.1 + +## [0.8.0] - Dec 20, 2018 +* Updated Artifactory version to 6.6.0 + +## [0.7.17] - Dec 17, 2018 +* Updated Artifactory version to 6.5.13 + +## [0.7.16] - Dec 12, 2018 +* Fix documentation about Artifactory license setup using secret + +## [0.7.15] - Dec 9, 2018 +* AWS S3 add `roleName` for using IAM role + +## [0.7.14] - Dec 6, 2018 +* AWS S3 `identity` and `credential` are now added only if have a value to allow using IAM role + +## [0.7.13] - Dec 5, 2018 +* Remove Distribution certificates creation. + +## [0.7.12] - Dec 2, 2018 +* Remove Java option "-Dartifactory.locking.provider.type=db". This is already the default setting. + +## [0.7.11] - Nov 30, 2018 +* Updated Artifactory version to 6.5.9 + +## [0.7.10] - Nov 29, 2018 +* Fixed the volumeMount for the replicator.yaml + +## [0.7.9] - Nov 29, 2018 +* Optionally include primary node into poddisruptionbudget + +## [0.7.8] - Nov 29, 2018 +* Updated postgresql version to 9.6.11 + +## [0.7.7] - Nov 27, 2018 +* Updated Artifactory version to 6.5.8 + +## [0.7.6] - Nov 18, 2018 +* Added support for configMap to use custom Reverse Proxy Configuration with Nginx + +## [0.7.5] - Nov 14, 2018 +* Updated Artifactory version to 6.5.3 + +## [0.7.4] - Nov 13, 2018 +* Allow pod anti-affinity settings to include primary node + +## [0.7.3] - Nov 12, 2018 +* Support artifactory.preStartCommand for running command before entrypoint starts + +## [0.7.2] - Nov 7, 2018 +* Support database.url parameter (DB_URL) + +## [0.7.1] - Oct 29, 2018 +* Change probes port to 8040 (so they will not be blocked when all tomcat threads on 8081 are exhausted) + +## [0.7.0] - Oct 28, 2018 +* Update postgresql chart to version 0.9.5 to be able and use `postgresConfig` options + +## [0.6.9] - Oct 23, 2018 +* Fix providing external secret for database credentials + +## [0.6.8] - Oct 22, 2018 +* Allow user to configure externalTrafficPolicy for Loadbalancer + +## [0.6.7] - Oct 22, 2018 +* Updated ingress annotation support (with examples) to support docker registry v2 + +## [0.6.6] - Oct 21, 2018 +* Updated Artifactory version to 6.5.2 + +## [0.6.5] - Oct 19, 2018 +* Allow providing pre-existing secret containing master key +* Allow arbitrary annotations on primary and member node pods +* Enforce size limits when using local storage with `emptyDir` +* Allow `soft` or `hard` specification of member node anti-affinity +* Allow providing pre-existing secrets containing external database credentials +* Fix `s3` binary store provider to properly use the `cache-fs` provider +* Allow arbitrary properties when using the `s3` binary store provider + +## [0.6.4] - Oct 18, 2018 +* Updated Artifactory version to 6.5.1 + +## [0.6.3] - Oct 17, 2018 +* Add Apache 2.0 license + +## [0.6.2] - Oct 14, 2018 +* Make S3 endpoint configurable (was hardcoded with `s3.amazonaws.com`) + +## [0.6.1] - Oct 11, 2018 +* Allows ingress default `backend` to be enabled or disabled (defaults to enabled) + +## [0.6.0] - Oct 11, 2018 +* Updated Artifactory version to 6.5.0 + +## [0.5.3] - Oct 9, 2018 +* Quote ingress hosts to support wildcard names + +## [0.5.2] - Oct 2, 2018 +* Add `helm repo add jfrog https://charts.jfrog.io` to README + +## [0.5.1] - Oct 2, 2018 +* Set Artifactory to 6.4.1 + +## [0.5.0] - Sep 27, 2018 +* Set Artifactory to 6.4.0 + +## [0.4.7] - Sep 26, 2018 +* Add ci/test-values.yaml + +## [0.4.6] - Sep 25, 2018 +* Add PodDisruptionBudget for member nodes, defaulting to minAvailable of 1 + +## [0.4.4] - Sep 2, 2018 +* Updated Artifactory version to 6.3.2 + +## [0.4.0] - Aug 22, 2018 +* Added support to run as non root +* Updated Artifactory version to 6.2.0 + +## [0.3.0] - Aug 22, 2018 +* Enabled RBAC Support +* Added support for PostStartCommand (To download Database JDBC connector) +* Increased postgresql max_connections +* Added support for `nginx.conf` ConfigMap +* Updated Artifactory version to 6.1.0 diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/Chart.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/Chart.yaml new file mode 100644 index 000000000..a1f6b3dd9 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/Chart.yaml @@ -0,0 +1,20 @@ +annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/release-name: artifactory-ha +apiVersion: v1 +appVersion: 7.12.6 +description: Universal Repository Manager supporting all major packaging formats, build tools and CI servers. +home: https://www.jfrog.com/artifactory/ +icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory-ha/logo/artifactory-logo.png +keywords: +- artifactory +- jfrog +- devops +maintainers: +- email: installers@jfrog.com + name: Chart Maintainers at JFrog +name: artifactory-ha +sources: +- https://bintray.com/jfrog/product/JFrog-Artifactory-Pro/view +- https://github.com/jfrog/charts +version: 4.7.600 diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/LICENSE b/charts/artifactory-ha/artifactory-ha/4.7.600/LICENSE new file mode 100644 index 000000000..8dada3eda --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/README.md b/charts/artifactory-ha/artifactory-ha/4.7.600/README.md new file mode 100644 index 000000000..47fe4db80 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/README.md @@ -0,0 +1,1267 @@ +# JFrog Artifactory High Availability Helm Chart + +**Heads up: Our Helm Chart docs are moving to our main documentation site. For Artifactory installers, see [Installing Artifactory](https://www.jfrog.com/confluence/display/JFROG/Installing+Artifactory).** + +## Prerequisites Details + +* Kubernetes 1.12+ +* Artifactory HA license + +## Chart Details +This chart will do the following: + +* Deploy Artifactory highly available cluster. 1 primary node and 2 member nodes. +* Deploy a PostgreSQL database **NOTE:** For production grade installations it is recommended to use an external PostgreSQL +* Deploy an Nginx server + +## Artifactory HA architecture +The Artifactory HA cluster in this chart is made up of +- A single primary node +- Two member nodes, which can be resized at will + +Load balancing is done to the member nodes only. +This leaves the primary node free to handle jobs and tasks and not be interrupted by inbound traffic. +This can be controlled by the parameter `artifactory.service.pool`. +**NOTE:** + Using artifactory pro license (which supports single node only), set `artifactory.node.replicaCount=0` in values.yaml. + To scale from single node to multiple nodes(>1), use Enterprise(+) license and then do an helm upgrade (Each node need a seperate license). + +## Installing the Chart + +### Add ChartCenter Helm repository + +Before installing JFrog helm charts, you need to add the [ChartCenter helm repository](https://chartcenter.io) to your helm client + +```bash +helm repo add center https://repo.chartcenter.io +helm repo update +``` + +**NOTE:** Passing masterKey is mandatory for fresh install of chart (7.x Appversion) + +### Create a unique Master Key +Artifactory HA cluster requires a unique master key. + +**For production grade installations it is strongly recommended to use a custom master key. If you initially use the default master key it will be very hard to change the master key at a later stage** + +You should generate a unique one and pass it to the template at install/upgrade time. +```bash +# Create a key +export MASTER_KEY=$(openssl rand -hex 32) +echo ${MASTER_KEY} +``` + +### Install Chart +To install the chart with the release name `artifactory-ha`: + +```bash +helm upgrade --install artifactory-ha --set artifactory.masterKey=${MASTER_KEY} --namespace artifactory-ha center/jfrog/artifactory-ha +``` + +### System Configuration +Artifactory uses a common system configuration file - `system.yaml`. See [official documentation](https://www.jfrog.com/confluence/display/JFROG/System+YAML+Configuration+File) on its usage. +In order to override the default `system.yaml` configuration, do the following: +```bash +artifactory: + systemYaml: | + +``` + +### Deploying Artifactory for small/medium/large installations +In the chart directory, we have added three values files, one for each installation type - small/medium/large. These values files are recommendations for setting resources requests and limits for your installation. The values are derived from the following [documentation](https://www.jfrog.com/confluence/display/EP/Installing+on+Kubernetes#InstallingonKubernetes-Systemrequirements). You can find them in the corresponding chart directory - values-small.yaml, values-medium.yaml and values-large.yaml + +### Accessing Artifactory +**NOTE:** It might take a few minutes for Artifactory's public IP to become available, and the nodes to complete initial setup. +Follow the instructions outputted by the install command to get the Artifactory IP and URL to access it. + +### Updating Artifactory +Once you have a new chart version, you can update your deployment with +```bash +helm upgrade artifactory-ha --namespace artifactory-ha center/jfrog/artifactory-ha +``` + +If artifactory was installed without providing a value to postgresql.postgresqlPassword (a password was autogenerated), follow these instructions: +1. Get the current password by running: +```bash +POSTGRES_PASSWORD=$(kubectl get secret -n -postgresql -o jsonpath="{.data.postgresql-password}" | base64 --decode) +``` +2. Upgrade the release by passing the previously auto-generated secret: +```bash +helm upgrade --namespace artifactory-ha center/jfrog/artifactory-ha --set postgresql.postgresqlPassword=${POSTGRES_PASSWORD} +``` + +This will apply any configuration changes on your existing deployment. + +### Special Upgrade Notes +#### Artifactory upgrade from 6.x to 7.x (App Version) +Arifactory 6.x to 7.x upgrade requires a one time migration process. This is done automatically on pod startup if needed. +It's possible to configure the migration timeout with the following configuration in extreme cases. The provided default should be more than enough for completion of the migration. +```yaml +artifactory: + # Migration support from 6.x to 7.x + migration: + enabled: true + timeoutSeconds: 3600 +``` +* Note: If you are upgrading from 1.x to 4.x and above chart versions, please delete the existing statefulset of postgresql before upgrading the chart due to breaking changes in postgresql subchart. +```bash +kubectl delete statefulsets -postgresql +``` + +### Artifactory memory and CPU resources +The Artifactory HA Helm chart comes with support for configured resource requests and limits to all pods. By default, these settings are commented out. +It is **highly** recommended to set these so you have full control of the allocated resources and limits. + +See more information on [setting resources for your Artifactory based on planned usage](https://www.jfrog.com/confluence/display/RTF/System+Requirements#SystemRequirements-RecommendedHardware). + +```bash +# Example of setting resource requests and limits to all pods (including passing java memory settings to Artifactory) +helm upgrade --install artifactory-ha \ + --set artifactory.primary.resources.requests.cpu="500m" \ + --set artifactory.primary.resources.limits.cpu="2" \ + --set artifactory.primary.resources.requests.memory="1Gi" \ + --set artifactory.primary.resources.limits.memory="4Gi" \ + --set artifactory.primary.javaOpts.xms="1g" \ + --set artifactory.primary.javaOpts.xmx="4g" \ + --set artifactory.node.resources.requests.cpu="500m" \ + --set artifactory.node.resources.limits.cpu="2" \ + --set artifactory.node.resources.requests.memory="1Gi" \ + --set artifactory.node.resources.limits.memory="4Gi" \ + --set artifactory.node.javaOpts.xms="1g" \ + --set artifactory.node.javaOpts.xmx="4g" \ + --set initContainers.resources.requests.cpu="10m" \ + --set initContainers.resources.limits.cpu="250m" \ + --set initContainers.resources.requests.memory="64Mi" \ + --set initContainers.resources.limits.memory="128Mi" \ + --set postgresql.resources.requests.cpu="200m" \ + --set postgresql.resources.limits.cpu="1" \ + --set postgresql.resources.requests.memory="500Mi" \ + --set postgresql.resources.limits.memory="1Gi" \ + --set nginx.resources.requests.cpu="100m" \ + --set nginx.resources.limits.cpu="250m" \ + --set nginx.resources.requests.memory="250Mi" \ + --set nginx.resources.limits.memory="500Mi" \ + --namespace artifactory-ha center/jfrog/artifactory-ha +``` +> Artifactory java memory parameters can (and should) also be set to match the allocated resources with `artifactory.[primary|node].javaOpts.xms` and `artifactory.[primary|node].javaOpts.xmx`. + +Get more details on configuring Artifactory in the [official documentation](https://www.jfrog.com/confluence/). + +Although it is possible to set resources limits and requests this way, it is recommended to use the pre-built values files +for small, medium and large installation and change them according to your needs (if necessary), as described [here](#Deploying-Artifactory-for-small/medium/large-installations) + +### Deploying Artifactory for small/medium/large installations +In the chart directory, we have added three values files, one for each installation type - small/medium/large. These values files are recommendations for setting resources requests and limits for your installation. The values are derived from the following [documentation](https://www.jfrog.com/confluence/display/EP/Installing+on+Kubernetes#InstallingonKubernetes-Systemrequirements). You can find them in the corresponding chart directory - values-small.yaml, values-medium.yaml and values-large.yaml + +### Artifactory storage +Artifactory HA support a wide range of storage back ends. You can see more details on [Artifactory HA storage options](https://www.jfrog.com/confluence/display/RTF/HA+Installation+and+Setup#HAInstallationandSetup-SettingUpYourStorageConfiguration) + +In this chart, you set the type of storage you want with `artifactory.persistence.type` and pass the required configuration settings. +The default storage in this chart is the `file-system` replication, where the data is replicated to all nodes. + +> **IMPORTANT:** All storage configurations (except NFS) come with a default `artifactory.persistence.redundancy` parameter. +This is used to set how many replicas of a binary should be stored in the cluster's nodes. +Once this value is set on initial deployment, you can not update it using helm. +It is recommended to set this to a number greater than half of your cluster's size, and never scale your cluster down to a size smaller than this number. + +#### Existing volume claim + +###### Primary node +In order to use an existing volume claim for the Artifactory primary storage, you need to: +- Create a persistent volume claim by the name `volume--artifactory-ha-primary-0` e.g `volume-myrelease-artifactory-ha-primary-0` +- Pass a parameter to `helm install` and `helm upgrade` +```bash +... +--set artifactory.primary.persistence.existingClaim=true +``` + +###### Member nodes +In order to use an existing volume claim for the Artifactory member nodes storage, you need to: +- Create persistent volume claims according to the number of replicas defined at `artifactory.node.replicaCount` by the names `volume--artifactory-ha-member-`, e.g `volume-myrelease-artifactory-ha-member-0` and `volume-myrelease-artifactory-ha-primary-1`. +- Pass a parameter to `helm install` and `helm upgrade` +```bash +... +--set artifactory.node.persistence.existingClaim=true +``` + +#### Existing shared volume claim + +In order to use an existing claim (for data and backup) that is to be shared across all nodes, you need to: + +- Create PVCs with ReadWriteMany that match the naming conventions: +``` + {{ template "artifactory-ha.fullname" . }}-data-pvc- + {{ template "artifactory-ha.fullname" . }}-backup-pvc- +``` +An example that shows 2 existing claims to be used: +``` + myexample-artifactory-ha-data-pvc-0 + myexample-artifactory-ha-backup-pvc-0 + myexample-artifactory-ha-data-pvc-1 + myexample-artifactory-ha-backup-pvc-1 +``` +- Set the artifactory.persistence.fileSystem.existingSharedClaim.enabled in values.yaml to true: +``` +-- set artifactory.persistence.fileSystem.existingSharedClaim.enabled=true +-- set artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims=2 +``` + +#### NFS +To use an NFS server as your cluster's storage, you need to +- Setup an NFS server. Get its IP as `NFS_IP` +- Create a `data` and `backup` directories on the NFS exported directory with write permissions to all +- Pass NFS parameters to `helm install` and `helm upgrade` +```bash +... +--set artifactory.persistence.type=nfs \ +--set artifactory.persistence.nfs.ip=${NFS_IP} \ +... +``` + +#### Google Storage +To use a Google Storage bucket as the cluster's filestore. See [Google Storage Binary Provider](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore#ConfiguringtheFilestore-GoogleStorageBinaryProvider) +- Pass Google Storage parameters to `helm install` and `helm upgrade` +```bash +... +--set artifactory.persistence.type=google-storage \ +--set artifactory.persistence.googleStorage.identity=${GCP_ID} \ +--set artifactory.persistence.googleStorage.credential=${GCP_KEY} \ +... +``` +``` +In order to use a GCP service account, Artifactory needs a gcp.credentials.json file in the same directory asa binaraystore.xml file. +This can be generated by running: +```bash +gcloud iam service-accounts keys create --iam-account +``` +Which will produce the following, which can be saved to a file or copied into your `values.yaml`. +```bash +{ + "type": "service_account", + "project_id": "", + "private_key_id": "?????", + "private_key": "-----BEGIN PRIVATE KEY-----\n????????==\n-----END PRIVATE KEY-----\n", + "client_email": "???@j.iam.gserviceaccount.com", + "client_id": "???????", + "auth_uri": "https://accounts.google.com/o/oauth2/auth", + "token_uri": "https://oauth2.googleapis.com/token", + "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", + "client_x509_cert_url": "https://www.googleapis.com/robot/v1....." +} +``` + +One option is to create your own [Secret](https://kubernetes.io/docs/concepts/configuration/secret/) and pass it to your `helm install` in a custom `values.yaml` +```bash +# Create the Kubernetes secret from the file you created earlier. +# IMPORTANT: The file must be called "gcp.credentials.json" because this is used later as the secret key! +kubectl create secret generic artifactory-gcp-creds --from-file=./gcp.credentials.json +``` +Set this secret in your custom `values.yaml` +```bash +artifactory: + persistence: + googleStorage + gcpServiceAccount: + enabled: true + customSecretName: artifactory-gcp-creds +``` + +Another option is to put your generated config directly in your custom `values.yaml` and the a secret will be created from it +``` +artifactory: + persistence: + googleStorage + gcpServiceAccount: + enabled: true + config: | + { + "type": "service_account", + "project_id": "", + "private_key_id": "?????", + "private_key": "-----BEGIN PRIVATE KEY-----\n????????==\n-----END PRIVATE KEY-----\n", + "client_email": "???@j.iam.gserviceaccount.com", + "client_id": "???????", + "auth_uri": "https://accounts.google.com/o/oauth2/auth", + "token_uri": "https://oauth2.googleapis.com/token", + "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", + "client_x509_cert_url": "https://www.googleapis.com/robot/v1....." + } +``` + +#### AWS S3 +**NOTE** Keep in mind that when using the `aws-s3` persistence type, you will not be able to provide an IAM on the pod level. +In order to grant permissions to Artifactory using an IAM role, you will have to attach the IAM role to the machine(s) on which Artifactory is running. +This is due to the fact that the `aws-s3` template uses the `JetS3t` library to interact with AWS. If you want to grant an IAM role at the pod level, see the `AWS S3 Vs` section. + +To use an AWS S3 bucket as the cluster's filestore. See [S3 Binary Provider](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore#ConfiguringtheFilestore-S3BinaryProvider) +- Pass AWS S3 parameters to `helm install` and `helm upgrade` +```bash +... +# With explicit credentials: +--set artifactory.persistence.type=aws-s3 \ +--set artifactory.persistence.awsS3.endpoint=${AWS_S3_ENDPOINT} \ +--set artifactory.persistence.awsS3.region=${AWS_REGION} \ +--set artifactory.persistence.awsS3.identity=${AWS_ACCESS_KEY_ID} \ +--set artifactory.persistence.awsS3.credential=${AWS_SECRET_ACCESS_KEY} \ +... + +... +# With using existing IAM role +--set artifactory.persistence.type=aws-s3 \ +--set artifactory.persistence.awsS3.endpoint=${AWS_S3_ENDPOINT} \ +--set artifactory.persistence.awsS3.region=${AWS_REGION} \ +--set artifactory.persistence.awsS3.roleName=${AWS_ROLE_NAME} \ +... +``` +**NOTE:** Make sure S3 `endpoint` and `region` match. See [AWS documentation on endpoint](https://docs.aws.amazon.com/general/latest/gr/rande.html) + +#### AWS S3 V3 +To use an AWS S3 bucket as the cluster's filestore and access it with the official AWS SDK, See [S3 Official SDK Binary Provider](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore#ConfiguringtheFilestore-AmazonS3OfficialSDKTemplate). +This filestore template uses the official AWS SDK, unlike the `aws-s3` implementation that uses the `JetS3t` library. +Use this template if you want to attach an IAM role to the Artifactory pod directly (as opposed to attaching it to the machine/s that Artifactory will run on). + +**NOTE** This will have to be combined with a k8s mechanism for attaching IAM roles to pods, like [kube2iam](https://github.com/helm/charts/tree/master/stable/kube2iam) or anything similar. + +- Pass AWS S3 V3 parameters and the annotation pointing to the IAM role (when using an IAM role. this is kube2iam specific and may vary depending on the implementation) to `helm install` and `helm upgrade` + +```bash +# With explicit credentials: +--set artifactory.persistence.type=aws-s3-v3 \ +--set artifactory.persistence.awsS3V3.region=${AWS_REGION} \ +--set artifactory.persistence.awsS3V3.bucketName=${AWS_S3_BUCKET_NAME} \ +--set artifactory.persistence.awsS3V3.identity=${AWS_ACCESS_KEY_ID} \ +--set artifactory.persistence.awsS3V3.credential=${AWS_SECRET_ACCESS_KEY} \ +... +``` + +```bash +# With using existing IAM role +--set artifactory.persistence.type=aws-s3-v3 \ +--set artifactory.persistence.awsS3V3.region=${AWS_REGION} \ +--set artifactory.persistence.awsS3V3.bucketName=${AWS_S3_BUCKET_NAME} \ +--set artifactory.annotations.'iam\.amazonaws\.com/role'=${AWS_IAM_ROLE_ARN} +... +``` + +To enable [Direct Cloud Storage Download](https://www.jfrog.com/confluence/display/JFROG/Direct+Cloud+Storage+Download#DirectCloudStorageDownload-1.ConfiguretheArtifactoryFilestore) +```bash +... +--set artifactory.persistence.awsS3V3.enableSignedUrlRedirect=true \ +... +``` + +#### Microsoft Azure Blob Storage +To use Azure Blob Storage as the cluster's filestore. See [Azure Blob Storage Binary Provider](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore#ConfiguringtheFilestore-AzureBlobStorageClusterBinaryProvider) +- Pass Azure Blob Storage parameters to `helm install` and `helm upgrade` +```bash +... +--set artifactory.persistence.type=azure-blob \ +--set artifactory.persistence.azureBlob.accountName=${AZURE_ACCOUNT_NAME} \ +--set artifactory.persistence.azureBlob.accountKey=${AZURE_ACCOUNT_KEY} \ +--set artifactory.persistence.azureBlob.endpoint=${AZURE_ENDPOINT} \ +--set artifactory.persistence.azureBlob.containerName=${AZURE_CONTAINER_NAME} \ +... +``` + +#### Custom binarystore.xml +You have an option to provide a custom [binarystore.xml](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore).
+There are two options for this + +1. Editing directly in [values.yaml](values.yaml) +```yaml +artifactory: + persistence: + binarystoreXml: | + + + + + +``` + +2. Create your own [Secret](https://kubernetes.io/docs/concepts/configuration/secret/) and pass it to your `helm install` command +```yaml +# Prepare your custom Secret file (custom-binarystore.yaml) +kind: Secret +apiVersion: v1 +metadata: + name: custom-binarystore + labels: + app: artifactory + chart: artifactory +stringData: + binarystore.xml: |- + + + + +``` + +```bash +# Create a secret from the file +kubectl apply -n artifactory -f ./custom-binarystore.yaml + +# Pass it to your helm install command: +helm upgrade --install artifactory-ha --set artifactory.persistence.customBinarystoreXmlSecret=custom-binarystore --namespace artifactory-ha center/jfrog/artifactory-ha +``` + +### Create a unique Master Key + +Alternatively, you can create a secret containing the master key manually and pass it to the template at install/upgrade time. +```bash +# Create a key +export MASTER_KEY=$(openssl rand -hex 32) +echo ${MASTER_KEY} + +# Create a secret containing the key. The key in the secret must be named master-key +kubectl create secret generic my-secret --from-literal=master-key=${MASTER_KEY} + +# Pass the created secret to helm +helm upgrade --install artifactory-ha --set artifactory.masterKeySecretName=my-secret --namespace artifactory-ha center/jfrog/artifactory-ha +``` +**NOTE:** In either case, make sure to pass the same master key on all future calls to `helm install` and `helm upgrade`! In the first case, this means always passing `--set artifactory.masterKey=${MASTER_KEY}`. In the second, this means always passing `--set artifactory.masterKeySecretName=my-secret` and ensuring the contents of the secret remain unchanged. + +### Special Upgrade Notes +### MasterKey during 6.x to 7.x Migration (App version) + +**NOTE:** 6.x only supports masterKey with 16 hex (32 characters) and if you have set masterKey using `openssl rand -hex 32` (64 characters) in 6.x, only the first 32 characters are used and rest are ignored. Hence, during 6.x to 7.x migration, we trim first 32 characters and set masterkey, which implies 7.x still uses the trimmed masterkey of 6.x. Hence, `artifactory.masterKey` should not be passed during migration from 6.x to 7.x. + +### Create a unique Join Key +Artifactory requires a unique join key. By default the chart has one set in values.yaml (`artifactory.joinKey`). + +**This key is for demo purpose and should not be used in a production environment!** + +You should generate a unique key and pass it to the template at install/upgrade time. +```bash +# Create a key +export JOIN_KEY=$(openssl rand -hex 32) +echo ${JOIN_KEY} + +# Pass the created join key to helm +helm upgrade --install artifactory-ha --set artifactory.joinKey=${JOIN_KEY} --namespace artifactory-ha center/jfrog/artifactory-ha +``` + +Alternatively, you can create a secret containing the join key manually and pass it to the template at install/upgrade time. +```bash +# Create a key +export JOIN_KEY=$(openssl rand -hex 32) +echo ${JOIN_KEY} + +# Create a secret containing the key. The key in the secret must be named join-key +kubectl create secret generic my-secret --from-literal=join-key=${JOIN_KEY} + +# Pass the created secret to helm +helm upgrade --install artifactory-ha --set artifactory.joinKeySecretName=my-secret --namespace artifactory-ha center/jfrog/artifactory-ha +``` +**NOTE:** In either case, make sure to pass the same join key on all future calls to `helm install` and `helm upgrade`! This means always passing `--set artifactory.joinKey=${JOIN_KEY}`. In the second, this means always passing `--set artifactory.joinKeySecretName=my-secret` and ensuring the contents of the secret remain unchanged.. + +### Install Artifactory HA license +For activating Artifactory HA, you must install an appropriate license. There are three ways to manage the license. **Artifactory UI**, **REST API**, or a **Kubernetes Secret**. + +The easier and recommended way is the **Artifactory UI**. Using the **Kubernetes Secret** or **REST API** is for advanced users and is better suited for automation. + +**IMPORTANT:** You should use only one of the following methods. Switching between them while a cluster is running might disable your Artifactory HA cluster! + +##### Artifactory UI +Once primary cluster is running, open Artifactory UI and insert the license(s) in the UI. See [HA installation and setup](https://www.jfrog.com/confluence/display/RTF/HA+Installation+and+Setup) for more details. **Note that you should enter all licenses at once, with each license is separated by a newline.** If you add the licenses one at a time, you may get redirected to a node without a license and the UI won't load for that node. + +##### REST API +You can add licenses via REST API (https://www.jfrog.com/confluence/display/RTF/Artifactory+REST+API#ArtifactoryRESTAPI-InstallHAClusterLicenses). Note that the REST API expects "\n" for the newlines in the licenses. + +##### Kubernetes Secret +You can deploy the Artifactory license(s) as a [Kubernetes secret](https://kubernetes.io/docs/concepts/configuration/secret/). +Prepare a text file with the license(s) written in it. If writing multiple licenses (must be in the same file), it's important to put **two new lines between each license block**! +```bash +# Create the Kubernetes secret (assuming the local license file is 'art.lic') +kubectl create secret generic artifactory-cluster-license --from-file=./art.lic + +# Pass the license to helm +helm upgrade --install artifactory-ha --set artifactory.license.secret=artifactory-cluster-license,artifactory.license.dataKey=art.lic --namespace artifactory-ha center/jfrog/artifactory-ha +``` +**NOTE:** This method is relevant for initial deployment only! Once Artifactory is deployed, you should not keep passing these parameters as the license is already persisted into Artifactory's storage (they will be ignored). +Updating the license should be done via Artifactory UI or REST API. + +##### Create the secret as part of the helm release +values.yaml +```yaml +artifactory: + license: + licenseKey: |- + + + + + + + +``` + +```bash +helm upgrade --install artifactory-ha -f values.yaml --namespace artifactory-ha center/jfrog/artifactory-ha +``` +**NOTE:** This method is relevant for initial deployment only! Once Artifactory is deployed, you should not keep passing these parameters as the license is already persisted into Artifactory's storage (they will be ignored). +Updating the license should be done via Artifactory UI or REST API. +If you want to keep managing the artifactory license using the same method, you can use the copyOnEveryStartup example shown in the values.yaml file + + +### copyOnEveryStartup feature +Files stored in the `/artifactory-extra-conf` directory are only copied to the `ARTIFACTORY_HOME/etc` directory upon the first startup. +In some cases, you want your configuration files to be copied to the `ARTIFACTORY_HOME/etc` directory on every startup. +Two examples for that would be: + +1. the binarstore.xml file. If you use the default behaviour, your binarystore.xml configuration will only be copied on the first startup, +which means that changes you make over time to the `binaryStoreXml` configuration will not be applied. In order to make sure your changes are applied on every startup, do the following: +Create a values file with the following values: +```yaml +artifactory: + copyOnEveryStartup: + - source: /artifactory_bootstrap/binarystore.xml + target: etc/artifactory/ +``` + +Install the helm chart with the values file you created: +```bash +helm upgrade --install artifactory-ha --namespace artifactory-ha center/jfrog/artifactory-ha -f values.yaml +``` + +2. Any custom configuration file you have to configure artifactory, such as `logback.xml`: +Create a config map with your `logback.xml` configuration. + +Create a values file with the following values: +```yaml +artifactory: + ## Create a volume pointing to the config map with your configuration file + customVolumes: | + - name: logback-xml-configmap + configMap: + name: logback-xml-configmap + customVolumeMounts: | + - name: logback-xml-configmap + mountPath: /tmp/artifactory-logback/ + copyOnEveryStartup: + - source: /tmp/artifactory-logback/* + target: etc/ +``` + +Install the helm chart with the values file you created: +```bash +helm upgrade --install artifactory-ha --namespace artifactory-ha center/jfrog/artifactory-ha -f values.yaml +``` + +### Configure NetworkPolicy + +NetworkPolicy specifies what ingress and egress is allowed in this namespace. It is encouraged to be more specific whenever possible to increase security of the system. + +In the `networkpolicy` section of values.yaml you can specify a list of NetworkPolicy objects. + +For podSelector, ingress and egress, if nothing is provided then a default `- {}` is applied which is to allow everything. + +A full (but very wide open) example that results in 2 NetworkPolicy objects being created: +```yaml +networkpolicy: + # Allows all ingress and egress to/from artifactory primary and member pods. + - name: artifactory + podSelector: + matchLabels: + app: artifactory-ha + egress: + - {} + ingress: + - {} + # Allows connectivity from artifactory-ha pods to postgresql pods, but no traffic leaving postgresql pod. + - name: postgresql + podSelector: + matchLabels: + app: postgresql + ingress: + - from: + - podSelector: + matchLabels: + app: artifactory-ha +``` + +### Artifactory JMX Configuration +** You can see some information about the exposed MBeans here - https://www.jfrog.com/confluence/display/RTF/Artifactory+JMX+MBeans + +Enable JMX in your deployment: +```bash +helm upgrade --install artifactory \ + --set artifactory.primary.javaOpts.jmx.enabled=true \ + --set artifactory.node.javaOpts.jmx.enabled=true \ + --namespace artifactory-ha center/jfrog/artifactory-ha +``` +This will enable access to Artifactory with JMX on the default port (9010). +** You have the option to change the port by setting ```artifactory.primary.javaOpts.jmx.port``` and ```artifactory.node.javaOpts.jmx.port``` +to your choice of port + +In order to connect to Artifactory using JMX with jconsole (or any similar tool) installed on your computer, follow the following steps: +1. Enable JMX as described above and Change the Artifactory service to be of type LoadBalancer: +```bash +helm upgrade --install artifactory \ + --set artifactory.primary.javaOpts.jmx.enabled=true \ + --set artifactory.node.javaOpts.jmx.enabled=true \ + --set artifactory.service.type=LoadBalancer \ + --namespace artifactory-ha center/jfrog/artifactory-ha +``` +2. The default setting for java.rmi.server.hostname is the service name (this is also configurable with +```artifactory.primary.javaOpts.jmx.host``` and ```artifactory.node.javaOpts.jmx.host```), So in order to connect to Artifactory +with jconsole you should map the Artifactory kuberentes service IP to the service name using your hosts file as such: +``` + artifactory-ha--primary + +``` +3. Launch jconsole with the service address and port: +```bash +jconsole artifactory-ha--primary: +jconsole : +``` + +### Bootstrapping Artifactory admin password +You can bootstrap the `admin` user password as described in the [bootstrap Artifactory admin credentials](https://www.jfrog.com/confluence/display/JFROG/Users+and+Groups#UsersandGroups-RecreatingtheDefaultAdminUserrecreate) guide. + +1. Create `admin-creds-values.yaml` and provide the IP (By default 127.0.0.1) and password: +```yaml +artifactory: + admin: + ip: "" # Example: "*" to allow access from anywhere + username: "admin" + password: "" +``` + +2. Apply the `admin-creds-values.yaml` file: +```bash +helm upgrade --install artifactory --namespace artifactory-ha center/jfrog/artifactory-ha -f admin-creds-values.yaml +``` + +### Bootstrapping Artifactory configuration +**IMPORTANT:** Bootstrapping Artifactory needs license. Pass license as shown in above section. + +* User guide to [bootstrap Artifactory Global Configuration](https://www.jfrog.com/confluence/display/RTF/Configuration+Files#ConfigurationFiles-BootstrappingtheGlobalConfiguration) +* User guide to [bootstrap Artifactory Security Configuration](https://www.jfrog.com/confluence/display/RTF/Configuration+Files#ConfigurationFiles-BootstrappingtheSecurityConfiguration) + +1. Create `bootstrap-config.yaml` with artifactory.config.import.xml and security.import.xml as shown below: +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: my-release-bootstrap-config +data: + artifactory.config.import.xml: | + + security.import.xml: | + +``` + +2. Create configMap in Kubernetes: +```bash +kubectl apply -f bootstrap-config.yaml +``` +3. Pass the configMap to helm +```bash +helm upgrade --install artifactory-ha --set artifactory.license.secret=artifactory-cluster-license,artifactory.license.dataKey=art.lic,artifactory.configMapName=my-release-bootstrap-config --namespace artifactory-ha center/jfrog/artifactory-ha +``` + +### Use custom nginx.conf with Nginx + +Steps to create configMap with nginx.conf +* Create `nginx.conf` file. +```bash +kubectl create configmap nginx-config --from-file=nginx.conf +``` +* Pass configMap to helm install +```bash +helm upgrade --install artifactory-ha --set nginx.customConfigMap=nginx-config --namespace artifactory-ha center/jfrog/artifactory-ha +``` + +### Scaling your Artifactory cluster +A key feature in Artifactory HA is the ability to set an initial cluster size with `--set artifactory.node.replicaCount=${CLUSTER_SIZE}` and if needed, resize it. + +##### Before scaling +**IMPORTANT:** When scaling, you need to explicitly pass the database password if it's an auto generated one (this is the default with the enclosed PostgreSQL helm chart). + +Get the current database password +```bash +export DB_PASSWORD=$(kubectl get $(kubectl get secret -o name | grep postgresql) -o jsonpath="{.data.postgresql-password}" | base64 --decode) +``` +Use `--set postgresql.postgresqlPassword=${DB_PASSWORD}` with every scale action to prevent a miss configured cluster! + +##### Scale up +Let's assume you have a cluster with **2** member nodes, and you want to scale up to **3** member nodes (a total of 4 nodes). +```bash +# Scale to 4 nodes (1 primary and 3 member nodes) +helm upgrade --install artifactory-ha --set artifactory.node.replicaCount=3 --set postgresql.postgresqlPassword=${DB_PASSWORD} --namespace artifactory-ha center/jfrog/artifactory-ha +``` + +##### Scale down +Let's assume you have a cluster with **3** member nodes, and you want to scale down to **2** member node. + +```bash +# Scale down to 2 member nodes +helm upgrade --install artifactory-ha --set artifactory.node.replicaCount=2 --set postgresql.postgresqlPassword=${DB_PASSWORD} --namespace artifactory-ha center/jfrog/artifactory-ha +``` +- **NOTE:** Since Artifactory is running as a Kubernetes Stateful Set, the removal of the node will **not** remove the persistent volume. You need to explicitly remove it +```bash +# List PVCs +kubectl get pvc + +# Remove the PVC with highest ordinal! +# In this example, the highest node ordinal was 2, so need to remove its storage. +kubectl delete pvc volume-artifactory-node-2 +``` + +### Use an external Database + +**For production grade installations it is recommended to use an external PostgreSQL with a static password** + +#### PostgreSQL +There are cases where you will want to use external PostgreSQL with a different database name e.g. `my-artifactory-db`, then you need set a custom PostgreSQL connection URL, where `my-artifactory-db` is the database name. + +This can be done with the following parameters +```bash +... +--set postgresql.enabled=false \ +--set database.type=postgresql \ +--set database.driver=org.postgresql.Driver \ +--set database.url='jdbc:postgresql://${DB_HOST}:${DB_PORT}/my-artifactory-db' \ +--set database.user=${DB_USER} \ +--set database.password=${DB_PASSWORD} \ +... +``` +**NOTE:** You must set `postgresql.enabled=false` in order for the chart to use the `database.*` parameters. Without it, they will be ignored! + +#### Other DB type +There are cases where you will want to use a different database and not the enclosed **PostgreSQL**. +See more details on [configuring the database](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Database) +> The official Artifactory Docker images include the PostgreSQL database driver. +> For other database types, you will have to add the relevant database driver to Artifactory's tomcat/lib + +This can be done with the following parameters +```bash +# Make sure your Artifactory Docker image has the MySQL database driver in it +... +--set postgresql.enabled=false \ +--set artifactory.preStartCommand="mkdir -p /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib; cd /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib && wget -O /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib/mysql-connector-java-5.1.41.jar https://jcenter.bintray.com/mysql/mysql-connector-java/5.1.41/mysql-connector-java-5.1.41.jar" \ +--set database.type=mysql \ +--set database.driver=com.mysql.jdbc.Driver \ +--set database.url=${DB_URL} \ +--set database.user=${DB_USER} \ +--set database.password=${DB_PASSWORD} \ +... +``` +**NOTE:** You must set `postgresql.enabled=false` in order for the chart to use the `database.*` parameters. Without it, they will be ignored! +##### Configuring Artifactory with external Oracle database +To use artifactory with oracledb the required instant client library files, libaio has to be copied to tomcat lib. Also set LD_LIBRARY_PATH env variable. +1. Create a value file with the configuration +```yaml +postgresql: + enabled: false +database: + type: oracle + driver: oracle.jdbc.OracleDriver + url: + user: + password: +artifactory: + preStartCommand: "mkdir -p /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib; cd /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib && wget -O instantclient-basic-linux.x64-19.6.0.0.0dbru.zip https://download.oracle.com/otn_software/linux/instantclient/19600/instantclient-basic-linux.x64-19.6.0.0.0dbru.zip && unzip -jn instantclient-basic-linux.x64-19.6.0.0.0dbru.zip && wget -O libaio1_0.3.110-3_amd64.deb http://ftp.br.debian.org/debian/pool/main/liba/libaio/libaio1_0.3.110-3_amd64.deb && dpkg-deb -x libaio1_0.3.110-3_amd64.deb . && cp lib/x86_64-linux-gnu/* ." + extraEnvironmentVariables: + - name: LD_LIBRARY_PATH + value: /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib +``` +2. Install Artifactory with the values file you created: +```bash +helm upgrade --install artifactory center/jfrog/artifactory-ha --namespace artifactory -f values-oracle.yaml +``` +**NOTE:** If its an upgrade from 6.x to 7.x, add same `preStartCommand` under `artifactory.migration.preStartCommand` + +#### Using pre-existing Kubernetes Secret +If you store your database credentials in a pre-existing Kubernetes `Secret`, you can specify them via `database.secrets` instead of `database.user` and `database.password`: +```bash +# Create a secret containing the database credentials +kubectl create secret generic my-secret --from-literal=user=${DB_USER} --from-literal=password=${DB_PASSWORD} +... +--set postgresql.enabled=false \ +--set database.secrets.user.name=my-secret \ +--set database.secrets.user.key=user \ +--set database.secrets.password.name=my-secret \ +--set database.secrets.password.key=password \ +... +``` + +### Deleting Artifactory +To delete the Artifactory HA cluster + +On helm v2: +```bash +helm delete --purge artifactory-ha +``` + +On helm v3: +```bash +helm delete artifactory-ha --namespace artifactory-ha +``` + +This will completely delete your Artifactory HA cluster. +**NOTE:** Since Artifactory is running as Kubernetes Stateful Sets, the removal of the helm release will **not** remove the persistent volumes. You need to explicitly remove them +```bash +kubectl delete pvc -l release=artifactory-ha +``` +See more details in the official [Kubernetes Stateful Set removal page](https://kubernetes.io/docs/tasks/run-application/delete-stateful-set/) + +### Custom Docker registry for your images +If you need to pull your Docker images from a private registry (for example, when you have a custom image with a MySQL database driver), you need to create a +[Kubernetes Docker registry secret](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/) and pass it to helm +```bash +# Create a Docker registry secret called 'regsecret' +kubectl create secret docker-registry regsecret --docker-server=${DOCKER_REGISTRY} --docker-username=${DOCKER_USER} --docker-password=${DOCKER_PASS} --docker-email=${DOCKER_EMAIL} +``` +Once created, you pass it to `helm` +```bash +helm upgrade --install artifactory-ha --set imagePullSecrets=regsecret --namespace artifactory-ha center/jfrog/artifactory-ha +``` + +### Logger sidecars +This chart provides the option to add sidecars to tail various logs from Artifactory. See the available values in [values.yaml](values.yaml) + +Get list of containers in the pod +```bash +kubectl get pods -n -o jsonpath='{.spec.containers[*].name}' | tr ' ' '\n' +``` + +View specific log +```bash +kubectl logs -n -c +``` + + +### Custom init containers +There are cases where a special, unsupported init processes is needed like checking something on the file system or testing something before spinning up the main container. + +For this, there is a section for writing custom init containers before and after the predefined init containers in the [values.yaml](values.yaml) . By default it's commented out +```yaml +artifactory: + ## Add custom init containers executed before predefined init containers + customInitContainersBegin: | + ## Init containers template goes here ## + ## Add custom init containers executed after predefined init containers + customInitContainers: | + ## Init containers template goes here ## +``` + +### Custom sidecar containers +There are cases where an extra sidecar container is needed. For example monitoring agents or log collection. + +For this, there is a section for writing a custom sidecar container in the [values.yaml](values.yaml). By default it's commented out +```yaml +artifactory: + ## Add custom sidecar containers + customSidecarContainers: | + ## Sidecar containers template goes here ## +``` + +You can configure the sidecar to run as a custom user if needed by setting the following in the container template +```yaml + # Example of running container as root (id 0) + securityContext: + runAsUser: 0 + fsGroup: 0 +``` + +### Custom volumes +If you need to use a custom volume in a custom init or sidecar container, you can use this option. + +For this, there is a section for defining custom volumes in the [values.yaml](values.yaml). By default it's commented out +```yaml +artifactory: + ## Add custom volumes + customVolumes: | + ## Custom volume comes here ## +``` + +### Custom secrets +If you need to add a custom secret in a custom init or sidecar container, you can use this option. + +For this, there is a section for defining custom secrets in the [values.yaml](values.yaml). By default it's commented out +```yaml +artifactory: + # Add custom secrets - secret per file + customSecrets: + - name: custom-secret + key: custom-secret.yaml + data: > + secret data +``` + +To use a custom secret, need to define a custom volume. +```yaml +artifactory: + ## Add custom volumes + customVolumes: | + - name: custom-secret + secret: + secretName: custom-secret +``` + +To use a volume, need to define a volume mount as part of a custom init or sidecar container. +```yaml +artifactory: + customSidecarContainers: + - name: side-car-container + volumeMounts: + - name: custom-secret + mountPath: /opt/custom-secret.yaml + subPath: custom-secret.yaml + readOnly: true +``` + +### Add Artifactory User Plugin during installation +If you need to add [Artifactory User Plugin](https://github.com/jfrog/artifactory-user-plugins), you can use this option. + +Create a secret with [Artifactory User Plugin](https://github.com/jfrog/artifactory-user-plugins) by following command: +```bash +# Secret with single user plugin +kubectl create secret generic archive-old-artifacts --from-file=archiveOldArtifacts.groovy --namespace=artifactory-ha + +# Secret with single user plugin with configuration file +kubectl create secret generic webhook --from-file=webhook.groovy --from-file=webhook.config.json.sample --namespace=artifactory-ha +``` + +Add plugin secret names to `plugins.yaml` as following: +```yaml +artifactory: + userPluginSecrets: + - archive-old-artifacts + - webhook +``` + +You can now pass the created `plugins.yaml` file to helm install command to deploy Artifactory with user plugins as follows: +```bash +helm upgrade --install artifactory-ha -f plugins.yaml --namespace artifactory-ha center/jfrog/artifactory-ha +``` + +Alternatively, you may be in a situation in which you would like to create a secret in a Helm chart that depends on this chart. In this scenario, the name of the secret is likely dynamically generated via template functions, so passing a statically named secret isn't possible. In this case, the chart supports evaluating strings as templates via the [`tpl`](https://helm.sh/docs/charts_tips_and_tricks/#using-the-tpl-function) function - simply pass the raw string containing the templating language used to name your secret as a value instead by adding the following to your chart's `values.yaml` file: +```yaml +artifactory-ha: # Name of the artifactory-ha dependency + artifactory: + userPluginSecrets: + - '{{ template "my-chart.fullname" . }}' +``` +For additional information, please refer [here](https://www.jfrog.com/confluence/display/JFROG/User+Plugins). + +### Provide custom configMaps to Artifactory +If you want to mount a custom file to Artifactory, either an init shell script or a custom configuration file (such as `logback.xml`), you can use this option. + +Create a `configmaps.yaml` file with the following content: +```yaml +artifactory: + configMaps: | + logback.xml: | + + + + + %date [%-5level] \(%-20c{3}:%L\) %message%n + + + + + + + + + + + + + + + my-custom-post-start-hook.sh: | + echo "This is my custom post start hook" + + customVolumeMounts: | + - name: artifactory-configmaps + mountPath: /tmp/my-config-map + + postStartCommand: | + chmod +x /tmp/my-config-map/my-custom-post-start-hook.sh; + /tmp/my-config-map/my-custom-post-start-hook.sh; + + copyOnEveryStartup: + - source: /tmp/my-config-map/logback.xml + target: etc/ + +``` + +and use it with you helm install/upgrade: +```bash +helm upgrade --install artifactory-ha -f configmaps.yaml --namespace artifactory-ha center/jfrog/artifactory-ha +``` + +This will, in turn: +* create a configMap with the files you specified above +* create a volume pointing to the configMap with the name `artifactory-configmaps` +* Mount said configMap onto `/tmp/my-config-map` using a `customVolumeMounts` +* Set the shell script we mounted as the `postStartCommand` +* Copy the `logback.xml` file to its proper location in the `$ARTIFACTORY_HOME/etc` directory. + +### Establishing TLS and Adding certificates +In HTTPS, the communication protocol is encrypted using Transport Layer Security (TLS). By default, TLS between JFrog Platform nodes is disabled. +When TLS is enabled, JFrog Access acts as the Certificate Authority (CA) signs the TLS certificates used by all the different JFrog Platform nodes. + +To establish TLS between JFrog Platform nodes: +Enable TLS by changing the tls entry (under the security section) in the access.config.yaml file. For more info, Please refer [here](https://www.jfrog.com/confluence/display/JFROG/Managing+TLS+Certificates#ManagingTLSCertificates) + +To enable tls in charts, set `tls` to true under `access` in [values.yaml](values.yaml). By default it's false +```yaml +access: + accessConfig: + security: + tls: true +``` + +To add custom tls certificates, create a tls secret from the certificate files. + +```bash +kubectl create secret tls --cert=ca.crt --key=ca.private.key +``` + +For resetting access certificates , you can set `resetAccessCAKeys` to true under access section in [values.yaml](values.yaml) and perform an helm upgrade. +* Note : Once helm upgrade is done, set `resetAccessCAKeys` to false for subsequent upgrades (to avoid resetting access certificates on every helm upgrade) +```yaml +access: + accessConfig: + security: + tls: true + customCertificatesSecretName: + resetAccessCAKeys: true +``` + +### Artifactory filebeat +If you want to collect logs from your Artifactory installation and send them to a central log collection solution like ELK, you can use this option. + +Create a `filebeat.yaml` values file with the following content: +```yaml +filebeat: + enabled: true + logstashUrl: + resources: + requests: + memory: "100Mi" + cpu: "100m" + limits: + memory: "100Mi" + cpu: "100m" +``` + +You can optionally customize the `filebeat.yaml` to send output to a different location like so: +```yaml +filebeat: + enabled: true + filebeatYml: | + +``` + +and use it with you helm install/upgrade: +```bash +helm upgrade --install artifactory-ha -f filebeat.yaml --namespace artifactory-ha center/jfrog/artifactory +``` + +This will start sending your Artifactory logs to the log aggregator of your choice, based on your configuration in the `filebeatYml` + +### Install Artifactory HA with Nginx and Terminate SSL in Nginx Service(LoadBalancer). +To install the helm chart with performing SSL offload in the LoadBalancer layer of Nginx +For Ex: Using AWS ACM certificates to do SSL offload in the loadbalancer layer. +In order to do that, simply add the following to a `artifactory-ssl-values.yaml` file: +```yaml + nginx: + https: + enabled: false + service: + ssloffload: true + annotations: + service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:xx-xxxx:xxxxxxxx:certificate/xxxxxxxxxxxxx" + service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http" + service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https" +``` + +and use it with you helm install/upgrade: +```bash +helm upgrade --install artifactory -f artifactory-ssl-values.yaml --namespace artifactory center/jfrog/artifactory +``` + +### Ingress and TLS +To get Helm to create an ingress object with a hostname, add these below lines to `artifactory-ingress-values.yaml` file +```yaml + ingress: + enabled: true + hosts: + - artifactory.company.com + artifactory: + service: + type: NodePort + nginx + enabled: false +``` + +and use it with you helm install/upgrade: +```bash +helm upgrade --install artifactory -f artifactory-ingress-values.yaml--namespace artifactory center/jfrog/artifactory +``` + +If your cluster allows automatic creation/retrieval of TLS certificates (e.g. [cert-manager](https://github.com/jetstack/cert-manager)), please refer to the documentation for that mechanism. + +To manually configure TLS, first create/retrieve a key & certificate pair for the address(es) you wish to protect. Then create a TLS secret in the namespace: + +```bash +kubectl create secret tls artifactory-tls --cert=path/to/tls.cert --key=path/to/tls.key +``` + +Include the secret's name, along with the desired hostnames, in the Artifactory Ingress TLS section of your custom `values.yaml` file: + +```yaml + ingress: + ## If true, Artifactory Ingress will be created + ## + enabled: true + + ## Artifactory Ingress hostnames + ## Must be provided if Ingress is enabled + ## + hosts: + - artifactory.domain.com + annotations: + kubernetes.io/tls-acme: "true" + ## Artifactory Ingress TLS configuration + ## Secrets must be manually created in the namespace + ## + tls: + - secretName: artifactory-tls + hosts: + - artifactory.domain.com +``` + +### Ingress annotations + +This example specifically enables Artifactory to work as a Docker Registry using the Repository Path method. See [Artifactory as Docker Registry](https://www.jfrog.com/confluence/display/RTF/Getting+Started+with+Artifactory+as+a+Docker+Registry) documentation for more information about this setup. + +```yaml +ingress: + enabled: true + defaultBackend: + enabled: false + hosts: + - myhost.example.com + annotations: + ingress.kubernetes.io/force-ssl-redirect: "true" + ingress.kubernetes.io/proxy-body-size: "0" + ingress.kubernetes.io/proxy-read-timeout: "600" + ingress.kubernetes.io/proxy-send-timeout: "600" + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/configuration-snippet: | + rewrite ^/(v2)/token /artifactory/api/docker/null/v2/token; + rewrite ^/(v2)/([^\/]*)/(.*) /artifactory/api/docker/$2/$1/$3; + nginx.ingress.kubernetes.io/proxy-body-size: "0" + tls: + - hosts: + - "myhost.example.com" +``` + +### Ingress additional rules + +You have the option to add additional ingress rules to the Artifactory ingress. An example for this use case can be routing the /xray path to Xray. +In order to do that, simply add the following to a `artifactory-ha-values.yaml` file: +```yaml +ingress: + enabled: true + + defaultBackend: + enabled: false + + annotations: + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/configuration-snippet: | + rewrite "(?i)/xray(/|$)(.*)" /$2 break; + + additionalRules: | + - host: + http: + paths: + - path: / + backend: + serviceName: + servicePort: + - path: /xray + backend: + serviceName: + servicePort: + - path: /artifactory + backend: + serviceName: {{ template "artifactory.nginx.fullname" . }} + servicePort: {{ .Values.nginx.externalPortHttp }} +``` + +and running: +```bash +helm upgrade --install artifactory-ha --namespace artifactory-ha center/jfrog/artifactory-ha -f artifactory-ha-values.yaml +``` + +### Dedicated Ingress object for replicator service + +You have the option to add additional ingress object to the Replicator service. An example for this use case can be routing the /replicator/ path to Artifactory. +In order to do that, simply add the following to a `artifactory-values.yaml` file: + +```yaml +artifactory: + replicator: + enabled: true + ingress: + name: + hosts: + - myhost.example.com + annotations: + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/proxy-buffering: "off" + nginx.ingress.kubernetes.io/configuration-snippet: | + chunked_transfer_encoding on; + tls: + - hosts: + - "myhost.example.com" + secretName: +``` + +### Ingress behind another load balancer +If you are running a load balancer, that is used to offload the TLS, in front of Nginx Ingress Controller, or if you are setting **X-Forwarded-*** headers, you might want to enable **'use-forwarded-headers=true'** option. Otherwise nginx will be filling those headers with the request information it receives from the external load balancer. + +To enable it with `helm install` +```bash +helm upgrade --install nginx-ingress --namespace nginx-ingress center/kubernetes-ingress-nginx/ingress-nginx --set-string controller.config.use-forwarded-headers=true +``` +or `helm upgrade` +```bash +helm upgrade nginx-ingress --set-string controller.config.use-forwarded-headers=true center/kubernetes-ingress-nginx/ingress-nginx +``` +or create a values.yaml file with the following content: +```yaml +controller: + config: + use-forwarded-headers: "true" +``` +Then install nginx-ingress with the values file you created: +```bash +helm upgrade --install nginx-ingress --namespace nginx-ingress center/kubernetes-ingress-nginx/ingress-nginx -f values.yaml +``` + +### Log Analytics + +#### FluentD, Prometheus and Grafana + +To configure Prometheus and Grafana to gather metrics from Artifactory through the use of FluentD, please refer to the log analytics repo: + +https://github.com/jfrog/log-analytics-prometheus + +That repo contains a file `artifactory-ha-values.yaml` that can be used to deploy Prometheus, Service Monitor, and Grafana with this chart. + + +## Useful links +- https://www.jfrog.com/confluence/display/EP/Getting+Started +- https://www.jfrog.com/confluence/display/RTF/Installing+Artifactory +- https://www.jfrog.com/confluence/ diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/ReverseProxyConfiguration.md b/charts/artifactory-ha/artifactory-ha/4.7.600/ReverseProxyConfiguration.md new file mode 100644 index 000000000..851593236 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/ReverseProxyConfiguration.md @@ -0,0 +1,140 @@ +# JFrog Artifactory Reverse Proxy Settings using Nginx + +#### Reverse Proxy +* To use Artifactory as docker registry it's mandatory to use Reverse Proxy. +* Artifactory provides a Reverse Proxy Configuration Generator screen in which you can fill in a set of fields to generate +the required configuration snippet which you can then download and install directly in the corresponding directory of your reverse proxy server. +* To learn about configuring NGINX or Apache for reverse proxy refer to documentation provided on [JFrog wiki](https://www.jfrog.com/confluence/display/RTF/Configuring+a+Reverse+Proxy) +* By default Artifactory helm chart uses Nginx for reverse proxy and load balancing. + +**Note**: Nginx image distributed with Artifactory helm chart is custom image managed and maintained by JFrog. + +#### Features of Artifactory Nginx +* Provides default configuration with self signed SSL certificate generated on each helm install/upgrade. +* Persist configuration and SSL certificate in `/var/opt/jfrog/nginx` directory + +#### Changing the default Artifactory nginx conf +Use a values.yaml file for changing the value of nginx.mainConf or nginx.artifactoryConf +These configuration will be mounted to the nginx container using a configmap. +For example: +1. Create a values file `nginx-values.yaml` with the following values: +```yaml +nginx: + artifactoryConf: | + ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; + ssl_certificate {{ .Values.nginx.persistence.mountPath }}/ssl/tls.crt; + ssl_certificate_key {{ .Values.nginx.persistence.mountPath }}/ssl/tls.key; + ssl_session_cache shared:SSL:1m; + ssl_prefer_server_ciphers on; + ## server configuration + server { + listen {{ .Values.nginx.internalPortHttps }} ssl; + listen {{ .Values.nginx.internalPortHttp }} ; + ## Change to you DNS name you use to access Artifactory + server_name ~(?.+)\.{{ include "artifactory-ha.fullname" . }} {{ include "artifactory-ha.fullname" . }}; + + if ($http_x_forwarded_proto = '') { + set $http_x_forwarded_proto $scheme; + } + ## Application specific logs + ## access_log /var/log/nginx/artifactory-access.log timing; + ## error_log /var/log/nginx/artifactory-error.log; + rewrite ^/$ /artifactory/webapp/ redirect; + rewrite ^/artifactory/?(/webapp)?$ /artifactory/webapp/ redirect; + if ( $repo != "" ) { + rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/$repo/$1/$2 break; + } + rewrite ^/(v1|v2)/([^/]+)(.*)$ /artifactory/api/docker/$2/$1/$3; + rewrite ^/(v1|v2)/ /artifactory/api/docker/$1/; + chunked_transfer_encoding on; + client_max_body_size 0; + location /artifactory/ { + proxy_read_timeout 900; + proxy_pass_header Server; + proxy_cookie_path ~*^/.* /; + if ( $request_uri ~ ^/artifactory/(.*)$ ) { + proxy_pass http://{{ include "artifactory-ha.fullname" . }}:{{ .Values.artifactory.externalPort }}/artifactory/$1; + } + proxy_pass http://{{ include "artifactory-ha.fullname" . }}:{{ .Values.artifactory.externalPort }}/artifactory/; + proxy_set_header X-Artifactory-Override-Base-Url $http_x_forwarded_proto://$host:$server_port/artifactory; + proxy_set_header X-Forwarded-Port $server_port; + proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + } +``` + +2. Install/upgrade artifactory: +```bash +helm upgrade --install artifactory-ha jfrog/artifactory-ha -f nginx-values.yaml +``` + + +#### Steps to use static configuration for reverse proxy in nginx. +1. Get Artifactory service name using this command `kubectl get svc -n $NAMESPACE` + +2. Create `artifactory.conf` file with nginx configuration. More [nginx configuration examples](https://github.com/jfrog/artifactory-docker-examples/tree/master/files/nginx/conf.d) + + Following is example `artifactory.conf` + + **Note**: + * Create file with name `artifactory.conf` as it's fixed in configMap key. + * Replace `artifactory-artifactory` with service name taken from step 1. + + ```bash + ## add ssl entries when https has been set in config + ssl_certificate /var/opt/jfrog/nginx/ssl/tls.crt; + ssl_certificate_key /var/opt/jfrog/nginx/ssl/tls.key; + ssl_session_cache shared:SSL:1m; + ssl_prefer_server_ciphers on; + ## server configuration + server { + listen 443 ssl; + listen 80; + ## Change to you DNS name you use to access Artifactory + server_name ~(?.+)\.artifactory-artifactory artifactory-artifactory; + + if ($http_x_forwarded_proto = '') { + set $http_x_forwarded_proto $scheme; + } + ## Application specific logs + ## access_log /var/log/nginx/artifactory-access.log timing; + ## error_log /var/log/nginx/artifactory-error.log; + rewrite ^/$ /artifactory/webapp/ redirect; + rewrite ^/artifactory/?(/webapp)?$ /artifactory/webapp/ redirect; + if ( $repo != "" ) { + rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/$repo/$1/$2 break; + } + rewrite ^/(v1|v2)/([^/]+)(.*)$ /artifactory/api/docker/$2/$1/$3; + rewrite ^/(v1|v2)/ /artifactory/api/docker/$1/; + chunked_transfer_encoding on; + client_max_body_size 0; + location /artifactory/ { + proxy_read_timeout 900; + proxy_pass_header Server; + proxy_cookie_path ~*^/.* /; + if ( $request_uri ~ ^/artifactory/(.*)$ ) { + proxy_pass http://artifactory-artifactory:8081/artifactory/$1 break; + } + proxy_pass http://artifactory-artifactory:8081/artifactory/; + proxy_set_header X-Artifactory-Override-Base-Url $http_x_forwarded_proto://$host:$server_port/artifactory; + proxy_set_header X-Forwarded-Port $server_port; + proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + } + ``` + +3. Create configMap of `artifactory.conf` created with step above. + ```bash + kubectl create configmap art-nginx-conf --from-file=artifactory.conf + ``` +4. Deploy Artifactory using helm chart. + You can achieve this by providing the name of configMap created above to `nginx.customArtifactoryConfigMap` in [values.yaml](values.yaml) + + Following is command to set values at runtime: + ```bash + helm install --name artifactory-ha nginx.customArtifactoryConfigMap=art-nginx-conf jfrog/artifactory-ha + ``` \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/UPGRADE_NOTES.md b/charts/artifactory-ha/artifactory-ha/4.7.600/UPGRADE_NOTES.md new file mode 100644 index 000000000..b3326dccc --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/UPGRADE_NOTES.md @@ -0,0 +1,42 @@ +# JFrog Artifactory Chart Upgrade Notes +This file describes special upgrade notes needed at specific versions + +## Upgrade from 1.X to 2.X and above (Chart Versions) + +* If this is a new deployment or you already use an external database (`postgresql.enabled=false`), these changes **do not affect you!** +* To upgrade from a version prior to 1.x, you first need to upgrade to latest version of 1.x as described in https://github.com/jfrog/charts/blob/master/stable/artifactory-ha/CHANGELOG.md. +* Note: If you are upgrading from 1.x to 4.x and above chart versions, please delete the existing statefulset of postgresql before upgrading the chart due to breaking changes in postgresql subchart. +```bash +kubectl delete statefulsets -postgresql +``` + +## Upgrade from 0.X to 1.X (Chart Versions) +**DOWNTIME IS REQUIRED FOR AN UPGRADE!** +* If this is a new deployment or you already use an external database (`postgresql.enabled=false`), these changes **do not affect you!** +* PostgreSQL sub chart was upgraded to version `6.5.x`. This version is not backward compatible with the old version (`0.9.5`)! +* Note the following **PostgreSQL** Helm chart changes + * The chart configuration has changed! See [values.yaml](values.yaml) for the new keys used + * **PostgreSQL** is deployed as a StatefulSet + * See [PostgreSQL helm chart](https://hub.helm.sh/charts/stable/postgresql) for all available configurations +* Upgrade + * Due to breaking changes in the **PostgreSQL** Helm chart, a migration of the database is needed from the old to the new database + * The recommended migration process is the [full system export and import](https://www.jfrog.com/confluence/display/RTF/Importing+and+Exporting) + * **NOTE:** To save time, export only metadata and configuration (check `Exclude Content` in the `System Import & Export`) since the Artifactory filestore is persisted + * Upgrade steps: + 1. Block user access to Artifactory (do not shutdown) + a. Scale down the cluster to primary node only (`node.replicaCount=0`) so the exported db and configuration will be kept on one known node (the primary) + b. If your Artifactory HA K8s service is set to member nodes only (`service.pool=members`) you will need to access the primary node directly (use `kubectl port-forward`) + 2. Perform `Export System` from the `Admin` -> `Import & Export` -> `System` -> `Export System` + a. Check `Exclude Content` to save export size (as Artifactory filestore will persist across upgrade) + b. Choose to save the export on the persisted Artifactory volume (`/var/opt/jfrog/artifactory/`) + c. Click `Export` (this can take some time) + 3. Run the `helm upgrade` with the new version. Old PostgreSQL will be removed and new one deployed + a. You must pass explicit "ready for upgrade flag" with `--set databaseUpgradeReady=yes`. Failing to provide this will block the upgrade! + 4. Once ready, open Artifactory UI (you might need to re-enter a valid license). Skip all onboarding wizard steps + a. **NOTE:** Don't worry you can't see the old config and files. It will all restore with the system import in the next step + 5. Perform `Import System` from the `Admin` -> `Import & Export` -> `System` -> `Import System` + a. Browse to where the export was saved Artifactory volume (`/var/opt/jfrog/artifactory/`) + b. Click `Import` (this can take some time) + 6. Restore access to Artifactory + a. Scale the cluster member nodes back to the original size + * Artifactory should now be ready to get back to normal operation diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/app-readme.md b/charts/artifactory-ha/artifactory-ha/4.7.600/app-readme.md new file mode 100644 index 000000000..a5aa5fd47 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/app-readme.md @@ -0,0 +1,16 @@ +# JFrog Artifactory High Availability Helm Chart + +Universal Repository Manager supporting all major packaging formats, build tools and CI servers. + +## Chart Details +This chart will do the following: + +* Deploy Artifactory highly available cluster. 1 primary node and 2 member nodes. +* Deploy a PostgreSQL database +* Deploy an Nginx server(optional) + +## Useful links +Blog: [Herd Trust Into Your Rancher Labs Multi-Cloud Strategy with Artifactory](https://jfrog.com/blog/herd-trust-into-your-rancher-labs-multi-cloud-strategy-with-artifactory/) + +## Activate Your Artifactory Instance +Don't have a license? Please send an email to [rancher-jfrog-licenses@jfrog.com](mailto:rancher-jfrog-licenses@jfrog.com) to get it. diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/.helmignore b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/.helmignore new file mode 100644 index 000000000..f0c131944 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/Chart.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/Chart.yaml new file mode 100644 index 000000000..2f858e60e --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/Chart.yaml @@ -0,0 +1,23 @@ +annotations: + category: Database +apiVersion: v1 +appVersion: 11.9.0 +description: Chart for PostgreSQL, an object-relational database management system (ORDBMS) with an emphasis on extensibility and on standards-compliance. +home: https://www.postgresql.org/ +icon: https://bitnami.com/assets/stacks/postgresql/img/postgresql-stack-110x117.png +keywords: +- postgresql +- postgres +- database +- sql +- replication +- cluster +maintainers: +- email: containers@bitnami.com + name: Bitnami +- email: cedric@desaintmartin.fr + name: desaintmartin +name: postgresql +sources: +- https://github.com/bitnami/bitnami-docker-postgresql +version: 9.3.4 diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/README.md b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/README.md new file mode 100644 index 000000000..319291bc6 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/README.md @@ -0,0 +1,680 @@ +# PostgreSQL + +[PostgreSQL](https://www.postgresql.org/) is an object-relational database management system (ORDBMS) with an emphasis on extensibility and on standards-compliance. + +For HA, please see [this repo](https://github.com/bitnami/charts/tree/master/bitnami/postgresql-ha) + +## TL;DR + +```console +$ helm repo add bitnami https://charts.bitnami.com/bitnami +$ helm install my-release bitnami/postgresql +``` + +## Introduction + +This chart bootstraps a [PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/). + +## Prerequisites + +- Kubernetes 1.12+ +- Helm 2.12+ or Helm 3.0-beta3+ +- PV provisioner support in the underlying infrastructure + +## Installing the Chart +To install the chart with the release name `my-release`: + +```console +$ helm install my-release bitnami/postgresql +``` + +The command deploys PostgreSQL on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```console +$ helm delete my-release +``` + +The command removes all the Kubernetes components but PVC's associated with the chart and deletes the release. + +To delete the PVC's associated with `my-release`: + +```console +$ kubectl delete pvc -l release=my-release +``` + +> **Note**: Deleting the PVC's will delete postgresql data as well. Please be cautious before doing it. + +## Parameters + +The following tables lists the configurable parameters of the PostgreSQL chart and their default values. + +| Parameter | Description | Default | +|-----------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------| +| `global.imageRegistry` | Global Docker Image registry | `nil` | +| `global.postgresql.postgresqlDatabase` | PostgreSQL database (overrides `postgresqlDatabase`) | `nil` | +| `global.postgresql.postgresqlUsername` | PostgreSQL username (overrides `postgresqlUsername`) | `nil` | +| `global.postgresql.existingSecret` | Name of existing secret to use for PostgreSQL passwords (overrides `existingSecret`) | `nil` | +| `global.postgresql.postgresqlPassword` | PostgreSQL admin password (overrides `postgresqlPassword`) | `nil` | +| `global.postgresql.servicePort` | PostgreSQL port (overrides `service.port`) | `nil` | +| `global.postgresql.replicationPassword` | Replication user password (overrides `replication.password`) | `nil` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | +| `global.storageClass` | Global storage class for dynamic provisioning | `nil` | +| `image.registry` | PostgreSQL Image registry | `docker.io` | +| `image.repository` | PostgreSQL Image name | `bitnami/postgresql` | +| `image.tag` | PostgreSQL Image tag | `{TAG_NAME}` | +| `image.pullPolicy` | PostgreSQL Image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Specify Image pull secrets | `nil` (does not add image pull secrets to deployed pods) | +| `image.debug` | Specify if debug values should be set | `false` | +| `nameOverride` | String to partially override postgresql.fullname template with a string (will prepend the release name) | `nil` | +| `fullnameOverride` | String to fully override postgresql.fullname template with a string | `nil` | +| `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work) | `false` | +| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | +| `volumePermissions.image.repository` | Init container volume-permissions image name | `bitnami/minideb` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag | `buster` | +| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `Always` | +| `volumePermissions.securityContext.runAsUser` | User ID for the init container (when facing issues in OpenShift or uid unknown, try value "auto") | `0` | +| `usePasswordFile` | Have the secrets mounted as a file instead of env vars | `false` | +| `ldap.enabled` | Enable LDAP support | `false` | +| `ldap.existingSecret` | Name of existing secret to use for LDAP passwords | `nil` | +| `ldap.url` | LDAP URL beginning in the form `ldap[s]://host[:port]/basedn[?[attribute][?[scope][?[filter]]]]` | `nil` | +| `ldap.server` | IP address or name of the LDAP server. | `nil` | +| `ldap.port` | Port number on the LDAP server to connect to | `nil` | +| `ldap.scheme` | Set to `ldaps` to use LDAPS. | `nil` | +| `ldap.tls` | Set to `1` to use TLS encryption | `nil` | +| `ldap.prefix` | String to prepend to the user name when forming the DN to bind | `nil` | +| `ldap.suffix` | String to append to the user name when forming the DN to bind | `nil` | +| `ldap.search_attr` | Attribute to match agains the user name in the search | `nil` | +| `ldap.search_filter` | The search filter to use when doing search+bind authentication | `nil` | +| `ldap.baseDN` | Root DN to begin the search for the user in | `nil` | +| `ldap.bindDN` | DN of user to bind to LDAP | `nil` | +| `ldap.bind_password` | Password for the user to bind to LDAP | `nil` | +| `replication.enabled` | Enable replication | `false` | +| `replication.user` | Replication user | `repl_user` | +| `replication.password` | Replication user password | `repl_password` | +| `replication.slaveReplicas` | Number of slaves replicas | `1` | +| `replication.synchronousCommit` | Set synchronous commit mode. Allowed values: `on`, `remote_apply`, `remote_write`, `local` and `off` | `off` | +| `replication.numSynchronousReplicas` | Number of replicas that will have synchronous replication. Note: Cannot be greater than `replication.slaveReplicas`. | `0` | +| `replication.applicationName` | Cluster application name. Useful for advanced replication settings | `my_application` | +| `existingSecret` | Name of existing secret to use for PostgreSQL passwords. The secret has to contain the keys `postgresql-postgres-password` which is the password for `postgresqlUsername` when it is different of `postgres`, `postgresql-password` which will override `postgresqlPassword`, `postgresql-replication-password` which will override `replication.password` and `postgresql-ldap-password` which will be sed to authenticate on LDAP. The value is evaluated as a template. | `nil` | +| `postgresqlPostgresPassword` | PostgreSQL admin password (used when `postgresqlUsername` is not `postgres`, in which case`postgres` is the admin username). | _random 10 character alphanumeric string_ | +| `postgresqlUsername` | PostgreSQL user (creates a non-admin user when `postgresqlUsername` is not `postgres`) | `postgres` | +| `postgresqlPassword` | PostgreSQL user password | _random 10 character alphanumeric string_ | +| `postgresqlDatabase` | PostgreSQL database | `nil` | +| `postgresqlDataDir` | PostgreSQL data dir folder | `/bitnami/postgresql` (same value as persistence.mountPath) | +| `extraEnv` | Any extra environment variables you would like to pass on to the pod. The value is evaluated as a template. | `[]` | +| `extraEnvVarsCM` | Name of a Config Map containing extra environment variables you would like to pass on to the pod. The value is evaluated as a template. | `nil` | +| `postgresqlInitdbArgs` | PostgreSQL initdb extra arguments | `nil` | +| `postgresqlInitdbWalDir` | PostgreSQL location for transaction log | `nil` | +| `postgresqlConfiguration` | Runtime Config Parameters | `nil` | +| `postgresqlExtendedConf` | Extended Runtime Config Parameters (appended to main or default configuration) | `nil` | +| `pgHbaConfiguration` | Content of pg_hba.conf | `nil (do not create pg_hba.conf)` | +| `configurationConfigMap` | ConfigMap with the PostgreSQL configuration files (Note: Overrides `postgresqlConfiguration` and `pgHbaConfiguration`). The value is evaluated as a template. | `nil` | +| `extendedConfConfigMap` | ConfigMap with the extended PostgreSQL configuration files. The value is evaluated as a template. | `nil` | +| `initdbScripts` | Dictionary of initdb scripts | `nil` | +| `initdbUser` | PostgreSQL user to execute the .sql and sql.gz scripts | `nil` | +| `initdbPassword` | Password for the user specified in `initdbUser` | `nil` | +| `initdbScriptsConfigMap` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`). The value is evaluated as a template. | `nil` | +| `initdbScriptsSecret` | Secret with initdb scripts that contain sensitive information (Note: can be used with `initdbScriptsConfigMap` or `initdbScripts`). The value is evaluated as a template. | `nil` | +| `service.type` | Kubernetes Service type | `ClusterIP` | +| `service.port` | PostgreSQL port | `5432` | +| `service.nodePort` | Kubernetes Service nodePort | `nil` | +| `service.annotations` | Annotations for PostgreSQL service | `{}` (evaluated as a template) | +| `service.loadBalancerIP` | loadBalancerIP if service type is `LoadBalancer` | `nil` | +| `service.loadBalancerSourceRanges` | Address that are allowed when svc is LoadBalancer | `[]` (evaluated as a template) | +| `schedulerName` | Name of the k8s scheduler (other than default) | `nil` | +| `shmVolume.enabled` | Enable emptyDir volume for /dev/shm for master and slave(s) Pod(s) | `true` | +| `shmVolume.chmod.enabled` | Run at init chmod 777 of the /dev/shm (ignored if `volumePermissions.enabled` is `false`) | `true` | +| `persistence.enabled` | Enable persistence using PVC | `true` | +| `persistence.existingClaim` | Provide an existing `PersistentVolumeClaim`, the value is evaluated as a template. | `nil` | +| `persistence.mountPath` | Path to mount the volume at | `/bitnami/postgresql` | +| `persistence.subPath` | Subdirectory of the volume to mount at | `""` | +| `persistence.storageClass` | PVC Storage Class for PostgreSQL volume | `nil` | +| `persistence.accessModes` | PVC Access Mode for PostgreSQL volume | `[ReadWriteOnce]` | +| `persistence.size` | PVC Storage Request for PostgreSQL volume | `8Gi` | +| `persistence.annotations` | Annotations for the PVC | `{}` | +| `commonAnnotations` | Annotations to be added to all deployed resources (rendered as a template) | `{}` | +| `master.nodeSelector` | Node labels for pod assignment (postgresql master) | `{}` | +| `master.affinity` | Affinity labels for pod assignment (postgresql master) | `{}` | +| `master.tolerations` | Toleration labels for pod assignment (postgresql master) | `[]` | +| `master.anotations` | Map of annotations to add to the statefulset (postgresql master) | `{}` | +| `master.labels` | Map of labels to add to the statefulset (postgresql master) | `{}` | +| `master.podAnnotations` | Map of annotations to add to the pods (postgresql master) | `{}` | +| `master.podLabels` | Map of labels to add to the pods (postgresql master) | `{}` | +| `master.priorityClassName` | Priority Class to use for each pod (postgresql master) | `nil` | +| `master.extraInitContainers` | Additional init containers to add to the pods (postgresql master) | `[]` | +| `master.extraVolumeMounts` | Additional volume mounts to add to the pods (postgresql master) | `[]` | +| `master.extraVolumes` | Additional volumes to add to the pods (postgresql master) | `[]` | +| `master.sidecars` | Add additional containers to the pod | `[]` | +| `master.service.type` | Allows using a different service type for Master | `nil` | +| `master.service.nodePort` | Allows using a different nodePort for Master | `nil` | +| `master.service.clusterIP` | Allows using a different clusterIP for Master | `nil` | +| `slave.nodeSelector` | Node labels for pod assignment (postgresql slave) | `{}` | +| `slave.affinity` | Affinity labels for pod assignment (postgresql slave) | `{}` | +| `slave.tolerations` | Toleration labels for pod assignment (postgresql slave) | `[]` | +| `slave.anotations` | Map of annotations to add to the statefulsets (postgresql slave) | `{}` | +| `slave.labels` | Map of labels to add to the statefulsets (postgresql slave) | `{}` | +| `slave.podAnnotations` | Map of annotations to add to the pods (postgresql slave) | `{}` | +| `slave.podLabels` | Map of labels to add to the pods (postgresql slave) | `{}` | +| `slave.priorityClassName` | Priority Class to use for each pod (postgresql slave) | `nil` | +| `slave.extraInitContainers` | Additional init containers to add to the pods (postgresql slave) | `[]` | +| `slave.extraVolumeMounts` | Additional volume mounts to add to the pods (postgresql slave) | `[]` | +| `slave.extraVolumes` | Additional volumes to add to the pods (postgresql slave) | `[]` | +| `slave.sidecars` | Add additional containers to the pod | `[]` | +| `slave.service.type` | Allows using a different service type for Slave | `nil` | +| `slave.service.nodePort` | Allows using a different nodePort for Slave | `nil` | +| `slave.service.clusterIP` | Allows using a different clusterIP for Slave | `nil` | +| `slave.persistence.enabled` | Whether to enable slave replicas persistence | `true` | +| `terminationGracePeriodSeconds` | Seconds the pod needs to terminate gracefully | `nil` | +| `resources` | CPU/Memory resource requests/limits | Memory: `256Mi`, CPU: `250m` | +| `securityContext.enabled` | Enable security context | `true` | +| `securityContext.fsGroup` | Group ID for the container | `1001` | +| `securityContext.runAsUser` | User ID for the container | `1001` | +| `serviceAccount.enabled` | Enable service account (Note: Service Account will only be automatically created if `serviceAccount.name` is not set) | `false` | +| `serviceAccount.name` | Name of existing service account | `nil` | +| `livenessProbe.enabled` | Would you like a livenessProbe to be enabled | `true` | +| `networkPolicy.enabled` | Enable NetworkPolicy | `false` | +| `networkPolicy.allowExternal` | Don't require client label for connections | `true` | +| `networkPolicy.explicitNamespacesSelector` | A Kubernetes LabelSelector to explicitly select namespaces from which ingress traffic could be allowed | `{}` | +| `livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 30 | +| `livenessProbe.periodSeconds` | How often to perform the probe | 10 | +| `livenessProbe.timeoutSeconds` | When the probe times out | 5 | +| `livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | +| `livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | +| `readinessProbe.enabled` | would you like a readinessProbe to be enabled | `true` | +| `readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | 5 | +| `readinessProbe.periodSeconds` | How often to perform the probe | 10 | +| `readinessProbe.timeoutSeconds` | When the probe times out | 5 | +| `readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | +| `readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | +| `tls.enabled` | Enable TLS traffic support | `false` | +| `tls.preferServerCiphers` | Whether to use the server's TLS cipher preferences rather than the client's | `true` | +| `tls.certificatesSecret` | Name of an existing secret that contains the certificates | `nil` | +| `tls.certFilename` | Certificate filename | `""` | +| `tls.certKeyFilename` | Certificate key filename | `""` | +| `tls.certCAFilename` | CA Certificate filename. If provided, PostgreSQL will authenticate TLS/SSL clients by requesting them a certificate. |`nil` | +| `tls.crlFilename` | File containing a Certificate Revocation List |`nil` | +| `metrics.enabled` | Start a prometheus exporter | `false` | +| `metrics.service.type` | Kubernetes Service type | `ClusterIP` | +| `service.clusterIP` | Static clusterIP or None for headless services | `nil` | +| `metrics.service.annotations` | Additional annotations for metrics exporter pod | `{ prometheus.io/scrape: "true", prometheus.io/port: "9187"}` | +| `metrics.service.loadBalancerIP` | loadBalancerIP if redis metrics service type is `LoadBalancer` | `nil` | +| `metrics.serviceMonitor.enabled` | Set this to `true` to create ServiceMonitor for Prometheus operator | `false` | +| `metrics.serviceMonitor.additionalLabels` | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus | `{}` | +| `metrics.serviceMonitor.namespace` | Optional namespace in which to create ServiceMonitor | `nil` | +| `metrics.serviceMonitor.interval` | Scrape interval. If not set, the Prometheus default scrape interval is used | `nil` | +| `metrics.serviceMonitor.scrapeTimeout` | Scrape timeout. If not set, the Prometheus default scrape timeout is used | `nil` | +| `metrics.prometheusRule.enabled` | Set this to true to create prometheusRules for Prometheus operator | `false` | +| `metrics.prometheusRule.additionalLabels` | Additional labels that can be used so prometheusRules will be discovered by Prometheus | `{}` | +| `metrics.prometheusRule.namespace` | namespace where prometheusRules resource should be created | the same namespace as postgresql | +| `metrics.prometheusRule.rules` | [rules](https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/) to be created, check values for an example. | `[]` | +| `metrics.image.registry` | PostgreSQL Exporter Image registry | `docker.io` | +| `metrics.image.repository` | PostgreSQL Exporter Image name | `bitnami/postgres-exporter` | +| `metrics.image.tag` | PostgreSQL Exporter Image tag | `{TAG_NAME}` | +| `metrics.image.pullPolicy` | PostgreSQL Exporter Image pull policy | `IfNotPresent` | +| `metrics.image.pullSecrets` | Specify Image pull secrets | `nil` (does not add image pull secrets to deployed pods) | +| `metrics.customMetrics` | Additional custom metrics | `nil` | +| `metrics.extraEnvVars` | Extra environment variables to add to exporter | `{}` (evaluated as a template) | +| `metrics.securityContext.enabled` | Enable security context for metrics | `false` | +| `metrics.securityContext.runAsUser` | User ID for the container for metrics | `1001` | +| `metrics.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 30 | +| `metrics.livenessProbe.periodSeconds` | How often to perform the probe | 10 | +| `metrics.livenessProbe.timeoutSeconds` | When the probe times out | 5 | +| `metrics.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | +| `metrics.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | +| `metrics.readinessProbe.enabled` | would you like a readinessProbe to be enabled | `true` | +| `metrics.readinessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 5 | +| `metrics.readinessProbe.periodSeconds` | How often to perform the probe | 10 | +| `metrics.readinessProbe.timeoutSeconds` | When the probe times out | 5 | +| `metrics.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | +| `metrics.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | +| `updateStrategy` | Update strategy policy | `{type: "RollingUpdate"}` | +| `psp.create` | Create Pod Security Policy | `false` | +| `rbac.create` | Create Role and RoleBinding (required for PSP to work) | `false` | + + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```console +$ helm install my-release \ + --set postgresqlPassword=secretpassword,postgresqlDatabase=my-database \ + bitnami/postgresql +``` + +The above command sets the PostgreSQL `postgres` account password to `secretpassword`. Additionally it creates a database named `my-database`. + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, + +```console +$ helm install my-release -f values.yaml bitnami/postgresql +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) + +## Configuration and installation details + +### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) + +It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. + +Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. + +### Production configuration and horizontal scaling + +This chart includes a `values-production.yaml` file where you can find some parameters oriented to production configuration in comparison to the regular `values.yaml`. You can use this file instead of the default one. + +- Enable replication: +```diff +- replication.enabled: false ++ replication.enabled: true +``` + +- Number of slaves replicas: +```diff +- replication.slaveReplicas: 1 ++ replication.slaveReplicas: 2 +``` + +- Set synchronous commit mode: +```diff +- replication.synchronousCommit: "off" ++ replication.synchronousCommit: "on" +``` + +- Number of replicas that will have synchronous replication: +```diff +- replication.numSynchronousReplicas: 0 ++ replication.numSynchronousReplicas: 1 +``` + +- Start a prometheus exporter: +```diff +- metrics.enabled: false ++ metrics.enabled: true +``` + +To horizontally scale this chart, you can use the `--replicas` flag to modify the number of nodes in your PostgreSQL deployment. Also you can use the `values-production.yaml` file or modify the parameters shown above. + +### Customizing Master and Slave services in a replicated configuration + +At the top level, there is a service object which defines the services for both master and slave. For deeper customization, there are service objects for both the master and slave types individually. This allows you to override the values in the top level service object so that the master and slave can be of different service types and with different clusterIPs / nodePorts. Also in the case you want the master and slave to be of type nodePort, you will need to set the nodePorts to different values to prevent a collision. The values that are deeper in the master.service or slave.service objects will take precedence over the top level service object. + +### Change PostgreSQL version + +To modify the PostgreSQL version used in this chart you can specify a [valid image tag](https://hub.docker.com/r/bitnami/postgresql/tags/) using the `image.tag` parameter. For example, `image.tag=X.Y.Z`. This approach is also applicable to other images like exporters. + +### postgresql.conf / pg_hba.conf files as configMap + +This helm chart also supports to customize the whole configuration file. + +Add your custom file to "files/postgresql.conf" in your working directory. This file will be mounted as configMap to the containers and it will be used for configuring the PostgreSQL server. + +Alternatively, you can specify PostgreSQL configuration parameters using the `postgresqlConfiguration` parameter as a dict, using camelCase, e.g. {"sharedBuffers": "500MB"}. + +In addition to these options, you can also set an external ConfigMap with all the configuration files. This is done by setting the `configurationConfigMap` parameter. Note that this will override the two previous options. + +### Allow settings to be loaded from files other than the default `postgresql.conf` + +If you don't want to provide the whole PostgreSQL configuration file and only specify certain parameters, you can add your extended `.conf` files to "files/conf.d/" in your working directory. +Those files will be mounted as configMap to the containers adding/overwriting the default configuration using the `include_dir` directive that allows settings to be loaded from files other than the default `postgresql.conf`. + +Alternatively, you can also set an external ConfigMap with all the extra configuration files. This is done by setting the `extendedConfConfigMap` parameter. Note that this will override the previous option. + +### Initialize a fresh instance + +The [Bitnami PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) image allows you to use your custom scripts to initialize a fresh instance. In order to execute the scripts, they must be located inside the chart folder `files/docker-entrypoint-initdb.d` so they can be consumed as a ConfigMap. + +Alternatively, you can specify custom scripts using the `initdbScripts` parameter as dict. + +In addition to these options, you can also set an external ConfigMap with all the initialization scripts. This is done by setting the `initdbScriptsConfigMap` parameter. Note that this will override the two previous options. If your initialization scripts contain sensitive information such as credentials or passwords, you can use the `initdbScriptsSecret` parameter. + +The allowed extensions are `.sh`, `.sql` and `.sql.gz`. + +### Securing traffic using TLS + +TLS support can be enabled in the chart by specifying the `tls.` parameters while creating a release. The following parameters should be configured to properly enable the TLS support in the chart: + +- `tls.enabled`: Enable TLS support. Defaults to `false` +- `tls.certificatesSecret`: Name of an existing secret that contains the certificates. No defaults. +- `tls.certFilename`: Certificate filename. No defaults. +- `tls.certKeyFilename`: Certificate key filename. No defaults. + +For example: + +* First, create the secret with the cetificates files: + + ```console + kubectl create secret generic certificates-tls-secret --from-file=./cert.crt --from-file=./cert.key --from-file=./ca.crt + ``` + +* Then, use the following parameters: + + ```console + volumePermissions.enabled=true + tls.enabled=true + tls.certificatesSecret="certificates-tls-secret" + tls.certFilename="cert.crt" + tls.certKeyFilename="cert.key" + ``` + + > Note TLS and VolumePermissions: PostgreSQL requires certain permissions on sensitive files (such as certificate keys) to start up. Due to an on-going [issue](https://github.com/kubernetes/kubernetes/issues/57923) regarding kubernetes permissions and the use of `securityContext.runAsUser`, you must enable `volumePermissions` to ensure everything works as expected. + +### Sidecars + +If you need additional containers to run within the same pod as PostgreSQL (e.g. an additional metrics or logging exporter), you can do so via the `sidecars` config parameter. Simply define your container according to the Kubernetes container spec. + +```yaml +# For the PostgreSQL master +master: + sidecars: + - name: your-image-name + image: your-image + imagePullPolicy: Always + ports: + - name: portname + containerPort: 1234 +# For the PostgreSQL replicas +slave: + sidecars: + - name: your-image-name + image: your-image + imagePullPolicy: Always + ports: + - name: portname + containerPort: 1234 +``` + +### Metrics + +The chart optionally can start a metrics exporter for [prometheus](https://prometheus.io). The metrics endpoint (port 9187) is not exposed and it is expected that the metrics are collected from inside the k8s cluster using something similar as the described in the [example Prometheus scrape configuration](https://github.com/prometheus/prometheus/blob/master/documentation/examples/prometheus-kubernetes.yml). + +The exporter allows to create custom metrics from additional SQL queries. See the Chart's `values.yaml` for an example and consult the [exporters documentation](https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file) for more details. + +### Use of global variables + +In more complex scenarios, we may have the following tree of dependencies + +``` + +--------------+ + | | + +------------+ Chart 1 +-----------+ + | | | | + | --------+------+ | + | | | + | | | + | | | + | | | + v v v ++-------+------+ +--------+------+ +--------+------+ +| | | | | | +| PostgreSQL | | Sub-chart 1 | | Sub-chart 2 | +| | | | | | ++--------------+ +---------------+ +---------------+ +``` + +The three charts below depend on the parent chart Chart 1. However, subcharts 1 and 2 may need to connect to PostgreSQL as well. In order to do so, subcharts 1 and 2 need to know the PostgreSQL credentials, so one option for deploying could be deploy Chart 1 with the following parameters: + +``` +postgresql.postgresqlPassword=testtest +subchart1.postgresql.postgresqlPassword=testtest +subchart2.postgresql.postgresqlPassword=testtest +postgresql.postgresqlDatabase=db1 +subchart1.postgresql.postgresqlDatabase=db1 +subchart2.postgresql.postgresqlDatabase=db1 +``` + +If the number of dependent sub-charts increases, installing the chart with parameters can become increasingly difficult. An alternative would be to set the credentials using global variables as follows: + +``` +global.postgresql.postgresqlPassword=testtest +global.postgresql.postgresqlDatabase=db1 +``` + +This way, the credentials will be available in all of the subcharts. + +## Persistence + +The [Bitnami PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) image stores the PostgreSQL data and configurations at the `/bitnami/postgresql` path of the container. + +Persistent Volume Claims are used to keep the data across deployments. This is known to work in GCE, AWS, and minikube. +See the [Parameters](#parameters) section to configure the PVC or to disable persistence. + +If you already have data in it, you will fail to sync to standby nodes for all commits, details can refer to [code](https://github.com/bitnami/bitnami-docker-postgresql/blob/8725fe1d7d30ebe8d9a16e9175d05f7ad9260c93/9.6/debian-9/rootfs/libpostgresql.sh#L518-L556). If you need to use those data, please covert them to sql and import after `helm install` finished. + +## NetworkPolicy + +To enable network policy for PostgreSQL, install [a networking plugin that implements the Kubernetes NetworkPolicy spec](https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy#before-you-begin), and set `networkPolicy.enabled` to `true`. + +For Kubernetes v1.5 & v1.6, you must also turn on NetworkPolicy by setting the DefaultDeny namespace annotation. Note: this will enforce policy for _all_ pods in the namespace: + +```console +$ kubectl annotate namespace default "net.beta.kubernetes.io/network-policy={\"ingress\":{\"isolation\":\"DefaultDeny\"}}" +``` + +With NetworkPolicy enabled, traffic will be limited to just port 5432. + +For more precise policy, set `networkPolicy.allowExternal=false`. This will only allow pods with the generated client label to connect to PostgreSQL. +This label will be displayed in the output of a successful install. + +## Differences between Bitnami PostgreSQL image and [Docker Official](https://hub.docker.com/_/postgres) image + +- The Docker Official PostgreSQL image does not support replication. If you pass any replication environment variable, this would be ignored. The only environment variables supported by the Docker Official image are POSTGRES_USER, POSTGRES_DB, POSTGRES_PASSWORD, POSTGRES_INITDB_ARGS, POSTGRES_INITDB_WALDIR and PGDATA. All the remaining environment variables are specific to the Bitnami PostgreSQL image. +- The Bitnami PostgreSQL image is non-root by default. This requires that you run the pod with `securityContext` and updates the permissions of the volume with an `initContainer`. A key benefit of this configuration is that the pod follows security best practices and is prepared to run on Kubernetes distributions with hard security constraints like OpenShift. +- For OpenShift, one may either define the runAsUser and fsGroup accordingly, or try this more dynamic option: volumePermissions.securityContext.runAsUser="auto",securityContext.enabled=false,shmVolume.chmod.enabled=false + +### Deploy chart using Docker Official PostgreSQL Image + +From chart version 4.0.0, it is possible to use this chart with the Docker Official PostgreSQL image. +Besides specifying the new Docker repository and tag, it is important to modify the PostgreSQL data directory and volume mount point. Basically, the PostgreSQL data dir cannot be the mount point directly, it has to be a subdirectory. + +``` +image.repository=postgres +image.tag=10.6 +postgresqlDataDir=/data/pgdata +persistence.mountPath=/data/ +``` + +## Upgrade + +It's necessary to specify the existing passwords while performing an upgrade to ensure the secrets are not updated with invalid randomly generated passwords. Remember to specify the existing values of the `postgresqlPassword` and `replication.password` parameters when upgrading the chart: + +```bash +$ helm upgrade my-release stable/postgresql \ + --set postgresqlPassword=[POSTGRESQL_PASSWORD] \ + --set replication.password=[REPLICATION_PASSWORD] +``` + +> Note: you need to substitute the placeholders _[POSTGRESQL_PASSWORD]_, and _[REPLICATION_PASSWORD]_ with the values obtained from instructions in the installation notes. + +## 9.0.0 + +In this version the chart was adapted to follow the Helm label best practices, see [PR 3021](https://github.com/bitnami/charts/pull/3021). That means the backward compatibility is not guarantee when upgrading the chart to this major version. + +As a workaround, you can delete the existing statefulset (using the `--cascade=false` flag pods are not deleted) before upgrade the chart. For example, this can be a valid workflow: + +- Deploy an old version (8.X.X) +```console +$ helm install postgresql bitnami/postgresql --version 8.10.14 +``` + +- Old version is up and running +```console +$ helm ls +NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION +postgresql default 1 2020-08-04 13:39:54.783480286 +0000 UTC deployed postgresql-8.10.14 11.8.0 + +$ kubectl get pods +NAME READY STATUS RESTARTS AGE +postgresql-postgresql-0 1/1 Running 0 76s +``` + +- The upgrade to the latest one (9.X.X) is going to fail +```console +$ helm upgrade postgresql bitnami/postgresql +Error: UPGRADE FAILED: cannot patch "postgresql-postgresql" with kind StatefulSet: StatefulSet.apps "postgresql-postgresql" is invalid: spec: Forbidden: updates to statefulset spec for fields other than 'replicas', 'template', and 'updateStrategy' are forbidden +``` + +- Delete the statefulset +```console +$ kubectl delete statefulsets.apps --cascade=false postgresql-postgresql +statefulset.apps "postgresql-postgresql" deleted +``` + +- Now the upgrade works +```cosnole +$ helm upgrade postgresql bitnami/postgresql +$ helm ls +NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION +postgresql default 3 2020-08-04 13:42:08.020385884 +0000 UTC deployed postgresql-9.1.2 11.8.0 +``` + +- We can kill the existing pod and the new statefulset is going to create a new one: +```console +$ kubectl delete pod postgresql-postgresql-0 +pod "postgresql-postgresql-0" deleted + +$ kubectl get pods +NAME READY STATUS RESTARTS AGE +postgresql-postgresql-0 1/1 Running 0 19s +``` + +Please, note that without the `--cascade=false` both objects (statefulset and pod) are going to be removed and both objects will be deployed again with the `helm upgrade` command + +## 8.0.0 + +Prefixes the port names with their protocols to comply with Istio conventions. + +If you depend on the port names in your setup, make sure to update them to reflect this change. + +## 7.1.0 + +Adds support for LDAP configuration. + +## 7.0.0 + +Helm performs a lookup for the object based on its group (apps), version (v1), and kind (Deployment). Also known as its GroupVersionKind, or GVK. Changing the GVK is considered a compatibility breaker from Kubernetes' point of view, so you cannot "upgrade" those objects to the new GVK in-place. Earlier versions of Helm 3 did not perform the lookup correctly which has since been fixed to match the spec. + +In https://github.com/helm/charts/pull/17281 the `apiVersion` of the statefulset resources was updated to `apps/v1` in tune with the api's deprecated, resulting in compatibility breakage. + +This major version bump signifies this change. + +## 6.5.7 + +In this version, the chart will use PostgreSQL with the Postgis extension included. The version used with Postgresql version 10, 11 and 12 is Postgis 2.5. It has been compiled with the following dependencies: + +- protobuf +- protobuf-c +- json-c +- geos +- proj + +## 5.0.0 + +In this version, the **chart is using PostgreSQL 11 instead of PostgreSQL 10**. You can find the main difference and notable changes in the following links: [https://www.postgresql.org/about/news/1894/](https://www.postgresql.org/about/news/1894/) and [https://www.postgresql.org/about/featurematrix/](https://www.postgresql.org/about/featurematrix/). + +For major releases of PostgreSQL, the internal data storage format is subject to change, thus complicating upgrades, you can see some errors like the following one in the logs: + +```console +Welcome to the Bitnami postgresql container +Subscribe to project updates by watching https://github.com/bitnami/bitnami-docker-postgresql +Submit issues and feature requests at https://github.com/bitnami/bitnami-docker-postgresql/issues +Send us your feedback at containers@bitnami.com + +INFO ==> ** Starting PostgreSQL setup ** +NFO ==> Validating settings in POSTGRESQL_* env vars.. +INFO ==> Initializing PostgreSQL database... +INFO ==> postgresql.conf file not detected. Generating it... +INFO ==> pg_hba.conf file not detected. Generating it... +INFO ==> Deploying PostgreSQL with persisted data... +INFO ==> Configuring replication parameters +INFO ==> Loading custom scripts... +INFO ==> Enabling remote connections +INFO ==> Stopping PostgreSQL... +INFO ==> ** PostgreSQL setup finished! ** + +INFO ==> ** Starting PostgreSQL ** + [1] FATAL: database files are incompatible with server + [1] DETAIL: The data directory was initialized by PostgreSQL version 10, which is not compatible with this version 11.3. +``` + +In this case, you should migrate the data from the old chart to the new one following an approach similar to that described in [this section](https://www.postgresql.org/docs/current/upgrading.html#UPGRADING-VIA-PGDUMPALL) from the official documentation. Basically, create a database dump in the old chart, move and restore it in the new one. + +### 4.0.0 + +This chart will use by default the Bitnami PostgreSQL container starting from version `10.7.0-r68`. This version moves the initialization logic from node.js to bash. This new version of the chart requires setting the `POSTGRES_PASSWORD` in the slaves as well, in order to properly configure the `pg_hba.conf` file. Users from previous versions of the chart are advised to upgrade immediately. + +IMPORTANT: If you do not want to upgrade the chart version then make sure you use the `10.7.0-r68` version of the container. Otherwise, you will get this error + +``` +The POSTGRESQL_PASSWORD environment variable is empty or not set. Set the environment variable ALLOW_EMPTY_PASSWORD=yes to allow the container to be started with blank passwords. This is recommended only for development +``` + +### 3.0.0 + +This releases make it possible to specify different nodeSelector, affinity and tolerations for master and slave pods. +It also fixes an issue with `postgresql.master.fullname` helper template not obeying fullnameOverride. + +#### Breaking changes + +- `affinty` has been renamed to `master.affinity` and `slave.affinity`. +- `tolerations` has been renamed to `master.tolerations` and `slave.tolerations`. +- `nodeSelector` has been renamed to `master.nodeSelector` and `slave.nodeSelector`. + +### 2.0.0 + +In order to upgrade from the `0.X.X` branch to `1.X.X`, you should follow the below steps: + + - Obtain the service name (`SERVICE_NAME`) and password (`OLD_PASSWORD`) of the existing postgresql chart. You can find the instructions to obtain the password in the NOTES.txt, the service name can be obtained by running + +```console +$ kubectl get svc +``` + +- Install (not upgrade) the new version + +```console +$ helm repo update +$ helm install my-release bitnami/postgresql +``` + +- Connect to the new pod (you can obtain the name by running `kubectl get pods`): + +```console +$ kubectl exec -it NAME bash +``` + +- Once logged in, create a dump file from the previous database using `pg_dump`, for that we should connect to the previous postgresql chart: + +```console +$ pg_dump -h SERVICE_NAME -U postgres DATABASE_NAME > /tmp/backup.sql +``` + +After run above command you should be prompted for a password, this password is the previous chart password (`OLD_PASSWORD`). +This operation could take some time depending on the database size. + +- Once you have the backup file, you can restore it with a command like the one below: + +```console +$ psql -U postgres DATABASE_NAME < /tmp/backup.sql +``` + +In this case, you are accessing to the local postgresql, so the password should be the new one (you can find it in NOTES.txt). + +If you want to restore the database and the database schema does not exist, it is necessary to first follow the steps described below. + +```console +$ psql -U postgres +postgres=# drop database DATABASE_NAME; +postgres=# create database DATABASE_NAME; +postgres=# create user USER_NAME; +postgres=# alter role USER_NAME with password 'BITNAMI_USER_PASSWORD'; +postgres=# grant all privileges on database DATABASE_NAME to USER_NAME; +postgres=# alter database DATABASE_NAME owner to USER_NAME; +``` diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/.helmignore b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/.helmignore new file mode 100644 index 000000000..50af03172 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/Chart.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/Chart.yaml new file mode 100644 index 000000000..e6bac7873 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/Chart.yaml @@ -0,0 +1,20 @@ +annotations: + category: Infrastructure +apiVersion: v1 +appVersion: 0.6.2 +description: A Library Helm Chart for grouping common logic between bitnami charts. This chart is not deployable by itself. +home: http://www.bitnami.com/ +icon: https://bitnami.com/downloads/logos/bitnami-mark.png +keywords: +- common +- helper +- template +- function +- bitnami +maintainers: +- email: containers@bitnami.com + name: Bitnami +name: common +sources: +- https://github.com/bitnami/charts +version: 0.6.2 diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/README.md b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/README.md new file mode 100644 index 000000000..e04391a3f --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/README.md @@ -0,0 +1,274 @@ +# Bitnami Common Library Chart + +A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between bitnami charts. + +## TL;DR + +```yaml +dependencies: + - name: common + version: 0.x.x + repository: https://charts.bitnami.com/bitnami +``` + +```bash +$ helm dependency update +``` + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.names.fullname" . }} +data: + myvalue: "Hello World" +``` + +## Introduction + +This chart provides a common template helpers which can be used to develop new charts using [Helm](https://helm.sh) package manager. + +Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This Helm chart has been tested on top of [Bitnami Kubernetes Production Runtime](https://kubeprod.io/) (BKPR). Deploy BKPR to get automated TLS certificates, logging and monitoring for your applications. + +## Prerequisites + +- Kubernetes 1.12+ +- Helm 2.12+ or Helm 3.0-beta3+ + +## Parameters + +The following table lists the helpers available in the library which are scoped in different sections. + +**Names** + +| Helper identifier | Description | Expected Input | +|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.names.name` | Expand the name of the chart or use `.Values.nameOverride` | `.` Chart context | +| `common.names.fullname` | Create a default fully qualified app name. | `.` Chart context | +| `common.names.chart` | Chart name plus version | `.` Chart context | + +**Images** + +| Helper identifier | Description | Expected Input | +|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.images.image` | Return the proper and full image name | `dict "imageRoot" .Values.path.to.the.image "global" $`, see [ImageRoot](#imageroot) for the structure. | +| `common.images.pullSecrets` | Return the proper Docker Image Registry Secret Names | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global` | + +**Labels** + +| Helper identifier | Description | Expected Input | +|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.labels.standard` | Return Kubernetes standard labels | `.` Chart context | +| `common.labels.matchLabels` | Return the proper Docker Image Registry Secret Names | `.` Chart context | + +**Storage** + +| Helper identifier | Description | Expected Input | +|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.storage.class` | Return the proper Storage Class | `dict "persistence" .Values.path.to.the.persistence "global" $`, see [Persistence](#persistence) for the structure. | + +**TplValues** + +| Helper identifier | Description | Expected Input | +|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.tplvalues.render` | Renders a value that contains template | `dict "value" .Values.path.to.the.Value "context" $`, value is the value should rendered as template, context frecuently is the chart context `$` or `.` | + +**Capabilities** + +| Helper identifier | Description | Expected Input | +|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.capabilities.deployment.apiVersion` | Return the appropriate apiVersion for deployment. | `.` Chart context | +| `common.capabilities.ingress.apiVersion` | Return the appropriate apiVersion for ingress. | `.` Chart context | + +**Validations** + +| Helper identifier | Description | Expected Input | +|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.validations.values.single.empty` | Validate a value must not be empty. | `dict "valueKey" "path.to.value" "secret" "secret.name" "field" "my-password" "context" $` secret and field are optional. In case they are given, the helper will generate a how to get instruction. See [ValidateValue](#validatevalue) | +| `common.validations.values.multiple.empty` | Validate a multiple values must not be empty. It returns a shared error for all the values. | `dict "required" (list $validateValueConf00 $validateValueConf01) "context" $`. See [ValidateValue](#validatevalue) | +| `common.validations.values.mariadb.passwords` | When a chart is using `bitnami/mariadb` as subchart you should use this to validate required password are not empty. It returns a shared error for all the values. | `dict "secret" "mariadb-secret" "context" $` | +| `common.validations.values.postgresql.passwords` | This helper will ensure required password are not empty. It returns a shared error for all the values. | `dict "secret" "postgresql-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use postgresql chart and the helper. | + +**Warnings** + +| Helper identifier | Description | Expected Input | +|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.warnings.rollingTag` | Warning about using rolling tag. | `ImageRoot` see [ImageRoot](#imageroot) for the structure. | + +**Errors** + +| Helper identifier | Description | Expected Input | +|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.errors.upgrade.passwords.empty` | It will ensure required passwords are given when we are upgrading a chart. If `validationErrors` is not empty it will throw an error and will stop the upgrade action. | `dict "validationErrors" (list $validationError00 $validationError01) "context" $` | + +**Utils** + +| Helper identifier | Description | Expected Input | +|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.utils.fieldToEnvVar` | Build environment variable name given a field. | `dict "field" "my-password"` | +| `common.utils.secret.getvalue` | Print instructions to get a secret value. | `dict "secret" "secret-name" "field" "secret-value-field" "context" $` | + +**Secrets** + +| Helper identifier | Description | Expected Input | +|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.secrets.name` | Generate the name of the secret. | `dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $` see [ExistingSecret](#existingsecret) for the structure. | +| `common.secrets.key` | Generate secret key. | `dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName"` see [ExistingSecret](#existingsecret) for the structure. | + +## Special input schemas + +### ImageRoot + +```yaml +registry: + type: string + description: Docker registry where the image is located + example: docker.io + +repository: + type: string + description: Repository and image name + example: bitnami/nginx + +tag: + type: string + description: image tag + example: 1.16.1-debian-10-r63 + +pullPolicy: + type: string + description: Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + +pullSecrets: + type: array + items: + type: string + description: Optionally specify an array of imagePullSecrets. + +debug: + type: boolean + description: Set to true if you would like to see extra information on logs + example: false + +## An instance would be: +# registry: docker.io +# repository: bitnami/nginx +# tag: 1.16.1-debian-10-r63 +# pullPolicy: IfNotPresent +# debug: false +``` + +### Persistence + +```yaml +enabled: + type: boolean + description: Whether enable persistence. + example: true + +storageClass: + type: string + description: Ghost data Persistent Volume Storage Class, If set to "-", storageClassName: "" which disables dynamic provisioning. + example: "-" + +accessMode: + type: string + description: Access mode for the Persistent Volume Storage. + example: ReadWriteOnce + +size: + type: string + description: Size the Persistent Volume Storage. + example: 8Gi + +path: + type: string + description: Path to be persisted. + example: /bitnami + +## An instance would be: +# enabled: true +# storageClass: "-" +# accessMode: ReadWriteOnce +# size: 8Gi +# path: /bitnami +``` + +### ExistingSecret +```yaml +name: + type: string + description: Name of the existing secret. + example: mySecret +keyMapping: + description: Mapping between the expected key name and the name of the key in the existing secret. + type: object + +## An instance would be: +# name: mySecret +# keyMapping: +# password: myPasswordKey +``` + +**Example of use** + +When we store sensitive data for a deployment in a secret, some times we want to give to users the possiblity of using theirs existing secrets. + +```yaml +# templates/secret.yaml +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" . }} + labels: + app: {{ include "common.names.fullname" . }} +type: Opaque +data: + password: {{ .Values.password | b64enc | quote }} + +# templates/dpl.yaml +--- +... + env: + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "common.secrets.name" (dict "existingSecret" .Values.existingSecret "context" $) }} + key: {{ include "common.secrets.key" (dict "existingSecret" .Values.existingSecret "key" "password") }} +... + +# values.yaml +--- +name: mySecret +keyMapping: + password: myPasswordKey +``` + +### ValidateValue + +**NOTES.txt** + +``` +{{- $validateValueConf00 := (dict "valueKey" "path.to.value00" "secret" "secretName" "field" "password-00") -}} +{{- $validateValueConf01 := (dict "valueKey" "path.to.value01" "secret" "secretName" "field" "password-01") -}} + +{{ include "common.validations.values.multiple.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} +``` + +If we force those values to be empty we will see some alerts + +```console +$ helm install test mychart --set path.to.value00="",path.to.value01="" + 'path.to.value00' must not be empty, please add '--set path.to.value00=$PASSWORD_00' to the command. To get the current value: + + export PASSWORD_00=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-00}" | base64 --decode) + + 'path.to.value01' must not be empty, please add '--set path.to.value01=$PASSWORD_01' to the command. To get the current value: + + export PASSWORD_01=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-01}" | base64 --decode) +``` + +## Notable changes + +N/A diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_capabilities.tpl b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_capabilities.tpl new file mode 100644 index 000000000..c0ea2c70c --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_capabilities.tpl @@ -0,0 +1,22 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Return the appropriate apiVersion for deployment. +*/}} +{{- define "common.capabilities.deployment.apiVersion" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for ingress. +*/}} +{{- define "common.capabilities.ingress.apiVersion" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1beta1" -}} +{{- end -}} +{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_errors.tpl b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_errors.tpl new file mode 100644 index 000000000..d6d3ec65a --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_errors.tpl @@ -0,0 +1,20 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Through error when upgrading using empty passwords values that must not be empty. + +Usage: +{{- $validationError00 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password00" "secret" "secretName" "field" "password-00") -}} +{{- $validationError01 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password01" "secret" "secretName" "field" "password-01") -}} +{{ include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $validationError00 $validationError01) "context" $) }} + +Required password params: + - validationErrors - String - Required. List of validation strings to be return, if it is empty it won't throw error. + - context - Context - Required. Parent context. +*/}} +{{- define "common.errors.upgrade.passwords.empty" -}} + {{- $validationErrors := join "" .validationErrors -}} + {{- if and $validationErrors .context.Release.IsUpgrade -}} + {{- $errorString := "\nPASSWORDS ERROR: you must provide your current passwords when upgrade the release%s" -}} + {{- printf $errorString $validationErrors | fail -}} + {{- end -}} +{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_images.tpl b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_images.tpl new file mode 100644 index 000000000..aafde9f3b --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_images.tpl @@ -0,0 +1,43 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Return the proper image name +{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" $) }} +*/}} +{{- define "common.images.image" -}} +{{- $registryName := .imageRoot.registry -}} +{{- $repositoryName := .imageRoot.repository -}} +{{- $tag := .imageRoot.tag | toString -}} +{{- if .global }} + {{- if .global.imageRegistry }} + {{- $registryName = .global.imageRegistry -}} + {{- end -}} +{{- end -}} +{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +{{ include "common.images.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global) }} +*/}} +{{- define "common.images.pullSecrets" -}} + {{- $pullSecrets := list }} + + {{- if .global }} + {{- range .global.imagePullSecrets -}} + {{- $pullSecrets = append $pullSecrets . -}} + {{- end -}} + {{- end -}} + + {{- range .images -}} + {{- range .pullSecrets -}} + {{- $pullSecrets = append $pullSecrets . -}} + {{- end -}} + {{- end -}} + + {{- if (not (empty $pullSecrets)) }} +imagePullSecrets: + {{- range $pullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} +{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_labels.tpl b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_labels.tpl new file mode 100644 index 000000000..252066c7e --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_labels.tpl @@ -0,0 +1,18 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Kubernetes standard labels +*/}} +{{- define "common.labels.standard" -}} +app.kubernetes.io/name: {{ include "common.names.name" . }} +helm.sh/chart: {{ include "common.names.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector +*/}} +{{- define "common.labels.matchLabels" -}} +app.kubernetes.io/name: {{ include "common.names.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_names.tpl b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_names.tpl new file mode 100644 index 000000000..adf2a74f4 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_names.tpl @@ -0,0 +1,32 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "common.names.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "common.names.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "common.names.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_secrets.tpl b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_secrets.tpl new file mode 100644 index 000000000..d6165a294 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_secrets.tpl @@ -0,0 +1,49 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Generate secret name. + +Usage: +{{ include "common.secrets.name" (dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $) }} + +Params: + - existingSecret - ExistingSecret - Optional. The path to the existing secrets in the values.yaml given by the user + to be used istead of the default one. +info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret + - defaultNameSuffix - String - Optional. It is used only if we have several secrets in the same deployment. + - context - Dict - Required. The context for the template evaluation. +*/}} +{{- define "common.secrets.name" -}} +{{- $name := (include "common.names.fullname" .context) -}} + +{{- if .defaultNameSuffix -}} +{{- $name = cat $name .defaultNameSuffix -}} +{{- end -}} + +{{- with .existingSecret -}} +{{- $name = .name -}} +{{- end -}} + +{{- printf "%s" $name -}} +{{- end -}} + +{{/* +Generate secret key. + +Usage: +{{ include "common.secrets.key" (dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName") }} + +Params: + - existingSecret - ExistingSecret - Optional. The path to the existing secrets in the values.yaml given by the user + to be used istead of the default one. +info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret + - key - String - Required. Name of the key in the secret. +*/}} +{{- define "common.secrets.key" -}} +{{- $key := .key -}} + +{{- if .existingSecret -}} + {{- if .existingSecret.keyMapping -}} + {{- $key = index .existingSecret.keyMapping $.key -}} + {{- end -}} +{{- end -}} + +{{- printf "%s" $key -}} +{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_storage.tpl b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_storage.tpl new file mode 100644 index 000000000..60e2a844f --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_storage.tpl @@ -0,0 +1,23 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Return the proper Storage Class +{{ include "common.storage.class" ( dict "persistence" .Values.path.to.the.persistence "global" $) }} +*/}} +{{- define "common.storage.class" -}} + +{{- $storageClass := .persistence.storageClass -}} +{{- if .global -}} + {{- if .global.storageClass -}} + {{- $storageClass = .global.storageClass -}} + {{- end -}} +{{- end -}} + +{{- if $storageClass -}} + {{- if (eq "-" $storageClass) -}} + {{- printf "storageClassName: \"\"" -}} + {{- else }} + {{- printf "storageClassName: %s" $storageClass -}} + {{- end -}} +{{- end -}} + +{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_tplvalues.tpl b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_tplvalues.tpl new file mode 100644 index 000000000..2db166851 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_tplvalues.tpl @@ -0,0 +1,13 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Renders a value that contains template. +Usage: +{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $) }} +*/}} +{{- define "common.tplvalues.render" -}} + {{- if typeIs "string" .value }} + {{- tpl .value .context }} + {{- else }} + {{- tpl (.value | toYaml) .context }} + {{- end }} +{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_utils.tpl b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_utils.tpl new file mode 100644 index 000000000..7d02f2ef6 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_utils.tpl @@ -0,0 +1,26 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Print instructions to get a secret value. +Usage: +{{ include "common.utils.secret.getvalue" (dict "secret" "secret-name" "field" "secret-value-field" "context" $) }} +*/}} +{{- define "common.utils.secret.getvalue" -}} +{{- $varname := include "common.utils.fieldToEnvVar" . -}} +export {{ $varname }}=$(kubectl get secret --namespace {{ .context.Release.Namespace }} {{ .secret }} -o jsonpath="{.data.{{ .field }}}" | base64 --decode) +{{- end -}} + +{{/* +Build env var name given a field +Usage: +{{ include "common.utils.fieldToEnvVar" dict "field" "my-password" }} +*/}} +{{- define "common.utils.fieldToEnvVar" -}} + {{- $fieldNameSplit := splitList "-" .field -}} + {{- $upperCaseFieldNameSplit := list -}} + + {{- range $fieldNameSplit -}} + {{- $upperCaseFieldNameSplit = append $upperCaseFieldNameSplit ( upper . ) -}} + {{- end -}} + + {{ join "_" $upperCaseFieldNameSplit }} +{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_validations.tpl b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_validations.tpl new file mode 100644 index 000000000..62635b30e --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_validations.tpl @@ -0,0 +1,219 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate values must not be empty. + +Usage: +{{- $validateValueConf00 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-00") -}} +{{- $validateValueConf01 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-01") -}} +{{ include "common.validations.values.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} + +Validate value params: + - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" + - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" + - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" +*/}} +{{- define "common.validations.values.multiple.empty" -}} + {{- range .required -}} + {{- include "common.validations.values.single.empty" (dict "valueKey" .valueKey "secret" .secret "field" .field "context" $.context) -}} + {{- end -}} +{{- end -}} + + +{{/* +Validate a value must not be empty. + +Usage: +{{ include "common.validations.value.empty" (dict "valueKey" "mariadb.password" "secret" "secretName" "field" "my-password" "context" $) }} + +Validate value params: + - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" + - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" + - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" +*/}} +{{- define "common.validations.values.single.empty" -}} + {{- $valueKeyArray := splitList "." .valueKey -}} + {{- $value := "" -}} + {{- $latestObj := $.context.Values -}} + {{- range $valueKeyArray -}} + {{- if not $latestObj -}} + {{- printf "please review the entire path of '%s' exists in values" $.valueKey | fail -}} + {{- end -}} + + {{- $value = ( index $latestObj . ) -}} + {{- $latestObj = $value -}} + {{- end -}} + + {{- if not $value -}} + {{- $varname := "my-value" -}} + {{- $getCurrentValue := "" -}} + {{- if and .secret .field -}} + {{- $varname = include "common.utils.fieldToEnvVar" . -}} + {{- $getCurrentValue = printf " To get the current value:\n\n %s\n" (include "common.utils.secret.getvalue" .) -}} + {{- end -}} + + {{- printf "\n '%s' must not be empty, please add '--set %s=$%s' to the command.%s" .valueKey .valueKey $varname $getCurrentValue -}} + {{- end -}} +{{- end -}} + +{{/* +Validate a mariadb required password must not be empty. + +Usage: +{{ include "common.validations.values.mariadb.passwords" (dict "secret" "secretName" "context" $) }} + +Validate value params: + - secret - String - Required. Name of the secret where mysql values are stored, e.g: "mysql-passwords-secret" +*/}} +{{- define "common.validations.values.mariadb.passwords" -}} + {{- if and (not .context.Values.mariadb.existingSecret) .context.Values.mariadb.enabled -}} + {{- $requiredPasswords := list -}} + + {{- if .context.Values.mariadb.secret.requirePasswords -}} + {{- $requiredRootMariadbPassword := dict "valueKey" "mariadb.rootUser.password" "secret" .secretName "field" "mariadb-root-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRootMariadbPassword -}} + + {{- if not (empty .context.Values.mariadb.db.user) -}} + {{- $requiredMariadbPassword := dict "valueKey" "mariadb.db.password" "secret" .secretName "field" "mariadb-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredMariadbPassword -}} + {{- end -}} + + {{- if .context.Values.mariadb.replication.enabled -}} + {{- $requiredReplicationPassword := dict "valueKey" "mariadb.replication.password" "secret" .secretName "field" "mariadb-replication-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + {{- end -}} + {{- end -}} +{{- end -}} + +{{/* +Validate a postgresql required password must not be empty. + +Usage: +{{ include "common.validations.values.postgresql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where postgresql values are stored, e.g: "mysql-passwords-secret" + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.postgresql.passwords" -}} + {{- $existingSecret := include "common.postgresql.values.existingSecret" . -}} + {{- $enabled := include "common.postgresql.values.enabled" . -}} + {{- $valueKeyPostgresqlPassword := include "common.postgresql.values.key.postgressPassword" . -}} + {{- $enabledReplication := include "common.postgresql.values.enabled.replication" . -}} + {{- $valueKeyPostgresqlReplicationEnabled := include "common.postgresql.values.key.replicationPassword" . -}} + + {{- if and (not $existingSecret) $enabled -}} + {{- $requiredPasswords := list -}} + + {{- $requiredPostgresqlPassword := dict "valueKey" $valueKeyPostgresqlPassword "secret" .secret "field" "postgresql-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlPassword -}} + + {{- if $enabledReplication -}} + {{- $requiredPostgresqlReplicationPassword := dict "valueKey" $valueKeyPostgresqlReplicationEnabled "secret" .secret "field" "postgresql-replication-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlReplicationPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliar function to decide whether evaluate global values. + +Usage: +{{ include "common.postgresql.values.use.global" (dict "key" "key-of-global" "context" $) }} +Params: + - key - String - Required. Field to be evaluated within global, e.g: "existingSecret" +*/}} +{{- define "common.postgresql.values.use.global" -}} + {{- if .context.Values.global -}} + {{- if .context.Values.global.postgresql -}} + {{- index .context.Values.global.postgresql .key | quote -}} + {{- end -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliar function to get the right value for existingSecret. + +Usage: +{{ include "common.postgresql.values.existingSecret" (dict "context" $) }} +*/}} +{{- define "common.postgresql.values.existingSecret" -}} + {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "existingSecret" "context" .context) -}} + + {{- if .subchart -}} + {{- default (.context.Values.postgresql.existingSecret | quote) $globalValue -}} + {{- else -}} + {{- default (.context.Values.existingSecret | quote) $globalValue -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliar function to get the right value for enabled postgresql. + +Usage: +{{ include "common.postgresql.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.postgresql.values.enabled" -}} + {{- if .subchart -}} + {{- .context.Values.postgresql.enabled | quote -}} + {{- else -}} + true + {{- end -}} +{{- end -}} + +{{/* +Auxiliar function to get the right value for the key postgressPassword. + +Usage: +{{ include "common.postgresql.values.key.postgressPassword" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.key.postgressPassword" -}} + {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "postgresqlUsername" "context" .context) -}} + + {{- if not $globalValue -}} + {{- if .subchart -}} + postgresql.postgresqlPassword + {{- else -}} + postgresqlPassword + {{- end -}} + {{- else -}} + global.postgresql.postgresqlPassword + {{- end -}} +{{- end -}} + +{{/* +Auxiliar function to get the right value for enabled.replication. + +Usage: +{{ include "common.postgresql.values.enabled.replication" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.enabled.replication" -}} + {{- if .subchart -}} + {{- .context.Values.postgresql.replication.enabled | quote -}} + {{- else -}} + {{- .context.Values.replication.enabled | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliar function to get the right value for the key replication.password. + +Usage: +{{ include "common.postgresql.values.key.replicationPassword" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.key.replicationPassword" -}} + {{- if .subchart -}} + postgresql.replication.password + {{- else -}} + replication.password + {{- end -}} +{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_warnings.tpl b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_warnings.tpl new file mode 100644 index 000000000..ae10fa41e --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/templates/_warnings.tpl @@ -0,0 +1,14 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Warning about using rolling tag. +Usage: +{{ include "common.warnings.rollingTag" .Values.path.to.the.imageRoot }} +*/}} +{{- define "common.warnings.rollingTag" -}} + +{{- if and (contains "bitnami/" .repository) (not (.tag | toString | regexFind "-r\\d+$|sha256:")) }} +WARNING: Rolling tag detected ({{ .repository }}:{{ .tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment. ++info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/ +{{- end }} + +{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/values.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/values.yaml new file mode 100644 index 000000000..9ecdc93f5 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/charts/common/values.yaml @@ -0,0 +1,3 @@ +## bitnami/common +## It is required by CI/CD tools and processes. +exampleValue: common-chart diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/ci/commonAnnotations.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/ci/commonAnnotations.yaml new file mode 100644 index 000000000..f6977823c --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/ci/commonAnnotations.yaml @@ -0,0 +1,3 @@ +commonAnnotations: + helm.sh/hook: 'pre-install, pre-upgrade' + helm.sh/hook-weight: '-1' diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/ci/default-values.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/ci/default-values.yaml new file mode 100644 index 000000000..fc2ba605a --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/ci/default-values.yaml @@ -0,0 +1 @@ +# Leave this file empty to ensure that CI runs builds against the default configuration in values.yaml. diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/ci/shmvolume-disabled-values.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/ci/shmvolume-disabled-values.yaml new file mode 100644 index 000000000..347d3b40a --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/ci/shmvolume-disabled-values.yaml @@ -0,0 +1,2 @@ +shmVolume: + enabled: false diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/files/README.md b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/files/README.md new file mode 100644 index 000000000..1813a2fea --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/files/README.md @@ -0,0 +1 @@ +Copy here your postgresql.conf and/or pg_hba.conf files to use it as a config map. diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/files/conf.d/README.md b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/files/conf.d/README.md new file mode 100644 index 000000000..184c1875d --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/files/conf.d/README.md @@ -0,0 +1,4 @@ +If you don't want to provide the whole configuration file and only specify certain parameters, you can copy here your extended `.conf` files. +These files will be injected as a config maps and add/overwrite the default configuration using the `include_dir` directive that allows settings to be loaded from files other than the default `postgresql.conf`. + +More info in the [bitnami-docker-postgresql README](https://github.com/bitnami/bitnami-docker-postgresql#configuration-file). diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/files/docker-entrypoint-initdb.d/README.md b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/files/docker-entrypoint-initdb.d/README.md new file mode 100644 index 000000000..cba38091e --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/files/docker-entrypoint-initdb.d/README.md @@ -0,0 +1,3 @@ +You can copy here your custom `.sh`, `.sql` or `.sql.gz` file so they are executed during the first boot of the image. + +More info in the [bitnami-docker-postgresql](https://github.com/bitnami/bitnami-docker-postgresql#initializing-a-new-instance) repository. \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/requirements.lock b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/requirements.lock new file mode 100644 index 000000000..72e1642e2 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/requirements.lock @@ -0,0 +1,6 @@ +dependencies: +- name: common + repository: https://charts.bitnami.com/bitnami + version: 0.6.2 +digest: sha256:740783295d301fdd168fafdbaa760de27ab54b0ff36b513589a5a2515072b885 +generated: "2020-09-01T17:40:02.795096189Z" diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/requirements.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/requirements.yaml new file mode 100644 index 000000000..2c28bfe14 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/requirements.yaml @@ -0,0 +1,4 @@ +dependencies: + - name: common + version: 0.x.x + repository: https://charts.bitnami.com/bitnami diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/NOTES.txt b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/NOTES.txt new file mode 100644 index 000000000..596e969ce --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/NOTES.txt @@ -0,0 +1,59 @@ +** Please be patient while the chart is being deployed ** + +PostgreSQL can be accessed via port {{ template "postgresql.port" . }} on the following DNS name from within your cluster: + + {{ template "postgresql.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local - Read/Write connection +{{- if .Values.replication.enabled }} + {{ template "postgresql.fullname" . }}-read.{{ .Release.Namespace }}.svc.cluster.local - Read only connection +{{- end }} + +{{- if and (not (eq .Values.postgresqlUsername "postgres")) (or .Values.postgresqlPostgresPassword (include "postgresql.useExistingSecret" .)) }} + +To get the password for "postgres" run: + + export POSTGRES_ADMIN_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "postgresql.secretName" . }} -o jsonpath="{.data.postgresql-postgres-password}" | base64 --decode) +{{- end }} + +To get the password for "{{ template "postgresql.username" . }}" run: + + export POSTGRES_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "postgresql.secretName" . }} -o jsonpath="{.data.postgresql-password}" | base64 --decode) + +To connect to your database run the following command: + + kubectl run {{ template "postgresql.fullname" . }}-client --rm --tty -i --restart='Never' --namespace {{ .Release.Namespace }} --image {{ template "postgresql.image" . }} --env="PGPASSWORD=$POSTGRES_PASSWORD" {{- if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }} + --labels="{{ template "postgresql.fullname" . }}-client=true" {{- end }} --command -- psql --host {{ template "postgresql.fullname" . }} -U {{ .Values.postgresqlUsername }} -d {{- if .Values.postgresqlDatabase }} {{ .Values.postgresqlDatabase }}{{- else }} postgres{{- end }} -p {{ template "postgresql.port" . }} + +{{ if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }} +Note: Since NetworkPolicy is enabled, only pods with label {{ template "postgresql.fullname" . }}-client=true" will be able to connect to this PostgreSQL cluster. +{{- end }} + +To connect to your database from outside the cluster execute the following commands: + +{{- if contains "NodePort" .Values.service.type }} + + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "postgresql.fullname" . }}) + {{ if (include "postgresql.password" . ) }}PGPASSWORD="$POSTGRES_PASSWORD" {{ end }}psql --host $NODE_IP --port $NODE_PORT -U {{ .Values.postgresqlUsername }} -d {{- if .Values.postgresqlDatabase }} {{ .Values.postgresqlDatabase }}{{- else }} postgres{{- end }} + +{{- else if contains "LoadBalancer" .Values.service.type }} + + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "postgresql.fullname" . }}' + + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "postgresql.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + {{ if (include "postgresql.password" . ) }}PGPASSWORD="$POSTGRES_PASSWORD" {{ end }}psql --host $SERVICE_IP --port {{ template "postgresql.port" . }} -U {{ .Values.postgresqlUsername }} -d {{- if .Values.postgresqlDatabase }} {{ .Values.postgresqlDatabase }}{{- else }} postgres{{- end }} + +{{- else if contains "ClusterIP" .Values.service.type }} + + kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "postgresql.fullname" . }} {{ template "postgresql.port" . }}:{{ template "postgresql.port" . }} & + {{ if (include "postgresql.password" . ) }}PGPASSWORD="$POSTGRES_PASSWORD" {{ end }}psql --host 127.0.0.1 -U {{ .Values.postgresqlUsername }} -d {{- if .Values.postgresqlDatabase }} {{ .Values.postgresqlDatabase }}{{- else }} postgres{{- end }} -p {{ template "postgresql.port" . }} + +{{- end }} + +{{- include "postgresql.validateValues" . -}} + +{{- include "common.warnings.rollingTag" .Values.image -}} + +{{- $passwordValidationErrors := include "common.validations.values.postgresql.passwords" (dict "secret" (include "postgresql.fullname" .) "context" $) -}} + +{{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $passwordValidationErrors) "context" $) -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/_helpers.tpl b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/_helpers.tpl new file mode 100644 index 000000000..68cd0dc0e --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/_helpers.tpl @@ -0,0 +1,501 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "postgresql.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "postgresql.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "postgresql.master.fullname" -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- $fullname := default (printf "%s-%s" .Release.Name $name) .Values.fullnameOverride -}} +{{- if .Values.replication.enabled -}} +{{- printf "%s-%s" $fullname "master" | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s" $fullname | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for networkpolicy. +*/}} +{{- define "postgresql.networkPolicy.apiVersion" -}} +{{- if semverCompare ">=1.4-0, <1.7-0" .Capabilities.KubeVersion.GitVersion -}} +"extensions/v1beta1" +{{- else if semverCompare "^1.7-0" .Capabilities.KubeVersion.GitVersion -}} +"networking.k8s.io/v1" +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "postgresql.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Return the proper PostgreSQL image name +*/}} +{{- define "postgresql.image" -}} +{{- $registryName := .Values.image.registry -}} +{{- $repositoryName := .Values.image.repository -}} +{{- $tag := .Values.image.tag | toString -}} +{{/* +Helm 2.11 supports the assignment of a value to a variable defined in a different scope, +but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic. +Also, we can't use a single if because lazy evaluation is not an option +*/}} +{{- if .Values.global }} + {{- if .Values.global.imageRegistry }} + {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}} + {{- else -}} + {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} + {{- end -}} +{{- else -}} + {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} +{{- end -}} +{{- end -}} + +{{/* +Return PostgreSQL postgres user password +*/}} +{{- define "postgresql.postgres.password" -}} +{{- if .Values.global.postgresql.postgresqlPostgresPassword }} + {{- .Values.global.postgresql.postgresqlPostgresPassword -}} +{{- else if .Values.postgresqlPostgresPassword -}} + {{- .Values.postgresqlPostgresPassword -}} +{{- else -}} + {{- randAlphaNum 10 -}} +{{- end -}} +{{- end -}} + +{{/* +Return PostgreSQL password +*/}} +{{- define "postgresql.password" -}} +{{- if .Values.global.postgresql.postgresqlPassword }} + {{- .Values.global.postgresql.postgresqlPassword -}} +{{- else if .Values.postgresqlPassword -}} + {{- .Values.postgresqlPassword -}} +{{- else -}} + {{- randAlphaNum 10 -}} +{{- end -}} +{{- end -}} + +{{/* +Return PostgreSQL replication password +*/}} +{{- define "postgresql.replication.password" -}} +{{- if .Values.global.postgresql.replicationPassword }} + {{- .Values.global.postgresql.replicationPassword -}} +{{- else if .Values.replication.password -}} + {{- .Values.replication.password -}} +{{- else -}} + {{- randAlphaNum 10 -}} +{{- end -}} +{{- end -}} + +{{/* +Return PostgreSQL username +*/}} +{{- define "postgresql.username" -}} +{{- if .Values.global.postgresql.postgresqlUsername }} + {{- .Values.global.postgresql.postgresqlUsername -}} +{{- else -}} + {{- .Values.postgresqlUsername -}} +{{- end -}} +{{- end -}} + + +{{/* +Return PostgreSQL replication username +*/}} +{{- define "postgresql.replication.username" -}} +{{- if .Values.global.postgresql.replicationUser }} + {{- .Values.global.postgresql.replicationUser -}} +{{- else -}} + {{- .Values.replication.user -}} +{{- end -}} +{{- end -}} + +{{/* +Return PostgreSQL port +*/}} +{{- define "postgresql.port" -}} +{{- if .Values.global.postgresql.servicePort }} + {{- .Values.global.postgresql.servicePort -}} +{{- else -}} + {{- .Values.service.port -}} +{{- end -}} +{{- end -}} + +{{/* +Return PostgreSQL created database +*/}} +{{- define "postgresql.database" -}} +{{- if .Values.global.postgresql.postgresqlDatabase }} + {{- .Values.global.postgresql.postgresqlDatabase -}} +{{- else if .Values.postgresqlDatabase -}} + {{- .Values.postgresqlDatabase -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper image name to change the volume permissions +*/}} +{{- define "postgresql.volumePermissions.image" -}} +{{- $registryName := .Values.volumePermissions.image.registry -}} +{{- $repositoryName := .Values.volumePermissions.image.repository -}} +{{- $tag := .Values.volumePermissions.image.tag | toString -}} +{{/* +Helm 2.11 supports the assignment of a value to a variable defined in a different scope, +but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic. +Also, we can't use a single if because lazy evaluation is not an option +*/}} +{{- if .Values.global }} + {{- if .Values.global.imageRegistry }} + {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}} + {{- else -}} + {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} + {{- end -}} +{{- else -}} + {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper PostgreSQL metrics image name +*/}} +{{- define "postgresql.metrics.image" -}} +{{- $registryName := default "docker.io" .Values.metrics.image.registry -}} +{{- $repositoryName := .Values.metrics.image.repository -}} +{{- $tag := default "latest" .Values.metrics.image.tag | toString -}} +{{/* +Helm 2.11 supports the assignment of a value to a variable defined in a different scope, +but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic. +Also, we can't use a single if because lazy evaluation is not an option +*/}} +{{- if .Values.global }} + {{- if .Values.global.imageRegistry }} + {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}} + {{- else -}} + {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} + {{- end -}} +{{- else -}} + {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} +{{- end -}} +{{- end -}} + +{{/* +Get the password secret. +*/}} +{{- define "postgresql.secretName" -}} +{{- if .Values.global.postgresql.existingSecret }} + {{- printf "%s" (tpl .Values.global.postgresql.existingSecret $) -}} +{{- else if .Values.existingSecret -}} + {{- printf "%s" (tpl .Values.existingSecret $) -}} +{{- else -}} + {{- printf "%s" (include "postgresql.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if we should use an existingSecret. +*/}} +{{- define "postgresql.useExistingSecret" -}} +{{- if or .Values.global.postgresql.existingSecret .Values.existingSecret -}} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a secret object should be created +*/}} +{{- define "postgresql.createSecret" -}} +{{- if not (include "postgresql.useExistingSecret" .) -}} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Get the configuration ConfigMap name. +*/}} +{{- define "postgresql.configurationCM" -}} +{{- if .Values.configurationConfigMap -}} +{{- printf "%s" (tpl .Values.configurationConfigMap $) -}} +{{- else -}} +{{- printf "%s-configuration" (include "postgresql.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Get the extended configuration ConfigMap name. +*/}} +{{- define "postgresql.extendedConfigurationCM" -}} +{{- if .Values.extendedConfConfigMap -}} +{{- printf "%s" (tpl .Values.extendedConfConfigMap $) -}} +{{- else -}} +{{- printf "%s-extended-configuration" (include "postgresql.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a configmap should be mounted with PostgreSQL configuration +*/}} +{{- define "postgresql.mountConfigurationCM" -}} +{{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap }} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Get the initialization scripts ConfigMap name. +*/}} +{{- define "postgresql.initdbScriptsCM" -}} +{{- if .Values.initdbScriptsConfigMap -}} +{{- printf "%s" (tpl .Values.initdbScriptsConfigMap $) -}} +{{- else -}} +{{- printf "%s-init-scripts" (include "postgresql.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Get the initialization scripts Secret name. +*/}} +{{- define "postgresql.initdbScriptsSecret" -}} +{{- printf "%s" (tpl .Values.initdbScriptsSecret $) -}} +{{- end -}} + +{{/* +Get the metrics ConfigMap name. +*/}} +{{- define "postgresql.metricsCM" -}} +{{- printf "%s-metrics" (include "postgresql.fullname" .) -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "postgresql.imagePullSecrets" -}} +{{/* +Helm 2.11 supports the assignment of a value to a variable defined in a different scope, +but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic. +Also, we can not use a single if because lazy evaluation is not an option +*/}} +{{- if .Values.global }} +{{- if .Values.global.imagePullSecrets }} +imagePullSecrets: +{{- range .Values.global.imagePullSecrets }} + - name: {{ . }} +{{- end }} +{{- else if or .Values.image.pullSecrets .Values.metrics.image.pullSecrets .Values.volumePermissions.image.pullSecrets }} +imagePullSecrets: +{{- range .Values.image.pullSecrets }} + - name: {{ . }} +{{- end }} +{{- range .Values.metrics.image.pullSecrets }} + - name: {{ . }} +{{- end }} +{{- range .Values.volumePermissions.image.pullSecrets }} + - name: {{ . }} +{{- end }} +{{- end -}} +{{- else if or .Values.image.pullSecrets .Values.metrics.image.pullSecrets .Values.volumePermissions.image.pullSecrets }} +imagePullSecrets: +{{- range .Values.image.pullSecrets }} + - name: {{ . }} +{{- end }} +{{- range .Values.metrics.image.pullSecrets }} + - name: {{ . }} +{{- end }} +{{- range .Values.volumePermissions.image.pullSecrets }} + - name: {{ . }} +{{- end }} +{{- end -}} +{{- end -}} + +{{/* +Get the readiness probe command +*/}} +{{- define "postgresql.readinessProbeCommand" -}} +- | +{{- if (include "postgresql.database" .) }} + exec pg_isready -U {{ include "postgresql.username" . | quote }} -d "dbname={{ include "postgresql.database" . }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}{{- end }}" -h 127.0.0.1 -p {{ template "postgresql.port" . }} +{{- else }} + exec pg_isready -U {{ include "postgresql.username" . | quote }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} -d "sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}"{{- end }} -h 127.0.0.1 -p {{ template "postgresql.port" . }} +{{- end }} +{{- if contains "bitnami/" .Values.image.repository }} + [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ] +{{- end -}} +{{- end -}} + +{{/* +Return the proper Storage Class +*/}} +{{- define "postgresql.storageClass" -}} +{{/* +Helm 2.11 supports the assignment of a value to a variable defined in a different scope, +but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic. +*/}} +{{- if .Values.global -}} + {{- if .Values.global.storageClass -}} + {{- if (eq "-" .Values.global.storageClass) -}} + {{- printf "storageClassName: \"\"" -}} + {{- else }} + {{- printf "storageClassName: %s" .Values.global.storageClass -}} + {{- end -}} + {{- else -}} + {{- if .Values.persistence.storageClass -}} + {{- if (eq "-" .Values.persistence.storageClass) -}} + {{- printf "storageClassName: \"\"" -}} + {{- else }} + {{- printf "storageClassName: %s" .Values.persistence.storageClass -}} + {{- end -}} + {{- end -}} + {{- end -}} +{{- else -}} + {{- if .Values.persistence.storageClass -}} + {{- if (eq "-" .Values.persistence.storageClass) -}} + {{- printf "storageClassName: \"\"" -}} + {{- else }} + {{- printf "storageClassName: %s" .Values.persistence.storageClass -}} + {{- end -}} + {{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Renders a value that contains template. +Usage: +{{ include "postgresql.tplValue" ( dict "value" .Values.path.to.the.Value "context" $) }} +*/}} +{{- define "postgresql.tplValue" -}} + {{- if typeIs "string" .value }} + {{- tpl .value .context }} + {{- else }} + {{- tpl (.value | toYaml) .context }} + {{- end }} +{{- end -}} + +{{/* +Return the appropriate apiVersion for statefulset. +*/}} +{{- define "postgresql.statefulset.apiVersion" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "apps/v1beta2" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Compile all warnings into a single message, and call fail. +*/}} +{{- define "postgresql.validateValues" -}} +{{- $messages := list -}} +{{- $messages := append $messages (include "postgresql.validateValues.ldapConfigurationMethod" .) -}} +{{- $messages := append $messages (include "postgresql.validateValues.psp" .) -}} +{{- $messages := append $messages (include "postgresql.validateValues.tls" .) -}} +{{- $messages := without $messages "" -}} +{{- $message := join "\n" $messages -}} + +{{- if $message -}} +{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} +{{- end -}} +{{- end -}} + +{{/* +Validate values of Postgresql - If ldap.url is used then you don't need the other settings for ldap +*/}} +{{- define "postgresql.validateValues.ldapConfigurationMethod" -}} +{{- if and .Values.ldap.enabled (and (not (empty .Values.ldap.url)) (not (empty .Values.ldap.server))) }} +postgresql: ldap.url, ldap.server + You cannot set both `ldap.url` and `ldap.server` at the same time. + Please provide a unique way to configure LDAP. + More info at https://www.postgresql.org/docs/current/auth-ldap.html +{{- end -}} +{{- end -}} + +{{/* +Validate values of Postgresql - If PSP is enabled RBAC should be enabled too +*/}} +{{- define "postgresql.validateValues.psp" -}} +{{- if and .Values.psp.create (not .Values.rbac.create) }} +postgresql: psp.create, rbac.create + RBAC should be enabled if PSP is enabled in order for PSP to work. + More info at https://kubernetes.io/docs/concepts/policy/pod-security-policy/#authorizing-policies +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for podsecuritypolicy. +*/}} +{{- define "podsecuritypolicy.apiVersion" -}} +{{- if semverCompare "<1.10-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "policy/v1beta1" -}} +{{- end -}} +{{- end -}} + +{{/* +Validate values of Postgresql TLS - When TLS is enabled, so must be VolumePermissions +*/}} +{{- define "postgresql.validateValues.tls" -}} +{{- if and .Values.tls.enabled (not .Values.volumePermissions.enabled) }} +postgresql: tls.enabled, volumePermissions.enabled + When TLS is enabled you must enable volumePermissions as well to ensure certificates files have + the right permissions. +{{- end -}} +{{- end -}} + +{{/* +Return the path to the cert file. +*/}} +{{- define "postgresql.tlsCert" -}} +{{- required "Certificate filename is required when TLS in enabled" .Values.tls.certFilename | printf "/opt/bitnami/postgresql/certs/%s" -}} +{{- end -}} + +{{/* +Return the path to the cert key file. +*/}} +{{- define "postgresql.tlsCertKey" -}} +{{- required "Certificate Key filename is required when TLS in enabled" .Values.tls.certKeyFilename | printf "/opt/bitnami/postgresql/certs/%s" -}} +{{- end -}} + +{{/* +Return the path to the CA cert file. +*/}} +{{- define "postgresql.tlsCACert" -}} +{{- printf "/opt/bitnami/postgresql/certs/%s" .Values.tls.certCAFilename -}} +{{- end -}} + +{{/* +Return the path to the CRL file. +*/}} +{{- define "postgresql.tlsCRL" -}} +{{- if .Values.tls.crlFilename -}} +{{- printf "/opt/bitnami/postgresql/certs/%s" .Values.tls.crlFilename -}} +{{- end -}} +{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/configmap.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/configmap.yaml new file mode 100644 index 000000000..b29ef6040 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/configmap.yaml @@ -0,0 +1,26 @@ +{{ if and (or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration) (not .Values.configurationConfigMap) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "postgresql.fullname" . }}-configuration + labels: + {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: +{{- if (.Files.Glob "files/postgresql.conf") }} +{{ (.Files.Glob "files/postgresql.conf").AsConfig | indent 2 }} +{{- else if .Values.postgresqlConfiguration }} + postgresql.conf: | +{{- range $key, $value := default dict .Values.postgresqlConfiguration }} + {{ $key | snakecase }}={{ $value }} +{{- end }} +{{- end }} +{{- if (.Files.Glob "files/pg_hba.conf") }} +{{ (.Files.Glob "files/pg_hba.conf").AsConfig | indent 2 }} +{{- else if .Values.pgHbaConfiguration }} + pg_hba.conf: | +{{ .Values.pgHbaConfiguration | indent 4 }} +{{- end }} +{{ end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/extended-config-configmap.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/extended-config-configmap.yaml new file mode 100644 index 000000000..f21a97654 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/extended-config-configmap.yaml @@ -0,0 +1,21 @@ +{{- if and (or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf) (not .Values.extendedConfConfigMap)}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "postgresql.fullname" . }}-extended-configuration + labels: + {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: +{{- with .Files.Glob "files/conf.d/*.conf" }} +{{ .AsConfig | indent 2 }} +{{- end }} +{{ with .Values.postgresqlExtendedConf }} + override.conf: | +{{- range $key, $value := . }} + {{ $key | snakecase }}={{ $value }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/initialization-configmap.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/initialization-configmap.yaml new file mode 100644 index 000000000..6637867a3 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/initialization-configmap.yaml @@ -0,0 +1,24 @@ +{{- if and (or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScripts) (not .Values.initdbScriptsConfigMap) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "postgresql.fullname" . }}-init-scripts + labels: + {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +{{- with .Files.Glob "files/docker-entrypoint-initdb.d/*.sql.gz" }} +binaryData: +{{- range $path, $bytes := . }} + {{ base $path }}: {{ $.Files.Get $path | b64enc | quote }} +{{- end }} +{{- end }} +data: +{{- with .Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql}" }} +{{ .AsConfig | indent 2 }} +{{- end }} +{{- with .Values.initdbScripts }} +{{ toYaml . | indent 2 }} +{{- end }} +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/metrics-configmap.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/metrics-configmap.yaml new file mode 100644 index 000000000..6b7a3171e --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/metrics-configmap.yaml @@ -0,0 +1,13 @@ +{{- if and .Values.metrics.enabled .Values.metrics.customMetrics }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "postgresql.metricsCM" . }} + labels: + {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + custom-metrics.yaml: {{ toYaml .Values.metrics.customMetrics | quote }} +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/metrics-svc.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/metrics-svc.yaml new file mode 100644 index 000000000..b993c9971 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/metrics-svc.yaml @@ -0,0 +1,25 @@ +{{- if .Values.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "postgresql.fullname" . }}-metrics + labels: + {{- include "common.labels.standard" . | nindent 4 }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- toYaml .Values.metrics.service.annotations | nindent 4 }} +spec: + type: {{ .Values.metrics.service.type }} + {{- if and (eq .Values.metrics.service.type "LoadBalancer") .Values.metrics.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.metrics.service.loadBalancerIP }} + {{- end }} + ports: + - name: http-metrics + port: 9187 + targetPort: http-metrics + selector: + {{- include "common.labels.matchLabels" . | nindent 4 }} + role: master +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/networkpolicy.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/networkpolicy.yaml new file mode 100644 index 000000000..2a7b372fe --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/networkpolicy.yaml @@ -0,0 +1,36 @@ +{{- if .Values.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ template "postgresql.networkPolicy.apiVersion" . }} +metadata: + name: {{ template "postgresql.fullname" . }} + labels: + {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + podSelector: + matchLabels: + {{- include "common.labels.matchLabels" . | nindent 6 }} + ingress: + # Allow inbound connections + - ports: + - port: {{ template "postgresql.port" . }} + {{- if not .Values.networkPolicy.allowExternal }} + from: + - podSelector: + matchLabels: + {{ template "postgresql.fullname" . }}-client: "true" + {{- if .Values.networkPolicy.explicitNamespacesSelector }} + namespaceSelector: +{{ toYaml .Values.networkPolicy.explicitNamespacesSelector | indent 12 }} + {{- end }} + - podSelector: + matchLabels: + {{- include "common.labels.matchLabels" . | nindent 14 }} + role: slave + {{- end }} + # Allow prometheus scrapes + - ports: + - port: 9187 +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/podsecuritypolicy.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/podsecuritypolicy.yaml new file mode 100644 index 000000000..da0b3ab11 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/podsecuritypolicy.yaml @@ -0,0 +1,37 @@ +{{- if .Values.psp.create }} +apiVersion: {{ include "podsecuritypolicy.apiVersion" . }} +kind: PodSecurityPolicy +metadata: + name: {{ template "postgresql.fullname" . }} + labels: + {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + privileged: false + volumes: + - 'configMap' + - 'secret' + - 'persistentVolumeClaim' + - 'emptyDir' + - 'projected' + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/prometheusrule.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/prometheusrule.yaml new file mode 100644 index 000000000..b0c41b1a4 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/prometheusrule.yaml @@ -0,0 +1,23 @@ +{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ template "postgresql.fullname" . }} +{{- with .Values.metrics.prometheusRule.namespace }} + namespace: {{ . }} +{{- end }} + labels: + {{- include "common.labels.standard" . | nindent 4 }} + {{- with .Values.metrics.prometheusRule.additionalLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: +{{- with .Values.metrics.prometheusRule.rules }} + groups: + - name: {{ template "postgresql.name" $ }} + rules: {{ tpl (toYaml .) $ | nindent 8 }} +{{- end }} +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/role.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/role.yaml new file mode 100644 index 000000000..6d3cf50a4 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/role.yaml @@ -0,0 +1,19 @@ +{{- if .Values.rbac.create }} +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ template "postgresql.fullname" . }} + labels: + {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +rules: + {{- if .Values.psp.create }} + - apiGroups: ["extensions"] + resources: ["podsecuritypolicies"] + verbs: ["use"] + resourceNames: + - {{ template "postgresql.fullname" . }} + {{- end }} +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/rolebinding.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/rolebinding.yaml new file mode 100644 index 000000000..f7837388d --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/rolebinding.yaml @@ -0,0 +1,19 @@ +{{- if .Values.rbac.create }} +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ template "postgresql.fullname" . }} + labels: + {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +roleRef: + kind: Role + name: {{ template "postgresql.fullname" . }} + apiGroup: rbac.authorization.k8s.io +subjects: + - kind: ServiceAccount + name: {{ default (include "postgresql.fullname" . ) .Values.serviceAccount.name }} + namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/secrets.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/secrets.yaml new file mode 100644 index 000000000..c93dbe0bd --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/secrets.yaml @@ -0,0 +1,23 @@ +{{- if (include "postgresql.createSecret" .) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "postgresql.fullname" . }} + labels: + {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: Opaque +data: + {{- if and .Values.postgresqlPostgresPassword (not (eq .Values.postgresqlUsername "postgres")) }} + postgresql-postgres-password: {{ include "postgresql.postgres.password" . | b64enc | quote }} + {{- end }} + postgresql-password: {{ include "postgresql.password" . | b64enc | quote }} + {{- if .Values.replication.enabled }} + postgresql-replication-password: {{ include "postgresql.replication.password" . | b64enc | quote }} + {{- end }} + {{- if (and .Values.ldap.enabled .Values.ldap.bind_password)}} + postgresql-ldap-password: {{ .Values.ldap.bind_password | b64enc | quote }} + {{- end }} +{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/serviceaccount.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/serviceaccount.yaml new file mode 100644 index 000000000..17f7ff399 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/serviceaccount.yaml @@ -0,0 +1,11 @@ +{{- if and (.Values.serviceAccount.enabled) (not .Values.serviceAccount.name) }} +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + {{- include "common.labels.standard" . | nindent 4 }} + name: {{ template "postgresql.fullname" . }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/servicemonitor.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/servicemonitor.yaml new file mode 100644 index 000000000..d57b7fb48 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/servicemonitor.yaml @@ -0,0 +1,33 @@ +{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "postgresql.fullname" . }} + {{- if .Values.metrics.serviceMonitor.namespace }} + namespace: {{ .Values.metrics.serviceMonitor.namespace }} + {{- end }} + labels: + {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.metrics.serviceMonitor.additionalLabels }} + {{- toYaml .Values.metrics.serviceMonitor.additionalLabels | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + +spec: + endpoints: + - port: http-metrics + {{- if .Values.metrics.serviceMonitor.interval }} + interval: {{ .Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + selector: + matchLabels: + {{- include "common.labels.matchLabels" . | nindent 6 }} +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/statefulset-slaves.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/statefulset-slaves.yaml new file mode 100644 index 000000000..54d24099f --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/statefulset-slaves.yaml @@ -0,0 +1,345 @@ +{{- if .Values.replication.enabled }} +apiVersion: {{ template "postgresql.statefulset.apiVersion" . }} +kind: StatefulSet +metadata: + name: "{{ template "postgresql.fullname" . }}-slave" + labels: + {{- include "common.labels.standard" . | nindent 4 }} +{{- with .Values.slave.labels }} +{{ toYaml . | indent 4 }} +{{- end }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- with .Values.slave.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + serviceName: {{ template "postgresql.fullname" . }}-headless + replicas: {{ .Values.replication.slaveReplicas }} + selector: + matchLabels: + {{- include "common.labels.matchLabels" . | nindent 6 }} + role: slave + template: + metadata: + name: {{ template "postgresql.fullname" . }} + labels: + {{- include "common.labels.standard" . | nindent 8 }} + role: slave +{{- with .Values.slave.podLabels }} +{{ toYaml . | indent 8 }} +{{- end }} +{{- with .Values.slave.podAnnotations }} + annotations: +{{ toYaml . | indent 8 }} +{{- end }} + spec: + {{- if .Values.schedulerName }} + schedulerName: "{{ .Values.schedulerName }}" + {{- end }} +{{- include "postgresql.imagePullSecrets" . | indent 6 }} + {{- if .Values.slave.nodeSelector }} + nodeSelector: +{{ toYaml .Values.slave.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.slave.affinity }} + affinity: +{{ toYaml .Values.slave.affinity | indent 8 }} + {{- end }} + {{- if .Values.slave.tolerations }} + tolerations: +{{ toYaml .Values.slave.tolerations | indent 8 }} + {{- end }} + {{- if .Values.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} + {{- end }} + {{- if .Values.securityContext.enabled }} + securityContext: + fsGroup: {{ .Values.securityContext.fsGroup }} + {{- end }} + {{- if .Values.serviceAccount.enabled }} + serviceAccountName: {{ default (include "postgresql.fullname" . ) .Values.serviceAccount.name}} + {{- end }} + {{- if or .Values.slave.extraInitContainers (and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled))) }} + initContainers: + {{- if and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled) .Values.tls.enabled) }} + - name: init-chmod-data + image: {{ template "postgresql.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + command: + - /bin/sh + - -cx + - | + {{- if .Values.persistence.enabled }} + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + chown `id -u`:`id -G | cut -d " " -f2` {{ .Values.persistence.mountPath }} + {{- else }} + chown {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} {{ .Values.persistence.mountPath }} + {{- end }} + mkdir -p {{ .Values.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.persistence.mountPath }}/conf {{- end }} + chmod 700 {{ .Values.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.persistence.mountPath }}/conf {{- end }} + find {{ .Values.persistence.mountPath }} -mindepth 1 -maxdepth 1 {{- if not (include "postgresql.mountConfigurationCM" .) }} -not -name "conf" {{- end }} -not -name ".snapshot" -not -name "lost+found" | \ + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + xargs chown -R `id -u`:`id -G | cut -d " " -f2` + {{- else }} + xargs chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} + {{- end }} + {{- end }} + {{- if and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled }} + chmod -R 777 /dev/shm + {{- end }} + {{- if .Values.tls.enabled }} + cp /tmp/certs/* /opt/bitnami/postgresql/certs/ + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + chown -R `id -u`:`id -G | cut -d " " -f2` /opt/bitnami/postgresql/certs/ + {{- else }} + chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} /opt/bitnami/postgresql/certs/ + {{- end }} + chmod 600 {{ template "postgresql.tlsCertKey" . }} + {{- end }} + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + securityContext: + {{- else }} + securityContext: + runAsUser: {{ .Values.volumePermissions.securityContext.runAsUser }} + {{- end }} + volumeMounts: + {{ if .Values.persistence.enabled }} + - name: data + mountPath: {{ .Values.persistence.mountPath }} + subPath: {{ .Values.persistence.subPath }} + {{- end }} + {{- if .Values.shmVolume.enabled }} + - name: dshm + mountPath: /dev/shm + {{- end }} + {{- if .Values.tls.enabled }} + - name: raw-certificates + mountPath: /tmp/certs + - name: postgresql-certificates + mountPath: /opt/bitnami/postgresql/certs + {{- end }} + {{- end }} + {{- if .Values.slave.extraInitContainers }} +{{ tpl .Values.slave.extraInitContainers . | indent 8 }} + {{- end }} + {{- end }} + {{- if .Values.slave.priorityClassName }} + priorityClassName: {{ .Values.slave.priorityClassName }} + {{- end }} + containers: + - name: {{ template "postgresql.fullname" . }} + image: {{ template "postgresql.image" . }} + imagePullPolicy: "{{ .Values.image.pullPolicy }}" + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + {{- if .Values.securityContext.enabled }} + securityContext: + runAsUser: {{ .Values.securityContext.runAsUser }} + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" .Values.image.debug | quote }} + - name: POSTGRESQL_VOLUME_DIR + value: "{{ .Values.persistence.mountPath }}" + - name: POSTGRESQL_PORT_NUMBER + value: "{{ template "postgresql.port" . }}" + {{- if .Values.persistence.mountPath }} + - name: PGDATA + value: {{ .Values.postgresqlDataDir | quote }} + {{- end }} + - name: POSTGRES_REPLICATION_MODE + value: "slave" + - name: POSTGRES_REPLICATION_USER + value: {{ include "postgresql.replication.username" . | quote }} + {{- if .Values.usePasswordFile }} + - name: POSTGRES_REPLICATION_PASSWORD_FILE + value: "/opt/bitnami/postgresql/secrets/postgresql-replication-password" + {{- else }} + - name: POSTGRES_REPLICATION_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "postgresql.secretName" . }} + key: postgresql-replication-password + {{- end }} + - name: POSTGRES_CLUSTER_APP_NAME + value: {{ .Values.replication.applicationName }} + - name: POSTGRES_MASTER_HOST + value: {{ template "postgresql.fullname" . }} + - name: POSTGRES_MASTER_PORT_NUMBER + value: {{ include "postgresql.port" . | quote }} + {{- if and (not (eq .Values.postgresqlUsername "postgres")) (or .Values.postgresqlPostgresPassword (include "postgresql.useExistingSecret" .)) }} + {{- if .Values.usePasswordFile }} + - name: POSTGRES_POSTGRES_PASSWORD_FILE + value: "/opt/bitnami/postgresql/secrets/postgresql-postgres-password" + {{- else }} + - name: POSTGRES_POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "postgresql.secretName" . }} + key: postgresql-postgres-password + {{- end }} + {{- end }} + {{- if .Values.usePasswordFile }} + - name: POSTGRES_PASSWORD_FILE + value: "/opt/bitnami/postgresql/secrets/postgresql-password" + {{- else }} + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "postgresql.secretName" . }} + key: postgresql-password + {{- end }} + - name: POSTGRESQL_ENABLE_TLS + value: {{ ternary "yes" "no" .Values.tls.enabled | quote }} + {{- if .Values.tls.enabled }} + - name: POSTGRESQL_TLS_PREFER_SERVER_CIPHERS + value: {{ ternary "yes" "no" .Values.tls.preferServerCiphers | quote }} + - name: POSTGRESQL_TLS_CERT_FILE + value: {{ template "postgresql.tlsCert" . }} + - name: POSTGRESQL_TLS_KEY_FILE + value: {{ template "postgresql.tlsCertKey" . }} + {{- if .Values.tls.certCAFilename }} + - name: POSTGRESQL_TLS_CA_FILE + value: {{ template "postgresql.tlsCACert" . }} + {{- end }} + {{- if .Values.tls.crlFilename }} + - name: POSTGRESQL_TLS_CRL_FILE + value: {{ template "postgresql.tlsCRL" . }} + {{- end }} + {{- end }} + ports: + - name: tcp-postgresql + containerPort: {{ template "postgresql.port" . }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: + exec: + command: + - /bin/sh + - -c + {{- if (include "postgresql.database" .) }} + - exec pg_isready -U {{ include "postgresql.username" . | quote }} -d "dbname={{ include "postgresql.database" . }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}{{- end }}" -h 127.0.0.1 -p {{ template "postgresql.port" . }} + {{- else }} + - exec pg_isready -U {{ include "postgresql.username" . | quote }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} -d "sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}"{{- end }} -h 127.0.0.1 -p {{ template "postgresql.port" . }} + {{- end }} + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: + exec: + command: + - /bin/sh + - -c + - -e + {{- include "postgresql.readinessProbeCommand" . | nindent 16 }} + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + {{- end }} + volumeMounts: + {{- if .Values.usePasswordFile }} + - name: postgresql-password + mountPath: /opt/bitnami/postgresql/secrets/ + {{- end }} + {{- if .Values.shmVolume.enabled }} + - name: dshm + mountPath: /dev/shm + {{- end }} + {{- if .Values.persistence.enabled }} + - name: data + mountPath: {{ .Values.persistence.mountPath }} + subPath: {{ .Values.persistence.subPath }} + {{ end }} + {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }} + - name: postgresql-extended-config + mountPath: /bitnami/postgresql/conf/conf.d/ + {{- end }} + {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap }} + - name: postgresql-config + mountPath: /bitnami/postgresql/conf + {{- end }} + {{- if .Values.tls.enabled }} + - name: postgresql-certificates + mountPath: /opt/bitnami/postgresql/certs + readOnly: true + {{- end }} + {{- if .Values.slave.extraVolumeMounts }} + {{- toYaml .Values.slave.extraVolumeMounts | nindent 12 }} + {{- end }} +{{- if .Values.slave.sidecars }} +{{- include "postgresql.tplValue" ( dict "value" .Values.slave.sidecars "context" $ ) | nindent 8 }} +{{- end }} + volumes: + {{- if .Values.usePasswordFile }} + - name: postgresql-password + secret: + secretName: {{ template "postgresql.secretName" . }} + {{- end }} + {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap}} + - name: postgresql-config + configMap: + name: {{ template "postgresql.configurationCM" . }} + {{- end }} + {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }} + - name: postgresql-extended-config + configMap: + name: {{ template "postgresql.extendedConfigurationCM" . }} + {{- end }} + {{- if .Values.tls.enabled }} + - name: raw-certificates + secret: + secretName: {{ required "A secret containing TLS certificates is required when TLS is enabled" .Values.tls.certificatesSecret }} + - name: postgresql-certificates + emptyDir: {} + {{- end }} + {{- if .Values.shmVolume.enabled }} + - name: dshm + emptyDir: + medium: Memory + sizeLimit: 1Gi + {{- end }} + {{- if or (not .Values.persistence.enabled) (not .Values.slave.persistence.enabled) }} + - name: data + emptyDir: {} + {{- end }} + {{- if .Values.slave.extraVolumes }} + {{- toYaml .Values.slave.extraVolumes | nindent 8 }} + {{- end }} + updateStrategy: + type: {{ .Values.updateStrategy.type }} + {{- if (eq "Recreate" .Values.updateStrategy.type) }} + rollingUpdate: null + {{- end }} +{{- if and .Values.persistence.enabled .Values.slave.persistence.enabled }} + volumeClaimTemplates: + - metadata: + name: data + {{- with .Values.persistence.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value }} + {{- end }} + {{- end }} + spec: + accessModes: + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{ include "postgresql.storageClass" . }} +{{- end }} +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/statefulset.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/statefulset.yaml new file mode 100644 index 000000000..0e6eefebb --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/statefulset.yaml @@ -0,0 +1,514 @@ +apiVersion: {{ template "postgresql.statefulset.apiVersion" . }} +kind: StatefulSet +metadata: + name: {{ template "postgresql.master.fullname" . }} + labels: + {{- include "common.labels.standard" . | nindent 4 }} + {{- with .Values.master.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- with .Values.master.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + serviceName: {{ template "postgresql.fullname" . }}-headless + replicas: 1 + updateStrategy: + type: {{ .Values.updateStrategy.type }} + {{- if (eq "Recreate" .Values.updateStrategy.type) }} + rollingUpdate: null + {{- end }} + selector: + matchLabels: + {{- include "common.labels.matchLabels" . | nindent 6 }} + role: master + template: + metadata: + name: {{ template "postgresql.fullname" . }} + labels: + {{- include "common.labels.standard" . | nindent 8 }} + role: master + {{- with .Values.master.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.master.podAnnotations }} + annotations: {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- if .Values.schedulerName }} + schedulerName: "{{ .Values.schedulerName }}" + {{- end }} +{{- include "postgresql.imagePullSecrets" . | indent 6 }} + {{- if .Values.master.nodeSelector }} + nodeSelector: {{- toYaml .Values.master.nodeSelector | nindent 8 }} + {{- end }} + {{- if .Values.master.affinity }} + affinity: {{- toYaml .Values.master.affinity | nindent 8 }} + {{- end }} + {{- if .Values.master.tolerations }} + tolerations: {{- toYaml .Values.master.tolerations | nindent 8 }} + {{- end }} + {{- if .Values.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} + {{- end }} + {{- if .Values.securityContext.enabled }} + securityContext: + fsGroup: {{ .Values.securityContext.fsGroup }} + {{- end }} + {{- if .Values.serviceAccount.enabled }} + serviceAccountName: {{ default (include "postgresql.fullname" . ) .Values.serviceAccount.name }} + {{- end }} + {{- if or .Values.master.extraInitContainers (and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled))) }} + initContainers: + {{- if and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled) .Values.tls.enabled) }} + - name: init-chmod-data + image: {{ template "postgresql.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + command: + - /bin/sh + - -cx + - | + {{- if .Values.persistence.enabled }} + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + chown `id -u`:`id -G | cut -d " " -f2` {{ .Values.persistence.mountPath }} + {{- else }} + chown {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} {{ .Values.persistence.mountPath }} + {{- end }} + mkdir -p {{ .Values.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.persistence.mountPath }}/conf {{- end }} + chmod 700 {{ .Values.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.persistence.mountPath }}/conf {{- end }} + find {{ .Values.persistence.mountPath }} -mindepth 1 -maxdepth 1 {{- if not (include "postgresql.mountConfigurationCM" .) }} -not -name "conf" {{- end }} -not -name ".snapshot" -not -name "lost+found" | \ + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + xargs chown -R `id -u`:`id -G | cut -d " " -f2` + {{- else }} + xargs chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} + {{- end }} + {{- end }} + {{- if and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled }} + chmod -R 777 /dev/shm + {{- end }} + {{- if .Values.tls.enabled }} + cp /tmp/certs/* /opt/bitnami/postgresql/certs/ + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + chown -R `id -u`:`id -G | cut -d " " -f2` /opt/bitnami/postgresql/certs/ + {{- else }} + chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} /opt/bitnami/postgresql/certs/ + {{- end }} + chmod 600 {{ template "postgresql.tlsCertKey" . }} + {{- end }} + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + securityContext: + {{- else }} + securityContext: + runAsUser: {{ .Values.volumePermissions.securityContext.runAsUser }} + {{- end }} + volumeMounts: + {{- if .Values.persistence.enabled }} + - name: data + mountPath: {{ .Values.persistence.mountPath }} + subPath: {{ .Values.persistence.subPath }} + {{- end }} + {{- if .Values.shmVolume.enabled }} + - name: dshm + mountPath: /dev/shm + {{- end }} + {{- if .Values.tls.enabled }} + - name: raw-certificates + mountPath: /tmp/certs + - name: postgresql-certificates + mountPath: /opt/bitnami/postgresql/certs + {{- end }} + {{- end }} + {{- if .Values.master.extraInitContainers }} + {{- include "postgresql.tplValue" ( dict "value" .Values.master.extraInitContainers "context" $ ) | nindent 8 }} + {{- end }} + {{- end }} + {{- if .Values.master.priorityClassName }} + priorityClassName: {{ .Values.master.priorityClassName }} + {{- end }} + containers: + - name: {{ template "postgresql.fullname" . }} + image: {{ template "postgresql.image" . }} + imagePullPolicy: "{{ .Values.image.pullPolicy }}" + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + {{- if .Values.securityContext.enabled }} + securityContext: + runAsUser: {{ .Values.securityContext.runAsUser }} + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" .Values.image.debug | quote }} + - name: POSTGRESQL_PORT_NUMBER + value: "{{ template "postgresql.port" . }}" + - name: POSTGRESQL_VOLUME_DIR + value: "{{ .Values.persistence.mountPath }}" + {{- if .Values.postgresqlInitdbArgs }} + - name: POSTGRES_INITDB_ARGS + value: {{ .Values.postgresqlInitdbArgs | quote }} + {{- end }} + {{- if .Values.postgresqlInitdbWalDir }} + - name: POSTGRES_INITDB_WALDIR + value: {{ .Values.postgresqlInitdbWalDir | quote }} + {{- end }} + {{- if .Values.initdbUser }} + - name: POSTGRESQL_INITSCRIPTS_USERNAME + value: {{ .Values.initdbUser }} + {{- end }} + {{- if .Values.initdbPassword }} + - name: POSTGRESQL_INITSCRIPTS_PASSWORD + value: {{ .Values.initdbPassword }} + {{- end }} + {{- if .Values.persistence.mountPath }} + - name: PGDATA + value: {{ .Values.postgresqlDataDir | quote }} + {{- end }} + {{- if .Values.replication.enabled }} + - name: POSTGRES_REPLICATION_MODE + value: "master" + - name: POSTGRES_REPLICATION_USER + value: {{ include "postgresql.replication.username" . | quote }} + {{- if .Values.usePasswordFile }} + - name: POSTGRES_REPLICATION_PASSWORD_FILE + value: "/opt/bitnami/postgresql/secrets/postgresql-replication-password" + {{- else }} + - name: POSTGRES_REPLICATION_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "postgresql.secretName" . }} + key: postgresql-replication-password + {{- end }} + {{- if not (eq .Values.replication.synchronousCommit "off")}} + - name: POSTGRES_SYNCHRONOUS_COMMIT_MODE + value: {{ .Values.replication.synchronousCommit | quote }} + - name: POSTGRES_NUM_SYNCHRONOUS_REPLICAS + value: {{ .Values.replication.numSynchronousReplicas | quote }} + {{- end }} + - name: POSTGRES_CLUSTER_APP_NAME + value: {{ .Values.replication.applicationName }} + {{- end }} + {{- if and (not (eq .Values.postgresqlUsername "postgres")) (or .Values.postgresqlPostgresPassword (include "postgresql.useExistingSecret" .)) }} + {{- if .Values.usePasswordFile }} + - name: POSTGRES_POSTGRES_PASSWORD_FILE + value: "/opt/bitnami/postgresql/secrets/postgresql-postgres-password" + {{- else }} + - name: POSTGRES_POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "postgresql.secretName" . }} + key: postgresql-postgres-password + {{- end }} + {{- end }} + - name: POSTGRES_USER + value: {{ include "postgresql.username" . | quote }} + {{- if .Values.usePasswordFile }} + - name: POSTGRES_PASSWORD_FILE + value: "/opt/bitnami/postgresql/secrets/postgresql-password" + {{- else }} + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "postgresql.secretName" . }} + key: postgresql-password + {{- end }} + {{- if (include "postgresql.database" .) }} + - name: POSTGRES_DB + value: {{ (include "postgresql.database" .) | quote }} + {{- end }} + {{- if .Values.extraEnv }} + {{- include "postgresql.tplValue" (dict "value" .Values.extraEnv "context" $) | nindent 12 }} + {{- end }} + - name: POSTGRESQL_ENABLE_LDAP + value: {{ ternary "yes" "no" .Values.ldap.enabled | quote }} + {{- if .Values.ldap.enabled }} + - name: POSTGRESQL_LDAP_SERVER + value: {{ .Values.ldap.server }} + - name: POSTGRESQL_LDAP_PORT + value: {{ .Values.ldap.port | quote }} + - name: POSTGRESQL_LDAP_SCHEME + value: {{ .Values.ldap.scheme }} + {{- if .Values.ldap.tls }} + - name: POSTGRESQL_LDAP_TLS + value: "1" + {{- end}} + - name: POSTGRESQL_LDAP_PREFIX + value: {{ .Values.ldap.prefix | quote }} + - name: POSTGRESQL_LDAP_SUFFIX + value: {{ .Values.ldap.suffix | quote}} + - name: POSTGRESQL_LDAP_BASE_DN + value: {{ .Values.ldap.baseDN }} + - name: POSTGRESQL_LDAP_BIND_DN + value: {{ .Values.ldap.bindDN }} + {{- if (not (empty .Values.ldap.bind_password)) }} + - name: POSTGRESQL_LDAP_BIND_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "postgresql.secretName" . }} + key: postgresql-ldap-password + {{- end}} + - name: POSTGRESQL_LDAP_SEARCH_ATTR + value: {{ .Values.ldap.search_attr }} + - name: POSTGRESQL_LDAP_SEARCH_FILTER + value: {{ .Values.ldap.search_filter }} + - name: POSTGRESQL_LDAP_URL + value: {{ .Values.ldap.url }} + {{- end}} + - name: POSTGRESQL_ENABLE_TLS + value: {{ ternary "yes" "no" .Values.tls.enabled | quote }} + {{- if .Values.tls.enabled }} + - name: POSTGRESQL_TLS_PREFER_SERVER_CIPHERS + value: {{ ternary "yes" "no" .Values.tls.preferServerCiphers | quote }} + - name: POSTGRESQL_TLS_CERT_FILE + value: {{ template "postgresql.tlsCert" . }} + - name: POSTGRESQL_TLS_KEY_FILE + value: {{ template "postgresql.tlsCertKey" . }} + {{- if .Values.tls.certCAFilename }} + - name: POSTGRESQL_TLS_CA_FILE + value: {{ template "postgresql.tlsCACert" . }} + {{- end }} + {{- if .Values.tls.crlFilename }} + - name: POSTGRESQL_TLS_CRL_FILE + value: {{ template "postgresql.tlsCRL" . }} + {{- end }} + {{- end }} + {{- if .Values.extraEnvVarsCM }} + envFrom: + - configMapRef: + name: {{ tpl .Values.extraEnvVarsCM . }} + {{- end }} + ports: + - name: tcp-postgresql + containerPort: {{ template "postgresql.port" . }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: + exec: + command: + - /bin/sh + - -c + {{- if (include "postgresql.database" .) }} + - exec pg_isready -U {{ include "postgresql.username" . | quote }} -d "dbname={{ include "postgresql.database" . }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}{{- end }}" -h 127.0.0.1 -p {{ template "postgresql.port" . }} + {{- else }} + - exec pg_isready -U {{ include "postgresql.username" . | quote }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} -d "sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}"{{- end }} -h 127.0.0.1 -p {{ template "postgresql.port" . }} + {{- end }} + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: + exec: + command: + - /bin/sh + - -c + - -e + {{- include "postgresql.readinessProbeCommand" . | nindent 16 }} + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + {{- end }} + volumeMounts: + {{- if or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScriptsConfigMap .Values.initdbScripts }} + - name: custom-init-scripts + mountPath: /docker-entrypoint-initdb.d/ + {{- end }} + {{- if .Values.initdbScriptsSecret }} + - name: custom-init-scripts-secret + mountPath: /docker-entrypoint-initdb.d/secret + {{- end }} + {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }} + - name: postgresql-extended-config + mountPath: /bitnami/postgresql/conf/conf.d/ + {{- end }} + {{- if .Values.usePasswordFile }} + - name: postgresql-password + mountPath: /opt/bitnami/postgresql/secrets/ + {{- end }} + {{- if .Values.tls.enabled }} + - name: postgresql-certificates + mountPath: /opt/bitnami/postgresql/certs + readOnly: true + {{- end }} + {{- if .Values.shmVolume.enabled }} + - name: dshm + mountPath: /dev/shm + {{- end }} + {{- if .Values.persistence.enabled }} + - name: data + mountPath: {{ .Values.persistence.mountPath }} + subPath: {{ .Values.persistence.subPath }} + {{- end }} + {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap }} + - name: postgresql-config + mountPath: /bitnami/postgresql/conf + {{- end }} + {{- if .Values.master.extraVolumeMounts }} + {{- toYaml .Values.master.extraVolumeMounts | nindent 12 }} + {{- end }} +{{- if .Values.master.sidecars }} +{{- include "postgresql.tplValue" ( dict "value" .Values.master.sidecars "context" $ ) | nindent 8 }} +{{- end }} +{{- if .Values.metrics.enabled }} + - name: metrics + image: {{ template "postgresql.metrics.image" . }} + imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} + {{- if .Values.metrics.securityContext.enabled }} + securityContext: + runAsUser: {{ .Values.metrics.securityContext.runAsUser }} + {{- end }} + env: + {{- $database := required "In order to enable metrics you need to specify a database (.Values.postgresqlDatabase or .Values.global.postgresql.postgresqlDatabase)" (include "postgresql.database" .) }} + {{- $sslmode := ternary "require" "disable" .Values.tls.enabled }} + {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} + - name: DATA_SOURCE_NAME + value: {{ printf "host=127.0.0.1 port=%d user=%s sslmode=%s sslcert=%s sslkey=%s" (int (include "postgresql.port" .)) (include "postgresql.username" .) $sslmode (include "postgresql.tlsCert" .) (include "postgresql.tlsCertKey" .) }} + {{- else }} + - name: DATA_SOURCE_URI + value: {{ printf "127.0.0.1:%d/%s?sslmode=%s" (int (include "postgresql.port" .)) $database $sslmode }} + {{- end }} + {{- if .Values.usePasswordFile }} + - name: DATA_SOURCE_PASS_FILE + value: "/opt/bitnami/postgresql/secrets/postgresql-password" + {{- else }} + - name: DATA_SOURCE_PASS + valueFrom: + secretKeyRef: + name: {{ template "postgresql.secretName" . }} + key: postgresql-password + {{- end }} + - name: DATA_SOURCE_USER + value: {{ template "postgresql.username" . }} + {{- if .Values.metrics.extraEnvVars }} + {{- include "postgresql.tplValue" (dict "value" .Values.metrics.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: / + port: http-metrics + initialDelaySeconds: {{ .Values.metrics.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.metrics.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.metrics.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.metrics.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.metrics.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: / + port: http-metrics + initialDelaySeconds: {{ .Values.metrics.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.metrics.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.metrics.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.metrics.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.metrics.readinessProbe.failureThreshold }} + {{- end }} + volumeMounts: + {{- if .Values.usePasswordFile }} + - name: postgresql-password + mountPath: /opt/bitnami/postgresql/secrets/ + {{- end }} + {{- if .Values.tls.enabled }} + - name: postgresql-certificates + mountPath: /opt/bitnami/postgresql/certs + readOnly: true + {{- end }} + {{- if .Values.metrics.customMetrics }} + - name: custom-metrics + mountPath: /conf + readOnly: true + args: ["--extend.query-path", "/conf/custom-metrics.yaml"] + {{- end }} + ports: + - name: http-metrics + containerPort: 9187 + {{- if .Values.metrics.resources }} + resources: {{- toYaml .Values.metrics.resources | nindent 12 }} + {{- end }} +{{- end }} + volumes: + {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap}} + - name: postgresql-config + configMap: + name: {{ template "postgresql.configurationCM" . }} + {{- end }} + {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }} + - name: postgresql-extended-config + configMap: + name: {{ template "postgresql.extendedConfigurationCM" . }} + {{- end }} + {{- if .Values.usePasswordFile }} + - name: postgresql-password + secret: + secretName: {{ template "postgresql.secretName" . }} + {{- end }} + {{- if or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScriptsConfigMap .Values.initdbScripts }} + - name: custom-init-scripts + configMap: + name: {{ template "postgresql.initdbScriptsCM" . }} + {{- end }} + {{- if .Values.initdbScriptsSecret }} + - name: custom-init-scripts-secret + secret: + secretName: {{ template "postgresql.initdbScriptsSecret" . }} + {{- end }} + {{- if .Values.tls.enabled }} + - name: raw-certificates + secret: + secretName: {{ required "A secret containing TLS certificates is required when TLS is enabled" .Values.tls.certificatesSecret }} + - name: postgresql-certificates + emptyDir: {} + {{- end }} + {{- if .Values.master.extraVolumes }} + {{- toYaml .Values.master.extraVolumes | nindent 8 }} + {{- end }} + {{- if and .Values.metrics.enabled .Values.metrics.customMetrics }} + - name: custom-metrics + configMap: + name: {{ template "postgresql.metricsCM" . }} + {{- end }} + {{- if .Values.shmVolume.enabled }} + - name: dshm + emptyDir: + medium: Memory + sizeLimit: 1Gi + {{- end }} +{{- if and .Values.persistence.enabled .Values.persistence.existingClaim }} + - name: data + persistentVolumeClaim: +{{- with .Values.persistence.existingClaim }} + claimName: {{ tpl . $ }} +{{- end }} +{{- else if not .Values.persistence.enabled }} + - name: data + emptyDir: {} +{{- else if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} + volumeClaimTemplates: + - metadata: + name: data + {{- with .Values.persistence.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value }} + {{- end }} + {{- end }} + spec: + accessModes: + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{ include "postgresql.storageClass" . }} +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/svc-headless.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/svc-headless.yaml new file mode 100644 index 000000000..49131578a --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/svc-headless.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "postgresql.fullname" . }}-headless + labels: + {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + type: ClusterIP + clusterIP: None + ports: + - name: tcp-postgresql + port: {{ template "postgresql.port" . }} + targetPort: tcp-postgresql + selector: + {{- include "common.labels.matchLabels" . | nindent 4 }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/svc-read.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/svc-read.yaml new file mode 100644 index 000000000..885c7bb04 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/svc-read.yaml @@ -0,0 +1,42 @@ +{{- if .Values.replication.enabled }} +{{- $serviceAnnotations := coalesce .Values.slave.service.annotations .Values.service.annotations -}} +{{- $serviceType := coalesce .Values.slave.service.type .Values.service.type -}} +{{- $serviceLoadBalancerIP := coalesce .Values.slave.service.loadBalancerIP .Values.service.loadBalancerIP -}} +{{- $serviceLoadBalancerSourceRanges := coalesce .Values.slave.service.loadBalancerSourceRanges .Values.service.loadBalancerSourceRanges -}} +{{- $serviceClusterIP := coalesce .Values.slave.service.clusterIP .Values.service.clusterIP -}} +{{- $serviceNodePort := coalesce .Values.slave.service.nodePort .Values.service.nodePort -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "postgresql.fullname" . }}-read + labels: + {{- include "common.labels.standard" . | nindent 4 }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if $serviceAnnotations }} + {{- include "postgresql.tplValue" (dict "value" $serviceAnnotations "context" $) | nindent 4 }} + {{- end }} +spec: + type: {{ $serviceType }} + {{- if and $serviceLoadBalancerIP (eq $serviceType "LoadBalancer") }} + loadBalancerIP: {{ $serviceLoadBalancerIP }} + {{- end }} + {{- if and (eq $serviceType "LoadBalancer") $serviceLoadBalancerSourceRanges }} + loadBalancerSourceRanges: {{- include "postgresql.tplValue" (dict "value" $serviceLoadBalancerSourceRanges "context" $) | nindent 4 }} + {{- end }} + {{- if and (eq $serviceType "ClusterIP") $serviceClusterIP }} + clusterIP: {{ $serviceClusterIP }} + {{- end }} + ports: + - name: tcp-postgresql + port: {{ template "postgresql.port" . }} + targetPort: tcp-postgresql + {{- if $serviceNodePort }} + nodePort: {{ $serviceNodePort }} + {{- end }} + selector: + {{- include "common.labels.matchLabels" . | nindent 4 }} + role: slave +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/svc.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/svc.yaml new file mode 100644 index 000000000..e9fc50456 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/templates/svc.yaml @@ -0,0 +1,40 @@ +{{- $serviceAnnotations := coalesce .Values.master.service.annotations .Values.service.annotations -}} +{{- $serviceType := coalesce .Values.master.service.type .Values.service.type -}} +{{- $serviceLoadBalancerIP := coalesce .Values.master.service.loadBalancerIP .Values.service.loadBalancerIP -}} +{{- $serviceLoadBalancerSourceRanges := coalesce .Values.master.service.loadBalancerSourceRanges .Values.service.loadBalancerSourceRanges -}} +{{- $serviceClusterIP := coalesce .Values.master.service.clusterIP .Values.service.clusterIP -}} +{{- $serviceNodePort := coalesce .Values.master.service.nodePort .Values.service.nodePort -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "postgresql.fullname" . }} + labels: + {{- include "common.labels.standard" . | nindent 4 }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if $serviceAnnotations }} + {{- include "postgresql.tplValue" (dict "value" $serviceAnnotations "context" $) | nindent 4 }} + {{- end }} +spec: + type: {{ $serviceType }} + {{- if and $serviceLoadBalancerIP (eq $serviceType "LoadBalancer") }} + loadBalancerIP: {{ $serviceLoadBalancerIP }} + {{- end }} + {{- if and (eq $serviceType "LoadBalancer") $serviceLoadBalancerSourceRanges }} + loadBalancerSourceRanges: {{- include "postgresql.tplValue" (dict "value" $serviceLoadBalancerSourceRanges "context" $) | nindent 4 }} + {{- end }} + {{- if and (eq $serviceType "ClusterIP") $serviceClusterIP }} + clusterIP: {{ $serviceClusterIP }} + {{- end }} + ports: + - name: tcp-postgresql + port: {{ template "postgresql.port" . }} + targetPort: tcp-postgresql + {{- if $serviceNodePort }} + nodePort: {{ $serviceNodePort }} + {{- end }} + selector: + {{- include "common.labels.matchLabels" . | nindent 4 }} + role: master diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/values-production.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/values-production.yaml new file mode 100644 index 000000000..c08014549 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/values-production.yaml @@ -0,0 +1,594 @@ +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry and imagePullSecrets +## +global: + postgresql: {} +# imageRegistry: myRegistryName +# imagePullSecrets: +# - myRegistryKeySecretName +# storageClass: myStorageClass + +## Bitnami PostgreSQL image version +## ref: https://hub.docker.com/r/bitnami/postgresql/tags/ +## +image: + registry: docker.io + repository: bitnami/postgresql + tag: 11.9.0-debian-10-r1 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + + ## Set to true if you would like to see extra information on logs + ## It turns BASH and NAMI debugging in minideb + ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging + debug: false + +## String to partially override postgresql.fullname template (will maintain the release name) +## +# nameOverride: + +## String to fully override postgresql.fullname template +## +# fullnameOverride: + +## +## Init containers parameters: +## volumePermissions: Change the owner of the persist volume mountpoint to RunAsUser:fsGroup +## +volumePermissions: + enabled: false + image: + registry: docker.io + repository: bitnami/minideb + tag: buster + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: Always + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + ## Init container Security Context + ## Note: the chown of the data folder is done to securityContext.runAsUser + ## and not the below volumePermissions.securityContext.runAsUser + ## When runAsUser is set to special value "auto", init container will try to chwon the + ## data folder to autodetermined user&group, using commands: `id -u`:`id -G | cut -d" " -f2` + ## "auto" is especially useful for OpenShift which has scc with dynamic userids (and 0 is not allowed). + ## You may want to use this volumePermissions.securityContext.runAsUser="auto" in combination with + ## pod securityContext.enabled=false and shmVolume.chmod.enabled=false + ## + securityContext: + runAsUser: 0 + +## Use an alternate scheduler, e.g. "stork". +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +# schedulerName: + +## Pod Security Context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +## +securityContext: + enabled: true + fsGroup: 1001 + runAsUser: 1001 + +## Pod Service Account +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ +serviceAccount: + enabled: false + ## Name of an already existing service account. Setting this value disables the automatic service account creation. + # name: + +## Pod Security Policy +## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ +psp: + create: false + +## Creates role for ServiceAccount +## Required for PSP +rbac: + create: false + +replication: + enabled: true + user: repl_user + password: repl_password + slaveReplicas: 2 + ## Set synchronous commit mode: on, off, remote_apply, remote_write and local + ## ref: https://www.postgresql.org/docs/9.6/runtime-config-wal.html#GUC-WAL-LEVEL + synchronousCommit: 'on' + ## From the number of `slaveReplicas` defined above, set the number of those that will have synchronous replication + ## NOTE: It cannot be > slaveReplicas + numSynchronousReplicas: 1 + ## Replication Cluster application name. Useful for defining multiple replication policies + applicationName: my_application + +## PostgreSQL admin password (used when `postgresqlUsername` is not `postgres`) +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-user-on-first-run (see note!) +# postgresqlPostgresPassword: + +## PostgreSQL user (has superuser privileges if username is `postgres`) +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run +postgresqlUsername: postgres + +## PostgreSQL password +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run +## +# postgresqlPassword: + +## PostgreSQL password using existing secret +## existingSecret: secret + +## Mount PostgreSQL secret as a file instead of passing environment variable +# usePasswordFile: false + +## Create a database +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-on-first-run +## +# postgresqlDatabase: + +## PostgreSQL data dir +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md +## +postgresqlDataDir: /bitnami/postgresql/data + +## An array to add extra environment variables +## For example: +## extraEnv: +## - name: FOO +## value: "bar" +## +# extraEnv: +extraEnv: [] + +## Name of a ConfigMap containing extra env vars +## +# extraEnvVarsCM: + +## Specify extra initdb args +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md +## +# postgresqlInitdbArgs: + +## Specify a custom location for the PostgreSQL transaction log +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md +## +# postgresqlInitdbWalDir: + +## PostgreSQL configuration +## Specify runtime configuration parameters as a dict, using camelCase, e.g. +## {"sharedBuffers": "500MB"} +## Alternatively, you can put your postgresql.conf under the files/ directory +## ref: https://www.postgresql.org/docs/current/static/runtime-config.html +## +# postgresqlConfiguration: + +## PostgreSQL extended configuration +## As above, but _appended_ to the main configuration +## Alternatively, you can put your *.conf under the files/conf.d/ directory +## https://github.com/bitnami/bitnami-docker-postgresql#allow-settings-to-be-loaded-from-files-other-than-the-default-postgresqlconf +## +# postgresqlExtendedConf: + +## PostgreSQL client authentication configuration +## Specify content for pg_hba.conf +## Default: do not create pg_hba.conf +## Alternatively, you can put your pg_hba.conf under the files/ directory +# pgHbaConfiguration: |- +# local all all trust +# host all all localhost trust +# host mydatabase mysuser 192.168.0.0/24 md5 + +## ConfigMap with PostgreSQL configuration +## NOTE: This will override postgresqlConfiguration and pgHbaConfiguration +# configurationConfigMap: + +## ConfigMap with PostgreSQL extended configuration +# extendedConfConfigMap: + +## initdb scripts +## Specify dictionary of scripts to be run at first boot +## Alternatively, you can put your scripts under the files/docker-entrypoint-initdb.d directory +## +# initdbScripts: +# my_init_script.sh: | +# #!/bin/sh +# echo "Do something." + +## Specify the PostgreSQL username and password to execute the initdb scripts +# initdbUser: +# initdbPassword: + +## ConfigMap with scripts to be run at first boot +## NOTE: This will override initdbScripts +# initdbScriptsConfigMap: + +## Secret with scripts to be run at first boot (in case it contains sensitive information) +## NOTE: This can work along initdbScripts or initdbScriptsConfigMap +# initdbScriptsSecret: + +## Optional duration in seconds the pod needs to terminate gracefully. +## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods +## +# terminationGracePeriodSeconds: 30 + +## LDAP configuration +## +ldap: + enabled: false + url: '' + server: '' + port: '' + prefix: '' + suffix: '' + baseDN: '' + bindDN: '' + bind_password: + search_attr: '' + search_filter: '' + scheme: '' + tls: false + +## PostgreSQL service configuration +service: + ## PosgresSQL service type + type: ClusterIP + # clusterIP: None + port: 5432 + + ## Specify the nodePort value for the LoadBalancer and NodePort service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + # nodePort: + + ## Provide any additional annotations which may be required. Evaluated as a template. + ## + annotations: {} + ## Set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + # loadBalancerIP: + ## Load Balancer sources. Evaluated as a template. + ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## + # loadBalancerSourceRanges: + # - 10.10.10.0/24 + +## Start master and slave(s) pod(s) without limitations on shm memory. +## By default docker and containerd (and possibly other container runtimes) +## limit `/dev/shm` to `64M` (see e.g. the +## [docker issue](https://github.com/docker-library/postgres/issues/416) and the +## [containerd issue](https://github.com/containerd/containerd/issues/3654), +## which could be not enough if PostgreSQL uses parallel workers heavily. +## +shmVolume: + ## Set `shmVolume.enabled` to `true` to mount a new tmpfs volume to remove + ## this limitation. + ## + enabled: true + ## Set to `true` to `chmod 777 /dev/shm` on a initContainer. + ## This option is ingored if `volumePermissions.enabled` is `false` + ## + chmod: + enabled: true + +## PostgreSQL data Persistent Volume Storage Class +## If defined, storageClassName: +## If set to "-", storageClassName: "", which disables dynamic provisioning +## If undefined (the default) or set to null, no storageClassName spec is +## set, choosing the default provisioner. (gp2 on AWS, standard on +## GKE, AWS & OpenStack) +## +persistence: + enabled: true + ## A manually managed Persistent Volume and Claim + ## If defined, PVC must be created manually before volume will be bound + ## The value is evaluated as a template, so, for example, the name can depend on .Release or .Chart + ## + # existingClaim: + + ## The path the volume will be mounted at, useful when using different + ## PostgreSQL images. + ## + mountPath: /bitnami/postgresql + + ## The subdirectory of the volume to mount to, useful in dev environments + ## and one PV for multiple services. + ## + subPath: '' + + # storageClass: "-" + accessModes: + - ReadWriteOnce + size: 8Gi + annotations: {} + +## updateStrategy for PostgreSQL StatefulSet and its slaves StatefulSets +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies +updateStrategy: + type: RollingUpdate + +## +## PostgreSQL Master parameters +## +master: + ## Node, affinity, tolerations, and priorityclass settings for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature + ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption + nodeSelector: {} + affinity: {} + tolerations: [] + labels: {} + annotations: {} + podLabels: {} + podAnnotations: {} + priorityClassName: '' + ## Additional PostgreSQL Master Volume mounts + ## + extraVolumeMounts: [] + ## Additional PostgreSQL Master Volumes + ## + extraVolumes: [] + ## Add sidecars to the pod + ## + ## For example: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + sidecars: [] + + ## Override the service configuration for master + ## + service: {} + # type: + # nodePort: + # clusterIP: + +## +## PostgreSQL Slave parameters +## +slave: + ## Node, affinity, tolerations, and priorityclass settings for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature + ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption + nodeSelector: {} + affinity: {} + tolerations: [] + labels: {} + annotations: {} + podLabels: {} + podAnnotations: {} + priorityClassName: '' + ## Extra init containers + ## Example + ## + ## extraInitContainers: + ## - name: do-something + ## image: busybox + ## command: ['do', 'something'] + extraInitContainers: [] + ## Additional PostgreSQL Slave Volume mounts + ## + extraVolumeMounts: [] + ## Additional PostgreSQL Slave Volumes + ## + extraVolumes: [] + ## Add sidecars to the pod + ## + ## For example: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + sidecars: [] + + ## Override the service configuration for slave + ## + service: {} + # type: + # nodePort: + # clusterIP: + ## Whether to enable PostgreSQL slave replicas data Persistent + ## + persistence: + enabled: true + +## Configure resource requests and limits +## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +## +resources: + requests: + memory: 256Mi + cpu: 250m + +## Add annotations to all the deployed resources +## +commonAnnotations: {} + +networkPolicy: + ## Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now. + ## + enabled: false + + ## The Policy model to apply. When set to false, only pods with the correct + ## client label will have network access to the port PostgreSQL is listening + ## on. When true, PostgreSQL will accept connections from any source + ## (with the correct destination port). + ## + allowExternal: true + + ## if explicitNamespacesSelector is missing or set to {}, only client Pods that are in the networkPolicy's namespace + ## and that match other criteria, the ones that have the good label, can reach the DB. + ## But sometimes, we want the DB to be accessible to clients from other namespaces, in this case, we can use this + ## LabelSelector to select these namespaces, note that the networkPolicy's namespace should also be explicitly added. + ## + ## Example: + ## explicitNamespacesSelector: + ## matchLabels: + ## role: frontend + ## matchExpressions: + ## - {key: role, operator: In, values: [frontend]} + explicitNamespacesSelector: {} + +## Configure extra options for liveness and readiness probes +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) +livenessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + +readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + +## +## TLS configuration +## +tls: + # Enable TLS traffic + enabled: false + # + # Whether to use the server's TLS cipher preferences rather than the client's. + preferServerCiphers: true + # + # Name of the Secret that contains the certificates + certificatesSecret: '' + # + # Certificate filename + certFilename: '' + # + # Certificate Key filename + certKeyFilename: '' + # + # CA Certificate filename + # If provided, PostgreSQL will authenticate TLS/SSL clients by requesting them a certificate + # ref: https://www.postgresql.org/docs/9.6/auth-methods.html + certCAFilename: + # + # File containing a Certificate Revocation List + crlFilename: + +## Configure metrics exporter +## +metrics: + enabled: true + # resources: {} + service: + type: ClusterIP + annotations: + prometheus.io/scrape: 'true' + prometheus.io/port: '9187' + loadBalancerIP: + serviceMonitor: + enabled: false + additionalLabels: {} + # namespace: monitoring + # interval: 30s + # scrapeTimeout: 10s + ## Custom PrometheusRule to be defined + ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart + ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions + prometheusRule: + enabled: false + additionalLabels: {} + namespace: '' + ## These are just examples rules, please adapt them to your needs. + ## Make sure to constraint the rules to the current postgresql service. + ## rules: + ## - alert: HugeReplicationLag + ## expr: pg_replication_lag{service="{{ template "postgresql.fullname" . }}-metrics"} / 3600 > 1 + ## for: 1m + ## labels: + ## severity: critical + ## annotations: + ## description: replication for {{ template "postgresql.fullname" . }} PostgreSQL is lagging by {{ "{{ $value }}" }} hour(s). + ## summary: PostgreSQL replication is lagging by {{ "{{ $value }}" }} hour(s). + rules: [] + + image: + registry: docker.io + repository: bitnami/postgres-exporter + tag: 0.8.0-debian-10-r188 + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + ## Define additional custom metrics + ## ref: https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file + # customMetrics: + # pg_database: + # query: "SELECT d.datname AS name, CASE WHEN pg_catalog.has_database_privilege(d.datname, 'CONNECT') THEN pg_catalog.pg_database_size(d.datname) ELSE 0 END AS size FROM pg_catalog.pg_database d where datname not in ('template0', 'template1', 'postgres')" + # metrics: + # - name: + # usage: "LABEL" + # description: "Name of the database" + # - size_bytes: + # usage: "GAUGE" + # description: "Size of the database in bytes" + ## An array to add extra env vars to configure postgres-exporter + ## see: https://github.com/wrouesnel/postgres_exporter#environment-variables + ## For example: + # extraEnvVars: + # - name: PG_EXPORTER_DISABLE_DEFAULT_METRICS + # value: "true" + extraEnvVars: {} + + ## Pod Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + ## + securityContext: + enabled: false + runAsUser: 1001 + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) + ## Configure extra options for liveness and readiness probes + livenessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + + readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/values.schema.json b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/values.schema.json new file mode 100644 index 000000000..7b5e2efc3 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/values.schema.json @@ -0,0 +1,103 @@ +{ + "$schema": "http://json-schema.org/schema#", + "type": "object", + "properties": { + "postgresqlUsername": { + "type": "string", + "title": "Admin user", + "form": true + }, + "postgresqlPassword": { + "type": "string", + "title": "Password", + "form": true + }, + "persistence": { + "type": "object", + "properties": { + "size": { + "type": "string", + "title": "Persistent Volume Size", + "form": true, + "render": "slider", + "sliderMin": 1, + "sliderMax": 100, + "sliderUnit": "Gi" + } + } + }, + "resources": { + "type": "object", + "title": "Required Resources", + "description": "Configure resource requests", + "form": true, + "properties": { + "requests": { + "type": "object", + "properties": { + "memory": { + "type": "string", + "form": true, + "render": "slider", + "title": "Memory Request", + "sliderMin": 10, + "sliderMax": 2048, + "sliderUnit": "Mi" + }, + "cpu": { + "type": "string", + "form": true, + "render": "slider", + "title": "CPU Request", + "sliderMin": 10, + "sliderMax": 2000, + "sliderUnit": "m" + } + } + } + } + }, + "replication": { + "type": "object", + "form": true, + "title": "Replication Details", + "properties": { + "enabled": { + "type": "boolean", + "title": "Enable Replication", + "form": true + }, + "slaveReplicas": { + "type": "integer", + "title": "Slave Replicas", + "form": true, + "hidden": { + "value": false, + "path": "replication/enabled" + } + } + } + }, + "volumePermissions": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "form": true, + "title": "Enable Init Containers", + "description": "Change the owner of the persist volume mountpoint to RunAsUser:fsGroup" + } + } + }, + "metrics": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "title": "Configure metrics exporter", + "form": true + } + } + } + } +} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/values.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/values.yaml new file mode 100644 index 000000000..f45c4183d --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/charts/postgresql/values.yaml @@ -0,0 +1,600 @@ +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry and imagePullSecrets +## +global: + postgresql: {} +# imageRegistry: myRegistryName +# imagePullSecrets: +# - myRegistryKeySecretName +# storageClass: myStorageClass + +## Bitnami PostgreSQL image version +## ref: https://hub.docker.com/r/bitnami/postgresql/tags/ +## +image: + registry: docker.io + repository: bitnami/postgresql + tag: 11.9.0-debian-10-r1 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + + ## Set to true if you would like to see extra information on logs + ## It turns BASH and NAMI debugging in minideb + ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging + debug: false + +## String to partially override postgresql.fullname template (will maintain the release name) +## +# nameOverride: + +## String to fully override postgresql.fullname template +## +# fullnameOverride: + +## +## Init containers parameters: +## volumePermissions: Change the owner of the persist volume mountpoint to RunAsUser:fsGroup +## +volumePermissions: + enabled: false + image: + registry: docker.io + repository: bitnami/minideb + tag: buster + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: Always + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + ## Init container Security Context + ## Note: the chown of the data folder is done to securityContext.runAsUser + ## and not the below volumePermissions.securityContext.runAsUser + ## When runAsUser is set to special value "auto", init container will try to chwon the + ## data folder to autodetermined user&group, using commands: `id -u`:`id -G | cut -d" " -f2` + ## "auto" is especially useful for OpenShift which has scc with dynamic userids (and 0 is not allowed). + ## You may want to use this volumePermissions.securityContext.runAsUser="auto" in combination with + ## pod securityContext.enabled=false and shmVolume.chmod.enabled=false + ## + securityContext: + runAsUser: 0 + +## Use an alternate scheduler, e.g. "stork". +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +# schedulerName: + +## Pod Security Context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +## +securityContext: + enabled: true + fsGroup: 1001 + runAsUser: 1001 + +## Pod Service Account +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ +serviceAccount: + enabled: false + ## Name of an already existing service account. Setting this value disables the automatic service account creation. + # name: + +## Pod Security Policy +## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ +psp: + create: false + +## Creates role for ServiceAccount +## Required for PSP +rbac: + create: false + +replication: + enabled: false + user: repl_user + password: repl_password + slaveReplicas: 1 + ## Set synchronous commit mode: on, off, remote_apply, remote_write and local + ## ref: https://www.postgresql.org/docs/9.6/runtime-config-wal.html#GUC-WAL-LEVEL + synchronousCommit: 'off' + ## From the number of `slaveReplicas` defined above, set the number of those that will have synchronous replication + ## NOTE: It cannot be > slaveReplicas + numSynchronousReplicas: 0 + ## Replication Cluster application name. Useful for defining multiple replication policies + applicationName: my_application + +## PostgreSQL admin password (used when `postgresqlUsername` is not `postgres`) +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-user-on-first-run (see note!) +# postgresqlPostgresPassword: + +## PostgreSQL user (has superuser privileges if username is `postgres`) +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run +postgresqlUsername: postgres + +## PostgreSQL password +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run +## +# postgresqlPassword: + +## PostgreSQL password using existing secret +## existingSecret: secret + +## Mount PostgreSQL secret as a file instead of passing environment variable +# usePasswordFile: false + +## Create a database +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-on-first-run +## +# postgresqlDatabase: + +## PostgreSQL data dir +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md +## +postgresqlDataDir: /bitnami/postgresql/data + +## An array to add extra environment variables +## For example: +## extraEnv: +## - name: FOO +## value: "bar" +## +# extraEnv: +extraEnv: [] + +## Name of a ConfigMap containing extra env vars +## +# extraEnvVarsCM: + +## Specify extra initdb args +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md +## +# postgresqlInitdbArgs: + +## Specify a custom location for the PostgreSQL transaction log +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md +## +# postgresqlInitdbWalDir: + +## PostgreSQL configuration +## Specify runtime configuration parameters as a dict, using camelCase, e.g. +## {"sharedBuffers": "500MB"} +## Alternatively, you can put your postgresql.conf under the files/ directory +## ref: https://www.postgresql.org/docs/current/static/runtime-config.html +## +# postgresqlConfiguration: + +## PostgreSQL extended configuration +## As above, but _appended_ to the main configuration +## Alternatively, you can put your *.conf under the files/conf.d/ directory +## https://github.com/bitnami/bitnami-docker-postgresql#allow-settings-to-be-loaded-from-files-other-than-the-default-postgresqlconf +## +# postgresqlExtendedConf: + +## PostgreSQL client authentication configuration +## Specify content for pg_hba.conf +## Default: do not create pg_hba.conf +## Alternatively, you can put your pg_hba.conf under the files/ directory +# pgHbaConfiguration: |- +# local all all trust +# host all all localhost trust +# host mydatabase mysuser 192.168.0.0/24 md5 + +## ConfigMap with PostgreSQL configuration +## NOTE: This will override postgresqlConfiguration and pgHbaConfiguration +# configurationConfigMap: + +## ConfigMap with PostgreSQL extended configuration +# extendedConfConfigMap: + +## initdb scripts +## Specify dictionary of scripts to be run at first boot +## Alternatively, you can put your scripts under the files/docker-entrypoint-initdb.d directory +## +# initdbScripts: +# my_init_script.sh: | +# #!/bin/sh +# echo "Do something." + +## ConfigMap with scripts to be run at first boot +## NOTE: This will override initdbScripts +# initdbScriptsConfigMap: + +## Secret with scripts to be run at first boot (in case it contains sensitive information) +## NOTE: This can work along initdbScripts or initdbScriptsConfigMap +# initdbScriptsSecret: + +## Specify the PostgreSQL username and password to execute the initdb scripts +# initdbUser: +# initdbPassword: + +## Optional duration in seconds the pod needs to terminate gracefully. +## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods +## +# terminationGracePeriodSeconds: 30 + +## LDAP configuration +## +ldap: + enabled: false + url: '' + server: '' + port: '' + prefix: '' + suffix: '' + baseDN: '' + bindDN: '' + bind_password: + search_attr: '' + search_filter: '' + scheme: '' + tls: false + +## PostgreSQL service configuration +service: + ## PosgresSQL service type + type: ClusterIP + # clusterIP: None + port: 5432 + + ## Specify the nodePort value for the LoadBalancer and NodePort service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + # nodePort: + + ## Provide any additional annotations which may be required. Evaluated as a template. + ## + annotations: {} + ## Set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + # loadBalancerIP: + ## Load Balancer sources. Evaluated as a template. + ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## + # loadBalancerSourceRanges: + # - 10.10.10.0/24 + +## Start master and slave(s) pod(s) without limitations on shm memory. +## By default docker and containerd (and possibly other container runtimes) +## limit `/dev/shm` to `64M` (see e.g. the +## [docker issue](https://github.com/docker-library/postgres/issues/416) and the +## [containerd issue](https://github.com/containerd/containerd/issues/3654), +## which could be not enough if PostgreSQL uses parallel workers heavily. +## +shmVolume: + ## Set `shmVolume.enabled` to `true` to mount a new tmpfs volume to remove + ## this limitation. + ## + enabled: true + ## Set to `true` to `chmod 777 /dev/shm` on a initContainer. + ## This option is ingored if `volumePermissions.enabled` is `false` + ## + chmod: + enabled: true + +## PostgreSQL data Persistent Volume Storage Class +## If defined, storageClassName: +## If set to "-", storageClassName: "", which disables dynamic provisioning +## If undefined (the default) or set to null, no storageClassName spec is +## set, choosing the default provisioner. (gp2 on AWS, standard on +## GKE, AWS & OpenStack) +## +persistence: + enabled: true + ## A manually managed Persistent Volume and Claim + ## If defined, PVC must be created manually before volume will be bound + ## The value is evaluated as a template, so, for example, the name can depend on .Release or .Chart + ## + # existingClaim: + + ## The path the volume will be mounted at, useful when using different + ## PostgreSQL images. + ## + mountPath: /bitnami/postgresql + + ## The subdirectory of the volume to mount to, useful in dev environments + ## and one PV for multiple services. + ## + subPath: '' + + # storageClass: "-" + accessModes: + - ReadWriteOnce + size: 8Gi + annotations: {} + +## updateStrategy for PostgreSQL StatefulSet and its slaves StatefulSets +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies +updateStrategy: + type: RollingUpdate + +## +## PostgreSQL Master parameters +## +master: + ## Node, affinity, tolerations, and priorityclass settings for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature + ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption + nodeSelector: {} + affinity: {} + tolerations: [] + labels: {} + annotations: {} + podLabels: {} + podAnnotations: {} + priorityClassName: '' + ## Extra init containers + ## Example + ## + ## extraInitContainers: + ## - name: do-something + ## image: busybox + ## command: ['do', 'something'] + extraInitContainers: [] + + ## Additional PostgreSQL Master Volume mounts + ## + extraVolumeMounts: [] + ## Additional PostgreSQL Master Volumes + ## + extraVolumes: [] + ## Add sidecars to the pod + ## + ## For example: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + sidecars: [] + + ## Override the service configuration for master + ## + service: {} + # type: + # nodePort: + # clusterIP: + +## +## PostgreSQL Slave parameters +## +slave: + ## Node, affinity, tolerations, and priorityclass settings for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature + ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption + nodeSelector: {} + affinity: {} + tolerations: [] + labels: {} + annotations: {} + podLabels: {} + podAnnotations: {} + priorityClassName: '' + extraInitContainers: | + # - name: do-something + # image: busybox + # command: ['do', 'something'] + ## Additional PostgreSQL Slave Volume mounts + ## + extraVolumeMounts: [] + ## Additional PostgreSQL Slave Volumes + ## + extraVolumes: [] + ## Add sidecars to the pod + ## + ## For example: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + sidecars: [] + + ## Override the service configuration for slave + ## + service: {} + # type: + # nodePort: + # clusterIP: + ## Whether to enable PostgreSQL slave replicas data Persistent + ## + persistence: + enabled: true + +## Configure resource requests and limits +## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +## +resources: + requests: + memory: 256Mi + cpu: 250m + +## Add annotations to all the deployed resources +## +commonAnnotations: {} + +networkPolicy: + ## Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now. + ## + enabled: false + + ## The Policy model to apply. When set to false, only pods with the correct + ## client label will have network access to the port PostgreSQL is listening + ## on. When true, PostgreSQL will accept connections from any source + ## (with the correct destination port). + ## + allowExternal: true + + ## if explicitNamespacesSelector is missing or set to {}, only client Pods that are in the networkPolicy's namespace + ## and that match other criteria, the ones that have the good label, can reach the DB. + ## But sometimes, we want the DB to be accessible to clients from other namespaces, in this case, we can use this + ## LabelSelector to select these namespaces, note that the networkPolicy's namespace should also be explicitly added. + ## + ## Example: + ## explicitNamespacesSelector: + ## matchLabels: + ## role: frontend + ## matchExpressions: + ## - {key: role, operator: In, values: [frontend]} + explicitNamespacesSelector: {} + +## Configure extra options for liveness and readiness probes +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) +livenessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + +readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + +## +## TLS configuration +## +tls: + # Enable TLS traffic + enabled: false + # + # Whether to use the server's TLS cipher preferences rather than the client's. + preferServerCiphers: true + # + # Name of the Secret that contains the certificates + certificatesSecret: '' + # + # Certificate filename + certFilename: '' + # + # Certificate Key filename + certKeyFilename: '' + # + # CA Certificate filename + # If provided, PostgreSQL will authenticate TLS/SSL clients by requesting them a certificate + # ref: https://www.postgresql.org/docs/9.6/auth-methods.html + certCAFilename: + # + # File containing a Certificate Revocation List + crlFilename: + +## Configure metrics exporter +## +metrics: + enabled: false + # resources: {} + service: + type: ClusterIP + annotations: + prometheus.io/scrape: 'true' + prometheus.io/port: '9187' + loadBalancerIP: + serviceMonitor: + enabled: false + additionalLabels: {} + # namespace: monitoring + # interval: 30s + # scrapeTimeout: 10s + ## Custom PrometheusRule to be defined + ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart + ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions + prometheusRule: + enabled: false + additionalLabels: {} + namespace: '' + ## These are just examples rules, please adapt them to your needs. + ## Make sure to constraint the rules to the current postgresql service. + ## rules: + ## - alert: HugeReplicationLag + ## expr: pg_replication_lag{service="{{ template "postgresql.fullname" . }}-metrics"} / 3600 > 1 + ## for: 1m + ## labels: + ## severity: critical + ## annotations: + ## description: replication for {{ template "postgresql.fullname" . }} PostgreSQL is lagging by {{ "{{ $value }}" }} hour(s). + ## summary: PostgreSQL replication is lagging by {{ "{{ $value }}" }} hour(s). + rules: [] + + image: + registry: docker.io + repository: bitnami/postgres-exporter + tag: 0.8.0-debian-10-r188 + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + ## Define additional custom metrics + ## ref: https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file + # customMetrics: + # pg_database: + # query: "SELECT d.datname AS name, CASE WHEN pg_catalog.has_database_privilege(d.datname, 'CONNECT') THEN pg_catalog.pg_database_size(d.datname) ELSE 0 END AS size_bytes FROM pg_catalog.pg_database d where datname not in ('template0', 'template1', 'postgres')" + # metrics: + # - name: + # usage: "LABEL" + # description: "Name of the database" + # - size_bytes: + # usage: "GAUGE" + # description: "Size of the database in bytes" + # + ## An array to add extra env vars to configure postgres-exporter + ## see: https://github.com/wrouesnel/postgres_exporter#environment-variables + ## For example: + # extraEnvVars: + # - name: PG_EXPORTER_DISABLE_DEFAULT_METRICS + # value: "true" + extraEnvVars: {} + + ## Pod Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + ## + securityContext: + enabled: false + runAsUser: 1001 + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) + ## Configure extra options for liveness and readiness probes + livenessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + + readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/ci/access-tls-values.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/ci/access-tls-values.yaml new file mode 100644 index 000000000..e11939170 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/ci/access-tls-values.yaml @@ -0,0 +1,13 @@ +databaseUpgradeReady: true +artifactory: + masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +# To Fix ct tool --reuse-values - PASSWORDS ERROR: you must provide your current passwords when upgrade the release +postgresql: + image: + tag: 12.3.0-debian-10-r71 + postgresqlPassword: password +access: + accessConfig: + security: + tls: true + resetAccessCAKeys: true diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/ci/default-values.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/ci/default-values.yaml new file mode 100644 index 000000000..1ebf93823 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/ci/default-values.yaml @@ -0,0 +1,9 @@ +# Leave this file empty to ensure that CI runs builds against the default configuration in values.yaml. +databaseUpgradeReady: true +## This is an exception here because HA needs masterKey to connect with other node members and it is commented in values to support 6.x to 7.x Migration +## Please refer https://github.com/jfrog/charts/blob/master/stable/artifactory-ha/README.md#special-upgrade-notes-1 +artifactory: + masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +# To Fix ct tool --reuse-values - PASSWORDS ERROR: you must provide your current passwords when upgrade the release +postgresql: + postgresqlPassword: password diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/ci/global-values.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/ci/global-values.yaml new file mode 100644 index 000000000..d2ce1d675 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/ci/global-values.yaml @@ -0,0 +1,47 @@ +databaseUpgradeReady: true +# To Fix ct tool --reuse-values - PASSWORDS ERROR: you must provide your current passwords when upgrade the release +postgresql: + postgresqlPassword: password +global: + versions: + artifactory: 7.11.2 + masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF + joinKey: EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE + customInitContainers: | + - name: "custom-setup" + image: "{{ .Values.initContainerImage }}" + imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" + command: + - 'sh' + - '-c' + - 'touch {{ .Values.artifactory.persistence.mountPath }}/example-custom-setup' + volumeMounts: + - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" + name: volume + # Add custom volumes + customVolumes: | + - name: custom-script + emptyDir: + sizeLimit: 100Mi + # Add custom volumesMounts + customVolumeMounts: | + - name: custom-script + mountPath: "/scripts" + # Add custom sidecar containers + customSidecarContainers: | + - name: "sidecar-list-etc" + image: "{{ .Values.initContainerImage }}" + imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" + securityContext: + allowPrivilegeEscalation: false + command: ["sh","-c","echo 'Sidecar is running' >> /scripts/sidecar.txt; cat /scripts/sidecar.txt; while true; do sleep 30; done"] + volumeMounts: + - mountPath: "/scripts" + name: custom-script + resources: + requests: + memory: "32Mi" + cpu: "50m" + limits: + memory: "128Mi" + cpu: "100m" diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/ci/migration-disabled-values.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/ci/migration-disabled-values.yaml new file mode 100644 index 000000000..6c1e2587f --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/ci/migration-disabled-values.yaml @@ -0,0 +1,8 @@ +databaseUpgradeReady: true +# To Fix ct tool --reuse-values - PASSWORDS ERROR: you must provide your current passwords when upgrade the release +postgresql: + postgresqlPassword: password +artifactory: + masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF + migration: + enabled: false diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/ci/test-values.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/ci/test-values.yaml new file mode 100644 index 000000000..0ee7cbdd2 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/ci/test-values.yaml @@ -0,0 +1,14 @@ +databaseUpgradeReady: true +artifactory: + masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF + persistence: + enabled: true + +postgresql: + image: + tag: 9.6.18-debian-10-r7 + postgresqlPassword: "password" + postgresqlExtendedConf: + maxConnections: "102" + persistence: + enabled: true diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/files/migrate.sh b/charts/artifactory-ha/artifactory-ha/4.7.600/files/migrate.sh new file mode 100644 index 000000000..e35bfdbb2 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/files/migrate.sh @@ -0,0 +1,4339 @@ +#!/bin/bash + +# Flags +FLAG_Y="y" +FLAG_N="n" +FLAGS_Y_N="$FLAG_Y $FLAG_N" +FLAG_NOT_APPLICABLE="_NA_" + +CURRENT_VERSION=$1 + +WRAPPER_SCRIPT_TYPE_RPMDEB="RPMDEB" +WRAPPER_SCRIPT_TYPE_DOCKER_COMPOSE="DOCKERCOMPOSE" + +SENSITIVE_KEY_VALUE="__sensitive_key_hidden___" + +# Shared system keys +SYS_KEY_SHARED_JFROGURL="shared.jfrogUrl" +SYS_KEY_SHARED_SECURITY_JOINKEY="shared.security.joinKey" +SYS_KEY_SHARED_SECURITY_MASTERKEY="shared.security.masterKey" + +SYS_KEY_SHARED_NODE_ID="shared.node.id" +SYS_KEY_SHARED_JAVAHOME="shared.javaHome" + +SYS_KEY_SHARED_DATABASE_TYPE="shared.database.type" +SYS_KEY_SHARED_DATABASE_TYPE_VALUE_POSTGRES="postgresql" +SYS_KEY_SHARED_DATABASE_DRIVER="shared.database.driver" +SYS_KEY_SHARED_DATABASE_URL="shared.database.url" +SYS_KEY_SHARED_DATABASE_USERNAME="shared.database.username" +SYS_KEY_SHARED_DATABASE_PASSWORD="shared.database.password" + +SYS_KEY_SHARED_ELASTICSEARCH_URL="shared.elasticsearch.url" +SYS_KEY_SHARED_ELASTICSEARCH_USERNAME="shared.elasticsearch.username" +SYS_KEY_SHARED_ELASTICSEARCH_PASSWORD="shared.elasticsearch.password" +SYS_KEY_SHARED_ELASTICSEARCH_CLUSTERSETUP="shared.elasticsearch.clusterSetup" +SYS_KEY_SHARED_ELASTICSEARCH_UNICASTFILE="shared.elasticsearch.unicastFile" +SYS_KEY_SHARED_ELASTICSEARCH_CLUSTERSETUP_VALUE="YES" + +# Define this in product specific script. Should contain the path to unitcast file +# File used by insight server to write cluster active nodes info. This will be read by elasticsearch +#SYS_KEY_SHARED_ELASTICSEARCH_UNICASTFILE_VALUE="" + +SYS_KEY_RABBITMQ_ACTIVE_NODE_NAME="shared.rabbitMq.active.node.name" +SYS_KEY_RABBITMQ_ACTIVE_NODE_IP="shared.rabbitMq.active.node.ip" + +# Filenames +FILE_NAME_SYSTEM_YAML="system.yaml" +FILE_NAME_JOIN_KEY="join.key" +FILE_NAME_MASTER_KEY="master.key" +FILE_NAME_INSTALLER_YAML="installer.yaml" + +# Global constants used in business logic +NODE_TYPE_STANDALONE="standalone" +NODE_TYPE_CLUSTER_NODE="node" +NODE_TYPE_DATABASE="database" + +# External(isable) databases +DATABASE_POSTGRES="POSTGRES" +DATABASE_ELASTICSEARCH="ELASTICSEARCH" +DATABASE_RABBITMQ="RABBITMQ" + +POSTGRES_LABEL="PostgreSQL" +ELASTICSEARCH_LABEL="Elasticsearch" +RABBITMQ_LABEL="Rabbitmq" + +ARTIFACTORY_LABEL="Artifactory" +JFMC_LABEL="Mission Control" +DISTRIBUTION_LABEL="Distribution" +XRAY_LABEL="Xray" + +POSTGRES_CONTAINER="postgres" +ELASTICSEARCH_CONTAINER="elasticsearch" +RABBITMQ_CONTAINER="rabbitmq" +REDIS_CONTAINER="redis" + +#Adding a small timeout before a read ensures it is positioned correctly in the screen +read_timeout=0.5 + +# Options related to data directory location +PROMPT_DATA_DIR_LOCATION="Installation Directory" +KEY_DATA_DIR_LOCATION="installer.data_dir" + +SYS_KEY_SHARED_NODE_HAENABLED="shared.node.haEnabled" +PROMPT_ADD_TO_CLUSTER="Are you adding an additional node to an existing product cluster?" +KEY_ADD_TO_CLUSTER="installer.ha" +VALID_VALUES_ADD_TO_CLUSTER="$FLAGS_Y_N" + +MESSAGE_POSTGRES_INSTALL="The installer can install a $POSTGRES_LABEL database, or you can connect to an existing compatible $POSTGRES_LABEL database\n(compatible databases: https://www.jfrog.com/confluence/display/JFROG/System+Requirements#SystemRequirements-RequirementsMatrix)" +PROMPT_POSTGRES_INSTALL="Do you want to install $POSTGRES_LABEL?" +KEY_POSTGRES_INSTALL="installer.install_postgresql" +VALID_VALUES_POSTGRES_INSTALL="$FLAGS_Y_N" + +# Postgres connection details +RPM_DEB_POSTGRES_HOME_DEFAULT="/var/opt/jfrog/postgres" +RPM_DEB_MESSAGE_STANDALONE_POSTGRES_DATA="$POSTGRES_LABEL home will have data and its configuration" +RPM_DEB_PROMPT_STANDALONE_POSTGRES_DATA="Type desired $POSTGRES_LABEL home location" +RPM_DEB_KEY_STANDALONE_POSTGRES_DATA="installer.postgresql.home" + +MESSAGE_DATABASE_URL="Provide the database connection details" +PROMPT_DATABASE_URL(){ + local databaseURlExample= + case "$PRODUCT_NAME" in + $ARTIFACTORY_LABEL) + databaseURlExample="jdbc:postgresql://:/artifactory" + ;; + $JFMC_LABEL) + databaseURlExample="postgresql://:/mission_control?sslmode=disable" + ;; + $DISTRIBUTION_LABEL) + databaseURlExample="jdbc:postgresql://:/distribution?sslmode=disable" + ;; + $XRAY_LABEL) + databaseURlExample="postgres://:/xraydb?sslmode=disable" + ;; + esac + if [ -z "$databaseURlExample" ]; then + echo -n "$POSTGRES_LABEL URL" # For consistency with username and password + return + fi + echo -n "$POSTGRES_LABEL url. Example: [$databaseURlExample]" +} +REGEX_DATABASE_URL(){ + local databaseURlExample= + case "$PRODUCT_NAME" in + $ARTIFACTORY_LABEL) + databaseURlExample="jdbc:postgresql://.*/artifactory.*" + ;; + $JFMC_LABEL) + databaseURlExample="postgresql://.*/mission_control.*" + ;; + $DISTRIBUTION_LABEL) + databaseURlExample="jdbc:postgresql://.*/distribution.*" + ;; + $XRAY_LABEL) + databaseURlExample="postgres://.*/xraydb.*" + ;; + esac + echo -n "^$databaseURlExample\$" +} +ERROR_MESSAGE_DATABASE_URL="Invalid $POSTGRES_LABEL URL" +KEY_DATABASE_URL="$SYS_KEY_SHARED_DATABASE_URL" +#NOTE: It is important to display the label. Since the message may be hidden if URL is known +PROMPT_DATABASE_USERNAME="$POSTGRES_LABEL username" +KEY_DATABASE_USERNAME="$SYS_KEY_SHARED_DATABASE_USERNAME" +#NOTE: It is important to display the label. Since the message may be hidden if URL is known +PROMPT_DATABASE_PASSWORD="$POSTGRES_LABEL password" +KEY_DATABASE_PASSWORD="$SYS_KEY_SHARED_DATABASE_PASSWORD" +IS_SENSITIVE_DATABASE_PASSWORD="$FLAG_Y" + +MESSAGE_STANDALONE_ELASTICSEARCH_INSTALL="The installer can install a $ELASTICSEARCH_LABEL database or you can connect to an existing compatible $ELASTICSEARCH_LABEL database" +PROMPT_STANDALONE_ELASTICSEARCH_INSTALL="Do you want to install $ELASTICSEARCH_LABEL?" +KEY_STANDALONE_ELASTICSEARCH_INSTALL="installer.install_elasticsearch" +VALID_VALUES_STANDALONE_ELASTICSEARCH_INSTALL="$FLAGS_Y_N" + +# Elasticsearch connection details +MESSAGE_ELASTICSEARCH_DETAILS="Provide the $ELASTICSEARCH_LABEL connection details" +PROMPT_ELASTICSEARCH_URL="$ELASTICSEARCH_LABEL URL" +KEY_ELASTICSEARCH_URL="$SYS_KEY_SHARED_ELASTICSEARCH_URL" + +PROMPT_ELASTICSEARCH_USERNAME="$ELASTICSEARCH_LABEL username" +KEY_ELASTICSEARCH_USERNAME="$SYS_KEY_SHARED_ELASTICSEARCH_USERNAME" + +PROMPT_ELASTICSEARCH_PASSWORD="$ELASTICSEARCH_LABEL password" +KEY_ELASTICSEARCH_PASSWORD="$SYS_KEY_SHARED_ELASTICSEARCH_PASSWORD" +IS_SENSITIVE_ELASTICSEARCH_PASSWORD="$FLAG_Y" + +# Cluster related questions +MESSAGE_CLUSTER_MASTER_KEY="Provide the cluster's master key. It can be found in the data directory of the first node under /etc/security/master.key" +PROMPT_CLUSTER_MASTER_KEY="Master Key" +KEY_CLUSTER_MASTER_KEY="$SYS_KEY_SHARED_SECURITY_MASTERKEY" +IS_SENSITIVE_CLUSTER_MASTER_KEY="$FLAG_Y" + +MESSAGE_JOIN_KEY="The Join key is the secret key used to establish trust between services in the JFrog Platform.\n(You can copy the Join Key from Admin > Security > Settings)" +PROMPT_JOIN_KEY="Join Key" +KEY_JOIN_KEY="$SYS_KEY_SHARED_SECURITY_JOINKEY" +IS_SENSITIVE_JOIN_KEY="$FLAG_Y" +REGEX_JOIN_KEY="^[a-zA-Z0-9]{16,}\$" +ERROR_MESSAGE_JOIN_KEY="Invalid Join Key" + +# Rabbitmq related cluster information +MESSAGE_RABBITMQ_ACTIVE_NODE_NAME="Provide an active ${RABBITMQ_LABEL} node name. Run the command [ hostname -s ] on any of the existing nodes in the product cluster to get this" +PROMPT_RABBITMQ_ACTIVE_NODE_NAME="${RABBITMQ_LABEL} active node name" +KEY_RABBITMQ_ACTIVE_NODE_NAME="$SYS_KEY_RABBITMQ_ACTIVE_NODE_NAME" + +# Rabbitmq related cluster information (necessary only for docker-compose) +PROMPT_RABBITMQ_ACTIVE_NODE_IP="${RABBITMQ_LABEL} active node ip" +KEY_RABBITMQ_ACTIVE_NODE_IP="$SYS_KEY_RABBITMQ_ACTIVE_NODE_IP" + +MESSAGE_JFROGURL(){ + echo -e "The JFrog URL allows ${PRODUCT_NAME} to connect to a JFrog Platform Instance.\n(You can copy the JFrog URL from Admin > Security > Settings)" +} +PROMPT_JFROGURL="JFrog URL" +KEY_JFROGURL="$SYS_KEY_SHARED_JFROGURL" +REGEX_JFROGURL="^https?://.*:{0,}[0-9]{0,4}\$" +ERROR_MESSAGE_JFROGURL="Invalid JFrog URL" + + +# Set this to FLAG_Y on upgrade +IS_UPGRADE="${FLAG_N}" + +# This belongs in JFMC but is the ONLY one that needs it so keeping it here for now. Can be made into a method and overridden if necessary +MESSAGE_MULTIPLE_PG_SCHEME="Please setup $POSTGRES_LABEL with schema as described in https://www.jfrog.com/confluence/display/JFROG/Installing+Mission+Control" + +_getMethodOutputOrVariableValue() { + unset EFFECTIVE_MESSAGE + local keyToSearch=$1 + local effectiveMessage= + local result="0" + # logSilly "Searching for method: [$keyToSearch]" + LC_ALL=C type "$keyToSearch" > /dev/null 2>&1 || result="$?" + if [[ "$result" == "0" ]]; then + # logSilly "Found method for [$keyToSearch]" + EFFECTIVE_MESSAGE="$($keyToSearch)" + return + fi + eval EFFECTIVE_MESSAGE=\${$keyToSearch} + if [ ! -z "$EFFECTIVE_MESSAGE" ]; then + return + fi + # logSilly "Didn't find method or variable for [$keyToSearch]" +} + + +# REF https://misc.flogisoft.com/bash/tip_colors_and_formatting +cClear="\e[0m" +cBlue="\e[38;5;69m" +cRedDull="\e[1;31m" +cYellow="\e[1;33m" +cRedBright="\e[38;5;197m" +cBold="\e[1m" + + +_loggerGetModeRaw() { + local MODE="$1" + case $MODE in + INFO) + printf "" + ;; + DEBUG) + printf "%s" "[${MODE}] " + ;; + WARN) + printf "${cRedDull}%s%s${cClear}" "[" "${MODE}" "] " + ;; + ERROR) + printf "${cRedBright}%s%s${cClear}" "[" "${MODE}" "] " + ;; + esac +} + + +_loggerGetMode() { + local MODE="$1" + case $MODE in + INFO) + printf "${cBlue}%s%-5s%s${cClear}" "[" "${MODE}" "]" + ;; + DEBUG) + printf "%-7s" "[${MODE}]" + ;; + WARN) + printf "${cRedDull}%s%-5s%s${cClear}" "[" "${MODE}" "]" + ;; + ERROR) + printf "${cRedBright}%s%-5s%s${cClear}" "[" "${MODE}" "]" + ;; + esac +} + +# Capitalises the first letter of the message +_loggerGetMessage() { + local originalMessage="$*" + local firstChar=$(echo "${originalMessage:0:1}" | awk '{ print toupper($0) }') + local resetOfMessage="${originalMessage:1}" + echo "$firstChar$resetOfMessage" +} + +# The spec also says content should be left-trimmed but this is not necessary in our case. We don't reach the limit. +_loggerGetStackTrace() { + printf "%s%-30s%s" "[" "$1:$2" "]" +} + +_loggerGetThread() { + printf "%s" "[main]" +} + +_loggerGetServiceType() { + printf "%s%-5s%s" "[" "shell" "]" +} + +#Trace ID is not applicable to scripts +_loggerGetTraceID() { + printf "%s" "[]" +} + +logRaw() { + echo "" + printf "$1" + echo "" +} + +logBold(){ + echo "" + printf "${cBold}$1${cClear}" + echo "" +} + +# The date binary works differently based on whether it is GNU/BSD +is_date_supported=0 +date --version > /dev/null 2>&1 || is_date_supported=1 +IS_GNU=$(echo $is_date_supported) + +_loggerGetTimestamp() { + if [ "${IS_GNU}" == "0" ]; then + echo -n $(date -u +%FT%T.%3NZ) + else + echo -n $(date -u +%FT%T.000Z) + fi +} + +# https://www.shellscript.sh/tips/spinner/ +_spin() +{ + spinner="/|\\-/|\\-" + while : + do + for i in `seq 0 7` + do + echo -n "${spinner:$i:1}" + echo -en "\010" + sleep 1 + done + done +} + +showSpinner() { + # Start the Spinner: + _spin & + # Make a note of its Process ID (PID): + SPIN_PID=$! + # Kill the spinner on any signal, including our own exit. + trap "kill -9 $SPIN_PID" `seq 0 15` &> /dev/null || return 0 +} + +stopSpinner() { + local occurrences=$(ps -ef | grep -wc "${SPIN_PID}") + let "occurrences+=0" + # validate that it is present (2 since this search itself will show up in the results) + if [ $occurrences -gt 1 ]; then + kill -9 $SPIN_PID &>/dev/null || return 0 + wait $SPIN_ID &>/dev/null + fi +} + +_getEffectiveMessage(){ + local MESSAGE="$1" + local MODE=${2-"INFO"} + + if [ -z "$CONTEXT" ]; then + CONTEXT=$(caller) + fi + + _EFFECTIVE_MESSAGE= + if [ -z "$LOG_BEHAVIOR_ADD_META" ]; then + _EFFECTIVE_MESSAGE="$(_loggerGetModeRaw $MODE)$(_loggerGetMessage $MESSAGE)" + else + local SERVICE_TYPE="script" + local TRACE_ID="" + local THREAD="main" + + local CONTEXT_LINE=$(echo "$CONTEXT" | awk '{print $1}') + local CONTEXT_FILE=$(echo "$CONTEXT" | awk -F"/" '{print $NF}') + + _EFFECTIVE_MESSAGE="$(_loggerGetTimestamp) $(_loggerGetServiceType) $(_loggerGetMode $MODE) $(_loggerGetTraceID) $(_loggerGetStackTrace $CONTEXT_FILE $CONTEXT_LINE) $(_loggerGetThread) - $(_loggerGetMessage $MESSAGE)" + fi + CONTEXT= +} + +# Important - don't call any log method from this method. Will become an infinite loop. Use echo to debug +_logToFile() { + local MODE=${1-"INFO"} + local targetFile="$LOG_BEHAVIOR_ADD_REDIRECTION" + # IF the file isn't passed, abort + if [ -z "$targetFile" ]; then + return + fi + # IF this is not being run in verbose mode and mode is debug or lower, abort + if [ "${VERBOSE_MODE}" != "$FLAG_Y" ] && [ "${VERBOSE_MODE}" != "true" ] && [ "${VERBOSE_MODE}" != "debug" ]; then + if [ "$MODE" == "DEBUG" ] || [ "$MODE" == "SILLY" ]; then + return + fi + fi + + # Create the file if it doesn't exist + if [ ! -f "${targetFile}" ]; then + return + # touch $targetFile > /dev/null 2>&1 || true + fi + # # Make it readable + # chmod 640 $targetFile > /dev/null 2>&1 || true + + # Log contents + printf "%s\n" "$_EFFECTIVE_MESSAGE" >> "$targetFile" || true +} + +logger() { + if [ "$LOG_BEHAVIOR_ADD_NEW_LINE" == "$FLAG_Y" ]; then + echo "" + fi + _getEffectiveMessage "$@" + local MODE=${2-"INFO"} + printf "%s\n" "$_EFFECTIVE_MESSAGE" + _logToFile "$MODE" +} + +logDebug(){ + VERBOSE_MODE=${VERBOSE_MODE-"false"} + CONTEXT=$(caller) + if [ "${VERBOSE_MODE}" == "$FLAG_Y" ] || [ "${VERBOSE_MODE}" == "true" ] || [ "${VERBOSE_MODE}" == "debug" ];then + logger "$1" "DEBUG" + else + logger "$1" "DEBUG" >&6 + fi + CONTEXT= +} + +logSilly(){ + VERBOSE_MODE=${VERBOSE_MODE-"false"} + CONTEXT=$(caller) + if [ "${VERBOSE_MODE}" == "silly" ];then + logger "$1" "DEBUG" + else + logger "$1" "DEBUG" >&6 + fi + CONTEXT= +} + +logError() { + CONTEXT=$(caller) + logger "$1" "ERROR" + CONTEXT= +} + +errorExit () { + CONTEXT=$(caller) + logger "$1" "ERROR" + CONTEXT= + exit 1 +} + +warn () { + CONTEXT=$(caller) + logger "$1" "WARN" + CONTEXT= +} + +note () { + CONTEXT=$(caller) + logger "$1" "NOTE" + CONTEXT= +} + +bannerStart() { + title=$1 + echo + echo -e "\033[1m${title}\033[0m" + echo +} + +bannerSection() { + title=$1 + echo + echo -e "******************************** ${title} ********************************" + echo +} + +bannerSubSection() { + title=$1 + echo + echo -e "************** ${title} *******************" + echo +} + +bannerMessge() { + title=$1 + echo + echo -e "********************************" + echo -e "${title}" + echo -e "********************************" + echo +} + +setRed () { + local input="$1" + echo -e \\033[31m${input}\\033[0m +} +setGreen () { + local input="$1" + echo -e \\033[32m${input}\\033[0m +} +setYellow () { + local input="$1" + echo -e \\033[33m${input}\\033[0m +} + +logger_addLinebreak () { + echo -e "---\n" +} + +bannerImportant() { + title=$1 + local bold="\033[1m" + local noColour="\033[0m" + echo + echo -e "${bold}######################################## IMPORTANT ########################################${noColour}" + echo -e "${bold}${title}${noColour}" + echo -e "${bold}###########################################################################################${noColour}" + echo +} + +bannerEnd() { + #TODO pass a title and calculate length dynamically so that start and end look alike + echo + echo "*****************************************************************************" + echo +} + +banner() { + title=$1 + content=$2 + bannerStart "${title}" + echo -e "$content" +} + +# The logic below helps us redirect content we'd normally hide to the log file. + # + # We have several commands which clutter the console with output and so use + # `cmd > /dev/null` - this redirects the command's output to null. + # + # However, the information we just hid maybe useful for support. Using the code pattern + # `cmd >&6` (instead of `cmd> >/dev/null` ), the command's output is hidden from the console + # but redirected to the installation log file + # + +#Default value of 6 is just null +exec 6>>/dev/null +redirectLogsToFile() { + echo "" + # local file=$1 + + # [ ! -z "${file}" ] || return 0 + + # local logDir=$(dirname "$file") + + # if [ ! -f "${file}" ]; then + # [ -d "${logDir}" ] || mkdir -p ${logDir} || \ + # ( echo "WARNING : Could not create parent directory (${logDir}) to redirect console log : ${file}" ; return 0 ) + # fi + + # #6 now points to the log file + # exec 6>>${file} + # #reference https://unix.stackexchange.com/questions/145651/using-exec-and-tee-to-redirect-logs-to-stdout-and-a-log-file-in-the-same-time + # exec 2>&1 > >(tee -a "${file}") +} + +# Check if a give key contains any sensitive string as part of it +# Based on the result, the caller can decide its value can be displayed or not +# Sample usage : isKeySensitive "${key}" && displayValue="******" || displayValue=${value} +isKeySensitive(){ + local key=$1 + local sensitiveKeys="password|secret|key|token" + + if [ -z "${key}" ]; then + return 1 + else + local lowercaseKey=$(echo "${key}" | tr '[:upper:]' '[:lower:]' 2>/dev/null) + [[ "${lowercaseKey}" =~ ${sensitiveKeys} ]] && return 0 || return 1 + fi +} + +getPrintableValueOfKey(){ + local displayValue= + local key="$1" + if [ -z "$key" ]; then + # This is actually an incorrect usage of this method but any logging will cause unexpected content in the caller + echo -n "" + return + fi + + local value="$2" + isKeySensitive "${key}" && displayValue="$SENSITIVE_KEY_VALUE" || displayValue="${value}" + echo -n $displayValue +} + +_createConsoleLog(){ + if [ -z "${JF_PRODUCT_HOME}" ]; then + return + fi + local targetFile="${JF_PRODUCT_HOME}/var/log/console.log" + mkdir -p "${JF_PRODUCT_HOME}/var/log" || true + if [ ! -f ${targetFile} ]; then + touch $targetFile > /dev/null 2>&1 || true + fi + chmod 640 $targetFile > /dev/null 2>&1 || true +} + +# Output from application's logs are piped to this method. It checks a configuration variable to determine if content should be logged to +# the common console.log file +redirectServiceLogsToFile() { + + local result="0" + # check if the function getSystemValue exists + LC_ALL=C type getSystemValue > /dev/null 2>&1 || result="$?" + if [[ "$result" != "0" ]]; then + warn "Couldn't find the systemYamlHelper. Skipping log redirection" + return 0 + fi + + getSystemValue "shared.consoleLog" "NOT_SET" + if [[ "${YAML_VALUE}" == "false" ]]; then + logger "Redirection is set to false. Skipping log redirection" + return 0; + fi + + if [ -z "${JF_PRODUCT_HOME}" ] || [ "${JF_PRODUCT_HOME}" == "" ]; then + warn "JF_PRODUCT_HOME is unavailable. Skipping log redirection" + return 0 + fi + + local targetFile="${JF_PRODUCT_HOME}/var/log/console.log" + + _createConsoleLog + + while read -r line; do + printf '%s\n' "${line}" >> $targetFile || return 0 # Don't want to log anything - might clutter the screen + done +} + +## Display environment variables starting with JF_ along with its value +## Value of sensitive keys will be displayed as "******" +## +## Sample Display : +## +## ======================== +## JF Environment variables +## ======================== +## +## JF_SHARED_NODE_ID : locahost +## JF_SHARED_JOINKEY : ****** +## +## +displayEnv() { + local JFEnv=$(printenv | grep ^JF_ 2>/dev/null) + local key= + local value= + + if [ -z "${JFEnv}" ]; then + return + fi + + cat << ENV_START_MESSAGE + +======================== +JF Environment variables +======================== +ENV_START_MESSAGE + + for entry in ${JFEnv}; do + key=$(echo "${entry}" | awk -F'=' '{print $1}') + value=$(echo "${entry}" | awk -F'=' '{print $2}') + + isKeySensitive "${key}" && value="******" || value=${value} + + printf "\n%-35s%s" "${key}" " : ${value}" + done + echo; +} + +_addLogRotateConfiguration() { + logDebug "Method ${FUNCNAME[0]}" + # mandatory inputs + local confFile="$1" + local logFile="$2" + + # Method available in _ioOperations.sh + LC_ALL=C type io_setYQPath > /dev/null 2>&1 || return 1 + + io_setYQPath + + # Method available in _systemYamlHelper.sh + LC_ALL=C type getSystemValue > /dev/null 2>&1 || return 1 + + local frequency="daily" + local archiveFolder="archived" + + local compressLogFiles= + getSystemValue "shared.logging.rotation.compress" "true" + if [[ "${YAML_VALUE}" == "true" ]]; then + compressLogFiles="compress" + fi + + getSystemValue "shared.logging.rotation.maxFiles" "10" + local noOfBackupFiles="${YAML_VALUE}" + + getSystemValue "shared.logging.rotation.maxSizeMb" "25" + local sizeOfFile="${YAML_VALUE}M" + + logDebug "Adding logrotate configuration for [$logFile] to [$confFile]" + + # Add configuration to file + local confContent=$(cat << LOGROTATECONF +$logFile { + $frequency + missingok + rotate $noOfBackupFiles + $compressLogFiles + notifempty + olddir $archiveFolder + dateext + extension .log + dateformat -%Y-%m-%d + size ${sizeOfFile} +} +LOGROTATECONF +) + echo "${confContent}" > ${confFile} || return 1 +} + +_operationIsBySameUser() { + local targetUser="$1" + local currentUserID=$(id -u) + local currentUserName=$(id -un) + + if [ $currentUserID == $targetUser ] || [ $currentUserName == $targetUser ]; then + echo -n "yes" + else + echo -n "no" + fi +} + +_addCronJobForLogrotate() { + logDebug "Method ${FUNCNAME[0]}" + + # Abort if logrotate is not available + [ "$(io_commandExists 'crontab')" != "yes" ] && warn "cron is not available" && return 1 + + # mandatory inputs + local productHome="$1" + local confFile="$2" + local cronJobOwner="$3" + + # We want to use our binary if possible. It may be more recent than the one in the OS + local logrotateBinary="$productHome/app/third-party/logrotate/logrotate" + + if [ ! -f "$logrotateBinary" ]; then + logrotateBinary="logrotate" + [ "$(io_commandExists 'logrotate')" != "yes" ] && warn "logrotate is not available" && return 1 + fi + local cmd="$logrotateBinary ${confFile} --state $productHome/var/etc/logrotate/logrotate-state" #--verbose + + id -u $cronJobOwner > /dev/null 2>&1 || { warn "User $cronJobOwner does not exist. Aborting logrotate configuration" && return 1; } + + # Remove the existing line + removeLogRotation "$productHome" "$cronJobOwner" || true + + # Run logrotate daily at 23:55 hours + local cronInterval="55 23 * * * $cmd" + + local standaloneMode=$(_operationIsBySameUser "$cronJobOwner") + + # If this is standalone mode, we cannot use -u - the user running this process may not have the necessary privileges + if [ "$standaloneMode" == "no" ]; then + (crontab -l -u $cronJobOwner 2>/dev/null; echo "$cronInterval") | crontab -u $cronJobOwner - + else + (crontab -l 2>/dev/null; echo "$cronInterval") | crontab - + fi +} + +## Configure logrotate for a product +## Failure conditions: +## If logrotation could not be setup for some reason +## Parameters: +## $1: The product name +## $2: The product home +## Depends on global: none +## Updates global: none +## Returns: NA + +configureLogRotation() { + logDebug "Method ${FUNCNAME[0]}" + + # mandatory inputs + local productName="$1" + if [ -z $productName ]; then + warn "Incorrect usage. A product name is necessary for configuring log rotation" && return 1 + fi + + local productHome="$2" + if [ -z $productHome ]; then + warn "Incorrect usage. A product home folder is necessary for configuring log rotation" && return 1 + fi + + local logFile="${productHome}/var/log/console.log" + if [[ $(uname) == "Darwin" ]]; then + logger "Log rotation for [$logFile] has not been configured. Please setup manually" + return 0 + fi + + local userID="$3" + if [ -z $userID ]; then + warn "Incorrect usage. A userID is necessary for configuring log rotation" && return 1 + fi + + local groupID=${4:-$userID} + local logConfigOwner=${5:-$userID} + + logDebug "Configuring log rotation as user [$userID], group [$groupID], effective cron User [$logConfigOwner]" + + local errorMessage="Could not configure logrotate. Please configure log rotation of the file: [$logFile] manually" + + local confFile="${productHome}/var/etc/logrotate/logrotate.conf" + + # TODO move to recursive method + createDir "${productHome}" "$userID" "$groupID" || { warn "${errorMessage}" && return 1; } + createDir "${productHome}/var" "$userID" "$groupID" || { warn "${errorMessage}" && return 1; } + createDir "${productHome}/var/log" "$userID" "$groupID" || { warn "${errorMessage}" && return 1; } + createDir "${productHome}/var/log/archived" "$userID" "$groupID" || { warn "${errorMessage}" && return 1; } + + # TODO move to recursive method + createDir "${productHome}/var/etc" "$userID" "$groupID" || { warn "${errorMessage}" && return 1; } + createDir "${productHome}/var/etc/logrotate" "$logConfigOwner" || { warn "${errorMessage}" && return 1; } + + # conf file should be owned by the user running the script + createFile "${confFile}" "${logConfigOwner}" || { warn "Could not create configuration file [$confFile]" return 1; } + + _addLogRotateConfiguration "${confFile}" "${logFile}" "$userID" "$groupID" || { warn "${errorMessage}" && return 1; } + _addCronJobForLogrotate "${productHome}" "${confFile}" "${logConfigOwner}" || { warn "${errorMessage}" && return 1; } +} + +_pauseExecution() { + if [ "${VERBOSE_MODE}" == "debug" ]; then + + local breakPoint="$1" + if [ ! -z "$breakPoint" ]; then + printf "${cBlue}Breakpoint${cClear} [$breakPoint] " + echo "" + fi + printf "${cBlue}Press enter once you are ready to continue${cClear}" + read -s choice + echo "" + fi +} + +# removeLogRotation "$productHome" "$cronJobOwner" || true +removeLogRotation() { + logDebug "Method ${FUNCNAME[0]}" + if [[ $(uname) == "Darwin" ]]; then + logDebug "Not implemented for Darwin." + return 0 + fi + local productHome="$1" + local cronJobOwner="$2" + local standaloneMode=$(_operationIsBySameUser "$cronJobOwner") + + local confFile="${productHome}/var/etc/logrotate/logrotate.conf" + + if [ "$standaloneMode" == "no" ]; then + crontab -l -u $cronJobOwner 2>/dev/null | grep -v "$confFile" | crontab -u $cronJobOwner - + else + crontab -l 2>/dev/null | grep -v "$confFile" | crontab - + fi +} + +# NOTE: This method does not check the configuration to see if redirection is necessary. +# This is intentional. If we don't redirect, tomcat logs might get redirected to a folder/file +# that does not exist, causing the service itself to not start +setupTomcatRedirection() { + logDebug "Method ${FUNCNAME[0]}" + local consoleLog="${JF_PRODUCT_HOME}/var/log/console.log" + _createConsoleLog + export CATALINA_OUT="${consoleLog}" +} + +setupScriptLogsRedirection() { + logDebug "Method ${FUNCNAME[0]}" + if [ -z "${JF_PRODUCT_HOME}" ]; then + logDebug "No JF_PRODUCT_HOME. Returning" + return + fi + # Create the console.log file if it is not already present + # _createConsoleLog || true + # # Ensure any logs (logger/logError/warn) also get redirected to the console.log + # # Using installer.log as a temparory fix. Please change this to console.log once INST-291 is fixed + export LOG_BEHAVIOR_ADD_REDIRECTION="${JF_PRODUCT_HOME}/var/log/console.log" + export LOG_BEHAVIOR_ADD_META="$FLAG_Y" +} + +# Returns Y if this method is run inside a container +isRunningInsideAContainer() { + if [ -f "/.dockerenv" ]; then + echo -n "$FLAG_Y" + else + echo -n "$FLAG_N" + fi +} + +POSTGRES_USER=999 +NGINX_USER=104 +NGINX_GROUP=107 +ES_USER=1000 +REDIS_USER=999 +MONGO_USER=999 +RABBITMQ_USER=999 +LOG_FILE_PERMISSION=640 +PID_FILE_PERMISSION=644 + +# Copy file +copyFile(){ + local source=$1 + local target=$2 + local mode=${3:-overwrite} + local enableVerbose=${4:-"${FLAG_N}"} + local verboseFlag="" + + if [ ! -z "${enableVerbose}" ] && [ "${enableVerbose}" == "${FLAG_Y}" ]; then + verboseFlag="-v" + fi + + if [[ ! ( $source && $target ) ]]; then + warn "Source and target is mandatory to copy file" + return 1 + fi + + if [[ -f "${target}" ]]; then + [[ "$mode" = "overwrite" ]] && ( cp ${verboseFlag} -f "$source" "$target" || errorExit "Unable to copy file, command : cp -f ${source} ${target}") || true + else + cp ${verboseFlag} -f "$source" "$target" || errorExit "Unable to copy file, command : cp -f ${source} ${target}" + fi +} + +# Copy files recursively from given source directory to destination directory +# This method wil copy but will NOT overwrite +# Destination will be created if its not available +copyFilesNoOverwrite(){ + local src=$1 + local dest=$2 + local enableVerboseCopy="${3:-${FLAG_Y}}" + + if [[ -z "${src}" || -z "${dest}" ]]; then + return + fi + + if [ -d "${src}" ] && [ "$(ls -A ${src})" ]; then + local relativeFilePath="" + local targetFilePath="" + + for file in $(find ${src} -type f 2>/dev/null) ; do + # Derive relative path and attach it to destination + # Example : + # src=/extra_config + # dest=/var/opt/jfrog/artifactory/etc + # file=/extra_config/config.xml + # relativeFilePath=config.xml + # targetFilePath=/var/opt/jfrog/artifactory/etc/config.xml + relativeFilePath=${file/${src}/} + targetFilePath=${dest}${relativeFilePath} + + createDir "$(dirname "$targetFilePath")" + copyFile "${file}" "${targetFilePath}" "no_overwrite" "${enableVerboseCopy}" + done + fi +} + +# TODO : WINDOWS ? +# Check the max open files and open processes set on the system +checkULimits () { + local minMaxOpenFiles=${1:-32000} + local minMaxOpenProcesses=${2:-1024} + local setValue=${3:-true} + local warningMsgForFiles=${4} + local warningMsgForProcesses=${5} + + logger "Checking open files and processes limits" + + local currentMaxOpenFiles=$(ulimit -n) + logger "Current max open files is $currentMaxOpenFiles" + if [ ${currentMaxOpenFiles} != "unlimited" ] && [ "$currentMaxOpenFiles" -lt "$minMaxOpenFiles" ]; then + if [ "${setValue}" ]; then + ulimit -n "${minMaxOpenFiles}" >/dev/null 2>&1 || warn "Max number of open files $currentMaxOpenFiles is low!" + [ -z "${warningMsgForFiles}" ] || warn "${warningMsgForFiles}" + else + errorExit "Max number of open files $currentMaxOpenFiles, is too low. Cannot run the application!" + fi + fi + + local currentMaxOpenProcesses=$(ulimit -u) + logger "Current max open processes is $currentMaxOpenProcesses" + if [ "$currentMaxOpenProcesses" != "unlimited" ] && [ "$currentMaxOpenProcesses" -lt "$minMaxOpenProcesses" ]; then + if [ "${setValue}" ]; then + ulimit -u "${minMaxOpenProcesses}" >/dev/null 2>&1 || warn "Max number of open files $currentMaxOpenFiles is low!" + [ -z "${warningMsgForProcesses}" ] || warn "${warningMsgForProcesses}" + else + errorExit "Max number of open files $currentMaxOpenProcesses, is too low. Cannot run the application!" + fi + fi +} + +createDirs() { + local appDataDir=$1 + local serviceName=$2 + local folders="backup bootstrap data etc logs work" + + [ -z "${appDataDir}" ] && errorExit "An application directory is mandatory to create its data structure" || true + [ -z "${serviceName}" ] && errorExit "A service name is mandatory to create service data structure" || true + + for folder in ${folders} + do + folder=${appDataDir}/${folder}/${serviceName} + if [ ! -d "${folder}" ]; then + logger "Creating folder : ${folder}" + mkdir -p "${folder}" || errorExit "Failed to create ${folder}" + fi + done +} + + +testReadWritePermissions () { + local dir_to_check=$1 + local error=false + + [ -d ${dir_to_check} ] || errorExit "'${dir_to_check}' is not a directory" + + local test_file=${dir_to_check}/test-permissions + + # Write file + if echo test > ${test_file} 1> /dev/null 2>&1; then + # Write succeeded. Testing read... + if cat ${test_file} > /dev/null; then + rm -f ${test_file} + else + error=true + fi + else + error=true + fi + + if [ ${error} == true ]; then + return 1 + else + return 0 + fi +} + +# Test directory has read/write permissions for current user +testDirectoryPermissions () { + local dir_to_check=$1 + local error=false + + [ -d ${dir_to_check} ] || errorExit "'${dir_to_check}' is not a directory" + + local u_id=$(id -u) + local id_str="id ${u_id}" + + logger "Testing directory ${dir_to_check} has read/write permissions for user ${id_str}" + + if ! testReadWritePermissions ${dir_to_check}; then + error=true + fi + + if [ "${error}" == true ]; then + local stat_data=$(stat -Lc "Directory: %n, permissions: %a, owner: %U, group: %G" ${dir_to_check}) + logger "###########################################################" + logger "${dir_to_check} DOES NOT have proper permissions for user ${id_str}" + logger "${stat_data}" + logger "Mounted directory must have read/write permissions for user ${id_str}" + logger "###########################################################" + errorExit "Directory ${dir_to_check} has bad permissions for user ${id_str}" + fi + logger "Permissions for ${dir_to_check} are good" +} + +# Utility method to create a directory path recursively with chown feature as +# Failure conditions: +## Exits if unable to create a directory +# Parameters: +## $1: Root directory from where the path can be created +## $2: List of recursive child directories seperated by space +## $3: user who should own the directory. Optional +## $4: group who should own the directory. Optional +# Depends on global: none +# Updates global: none +# Returns: NA +# +# Usage: +# createRecursiveDir "/opt/jfrog/product/var" "bootstrap tomcat lib" "user_name" "group_name" +createRecursiveDir(){ + local rootDir=$1 + local pathDirs=$2 + local user=$3 + local group=${4:-${user}} + local fullPath= + + [ ! -z "${rootDir}" ] || return 0 + + createDir "${rootDir}" "${user}" "${group}" + + [ ! -z "${pathDirs}" ] || return 0 + + fullPath=${rootDir} + + for dir in ${pathDirs}; do + fullPath=${fullPath}/${dir} + createDir "${fullPath}" "${user}" "${group}" + done +} + +# Utility method to create a directory +# Failure conditions: +## Exits if unable to create a directory +# Parameters: +## $1: directory to create +## $2: user who should own the directory. Optional +## $3: group who should own the directory. Optional +# Depends on global: none +# Updates global: none +# Returns: NA + +createDir(){ + local dirName="$1" + local printMessage=no + logSilly "Method ${FUNCNAME[0]} invoked with [$dirName]" + [ -z "${dirName}" ] && return + + logDebug "Attempting to create ${dirName}" + mkdir -p "${dirName}" || errorExit "Unable to create directory: [${dirName}]" + local userID="$2" + local groupID=${3:-$userID} + + # If UID/GID is passed, chown the folder + if [ ! -z "$userID" ] && [ ! -z "$groupID" ]; then + # Earlier, this line would have returned 1 if it failed. Now it just warns. + # This is intentional. Earlier, this line would NOT be reached if the folder already existed. + # Since it will always come to this line and the script may be running as a non-root user, this method will just warn if + # setting permissions fails (so as to not affect any existing flows) + io_setOwnershipNonRecursive "$dirName" "$userID" "$groupID" || warn "Could not set owner of [$dirName] to [$userID:$groupID]" + fi + # logging message to print created dir with user and group + local logMessage=${4:-$printMessage} + if [[ "${logMessage}" == "yes" ]]; then + logger "Successfully created directory [${dirName}]. Owner: [${userID}:${groupID}]" + fi +} + +removeSoftLinkAndCreateDir () { + local dirName="$1" + local userID="$2" + local groupID="$3" + local logMessage="$4" + removeSoftLink "${dirName}" + createDir "${dirName}" "${userID}" "${groupID}" "${logMessage}" +} + +# Utility method to remove a soft link +removeSoftLink () { + local dirName="$1" + if [[ -L "${dirName}" ]]; then + targetLink=$(readlink -f "${dirName}") + logger "Removing the symlink [${dirName}] pointing to [${targetLink}]" + rm -f "${dirName}" + fi +} + +# Check Directory exist in the path +checkDirExists () { + local directoryPath="$1" + + [[ -d "${directoryPath}" ]] && echo -n "true" || echo -n "false" +} + + +# Utility method to create a file +# Failure conditions: +# Parameters: +## $1: file to create +# Depends on global: none +# Updates global: none +# Returns: NA + +createFile(){ + local fileName="$1" + logSilly "Method ${FUNCNAME[0]} [$fileName]" + [ -f "${fileName}" ] && return 0 + touch "${fileName}" || return 1 + + local userID="$2" + local groupID=${3:-$userID} + + # If UID/GID is passed, chown the folder + if [ ! -z "$userID" ] && [ ! -z "$groupID" ]; then + io_setOwnership "$fileName" "$userID" "$groupID" || return 1 + fi +} + +# Check File exist in the filePath +# IMPORTANT- DON'T ADD LOGGING to this method +checkFileExists () { + local filePath="$1" + + [[ -f "${filePath}" ]] && echo -n "true" || echo -n "false" +} + +# Check for directories contains any (files or sub directories) +# IMPORTANT- DON'T ADD LOGGING to this method +checkDirContents () { + local directoryPath="$1" + if [[ "$(ls -1 "${directoryPath}" | wc -l)" -gt 0 ]]; then + echo -n "true" + else + echo -n "false" + fi +} + +# Check contents exist in directory +# IMPORTANT- DON'T ADD LOGGING to this method +checkContentExists () { + local source="$1" + + if [[ "$(checkDirContents "${source}")" != "true" ]]; then + echo -n "false" + else + echo -n "true" + fi +} + +# Resolve the variable +# IMPORTANT- DON'T ADD LOGGING to this method +evalVariable () { + local output="$1" + local input="$2" + + eval "${output}"=\${"${input}"} + eval echo \${"${output}"} +} + +# Usage: if [ "$(io_commandExists 'curl')" == "yes" ] +# IMPORTANT- DON'T ADD LOGGING to this method +io_commandExists() { + local commandToExecute="$1" + hash "${commandToExecute}" 2>/dev/null + local rt=$? + if [ "$rt" == 0 ]; then echo -n "yes"; else echo -n "no"; fi +} + +# Usage: if [ "$(io_curlExists)" != "yes" ] +# IMPORTANT- DON'T ADD LOGGING to this method +io_curlExists() { + io_commandExists "curl" +} + + +io_hasMatch() { + logSilly "Method ${FUNCNAME[0]}" + local result=0 + logDebug "Executing [echo \"$1\" | grep \"$2\" >/dev/null 2>&1]" + echo "$1" | grep "$2" >/dev/null 2>&1 || result=1 + return $result +} + +# Utility method to check if the string passed (usually a connection url) corresponds to this machine itself +# Failure conditions: None +# Parameters: +## $1: string to check against +# Depends on global: none +# Updates global: IS_LOCALHOST with value "yes/no" +# Returns: NA + +io_getIsLocalhost() { + logSilly "Method ${FUNCNAME[0]}" + IS_LOCALHOST="$FLAG_N" + local inputString="$1" + logDebug "Parsing [$inputString] to check if we are dealing with this machine itself" + + io_hasMatch "$inputString" "localhost" && { + logDebug "Found localhost. Returning [$FLAG_Y]" + IS_LOCALHOST="$FLAG_Y" && return; + } || logDebug "Did not find match for localhost" + + local hostIP=$(io_getPublicHostIP) + io_hasMatch "$inputString" "$hostIP" && { + logDebug "Found $hostIP. Returning [$FLAG_Y]" + IS_LOCALHOST="$FLAG_Y" && return; + } || logDebug "Did not find match for $hostIP" + + local hostID=$(io_getPublicHostID) + io_hasMatch "$inputString" "$hostID" && { + logDebug "Found $hostID. Returning [$FLAG_Y]" + IS_LOCALHOST="$FLAG_Y" && return; + } || logDebug "Did not find match for $hostID" + + local hostName=$(io_getPublicHostName) + io_hasMatch "$inputString" "$hostName" && { + logDebug "Found $hostName. Returning [$FLAG_Y]" + IS_LOCALHOST="$FLAG_Y" && return; + } || logDebug "Did not find match for $hostName" + +} + +# Usage: if [ "$(io_tarExists)" != "yes" ] +# IMPORTANT- DON'T ADD LOGGING to this method +io_tarExists() { + io_commandExists "tar" +} + +# IMPORTANT- DON'T ADD LOGGING to this method +io_getPublicHostIP() { + local OS_TYPE=$(uname) + local publicHostIP= + if [ "${OS_TYPE}" == "Darwin" ]; then + ipStatus=$(ifconfig en0 | grep "status" | awk '{print$2}') + if [ "${ipStatus}" == "active" ]; then + publicHostIP=$(ifconfig en0 | grep inet | grep -v inet6 | awk '{print $2}') + else + errorExit "Host IP could not be resolved!" + fi + elif [ "${OS_TYPE}" == "Linux" ]; then + publicHostIP=$(hostname -i 2>/dev/null || echo "127.0.0.1") + fi + publicHostIP=$(echo "${publicHostIP}" | awk '{print $1}') + echo -n "${publicHostIP}" +} + +# Will return the short host name (up to the first dot) +# IMPORTANT- DON'T ADD LOGGING to this method +io_getPublicHostName() { + echo -n "$(hostname -s)" +} + +# Will return the full host name (use this as much as possible) +# IMPORTANT- DON'T ADD LOGGING to this method +io_getPublicHostID() { + echo -n "$(hostname)" +} + +# Utility method to backup a file +# Failure conditions: NA +# Parameters: filePath +# Depends on global: none, +# Updates global: none +# Returns: NA +io_backupFile() { + logSilly "Method ${FUNCNAME[0]}" + fileName="$1" + if [ ! -f "${filePath}" ]; then + logDebug "No file: [${filePath}] to backup" + return + fi + dateTime=$(date +"%Y-%m-%d-%H-%M-%S") + targetFileName="${fileName}.backup.${dateTime}" + yes | \cp -f "$fileName" "${targetFileName}" + logger "File [${fileName}] backedup as [${targetFileName}]" +} + +# Reference https://stackoverflow.com/questions/4023830/how-to-compare-two-strings-in-dot-separated-version-format-in-bash/4025065#4025065 +is_number() { + case "$BASH_VERSION" in + 3.1.*) + PATTERN='\^\[0-9\]+\$' + ;; + *) + PATTERN='^[0-9]+$' + ;; + esac + + [[ "$1" =~ $PATTERN ]] +} + +io_compareVersions() { + if [[ $# != 2 ]] + then + echo "Usage: min_version current minimum" + return + fi + + A="${1%%.*}" + B="${2%%.*}" + + if [[ "$A" != "$1" && "$B" != "$2" && "$A" == "$B" ]] + then + io_compareVersions "${1#*.}" "${2#*.}" + else + if is_number "$A" && is_number "$B" + then + if [[ "$A" -eq "$B" ]]; then + echo "0" + elif [[ "$A" -gt "$B" ]]; then + echo "1" + elif [[ "$A" -lt "$B" ]]; then + echo "-1" + fi + fi + fi +} + +# Reference https://stackoverflow.com/questions/369758/how-to-trim-whitespace-from-a-bash-variable +# Strip all leading and trailing spaces +# IMPORTANT- DON'T ADD LOGGING to this method +io_trim() { + local var="$1" + # remove leading whitespace characters + var="${var#"${var%%[![:space:]]*}"}" + # remove trailing whitespace characters + var="${var%"${var##*[![:space:]]}"}" + echo -n "$var" +} + +# temporary function will be removing it ASAP +# search for string and replace text in file +replaceText_migration_hook () { + local regexString="$1" + local replaceText="$2" + local file="$3" + + if [[ "$(checkFileExists "${file}")" != "true" ]]; then + return + fi + if [[ $(uname) == "Darwin" ]]; then + sed -i '' -e "s/${regexString}/${replaceText}/" "${file}" || warn "Failed to replace the text in ${file}" + else + sed -i -e "s/${regexString}/${replaceText}/" "${file}" || warn "Failed to replace the text in ${file}" + fi +} + +# search for string and replace text in file +replaceText () { + local regexString="$1" + local replaceText="$2" + local file="$3" + + if [[ "$(checkFileExists "${file}")" != "true" ]]; then + return + fi + if [[ $(uname) == "Darwin" ]]; then + sed -i '' -e "s#${regexString}#${replaceText}#" "${file}" || warn "Failed to replace the text in ${file}" + else + sed -i -e "s#${regexString}#${replaceText}#" "${file}" || warn "Failed to replace the text in ${file}" + logDebug "Replaced [$regexString] with [$replaceText] in [$file]" + fi +} + +# search for string and prepend text in file +prependText () { + local regexString="$1" + local text="$2" + local file="$3" + + if [[ "$(checkFileExists "${file}")" != "true" ]]; then + return + fi + if [[ $(uname) == "Darwin" ]]; then + sed -i '' -e '/'"${regexString}"'/i\'$'\n\\'"${text}"''$'\n' "${file}" || warn "Failed to prepend the text in ${file}" + else + sed -i -e '/'"${regexString}"'/i\'$'\n\\'"${text}"''$'\n' "${file}" || warn "Failed to prepend the text in ${file}" + fi +} + +# add text to beginning of the file +addText () { + local text="$1" + local file="$2" + + if [[ "$(checkFileExists "${file}")" != "true" ]]; then + return + fi + if [[ $(uname) == "Darwin" ]]; then + sed -i '' -e '1s/^/'"${text}"'\'$'\n/' "${file}" || warn "Failed to add the text in ${file}" + else + sed -i -e '1s/^/'"${text}"'\'$'\n/' "${file}" || warn "Failed to add the text in ${file}" + fi +} + +io_replaceString () { + local value="$1" + local firstString="$2" + local secondString="$3" + local separator=${4:-"/"} + local updateValue= + if [[ $(uname) == "Darwin" ]]; then + updateValue=$(echo "${value}" | sed "s${separator}${firstString}${separator}${secondString}${separator}") + else + updateValue=$(echo "${value}" | sed "s${separator}${firstString}${separator}${secondString}${separator}") + fi + echo -n "${updateValue}" +} + +_findYQ() { + # logSilly "Method ${FUNCNAME[0]}" (Intentionally not logging. Does not add value) + local parentDir="$1" + if [ -z "$parentDir" ]; then + return + fi + logDebug "Executing command [find "${parentDir}" -name third-party -type d]" + local yq=$(find "${parentDir}" -name third-party -type d) + if [ -d "${yq}/yq" ]; then + export YQ_PATH="${yq}/yq" + fi +} + + +io_setYQPath() { + # logSilly "Method ${FUNCNAME[0]}" (Intentionally not logging. Does not add value) + if [ "$(io_commandExists 'yq')" == "yes" ]; then + return + fi + + if [ ! -z "${JF_PRODUCT_HOME}" ] && [ -d "${JF_PRODUCT_HOME}" ]; then + _findYQ "${JF_PRODUCT_HOME}" + fi + + if [ -z "${YQ_PATH}" ] && [ ! -z "${COMPOSE_HOME}" ] && [ -d "${COMPOSE_HOME}" ]; then + _findYQ "${COMPOSE_HOME}" + fi + # TODO We can remove this block after all the code is restructured. + if [ -z "${YQ_PATH}" ] && [ ! -z "${SCRIPT_HOME}" ] && [ -d "${SCRIPT_HOME}" ]; then + _findYQ "${SCRIPT_HOME}" + fi + +} + +io_getLinuxDistribution() { + LINUX_DISTRIBUTION= + + # Make sure running on Linux + [ $(uname -s) != "Linux" ] && return + + # Find out what Linux distribution we are on + + cat /etc/*-release | grep -i Red >/dev/null 2>&1 && LINUX_DISTRIBUTION=RedHat || true + + # OS 6.x + cat /etc/issue.net | grep Red >/dev/null 2>&1 && LINUX_DISTRIBUTION=RedHat || true + + # OS 7.x + cat /etc/*-release | grep -i centos >/dev/null 2>&1 && LINUX_DISTRIBUTION=CentOS && LINUX_DISTRIBUTION_VER="7" || true + + # OS 8.x + grep -q -i "release 8" /etc/redhat-release >/dev/null 2>&1 && LINUX_DISTRIBUTION_VER="8" || true + + # OS 7.x + grep -q -i "release 7" /etc/redhat-release >/dev/null 2>&1 && LINUX_DISTRIBUTION_VER="7" || true + + # OS 6.x + grep -q -i "release 6" /etc/redhat-release >/dev/null 2>&1 && LINUX_DISTRIBUTION_VER="6" || true + + cat /etc/*-release | grep -i Red | grep -i 'VERSION=7' >/dev/null 2>&1 && LINUX_DISTRIBUTION=RedHat && LINUX_DISTRIBUTION_VER="7" || true + + cat /etc/*-release | grep -i debian >/dev/null 2>&1 && LINUX_DISTRIBUTION=Debian || true + + cat /etc/*-release | grep -i ubuntu >/dev/null 2>&1 && LINUX_DISTRIBUTION=Ubuntu || true +} + +## Utility method to check ownership of folders/files +## Failure conditions: + ## If invoked with incorrect inputs - FATAL + ## If file is not owned by the user & group +## Parameters: + ## user + ## group + ## folder to chown +## Globals: none +## Returns: none +## NOTE: The method does NOTHING if the OS is Mac +io_checkOwner () { + logSilly "Method ${FUNCNAME[0]}" + local osType=$(uname) + + if [ "${osType}" != "Linux" ]; then + logDebug "Unsupported OS. Skipping check" + return 0 + fi + + local file_to_check=$1 + local user_id_to_check=$2 + + + if [ -z "$user_id_to_check" ] || [ -z "$file_to_check" ]; then + errorExit "Invalid invocation of method. Missing mandatory inputs" + fi + + local group_id_to_check=${3:-$user_id_to_check} + local check_user_name=${4:-"no"} + + logDebug "Checking permissions on [$file_to_check] for user [$user_id_to_check] & group [$group_id_to_check]" + + local stat= + + if [ "${check_user_name}" == "yes" ]; then + stat=( $(stat -Lc "%U %G" ${file_to_check}) ) + else + stat=( $(stat -Lc "%u %g" ${file_to_check}) ) + fi + + local user_id=${stat[0]} + local group_id=${stat[1]} + + if [[ "${user_id}" != "${user_id_to_check}" ]] || [[ "${group_id}" != "${group_id_to_check}" ]] ; then + logDebug "Ownership mismatch. [${file_to_check}] is not owned by [${user_id_to_check}:${group_id_to_check}]" + return 1 + else + return 0 + fi +} + +## Utility method to change ownership of a file/folder - NON recursive +## Failure conditions: + ## If invoked with incorrect inputs - FATAL + ## If chown operation fails - returns 1 +## Parameters: + ## user + ## group + ## file to chown +## Globals: none +## Returns: none +## NOTE: The method does NOTHING if the OS is Mac + +io_setOwnershipNonRecursive() { + + local osType=$(uname) + if [ "${osType}" != "Linux" ]; then + return + fi + + local targetFile=$1 + local user=$2 + + if [ -z "$user" ] || [ -z "$targetFile" ]; then + errorExit "Invalid invocation of method. Missing mandatory inputs" + fi + + local group=${3:-$user} + logDebug "Method ${FUNCNAME[0]}. Executing [chown ${user}:${group} ${targetFile}]" + chown ${user}:${group} ${targetFile} || return 1 +} + +## Utility method to change ownership of a file. +## IMPORTANT +## If being called on a folder, should ONLY be called for fresh folders or may cause performance issues +## Failure conditions: + ## If invoked with incorrect inputs - FATAL + ## If chown operation fails - returns 1 +## Parameters: + ## user + ## group + ## file to chown +## Globals: none +## Returns: none +## NOTE: The method does NOTHING if the OS is Mac + +io_setOwnership() { + + local osType=$(uname) + if [ "${osType}" != "Linux" ]; then + return + fi + + local targetFile=$1 + local user=$2 + + if [ -z "$user" ] || [ -z "$targetFile" ]; then + errorExit "Invalid invocation of method. Missing mandatory inputs" + fi + + local group=${3:-$user} + logDebug "Method ${FUNCNAME[0]}. Executing [chown -R ${user}:${group} ${targetFile}]" + chown -R ${user}:${group} ${targetFile} || return 1 +} + +## Utility method to create third party folder structure necessary for Postgres +## Failure conditions: +## If creation of directory or assigning permissions fails +## Parameters: none +## Globals: +## POSTGRESQL_DATA_ROOT +## Returns: none +## NOTE: The method does NOTHING if the folder already exists +io_createPostgresDir() { + logDebug "Method ${FUNCNAME[0]}" + [ -z "${POSTGRESQL_DATA_ROOT}" ] && return 0 + + logDebug "Property [${POSTGRESQL_DATA_ROOT}] exists. Proceeding" + + createDir "${POSTGRESQL_DATA_ROOT}/data" + io_setOwnership "${POSTGRESQL_DATA_ROOT}" "${POSTGRES_USER}" "${POSTGRES_USER}" || errorExit "Setting ownership of [${POSTGRESQL_DATA_ROOT}] to [${POSTGRES_USER}:${POSTGRES_USER}] failed" +} + +## Utility method to create third party folder structure necessary for Nginx +## Failure conditions: +## If creation of directory or assigning permissions fails +## Parameters: none +## Globals: +## NGINX_DATA_ROOT +## Returns: none +## NOTE: The method does NOTHING if the folder already exists +io_createNginxDir() { + logDebug "Method ${FUNCNAME[0]}" + [ -z "${NGINX_DATA_ROOT}" ] && return 0 + + logDebug "Property [${NGINX_DATA_ROOT}] exists. Proceeding" + + createDir "${NGINX_DATA_ROOT}" + io_setOwnership "${NGINX_DATA_ROOT}" "${NGINX_USER}" "${NGINX_GROUP}" || errorExit "Setting ownership of [${NGINX_DATA_ROOT}] to [${NGINX_USER}:${NGINX_GROUP}] failed" +} + +## Utility method to create third party folder structure necessary for ElasticSearch +## Failure conditions: +## If creation of directory or assigning permissions fails +## Parameters: none +## Globals: +## ELASTIC_DATA_ROOT +## Returns: none +## NOTE: The method does NOTHING if the folder already exists +io_createElasticSearchDir() { + logDebug "Method ${FUNCNAME[0]}" + [ -z "${ELASTIC_DATA_ROOT}" ] && return 0 + + logDebug "Property [${ELASTIC_DATA_ROOT}] exists. Proceeding" + + createDir "${ELASTIC_DATA_ROOT}/data" + io_setOwnership "${ELASTIC_DATA_ROOT}" "${ES_USER}" "${ES_USER}" || errorExit "Setting ownership of [${ELASTIC_DATA_ROOT}] to [${ES_USER}:${ES_USER}] failed" +} + +## Utility method to create third party folder structure necessary for Redis +## Failure conditions: +## If creation of directory or assigning permissions fails +## Parameters: none +## Globals: +## REDIS_DATA_ROOT +## Returns: none +## NOTE: The method does NOTHING if the folder already exists +io_createRedisDir() { + logDebug "Method ${FUNCNAME[0]}" + [ -z "${REDIS_DATA_ROOT}" ] && return 0 + + logDebug "Property [${REDIS_DATA_ROOT}] exists. Proceeding" + + createDir "${REDIS_DATA_ROOT}" + io_setOwnership "${REDIS_DATA_ROOT}" "${REDIS_USER}" "${REDIS_USER}" || errorExit "Setting ownership of [${REDIS_DATA_ROOT}] to [${REDIS_USER}:${REDIS_USER}] failed" +} + +## Utility method to create third party folder structure necessary for Mongo +## Failure conditions: +## If creation of directory or assigning permissions fails +## Parameters: none +## Globals: +## MONGODB_DATA_ROOT +## Returns: none +## NOTE: The method does NOTHING if the folder already exists +io_createMongoDir() { + logDebug "Method ${FUNCNAME[0]}" + [ -z "${MONGODB_DATA_ROOT}" ] && return 0 + + logDebug "Property [${MONGODB_DATA_ROOT}] exists. Proceeding" + + createDir "${MONGODB_DATA_ROOT}/logs" + createDir "${MONGODB_DATA_ROOT}/configdb" + createDir "${MONGODB_DATA_ROOT}/db" + io_setOwnership "${MONGODB_DATA_ROOT}" "${MONGO_USER}" "${MONGO_USER}" || errorExit "Setting ownership of [${MONGODB_DATA_ROOT}] to [${MONGO_USER}:${MONGO_USER}] failed" +} + +## Utility method to create third party folder structure necessary for RabbitMQ +## Failure conditions: +## If creation of directory or assigning permissions fails +## Parameters: none +## Globals: +## RABBITMQ_DATA_ROOT +## Returns: none +## NOTE: The method does NOTHING if the folder already exists +io_createRabbitMQDir() { + logDebug "Method ${FUNCNAME[0]}" + [ -z "${RABBITMQ_DATA_ROOT}" ] && return 0 + + logDebug "Property [${RABBITMQ_DATA_ROOT}] exists. Proceeding" + + createDir "${RABBITMQ_DATA_ROOT}" + io_setOwnership "${RABBITMQ_DATA_ROOT}" "${RABBITMQ_USER}" "${RABBITMQ_USER}" || errorExit "Setting ownership of [${RABBITMQ_DATA_ROOT}] to [${RABBITMQ_USER}:${RABBITMQ_USER}] failed" +} + +# Add or replace a property in provided properties file +addOrReplaceProperty() { + local propertyName=$1 + local propertyValue=$2 + local propertiesPath=$3 + local delimiter=${4:-"="} + + # Return if any of the inputs are empty + [[ -z "$propertyName" || "$propertyName" == "" ]] && return + [[ -z "$propertyValue" || "$propertyValue" == "" ]] && return + [[ -z "$propertiesPath" || "$propertiesPath" == "" ]] && return + + grep "^${propertyName}\s*${delimiter}.*$" ${propertiesPath} > /dev/null 2>&1 + [ $? -ne 0 ] && echo -e "\n${propertyName}${delimiter}${propertyValue}" >> ${propertiesPath} + sed -i -e "s|^${propertyName}\s*${delimiter}.*$|${propertyName}${delimiter}${propertyValue}|g;" ${propertiesPath} +} + +# Set property only if its not set +io_setPropertyNoOverride(){ + local propertyName=$1 + local propertyValue=$2 + local propertiesPath=$3 + + # Return if any of the inputs are empty + [[ -z "$propertyName" || "$propertyName" == "" ]] && return + [[ -z "$propertyValue" || "$propertyValue" == "" ]] && return + [[ -z "$propertiesPath" || "$propertiesPath" == "" ]] && return + + grep "^${propertyName}:" ${propertiesPath} > /dev/null 2>&1 + if [ $? -ne 0 ]; then + echo -e "${propertyName}: ${propertyValue}" >> ${propertiesPath} || warn "Setting property ${propertyName}: ${propertyValue} in [ ${propertiesPath} ] failed" + else + logger "Skipping update of property : ${propertyName}" >&6 + fi +} + +# Add a line to a file if it doesn't already exist +addLine() { + local line_to_add=$1 + local target_file=$2 + logger "Trying to add line $1 to $2" >&6 2>&1 + cat "$target_file" | grep -F "$line_to_add" -wq >&6 2>&1 + if [ $? != 0 ]; then + logger "Line does not exist and will be added" >&6 2>&1 + echo $line_to_add >> $target_file || errorExit "Could not update $target_file" + fi +} + +# Utility method to check if a value (first paramter) exists in an array (2nd parameter) +# 1st parameter "value to find" +# 2nd parameter "The array to search in. Please pass a string with each value separated by space" +# Example: containsElement "y" "y Y n N" +containsElement () { + local searchElement=$1 + local searchArray=($2) + local found=1 + for elementInIndex in "${searchArray[@]}";do + if [[ $elementInIndex == $searchElement ]]; then + found=0 + fi + done + return $found +} + +# Utility method to get user's choice +# 1st parameter "what to ask the user" +# 2nd parameter "what choices to accept, separated by spaces" +# 3rd parameter "what is the default choice (to use if the user simply presses Enter)" +# Example 'getUserChoice "Are you feeling lucky? Punk!" "y n Y N" "y"' +getUserChoice(){ + configureLogOutput + read_timeout=${read_timeout:-0.5} + local choice="na" + local text_to_display=$1 + local choices=$2 + local default_choice=$3 + users_choice= + + until containsElement "$choice" "$choices"; do + echo "";echo ""; + sleep $read_timeout #This ensures correct placement of the question. + read -p "$text_to_display :" choice + : ${choice:=$default_choice} + done + users_choice=$choice + echo -e "\n$text_to_display: $users_choice" >&6 + sleep $read_timeout #This ensures correct logging +} + +setFilePermission () { + local permission=$1 + local file=$2 + chmod "${permission}" "${file}" || warn "Setting permission ${permission} to file [ ${file} ] failed" +} + + +#setting required paths +setAppDir (){ + SCRIPT_DIR=$(dirname $0) + SCRIPT_HOME="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" + APP_DIR="`cd "${SCRIPT_HOME}";pwd`" +} + +ZIP_TYPE="zip" +COMPOSE_TYPE="compose" +HELM_TYPE="helm" +RPM_TYPE="rpm" +DEB_TYPE="debian" + +sourceScript () { + local file="$1" + + [ ! -z "${file}" ] || errorExit "target file is not passed to source a file" + + if [ ! -f "${file}" ]; then + errorExit "${file} file is not found" + else + source "${file}" || errorExit "Unable to source ${file}, please check if the user ${USER} has permissions to perform this action" + fi +} +# Source required helpers +initHelpers () { + local systemYamlHelper="${APP_DIR}/systemYamlHelper.sh" + local thirdPartyDir=$(find ${APP_DIR}/.. -name third-party -type d) + export YQ_PATH="${thirdPartyDir}/yq" + LIBXML2_PATH="${thirdPartyDir}/libxml2/bin/xmllint" + export LD_LIBRARY_PATH="${thirdPartyDir}/libxml2/lib" + sourceScript "${systemYamlHelper}" +} +# Check migration info yaml file available in the path +checkMigrationInfoYaml () { + + if [[ -f "${APP_DIR}/migrationHelmInfo.yaml" ]]; then + MIGRATION_SYSTEM_YAML_INFO="${APP_DIR}/migrationHelmInfo.yaml" + INSTALLER="${HELM_TYPE}" + elif [[ -f "${APP_DIR}/migrationZipInfo.yaml" ]]; then + MIGRATION_SYSTEM_YAML_INFO="${APP_DIR}/migrationZipInfo.yaml" + INSTALLER="${ZIP_TYPE}" + elif [[ -f "${APP_DIR}/migrationRpmInfo.yaml" ]]; then + MIGRATION_SYSTEM_YAML_INFO="${APP_DIR}/migrationRpmInfo.yaml" + INSTALLER="${RPM_TYPE}" + elif [[ -f "${APP_DIR}/migrationDebInfo.yaml" ]]; then + MIGRATION_SYSTEM_YAML_INFO="${APP_DIR}/migrationDebInfo.yaml" + INSTALLER="${DEB_TYPE}" + elif [[ -f "${APP_DIR}/migrationComposeInfo.yaml" ]]; then + MIGRATION_SYSTEM_YAML_INFO="${APP_DIR}/migrationComposeInfo.yaml" + INSTALLER="${COMPOSE_TYPE}" + else + errorExit "File migration Info yaml does not exist in [${APP_DIR}]" + fi +} + +retrieveYamlValue () { + local yamlPath="$1" + local value="$2" + local output="$3" + local message="$4" + + [[ -z "${yamlPath}" ]] && errorExit "yamlPath is mandatory to get value from ${MIGRATION_SYSTEM_YAML_INFO}" + + getYamlValue "${yamlPath}" "${MIGRATION_SYSTEM_YAML_INFO}" "false" + value="${YAML_VALUE}" + if [[ -z "${value}" ]]; then + if [[ "${output}" == "Warning" ]]; then + warn "Empty value for ${yamlPath} in [${MIGRATION_SYSTEM_YAML_INFO}]" + elif [[ "${output}" == "Skip" ]]; then + return + else + errorExit "${message}" + fi + fi +} + +checkEnv () { + + if [[ "${INSTALLER}" == "${ZIP_TYPE}" ]]; then + # check Environment JF_PRODUCT_HOME is set before migration + NEW_DATA_DIR="$(evalVariable "NEW_DATA_DIR" "JF_PRODUCT_HOME")" + if [[ -z "${NEW_DATA_DIR}" ]]; then + errorExit "Environment variable JF_PRODUCT_HOME is not set, this is required to perform Migration" + fi + # appending var directory to $JF_PRODUCT_HOME + NEW_DATA_DIR="${NEW_DATA_DIR}/var" + elif [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then + getCustomDataDir_hook + NEW_DATA_DIR="${OLD_DATA_DIR}" + if [[ -z "${NEW_DATA_DIR}" ]] && [[ -z "${OLD_DATA_DIR}" ]]; then + errorExit "Could not find ${PROMPT_DATA_DIR_LOCATION} to perform Migration" + fi + else + # check Environment JF_ROOT_DATA_DIR is set before migration + OLD_DATA_DIR="$(evalVariable "OLD_DATA_DIR" "JF_ROOT_DATA_DIR")" + # check Environment JF_ROOT_DATA_DIR is set before migration + NEW_DATA_DIR="$(evalVariable "NEW_DATA_DIR" "JF_ROOT_DATA_DIR")" + if [[ -z "${NEW_DATA_DIR}" ]] && [[ -z "${OLD_DATA_DIR}" ]]; then + errorExit "Could not find ${PROMPT_DATA_DIR_LOCATION} to perform Migration" + fi + # appending var directory to $JF_PRODUCT_HOME + NEW_DATA_DIR="${NEW_DATA_DIR}/var" + fi + +} + +getDataDir () { + + if [[ "${INSTALLER}" == "${ZIP_TYPE}" || "${INSTALLER}" == "${COMPOSE_TYPE}"|| "${INSTALLER}" == "${HELM_TYPE}" ]]; then + checkEnv + else + getCustomDataDir_hook + NEW_DATA_DIR="`cd "${APP_DIR}"/../../;pwd`" + NEW_DATA_DIR="${NEW_DATA_DIR}/var" + fi +} + +# Retrieve Product name from MIGRATION_SYSTEM_YAML_INFO +getProduct () { + retrieveYamlValue "migration.product" "${YAML_VALUE}" "Fail" "Empty value under ${yamlPath} in [${MIGRATION_SYSTEM_YAML_INFO}]" + PRODUCT="${YAML_VALUE}" + PRODUCT=$(echo "${PRODUCT}" | tr '[:upper:]' '[:lower:]' 2>/dev/null) + if [[ "${PRODUCT}" != "artifactory" && "${PRODUCT}" != "distribution" && "${PRODUCT}" != "xray" ]]; then + errorExit "migration.product in [${MIGRATION_SYSTEM_YAML_INFO}] is not correct, please set based on product as ARTIFACTORY or DISTRIBUTION" + fi + if [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then + JF_USER="${PRODUCT}" + fi +} +# Compare product version with minProductVersion and maxProductVersion +migrateCheckVersion () { + local productVersion="$1" + local minProductVersion="$2" + local maxProductVersion="$3" + local productVersion618="6.18.0" + local unSupportedProductVersions7=("7.2.0 7.2.1") + + if [[ "$(io_compareVersions "${productVersion}" "${maxProductVersion}")" -eq 0 || "$(io_compareVersions "${productVersion}" "${maxProductVersion}")" -eq 1 ]]; then + logger "Migration not necessary. ${PRODUCT} is already ${productVersion}" + exit 11 + elif [[ "$(io_compareVersions "${productVersion}" "${minProductVersion}")" -eq 0 || "$(io_compareVersions "${productVersion}" "${minProductVersion}")" -eq 1 ]]; then + if [[ ("$(io_compareVersions "${productVersion}" "${productVersion618}")" -eq 0 || "$(io_compareVersions "${productVersion}" "${productVersion618}")" -eq 1) && " ${unSupportedProductVersions7[@]} " =~ " ${CURRENT_VERSION} " ]]; then + touch /tmp/error; + errorExit "Current ${PRODUCT} version (${productVersion}) does not support migration to ${CURRENT_VERSION}" + else + bannerStart "Detected ${PRODUCT} ${productVersion}, initiating migration" + fi + else + logger "Current ${PRODUCT} ${productVersion} version is not supported for migration" + exit 1 + fi +} + +getProductVersion () { + local minProductVersion="$1" + local maxProductVersion="$2" + local newfilePath="$3" + local oldfilePath="$4" + local propertyInDocker="$5" + local property="$6" + local productVersion= + local status= + + if [[ "$INSTALLER" == "${COMPOSE_TYPE}" ]]; then + if [[ -f "${oldfilePath}" ]]; then + if [[ "${PRODUCT}" == "artifactory" ]]; then + productVersion="$(readKey "${property}" "${oldfilePath}")" + else + productVersion="$(cat "${oldfilePath}")" + fi + status="success" + elif [[ -f "${newfilePath}" ]]; then + productVersion="$(readKey "${propertyInDocker}" "${newfilePath}")" + status="fail" + else + logger "File [${oldfilePath}] or [${newfilePath}] not found to get current version." + exit 0 + fi + elif [[ "$INSTALLER" == "${HELM_TYPE}" ]]; then + if [[ -f "${oldfilePath}" ]]; then + if [[ "${PRODUCT}" == "artifactory" ]]; then + productVersion="$(readKey "${property}" "${oldfilePath}")" + else + productVersion="$(cat "${oldfilePath}")" + fi + status="success" + else + productVersion="${CURRENT_VERSION}" + [[ -z "${productVersion}" || "${productVersion}" == "" ]] && logger "${PRODUCT} CURRENT_VERSION is not set" && exit 0 + fi + else + if [[ -f "${newfilePath}" ]]; then + productVersion="$(readKey "${property}" "${newfilePath}")" + status="fail" + elif [[ -f "${oldfilePath}" ]]; then + productVersion="$(readKey "${property}" "${oldfilePath}")" + status="success" + else + if [[ "${INSTALLER}" == "${ZIP_TYPE}" ]]; then + logger "File [${newfilePath}] not found to get current version." + else + logger "File [${oldfilePath}] or [${newfilePath}] not found to get current version." + fi + exit 0 + fi + fi + if [[ -z "${productVersion}" || "${productVersion}" == "" ]]; then + [[ "${status}" == "success" ]] && logger "No version found in file [${oldfilePath}]." + [[ "${status}" == "fail" ]] && logger "No version found in file [${newfilePath}]." + exit 0 + fi + + migrateCheckVersion "${productVersion}" "${minProductVersion}" "${maxProductVersion}" +} + +readKey () { + local property="$1" + local file="$2" + local version= + + while IFS='=' read -r key value || [ -n "${key}" ]; + do + [[ ! "${key}" =~ \#.* && ! -z "${key}" && ! -z "${value}" ]] + key="$(io_trim "${key}")" + if [[ "${key}" == "${property}" ]]; then + version="${value}" && check=true && break + else + check=false + fi + done < "${file}" + if [[ "${check}" == "false" ]]; then + return + fi + echo "${version}" +} + +# create Log directory +createLogDir () { + if [[ "${INSTALLER}" == "${DEB_TYPE}" || "${INSTALLER}" == "${RPM_TYPE}" ]]; then + getUserAndGroupFromFile + removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/log" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" + fi +} + +# Creating migration log file +creationMigrateLog () { + local LOG_FILE_NAME="migration.log" + createLogDir + local MIGRATION_LOG_FILE="${NEW_DATA_DIR}/log/${LOG_FILE_NAME}" + if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then + MIGRATION_LOG_FILE="${SCRIPT_HOME}/${LOG_FILE_NAME}" + fi + touch "${MIGRATION_LOG_FILE}" + setFilePermission "${LOG_FILE_PERMISSION}" "${MIGRATION_LOG_FILE}" + exec &> >(tee -a "${MIGRATION_LOG_FILE}") +} +# Set path where system.yaml should create +setSystemYamlPath () { + SYSTEM_YAML_PATH="${NEW_DATA_DIR}/etc/system.yaml" + if [[ "${INSTALLER}" != "${HELM_TYPE}" ]]; then + logger "system.yaml will be created in path [${SYSTEM_YAML_PATH}]" + fi +} +# Create directory +createDirectory () { + local directory="$1" + local output="$2" + local check=false + local message="Could not create directory ${directory}, please check if the user ${USER} has permissions to perform this action" + removeSoftLink "${directory}" + mkdir -p "${directory}" && check=true || check=false + if [[ "${check}" == "false" ]]; then + if [[ "${output}" == "Warning" ]]; then + warn "${message}" + else + errorExit "${message}" + fi + fi + setOwnershipBasedOnInstaller "${directory}" +} + +setOwnershipBasedOnInstaller () { + local directory="$1" + if [[ "${INSTALLER}" == "${DEB_TYPE}" || "${INSTALLER}" == "${RPM_TYPE}" ]]; then + getUserAndGroupFromFile + chown -R ${USER_TO_CHECK}:${GROUP_TO_CHECK} "${directory}" || warn "Setting ownership on $directory failed" + elif [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then + io_setOwnership "${directory}" "${JF_USER}" "${JF_USER}" + fi +} + +getUserAndGroup () { + local file="$1" + read uid gid <<<$(stat -c '%U %G' ${file}) + USER_TO_CHECK="${uid}" + GROUP_TO_CHECK="${gid}" +} + +# set ownership +getUserAndGroupFromFile () { + case $PRODUCT in + artifactory) + getUserAndGroup "/etc/opt/jfrog/artifactory/artifactory.properties" + ;; + distribution) + getUserAndGroup "${OLD_DATA_DIR}/etc/versions.properties" + ;; + xray) + getUserAndGroup "${OLD_DATA_DIR}/security/master.key" + ;; + esac +} + +# creating required directories +createRequiredDirs () { + bannerSubSection "CREATING REQUIRED DIRECTORIES" + if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then + removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/etc/security" "${JF_USER}" "${JF_USER}" "yes" + removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/data" "${JF_USER}" "${JF_USER}" "yes" + removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/log/archived" "${JF_USER}" "${JF_USER}" "yes" + removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/work" "${JF_USER}" "${JF_USER}" "yes" + removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/backup" "${JF_USER}" "${JF_USER}" "yes" + io_setOwnership "${NEW_DATA_DIR}" "${JF_USER}" "${JF_USER}" + if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" ]]; then + removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/data/postgres" "${POSTGRES_USER}" "${POSTGRES_USER}" "yes" + fi + elif [[ "${INSTALLER}" == "${DEB_TYPE}" || "${INSTALLER}" == "${RPM_TYPE}" ]]; then + getUserAndGroupFromFile + removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/etc" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" "yes" + removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/etc/security" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" "yes" + removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/data" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" "yes" + removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/log/archived" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" "yes" + removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/work" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" "yes" + removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/backup" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" "yes" + fi +} + +# Check entry in map is format +checkMapEntry () { + local entry="$1" + + [[ "${entry}" != *"="* ]] && echo -n "false" || echo -n "true" +} +# Check value Empty and warn +warnIfEmpty () { + local filePath="$1" + local yamlPath="$2" + local check= + + if [[ -z "${filePath}" ]]; then + warn "Empty value in yamlpath [${yamlPath} in [${MIGRATION_SYSTEM_YAML_INFO}]" + check=false + else + check=true + fi + echo "${check}" +} + +logCopyStatus () { + local status="$1" + local logMessage="$2" + local warnMessage="$3" + + [[ "${status}" == "success" ]] && logger "${logMessage}" + [[ "${status}" == "fail" ]] && warn "${warnMessage}" +} +# copy contents from source to destination +copyCmd () { + local source="$1" + local target="$2" + local mode="$3" + local status= + + case $mode in + unique) + cp -up "${source}"/* "${target}"/ && status="success" || status="fail" + logCopyStatus "${status}" "Successfully copied directory contents from [${source}] to [${target}]" "Failed to copy directory contents from [${source}] to [${target}]" + ;; + specific) + cp -pf "${source}" "${target}"/ && status="success" || status="fail" + logCopyStatus "${status}" "Successfully copied file [${source}] to [${target}]" "Failed to copy file [${source}] to [${target}]" + ;; + patternFiles) + cp -pf "${source}"* "${target}"/ && status="success" || status="fail" + logCopyStatus "${status}" "Successfully copied files matching [${source}*] to [${target}]" "Failed to copy files matching [${source}*] to [${target}]" + ;; + full) + cp -prf "${source}"/* "${target}"/ && status="success" || status="fail" + logCopyStatus "${status}" "Successfully copied directory contents from [${source}] to [${target}]" "Failed to copy directory contents from [${source}] to [${target}]" + ;; + esac +} +# Check contents exist in source before copying +copyOnContentExist () { + local source="$1" + local target="$2" + local mode="$3" + + if [[ "$(checkContentExists "${source}")" == "true" ]]; then + copyCmd "${source}" "${target}" "${mode}" + else + logger "No contents to copy from [${source}]" + fi +} + +# move source to destination +moveCmd () { + local source="$1" + local target="$2" + local status= + + mv -f "${source}" "${target}" && status="success" || status="fail" + [[ "${status}" == "success" ]] && logger "Successfully moved directory [${source}] to [${target}]" + [[ "${status}" == "fail" ]] && warn "Failed to move directory [${source}] to [${target}]" +} + +# symlink target to source +symlinkCmd () { + local source="$1" + local target="$2" + local symlinkSubDir="$3" + local check=false + + if [[ "${symlinkSubDir}" == "subDir" ]]; then + ln -sf "${source}"/* "${target}" && check=true || check=false + else + ln -sf "${source}" "${target}" && check=true || check=false + fi + + [[ "${check}" == "true" ]] && logger "Successfully symlinked directory [${target}] to old [${source}]" + [[ "${check}" == "false" ]] && warn "Symlink operation failed" +} +# Check contents exist in source before symlinking +symlinkOnExist () { + local source="$1" + local target="$2" + local symlinkSubDir="$3" + + if [[ "$(checkContentExists "${source}")" == "true" ]]; then + if [[ "${symlinkSubDir}" == "subDir" ]]; then + symlinkCmd "${source}" "${target}" "subDir" + else + symlinkCmd "${source}" "${target}" + fi + else + logger "No contents to symlink from [${source}]" + fi +} + +prependDir () { + local absolutePath="$1" + local fullPath="$2" + local sourcePath= + + if [[ "${absolutePath}" = \/* ]]; then + sourcePath="${absolutePath}" + else + sourcePath="${fullPath}" + fi + echo "${sourcePath}" +} + +getFirstEntry (){ + local entry="$1" + + [[ -z "${entry}" ]] && return + echo "${entry}" | awk -F"=" '{print $1}' +} + +getSecondEntry () { + local entry="$1" + + [[ -z "${entry}" ]] && return + echo "${entry}" | awk -F"=" '{print $2}' +} +# To get absolutePath +pathResolver () { + local directoryPath="$1" + local dataDir= + + if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then + retrieveYamlValue "migration.oldDataDir" "oldDataDir" "Warning" + dataDir="${YAML_VALUE}" + cd "${dataDir}" + else + cd "${OLD_DATA_DIR}" + fi + absoluteDir="`cd "${directoryPath}";pwd`" + echo "${absoluteDir}" +} + +checkPathResolver () { + local value="$1" + + if [[ "${value}" == \/* ]]; then + value="${value}" + else + value="$(pathResolver "${value}")" + fi + echo "${value}" +} + +propertyMigrate () { + local entry="$1" + local filePath="$2" + local fileName="$3" + local check=false + + local yamlPath="$(getFirstEntry "${entry}")" + local property="$(getSecondEntry "${entry}")" + if [[ -z "${property}" ]]; then + warn "Property is empty in map [${entry}] in the file [${MIGRATION_SYSTEM_YAML_INFO}]" + return + fi + if [[ -z "${yamlPath}" ]]; then + warn "yamlPath is empty for [${property}] in [${MIGRATION_SYSTEM_YAML_INFO}]" + return + fi + while IFS='=' read -r key value || [ -n "${key}" ]; + do + [[ ! "${key}" =~ \#.* && ! -z "${key}" && ! -z "${value}" ]] + key="$(io_trim "${key}")" + if [[ "${key}" == "${property}" ]]; then + if [[ "${PRODUCT}" == "artifactory" ]]; then + value="$(migrateResolveDerbyPath "${key}" "${value}")" + value="$(migrateResolveHaDirPath "${key}" "${value}")" + value="$(updatePostgresUrlString_Hook "${yamlPath}" "${value}")" + fi + if [[ "${key}" == "context.url" ]]; then + local ip=$(echo "${value}" | awk -F/ '{print $3}' | sed 's/:.*//') + setSystemValue "shared.node.ip" "${ip}" "${SYSTEM_YAML_PATH}" + logger "Setting [shared.node.ip] with [${ip}] in system.yaml" + fi + setSystemValue "${yamlPath}" "${value}" "${SYSTEM_YAML_PATH}" && logger "Setting [${yamlPath}] with value of the property [${property}] in system.yaml" && check=true && break || check=false + fi + done < "${NEW_DATA_DIR}/${filePath}/${fileName}" + [[ "${check}" == "false" ]] && logger "Property [${property}] not found in file [${fileName}]" +} + +setHaEnabled_hook () { + echo "" +} + +migratePropertiesFiles () { + local fileList= + local filePath= + local fileName= + local map= + + retrieveYamlValue "migration.propertyFiles.files" "fileList" "Skip" + fileList="${YAML_VALUE}" + if [[ -z "${fileList}" ]]; then + return + fi + bannerSection "PROCESSING MIGRATION OF PROPERTY FILES" + for file in ${fileList}; + do + bannerSubSection "Processing Migration of $file" + retrieveYamlValue "migration.propertyFiles.$file.filePath" "filePath" "Warning" + filePath="${YAML_VALUE}" + retrieveYamlValue "migration.propertyFiles.$file.fileName" "fileName" "Warning" + fileName="${YAML_VALUE}" + [[ -z "${filePath}" && -z "${fileName}" ]] && continue + if [[ "$(checkFileExists "${NEW_DATA_DIR}/${filePath}/${fileName}")" == "true" ]]; then + logger "File [${fileName}] found in path [${NEW_DATA_DIR}/${filePath}]" + # setting haEnabled with true only if ha-node.properties is present + setHaEnabled_hook "${filePath}" + retrieveYamlValue "migration.propertyFiles.$file.map" "map" "Warning" + map="${YAML_VALUE}" + [[ -z "${map}" ]] && continue + for entry in $map; + do + if [[ "$(checkMapEntry "${entry}")" == "true" ]]; then + propertyMigrate "${entry}" "${filePath}" "${fileName}" + else + warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e yamlPath=property" + fi + done + else + logger "File [${fileName}] was not found in path [${NEW_DATA_DIR}/${filePath}] to migrate" + fi + done +} + +createTargetDir () { + local mountDir="$1" + local target="$2" + + logger "Target directory not found [${mountDir}/${target}], creating it" + createDirectoryRecursive "${mountDir}" "${target}" "Warning" +} + +createDirectoryRecursive () { + local mountDir="$1" + local target="$2" + local output="$3" + local check=false + local message="Could not create directory ${directory}, please check if the user ${USER} has permissions to perform this action" + removeSoftLink "${mountDir}/${target}" + local directory=$(echo "${target}" | tr '/' ' ' ) + local targetDir="${mountDir}" + for dir in ${directory}; + do + targetDir="${targetDir}/${dir}" + mkdir -p "${targetDir}" && check=true || check=false + setOwnershipBasedOnInstaller "${targetDir}" + done + if [[ "${check}" == "false" ]]; then + if [[ "${output}" == "Warning" ]]; then + warn "${message}" + else + errorExit "${message}" + fi + fi +} + +copyOperation () { + local source="$1" + local target="$2" + local mode="$3" + local check=false + local targetDataDir= + local targetLink= + local date= + + # prepend OLD_DATA_DIR only if source is relative path + source="$(prependDir "${source}" "${OLD_DATA_DIR}/${source}")" + if [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then + targetDataDir="${NEW_DATA_DIR}" + else + targetDataDir="`cd "${NEW_DATA_DIR}"/../;pwd`" + fi + copyLogMessage "${mode}" + #remove source if it is a symlink + if [[ -L "${source}" ]]; then + targetLink=$(readlink -f "${source}") + logger "Removing the symlink [${source}] pointing to [${targetLink}]" + rm -f "${source}" + source=${targetLink} + fi + if [[ "$(checkDirExists "${source}")" != "true" ]]; then + logger "Source [${source}] directory not found in path" + return + fi + if [[ "$(checkDirContents "${source}")" != "true" ]]; then + logger "No contents to copy from [${source}]" + return + fi + if [[ "$(checkDirExists "${targetDataDir}/${target}")" != "true" ]]; then + createTargetDir "${targetDataDir}" "${target}" + fi + copyOnContentExist "${source}" "${targetDataDir}/${target}" "${mode}" +} + +copySpecificFiles () { + local source="$1" + local target="$2" + local mode="$3" + + # prepend OLD_DATA_DIR only if source is relative path + source="$(prependDir "${source}" "${OLD_DATA_DIR}/${source}")" + if [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then + targetDataDir="${NEW_DATA_DIR}" + else + targetDataDir="`cd "${NEW_DATA_DIR}"/../;pwd`" + fi + copyLogMessage "${mode}" + if [[ "$(checkFileExists "${source}")" != "true" ]]; then + logger "Source file [${source}] does not exist in path" + return + fi + if [[ "$(checkDirExists "${targetDataDir}/${target}")" != "true" ]]; then + createTargetDir "${targetDataDir}" "${target}" + fi + copyCmd "${source}" "${targetDataDir}/${target}" "${mode}" +} + +copyPatternMatchingFiles () { + local source="$1" + local target="$2" + local mode="$3" + local sourcePath="${4}" + + # prepend OLD_DATA_DIR only if source is relative path + sourcePath="$(prependDir "${sourcePath}" "${OLD_DATA_DIR}/${sourcePath}")" + if [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then + targetDataDir="${NEW_DATA_DIR}" + else + targetDataDir="`cd "${NEW_DATA_DIR}"/../;pwd`" + fi + copyLogMessage "${mode}" + if [[ "$(checkDirExists "${sourcePath}")" != "true" ]]; then + logger "Source [${sourcePath}] directory not found in path" + return + fi + if ls "${sourcePath}/${source}"* 1> /dev/null 2>&1; then + if [[ "$(checkDirExists "${targetDataDir}/${target}")" != "true" ]]; then + createTargetDir "${targetDataDir}" "${target}" + fi + copyCmd "${sourcePath}/${source}" "${targetDataDir}/${target}" "${mode}" + else + logger "Source file [${sourcePath}/${source}*] does not exist in path" + fi +} + +copyLogMessage () { + local mode="$1" + case $mode in + specific) + logger "Copy file [${source}] to target [${targetDataDir}/${target}]" + ;; + patternFiles) + logger "Copy files matching [${sourcePath}/${source}*] to target [${targetDataDir}/${target}]" + ;; + full) + logger "Copy directory contents from source [${source}] to target [${targetDataDir}/${target}]" + ;; + unique) + logger "Copy directory contents from source [${source}] to target [${targetDataDir}/${target}]" + ;; + esac +} + +copyBannerMessages () { + local mode="$1" + local textMode="$2" + case $mode in + specific) + bannerSection "COPY ${textMode} FILES" + ;; + patternFiles) + bannerSection "COPY MATCHING ${textMode}" + ;; + full) + bannerSection "COPY ${textMode} DIRECTORIES CONTENTS" + ;; + unique) + bannerSection "COPY ${textMode} DIRECTORIES CONTENTS" + ;; + esac +} + +invokeCopyFunctions () { + local mode="$1" + local source="$2" + local target="$3" + + case $mode in + specific) + copySpecificFiles "${source}" "${target}" "${mode}" + ;; + patternFiles) + retrieveYamlValue "migration.${copyFormat}.sourcePath" "map" "Warning" + local sourcePath="${YAML_VALUE}" + copyPatternMatchingFiles "${source}" "${target}" "${mode}" "${sourcePath}" + ;; + full) + copyOperation "${source}" "${target}" "${mode}" + ;; + unique) + copyOperation "${source}" "${target}" "${mode}" + ;; + esac +} +# Copies contents from source directory and target directory +copyDataDirectories () { + local copyFormat="$1" + local mode="$2" + local map= + local source= + local target= + local textMode= + local targetDataDir= + local copyFormatValue= + + retrieveYamlValue "migration.${copyFormat}" "${copyFormat}" "Skip" + copyFormatValue="${YAML_VALUE}" + if [[ -z "${copyFormatValue}" ]]; then + return + fi + textMode=$(echo "${mode}" | tr '[:lower:]' '[:upper:]' 2>/dev/null) + copyBannerMessages "${mode}" "${textMode}" + retrieveYamlValue "migration.${copyFormat}.map" "map" "Warning" + map="${YAML_VALUE}" + if [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then + targetDataDir="${NEW_DATA_DIR}" + else + targetDataDir="`cd "${NEW_DATA_DIR}"/../;pwd`" + fi + for entry in $map; + do + if [[ "$(checkMapEntry "${entry}")" == "true" ]]; then + source="$(getSecondEntry "${entry}")" + target="$(getFirstEntry "${entry}")" + [[ -z "${source}" ]] && warn "source value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue + [[ -z "${target}" ]] && warn "target value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue + invokeCopyFunctions "${mode}" "${source}" "${target}" + else + warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e target=source" + fi + echo ""; + done +} + +invokeMoveFunctions () { + local source="$1" + local target="$2" + local sourceDataDir= + local targetBasename= + # prepend OLD_DATA_DIR only if source is relative path + sourceDataDir=$(prependDir "${source}" "${OLD_DATA_DIR}/${source}") + targetBasename=$(dirname "${target}") + logger "Moving directory source [${sourceDataDir}] to target [${NEW_DATA_DIR}/${target}]" + if [[ "$(checkDirExists "${sourceDataDir}")" != "true" ]]; then + logger "Directory [${sourceDataDir}] not found in path to move" + return + fi + if [[ "$(checkDirExists "${NEW_DATA_DIR}/${targetBasename}")" != "true" ]]; then + createTargetDir "${NEW_DATA_DIR}" "${targetBasename}" + moveCmd "${sourceDataDir}" "${NEW_DATA_DIR}/${target}" + else + moveCmd "${sourceDataDir}" "${NEW_DATA_DIR}/tempDir" + moveCmd "${NEW_DATA_DIR}/tempDir" "${NEW_DATA_DIR}/${target}" + fi +} + +# Move source directory and target directory +moveDirectories () { + local moveDataDirectories= + local map= + local source= + local target= + + retrieveYamlValue "migration.moveDirectories" "moveDirectories" "Skip" + moveDirectories="${YAML_VALUE}" + if [[ -z "${moveDirectories}" ]]; then + return + fi + bannerSection "MOVE DIRECTORIES" + retrieveYamlValue "migration.moveDirectories.map" "map" "Warning" + map="${YAML_VALUE}" + for entry in $map; + do + if [[ "$(checkMapEntry "${entry}")" == "true" ]]; then + source="$(getSecondEntry "${entry}")" + target="$(getFirstEntry "${entry}")" + [[ -z "${source}" ]] && warn "source value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue + [[ -z "${target}" ]] && warn "target value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue + invokeMoveFunctions "${source}" "${target}" + else + warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e target=source" + fi + echo ""; + done +} + +# Trim masterKey if its generated using hex 32 +trimMasterKey () { + local masterKeyDir=/opt/jfrog/artifactory/var/etc/security + local oldMasterKey=$(<${masterKeyDir}/master.key) + local oldMasterKey_Length=$(echo ${#oldMasterKey}) + local newMasterKey= + if [[ ${oldMasterKey_Length} -gt 32 ]]; then + bannerSection "TRIM MASTERKEY" + newMasterKey=$(echo ${oldMasterKey:0:32}) + cp ${masterKeyDir}/master.key ${masterKeyDir}/backup_master.key + logger "Original masterKey is backed up : ${masterKeyDir}/backup_master.key" + rm -rf ${masterKeyDir}/master.key + echo ${newMasterKey} > ${masterKeyDir}/master.key + logger "masterKey is trimmed : ${masterKeyDir}/master.key" + fi +} + +copyDirectories () { + + copyDataDirectories "copyFiles" "full" + copyDataDirectories "copyUniqueFiles" "unique" + copyDataDirectories "copySpecificFiles" "specific" + copyDataDirectories "copyPatternMatchingFiles" "patternFiles" +} + +symlinkDir () { + local source="$1" + local target="$2" + local targetDir= + local basename= + local targetParentDir= + + targetDir="$(dirname "${target}")" + if [[ "${targetDir}" == "${source}" ]]; then + # symlink the sub directories + createDirectory "${NEW_DATA_DIR}/${target}" "Warning" + if [[ "$(checkDirExists "${NEW_DATA_DIR}/${target}")" == "true" ]]; then + symlinkOnExist "${OLD_DATA_DIR}/${source}" "${NEW_DATA_DIR}/${target}" "subDir" + basename="$(basename "${target}")" + cd "${NEW_DATA_DIR}/${target}" && rm -f "${basename}" + fi + else + targetParentDir="$(dirname "${NEW_DATA_DIR}/${target}")" + createDirectory "${targetParentDir}" "Warning" + if [[ "$(checkDirExists "${targetParentDir}")" == "true" ]]; then + symlinkOnExist "${OLD_DATA_DIR}/${source}" "${NEW_DATA_DIR}/${target}" + fi + fi +} + +symlinkOperation () { + local source="$1" + local target="$2" + local check=false + local targetLink= + local date= + + # Check if source is a link and do symlink + if [[ -L "${OLD_DATA_DIR}/${source}" ]]; then + targetLink=$(readlink -f "${OLD_DATA_DIR}/${source}") + symlinkOnExist "${targetLink}" "${NEW_DATA_DIR}/${target}" + else + # check if source is directory and do symlink + if [[ "$(checkDirExists "${OLD_DATA_DIR}/${source}")" != "true" ]]; then + logger "Source [${source}] directory not found in path to symlink" + return + fi + if [[ "$(checkDirContents "${OLD_DATA_DIR}/${source}")" != "true" ]]; then + logger "No contents found in [${OLD_DATA_DIR}/${source}] to symlink" + return + fi + if [[ "$(checkDirExists "${NEW_DATA_DIR}/${target}")" != "true" ]]; then + logger "Target directory [${NEW_DATA_DIR}/${target}] does not exist to create symlink, creating it" + symlinkDir "${source}" "${target}" + else + rm -rf "${NEW_DATA_DIR}/${target}" && check=true || check=false + [[ "${check}" == "false" ]] && warn "Failed to remove contents in [${NEW_DATA_DIR}/${target}/]" + symlinkDir "${source}" "${target}" + fi + fi +} +# Creates a symlink path - Source directory to which the symbolic link should point. +symlinkDirectories () { + local linkFiles= + local map= + local source= + local target= + + retrieveYamlValue "migration.linkFiles" "linkFiles" "Skip" + linkFiles="${YAML_VALUE}" + if [[ -z "${linkFiles}" ]]; then + return + fi + bannerSection "SYMLINK DIRECTORIES" + retrieveYamlValue "migration.linkFiles.map" "map" "Warning" + map="${YAML_VALUE}" + for entry in $map; + do + if [[ "$(checkMapEntry "${entry}")" == "true" ]]; then + source="$(getSecondEntry "${entry}")" + target="$(getFirstEntry "${entry}")" + logger "Symlink directory [${NEW_DATA_DIR}/${target}] to old [${OLD_DATA_DIR}/${source}]" + [[ -z "${source}" ]] && warn "source value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue + [[ -z "${target}" ]] && warn "target value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue + symlinkOperation "${source}" "${target}" + else + warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e target=source" + fi + echo ""; + done +} + +updateConnectionString () { + local yamlPath="$1" + local value="$2" + local mongoPath="shared.mongo.url" + local rabbitmqPath="shared.rabbitMq.url" + local postgresPath="shared.database.url" + local redisPath="shared.redis.connectionString" + local mongoConnectionString="mongo.connectionString" + local sourceKey= + local hostIp=$(io_getPublicHostIP) + local hostKey= + + if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then + # Replace @postgres:,@mongodb:,@rabbitmq:,@redis: to @{hostIp}: (Compose Installer) + hostKey="@${hostIp}:" + case $yamlPath in + ${postgresPath}) + sourceKey="@postgres:" + value=$(io_replaceString "${value}" "${sourceKey}" "${hostKey}") + ;; + ${mongoPath}) + sourceKey="@mongodb:" + value=$(io_replaceString "${value}" "${sourceKey}" "${hostKey}") + ;; + ${rabbitmqPath}) + sourceKey="@rabbitmq:" + value=$(io_replaceString "${value}" "${sourceKey}" "${hostKey}") + ;; + ${redisPath}) + sourceKey="@redis:" + value=$(io_replaceString "${value}" "${sourceKey}" "${hostKey}") + ;; + ${mongoConnectionString}) + sourceKey="@mongodb:" + value=$(io_replaceString "${value}" "${sourceKey}" "${hostKey}") + ;; + esac + fi + echo -n "${value}" +} + +yamlMigrate () { + local entry="$1" + local sourceFile="$2" + local value= + local yamlPath= + local key= + yamlPath="$(getFirstEntry "${entry}")" + key="$(getSecondEntry "${entry}")" + if [[ -z "${key}" ]]; then + warn "key is empty in map [${entry}] in the file [${MIGRATION_SYSTEM_YAML_INFO}]" + return + fi + if [[ -z "${yamlPath}" ]]; then + warn "yamlPath is empty for [${key}] in [${MIGRATION_SYSTEM_YAML_INFO}]" + return + fi + getYamlValue "${key}" "${sourceFile}" "false" + value="${YAML_VALUE}" + if [[ ! -z "${value}" ]]; then + value=$(updateConnectionString "${yamlPath}" "${value}") + fi + if [[ "${PRODUCT}" == "artifactory" ]]; then + replicatorProfiling + fi + if [[ -z "${value}" ]]; then + logger "No value for [${key}] in [${sourceFile}]" + else + setSystemValue "${yamlPath}" "${value}" "${SYSTEM_YAML_PATH}" + logger "Setting [${yamlPath}] with value of the key [${key}] in system.yaml" + fi +} + +migrateYamlFile () { + local files= + local filePath= + local fileName= + local sourceFile= + local map= + retrieveYamlValue "migration.yaml.files" "files" "Skip" + files="${YAML_VALUE}" + if [[ -z "${files}" ]]; then + return + fi + bannerSection "MIGRATION OF YAML FILES" + for file in $files; + do + bannerSubSection "Processing Migration of $file" + retrieveYamlValue "migration.yaml.$file.filePath" "filePath" "Warning" + filePath="${YAML_VALUE}" + retrieveYamlValue "migration.yaml.$file.fileName" "fileName" "Warning" + fileName="${YAML_VALUE}" + [[ -z "${filePath}" && -z "${fileName}" ]] && continue + sourceFile="${NEW_DATA_DIR}/${filePath}/${fileName}" + if [[ "$(checkFileExists "${sourceFile}")" == "true" ]]; then + logger "File [${fileName}] found in path [${NEW_DATA_DIR}/${filePath}]" + retrieveYamlValue "migration.yaml.$file.map" "map" "Warning" + map="${YAML_VALUE}" + [[ -z "${map}" ]] && continue + for entry in $map; + do + if [[ "$(checkMapEntry "${entry}")" == "true" ]]; then + yamlMigrate "${entry}" "${sourceFile}" + else + warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e yamlPath=key" + fi + done + else + logger "File [${fileName}] is not found in path [${NEW_DATA_DIR}/${filePath}] to migrate" + fi + done +} +# updates the key and value in system.yaml +updateYamlKeyValue () { + local entry="$1" + local value= + local yamlPath= + local key= + + yamlPath="$(getFirstEntry "${entry}")" + value="$(getSecondEntry "${entry}")" + if [[ -z "${value}" ]]; then + warn "value is empty in map [${entry}] in the file [${MIGRATION_SYSTEM_YAML_INFO}]" + return + fi + if [[ -z "${yamlPath}" ]]; then + warn "yamlPath is empty for [${key}] in [${MIGRATION_SYSTEM_YAML_INFO}]" + return + fi + setSystemValue "${yamlPath}" "${value}" "${SYSTEM_YAML_PATH}" + logger "Setting [${yamlPath}] with value [${value}] in system.yaml" +} + +updateSystemYamlFile () { + local updateYaml= + local map= + + retrieveYamlValue "migration.updateSystemYaml" "updateYaml" "Skip" + updateSystemYaml="${YAML_VALUE}" + if [[ -z "${updateSystemYaml}" ]]; then + return + fi + bannerSection "UPDATE SYSTEM YAML FILE WITH KEY AND VALUES" + retrieveYamlValue "migration.updateSystemYaml.map" "map" "Warning" + map="${YAML_VALUE}" + if [[ -z "${map}" ]]; then + return + fi + for entry in $map; + do + if [[ "$(checkMapEntry "${entry}")" == "true" ]]; then + updateYamlKeyValue "${entry}" + else + warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e yamlPath=key" + fi + done +} + +backupFiles_hook () { + logSilly "Method ${FUNCNAME[0]}" +} + +backupDirectory () { + local backupDir="$1" + local dir="$2" + local targetDir="$3" + local effectiveUser= + local effectiveGroup= + + if [[ "${dir}" = \/* ]]; then + dir=$(echo "${dir/\//}") + fi + + if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then + effectiveUser="${JF_USER}" + effectiveGroup="${JF_USER}" + elif [[ "${INSTALLER}" == "${DEB_TYPE}" || "${INSTALLER}" == "${RPM_TYPE}" ]]; then + effectiveUser="${USER_TO_CHECK}" + effectiveGroup="${GROUP_TO_CHECK}" + fi + + removeSoftLinkAndCreateDir "${backupDir}" "${effectiveUser}" "${effectiveGroup}" "yes" + local backupDirectory="${backupDir}/${PRODUCT}" + removeSoftLinkAndCreateDir "${backupDirectory}" "${effectiveUser}" "${effectiveGroup}" "yes" + removeSoftLinkAndCreateDir "${backupDirectory}/${dir}" "${effectiveUser}" "${effectiveGroup}" "yes" + local outputCheckDirExists="$(checkDirExists "${backupDirectory}/${dir}")" + if [[ "${outputCheckDirExists}" == "true" ]]; then + copyOnContentExist "${targetDir}" "${backupDirectory}/${dir}" "full" + fi +} + +removeOldDirectory () { + local backupDir="$1" + local entry="$2" + local check=false + + # prepend OLD_DATA_DIR only if entry is relative path + local targetDir="$(prependDir "${entry}" "${OLD_DATA_DIR}/${entry}")" + local outputCheckDirExists="$(checkDirExists "${targetDir}")" + if [[ "${outputCheckDirExists}" != "true" ]]; then + logger "No [${targetDir}] directory found to delete" + echo ""; + return + fi + backupDirectory "${backupDir}" "${entry}" "${targetDir}" + rm -rf "${targetDir}" && check=true || check=false + [[ "${check}" == "true" ]] && logger "Successfully removed directory [${targetDir}]" + [[ "${check}" == "false" ]] && warn "Failed to remove directory [${targetDir}]" + echo ""; +} + +cleanUpOldDataDirectories () { + local cleanUpOldDataDir= + local map= + local entry= + + retrieveYamlValue "migration.cleanUpOldDataDir" "cleanUpOldDataDir" "Skip" + cleanUpOldDataDir="${YAML_VALUE}" + if [[ -z "${cleanUpOldDataDir}" ]]; then + return + fi + bannerSection "CLEAN UP OLD DATA DIRECTORIES" + retrieveYamlValue "migration.cleanUpOldDataDir.map" "map" "Warning" + map="${YAML_VALUE}" + [[ -z "${map}" ]] && continue + date="$(date +%Y%m%d%H%M)" + backupDir="${NEW_DATA_DIR}/backup/backup-${date}" + bannerImportant "****** Old data configurations are backedup in [${backupDir}] directory ******" + backupFiles_hook "${backupDir}/${PRODUCT}" + for entry in $map; + do + removeOldDirectory "${backupDir}" "${entry}" + done +} + +backupFiles () { + local backupDir="$1" + local dir="$2" + local targetDir="$3" + local fileName="$4" + local effectiveUser= + local effectiveGroup= + + if [[ "${dir}" = \/* ]]; then + dir=$(echo "${dir/\//}") + fi + + if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then + effectiveUser="${JF_USER}" + effectiveGroup="${JF_USER}" + elif [[ "${INSTALLER}" == "${DEB_TYPE}" || "${INSTALLER}" == "${RPM_TYPE}" ]]; then + effectiveUser="${USER_TO_CHECK}" + effectiveGroup="${GROUP_TO_CHECK}" + fi + + removeSoftLinkAndCreateDir "${backupDir}" "${effectiveUser}" "${effectiveGroup}" "yes" + local backupDirectory="${backupDir}/${PRODUCT}" + removeSoftLinkAndCreateDir "${backupDirectory}" "${effectiveUser}" "${effectiveGroup}" "yes" + removeSoftLinkAndCreateDir "${backupDirectory}/${dir}" "${effectiveUser}" "${effectiveGroup}" "yes" + local outputCheckDirExists="$(checkDirExists "${backupDirectory}/${dir}")" + if [[ "${outputCheckDirExists}" == "true" ]]; then + copyCmd "${targetDir}/${fileName}" "${backupDirectory}/${dir}" "specific" + fi +} + +removeOldFiles () { + local backupDir="$1" + local directoryName="$2" + local fileName="$3" + local check=false + + # prepend OLD_DATA_DIR only if entry is relative path + local targetDir="$(prependDir "${directoryName}" "${OLD_DATA_DIR}/${directoryName}")" + local outputCheckFileExists="$(checkFileExists "${targetDir}/${fileName}")" + if [[ "${outputCheckFileExists}" != "true" ]]; then + logger "No [${targetDir}/${fileName}] file found to delete" + return + fi + backupFiles "${backupDir}" "${directoryName}" "${targetDir}" "${fileName}" + rm -f "${targetDir}/${fileName}" && check=true || check=false + [[ "${check}" == "true" ]] && logger "Successfully removed file [${targetDir}/${fileName}]" + [[ "${check}" == "false" ]] && warn "Failed to remove file [${targetDir}/${fileName}]" + echo ""; +} + +cleanUpOldFiles () { + local cleanUpFiles= + local map= + local entry= + + retrieveYamlValue "migration.cleanUpOldFiles" "cleanUpOldFiles" "Skip" + cleanUpOldFiles="${YAML_VALUE}" + if [[ -z "${cleanUpOldFiles}" ]]; then + return + fi + bannerSection "CLEAN UP OLD FILES" + retrieveYamlValue "migration.cleanUpOldFiles.map" "map" "Warning" + map="${YAML_VALUE}" + [[ -z "${map}" ]] && continue + date="$(date +%Y%m%d%H%M)" + backupDir="${NEW_DATA_DIR}/backup/backup-${date}" + bannerImportant "****** Old files are backedup in [${backupDir}] directory ******" + for entry in $map; + do + local outputCheckMapEntry="$(checkMapEntry "${entry}")" + if [[ "${outputCheckMapEntry}" != "true" ]]; then + warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e directoryName=fileName" + fi + local fileName="$(getSecondEntry "${entry}")" + local directoryName="$(getFirstEntry "${entry}")" + [[ -z "${fileName}" ]] && warn "File name value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue + [[ -z "${directoryName}" ]] && warn "Directory name value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue + removeOldFiles "${backupDir}" "${directoryName}" "${fileName}" + echo ""; + done +} + +startMigration () { + bannerSection "STARTING MIGRATION" +} + +endMigration () { + bannerSection "MIGRATION COMPLETED SUCCESSFULLY" +} + +initialize () { + setAppDir + _pauseExecution "setAppDir" + initHelpers + _pauseExecution "initHelpers" + checkMigrationInfoYaml + _pauseExecution "checkMigrationInfoYaml" + getProduct + _pauseExecution "getProduct" + getDataDir + _pauseExecution "getDataDir" +} + +main () { + case $PRODUCT in + artifactory) + migrateArtifactory + ;; + distribution) + migrateDistribution + ;; + xray) + migrationXray + ;; + esac + exit 0 +} + +# Ensures meta data is logged +LOG_BEHAVIOR_ADD_META="$FLAG_Y" + + +migrateResolveDerbyPath () { + local key="$1" + local value="$2" + + if [[ "${key}" == "url" && "${value}" == *"db.home"* ]]; then + if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" ]]; then + derbyPath="/opt/jfrog/artifactory/var/data/artifactory/derby" + value=$(echo "${value}" | sed "s|{db.home}|$derbyPath|") + else + derbyPath="${NEW_DATA_DIR}/data/artifactory/derby" + value=$(echo "${value}" | sed "s|{db.home}|$derbyPath|") + fi + fi + echo "${value}" +} + +migrateResolveHaDirPath () { + local key="$1" + local value="$2" + + if [[ "${INSTALLER}" == "${RPM_TYPE}" || "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" || "${INSTALLER}" == "${DEB_TYPE}" ]]; then + if [[ "${key}" == "artifactory.ha.data.dir" || "${key}" == "artifactory.ha.backup.dir" ]]; then + value=$(checkPathResolver "${value}") + fi + fi + echo "${value}" +} +updatePostgresUrlString_Hook () { + local yamlPath="$1" + local value="$2" + local hostIp=$(io_getPublicHostIP) + local sourceKey="//postgresql:" + if [[ "${yamlPath}" == "shared.database.url" ]]; then + value=$(io_replaceString "${value}" "${sourceKey}" "//${hostIp}:" "#") + fi + echo "${value}" +} +# Check Artifactory product version +checkArtifactoryVersion () { + local minProductVersion="6.0.0" + local maxProductVersion="7.0.0" + local propertyInDocker="ARTIFACTORY_VERSION" + local property="artifactory.version" + + if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" ]]; then + local newfilePath="${APP_DIR}/../.env" + local oldfilePath="${OLD_DATA_DIR}/etc/artifactory.properties" + elif [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then + local oldfilePath="${OLD_DATA_DIR}/etc/artifactory.properties" + elif [[ "${INSTALLER}" == "${ZIP_TYPE}" ]]; then + local newfilePath="${NEW_DATA_DIR}/etc/artifactory/artifactory.properties" + local oldfilePath="${OLD_DATA_DIR}/etc/artifactory.properties" + else + local newfilePath="${NEW_DATA_DIR}/etc/artifactory/artifactory.properties" + local oldfilePath="/etc/opt/jfrog/artifactory/artifactory.properties" + fi + + getProductVersion "${minProductVersion}" "${maxProductVersion}" "${newfilePath}" "${oldfilePath}" "${propertyInDocker}" "${property}" +} + +getCustomDataDir_hook () { + retrieveYamlValue "migration.oldDataDir" "oldDataDir" "Fail" + OLD_DATA_DIR="${YAML_VALUE}" +} + +# Get protocol value of connector +getXmlConnectorProtocol () { + local i="$1" + local filePath="$2" + local fileName="$3" + local protocolValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@protocol' ${filePath}/${fileName} 2>/dev/null |awk -F"=" '{print $2}' | tr -d '"') + echo -e "${protocolValue}" +} + +# Get all attributes of connector +getXmlConnectorAttributes () { + local i="$1" + local filePath="$2" + local fileName="$3" + local connectorAttributes=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@*' ${filePath}/${fileName} 2>/dev/null) + # strip leading and trailing spaces + connectorAttributes=$(io_trim "${connectorAttributes}") + echo "${connectorAttributes}" +} + +# Get port value of connector +getXmlConnectorPort () { + local i="$1" + local filePath="$2" + local fileName="$3" + local portValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@port' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') + echo -e "${portValue}" +} + +# Get maxThreads value of connector +getXmlConnectorMaxThreads () { + local i="$1" + local filePath="$2" + local fileName="$3" + local maxThreadValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@maxThreads' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') + echo -e "${maxThreadValue}" +} +# Get sendReasonPhrase value of connector +getXmlConnectorSendReasonPhrase () { + local i="$1" + local filePath="$2" + local fileName="$3" + local sendReasonPhraseValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@sendReasonPhrase' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') + echo -e "${sendReasonPhraseValue}" +} +# Get relaxedPathChars value of connector +getXmlConnectorRelaxedPathChars () { + local i="$1" + local filePath="$2" + local fileName="$3" + local relaxedPathCharsValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@relaxedPathChars' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') + # strip leading and trailing spaces + relaxedPathCharsValue=$(io_trim "${relaxedPathCharsValue}") + echo -e "${relaxedPathCharsValue}" +} +# Get relaxedQueryChars value of connector +getXmlConnectorRelaxedQueryChars () { + local i="$1" + local filePath="$2" + local fileName="$3" + local relaxedQueryCharsValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@relaxedQueryChars' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') + # strip leading and trailing spaces + relaxedQueryCharsValue=$(io_trim "${relaxedQueryCharsValue}") + echo -e "${relaxedQueryCharsValue}" +} + +# Updating system.yaml with Connector port +setConnectorPort () { + local yamlPath="$1" + local valuePort="$2" + local portYamlPath= + if [[ -z "${yamlPath}" ]]; then + return + fi + if [[ -z "${valuePort}" ]]; then + warn "port value is empty, could not migrate to system.yaml" + return + fi + ## Getting port yaml path from migration info yaml + retrieveYamlValue "${yamlPath}" portYamlPath "Warning" + portYamlPath="${YAML_VALUE}" + if [[ -z "${portYamlPath}" ]]; then + return + fi + setSystemValue "${portYamlPath}" "${valuePort}" "${SYSTEM_YAML_PATH}" + logger "Setting [${portYamlPath}] with value [${valuePort}] in system.yaml" +} + +# Updating system.yaml with Connector maxThreads +setConnectorMaxThread () { + local yamlPath="$1" + local threadValue="$2" + local maxThreadYamlPath= + if [[ -z "${yamlPath}" ]]; then + return + fi + if [[ -z "${threadValue}" ]]; then + return + fi + ## Getting max Threads yaml path from migration info yaml + retrieveYamlValue "${yamlPath}" maxThreadYamlPath "Warning" + maxThreadYamlPath="${YAML_VALUE}" + if [[ -z "${maxThreadYamlPath}" ]]; then + return + fi + setSystemValue "${maxThreadYamlPath}" "${threadValue}" "${SYSTEM_YAML_PATH}" + logger "Setting [${maxThreadYamlPath}] with value [${threadValue}] in system.yaml" +} + +# Updating system.yaml with Connector sendReasonPhrase +setConnectorSendReasonPhrase () { + local yamlPath="$1" + local sendReasonPhraseValue="$2" + local sendReasonPhraseYamlPath= + if [[ -z "${yamlPath}" ]]; then + return + fi + if [[ -z "${sendReasonPhraseValue}" ]]; then + return + fi + ## Getting sendReasonPhrase yaml path from migration info yaml + retrieveYamlValue "${yamlPath}" sendReasonPhraseYamlPath "Warning" + sendReasonPhraseYamlPath="${YAML_VALUE}" + if [[ -z "${sendReasonPhraseYamlPath}" ]]; then + return + fi + setSystemValue "${sendReasonPhraseYamlPath}" "${sendReasonPhraseValue}" "${SYSTEM_YAML_PATH}" + logger "Setting [${sendReasonPhraseYamlPath}] with value [${sendReasonPhraseValue}] in system.yaml" +} + +# Updating system.yaml with Connector relaxedPathChars +setConnectorRelaxedPathChars () { + local yamlPath="$1" + local relaxedPathCharsValue="$2" + local relaxedPathCharsYamlPath= + if [[ -z "${yamlPath}" ]]; then + return + fi + if [[ -z "${relaxedPathCharsValue}" ]]; then + return + fi + ## Getting relaxedPathChars yaml path from migration info yaml + retrieveYamlValue "${yamlPath}" relaxedPathCharsYamlPath "Warning" + relaxedPathCharsYamlPath="${YAML_VALUE}" + if [[ -z "${relaxedPathCharsYamlPath}" ]]; then + return + fi + setSystemValue "${relaxedPathCharsYamlPath}" "${relaxedPathCharsValue}" "${SYSTEM_YAML_PATH}" + logger "Setting [${relaxedPathCharsYamlPath}] with value [${relaxedPathCharsValue}] in system.yaml" +} + +# Updating system.yaml with Connector relaxedQueryChars +setConnectorRelaxedQueryChars () { + local yamlPath="$1" + local relaxedQueryCharsValue="$2" + local relaxedQueryCharsYamlPath= + if [[ -z "${yamlPath}" ]]; then + return + fi + if [[ -z "${relaxedQueryCharsValue}" ]]; then + return + fi + ## Getting relaxedQueryChars yaml path from migration info yaml + retrieveYamlValue "${yamlPath}" relaxedQueryCharsYamlPath "Warning" + relaxedQueryCharsYamlPath="${YAML_VALUE}" + if [[ -z "${relaxedQueryCharsYamlPath}" ]]; then + return + fi + setSystemValue "${relaxedQueryCharsYamlPath}" "${relaxedQueryCharsValue}" "${SYSTEM_YAML_PATH}" + logger "Setting [${relaxedQueryCharsYamlPath}] with value [${relaxedQueryCharsValue}] in system.yaml" +} + +# Updating system.yaml with Connectors configurations +setConnectorExtraConfig () { + local yamlPath="$1" + local connectorAttributes="$2" + local extraConfigPath= + if [[ -z "${yamlPath}" ]]; then + return + fi + if [[ -z "${connectorAttributes}" ]]; then + return + fi + ## Getting extraConfig yaml path from migration info yaml + retrieveYamlValue "${yamlPath}" extraConfig "Warning" + extraConfigPath="${YAML_VALUE}" + if [[ -z "${extraConfigPath}" ]]; then + return + fi + # strip leading and trailing spaces + connectorAttributes=$(io_trim "${connectorAttributes}") + setSystemValue "${extraConfigPath}" "${connectorAttributes}" "${SYSTEM_YAML_PATH}" + logger "Setting [${extraConfigPath}] with connector attributes in system.yaml" +} + +# Updating system.yaml with extra Connectors +setExtraConnector () { + local yamlPath="$1" + local extraConnector="$2" + local extraConnectorYamlPath= + if [[ -z "${yamlPath}" ]]; then + return + fi + if [[ -z "${extraConnector}" ]]; then + return + fi + ## Getting extraConnecotr yaml path from migration info yaml + retrieveYamlValue "${yamlPath}" extraConnectorYamlPath "Warning" + extraConnectorYamlPath="${YAML_VALUE}" + if [[ -z "${extraConnectorYamlPath}" ]]; then + return + fi + getYamlValue "${extraConnectorYamlPath}" "${SYSTEM_YAML_PATH}" "false" + local connectorExtra="${YAML_VALUE}" + if [[ -z "${connectorExtra}" ]]; then + setSystemValue "${extraConnectorYamlPath}" "${extraConnector}" "${SYSTEM_YAML_PATH}" + logger "Setting [${extraConnectorYamlPath}] with extra connectors in system.yaml" + else + setSystemValue "${extraConnectorYamlPath}" "\"${connectorExtra} ${extraConnector}\"" "${SYSTEM_YAML_PATH}" + logger "Setting [${extraConnectorYamlPath}] with extra connectors in system.yaml" + fi +} + +# Migrate extra connectors to system.yaml +migrateExtraConnectors () { + local filePath="$1" + local fileName="$2" + local connectorCount="$3" + local excludeDefaultPort="$4" + local i="$5" + local extraConfig= + local extraConnector= + if [[ "${excludeDefaultPort}" == "yes" ]]; then + for ((i = 1 ; i <= "${connectorCount}" ; i++)); + do + local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") + [[ "${portValue}" != "${DEFAULT_ACCESS_PORT}" && "${portValue}" != "${DEFAULT_RT_PORT}" ]] || continue + extraConnector=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']' ${filePath}/${fileName} 2>/dev/null) + setExtraConnector "${EXTRA_CONFIG_YAMLPATH}" "${extraConnector}" + done + else + extraConnector=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']' ${filePath}/${fileName} 2>/dev/null) + setExtraConnector "${EXTRA_CONFIG_YAMLPATH}" "${extraConnector}" + fi +} + +# Migrate connector configurations +migrateConnectorConfig () { + local i="$1" + local protocolType="$2" + local portValue="$3" + local connectorPortYamlPath="$4" + local connectorMaxThreadYamlPath="$5" + local connectorAttributesYamlPath="$6" + local filePath="$7" + local fileName="$8" + local connectorSendReasonPhraseYamlPath="$9" + local connectorRelaxedPathCharsYamlPath="${10}" + local connectorRelaxedQueryCharsYamlPath="${11}" + + # migrate port + setConnectorPort "${connectorPortYamlPath}" "${portValue}" + + # migrate maxThreads + local maxThreadValue=$(getXmlConnectorMaxThreads "$i" "${filePath}" "${fileName}") + setConnectorMaxThread "${connectorMaxThreadYamlPath}" "${maxThreadValue}" + + # migrate sendReasonPhrase + local sendReasonPhraseValue=$(getXmlConnectorSendReasonPhrase "$i" "${filePath}" "${fileName}") + setConnectorSendReasonPhrase "${connectorSendReasonPhraseYamlPath}" "${sendReasonPhraseValue}" + + # migrate relaxedPathChars + local relaxedPathCharsValue=$(getXmlConnectorRelaxedPathChars "$i" "${filePath}" "${fileName}") + setConnectorRelaxedPathChars "${connectorRelaxedPathCharsYamlPath}" "\"${relaxedPathCharsValue}\"" + # migrate relaxedQueryChars + local relaxedQueryCharsValue=$(getXmlConnectorRelaxedQueryChars "$i" "${filePath}" "${fileName}") + setConnectorRelaxedQueryChars "${connectorRelaxedQueryCharsYamlPath}" "\"${relaxedQueryCharsValue}\"" + + # migrate all attributes to extra config except port , maxThread , sendReasonPhrase ,relaxedPathChars and relaxedQueryChars + local connectorAttributes=$(getXmlConnectorAttributes "$i" "${filePath}" "${fileName}") + connectorAttributes=$(echo "${connectorAttributes}" | sed 's/port="'${portValue}'"//g' | sed 's/maxThreads="'${maxThreadValue}'"//g' | sed 's/sendReasonPhrase="'${sendReasonPhraseValue}'"//g' | sed 's/relaxedPathChars="\'${relaxedPathCharsValue}'\"//g' | sed 's/relaxedQueryChars="\'${relaxedQueryCharsValue}'\"//g') + # strip leading and trailing spaces + connectorAttributes=$(io_trim "${connectorAttributes}") + setConnectorExtraConfig "${connectorAttributesYamlPath}" "${connectorAttributes}" +} + +# Check for default port 8040 and 8081 in connectors and migrate +migrateConnectorPort () { + local filePath="$1" + local fileName="$2" + local connectorCount="$3" + local defaultPort="$4" + local connectorPortYamlPath="$5" + local connectorMaxThreadYamlPath="$6" + local connectorAttributesYamlPath="$7" + local connectorSendReasonPhraseYamlPath="$8" + local connectorRelaxedPathCharsYamlPath="$9" + local connectorRelaxedQueryCharsYamlPath="${10}" + local portYamlPath= + local maxThreadYamlPath= + local status= + for ((i = 1 ; i <= "${connectorCount}" ; i++)); + do + local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") + local protocolType=$(getXmlConnectorProtocol "$i" "${filePath}" "${fileName}") + [[ "${protocolType}" == *AJP* ]] && continue + [[ "${portValue}" != "${defaultPort}" ]] && continue + if [[ "${portValue}" == "${DEFAULT_RT_PORT}" ]]; then + RT_DEFAULTPORT_STATUS=success + else + AC_DEFAULTPORT_STATUS=success + fi + migrateConnectorConfig "${i}" "${protocolType}" "${portValue}" "${connectorPortYamlPath}" "${connectorMaxThreadYamlPath}" "${connectorAttributesYamlPath}" "${filePath}" "${fileName}" "${connectorSendReasonPhraseYamlPath}" "${connectorRelaxedPathCharsYamlPath}" "${connectorRelaxedQueryCharsYamlPath}" + done +} + +# migrate to extra, connector having default port and protocol is AJP +migrateDefaultPortIfAjp () { + local filePath="$1" + local fileName="$2" + local connectorCount="$3" + local defaultPort="$4" + + for ((i = 1 ; i <= "${connectorCount}" ; i++)); + do + local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") + local protocolType=$(getXmlConnectorProtocol "$i" "${filePath}" "${fileName}") + [[ "${protocolType}" != *AJP* ]] && continue + [[ "${portValue}" != "${defaultPort}" ]] && continue + migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "no" "${i}" + done + +} + +# Comparing max threads in connectors +compareMaxThreads () { + local firstConnectorMaxThread="$1" + local firstConnectorNode="$2" + local secondConnectorMaxThread="$3" + local secondConnectorNode="$4" + local filePath="$5" + local fileName="$6" + + # choose higher maxThreads connector as Artifactory. + if [[ "${firstConnectorMaxThread}" -gt ${secondConnectorMaxThread} || "${firstConnectorMaxThread}" -eq ${secondConnectorMaxThread} ]]; then + # maxThread is higher in firstConnector, + # Taking firstConnector as Artifactory and SecondConnector as Access + # maxThread is equal in both connector,considering firstConnector as Artifactory and SecondConnector as Access + local rtPortValue=$(getXmlConnectorPort "${firstConnectorNode}" "${filePath}" "${fileName}") + migrateConnectorConfig "${firstConnectorNode}" "${protocolType}" "${rtPortValue}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" + local acPortValue=$(getXmlConnectorPort "${secondConnectorNode}" "${filePath}" "${fileName}") + migrateConnectorConfig "${secondConnectorNode}" "${protocolType}" "${acPortValue}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${AC_SENDREASONPHRASE_YAMLPATH}" + else + # maxThread is higher in SecondConnector, + # Taking SecondConnector as Artifactory and firstConnector as Access + local rtPortValue=$(getXmlConnectorPort "${secondConnectorNode}" "${filePath}" "${fileName}") + migrateConnectorConfig "${secondConnectorNode}" "${protocolType}" "${rtPortValue}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" + local acPortValue=$(getXmlConnectorPort "${firstConnectorNode}" "${filePath}" "${fileName}") + migrateConnectorConfig "${firstConnectorNode}" "${protocolType}" "${acPortValue}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${AC_SENDREASONPHRASE_YAMLPATH}" + fi +} + +# Check max threads exist to compare +maxThreadsExistToCompare () { + local filePath="$1" + local fileName="$2" + local connectorCount="$3" + local firstConnectorMaxThread= + local secondConnectorMaxThread= + local firstConnectorNode= + local secondConnectorNode= + local status=success + local firstnode=fail + + for ((i = 1 ; i <= "${connectorCount}" ; i++)); + do + local protocolType=$(getXmlConnectorProtocol "$i" "${filePath}" "${fileName}") + if [[ ${protocolType} == *AJP* ]]; then + # Migrate Connectors + migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "no" "${i}" + continue + fi + # store maxthreads value of each connector + if [[ ${firstnode} == "fail" ]]; then + firstConnectorMaxThread=$(getXmlConnectorMaxThreads "${i}" "${filePath}" "${fileName}") + firstConnectorNode="${i}" + firstnode=success + else + secondConnectorMaxThread=$(getXmlConnectorMaxThreads "${i}" "${filePath}" "${fileName}") + secondConnectorNode="${i}" + fi + done + [[ -z "${firstConnectorMaxThread}" ]] && status=fail + [[ -z "${secondConnectorMaxThread}" ]] && status=fail + # maxThreads is set, now compare MaxThreads + if [[ "${status}" == "success" ]]; then + compareMaxThreads "${firstConnectorMaxThread}" "${firstConnectorNode}" "${secondConnectorMaxThread}" "${secondConnectorNode}" "${filePath}" "${fileName}" + else + # Assume first connector is RT, maxThreads is not set in both connectors + local rtPortValue=$(getXmlConnectorPort "${firstConnectorNode}" "${filePath}" "${fileName}") + migrateConnectorConfig "${firstConnectorNode}" "${protocolType}" "${rtPortValue}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" + local acPortValue=$(getXmlConnectorPort "${secondConnectorNode}" "${filePath}" "${fileName}") + migrateConnectorConfig "${secondConnectorNode}" "${protocolType}" "${acPortValue}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${AC_SENDREASONPHRASE_YAMLPATH}" + fi +} + +migrateExtraBasedOnNonAjpCount () { + local nonAjpCount="$1" + local filePath="$2" + local fileName="$3" + local connectorCount="$4" + local i="$5" + + local protocolType=$(getXmlConnectorProtocol "$i" "${filePath}" "${fileName}") + if [[ "${protocolType}" == *AJP* ]]; then + if [[ "${nonAjpCount}" -eq 1 ]]; then + # migrateExtraConnectors + migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "no" "${i}" + continue + else + # migrateExtraConnectors + migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "yes" + continue + fi + fi +} + +# find RT and AC Connector +findRtAndAcConnector () { + local filePath="$1" + local fileName="$2" + local connectorCount="$3" + local initialAjpCount=0 + local nonAjpCount=0 + + # get the count of non AJP + for ((i = 1 ; i <= "${connectorCount}" ; i++)); + do + local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") + local protocolType=$(getXmlConnectorProtocol "$i" "${filePath}" "${fileName}") + [[ "${protocolType}" != *AJP* ]] || continue + nonAjpCount=$((initialAjpCount+1)) + initialAjpCount="${nonAjpCount}" + done + if [[ "${nonAjpCount}" -eq 1 ]]; then + # Add the connector found as access and artifactory connectors + # Mark port as 8040 for access + for ((i = 1 ; i <= "${connectorCount}" ; i++)) + do + migrateExtraBasedOnNonAjpCount "${nonAjpCount}" "${filePath}" "${fileName}" "${connectorCount}" "$i" + local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") + migrateConnectorConfig "$i" "${protocolType}" "${portValue}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" + migrateConnectorConfig "$i" "${protocolType}" "${portValue}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${AC_SENDREASONPHRASE_YAMLPATH}" + setConnectorPort "${AC_PORT_YAMLPATH}" "${DEFAULT_ACCESS_PORT}" + done + elif [[ "${nonAjpCount}" -eq 2 ]]; then + # compare maxThreads in both connectors + maxThreadsExistToCompare "${filePath}" "${fileName}" "${connectorCount}" + elif [[ "${nonAjpCount}" -gt 2 ]]; then + # migrateExtraConnectors + migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "yes" + elif [[ "${nonAjpCount}" -eq 0 ]]; then + # setting with default port in system.yaml + setConnectorPort "${RT_PORT_YAMLPATH}" "${DEFAULT_RT_PORT}" + setConnectorPort "${AC_PORT_YAMLPATH}" "${DEFAULT_ACCESS_PORT}" + # migrateExtraConnectors + migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "yes" + fi +} + +# get the count of non AJP +getCountOfNonAjp () { + local port="$1" + local connectorCount="$2" + local filePath=$3 + local fileName=$4 + local initialNonAjpCount=0 + + for ((i = 1 ; i <= "${connectorCount}" ; i++)); + do + local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") + local protocolType=$(getXmlConnectorProtocol "$i" "${filePath}" "${fileName}") + [[ "${portValue}" != "${port}" ]] || continue + [[ "${protocolType}" != *AJP* ]] || continue + local nonAjpCount=$((initialNonAjpCount+1)) + initialNonAjpCount="${nonAjpCount}" + done + echo -e "${nonAjpCount}" +} + +# Find for access connector +findAcConnector () { + local filePath="$1" + local fileName="$2" + local connectorCount="$3" + + # get the count of non AJP + local nonAjpCount=$(getCountOfNonAjp "${DEFAULT_RT_PORT}" "${connectorCount}" "${filePath}" "${fileName}") + if [[ "${nonAjpCount}" -eq 1 ]]; then + # Add the connector found as access connector and mark port as that of connector + for ((i = 1 ; i <= "${connectorCount}" ; i++)) + do + migrateExtraBasedOnNonAjpCount "${nonAjpCount}" "${filePath}" "${fileName}" "${connectorCount}" "$i" + local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") + if [[ "${portValue}" != "${DEFAULT_RT_PORT}" ]]; then + migrateConnectorConfig "$i" "${protocolType}" "${portValue}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${AC_SENDREASONPHRASE_YAMLPATH}" + fi + done + elif [[ "${nonAjpCount}" -gt 1 ]]; then + # Take RT properties into access with 8040 + for ((i = 1 ; i <= "${connectorCount}" ; i++)) + do + migrateExtraBasedOnNonAjpCount "${nonAjpCount}" "${filePath}" "${fileName}" "${connectorCount}" "$i" + local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") + if [[ "${portValue}" == "${DEFAULT_RT_PORT}" ]]; then + migrateConnectorConfig "$i" "${protocolType}" "${portValue}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${AC_SENDREASONPHRASE_YAMLPATH}" + setConnectorPort "${AC_PORT_YAMLPATH}" "${DEFAULT_ACCESS_PORT}" + fi + done + elif [[ "${nonAjpCount}" -eq 0 ]]; then + # Add RT connector details as access connector and mark port as 8040 + migrateConnectorPort "${filePath}" "${fileName}" "${connectorCount}" "${DEFAULT_RT_PORT}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${AC_SENDREASONPHRASE_YAMLPATH}" + setConnectorPort "${AC_PORT_YAMLPATH}" "${DEFAULT_ACCESS_PORT}" + # migrateExtraConnectors + migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "yes" + fi +} + +# Find for artifactory connector +findRtConnector () { + local filePath="$1" + local fileName="$2" + local connectorCount="$3" + + # get the count of non AJP + local nonAjpCount=$(getCountOfNonAjp "${DEFAULT_ACCESS_PORT}" "${connectorCount}" "${filePath}" "${fileName}") + if [[ "${nonAjpCount}" -eq 1 ]]; then + # Add the connector found as RT connector + for ((i = 1 ; i <= "${connectorCount}" ; i++)) + do + migrateExtraBasedOnNonAjpCount "${nonAjpCount}" "${filePath}" "${fileName}" "${connectorCount}" "$i" + local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") + if [[ "${portValue}" != "${DEFAULT_ACCESS_PORT}" ]]; then + migrateConnectorConfig "$i" "${protocolType}" "${portValue}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" + fi + done + elif [[ "${nonAjpCount}" -gt 1 ]]; then + # Take access properties into artifactory with 8081 + for ((i = 1 ; i <= "${connectorCount}" ; i++)) + do + migrateExtraBasedOnNonAjpCount "${nonAjpCount}" "${filePath}" "${fileName}" "${connectorCount}" "$i" + local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") + if [[ "${portValue}" == "${DEFAULT_ACCESS_PORT}" ]]; then + migrateConnectorConfig "$i" "${protocolType}" "${portValue}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" + setConnectorPort "${RT_PORT_YAMLPATH}" "${DEFAULT_RT_PORT}" + fi + done + elif [[ "${nonAjpCount}" -eq 0 ]]; then + # Add access connector details as RT connector and mark as ${DEFAULT_RT_PORT} + migrateConnectorPort "${filePath}" "${fileName}" "${connectorCount}" "${DEFAULT_ACCESS_PORT}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" + setConnectorPort "${RT_PORT_YAMLPATH}" "${DEFAULT_RT_PORT}" + # migrateExtraConnectors + migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "yes" + fi +} + +checkForTlsConnector () { + local filePath="$1" + local fileName="$2" + local connectorCount="$3" + for ((i = 1 ; i <= "${connectorCount}" ; i++)) + do + local sslProtocolValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@sslProtocol' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') + if [[ "${sslProtocolValue}" == "TLS" ]]; then + bannerImportant "NOTE: Ignoring TLS connector during migration, modify the system yaml to enable TLS. Original server.xml is saved in path [${filePath}/${fileName}]" + TLS_CONNECTOR_EXISTS=${FLAG_Y} + continue + fi + done +} + +# set custom tomcat server Listeners to system.yaml +setListenerConnector () { + local filePath="$1" + local fileName="$2" + local listenerCount="$3" + for ((i = 1 ; i <= "${listenerCount}" ; i++)) + do + local listenerConnector=$($LIBXML2_PATH --xpath '//Server/Listener['$i']' ${filePath}/${fileName} 2>/dev/null) + local listenerClassName=$($LIBXML2_PATH --xpath '//Server/Listener['$i']/@className' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') + if [[ "${listenerClassName}" == *Apr* ]]; then + setExtraConnector "${EXTRA_LISTENER_CONFIG_YAMLPATH}" "${listenerConnector}" + fi + done +} +# add custom tomcat server Listeners +addTomcatServerListeners () { + local filePath="$1" + local fileName="$2" + local listenerCount="$3" + if [[ "${listenerCount}" == "0" ]]; then + logger "No listener connectors found in the [${filePath}/${fileName}],skipping migration of listener connectors" + else + setListenerConnector "${filePath}" "${fileName}" "${listenerCount}" + setSystemValue "${RT_TOMCAT_HTTPSCONNECTOR_ENABLED}" "true" "${SYSTEM_YAML_PATH}" + logger "Setting [${RT_TOMCAT_HTTPSCONNECTOR_ENABLED}] with value [true] in system.yaml" + fi +} + +# server.xml migration operations +xmlMigrateOperation () { + local filePath="$1" + local fileName="$2" + local connectorCount="$3" + local listenerCount="$4" + RT_DEFAULTPORT_STATUS=fail + AC_DEFAULTPORT_STATUS=fail + TLS_CONNECTOR_EXISTS=${FLAG_N} + + # Check for connector with TLS , if found ignore migrating it + checkForTlsConnector "${filePath}" "${fileName}" "${connectorCount}" + if [[ "${TLS_CONNECTOR_EXISTS}" == "${FLAG_Y}" ]]; then + return + fi + addTomcatServerListeners "${filePath}" "${fileName}" "${listenerCount}" + # Migrate RT default port from connectors + migrateConnectorPort "${filePath}" "${fileName}" "${connectorCount}" "${DEFAULT_RT_PORT}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" + # Migrate to extra if RT default ports are AJP + migrateDefaultPortIfAjp "${filePath}" "${fileName}" "${connectorCount}" "${DEFAULT_RT_PORT}" + # Migrate AC default port from connectors + migrateConnectorPort "${filePath}" "${fileName}" "${connectorCount}" "${DEFAULT_ACCESS_PORT}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${AC_SENDREASONPHRASE_YAMLPATH}" + # Migrate to extra if access default ports are AJP + migrateDefaultPortIfAjp "${filePath}" "${fileName}" "${connectorCount}" "${DEFAULT_ACCESS_PORT}" + + if [[ "${AC_DEFAULTPORT_STATUS}" == "success" && "${RT_DEFAULTPORT_STATUS}" == "success" ]]; then + # RT and AC default port found + logger "Artifactory 8081 and Access 8040 default port are found" + migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "yes" + elif [[ "${AC_DEFAULTPORT_STATUS}" == "success" && "${RT_DEFAULTPORT_STATUS}" == "fail" ]]; then + # Only AC default port found,find RT connector + logger "Found Access default 8040 port" + findRtConnector "${filePath}" "${fileName}" "${connectorCount}" + elif [[ "${AC_DEFAULTPORT_STATUS}" == "fail" && "${RT_DEFAULTPORT_STATUS}" == "success" ]]; then + # Only RT default port found,find AC connector + logger "Found Artifactory default 8081 port" + findAcConnector "${filePath}" "${fileName}" "${connectorCount}" + elif [[ "${AC_DEFAULTPORT_STATUS}" == "fail" && "${RT_DEFAULTPORT_STATUS}" == "fail" ]]; then + # RT and AC default port not found, find connector + logger "Artifactory 8081 and Access 8040 default port are not found" + findRtAndAcConnector "${filePath}" "${fileName}" "${connectorCount}" + fi +} + +# get count of connectors +getXmlConnectorCount () { + local filePath="$1" + local fileName="$2" + local count=$($LIBXML2_PATH --xpath 'count(/Server/Service/Connector)' ${filePath}/${fileName}) + echo -e "${count}" +} + +# get count of listener connectors +getTomcatServerListenersCount () { + local filePath="$1" + local fileName="$2" + local count=$($LIBXML2_PATH --xpath 'count(/Server/Listener)' ${filePath}/${fileName}) + echo -e "${count}" +} + +# Migrate server.xml configuration to system.yaml +migrateXmlFile () { + local xmlFiles= + local fileName= + local filePath= + local sourceFilePath= + DEFAULT_ACCESS_PORT="8040" + DEFAULT_RT_PORT="8081" + AC_PORT_YAMLPATH="migration.xmlFiles.serverXml.access.port" + AC_MAXTHREADS_YAMLPATH="migration.xmlFiles.serverXml.access.maxThreads" + AC_SENDREASONPHRASE_YAMLPATH="migration.xmlFiles.serverXml.access.sendReasonPhrase" + AC_EXTRACONFIG_YAMLPATH="migration.xmlFiles.serverXml.access.extraConfig" + RT_PORT_YAMLPATH="migration.xmlFiles.serverXml.artifactory.port" + RT_MAXTHREADS_YAMLPATH="migration.xmlFiles.serverXml.artifactory.maxThreads" + RT_SENDREASONPHRASE_YAMLPATH='migration.xmlFiles.serverXml.artifactory.sendReasonPhrase' + RT_RELAXEDPATHCHARS_YAMLPATH='migration.xmlFiles.serverXml.artifactory.relaxedPathChars' + RT_RELAXEDQUERYCHARS_YAMLPATH='migration.xmlFiles.serverXml.artifactory.relaxedQueryChars' + RT_EXTRACONFIG_YAMLPATH="migration.xmlFiles.serverXml.artifactory.extraConfig" + ROUTER_PORT_YAMLPATH="migration.xmlFiles.serverXml.router.port" + EXTRA_CONFIG_YAMLPATH="migration.xmlFiles.serverXml.extra.config" + EXTRA_LISTENER_CONFIG_YAMLPATH="migration.xmlFiles.serverXml.extra.listener" + RT_TOMCAT_HTTPSCONNECTOR_ENABLED="artifactory.tomcat.httpsConnector.enabled" + + retrieveYamlValue "migration.xmlFiles" "xmlFiles" "Skip" + xmlFiles="${YAML_VALUE}" + if [[ -z "${xmlFiles}" ]]; then + return + fi + bannerSection "PROCESSING MIGRATION OF XML FILES" + retrieveYamlValue "migration.xmlFiles.serverXml.fileName" "fileName" "Warning" + fileName="${YAML_VALUE}" + if [[ -z "${fileName}" ]]; then + return + fi + bannerSubSection "Processing Migration of $fileName" + retrieveYamlValue "migration.xmlFiles.serverXml.filePath" "filePath" "Warning" + filePath="${YAML_VALUE}" + if [[ -z "${filePath}" ]]; then + return + fi + # prepend NEW_DATA_DIR only if filePath is relative path + sourceFilePath=$(prependDir "${filePath}" "${NEW_DATA_DIR}/${filePath}") + if [[ "$(checkFileExists "${sourceFilePath}/${fileName}")" == "true" ]]; then + logger "File [${fileName}] is found in path [${sourceFilePath}]" + local connectorCount=$(getXmlConnectorCount "${sourceFilePath}" "${fileName}") + if [[ "${connectorCount}" == "0" ]]; then + logger "No connectors found in the [${filePath}/${fileName}],skipping migration of xml configuration" + return + fi + local listenerCount=$(getTomcatServerListenersCount "${sourceFilePath}" "${fileName}") + xmlMigrateOperation "${sourceFilePath}" "${fileName}" "${connectorCount}" "${listenerCount}" + else + logger "File [${fileName}] is not found in path [${sourceFilePath}] to migrate" + fi +} + +compareArtifactoryUser () { + local property="$1" + local oldPropertyValue="$2" + local newPropertyValue="$3" + local yamlPath="$4" + local sourceFile="$5" + + if [[ "${oldPropertyValue}" != "${newPropertyValue}" ]]; then + setSystemValue "${yamlPath}" "${oldPropertyValue}" "${SYSTEM_YAML_PATH}" + logger "Setting [${yamlPath}] with value of the property [${property}] in system.yaml" + else + logger "No change in property [${property}] value in [${sourceFile}] to migrate" + fi +} + +migrateReplicator () { + local property="$1" + local oldPropertyValue="$2" + local yamlPath="$3" + + setSystemValue "${yamlPath}" "${oldPropertyValue}" "${SYSTEM_YAML_PATH}" + logger "Setting [${yamlPath}] with value of the property [${property}] in system.yaml" +} + +compareJavaOptions () { + local property="$1" + local oldPropertyValue="$2" + local newPropertyValue="$3" + local yamlPath="$4" + local sourceFile="$5" + local oldJavaOption= + local newJavaOption= + local extraJavaOption= + local check=false + local success=true + local status=true + + oldJavaOption=$(echo "${oldPropertyValue}" | awk 'BEGIN{FS=OFS="\""}{for(i=2;i?{ZA$HxqETC|*rM91T19KmqNu$$X|1YRlo%n3 zS`n+nc3z*~_xy3L^Y8id#FfkCeV+S%@Acg4xkVZ1J*K8)r38UM)S4Qqh9D5w3xgb8WhxZ$y7!lHJ>wj;~wuKHH9WHeEq3jp9ZuE;pLqRwC$gNJ!(mo7B+{+cd}K+&8Pi!_0FjO5@8*ZzD}2r^##exEvognS+-{g{^6tp z?)N?|i<14ZoBG#7@~T5-j~XwSWPM+(3%fg{vsbgSZ!4kOZ9uu&gXi#;nuC`CiY{Sw zV%j!!B^&4HNe(ZP6RMff`7Jr6{@hs0t$fM^OOyG@-73;sCR;V8KQWOo;(z`#;7uN0{C(}fj z5@n%ouSwo25b(_DLVkPxNgzV7HK<<9ra*J8%b2H2?j*W-SA4d-@b|EozhM3J*N`8F zvthBl;e6p4nBymM**1$N){S1%@1+h=syyr@LJ8L_ENqes3Pk((nf;{e&%eUEIZczi zon7kPeF;>CV|2s$T|HjBz;1^>_h3;DI*uid;cNp#N0Qi^b?uMtu#!|D&bSesUd0A2 zN{2{Q2fM3X-Jkcy+AYdfVo{bzHGVT)(mSa7xXT|HQ4WERCViYA-sxNeUajfA`>7|b znNg7W@L^0+35VsKqyacqE^{9_rksZ`!VyLNsCa^+ODjnJ7-&Ji^fZRR+Qyp75u{V2 z&5j12eP5i#%3Sk1a0((z(9|N*cA(qfC$K;3oegg^ntf?qvvM0tmVH8i9>~89)S6+j zaY(#ErYd(rRU5NR4cjKsBlW88`b63V53^=Wbu5PTbOtX-m+D{S8-#D63i0bx=!T2lZ;~EkuE`n^ zhA28GWj_#TN!w zF@{uiw}r|Q<;}Rt1`b;zMDX*2gbnpbu7cqd8MnU|mbO!+GSq6U?*Q|TSi{*SBbku# zVC{ZAF=i4IBl#VF>MBP6YyRC?zu{#s$BMrG-Z=T$nXo?oQvX}Ibi{MnxZOcb zp)Tr}T}o+blPrnnl&xvJtt=gU@Y7UDvf5+78*Ovgo`Sr842uwqVQ7p}ih*_Y=TRlj zAZ2dDd_b@u#siV8w2{??>ZJti?drZ-s%*v4BO9z9q7#A(l?HZFFQ&_tphkV%ckz7ue_fp9I zvvBT2imY?!DVU3NzH50lH1E+?!h8}c79V>5s2mnAUsmeMh4DWqjTERRJ9f<~tZ3uw zcfB)>!K@PXy%LsM;&HCE8b=1>Ug8U=u}mi8|Mt6j_Ux<4?u_AXR;hAt@cVMPM1_F; z8Aj=X6hy~lcZhe8@>A)@l!(xX>gx0_`GV0aEkk;`AA1V3t^PP=6iEyAdn>@Tsr3pQ zv@h75U0Ux(Q0@pKF6&muEFCW4iff^>EiG^mbE>6sEwEoT#M48&1acXBXTLl^$osZ##d`E6CGQha8#$QZp`Oe0h9+a_0Lzxrc<3G4)xYNd;Y-GDfWl^8q5tBLe&sKReV;NS;-bvmh z?rRCPTH}a?R-tE3qsuA!*%5kDOKvDSXO{+6-}XuRxJ#FwbIVf7Lbodc>Hq@VD9G;& z()T{S)f-u|g_(Gvj%@ul;IyH{$x%NGAJkC)$uV@_^1v?BYem9kAYNB|p#8g0fS^I{ zp}O6jir+J9JH~{Kskf9X2UiG%t`O$t&q?;h#Dlhr8hDlOlz^rnonEVZyUu~9zoCVi zjRw%6N>&)@nK@Ug5AUE8Jdfn51}t}OUt~ksck3|Y4cPambR>#%_~0Z zm3J!hyiYUt2fxr$HX^Vd0--b!o&IBZJ4YJ_>UxiA{T7#B4X;y2QXxmK`5ZX2ktLu2 zLckVdrl~mtD~gazwWUGl7$O9S32UYG{SHJs=s@n0*va-+LT#NdCz@@@pUG1yww9!i zd6+PFKKIRTAs^r-@i`Ev!iDZJ*=ECXq-$$m#MoBd^Q1lMadKud`woe)rZmZ8KR!-! z-KO`G|KWA0haH-jd~yHP`!2%nzZ^2E!bp2sb)M2IO3cPgGjo;`^|xiKns2}>CKu1T zF`_!c?Jt`QCewU<$2#oHhv)RAS2>tHhz{RF@50#6zE7Obs~u;O#qjQ3Eo3-+6Eh6=};!U2!uJ`%#i#MyF$_-tb=7v-(;-CXij`(+0CdR{nKqTGQA;WE+hvbzYVmx3dTK4WIqgJHBF}~!dl@H}C zSYW{kC~=;4{MdI9B@F8CAnXnwVpncN){qeN1D@j+$Wo}|x;sR<%|8HHS3-Y9yVZ}C z#ATr_MIs!F6Eg$sQ`cjK`slZm)6mxsv^m>$=7;u&XEs}`#!f6HXX7n?yx;v%#ZbGX z;pK7|I3C&v4gCcPY<=p$)DwItnny)?bR)xLY-pRJmJo^Cv>S@*d`(b`#$2fObA< z)dzn2iLaR)(eaA@*~1cmgTfD|P!AK{zKrg=-Orkm~Ko9}b0&UvrB- z3@WK=O*@C8Ysgm~hYw)JYp2{SLkhneH(X=Tws-e?p8h3_=qzz2E#bgH8Ig$Yn;F0a zb$4)aCw+ofsrnh7GQ4T4zsn_2s}DBXv0Lxt6%)HG#x|&*x)MTz&U2(cj7#d%a~4n*N;-`IFKLEfjkgN!@r4LJD+mDz-4rekj( zlEhc&G<9j!71MCuH|1Au(3GfT@dU?JS`gYFmsZxdVRizFh_53s5@JJWRqsN8h_m`@ zeqlU)WSXpa+ZL}c7u;sC@>nLjxrX(WQ)9{ew>4{@Ak$-VbM2(I_At#7H1PPHl-w2E zv(e}9ZQ_}Yr(PU8>l39)R?`^MC`_kRMfmskTIpYuh%SYyTJ)YR5zHeG5xd{6%l<=Y{uz}Yo)P;Y#h8@53cIO<2FMBa2IN< zX#j&cqrW=qc)u-B{+lRSPVJI0T2&%@A2Mr45KZcXnQl+|l$}r`E;~_X*6&%Zv(dBq zXDegDSHPdHfIpb*_q_@M757;reU(q~|Ctg=+0JH95J?)@+1vZ_)%1d7wMf|_GSLm5 z3H4T2?0q)Do%9L-tQBhe>Y^^<7^a&w&+5bM^)-h@;BeBry2fGf=b!iY@#}m@248`I zV*71NtBtP&mZ<-M)h&Bhg7u0NmAD9?RT_q$h;F>)-Og`z>+XF@By%?Lfuxl~=I+yf zIzA5z+zem@r0KZEe}Hp@hY?LInSJm@@d?aIMt z9!iJr>7}B1_pSj}CO_ytyKm4nPpwm;(kwWKYs<6K^tkr(b!+u%`mc%eh429YWjc$; zY`a@!zCA&BOapKo$hZqTZM%L;r2U2go(6IG-N1A^zxp&8$13m-x_-nIzA%|Lw~KFk zwrC8US+sT_BN4iR{HXG6o@5zpI2CdNPL4!&w%3+p>6 z`n7qjg+9oJ6mt1?8HZHp`;F{>>!qbBdQ{)1f$a9#7pLX0kOs&Qp161M{ zzq66q{kQEDvQnNUvH0Mn4NI9xduYs$S`0-n3pod#Kr&xn_mup+*t%fx9!%3H16sRf zCJDSEwCBt;+iM-YV7*-(l>8Sc`ih)>R?ao^c$Tz%V{uAk=W2CKK;Nt?a1w6*iUv2Z zzY-m6pTdl=ZQ!keB_|t|p810hp;S$Ro+S~~K|^DLEr2?7b&0goO%l-q;f*)^4xQOo zzw2i7Rz_ng-vu1V&4rQ25DO(il7lQScF^bVy9djpIU+#`hihkH@mZ1Q8m+C``-TA14)|81jCN-VGdR^zKz57*U8`+E zQFBqe>_yIN>z!=LTA3kC5F+adzpgewPLes3=Todedy{p2&8D-kYsy=3D;(nMg-foI zXGzjfqLCdzkS-cfSC*+wLmjn0M^z9?qV$_6EB`-5767v&8&0Hrf1;D5jLHlyu+tFd zRn6%b^j-=mNS)-yi&pf(dX!f1TfTwz1cANG!HT=MXQQMIXbujrurA=R)8m@!A%O8z z-}Sx38{~Ny;cV2h2Vi-Kte`-O9esaay%UB60haehEQ>-+><=*RO1zJ2}gty zD=<_IK1p8Ii^h~{v;%q{e<8|LWak5sge2d4<`;5>wM^@ISq%MNke}#|+Lmd3;}zO$ z0BwL-P0{bTUW(@#UHW9LfhxnK?{tb^HkQYQrR27@&i*NQ{xiHfh@pfJV4rhX6GcQM zXhmzq(W;w}_40g=0Y9vT{epaMv$#meqIcq_G#k6gX!B%{x0glPGMA2FXAE#|Aprce z6GJvARBMYj_WI1VWWVIrq8@kS0vmvUduDOXsC%zZvpbmxrFMjSdxqD9w@Y8qLJ*`v zMjBaAJA#0r=oQ|*2bSc6RAztP`ndjUK!?0YO_uC6}4S;7R+NclF4 z634K%mw~jU$x>8cY}HRlaW)=7`Rx#WcbgtfHZ#QGwugHF?m2H(@$AcK_XIFklAHY@ zsw{v2IHrxA?sI_g6h6o7RaJ5(SvLUqK;Y!zYL`8+ACyfInFE@x_Bd%ZzuyLk<0qNM z%De_q$CHUu_K%z>Da{fC+}UYxOly0VbL$*JhwHn!4iU#IsK3gl3zF4XvhrvtViKYL zy0{K}+Fy3gkL>WR zDyTse349IB-md_lD>D+cOgE6vzB92ni~s{(9YAQlRgEateY|SVezW!Qf7oij=(suE z#}T8zpPIbK|7sQ23vmDPPp=@Ypf>xn6K9wbH%a=Tiy5O-PiS|BREaI;W^bg|O>;u;4eS>Tl$0*n7H@O_DX$5JdtNfF>OH-VNw@ z&Ut-9xDW{H{(uw_c+y8uN+nqEU{N>z3C~U7g#|pCHl%|zFWn+rF|L+Zw9nQ>Jx2Zx z7f~uLd~;kKbdy32cw_%g04hdo>aU){M9a;DUhyCqHZuI(!B8_{cth9~)Du) z9CsgPyTqio&khhxwtPL3!A=Fkhyc`F3w%ref^JVDWRF4wQ_72b-3@r^!YdRJgdp;p zRmhZ{|521l-x>7uRjp(0K&4D=JwQMSQy@N-uK z0{WZEJ05NxF4D<}W(5qWMO?tF3VHucfo`Ot_T8&>Ssgw!+iQjUCgskwfDgeh$?5}D z)J;jhXv}8~a^TE7fa?@8)_`}YH>DMupnmb(2Z@38?*odNNM`u0$R2r8s9bgkL`zwU{_kt#qO?iUeU1+jJChByj}fr2jZV~+y_*68;EYC)BIJ! zqxCBPZSV^4A`K#KIb*)Qamy*87_emTxe)p5%awK!nB(`K8RpAN2RPlCmbUd?b1>`Nf$eopTuQ7)S2g=7J)DUku;Y)r zP`x^}Wfr++@sg@l8BJEPXhe z2)4vAsy)(1U6cO^BZ`i^qUSw8PojN1y*s3}=_|3i|* z9!5<5&o7aK=8H-W@BWO%m%-a}Y_Dg(KIM!9qyj|XM9tqDYx$_R$|(zczF`4?XL%(_ zL-Hs~

sCPb@d4#iMxTw1P!CIbM}-ztF`V#Th=K!tjm{;>cl*pcKEIR!oQjpu;>s zhj)RNF2|Y3_cl#5rC*!*XCyC+VJDEDf>cKZzKZm-nk`%nP z$sb!*L1bht!RcS-6b<-YlAiqMn1w1y$`X`Qa%Lx!*%`0cp{s?2LjZT;mY8~oO1ugw zgI_HUUSfX%qz}X_0UDu;IsS%vrEJ=n;n`;%^C>L8fVbi$9K`0QRlLa- zx@v&%NKIl?Wql0@f70NY+VARF@Uv%@` zf05e>>_@f(MELC}-mIw_Z|<-0PIgh0Q@dY<59kVF)_e1cq^6gV?8GUiJF^7g7E`H)~GXO-rm8ok=wCA z-U(e}dL{LyZle^*2eDRktn&Xmc#jMa_;O)7riHKw(*`H|bN6^K3;cUCb7Wd@Wn4yR z#Y9CUnY=U^cC@>U56FW=v$E8ihSZ3-q#bnu9yfrvnf|@bNt0xW5+?POLUI$&PZ*5C zl>Qjr;74pzx6!s2~;RZ}Ej^}&Tm-a|2eH^(qS8L+L*Y|B(A>(z8C($g|lRD2(&bV0ezKnettBuV(U90JTnE(Fq6ZG^(Q3mnB z!#WB&uRG_fCs26fMp`Vzg5`4{;@ww2Wzg^vt|a!TTL8!`HIDZ+`MZMuHSt7e>KRs zx$zo?_>7XgnQtT<=IEPzpq?j{&0F{ah;?jxT#94#m+V*>kkV^TFQG<|&M5BF)ZLCZrheNuS}hZbgx5v! zPCQ)1-$QL%Y;jI2)mJqk;81j(az`z7q3t*QfnxNLc658FrmcQ)W1Xs>*6^0Fau8Mm zA@?ydh_u)Ke}!9l!OwQt6k-ucObo4AoC;9SjXl9DQr6anr-f@D1d?#X-ubUEomAF$ zl0Om+CxfH}s)4tyCrmS0uS(hIpw^;@b~agY&k{1s@$qO)#|OT<@1%eP*~yuqkuAIw zoZ>_@pDqJ5eJZ6Yt>XM7=QYtIA!J;|Pn+-hb^e$27+IR*FmJuZcMPzGqP5)@Uu&)A zMEyp_f|LI-9Nw>u2YZ84ES83kO9KNR+YyB5GOqdqTlg+zrRyiYdtmtXIzN*ourQQg zJAp~o_TmERQCaNIv+AH7Yqs9Ql+`ae=o16y=VHW6SA=;I7oWR_I*2m#51K!pOh*@j`8tT zBP4+%crJ`A^!76Zg6zk$%ufTnj#*yMZ*#SJ^k)wn-mc~eAluQq_3v)u5~}b{j4jhu zj|Wg}P1nx)%9BA+(v96zdl^YZg~I!$@zW$u5+y4w;-^6{b&j9s^W*>Ir+mwcfd*4S z0?@Wp=u$Ra_d{HARyEVC&`2CPJZ`pZZ5wzEh$~(%CXASIB5%%bu9IYr%f| zW+oIXn@MYBS(F$AT20;U1*FE*8kVLoqYZ6_9%{@#gL4tVCrfbDaal?e?RJ*`cjwO= z@Mf5((=gCMAh86~k&vdB`YHp-x$93V3yY0G-oKR)MZF_$(wqj)Gqwop_QpQEZ9&4i ziq&#JVJET3?X!6^eR&Yhdp`Z<;pw-$Jc4MVX4(GF&&~BW#ZPZ~!m@sTLG}FJKo?e@ zGCBDGwlQL#YcQV~c;btlluL&Gj1grQ^XOEoK27PZEA}V}h_1Ik48Z=7OYR_9b?L%H z%v4)1lUy~Mub0kITs(kTb3}7G^4NNa`sVm~9y<&<^mF-^n`JL21xKcZkjOT~6;8xU%8wdR8-ko=*;fr5YgD>q81YU?UF&4FgVI8l#l|`wB3E) zY_+$I+T{LdyS-yw`BX_}!pMf>)JB7uqeu>Dc6IGQmK{7x6vWAy&X*4 zNmr(;JzW-jyC?VSAhHejfW4yy9!Xw zVWiQ88TJdb3H@5}S>*E!YVcAwDLre^|R_=5_o%xG-I5 zJjUZm21o3T3QiwF80&(fmp1P7wnW;xfq8g}jDsV(5fqB(f;bPzX=y3rl*y=oGpMDjb@RD^4ytoVlrU@p@nE@4%@ zs~6L+X7`VI#AO*?M2W>ZnWb^x|H-z%25L<^;q4muN0x9Ssu~Sf$X~8p~ zZB}VA{!=D0T2S47fj*&M&!tNBt}-z9Gb?n=hZQY>c0}h<&iyF~Q`8-|r6qi9?CB8Q zJCi$UbxfaKXI=$8re96CgFYb6Gak@lvs++F5CTX_yTwt6Z%#%#B9-`tbtcCr zo4vzX7FgFd+650o5-!?u7*1*Y;IDq=Ax_ZyK(;01k*lEl-samx~JdR5?x2kd)D zz|jU1`P09&xP`Jeojs+Nyz(K?uCH}-oW>bpw6#9!6< z&HsKCV)^!iolU8gE)}&QpZ7XIpD6((HvoNX7ffNMe)hqb1n*7Q*Emnq5()7!Htn3h zUYaz_098-Nuc9-CaP6pX-Iq9Dtbm4+!l-cz^bktd{~4{c%$@ez9Ir@PD+Ev4ojx*)^P4*=5u0Bb z!o2*=H6OZMUC8|f7p3pgz`?%(SOY%*|ex#JHQd{MJxA67~-h<-;4Ml;G9+ZtB>XoanmQc$`V z;IS6C+Kz%f+5XdzJU7v3??+P~lE9h9aF&gz><%ld_wMQbG*|(wfc2y=u}%51UYq+s|?bjX3dEUD~^tgv}gjk~lS~EkbKn@Ia(Gt<7O)p{fn`?i;=!gG)t@RBS z!knz7$J*0&p7t_9PrZ)f^=s0`9qaVc#w0L8S?+MjmlGmzF=_Z9~C?ByYI8q~iORbkkWwiAf3H`Btx{hPq8qmXJewl)`B=5xfkvk&-5-zzDJUZoN| zetSJd=#Nmiutv;O#JQ+5*<+WG$>k(4f@n43(lxhqy8{iOORxrRSrdu2LbUhI@VVWI zh-YmSve$p~aHh27Qr27JMfI|%=(V?5*2aj2xXpozBk^{0=w!A_+HXIhsCI}fMD}%m z7`qOmakvuFHbHIy(&}5Bn}t@Z0U{PpgxpEc9+oe>y%&4H|KdJnk>B;hk(ZZhyeof= zF(ETTPkADMszkz7v)M6yk&LZva&TVDE!ITvWV*8P3DyQ70=_i9f6!{`=b|K-AT%CX zra}J#7*)L`vp{F_e1{SHqOM)#1&sp99L+`2O_4kGeQ)2-cs(p&xjG98aTlE41SnlT zs3B(NkS1{7)9!(%OciC5K)K23ICVz0#qnRZV5Ukz?xd?B!K4kq=eb95kaS$H9S=7` zny+~;7J9-YhwEufU)frh%xs$+{Bw^5Mr@;0xC*#+D?-%7t0xY{m&9N!=yenrMw&hy zsAvq6+_^RUspOP_!cQiZ|H$DJ>0V z8=dd(f4I}6Cj=5 zP1I*_?dAvN%Q?&zp>HOQqkiN7_a5A$FLnusjSlm-gHoq2P!CZQ@Ix)2e_) zyDet7p7W@@E0(koM37UEMgIokE$Dy4$yvbhxX+ui?D)m0CDPoBxObP7&tP`c=dKt> zDrsFe=jJ{$88F6OQeN1?bOw*i2$%QF*1|~BG6g-hqkXD+mkYQCpXQC$f+ow*2@S;- z{Wcd~rj=gujEO)og1nI!MDUinF!J~QjV0zP3Ut+y3v{QT3nCllIo8_ScV<&N*E=~` zCzow9ZrsBV_>Ygf6)+#wR}c37^z?JqS~{*K%~{FJvIToc&UWoWug%g2%T!^Cq43P! zu#sS0qM2fnYK40H&}$kwyZ5z(6=DrC-UObwBwdPY9Lsf0E|x(iu^lbW>q+sZu1j3W zpT^LH$Er2J^^WRiGjyv|&dBslA({IxGyaS^t5c0`jM{yGj6^^=DnRUg;&WN=(@bCX zinDn;vIk!yBz%>WkV|)MUHmPlY_9tMe^gZq63lT#??66>1R?O39?r;jI)UrTrXCLt zZ>jD9mlQQ!B&dh{|Du0XusjSa(}Vz*r0UO<>4L6vORTTQOF5CByt&KG%`Nc_@C3l; zF5o!dy?ghA7#O0tapOiB3~= 3.1.0" + ## Description / note + description: This CVE needs to be fixed in the alpine base image of nginx container. + diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/NOTES.txt b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/NOTES.txt new file mode 100644 index 000000000..019ed74df --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/NOTES.txt @@ -0,0 +1,118 @@ +Congratulations. You have just deployed JFrog Artifactory HA! + +{{- if .Values.artifactory.masterKey }} +{{- if and (not .Values.artifactory.masterKeySecretName) (eq .Values.artifactory.masterKey "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF") }} + + +***************************************** WARNING ****************************************** +* Your Artifactory master key is still set to the provided example: * +* artifactory.masterKey=FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF * +* * +* You should change this to your own generated key: * +* $ export MASTER_KEY=$(openssl rand -hex 32) * +* $ echo ${MASTER_KEY} * +* * +* Pass the created master key to helm with '--set artifactory.masterKey=${MASTER_KEY}' * +* * +* Alternatively, you can use a pre-existing secret with a key called master-key with * +* '--set artifactory.masterKeySecretName=${SECRET_NAME}' * +******************************************************************************************** +{{- end }} +{{- end }} + +{{- if .Values.artifactory.joinKey }} +{{- if eq .Values.artifactory.joinKey "EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE" }} + + +***************************************** WARNING ****************************************** +* Your Artifactory join key is still set to the provided example: * +* artifactory.joinKey=EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE * +* * +* You should change this to your own generated key: * +* $ export JOIN_KEY=$(openssl rand -hex 32) * +* $ echo ${JOIN_KEY} * +* * +* Pass the created master key to helm with '--set artifactory.joinKey=${JOIN_KEY}' * +* * +******************************************************************************************** +{{- end }} +{{- end }} + + +{{- if .Values.postgresql.enabled }} + +DATABASE: +To extract the database password, run the following +export DB_PASSWORD=$(kubectl get --namespace {{ .Release.Namespace }} $(kubectl get secret --namespace {{ .Release.Namespace }} -o name | grep postgresql) -o jsonpath="{.data.postgresql-password}" | base64 --decode) +echo ${DB_PASSWORD} +{{- end }} + +SETUP: +1. Get the Artifactory IP and URL + + {{- if contains "NodePort" .Values.nginx.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "artifactory-ha.nginx.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT/ + + {{- else if contains "LoadBalancer" .Values.nginx.service.type }} + NOTE: It may take a few minutes for the LoadBalancer public IP to be available! + + You can watch the status of the service by running 'kubectl get svc -w {{ template "artifactory-ha.nginx.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "artifactory-ha.nginx.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo http://$SERVICE_IP/ + + {{- else if contains "ClusterIP" .Values.nginx.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "component={{ .Values.nginx.name }}" -o jsonpath="{.items[0].metadata.name}") + kubectl port-forward --namespace {{ .Release.Namespace }} $POD_NAME 8080:80 + echo http://127.0.0.1:8080 + + {{- end }} + +2. Open Artifactory in your browser + Default credential for Artifactory: + user: admin + password: password + + {{- if .Values.artifactory.license.secret }} + +3. Artifactory license(s) is deployed as a Kubernetes secret. This method is relevant for initial deployment only! + Updating the license should be done via Artifactory UI or REST API. If you want to keep managing the artifactory license using the same method, you can use artifactory.copyOnEveryStartup in values.yaml. + + {{- else }} + +3. Add HA licenses to activate Artifactory HA through the Artifactory UI + NOTE: Each Artifactory node requires a valid license. See https://www.jfrog.com/confluence/display/RTF/HA+Installation+and+Setup for more details. + + {{- end }} + +{{ if or .Values.artifactory.primary.javaOpts.jmx.enabled .Values.artifactory.node.javaOpts.jmx.enabled }} +JMX configuration: +{{- if not (contains "LoadBalancer" .Values.artifactory.service.type) }} +If you want to access JMX from you computer with jconsole, you should set ".Values.artifactory.service.type=LoadBalancer" !!! +{{ end }} + +1. Get the Artifactory service IP: +{{- if .Values.artifactory.primary.javaOpts.jmx.enabled }} +export PRIMARY_SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "artifactory-ha.primary.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') +{{- end }} +{{- if .Values.artifactory.node.javaOpts.jmx.enabled }} +export MEMBER_SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "artifactory-ha.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') +{{- end }} + +2. Map the service name to the service IP in /etc/hosts: +{{- if .Values.artifactory.primary.javaOpts.jmx.enabled }} +sudo sh -c "echo \"${PRIMARY_SERVICE_IP} {{ template "artifactory-ha.primary.name" . }}\" >> /etc/hosts" +{{- end }} +{{- if .Values.artifactory.node.javaOpts.jmx.enabled }} +sudo sh -c "echo \"${MEMBER_SERVICE_IP} {{ template "artifactory-ha.fullname" . }}\" >> /etc/hosts" +{{- end }} + +3. Launch jconsole: +{{- if .Values.artifactory.primary.javaOpts.jmx.enabled }} +jconsole {{ template "artifactory-ha.primary.name" . }}:{{ .Values.artifactory.primary.javaOpts.jmx.port }} +{{- end }} +{{- if .Values.artifactory.node.javaOpts.jmx.enabled }} +jconsole {{ template "artifactory-ha.fullname" . }}:{{ .Values.artifactory.node.javaOpts.jmx.port }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/_helpers.tpl b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/_helpers.tpl new file mode 100644 index 000000000..04109d8c4 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/_helpers.tpl @@ -0,0 +1,292 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "artifactory-ha.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +The primary node name +*/}} +{{- define "artifactory-ha.primary.name" -}} +{{- if .Values.nameOverride -}} +{{- printf "%s-primary" .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := .Release.Name | trunc 29 -}} +{{- printf "%s-%s-primary" $name .Chart.Name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} + +{{/* +The member node name +*/}} +{{- define "artifactory-ha.node.name" -}} +{{- if .Values.nameOverride -}} +{{- printf "%s-member" .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := .Release.Name | trunc 29 -}} +{{- printf "%s-%s-member" $name .Chart.Name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} + +{{/* +Expand the name nginx service. +*/}} +{{- define "artifactory-ha.nginx.name" -}} +{{- default .Values.nginx.name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "artifactory-ha.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create a default fully qualified Replicator app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "artifactory-ha.replicator.fullname" -}} +{{- if .Values.artifactory.replicator.ingress.name -}} +{{- .Values.artifactory.replicator.ingress.name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-replication" .Chart.Name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} + +{{/* +Create a default fully qualified replicator tracker ingress name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "artifactory-ha.replicator.tracker.fullname" -}} +{{- if .Values.artifactory.replicator.trackerIngress.name -}} +{{- .Values.artifactory.replicator.trackerIngress.name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-replication-tracker" .Chart.Name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "artifactory-ha.nginx.fullname" -}} +{{- if .Values.nginx.fullnameOverride -}} +{{- .Values.nginx.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nginx.name -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "artifactory-ha.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} +{{ default (include "artifactory-ha.fullname" .) .Values.serviceAccount.name }} +{{- else -}} +{{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "artifactory-ha.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Generate SSL certificates +*/}} +{{- define "artifactory-ha.gen-certs" -}} +{{- $altNames := list ( printf "%s.%s" (include "artifactory-ha.name" .) .Release.Namespace ) ( printf "%s.%s.svc" (include "artifactory-ha.name" .) .Release.Namespace ) -}} +{{- $ca := genCA "artifactory-ca" 365 -}} +{{- $cert := genSignedCert ( include "artifactory-ha.name" . ) nil $altNames 365 $ca -}} +tls.crt: {{ $cert.Cert | b64enc }} +tls.key: {{ $cert.Key | b64enc }} +{{- end -}} + +{{/* +Scheme (http/https) based on Access TLS enabled/disabled +*/}} +{{- define "artifactory-ha.scheme" -}} +{{- if .Values.access.accessConfig.security.tls -}} +{{- printf "%s" "https" -}} +{{- else -}} +{{- printf "%s" "http" -}} +{{- end -}} +{{- end -}} + +{{/* +Resolve joinKey value +*/}} +{{- define "artifactory-ha.joinKey" -}} +{{- if .Values.global.joinKey -}} +{{- .Values.global.joinKey -}} +{{- else if .Values.artifactory.joinKey -}} +{{- .Values.artifactory.joinKey -}} +{{- end -}} +{{- end -}} + +{{/* +Resolve masterKey value +*/}} +{{- define "artifactory-ha.masterKey" -}} +{{- if .Values.global.masterKey -}} +{{- .Values.global.masterKey -}} +{{- else if .Values.artifactory.masterKey -}} +{{- .Values.artifactory.masterKey -}} +{{- end -}} +{{- end -}} + +{{/* +Resolve joinKeySecretName value +*/}} +{{- define "artifactory-ha.joinKeySecretName" -}} +{{- if .Values.global.joinKeySecretName -}} +{{- .Values.global.joinKeySecretName -}} +{{- else if .Values.artifactory.joinKeySecretName -}} +{{- .Values.artifactory.joinKeySecretName -}} +{{- else -}} +{{ include "artifactory-ha.fullname" . }} +{{- end -}} +{{- end -}} + +{{/* +Resolve masterKeySecretName value +*/}} +{{- define "artifactory-ha.masterKeySecretName" -}} +{{- if .Values.global.masterKeySecretName -}} +{{- .Values.global.masterKeySecretName -}} +{{- else if .Values.artifactory.masterKeySecretName -}} +{{- .Values.artifactory.masterKeySecretName -}} +{{- else -}} +{{ include "artifactory-ha.fullname" . }} +{{- end -}} +{{- end -}} + +{{/* +Resolve imagePullSecrets value +*/}} +{{- define "artifactory-ha.imagePullSecrets" -}} +{{- if .Values.global.imagePullSecrets }} +imagePullSecrets: +{{- range .Values.global.imagePullSecrets }} + - name: {{ . }} +{{- end }} +{{- else if .Values.imagePullSecrets }} +imagePullSecrets: +{{- range .Values.imagePullSecrets }} + - name: {{ . }} +{{- end }} +{{- end -}} +{{- end -}} + +{{/* +Resolve customInitContainersBegin value +*/}} +{{- define "artifactory-ha.customInitContainersBegin" -}} +{{- if .Values.global.customInitContainersBegin -}} +{{- .Values.global.customInitContainersBegin -}} +{{- else if .Values.artifactory.customInitContainersBegin -}} +{{- .Values.artifactory.customInitContainersBegin -}} +{{- end -}} +{{- end -}} + +{{/* +Resolve customInitContainers value +*/}} +{{- define "artifactory-ha.customInitContainers" -}} +{{- if .Values.global.customInitContainers -}} +{{- .Values.global.customInitContainers -}} +{{- else if .Values.artifactory.customInitContainers -}} +{{- .Values.artifactory.customInitContainers -}} +{{- end -}} +{{- end -}} + +{{/* +Resolve customVolumes value +*/}} +{{- define "artifactory-ha.customVolumes" -}} +{{- if .Values.global.customVolumes -}} +{{- .Values.global.customVolumes -}} +{{- else if .Values.artifactory.customVolumes -}} +{{- .Values.artifactory.customVolumes -}} +{{- end -}} +{{- end -}} + +{{/* +Resolve customVolumeMounts value +*/}} +{{- define "artifactory-ha.customVolumeMounts" -}} +{{- if .Values.global.customVolumeMounts -}} +{{- .Values.global.customVolumeMounts -}} +{{- else if .Values.artifactory.customVolumeMounts -}} +{{- .Values.artifactory.customVolumeMounts -}} +{{- end -}} +{{- end -}} + +{{/* +Resolve customSidecarContainers value +*/}} +{{- define "artifactory-ha.customSidecarContainers" -}} +{{- if .Values.global.customSidecarContainers -}} +{{- .Values.global.customSidecarContainers -}} +{{- else if .Values.artifactory.customSidecarContainers -}} +{{- .Values.artifactory.customSidecarContainers -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper artifactory chart image names +*/}} +{{- define "artifactory-ha.getImageInfoByValue" -}} +{{- $dot := index . 0 }} +{{- $indexReference := index . 1 }} +{{- $registryName := index $dot.Values $indexReference "image" "registry" -}} +{{- $repositoryName := index $dot.Values $indexReference "image" "repository" -}} +{{- $tag := default $dot.Chart.AppVersion (index $dot.Values $indexReference "image" "tag") | toString -}} +{{- if $dot.Values.global }} + {{- if and $dot.Values.global.versions.artifactory (or (eq $indexReference "artifactory") (eq $indexReference "nginx") ) }} + {{- $tag = $dot.Values.global.versions.artifactory | toString -}} + {{- end -}} + {{- if $dot.Values.global.imageRegistry }} + {{- printf "%s/%s:%s" $dot.Values.global.imageRegistry $repositoryName $tag -}} + {{- else -}} + {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} + {{- end -}} +{{- else -}} + {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper artifactory app version +*/}} +{{- define "artifactory-ha.app.version" -}} +{{- $image := split ":" ((include "artifactory-ha.getImageInfoByValue" (list . "artifactory")) | toString) -}} +{{- $tag := $image._1 -}} +{{- printf "%s" $tag -}} +{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/additional-resources.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/additional-resources.yaml new file mode 100644 index 000000000..c4d06f08a --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/additional-resources.yaml @@ -0,0 +1,3 @@ +{{ if .Values.additionalResources }} +{{ tpl .Values.additionalResources . }} +{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/admin-bootstrap-creds.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/admin-bootstrap-creds.yaml new file mode 100644 index 000000000..b344e86b6 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/admin-bootstrap-creds.yaml @@ -0,0 +1,15 @@ +{{- if not (and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey) }} +{{- if .Values.artifactory.admin.password }} +kind: Secret +apiVersion: v1 +metadata: + name: {{ template "artifactory-ha.fullname" . }}-bootstrap-creds + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +data: + bootstrap.creds: {{ (printf "%s@%s=%s" .Values.artifactory.admin.username .Values.artifactory.admin.ip .Values.artifactory.admin.password) | b64enc }} +{{- end }} +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-access-config.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-access-config.yaml new file mode 100644 index 000000000..4eac505bc --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-access-config.yaml @@ -0,0 +1,15 @@ +{{- if .Values.access.accessConfig }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "artifactory-ha.fullname" . }}-access-config + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +type: Opaque +stringData: + access.config.patch.yml: | +{{ tpl (toYaml .Values.access.accessConfig) . | indent 4 }} +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-binarystore-secret.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-binarystore-secret.yaml new file mode 100644 index 000000000..2e7cac758 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-binarystore-secret.yaml @@ -0,0 +1,14 @@ +{{- if not .Values.artifactory.persistence.customBinarystoreXmlSecret }} +kind: Secret +apiVersion: v1 +metadata: + name: {{ template "artifactory-ha.fullname" . }}-binarystore + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +stringData: + binarystore.xml: |- +{{ tpl .Values.artifactory.persistence.binarystoreXml . | indent 4 }} +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-configmaps.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-configmaps.yaml new file mode 100644 index 000000000..1385bc578 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-configmaps.yaml @@ -0,0 +1,13 @@ +{{ if .Values.artifactory.configMaps }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "artifactory-ha.fullname" . }}-configmaps + labels: + app: {{ template "artifactory-ha.fullname" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +data: +{{ tpl .Values.artifactory.configMaps . | indent 2 }} +{{ end -}} \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-custom-secrets.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-custom-secrets.yaml new file mode 100644 index 000000000..67473fc58 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-custom-secrets.yaml @@ -0,0 +1,19 @@ +{{- if .Values.artifactory.customSecrets }} +{{- range .Values.artifactory.customSecrets }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "artifactory-ha.fullname" $ }}-{{ .name }} + labels: + app: "{{ template "artifactory-ha.name" $ }}" + chart: "{{ template "artifactory-ha.chart" $ }}" + component: "{{ $.Values.artifactory.name }}" + heritage: {{ $.Release.Service | quote }} + release: {{ $.Release.Name | quote }} +type: Opaque +stringData: + {{ .key }}: | +{{ .data | indent 4 -}} +{{- end -}} +{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-database-secrets.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-database-secrets.yaml new file mode 100644 index 000000000..9ff71855f --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-database-secrets.yaml @@ -0,0 +1,22 @@ +{{- if and (not .Values.database.secrets) (not .Values.postgresql.enabled) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "artifactory-ha.fullname" . }}-database-creds + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +type: Opaque +data: + {{- with .Values.database.url }} + db-url: {{ tpl . $ | b64enc | quote }} + {{- end }} + {{- with .Values.database.user }} + db-user: {{ tpl . $ | b64enc | quote }} + {{- end }} + {{- with .Values.database.password }} + db-password: {{ tpl . $ | b64enc | quote }} + {{- end }} +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-gcp-credentials-secret.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-gcp-credentials-secret.yaml new file mode 100644 index 000000000..c6a2682c8 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-gcp-credentials-secret.yaml @@ -0,0 +1,16 @@ +{{- if not .Values.artifactory.persistence.googleStorage.gcpServiceAccount.customSecretName }} +{{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} +kind: Secret +apiVersion: v1 +metadata: + name: {{ template "artifactory-ha.fullname" . }}-gcpcreds + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +stringData: + gcp.credentials.json: |- +{{ tpl .Values.artifactory.persistence.googleStorage.gcpServiceAccount.config . | indent 4 }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-installer-info.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-installer-info.yaml new file mode 100644 index 000000000..e58ec41b3 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-installer-info.yaml @@ -0,0 +1,12 @@ +kind: ConfigMap +apiVersion: v1 +metadata: + name: {{ template "artifactory-ha.fullname" . }}-installer-info + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +data: + installer-info.json: | + {{ tpl .Values.installerInfo . }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-license-secret.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-license-secret.yaml new file mode 100644 index 000000000..3f629c6e4 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-license-secret.yaml @@ -0,0 +1,14 @@ +{{- with .Values.artifactory.license.licenseKey }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "artifactory-ha.fullname" $ }}-license + labels: + app: {{ template "artifactory-ha.name" $ }} + chart: {{ template "artifactory-ha.chart" $ }} + heritage: {{ $.Release.Service }} + release: {{ $.Release.Name }} +type: Opaque +data: + artifactory.lic: {{ . | b64enc | quote }} +{{- end }} \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-migration-scripts.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-migration-scripts.yaml new file mode 100644 index 000000000..fe40f980f --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-migration-scripts.yaml @@ -0,0 +1,18 @@ +{{- if .Values.artifactory.migration.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "artifactory-ha.fullname" . }}-migration-scripts + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +data: + migrate.sh: | +{{ .Files.Get "files/migrate.sh" | indent 4 }} + migrationHelmInfo.yaml: | +{{ .Files.Get "files/migrationHelmInfo.yaml" | indent 4 }} + migrationStatus.sh: | +{{ .Files.Get "files/migrationStatus.sh" | indent 4 }} +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-networkpolicy.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-networkpolicy.yaml new file mode 100644 index 000000000..371dc9a5f --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-networkpolicy.yaml @@ -0,0 +1,34 @@ +{{- range .Values.networkpolicy }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ template "artifactory-ha.fullname" $ }}-{{ .name }}-networkpolicy + labels: + app: {{ template "artifactory-ha.name" $ }} + chart: {{ template "artifactory-ha.chart" $ }} + release: {{ $.Release.Name }} + heritage: {{ $.Release.Service }} +spec: +{{- if .podSelector }} + podSelector: +{{ .podSelector | toYaml | trimSuffix "\n" | indent 4 -}} +{{ else }} + podSelector: {} +{{- end }} + policyTypes: + {{- if .ingress }} + - Ingress + {{- end }} + {{- if .egress }} + - Egress + {{- end }} +{{- if .ingress }} + ingress: +{{ .ingress | toYaml | trimSuffix "\n" | indent 2 -}} +{{- end }} +{{- if .egress }} + egress: +{{ .egress | toYaml | trimSuffix "\n" | indent 2 -}} +{{- end }} +--- +{{- end -}} \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-nfs-pvc.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-nfs-pvc.yaml new file mode 100644 index 000000000..6ed7d82f6 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-nfs-pvc.yaml @@ -0,0 +1,101 @@ +{{- if eq .Values.artifactory.persistence.type "nfs" }} +### Artifactory HA data +apiVersion: v1 +kind: PersistentVolume +metadata: + name: {{ template "artifactory-ha.fullname" . }}-data-pv + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + id: {{ template "artifactory-ha.name" . }}-data-pv + type: nfs-volume +spec: + {{- if .Values.artifactory.persistence.nfs.mountOptions }} + mountOptions: +{{ toYaml .Values.artifactory.persistence.nfs.mountOptions | indent 4 }} + {{- end }} + capacity: + storage: {{ .Values.artifactory.persistence.nfs.capacity }} + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + nfs: + server: {{ .Values.artifactory.persistence.nfs.ip }} + path: "{{ .Values.artifactory.persistence.nfs.haDataMount }}" + readOnly: false +--- +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ template "artifactory-ha.fullname" . }}-data-pvc + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + type: nfs-volume +spec: + accessModes: + - ReadWriteOnce + storageClassName: "" + resources: + requests: + storage: {{ .Values.artifactory.persistence.nfs.capacity }} + selector: + matchLabels: + id: {{ template "artifactory-ha.name" . }}-data-pv + app: {{ template "artifactory-ha.name" . }} + release: {{ .Release.Name }} +--- +### Artifactory HA backup +apiVersion: v1 +kind: PersistentVolume +metadata: + name: {{ template "artifactory-ha.fullname" . }}-backup-pv + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + id: {{ template "artifactory-ha.name" . }}-backup-pv + type: nfs-volume +spec: + {{- if .Values.artifactory.persistence.nfs.mountOptions }} + mountOptions: +{{ toYaml .Values.artifactory.persistence.nfs.mountOptions | indent 4 }} + {{- end }} + capacity: + storage: {{ .Values.artifactory.persistence.nfs.capacity }} + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + nfs: + server: {{ .Values.artifactory.persistence.nfs.ip }} + path: "{{ .Values.artifactory.persistence.nfs.haBackupMount }}" + readOnly: false +--- +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ template "artifactory-ha.fullname" . }}-backup-pvc + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + type: nfs-volume +spec: + accessModes: + - ReadWriteOnce + storageClassName: "" + resources: + requests: + storage: {{ .Values.artifactory.persistence.nfs.capacity }} + selector: + matchLabels: + id: {{ template "artifactory-ha.name" . }}-backup-pv + app: {{ template "artifactory-ha.name" . }} + release: {{ .Release.Name }} +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-node-pdb.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-node-pdb.yaml new file mode 100644 index 000000000..cb45027cf --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-node-pdb.yaml @@ -0,0 +1,20 @@ +{{- if .Values.artifactory.node.minAvailable -}} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: {{ template "artifactory-ha.fullname" . }}-node + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + component: {{ .Values.artifactory.name }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + selector: + matchLabels: + component: {{ .Values.artifactory.name }} + app: {{ template "artifactory-ha.name" . }} + role: {{ template "artifactory-ha.node.name" . }} + release: {{ .Release.Name }} + minAvailable: {{ .Values.artifactory.node.minAvailable }} +{{- end }} \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-node-statefulset.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-node-statefulset.yaml new file mode 100644 index 000000000..c5b6f08f4 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-node-statefulset.yaml @@ -0,0 +1,736 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ template "artifactory-ha.node.name" . }} + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + component: {{ .Values.artifactory.name }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +{{- with .Values.artifactory.node.labels }} +{{ toYaml . | indent 4 }} +{{- end }} +spec: + serviceName: {{ template "artifactory-ha.node.name" . }} + replicas: {{ .Values.artifactory.node.replicaCount }} + updateStrategy: + type: RollingUpdate + selector: + matchLabels: + app: {{ template "artifactory-ha.name" . }} + role: {{ template "artifactory-ha.node.name" . }} + release: {{ .Release.Name }} + template: + metadata: + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + role: {{ template "artifactory-ha.node.name" . }} + heritage: {{ .Release.Service }} + component: {{ .Values.artifactory.name }} + release: {{ .Release.Name }} + {{- with .Values.artifactory.node.labels }} +{{ toYaml . | indent 8 }} + {{- end }} + annotations: + checksum/database-secrets: {{ include (print $.Template.BasePath "/artifactory-database-secrets.yaml") . | sha256sum }} + checksum/binarystore: {{ include (print $.Template.BasePath "/artifactory-binarystore-secret.yaml") . | sha256sum }} + checksum/systemyaml: {{ include (print $.Template.BasePath "/artifactory-system-yaml.yaml") . | sha256sum }} + {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} + checksum/gcpcredentials: {{ include (print $.Template.BasePath "/artifactory-gcp-credentials-secret.yaml") . | sha256sum }} + {{- end }} + {{- range $key, $value := .Values.artifactory.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + spec: + {{- if .Values.artifactory.priorityClass.existingPriorityClass }} + priorityClassName: {{ .Values.artifactory.priorityClass.existingPriorityClass }} + {{- else -}} + {{- if .Values.artifactory.priorityClass.create }} + priorityClassName: {{ default (include "artifactory-ha.fullname" .) .Values.artifactory.priorityClass.name }} + {{- end }} + {{- end }} + serviceAccountName: {{ template "artifactory-ha.serviceAccountName" . }} + terminationGracePeriodSeconds: {{ .Values.artifactory.terminationGracePeriodSeconds }} + {{- if or .Values.imagePullSecrets .Values.global.imagePullSecrets }} +{{- include "artifactory-ha.imagePullSecrets" . | indent 6 }} + {{- end }} + {{- if .Values.artifactory.setSecurityContext }} + securityContext: + runAsUser: {{ .Values.artifactory.uid }} + fsGroup: {{ .Values.artifactory.gid }} + {{- end }} + initContainers: + {{- if or .Values.artifactory.customInitContainersBegin .Values.global.customInitContainersBegin }} +{{ tpl (include "artifactory-ha.customInitContainersBegin" .) . | indent 6 }} + {{- end }} + {{- if .Values.artifactory.persistence.enabled }} + {{- if eq .Values.artifactory.persistence.type "file-system" }} + {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} + - name: "create-artifactory-data-dir" + image: "{{ .Values.initContainerImage }}" + imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} + command: + - 'sh' + - '-c' + - > + mkdir -p {{ tpl .Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir . }}; + resources: +{{ toYaml .Values.initContainers.resources | indent 10 }} + volumeMounts: + - mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} + name: volume + {{- end }} + {{- end }} + {{- if .Values.artifactory.deleteDBPropertiesOnStartup }} + - name: "delete-db-properties" + image: "{{ .Values.initContainerImage }}" + imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} + command: + - 'sh' + - '-c' + - 'rm -fv {{ .Values.artifactory.persistence.mountPath }}/etc/db.properties' + resources: +{{ toYaml .Values.initContainers.resources | indent 10 }} + volumeMounts: + - mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} + name: volume + {{- end }} + {{- end }} + {{- if and .Values.artifactory.node.waitForPrimaryStartup.enabled }} + - name: "wait-for-primary" + image: "{{ .Values.initContainerImage }}" + imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} + command: + - 'sh' + - '-c' + - > + echo "Waiting for primary node to be ready..."; + {{- if and .Values.artifactory.node.waitForPrimaryStartup.enabled .Values.artifactory.node.waitForPrimaryStartup.time }} + echo "Sleeping to allow time for primary node to come up"; + sleep {{ .Values.artifactory.node.waitForPrimaryStartup.time }}; + {{- else }} + while [ "$(wget --spider --no-check-certificate -S -T 3 {{ include "artifactory-ha.scheme" . }}://{{ template "artifactory-ha.primary.name" . }}:{{ .Values.artifactory.externalPort }}/ 2>&1 | grep '^ HTTP/' | awk '{print $2}')" != "200" ]; + do echo "Primary not ready. Waiting..."; sleep 3; + done; + echo "Primary node ready!"; + {{- end }} + resources: +{{ toYaml .Values.initContainers.resources | indent 10 }} + {{- end }} + - name: 'copy-system-yaml' + image: '{{ .Values.initContainerImage }}' + command: + - '/bin/sh' + - '-c' + - > + echo "Copy system.yaml to {{ .Values.artifactory.persistence.mountPath }}/etc"; + mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc; + mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/access/keys/trusted; + {{- if .Values.systemYamlOverride.existingSecret }} + cp -fv /tmp/etc/{{ .Values.systemYamlOverride.dataKey }} {{ .Values.artifactory.persistence.mountPath }}/etc/system.yaml; + {{- else }} + cp -fv /tmp/etc/system.yaml {{ .Values.artifactory.persistence.mountPath }}/etc/system.yaml; + {{- end }} + echo "Remove {{ .Values.artifactory.persistence.mountPath }}/lost+found folder if exists"; + rm -rfv {{ .Values.artifactory.persistence.mountPath }}/lost+found; + echo "Removing join.key file"; + rm -fv {{ .Values.artifactory.persistence.mountPath }}/etc/security/join.key; + {{- if .Values.access.resetAccessCAKeys }} + echo "Resetting Access CA Keys - load from database"; + {{- end }} + {{- if .Values.access.customCertificatesSecretName }} + echo "Load custom certificates from database"; + {{- end }} + {{- if or .Values.artifactory.masterKey .Values.global.masterKey .Values.artifactory.masterKeySecretName .Values.global.masterKeySecretName }} + echo "Copy masterKey to {{ .Values.artifactory.persistence.mountPath }}/etc/security"; + mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/security; + echo -n ${ARTIFACTORY_MASTER_KEY} > {{ .Values.artifactory.persistence.mountPath }}/etc/security/master.key; + env: + - name: ARTIFACTORY_MASTER_KEY + valueFrom: + secretKeyRef: + name: {{ include "artifactory-ha.masterKeySecretName" . }} + key: master-key + {{- end }} + resources: +{{ toYaml .Values.initContainers.resources | indent 10 }} + volumeMounts: + - name: volume + mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} + {{- if or .Values.systemYamlOverride.existingSecret .Values.artifactory.systemYaml }} + - name: systemyaml + {{- if .Values.systemYamlOverride.existingSecret }} + mountPath: "/tmp/etc/{{.Values.systemYamlOverride.dataKey}}" + subPath: {{ .Values.systemYamlOverride.dataKey }} + {{- else if .Values.artifactory.systemYaml }} + mountPath: "/tmp/etc/system.yaml" + subPath: system.yaml + {{- end }} + {{- end }} + {{- if and .Values.artifactory.customPersistentPodVolumeClaim (not .Values.artifactory.customPersistentPodVolumeClaim.skipPrepareContainer) }} + - name: "prepare-custom-persistent-volume" + image: "{{ .Values.initContainerImage }}" + command: + - 'sh' + - '-c' + - > + chown -Rv {{ .Values.artifactory.uid }}:{{ .Values.artifactory.gid }} {{ .Values.artifactory.customPersistentPodVolumeClaim.mountPath }} + securityContext: + runAsUser: 0 + resources: +{{ toYaml .Values.initContainers.resources | indent 10 }} + volumeMounts: + - name: {{ .Values.artifactory.customPersistentPodVolumeClaim.name }} + mountPath: {{ .Values.artifactory.customPersistentPodVolumeClaim.mountPath }} + {{- end }} + {{- if .Values.waitForDatabase }} + {{- if or .Values.postgresql.enabled }} + - name: "wait-for-db" + image: "{{ .Values.initContainerImage }}" + command: + - 'sh' + - '-c' + - > + until nc -z -w 2 {{ .Release.Name }}-postgresql {{ .Values.postgresql.service.port }} && echo database ok; do + sleep 2; + done; + resources: +{{ toYaml .Values.initContainers.resources | indent 10 }} + {{- end }} + {{- end }} + {{- if or .Values.artifactory.customInitContainers .Values.global.customInitContainers }} +{{ tpl (include "artifactory-ha.customInitContainers" .) . | indent 6 }} + {{- end }} +{{- if .Values.artifactory.migration.enabled }} + - name: 'migration-artifactory-ha' + image: {{ include "artifactory-ha.getImageInfoByValue" (list . "artifactory") }} + imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} + securityContext: + allowPrivilegeEscalation: false + command: + - '/bin/bash' + - '-c' + - > + {{- if .Values.artifactory.migration.preStartCommand }} + echo "Running custom preStartCommand command"; + {{ tpl .Values.artifactory.migration.preStartCommand . }}; + {{- end }} + scriptsPath="/opt/jfrog/artifactory/app/bin"; + mkdir -p $scriptsPath; + echo "Copy migration scripts and Run migration"; + cp -fv /tmp/migrate.sh $scriptsPath/migrate.sh; + cp -fv /tmp/migrationHelmInfo.yaml $scriptsPath/migrationHelmInfo.yaml; + cp -fv /tmp/migrationStatus.sh $scriptsPath/migrationStatus.sh; + mkdir -p {{ .Values.artifactory.persistence.mountPath }}/log; + bash $scriptsPath/migrationStatus.sh {{ include "artifactory-ha.app.version" . }} {{ .Values.artifactory.migration.timeoutSeconds }} > >(tee {{ .Values.artifactory.persistence.mountPath }}/log/helm-migration.log) 2>&1; + resources: +{{ toYaml .Values.artifactory.node.resources | indent 10 }} + env: + {{- if and (not .Values.waitForDatabase) (not .Values.postgresql.enabled) }} + - name: SKIP_WAIT_FOR_EXTERNAL_DB + value: "true" + {{- end }} + {{- if or .Values.database.secrets.user .Values.database.user }} + - name: JF_SHARED_DATABASE_USERNAME + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.user }} + name: {{ tpl .Values.database.secrets.user.name . }} + key: {{ tpl .Values.database.secrets.user.key . }} + {{- else if .Values.database.user }} + name: {{ template "artifactory-ha.fullname" . }}-database-creds + key: db-user + {{- end }} + {{- end }} + {{ if or .Values.database.secrets.password .Values.database.password .Values.postgresql.enabled }} + - name: JF_SHARED_DATABASE_PASSWORD + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.password }} + name: {{ tpl .Values.database.secrets.password.name . }} + key: {{ tpl .Values.database.secrets.password.key . }} + {{- else if .Values.database.password }} + name: {{ template "artifactory-ha.fullname" . }}-database-creds + key: db-password + {{- else if .Values.postgresql.enabled }} + name: {{ .Release.Name }}-postgresql + key: postgresql-password + {{- end }} + {{- end }} + {{- if or .Values.database.secrets.url .Values.database.url }} + - name: JF_SHARED_DATABASE_URL + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.url }} + name: {{ tpl .Values.database.secrets.url.name . }} + key: {{ tpl .Values.database.secrets.url.key . }} + {{- else if .Values.database.url }} + name: {{ template "artifactory-ha.fullname" . }}-database-creds + key: db-url + {{- end }} + {{- end }} + - name: JF_SHARED_NODE_PRIMARY + value: "false" + - name: JF_SHARED_NODE_HAENABLED + value: "true" +{{- with .Values.artifactory.extraEnvironmentVariables }} +{{ tpl (toYaml .) $ | indent 8 }} +{{- end }} + volumeMounts: + - name: migration-scripts + mountPath: "/tmp/migrate.sh" + subPath: migrate.sh + - name: migration-scripts + mountPath: "/tmp/migrationHelmInfo.yaml" + subPath: migrationHelmInfo.yaml + - name: migration-scripts + mountPath: "/tmp/migrationStatus.sh" + subPath: migrationStatus.sh + - name: volume + mountPath: "{{ .Values.artifactory.persistence.mountPath }}" + {{- if eq .Values.artifactory.persistence.type "file-system" }} + {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} + {{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }} + - name: artifactory-ha-data-{{ $sharedClaimNumber }} + mountPath: "{{ tpl $.Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir $ }}/filestore{{ $sharedClaimNumber }}" + {{- end }} + - name: artifactory-ha-backup + mountPath: "{{ $.Values.artifactory.persistence.fileSystem.existingSharedClaim.backupDir }}" + {{- end }} + {{- end }} + {{- if or .Values.artifactory.customVolumeMounts .Values.global.customVolumeMounts }} +{{ tpl (include "artifactory-ha.customVolumeMounts" .) . | indent 8 }} + {{- end }} + {{- if eq .Values.artifactory.persistence.type "nfs" }} + - name: artifactory-ha-data + mountPath: "{{ .Values.artifactory.persistence.nfs.dataDir }}" + - name: artifactory-ha-backup + mountPath: "{{ .Values.artifactory.persistence.nfs.backupDir }}" + {{- else }} + {{- if .Values.artifactory.binarystore.enabled }} + - name: binarystore-xml + mountPath: "/artifactory_bootstrap/binarystore.xml" + subPath: binarystore.xml + {{- end }} + {{- end }} + {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} + - name: gcpcreds-json + mountPath: "/artifactory_bootstrap/gcp.credentials.json" + subPath: gcp.credentials.json + {{- end }} +{{- end }} + containers: + - name: {{ .Values.artifactory.name }} + image: {{ include "artifactory-ha.getImageInfoByValue" (list . "artifactory") }} + imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} + securityContext: + allowPrivilegeEscalation: false + command: + - '/bin/bash' + - '-c' + - > + set -e; + {{- if .Values.artifactory.preStartCommand }} + echo "Running custom preStartCommand command"; + {{ tpl .Values.artifactory.preStartCommand . }}; + {{- end }} + {{- with .Values.artifactory.node.preStartCommand }} + echo "Running member node specific custom preStartCommand command"; + {{ tpl . $ }}; + {{- end }} + exec /entrypoint-artifactory.sh + {{- with .Values.artifactory.postStartCommand }} + lifecycle: + postStart: + exec: + command: + - '/bin/bash' + - '-c' + - > + echo "Running custom postStartCommand command"; + {{ tpl . $ }} + {{- end }} + env: + {{- if and (not .Values.waitForDatabase) (not .Values.postgresql.enabled) }} + - name: SKIP_WAIT_FOR_EXTERNAL_DB + value: "true" + {{- end }} + {{- if or .Values.database.secrets.user .Values.database.user }} + - name: JF_SHARED_DATABASE_USERNAME + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.user }} + name: {{ tpl .Values.database.secrets.user.name . }} + key: {{ tpl .Values.database.secrets.user.key . }} + {{- else if .Values.database.user }} + name: {{ template "artifactory-ha.fullname" . }}-database-creds + key: db-user + {{- end }} + {{- end }} + {{ if or .Values.database.secrets.password .Values.database.password .Values.postgresql.enabled }} + - name: JF_SHARED_DATABASE_PASSWORD + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.password }} + name: {{ tpl .Values.database.secrets.password.name . }} + key: {{ tpl .Values.database.secrets.password.key . }} + {{- else if .Values.database.password }} + name: {{ template "artifactory-ha.fullname" . }}-database-creds + key: db-password + {{- else if .Values.postgresql.enabled }} + name: {{ .Release.Name }}-postgresql + key: postgresql-password + {{- end }} + {{- end }} + {{- if or .Values.database.secrets.url .Values.database.url }} + - name: JF_SHARED_DATABASE_URL + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.url }} + name: {{ tpl .Values.database.secrets.url.name . }} + key: {{ tpl .Values.database.secrets.url.key . }} + {{- else if .Values.database.url }} + name: {{ template "artifactory-ha.fullname" . }}-database-creds + key: db-url + {{- end }} + {{- end }} + - name: JF_SHARED_NODE_PRIMARY + value: "false" + - name: JF_SHARED_NODE_HAENABLED + value: "true" +{{- with .Values.artifactory.extraEnvironmentVariables }} +{{ tpl (toYaml .) $ | indent 8 }} +{{- end }} + ports: + - containerPort: {{ .Values.artifactory.internalPort }} + name: http + - containerPort: {{ .Values.artifactory.internalArtifactoryPort }} + name: http-internal + {{- if .Values.artifactory.node.javaOpts.jmx.enabled }} + - containerPort: {{ .Values.artifactory.node.javaOpts.jmx.port }} + name: tcp-jmx + {{- end }} + {{- if .Values.artifactory.ssh.enabled }} + - containerPort: {{ .Values.artifactory.ssh.internalPort }} + name: tcp-ssh + {{- end }} + volumeMounts: + {{- if .Values.artifactory.customPersistentVolumeClaim }} + - name: {{ .Values.artifactory.customPersistentVolumeClaim.name }} + mountPath: {{ .Values.artifactory.customPersistentVolumeClaim.mountPath }} + {{- end }} + {{- if .Values.artifactory.customPersistentPodVolumeClaim }} + - name: {{ .Values.artifactory.customPersistentPodVolumeClaim.name }} + mountPath: {{ .Values.artifactory.customPersistentPodVolumeClaim.mountPath }} + {{- end }} + - name: volume + mountPath: "{{ .Values.artifactory.persistence.mountPath }}" + {{- if eq .Values.artifactory.persistence.type "file-system" }} + {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} + {{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }} + - name: artifactory-ha-data-{{ $sharedClaimNumber }} + mountPath: "{{ tpl $.Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir $ }}/filestore{{ $sharedClaimNumber }}" + {{- end }} + - name: artifactory-ha-backup + mountPath: "{{ $.Values.artifactory.persistence.fileSystem.existingSharedClaim.backupDir }}" + {{- end }} + {{- end }} + {{- if eq .Values.artifactory.persistence.type "nfs" }} + - name: artifactory-ha-data + mountPath: "{{ .Values.artifactory.persistence.nfs.dataDir }}" + - name: artifactory-ha-backup + mountPath: "{{ .Values.artifactory.persistence.nfs.backupDir }}" + {{- else }} + {{- if .Values.artifactory.binarystore.enabled }} + - name: binarystore-xml + mountPath: "/artifactory_bootstrap/binarystore.xml" + subPath: binarystore.xml + {{- end }} + {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} + - name: gcpcreds-json + mountPath: "/artifactory_bootstrap/gcp.credentials.json" + subPath: gcp.credentials.json + {{- end }} + {{- if .Values.artifactory.configMapName }} + - name: bootstrap-config + mountPath: "/bootstrap/" + {{- end }} + {{- if or .Values.artifactory.license.secret .Values.artifactory.license.licenseKey }} + - name: artifactory-license + mountPath: "/artifactory_bootstrap/artifactory.cluster.license" + {{- if .Values.artifactory.license.secret }} + subPath: {{ .Values.artifactory.license.dataKey }} + {{- else if .Values.artifactory.license.licenseKey }} + subPath: artifactory.lic + {{- end }} + {{- end }} + {{- end }} + - name: installer-info + mountPath: "/artifactory_bootstrap/info/installer-info.json" + subPath: installer-info.json + {{- if or .Values.artifactory.customVolumeMounts .Values.global.customVolumeMounts }} +{{ tpl (include "artifactory-ha.customVolumeMounts" .) . | indent 8 }} + {{- end }} + resources: +{{ toYaml .Values.artifactory.node.resources | indent 10 }} + {{- if .Values.artifactory.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.artifactory.readinessProbe.path }} + scheme: {{ include "artifactory-ha.scheme" . | upper }} + port: {{ .Values.artifactory.internalPort }} + initialDelaySeconds: {{ .Values.artifactory.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.artifactory.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.artifactory.readinessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.artifactory.readinessProbe.failureThreshold }} + successThreshold: {{ .Values.artifactory.readinessProbe.successThreshold }} + {{- end }} + {{- if .Values.artifactory.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.artifactory.livenessProbe.path }} + scheme: {{ include "artifactory-ha.scheme" . | upper }} + port: {{ .Values.artifactory.internalPort }} + initialDelaySeconds: {{ .Values.artifactory.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.artifactory.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.artifactory.livenessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.artifactory.livenessProbe.failureThreshold }} + successThreshold: {{ .Values.artifactory.livenessProbe.successThreshold }} + {{- end }} + {{- $mountPath := .Values.artifactory.persistence.mountPath }} + {{- range .Values.artifactory.loggers }} + - name: {{ . | replace "_" "-" | replace "." "-" }} + image: {{ include "artifactory-ha.getImageInfoByValue" (list $ "logger") }} + command: + - 'sh' + - '-c' + - 'sh /scripts/tail-log.sh {{ $mountPath }}/log {{ . }}' + volumeMounts: + - name: volume + mountPath: {{ $mountPath }} + - name: tail-logger-script + mountPath: /scripts/tail-log.sh + subPath: tail-log.sh + resources: +{{ toYaml $.Values.artifactory.loggersResources | indent 10 }} + {{- end }} + {{ if .Values.artifactory.catalinaLoggers }} + {{- range .Values.artifactory.catalinaLoggers }} + - name: {{ . | replace "_" "-" | replace "." "-" }} + image: {{ include "artifactory-ha.getImageInfoByValue" (list $ "logger") }} + command: + - 'sh' + - '-c' + - 'sh /scripts/tail-log.sh {{ $mountPath }}/log/tomcat {{ . }}' + volumeMounts: + - name: volume + mountPath: {{ $mountPath }} + - name: tail-logger-script + mountPath: /scripts/tail-log.sh + subPath: tail-log.sh + resources: +{{ toYaml $.Values.artifactory.catalinaLoggersResources | indent 10 }} + {{- end }} + {{- end }} + {{- if .Values.filebeat.enabled }} + - name: {{ .Values.filebeat.name }} + image: "{{ .Values.filebeat.image.repository }}:{{ .Values.filebeat.image.version }}" + imagePullPolicy: {{ .Values.filebeat.image.pullPolicy }} + args: + - "-e" + - "-E" + - "http.enabled=true" + securityContext: + runAsUser: 0 + volumeMounts: + - name: filebeat-config + mountPath: /usr/share/filebeat/filebeat.yml + readOnly: true + subPath: filebeat.yml + - name: volume + mountPath: "{{ .Values.artifactory.persistence.mountPath }}" + livenessProbe: +{{ toYaml .Values.filebeat.livenessProbe | indent 10 }} + readinessProbe: +{{ toYaml .Values.filebeat.readinessProbe | indent 10 }} + resources: +{{ toYaml .Values.filebeat.resources | indent 10 }} + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriod }} + {{- end }} + {{- if or .Values.artifactory.customSidecarContainers .Values.global.customSidecarContainers }} +{{ tpl (include "artifactory-ha.customSidecarContainers" .) . | indent 6 }} + {{- end }} + {{- with .Values.artifactory.node.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- if .Values.artifactory.node.affinity }} + {{- with .Values.artifactory.node.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + {{- else if eq .Values.artifactory.node.podAntiAffinity.type "soft" }} + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + topologyKey: {{ .Values.artifactory.node.podAntiAffinity.topologyKey }} + labelSelector: + matchLabels: + app: {{ template "artifactory-ha.name" . }} + release: {{ .Release.Name }} + {{- if eq .Values.artifactory.service.pool "members" }} + role: {{ template "artifactory-ha.node.name" . }} + {{- end }} + {{- else if eq .Values.artifactory.node.podAntiAffinity.type "hard" }} + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - topologyKey: {{ .Values.artifactory.node.podAntiAffinity.topologyKey }} + labelSelector: + matchLabels: + app: {{ template "artifactory-ha.name" . }} + release: {{ .Release.Name }} + {{- if eq .Values.artifactory.service.pool "members" }} + role: {{ template "artifactory-ha.node.name" . }} + {{- end }} + {{- end }} + {{- with .Values.artifactory.node.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} + volumes: + {{- if .Values.artifactory.binarystore.enabled }} + - name: binarystore-xml + secret: + {{- if .Values.artifactory.persistence.customBinarystoreXmlSecret }} + secretName: {{ .Values.artifactory.persistence.customBinarystoreXmlSecret }} + {{- else }} + secretName: {{ template "artifactory-ha.fullname" . }}-binarystore + {{- end }} + {{- end }} + {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} + - name: gcpcreds-json + secret: + {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.customSecretName }} + secretName: {{ .Values.artifactory.persistence.googleStorage.gcpServiceAccount.customSecretName }} + {{- else }} + secretName: {{ template "artifactory-ha.fullname" . }}-gcpcreds + {{- end }} + {{- end }} + {{- if or .Values.artifactory.license.secret .Values.artifactory.license.licenseKey }} + - name: artifactory-license + secret: + {{- if .Values.artifactory.license.secret }} + secretName: {{ .Values.artifactory.license.secret }} + {{- else if .Values.artifactory.license.licenseKey }} + secretName: {{ template "artifactory-ha.fullname" . }}-license + {{- end }} + {{- end }} +{{- if .Values.artifactory.migration.enabled }} + - name: migration-scripts + configMap: + name: {{ template "artifactory-ha.fullname" . }}-migration-scripts +{{- end }} + - name: installer-info + configMap: + name: {{ template "artifactory-ha.fullname" . }}-installer-info + {{- if .Values.artifactory.configMapName }} + - name: bootstrap-config + configMap: + name: {{ .Values.artifactory.configMapName }} + {{- end}} + {{- if or .Values.artifactory.loggers .Values.artifactory.catalinaLoggers }} + - name: tail-logger-script + configMap: + name: {{ template "artifactory-ha.fullname" . }}-logger + {{- end }} + {{- if .Values.artifactory.configMaps }} + - name: artifactory-configmaps + configMap: + name: {{ template "artifactory-ha.fullname" . }}-configmaps + {{- end }} + {{- if eq .Values.artifactory.persistence.type "file-system" }} + {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} + {{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }} + - name: artifactory-ha-data-{{ $sharedClaimNumber }} + persistentVolumeClaim: + claimName: {{ template "artifactory-ha.fullname" $ }}-data-pvc-{{ $sharedClaimNumber }} + {{- end }} + - name: artifactory-ha-backup + persistentVolumeClaim: + claimName: {{ template "artifactory-ha.fullname" $ }}-backup-pvc + {{- end }} + {{- end }} + {{- if eq .Values.artifactory.persistence.type "nfs" }} + - name: artifactory-ha-data + persistentVolumeClaim: + claimName: {{ template "artifactory-ha.fullname" . }}-data-pvc + - name: artifactory-ha-backup + persistentVolumeClaim: + claimName: {{ template "artifactory-ha.fullname" . }}-backup-pvc + {{- end }} + {{- if or .Values.systemYamlOverride.existingSecret .Values.artifactory.systemYaml }} + - name: systemyaml + secret: + secretName: {{ default (printf "%s-%s" (include "artifactory-ha.primary.name" .) "system-yaml") .Values.systemYamlOverride.existingSecret }} + {{- end }} + {{- if .Values.artifactory.customPersistentVolumeClaim }} + - name: {{ .Values.artifactory.customPersistentVolumeClaim.name }} + persistentVolumeClaim: + claimName: {{ .Values.artifactory.customPersistentVolumeClaim.name }} + {{- end }} + {{- if .Values.filebeat.enabled }} + - name: filebeat-config + configMap: + name: {{ template "artifactory-ha.fullname" . }}-filebeat-config + {{- end }} + {{- if or .Values.artifactory.customVolumes .Values.global.customVolumes }} +{{ tpl (include "artifactory-ha.customVolumes" .) . | indent 6 }} + {{- end }} + {{- if not .Values.artifactory.persistence.enabled }} + - name: volume + emptyDir: + sizeLimit: {{ .Values.artifactory.persistence.size }} + {{- end }} + volumeClaimTemplates: + {{- if .Values.artifactory.persistence.enabled }} + - metadata: + name: volume + {{- if not .Values.artifactory.node.persistence.existingClaim }} + spec: + {{- if .Values.artifactory.persistence.storageClassName }} + {{- if (eq "-" .Values.artifactory.persistence.storageClassName) }} + storageClassName: "" + {{- else }} + storageClassName: "{{ .Values.artifactory.persistence.storageClassName }}" + {{- end }} + {{- end }} + accessModes: [ "{{ .Values.artifactory.persistence.accessMode }}" ] + resources: + requests: + storage: {{ .Values.artifactory.persistence.size }} + {{- end }} + {{- end }} + {{- if .Values.artifactory.customPersistentPodVolumeClaim }} + - metadata: + name: {{ .Values.artifactory.customPersistentPodVolumeClaim.name }} + spec: + {{- if .Values.artifactory.customPersistentPodVolumeClaim.storageClassName }} + {{- if (eq "-" .Values.artifactory.customPersistentPodVolumeClaim.storageClassName) }} + storageClassName: "" + {{- else }} + storageClassName: "{{ .Values.artifactory.customPersistentPodVolumeClaim.storageClassName }}" + {{- end }} + {{- end }} + accessModes: + {{- range .Values.artifactory.customPersistentPodVolumeClaim.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.artifactory.customPersistentPodVolumeClaim.size }} + {{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-primary-pdb.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-primary-pdb.yaml new file mode 100644 index 000000000..cc4dfab65 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-primary-pdb.yaml @@ -0,0 +1,20 @@ +{{- if .Values.artifactory.primary.minAvailable -}} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: {{ template "artifactory-ha.fullname" . }}-primary + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + component: {{ .Values.artifactory.name }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + selector: + matchLabels: + component: {{ .Values.artifactory.name }} + app: {{ template "artifactory-ha.name" . }} + role: {{ template "artifactory-ha.primary.name" . }} + release: {{ .Release.Name }} + minAvailable: {{ .Values.artifactory.primary.minAvailable }} +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-primary-statefulset.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-primary-statefulset.yaml new file mode 100644 index 000000000..afe1d223d --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-primary-statefulset.yaml @@ -0,0 +1,862 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ template "artifactory-ha.primary.name" . }} + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + component: {{ .Values.artifactory.name }} + version: {{ include "artifactory-ha.app.version" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +{{- with .Values.artifactory.primary.labels }} +{{ toYaml . | indent 4 }} +{{- end }} +{{- if and .Release.IsUpgrade .Values.postgresql.enabled }} + databaseUpgradeReady: {{ required "\n\n*********\nIMPORTANT: UPGRADE STOPPED to prevent data loss!\nReview CHANGELOG.md (https://github.com/jfrog/charts/blob/master/stable/artifactory-ha/CHANGELOG.md) \nNote: This applies only when you are using bundled postgresql (postgresql.enabled=true) \nIf you are upgrading from a chart version (< 4.x) that has postgresql.image.tag of 9.x or 10.x, make sure to pass the current postgresql.image.tag and set databaseUpgradeReady=true \nOR \nIf you are upgrading from a chart version (>= 4.x), just set databaseUpgradeReady=true \n" .Values.databaseUpgradeReady | quote }} +{{- end }} +spec: + serviceName: {{ template "artifactory-ha.primary.name" . }} + replicas: {{ .Values.artifactory.primary.replicaCount }} + updateStrategy: + type: RollingUpdate + selector: + matchLabels: + app: {{ template "artifactory-ha.name" . }} + role: {{ template "artifactory-ha.primary.name" . }} + release: {{ .Release.Name }} + template: + metadata: + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + role: {{ template "artifactory-ha.primary.name" . }} + component: {{ .Values.artifactory.name }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + {{- with .Values.artifactory.primary.labels }} +{{ toYaml . | indent 8 }} + {{- end }} + annotations: + checksum/database-secrets: {{ include (print $.Template.BasePath "/artifactory-database-secrets.yaml") . | sha256sum }} + checksum/binarystore: {{ include (print $.Template.BasePath "/artifactory-binarystore-secret.yaml") . | sha256sum }} + checksum/systemyaml: {{ include (print $.Template.BasePath "/artifactory-system-yaml.yaml") . | sha256sum }} + {{- if .Values.access.accessConfig }} + checksum/access-config: {{ include (print $.Template.BasePath "/artifactory-access-config.yaml") . | sha256sum }} + {{- end }} + {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} + checksum/gcpcredentials: {{ include (print $.Template.BasePath "/artifactory-gcp-credentials-secret.yaml") . | sha256sum }} + {{- end }} + {{- if not (and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey) }} + checksum/admin-creds: {{ include (print $.Template.BasePath "/admin-bootstrap-creds.yaml") . | sha256sum }} + {{- end }} + {{- range $key, $value := .Values.artifactory.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + spec: + {{- if .Values.artifactory.priorityClass.existingPriorityClass }} + priorityClassName: {{ .Values.artifactory.priorityClass.existingPriorityClass }} + {{- else -}} + {{- if .Values.artifactory.priorityClass.create }} + priorityClassName: {{ default (include "artifactory-ha.fullname" .) .Values.artifactory.priorityClass.name }} + {{- end }} + {{- end }} + serviceAccountName: {{ template "artifactory-ha.serviceAccountName" . }} + terminationGracePeriodSeconds: {{ .Values.artifactory.terminationGracePeriodSeconds }} + {{- if or .Values.imagePullSecrets .Values.global.imagePullSecrets }} +{{- include "artifactory-ha.imagePullSecrets" . | indent 6 }} + {{- end }} + {{- if .Values.artifactory.setSecurityContext }} + securityContext: + runAsUser: {{ .Values.artifactory.uid }} + fsGroup: {{ .Values.artifactory.gid }} + {{- end }} + initContainers: + {{- if or .Values.artifactory.customInitContainersBegin .Values.global.customInitContainersBegin }} +{{ tpl (include "artifactory-ha.customInitContainersBegin" .) . | indent 6 }} + {{- end }} + {{- if .Values.artifactory.persistence.enabled }} + {{- if eq .Values.artifactory.persistence.type "file-system" }} + {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} + - name: "create-artifactory-data-dir" + image: "{{ .Values.initContainerImage }}" + imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} + resources: +{{ toYaml .Values.initContainers.resources | indent 10 }} + command: + - 'sh' + - '-c' + - > + mkdir -p {{ tpl .Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir . }}; + volumeMounts: + - mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} + name: volume + {{- end }} + {{- end }} + {{- if .Values.artifactory.deleteDBPropertiesOnStartup }} + - name: "delete-db-properties" + image: "{{ .Values.initContainerImage }}" + imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} + resources: +{{ toYaml .Values.initContainers.resources | indent 10 }} + command: + - 'sh' + - '-c' + - 'rm -fv {{ .Values.artifactory.persistence.mountPath }}/etc/db.properties' + volumeMounts: + - mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} + name: volume + {{- end }} + - name: "remove-lost-found" + image: "{{ .Values.initContainerImage }}" + imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} + resources: +{{ toYaml .Values.initContainers.resources | indent 10 }} + command: + - 'sh' + - '-c' + - > + rm -rfv {{ .Values.artifactory.persistence.mountPath }}/lost+found; + rm -rfv {{ tpl .Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir . }}/lost+found; + rm -rfv {{ .Values.artifactory.persistence.fileSystem.existingSharedClaim.backupDir }}/lost+found; + volumeMounts: + - name: volume + mountPath: "{{ .Values.artifactory.persistence.mountPath }}" + {{- if eq .Values.artifactory.persistence.type "file-system" }} + {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} + {{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }} + - name: artifactory-ha-data-{{ $sharedClaimNumber }} + mountPath: "{{ tpl $.Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir $ }}/filestore{{ $sharedClaimNumber }}" + {{- end }} + - name: artifactory-ha-backup + mountPath: "{{ $.Values.artifactory.persistence.fileSystem.existingSharedClaim.backupDir }}" + {{- end }} + {{- end }} + {{- if or (and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey) .Values.artifactory.admin.password }} + - name: "access-bootstrap-creds" + image: "{{ .Values.initContainerImage }}" + imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} + resources: +{{ toYaml .Values.initContainers.resources | indent 10 }} + command: + - 'sh' + - '-c' + - > + echo "Preparing {{ .Values.artifactory.persistence.mountPath }}/etc/access/bootstrap.creds"; + mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/access; + cp -Lrf /tmp/access/bootstrap.creds {{ .Values.artifactory.persistence.mountPath }}/etc/access/bootstrap.creds; + chmod 600 {{ .Values.artifactory.persistence.mountPath }}/etc/access/bootstrap.creds; + volumeMounts: + - name: volume + mountPath: "{{ .Values.artifactory.persistence.mountPath }}" + - name: access-bootstrap-creds + mountPath: "/tmp/access/bootstrap.creds" + {{- if and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey }} + subPath: {{ .Values.artifactory.admin.dataKey }} + {{- else }} + subPath: bootstrap.creds + {{- end }} + {{- end }} + {{- end }} + - name: 'copy-system-yaml' + image: '{{ .Values.initContainerImage }}' + resources: +{{ toYaml .Values.initContainers.resources | indent 10 }} + command: + - '/bin/sh' + - '-c' + - > + echo "Copy system.yaml to {{ .Values.artifactory.persistence.mountPath }}/etc"; + mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc; + mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/access/keys/trusted; + {{- if .Values.systemYamlOverride.existingSecret }} + cp -fv /tmp/etc/{{ .Values.systemYamlOverride.dataKey }} {{ .Values.artifactory.persistence.mountPath }}/etc/system.yaml; + {{- else }} + cp -fv /tmp/etc/system.yaml {{ .Values.artifactory.persistence.mountPath }}/etc/system.yaml; + {{- end }} + echo "Remove {{ .Values.artifactory.persistence.mountPath }}/lost+found folder if exists"; + rm -rfv {{ .Values.artifactory.persistence.mountPath }}/lost+found; + {{- if .Values.access.accessConfig }} + echo "Copy access.config.patch.yml to {{ .Values.artifactory.persistence.mountPath }}/etc/access"; + mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/access; + cp -fv /tmp/etc/access.config.patch.yml {{ .Values.artifactory.persistence.mountPath }}/etc/access/access.config.patch.yml; + {{- end }} + {{- if .Values.access.resetAccessCAKeys }} + echo "Resetting Access CA Keys"; + mkdir -p {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys; + touch {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys/reset_ca_keys; + {{- end }} + {{- if .Values.access.customCertificatesSecretName }} + echo "Copying custom certificates to {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys"; + mkdir -p {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys; + cp -fv /tmp/etc/tls.crt {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys/ca.crt; + cp -fv /tmp/etc/tls.key {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys/ca.private.key; + {{- end }} + {{- if or .Values.artifactory.joinKey .Values.global.joinKey .Values.artifactory.joinKeySecretName .Values.global.joinKeySecretName }} + echo "Copy joinKey to {{ .Values.artifactory.persistence.mountPath }}/bootstrap/access/etc/security"; + mkdir -p {{ .Values.artifactory.persistence.mountPath }}/bootstrap/access/etc/security; + echo -n ${ARTIFACTORY_JOIN_KEY} > {{ .Values.artifactory.persistence.mountPath }}/bootstrap/access/etc/security/join.key; + {{- end }} + {{- if or .Values.artifactory.masterKey .Values.global.masterKey .Values.artifactory.masterKeySecretName .Values.global.masterKeySecretName }} + echo "Copy masterKey to {{ .Values.artifactory.persistence.mountPath }}/etc/security"; + mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/security; + echo -n ${ARTIFACTORY_MASTER_KEY} > {{ .Values.artifactory.persistence.mountPath }}/etc/security/master.key; + {{- end }} + env: + {{- if or .Values.artifactory.joinKey .Values.global.joinKey .Values.artifactory.joinKeySecretName .Values.global.joinKeySecretName }} + - name: ARTIFACTORY_JOIN_KEY + valueFrom: + secretKeyRef: + name: {{ include "artifactory-ha.joinKeySecretName" . }} + key: join-key + {{- end }} + {{- if or .Values.artifactory.masterKey .Values.global.masterKey .Values.artifactory.masterKeySecretName .Values.global.masterKeySecretName }} + - name: ARTIFACTORY_MASTER_KEY + valueFrom: + secretKeyRef: + name: {{ include "artifactory-ha.masterKeySecretName" . }} + key: master-key + {{- end }} + volumeMounts: + - name: volume + mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} + {{- if or .Values.systemYamlOverride.existingSecret .Values.artifactory.systemYaml }} + - name: systemyaml + {{- if .Values.systemYamlOverride.existingSecret }} + mountPath: "/tmp/etc/{{.Values.systemYamlOverride.dataKey}}" + subPath: {{ .Values.systemYamlOverride.dataKey }} + {{- else if .Values.artifactory.systemYaml }} + mountPath: "/tmp/etc/system.yaml" + subPath: system.yaml + {{- end }} + {{- end }} + {{- if .Values.access.accessConfig }} + - name: access-config + mountPath: "/tmp/etc/access.config.patch.yml" + subPath: access.config.patch.yml + {{- end }} + {{- if .Values.access.customCertificatesSecretName }} + - name: access-certs + mountPath: "/tmp/etc/tls.crt" + subPath: tls.crt + - name: access-certs + mountPath: "/tmp/etc/tls.key" + subPath: tls.key + {{- end }} + {{- if and .Values.artifactory.customPersistentPodVolumeClaim (not .Values.artifactory.customPersistentPodVolumeClaim.skipPrepareContainer) }} + - name: "prepare-custom-persistent-volume" + image: "{{ .Values.initContainerImage }}" + resources: +{{ toYaml .Values.initContainers.resources | indent 10 }} + command: + - 'sh' + - '-c' + - > + chown -Rv {{ .Values.artifactory.uid }}:{{ .Values.artifactory.gid }} {{ .Values.artifactory.customPersistentPodVolumeClaim.mountPath }} + securityContext: + capabilities: + add: + - CHOWN + resources: +{{ toYaml .Values.initContainers.resources | indent 10 }} + volumeMounts: + - name: {{ .Values.artifactory.customPersistentPodVolumeClaim.name }} + mountPath: {{ .Values.artifactory.customPersistentPodVolumeClaim.mountPath }} + {{- end }} + {{- if .Values.waitForDatabase }} + {{- if or .Values.postgresql.enabled }} + - name: "wait-for-db" + image: "{{ .Values.initContainerImage }}" + command: + - 'sh' + - '-c' + - > + until nc -z -w 2 {{ .Release.Name }}-postgresql {{ .Values.postgresql.service.port }} && echo database ok; do + sleep 2; + done; + resources: +{{ toYaml .Values.initContainers.resources | indent 10 }} + {{- end }} + {{- end }} + {{- if or .Values.artifactory.customInitContainers .Values.global.customInitContainers }} +{{ tpl (include "artifactory-ha.customInitContainers" .) . | indent 6 }} + {{- end }} +{{- if .Values.artifactory.migration.enabled }} + - name: 'migration-artifactory-ha' + image: {{ include "artifactory-ha.getImageInfoByValue" (list . "artifactory") }} + imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} + resources: +{{ toYaml .Values.artifactory.primary.resources | indent 10 }} + securityContext: + allowPrivilegeEscalation: false + command: + - '/bin/bash' + - '-c' + - > + {{- if .Values.artifactory.migration.preStartCommand }} + echo "Running custom preStartCommand command"; + {{ tpl .Values.artifactory.migration.preStartCommand . }}; + {{- end }} + scriptsPath="/opt/jfrog/artifactory/app/bin"; + mkdir -p $scriptsPath; + echo "Copy migration scripts and Run migration"; + cp -fv /tmp/migrate.sh $scriptsPath/migrate.sh; + cp -fv /tmp/migrationHelmInfo.yaml $scriptsPath/migrationHelmInfo.yaml; + cp -fv /tmp/migrationStatus.sh $scriptsPath/migrationStatus.sh; + mkdir -p {{ .Values.artifactory.persistence.mountPath }}/log; + bash $scriptsPath/migrationStatus.sh {{ include "artifactory-ha.app.version" . }} {{ .Values.artifactory.migration.timeoutSeconds }} > >(tee {{ .Values.artifactory.persistence.mountPath }}/log/helm-migration.log) 2>&1; + env: + {{- if and (not .Values.waitForDatabase) (not .Values.postgresql.enabled) }} + - name: SKIP_WAIT_FOR_EXTERNAL_DB + value: "true" + {{- end }} + {{- if or .Values.database.secrets.user .Values.database.user }} + - name: JF_SHARED_DATABASE_USERNAME + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.user }} + name: {{ tpl .Values.database.secrets.user.name . }} + key: {{ tpl .Values.database.secrets.user.key . }} + {{- else if .Values.database.user }} + name: {{ template "artifactory-ha.fullname" . }}-database-creds + key: db-user + {{- end }} + {{- end }} + {{ if or .Values.database.secrets.password .Values.database.password .Values.postgresql.enabled }} + - name: JF_SHARED_DATABASE_PASSWORD + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.password }} + name: {{ tpl .Values.database.secrets.password.name . }} + key: {{ tpl .Values.database.secrets.password.key . }} + {{- else if .Values.database.password }} + name: {{ template "artifactory-ha.fullname" . }}-database-creds + key: db-password + {{- else if .Values.postgresql.enabled }} + name: {{ .Release.Name }}-postgresql + key: postgresql-password + {{- end }} + {{- end }} + {{- if or .Values.database.secrets.url .Values.database.url }} + - name: JF_SHARED_DATABASE_URL + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.url }} + name: {{ tpl .Values.database.secrets.url.name . }} + key: {{ tpl .Values.database.secrets.url.key . }} + {{- else if .Values.database.url }} + name: {{ template "artifactory-ha.fullname" . }}-database-creds + key: db-url + {{- end }} + {{- end }} + - name: JF_SHARED_NODE_PRIMARY + value: "true" + - name: JF_SHARED_NODE_HAENABLED + value: "true" +{{- with .Values.artifactory.extraEnvironmentVariables }} +{{ tpl (toYaml .) $ | indent 8 }} +{{- end }} + volumeMounts: + - name: migration-scripts + mountPath: "/tmp/migrate.sh" + subPath: migrate.sh + - name: migration-scripts + mountPath: "/tmp/migrationHelmInfo.yaml" + subPath: migrationHelmInfo.yaml + - name: migration-scripts + mountPath: "/tmp/migrationStatus.sh" + subPath: migrationStatus.sh + - name: volume + mountPath: "{{ .Values.artifactory.persistence.mountPath }}" + {{- if eq .Values.artifactory.persistence.type "file-system" }} + {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} + {{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }} + - name: artifactory-ha-data-{{ $sharedClaimNumber }} + mountPath: "{{ tpl $.Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir $ }}/filestore{{ $sharedClaimNumber }}" + {{- end }} + - name: artifactory-ha-backup + mountPath: "{{ $.Values.artifactory.persistence.fileSystem.existingSharedClaim.backupDir }}" + {{- end }} + {{- end }} + {{- if or .Values.artifactory.customVolumeMounts .Values.global.customVolumeMounts }} +{{ tpl (include "artifactory-ha.customVolumeMounts" .) . | indent 8 }} + {{- end }} + {{- if eq .Values.artifactory.persistence.type "nfs" }} + - name: artifactory-ha-data + mountPath: "{{ .Values.artifactory.persistence.nfs.dataDir }}" + - name: artifactory-ha-backup + mountPath: "{{ .Values.artifactory.persistence.nfs.backupDir }}" + {{- else }} + {{- if .Values.artifactory.binarystore.enabled }} + - name: binarystore-xml + mountPath: "/artifactory_bootstrap/binarystore.xml" + subPath: binarystore.xml + {{- end }} + {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} + - name: gcpcreds-json + mountPath: "/artifactory_bootstrap/gcp.credentials.json" + subPath: gcp.credentials.json + {{- end }} + {{- end }} +{{- end }} + containers: + - name: {{ .Values.artifactory.name }} + image: {{ include "artifactory-ha.getImageInfoByValue" (list . "artifactory") }} + imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} + securityContext: + allowPrivilegeEscalation: false + command: + - '/bin/bash' + - '-c' + - > + set -e; + if [ -d /artifactory_extra_conf ] && [ -d /artifactory_bootstrap ]; then + echo "Copying bootstrap config from /artifactory_extra_conf to /artifactory_bootstrap"; + cp -Lrfv /artifactory_extra_conf/ /artifactory_bootstrap/; + fi; + {{- if .Values.artifactory.configMapName }} + echo "Copying bootstrap configs"; + cp -Lrf /bootstrap/* /artifactory_bootstrap/; + {{- end }} + {{- if .Values.artifactory.userPluginSecrets }} + echo "Copying plugins"; + cp -Lrf /tmp/plugin/*/* /artifactory_bootstrap/plugins; + {{- end }} + {{- range .Values.artifactory.copyOnEveryStartup }} + {{- $targetPath := printf "%s/%s" $.Values.artifactory.persistence.mountPath .target }} + {{- $baseDirectory := regexFind ".*/" $targetPath }} + mkdir -p {{ $baseDirectory }}; + cp -Lrf {{ .source }} {{ $.Values.artifactory.persistence.mountPath }}/{{ .target }}; + {{- end }} + {{- with .Values.artifactory.preStartCommand }} + echo "Running custom preStartCommand command"; + {{ tpl . $ }}; + {{- end }} + {{- with .Values.artifactory.primary.preStartCommand }} + echo "Running primary specific custom preStartCommand command"; + {{ tpl . $ }}; + {{- end }} + exec /entrypoint-artifactory.sh + {{- with .Values.artifactory.postStartCommand }} + lifecycle: + postStart: + exec: + command: + - '/bin/bash' + - '-c' + - > + echo "Running custom postStartCommand command"; + {{ tpl . $ }}; + {{- end }} + env: + {{- if and (not .Values.waitForDatabase) (not .Values.postgresql.enabled) }} + - name: SKIP_WAIT_FOR_EXTERNAL_DB + value: "true" + {{- end }} + {{- if or .Values.database.secrets.user .Values.database.user }} + - name: JF_SHARED_DATABASE_USERNAME + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.user }} + name: {{ tpl .Values.database.secrets.user.name . }} + key: {{ tpl .Values.database.secrets.user.key . }} + {{- else if .Values.database.user }} + name: {{ template "artifactory-ha.fullname" . }}-database-creds + key: db-user + {{- end }} + {{- end }} + {{ if or .Values.database.secrets.password .Values.database.password .Values.postgresql.enabled }} + - name: JF_SHARED_DATABASE_PASSWORD + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.password }} + name: {{ tpl .Values.database.secrets.password.name . }} + key: {{ tpl .Values.database.secrets.password.key . }} + {{- else if .Values.database.password }} + name: {{ template "artifactory-ha.fullname" . }}-database-creds + key: db-password + {{- else if .Values.postgresql.enabled }} + name: {{ .Release.Name }}-postgresql + key: postgresql-password + {{- end }} + {{- end }} + {{- if or .Values.database.secrets.url .Values.database.url }} + - name: JF_SHARED_DATABASE_URL + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.url }} + name: {{ tpl .Values.database.secrets.url.name . }} + key: {{ tpl .Values.database.secrets.url.key . }} + {{- else if .Values.database.url }} + name: {{ template "artifactory-ha.fullname" . }}-database-creds + key: db-url + {{- end }} + {{- end }} + - name: JF_SHARED_NODE_PRIMARY + value: "true" + - name: JF_SHARED_NODE_HAENABLED + value: "true" +{{- with .Values.artifactory.extraEnvironmentVariables }} +{{ tpl (toYaml .) $ | indent 8 }} +{{- end }} + ports: + - containerPort: {{ .Values.artifactory.internalPort }} + name: http + - containerPort: {{ .Values.artifactory.internalArtifactoryPort }} + name: http-internal + {{- if .Values.artifactory.primary.javaOpts.jmx.enabled }} + - containerPort: {{ .Values.artifactory.primary.javaOpts.jmx.port }} + name: tcp-jmx + {{- end }} + {{- if .Values.artifactory.ssh.enabled }} + - containerPort: {{ .Values.artifactory.ssh.internalPort }} + name: tcp-ssh + {{- end }} + volumeMounts: + {{- if .Values.artifactory.customPersistentVolumeClaim }} + - name: {{ .Values.artifactory.customPersistentVolumeClaim.name }} + mountPath: {{ .Values.artifactory.customPersistentVolumeClaim.mountPath }} + {{- end }} + {{- if .Values.artifactory.customPersistentPodVolumeClaim }} + - name: {{ .Values.artifactory.customPersistentPodVolumeClaim.name }} + mountPath: {{ .Values.artifactory.customPersistentPodVolumeClaim.mountPath }} + {{- end }} + {{- if .Values.artifactory.userPluginSecrets }} + - name: bootstrap-plugins + mountPath: "/artifactory_bootstrap/plugins/" + {{- range .Values.artifactory.userPluginSecrets }} + - name: {{ tpl . $ }} + mountPath: "/tmp/plugin/{{ tpl . $ }}" + {{- end }} + {{- end }} + - name: volume + mountPath: "{{ .Values.artifactory.persistence.mountPath }}" + {{- if eq .Values.artifactory.persistence.type "file-system" }} + {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} + {{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }} + - name: artifactory-ha-data-{{ $sharedClaimNumber }} + mountPath: "{{ tpl $.Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir $ }}/filestore{{ $sharedClaimNumber }}" + {{- end }} + - name: artifactory-ha-backup + mountPath: "{{ $.Values.artifactory.persistence.fileSystem.existingSharedClaim.backupDir }}" + {{- end }} + {{- end }} + {{- if eq .Values.artifactory.persistence.type "nfs" }} + - name: artifactory-ha-data + mountPath: "{{ .Values.artifactory.persistence.nfs.dataDir }}" + - name: artifactory-ha-backup + mountPath: "{{ .Values.artifactory.persistence.nfs.backupDir }}" + {{- else }} + {{- if .Values.artifactory.binarystore.enabled }} + - name: binarystore-xml + mountPath: "/artifactory_bootstrap/binarystore.xml" + subPath: binarystore.xml + {{- end }} + {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} + - name: gcpcreds-json + mountPath: "/artifactory_bootstrap/gcp.credentials.json" + subPath: gcp.credentials.json + {{- end }} + {{- end }} + {{- if .Values.artifactory.configMapName }} + - name: bootstrap-config + mountPath: "/bootstrap/" + {{- end }} + {{- if or .Values.artifactory.license.secret .Values.artifactory.license.licenseKey }} + - name: artifactory-license + mountPath: "/artifactory_bootstrap/artifactory.cluster.license" + {{- if .Values.artifactory.license.secret }} + subPath: {{ .Values.artifactory.license.dataKey }} + {{- else if .Values.artifactory.license.licenseKey }} + subPath: artifactory.lic + {{- end }} + {{- end }} + - name: installer-info + mountPath: "/artifactory_bootstrap/info/installer-info.json" + subPath: installer-info.json + {{- if or .Values.artifactory.customVolumeMounts .Values.global.customVolumeMounts }} +{{ tpl (include "artifactory-ha.customVolumeMounts" .) . | indent 8 }} + {{- end }} + resources: +{{ toYaml .Values.artifactory.primary.resources | indent 10 }} + {{- if .Values.artifactory.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.artifactory.readinessProbe.path }} + scheme: {{ include "artifactory-ha.scheme" . | upper }} + port: {{ .Values.artifactory.internalPort }} + initialDelaySeconds: {{ .Values.artifactory.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.artifactory.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.artifactory.readinessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.artifactory.readinessProbe.failureThreshold }} + successThreshold: {{ .Values.artifactory.readinessProbe.successThreshold }} + {{- end }} + {{- if .Values.artifactory.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.artifactory.livenessProbe.path }} + scheme: {{ include "artifactory-ha.scheme" . | upper }} + port: {{ .Values.artifactory.internalPort }} + initialDelaySeconds: {{ .Values.artifactory.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.artifactory.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.artifactory.livenessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.artifactory.livenessProbe.failureThreshold }} + successThreshold: {{ .Values.artifactory.livenessProbe.successThreshold }} + {{- end }} + {{- $mountPath := .Values.artifactory.persistence.mountPath }} + {{- range .Values.artifactory.loggers }} + - name: {{ . | replace "_" "-" | replace "." "-" }} + image: {{ include "artifactory-ha.getImageInfoByValue" (list $ "logger") }} + command: + - 'sh' + - '-c' + - 'sh /scripts/tail-log.sh {{ $mountPath }}/log {{ . }}' + volumeMounts: + - name: volume + mountPath: {{ $mountPath }} + - name: tail-logger-script + mountPath: /scripts/tail-log.sh + subPath: tail-log.sh + resources: +{{ toYaml $.Values.artifactory.loggersResources | indent 10 }} + {{- end }} + {{ if .Values.artifactory.catalinaLoggers }} + {{- range .Values.artifactory.catalinaLoggers }} + - name: {{ . | replace "_" "-" | replace "." "-" }} + image: {{ include "artifactory-ha.getImageInfoByValue" (list $ "logger") }} + command: + - 'sh' + - '-c' + - 'sh /scripts/tail-log.sh {{ $mountPath }}/log/tomcat {{ . }}' + volumeMounts: + - name: volume + mountPath: {{ $mountPath }} + - name: tail-logger-script + mountPath: /scripts/tail-log.sh + subPath: tail-log.sh + resources: +{{ toYaml $.Values.artifactory.catalinaLoggersResources | indent 10 }} + {{- end }} + {{- end }} + {{- if .Values.filebeat.enabled }} + - name: {{ .Values.filebeat.name }} + image: "{{ .Values.filebeat.image.repository }}:{{ .Values.filebeat.image.version }}" + imagePullPolicy: {{ .Values.filebeat.image.pullPolicy }} + args: + - "-e" + - "-E" + - "http.enabled=true" + securityContext: + runAsUser: 0 + volumeMounts: + - name: filebeat-config + mountPath: /usr/share/filebeat/filebeat.yml + readOnly: true + subPath: filebeat.yml + - name: volume + mountPath: "{{ .Values.artifactory.persistence.mountPath }}" + livenessProbe: +{{ toYaml .Values.filebeat.livenessProbe | indent 10 }} + readinessProbe: +{{ toYaml .Values.filebeat.readinessProbe | indent 10 }} + resources: +{{ toYaml .Values.filebeat.resources | indent 10 }} + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriod }} + {{- end }} + {{- if or .Values.artifactory.customSidecarContainers .Values.global.customSidecarContainers }} +{{ tpl (include "artifactory-ha.customSidecarContainers" .) . | indent 6 }} + {{- end }} + {{- with .Values.artifactory.primary.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- if .Values.artifactory.primary.affinity }} + {{- with .Values.artifactory.primary.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + {{- else if eq .Values.artifactory.primary.podAntiAffinity.type "soft" }} + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + topologyKey: {{ .Values.artifactory.primary.podAntiAffinity.topologyKey }} + labelSelector: + matchLabels: + app: {{ template "artifactory-ha.name" . }} + release: {{ .Release.Name }} + {{- else if eq .Values.artifactory.primary.podAntiAffinity.type "hard" }} + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - topologyKey: {{ .Values.artifactory.primary.podAntiAffinity.topologyKey }} + labelSelector: + matchLabels: + app: {{ template "artifactory-ha.name" . }} + release: {{ .Release.Name }} + {{- end }} + {{- with .Values.artifactory.primary.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} + volumes: + {{- if .Values.artifactory.binarystore.enabled }} + - name: binarystore-xml + secret: + {{- if .Values.artifactory.persistence.customBinarystoreXmlSecret }} + secretName: {{ .Values.artifactory.persistence.customBinarystoreXmlSecret }} + {{- else }} + secretName: {{ template "artifactory-ha.fullname" . }}-binarystore + {{- end }} + {{- end }} + {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} + - name: gcpcreds-json + secret: + {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.customSecretName }} + secretName: {{ .Values.artifactory.persistence.googleStorage.gcpServiceAccount.customSecretName }} + {{- else }} + secretName: {{ template "artifactory-ha.fullname" . }}-gcpcreds + {{- end }} + {{- end }} + {{- if or .Values.artifactory.license.secret .Values.artifactory.license.licenseKey }} + - name: artifactory-license + secret: + {{- if .Values.artifactory.license.secret }} + secretName: {{ .Values.artifactory.license.secret }} + {{- else if .Values.artifactory.license.licenseKey }} + secretName: {{ template "artifactory-ha.fullname" . }}-license + {{- end }} + {{- end }} +{{- if .Values.artifactory.migration.enabled }} + - name: migration-scripts + configMap: + name: {{ template "artifactory-ha.fullname" . }}-migration-scripts +{{- end }} + - name: installer-info + configMap: + name: {{ template "artifactory-ha.fullname" . }}-installer-info + {{- if .Values.artifactory.userPluginSecrets }} + - name: bootstrap-plugins + emptyDir: {} + {{- range .Values.artifactory.userPluginSecrets }} + - name: {{ tpl . $ }} + secret: + secretName: {{ tpl . $ }} + {{- end }} + {{- end }} + {{- if .Values.artifactory.configMapName }} + - name: bootstrap-config + configMap: + name: {{ .Values.artifactory.configMapName }} + {{- end}} + {{- if or .Values.artifactory.loggers .Values.artifactory.catalinaLoggers }} + - name: tail-logger-script + configMap: + name: {{ template "artifactory-ha.fullname" . }}-logger + {{- end }} + {{- if .Values.artifactory.configMaps }} + - name: artifactory-configmaps + configMap: + name: {{ template "artifactory-ha.fullname" . }}-configmaps + {{- end }} + {{- if or (and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey) .Values.artifactory.admin.password }} + - name: access-bootstrap-creds + secret: + {{- if and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey }} + secretName: {{ .Values.artifactory.admin.secret }} + {{- else }} + secretName: {{ template "artifactory-ha.fullname" . }}-bootstrap-creds + {{- end }} + {{- end }} + {{- if eq .Values.artifactory.persistence.type "file-system" }} + {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} + {{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }} + - name: artifactory-ha-data-{{ $sharedClaimNumber }} + persistentVolumeClaim: + claimName: {{ template "artifactory-ha.fullname" $ }}-data-pvc-{{ $sharedClaimNumber }} + {{- end }} + - name: artifactory-ha-backup + persistentVolumeClaim: + claimName: {{ template "artifactory-ha.fullname" $ }}-backup-pvc + {{- end }} + {{- end }} + {{- if eq .Values.artifactory.persistence.type "nfs" }} + - name: artifactory-ha-data + persistentVolumeClaim: + claimName: {{ template "artifactory-ha.fullname" . }}-data-pvc + - name: artifactory-ha-backup + persistentVolumeClaim: + claimName: {{ template "artifactory-ha.fullname" . }}-backup-pvc + {{- end }} + {{- if or .Values.systemYamlOverride.existingSecret .Values.artifactory.systemYaml }} + - name: systemyaml + secret: + secretName: {{ default (printf "%s-%s" (include "artifactory-ha.primary.name" .) "system-yaml") .Values.systemYamlOverride.existingSecret }} + {{- end }} + {{- if .Values.access.accessConfig }} + - name: access-config + secret: + secretName: {{ template "artifactory-ha.fullname" . }}-access-config + {{- end }} + {{- if .Values.access.customCertificatesSecretName }} + - name: access-certs + secret: + secretName: {{ .Values.access.customCertificatesSecretName }} + {{- end }} + {{- if .Values.artifactory.customPersistentVolumeClaim }} + - name: {{ .Values.artifactory.customPersistentVolumeClaim.name }} + persistentVolumeClaim: + claimName: {{ .Values.artifactory.customPersistentVolumeClaim.name }} + {{- end }} + {{- if .Values.filebeat.enabled }} + - name: filebeat-config + configMap: + name: {{ template "artifactory-ha.fullname" . }}-filebeat-config + {{- end }} + {{- if or .Values.artifactory.customVolumes .Values.global.customVolumes }} +{{ tpl (include "artifactory-ha.customVolumes" .) . | indent 6 }} + {{- end }} + {{- if not .Values.artifactory.persistence.enabled }} + - name: volume + emptyDir: + sizeLimit: {{ .Values.artifactory.persistence.size }} + {{- end }} + volumeClaimTemplates: + {{- if .Values.artifactory.persistence.enabled }} + - metadata: + name: volume + {{- if not .Values.artifactory.primary.persistence.existingClaim }} + spec: + {{- if .Values.artifactory.persistence.storageClassName }} + {{- if (eq "-" .Values.artifactory.persistence.storageClassName) }} + storageClassName: "" + {{- else }} + storageClassName: "{{ .Values.artifactory.persistence.storageClassName }}" + {{- end }} + {{- end }} + accessModes: [ "{{ .Values.artifactory.persistence.accessMode }}" ] + resources: + requests: + storage: {{ .Values.artifactory.persistence.size }} + {{- end }} + {{- end }} + {{- if .Values.artifactory.customPersistentPodVolumeClaim }} + - metadata: + name: {{ .Values.artifactory.customPersistentPodVolumeClaim.name }} + spec: + {{- if .Values.artifactory.customPersistentPodVolumeClaim.storageClassName }} + {{- if (eq "-" .Values.artifactory.customPersistentPodVolumeClaim.storageClassName) }} + storageClassName: "" + {{- else }} + storageClassName: "{{ .Values.artifactory.customPersistentPodVolumeClaim.storageClassName }}" + {{- end }} + {{- end }} + accessModes: + {{- range .Values.artifactory.customPersistentPodVolumeClaim.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.artifactory.customPersistentPodVolumeClaim.size }} + {{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-priority-class.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-priority-class.yaml new file mode 100644 index 000000000..417ec5c06 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-priority-class.yaml @@ -0,0 +1,9 @@ +{{- if .Values.artifactory.priorityClass.create }} +apiVersion: scheduling.k8s.io/v1 +kind: PriorityClass +metadata: + name: {{ default (include "artifactory-ha.fullname" .) .Values.artifactory.priorityClass.name }} +value: {{ .Values.artifactory.priorityClass.value }} +globalDefault: false +description: "Artifactory priority class" +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-role.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-role.yaml new file mode 100644 index 000000000..c86bffddd --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-role.yaml @@ -0,0 +1,14 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + component: {{ .Values.artifactory.name }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + name: {{ template "artifactory-ha.fullname" . }} +rules: +{{ toYaml .Values.rbac.role.rules }} +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-rolebinding.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-rolebinding.yaml new file mode 100644 index 000000000..4412870b1 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-rolebinding.yaml @@ -0,0 +1,19 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + component: {{ .Values.artifactory.name }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + name: {{ template "artifactory-ha.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ template "artifactory-ha.serviceAccountName" . }} +roleRef: + kind: Role + apiGroup: rbac.authorization.k8s.io + name: {{ template "artifactory-ha.fullname" . }} +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-secrets.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-secrets.yaml new file mode 100644 index 000000000..5870428ca --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-secrets.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "artifactory-ha.fullname" . }} + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +type: Opaque +data: + {{- if or .Values.artifactory.masterKey .Values.global.masterKey }} + {{- if not (or .Values.artifactory.masterKeySecretName .Values.global.masterKeySecretName) }} + master-key: {{ include "artifactory-ha.masterKey" . | b64enc | quote }} + {{- end }} + {{- end }} + {{- if or .Values.artifactory.joinKey .Values.global.joinKey }} + {{- if not (or .Values.artifactory.joinKeySecretName .Values.global.joinKeySecretName) }} + join-key: {{ include "artifactory-ha.joinKey" . | b64enc | quote }} + {{- end }} + {{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-service.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-service.yaml new file mode 100644 index 000000000..baacb970f --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-service.yaml @@ -0,0 +1,109 @@ +# Service for all Artifactory cluster nodes. +apiVersion: v1 +kind: Service +metadata: + name: {{ template "artifactory-ha.fullname" . }} + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + component: {{ .Values.artifactory.name }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + {{- with .Values.artifactory.node.labels }} +{{ toYaml .| indent 4 }} + {{- end }} +{{- if .Values.artifactory.service.annotations }} + annotations: +{{ toYaml .Values.artifactory.service.annotations | indent 4 }} +{{- end }} +spec: + type: {{ .Values.artifactory.service.type }} + {{- if and (eq .Values.artifactory.service.type "ClusterIP") .Values.artifactory.service.clusterIP }} + clusterIP: {{ .Values.artifactory.service.clusterIP }} + {{- end }} + {{- if .Values.artifactory.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: +{{ toYaml .Values.artifactory.service.loadBalancerSourceRanges | indent 4 }} + {{- end }} + ports: + - port: {{ .Values.artifactory.externalPort }} + targetPort: {{ .Values.artifactory.internalPort }} + protocol: TCP + name: http-router + {{- if .Values.artifactory.ssh.enabled }} + - port: {{ .Values.artifactory.ssh.externalPort }} + targetPort: {{ .Values.artifactory.ssh.internalPort }} + protocol: TCP + name: tcp-ssh + {{- end }} + - port: {{ .Values.artifactory.externalArtifactoryPort }} + targetPort: {{ .Values.artifactory.internalArtifactoryPort }} + protocol: TCP + name: http-artifactory + {{- with .Values.artifactory.node.javaOpts.jmx }} + {{- if .enabled }} + - port: {{ .port }} + targetPort: {{ .port }} + protocol: TCP + name: tcp-jmx + {{- end }} + {{- end }} + selector: +{{- if eq (int .Values.artifactory.node.replicaCount) 0 }} + role: {{ template "artifactory-ha.primary.name" . }} +{{- else if eq .Values.artifactory.service.pool "members" }} + role: {{ template "artifactory-ha.node.name" . }} +{{- end }} + app: {{ template "artifactory-ha.name" . }} + component: "{{ .Values.artifactory.name }}" + release: {{ .Release.Name }} +--- +# Internal service for Artifactory primary node only! +# Used by member nodes to check readiness of primary node before starting up +apiVersion: v1 +kind: Service +metadata: + name: {{ template "artifactory-ha.primary.name" . }} + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + component: {{ .Values.artifactory.name }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + {{- with .Values.artifactory.primary.labels }} +{{ toYaml . | indent 4 }} + {{- end }} +spec: + # Statically setting service type to ClusterIP since this is an internal only service + type: ClusterIP + {{- if and (eq .Values.artifactory.service.type "ClusterIP") .Values.artifactory.service.clusterIP }} + clusterIP: {{ .Values.artifactory.service.clusterIP }} + {{- end }} + ports: + - port: {{ .Values.artifactory.externalPort }} + targetPort: {{ .Values.artifactory.internalPort }} + protocol: TCP + name: http-router + - port: {{ .Values.artifactory.externalArtifactoryPort }} + targetPort: {{ .Values.artifactory.internalArtifactoryPort }} + protocol: TCP + name: http-artifactory + {{- if .Values.artifactory.ssh.enabled }} + - port: {{ .Values.artifactory.ssh.externalPort }} + targetPort: {{ .Values.artifactory.ssh.internalPort }} + protocol: TCP + name: tcp-ssh + {{- end }} + {{- with .Values.artifactory.primary.javaOpts.jmx }} + {{- if .enabled }} + - port: {{ .port }} + targetPort: {{ .port }} + protocol: TCP + name: tcp-jmx + {{- end }} + {{- end }} + selector: + role: {{ template "artifactory-ha.primary.name" . }} + app: {{ template "artifactory-ha.name" . }} + component: "{{ .Values.artifactory.name }}" + release: {{ .Release.Name }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-serviceaccount.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-serviceaccount.yaml new file mode 100644 index 000000000..6983c1d12 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-serviceaccount.yaml @@ -0,0 +1,16 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: +{{- with .Values.serviceAccount.annotations }} + annotations: +{{ tpl (toYaml .) $ | indent 4 }} +{{- end }} + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + component: {{ .Values.artifactory.name }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + name: {{ template "artifactory-ha.serviceAccountName" . }} +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-storage-pvc.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-storage-pvc.yaml new file mode 100644 index 000000000..e0bfa6b11 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-storage-pvc.yaml @@ -0,0 +1,27 @@ +{{ if .Values.artifactory.customPersistentVolumeClaim }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ .Values.artifactory.customPersistentVolumeClaim.name }} + labels: + app: {{ template "artifactory-ha.name" . }} + version: "{{ .Values.artifactory.version }}" + chart: {{ template "artifactory-ha.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + accessModes: + {{- range .Values.artifactory.customPersistentVolumeClaim.accessModes }} + - {{ . | quote }} + {{- end }} + {{- if .Values.artifactory.customPersistentVolumeClaim.storageClassName }} + {{- if (eq "-" .Values.artifactory.customPersistentVolumeClaim.storageClassName) }} + storageClassName: "" + {{- else }} + storageClassName: "{{ .Values.artifactory.customPersistentVolumeClaim.storageClassName }}" + {{- end }} + {{- end }} + resources: + requests: + storage: {{ .Values.artifactory.customPersistentVolumeClaim.size | quote }} +{{ end -}} \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-system-yaml.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-system-yaml.yaml new file mode 100644 index 000000000..aaa1be152 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/artifactory-system-yaml.yaml @@ -0,0 +1,16 @@ +{{- if not .Values.systemYamlOverride.existingSecret }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "artifactory-ha.primary.name" . }}-system-yaml + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + component: {{ .Values.artifactory.name }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +type: Opaque +stringData: + system.yaml: | +{{ tpl .Values.artifactory.systemYaml . | indent 4 }} +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/filebeat-configmap.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/filebeat-configmap.yaml new file mode 100644 index 000000000..d2db2a067 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/filebeat-configmap.yaml @@ -0,0 +1,15 @@ +{{- if .Values.filebeat.enabled }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "artifactory-ha.name" . }}-filebeat-config + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} +data: + filebeat.yml: | +{{ tpl .Values.filebeat.filebeatYml . | indent 4 }} +{{- end -}} \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/ingress.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/ingress.yaml new file mode 100644 index 000000000..53f7c93ec --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/ingress.yaml @@ -0,0 +1,149 @@ +{{- if .Values.ingress.enabled -}} +{{- $serviceName := include "artifactory-ha.fullname" . -}} +{{- $servicePort := .Values.artifactory.externalPort -}} +{{- $artifactoryServicePort := .Values.artifactory.externalArtifactoryPort -}} +{{- $ingressName := default ( include "artifactory-ha.fullname" . ) .Values.ingress.name -}} +{{- if semverCompare ">=v1.14.0-0" .Capabilities.KubeVersion.GitVersion }} +apiVersion: networking.k8s.io/v1beta1 +{{- else }} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $ingressName }} + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- if .Values.ingress.labels }} +{{ .Values.ingress.labels | toYaml | trimSuffix "\n"| indent 4 -}} +{{- end}} +{{- if .Values.ingress.annotations }} + annotations: +{{ .Values.ingress.annotations | toYaml | trimSuffix "\n" | indent 4 -}} +{{- end }} +spec: + {{- if .Values.ingress.defaultBackend.enabled }} + backend: + serviceName: {{ $serviceName }} + servicePort: {{ $servicePort }} + {{- end }} + rules: +{{- if .Values.ingress.hosts }} + {{- range $host := .Values.ingress.hosts }} + - host: {{ $host | quote }} + http: + paths: + - path: {{ $.Values.ingress.routerPath }} + backend: + serviceName: {{ $serviceName }} + servicePort: {{ $servicePort }} + - path: {{ $.Values.ingress.artifactoryPath }} + backend: + serviceName: {{ $serviceName }} + servicePort: {{ $artifactoryServicePort }} + {{- end -}} +{{- end -}} + {{- with .Values.ingress.additionalRules }} +{{ tpl . $ | indent 2 }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: +{{ toYaml .Values.ingress.tls | indent 4 }} + {{- end -}} +{{- if .Values.artifactory.replicator.enabled }} +--- +{{- $replicationIngressName := default ( include "artifactory-ha.replicator.fullname" . ) .Values.artifactory.replicator.ingress.name -}} +{{- if semverCompare ">=v1.14.0-0" .Capabilities.KubeVersion.GitVersion }} +apiVersion: networking.k8s.io/v1beta1 +{{- else }} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $replicationIngressName }} + labels: + app: "{{ template "artifactory-ha.name" $ }}" + chart: "{{ template "artifactory-ha.chart" $ }}" + release: {{ $.Release.Name | quote }} + heritage: {{ $.Release.Service | quote }} + {{- if .Values.artifactory.replicator.ingress.annotations }} + annotations: +{{ .Values.artifactory.replicator.ingress.annotations | toYaml | trimSuffix "\n" | indent 4 -}} + {{- end }} +spec: + {{- if .Values.ingress.defaultBackend.enabled }} + backend: + serviceName: {{ $serviceName }} + servicePort: {{ $servicePort }} + {{- end }} + rules: +{{- if .Values.artifactory.replicator.ingress.hosts }} + {{- range $host := .Values.artifactory.replicator.ingress.hosts }} + - host: {{ $host | quote }} + http: + paths: + - path: /replicator/ + backend: + serviceName: {{ $serviceName }} + servicePort: {{ $servicePort }} + - path: /artifactory/api/replication/replicate/file/streaming + backend: + serviceName: {{ $serviceName }} + servicePort: {{ $servicePort }} + {{- end -}} +{{- end -}} + {{- if .Values.artifactory.replicator.ingress.tls }} + tls: +{{ toYaml .Values.artifactory.replicator.ingress.tls | indent 4 }} + {{- end -}} +{{- end -}} +{{- if and .Values.artifactory.replicator.enabled .Values.artifactory.replicator.trackerIngress.enabled }} +--- +{{- $replicatorTrackerIngressName := default ( include "artifactory-ha.replicator.tracker.fullname" . ) .Values.artifactory.replicator.trackerIngress.name -}} + {{- if semverCompare ">=v1.14.0-0" .Capabilities.KubeVersion.GitVersion }} +apiVersion: networking.k8s.io/v1beta1 + {{- else }} +apiVersion: extensions/v1beta1 + {{- end }} +kind: Ingress +metadata: + name: {{ $replicatorTrackerIngressName }} + labels: + app: "{{ template "artifactory-ha.name" $ }}" + chart: "{{ template "artifactory-ha.chart" $ }}" + release: {{ $.Release.Name | quote }} + heritage: {{ $.Release.Service | quote }} + {{- if .Values.artifactory.replicator.trackerIngress.annotations }} + annotations: +{{ .Values.artifactory.replicator.trackerIngress.annotations | toYaml | trimSuffix "\n" | indent 4 -}} + {{- end }} +spec: + {{- if .Values.ingress.defaultBackend.enabled }} + backend: + serviceName: {{ $serviceName }} + servicePort: {{ $servicePort }} + {{- end }} + rules: +{{- if .Values.artifactory.replicator.trackerIngress.hosts }} + {{- range $host := .Values.artifactory.replicator.trackerIngress.hosts }} + - host: {{ $host | quote }} + http: + paths: + - path: / + backend: + serviceName: {{ $serviceName }} + servicePort: {{ $servicePort }} + {{- end -}} +{{- end -}} + {{- if .Values.artifactory.replicator.trackerIngress.tls }} + tls: +{{ toYaml .Values.artifactory.replicator.trackerIngress.tls | indent 4 }} + {{- end -}} +{{- end -}} +{{- if .Values.customIngress }} +--- +{{ .Values.customIngress | toYaml | trimSuffix "\n" }} +{{- end -}} +{{- end -}} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/logger-configmap.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/logger-configmap.yaml new file mode 100644 index 000000000..87fe8999e --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/logger-configmap.yaml @@ -0,0 +1,63 @@ +{{- if or .Values.artifactory.loggers .Values.artifactory.catalinaLoggers }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "artifactory-ha.fullname" . }}-logger + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +data: + tail-log.sh: | + #!/bin/sh + + LOG_DIR=$1 + LOG_NAME=$2 + PID= + + # Wait for log dir to appear + while [ ! -d ${LOG_DIR} ]; do + sleep 1 + done + + cd ${LOG_DIR} + + LOG_PREFIX=$(echo ${LOG_NAME} | sed 's/.log$//g') + + # Find the log to tail + LOG_FILE=$(ls -1t ./${LOG_PREFIX}*.log 2>/dev/null | head -1) + + # Wait for the log file + while [ -z "${LOG_FILE}" ]; do + sleep 1 + LOG_FILE=$(ls -1t ./${LOG_PREFIX}*.log 2>/dev/null | head -1) + done + + echo "Log file ${LOG_FILE} is ready!" + + # Get inode number + INODE_ID=$(ls -i ${LOG_FILE}) + + # echo "Tailing ${LOG_FILE}" + tail -F ${LOG_FILE} & + PID=$! + + # Loop forever to see if a new log was created + while true; do + # Check inode number + NEW_INODE_ID=$(ls -i ${LOG_FILE}) + + # If inode number changed, this means log was rotated and need to start a new tail + if [ "${INODE_ID}" != "${NEW_INODE_ID}" ]; then + kill -9 ${PID} 2>/dev/null + INODE_ID="${NEW_INODE_ID}" + + # Start a new tail + tail -F ${LOG_FILE} & + PID=$! + fi + sleep 1 + done + +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/nginx-artifactory-conf.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/nginx-artifactory-conf.yaml new file mode 100644 index 000000000..eb1f0e698 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/nginx-artifactory-conf.yaml @@ -0,0 +1,14 @@ +{{- if and (not .Values.nginx.customArtifactoryConfigMap) .Values.nginx.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "artifactory-ha.fullname" . }}-nginx-artifactory-conf + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +data: + artifactory.conf: | +{{ tpl .Values.nginx.artifactoryConf . | indent 4 }} +{{- end }} \ No newline at end of file diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/nginx-certificate-secret.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/nginx-certificate-secret.yaml new file mode 100644 index 000000000..c4aceb951 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/nginx-certificate-secret.yaml @@ -0,0 +1,14 @@ +{{- if and (not .Values.nginx.tlsSecretName) .Values.nginx.https.enabled }} +apiVersion: v1 +kind: Secret +type: kubernetes.io/tls +metadata: + name: {{ template "artifactory-ha.fullname" . }}-nginx-certificate + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +data: +{{ ( include "artifactory-ha.gen-certs" . ) | indent 2 }} +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/nginx-conf.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/nginx-conf.yaml new file mode 100644 index 000000000..5f424d52a --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/nginx-conf.yaml @@ -0,0 +1,14 @@ +{{- if and (not .Values.nginx.customConfigMap) .Values.nginx.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "artifactory-ha.fullname" . }}-nginx-conf + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +data: + nginx.conf: | +{{ tpl .Values.nginx.mainConf . | indent 4 }} +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/nginx-deployment.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/nginx-deployment.yaml new file mode 100644 index 000000000..7d321b3f9 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/nginx-deployment.yaml @@ -0,0 +1,201 @@ +{{- if .Values.nginx.enabled -}} +{{- $serviceName := include "artifactory-ha.fullname" . -}} +{{- $servicePort := .Values.artifactory.externalPort -}} +apiVersion: apps/v1 +kind: {{ .Values.nginx.kind }} +metadata: + name: {{ template "artifactory-ha.nginx.fullname" . }} + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + component: {{ .Values.nginx.name }} +{{- if .Values.nginx.labels }} +{{ toYaml .Values.nginx.labels | indent 4 }} +{{- end }} +spec: +{{- if ne .Values.nginx.kind "DaemonSet" }} + replicas: {{ .Values.nginx.replicaCount }} +{{- end }} + selector: + matchLabels: + app: {{ template "artifactory-ha.name" . }} + release: {{ .Release.Name }} + component: {{ .Values.nginx.name }} + template: + metadata: + annotations: + checksum/nginx-conf: {{ include (print $.Template.BasePath "/nginx-conf.yaml") . | sha256sum }} + checksum/nginx-artifactory-conf: {{ include (print $.Template.BasePath "/nginx-artifactory-conf.yaml") . | sha256sum }} + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + component: {{ .Values.nginx.name }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + spec: + serviceAccountName: {{ template "artifactory-ha.serviceAccountName" . }} + {{- if or .Values.imagePullSecrets .Values.global.imagePullSecrets }} +{{- include "artifactory-ha.imagePullSecrets" . | indent 6 }} + {{- end }} + {{- if .Values.nginx.priorityClassName }} + priorityClassName: {{ .Values.nginx.priorityClassName | quote }} + {{- end }} + initContainers: + - name: "setup" + image: "{{ .Values.initContainerImage }}" + imagePullPolicy: {{ .Values.nginx.image.pullPolicy }} + command: + - '/bin/sh' + - '-c' + - > + rm -rfv {{ .Values.nginx.persistence.mountPath }}/lost+found; + mkdir -p {{ .Values.nginx.persistence.mountPath }}/logs; + volumeMounts: + - mountPath: {{ .Values.nginx.persistence.mountPath | quote }} + name: nginx-volume + securityContext: + runAsUser: {{ .Values.nginx.uid }} + fsGroup: {{ .Values.nginx.gid }} + containers: + - name: {{ .Values.nginx.name }} + image: {{ include "artifactory-ha.getImageInfoByValue" (list . "nginx") }} + imagePullPolicy: {{ .Values.nginx.image.pullPolicy }} + command: + - 'nginx' + - '-g' + - 'daemon off;' + ports: + # DEPRECATION NOTE: The following is to maintain support for values pre 1.3.1 and + # will be cleaned up in a later version + {{- if .Values.nginx.http }} + {{- if .Values.nginx.http.enabled }} + - containerPort: {{ .Values.nginx.http.internalPort }} + name: http + {{- end }} + {{- else }} # DEPRECATED + - containerPort: {{ .Values.nginx.internalPortHttp }} + name: http-internal + {{- end }} + {{- if .Values.nginx.https }} + {{- if .Values.nginx.https.enabled }} + - containerPort: {{ .Values.nginx.https.internalPort }} + name: https + {{- end }} + {{- else }} # DEPRECATED + - containerPort: {{ .Values.nginx.internalPortHttps }} + name: https-internal + {{- end }} + {{- if .Values.artifactory.ssh.enabled }} + - containerPort: {{ .Values.nginx.ssh.internalPort }} + name: tcp-ssh + {{- end }} + volumeMounts: + - name: nginx-conf + mountPath: /etc/nginx/nginx.conf + subPath: nginx.conf + - name: nginx-artifactory-conf + mountPath: "{{ .Values.nginx.persistence.mountPath }}/conf.d/" + - name: nginx-volume + mountPath: {{ .Values.nginx.persistence.mountPath | quote }} + {{- if .Values.nginx.https.enabled }} + - name: ssl-certificates + mountPath: "{{ .Values.nginx.persistence.mountPath }}/ssl" + {{- end }} + resources: +{{ toYaml .Values.nginx.resources | indent 10 }} + {{- if .Values.nginx.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.nginx.readinessProbe.path }} + {{- if .Values.nginx.http.enabled }} + port: {{ .Values.nginx.http.internalPort }} + scheme: HTTP + {{- else }} + port: {{ .Values.nginx.https.internalPort }} + scheme: HTTPS + {{- end }} + initialDelaySeconds: {{ .Values.nginx.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.nginx.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.nginx.readinessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.nginx.readinessProbe.failureThreshold }} + successThreshold: {{ .Values.nginx.readinessProbe.successThreshold }} + {{- end }} + {{- if .Values.nginx.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.nginx.livenessProbe.path }} + {{- if .Values.nginx.http.enabled }} + port: {{ .Values.nginx.http.internalPort }} + scheme: HTTP + {{- else }} + port: {{ .Values.nginx.https.internalPort }} + scheme: HTTPS + {{- end }} + initialDelaySeconds: {{ .Values.nginx.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.nginx.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.nginx.livenessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.nginx.livenessProbe.failureThreshold }} + successThreshold: {{ .Values.nginx.livenessProbe.successThreshold }} + {{- end }} + {{- $mountPath := .Values.nginx.persistence.mountPath }} + {{- range .Values.nginx.loggers }} + - name: {{ . | replace "_" "-" | replace "." "-" }} + image: {{ include "artifactory-ha.getImageInfoByValue" (list $ "logger") }} + command: + - tail + args: + - '-F' + - '{{ $mountPath }}/logs/{{ . }}' + volumeMounts: + - name: nginx-volume + mountPath: {{ $mountPath }} + resources: +{{ toYaml $.Values.nginx.loggersResources | indent 10 }} + {{- end }} + {{- with .Values.nginx.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.nginx.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.nginx.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} + volumes: + - name: nginx-conf + configMap: + {{- if .Values.nginx.customConfigMap }} + name: {{ .Values.nginx.customConfigMap }} + {{- else }} + name: {{ template "artifactory-ha.fullname" . }}-nginx-conf + {{- end }} + - name: nginx-artifactory-conf + configMap: + {{- if .Values.nginx.customArtifactoryConfigMap }} + name: {{ .Values.nginx.customArtifactoryConfigMap }} + {{- else }} + name: {{ template "artifactory-ha.fullname" . }}-nginx-artifactory-conf + {{- end }} + + - name: nginx-volume + {{- if .Values.nginx.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ .Values.nginx.persistence.existingClaim | default (include "artifactory-ha.nginx.fullname" .) }} + {{- else }} + emptyDir: {} + {{- end }} + {{- if .Values.nginx.https.enabled }} + - name: ssl-certificates + secret: + {{- if .Values.nginx.tlsSecretName }} + secretName: {{ .Values.nginx.tlsSecretName }} + {{- else }} + secretName: {{ template "artifactory-ha.fullname" . }}-nginx-certificate + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/nginx-pdb.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/nginx-pdb.yaml new file mode 100644 index 000000000..8310377a6 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/nginx-pdb.yaml @@ -0,0 +1,19 @@ +{{- if .Values.nginx.enabled -}} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: {{ template "artifactory-ha.nginx.fullname" . }} + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + component: {{ .Values.nginx.name }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + selector: + matchLabels: + component: {{ .Values.nginx.name }} + app: {{ template "artifactory-ha.name" . }} + release: {{ .Release.Name }} + minAvailable: {{ .Values.nginx.minAvailable }} +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/nginx-pvc.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/nginx-pvc.yaml new file mode 100644 index 000000000..0e573f383 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/nginx-pvc.yaml @@ -0,0 +1,26 @@ +{{- if and .Values.nginx.persistence.enabled (.Values.nginx.enabled) (eq (int .Values.nginx.replicaCount) 1) }} +{{- if (not .Values.nginx.persistence.existingClaim) }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ template "artifactory-ha.nginx.fullname" . }} + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + accessModes: + - {{ .Values.nginx.persistence.accessMode | quote }} + resources: + requests: + storage: {{ .Values.nginx.persistence.size | quote }} +{{- if .Values.nginx.persistence.storageClassName }} +{{- if (eq "-" .Values.nginx.persistence.storageClassName) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .Values.nginx.persistence.storageClassName }}" +{{- end }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/templates/nginx-service.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/nginx-service.yaml new file mode 100644 index 000000000..594717cf9 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/templates/nginx-service.yaml @@ -0,0 +1,79 @@ +{{- if .Values.nginx.enabled -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "artifactory-ha.nginx.fullname" . }} + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + component: {{ .Values.nginx.name }} + {{- if .Values.nginx.service.labels }} +{{ toYaml .Values.nginx.service.labels | indent 4 }} + {{- end }} +{{- if .Values.nginx.service.annotations }} + annotations: +{{ toYaml .Values.nginx.service.annotations | indent 4 }} +{{- end }} +spec: + type: {{ .Values.nginx.service.type }} + {{- if and (eq .Values.nginx.service.type "ClusterIP") .Values.nginx.service.clusterIP }} + clusterIP: {{ .Values.nginx.service.clusterIP }} + {{- end }} +{{- if eq .Values.nginx.service.type "LoadBalancer" }} + {{ if .Values.nginx.service.loadBalancerIP -}} + loadBalancerIP: {{ .Values.nginx.service.loadBalancerIP }} + {{ end -}} + {{- if .Values.nginx.service.externalTrafficPolicy }} + externalTrafficPolicy: {{ .Values.nginx.service.externalTrafficPolicy }} + {{- end }} +{{- end }} +{{- if .Values.nginx.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: +{{ toYaml .Values.nginx.service.loadBalancerSourceRanges | indent 4 }} +{{- end }} + ports: + # DEPRECATION NOTE: The following is to maintain support for values pre 1.3.0 and + # will be cleaned up in a later verion + {{- if .Values.nginx.http }} + {{- if .Values.nginx.http.enabled }} + - port: {{ .Values.nginx.http.externalPort }} + targetPort: {{ .Values.nginx.http.internalPort }} + protocol: TCP + name: http + {{- end }} + {{- else }} # DEPRECATED + - port: {{ .Values.nginx.externalPortHttp }} + targetPort: {{ .Values.nginx.internalPortHttp }} + protocol: TCP + name: http + {{- end }} + {{- if .Values.nginx.https }} + {{- if or .Values.nginx.https.enabled .Values.nginx.service.ssloffload }} + - port: {{ .Values.nginx.https.externalPort }} + {{- if .Values.nginx.service.ssloffload }} + targetPort: {{ .Values.nginx.http.internalPort }} + {{- else }} + targetPort: {{ .Values.nginx.https.internalPort}} + {{- end }} + protocol: TCP + name: https + {{- end }} + {{- else }} # DEPRECATED + - port: {{ .Values.nginx.externalPortHttps }} + targetPort: {{ .Values.nginx.internalPortHttps }} + protocol: TCP + name: https + {{- end }} + {{- if .Values.artifactory.ssh.enabled }} + - port: {{ .Values.nginx.ssh.externalPort }} + targetPort: {{ .Values.nginx.ssh.internalPort }} + protocol: TCP + name: tcp-ssh + {{- end }} + selector: + app: {{ template "artifactory-ha.name" . }} + component: {{ .Values.nginx.name }} + release: {{ .Release.Name }} +{{- end }} diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/values-large.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/values-large.yaml new file mode 100644 index 000000000..ec05d2add --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/values-large.yaml @@ -0,0 +1,24 @@ +artifactory: + primary: + resources: + requests: + memory: "6Gi" + cpu: "4" + limits: + memory: "10Gi" + cpu: "8" + javaOpts: + xms: "6g" + xmx: "8g" + node: + replicaCount: 3 + resources: + requests: + memory: "6Gi" + cpu: "4" + limits: + memory: "10Gi" + cpu: "8" + javaOpts: + xms: "6g" + xmx: "8g" diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/values-medium.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/values-medium.yaml new file mode 100644 index 000000000..33879c00b --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/values-medium.yaml @@ -0,0 +1,24 @@ +artifactory: + primary: + resources: + requests: + memory: "4Gi" + cpu: "2" + limits: + memory: "8Gi" + cpu: "6" + javaOpts: + xms: "4g" + xmx: "6g" + node: + replicaCount: 2 + resources: + requests: + memory: "4Gi" + cpu: "2" + limits: + memory: "8Gi" + cpu: "6" + javaOpts: + xms: "4g" + xmx: "6g" diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/values-small.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/values-small.yaml new file mode 100644 index 000000000..4babf97cb --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/values-small.yaml @@ -0,0 +1,24 @@ +artifactory: + primary: + resources: + requests: + memory: "4Gi" + cpu: "2" + limits: + memory: "6Gi" + cpu: "4" + javaOpts: + xms: "4g" + xmx: "4g" + node: + replicaCount: 1 + resources: + requests: + memory: "4Gi" + cpu: "2" + limits: + memory: "6Gi" + cpu: "4" + javaOpts: + xms: "4g" + xmx: "4g" diff --git a/charts/artifactory-ha/artifactory-ha/4.7.600/values.yaml b/charts/artifactory-ha/artifactory-ha/4.7.600/values.yaml new file mode 100644 index 000000000..b142d38c6 --- /dev/null +++ b/charts/artifactory-ha/artifactory-ha/4.7.600/values.yaml @@ -0,0 +1,1653 @@ +# Default values for artifactory-ha. +# This is a YAML-formatted file. +# Beware when changing values here. You should know what you are doing! +# Access the values with {{ .Values.key.subkey }} + +global: + # imageRegistry: docker.bintray.io + # imagePullSecrets: + # - myRegistryKeySecretName + ## Chart.AppVersion can be overidden using global.versions.artifactory or .Values.artifactory.image.tag + ## Note: Order of preference is 1) global.versions 2) .Values.artifactory.image.tag 3) Chart.AppVersion + ## This applies also for nginx images (.Values.nginx.image.tag) + versions: {} + # artifactory: + # joinKey: + # masterKey: + # joinKeySecretName: + # masterKeySecretName: + # customInitContainersBegin: | + + # customInitContainers: | + + # customVolumes: | + + # customVolumeMounts: | + + # customSidecarContainers: | + +initContainerImage: docker.bintray.io/alpine:3.12.1 + +installer: + type: + platform: + +installerInfo: '{"productId": "Helm_artifactory-ha/{{ .Chart.Version }}", "features": [ { "featureId": "Platform/{{ default "kubernetes" .Values.installer.platform }}"}]}' + +# For supporting pulling from private registries +# imagePullSecrets: +# - myRegistryKeySecretName + +## Artifactory systemYaml override +## This is for advanced usecases where users wants to provide their own systemYaml for configuring artifactory +## Refer: https://www.jfrog.com/confluence/display/JFROG/Artifactory+System+YAML +## Note: This will override existing (default) .Values.artifactory.systemYaml in values.yaml +## Alternatively, systemYaml can be overidden via customInitContainers using external sources like vaults, external repositories etc. Please refer customInitContainer section below for an example. +## Note: Order of preference is 1) customInitContainers 2) systemYamlOverride existingSecret 3) default systemYaml in values.yaml +systemYamlOverride: +## You can use a pre-existing secret by specifying existingSecret + existingSecret: +## The dataKey should be the name of the secret data key created. + dataKey: + +## Role Based Access Control +## Ref: https://kubernetes.io/docs/admin/authorization/rbac/ +rbac: + create: true + role: + ## Rules to create. It follows the role specification + rules: + - apiGroups: + - '' + resources: + - services + - endpoints + - pods + verbs: + - get + - watch + - list + +## Service Account +## Ref: https://kubernetes.io/docs/admin/service-accounts-admin/ +## +serviceAccount: + create: true + ## The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the fullname template + name: + annotations: {} + +ingress: + enabled: false + defaultBackend: + enabled: true + # Used to create an Ingress record. + hosts: [] + routerPath: / + artifactoryPath: /artifactory/ + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + # nginx.ingress.kubernetes.io/proxy-body-size: "0" + labels: {} + # traffic-type: external + # traffic-type: internal + tls: [] + # Secrets must be manually created in the namespace. + # - secretName: chart-example-tls + # hosts: + # - artifactory.domain.example + + # Additional ingress rules + additionalRules: [] + +## Allows to add custom ingress +customIngress: | + +networkpolicy: + # Allows all ingress and egress + - name: artifactory + podSelector: + matchLabels: + app: artifactory-ha + egress: + - {} + ingress: + - {} + # Uncomment to allow only artifactory pods to communicate with postgresql (if postgresql.enabled is true) + # - name: postgresql + # podSelector: + # matchLabels: + # app: postgresql + # ingress: + # - from: + # - podSelector: + # matchLabels: + # app: artifactory-ha + + +## Database configurations +## Use the wait-for-db init container. Set to false to skip +waitForDatabase: true + +## Configuration values for the postgresql dependency +## ref: https://github.com/bitnami/charts/blob/master/bitnami/postgresql/README.md +## +postgresql: + enabled: true + image: + registry: docker.bintray.io + repository: bitnami/postgresql + tag: 12.5.0-debian-10-r25 + postgresqlUsername: artifactory + postgresqlPassword: "" + postgresqlDatabase: artifactory + postgresqlExtendedConf: + listenAddresses: "'*'" + maxConnections: "1500" + persistence: + enabled: true + size: 50Gi + service: + port: 5432 + master: + nodeSelector: {} + affinity: {} + tolerations: [] + slave: + nodeSelector: {} + affinity: {} + tolerations: [] + resources: {} + # requests: + # memory: "512Mi" + # cpu: "100m" + # limits: + # memory: "1Gi" + # cpu: "500m" + +## If NOT using the PostgreSQL in this chart (postgresql.enabled=false), +## you MUST specify custom database details here or Artifactory will NOT start +database: + type: + driver: + ## If you set the url, leave host and port empty + url: + ## If you would like this chart to create the secret containing the db + ## password, use these values + user: + password: + ## If you have existing Kubernetes secrets containing db credentials, use + ## these values + secrets: {} + # user: + # name: "rds-artifactory" + # key: "db-user" + # password: + # name: "rds-artifactory" + # key: "db-password" + # url: + # name: "rds-artifactory" + # key: "db-url" + +logger: + image: + registry: docker.bintray.io + repository: busybox + tag: 1.31.1 + +# Artifactory +artifactory: + name: artifactory-ha + # Note that by default we use appVersion to get image tag/version + image: + registry: docker.bintray.io + repository: jfrog/artifactory-pro + # tag: + pullPolicy: IfNotPresent + + # Create a priority class for the Artifactory pods or use an existing one + # NOTE - Maximum allowed value of a user defined priority is 1000000000 + priorityClass: + create: false + value: 1000000000 + ## Override default name + # name: + ## Use an existing priority class + # existingPriorityClass: + + # Delete the db.properties file in ARTIFACTORY_HOME/etc/db.properties + deleteDBPropertiesOnStartup: true + database: + maxOpenConnections: 80 + tomcat: + connector: + maxThreads: 200 + extraConfig: 'acceptCount="100"' + + # Support for open metrics is only available for Artifactory 7.7.x (appVersions) and above. + # To enable set `.Values.artifactory.openMetrics.enabled` to `true` + # Refer - https://www.jfrog.com/confluence/display/JFROG/Open+Metrics + openMetrics: + enabled: false + + # This directory is intended for use with NFS eventual configuration for HA + haDataDir: + enabled: false + path: + haBackupDir: + enabled: false + path: + + # Files to copy to ARTIFACTORY_HOME/ on each Artifactory startup + copyOnEveryStartup: + # # Absolute path + # - source: /artifactory_bootstrap/binarystore.xml + # # Relative to ARTIFACTORY_HOME/ + # target: etc/artifactory/ + # # Absolute path + # - source: /artifactory_bootstrap/artifactory.lic + # # Relative to ARTIFACTORY_HOME/ + # target: etc/artifactory/ + + # Sidecar containers for tailing Artifactory logs + loggers: [] + # - access-audit.log + # - access-request.log + # - access-security-audit.log + # - access-service.log + # - artifactory-access.log + # - artifactory-event.log + # - artifactory-import-export.log + # - artifactory-request.log + # - artifactory-service.log + # - frontend-request.log + # - frontend-service.log + # - metadata-request.log + # - metadata-service.log + # - router-request.log + # - router-service.log + # - router-traefik.log + # - derby.log + + # Loggers containers resources + loggersResources: {} + # requests: + # memory: "10Mi" + # cpu: "10m" + # limits: + # memory: "100Mi" + # cpu: "50m" + + # Sidecar containers for tailing Tomcat (catalina) logs + catalinaLoggers: [] + # - tomcat-catalina.log + # - tomcat-localhost.log + + # Tomcat (catalina) loggers resources + catalinaLoggersResources: {} + # requests: + # memory: "10Mi" + # cpu: "10m" + # limits: + # memory: "100Mi" + # cpu: "50m" + + # Migration support from 6.x to 7.x + migration: + enabled: true + timeoutSeconds: 3600 + ## Extra pre-start command in migration Init Container to install JDBC driver for MySql/MariaDb/Oracle + # preStartCommand: "mkdir -p /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib; cd /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib && wget -O /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib/mysql-connector-java-5.1.41.jar https://jcenter.bintray.com/mysql/mysql-connector-java/5.1.41/mysql-connector-java-5.1.41.jar" + + + ## Add custom init containers execution before predefined init containers + customInitContainersBegin: | + # - name: "custom-setup" + # image: "{{ .Values.initContainerImage }}" + # imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" + # command: + # - 'sh' + # - '-c' + # - 'touch {{ .Values.artifactory.persistence.mountPath }}/example-custom-setup' + # volumeMounts: + # - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" + # name: volume + ## Add custom init containers + + ## Add custom init containers execution after predefined init containers + customInitContainers: | + # - name: "custom-systemyaml-setup" + # image: "{{ .Values.initContainerImage }}" + # imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" + # command: + # - 'sh' + # - '-c' + # - 'wget -O {{ .Values.artifactory.persistence.mountPath }}/etc/system.yaml https:///systemyaml' + # volumeMounts: + # - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" + # name: volume + + ## Add custom sidecar containers + # - The provided example uses a custom volume (customVolumes) + # - The provided example shows running container as root (id 0) + customSidecarContainers: | + # - name: "sidecar-list-etc" + # image: "{{ .Values.initContainerImage }}" + # imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" + # securityContext: + # allowPrivilegeEscalation: false + # command: + # - 'sh' + # - '-c' + # - 'sh /scripts/script.sh' + # volumeMounts: + # - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" + # name: volume + # - mountPath: "/scripts/script.sh" + # name: custom-script + # subPath: script.sh + # resources: + # requests: + # memory: "32Mi" + # cpu: "50m" + # limits: + # memory: "128Mi" + # cpu: "100m" + + ## Add custom volumes + customVolumes: | + # - name: custom-script + # configMap: + # name: custom-script + + ## Add custom volumesMounts + customVolumeMounts: | + # - name: custom-script + # mountPath: "/scripts/script.sh" + # subPath: script.sh + # - name: posthook-start + # mountPath: "/scripts/posthoook-start.sh" + # subPath: posthoook-start.sh + # - name: prehook-start + # mountPath: "/scripts/prehook-start.sh" + # subPath: prehook-start.sh + + # Add custom persistent volume mounts - Available for the pod + # If skipPrepareContainer is set to true , this will skip the prepare-custom-persistent-volume init container + customPersistentPodVolumeClaim: {} + # name: + # mountPath: + # accessModes: + # - "-" + # size: + # storageClassName: + # skipPrepareContainer: false + + # Add custom persistent volume mounts - Available to the entire namespace + customPersistentVolumeClaim: {} + # name: + # mountPath: + # accessModes: + # - "-" + # size: + # storageClassName: + + ## Artifactory HA requires a unique master key. Each Artifactory node must have the same master key! + ## You can generate one with the command: "openssl rand -hex 32" + ## Pass it to helm with '--set artifactory.masterKey=${MASTER_KEY}' + ## Alternatively, you can use a pre-existing secret with a key called master-key by specifying masterKeySecretName + ## IMPORTANT: You should NOT use the example masterKey for a production deployment! + ## IMPORTANT: This is a mandatory for fresh Install of 7.x (App version) + # masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF + # masterKeySecretName: + + ## Join Key to connect to other services to Artifactory. + ## IMPORTANT: Setting this value overrides the existing joinKey + ## IMPORTANT: You should NOT use the example joinKey for a production deployment! + # joinKey: EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE + ## Alternatively, you can use a pre-existing secret with a key called join-key by specifying joinKeySecretName + # joinKeySecretName: + + # Add custom secrets - secret per file + customSecrets: + # - name: custom-secret + # key: custom-secret.yaml + # data: > + # custom_secret_config: + # parameter1: value1 + # parameter2: value2 + # - name: custom-secret2 + # key: custom-secret2.config + # data: | + # here the custom secret 2 config + + ## If false, all service console logs will not redirect to a common console.log + consoleLog: false + + binarystore: + enabled: true + + ## admin allows to set the password for the default admin user. + ## See: https://www.jfrog.com/confluence/display/JFROG/Users+and+Groups#UsersandGroups-RecreatingtheDefaultAdminUserrecreate + admin: + ip: "127.0.0.1" + username: "admin" + password: + secret: + dataKey: + + ## Artifactory license. + license: + ## licenseKey is the license key in plain text. Use either this or the license.secret setting + licenseKey: + ## If artifactory.license.secret is passed, it will be mounted as + ## ARTIFACTORY_HOME/etc/artifactory.lic and loaded at run time. + secret: + ## The dataKey should be the name of the secret data key created. + dataKey: + + ## Create configMap with artifactory.config.import.xml and security.import.xml and pass name of configMap in following parameter + configMapName: + + # Add any list of configmaps to Artifactory + configMaps: | + # posthook-start.sh: |- + # echo "This is a post start script" + # posthook-end.sh: |- + # echo "This is a post end script" + + ## List of secrets for Artifactory user plugins. + ## One Secret per plugin's files. + userPluginSecrets: + # - archive-old-artifacts + # - build-cleanup + # - webhook + # - '{{ template "my-chart.fullname" . }}' + + ## Extra pre-start command to install JDBC driver for MySql/MariaDb/Oracle + # preStartCommand: "mkdir -p /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib; cd /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib && wget -O /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib/mysql-connector-java-5.1.41.jar https://jcenter.bintray.com/mysql/mysql-connector-java/5.1.41/mysql-connector-java-5.1.41.jar" + ## Extra post-start command to run extra commands after container starts + # postStartCommand: + + ## Extra environment variables that can be used to tune Artifactory to your needs. + ## Uncomment and set value as needed + extraEnvironmentVariables: + # - name: SERVER_XML_ARTIFACTORY_PORT + # value: "8081" + # - name: SERVER_XML_ARTIFACTORY_MAX_THREADS + # value: "200" + # - name: SERVER_XML_ACCESS_MAX_THREADS + # value: "50" + # - name: SERVER_XML_ARTIFACTORY_EXTRA_CONFIG + # value: "" + # - name: SERVER_XML_ACCESS_EXTRA_CONFIG + # value: "" + # - name: SERVER_XML_EXTRA_CONNECTOR + # value: "" + # - name: DB_POOL_MAX_ACTIVE + # value: "100" + # - name: DB_POOL_MAX_IDLE + # value: "10" + # - name: MY_SECRET_ENV_VAR + # valueFrom: + # secretKeyRef: + # name: my-secret-name + # key: my-secret-key + + # TODO: Fix javaOpts for member nodes (currently uses primary settings for all nodes) + systemYaml: | + shared: + logging: + consoleLog: + enabled: {{ .Values.artifactory.consoleLog }} + extraJavaOpts: > + -Dartifactory.access.client.max.connections={{ .Values.access.tomcat.connector.maxThreads }} + {{- with .Values.artifactory.primary.javaOpts }} + -Dartifactory.async.corePoolSize={{ .corePoolSize }} + {{- if .xms }} + -Xms{{ .xms }} + {{- end }} + {{- if .xmx }} + -Xmx{{ .xmx }} + {{- end }} + {{- if .jmx.enabled }} + -Dcom.sun.management.jmxremote + -Dcom.sun.management.jmxremote.port={{ .jmx.port }} + -Dcom.sun.management.jmxremote.rmi.port={{ .jmx.port }} + -Dcom.sun.management.jmxremote.ssl={{ .jmx.ssl }} + {{- if .jmx.host }} + -Djava.rmi.server.hostname={{ tpl .jmx.host $ }} + {{- else }} + -Djava.rmi.server.hostname={{ template "artifactory-ha.fullname" $ }} + {{- end }} + {{- if .jmx.authenticate }} + -Dcom.sun.management.jmxremote.authenticate=true + -Dcom.sun.management.jmxremote.access.file={{ .jmx.accessFile }} + -Dcom.sun.management.jmxremote.password.file={{ .jmx.passwordFile }} + {{- else }} + -Dcom.sun.management.jmxremote.authenticate=false + {{- end }} + {{- end }} + {{- if .other }} + {{ .other }} + {{- end }} + {{- end }} + database: + {{- if .Values.postgresql.enabled }} + type: postgresql + url: "jdbc:postgresql://{{ .Release.Name }}-postgresql:{{ .Values.postgresql.service.port }}/{{ .Values.postgresql.postgresqlDatabase }}" + host: "" + driver: org.postgresql.Driver + username: "{{ .Values.postgresql.postgresqlUsername }}" + {{ else }} + type: "{{ .Values.database.type }}" + driver: "{{ .Values.database.driver }}" + {{- end }} + artifactory: + {{- if .Values.artifactory.openMetrics }} + metrics: + enabled: {{ .Values.artifactory.openMetrics.enabled }} + {{- end }} + {{- if or .Values.artifactory.haDataDir.enabled .Values.artifactory.haBackupDir.enabled }} + node: + {{- if .Values.artifactory.haDataDir.path }} + haDataDir: {{ .Values.artifactory.haDataDir.path }} + {{- end }} + {{- if .Values.artifactory.haBackupDir.path }} + haBackupDir: {{ .Values.artifactory.haBackupDir.path }} + {{- end }} + {{- end }} + database: + maxOpenConnections: {{ .Values.artifactory.database.maxOpenConnections }} + tomcat: + connector: + maxThreads: {{ .Values.artifactory.tomcat.connector.maxThreads }} + extraConfig: {{ .Values.artifactory.tomcat.connector.extraConfig }} + frontend: + session: + timeMinutes: {{ .Values.frontend.session.timeoutMinutes | quote }} + access: + database: + maxOpenConnections: {{ .Values.access.database.maxOpenConnections }} + tomcat: + connector: + maxThreads: {{ .Values.access.tomcat.connector.maxThreads }} + extraConfig: {{ .Values.access.tomcat.connector.extraConfig }} + {{- if .Values.access.database.enabled }} + type: "{{ .Values.access.database.type }}" + url: "{{ .Values.access.database.url }}" + driver: "{{ .Values.access.database.driver }}" + username: "{{ .Values.access.database.user }}" + password: "{{ .Values.access.database.password }}" + {{- end }} + metadata: + database: + maxOpenConnections: {{ .Values.metadata.database.maxOpenConnections }} + {{- if .Values.artifactory.replicator.enabled }} + replicator: + enabled: true + {{- end }} + + ## IMPORTANT: If overriding artifactory.internalPort: + ## DO NOT use port lower than 1024 as Artifactory runs as non-root and cannot bind to ports lower than 1024! + externalPort: 8082 + internalPort: 8082 + externalArtifactoryPort: 8081 + internalArtifactoryPort: 8081 + uid: 1030 + gid: 1030 + terminationGracePeriodSeconds: 30 + + ## By default, the Artifactory StatefulSet is created with a securityContext that sets the `runAsUser` and the `fsGroup` to the `artifactory.uid` value. + ## If you want to disable the securityContext for the Artifactory StatefulSet, set this tag to false + setSecurityContext: true + + ## The following settings are to configure the frequency of the liveness and readiness probes + livenessProbe: + enabled: true + path: /router/api/v1/system/health + initialDelaySeconds: 180 + failureThreshold: 10 + timeoutSeconds: 10 + periodSeconds: 10 + successThreshold: 1 + + readinessProbe: + enabled: true + path: /router/api/v1/system/health + initialDelaySeconds: 90 + failureThreshold: 10 + timeoutSeconds: 10 + periodSeconds: 10 + successThreshold: 1 + + persistence: + enabled: true + local: false + redundancy: 3 + mountPath: "/var/opt/jfrog/artifactory" + accessMode: ReadWriteOnce + size: 200Gi + + ## Use a custom Secret to be mounted as your binarystore.xml + ## NOTE: This will ignore all settings below that make up binarystore.xml + customBinarystoreXmlSecret: + + maxCacheSize: 50000000000 + cacheProviderDir: cache + eventual: + numberOfThreads: 10 + ## artifactory data Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClassName: "-" + + ## Set the persistence storage type. This will apply the matching binarystore.xml to Artifactory config + ## Supported types are: + ## file-system (default) + ## nfs + ## google-storage + ## aws-s3 + ## aws-s3-v3 + ## azure-blob + type: file-system + + ## Use binarystoreXml to provide a custom binarystore.xml + ## This can be a template or hardcoded. + binarystoreXml: | + {{- if eq .Values.artifactory.persistence.type "file-system" }} + + {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} + + + + + + {{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) -}} + + {{- end }} + + + + + + {{ .Values.artifactory.persistence.maxCacheSize }} + {{ .Values.artifactory.persistence.cacheProviderDir }} + + + // Specify the read and write strategy and redundancy for the sharding binary provider + + roundRobin + percentageFreeSpace + 2 + + + {{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) -}} + //For each sub-provider (mount), specify the filestore location + + filestore{{ $sharedClaimNumber }} + + {{- end }} + + {{- else }} + + + + + crossNetworkStrategy + crossNetworkStrategy + {{ .Values.artifactory.persistence.redundancy }} + 2 + 2 + + + + + + + + + {{ .Values.artifactory.persistence.maxCacheSize }} + {{ .Values.artifactory.persistence.cacheProviderDir }} + + + + + shard-fs-1 + local + + + + + 30 + tester-remote1 + 10000 + remote + + + + {{- end }} + {{- end }} + {{- if eq .Values.artifactory.persistence.type "google-storage" }} + + + + + + crossNetworkStrategy + crossNetworkStrategy + {{ .Values.artifactory.persistence.redundancy }} + 2 + + + + + + + + + + + + + + {{ .Values.artifactory.persistence.maxCacheSize }} + {{ .Values.artifactory.persistence.cacheProviderDir }} + + + + local + + + + 30 + 10000 + remote + + + + {{ .Values.artifactory.persistence.mountPath }}/data/filestore + /tmp + + + + google-cloud-storage + {{ .Values.artifactory.persistence.googleStorage.endpoint }} + {{ .Values.artifactory.persistence.googleStorage.httpsOnly }} + {{ .Values.artifactory.persistence.googleStorage.bucketName }} + {{ .Values.artifactory.persistence.googleStorage.identity }} + {{ .Values.artifactory.persistence.googleStorage.credential }} + {{ .Values.artifactory.persistence.googleStorage.path }} + {{ .Values.artifactory.persistence.googleStorage.bucketExists }} + + + {{- end }} + {{- if eq .Values.artifactory.persistence.type "aws-s3-v3" }} + + + + + + + + + + + + + + + + + crossNetworkStrategy + crossNetworkStrategy + {{ .Values.artifactory.persistence.redundancy }} + + + + + remote + + + + local + + + + + {{ .Values.artifactory.persistence.maxCacheSize }} + {{ .Values.artifactory.persistence.cacheProviderDir }} + + + {{- with .Values.artifactory.persistence.awsS3V3 }} + + {{ .testConnection }} + {{- if .identity }} + {{ .identity }} + {{- end }} + {{- if .credential }} + {{ .credential }} + {{- end }} + {{ .region }} + {{ .bucketName }} + {{ .path }} + {{ .endpoint }} + {{- with .maxConnections }} + {{ . }} + {{- end }} + {{- with .kmsServerSideEncryptionKeyId }} + {{ . }} + {{- end }} + {{- with .kmsKeyRegion }} + {{ . }} + {{- end }} + {{- with .kmsCryptoMode }} + {{ . }} + {{- end }} + {{- if .useInstanceCredentials }} + true + {{- else }} + false + {{- end }} + {{ .usePresigning }} + {{ .signatureExpirySeconds }} + {{- with .cloudFrontDomainName }} + {{ . }} + {{- end }} + {{- with .cloudFrontKeyPairId }} + {{ .cloudFrontKeyPairId }} + {{- end }} + {{- with .cloudFrontPrivateKey }} + {{ . }} + {{- end }} + {{- with .enableSignedUrlRedirect }} + {{ . }} + {{- end }} + {{- with .enablePathStyleAccess }} + {{ . }} + {{- end }} + + {{- end }} + + {{- end }} + + {{- if eq .Values.artifactory.persistence.type "aws-s3" }} + + + + + + + + + + + + + + + + + + {{ .Values.artifactory.persistence.maxCacheSize }} + {{ .Values.artifactory.persistence.cacheProviderDir }} + + + + local + + + + 30 + 10000 + remote + + + + crossNetworkStrategy + crossNetworkStrategy + {{ .Values.artifactory.persistence.redundancy }} + + + + + {{ .Values.artifactory.persistence.awsS3.endpoint }} + {{- if .Values.artifactory.persistence.awsS3.roleName }} + {{ .Values.artifactory.persistence.awsS3.roleName }} + true + {{- else }} + {{ .Values.artifactory.persistence.awsS3.refreshCredentials }} + {{- end }} + {{ .Values.artifactory.persistence.awsS3.s3AwsVersion }} + {{ .Values.artifactory.persistence.awsS3.testConnection }} + {{ .Values.artifactory.persistence.awsS3.httpsOnly }} + {{ .Values.artifactory.persistence.awsS3.region }} + {{ .Values.artifactory.persistence.awsS3.bucketName }} + {{- if .Values.artifactory.persistence.awsS3.identity }} + {{ .Values.artifactory.persistence.awsS3.identity }} + {{- end }} + {{- if .Values.artifactory.persistence.awsS3.credential }} + {{ .Values.artifactory.persistence.awsS3.credential }} + {{- end }} + {{ .Values.artifactory.persistence.awsS3.path }} + {{- range $key, $value := .Values.artifactory.persistence.awsS3.properties }} + + {{- end }} + + + {{- end }} + {{- if eq .Values.artifactory.persistence.type "azure-blob" }} + + + + + + + + + + + + + + + + + + {{ .Values.artifactory.persistence.maxCacheSize }} + {{ .Values.artifactory.persistence.cacheProviderDir }} + + + + + crossNetworkStrategy + crossNetworkStrategy + 2 + 1 + + + + + remote + + + + local + + + + + {{ .Values.artifactory.persistence.azureBlob.accountName }} + {{ .Values.artifactory.persistence.azureBlob.accountKey }} + {{ .Values.artifactory.persistence.azureBlob.endpoint }} + {{ .Values.artifactory.persistence.azureBlob.containerName }} + {{ .Values.artifactory.persistence.azureBlob.testConnection }} + + + {{- end }} + + ## For artifactory.persistence.type file-system + fileSystem: + ## You may also use existing shared claims for the data and backup storage. This allows storage (NAS for example) to be used for Data and Backup dirs which are safe to share across multiple artifactory nodes. + ## You may specify numberOfExistingClaims to indicate how many of these existing shared claims to mount. (Default = 1) + ## Create PVCs with ReadWriteMany that match the naming convetions: + ## {{ template "artifactory-ha.fullname" . }}-data-pvc- + ## {{ template "artifactory-ha.fullname" . }}-backup-pvc + ## Example (using numberOfExistingClaims: 2) + ## myexample-data-pvc-0 + ## myexample-data-pvc-1 + ## myexample-backup-pvc + ## Note: While you need two PVC fronting two PVs, multiple PVs can be attached to the same storage in many cases allowing you to share an underlying drive. + + ## Need to have the following set + existingSharedClaim: + enabled: false + numberOfExistingClaims: 1 + ## Should be a child directory of {{ .Values.artifactory.persistence.mountPath }} + dataDir: "{{ .Values.artifactory.persistence.mountPath }}/artifactory-data" + backupDir: "/var/opt/jfrog/artifactory-backup" + + + ## For artifactory.persistence.type nfs + ## If using NFS as the shared storage, you must have a running NFS server that is accessible by your Kubernetes + ## cluster nodes. + ## Need to have the following set + nfs: + # Must pass actual IP of NFS server with '--set For artifactory.persistence.nfs.ip=${NFS_IP}' + ip: + haDataMount: "/data" + haBackupMount: "/backup" + dataDir: "/var/opt/jfrog/artifactory-ha" + backupDir: "/var/opt/jfrog/artifactory-backup" + capacity: 200Gi + mountOptions: [] + ## For artifactory.persistence.type google-storage + googleStorage: + ## When using GCP buckets as your binary store (Available with enterprise license only) + gcpServiceAccount: + enabled: false + ## Use either an existing secret prepared in advance or put the config (replace the content) in the values + ## ref: https://github.com/jfrog/charts/blob/master/stable/artifactory-ha/README.md#google-storage + # customSecretName: + # config: | + # { + # "type": "service_account", + # "project_id": "", + # "private_key_id": "?????", + # "private_key": "-----BEGIN PRIVATE KEY-----\n????????==\n-----END PRIVATE KEY-----\n", + # "client_email": "???@j.iam.gserviceaccount.com", + # "client_id": "???????", + # "auth_uri": "https://accounts.google.com/o/oauth2/auth", + # "token_uri": "https://oauth2.googleapis.com/token", + # "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", + # "client_x509_cert_url": "https://www.googleapis.com/robot/v1....." + # } + endpoint: commondatastorage.googleapis.com + httpsOnly: false + # Set a unique bucket name + bucketName: "artifactory-ha-gcp" + identity: + credential: + path: "artifactory-ha/filestore" + bucketExists: false + + ## For artifactory.persistence.type aws-s3-v3 + awsS3V3: + testConnection: false + identity: + credential: + region: + bucketName: artifactory-aws + path: artifactory/filestore + endpoint: + maxConnections: 50 + kmsServerSideEncryptionKeyId: + kmsKeyRegion: + kmsCryptoMode: + useInstanceCredentials: true + usePresigning: false + signatureExpirySeconds: 300 + cloudFrontDomainName: + cloudFrontKeyPairId: + cloudFrontPrivateKey: + enableSignedUrlRedirect: false + enablePathStyleAccess: false + + ## For artifactory.persistence.type aws-s3 + ## IMPORTANT: Make sure S3 `endpoint` and `region` match! See https://docs.aws.amazon.com/general/latest/gr/rande.html + awsS3: + # Set a unique bucket name + bucketName: "artifactory-ha-aws" + endpoint: + region: + roleName: + identity: + credential: + path: "artifactory-ha/filestore" + refreshCredentials: true + httpsOnly: true + testConnection: false + s3AwsVersion: "AWS4-HMAC-SHA256" + + ## Additional properties to set on the s3 provider + properties: {} + # httpclient.max-connections: 100 + ## For artifactory.persistence.type azure-blob + azureBlob: + accountName: + accountKey: + endpoint: + containerName: + testConnection: false + service: + name: artifactory + type: ClusterIP + ## For supporting whitelist on the Artifactory service (useful if setting service.type=LoadBalancer) + ## Set this to a list of IP CIDR ranges + ## Example: loadBalancerSourceRanges: ['10.10.10.5/32', '10.11.10.5/32'] + ## or pass from helm command line + ## Example: helm install ... --set nginx.service.loadBalancerSourceRanges='{10.10.10.5/32,10.11.10.5/32}' + loadBalancerSourceRanges: [] + annotations: {} + ## Which nodes in the cluster should be in the external load balancer pool (have external traffic routed to them) + ## Supported pool values + ## members + ## all + pool: members + + ## The following Java options are passed to the java process running Artifactory. + ## This will be passed to all cluster members. Primary and member nodes. + javaOpts: {} + # other: "" + + ## The following setting are to configure a dedicated Ingress object for Replicator service + replicator: + enabled: false + ingress: + name: + hosts: [] + annotations: {} + # kubernetes.io/ingress.class: nginx + # nginx.ingress.kubernetes.io/proxy-buffering: "off" + # nginx.ingress.kubernetes.io/configuration-snippet: | + # chunked_transfer_encoding on; + tls: [] + # Secrets must be manually created in the namespace. + # - hosts: + # - artifactory.domain.example + # secretName: chart-example-tls-secret + ## When replicator is enabled and want to use tracker feature, trackerIngress.enabled flag should be set to true + ## Please refer - https://www.jfrog.com/confluence/display/JFROG/JFrog+Peer-to-Peer+%28P2P%29+Downloads + trackerIngress: + enabled: false + name: + hosts: [] + annotations: {} + # kubernetes.io/ingress.class: nginx + # nginx.ingress.kubernetes.io/proxy-buffering: "off" + # nginx.ingress.kubernetes.io/configuration-snippet: | + # chunked_transfer_encoding on; + tls: [] + # Secrets must be manually created in the namespace. + # - hosts: + # - artifactory.domain.example + # secretName: chart-example-tls-secret + + ssh: + enabled: false + internalPort: 1339 + externalPort: 1339 + + annotations: {} + + ## Type specific configurations. + ## There is a difference between the primary and the member nodes. + ## Customising their resources and java parameters is done here. + primary: + name: artifactory-ha-primary + # preStartCommand specific to the primary node, to be run after artifactory.preStartCommand + # preStartCommand: + labels: {} + persistence: + ## Set existingClaim to true or false + ## If true, you must prepare a PVC with the name e.g `volume-myrelease-artifactory-ha-primary-0` + existingClaim: false + + ## IMPORTANT: This value should remain at 1! + replicaCount: 1 + # minAvailable: 1 + + ## Resources for the primary node + resources: {} + # requests: + # memory: "1Gi" + # cpu: "500m" + # limits: + # memory: "2Gi" + # cpu: "1" + ## The following Java options are passed to the java process running Artifactory primary node. + ## You should set them according to the resources set above + javaOpts: + # xms: "1g" + # xmx: "2g" + corePoolSize: 16 + jmx: + enabled: false + port: 9010 + host: + ssl: false + # When authenticate is true, accessFile and passwordFile are required + authenticate: false + accessFile: + passwordFile: + # other: "" + nodeSelector: {} + + tolerations: [] + + affinity: {} + ## Only used if "affinity" is empty + podAntiAffinity: + ## Valid values are "soft" or "hard"; any other value indicates no anti-affinity + type: "" + topologyKey: "kubernetes.io/hostname" + + node: + name: artifactory-ha-member + # preStartCommand specific to the member node, to be run after artifactory.preStartCommand + # preStartCommand: + labels: {} + persistence: + ## Set existingClaim to true or false + ## If true, you must prepare a PVC with the name e.g `volume-myrelease-artifactory-ha-member-0` + existingClaim: false + replicaCount: 2 + minAvailable: 1 + ## Resources for the member nodes + resources: {} + # requests: + # memory: "1Gi" + # cpu: "500m" + # limits: + # memory: "2Gi" + # cpu: "1" + ## The following Java options are passed to the java process running Artifactory member nodes. + ## You should set them according to the resources set above + javaOpts: + # xms: "1g" + # xmx: "2g" + corePoolSize: 16 + jmx: + enabled: false + port: 9010 + host: + ssl: false + # When authenticate is true, accessFile and passwordFile are required + authenticate: false + accessFile: + passwordFile: + # other: "" + # xms: "1g" + # xmx: "2g" + # other: "" + nodeSelector: {} + + ## Wait for Artifactory primary + waitForPrimaryStartup: + enabled: true + + ## Setting time will override the built in test and will just wait the set time + time: + + tolerations: [] + + ## Complete specification of the "affinity" of the member nodes; if this is non-empty, + ## "podAntiAffinity" values are not used. + affinity: {} + + ## Only used if "affinity" is empty + podAntiAffinity: + ## Valid values are "soft" or "hard"; any other value indicates no anti-affinity + type: "" + topologyKey: "kubernetes.io/hostname" + +frontend: + ## Session settings + session: + ## Time in minutes after which the frontend token will need to be refreshed + timeoutMinutes: '30' + +access: + ## Enable TLS by changing the tls entry (under the security section) in the access.config.yaml file. + ## ref: https://www.jfrog.com/confluence/display/JFROG/Managing+TLS+Certificates#ManagingTLSCertificates + ## When security.tls is set to true, JFrog Access will act as the Certificate Authority (CA) and sign the TLS certificates used by all the different JFrog Platform nodes. + ## This ensures that the node to node communication is done over TLS. + accessConfig: + security: + tls: false + + ## You can use a pre-existing secret by specifying customCertificatesSecretName + ## Example : Create a tls secret using `kubectl create secret tls --cert=ca.crt --key=ca.private.key` + # customCertificatesSecretName: + + ## When resetAccessCAKeys is true, Access will regenerate the CA certificate and matching private key + # resetAccessCAKeys: false + database: + maxOpenConnections: 80 + tomcat: + connector: + maxThreads: 50 + extraConfig: 'acceptCount="100"' + +metadata: + database: + maxOpenConnections: 80 + +# Init containers +initContainers: + resources: {} +# requests: +# memory: "64Mi" +# cpu: "10m" +# limits: +# memory: "128Mi" +# cpu: "250m" + + +# Nginx +nginx: + enabled: true + kind: Deployment + name: nginx + labels: {} + replicaCount: 1 + minAvailable: 0 + uid: 104 + gid: 107 + # Note that by default we use appVersion to get image tag/version + image: + registry: docker.bintray.io + repository: jfrog/nginx-artifactory-pro + # tag: + pullPolicy: IfNotPresent + + # Priority Class name to be used in deployment if provided + priorityClassName: + + # Sidecar containers for tailing Nginx logs + loggers: [] + # - access.log + # - error.log + + # Loggers containers resources + loggersResources: {} + # requests: + # memory: "64Mi" + # cpu: "25m" + # limits: + # memory: "128Mi" + # cpu: "50m" + + # Logs options + logs: + stderr: false + level: warn + + mainConf: | + # Main Nginx configuration file + worker_processes 4; + + {{ if .Values.nginx.logs.stderr }} + error_log stderr {{ .Values.nginx.logs.level }}; + {{- else -}} + error_log {{ .Values.nginx.persistence.mountPath }}/logs/error.log {{ .Values.nginx.logs.level }}; + {{- end }} + pid /tmp/nginx.pid; + + {{- if .Values.artifactory.ssh.enabled }} + ## SSH Server Configuration + stream { + server { + listen {{ .Values.nginx.ssh.internalPort }}; + proxy_pass {{ include "artifactory-ha.fullname" . }}:{{ .Values.artifactory.ssh.externalPort }}; + } + } + {{- end }} + + events { + worker_connections 1024; + } + http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + variables_hash_max_size 1024; + variables_hash_bucket_size 64; + server_names_hash_max_size 4096; + server_names_hash_bucket_size 128; + types_hash_max_size 2048; + types_hash_bucket_size 64; + proxy_read_timeout 2400s; + client_header_timeout 2400s; + client_body_timeout 2400s; + proxy_connect_timeout 75s; + proxy_send_timeout 2400s; + proxy_buffer_size 128k; + proxy_buffers 40 128k; + proxy_busy_buffers_size 128k; + proxy_temp_file_write_size 250m; + proxy_http_version 1.1; + client_body_buffer_size 128k; + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + log_format timing 'ip = $remote_addr ' + 'user = \"$remote_user\" ' + 'local_time = \"$time_local\" ' + 'host = $host ' + 'request = \"$request\" ' + 'status = $status ' + 'bytes = $body_bytes_sent ' + 'upstream = \"$upstream_addr\" ' + 'upstream_time = $upstream_response_time ' + 'request_time = $request_time ' + 'referer = \"$http_referer\" ' + 'UA = \"$http_user_agent\"'; + access_log {{ .Values.nginx.persistence.mountPath }}/logs/access.log timing; + sendfile on; + #tcp_nopush on; + keepalive_timeout 65; + #gzip on; + include /etc/nginx/conf.d/*.conf; + } + + artifactoryConf: | + {{- if .Values.nginx.https.enabled }} + ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; + ssl_certificate {{ .Values.nginx.persistence.mountPath }}/ssl/tls.crt; + ssl_certificate_key {{ .Values.nginx.persistence.mountPath }}/ssl/tls.key; + ssl_session_cache shared:SSL:1m; + ssl_prefer_server_ciphers on; + {{- end }} + ## server configuration + server { + {{- if .Values.nginx.internalPortHttps }} + listen {{ .Values.nginx.internalPortHttps }} ssl; + {{- else -}} + {{- if .Values.nginx.https.enabled }} + listen {{ .Values.nginx.https.internalPort }} ssl; + {{- end }} + {{- end }} + {{- if .Values.nginx.internalPortHttp }} + listen {{ .Values.nginx.internalPortHttp }}; + {{- else -}} + {{- if .Values.nginx.http.enabled }} + listen {{ .Values.nginx.http.internalPort }}; + {{- end }} + {{- end }} + server_name ~(?.+)\.{{ include "artifactory-ha.fullname" . }} {{ include "artifactory-ha.fullname" . }} + {{- range .Values.ingress.hosts -}} + {{- if contains "." . -}} + {{ "" | indent 0 }} ~(?.+)\.{{ . }} + {{- end -}} + {{- end -}}; + if ($http_x_forwarded_proto = '') { + set $http_x_forwarded_proto $scheme; + } + ## Application specific logs + ## access_log /var/log/nginx/artifactory-access.log timing; + ## error_log /var/log/nginx/artifactory-error.log; + rewrite ^/artifactory/?$ / redirect; + if ( $repo != "" ) { + rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/$repo/$1/$2 break; + } + chunked_transfer_encoding on; + client_max_body_size 0; + + location / { + proxy_read_timeout 900; + proxy_pass_header Server; + proxy_cookie_path ~*^/.* /; + proxy_pass {{ include "artifactory-ha.scheme" . }}://{{ include "artifactory-ha.fullname" . }}:{{ .Values.artifactory.externalPort }}/; + {{- if .Values.nginx.service.ssloffload}} + proxy_set_header X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host; + {{- else }} + proxy_set_header X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host:$server_port; + proxy_set_header X-Forwarded-Port $server_port; + {{- end }} + proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + location /artifactory/ { + if ( $request_uri ~ ^/artifactory/(.*)$ ) { + proxy_pass {{ include "artifactory-ha.scheme" . }}://{{ include "artifactory-ha.fullname" . }}:{{ .Values.artifactory.externalArtifactoryPort }}/artifactory/$1; + } + proxy_pass {{ include "artifactory-ha.scheme" . }}://{{ include "artifactory-ha.fullname" . }}:{{ .Values.artifactory.externalArtifactoryPort }}/artifactory/; + } + } + } + + service: + ## For minikube, set this to NodePort, elsewhere use LoadBalancer + type: LoadBalancer + ssloffload: false + ## For supporting whitelist on the Nginx LoadBalancer service + ## Set this to a list of IP CIDR ranges + ## Example: loadBalancerSourceRanges: ['10.10.10.5/32', '10.11.10.5/32'] + ## or pass from helm command line + ## Example: helm install ... --set nginx.service.loadBalancerSourceRanges='{10.10.10.5/32,10.11.10.5/32}' + loadBalancerSourceRanges: [] + ## Provide static ip address + loadBalancerIP: + ## There are two available options: “Cluster” (default) and “Local”. + externalTrafficPolicy: Cluster + labels: {} + # label-key: label-value + http: + enabled: true + externalPort: 80 + internalPort: 80 + https: + enabled: true + externalPort: 443 + internalPort: 443 + # DEPRECATED: The following will be replaced by L1065-L1076 in a future release + # externalPortHttp: 80 + # internalPortHttp: 80 + # externalPortHttps: 443 + # internalPortHttps: 443 + + ssh: + internalPort: 1339 + externalPort: 1339 + + ## The following settings are to configure the frequency of the liveness and readiness probes + livenessProbe: + enabled: true + path: /router/api/v1/system/health + initialDelaySeconds: 180 + failureThreshold: 10 + timeoutSeconds: 10 + periodSeconds: 10 + successThreshold: 1 + + readinessProbe: + enabled: true + path: /router/api/v1/system/health + initialDelaySeconds: 120 + failureThreshold: 10 + timeoutSeconds: 10 + periodSeconds: 10 + successThreshold: 1 + ## The SSL secret that will be used by the Nginx pod + # tlsSecretName: chart-example-tls + ## Custom ConfigMap for nginx.conf + customConfigMap: + ## Custom ConfigMap for artifactory.conf + customArtifactoryConfigMap: + persistence: + mountPath: "/var/opt/jfrog/nginx" + enabled: false + ## A manually managed Persistent Volume and Claim + ## Requires persistence.enabled: true + ## If defined, PVC must be created manually before volume will be bound + # existingClaim: + + accessMode: ReadWriteOnce + size: 5Gi + ## nginx data Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClassName: "-" + resources: {} + # requests: + # memory: "250Mi" + # cpu: "100m" + # limits: + # memory: "250Mi" + # cpu: "500m" + + nodeSelector: {} + + tolerations: [] + + affinity: {} + +# Filebeat Sidecar container +## The provided filebeat configuration is for Artifactory logs. It assumes you have a logstash installed and configured properly. +filebeat: + enabled: false + name: artifactory-filebeat + image: + repository: "docker.elastic.co/beats/filebeat" + version: 7.9.2 + logstashUrl: "logstash:5044" + + terminationGracePeriod: 10 + + livenessProbe: + exec: + command: + - sh + - -c + - | + #!/usr/bin/env bash -e + curl --fail 127.0.0.1:5066 + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + + readinessProbe: + exec: + command: + - sh + - -c + - | + #!/usr/bin/env bash -e + filebeat test output + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + + resources: {} +# requests: +# memory: "100Mi" +# cpu: "100m" +# limits: +# memory: "100Mi" +# cpu: "100m" + + filebeatYml: | + logging.level: info + path.data: {{ .Values.artifactory.persistence.mountPath }}/log/filebeat + name: artifactory-filebeat + queue.spool: ~ + filebeat.inputs: + - type: log + enabled: true + close_eof: ${CLOSE:false} + paths: + - {{ .Values.artifactory.persistence.mountPath }}/log/*.log + fields: + service: "jfrt" + log_type: "artifactory" + output: + logstash: + hosts: ["{{ .Values.filebeat.logstashUrl }}"] + +## Allows to add additional kubernetes resources +## Use --- as a separator between multiple resources +## For an example, refer - https://github.com/jfrog/log-analytics-prometheus/blob/master/artifactory-ha-values.yaml +additionalResources: | diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/CHANGELOG.md b/charts/artifactory-jcr/artifactory-jcr/2.5.100/CHANGELOG.md new file mode 100644 index 000000000..3a5fb161c --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/CHANGELOG.md @@ -0,0 +1,120 @@ +# JFrog Container Registry Chart Changelog +All changes to this chart will be documented in this file. + +## [2.5.1] - Jul 29, 2020 +* Update dependency Artifactory chart version to 10.0.12 (Artifactory 7.6.3) + +## [2.5.0] - Jul 10, 2020 +* Update dependency Artifactory chart version to 10.0.3 (Artifactory 7.6.2) +* **IMPORTANT** +* Added ChartCenter Helm repository in README + +## [2.4.0] - Jun 30, 2020 +* Update dependency Artifactory chart version to 9.6.0 (Artifactory 7.6.1) + +## [2.3.1] - Jun 12, 2020 +* Update dependency Artifactory chart version to 9.5.2 (Artifactory 7.5.7) + +## [2.3.0] - Jun 1, 2020 +* Update dependency Artifactory chart version to 9.5.0 (Artifactory 7.5.5) + +## [2.2.5] - May 27, 2020 +* Update dependency Artifactory chart version to 9.4.9 (Artifactory 7.4.3) + +## [2.2.4] - May 20, 2020 +* Update dependency Artifactory chart version to 9.4.6 (Artifactory 7.4.3) + +## [2.2.3] - May 07, 2020 +* Update dependency Artifactory chart version to 9.4.5 (Artifactory 7.4.3) +* Add `installerInfo` string format + +## [2.2.2] - Apr 28, 2020 +* Update dependency Artifactory chart version to 9.4.4 (Artifactory 7.4.3) + +## [2.2.1] - Apr 27, 2020 +* Update dependency Artifactory chart version to 9.4.3 (Artifactory 7.4.1) + +## [2.2.0] - Apr 14, 2020 +* Update dependency Artifactory chart version to 9.4.0 (Artifactory 7.4.1) + +## [2.2.0] - Apr 14, 2020 +* Update dependency Artifactory chart version to 9.4.0 (Artifactory 7.4.1) + +## [2.1.6] - Apr 13, 2020 +* Update dependency Artifactory chart version to 9.3.1 (Artifactory 7.3.2) + +## [2.1.5] - Apr 8, 2020 +* Update dependency Artifactory chart version to 9.2.8 (Artifactory 7.3.2) + +## [2.1.4] - Mar 30, 2020 +* Update dependency Artifactory chart version to 9.2.3 (Artifactory 7.3.2) + +## [2.1.3] - Mar 30, 2020 +* Update dependency Artifactory chart version to 9.2.1 (Artifactory 7.3.2) + +## [2.1.2] - Mar 26, 2020 +* Update dependency Artifactory chart version to 9.1.5 (Artifactory 7.3.2) + +## [2.1.1] - Mar 25, 2020 +* Update dependency Artifactory chart version to 9.1.4 (Artifactory 7.3.2) + +## [2.1.0] - Mar 23, 2020 +* Update dependency Artifactory chart version to 9.1.3 (Artifactory 7.3.2) + +## [2.0.13] - Mar 19, 2020 +* Update dependency Artifactory chart version to 9.0.28 (Artifactory 7.2.1) + +## [2.0.12] - Mar 17, 2020 +* Update dependency Artifactory chart version to 9.0.26 (Artifactory 7.2.1) + +## [2.0.11] - Mar 11, 2020 +* Unified charts public release + +## [2.0.10] - Mar 8, 2020 +* Update dependency Artifactory chart version to 9.0.20 (Artifactory 7.2.1) + +## [2.0.9] - Feb 26, 2020 +* Update dependency Artifactory chart version to 9.0.15 (Artifactory 7.2.1) + +## [2.0.0] - Feb 12, 2020 +* Update dependency Artifactory chart version to 9.0.0 (Artifactory 7.0.0) + +## [1.1.0] - Jan 19, 2020 +* Update dependency Artifactory chart version to 8.4.1 (Artifactory 6.17.0) + +## [1.1.1] - Feb 3, 2020 +* Update dependency Artifactory chart version to 8.4.4 + +## [1.1.0] - Jan 19, 2020 +* Update dependency Artifactory chart version to 8.4.1 (Artifactory 6.17.0) + +## [1.0.1] - Dec 31, 2019 +* Update dependency Artifactory chart version to 8.3.5 + +## [1.0.0] - Dec 23, 2019 +* Update dependency Artifactory chart version to 8.3.3 + +## [0.2.1] - Dec 12, 2019 +* Update dependency Artifactory chart version to 8.3.1 + +## [0.2.0] - Dec 1, 2019 +* Updated Artifactory version to 6.16.0 + +## [0.1.5] - Nov 28, 2019 +* Update dependency Artifactory chart version to 8.2.6 + +## [0.1.4] - Nov 20, 2019 +* Update Readme + +## [0.1.3] - Nov 20, 2019 +* Fix JCR logo url +* Update dependency to Artifactory 8.2.2 chart + +## [0.1.2] - Nov 20, 2019 +* Update JCR logo + +## [0.1.1] - Nov 20, 2019 +* Add `appVersion` to Chart.yaml + +## [0.1.0] - Nov 20, 2019 +* Initial release of the JFrog Container Registry helm chart diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/Chart.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/Chart.yaml new file mode 100644 index 000000000..96aed4e8b --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/Chart.yaml @@ -0,0 +1,32 @@ +annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/release-name: artifactory-jcr +apiVersion: v1 +appVersion: 7.6.3 +description: JFrog Container Registry +home: https://jfrog.com/container-registry/ +icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory-jcr/logo/jcr-logo.png +keywords: +- artifactory +- jfrog +- container +- registry +- devops +- jfrog-container-registry +maintainers: +- email: amithk@jfrog.com + name: amithins +- email: daniele@jfrog.com + name: danielezer +- email: eldada@jfrog.com + name: eldada +- email: ramc@jfrog.com + name: chukka +- email: rimasm@jfrog.com + name: rimusz +- email: vinaya@jfrog.com + name: vinaya +name: artifactory-jcr +sources: +- https://github.com/jfrog/charts +version: 2.5.100 diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/LICENSE b/charts/artifactory-jcr/artifactory-jcr/2.5.100/LICENSE new file mode 100644 index 000000000..8dada3eda --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/OWNERS b/charts/artifactory-jcr/artifactory-jcr/2.5.100/OWNERS new file mode 100644 index 000000000..94561416c --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/OWNERS @@ -0,0 +1,14 @@ +approvers: +- eldada +- rimusz +- danielezer +- vinaya +- amithins +- chukka +reviewers: +- eldada +- rimusz +- danielezer +- vinaya +- amithins +- chukka diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/README.md b/charts/artifactory-jcr/artifactory-jcr/2.5.100/README.md new file mode 100644 index 000000000..f043782da --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/README.md @@ -0,0 +1,133 @@ +# JFrog Container Registry Helm Chart + +JFrog Container Registry is a free Artifactory edition with Docker and Helm repositories support. + +## Prerequisites Details + +* Kubernetes 1.12+ + +## Chart Details +This chart will do the following: + +* Deploy JFrog Container Registry +* Deploy an optional Nginx server +* Deploy an optional PostgreSQL Database +* Optionally expose Artifactory with Ingress [Ingress documentation](https://kubernetes.io/docs/concepts/services-networking/ingress/) + +## Installing the Chart + +### Add ChartCenter Helm repository + +Before installing JFrog helm charts, you need to add the [ChartCenter helm repository](https://chartcenter.io) to your helm client. + +```bash +helm repo add center https://repo.chartcenter.io +helm repo update +``` + +### Install Chart +To install the chart with the release name `jfrog-container-registry`: +```bash +helm upgrade --install jfrog-container-registry --set postgresql.postgresqlPassword= --namespace artifactory-jcr center/jfrog/artifactory-jcr +``` + +### Accessing JFrog Container Registry +**NOTE:** If using artifactory or nginx service type `LoadBalancer`, it might take a few minutes for JFrog Container Registry's public IP to become available. + +### Updating JFrog Container Registry +Once you have a new chart version, you can upgrade your deployment with +```bash +helm upgrade jfrog-container-registry center/jfrog/artifactory-jcr +``` + +### Deleting JFrog Container Registry + +On helm v2: +```bash +helm delete --purge jfrog-container-registry +``` + +On helm v3: +```bash +helm delete jfrog-container-registry --namespace artifactory-jcr +``` + +This will delete your JFrog Container Registry deployment.
+**NOTE:** You might have left behind persistent volumes. You should explicitly delete them with +```bash +kubectl delete pvc ... +kubectl delete pv ... +``` + +## Database +The JFrog Container Registry chart comes with PostgreSQL deployed by default.
+For details on the PostgreSQL configuration or customising the database, Look at the options described in the [Artifactory helm chart](https://github.com/jfrog/charts/tree/master/stable/artifactory). + +## Configuration +The following table lists the **basic** configurable parameters of the JFrog Container Registry chart and their default values. + +**NOTE:** All supported parameters are documented in the main [artifactory helm chart](https://github.com/jfrog/charts/tree/master/stable/artifactory). + +| Parameter | Description | Default | +|------------------------------------------------|-----------------------------------|---------------------------------------------------| +| `artifactory.artifactory.image.repository` | Container image | `docker.bintray.io/jfrog/artifactory-jcr` | +| `artifactory.artifactory.image.version` | Container tag | `.Chart.AppVersion` | +| `artifactory.artifactory.resources` | Artifactory container resources | `{}` | +| `artifactory.artifactory.javaOpts` | Artifactory Java options | `{}` | +| `artifactory.nginx.enabled` | Deploy nginx server | `true` | +| `artifactory.nginx.service.type` | Nginx service type | `LoadBalancer` | +| `artifactory.nginx.tlsSecretName` | TLS secret for Nginx pod | `` | +| `artifactory.ingress.enabled` | Enable Ingress (should come with `artifactory.nginx.enabled=false`) | `false` | +| `artifactory.ingress.tls` | Ingress TLS configuration (YAML) | `[]` | +| `artifactory.postgresql.enabled` | Use the Artifactory PostgreSQL sub chart | `true` | +| `artifactory.database` | Custom database configuration (if not using bundled PostgreSQL sub-chart) | | +| `postgresql.enabled` | Enable the Artifactory PostgreSQL sub chart | `true` | + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. + +### Ingress and TLS +To get Helm to create an ingress object with a hostname, add these two lines to your Helm command: +```bash +helm upgrade --install jfrog-container-registry \ + --set artifactory.nginx.enabled=false \ + --set artifactory.ingress.enabled=true \ + --set artifactory.ingress.hosts[0]="artifactory.company.com" \ + --set artifactory.artifactory.service.type=NodePort \ + --namespace artifactory-jcr center/jfrog/artifactory-jcr +``` + +To manually configure TLS, first create/retrieve a key & certificate pair for the address(es) you wish to protect. Then create a TLS secret in the namespace: + +```bash +kubectl create secret tls artifactory-tls --cert=path/to/tls.cert --key=path/to/tls.key +``` + +Include the secret's name, along with the desired hostnames, in the Artifactory Ingress TLS section of your custom `values.yaml` file: + +```yaml +artifactory: + artifactory: + ingress: + ## If true, Artifactory Ingress will be created + ## + enabled: true + + ## Artifactory Ingress hostnames + ## Must be provided if Ingress is enabled + ## + hosts: + - jfrog-container-registry.domain.com + annotations: + kubernetes.io/tls-acme: "true" + ## Artifactory Ingress TLS configuration + ## Secrets must be manually created in the namespace + ## + tls: + - secretName: artifactory-tls + hosts: + - jfrog-container-registry.domain.com +``` + +## Useful links +https://www.jfrog.com +https://www.jfrog.com/confluence/ diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/app-readme.md b/charts/artifactory-jcr/artifactory-jcr/2.5.100/app-readme.md new file mode 100644 index 000000000..9d9b7d85f --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/app-readme.md @@ -0,0 +1,18 @@ +# JFrog Container Registry Helm Chart + +Universal Repository Manager supporting all major packaging formats, build tools and CI servers. + +## Chart Details +This chart will do the following: + +* Deploy JFrog Container Registry +* Deploy an optional Nginx server +* Optionally expose Artifactory with Ingress [Ingress documentation](https://kubernetes.io/docs/concepts/services-networking/ingress/) + + +## Useful links +Blog: [Herd Trust Into Your Rancher Labs Multi-Cloud Strategy with Artifactory](https://jfrog.com/blog/herd-trust-into-your-rancher-labs-multi-cloud-strategy-with-artifactory/) + +## Activate Your Artifactory Instance +Don't have a license? Please send an email to [rancher-jfrog-licenses@jfrog.com](mailto:rancher-jfrog-licenses@jfrog.com) to get it. + diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/.helmignore b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/.helmignore new file mode 100644 index 000000000..c7eb1e274 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +OWNERS \ No newline at end of file diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/CHANGELOG.md b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/CHANGELOG.md new file mode 100644 index 000000000..ae2651280 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/CHANGELOG.md @@ -0,0 +1,755 @@ +# JFrog Artifactory Chart Changelog +All changes to this chart will be documented in this file. + +## [10.0.12] - Jul 28, 2020 +* Document Artifactory node affinity. + +## [10.0.11] - Jul 28, 2020 +* Added maxConnections for persistent storage type aws-s3-v3. + +## [10.0.10] - Jul 28, 2020 +* Bugfix / support for userPluginSecrets with Artifactory 7 + +## [10.0.9] - Jul 27, 2020 +* Add tpl to external database secrets +* Modified `scheme` to `artifactory.scheme` + +## [10.0.8] - Jul 23, 2020 +* Added condition to disable the migration init container. + +## [10.0.7] - Jul 21, 2020 +* Updated Artifactory Chart to add node and primary labels to pods and service objects. + +## [10.0.6] - Jul 20, 2020 +* Support custom CA and certificates + +## [10.0.5] - Jul 13, 2020 +* Updated Artifactory version to 7.6.3 - https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.6.3 +* Fixed Mysql database jar path in `preStartCommand` in README + +## [10.0.4] - Jul 10, 2020 +* Move some postgresql values to where they should be according to the subchart + +## [10.0.3] - Jul 8, 2020 +* Set Artifactory access client connections to the same value as the access threads + +## [10.0.2] - Jul 6, 2020 +* Updated Artifactory version to 7.6.2 +* **IMPORTANT** +* Added ChartCenter Helm repository in README + +## [10.0.1] - Jul 01, 2020 +* Add dedicated ingress object for Replicator service when enabled + +## [10.0.0] - Jun 30, 2020 +* Update postgresql tag version to `10.13.0-debian-10-r38` +* Update alpine tag version to `3.12` +* Update busybox tag version to `1.31.1` +* **IMPORTANT** +* If this is a new deployment or you already use an external database (`postgresql.enabled=false`), these changes **do not affect you**! +* If this is an upgrade and you are using the default PostgreSQL (`postgresql.enabled=true`), you need to pass postgresql.image.tag=9.6.18-debian-10-r7 and databaseUpgradeReady=true + +## [9.6.0] - Jun 29, 2020 +* Updated Artifactory version to 7.6.1 - https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.6.1 +* Add tpl for external database secrets + +## [9.5.5] - Jun 25, 2020 +* Stop loading the Nginx stream module because it is now a core module + +## [9.5.4] - Jun 25, 2020 +* Notes.txt update - add --namespace parameter + +## [9.5.3] - Jun 11, 2020 +* Support list of custom secrets + +## [9.5.2] - Jun 12, 2020 +* Updated Artifactory version to 7.5.7 - https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.5.7 + +## [9.5.1] - Jun 8, 2020 +* Readme update - configuring Artifactory with oracledb + +## [9.5.0] - Jun 1, 2020 +* Updated Artifactory version to 7.5.5 - https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.5 +* Fixes bootstrap configMap permission issue +* Update postgresql tag version to `9.6.18-debian-10-r7` + +## [9.4.9] - May 27, 2020 +* Added Tomcat maxThreads & acceptCount + +## [9.4.8] - May 25, 2020 +* Fixed postgresql README `image` Parameters + +## [9.4.7] - May 24, 2020 +* Fixed typo in README regarding migration timeout + +## [9.4.6] - May 19, 2020 +* Added metadata maxOpenConnections + +## [9.4.5] - May 07, 2020 +* Fix `installerInfo` string format + +## [9.4.4] - Apr 27, 2020 +* Updated Artifactory version to 7.4.3 + +## [9.4.3] - Apr 26, 2020 +* Change order of the customInitContainers to run before the "migration-artifactory" initContainer. + +## [9.4.2] - Apr 24, 2020 +* Fix `artifactory.persistence.awsS3V3.useInstanceCredentials` incorrect conditional logic +* Bump postgresql tag version to `9.6.17-debian-10-r72` in values.yaml + +## [9.4.1] - Apr 16, 2020 +* Custom volumes in migration init container. + +## [9.4.0] - Apr 14, 2020 +* Updated Artifactory version to 7.4.1 + +## [9.3.1] - April 13, 2020 +* Update README with helm v3 commands + +## [9.3.0] - April 10, 2020 +* Use dependency charts from `https://charts.bitnami.com/bitnami` +* Bump postgresql chart version to `8.7.3` in requirements.yaml +* Bump postgresql tag version to `9.6.17-debian-10-r21` in values.yaml + +## [9.2.9] - Apr 8, 2020 +* Added recommended ingress annotation to avoid 413 errors + +## [9.2.8] - Apr 8, 2020 +* Moved migration scripts under `files` directory +* Support preStartCommand in migration Init container as `artifactory.migration.preStartCommand` + +## [9.2.7] - Apr 6, 2020 +* Fix cache size (should be 5gb instead of 50gb since volume claim is only 20gb). + +## [9.2.6] - Apr 1, 2020 +* Support masterKey and joinKey as secrets + +## [9.2.5] - Apr 1, 2020 +* Fix readme use to `-hex 32` instead of `-hex 16` + +## [9.2.4] - Mar 31, 2020 +* Change the way the artifactory `command:` is set so it will properly pass a SIGTERM to java + +## [9.2.3] - Mar 29, 2020 +* Add Nginx log options: stderr as logfile and log level + +## [9.2.2] - Mar 30, 2020 +* Use the same defaulting mechanism used for the artifactory version used elsewhere in the chart + +## [9.2.1] - Mar 29, 2020 +* Fix loggers sidecars configurations to support new file system layout and new log names + +## [9.2.0] - Mar 29, 2020 +* Fix broken admin user bootstrap configuration +* **Breaking change:** renamed `artifactory.accessAdmin` to `artifactory.admin` + +## [9.1.5] - Mar 26, 2020 +* Fix volumeClaimTemplate issue + +## [9.1.4] - Mar 25, 2020 +* Fix volume name used by filebeat container + +## [9.1.3] - Mar 24, 2020 +* Use `postgresqlExtendedConf` for setting custom PostgreSQL configuration (instead of `postgresqlConfiguration`) + +## [9.1.2] - Mar 22, 2020 +* Support for SSL offload in Nginx service(LoadBalancer) layer. Introduced `nginx.service.ssloffload` field with boolean type. + +## [9.1.1] - Mar 23, 2020 +* Moved installer info to values.yaml so it is fully customizable + +## [9.1.0] - Mar 23, 2020 +* Updated Artifactory version to 7.3.2 + +## [9.0.29] - Mar 20, 2020 +* Add support for masterKey trim during 6.x to 7.x migration if 6.x masterKey is 32 hex (64 characters) + +## [9.0.28] - Mar 18, 2020 +* Increased Nginx proxy_buffers size + +## [9.0.27] - Mar 17, 2020 +* Changed all single quotes to double quotes in values files +* useInstanceCredentials variable was declared in S3 settings but not used in chart. Now it is being used. + +## [9.0.26] - Mar 17, 2020 +* Fix rendering of Service Account annotations + +## [9.0.25] - Mar 16, 2020 +* Update Artifactory readme with extra ingress annotations needed for Artifactory to be set as SSO provider + +## [9.0.24] - Mar 16, 2020 +* Add Unsupported message from 6.18 to 7.2.x (migration) + +## [9.0.23] - Mar 12, 2020 +* Fix README.md rendering issue + +## [9.0.22] - Mar 11, 2020 +* Upgrade Docs update + +## [9.0.21] - Mar 11, 2020 +* Unified charts public release + +## [9.0.20] - Mar 6, 2020 +* Fix path to `/artifactory_bootstrap` +* Add support for controlling the name of the ingress and allow to set more than one cname + +## [9.0.19] - Mar 4, 2020 +* Add support for disabling `consoleLog` in `system.yaml` file + +## [9.0.18] - Feb 28, 2020 +* Add support to process `valueFrom` for extraEnvironmentVariables + +## [9.0.17] - Feb 26, 2020 +* Fix join key secret naming + +## [9.0.16] - Feb 26, 2020 +* Store join key to secret + +## [9.0.15] - Feb 26, 2020 +* Updated Artifactory version to 7.2.1 + +## [9.0.10] - Feb 07, 2020 +* Remove protection flag `databaseUpgradeReady` which was added to check internal postgres upgrade + +## [9.0.0] - Feb 07, 2020 +* Updated Artifactory version to 7.0.0 + +## [8.4.8] - Feb 13, 2020 +* Add support for SSH authentication to Artifactory + +## [8.4.7] - Feb 11, 2020 +* Change Artifactory service port name to be hard-coded to `http` instead of using `{{ .Release.Name }}` + +## [8.4.6] - Feb 9, 2020 +* Add support for `tpl` in the `postStartCommand` + +## [8.4.5] - Feb 4, 2020 +* Support customisable Nginx kind + +## [8.4.4] - Feb 2, 2020 +* Add a comment stating that it is recommended to use an external PostgreSQL with a static password for production installations + +## [8.4.3] - Jan 30, 2020 +* Add the option to configure resources for the logger containers + +## [8.4.2] - Jan 26, 2020 +* Improve `database.user` and `database.password` logic in order to support more use cases and make the configuration less repetitive + +## [8.4.1] - Jan 19, 2020 +* Fix replicator port config in nginx replicator configmap + +## [8.4.0] - Jan 19, 2020 +* Updated Artifactory version to 6.17.0 + +## [8.3.6] - Jan 16, 2020 +* Added example for external nginx-ingress + +## [8.3.5] - Dec 30, 2019 +* Fix for nginx probes failing when launched with http disabled + +## [8.3.4] - Dec 24, 2019 +* Better support for custom `artifactory.internalPort` + +## [8.3.3] - Dec 23, 2019 +* Mark empty map values with `{}` + +## [8.3.2] - Dec 16, 2019 +* Fix for toggling nginx service ports + +## [8.3.1] - Dec 12, 2019 +* Add support for toggling nginx service ports + +## [8.3.0] - Dec 1, 2019 +* Updated Artifactory version to 6.16.0 + +## [8.2.6] - Nov 28, 2019 +* Add support for using existing PriorityClass + +## [8.2.5] - Nov 27, 2019 +* Add support for PriorityClass + +## [8.2.4] - Nov 21, 2019 +* Add an option to use a file system cache-fs with the file-system binarystore template + +## [8.2.3] - Nov 20, 2019 +* Update Artifactory Readme + +## [8.2.2] - Nov 20, 2019 +* Update Artfactory logo + +## [8.2.1] - Nov 18, 2019 +* Add the option to provide service account annotations (in order to support stuff like https://docs.aws.amazon.com/eks/latest/userguide/specify-service-account-role.html) + +## [8.2.0] - Nov 18, 2019 +* Updated Artifactory version to 6.15.0 + +## [8.1.11] - Nov 17, 2019 +* Do not provide a default master key. Allow it to be auto generated by Artifactory on first startup + +## [8.1.10] - Nov 17, 2019 +* Fix creation of double slash in nginx artifactory configuration + +## [8.1.9] - Nov 14, 2019 +* Set explicit `postgresql.postgresqlPassword=""` to avoid helm v3 error + +## [8.1.8] - Nov 12, 2019 +* Updated Artifactory version to 6.14.1 + +## [8.1.7] - Nov 9, 2019 +* Additional documentation for masterKey + +## [8.1.6] - Nov 10, 2019 +* Update PostgreSQL chart version to 7.0.1 +* Use formal PostgreSQL configuration format + +## [8.1.5] - Nov 8, 2019 +* Add support `artifactory.service.loadBalancerSourceRanges` for whitelisting when setting `artifactory.service.type=LoadBalancer` + +## [8.1.4] - Nov 6, 2019 +* Add support for any type of environment variable by using `extraEnvironmentVariables` as-is + +## [8.1.3] - Nov 6, 2019 +* Add nodeselector support for Postgresql + +## [8.1.2] - Nov 5, 2019 +* Add support for the aws-s3-v3 filestore, which adds support for pod IAM roles + +## [8.1.1] - Nov 4, 2019 +* When using `copyOnEveryStartup`, make sure that the target base directories are created before copying the files + +## [8.1.0] - Nov 3, 2019 +* Updated Artifactory version to 6.14.0 + +## [8.0.1] - Nov 3, 2019 +* Make sure the artifactory pod exits when one of the pre-start stages fail + +## [8.0.0] - Oct 27, 2019 +**IMPORTANT - BREAKING CHANGES!**
+**DOWNTIME MIGHT BE REQUIRED FOR AN UPGRADE!** +* If this is a new deployment or you already use an external database (`postgresql.enabled=false`), these changes **do not affect you**! +* If this is an upgrade and you are using the default PostgreSQL (`postgresql.enabled=true`), must use the upgrade instructions in [UPGRADE_NOTES.md](UPGRADE_NOTES.md)! +* PostgreSQL sub chart was upgraded to version `6.5.x`. This version is **not backward compatible** with the old version (`0.9.5`)! +* Note the following **PostgreSQL** Helm chart changes + * The chart configuration has changed! See [values.yaml](values.yaml) for the new keys used + * **PostgreSQL** is deployed as a StatefulSet + * See [PostgreSQL helm chart](https://hub.helm.sh/charts/stable/postgresql) for all available configurations + +## [7.18.3] - Oct 24, 2019 +* Change the preStartCommand to support templating + +## [7.18.2] - Oct 21, 2019 +* Add support for setting `artifactory.labels` +* Add support for setting `nginx.labels` + +## [7.18.1] - Oct 10, 2019 +* Updated Artifactory version to 6.13.1 + +## [7.18.0] - Oct 7, 2019 +* Updated Artifactory version to 6.13.0 + +## [7.17.5] - Sep 24, 2019 +* Option to skip wait-for-db init container with '--set waitForDatabase=false' + +## [7.17.4] - Sep 11, 2019 +* Updated Artifactory version to 6.12.2 + +## [7.17.3] - Sep 9, 2019 +* Updated Artifactory version to 6.12.1 + +## [7.17.2] - Aug 22, 2019 +* Fix the nginx server_name directive used with ingress.hosts + +## [7.17.1] - Aug 21, 2019 +* Enable the Artifactory container's liveness and readiness probes + +## [7.17.0] - Aug 21, 2019 +* Updated Artifactory version to 6.12.0 + +## [7.16.11] - Aug 14, 2019 +* Updated Artifactory version to 6.11.6 + +## [7.16.10] - Aug 11, 2019 +* Fix Ingress routing and add an example + +## [7.16.9] - Aug 5, 2019 +* Do not mount `access/etc/bootstrap.creds` unless user specifies a custom password or secret (Access already generates a random password if not provided one) +* If custom `bootstrap.creds` is provided (using keys or custom secret), prepare it with an init container so the temp file does not persist + +## [7.16.8] - Aug 4, 2019 +* Improve binarystore config + 1. Convert to a secret + 2. Move config to values.yaml + 3. Support an external secret + +## [7.16.7] - Jul 29, 2019 +* Don't create the nginx configmaps when nginx.enabled is false + +## [7.16.6] - Jul 24, 2019 +* Simplify nginx setup and shorten initial wait for probes + +## [7.16.5] - Jul 22, 2019 +* Change Ingress API to be compatible with recent kubernetes versions + +## [7.16.4] - Jul 22, 2019 +* Updated Artifactory version to 6.11.3 + +## [7.16.3] - Jul 11, 2019 +* Add ingress.hosts to the Nginx server_name directive when ingress is enabled to help with Docker repository sub domain configuration + +## [7.16.2] - Jul 3, 2019 +* Fix values key in reverse proxy example + +## [7.16.1] - Jul 1, 2019 +* Updated Artifactory version to 6.11.1 + +## [7.16.0] - Jun 27, 2019 +* Update Artifactory version to 6.11 and add restart to Artifactory when bootstrap.creds file has been modified + +## [7.15.8] - Jun 27, 2019 +* Add the option for changing nginx config using values.yaml and remove outdated reverse proxy documentation + +## [7.15.6] - Jun 24, 2019 +* Update chart maintainers + +## [7.15.5] - Jun 24, 2019 +* Change Nginx to point to the artifactory externalPort + +## [7.15.4] - Jun 23, 2019 +* Add the option to provide an IP for the access-admin endpoints + +## [7.15.3] - Jun 23, 2019 +* Add values files for small, medium and large installations + +## [7.15.2] - Jun 20, 2019 +* Add missing terminationGracePeriodSeconds to values.yaml + +## [7.15.1] - Jun 19, 2019 +* Updated Artifactory version to 6.10.4 + +## [7.15.0] - Jun 17, 2019 +* Use configmaps for nginx configuration and remove nginx postStart command + +## [7.14.8] - Jun 18, 2019 +* Add the option to provide additional ingress rules + +## [7.14.7] - Jun 14, 2019 +* Updated readme with improved external database setup example + +## [7.14.6] - Jun 11, 2019 +* Updated Artifactory version to 6.10.3 +* Updated installer-info template + +## [7.14.5] - Jun 6, 2019 +* Updated Google Cloud Storage API URL and https settings + +## [7.14.4] - Jun 5, 2019 +* Delete the db.properties file on Artifactory startup + +## [7.14.3] - Jun 3, 2019 +* Updated Artifactory version to 6.10.2 + +## [7.14.2] - May 21, 2019 +* Updated Artifactory version to 6.10.1 + +## [7.14.1] - May 19, 2019 +* Fix missing logger image tag + +## [7.14.0] - May 7, 2019 +* Updated Artifactory version to 6.10.0 + +## [7.13.21] - May 5, 2019 +* Add support for setting `artifactory.async.corePoolSize` + +## [7.13.20] - May 2, 2019 +* Remove unused property `artifactory.releasebundle.feature.enabled` + +## [7.13.19] - May 1, 2019 +* Fix indentation issue with the replicator system property + +## [7.13.18] - Apr 30, 2019 +* Add support for JMX monitoring + +## [7.13.17] - Apr 25, 2019 +* Added support for `cacheProviderDir` + +## [7.13.16] - Apr 18, 2019 +* Changing API StatefulSet version to `v1` and permission fix for custom `artifactory.conf` for Nginx + +## [7.13.15] - Apr 16, 2019 +* Updated documentation for Reverse Proxy Configuration + +## [7.13.14] - Apr 15, 2019 +* Added support for `customVolumeMounts` + +## [7.13.13] - Aprl 12, 2019 +* Added support for `bucketExists` flag for googleStorage + +## [7.13.12] - Apr 11, 2019 +* Replace `curl` examples with `wget` due to the new base image + +## [7.13.11] - Aprl 07, 2019 +* Add support for providing the Artifactory license as a parameter + +## [7.13.10] - Apr 10, 2019 +* Updated Artifactory version to 6.9.1 + +## [7.13.9] - Aprl 04, 2019 +* Add support for templated extraEnvironmentVariables + +## [7.13.8] - Aprl 07, 2019 +* Change network policy API group + +## [7.13.7] - Aprl 04, 2019 +* Bugfix for userPluginSecrets + +## [7.13.6] - Apr 4, 2019 +* Add information about upgrading Artifactory with auto-generated postgres password + +## [7.13.5] - Aprl 03, 2019 +* Added installer info + +## [7.13.4] - Aprl 03, 2019 +* Allow secret names for user plugins to contain template language + +## [7.13.3] - Apr 02, 2019 +* Allow NetworkPolicy configurations (defaults to allow all) + +## [7.13.2] - Aprl 01, 2019 +* Add support for user plugin secret + +## [7.13.1] - Mar 27, 2019 +* Add the option to copy a list of files to ARTIFACTORY_HOME on startup + +## [7.13.0] - Mar 26, 2019 +* Updated Artifactory version to 6.9.0 + +## [7.12.18] - Mar 25, 2019 +* Add CI tests for persistence, ingress support and nginx + +## [7.12.17] - Mar 22, 2019 +* Add the option to change the default access-admin password + +## [7.12.16] - Mar 22, 2019 +* Added support for `.Probe.path` to customise the paths used for health probes + +## [7.12.15] - Mar 21, 2019 +* Added support for `artifactory.customSidecarContainers` to create custom sidecar containers +* Added support for `artifactory.customVolumes` to create custom volumes + +## [7.12.14] - Mar 21, 2019 +* Make ingress path configurable + +## [7.12.13] - Mar 19, 2019 +* Move the copy of bootstrap config from postStart to preStart + +## [7.12.12] - Mar 19, 2019 +* Fix existingClaim example + +## [7.12.11] - Mar 18, 2019 +* Add information about nginx persistence + +## [7.12.10] - Mar 15, 2019 +* Wait for nginx configuration file before using it + +## [7.12.9] - Mar 15, 2019 +* Revert securityContext changes since they were causing issues + +## [7.12.8] - Mar 15, 2019 +* Fix issue #247 (init container failing to run) + +## [7.12.7] - Mar 14, 2019 +* Updated Artifactory version to 6.8.7 +* Add support for Artifactory-CE for C++ + +## [7.12.6] - Mar 13, 2019 +* Move securityContext to container level + +## [7.12.5] - Mar 11, 2019 +* Updated Artifactory version to 6.8.6 + +## [7.12.4] - Mar 8, 2019 +* Fix existingClaim option + +## [7.12.3] - Mar 5, 2019 +* Updated Artifactory version to 6.8.4 + +## [7.12.2] - Mar 4, 2019 +* Add support for catalina logs sidecars + +## [7.12.1] - Feb 27, 2019 +* Updated Artifactory version to 6.8.3 + +## [7.12.0] - Feb 25, 2019 +* Add nginx support for tail sidecars + +## [7.11.1] - Feb 20, 2019 +* Added support for enterprise storage + +## [7.10.2] - Feb 19, 2019 +* Updated Artifactory version to 6.8.2 + +## [7.10.1] - Feb 17, 2019 +* Updated Artifactory version to 6.8.1 +* Add example of `SERVER_XML_EXTRA_CONNECTOR` usage + +## [7.10.0] - Feb 15, 2019 +* Updated Artifactory version to 6.8.0 + +## [7.9.6] - Feb 13, 2019 +* Updated Artifactory version to 6.7.3 + +## [7.9.5] - Feb 12, 2019 +* Add support for tail sidecars to view logs from k8s api + +## [7.9.4] - Feb 6, 2019 +* Fix support for customizing statefulset `terminationGracePeriodSeconds` + +## [7.9.3] - Feb 5, 2019 +* Add instructions on how to deploy Artifactory with embedded Derby database + +## [7.9.2] - Feb 5, 2019 +* Add support for customizing statefulset `terminationGracePeriodSeconds` + +## [7.9.1] - Feb 3, 2019 +* Updated Artifactory version to 6.7.2 + +## [7.9.0] - Jan 23, 2019 +* Updated Artifactory version to 6.7.0 + +## [7.8.9] - Jan 22, 2019 +* Added support for `artifactory.customInitContainers` to create custom init containers + +## [7.8.8] - Jan 17, 2019 +* Added support of values ingress.labels + +## [7.8.7] - Jan 16, 2019 +* Mount replicator.yaml (config) directly to /replicator_extra_conf + +## [7.8.6] - Jan 13, 2019 +* Fix documentation about nginx group id + +## [7.8.5] - Jan 13, 2019 +* Updated Artifactory version to 6.6.5 + +## [7.8.4] - Jan 8, 2019 +* Make artifactory.replicator.publicUrl required when the replicator is enabled + +## [7.8.3] - Jan 1, 2019 +* Updated Artifactory version to 6.6.3 +* Add support for `artifactory.extraEnvironmentVariables` to pass more environment variables to Artifactory + +## [7.8.2] - Dec 28, 2018 +* Fix location `replicator.yaml` is copied to + +## [7.8.1] - Dec 27, 2018 +* Updated Artifactory version to 6.6.1 + +## [7.8.0] - Dec 20, 2018 +* Updated Artifactory version to 6.6.0 + +## [7.7.13] - Dec 17, 2018 +* Updated Artifactory version to 6.5.13 + +## [7.7.12] - Dec 12, 2018 +* Fix documentation about Artifactory license setup using secret + +## [7.7.11] - Dec 10, 2018 +* Fix issue when using existing claim + +## [7.7.10] - Dec 5, 2018 +* Remove Distribution certificates creation. + +## [7.7.9] - Nov 30, 2018 +* Updated Artifactory version to 6.5.9 + +## [7.7.8] - Nov 29, 2018 +* Updated postgresql version to 9.6.11 + +## [7.7.7] - Nov 27, 2018 +* Updated Artifactory version to 6.5.8 + +## [7.7.6] - Nov 19, 2018 +* Added support for configMap to use custom Reverse Proxy Configuration with Nginx + +## [7.7.5] - Nov 14, 2018 +* Fix location of `nodeSelector`, `affinity` and `tolerations` + +## [7.7.4] - Nov 14, 2018 +* Updated Artifactory version to 6.5.3 + +## [7.7.3] - Nov 12, 2018 +* Support artifactory.preStartCommand for running command before entrypoint starts + +## [7.7.2] - Nov 7, 2018 +* Support database.url parameter (DB_URL) + +## [7.7.1] - Oct 29, 2018 +* Change probes port to 8040 (so they will not be blocked when all tomcat threads on 8081 are exhausted) + +## [7.7.0] - Oct 28, 2018 +* Update postgresql chart to version 0.9.5 to be able and use `postgresConfig` options + +## [7.6.8] - Oct 23, 2018 +* Fix providing external secret for database credentials + +## [7.6.7] - Oct 23, 2018 +* Allow user to configure externalTrafficPolicy for Loadbalancer + +## [7.6.6] - Oct 22, 2018 +* Updated ingress annotation support (with examples) to support docker registry v2 + +## [7.6.5] - Oct 21, 2018 +* Updated Artifactory version to 6.5.2 + +## [7.6.4] - Oct 19, 2018 +* Allow providing pre-existing secret containing master key +* Allow arbitrary annotations on primary and member node pods +* Enforce size limits when using local storage with `emptyDir` +* Allow providing pre-existing secrets containing external database credentials + +## [7.6.3] - Oct 18, 2018 +* Updated Artifactory version to 6.5.1 + +## [7.6.2] - Oct 17, 2018 +* Add Apache 2.0 license + +## [7.6.1] - Oct 11, 2018 +* Supports master-key in the secrets and stateful-set +* Allows ingress default `backend` to be enabled or disabled (defaults to enabled) + +## [7.6.0] - Oct 11, 2018 +* Updated Artifactory version to 6.5.0 + +## [7.5.4] - Oct 9, 2018 +* Quote ingress hosts to support wildcard names + +## [7.5.3] - Oct 4, 2018 +* Add PostgreSQL resources template + +## [7.5.2] - Oct 2, 2018 +* Add `helm repo add jfrog https://charts.jfrog.io` to README + +## [7.5.1] - Oct 2, 2018 +* Set Artifactory to 6.4.1 + +## [7.5.0] - Sep 27, 2018 +* Set Artifactory to 6.4.0 + +## [7.4.3] - Sep 26, 2018 +* Add ci/test-values.yaml + +## [7.4.2] - Sep 2, 2018 +* Updated Artifactory version to 6.3.2 +* Removed unused PVC + +## [7.4.0] - Aug 22, 2018 +* Added support to run as non root +* Updated Artifactory version to 6.2.0 + +## [7.3.0] - Aug 22, 2018 +* Enabled RBAC Support +* Added support for PostStartCommand (To download Database JDBC connector) +* Increased postgresql max_connections +* Added support for `nginx.conf` ConfigMap +* Updated Artifactory version to 6.1.0 diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/Chart.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/Chart.yaml new file mode 100644 index 000000000..2a3ddf048 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/Chart.yaml @@ -0,0 +1,26 @@ +apiVersion: v1 +appVersion: 7.6.3 +description: Universal Repository Manager supporting all major packaging formats, + build tools and CI servers. +home: https://www.jfrog.com/artifactory/ +icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory/logo/artifactory-logo.png +keywords: +- artifactory +- jfrog +- devops +maintainers: +- email: amithk@jfrog.com + name: amithins +- email: daniele@jfrog.com + name: danielezer +- email: eldada@jfrog.com + name: eldada +- email: ramc@jfrog.com + name: chukka +- email: rimasm@jfrog.com + name: rimusz +name: artifactory +sources: +- https://bintray.com/jfrog/product/JFrog-Artifactory-Pro/view +- https://github.com/jfrog/charts +version: 10.0.12 diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/LICENSE b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/LICENSE new file mode 100644 index 000000000..8dada3eda --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/README.md b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/README.md new file mode 100644 index 000000000..25fadc7f4 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/README.md @@ -0,0 +1,1431 @@ +# JFrog Artifactory Helm Chart + +## Prerequisites Details + +* Kubernetes 1.12+ +* Artifactory Pro trial license [get one from here](https://www.jfrog.com/artifactory/free-trial/) + +## Chart Details +This chart will do the following: + +* Deploy Artifactory-Pro/Artifactory-Edge (or OSS/CE if custom image is set) +* Deploy a PostgreSQL database using the stable/postgresql chart (can be changed) **NOTE:** For production grade installations it is recommended to use an external PostgreSQL. +* Deploy an optional Nginx server +* Optionally expose Artifactory with Ingress [Ingress documentation](https://kubernetes.io/docs/concepts/services-networking/ingress/) + +## Installing the Chart + +### Add ChartCenter Helm repository + +Before installing JFrog helm charts, you need to add the [ChartCenter helm repository](https://chartcenter.io) to your helm client + +```bash +helm repo add center https://repo.chartcenter.io +helm repo update +``` + +### Install Chart +To install the chart with the release name `artifactory`: +```bash +helm upgrade --install artifactory --namespace artifactory center/jfrog/artifactory +``` + +### System Configuration +Artifactory uses a common system configuration file - `system.yaml`. See [official documentation](https://www.jfrog.com/confluence/display/JFROG/System+YAML+Configuration+File) on its usage. +In order to override the default `system.yaml` configuration, do the following: +```bash +artifactory: + systemYaml: | + +``` + +### Deploying Artifactory with embedded Derby database +By default, this chart deploys Artifactory with PostgreSQL (running in a separate pod). +It's possible to deploy Artifactory without PostgreSQL (or any other external database), which will default to the embedded [Derby database](https://db.apache.org/derby/). +```bash +# Disable the default postgresql +helm upgrade --install artifactory --set postgresql.enabled=false --namespace artifactory center/jfrog/artifactory +``` +Artifactory will start with it's embedded Derby database. + +### Accessing Artifactory +**NOTE:** It might take a few minutes for Artifactory's public IP to become available. +Follow the instructions outputted by the install command to get the Artifactory IP to access it. + +### Updating Artifactory +Once you have a new chart version, you can update your deployment with +```bash +helm upgrade artifactory --namespace artifactory center/jfrog/artifactory +``` + +If artifactory was installed without providing a value to postgresql.postgresqlPassword (a password was autogenerated), follow these instructions: +1. Get the current password by running: +```bash +POSTGRES_PASSWORD=$(kubectl get secret -n -postgresql -o jsonpath="{.data.postgresql-password}" | base64 --decode) +``` +2. Upgrade the release by passing the previously auto-generated secret: +```bash +helm upgrade center/jfrog/artifactory --set postgresql.postgresqlPassword=${POSTGRES_PASSWORD} --namespace +``` + +This will apply any configuration changes on your existing deployment. + +### Special Upgrade Notes +#### Artifactory upgrade from 6.x to 7.x (App Version) +Arifactory 6.x to 7.x upgrade requires a one time migration process. This is done automatically on pod startup if needed. +It's possible to configure the migration timeout with the following configuration in extreme cases. The provided default should be more than enough for completion of the migration. +```yaml +artifactory: + # Migration support from 6.x to 7.x + migration: + timeoutSeconds: 3600 +``` + +### Artifactory memory and CPU resources +The Artifactory Helm chart comes with support for configured resource requests and limits to Artifactory, Nginx and PostgreSQL. By default, these settings are commented out. +It is **highly** recommended to set these so you have full control of the allocated resources and limits. +Artifactory java memory parameters can (and should) also be set to match the allocated resources with `artifactory.javaOpts.xms` and `artifactory.javaOpts.xmx`. +```bash +# Example of setting resource requests and limits to all pods (including passing java memory settings to Artifactory) +helm upgrade --install artifactory \ + --set artifactory.resources.requests.cpu="500m" \ + --set artifactory.resources.limits.cpu="2" \ + --set artifactory.resources.requests.memory="1Gi" \ + --set artifactory.resources.limits.memory="4Gi" \ + --set artifactory.javaOpts.xms="1g" \ + --set artifactory.javaOpts.xmx="4g" \ + --set nginx.resources.requests.cpu="100m" \ + --set nginx.resources.limits.cpu="250m" \ + --set nginx.resources.requests.memory="250Mi" \ + --set nginx.resources.limits.memory="500Mi" \ + --namespace artifactory center/jfrog/artifactory +``` +Get more details on configuring Artifactory in the [official documentation](https://www.jfrog.com/confluence/). + +Although it is possible to set resources limits and requests this way, it is recommended to use the pre-built values files +for small, medium and large installation and change them according to your needs (if necessary), as described [here](#Deploying-Artifactory-for-small/medium/large-installations) + +### Deploying Artifactory for small/medium/large installations +In the chart directory, we have added three values files, one for each installation type - small/medium/large. These values files are recommendations for setting resources requests and limits for your installation. The values are derived from the following [documentation](https://www.jfrog.com/confluence/display/EP/Installing+on+Kubernetes#InstallingonKubernetes-Systemrequirements). You can find them in the corresponding chart directory - values-small.yaml, values-medium.yaml and values-large.yaml + + +### Artifactory storage +When using an enterprise license. Artifactory supports a wide range of storage back ends. You can see more details on [Artifactory Filestore options](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore) + +In this chart, you set the type of storage you want with `artifactory.persistence.type` and pass the required configuration settings. +The default storage in this chart is the `file-system` replication, where the data is replicated to all nodes. + +#### NFS +To use an NFS server as your cluster's storage, you need to +- Setup an NFS server. Get its IP as `NFS_IP` +- Create a `data` and `backup` directories on the NFS exported directory with write permissions to all +- Pass NFS parameters to `helm install` and `helm upgrade` +```bash +... +--set artifactory.persistence.type=nfs \ +--set artifactory.persistence.nfs.ip=${NFS_IP} \ +... +``` + +#### Using a network file system with the file-system persistence type +In some cases, it is not possible for the helm chart to set up your NFS mounts automatically for Artiactory. +In such cases, such as using AWS EFS, you will use the `artifactory.persistnece.type=file-system` even though your underlying persistence is actually a network file system. +The same thing applies when using a slow storage device (such as cheap disks) as your main storage solution for Artifactory. +This means that serving highly used files from the network file system/slow storage can take time, +and that's why you would want a cache filesystem that's stored locally on disk (fast disks like SSD). + +This is how you would configure it: +Create a values file with the following content: +1. Set up your volume mount to your fast storage device +```yaml +artifactory: + ## Set up your volume mount to your fast storage device + customVolumes: | + - name: my-cache-fast-storage + persistentVolumeClaim: + claimName: my-cache-fast-storage-pvc + ## Enable caching and configure the cache directory + customVolumeMounts: | + - name: my-cache-fast-storage + mountPath: /my-fast-cache-mount + ## Install the helm chart with the values file you created + persistence: + cacheProviderDir: /my-fast-cache-mount + fileSystem: + cache: + enabled: true + +``` +2. Install Artifactory with the values file you created: +```bash +helm upgrade --install artifactory center/jfrog/artifactory --namespace artifactory -f values.yaml +``` + +#### Google Storage +To use a Google Storage bucket as the cluster's filestore. See [Google Storage Binary Provider](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore#ConfiguringtheFilestore-GoogleStorageBinaryProvider) +- Pass Google Storage parameters to `helm install` and `helm upgrade` +```bash +... +--set artifactory.persistence.type=google-storage \ +--set artifactory.persistence.googleStorage.identity=${GCP_ID} \ +--set artifactory.persistence.googleStorage.credential=${GCP_KEY} \ +... +``` + +#### AWS S3 +**NOTE** Keep in mind that when using the `aws-s3` persistence type, you will not be able to provide an IAM on the pod level. +In order to grant permissions to Artifactory using an IAM role, you will have to attach the said IAM role to the machine(s) on which Artifactory is running. +This is due to the fact that the `aws-s3` template uses the `JetS3t` library to interact with AWS. If you want to grant an IAM role at the pod level, see the `AWS S3 Vs` section. + +To use an AWS S3 bucket as the cluster's filestore. See [S3 Binary Provider](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore#ConfiguringtheFilestore-S3BinaryProvider) +- Pass AWS S3 parameters to `helm install` and `helm upgrade` +```bash +... +# With explicit credentials: +--set artifactory.persistence.type=aws-s3 \ +--set artifactory.persistence.awsS3.endpoint=${AWS_S3_ENDPOINT} \ +--set artifactory.persistence.awsS3.region=${AWS_REGION} \ +--set artifactory.persistence.awsS3.identity=${AWS_ACCESS_KEY_ID} \ +--set artifactory.persistence.awsS3.credential=${AWS_SECRET_ACCESS_KEY} \ +... + +... +# With using existing IAM role +--set artifactory.persistence.type=aws-s3 \ +--set artifactory.persistence.awsS3.endpoint=${AWS_S3_ENDPOINT} \ +--set artifactory.persistence.awsS3.region=${AWS_REGION} \ +--set artifactory.persistence.awsS3.roleName=${AWS_ROLE_NAME} \ +... +``` +**NOTE:** Make sure S3 `endpoint` and `region` match. See [AWS documentation on endpoint](https://docs.aws.amazon.com/general/latest/gr/rande.html) + +#### AWS S3 V3 +To use an AWS S3 bucket as the cluster's filestore and access it with the official AWS SDK, See [S3 Official SDK Binary Provider](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore#ConfiguringtheFilestore-AmazonS3OfficialSDKTemplate). +This filestore template uses the official AWS SDK, unlike th`aws-s3` implementation that uses the `JetS3t` library. +Use this template if you want to attach an IAM role to the Artifactory pod directly (as opposed to attaching it to the machine/s that Artifactory will run on). + +**NOTE** This will have to be combined with a k8s mechanism for attaching IAM roles to pods, like [kube2iam](https://github.com/helm/charts/tree/master/stable/kube2iam) or anything similar. + +- Pass AWS S3 V3 parameters and the annotation pointing to the IAM role (when using an IAM role. this is kube2iam specific and may vary depending on the implementation) to `helm install` and `helm upgrade` + +```bash +# With explicit credentials: +--set artifactory.persistence.type=aws-s3-v3 \ +--set artifactory.persistence.awsS3V3.region=${AWS_REGION} \ +--set artifactory.persistence.awsS3V3.bucketName=${AWS_S3_BUCKET_NAME} \ +--set artifactory.persistence.awsS3V3.identity=${AWS_ACCESS_KEY_ID} \ +--set artifactory.persistence.awsS3V3.credential=${AWS_SECRET_ACCESS_KEY} \ +... +``` + +```bash +# With using existing IAM role +--set artifactory.persistence.type=aws-s3-v3 \ +--set artifactory.persistence.awsS3V3.region=${AWS_REGION} \ +--set artifactory.persistence.awsS3V3.bucketName=${AWS_S3_BUCKET_NAME} \ +--set artifactory.annotations.'iam\.amazonaws\.com/role'=${AWS_IAM_ROLE_ARN} +... +``` + +#### Microsoft Azure Blob Storage +To use Azure Blob Storage as the cluster's filestore. See [Azure Blob Storage Binary Provider](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore#ConfiguringtheFilestore-AzureBlobStorageClusterBinaryProvider) +- Pass Azure Blob Storage parameters to `helm install` and `helm upgrade` +```bash +... +--set artifactory.persistence.type=azure-blob \ +--set artifactory.persistence.azureBlob.accountName=${AZURE_ACCOUNT_NAME} \ +--set artifactory.persistence.azureBlob.accountKey=${AZURE_ACCOUNT_KEY} \ +--set artifactory.persistence.azureBlob.endpoint=${AZURE_ENDPOINT} \ +--set artifactory.persistence.azureBlob.containerName=${AZURE_CONTAINER_NAME} \ +... +``` + +* To use a persistent volume claim as cache dir together with Azure Blob Storage, additionally pass the following parameters to `helm install` and `helm upgrade` (make sure `mountPath` and `cacheProviderDir` point to the same location) +```bash +... +--set artifactory.persistence.existingClaim=${YOUR_CLAIM} \ +--set artifactory.persistence.mountPath=/opt/cache-dir \ +--set artifactory.persistence.cacheProviderDir=/opt/cache-dir \ +... +``` + +#### Custom binarystore.xml +You have an option to provide a custom [binarystore.xml](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore).
+There are two options for this + +1. Editing directly in [values.yaml](values.yaml) +```yaml +artifactory: + persistence: + binarystoreXml: | + + + + + +``` + +2. Create your own [Secret](https://kubernetes.io/docs/concepts/configuration/secret/) and pass it to your `helm install` command +```yaml +# Prepare your custom Secret file (custom-binarystore.yaml) +kind: Secret +apiVersion: v1 +metadata: + name: custom-binarystore + labels: + app: artifactory + chart: artifactory +stringData: + binarystore.xml: |- + + + + +``` + +```bash +# Create a secret from the file +kubectl apply -n artifactory -f ./custom-binarystore.yaml + +# Pass it to your helm install command: +helm upgrade --install artifactory --namespace artifactory --set artifactory.persistence.customBinarystoreXmlSecret=custom-binarystore center/jfrog/artifactory +``` + +### Create a unique Master Key +Artifactory requires a unique master key. By default the chart has one set in values.yaml (`artifactory.masterKey`). + +**For production grade installations it is strongly recommended to use a custom master key. If you initially use the default master key it will be very hard to change the master key at a later stage** +**This key is for demo purpose and should not be used in a production environment!** + +You should generate a unique one and pass it to the template at install/upgrade time. +```bash +# Create a key +export MASTER_KEY=$(openssl rand -hex 32) +echo ${MASTER_KEY} + +# Pass the created master key to helm +helm upgrade --install artifactory --set artifactory.masterKey=${MASTER_KEY} --namespace artifactory center/jfrog/artifactory +``` + +Alternatively, you can create a secret containing the master key manually and pass it to the template at install/upgrade time. +```bash +# Create a key +export MASTER_KEY=$(openssl rand -hex 32) +echo ${MASTER_KEY} + +# Create a secret containing the key. The key in the secret must be named master-key +kubectl create secret generic my-secret --from-literal=master-key=${MASTER_KEY} + +# Pass the created secret to helm +helm upgrade --install artifactory --set artifactory.masterKeySecretName=my-secret --namespace artifactory center/jfrog/artifactory +``` +**NOTE:** In either case, make sure to pass the same master key on all future calls to `helm install` and `helm upgrade`! In the first case, this means always passing `--set artifactory.masterKey=${MASTER_KEY}`. In the second, this means always passing `--set artifactory.masterKeySecretName=my-secret` and ensuring the contents of the secret remain unchanged. + +### Special Upgrade Notes +### MasterKey during 6.x to 7.x Migration (App version) + +**NOTE:** 6.x only supports masterKey with 16 hex (32 characters) and if you have set masterKey using `openssl rand -hex 32` (64 characters) in 6.x, only the first 32 characters are used and rest are ignored. Hence, during 6.x to 7.x migration, we trim first 32 characters and set masterkey, which implies 7.x still uses the trimmed masterkey of 6.x. Hence, `artifactory.masterKey` should not be passed during migration from 6.x to 7.x. + +### Create a unique Join Key +Artifactory requires a unique join key. By default the chart has one set in values.yaml (`artifactory.joinKey`). + +**This key is for demo purpose and should not be used in a production environment!** + +You should generate a unique key and pass it to the template at install/upgrade time. +```bash +# Create a key +export JOIN_KEY=$(openssl rand -hex 32) +echo ${JOIN_KEY} + +# Pass the created join key to helm +helm upgrade --install artifactory --set artifactory.joinKey=${JOIN_KEY} --namespace artifactory center/jfrog/artifactory +``` + +Alternatively, you can create a secret containing the join key manually and pass it to the template at install/upgrade time. +```bash +# Create a key +export JOIN_KEY=$(openssl rand -hex 32) +echo ${JOIN_KEY} + +# Create a secret containing the key. The key in the secret must be named join-key +kubectl create secret generic my-secret --from-literal=join-key=${JOIN_KEY} + +# Pass the created secret to helm +helm upgrade --install artifactory --set artifactory.joinKeySecretName=my-secret --namespace artifactory center/jfrog/artifactory +``` +**NOTE:** In either case, make sure to pass the same join key on all future calls to `helm install` and `helm upgrade`! This means always passing `--set artifactory.joinKey=${JOIN_KEY}`. In the second, this means always passing `--set artifactory.joinKeySecretName=my-secret` and ensuring the contents of the secret remain unchanged. + +### Customizing Database password +You can override the specified database password (set in [values.yaml](values.yaml)), by passing it as a parameter in the install command line +```bash +helm upgrade --install artifactory --namespace artifactory --set postgresql.postgresqlPassword=12_hX34qwerQ2 center/jfrog/artifactory +``` + +You can customise other parameters in the same way, by passing them on `helm install` command line. + +### Deleting Artifactory + +On helm v2: +```bash +helm delete --purge artifactory +``` + +On helm v3: +```bash +helm delete artifactory --namespace artifactory +``` +This will completely delete your Artifactory Pro deployment. +**IMPORTANT:** This will also delete your data volumes. You will lose all data! + +### Kubernetes Secret for Artifactory License +##### Use an existing secret +You can deploy the Artifactory license as a [Kubernetes secret](https://kubernetes.io/docs/concepts/configuration/secret/). +Prepare a text file with the license written in it and create a Kubernetes secret from it. +```bash +# Create the Kubernetes secret (assuming the local license file is 'art.lic') +kubectl create secret generic artifactory-license --from-file=./art.lic + +# Pass the license to helm +helm upgrade --install artifactory --set artifactory.license.secret=artifactory-license,artifactory.license.dataKey=art.lic --namespace artifactory center/jfrog/artifactory +``` +**NOTE:** This method is relevant for initial deployment only! Once Artifactory is deployed, you should not keep passing these parameters as the license is already persisted into Artifactory's storage (they will be ignored). +Updating the license should be done via Artifactory UI or REST API. +If you want to keep managing the artifactory license using the same method, you can use the copyOnEveryStartup example shown in the values.yaml file + +##### Create the secret as part of the helm release +values.yaml +```yaml +artifactory: + license: + licenseKey: |- + +``` + +```bash +helm upgrade --install artifactory -f values.yaml --namespace artifactory center/jfrog/artifactory +``` +**NOTE:** This method is relevant for initial deployment only! Once Artifactory is deployed, you should not keep passing these parameters as the license is already persisted into Artifactory's storage (they will be ignored). +Updating the license should be done via Artifactory UI or REST API. +If you want to keep managing the artifactory license using the same method, you can use the copyOnEveryStartup example shown in the values.yaml file + + +### copyOnEveryStartup feature +Files stored in the `/artifactory-extra-conf` directory are only copied to the `ARTIFACTORY_HOME/etc` directory upon the first startup. +In some cases, you want your configuration files to be copied to the `ARTIFACTORY_HOME/etc` directory on every startup. +Two examples for that would be: + +1. the binarstore.xml file. If you use the default behaviour, your binarystore.xml configuration will only be copied on the first startup, +which means that changes you make over time to the `binaryStoreXml` configuration will not be applied. In order to make sure your changes are applied on every startup, do the following: +Create a values file with the following values: +```yaml +artifactory: + copyOnEveryStartup: + - source: /artifactory_bootstrap/binarystore.xml + target: etc/artifactory/ +``` + +Install the helm chart with the values file you created: +```bash +helm upgrade --install artifactory --namespace artifactory center/jfrog/artifactory -f values.yaml +``` + +2. Any custom configuration file you have to configure artifactory, such as `logback.xml`: +Create a config map with your `logback.xml` configuration. + +Create a values file with the following values: +```yaml +artifactory: + ## Create a volume pointing to the config map with your configuration file + customVolumes: | + - name: logback-xml-configmap + configMap: + name: logback-xml-configmap + customVolumeMounts: | + - name: logback-xml-configmap + mountPath: /tmp/artifactory-logback/ + copyOnEveryStartup: + - source: /tmp/artifactory-logback/* + target: etc/ +``` + +Install the helm chart with the values file you created: +```bash +helm upgrade --install artifactory --namespace artifactory center/jfrog/artifactory -f values.yaml +``` + +### Configure NetworkPolicy + +NetworkPolicy specifies what ingress and egress is allowed in this namespace. It is encouraged to be more specific whenever possible to increase security of the system. + +In the `networkpolicy` section of values.yaml you can specify a list of NetworkPolicy objects. + +For podSelector, ingress and egress, if nothing is provided then a default `- {}` is applied which is to allow everything. + +A full (but very wide open) example that results in 2 NetworkPolicy objects being created: +```yaml +networkpolicy: + # Allows all ingress and egress to/from artifactory. + - name: artifactory + podSelector: + matchLabels: + app: artifactory + egress: + - {} + ingress: + - {} + # Allows connectivity from artifactory pods to postgresql pods, but no traffic leaving postgresql pod. + - name: postgres + podSelector: + matchLabels: + app: postgresql + ingress: + - from: + - podSelector: + matchLabels: + app: artifactory +``` +### Artifactory JMX Configuration +** You can see some information about the exposed MBeans here - https://www.jfrog.com/confluence/display/RTF/Artifactory+JMX+MBeans + +Enable JMX in your deployment: +```bash +helm upgrade --install artifactory \ + --set artifactory.javaOpts.jmx.enabled=true \ + --namespace artifactory center/jfrog/artifactory +``` +This will enable access to Artifactory with JMX on the default port (9010). +** You have the option to change the port by setting ```artifactory.javaOpts.jmx.port``` to your choice of port + +In order to connect to Artifactory using JMX with jconsole (or any similar tool) installed on your computer, follow the following steps: +1. Enable JMX as described above and Change the Artifactory service to be of type LoadBalancer: +```bash +helm upgrade --install artifactory \ + --set artifactory.javaOpts.jmx.enabled=true \ + --set artifactory.service.type=LoadBalancer \ + --namespace artifactory center/jfrog/artifactory + +``` +2. The default setting for java.rmi.server.hostname is the service name (this is also configurable with ```artifactory.javaOpts.jmx.host```). +So in order to connect to Artifactory with jconsole you should map the Artifactory kuberentes service IP to the service name using your hosts file as such: +``` + artifactory- +``` +3. Launch jconsole with the service address and port: +```bash +jconsole artifactory-: +``` + +### Bootstrapping Artifactory admin password +You can bootstrap the `admin` user password as described in the [bootstrap Artifactory admin credentials](https://www.jfrog.com/confluence/display/JFROG/Users+and+Groups#UsersandGroups-RecreatingtheDefaultAdminUserrecreate) guide. + +1. Create `admin-creds-values.yaml` and provide the IP (By default 127.0.0.1) and password: +```yaml +artifactory: + admin: + ip: "" # Example: "*" to allow access from anywhere + username: "admin" + password: "" +``` + +2. Apply the `admin-creds-values.yaml` file: +```bash +helm upgrade --install artifactory --namespace artifactory center/jfrog/artifactory -f admin-creds-values.yaml +``` + +3. Restart Artifactory Pod (`Kubectl delete pod `) + +### Bootstrapping Artifactory configuration +**IMPORTANT:** Bootstrapping Artifactory needs license. Pass license as shown in above section. + +* User guide to [bootstrap Artifactory Global Configuration](https://www.jfrog.com/confluence/display/RTF/Configuration+Files#ConfigurationFiles-BootstrappingtheGlobalConfiguration) +* User guide to [bootstrap Artifactory Security Configuration](https://www.jfrog.com/confluence/display/RTF/Configuration+Files#ConfigurationFiles-BootstrappingtheSecurityConfiguration) + +1. Create `bootstrap-config.yaml` with artifactory.config.import.xml and security.import.xml as shown below: +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: my-release-bootstrap-config +data: + artifactory.config.import.xml: | + + security.import.xml: | + +``` + +2. Create configMap in Kubernetes: +```bash +kubectl apply -f bootstrap-config.yaml +``` +3. Pass the configMap to helm +```bash +helm upgrade --install artifactory --set artifactory.license.secret=artifactory-license,artifactory.license.dataKey=art.lic,artifactory.configMapName=my-release-bootstrap-config --namespace artifactory center/jfrog/artifactory +``` +OR +```bash +helm upgrade --install artifactory --set artifactory.license.licenseKey=,artifactory.configMapName=my-release-bootstrap-config --namespace artifactory center/jfrog/artifactory +``` + +### Use custom nginx.conf with Nginx + +Steps to create configMap with nginx.conf +* Create `nginx.conf` file. +```bash +kubectl create configmap nginx-config --from-file=nginx.conf +``` +* Pass configMap to helm install +```bash +helm upgrade --install artifactory --set nginx.customConfigMap=nginx-config --namespace artifactory center/jfrog/artifactory +``` + +### Use an external Database + +**For production grade installations it is recommended to use an external PostgreSQL with a static password** + +#### PostgreSQL +There are cases where you will want to use an external PostgreSQL with a different database name e.g. `my-artifactory-db`, then you need set a custom PostgreSQL connection URL, where `my-artifactory-db` is the name of the database. + +This can be done with the following parameters +```bash +... +--set postgresql.enabled=false \ +--set database.type=postgresql \ +--set database.driver=org.postgresql.Driver \ +--set database.url='jdbc:postgresql://${DB_HOST}:${DB_PORT}/my-artifactory-db' \ +--set database.user=${DB_USER} \ +--set database.password=${DB_PASSWORD} \ +... +``` +**NOTE:** You must set `postgresql.enabled=false` in order for the chart to use the `database.*` parameters. Without it, they will be ignored! + +#### Other DB type +There are cases where you will want to use a different database and not the enclosed **PostgreSQL**. +See more details on [configuring the database](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Database) +> The official Artifactory Docker images include the PostgreSQL database driver. +> For other database types, you will have to add the relevant database driver to Artifactory's tomcat/lib + +This can be done with the following parameters +```bash +# Make sure your Artifactory Docker image has the MySQL database driver in it +... +--set postgresql.enabled=false \ +--set artifactory.preStartCommand="mkdir -p /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib; cd /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib && wget -O /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib/mysql-connector-java-5.1.41.jar https://jcenter.bintray.com/mysql/mysql-connector-java/5.1.41/mysql-connector-java-5.1.41.jar" \ +--set database.type=mysql \ +--set database.driver=com.mysql.jdbc.Driver \ +--set database.url=${DB_URL} \ +--set database.user=${DB_USER} \ +--set database.password=${DB_PASSWORD} \ +... +``` +**NOTE:** You must set `postgresql.enabled=false` in order for the chart to use the `database.*` parameters. Without it, they will be ignored! +##### Configuring Artifactory with external Oracle database +To use artifactory with oracledb the required instant client library files, libaio has to be copied to tomcat lib. Also set LD_LIBRARY_PATH env variable. +1. Create a value file with the configuration +```yaml +postgresql: + enabled: false +database: + type: oracle + driver: oracle.jdbc.OracleDriver + url: + user: + password: +artifactory: + preStartCommand: "mkdir -p /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib; cd /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib && wget -O instantclient-basic-linux.x64-19.6.0.0.0dbru.zip https://download.oracle.com/otn_software/linux/instantclient/19600/instantclient-basic-linux.x64-19.6.0.0.0dbru.zip && unzip -jn instantclient-basic-linux.x64-19.6.0.0.0dbru.zip && wget -O libaio1_0.3.110-3_amd64.deb http://ftp.br.debian.org/debian/pool/main/liba/libaio/libaio1_0.3.110-3_amd64.deb && dpkg-deb -x libaio1_0.3.110-3_amd64.deb . && cp lib/x86_64-linux-gnu/* ." + extraEnvironmentVariables: + - name: LD_LIBRARY_PATH + value: /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib +``` +2. Install Artifactory with the values file you created: +```bash +helm upgrade --install artifactory center/jfrog/artifactory --namespace artifactory -f values-oracle.yaml +``` +**NOTE:** If its an upgrade from 6.x to 7.x, add same `preStartCommand` under `artifactory.migration.preStartCommand` + +#### Using pre-existing Kubernetes Secret +If you store your database credentials in a pre-existing Kubernetes `Secret`, you can specify them via `database.secrets` instead of `database.user` and `database.password`: +```bash +# Create a secret containing the database credentials +kubectl create secret generic my-secret --from-literal=user=${DB_USER} --from-literal=password=${DB_PASSWORD} +... +--set postgresql.enabled=false \ +--set database.secrets.user.name=my-secret \ +--set database.secrets.user.key=user \ +--set database.secrets.password.name=my-secret \ +--set database.secrets.password.key=password \ +--set database.secrets.url.name=my-secret \ +--set database.secrets.url.key=url \ +... +``` + +### Deleting Artifactory +To delete the Artifactory. + +On helm v2: +```bash +helm delete --purge artifactory +``` + +On helm v3: +```bash +helm delete artifactory --namespace artifactory +``` +This will completely delete your Artifactory HA cluster. + +### Custom Docker registry for your images +If you need to pull your Docker images from a private registry, you need to create a +[Kubernetes Docker registry secret](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/) and pass it to helm +```bash +# Create a Docker registry secret called 'regsecret' +kubectl create secret docker-registry regsecret --docker-server= --docker-username= --docker-password= --docker-email= +``` +Once created, you pass it to `helm` +```bash +helm upgrade --install artifactory --set imagePullSecrets=regsecret --namespace artifactory center/jfrog/artifactory +``` + +### Logger sidecars +This chart provides the option to add sidecars to tail various logs from Artifactory. See the available values in [values.yaml](values.yaml) + +Get list of containers in the pod +```bash +kubectl get pods -n -o jsonpath='{.spec.containers[*].name}' | tr ' ' '\n' +``` + +View specific log +```bash +kubectl logs -n -c +``` + +### Custom init containers +There are cases where a special, unsupported init processes is needed like checking something on the file system or testing something before spinning up the main container. + +For this, there is a section for writing a custom init container in the [values.yaml](values.yaml). By default it's commented out +```yaml +artifactory: + ## Add custom init containers + customInitContainers: | + ## Init containers template goes here ## +``` + +### Custom sidecar containers +There are cases where an extra sidecar container is needed. For example monitoring agents or log collection. + +For this, there is a section for writing a custom sidecar container in the [values.yaml](values.yaml). By default it's commented out +```yaml +artifactory: + ## Add custom sidecar containers + customSidecarContainers: | + ## Sidecar containers template goes here ## +``` + +### Custom volumes +If you need to use a custom volume in a custom init or sidecar container, you can use this option. + +For this, there is a section for defining custom volumes in the [values.yaml](values.yaml). By default it's commented out +```yaml +artifactory: + ## Add custom volumes + customVolumes: | + ## Custom volume comes here ## +``` + +### Custom secrets +If you need to add a custom secret in a custom init or sidecar container, you can use this option. + +For this, there is a section for defining custom secrets in the [values.yaml](values.yaml). By default it's commented out +```yaml +artifactory: + # Add custom secrets - secret per file + customSecrets: + - name: custom-secret + key: custom-secret.yaml + data: > + secret data +``` + +To use a custom secret, need to define a custom volume. +```yaml +artifactory: + ## Add custom volumes + customVolumes: | + - name: custom-secret + secret: + secretName: custom-secret +``` + +To use a volume, need to define a volume mount as part of a custom init or sidecar container. +```yaml +artifactory: + customSidecarContainers: + - name: side-car-container + volumeMounts: + - name: custom-secret + mountPath: /opt/custom-secret.yaml + subPath: custom-secret.yaml + readOnly: true +``` + +You can configure the sidecar to run as a custom user if needed by setting the following in the container template +```yaml + # Example of running container as root (id 0) + securityContext: + runAsUser: 0 + fsGroup: 0 +``` + +### Add Artifactory User Plugin during installation +If you need to add [Artifactory User Plugin](https://github.com/jfrog/artifactory-user-plugins), you can use this option. + +Create a secret with [Artifactory User Plugin](https://github.com/jfrog/artifactory-user-plugins) by following command: +```bash +# Secret with single user plugin +kubectl create secret generic archive-old-artifacts --from-file=archiveOldArtifacts.groovy --namespace=artifactory + +# Secret with single user plugin with configuration file +kubectl create secret generic webhook --from-file=webhook.groovy --from-file=webhook.config.json.sample --namespace=artifactory +``` + +Add plugin secret names to `plugins.yaml` as following: +```yaml +artifactory: + userPluginSecrets: + - archive-old-artifacts + - webhook +``` + +You can now pass the created `plugins.yaml` file to helm install command to deploy Artifactory with user plugins as follows: +```bash +helm upgrade --install artifactory -f plugins.yaml --namespace artifactory center/jfrog/artifactory +``` + +Alternatively, you may be in a situation in which you would like to create a secret in a Helm chart that depends on this chart. In this scenario, the name of the secret is likely dynamically generated via template functions, so passing a statically named secret isn't possible. In this case, the chart supports evaluating strings as templates via the [`tpl`](https://helm.sh/docs/charts_tips_and_tricks/#using-the-tpl-function) function - simply pass the raw string containing the templating language used to name your secret as a value instead by adding the following to your chart's `values.yaml` file: +```yaml +artifactory: # Name of the artifactory dependency + artifactory: + userPluginSecrets: + - '{{ template "my-chart.fullname" . }}' +``` +For additional information, please refer [here](https://www.jfrog.com/confluence/display/JFROG/User+Plugins). + +### Provide custom configMaps to Artifactory +If you want to mount a custom file to Artifactory, either an init shell script or a custom configuration file (such as `logback.xml`), you can use this option. + +Create a `configmaps.yaml` file with the following content: +```yaml +artifactory: + configMaps: | + logback.xml: | + + + + + %date [%-5level] \(%-20c{3}:%L\) %message%n + + + + + + + + + + + + + + + my-custom-post-start-hook.sh: | + echo "This is my custom post start hook" + + customVolumeMounts: | + - name: artifactory-configmaps + mountPath: /tmp/my-config-map + + postStartCommand: | + chmod +x /tmp/my-config-map/my-custom-post-start-hook.sh; + /tmp/my-config-map/my-custom-post-start-hook.sh; + + copyOnEveryStartup: + - source: /tmp/my-config-map/logback.xml + target: etc/ + +``` + +and use it with you helm install/upgrade: +```bash +helm upgrade --install artifactory -f configmaps.yaml --namespace artifactory center/jfrog/artifactory +``` + +This will, in turn: +* create a configMap with the files you specified above +* create a volume pointing to the configMap with the name `artifactory-configmaps` +* Mount said configMap onto `/tmp/my-config-map` using a `customVolumeMounts` +* Set the shell script we mounted as the `postStartCommand` +* Copy the `logback.xml` file to its proper location in the `$ARTIFACTORY_HOME/etc` directory. + +### Establishing TLS and Adding certificates +In HTTPS, the communication protocol is encrypted using Transport Layer Security (TLS). By default, TLS between JFrog Platform nodes is disabled. +When TLS is enabled, JFrog Access acts as the Certificate Authority (CA) signs the TLS certificates used by all the different JFrog Platform nodes. + +To establish TLS between JFrog Platform nodes: +Enable TLS by changing the tls entry (under the security section) in the access.config.yaml file. For more info, Please refer [here](https://www.jfrog.com/confluence/display/JFROG/Managing+TLS+Certificates#ManagingTLSCertificates) + +To enable tls in charts, set `tls` to true under `access` in [values.yaml](values.yaml). By default it's false +```yaml +access: + accessConfig: + security: + tls: true +``` + +To add custom tls certificates, create a tls secret from the certificate files. + +```bash +kubectl create secret tls --cert=ca.crt --key=ca.private.key +``` + +For resetting access certificates , you can set `resetAccessCAKeys` to true under access section in [values.yaml](values.yaml) and perform an helm upgrade. +* Note : Once helm upgrade is done, set `resetAccessCAKeys` to false for subsequent upgrades (to avoid resetting access certificates on every helm upgrade) +```yaml +access: + accessConfig: + security: + tls: true + customCertificatesSecretName: + resetAccessCAKeys: true +``` + +### Artifactory filebeat +If you want to collect logs from your Artifactory installation and send them to a central log collection solution like ELK, you can use this option. + +Create a `filebeat.yaml` values file with the following content: +```yaml +filebeat: + enabled: true + logstashUrl: + resources: + requests: + memory: "100Mi" + cpu: "100m" + limits: + memory: "100Mi" + cpu: "100m" +``` + +You can optionally customize the `filebeat.yaml` to send output to a different location like so: +```yaml +filebeat: + enabled: true + filebeatYml: | + +``` + +and use it with you helm install/upgrade: +```bash +helm upgrade --install artifactory -f filebeat.yaml --namespace artifactory center/jfrog/artifactory +``` + +### Install Artifactory HA with Nginx and Terminate SSL in Nginx Service(LoadBalancer). +To install the helm chart with performing SSL offload in the LoadBalancer layer of Nginx +For Ex: Using AWS ACM certificates to do SSL offload in the loadbalancer layer. +In order to do that, simply add the following to a `artifactory-ssl-values.yaml` file: +```yaml + nginx: + ssloffload: true + https: + enabled: false + service: + annotations: + service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:xx-xxxx:xxxxxxxx:certificate/xxxxxxxxxxxxx" + service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http" + service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https" +``` + +and use it with you helm install/upgrade: +```bash +helm upgrade --install artifactory -f artifactory-ssl-values.yaml --namespace artifactory center/jfrog/artifactory +``` + +### Ingress and TLS +To get Helm to create an ingress object with a hostname, add these below lines to `artifactory-ingress-values.yaml` file +```yaml + ingress: + enabled: true + hosts: + - artifactory.company.com + artifactory: + service: + type: NodePort + nginx + enabled: false +``` + +and use it with you helm install/upgrade: +```bash +helm upgrade --install artifactory -f artifactory-ingress-values.yaml --namespace artifactory center/jfrog/artifactory +``` + +If your cluster allows automatic creation/retrieval of TLS certificates (e.g. [cert-manager](https://github.com/jetstack/cert-manager)), please refer to the documentation for that mechanism. + +To manually configure TLS, first create/retrieve a key & certificate pair for the address(es) you wish to protect. Then create a TLS secret in the namespace: + +```bash +kubectl create secret tls artifactory-tls --cert=path/to/tls.cert --key=path/to/tls.key +``` + +Include the secret's name, along with the desired hostnames, in the Artifactory Ingress TLS section of your custom `values.yaml` file: + +```yaml + ingress: + ## If true, Artifactory Ingress will be created + ## + enabled: true + + ## Artifactory Ingress hostnames + ## Must be provided if Ingress is enabled + ## + hosts: + - artifactory.domain.com + annotations: + kubernetes.io/tls-acme: "true" + ## Artifactory Ingress TLS configuration + ## Secrets must be manually created in the namespace + ## + tls: + - secretName: artifactory-tls + hosts: + - artifactory.domain.com +``` + +### Ingress annotations + +This example specifically enables Artifactory to work as a Docker Registry using the Repository Path method. See [Artifactory as Docker Registry](https://www.jfrog.com/confluence/display/RTF/Getting+Started+with+Artifactory+as+a+Docker+Registry) documentation for more information about this setup. + +```yaml +ingress: + enabled: true + defaultBackend: + enabled: false + hosts: + - myhost.example.com + annotations: + ingress.kubernetes.io/force-ssl-redirect: "true" + ingress.kubernetes.io/proxy-body-size: "0" + ingress.kubernetes.io/proxy-read-timeout: "600" + ingress.kubernetes.io/proxy-send-timeout: "600" + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/configuration-snippet: | + rewrite ^/(v2)/token /artifactory/api/docker/null/v2/token; + rewrite ^/(v2)/([^\/]*)/(.*) /artifactory/api/docker/$2/$1/$3; + nginx.ingress.kubernetes.io/proxy-body-size: "0" + tls: + - hosts: + - "myhost.example.com" +``` + +If you're using Artifactory as SSO provider (e.g. with xray), you will need to have the following annotations, and change with your domain: +```yaml +.. + annotations: + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/configuration-snippet: | + proxy_pass_header Server; + proxy_set_header X-JFrog-Override-Base-Url https://; +``` + +### Ingress additional rules + +You have the option to add additional ingress rules to the Artifactory ingress. An example for this use case can be routing the /xray path to Xray. +In order to do that, simply add the following to a `artifactory-values.yaml` file: +```yaml +ingress: + enabled: true + + defaultBackend: + enabled: false + + annotations: + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/configuration-snippet: | + rewrite "(?i)/xray(/|$)(.*)" /$2 break; + + additionalRules: | + - host: + http: + paths: + - path: / + backend: + serviceName: + servicePort: + - path: /xray + backend: + serviceName: + servicePort: + - path: /artifactory + backend: + serviceName: {{ template "artifactory.nginx.fullname" . }} + servicePort: {{ .Values.nginx.externalPortHttp }} +``` + +and running: +```bash +helm upgrade --install xray center/jfrog/artifactory -f artifactory-values.yaml +``` + +### Dedicated Ingress object for replicator service + +You have the option to add additional ingress object to the Replicator service. An example for this use case can be routing the /replicator/ path to Artifactory. +In order to do that, simply add the following to a `artifactory-values.yaml` file: + +```yaml +artifactory: + replicator: + enabled: true + ingress: + name: + hosts: + - myhost.example.com + annotations: + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/proxy-buffering: "off" + nginx.ingress.kubernetes.io/configuration-snippet: | + chunked_transfer_encoding on; + tls: + - hosts: + - "myhost.example.com" + secretName: +``` + + +### Ingress behind another load balancer +If you are running a load balancer, that is used to offload the TLS, in front of Nginx Ingress Controller, or if you are setting **X-Forwarded-*** headers, you might want to enable **'use-forwarded-headers=true'** option. Otherwise nginx will be filling those headers with the request information it receives from the external load balancer. + +To enable it with `helm install` +```bash +helm upgrade --install nginx-ingress --namespace nginx-ingress stable/nginx-ingress --set-string controller.config.use-forwarded-headers=true +``` +or `helm upgrade` +```bash +helm upgrade nginx-ingress --set-string controller.config.use-forwarded-headers=true stable/nginx-ingress +``` +or create a values.yaml file with the following content: +```yaml +controller: + config: + use-forwarded-headers: "true" +``` +Then install nginx-ingress with the values file you created: +```bash +helm upgrade --install nginx-ingress --namespace nginx-ingress stable/nginx-ingress -f values.yaml +``` +This will start sending your Artifactory logs to the log aggregator of your choice, based on your configuration in the `filebeatYml` + + +## Configuration +The following table lists the configurable parameters of the artifactory chart and their default values. + +| Parameter | Description | Default | +|---------------------------|-----------------------------------|----------------------------------------------------------| +| `imagePullSecrets` | Docker registry pull secret | | +| `serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | +| `serviceAccount.name` | The name of the ServiceAccount to create | Generated using the fullname template | +| `serviceAccount.annotations` | Artifactory service account annotations | `` | +| `rbac.create` | Specifies whether RBAC resources should be created | `true` | +| `rbac.role.rules` | Rules to create | `[]` | +| `logger.image.repository` | repository for logger image | `busybox` | +| `logger.image.tag` | tag for logger image | `1.30` | +| `artifactory.name` | Artifactory name | `artifactory` | +| `artifactory.replicaCount` | Replica count for Artifactory deployment| `1` | +| `artifactory.image.pullPolicy` | Container pull policy | `IfNotPresent` | +| `artifactory.image.repository` | Container image | `docker.bintray.io/jfrog/artifactory-pro` | +| `artifactory.image.version` | Container tag | `.Chart.AppVersion` | +| `artifactory.labels` | Artifactory labels | `{}` | +| `artifactory.priorityClass.create` | Create a PriorityClass object | `false` | +| `artifactory.priorityClass.value` | Priority Class value | `1000000000` | +| `artifactory.priorityClass.name` | Priority Class name | `{{ template "artifactory.fullname" . }}` | +| `artifactory.priorityClass.existingPriorityClass` | Use existing priority class | `` | +| `artifactory.loggers` | Artifactory loggers (see values.yaml for possible values) | `[]` | +| `artifactory.loggersResources.requests.memory` | Artifactory loggers initial memory request | | +| `artifactory.loggersResources.requests.cpu` | Artifactory loggers initial cpu request | | +| `artifactory.loggersResources.limits.memory` | Artifactory loggers memory limit | | +| `artifactory.loggersResources.limits.cpu` | Artifactory loggers cpu limit | | +| `artifactory.catalinaLoggers` | Artifactory Tomcat loggers (see values.yaml for possible values) | `[]` | +| `artifactory.catalinaLoggersResources.requests.memory` | Artifactory Tomcat loggers initial memory request | | +| `artifactory.catalinaLoggersResources.requests.cpu` | Artifactory Tomcat loggers initial cpu request | | +| `artifactory.catalinaLoggersResources.limits.memory` | Artifactory Tomcat loggers memory limit | | +| `artifactory.catalinaLoggersResources.limits.cpu` | Artifactory Tomcat loggers cpu limit | | +| `artifactory.customInitContainers`| Custom init containers | | +| `artifactory.customSidecarContainers`| Custom sidecar containers | | +| `artifactory.customVolumes` | Custom volumes | | +| `artifactory.customVolumeMounts` | Custom Artifactory volumeMounts | | +| `artifactory.customSecrets` | Custom secrets | | +| `artifactory.customPersistentPodVolumeClaim` | Custom PVC spec to create and attach a unique PVC for each pod on startup with the volumeClaimTemplates feature in StatefulSet | | +| `artifactory.customPersistentVolumeClaim` | Custom PVC spec to be mounted to the all artifactory containers using a volume | | +| `artifactory.userPluginSecrets` | Array of secret names for Artifactory user plugins | | +| `artifactory.license.licenseKey` | Artifactory license key. Providing the license key as a parameter will cause a secret containing the license key to be created as part of the release. Use either this setting or the license.secret and license.dataKey. If you use both, the latter will be used. | | +| `artifactory.configMaps` | configMaps to be created as volume by the name `artifactory-configmaps`. In order to use these configMaps, you will need to add `customVolumeMounts` to point to the created volume and mount it onto a container | | +| `artifactory.license.secret` | Artifactory license secret name | | +| `artifactory.license.dataKey`| Artifactory license secret data key | | +| `artifactory.service.name`| Artifactory service name to be set in Nginx configuration | `artifactory` | +| `artifactory.service.type`| Artifactory service type | `ClusterIP` | +| `artifactory.service.loadBalancerSourceRanges`| Artifactory service array of IP CIDR ranges to whitelist (only when service type is LoadBalancer) | | +| `artifactory.service.annotations` | Artifactory service annotations | `{}` | +| `artifactory.externalPort` | Artifactory router service external port | `8082` | +| `artifactory.internalPort` | Artifactory router service internal port (**DO NOT** use port lower than 1024) | `8082` | +| `artifactory.internalArtifactoryPort` | Artifactory service internal port (**DO NOT** use port lower than 1024) | `8081` | +| `artifactory.externalArtifactoryPort` | Artifactory service external port | `8081` | +| `artifactory.livenessProbe.enabled` | Enable liveness probe | `true` | +| `artifactory.livenessProbe.path` | Liveness probe HTTP Get path | `/router/api/v1/system/health` | +| `artifactory.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 180 | +| `artifactory.livenessProbe.periodSeconds` | How often to perform the probe | 10 | +| `artifactory.livenessProbe.timeoutSeconds` | When the probe times out | 10 | +| `artifactory.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | 1 | +| `artifactory.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 10 | +| `artifactory.masterKey` | Artifactory Master Key. A 128-Bit key size (hexadecimal encoded) string (32 hex characters). Can be generated with `openssl rand -hex 32`. NOTE: This key is generated only once and cannot be updated once created | `` | +| `artifactory.masterKeySecretName` | Artifactory Master Key secret name | | +| `artifactory.joinKey` | Join Key to connect other services to Artifactory. Can be generated with `openssl rand -hex 32` | `` | +| `artifactory.joinKeySecretName` | Artifactory join Key secret name | | +| `artifactory.admin.ip` | Artifactory admin ip to be set upon startup, can use (*) for 0.0.0.0| `127.0.0.1` | +| `artifactory.admin.username` | Artifactory admin username to be set upon startup| `admin` | +| `artifactory.admin.password` | Artifactory admin password to be set upon startup| | +| `artifactory.admin.secret` | Artifactory admin secret name | | +| `artifactory.admin.dataKey` | Artifactory admin secret data key | | +| `artifactory.preStartCommand` | Command to run before entrypoint starts | | +| `artifactory.postStartCommand` | Command to run after container starts. Supports templating with `tpl` | | +| `artifactory.extraEnvironmentVariables` | Extra environment variables to pass to Artifactory. Supports evaluating strings as templates via the [`tpl`](https://helm.sh/docs/charts_tips_and_tricks/#using-the-tpl-function) function. See [documentation](https://www.jfrog.com/confluence/display/RTF/Installing+with+Docker#InstallingwithDocker-SupportedEnvironmentVariables) | | +| `artifactory.readinessProbe.enabled` | would you like a readinessProbe to be enabled | `true` | +| `artifactory.readinessProbe.path` | Readiness probe HTTP Get path | `/router/api/v1/system/health` | +| `artifactory.readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | 180 | +| `artifactory.readinessProbe.periodSeconds` | How often to perform the probe | 10 | +| `artifactory.readinessProbe.timeoutSeconds` | When the probe times out | 10 | +| `artifactory.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | 1 | +| `artifactory.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 10 | +| `artifactory.deleteDBPropertiesOnStartup` | Whether to delete the ARTIFACTORY_HOME/etc/db.properties file on startup. Disabling this will remove the ability for the db.properties to be updated with any DB-related environment variables change (e.g. DB_HOST, DB_URL) | `true` | +| `artifactory.database.maxOpenConnections` | Maximum amount of open connections from Artifactory to the DB | `80` | +| `artifactory.copyOnEveryStartup` | List of files to copy on startup from source (which is absolute) to target (which is relative to ARTIFACTORY_HOME | | +| `artifactory.migration.timeoutSeconds` | Artifactory migration Maximum Timeout in seconds| `3600` | +| `artifactory.migration.enabled` | Artifactory migration enabled or disabled | `true` | +| `artifactory.persistence.mountPath` | Artifactory persistence volume mount path | `"/var/opt/jfrog/artifactory"` | +| `artifactory.persistence.enabled` | Artifactory persistence volume enabled | `true` | +| `artifactory.persistence.existingClaim` | Artifactory persistence volume claim name | | +| `artifactory.persistence.accessMode` | Artifactory persistence volume access mode | `ReadWriteOnce` | +| `artifactory.persistence.size` | Artifactory persistence or local volume size | `20Gi` | +| `artifactory.persistence.binarystore.enabled` | whether you want to mount the binarystore.xml file from a secret created by the chart. If `false` you will need need to get the binarystore.xml file into the file-system from either an `initContainer` or using a `preStartCommand` | `true` | +| `artifactory.persistence.binarystoreXml` | Artifactory binarystore.xml template | See `values.yaml` | +| `artifactory.persistence.customBinarystoreXmlSecret` | A custom Secret for binarystore.xml | `` | +| `artifactory.persistence.maxCacheSize` | The maximum storage allocated for the cache in bytes. | `50000000000` | +| `artifactory.persistence.cacheProviderDir` | the root folder of binaries for the filestore cache. If the value specified starts with a forward slash ("/") it is considered the fully qualified path to the filestore folder. Otherwise, it is considered relative to the *baseDataDir*. | `cache` | +| `artifactory.persistence.type` | Artifactory HA storage type | `file-system` | +| `artifactory.persistence.redundancy` | Artifactory HA storage redundancy | `3` | +| `artifactory.persistence.nfs.ip` | NFS server IP | | +| `artifactory.persistence.nfs.haDataMount` | NFS data directory | `/data` | +| `artifactory.persistence.nfs.haBackupMount` | NFS backup directory | `/backup` | +| `artifactory.persistence.nfs.dataDir` | HA data directory | `/var/opt/jfrog/artifactory` | +| `artifactory.persistence.nfs.backupDir` | HA backup directory | `/var/opt/jfrog/artifactory-backup` | +| `artifactory.persistence.nfs.capacity` | NFS PVC size | `200Gi` | +| `artifactory.persistence.fileSystem.cache.enabled` | Enable Artifactory cache when using the file-system persistence type | `false` | +| `artifactory.persistence.eventual.numberOfThreads` | Eventual number of threads | `10` | +| `artifactory.persistence.googleStorage.endpoint` | Google Storage API endpoint| `storage.googleapis.com` | +| `artifactory.persistence.googleStorage.httpsOnly` | Google Storage API has to be consumed https only| `false` | +| `artifactory.persistence.googleStorage.bucketName` | Google Storage bucket name | `artifactory` | +| `artifactory.persistence.googleStorage.identity` | Google Storage service account id | | +| `artifactory.persistence.googleStorage.credential` | Google Storage service account key | | +| `artifactory.persistence.googleStorage.path` | Google Storage path in bucket | `artifactory/filestore` | +| `artifactory.persistence.googleStorage.bucketExists`| Google Storage bucket exists therefore does not need to be created.| `false` | +| `artifactory.persistence.awsS3.bucketName` | AWS S3 bucket name | `artifactory-aws` | +| `artifactory.persistence.awsS3.endpoint` | AWS S3 bucket endpoint | See https://docs.aws.amazon.com/general/latest/gr/rande.html | +| `artifactory.persistence.awsS3.region` | AWS S3 bucket region | | +| `artifactory.persistence.awsS3.roleName` | AWS S3 IAM role name | | +| `artifactory.persistence.awsS3.identity` | AWS S3 AWS_ACCESS_KEY_ID | | +| `artifactory.persistence.awsS3.credential` | AWS S3 AWS_SECRET_ACCESS_KEY | | +| `artifactory.persistence.awsS3.properties` | AWS S3 additional properties | | +| `artifactory.persistence.awsS3.path` | AWS S3 path in bucket | `artifactory/filestore` | +| `artifactory.persistence.awsS3.refreshCredentials` | AWS S3 renew credentials on expiration | `true` (When roleName is used, this parameter will be set to true) | +| `artifactory.persistence.awsS3.httpsOnly` | AWS S3 https access to the bucket only | `true` | +| `artifactory.persistence.awsS3.testConnection` | AWS S3 test connection on start up | `false` | +| `artifactory.persistence.awsS3.s3AwsVersion` | AWS S3 signature version | `AWS4-HMAC-SHA256` | +| `artifactory.persistence.awsS3V3.testConnection` | AWS S3 test connection on start up | `false` | +| `artifactory.persistence.awsS3V3.identity` | AWS S3 AWS_ACCESS_KEY_ID | | +| `artifactory.persistence.awsS3V3.credential` | AWS S3 AWS_SECRET_ACCESS_KEY | | +| `artifactory.persistence.awsS3V3.region` | AWS S3 bucket region | | +| `artifactory.persistence.awsS3V3.bucketName` | AWS S3 bucket name | `artifactory-aws` | +| `artifactory.persistence.awsS3V3.path` | AWS S3 path in bucket | `artifactory/filestore` | +| `artifactory.persistence.awsS3V3.endpoint` | AWS S3 bucket endpoint | See https://docs.aws.amazon.com/general/latest/gr/rande.html | +| `artifactory.persistence.awsS3V3.maxConnections` | AWS S3 bucket maxConnections | `50` | +| `artifactory.persistence.awsS3V3.kmsServerSideEncryptionKeyId` | AWS S3 encryption key ID or alias | | +| `artifactory.persistence.awsS3V3.kmsKeyRegion` | AWS S3 KMS Key region | | +| `artifactory.persistence.awsS3V3.kmsCryptoMode` | AWS S3 KMS encryption mode | See https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore#ConfiguringtheFilestore-AmazonS3OfficialSDKTemplate | +| `artifactory.persistence.awsS3V3.useInstanceCredentials` | AWS S3 Use default authentication mechanism | See https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore#ConfiguringtheFilestore-authentication | +| `artifactory.persistence.awsS3V3.usePresigning` | AWS S3 Use URL signing | `false` | +| `artifactory.persistence.awsS3V3.signatureExpirySeconds` | AWS S3 Validity period in seconds for signed URLs | `300` | +| `artifactory.persistence.awsS3V3.cloudFrontDomainName` | AWS CloudFront domain name | See https://www.jfrog.com/confluence/display/RTF/Direct+Cloud+Storage+Download#DirectCloudStorageDownload-UsingCloudFront(Optional)| +| `artifactory.persistence.awsS3V3.cloudFrontKeyPairId` | AWS CloudFront key pair ID | See https://www.jfrog.com/confluence/display/RTF/Direct+Cloud+Storage+Download#DirectCloudStorageDownload-UsingCloudFront(Optional)| +| `artifactory.persistence.awsS3V3.cloudFrontPrivateKey` | AWS CloudFront private key | See https://www.jfrog.com/confluence/display/RTF/Direct+Cloud+Storage+Download#DirectCloudStorageDownload-UsingCloudFront(Optional)| +| `artifactory.persistence.azureBlob.accountName` | Azure Blob Storage account name | `` | +| `artifactory.persistence.azureBlob.accountKey` | Azure Blob Storage account key | `` | +| `artifactory.persistence.azureBlob.endpoint` | Azure Blob Storage endpoint | `` | +| `artifactory.persistence.azureBlob.containerName` | Azure Blob Storage container name | `` | +| `artifactory.persistence.azureBlob.testConnection` | Azure Blob Storage test connection | `false` | +| `artifactory.resources.requests.memory` | Artifactory initial memory request | | +| `artifactory.resources.requests.cpu` | Artifactory initial cpu request | | +| `artifactory.resources.limits.memory` | Artifactory memory limit | | +| `artifactory.resources.limits.cpu` | Artifactory cpu limit | | +| `artifactory.javaOpts.xms` | Artifactory java Xms size | | +| `artifactory.javaOpts.xmx` | Artifactory java Xms size | | +| `artifactory.javaOpts.corePoolSize` | The number of async processes that can run in parallel - https://jfrog.com/knowledge-base/how-do-i-tune-artifactory-for-heavy-loads/ | `8` | +| `artifactory.javaOpts.jmx.enabled` | Enable JMX monitoring | `false` | +| `artifactory.javaOpts.jmx.port` | JMX Port number | `9010` | +| `artifactory.javaOpts.jmx.host` | JMX hostname (parsed as a helm template) | `{{ template "artifactory.fullname" $ }}` | +| `artifactory.javaOpts.jmx.ssl` | Enable SSL | `false` | +| `artifactory.javaOpts.jmx.authenticate` | Enable JMX authentication | `false` | +| `artifactory.javaOpts.jmx.accessFile` | The path to the JMX access file, when JMX authentication is enabled | | +| `artifactory.javaOpts.jmx.passwordFile` | The path to the JMX password file, when JMX authentication is enabled | | +| `artifactory.javaOpts.other` | Artifactory additional java options | | +| `artifactory.replicator.enabled` | Enable the Replicator service (relevant for Enterprise+ only) | `false` | +| `artifactory.ssh.enabled` | Enable Artifactory SSH access | | +| `artifactory.ssh.internalPort` | Artifactory SSH internal port | `1339` | +| `artifactory.ssh.externalPort` | Artifactory SSH external port | `1339` | +| `artifactory.terminationGracePeriodSeconds` | Termination grace period (seconds) | `30s` | +| `artifactory.tomcat.connector.maxThreads` | The max number of connections to Artifactory connector | `200` | +| `artifactory.tomcat.connector.extraConfig` | The max queue length for incoming connections to Artifactory connector | `'acceptCount="100"'` | +| `artifactory.systemYaml` | Artifactory system configuration (`system.yaml`) as described here - https://www.jfrog.com/confluence/display/JFROG/Artifactory+System+YAML | `see values.yaml` | +| `artifactory.affinity` | Artifactory node affinity | `{}` | +| `access.database.maxOpenConnections` | Maximum amount of open connections from Access to the DB | `80` | +| `access.tomcat.connector.maxThreads` | The max number of connections to Aceess connector | `50` | +| `access.tomcat.connector.extraConfig` | The max queue length for incoming connections to Access connector | `'acceptCount="100"'` | +| `ingress.enabled` | If true, Artifactory Ingress will be created | `false` | +| `ingress.annotations` | Artifactory Ingress annotations | `{}` | +| `ingress.labels` | Artifactory Ingress labels | `{}` | +| `ingress.hosts` | Artifactory Ingress hostnames | `[]` | +| `ingress.routerPath` | Router Ingress path | `/` | +| `ingress.artifactoryPath` | Artifactory Ingress path | `/` | +| `ingress.tls` | Artifactory Ingress TLS configuration (YAML) | `[]` | +| `ingress.defaultBackend.enabled` | If true, the default `backend` will be added using serviceName and servicePort | `true` | +| `ingress.annotations` | Ingress annotations, which are written out if annotations section exists in values. Everything inside of the annotations section will appear verbatim inside the resulting manifest. See `Ingress annotations` section below for examples of how to leverage the annotations, specifically for how to enable docker authentication. | | +| `ingress.additionalRules` | Ingress additional rules to be added to the Artifactory ingress. | `[]` | +| `metadata.database.maxOpenConnections` | Maximum amount of open connections from metadata to the DB | `80` | +| `nginx.name` | Nginx name | `nginx` | +| `nginx.enabled` | Deploy nginx server | `true` | +| `nginx.kind` | Nginx object kind, for example `DaemonSet`, `Deployment` or `StatefulSet` | `Deployment` | +| `nginx.name` | Nginx name | `nginx` | +| `nginx.replicaCount` | Nginx replica count | `1` | +| `nginx.uid` | Nginx User Id | `104` | +| `nginx.gid` | Nginx Group Id | `107` | +| `nginx.image.repository` | Container image | `docker.bintray.io/jfrog/nginx-artifactory-pro` | +| `nginx.image.version` | Container tag | `.Chart.AppVersion` | +| `nginx.image.pullPolicy` | Container pull policy | `IfNotPresent` | +| `nginx.labels` | Nginx deployment labels | `{}` | +| `nginx.loggers` | Nginx loggers (see values.yaml for possible values) | `[]` | +| `nginx.loggersResources.requests.memory` | Nginx logger initial memory request | | +| `nginx.loggersResources.requests.cpu` | Nginx logger initial cpu request | | +| `nginx.loggersResources.limits.memory` | Nginx logger memory limit | | +| `nginx.loggersResources.limits.cpu` | Nginx logger cpu limit | | +| `nginx.logs.stderr` | Send nginx logs to stderr | false | +| `nginx.logs.level` | Nginx log level: debug, info, notice, warn, error, crit, alert, or emerg | warn | +| `nginx.mainConf` | Content of the Artifactory nginx main nginx.conf config file | `see values.yaml` | +| `nginx.artifactoryConf` | Content of Artifactory nginx artifactory.conf config file | `see values.yaml` | +| `nginx.service.type`| Nginx service type | `LoadBalancer` | +| `nginx.service.loadBalancerSourceRanges`| Nginx service array of IP CIDR ranges to whitelist (only when service type is LoadBalancer) | | +| `nginx.service.externalTrafficPolicy`| Nginx service desires to route external traffic to node-local or cluster-wide endpoints. | `Cluster` | +| `nginx.service.ssloffload` | Nginx service SSL offload | false | +| `nginx.loadBalancerIP` | Provide Static IP to configure with Nginx | | +| `nginx.http.enabled` | Nginx http service enabled/disabled | true | +| `nginx.http.externalPort` | Nginx service external port | `80` | +| `nginx.http.internalPort` | Nginx service internal port | `80` | +| `nginx.https.enabled` | Nginx http service enabled/disabled | true | +| `nginx.https.externalPort` | Nginx service external port | `443` | +| `nginx.https.internalPort` | Nginx service internal port | `443` | +| `nginx.ssh.internalPort` | Nginx SSH internal port | `22` | +| `nginx.ssh.externalPort` | Nginx SSH external port | `22` | +| `nginx.externalPortHttp` | DEPRECATED: Nginx service external port | `80` | +| `nginx.internalPortHttp` | DEPRECATED:Nginx service internal port | `80` | +| `nginx.externalPortHttps` | DEPRECATED: Nginx service external port | `443` | +| `nginx.internalPortHttps` | DEPRECATED: Nginx service internal port | `443` | +| `nginx.livenessProbe.enabled` | Enable liveness probe | `true` | +| `nginx.livenessProbe.path` | Liveness probe HTTP Get path | `/router/api/v1/system/health` | +| `nginx.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 60 | +| `nginx.livenessProbe.periodSeconds` | How often to perform the probe | 10 | +| `nginx.livenessProbe.timeoutSeconds` | When the probe times out | 10 | +| `nginx.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | 10 | +| `nginx.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 1| +| `nginx.readinessProbe.enabled` | would you like a readinessProbe to be enabled | `true` | +| `nginx.readinessProbe.path` | Readiness probe HTTP Get path | `/artifactory/webapp/#/login` | +| `nginx.readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | 60 | +| `nginx.readinessProbe.periodSeconds` | How often to perform the probe | 10 | +| `nginx.readinessProbe.timeoutSeconds` | When the probe times out | 10 | +| `nginx.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | 10 | +| `nginx.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 1 | +| `nginx.tlsSecretName` | SSL secret that will be used by the Nginx pod | | +| `nginx.customConfigMap` | Nginx CustomeConfigMap name for `nginx.conf` | ` ` | +| `nginx.customArtifactoryConfigMap`| Nginx CustomeConfigMap name for `artifactory.conf` | ` ` | +| `nginx.persistence.mountPath` | Nginx persistence volume mount path | `"/var/opt/jfrog/nginx"` | +| `nginx.persistence.enabled` | Nginx persistence volume enabled | `false` | +| `nginx.persistence.accessMode` | Nginx persistence volume access mode | `ReadWriteOnce` | +| `nginx.persistence.size` | Nginx persistence volume size | `5Gi` | +| `nginx.resources.requests.memory` | Nginx initial memory request | | +| `nginx.resources.requests.cpu` | Nginx initial cpu request | | +| `nginx.resources.limits.memory` | Nginx memory limit | | +| `nginx.resources.limits.cpu` | Nginx cpu limit | | +| `waitForDatabase` | Wait for database (using wait-for-db init container) | `true` | +| `postgresql.enabled` | Use enclosed PostgreSQL as database | `true` | +| `postgresql.image.registry` | PostgreSQL image registry | `docker.bintray.io` | +| `postgresql.image.repository` | PostgreSQL image repository | `bitnami/postgresql` | +| `postgresql.image.tag` | PostgreSQL image tag | `9.6.18-debian-10-r7` | +| `postgresql.postgresqlDatabase` | PostgreSQL database name | `artifactory` | +| `postgresql.postgresqlUsername` | PostgreSQL database user | `artifactory` | +| `postgresql.postgresqlPassword` | PostgreSQL database password | | +| `postgresql.postgresqlExtendedConf.listenAddresses` | PostgreSQL listen address | `"'*'"` | +| `postgresql.postgresqlExtendedConf.maxConnections` | PostgreSQL max_connections parameter | `1500` | +| `postgresql.persistence.enabled` | PostgreSQL use persistent storage | `true` | +| `postgresql.persistence.size` | PostgreSQL persistent storage size | `50Gi` | +| `postgresql.service.port` | PostgreSQL database port | `5432` | +| `postgresql.resources.requests.memory` | PostgreSQL initial memory request | | +| `postgresql.resources.requests.cpu` | PostgreSQL initial cpu request | | +| `postgresql.resources.limits.memory` | PostgreSQL memory limit | | +| `postgresql.resources.limits.cpu` | PostgreSQL cpu limit | | +| `postgresql.master.nodeSelector` | PostgreSQL master node selector | `{}` | +| `postgresql.master.affinity` | PostgreSQL master node affinity | `{}` | +| `postgresql.master.tolerations` | PostgreSQL master node tolerations | `[]` | +| `postgresql.slave.nodeSelector` | PostgreSQL slave node selector | `{}` | +| `postgresql.slave.affinity` | PostgreSQL slave node affinity | `{}` | +| `postgresql.slave.tolerations` | PostgreSQL slave node tolerations | `[]` | +| `database.type` | External database type (`postgresql`, `mysql`, `oracle` or `mssql`) | | +| `database.driver` | External database driver e.g. `org.postgresql.Driver` | | +| `database.url` | External database connection URL | | +| `database.user` | External database username | | +| `database.password` | External database password | | +| `database.secrets.user.name` | External database username `Secret` name | | +| `database.secrets.user.key` | External database username `Secret` key | | +| `database.secrets.password.name` | External database password `Secret` name | | +| `database.secrets.password.key` | External database password `Secret` key | | +| `database.secrets.url.name ` | External database url `Secret` name | | +| `database.secrets.url.key` | External database url `Secret` key | | +| `networkpolicy.name` | Becomes part of the NetworkPolicy object name | `artifactory` | +| `networkpolicy.podselector` | Contains the YAML that specifies how to match pods. Usually using matchLabels. | | +| `networkpolicy.ingress` | YAML snippet containing to & from rules applied to incoming traffic | `- {}` (open to all inbound traffic) | +| `networkpolicy.egress` | YAML snippet containing to & from rules applied to outgoing traffic | `- {}` (open to all outbound traffic) | +| `filebeat.enabled` | Enable a filebeat container to send your logs to a log management solution like ELK | `false` | +| `filebeat.name` | filebeat container name | `artifactory-filebeat` | +| `filebeat.image.repository` | filebeat Docker image repository | `docker.elastic.co/beats/filebeat` | +| `filebeat.image.version` | filebeat Docker image version | `7.5.1` | +| `filebeat.logstashUrl` | The URL to the central Logstash service, if you have one | `logstash:5044` | +| `filebeat.livenessProbe.exec.command` | liveness probe exec command | see [values.yaml](stable/artifactory/values.yaml) | +| `filebeat.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 10 | +| `filebeat.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 180 | +| `filebeat.livenessProbe.periodSeconds` | How often to perform the probe | 10 | +| `filebeat.readinessProbe.exec.command` | readiness probe exec command | see [values.yaml](stable/artifactory/values.yaml) | +| `filebeat.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 10 | +| `filebeat.readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | 180 | +| `filebeat.readinessProbe.periodSeconds` | How often to perform the probe | 10 | +| `filebeat.resources.requests.memory` | Filebeat initial memory request | | +| `filebeat.resources.requests.cpu` | Filebeat initial cpu request | | +| `filebeat.resources.limits.memory` | Filebeat memory limit | | +| `filebeat.resources.limits.cpu` | Filebeat cpu limit | | +| `filebeat.filebeatYml` | Filebeat yaml configuration file | see [values.yaml](stable/artifactory/values.yaml) | + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. + +## Useful links +https://www.jfrog.com +https://www.jfrog.com/confluence/ diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/ReverseProxyConfiguration.md b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/ReverseProxyConfiguration.md new file mode 100644 index 000000000..38c4a9eaa --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/ReverseProxyConfiguration.md @@ -0,0 +1,140 @@ +# JFrog Artifactory Reverse Proxy Settings using Nginx + +#### Reverse Proxy +* To use Artifactory as docker registry it's mandatory to use Reverse Proxy. +* Artifactory provides a Reverse Proxy Configuration Generator screen in which you can fill in a set of fields to generate +the required configuration snippet which you can then download and install directly in the corresponding directory of your reverse proxy server. +* To learn about configuring NGINX or Apache for reverse proxy refer to documentation provided on [JFrog wiki](https://www.jfrog.com/confluence/display/RTF/Configuring+a+Reverse+Proxy) +* By default Artifactory helm chart uses Nginx for reverse proxy and load balancing. + +**Note**: Nginx image distributed with Artifactory helm chart is custom image managed and maintained by JFrog. + +#### Features of Artifactory Nginx +* Provides default configuration with self signed SSL certificate generated on each helm install/upgrade. +* Persist configuration and SSL certificate in `/var/opt/jfrog/nginx` directory + +#### Changing the default Artifactory nginx conf +Use a values.yaml file for changing the value of nginx.mainConf or nginx.artifactoryConf +These configuration will be mounted to the nginx container using a configmap. +For example: +1. Create a values file `nginx-values.yaml` with the following values: +```yaml +nginx: + artifactoryConf: | + ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; + ssl_certificate {{ .Values.nginx.persistence.mountPath }}/ssl/tls.crt; + ssl_certificate_key {{ .Values.nginx.persistence.mountPath }}/ssl/tls.key; + ssl_session_cache shared:SSL:1m; + ssl_prefer_server_ciphers on; + ## server configuration + server { + listen {{ .Values.nginx.internalPortHttps }} ssl; + listen {{ .Values.nginx.internalPortHttp }} ; + ## Change to you DNS name you use to access Artifactory + server_name ~(?.+)\.{{ include "artifactory.fullname" . }} {{ include "artifactory.fullname" . }}; + + if ($http_x_forwarded_proto = '') { + set $http_x_forwarded_proto $scheme; + } + ## Application specific logs + ## access_log /var/log/nginx/artifactory-access.log timing; + ## error_log /var/log/nginx/artifactory-error.log; + rewrite ^/$ /artifactory/webapp/ redirect; + rewrite ^/artifactory/?(/webapp)?$ /artifactory/webapp/ redirect; + if ( $repo != "" ) { + rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/$repo/$1/$2 break; + } + rewrite ^/(v1|v2)/([^/]+)(.*)$ /artifactory/api/docker/$2/$1/$3; + rewrite ^/(v1|v2)/ /artifactory/api/docker/$1/; + chunked_transfer_encoding on; + client_max_body_size 0; + location /artifactory/ { + proxy_read_timeout 900; + proxy_pass_header Server; + proxy_cookie_path ~*^/.* /; + if ( $request_uri ~ ^/artifactory/(.*)$ ) { + proxy_pass http://{{ include "artifactory.fullname" . }}:{{ .Values.artifactory.externalPort }}/artifactory/$1; + } + proxy_pass http://{{ include "artifactory.fullname" . }}:{{ .Values.artifactory.externalPort }}/artifactory/; + proxy_set_header X-Artifactory-Override-Base-Url $http_x_forwarded_proto://$host:$server_port/artifactory; + proxy_set_header X-Forwarded-Port $server_port; + proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + } +``` + +2. Install/upgrade artifactory: +```bash +helm upgrade --install artifactory jfrog/artifactory -f nginx-values.yaml +``` + + +#### Steps to use static configuration for reverse proxy in nginx. +1. Get Artifactory service name using this command `kubectl get svc -n $NAMESPACE` + +2. Create `artifactory.conf` file with nginx configuration. More [nginx configuration examples](https://github.com/jfrog/artifactory-docker-examples/tree/master/files/nginx/conf.d) + + Following is example `artifactory.conf` + + **Note**: + * Create file with name `artifactory.conf` as it's fixed in configMap key. + * Replace `artifactory-artifactory` with service name taken from step 1. + + ```bash + ## add ssl entries when https has been set in config + ssl_certificate /var/opt/jfrog/nginx/ssl/tls.crt; + ssl_certificate_key /var/opt/jfrog/nginx/ssl/tls.key; + ssl_session_cache shared:SSL:1m; + ssl_prefer_server_ciphers on; + ## server configuration + server { + listen 443 ssl; + listen 80; + ## Change to you DNS name you use to access Artifactory + server_name ~(?.+)\.artifactory-artifactory artifactory-artifactory; + + if ($http_x_forwarded_proto = '') { + set $http_x_forwarded_proto $scheme; + } + ## Application specific logs + ## access_log /var/log/nginx/artifactory-access.log timing; + ## error_log /var/log/nginx/artifactory-error.log; + rewrite ^/$ /artifactory/webapp/ redirect; + rewrite ^/artifactory/?(/webapp)?$ /artifactory/webapp/ redirect; + if ( $repo != "" ) { + rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/$repo/$1/$2 break; + } + rewrite ^/(v1|v2)/([^/]+)(.*)$ /artifactory/api/docker/$2/$1/$3; + rewrite ^/(v1|v2)/ /artifactory/api/docker/$1/; + chunked_transfer_encoding on; + client_max_body_size 0; + location /artifactory/ { + proxy_read_timeout 900; + proxy_pass_header Server; + proxy_cookie_path ~*^/.* /; + if ( $request_uri ~ ^/artifactory/(.*)$ ) { + proxy_pass http://artifactory-artifactory:8081/artifactory/$1 break; + } + proxy_pass http://artifactory-artifactory:8081/artifactory/; + proxy_set_header X-Artifactory-Override-Base-Url $http_x_forwarded_proto://$host:$server_port/artifactory; + proxy_set_header X-Forwarded-Port $server_port; + proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + } + ``` + +3. Create configMap of `artifactory.conf` created with step above. + ```bash + kubectl create configmap art-nginx-conf --from-file=artifactory.conf + ``` +4. Deploy Artifactory using helm chart. + You can achieve this by providing the name of configMap created above to `nginx.customArtifactoryConfigMap` in [values.yaml](values.yaml) + + Following is command to set values at runtime: + ```bash + helm install --name artifactory nginx.customArtifactoryConfigMap=art-nginx-conf jfrog/artifactory + ``` \ No newline at end of file diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/UPGRADE_NOTES.md b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/UPGRADE_NOTES.md new file mode 100644 index 000000000..8917634f4 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/UPGRADE_NOTES.md @@ -0,0 +1,35 @@ +# JFrog Artifactory Chart Upgrade Notes +This file describes special upgrade notes needed at specific versions + +## Upgrade from 8.X to 9.X (Chart Versions) + +* If this is a new deployment or you already use an external database (`postgresql.enabled=false`), these changes **do not affect you!** +* To upgrade from a version prior to 8.x, you first need to upgrade to latest version of 8.x as described in https://github.com/jfrog/charts/blob/master/stable/artifactory/CHANGELOG.md. + +## Upgrade from 7.X to 8.X (Chart Versions) +**DOWNTIME IS REQUIRED FOR AN UPGRADE!** +* If this is a new deployment or you already use an external database (`postgresql.enabled=false`), these changes **do not affect you!** +* PostgreSQL sub chart was upgraded to version `6.5.x`. This version is not backward compatible with the old version (`0.9.5`)! +* Note the following **PostgreSQL** Helm chart changes + * The chart configuration has changed! See [values.yaml](values.yaml) for the new keys used + * **PostgreSQL** is deployed as a StatefulSet + * See [PostgreSQL helm chart](https://hub.helm.sh/charts/stable/postgresql) for all available configurations +* Upgrade + * Due to breaking changes in the **PostgreSQL** Helm chart, a migration of the database is needed from the old to the new database + * The recommended migration process is the [full system export and import](https://www.jfrog.com/confluence/display/RTF/Importing+and+Exporting) + * **NOTE:** To save time, export only metadata and configuration (check `Exclude Content` in the `System Import & Export`) since the Artifactory filestore is persisted + * Upgrade steps: + 1. Block user access to Artifactory (do not shutdown) + 2. Perform `Export System` from the `Admin` -> `Import & Export` -> `System` -> `Export System` + a. Check `Exclude Content` to save export size (as Artifactory filestore will persist across upgrade) + b. Choose to save the export on the persisted Artifactory volume (`/var/opt/jfrog/artifactory/`) + c. Click `Export` (this can take some time) + 3. Run the `helm upgrade` with the new version. Old PostgreSQL will be removed and new one deployed + a. You must pass explicit "ready for upgrade flag" with `--set databaseUpgradeReady=yes`. Failing to provide this will block the upgrade! + 4. Once ready, open Artifactory UI (you might need to re-enter a valid license). Skip all onboarding wizard steps + a. **NOTE:** Don't worry you can't see the old config and files. It will all restore with the system import in the next step + 5. Perform `Import System` from the `Admin` -> `Import & Export` -> `System` -> `Import System` + a. Browse to where the export was saved Artifactory volume (`/var/opt/jfrog/artifactory/`) + b. Click `Import` (this can take some time) + 6. Restore access to Artifactory + * Artifactory should now be ready to get back to normal operation diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/.helmignore b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/.helmignore new file mode 100644 index 000000000..f0c131944 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/Chart.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/Chart.yaml new file mode 100644 index 000000000..a61a09ff7 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/Chart.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +appVersion: 11.7.0 +description: Chart for PostgreSQL, an object-relational database management system + (ORDBMS) with an emphasis on extensibility and on standards-compliance. +home: https://www.postgresql.org/ +icon: https://bitnami.com/assets/stacks/postgresql/img/postgresql-stack-110x117.png +keywords: +- postgresql +- postgres +- database +- sql +- replication +- cluster +maintainers: +- email: containers@bitnami.com + name: Bitnami +- email: cedric@desaintmartin.fr + name: desaintmartin +name: postgresql +sources: +- https://github.com/bitnami/bitnami-docker-postgresql +version: 8.7.3 diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/README.md b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/README.md new file mode 100644 index 000000000..c2b848af1 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/README.md @@ -0,0 +1,576 @@ +# PostgreSQL + +[PostgreSQL](https://www.postgresql.org/) is an object-relational database management system (ORDBMS) with an emphasis on extensibility and on standards-compliance. + +For HA, please see [this repo](https://github.com/bitnami/charts/tree/master/bitnami/postgresql-ha) + +## TL;DR; + +```console +$ helm repo add bitnami https://charts.bitnami.com/bitnami +$ helm install my-release bitnami/postgresql +``` + +## Introduction + +This chart bootstraps a [PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/). + +## Prerequisites + +- Kubernetes 1.12+ +- Helm 2.11+ or Helm 3.0-beta3+ +- PV provisioner support in the underlying infrastructure + +## Installing the Chart +To install the chart with the release name `my-release`: + +```console +$ helm install my-release bitnami/postgresql +``` + +The command deploys PostgreSQL on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```console +$ helm delete my-release +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Parameters + +The following tables lists the configurable parameters of the PostgreSQL chart and their default values. + +| Parameter | Description | Default | +|-----------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------| +| `global.imageRegistry` | Global Docker Image registry | `nil` | +| `global.postgresql.postgresqlDatabase` | PostgreSQL database (overrides `postgresqlDatabase`) | `nil` | +| `global.postgresql.postgresqlUsername` | PostgreSQL username (overrides `postgresqlUsername`) | `nil` | +| `global.postgresql.existingSecret` | Name of existing secret to use for PostgreSQL passwords (overrides `existingSecret`) | `nil` | +| `global.postgresql.postgresqlPassword` | PostgreSQL admin password (overrides `postgresqlPassword`) | `nil` | +| `global.postgresql.servicePort` | PostgreSQL port (overrides `service.port`) | `nil` | +| `global.postgresql.replicationPassword` | Replication user password (overrides `replication.password`) | `nil` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | +| `global.storageClass` | Global storage class for dynamic provisioning | `nil` | +| `image.registry` | PostgreSQL Image registry | `docker.io` | +| `image.repository` | PostgreSQL Image name | `bitnami/postgresql` | +| `image.tag` | PostgreSQL Image tag | `{TAG_NAME}` | +| `image.pullPolicy` | PostgreSQL Image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Specify Image pull secrets | `nil` (does not add image pull secrets to deployed pods) | +| `image.debug` | Specify if debug values should be set | `false` | +| `nameOverride` | String to partially override postgresql.fullname template with a string (will prepend the release name) | `nil` | +| `fullnameOverride` | String to fully override postgresql.fullname template with a string | `nil` | +| `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work) | `false` | +| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | +| `volumePermissions.image.repository` | Init container volume-permissions image name | `bitnami/minideb` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag | `buster` | +| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `Always` | +| `volumePermissions.securityContext.runAsUser` | User ID for the init container (when facing issues in OpenShift or uid unknown, try value "auto") | `0` | +| `usePasswordFile` | Have the secrets mounted as a file instead of env vars | `false` | +| `ldap.enabled` | Enable LDAP support | `false` | +| `ldap.existingSecret` | Name of existing secret to use for LDAP passwords | `nil` | +| `ldap.url` | LDAP URL beginning in the form `ldap[s]://host[:port]/basedn[?[attribute][?[scope][?[filter]]]]` | `nil` | +| `ldap.server` | IP address or name of the LDAP server. | `nil` | +| `ldap.port` | Port number on the LDAP server to connect to | `nil` | +| `ldap.scheme` | Set to `ldaps` to use LDAPS. | `nil` | +| `ldap.tls` | Set to `1` to use TLS encryption | `nil` | +| `ldap.prefix` | String to prepend to the user name when forming the DN to bind | `nil` | +| `ldap.suffix` | String to append to the user name when forming the DN to bind | `nil` | +| `ldap.search_attr` | Attribute to match agains the user name in the search | `nil` | +| `ldap.search_filter` | The search filter to use when doing search+bind authentication | `nil` | +| `ldap.baseDN` | Root DN to begin the search for the user in | `nil` | +| `ldap.bindDN` | DN of user to bind to LDAP | `nil` | +| `ldap.bind_password` | Password for the user to bind to LDAP | `nil` | +| `replication.enabled` | Enable replication | `false` | +| `replication.user` | Replication user | `repl_user` | +| `replication.password` | Replication user password | `repl_password` | +| `replication.slaveReplicas` | Number of slaves replicas | `1` | +| `replication.synchronousCommit` | Set synchronous commit mode. Allowed values: `on`, `remote_apply`, `remote_write`, `local` and `off` | `off` | +| `replication.numSynchronousReplicas` | Number of replicas that will have synchronous replication. Note: Cannot be greater than `replication.slaveReplicas`. | `0` | +| `replication.applicationName` | Cluster application name. Useful for advanced replication settings | `my_application` | +| `existingSecret` | Name of existing secret to use for PostgreSQL passwords. The secret has to contain the keys `postgresql-postgres-password` which is the password for `postgresqlUsername` when it is different of `postgres`, `postgresql-password` which will override `postgresqlPassword`, `postgresql-replication-password` which will override `replication.password` and `postgresql-ldap-password` which will be sed to authenticate on LDAP. The value is evaluated as a template. | `nil` | +| `postgresqlPostgresPassword` | PostgreSQL admin password (used when `postgresqlUsername` is not `postgres`) | _random 10 character alphanumeric string_ | +| `postgresqlUsername` | PostgreSQL admin user | `postgres` | +| `postgresqlPassword` | PostgreSQL admin password | _random 10 character alphanumeric string_ | +| `postgresqlDatabase` | PostgreSQL database | `nil` | +| `postgresqlDataDir` | PostgreSQL data dir folder | `/bitnami/postgresql` (same value as persistence.mountPath) | +| `extraEnv` | Any extra environment variables you would like to pass on to the pod. The value is evaluated as a template. | `[]` | +| `extraEnvVarsCM` | Name of a Config Map containing extra environment variables you would like to pass on to the pod. The value is evaluated as a template. | `nil` | +| `postgresqlInitdbArgs` | PostgreSQL initdb extra arguments | `nil` | +| `postgresqlInitdbWalDir` | PostgreSQL location for transaction log | `nil` | +| `postgresqlConfiguration` | Runtime Config Parameters | `nil` | +| `postgresqlExtendedConf` | Extended Runtime Config Parameters (appended to main or default configuration) | `nil` | +| `pgHbaConfiguration` | Content of pg_hba.conf | `nil (do not create pg_hba.conf)` | +| `configurationConfigMap` | ConfigMap with the PostgreSQL configuration files (Note: Overrides `postgresqlConfiguration` and `pgHbaConfiguration`). The value is evaluated as a template. | `nil` | +| `extendedConfConfigMap` | ConfigMap with the extended PostgreSQL configuration files. The value is evaluated as a template. | `nil` | +| `initdbScripts` | Dictionary of initdb scripts | `nil` | +| `initdbUser` | PostgreSQL user to execute the .sql and sql.gz scripts | `nil` | +| `initdbPassword` | Password for the user specified in `initdbUser` | `nil` | +| `initdbScriptsConfigMap` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`). The value is evaluated as a template. | `nil` | +| `initdbScriptsSecret` | Secret with initdb scripts that contain sensitive information (Note: can be used with `initdbScriptsConfigMap` or `initdbScripts`). The value is evaluated as a template. | `nil` | +| `service.type` | Kubernetes Service type | `ClusterIP` | +| `service.port` | PostgreSQL port | `5432` | +| `service.nodePort` | Kubernetes Service nodePort | `nil` | +| `service.annotations` | Annotations for PostgreSQL service | `{}` (evaluated as a template) | +| `service.loadBalancerIP` | loadBalancerIP if service type is `LoadBalancer` | `nil` | +| `service.loadBalancerSourceRanges` | Address that are allowed when svc is LoadBalancer | `[]` (evaluated as a template) | +| `schedulerName` | Name of the k8s scheduler (other than default) | `nil` | +| `shmVolume.enabled` | Enable emptyDir volume for /dev/shm for master and slave(s) Pod(s) | `true` | +| `shmVolume.chmod.enabled` | Run at init chmod 777 of the /dev/shm (ignored if `volumePermissions.enabled` is `false`) | `true` | +| `persistence.enabled` | Enable persistence using PVC | `true` | +| `persistence.existingClaim` | Provide an existing `PersistentVolumeClaim`, the value is evaluated as a template. | `nil` | +| `persistence.mountPath` | Path to mount the volume at | `/bitnami/postgresql` | +| `persistence.subPath` | Subdirectory of the volume to mount at | `""` | +| `persistence.storageClass` | PVC Storage Class for PostgreSQL volume | `nil` | +| `persistence.accessModes` | PVC Access Mode for PostgreSQL volume | `[ReadWriteOnce]` | +| `persistence.size` | PVC Storage Request for PostgreSQL volume | `8Gi` | +| `persistence.annotations` | Annotations for the PVC | `{}` | +| `master.nodeSelector` | Node labels for pod assignment (postgresql master) | `{}` | +| `master.affinity` | Affinity labels for pod assignment (postgresql master) | `{}` | +| `master.tolerations` | Toleration labels for pod assignment (postgresql master) | `[]` | +| `master.anotations` | Map of annotations to add to the statefulset (postgresql master) | `{}` | +| `master.labels` | Map of labels to add to the statefulset (postgresql master) | `{}` | +| `master.podAnnotations` | Map of annotations to add to the pods (postgresql master) | `{}` | +| `master.podLabels` | Map of labels to add to the pods (postgresql master) | `{}` | +| `master.priorityClassName` | Priority Class to use for each pod (postgresql master) | `nil` | +| `master.extraInitContainers` | Additional init containers to add to the pods (postgresql master) | `[]` | +| `master.extraVolumeMounts` | Additional volume mounts to add to the pods (postgresql master) | `[]` | +| `master.extraVolumes` | Additional volumes to add to the pods (postgresql master) | `[]` | +| `master.sidecars` | Add additional containers to the pod | `[]` | +| `master.service.type` | Allows using a different service type for Master | `nil` | +| `master.service.nodePort` | Allows using a different nodePort for Master | `nil` | +| `master.service.clusterIP` | Allows using a different clusterIP for Master | `nil` | +| `slave.nodeSelector` | Node labels for pod assignment (postgresql slave) | `{}` | +| `slave.affinity` | Affinity labels for pod assignment (postgresql slave) | `{}` | +| `slave.tolerations` | Toleration labels for pod assignment (postgresql slave) | `[]` | +| `slave.anotations` | Map of annotations to add to the statefulsets (postgresql slave) | `{}` | +| `slave.labels` | Map of labels to add to the statefulsets (postgresql slave) | `{}` | +| `slave.podAnnotations` | Map of annotations to add to the pods (postgresql slave) | `{}` | +| `slave.podLabels` | Map of labels to add to the pods (postgresql slave) | `{}` | +| `slave.priorityClassName` | Priority Class to use for each pod (postgresql slave) | `nil` | +| `slave.extraInitContainers` | Additional init containers to add to the pods (postgresql slave) | `[]` | +| `slave.extraVolumeMounts` | Additional volume mounts to add to the pods (postgresql slave) | `[]` | +| `slave.extraVolumes` | Additional volumes to add to the pods (postgresql slave) | `[]` | +| `slave.sidecars` | Add additional containers to the pod | `[]` | +| `slave.service.type` | Allows using a different service type for Slave | `nil` | +| `slave.service.nodePort` | Allows using a different nodePort for Slave | `nil` | +| `slave.service.clusterIP` | Allows using a different clusterIP for Slave | `nil` | +| `terminationGracePeriodSeconds` | Seconds the pod needs to terminate gracefully | `nil` | +| `resources` | CPU/Memory resource requests/limits | Memory: `256Mi`, CPU: `250m` | +| `securityContext.enabled` | Enable security context | `true` | +| `securityContext.fsGroup` | Group ID for the container | `1001` | +| `securityContext.runAsUser` | User ID for the container | `1001` | +| `serviceAccount.enabled` | Enable service account (Note: Service Account will only be automatically created if `serviceAccount.name` is not set) | `false` | +| `serviceAcccount.name` | Name of existing service account | `nil` | +| `livenessProbe.enabled` | Would you like a livenessProbe to be enabled | `true` | +| `networkPolicy.enabled` | Enable NetworkPolicy | `false` | +| `networkPolicy.allowExternal` | Don't require client label for connections | `true` | +| `networkPolicy.explicitNamespacesSelector` | A Kubernetes LabelSelector to explicitly select namespaces from which ingress traffic could be allowed | `{}` | +| `livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 30 | +| `livenessProbe.periodSeconds` | How often to perform the probe | 10 | +| `livenessProbe.timeoutSeconds` | When the probe times out | 5 | +| `livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | +| `livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | +| `readinessProbe.enabled` | would you like a readinessProbe to be enabled | `true` | +| `readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | 5 | +| `readinessProbe.periodSeconds` | How often to perform the probe | 10 | +| `readinessProbe.timeoutSeconds` | When the probe times out | 5 | +| `readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | +| `readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | +| `metrics.enabled` | Start a prometheus exporter | `false` | +| `metrics.service.type` | Kubernetes Service type | `ClusterIP` | +| `service.clusterIP` | Static clusterIP or None for headless services | `nil` | +| `metrics.service.annotations` | Additional annotations for metrics exporter pod | `{ prometheus.io/scrape: "true", prometheus.io/port: "9187"}` | +| `metrics.service.loadBalancerIP` | loadBalancerIP if redis metrics service type is `LoadBalancer` | `nil` | +| `metrics.serviceMonitor.enabled` | Set this to `true` to create ServiceMonitor for Prometheus operator | `false` | +| `metrics.serviceMonitor.additionalLabels` | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus | `{}` | +| `metrics.serviceMonitor.namespace` | Optional namespace in which to create ServiceMonitor | `nil` | +| `metrics.serviceMonitor.interval` | Scrape interval. If not set, the Prometheus default scrape interval is used | `nil` | +| `metrics.serviceMonitor.scrapeTimeout` | Scrape timeout. If not set, the Prometheus default scrape timeout is used | `nil` | +| `metrics.prometheusRule.enabled` | Set this to true to create prometheusRules for Prometheus operator | `false` | +| `metrics.prometheusRule.additionalLabels` | Additional labels that can be used so prometheusRules will be discovered by Prometheus | `{}` | +| `metrics.prometheusRule.namespace` | namespace where prometheusRules resource should be created | the same namespace as postgresql | +| `metrics.prometheusRule.rules` | [rules](https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/) to be created, check values for an example. | `[]` | +| `metrics.image.registry` | PostgreSQL Image registry | `docker.io` | +| `metrics.image.repository` | PostgreSQL Image name | `bitnami/postgres-exporter` | +| `metrics.image.tag` | PostgreSQL Image tag | `{TAG_NAME}` | +| `metrics.image.pullPolicy` | PostgreSQL Image pull policy | `IfNotPresent` | +| `metrics.image.pullSecrets` | Specify Image pull secrets | `nil` (does not add image pull secrets to deployed pods) | +| `metrics.customMetrics` | Additional custom metrics | `nil` | +| `metrics.securityContext.enabled` | Enable security context for metrics | `false` | +| `metrics.securityContext.runAsUser` | User ID for the container for metrics | `1001` | +| `metrics.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 30 | +| `metrics.livenessProbe.periodSeconds` | How often to perform the probe | 10 | +| `metrics.livenessProbe.timeoutSeconds` | When the probe times out | 5 | +| `metrics.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | +| `metrics.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | +| `metrics.readinessProbe.enabled` | would you like a readinessProbe to be enabled | `true` | +| `metrics.readinessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 5 | +| `metrics.readinessProbe.periodSeconds` | How often to perform the probe | 10 | +| `metrics.readinessProbe.timeoutSeconds` | When the probe times out | 5 | +| `metrics.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | +| `metrics.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | +| `updateStrategy` | Update strategy policy | `{type: "RollingUpdate"}` | + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```console +$ helm install my-release \ + --set postgresqlPassword=secretpassword,postgresqlDatabase=my-database \ + bitnami/postgresql +``` + +The above command sets the PostgreSQL `postgres` account password to `secretpassword`. Additionally it creates a database named `my-database`. + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, + +```console +$ helm install my-release -f values.yaml bitnami/postgresql +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) + +## Configuration and installation details + +### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) + +It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. + +Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. + +### Production configuration and horizontal scaling + +This chart includes a `values-production.yaml` file where you can find some parameters oriented to production configuration in comparison to the regular `values.yaml`. You can use this file instead of the default one. + +- Enable replication: +```diff +- replication.enabled: false ++ replication.enabled: true +``` + +- Number of slaves replicas: +```diff +- replication.slaveReplicas: 1 ++ replication.slaveReplicas: 2 +``` + +- Set synchronous commit mode: +```diff +- replication.synchronousCommit: "off" ++ replication.synchronousCommit: "on" +``` + +- Number of replicas that will have synchronous replication: +```diff +- replication.numSynchronousReplicas: 0 ++ replication.numSynchronousReplicas: 1 +``` + +- Start a prometheus exporter: +```diff +- metrics.enabled: false ++ metrics.enabled: true +``` + +To horizontally scale this chart, you can use the `--replicas` flag to modify the number of nodes in your PostgreSQL deployment. Also you can use the `values-production.yaml` file or modify the parameters shown above. + +### Customizing Master and Slave services in a replicated configuration + +At the top level, there is a service object which defines the services for both master and slave. For deeper customization, there are service objects for both the master and slave types individually. This allows you to override the values in the top level service object so that the master and slave can be of different service types and with different clusterIPs / nodePorts. Also in the case you want the master and slave to be of type nodePort, you will need to set the nodePorts to different values to prevent a collision. The values that are deeper in the master.service or slave.service objects will take precedence over the top level service object. + +### Change PostgreSQL version + +To modify the PostgreSQL version used in this chart you can specify a [valid image tag](https://hub.docker.com/r/bitnami/postgresql/tags/) using the `image.tag` parameter. For example, `image.tag=12.0.0` + +### postgresql.conf / pg_hba.conf files as configMap + +This helm chart also supports to customize the whole configuration file. + +Add your custom file to "files/postgresql.conf" in your working directory. This file will be mounted as configMap to the containers and it will be used for configuring the PostgreSQL server. + +Alternatively, you can specify PostgreSQL configuration parameters using the `postgresqlConfiguration` parameter as a dict, using camelCase, e.g. {"sharedBuffers": "500MB"}. + +In addition to these options, you can also set an external ConfigMap with all the configuration files. This is done by setting the `configurationConfigMap` parameter. Note that this will override the two previous options. + +### Allow settings to be loaded from files other than the default `postgresql.conf` + +If you don't want to provide the whole PostgreSQL configuration file and only specify certain parameters, you can add your extended `.conf` files to "files/conf.d/" in your working directory. +Those files will be mounted as configMap to the containers adding/overwriting the default configuration using the `include_dir` directive that allows settings to be loaded from files other than the default `postgresql.conf`. + +Alternatively, you can also set an external ConfigMap with all the extra configuration files. This is done by setting the `extendedConfConfigMap` parameter. Note that this will override the previous option. + +### Initialize a fresh instance + +The [Bitnami PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) image allows you to use your custom scripts to initialize a fresh instance. In order to execute the scripts, they must be located inside the chart folder `files/docker-entrypoint-initdb.d` so they can be consumed as a ConfigMap. + +Alternatively, you can specify custom scripts using the `initdbScripts` parameter as dict. + +In addition to these options, you can also set an external ConfigMap with all the initialization scripts. This is done by setting the `initdbScriptsConfigMap` parameter. Note that this will override the two previous options. If your initialization scripts contain sensitive information such as credentials or passwords, you can use the `initdbScriptsSecret` parameter. + +The allowed extensions are `.sh`, `.sql` and `.sql.gz`. + +### Sidecars + +If you need additional containers to run within the same pod as PostgreSQL (e.g. an additional metrics or logging exporter), you can do so via the `sidecars` config parameter. Simply define your container according to the Kubernetes container spec. + +```yaml +# For the PostgreSQL master +master: + sidecars: + - name: your-image-name + image: your-image + imagePullPolicy: Always + ports: + - name: portname + containerPort: 1234 +# For the PostgreSQL replicas +slave: + sidecars: + - name: your-image-name + image: your-image + imagePullPolicy: Always + ports: + - name: portname + containerPort: 1234 +``` + +### Metrics + +The chart optionally can start a metrics exporter for [prometheus](https://prometheus.io). The metrics endpoint (port 9187) is not exposed and it is expected that the metrics are collected from inside the k8s cluster using something similar as the described in the [example Prometheus scrape configuration](https://github.com/prometheus/prometheus/blob/master/documentation/examples/prometheus-kubernetes.yml). + +The exporter allows to create custom metrics from additional SQL queries. See the Chart's `values.yaml` for an example and consult the [exporters documentation](https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file) for more details. + +### Use of global variables + +In more complex scenarios, we may have the following tree of dependencies + +``` + +--------------+ + | | + +------------+ Chart 1 +-----------+ + | | | | + | --------+------+ | + | | | + | | | + | | | + | | | + v v v ++-------+------+ +--------+------+ +--------+------+ +| | | | | | +| PostgreSQL | | Sub-chart 1 | | Sub-chart 2 | +| | | | | | ++--------------+ +---------------+ +---------------+ +``` + +The three charts below depend on the parent chart Chart 1. However, subcharts 1 and 2 may need to connect to PostgreSQL as well. In order to do so, subcharts 1 and 2 need to know the PostgreSQL credentials, so one option for deploying could be deploy Chart 1 with the following parameters: + +``` +postgresql.postgresqlPassword=testtest +subchart1.postgresql.postgresqlPassword=testtest +subchart2.postgresql.postgresqlPassword=testtest +postgresql.postgresqlDatabase=db1 +subchart1.postgresql.postgresqlDatabase=db1 +subchart2.postgresql.postgresqlDatabase=db1 +``` + +If the number of dependent sub-charts increases, installing the chart with parameters can become increasingly difficult. An alternative would be to set the credentials using global variables as follows: + +``` +global.postgresql.postgresqlPassword=testtest +global.postgresql.postgresqlDatabase=db1 +``` + +This way, the credentials will be available in all of the subcharts. + +## Persistence + +The [Bitnami PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) image stores the PostgreSQL data and configurations at the `/bitnami/postgresql` path of the container. + +Persistent Volume Claims are used to keep the data across deployments. This is known to work in GCE, AWS, and minikube. +See the [Parameters](#parameters) section to configure the PVC or to disable persistence. + +If you already have data in it, you will fail to sync to standby nodes for all commits, details can refer to [code](https://github.com/bitnami/bitnami-docker-postgresql/blob/8725fe1d7d30ebe8d9a16e9175d05f7ad9260c93/9.6/debian-9/rootfs/libpostgresql.sh#L518-L556). If you need to use those data, please covert them to sql and import after `helm install` finished. + +## NetworkPolicy + +To enable network policy for PostgreSQL, install [a networking plugin that implements the Kubernetes NetworkPolicy spec](https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy#before-you-begin), and set `networkPolicy.enabled` to `true`. + +For Kubernetes v1.5 & v1.6, you must also turn on NetworkPolicy by setting the DefaultDeny namespace annotation. Note: this will enforce policy for _all_ pods in the namespace: + +```console +$ kubectl annotate namespace default "net.beta.kubernetes.io/network-policy={\"ingress\":{\"isolation\":\"DefaultDeny\"}}" +``` + +With NetworkPolicy enabled, traffic will be limited to just port 5432. + +For more precise policy, set `networkPolicy.allowExternal=false`. This will only allow pods with the generated client label to connect to PostgreSQL. +This label will be displayed in the output of a successful install. + +## Differences between Bitnami PostgreSQL image and [Docker Official](https://hub.docker.com/_/postgres) image + +- The Docker Official PostgreSQL image does not support replication. If you pass any replication environment variable, this would be ignored. The only environment variables supported by the Docker Official image are POSTGRES_USER, POSTGRES_DB, POSTGRES_PASSWORD, POSTGRES_INITDB_ARGS, POSTGRES_INITDB_WALDIR and PGDATA. All the remaining environment variables are specific to the Bitnami PostgreSQL image. +- The Bitnami PostgreSQL image is non-root by default. This requires that you run the pod with `securityContext` and updates the permissions of the volume with an `initContainer`. A key benefit of this configuration is that the pod follows security best practices and is prepared to run on Kubernetes distributions with hard security constraints like OpenShift. +- For OpenShift, one may either define the runAsUser and fsGroup accordingly, or try this more dynamic option: volumePermissions.securityContext.runAsUser="auto",securityContext.enabled=false,shmVolume.chmod.enabled=false + +### Deploy chart using Docker Official PostgreSQL Image + +From chart version 4.0.0, it is possible to use this chart with the Docker Official PostgreSQL image. +Besides specifying the new Docker repository and tag, it is important to modify the PostgreSQL data directory and volume mount point. Basically, the PostgreSQL data dir cannot be the mount point directly, it has to be a subdirectory. + +``` +image.repository=postgres +image.tag=10.6 +postgresqlDataDir=/data/pgdata +persistence.mountPath=/data/ +``` + +## Upgrade + +It's necessary to specify the existing passwords while performing an upgrade to ensure the secrets are not updated with invalid randomly generated passwords. Remember to specify the existing values of the `postgresqlPassword` and `replication.password` parameters when upgrading the chart: + +```bash +$ helm upgrade my-release stable/postgresql \ + --set postgresqlPassword=[POSTGRESQL_PASSWORD] \ + --set replication.password=[REPLICATION_PASSWORD] +``` + +> Note: you need to substitute the placeholders _[POSTGRESQL_PASSWORD]_, and _[REPLICATION_PASSWORD]_ with the values obtained from instructions in the installation notes. + +## 8.0.0 + +Prefixes the port names with their protocols to comply with Istio conventions. + +If you depend on the port names in your setup, make sure to update them to reflect this change. + +## 7.1.0 + +Adds support for LDAP configuration. + +## 7.0.0 + +Helm performs a lookup for the object based on its group (apps), version (v1), and kind (Deployment). Also known as its GroupVersionKind, or GVK. Changing the GVK is considered a compatibility breaker from Kubernetes' point of view, so you cannot "upgrade" those objects to the new GVK in-place. Earlier versions of Helm 3 did not perform the lookup correctly which has since been fixed to match the spec. + +In https://github.com/helm/charts/pull/17281 the `apiVersion` of the statefulset resources was updated to `apps/v1` in tune with the api's deprecated, resulting in compatibility breakage. + +This major version bump signifies this change. + +## 6.5.7 + +In this version, the chart will use PostgreSQL with the Postgis extension included. The version used with Postgresql version 10, 11 and 12 is Postgis 2.5. It has been compiled with the following dependencies: + +- protobuf +- protobuf-c +- json-c +- geos +- proj + +## 5.0.0 + +In this version, the **chart is using PostgreSQL 11 instead of PostgreSQL 10**. You can find the main difference and notable changes in the following links: [https://www.postgresql.org/about/news/1894/](https://www.postgresql.org/about/news/1894/) and [https://www.postgresql.org/about/featurematrix/](https://www.postgresql.org/about/featurematrix/). + +For major releases of PostgreSQL, the internal data storage format is subject to change, thus complicating upgrades, you can see some errors like the following one in the logs: + +```console +Welcome to the Bitnami postgresql container +Subscribe to project updates by watching https://github.com/bitnami/bitnami-docker-postgresql +Submit issues and feature requests at https://github.com/bitnami/bitnami-docker-postgresql/issues +Send us your feedback at containers@bitnami.com + +INFO ==> ** Starting PostgreSQL setup ** +NFO ==> Validating settings in POSTGRESQL_* env vars.. +INFO ==> Initializing PostgreSQL database... +INFO ==> postgresql.conf file not detected. Generating it... +INFO ==> pg_hba.conf file not detected. Generating it... +INFO ==> Deploying PostgreSQL with persisted data... +INFO ==> Configuring replication parameters +INFO ==> Loading custom scripts... +INFO ==> Enabling remote connections +INFO ==> Stopping PostgreSQL... +INFO ==> ** PostgreSQL setup finished! ** + +INFO ==> ** Starting PostgreSQL ** + [1] FATAL: database files are incompatible with server + [1] DETAIL: The data directory was initialized by PostgreSQL version 10, which is not compatible with this version 11.3. +``` + +In this case, you should migrate the data from the old chart to the new one following an approach similar to that described in [this section](https://www.postgresql.org/docs/current/upgrading.html#UPGRADING-VIA-PGDUMPALL) from the official documentation. Basically, create a database dump in the old chart, move and restore it in the new one. + +### 4.0.0 + +This chart will use by default the Bitnami PostgreSQL container starting from version `10.7.0-r68`. This version moves the initialization logic from node.js to bash. This new version of the chart requires setting the `POSTGRES_PASSWORD` in the slaves as well, in order to properly configure the `pg_hba.conf` file. Users from previous versions of the chart are advised to upgrade immediately. + +IMPORTANT: If you do not want to upgrade the chart version then make sure you use the `10.7.0-r68` version of the container. Otherwise, you will get this error + +``` +The POSTGRESQL_PASSWORD environment variable is empty or not set. Set the environment variable ALLOW_EMPTY_PASSWORD=yes to allow the container to be started with blank passwords. This is recommended only for development +``` + +### 3.0.0 + +This releases make it possible to specify different nodeSelector, affinity and tolerations for master and slave pods. +It also fixes an issue with `postgresql.master.fullname` helper template not obeying fullnameOverride. + +#### Breaking changes + +- `affinty` has been renamed to `master.affinity` and `slave.affinity`. +- `tolerations` has been renamed to `master.tolerations` and `slave.tolerations`. +- `nodeSelector` has been renamed to `master.nodeSelector` and `slave.nodeSelector`. + +### 2.0.0 + +In order to upgrade from the `0.X.X` branch to `1.X.X`, you should follow the below steps: + + - Obtain the service name (`SERVICE_NAME`) and password (`OLD_PASSWORD`) of the existing postgresql chart. You can find the instructions to obtain the password in the NOTES.txt, the service name can be obtained by running + +```console +$ kubectl get svc +``` + +- Install (not upgrade) the new version + +```console +$ helm repo update +$ helm install my-release bitnami/postgresql +``` + +- Connect to the new pod (you can obtain the name by running `kubectl get pods`): + +```console +$ kubectl exec -it NAME bash +``` + +- Once logged in, create a dump file from the previous database using `pg_dump`, for that we should connect to the previous postgresql chart: + +```console +$ pg_dump -h SERVICE_NAME -U postgres DATABASE_NAME > /tmp/backup.sql +``` + +After run above command you should be prompted for a password, this password is the previous chart password (`OLD_PASSWORD`). +This operation could take some time depending on the database size. + +- Once you have the backup file, you can restore it with a command like the one below: + +```console +$ psql -U postgres DATABASE_NAME < /tmp/backup.sql +``` + +In this case, you are accessing to the local postgresql, so the password should be the new one (you can find it in NOTES.txt). + +If you want to restore the database and the database schema does not exist, it is necessary to first follow the steps described below. + +```console +$ psql -U postgres +postgres=# drop database DATABASE_NAME; +postgres=# create database DATABASE_NAME; +postgres=# create user USER_NAME; +postgres=# alter role USER_NAME with password 'BITNAMI_USER_PASSWORD'; +postgres=# grant all privileges on database DATABASE_NAME to USER_NAME; +postgres=# alter database DATABASE_NAME owner to USER_NAME; +``` diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/ci/default-values.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/ci/default-values.yaml new file mode 100644 index 000000000..fc2ba605a --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/ci/default-values.yaml @@ -0,0 +1 @@ +# Leave this file empty to ensure that CI runs builds against the default configuration in values.yaml. diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/ci/shmvolume-disabled-values.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/ci/shmvolume-disabled-values.yaml new file mode 100644 index 000000000..347d3b40a --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/ci/shmvolume-disabled-values.yaml @@ -0,0 +1,2 @@ +shmVolume: + enabled: false diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/files/README.md b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/files/README.md new file mode 100644 index 000000000..1813a2fea --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/files/README.md @@ -0,0 +1 @@ +Copy here your postgresql.conf and/or pg_hba.conf files to use it as a config map. diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/files/conf.d/README.md b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/files/conf.d/README.md new file mode 100644 index 000000000..184c1875d --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/files/conf.d/README.md @@ -0,0 +1,4 @@ +If you don't want to provide the whole configuration file and only specify certain parameters, you can copy here your extended `.conf` files. +These files will be injected as a config maps and add/overwrite the default configuration using the `include_dir` directive that allows settings to be loaded from files other than the default `postgresql.conf`. + +More info in the [bitnami-docker-postgresql README](https://github.com/bitnami/bitnami-docker-postgresql#configuration-file). diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/files/docker-entrypoint-initdb.d/README.md b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/files/docker-entrypoint-initdb.d/README.md new file mode 100644 index 000000000..cba38091e --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/files/docker-entrypoint-initdb.d/README.md @@ -0,0 +1,3 @@ +You can copy here your custom `.sh`, `.sql` or `.sql.gz` file so they are executed during the first boot of the image. + +More info in the [bitnami-docker-postgresql](https://github.com/bitnami/bitnami-docker-postgresql#initializing-a-new-instance) repository. \ No newline at end of file diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/NOTES.txt b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/NOTES.txt new file mode 100644 index 000000000..3b5e6c60d --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/NOTES.txt @@ -0,0 +1,60 @@ +** Please be patient while the chart is being deployed ** + +PostgreSQL can be accessed via port {{ template "postgresql.port" . }} on the following DNS name from within your cluster: + + {{ template "postgresql.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local - Read/Write connection +{{- if .Values.replication.enabled }} + {{ template "postgresql.fullname" . }}-read.{{ .Release.Namespace }}.svc.cluster.local - Read only connection +{{- end }} + +{{- if and .Values.postgresqlPostgresPassword (not (eq .Values.postgresqlUsername "postgres")) }} + +To get the password for "postgres" run: + + export POSTGRES_ADMIN_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "postgresql.secretName" . }} -o jsonpath="{.data.postgresql-postgres-password}" | base64 --decode) +{{- end }} + +To get the password for "{{ template "postgresql.username" . }}" run: + + export POSTGRES_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "postgresql.secretName" . }} -o jsonpath="{.data.postgresql-password}" | base64 --decode) + +To connect to your database run the following command: + + kubectl run {{ template "postgresql.fullname" . }}-client --rm --tty -i --restart='Never' --namespace {{ .Release.Namespace }} --image {{ template "postgresql.image" . }} --env="PGPASSWORD=$POSTGRES_PASSWORD" {{- if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }} + --labels="{{ template "postgresql.fullname" . }}-client=true" {{- end }} --command -- psql --host {{ template "postgresql.fullname" . }} -U {{ .Values.postgresqlUsername }} -d {{- if .Values.postgresqlDatabase }} {{ .Values.postgresqlDatabase }}{{- else }} postgres{{- end }} -p {{ template "postgresql.port" . }} + +{{ if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }} +Note: Since NetworkPolicy is enabled, only pods with label {{ template "postgresql.fullname" . }}-client=true" will be able to connect to this PostgreSQL cluster. +{{- end }} + +To connect to your database from outside the cluster execute the following commands: + +{{- if contains "NodePort" .Values.service.type }} + + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "postgresql.fullname" . }}) + {{ if (include "postgresql.password" . ) }}PGPASSWORD="$POSTGRES_PASSWORD" {{ end }}psql --host $NODE_IP --port $NODE_PORT -U {{ .Values.postgresqlUsername }} -d {{- if .Values.postgresqlDatabase }} {{ .Values.postgresqlDatabase }}{{- else }} postgres{{- end }} + +{{- else if contains "LoadBalancer" .Values.service.type }} + + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "postgresql.fullname" . }}' + + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "postgresql.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + {{ if (include "postgresql.password" . ) }}PGPASSWORD="$POSTGRES_PASSWORD" {{ end }}psql --host $SERVICE_IP --port {{ template "postgresql.port" . }} -U {{ .Values.postgresqlUsername }} -d {{- if .Values.postgresqlDatabase }} {{ .Values.postgresqlDatabase }}{{- else }} postgres{{- end }} + +{{- else if contains "ClusterIP" .Values.service.type }} + + kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "postgresql.fullname" . }} {{ template "postgresql.port" . }}:{{ template "postgresql.port" . }} & + {{ if (include "postgresql.password" . ) }}PGPASSWORD="$POSTGRES_PASSWORD" {{ end }}psql --host 127.0.0.1 -U {{ .Values.postgresqlUsername }} -d {{- if .Values.postgresqlDatabase }} {{ .Values.postgresqlDatabase }}{{- else }} postgres{{- end }} -p {{ template "postgresql.port" . }} + +{{- end }} + +{{- include "postgresql.validateValues" . -}} + +{{- if and (contains "bitnami/" .Values.image.repository) (not (.Values.image.tag | toString | regexFind "-r\\d+$|sha256:")) }} + +WARNING: Rolling tag detected ({{ .Values.image.repository }}:{{ .Values.image.tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment. ++info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/ + +{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/_helpers.tpl b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/_helpers.tpl new file mode 100644 index 000000000..708434856 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/_helpers.tpl @@ -0,0 +1,420 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "postgresql.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "postgresql.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "postgresql.master.fullname" -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- $fullname := default (printf "%s-%s" .Release.Name $name) .Values.fullnameOverride -}} +{{- if .Values.replication.enabled -}} +{{- printf "%s-%s" $fullname "master" | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s" $fullname | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for networkpolicy. +*/}} +{{- define "postgresql.networkPolicy.apiVersion" -}} +{{- if semverCompare ">=1.4-0, <1.7-0" .Capabilities.KubeVersion.GitVersion -}} +"extensions/v1beta1" +{{- else if semverCompare "^1.7-0" .Capabilities.KubeVersion.GitVersion -}} +"networking.k8s.io/v1" +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "postgresql.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Return the proper PostgreSQL image name +*/}} +{{- define "postgresql.image" -}} +{{- $registryName := .Values.image.registry -}} +{{- $repositoryName := .Values.image.repository -}} +{{- $tag := .Values.image.tag | toString -}} +{{/* +Helm 2.11 supports the assignment of a value to a variable defined in a different scope, +but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic. +Also, we can't use a single if because lazy evaluation is not an option +*/}} +{{- if .Values.global }} + {{- if .Values.global.imageRegistry }} + {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}} + {{- else -}} + {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} + {{- end -}} +{{- else -}} + {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} +{{- end -}} +{{- end -}} + +{{/* +Return PostgreSQL postgres user password +*/}} +{{- define "postgresql.postgres.password" -}} +{{- if .Values.global.postgresql.postgresqlPostgresPassword }} + {{- .Values.global.postgresql.postgresqlPostgresPassword -}} +{{- else if .Values.postgresqlPostgresPassword -}} + {{- .Values.postgresqlPostgresPassword -}} +{{- else -}} + {{- randAlphaNum 10 -}} +{{- end -}} +{{- end -}} + +{{/* +Return PostgreSQL password +*/}} +{{- define "postgresql.password" -}} +{{- if .Values.global.postgresql.postgresqlPassword }} + {{- .Values.global.postgresql.postgresqlPassword -}} +{{- else if .Values.postgresqlPassword -}} + {{- .Values.postgresqlPassword -}} +{{- else -}} + {{- randAlphaNum 10 -}} +{{- end -}} +{{- end -}} + +{{/* +Return PostgreSQL replication password +*/}} +{{- define "postgresql.replication.password" -}} +{{- if .Values.global.postgresql.replicationPassword }} + {{- .Values.global.postgresql.replicationPassword -}} +{{- else if .Values.replication.password -}} + {{- .Values.replication.password -}} +{{- else -}} + {{- randAlphaNum 10 -}} +{{- end -}} +{{- end -}} + +{{/* +Return PostgreSQL username +*/}} +{{- define "postgresql.username" -}} +{{- if .Values.global.postgresql.postgresqlUsername }} + {{- .Values.global.postgresql.postgresqlUsername -}} +{{- else -}} + {{- .Values.postgresqlUsername -}} +{{- end -}} +{{- end -}} + + +{{/* +Return PostgreSQL replication username +*/}} +{{- define "postgresql.replication.username" -}} +{{- if .Values.global.postgresql.replicationUser }} + {{- .Values.global.postgresql.replicationUser -}} +{{- else -}} + {{- .Values.replication.user -}} +{{- end -}} +{{- end -}} + +{{/* +Return PostgreSQL port +*/}} +{{- define "postgresql.port" -}} +{{- if .Values.global.postgresql.servicePort }} + {{- .Values.global.postgresql.servicePort -}} +{{- else -}} + {{- .Values.service.port -}} +{{- end -}} +{{- end -}} + +{{/* +Return PostgreSQL created database +*/}} +{{- define "postgresql.database" -}} +{{- if .Values.global.postgresql.postgresqlDatabase }} + {{- .Values.global.postgresql.postgresqlDatabase -}} +{{- else if .Values.postgresqlDatabase -}} + {{- .Values.postgresqlDatabase -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper image name to change the volume permissions +*/}} +{{- define "postgresql.volumePermissions.image" -}} +{{- $registryName := .Values.volumePermissions.image.registry -}} +{{- $repositoryName := .Values.volumePermissions.image.repository -}} +{{- $tag := .Values.volumePermissions.image.tag | toString -}} +{{/* +Helm 2.11 supports the assignment of a value to a variable defined in a different scope, +but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic. +Also, we can't use a single if because lazy evaluation is not an option +*/}} +{{- if .Values.global }} + {{- if .Values.global.imageRegistry }} + {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}} + {{- else -}} + {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} + {{- end -}} +{{- else -}} + {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper PostgreSQL metrics image name +*/}} +{{- define "postgresql.metrics.image" -}} +{{- $registryName := default "docker.io" .Values.metrics.image.registry -}} +{{- $repositoryName := .Values.metrics.image.repository -}} +{{- $tag := default "latest" .Values.metrics.image.tag | toString -}} +{{/* +Helm 2.11 supports the assignment of a value to a variable defined in a different scope, +but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic. +Also, we can't use a single if because lazy evaluation is not an option +*/}} +{{- if .Values.global }} + {{- if .Values.global.imageRegistry }} + {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}} + {{- else -}} + {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} + {{- end -}} +{{- else -}} + {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} +{{- end -}} +{{- end -}} + +{{/* +Get the password secret. +*/}} +{{- define "postgresql.secretName" -}} +{{- if .Values.global.postgresql.existingSecret }} + {{- printf "%s" (tpl .Values.global.postgresql.existingSecret $) -}} +{{- else if .Values.existingSecret -}} + {{- printf "%s" (tpl .Values.existingSecret $) -}} +{{- else -}} + {{- printf "%s" (include "postgresql.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a secret object should be created +*/}} +{{- define "postgresql.createSecret" -}} +{{- if .Values.global.postgresql.existingSecret }} +{{- else if .Values.existingSecret -}} +{{- else -}} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Get the configuration ConfigMap name. +*/}} +{{- define "postgresql.configurationCM" -}} +{{- if .Values.configurationConfigMap -}} +{{- printf "%s" (tpl .Values.configurationConfigMap $) -}} +{{- else -}} +{{- printf "%s-configuration" (include "postgresql.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Get the extended configuration ConfigMap name. +*/}} +{{- define "postgresql.extendedConfigurationCM" -}} +{{- if .Values.extendedConfConfigMap -}} +{{- printf "%s" (tpl .Values.extendedConfConfigMap $) -}} +{{- else -}} +{{- printf "%s-extended-configuration" (include "postgresql.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Get the initialization scripts ConfigMap name. +*/}} +{{- define "postgresql.initdbScriptsCM" -}} +{{- if .Values.initdbScriptsConfigMap -}} +{{- printf "%s" (tpl .Values.initdbScriptsConfigMap $) -}} +{{- else -}} +{{- printf "%s-init-scripts" (include "postgresql.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Get the initialization scripts Secret name. +*/}} +{{- define "postgresql.initdbScriptsSecret" -}} +{{- printf "%s" (tpl .Values.initdbScriptsSecret $) -}} +{{- end -}} + +{{/* +Get the metrics ConfigMap name. +*/}} +{{- define "postgresql.metricsCM" -}} +{{- printf "%s-metrics" (include "postgresql.fullname" .) -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "postgresql.imagePullSecrets" -}} +{{/* +Helm 2.11 supports the assignment of a value to a variable defined in a different scope, +but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic. +Also, we can not use a single if because lazy evaluation is not an option +*/}} +{{- if .Values.global }} +{{- if .Values.global.imagePullSecrets }} +imagePullSecrets: +{{- range .Values.global.imagePullSecrets }} + - name: {{ . }} +{{- end }} +{{- else if or .Values.image.pullSecrets .Values.metrics.image.pullSecrets .Values.volumePermissions.image.pullSecrets }} +imagePullSecrets: +{{- range .Values.image.pullSecrets }} + - name: {{ . }} +{{- end }} +{{- range .Values.metrics.image.pullSecrets }} + - name: {{ . }} +{{- end }} +{{- range .Values.volumePermissions.image.pullSecrets }} + - name: {{ . }} +{{- end }} +{{- end -}} +{{- else if or .Values.image.pullSecrets .Values.metrics.image.pullSecrets .Values.volumePermissions.image.pullSecrets }} +imagePullSecrets: +{{- range .Values.image.pullSecrets }} + - name: {{ . }} +{{- end }} +{{- range .Values.metrics.image.pullSecrets }} + - name: {{ . }} +{{- end }} +{{- range .Values.volumePermissions.image.pullSecrets }} + - name: {{ . }} +{{- end }} +{{- end -}} +{{- end -}} + +{{/* +Get the readiness probe command +*/}} +{{- define "postgresql.readinessProbeCommand" -}} +- | +{{- if (include "postgresql.database" .) }} + exec pg_isready -U {{ include "postgresql.username" . | quote }} -d {{ (include "postgresql.database" .) | quote }} -h 127.0.0.1 -p {{ template "postgresql.port" . }} +{{- else }} + exec pg_isready -U {{ include "postgresql.username" . | quote }} -h 127.0.0.1 -p {{ template "postgresql.port" . }} +{{- end }} +{{- if contains "bitnami/" .Values.image.repository }} + [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ] +{{- end -}} +{{- end -}} + +{{/* +Return the proper Storage Class +*/}} +{{- define "postgresql.storageClass" -}} +{{/* +Helm 2.11 supports the assignment of a value to a variable defined in a different scope, +but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic. +*/}} +{{- if .Values.global -}} + {{- if .Values.global.storageClass -}} + {{- if (eq "-" .Values.global.storageClass) -}} + {{- printf "storageClassName: \"\"" -}} + {{- else }} + {{- printf "storageClassName: %s" .Values.global.storageClass -}} + {{- end -}} + {{- else -}} + {{- if .Values.persistence.storageClass -}} + {{- if (eq "-" .Values.persistence.storageClass) -}} + {{- printf "storageClassName: \"\"" -}} + {{- else }} + {{- printf "storageClassName: %s" .Values.persistence.storageClass -}} + {{- end -}} + {{- end -}} + {{- end -}} +{{- else -}} + {{- if .Values.persistence.storageClass -}} + {{- if (eq "-" .Values.persistence.storageClass) -}} + {{- printf "storageClassName: \"\"" -}} + {{- else }} + {{- printf "storageClassName: %s" .Values.persistence.storageClass -}} + {{- end -}} + {{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Renders a value that contains template. +Usage: +{{ include "postgresql.tplValue" ( dict "value" .Values.path.to.the.Value "context" $) }} +*/}} +{{- define "postgresql.tplValue" -}} + {{- if typeIs "string" .value }} + {{- tpl .value .context }} + {{- else }} + {{- tpl (.value | toYaml) .context }} + {{- end }} +{{- end -}} + +{{/* +Return the appropriate apiVersion for statefulset. +*/}} +{{- define "postgresql.statefulset.apiVersion" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "apps/v1beta2" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Compile all warnings into a single message, and call fail. +*/}} +{{- define "postgresql.validateValues" -}} +{{- $messages := list -}} +{{- $messages := append $messages (include "postgresql.validateValues.ldapConfigurationMethod" .) -}} +{{- $messages := without $messages "" -}} +{{- $message := join "\n" $messages -}} + +{{- if $message -}} +{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} +{{- end -}} +{{- end -}} + +{{/* +Validate values of Postgresql - If ldap.url is used then you don't need the other settings for ldap +*/}} +{{- define "postgresql.validateValues.ldapConfigurationMethod" -}} +{{- if and .Values.ldap.enabled (and (not (empty .Values.ldap.url)) (not (empty .Values.ldap.server))) }} +postgresql: ldap.url, ldap.server + You cannot set both `ldap.url` and `ldap.server` at the same time. + Please provide a unique way to configure LDAP. + More info at https://www.postgresql.org/docs/current/auth-ldap.html +{{- end -}} +{{- end -}} diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/configmap.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/configmap.yaml new file mode 100644 index 000000000..d2178c077 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/configmap.yaml @@ -0,0 +1,26 @@ +{{ if and (or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration) (not .Values.configurationConfigMap) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "postgresql.fullname" . }}-configuration + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} +data: +{{- if (.Files.Glob "files/postgresql.conf") }} +{{ (.Files.Glob "files/postgresql.conf").AsConfig | indent 2 }} +{{- else if .Values.postgresqlConfiguration }} + postgresql.conf: | +{{- range $key, $value := default dict .Values.postgresqlConfiguration }} + {{ $key | snakecase }}={{ $value }} +{{- end }} +{{- end }} +{{- if (.Files.Glob "files/pg_hba.conf") }} +{{ (.Files.Glob "files/pg_hba.conf").AsConfig | indent 2 }} +{{- else if .Values.pgHbaConfiguration }} + pg_hba.conf: | +{{ .Values.pgHbaConfiguration | indent 4 }} +{{- end }} +{{ end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/extended-config-configmap.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/extended-config-configmap.yaml new file mode 100644 index 000000000..8a4119578 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/extended-config-configmap.yaml @@ -0,0 +1,21 @@ +{{- if and (or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf) (not .Values.extendedConfConfigMap)}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "postgresql.fullname" . }}-extended-configuration + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} +data: +{{- with .Files.Glob "files/conf.d/*.conf" }} +{{ .AsConfig | indent 2 }} +{{- end }} +{{ with .Values.postgresqlExtendedConf }} + override.conf: | +{{- range $key, $value := . }} + {{ $key | snakecase }}={{ $value }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/initialization-configmap.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/initialization-configmap.yaml new file mode 100644 index 000000000..8eb5e0588 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/initialization-configmap.yaml @@ -0,0 +1,24 @@ +{{- if and (or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScripts) (not .Values.initdbScriptsConfigMap) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "postgresql.fullname" . }}-init-scripts + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} +{{- with .Files.Glob "files/docker-entrypoint-initdb.d/*.sql.gz" }} +binaryData: +{{- range $path, $bytes := . }} + {{ base $path }}: {{ $.Files.Get $path | b64enc | quote }} +{{- end }} +{{- end }} +data: +{{- with .Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql}" }} +{{ .AsConfig | indent 2 }} +{{- end }} +{{- with .Values.initdbScripts }} +{{ toYaml . | indent 2 }} +{{- end }} +{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/metrics-configmap.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/metrics-configmap.yaml new file mode 100644 index 000000000..524aa2f6a --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/metrics-configmap.yaml @@ -0,0 +1,13 @@ +{{- if and .Values.metrics.enabled .Values.metrics.customMetrics }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "postgresql.metricsCM" . }} + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} +data: + custom-metrics.yaml: {{ toYaml .Values.metrics.customMetrics | quote }} +{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/metrics-svc.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/metrics-svc.yaml new file mode 100644 index 000000000..c610f09af --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/metrics-svc.yaml @@ -0,0 +1,26 @@ +{{- if .Values.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "postgresql.fullname" . }}-metrics + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} + annotations: +{{ toYaml .Values.metrics.service.annotations | indent 4 }} +spec: + type: {{ .Values.metrics.service.type }} + {{- if and (eq .Values.metrics.service.type "LoadBalancer") .Values.metrics.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.metrics.service.loadBalancerIP }} + {{- end }} + ports: + - name: http-metrics + port: 9187 + targetPort: http-metrics + selector: + app: {{ template "postgresql.name" . }} + release: {{ .Release.Name }} + role: master +{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/networkpolicy.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/networkpolicy.yaml new file mode 100644 index 000000000..ea1fc9b3a --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/networkpolicy.yaml @@ -0,0 +1,38 @@ +{{- if .Values.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ template "postgresql.networkPolicy.apiVersion" . }} +metadata: + name: {{ template "postgresql.fullname" . }} + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} +spec: + podSelector: + matchLabels: + app: {{ template "postgresql.name" . }} + release: {{ .Release.Name | quote }} + ingress: + # Allow inbound connections + - ports: + - port: {{ template "postgresql.port" . }} + {{- if not .Values.networkPolicy.allowExternal }} + from: + - podSelector: + matchLabels: + {{ template "postgresql.fullname" . }}-client: "true" + {{- if .Values.networkPolicy.explicitNamespacesSelector }} + namespaceSelector: +{{ toYaml .Values.networkPolicy.explicitNamespacesSelector | indent 12 }} + {{- end }} + - podSelector: + matchLabels: + app: {{ template "postgresql.name" . }} + release: {{ .Release.Name | quote }} + role: slave + {{- end }} + # Allow prometheus scrapes + - ports: + - port: 9187 +{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/prometheusrule.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/prometheusrule.yaml new file mode 100644 index 000000000..44f1242dd --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/prometheusrule.yaml @@ -0,0 +1,23 @@ +{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ template "postgresql.fullname" . }} +{{- with .Values.metrics.prometheusRule.namespace }} + namespace: {{ . }} +{{- end }} + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} +{{- with .Values.metrics.prometheusRule.additionalLabels }} +{{ toYaml . | indent 4 }} +{{- end }} +spec: +{{- with .Values.metrics.prometheusRule.rules }} + groups: + - name: {{ template "postgresql.name" $ }} + rules: {{ tpl (toYaml .) $ | nindent 8 }} +{{- end }} +{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/secrets.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/secrets.yaml new file mode 100644 index 000000000..094d18b49 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/secrets.yaml @@ -0,0 +1,23 @@ +{{- if (include "postgresql.createSecret" .) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "postgresql.fullname" . }} + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} +type: Opaque +data: + {{- if and .Values.postgresqlPostgresPassword (not (eq .Values.postgresqlUsername "postgres")) }} + postgresql-postgres-password: {{ include "postgresql.postgres.password" . | b64enc | quote }} + {{- end }} + postgresql-password: {{ include "postgresql.password" . | b64enc | quote }} + {{- if .Values.replication.enabled }} + postgresql-replication-password: {{ include "postgresql.replication.password" . | b64enc | quote }} + {{- end }} + {{- if (and .Values.ldap.enabled .Values.ldap.bind_password)}} + postgresql-ldap-password: {{ .Values.ldap.bind_password | b64enc | quote }} + {{- end }} +{{- end -}} diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/serviceaccount.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/serviceaccount.yaml new file mode 100644 index 000000000..27e5b516e --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/serviceaccount.yaml @@ -0,0 +1,11 @@ +{{- if and (.Values.serviceAccount.enabled) (not .Values.serviceAccount.name) }} +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} + name: {{ template "postgresql.fullname" . }} +{{- end }} \ No newline at end of file diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/servicemonitor.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/servicemonitor.yaml new file mode 100644 index 000000000..f3a529a96 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/servicemonitor.yaml @@ -0,0 +1,33 @@ +{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "postgresql.fullname" . }} + {{- if .Values.metrics.serviceMonitor.namespace }} + namespace: {{ .Values.metrics.serviceMonitor.namespace }} + {{- end }} + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} + {{- if .Values.metrics.serviceMonitor.additionalLabels }} +{{ toYaml .Values.metrics.serviceMonitor.additionalLabels | indent 4 }} + {{- end }} +spec: + endpoints: + - port: http-metrics + {{- if .Values.metrics.serviceMonitor.interval }} + interval: {{ .Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + selector: + matchLabels: + app: {{ template "postgresql.name" . }} + release: {{ .Release.Name }} +{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/statefulset-slaves.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/statefulset-slaves.yaml new file mode 100644 index 000000000..b6d607672 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/statefulset-slaves.yaml @@ -0,0 +1,299 @@ +{{- if .Values.replication.enabled }} +apiVersion: {{ template "postgresql.statefulset.apiVersion" . }} +kind: StatefulSet +metadata: + name: "{{ template "postgresql.fullname" . }}-slave" + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} +{{- with .Values.slave.labels }} +{{ toYaml . | indent 4 }} +{{- end }} +{{- with .Values.slave.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: + serviceName: {{ template "postgresql.fullname" . }}-headless + replicas: {{ .Values.replication.slaveReplicas }} + selector: + matchLabels: + app: {{ template "postgresql.name" . }} + release: {{ .Release.Name | quote }} + role: slave + template: + metadata: + name: {{ template "postgresql.fullname" . }} + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} + role: slave +{{- with .Values.slave.podLabels }} +{{ toYaml . | indent 8 }} +{{- end }} +{{- with .Values.slave.podAnnotations }} + annotations: +{{ toYaml . | indent 8 }} +{{- end }} + spec: + {{- if .Values.schedulerName }} + schedulerName: "{{ .Values.schedulerName }}" + {{- end }} +{{- include "postgresql.imagePullSecrets" . | indent 6 }} + {{- if .Values.slave.nodeSelector }} + nodeSelector: +{{ toYaml .Values.slave.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.slave.affinity }} + affinity: +{{ toYaml .Values.slave.affinity | indent 8 }} + {{- end }} + {{- if .Values.slave.tolerations }} + tolerations: +{{ toYaml .Values.slave.tolerations | indent 8 }} + {{- end }} + {{- if .Values.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} + {{- end }} + {{- if .Values.securityContext.enabled }} + securityContext: + fsGroup: {{ .Values.securityContext.fsGroup }} + {{- end }} + {{- if .Values.serviceAccount.enabled }} + serviceAccountName: {{ default (include "postgresql.fullname" . ) .Values.serviceAccount.name}} + {{- end }} + {{- if or .Values.slave.extraInitContainers (and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled))) }} + initContainers: + {{- if and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled)) }} + - name: init-chmod-data + image: {{ template "postgresql.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + command: + - /bin/sh + - -cx + - | + {{ if .Values.persistence.enabled }} + mkdir -p {{ .Values.persistence.mountPath }}/conf {{ .Values.persistence.mountPath }}/data + chmod 700 {{ .Values.persistence.mountPath }}/conf {{ .Values.persistence.mountPath }}/data + find {{ .Values.persistence.mountPath }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | \ + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + xargs chown -R `id -u`:`id -G | cut -d " " -f2` + {{- else }} + xargs chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} + {{- end }} + {{- end }} + {{- if and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled }} + chmod -R 777 /dev/shm + {{- end }} + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + securityContext: + {{- else }} + securityContext: + runAsUser: {{ .Values.volumePermissions.securityContext.runAsUser }} + {{- end }} + volumeMounts: + {{ if .Values.persistence.enabled }} + - name: data + mountPath: {{ .Values.persistence.mountPath }} + subPath: {{ .Values.persistence.subPath }} + {{- end }} + {{- if .Values.shmVolume.enabled }} + - name: dshm + mountPath: /dev/shm + {{- end }} + {{- end }} + {{- if .Values.slave.extraInitContainers }} +{{ tpl .Values.slave.extraInitContainers . | indent 8 }} + {{- end }} + {{- end }} + {{- if .Values.slave.priorityClassName }} + priorityClassName: {{ .Values.slave.priorityClassName }} + {{- end }} + containers: + - name: {{ template "postgresql.fullname" . }} + image: {{ template "postgresql.image" . }} + imagePullPolicy: "{{ .Values.image.pullPolicy }}" + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + {{- if .Values.securityContext.enabled }} + securityContext: + runAsUser: {{ .Values.securityContext.runAsUser }} + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" .Values.image.debug | quote }} + - name: POSTGRESQL_VOLUME_DIR + value: "{{ .Values.persistence.mountPath }}" + - name: POSTGRESQL_PORT_NUMBER + value: "{{ template "postgresql.port" . }}" + {{- if .Values.persistence.mountPath }} + - name: PGDATA + value: {{ .Values.postgresqlDataDir | quote }} + {{- end }} + - name: POSTGRES_REPLICATION_MODE + value: "slave" + - name: POSTGRES_REPLICATION_USER + value: {{ include "postgresql.replication.username" . | quote }} + {{- if .Values.usePasswordFile }} + - name: POSTGRES_REPLICATION_PASSWORD_FILE + value: "/opt/bitnami/postgresql/secrets/postgresql-replication-password" + {{- else }} + - name: POSTGRES_REPLICATION_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "postgresql.secretName" . }} + key: postgresql-replication-password + {{- end }} + - name: POSTGRES_CLUSTER_APP_NAME + value: {{ .Values.replication.applicationName }} + - name: POSTGRES_MASTER_HOST + value: {{ template "postgresql.fullname" . }} + - name: POSTGRES_MASTER_PORT_NUMBER + value: {{ include "postgresql.port" . | quote }} + {{- if and .Values.postgresqlPostgresPassword (not (eq .Values.postgresqlUsername "postgres")) }} + {{- if .Values.usePasswordFile }} + - name: POSTGRES_POSTGRES_PASSWORD_FILE + value: "/opt/bitnami/postgresql/secrets/postgresql-postgres-password" + {{- else }} + - name: POSTGRES_POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "postgresql.secretName" . }} + key: postgresql-postgres-password + {{- end }} + {{- end }} + {{- if .Values.usePasswordFile }} + - name: POSTGRES_PASSWORD_FILE + value: "/opt/bitnami/postgresql/secrets/postgresql-password" + {{- else }} + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "postgresql.secretName" . }} + key: postgresql-password + {{- end }} + ports: + - name: tcp-postgresql + containerPort: {{ template "postgresql.port" . }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: + exec: + command: + - /bin/sh + - -c + {{- if (include "postgresql.database" .) }} + - exec pg_isready -U {{ include "postgresql.username" . | quote }} -d {{ (include "postgresql.database" .) | quote }} -h 127.0.0.1 -p {{ template "postgresql.port" . }} + {{- else }} + - exec pg_isready -U {{ include "postgresql.username" . | quote }} -h 127.0.0.1 -p {{ template "postgresql.port" . }} + {{- end }} + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: + exec: + command: + - /bin/sh + - -c + - -e + {{- include "postgresql.readinessProbeCommand" . | nindent 16 }} + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + {{- end }} + volumeMounts: + {{- if .Values.usePasswordFile }} + - name: postgresql-password + mountPath: /opt/bitnami/postgresql/secrets/ + {{- end }} + {{- if .Values.shmVolume.enabled }} + - name: dshm + mountPath: /dev/shm + {{- end }} + {{- if .Values.persistence.enabled }} + - name: data + mountPath: {{ .Values.persistence.mountPath }} + subPath: {{ .Values.persistence.subPath }} + {{ end }} + {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }} + - name: postgresql-extended-config + mountPath: /bitnami/postgresql/conf/conf.d/ + {{- end }} + {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap }} + - name: postgresql-config + mountPath: /bitnami/postgresql/conf + {{- end }} + {{- if .Values.slave.extraVolumeMounts }} + {{- toYaml .Values.slave.extraVolumeMounts | nindent 12 }} + {{- end }} +{{- if .Values.slave.sidecars }} +{{- include "postgresql.tplValue" ( dict "value" .Values.slave.sidecars "context" $ ) | nindent 8 }} +{{- end }} + volumes: + {{- if .Values.usePasswordFile }} + - name: postgresql-password + secret: + secretName: {{ template "postgresql.secretName" . }} + {{- end }} + {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap}} + - name: postgresql-config + configMap: + name: {{ template "postgresql.configurationCM" . }} + {{- end }} + {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }} + - name: postgresql-extended-config + configMap: + name: {{ template "postgresql.extendedConfigurationCM" . }} + {{- end }} + {{- if .Values.shmVolume.enabled }} + - name: dshm + emptyDir: + medium: Memory + sizeLimit: 1Gi + {{- end }} + {{- if not .Values.persistence.enabled }} + - name: data + emptyDir: {} + {{- end }} + {{- if .Values.slave.extraVolumes }} + {{- toYaml .Values.slave.extraVolumes | nindent 8 }} + {{- end }} + updateStrategy: + type: {{ .Values.updateStrategy.type }} + {{- if (eq "Recreate" .Values.updateStrategy.type) }} + rollingUpdate: null + {{- end }} +{{- if .Values.persistence.enabled }} + volumeClaimTemplates: + - metadata: + name: data + {{- with .Values.persistence.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value }} + {{- end }} + {{- end }} + spec: + accessModes: + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{ include "postgresql.storageClass" . }} +{{- end }} +{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/statefulset.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/statefulset.yaml new file mode 100644 index 000000000..66eaa01d1 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/statefulset.yaml @@ -0,0 +1,453 @@ +apiVersion: {{ template "postgresql.statefulset.apiVersion" . }} +kind: StatefulSet +metadata: + name: {{ template "postgresql.master.fullname" . }} + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} + {{- with .Values.master.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.master.annotations }} + annotations: {{ toYaml . | nindent 4 }} + {{- end }} +spec: + serviceName: {{ template "postgresql.fullname" . }}-headless + replicas: 1 + updateStrategy: + type: {{ .Values.updateStrategy.type }} + {{- if (eq "Recreate" .Values.updateStrategy.type) }} + rollingUpdate: null + {{- end }} + selector: + matchLabels: + app: {{ template "postgresql.name" . }} + release: {{ .Release.Name | quote }} + role: master + template: + metadata: + name: {{ template "postgresql.fullname" . }} + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} + role: master + {{- with .Values.master.podLabels }} + {{- toYaml . | indent 8 }} + {{- end }} + {{- with .Values.master.podAnnotations }} + annotations: {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- if .Values.schedulerName }} + schedulerName: "{{ .Values.schedulerName }}" + {{- end }} +{{- include "postgresql.imagePullSecrets" . | indent 6 }} + {{- if .Values.master.nodeSelector }} + nodeSelector: {{- toYaml .Values.master.nodeSelector | nindent 8 }} + {{- end }} + {{- if .Values.master.affinity }} + affinity: {{- toYaml .Values.master.affinity | nindent 8 }} + {{- end }} + {{- if .Values.master.tolerations }} + tolerations: {{- toYaml .Values.master.tolerations | nindent 8 }} + {{- end }} + {{- if .Values.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} + {{- end }} + {{- if .Values.securityContext.enabled }} + securityContext: + fsGroup: {{ .Values.securityContext.fsGroup }} + {{- end }} + {{- if .Values.serviceAccount.enabled }} + serviceAccountName: {{ default (include "postgresql.fullname" . ) .Values.serviceAccount.name }} + {{- end }} + {{- if or .Values.master.extraInitContainers (and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled))) }} + initContainers: + {{- if and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled)) }} + - name: init-chmod-data + image: {{ template "postgresql.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + command: + - /bin/sh + - -cx + - | + {{- if .Values.persistence.enabled }} + mkdir -p {{ .Values.persistence.mountPath }}/conf {{ .Values.persistence.mountPath }}/data + chmod 700 {{ .Values.persistence.mountPath }}/conf {{ .Values.persistence.mountPath }}/data + find {{ .Values.persistence.mountPath }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | \ + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + xargs chown -R `id -u`:`id -G | cut -d " " -f2` + {{- else }} + xargs chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} + {{- end }} + {{- end }} + {{- if and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled }} + chmod -R 777 /dev/shm + {{- end }} + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + securityContext: + {{- else }} + securityContext: + runAsUser: {{ .Values.volumePermissions.securityContext.runAsUser }} + {{- end }} + volumeMounts: + {{- if .Values.persistence.enabled }} + - name: data + mountPath: {{ .Values.persistence.mountPath }} + subPath: {{ .Values.persistence.subPath }} + {{- end }} + {{- if .Values.shmVolume.enabled }} + - name: dshm + mountPath: /dev/shm + {{- end }} + {{- end }} + {{- if .Values.master.extraInitContainers }} + {{- tpl .Values.master.extraInitContainers . | nindent 8 }} + {{- end }} + {{- end }} + {{- if .Values.master.priorityClassName }} + priorityClassName: {{ .Values.master.priorityClassName }} + {{- end }} + containers: + - name: {{ template "postgresql.fullname" . }} + image: {{ template "postgresql.image" . }} + imagePullPolicy: "{{ .Values.image.pullPolicy }}" + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + {{- if .Values.securityContext.enabled }} + securityContext: + runAsUser: {{ .Values.securityContext.runAsUser }} + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" .Values.image.debug | quote }} + - name: POSTGRESQL_PORT_NUMBER + value: "{{ template "postgresql.port" . }}" + - name: POSTGRESQL_VOLUME_DIR + value: "{{ .Values.persistence.mountPath }}" + {{- if .Values.postgresqlInitdbArgs }} + - name: POSTGRES_INITDB_ARGS + value: {{ .Values.postgresqlInitdbArgs | quote }} + {{- end }} + {{- if .Values.postgresqlInitdbWalDir }} + - name: POSTGRES_INITDB_WALDIR + value: {{ .Values.postgresqlInitdbWalDir | quote }} + {{- end }} + {{- if .Values.initdbUser }} + - name: POSTGRESQL_INITSCRIPTS_USERNAME + value: {{ .Values.initdbUser }} + {{- end }} + {{- if .Values.initdbPassword }} + - name: POSTGRESQL_INITSCRIPTS_PASSWORD + value: {{ .Values.initdbPassword }} + {{- end }} + {{- if .Values.persistence.mountPath }} + - name: PGDATA + value: {{ .Values.postgresqlDataDir | quote }} + {{- end }} + {{- if .Values.replication.enabled }} + - name: POSTGRES_REPLICATION_MODE + value: "master" + - name: POSTGRES_REPLICATION_USER + value: {{ include "postgresql.replication.username" . | quote }} + {{- if .Values.usePasswordFile }} + - name: POSTGRES_REPLICATION_PASSWORD_FILE + value: "/opt/bitnami/postgresql/secrets/postgresql-replication-password" + {{- else }} + - name: POSTGRES_REPLICATION_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "postgresql.secretName" . }} + key: postgresql-replication-password + {{- end }} + {{- if not (eq .Values.replication.synchronousCommit "off")}} + - name: POSTGRES_SYNCHRONOUS_COMMIT_MODE + value: {{ .Values.replication.synchronousCommit | quote }} + - name: POSTGRES_NUM_SYNCHRONOUS_REPLICAS + value: {{ .Values.replication.numSynchronousReplicas | quote }} + {{- end }} + - name: POSTGRES_CLUSTER_APP_NAME + value: {{ .Values.replication.applicationName }} + {{- end }} + {{- if and .Values.postgresqlPostgresPassword (not (eq .Values.postgresqlUsername "postgres")) }} + {{- if .Values.usePasswordFile }} + - name: POSTGRES_POSTGRES_PASSWORD_FILE + value: "/opt/bitnami/postgresql/secrets/postgresql-postgres-password" + {{- else }} + - name: POSTGRES_POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "postgresql.secretName" . }} + key: postgresql-postgres-password + {{- end }} + {{- end }} + - name: POSTGRES_USER + value: {{ include "postgresql.username" . | quote }} + {{- if .Values.usePasswordFile }} + - name: POSTGRES_PASSWORD_FILE + value: "/opt/bitnami/postgresql/secrets/postgresql-password" + {{- else }} + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "postgresql.secretName" . }} + key: postgresql-password + {{- end }} + {{- if (include "postgresql.database" .) }} + - name: POSTGRES_DB + value: {{ (include "postgresql.database" .) | quote }} + {{- end }} + {{- if .Values.extraEnv }} + {{- include "postgresql.tplValue" (dict "value" .Values.extraEnv "context" $) | nindent 12 }} + {{- end }} + - name: POSTGRESQL_ENABLE_LDAP + value: {{ ternary "yes" "no" .Values.ldap.enabled | quote }} + {{- if .Values.ldap.enabled }} + - name: POSTGRESQL_LDAP_SERVER + value: {{ .Values.ldap.server }} + - name: POSTGRESQL_LDAP_PORT + value: {{ .Values.ldap.port | quote }} + - name: POSTGRESQL_LDAP_SCHEME + value: {{ .Values.ldap.scheme }} + {{- if .Values.ldap.tls }} + - name: POSTGRESQL_LDAP_TLS + value: "1" + {{- end}} + - name: POSTGRESQL_LDAP_PREFIX + value: {{ .Values.ldap.prefix | quote }} + - name: POSTGRESQL_LDAP_SUFFIX + value: {{ .Values.ldap.suffix | quote}} + - name: POSTGRESQL_LDAP_BASE_DN + value: {{ .Values.ldap.baseDN }} + - name: POSTGRESQL_LDAP_BIND_DN + value: {{ .Values.ldap.bindDN }} + {{- if (not (empty .Values.ldap.bind_password)) }} + - name: POSTGRESQL_LDAP_BIND_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "postgresql.secretName" . }} + key: postgresql-ldap-password + {{- end}} + - name: POSTGRESQL_LDAP_SEARCH_ATTR + value: {{ .Values.ldap.search_attr }} + - name: POSTGRESQL_LDAP_SEARCH_FILTER + value: {{ .Values.ldap.search_filter }} + - name: POSTGRESQL_LDAP_URL + value: {{ .Values.ldap.url }} + {{- end}} + {{- if .Values.extraEnvVarsCM }} + envFrom: + - configMapRef: + name: {{ tpl .Values.extraEnvVarsCM . }} + {{- end }} + ports: + - name: tcp-postgresql + containerPort: {{ template "postgresql.port" . }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: + exec: + command: + - /bin/sh + - -c + {{- if (include "postgresql.database" .) }} + - exec pg_isready -U {{ include "postgresql.username" . | quote }} -d {{ (include "postgresql.database" .) | quote }} -h 127.0.0.1 -p {{ template "postgresql.port" . }} + {{- else }} + - exec pg_isready -U {{ include "postgresql.username" . | quote }} -h 127.0.0.1 -p {{ template "postgresql.port" . }} + {{- end }} + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: + exec: + command: + - /bin/sh + - -c + - -e + {{- include "postgresql.readinessProbeCommand" . | nindent 16 }} + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + {{- end }} + volumeMounts: + {{- if or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScriptsConfigMap .Values.initdbScripts }} + - name: custom-init-scripts + mountPath: /docker-entrypoint-initdb.d/ + {{- end }} + {{- if .Values.initdbScriptsSecret }} + - name: custom-init-scripts-secret + mountPath: /docker-entrypoint-initdb.d/secret + {{- end }} + {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }} + - name: postgresql-extended-config + mountPath: /bitnami/postgresql/conf/conf.d/ + {{- end }} + {{- if .Values.usePasswordFile }} + - name: postgresql-password + mountPath: /opt/bitnami/postgresql/secrets/ + {{- end }} + {{- if .Values.shmVolume.enabled }} + - name: dshm + mountPath: /dev/shm + {{- end }} + {{- if .Values.persistence.enabled }} + - name: data + mountPath: {{ .Values.persistence.mountPath }} + subPath: {{ .Values.persistence.subPath }} + {{- end }} + {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap }} + - name: postgresql-config + mountPath: /bitnami/postgresql/conf + {{- end }} + {{- if .Values.master.extraVolumeMounts }} + {{- toYaml .Values.master.extraVolumeMounts | nindent 12 }} + {{- end }} +{{- if .Values.master.sidecars }} +{{- include "postgresql.tplValue" ( dict "value" .Values.master.sidecars "context" $ ) | nindent 8 }} +{{- end }} +{{- if .Values.metrics.enabled }} + - name: metrics + image: {{ template "postgresql.metrics.image" . }} + imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} + {{- if .Values.metrics.securityContext.enabled }} + securityContext: + runAsUser: {{ .Values.metrics.securityContext.runAsUser }} + {{- end }} + env: + {{- $database := required "In order to enable metrics you need to specify a database (.Values.postgresqlDatabase or .Values.global.postgresql.postgresqlDatabase)" (include "postgresql.database" .) }} + - name: DATA_SOURCE_URI + value: {{ printf "127.0.0.1:%d/%s?sslmode=disable" (int (include "postgresql.port" .)) $database | quote }} + {{- if .Values.usePasswordFile }} + - name: DATA_SOURCE_PASS_FILE + value: "/opt/bitnami/postgresql/secrets/postgresql-password" + {{- else }} + - name: DATA_SOURCE_PASS + valueFrom: + secretKeyRef: + name: {{ template "postgresql.secretName" . }} + key: postgresql-password + {{- end }} + - name: DATA_SOURCE_USER + value: {{ template "postgresql.username" . }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: / + port: http-metrics + initialDelaySeconds: {{ .Values.metrics.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.metrics.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.metrics.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.metrics.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.metrics.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: / + port: http-metrics + initialDelaySeconds: {{ .Values.metrics.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.metrics.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.metrics.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.metrics.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.metrics.readinessProbe.failureThreshold }} + {{- end }} + volumeMounts: + {{- if .Values.usePasswordFile }} + - name: postgresql-password + mountPath: /opt/bitnami/postgresql/secrets/ + {{- end }} + {{- if .Values.metrics.customMetrics }} + - name: custom-metrics + mountPath: /conf + readOnly: true + args: ["--extend.query-path", "/conf/custom-metrics.yaml"] + {{- end }} + ports: + - name: http-metrics + containerPort: 9187 + {{- if .Values.metrics.resources }} + resources: {{- toYaml .Values.metrics.resources | nindent 12 }} + {{- end }} +{{- end }} + volumes: + {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap}} + - name: postgresql-config + configMap: + name: {{ template "postgresql.configurationCM" . }} + {{- end }} + {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }} + - name: postgresql-extended-config + configMap: + name: {{ template "postgresql.extendedConfigurationCM" . }} + {{- end }} + {{- if .Values.usePasswordFile }} + - name: postgresql-password + secret: + secretName: {{ template "postgresql.secretName" . }} + {{- end }} + {{- if or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScriptsConfigMap .Values.initdbScripts }} + - name: custom-init-scripts + configMap: + name: {{ template "postgresql.initdbScriptsCM" . }} + {{- end }} + {{- if .Values.initdbScriptsSecret }} + - name: custom-init-scripts-secret + secret: + secretName: {{ template "postgresql.initdbScriptsSecret" . }} + {{- end }} + {{- if .Values.master.extraVolumes }} + {{- toYaml .Values.master.extraVolumes | nindent 8 }} + {{- end }} + {{- if and .Values.metrics.enabled .Values.metrics.customMetrics }} + - name: custom-metrics + configMap: + name: {{ template "postgresql.metricsCM" . }} + {{- end }} + {{- if .Values.shmVolume.enabled }} + - name: dshm + emptyDir: + medium: Memory + sizeLimit: 1Gi + {{- end }} +{{- if and .Values.persistence.enabled .Values.persistence.existingClaim }} + - name: data + persistentVolumeClaim: +{{- with .Values.persistence.existingClaim }} + claimName: {{ tpl . $ }} +{{- end }} +{{- else if not .Values.persistence.enabled }} + - name: data + emptyDir: {} +{{- else if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} + volumeClaimTemplates: + - metadata: + name: data + {{- with .Values.persistence.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value }} + {{- end }} + {{- end }} + spec: + accessModes: + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{ include "postgresql.storageClass" . }} +{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/svc-headless.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/svc-headless.yaml new file mode 100644 index 000000000..5c71f468d --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/svc-headless.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "postgresql.fullname" . }}-headless + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} +spec: + type: ClusterIP + clusterIP: None + ports: + - name: tcp-postgresql + port: {{ template "postgresql.port" . }} + targetPort: tcp-postgresql + selector: + app: {{ template "postgresql.name" . }} + release: {{ .Release.Name | quote }} diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/svc-read.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/svc-read.yaml new file mode 100644 index 000000000..92bdda80e --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/svc-read.yaml @@ -0,0 +1,42 @@ +{{- if .Values.replication.enabled }} +{{- $serviceAnnotations := coalesce .Values.slave.service.annotations .Values.service.annotations -}} +{{- $serviceType := coalesce .Values.slave.service.type .Values.service.type -}} +{{- $serviceLoadBalancerIP := coalesce .Values.slave.service.loadBalancerIP .Values.service.loadBalancerIP -}} +{{- $serviceLoadBalancerSourceRanges := coalesce .Values.slave.service.loadBalancerSourceRanges .Values.service.loadBalancerSourceRanges -}} +{{- $serviceClusterIP := coalesce .Values.slave.service.clusterIP .Values.service.clusterIP -}} +{{- $serviceNodePort := coalesce .Values.slave.service.nodePort .Values.service.nodePort -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "postgresql.fullname" . }}-read + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} + {{- if $serviceAnnotations }} + annotations: {{- include "postgresql.tplValue" (dict "value" $serviceAnnotations "context" $) | nindent 4 }} + {{- end }} +spec: + type: {{ $serviceType }} + {{- if and $serviceLoadBalancerIP (eq $serviceType "LoadBalancer") }} + loadBalancerIP: {{ $serviceLoadBalancerIP }} + {{- end }} + {{- if and (eq $serviceType "LoadBalancer") $serviceLoadBalancerSourceRanges }} + loadBalancerSourceRanges: {{- include "postgresql.tplValue" (dict "value" $serviceLoadBalancerSourceRanges "context" $) | nindent 4 }} + {{- end }} + {{- if and (eq $serviceType "ClusterIP") $serviceClusterIP }} + clusterIP: {{ $serviceClusterIP }} + {{- end }} + ports: + - name: tcp-postgresql + port: {{ template "postgresql.port" . }} + targetPort: tcp-postgresql + {{- if $serviceNodePort }} + nodePort: {{ $serviceNodePort }} + {{- end }} + selector: + app: {{ template "postgresql.name" . }} + release: {{ .Release.Name | quote }} + role: slave +{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/svc.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/svc.yaml new file mode 100644 index 000000000..299e8d0b7 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/templates/svc.yaml @@ -0,0 +1,40 @@ +{{- $serviceAnnotations := coalesce .Values.master.service.annotations .Values.service.annotations -}} +{{- $serviceType := coalesce .Values.master.service.type .Values.service.type -}} +{{- $serviceLoadBalancerIP := coalesce .Values.master.service.loadBalancerIP .Values.service.loadBalancerIP -}} +{{- $serviceLoadBalancerSourceRanges := coalesce .Values.master.service.loadBalancerSourceRanges .Values.service.loadBalancerSourceRanges -}} +{{- $serviceClusterIP := coalesce .Values.master.service.clusterIP .Values.service.clusterIP -}} +{{- $serviceNodePort := coalesce .Values.master.service.nodePort .Values.service.nodePort -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "postgresql.fullname" . }} + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} + {{- if $serviceAnnotations }} + annotations: {{- include "postgresql.tplValue" (dict "value" $serviceAnnotations "context" $) | nindent 4 }} + {{- end }} +spec: + type: {{ $serviceType }} + {{- if and $serviceLoadBalancerIP (eq $serviceType "LoadBalancer") }} + loadBalancerIP: {{ $serviceLoadBalancerIP }} + {{- end }} + {{- if and (eq $serviceType "LoadBalancer") $serviceLoadBalancerSourceRanges }} + loadBalancerSourceRanges: {{- include "postgresql.tplValue" (dict "value" $serviceLoadBalancerSourceRanges "context" $) | nindent 4 }} + {{- end }} + {{- if and (eq $serviceType "ClusterIP") $serviceClusterIP }} + clusterIP: {{ $serviceClusterIP }} + {{- end }} + ports: + - name: tcp-postgresql + port: {{ template "postgresql.port" . }} + targetPort: tcp-postgresql + {{- if $serviceNodePort }} + nodePort: {{ $serviceNodePort }} + {{- end }} + selector: + app: {{ template "postgresql.name" . }} + release: {{ .Release.Name | quote }} + role: master diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/values-production.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/values-production.yaml new file mode 100644 index 000000000..d34e326ee --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/values-production.yaml @@ -0,0 +1,542 @@ +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry and imagePullSecrets +## +global: + postgresql: {} +# imageRegistry: myRegistryName +# imagePullSecrets: +# - myRegistryKeySecretName +# storageClass: myStorageClass + +## Bitnami PostgreSQL image version +## ref: https://hub.docker.com/r/bitnami/postgresql/tags/ +## +image: + registry: docker.io + repository: bitnami/postgresql + tag: 11.7.0-debian-10-r65 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + + ## Set to true if you would like to see extra information on logs + ## It turns BASH and NAMI debugging in minideb + ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging + debug: false + +## String to partially override postgresql.fullname template (will maintain the release name) +## +# nameOverride: + +## String to fully override postgresql.fullname template +## +# fullnameOverride: + +## +## Init containers parameters: +## volumePermissions: Change the owner of the persist volume mountpoint to RunAsUser:fsGroup +## +volumePermissions: + enabled: false + image: + registry: docker.io + repository: bitnami/minideb + tag: buster + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: Always + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + ## Init container Security Context + ## Note: the chown of the data folder is done to securityContext.runAsUser + ## and not the below volumePermissions.securityContext.runAsUser + ## When runAsUser is set to special value "auto", init container will try to chwon the + ## data folder to autodetermined user&group, using commands: `id -u`:`id -G | cut -d" " -f2` + ## "auto" is especially useful for OpenShift which has scc with dynamic userids (and 0 is not allowed). + ## You may want to use this volumePermissions.securityContext.runAsUser="auto" in combination with + ## pod securityContext.enabled=false and shmVolume.chmod.enabled=false + ## + securityContext: + runAsUser: 0 + +## Use an alternate scheduler, e.g. "stork". +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +# schedulerName: + +## Pod Security Context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +## +securityContext: + enabled: true + fsGroup: 1001 + runAsUser: 1001 + +## Pod Service Account +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ +serviceAccount: + enabled: false + ## Name of an already existing service account. Setting this value disables the automatic service account creation. + # name: + +replication: + enabled: true + user: repl_user + password: repl_password + slaveReplicas: 2 + ## Set synchronous commit mode: on, off, remote_apply, remote_write and local + ## ref: https://www.postgresql.org/docs/9.6/runtime-config-wal.html#GUC-WAL-LEVEL + synchronousCommit: "on" + ## From the number of `slaveReplicas` defined above, set the number of those that will have synchronous replication + ## NOTE: It cannot be > slaveReplicas + numSynchronousReplicas: 1 + ## Replication Cluster application name. Useful for defining multiple replication policies + applicationName: my_application + +## PostgreSQL admin password (used when `postgresqlUsername` is not `postgres`) +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-user-on-first-run (see note!) +# postgresqlPostgresPassword: + +## PostgreSQL user (has superuser privileges if username is `postgres`) +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run +postgresqlUsername: postgres + +## PostgreSQL password +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run +## +# postgresqlPassword: + +## PostgreSQL password using existing secret +## existingSecret: secret + +## Mount PostgreSQL secret as a file instead of passing environment variable +# usePasswordFile: false + +## Create a database +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-on-first-run +## +# postgresqlDatabase: + +## PostgreSQL data dir +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md +## +postgresqlDataDir: /bitnami/postgresql/data + +## An array to add extra environment variables +## For example: +## extraEnv: +## - name: FOO +## value: "bar" +## +# extraEnv: +extraEnv: [] + +## Name of a ConfigMap containing extra env vars +## +# extraEnvVarsCM: + +## Specify extra initdb args +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md +## +# postgresqlInitdbArgs: + +## Specify a custom location for the PostgreSQL transaction log +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md +## +# postgresqlInitdbWalDir: + +## PostgreSQL configuration +## Specify runtime configuration parameters as a dict, using camelCase, e.g. +## {"sharedBuffers": "500MB"} +## Alternatively, you can put your postgresql.conf under the files/ directory +## ref: https://www.postgresql.org/docs/current/static/runtime-config.html +## +# postgresqlConfiguration: + +## PostgreSQL extended configuration +## As above, but _appended_ to the main configuration +## Alternatively, you can put your *.conf under the files/conf.d/ directory +## https://github.com/bitnami/bitnami-docker-postgresql#allow-settings-to-be-loaded-from-files-other-than-the-default-postgresqlconf +## +# postgresqlExtendedConf: + +## PostgreSQL client authentication configuration +## Specify content for pg_hba.conf +## Default: do not create pg_hba.conf +## Alternatively, you can put your pg_hba.conf under the files/ directory +# pgHbaConfiguration: |- +# local all all trust +# host all all localhost trust +# host mydatabase mysuser 192.168.0.0/24 md5 + +## ConfigMap with PostgreSQL configuration +## NOTE: This will override postgresqlConfiguration and pgHbaConfiguration +# configurationConfigMap: + +## ConfigMap with PostgreSQL extended configuration +# extendedConfConfigMap: + +## initdb scripts +## Specify dictionary of scripts to be run at first boot +## Alternatively, you can put your scripts under the files/docker-entrypoint-initdb.d directory +## +# initdbScripts: +# my_init_script.sh: | +# #!/bin/sh +# echo "Do something." + +## Specify the PostgreSQL username and password to execute the initdb scripts +# initdbUser: +# initdbPassword: + +## ConfigMap with scripts to be run at first boot +## NOTE: This will override initdbScripts +# initdbScriptsConfigMap: + +## Secret with scripts to be run at first boot (in case it contains sensitive information) +## NOTE: This can work along initdbScripts or initdbScriptsConfigMap +# initdbScriptsSecret: + +## Optional duration in seconds the pod needs to terminate gracefully. +## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods +## +# terminationGracePeriodSeconds: 30 + +## LDAP configuration +## +ldap: + enabled: false + url: "" + server: "" + port: "" + prefix: "" + suffix: "" + baseDN: "" + bindDN: "" + bind_password: + search_attr: "" + search_filter: "" + scheme: "" + tls: false + +## PostgreSQL service configuration +service: + ## PosgresSQL service type + type: ClusterIP + # clusterIP: None + port: 5432 + + ## Specify the nodePort value for the LoadBalancer and NodePort service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + # nodePort: + + ## Provide any additional annotations which may be required. Evaluated as a template. + ## + annotations: {} + ## Set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + # loadBalancerIP: + + ## Load Balancer sources. Evaluated as a template. + ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## + # loadBalancerSourceRanges: + # - 10.10.10.0/24 + +## Start master and slave(s) pod(s) without limitations on shm memory. +## By default docker and containerd (and possibly other container runtimes) +## limit `/dev/shm` to `64M` (see e.g. the +## [docker issue](https://github.com/docker-library/postgres/issues/416) and the +## [containerd issue](https://github.com/containerd/containerd/issues/3654), +## which could be not enough if PostgreSQL uses parallel workers heavily. +## +shmVolume: + ## Set `shmVolume.enabled` to `true` to mount a new tmpfs volume to remove + ## this limitation. + ## + enabled: true + ## Set to `true` to `chmod 777 /dev/shm` on a initContainer. + ## This option is ingored if `volumePermissions.enabled` is `false` + ## + chmod: + enabled: true + +## PostgreSQL data Persistent Volume Storage Class +## If defined, storageClassName: +## If set to "-", storageClassName: "", which disables dynamic provisioning +## If undefined (the default) or set to null, no storageClassName spec is +## set, choosing the default provisioner. (gp2 on AWS, standard on +## GKE, AWS & OpenStack) +## +persistence: + enabled: true + ## A manually managed Persistent Volume and Claim + ## If defined, PVC must be created manually before volume will be bound + ## The value is evaluated as a template, so, for example, the name can depend on .Release or .Chart + ## + # existingClaim: + + ## The path the volume will be mounted at, useful when using different + ## PostgreSQL images. + ## + mountPath: /bitnami/postgresql + + ## The subdirectory of the volume to mount to, useful in dev environments + ## and one PV for multiple services. + ## + subPath: "" + + # storageClass: "-" + accessModes: + - ReadWriteOnce + size: 8Gi + annotations: {} + +## updateStrategy for PostgreSQL StatefulSet and its slaves StatefulSets +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies +updateStrategy: + type: RollingUpdate + +## +## PostgreSQL Master parameters +## +master: + ## Node, affinity, tolerations, and priorityclass settings for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature + ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption + nodeSelector: {} + affinity: {} + tolerations: [] + labels: {} + annotations: {} + podLabels: {} + podAnnotations: {} + priorityClassName: "" + ## Additional PostgreSQL Master Volume mounts + ## + extraVolumeMounts: [] + ## Additional PostgreSQL Master Volumes + ## + extraVolumes: [] + ## Add sidecars to the pod + ## + ## For example: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + sidecars: [] + + ## Override the service configuration for master + ## + service: {} + # type: + # nodePort: + # clusterIP: + +## +## PostgreSQL Slave parameters +## +slave: + ## Node, affinity, tolerations, and priorityclass settings for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature + ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption + nodeSelector: {} + affinity: {} + tolerations: [] + labels: {} + annotations: {} + podLabels: {} + podAnnotations: {} + priorityClassName: "" + ## Extra init containers + ## Example + ## + ## extraInitContainers: + ## - name: do-something + ## image: busybox + ## command: ['do', 'something'] + extraInitContainers: [] + ## Additional PostgreSQL Slave Volume mounts + ## + extraVolumeMounts: [] + ## Additional PostgreSQL Slave Volumes + ## + extraVolumes: [] + ## Add sidecars to the pod + ## + ## For example: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + sidecars: [] + + ## Override the service configuration for slave + ## + service: {} + # type: + # nodePort: + # clusterIP: + +## Configure resource requests and limits +## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +## +resources: + requests: + memory: 256Mi + cpu: 250m + +networkPolicy: + ## Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now. + ## + enabled: false + + ## The Policy model to apply. When set to false, only pods with the correct + ## client label will have network access to the port PostgreSQL is listening + ## on. When true, PostgreSQL will accept connections from any source + ## (with the correct destination port). + ## + allowExternal: true + + ## if explicitNamespacesSelector is missing or set to {}, only client Pods that are in the networkPolicy's namespace + ## and that match other criteria, the ones that have the good label, can reach the DB. + ## But sometimes, we want the DB to be accessible to clients from other namespaces, in this case, we can use this + ## LabelSelector to select these namespaces, note that the networkPolicy's namespace should also be explicitly added. + ## + ## Example: + ## explicitNamespacesSelector: + ## matchLabels: + ## role: frontend + ## matchExpressions: + ## - {key: role, operator: In, values: [frontend]} + explicitNamespacesSelector: {} + +## Configure extra options for liveness and readiness probes +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) +livenessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + +readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + +## Configure metrics exporter +## +metrics: + enabled: true + # resources: {} + service: + type: ClusterIP + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9187" + loadBalancerIP: + serviceMonitor: + enabled: false + additionalLabels: {} + # namespace: monitoring + # interval: 30s + # scrapeTimeout: 10s + ## Custom PrometheusRule to be defined + ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart + ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions + prometheusRule: + enabled: false + additionalLabels: {} + namespace: "" + ## These are just examples rules, please adapt them to your needs. + ## Make sure to constraint the rules to the current postgresql service. + ## rules: + ## - alert: HugeReplicationLag + ## expr: pg_replication_lag{service="{{ template "postgresql.fullname" . }}-metrics"} / 3600 > 1 + ## for: 1m + ## labels: + ## severity: critical + ## annotations: + ## description: replication for {{ template "postgresql.fullname" . }} PostgreSQL is lagging by {{ "{{ $value }}" }} hour(s). + ## summary: PostgreSQL replication is lagging by {{ "{{ $value }}" }} hour(s). + rules: [] + + image: + registry: docker.io + repository: bitnami/postgres-exporter + tag: 0.8.0-debian-10-r72 + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + ## Define additional custom metrics + ## ref: https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file + # customMetrics: + # pg_database: + # query: "SELECT d.datname AS name, CASE WHEN pg_catalog.has_database_privilege(d.datname, 'CONNECT') THEN pg_catalog.pg_database_size(d.datname) ELSE 0 END AS size FROM pg_catalog.pg_database d where datname not in ('template0', 'template1', 'postgres')" + # metrics: + # - name: + # usage: "LABEL" + # description: "Name of the database" + # - size_bytes: + # usage: "GAUGE" + # description: "Size of the database in bytes" + ## Pod Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + ## + securityContext: + enabled: false + runAsUser: 1001 + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) + ## Configure extra options for liveness and readiness probes + livenessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + + readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/values.schema.json b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/values.schema.json new file mode 100644 index 000000000..ac2de6e94 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/values.schema.json @@ -0,0 +1,103 @@ +{ + "$schema": "http://json-schema.org/schema#", + "type": "object", + "properties": { + "postgresqlUsername": { + "type": "string", + "title": "Admin user", + "form": true + }, + "postgresqlPassword": { + "type": "string", + "title": "Password", + "form": true + }, + "persistence": { + "type": "object", + "properties": { + "size": { + "type": "string", + "title": "Persistent Volume Size", + "form": true, + "render": "slider", + "sliderMin": 1, + "sliderMax": 100, + "sliderUnit": "Gi" + } + } + }, + "resources": { + "type": "object", + "title": "Required Resources", + "description": "Configure resource requests", + "form": true, + "properties": { + "requests": { + "type": "object", + "properties": { + "memory": { + "type": "string", + "form": true, + "render": "slider", + "title": "Memory Request", + "sliderMin": 10, + "sliderMax": 2048, + "sliderUnit": "Mi" + }, + "cpu": { + "type": "string", + "form": true, + "render": "slider", + "title": "CPU Request", + "sliderMin": 10, + "sliderMax": 2000, + "sliderUnit": "m" + } + } + } + } + }, + "replication": { + "type": "object", + "form": true, + "title": "Replication Details", + "properties": { + "enabled": { + "type": "boolean", + "title": "Enable Replication", + "form": true + }, + "slaveReplicas": { + "type": "integer", + "title": "Slave Replicas", + "form": true, + "hidden": { + "condition": false, + "value": "replication.enabled" + } + } + } + }, + "volumePermissions": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "form": true, + "title": "Enable Init Containers", + "description": "Change the owner of the persist volume mountpoint to RunAsUser:fsGroup" + } + } + }, + "metrics": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "title": "Configure metrics exporter", + "form": true + } + } + } + } +} diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/values.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/values.yaml new file mode 100644 index 000000000..e14709a5e --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/charts/postgresql/values.yaml @@ -0,0 +1,548 @@ +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry and imagePullSecrets +## +global: + postgresql: {} +# imageRegistry: myRegistryName +# imagePullSecrets: +# - myRegistryKeySecretName +# storageClass: myStorageClass + +## Bitnami PostgreSQL image version +## ref: https://hub.docker.com/r/bitnami/postgresql/tags/ +## +image: + registry: docker.io + repository: bitnami/postgresql + tag: 11.7.0-debian-10-r65 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + + ## Set to true if you would like to see extra information on logs + ## It turns BASH and NAMI debugging in minideb + ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging + debug: false + +## String to partially override postgresql.fullname template (will maintain the release name) +## +# nameOverride: + +## String to fully override postgresql.fullname template +## +# fullnameOverride: + +## +## Init containers parameters: +## volumePermissions: Change the owner of the persist volume mountpoint to RunAsUser:fsGroup +## +volumePermissions: + enabled: false + image: + registry: docker.io + repository: bitnami/minideb + tag: buster + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: Always + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + ## Init container Security Context + ## Note: the chown of the data folder is done to securityContext.runAsUser + ## and not the below volumePermissions.securityContext.runAsUser + ## When runAsUser is set to special value "auto", init container will try to chwon the + ## data folder to autodetermined user&group, using commands: `id -u`:`id -G | cut -d" " -f2` + ## "auto" is especially useful for OpenShift which has scc with dynamic userids (and 0 is not allowed). + ## You may want to use this volumePermissions.securityContext.runAsUser="auto" in combination with + ## pod securityContext.enabled=false and shmVolume.chmod.enabled=false + ## + securityContext: + runAsUser: 0 + +## Use an alternate scheduler, e.g. "stork". +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +# schedulerName: + + +## Pod Security Context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +## +securityContext: + enabled: true + fsGroup: 1001 + runAsUser: 1001 + +## Pod Service Account +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ +serviceAccount: + enabled: false + ## Name of an already existing service account. Setting this value disables the automatic service account creation. + # name: + +replication: + enabled: false + user: repl_user + password: repl_password + slaveReplicas: 1 + ## Set synchronous commit mode: on, off, remote_apply, remote_write and local + ## ref: https://www.postgresql.org/docs/9.6/runtime-config-wal.html#GUC-WAL-LEVEL + synchronousCommit: "off" + ## From the number of `slaveReplicas` defined above, set the number of those that will have synchronous replication + ## NOTE: It cannot be > slaveReplicas + numSynchronousReplicas: 0 + ## Replication Cluster application name. Useful for defining multiple replication policies + applicationName: my_application + +## PostgreSQL admin password (used when `postgresqlUsername` is not `postgres`) +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-user-on-first-run (see note!) +# postgresqlPostgresPassword: + +## PostgreSQL user (has superuser privileges if username is `postgres`) +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run +postgresqlUsername: postgres + +## PostgreSQL password +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run +## +# postgresqlPassword: + +## PostgreSQL password using existing secret +## existingSecret: secret + +## Mount PostgreSQL secret as a file instead of passing environment variable +# usePasswordFile: false + +## Create a database +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-on-first-run +## +# postgresqlDatabase: + +## PostgreSQL data dir +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md +## +postgresqlDataDir: /bitnami/postgresql/data + +## An array to add extra environment variables +## For example: +## extraEnv: +## - name: FOO +## value: "bar" +## +# extraEnv: +extraEnv: [] + +## Name of a ConfigMap containing extra env vars +## +# extraEnvVarsCM: + +## Specify extra initdb args +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md +## +# postgresqlInitdbArgs: + +## Specify a custom location for the PostgreSQL transaction log +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md +## +# postgresqlInitdbWalDir: + +## PostgreSQL configuration +## Specify runtime configuration parameters as a dict, using camelCase, e.g. +## {"sharedBuffers": "500MB"} +## Alternatively, you can put your postgresql.conf under the files/ directory +## ref: https://www.postgresql.org/docs/current/static/runtime-config.html +## +# postgresqlConfiguration: + +## PostgreSQL extended configuration +## As above, but _appended_ to the main configuration +## Alternatively, you can put your *.conf under the files/conf.d/ directory +## https://github.com/bitnami/bitnami-docker-postgresql#allow-settings-to-be-loaded-from-files-other-than-the-default-postgresqlconf +## +# postgresqlExtendedConf: + +## PostgreSQL client authentication configuration +## Specify content for pg_hba.conf +## Default: do not create pg_hba.conf +## Alternatively, you can put your pg_hba.conf under the files/ directory +# pgHbaConfiguration: |- +# local all all trust +# host all all localhost trust +# host mydatabase mysuser 192.168.0.0/24 md5 + +## ConfigMap with PostgreSQL configuration +## NOTE: This will override postgresqlConfiguration and pgHbaConfiguration +# configurationConfigMap: + +## ConfigMap with PostgreSQL extended configuration +# extendedConfConfigMap: + +## initdb scripts +## Specify dictionary of scripts to be run at first boot +## Alternatively, you can put your scripts under the files/docker-entrypoint-initdb.d directory +## +# initdbScripts: +# my_init_script.sh: | +# #!/bin/sh +# echo "Do something." + +## ConfigMap with scripts to be run at first boot +## NOTE: This will override initdbScripts +# initdbScriptsConfigMap: + +## Secret with scripts to be run at first boot (in case it contains sensitive information) +## NOTE: This can work along initdbScripts or initdbScriptsConfigMap +# initdbScriptsSecret: + +## Specify the PostgreSQL username and password to execute the initdb scripts +# initdbUser: +# initdbPassword: + +## Optional duration in seconds the pod needs to terminate gracefully. +## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods +## +# terminationGracePeriodSeconds: 30 + +## LDAP configuration +## +ldap: + enabled: false + url: "" + server: "" + port: "" + prefix: "" + suffix: "" + baseDN: "" + bindDN: "" + bind_password: + search_attr: "" + search_filter: "" + scheme: "" + tls: false + +## PostgreSQL service configuration +service: + ## PosgresSQL service type + type: ClusterIP + # clusterIP: None + port: 5432 + + ## Specify the nodePort value for the LoadBalancer and NodePort service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + # nodePort: + + ## Provide any additional annotations which may be required. Evaluated as a template. + ## + annotations: {} + ## Set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + # loadBalancerIP: + + ## Load Balancer sources. Evaluated as a template. + ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## + # loadBalancerSourceRanges: + # - 10.10.10.0/24 + +## Start master and slave(s) pod(s) without limitations on shm memory. +## By default docker and containerd (and possibly other container runtimes) +## limit `/dev/shm` to `64M` (see e.g. the +## [docker issue](https://github.com/docker-library/postgres/issues/416) and the +## [containerd issue](https://github.com/containerd/containerd/issues/3654), +## which could be not enough if PostgreSQL uses parallel workers heavily. +## +shmVolume: + ## Set `shmVolume.enabled` to `true` to mount a new tmpfs volume to remove + ## this limitation. + ## + enabled: true + ## Set to `true` to `chmod 777 /dev/shm` on a initContainer. + ## This option is ingored if `volumePermissions.enabled` is `false` + ## + chmod: + enabled: true + +## PostgreSQL data Persistent Volume Storage Class +## If defined, storageClassName: +## If set to "-", storageClassName: "", which disables dynamic provisioning +## If undefined (the default) or set to null, no storageClassName spec is +## set, choosing the default provisioner. (gp2 on AWS, standard on +## GKE, AWS & OpenStack) +## +persistence: + enabled: true + ## A manually managed Persistent Volume and Claim + ## If defined, PVC must be created manually before volume will be bound + ## The value is evaluated as a template, so, for example, the name can depend on .Release or .Chart + ## + # existingClaim: + + ## The path the volume will be mounted at, useful when using different + ## PostgreSQL images. + ## + mountPath: /bitnami/postgresql + + ## The subdirectory of the volume to mount to, useful in dev environments + ## and one PV for multiple services. + ## + subPath: "" + + # storageClass: "-" + accessModes: + - ReadWriteOnce + size: 8Gi + annotations: {} + +## updateStrategy for PostgreSQL StatefulSet and its slaves StatefulSets +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies +updateStrategy: + type: RollingUpdate + +## +## PostgreSQL Master parameters +## +master: + ## Node, affinity, tolerations, and priorityclass settings for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature + ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption + nodeSelector: {} + affinity: {} + tolerations: [] + labels: {} + annotations: {} + podLabels: {} + podAnnotations: {} + priorityClassName: "" + ## Extra init containers + ## Example + ## + ## extraInitContainers: + ## - name: do-something + ## image: busybox + ## command: ['do', 'something'] + extraInitContainers: [] + + ## Additional PostgreSQL Master Volume mounts + ## + extraVolumeMounts: [] + ## Additional PostgreSQL Master Volumes + ## + extraVolumes: [] + ## Add sidecars to the pod + ## + ## For example: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + sidecars: [] + + ## Override the service configuration for master + ## + service: {} + # type: + # nodePort: + # clusterIP: + +## +## PostgreSQL Slave parameters +## +slave: + ## Node, affinity, tolerations, and priorityclass settings for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature + ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption + nodeSelector: {} + affinity: {} + tolerations: [] + labels: {} + annotations: {} + podLabels: {} + podAnnotations: {} + priorityClassName: "" + extraInitContainers: | + # - name: do-something + # image: busybox + # command: ['do', 'something'] + ## Additional PostgreSQL Slave Volume mounts + ## + extraVolumeMounts: [] + ## Additional PostgreSQL Slave Volumes + ## + extraVolumes: [] + ## Add sidecars to the pod + ## + ## For example: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + sidecars: [] + + ## Override the service configuration for slave + ## + service: {} + # type: + # nodePort: + # clusterIP: + +## Configure resource requests and limits +## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +## +resources: + requests: + memory: 256Mi + cpu: 250m + +networkPolicy: + ## Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now. + ## + enabled: false + + ## The Policy model to apply. When set to false, only pods with the correct + ## client label will have network access to the port PostgreSQL is listening + ## on. When true, PostgreSQL will accept connections from any source + ## (with the correct destination port). + ## + allowExternal: true + + ## if explicitNamespacesSelector is missing or set to {}, only client Pods that are in the networkPolicy's namespace + ## and that match other criteria, the ones that have the good label, can reach the DB. + ## But sometimes, we want the DB to be accessible to clients from other namespaces, in this case, we can use this + ## LabelSelector to select these namespaces, note that the networkPolicy's namespace should also be explicitly added. + ## + ## Example: + ## explicitNamespacesSelector: + ## matchLabels: + ## role: frontend + ## matchExpressions: + ## - {key: role, operator: In, values: [frontend]} + explicitNamespacesSelector: {} + +## Configure extra options for liveness and readiness probes +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) +livenessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + +readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + +## Configure metrics exporter +## +metrics: + enabled: false + # resources: {} + service: + type: ClusterIP + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9187" + loadBalancerIP: + serviceMonitor: + enabled: false + additionalLabels: {} + # namespace: monitoring + # interval: 30s + # scrapeTimeout: 10s + ## Custom PrometheusRule to be defined + ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart + ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions + prometheusRule: + enabled: false + additionalLabels: {} + namespace: "" + ## These are just examples rules, please adapt them to your needs. + ## Make sure to constraint the rules to the current postgresql service. + ## rules: + ## - alert: HugeReplicationLag + ## expr: pg_replication_lag{service="{{ template "postgresql.fullname" . }}-metrics"} / 3600 > 1 + ## for: 1m + ## labels: + ## severity: critical + ## annotations: + ## description: replication for {{ template "postgresql.fullname" . }} PostgreSQL is lagging by {{ "{{ $value }}" }} hour(s). + ## summary: PostgreSQL replication is lagging by {{ "{{ $value }}" }} hour(s). + rules: [] + + image: + registry: docker.io + repository: bitnami/postgres-exporter + tag: 0.8.0-debian-10-r72 + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + ## Define additional custom metrics + ## ref: https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file + # customMetrics: + # pg_database: + # query: "SELECT d.datname AS name, CASE WHEN pg_catalog.has_database_privilege(d.datname, 'CONNECT') THEN pg_catalog.pg_database_size(d.datname) ELSE 0 END AS size FROM pg_catalog.pg_database d where datname not in ('template0', 'template1', 'postgres')" + # metrics: + # - name: + # usage: "LABEL" + # description: "Name of the database" + # - size_bytes: + # usage: "GAUGE" + # description: "Size of the database in bytes" + ## Pod Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + ## + securityContext: + enabled: false + runAsUser: 1001 + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) + ## Configure extra options for liveness and readiness probes + livenessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + + readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/ci/access-tls-values.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/ci/access-tls-values.yaml new file mode 100644 index 000000000..21ffa5d6b --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/ci/access-tls-values.yaml @@ -0,0 +1,7 @@ +databaseUpgradeReady: true + +access: + accessConfig: + security: + tls: true + resetAccessCAKeys: true diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/ci/default-values.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/ci/default-values.yaml new file mode 100644 index 000000000..31e0908c2 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/ci/default-values.yaml @@ -0,0 +1,2 @@ +# Leave this file empty to ensure that CI runs builds against the default configuration in values.yaml. +databaseUpgradeReady: true diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/ci/migration-disabled-values.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/ci/migration-disabled-values.yaml new file mode 100644 index 000000000..d3754dfab --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/ci/migration-disabled-values.yaml @@ -0,0 +1,4 @@ +databaseUpgradeReady: true +artifactory: + migration: + enabled: false diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/ci/test-values.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/ci/test-values.yaml new file mode 100644 index 000000000..8adcd943f --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/ci/test-values.yaml @@ -0,0 +1,13 @@ +databaseUpgradeReady: true +artifactory: + persistence: + enabled: true + +postgresql: + image: + tag: 9.6.18-debian-10-r7 + postgresqlPassword: password + postgresqlExtendedConf: + maxConnections: 102 + persistence: + enabled: true diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/files/migrate.sh b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/files/migrate.sh new file mode 100644 index 000000000..e35bfdbb2 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/files/migrate.sh @@ -0,0 +1,4339 @@ +#!/bin/bash + +# Flags +FLAG_Y="y" +FLAG_N="n" +FLAGS_Y_N="$FLAG_Y $FLAG_N" +FLAG_NOT_APPLICABLE="_NA_" + +CURRENT_VERSION=$1 + +WRAPPER_SCRIPT_TYPE_RPMDEB="RPMDEB" +WRAPPER_SCRIPT_TYPE_DOCKER_COMPOSE="DOCKERCOMPOSE" + +SENSITIVE_KEY_VALUE="__sensitive_key_hidden___" + +# Shared system keys +SYS_KEY_SHARED_JFROGURL="shared.jfrogUrl" +SYS_KEY_SHARED_SECURITY_JOINKEY="shared.security.joinKey" +SYS_KEY_SHARED_SECURITY_MASTERKEY="shared.security.masterKey" + +SYS_KEY_SHARED_NODE_ID="shared.node.id" +SYS_KEY_SHARED_JAVAHOME="shared.javaHome" + +SYS_KEY_SHARED_DATABASE_TYPE="shared.database.type" +SYS_KEY_SHARED_DATABASE_TYPE_VALUE_POSTGRES="postgresql" +SYS_KEY_SHARED_DATABASE_DRIVER="shared.database.driver" +SYS_KEY_SHARED_DATABASE_URL="shared.database.url" +SYS_KEY_SHARED_DATABASE_USERNAME="shared.database.username" +SYS_KEY_SHARED_DATABASE_PASSWORD="shared.database.password" + +SYS_KEY_SHARED_ELASTICSEARCH_URL="shared.elasticsearch.url" +SYS_KEY_SHARED_ELASTICSEARCH_USERNAME="shared.elasticsearch.username" +SYS_KEY_SHARED_ELASTICSEARCH_PASSWORD="shared.elasticsearch.password" +SYS_KEY_SHARED_ELASTICSEARCH_CLUSTERSETUP="shared.elasticsearch.clusterSetup" +SYS_KEY_SHARED_ELASTICSEARCH_UNICASTFILE="shared.elasticsearch.unicastFile" +SYS_KEY_SHARED_ELASTICSEARCH_CLUSTERSETUP_VALUE="YES" + +# Define this in product specific script. Should contain the path to unitcast file +# File used by insight server to write cluster active nodes info. This will be read by elasticsearch +#SYS_KEY_SHARED_ELASTICSEARCH_UNICASTFILE_VALUE="" + +SYS_KEY_RABBITMQ_ACTIVE_NODE_NAME="shared.rabbitMq.active.node.name" +SYS_KEY_RABBITMQ_ACTIVE_NODE_IP="shared.rabbitMq.active.node.ip" + +# Filenames +FILE_NAME_SYSTEM_YAML="system.yaml" +FILE_NAME_JOIN_KEY="join.key" +FILE_NAME_MASTER_KEY="master.key" +FILE_NAME_INSTALLER_YAML="installer.yaml" + +# Global constants used in business logic +NODE_TYPE_STANDALONE="standalone" +NODE_TYPE_CLUSTER_NODE="node" +NODE_TYPE_DATABASE="database" + +# External(isable) databases +DATABASE_POSTGRES="POSTGRES" +DATABASE_ELASTICSEARCH="ELASTICSEARCH" +DATABASE_RABBITMQ="RABBITMQ" + +POSTGRES_LABEL="PostgreSQL" +ELASTICSEARCH_LABEL="Elasticsearch" +RABBITMQ_LABEL="Rabbitmq" + +ARTIFACTORY_LABEL="Artifactory" +JFMC_LABEL="Mission Control" +DISTRIBUTION_LABEL="Distribution" +XRAY_LABEL="Xray" + +POSTGRES_CONTAINER="postgres" +ELASTICSEARCH_CONTAINER="elasticsearch" +RABBITMQ_CONTAINER="rabbitmq" +REDIS_CONTAINER="redis" + +#Adding a small timeout before a read ensures it is positioned correctly in the screen +read_timeout=0.5 + +# Options related to data directory location +PROMPT_DATA_DIR_LOCATION="Installation Directory" +KEY_DATA_DIR_LOCATION="installer.data_dir" + +SYS_KEY_SHARED_NODE_HAENABLED="shared.node.haEnabled" +PROMPT_ADD_TO_CLUSTER="Are you adding an additional node to an existing product cluster?" +KEY_ADD_TO_CLUSTER="installer.ha" +VALID_VALUES_ADD_TO_CLUSTER="$FLAGS_Y_N" + +MESSAGE_POSTGRES_INSTALL="The installer can install a $POSTGRES_LABEL database, or you can connect to an existing compatible $POSTGRES_LABEL database\n(compatible databases: https://www.jfrog.com/confluence/display/JFROG/System+Requirements#SystemRequirements-RequirementsMatrix)" +PROMPT_POSTGRES_INSTALL="Do you want to install $POSTGRES_LABEL?" +KEY_POSTGRES_INSTALL="installer.install_postgresql" +VALID_VALUES_POSTGRES_INSTALL="$FLAGS_Y_N" + +# Postgres connection details +RPM_DEB_POSTGRES_HOME_DEFAULT="/var/opt/jfrog/postgres" +RPM_DEB_MESSAGE_STANDALONE_POSTGRES_DATA="$POSTGRES_LABEL home will have data and its configuration" +RPM_DEB_PROMPT_STANDALONE_POSTGRES_DATA="Type desired $POSTGRES_LABEL home location" +RPM_DEB_KEY_STANDALONE_POSTGRES_DATA="installer.postgresql.home" + +MESSAGE_DATABASE_URL="Provide the database connection details" +PROMPT_DATABASE_URL(){ + local databaseURlExample= + case "$PRODUCT_NAME" in + $ARTIFACTORY_LABEL) + databaseURlExample="jdbc:postgresql://:/artifactory" + ;; + $JFMC_LABEL) + databaseURlExample="postgresql://:/mission_control?sslmode=disable" + ;; + $DISTRIBUTION_LABEL) + databaseURlExample="jdbc:postgresql://:/distribution?sslmode=disable" + ;; + $XRAY_LABEL) + databaseURlExample="postgres://:/xraydb?sslmode=disable" + ;; + esac + if [ -z "$databaseURlExample" ]; then + echo -n "$POSTGRES_LABEL URL" # For consistency with username and password + return + fi + echo -n "$POSTGRES_LABEL url. Example: [$databaseURlExample]" +} +REGEX_DATABASE_URL(){ + local databaseURlExample= + case "$PRODUCT_NAME" in + $ARTIFACTORY_LABEL) + databaseURlExample="jdbc:postgresql://.*/artifactory.*" + ;; + $JFMC_LABEL) + databaseURlExample="postgresql://.*/mission_control.*" + ;; + $DISTRIBUTION_LABEL) + databaseURlExample="jdbc:postgresql://.*/distribution.*" + ;; + $XRAY_LABEL) + databaseURlExample="postgres://.*/xraydb.*" + ;; + esac + echo -n "^$databaseURlExample\$" +} +ERROR_MESSAGE_DATABASE_URL="Invalid $POSTGRES_LABEL URL" +KEY_DATABASE_URL="$SYS_KEY_SHARED_DATABASE_URL" +#NOTE: It is important to display the label. Since the message may be hidden if URL is known +PROMPT_DATABASE_USERNAME="$POSTGRES_LABEL username" +KEY_DATABASE_USERNAME="$SYS_KEY_SHARED_DATABASE_USERNAME" +#NOTE: It is important to display the label. Since the message may be hidden if URL is known +PROMPT_DATABASE_PASSWORD="$POSTGRES_LABEL password" +KEY_DATABASE_PASSWORD="$SYS_KEY_SHARED_DATABASE_PASSWORD" +IS_SENSITIVE_DATABASE_PASSWORD="$FLAG_Y" + +MESSAGE_STANDALONE_ELASTICSEARCH_INSTALL="The installer can install a $ELASTICSEARCH_LABEL database or you can connect to an existing compatible $ELASTICSEARCH_LABEL database" +PROMPT_STANDALONE_ELASTICSEARCH_INSTALL="Do you want to install $ELASTICSEARCH_LABEL?" +KEY_STANDALONE_ELASTICSEARCH_INSTALL="installer.install_elasticsearch" +VALID_VALUES_STANDALONE_ELASTICSEARCH_INSTALL="$FLAGS_Y_N" + +# Elasticsearch connection details +MESSAGE_ELASTICSEARCH_DETAILS="Provide the $ELASTICSEARCH_LABEL connection details" +PROMPT_ELASTICSEARCH_URL="$ELASTICSEARCH_LABEL URL" +KEY_ELASTICSEARCH_URL="$SYS_KEY_SHARED_ELASTICSEARCH_URL" + +PROMPT_ELASTICSEARCH_USERNAME="$ELASTICSEARCH_LABEL username" +KEY_ELASTICSEARCH_USERNAME="$SYS_KEY_SHARED_ELASTICSEARCH_USERNAME" + +PROMPT_ELASTICSEARCH_PASSWORD="$ELASTICSEARCH_LABEL password" +KEY_ELASTICSEARCH_PASSWORD="$SYS_KEY_SHARED_ELASTICSEARCH_PASSWORD" +IS_SENSITIVE_ELASTICSEARCH_PASSWORD="$FLAG_Y" + +# Cluster related questions +MESSAGE_CLUSTER_MASTER_KEY="Provide the cluster's master key. It can be found in the data directory of the first node under /etc/security/master.key" +PROMPT_CLUSTER_MASTER_KEY="Master Key" +KEY_CLUSTER_MASTER_KEY="$SYS_KEY_SHARED_SECURITY_MASTERKEY" +IS_SENSITIVE_CLUSTER_MASTER_KEY="$FLAG_Y" + +MESSAGE_JOIN_KEY="The Join key is the secret key used to establish trust between services in the JFrog Platform.\n(You can copy the Join Key from Admin > Security > Settings)" +PROMPT_JOIN_KEY="Join Key" +KEY_JOIN_KEY="$SYS_KEY_SHARED_SECURITY_JOINKEY" +IS_SENSITIVE_JOIN_KEY="$FLAG_Y" +REGEX_JOIN_KEY="^[a-zA-Z0-9]{16,}\$" +ERROR_MESSAGE_JOIN_KEY="Invalid Join Key" + +# Rabbitmq related cluster information +MESSAGE_RABBITMQ_ACTIVE_NODE_NAME="Provide an active ${RABBITMQ_LABEL} node name. Run the command [ hostname -s ] on any of the existing nodes in the product cluster to get this" +PROMPT_RABBITMQ_ACTIVE_NODE_NAME="${RABBITMQ_LABEL} active node name" +KEY_RABBITMQ_ACTIVE_NODE_NAME="$SYS_KEY_RABBITMQ_ACTIVE_NODE_NAME" + +# Rabbitmq related cluster information (necessary only for docker-compose) +PROMPT_RABBITMQ_ACTIVE_NODE_IP="${RABBITMQ_LABEL} active node ip" +KEY_RABBITMQ_ACTIVE_NODE_IP="$SYS_KEY_RABBITMQ_ACTIVE_NODE_IP" + +MESSAGE_JFROGURL(){ + echo -e "The JFrog URL allows ${PRODUCT_NAME} to connect to a JFrog Platform Instance.\n(You can copy the JFrog URL from Admin > Security > Settings)" +} +PROMPT_JFROGURL="JFrog URL" +KEY_JFROGURL="$SYS_KEY_SHARED_JFROGURL" +REGEX_JFROGURL="^https?://.*:{0,}[0-9]{0,4}\$" +ERROR_MESSAGE_JFROGURL="Invalid JFrog URL" + + +# Set this to FLAG_Y on upgrade +IS_UPGRADE="${FLAG_N}" + +# This belongs in JFMC but is the ONLY one that needs it so keeping it here for now. Can be made into a method and overridden if necessary +MESSAGE_MULTIPLE_PG_SCHEME="Please setup $POSTGRES_LABEL with schema as described in https://www.jfrog.com/confluence/display/JFROG/Installing+Mission+Control" + +_getMethodOutputOrVariableValue() { + unset EFFECTIVE_MESSAGE + local keyToSearch=$1 + local effectiveMessage= + local result="0" + # logSilly "Searching for method: [$keyToSearch]" + LC_ALL=C type "$keyToSearch" > /dev/null 2>&1 || result="$?" + if [[ "$result" == "0" ]]; then + # logSilly "Found method for [$keyToSearch]" + EFFECTIVE_MESSAGE="$($keyToSearch)" + return + fi + eval EFFECTIVE_MESSAGE=\${$keyToSearch} + if [ ! -z "$EFFECTIVE_MESSAGE" ]; then + return + fi + # logSilly "Didn't find method or variable for [$keyToSearch]" +} + + +# REF https://misc.flogisoft.com/bash/tip_colors_and_formatting +cClear="\e[0m" +cBlue="\e[38;5;69m" +cRedDull="\e[1;31m" +cYellow="\e[1;33m" +cRedBright="\e[38;5;197m" +cBold="\e[1m" + + +_loggerGetModeRaw() { + local MODE="$1" + case $MODE in + INFO) + printf "" + ;; + DEBUG) + printf "%s" "[${MODE}] " + ;; + WARN) + printf "${cRedDull}%s%s${cClear}" "[" "${MODE}" "] " + ;; + ERROR) + printf "${cRedBright}%s%s${cClear}" "[" "${MODE}" "] " + ;; + esac +} + + +_loggerGetMode() { + local MODE="$1" + case $MODE in + INFO) + printf "${cBlue}%s%-5s%s${cClear}" "[" "${MODE}" "]" + ;; + DEBUG) + printf "%-7s" "[${MODE}]" + ;; + WARN) + printf "${cRedDull}%s%-5s%s${cClear}" "[" "${MODE}" "]" + ;; + ERROR) + printf "${cRedBright}%s%-5s%s${cClear}" "[" "${MODE}" "]" + ;; + esac +} + +# Capitalises the first letter of the message +_loggerGetMessage() { + local originalMessage="$*" + local firstChar=$(echo "${originalMessage:0:1}" | awk '{ print toupper($0) }') + local resetOfMessage="${originalMessage:1}" + echo "$firstChar$resetOfMessage" +} + +# The spec also says content should be left-trimmed but this is not necessary in our case. We don't reach the limit. +_loggerGetStackTrace() { + printf "%s%-30s%s" "[" "$1:$2" "]" +} + +_loggerGetThread() { + printf "%s" "[main]" +} + +_loggerGetServiceType() { + printf "%s%-5s%s" "[" "shell" "]" +} + +#Trace ID is not applicable to scripts +_loggerGetTraceID() { + printf "%s" "[]" +} + +logRaw() { + echo "" + printf "$1" + echo "" +} + +logBold(){ + echo "" + printf "${cBold}$1${cClear}" + echo "" +} + +# The date binary works differently based on whether it is GNU/BSD +is_date_supported=0 +date --version > /dev/null 2>&1 || is_date_supported=1 +IS_GNU=$(echo $is_date_supported) + +_loggerGetTimestamp() { + if [ "${IS_GNU}" == "0" ]; then + echo -n $(date -u +%FT%T.%3NZ) + else + echo -n $(date -u +%FT%T.000Z) + fi +} + +# https://www.shellscript.sh/tips/spinner/ +_spin() +{ + spinner="/|\\-/|\\-" + while : + do + for i in `seq 0 7` + do + echo -n "${spinner:$i:1}" + echo -en "\010" + sleep 1 + done + done +} + +showSpinner() { + # Start the Spinner: + _spin & + # Make a note of its Process ID (PID): + SPIN_PID=$! + # Kill the spinner on any signal, including our own exit. + trap "kill -9 $SPIN_PID" `seq 0 15` &> /dev/null || return 0 +} + +stopSpinner() { + local occurrences=$(ps -ef | grep -wc "${SPIN_PID}") + let "occurrences+=0" + # validate that it is present (2 since this search itself will show up in the results) + if [ $occurrences -gt 1 ]; then + kill -9 $SPIN_PID &>/dev/null || return 0 + wait $SPIN_ID &>/dev/null + fi +} + +_getEffectiveMessage(){ + local MESSAGE="$1" + local MODE=${2-"INFO"} + + if [ -z "$CONTEXT" ]; then + CONTEXT=$(caller) + fi + + _EFFECTIVE_MESSAGE= + if [ -z "$LOG_BEHAVIOR_ADD_META" ]; then + _EFFECTIVE_MESSAGE="$(_loggerGetModeRaw $MODE)$(_loggerGetMessage $MESSAGE)" + else + local SERVICE_TYPE="script" + local TRACE_ID="" + local THREAD="main" + + local CONTEXT_LINE=$(echo "$CONTEXT" | awk '{print $1}') + local CONTEXT_FILE=$(echo "$CONTEXT" | awk -F"/" '{print $NF}') + + _EFFECTIVE_MESSAGE="$(_loggerGetTimestamp) $(_loggerGetServiceType) $(_loggerGetMode $MODE) $(_loggerGetTraceID) $(_loggerGetStackTrace $CONTEXT_FILE $CONTEXT_LINE) $(_loggerGetThread) - $(_loggerGetMessage $MESSAGE)" + fi + CONTEXT= +} + +# Important - don't call any log method from this method. Will become an infinite loop. Use echo to debug +_logToFile() { + local MODE=${1-"INFO"} + local targetFile="$LOG_BEHAVIOR_ADD_REDIRECTION" + # IF the file isn't passed, abort + if [ -z "$targetFile" ]; then + return + fi + # IF this is not being run in verbose mode and mode is debug or lower, abort + if [ "${VERBOSE_MODE}" != "$FLAG_Y" ] && [ "${VERBOSE_MODE}" != "true" ] && [ "${VERBOSE_MODE}" != "debug" ]; then + if [ "$MODE" == "DEBUG" ] || [ "$MODE" == "SILLY" ]; then + return + fi + fi + + # Create the file if it doesn't exist + if [ ! -f "${targetFile}" ]; then + return + # touch $targetFile > /dev/null 2>&1 || true + fi + # # Make it readable + # chmod 640 $targetFile > /dev/null 2>&1 || true + + # Log contents + printf "%s\n" "$_EFFECTIVE_MESSAGE" >> "$targetFile" || true +} + +logger() { + if [ "$LOG_BEHAVIOR_ADD_NEW_LINE" == "$FLAG_Y" ]; then + echo "" + fi + _getEffectiveMessage "$@" + local MODE=${2-"INFO"} + printf "%s\n" "$_EFFECTIVE_MESSAGE" + _logToFile "$MODE" +} + +logDebug(){ + VERBOSE_MODE=${VERBOSE_MODE-"false"} + CONTEXT=$(caller) + if [ "${VERBOSE_MODE}" == "$FLAG_Y" ] || [ "${VERBOSE_MODE}" == "true" ] || [ "${VERBOSE_MODE}" == "debug" ];then + logger "$1" "DEBUG" + else + logger "$1" "DEBUG" >&6 + fi + CONTEXT= +} + +logSilly(){ + VERBOSE_MODE=${VERBOSE_MODE-"false"} + CONTEXT=$(caller) + if [ "${VERBOSE_MODE}" == "silly" ];then + logger "$1" "DEBUG" + else + logger "$1" "DEBUG" >&6 + fi + CONTEXT= +} + +logError() { + CONTEXT=$(caller) + logger "$1" "ERROR" + CONTEXT= +} + +errorExit () { + CONTEXT=$(caller) + logger "$1" "ERROR" + CONTEXT= + exit 1 +} + +warn () { + CONTEXT=$(caller) + logger "$1" "WARN" + CONTEXT= +} + +note () { + CONTEXT=$(caller) + logger "$1" "NOTE" + CONTEXT= +} + +bannerStart() { + title=$1 + echo + echo -e "\033[1m${title}\033[0m" + echo +} + +bannerSection() { + title=$1 + echo + echo -e "******************************** ${title} ********************************" + echo +} + +bannerSubSection() { + title=$1 + echo + echo -e "************** ${title} *******************" + echo +} + +bannerMessge() { + title=$1 + echo + echo -e "********************************" + echo -e "${title}" + echo -e "********************************" + echo +} + +setRed () { + local input="$1" + echo -e \\033[31m${input}\\033[0m +} +setGreen () { + local input="$1" + echo -e \\033[32m${input}\\033[0m +} +setYellow () { + local input="$1" + echo -e \\033[33m${input}\\033[0m +} + +logger_addLinebreak () { + echo -e "---\n" +} + +bannerImportant() { + title=$1 + local bold="\033[1m" + local noColour="\033[0m" + echo + echo -e "${bold}######################################## IMPORTANT ########################################${noColour}" + echo -e "${bold}${title}${noColour}" + echo -e "${bold}###########################################################################################${noColour}" + echo +} + +bannerEnd() { + #TODO pass a title and calculate length dynamically so that start and end look alike + echo + echo "*****************************************************************************" + echo +} + +banner() { + title=$1 + content=$2 + bannerStart "${title}" + echo -e "$content" +} + +# The logic below helps us redirect content we'd normally hide to the log file. + # + # We have several commands which clutter the console with output and so use + # `cmd > /dev/null` - this redirects the command's output to null. + # + # However, the information we just hid maybe useful for support. Using the code pattern + # `cmd >&6` (instead of `cmd> >/dev/null` ), the command's output is hidden from the console + # but redirected to the installation log file + # + +#Default value of 6 is just null +exec 6>>/dev/null +redirectLogsToFile() { + echo "" + # local file=$1 + + # [ ! -z "${file}" ] || return 0 + + # local logDir=$(dirname "$file") + + # if [ ! -f "${file}" ]; then + # [ -d "${logDir}" ] || mkdir -p ${logDir} || \ + # ( echo "WARNING : Could not create parent directory (${logDir}) to redirect console log : ${file}" ; return 0 ) + # fi + + # #6 now points to the log file + # exec 6>>${file} + # #reference https://unix.stackexchange.com/questions/145651/using-exec-and-tee-to-redirect-logs-to-stdout-and-a-log-file-in-the-same-time + # exec 2>&1 > >(tee -a "${file}") +} + +# Check if a give key contains any sensitive string as part of it +# Based on the result, the caller can decide its value can be displayed or not +# Sample usage : isKeySensitive "${key}" && displayValue="******" || displayValue=${value} +isKeySensitive(){ + local key=$1 + local sensitiveKeys="password|secret|key|token" + + if [ -z "${key}" ]; then + return 1 + else + local lowercaseKey=$(echo "${key}" | tr '[:upper:]' '[:lower:]' 2>/dev/null) + [[ "${lowercaseKey}" =~ ${sensitiveKeys} ]] && return 0 || return 1 + fi +} + +getPrintableValueOfKey(){ + local displayValue= + local key="$1" + if [ -z "$key" ]; then + # This is actually an incorrect usage of this method but any logging will cause unexpected content in the caller + echo -n "" + return + fi + + local value="$2" + isKeySensitive "${key}" && displayValue="$SENSITIVE_KEY_VALUE" || displayValue="${value}" + echo -n $displayValue +} + +_createConsoleLog(){ + if [ -z "${JF_PRODUCT_HOME}" ]; then + return + fi + local targetFile="${JF_PRODUCT_HOME}/var/log/console.log" + mkdir -p "${JF_PRODUCT_HOME}/var/log" || true + if [ ! -f ${targetFile} ]; then + touch $targetFile > /dev/null 2>&1 || true + fi + chmod 640 $targetFile > /dev/null 2>&1 || true +} + +# Output from application's logs are piped to this method. It checks a configuration variable to determine if content should be logged to +# the common console.log file +redirectServiceLogsToFile() { + + local result="0" + # check if the function getSystemValue exists + LC_ALL=C type getSystemValue > /dev/null 2>&1 || result="$?" + if [[ "$result" != "0" ]]; then + warn "Couldn't find the systemYamlHelper. Skipping log redirection" + return 0 + fi + + getSystemValue "shared.consoleLog" "NOT_SET" + if [[ "${YAML_VALUE}" == "false" ]]; then + logger "Redirection is set to false. Skipping log redirection" + return 0; + fi + + if [ -z "${JF_PRODUCT_HOME}" ] || [ "${JF_PRODUCT_HOME}" == "" ]; then + warn "JF_PRODUCT_HOME is unavailable. Skipping log redirection" + return 0 + fi + + local targetFile="${JF_PRODUCT_HOME}/var/log/console.log" + + _createConsoleLog + + while read -r line; do + printf '%s\n' "${line}" >> $targetFile || return 0 # Don't want to log anything - might clutter the screen + done +} + +## Display environment variables starting with JF_ along with its value +## Value of sensitive keys will be displayed as "******" +## +## Sample Display : +## +## ======================== +## JF Environment variables +## ======================== +## +## JF_SHARED_NODE_ID : locahost +## JF_SHARED_JOINKEY : ****** +## +## +displayEnv() { + local JFEnv=$(printenv | grep ^JF_ 2>/dev/null) + local key= + local value= + + if [ -z "${JFEnv}" ]; then + return + fi + + cat << ENV_START_MESSAGE + +======================== +JF Environment variables +======================== +ENV_START_MESSAGE + + for entry in ${JFEnv}; do + key=$(echo "${entry}" | awk -F'=' '{print $1}') + value=$(echo "${entry}" | awk -F'=' '{print $2}') + + isKeySensitive "${key}" && value="******" || value=${value} + + printf "\n%-35s%s" "${key}" " : ${value}" + done + echo; +} + +_addLogRotateConfiguration() { + logDebug "Method ${FUNCNAME[0]}" + # mandatory inputs + local confFile="$1" + local logFile="$2" + + # Method available in _ioOperations.sh + LC_ALL=C type io_setYQPath > /dev/null 2>&1 || return 1 + + io_setYQPath + + # Method available in _systemYamlHelper.sh + LC_ALL=C type getSystemValue > /dev/null 2>&1 || return 1 + + local frequency="daily" + local archiveFolder="archived" + + local compressLogFiles= + getSystemValue "shared.logging.rotation.compress" "true" + if [[ "${YAML_VALUE}" == "true" ]]; then + compressLogFiles="compress" + fi + + getSystemValue "shared.logging.rotation.maxFiles" "10" + local noOfBackupFiles="${YAML_VALUE}" + + getSystemValue "shared.logging.rotation.maxSizeMb" "25" + local sizeOfFile="${YAML_VALUE}M" + + logDebug "Adding logrotate configuration for [$logFile] to [$confFile]" + + # Add configuration to file + local confContent=$(cat << LOGROTATECONF +$logFile { + $frequency + missingok + rotate $noOfBackupFiles + $compressLogFiles + notifempty + olddir $archiveFolder + dateext + extension .log + dateformat -%Y-%m-%d + size ${sizeOfFile} +} +LOGROTATECONF +) + echo "${confContent}" > ${confFile} || return 1 +} + +_operationIsBySameUser() { + local targetUser="$1" + local currentUserID=$(id -u) + local currentUserName=$(id -un) + + if [ $currentUserID == $targetUser ] || [ $currentUserName == $targetUser ]; then + echo -n "yes" + else + echo -n "no" + fi +} + +_addCronJobForLogrotate() { + logDebug "Method ${FUNCNAME[0]}" + + # Abort if logrotate is not available + [ "$(io_commandExists 'crontab')" != "yes" ] && warn "cron is not available" && return 1 + + # mandatory inputs + local productHome="$1" + local confFile="$2" + local cronJobOwner="$3" + + # We want to use our binary if possible. It may be more recent than the one in the OS + local logrotateBinary="$productHome/app/third-party/logrotate/logrotate" + + if [ ! -f "$logrotateBinary" ]; then + logrotateBinary="logrotate" + [ "$(io_commandExists 'logrotate')" != "yes" ] && warn "logrotate is not available" && return 1 + fi + local cmd="$logrotateBinary ${confFile} --state $productHome/var/etc/logrotate/logrotate-state" #--verbose + + id -u $cronJobOwner > /dev/null 2>&1 || { warn "User $cronJobOwner does not exist. Aborting logrotate configuration" && return 1; } + + # Remove the existing line + removeLogRotation "$productHome" "$cronJobOwner" || true + + # Run logrotate daily at 23:55 hours + local cronInterval="55 23 * * * $cmd" + + local standaloneMode=$(_operationIsBySameUser "$cronJobOwner") + + # If this is standalone mode, we cannot use -u - the user running this process may not have the necessary privileges + if [ "$standaloneMode" == "no" ]; then + (crontab -l -u $cronJobOwner 2>/dev/null; echo "$cronInterval") | crontab -u $cronJobOwner - + else + (crontab -l 2>/dev/null; echo "$cronInterval") | crontab - + fi +} + +## Configure logrotate for a product +## Failure conditions: +## If logrotation could not be setup for some reason +## Parameters: +## $1: The product name +## $2: The product home +## Depends on global: none +## Updates global: none +## Returns: NA + +configureLogRotation() { + logDebug "Method ${FUNCNAME[0]}" + + # mandatory inputs + local productName="$1" + if [ -z $productName ]; then + warn "Incorrect usage. A product name is necessary for configuring log rotation" && return 1 + fi + + local productHome="$2" + if [ -z $productHome ]; then + warn "Incorrect usage. A product home folder is necessary for configuring log rotation" && return 1 + fi + + local logFile="${productHome}/var/log/console.log" + if [[ $(uname) == "Darwin" ]]; then + logger "Log rotation for [$logFile] has not been configured. Please setup manually" + return 0 + fi + + local userID="$3" + if [ -z $userID ]; then + warn "Incorrect usage. A userID is necessary for configuring log rotation" && return 1 + fi + + local groupID=${4:-$userID} + local logConfigOwner=${5:-$userID} + + logDebug "Configuring log rotation as user [$userID], group [$groupID], effective cron User [$logConfigOwner]" + + local errorMessage="Could not configure logrotate. Please configure log rotation of the file: [$logFile] manually" + + local confFile="${productHome}/var/etc/logrotate/logrotate.conf" + + # TODO move to recursive method + createDir "${productHome}" "$userID" "$groupID" || { warn "${errorMessage}" && return 1; } + createDir "${productHome}/var" "$userID" "$groupID" || { warn "${errorMessage}" && return 1; } + createDir "${productHome}/var/log" "$userID" "$groupID" || { warn "${errorMessage}" && return 1; } + createDir "${productHome}/var/log/archived" "$userID" "$groupID" || { warn "${errorMessage}" && return 1; } + + # TODO move to recursive method + createDir "${productHome}/var/etc" "$userID" "$groupID" || { warn "${errorMessage}" && return 1; } + createDir "${productHome}/var/etc/logrotate" "$logConfigOwner" || { warn "${errorMessage}" && return 1; } + + # conf file should be owned by the user running the script + createFile "${confFile}" "${logConfigOwner}" || { warn "Could not create configuration file [$confFile]" return 1; } + + _addLogRotateConfiguration "${confFile}" "${logFile}" "$userID" "$groupID" || { warn "${errorMessage}" && return 1; } + _addCronJobForLogrotate "${productHome}" "${confFile}" "${logConfigOwner}" || { warn "${errorMessage}" && return 1; } +} + +_pauseExecution() { + if [ "${VERBOSE_MODE}" == "debug" ]; then + + local breakPoint="$1" + if [ ! -z "$breakPoint" ]; then + printf "${cBlue}Breakpoint${cClear} [$breakPoint] " + echo "" + fi + printf "${cBlue}Press enter once you are ready to continue${cClear}" + read -s choice + echo "" + fi +} + +# removeLogRotation "$productHome" "$cronJobOwner" || true +removeLogRotation() { + logDebug "Method ${FUNCNAME[0]}" + if [[ $(uname) == "Darwin" ]]; then + logDebug "Not implemented for Darwin." + return 0 + fi + local productHome="$1" + local cronJobOwner="$2" + local standaloneMode=$(_operationIsBySameUser "$cronJobOwner") + + local confFile="${productHome}/var/etc/logrotate/logrotate.conf" + + if [ "$standaloneMode" == "no" ]; then + crontab -l -u $cronJobOwner 2>/dev/null | grep -v "$confFile" | crontab -u $cronJobOwner - + else + crontab -l 2>/dev/null | grep -v "$confFile" | crontab - + fi +} + +# NOTE: This method does not check the configuration to see if redirection is necessary. +# This is intentional. If we don't redirect, tomcat logs might get redirected to a folder/file +# that does not exist, causing the service itself to not start +setupTomcatRedirection() { + logDebug "Method ${FUNCNAME[0]}" + local consoleLog="${JF_PRODUCT_HOME}/var/log/console.log" + _createConsoleLog + export CATALINA_OUT="${consoleLog}" +} + +setupScriptLogsRedirection() { + logDebug "Method ${FUNCNAME[0]}" + if [ -z "${JF_PRODUCT_HOME}" ]; then + logDebug "No JF_PRODUCT_HOME. Returning" + return + fi + # Create the console.log file if it is not already present + # _createConsoleLog || true + # # Ensure any logs (logger/logError/warn) also get redirected to the console.log + # # Using installer.log as a temparory fix. Please change this to console.log once INST-291 is fixed + export LOG_BEHAVIOR_ADD_REDIRECTION="${JF_PRODUCT_HOME}/var/log/console.log" + export LOG_BEHAVIOR_ADD_META="$FLAG_Y" +} + +# Returns Y if this method is run inside a container +isRunningInsideAContainer() { + if [ -f "/.dockerenv" ]; then + echo -n "$FLAG_Y" + else + echo -n "$FLAG_N" + fi +} + +POSTGRES_USER=999 +NGINX_USER=104 +NGINX_GROUP=107 +ES_USER=1000 +REDIS_USER=999 +MONGO_USER=999 +RABBITMQ_USER=999 +LOG_FILE_PERMISSION=640 +PID_FILE_PERMISSION=644 + +# Copy file +copyFile(){ + local source=$1 + local target=$2 + local mode=${3:-overwrite} + local enableVerbose=${4:-"${FLAG_N}"} + local verboseFlag="" + + if [ ! -z "${enableVerbose}" ] && [ "${enableVerbose}" == "${FLAG_Y}" ]; then + verboseFlag="-v" + fi + + if [[ ! ( $source && $target ) ]]; then + warn "Source and target is mandatory to copy file" + return 1 + fi + + if [[ -f "${target}" ]]; then + [[ "$mode" = "overwrite" ]] && ( cp ${verboseFlag} -f "$source" "$target" || errorExit "Unable to copy file, command : cp -f ${source} ${target}") || true + else + cp ${verboseFlag} -f "$source" "$target" || errorExit "Unable to copy file, command : cp -f ${source} ${target}" + fi +} + +# Copy files recursively from given source directory to destination directory +# This method wil copy but will NOT overwrite +# Destination will be created if its not available +copyFilesNoOverwrite(){ + local src=$1 + local dest=$2 + local enableVerboseCopy="${3:-${FLAG_Y}}" + + if [[ -z "${src}" || -z "${dest}" ]]; then + return + fi + + if [ -d "${src}" ] && [ "$(ls -A ${src})" ]; then + local relativeFilePath="" + local targetFilePath="" + + for file in $(find ${src} -type f 2>/dev/null) ; do + # Derive relative path and attach it to destination + # Example : + # src=/extra_config + # dest=/var/opt/jfrog/artifactory/etc + # file=/extra_config/config.xml + # relativeFilePath=config.xml + # targetFilePath=/var/opt/jfrog/artifactory/etc/config.xml + relativeFilePath=${file/${src}/} + targetFilePath=${dest}${relativeFilePath} + + createDir "$(dirname "$targetFilePath")" + copyFile "${file}" "${targetFilePath}" "no_overwrite" "${enableVerboseCopy}" + done + fi +} + +# TODO : WINDOWS ? +# Check the max open files and open processes set on the system +checkULimits () { + local minMaxOpenFiles=${1:-32000} + local minMaxOpenProcesses=${2:-1024} + local setValue=${3:-true} + local warningMsgForFiles=${4} + local warningMsgForProcesses=${5} + + logger "Checking open files and processes limits" + + local currentMaxOpenFiles=$(ulimit -n) + logger "Current max open files is $currentMaxOpenFiles" + if [ ${currentMaxOpenFiles} != "unlimited" ] && [ "$currentMaxOpenFiles" -lt "$minMaxOpenFiles" ]; then + if [ "${setValue}" ]; then + ulimit -n "${minMaxOpenFiles}" >/dev/null 2>&1 || warn "Max number of open files $currentMaxOpenFiles is low!" + [ -z "${warningMsgForFiles}" ] || warn "${warningMsgForFiles}" + else + errorExit "Max number of open files $currentMaxOpenFiles, is too low. Cannot run the application!" + fi + fi + + local currentMaxOpenProcesses=$(ulimit -u) + logger "Current max open processes is $currentMaxOpenProcesses" + if [ "$currentMaxOpenProcesses" != "unlimited" ] && [ "$currentMaxOpenProcesses" -lt "$minMaxOpenProcesses" ]; then + if [ "${setValue}" ]; then + ulimit -u "${minMaxOpenProcesses}" >/dev/null 2>&1 || warn "Max number of open files $currentMaxOpenFiles is low!" + [ -z "${warningMsgForProcesses}" ] || warn "${warningMsgForProcesses}" + else + errorExit "Max number of open files $currentMaxOpenProcesses, is too low. Cannot run the application!" + fi + fi +} + +createDirs() { + local appDataDir=$1 + local serviceName=$2 + local folders="backup bootstrap data etc logs work" + + [ -z "${appDataDir}" ] && errorExit "An application directory is mandatory to create its data structure" || true + [ -z "${serviceName}" ] && errorExit "A service name is mandatory to create service data structure" || true + + for folder in ${folders} + do + folder=${appDataDir}/${folder}/${serviceName} + if [ ! -d "${folder}" ]; then + logger "Creating folder : ${folder}" + mkdir -p "${folder}" || errorExit "Failed to create ${folder}" + fi + done +} + + +testReadWritePermissions () { + local dir_to_check=$1 + local error=false + + [ -d ${dir_to_check} ] || errorExit "'${dir_to_check}' is not a directory" + + local test_file=${dir_to_check}/test-permissions + + # Write file + if echo test > ${test_file} 1> /dev/null 2>&1; then + # Write succeeded. Testing read... + if cat ${test_file} > /dev/null; then + rm -f ${test_file} + else + error=true + fi + else + error=true + fi + + if [ ${error} == true ]; then + return 1 + else + return 0 + fi +} + +# Test directory has read/write permissions for current user +testDirectoryPermissions () { + local dir_to_check=$1 + local error=false + + [ -d ${dir_to_check} ] || errorExit "'${dir_to_check}' is not a directory" + + local u_id=$(id -u) + local id_str="id ${u_id}" + + logger "Testing directory ${dir_to_check} has read/write permissions for user ${id_str}" + + if ! testReadWritePermissions ${dir_to_check}; then + error=true + fi + + if [ "${error}" == true ]; then + local stat_data=$(stat -Lc "Directory: %n, permissions: %a, owner: %U, group: %G" ${dir_to_check}) + logger "###########################################################" + logger "${dir_to_check} DOES NOT have proper permissions for user ${id_str}" + logger "${stat_data}" + logger "Mounted directory must have read/write permissions for user ${id_str}" + logger "###########################################################" + errorExit "Directory ${dir_to_check} has bad permissions for user ${id_str}" + fi + logger "Permissions for ${dir_to_check} are good" +} + +# Utility method to create a directory path recursively with chown feature as +# Failure conditions: +## Exits if unable to create a directory +# Parameters: +## $1: Root directory from where the path can be created +## $2: List of recursive child directories seperated by space +## $3: user who should own the directory. Optional +## $4: group who should own the directory. Optional +# Depends on global: none +# Updates global: none +# Returns: NA +# +# Usage: +# createRecursiveDir "/opt/jfrog/product/var" "bootstrap tomcat lib" "user_name" "group_name" +createRecursiveDir(){ + local rootDir=$1 + local pathDirs=$2 + local user=$3 + local group=${4:-${user}} + local fullPath= + + [ ! -z "${rootDir}" ] || return 0 + + createDir "${rootDir}" "${user}" "${group}" + + [ ! -z "${pathDirs}" ] || return 0 + + fullPath=${rootDir} + + for dir in ${pathDirs}; do + fullPath=${fullPath}/${dir} + createDir "${fullPath}" "${user}" "${group}" + done +} + +# Utility method to create a directory +# Failure conditions: +## Exits if unable to create a directory +# Parameters: +## $1: directory to create +## $2: user who should own the directory. Optional +## $3: group who should own the directory. Optional +# Depends on global: none +# Updates global: none +# Returns: NA + +createDir(){ + local dirName="$1" + local printMessage=no + logSilly "Method ${FUNCNAME[0]} invoked with [$dirName]" + [ -z "${dirName}" ] && return + + logDebug "Attempting to create ${dirName}" + mkdir -p "${dirName}" || errorExit "Unable to create directory: [${dirName}]" + local userID="$2" + local groupID=${3:-$userID} + + # If UID/GID is passed, chown the folder + if [ ! -z "$userID" ] && [ ! -z "$groupID" ]; then + # Earlier, this line would have returned 1 if it failed. Now it just warns. + # This is intentional. Earlier, this line would NOT be reached if the folder already existed. + # Since it will always come to this line and the script may be running as a non-root user, this method will just warn if + # setting permissions fails (so as to not affect any existing flows) + io_setOwnershipNonRecursive "$dirName" "$userID" "$groupID" || warn "Could not set owner of [$dirName] to [$userID:$groupID]" + fi + # logging message to print created dir with user and group + local logMessage=${4:-$printMessage} + if [[ "${logMessage}" == "yes" ]]; then + logger "Successfully created directory [${dirName}]. Owner: [${userID}:${groupID}]" + fi +} + +removeSoftLinkAndCreateDir () { + local dirName="$1" + local userID="$2" + local groupID="$3" + local logMessage="$4" + removeSoftLink "${dirName}" + createDir "${dirName}" "${userID}" "${groupID}" "${logMessage}" +} + +# Utility method to remove a soft link +removeSoftLink () { + local dirName="$1" + if [[ -L "${dirName}" ]]; then + targetLink=$(readlink -f "${dirName}") + logger "Removing the symlink [${dirName}] pointing to [${targetLink}]" + rm -f "${dirName}" + fi +} + +# Check Directory exist in the path +checkDirExists () { + local directoryPath="$1" + + [[ -d "${directoryPath}" ]] && echo -n "true" || echo -n "false" +} + + +# Utility method to create a file +# Failure conditions: +# Parameters: +## $1: file to create +# Depends on global: none +# Updates global: none +# Returns: NA + +createFile(){ + local fileName="$1" + logSilly "Method ${FUNCNAME[0]} [$fileName]" + [ -f "${fileName}" ] && return 0 + touch "${fileName}" || return 1 + + local userID="$2" + local groupID=${3:-$userID} + + # If UID/GID is passed, chown the folder + if [ ! -z "$userID" ] && [ ! -z "$groupID" ]; then + io_setOwnership "$fileName" "$userID" "$groupID" || return 1 + fi +} + +# Check File exist in the filePath +# IMPORTANT- DON'T ADD LOGGING to this method +checkFileExists () { + local filePath="$1" + + [[ -f "${filePath}" ]] && echo -n "true" || echo -n "false" +} + +# Check for directories contains any (files or sub directories) +# IMPORTANT- DON'T ADD LOGGING to this method +checkDirContents () { + local directoryPath="$1" + if [[ "$(ls -1 "${directoryPath}" | wc -l)" -gt 0 ]]; then + echo -n "true" + else + echo -n "false" + fi +} + +# Check contents exist in directory +# IMPORTANT- DON'T ADD LOGGING to this method +checkContentExists () { + local source="$1" + + if [[ "$(checkDirContents "${source}")" != "true" ]]; then + echo -n "false" + else + echo -n "true" + fi +} + +# Resolve the variable +# IMPORTANT- DON'T ADD LOGGING to this method +evalVariable () { + local output="$1" + local input="$2" + + eval "${output}"=\${"${input}"} + eval echo \${"${output}"} +} + +# Usage: if [ "$(io_commandExists 'curl')" == "yes" ] +# IMPORTANT- DON'T ADD LOGGING to this method +io_commandExists() { + local commandToExecute="$1" + hash "${commandToExecute}" 2>/dev/null + local rt=$? + if [ "$rt" == 0 ]; then echo -n "yes"; else echo -n "no"; fi +} + +# Usage: if [ "$(io_curlExists)" != "yes" ] +# IMPORTANT- DON'T ADD LOGGING to this method +io_curlExists() { + io_commandExists "curl" +} + + +io_hasMatch() { + logSilly "Method ${FUNCNAME[0]}" + local result=0 + logDebug "Executing [echo \"$1\" | grep \"$2\" >/dev/null 2>&1]" + echo "$1" | grep "$2" >/dev/null 2>&1 || result=1 + return $result +} + +# Utility method to check if the string passed (usually a connection url) corresponds to this machine itself +# Failure conditions: None +# Parameters: +## $1: string to check against +# Depends on global: none +# Updates global: IS_LOCALHOST with value "yes/no" +# Returns: NA + +io_getIsLocalhost() { + logSilly "Method ${FUNCNAME[0]}" + IS_LOCALHOST="$FLAG_N" + local inputString="$1" + logDebug "Parsing [$inputString] to check if we are dealing with this machine itself" + + io_hasMatch "$inputString" "localhost" && { + logDebug "Found localhost. Returning [$FLAG_Y]" + IS_LOCALHOST="$FLAG_Y" && return; + } || logDebug "Did not find match for localhost" + + local hostIP=$(io_getPublicHostIP) + io_hasMatch "$inputString" "$hostIP" && { + logDebug "Found $hostIP. Returning [$FLAG_Y]" + IS_LOCALHOST="$FLAG_Y" && return; + } || logDebug "Did not find match for $hostIP" + + local hostID=$(io_getPublicHostID) + io_hasMatch "$inputString" "$hostID" && { + logDebug "Found $hostID. Returning [$FLAG_Y]" + IS_LOCALHOST="$FLAG_Y" && return; + } || logDebug "Did not find match for $hostID" + + local hostName=$(io_getPublicHostName) + io_hasMatch "$inputString" "$hostName" && { + logDebug "Found $hostName. Returning [$FLAG_Y]" + IS_LOCALHOST="$FLAG_Y" && return; + } || logDebug "Did not find match for $hostName" + +} + +# Usage: if [ "$(io_tarExists)" != "yes" ] +# IMPORTANT- DON'T ADD LOGGING to this method +io_tarExists() { + io_commandExists "tar" +} + +# IMPORTANT- DON'T ADD LOGGING to this method +io_getPublicHostIP() { + local OS_TYPE=$(uname) + local publicHostIP= + if [ "${OS_TYPE}" == "Darwin" ]; then + ipStatus=$(ifconfig en0 | grep "status" | awk '{print$2}') + if [ "${ipStatus}" == "active" ]; then + publicHostIP=$(ifconfig en0 | grep inet | grep -v inet6 | awk '{print $2}') + else + errorExit "Host IP could not be resolved!" + fi + elif [ "${OS_TYPE}" == "Linux" ]; then + publicHostIP=$(hostname -i 2>/dev/null || echo "127.0.0.1") + fi + publicHostIP=$(echo "${publicHostIP}" | awk '{print $1}') + echo -n "${publicHostIP}" +} + +# Will return the short host name (up to the first dot) +# IMPORTANT- DON'T ADD LOGGING to this method +io_getPublicHostName() { + echo -n "$(hostname -s)" +} + +# Will return the full host name (use this as much as possible) +# IMPORTANT- DON'T ADD LOGGING to this method +io_getPublicHostID() { + echo -n "$(hostname)" +} + +# Utility method to backup a file +# Failure conditions: NA +# Parameters: filePath +# Depends on global: none, +# Updates global: none +# Returns: NA +io_backupFile() { + logSilly "Method ${FUNCNAME[0]}" + fileName="$1" + if [ ! -f "${filePath}" ]; then + logDebug "No file: [${filePath}] to backup" + return + fi + dateTime=$(date +"%Y-%m-%d-%H-%M-%S") + targetFileName="${fileName}.backup.${dateTime}" + yes | \cp -f "$fileName" "${targetFileName}" + logger "File [${fileName}] backedup as [${targetFileName}]" +} + +# Reference https://stackoverflow.com/questions/4023830/how-to-compare-two-strings-in-dot-separated-version-format-in-bash/4025065#4025065 +is_number() { + case "$BASH_VERSION" in + 3.1.*) + PATTERN='\^\[0-9\]+\$' + ;; + *) + PATTERN='^[0-9]+$' + ;; + esac + + [[ "$1" =~ $PATTERN ]] +} + +io_compareVersions() { + if [[ $# != 2 ]] + then + echo "Usage: min_version current minimum" + return + fi + + A="${1%%.*}" + B="${2%%.*}" + + if [[ "$A" != "$1" && "$B" != "$2" && "$A" == "$B" ]] + then + io_compareVersions "${1#*.}" "${2#*.}" + else + if is_number "$A" && is_number "$B" + then + if [[ "$A" -eq "$B" ]]; then + echo "0" + elif [[ "$A" -gt "$B" ]]; then + echo "1" + elif [[ "$A" -lt "$B" ]]; then + echo "-1" + fi + fi + fi +} + +# Reference https://stackoverflow.com/questions/369758/how-to-trim-whitespace-from-a-bash-variable +# Strip all leading and trailing spaces +# IMPORTANT- DON'T ADD LOGGING to this method +io_trim() { + local var="$1" + # remove leading whitespace characters + var="${var#"${var%%[![:space:]]*}"}" + # remove trailing whitespace characters + var="${var%"${var##*[![:space:]]}"}" + echo -n "$var" +} + +# temporary function will be removing it ASAP +# search for string and replace text in file +replaceText_migration_hook () { + local regexString="$1" + local replaceText="$2" + local file="$3" + + if [[ "$(checkFileExists "${file}")" != "true" ]]; then + return + fi + if [[ $(uname) == "Darwin" ]]; then + sed -i '' -e "s/${regexString}/${replaceText}/" "${file}" || warn "Failed to replace the text in ${file}" + else + sed -i -e "s/${regexString}/${replaceText}/" "${file}" || warn "Failed to replace the text in ${file}" + fi +} + +# search for string and replace text in file +replaceText () { + local regexString="$1" + local replaceText="$2" + local file="$3" + + if [[ "$(checkFileExists "${file}")" != "true" ]]; then + return + fi + if [[ $(uname) == "Darwin" ]]; then + sed -i '' -e "s#${regexString}#${replaceText}#" "${file}" || warn "Failed to replace the text in ${file}" + else + sed -i -e "s#${regexString}#${replaceText}#" "${file}" || warn "Failed to replace the text in ${file}" + logDebug "Replaced [$regexString] with [$replaceText] in [$file]" + fi +} + +# search for string and prepend text in file +prependText () { + local regexString="$1" + local text="$2" + local file="$3" + + if [[ "$(checkFileExists "${file}")" != "true" ]]; then + return + fi + if [[ $(uname) == "Darwin" ]]; then + sed -i '' -e '/'"${regexString}"'/i\'$'\n\\'"${text}"''$'\n' "${file}" || warn "Failed to prepend the text in ${file}" + else + sed -i -e '/'"${regexString}"'/i\'$'\n\\'"${text}"''$'\n' "${file}" || warn "Failed to prepend the text in ${file}" + fi +} + +# add text to beginning of the file +addText () { + local text="$1" + local file="$2" + + if [[ "$(checkFileExists "${file}")" != "true" ]]; then + return + fi + if [[ $(uname) == "Darwin" ]]; then + sed -i '' -e '1s/^/'"${text}"'\'$'\n/' "${file}" || warn "Failed to add the text in ${file}" + else + sed -i -e '1s/^/'"${text}"'\'$'\n/' "${file}" || warn "Failed to add the text in ${file}" + fi +} + +io_replaceString () { + local value="$1" + local firstString="$2" + local secondString="$3" + local separator=${4:-"/"} + local updateValue= + if [[ $(uname) == "Darwin" ]]; then + updateValue=$(echo "${value}" | sed "s${separator}${firstString}${separator}${secondString}${separator}") + else + updateValue=$(echo "${value}" | sed "s${separator}${firstString}${separator}${secondString}${separator}") + fi + echo -n "${updateValue}" +} + +_findYQ() { + # logSilly "Method ${FUNCNAME[0]}" (Intentionally not logging. Does not add value) + local parentDir="$1" + if [ -z "$parentDir" ]; then + return + fi + logDebug "Executing command [find "${parentDir}" -name third-party -type d]" + local yq=$(find "${parentDir}" -name third-party -type d) + if [ -d "${yq}/yq" ]; then + export YQ_PATH="${yq}/yq" + fi +} + + +io_setYQPath() { + # logSilly "Method ${FUNCNAME[0]}" (Intentionally not logging. Does not add value) + if [ "$(io_commandExists 'yq')" == "yes" ]; then + return + fi + + if [ ! -z "${JF_PRODUCT_HOME}" ] && [ -d "${JF_PRODUCT_HOME}" ]; then + _findYQ "${JF_PRODUCT_HOME}" + fi + + if [ -z "${YQ_PATH}" ] && [ ! -z "${COMPOSE_HOME}" ] && [ -d "${COMPOSE_HOME}" ]; then + _findYQ "${COMPOSE_HOME}" + fi + # TODO We can remove this block after all the code is restructured. + if [ -z "${YQ_PATH}" ] && [ ! -z "${SCRIPT_HOME}" ] && [ -d "${SCRIPT_HOME}" ]; then + _findYQ "${SCRIPT_HOME}" + fi + +} + +io_getLinuxDistribution() { + LINUX_DISTRIBUTION= + + # Make sure running on Linux + [ $(uname -s) != "Linux" ] && return + + # Find out what Linux distribution we are on + + cat /etc/*-release | grep -i Red >/dev/null 2>&1 && LINUX_DISTRIBUTION=RedHat || true + + # OS 6.x + cat /etc/issue.net | grep Red >/dev/null 2>&1 && LINUX_DISTRIBUTION=RedHat || true + + # OS 7.x + cat /etc/*-release | grep -i centos >/dev/null 2>&1 && LINUX_DISTRIBUTION=CentOS && LINUX_DISTRIBUTION_VER="7" || true + + # OS 8.x + grep -q -i "release 8" /etc/redhat-release >/dev/null 2>&1 && LINUX_DISTRIBUTION_VER="8" || true + + # OS 7.x + grep -q -i "release 7" /etc/redhat-release >/dev/null 2>&1 && LINUX_DISTRIBUTION_VER="7" || true + + # OS 6.x + grep -q -i "release 6" /etc/redhat-release >/dev/null 2>&1 && LINUX_DISTRIBUTION_VER="6" || true + + cat /etc/*-release | grep -i Red | grep -i 'VERSION=7' >/dev/null 2>&1 && LINUX_DISTRIBUTION=RedHat && LINUX_DISTRIBUTION_VER="7" || true + + cat /etc/*-release | grep -i debian >/dev/null 2>&1 && LINUX_DISTRIBUTION=Debian || true + + cat /etc/*-release | grep -i ubuntu >/dev/null 2>&1 && LINUX_DISTRIBUTION=Ubuntu || true +} + +## Utility method to check ownership of folders/files +## Failure conditions: + ## If invoked with incorrect inputs - FATAL + ## If file is not owned by the user & group +## Parameters: + ## user + ## group + ## folder to chown +## Globals: none +## Returns: none +## NOTE: The method does NOTHING if the OS is Mac +io_checkOwner () { + logSilly "Method ${FUNCNAME[0]}" + local osType=$(uname) + + if [ "${osType}" != "Linux" ]; then + logDebug "Unsupported OS. Skipping check" + return 0 + fi + + local file_to_check=$1 + local user_id_to_check=$2 + + + if [ -z "$user_id_to_check" ] || [ -z "$file_to_check" ]; then + errorExit "Invalid invocation of method. Missing mandatory inputs" + fi + + local group_id_to_check=${3:-$user_id_to_check} + local check_user_name=${4:-"no"} + + logDebug "Checking permissions on [$file_to_check] for user [$user_id_to_check] & group [$group_id_to_check]" + + local stat= + + if [ "${check_user_name}" == "yes" ]; then + stat=( $(stat -Lc "%U %G" ${file_to_check}) ) + else + stat=( $(stat -Lc "%u %g" ${file_to_check}) ) + fi + + local user_id=${stat[0]} + local group_id=${stat[1]} + + if [[ "${user_id}" != "${user_id_to_check}" ]] || [[ "${group_id}" != "${group_id_to_check}" ]] ; then + logDebug "Ownership mismatch. [${file_to_check}] is not owned by [${user_id_to_check}:${group_id_to_check}]" + return 1 + else + return 0 + fi +} + +## Utility method to change ownership of a file/folder - NON recursive +## Failure conditions: + ## If invoked with incorrect inputs - FATAL + ## If chown operation fails - returns 1 +## Parameters: + ## user + ## group + ## file to chown +## Globals: none +## Returns: none +## NOTE: The method does NOTHING if the OS is Mac + +io_setOwnershipNonRecursive() { + + local osType=$(uname) + if [ "${osType}" != "Linux" ]; then + return + fi + + local targetFile=$1 + local user=$2 + + if [ -z "$user" ] || [ -z "$targetFile" ]; then + errorExit "Invalid invocation of method. Missing mandatory inputs" + fi + + local group=${3:-$user} + logDebug "Method ${FUNCNAME[0]}. Executing [chown ${user}:${group} ${targetFile}]" + chown ${user}:${group} ${targetFile} || return 1 +} + +## Utility method to change ownership of a file. +## IMPORTANT +## If being called on a folder, should ONLY be called for fresh folders or may cause performance issues +## Failure conditions: + ## If invoked with incorrect inputs - FATAL + ## If chown operation fails - returns 1 +## Parameters: + ## user + ## group + ## file to chown +## Globals: none +## Returns: none +## NOTE: The method does NOTHING if the OS is Mac + +io_setOwnership() { + + local osType=$(uname) + if [ "${osType}" != "Linux" ]; then + return + fi + + local targetFile=$1 + local user=$2 + + if [ -z "$user" ] || [ -z "$targetFile" ]; then + errorExit "Invalid invocation of method. Missing mandatory inputs" + fi + + local group=${3:-$user} + logDebug "Method ${FUNCNAME[0]}. Executing [chown -R ${user}:${group} ${targetFile}]" + chown -R ${user}:${group} ${targetFile} || return 1 +} + +## Utility method to create third party folder structure necessary for Postgres +## Failure conditions: +## If creation of directory or assigning permissions fails +## Parameters: none +## Globals: +## POSTGRESQL_DATA_ROOT +## Returns: none +## NOTE: The method does NOTHING if the folder already exists +io_createPostgresDir() { + logDebug "Method ${FUNCNAME[0]}" + [ -z "${POSTGRESQL_DATA_ROOT}" ] && return 0 + + logDebug "Property [${POSTGRESQL_DATA_ROOT}] exists. Proceeding" + + createDir "${POSTGRESQL_DATA_ROOT}/data" + io_setOwnership "${POSTGRESQL_DATA_ROOT}" "${POSTGRES_USER}" "${POSTGRES_USER}" || errorExit "Setting ownership of [${POSTGRESQL_DATA_ROOT}] to [${POSTGRES_USER}:${POSTGRES_USER}] failed" +} + +## Utility method to create third party folder structure necessary for Nginx +## Failure conditions: +## If creation of directory or assigning permissions fails +## Parameters: none +## Globals: +## NGINX_DATA_ROOT +## Returns: none +## NOTE: The method does NOTHING if the folder already exists +io_createNginxDir() { + logDebug "Method ${FUNCNAME[0]}" + [ -z "${NGINX_DATA_ROOT}" ] && return 0 + + logDebug "Property [${NGINX_DATA_ROOT}] exists. Proceeding" + + createDir "${NGINX_DATA_ROOT}" + io_setOwnership "${NGINX_DATA_ROOT}" "${NGINX_USER}" "${NGINX_GROUP}" || errorExit "Setting ownership of [${NGINX_DATA_ROOT}] to [${NGINX_USER}:${NGINX_GROUP}] failed" +} + +## Utility method to create third party folder structure necessary for ElasticSearch +## Failure conditions: +## If creation of directory or assigning permissions fails +## Parameters: none +## Globals: +## ELASTIC_DATA_ROOT +## Returns: none +## NOTE: The method does NOTHING if the folder already exists +io_createElasticSearchDir() { + logDebug "Method ${FUNCNAME[0]}" + [ -z "${ELASTIC_DATA_ROOT}" ] && return 0 + + logDebug "Property [${ELASTIC_DATA_ROOT}] exists. Proceeding" + + createDir "${ELASTIC_DATA_ROOT}/data" + io_setOwnership "${ELASTIC_DATA_ROOT}" "${ES_USER}" "${ES_USER}" || errorExit "Setting ownership of [${ELASTIC_DATA_ROOT}] to [${ES_USER}:${ES_USER}] failed" +} + +## Utility method to create third party folder structure necessary for Redis +## Failure conditions: +## If creation of directory or assigning permissions fails +## Parameters: none +## Globals: +## REDIS_DATA_ROOT +## Returns: none +## NOTE: The method does NOTHING if the folder already exists +io_createRedisDir() { + logDebug "Method ${FUNCNAME[0]}" + [ -z "${REDIS_DATA_ROOT}" ] && return 0 + + logDebug "Property [${REDIS_DATA_ROOT}] exists. Proceeding" + + createDir "${REDIS_DATA_ROOT}" + io_setOwnership "${REDIS_DATA_ROOT}" "${REDIS_USER}" "${REDIS_USER}" || errorExit "Setting ownership of [${REDIS_DATA_ROOT}] to [${REDIS_USER}:${REDIS_USER}] failed" +} + +## Utility method to create third party folder structure necessary for Mongo +## Failure conditions: +## If creation of directory or assigning permissions fails +## Parameters: none +## Globals: +## MONGODB_DATA_ROOT +## Returns: none +## NOTE: The method does NOTHING if the folder already exists +io_createMongoDir() { + logDebug "Method ${FUNCNAME[0]}" + [ -z "${MONGODB_DATA_ROOT}" ] && return 0 + + logDebug "Property [${MONGODB_DATA_ROOT}] exists. Proceeding" + + createDir "${MONGODB_DATA_ROOT}/logs" + createDir "${MONGODB_DATA_ROOT}/configdb" + createDir "${MONGODB_DATA_ROOT}/db" + io_setOwnership "${MONGODB_DATA_ROOT}" "${MONGO_USER}" "${MONGO_USER}" || errorExit "Setting ownership of [${MONGODB_DATA_ROOT}] to [${MONGO_USER}:${MONGO_USER}] failed" +} + +## Utility method to create third party folder structure necessary for RabbitMQ +## Failure conditions: +## If creation of directory or assigning permissions fails +## Parameters: none +## Globals: +## RABBITMQ_DATA_ROOT +## Returns: none +## NOTE: The method does NOTHING if the folder already exists +io_createRabbitMQDir() { + logDebug "Method ${FUNCNAME[0]}" + [ -z "${RABBITMQ_DATA_ROOT}" ] && return 0 + + logDebug "Property [${RABBITMQ_DATA_ROOT}] exists. Proceeding" + + createDir "${RABBITMQ_DATA_ROOT}" + io_setOwnership "${RABBITMQ_DATA_ROOT}" "${RABBITMQ_USER}" "${RABBITMQ_USER}" || errorExit "Setting ownership of [${RABBITMQ_DATA_ROOT}] to [${RABBITMQ_USER}:${RABBITMQ_USER}] failed" +} + +# Add or replace a property in provided properties file +addOrReplaceProperty() { + local propertyName=$1 + local propertyValue=$2 + local propertiesPath=$3 + local delimiter=${4:-"="} + + # Return if any of the inputs are empty + [[ -z "$propertyName" || "$propertyName" == "" ]] && return + [[ -z "$propertyValue" || "$propertyValue" == "" ]] && return + [[ -z "$propertiesPath" || "$propertiesPath" == "" ]] && return + + grep "^${propertyName}\s*${delimiter}.*$" ${propertiesPath} > /dev/null 2>&1 + [ $? -ne 0 ] && echo -e "\n${propertyName}${delimiter}${propertyValue}" >> ${propertiesPath} + sed -i -e "s|^${propertyName}\s*${delimiter}.*$|${propertyName}${delimiter}${propertyValue}|g;" ${propertiesPath} +} + +# Set property only if its not set +io_setPropertyNoOverride(){ + local propertyName=$1 + local propertyValue=$2 + local propertiesPath=$3 + + # Return if any of the inputs are empty + [[ -z "$propertyName" || "$propertyName" == "" ]] && return + [[ -z "$propertyValue" || "$propertyValue" == "" ]] && return + [[ -z "$propertiesPath" || "$propertiesPath" == "" ]] && return + + grep "^${propertyName}:" ${propertiesPath} > /dev/null 2>&1 + if [ $? -ne 0 ]; then + echo -e "${propertyName}: ${propertyValue}" >> ${propertiesPath} || warn "Setting property ${propertyName}: ${propertyValue} in [ ${propertiesPath} ] failed" + else + logger "Skipping update of property : ${propertyName}" >&6 + fi +} + +# Add a line to a file if it doesn't already exist +addLine() { + local line_to_add=$1 + local target_file=$2 + logger "Trying to add line $1 to $2" >&6 2>&1 + cat "$target_file" | grep -F "$line_to_add" -wq >&6 2>&1 + if [ $? != 0 ]; then + logger "Line does not exist and will be added" >&6 2>&1 + echo $line_to_add >> $target_file || errorExit "Could not update $target_file" + fi +} + +# Utility method to check if a value (first paramter) exists in an array (2nd parameter) +# 1st parameter "value to find" +# 2nd parameter "The array to search in. Please pass a string with each value separated by space" +# Example: containsElement "y" "y Y n N" +containsElement () { + local searchElement=$1 + local searchArray=($2) + local found=1 + for elementInIndex in "${searchArray[@]}";do + if [[ $elementInIndex == $searchElement ]]; then + found=0 + fi + done + return $found +} + +# Utility method to get user's choice +# 1st parameter "what to ask the user" +# 2nd parameter "what choices to accept, separated by spaces" +# 3rd parameter "what is the default choice (to use if the user simply presses Enter)" +# Example 'getUserChoice "Are you feeling lucky? Punk!" "y n Y N" "y"' +getUserChoice(){ + configureLogOutput + read_timeout=${read_timeout:-0.5} + local choice="na" + local text_to_display=$1 + local choices=$2 + local default_choice=$3 + users_choice= + + until containsElement "$choice" "$choices"; do + echo "";echo ""; + sleep $read_timeout #This ensures correct placement of the question. + read -p "$text_to_display :" choice + : ${choice:=$default_choice} + done + users_choice=$choice + echo -e "\n$text_to_display: $users_choice" >&6 + sleep $read_timeout #This ensures correct logging +} + +setFilePermission () { + local permission=$1 + local file=$2 + chmod "${permission}" "${file}" || warn "Setting permission ${permission} to file [ ${file} ] failed" +} + + +#setting required paths +setAppDir (){ + SCRIPT_DIR=$(dirname $0) + SCRIPT_HOME="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" + APP_DIR="`cd "${SCRIPT_HOME}";pwd`" +} + +ZIP_TYPE="zip" +COMPOSE_TYPE="compose" +HELM_TYPE="helm" +RPM_TYPE="rpm" +DEB_TYPE="debian" + +sourceScript () { + local file="$1" + + [ ! -z "${file}" ] || errorExit "target file is not passed to source a file" + + if [ ! -f "${file}" ]; then + errorExit "${file} file is not found" + else + source "${file}" || errorExit "Unable to source ${file}, please check if the user ${USER} has permissions to perform this action" + fi +} +# Source required helpers +initHelpers () { + local systemYamlHelper="${APP_DIR}/systemYamlHelper.sh" + local thirdPartyDir=$(find ${APP_DIR}/.. -name third-party -type d) + export YQ_PATH="${thirdPartyDir}/yq" + LIBXML2_PATH="${thirdPartyDir}/libxml2/bin/xmllint" + export LD_LIBRARY_PATH="${thirdPartyDir}/libxml2/lib" + sourceScript "${systemYamlHelper}" +} +# Check migration info yaml file available in the path +checkMigrationInfoYaml () { + + if [[ -f "${APP_DIR}/migrationHelmInfo.yaml" ]]; then + MIGRATION_SYSTEM_YAML_INFO="${APP_DIR}/migrationHelmInfo.yaml" + INSTALLER="${HELM_TYPE}" + elif [[ -f "${APP_DIR}/migrationZipInfo.yaml" ]]; then + MIGRATION_SYSTEM_YAML_INFO="${APP_DIR}/migrationZipInfo.yaml" + INSTALLER="${ZIP_TYPE}" + elif [[ -f "${APP_DIR}/migrationRpmInfo.yaml" ]]; then + MIGRATION_SYSTEM_YAML_INFO="${APP_DIR}/migrationRpmInfo.yaml" + INSTALLER="${RPM_TYPE}" + elif [[ -f "${APP_DIR}/migrationDebInfo.yaml" ]]; then + MIGRATION_SYSTEM_YAML_INFO="${APP_DIR}/migrationDebInfo.yaml" + INSTALLER="${DEB_TYPE}" + elif [[ -f "${APP_DIR}/migrationComposeInfo.yaml" ]]; then + MIGRATION_SYSTEM_YAML_INFO="${APP_DIR}/migrationComposeInfo.yaml" + INSTALLER="${COMPOSE_TYPE}" + else + errorExit "File migration Info yaml does not exist in [${APP_DIR}]" + fi +} + +retrieveYamlValue () { + local yamlPath="$1" + local value="$2" + local output="$3" + local message="$4" + + [[ -z "${yamlPath}" ]] && errorExit "yamlPath is mandatory to get value from ${MIGRATION_SYSTEM_YAML_INFO}" + + getYamlValue "${yamlPath}" "${MIGRATION_SYSTEM_YAML_INFO}" "false" + value="${YAML_VALUE}" + if [[ -z "${value}" ]]; then + if [[ "${output}" == "Warning" ]]; then + warn "Empty value for ${yamlPath} in [${MIGRATION_SYSTEM_YAML_INFO}]" + elif [[ "${output}" == "Skip" ]]; then + return + else + errorExit "${message}" + fi + fi +} + +checkEnv () { + + if [[ "${INSTALLER}" == "${ZIP_TYPE}" ]]; then + # check Environment JF_PRODUCT_HOME is set before migration + NEW_DATA_DIR="$(evalVariable "NEW_DATA_DIR" "JF_PRODUCT_HOME")" + if [[ -z "${NEW_DATA_DIR}" ]]; then + errorExit "Environment variable JF_PRODUCT_HOME is not set, this is required to perform Migration" + fi + # appending var directory to $JF_PRODUCT_HOME + NEW_DATA_DIR="${NEW_DATA_DIR}/var" + elif [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then + getCustomDataDir_hook + NEW_DATA_DIR="${OLD_DATA_DIR}" + if [[ -z "${NEW_DATA_DIR}" ]] && [[ -z "${OLD_DATA_DIR}" ]]; then + errorExit "Could not find ${PROMPT_DATA_DIR_LOCATION} to perform Migration" + fi + else + # check Environment JF_ROOT_DATA_DIR is set before migration + OLD_DATA_DIR="$(evalVariable "OLD_DATA_DIR" "JF_ROOT_DATA_DIR")" + # check Environment JF_ROOT_DATA_DIR is set before migration + NEW_DATA_DIR="$(evalVariable "NEW_DATA_DIR" "JF_ROOT_DATA_DIR")" + if [[ -z "${NEW_DATA_DIR}" ]] && [[ -z "${OLD_DATA_DIR}" ]]; then + errorExit "Could not find ${PROMPT_DATA_DIR_LOCATION} to perform Migration" + fi + # appending var directory to $JF_PRODUCT_HOME + NEW_DATA_DIR="${NEW_DATA_DIR}/var" + fi + +} + +getDataDir () { + + if [[ "${INSTALLER}" == "${ZIP_TYPE}" || "${INSTALLER}" == "${COMPOSE_TYPE}"|| "${INSTALLER}" == "${HELM_TYPE}" ]]; then + checkEnv + else + getCustomDataDir_hook + NEW_DATA_DIR="`cd "${APP_DIR}"/../../;pwd`" + NEW_DATA_DIR="${NEW_DATA_DIR}/var" + fi +} + +# Retrieve Product name from MIGRATION_SYSTEM_YAML_INFO +getProduct () { + retrieveYamlValue "migration.product" "${YAML_VALUE}" "Fail" "Empty value under ${yamlPath} in [${MIGRATION_SYSTEM_YAML_INFO}]" + PRODUCT="${YAML_VALUE}" + PRODUCT=$(echo "${PRODUCT}" | tr '[:upper:]' '[:lower:]' 2>/dev/null) + if [[ "${PRODUCT}" != "artifactory" && "${PRODUCT}" != "distribution" && "${PRODUCT}" != "xray" ]]; then + errorExit "migration.product in [${MIGRATION_SYSTEM_YAML_INFO}] is not correct, please set based on product as ARTIFACTORY or DISTRIBUTION" + fi + if [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then + JF_USER="${PRODUCT}" + fi +} +# Compare product version with minProductVersion and maxProductVersion +migrateCheckVersion () { + local productVersion="$1" + local minProductVersion="$2" + local maxProductVersion="$3" + local productVersion618="6.18.0" + local unSupportedProductVersions7=("7.2.0 7.2.1") + + if [[ "$(io_compareVersions "${productVersion}" "${maxProductVersion}")" -eq 0 || "$(io_compareVersions "${productVersion}" "${maxProductVersion}")" -eq 1 ]]; then + logger "Migration not necessary. ${PRODUCT} is already ${productVersion}" + exit 11 + elif [[ "$(io_compareVersions "${productVersion}" "${minProductVersion}")" -eq 0 || "$(io_compareVersions "${productVersion}" "${minProductVersion}")" -eq 1 ]]; then + if [[ ("$(io_compareVersions "${productVersion}" "${productVersion618}")" -eq 0 || "$(io_compareVersions "${productVersion}" "${productVersion618}")" -eq 1) && " ${unSupportedProductVersions7[@]} " =~ " ${CURRENT_VERSION} " ]]; then + touch /tmp/error; + errorExit "Current ${PRODUCT} version (${productVersion}) does not support migration to ${CURRENT_VERSION}" + else + bannerStart "Detected ${PRODUCT} ${productVersion}, initiating migration" + fi + else + logger "Current ${PRODUCT} ${productVersion} version is not supported for migration" + exit 1 + fi +} + +getProductVersion () { + local minProductVersion="$1" + local maxProductVersion="$2" + local newfilePath="$3" + local oldfilePath="$4" + local propertyInDocker="$5" + local property="$6" + local productVersion= + local status= + + if [[ "$INSTALLER" == "${COMPOSE_TYPE}" ]]; then + if [[ -f "${oldfilePath}" ]]; then + if [[ "${PRODUCT}" == "artifactory" ]]; then + productVersion="$(readKey "${property}" "${oldfilePath}")" + else + productVersion="$(cat "${oldfilePath}")" + fi + status="success" + elif [[ -f "${newfilePath}" ]]; then + productVersion="$(readKey "${propertyInDocker}" "${newfilePath}")" + status="fail" + else + logger "File [${oldfilePath}] or [${newfilePath}] not found to get current version." + exit 0 + fi + elif [[ "$INSTALLER" == "${HELM_TYPE}" ]]; then + if [[ -f "${oldfilePath}" ]]; then + if [[ "${PRODUCT}" == "artifactory" ]]; then + productVersion="$(readKey "${property}" "${oldfilePath}")" + else + productVersion="$(cat "${oldfilePath}")" + fi + status="success" + else + productVersion="${CURRENT_VERSION}" + [[ -z "${productVersion}" || "${productVersion}" == "" ]] && logger "${PRODUCT} CURRENT_VERSION is not set" && exit 0 + fi + else + if [[ -f "${newfilePath}" ]]; then + productVersion="$(readKey "${property}" "${newfilePath}")" + status="fail" + elif [[ -f "${oldfilePath}" ]]; then + productVersion="$(readKey "${property}" "${oldfilePath}")" + status="success" + else + if [[ "${INSTALLER}" == "${ZIP_TYPE}" ]]; then + logger "File [${newfilePath}] not found to get current version." + else + logger "File [${oldfilePath}] or [${newfilePath}] not found to get current version." + fi + exit 0 + fi + fi + if [[ -z "${productVersion}" || "${productVersion}" == "" ]]; then + [[ "${status}" == "success" ]] && logger "No version found in file [${oldfilePath}]." + [[ "${status}" == "fail" ]] && logger "No version found in file [${newfilePath}]." + exit 0 + fi + + migrateCheckVersion "${productVersion}" "${minProductVersion}" "${maxProductVersion}" +} + +readKey () { + local property="$1" + local file="$2" + local version= + + while IFS='=' read -r key value || [ -n "${key}" ]; + do + [[ ! "${key}" =~ \#.* && ! -z "${key}" && ! -z "${value}" ]] + key="$(io_trim "${key}")" + if [[ "${key}" == "${property}" ]]; then + version="${value}" && check=true && break + else + check=false + fi + done < "${file}" + if [[ "${check}" == "false" ]]; then + return + fi + echo "${version}" +} + +# create Log directory +createLogDir () { + if [[ "${INSTALLER}" == "${DEB_TYPE}" || "${INSTALLER}" == "${RPM_TYPE}" ]]; then + getUserAndGroupFromFile + removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/log" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" + fi +} + +# Creating migration log file +creationMigrateLog () { + local LOG_FILE_NAME="migration.log" + createLogDir + local MIGRATION_LOG_FILE="${NEW_DATA_DIR}/log/${LOG_FILE_NAME}" + if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then + MIGRATION_LOG_FILE="${SCRIPT_HOME}/${LOG_FILE_NAME}" + fi + touch "${MIGRATION_LOG_FILE}" + setFilePermission "${LOG_FILE_PERMISSION}" "${MIGRATION_LOG_FILE}" + exec &> >(tee -a "${MIGRATION_LOG_FILE}") +} +# Set path where system.yaml should create +setSystemYamlPath () { + SYSTEM_YAML_PATH="${NEW_DATA_DIR}/etc/system.yaml" + if [[ "${INSTALLER}" != "${HELM_TYPE}" ]]; then + logger "system.yaml will be created in path [${SYSTEM_YAML_PATH}]" + fi +} +# Create directory +createDirectory () { + local directory="$1" + local output="$2" + local check=false + local message="Could not create directory ${directory}, please check if the user ${USER} has permissions to perform this action" + removeSoftLink "${directory}" + mkdir -p "${directory}" && check=true || check=false + if [[ "${check}" == "false" ]]; then + if [[ "${output}" == "Warning" ]]; then + warn "${message}" + else + errorExit "${message}" + fi + fi + setOwnershipBasedOnInstaller "${directory}" +} + +setOwnershipBasedOnInstaller () { + local directory="$1" + if [[ "${INSTALLER}" == "${DEB_TYPE}" || "${INSTALLER}" == "${RPM_TYPE}" ]]; then + getUserAndGroupFromFile + chown -R ${USER_TO_CHECK}:${GROUP_TO_CHECK} "${directory}" || warn "Setting ownership on $directory failed" + elif [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then + io_setOwnership "${directory}" "${JF_USER}" "${JF_USER}" + fi +} + +getUserAndGroup () { + local file="$1" + read uid gid <<<$(stat -c '%U %G' ${file}) + USER_TO_CHECK="${uid}" + GROUP_TO_CHECK="${gid}" +} + +# set ownership +getUserAndGroupFromFile () { + case $PRODUCT in + artifactory) + getUserAndGroup "/etc/opt/jfrog/artifactory/artifactory.properties" + ;; + distribution) + getUserAndGroup "${OLD_DATA_DIR}/etc/versions.properties" + ;; + xray) + getUserAndGroup "${OLD_DATA_DIR}/security/master.key" + ;; + esac +} + +# creating required directories +createRequiredDirs () { + bannerSubSection "CREATING REQUIRED DIRECTORIES" + if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then + removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/etc/security" "${JF_USER}" "${JF_USER}" "yes" + removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/data" "${JF_USER}" "${JF_USER}" "yes" + removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/log/archived" "${JF_USER}" "${JF_USER}" "yes" + removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/work" "${JF_USER}" "${JF_USER}" "yes" + removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/backup" "${JF_USER}" "${JF_USER}" "yes" + io_setOwnership "${NEW_DATA_DIR}" "${JF_USER}" "${JF_USER}" + if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" ]]; then + removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/data/postgres" "${POSTGRES_USER}" "${POSTGRES_USER}" "yes" + fi + elif [[ "${INSTALLER}" == "${DEB_TYPE}" || "${INSTALLER}" == "${RPM_TYPE}" ]]; then + getUserAndGroupFromFile + removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/etc" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" "yes" + removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/etc/security" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" "yes" + removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/data" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" "yes" + removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/log/archived" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" "yes" + removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/work" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" "yes" + removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/backup" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" "yes" + fi +} + +# Check entry in map is format +checkMapEntry () { + local entry="$1" + + [[ "${entry}" != *"="* ]] && echo -n "false" || echo -n "true" +} +# Check value Empty and warn +warnIfEmpty () { + local filePath="$1" + local yamlPath="$2" + local check= + + if [[ -z "${filePath}" ]]; then + warn "Empty value in yamlpath [${yamlPath} in [${MIGRATION_SYSTEM_YAML_INFO}]" + check=false + else + check=true + fi + echo "${check}" +} + +logCopyStatus () { + local status="$1" + local logMessage="$2" + local warnMessage="$3" + + [[ "${status}" == "success" ]] && logger "${logMessage}" + [[ "${status}" == "fail" ]] && warn "${warnMessage}" +} +# copy contents from source to destination +copyCmd () { + local source="$1" + local target="$2" + local mode="$3" + local status= + + case $mode in + unique) + cp -up "${source}"/* "${target}"/ && status="success" || status="fail" + logCopyStatus "${status}" "Successfully copied directory contents from [${source}] to [${target}]" "Failed to copy directory contents from [${source}] to [${target}]" + ;; + specific) + cp -pf "${source}" "${target}"/ && status="success" || status="fail" + logCopyStatus "${status}" "Successfully copied file [${source}] to [${target}]" "Failed to copy file [${source}] to [${target}]" + ;; + patternFiles) + cp -pf "${source}"* "${target}"/ && status="success" || status="fail" + logCopyStatus "${status}" "Successfully copied files matching [${source}*] to [${target}]" "Failed to copy files matching [${source}*] to [${target}]" + ;; + full) + cp -prf "${source}"/* "${target}"/ && status="success" || status="fail" + logCopyStatus "${status}" "Successfully copied directory contents from [${source}] to [${target}]" "Failed to copy directory contents from [${source}] to [${target}]" + ;; + esac +} +# Check contents exist in source before copying +copyOnContentExist () { + local source="$1" + local target="$2" + local mode="$3" + + if [[ "$(checkContentExists "${source}")" == "true" ]]; then + copyCmd "${source}" "${target}" "${mode}" + else + logger "No contents to copy from [${source}]" + fi +} + +# move source to destination +moveCmd () { + local source="$1" + local target="$2" + local status= + + mv -f "${source}" "${target}" && status="success" || status="fail" + [[ "${status}" == "success" ]] && logger "Successfully moved directory [${source}] to [${target}]" + [[ "${status}" == "fail" ]] && warn "Failed to move directory [${source}] to [${target}]" +} + +# symlink target to source +symlinkCmd () { + local source="$1" + local target="$2" + local symlinkSubDir="$3" + local check=false + + if [[ "${symlinkSubDir}" == "subDir" ]]; then + ln -sf "${source}"/* "${target}" && check=true || check=false + else + ln -sf "${source}" "${target}" && check=true || check=false + fi + + [[ "${check}" == "true" ]] && logger "Successfully symlinked directory [${target}] to old [${source}]" + [[ "${check}" == "false" ]] && warn "Symlink operation failed" +} +# Check contents exist in source before symlinking +symlinkOnExist () { + local source="$1" + local target="$2" + local symlinkSubDir="$3" + + if [[ "$(checkContentExists "${source}")" == "true" ]]; then + if [[ "${symlinkSubDir}" == "subDir" ]]; then + symlinkCmd "${source}" "${target}" "subDir" + else + symlinkCmd "${source}" "${target}" + fi + else + logger "No contents to symlink from [${source}]" + fi +} + +prependDir () { + local absolutePath="$1" + local fullPath="$2" + local sourcePath= + + if [[ "${absolutePath}" = \/* ]]; then + sourcePath="${absolutePath}" + else + sourcePath="${fullPath}" + fi + echo "${sourcePath}" +} + +getFirstEntry (){ + local entry="$1" + + [[ -z "${entry}" ]] && return + echo "${entry}" | awk -F"=" '{print $1}' +} + +getSecondEntry () { + local entry="$1" + + [[ -z "${entry}" ]] && return + echo "${entry}" | awk -F"=" '{print $2}' +} +# To get absolutePath +pathResolver () { + local directoryPath="$1" + local dataDir= + + if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then + retrieveYamlValue "migration.oldDataDir" "oldDataDir" "Warning" + dataDir="${YAML_VALUE}" + cd "${dataDir}" + else + cd "${OLD_DATA_DIR}" + fi + absoluteDir="`cd "${directoryPath}";pwd`" + echo "${absoluteDir}" +} + +checkPathResolver () { + local value="$1" + + if [[ "${value}" == \/* ]]; then + value="${value}" + else + value="$(pathResolver "${value}")" + fi + echo "${value}" +} + +propertyMigrate () { + local entry="$1" + local filePath="$2" + local fileName="$3" + local check=false + + local yamlPath="$(getFirstEntry "${entry}")" + local property="$(getSecondEntry "${entry}")" + if [[ -z "${property}" ]]; then + warn "Property is empty in map [${entry}] in the file [${MIGRATION_SYSTEM_YAML_INFO}]" + return + fi + if [[ -z "${yamlPath}" ]]; then + warn "yamlPath is empty for [${property}] in [${MIGRATION_SYSTEM_YAML_INFO}]" + return + fi + while IFS='=' read -r key value || [ -n "${key}" ]; + do + [[ ! "${key}" =~ \#.* && ! -z "${key}" && ! -z "${value}" ]] + key="$(io_trim "${key}")" + if [[ "${key}" == "${property}" ]]; then + if [[ "${PRODUCT}" == "artifactory" ]]; then + value="$(migrateResolveDerbyPath "${key}" "${value}")" + value="$(migrateResolveHaDirPath "${key}" "${value}")" + value="$(updatePostgresUrlString_Hook "${yamlPath}" "${value}")" + fi + if [[ "${key}" == "context.url" ]]; then + local ip=$(echo "${value}" | awk -F/ '{print $3}' | sed 's/:.*//') + setSystemValue "shared.node.ip" "${ip}" "${SYSTEM_YAML_PATH}" + logger "Setting [shared.node.ip] with [${ip}] in system.yaml" + fi + setSystemValue "${yamlPath}" "${value}" "${SYSTEM_YAML_PATH}" && logger "Setting [${yamlPath}] with value of the property [${property}] in system.yaml" && check=true && break || check=false + fi + done < "${NEW_DATA_DIR}/${filePath}/${fileName}" + [[ "${check}" == "false" ]] && logger "Property [${property}] not found in file [${fileName}]" +} + +setHaEnabled_hook () { + echo "" +} + +migratePropertiesFiles () { + local fileList= + local filePath= + local fileName= + local map= + + retrieveYamlValue "migration.propertyFiles.files" "fileList" "Skip" + fileList="${YAML_VALUE}" + if [[ -z "${fileList}" ]]; then + return + fi + bannerSection "PROCESSING MIGRATION OF PROPERTY FILES" + for file in ${fileList}; + do + bannerSubSection "Processing Migration of $file" + retrieveYamlValue "migration.propertyFiles.$file.filePath" "filePath" "Warning" + filePath="${YAML_VALUE}" + retrieveYamlValue "migration.propertyFiles.$file.fileName" "fileName" "Warning" + fileName="${YAML_VALUE}" + [[ -z "${filePath}" && -z "${fileName}" ]] && continue + if [[ "$(checkFileExists "${NEW_DATA_DIR}/${filePath}/${fileName}")" == "true" ]]; then + logger "File [${fileName}] found in path [${NEW_DATA_DIR}/${filePath}]" + # setting haEnabled with true only if ha-node.properties is present + setHaEnabled_hook "${filePath}" + retrieveYamlValue "migration.propertyFiles.$file.map" "map" "Warning" + map="${YAML_VALUE}" + [[ -z "${map}" ]] && continue + for entry in $map; + do + if [[ "$(checkMapEntry "${entry}")" == "true" ]]; then + propertyMigrate "${entry}" "${filePath}" "${fileName}" + else + warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e yamlPath=property" + fi + done + else + logger "File [${fileName}] was not found in path [${NEW_DATA_DIR}/${filePath}] to migrate" + fi + done +} + +createTargetDir () { + local mountDir="$1" + local target="$2" + + logger "Target directory not found [${mountDir}/${target}], creating it" + createDirectoryRecursive "${mountDir}" "${target}" "Warning" +} + +createDirectoryRecursive () { + local mountDir="$1" + local target="$2" + local output="$3" + local check=false + local message="Could not create directory ${directory}, please check if the user ${USER} has permissions to perform this action" + removeSoftLink "${mountDir}/${target}" + local directory=$(echo "${target}" | tr '/' ' ' ) + local targetDir="${mountDir}" + for dir in ${directory}; + do + targetDir="${targetDir}/${dir}" + mkdir -p "${targetDir}" && check=true || check=false + setOwnershipBasedOnInstaller "${targetDir}" + done + if [[ "${check}" == "false" ]]; then + if [[ "${output}" == "Warning" ]]; then + warn "${message}" + else + errorExit "${message}" + fi + fi +} + +copyOperation () { + local source="$1" + local target="$2" + local mode="$3" + local check=false + local targetDataDir= + local targetLink= + local date= + + # prepend OLD_DATA_DIR only if source is relative path + source="$(prependDir "${source}" "${OLD_DATA_DIR}/${source}")" + if [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then + targetDataDir="${NEW_DATA_DIR}" + else + targetDataDir="`cd "${NEW_DATA_DIR}"/../;pwd`" + fi + copyLogMessage "${mode}" + #remove source if it is a symlink + if [[ -L "${source}" ]]; then + targetLink=$(readlink -f "${source}") + logger "Removing the symlink [${source}] pointing to [${targetLink}]" + rm -f "${source}" + source=${targetLink} + fi + if [[ "$(checkDirExists "${source}")" != "true" ]]; then + logger "Source [${source}] directory not found in path" + return + fi + if [[ "$(checkDirContents "${source}")" != "true" ]]; then + logger "No contents to copy from [${source}]" + return + fi + if [[ "$(checkDirExists "${targetDataDir}/${target}")" != "true" ]]; then + createTargetDir "${targetDataDir}" "${target}" + fi + copyOnContentExist "${source}" "${targetDataDir}/${target}" "${mode}" +} + +copySpecificFiles () { + local source="$1" + local target="$2" + local mode="$3" + + # prepend OLD_DATA_DIR only if source is relative path + source="$(prependDir "${source}" "${OLD_DATA_DIR}/${source}")" + if [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then + targetDataDir="${NEW_DATA_DIR}" + else + targetDataDir="`cd "${NEW_DATA_DIR}"/../;pwd`" + fi + copyLogMessage "${mode}" + if [[ "$(checkFileExists "${source}")" != "true" ]]; then + logger "Source file [${source}] does not exist in path" + return + fi + if [[ "$(checkDirExists "${targetDataDir}/${target}")" != "true" ]]; then + createTargetDir "${targetDataDir}" "${target}" + fi + copyCmd "${source}" "${targetDataDir}/${target}" "${mode}" +} + +copyPatternMatchingFiles () { + local source="$1" + local target="$2" + local mode="$3" + local sourcePath="${4}" + + # prepend OLD_DATA_DIR only if source is relative path + sourcePath="$(prependDir "${sourcePath}" "${OLD_DATA_DIR}/${sourcePath}")" + if [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then + targetDataDir="${NEW_DATA_DIR}" + else + targetDataDir="`cd "${NEW_DATA_DIR}"/../;pwd`" + fi + copyLogMessage "${mode}" + if [[ "$(checkDirExists "${sourcePath}")" != "true" ]]; then + logger "Source [${sourcePath}] directory not found in path" + return + fi + if ls "${sourcePath}/${source}"* 1> /dev/null 2>&1; then + if [[ "$(checkDirExists "${targetDataDir}/${target}")" != "true" ]]; then + createTargetDir "${targetDataDir}" "${target}" + fi + copyCmd "${sourcePath}/${source}" "${targetDataDir}/${target}" "${mode}" + else + logger "Source file [${sourcePath}/${source}*] does not exist in path" + fi +} + +copyLogMessage () { + local mode="$1" + case $mode in + specific) + logger "Copy file [${source}] to target [${targetDataDir}/${target}]" + ;; + patternFiles) + logger "Copy files matching [${sourcePath}/${source}*] to target [${targetDataDir}/${target}]" + ;; + full) + logger "Copy directory contents from source [${source}] to target [${targetDataDir}/${target}]" + ;; + unique) + logger "Copy directory contents from source [${source}] to target [${targetDataDir}/${target}]" + ;; + esac +} + +copyBannerMessages () { + local mode="$1" + local textMode="$2" + case $mode in + specific) + bannerSection "COPY ${textMode} FILES" + ;; + patternFiles) + bannerSection "COPY MATCHING ${textMode}" + ;; + full) + bannerSection "COPY ${textMode} DIRECTORIES CONTENTS" + ;; + unique) + bannerSection "COPY ${textMode} DIRECTORIES CONTENTS" + ;; + esac +} + +invokeCopyFunctions () { + local mode="$1" + local source="$2" + local target="$3" + + case $mode in + specific) + copySpecificFiles "${source}" "${target}" "${mode}" + ;; + patternFiles) + retrieveYamlValue "migration.${copyFormat}.sourcePath" "map" "Warning" + local sourcePath="${YAML_VALUE}" + copyPatternMatchingFiles "${source}" "${target}" "${mode}" "${sourcePath}" + ;; + full) + copyOperation "${source}" "${target}" "${mode}" + ;; + unique) + copyOperation "${source}" "${target}" "${mode}" + ;; + esac +} +# Copies contents from source directory and target directory +copyDataDirectories () { + local copyFormat="$1" + local mode="$2" + local map= + local source= + local target= + local textMode= + local targetDataDir= + local copyFormatValue= + + retrieveYamlValue "migration.${copyFormat}" "${copyFormat}" "Skip" + copyFormatValue="${YAML_VALUE}" + if [[ -z "${copyFormatValue}" ]]; then + return + fi + textMode=$(echo "${mode}" | tr '[:lower:]' '[:upper:]' 2>/dev/null) + copyBannerMessages "${mode}" "${textMode}" + retrieveYamlValue "migration.${copyFormat}.map" "map" "Warning" + map="${YAML_VALUE}" + if [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then + targetDataDir="${NEW_DATA_DIR}" + else + targetDataDir="`cd "${NEW_DATA_DIR}"/../;pwd`" + fi + for entry in $map; + do + if [[ "$(checkMapEntry "${entry}")" == "true" ]]; then + source="$(getSecondEntry "${entry}")" + target="$(getFirstEntry "${entry}")" + [[ -z "${source}" ]] && warn "source value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue + [[ -z "${target}" ]] && warn "target value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue + invokeCopyFunctions "${mode}" "${source}" "${target}" + else + warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e target=source" + fi + echo ""; + done +} + +invokeMoveFunctions () { + local source="$1" + local target="$2" + local sourceDataDir= + local targetBasename= + # prepend OLD_DATA_DIR only if source is relative path + sourceDataDir=$(prependDir "${source}" "${OLD_DATA_DIR}/${source}") + targetBasename=$(dirname "${target}") + logger "Moving directory source [${sourceDataDir}] to target [${NEW_DATA_DIR}/${target}]" + if [[ "$(checkDirExists "${sourceDataDir}")" != "true" ]]; then + logger "Directory [${sourceDataDir}] not found in path to move" + return + fi + if [[ "$(checkDirExists "${NEW_DATA_DIR}/${targetBasename}")" != "true" ]]; then + createTargetDir "${NEW_DATA_DIR}" "${targetBasename}" + moveCmd "${sourceDataDir}" "${NEW_DATA_DIR}/${target}" + else + moveCmd "${sourceDataDir}" "${NEW_DATA_DIR}/tempDir" + moveCmd "${NEW_DATA_DIR}/tempDir" "${NEW_DATA_DIR}/${target}" + fi +} + +# Move source directory and target directory +moveDirectories () { + local moveDataDirectories= + local map= + local source= + local target= + + retrieveYamlValue "migration.moveDirectories" "moveDirectories" "Skip" + moveDirectories="${YAML_VALUE}" + if [[ -z "${moveDirectories}" ]]; then + return + fi + bannerSection "MOVE DIRECTORIES" + retrieveYamlValue "migration.moveDirectories.map" "map" "Warning" + map="${YAML_VALUE}" + for entry in $map; + do + if [[ "$(checkMapEntry "${entry}")" == "true" ]]; then + source="$(getSecondEntry "${entry}")" + target="$(getFirstEntry "${entry}")" + [[ -z "${source}" ]] && warn "source value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue + [[ -z "${target}" ]] && warn "target value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue + invokeMoveFunctions "${source}" "${target}" + else + warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e target=source" + fi + echo ""; + done +} + +# Trim masterKey if its generated using hex 32 +trimMasterKey () { + local masterKeyDir=/opt/jfrog/artifactory/var/etc/security + local oldMasterKey=$(<${masterKeyDir}/master.key) + local oldMasterKey_Length=$(echo ${#oldMasterKey}) + local newMasterKey= + if [[ ${oldMasterKey_Length} -gt 32 ]]; then + bannerSection "TRIM MASTERKEY" + newMasterKey=$(echo ${oldMasterKey:0:32}) + cp ${masterKeyDir}/master.key ${masterKeyDir}/backup_master.key + logger "Original masterKey is backed up : ${masterKeyDir}/backup_master.key" + rm -rf ${masterKeyDir}/master.key + echo ${newMasterKey} > ${masterKeyDir}/master.key + logger "masterKey is trimmed : ${masterKeyDir}/master.key" + fi +} + +copyDirectories () { + + copyDataDirectories "copyFiles" "full" + copyDataDirectories "copyUniqueFiles" "unique" + copyDataDirectories "copySpecificFiles" "specific" + copyDataDirectories "copyPatternMatchingFiles" "patternFiles" +} + +symlinkDir () { + local source="$1" + local target="$2" + local targetDir= + local basename= + local targetParentDir= + + targetDir="$(dirname "${target}")" + if [[ "${targetDir}" == "${source}" ]]; then + # symlink the sub directories + createDirectory "${NEW_DATA_DIR}/${target}" "Warning" + if [[ "$(checkDirExists "${NEW_DATA_DIR}/${target}")" == "true" ]]; then + symlinkOnExist "${OLD_DATA_DIR}/${source}" "${NEW_DATA_DIR}/${target}" "subDir" + basename="$(basename "${target}")" + cd "${NEW_DATA_DIR}/${target}" && rm -f "${basename}" + fi + else + targetParentDir="$(dirname "${NEW_DATA_DIR}/${target}")" + createDirectory "${targetParentDir}" "Warning" + if [[ "$(checkDirExists "${targetParentDir}")" == "true" ]]; then + symlinkOnExist "${OLD_DATA_DIR}/${source}" "${NEW_DATA_DIR}/${target}" + fi + fi +} + +symlinkOperation () { + local source="$1" + local target="$2" + local check=false + local targetLink= + local date= + + # Check if source is a link and do symlink + if [[ -L "${OLD_DATA_DIR}/${source}" ]]; then + targetLink=$(readlink -f "${OLD_DATA_DIR}/${source}") + symlinkOnExist "${targetLink}" "${NEW_DATA_DIR}/${target}" + else + # check if source is directory and do symlink + if [[ "$(checkDirExists "${OLD_DATA_DIR}/${source}")" != "true" ]]; then + logger "Source [${source}] directory not found in path to symlink" + return + fi + if [[ "$(checkDirContents "${OLD_DATA_DIR}/${source}")" != "true" ]]; then + logger "No contents found in [${OLD_DATA_DIR}/${source}] to symlink" + return + fi + if [[ "$(checkDirExists "${NEW_DATA_DIR}/${target}")" != "true" ]]; then + logger "Target directory [${NEW_DATA_DIR}/${target}] does not exist to create symlink, creating it" + symlinkDir "${source}" "${target}" + else + rm -rf "${NEW_DATA_DIR}/${target}" && check=true || check=false + [[ "${check}" == "false" ]] && warn "Failed to remove contents in [${NEW_DATA_DIR}/${target}/]" + symlinkDir "${source}" "${target}" + fi + fi +} +# Creates a symlink path - Source directory to which the symbolic link should point. +symlinkDirectories () { + local linkFiles= + local map= + local source= + local target= + + retrieveYamlValue "migration.linkFiles" "linkFiles" "Skip" + linkFiles="${YAML_VALUE}" + if [[ -z "${linkFiles}" ]]; then + return + fi + bannerSection "SYMLINK DIRECTORIES" + retrieveYamlValue "migration.linkFiles.map" "map" "Warning" + map="${YAML_VALUE}" + for entry in $map; + do + if [[ "$(checkMapEntry "${entry}")" == "true" ]]; then + source="$(getSecondEntry "${entry}")" + target="$(getFirstEntry "${entry}")" + logger "Symlink directory [${NEW_DATA_DIR}/${target}] to old [${OLD_DATA_DIR}/${source}]" + [[ -z "${source}" ]] && warn "source value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue + [[ -z "${target}" ]] && warn "target value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue + symlinkOperation "${source}" "${target}" + else + warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e target=source" + fi + echo ""; + done +} + +updateConnectionString () { + local yamlPath="$1" + local value="$2" + local mongoPath="shared.mongo.url" + local rabbitmqPath="shared.rabbitMq.url" + local postgresPath="shared.database.url" + local redisPath="shared.redis.connectionString" + local mongoConnectionString="mongo.connectionString" + local sourceKey= + local hostIp=$(io_getPublicHostIP) + local hostKey= + + if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then + # Replace @postgres:,@mongodb:,@rabbitmq:,@redis: to @{hostIp}: (Compose Installer) + hostKey="@${hostIp}:" + case $yamlPath in + ${postgresPath}) + sourceKey="@postgres:" + value=$(io_replaceString "${value}" "${sourceKey}" "${hostKey}") + ;; + ${mongoPath}) + sourceKey="@mongodb:" + value=$(io_replaceString "${value}" "${sourceKey}" "${hostKey}") + ;; + ${rabbitmqPath}) + sourceKey="@rabbitmq:" + value=$(io_replaceString "${value}" "${sourceKey}" "${hostKey}") + ;; + ${redisPath}) + sourceKey="@redis:" + value=$(io_replaceString "${value}" "${sourceKey}" "${hostKey}") + ;; + ${mongoConnectionString}) + sourceKey="@mongodb:" + value=$(io_replaceString "${value}" "${sourceKey}" "${hostKey}") + ;; + esac + fi + echo -n "${value}" +} + +yamlMigrate () { + local entry="$1" + local sourceFile="$2" + local value= + local yamlPath= + local key= + yamlPath="$(getFirstEntry "${entry}")" + key="$(getSecondEntry "${entry}")" + if [[ -z "${key}" ]]; then + warn "key is empty in map [${entry}] in the file [${MIGRATION_SYSTEM_YAML_INFO}]" + return + fi + if [[ -z "${yamlPath}" ]]; then + warn "yamlPath is empty for [${key}] in [${MIGRATION_SYSTEM_YAML_INFO}]" + return + fi + getYamlValue "${key}" "${sourceFile}" "false" + value="${YAML_VALUE}" + if [[ ! -z "${value}" ]]; then + value=$(updateConnectionString "${yamlPath}" "${value}") + fi + if [[ "${PRODUCT}" == "artifactory" ]]; then + replicatorProfiling + fi + if [[ -z "${value}" ]]; then + logger "No value for [${key}] in [${sourceFile}]" + else + setSystemValue "${yamlPath}" "${value}" "${SYSTEM_YAML_PATH}" + logger "Setting [${yamlPath}] with value of the key [${key}] in system.yaml" + fi +} + +migrateYamlFile () { + local files= + local filePath= + local fileName= + local sourceFile= + local map= + retrieveYamlValue "migration.yaml.files" "files" "Skip" + files="${YAML_VALUE}" + if [[ -z "${files}" ]]; then + return + fi + bannerSection "MIGRATION OF YAML FILES" + for file in $files; + do + bannerSubSection "Processing Migration of $file" + retrieveYamlValue "migration.yaml.$file.filePath" "filePath" "Warning" + filePath="${YAML_VALUE}" + retrieveYamlValue "migration.yaml.$file.fileName" "fileName" "Warning" + fileName="${YAML_VALUE}" + [[ -z "${filePath}" && -z "${fileName}" ]] && continue + sourceFile="${NEW_DATA_DIR}/${filePath}/${fileName}" + if [[ "$(checkFileExists "${sourceFile}")" == "true" ]]; then + logger "File [${fileName}] found in path [${NEW_DATA_DIR}/${filePath}]" + retrieveYamlValue "migration.yaml.$file.map" "map" "Warning" + map="${YAML_VALUE}" + [[ -z "${map}" ]] && continue + for entry in $map; + do + if [[ "$(checkMapEntry "${entry}")" == "true" ]]; then + yamlMigrate "${entry}" "${sourceFile}" + else + warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e yamlPath=key" + fi + done + else + logger "File [${fileName}] is not found in path [${NEW_DATA_DIR}/${filePath}] to migrate" + fi + done +} +# updates the key and value in system.yaml +updateYamlKeyValue () { + local entry="$1" + local value= + local yamlPath= + local key= + + yamlPath="$(getFirstEntry "${entry}")" + value="$(getSecondEntry "${entry}")" + if [[ -z "${value}" ]]; then + warn "value is empty in map [${entry}] in the file [${MIGRATION_SYSTEM_YAML_INFO}]" + return + fi + if [[ -z "${yamlPath}" ]]; then + warn "yamlPath is empty for [${key}] in [${MIGRATION_SYSTEM_YAML_INFO}]" + return + fi + setSystemValue "${yamlPath}" "${value}" "${SYSTEM_YAML_PATH}" + logger "Setting [${yamlPath}] with value [${value}] in system.yaml" +} + +updateSystemYamlFile () { + local updateYaml= + local map= + + retrieveYamlValue "migration.updateSystemYaml" "updateYaml" "Skip" + updateSystemYaml="${YAML_VALUE}" + if [[ -z "${updateSystemYaml}" ]]; then + return + fi + bannerSection "UPDATE SYSTEM YAML FILE WITH KEY AND VALUES" + retrieveYamlValue "migration.updateSystemYaml.map" "map" "Warning" + map="${YAML_VALUE}" + if [[ -z "${map}" ]]; then + return + fi + for entry in $map; + do + if [[ "$(checkMapEntry "${entry}")" == "true" ]]; then + updateYamlKeyValue "${entry}" + else + warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e yamlPath=key" + fi + done +} + +backupFiles_hook () { + logSilly "Method ${FUNCNAME[0]}" +} + +backupDirectory () { + local backupDir="$1" + local dir="$2" + local targetDir="$3" + local effectiveUser= + local effectiveGroup= + + if [[ "${dir}" = \/* ]]; then + dir=$(echo "${dir/\//}") + fi + + if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then + effectiveUser="${JF_USER}" + effectiveGroup="${JF_USER}" + elif [[ "${INSTALLER}" == "${DEB_TYPE}" || "${INSTALLER}" == "${RPM_TYPE}" ]]; then + effectiveUser="${USER_TO_CHECK}" + effectiveGroup="${GROUP_TO_CHECK}" + fi + + removeSoftLinkAndCreateDir "${backupDir}" "${effectiveUser}" "${effectiveGroup}" "yes" + local backupDirectory="${backupDir}/${PRODUCT}" + removeSoftLinkAndCreateDir "${backupDirectory}" "${effectiveUser}" "${effectiveGroup}" "yes" + removeSoftLinkAndCreateDir "${backupDirectory}/${dir}" "${effectiveUser}" "${effectiveGroup}" "yes" + local outputCheckDirExists="$(checkDirExists "${backupDirectory}/${dir}")" + if [[ "${outputCheckDirExists}" == "true" ]]; then + copyOnContentExist "${targetDir}" "${backupDirectory}/${dir}" "full" + fi +} + +removeOldDirectory () { + local backupDir="$1" + local entry="$2" + local check=false + + # prepend OLD_DATA_DIR only if entry is relative path + local targetDir="$(prependDir "${entry}" "${OLD_DATA_DIR}/${entry}")" + local outputCheckDirExists="$(checkDirExists "${targetDir}")" + if [[ "${outputCheckDirExists}" != "true" ]]; then + logger "No [${targetDir}] directory found to delete" + echo ""; + return + fi + backupDirectory "${backupDir}" "${entry}" "${targetDir}" + rm -rf "${targetDir}" && check=true || check=false + [[ "${check}" == "true" ]] && logger "Successfully removed directory [${targetDir}]" + [[ "${check}" == "false" ]] && warn "Failed to remove directory [${targetDir}]" + echo ""; +} + +cleanUpOldDataDirectories () { + local cleanUpOldDataDir= + local map= + local entry= + + retrieveYamlValue "migration.cleanUpOldDataDir" "cleanUpOldDataDir" "Skip" + cleanUpOldDataDir="${YAML_VALUE}" + if [[ -z "${cleanUpOldDataDir}" ]]; then + return + fi + bannerSection "CLEAN UP OLD DATA DIRECTORIES" + retrieveYamlValue "migration.cleanUpOldDataDir.map" "map" "Warning" + map="${YAML_VALUE}" + [[ -z "${map}" ]] && continue + date="$(date +%Y%m%d%H%M)" + backupDir="${NEW_DATA_DIR}/backup/backup-${date}" + bannerImportant "****** Old data configurations are backedup in [${backupDir}] directory ******" + backupFiles_hook "${backupDir}/${PRODUCT}" + for entry in $map; + do + removeOldDirectory "${backupDir}" "${entry}" + done +} + +backupFiles () { + local backupDir="$1" + local dir="$2" + local targetDir="$3" + local fileName="$4" + local effectiveUser= + local effectiveGroup= + + if [[ "${dir}" = \/* ]]; then + dir=$(echo "${dir/\//}") + fi + + if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then + effectiveUser="${JF_USER}" + effectiveGroup="${JF_USER}" + elif [[ "${INSTALLER}" == "${DEB_TYPE}" || "${INSTALLER}" == "${RPM_TYPE}" ]]; then + effectiveUser="${USER_TO_CHECK}" + effectiveGroup="${GROUP_TO_CHECK}" + fi + + removeSoftLinkAndCreateDir "${backupDir}" "${effectiveUser}" "${effectiveGroup}" "yes" + local backupDirectory="${backupDir}/${PRODUCT}" + removeSoftLinkAndCreateDir "${backupDirectory}" "${effectiveUser}" "${effectiveGroup}" "yes" + removeSoftLinkAndCreateDir "${backupDirectory}/${dir}" "${effectiveUser}" "${effectiveGroup}" "yes" + local outputCheckDirExists="$(checkDirExists "${backupDirectory}/${dir}")" + if [[ "${outputCheckDirExists}" == "true" ]]; then + copyCmd "${targetDir}/${fileName}" "${backupDirectory}/${dir}" "specific" + fi +} + +removeOldFiles () { + local backupDir="$1" + local directoryName="$2" + local fileName="$3" + local check=false + + # prepend OLD_DATA_DIR only if entry is relative path + local targetDir="$(prependDir "${directoryName}" "${OLD_DATA_DIR}/${directoryName}")" + local outputCheckFileExists="$(checkFileExists "${targetDir}/${fileName}")" + if [[ "${outputCheckFileExists}" != "true" ]]; then + logger "No [${targetDir}/${fileName}] file found to delete" + return + fi + backupFiles "${backupDir}" "${directoryName}" "${targetDir}" "${fileName}" + rm -f "${targetDir}/${fileName}" && check=true || check=false + [[ "${check}" == "true" ]] && logger "Successfully removed file [${targetDir}/${fileName}]" + [[ "${check}" == "false" ]] && warn "Failed to remove file [${targetDir}/${fileName}]" + echo ""; +} + +cleanUpOldFiles () { + local cleanUpFiles= + local map= + local entry= + + retrieveYamlValue "migration.cleanUpOldFiles" "cleanUpOldFiles" "Skip" + cleanUpOldFiles="${YAML_VALUE}" + if [[ -z "${cleanUpOldFiles}" ]]; then + return + fi + bannerSection "CLEAN UP OLD FILES" + retrieveYamlValue "migration.cleanUpOldFiles.map" "map" "Warning" + map="${YAML_VALUE}" + [[ -z "${map}" ]] && continue + date="$(date +%Y%m%d%H%M)" + backupDir="${NEW_DATA_DIR}/backup/backup-${date}" + bannerImportant "****** Old files are backedup in [${backupDir}] directory ******" + for entry in $map; + do + local outputCheckMapEntry="$(checkMapEntry "${entry}")" + if [[ "${outputCheckMapEntry}" != "true" ]]; then + warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e directoryName=fileName" + fi + local fileName="$(getSecondEntry "${entry}")" + local directoryName="$(getFirstEntry "${entry}")" + [[ -z "${fileName}" ]] && warn "File name value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue + [[ -z "${directoryName}" ]] && warn "Directory name value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue + removeOldFiles "${backupDir}" "${directoryName}" "${fileName}" + echo ""; + done +} + +startMigration () { + bannerSection "STARTING MIGRATION" +} + +endMigration () { + bannerSection "MIGRATION COMPLETED SUCCESSFULLY" +} + +initialize () { + setAppDir + _pauseExecution "setAppDir" + initHelpers + _pauseExecution "initHelpers" + checkMigrationInfoYaml + _pauseExecution "checkMigrationInfoYaml" + getProduct + _pauseExecution "getProduct" + getDataDir + _pauseExecution "getDataDir" +} + +main () { + case $PRODUCT in + artifactory) + migrateArtifactory + ;; + distribution) + migrateDistribution + ;; + xray) + migrationXray + ;; + esac + exit 0 +} + +# Ensures meta data is logged +LOG_BEHAVIOR_ADD_META="$FLAG_Y" + + +migrateResolveDerbyPath () { + local key="$1" + local value="$2" + + if [[ "${key}" == "url" && "${value}" == *"db.home"* ]]; then + if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" ]]; then + derbyPath="/opt/jfrog/artifactory/var/data/artifactory/derby" + value=$(echo "${value}" | sed "s|{db.home}|$derbyPath|") + else + derbyPath="${NEW_DATA_DIR}/data/artifactory/derby" + value=$(echo "${value}" | sed "s|{db.home}|$derbyPath|") + fi + fi + echo "${value}" +} + +migrateResolveHaDirPath () { + local key="$1" + local value="$2" + + if [[ "${INSTALLER}" == "${RPM_TYPE}" || "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" || "${INSTALLER}" == "${DEB_TYPE}" ]]; then + if [[ "${key}" == "artifactory.ha.data.dir" || "${key}" == "artifactory.ha.backup.dir" ]]; then + value=$(checkPathResolver "${value}") + fi + fi + echo "${value}" +} +updatePostgresUrlString_Hook () { + local yamlPath="$1" + local value="$2" + local hostIp=$(io_getPublicHostIP) + local sourceKey="//postgresql:" + if [[ "${yamlPath}" == "shared.database.url" ]]; then + value=$(io_replaceString "${value}" "${sourceKey}" "//${hostIp}:" "#") + fi + echo "${value}" +} +# Check Artifactory product version +checkArtifactoryVersion () { + local minProductVersion="6.0.0" + local maxProductVersion="7.0.0" + local propertyInDocker="ARTIFACTORY_VERSION" + local property="artifactory.version" + + if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" ]]; then + local newfilePath="${APP_DIR}/../.env" + local oldfilePath="${OLD_DATA_DIR}/etc/artifactory.properties" + elif [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then + local oldfilePath="${OLD_DATA_DIR}/etc/artifactory.properties" + elif [[ "${INSTALLER}" == "${ZIP_TYPE}" ]]; then + local newfilePath="${NEW_DATA_DIR}/etc/artifactory/artifactory.properties" + local oldfilePath="${OLD_DATA_DIR}/etc/artifactory.properties" + else + local newfilePath="${NEW_DATA_DIR}/etc/artifactory/artifactory.properties" + local oldfilePath="/etc/opt/jfrog/artifactory/artifactory.properties" + fi + + getProductVersion "${minProductVersion}" "${maxProductVersion}" "${newfilePath}" "${oldfilePath}" "${propertyInDocker}" "${property}" +} + +getCustomDataDir_hook () { + retrieveYamlValue "migration.oldDataDir" "oldDataDir" "Fail" + OLD_DATA_DIR="${YAML_VALUE}" +} + +# Get protocol value of connector +getXmlConnectorProtocol () { + local i="$1" + local filePath="$2" + local fileName="$3" + local protocolValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@protocol' ${filePath}/${fileName} 2>/dev/null |awk -F"=" '{print $2}' | tr -d '"') + echo -e "${protocolValue}" +} + +# Get all attributes of connector +getXmlConnectorAttributes () { + local i="$1" + local filePath="$2" + local fileName="$3" + local connectorAttributes=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@*' ${filePath}/${fileName} 2>/dev/null) + # strip leading and trailing spaces + connectorAttributes=$(io_trim "${connectorAttributes}") + echo "${connectorAttributes}" +} + +# Get port value of connector +getXmlConnectorPort () { + local i="$1" + local filePath="$2" + local fileName="$3" + local portValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@port' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') + echo -e "${portValue}" +} + +# Get maxThreads value of connector +getXmlConnectorMaxThreads () { + local i="$1" + local filePath="$2" + local fileName="$3" + local maxThreadValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@maxThreads' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') + echo -e "${maxThreadValue}" +} +# Get sendReasonPhrase value of connector +getXmlConnectorSendReasonPhrase () { + local i="$1" + local filePath="$2" + local fileName="$3" + local sendReasonPhraseValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@sendReasonPhrase' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') + echo -e "${sendReasonPhraseValue}" +} +# Get relaxedPathChars value of connector +getXmlConnectorRelaxedPathChars () { + local i="$1" + local filePath="$2" + local fileName="$3" + local relaxedPathCharsValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@relaxedPathChars' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') + # strip leading and trailing spaces + relaxedPathCharsValue=$(io_trim "${relaxedPathCharsValue}") + echo -e "${relaxedPathCharsValue}" +} +# Get relaxedQueryChars value of connector +getXmlConnectorRelaxedQueryChars () { + local i="$1" + local filePath="$2" + local fileName="$3" + local relaxedQueryCharsValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@relaxedQueryChars' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') + # strip leading and trailing spaces + relaxedQueryCharsValue=$(io_trim "${relaxedQueryCharsValue}") + echo -e "${relaxedQueryCharsValue}" +} + +# Updating system.yaml with Connector port +setConnectorPort () { + local yamlPath="$1" + local valuePort="$2" + local portYamlPath= + if [[ -z "${yamlPath}" ]]; then + return + fi + if [[ -z "${valuePort}" ]]; then + warn "port value is empty, could not migrate to system.yaml" + return + fi + ## Getting port yaml path from migration info yaml + retrieveYamlValue "${yamlPath}" portYamlPath "Warning" + portYamlPath="${YAML_VALUE}" + if [[ -z "${portYamlPath}" ]]; then + return + fi + setSystemValue "${portYamlPath}" "${valuePort}" "${SYSTEM_YAML_PATH}" + logger "Setting [${portYamlPath}] with value [${valuePort}] in system.yaml" +} + +# Updating system.yaml with Connector maxThreads +setConnectorMaxThread () { + local yamlPath="$1" + local threadValue="$2" + local maxThreadYamlPath= + if [[ -z "${yamlPath}" ]]; then + return + fi + if [[ -z "${threadValue}" ]]; then + return + fi + ## Getting max Threads yaml path from migration info yaml + retrieveYamlValue "${yamlPath}" maxThreadYamlPath "Warning" + maxThreadYamlPath="${YAML_VALUE}" + if [[ -z "${maxThreadYamlPath}" ]]; then + return + fi + setSystemValue "${maxThreadYamlPath}" "${threadValue}" "${SYSTEM_YAML_PATH}" + logger "Setting [${maxThreadYamlPath}] with value [${threadValue}] in system.yaml" +} + +# Updating system.yaml with Connector sendReasonPhrase +setConnectorSendReasonPhrase () { + local yamlPath="$1" + local sendReasonPhraseValue="$2" + local sendReasonPhraseYamlPath= + if [[ -z "${yamlPath}" ]]; then + return + fi + if [[ -z "${sendReasonPhraseValue}" ]]; then + return + fi + ## Getting sendReasonPhrase yaml path from migration info yaml + retrieveYamlValue "${yamlPath}" sendReasonPhraseYamlPath "Warning" + sendReasonPhraseYamlPath="${YAML_VALUE}" + if [[ -z "${sendReasonPhraseYamlPath}" ]]; then + return + fi + setSystemValue "${sendReasonPhraseYamlPath}" "${sendReasonPhraseValue}" "${SYSTEM_YAML_PATH}" + logger "Setting [${sendReasonPhraseYamlPath}] with value [${sendReasonPhraseValue}] in system.yaml" +} + +# Updating system.yaml with Connector relaxedPathChars +setConnectorRelaxedPathChars () { + local yamlPath="$1" + local relaxedPathCharsValue="$2" + local relaxedPathCharsYamlPath= + if [[ -z "${yamlPath}" ]]; then + return + fi + if [[ -z "${relaxedPathCharsValue}" ]]; then + return + fi + ## Getting relaxedPathChars yaml path from migration info yaml + retrieveYamlValue "${yamlPath}" relaxedPathCharsYamlPath "Warning" + relaxedPathCharsYamlPath="${YAML_VALUE}" + if [[ -z "${relaxedPathCharsYamlPath}" ]]; then + return + fi + setSystemValue "${relaxedPathCharsYamlPath}" "${relaxedPathCharsValue}" "${SYSTEM_YAML_PATH}" + logger "Setting [${relaxedPathCharsYamlPath}] with value [${relaxedPathCharsValue}] in system.yaml" +} + +# Updating system.yaml with Connector relaxedQueryChars +setConnectorRelaxedQueryChars () { + local yamlPath="$1" + local relaxedQueryCharsValue="$2" + local relaxedQueryCharsYamlPath= + if [[ -z "${yamlPath}" ]]; then + return + fi + if [[ -z "${relaxedQueryCharsValue}" ]]; then + return + fi + ## Getting relaxedQueryChars yaml path from migration info yaml + retrieveYamlValue "${yamlPath}" relaxedQueryCharsYamlPath "Warning" + relaxedQueryCharsYamlPath="${YAML_VALUE}" + if [[ -z "${relaxedQueryCharsYamlPath}" ]]; then + return + fi + setSystemValue "${relaxedQueryCharsYamlPath}" "${relaxedQueryCharsValue}" "${SYSTEM_YAML_PATH}" + logger "Setting [${relaxedQueryCharsYamlPath}] with value [${relaxedQueryCharsValue}] in system.yaml" +} + +# Updating system.yaml with Connectors configurations +setConnectorExtraConfig () { + local yamlPath="$1" + local connectorAttributes="$2" + local extraConfigPath= + if [[ -z "${yamlPath}" ]]; then + return + fi + if [[ -z "${connectorAttributes}" ]]; then + return + fi + ## Getting extraConfig yaml path from migration info yaml + retrieveYamlValue "${yamlPath}" extraConfig "Warning" + extraConfigPath="${YAML_VALUE}" + if [[ -z "${extraConfigPath}" ]]; then + return + fi + # strip leading and trailing spaces + connectorAttributes=$(io_trim "${connectorAttributes}") + setSystemValue "${extraConfigPath}" "${connectorAttributes}" "${SYSTEM_YAML_PATH}" + logger "Setting [${extraConfigPath}] with connector attributes in system.yaml" +} + +# Updating system.yaml with extra Connectors +setExtraConnector () { + local yamlPath="$1" + local extraConnector="$2" + local extraConnectorYamlPath= + if [[ -z "${yamlPath}" ]]; then + return + fi + if [[ -z "${extraConnector}" ]]; then + return + fi + ## Getting extraConnecotr yaml path from migration info yaml + retrieveYamlValue "${yamlPath}" extraConnectorYamlPath "Warning" + extraConnectorYamlPath="${YAML_VALUE}" + if [[ -z "${extraConnectorYamlPath}" ]]; then + return + fi + getYamlValue "${extraConnectorYamlPath}" "${SYSTEM_YAML_PATH}" "false" + local connectorExtra="${YAML_VALUE}" + if [[ -z "${connectorExtra}" ]]; then + setSystemValue "${extraConnectorYamlPath}" "${extraConnector}" "${SYSTEM_YAML_PATH}" + logger "Setting [${extraConnectorYamlPath}] with extra connectors in system.yaml" + else + setSystemValue "${extraConnectorYamlPath}" "\"${connectorExtra} ${extraConnector}\"" "${SYSTEM_YAML_PATH}" + logger "Setting [${extraConnectorYamlPath}] with extra connectors in system.yaml" + fi +} + +# Migrate extra connectors to system.yaml +migrateExtraConnectors () { + local filePath="$1" + local fileName="$2" + local connectorCount="$3" + local excludeDefaultPort="$4" + local i="$5" + local extraConfig= + local extraConnector= + if [[ "${excludeDefaultPort}" == "yes" ]]; then + for ((i = 1 ; i <= "${connectorCount}" ; i++)); + do + local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") + [[ "${portValue}" != "${DEFAULT_ACCESS_PORT}" && "${portValue}" != "${DEFAULT_RT_PORT}" ]] || continue + extraConnector=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']' ${filePath}/${fileName} 2>/dev/null) + setExtraConnector "${EXTRA_CONFIG_YAMLPATH}" "${extraConnector}" + done + else + extraConnector=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']' ${filePath}/${fileName} 2>/dev/null) + setExtraConnector "${EXTRA_CONFIG_YAMLPATH}" "${extraConnector}" + fi +} + +# Migrate connector configurations +migrateConnectorConfig () { + local i="$1" + local protocolType="$2" + local portValue="$3" + local connectorPortYamlPath="$4" + local connectorMaxThreadYamlPath="$5" + local connectorAttributesYamlPath="$6" + local filePath="$7" + local fileName="$8" + local connectorSendReasonPhraseYamlPath="$9" + local connectorRelaxedPathCharsYamlPath="${10}" + local connectorRelaxedQueryCharsYamlPath="${11}" + + # migrate port + setConnectorPort "${connectorPortYamlPath}" "${portValue}" + + # migrate maxThreads + local maxThreadValue=$(getXmlConnectorMaxThreads "$i" "${filePath}" "${fileName}") + setConnectorMaxThread "${connectorMaxThreadYamlPath}" "${maxThreadValue}" + + # migrate sendReasonPhrase + local sendReasonPhraseValue=$(getXmlConnectorSendReasonPhrase "$i" "${filePath}" "${fileName}") + setConnectorSendReasonPhrase "${connectorSendReasonPhraseYamlPath}" "${sendReasonPhraseValue}" + + # migrate relaxedPathChars + local relaxedPathCharsValue=$(getXmlConnectorRelaxedPathChars "$i" "${filePath}" "${fileName}") + setConnectorRelaxedPathChars "${connectorRelaxedPathCharsYamlPath}" "\"${relaxedPathCharsValue}\"" + # migrate relaxedQueryChars + local relaxedQueryCharsValue=$(getXmlConnectorRelaxedQueryChars "$i" "${filePath}" "${fileName}") + setConnectorRelaxedQueryChars "${connectorRelaxedQueryCharsYamlPath}" "\"${relaxedQueryCharsValue}\"" + + # migrate all attributes to extra config except port , maxThread , sendReasonPhrase ,relaxedPathChars and relaxedQueryChars + local connectorAttributes=$(getXmlConnectorAttributes "$i" "${filePath}" "${fileName}") + connectorAttributes=$(echo "${connectorAttributes}" | sed 's/port="'${portValue}'"//g' | sed 's/maxThreads="'${maxThreadValue}'"//g' | sed 's/sendReasonPhrase="'${sendReasonPhraseValue}'"//g' | sed 's/relaxedPathChars="\'${relaxedPathCharsValue}'\"//g' | sed 's/relaxedQueryChars="\'${relaxedQueryCharsValue}'\"//g') + # strip leading and trailing spaces + connectorAttributes=$(io_trim "${connectorAttributes}") + setConnectorExtraConfig "${connectorAttributesYamlPath}" "${connectorAttributes}" +} + +# Check for default port 8040 and 8081 in connectors and migrate +migrateConnectorPort () { + local filePath="$1" + local fileName="$2" + local connectorCount="$3" + local defaultPort="$4" + local connectorPortYamlPath="$5" + local connectorMaxThreadYamlPath="$6" + local connectorAttributesYamlPath="$7" + local connectorSendReasonPhraseYamlPath="$8" + local connectorRelaxedPathCharsYamlPath="$9" + local connectorRelaxedQueryCharsYamlPath="${10}" + local portYamlPath= + local maxThreadYamlPath= + local status= + for ((i = 1 ; i <= "${connectorCount}" ; i++)); + do + local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") + local protocolType=$(getXmlConnectorProtocol "$i" "${filePath}" "${fileName}") + [[ "${protocolType}" == *AJP* ]] && continue + [[ "${portValue}" != "${defaultPort}" ]] && continue + if [[ "${portValue}" == "${DEFAULT_RT_PORT}" ]]; then + RT_DEFAULTPORT_STATUS=success + else + AC_DEFAULTPORT_STATUS=success + fi + migrateConnectorConfig "${i}" "${protocolType}" "${portValue}" "${connectorPortYamlPath}" "${connectorMaxThreadYamlPath}" "${connectorAttributesYamlPath}" "${filePath}" "${fileName}" "${connectorSendReasonPhraseYamlPath}" "${connectorRelaxedPathCharsYamlPath}" "${connectorRelaxedQueryCharsYamlPath}" + done +} + +# migrate to extra, connector having default port and protocol is AJP +migrateDefaultPortIfAjp () { + local filePath="$1" + local fileName="$2" + local connectorCount="$3" + local defaultPort="$4" + + for ((i = 1 ; i <= "${connectorCount}" ; i++)); + do + local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") + local protocolType=$(getXmlConnectorProtocol "$i" "${filePath}" "${fileName}") + [[ "${protocolType}" != *AJP* ]] && continue + [[ "${portValue}" != "${defaultPort}" ]] && continue + migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "no" "${i}" + done + +} + +# Comparing max threads in connectors +compareMaxThreads () { + local firstConnectorMaxThread="$1" + local firstConnectorNode="$2" + local secondConnectorMaxThread="$3" + local secondConnectorNode="$4" + local filePath="$5" + local fileName="$6" + + # choose higher maxThreads connector as Artifactory. + if [[ "${firstConnectorMaxThread}" -gt ${secondConnectorMaxThread} || "${firstConnectorMaxThread}" -eq ${secondConnectorMaxThread} ]]; then + # maxThread is higher in firstConnector, + # Taking firstConnector as Artifactory and SecondConnector as Access + # maxThread is equal in both connector,considering firstConnector as Artifactory and SecondConnector as Access + local rtPortValue=$(getXmlConnectorPort "${firstConnectorNode}" "${filePath}" "${fileName}") + migrateConnectorConfig "${firstConnectorNode}" "${protocolType}" "${rtPortValue}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" + local acPortValue=$(getXmlConnectorPort "${secondConnectorNode}" "${filePath}" "${fileName}") + migrateConnectorConfig "${secondConnectorNode}" "${protocolType}" "${acPortValue}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${AC_SENDREASONPHRASE_YAMLPATH}" + else + # maxThread is higher in SecondConnector, + # Taking SecondConnector as Artifactory and firstConnector as Access + local rtPortValue=$(getXmlConnectorPort "${secondConnectorNode}" "${filePath}" "${fileName}") + migrateConnectorConfig "${secondConnectorNode}" "${protocolType}" "${rtPortValue}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" + local acPortValue=$(getXmlConnectorPort "${firstConnectorNode}" "${filePath}" "${fileName}") + migrateConnectorConfig "${firstConnectorNode}" "${protocolType}" "${acPortValue}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${AC_SENDREASONPHRASE_YAMLPATH}" + fi +} + +# Check max threads exist to compare +maxThreadsExistToCompare () { + local filePath="$1" + local fileName="$2" + local connectorCount="$3" + local firstConnectorMaxThread= + local secondConnectorMaxThread= + local firstConnectorNode= + local secondConnectorNode= + local status=success + local firstnode=fail + + for ((i = 1 ; i <= "${connectorCount}" ; i++)); + do + local protocolType=$(getXmlConnectorProtocol "$i" "${filePath}" "${fileName}") + if [[ ${protocolType} == *AJP* ]]; then + # Migrate Connectors + migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "no" "${i}" + continue + fi + # store maxthreads value of each connector + if [[ ${firstnode} == "fail" ]]; then + firstConnectorMaxThread=$(getXmlConnectorMaxThreads "${i}" "${filePath}" "${fileName}") + firstConnectorNode="${i}" + firstnode=success + else + secondConnectorMaxThread=$(getXmlConnectorMaxThreads "${i}" "${filePath}" "${fileName}") + secondConnectorNode="${i}" + fi + done + [[ -z "${firstConnectorMaxThread}" ]] && status=fail + [[ -z "${secondConnectorMaxThread}" ]] && status=fail + # maxThreads is set, now compare MaxThreads + if [[ "${status}" == "success" ]]; then + compareMaxThreads "${firstConnectorMaxThread}" "${firstConnectorNode}" "${secondConnectorMaxThread}" "${secondConnectorNode}" "${filePath}" "${fileName}" + else + # Assume first connector is RT, maxThreads is not set in both connectors + local rtPortValue=$(getXmlConnectorPort "${firstConnectorNode}" "${filePath}" "${fileName}") + migrateConnectorConfig "${firstConnectorNode}" "${protocolType}" "${rtPortValue}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" + local acPortValue=$(getXmlConnectorPort "${secondConnectorNode}" "${filePath}" "${fileName}") + migrateConnectorConfig "${secondConnectorNode}" "${protocolType}" "${acPortValue}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${AC_SENDREASONPHRASE_YAMLPATH}" + fi +} + +migrateExtraBasedOnNonAjpCount () { + local nonAjpCount="$1" + local filePath="$2" + local fileName="$3" + local connectorCount="$4" + local i="$5" + + local protocolType=$(getXmlConnectorProtocol "$i" "${filePath}" "${fileName}") + if [[ "${protocolType}" == *AJP* ]]; then + if [[ "${nonAjpCount}" -eq 1 ]]; then + # migrateExtraConnectors + migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "no" "${i}" + continue + else + # migrateExtraConnectors + migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "yes" + continue + fi + fi +} + +# find RT and AC Connector +findRtAndAcConnector () { + local filePath="$1" + local fileName="$2" + local connectorCount="$3" + local initialAjpCount=0 + local nonAjpCount=0 + + # get the count of non AJP + for ((i = 1 ; i <= "${connectorCount}" ; i++)); + do + local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") + local protocolType=$(getXmlConnectorProtocol "$i" "${filePath}" "${fileName}") + [[ "${protocolType}" != *AJP* ]] || continue + nonAjpCount=$((initialAjpCount+1)) + initialAjpCount="${nonAjpCount}" + done + if [[ "${nonAjpCount}" -eq 1 ]]; then + # Add the connector found as access and artifactory connectors + # Mark port as 8040 for access + for ((i = 1 ; i <= "${connectorCount}" ; i++)) + do + migrateExtraBasedOnNonAjpCount "${nonAjpCount}" "${filePath}" "${fileName}" "${connectorCount}" "$i" + local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") + migrateConnectorConfig "$i" "${protocolType}" "${portValue}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" + migrateConnectorConfig "$i" "${protocolType}" "${portValue}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${AC_SENDREASONPHRASE_YAMLPATH}" + setConnectorPort "${AC_PORT_YAMLPATH}" "${DEFAULT_ACCESS_PORT}" + done + elif [[ "${nonAjpCount}" -eq 2 ]]; then + # compare maxThreads in both connectors + maxThreadsExistToCompare "${filePath}" "${fileName}" "${connectorCount}" + elif [[ "${nonAjpCount}" -gt 2 ]]; then + # migrateExtraConnectors + migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "yes" + elif [[ "${nonAjpCount}" -eq 0 ]]; then + # setting with default port in system.yaml + setConnectorPort "${RT_PORT_YAMLPATH}" "${DEFAULT_RT_PORT}" + setConnectorPort "${AC_PORT_YAMLPATH}" "${DEFAULT_ACCESS_PORT}" + # migrateExtraConnectors + migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "yes" + fi +} + +# get the count of non AJP +getCountOfNonAjp () { + local port="$1" + local connectorCount="$2" + local filePath=$3 + local fileName=$4 + local initialNonAjpCount=0 + + for ((i = 1 ; i <= "${connectorCount}" ; i++)); + do + local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") + local protocolType=$(getXmlConnectorProtocol "$i" "${filePath}" "${fileName}") + [[ "${portValue}" != "${port}" ]] || continue + [[ "${protocolType}" != *AJP* ]] || continue + local nonAjpCount=$((initialNonAjpCount+1)) + initialNonAjpCount="${nonAjpCount}" + done + echo -e "${nonAjpCount}" +} + +# Find for access connector +findAcConnector () { + local filePath="$1" + local fileName="$2" + local connectorCount="$3" + + # get the count of non AJP + local nonAjpCount=$(getCountOfNonAjp "${DEFAULT_RT_PORT}" "${connectorCount}" "${filePath}" "${fileName}") + if [[ "${nonAjpCount}" -eq 1 ]]; then + # Add the connector found as access connector and mark port as that of connector + for ((i = 1 ; i <= "${connectorCount}" ; i++)) + do + migrateExtraBasedOnNonAjpCount "${nonAjpCount}" "${filePath}" "${fileName}" "${connectorCount}" "$i" + local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") + if [[ "${portValue}" != "${DEFAULT_RT_PORT}" ]]; then + migrateConnectorConfig "$i" "${protocolType}" "${portValue}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${AC_SENDREASONPHRASE_YAMLPATH}" + fi + done + elif [[ "${nonAjpCount}" -gt 1 ]]; then + # Take RT properties into access with 8040 + for ((i = 1 ; i <= "${connectorCount}" ; i++)) + do + migrateExtraBasedOnNonAjpCount "${nonAjpCount}" "${filePath}" "${fileName}" "${connectorCount}" "$i" + local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") + if [[ "${portValue}" == "${DEFAULT_RT_PORT}" ]]; then + migrateConnectorConfig "$i" "${protocolType}" "${portValue}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${AC_SENDREASONPHRASE_YAMLPATH}" + setConnectorPort "${AC_PORT_YAMLPATH}" "${DEFAULT_ACCESS_PORT}" + fi + done + elif [[ "${nonAjpCount}" -eq 0 ]]; then + # Add RT connector details as access connector and mark port as 8040 + migrateConnectorPort "${filePath}" "${fileName}" "${connectorCount}" "${DEFAULT_RT_PORT}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${AC_SENDREASONPHRASE_YAMLPATH}" + setConnectorPort "${AC_PORT_YAMLPATH}" "${DEFAULT_ACCESS_PORT}" + # migrateExtraConnectors + migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "yes" + fi +} + +# Find for artifactory connector +findRtConnector () { + local filePath="$1" + local fileName="$2" + local connectorCount="$3" + + # get the count of non AJP + local nonAjpCount=$(getCountOfNonAjp "${DEFAULT_ACCESS_PORT}" "${connectorCount}" "${filePath}" "${fileName}") + if [[ "${nonAjpCount}" -eq 1 ]]; then + # Add the connector found as RT connector + for ((i = 1 ; i <= "${connectorCount}" ; i++)) + do + migrateExtraBasedOnNonAjpCount "${nonAjpCount}" "${filePath}" "${fileName}" "${connectorCount}" "$i" + local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") + if [[ "${portValue}" != "${DEFAULT_ACCESS_PORT}" ]]; then + migrateConnectorConfig "$i" "${protocolType}" "${portValue}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" + fi + done + elif [[ "${nonAjpCount}" -gt 1 ]]; then + # Take access properties into artifactory with 8081 + for ((i = 1 ; i <= "${connectorCount}" ; i++)) + do + migrateExtraBasedOnNonAjpCount "${nonAjpCount}" "${filePath}" "${fileName}" "${connectorCount}" "$i" + local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") + if [[ "${portValue}" == "${DEFAULT_ACCESS_PORT}" ]]; then + migrateConnectorConfig "$i" "${protocolType}" "${portValue}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" + setConnectorPort "${RT_PORT_YAMLPATH}" "${DEFAULT_RT_PORT}" + fi + done + elif [[ "${nonAjpCount}" -eq 0 ]]; then + # Add access connector details as RT connector and mark as ${DEFAULT_RT_PORT} + migrateConnectorPort "${filePath}" "${fileName}" "${connectorCount}" "${DEFAULT_ACCESS_PORT}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" + setConnectorPort "${RT_PORT_YAMLPATH}" "${DEFAULT_RT_PORT}" + # migrateExtraConnectors + migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "yes" + fi +} + +checkForTlsConnector () { + local filePath="$1" + local fileName="$2" + local connectorCount="$3" + for ((i = 1 ; i <= "${connectorCount}" ; i++)) + do + local sslProtocolValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@sslProtocol' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') + if [[ "${sslProtocolValue}" == "TLS" ]]; then + bannerImportant "NOTE: Ignoring TLS connector during migration, modify the system yaml to enable TLS. Original server.xml is saved in path [${filePath}/${fileName}]" + TLS_CONNECTOR_EXISTS=${FLAG_Y} + continue + fi + done +} + +# set custom tomcat server Listeners to system.yaml +setListenerConnector () { + local filePath="$1" + local fileName="$2" + local listenerCount="$3" + for ((i = 1 ; i <= "${listenerCount}" ; i++)) + do + local listenerConnector=$($LIBXML2_PATH --xpath '//Server/Listener['$i']' ${filePath}/${fileName} 2>/dev/null) + local listenerClassName=$($LIBXML2_PATH --xpath '//Server/Listener['$i']/@className' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') + if [[ "${listenerClassName}" == *Apr* ]]; then + setExtraConnector "${EXTRA_LISTENER_CONFIG_YAMLPATH}" "${listenerConnector}" + fi + done +} +# add custom tomcat server Listeners +addTomcatServerListeners () { + local filePath="$1" + local fileName="$2" + local listenerCount="$3" + if [[ "${listenerCount}" == "0" ]]; then + logger "No listener connectors found in the [${filePath}/${fileName}],skipping migration of listener connectors" + else + setListenerConnector "${filePath}" "${fileName}" "${listenerCount}" + setSystemValue "${RT_TOMCAT_HTTPSCONNECTOR_ENABLED}" "true" "${SYSTEM_YAML_PATH}" + logger "Setting [${RT_TOMCAT_HTTPSCONNECTOR_ENABLED}] with value [true] in system.yaml" + fi +} + +# server.xml migration operations +xmlMigrateOperation () { + local filePath="$1" + local fileName="$2" + local connectorCount="$3" + local listenerCount="$4" + RT_DEFAULTPORT_STATUS=fail + AC_DEFAULTPORT_STATUS=fail + TLS_CONNECTOR_EXISTS=${FLAG_N} + + # Check for connector with TLS , if found ignore migrating it + checkForTlsConnector "${filePath}" "${fileName}" "${connectorCount}" + if [[ "${TLS_CONNECTOR_EXISTS}" == "${FLAG_Y}" ]]; then + return + fi + addTomcatServerListeners "${filePath}" "${fileName}" "${listenerCount}" + # Migrate RT default port from connectors + migrateConnectorPort "${filePath}" "${fileName}" "${connectorCount}" "${DEFAULT_RT_PORT}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" + # Migrate to extra if RT default ports are AJP + migrateDefaultPortIfAjp "${filePath}" "${fileName}" "${connectorCount}" "${DEFAULT_RT_PORT}" + # Migrate AC default port from connectors + migrateConnectorPort "${filePath}" "${fileName}" "${connectorCount}" "${DEFAULT_ACCESS_PORT}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${AC_SENDREASONPHRASE_YAMLPATH}" + # Migrate to extra if access default ports are AJP + migrateDefaultPortIfAjp "${filePath}" "${fileName}" "${connectorCount}" "${DEFAULT_ACCESS_PORT}" + + if [[ "${AC_DEFAULTPORT_STATUS}" == "success" && "${RT_DEFAULTPORT_STATUS}" == "success" ]]; then + # RT and AC default port found + logger "Artifactory 8081 and Access 8040 default port are found" + migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "yes" + elif [[ "${AC_DEFAULTPORT_STATUS}" == "success" && "${RT_DEFAULTPORT_STATUS}" == "fail" ]]; then + # Only AC default port found,find RT connector + logger "Found Access default 8040 port" + findRtConnector "${filePath}" "${fileName}" "${connectorCount}" + elif [[ "${AC_DEFAULTPORT_STATUS}" == "fail" && "${RT_DEFAULTPORT_STATUS}" == "success" ]]; then + # Only RT default port found,find AC connector + logger "Found Artifactory default 8081 port" + findAcConnector "${filePath}" "${fileName}" "${connectorCount}" + elif [[ "${AC_DEFAULTPORT_STATUS}" == "fail" && "${RT_DEFAULTPORT_STATUS}" == "fail" ]]; then + # RT and AC default port not found, find connector + logger "Artifactory 8081 and Access 8040 default port are not found" + findRtAndAcConnector "${filePath}" "${fileName}" "${connectorCount}" + fi +} + +# get count of connectors +getXmlConnectorCount () { + local filePath="$1" + local fileName="$2" + local count=$($LIBXML2_PATH --xpath 'count(/Server/Service/Connector)' ${filePath}/${fileName}) + echo -e "${count}" +} + +# get count of listener connectors +getTomcatServerListenersCount () { + local filePath="$1" + local fileName="$2" + local count=$($LIBXML2_PATH --xpath 'count(/Server/Listener)' ${filePath}/${fileName}) + echo -e "${count}" +} + +# Migrate server.xml configuration to system.yaml +migrateXmlFile () { + local xmlFiles= + local fileName= + local filePath= + local sourceFilePath= + DEFAULT_ACCESS_PORT="8040" + DEFAULT_RT_PORT="8081" + AC_PORT_YAMLPATH="migration.xmlFiles.serverXml.access.port" + AC_MAXTHREADS_YAMLPATH="migration.xmlFiles.serverXml.access.maxThreads" + AC_SENDREASONPHRASE_YAMLPATH="migration.xmlFiles.serverXml.access.sendReasonPhrase" + AC_EXTRACONFIG_YAMLPATH="migration.xmlFiles.serverXml.access.extraConfig" + RT_PORT_YAMLPATH="migration.xmlFiles.serverXml.artifactory.port" + RT_MAXTHREADS_YAMLPATH="migration.xmlFiles.serverXml.artifactory.maxThreads" + RT_SENDREASONPHRASE_YAMLPATH='migration.xmlFiles.serverXml.artifactory.sendReasonPhrase' + RT_RELAXEDPATHCHARS_YAMLPATH='migration.xmlFiles.serverXml.artifactory.relaxedPathChars' + RT_RELAXEDQUERYCHARS_YAMLPATH='migration.xmlFiles.serverXml.artifactory.relaxedQueryChars' + RT_EXTRACONFIG_YAMLPATH="migration.xmlFiles.serverXml.artifactory.extraConfig" + ROUTER_PORT_YAMLPATH="migration.xmlFiles.serverXml.router.port" + EXTRA_CONFIG_YAMLPATH="migration.xmlFiles.serverXml.extra.config" + EXTRA_LISTENER_CONFIG_YAMLPATH="migration.xmlFiles.serverXml.extra.listener" + RT_TOMCAT_HTTPSCONNECTOR_ENABLED="artifactory.tomcat.httpsConnector.enabled" + + retrieveYamlValue "migration.xmlFiles" "xmlFiles" "Skip" + xmlFiles="${YAML_VALUE}" + if [[ -z "${xmlFiles}" ]]; then + return + fi + bannerSection "PROCESSING MIGRATION OF XML FILES" + retrieveYamlValue "migration.xmlFiles.serverXml.fileName" "fileName" "Warning" + fileName="${YAML_VALUE}" + if [[ -z "${fileName}" ]]; then + return + fi + bannerSubSection "Processing Migration of $fileName" + retrieveYamlValue "migration.xmlFiles.serverXml.filePath" "filePath" "Warning" + filePath="${YAML_VALUE}" + if [[ -z "${filePath}" ]]; then + return + fi + # prepend NEW_DATA_DIR only if filePath is relative path + sourceFilePath=$(prependDir "${filePath}" "${NEW_DATA_DIR}/${filePath}") + if [[ "$(checkFileExists "${sourceFilePath}/${fileName}")" == "true" ]]; then + logger "File [${fileName}] is found in path [${sourceFilePath}]" + local connectorCount=$(getXmlConnectorCount "${sourceFilePath}" "${fileName}") + if [[ "${connectorCount}" == "0" ]]; then + logger "No connectors found in the [${filePath}/${fileName}],skipping migration of xml configuration" + return + fi + local listenerCount=$(getTomcatServerListenersCount "${sourceFilePath}" "${fileName}") + xmlMigrateOperation "${sourceFilePath}" "${fileName}" "${connectorCount}" "${listenerCount}" + else + logger "File [${fileName}] is not found in path [${sourceFilePath}] to migrate" + fi +} + +compareArtifactoryUser () { + local property="$1" + local oldPropertyValue="$2" + local newPropertyValue="$3" + local yamlPath="$4" + local sourceFile="$5" + + if [[ "${oldPropertyValue}" != "${newPropertyValue}" ]]; then + setSystemValue "${yamlPath}" "${oldPropertyValue}" "${SYSTEM_YAML_PATH}" + logger "Setting [${yamlPath}] with value of the property [${property}] in system.yaml" + else + logger "No change in property [${property}] value in [${sourceFile}] to migrate" + fi +} + +migrateReplicator () { + local property="$1" + local oldPropertyValue="$2" + local yamlPath="$3" + + setSystemValue "${yamlPath}" "${oldPropertyValue}" "${SYSTEM_YAML_PATH}" + logger "Setting [${yamlPath}] with value of the property [${property}] in system.yaml" +} + +compareJavaOptions () { + local property="$1" + local oldPropertyValue="$2" + local newPropertyValue="$3" + local yamlPath="$4" + local sourceFile="$5" + local oldJavaOption= + local newJavaOption= + local extraJavaOption= + local check=false + local success=true + local status=true + + oldJavaOption=$(echo "${oldPropertyValue}" | awk 'BEGIN{FS=OFS="\""}{for(i=2;i?{ZA$HxqETC|*rM91T19KmqNu$$X|1YRlo%n3 zS`n+nc3z*~_xy3L^Y8id#FfkCeV+S%@Acg4xkVZ1J*K8)r38UM)S4Qqh9D5w3xgb8WhxZ$y7!lHJ>wj;~wuKHH9WHeEq3jp9ZuE;pLqRwC$gNJ!(mo7B+{+cd}K+&8Pi!_0FjO5@8*ZzD}2r^##exEvognS+-{g{^6tp z?)N?|i<14ZoBG#7@~T5-j~XwSWPM+(3%fg{vsbgSZ!4kOZ9uu&gXi#;nuC`CiY{Sw zV%j!!B^&4HNe(ZP6RMff`7Jr6{@hs0t$fM^OOyG@-73;sCR;V8KQWOo;(z`#;7uN0{C(}fj z5@n%ouSwo25b(_DLVkPxNgzV7HK<<9ra*J8%b2H2?j*W-SA4d-@b|EozhM3J*N`8F zvthBl;e6p4nBymM**1$N){S1%@1+h=syyr@LJ8L_ENqes3Pk((nf;{e&%eUEIZczi zon7kPeF;>CV|2s$T|HjBz;1^>_h3;DI*uid;cNp#N0Qi^b?uMtu#!|D&bSesUd0A2 zN{2{Q2fM3X-Jkcy+AYdfVo{bzHGVT)(mSa7xXT|HQ4WERCViYA-sxNeUajfA`>7|b znNg7W@L^0+35VsKqyacqE^{9_rksZ`!VyLNsCa^+ODjnJ7-&Ji^fZRR+Qyp75u{V2 z&5j12eP5i#%3Sk1a0((z(9|N*cA(qfC$K;3oegg^ntf?qvvM0tmVH8i9>~89)S6+j zaY(#ErYd(rRU5NR4cjKsBlW88`b63V53^=Wbu5PTbOtX-m+D{S8-#D63i0bx=!T2lZ;~EkuE`n^ zhA28GWj_#TN!w zF@{uiw}r|Q<;}Rt1`b;zMDX*2gbnpbu7cqd8MnU|mbO!+GSq6U?*Q|TSi{*SBbku# zVC{ZAF=i4IBl#VF>MBP6YyRC?zu{#s$BMrG-Z=T$nXo?oQvX}Ibi{MnxZOcb zp)Tr}T}o+blPrnnl&xvJtt=gU@Y7UDvf5+78*Ovgo`Sr842uwqVQ7p}ih*_Y=TRlj zAZ2dDd_b@u#siV8w2{??>ZJti?drZ-s%*v4BO9z9q7#A(l?HZFFQ&_tphkV%ckz7ue_fp9I zvvBT2imY?!DVU3NzH50lH1E+?!h8}c79V>5s2mnAUsmeMh4DWqjTERRJ9f<~tZ3uw zcfB)>!K@PXy%LsM;&HCE8b=1>Ug8U=u}mi8|Mt6j_Ux<4?u_AXR;hAt@cVMPM1_F; z8Aj=X6hy~lcZhe8@>A)@l!(xX>gx0_`GV0aEkk;`AA1V3t^PP=6iEyAdn>@Tsr3pQ zv@h75U0Ux(Q0@pKF6&muEFCW4iff^>EiG^mbE>6sEwEoT#M48&1acXBXTLl^$osZ##d`E6CGQha8#$QZp`Oe0h9+a_0Lzxrc<3G4)xYNd;Y-GDfWl^8q5tBLe&sKReV;NS;-bvmh z?rRCPTH}a?R-tE3qsuA!*%5kDOKvDSXO{+6-}XuRxJ#FwbIVf7Lbodc>Hq@VD9G;& z()T{S)f-u|g_(Gvj%@ul;IyH{$x%NGAJkC)$uV@_^1v?BYem9kAYNB|p#8g0fS^I{ zp}O6jir+J9JH~{Kskf9X2UiG%t`O$t&q?;h#Dlhr8hDlOlz^rnonEVZyUu~9zoCVi zjRw%6N>&)@nK@Ug5AUE8Jdfn51}t}OUt~ksck3|Y4cPambR>#%_~0Z zm3J!hyiYUt2fxr$HX^Vd0--b!o&IBZJ4YJ_>UxiA{T7#B4X;y2QXxmK`5ZX2ktLu2 zLckVdrl~mtD~gazwWUGl7$O9S32UYG{SHJs=s@n0*va-+LT#NdCz@@@pUG1yww9!i zd6+PFKKIRTAs^r-@i`Ev!iDZJ*=ECXq-$$m#MoBd^Q1lMadKud`woe)rZmZ8KR!-! z-KO`G|KWA0haH-jd~yHP`!2%nzZ^2E!bp2sb)M2IO3cPgGjo;`^|xiKns2}>CKu1T zF`_!c?Jt`QCewU<$2#oHhv)RAS2>tHhz{RF@50#6zE7Obs~u;O#qjQ3Eo3-+6Eh6=};!U2!uJ`%#i#MyF$_-tb=7v-(;-CXij`(+0CdR{nKqTGQA;WE+hvbzYVmx3dTK4WIqgJHBF}~!dl@H}C zSYW{kC~=;4{MdI9B@F8CAnXnwVpncN){qeN1D@j+$Wo}|x;sR<%|8HHS3-Y9yVZ}C z#ATr_MIs!F6Eg$sQ`cjK`slZm)6mxsv^m>$=7;u&XEs}`#!f6HXX7n?yx;v%#ZbGX z;pK7|I3C&v4gCcPY<=p$)DwItnny)?bR)xLY-pRJmJo^Cv>S@*d`(b`#$2fObA< z)dzn2iLaR)(eaA@*~1cmgTfD|P!AK{zKrg=-Orkm~Ko9}b0&UvrB- z3@WK=O*@C8Ysgm~hYw)JYp2{SLkhneH(X=Tws-e?p8h3_=qzz2E#bgH8Ig$Yn;F0a zb$4)aCw+ofsrnh7GQ4T4zsn_2s}DBXv0Lxt6%)HG#x|&*x)MTz&U2(cj7#d%a~4n*N;-`IFKLEfjkgN!@r4LJD+mDz-4rekj( zlEhc&G<9j!71MCuH|1Au(3GfT@dU?JS`gYFmsZxdVRizFh_53s5@JJWRqsN8h_m`@ zeqlU)WSXpa+ZL}c7u;sC@>nLjxrX(WQ)9{ew>4{@Ak$-VbM2(I_At#7H1PPHl-w2E zv(e}9ZQ_}Yr(PU8>l39)R?`^MC`_kRMfmskTIpYuh%SYyTJ)YR5zHeG5xd{6%l<=Y{uz}Yo)P;Y#h8@53cIO<2FMBa2IN< zX#j&cqrW=qc)u-B{+lRSPVJI0T2&%@A2Mr45KZcXnQl+|l$}r`E;~_X*6&%Zv(dBq zXDegDSHPdHfIpb*_q_@M757;reU(q~|Ctg=+0JH95J?)@+1vZ_)%1d7wMf|_GSLm5 z3H4T2?0q)Do%9L-tQBhe>Y^^<7^a&w&+5bM^)-h@;BeBry2fGf=b!iY@#}m@248`I zV*71NtBtP&mZ<-M)h&Bhg7u0NmAD9?RT_q$h;F>)-Og`z>+XF@By%?Lfuxl~=I+yf zIzA5z+zem@r0KZEe}Hp@hY?LInSJm@@d?aIMt z9!iJr>7}B1_pSj}CO_ytyKm4nPpwm;(kwWKYs<6K^tkr(b!+u%`mc%eh429YWjc$; zY`a@!zCA&BOapKo$hZqTZM%L;r2U2go(6IG-N1A^zxp&8$13m-x_-nIzA%|Lw~KFk zwrC8US+sT_BN4iR{HXG6o@5zpI2CdNPL4!&w%3+p>6 z`n7qjg+9oJ6mt1?8HZHp`;F{>>!qbBdQ{)1f$a9#7pLX0kOs&Qp161M{ zzq66q{kQEDvQnNUvH0Mn4NI9xduYs$S`0-n3pod#Kr&xn_mup+*t%fx9!%3H16sRf zCJDSEwCBt;+iM-YV7*-(l>8Sc`ih)>R?ao^c$Tz%V{uAk=W2CKK;Nt?a1w6*iUv2Z zzY-m6pTdl=ZQ!keB_|t|p810hp;S$Ro+S~~K|^DLEr2?7b&0goO%l-q;f*)^4xQOo zzw2i7Rz_ng-vu1V&4rQ25DO(il7lQScF^bVy9djpIU+#`hihkH@mZ1Q8m+C``-TA14)|81jCN-VGdR^zKz57*U8`+E zQFBqe>_yIN>z!=LTA3kC5F+adzpgewPLes3=Todedy{p2&8D-kYsy=3D;(nMg-foI zXGzjfqLCdzkS-cfSC*+wLmjn0M^z9?qV$_6EB`-5767v&8&0Hrf1;D5jLHlyu+tFd zRn6%b^j-=mNS)-yi&pf(dX!f1TfTwz1cANG!HT=MXQQMIXbujrurA=R)8m@!A%O8z z-}Sx38{~Ny;cV2h2Vi-Kte`-O9esaay%UB60haehEQ>-+><=*RO1zJ2}gty zD=<_IK1p8Ii^h~{v;%q{e<8|LWak5sge2d4<`;5>wM^@ISq%MNke}#|+Lmd3;}zO$ z0BwL-P0{bTUW(@#UHW9LfhxnK?{tb^HkQYQrR27@&i*NQ{xiHfh@pfJV4rhX6GcQM zXhmzq(W;w}_40g=0Y9vT{epaMv$#meqIcq_G#k6gX!B%{x0glPGMA2FXAE#|Aprce z6GJvARBMYj_WI1VWWVIrq8@kS0vmvUduDOXsC%zZvpbmxrFMjSdxqD9w@Y8qLJ*`v zMjBaAJA#0r=oQ|*2bSc6RAztP`ndjUK!?0YO_uC6}4S;7R+NclF4 z634K%mw~jU$x>8cY}HRlaW)=7`Rx#WcbgtfHZ#QGwugHF?m2H(@$AcK_XIFklAHY@ zsw{v2IHrxA?sI_g6h6o7RaJ5(SvLUqK;Y!zYL`8+ACyfInFE@x_Bd%ZzuyLk<0qNM z%De_q$CHUu_K%z>Da{fC+}UYxOly0VbL$*JhwHn!4iU#IsK3gl3zF4XvhrvtViKYL zy0{K}+Fy3gkL>WR zDyTse349IB-md_lD>D+cOgE6vzB92ni~s{(9YAQlRgEateY|SVezW!Qf7oij=(suE z#}T8zpPIbK|7sQ23vmDPPp=@Ypf>xn6K9wbH%a=Tiy5O-PiS|BREaI;W^bg|O>;u;4eS>Tl$0*n7H@O_DX$5JdtNfF>OH-VNw@ z&Ut-9xDW{H{(uw_c+y8uN+nqEU{N>z3C~U7g#|pCHl%|zFWn+rF|L+Zw9nQ>Jx2Zx z7f~uLd~;kKbdy32cw_%g04hdo>aU){M9a;DUhyCqHZuI(!B8_{cth9~)Du) z9CsgPyTqio&khhxwtPL3!A=Fkhyc`F3w%ref^JVDWRF4wQ_72b-3@r^!YdRJgdp;p zRmhZ{|521l-x>7uRjp(0K&4D=JwQMSQy@N-uK z0{WZEJ05NxF4D<}W(5qWMO?tF3VHucfo`Ot_T8&>Ssgw!+iQjUCgskwfDgeh$?5}D z)J;jhXv}8~a^TE7fa?@8)_`}YH>DMupnmb(2Z@38?*odNNM`u0$R2r8s9bgkL`zwU{_kt#qO?iUeU1+jJChByj}fr2jZV~+y_*68;EYC)BIJ! zqxCBPZSV^4A`K#KIb*)Qamy*87_emTxe)p5%awK!nB(`K8RpAN2RPlCmbUd?b1>`Nf$eopTuQ7)S2g=7J)DUku;Y)r zP`x^}Wfr++@sg@l8BJEPXhe z2)4vAsy)(1U6cO^BZ`i^qUSw8PojN1y*s3}=_|3i|* z9!5<5&o7aK=8H-W@BWO%m%-a}Y_Dg(KIM!9qyj|XM9tqDYx$_R$|(zczF`4?XL%(_ zL-Hs~

sCPb@d4#iMxTw1P!CIbM}-ztF`V#Th=K!tjm{;>cl*pcKEIR!oQjpu;>s zhj)RNF2|Y3_cl#5rC*!*XCyC+VJDEDf>cKZzKZm-nk`%nP z$sb!*L1bht!RcS-6b<-YlAiqMn1w1y$`X`Qa%Lx!*%`0cp{s?2LjZT;mY8~oO1ugw zgI_HUUSfX%qz}X_0UDu;IsS%vrEJ=n;n`;%^C>L8fVbi$9K`0QRlLa- zx@v&%NKIl?Wql0@f70NY+VARF@Uv%@` zf05e>>_@f(MELC}-mIw_Z|<-0PIgh0Q@dY<59kVF)_e1cq^6gV?8GUiJF^7g7E`H)~GXO-rm8ok=wCA z-U(e}dL{LyZle^*2eDRktn&Xmc#jMa_;O)7riHKw(*`H|bN6^K3;cUCb7Wd@Wn4yR z#Y9CUnY=U^cC@>U56FW=v$E8ihSZ3-q#bnu9yfrvnf|@bNt0xW5+?POLUI$&PZ*5C zl>Qjr;74pzx6!s2~;RZ}Ej^}&Tm-a|2eH^(qS8L+L*Y|B(A>(z8C($g|lRD2(&bV0ezKnettBuV(U90JTnE(Fq6ZG^(Q3mnB z!#WB&uRG_fCs26fMp`Vzg5`4{;@ww2Wzg^vt|a!TTL8!`HIDZ+`MZMuHSt7e>KRs zx$zo?_>7XgnQtT<=IEPzpq?j{&0F{ah;?jxT#94#m+V*>kkV^TFQG<|&M5BF)ZLCZrheNuS}hZbgx5v! zPCQ)1-$QL%Y;jI2)mJqk;81j(az`z7q3t*QfnxNLc658FrmcQ)W1Xs>*6^0Fau8Mm zA@?ydh_u)Ke}!9l!OwQt6k-ucObo4AoC;9SjXl9DQr6anr-f@D1d?#X-ubUEomAF$ zl0Om+CxfH}s)4tyCrmS0uS(hIpw^;@b~agY&k{1s@$qO)#|OT<@1%eP*~yuqkuAIw zoZ>_@pDqJ5eJZ6Yt>XM7=QYtIA!J;|Pn+-hb^e$27+IR*FmJuZcMPzGqP5)@Uu&)A zMEyp_f|LI-9Nw>u2YZ84ES83kO9KNR+YyB5GOqdqTlg+zrRyiYdtmtXIzN*ourQQg zJAp~o_TmERQCaNIv+AH7Yqs9Ql+`ae=o16y=VHW6SA=;I7oWR_I*2m#51K!pOh*@j`8tT zBP4+%crJ`A^!76Zg6zk$%ufTnj#*yMZ*#SJ^k)wn-mc~eAluQq_3v)u5~}b{j4jhu zj|Wg}P1nx)%9BA+(v96zdl^YZg~I!$@zW$u5+y4w;-^6{b&j9s^W*>Ir+mwcfd*4S z0?@Wp=u$Ra_d{HARyEVC&`2CPJZ`pZZ5wzEh$~(%CXASIB5%%bu9IYr%f| zW+oIXn@MYBS(F$AT20;U1*FE*8kVLoqYZ6_9%{@#gL4tVCrfbDaal?e?RJ*`cjwO= z@Mf5((=gCMAh86~k&vdB`YHp-x$93V3yY0G-oKR)MZF_$(wqj)Gqwop_QpQEZ9&4i ziq&#JVJET3?X!6^eR&Yhdp`Z<;pw-$Jc4MVX4(GF&&~BW#ZPZ~!m@sTLG}FJKo?e@ zGCBDGwlQL#YcQV~c;btlluL&Gj1grQ^XOEoK27PZEA}V}h_1Ik48Z=7OYR_9b?L%H z%v4)1lUy~Mub0kITs(kTb3}7G^4NNa`sVm~9y<&<^mF-^n`JL21xKcZkjOT~6;8xU%8wdR8-ko=*;fr5YgD>q81YU?UF&4FgVI8l#l|`wB3E) zY_+$I+T{LdyS-yw`BX_}!pMf>)JB7uqeu>Dc6IGQmK{7x6vWAy&X*4 zNmr(;JzW-jyC?VSAhHejfW4yy9!Xw zVWiQ88TJdb3H@5}S>*E!YVcAwDLre^|R_=5_o%xG-I5 zJjUZm21o3T3QiwF80&(fmp1P7wnW;xfq8g}jDsV(5fqB(f;bPzX=y3rl*y=oGpMDjb@RD^4ytoVlrU@p@nE@4%@ zs~6L+X7`VI#AO*?M2W>ZnWb^x|H-z%25L<^;q4muN0x9Ssu~Sf$X~8p~ zZB}VA{!=D0T2S47fj*&M&!tNBt}-z9Gb?n=hZQY>c0}h<&iyF~Q`8-|r6qi9?CB8Q zJCi$UbxfaKXI=$8re96CgFYb6Gak@lvs++F5CTX_yTwt6Z%#%#B9-`tbtcCr zo4vzX7FgFd+650o5-!?u7*1*Y;IDq=Ax_ZyK(;01k*lEl-samx~JdR5?x2kd)D zz|jU1`P09&xP`Jeojs+Nyz(K?uCH}-oW>bpw6#9!6< z&HsKCV)^!iolU8gE)}&QpZ7XIpD6((HvoNX7ffNMe)hqb1n*7Q*Emnq5()7!Htn3h zUYaz_098-Nuc9-CaP6pX-Iq9Dtbm4+!l-cz^bktd{~4{c%$@ez9Ir@PD+Ev4ojx*)^P4*=5u0Bb z!o2*=H6OZMUC8|f7p3pgz`?%(SOY%*|ex#JHQd{MJxA67~-h<-;4Ml;G9+ZtB>XoanmQc$`V z;IS6C+Kz%f+5XdzJU7v3??+P~lE9h9aF&gz><%ld_wMQbG*|(wfc2y=u}%51UYq+s|?bjX3dEUD~^tgv}gjk~lS~EkbKn@Ia(Gt<7O)p{fn`?i;=!gG)t@RBS z!knz7$J*0&p7t_9PrZ)f^=s0`9qaVc#w0L8S?+MjmlGmzF=_Z9~C?ByYI8q~iORbkkWwiAf3H`Btx{hPq8qmXJewl)`B=5xfkvk&-5-zzDJUZoN| zetSJd=#Nmiutv;O#JQ+5*<+WG$>k(4f@n43(lxhqy8{iOORxrRSrdu2LbUhI@VVWI zh-YmSve$p~aHh27Qr27JMfI|%=(V?5*2aj2xXpozBk^{0=w!A_+HXIhsCI}fMD}%m z7`qOmakvuFHbHIy(&}5Bn}t@Z0U{PpgxpEc9+oe>y%&4H|KdJnk>B;hk(ZZhyeof= zF(ETTPkADMszkz7v)M6yk&LZva&TVDE!ITvWV*8P3DyQ70=_i9f6!{`=b|K-AT%CX zra}J#7*)L`vp{F_e1{SHqOM)#1&sp99L+`2O_4kGeQ)2-cs(p&xjG98aTlE41SnlT zs3B(NkS1{7)9!(%OciC5K)K23ICVz0#qnRZV5Ukz?xd?B!K4kq=eb95kaS$H9S=7` zny+~;7J9-YhwEufU)frh%xs$+{Bw^5Mr@;0xC*#+D?-%7t0xY{m&9N!=yenrMw&hy zsAvq6+_^RUspOP_!cQiZ|H$DJ>0V z8=dd(f4I}6Cj=5 zP1I*_?dAvN%Q?&zp>HOQqkiN7_a5A$FLnusjSlm-gHoq2P!CZQ@Ix)2e_) zyDet7p7W@@E0(koM37UEMgIokE$Dy4$yvbhxX+ui?D)m0CDPoBxObP7&tP`c=dKt> zDrsFe=jJ{$88F6OQeN1?bOw*i2$%QF*1|~BG6g-hqkXD+mkYQCpXQC$f+ow*2@S;- z{Wcd~rj=gujEO)og1nI!MDUinF!J~QjV0zP3Ut+y3v{QT3nCllIo8_ScV<&N*E=~` zCzow9ZrsBV_>Ygf6)+#wR}c37^z?JqS~{*K%~{FJvIToc&UWoWug%g2%T!^Cq43P! zu#sS0qM2fnYK40H&}$kwyZ5z(6=DrC-UObwBwdPY9Lsf0E|x(iu^lbW>q+sZu1j3W zpT^LH$Er2J^^WRiGjyv|&dBslA({IxGyaS^t5c0`jM{yGj6^^=DnRUg;&WN=(@bCX zinDn;vIk!yBz%>WkV|)MUHmPlY_9tMe^gZq63lT#??66>1R?O39?r;jI)UrTrXCLt zZ>jD9mlQQ!B&dh{|Du0XusjSa(}Vz*r0UO<>4L6vORTTQOF5CByt&KG%`Nc_@C3l; zF5o!dy?ghA7#O0tapOiB3~> /etc/hosts" + +3. Launch jconsole: +jconsole {{ template "artifactory.fullname" . }}:{{ .Values.artifactory.javaOpts.jmx.port }} +{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/_helpers.tpl b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/_helpers.tpl new file mode 100644 index 000000000..d683ca231 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/_helpers.tpl @@ -0,0 +1,85 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "artifactory.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Expand the name nginx service. +*/}} +{{- define "artifactory.nginx.name" -}} +{{- default .Chart.Name .Values.nginx.name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "artifactory.fullname" -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified replicator app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "artifactory.replicator.fullname" -}} +{{- if .Values.artifactory.replicator.ingress.name -}} +{{- .Values.artifactory.replicator.ingress.name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-replication" .Chart.Name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} + +{{/* +Create a default fully qualified nginx name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "artifactory.nginx.fullname" -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- printf "%s-%s-%s" .Release.Name $name .Values.nginx.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "artifactory.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} +{{ default (include "artifactory.fullname" .) .Values.serviceAccount.name }} +{{- else -}} +{{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "artifactory.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Generate SSL certificates +*/}} +{{- define "artifactory.gen-certs" -}} +{{- $altNames := list ( printf "%s.%s" (include "artifactory.name" .) .Release.Namespace ) ( printf "%s.%s.svc" (include "artifactory.name" .) .Release.Namespace ) -}} +{{- $ca := genCA "artifactory-ca" 365 -}} +{{- $cert := genSignedCert ( include "artifactory.name" . ) nil $altNames 365 $ca -}} +tls.crt: {{ $cert.Cert | b64enc }} +tls.key: {{ $cert.Key | b64enc }} +{{- end -}} + +{{/* +Scheme (http/https) based on Access TLS enabled/disabled +*/}} +{{- define "artifactory.scheme" -}} +{{- if .Values.access.accessConfig.security.tls -}} +{{- printf "%s" "https" -}} +{{- else -}} +{{- printf "%s" "http" -}} +{{- end -}} +{{- end -}} diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/admin-bootstrap-creds.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/admin-bootstrap-creds.yaml new file mode 100644 index 000000000..c8bf2eb16 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/admin-bootstrap-creds.yaml @@ -0,0 +1,15 @@ +{{- if not (and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey) }} +{{- if .Values.artifactory.admin.password }} +kind: Secret +apiVersion: v1 +metadata: + name: {{ template "artifactory.fullname" . }}-bootstrap-creds + labels: + app: {{ template "artifactory.name" . }} + chart: {{ template "artifactory.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +data: + bootstrap.creds: {{ (printf "%s@%s=%s" .Values.artifactory.admin.username .Values.artifactory.admin.ip .Values.artifactory.admin.password) | b64enc }} +{{- end }} +{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-access-config.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-access-config.yaml new file mode 100644 index 000000000..700e65608 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-access-config.yaml @@ -0,0 +1,15 @@ +{{- if .Values.access.accessConfig }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "artifactory.fullname" . }}-access-config + labels: + app: {{ template "artifactory.name" . }} + chart: {{ template "artifactory.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +type: Opaque +stringData: + access.config.import.yml: | +{{ tpl (toYaml .Values.access.accessConfig) . | indent 4 }} +{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-binarystore-secret.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-binarystore-secret.yaml new file mode 100644 index 000000000..bbfbdf3be --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-binarystore-secret.yaml @@ -0,0 +1,14 @@ +{{- if not .Values.artifactory.persistence.customBinarystoreXmlSecret }} +kind: Secret +apiVersion: v1 +metadata: + name: {{ template "artifactory.fullname" . }}-binarystore + labels: + app: {{ template "artifactory.name" . }} + chart: {{ template "artifactory.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +stringData: + binarystore.xml: |- +{{ tpl .Values.artifactory.persistence.binarystoreXml . | indent 4 }} +{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-configmaps.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-configmaps.yaml new file mode 100644 index 000000000..359fa07d2 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-configmaps.yaml @@ -0,0 +1,13 @@ +{{ if .Values.artifactory.configMaps }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "artifactory.fullname" . }}-configmaps + labels: + app: {{ template "artifactory.fullname" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +data: +{{ tpl .Values.artifactory.configMaps . | indent 2 }} +{{ end -}} \ No newline at end of file diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-custom-secrets.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-custom-secrets.yaml new file mode 100644 index 000000000..ab2e8324c --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-custom-secrets.yaml @@ -0,0 +1,19 @@ +{{- if .Values.artifactory.customSecrets }} +{{- range .Values.artifactory.customSecrets }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ .name }} + labels: + app: "{{ template "artifactory.name" $ }}" + chart: "{{ template "artifactory.chart" $ }}" + component: "{{ $.Values.artifactory.name }}" + heritage: {{ $.Release.Service | quote }} + release: {{ $.Release.Name | quote }} +type: Opaque +stringData: + {{ .key }}: | +{{ .data | indent 4 -}} +{{- end -}} +{{- end -}} diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-database-secrets.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-database-secrets.yaml new file mode 100644 index 000000000..9edf87dc1 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-database-secrets.yaml @@ -0,0 +1,22 @@ +{{- if and (not .Values.database.secrets) (not .Values.postgresql.enabled) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "artifactory.fullname" . }}-database-creds + labels: + app: {{ template "artifactory.name" . }} + chart: {{ template "artifactory.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +type: Opaque +data: + {{- with .Values.database.url }} + db-url: {{ tpl . $ | b64enc | quote }} + {{- end }} + {{- with .Values.database.user }} + db-user: {{ tpl . $ | b64enc | quote }} + {{- end }} + {{- with .Values.database.password }} + db-password: {{ tpl . $ | b64enc | quote }} + {{- end }} +{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-installer-info.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-installer-info.yaml new file mode 100644 index 000000000..f2e2c0f5b --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-installer-info.yaml @@ -0,0 +1,12 @@ +kind: ConfigMap +apiVersion: v1 +metadata: + name: {{ template "artifactory.fullname" . }}-installer-info + labels: + app: {{ template "artifactory.name" . }} + chart: {{ template "artifactory.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +data: + installer-info.json: | + {{ tpl .Values.installerInfo . }} diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-license-secret.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-license-secret.yaml new file mode 100644 index 000000000..d37ed1e4b --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-license-secret.yaml @@ -0,0 +1,14 @@ +{{- with .Values.artifactory.license.licenseKey }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "artifactory.fullname" $ }}-license + labels: + app: {{ template "artifactory.name" $ }} + chart: {{ template "artifactory.chart" $ }} + heritage: {{ $.Release.Service }} + release: {{ $.Release.Name }} +type: Opaque +data: + artifactory.lic: {{ . | b64enc | quote }} +{{- end }} \ No newline at end of file diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-migration-scripts.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-migration-scripts.yaml new file mode 100644 index 000000000..edca83ed3 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-migration-scripts.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "artifactory.fullname" . }}-migration-scripts + labels: + app: {{ template "artifactory.name" . }} + chart: {{ template "artifactory.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +data: + migrate.sh: | +{{ .Files.Get "files/migrate.sh" | indent 4 }} + migrationHelmInfo.yaml: | +{{ .Files.Get "files/migrationHelmInfo.yaml" | indent 4 }} + migrationStatus.sh: | +{{ .Files.Get "files/migrationStatus.sh" | indent 4 }} \ No newline at end of file diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-networkpolicy.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-networkpolicy.yaml new file mode 100644 index 000000000..da6fd178a --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-networkpolicy.yaml @@ -0,0 +1,34 @@ +{{- range .Values.networkpolicy }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ template "artifactory.fullname" $ }}-{{ .name }}-networkpolicy + labels: + app: {{ template "artifactory.name" $ }} + chart: {{ template "artifactory.chart" $ }} + release: {{ $.Release.Name }} + heritage: {{ $.Release.Service }} +spec: +{{- if .podSelector }} + podSelector: +{{ .podSelector | toYaml | trimSuffix "\n" | indent 4 -}} +{{ else }} + podSelector: {} +{{- end }} + policyTypes: + {{- if .ingress }} + - Ingress + {{- end }} + {{- if .egress }} + - Egress + {{- end }} +{{- if .ingress }} + ingress: +{{ .ingress | toYaml | trimSuffix "\n" | indent 2 -}} +{{- end }} +{{- if .egress }} + egress: +{{ .egress | toYaml | trimSuffix "\n" | indent 2 -}} +{{- end }} +--- +{{- end -}} \ No newline at end of file diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-priority-class.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-priority-class.yaml new file mode 100644 index 000000000..9eb94b35b --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-priority-class.yaml @@ -0,0 +1,9 @@ +{{- if .Values.artifactory.priorityClass.create }} +apiVersion: scheduling.k8s.io/v1 +kind: PriorityClass +metadata: + name: {{ default (include "artifactory.fullname" .) .Values.artifactory.priorityClass.name }} +value: {{ .Values.artifactory.priorityClass.value }} +globalDefault: false +description: "Artifactory priority class" +{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-role.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-role.yaml new file mode 100644 index 000000000..db01f235f --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-role.yaml @@ -0,0 +1,14 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: {{ template "artifactory.name" . }} + chart: {{ template "artifactory.chart" . }} + component: {{ .Values.artifactory.name }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + name: {{ template "artifactory.fullname" . }} +rules: +{{ toYaml .Values.rbac.role.rules }} +{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-rolebinding.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-rolebinding.yaml new file mode 100644 index 000000000..dfb42258f --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-rolebinding.yaml @@ -0,0 +1,19 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: {{ template "artifactory.name" . }} + chart: {{ template "artifactory.chart" . }} + component: {{ .Values.artifactory.name }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + name: {{ template "artifactory.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ template "artifactory.serviceAccountName" . }} +roleRef: + kind: Role + apiGroup: rbac.authorization.k8s.io + name: {{ template "artifactory.fullname" . }} +{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-secrets.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-secrets.yaml new file mode 100644 index 000000000..a1d772429 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-secrets.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "artifactory.fullname" . }} + labels: + app: {{ template "artifactory.name" . }} + chart: {{ template "artifactory.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +type: Opaque +data: + {{- if and .Values.artifactory.masterKey (not .Values.artifactory.masterKeySecretName) }} + master-key: {{ .Values.artifactory.masterKey | b64enc | quote }} + {{- end }} + {{- if and .Values.artifactory.joinKey (not .Values.artifactory.joinKeySecretName) }} + join-key: {{ .Values.artifactory.joinKey | b64enc | quote }} + {{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-service.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-service.yaml new file mode 100644 index 000000000..f1f2be4a9 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-service.yaml @@ -0,0 +1,50 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "artifactory.fullname" . }} + labels: + app: {{ template "artifactory.name" . }} + chart: {{ template "artifactory.chart" . }} + component: {{ .Values.artifactory.name }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + {{- with .Values.artifactory.labels }} +{{ toYaml . | indent 4 }} + {{- end }} +{{- if .Values.artifactory.service.annotations }} + annotations: +{{ toYaml .Values.artifactory.service.annotations | indent 4 }} +{{- end }} +spec: + type: {{ .Values.artifactory.service.type }} +{{- if .Values.artifactory.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: +{{ toYaml .Values.artifactory.service.loadBalancerSourceRanges | indent 4 }} +{{- end }} + ports: + - port: {{ .Values.artifactory.externalPort }} + targetPort: {{ .Values.artifactory.internalPort }} + protocol: TCP + name: router + - port: {{ .Values.artifactory.externalArtifactoryPort }} + targetPort: {{ .Values.artifactory.internalArtifactoryPort }} + protocol: TCP + name: artifactory + {{- if .Values.artifactory.ssh.enabled }} + - port: {{ .Values.artifactory.ssh.externalPort }} + targetPort: {{ .Values.artifactory.ssh.internalPort }} + protocol: TCP + name: ssh + {{- end }} + {{- with .Values.artifactory.javaOpts.jmx }} + {{- if .enabled }} + - port: {{ .port }} + targetPort: {{ .port }} + protocol: TCP + name: jmx + {{- end }} + {{- end }} + selector: + app: {{ template "artifactory.name" . }} + component: "{{ .Values.artifactory.name }}" + release: {{ .Release.Name }} diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-serviceaccount.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-serviceaccount.yaml new file mode 100644 index 000000000..4e9c5fbb5 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-serviceaccount.yaml @@ -0,0 +1,16 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: +{{- with .Values.serviceAccount.annotations }} + annotations: +{{ tpl (toYaml .) $ | indent 4 }} +{{- end }} + labels: + app: {{ template "artifactory.name" . }} + chart: {{ template "artifactory.chart" . }} + component: {{ .Values.artifactory.name }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + name: {{ template "artifactory.serviceAccountName" . }} +{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-statefulset.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-statefulset.yaml new file mode 100644 index 000000000..3680caf0e --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-statefulset.yaml @@ -0,0 +1,695 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ template "artifactory.fullname" . }} + labels: + app: {{ template "artifactory.name" . }} + chart: {{ template "artifactory.chart" . }} + component: {{ .Values.artifactory.name }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +{{- with .Values.artifactory.labels }} +{{ toYaml . | indent 4 }} +{{- end }} +{{- if and .Release.IsUpgrade .Values.postgresql.enabled }} + databaseUpgradeReady: {{ required "\n\n*********\nIMPORTANT: UPGRADE STOPPED to prevent data loss!\nReview CHANGELOG.md (https://github.com/jfrog/charts/blob/master/stable/artifactory/CHANGELOG.md), pass postgresql.image.tag=9.6.18-debian-10-r7 and databaseUpgradeReady=true if you are upgrading from chart version which has postgresql version 9.6.x." .Values.databaseUpgradeReady | quote }} +{{- end }} +spec: + serviceName: {{ template "artifactory.name" . }} + replicas: 1 + updateStrategy: + type: RollingUpdate + selector: + matchLabels: + app: {{ template "artifactory.name" . }} + role: {{ template "artifactory.name" . }} + release: {{ .Release.Name }} + template: + metadata: + labels: + app: {{ template "artifactory.name" . }} + chart: {{ template "artifactory.chart" . }} + heritage: {{ .Release.Service }} + role: {{ template "artifactory.name" . }} + component: {{ .Values.artifactory.name }} + release: {{ .Release.Name }} + {{- with .Values.artifactory.labels }} +{{ toYaml . | indent 8 }} + {{- end }} + annotations: + checksum/binarystore: {{ include (print $.Template.BasePath "/artifactory-binarystore-secret.yaml") . | sha256sum }} + checksum/systemyaml: {{ include (print $.Template.BasePath "/artifactory-system-yaml.yaml") . | sha256sum }} + {{- if .Values.access.accessConfig }} + checksum/access-config: {{ include (print $.Template.BasePath "/artifactory-access-config.yaml") . | sha256sum }} + {{- end }} + {{- if not (and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey) }} + checksum/admin-creds: {{ include (print $.Template.BasePath "/admin-bootstrap-creds.yaml") . | sha256sum }} + {{- end }} + {{- range $key, $value := .Values.artifactory.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + spec: + {{- if .Values.artifactory.priorityClass.existingPriorityClass }} + priorityClassName: {{ .Values.artifactory.priorityClass.existingPriorityClass }} + {{- else -}} + {{- if .Values.artifactory.priorityClass.create }} + priorityClassName: {{ default (include "artifactory.fullname" .) .Values.artifactory.priorityClass.name }} + {{- end }} + {{- end }} + serviceAccountName: {{ template "artifactory.serviceAccountName" . }} + terminationGracePeriodSeconds: {{ .Values.artifactory.terminationGracePeriodSeconds }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: + - name: {{ .Values.imagePullSecrets }} + {{- end }} + securityContext: + runAsUser: {{ .Values.artifactory.uid }} + fsGroup: {{ .Values.artifactory.uid }} + initContainers: + {{- if .Values.artifactory.persistence.enabled }} + {{- if .Values.artifactory.deleteDBPropertiesOnStartup }} + - name: "delete-db-properties" + image: "{{ .Values.initContainerImage }}" + imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} + command: + - 'sh' + - '-c' + - 'rm -fv {{ .Values.artifactory.persistence.mountPath }}/etc/db.properties' + volumeMounts: + - name: artifactory-volume + mountPath: "{{ .Values.artifactory.persistence.mountPath }}" + {{- end }} + - name: "remove-lost-found" + image: "{{ .Values.initContainerImage }}" + imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} + command: + - 'sh' + - '-c' + - 'rm -rfv {{ .Values.artifactory.persistence.mountPath }}/lost+found {{ .Values.artifactory.persistence.mountPath }}/data/.lock' + volumeMounts: + - name: artifactory-volume + mountPath: "{{ .Values.artifactory.persistence.mountPath }}" + {{- end }} + {{- if or (and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey) .Values.artifactory.admin.password }} + - name: "access-bootstrap-creds" + image: "{{ .Values.initContainerImage }}" + imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} + command: + - 'sh' + - '-c' + - > + echo "Preparing {{ .Values.artifactory.persistence.mountPath }}/etc/access/bootstrap.creds"; + mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/access; + cp -Lrf /tmp/access/bootstrap.creds {{ .Values.artifactory.persistence.mountPath }}/etc/access/bootstrap.creds; + chmod 600 {{ .Values.artifactory.persistence.mountPath }}/etc/access/bootstrap.creds; + volumeMounts: + - name: artifactory-volume + mountPath: "{{ .Values.artifactory.persistence.mountPath }}" + - name: access-bootstrap-creds + mountPath: "/tmp/access/bootstrap.creds" + {{- if and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey }} + subPath: {{ .Values.artifactory.admin.dataKey }} + {{- else }} + subPath: bootstrap.creds + {{- end }} + {{- end }} + - name: 'copy-system-yaml' + image: '{{ .Values.initContainerImage }}' + command: + - '/bin/sh' + - '-c' + - > + sleep 30; + echo "Copy system.yaml to {{ .Values.artifactory.persistence.mountPath }}/etc"; + mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc; + mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/access/keys/trusted; + cp -fv /tmp/etc/system.yaml {{ .Values.artifactory.persistence.mountPath }}/etc/system.yaml; + echo "Remove {{ .Values.artifactory.persistence.mountPath }}/lost+found folder if exists"; + rm -rfv {{ .Values.artifactory.persistence.mountPath }}/lost+found; + {{- if .Values.access.accessConfig }} + echo "Copy access.config.latest.yml to {{ .Values.artifactory.persistence.mountPath }}/etc"; + mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/access; + cp -fv /tmp/etc/access.config.import.yml {{ .Values.artifactory.persistence.mountPath }}/etc/access/access.config.import.yml; + {{- end }} + {{- if .Values.access.resetAccessCAKeys }} + echo "Resetting Access CA Keys"; + mkdir -p {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys; + touch {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys/reset_ca_keys; + {{- end }} + {{- if .Values.access.customCertificatesSecretName }} + echo "Copying custom certificates to {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys"; + mkdir -p {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys; + cp -fv /tmp/etc/tls.crt {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys/ca.crt; + cp -fv /tmp/etc/tls.key {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys/ca.private.key; + {{- end }} + {{- if or .Values.artifactory.joinKey .Values.artifactory.joinKeySecretName }} + echo "Copy joinKey to {{ .Values.artifactory.persistence.mountPath }}/bootstrap/access/etc/security"; + mkdir -p {{ .Values.artifactory.persistence.mountPath }}/bootstrap/access/etc/security; + echo -n ${ARTIFACTORY_JOIN_KEY} > {{ .Values.artifactory.persistence.mountPath }}/bootstrap/access/etc/security/join.key; + {{- end }} + {{- if or .Values.artifactory.masterKey .Values.artifactory.masterKeySecretName }} + echo "Copy masterKey to {{ .Values.artifactory.persistence.mountPath }}/etc/security"; + mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/security; + echo -n ${ARTIFACTORY_MASTER_KEY} > {{ .Values.artifactory.persistence.mountPath }}/etc/security/master.key; + {{- end }} + env: + {{- if or .Values.artifactory.joinKey .Values.artifactory.joinKeySecretName}} + - name: ARTIFACTORY_JOIN_KEY + valueFrom: + secretKeyRef: + name: "{{ .Values.artifactory.joinKeySecretName | default (include "artifactory.fullname" .) }}" + key: join-key + {{- end }} + {{- if or .Values.artifactory.masterKey .Values.artifactory.masterKeySecretName }} + - name: ARTIFACTORY_MASTER_KEY + valueFrom: + secretKeyRef: + name: "{{ .Values.artifactory.masterKeySecretName | default (include "artifactory.fullname" .) }}" + key: master-key + {{- end }} + volumeMounts: + - name: artifactory-volume + mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} + - name: systemyaml + mountPath: "/tmp/etc/system.yaml" + subPath: system.yaml + {{- if .Values.access.accessConfig }} + - name: access-config + mountPath: "/tmp/etc/access.config.import.yml" + subPath: access.config.import.yml + {{- end }} + {{- if .Values.access.customCertificatesSecretName }} + - name: access-certs + mountPath: "/tmp/etc/tls.crt" + subPath: tls.crt + - name: access-certs + mountPath: "/tmp/etc/tls.key" + subPath: tls.key + {{- end }} + {{- if .Values.artifactory.customPersistentPodVolumeClaim }} + - name: "prepare-custom-persistent-volume" + image: "{{ .Values.initContainerImage }}" + command: + - 'sh' + - '-c' + - > + echo "Setting ownership {{ .Values.artifactory.uid }}:{{ .Values.artifactory.uid }} on PVC {{ .Values.artifactory.customPersistentPodVolumeClaim.name }}" + chown -Rv {{ .Values.artifactory.uid }}:{{ .Values.artifactory.uid }} {{ .Values.artifactory.customPersistentPodVolumeClaim.mountPath }} + securityContext: + runAsUser: 0 + volumeMounts: + - name: {{ .Values.artifactory.customPersistentPodVolumeClaim.name }} + mountPath: {{ .Values.artifactory.customPersistentPodVolumeClaim.mountPath }} + {{- end }} + {{- if .Values.waitForDatabase }} + {{- if or .Values.postgresql.enabled }} + - name: "wait-for-db" + image: "{{ .Values.initContainerImage }}" + command: + - 'sh' + - '-c' + - > + until nc -z -w 2 {{ .Release.Name }}-postgresql {{ .Values.postgresql.service.port }} && echo database ok; do + sleep 2; + done; + {{- end }} + {{- end }} + {{- if .Values.artifactory.customInitContainers }} +{{ tpl .Values.artifactory.customInitContainers . | indent 6 }} + {{- end }} +{{- if .Values.artifactory.migration.enabled }} + - name: 'migration-artifactory' + image: '{{ .Values.artifactory.image.repository }}:{{ default .Chart.AppVersion .Values.artifactory.image.version }}' + imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} + securityContext: + allowPrivilegeEscalation: false + command: + - '/bin/bash' + - '-c' + - > + {{- if .Values.artifactory.migration.preStartCommand }} + echo "Running custom preStartCommand command"; + {{ tpl .Values.artifactory.migration.preStartCommand . }}; + {{- end }} + scriptsPath="/opt/jfrog/artifactory/app/bin"; + mkdir -p $scriptsPath; + echo "Copy migration scripts and Run migration"; + cp -fv /tmp/migrate.sh $scriptsPath/migrate.sh; + cp -fv /tmp/migrationHelmInfo.yaml $scriptsPath/migrationHelmInfo.yaml; + cp -fv /tmp/migrationStatus.sh $scriptsPath/migrationStatus.sh; + mkdir -p {{ .Values.artifactory.persistence.mountPath }}/log; + bash $scriptsPath/migrationStatus.sh {{ default .Chart.AppVersion .Values.artifactory.image.version }} {{ .Values.artifactory.migration.timeoutSeconds }} > >(tee {{ .Values.artifactory.persistence.mountPath }}/log/helm-migration.log) 2>&1; + env: + {{- if or .Values.database.secrets.user .Values.database.user }} + - name: JF_SHARED_DATABASE_USERNAME + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.user }} + name: {{ tpl .Values.database.secrets.user.name . }} + key: {{ tpl .Values.database.secrets.user.key . }} + {{- else if .Values.database.user }} + name: {{ template "artifactory.fullname" . }}-database-creds + key: db-user + {{- end }} + {{- end }} + {{ if or .Values.database.secrets.password .Values.database.password .Values.postgresql.enabled }} + - name: JF_SHARED_DATABASE_PASSWORD + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.password }} + name: {{ tpl .Values.database.secrets.password.name . }} + key: {{ tpl .Values.database.secrets.password.key . }} + {{- else if .Values.database.password }} + name: {{ template "artifactory.fullname" . }}-database-creds + key: db-password + {{- else if .Values.postgresql.enabled }} + name: {{ .Release.Name }}-postgresql + key: postgresql-password + {{- end }} + {{- end }} + {{- if or .Values.database.secrets.url .Values.database.url }} + - name: JF_SHARED_DATABASE_URL + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.url }} + name: {{ tpl .Values.database.secrets.url.name . }} + key: {{ tpl .Values.database.secrets.url.key . }} + {{- else if .Values.database.url }} + name: {{ template "artifactory.fullname" . }}-database-creds + key: db-url + {{- end }} + {{- end }} +{{- with .Values.artifactory.extraEnvironmentVariables }} +{{ tpl (toYaml .) $ | indent 8 }} +{{- end }} + volumeMounts: + - name: migration-scripts + mountPath: "/tmp/migrate.sh" + subPath: migrate.sh + - name: migration-scripts + mountPath: "/tmp/migrationHelmInfo.yaml" + subPath: migrationHelmInfo.yaml + - name: migration-scripts + mountPath: "/tmp/migrationStatus.sh" + subPath: migrationStatus.sh + - name: artifactory-volume + mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} + {{- if eq .Values.artifactory.persistence.type "nfs" }} + - name: artifactory-data + mountPath: "{{ .Values.artifactory.persistence.nfs.dataDir }}" + - name: artifactory-backup + mountPath: "{{ .Values.artifactory.persistence.nfs.backupDir }}" + {{- else }} + - name: binarystore-xml + mountPath: "/artifactory_bootstrap/binarystore.xml" + subPath: binarystore.xml + {{- end }} + {{- if .Values.artifactory.customVolumeMounts }} +{{ tpl .Values.artifactory.customVolumeMounts . | indent 8 }} + {{- end }} +{{- end }} + containers: + - name: {{ .Values.artifactory.name }} + image: '{{ .Values.artifactory.image.repository }}:{{ default .Chart.AppVersion .Values.artifactory.image.version }}' + imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} + securityContext: + allowPrivilegeEscalation: false + command: + - '/bin/bash' + - '-c' + - > + set -e; + if [ -d /artifactory_extra_conf ] && [ -d /artifactory_bootstrap ]; then + echo "Copying bootstrap config from /artifactory_extra_conf to /artifactory_bootstrap"; + cp -Lrfv /artifactory_extra_conf/ /artifactory_bootstrap/; + fi; + {{- if .Values.artifactory.configMapName }} + echo "Copying bootstrap configs"; + cp -Lrf /bootstrap/* /artifactory_bootstrap/; + {{- end }} + {{- if .Values.artifactory.userPluginSecrets }} + echo "Copying plugins"; + cp -Lrf /tmp/plugin/*/* /artifactory_bootstrap/plugins; + {{- end }} + {{- range .Values.artifactory.copyOnEveryStartup }} + {{- $targetPath := printf "%s/%s" $.Values.artifactory.persistence.mountPath .target }} + {{- $baseDirectory := regexFind ".*/" $targetPath }} + mkdir -p {{ $baseDirectory }}; + cp -Lrf {{ .source }} {{ $.Values.artifactory.persistence.mountPath }}/{{ .target }}; + {{- end }} + {{- if .Values.artifactory.preStartCommand }} + echo "Running custom preStartCommand command"; + {{ tpl .Values.artifactory.preStartCommand . }}; + {{- end }} + exec /entrypoint-artifactory.sh + lifecycle: + postStart: + exec: + command: + - '/bin/bash' + - '-c' + - > + echo; + {{- with .Values.artifactory.postStartCommand }} + {{ tpl . $ }} + {{- end }} + env: + {{- if or .Values.database.secrets.user .Values.database.user }} + - name: JF_SHARED_DATABASE_USERNAME + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.user }} + name: {{ tpl .Values.database.secrets.user.name . }} + key: {{ tpl .Values.database.secrets.user.key . }} + {{- else if .Values.database.user }} + name: {{ template "artifactory.fullname" . }}-database-creds + key: db-user + {{- end }} + {{- end }} + {{ if or .Values.database.secrets.password .Values.database.password .Values.postgresql.enabled }} + - name: JF_SHARED_DATABASE_PASSWORD + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.password }} + name: {{ tpl .Values.database.secrets.password.name . }} + key: {{ tpl .Values.database.secrets.password.key . }} + {{- else if .Values.database.password }} + name: {{ template "artifactory.fullname" . }}-database-creds + key: db-password + {{- else if .Values.postgresql.enabled }} + name: {{ .Release.Name }}-postgresql + key: postgresql-password + {{- end }} + {{- end }} + {{- if or .Values.database.secrets.url .Values.database.url }} + - name: JF_SHARED_DATABASE_URL + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.url }} + name: {{ tpl .Values.database.secrets.url.name . }} + key: {{ tpl .Values.database.secrets.url.key . }} + {{- else if .Values.database.url }} + name: {{ template "artifactory.fullname" . }}-database-creds + key: db-url + {{- end }} + {{- end }} +{{- with .Values.artifactory.extraEnvironmentVariables }} +{{ tpl (toYaml .) $ | indent 8 }} +{{- end }} + ports: + - containerPort: {{ .Values.artifactory.internalPort }} + - containerPort: {{ .Values.artifactory.internalArtifactoryPort }} + {{- if .Values.artifactory.javaOpts.jmx.enabled }} + - containerPort: {{ .Values.artifactory.javaOpts.jmx.port }} + {{- end }} + {{- if .Values.artifactory.ssh.enabled }} + - containerPort: {{ .Values.artifactory.ssh.internalPort }} + {{- end }} + volumeMounts: + {{- if .Values.artifactory.userPluginSecrets }} + - name: bootstrap-plugins + mountPath: "/artifactory_bootstrap/plugins/" + {{- range .Values.artifactory.userPluginSecrets }} + - name: {{ tpl . $ }} + mountPath: "/tmp/plugin/{{ tpl . $ }}" + {{- end }} + {{- end }} + - name: artifactory-volume + mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} + {{- if .Values.artifactory.configMapName }} + - name: bootstrap-config + mountPath: "/bootstrap/" + {{- end }} + {{- if eq .Values.artifactory.persistence.type "nfs" }} + - name: artifactory-data + mountPath: "{{ .Values.artifactory.persistence.nfs.dataDir }}" + - name: artifactory-backup + mountPath: "{{ .Values.artifactory.persistence.nfs.backupDir }}" + {{- else }} + - name: binarystore-xml + mountPath: "/artifactory_bootstrap/binarystore.xml" + subPath: binarystore.xml + {{- end }} + {{- if or .Values.artifactory.license.secret .Values.artifactory.license.licenseKey }} + - name: artifactory-license + mountPath: "/artifactory_bootstrap/artifactory.lic" + {{- if .Values.artifactory.license.secret }} + subPath: {{ .Values.artifactory.license.dataKey }} + {{- else if .Values.artifactory.license.licenseKey }} + subPath: artifactory.lic + {{- end }} + {{- end }} + - name: installer-info + mountPath: "/artifactory_bootstrap/info/installer-info.json" + subPath: installer-info.json + {{- if .Values.artifactory.customVolumeMounts }} +{{ tpl .Values.artifactory.customVolumeMounts . | indent 8 }} + {{- end }} + resources: +{{ toYaml .Values.artifactory.resources | indent 10 }} + {{- if .Values.artifactory.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.artifactory.readinessProbe.path }} + scheme: {{ include "artifactory.scheme" . | upper }} + port: {{ .Values.artifactory.internalPort }} + initialDelaySeconds: {{ .Values.artifactory.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.artifactory.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.artifactory.readinessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.artifactory.readinessProbe.failureThreshold }} + successThreshold: {{ .Values.artifactory.readinessProbe.successThreshold }} + {{- end }} + {{- if .Values.artifactory.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.artifactory.livenessProbe.path }} + scheme: {{ include "artifactory.scheme" . | upper }} + port: {{ .Values.artifactory.internalPort }} + initialDelaySeconds: {{ .Values.artifactory.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.artifactory.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.artifactory.livenessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.artifactory.livenessProbe.failureThreshold }} + successThreshold: {{ .Values.artifactory.livenessProbe.successThreshold }} + {{- end }} + {{- $image := .Values.logger.image.repository }} + {{- $tag := .Values.logger.image.tag }} + {{- $mountPath := .Values.artifactory.persistence.mountPath }} + {{- range .Values.artifactory.loggers }} + - name: {{ . | replace "_" "-" | replace "." "-" }} + image: '{{ $image }}:{{ $tag }}' + command: + - 'sh' + - '-c' + - 'sh /scripts/tail-log.sh {{ $mountPath }}/log {{ . }}' + volumeMounts: + - name: artifactory-volume + mountPath: {{ $mountPath }} + - name: tail-logger-script + mountPath: /scripts/tail-log.sh + subPath: tail-log.sh + resources: +{{ toYaml $.Values.artifactory.loggersResources | indent 10 }} + {{- end }} + {{ if .Values.artifactory.catalinaLoggers }} + {{- range .Values.artifactory.catalinaLoggers }} + - name: {{ . | replace "_" "-" | replace "." "-" }} + image: '{{ $image }}:{{ $tag }}' + command: + - 'sh' + - '-c' + - 'sh /scripts/tail-log.sh {{ $mountPath }}/log/tomcat {{ . }}' + volumeMounts: + - name: artifactory-volume + mountPath: {{ $mountPath }} + - name: tail-logger-script + mountPath: /scripts/tail-log.sh + subPath: tail-log.sh + resources: +{{ toYaml $.Values.artifactory.catalinaLoggersResources | indent 10 }} + {{- end }} + {{- end }} + {{- if .Values.filebeat.enabled }} + - name: {{ .Values.filebeat.name }} + image: "{{ .Values.filebeat.image.repository }}:{{ .Values.filebeat.image.version }}" + imagePullPolicy: {{ .Values.filebeat.image.pullPolicy }} + args: + - "-e" + - "-E" + - "http.enabled=true" + securityContext: + runAsUser: 0 + volumeMounts: + - name: filebeat-config + mountPath: /usr/share/filebeat/filebeat.yml + readOnly: true + subPath: filebeat.yml + - name: artifactory-volume + mountPath: "{{ .Values.artifactory.persistence.mountPath }}" + livenessProbe: +{{ toYaml .Values.filebeat.livenessProbe | indent 10 }} + readinessProbe: +{{ toYaml .Values.filebeat.readinessProbe | indent 10 }} + resources: +{{ toYaml .Values.filebeat.resources | indent 10 }} + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriod }} + {{- end }} + {{- if .Values.artifactory.customSidecarContainers }} +{{ tpl .Values.artifactory.customSidecarContainers . | indent 6 }} + {{- end }} + {{- with .Values.artifactory.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.artifactory.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.artifactory.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} + volumes: + - name: binarystore-xml + secret: + {{- if .Values.artifactory.persistence.customBinarystoreXmlSecret }} + secretName: {{ .Values.artifactory.persistence.customBinarystoreXmlSecret }} + {{- else }} + secretName: {{ template "artifactory.fullname" . }}-binarystore + {{- end }} +{{- if .Values.artifactory.migration.enabled }} + - name: migration-scripts + configMap: + name: {{ template "artifactory.fullname" . }}-migration-scripts +{{- end }} + - name: installer-info + configMap: + name: {{ template "artifactory.fullname" . }}-installer-info + {{- if .Values.artifactory.userPluginSecrets }} + - name: bootstrap-plugins + emptyDir: {} + {{- range .Values.artifactory.userPluginSecrets }} + - name: {{ tpl . $ }} + secret: + secretName: {{ tpl . $ }} + {{- end }} + {{- end }} + {{- if and .Values.artifactory.persistence.enabled .Values.artifactory.persistence.existingClaim }} + - name: artifactory-volume + persistentVolumeClaim: + claimName: {{ .Values.artifactory.persistence.existingClaim }} + {{- end }} + {{- if .Values.artifactory.configMapName }} + - name: bootstrap-config + configMap: + name: {{ .Values.artifactory.configMapName }} + {{- end}} + {{- if or .Values.artifactory.loggers .Values.artifactory.catalinaLoggers }} + - name: tail-logger-script + configMap: + name: {{ template "artifactory.fullname" . }}-logger + {{- end }} + {{- if .Values.artifactory.configMaps }} + - name: artifactory-configmaps + configMap: + name: {{ template "artifactory.fullname" . }}-configmaps + {{- end }} + {{- if or .Values.artifactory.license.secret .Values.artifactory.license.licenseKey }} + - name: artifactory-license + secret: + {{- if .Values.artifactory.license.secret }} + secretName: {{ .Values.artifactory.license.secret }} + {{- else if .Values.artifactory.license.licenseKey }} + secretName: {{ template "artifactory.fullname" . }}-license + {{- end }} + {{- end }} + {{- if or (and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey) .Values.artifactory.admin.password }} + - name: access-bootstrap-creds + secret: + {{- if and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey }} + secretName: {{ .Values.artifactory.admin.secret }} + {{- else }} + secretName: {{ template "artifactory.fullname" . }}-bootstrap-creds + {{- end }} + {{- end }} + {{- if eq .Values.artifactory.persistence.type "nfs" }} + - name: artifactory-data + persistentVolumeClaim: + claimName: {{ template "artifactory.fullname" . }}-data-pvc + - name: artifactory-backup + persistentVolumeClaim: + claimName: {{ template "artifactory.fullname" . }}-backup-pvc + {{- end }} + {{- if not .Values.artifactory.persistence.enabled }} + - name: artifactory-volume + emptyDir: + sizeLimit: {{ .Values.artifactory.persistence.size }} + {{- end }} + - name: systemyaml + secret: + secretName: {{ template "artifactory.fullname" . }}-systemyaml + {{- if .Values.access.accessConfig }} + - name: access-config + secret: + secretName: {{ template "artifactory.fullname" . }}-access-config + {{- end }} + {{- if .Values.access.customCertificatesSecretName }} + - name: access-certs + secret: + secretName: {{ .Values.access.customCertificatesSecretName }} + {{- end }} + {{- if .Values.artifactory.customPersistentVolumeClaim }} + - name: {{ .Values.artifactory.customPersistentVolumeClaim.name }} + persistentVolumeClaim: + claimName: {{ .Values.artifactory.customPersistentVolumeClaim.name }} + {{- end }} + {{- if .Values.filebeat.enabled }} + - name: filebeat-config + configMap: + name: {{ template "artifactory.name" . }}-filebeat-config + {{- end }} + {{- if .Values.artifactory.customVolumes }} +{{ tpl .Values.artifactory.customVolumes . | indent 6 }} + {{- end }} + {{- if not .Values.artifactory.persistence.enabled }} + - name: volume + emptyDir: + sizeLimit: {{ .Values.artifactory.persistence.size }} + {{- end }} +{{- with .Values.artifactory.persistence }} + {{- if and .enabled (not .existingClaim) }} + volumeClaimTemplates: + - metadata: + name: artifactory-volume + spec: + {{- if .storageClassName }} + {{- if (eq "-" .storageClassName) }} + storageClassName: "" + {{- else }} + storageClassName: "{{ .storageClassName }}" + {{- end }} + {{- end }} + accessModes: [ "{{ .accessMode }}" ] + resources: + requests: + storage: {{ .size }} + {{- end }} +{{- end }} + {{- if .Values.artifactory.customPersistentPodVolumeClaim }} + - metadata: + name: {{ .Values.artifactory.customPersistentPodVolumeClaim.name }} + spec: + {{- if .Values.artifactory.customPersistentPodVolumeClaim.storageClassName }} + {{- if (eq "-" .Values.artifactory.customPersistentPodVolumeClaim.storageClassName) }} + storageClassName: "" + {{- else }} + storageClassName: "{{ .Values.artifactory.customPersistentPodVolumeClaim.storageClassName }}" + {{- end }} + {{- end }} + accessModes: + {{- range .Values.artifactory.customPersistentPodVolumeClaim.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.artifactory.customPersistentPodVolumeClaim.size }} + {{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-system-yaml.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-system-yaml.yaml new file mode 100644 index 000000000..e2fa58e86 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/artifactory-system-yaml.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "artifactory.fullname" . }}-systemyaml + labels: + app: {{ template "artifactory.name" . }} + chart: {{ template "artifactory.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +type: Opaque +stringData: + system.yaml: | +{{ tpl .Values.artifactory.systemYaml . | indent 4 }} diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/filebeat-configmap.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/filebeat-configmap.yaml new file mode 100644 index 000000000..8ceb67c01 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/filebeat-configmap.yaml @@ -0,0 +1,15 @@ +{{- if .Values.filebeat.enabled }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "artifactory.name" . }}-filebeat-config + labels: + app: {{ template "artifactory.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} +data: + filebeat.yml: | +{{ tpl .Values.filebeat.filebeatYml . | indent 4 }} +{{- end -}} \ No newline at end of file diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/ingress.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/ingress.yaml new file mode 100644 index 000000000..47e2f5505 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/ingress.yaml @@ -0,0 +1,103 @@ +{{- if .Values.ingress.enabled -}} +{{- $serviceName := include "artifactory.fullname" . -}} +{{- $servicePort := .Values.artifactory.externalPort -}} +{{- $artifactoryServicePort := .Values.artifactory.externalArtifactoryPort -}} +{{- $ingressName := default ( include "artifactory.fullname" . ) .Values.ingress.name -}} +{{- if semverCompare ">=v1.14.0" .Capabilities.KubeVersion.GitVersion }} +apiVersion: networking.k8s.io/v1beta1 +{{- else }} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $ingressName }} + labels: + app: {{ template "artifactory.name" . }} + chart: {{ template "artifactory.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- if .Values.ingress.labels }} +{{ .Values.ingress.labels | toYaml | trimSuffix "\n"| indent 4 -}} +{{- end}} +{{- if .Values.ingress.annotations }} + annotations: +{{ .Values.ingress.annotations | toYaml | trimSuffix "\n" | indent 4 -}} +{{- end }} +spec: + {{- if .Values.ingress.defaultBackend.enabled }} + backend: + serviceName: {{ $serviceName }} + servicePort: {{ $servicePort }} + {{- end }} + rules: +{{- if .Values.ingress.hosts }} + {{- range $host := .Values.ingress.hosts }} + - host: {{ $host | quote }} + http: + paths: + - path: {{ $.Values.ingress.routerPath }} + backend: + serviceName: {{ $serviceName }} + servicePort: {{ $servicePort }} + - path: {{ $.Values.ingress.artifactoryPath }} + backend: + serviceName: {{ $serviceName }} + servicePort: {{ $artifactoryServicePort }} + {{- end -}} +{{- end -}} + {{- with .Values.ingress.additionalRules }} +{{ tpl . $ | indent 2 }} + {{- end }} + + {{- if .Values.ingress.tls }} + tls: +{{ toYaml .Values.ingress.tls | indent 4 }} + {{- end -}} +{{- if .Values.artifactory.replicator.enabled }} +--- +{{- $replicatorIngressName := default ( include "artifactory.replicator.fullname" . ) .Values.artifactory.replicator.ingress.name -}} + {{- if semverCompare ">=v1.14.0" .Capabilities.KubeVersion.GitVersion }} +apiVersion: networking.k8s.io/v1beta1 + {{- else }} +apiVersion: extensions/v1beta1 + {{- end }} +kind: Ingress +metadata: + name: {{ $replicatorIngressName }} + labels: + app: "{{ template "artifactory.name" $ }}" + chart: "{{ template "artifactory.chart" $ }}" + release: {{ $.Release.Name | quote }} + heritage: {{ $.Release.Service | quote }} + {{- if .Values.artifactory.replicator.ingress.annotations }} + annotations: +{{ .Values.artifactory.replicator.ingress.annotations | toYaml | trimSuffix "\n" | indent 4 -}} + {{- end }} +spec: + {{- if .Values.ingress.defaultBackend.enabled }} + backend: + serviceName: {{ $serviceName }} + servicePort: {{ $servicePort }} + {{- end }} + rules: +{{- if .Values.artifactory.replicator.ingress.hosts }} + {{- range $host := .Values.artifactory.replicator.ingress.hosts }} + - host: {{ $host | quote }} + http: + paths: + - path: /replicator/ + backend: + serviceName: {{ $serviceName }} + servicePort: {{ $servicePort }} + - path: /artifactory/api/replication/replicate/file/streaming + backend: + serviceName: {{ $serviceName }} + servicePort: {{ $servicePort }} + {{- end -}} +{{- end -}} + {{- if .Values.artifactory.replicator.ingress.tls }} + tls: +{{ toYaml .Values.artifactory.replicator.ingress.tls | indent 4 }} + {{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/logger-configmap.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/logger-configmap.yaml new file mode 100644 index 000000000..f53f35e48 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/logger-configmap.yaml @@ -0,0 +1,63 @@ +{{- if or .Values.artifactory.loggers .Values.artifactory.catalinaLoggers }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "artifactory.fullname" . }}-logger + labels: + app: {{ template "artifactory.name" . }} + chart: {{ template "artifactory.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +data: + tail-log.sh: | + #!/bin/sh + + LOG_DIR=$1 + LOG_NAME=$2 + PID= + + # Wait for log dir to appear + while [ ! -d ${LOG_DIR} ]; do + sleep 1 + done + + cd ${LOG_DIR} + + LOG_PREFIX=$(echo ${LOG_NAME} | sed 's/.log$//g') + + # Find the log to tail + LOG_FILE=$(ls -1t ./${LOG_PREFIX}*.log 2>/dev/null | head -1) + + # Wait for the log file + while [ -z "${LOG_FILE}" ]; do + sleep 1 + LOG_FILE=$(ls -1t ./${LOG_PREFIX}*.log 2>/dev/null | head -1) + done + + echo "Log file ${LOG_FILE} is ready!" + + # Get inode number + INODE_ID=$(ls -i ${LOG_FILE}) + + # echo "Tailing ${LOG_FILE}" + tail -F ${LOG_FILE} & + PID=$! + + # Loop forever to see if a new log was created + while true; do + # Check inode number + NEW_INODE_ID=$(ls -i ${LOG_FILE}) + + # If inode number changed, this means log was rotated and need to start a new tail + if [ "${INODE_ID}" != "${NEW_INODE_ID}" ]; then + kill -9 ${PID} 2>/dev/null + INODE_ID="${NEW_INODE_ID}" + + # Start a new tail + tail -F ${LOG_FILE} & + PID=$! + fi + sleep 1 + done + +{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/nginx-artifactory-conf.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/nginx-artifactory-conf.yaml new file mode 100644 index 000000000..bd2ebea96 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/nginx-artifactory-conf.yaml @@ -0,0 +1,14 @@ +{{- if and (not .Values.nginx.customArtifactoryConfigMap) .Values.nginx.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "artifactory.fullname" . }}-nginx-artifactory-conf + labels: + app: {{ template "artifactory.name" . }} + chart: {{ template "artifactory.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +data: + artifactory.conf: | +{{ tpl .Values.nginx.artifactoryConf . | indent 4 }} +{{- end }} \ No newline at end of file diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/nginx-certificate-secret.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/nginx-certificate-secret.yaml new file mode 100644 index 000000000..fa39459e7 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/nginx-certificate-secret.yaml @@ -0,0 +1,14 @@ +{{- if and (not .Values.nginx.tlsSecretName) .Values.nginx.enabled }} +apiVersion: v1 +kind: Secret +type: kubernetes.io/tls +metadata: + name: {{ template "artifactory.fullname" . }}-nginx-certificate + labels: + app: {{ template "artifactory.name" . }} + chart: {{ template "artifactory.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +data: +{{ ( include "artifactory.gen-certs" . ) | indent 2 }} +{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/nginx-conf.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/nginx-conf.yaml new file mode 100644 index 000000000..851eae247 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/nginx-conf.yaml @@ -0,0 +1,14 @@ +{{- if and (not .Values.nginx.customConfigMap) .Values.nginx.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "artifactory.fullname" . }}-nginx-conf + labels: + app: {{ template "artifactory.name" . }} + chart: {{ template "artifactory.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +data: + nginx.conf: | +{{ tpl .Values.nginx.mainConf . | indent 4 }} +{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/nginx-deployment.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/nginx-deployment.yaml new file mode 100644 index 000000000..ec0307769 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/nginx-deployment.yaml @@ -0,0 +1,194 @@ +{{- if .Values.nginx.enabled -}} +{{- $serviceName := include "artifactory.fullname" . -}} +{{- $servicePort := .Values.artifactory.externalPort -}} +apiVersion: apps/v1 +kind: {{ .Values.nginx.kind }} +metadata: + name: {{ template "artifactory.nginx.fullname" . }} + labels: + app: {{ template "artifactory.name" . }} + chart: {{ template "artifactory.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + component: {{ .Values.nginx.name }} +{{- if .Values.nginx.labels }} +{{ toYaml .Values.nginx.labels | indent 4 }} +{{- end }} +spec: +{{- if eq .Values.nginx.kind "StatefulSet" }} + serviceName: {{ template "artifactory.nginx.fullname" . }} +{{- end }} +{{- if ne .Values.nginx.kind "DaemonSet" }} + replicas: {{ .Values.nginx.replicaCount }} +{{- end }} + selector: + matchLabels: + app: {{ template "artifactory.name" . }} + release: {{ .Release.Name }} + component: {{ .Values.nginx.name }} + template: + metadata: + annotations: + checksum/nginx-conf: {{ include (print $.Template.BasePath "/nginx-conf.yaml") . | sha256sum }} + checksum/nginx-artifactory-conf: {{ include (print $.Template.BasePath "/nginx-artifactory-conf.yaml") . | sha256sum }} + labels: + app: {{ template "artifactory.name" . }} + chart: {{ template "artifactory.chart" . }} + component: {{ .Values.nginx.name }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + spec: + serviceAccountName: {{ template "artifactory.serviceAccountName" . }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: + - name: {{ .Values.imagePullSecrets }} + {{- end }} + initContainers: + - name: "setup" + image: "{{ .Values.initContainerImage }}" + imagePullPolicy: {{ .Values.nginx.image.pullPolicy }} + command: + - '/bin/sh' + - '-c' + - > + rm -rfv {{ .Values.nginx.persistence.mountPath }}/lost+found; + mkdir -p {{ .Values.nginx.persistence.mountPath }}/logs; + volumeMounts: + - mountPath: {{ .Values.nginx.persistence.mountPath | quote }} + name: nginx-volume + securityContext: + runAsUser: {{ .Values.nginx.uid }} + fsGroup: {{ .Values.nginx.gid }} + containers: + - name: {{ .Values.nginx.name }} + image: '{{ .Values.nginx.image.repository }}:{{ default .Chart.AppVersion .Values.nginx.image.version }}' + imagePullPolicy: {{ .Values.nginx.image.pullPolicy }} + command: + - 'nginx' + - '-g' + - 'daemon off;' + ports: + # DEPRECATION NOTE: The following is to maintain support for values pre 1.3.1 and + # will be cleaned up in a later version + {{- if .Values.nginx.http }} + {{- if .Values.nginx.http.enabled }} + - containerPort: {{ .Values.nginx.http.internalPort }} + {{- end }} + {{- else }} # DEPRECATED + - containerPort: {{ .Values.nginx.internalPortHttp }} + {{- end }} + {{- if .Values.nginx.https }} + {{- if .Values.nginx.https.enabled }} + - containerPort: {{ .Values.nginx.https.internalPort }} + {{- end }} + {{- else }} # DEPRECATED + - containerPort: {{ .Values.nginx.internalPortHttps }} + {{- end }} + {{- if .Values.artifactory.ssh.enabled }} + - containerPort: {{ .Values.nginx.ssh.internalPort }} + {{- end }} + volumeMounts: + - name: nginx-conf + mountPath: /etc/nginx/nginx.conf + subPath: nginx.conf + - name: nginx-artifactory-conf + mountPath: "{{ .Values.nginx.persistence.mountPath }}/conf.d/" + - name: nginx-volume + mountPath: {{ .Values.nginx.persistence.mountPath | quote }} + - name: ssl-certificates + mountPath: "{{ .Values.nginx.persistence.mountPath }}/ssl" + resources: +{{ toYaml .Values.nginx.resources | indent 10 }} + {{- if .Values.nginx.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.nginx.readinessProbe.path }} + {{- if .Values.nginx.http.enabled }} + port: {{ .Values.nginx.http.internalPort }} + scheme: HTTP + {{- else }} + port: {{ .Values.nginx.https.internalPort }} + scheme: HTTPS + {{- end }} + initialDelaySeconds: {{ .Values.nginx.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.nginx.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.nginx.readinessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.nginx.readinessProbe.failureThreshold }} + successThreshold: {{ .Values.nginx.readinessProbe.successThreshold }} + {{- end }} + {{- if .Values.nginx.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.nginx.livenessProbe.path }} + {{- if .Values.nginx.http.enabled }} + port: {{ .Values.nginx.http.internalPort }} + scheme: HTTP + {{- else }} + port: {{ .Values.nginx.https.internalPort }} + scheme: HTTPS + {{- end }} + initialDelaySeconds: {{ .Values.nginx.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.nginx.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.nginx.livenessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.nginx.livenessProbe.failureThreshold }} + successThreshold: {{ .Values.nginx.livenessProbe.successThreshold }} + {{- end }} + {{- $image := .Values.logger.image.repository }} + {{- $tag := .Values.logger.image.tag }} + {{- $mountPath := .Values.nginx.persistence.mountPath }} + {{- range .Values.nginx.loggers }} + - name: {{ . | replace "_" "-" | replace "." "-" }} + image: '{{ $image }}:{{ $tag }}' + command: + - tail + args: + - '-F' + - '{{ $mountPath }}/logs/{{ . }}' + volumeMounts: + - name: nginx-volume + mountPath: {{ $mountPath }} + resources: +{{ toYaml $.Values.nginx.loggersResources | indent 10 }} + {{- end }} + {{- with .Values.nginx.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.nginx.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.nginx.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} + volumes: + - name: nginx-conf + configMap: + {{- if .Values.nginx.customConfigMap }} + name: {{ .Values.nginx.customConfigMap }} + {{- else }} + name: {{ template "artifactory.fullname" . }}-nginx-conf + {{- end }} + - name: nginx-artifactory-conf + configMap: + {{- if .Values.nginx.customArtifactoryConfigMap }} + name: {{ .Values.nginx.customArtifactoryConfigMap }} + {{- else }} + name: {{ template "artifactory.fullname" . }}-nginx-artifactory-conf + {{- end }} + - name: nginx-volume + {{- if .Values.nginx.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ .Values.nginx.persistence.existingClaim | default (include "artifactory.nginx.fullname" .) }} + {{- else }} + emptyDir: {} + {{- end }} + - name: ssl-certificates + secret: + {{- if .Values.nginx.tlsSecretName }} + secretName: {{ .Values.nginx.tlsSecretName }} + {{- else }} + secretName: {{ template "artifactory.fullname" . }}-nginx-certificate + {{- end }} +{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/nginx-pvc.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/nginx-pvc.yaml new file mode 100644 index 000000000..a110d8b24 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/nginx-pvc.yaml @@ -0,0 +1,26 @@ +{{- if and .Values.nginx.persistence.enabled (.Values.nginx.enabled ) }} +{{- if (not .Values.nginx.persistence.existingClaim) }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ template "artifactory.nginx.fullname" . }} + labels: + app: {{ template "artifactory.name" . }} + chart: {{ template "artifactory.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + accessModes: + - {{ .Values.nginx.persistence.accessMode | quote }} + resources: + requests: + storage: {{ .Values.nginx.persistence.size | quote }} +{{- if .Values.nginx.persistence.storageClass }} +{{- if (eq "-" .Values.nginx.persistence.storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .Values.nginx.persistence.storageClass }}" +{{- end }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/nginx-service.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/nginx-service.yaml new file mode 100644 index 000000000..78d2a6f29 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/templates/nginx-service.yaml @@ -0,0 +1,73 @@ +{{- if .Values.nginx.enabled -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "artifactory.nginx.fullname" . }} + labels: + app: {{ template "artifactory.name" . }} + chart: {{ template "artifactory.chart" . }} + component: {{ .Values.nginx.name }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +{{- if .Values.nginx.service.annotations }} + annotations: +{{ toYaml .Values.nginx.service.annotations | indent 4 }} +{{- end }} +spec: + type: {{ .Values.nginx.service.type }} +{{- if eq .Values.nginx.service.type "LoadBalancer" }} + {{ if .Values.nginx.service.loadBalancerIP -}} + loadBalancerIP: {{ .Values.nginx.service.loadBalancerIP }} + {{ end -}} + {{- if .Values.nginx.service.externalTrafficPolicy }} + externalTrafficPolicy: {{ .Values.nginx.service.externalTrafficPolicy }} + {{- end }} +{{- end }} +{{- if .Values.nginx.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: +{{ toYaml .Values.nginx.service.loadBalancerSourceRanges | indent 4 }} +{{- end }} + ports: + # DEPRECATION NOTE: The following is to maintain support for values pre 1.3.0 and + # will be cleaned up in a later version + {{- if .Values.nginx.http }} + {{- if .Values.nginx.http.enabled }} + - port: {{ .Values.nginx.http.externalPort }} + targetPort: {{ .Values.nginx.http.internalPort }} + protocol: TCP + name: http + {{- end }} + {{- else }} # DEPRECATED + - port: {{ .Values.nginx.externalPortHttp }} + targetPort: {{ .Values.nginx.internalPortHttp }} + protocol: TCP + name: http + {{- end }} + {{- if .Values.nginx.https }} + {{- if or .Values.nginx.https.enabled .Values.nginx.service.ssloffload }} + - port: {{ .Values.nginx.https.externalPort }} + {{- if .Values.nginx.service.ssloffload }} + targetPort: {{ .Values.nginx.http.internalPort }} + {{- else }} + targetPort: {{ .Values.nginx.https.internalPort}} + {{- end }} + protocol: TCP + name: https + {{- end }} + {{- else }} # DEPRECATED + - port: {{ .Values.nginx.externalPortHttps }} + targetPort: {{ .Values.nginx.internalPortHttps }} + protocol: TCP + name: https + {{- end }} + {{- if .Values.artifactory.ssh.enabled }} + - port: {{ .Values.nginx.ssh.externalPort }} + targetPort: {{ .Values.nginx.ssh.internalPort }} + protocol: TCP + name: ssh + {{- end }} + selector: + app: {{ template "artifactory.name" . }} + component: {{ .Values.nginx.name }} + release: {{ .Release.Name }} +{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/values-large.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/values-large.yaml new file mode 100644 index 000000000..6399c5b8a --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/values-large.yaml @@ -0,0 +1,11 @@ +artifactory: + resources: + requests: + memory: "6Gi" + cpu: "4" + limits: + memory: "10Gi" + cpu: "8" + javaOpts: + xms: "6g" + xmx: "8g" diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/values-medium.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/values-medium.yaml new file mode 100644 index 000000000..44aff82de --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/values-medium.yaml @@ -0,0 +1,11 @@ +artifactory: + resources: + requests: + memory: "4Gi" + cpu: "2" + limits: + memory: "8Gi" + cpu: "6" + javaOpts: + xms: "4g" + xmx: "6g" diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/values-small.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/values-small.yaml new file mode 100644 index 000000000..04368ae15 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/values-small.yaml @@ -0,0 +1,11 @@ +artifactory: + resources: + requests: + memory: "4Gi" + cpu: "2" + limits: + memory: "6Gi" + cpu: "4" + javaOpts: + xms: "4g" + xmx: "4g" diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/values.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/values.yaml new file mode 100644 index 000000000..9eee1703c --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/charts/artifactory/values.yaml @@ -0,0 +1,1268 @@ +# Default values for artifactory. +# This is a YAML-formatted file. + +# Beware when changing values here. You should know what you are doing! +# Access the values with {{ .Values.key.subkey }} + +# Common +initContainerImage: docker.bintray.io/alpine:3.12 + +installer: + type: + platform: + +installerInfo: '{"productId": "Helm_artifactory/{{ .Chart.Version }}", "features": [ { "featureId": "Platform/{{ default "kubernetes" .Values.installer.platform }}"}]}' + +# For supporting pulling from private registries +imagePullSecrets: + +## Role Based Access Control +## Ref: https://kubernetes.io/docs/admin/authorization/rbac/ +rbac: + create: true + role: + ## Rules to create. It follows the role specification + rules: + - apiGroups: + - '' + resources: + - services + - endpoints + - pods + verbs: + - get + - watch + - list + +## Service Account +## Ref: https://kubernetes.io/docs/admin/service-accounts-admin/ +## +serviceAccount: + create: true + ## The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the fullname template + name: + ## Service Account annotations + annotations: {} + +ingress: + enabled: false + defaultBackend: + enabled: true + # Used to create an Ingress record. + hosts: [] + routerPath: / + artifactoryPath: /artifactory/ + annotations: {} + # kubernetes.io/ingress.class: nginx + # nginx.ingress.kubernetes.io/configuration-snippet: | + # proxy_pass_header Server; + # proxy_set_header X-JFrog-Override-Base-Url https://; + # kubernetes.io/tls-acme: "true" + # nginx.ingress.kubernetes.io/proxy-body-size: "0" + labels: {} + # traffic-type: external + # traffic-type: internal + tls: [] + # Secrets must be manually created in the namespace. + # - secretName: chart-example-tls + # hosts: + # - artifactory.domain.example + + # Additional ingress rules + additionalRules: [] + +networkpolicy: + # Allows all ingress and egress + - name: artifactory + podSelector: + matchLabels: + app: artifactory + egress: + - {} + ingress: + - {} + # Uncomment to allow only artifactory pods to communicate with postgresql (if postgresql.enabled is true) + # - name: postgresql + # podSelector: + # matchLabels: + # app: postgresql + # ingress: + # - from: + # - podSelector: + # matchLabels: + # app: artifactory + +logger: + image: + repository: docker.bintray.io/busybox + tag: 1.31.1 + +# Artifactory +artifactory: + name: artifactory + # Note that by default we use appVersion to get image tag/version + image: + repository: docker.bintray.io/jfrog/artifactory-pro + # version: + pullPolicy: IfNotPresent + labels: {} + + # Create a priority class for the Artifactory pod or use an existing one + # NOTE - Maximum allowed value of a user defined priority is 1000000000 + priorityClass: + create: false + value: 1000000000 + ## Override default name + # name: + ## Use an existing priority class + # existingPriorityClass: + + # Delete the db.properties file in ARTIFACTORY_HOME/etc/db.properties + deleteDBPropertiesOnStartup: true + + database: + maxOpenConnections: 80 + tomcat: + connector: + maxThreads: 200 + extraConfig: 'acceptCount="100"' + + # Files to copy to ARTIFACTORY_HOME/ on each Artifactory startup + copyOnEveryStartup: + # # Absolute path + # - source: /artifactory_bootstrap/binarystore.xml + # # Relative to ARTIFACTORY_HOME/ + # target: etc/artifactory/ + # # Absolute path + # - source: /artifactory_bootstrap/artifactory.lic + # # Relative to ARTIFACTORY_HOME/ + # target: etc/artifactory/ + + # Sidecar containers for tailing Artifactory logs + loggers: [] + # - access-audit.log + # - access-request.log + # - access-security-audit.log + # - access-service.log + # - artifactory-access.log + # - artifactory-event.log + # - artifactory-import-export.log + # - artifactory-request.log + # - artifactory-service.log + # - frontend-request.log + # - frontend-service.log + # - metadata-request.log + # - metadata-service.log + # - router-request.log + # - router-service.log + # - router-traefik.log + # - derby.log + + # Loggers containers resources + loggersResources: {} + # requests: + # memory: "10Mi" + # cpu: "10m" + # limits: + # memory: "100Mi" + # cpu: "50m" + + # Sidecar containers for tailing Tomcat (catalina) logs + catalinaLoggers: [] + # - tomcat-catalina.log + # - tomcat-localhost.log + + # Tomcat (catalina) loggers resources + catalinaLoggersResources: {} + # requests: + # memory: "10Mi" + # cpu: "10m" + # limits: + # memory: "100Mi" + # cpu: "50m" + + # Migration support from 6.x to 7.x + migration: + enabled: true + timeoutSeconds: 3600 + ## Extra pre-start command in migration Init Container to install JDBC driver for MySql/MariaDb/Oracle + # preStartCommand: "mkdir -p /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib; cd /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib && wget -O /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib/mysql-connector-java-5.1.41.jar https://jcenter.bintray.com/mysql/mysql-connector-java/5.1.41/mysql-connector-java-5.1.41.jar" + + ## Add custom init containers + customInitContainers: | + # - name: "custom-setup" + # image: "{{ .Values.initContainerImage }}" + # imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" + # command: + # - 'sh' + # - '-c' + # - 'touch {{ .Values.artifactory.persistence.mountPath }}/example-custom-setup' + # volumeMounts: + # - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" + # name: artifactory-volume + + ## Add custom sidecar containers + # - The provided example uses a custom volume (customVolumes) + # - The provided example shows running container as root (id 0) + customSidecarContainers: | + # - name: "sidecar-list-etc" + # image: "{{ .Values.initContainerImage }}" + # imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" + # securityContext: + # runAsUser: 0 + # fsGroup: 0 + # command: + # - 'sh' + # - '-c' + # - 'sh /scripts/script.sh' + # volumeMounts: + # - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" + # name: artifactory-volume + # - mountPath: "/scripts/script.sh" + # name: custom-script + # subPath: script.sh + # resources: + # requests: + # memory: "32Mi" + # cpu: "50m" + # limits: + # memory: "128Mi" + # cpu: "100m" + + ## Add custom volumes + customVolumes: | + # - name: custom-script + # configMap: + # name: custom-script + + ## Add custom volumesMounts + customVolumeMounts: | + # - name: custom-script + # mountPath: "/scripts/script.sh" + # subPath: script.sh + # - name: posthook-start + # mountPath: "/scripts/posthoook-start.sh" + # subPath: posthoook-start.sh + # - name: prehook-start + # mountPath: "/scripts/prehook-start.sh" + # subPath: prehook-start.sh + + # Add custom persistent volume mounts - Available for the pod + customPersistentPodVolumeClaim: {} + # name: + # mountPath: + # accessModes: + # - "-" + # size: + # storageClassName: + + # Add custom persistent volume mounts - Available to the entire namespace + customPersistentVolumeClaim: {} + # name: + # mountPath: + # accessModes: + # - "-" + # size: + # storageClassName: + + ## Artifactory license. + license: + ## licenseKey is the license key in plain text. Use either this or the license.secret setting + licenseKey: + ## If artifactory.license.secret is passed, it will be mounted as + ## ARTIFACTORY_HOME/etc/artifactory.lic and loaded at run time. + secret: + ## The dataKey should be the name of the secret data key created. + dataKey: + + ## Create configMap with artifactory.config.import.xml and security.import.xml and pass name of configMap in following parameter + configMapName: + + # Add any list of configmaps to Artifactory + configMaps: | + # posthook-start.sh: |- + # echo "This is a post start script" + # posthook-end.sh: |- + # echo "This is a post end script" + + ## List of secrets for Artifactory user plugins. + ## One Secret per plugin's files. + userPluginSecrets: + # - archive-old-artifacts + # - build-cleanup + # - webhook + # - '{{ template "my-chart.fullname" . }}' + + ## Artifactory requires a unique master key. + ## You can generate one with the command: "openssl rand -hex 32" + ## An initial one is auto generated by Artifactory on first startup. + # masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF + ## Alternatively, you can use a pre-existing secret with a key called master-key by specifying masterKeySecretName + # masterKeySecretName: + + ## Join Key to connect other services to Artifactory + ## IMPORTANT: Setting this value overrides the existing joinKey + ## IMPORTANT: You should NOT use the example joinKey for a production deployment! + # joinKey: EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE + ## Alternatively, you can use a pre-existing secret with a key called join-key by specifying joinKeySecretName + # joinKeySecretName: + + # Add custom secrets - secret per file + customSecrets: + # - name: custom-secret + # key: custom-secret.yaml + # data: > + # custom_secret_config: + # parameter1: value1 + # parameter2: value2 + # - name: custom-secret2 + # key: custom-secret2.config + # data: | + # here the custom secret 2 config + + ## If false, all service console logs will not redirect to a common console.log + consoleLog: false + + binarystore: + enabled: true + + ## admin allows to set the password for the default admin user. + ## See: https://www.jfrog.com/confluence/display/JFROG/Users+and+Groups#UsersandGroups-RecreatingtheDefaultAdminUserrecreate + admin: + ip: "127.0.0.1" + username: "admin" + password: + secret: + dataKey: + + ## Extra pre-start command to install JDBC driver for MySql/MariaDb/Oracle + # preStartCommand: "mkdir -p /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib; cd /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib && wget -O /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib/mysql-connector-java-5.1.41.jar https://jcenter.bintray.com/mysql/mysql-connector-java/5.1.41/mysql-connector-java-5.1.41.jar" + ## Extra post-start command to run extra commands after container starts + # postStartCommand: + + ## Extra environment variables that can be used to tune Artifactory to your needs. + ## Uncomment and set value as needed + extraEnvironmentVariables: + # - name: SERVER_XML_ARTIFACTORY_PORT + # value: "8081" + # - name: SERVER_XML_ARTIFACTORY_MAX_THREADS + # value: "200" + # - name: SERVER_XML_ACCESS_MAX_THREADS + # value: "50" + # - name: SERVER_XML_ARTIFACTORY_EXTRA_CONFIG + # value: "" + # - name: SERVER_XML_ACCESS_EXTRA_CONFIG + # value: "" + # - name: SERVER_XML_EXTRA_CONNECTOR + # value: "" + # - name: DB_POOL_MAX_ACTIVE + # value: "100" + # - name: DB_POOL_MAX_IDLE + # value: "10" + # - name: MY_SECRET_ENV_VAR + # valueFrom: + # secretKeyRef: + # name: my-secret-name + # key: my-secret-key + + systemYaml: | + shared: + logging: + consoleLog: + enabled: {{ .Values.artifactory.consoleLog }} + extraJavaOpts: > + -Dartifactory.access.client.max.connections={{ .Values.access.tomcat.connector.maxThreads }} + {{- with .Values.artifactory.javaOpts }} + -Dartifactory.async.corePoolSize={{ .corePoolSize }} + {{- if .xms }} + -Xms{{ .xms }} + {{- end }} + {{- if .xmx }} + -Xmx{{ .xmx }} + {{- end }} + {{- if .jmx.enabled }} + -Dcom.sun.management.jmxremote + -Dcom.sun.management.jmxremote.port={{ .jmx.port }} + -Dcom.sun.management.jmxremote.rmi.port={{ .jmx.port }} + -Dcom.sun.management.jmxremote.ssl={{ .jmx.ssl }} + {{- if .jmx.host }} + -Djava.rmi.server.hostname={{ tpl .jmx.host $ }} + {{- else }} + -Djava.rmi.server.hostname={{ template "artifactory.fullname" $ }} + {{- end }} + {{- if .jmx.authenticate }} + -Dcom.sun.management.jmxremote.authenticate=true + -Dcom.sun.management.jmxremote.access.file={{ .jmx.accessFile }} + -Dcom.sun.management.jmxremote.password.file={{ .jmx.passwordFile }} + {{- else }} + -Dcom.sun.management.jmxremote.authenticate=false + {{- end }} + {{- end }} + {{- if .other }} + {{ .other }} + {{- end }} + {{- end }} + {{- if or .Values.database.type .Values.postgresql.enabled }} + database: + {{- if .Values.postgresql.enabled }} + type: postgresql + url: "jdbc:postgresql://{{ .Release.Name }}-postgresql:{{ .Values.postgresql.service.port }}/{{ .Values.postgresql.postgresqlDatabase }}" + driver: org.postgresql.Driver + username: "{{ .Values.postgresql.postgresqlUsername }}" + {{- else }} + type: "{{ .Values.database.type }}" + driver: "{{ .Values.database.driver }}" + {{- end }} + {{- end }} + artifactory: + database: + maxOpenConnections: {{ .Values.artifactory.database.maxOpenConnections }} + tomcat: + connector: + maxThreads: {{ .Values.artifactory.tomcat.connector.maxThreads }} + extraConfig: {{ .Values.artifactory.tomcat.connector.extraConfig }} + access: + database: + maxOpenConnections: {{ .Values.access.database.maxOpenConnections }} + tomcat: + connector: + maxThreads: {{ .Values.access.tomcat.connector.maxThreads }} + extraConfig: {{ .Values.access.tomcat.connector.extraConfig }} + metadata: + database: + maxOpenConnections: {{ .Values.metadata.database.maxOpenConnections }} + {{- if .Values.artifactory.replicator.enabled }} + replicator: + enabled: true + {{- end }} + + annotations: {} + + service: + name: artifactory + type: ClusterIP + ## For supporting whitelist on the Artifactory service (useful if setting service.type=LoadBalancer) + ## Set this to a list of IP CIDR ranges + ## Example: loadBalancerSourceRanges: ['10.10.10.5/32', '10.11.10.5/32'] + ## or pass from helm command line + ## Example: helm install ... --set nginx.service.loadBalancerSourceRanges='{10.10.10.5/32,10.11.10.5/32}' + loadBalancerSourceRanges: [] + annotations: {} + + ## The following setting are to configure a dedicated Ingress object for Replicator service + replicator: + enabled: false + ingress: + name: + hosts: [] + annotations: {} + # kubernetes.io/ingress.class: nginx + # nginx.ingress.kubernetes.io/proxy-buffering: "off" + # nginx.ingress.kubernetes.io/configuration-snippet: | + # chunked_transfer_encoding on; + tls: [] + # Secrets must be manually created in the namespace. + # - hosts: + # - artifactory.domain.example + # secretName: chart-example-tls-secret + + ## IMPORTANT: If overriding artifactory.internalPort: + ## DO NOT use port lower than 1024 as Artifactory runs as non-root and cannot bind to ports lower than 1024! + externalPort: 8082 + internalPort: 8082 + externalArtifactoryPort: 8081 + internalArtifactoryPort: 8081 + uid: 1030 + terminationGracePeriodSeconds: 30 + + ## The following settings are to configure the frequency of the liveness and readiness probes + livenessProbe: + enabled: true + path: /router/api/v1/system/health + initialDelaySeconds: 180 + failureThreshold: 10 + timeoutSeconds: 10 + periodSeconds: 10 + successThreshold: 1 + + readinessProbe: + enabled: true + path: /router/api/v1/system/health + initialDelaySeconds: 90 + failureThreshold: 10 + timeoutSeconds: 10 + periodSeconds: 10 + successThreshold: 1 + + persistence: + mountPath: "/var/opt/jfrog/artifactory" + enabled: true + ## A manually managed Persistent Volume and Claim + ## Requires persistence.enabled: true + ## If defined, PVC must be created manually before volume will be bound + # existingClaim: + + accessMode: ReadWriteOnce + ## Storage default size. Should be increased for production deployments. + size: 20Gi + + ## Use a custom Secret to be mounted as your binarystore.xml + ## NOTE: This will ignore all settings below that make up binarystore.xml + customBinarystoreXmlSecret: + ## Cache default size. Should be increased for production deployments. + maxCacheSize: 5000000000 + cacheProviderDir: cache + + ## Set the persistence storage type. This will apply the matching binarystore.xml to Artifactory config + ## Supported types are: + ## file-system (default) + ## nfs + ## google-storage + ## aws-s3 + ## aws-s3-v3 + ## azure-blob + type: file-system + + ## Use binarystoreXml to provide a custom binarystore.xml + ## This can be a template or hardcoded. + binarystoreXml: | + {{- if eq .Values.artifactory.persistence.type "file-system" -}} + + + + {{- if .Values.artifactory.persistence.fileSystem.cache.enabled }} + + {{- end }} + + {{- if .Values.artifactory.persistence.fileSystem.cache.enabled }} + + {{- end }} + + + {{- if .Values.artifactory.persistence.fileSystem.cache.enabled }} + + {{ .Values.artifactory.persistence.maxCacheSize }} + {{ .Values.artifactory.persistence.cacheProviderDir }} + + {{- end }} + + {{- end }} + {{- if eq .Values.artifactory.persistence.type "google-storage" }} + + + + + + + + + + + + + + + {{ .Values.artifactory.persistence.maxCacheSize }} + {{ .Values.artifactory.persistence.cacheProviderDir }} + + + + {{ .Values.artifactory.persistence.mountPath }}/data/filestore + /tmp + + + + google-cloud-storage + {{ .Values.artifactory.persistence.googleStorage.endpoint }} + {{ .Values.artifactory.persistence.googleStorage.httpsOnly }} + {{ .Values.artifactory.persistence.googleStorage.bucketName }} + {{ .Values.artifactory.persistence.googleStorage.identity }} + {{ .Values.artifactory.persistence.googleStorage.credential }} + {{ .Values.artifactory.persistence.googleStorage.path }} + {{ .Values.artifactory.persistence.googleStorage.bucketExists }} + + + {{- end }} + {{- if eq .Values.artifactory.persistence.type "aws-s3-v3" }} + + + + + + + + + + + + + + + {{ .Values.artifactory.persistence.maxCacheSize }} + {{ .Values.artifactory.persistence.cacheProviderDir }} + + + {{- with .Values.artifactory.persistence.awsS3V3 }} + + {{ .testConnection }} + {{- if .identity }} + {{ .identity }} + {{- end }} + {{- if .credential }} + {{ .credential }} + {{- end }} + {{ .region }} + {{ .bucketName }} + {{ .path }} + {{ .endpoint }} + {{- with .maxConnections }} + {{ . }} + {{- end }} + {{- with .kmsServerSideEncryptionKeyId }} + {{ . }} + {{- end }} + {{- with .kmsKeyRegion }} + {{ . }} + {{- end }} + {{- with .kmsCryptoMode }} + {{ . }} + {{- end }} + {{- if .useInstanceCredentials }} + true + {{- else }} + false + {{- end }} + {{ .usePresigning }} + {{ .signatureExpirySeconds }} + {{- with .cloudFrontDomainName }} + {{ . }} + {{- end }} + {{- with .cloudFrontKeyPairId }} + {{ .cloudFrontKeyPairId }} + {{- end }} + {{- with .cloudFrontPrivateKey }} + {{ . }} + {{- end }} + + {{- end }} + + {{- end }} + + {{- if eq .Values.artifactory.persistence.type "aws-s3" }} + + + + + + + + + + + + + + + {{ .Values.artifactory.persistence.maxCacheSize }} + {{ .Values.artifactory.persistence.cacheProviderDir }} + + + + {{ .Values.artifactory.persistence.awsS3.endpoint }} + {{- if .Values.artifactory.persistence.awsS3.roleName }} + {{ .Values.artifactory.persistence.awsS3.roleName }} + true + {{- else }} + {{ .Values.artifactory.persistence.awsS3.refreshCredentials }} + {{- end }} + {{ .Values.artifactory.persistence.awsS3.s3AwsVersion }} + {{ .Values.artifactory.persistence.awsS3.testConnection }} + {{ .Values.artifactory.persistence.awsS3.httpsOnly }} + {{ .Values.artifactory.persistence.awsS3.region }} + {{ .Values.artifactory.persistence.awsS3.bucketName }} + {{- if .Values.artifactory.persistence.awsS3.identity }} + {{ .Values.artifactory.persistence.awsS3.identity }} + {{- end }} + {{- if .Values.artifactory.persistence.awsS3.credential }} + {{ .Values.artifactory.persistence.awsS3.credential }} + {{- end }} + {{ .Values.artifactory.persistence.awsS3.path }} + {{- range $key, $value := .Values.artifactory.persistence.awsS3.properties }} + + {{- end }} + + + {{- end }} + {{- if eq .Values.artifactory.persistence.type "azure-blob" }} + + + + + + + + + + + + + + + {{ .Values.artifactory.persistence.maxCacheSize }} + {{ .Values.artifactory.persistence.cacheProviderDir }} + + + + {{ .Values.artifactory.persistence.azureBlob.accountName }} + {{ .Values.artifactory.persistence.azureBlob.accountKey }} + {{ .Values.artifactory.persistence.azureBlob.endpoint }} + {{ .Values.artifactory.persistence.azureBlob.containerName }} + {{ .Values.artifactory.persistence.azureBlob.testConnection }} + + + {{- end }} + + ## For artifactory.persistence.type nfs + ## If using NFS as the shared storage, you must have a running NFS server that is accessible by your Kubernetes + ## cluster nodes. + ## Need to have the following set + nfs: + # Must pass actual IP of NFS server with '--set For artifactory.persistence.nfs.ip=${NFS_IP}' + ip: + haDataMount: "/data" + haBackupMount: "/backup" + dataDir: "/var/opt/jfrog/artifactory" + backupDir: "/var/opt/jfrog/artifactory-backup" + capacity: 200Gi + + ## For artifactory.persistence.type file-system + fileSystem: + cache: + enabled: false + + ## For artifactory.persistence.type google-storage + googleStorage: + endpoint: storage.googleapis.com + httpsOnly: false + # Set a unique bucket name + bucketName: "artifactory-gcp" + identity: + credential: + path: "artifactory/filestore" + bucketExists: false + + ## For artifactory.persistence.type aws-s3-v3 + awsS3V3: + testConnection: false + identity: + credential: + region: + bucketName: artifactory-aws + path: artifactory/filestore + endpoint: + maxConnections: 50 + kmsServerSideEncryptionKeyId: + kmsKeyRegion: + kmsCryptoMode: + useInstanceCredentials: true + usePresigning: false + signatureExpirySeconds: 300 + cloudFrontDomainName: + cloudFrontKeyPairId: + cloudFrontPrivateKey: + + ## For artifactory.persistence.type aws-s3 + ## IMPORTANT: Make sure S3 `endpoint` and `region` match! See https://docs.aws.amazon.com/general/latest/gr/rande.html + awsS3: + # Set a unique bucket name + bucketName: "artifactory-aws" + endpoint: + region: + roleName: + identity: + credential: + path: "artifactory/filestore" + refreshCredentials: true + httpsOnly: true + testConnection: false + s3AwsVersion: AWS4-HMAC-SHA256 + ## Additional properties to set on the s3 provider + properties: {} + # httpclient.max-connections: 100 + ## For artifactory.persistence.type azure-blob + azureBlob: + accountName: + accountKey: + endpoint: + containerName: + testConnection: false + ## artifactory data Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + ## Annotations for the Persistent Volume Claim + annotations: {} + ## Uncomment the following resources definitions or pass them from command line + ## to control the cpu and memory resources allocated by the Kubernetes cluster + resources: {} + # requests: + # memory: "1Gi" + # cpu: "500m" + # limits: + # memory: "2Gi" + # cpu: "1" + ## The following Java options are passed to the java process running Artifactory. + ## You should set them according to the resources set above + javaOpts: + # xms: "1g" + # xmx: "2g" + jmx: + enabled: false + port: 9010 + host: + ssl: false + # When authenticate is true, accessFile and passwordFile are required + authenticate: false + accessFile: + passwordFile: + corePoolSize: 8 + # other: "" + + nodeSelector: {} + + tolerations: [] + + affinity: {} + + ssh: + enabled: false + internalPort: 1339 + externalPort: 1339 + +access: + ## Enable TLS by changing the tls entry (under the security section) in the access.config.yaml file. + ## ref: https://www.jfrog.com/confluence/display/JFROG/Managing+TLS+Certificates#ManagingTLSCertificates + ## When security.tls is set to true, JFrog Access will act as the Certificate Authority (CA) and sign the TLS certificates used by all the different JFrog Platform nodes. + ## This ensures that the node to node communication is done over TLS. + accessConfig: + security: + tls: false + + ## You can use a pre-existing secret by specifying customCertificatesSecretName + ## Example : Create a tls secret using `kubectl create secret tls --cert=ca.crt --key=ca.private.key` + # customCertificatesSecretName: + + ## When resetAccessCAKeys is true, Access will regenerate the CA certificate and matching private key + # resetAccessCAKeys: false + database: + maxOpenConnections: 80 + tomcat: + connector: + maxThreads: 50 + extraConfig: 'acceptCount="100"' + +metadata: + database: + maxOpenConnections: 80 + +# Nginx +nginx: + enabled: true + kind: Deployment + name: nginx + labels: {} + replicaCount: 1 + uid: 104 + gid: 107 + # Note that by default we use appVersion to get image tag/version + image: + repository: docker.bintray.io/jfrog/nginx-artifactory-pro + # version: + pullPolicy: IfNotPresent + + # Sidecar containers for tailing Nginx logs + loggers: [] + # - access.log + # - error.log + + # Loggers containers resources + loggersResources: {} + # requests: + # memory: "64Mi" + # cpu: "25m" + # limits: + # memory: "128Mi" + # cpu: "50m" + + # Logs options + logs: + stderr: false + level: warn + + mainConf: | + # Main Nginx configuration file + worker_processes 4; + + {{ if .Values.nginx.logs.stderr }} + error_log stderr {{ .Values.nginx.logs.level }}; + {{- else -}} + error_log {{ .Values.nginx.persistence.mountPath }}/logs/error.log {{ .Values.nginx.logs.level }}; + {{- end }} + pid /tmp/nginx.pid; + + {{- if .Values.artifactory.ssh.enabled }} + ## SSH Server Configuration + stream { + server { + listen {{ .Values.nginx.ssh.internalPort }}; + proxy_pass {{ include "artifactory.fullname" . }}:{{ .Values.artifactory.ssh.externalPort }}; + } + } + {{- end }} + + events { + worker_connections 1024; + } + + + http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + variables_hash_max_size 1024; + variables_hash_bucket_size 64; + server_names_hash_max_size 4096; + server_names_hash_bucket_size 128; + types_hash_max_size 2048; + types_hash_bucket_size 64; + proxy_read_timeout 2400s; + client_header_timeout 2400s; + client_body_timeout 2400s; + proxy_connect_timeout 75s; + proxy_send_timeout 2400s; + proxy_buffer_size 128k; + proxy_buffers 40 128k; + proxy_busy_buffers_size 128k; + proxy_temp_file_write_size 250m; + proxy_http_version 1.1; + client_body_buffer_size 128k; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + log_format timing 'ip = $remote_addr ' + 'user = \"$remote_user\" ' + 'local_time = \"$time_local\" ' + 'host = $host ' + 'request = \"$request\" ' + 'status = $status ' + 'bytes = $body_bytes_sent ' + 'upstream = \"$upstream_addr\" ' + 'upstream_time = $upstream_response_time ' + 'request_time = $request_time ' + 'referer = \"$http_referer\" ' + 'UA = \"$http_user_agent\"'; + + access_log {{ .Values.nginx.persistence.mountPath }}/logs/access.log timing; + + sendfile on; + #tcp_nopush on; + + keepalive_timeout 65; + + #gzip on; + + include /etc/nginx/conf.d/*.conf; + + } + + + artifactoryConf: | + {{- if .Values.nginx.https.enabled }} + ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; + ssl_certificate {{ .Values.nginx.persistence.mountPath }}/ssl/tls.crt; + ssl_certificate_key {{ .Values.nginx.persistence.mountPath }}/ssl/tls.key; + ssl_session_cache shared:SSL:1m; + ssl_prefer_server_ciphers on; + {{- end }} + ## server configuration + server { + {{- if .Values.nginx.internalPortHttps }} + listen {{ .Values.nginx.internalPortHttps }} ssl; + {{- else -}} + {{- if .Values.nginx.https.enabled }} + listen {{ .Values.nginx.https.internalPort }} ssl; + {{- end }} + {{- end }} + {{- if .Values.nginx.internalPortHttp }} + listen {{ .Values.nginx.internalPortHttp }}; + {{- else -}} + {{- if .Values.nginx.http.enabled }} + listen {{ .Values.nginx.http.internalPort }}; + {{- end }} + {{- end }} + server_name ~(?.+)\.{{ include "artifactory.fullname" . }} {{ include "artifactory.fullname" . }} + {{- range .Values.ingress.hosts -}} + {{- if contains "." . -}} + {{ "" | indent 0 }} ~(?.+)\.{{ . }} + {{- end -}} + {{- end -}}; + + if ($http_x_forwarded_proto = '') { + set $http_x_forwarded_proto $scheme; + } + ## Application specific logs + ## access_log /var/log/nginx/artifactory-access.log timing; + ## error_log /var/log/nginx/artifactory-error.log; + rewrite ^/artifactory/?$ / redirect; + if ( $repo != "" ) { + rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/$repo/$1/$2 break; + } + chunked_transfer_encoding on; + client_max_body_size 0; + + location / { + proxy_read_timeout 900; + proxy_pass_header Server; + proxy_cookie_path ~*^/.* /; + proxy_pass {{ include "artifactory.scheme" . }}://{{ include "artifactory.fullname" . }}:{{ .Values.artifactory.externalPort }}/; + {{- if .Values.nginx.service.ssloffload}} + proxy_set_header X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host; + {{- else }} + proxy_set_header X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host:$server_port; + proxy_set_header X-Forwarded-Port $server_port; + {{- end }} + proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + location /artifactory/ { + if ( $request_uri ~ ^/artifactory/(.*)$ ) { + proxy_pass {{ include "artifactory.scheme" . }}://{{ include "artifactory.fullname" . }}:{{ .Values.artifactory.externalArtifactoryPort }}/artifactory/$1; + } + proxy_pass {{ include "artifactory.scheme" . }}://{{ include "artifactory.fullname" . }}:{{ .Values.artifactory.externalArtifactoryPort }}/artifactory/; + } + } + } + + service: + ## For minikube, set this to NodePort, elsewhere use LoadBalancer + type: LoadBalancer + ssloffload: false + ## For supporting whitelist on the Nginx LoadBalancer service + ## Set this to a list of IP CIDR ranges + ## Example: loadBalancerSourceRanges: ['10.10.10.5/32', '10.11.10.5/32'] + ## or pass from helm command line + ## Example: helm install ... --set nginx.service.loadBalancerSourceRanges='{10.10.10.5/32,10.11.10.5/32}' + loadBalancerSourceRanges: [] + annotations: {} + ## Provide static ip address + loadBalancerIP: + ## There are two available options: “Cluster” (default) and “Local”. + externalTrafficPolicy: Cluster + + http: + enabled: true + externalPort: 80 + internalPort: 80 + https: + enabled: true + externalPort: 443 + internalPort: 443 + + ssh: + internalPort: 1339 + externalPort: 1339 + + # DEPRECATED: The following will be removed in a future release + # externalPortHttp: 80 + # internalPortHttp: 80 + # externalPortHttps: 443 + # internalPortHttps: 443 + + ## The following settings are to configure the frequency of the liveness and readiness probes + livenessProbe: + enabled: true + path: /router/api/v1/system/health + initialDelaySeconds: 180 + failureThreshold: 10 + timeoutSeconds: 10 + periodSeconds: 10 + successThreshold: 1 + + readinessProbe: + enabled: true + path: /router/api/v1/system/health + initialDelaySeconds: 120 + failureThreshold: 10 + timeoutSeconds: 10 + periodSeconds: 10 + successThreshold: 1 + + ## The SSL secret that will be used by the Nginx pod + # tlsSecretName: chart-example-tls + ## Custom ConfigMap for nginx.conf + customConfigMap: + ## Custom ConfigMap for artifactory-ha.conf + customArtifactoryConfigMap: + persistence: + mountPath: "/var/opt/jfrog/nginx" + enabled: false + ## A manually managed Persistent Volume and Claim + ## Requires persistence.enabled: true + ## If defined, PVC must be created manually before volume will be bound + # existingClaim: + + accessMode: ReadWriteOnce + size: 5Gi + ## nginx data Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + resources: {} + # requests: + # memory: "250Mi" + # cpu: "100m" + # limits: + # memory: "250Mi" + # cpu: "500m" + nodeSelector: {} + + tolerations: [] + + affinity: {} + +## Database configurations +## Use the wait-for-db init container. Set to false to skip +waitForDatabase: true + +## Configuration values for the PostgreSQL dependency sub-chart +## ref: https://github.com/bitnami/charts/blob/master/bitnami/postgresql/README.md +postgresql: + enabled: true + image: + registry: docker.bintray.io + repository: bitnami/postgresql + tag: 10.13.0-debian-10-r38 + postgresqlUsername: artifactory + postgresqlPassword: "" + postgresqlDatabase: artifactory + postgresqlExtendedConf: + listenAddresses: "'*'" + maxConnections: "1500" + persistence: + enabled: true + size: 50Gi + service: + port: 5432 + master: + nodeSelector: {} + affinity: {} + tolerations: [] + slave: + nodeSelector: {} + affinity: {} + tolerations: [] + resources: {} + # requests: + # memory: "512Mi" + # cpu: "100m" + # limits: + # memory: "1Gi" + # cpu: "500m" + +## If NOT using the PostgreSQL in this chart (postgresql.enabled=false), +## specify custom database details here or leave empty and Artifactory will use embedded derby +database: + type: + driver: + ## If you set the url, leave host and port empty + url: + ## If you would like this chart to create the secret containing the db + ## password, use these values + user: + password: + ## If you have existing Kubernetes secrets containing db credentials, use + ## these values + secrets: {} + # user: + # name: "rds-artifactory" + # key: "db-user" + # password: + # name: "rds-artifactory" + # key: "db-password" + # url: + # name: "rds-artifactory" + # key: "db-url" + +# Filebeat Sidecar container +## The provided filebeat configuration is for Artifactory logs. It assumes you have a logstash installed and configured properly. +filebeat: + enabled: false + name: artifactory-filebeat + image: + repository: "docker.elastic.co/beats/filebeat" + version: 7.5.1 + logstashUrl: "logstash:5044" + + livenessProbe: + exec: + command: + - sh + - -c + - | + #!/usr/bin/env bash -e + curl --fail 127.0.0.1:5066 + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + + readinessProbe: + exec: + command: + - sh + - -c + - | + #!/usr/bin/env bash -e + filebeat test output + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + + resources: {} +# requests: +# memory: "100Mi" +# cpu: "100m" +# limits: +# memory: "100Mi" +# cpu: "100m" + + filebeatYml: | + logging.level: info + path.data: {{ .Values.artifactory.persistence.mountPath }}/log/filebeat + name: artifactory-filebeat + queue.spool: ~ + filebeat.inputs: + - type: log + enabled: true + close_eof: ${CLOSE:false} + paths: + - {{ .Values.artifactory.persistence.mountPath }}/log/*.log + fields: + service: "jfrt" + log_type: "artifactory" + output: + logstash: + hosts: ["{{ .Values.filebeat.logstashUrl }}"] diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/ci/default-values.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/ci/default-values.yaml new file mode 100644 index 000000000..fc2ba605a --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/ci/default-values.yaml @@ -0,0 +1 @@ +# Leave this file empty to ensure that CI runs builds against the default configuration in values.yaml. diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/logo/jcr-logo.png b/charts/artifactory-jcr/artifactory-jcr/2.5.100/logo/jcr-logo.png new file mode 100644 index 0000000000000000000000000000000000000000..e0ed038ca059f73c179a39841d3be9871075b3a3 GIT binary patch literal 3135 zcmZ`)c{r478-EMg5|gd$S;7$wLYet283r@&7+bOw6-rXJK^@9ch%DiVY>8uE3$s{C zNXv*29ZFd$$J!{A^?TmYxvua0@m<$5&vHNaZ@KUHxvsfMCgBD6B={f*60k7G*?^S> ze$6}_VAhkvn}LP%tTAj1LA6QzYp1xtS?-Lv4Gck7_CrwkbqHDkq3}rvqM#vY$_;|_ zGayLZH=ALNg`n+SWTKrZNFXstFdZf`h%lW%q9Zem%wWL(Y=|(pWf0jpFvtNA@*}bh z4NqbaNHq2>ok(O4fFji*gaC^~*eHtz3p@>vT+xsqxMGtKJek`6D-j+ZPHbjN(+DK$ zFA|VIrjkjG;D{JQfHbg2?2(#CfEn@3AlR4L!;D{sNi+i72wOKFBHK1FWAw;~#IOVmFbxI+vG)%Tp$Rku5d~F1n-Bq@z#ahUL`04qw|{C6ngI4B z2GNXe1~!0jD+kB{doU;&fgs*~MUWDZh2Io0(w$$ew+*1p#$!89)jIJfINEdQ12byhTE!A`Z#GDqyCvo5Qw> zXd$lxNFzP5rdxxqf+O1oJB~DJ>&?KH3`@3cn9zujgKmIKs|KsB=CDcFwIEK2KoQKq zD)`C-c3oRSfO%_JH3BwEm3yJZ!SBblHI;0mZSknc#MBky5zbJK&zV+}m$ z*+3hTEhKT&{dyszYxL`njhT-x>N3MILVN8K9(`(zwh$nX^ro6|?><9YStxhms$X5a zzg==NSfk+kZ8^=FwS2{r6!BegS9Uo5J!mW=?D`FdDr3@%GLmzPc@9O`syW2YzLq~d zue9yJ#o9TJDHC4OdJz9Z&XbStioQB{?`M@%e_E^HyZGlFZzilfS#5j`5A1x?eOkG zs(bGA{TB9i=)_pomm^DmDgWoQbu|TcRyWWw+;4gFCEow)z}ZqQ)5dSIC{Xye(*!(j zuAADc2M*kU7O*MzIKK$5jPA!91=%1HWPvlb3mKZtS$7pNmFg5XAH~_}8)+U?6eb*b zJ%QcTDnx$0fJ$M;)YwL(35nk5f6?Bq_2BD1TLQ1BaBApdTQwb>K4y%Hj_hP>uJ>ll zTzV))8xu?oUdcgpMUvN~zS zonig+Lwnmo=M>Fjo--G!gO_}He7F_NR;)3_vS|%b6V@9GGV6N^sp}U%`aL?Aw0GLk z<0FkFy#Mpi^WWulNygPLa&R9ohRn(*zAsZ#^PU{KQb^2{z;w-C?8_^fJ<-!jnbm$O zh8_3EPct1K!d1)aw~EV7^!IsmbqMFFFVwAO(@k7tWR$wCziZ@tDI2&Nt#t$SO`K-q zI>|DeQ~MPEOy{nDGb89=Rf*yktkvH_Cmy67&(Y|emTWHZn0PtIf6#_?^`@P}C;vPR z*&~-n3+wKvW~4T&8{|D*aQM;L)D%bVdf{NF=;UB8Ebs7$Z~BC#zQ#AL{u{eO5`-8# zzQ41<(aL`dJwd6ckM_N~ccK9xm z^=r&jomKefX`K5RgIBOe{0uUvIp&!^qg&)!C0XyT)00Oczcw&Kg>e-XQOe;TB3cx* zxkH3>vQ((ls4m)%^vW{r&hgB9>#G{`WA#nNx_*apX$jF(xA%3>pVL8{HMm1E zcUg0uY=})XAtyEe%*}rt1vE8 zZroX6Es9U-YD*po?0BtU7%lB5DSxp*Blk>@oB+3Zitg}9ES#bnRXAJOyMz)Po5V*J z^mkBt1(~Fyq|Lg&O4Ze6+JoiCYR=4*#3|(IBt=~56Wx64xF#IkZb%WEZ%;nF;CWim zWK938Up)TKV-!9*R7qPgFsIMHc5Vbup~CGuRK5EK+7If z(mnZITq!5}xm7XUw`k#s7Mm&3EJt%kQOuavxl?@FW0RPDwaS<=+uKK_-?^iP#@_Zc zH#1}T#gluhAGdH=i@U~%=|$)q@rmp)_O%~6D4s8J!Of>(z##4>zJrR^+U_h=;a76G zXy9lZJvL4<0K5Rp0i}MaAAOvrd^OsiO~IS7iSD{v>FH4vk({9OlkdECPekp-$ILt4 zK80zap;~$$AsoZyX?sHBWWTL<8yQnaB=9AHRX$p3Tu&p0KzTSAJTvDiufHon^~X2*w>#XS8R+m}vX z-e74?1$0SH&%g}Hf&Jt0&TN1+m z#AQL=x^%XwN#VSU2@^HlQarBCV1U%m;C7nHI0 zHT_K@^NYVGtw-+4NMuc8`D6;gFoaw;q=}*LxYS!#)rH(vWy{DEF+V>E2y2ZKJ-2rT)DP9&n3z#p(CK0JXYTTKvnH z3l=>(=8_%Ht+J`ix(3}d`Z=)Hlc^5=l$8Qaj|aM+3iQxFf=KlitTyppFy!`(Gr!<~@2LQ;zl!U7~>K6H5h0(N~ literal 0 HcmV?d00001 diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/questions.yml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/questions.yml new file mode 100644 index 000000000..9cde42870 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/questions.yml @@ -0,0 +1,271 @@ +questions: +# Advance Settings +- variable: artifactory.artifactory.masterKey + default: "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + description: "Artifactory master key. For security reasons, we strongly recommend you generate your own master key using this command: 'openssl rand -hex 32'" + type: string + label: Artifactory master key + group: "Security Settings" + +# Container Images +- variable: defaultImage + default: true + description: "Use default Docker image" + label: Use Default Image + type: boolean + show_subquestion_if: false + group: "Container Images" + subquestions: + - variable: artifactory.artifactory.image.repository + default: "docker.bintray.io/jfrog/artifactory-jcr" + description: "JFrog Container Registry image name" + type: string + label: JFrog Container Registry Image Name + - variable: artifactory.artifactory.image.version + default: "7.6.3" + description: "JFrog Container Registry image tag" + type: string + label: JFrog Container Registry Image Tag + - variable: artifactory.imagePullSecrets + description: "Image Pull Secret" + type: string + label: Image Pull Secret + +# Services and LoadBalancing Settings +- variable: artifactory.ingress.enabled + default: false + description: "Expose app using Layer 7 Load Balancer - ingress" + type: boolean + label: Expose app using Layer 7 Load Balancer + show_subquestion_if: true + group: "Services and Load Balancing" + required: true + subquestions: + - variable: artifactory.ingress.hosts[0] + default: "xip.io" + description: "Hostname to your artifactory installation" + type: hostname + required: true + label: Hostname + +# Nginx Settings +- variable: artifactory.nginx.enabled + default: true + description: "Enable nginx server" + type: boolean + label: Enable Nginx Server + group: "Services and Load Balancing" + required: true + show_if: "artifactory.ingress.enabled=false" +- variable: artifactory.nginx.service.type + default: "LoadBalancer" + description: "Nginx service type" + type: enum + required: true + label: Nginx Service Type + show_if: "artifactory.nginx.enabled=true&&artifactory.ingress.enabled=false" + group: "Services and Load Balancing" + options: + - "ClusterIP" + - "NodePort" + - "LoadBalancer" +- variable: artifactory.nginx.service.loadBalancerIP + default: "" + description: "Provide Static IP to configure with Nginx" + type: string + label: Config Nginx LoadBalancer IP + show_if: "artifactory.nginx.enabled=true&&artifactory.nginx.service.type=LoadBalancer&&artifactory.ingress.enabled=false" + group: "Services and Load Balancing" +- variable: artifactory.nginx.tlsSecretName + default: "" + description: "Provide SSL Secret name to configure with Nginx" + type: string + label: Config Nginx SSL Secret + show_if: "artifactory.nginx.enabled=true&&artifactory.ingress.enabled=false" + group: "Services and Load Balancing" +- variable: artifactory.nginx.customArtifactoryConfigMap + default: "" + description: "Provide configMap name to configure Nginx with custom `artifactory.conf`" + type: string + label: ConfigMap for Nginx Artifactory Config + show_if: "artifactory.nginx.enabled=true&&artifactory.ingress.enabled=false" + group: "Services and Load Balancing" + +# Database Settings +- variable: artifactory.postgresql.enabled + default: true + description: "Enable PostgreSQL" + type: boolean + required: true + label: Enable PostgreSQL + group: "Database Settings" + show_subquestion_if: true + subquestions: + - variable: artifactory.postgresql.postgresqlPassword + default: "" + description: "PostgreSQL password" + type: password + required: true + label: PostgreSQL Password + group: "Database Settings" + show_if: "artifactory.postgresql.enabled=true" + - variable: artifactory.postgresql.persistence.size + default: 20Gi + description: "PostgreSQL persistent volume size" + type: string + label: PostgreSQL Persistent Volume Size + show_if: "artifactory.postgresql.enabled=true" + - variable: artifactory.postgresql.persistence.storageClass + default: "" + description: "If undefined or null, uses the default StorageClass. Default to null" + type: storageclass + label: Default StorageClass for PostgreSQL + show_if: "artifactory.postgresql.enabled=true" + - variable: artifactory.postgresql.resources.requests.cpu + default: "200m" + description: "PostgreSQL initial cpu request" + type: string + label: PostgreSQL Initial CPU Request + show_if: "artifactory.postgresql.enabled=true" + - variable: artifactory.postgresql.resources.requests.memory + default: "500Mi" + description: "PostgreSQL initial memory request" + type: string + label: PostgreSQL Initial Memory Request + show_if: "artifactory.postgresql.enabled=true" + - variable: artifactory.postgresql.resources.limits.cpu + default: "1" + description: "PostgreSQL cpu limit" + type: string + label: PostgreSQL CPU Limit + show_if: "artifactory.postgresql.enabled=true" + - variable: artifactory.postgresql.resources.limits.memory + default: "1Gi" + description: "PostgreSQL memory limit" + type: string + label: PostgreSQL Memory Limit + show_if: "artifactory.postgresql.enabled=true" +- variable: artifactory.database.type + default: "postgresql" + description: "xternal database type (postgresql, mysql, oracle or mssql)" + type: enum + required: true + label: External Database Type + group: "Database Settings" + show_if: "artifactory.postgresql.enabled=false" + options: + - "postgresql" + - "mysql" + - "oracle" + - "mssql" +- variable: artifactory.database.url + default: "" + description: "External database URL. If you set the url, leave host and port empty" + type: string + label: External Database URL + group: "Database Settings" + show_if: "artifactory.postgresql.enabled=false" +- variable: artifactory.database.host + default: "" + description: "External database hostname" + type: string + label: External Database Hostname + group: "Database Settings" + show_if: "artifactory.postgresql.enabled=false" +- variable: artifactory.database.port + default: "" + description: "External database port" + type: string + label: External Database Port + group: "Database Settings" + show_if: "artifactory.postgresql.enabled=false" +- variable: artifactory.database.user + default: "" + description: "External database username" + type: string + label: External Database Username + group: "Database Settings" + show_if: "artifactory.postgresql.enabled=false" +- variable: artifactory.database.password + default: "" + description: "External database password" + type: password + label: External Database Password + group: "Database Settings" + show_if: "artifactory.postgresql.enabled=false" + +# Advance Settings +- variable: artifactory.advancedOptions + default: false + description: "Show advanced configurations" + label: Show Advanced Configurations + type: boolean + show_subquestion_if: true + group: "Advanced Options" + subquestions: + - variable: artifactory.artifactory.primary.resources.requests.cpu + default: "500m" + description: "Artifactory primary node initial cpu request" + type: string + label: Artifactory Primary Node Initial CPU Request + - variable: artifactory.artifactory.primary.resources.requests.memory + default: "1Gi" + description: "Artifactory primary node initial memory request" + type: string + label: Artifactory Primary Node Initial Memory Request + - variable: artifactory.artifactory.primary.javaOpts.xms + default: "1g" + description: "Artifactory primary node java Xms size" + type: string + label: Artifactory Primary Node Java Xms Size + - variable: artifactory.artifactory.primary.resources.limits.cpu + default: "2" + description: "Artifactory primary node cpu limit" + type: string + label: Artifactory Primary Node CPU Limit + - variable: artifactory.artifactory.primary.resources.limits.memory + default: "4Gi" + description: "Artifactory primary node memory limit" + type: string + label: Artifactory Primary Node Memory Limit + - variable: artifactory.artifactory.primary.javaOpts.xmx + default: "4g" + description: "Artifactory primary node java Xmx size" + type: string + label: Artifactory Primary Node Java Xmx Size + - variable: artifactory.artifactory.node.resources.requests.cpu + default: "500m" + description: "Artifactory member node initial cpu request" + type: string + label: Artifactory Member Node Initial CPU Request + - variable: artifactory.artifactory.node.resources.requests.memory + default: "2Gi" + description: "Artifactory member node initial memory request" + type: string + label: Artifactory Member Node Initial Memory Request + - variable: artifactory.artifactory.node.javaOpts.xms + default: "1g" + description: "Artifactory member node java Xms size" + type: string + label: Artifactory Member Node Java Xms Size + - variable: artifactory.artifactory.node.resources.limits.cpu + default: "2" + description: "Artifactory member node cpu limit" + type: string + label: Artifactory Member Node CPU Limit + - variable: artifactory.artifactory.node.resources.limits.memory + default: "4Gi" + description: "Artifactory member node memory limit" + type: string + label: Artifactory Member Node Memory Limit + - variable: artifactory.artifactory.node.javaOpts.xmx + default: "4g" + description: "Artifactory member node java Xmx size" + type: string + label: Artifactory Member Node Java Xmx Size + +# Internal Settings +- variable: installerInfo + default: '\{\"productId\": \"RancherHelm_artifactory-jcr/7.6.3\", \"features\": \[\{\"featureId\": \"Partner/ACC-007246\"\}\]\}' + type: string + group: "Internal Settings (Do not modify)" diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/requirements.lock b/charts/artifactory-jcr/artifactory-jcr/2.5.100/requirements.lock new file mode 100644 index 000000000..8191ebbac --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/requirements.lock @@ -0,0 +1,6 @@ +dependencies: +- name: artifactory + repository: https://charts.jfrog.io/ + version: 10.0.12 +digest: sha256:a201c886d1f8e9e58f2b0e1b55d7a03fc225f3774233f1f786523963c57bab33 +generated: "2020-07-29T16:48:47.031129463Z" diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/requirements.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/requirements.yaml new file mode 100644 index 000000000..1088ea3c0 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/requirements.yaml @@ -0,0 +1,4 @@ +dependencies: + - name: artifactory + version: 10.0.12 + repository: https://charts.jfrog.io/ diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/templates/NOTES.txt b/charts/artifactory-jcr/artifactory-jcr/2.5.100/templates/NOTES.txt new file mode 100644 index 000000000..035bf8417 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/templates/NOTES.txt @@ -0,0 +1 @@ +Congratulations. You have just deployed JFrog Container Registry! diff --git a/charts/artifactory-jcr/artifactory-jcr/2.5.100/values.yaml b/charts/artifactory-jcr/artifactory-jcr/2.5.100/values.yaml new file mode 100644 index 000000000..ffa1b6045 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/2.5.100/values.yaml @@ -0,0 +1,74 @@ +# Default values for artifactory-jcr. +# This is a YAML-formatted file. + +# Beware when changing values here. You should know what you are doing! +# Access the values with {{ .Values.key.subkey }} + +# This chart is based on the main artifactory chart with some customizations. +# See all supported configuration keys in https://github.com/jfrog/charts/tree/master/stable/artifactory + +## All values are under the 'artifactory' sub chart. +artifactory: + + ## Artifactory + ## See full list of supported Artifactory options and documentation in artifactory chart: https://github.com/jfrog/charts/tree/master/stable/artifactory + artifactory: + ## Default version is from the artifactory sub-chart in the requirements.yaml + image: + repository: docker.bintray.io/jfrog/artifactory-jcr + # version: + + ## Uncomment the following resources definitions or pass them from command line + ## to control the cpu and memory resources allocated by the Kubernetes cluster + resources: {} + # requests: + # memory: "1Gi" + # cpu: "500m" + # limits: + # memory: "4Gi" + # cpu: "1" + ## The following Java options are passed to the java process running Artifactory. + ## You should set them according to the resources set above. + ## IMPORTANT: Make sure resources.limits.memory is at least 1G more than Xmx. + javaOpts: {} + # xms: "1g" + # xmx: "3g" + # other: "" + + installer: + platform: jcr-helm + + installerInfo: '{"productId": "Helm_artifactory-jcr/{{ .Chart.Version }}", "features": [ { "featureId": "Platform/{{ default "kubernetes" .Values.installer.platform }}"}]}' + ## Nginx + ## See full list of supported Nginx options and documentation in artifactory chart: https://github.com/jfrog/charts/tree/master/stable/artifactory + nginx: + enabled: true + tlsSecretName: "" + service: + type: LoadBalancer + + ## Ingress + ## See full list of supported Ingress options and documentation in artifactory chart: https://github.com/jfrog/charts/tree/master/stable/artifactory + ingress: + enabled: false + tls: + + ## PostgreSQL + ## See list of supported postgresql options and documentation in artifactory chart: https://github.com/jfrog/charts/tree/master/stable/artifactory + ## Configuration values for the PostgreSQL dependency sub-chart + ## ref: https://github.com/bitnami/charts/blob/master/bitnami/postgresql/README.md + postgresql: + enabled: true + + ## This key is required for upgrades to protect old PostgreSQL chart's breaking changes. + databaseUpgradeReady: "yes" + + ## If NOT using the PostgreSQL in this chart (artifactory.postgresql.enabled=false), + ## specify custom database details here or leave empty and Artifactory will use embedded derby. + ## See full list of database options and documentation in artifactory chart: https://github.com/jfrog/charts/tree/master/stable/artifactory + # database: + + +## Enable the PostgreSQL sub chart +postgresql: + enabled: true diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/CHANGELOG.md b/charts/artifactory-jcr/artifactory-jcr/3.4.000/CHANGELOG.md new file mode 100644 index 000000000..f56a5d644 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/CHANGELOG.md @@ -0,0 +1,151 @@ +# JFrog Container Registry Chart Changelog +All changes to this chart will be documented in this file. + +## [3.4.0] - Jan 4, 2020 +* Update dependency Artifactory chart version to 11.7.4 (Artifactory 7.12.5) + +## [3.3.1] - Dec 1, 2020 +* Update dependency Artifactory chart version to 11.5.4 (Artifactory 7.11.5) + +## [3.3.0] - Nov 23, 2020 +* Update dependency Artifactory chart version to 11.5.2 (Artifactory 7.11.2) + +## [3.2.2] - Nov 9, 2020 +* Update dependency Artifactory chart version to 11.4.5 (Artifactory 7.10.6) + +## [3.2.1] - Nov 2, 2020 +* Update dependency Artifactory chart version to 11.4.4 (Artifactory 7.10.5) + +## [3.2.0] - Oct 19, 2020 +* Update dependency Artifactory chart version to 11.4.0 (Artifactory 7.10.2) + +## [3.1.0] - Sep 30, 2020 +* Update dependency Artifactory chart version to 11.1.0 (Artifactory 7.9.0) + +## [3.0.2] - Sep 23, 2020 +* Updates readme + +## [3.0.1] - Sep 15, 2020 +* Update dependency Artifactory chart version to 11.0.1 (Artifactory 7.7.8) + +## [3.0.0] - Sep 14, 2020 +* **Breaking change:** Added `image.registry` and changed `image.version` to `image.tag` for docker images +* Update dependency Artifactory chart version to 11.0.0 (Artifactory 7.7.3) + +## [2.5.1] - Jul 29, 2020 +* Update dependency Artifactory chart version to 10.0.12 (Artifactory 7.6.3) + +## [2.5.0] - Jul 10, 2020 +* Update dependency Artifactory chart version to 10.0.3 (Artifactory 7.6.2) +* **IMPORTANT** +* Added ChartCenter Helm repository in README + +## [2.4.0] - Jun 30, 2020 +* Update dependency Artifactory chart version to 9.6.0 (Artifactory 7.6.1) + +## [2.3.1] - Jun 12, 2020 +* Update dependency Artifactory chart version to 9.5.2 (Artifactory 7.5.7) + +## [2.3.0] - Jun 1, 2020 +* Update dependency Artifactory chart version to 9.5.0 (Artifactory 7.5.5) + +## [2.2.5] - May 27, 2020 +* Update dependency Artifactory chart version to 9.4.9 (Artifactory 7.4.3) + +## [2.2.4] - May 20, 2020 +* Update dependency Artifactory chart version to 9.4.6 (Artifactory 7.4.3) + +## [2.2.3] - May 07, 2020 +* Update dependency Artifactory chart version to 9.4.5 (Artifactory 7.4.3) +* Add `installerInfo` string format + +## [2.2.2] - Apr 28, 2020 +* Update dependency Artifactory chart version to 9.4.4 (Artifactory 7.4.3) + +## [2.2.1] - Apr 27, 2020 +* Update dependency Artifactory chart version to 9.4.3 (Artifactory 7.4.1) + +## [2.2.0] - Apr 14, 2020 +* Update dependency Artifactory chart version to 9.4.0 (Artifactory 7.4.1) + +## [2.2.0] - Apr 14, 2020 +* Update dependency Artifactory chart version to 9.4.0 (Artifactory 7.4.1) + +## [2.1.6] - Apr 13, 2020 +* Update dependency Artifactory chart version to 9.3.1 (Artifactory 7.3.2) + +## [2.1.5] - Apr 8, 2020 +* Update dependency Artifactory chart version to 9.2.8 (Artifactory 7.3.2) + +## [2.1.4] - Mar 30, 2020 +* Update dependency Artifactory chart version to 9.2.3 (Artifactory 7.3.2) + +## [2.1.3] - Mar 30, 2020 +* Update dependency Artifactory chart version to 9.2.1 (Artifactory 7.3.2) + +## [2.1.2] - Mar 26, 2020 +* Update dependency Artifactory chart version to 9.1.5 (Artifactory 7.3.2) + +## [2.1.1] - Mar 25, 2020 +* Update dependency Artifactory chart version to 9.1.4 (Artifactory 7.3.2) + +## [2.1.0] - Mar 23, 2020 +* Update dependency Artifactory chart version to 9.1.3 (Artifactory 7.3.2) + +## [2.0.13] - Mar 19, 2020 +* Update dependency Artifactory chart version to 9.0.28 (Artifactory 7.2.1) + +## [2.0.12] - Mar 17, 2020 +* Update dependency Artifactory chart version to 9.0.26 (Artifactory 7.2.1) + +## [2.0.11] - Mar 11, 2020 +* Unified charts public release + +## [2.0.10] - Mar 8, 2020 +* Update dependency Artifactory chart version to 9.0.20 (Artifactory 7.2.1) + +## [2.0.9] - Feb 26, 2020 +* Update dependency Artifactory chart version to 9.0.15 (Artifactory 7.2.1) + +## [2.0.0] - Feb 12, 2020 +* Update dependency Artifactory chart version to 9.0.0 (Artifactory 7.0.0) + +## [1.1.0] - Jan 19, 2020 +* Update dependency Artifactory chart version to 8.4.1 (Artifactory 6.17.0) + +## [1.1.1] - Feb 3, 2020 +* Update dependency Artifactory chart version to 8.4.4 + +## [1.1.0] - Jan 19, 2020 +* Update dependency Artifactory chart version to 8.4.1 (Artifactory 6.17.0) + +## [1.0.1] - Dec 31, 2019 +* Update dependency Artifactory chart version to 8.3.5 + +## [1.0.0] - Dec 23, 2019 +* Update dependency Artifactory chart version to 8.3.3 + +## [0.2.1] - Dec 12, 2019 +* Update dependency Artifactory chart version to 8.3.1 + +## [0.2.0] - Dec 1, 2019 +* Updated Artifactory version to 6.16.0 + +## [0.1.5] - Nov 28, 2019 +* Update dependency Artifactory chart version to 8.2.6 + +## [0.1.4] - Nov 20, 2019 +* Update Readme + +## [0.1.3] - Nov 20, 2019 +* Fix JCR logo url +* Update dependency to Artifactory 8.2.2 chart + +## [0.1.2] - Nov 20, 2019 +* Update JCR logo + +## [0.1.1] - Nov 20, 2019 +* Add `appVersion` to Chart.yaml + +## [0.1.0] - Nov 20, 2019 +* Initial release of the JFrog Container Registry helm chart diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/Chart.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/Chart.yaml new file mode 100644 index 000000000..c8a00025f --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/Chart.yaml @@ -0,0 +1,22 @@ +annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/release-name: artifactory-jcr +apiVersion: v1 +appVersion: 7.12.5 +description: JFrog Container Registry +home: https://jfrog.com/container-registry/ +icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory-jcr/logo/jcr-logo.png +keywords: +- artifactory +- jfrog +- container +- registry +- devops +- jfrog-container-registry +maintainers: +- email: helm@jfrog.com + name: Chart Maintainers at JFrog +name: artifactory-jcr +sources: +- https://github.com/jfrog/charts +version: 3.4.000 diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/LICENSE b/charts/artifactory-jcr/artifactory-jcr/3.4.000/LICENSE new file mode 100644 index 000000000..8dada3eda --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/README.md b/charts/artifactory-jcr/artifactory-jcr/3.4.000/README.md new file mode 100644 index 000000000..f573c93fe --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/README.md @@ -0,0 +1,131 @@ +# JFrog Container Registry Helm Chart + +JFrog Container Registry is a free Artifactory edition with Docker and Helm repositories support. + +**Heads up: Our Helm Chart docs are moving to our main documentation site. For Artifactory installers, see [Installing Artifactory](https://www.jfrog.com/confluence/display/JFROG/Installing+Artifactory).** + +## Prerequisites Details + +* Kubernetes 1.12+ + +## Chart Details +This chart will do the following: + +* Deploy JFrog Container Registry +* Deploy an optional Nginx server +* Deploy an optional PostgreSQL Database +* Optionally expose Artifactory with Ingress [Ingress documentation](https://kubernetes.io/docs/concepts/services-networking/ingress/) + +## Installing the Chart + +### Add ChartCenter Helm repository + +Before installing JFrog helm charts, you need to add the [ChartCenter helm repository](https://chartcenter.io) to your helm client. + +```bash +helm repo add center https://repo.chartcenter.io +helm repo update +``` + +### Install Chart +To install the chart with the release name `jfrog-container-registry`: +```bash +helm upgrade --install jfrog-container-registry --set artifactory.postgresql.postgresqlPassword= --namespace artifactory-jcr center/jfrog/artifactory-jcr +``` + +### Accessing JFrog Container Registry +**NOTE:** If using artifactory or nginx service type `LoadBalancer`, it might take a few minutes for JFrog Container Registry's public IP to become available. + +### Updating JFrog Container Registry +Once you have a new chart version, you can upgrade your deployment with +```bash +helm upgrade jfrog-container-registry center/jfrog/artifactory-jcr +``` + +### Special Upgrade Notes +#### Artifactory upgrade from 6.x to 7.x (App Version) +Arifactory 6.x to 7.x upgrade requires a one time migration process. This is done automatically on pod startup if needed. +It's possible to configure the migration timeout with the following configuration in extreme cases. The provided default should be more than enough for completion of the migration. +```yaml +artifactory: + artifactory: + # Migration support from 6.x to 7.x + migration: + enabled: true + timeoutSeconds: 3600 +``` +* Note: If you are upgrading from 1.x to 3.x and above chart versions, please delete the existing statefulset of postgresql before upgrading the chart due to breaking changes in postgresql subchart. +```bash +kubectl delete statefulsets -postgresql +``` +* For more details about artifactory chart upgrades refer [here](https://github.com/jfrog/charts/blob/master/stable/artifactory/UPGRADE_NOTES.md) + +### Deleting JFrog Container Registry + +On helm v2: +```bash +helm delete --purge jfrog-container-registry +``` + +On helm v3: +```bash +helm delete jfrog-container-registry --namespace artifactory-jcr +``` + +This will delete your JFrog Container Registry deployment.
+**NOTE:** You might have left behind persistent volumes. You should explicitly delete them with +```bash +kubectl delete pvc ... +kubectl delete pv ... +``` + +## Database +The JFrog Container Registry chart comes with PostgreSQL deployed by default.
+For details on the PostgreSQL configuration or customising the database, Look at the options described in the [Artifactory helm chart](https://github.com/jfrog/charts/tree/master/stable/artifactory). + +### Ingress and TLS +To get Helm to create an ingress object with a hostname, add these two lines to your Helm command: +```bash +helm upgrade --install jfrog-container-registry \ + --set artifactory.nginx.enabled=false \ + --set artifactory.ingress.enabled=true \ + --set artifactory.ingress.hosts[0]="artifactory.company.com" \ + --set artifactory.artifactory.service.type=NodePort \ + --namespace artifactory-jcr center/jfrog/artifactory-jcr +``` + +To manually configure TLS, first create/retrieve a key & certificate pair for the address(es) you wish to protect. Then create a TLS secret in the namespace: + +```bash +kubectl create secret tls artifactory-tls --cert=path/to/tls.cert --key=path/to/tls.key +``` + +Include the secret's name, along with the desired hostnames, in the Artifactory Ingress TLS section of your custom `values.yaml` file: + +```yaml +artifactory: + artifactory: + ingress: + ## If true, Artifactory Ingress will be created + ## + enabled: true + + ## Artifactory Ingress hostnames + ## Must be provided if Ingress is enabled + ## + hosts: + - jfrog-container-registry.domain.com + annotations: + kubernetes.io/tls-acme: "true" + ## Artifactory Ingress TLS configuration + ## Secrets must be manually created in the namespace + ## + tls: + - secretName: artifactory-tls + hosts: + - jfrog-container-registry.domain.com +``` + +## Useful links +https://www.jfrog.com +https://www.jfrog.com/confluence/ diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/app-readme.md b/charts/artifactory-jcr/artifactory-jcr/3.4.000/app-readme.md new file mode 100644 index 000000000..9d9b7d85f --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/app-readme.md @@ -0,0 +1,18 @@ +# JFrog Container Registry Helm Chart + +Universal Repository Manager supporting all major packaging formats, build tools and CI servers. + +## Chart Details +This chart will do the following: + +* Deploy JFrog Container Registry +* Deploy an optional Nginx server +* Optionally expose Artifactory with Ingress [Ingress documentation](https://kubernetes.io/docs/concepts/services-networking/ingress/) + + +## Useful links +Blog: [Herd Trust Into Your Rancher Labs Multi-Cloud Strategy with Artifactory](https://jfrog.com/blog/herd-trust-into-your-rancher-labs-multi-cloud-strategy-with-artifactory/) + +## Activate Your Artifactory Instance +Don't have a license? Please send an email to [rancher-jfrog-licenses@jfrog.com](mailto:rancher-jfrog-licenses@jfrog.com) to get it. + diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/.helmignore b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/.helmignore new file mode 100644 index 000000000..c7eb1e274 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +OWNERS \ No newline at end of file diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/CHANGELOG.md b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/CHANGELOG.md new file mode 100644 index 000000000..9a35fa0e6 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/CHANGELOG.md @@ -0,0 +1,905 @@ +# JFrog Artifactory Chart Changelog +All changes to this chart will be documented in this file. + +## [11.7.4] - Jan 04, 2020 +* Fixed gid support for statefulset + +## [11.7.3] - Dec 31, 2020 +* Added gid support for statefulset +* Add setSecurityContext flag to allow securityContext block to be removed from artifactory statefulset + +## [11.7.2] - Dec 29, 2020 +* **Important:** Removed `.Values.metrics` and `.Values.fluentd` (Fluentd and Prometheus integrations) +* Add support for creating additional kubernetes resources - [refer here](https://github.com/jfrog/log-analytics-prometheus/blob/master/artifactory-values.yaml) +* Updated Artifactory version to 7.12.5 + +## [11.7.1] - Dec 21, 2020 +* Updated Artifactory version to 7.12.3 + +## [11.7.0] - Dec 18, 2020 +* Updated Artifactory version to 7.12.2 +* Added `.Values.artifactory.openMetrics.enabled` + +## [11.6.1] - Dec 11, 2020 +* Added configurable `.Values.global.versions.artifactory` in values.yaml + +## [11.6.0] - Dec 10, 2020 +* Update postgresql tag version to `12.5.0-debian-10-r25` +* Fixed `artifactory.persistence.googleStorage.endpoint` from `storage.googleapis.com` to `commondatastorage.googleapis.com` +* Updated chart maintainers email + +## [11.5.5] - Dec 4, 2020 +* **Important:** Renamed `.Values.systemYaml` to `.Values.systemYamlOverride` + +## [11.5.4] - Dec 1, 2020 +* Improve error message returned when attempting helm upgrade command + +## [11.5.3] - Nov 30, 2020 +* Updated Artifactory version to 7.11.5 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.11) + +## [11.5.2] - Nov 23, 2020 +* Updated Artifactory version to 7.11.2 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.11) +* Updated port namings on services and pods to allow for istio protocol discovery +* Change semverCompare checks to support hosted Kubernetes +* Add flag to disable creation of ServiceMonitor when enabling prometheus metrics +* Prevent the PostHook command to be executed if the user did not specify a command in the values file +* Fix issue with tls file generation when nginx.https.enabled is false + +## [11.5.1] - Nov 19, 2020 +* Updated Artifactory version to 7.11.2 +* Bugfix - access.config.import.xml override Access Federation configurations + +## [11.5.0] - Nov 17, 2020 +* Updated Artifactory version to 7.11.1 +* Update alpine tag version to `3.12.1` + +## [11.4.6] - Nov 10, 2020 +* Pass system.yaml via external secret for advanced usecases +* Added support for custom ingress +* Bugfix - stateful set not picking up changes to database secrets + +## [11.4.5] - Nov 9, 2020 +* Updated Artifactory version to 7.10.6 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.10.6) + +## [11.4.4] - Nov 2, 2020 +* Add enablePathStyleAccess property for aws-s3-v3 binary provider template + +## [11.4.3] - Nov 2, 2020 +* Updated Artifactory version to 7.10.5 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.10.5) + +## [11.4.2] - Oct 22, 2020 +* Chown bug fix where Linux capability cannot chown all files causing log line warnings +* Fix Frontend timeout linting issue + +## [11.4.1] - Oct 20, 2020 +* Add flag to disable prepare-custom-persistent-volume init container + +## [11.4.0] - Oct 19, 2020 +* Updated Artifactory version to 7.10.2 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.10.2) + +## [11.3.2] - Oct 15, 2020 +* Add support to specify priorityClassName for nginx deployment + +## [11.3.1] - Oct 9, 2020 +* Add support for customInitContainersBegin + +## [11.3.0] - Oct 7, 2020 +* Updated Artifactory version to 7.9.1 +* **Breaking change:** Fix `storageClass` to correct `storageClassName` in values.yaml + +## [11.2.0] - Oct 5, 2020 +* Expose Prometheus metrics via a ServiceMonitor +* Parse log files for metric data with Fluentd + +## [11.1.0] - Sep 30, 2020 +* Updated Artifactory version to 7.9.0 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.9) +* Added support for resources in init container + +## [11.0.11] - Sep 25, 2020 +* Update to use linux capability CAP_CHOWN instead of root base init container to avoid any use of root containers to pass Redhat security requirements + +## [11.0.10] - Sep 28, 2020 +* Setting chart coordinates in migitation yaml + +## [11.0.9] - Sep 25, 2020 +* Update filebeat version to `7.9.2` + +## [11.0.8] - Sep 24, 2020 +* Fixed broken issue - when setting `waitForDatabase: false` container startup still waits for DB + +## [11.0.7] - Sep 22, 2020 +* Readme updates + +## [11.0.6] - Sep 22, 2020 +* Fix lint issue in migitation yaml + +## [11.0.5] - Sep 22, 2020 +* Fix broken migitation yaml + +## [11.0.4] - Sep 21, 2020 +* Added mitigation yaml for Artifactory - [More info](https://github.com/jfrog/chartcenter/blob/master/docs/securitymitigationspec.md) + +## [11.0.3] - Sep 17, 2020 +* Added configurable session(UI) timeout in frontend microservice + +## [11.0.2] - Sep 17, 2020 +* Added proper required text to be shown while postgres upgrades + +## [11.0.1] - Sep 14, 2020 +* Updated Artifactory version to 7.7.8 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.7.8) + +## [11.0.0] - Sep 2, 2020 +* **Breaking change:** Changed `imagePullSecrets`values from string to list. +* **Breaking change:** Added `image.registry` and changed `image.version` to `image.tag` for docker images +* Added support for global values +* Updated maintainers in chart.yaml +* Update postgresql tag version to `12.3.0-debian-10-r71` +* Update postgresql chart version to `9.3.4` in requirements.yaml - [9.x Upgrade Notes](https://github.com/bitnami/charts/tree/master/bitnami/postgresql#900) +* **IMPORTANT** +* If this is a new deployment or you already use an external database (`postgresql.enabled=false`), these changes **do not affect you**! +* If this is an upgrade and you are using the default PostgreSQL (`postgresql.enabled=true`), you need to pass previous 9.x/10.x's postgresql.image.tag and databaseUpgradeReady=true + +## [10.1.0] - Aug 13, 2020 +* Updated Artifactory version to 7.7.3 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.7) + +## [10.0.15] - Aug 10, 2020 +* Added enableSignedUrlRedirect for persistent storage type aws-s3-v3. + +## [10.0.14] - Jul 31, 2020 +* Update the README section on Nginx SSL termination to reflect the actual YAML structure. + +## [10.0.13] - Jul 30, 2020 +* Added condition to disable the migration scripts. + +## [10.0.12] - Jul 28, 2020 +* Document Artifactory node affinity. + +## [10.0.11] - Jul 28, 2020 +* Added maxConnections for persistent storage type aws-s3-v3. + +## [10.0.10] - Jul 28, 2020 +* Bugfix / support for userPluginSecrets with Artifactory 7 + +## [10.0.9] - Jul 27, 2020 +* Add tpl to external database secrets +* Modified `scheme` to `artifactory.scheme` + +## [10.0.8] - Jul 23, 2020 +* Added condition to disable the migration init container. + +## [10.0.7] - Jul 21, 2020 +* Updated Artifactory Chart to add node and primary labels to pods and service objects. + +## [10.0.6] - Jul 20, 2020 +* Support custom CA and certificates + +## [10.0.5] - Jul 13, 2020 +* Updated Artifactory version to 7.6.3 - https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.6.3 +* Fixed Mysql database jar path in `preStartCommand` in README + +## [10.0.4] - Jul 10, 2020 +* Move some postgresql values to where they should be according to the subchart + +## [10.0.3] - Jul 8, 2020 +* Set Artifactory access client connections to the same value as the access threads + +## [10.0.2] - Jul 6, 2020 +* Updated Artifactory version to 7.6.2 +* **IMPORTANT** +* Added ChartCenter Helm repository in README + +## [10.0.1] - Jul 01, 2020 +* Add dedicated ingress object for Replicator service when enabled + +## [10.0.0] - Jun 30, 2020 +* Update postgresql tag version to `10.13.0-debian-10-r38` +* Update alpine tag version to `3.12` +* Update busybox tag version to `1.31.1` +* **IMPORTANT** +* If this is a new deployment or you already use an external database (`postgresql.enabled=false`), these changes **do not affect you**! +* If this is an upgrade and you are using the default PostgreSQL (`postgresql.enabled=true`), you need to pass postgresql.image.tag=9.6.18-debian-10-r7 and databaseUpgradeReady=true + +## [9.6.0] - Jun 29, 2020 +* Updated Artifactory version to 7.6.1 - https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.6.1 +* Add tpl for external database secrets + +## [9.5.5] - Jun 25, 2020 +* Stop loading the Nginx stream module because it is now a core module + +## [9.5.4] - Jun 25, 2020 +* Notes.txt update - add --namespace parameter + +## [9.5.3] - Jun 11, 2020 +* Support list of custom secrets + +## [9.5.2] - Jun 12, 2020 +* Updated Artifactory version to 7.5.7 - https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.5.7 + +## [9.5.1] - Jun 8, 2020 +* Readme update - configuring Artifactory with oracledb + +## [9.5.0] - Jun 1, 2020 +* Updated Artifactory version to 7.5.5 - https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.5 +* Fixes bootstrap configMap permission issue +* Update postgresql tag version to `9.6.18-debian-10-r7` + +## [9.4.9] - May 27, 2020 +* Added Tomcat maxThreads & acceptCount + +## [9.4.8] - May 25, 2020 +* Fixed postgresql README `image` Parameters + +## [9.4.7] - May 24, 2020 +* Fixed typo in README regarding migration timeout + +## [9.4.6] - May 19, 2020 +* Added metadata maxOpenConnections + +## [9.4.5] - May 07, 2020 +* Fix `installerInfo` string format + +## [9.4.4] - Apr 27, 2020 +* Updated Artifactory version to 7.4.3 + +## [9.4.3] - Apr 26, 2020 +* Change order of the customInitContainers to run before the "migration-artifactory" initContainer. + +## [9.4.2] - Apr 24, 2020 +* Fix `artifactory.persistence.awsS3V3.useInstanceCredentials` incorrect conditional logic +* Bump postgresql tag version to `9.6.17-debian-10-r72` in values.yaml + +## [9.4.1] - Apr 16, 2020 +* Custom volumes in migration init container. + +## [9.4.0] - Apr 14, 2020 +* Updated Artifactory version to 7.4.1 + +## [9.3.1] - April 13, 2020 +* Update README with helm v3 commands + +## [9.3.0] - April 10, 2020 +* Use dependency charts from `https://charts.bitnami.com/bitnami` +* Bump postgresql chart version to `8.7.3` in requirements.yaml +* Bump postgresql tag version to `9.6.17-debian-10-r21` in values.yaml + +## [9.2.9] - Apr 8, 2020 +* Added recommended ingress annotation to avoid 413 errors + +## [9.2.8] - Apr 8, 2020 +* Moved migration scripts under `files` directory +* Support preStartCommand in migration Init container as `artifactory.migration.preStartCommand` + +## [9.2.7] - Apr 6, 2020 +* Fix cache size (should be 5gb instead of 50gb since volume claim is only 20gb). + +## [9.2.6] - Apr 1, 2020 +* Support masterKey and joinKey as secrets + +## [9.2.5] - Apr 1, 2020 +* Fix readme use to `-hex 32` instead of `-hex 16` + +## [9.2.4] - Mar 31, 2020 +* Change the way the artifactory `command:` is set so it will properly pass a SIGTERM to java + +## [9.2.3] - Mar 29, 2020 +* Add Nginx log options: stderr as logfile and log level + +## [9.2.2] - Mar 30, 2020 +* Use the same defaulting mechanism used for the artifactory version used elsewhere in the chart + +## [9.2.1] - Mar 29, 2020 +* Fix loggers sidecars configurations to support new file system layout and new log names + +## [9.2.0] - Mar 29, 2020 +* Fix broken admin user bootstrap configuration +* **Breaking change:** renamed `artifactory.accessAdmin` to `artifactory.admin` + +## [9.1.5] - Mar 26, 2020 +* Fix volumeClaimTemplate issue + +## [9.1.4] - Mar 25, 2020 +* Fix volume name used by filebeat container + +## [9.1.3] - Mar 24, 2020 +* Use `postgresqlExtendedConf` for setting custom PostgreSQL configuration (instead of `postgresqlConfiguration`) + +## [9.1.2] - Mar 22, 2020 +* Support for SSL offload in Nginx service(LoadBalancer) layer. Introduced `nginx.service.ssloffload` field with boolean type. + +## [9.1.1] - Mar 23, 2020 +* Moved installer info to values.yaml so it is fully customizable + +## [9.1.0] - Mar 23, 2020 +* Updated Artifactory version to 7.3.2 + +## [9.0.29] - Mar 20, 2020 +* Add support for masterKey trim during 6.x to 7.x migration if 6.x masterKey is 32 hex (64 characters) + +## [9.0.28] - Mar 18, 2020 +* Increased Nginx proxy_buffers size + +## [9.0.27] - Mar 17, 2020 +* Changed all single quotes to double quotes in values files +* useInstanceCredentials variable was declared in S3 settings but not used in chart. Now it is being used. + +## [9.0.26] - Mar 17, 2020 +* Fix rendering of Service Account annotations + +## [9.0.25] - Mar 16, 2020 +* Update Artifactory readme with extra ingress annotations needed for Artifactory to be set as SSO provider + +## [9.0.24] - Mar 16, 2020 +* Add Unsupported message from 6.18 to 7.2.x (migration) + +## [9.0.23] - Mar 12, 2020 +* Fix README.md rendering issue + +## [9.0.22] - Mar 11, 2020 +* Upgrade Docs update + +## [9.0.21] - Mar 11, 2020 +* Unified charts public release + +## [9.0.20] - Mar 6, 2020 +* Fix path to `/artifactory_bootstrap` +* Add support for controlling the name of the ingress and allow to set more than one cname + +## [9.0.19] - Mar 4, 2020 +* Add support for disabling `consoleLog` in `system.yaml` file + +## [9.0.18] - Feb 28, 2020 +* Add support to process `valueFrom` for extraEnvironmentVariables + +## [9.0.17] - Feb 26, 2020 +* Fix join key secret naming + +## [9.0.16] - Feb 26, 2020 +* Store join key to secret + +## [9.0.15] - Feb 26, 2020 +* Updated Artifactory version to 7.2.1 + +## [9.0.10] - Feb 07, 2020 +* Remove protection flag `databaseUpgradeReady` which was added to check internal postgres upgrade + +## [9.0.0] - Feb 07, 2020 +* Updated Artifactory version to 7.0.0 + +## [8.4.8] - Feb 13, 2020 +* Add support for SSH authentication to Artifactory + +## [8.4.7] - Feb 11, 2020 +* Change Artifactory service port name to be hard-coded to `http` instead of using `{{ .Release.Name }}` + +## [8.4.6] - Feb 9, 2020 +* Add support for `tpl` in the `postStartCommand` + +## [8.4.5] - Feb 4, 2020 +* Support customisable Nginx kind + +## [8.4.4] - Feb 2, 2020 +* Add a comment stating that it is recommended to use an external PostgreSQL with a static password for production installations + +## [8.4.3] - Jan 30, 2020 +* Add the option to configure resources for the logger containers + +## [8.4.2] - Jan 26, 2020 +* Improve `database.user` and `database.password` logic in order to support more use cases and make the configuration less repetitive + +## [8.4.1] - Jan 19, 2020 +* Fix replicator port config in nginx replicator configmap + +## [8.4.0] - Jan 19, 2020 +* Updated Artifactory version to 6.17.0 + +## [8.3.6] - Jan 16, 2020 +* Added example for external nginx-ingress + +## [8.3.5] - Dec 30, 2019 +* Fix for nginx probes failing when launched with http disabled + +## [8.3.4] - Dec 24, 2019 +* Better support for custom `artifactory.internalPort` + +## [8.3.3] - Dec 23, 2019 +* Mark empty map values with `{}` + +## [8.3.2] - Dec 16, 2019 +* Fix for toggling nginx service ports + +## [8.3.1] - Dec 12, 2019 +* Add support for toggling nginx service ports + +## [8.3.0] - Dec 1, 2019 +* Updated Artifactory version to 6.16.0 + +## [8.2.6] - Nov 28, 2019 +* Add support for using existing PriorityClass + +## [8.2.5] - Nov 27, 2019 +* Add support for PriorityClass + +## [8.2.4] - Nov 21, 2019 +* Add an option to use a file system cache-fs with the file-system binarystore template + +## [8.2.3] - Nov 20, 2019 +* Update Artifactory Readme + +## [8.2.2] - Nov 20, 2019 +* Update Artfactory logo + +## [8.2.1] - Nov 18, 2019 +* Add the option to provide service account annotations (in order to support stuff like https://docs.aws.amazon.com/eks/latest/userguide/specify-service-account-role.html) + +## [8.2.0] - Nov 18, 2019 +* Updated Artifactory version to 6.15.0 + +## [8.1.11] - Nov 17, 2019 +* Do not provide a default master key. Allow it to be auto generated by Artifactory on first startup + +## [8.1.10] - Nov 17, 2019 +* Fix creation of double slash in nginx artifactory configuration + +## [8.1.9] - Nov 14, 2019 +* Set explicit `postgresql.postgresqlPassword=""` to avoid helm v3 error + +## [8.1.8] - Nov 12, 2019 +* Updated Artifactory version to 6.14.1 + +## [8.1.7] - Nov 9, 2019 +* Additional documentation for masterKey + +## [8.1.6] - Nov 10, 2019 +* Update PostgreSQL chart version to 7.0.1 +* Use formal PostgreSQL configuration format + +## [8.1.5] - Nov 8, 2019 +* Add support `artifactory.service.loadBalancerSourceRanges` for whitelisting when setting `artifactory.service.type=LoadBalancer` + +## [8.1.4] - Nov 6, 2019 +* Add support for any type of environment variable by using `extraEnvironmentVariables` as-is + +## [8.1.3] - Nov 6, 2019 +* Add nodeselector support for Postgresql + +## [8.1.2] - Nov 5, 2019 +* Add support for the aws-s3-v3 filestore, which adds support for pod IAM roles + +## [8.1.1] - Nov 4, 2019 +* When using `copyOnEveryStartup`, make sure that the target base directories are created before copying the files + +## [8.1.0] - Nov 3, 2019 +* Updated Artifactory version to 6.14.0 + +## [8.0.1] - Nov 3, 2019 +* Make sure the artifactory pod exits when one of the pre-start stages fail + +## [8.0.0] - Oct 27, 2019 +**IMPORTANT - BREAKING CHANGES!**
+**DOWNTIME MIGHT BE REQUIRED FOR AN UPGRADE!** +* If this is a new deployment or you already use an external database (`postgresql.enabled=false`), these changes **do not affect you**! +* If this is an upgrade and you are using the default PostgreSQL (`postgresql.enabled=true`), must use the upgrade instructions in [UPGRADE_NOTES.md](UPGRADE_NOTES.md)! +* PostgreSQL sub chart was upgraded to version `6.5.x`. This version is **not backward compatible** with the old version (`0.9.5`)! +* Note the following **PostgreSQL** Helm chart changes + * The chart configuration has changed! See [values.yaml](values.yaml) for the new keys used + * **PostgreSQL** is deployed as a StatefulSet + * See [PostgreSQL helm chart](https://hub.helm.sh/charts/stable/postgresql) for all available configurations + +## [7.18.3] - Oct 24, 2019 +* Change the preStartCommand to support templating + +## [7.18.2] - Oct 21, 2019 +* Add support for setting `artifactory.labels` +* Add support for setting `nginx.labels` + +## [7.18.1] - Oct 10, 2019 +* Updated Artifactory version to 6.13.1 + +## [7.18.0] - Oct 7, 2019 +* Updated Artifactory version to 6.13.0 + +## [7.17.5] - Sep 24, 2019 +* Option to skip wait-for-db init container with '--set waitForDatabase=false' + +## [7.17.4] - Sep 11, 2019 +* Updated Artifactory version to 6.12.2 + +## [7.17.3] - Sep 9, 2019 +* Updated Artifactory version to 6.12.1 + +## [7.17.2] - Aug 22, 2019 +* Fix the nginx server_name directive used with ingress.hosts + +## [7.17.1] - Aug 21, 2019 +* Enable the Artifactory container's liveness and readiness probes + +## [7.17.0] - Aug 21, 2019 +* Updated Artifactory version to 6.12.0 + +## [7.16.11] - Aug 14, 2019 +* Updated Artifactory version to 6.11.6 + +## [7.16.10] - Aug 11, 2019 +* Fix Ingress routing and add an example + +## [7.16.9] - Aug 5, 2019 +* Do not mount `access/etc/bootstrap.creds` unless user specifies a custom password or secret (Access already generates a random password if not provided one) +* If custom `bootstrap.creds` is provided (using keys or custom secret), prepare it with an init container so the temp file does not persist + +## [7.16.8] - Aug 4, 2019 +* Improve binarystore config + 1. Convert to a secret + 2. Move config to values.yaml + 3. Support an external secret + +## [7.16.7] - Jul 29, 2019 +* Don't create the nginx configmaps when nginx.enabled is false + +## [7.16.6] - Jul 24, 2019 +* Simplify nginx setup and shorten initial wait for probes + +## [7.16.5] - Jul 22, 2019 +* Change Ingress API to be compatible with recent kubernetes versions + +## [7.16.4] - Jul 22, 2019 +* Updated Artifactory version to 6.11.3 + +## [7.16.3] - Jul 11, 2019 +* Add ingress.hosts to the Nginx server_name directive when ingress is enabled to help with Docker repository sub domain configuration + +## [7.16.2] - Jul 3, 2019 +* Fix values key in reverse proxy example + +## [7.16.1] - Jul 1, 2019 +* Updated Artifactory version to 6.11.1 + +## [7.16.0] - Jun 27, 2019 +* Update Artifactory version to 6.11 and add restart to Artifactory when bootstrap.creds file has been modified + +## [7.15.8] - Jun 27, 2019 +* Add the option for changing nginx config using values.yaml and remove outdated reverse proxy documentation + +## [7.15.6] - Jun 24, 2019 +* Update chart maintainers + +## [7.15.5] - Jun 24, 2019 +* Change Nginx to point to the artifactory externalPort + +## [7.15.4] - Jun 23, 2019 +* Add the option to provide an IP for the access-admin endpoints + +## [7.15.3] - Jun 23, 2019 +* Add values files for small, medium and large installations + +## [7.15.2] - Jun 20, 2019 +* Add missing terminationGracePeriodSeconds to values.yaml + +## [7.15.1] - Jun 19, 2019 +* Updated Artifactory version to 6.10.4 + +## [7.15.0] - Jun 17, 2019 +* Use configmaps for nginx configuration and remove nginx postStart command + +## [7.14.8] - Jun 18, 2019 +* Add the option to provide additional ingress rules + +## [7.14.7] - Jun 14, 2019 +* Updated readme with improved external database setup example + +## [7.14.6] - Jun 11, 2019 +* Updated Artifactory version to 6.10.3 +* Updated installer-info template + +## [7.14.5] - Jun 6, 2019 +* Updated Google Cloud Storage API URL and https settings + +## [7.14.4] - Jun 5, 2019 +* Delete the db.properties file on Artifactory startup + +## [7.14.3] - Jun 3, 2019 +* Updated Artifactory version to 6.10.2 + +## [7.14.2] - May 21, 2019 +* Updated Artifactory version to 6.10.1 + +## [7.14.1] - May 19, 2019 +* Fix missing logger image tag + +## [7.14.0] - May 7, 2019 +* Updated Artifactory version to 6.10.0 + +## [7.13.21] - May 5, 2019 +* Add support for setting `artifactory.async.corePoolSize` + +## [7.13.20] - May 2, 2019 +* Remove unused property `artifactory.releasebundle.feature.enabled` + +## [7.13.19] - May 1, 2019 +* Fix indentation issue with the replicator system property + +## [7.13.18] - Apr 30, 2019 +* Add support for JMX monitoring + +## [7.13.17] - Apr 25, 2019 +* Added support for `cacheProviderDir` + +## [7.13.16] - Apr 18, 2019 +* Changing API StatefulSet version to `v1` and permission fix for custom `artifactory.conf` for Nginx + +## [7.13.15] - Apr 16, 2019 +* Updated documentation for Reverse Proxy Configuration + +## [7.13.14] - Apr 15, 2019 +* Added support for `customVolumeMounts` + +## [7.13.13] - Aprl 12, 2019 +* Added support for `bucketExists` flag for googleStorage + +## [7.13.12] - Apr 11, 2019 +* Replace `curl` examples with `wget` due to the new base image + +## [7.13.11] - Aprl 07, 2019 +* Add support for providing the Artifactory license as a parameter + +## [7.13.10] - Apr 10, 2019 +* Updated Artifactory version to 6.9.1 + +## [7.13.9] - Aprl 04, 2019 +* Add support for templated extraEnvironmentVariables + +## [7.13.8] - Aprl 07, 2019 +* Change network policy API group + +## [7.13.7] - Aprl 04, 2019 +* Bugfix for userPluginSecrets + +## [7.13.6] - Apr 4, 2019 +* Add information about upgrading Artifactory with auto-generated postgres password + +## [7.13.5] - Aprl 03, 2019 +* Added installer info + +## [7.13.4] - Aprl 03, 2019 +* Allow secret names for user plugins to contain template language + +## [7.13.3] - Apr 02, 2019 +* Allow NetworkPolicy configurations (defaults to allow all) + +## [7.13.2] - Aprl 01, 2019 +* Add support for user plugin secret + +## [7.13.1] - Mar 27, 2019 +* Add the option to copy a list of files to ARTIFACTORY_HOME on startup + +## [7.13.0] - Mar 26, 2019 +* Updated Artifactory version to 6.9.0 + +## [7.12.18] - Mar 25, 2019 +* Add CI tests for persistence, ingress support and nginx + +## [7.12.17] - Mar 22, 2019 +* Add the option to change the default access-admin password + +## [7.12.16] - Mar 22, 2019 +* Added support for `.Probe.path` to customise the paths used for health probes + +## [7.12.15] - Mar 21, 2019 +* Added support for `artifactory.customSidecarContainers` to create custom sidecar containers +* Added support for `artifactory.customVolumes` to create custom volumes + +## [7.12.14] - Mar 21, 2019 +* Make ingress path configurable + +## [7.12.13] - Mar 19, 2019 +* Move the copy of bootstrap config from postStart to preStart + +## [7.12.12] - Mar 19, 2019 +* Fix existingClaim example + +## [7.12.11] - Mar 18, 2019 +* Add information about nginx persistence + +## [7.12.10] - Mar 15, 2019 +* Wait for nginx configuration file before using it + +## [7.12.9] - Mar 15, 2019 +* Revert securityContext changes since they were causing issues + +## [7.12.8] - Mar 15, 2019 +* Fix issue #247 (init container failing to run) + +## [7.12.7] - Mar 14, 2019 +* Updated Artifactory version to 6.8.7 +* Add support for Artifactory-CE for C++ + +## [7.12.6] - Mar 13, 2019 +* Move securityContext to container level + +## [7.12.5] - Mar 11, 2019 +* Updated Artifactory version to 6.8.6 + +## [7.12.4] - Mar 8, 2019 +* Fix existingClaim option + +## [7.12.3] - Mar 5, 2019 +* Updated Artifactory version to 6.8.4 + +## [7.12.2] - Mar 4, 2019 +* Add support for catalina logs sidecars + +## [7.12.1] - Feb 27, 2019 +* Updated Artifactory version to 6.8.3 + +## [7.12.0] - Feb 25, 2019 +* Add nginx support for tail sidecars + +## [7.11.1] - Feb 20, 2019 +* Added support for enterprise storage + +## [7.10.2] - Feb 19, 2019 +* Updated Artifactory version to 6.8.2 + +## [7.10.1] - Feb 17, 2019 +* Updated Artifactory version to 6.8.1 +* Add example of `SERVER_XML_EXTRA_CONNECTOR` usage + +## [7.10.0] - Feb 15, 2019 +* Updated Artifactory version to 6.8.0 + +## [7.9.6] - Feb 13, 2019 +* Updated Artifactory version to 6.7.3 + +## [7.9.5] - Feb 12, 2019 +* Add support for tail sidecars to view logs from k8s api + +## [7.9.4] - Feb 6, 2019 +* Fix support for customizing statefulset `terminationGracePeriodSeconds` + +## [7.9.3] - Feb 5, 2019 +* Add instructions on how to deploy Artifactory with embedded Derby database + +## [7.9.2] - Feb 5, 2019 +* Add support for customizing statefulset `terminationGracePeriodSeconds` + +## [7.9.1] - Feb 3, 2019 +* Updated Artifactory version to 6.7.2 + +## [7.9.0] - Jan 23, 2019 +* Updated Artifactory version to 6.7.0 + +## [7.8.9] - Jan 22, 2019 +* Added support for `artifactory.customInitContainers` to create custom init containers + +## [7.8.8] - Jan 17, 2019 +* Added support of values ingress.labels + +## [7.8.7] - Jan 16, 2019 +* Mount replicator.yaml (config) directly to /replicator_extra_conf + +## [7.8.6] - Jan 13, 2019 +* Fix documentation about nginx group id + +## [7.8.5] - Jan 13, 2019 +* Updated Artifactory version to 6.6.5 + +## [7.8.4] - Jan 8, 2019 +* Make artifactory.replicator.publicUrl required when the replicator is enabled + +## [7.8.3] - Jan 1, 2019 +* Updated Artifactory version to 6.6.3 +* Add support for `artifactory.extraEnvironmentVariables` to pass more environment variables to Artifactory + +## [7.8.2] - Dec 28, 2018 +* Fix location `replicator.yaml` is copied to + +## [7.8.1] - Dec 27, 2018 +* Updated Artifactory version to 6.6.1 + +## [7.8.0] - Dec 20, 2018 +* Updated Artifactory version to 6.6.0 + +## [7.7.13] - Dec 17, 2018 +* Updated Artifactory version to 6.5.13 + +## [7.7.12] - Dec 12, 2018 +* Fix documentation about Artifactory license setup using secret + +## [7.7.11] - Dec 10, 2018 +* Fix issue when using existing claim + +## [7.7.10] - Dec 5, 2018 +* Remove Distribution certificates creation. + +## [7.7.9] - Nov 30, 2018 +* Updated Artifactory version to 6.5.9 + +## [7.7.8] - Nov 29, 2018 +* Updated postgresql version to 9.6.11 + +## [7.7.7] - Nov 27, 2018 +* Updated Artifactory version to 6.5.8 + +## [7.7.6] - Nov 19, 2018 +* Added support for configMap to use custom Reverse Proxy Configuration with Nginx + +## [7.7.5] - Nov 14, 2018 +* Fix location of `nodeSelector`, `affinity` and `tolerations` + +## [7.7.4] - Nov 14, 2018 +* Updated Artifactory version to 6.5.3 + +## [7.7.3] - Nov 12, 2018 +* Support artifactory.preStartCommand for running command before entrypoint starts + +## [7.7.2] - Nov 7, 2018 +* Support database.url parameter (DB_URL) + +## [7.7.1] - Oct 29, 2018 +* Change probes port to 8040 (so they will not be blocked when all tomcat threads on 8081 are exhausted) + +## [7.7.0] - Oct 28, 2018 +* Update postgresql chart to version 0.9.5 to be able and use `postgresConfig` options + +## [7.6.8] - Oct 23, 2018 +* Fix providing external secret for database credentials + +## [7.6.7] - Oct 23, 2018 +* Allow user to configure externalTrafficPolicy for Loadbalancer + +## [7.6.6] - Oct 22, 2018 +* Updated ingress annotation support (with examples) to support docker registry v2 + +## [7.6.5] - Oct 21, 2018 +* Updated Artifactory version to 6.5.2 + +## [7.6.4] - Oct 19, 2018 +* Allow providing pre-existing secret containing master key +* Allow arbitrary annotations on primary and member node pods +* Enforce size limits when using local storage with `emptyDir` +* Allow providing pre-existing secrets containing external database credentials + +## [7.6.3] - Oct 18, 2018 +* Updated Artifactory version to 6.5.1 + +## [7.6.2] - Oct 17, 2018 +* Add Apache 2.0 license + +## [7.6.1] - Oct 11, 2018 +* Supports master-key in the secrets and stateful-set +* Allows ingress default `backend` to be enabled or disabled (defaults to enabled) + +## [7.6.0] - Oct 11, 2018 +* Updated Artifactory version to 6.5.0 + +## [7.5.4] - Oct 9, 2018 +* Quote ingress hosts to support wildcard names + +## [7.5.3] - Oct 4, 2018 +* Add PostgreSQL resources template + +## [7.5.2] - Oct 2, 2018 +* Add `helm repo add jfrog https://charts.jfrog.io` to README + +## [7.5.1] - Oct 2, 2018 +* Set Artifactory to 6.4.1 + +## [7.5.0] - Sep 27, 2018 +* Set Artifactory to 6.4.0 + +## [7.4.3] - Sep 26, 2018 +* Add ci/test-values.yaml + +## [7.4.2] - Sep 2, 2018 +* Updated Artifactory version to 6.3.2 +* Removed unused PVC + +## [7.4.0] - Aug 22, 2018 +* Added support to run as non root +* Updated Artifactory version to 6.2.0 + +## [7.3.0] - Aug 22, 2018 +* Enabled RBAC Support +* Added support for PostStartCommand (To download Database JDBC connector) +* Increased postgresql max_connections +* Added support for `nginx.conf` ConfigMap +* Updated Artifactory version to 6.1.0 diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/Chart.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/Chart.yaml new file mode 100644 index 000000000..884564cc9 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/Chart.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +appVersion: 7.12.5 +description: Universal Repository Manager supporting all major packaging formats, build tools and CI servers. +home: https://www.jfrog.com/artifactory/ +icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory/logo/artifactory-logo.png +keywords: +- artifactory +- jfrog +- devops +maintainers: +- email: installers@jfrog.com + name: Chart Maintainers at JFrog +name: artifactory +sources: +- https://bintray.com/jfrog/product/JFrog-Artifactory-Pro/view +- https://github.com/jfrog/charts +version: 11.7.4 diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/LICENSE b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/LICENSE new file mode 100644 index 000000000..8dada3eda --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/README.md b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/README.md new file mode 100644 index 000000000..9c7551c92 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/README.md @@ -0,0 +1,1151 @@ +# JFrog Artifactory Helm Chart + +**Heads up: Our Helm Chart docs are moving to our main documentation site. For Artifactory installers, see [Installing Artifactory](https://www.jfrog.com/confluence/display/JFROG/Installing+Artifactory).** + +## Prerequisites Details + +* Kubernetes 1.12+ +* Artifactory Pro trial license [get one from here](https://www.jfrog.com/artifactory/free-trial/) + +## Chart Details +This chart will do the following: + +* Deploy Artifactory-Pro/Artifactory-Edge (or OSS/CE if custom image is set) +* Deploy a PostgreSQL database using the stable/postgresql chart (can be changed) **NOTE:** For production grade installations it is recommended to use an external PostgreSQL. +* Deploy an optional Nginx server +* Optionally expose Artifactory with Ingress [Ingress documentation](https://kubernetes.io/docs/concepts/services-networking/ingress/) + +## Installing the Chart + +### Add ChartCenter Helm repository + +Before installing JFrog helm charts, you need to add the [ChartCenter helm repository](https://chartcenter.io) to your helm client + +```bash +helm repo add center https://repo.chartcenter.io +helm repo update +``` + +### Install Chart +To install the chart with the release name `artifactory`: +```bash +helm upgrade --install artifactory --namespace artifactory center/jfrog/artifactory +``` + +### System Configuration +Artifactory uses a common system configuration file - `system.yaml`. See [official documentation](https://www.jfrog.com/confluence/display/JFROG/System+YAML+Configuration+File) on its usage. +In order to override the default `system.yaml` configuration, do the following: +```bash +artifactory: + systemYaml: | + +``` + +### Deploying Artifactory with embedded Derby database +By default, this chart deploys Artifactory with PostgreSQL (running in a separate pod). +It's possible to deploy Artifactory without PostgreSQL (or any other external database), which will default to the embedded [Derby database](https://db.apache.org/derby/). +```bash +# Disable the default postgresql +helm upgrade --install artifactory --set postgresql.enabled=false --namespace artifactory center/jfrog/artifactory +``` +Artifactory will start with it's embedded Derby database. + +### Accessing Artifactory +**NOTE:** It might take a few minutes for Artifactory's public IP to become available. +Follow the instructions outputted by the install command to get the Artifactory IP to access it. + +### Updating Artifactory +Once you have a new chart version, you can update your deployment with +```bash +helm upgrade artifactory --namespace artifactory center/jfrog/artifactory +``` + +If artifactory was installed without providing a value to postgresql.postgresqlPassword (a password was autogenerated), follow these instructions: +1. Get the current password by running: +```bash +POSTGRES_PASSWORD=$(kubectl get secret -n -postgresql -o jsonpath="{.data.postgresql-password}" | base64 --decode) +``` +2. Upgrade the release by passing the previously auto-generated secret: +```bash +helm upgrade center/jfrog/artifactory --set postgresql.postgresqlPassword=${POSTGRES_PASSWORD} --namespace +``` + +This will apply any configuration changes on your existing deployment. + +### Special Upgrade Notes +#### Artifactory upgrade from 6.x to 7.x (App Version) +Arifactory 6.x to 7.x upgrade requires a one time migration process. This is done automatically on pod startup if needed. +It's possible to configure the migration timeout with the following configuration in extreme cases. The provided default should be more than enough for completion of the migration. +```yaml +artifactory: + # Migration support from 6.x to 7.x + migration: + enabled: true + timeoutSeconds: 3600 +``` +* Note: If you are upgrading from 8.x to 11.x and above chart versions, please delete the existing statefulset of postgresql before upgrading the chart due to breaking changes in postgresql subchart. +```bash +kubectl delete statefulsets -postgresql +``` + +### Artifactory memory and CPU resources +The Artifactory Helm chart comes with support for configured resource requests and limits to Artifactory, Nginx and PostgreSQL. By default, these settings are commented out. +It is **highly** recommended to set these so you have full control of the allocated resources and limits. +Artifactory java memory parameters can (and should) also be set to match the allocated resources with `artifactory.javaOpts.xms` and `artifactory.javaOpts.xmx`. +```bash +# Example of setting resource requests and limits to all pods (including passing java memory settings to Artifactory) +helm upgrade --install artifactory \ + --set artifactory.resources.requests.cpu="500m" \ + --set artifactory.resources.limits.cpu="2" \ + --set artifactory.resources.requests.memory="1Gi" \ + --set artifactory.resources.limits.memory="4Gi" \ + --set artifactory.javaOpts.xms="1g" \ + --set artifactory.javaOpts.xmx="4g" \ + --set nginx.resources.requests.cpu="100m" \ + --set nginx.resources.limits.cpu="250m" \ + --set nginx.resources.requests.memory="250Mi" \ + --set nginx.resources.limits.memory="500Mi" \ + --namespace artifactory center/jfrog/artifactory +``` +Get more details on configuring Artifactory in the [official documentation](https://www.jfrog.com/confluence/). + +Although it is possible to set resources limits and requests this way, it is recommended to use the pre-built values files +for small, medium and large installation and change them according to your needs (if necessary), as described [here](#Deploying-Artifactory-for-small/medium/large-installations) + +### Deploying Artifactory for small/medium/large installations +In the chart directory, we have added three values files, one for each installation type - small/medium/large. These values files are recommendations for setting resources requests and limits for your installation. The values are derived from the following [documentation](https://www.jfrog.com/confluence/display/EP/Installing+on+Kubernetes#InstallingonKubernetes-Systemrequirements). You can find them in the corresponding chart directory - values-small.yaml, values-medium.yaml and values-large.yaml + + +### Artifactory storage +When using an enterprise license. Artifactory supports a wide range of storage back ends. You can see more details on [Artifactory Filestore options](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore) + +In this chart, you set the type of storage you want with `artifactory.persistence.type` and pass the required configuration settings. +The default storage in this chart is the `file-system` replication, where the data is replicated to all nodes. + +#### NFS +To use an NFS server as your cluster's storage, you need to +- Setup an NFS server. Get its IP as `NFS_IP` +- Create a `data` and `backup` directories on the NFS exported directory with write permissions to all +- Pass NFS parameters to `helm install` and `helm upgrade` +```bash +... +--set artifactory.persistence.type=nfs \ +--set artifactory.persistence.nfs.ip=${NFS_IP} \ +... +``` + +#### Using a network file system with the file-system persistence type +In some cases, it is not possible for the helm chart to set up your NFS mounts automatically for Artiactory. +In such cases, such as using AWS EFS, you will use the `artifactory.persistnece.type=file-system` even though your underlying persistence is actually a network file system. +The same thing applies when using a slow storage device (such as cheap disks) as your main storage solution for Artifactory. +This means that serving highly used files from the network file system/slow storage can take time, +and that's why you would want a cache filesystem that's stored locally on disk (fast disks like SSD). + +This is how you would configure it: +Create a values file with the following content: +1. Set up your volume mount to your fast storage device +```yaml +artifactory: + ## Set up your volume mount to your fast storage device + customVolumes: | + - name: my-cache-fast-storage + persistentVolumeClaim: + claimName: my-cache-fast-storage-pvc + ## Enable caching and configure the cache directory + customVolumeMounts: | + - name: my-cache-fast-storage + mountPath: /my-fast-cache-mount + ## Install the helm chart with the values file you created + persistence: + cacheProviderDir: /my-fast-cache-mount + fileSystem: + cache: + enabled: true + +``` +2. Install Artifactory with the values file you created: +```bash +helm upgrade --install artifactory center/jfrog/artifactory --namespace artifactory -f values.yaml +``` + +#### Google Storage +To use a Google Storage bucket as the cluster's filestore. See [Google Storage Binary Provider](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore#ConfiguringtheFilestore-GoogleStorageBinaryProvider) +- Pass Google Storage parameters to `helm install` and `helm upgrade` +```bash +... +--set artifactory.persistence.type=google-storage \ +--set artifactory.persistence.googleStorage.identity=${GCP_ID} \ +--set artifactory.persistence.googleStorage.credential=${GCP_KEY} \ +... +``` + +#### AWS S3 +**NOTE** Keep in mind that when using the `aws-s3` persistence type, you will not be able to provide an IAM on the pod level. +In order to grant permissions to Artifactory using an IAM role, you will have to attach the said IAM role to the machine(s) on which Artifactory is running. +This is due to the fact that the `aws-s3` template uses the `JetS3t` library to interact with AWS. If you want to grant an IAM role at the pod level, see the `AWS S3 Vs` section. + +To use an AWS S3 bucket as the cluster's filestore. See [S3 Binary Provider](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore#ConfiguringtheFilestore-S3BinaryProvider) +- Pass AWS S3 parameters to `helm install` and `helm upgrade` +```bash +... +# With explicit credentials: +--set artifactory.persistence.type=aws-s3 \ +--set artifactory.persistence.awsS3.endpoint=${AWS_S3_ENDPOINT} \ +--set artifactory.persistence.awsS3.region=${AWS_REGION} \ +--set artifactory.persistence.awsS3.identity=${AWS_ACCESS_KEY_ID} \ +--set artifactory.persistence.awsS3.credential=${AWS_SECRET_ACCESS_KEY} \ +... + +... +# With using existing IAM role +--set artifactory.persistence.type=aws-s3 \ +--set artifactory.persistence.awsS3.endpoint=${AWS_S3_ENDPOINT} \ +--set artifactory.persistence.awsS3.region=${AWS_REGION} \ +--set artifactory.persistence.awsS3.roleName=${AWS_ROLE_NAME} \ +... +``` +**NOTE:** Make sure S3 `endpoint` and `region` match. See [AWS documentation on endpoint](https://docs.aws.amazon.com/general/latest/gr/rande.html) + +#### AWS S3 V3 +To use an AWS S3 bucket as the cluster's filestore and access it with the official AWS SDK, See [S3 Official SDK Binary Provider](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore#ConfiguringtheFilestore-AmazonS3OfficialSDKTemplate). +This filestore template uses the official AWS SDK, unlike th`aws-s3` implementation that uses the `JetS3t` library. +Use this template if you want to attach an IAM role to the Artifactory pod directly (as opposed to attaching it to the machine/s that Artifactory will run on). + +**NOTE** This will have to be combined with a k8s mechanism for attaching IAM roles to pods, like [kube2iam](https://github.com/helm/charts/tree/master/stable/kube2iam) or anything similar. + +- Pass AWS S3 V3 parameters and the annotation pointing to the IAM role (when using an IAM role. this is kube2iam specific and may vary depending on the implementation) to `helm install` and `helm upgrade` + +```bash +# With explicit credentials: +--set artifactory.persistence.type=aws-s3-v3 \ +--set artifactory.persistence.awsS3V3.region=${AWS_REGION} \ +--set artifactory.persistence.awsS3V3.bucketName=${AWS_S3_BUCKET_NAME} \ +--set artifactory.persistence.awsS3V3.identity=${AWS_ACCESS_KEY_ID} \ +--set artifactory.persistence.awsS3V3.credential=${AWS_SECRET_ACCESS_KEY} \ +... +``` + +```bash +# With using existing IAM role +--set artifactory.persistence.type=aws-s3-v3 \ +--set artifactory.persistence.awsS3V3.region=${AWS_REGION} \ +--set artifactory.persistence.awsS3V3.bucketName=${AWS_S3_BUCKET_NAME} \ +--set artifactory.annotations.'iam\.amazonaws\.com/role'=${AWS_IAM_ROLE_ARN} +... +``` + +To enable [Direct Cloud Storage Download](https://www.jfrog.com/confluence/display/JFROG/Direct+Cloud+Storage+Download#DirectCloudStorageDownload-1.ConfiguretheArtifactoryFilestore) +```bash +... +--set artifactory.persistence.awsS3V3.enableSignedUrlRedirect=true \ +... +``` + +#### Microsoft Azure Blob Storage +To use Azure Blob Storage as the cluster's filestore. See [Azure Blob Storage Binary Provider](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore#ConfiguringtheFilestore-AzureBlobStorageClusterBinaryProvider) +- Pass Azure Blob Storage parameters to `helm install` and `helm upgrade` +```bash +... +--set artifactory.persistence.type=azure-blob \ +--set artifactory.persistence.azureBlob.accountName=${AZURE_ACCOUNT_NAME} \ +--set artifactory.persistence.azureBlob.accountKey=${AZURE_ACCOUNT_KEY} \ +--set artifactory.persistence.azureBlob.endpoint=${AZURE_ENDPOINT} \ +--set artifactory.persistence.azureBlob.containerName=${AZURE_CONTAINER_NAME} \ +... +``` + +* To use a persistent volume claim as cache dir together with Azure Blob Storage, additionally pass the following parameters to `helm install` and `helm upgrade` (make sure `mountPath` and `cacheProviderDir` point to the same location) +```bash +... +--set artifactory.persistence.existingClaim=${YOUR_CLAIM} \ +--set artifactory.persistence.mountPath=/opt/cache-dir \ +--set artifactory.persistence.cacheProviderDir=/opt/cache-dir \ +... +``` + +#### Custom binarystore.xml +You have an option to provide a custom [binarystore.xml](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore).
+There are two options for this + +1. Editing directly in [values.yaml](values.yaml) +```yaml +artifactory: + persistence: + binarystoreXml: | + + + + + +``` + +2. Create your own [Secret](https://kubernetes.io/docs/concepts/configuration/secret/) and pass it to your `helm install` command +```yaml +# Prepare your custom Secret file (custom-binarystore.yaml) +kind: Secret +apiVersion: v1 +metadata: + name: custom-binarystore + labels: + app: artifactory + chart: artifactory +stringData: + binarystore.xml: |- + + + + +``` + +```bash +# Create a secret from the file +kubectl apply -n artifactory -f ./custom-binarystore.yaml + +# Pass it to your helm install command: +helm upgrade --install artifactory --namespace artifactory --set artifactory.persistence.customBinarystoreXmlSecret=custom-binarystore center/jfrog/artifactory +``` + +### Create a unique Master Key +Artifactory requires a unique master key. By default the chart has one set in values.yaml (`artifactory.masterKey`). + +**For production grade installations it is strongly recommended to use a custom master key. If you initially use the default master key it will be very hard to change the master key at a later stage** +**This key is for demo purpose and should not be used in a production environment!** + +You should generate a unique one and pass it to the template at install/upgrade time. +```bash +# Create a key +export MASTER_KEY=$(openssl rand -hex 32) +echo ${MASTER_KEY} + +# Pass the created master key to helm +helm upgrade --install artifactory --set artifactory.masterKey=${MASTER_KEY} --namespace artifactory center/jfrog/artifactory +``` + +Alternatively, you can create a secret containing the master key manually and pass it to the template at install/upgrade time. +```bash +# Create a key +export MASTER_KEY=$(openssl rand -hex 32) +echo ${MASTER_KEY} + +# Create a secret containing the key. The key in the secret must be named master-key +kubectl create secret generic my-secret --from-literal=master-key=${MASTER_KEY} + +# Pass the created secret to helm +helm upgrade --install artifactory --set artifactory.masterKeySecretName=my-secret --namespace artifactory center/jfrog/artifactory +``` +**NOTE:** In either case, make sure to pass the same master key on all future calls to `helm install` and `helm upgrade`! In the first case, this means always passing `--set artifactory.masterKey=${MASTER_KEY}`. In the second, this means always passing `--set artifactory.masterKeySecretName=my-secret` and ensuring the contents of the secret remain unchanged. + +### Special Upgrade Notes +### MasterKey during 6.x to 7.x Migration (App version) + +**NOTE:** 6.x only supports masterKey with 16 hex (32 characters) and if you have set masterKey using `openssl rand -hex 32` (64 characters) in 6.x, only the first 32 characters are used and rest are ignored. Hence, during 6.x to 7.x migration, we trim first 32 characters and set masterkey, which implies 7.x still uses the trimmed masterkey of 6.x. Hence, `artifactory.masterKey` should not be passed during migration from 6.x to 7.x. + +### Create a unique Join Key +Artifactory requires a unique join key. By default the chart has one set in values.yaml (`artifactory.joinKey`). + +**This key is for demo purpose and should not be used in a production environment!** + +You should generate a unique key and pass it to the template at install/upgrade time. +```bash +# Create a key +export JOIN_KEY=$(openssl rand -hex 32) +echo ${JOIN_KEY} + +# Pass the created join key to helm +helm upgrade --install artifactory --set artifactory.joinKey=${JOIN_KEY} --namespace artifactory center/jfrog/artifactory +``` + +Alternatively, you can create a secret containing the join key manually and pass it to the template at install/upgrade time. +```bash +# Create a key +export JOIN_KEY=$(openssl rand -hex 32) +echo ${JOIN_KEY} + +# Create a secret containing the key. The key in the secret must be named join-key +kubectl create secret generic my-secret --from-literal=join-key=${JOIN_KEY} + +# Pass the created secret to helm +helm upgrade --install artifactory --set artifactory.joinKeySecretName=my-secret --namespace artifactory center/jfrog/artifactory +``` +**NOTE:** In either case, make sure to pass the same join key on all future calls to `helm install` and `helm upgrade`! This means always passing `--set artifactory.joinKey=${JOIN_KEY}`. In the second, this means always passing `--set artifactory.joinKeySecretName=my-secret` and ensuring the contents of the secret remain unchanged. + +### Customizing Database password +You can override the specified database password (set in [values.yaml](values.yaml)), by passing it as a parameter in the install command line +```bash +helm upgrade --install artifactory --namespace artifactory --set postgresql.postgresqlPassword=12_hX34qwerQ2 center/jfrog/artifactory +``` + +You can customise other parameters in the same way, by passing them on `helm install` command line. + +### Deleting Artifactory + +On helm v2: +```bash +helm delete --purge artifactory +``` + +On helm v3: +```bash +helm delete artifactory --namespace artifactory +``` +This will completely delete your Artifactory Pro deployment. +**IMPORTANT:** This will also delete your data volumes. You will lose all data! + +### Kubernetes Secret for Artifactory License +##### Use an existing secret +You can deploy the Artifactory license as a [Kubernetes secret](https://kubernetes.io/docs/concepts/configuration/secret/). +Prepare a text file with the license written in it and create a Kubernetes secret from it. +```bash +# Create the Kubernetes secret (assuming the local license file is 'art.lic') +kubectl create secret generic artifactory-license --from-file=./art.lic + +# Pass the license to helm +helm upgrade --install artifactory --set artifactory.license.secret=artifactory-license,artifactory.license.dataKey=art.lic --namespace artifactory center/jfrog/artifactory +``` +**NOTE:** This method is relevant for initial deployment only! Once Artifactory is deployed, you should not keep passing these parameters as the license is already persisted into Artifactory's storage (they will be ignored). +Updating the license should be done via Artifactory UI or REST API. +If you want to keep managing the artifactory license using the same method, you can use the copyOnEveryStartup example shown in the values.yaml file + +##### Create the secret as part of the helm release +values.yaml +```yaml +artifactory: + license: + licenseKey: |- + +``` + +```bash +helm upgrade --install artifactory -f values.yaml --namespace artifactory center/jfrog/artifactory +``` +**NOTE:** This method is relevant for initial deployment only! Once Artifactory is deployed, you should not keep passing these parameters as the license is already persisted into Artifactory's storage (they will be ignored). +Updating the license should be done via Artifactory UI or REST API. +If you want to keep managing the artifactory license using the same method, you can use the copyOnEveryStartup example shown in the values.yaml file + + +### copyOnEveryStartup feature +Files stored in the `/artifactory-extra-conf` directory are only copied to the `ARTIFACTORY_HOME/etc` directory upon the first startup. +In some cases, you want your configuration files to be copied to the `ARTIFACTORY_HOME/etc` directory on every startup. +Two examples for that would be: + +1. the binarstore.xml file. If you use the default behaviour, your binarystore.xml configuration will only be copied on the first startup, +which means that changes you make over time to the `binaryStoreXml` configuration will not be applied. In order to make sure your changes are applied on every startup, do the following: +Create a values file with the following values: +```yaml +artifactory: + copyOnEveryStartup: + - source: /artifactory_bootstrap/binarystore.xml + target: etc/artifactory/ +``` + +Install the helm chart with the values file you created: +```bash +helm upgrade --install artifactory --namespace artifactory center/jfrog/artifactory -f values.yaml +``` + +2. Any custom configuration file you have to configure artifactory, such as `logback.xml`: +Create a config map with your `logback.xml` configuration. + +Create a values file with the following values: +```yaml +artifactory: + ## Create a volume pointing to the config map with your configuration file + customVolumes: | + - name: logback-xml-configmap + configMap: + name: logback-xml-configmap + customVolumeMounts: | + - name: logback-xml-configmap + mountPath: /tmp/artifactory-logback/ + copyOnEveryStartup: + - source: /tmp/artifactory-logback/* + target: etc/ +``` + +Install the helm chart with the values file you created: +```bash +helm upgrade --install artifactory --namespace artifactory center/jfrog/artifactory -f values.yaml +``` + +### Configure NetworkPolicy + +NetworkPolicy specifies what ingress and egress is allowed in this namespace. It is encouraged to be more specific whenever possible to increase security of the system. + +In the `networkpolicy` section of values.yaml you can specify a list of NetworkPolicy objects. + +For podSelector, ingress and egress, if nothing is provided then a default `- {}` is applied which is to allow everything. + +A full (but very wide open) example that results in 2 NetworkPolicy objects being created: +```yaml +networkpolicy: + # Allows all ingress and egress to/from artifactory. + - name: artifactory + podSelector: + matchLabels: + app: artifactory + egress: + - {} + ingress: + - {} + # Allows connectivity from artifactory pods to postgresql pods, but no traffic leaving postgresql pod. + - name: postgres + podSelector: + matchLabels: + app: postgresql + ingress: + - from: + - podSelector: + matchLabels: + app: artifactory +``` +### Artifactory JMX Configuration +** You can see some information about the exposed MBeans here - https://www.jfrog.com/confluence/display/RTF/Artifactory+JMX+MBeans + +Enable JMX in your deployment: +```bash +helm upgrade --install artifactory \ + --set artifactory.javaOpts.jmx.enabled=true \ + --namespace artifactory center/jfrog/artifactory +``` +This will enable access to Artifactory with JMX on the default port (9010). +** You have the option to change the port by setting ```artifactory.javaOpts.jmx.port``` to your choice of port + +In order to connect to Artifactory using JMX with jconsole (or any similar tool) installed on your computer, follow the following steps: +1. Enable JMX as described above and Change the Artifactory service to be of type LoadBalancer: +```bash +helm upgrade --install artifactory \ + --set artifactory.javaOpts.jmx.enabled=true \ + --set artifactory.service.type=LoadBalancer \ + --namespace artifactory center/jfrog/artifactory + +``` +2. The default setting for java.rmi.server.hostname is the service name (this is also configurable with ```artifactory.javaOpts.jmx.host```). +So in order to connect to Artifactory with jconsole you should map the Artifactory kuberentes service IP to the service name using your hosts file as such: +``` + artifactory- +``` +3. Launch jconsole with the service address and port: +```bash +jconsole artifactory-: +``` + +### Bootstrapping Artifactory admin password +You can bootstrap the `admin` user password as described in the [bootstrap Artifactory admin credentials](https://www.jfrog.com/confluence/display/JFROG/Users+and+Groups#UsersandGroups-RecreatingtheDefaultAdminUserrecreate) guide. + +1. Create `admin-creds-values.yaml` and provide the IP (By default 127.0.0.1) and password: +```yaml +artifactory: + admin: + ip: "" # Example: "*" to allow access from anywhere + username: "admin" + password: "" +``` + +2. Apply the `admin-creds-values.yaml` file: +```bash +helm upgrade --install artifactory --namespace artifactory center/jfrog/artifactory -f admin-creds-values.yaml +``` + +3. Restart Artifactory Pod (`Kubectl delete pod `) + +### Bootstrapping Artifactory configuration +**IMPORTANT:** Bootstrapping Artifactory needs license. Pass license as shown in above section. + +* User guide to [bootstrap Artifactory Global Configuration](https://www.jfrog.com/confluence/display/RTF/Configuration+Files#ConfigurationFiles-BootstrappingtheGlobalConfiguration) +* User guide to [bootstrap Artifactory Security Configuration](https://www.jfrog.com/confluence/display/RTF/Configuration+Files#ConfigurationFiles-BootstrappingtheSecurityConfiguration) + +1. Create `bootstrap-config.yaml` with artifactory.config.import.xml and security.import.xml as shown below: +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: my-release-bootstrap-config +data: + artifactory.config.import.xml: | + + security.import.xml: | + +``` + +2. Create configMap in Kubernetes: +```bash +kubectl apply -f bootstrap-config.yaml +``` +3. Pass the configMap to helm +```bash +helm upgrade --install artifactory --set artifactory.license.secret=artifactory-license,artifactory.license.dataKey=art.lic,artifactory.configMapName=my-release-bootstrap-config --namespace artifactory center/jfrog/artifactory +``` +OR +```bash +helm upgrade --install artifactory --set artifactory.license.licenseKey=,artifactory.configMapName=my-release-bootstrap-config --namespace artifactory center/jfrog/artifactory +``` + +### Use custom nginx.conf with Nginx + +Steps to create configMap with nginx.conf +* Create `nginx.conf` file. +```bash +kubectl create configmap nginx-config --from-file=nginx.conf +``` +* Pass configMap to helm install +```bash +helm upgrade --install artifactory --set nginx.customConfigMap=nginx-config --namespace artifactory center/jfrog/artifactory +``` + +### Use an external Database + +**For production grade installations it is recommended to use an external PostgreSQL with a static password** + +#### PostgreSQL +There are cases where you will want to use an external PostgreSQL with a different database name e.g. `my-artifactory-db`, then you need set a custom PostgreSQL connection URL, where `my-artifactory-db` is the name of the database. + +This can be done with the following parameters +```bash +... +--set postgresql.enabled=false \ +--set database.type=postgresql \ +--set database.driver=org.postgresql.Driver \ +--set database.url='jdbc:postgresql://${DB_HOST}:${DB_PORT}/my-artifactory-db' \ +--set database.user=${DB_USER} \ +--set database.password=${DB_PASSWORD} \ +... +``` +**NOTE:** You must set `postgresql.enabled=false` in order for the chart to use the `database.*` parameters. Without it, they will be ignored! + +#### Other DB type +There are cases where you will want to use a different database and not the enclosed **PostgreSQL**. +See more details on [configuring the database](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Database) +> The official Artifactory Docker images include the PostgreSQL database driver. +> For other database types, you will have to add the relevant database driver to Artifactory's tomcat/lib + +This can be done with the following parameters +```bash +# Make sure your Artifactory Docker image has the MySQL database driver in it +... +--set postgresql.enabled=false \ +--set artifactory.preStartCommand="mkdir -p /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib; cd /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib && wget -O /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib/mysql-connector-java-5.1.41.jar https://jcenter.bintray.com/mysql/mysql-connector-java/5.1.41/mysql-connector-java-5.1.41.jar" \ +--set database.type=mysql \ +--set database.driver=com.mysql.jdbc.Driver \ +--set database.url=${DB_URL} \ +--set database.user=${DB_USER} \ +--set database.password=${DB_PASSWORD} \ +... +``` +**NOTE:** You must set `postgresql.enabled=false` in order for the chart to use the `database.*` parameters. Without it, they will be ignored! +##### Configuring Artifactory with external Oracle database +To use artifactory with oracledb the required instant client library files, libaio has to be copied to tomcat lib. Also set LD_LIBRARY_PATH env variable. +1. Create a value file with the configuration +```yaml +postgresql: + enabled: false +database: + type: oracle + driver: oracle.jdbc.OracleDriver + url: + user: + password: +artifactory: + preStartCommand: "mkdir -p /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib; cd /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib && wget -O instantclient-basic-linux.x64-19.6.0.0.0dbru.zip https://download.oracle.com/otn_software/linux/instantclient/19600/instantclient-basic-linux.x64-19.6.0.0.0dbru.zip && unzip -jn instantclient-basic-linux.x64-19.6.0.0.0dbru.zip && wget -O libaio1_0.3.110-3_amd64.deb http://ftp.br.debian.org/debian/pool/main/liba/libaio/libaio1_0.3.110-3_amd64.deb && dpkg-deb -x libaio1_0.3.110-3_amd64.deb . && cp lib/x86_64-linux-gnu/* ." + extraEnvironmentVariables: + - name: LD_LIBRARY_PATH + value: /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib +``` +2. Install Artifactory with the values file you created: +```bash +helm upgrade --install artifactory center/jfrog/artifactory --namespace artifactory -f values-oracle.yaml +``` +**NOTE:** If its an upgrade from 6.x to 7.x, add same `preStartCommand` under `artifactory.migration.preStartCommand` + +#### Using pre-existing Kubernetes Secret +If you store your database credentials in a pre-existing Kubernetes `Secret`, you can specify them via `database.secrets` instead of `database.user` and `database.password`: +```bash +# Create a secret containing the database credentials +kubectl create secret generic my-secret --from-literal=user=${DB_USER} --from-literal=password=${DB_PASSWORD} +... +--set postgresql.enabled=false \ +--set database.secrets.user.name=my-secret \ +--set database.secrets.user.key=user \ +--set database.secrets.password.name=my-secret \ +--set database.secrets.password.key=password \ +--set database.secrets.url.name=my-secret \ +--set database.secrets.url.key=url \ +... +``` + +### Deleting Artifactory +To delete the Artifactory. + +On helm v2: +```bash +helm delete --purge artifactory +``` + +On helm v3: +```bash +helm delete artifactory --namespace artifactory +``` +This will completely delete your Artifactory HA cluster. + +### Custom Docker registry for your images +If you need to pull your Docker images from a private registry, you need to create a +[Kubernetes Docker registry secret](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/) and pass it to helm +```bash +# Create a Docker registry secret called 'regsecret' +kubectl create secret docker-registry regsecret --docker-server= --docker-username= --docker-password= --docker-email= +``` +Once created, you pass it to `helm` +```bash +helm upgrade --install artifactory --set imagePullSecrets=regsecret --namespace artifactory center/jfrog/artifactory +``` + +### Logger sidecars +This chart provides the option to add sidecars to tail various logs from Artifactory. See the available values in [values.yaml](values.yaml) + +Get list of containers in the pod +```bash +kubectl get pods -n -o jsonpath='{.spec.containers[*].name}' | tr ' ' '\n' +``` + +View specific log +```bash +kubectl logs -n -c +``` + +### Custom init containers +There are cases where a special, unsupported init processes is needed like checking something on the file system or testing something before spinning up the main container. + +For this, there is a section for writing a custom init container in the [values.yaml](values.yaml). By default it's commented out +```yaml +artifactory: + ## Add custom init containers + customInitContainers: | + ## Init containers template goes here ## +``` + +### Custom sidecar containers +There are cases where an extra sidecar container is needed. For example monitoring agents or log collection. + +For this, there is a section for writing a custom sidecar container in the [values.yaml](values.yaml). By default it's commented out +```yaml +artifactory: + ## Add custom sidecar containers + customSidecarContainers: | + ## Sidecar containers template goes here ## +``` + +### Custom volumes +If you need to use a custom volume in a custom init or sidecar container, you can use this option. + +For this, there is a section for defining custom volumes in the [values.yaml](values.yaml). By default it's commented out +```yaml +artifactory: + ## Add custom volumes + customVolumes: | + ## Custom volume comes here ## +``` + +### Custom secrets +If you need to add a custom secret in a custom init or sidecar container, you can use this option. + +For this, there is a section for defining custom secrets in the [values.yaml](values.yaml). By default it's commented out +```yaml +artifactory: + # Add custom secrets - secret per file + customSecrets: + - name: custom-secret + key: custom-secret.yaml + data: > + secret data +``` + +To use a custom secret, need to define a custom volume. +```yaml +artifactory: + ## Add custom volumes + customVolumes: | + - name: custom-secret + secret: + secretName: custom-secret +``` + +To use a volume, need to define a volume mount as part of a custom init or sidecar container. +```yaml +artifactory: + customSidecarContainers: + - name: side-car-container + volumeMounts: + - name: custom-secret + mountPath: /opt/custom-secret.yaml + subPath: custom-secret.yaml + readOnly: true +``` + +You can configure the sidecar to run as a custom user if needed by setting the following in the container template +```yaml + # Example of running container as root (id 0) + securityContext: + runAsUser: 0 + fsGroup: 0 +``` + +### Add Artifactory User Plugin during installation +If you need to add [Artifactory User Plugin](https://github.com/jfrog/artifactory-user-plugins), you can use this option. + +Create a secret with [Artifactory User Plugin](https://github.com/jfrog/artifactory-user-plugins) by following command: +```bash +# Secret with single user plugin +kubectl create secret generic archive-old-artifacts --from-file=archiveOldArtifacts.groovy --namespace=artifactory + +# Secret with single user plugin with configuration file +kubectl create secret generic webhook --from-file=webhook.groovy --from-file=webhook.config.json.sample --namespace=artifactory +``` + +Add plugin secret names to `plugins.yaml` as following: +```yaml +artifactory: + userPluginSecrets: + - archive-old-artifacts + - webhook +``` + +You can now pass the created `plugins.yaml` file to helm install command to deploy Artifactory with user plugins as follows: +```bash +helm upgrade --install artifactory -f plugins.yaml --namespace artifactory center/jfrog/artifactory +``` + +Alternatively, you may be in a situation in which you would like to create a secret in a Helm chart that depends on this chart. In this scenario, the name of the secret is likely dynamically generated via template functions, so passing a statically named secret isn't possible. In this case, the chart supports evaluating strings as templates via the [`tpl`](https://helm.sh/docs/charts_tips_and_tricks/#using-the-tpl-function) function - simply pass the raw string containing the templating language used to name your secret as a value instead by adding the following to your chart's `values.yaml` file: +```yaml +artifactory: # Name of the artifactory dependency + artifactory: + userPluginSecrets: + - '{{ template "my-chart.fullname" . }}' +``` +For additional information, please refer [here](https://www.jfrog.com/confluence/display/JFROG/User+Plugins). + +### Provide custom configMaps to Artifactory +If you want to mount a custom file to Artifactory, either an init shell script or a custom configuration file (such as `logback.xml`), you can use this option. + +Create a `configmaps.yaml` file with the following content: +```yaml +artifactory: + configMaps: | + logback.xml: | + + + + + %date [%-5level] \(%-20c{3}:%L\) %message%n + + + + + + + + + + + + + + + my-custom-post-start-hook.sh: | + echo "This is my custom post start hook" + + customVolumeMounts: | + - name: artifactory-configmaps + mountPath: /tmp/my-config-map + + postStartCommand: | + chmod +x /tmp/my-config-map/my-custom-post-start-hook.sh; + /tmp/my-config-map/my-custom-post-start-hook.sh; + + copyOnEveryStartup: + - source: /tmp/my-config-map/logback.xml + target: etc/ + +``` + +and use it with you helm install/upgrade: +```bash +helm upgrade --install artifactory -f configmaps.yaml --namespace artifactory center/jfrog/artifactory +``` + +This will, in turn: +* create a configMap with the files you specified above +* create a volume pointing to the configMap with the name `artifactory-configmaps` +* Mount said configMap onto `/tmp/my-config-map` using a `customVolumeMounts` +* Set the shell script we mounted as the `postStartCommand` +* Copy the `logback.xml` file to its proper location in the `$ARTIFACTORY_HOME/etc` directory. + +### Establishing TLS and Adding certificates +In HTTPS, the communication protocol is encrypted using Transport Layer Security (TLS). By default, TLS between JFrog Platform nodes is disabled. +When TLS is enabled, JFrog Access acts as the Certificate Authority (CA) signs the TLS certificates used by all the different JFrog Platform nodes. + +To establish TLS between JFrog Platform nodes: +Enable TLS by changing the tls entry (under the security section) in the access.config.yaml file. For more info, Please refer [here](https://www.jfrog.com/confluence/display/JFROG/Managing+TLS+Certificates#ManagingTLSCertificates) + +To enable tls in charts, set `tls` to true under `access` in [values.yaml](values.yaml). By default it's false +```yaml +access: + accessConfig: + security: + tls: true +``` + +To add custom tls certificates, create a tls secret from the certificate files. + +```bash +kubectl create secret tls --cert=ca.crt --key=ca.private.key +``` + +For resetting access certificates , you can set `resetAccessCAKeys` to true under access section in [values.yaml](values.yaml) and perform an helm upgrade. +* Note : Once helm upgrade is done, set `resetAccessCAKeys` to false for subsequent upgrades (to avoid resetting access certificates on every helm upgrade) +```yaml +access: + accessConfig: + security: + tls: true + customCertificatesSecretName: + resetAccessCAKeys: true +``` + +### Artifactory filebeat +If you want to collect logs from your Artifactory installation and send them to a central log collection solution like ELK, you can use this option. + +Create a `filebeat.yaml` values file with the following content: +```yaml +filebeat: + enabled: true + logstashUrl: + resources: + requests: + memory: "100Mi" + cpu: "100m" + limits: + memory: "100Mi" + cpu: "100m" +``` + +You can optionally customize the `filebeat.yaml` to send output to a different location like so: +```yaml +filebeat: + enabled: true + filebeatYml: | + +``` + +and use it with you helm install/upgrade: +```bash +helm upgrade --install artifactory -f filebeat.yaml --namespace artifactory center/jfrog/artifactory +``` + +### Install Artifactory with Nginx and Terminate SSL in Nginx Service(LoadBalancer). +To install the helm chart with performing SSL offload in the LoadBalancer layer of Nginx +For Ex: Using AWS ACM certificates to do SSL offload in the loadbalancer layer. +In order to do that, simply add the following to a `artifactory-ssl-values.yaml` file: +```yaml + nginx: + https: + enabled: false + service: + ssloffload: true + annotations: + service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:xx-xxxx:xxxxxxxx:certificate/xxxxxxxxxxxxx" + service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http" + service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https" +``` + +and use it with you helm install/upgrade: +```bash +helm upgrade --install artifactory -f artifactory-ssl-values.yaml --namespace artifactory center/jfrog/artifactory +``` + +### Ingress and TLS +To get Helm to create an ingress object with a hostname, add these below lines to `artifactory-ingress-values.yaml` file +```yaml + ingress: + enabled: true + hosts: + - artifactory.company.com + artifactory: + service: + type: NodePort + nginx + enabled: false +``` + +and use it with you helm install/upgrade: +```bash +helm upgrade --install artifactory -f artifactory-ingress-values.yaml --namespace artifactory center/jfrog/artifactory +``` + +If your cluster allows automatic creation/retrieval of TLS certificates (e.g. [cert-manager](https://github.com/jetstack/cert-manager)), please refer to the documentation for that mechanism. + +To manually configure TLS, first create/retrieve a key & certificate pair for the address(es) you wish to protect. Then create a TLS secret in the namespace: + +```bash +kubectl create secret tls artifactory-tls --cert=path/to/tls.cert --key=path/to/tls.key +``` + +Include the secret's name, along with the desired hostnames, in the Artifactory Ingress TLS section of your custom `values.yaml` file: + +```yaml + ingress: + ## If true, Artifactory Ingress will be created + ## + enabled: true + + ## Artifactory Ingress hostnames + ## Must be provided if Ingress is enabled + ## + hosts: + - artifactory.domain.com + annotations: + kubernetes.io/tls-acme: "true" + ## Artifactory Ingress TLS configuration + ## Secrets must be manually created in the namespace + ## + tls: + - secretName: artifactory-tls + hosts: + - artifactory.domain.com +``` + +### Ingress annotations + +This example specifically enables Artifactory to work as a Docker Registry using the Repository Path method. See [Artifactory as Docker Registry](https://www.jfrog.com/confluence/display/RTF/Getting+Started+with+Artifactory+as+a+Docker+Registry) documentation for more information about this setup. + +```yaml +ingress: + enabled: true + defaultBackend: + enabled: false + hosts: + - myhost.example.com + annotations: + ingress.kubernetes.io/force-ssl-redirect: "true" + ingress.kubernetes.io/proxy-body-size: "0" + ingress.kubernetes.io/proxy-read-timeout: "600" + ingress.kubernetes.io/proxy-send-timeout: "600" + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/configuration-snippet: | + rewrite ^/(v2)/token /artifactory/api/docker/null/v2/token; + rewrite ^/(v2)/([^\/]*)/(.*) /artifactory/api/docker/$2/$1/$3; + nginx.ingress.kubernetes.io/proxy-body-size: "0" + tls: + - hosts: + - "myhost.example.com" +``` + +If you're using Artifactory as SSO provider (e.g. with xray), you will need to have the following annotations, and change with your domain: +```yaml +.. + annotations: + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/configuration-snippet: | + proxy_pass_header Server; + proxy_set_header X-JFrog-Override-Base-Url https://; +``` + +### Ingress additional rules + +You have the option to add additional ingress rules to the Artifactory ingress. An example for this use case can be routing the /xray path to Xray. +In order to do that, simply add the following to a `artifactory-values.yaml` file: +```yaml +ingress: + enabled: true + + defaultBackend: + enabled: false + + annotations: + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/configuration-snippet: | + rewrite "(?i)/xray(/|$)(.*)" /$2 break; + + additionalRules: | + - host: + http: + paths: + - path: / + backend: + serviceName: + servicePort: + - path: /xray + backend: + serviceName: + servicePort: + - path: /artifactory + backend: + serviceName: {{ template "artifactory.nginx.fullname" . }} + servicePort: {{ .Values.nginx.externalPortHttp }} +``` + +and running: +```bash +helm upgrade --install xray center/jfrog/artifactory -f artifactory-values.yaml +``` + +### Dedicated Ingress object for replicator service + +You have the option to add additional ingress object to the Replicator service. An example for this use case can be routing the /replicator/ path to Artifactory. +In order to do that, simply add the following to a `artifactory-values.yaml` file: + +```yaml +artifactory: + replicator: + enabled: true + ingress: + name: + hosts: + - myhost.example.com + annotations: + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/proxy-buffering: "off" + nginx.ingress.kubernetes.io/configuration-snippet: | + chunked_transfer_encoding on; + tls: + - hosts: + - "myhost.example.com" + secretName: +``` + +### Ingress behind another load balancer +If you are running a load balancer, that is used to offload the TLS, in front of Nginx Ingress Controller, or if you are setting **X-Forwarded-*** headers, you might want to enable **'use-forwarded-headers=true'** option. Otherwise nginx will be filling those headers with the request information it receives from the external load balancer. + +To enable it with `helm install` +```bash +helm upgrade --install nginx-ingress --namespace nginx-ingress center/kubernetes-ingress-nginx/ingress-nginx --set-string controller.config.use-forwarded-headers=true +``` +or `helm upgrade` +```bash +helm upgrade nginx-ingress --set-string controller.config.use-forwarded-headers=true center/kubernetes-ingress-nginx/ingress-nginx +``` +or create a values.yaml file with the following content: +```yaml +controller: + config: + use-forwarded-headers: "true" +``` +Then install nginx-ingress with the values file you created: +```bash +helm upgrade --install nginx-ingress --namespace nginx-ingress center/kubernetes-ingress-nginx/ingress-nginx -f values.yaml +``` +This will start sending your Artifactory logs to the log aggregator of your choice, based on your configuration in the `filebeatYml` + +### Log Analytics + +#### FluentD, Prometheus and Grafana + +To configure Prometheus and Grafana to gather metrics from Artifactory through the use of FluentD, please refer to the log analytics repo: + +https://github.com/jfrog/log-analytics-prometheus + +That repo contains a file `artifactory-values.yaml` that can be used to deploy Prometheus, Service Monitor, and Grafana with this chart. + + +## Useful links +- https://www.jfrog.com/confluence/display/EP/Getting+Started +- https://www.jfrog.com/confluence/display/RTF/Installing+Artifactory +- https://www.jfrog.com/confluence/ diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/ReverseProxyConfiguration.md b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/ReverseProxyConfiguration.md new file mode 100644 index 000000000..38c4a9eaa --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/ReverseProxyConfiguration.md @@ -0,0 +1,140 @@ +# JFrog Artifactory Reverse Proxy Settings using Nginx + +#### Reverse Proxy +* To use Artifactory as docker registry it's mandatory to use Reverse Proxy. +* Artifactory provides a Reverse Proxy Configuration Generator screen in which you can fill in a set of fields to generate +the required configuration snippet which you can then download and install directly in the corresponding directory of your reverse proxy server. +* To learn about configuring NGINX or Apache for reverse proxy refer to documentation provided on [JFrog wiki](https://www.jfrog.com/confluence/display/RTF/Configuring+a+Reverse+Proxy) +* By default Artifactory helm chart uses Nginx for reverse proxy and load balancing. + +**Note**: Nginx image distributed with Artifactory helm chart is custom image managed and maintained by JFrog. + +#### Features of Artifactory Nginx +* Provides default configuration with self signed SSL certificate generated on each helm install/upgrade. +* Persist configuration and SSL certificate in `/var/opt/jfrog/nginx` directory + +#### Changing the default Artifactory nginx conf +Use a values.yaml file for changing the value of nginx.mainConf or nginx.artifactoryConf +These configuration will be mounted to the nginx container using a configmap. +For example: +1. Create a values file `nginx-values.yaml` with the following values: +```yaml +nginx: + artifactoryConf: | + ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; + ssl_certificate {{ .Values.nginx.persistence.mountPath }}/ssl/tls.crt; + ssl_certificate_key {{ .Values.nginx.persistence.mountPath }}/ssl/tls.key; + ssl_session_cache shared:SSL:1m; + ssl_prefer_server_ciphers on; + ## server configuration + server { + listen {{ .Values.nginx.internalPortHttps }} ssl; + listen {{ .Values.nginx.internalPortHttp }} ; + ## Change to you DNS name you use to access Artifactory + server_name ~(?.+)\.{{ include "artifactory.fullname" . }} {{ include "artifactory.fullname" . }}; + + if ($http_x_forwarded_proto = '') { + set $http_x_forwarded_proto $scheme; + } + ## Application specific logs + ## access_log /var/log/nginx/artifactory-access.log timing; + ## error_log /var/log/nginx/artifactory-error.log; + rewrite ^/$ /artifactory/webapp/ redirect; + rewrite ^/artifactory/?(/webapp)?$ /artifactory/webapp/ redirect; + if ( $repo != "" ) { + rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/$repo/$1/$2 break; + } + rewrite ^/(v1|v2)/([^/]+)(.*)$ /artifactory/api/docker/$2/$1/$3; + rewrite ^/(v1|v2)/ /artifactory/api/docker/$1/; + chunked_transfer_encoding on; + client_max_body_size 0; + location /artifactory/ { + proxy_read_timeout 900; + proxy_pass_header Server; + proxy_cookie_path ~*^/.* /; + if ( $request_uri ~ ^/artifactory/(.*)$ ) { + proxy_pass http://{{ include "artifactory.fullname" . }}:{{ .Values.artifactory.externalPort }}/artifactory/$1; + } + proxy_pass http://{{ include "artifactory.fullname" . }}:{{ .Values.artifactory.externalPort }}/artifactory/; + proxy_set_header X-Artifactory-Override-Base-Url $http_x_forwarded_proto://$host:$server_port/artifactory; + proxy_set_header X-Forwarded-Port $server_port; + proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + } +``` + +2. Install/upgrade artifactory: +```bash +helm upgrade --install artifactory jfrog/artifactory -f nginx-values.yaml +``` + + +#### Steps to use static configuration for reverse proxy in nginx. +1. Get Artifactory service name using this command `kubectl get svc -n $NAMESPACE` + +2. Create `artifactory.conf` file with nginx configuration. More [nginx configuration examples](https://github.com/jfrog/artifactory-docker-examples/tree/master/files/nginx/conf.d) + + Following is example `artifactory.conf` + + **Note**: + * Create file with name `artifactory.conf` as it's fixed in configMap key. + * Replace `artifactory-artifactory` with service name taken from step 1. + + ```bash + ## add ssl entries when https has been set in config + ssl_certificate /var/opt/jfrog/nginx/ssl/tls.crt; + ssl_certificate_key /var/opt/jfrog/nginx/ssl/tls.key; + ssl_session_cache shared:SSL:1m; + ssl_prefer_server_ciphers on; + ## server configuration + server { + listen 443 ssl; + listen 80; + ## Change to you DNS name you use to access Artifactory + server_name ~(?.+)\.artifactory-artifactory artifactory-artifactory; + + if ($http_x_forwarded_proto = '') { + set $http_x_forwarded_proto $scheme; + } + ## Application specific logs + ## access_log /var/log/nginx/artifactory-access.log timing; + ## error_log /var/log/nginx/artifactory-error.log; + rewrite ^/$ /artifactory/webapp/ redirect; + rewrite ^/artifactory/?(/webapp)?$ /artifactory/webapp/ redirect; + if ( $repo != "" ) { + rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/$repo/$1/$2 break; + } + rewrite ^/(v1|v2)/([^/]+)(.*)$ /artifactory/api/docker/$2/$1/$3; + rewrite ^/(v1|v2)/ /artifactory/api/docker/$1/; + chunked_transfer_encoding on; + client_max_body_size 0; + location /artifactory/ { + proxy_read_timeout 900; + proxy_pass_header Server; + proxy_cookie_path ~*^/.* /; + if ( $request_uri ~ ^/artifactory/(.*)$ ) { + proxy_pass http://artifactory-artifactory:8081/artifactory/$1 break; + } + proxy_pass http://artifactory-artifactory:8081/artifactory/; + proxy_set_header X-Artifactory-Override-Base-Url $http_x_forwarded_proto://$host:$server_port/artifactory; + proxy_set_header X-Forwarded-Port $server_port; + proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + } + ``` + +3. Create configMap of `artifactory.conf` created with step above. + ```bash + kubectl create configmap art-nginx-conf --from-file=artifactory.conf + ``` +4. Deploy Artifactory using helm chart. + You can achieve this by providing the name of configMap created above to `nginx.customArtifactoryConfigMap` in [values.yaml](values.yaml) + + Following is command to set values at runtime: + ```bash + helm install --name artifactory nginx.customArtifactoryConfigMap=art-nginx-conf jfrog/artifactory + ``` \ No newline at end of file diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/UPGRADE_NOTES.md b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/UPGRADE_NOTES.md new file mode 100644 index 000000000..4ba17d0c9 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/UPGRADE_NOTES.md @@ -0,0 +1,39 @@ +# JFrog Artifactory Chart Upgrade Notes +This file describes special upgrade notes needed at specific versions + +## Upgrade from 8.X to 9.X and above (Chart Versions) + +* If this is a new deployment or you already use an external database (`postgresql.enabled=false`), these changes **do not affect you!** +* To upgrade from a version prior to 8.x, you first need to upgrade to latest version of 8.x as described in https://github.com/jfrog/charts/blob/master/stable/artifactory/CHANGELOG.md. +* Note: If you are upgrading from 8.x to 11.x and above chart versions, please delete the existing statefulset of postgresql before upgrading the chart due to breaking changes in postgresql subchart. +```bash +kubectl delete statefulsets -postgresql +``` + +## Upgrade from 7.X to 8.X (Chart Versions) +**DOWNTIME IS REQUIRED FOR AN UPGRADE!** +* If this is a new deployment or you already use an external database (`postgresql.enabled=false`), these changes **do not affect you!** +* PostgreSQL sub chart was upgraded to version `6.5.x`. This version is not backward compatible with the old version (`0.9.5`)! +* Note the following **PostgreSQL** Helm chart changes + * The chart configuration has changed! See [values.yaml](values.yaml) for the new keys used + * **PostgreSQL** is deployed as a StatefulSet + * See [PostgreSQL helm chart](https://hub.helm.sh/charts/stable/postgresql) for all available configurations +* Upgrade + * Due to breaking changes in the **PostgreSQL** Helm chart, a migration of the database is needed from the old to the new database + * The recommended migration process is the [full system export and import](https://www.jfrog.com/confluence/display/RTF/Importing+and+Exporting) + * **NOTE:** To save time, export only metadata and configuration (check `Exclude Content` in the `System Import & Export`) since the Artifactory filestore is persisted + * Upgrade steps: + 1. Block user access to Artifactory (do not shutdown) + 2. Perform `Export System` from the `Admin` -> `Import & Export` -> `System` -> `Export System` + a. Check `Exclude Content` to save export size (as Artifactory filestore will persist across upgrade) + b. Choose to save the export on the persisted Artifactory volume (`/var/opt/jfrog/artifactory/`) + c. Click `Export` (this can take some time) + 3. Run the `helm upgrade` with the new version. Old PostgreSQL will be removed and new one deployed + a. You must pass explicit "ready for upgrade flag" with `--set databaseUpgradeReady=yes`. Failing to provide this will block the upgrade! + 4. Once ready, open Artifactory UI (you might need to re-enter a valid license). Skip all onboarding wizard steps + a. **NOTE:** Don't worry you can't see the old config and files. It will all restore with the system import in the next step + 5. Perform `Import System` from the `Admin` -> `Import & Export` -> `System` -> `Import System` + a. Browse to where the export was saved Artifactory volume (`/var/opt/jfrog/artifactory/`) + b. Click `Import` (this can take some time) + 6. Restore access to Artifactory + * Artifactory should now be ready to get back to normal operation diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/.helmignore b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/.helmignore new file mode 100644 index 000000000..f0c131944 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/Chart.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/Chart.yaml new file mode 100644 index 000000000..2f858e60e --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/Chart.yaml @@ -0,0 +1,23 @@ +annotations: + category: Database +apiVersion: v1 +appVersion: 11.9.0 +description: Chart for PostgreSQL, an object-relational database management system (ORDBMS) with an emphasis on extensibility and on standards-compliance. +home: https://www.postgresql.org/ +icon: https://bitnami.com/assets/stacks/postgresql/img/postgresql-stack-110x117.png +keywords: +- postgresql +- postgres +- database +- sql +- replication +- cluster +maintainers: +- email: containers@bitnami.com + name: Bitnami +- email: cedric@desaintmartin.fr + name: desaintmartin +name: postgresql +sources: +- https://github.com/bitnami/bitnami-docker-postgresql +version: 9.3.4 diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/README.md b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/README.md new file mode 100644 index 000000000..319291bc6 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/README.md @@ -0,0 +1,680 @@ +# PostgreSQL + +[PostgreSQL](https://www.postgresql.org/) is an object-relational database management system (ORDBMS) with an emphasis on extensibility and on standards-compliance. + +For HA, please see [this repo](https://github.com/bitnami/charts/tree/master/bitnami/postgresql-ha) + +## TL;DR + +```console +$ helm repo add bitnami https://charts.bitnami.com/bitnami +$ helm install my-release bitnami/postgresql +``` + +## Introduction + +This chart bootstraps a [PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/). + +## Prerequisites + +- Kubernetes 1.12+ +- Helm 2.12+ or Helm 3.0-beta3+ +- PV provisioner support in the underlying infrastructure + +## Installing the Chart +To install the chart with the release name `my-release`: + +```console +$ helm install my-release bitnami/postgresql +``` + +The command deploys PostgreSQL on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```console +$ helm delete my-release +``` + +The command removes all the Kubernetes components but PVC's associated with the chart and deletes the release. + +To delete the PVC's associated with `my-release`: + +```console +$ kubectl delete pvc -l release=my-release +``` + +> **Note**: Deleting the PVC's will delete postgresql data as well. Please be cautious before doing it. + +## Parameters + +The following tables lists the configurable parameters of the PostgreSQL chart and their default values. + +| Parameter | Description | Default | +|-----------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------| +| `global.imageRegistry` | Global Docker Image registry | `nil` | +| `global.postgresql.postgresqlDatabase` | PostgreSQL database (overrides `postgresqlDatabase`) | `nil` | +| `global.postgresql.postgresqlUsername` | PostgreSQL username (overrides `postgresqlUsername`) | `nil` | +| `global.postgresql.existingSecret` | Name of existing secret to use for PostgreSQL passwords (overrides `existingSecret`) | `nil` | +| `global.postgresql.postgresqlPassword` | PostgreSQL admin password (overrides `postgresqlPassword`) | `nil` | +| `global.postgresql.servicePort` | PostgreSQL port (overrides `service.port`) | `nil` | +| `global.postgresql.replicationPassword` | Replication user password (overrides `replication.password`) | `nil` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | +| `global.storageClass` | Global storage class for dynamic provisioning | `nil` | +| `image.registry` | PostgreSQL Image registry | `docker.io` | +| `image.repository` | PostgreSQL Image name | `bitnami/postgresql` | +| `image.tag` | PostgreSQL Image tag | `{TAG_NAME}` | +| `image.pullPolicy` | PostgreSQL Image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Specify Image pull secrets | `nil` (does not add image pull secrets to deployed pods) | +| `image.debug` | Specify if debug values should be set | `false` | +| `nameOverride` | String to partially override postgresql.fullname template with a string (will prepend the release name) | `nil` | +| `fullnameOverride` | String to fully override postgresql.fullname template with a string | `nil` | +| `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work) | `false` | +| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | +| `volumePermissions.image.repository` | Init container volume-permissions image name | `bitnami/minideb` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag | `buster` | +| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `Always` | +| `volumePermissions.securityContext.runAsUser` | User ID for the init container (when facing issues in OpenShift or uid unknown, try value "auto") | `0` | +| `usePasswordFile` | Have the secrets mounted as a file instead of env vars | `false` | +| `ldap.enabled` | Enable LDAP support | `false` | +| `ldap.existingSecret` | Name of existing secret to use for LDAP passwords | `nil` | +| `ldap.url` | LDAP URL beginning in the form `ldap[s]://host[:port]/basedn[?[attribute][?[scope][?[filter]]]]` | `nil` | +| `ldap.server` | IP address or name of the LDAP server. | `nil` | +| `ldap.port` | Port number on the LDAP server to connect to | `nil` | +| `ldap.scheme` | Set to `ldaps` to use LDAPS. | `nil` | +| `ldap.tls` | Set to `1` to use TLS encryption | `nil` | +| `ldap.prefix` | String to prepend to the user name when forming the DN to bind | `nil` | +| `ldap.suffix` | String to append to the user name when forming the DN to bind | `nil` | +| `ldap.search_attr` | Attribute to match agains the user name in the search | `nil` | +| `ldap.search_filter` | The search filter to use when doing search+bind authentication | `nil` | +| `ldap.baseDN` | Root DN to begin the search for the user in | `nil` | +| `ldap.bindDN` | DN of user to bind to LDAP | `nil` | +| `ldap.bind_password` | Password for the user to bind to LDAP | `nil` | +| `replication.enabled` | Enable replication | `false` | +| `replication.user` | Replication user | `repl_user` | +| `replication.password` | Replication user password | `repl_password` | +| `replication.slaveReplicas` | Number of slaves replicas | `1` | +| `replication.synchronousCommit` | Set synchronous commit mode. Allowed values: `on`, `remote_apply`, `remote_write`, `local` and `off` | `off` | +| `replication.numSynchronousReplicas` | Number of replicas that will have synchronous replication. Note: Cannot be greater than `replication.slaveReplicas`. | `0` | +| `replication.applicationName` | Cluster application name. Useful for advanced replication settings | `my_application` | +| `existingSecret` | Name of existing secret to use for PostgreSQL passwords. The secret has to contain the keys `postgresql-postgres-password` which is the password for `postgresqlUsername` when it is different of `postgres`, `postgresql-password` which will override `postgresqlPassword`, `postgresql-replication-password` which will override `replication.password` and `postgresql-ldap-password` which will be sed to authenticate on LDAP. The value is evaluated as a template. | `nil` | +| `postgresqlPostgresPassword` | PostgreSQL admin password (used when `postgresqlUsername` is not `postgres`, in which case`postgres` is the admin username). | _random 10 character alphanumeric string_ | +| `postgresqlUsername` | PostgreSQL user (creates a non-admin user when `postgresqlUsername` is not `postgres`) | `postgres` | +| `postgresqlPassword` | PostgreSQL user password | _random 10 character alphanumeric string_ | +| `postgresqlDatabase` | PostgreSQL database | `nil` | +| `postgresqlDataDir` | PostgreSQL data dir folder | `/bitnami/postgresql` (same value as persistence.mountPath) | +| `extraEnv` | Any extra environment variables you would like to pass on to the pod. The value is evaluated as a template. | `[]` | +| `extraEnvVarsCM` | Name of a Config Map containing extra environment variables you would like to pass on to the pod. The value is evaluated as a template. | `nil` | +| `postgresqlInitdbArgs` | PostgreSQL initdb extra arguments | `nil` | +| `postgresqlInitdbWalDir` | PostgreSQL location for transaction log | `nil` | +| `postgresqlConfiguration` | Runtime Config Parameters | `nil` | +| `postgresqlExtendedConf` | Extended Runtime Config Parameters (appended to main or default configuration) | `nil` | +| `pgHbaConfiguration` | Content of pg_hba.conf | `nil (do not create pg_hba.conf)` | +| `configurationConfigMap` | ConfigMap with the PostgreSQL configuration files (Note: Overrides `postgresqlConfiguration` and `pgHbaConfiguration`). The value is evaluated as a template. | `nil` | +| `extendedConfConfigMap` | ConfigMap with the extended PostgreSQL configuration files. The value is evaluated as a template. | `nil` | +| `initdbScripts` | Dictionary of initdb scripts | `nil` | +| `initdbUser` | PostgreSQL user to execute the .sql and sql.gz scripts | `nil` | +| `initdbPassword` | Password for the user specified in `initdbUser` | `nil` | +| `initdbScriptsConfigMap` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`). The value is evaluated as a template. | `nil` | +| `initdbScriptsSecret` | Secret with initdb scripts that contain sensitive information (Note: can be used with `initdbScriptsConfigMap` or `initdbScripts`). The value is evaluated as a template. | `nil` | +| `service.type` | Kubernetes Service type | `ClusterIP` | +| `service.port` | PostgreSQL port | `5432` | +| `service.nodePort` | Kubernetes Service nodePort | `nil` | +| `service.annotations` | Annotations for PostgreSQL service | `{}` (evaluated as a template) | +| `service.loadBalancerIP` | loadBalancerIP if service type is `LoadBalancer` | `nil` | +| `service.loadBalancerSourceRanges` | Address that are allowed when svc is LoadBalancer | `[]` (evaluated as a template) | +| `schedulerName` | Name of the k8s scheduler (other than default) | `nil` | +| `shmVolume.enabled` | Enable emptyDir volume for /dev/shm for master and slave(s) Pod(s) | `true` | +| `shmVolume.chmod.enabled` | Run at init chmod 777 of the /dev/shm (ignored if `volumePermissions.enabled` is `false`) | `true` | +| `persistence.enabled` | Enable persistence using PVC | `true` | +| `persistence.existingClaim` | Provide an existing `PersistentVolumeClaim`, the value is evaluated as a template. | `nil` | +| `persistence.mountPath` | Path to mount the volume at | `/bitnami/postgresql` | +| `persistence.subPath` | Subdirectory of the volume to mount at | `""` | +| `persistence.storageClass` | PVC Storage Class for PostgreSQL volume | `nil` | +| `persistence.accessModes` | PVC Access Mode for PostgreSQL volume | `[ReadWriteOnce]` | +| `persistence.size` | PVC Storage Request for PostgreSQL volume | `8Gi` | +| `persistence.annotations` | Annotations for the PVC | `{}` | +| `commonAnnotations` | Annotations to be added to all deployed resources (rendered as a template) | `{}` | +| `master.nodeSelector` | Node labels for pod assignment (postgresql master) | `{}` | +| `master.affinity` | Affinity labels for pod assignment (postgresql master) | `{}` | +| `master.tolerations` | Toleration labels for pod assignment (postgresql master) | `[]` | +| `master.anotations` | Map of annotations to add to the statefulset (postgresql master) | `{}` | +| `master.labels` | Map of labels to add to the statefulset (postgresql master) | `{}` | +| `master.podAnnotations` | Map of annotations to add to the pods (postgresql master) | `{}` | +| `master.podLabels` | Map of labels to add to the pods (postgresql master) | `{}` | +| `master.priorityClassName` | Priority Class to use for each pod (postgresql master) | `nil` | +| `master.extraInitContainers` | Additional init containers to add to the pods (postgresql master) | `[]` | +| `master.extraVolumeMounts` | Additional volume mounts to add to the pods (postgresql master) | `[]` | +| `master.extraVolumes` | Additional volumes to add to the pods (postgresql master) | `[]` | +| `master.sidecars` | Add additional containers to the pod | `[]` | +| `master.service.type` | Allows using a different service type for Master | `nil` | +| `master.service.nodePort` | Allows using a different nodePort for Master | `nil` | +| `master.service.clusterIP` | Allows using a different clusterIP for Master | `nil` | +| `slave.nodeSelector` | Node labels for pod assignment (postgresql slave) | `{}` | +| `slave.affinity` | Affinity labels for pod assignment (postgresql slave) | `{}` | +| `slave.tolerations` | Toleration labels for pod assignment (postgresql slave) | `[]` | +| `slave.anotations` | Map of annotations to add to the statefulsets (postgresql slave) | `{}` | +| `slave.labels` | Map of labels to add to the statefulsets (postgresql slave) | `{}` | +| `slave.podAnnotations` | Map of annotations to add to the pods (postgresql slave) | `{}` | +| `slave.podLabels` | Map of labels to add to the pods (postgresql slave) | `{}` | +| `slave.priorityClassName` | Priority Class to use for each pod (postgresql slave) | `nil` | +| `slave.extraInitContainers` | Additional init containers to add to the pods (postgresql slave) | `[]` | +| `slave.extraVolumeMounts` | Additional volume mounts to add to the pods (postgresql slave) | `[]` | +| `slave.extraVolumes` | Additional volumes to add to the pods (postgresql slave) | `[]` | +| `slave.sidecars` | Add additional containers to the pod | `[]` | +| `slave.service.type` | Allows using a different service type for Slave | `nil` | +| `slave.service.nodePort` | Allows using a different nodePort for Slave | `nil` | +| `slave.service.clusterIP` | Allows using a different clusterIP for Slave | `nil` | +| `slave.persistence.enabled` | Whether to enable slave replicas persistence | `true` | +| `terminationGracePeriodSeconds` | Seconds the pod needs to terminate gracefully | `nil` | +| `resources` | CPU/Memory resource requests/limits | Memory: `256Mi`, CPU: `250m` | +| `securityContext.enabled` | Enable security context | `true` | +| `securityContext.fsGroup` | Group ID for the container | `1001` | +| `securityContext.runAsUser` | User ID for the container | `1001` | +| `serviceAccount.enabled` | Enable service account (Note: Service Account will only be automatically created if `serviceAccount.name` is not set) | `false` | +| `serviceAccount.name` | Name of existing service account | `nil` | +| `livenessProbe.enabled` | Would you like a livenessProbe to be enabled | `true` | +| `networkPolicy.enabled` | Enable NetworkPolicy | `false` | +| `networkPolicy.allowExternal` | Don't require client label for connections | `true` | +| `networkPolicy.explicitNamespacesSelector` | A Kubernetes LabelSelector to explicitly select namespaces from which ingress traffic could be allowed | `{}` | +| `livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 30 | +| `livenessProbe.periodSeconds` | How often to perform the probe | 10 | +| `livenessProbe.timeoutSeconds` | When the probe times out | 5 | +| `livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | +| `livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | +| `readinessProbe.enabled` | would you like a readinessProbe to be enabled | `true` | +| `readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | 5 | +| `readinessProbe.periodSeconds` | How often to perform the probe | 10 | +| `readinessProbe.timeoutSeconds` | When the probe times out | 5 | +| `readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | +| `readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | +| `tls.enabled` | Enable TLS traffic support | `false` | +| `tls.preferServerCiphers` | Whether to use the server's TLS cipher preferences rather than the client's | `true` | +| `tls.certificatesSecret` | Name of an existing secret that contains the certificates | `nil` | +| `tls.certFilename` | Certificate filename | `""` | +| `tls.certKeyFilename` | Certificate key filename | `""` | +| `tls.certCAFilename` | CA Certificate filename. If provided, PostgreSQL will authenticate TLS/SSL clients by requesting them a certificate. |`nil` | +| `tls.crlFilename` | File containing a Certificate Revocation List |`nil` | +| `metrics.enabled` | Start a prometheus exporter | `false` | +| `metrics.service.type` | Kubernetes Service type | `ClusterIP` | +| `service.clusterIP` | Static clusterIP or None for headless services | `nil` | +| `metrics.service.annotations` | Additional annotations for metrics exporter pod | `{ prometheus.io/scrape: "true", prometheus.io/port: "9187"}` | +| `metrics.service.loadBalancerIP` | loadBalancerIP if redis metrics service type is `LoadBalancer` | `nil` | +| `metrics.serviceMonitor.enabled` | Set this to `true` to create ServiceMonitor for Prometheus operator | `false` | +| `metrics.serviceMonitor.additionalLabels` | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus | `{}` | +| `metrics.serviceMonitor.namespace` | Optional namespace in which to create ServiceMonitor | `nil` | +| `metrics.serviceMonitor.interval` | Scrape interval. If not set, the Prometheus default scrape interval is used | `nil` | +| `metrics.serviceMonitor.scrapeTimeout` | Scrape timeout. If not set, the Prometheus default scrape timeout is used | `nil` | +| `metrics.prometheusRule.enabled` | Set this to true to create prometheusRules for Prometheus operator | `false` | +| `metrics.prometheusRule.additionalLabels` | Additional labels that can be used so prometheusRules will be discovered by Prometheus | `{}` | +| `metrics.prometheusRule.namespace` | namespace where prometheusRules resource should be created | the same namespace as postgresql | +| `metrics.prometheusRule.rules` | [rules](https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/) to be created, check values for an example. | `[]` | +| `metrics.image.registry` | PostgreSQL Exporter Image registry | `docker.io` | +| `metrics.image.repository` | PostgreSQL Exporter Image name | `bitnami/postgres-exporter` | +| `metrics.image.tag` | PostgreSQL Exporter Image tag | `{TAG_NAME}` | +| `metrics.image.pullPolicy` | PostgreSQL Exporter Image pull policy | `IfNotPresent` | +| `metrics.image.pullSecrets` | Specify Image pull secrets | `nil` (does not add image pull secrets to deployed pods) | +| `metrics.customMetrics` | Additional custom metrics | `nil` | +| `metrics.extraEnvVars` | Extra environment variables to add to exporter | `{}` (evaluated as a template) | +| `metrics.securityContext.enabled` | Enable security context for metrics | `false` | +| `metrics.securityContext.runAsUser` | User ID for the container for metrics | `1001` | +| `metrics.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 30 | +| `metrics.livenessProbe.periodSeconds` | How often to perform the probe | 10 | +| `metrics.livenessProbe.timeoutSeconds` | When the probe times out | 5 | +| `metrics.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | +| `metrics.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | +| `metrics.readinessProbe.enabled` | would you like a readinessProbe to be enabled | `true` | +| `metrics.readinessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 5 | +| `metrics.readinessProbe.periodSeconds` | How often to perform the probe | 10 | +| `metrics.readinessProbe.timeoutSeconds` | When the probe times out | 5 | +| `metrics.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | +| `metrics.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | +| `updateStrategy` | Update strategy policy | `{type: "RollingUpdate"}` | +| `psp.create` | Create Pod Security Policy | `false` | +| `rbac.create` | Create Role and RoleBinding (required for PSP to work) | `false` | + + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```console +$ helm install my-release \ + --set postgresqlPassword=secretpassword,postgresqlDatabase=my-database \ + bitnami/postgresql +``` + +The above command sets the PostgreSQL `postgres` account password to `secretpassword`. Additionally it creates a database named `my-database`. + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, + +```console +$ helm install my-release -f values.yaml bitnami/postgresql +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) + +## Configuration and installation details + +### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) + +It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. + +Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. + +### Production configuration and horizontal scaling + +This chart includes a `values-production.yaml` file where you can find some parameters oriented to production configuration in comparison to the regular `values.yaml`. You can use this file instead of the default one. + +- Enable replication: +```diff +- replication.enabled: false ++ replication.enabled: true +``` + +- Number of slaves replicas: +```diff +- replication.slaveReplicas: 1 ++ replication.slaveReplicas: 2 +``` + +- Set synchronous commit mode: +```diff +- replication.synchronousCommit: "off" ++ replication.synchronousCommit: "on" +``` + +- Number of replicas that will have synchronous replication: +```diff +- replication.numSynchronousReplicas: 0 ++ replication.numSynchronousReplicas: 1 +``` + +- Start a prometheus exporter: +```diff +- metrics.enabled: false ++ metrics.enabled: true +``` + +To horizontally scale this chart, you can use the `--replicas` flag to modify the number of nodes in your PostgreSQL deployment. Also you can use the `values-production.yaml` file or modify the parameters shown above. + +### Customizing Master and Slave services in a replicated configuration + +At the top level, there is a service object which defines the services for both master and slave. For deeper customization, there are service objects for both the master and slave types individually. This allows you to override the values in the top level service object so that the master and slave can be of different service types and with different clusterIPs / nodePorts. Also in the case you want the master and slave to be of type nodePort, you will need to set the nodePorts to different values to prevent a collision. The values that are deeper in the master.service or slave.service objects will take precedence over the top level service object. + +### Change PostgreSQL version + +To modify the PostgreSQL version used in this chart you can specify a [valid image tag](https://hub.docker.com/r/bitnami/postgresql/tags/) using the `image.tag` parameter. For example, `image.tag=X.Y.Z`. This approach is also applicable to other images like exporters. + +### postgresql.conf / pg_hba.conf files as configMap + +This helm chart also supports to customize the whole configuration file. + +Add your custom file to "files/postgresql.conf" in your working directory. This file will be mounted as configMap to the containers and it will be used for configuring the PostgreSQL server. + +Alternatively, you can specify PostgreSQL configuration parameters using the `postgresqlConfiguration` parameter as a dict, using camelCase, e.g. {"sharedBuffers": "500MB"}. + +In addition to these options, you can also set an external ConfigMap with all the configuration files. This is done by setting the `configurationConfigMap` parameter. Note that this will override the two previous options. + +### Allow settings to be loaded from files other than the default `postgresql.conf` + +If you don't want to provide the whole PostgreSQL configuration file and only specify certain parameters, you can add your extended `.conf` files to "files/conf.d/" in your working directory. +Those files will be mounted as configMap to the containers adding/overwriting the default configuration using the `include_dir` directive that allows settings to be loaded from files other than the default `postgresql.conf`. + +Alternatively, you can also set an external ConfigMap with all the extra configuration files. This is done by setting the `extendedConfConfigMap` parameter. Note that this will override the previous option. + +### Initialize a fresh instance + +The [Bitnami PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) image allows you to use your custom scripts to initialize a fresh instance. In order to execute the scripts, they must be located inside the chart folder `files/docker-entrypoint-initdb.d` so they can be consumed as a ConfigMap. + +Alternatively, you can specify custom scripts using the `initdbScripts` parameter as dict. + +In addition to these options, you can also set an external ConfigMap with all the initialization scripts. This is done by setting the `initdbScriptsConfigMap` parameter. Note that this will override the two previous options. If your initialization scripts contain sensitive information such as credentials or passwords, you can use the `initdbScriptsSecret` parameter. + +The allowed extensions are `.sh`, `.sql` and `.sql.gz`. + +### Securing traffic using TLS + +TLS support can be enabled in the chart by specifying the `tls.` parameters while creating a release. The following parameters should be configured to properly enable the TLS support in the chart: + +- `tls.enabled`: Enable TLS support. Defaults to `false` +- `tls.certificatesSecret`: Name of an existing secret that contains the certificates. No defaults. +- `tls.certFilename`: Certificate filename. No defaults. +- `tls.certKeyFilename`: Certificate key filename. No defaults. + +For example: + +* First, create the secret with the cetificates files: + + ```console + kubectl create secret generic certificates-tls-secret --from-file=./cert.crt --from-file=./cert.key --from-file=./ca.crt + ``` + +* Then, use the following parameters: + + ```console + volumePermissions.enabled=true + tls.enabled=true + tls.certificatesSecret="certificates-tls-secret" + tls.certFilename="cert.crt" + tls.certKeyFilename="cert.key" + ``` + + > Note TLS and VolumePermissions: PostgreSQL requires certain permissions on sensitive files (such as certificate keys) to start up. Due to an on-going [issue](https://github.com/kubernetes/kubernetes/issues/57923) regarding kubernetes permissions and the use of `securityContext.runAsUser`, you must enable `volumePermissions` to ensure everything works as expected. + +### Sidecars + +If you need additional containers to run within the same pod as PostgreSQL (e.g. an additional metrics or logging exporter), you can do so via the `sidecars` config parameter. Simply define your container according to the Kubernetes container spec. + +```yaml +# For the PostgreSQL master +master: + sidecars: + - name: your-image-name + image: your-image + imagePullPolicy: Always + ports: + - name: portname + containerPort: 1234 +# For the PostgreSQL replicas +slave: + sidecars: + - name: your-image-name + image: your-image + imagePullPolicy: Always + ports: + - name: portname + containerPort: 1234 +``` + +### Metrics + +The chart optionally can start a metrics exporter for [prometheus](https://prometheus.io). The metrics endpoint (port 9187) is not exposed and it is expected that the metrics are collected from inside the k8s cluster using something similar as the described in the [example Prometheus scrape configuration](https://github.com/prometheus/prometheus/blob/master/documentation/examples/prometheus-kubernetes.yml). + +The exporter allows to create custom metrics from additional SQL queries. See the Chart's `values.yaml` for an example and consult the [exporters documentation](https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file) for more details. + +### Use of global variables + +In more complex scenarios, we may have the following tree of dependencies + +``` + +--------------+ + | | + +------------+ Chart 1 +-----------+ + | | | | + | --------+------+ | + | | | + | | | + | | | + | | | + v v v ++-------+------+ +--------+------+ +--------+------+ +| | | | | | +| PostgreSQL | | Sub-chart 1 | | Sub-chart 2 | +| | | | | | ++--------------+ +---------------+ +---------------+ +``` + +The three charts below depend on the parent chart Chart 1. However, subcharts 1 and 2 may need to connect to PostgreSQL as well. In order to do so, subcharts 1 and 2 need to know the PostgreSQL credentials, so one option for deploying could be deploy Chart 1 with the following parameters: + +``` +postgresql.postgresqlPassword=testtest +subchart1.postgresql.postgresqlPassword=testtest +subchart2.postgresql.postgresqlPassword=testtest +postgresql.postgresqlDatabase=db1 +subchart1.postgresql.postgresqlDatabase=db1 +subchart2.postgresql.postgresqlDatabase=db1 +``` + +If the number of dependent sub-charts increases, installing the chart with parameters can become increasingly difficult. An alternative would be to set the credentials using global variables as follows: + +``` +global.postgresql.postgresqlPassword=testtest +global.postgresql.postgresqlDatabase=db1 +``` + +This way, the credentials will be available in all of the subcharts. + +## Persistence + +The [Bitnami PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) image stores the PostgreSQL data and configurations at the `/bitnami/postgresql` path of the container. + +Persistent Volume Claims are used to keep the data across deployments. This is known to work in GCE, AWS, and minikube. +See the [Parameters](#parameters) section to configure the PVC or to disable persistence. + +If you already have data in it, you will fail to sync to standby nodes for all commits, details can refer to [code](https://github.com/bitnami/bitnami-docker-postgresql/blob/8725fe1d7d30ebe8d9a16e9175d05f7ad9260c93/9.6/debian-9/rootfs/libpostgresql.sh#L518-L556). If you need to use those data, please covert them to sql and import after `helm install` finished. + +## NetworkPolicy + +To enable network policy for PostgreSQL, install [a networking plugin that implements the Kubernetes NetworkPolicy spec](https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy#before-you-begin), and set `networkPolicy.enabled` to `true`. + +For Kubernetes v1.5 & v1.6, you must also turn on NetworkPolicy by setting the DefaultDeny namespace annotation. Note: this will enforce policy for _all_ pods in the namespace: + +```console +$ kubectl annotate namespace default "net.beta.kubernetes.io/network-policy={\"ingress\":{\"isolation\":\"DefaultDeny\"}}" +``` + +With NetworkPolicy enabled, traffic will be limited to just port 5432. + +For more precise policy, set `networkPolicy.allowExternal=false`. This will only allow pods with the generated client label to connect to PostgreSQL. +This label will be displayed in the output of a successful install. + +## Differences between Bitnami PostgreSQL image and [Docker Official](https://hub.docker.com/_/postgres) image + +- The Docker Official PostgreSQL image does not support replication. If you pass any replication environment variable, this would be ignored. The only environment variables supported by the Docker Official image are POSTGRES_USER, POSTGRES_DB, POSTGRES_PASSWORD, POSTGRES_INITDB_ARGS, POSTGRES_INITDB_WALDIR and PGDATA. All the remaining environment variables are specific to the Bitnami PostgreSQL image. +- The Bitnami PostgreSQL image is non-root by default. This requires that you run the pod with `securityContext` and updates the permissions of the volume with an `initContainer`. A key benefit of this configuration is that the pod follows security best practices and is prepared to run on Kubernetes distributions with hard security constraints like OpenShift. +- For OpenShift, one may either define the runAsUser and fsGroup accordingly, or try this more dynamic option: volumePermissions.securityContext.runAsUser="auto",securityContext.enabled=false,shmVolume.chmod.enabled=false + +### Deploy chart using Docker Official PostgreSQL Image + +From chart version 4.0.0, it is possible to use this chart with the Docker Official PostgreSQL image. +Besides specifying the new Docker repository and tag, it is important to modify the PostgreSQL data directory and volume mount point. Basically, the PostgreSQL data dir cannot be the mount point directly, it has to be a subdirectory. + +``` +image.repository=postgres +image.tag=10.6 +postgresqlDataDir=/data/pgdata +persistence.mountPath=/data/ +``` + +## Upgrade + +It's necessary to specify the existing passwords while performing an upgrade to ensure the secrets are not updated with invalid randomly generated passwords. Remember to specify the existing values of the `postgresqlPassword` and `replication.password` parameters when upgrading the chart: + +```bash +$ helm upgrade my-release stable/postgresql \ + --set postgresqlPassword=[POSTGRESQL_PASSWORD] \ + --set replication.password=[REPLICATION_PASSWORD] +``` + +> Note: you need to substitute the placeholders _[POSTGRESQL_PASSWORD]_, and _[REPLICATION_PASSWORD]_ with the values obtained from instructions in the installation notes. + +## 9.0.0 + +In this version the chart was adapted to follow the Helm label best practices, see [PR 3021](https://github.com/bitnami/charts/pull/3021). That means the backward compatibility is not guarantee when upgrading the chart to this major version. + +As a workaround, you can delete the existing statefulset (using the `--cascade=false` flag pods are not deleted) before upgrade the chart. For example, this can be a valid workflow: + +- Deploy an old version (8.X.X) +```console +$ helm install postgresql bitnami/postgresql --version 8.10.14 +``` + +- Old version is up and running +```console +$ helm ls +NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION +postgresql default 1 2020-08-04 13:39:54.783480286 +0000 UTC deployed postgresql-8.10.14 11.8.0 + +$ kubectl get pods +NAME READY STATUS RESTARTS AGE +postgresql-postgresql-0 1/1 Running 0 76s +``` + +- The upgrade to the latest one (9.X.X) is going to fail +```console +$ helm upgrade postgresql bitnami/postgresql +Error: UPGRADE FAILED: cannot patch "postgresql-postgresql" with kind StatefulSet: StatefulSet.apps "postgresql-postgresql" is invalid: spec: Forbidden: updates to statefulset spec for fields other than 'replicas', 'template', and 'updateStrategy' are forbidden +``` + +- Delete the statefulset +```console +$ kubectl delete statefulsets.apps --cascade=false postgresql-postgresql +statefulset.apps "postgresql-postgresql" deleted +``` + +- Now the upgrade works +```cosnole +$ helm upgrade postgresql bitnami/postgresql +$ helm ls +NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION +postgresql default 3 2020-08-04 13:42:08.020385884 +0000 UTC deployed postgresql-9.1.2 11.8.0 +``` + +- We can kill the existing pod and the new statefulset is going to create a new one: +```console +$ kubectl delete pod postgresql-postgresql-0 +pod "postgresql-postgresql-0" deleted + +$ kubectl get pods +NAME READY STATUS RESTARTS AGE +postgresql-postgresql-0 1/1 Running 0 19s +``` + +Please, note that without the `--cascade=false` both objects (statefulset and pod) are going to be removed and both objects will be deployed again with the `helm upgrade` command + +## 8.0.0 + +Prefixes the port names with their protocols to comply with Istio conventions. + +If you depend on the port names in your setup, make sure to update them to reflect this change. + +## 7.1.0 + +Adds support for LDAP configuration. + +## 7.0.0 + +Helm performs a lookup for the object based on its group (apps), version (v1), and kind (Deployment). Also known as its GroupVersionKind, or GVK. Changing the GVK is considered a compatibility breaker from Kubernetes' point of view, so you cannot "upgrade" those objects to the new GVK in-place. Earlier versions of Helm 3 did not perform the lookup correctly which has since been fixed to match the spec. + +In https://github.com/helm/charts/pull/17281 the `apiVersion` of the statefulset resources was updated to `apps/v1` in tune with the api's deprecated, resulting in compatibility breakage. + +This major version bump signifies this change. + +## 6.5.7 + +In this version, the chart will use PostgreSQL with the Postgis extension included. The version used with Postgresql version 10, 11 and 12 is Postgis 2.5. It has been compiled with the following dependencies: + +- protobuf +- protobuf-c +- json-c +- geos +- proj + +## 5.0.0 + +In this version, the **chart is using PostgreSQL 11 instead of PostgreSQL 10**. You can find the main difference and notable changes in the following links: [https://www.postgresql.org/about/news/1894/](https://www.postgresql.org/about/news/1894/) and [https://www.postgresql.org/about/featurematrix/](https://www.postgresql.org/about/featurematrix/). + +For major releases of PostgreSQL, the internal data storage format is subject to change, thus complicating upgrades, you can see some errors like the following one in the logs: + +```console +Welcome to the Bitnami postgresql container +Subscribe to project updates by watching https://github.com/bitnami/bitnami-docker-postgresql +Submit issues and feature requests at https://github.com/bitnami/bitnami-docker-postgresql/issues +Send us your feedback at containers@bitnami.com + +INFO ==> ** Starting PostgreSQL setup ** +NFO ==> Validating settings in POSTGRESQL_* env vars.. +INFO ==> Initializing PostgreSQL database... +INFO ==> postgresql.conf file not detected. Generating it... +INFO ==> pg_hba.conf file not detected. Generating it... +INFO ==> Deploying PostgreSQL with persisted data... +INFO ==> Configuring replication parameters +INFO ==> Loading custom scripts... +INFO ==> Enabling remote connections +INFO ==> Stopping PostgreSQL... +INFO ==> ** PostgreSQL setup finished! ** + +INFO ==> ** Starting PostgreSQL ** + [1] FATAL: database files are incompatible with server + [1] DETAIL: The data directory was initialized by PostgreSQL version 10, which is not compatible with this version 11.3. +``` + +In this case, you should migrate the data from the old chart to the new one following an approach similar to that described in [this section](https://www.postgresql.org/docs/current/upgrading.html#UPGRADING-VIA-PGDUMPALL) from the official documentation. Basically, create a database dump in the old chart, move and restore it in the new one. + +### 4.0.0 + +This chart will use by default the Bitnami PostgreSQL container starting from version `10.7.0-r68`. This version moves the initialization logic from node.js to bash. This new version of the chart requires setting the `POSTGRES_PASSWORD` in the slaves as well, in order to properly configure the `pg_hba.conf` file. Users from previous versions of the chart are advised to upgrade immediately. + +IMPORTANT: If you do not want to upgrade the chart version then make sure you use the `10.7.0-r68` version of the container. Otherwise, you will get this error + +``` +The POSTGRESQL_PASSWORD environment variable is empty or not set. Set the environment variable ALLOW_EMPTY_PASSWORD=yes to allow the container to be started with blank passwords. This is recommended only for development +``` + +### 3.0.0 + +This releases make it possible to specify different nodeSelector, affinity and tolerations for master and slave pods. +It also fixes an issue with `postgresql.master.fullname` helper template not obeying fullnameOverride. + +#### Breaking changes + +- `affinty` has been renamed to `master.affinity` and `slave.affinity`. +- `tolerations` has been renamed to `master.tolerations` and `slave.tolerations`. +- `nodeSelector` has been renamed to `master.nodeSelector` and `slave.nodeSelector`. + +### 2.0.0 + +In order to upgrade from the `0.X.X` branch to `1.X.X`, you should follow the below steps: + + - Obtain the service name (`SERVICE_NAME`) and password (`OLD_PASSWORD`) of the existing postgresql chart. You can find the instructions to obtain the password in the NOTES.txt, the service name can be obtained by running + +```console +$ kubectl get svc +``` + +- Install (not upgrade) the new version + +```console +$ helm repo update +$ helm install my-release bitnami/postgresql +``` + +- Connect to the new pod (you can obtain the name by running `kubectl get pods`): + +```console +$ kubectl exec -it NAME bash +``` + +- Once logged in, create a dump file from the previous database using `pg_dump`, for that we should connect to the previous postgresql chart: + +```console +$ pg_dump -h SERVICE_NAME -U postgres DATABASE_NAME > /tmp/backup.sql +``` + +After run above command you should be prompted for a password, this password is the previous chart password (`OLD_PASSWORD`). +This operation could take some time depending on the database size. + +- Once you have the backup file, you can restore it with a command like the one below: + +```console +$ psql -U postgres DATABASE_NAME < /tmp/backup.sql +``` + +In this case, you are accessing to the local postgresql, so the password should be the new one (you can find it in NOTES.txt). + +If you want to restore the database and the database schema does not exist, it is necessary to first follow the steps described below. + +```console +$ psql -U postgres +postgres=# drop database DATABASE_NAME; +postgres=# create database DATABASE_NAME; +postgres=# create user USER_NAME; +postgres=# alter role USER_NAME with password 'BITNAMI_USER_PASSWORD'; +postgres=# grant all privileges on database DATABASE_NAME to USER_NAME; +postgres=# alter database DATABASE_NAME owner to USER_NAME; +``` diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/.helmignore b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/.helmignore new file mode 100644 index 000000000..50af03172 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/Chart.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/Chart.yaml new file mode 100644 index 000000000..e6bac7873 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/Chart.yaml @@ -0,0 +1,20 @@ +annotations: + category: Infrastructure +apiVersion: v1 +appVersion: 0.6.2 +description: A Library Helm Chart for grouping common logic between bitnami charts. This chart is not deployable by itself. +home: http://www.bitnami.com/ +icon: https://bitnami.com/downloads/logos/bitnami-mark.png +keywords: +- common +- helper +- template +- function +- bitnami +maintainers: +- email: containers@bitnami.com + name: Bitnami +name: common +sources: +- https://github.com/bitnami/charts +version: 0.6.2 diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/README.md b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/README.md new file mode 100644 index 000000000..e04391a3f --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/README.md @@ -0,0 +1,274 @@ +# Bitnami Common Library Chart + +A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between bitnami charts. + +## TL;DR + +```yaml +dependencies: + - name: common + version: 0.x.x + repository: https://charts.bitnami.com/bitnami +``` + +```bash +$ helm dependency update +``` + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.names.fullname" . }} +data: + myvalue: "Hello World" +``` + +## Introduction + +This chart provides a common template helpers which can be used to develop new charts using [Helm](https://helm.sh) package manager. + +Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This Helm chart has been tested on top of [Bitnami Kubernetes Production Runtime](https://kubeprod.io/) (BKPR). Deploy BKPR to get automated TLS certificates, logging and monitoring for your applications. + +## Prerequisites + +- Kubernetes 1.12+ +- Helm 2.12+ or Helm 3.0-beta3+ + +## Parameters + +The following table lists the helpers available in the library which are scoped in different sections. + +**Names** + +| Helper identifier | Description | Expected Input | +|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.names.name` | Expand the name of the chart or use `.Values.nameOverride` | `.` Chart context | +| `common.names.fullname` | Create a default fully qualified app name. | `.` Chart context | +| `common.names.chart` | Chart name plus version | `.` Chart context | + +**Images** + +| Helper identifier | Description | Expected Input | +|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.images.image` | Return the proper and full image name | `dict "imageRoot" .Values.path.to.the.image "global" $`, see [ImageRoot](#imageroot) for the structure. | +| `common.images.pullSecrets` | Return the proper Docker Image Registry Secret Names | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global` | + +**Labels** + +| Helper identifier | Description | Expected Input | +|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.labels.standard` | Return Kubernetes standard labels | `.` Chart context | +| `common.labels.matchLabels` | Return the proper Docker Image Registry Secret Names | `.` Chart context | + +**Storage** + +| Helper identifier | Description | Expected Input | +|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.storage.class` | Return the proper Storage Class | `dict "persistence" .Values.path.to.the.persistence "global" $`, see [Persistence](#persistence) for the structure. | + +**TplValues** + +| Helper identifier | Description | Expected Input | +|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.tplvalues.render` | Renders a value that contains template | `dict "value" .Values.path.to.the.Value "context" $`, value is the value should rendered as template, context frecuently is the chart context `$` or `.` | + +**Capabilities** + +| Helper identifier | Description | Expected Input | +|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.capabilities.deployment.apiVersion` | Return the appropriate apiVersion for deployment. | `.` Chart context | +| `common.capabilities.ingress.apiVersion` | Return the appropriate apiVersion for ingress. | `.` Chart context | + +**Validations** + +| Helper identifier | Description | Expected Input | +|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.validations.values.single.empty` | Validate a value must not be empty. | `dict "valueKey" "path.to.value" "secret" "secret.name" "field" "my-password" "context" $` secret and field are optional. In case they are given, the helper will generate a how to get instruction. See [ValidateValue](#validatevalue) | +| `common.validations.values.multiple.empty` | Validate a multiple values must not be empty. It returns a shared error for all the values. | `dict "required" (list $validateValueConf00 $validateValueConf01) "context" $`. See [ValidateValue](#validatevalue) | +| `common.validations.values.mariadb.passwords` | When a chart is using `bitnami/mariadb` as subchart you should use this to validate required password are not empty. It returns a shared error for all the values. | `dict "secret" "mariadb-secret" "context" $` | +| `common.validations.values.postgresql.passwords` | This helper will ensure required password are not empty. It returns a shared error for all the values. | `dict "secret" "postgresql-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use postgresql chart and the helper. | + +**Warnings** + +| Helper identifier | Description | Expected Input | +|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.warnings.rollingTag` | Warning about using rolling tag. | `ImageRoot` see [ImageRoot](#imageroot) for the structure. | + +**Errors** + +| Helper identifier | Description | Expected Input | +|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.errors.upgrade.passwords.empty` | It will ensure required passwords are given when we are upgrading a chart. If `validationErrors` is not empty it will throw an error and will stop the upgrade action. | `dict "validationErrors" (list $validationError00 $validationError01) "context" $` | + +**Utils** + +| Helper identifier | Description | Expected Input | +|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.utils.fieldToEnvVar` | Build environment variable name given a field. | `dict "field" "my-password"` | +| `common.utils.secret.getvalue` | Print instructions to get a secret value. | `dict "secret" "secret-name" "field" "secret-value-field" "context" $` | + +**Secrets** + +| Helper identifier | Description | Expected Input | +|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.secrets.name` | Generate the name of the secret. | `dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $` see [ExistingSecret](#existingsecret) for the structure. | +| `common.secrets.key` | Generate secret key. | `dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName"` see [ExistingSecret](#existingsecret) for the structure. | + +## Special input schemas + +### ImageRoot + +```yaml +registry: + type: string + description: Docker registry where the image is located + example: docker.io + +repository: + type: string + description: Repository and image name + example: bitnami/nginx + +tag: + type: string + description: image tag + example: 1.16.1-debian-10-r63 + +pullPolicy: + type: string + description: Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + +pullSecrets: + type: array + items: + type: string + description: Optionally specify an array of imagePullSecrets. + +debug: + type: boolean + description: Set to true if you would like to see extra information on logs + example: false + +## An instance would be: +# registry: docker.io +# repository: bitnami/nginx +# tag: 1.16.1-debian-10-r63 +# pullPolicy: IfNotPresent +# debug: false +``` + +### Persistence + +```yaml +enabled: + type: boolean + description: Whether enable persistence. + example: true + +storageClass: + type: string + description: Ghost data Persistent Volume Storage Class, If set to "-", storageClassName: "" which disables dynamic provisioning. + example: "-" + +accessMode: + type: string + description: Access mode for the Persistent Volume Storage. + example: ReadWriteOnce + +size: + type: string + description: Size the Persistent Volume Storage. + example: 8Gi + +path: + type: string + description: Path to be persisted. + example: /bitnami + +## An instance would be: +# enabled: true +# storageClass: "-" +# accessMode: ReadWriteOnce +# size: 8Gi +# path: /bitnami +``` + +### ExistingSecret +```yaml +name: + type: string + description: Name of the existing secret. + example: mySecret +keyMapping: + description: Mapping between the expected key name and the name of the key in the existing secret. + type: object + +## An instance would be: +# name: mySecret +# keyMapping: +# password: myPasswordKey +``` + +**Example of use** + +When we store sensitive data for a deployment in a secret, some times we want to give to users the possiblity of using theirs existing secrets. + +```yaml +# templates/secret.yaml +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" . }} + labels: + app: {{ include "common.names.fullname" . }} +type: Opaque +data: + password: {{ .Values.password | b64enc | quote }} + +# templates/dpl.yaml +--- +... + env: + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "common.secrets.name" (dict "existingSecret" .Values.existingSecret "context" $) }} + key: {{ include "common.secrets.key" (dict "existingSecret" .Values.existingSecret "key" "password") }} +... + +# values.yaml +--- +name: mySecret +keyMapping: + password: myPasswordKey +``` + +### ValidateValue + +**NOTES.txt** + +``` +{{- $validateValueConf00 := (dict "valueKey" "path.to.value00" "secret" "secretName" "field" "password-00") -}} +{{- $validateValueConf01 := (dict "valueKey" "path.to.value01" "secret" "secretName" "field" "password-01") -}} + +{{ include "common.validations.values.multiple.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} +``` + +If we force those values to be empty we will see some alerts + +```console +$ helm install test mychart --set path.to.value00="",path.to.value01="" + 'path.to.value00' must not be empty, please add '--set path.to.value00=$PASSWORD_00' to the command. To get the current value: + + export PASSWORD_00=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-00}" | base64 --decode) + + 'path.to.value01' must not be empty, please add '--set path.to.value01=$PASSWORD_01' to the command. To get the current value: + + export PASSWORD_01=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-01}" | base64 --decode) +``` + +## Notable changes + +N/A diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_capabilities.tpl b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_capabilities.tpl new file mode 100644 index 000000000..c0ea2c70c --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_capabilities.tpl @@ -0,0 +1,22 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Return the appropriate apiVersion for deployment. +*/}} +{{- define "common.capabilities.deployment.apiVersion" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for ingress. +*/}} +{{- define "common.capabilities.ingress.apiVersion" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1beta1" -}} +{{- end -}} +{{- end -}} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_errors.tpl b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_errors.tpl new file mode 100644 index 000000000..d6d3ec65a --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_errors.tpl @@ -0,0 +1,20 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Through error when upgrading using empty passwords values that must not be empty. + +Usage: +{{- $validationError00 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password00" "secret" "secretName" "field" "password-00") -}} +{{- $validationError01 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password01" "secret" "secretName" "field" "password-01") -}} +{{ include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $validationError00 $validationError01) "context" $) }} + +Required password params: + - validationErrors - String - Required. List of validation strings to be return, if it is empty it won't throw error. + - context - Context - Required. Parent context. +*/}} +{{- define "common.errors.upgrade.passwords.empty" -}} + {{- $validationErrors := join "" .validationErrors -}} + {{- if and $validationErrors .context.Release.IsUpgrade -}} + {{- $errorString := "\nPASSWORDS ERROR: you must provide your current passwords when upgrade the release%s" -}} + {{- printf $errorString $validationErrors | fail -}} + {{- end -}} +{{- end -}} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_images.tpl b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_images.tpl new file mode 100644 index 000000000..aafde9f3b --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_images.tpl @@ -0,0 +1,43 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Return the proper image name +{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" $) }} +*/}} +{{- define "common.images.image" -}} +{{- $registryName := .imageRoot.registry -}} +{{- $repositoryName := .imageRoot.repository -}} +{{- $tag := .imageRoot.tag | toString -}} +{{- if .global }} + {{- if .global.imageRegistry }} + {{- $registryName = .global.imageRegistry -}} + {{- end -}} +{{- end -}} +{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +{{ include "common.images.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global) }} +*/}} +{{- define "common.images.pullSecrets" -}} + {{- $pullSecrets := list }} + + {{- if .global }} + {{- range .global.imagePullSecrets -}} + {{- $pullSecrets = append $pullSecrets . -}} + {{- end -}} + {{- end -}} + + {{- range .images -}} + {{- range .pullSecrets -}} + {{- $pullSecrets = append $pullSecrets . -}} + {{- end -}} + {{- end -}} + + {{- if (not (empty $pullSecrets)) }} +imagePullSecrets: + {{- range $pullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} +{{- end -}} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_labels.tpl b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_labels.tpl new file mode 100644 index 000000000..252066c7e --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_labels.tpl @@ -0,0 +1,18 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Kubernetes standard labels +*/}} +{{- define "common.labels.standard" -}} +app.kubernetes.io/name: {{ include "common.names.name" . }} +helm.sh/chart: {{ include "common.names.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector +*/}} +{{- define "common.labels.matchLabels" -}} +app.kubernetes.io/name: {{ include "common.names.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_names.tpl b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_names.tpl new file mode 100644 index 000000000..adf2a74f4 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_names.tpl @@ -0,0 +1,32 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "common.names.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "common.names.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "common.names.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_secrets.tpl b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_secrets.tpl new file mode 100644 index 000000000..d6165a294 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_secrets.tpl @@ -0,0 +1,49 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Generate secret name. + +Usage: +{{ include "common.secrets.name" (dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $) }} + +Params: + - existingSecret - ExistingSecret - Optional. The path to the existing secrets in the values.yaml given by the user + to be used istead of the default one. +info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret + - defaultNameSuffix - String - Optional. It is used only if we have several secrets in the same deployment. + - context - Dict - Required. The context for the template evaluation. +*/}} +{{- define "common.secrets.name" -}} +{{- $name := (include "common.names.fullname" .context) -}} + +{{- if .defaultNameSuffix -}} +{{- $name = cat $name .defaultNameSuffix -}} +{{- end -}} + +{{- with .existingSecret -}} +{{- $name = .name -}} +{{- end -}} + +{{- printf "%s" $name -}} +{{- end -}} + +{{/* +Generate secret key. + +Usage: +{{ include "common.secrets.key" (dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName") }} + +Params: + - existingSecret - ExistingSecret - Optional. The path to the existing secrets in the values.yaml given by the user + to be used istead of the default one. +info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret + - key - String - Required. Name of the key in the secret. +*/}} +{{- define "common.secrets.key" -}} +{{- $key := .key -}} + +{{- if .existingSecret -}} + {{- if .existingSecret.keyMapping -}} + {{- $key = index .existingSecret.keyMapping $.key -}} + {{- end -}} +{{- end -}} + +{{- printf "%s" $key -}} +{{- end -}} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_storage.tpl b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_storage.tpl new file mode 100644 index 000000000..60e2a844f --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_storage.tpl @@ -0,0 +1,23 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Return the proper Storage Class +{{ include "common.storage.class" ( dict "persistence" .Values.path.to.the.persistence "global" $) }} +*/}} +{{- define "common.storage.class" -}} + +{{- $storageClass := .persistence.storageClass -}} +{{- if .global -}} + {{- if .global.storageClass -}} + {{- $storageClass = .global.storageClass -}} + {{- end -}} +{{- end -}} + +{{- if $storageClass -}} + {{- if (eq "-" $storageClass) -}} + {{- printf "storageClassName: \"\"" -}} + {{- else }} + {{- printf "storageClassName: %s" $storageClass -}} + {{- end -}} +{{- end -}} + +{{- end -}} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_tplvalues.tpl b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_tplvalues.tpl new file mode 100644 index 000000000..2db166851 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_tplvalues.tpl @@ -0,0 +1,13 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Renders a value that contains template. +Usage: +{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $) }} +*/}} +{{- define "common.tplvalues.render" -}} + {{- if typeIs "string" .value }} + {{- tpl .value .context }} + {{- else }} + {{- tpl (.value | toYaml) .context }} + {{- end }} +{{- end -}} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_utils.tpl b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_utils.tpl new file mode 100644 index 000000000..7d02f2ef6 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_utils.tpl @@ -0,0 +1,26 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Print instructions to get a secret value. +Usage: +{{ include "common.utils.secret.getvalue" (dict "secret" "secret-name" "field" "secret-value-field" "context" $) }} +*/}} +{{- define "common.utils.secret.getvalue" -}} +{{- $varname := include "common.utils.fieldToEnvVar" . -}} +export {{ $varname }}=$(kubectl get secret --namespace {{ .context.Release.Namespace }} {{ .secret }} -o jsonpath="{.data.{{ .field }}}" | base64 --decode) +{{- end -}} + +{{/* +Build env var name given a field +Usage: +{{ include "common.utils.fieldToEnvVar" dict "field" "my-password" }} +*/}} +{{- define "common.utils.fieldToEnvVar" -}} + {{- $fieldNameSplit := splitList "-" .field -}} + {{- $upperCaseFieldNameSplit := list -}} + + {{- range $fieldNameSplit -}} + {{- $upperCaseFieldNameSplit = append $upperCaseFieldNameSplit ( upper . ) -}} + {{- end -}} + + {{ join "_" $upperCaseFieldNameSplit }} +{{- end -}} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_validations.tpl b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_validations.tpl new file mode 100644 index 000000000..62635b30e --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_validations.tpl @@ -0,0 +1,219 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate values must not be empty. + +Usage: +{{- $validateValueConf00 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-00") -}} +{{- $validateValueConf01 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-01") -}} +{{ include "common.validations.values.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} + +Validate value params: + - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" + - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" + - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" +*/}} +{{- define "common.validations.values.multiple.empty" -}} + {{- range .required -}} + {{- include "common.validations.values.single.empty" (dict "valueKey" .valueKey "secret" .secret "field" .field "context" $.context) -}} + {{- end -}} +{{- end -}} + + +{{/* +Validate a value must not be empty. + +Usage: +{{ include "common.validations.value.empty" (dict "valueKey" "mariadb.password" "secret" "secretName" "field" "my-password" "context" $) }} + +Validate value params: + - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" + - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" + - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" +*/}} +{{- define "common.validations.values.single.empty" -}} + {{- $valueKeyArray := splitList "." .valueKey -}} + {{- $value := "" -}} + {{- $latestObj := $.context.Values -}} + {{- range $valueKeyArray -}} + {{- if not $latestObj -}} + {{- printf "please review the entire path of '%s' exists in values" $.valueKey | fail -}} + {{- end -}} + + {{- $value = ( index $latestObj . ) -}} + {{- $latestObj = $value -}} + {{- end -}} + + {{- if not $value -}} + {{- $varname := "my-value" -}} + {{- $getCurrentValue := "" -}} + {{- if and .secret .field -}} + {{- $varname = include "common.utils.fieldToEnvVar" . -}} + {{- $getCurrentValue = printf " To get the current value:\n\n %s\n" (include "common.utils.secret.getvalue" .) -}} + {{- end -}} + + {{- printf "\n '%s' must not be empty, please add '--set %s=$%s' to the command.%s" .valueKey .valueKey $varname $getCurrentValue -}} + {{- end -}} +{{- end -}} + +{{/* +Validate a mariadb required password must not be empty. + +Usage: +{{ include "common.validations.values.mariadb.passwords" (dict "secret" "secretName" "context" $) }} + +Validate value params: + - secret - String - Required. Name of the secret where mysql values are stored, e.g: "mysql-passwords-secret" +*/}} +{{- define "common.validations.values.mariadb.passwords" -}} + {{- if and (not .context.Values.mariadb.existingSecret) .context.Values.mariadb.enabled -}} + {{- $requiredPasswords := list -}} + + {{- if .context.Values.mariadb.secret.requirePasswords -}} + {{- $requiredRootMariadbPassword := dict "valueKey" "mariadb.rootUser.password" "secret" .secretName "field" "mariadb-root-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRootMariadbPassword -}} + + {{- if not (empty .context.Values.mariadb.db.user) -}} + {{- $requiredMariadbPassword := dict "valueKey" "mariadb.db.password" "secret" .secretName "field" "mariadb-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredMariadbPassword -}} + {{- end -}} + + {{- if .context.Values.mariadb.replication.enabled -}} + {{- $requiredReplicationPassword := dict "valueKey" "mariadb.replication.password" "secret" .secretName "field" "mariadb-replication-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + {{- end -}} + {{- end -}} +{{- end -}} + +{{/* +Validate a postgresql required password must not be empty. + +Usage: +{{ include "common.validations.values.postgresql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where postgresql values are stored, e.g: "mysql-passwords-secret" + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.postgresql.passwords" -}} + {{- $existingSecret := include "common.postgresql.values.existingSecret" . -}} + {{- $enabled := include "common.postgresql.values.enabled" . -}} + {{- $valueKeyPostgresqlPassword := include "common.postgresql.values.key.postgressPassword" . -}} + {{- $enabledReplication := include "common.postgresql.values.enabled.replication" . -}} + {{- $valueKeyPostgresqlReplicationEnabled := include "common.postgresql.values.key.replicationPassword" . -}} + + {{- if and (not $existingSecret) $enabled -}} + {{- $requiredPasswords := list -}} + + {{- $requiredPostgresqlPassword := dict "valueKey" $valueKeyPostgresqlPassword "secret" .secret "field" "postgresql-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlPassword -}} + + {{- if $enabledReplication -}} + {{- $requiredPostgresqlReplicationPassword := dict "valueKey" $valueKeyPostgresqlReplicationEnabled "secret" .secret "field" "postgresql-replication-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlReplicationPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliar function to decide whether evaluate global values. + +Usage: +{{ include "common.postgresql.values.use.global" (dict "key" "key-of-global" "context" $) }} +Params: + - key - String - Required. Field to be evaluated within global, e.g: "existingSecret" +*/}} +{{- define "common.postgresql.values.use.global" -}} + {{- if .context.Values.global -}} + {{- if .context.Values.global.postgresql -}} + {{- index .context.Values.global.postgresql .key | quote -}} + {{- end -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliar function to get the right value for existingSecret. + +Usage: +{{ include "common.postgresql.values.existingSecret" (dict "context" $) }} +*/}} +{{- define "common.postgresql.values.existingSecret" -}} + {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "existingSecret" "context" .context) -}} + + {{- if .subchart -}} + {{- default (.context.Values.postgresql.existingSecret | quote) $globalValue -}} + {{- else -}} + {{- default (.context.Values.existingSecret | quote) $globalValue -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliar function to get the right value for enabled postgresql. + +Usage: +{{ include "common.postgresql.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.postgresql.values.enabled" -}} + {{- if .subchart -}} + {{- .context.Values.postgresql.enabled | quote -}} + {{- else -}} + true + {{- end -}} +{{- end -}} + +{{/* +Auxiliar function to get the right value for the key postgressPassword. + +Usage: +{{ include "common.postgresql.values.key.postgressPassword" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.key.postgressPassword" -}} + {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "postgresqlUsername" "context" .context) -}} + + {{- if not $globalValue -}} + {{- if .subchart -}} + postgresql.postgresqlPassword + {{- else -}} + postgresqlPassword + {{- end -}} + {{- else -}} + global.postgresql.postgresqlPassword + {{- end -}} +{{- end -}} + +{{/* +Auxiliar function to get the right value for enabled.replication. + +Usage: +{{ include "common.postgresql.values.enabled.replication" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.enabled.replication" -}} + {{- if .subchart -}} + {{- .context.Values.postgresql.replication.enabled | quote -}} + {{- else -}} + {{- .context.Values.replication.enabled | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliar function to get the right value for the key replication.password. + +Usage: +{{ include "common.postgresql.values.key.replicationPassword" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.key.replicationPassword" -}} + {{- if .subchart -}} + postgresql.replication.password + {{- else -}} + replication.password + {{- end -}} +{{- end -}} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_warnings.tpl b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_warnings.tpl new file mode 100644 index 000000000..ae10fa41e --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/templates/_warnings.tpl @@ -0,0 +1,14 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Warning about using rolling tag. +Usage: +{{ include "common.warnings.rollingTag" .Values.path.to.the.imageRoot }} +*/}} +{{- define "common.warnings.rollingTag" -}} + +{{- if and (contains "bitnami/" .repository) (not (.tag | toString | regexFind "-r\\d+$|sha256:")) }} +WARNING: Rolling tag detected ({{ .repository }}:{{ .tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment. ++info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/ +{{- end }} + +{{- end -}} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/values.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/values.yaml new file mode 100644 index 000000000..9ecdc93f5 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/charts/common/values.yaml @@ -0,0 +1,3 @@ +## bitnami/common +## It is required by CI/CD tools and processes. +exampleValue: common-chart diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/ci/commonAnnotations.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/ci/commonAnnotations.yaml new file mode 100644 index 000000000..f6977823c --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/ci/commonAnnotations.yaml @@ -0,0 +1,3 @@ +commonAnnotations: + helm.sh/hook: 'pre-install, pre-upgrade' + helm.sh/hook-weight: '-1' diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/ci/default-values.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/ci/default-values.yaml new file mode 100644 index 000000000..fc2ba605a --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/ci/default-values.yaml @@ -0,0 +1 @@ +# Leave this file empty to ensure that CI runs builds against the default configuration in values.yaml. diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/ci/shmvolume-disabled-values.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/ci/shmvolume-disabled-values.yaml new file mode 100644 index 000000000..347d3b40a --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/ci/shmvolume-disabled-values.yaml @@ -0,0 +1,2 @@ +shmVolume: + enabled: false diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/files/README.md b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/files/README.md new file mode 100644 index 000000000..1813a2fea --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/files/README.md @@ -0,0 +1 @@ +Copy here your postgresql.conf and/or pg_hba.conf files to use it as a config map. diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/files/conf.d/README.md b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/files/conf.d/README.md new file mode 100644 index 000000000..184c1875d --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/files/conf.d/README.md @@ -0,0 +1,4 @@ +If you don't want to provide the whole configuration file and only specify certain parameters, you can copy here your extended `.conf` files. +These files will be injected as a config maps and add/overwrite the default configuration using the `include_dir` directive that allows settings to be loaded from files other than the default `postgresql.conf`. + +More info in the [bitnami-docker-postgresql README](https://github.com/bitnami/bitnami-docker-postgresql#configuration-file). diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/files/docker-entrypoint-initdb.d/README.md b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/files/docker-entrypoint-initdb.d/README.md new file mode 100644 index 000000000..cba38091e --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/files/docker-entrypoint-initdb.d/README.md @@ -0,0 +1,3 @@ +You can copy here your custom `.sh`, `.sql` or `.sql.gz` file so they are executed during the first boot of the image. + +More info in the [bitnami-docker-postgresql](https://github.com/bitnami/bitnami-docker-postgresql#initializing-a-new-instance) repository. \ No newline at end of file diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/requirements.lock b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/requirements.lock new file mode 100644 index 000000000..72e1642e2 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/requirements.lock @@ -0,0 +1,6 @@ +dependencies: +- name: common + repository: https://charts.bitnami.com/bitnami + version: 0.6.2 +digest: sha256:740783295d301fdd168fafdbaa760de27ab54b0ff36b513589a5a2515072b885 +generated: "2020-09-01T17:40:02.795096189Z" diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/requirements.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/requirements.yaml new file mode 100644 index 000000000..2c28bfe14 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/requirements.yaml @@ -0,0 +1,4 @@ +dependencies: + - name: common + version: 0.x.x + repository: https://charts.bitnami.com/bitnami diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/NOTES.txt b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/NOTES.txt new file mode 100644 index 000000000..596e969ce --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/NOTES.txt @@ -0,0 +1,59 @@ +** Please be patient while the chart is being deployed ** + +PostgreSQL can be accessed via port {{ template "postgresql.port" . }} on the following DNS name from within your cluster: + + {{ template "postgresql.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local - Read/Write connection +{{- if .Values.replication.enabled }} + {{ template "postgresql.fullname" . }}-read.{{ .Release.Namespace }}.svc.cluster.local - Read only connection +{{- end }} + +{{- if and (not (eq .Values.postgresqlUsername "postgres")) (or .Values.postgresqlPostgresPassword (include "postgresql.useExistingSecret" .)) }} + +To get the password for "postgres" run: + + export POSTGRES_ADMIN_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "postgresql.secretName" . }} -o jsonpath="{.data.postgresql-postgres-password}" | base64 --decode) +{{- end }} + +To get the password for "{{ template "postgresql.username" . }}" run: + + export POSTGRES_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "postgresql.secretName" . }} -o jsonpath="{.data.postgresql-password}" | base64 --decode) + +To connect to your database run the following command: + + kubectl run {{ template "postgresql.fullname" . }}-client --rm --tty -i --restart='Never' --namespace {{ .Release.Namespace }} --image {{ template "postgresql.image" . }} --env="PGPASSWORD=$POSTGRES_PASSWORD" {{- if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }} + --labels="{{ template "postgresql.fullname" . }}-client=true" {{- end }} --command -- psql --host {{ template "postgresql.fullname" . }} -U {{ .Values.postgresqlUsername }} -d {{- if .Values.postgresqlDatabase }} {{ .Values.postgresqlDatabase }}{{- else }} postgres{{- end }} -p {{ template "postgresql.port" . }} + +{{ if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }} +Note: Since NetworkPolicy is enabled, only pods with label {{ template "postgresql.fullname" . }}-client=true" will be able to connect to this PostgreSQL cluster. +{{- end }} + +To connect to your database from outside the cluster execute the following commands: + +{{- if contains "NodePort" .Values.service.type }} + + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "postgresql.fullname" . }}) + {{ if (include "postgresql.password" . ) }}PGPASSWORD="$POSTGRES_PASSWORD" {{ end }}psql --host $NODE_IP --port $NODE_PORT -U {{ .Values.postgresqlUsername }} -d {{- if .Values.postgresqlDatabase }} {{ .Values.postgresqlDatabase }}{{- else }} postgres{{- end }} + +{{- else if contains "LoadBalancer" .Values.service.type }} + + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "postgresql.fullname" . }}' + + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "postgresql.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + {{ if (include "postgresql.password" . ) }}PGPASSWORD="$POSTGRES_PASSWORD" {{ end }}psql --host $SERVICE_IP --port {{ template "postgresql.port" . }} -U {{ .Values.postgresqlUsername }} -d {{- if .Values.postgresqlDatabase }} {{ .Values.postgresqlDatabase }}{{- else }} postgres{{- end }} + +{{- else if contains "ClusterIP" .Values.service.type }} + + kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "postgresql.fullname" . }} {{ template "postgresql.port" . }}:{{ template "postgresql.port" . }} & + {{ if (include "postgresql.password" . ) }}PGPASSWORD="$POSTGRES_PASSWORD" {{ end }}psql --host 127.0.0.1 -U {{ .Values.postgresqlUsername }} -d {{- if .Values.postgresqlDatabase }} {{ .Values.postgresqlDatabase }}{{- else }} postgres{{- end }} -p {{ template "postgresql.port" . }} + +{{- end }} + +{{- include "postgresql.validateValues" . -}} + +{{- include "common.warnings.rollingTag" .Values.image -}} + +{{- $passwordValidationErrors := include "common.validations.values.postgresql.passwords" (dict "secret" (include "postgresql.fullname" .) "context" $) -}} + +{{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $passwordValidationErrors) "context" $) -}} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/_helpers.tpl b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/_helpers.tpl new file mode 100644 index 000000000..68cd0dc0e --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/_helpers.tpl @@ -0,0 +1,501 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "postgresql.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "postgresql.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "postgresql.master.fullname" -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- $fullname := default (printf "%s-%s" .Release.Name $name) .Values.fullnameOverride -}} +{{- if .Values.replication.enabled -}} +{{- printf "%s-%s" $fullname "master" | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s" $fullname | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for networkpolicy. +*/}} +{{- define "postgresql.networkPolicy.apiVersion" -}} +{{- if semverCompare ">=1.4-0, <1.7-0" .Capabilities.KubeVersion.GitVersion -}} +"extensions/v1beta1" +{{- else if semverCompare "^1.7-0" .Capabilities.KubeVersion.GitVersion -}} +"networking.k8s.io/v1" +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "postgresql.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Return the proper PostgreSQL image name +*/}} +{{- define "postgresql.image" -}} +{{- $registryName := .Values.image.registry -}} +{{- $repositoryName := .Values.image.repository -}} +{{- $tag := .Values.image.tag | toString -}} +{{/* +Helm 2.11 supports the assignment of a value to a variable defined in a different scope, +but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic. +Also, we can't use a single if because lazy evaluation is not an option +*/}} +{{- if .Values.global }} + {{- if .Values.global.imageRegistry }} + {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}} + {{- else -}} + {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} + {{- end -}} +{{- else -}} + {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} +{{- end -}} +{{- end -}} + +{{/* +Return PostgreSQL postgres user password +*/}} +{{- define "postgresql.postgres.password" -}} +{{- if .Values.global.postgresql.postgresqlPostgresPassword }} + {{- .Values.global.postgresql.postgresqlPostgresPassword -}} +{{- else if .Values.postgresqlPostgresPassword -}} + {{- .Values.postgresqlPostgresPassword -}} +{{- else -}} + {{- randAlphaNum 10 -}} +{{- end -}} +{{- end -}} + +{{/* +Return PostgreSQL password +*/}} +{{- define "postgresql.password" -}} +{{- if .Values.global.postgresql.postgresqlPassword }} + {{- .Values.global.postgresql.postgresqlPassword -}} +{{- else if .Values.postgresqlPassword -}} + {{- .Values.postgresqlPassword -}} +{{- else -}} + {{- randAlphaNum 10 -}} +{{- end -}} +{{- end -}} + +{{/* +Return PostgreSQL replication password +*/}} +{{- define "postgresql.replication.password" -}} +{{- if .Values.global.postgresql.replicationPassword }} + {{- .Values.global.postgresql.replicationPassword -}} +{{- else if .Values.replication.password -}} + {{- .Values.replication.password -}} +{{- else -}} + {{- randAlphaNum 10 -}} +{{- end -}} +{{- end -}} + +{{/* +Return PostgreSQL username +*/}} +{{- define "postgresql.username" -}} +{{- if .Values.global.postgresql.postgresqlUsername }} + {{- .Values.global.postgresql.postgresqlUsername -}} +{{- else -}} + {{- .Values.postgresqlUsername -}} +{{- end -}} +{{- end -}} + + +{{/* +Return PostgreSQL replication username +*/}} +{{- define "postgresql.replication.username" -}} +{{- if .Values.global.postgresql.replicationUser }} + {{- .Values.global.postgresql.replicationUser -}} +{{- else -}} + {{- .Values.replication.user -}} +{{- end -}} +{{- end -}} + +{{/* +Return PostgreSQL port +*/}} +{{- define "postgresql.port" -}} +{{- if .Values.global.postgresql.servicePort }} + {{- .Values.global.postgresql.servicePort -}} +{{- else -}} + {{- .Values.service.port -}} +{{- end -}} +{{- end -}} + +{{/* +Return PostgreSQL created database +*/}} +{{- define "postgresql.database" -}} +{{- if .Values.global.postgresql.postgresqlDatabase }} + {{- .Values.global.postgresql.postgresqlDatabase -}} +{{- else if .Values.postgresqlDatabase -}} + {{- .Values.postgresqlDatabase -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper image name to change the volume permissions +*/}} +{{- define "postgresql.volumePermissions.image" -}} +{{- $registryName := .Values.volumePermissions.image.registry -}} +{{- $repositoryName := .Values.volumePermissions.image.repository -}} +{{- $tag := .Values.volumePermissions.image.tag | toString -}} +{{/* +Helm 2.11 supports the assignment of a value to a variable defined in a different scope, +but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic. +Also, we can't use a single if because lazy evaluation is not an option +*/}} +{{- if .Values.global }} + {{- if .Values.global.imageRegistry }} + {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}} + {{- else -}} + {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} + {{- end -}} +{{- else -}} + {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper PostgreSQL metrics image name +*/}} +{{- define "postgresql.metrics.image" -}} +{{- $registryName := default "docker.io" .Values.metrics.image.registry -}} +{{- $repositoryName := .Values.metrics.image.repository -}} +{{- $tag := default "latest" .Values.metrics.image.tag | toString -}} +{{/* +Helm 2.11 supports the assignment of a value to a variable defined in a different scope, +but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic. +Also, we can't use a single if because lazy evaluation is not an option +*/}} +{{- if .Values.global }} + {{- if .Values.global.imageRegistry }} + {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}} + {{- else -}} + {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} + {{- end -}} +{{- else -}} + {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} +{{- end -}} +{{- end -}} + +{{/* +Get the password secret. +*/}} +{{- define "postgresql.secretName" -}} +{{- if .Values.global.postgresql.existingSecret }} + {{- printf "%s" (tpl .Values.global.postgresql.existingSecret $) -}} +{{- else if .Values.existingSecret -}} + {{- printf "%s" (tpl .Values.existingSecret $) -}} +{{- else -}} + {{- printf "%s" (include "postgresql.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if we should use an existingSecret. +*/}} +{{- define "postgresql.useExistingSecret" -}} +{{- if or .Values.global.postgresql.existingSecret .Values.existingSecret -}} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a secret object should be created +*/}} +{{- define "postgresql.createSecret" -}} +{{- if not (include "postgresql.useExistingSecret" .) -}} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Get the configuration ConfigMap name. +*/}} +{{- define "postgresql.configurationCM" -}} +{{- if .Values.configurationConfigMap -}} +{{- printf "%s" (tpl .Values.configurationConfigMap $) -}} +{{- else -}} +{{- printf "%s-configuration" (include "postgresql.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Get the extended configuration ConfigMap name. +*/}} +{{- define "postgresql.extendedConfigurationCM" -}} +{{- if .Values.extendedConfConfigMap -}} +{{- printf "%s" (tpl .Values.extendedConfConfigMap $) -}} +{{- else -}} +{{- printf "%s-extended-configuration" (include "postgresql.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a configmap should be mounted with PostgreSQL configuration +*/}} +{{- define "postgresql.mountConfigurationCM" -}} +{{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap }} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Get the initialization scripts ConfigMap name. +*/}} +{{- define "postgresql.initdbScriptsCM" -}} +{{- if .Values.initdbScriptsConfigMap -}} +{{- printf "%s" (tpl .Values.initdbScriptsConfigMap $) -}} +{{- else -}} +{{- printf "%s-init-scripts" (include "postgresql.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Get the initialization scripts Secret name. +*/}} +{{- define "postgresql.initdbScriptsSecret" -}} +{{- printf "%s" (tpl .Values.initdbScriptsSecret $) -}} +{{- end -}} + +{{/* +Get the metrics ConfigMap name. +*/}} +{{- define "postgresql.metricsCM" -}} +{{- printf "%s-metrics" (include "postgresql.fullname" .) -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "postgresql.imagePullSecrets" -}} +{{/* +Helm 2.11 supports the assignment of a value to a variable defined in a different scope, +but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic. +Also, we can not use a single if because lazy evaluation is not an option +*/}} +{{- if .Values.global }} +{{- if .Values.global.imagePullSecrets }} +imagePullSecrets: +{{- range .Values.global.imagePullSecrets }} + - name: {{ . }} +{{- end }} +{{- else if or .Values.image.pullSecrets .Values.metrics.image.pullSecrets .Values.volumePermissions.image.pullSecrets }} +imagePullSecrets: +{{- range .Values.image.pullSecrets }} + - name: {{ . }} +{{- end }} +{{- range .Values.metrics.image.pullSecrets }} + - name: {{ . }} +{{- end }} +{{- range .Values.volumePermissions.image.pullSecrets }} + - name: {{ . }} +{{- end }} +{{- end -}} +{{- else if or .Values.image.pullSecrets .Values.metrics.image.pullSecrets .Values.volumePermissions.image.pullSecrets }} +imagePullSecrets: +{{- range .Values.image.pullSecrets }} + - name: {{ . }} +{{- end }} +{{- range .Values.metrics.image.pullSecrets }} + - name: {{ . }} +{{- end }} +{{- range .Values.volumePermissions.image.pullSecrets }} + - name: {{ . }} +{{- end }} +{{- end -}} +{{- end -}} + +{{/* +Get the readiness probe command +*/}} +{{- define "postgresql.readinessProbeCommand" -}} +- | +{{- if (include "postgresql.database" .) }} + exec pg_isready -U {{ include "postgresql.username" . | quote }} -d "dbname={{ include "postgresql.database" . }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}{{- end }}" -h 127.0.0.1 -p {{ template "postgresql.port" . }} +{{- else }} + exec pg_isready -U {{ include "postgresql.username" . | quote }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} -d "sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}"{{- end }} -h 127.0.0.1 -p {{ template "postgresql.port" . }} +{{- end }} +{{- if contains "bitnami/" .Values.image.repository }} + [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ] +{{- end -}} +{{- end -}} + +{{/* +Return the proper Storage Class +*/}} +{{- define "postgresql.storageClass" -}} +{{/* +Helm 2.11 supports the assignment of a value to a variable defined in a different scope, +but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic. +*/}} +{{- if .Values.global -}} + {{- if .Values.global.storageClass -}} + {{- if (eq "-" .Values.global.storageClass) -}} + {{- printf "storageClassName: \"\"" -}} + {{- else }} + {{- printf "storageClassName: %s" .Values.global.storageClass -}} + {{- end -}} + {{- else -}} + {{- if .Values.persistence.storageClass -}} + {{- if (eq "-" .Values.persistence.storageClass) -}} + {{- printf "storageClassName: \"\"" -}} + {{- else }} + {{- printf "storageClassName: %s" .Values.persistence.storageClass -}} + {{- end -}} + {{- end -}} + {{- end -}} +{{- else -}} + {{- if .Values.persistence.storageClass -}} + {{- if (eq "-" .Values.persistence.storageClass) -}} + {{- printf "storageClassName: \"\"" -}} + {{- else }} + {{- printf "storageClassName: %s" .Values.persistence.storageClass -}} + {{- end -}} + {{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Renders a value that contains template. +Usage: +{{ include "postgresql.tplValue" ( dict "value" .Values.path.to.the.Value "context" $) }} +*/}} +{{- define "postgresql.tplValue" -}} + {{- if typeIs "string" .value }} + {{- tpl .value .context }} + {{- else }} + {{- tpl (.value | toYaml) .context }} + {{- end }} +{{- end -}} + +{{/* +Return the appropriate apiVersion for statefulset. +*/}} +{{- define "postgresql.statefulset.apiVersion" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "apps/v1beta2" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Compile all warnings into a single message, and call fail. +*/}} +{{- define "postgresql.validateValues" -}} +{{- $messages := list -}} +{{- $messages := append $messages (include "postgresql.validateValues.ldapConfigurationMethod" .) -}} +{{- $messages := append $messages (include "postgresql.validateValues.psp" .) -}} +{{- $messages := append $messages (include "postgresql.validateValues.tls" .) -}} +{{- $messages := without $messages "" -}} +{{- $message := join "\n" $messages -}} + +{{- if $message -}} +{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} +{{- end -}} +{{- end -}} + +{{/* +Validate values of Postgresql - If ldap.url is used then you don't need the other settings for ldap +*/}} +{{- define "postgresql.validateValues.ldapConfigurationMethod" -}} +{{- if and .Values.ldap.enabled (and (not (empty .Values.ldap.url)) (not (empty .Values.ldap.server))) }} +postgresql: ldap.url, ldap.server + You cannot set both `ldap.url` and `ldap.server` at the same time. + Please provide a unique way to configure LDAP. + More info at https://www.postgresql.org/docs/current/auth-ldap.html +{{- end -}} +{{- end -}} + +{{/* +Validate values of Postgresql - If PSP is enabled RBAC should be enabled too +*/}} +{{- define "postgresql.validateValues.psp" -}} +{{- if and .Values.psp.create (not .Values.rbac.create) }} +postgresql: psp.create, rbac.create + RBAC should be enabled if PSP is enabled in order for PSP to work. + More info at https://kubernetes.io/docs/concepts/policy/pod-security-policy/#authorizing-policies +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for podsecuritypolicy. +*/}} +{{- define "podsecuritypolicy.apiVersion" -}} +{{- if semverCompare "<1.10-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "policy/v1beta1" -}} +{{- end -}} +{{- end -}} + +{{/* +Validate values of Postgresql TLS - When TLS is enabled, so must be VolumePermissions +*/}} +{{- define "postgresql.validateValues.tls" -}} +{{- if and .Values.tls.enabled (not .Values.volumePermissions.enabled) }} +postgresql: tls.enabled, volumePermissions.enabled + When TLS is enabled you must enable volumePermissions as well to ensure certificates files have + the right permissions. +{{- end -}} +{{- end -}} + +{{/* +Return the path to the cert file. +*/}} +{{- define "postgresql.tlsCert" -}} +{{- required "Certificate filename is required when TLS in enabled" .Values.tls.certFilename | printf "/opt/bitnami/postgresql/certs/%s" -}} +{{- end -}} + +{{/* +Return the path to the cert key file. +*/}} +{{- define "postgresql.tlsCertKey" -}} +{{- required "Certificate Key filename is required when TLS in enabled" .Values.tls.certKeyFilename | printf "/opt/bitnami/postgresql/certs/%s" -}} +{{- end -}} + +{{/* +Return the path to the CA cert file. +*/}} +{{- define "postgresql.tlsCACert" -}} +{{- printf "/opt/bitnami/postgresql/certs/%s" .Values.tls.certCAFilename -}} +{{- end -}} + +{{/* +Return the path to the CRL file. +*/}} +{{- define "postgresql.tlsCRL" -}} +{{- if .Values.tls.crlFilename -}} +{{- printf "/opt/bitnami/postgresql/certs/%s" .Values.tls.crlFilename -}} +{{- end -}} +{{- end -}} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/configmap.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/configmap.yaml new file mode 100644 index 000000000..b29ef6040 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/configmap.yaml @@ -0,0 +1,26 @@ +{{ if and (or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration) (not .Values.configurationConfigMap) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "postgresql.fullname" . }}-configuration + labels: + {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: +{{- if (.Files.Glob "files/postgresql.conf") }} +{{ (.Files.Glob "files/postgresql.conf").AsConfig | indent 2 }} +{{- else if .Values.postgresqlConfiguration }} + postgresql.conf: | +{{- range $key, $value := default dict .Values.postgresqlConfiguration }} + {{ $key | snakecase }}={{ $value }} +{{- end }} +{{- end }} +{{- if (.Files.Glob "files/pg_hba.conf") }} +{{ (.Files.Glob "files/pg_hba.conf").AsConfig | indent 2 }} +{{- else if .Values.pgHbaConfiguration }} + pg_hba.conf: | +{{ .Values.pgHbaConfiguration | indent 4 }} +{{- end }} +{{ end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/extended-config-configmap.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/extended-config-configmap.yaml new file mode 100644 index 000000000..f21a97654 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/extended-config-configmap.yaml @@ -0,0 +1,21 @@ +{{- if and (or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf) (not .Values.extendedConfConfigMap)}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "postgresql.fullname" . }}-extended-configuration + labels: + {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: +{{- with .Files.Glob "files/conf.d/*.conf" }} +{{ .AsConfig | indent 2 }} +{{- end }} +{{ with .Values.postgresqlExtendedConf }} + override.conf: | +{{- range $key, $value := . }} + {{ $key | snakecase }}={{ $value }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/initialization-configmap.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/initialization-configmap.yaml new file mode 100644 index 000000000..6637867a3 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/initialization-configmap.yaml @@ -0,0 +1,24 @@ +{{- if and (or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScripts) (not .Values.initdbScriptsConfigMap) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "postgresql.fullname" . }}-init-scripts + labels: + {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +{{- with .Files.Glob "files/docker-entrypoint-initdb.d/*.sql.gz" }} +binaryData: +{{- range $path, $bytes := . }} + {{ base $path }}: {{ $.Files.Get $path | b64enc | quote }} +{{- end }} +{{- end }} +data: +{{- with .Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql}" }} +{{ .AsConfig | indent 2 }} +{{- end }} +{{- with .Values.initdbScripts }} +{{ toYaml . | indent 2 }} +{{- end }} +{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/metrics-configmap.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/metrics-configmap.yaml new file mode 100644 index 000000000..6b7a3171e --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/metrics-configmap.yaml @@ -0,0 +1,13 @@ +{{- if and .Values.metrics.enabled .Values.metrics.customMetrics }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "postgresql.metricsCM" . }} + labels: + {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + custom-metrics.yaml: {{ toYaml .Values.metrics.customMetrics | quote }} +{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/metrics-svc.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/metrics-svc.yaml new file mode 100644 index 000000000..b993c9971 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/metrics-svc.yaml @@ -0,0 +1,25 @@ +{{- if .Values.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "postgresql.fullname" . }}-metrics + labels: + {{- include "common.labels.standard" . | nindent 4 }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- toYaml .Values.metrics.service.annotations | nindent 4 }} +spec: + type: {{ .Values.metrics.service.type }} + {{- if and (eq .Values.metrics.service.type "LoadBalancer") .Values.metrics.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.metrics.service.loadBalancerIP }} + {{- end }} + ports: + - name: http-metrics + port: 9187 + targetPort: http-metrics + selector: + {{- include "common.labels.matchLabels" . | nindent 4 }} + role: master +{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/networkpolicy.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/networkpolicy.yaml new file mode 100644 index 000000000..2a7b372fe --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/networkpolicy.yaml @@ -0,0 +1,36 @@ +{{- if .Values.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ template "postgresql.networkPolicy.apiVersion" . }} +metadata: + name: {{ template "postgresql.fullname" . }} + labels: + {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + podSelector: + matchLabels: + {{- include "common.labels.matchLabels" . | nindent 6 }} + ingress: + # Allow inbound connections + - ports: + - port: {{ template "postgresql.port" . }} + {{- if not .Values.networkPolicy.allowExternal }} + from: + - podSelector: + matchLabels: + {{ template "postgresql.fullname" . }}-client: "true" + {{- if .Values.networkPolicy.explicitNamespacesSelector }} + namespaceSelector: +{{ toYaml .Values.networkPolicy.explicitNamespacesSelector | indent 12 }} + {{- end }} + - podSelector: + matchLabels: + {{- include "common.labels.matchLabels" . | nindent 14 }} + role: slave + {{- end }} + # Allow prometheus scrapes + - ports: + - port: 9187 +{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/podsecuritypolicy.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/podsecuritypolicy.yaml new file mode 100644 index 000000000..da0b3ab11 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/podsecuritypolicy.yaml @@ -0,0 +1,37 @@ +{{- if .Values.psp.create }} +apiVersion: {{ include "podsecuritypolicy.apiVersion" . }} +kind: PodSecurityPolicy +metadata: + name: {{ template "postgresql.fullname" . }} + labels: + {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + privileged: false + volumes: + - 'configMap' + - 'secret' + - 'persistentVolumeClaim' + - 'emptyDir' + - 'projected' + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false +{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/prometheusrule.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/prometheusrule.yaml new file mode 100644 index 000000000..b0c41b1a4 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/prometheusrule.yaml @@ -0,0 +1,23 @@ +{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ template "postgresql.fullname" . }} +{{- with .Values.metrics.prometheusRule.namespace }} + namespace: {{ . }} +{{- end }} + labels: + {{- include "common.labels.standard" . | nindent 4 }} + {{- with .Values.metrics.prometheusRule.additionalLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: +{{- with .Values.metrics.prometheusRule.rules }} + groups: + - name: {{ template "postgresql.name" $ }} + rules: {{ tpl (toYaml .) $ | nindent 8 }} +{{- end }} +{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/role.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/role.yaml new file mode 100644 index 000000000..6d3cf50a4 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/role.yaml @@ -0,0 +1,19 @@ +{{- if .Values.rbac.create }} +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ template "postgresql.fullname" . }} + labels: + {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +rules: + {{- if .Values.psp.create }} + - apiGroups: ["extensions"] + resources: ["podsecuritypolicies"] + verbs: ["use"] + resourceNames: + - {{ template "postgresql.fullname" . }} + {{- end }} +{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/rolebinding.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/rolebinding.yaml new file mode 100644 index 000000000..f7837388d --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/rolebinding.yaml @@ -0,0 +1,19 @@ +{{- if .Values.rbac.create }} +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ template "postgresql.fullname" . }} + labels: + {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +roleRef: + kind: Role + name: {{ template "postgresql.fullname" . }} + apiGroup: rbac.authorization.k8s.io +subjects: + - kind: ServiceAccount + name: {{ default (include "postgresql.fullname" . ) .Values.serviceAccount.name }} + namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/secrets.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/secrets.yaml new file mode 100644 index 000000000..c93dbe0bd --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/secrets.yaml @@ -0,0 +1,23 @@ +{{- if (include "postgresql.createSecret" .) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "postgresql.fullname" . }} + labels: + {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: Opaque +data: + {{- if and .Values.postgresqlPostgresPassword (not (eq .Values.postgresqlUsername "postgres")) }} + postgresql-postgres-password: {{ include "postgresql.postgres.password" . | b64enc | quote }} + {{- end }} + postgresql-password: {{ include "postgresql.password" . | b64enc | quote }} + {{- if .Values.replication.enabled }} + postgresql-replication-password: {{ include "postgresql.replication.password" . | b64enc | quote }} + {{- end }} + {{- if (and .Values.ldap.enabled .Values.ldap.bind_password)}} + postgresql-ldap-password: {{ .Values.ldap.bind_password | b64enc | quote }} + {{- end }} +{{- end -}} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/serviceaccount.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/serviceaccount.yaml new file mode 100644 index 000000000..17f7ff399 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/serviceaccount.yaml @@ -0,0 +1,11 @@ +{{- if and (.Values.serviceAccount.enabled) (not .Values.serviceAccount.name) }} +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + {{- include "common.labels.standard" . | nindent 4 }} + name: {{ template "postgresql.fullname" . }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/servicemonitor.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/servicemonitor.yaml new file mode 100644 index 000000000..d57b7fb48 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/servicemonitor.yaml @@ -0,0 +1,33 @@ +{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "postgresql.fullname" . }} + {{- if .Values.metrics.serviceMonitor.namespace }} + namespace: {{ .Values.metrics.serviceMonitor.namespace }} + {{- end }} + labels: + {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.metrics.serviceMonitor.additionalLabels }} + {{- toYaml .Values.metrics.serviceMonitor.additionalLabels | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + +spec: + endpoints: + - port: http-metrics + {{- if .Values.metrics.serviceMonitor.interval }} + interval: {{ .Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + selector: + matchLabels: + {{- include "common.labels.matchLabels" . | nindent 6 }} +{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/statefulset-slaves.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/statefulset-slaves.yaml new file mode 100644 index 000000000..54d24099f --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/statefulset-slaves.yaml @@ -0,0 +1,345 @@ +{{- if .Values.replication.enabled }} +apiVersion: {{ template "postgresql.statefulset.apiVersion" . }} +kind: StatefulSet +metadata: + name: "{{ template "postgresql.fullname" . }}-slave" + labels: + {{- include "common.labels.standard" . | nindent 4 }} +{{- with .Values.slave.labels }} +{{ toYaml . | indent 4 }} +{{- end }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- with .Values.slave.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + serviceName: {{ template "postgresql.fullname" . }}-headless + replicas: {{ .Values.replication.slaveReplicas }} + selector: + matchLabels: + {{- include "common.labels.matchLabels" . | nindent 6 }} + role: slave + template: + metadata: + name: {{ template "postgresql.fullname" . }} + labels: + {{- include "common.labels.standard" . | nindent 8 }} + role: slave +{{- with .Values.slave.podLabels }} +{{ toYaml . | indent 8 }} +{{- end }} +{{- with .Values.slave.podAnnotations }} + annotations: +{{ toYaml . | indent 8 }} +{{- end }} + spec: + {{- if .Values.schedulerName }} + schedulerName: "{{ .Values.schedulerName }}" + {{- end }} +{{- include "postgresql.imagePullSecrets" . | indent 6 }} + {{- if .Values.slave.nodeSelector }} + nodeSelector: +{{ toYaml .Values.slave.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.slave.affinity }} + affinity: +{{ toYaml .Values.slave.affinity | indent 8 }} + {{- end }} + {{- if .Values.slave.tolerations }} + tolerations: +{{ toYaml .Values.slave.tolerations | indent 8 }} + {{- end }} + {{- if .Values.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} + {{- end }} + {{- if .Values.securityContext.enabled }} + securityContext: + fsGroup: {{ .Values.securityContext.fsGroup }} + {{- end }} + {{- if .Values.serviceAccount.enabled }} + serviceAccountName: {{ default (include "postgresql.fullname" . ) .Values.serviceAccount.name}} + {{- end }} + {{- if or .Values.slave.extraInitContainers (and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled))) }} + initContainers: + {{- if and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled) .Values.tls.enabled) }} + - name: init-chmod-data + image: {{ template "postgresql.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + command: + - /bin/sh + - -cx + - | + {{- if .Values.persistence.enabled }} + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + chown `id -u`:`id -G | cut -d " " -f2` {{ .Values.persistence.mountPath }} + {{- else }} + chown {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} {{ .Values.persistence.mountPath }} + {{- end }} + mkdir -p {{ .Values.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.persistence.mountPath }}/conf {{- end }} + chmod 700 {{ .Values.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.persistence.mountPath }}/conf {{- end }} + find {{ .Values.persistence.mountPath }} -mindepth 1 -maxdepth 1 {{- if not (include "postgresql.mountConfigurationCM" .) }} -not -name "conf" {{- end }} -not -name ".snapshot" -not -name "lost+found" | \ + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + xargs chown -R `id -u`:`id -G | cut -d " " -f2` + {{- else }} + xargs chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} + {{- end }} + {{- end }} + {{- if and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled }} + chmod -R 777 /dev/shm + {{- end }} + {{- if .Values.tls.enabled }} + cp /tmp/certs/* /opt/bitnami/postgresql/certs/ + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + chown -R `id -u`:`id -G | cut -d " " -f2` /opt/bitnami/postgresql/certs/ + {{- else }} + chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} /opt/bitnami/postgresql/certs/ + {{- end }} + chmod 600 {{ template "postgresql.tlsCertKey" . }} + {{- end }} + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + securityContext: + {{- else }} + securityContext: + runAsUser: {{ .Values.volumePermissions.securityContext.runAsUser }} + {{- end }} + volumeMounts: + {{ if .Values.persistence.enabled }} + - name: data + mountPath: {{ .Values.persistence.mountPath }} + subPath: {{ .Values.persistence.subPath }} + {{- end }} + {{- if .Values.shmVolume.enabled }} + - name: dshm + mountPath: /dev/shm + {{- end }} + {{- if .Values.tls.enabled }} + - name: raw-certificates + mountPath: /tmp/certs + - name: postgresql-certificates + mountPath: /opt/bitnami/postgresql/certs + {{- end }} + {{- end }} + {{- if .Values.slave.extraInitContainers }} +{{ tpl .Values.slave.extraInitContainers . | indent 8 }} + {{- end }} + {{- end }} + {{- if .Values.slave.priorityClassName }} + priorityClassName: {{ .Values.slave.priorityClassName }} + {{- end }} + containers: + - name: {{ template "postgresql.fullname" . }} + image: {{ template "postgresql.image" . }} + imagePullPolicy: "{{ .Values.image.pullPolicy }}" + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + {{- if .Values.securityContext.enabled }} + securityContext: + runAsUser: {{ .Values.securityContext.runAsUser }} + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" .Values.image.debug | quote }} + - name: POSTGRESQL_VOLUME_DIR + value: "{{ .Values.persistence.mountPath }}" + - name: POSTGRESQL_PORT_NUMBER + value: "{{ template "postgresql.port" . }}" + {{- if .Values.persistence.mountPath }} + - name: PGDATA + value: {{ .Values.postgresqlDataDir | quote }} + {{- end }} + - name: POSTGRES_REPLICATION_MODE + value: "slave" + - name: POSTGRES_REPLICATION_USER + value: {{ include "postgresql.replication.username" . | quote }} + {{- if .Values.usePasswordFile }} + - name: POSTGRES_REPLICATION_PASSWORD_FILE + value: "/opt/bitnami/postgresql/secrets/postgresql-replication-password" + {{- else }} + - name: POSTGRES_REPLICATION_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "postgresql.secretName" . }} + key: postgresql-replication-password + {{- end }} + - name: POSTGRES_CLUSTER_APP_NAME + value: {{ .Values.replication.applicationName }} + - name: POSTGRES_MASTER_HOST + value: {{ template "postgresql.fullname" . }} + - name: POSTGRES_MASTER_PORT_NUMBER + value: {{ include "postgresql.port" . | quote }} + {{- if and (not (eq .Values.postgresqlUsername "postgres")) (or .Values.postgresqlPostgresPassword (include "postgresql.useExistingSecret" .)) }} + {{- if .Values.usePasswordFile }} + - name: POSTGRES_POSTGRES_PASSWORD_FILE + value: "/opt/bitnami/postgresql/secrets/postgresql-postgres-password" + {{- else }} + - name: POSTGRES_POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "postgresql.secretName" . }} + key: postgresql-postgres-password + {{- end }} + {{- end }} + {{- if .Values.usePasswordFile }} + - name: POSTGRES_PASSWORD_FILE + value: "/opt/bitnami/postgresql/secrets/postgresql-password" + {{- else }} + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "postgresql.secretName" . }} + key: postgresql-password + {{- end }} + - name: POSTGRESQL_ENABLE_TLS + value: {{ ternary "yes" "no" .Values.tls.enabled | quote }} + {{- if .Values.tls.enabled }} + - name: POSTGRESQL_TLS_PREFER_SERVER_CIPHERS + value: {{ ternary "yes" "no" .Values.tls.preferServerCiphers | quote }} + - name: POSTGRESQL_TLS_CERT_FILE + value: {{ template "postgresql.tlsCert" . }} + - name: POSTGRESQL_TLS_KEY_FILE + value: {{ template "postgresql.tlsCertKey" . }} + {{- if .Values.tls.certCAFilename }} + - name: POSTGRESQL_TLS_CA_FILE + value: {{ template "postgresql.tlsCACert" . }} + {{- end }} + {{- if .Values.tls.crlFilename }} + - name: POSTGRESQL_TLS_CRL_FILE + value: {{ template "postgresql.tlsCRL" . }} + {{- end }} + {{- end }} + ports: + - name: tcp-postgresql + containerPort: {{ template "postgresql.port" . }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: + exec: + command: + - /bin/sh + - -c + {{- if (include "postgresql.database" .) }} + - exec pg_isready -U {{ include "postgresql.username" . | quote }} -d "dbname={{ include "postgresql.database" . }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}{{- end }}" -h 127.0.0.1 -p {{ template "postgresql.port" . }} + {{- else }} + - exec pg_isready -U {{ include "postgresql.username" . | quote }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} -d "sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}"{{- end }} -h 127.0.0.1 -p {{ template "postgresql.port" . }} + {{- end }} + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: + exec: + command: + - /bin/sh + - -c + - -e + {{- include "postgresql.readinessProbeCommand" . | nindent 16 }} + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + {{- end }} + volumeMounts: + {{- if .Values.usePasswordFile }} + - name: postgresql-password + mountPath: /opt/bitnami/postgresql/secrets/ + {{- end }} + {{- if .Values.shmVolume.enabled }} + - name: dshm + mountPath: /dev/shm + {{- end }} + {{- if .Values.persistence.enabled }} + - name: data + mountPath: {{ .Values.persistence.mountPath }} + subPath: {{ .Values.persistence.subPath }} + {{ end }} + {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }} + - name: postgresql-extended-config + mountPath: /bitnami/postgresql/conf/conf.d/ + {{- end }} + {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap }} + - name: postgresql-config + mountPath: /bitnami/postgresql/conf + {{- end }} + {{- if .Values.tls.enabled }} + - name: postgresql-certificates + mountPath: /opt/bitnami/postgresql/certs + readOnly: true + {{- end }} + {{- if .Values.slave.extraVolumeMounts }} + {{- toYaml .Values.slave.extraVolumeMounts | nindent 12 }} + {{- end }} +{{- if .Values.slave.sidecars }} +{{- include "postgresql.tplValue" ( dict "value" .Values.slave.sidecars "context" $ ) | nindent 8 }} +{{- end }} + volumes: + {{- if .Values.usePasswordFile }} + - name: postgresql-password + secret: + secretName: {{ template "postgresql.secretName" . }} + {{- end }} + {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap}} + - name: postgresql-config + configMap: + name: {{ template "postgresql.configurationCM" . }} + {{- end }} + {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }} + - name: postgresql-extended-config + configMap: + name: {{ template "postgresql.extendedConfigurationCM" . }} + {{- end }} + {{- if .Values.tls.enabled }} + - name: raw-certificates + secret: + secretName: {{ required "A secret containing TLS certificates is required when TLS is enabled" .Values.tls.certificatesSecret }} + - name: postgresql-certificates + emptyDir: {} + {{- end }} + {{- if .Values.shmVolume.enabled }} + - name: dshm + emptyDir: + medium: Memory + sizeLimit: 1Gi + {{- end }} + {{- if or (not .Values.persistence.enabled) (not .Values.slave.persistence.enabled) }} + - name: data + emptyDir: {} + {{- end }} + {{- if .Values.slave.extraVolumes }} + {{- toYaml .Values.slave.extraVolumes | nindent 8 }} + {{- end }} + updateStrategy: + type: {{ .Values.updateStrategy.type }} + {{- if (eq "Recreate" .Values.updateStrategy.type) }} + rollingUpdate: null + {{- end }} +{{- if and .Values.persistence.enabled .Values.slave.persistence.enabled }} + volumeClaimTemplates: + - metadata: + name: data + {{- with .Values.persistence.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value }} + {{- end }} + {{- end }} + spec: + accessModes: + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{ include "postgresql.storageClass" . }} +{{- end }} +{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/statefulset.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/statefulset.yaml new file mode 100644 index 000000000..0e6eefebb --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/statefulset.yaml @@ -0,0 +1,514 @@ +apiVersion: {{ template "postgresql.statefulset.apiVersion" . }} +kind: StatefulSet +metadata: + name: {{ template "postgresql.master.fullname" . }} + labels: + {{- include "common.labels.standard" . | nindent 4 }} + {{- with .Values.master.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- with .Values.master.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + serviceName: {{ template "postgresql.fullname" . }}-headless + replicas: 1 + updateStrategy: + type: {{ .Values.updateStrategy.type }} + {{- if (eq "Recreate" .Values.updateStrategy.type) }} + rollingUpdate: null + {{- end }} + selector: + matchLabels: + {{- include "common.labels.matchLabels" . | nindent 6 }} + role: master + template: + metadata: + name: {{ template "postgresql.fullname" . }} + labels: + {{- include "common.labels.standard" . | nindent 8 }} + role: master + {{- with .Values.master.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.master.podAnnotations }} + annotations: {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- if .Values.schedulerName }} + schedulerName: "{{ .Values.schedulerName }}" + {{- end }} +{{- include "postgresql.imagePullSecrets" . | indent 6 }} + {{- if .Values.master.nodeSelector }} + nodeSelector: {{- toYaml .Values.master.nodeSelector | nindent 8 }} + {{- end }} + {{- if .Values.master.affinity }} + affinity: {{- toYaml .Values.master.affinity | nindent 8 }} + {{- end }} + {{- if .Values.master.tolerations }} + tolerations: {{- toYaml .Values.master.tolerations | nindent 8 }} + {{- end }} + {{- if .Values.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} + {{- end }} + {{- if .Values.securityContext.enabled }} + securityContext: + fsGroup: {{ .Values.securityContext.fsGroup }} + {{- end }} + {{- if .Values.serviceAccount.enabled }} + serviceAccountName: {{ default (include "postgresql.fullname" . ) .Values.serviceAccount.name }} + {{- end }} + {{- if or .Values.master.extraInitContainers (and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled))) }} + initContainers: + {{- if and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled) .Values.tls.enabled) }} + - name: init-chmod-data + image: {{ template "postgresql.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + command: + - /bin/sh + - -cx + - | + {{- if .Values.persistence.enabled }} + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + chown `id -u`:`id -G | cut -d " " -f2` {{ .Values.persistence.mountPath }} + {{- else }} + chown {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} {{ .Values.persistence.mountPath }} + {{- end }} + mkdir -p {{ .Values.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.persistence.mountPath }}/conf {{- end }} + chmod 700 {{ .Values.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.persistence.mountPath }}/conf {{- end }} + find {{ .Values.persistence.mountPath }} -mindepth 1 -maxdepth 1 {{- if not (include "postgresql.mountConfigurationCM" .) }} -not -name "conf" {{- end }} -not -name ".snapshot" -not -name "lost+found" | \ + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + xargs chown -R `id -u`:`id -G | cut -d " " -f2` + {{- else }} + xargs chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} + {{- end }} + {{- end }} + {{- if and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled }} + chmod -R 777 /dev/shm + {{- end }} + {{- if .Values.tls.enabled }} + cp /tmp/certs/* /opt/bitnami/postgresql/certs/ + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + chown -R `id -u`:`id -G | cut -d " " -f2` /opt/bitnami/postgresql/certs/ + {{- else }} + chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} /opt/bitnami/postgresql/certs/ + {{- end }} + chmod 600 {{ template "postgresql.tlsCertKey" . }} + {{- end }} + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + securityContext: + {{- else }} + securityContext: + runAsUser: {{ .Values.volumePermissions.securityContext.runAsUser }} + {{- end }} + volumeMounts: + {{- if .Values.persistence.enabled }} + - name: data + mountPath: {{ .Values.persistence.mountPath }} + subPath: {{ .Values.persistence.subPath }} + {{- end }} + {{- if .Values.shmVolume.enabled }} + - name: dshm + mountPath: /dev/shm + {{- end }} + {{- if .Values.tls.enabled }} + - name: raw-certificates + mountPath: /tmp/certs + - name: postgresql-certificates + mountPath: /opt/bitnami/postgresql/certs + {{- end }} + {{- end }} + {{- if .Values.master.extraInitContainers }} + {{- include "postgresql.tplValue" ( dict "value" .Values.master.extraInitContainers "context" $ ) | nindent 8 }} + {{- end }} + {{- end }} + {{- if .Values.master.priorityClassName }} + priorityClassName: {{ .Values.master.priorityClassName }} + {{- end }} + containers: + - name: {{ template "postgresql.fullname" . }} + image: {{ template "postgresql.image" . }} + imagePullPolicy: "{{ .Values.image.pullPolicy }}" + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + {{- if .Values.securityContext.enabled }} + securityContext: + runAsUser: {{ .Values.securityContext.runAsUser }} + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" .Values.image.debug | quote }} + - name: POSTGRESQL_PORT_NUMBER + value: "{{ template "postgresql.port" . }}" + - name: POSTGRESQL_VOLUME_DIR + value: "{{ .Values.persistence.mountPath }}" + {{- if .Values.postgresqlInitdbArgs }} + - name: POSTGRES_INITDB_ARGS + value: {{ .Values.postgresqlInitdbArgs | quote }} + {{- end }} + {{- if .Values.postgresqlInitdbWalDir }} + - name: POSTGRES_INITDB_WALDIR + value: {{ .Values.postgresqlInitdbWalDir | quote }} + {{- end }} + {{- if .Values.initdbUser }} + - name: POSTGRESQL_INITSCRIPTS_USERNAME + value: {{ .Values.initdbUser }} + {{- end }} + {{- if .Values.initdbPassword }} + - name: POSTGRESQL_INITSCRIPTS_PASSWORD + value: {{ .Values.initdbPassword }} + {{- end }} + {{- if .Values.persistence.mountPath }} + - name: PGDATA + value: {{ .Values.postgresqlDataDir | quote }} + {{- end }} + {{- if .Values.replication.enabled }} + - name: POSTGRES_REPLICATION_MODE + value: "master" + - name: POSTGRES_REPLICATION_USER + value: {{ include "postgresql.replication.username" . | quote }} + {{- if .Values.usePasswordFile }} + - name: POSTGRES_REPLICATION_PASSWORD_FILE + value: "/opt/bitnami/postgresql/secrets/postgresql-replication-password" + {{- else }} + - name: POSTGRES_REPLICATION_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "postgresql.secretName" . }} + key: postgresql-replication-password + {{- end }} + {{- if not (eq .Values.replication.synchronousCommit "off")}} + - name: POSTGRES_SYNCHRONOUS_COMMIT_MODE + value: {{ .Values.replication.synchronousCommit | quote }} + - name: POSTGRES_NUM_SYNCHRONOUS_REPLICAS + value: {{ .Values.replication.numSynchronousReplicas | quote }} + {{- end }} + - name: POSTGRES_CLUSTER_APP_NAME + value: {{ .Values.replication.applicationName }} + {{- end }} + {{- if and (not (eq .Values.postgresqlUsername "postgres")) (or .Values.postgresqlPostgresPassword (include "postgresql.useExistingSecret" .)) }} + {{- if .Values.usePasswordFile }} + - name: POSTGRES_POSTGRES_PASSWORD_FILE + value: "/opt/bitnami/postgresql/secrets/postgresql-postgres-password" + {{- else }} + - name: POSTGRES_POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "postgresql.secretName" . }} + key: postgresql-postgres-password + {{- end }} + {{- end }} + - name: POSTGRES_USER + value: {{ include "postgresql.username" . | quote }} + {{- if .Values.usePasswordFile }} + - name: POSTGRES_PASSWORD_FILE + value: "/opt/bitnami/postgresql/secrets/postgresql-password" + {{- else }} + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "postgresql.secretName" . }} + key: postgresql-password + {{- end }} + {{- if (include "postgresql.database" .) }} + - name: POSTGRES_DB + value: {{ (include "postgresql.database" .) | quote }} + {{- end }} + {{- if .Values.extraEnv }} + {{- include "postgresql.tplValue" (dict "value" .Values.extraEnv "context" $) | nindent 12 }} + {{- end }} + - name: POSTGRESQL_ENABLE_LDAP + value: {{ ternary "yes" "no" .Values.ldap.enabled | quote }} + {{- if .Values.ldap.enabled }} + - name: POSTGRESQL_LDAP_SERVER + value: {{ .Values.ldap.server }} + - name: POSTGRESQL_LDAP_PORT + value: {{ .Values.ldap.port | quote }} + - name: POSTGRESQL_LDAP_SCHEME + value: {{ .Values.ldap.scheme }} + {{- if .Values.ldap.tls }} + - name: POSTGRESQL_LDAP_TLS + value: "1" + {{- end}} + - name: POSTGRESQL_LDAP_PREFIX + value: {{ .Values.ldap.prefix | quote }} + - name: POSTGRESQL_LDAP_SUFFIX + value: {{ .Values.ldap.suffix | quote}} + - name: POSTGRESQL_LDAP_BASE_DN + value: {{ .Values.ldap.baseDN }} + - name: POSTGRESQL_LDAP_BIND_DN + value: {{ .Values.ldap.bindDN }} + {{- if (not (empty .Values.ldap.bind_password)) }} + - name: POSTGRESQL_LDAP_BIND_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "postgresql.secretName" . }} + key: postgresql-ldap-password + {{- end}} + - name: POSTGRESQL_LDAP_SEARCH_ATTR + value: {{ .Values.ldap.search_attr }} + - name: POSTGRESQL_LDAP_SEARCH_FILTER + value: {{ .Values.ldap.search_filter }} + - name: POSTGRESQL_LDAP_URL + value: {{ .Values.ldap.url }} + {{- end}} + - name: POSTGRESQL_ENABLE_TLS + value: {{ ternary "yes" "no" .Values.tls.enabled | quote }} + {{- if .Values.tls.enabled }} + - name: POSTGRESQL_TLS_PREFER_SERVER_CIPHERS + value: {{ ternary "yes" "no" .Values.tls.preferServerCiphers | quote }} + - name: POSTGRESQL_TLS_CERT_FILE + value: {{ template "postgresql.tlsCert" . }} + - name: POSTGRESQL_TLS_KEY_FILE + value: {{ template "postgresql.tlsCertKey" . }} + {{- if .Values.tls.certCAFilename }} + - name: POSTGRESQL_TLS_CA_FILE + value: {{ template "postgresql.tlsCACert" . }} + {{- end }} + {{- if .Values.tls.crlFilename }} + - name: POSTGRESQL_TLS_CRL_FILE + value: {{ template "postgresql.tlsCRL" . }} + {{- end }} + {{- end }} + {{- if .Values.extraEnvVarsCM }} + envFrom: + - configMapRef: + name: {{ tpl .Values.extraEnvVarsCM . }} + {{- end }} + ports: + - name: tcp-postgresql + containerPort: {{ template "postgresql.port" . }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: + exec: + command: + - /bin/sh + - -c + {{- if (include "postgresql.database" .) }} + - exec pg_isready -U {{ include "postgresql.username" . | quote }} -d "dbname={{ include "postgresql.database" . }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}{{- end }}" -h 127.0.0.1 -p {{ template "postgresql.port" . }} + {{- else }} + - exec pg_isready -U {{ include "postgresql.username" . | quote }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} -d "sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}"{{- end }} -h 127.0.0.1 -p {{ template "postgresql.port" . }} + {{- end }} + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: + exec: + command: + - /bin/sh + - -c + - -e + {{- include "postgresql.readinessProbeCommand" . | nindent 16 }} + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + {{- end }} + volumeMounts: + {{- if or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScriptsConfigMap .Values.initdbScripts }} + - name: custom-init-scripts + mountPath: /docker-entrypoint-initdb.d/ + {{- end }} + {{- if .Values.initdbScriptsSecret }} + - name: custom-init-scripts-secret + mountPath: /docker-entrypoint-initdb.d/secret + {{- end }} + {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }} + - name: postgresql-extended-config + mountPath: /bitnami/postgresql/conf/conf.d/ + {{- end }} + {{- if .Values.usePasswordFile }} + - name: postgresql-password + mountPath: /opt/bitnami/postgresql/secrets/ + {{- end }} + {{- if .Values.tls.enabled }} + - name: postgresql-certificates + mountPath: /opt/bitnami/postgresql/certs + readOnly: true + {{- end }} + {{- if .Values.shmVolume.enabled }} + - name: dshm + mountPath: /dev/shm + {{- end }} + {{- if .Values.persistence.enabled }} + - name: data + mountPath: {{ .Values.persistence.mountPath }} + subPath: {{ .Values.persistence.subPath }} + {{- end }} + {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap }} + - name: postgresql-config + mountPath: /bitnami/postgresql/conf + {{- end }} + {{- if .Values.master.extraVolumeMounts }} + {{- toYaml .Values.master.extraVolumeMounts | nindent 12 }} + {{- end }} +{{- if .Values.master.sidecars }} +{{- include "postgresql.tplValue" ( dict "value" .Values.master.sidecars "context" $ ) | nindent 8 }} +{{- end }} +{{- if .Values.metrics.enabled }} + - name: metrics + image: {{ template "postgresql.metrics.image" . }} + imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} + {{- if .Values.metrics.securityContext.enabled }} + securityContext: + runAsUser: {{ .Values.metrics.securityContext.runAsUser }} + {{- end }} + env: + {{- $database := required "In order to enable metrics you need to specify a database (.Values.postgresqlDatabase or .Values.global.postgresql.postgresqlDatabase)" (include "postgresql.database" .) }} + {{- $sslmode := ternary "require" "disable" .Values.tls.enabled }} + {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} + - name: DATA_SOURCE_NAME + value: {{ printf "host=127.0.0.1 port=%d user=%s sslmode=%s sslcert=%s sslkey=%s" (int (include "postgresql.port" .)) (include "postgresql.username" .) $sslmode (include "postgresql.tlsCert" .) (include "postgresql.tlsCertKey" .) }} + {{- else }} + - name: DATA_SOURCE_URI + value: {{ printf "127.0.0.1:%d/%s?sslmode=%s" (int (include "postgresql.port" .)) $database $sslmode }} + {{- end }} + {{- if .Values.usePasswordFile }} + - name: DATA_SOURCE_PASS_FILE + value: "/opt/bitnami/postgresql/secrets/postgresql-password" + {{- else }} + - name: DATA_SOURCE_PASS + valueFrom: + secretKeyRef: + name: {{ template "postgresql.secretName" . }} + key: postgresql-password + {{- end }} + - name: DATA_SOURCE_USER + value: {{ template "postgresql.username" . }} + {{- if .Values.metrics.extraEnvVars }} + {{- include "postgresql.tplValue" (dict "value" .Values.metrics.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: / + port: http-metrics + initialDelaySeconds: {{ .Values.metrics.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.metrics.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.metrics.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.metrics.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.metrics.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: / + port: http-metrics + initialDelaySeconds: {{ .Values.metrics.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.metrics.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.metrics.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.metrics.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.metrics.readinessProbe.failureThreshold }} + {{- end }} + volumeMounts: + {{- if .Values.usePasswordFile }} + - name: postgresql-password + mountPath: /opt/bitnami/postgresql/secrets/ + {{- end }} + {{- if .Values.tls.enabled }} + - name: postgresql-certificates + mountPath: /opt/bitnami/postgresql/certs + readOnly: true + {{- end }} + {{- if .Values.metrics.customMetrics }} + - name: custom-metrics + mountPath: /conf + readOnly: true + args: ["--extend.query-path", "/conf/custom-metrics.yaml"] + {{- end }} + ports: + - name: http-metrics + containerPort: 9187 + {{- if .Values.metrics.resources }} + resources: {{- toYaml .Values.metrics.resources | nindent 12 }} + {{- end }} +{{- end }} + volumes: + {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap}} + - name: postgresql-config + configMap: + name: {{ template "postgresql.configurationCM" . }} + {{- end }} + {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }} + - name: postgresql-extended-config + configMap: + name: {{ template "postgresql.extendedConfigurationCM" . }} + {{- end }} + {{- if .Values.usePasswordFile }} + - name: postgresql-password + secret: + secretName: {{ template "postgresql.secretName" . }} + {{- end }} + {{- if or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScriptsConfigMap .Values.initdbScripts }} + - name: custom-init-scripts + configMap: + name: {{ template "postgresql.initdbScriptsCM" . }} + {{- end }} + {{- if .Values.initdbScriptsSecret }} + - name: custom-init-scripts-secret + secret: + secretName: {{ template "postgresql.initdbScriptsSecret" . }} + {{- end }} + {{- if .Values.tls.enabled }} + - name: raw-certificates + secret: + secretName: {{ required "A secret containing TLS certificates is required when TLS is enabled" .Values.tls.certificatesSecret }} + - name: postgresql-certificates + emptyDir: {} + {{- end }} + {{- if .Values.master.extraVolumes }} + {{- toYaml .Values.master.extraVolumes | nindent 8 }} + {{- end }} + {{- if and .Values.metrics.enabled .Values.metrics.customMetrics }} + - name: custom-metrics + configMap: + name: {{ template "postgresql.metricsCM" . }} + {{- end }} + {{- if .Values.shmVolume.enabled }} + - name: dshm + emptyDir: + medium: Memory + sizeLimit: 1Gi + {{- end }} +{{- if and .Values.persistence.enabled .Values.persistence.existingClaim }} + - name: data + persistentVolumeClaim: +{{- with .Values.persistence.existingClaim }} + claimName: {{ tpl . $ }} +{{- end }} +{{- else if not .Values.persistence.enabled }} + - name: data + emptyDir: {} +{{- else if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} + volumeClaimTemplates: + - metadata: + name: data + {{- with .Values.persistence.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value }} + {{- end }} + {{- end }} + spec: + accessModes: + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{ include "postgresql.storageClass" . }} +{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/svc-headless.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/svc-headless.yaml new file mode 100644 index 000000000..49131578a --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/svc-headless.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "postgresql.fullname" . }}-headless + labels: + {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + type: ClusterIP + clusterIP: None + ports: + - name: tcp-postgresql + port: {{ template "postgresql.port" . }} + targetPort: tcp-postgresql + selector: + {{- include "common.labels.matchLabels" . | nindent 4 }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/svc-read.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/svc-read.yaml new file mode 100644 index 000000000..885c7bb04 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/svc-read.yaml @@ -0,0 +1,42 @@ +{{- if .Values.replication.enabled }} +{{- $serviceAnnotations := coalesce .Values.slave.service.annotations .Values.service.annotations -}} +{{- $serviceType := coalesce .Values.slave.service.type .Values.service.type -}} +{{- $serviceLoadBalancerIP := coalesce .Values.slave.service.loadBalancerIP .Values.service.loadBalancerIP -}} +{{- $serviceLoadBalancerSourceRanges := coalesce .Values.slave.service.loadBalancerSourceRanges .Values.service.loadBalancerSourceRanges -}} +{{- $serviceClusterIP := coalesce .Values.slave.service.clusterIP .Values.service.clusterIP -}} +{{- $serviceNodePort := coalesce .Values.slave.service.nodePort .Values.service.nodePort -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "postgresql.fullname" . }}-read + labels: + {{- include "common.labels.standard" . | nindent 4 }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if $serviceAnnotations }} + {{- include "postgresql.tplValue" (dict "value" $serviceAnnotations "context" $) | nindent 4 }} + {{- end }} +spec: + type: {{ $serviceType }} + {{- if and $serviceLoadBalancerIP (eq $serviceType "LoadBalancer") }} + loadBalancerIP: {{ $serviceLoadBalancerIP }} + {{- end }} + {{- if and (eq $serviceType "LoadBalancer") $serviceLoadBalancerSourceRanges }} + loadBalancerSourceRanges: {{- include "postgresql.tplValue" (dict "value" $serviceLoadBalancerSourceRanges "context" $) | nindent 4 }} + {{- end }} + {{- if and (eq $serviceType "ClusterIP") $serviceClusterIP }} + clusterIP: {{ $serviceClusterIP }} + {{- end }} + ports: + - name: tcp-postgresql + port: {{ template "postgresql.port" . }} + targetPort: tcp-postgresql + {{- if $serviceNodePort }} + nodePort: {{ $serviceNodePort }} + {{- end }} + selector: + {{- include "common.labels.matchLabels" . | nindent 4 }} + role: slave +{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/svc.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/svc.yaml new file mode 100644 index 000000000..e9fc50456 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/templates/svc.yaml @@ -0,0 +1,40 @@ +{{- $serviceAnnotations := coalesce .Values.master.service.annotations .Values.service.annotations -}} +{{- $serviceType := coalesce .Values.master.service.type .Values.service.type -}} +{{- $serviceLoadBalancerIP := coalesce .Values.master.service.loadBalancerIP .Values.service.loadBalancerIP -}} +{{- $serviceLoadBalancerSourceRanges := coalesce .Values.master.service.loadBalancerSourceRanges .Values.service.loadBalancerSourceRanges -}} +{{- $serviceClusterIP := coalesce .Values.master.service.clusterIP .Values.service.clusterIP -}} +{{- $serviceNodePort := coalesce .Values.master.service.nodePort .Values.service.nodePort -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "postgresql.fullname" . }} + labels: + {{- include "common.labels.standard" . | nindent 4 }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if $serviceAnnotations }} + {{- include "postgresql.tplValue" (dict "value" $serviceAnnotations "context" $) | nindent 4 }} + {{- end }} +spec: + type: {{ $serviceType }} + {{- if and $serviceLoadBalancerIP (eq $serviceType "LoadBalancer") }} + loadBalancerIP: {{ $serviceLoadBalancerIP }} + {{- end }} + {{- if and (eq $serviceType "LoadBalancer") $serviceLoadBalancerSourceRanges }} + loadBalancerSourceRanges: {{- include "postgresql.tplValue" (dict "value" $serviceLoadBalancerSourceRanges "context" $) | nindent 4 }} + {{- end }} + {{- if and (eq $serviceType "ClusterIP") $serviceClusterIP }} + clusterIP: {{ $serviceClusterIP }} + {{- end }} + ports: + - name: tcp-postgresql + port: {{ template "postgresql.port" . }} + targetPort: tcp-postgresql + {{- if $serviceNodePort }} + nodePort: {{ $serviceNodePort }} + {{- end }} + selector: + {{- include "common.labels.matchLabels" . | nindent 4 }} + role: master diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/values-production.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/values-production.yaml new file mode 100644 index 000000000..c08014549 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/values-production.yaml @@ -0,0 +1,594 @@ +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry and imagePullSecrets +## +global: + postgresql: {} +# imageRegistry: myRegistryName +# imagePullSecrets: +# - myRegistryKeySecretName +# storageClass: myStorageClass + +## Bitnami PostgreSQL image version +## ref: https://hub.docker.com/r/bitnami/postgresql/tags/ +## +image: + registry: docker.io + repository: bitnami/postgresql + tag: 11.9.0-debian-10-r1 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + + ## Set to true if you would like to see extra information on logs + ## It turns BASH and NAMI debugging in minideb + ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging + debug: false + +## String to partially override postgresql.fullname template (will maintain the release name) +## +# nameOverride: + +## String to fully override postgresql.fullname template +## +# fullnameOverride: + +## +## Init containers parameters: +## volumePermissions: Change the owner of the persist volume mountpoint to RunAsUser:fsGroup +## +volumePermissions: + enabled: false + image: + registry: docker.io + repository: bitnami/minideb + tag: buster + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: Always + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + ## Init container Security Context + ## Note: the chown of the data folder is done to securityContext.runAsUser + ## and not the below volumePermissions.securityContext.runAsUser + ## When runAsUser is set to special value "auto", init container will try to chwon the + ## data folder to autodetermined user&group, using commands: `id -u`:`id -G | cut -d" " -f2` + ## "auto" is especially useful for OpenShift which has scc with dynamic userids (and 0 is not allowed). + ## You may want to use this volumePermissions.securityContext.runAsUser="auto" in combination with + ## pod securityContext.enabled=false and shmVolume.chmod.enabled=false + ## + securityContext: + runAsUser: 0 + +## Use an alternate scheduler, e.g. "stork". +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +# schedulerName: + +## Pod Security Context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +## +securityContext: + enabled: true + fsGroup: 1001 + runAsUser: 1001 + +## Pod Service Account +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ +serviceAccount: + enabled: false + ## Name of an already existing service account. Setting this value disables the automatic service account creation. + # name: + +## Pod Security Policy +## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ +psp: + create: false + +## Creates role for ServiceAccount +## Required for PSP +rbac: + create: false + +replication: + enabled: true + user: repl_user + password: repl_password + slaveReplicas: 2 + ## Set synchronous commit mode: on, off, remote_apply, remote_write and local + ## ref: https://www.postgresql.org/docs/9.6/runtime-config-wal.html#GUC-WAL-LEVEL + synchronousCommit: 'on' + ## From the number of `slaveReplicas` defined above, set the number of those that will have synchronous replication + ## NOTE: It cannot be > slaveReplicas + numSynchronousReplicas: 1 + ## Replication Cluster application name. Useful for defining multiple replication policies + applicationName: my_application + +## PostgreSQL admin password (used when `postgresqlUsername` is not `postgres`) +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-user-on-first-run (see note!) +# postgresqlPostgresPassword: + +## PostgreSQL user (has superuser privileges if username is `postgres`) +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run +postgresqlUsername: postgres + +## PostgreSQL password +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run +## +# postgresqlPassword: + +## PostgreSQL password using existing secret +## existingSecret: secret + +## Mount PostgreSQL secret as a file instead of passing environment variable +# usePasswordFile: false + +## Create a database +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-on-first-run +## +# postgresqlDatabase: + +## PostgreSQL data dir +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md +## +postgresqlDataDir: /bitnami/postgresql/data + +## An array to add extra environment variables +## For example: +## extraEnv: +## - name: FOO +## value: "bar" +## +# extraEnv: +extraEnv: [] + +## Name of a ConfigMap containing extra env vars +## +# extraEnvVarsCM: + +## Specify extra initdb args +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md +## +# postgresqlInitdbArgs: + +## Specify a custom location for the PostgreSQL transaction log +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md +## +# postgresqlInitdbWalDir: + +## PostgreSQL configuration +## Specify runtime configuration parameters as a dict, using camelCase, e.g. +## {"sharedBuffers": "500MB"} +## Alternatively, you can put your postgresql.conf under the files/ directory +## ref: https://www.postgresql.org/docs/current/static/runtime-config.html +## +# postgresqlConfiguration: + +## PostgreSQL extended configuration +## As above, but _appended_ to the main configuration +## Alternatively, you can put your *.conf under the files/conf.d/ directory +## https://github.com/bitnami/bitnami-docker-postgresql#allow-settings-to-be-loaded-from-files-other-than-the-default-postgresqlconf +## +# postgresqlExtendedConf: + +## PostgreSQL client authentication configuration +## Specify content for pg_hba.conf +## Default: do not create pg_hba.conf +## Alternatively, you can put your pg_hba.conf under the files/ directory +# pgHbaConfiguration: |- +# local all all trust +# host all all localhost trust +# host mydatabase mysuser 192.168.0.0/24 md5 + +## ConfigMap with PostgreSQL configuration +## NOTE: This will override postgresqlConfiguration and pgHbaConfiguration +# configurationConfigMap: + +## ConfigMap with PostgreSQL extended configuration +# extendedConfConfigMap: + +## initdb scripts +## Specify dictionary of scripts to be run at first boot +## Alternatively, you can put your scripts under the files/docker-entrypoint-initdb.d directory +## +# initdbScripts: +# my_init_script.sh: | +# #!/bin/sh +# echo "Do something." + +## Specify the PostgreSQL username and password to execute the initdb scripts +# initdbUser: +# initdbPassword: + +## ConfigMap with scripts to be run at first boot +## NOTE: This will override initdbScripts +# initdbScriptsConfigMap: + +## Secret with scripts to be run at first boot (in case it contains sensitive information) +## NOTE: This can work along initdbScripts or initdbScriptsConfigMap +# initdbScriptsSecret: + +## Optional duration in seconds the pod needs to terminate gracefully. +## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods +## +# terminationGracePeriodSeconds: 30 + +## LDAP configuration +## +ldap: + enabled: false + url: '' + server: '' + port: '' + prefix: '' + suffix: '' + baseDN: '' + bindDN: '' + bind_password: + search_attr: '' + search_filter: '' + scheme: '' + tls: false + +## PostgreSQL service configuration +service: + ## PosgresSQL service type + type: ClusterIP + # clusterIP: None + port: 5432 + + ## Specify the nodePort value for the LoadBalancer and NodePort service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + # nodePort: + + ## Provide any additional annotations which may be required. Evaluated as a template. + ## + annotations: {} + ## Set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + # loadBalancerIP: + ## Load Balancer sources. Evaluated as a template. + ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## + # loadBalancerSourceRanges: + # - 10.10.10.0/24 + +## Start master and slave(s) pod(s) without limitations on shm memory. +## By default docker and containerd (and possibly other container runtimes) +## limit `/dev/shm` to `64M` (see e.g. the +## [docker issue](https://github.com/docker-library/postgres/issues/416) and the +## [containerd issue](https://github.com/containerd/containerd/issues/3654), +## which could be not enough if PostgreSQL uses parallel workers heavily. +## +shmVolume: + ## Set `shmVolume.enabled` to `true` to mount a new tmpfs volume to remove + ## this limitation. + ## + enabled: true + ## Set to `true` to `chmod 777 /dev/shm` on a initContainer. + ## This option is ingored if `volumePermissions.enabled` is `false` + ## + chmod: + enabled: true + +## PostgreSQL data Persistent Volume Storage Class +## If defined, storageClassName: +## If set to "-", storageClassName: "", which disables dynamic provisioning +## If undefined (the default) or set to null, no storageClassName spec is +## set, choosing the default provisioner. (gp2 on AWS, standard on +## GKE, AWS & OpenStack) +## +persistence: + enabled: true + ## A manually managed Persistent Volume and Claim + ## If defined, PVC must be created manually before volume will be bound + ## The value is evaluated as a template, so, for example, the name can depend on .Release or .Chart + ## + # existingClaim: + + ## The path the volume will be mounted at, useful when using different + ## PostgreSQL images. + ## + mountPath: /bitnami/postgresql + + ## The subdirectory of the volume to mount to, useful in dev environments + ## and one PV for multiple services. + ## + subPath: '' + + # storageClass: "-" + accessModes: + - ReadWriteOnce + size: 8Gi + annotations: {} + +## updateStrategy for PostgreSQL StatefulSet and its slaves StatefulSets +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies +updateStrategy: + type: RollingUpdate + +## +## PostgreSQL Master parameters +## +master: + ## Node, affinity, tolerations, and priorityclass settings for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature + ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption + nodeSelector: {} + affinity: {} + tolerations: [] + labels: {} + annotations: {} + podLabels: {} + podAnnotations: {} + priorityClassName: '' + ## Additional PostgreSQL Master Volume mounts + ## + extraVolumeMounts: [] + ## Additional PostgreSQL Master Volumes + ## + extraVolumes: [] + ## Add sidecars to the pod + ## + ## For example: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + sidecars: [] + + ## Override the service configuration for master + ## + service: {} + # type: + # nodePort: + # clusterIP: + +## +## PostgreSQL Slave parameters +## +slave: + ## Node, affinity, tolerations, and priorityclass settings for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature + ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption + nodeSelector: {} + affinity: {} + tolerations: [] + labels: {} + annotations: {} + podLabels: {} + podAnnotations: {} + priorityClassName: '' + ## Extra init containers + ## Example + ## + ## extraInitContainers: + ## - name: do-something + ## image: busybox + ## command: ['do', 'something'] + extraInitContainers: [] + ## Additional PostgreSQL Slave Volume mounts + ## + extraVolumeMounts: [] + ## Additional PostgreSQL Slave Volumes + ## + extraVolumes: [] + ## Add sidecars to the pod + ## + ## For example: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + sidecars: [] + + ## Override the service configuration for slave + ## + service: {} + # type: + # nodePort: + # clusterIP: + ## Whether to enable PostgreSQL slave replicas data Persistent + ## + persistence: + enabled: true + +## Configure resource requests and limits +## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +## +resources: + requests: + memory: 256Mi + cpu: 250m + +## Add annotations to all the deployed resources +## +commonAnnotations: {} + +networkPolicy: + ## Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now. + ## + enabled: false + + ## The Policy model to apply. When set to false, only pods with the correct + ## client label will have network access to the port PostgreSQL is listening + ## on. When true, PostgreSQL will accept connections from any source + ## (with the correct destination port). + ## + allowExternal: true + + ## if explicitNamespacesSelector is missing or set to {}, only client Pods that are in the networkPolicy's namespace + ## and that match other criteria, the ones that have the good label, can reach the DB. + ## But sometimes, we want the DB to be accessible to clients from other namespaces, in this case, we can use this + ## LabelSelector to select these namespaces, note that the networkPolicy's namespace should also be explicitly added. + ## + ## Example: + ## explicitNamespacesSelector: + ## matchLabels: + ## role: frontend + ## matchExpressions: + ## - {key: role, operator: In, values: [frontend]} + explicitNamespacesSelector: {} + +## Configure extra options for liveness and readiness probes +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) +livenessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + +readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + +## +## TLS configuration +## +tls: + # Enable TLS traffic + enabled: false + # + # Whether to use the server's TLS cipher preferences rather than the client's. + preferServerCiphers: true + # + # Name of the Secret that contains the certificates + certificatesSecret: '' + # + # Certificate filename + certFilename: '' + # + # Certificate Key filename + certKeyFilename: '' + # + # CA Certificate filename + # If provided, PostgreSQL will authenticate TLS/SSL clients by requesting them a certificate + # ref: https://www.postgresql.org/docs/9.6/auth-methods.html + certCAFilename: + # + # File containing a Certificate Revocation List + crlFilename: + +## Configure metrics exporter +## +metrics: + enabled: true + # resources: {} + service: + type: ClusterIP + annotations: + prometheus.io/scrape: 'true' + prometheus.io/port: '9187' + loadBalancerIP: + serviceMonitor: + enabled: false + additionalLabels: {} + # namespace: monitoring + # interval: 30s + # scrapeTimeout: 10s + ## Custom PrometheusRule to be defined + ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart + ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions + prometheusRule: + enabled: false + additionalLabels: {} + namespace: '' + ## These are just examples rules, please adapt them to your needs. + ## Make sure to constraint the rules to the current postgresql service. + ## rules: + ## - alert: HugeReplicationLag + ## expr: pg_replication_lag{service="{{ template "postgresql.fullname" . }}-metrics"} / 3600 > 1 + ## for: 1m + ## labels: + ## severity: critical + ## annotations: + ## description: replication for {{ template "postgresql.fullname" . }} PostgreSQL is lagging by {{ "{{ $value }}" }} hour(s). + ## summary: PostgreSQL replication is lagging by {{ "{{ $value }}" }} hour(s). + rules: [] + + image: + registry: docker.io + repository: bitnami/postgres-exporter + tag: 0.8.0-debian-10-r188 + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + ## Define additional custom metrics + ## ref: https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file + # customMetrics: + # pg_database: + # query: "SELECT d.datname AS name, CASE WHEN pg_catalog.has_database_privilege(d.datname, 'CONNECT') THEN pg_catalog.pg_database_size(d.datname) ELSE 0 END AS size FROM pg_catalog.pg_database d where datname not in ('template0', 'template1', 'postgres')" + # metrics: + # - name: + # usage: "LABEL" + # description: "Name of the database" + # - size_bytes: + # usage: "GAUGE" + # description: "Size of the database in bytes" + ## An array to add extra env vars to configure postgres-exporter + ## see: https://github.com/wrouesnel/postgres_exporter#environment-variables + ## For example: + # extraEnvVars: + # - name: PG_EXPORTER_DISABLE_DEFAULT_METRICS + # value: "true" + extraEnvVars: {} + + ## Pod Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + ## + securityContext: + enabled: false + runAsUser: 1001 + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) + ## Configure extra options for liveness and readiness probes + livenessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + + readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/values.schema.json b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/values.schema.json new file mode 100644 index 000000000..7b5e2efc3 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/values.schema.json @@ -0,0 +1,103 @@ +{ + "$schema": "http://json-schema.org/schema#", + "type": "object", + "properties": { + "postgresqlUsername": { + "type": "string", + "title": "Admin user", + "form": true + }, + "postgresqlPassword": { + "type": "string", + "title": "Password", + "form": true + }, + "persistence": { + "type": "object", + "properties": { + "size": { + "type": "string", + "title": "Persistent Volume Size", + "form": true, + "render": "slider", + "sliderMin": 1, + "sliderMax": 100, + "sliderUnit": "Gi" + } + } + }, + "resources": { + "type": "object", + "title": "Required Resources", + "description": "Configure resource requests", + "form": true, + "properties": { + "requests": { + "type": "object", + "properties": { + "memory": { + "type": "string", + "form": true, + "render": "slider", + "title": "Memory Request", + "sliderMin": 10, + "sliderMax": 2048, + "sliderUnit": "Mi" + }, + "cpu": { + "type": "string", + "form": true, + "render": "slider", + "title": "CPU Request", + "sliderMin": 10, + "sliderMax": 2000, + "sliderUnit": "m" + } + } + } + } + }, + "replication": { + "type": "object", + "form": true, + "title": "Replication Details", + "properties": { + "enabled": { + "type": "boolean", + "title": "Enable Replication", + "form": true + }, + "slaveReplicas": { + "type": "integer", + "title": "Slave Replicas", + "form": true, + "hidden": { + "value": false, + "path": "replication/enabled" + } + } + } + }, + "volumePermissions": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "form": true, + "title": "Enable Init Containers", + "description": "Change the owner of the persist volume mountpoint to RunAsUser:fsGroup" + } + } + }, + "metrics": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "title": "Configure metrics exporter", + "form": true + } + } + } + } +} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/values.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/values.yaml new file mode 100644 index 000000000..f45c4183d --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/charts/postgresql/values.yaml @@ -0,0 +1,600 @@ +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry and imagePullSecrets +## +global: + postgresql: {} +# imageRegistry: myRegistryName +# imagePullSecrets: +# - myRegistryKeySecretName +# storageClass: myStorageClass + +## Bitnami PostgreSQL image version +## ref: https://hub.docker.com/r/bitnami/postgresql/tags/ +## +image: + registry: docker.io + repository: bitnami/postgresql + tag: 11.9.0-debian-10-r1 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + + ## Set to true if you would like to see extra information on logs + ## It turns BASH and NAMI debugging in minideb + ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging + debug: false + +## String to partially override postgresql.fullname template (will maintain the release name) +## +# nameOverride: + +## String to fully override postgresql.fullname template +## +# fullnameOverride: + +## +## Init containers parameters: +## volumePermissions: Change the owner of the persist volume mountpoint to RunAsUser:fsGroup +## +volumePermissions: + enabled: false + image: + registry: docker.io + repository: bitnami/minideb + tag: buster + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: Always + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + ## Init container Security Context + ## Note: the chown of the data folder is done to securityContext.runAsUser + ## and not the below volumePermissions.securityContext.runAsUser + ## When runAsUser is set to special value "auto", init container will try to chwon the + ## data folder to autodetermined user&group, using commands: `id -u`:`id -G | cut -d" " -f2` + ## "auto" is especially useful for OpenShift which has scc with dynamic userids (and 0 is not allowed). + ## You may want to use this volumePermissions.securityContext.runAsUser="auto" in combination with + ## pod securityContext.enabled=false and shmVolume.chmod.enabled=false + ## + securityContext: + runAsUser: 0 + +## Use an alternate scheduler, e.g. "stork". +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +# schedulerName: + +## Pod Security Context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +## +securityContext: + enabled: true + fsGroup: 1001 + runAsUser: 1001 + +## Pod Service Account +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ +serviceAccount: + enabled: false + ## Name of an already existing service account. Setting this value disables the automatic service account creation. + # name: + +## Pod Security Policy +## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ +psp: + create: false + +## Creates role for ServiceAccount +## Required for PSP +rbac: + create: false + +replication: + enabled: false + user: repl_user + password: repl_password + slaveReplicas: 1 + ## Set synchronous commit mode: on, off, remote_apply, remote_write and local + ## ref: https://www.postgresql.org/docs/9.6/runtime-config-wal.html#GUC-WAL-LEVEL + synchronousCommit: 'off' + ## From the number of `slaveReplicas` defined above, set the number of those that will have synchronous replication + ## NOTE: It cannot be > slaveReplicas + numSynchronousReplicas: 0 + ## Replication Cluster application name. Useful for defining multiple replication policies + applicationName: my_application + +## PostgreSQL admin password (used when `postgresqlUsername` is not `postgres`) +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-user-on-first-run (see note!) +# postgresqlPostgresPassword: + +## PostgreSQL user (has superuser privileges if username is `postgres`) +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run +postgresqlUsername: postgres + +## PostgreSQL password +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run +## +# postgresqlPassword: + +## PostgreSQL password using existing secret +## existingSecret: secret + +## Mount PostgreSQL secret as a file instead of passing environment variable +# usePasswordFile: false + +## Create a database +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-on-first-run +## +# postgresqlDatabase: + +## PostgreSQL data dir +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md +## +postgresqlDataDir: /bitnami/postgresql/data + +## An array to add extra environment variables +## For example: +## extraEnv: +## - name: FOO +## value: "bar" +## +# extraEnv: +extraEnv: [] + +## Name of a ConfigMap containing extra env vars +## +# extraEnvVarsCM: + +## Specify extra initdb args +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md +## +# postgresqlInitdbArgs: + +## Specify a custom location for the PostgreSQL transaction log +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md +## +# postgresqlInitdbWalDir: + +## PostgreSQL configuration +## Specify runtime configuration parameters as a dict, using camelCase, e.g. +## {"sharedBuffers": "500MB"} +## Alternatively, you can put your postgresql.conf under the files/ directory +## ref: https://www.postgresql.org/docs/current/static/runtime-config.html +## +# postgresqlConfiguration: + +## PostgreSQL extended configuration +## As above, but _appended_ to the main configuration +## Alternatively, you can put your *.conf under the files/conf.d/ directory +## https://github.com/bitnami/bitnami-docker-postgresql#allow-settings-to-be-loaded-from-files-other-than-the-default-postgresqlconf +## +# postgresqlExtendedConf: + +## PostgreSQL client authentication configuration +## Specify content for pg_hba.conf +## Default: do not create pg_hba.conf +## Alternatively, you can put your pg_hba.conf under the files/ directory +# pgHbaConfiguration: |- +# local all all trust +# host all all localhost trust +# host mydatabase mysuser 192.168.0.0/24 md5 + +## ConfigMap with PostgreSQL configuration +## NOTE: This will override postgresqlConfiguration and pgHbaConfiguration +# configurationConfigMap: + +## ConfigMap with PostgreSQL extended configuration +# extendedConfConfigMap: + +## initdb scripts +## Specify dictionary of scripts to be run at first boot +## Alternatively, you can put your scripts under the files/docker-entrypoint-initdb.d directory +## +# initdbScripts: +# my_init_script.sh: | +# #!/bin/sh +# echo "Do something." + +## ConfigMap with scripts to be run at first boot +## NOTE: This will override initdbScripts +# initdbScriptsConfigMap: + +## Secret with scripts to be run at first boot (in case it contains sensitive information) +## NOTE: This can work along initdbScripts or initdbScriptsConfigMap +# initdbScriptsSecret: + +## Specify the PostgreSQL username and password to execute the initdb scripts +# initdbUser: +# initdbPassword: + +## Optional duration in seconds the pod needs to terminate gracefully. +## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods +## +# terminationGracePeriodSeconds: 30 + +## LDAP configuration +## +ldap: + enabled: false + url: '' + server: '' + port: '' + prefix: '' + suffix: '' + baseDN: '' + bindDN: '' + bind_password: + search_attr: '' + search_filter: '' + scheme: '' + tls: false + +## PostgreSQL service configuration +service: + ## PosgresSQL service type + type: ClusterIP + # clusterIP: None + port: 5432 + + ## Specify the nodePort value for the LoadBalancer and NodePort service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + # nodePort: + + ## Provide any additional annotations which may be required. Evaluated as a template. + ## + annotations: {} + ## Set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + # loadBalancerIP: + ## Load Balancer sources. Evaluated as a template. + ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## + # loadBalancerSourceRanges: + # - 10.10.10.0/24 + +## Start master and slave(s) pod(s) without limitations on shm memory. +## By default docker and containerd (and possibly other container runtimes) +## limit `/dev/shm` to `64M` (see e.g. the +## [docker issue](https://github.com/docker-library/postgres/issues/416) and the +## [containerd issue](https://github.com/containerd/containerd/issues/3654), +## which could be not enough if PostgreSQL uses parallel workers heavily. +## +shmVolume: + ## Set `shmVolume.enabled` to `true` to mount a new tmpfs volume to remove + ## this limitation. + ## + enabled: true + ## Set to `true` to `chmod 777 /dev/shm` on a initContainer. + ## This option is ingored if `volumePermissions.enabled` is `false` + ## + chmod: + enabled: true + +## PostgreSQL data Persistent Volume Storage Class +## If defined, storageClassName: +## If set to "-", storageClassName: "", which disables dynamic provisioning +## If undefined (the default) or set to null, no storageClassName spec is +## set, choosing the default provisioner. (gp2 on AWS, standard on +## GKE, AWS & OpenStack) +## +persistence: + enabled: true + ## A manually managed Persistent Volume and Claim + ## If defined, PVC must be created manually before volume will be bound + ## The value is evaluated as a template, so, for example, the name can depend on .Release or .Chart + ## + # existingClaim: + + ## The path the volume will be mounted at, useful when using different + ## PostgreSQL images. + ## + mountPath: /bitnami/postgresql + + ## The subdirectory of the volume to mount to, useful in dev environments + ## and one PV for multiple services. + ## + subPath: '' + + # storageClass: "-" + accessModes: + - ReadWriteOnce + size: 8Gi + annotations: {} + +## updateStrategy for PostgreSQL StatefulSet and its slaves StatefulSets +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies +updateStrategy: + type: RollingUpdate + +## +## PostgreSQL Master parameters +## +master: + ## Node, affinity, tolerations, and priorityclass settings for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature + ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption + nodeSelector: {} + affinity: {} + tolerations: [] + labels: {} + annotations: {} + podLabels: {} + podAnnotations: {} + priorityClassName: '' + ## Extra init containers + ## Example + ## + ## extraInitContainers: + ## - name: do-something + ## image: busybox + ## command: ['do', 'something'] + extraInitContainers: [] + + ## Additional PostgreSQL Master Volume mounts + ## + extraVolumeMounts: [] + ## Additional PostgreSQL Master Volumes + ## + extraVolumes: [] + ## Add sidecars to the pod + ## + ## For example: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + sidecars: [] + + ## Override the service configuration for master + ## + service: {} + # type: + # nodePort: + # clusterIP: + +## +## PostgreSQL Slave parameters +## +slave: + ## Node, affinity, tolerations, and priorityclass settings for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature + ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption + nodeSelector: {} + affinity: {} + tolerations: [] + labels: {} + annotations: {} + podLabels: {} + podAnnotations: {} + priorityClassName: '' + extraInitContainers: | + # - name: do-something + # image: busybox + # command: ['do', 'something'] + ## Additional PostgreSQL Slave Volume mounts + ## + extraVolumeMounts: [] + ## Additional PostgreSQL Slave Volumes + ## + extraVolumes: [] + ## Add sidecars to the pod + ## + ## For example: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + sidecars: [] + + ## Override the service configuration for slave + ## + service: {} + # type: + # nodePort: + # clusterIP: + ## Whether to enable PostgreSQL slave replicas data Persistent + ## + persistence: + enabled: true + +## Configure resource requests and limits +## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +## +resources: + requests: + memory: 256Mi + cpu: 250m + +## Add annotations to all the deployed resources +## +commonAnnotations: {} + +networkPolicy: + ## Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now. + ## + enabled: false + + ## The Policy model to apply. When set to false, only pods with the correct + ## client label will have network access to the port PostgreSQL is listening + ## on. When true, PostgreSQL will accept connections from any source + ## (with the correct destination port). + ## + allowExternal: true + + ## if explicitNamespacesSelector is missing or set to {}, only client Pods that are in the networkPolicy's namespace + ## and that match other criteria, the ones that have the good label, can reach the DB. + ## But sometimes, we want the DB to be accessible to clients from other namespaces, in this case, we can use this + ## LabelSelector to select these namespaces, note that the networkPolicy's namespace should also be explicitly added. + ## + ## Example: + ## explicitNamespacesSelector: + ## matchLabels: + ## role: frontend + ## matchExpressions: + ## - {key: role, operator: In, values: [frontend]} + explicitNamespacesSelector: {} + +## Configure extra options for liveness and readiness probes +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) +livenessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + +readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + +## +## TLS configuration +## +tls: + # Enable TLS traffic + enabled: false + # + # Whether to use the server's TLS cipher preferences rather than the client's. + preferServerCiphers: true + # + # Name of the Secret that contains the certificates + certificatesSecret: '' + # + # Certificate filename + certFilename: '' + # + # Certificate Key filename + certKeyFilename: '' + # + # CA Certificate filename + # If provided, PostgreSQL will authenticate TLS/SSL clients by requesting them a certificate + # ref: https://www.postgresql.org/docs/9.6/auth-methods.html + certCAFilename: + # + # File containing a Certificate Revocation List + crlFilename: + +## Configure metrics exporter +## +metrics: + enabled: false + # resources: {} + service: + type: ClusterIP + annotations: + prometheus.io/scrape: 'true' + prometheus.io/port: '9187' + loadBalancerIP: + serviceMonitor: + enabled: false + additionalLabels: {} + # namespace: monitoring + # interval: 30s + # scrapeTimeout: 10s + ## Custom PrometheusRule to be defined + ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart + ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions + prometheusRule: + enabled: false + additionalLabels: {} + namespace: '' + ## These are just examples rules, please adapt them to your needs. + ## Make sure to constraint the rules to the current postgresql service. + ## rules: + ## - alert: HugeReplicationLag + ## expr: pg_replication_lag{service="{{ template "postgresql.fullname" . }}-metrics"} / 3600 > 1 + ## for: 1m + ## labels: + ## severity: critical + ## annotations: + ## description: replication for {{ template "postgresql.fullname" . }} PostgreSQL is lagging by {{ "{{ $value }}" }} hour(s). + ## summary: PostgreSQL replication is lagging by {{ "{{ $value }}" }} hour(s). + rules: [] + + image: + registry: docker.io + repository: bitnami/postgres-exporter + tag: 0.8.0-debian-10-r188 + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + ## Define additional custom metrics + ## ref: https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file + # customMetrics: + # pg_database: + # query: "SELECT d.datname AS name, CASE WHEN pg_catalog.has_database_privilege(d.datname, 'CONNECT') THEN pg_catalog.pg_database_size(d.datname) ELSE 0 END AS size_bytes FROM pg_catalog.pg_database d where datname not in ('template0', 'template1', 'postgres')" + # metrics: + # - name: + # usage: "LABEL" + # description: "Name of the database" + # - size_bytes: + # usage: "GAUGE" + # description: "Size of the database in bytes" + # + ## An array to add extra env vars to configure postgres-exporter + ## see: https://github.com/wrouesnel/postgres_exporter#environment-variables + ## For example: + # extraEnvVars: + # - name: PG_EXPORTER_DISABLE_DEFAULT_METRICS + # value: "true" + extraEnvVars: {} + + ## Pod Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + ## + securityContext: + enabled: false + runAsUser: 1001 + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) + ## Configure extra options for liveness and readiness probes + livenessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + + readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/ci/access-tls-values.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/ci/access-tls-values.yaml new file mode 100644 index 000000000..4dabc956e --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/ci/access-tls-values.yaml @@ -0,0 +1,11 @@ +databaseUpgradeReady: true +# To Fix ct tool --reuse-values - PASSWORDS ERROR: you must provide your current passwords when upgrade the release +postgresql: + image: + tag: 12.3.0-debian-10-r71 + postgresqlPassword: password +access: + accessConfig: + security: + tls: true + resetAccessCAKeys: true diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/ci/default-values.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/ci/default-values.yaml new file mode 100644 index 000000000..a43d84d26 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/ci/default-values.yaml @@ -0,0 +1,6 @@ +# Leave this file empty to ensure that CI runs builds against the default configuration in values.yaml. +databaseUpgradeReady: true + +# To Fix ct tool --reuse-values - PASSWORDS ERROR: you must provide your current passwords when upgrade the release +postgresql: + postgresqlPassword: password diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/ci/derby-test-values.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/ci/derby-test-values.yaml new file mode 100644 index 000000000..cb86aaf54 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/ci/derby-test-values.yaml @@ -0,0 +1,4 @@ +databaseUpgradeReady: true + +postgresql: + enabled: false diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/ci/global-values.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/ci/global-values.yaml new file mode 100644 index 000000000..8c964a822 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/ci/global-values.yaml @@ -0,0 +1,47 @@ +databaseUpgradeReady: true +# To Fix ct tool --reuse-values - PASSWORDS ERROR: you must provide your current passwords when upgrade the release +postgresql: + postgresqlPassword: password +global: + versions: + artifactory: 7.11.2 + masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF + joinKey: EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE + customInitContainers: | + - name: "custom-setup" + image: "{{ .Values.initContainerImage }}" + imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" + command: + - 'sh' + - '-c' + - 'touch {{ .Values.artifactory.persistence.mountPath }}/example-custom-setup' + volumeMounts: + - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" + name: artifactory-volume + # Add custom volumes + customVolumes: | + - name: custom-script + emptyDir: + sizeLimit: 100Mi + # Add custom volumesMounts + customVolumeMounts: | + - name: custom-script + mountPath: "/scripts" + # Add custom sidecar containers + customSidecarContainers: | + - name: "sidecar-list-etc" + image: "{{ .Values.initContainerImage }}" + imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" + securityContext: + allowPrivilegeEscalation: false + command: ["sh","-c","echo 'Sidecar is running' >> /scripts/sidecar.txt; cat /scripts/sidecar.txt; while true; do sleep 30; done"] + volumeMounts: + - mountPath: "/scripts" + name: custom-script + resources: + requests: + memory: "32Mi" + cpu: "50m" + limits: + memory: "128Mi" + cpu: "100m" diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/ci/migration-disabled-values.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/ci/migration-disabled-values.yaml new file mode 100644 index 000000000..f79cbc02f --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/ci/migration-disabled-values.yaml @@ -0,0 +1,7 @@ +databaseUpgradeReady: true +# To Fix ct tool --reuse-values - PASSWORDS ERROR: you must provide your current passwords when upgrade the release +postgresql: + postgresqlPassword: password +artifactory: + migration: + enabled: false diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/ci/test-values.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/ci/test-values.yaml new file mode 100644 index 000000000..8adcd943f --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/ci/test-values.yaml @@ -0,0 +1,13 @@ +databaseUpgradeReady: true +artifactory: + persistence: + enabled: true + +postgresql: + image: + tag: 9.6.18-debian-10-r7 + postgresqlPassword: password + postgresqlExtendedConf: + maxConnections: 102 + persistence: + enabled: true diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/files/migrate.sh b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/files/migrate.sh new file mode 100644 index 000000000..e35bfdbb2 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/files/migrate.sh @@ -0,0 +1,4339 @@ +#!/bin/bash + +# Flags +FLAG_Y="y" +FLAG_N="n" +FLAGS_Y_N="$FLAG_Y $FLAG_N" +FLAG_NOT_APPLICABLE="_NA_" + +CURRENT_VERSION=$1 + +WRAPPER_SCRIPT_TYPE_RPMDEB="RPMDEB" +WRAPPER_SCRIPT_TYPE_DOCKER_COMPOSE="DOCKERCOMPOSE" + +SENSITIVE_KEY_VALUE="__sensitive_key_hidden___" + +# Shared system keys +SYS_KEY_SHARED_JFROGURL="shared.jfrogUrl" +SYS_KEY_SHARED_SECURITY_JOINKEY="shared.security.joinKey" +SYS_KEY_SHARED_SECURITY_MASTERKEY="shared.security.masterKey" + +SYS_KEY_SHARED_NODE_ID="shared.node.id" +SYS_KEY_SHARED_JAVAHOME="shared.javaHome" + +SYS_KEY_SHARED_DATABASE_TYPE="shared.database.type" +SYS_KEY_SHARED_DATABASE_TYPE_VALUE_POSTGRES="postgresql" +SYS_KEY_SHARED_DATABASE_DRIVER="shared.database.driver" +SYS_KEY_SHARED_DATABASE_URL="shared.database.url" +SYS_KEY_SHARED_DATABASE_USERNAME="shared.database.username" +SYS_KEY_SHARED_DATABASE_PASSWORD="shared.database.password" + +SYS_KEY_SHARED_ELASTICSEARCH_URL="shared.elasticsearch.url" +SYS_KEY_SHARED_ELASTICSEARCH_USERNAME="shared.elasticsearch.username" +SYS_KEY_SHARED_ELASTICSEARCH_PASSWORD="shared.elasticsearch.password" +SYS_KEY_SHARED_ELASTICSEARCH_CLUSTERSETUP="shared.elasticsearch.clusterSetup" +SYS_KEY_SHARED_ELASTICSEARCH_UNICASTFILE="shared.elasticsearch.unicastFile" +SYS_KEY_SHARED_ELASTICSEARCH_CLUSTERSETUP_VALUE="YES" + +# Define this in product specific script. Should contain the path to unitcast file +# File used by insight server to write cluster active nodes info. This will be read by elasticsearch +#SYS_KEY_SHARED_ELASTICSEARCH_UNICASTFILE_VALUE="" + +SYS_KEY_RABBITMQ_ACTIVE_NODE_NAME="shared.rabbitMq.active.node.name" +SYS_KEY_RABBITMQ_ACTIVE_NODE_IP="shared.rabbitMq.active.node.ip" + +# Filenames +FILE_NAME_SYSTEM_YAML="system.yaml" +FILE_NAME_JOIN_KEY="join.key" +FILE_NAME_MASTER_KEY="master.key" +FILE_NAME_INSTALLER_YAML="installer.yaml" + +# Global constants used in business logic +NODE_TYPE_STANDALONE="standalone" +NODE_TYPE_CLUSTER_NODE="node" +NODE_TYPE_DATABASE="database" + +# External(isable) databases +DATABASE_POSTGRES="POSTGRES" +DATABASE_ELASTICSEARCH="ELASTICSEARCH" +DATABASE_RABBITMQ="RABBITMQ" + +POSTGRES_LABEL="PostgreSQL" +ELASTICSEARCH_LABEL="Elasticsearch" +RABBITMQ_LABEL="Rabbitmq" + +ARTIFACTORY_LABEL="Artifactory" +JFMC_LABEL="Mission Control" +DISTRIBUTION_LABEL="Distribution" +XRAY_LABEL="Xray" + +POSTGRES_CONTAINER="postgres" +ELASTICSEARCH_CONTAINER="elasticsearch" +RABBITMQ_CONTAINER="rabbitmq" +REDIS_CONTAINER="redis" + +#Adding a small timeout before a read ensures it is positioned correctly in the screen +read_timeout=0.5 + +# Options related to data directory location +PROMPT_DATA_DIR_LOCATION="Installation Directory" +KEY_DATA_DIR_LOCATION="installer.data_dir" + +SYS_KEY_SHARED_NODE_HAENABLED="shared.node.haEnabled" +PROMPT_ADD_TO_CLUSTER="Are you adding an additional node to an existing product cluster?" +KEY_ADD_TO_CLUSTER="installer.ha" +VALID_VALUES_ADD_TO_CLUSTER="$FLAGS_Y_N" + +MESSAGE_POSTGRES_INSTALL="The installer can install a $POSTGRES_LABEL database, or you can connect to an existing compatible $POSTGRES_LABEL database\n(compatible databases: https://www.jfrog.com/confluence/display/JFROG/System+Requirements#SystemRequirements-RequirementsMatrix)" +PROMPT_POSTGRES_INSTALL="Do you want to install $POSTGRES_LABEL?" +KEY_POSTGRES_INSTALL="installer.install_postgresql" +VALID_VALUES_POSTGRES_INSTALL="$FLAGS_Y_N" + +# Postgres connection details +RPM_DEB_POSTGRES_HOME_DEFAULT="/var/opt/jfrog/postgres" +RPM_DEB_MESSAGE_STANDALONE_POSTGRES_DATA="$POSTGRES_LABEL home will have data and its configuration" +RPM_DEB_PROMPT_STANDALONE_POSTGRES_DATA="Type desired $POSTGRES_LABEL home location" +RPM_DEB_KEY_STANDALONE_POSTGRES_DATA="installer.postgresql.home" + +MESSAGE_DATABASE_URL="Provide the database connection details" +PROMPT_DATABASE_URL(){ + local databaseURlExample= + case "$PRODUCT_NAME" in + $ARTIFACTORY_LABEL) + databaseURlExample="jdbc:postgresql://:/artifactory" + ;; + $JFMC_LABEL) + databaseURlExample="postgresql://:/mission_control?sslmode=disable" + ;; + $DISTRIBUTION_LABEL) + databaseURlExample="jdbc:postgresql://:/distribution?sslmode=disable" + ;; + $XRAY_LABEL) + databaseURlExample="postgres://:/xraydb?sslmode=disable" + ;; + esac + if [ -z "$databaseURlExample" ]; then + echo -n "$POSTGRES_LABEL URL" # For consistency with username and password + return + fi + echo -n "$POSTGRES_LABEL url. Example: [$databaseURlExample]" +} +REGEX_DATABASE_URL(){ + local databaseURlExample= + case "$PRODUCT_NAME" in + $ARTIFACTORY_LABEL) + databaseURlExample="jdbc:postgresql://.*/artifactory.*" + ;; + $JFMC_LABEL) + databaseURlExample="postgresql://.*/mission_control.*" + ;; + $DISTRIBUTION_LABEL) + databaseURlExample="jdbc:postgresql://.*/distribution.*" + ;; + $XRAY_LABEL) + databaseURlExample="postgres://.*/xraydb.*" + ;; + esac + echo -n "^$databaseURlExample\$" +} +ERROR_MESSAGE_DATABASE_URL="Invalid $POSTGRES_LABEL URL" +KEY_DATABASE_URL="$SYS_KEY_SHARED_DATABASE_URL" +#NOTE: It is important to display the label. Since the message may be hidden if URL is known +PROMPT_DATABASE_USERNAME="$POSTGRES_LABEL username" +KEY_DATABASE_USERNAME="$SYS_KEY_SHARED_DATABASE_USERNAME" +#NOTE: It is important to display the label. Since the message may be hidden if URL is known +PROMPT_DATABASE_PASSWORD="$POSTGRES_LABEL password" +KEY_DATABASE_PASSWORD="$SYS_KEY_SHARED_DATABASE_PASSWORD" +IS_SENSITIVE_DATABASE_PASSWORD="$FLAG_Y" + +MESSAGE_STANDALONE_ELASTICSEARCH_INSTALL="The installer can install a $ELASTICSEARCH_LABEL database or you can connect to an existing compatible $ELASTICSEARCH_LABEL database" +PROMPT_STANDALONE_ELASTICSEARCH_INSTALL="Do you want to install $ELASTICSEARCH_LABEL?" +KEY_STANDALONE_ELASTICSEARCH_INSTALL="installer.install_elasticsearch" +VALID_VALUES_STANDALONE_ELASTICSEARCH_INSTALL="$FLAGS_Y_N" + +# Elasticsearch connection details +MESSAGE_ELASTICSEARCH_DETAILS="Provide the $ELASTICSEARCH_LABEL connection details" +PROMPT_ELASTICSEARCH_URL="$ELASTICSEARCH_LABEL URL" +KEY_ELASTICSEARCH_URL="$SYS_KEY_SHARED_ELASTICSEARCH_URL" + +PROMPT_ELASTICSEARCH_USERNAME="$ELASTICSEARCH_LABEL username" +KEY_ELASTICSEARCH_USERNAME="$SYS_KEY_SHARED_ELASTICSEARCH_USERNAME" + +PROMPT_ELASTICSEARCH_PASSWORD="$ELASTICSEARCH_LABEL password" +KEY_ELASTICSEARCH_PASSWORD="$SYS_KEY_SHARED_ELASTICSEARCH_PASSWORD" +IS_SENSITIVE_ELASTICSEARCH_PASSWORD="$FLAG_Y" + +# Cluster related questions +MESSAGE_CLUSTER_MASTER_KEY="Provide the cluster's master key. It can be found in the data directory of the first node under /etc/security/master.key" +PROMPT_CLUSTER_MASTER_KEY="Master Key" +KEY_CLUSTER_MASTER_KEY="$SYS_KEY_SHARED_SECURITY_MASTERKEY" +IS_SENSITIVE_CLUSTER_MASTER_KEY="$FLAG_Y" + +MESSAGE_JOIN_KEY="The Join key is the secret key used to establish trust between services in the JFrog Platform.\n(You can copy the Join Key from Admin > Security > Settings)" +PROMPT_JOIN_KEY="Join Key" +KEY_JOIN_KEY="$SYS_KEY_SHARED_SECURITY_JOINKEY" +IS_SENSITIVE_JOIN_KEY="$FLAG_Y" +REGEX_JOIN_KEY="^[a-zA-Z0-9]{16,}\$" +ERROR_MESSAGE_JOIN_KEY="Invalid Join Key" + +# Rabbitmq related cluster information +MESSAGE_RABBITMQ_ACTIVE_NODE_NAME="Provide an active ${RABBITMQ_LABEL} node name. Run the command [ hostname -s ] on any of the existing nodes in the product cluster to get this" +PROMPT_RABBITMQ_ACTIVE_NODE_NAME="${RABBITMQ_LABEL} active node name" +KEY_RABBITMQ_ACTIVE_NODE_NAME="$SYS_KEY_RABBITMQ_ACTIVE_NODE_NAME" + +# Rabbitmq related cluster information (necessary only for docker-compose) +PROMPT_RABBITMQ_ACTIVE_NODE_IP="${RABBITMQ_LABEL} active node ip" +KEY_RABBITMQ_ACTIVE_NODE_IP="$SYS_KEY_RABBITMQ_ACTIVE_NODE_IP" + +MESSAGE_JFROGURL(){ + echo -e "The JFrog URL allows ${PRODUCT_NAME} to connect to a JFrog Platform Instance.\n(You can copy the JFrog URL from Admin > Security > Settings)" +} +PROMPT_JFROGURL="JFrog URL" +KEY_JFROGURL="$SYS_KEY_SHARED_JFROGURL" +REGEX_JFROGURL="^https?://.*:{0,}[0-9]{0,4}\$" +ERROR_MESSAGE_JFROGURL="Invalid JFrog URL" + + +# Set this to FLAG_Y on upgrade +IS_UPGRADE="${FLAG_N}" + +# This belongs in JFMC but is the ONLY one that needs it so keeping it here for now. Can be made into a method and overridden if necessary +MESSAGE_MULTIPLE_PG_SCHEME="Please setup $POSTGRES_LABEL with schema as described in https://www.jfrog.com/confluence/display/JFROG/Installing+Mission+Control" + +_getMethodOutputOrVariableValue() { + unset EFFECTIVE_MESSAGE + local keyToSearch=$1 + local effectiveMessage= + local result="0" + # logSilly "Searching for method: [$keyToSearch]" + LC_ALL=C type "$keyToSearch" > /dev/null 2>&1 || result="$?" + if [[ "$result" == "0" ]]; then + # logSilly "Found method for [$keyToSearch]" + EFFECTIVE_MESSAGE="$($keyToSearch)" + return + fi + eval EFFECTIVE_MESSAGE=\${$keyToSearch} + if [ ! -z "$EFFECTIVE_MESSAGE" ]; then + return + fi + # logSilly "Didn't find method or variable for [$keyToSearch]" +} + + +# REF https://misc.flogisoft.com/bash/tip_colors_and_formatting +cClear="\e[0m" +cBlue="\e[38;5;69m" +cRedDull="\e[1;31m" +cYellow="\e[1;33m" +cRedBright="\e[38;5;197m" +cBold="\e[1m" + + +_loggerGetModeRaw() { + local MODE="$1" + case $MODE in + INFO) + printf "" + ;; + DEBUG) + printf "%s" "[${MODE}] " + ;; + WARN) + printf "${cRedDull}%s%s${cClear}" "[" "${MODE}" "] " + ;; + ERROR) + printf "${cRedBright}%s%s${cClear}" "[" "${MODE}" "] " + ;; + esac +} + + +_loggerGetMode() { + local MODE="$1" + case $MODE in + INFO) + printf "${cBlue}%s%-5s%s${cClear}" "[" "${MODE}" "]" + ;; + DEBUG) + printf "%-7s" "[${MODE}]" + ;; + WARN) + printf "${cRedDull}%s%-5s%s${cClear}" "[" "${MODE}" "]" + ;; + ERROR) + printf "${cRedBright}%s%-5s%s${cClear}" "[" "${MODE}" "]" + ;; + esac +} + +# Capitalises the first letter of the message +_loggerGetMessage() { + local originalMessage="$*" + local firstChar=$(echo "${originalMessage:0:1}" | awk '{ print toupper($0) }') + local resetOfMessage="${originalMessage:1}" + echo "$firstChar$resetOfMessage" +} + +# The spec also says content should be left-trimmed but this is not necessary in our case. We don't reach the limit. +_loggerGetStackTrace() { + printf "%s%-30s%s" "[" "$1:$2" "]" +} + +_loggerGetThread() { + printf "%s" "[main]" +} + +_loggerGetServiceType() { + printf "%s%-5s%s" "[" "shell" "]" +} + +#Trace ID is not applicable to scripts +_loggerGetTraceID() { + printf "%s" "[]" +} + +logRaw() { + echo "" + printf "$1" + echo "" +} + +logBold(){ + echo "" + printf "${cBold}$1${cClear}" + echo "" +} + +# The date binary works differently based on whether it is GNU/BSD +is_date_supported=0 +date --version > /dev/null 2>&1 || is_date_supported=1 +IS_GNU=$(echo $is_date_supported) + +_loggerGetTimestamp() { + if [ "${IS_GNU}" == "0" ]; then + echo -n $(date -u +%FT%T.%3NZ) + else + echo -n $(date -u +%FT%T.000Z) + fi +} + +# https://www.shellscript.sh/tips/spinner/ +_spin() +{ + spinner="/|\\-/|\\-" + while : + do + for i in `seq 0 7` + do + echo -n "${spinner:$i:1}" + echo -en "\010" + sleep 1 + done + done +} + +showSpinner() { + # Start the Spinner: + _spin & + # Make a note of its Process ID (PID): + SPIN_PID=$! + # Kill the spinner on any signal, including our own exit. + trap "kill -9 $SPIN_PID" `seq 0 15` &> /dev/null || return 0 +} + +stopSpinner() { + local occurrences=$(ps -ef | grep -wc "${SPIN_PID}") + let "occurrences+=0" + # validate that it is present (2 since this search itself will show up in the results) + if [ $occurrences -gt 1 ]; then + kill -9 $SPIN_PID &>/dev/null || return 0 + wait $SPIN_ID &>/dev/null + fi +} + +_getEffectiveMessage(){ + local MESSAGE="$1" + local MODE=${2-"INFO"} + + if [ -z "$CONTEXT" ]; then + CONTEXT=$(caller) + fi + + _EFFECTIVE_MESSAGE= + if [ -z "$LOG_BEHAVIOR_ADD_META" ]; then + _EFFECTIVE_MESSAGE="$(_loggerGetModeRaw $MODE)$(_loggerGetMessage $MESSAGE)" + else + local SERVICE_TYPE="script" + local TRACE_ID="" + local THREAD="main" + + local CONTEXT_LINE=$(echo "$CONTEXT" | awk '{print $1}') + local CONTEXT_FILE=$(echo "$CONTEXT" | awk -F"/" '{print $NF}') + + _EFFECTIVE_MESSAGE="$(_loggerGetTimestamp) $(_loggerGetServiceType) $(_loggerGetMode $MODE) $(_loggerGetTraceID) $(_loggerGetStackTrace $CONTEXT_FILE $CONTEXT_LINE) $(_loggerGetThread) - $(_loggerGetMessage $MESSAGE)" + fi + CONTEXT= +} + +# Important - don't call any log method from this method. Will become an infinite loop. Use echo to debug +_logToFile() { + local MODE=${1-"INFO"} + local targetFile="$LOG_BEHAVIOR_ADD_REDIRECTION" + # IF the file isn't passed, abort + if [ -z "$targetFile" ]; then + return + fi + # IF this is not being run in verbose mode and mode is debug or lower, abort + if [ "${VERBOSE_MODE}" != "$FLAG_Y" ] && [ "${VERBOSE_MODE}" != "true" ] && [ "${VERBOSE_MODE}" != "debug" ]; then + if [ "$MODE" == "DEBUG" ] || [ "$MODE" == "SILLY" ]; then + return + fi + fi + + # Create the file if it doesn't exist + if [ ! -f "${targetFile}" ]; then + return + # touch $targetFile > /dev/null 2>&1 || true + fi + # # Make it readable + # chmod 640 $targetFile > /dev/null 2>&1 || true + + # Log contents + printf "%s\n" "$_EFFECTIVE_MESSAGE" >> "$targetFile" || true +} + +logger() { + if [ "$LOG_BEHAVIOR_ADD_NEW_LINE" == "$FLAG_Y" ]; then + echo "" + fi + _getEffectiveMessage "$@" + local MODE=${2-"INFO"} + printf "%s\n" "$_EFFECTIVE_MESSAGE" + _logToFile "$MODE" +} + +logDebug(){ + VERBOSE_MODE=${VERBOSE_MODE-"false"} + CONTEXT=$(caller) + if [ "${VERBOSE_MODE}" == "$FLAG_Y" ] || [ "${VERBOSE_MODE}" == "true" ] || [ "${VERBOSE_MODE}" == "debug" ];then + logger "$1" "DEBUG" + else + logger "$1" "DEBUG" >&6 + fi + CONTEXT= +} + +logSilly(){ + VERBOSE_MODE=${VERBOSE_MODE-"false"} + CONTEXT=$(caller) + if [ "${VERBOSE_MODE}" == "silly" ];then + logger "$1" "DEBUG" + else + logger "$1" "DEBUG" >&6 + fi + CONTEXT= +} + +logError() { + CONTEXT=$(caller) + logger "$1" "ERROR" + CONTEXT= +} + +errorExit () { + CONTEXT=$(caller) + logger "$1" "ERROR" + CONTEXT= + exit 1 +} + +warn () { + CONTEXT=$(caller) + logger "$1" "WARN" + CONTEXT= +} + +note () { + CONTEXT=$(caller) + logger "$1" "NOTE" + CONTEXT= +} + +bannerStart() { + title=$1 + echo + echo -e "\033[1m${title}\033[0m" + echo +} + +bannerSection() { + title=$1 + echo + echo -e "******************************** ${title} ********************************" + echo +} + +bannerSubSection() { + title=$1 + echo + echo -e "************** ${title} *******************" + echo +} + +bannerMessge() { + title=$1 + echo + echo -e "********************************" + echo -e "${title}" + echo -e "********************************" + echo +} + +setRed () { + local input="$1" + echo -e \\033[31m${input}\\033[0m +} +setGreen () { + local input="$1" + echo -e \\033[32m${input}\\033[0m +} +setYellow () { + local input="$1" + echo -e \\033[33m${input}\\033[0m +} + +logger_addLinebreak () { + echo -e "---\n" +} + +bannerImportant() { + title=$1 + local bold="\033[1m" + local noColour="\033[0m" + echo + echo -e "${bold}######################################## IMPORTANT ########################################${noColour}" + echo -e "${bold}${title}${noColour}" + echo -e "${bold}###########################################################################################${noColour}" + echo +} + +bannerEnd() { + #TODO pass a title and calculate length dynamically so that start and end look alike + echo + echo "*****************************************************************************" + echo +} + +banner() { + title=$1 + content=$2 + bannerStart "${title}" + echo -e "$content" +} + +# The logic below helps us redirect content we'd normally hide to the log file. + # + # We have several commands which clutter the console with output and so use + # `cmd > /dev/null` - this redirects the command's output to null. + # + # However, the information we just hid maybe useful for support. Using the code pattern + # `cmd >&6` (instead of `cmd> >/dev/null` ), the command's output is hidden from the console + # but redirected to the installation log file + # + +#Default value of 6 is just null +exec 6>>/dev/null +redirectLogsToFile() { + echo "" + # local file=$1 + + # [ ! -z "${file}" ] || return 0 + + # local logDir=$(dirname "$file") + + # if [ ! -f "${file}" ]; then + # [ -d "${logDir}" ] || mkdir -p ${logDir} || \ + # ( echo "WARNING : Could not create parent directory (${logDir}) to redirect console log : ${file}" ; return 0 ) + # fi + + # #6 now points to the log file + # exec 6>>${file} + # #reference https://unix.stackexchange.com/questions/145651/using-exec-and-tee-to-redirect-logs-to-stdout-and-a-log-file-in-the-same-time + # exec 2>&1 > >(tee -a "${file}") +} + +# Check if a give key contains any sensitive string as part of it +# Based on the result, the caller can decide its value can be displayed or not +# Sample usage : isKeySensitive "${key}" && displayValue="******" || displayValue=${value} +isKeySensitive(){ + local key=$1 + local sensitiveKeys="password|secret|key|token" + + if [ -z "${key}" ]; then + return 1 + else + local lowercaseKey=$(echo "${key}" | tr '[:upper:]' '[:lower:]' 2>/dev/null) + [[ "${lowercaseKey}" =~ ${sensitiveKeys} ]] && return 0 || return 1 + fi +} + +getPrintableValueOfKey(){ + local displayValue= + local key="$1" + if [ -z "$key" ]; then + # This is actually an incorrect usage of this method but any logging will cause unexpected content in the caller + echo -n "" + return + fi + + local value="$2" + isKeySensitive "${key}" && displayValue="$SENSITIVE_KEY_VALUE" || displayValue="${value}" + echo -n $displayValue +} + +_createConsoleLog(){ + if [ -z "${JF_PRODUCT_HOME}" ]; then + return + fi + local targetFile="${JF_PRODUCT_HOME}/var/log/console.log" + mkdir -p "${JF_PRODUCT_HOME}/var/log" || true + if [ ! -f ${targetFile} ]; then + touch $targetFile > /dev/null 2>&1 || true + fi + chmod 640 $targetFile > /dev/null 2>&1 || true +} + +# Output from application's logs are piped to this method. It checks a configuration variable to determine if content should be logged to +# the common console.log file +redirectServiceLogsToFile() { + + local result="0" + # check if the function getSystemValue exists + LC_ALL=C type getSystemValue > /dev/null 2>&1 || result="$?" + if [[ "$result" != "0" ]]; then + warn "Couldn't find the systemYamlHelper. Skipping log redirection" + return 0 + fi + + getSystemValue "shared.consoleLog" "NOT_SET" + if [[ "${YAML_VALUE}" == "false" ]]; then + logger "Redirection is set to false. Skipping log redirection" + return 0; + fi + + if [ -z "${JF_PRODUCT_HOME}" ] || [ "${JF_PRODUCT_HOME}" == "" ]; then + warn "JF_PRODUCT_HOME is unavailable. Skipping log redirection" + return 0 + fi + + local targetFile="${JF_PRODUCT_HOME}/var/log/console.log" + + _createConsoleLog + + while read -r line; do + printf '%s\n' "${line}" >> $targetFile || return 0 # Don't want to log anything - might clutter the screen + done +} + +## Display environment variables starting with JF_ along with its value +## Value of sensitive keys will be displayed as "******" +## +## Sample Display : +## +## ======================== +## JF Environment variables +## ======================== +## +## JF_SHARED_NODE_ID : locahost +## JF_SHARED_JOINKEY : ****** +## +## +displayEnv() { + local JFEnv=$(printenv | grep ^JF_ 2>/dev/null) + local key= + local value= + + if [ -z "${JFEnv}" ]; then + return + fi + + cat << ENV_START_MESSAGE + +======================== +JF Environment variables +======================== +ENV_START_MESSAGE + + for entry in ${JFEnv}; do + key=$(echo "${entry}" | awk -F'=' '{print $1}') + value=$(echo "${entry}" | awk -F'=' '{print $2}') + + isKeySensitive "${key}" && value="******" || value=${value} + + printf "\n%-35s%s" "${key}" " : ${value}" + done + echo; +} + +_addLogRotateConfiguration() { + logDebug "Method ${FUNCNAME[0]}" + # mandatory inputs + local confFile="$1" + local logFile="$2" + + # Method available in _ioOperations.sh + LC_ALL=C type io_setYQPath > /dev/null 2>&1 || return 1 + + io_setYQPath + + # Method available in _systemYamlHelper.sh + LC_ALL=C type getSystemValue > /dev/null 2>&1 || return 1 + + local frequency="daily" + local archiveFolder="archived" + + local compressLogFiles= + getSystemValue "shared.logging.rotation.compress" "true" + if [[ "${YAML_VALUE}" == "true" ]]; then + compressLogFiles="compress" + fi + + getSystemValue "shared.logging.rotation.maxFiles" "10" + local noOfBackupFiles="${YAML_VALUE}" + + getSystemValue "shared.logging.rotation.maxSizeMb" "25" + local sizeOfFile="${YAML_VALUE}M" + + logDebug "Adding logrotate configuration for [$logFile] to [$confFile]" + + # Add configuration to file + local confContent=$(cat << LOGROTATECONF +$logFile { + $frequency + missingok + rotate $noOfBackupFiles + $compressLogFiles + notifempty + olddir $archiveFolder + dateext + extension .log + dateformat -%Y-%m-%d + size ${sizeOfFile} +} +LOGROTATECONF +) + echo "${confContent}" > ${confFile} || return 1 +} + +_operationIsBySameUser() { + local targetUser="$1" + local currentUserID=$(id -u) + local currentUserName=$(id -un) + + if [ $currentUserID == $targetUser ] || [ $currentUserName == $targetUser ]; then + echo -n "yes" + else + echo -n "no" + fi +} + +_addCronJobForLogrotate() { + logDebug "Method ${FUNCNAME[0]}" + + # Abort if logrotate is not available + [ "$(io_commandExists 'crontab')" != "yes" ] && warn "cron is not available" && return 1 + + # mandatory inputs + local productHome="$1" + local confFile="$2" + local cronJobOwner="$3" + + # We want to use our binary if possible. It may be more recent than the one in the OS + local logrotateBinary="$productHome/app/third-party/logrotate/logrotate" + + if [ ! -f "$logrotateBinary" ]; then + logrotateBinary="logrotate" + [ "$(io_commandExists 'logrotate')" != "yes" ] && warn "logrotate is not available" && return 1 + fi + local cmd="$logrotateBinary ${confFile} --state $productHome/var/etc/logrotate/logrotate-state" #--verbose + + id -u $cronJobOwner > /dev/null 2>&1 || { warn "User $cronJobOwner does not exist. Aborting logrotate configuration" && return 1; } + + # Remove the existing line + removeLogRotation "$productHome" "$cronJobOwner" || true + + # Run logrotate daily at 23:55 hours + local cronInterval="55 23 * * * $cmd" + + local standaloneMode=$(_operationIsBySameUser "$cronJobOwner") + + # If this is standalone mode, we cannot use -u - the user running this process may not have the necessary privileges + if [ "$standaloneMode" == "no" ]; then + (crontab -l -u $cronJobOwner 2>/dev/null; echo "$cronInterval") | crontab -u $cronJobOwner - + else + (crontab -l 2>/dev/null; echo "$cronInterval") | crontab - + fi +} + +## Configure logrotate for a product +## Failure conditions: +## If logrotation could not be setup for some reason +## Parameters: +## $1: The product name +## $2: The product home +## Depends on global: none +## Updates global: none +## Returns: NA + +configureLogRotation() { + logDebug "Method ${FUNCNAME[0]}" + + # mandatory inputs + local productName="$1" + if [ -z $productName ]; then + warn "Incorrect usage. A product name is necessary for configuring log rotation" && return 1 + fi + + local productHome="$2" + if [ -z $productHome ]; then + warn "Incorrect usage. A product home folder is necessary for configuring log rotation" && return 1 + fi + + local logFile="${productHome}/var/log/console.log" + if [[ $(uname) == "Darwin" ]]; then + logger "Log rotation for [$logFile] has not been configured. Please setup manually" + return 0 + fi + + local userID="$3" + if [ -z $userID ]; then + warn "Incorrect usage. A userID is necessary for configuring log rotation" && return 1 + fi + + local groupID=${4:-$userID} + local logConfigOwner=${5:-$userID} + + logDebug "Configuring log rotation as user [$userID], group [$groupID], effective cron User [$logConfigOwner]" + + local errorMessage="Could not configure logrotate. Please configure log rotation of the file: [$logFile] manually" + + local confFile="${productHome}/var/etc/logrotate/logrotate.conf" + + # TODO move to recursive method + createDir "${productHome}" "$userID" "$groupID" || { warn "${errorMessage}" && return 1; } + createDir "${productHome}/var" "$userID" "$groupID" || { warn "${errorMessage}" && return 1; } + createDir "${productHome}/var/log" "$userID" "$groupID" || { warn "${errorMessage}" && return 1; } + createDir "${productHome}/var/log/archived" "$userID" "$groupID" || { warn "${errorMessage}" && return 1; } + + # TODO move to recursive method + createDir "${productHome}/var/etc" "$userID" "$groupID" || { warn "${errorMessage}" && return 1; } + createDir "${productHome}/var/etc/logrotate" "$logConfigOwner" || { warn "${errorMessage}" && return 1; } + + # conf file should be owned by the user running the script + createFile "${confFile}" "${logConfigOwner}" || { warn "Could not create configuration file [$confFile]" return 1; } + + _addLogRotateConfiguration "${confFile}" "${logFile}" "$userID" "$groupID" || { warn "${errorMessage}" && return 1; } + _addCronJobForLogrotate "${productHome}" "${confFile}" "${logConfigOwner}" || { warn "${errorMessage}" && return 1; } +} + +_pauseExecution() { + if [ "${VERBOSE_MODE}" == "debug" ]; then + + local breakPoint="$1" + if [ ! -z "$breakPoint" ]; then + printf "${cBlue}Breakpoint${cClear} [$breakPoint] " + echo "" + fi + printf "${cBlue}Press enter once you are ready to continue${cClear}" + read -s choice + echo "" + fi +} + +# removeLogRotation "$productHome" "$cronJobOwner" || true +removeLogRotation() { + logDebug "Method ${FUNCNAME[0]}" + if [[ $(uname) == "Darwin" ]]; then + logDebug "Not implemented for Darwin." + return 0 + fi + local productHome="$1" + local cronJobOwner="$2" + local standaloneMode=$(_operationIsBySameUser "$cronJobOwner") + + local confFile="${productHome}/var/etc/logrotate/logrotate.conf" + + if [ "$standaloneMode" == "no" ]; then + crontab -l -u $cronJobOwner 2>/dev/null | grep -v "$confFile" | crontab -u $cronJobOwner - + else + crontab -l 2>/dev/null | grep -v "$confFile" | crontab - + fi +} + +# NOTE: This method does not check the configuration to see if redirection is necessary. +# This is intentional. If we don't redirect, tomcat logs might get redirected to a folder/file +# that does not exist, causing the service itself to not start +setupTomcatRedirection() { + logDebug "Method ${FUNCNAME[0]}" + local consoleLog="${JF_PRODUCT_HOME}/var/log/console.log" + _createConsoleLog + export CATALINA_OUT="${consoleLog}" +} + +setupScriptLogsRedirection() { + logDebug "Method ${FUNCNAME[0]}" + if [ -z "${JF_PRODUCT_HOME}" ]; then + logDebug "No JF_PRODUCT_HOME. Returning" + return + fi + # Create the console.log file if it is not already present + # _createConsoleLog || true + # # Ensure any logs (logger/logError/warn) also get redirected to the console.log + # # Using installer.log as a temparory fix. Please change this to console.log once INST-291 is fixed + export LOG_BEHAVIOR_ADD_REDIRECTION="${JF_PRODUCT_HOME}/var/log/console.log" + export LOG_BEHAVIOR_ADD_META="$FLAG_Y" +} + +# Returns Y if this method is run inside a container +isRunningInsideAContainer() { + if [ -f "/.dockerenv" ]; then + echo -n "$FLAG_Y" + else + echo -n "$FLAG_N" + fi +} + +POSTGRES_USER=999 +NGINX_USER=104 +NGINX_GROUP=107 +ES_USER=1000 +REDIS_USER=999 +MONGO_USER=999 +RABBITMQ_USER=999 +LOG_FILE_PERMISSION=640 +PID_FILE_PERMISSION=644 + +# Copy file +copyFile(){ + local source=$1 + local target=$2 + local mode=${3:-overwrite} + local enableVerbose=${4:-"${FLAG_N}"} + local verboseFlag="" + + if [ ! -z "${enableVerbose}" ] && [ "${enableVerbose}" == "${FLAG_Y}" ]; then + verboseFlag="-v" + fi + + if [[ ! ( $source && $target ) ]]; then + warn "Source and target is mandatory to copy file" + return 1 + fi + + if [[ -f "${target}" ]]; then + [[ "$mode" = "overwrite" ]] && ( cp ${verboseFlag} -f "$source" "$target" || errorExit "Unable to copy file, command : cp -f ${source} ${target}") || true + else + cp ${verboseFlag} -f "$source" "$target" || errorExit "Unable to copy file, command : cp -f ${source} ${target}" + fi +} + +# Copy files recursively from given source directory to destination directory +# This method wil copy but will NOT overwrite +# Destination will be created if its not available +copyFilesNoOverwrite(){ + local src=$1 + local dest=$2 + local enableVerboseCopy="${3:-${FLAG_Y}}" + + if [[ -z "${src}" || -z "${dest}" ]]; then + return + fi + + if [ -d "${src}" ] && [ "$(ls -A ${src})" ]; then + local relativeFilePath="" + local targetFilePath="" + + for file in $(find ${src} -type f 2>/dev/null) ; do + # Derive relative path and attach it to destination + # Example : + # src=/extra_config + # dest=/var/opt/jfrog/artifactory/etc + # file=/extra_config/config.xml + # relativeFilePath=config.xml + # targetFilePath=/var/opt/jfrog/artifactory/etc/config.xml + relativeFilePath=${file/${src}/} + targetFilePath=${dest}${relativeFilePath} + + createDir "$(dirname "$targetFilePath")" + copyFile "${file}" "${targetFilePath}" "no_overwrite" "${enableVerboseCopy}" + done + fi +} + +# TODO : WINDOWS ? +# Check the max open files and open processes set on the system +checkULimits () { + local minMaxOpenFiles=${1:-32000} + local minMaxOpenProcesses=${2:-1024} + local setValue=${3:-true} + local warningMsgForFiles=${4} + local warningMsgForProcesses=${5} + + logger "Checking open files and processes limits" + + local currentMaxOpenFiles=$(ulimit -n) + logger "Current max open files is $currentMaxOpenFiles" + if [ ${currentMaxOpenFiles} != "unlimited" ] && [ "$currentMaxOpenFiles" -lt "$minMaxOpenFiles" ]; then + if [ "${setValue}" ]; then + ulimit -n "${minMaxOpenFiles}" >/dev/null 2>&1 || warn "Max number of open files $currentMaxOpenFiles is low!" + [ -z "${warningMsgForFiles}" ] || warn "${warningMsgForFiles}" + else + errorExit "Max number of open files $currentMaxOpenFiles, is too low. Cannot run the application!" + fi + fi + + local currentMaxOpenProcesses=$(ulimit -u) + logger "Current max open processes is $currentMaxOpenProcesses" + if [ "$currentMaxOpenProcesses" != "unlimited" ] && [ "$currentMaxOpenProcesses" -lt "$minMaxOpenProcesses" ]; then + if [ "${setValue}" ]; then + ulimit -u "${minMaxOpenProcesses}" >/dev/null 2>&1 || warn "Max number of open files $currentMaxOpenFiles is low!" + [ -z "${warningMsgForProcesses}" ] || warn "${warningMsgForProcesses}" + else + errorExit "Max number of open files $currentMaxOpenProcesses, is too low. Cannot run the application!" + fi + fi +} + +createDirs() { + local appDataDir=$1 + local serviceName=$2 + local folders="backup bootstrap data etc logs work" + + [ -z "${appDataDir}" ] && errorExit "An application directory is mandatory to create its data structure" || true + [ -z "${serviceName}" ] && errorExit "A service name is mandatory to create service data structure" || true + + for folder in ${folders} + do + folder=${appDataDir}/${folder}/${serviceName} + if [ ! -d "${folder}" ]; then + logger "Creating folder : ${folder}" + mkdir -p "${folder}" || errorExit "Failed to create ${folder}" + fi + done +} + + +testReadWritePermissions () { + local dir_to_check=$1 + local error=false + + [ -d ${dir_to_check} ] || errorExit "'${dir_to_check}' is not a directory" + + local test_file=${dir_to_check}/test-permissions + + # Write file + if echo test > ${test_file} 1> /dev/null 2>&1; then + # Write succeeded. Testing read... + if cat ${test_file} > /dev/null; then + rm -f ${test_file} + else + error=true + fi + else + error=true + fi + + if [ ${error} == true ]; then + return 1 + else + return 0 + fi +} + +# Test directory has read/write permissions for current user +testDirectoryPermissions () { + local dir_to_check=$1 + local error=false + + [ -d ${dir_to_check} ] || errorExit "'${dir_to_check}' is not a directory" + + local u_id=$(id -u) + local id_str="id ${u_id}" + + logger "Testing directory ${dir_to_check} has read/write permissions for user ${id_str}" + + if ! testReadWritePermissions ${dir_to_check}; then + error=true + fi + + if [ "${error}" == true ]; then + local stat_data=$(stat -Lc "Directory: %n, permissions: %a, owner: %U, group: %G" ${dir_to_check}) + logger "###########################################################" + logger "${dir_to_check} DOES NOT have proper permissions for user ${id_str}" + logger "${stat_data}" + logger "Mounted directory must have read/write permissions for user ${id_str}" + logger "###########################################################" + errorExit "Directory ${dir_to_check} has bad permissions for user ${id_str}" + fi + logger "Permissions for ${dir_to_check} are good" +} + +# Utility method to create a directory path recursively with chown feature as +# Failure conditions: +## Exits if unable to create a directory +# Parameters: +## $1: Root directory from where the path can be created +## $2: List of recursive child directories seperated by space +## $3: user who should own the directory. Optional +## $4: group who should own the directory. Optional +# Depends on global: none +# Updates global: none +# Returns: NA +# +# Usage: +# createRecursiveDir "/opt/jfrog/product/var" "bootstrap tomcat lib" "user_name" "group_name" +createRecursiveDir(){ + local rootDir=$1 + local pathDirs=$2 + local user=$3 + local group=${4:-${user}} + local fullPath= + + [ ! -z "${rootDir}" ] || return 0 + + createDir "${rootDir}" "${user}" "${group}" + + [ ! -z "${pathDirs}" ] || return 0 + + fullPath=${rootDir} + + for dir in ${pathDirs}; do + fullPath=${fullPath}/${dir} + createDir "${fullPath}" "${user}" "${group}" + done +} + +# Utility method to create a directory +# Failure conditions: +## Exits if unable to create a directory +# Parameters: +## $1: directory to create +## $2: user who should own the directory. Optional +## $3: group who should own the directory. Optional +# Depends on global: none +# Updates global: none +# Returns: NA + +createDir(){ + local dirName="$1" + local printMessage=no + logSilly "Method ${FUNCNAME[0]} invoked with [$dirName]" + [ -z "${dirName}" ] && return + + logDebug "Attempting to create ${dirName}" + mkdir -p "${dirName}" || errorExit "Unable to create directory: [${dirName}]" + local userID="$2" + local groupID=${3:-$userID} + + # If UID/GID is passed, chown the folder + if [ ! -z "$userID" ] && [ ! -z "$groupID" ]; then + # Earlier, this line would have returned 1 if it failed. Now it just warns. + # This is intentional. Earlier, this line would NOT be reached if the folder already existed. + # Since it will always come to this line and the script may be running as a non-root user, this method will just warn if + # setting permissions fails (so as to not affect any existing flows) + io_setOwnershipNonRecursive "$dirName" "$userID" "$groupID" || warn "Could not set owner of [$dirName] to [$userID:$groupID]" + fi + # logging message to print created dir with user and group + local logMessage=${4:-$printMessage} + if [[ "${logMessage}" == "yes" ]]; then + logger "Successfully created directory [${dirName}]. Owner: [${userID}:${groupID}]" + fi +} + +removeSoftLinkAndCreateDir () { + local dirName="$1" + local userID="$2" + local groupID="$3" + local logMessage="$4" + removeSoftLink "${dirName}" + createDir "${dirName}" "${userID}" "${groupID}" "${logMessage}" +} + +# Utility method to remove a soft link +removeSoftLink () { + local dirName="$1" + if [[ -L "${dirName}" ]]; then + targetLink=$(readlink -f "${dirName}") + logger "Removing the symlink [${dirName}] pointing to [${targetLink}]" + rm -f "${dirName}" + fi +} + +# Check Directory exist in the path +checkDirExists () { + local directoryPath="$1" + + [[ -d "${directoryPath}" ]] && echo -n "true" || echo -n "false" +} + + +# Utility method to create a file +# Failure conditions: +# Parameters: +## $1: file to create +# Depends on global: none +# Updates global: none +# Returns: NA + +createFile(){ + local fileName="$1" + logSilly "Method ${FUNCNAME[0]} [$fileName]" + [ -f "${fileName}" ] && return 0 + touch "${fileName}" || return 1 + + local userID="$2" + local groupID=${3:-$userID} + + # If UID/GID is passed, chown the folder + if [ ! -z "$userID" ] && [ ! -z "$groupID" ]; then + io_setOwnership "$fileName" "$userID" "$groupID" || return 1 + fi +} + +# Check File exist in the filePath +# IMPORTANT- DON'T ADD LOGGING to this method +checkFileExists () { + local filePath="$1" + + [[ -f "${filePath}" ]] && echo -n "true" || echo -n "false" +} + +# Check for directories contains any (files or sub directories) +# IMPORTANT- DON'T ADD LOGGING to this method +checkDirContents () { + local directoryPath="$1" + if [[ "$(ls -1 "${directoryPath}" | wc -l)" -gt 0 ]]; then + echo -n "true" + else + echo -n "false" + fi +} + +# Check contents exist in directory +# IMPORTANT- DON'T ADD LOGGING to this method +checkContentExists () { + local source="$1" + + if [[ "$(checkDirContents "${source}")" != "true" ]]; then + echo -n "false" + else + echo -n "true" + fi +} + +# Resolve the variable +# IMPORTANT- DON'T ADD LOGGING to this method +evalVariable () { + local output="$1" + local input="$2" + + eval "${output}"=\${"${input}"} + eval echo \${"${output}"} +} + +# Usage: if [ "$(io_commandExists 'curl')" == "yes" ] +# IMPORTANT- DON'T ADD LOGGING to this method +io_commandExists() { + local commandToExecute="$1" + hash "${commandToExecute}" 2>/dev/null + local rt=$? + if [ "$rt" == 0 ]; then echo -n "yes"; else echo -n "no"; fi +} + +# Usage: if [ "$(io_curlExists)" != "yes" ] +# IMPORTANT- DON'T ADD LOGGING to this method +io_curlExists() { + io_commandExists "curl" +} + + +io_hasMatch() { + logSilly "Method ${FUNCNAME[0]}" + local result=0 + logDebug "Executing [echo \"$1\" | grep \"$2\" >/dev/null 2>&1]" + echo "$1" | grep "$2" >/dev/null 2>&1 || result=1 + return $result +} + +# Utility method to check if the string passed (usually a connection url) corresponds to this machine itself +# Failure conditions: None +# Parameters: +## $1: string to check against +# Depends on global: none +# Updates global: IS_LOCALHOST with value "yes/no" +# Returns: NA + +io_getIsLocalhost() { + logSilly "Method ${FUNCNAME[0]}" + IS_LOCALHOST="$FLAG_N" + local inputString="$1" + logDebug "Parsing [$inputString] to check if we are dealing with this machine itself" + + io_hasMatch "$inputString" "localhost" && { + logDebug "Found localhost. Returning [$FLAG_Y]" + IS_LOCALHOST="$FLAG_Y" && return; + } || logDebug "Did not find match for localhost" + + local hostIP=$(io_getPublicHostIP) + io_hasMatch "$inputString" "$hostIP" && { + logDebug "Found $hostIP. Returning [$FLAG_Y]" + IS_LOCALHOST="$FLAG_Y" && return; + } || logDebug "Did not find match for $hostIP" + + local hostID=$(io_getPublicHostID) + io_hasMatch "$inputString" "$hostID" && { + logDebug "Found $hostID. Returning [$FLAG_Y]" + IS_LOCALHOST="$FLAG_Y" && return; + } || logDebug "Did not find match for $hostID" + + local hostName=$(io_getPublicHostName) + io_hasMatch "$inputString" "$hostName" && { + logDebug "Found $hostName. Returning [$FLAG_Y]" + IS_LOCALHOST="$FLAG_Y" && return; + } || logDebug "Did not find match for $hostName" + +} + +# Usage: if [ "$(io_tarExists)" != "yes" ] +# IMPORTANT- DON'T ADD LOGGING to this method +io_tarExists() { + io_commandExists "tar" +} + +# IMPORTANT- DON'T ADD LOGGING to this method +io_getPublicHostIP() { + local OS_TYPE=$(uname) + local publicHostIP= + if [ "${OS_TYPE}" == "Darwin" ]; then + ipStatus=$(ifconfig en0 | grep "status" | awk '{print$2}') + if [ "${ipStatus}" == "active" ]; then + publicHostIP=$(ifconfig en0 | grep inet | grep -v inet6 | awk '{print $2}') + else + errorExit "Host IP could not be resolved!" + fi + elif [ "${OS_TYPE}" == "Linux" ]; then + publicHostIP=$(hostname -i 2>/dev/null || echo "127.0.0.1") + fi + publicHostIP=$(echo "${publicHostIP}" | awk '{print $1}') + echo -n "${publicHostIP}" +} + +# Will return the short host name (up to the first dot) +# IMPORTANT- DON'T ADD LOGGING to this method +io_getPublicHostName() { + echo -n "$(hostname -s)" +} + +# Will return the full host name (use this as much as possible) +# IMPORTANT- DON'T ADD LOGGING to this method +io_getPublicHostID() { + echo -n "$(hostname)" +} + +# Utility method to backup a file +# Failure conditions: NA +# Parameters: filePath +# Depends on global: none, +# Updates global: none +# Returns: NA +io_backupFile() { + logSilly "Method ${FUNCNAME[0]}" + fileName="$1" + if [ ! -f "${filePath}" ]; then + logDebug "No file: [${filePath}] to backup" + return + fi + dateTime=$(date +"%Y-%m-%d-%H-%M-%S") + targetFileName="${fileName}.backup.${dateTime}" + yes | \cp -f "$fileName" "${targetFileName}" + logger "File [${fileName}] backedup as [${targetFileName}]" +} + +# Reference https://stackoverflow.com/questions/4023830/how-to-compare-two-strings-in-dot-separated-version-format-in-bash/4025065#4025065 +is_number() { + case "$BASH_VERSION" in + 3.1.*) + PATTERN='\^\[0-9\]+\$' + ;; + *) + PATTERN='^[0-9]+$' + ;; + esac + + [[ "$1" =~ $PATTERN ]] +} + +io_compareVersions() { + if [[ $# != 2 ]] + then + echo "Usage: min_version current minimum" + return + fi + + A="${1%%.*}" + B="${2%%.*}" + + if [[ "$A" != "$1" && "$B" != "$2" && "$A" == "$B" ]] + then + io_compareVersions "${1#*.}" "${2#*.}" + else + if is_number "$A" && is_number "$B" + then + if [[ "$A" -eq "$B" ]]; then + echo "0" + elif [[ "$A" -gt "$B" ]]; then + echo "1" + elif [[ "$A" -lt "$B" ]]; then + echo "-1" + fi + fi + fi +} + +# Reference https://stackoverflow.com/questions/369758/how-to-trim-whitespace-from-a-bash-variable +# Strip all leading and trailing spaces +# IMPORTANT- DON'T ADD LOGGING to this method +io_trim() { + local var="$1" + # remove leading whitespace characters + var="${var#"${var%%[![:space:]]*}"}" + # remove trailing whitespace characters + var="${var%"${var##*[![:space:]]}"}" + echo -n "$var" +} + +# temporary function will be removing it ASAP +# search for string and replace text in file +replaceText_migration_hook () { + local regexString="$1" + local replaceText="$2" + local file="$3" + + if [[ "$(checkFileExists "${file}")" != "true" ]]; then + return + fi + if [[ $(uname) == "Darwin" ]]; then + sed -i '' -e "s/${regexString}/${replaceText}/" "${file}" || warn "Failed to replace the text in ${file}" + else + sed -i -e "s/${regexString}/${replaceText}/" "${file}" || warn "Failed to replace the text in ${file}" + fi +} + +# search for string and replace text in file +replaceText () { + local regexString="$1" + local replaceText="$2" + local file="$3" + + if [[ "$(checkFileExists "${file}")" != "true" ]]; then + return + fi + if [[ $(uname) == "Darwin" ]]; then + sed -i '' -e "s#${regexString}#${replaceText}#" "${file}" || warn "Failed to replace the text in ${file}" + else + sed -i -e "s#${regexString}#${replaceText}#" "${file}" || warn "Failed to replace the text in ${file}" + logDebug "Replaced [$regexString] with [$replaceText] in [$file]" + fi +} + +# search for string and prepend text in file +prependText () { + local regexString="$1" + local text="$2" + local file="$3" + + if [[ "$(checkFileExists "${file}")" != "true" ]]; then + return + fi + if [[ $(uname) == "Darwin" ]]; then + sed -i '' -e '/'"${regexString}"'/i\'$'\n\\'"${text}"''$'\n' "${file}" || warn "Failed to prepend the text in ${file}" + else + sed -i -e '/'"${regexString}"'/i\'$'\n\\'"${text}"''$'\n' "${file}" || warn "Failed to prepend the text in ${file}" + fi +} + +# add text to beginning of the file +addText () { + local text="$1" + local file="$2" + + if [[ "$(checkFileExists "${file}")" != "true" ]]; then + return + fi + if [[ $(uname) == "Darwin" ]]; then + sed -i '' -e '1s/^/'"${text}"'\'$'\n/' "${file}" || warn "Failed to add the text in ${file}" + else + sed -i -e '1s/^/'"${text}"'\'$'\n/' "${file}" || warn "Failed to add the text in ${file}" + fi +} + +io_replaceString () { + local value="$1" + local firstString="$2" + local secondString="$3" + local separator=${4:-"/"} + local updateValue= + if [[ $(uname) == "Darwin" ]]; then + updateValue=$(echo "${value}" | sed "s${separator}${firstString}${separator}${secondString}${separator}") + else + updateValue=$(echo "${value}" | sed "s${separator}${firstString}${separator}${secondString}${separator}") + fi + echo -n "${updateValue}" +} + +_findYQ() { + # logSilly "Method ${FUNCNAME[0]}" (Intentionally not logging. Does not add value) + local parentDir="$1" + if [ -z "$parentDir" ]; then + return + fi + logDebug "Executing command [find "${parentDir}" -name third-party -type d]" + local yq=$(find "${parentDir}" -name third-party -type d) + if [ -d "${yq}/yq" ]; then + export YQ_PATH="${yq}/yq" + fi +} + + +io_setYQPath() { + # logSilly "Method ${FUNCNAME[0]}" (Intentionally not logging. Does not add value) + if [ "$(io_commandExists 'yq')" == "yes" ]; then + return + fi + + if [ ! -z "${JF_PRODUCT_HOME}" ] && [ -d "${JF_PRODUCT_HOME}" ]; then + _findYQ "${JF_PRODUCT_HOME}" + fi + + if [ -z "${YQ_PATH}" ] && [ ! -z "${COMPOSE_HOME}" ] && [ -d "${COMPOSE_HOME}" ]; then + _findYQ "${COMPOSE_HOME}" + fi + # TODO We can remove this block after all the code is restructured. + if [ -z "${YQ_PATH}" ] && [ ! -z "${SCRIPT_HOME}" ] && [ -d "${SCRIPT_HOME}" ]; then + _findYQ "${SCRIPT_HOME}" + fi + +} + +io_getLinuxDistribution() { + LINUX_DISTRIBUTION= + + # Make sure running on Linux + [ $(uname -s) != "Linux" ] && return + + # Find out what Linux distribution we are on + + cat /etc/*-release | grep -i Red >/dev/null 2>&1 && LINUX_DISTRIBUTION=RedHat || true + + # OS 6.x + cat /etc/issue.net | grep Red >/dev/null 2>&1 && LINUX_DISTRIBUTION=RedHat || true + + # OS 7.x + cat /etc/*-release | grep -i centos >/dev/null 2>&1 && LINUX_DISTRIBUTION=CentOS && LINUX_DISTRIBUTION_VER="7" || true + + # OS 8.x + grep -q -i "release 8" /etc/redhat-release >/dev/null 2>&1 && LINUX_DISTRIBUTION_VER="8" || true + + # OS 7.x + grep -q -i "release 7" /etc/redhat-release >/dev/null 2>&1 && LINUX_DISTRIBUTION_VER="7" || true + + # OS 6.x + grep -q -i "release 6" /etc/redhat-release >/dev/null 2>&1 && LINUX_DISTRIBUTION_VER="6" || true + + cat /etc/*-release | grep -i Red | grep -i 'VERSION=7' >/dev/null 2>&1 && LINUX_DISTRIBUTION=RedHat && LINUX_DISTRIBUTION_VER="7" || true + + cat /etc/*-release | grep -i debian >/dev/null 2>&1 && LINUX_DISTRIBUTION=Debian || true + + cat /etc/*-release | grep -i ubuntu >/dev/null 2>&1 && LINUX_DISTRIBUTION=Ubuntu || true +} + +## Utility method to check ownership of folders/files +## Failure conditions: + ## If invoked with incorrect inputs - FATAL + ## If file is not owned by the user & group +## Parameters: + ## user + ## group + ## folder to chown +## Globals: none +## Returns: none +## NOTE: The method does NOTHING if the OS is Mac +io_checkOwner () { + logSilly "Method ${FUNCNAME[0]}" + local osType=$(uname) + + if [ "${osType}" != "Linux" ]; then + logDebug "Unsupported OS. Skipping check" + return 0 + fi + + local file_to_check=$1 + local user_id_to_check=$2 + + + if [ -z "$user_id_to_check" ] || [ -z "$file_to_check" ]; then + errorExit "Invalid invocation of method. Missing mandatory inputs" + fi + + local group_id_to_check=${3:-$user_id_to_check} + local check_user_name=${4:-"no"} + + logDebug "Checking permissions on [$file_to_check] for user [$user_id_to_check] & group [$group_id_to_check]" + + local stat= + + if [ "${check_user_name}" == "yes" ]; then + stat=( $(stat -Lc "%U %G" ${file_to_check}) ) + else + stat=( $(stat -Lc "%u %g" ${file_to_check}) ) + fi + + local user_id=${stat[0]} + local group_id=${stat[1]} + + if [[ "${user_id}" != "${user_id_to_check}" ]] || [[ "${group_id}" != "${group_id_to_check}" ]] ; then + logDebug "Ownership mismatch. [${file_to_check}] is not owned by [${user_id_to_check}:${group_id_to_check}]" + return 1 + else + return 0 + fi +} + +## Utility method to change ownership of a file/folder - NON recursive +## Failure conditions: + ## If invoked with incorrect inputs - FATAL + ## If chown operation fails - returns 1 +## Parameters: + ## user + ## group + ## file to chown +## Globals: none +## Returns: none +## NOTE: The method does NOTHING if the OS is Mac + +io_setOwnershipNonRecursive() { + + local osType=$(uname) + if [ "${osType}" != "Linux" ]; then + return + fi + + local targetFile=$1 + local user=$2 + + if [ -z "$user" ] || [ -z "$targetFile" ]; then + errorExit "Invalid invocation of method. Missing mandatory inputs" + fi + + local group=${3:-$user} + logDebug "Method ${FUNCNAME[0]}. Executing [chown ${user}:${group} ${targetFile}]" + chown ${user}:${group} ${targetFile} || return 1 +} + +## Utility method to change ownership of a file. +## IMPORTANT +## If being called on a folder, should ONLY be called for fresh folders or may cause performance issues +## Failure conditions: + ## If invoked with incorrect inputs - FATAL + ## If chown operation fails - returns 1 +## Parameters: + ## user + ## group + ## file to chown +## Globals: none +## Returns: none +## NOTE: The method does NOTHING if the OS is Mac + +io_setOwnership() { + + local osType=$(uname) + if [ "${osType}" != "Linux" ]; then + return + fi + + local targetFile=$1 + local user=$2 + + if [ -z "$user" ] || [ -z "$targetFile" ]; then + errorExit "Invalid invocation of method. Missing mandatory inputs" + fi + + local group=${3:-$user} + logDebug "Method ${FUNCNAME[0]}. Executing [chown -R ${user}:${group} ${targetFile}]" + chown -R ${user}:${group} ${targetFile} || return 1 +} + +## Utility method to create third party folder structure necessary for Postgres +## Failure conditions: +## If creation of directory or assigning permissions fails +## Parameters: none +## Globals: +## POSTGRESQL_DATA_ROOT +## Returns: none +## NOTE: The method does NOTHING if the folder already exists +io_createPostgresDir() { + logDebug "Method ${FUNCNAME[0]}" + [ -z "${POSTGRESQL_DATA_ROOT}" ] && return 0 + + logDebug "Property [${POSTGRESQL_DATA_ROOT}] exists. Proceeding" + + createDir "${POSTGRESQL_DATA_ROOT}/data" + io_setOwnership "${POSTGRESQL_DATA_ROOT}" "${POSTGRES_USER}" "${POSTGRES_USER}" || errorExit "Setting ownership of [${POSTGRESQL_DATA_ROOT}] to [${POSTGRES_USER}:${POSTGRES_USER}] failed" +} + +## Utility method to create third party folder structure necessary for Nginx +## Failure conditions: +## If creation of directory or assigning permissions fails +## Parameters: none +## Globals: +## NGINX_DATA_ROOT +## Returns: none +## NOTE: The method does NOTHING if the folder already exists +io_createNginxDir() { + logDebug "Method ${FUNCNAME[0]}" + [ -z "${NGINX_DATA_ROOT}" ] && return 0 + + logDebug "Property [${NGINX_DATA_ROOT}] exists. Proceeding" + + createDir "${NGINX_DATA_ROOT}" + io_setOwnership "${NGINX_DATA_ROOT}" "${NGINX_USER}" "${NGINX_GROUP}" || errorExit "Setting ownership of [${NGINX_DATA_ROOT}] to [${NGINX_USER}:${NGINX_GROUP}] failed" +} + +## Utility method to create third party folder structure necessary for ElasticSearch +## Failure conditions: +## If creation of directory or assigning permissions fails +## Parameters: none +## Globals: +## ELASTIC_DATA_ROOT +## Returns: none +## NOTE: The method does NOTHING if the folder already exists +io_createElasticSearchDir() { + logDebug "Method ${FUNCNAME[0]}" + [ -z "${ELASTIC_DATA_ROOT}" ] && return 0 + + logDebug "Property [${ELASTIC_DATA_ROOT}] exists. Proceeding" + + createDir "${ELASTIC_DATA_ROOT}/data" + io_setOwnership "${ELASTIC_DATA_ROOT}" "${ES_USER}" "${ES_USER}" || errorExit "Setting ownership of [${ELASTIC_DATA_ROOT}] to [${ES_USER}:${ES_USER}] failed" +} + +## Utility method to create third party folder structure necessary for Redis +## Failure conditions: +## If creation of directory or assigning permissions fails +## Parameters: none +## Globals: +## REDIS_DATA_ROOT +## Returns: none +## NOTE: The method does NOTHING if the folder already exists +io_createRedisDir() { + logDebug "Method ${FUNCNAME[0]}" + [ -z "${REDIS_DATA_ROOT}" ] && return 0 + + logDebug "Property [${REDIS_DATA_ROOT}] exists. Proceeding" + + createDir "${REDIS_DATA_ROOT}" + io_setOwnership "${REDIS_DATA_ROOT}" "${REDIS_USER}" "${REDIS_USER}" || errorExit "Setting ownership of [${REDIS_DATA_ROOT}] to [${REDIS_USER}:${REDIS_USER}] failed" +} + +## Utility method to create third party folder structure necessary for Mongo +## Failure conditions: +## If creation of directory or assigning permissions fails +## Parameters: none +## Globals: +## MONGODB_DATA_ROOT +## Returns: none +## NOTE: The method does NOTHING if the folder already exists +io_createMongoDir() { + logDebug "Method ${FUNCNAME[0]}" + [ -z "${MONGODB_DATA_ROOT}" ] && return 0 + + logDebug "Property [${MONGODB_DATA_ROOT}] exists. Proceeding" + + createDir "${MONGODB_DATA_ROOT}/logs" + createDir "${MONGODB_DATA_ROOT}/configdb" + createDir "${MONGODB_DATA_ROOT}/db" + io_setOwnership "${MONGODB_DATA_ROOT}" "${MONGO_USER}" "${MONGO_USER}" || errorExit "Setting ownership of [${MONGODB_DATA_ROOT}] to [${MONGO_USER}:${MONGO_USER}] failed" +} + +## Utility method to create third party folder structure necessary for RabbitMQ +## Failure conditions: +## If creation of directory or assigning permissions fails +## Parameters: none +## Globals: +## RABBITMQ_DATA_ROOT +## Returns: none +## NOTE: The method does NOTHING if the folder already exists +io_createRabbitMQDir() { + logDebug "Method ${FUNCNAME[0]}" + [ -z "${RABBITMQ_DATA_ROOT}" ] && return 0 + + logDebug "Property [${RABBITMQ_DATA_ROOT}] exists. Proceeding" + + createDir "${RABBITMQ_DATA_ROOT}" + io_setOwnership "${RABBITMQ_DATA_ROOT}" "${RABBITMQ_USER}" "${RABBITMQ_USER}" || errorExit "Setting ownership of [${RABBITMQ_DATA_ROOT}] to [${RABBITMQ_USER}:${RABBITMQ_USER}] failed" +} + +# Add or replace a property in provided properties file +addOrReplaceProperty() { + local propertyName=$1 + local propertyValue=$2 + local propertiesPath=$3 + local delimiter=${4:-"="} + + # Return if any of the inputs are empty + [[ -z "$propertyName" || "$propertyName" == "" ]] && return + [[ -z "$propertyValue" || "$propertyValue" == "" ]] && return + [[ -z "$propertiesPath" || "$propertiesPath" == "" ]] && return + + grep "^${propertyName}\s*${delimiter}.*$" ${propertiesPath} > /dev/null 2>&1 + [ $? -ne 0 ] && echo -e "\n${propertyName}${delimiter}${propertyValue}" >> ${propertiesPath} + sed -i -e "s|^${propertyName}\s*${delimiter}.*$|${propertyName}${delimiter}${propertyValue}|g;" ${propertiesPath} +} + +# Set property only if its not set +io_setPropertyNoOverride(){ + local propertyName=$1 + local propertyValue=$2 + local propertiesPath=$3 + + # Return if any of the inputs are empty + [[ -z "$propertyName" || "$propertyName" == "" ]] && return + [[ -z "$propertyValue" || "$propertyValue" == "" ]] && return + [[ -z "$propertiesPath" || "$propertiesPath" == "" ]] && return + + grep "^${propertyName}:" ${propertiesPath} > /dev/null 2>&1 + if [ $? -ne 0 ]; then + echo -e "${propertyName}: ${propertyValue}" >> ${propertiesPath} || warn "Setting property ${propertyName}: ${propertyValue} in [ ${propertiesPath} ] failed" + else + logger "Skipping update of property : ${propertyName}" >&6 + fi +} + +# Add a line to a file if it doesn't already exist +addLine() { + local line_to_add=$1 + local target_file=$2 + logger "Trying to add line $1 to $2" >&6 2>&1 + cat "$target_file" | grep -F "$line_to_add" -wq >&6 2>&1 + if [ $? != 0 ]; then + logger "Line does not exist and will be added" >&6 2>&1 + echo $line_to_add >> $target_file || errorExit "Could not update $target_file" + fi +} + +# Utility method to check if a value (first paramter) exists in an array (2nd parameter) +# 1st parameter "value to find" +# 2nd parameter "The array to search in. Please pass a string with each value separated by space" +# Example: containsElement "y" "y Y n N" +containsElement () { + local searchElement=$1 + local searchArray=($2) + local found=1 + for elementInIndex in "${searchArray[@]}";do + if [[ $elementInIndex == $searchElement ]]; then + found=0 + fi + done + return $found +} + +# Utility method to get user's choice +# 1st parameter "what to ask the user" +# 2nd parameter "what choices to accept, separated by spaces" +# 3rd parameter "what is the default choice (to use if the user simply presses Enter)" +# Example 'getUserChoice "Are you feeling lucky? Punk!" "y n Y N" "y"' +getUserChoice(){ + configureLogOutput + read_timeout=${read_timeout:-0.5} + local choice="na" + local text_to_display=$1 + local choices=$2 + local default_choice=$3 + users_choice= + + until containsElement "$choice" "$choices"; do + echo "";echo ""; + sleep $read_timeout #This ensures correct placement of the question. + read -p "$text_to_display :" choice + : ${choice:=$default_choice} + done + users_choice=$choice + echo -e "\n$text_to_display: $users_choice" >&6 + sleep $read_timeout #This ensures correct logging +} + +setFilePermission () { + local permission=$1 + local file=$2 + chmod "${permission}" "${file}" || warn "Setting permission ${permission} to file [ ${file} ] failed" +} + + +#setting required paths +setAppDir (){ + SCRIPT_DIR=$(dirname $0) + SCRIPT_HOME="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" + APP_DIR="`cd "${SCRIPT_HOME}";pwd`" +} + +ZIP_TYPE="zip" +COMPOSE_TYPE="compose" +HELM_TYPE="helm" +RPM_TYPE="rpm" +DEB_TYPE="debian" + +sourceScript () { + local file="$1" + + [ ! -z "${file}" ] || errorExit "target file is not passed to source a file" + + if [ ! -f "${file}" ]; then + errorExit "${file} file is not found" + else + source "${file}" || errorExit "Unable to source ${file}, please check if the user ${USER} has permissions to perform this action" + fi +} +# Source required helpers +initHelpers () { + local systemYamlHelper="${APP_DIR}/systemYamlHelper.sh" + local thirdPartyDir=$(find ${APP_DIR}/.. -name third-party -type d) + export YQ_PATH="${thirdPartyDir}/yq" + LIBXML2_PATH="${thirdPartyDir}/libxml2/bin/xmllint" + export LD_LIBRARY_PATH="${thirdPartyDir}/libxml2/lib" + sourceScript "${systemYamlHelper}" +} +# Check migration info yaml file available in the path +checkMigrationInfoYaml () { + + if [[ -f "${APP_DIR}/migrationHelmInfo.yaml" ]]; then + MIGRATION_SYSTEM_YAML_INFO="${APP_DIR}/migrationHelmInfo.yaml" + INSTALLER="${HELM_TYPE}" + elif [[ -f "${APP_DIR}/migrationZipInfo.yaml" ]]; then + MIGRATION_SYSTEM_YAML_INFO="${APP_DIR}/migrationZipInfo.yaml" + INSTALLER="${ZIP_TYPE}" + elif [[ -f "${APP_DIR}/migrationRpmInfo.yaml" ]]; then + MIGRATION_SYSTEM_YAML_INFO="${APP_DIR}/migrationRpmInfo.yaml" + INSTALLER="${RPM_TYPE}" + elif [[ -f "${APP_DIR}/migrationDebInfo.yaml" ]]; then + MIGRATION_SYSTEM_YAML_INFO="${APP_DIR}/migrationDebInfo.yaml" + INSTALLER="${DEB_TYPE}" + elif [[ -f "${APP_DIR}/migrationComposeInfo.yaml" ]]; then + MIGRATION_SYSTEM_YAML_INFO="${APP_DIR}/migrationComposeInfo.yaml" + INSTALLER="${COMPOSE_TYPE}" + else + errorExit "File migration Info yaml does not exist in [${APP_DIR}]" + fi +} + +retrieveYamlValue () { + local yamlPath="$1" + local value="$2" + local output="$3" + local message="$4" + + [[ -z "${yamlPath}" ]] && errorExit "yamlPath is mandatory to get value from ${MIGRATION_SYSTEM_YAML_INFO}" + + getYamlValue "${yamlPath}" "${MIGRATION_SYSTEM_YAML_INFO}" "false" + value="${YAML_VALUE}" + if [[ -z "${value}" ]]; then + if [[ "${output}" == "Warning" ]]; then + warn "Empty value for ${yamlPath} in [${MIGRATION_SYSTEM_YAML_INFO}]" + elif [[ "${output}" == "Skip" ]]; then + return + else + errorExit "${message}" + fi + fi +} + +checkEnv () { + + if [[ "${INSTALLER}" == "${ZIP_TYPE}" ]]; then + # check Environment JF_PRODUCT_HOME is set before migration + NEW_DATA_DIR="$(evalVariable "NEW_DATA_DIR" "JF_PRODUCT_HOME")" + if [[ -z "${NEW_DATA_DIR}" ]]; then + errorExit "Environment variable JF_PRODUCT_HOME is not set, this is required to perform Migration" + fi + # appending var directory to $JF_PRODUCT_HOME + NEW_DATA_DIR="${NEW_DATA_DIR}/var" + elif [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then + getCustomDataDir_hook + NEW_DATA_DIR="${OLD_DATA_DIR}" + if [[ -z "${NEW_DATA_DIR}" ]] && [[ -z "${OLD_DATA_DIR}" ]]; then + errorExit "Could not find ${PROMPT_DATA_DIR_LOCATION} to perform Migration" + fi + else + # check Environment JF_ROOT_DATA_DIR is set before migration + OLD_DATA_DIR="$(evalVariable "OLD_DATA_DIR" "JF_ROOT_DATA_DIR")" + # check Environment JF_ROOT_DATA_DIR is set before migration + NEW_DATA_DIR="$(evalVariable "NEW_DATA_DIR" "JF_ROOT_DATA_DIR")" + if [[ -z "${NEW_DATA_DIR}" ]] && [[ -z "${OLD_DATA_DIR}" ]]; then + errorExit "Could not find ${PROMPT_DATA_DIR_LOCATION} to perform Migration" + fi + # appending var directory to $JF_PRODUCT_HOME + NEW_DATA_DIR="${NEW_DATA_DIR}/var" + fi + +} + +getDataDir () { + + if [[ "${INSTALLER}" == "${ZIP_TYPE}" || "${INSTALLER}" == "${COMPOSE_TYPE}"|| "${INSTALLER}" == "${HELM_TYPE}" ]]; then + checkEnv + else + getCustomDataDir_hook + NEW_DATA_DIR="`cd "${APP_DIR}"/../../;pwd`" + NEW_DATA_DIR="${NEW_DATA_DIR}/var" + fi +} + +# Retrieve Product name from MIGRATION_SYSTEM_YAML_INFO +getProduct () { + retrieveYamlValue "migration.product" "${YAML_VALUE}" "Fail" "Empty value under ${yamlPath} in [${MIGRATION_SYSTEM_YAML_INFO}]" + PRODUCT="${YAML_VALUE}" + PRODUCT=$(echo "${PRODUCT}" | tr '[:upper:]' '[:lower:]' 2>/dev/null) + if [[ "${PRODUCT}" != "artifactory" && "${PRODUCT}" != "distribution" && "${PRODUCT}" != "xray" ]]; then + errorExit "migration.product in [${MIGRATION_SYSTEM_YAML_INFO}] is not correct, please set based on product as ARTIFACTORY or DISTRIBUTION" + fi + if [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then + JF_USER="${PRODUCT}" + fi +} +# Compare product version with minProductVersion and maxProductVersion +migrateCheckVersion () { + local productVersion="$1" + local minProductVersion="$2" + local maxProductVersion="$3" + local productVersion618="6.18.0" + local unSupportedProductVersions7=("7.2.0 7.2.1") + + if [[ "$(io_compareVersions "${productVersion}" "${maxProductVersion}")" -eq 0 || "$(io_compareVersions "${productVersion}" "${maxProductVersion}")" -eq 1 ]]; then + logger "Migration not necessary. ${PRODUCT} is already ${productVersion}" + exit 11 + elif [[ "$(io_compareVersions "${productVersion}" "${minProductVersion}")" -eq 0 || "$(io_compareVersions "${productVersion}" "${minProductVersion}")" -eq 1 ]]; then + if [[ ("$(io_compareVersions "${productVersion}" "${productVersion618}")" -eq 0 || "$(io_compareVersions "${productVersion}" "${productVersion618}")" -eq 1) && " ${unSupportedProductVersions7[@]} " =~ " ${CURRENT_VERSION} " ]]; then + touch /tmp/error; + errorExit "Current ${PRODUCT} version (${productVersion}) does not support migration to ${CURRENT_VERSION}" + else + bannerStart "Detected ${PRODUCT} ${productVersion}, initiating migration" + fi + else + logger "Current ${PRODUCT} ${productVersion} version is not supported for migration" + exit 1 + fi +} + +getProductVersion () { + local minProductVersion="$1" + local maxProductVersion="$2" + local newfilePath="$3" + local oldfilePath="$4" + local propertyInDocker="$5" + local property="$6" + local productVersion= + local status= + + if [[ "$INSTALLER" == "${COMPOSE_TYPE}" ]]; then + if [[ -f "${oldfilePath}" ]]; then + if [[ "${PRODUCT}" == "artifactory" ]]; then + productVersion="$(readKey "${property}" "${oldfilePath}")" + else + productVersion="$(cat "${oldfilePath}")" + fi + status="success" + elif [[ -f "${newfilePath}" ]]; then + productVersion="$(readKey "${propertyInDocker}" "${newfilePath}")" + status="fail" + else + logger "File [${oldfilePath}] or [${newfilePath}] not found to get current version." + exit 0 + fi + elif [[ "$INSTALLER" == "${HELM_TYPE}" ]]; then + if [[ -f "${oldfilePath}" ]]; then + if [[ "${PRODUCT}" == "artifactory" ]]; then + productVersion="$(readKey "${property}" "${oldfilePath}")" + else + productVersion="$(cat "${oldfilePath}")" + fi + status="success" + else + productVersion="${CURRENT_VERSION}" + [[ -z "${productVersion}" || "${productVersion}" == "" ]] && logger "${PRODUCT} CURRENT_VERSION is not set" && exit 0 + fi + else + if [[ -f "${newfilePath}" ]]; then + productVersion="$(readKey "${property}" "${newfilePath}")" + status="fail" + elif [[ -f "${oldfilePath}" ]]; then + productVersion="$(readKey "${property}" "${oldfilePath}")" + status="success" + else + if [[ "${INSTALLER}" == "${ZIP_TYPE}" ]]; then + logger "File [${newfilePath}] not found to get current version." + else + logger "File [${oldfilePath}] or [${newfilePath}] not found to get current version." + fi + exit 0 + fi + fi + if [[ -z "${productVersion}" || "${productVersion}" == "" ]]; then + [[ "${status}" == "success" ]] && logger "No version found in file [${oldfilePath}]." + [[ "${status}" == "fail" ]] && logger "No version found in file [${newfilePath}]." + exit 0 + fi + + migrateCheckVersion "${productVersion}" "${minProductVersion}" "${maxProductVersion}" +} + +readKey () { + local property="$1" + local file="$2" + local version= + + while IFS='=' read -r key value || [ -n "${key}" ]; + do + [[ ! "${key}" =~ \#.* && ! -z "${key}" && ! -z "${value}" ]] + key="$(io_trim "${key}")" + if [[ "${key}" == "${property}" ]]; then + version="${value}" && check=true && break + else + check=false + fi + done < "${file}" + if [[ "${check}" == "false" ]]; then + return + fi + echo "${version}" +} + +# create Log directory +createLogDir () { + if [[ "${INSTALLER}" == "${DEB_TYPE}" || "${INSTALLER}" == "${RPM_TYPE}" ]]; then + getUserAndGroupFromFile + removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/log" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" + fi +} + +# Creating migration log file +creationMigrateLog () { + local LOG_FILE_NAME="migration.log" + createLogDir + local MIGRATION_LOG_FILE="${NEW_DATA_DIR}/log/${LOG_FILE_NAME}" + if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then + MIGRATION_LOG_FILE="${SCRIPT_HOME}/${LOG_FILE_NAME}" + fi + touch "${MIGRATION_LOG_FILE}" + setFilePermission "${LOG_FILE_PERMISSION}" "${MIGRATION_LOG_FILE}" + exec &> >(tee -a "${MIGRATION_LOG_FILE}") +} +# Set path where system.yaml should create +setSystemYamlPath () { + SYSTEM_YAML_PATH="${NEW_DATA_DIR}/etc/system.yaml" + if [[ "${INSTALLER}" != "${HELM_TYPE}" ]]; then + logger "system.yaml will be created in path [${SYSTEM_YAML_PATH}]" + fi +} +# Create directory +createDirectory () { + local directory="$1" + local output="$2" + local check=false + local message="Could not create directory ${directory}, please check if the user ${USER} has permissions to perform this action" + removeSoftLink "${directory}" + mkdir -p "${directory}" && check=true || check=false + if [[ "${check}" == "false" ]]; then + if [[ "${output}" == "Warning" ]]; then + warn "${message}" + else + errorExit "${message}" + fi + fi + setOwnershipBasedOnInstaller "${directory}" +} + +setOwnershipBasedOnInstaller () { + local directory="$1" + if [[ "${INSTALLER}" == "${DEB_TYPE}" || "${INSTALLER}" == "${RPM_TYPE}" ]]; then + getUserAndGroupFromFile + chown -R ${USER_TO_CHECK}:${GROUP_TO_CHECK} "${directory}" || warn "Setting ownership on $directory failed" + elif [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then + io_setOwnership "${directory}" "${JF_USER}" "${JF_USER}" + fi +} + +getUserAndGroup () { + local file="$1" + read uid gid <<<$(stat -c '%U %G' ${file}) + USER_TO_CHECK="${uid}" + GROUP_TO_CHECK="${gid}" +} + +# set ownership +getUserAndGroupFromFile () { + case $PRODUCT in + artifactory) + getUserAndGroup "/etc/opt/jfrog/artifactory/artifactory.properties" + ;; + distribution) + getUserAndGroup "${OLD_DATA_DIR}/etc/versions.properties" + ;; + xray) + getUserAndGroup "${OLD_DATA_DIR}/security/master.key" + ;; + esac +} + +# creating required directories +createRequiredDirs () { + bannerSubSection "CREATING REQUIRED DIRECTORIES" + if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then + removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/etc/security" "${JF_USER}" "${JF_USER}" "yes" + removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/data" "${JF_USER}" "${JF_USER}" "yes" + removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/log/archived" "${JF_USER}" "${JF_USER}" "yes" + removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/work" "${JF_USER}" "${JF_USER}" "yes" + removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/backup" "${JF_USER}" "${JF_USER}" "yes" + io_setOwnership "${NEW_DATA_DIR}" "${JF_USER}" "${JF_USER}" + if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" ]]; then + removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/data/postgres" "${POSTGRES_USER}" "${POSTGRES_USER}" "yes" + fi + elif [[ "${INSTALLER}" == "${DEB_TYPE}" || "${INSTALLER}" == "${RPM_TYPE}" ]]; then + getUserAndGroupFromFile + removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/etc" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" "yes" + removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/etc/security" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" "yes" + removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/data" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" "yes" + removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/log/archived" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" "yes" + removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/work" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" "yes" + removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/backup" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" "yes" + fi +} + +# Check entry in map is format +checkMapEntry () { + local entry="$1" + + [[ "${entry}" != *"="* ]] && echo -n "false" || echo -n "true" +} +# Check value Empty and warn +warnIfEmpty () { + local filePath="$1" + local yamlPath="$2" + local check= + + if [[ -z "${filePath}" ]]; then + warn "Empty value in yamlpath [${yamlPath} in [${MIGRATION_SYSTEM_YAML_INFO}]" + check=false + else + check=true + fi + echo "${check}" +} + +logCopyStatus () { + local status="$1" + local logMessage="$2" + local warnMessage="$3" + + [[ "${status}" == "success" ]] && logger "${logMessage}" + [[ "${status}" == "fail" ]] && warn "${warnMessage}" +} +# copy contents from source to destination +copyCmd () { + local source="$1" + local target="$2" + local mode="$3" + local status= + + case $mode in + unique) + cp -up "${source}"/* "${target}"/ && status="success" || status="fail" + logCopyStatus "${status}" "Successfully copied directory contents from [${source}] to [${target}]" "Failed to copy directory contents from [${source}] to [${target}]" + ;; + specific) + cp -pf "${source}" "${target}"/ && status="success" || status="fail" + logCopyStatus "${status}" "Successfully copied file [${source}] to [${target}]" "Failed to copy file [${source}] to [${target}]" + ;; + patternFiles) + cp -pf "${source}"* "${target}"/ && status="success" || status="fail" + logCopyStatus "${status}" "Successfully copied files matching [${source}*] to [${target}]" "Failed to copy files matching [${source}*] to [${target}]" + ;; + full) + cp -prf "${source}"/* "${target}"/ && status="success" || status="fail" + logCopyStatus "${status}" "Successfully copied directory contents from [${source}] to [${target}]" "Failed to copy directory contents from [${source}] to [${target}]" + ;; + esac +} +# Check contents exist in source before copying +copyOnContentExist () { + local source="$1" + local target="$2" + local mode="$3" + + if [[ "$(checkContentExists "${source}")" == "true" ]]; then + copyCmd "${source}" "${target}" "${mode}" + else + logger "No contents to copy from [${source}]" + fi +} + +# move source to destination +moveCmd () { + local source="$1" + local target="$2" + local status= + + mv -f "${source}" "${target}" && status="success" || status="fail" + [[ "${status}" == "success" ]] && logger "Successfully moved directory [${source}] to [${target}]" + [[ "${status}" == "fail" ]] && warn "Failed to move directory [${source}] to [${target}]" +} + +# symlink target to source +symlinkCmd () { + local source="$1" + local target="$2" + local symlinkSubDir="$3" + local check=false + + if [[ "${symlinkSubDir}" == "subDir" ]]; then + ln -sf "${source}"/* "${target}" && check=true || check=false + else + ln -sf "${source}" "${target}" && check=true || check=false + fi + + [[ "${check}" == "true" ]] && logger "Successfully symlinked directory [${target}] to old [${source}]" + [[ "${check}" == "false" ]] && warn "Symlink operation failed" +} +# Check contents exist in source before symlinking +symlinkOnExist () { + local source="$1" + local target="$2" + local symlinkSubDir="$3" + + if [[ "$(checkContentExists "${source}")" == "true" ]]; then + if [[ "${symlinkSubDir}" == "subDir" ]]; then + symlinkCmd "${source}" "${target}" "subDir" + else + symlinkCmd "${source}" "${target}" + fi + else + logger "No contents to symlink from [${source}]" + fi +} + +prependDir () { + local absolutePath="$1" + local fullPath="$2" + local sourcePath= + + if [[ "${absolutePath}" = \/* ]]; then + sourcePath="${absolutePath}" + else + sourcePath="${fullPath}" + fi + echo "${sourcePath}" +} + +getFirstEntry (){ + local entry="$1" + + [[ -z "${entry}" ]] && return + echo "${entry}" | awk -F"=" '{print $1}' +} + +getSecondEntry () { + local entry="$1" + + [[ -z "${entry}" ]] && return + echo "${entry}" | awk -F"=" '{print $2}' +} +# To get absolutePath +pathResolver () { + local directoryPath="$1" + local dataDir= + + if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then + retrieveYamlValue "migration.oldDataDir" "oldDataDir" "Warning" + dataDir="${YAML_VALUE}" + cd "${dataDir}" + else + cd "${OLD_DATA_DIR}" + fi + absoluteDir="`cd "${directoryPath}";pwd`" + echo "${absoluteDir}" +} + +checkPathResolver () { + local value="$1" + + if [[ "${value}" == \/* ]]; then + value="${value}" + else + value="$(pathResolver "${value}")" + fi + echo "${value}" +} + +propertyMigrate () { + local entry="$1" + local filePath="$2" + local fileName="$3" + local check=false + + local yamlPath="$(getFirstEntry "${entry}")" + local property="$(getSecondEntry "${entry}")" + if [[ -z "${property}" ]]; then + warn "Property is empty in map [${entry}] in the file [${MIGRATION_SYSTEM_YAML_INFO}]" + return + fi + if [[ -z "${yamlPath}" ]]; then + warn "yamlPath is empty for [${property}] in [${MIGRATION_SYSTEM_YAML_INFO}]" + return + fi + while IFS='=' read -r key value || [ -n "${key}" ]; + do + [[ ! "${key}" =~ \#.* && ! -z "${key}" && ! -z "${value}" ]] + key="$(io_trim "${key}")" + if [[ "${key}" == "${property}" ]]; then + if [[ "${PRODUCT}" == "artifactory" ]]; then + value="$(migrateResolveDerbyPath "${key}" "${value}")" + value="$(migrateResolveHaDirPath "${key}" "${value}")" + value="$(updatePostgresUrlString_Hook "${yamlPath}" "${value}")" + fi + if [[ "${key}" == "context.url" ]]; then + local ip=$(echo "${value}" | awk -F/ '{print $3}' | sed 's/:.*//') + setSystemValue "shared.node.ip" "${ip}" "${SYSTEM_YAML_PATH}" + logger "Setting [shared.node.ip] with [${ip}] in system.yaml" + fi + setSystemValue "${yamlPath}" "${value}" "${SYSTEM_YAML_PATH}" && logger "Setting [${yamlPath}] with value of the property [${property}] in system.yaml" && check=true && break || check=false + fi + done < "${NEW_DATA_DIR}/${filePath}/${fileName}" + [[ "${check}" == "false" ]] && logger "Property [${property}] not found in file [${fileName}]" +} + +setHaEnabled_hook () { + echo "" +} + +migratePropertiesFiles () { + local fileList= + local filePath= + local fileName= + local map= + + retrieveYamlValue "migration.propertyFiles.files" "fileList" "Skip" + fileList="${YAML_VALUE}" + if [[ -z "${fileList}" ]]; then + return + fi + bannerSection "PROCESSING MIGRATION OF PROPERTY FILES" + for file in ${fileList}; + do + bannerSubSection "Processing Migration of $file" + retrieveYamlValue "migration.propertyFiles.$file.filePath" "filePath" "Warning" + filePath="${YAML_VALUE}" + retrieveYamlValue "migration.propertyFiles.$file.fileName" "fileName" "Warning" + fileName="${YAML_VALUE}" + [[ -z "${filePath}" && -z "${fileName}" ]] && continue + if [[ "$(checkFileExists "${NEW_DATA_DIR}/${filePath}/${fileName}")" == "true" ]]; then + logger "File [${fileName}] found in path [${NEW_DATA_DIR}/${filePath}]" + # setting haEnabled with true only if ha-node.properties is present + setHaEnabled_hook "${filePath}" + retrieveYamlValue "migration.propertyFiles.$file.map" "map" "Warning" + map="${YAML_VALUE}" + [[ -z "${map}" ]] && continue + for entry in $map; + do + if [[ "$(checkMapEntry "${entry}")" == "true" ]]; then + propertyMigrate "${entry}" "${filePath}" "${fileName}" + else + warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e yamlPath=property" + fi + done + else + logger "File [${fileName}] was not found in path [${NEW_DATA_DIR}/${filePath}] to migrate" + fi + done +} + +createTargetDir () { + local mountDir="$1" + local target="$2" + + logger "Target directory not found [${mountDir}/${target}], creating it" + createDirectoryRecursive "${mountDir}" "${target}" "Warning" +} + +createDirectoryRecursive () { + local mountDir="$1" + local target="$2" + local output="$3" + local check=false + local message="Could not create directory ${directory}, please check if the user ${USER} has permissions to perform this action" + removeSoftLink "${mountDir}/${target}" + local directory=$(echo "${target}" | tr '/' ' ' ) + local targetDir="${mountDir}" + for dir in ${directory}; + do + targetDir="${targetDir}/${dir}" + mkdir -p "${targetDir}" && check=true || check=false + setOwnershipBasedOnInstaller "${targetDir}" + done + if [[ "${check}" == "false" ]]; then + if [[ "${output}" == "Warning" ]]; then + warn "${message}" + else + errorExit "${message}" + fi + fi +} + +copyOperation () { + local source="$1" + local target="$2" + local mode="$3" + local check=false + local targetDataDir= + local targetLink= + local date= + + # prepend OLD_DATA_DIR only if source is relative path + source="$(prependDir "${source}" "${OLD_DATA_DIR}/${source}")" + if [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then + targetDataDir="${NEW_DATA_DIR}" + else + targetDataDir="`cd "${NEW_DATA_DIR}"/../;pwd`" + fi + copyLogMessage "${mode}" + #remove source if it is a symlink + if [[ -L "${source}" ]]; then + targetLink=$(readlink -f "${source}") + logger "Removing the symlink [${source}] pointing to [${targetLink}]" + rm -f "${source}" + source=${targetLink} + fi + if [[ "$(checkDirExists "${source}")" != "true" ]]; then + logger "Source [${source}] directory not found in path" + return + fi + if [[ "$(checkDirContents "${source}")" != "true" ]]; then + logger "No contents to copy from [${source}]" + return + fi + if [[ "$(checkDirExists "${targetDataDir}/${target}")" != "true" ]]; then + createTargetDir "${targetDataDir}" "${target}" + fi + copyOnContentExist "${source}" "${targetDataDir}/${target}" "${mode}" +} + +copySpecificFiles () { + local source="$1" + local target="$2" + local mode="$3" + + # prepend OLD_DATA_DIR only if source is relative path + source="$(prependDir "${source}" "${OLD_DATA_DIR}/${source}")" + if [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then + targetDataDir="${NEW_DATA_DIR}" + else + targetDataDir="`cd "${NEW_DATA_DIR}"/../;pwd`" + fi + copyLogMessage "${mode}" + if [[ "$(checkFileExists "${source}")" != "true" ]]; then + logger "Source file [${source}] does not exist in path" + return + fi + if [[ "$(checkDirExists "${targetDataDir}/${target}")" != "true" ]]; then + createTargetDir "${targetDataDir}" "${target}" + fi + copyCmd "${source}" "${targetDataDir}/${target}" "${mode}" +} + +copyPatternMatchingFiles () { + local source="$1" + local target="$2" + local mode="$3" + local sourcePath="${4}" + + # prepend OLD_DATA_DIR only if source is relative path + sourcePath="$(prependDir "${sourcePath}" "${OLD_DATA_DIR}/${sourcePath}")" + if [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then + targetDataDir="${NEW_DATA_DIR}" + else + targetDataDir="`cd "${NEW_DATA_DIR}"/../;pwd`" + fi + copyLogMessage "${mode}" + if [[ "$(checkDirExists "${sourcePath}")" != "true" ]]; then + logger "Source [${sourcePath}] directory not found in path" + return + fi + if ls "${sourcePath}/${source}"* 1> /dev/null 2>&1; then + if [[ "$(checkDirExists "${targetDataDir}/${target}")" != "true" ]]; then + createTargetDir "${targetDataDir}" "${target}" + fi + copyCmd "${sourcePath}/${source}" "${targetDataDir}/${target}" "${mode}" + else + logger "Source file [${sourcePath}/${source}*] does not exist in path" + fi +} + +copyLogMessage () { + local mode="$1" + case $mode in + specific) + logger "Copy file [${source}] to target [${targetDataDir}/${target}]" + ;; + patternFiles) + logger "Copy files matching [${sourcePath}/${source}*] to target [${targetDataDir}/${target}]" + ;; + full) + logger "Copy directory contents from source [${source}] to target [${targetDataDir}/${target}]" + ;; + unique) + logger "Copy directory contents from source [${source}] to target [${targetDataDir}/${target}]" + ;; + esac +} + +copyBannerMessages () { + local mode="$1" + local textMode="$2" + case $mode in + specific) + bannerSection "COPY ${textMode} FILES" + ;; + patternFiles) + bannerSection "COPY MATCHING ${textMode}" + ;; + full) + bannerSection "COPY ${textMode} DIRECTORIES CONTENTS" + ;; + unique) + bannerSection "COPY ${textMode} DIRECTORIES CONTENTS" + ;; + esac +} + +invokeCopyFunctions () { + local mode="$1" + local source="$2" + local target="$3" + + case $mode in + specific) + copySpecificFiles "${source}" "${target}" "${mode}" + ;; + patternFiles) + retrieveYamlValue "migration.${copyFormat}.sourcePath" "map" "Warning" + local sourcePath="${YAML_VALUE}" + copyPatternMatchingFiles "${source}" "${target}" "${mode}" "${sourcePath}" + ;; + full) + copyOperation "${source}" "${target}" "${mode}" + ;; + unique) + copyOperation "${source}" "${target}" "${mode}" + ;; + esac +} +# Copies contents from source directory and target directory +copyDataDirectories () { + local copyFormat="$1" + local mode="$2" + local map= + local source= + local target= + local textMode= + local targetDataDir= + local copyFormatValue= + + retrieveYamlValue "migration.${copyFormat}" "${copyFormat}" "Skip" + copyFormatValue="${YAML_VALUE}" + if [[ -z "${copyFormatValue}" ]]; then + return + fi + textMode=$(echo "${mode}" | tr '[:lower:]' '[:upper:]' 2>/dev/null) + copyBannerMessages "${mode}" "${textMode}" + retrieveYamlValue "migration.${copyFormat}.map" "map" "Warning" + map="${YAML_VALUE}" + if [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then + targetDataDir="${NEW_DATA_DIR}" + else + targetDataDir="`cd "${NEW_DATA_DIR}"/../;pwd`" + fi + for entry in $map; + do + if [[ "$(checkMapEntry "${entry}")" == "true" ]]; then + source="$(getSecondEntry "${entry}")" + target="$(getFirstEntry "${entry}")" + [[ -z "${source}" ]] && warn "source value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue + [[ -z "${target}" ]] && warn "target value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue + invokeCopyFunctions "${mode}" "${source}" "${target}" + else + warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e target=source" + fi + echo ""; + done +} + +invokeMoveFunctions () { + local source="$1" + local target="$2" + local sourceDataDir= + local targetBasename= + # prepend OLD_DATA_DIR only if source is relative path + sourceDataDir=$(prependDir "${source}" "${OLD_DATA_DIR}/${source}") + targetBasename=$(dirname "${target}") + logger "Moving directory source [${sourceDataDir}] to target [${NEW_DATA_DIR}/${target}]" + if [[ "$(checkDirExists "${sourceDataDir}")" != "true" ]]; then + logger "Directory [${sourceDataDir}] not found in path to move" + return + fi + if [[ "$(checkDirExists "${NEW_DATA_DIR}/${targetBasename}")" != "true" ]]; then + createTargetDir "${NEW_DATA_DIR}" "${targetBasename}" + moveCmd "${sourceDataDir}" "${NEW_DATA_DIR}/${target}" + else + moveCmd "${sourceDataDir}" "${NEW_DATA_DIR}/tempDir" + moveCmd "${NEW_DATA_DIR}/tempDir" "${NEW_DATA_DIR}/${target}" + fi +} + +# Move source directory and target directory +moveDirectories () { + local moveDataDirectories= + local map= + local source= + local target= + + retrieveYamlValue "migration.moveDirectories" "moveDirectories" "Skip" + moveDirectories="${YAML_VALUE}" + if [[ -z "${moveDirectories}" ]]; then + return + fi + bannerSection "MOVE DIRECTORIES" + retrieveYamlValue "migration.moveDirectories.map" "map" "Warning" + map="${YAML_VALUE}" + for entry in $map; + do + if [[ "$(checkMapEntry "${entry}")" == "true" ]]; then + source="$(getSecondEntry "${entry}")" + target="$(getFirstEntry "${entry}")" + [[ -z "${source}" ]] && warn "source value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue + [[ -z "${target}" ]] && warn "target value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue + invokeMoveFunctions "${source}" "${target}" + else + warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e target=source" + fi + echo ""; + done +} + +# Trim masterKey if its generated using hex 32 +trimMasterKey () { + local masterKeyDir=/opt/jfrog/artifactory/var/etc/security + local oldMasterKey=$(<${masterKeyDir}/master.key) + local oldMasterKey_Length=$(echo ${#oldMasterKey}) + local newMasterKey= + if [[ ${oldMasterKey_Length} -gt 32 ]]; then + bannerSection "TRIM MASTERKEY" + newMasterKey=$(echo ${oldMasterKey:0:32}) + cp ${masterKeyDir}/master.key ${masterKeyDir}/backup_master.key + logger "Original masterKey is backed up : ${masterKeyDir}/backup_master.key" + rm -rf ${masterKeyDir}/master.key + echo ${newMasterKey} > ${masterKeyDir}/master.key + logger "masterKey is trimmed : ${masterKeyDir}/master.key" + fi +} + +copyDirectories () { + + copyDataDirectories "copyFiles" "full" + copyDataDirectories "copyUniqueFiles" "unique" + copyDataDirectories "copySpecificFiles" "specific" + copyDataDirectories "copyPatternMatchingFiles" "patternFiles" +} + +symlinkDir () { + local source="$1" + local target="$2" + local targetDir= + local basename= + local targetParentDir= + + targetDir="$(dirname "${target}")" + if [[ "${targetDir}" == "${source}" ]]; then + # symlink the sub directories + createDirectory "${NEW_DATA_DIR}/${target}" "Warning" + if [[ "$(checkDirExists "${NEW_DATA_DIR}/${target}")" == "true" ]]; then + symlinkOnExist "${OLD_DATA_DIR}/${source}" "${NEW_DATA_DIR}/${target}" "subDir" + basename="$(basename "${target}")" + cd "${NEW_DATA_DIR}/${target}" && rm -f "${basename}" + fi + else + targetParentDir="$(dirname "${NEW_DATA_DIR}/${target}")" + createDirectory "${targetParentDir}" "Warning" + if [[ "$(checkDirExists "${targetParentDir}")" == "true" ]]; then + symlinkOnExist "${OLD_DATA_DIR}/${source}" "${NEW_DATA_DIR}/${target}" + fi + fi +} + +symlinkOperation () { + local source="$1" + local target="$2" + local check=false + local targetLink= + local date= + + # Check if source is a link and do symlink + if [[ -L "${OLD_DATA_DIR}/${source}" ]]; then + targetLink=$(readlink -f "${OLD_DATA_DIR}/${source}") + symlinkOnExist "${targetLink}" "${NEW_DATA_DIR}/${target}" + else + # check if source is directory and do symlink + if [[ "$(checkDirExists "${OLD_DATA_DIR}/${source}")" != "true" ]]; then + logger "Source [${source}] directory not found in path to symlink" + return + fi + if [[ "$(checkDirContents "${OLD_DATA_DIR}/${source}")" != "true" ]]; then + logger "No contents found in [${OLD_DATA_DIR}/${source}] to symlink" + return + fi + if [[ "$(checkDirExists "${NEW_DATA_DIR}/${target}")" != "true" ]]; then + logger "Target directory [${NEW_DATA_DIR}/${target}] does not exist to create symlink, creating it" + symlinkDir "${source}" "${target}" + else + rm -rf "${NEW_DATA_DIR}/${target}" && check=true || check=false + [[ "${check}" == "false" ]] && warn "Failed to remove contents in [${NEW_DATA_DIR}/${target}/]" + symlinkDir "${source}" "${target}" + fi + fi +} +# Creates a symlink path - Source directory to which the symbolic link should point. +symlinkDirectories () { + local linkFiles= + local map= + local source= + local target= + + retrieveYamlValue "migration.linkFiles" "linkFiles" "Skip" + linkFiles="${YAML_VALUE}" + if [[ -z "${linkFiles}" ]]; then + return + fi + bannerSection "SYMLINK DIRECTORIES" + retrieveYamlValue "migration.linkFiles.map" "map" "Warning" + map="${YAML_VALUE}" + for entry in $map; + do + if [[ "$(checkMapEntry "${entry}")" == "true" ]]; then + source="$(getSecondEntry "${entry}")" + target="$(getFirstEntry "${entry}")" + logger "Symlink directory [${NEW_DATA_DIR}/${target}] to old [${OLD_DATA_DIR}/${source}]" + [[ -z "${source}" ]] && warn "source value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue + [[ -z "${target}" ]] && warn "target value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue + symlinkOperation "${source}" "${target}" + else + warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e target=source" + fi + echo ""; + done +} + +updateConnectionString () { + local yamlPath="$1" + local value="$2" + local mongoPath="shared.mongo.url" + local rabbitmqPath="shared.rabbitMq.url" + local postgresPath="shared.database.url" + local redisPath="shared.redis.connectionString" + local mongoConnectionString="mongo.connectionString" + local sourceKey= + local hostIp=$(io_getPublicHostIP) + local hostKey= + + if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then + # Replace @postgres:,@mongodb:,@rabbitmq:,@redis: to @{hostIp}: (Compose Installer) + hostKey="@${hostIp}:" + case $yamlPath in + ${postgresPath}) + sourceKey="@postgres:" + value=$(io_replaceString "${value}" "${sourceKey}" "${hostKey}") + ;; + ${mongoPath}) + sourceKey="@mongodb:" + value=$(io_replaceString "${value}" "${sourceKey}" "${hostKey}") + ;; + ${rabbitmqPath}) + sourceKey="@rabbitmq:" + value=$(io_replaceString "${value}" "${sourceKey}" "${hostKey}") + ;; + ${redisPath}) + sourceKey="@redis:" + value=$(io_replaceString "${value}" "${sourceKey}" "${hostKey}") + ;; + ${mongoConnectionString}) + sourceKey="@mongodb:" + value=$(io_replaceString "${value}" "${sourceKey}" "${hostKey}") + ;; + esac + fi + echo -n "${value}" +} + +yamlMigrate () { + local entry="$1" + local sourceFile="$2" + local value= + local yamlPath= + local key= + yamlPath="$(getFirstEntry "${entry}")" + key="$(getSecondEntry "${entry}")" + if [[ -z "${key}" ]]; then + warn "key is empty in map [${entry}] in the file [${MIGRATION_SYSTEM_YAML_INFO}]" + return + fi + if [[ -z "${yamlPath}" ]]; then + warn "yamlPath is empty for [${key}] in [${MIGRATION_SYSTEM_YAML_INFO}]" + return + fi + getYamlValue "${key}" "${sourceFile}" "false" + value="${YAML_VALUE}" + if [[ ! -z "${value}" ]]; then + value=$(updateConnectionString "${yamlPath}" "${value}") + fi + if [[ "${PRODUCT}" == "artifactory" ]]; then + replicatorProfiling + fi + if [[ -z "${value}" ]]; then + logger "No value for [${key}] in [${sourceFile}]" + else + setSystemValue "${yamlPath}" "${value}" "${SYSTEM_YAML_PATH}" + logger "Setting [${yamlPath}] with value of the key [${key}] in system.yaml" + fi +} + +migrateYamlFile () { + local files= + local filePath= + local fileName= + local sourceFile= + local map= + retrieveYamlValue "migration.yaml.files" "files" "Skip" + files="${YAML_VALUE}" + if [[ -z "${files}" ]]; then + return + fi + bannerSection "MIGRATION OF YAML FILES" + for file in $files; + do + bannerSubSection "Processing Migration of $file" + retrieveYamlValue "migration.yaml.$file.filePath" "filePath" "Warning" + filePath="${YAML_VALUE}" + retrieveYamlValue "migration.yaml.$file.fileName" "fileName" "Warning" + fileName="${YAML_VALUE}" + [[ -z "${filePath}" && -z "${fileName}" ]] && continue + sourceFile="${NEW_DATA_DIR}/${filePath}/${fileName}" + if [[ "$(checkFileExists "${sourceFile}")" == "true" ]]; then + logger "File [${fileName}] found in path [${NEW_DATA_DIR}/${filePath}]" + retrieveYamlValue "migration.yaml.$file.map" "map" "Warning" + map="${YAML_VALUE}" + [[ -z "${map}" ]] && continue + for entry in $map; + do + if [[ "$(checkMapEntry "${entry}")" == "true" ]]; then + yamlMigrate "${entry}" "${sourceFile}" + else + warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e yamlPath=key" + fi + done + else + logger "File [${fileName}] is not found in path [${NEW_DATA_DIR}/${filePath}] to migrate" + fi + done +} +# updates the key and value in system.yaml +updateYamlKeyValue () { + local entry="$1" + local value= + local yamlPath= + local key= + + yamlPath="$(getFirstEntry "${entry}")" + value="$(getSecondEntry "${entry}")" + if [[ -z "${value}" ]]; then + warn "value is empty in map [${entry}] in the file [${MIGRATION_SYSTEM_YAML_INFO}]" + return + fi + if [[ -z "${yamlPath}" ]]; then + warn "yamlPath is empty for [${key}] in [${MIGRATION_SYSTEM_YAML_INFO}]" + return + fi + setSystemValue "${yamlPath}" "${value}" "${SYSTEM_YAML_PATH}" + logger "Setting [${yamlPath}] with value [${value}] in system.yaml" +} + +updateSystemYamlFile () { + local updateYaml= + local map= + + retrieveYamlValue "migration.updateSystemYaml" "updateYaml" "Skip" + updateSystemYaml="${YAML_VALUE}" + if [[ -z "${updateSystemYaml}" ]]; then + return + fi + bannerSection "UPDATE SYSTEM YAML FILE WITH KEY AND VALUES" + retrieveYamlValue "migration.updateSystemYaml.map" "map" "Warning" + map="${YAML_VALUE}" + if [[ -z "${map}" ]]; then + return + fi + for entry in $map; + do + if [[ "$(checkMapEntry "${entry}")" == "true" ]]; then + updateYamlKeyValue "${entry}" + else + warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e yamlPath=key" + fi + done +} + +backupFiles_hook () { + logSilly "Method ${FUNCNAME[0]}" +} + +backupDirectory () { + local backupDir="$1" + local dir="$2" + local targetDir="$3" + local effectiveUser= + local effectiveGroup= + + if [[ "${dir}" = \/* ]]; then + dir=$(echo "${dir/\//}") + fi + + if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then + effectiveUser="${JF_USER}" + effectiveGroup="${JF_USER}" + elif [[ "${INSTALLER}" == "${DEB_TYPE}" || "${INSTALLER}" == "${RPM_TYPE}" ]]; then + effectiveUser="${USER_TO_CHECK}" + effectiveGroup="${GROUP_TO_CHECK}" + fi + + removeSoftLinkAndCreateDir "${backupDir}" "${effectiveUser}" "${effectiveGroup}" "yes" + local backupDirectory="${backupDir}/${PRODUCT}" + removeSoftLinkAndCreateDir "${backupDirectory}" "${effectiveUser}" "${effectiveGroup}" "yes" + removeSoftLinkAndCreateDir "${backupDirectory}/${dir}" "${effectiveUser}" "${effectiveGroup}" "yes" + local outputCheckDirExists="$(checkDirExists "${backupDirectory}/${dir}")" + if [[ "${outputCheckDirExists}" == "true" ]]; then + copyOnContentExist "${targetDir}" "${backupDirectory}/${dir}" "full" + fi +} + +removeOldDirectory () { + local backupDir="$1" + local entry="$2" + local check=false + + # prepend OLD_DATA_DIR only if entry is relative path + local targetDir="$(prependDir "${entry}" "${OLD_DATA_DIR}/${entry}")" + local outputCheckDirExists="$(checkDirExists "${targetDir}")" + if [[ "${outputCheckDirExists}" != "true" ]]; then + logger "No [${targetDir}] directory found to delete" + echo ""; + return + fi + backupDirectory "${backupDir}" "${entry}" "${targetDir}" + rm -rf "${targetDir}" && check=true || check=false + [[ "${check}" == "true" ]] && logger "Successfully removed directory [${targetDir}]" + [[ "${check}" == "false" ]] && warn "Failed to remove directory [${targetDir}]" + echo ""; +} + +cleanUpOldDataDirectories () { + local cleanUpOldDataDir= + local map= + local entry= + + retrieveYamlValue "migration.cleanUpOldDataDir" "cleanUpOldDataDir" "Skip" + cleanUpOldDataDir="${YAML_VALUE}" + if [[ -z "${cleanUpOldDataDir}" ]]; then + return + fi + bannerSection "CLEAN UP OLD DATA DIRECTORIES" + retrieveYamlValue "migration.cleanUpOldDataDir.map" "map" "Warning" + map="${YAML_VALUE}" + [[ -z "${map}" ]] && continue + date="$(date +%Y%m%d%H%M)" + backupDir="${NEW_DATA_DIR}/backup/backup-${date}" + bannerImportant "****** Old data configurations are backedup in [${backupDir}] directory ******" + backupFiles_hook "${backupDir}/${PRODUCT}" + for entry in $map; + do + removeOldDirectory "${backupDir}" "${entry}" + done +} + +backupFiles () { + local backupDir="$1" + local dir="$2" + local targetDir="$3" + local fileName="$4" + local effectiveUser= + local effectiveGroup= + + if [[ "${dir}" = \/* ]]; then + dir=$(echo "${dir/\//}") + fi + + if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then + effectiveUser="${JF_USER}" + effectiveGroup="${JF_USER}" + elif [[ "${INSTALLER}" == "${DEB_TYPE}" || "${INSTALLER}" == "${RPM_TYPE}" ]]; then + effectiveUser="${USER_TO_CHECK}" + effectiveGroup="${GROUP_TO_CHECK}" + fi + + removeSoftLinkAndCreateDir "${backupDir}" "${effectiveUser}" "${effectiveGroup}" "yes" + local backupDirectory="${backupDir}/${PRODUCT}" + removeSoftLinkAndCreateDir "${backupDirectory}" "${effectiveUser}" "${effectiveGroup}" "yes" + removeSoftLinkAndCreateDir "${backupDirectory}/${dir}" "${effectiveUser}" "${effectiveGroup}" "yes" + local outputCheckDirExists="$(checkDirExists "${backupDirectory}/${dir}")" + if [[ "${outputCheckDirExists}" == "true" ]]; then + copyCmd "${targetDir}/${fileName}" "${backupDirectory}/${dir}" "specific" + fi +} + +removeOldFiles () { + local backupDir="$1" + local directoryName="$2" + local fileName="$3" + local check=false + + # prepend OLD_DATA_DIR only if entry is relative path + local targetDir="$(prependDir "${directoryName}" "${OLD_DATA_DIR}/${directoryName}")" + local outputCheckFileExists="$(checkFileExists "${targetDir}/${fileName}")" + if [[ "${outputCheckFileExists}" != "true" ]]; then + logger "No [${targetDir}/${fileName}] file found to delete" + return + fi + backupFiles "${backupDir}" "${directoryName}" "${targetDir}" "${fileName}" + rm -f "${targetDir}/${fileName}" && check=true || check=false + [[ "${check}" == "true" ]] && logger "Successfully removed file [${targetDir}/${fileName}]" + [[ "${check}" == "false" ]] && warn "Failed to remove file [${targetDir}/${fileName}]" + echo ""; +} + +cleanUpOldFiles () { + local cleanUpFiles= + local map= + local entry= + + retrieveYamlValue "migration.cleanUpOldFiles" "cleanUpOldFiles" "Skip" + cleanUpOldFiles="${YAML_VALUE}" + if [[ -z "${cleanUpOldFiles}" ]]; then + return + fi + bannerSection "CLEAN UP OLD FILES" + retrieveYamlValue "migration.cleanUpOldFiles.map" "map" "Warning" + map="${YAML_VALUE}" + [[ -z "${map}" ]] && continue + date="$(date +%Y%m%d%H%M)" + backupDir="${NEW_DATA_DIR}/backup/backup-${date}" + bannerImportant "****** Old files are backedup in [${backupDir}] directory ******" + for entry in $map; + do + local outputCheckMapEntry="$(checkMapEntry "${entry}")" + if [[ "${outputCheckMapEntry}" != "true" ]]; then + warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e directoryName=fileName" + fi + local fileName="$(getSecondEntry "${entry}")" + local directoryName="$(getFirstEntry "${entry}")" + [[ -z "${fileName}" ]] && warn "File name value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue + [[ -z "${directoryName}" ]] && warn "Directory name value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue + removeOldFiles "${backupDir}" "${directoryName}" "${fileName}" + echo ""; + done +} + +startMigration () { + bannerSection "STARTING MIGRATION" +} + +endMigration () { + bannerSection "MIGRATION COMPLETED SUCCESSFULLY" +} + +initialize () { + setAppDir + _pauseExecution "setAppDir" + initHelpers + _pauseExecution "initHelpers" + checkMigrationInfoYaml + _pauseExecution "checkMigrationInfoYaml" + getProduct + _pauseExecution "getProduct" + getDataDir + _pauseExecution "getDataDir" +} + +main () { + case $PRODUCT in + artifactory) + migrateArtifactory + ;; + distribution) + migrateDistribution + ;; + xray) + migrationXray + ;; + esac + exit 0 +} + +# Ensures meta data is logged +LOG_BEHAVIOR_ADD_META="$FLAG_Y" + + +migrateResolveDerbyPath () { + local key="$1" + local value="$2" + + if [[ "${key}" == "url" && "${value}" == *"db.home"* ]]; then + if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" ]]; then + derbyPath="/opt/jfrog/artifactory/var/data/artifactory/derby" + value=$(echo "${value}" | sed "s|{db.home}|$derbyPath|") + else + derbyPath="${NEW_DATA_DIR}/data/artifactory/derby" + value=$(echo "${value}" | sed "s|{db.home}|$derbyPath|") + fi + fi + echo "${value}" +} + +migrateResolveHaDirPath () { + local key="$1" + local value="$2" + + if [[ "${INSTALLER}" == "${RPM_TYPE}" || "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" || "${INSTALLER}" == "${DEB_TYPE}" ]]; then + if [[ "${key}" == "artifactory.ha.data.dir" || "${key}" == "artifactory.ha.backup.dir" ]]; then + value=$(checkPathResolver "${value}") + fi + fi + echo "${value}" +} +updatePostgresUrlString_Hook () { + local yamlPath="$1" + local value="$2" + local hostIp=$(io_getPublicHostIP) + local sourceKey="//postgresql:" + if [[ "${yamlPath}" == "shared.database.url" ]]; then + value=$(io_replaceString "${value}" "${sourceKey}" "//${hostIp}:" "#") + fi + echo "${value}" +} +# Check Artifactory product version +checkArtifactoryVersion () { + local minProductVersion="6.0.0" + local maxProductVersion="7.0.0" + local propertyInDocker="ARTIFACTORY_VERSION" + local property="artifactory.version" + + if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" ]]; then + local newfilePath="${APP_DIR}/../.env" + local oldfilePath="${OLD_DATA_DIR}/etc/artifactory.properties" + elif [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then + local oldfilePath="${OLD_DATA_DIR}/etc/artifactory.properties" + elif [[ "${INSTALLER}" == "${ZIP_TYPE}" ]]; then + local newfilePath="${NEW_DATA_DIR}/etc/artifactory/artifactory.properties" + local oldfilePath="${OLD_DATA_DIR}/etc/artifactory.properties" + else + local newfilePath="${NEW_DATA_DIR}/etc/artifactory/artifactory.properties" + local oldfilePath="/etc/opt/jfrog/artifactory/artifactory.properties" + fi + + getProductVersion "${minProductVersion}" "${maxProductVersion}" "${newfilePath}" "${oldfilePath}" "${propertyInDocker}" "${property}" +} + +getCustomDataDir_hook () { + retrieveYamlValue "migration.oldDataDir" "oldDataDir" "Fail" + OLD_DATA_DIR="${YAML_VALUE}" +} + +# Get protocol value of connector +getXmlConnectorProtocol () { + local i="$1" + local filePath="$2" + local fileName="$3" + local protocolValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@protocol' ${filePath}/${fileName} 2>/dev/null |awk -F"=" '{print $2}' | tr -d '"') + echo -e "${protocolValue}" +} + +# Get all attributes of connector +getXmlConnectorAttributes () { + local i="$1" + local filePath="$2" + local fileName="$3" + local connectorAttributes=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@*' ${filePath}/${fileName} 2>/dev/null) + # strip leading and trailing spaces + connectorAttributes=$(io_trim "${connectorAttributes}") + echo "${connectorAttributes}" +} + +# Get port value of connector +getXmlConnectorPort () { + local i="$1" + local filePath="$2" + local fileName="$3" + local portValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@port' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') + echo -e "${portValue}" +} + +# Get maxThreads value of connector +getXmlConnectorMaxThreads () { + local i="$1" + local filePath="$2" + local fileName="$3" + local maxThreadValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@maxThreads' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') + echo -e "${maxThreadValue}" +} +# Get sendReasonPhrase value of connector +getXmlConnectorSendReasonPhrase () { + local i="$1" + local filePath="$2" + local fileName="$3" + local sendReasonPhraseValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@sendReasonPhrase' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') + echo -e "${sendReasonPhraseValue}" +} +# Get relaxedPathChars value of connector +getXmlConnectorRelaxedPathChars () { + local i="$1" + local filePath="$2" + local fileName="$3" + local relaxedPathCharsValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@relaxedPathChars' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') + # strip leading and trailing spaces + relaxedPathCharsValue=$(io_trim "${relaxedPathCharsValue}") + echo -e "${relaxedPathCharsValue}" +} +# Get relaxedQueryChars value of connector +getXmlConnectorRelaxedQueryChars () { + local i="$1" + local filePath="$2" + local fileName="$3" + local relaxedQueryCharsValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@relaxedQueryChars' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') + # strip leading and trailing spaces + relaxedQueryCharsValue=$(io_trim "${relaxedQueryCharsValue}") + echo -e "${relaxedQueryCharsValue}" +} + +# Updating system.yaml with Connector port +setConnectorPort () { + local yamlPath="$1" + local valuePort="$2" + local portYamlPath= + if [[ -z "${yamlPath}" ]]; then + return + fi + if [[ -z "${valuePort}" ]]; then + warn "port value is empty, could not migrate to system.yaml" + return + fi + ## Getting port yaml path from migration info yaml + retrieveYamlValue "${yamlPath}" portYamlPath "Warning" + portYamlPath="${YAML_VALUE}" + if [[ -z "${portYamlPath}" ]]; then + return + fi + setSystemValue "${portYamlPath}" "${valuePort}" "${SYSTEM_YAML_PATH}" + logger "Setting [${portYamlPath}] with value [${valuePort}] in system.yaml" +} + +# Updating system.yaml with Connector maxThreads +setConnectorMaxThread () { + local yamlPath="$1" + local threadValue="$2" + local maxThreadYamlPath= + if [[ -z "${yamlPath}" ]]; then + return + fi + if [[ -z "${threadValue}" ]]; then + return + fi + ## Getting max Threads yaml path from migration info yaml + retrieveYamlValue "${yamlPath}" maxThreadYamlPath "Warning" + maxThreadYamlPath="${YAML_VALUE}" + if [[ -z "${maxThreadYamlPath}" ]]; then + return + fi + setSystemValue "${maxThreadYamlPath}" "${threadValue}" "${SYSTEM_YAML_PATH}" + logger "Setting [${maxThreadYamlPath}] with value [${threadValue}] in system.yaml" +} + +# Updating system.yaml with Connector sendReasonPhrase +setConnectorSendReasonPhrase () { + local yamlPath="$1" + local sendReasonPhraseValue="$2" + local sendReasonPhraseYamlPath= + if [[ -z "${yamlPath}" ]]; then + return + fi + if [[ -z "${sendReasonPhraseValue}" ]]; then + return + fi + ## Getting sendReasonPhrase yaml path from migration info yaml + retrieveYamlValue "${yamlPath}" sendReasonPhraseYamlPath "Warning" + sendReasonPhraseYamlPath="${YAML_VALUE}" + if [[ -z "${sendReasonPhraseYamlPath}" ]]; then + return + fi + setSystemValue "${sendReasonPhraseYamlPath}" "${sendReasonPhraseValue}" "${SYSTEM_YAML_PATH}" + logger "Setting [${sendReasonPhraseYamlPath}] with value [${sendReasonPhraseValue}] in system.yaml" +} + +# Updating system.yaml with Connector relaxedPathChars +setConnectorRelaxedPathChars () { + local yamlPath="$1" + local relaxedPathCharsValue="$2" + local relaxedPathCharsYamlPath= + if [[ -z "${yamlPath}" ]]; then + return + fi + if [[ -z "${relaxedPathCharsValue}" ]]; then + return + fi + ## Getting relaxedPathChars yaml path from migration info yaml + retrieveYamlValue "${yamlPath}" relaxedPathCharsYamlPath "Warning" + relaxedPathCharsYamlPath="${YAML_VALUE}" + if [[ -z "${relaxedPathCharsYamlPath}" ]]; then + return + fi + setSystemValue "${relaxedPathCharsYamlPath}" "${relaxedPathCharsValue}" "${SYSTEM_YAML_PATH}" + logger "Setting [${relaxedPathCharsYamlPath}] with value [${relaxedPathCharsValue}] in system.yaml" +} + +# Updating system.yaml with Connector relaxedQueryChars +setConnectorRelaxedQueryChars () { + local yamlPath="$1" + local relaxedQueryCharsValue="$2" + local relaxedQueryCharsYamlPath= + if [[ -z "${yamlPath}" ]]; then + return + fi + if [[ -z "${relaxedQueryCharsValue}" ]]; then + return + fi + ## Getting relaxedQueryChars yaml path from migration info yaml + retrieveYamlValue "${yamlPath}" relaxedQueryCharsYamlPath "Warning" + relaxedQueryCharsYamlPath="${YAML_VALUE}" + if [[ -z "${relaxedQueryCharsYamlPath}" ]]; then + return + fi + setSystemValue "${relaxedQueryCharsYamlPath}" "${relaxedQueryCharsValue}" "${SYSTEM_YAML_PATH}" + logger "Setting [${relaxedQueryCharsYamlPath}] with value [${relaxedQueryCharsValue}] in system.yaml" +} + +# Updating system.yaml with Connectors configurations +setConnectorExtraConfig () { + local yamlPath="$1" + local connectorAttributes="$2" + local extraConfigPath= + if [[ -z "${yamlPath}" ]]; then + return + fi + if [[ -z "${connectorAttributes}" ]]; then + return + fi + ## Getting extraConfig yaml path from migration info yaml + retrieveYamlValue "${yamlPath}" extraConfig "Warning" + extraConfigPath="${YAML_VALUE}" + if [[ -z "${extraConfigPath}" ]]; then + return + fi + # strip leading and trailing spaces + connectorAttributes=$(io_trim "${connectorAttributes}") + setSystemValue "${extraConfigPath}" "${connectorAttributes}" "${SYSTEM_YAML_PATH}" + logger "Setting [${extraConfigPath}] with connector attributes in system.yaml" +} + +# Updating system.yaml with extra Connectors +setExtraConnector () { + local yamlPath="$1" + local extraConnector="$2" + local extraConnectorYamlPath= + if [[ -z "${yamlPath}" ]]; then + return + fi + if [[ -z "${extraConnector}" ]]; then + return + fi + ## Getting extraConnecotr yaml path from migration info yaml + retrieveYamlValue "${yamlPath}" extraConnectorYamlPath "Warning" + extraConnectorYamlPath="${YAML_VALUE}" + if [[ -z "${extraConnectorYamlPath}" ]]; then + return + fi + getYamlValue "${extraConnectorYamlPath}" "${SYSTEM_YAML_PATH}" "false" + local connectorExtra="${YAML_VALUE}" + if [[ -z "${connectorExtra}" ]]; then + setSystemValue "${extraConnectorYamlPath}" "${extraConnector}" "${SYSTEM_YAML_PATH}" + logger "Setting [${extraConnectorYamlPath}] with extra connectors in system.yaml" + else + setSystemValue "${extraConnectorYamlPath}" "\"${connectorExtra} ${extraConnector}\"" "${SYSTEM_YAML_PATH}" + logger "Setting [${extraConnectorYamlPath}] with extra connectors in system.yaml" + fi +} + +# Migrate extra connectors to system.yaml +migrateExtraConnectors () { + local filePath="$1" + local fileName="$2" + local connectorCount="$3" + local excludeDefaultPort="$4" + local i="$5" + local extraConfig= + local extraConnector= + if [[ "${excludeDefaultPort}" == "yes" ]]; then + for ((i = 1 ; i <= "${connectorCount}" ; i++)); + do + local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") + [[ "${portValue}" != "${DEFAULT_ACCESS_PORT}" && "${portValue}" != "${DEFAULT_RT_PORT}" ]] || continue + extraConnector=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']' ${filePath}/${fileName} 2>/dev/null) + setExtraConnector "${EXTRA_CONFIG_YAMLPATH}" "${extraConnector}" + done + else + extraConnector=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']' ${filePath}/${fileName} 2>/dev/null) + setExtraConnector "${EXTRA_CONFIG_YAMLPATH}" "${extraConnector}" + fi +} + +# Migrate connector configurations +migrateConnectorConfig () { + local i="$1" + local protocolType="$2" + local portValue="$3" + local connectorPortYamlPath="$4" + local connectorMaxThreadYamlPath="$5" + local connectorAttributesYamlPath="$6" + local filePath="$7" + local fileName="$8" + local connectorSendReasonPhraseYamlPath="$9" + local connectorRelaxedPathCharsYamlPath="${10}" + local connectorRelaxedQueryCharsYamlPath="${11}" + + # migrate port + setConnectorPort "${connectorPortYamlPath}" "${portValue}" + + # migrate maxThreads + local maxThreadValue=$(getXmlConnectorMaxThreads "$i" "${filePath}" "${fileName}") + setConnectorMaxThread "${connectorMaxThreadYamlPath}" "${maxThreadValue}" + + # migrate sendReasonPhrase + local sendReasonPhraseValue=$(getXmlConnectorSendReasonPhrase "$i" "${filePath}" "${fileName}") + setConnectorSendReasonPhrase "${connectorSendReasonPhraseYamlPath}" "${sendReasonPhraseValue}" + + # migrate relaxedPathChars + local relaxedPathCharsValue=$(getXmlConnectorRelaxedPathChars "$i" "${filePath}" "${fileName}") + setConnectorRelaxedPathChars "${connectorRelaxedPathCharsYamlPath}" "\"${relaxedPathCharsValue}\"" + # migrate relaxedQueryChars + local relaxedQueryCharsValue=$(getXmlConnectorRelaxedQueryChars "$i" "${filePath}" "${fileName}") + setConnectorRelaxedQueryChars "${connectorRelaxedQueryCharsYamlPath}" "\"${relaxedQueryCharsValue}\"" + + # migrate all attributes to extra config except port , maxThread , sendReasonPhrase ,relaxedPathChars and relaxedQueryChars + local connectorAttributes=$(getXmlConnectorAttributes "$i" "${filePath}" "${fileName}") + connectorAttributes=$(echo "${connectorAttributes}" | sed 's/port="'${portValue}'"//g' | sed 's/maxThreads="'${maxThreadValue}'"//g' | sed 's/sendReasonPhrase="'${sendReasonPhraseValue}'"//g' | sed 's/relaxedPathChars="\'${relaxedPathCharsValue}'\"//g' | sed 's/relaxedQueryChars="\'${relaxedQueryCharsValue}'\"//g') + # strip leading and trailing spaces + connectorAttributes=$(io_trim "${connectorAttributes}") + setConnectorExtraConfig "${connectorAttributesYamlPath}" "${connectorAttributes}" +} + +# Check for default port 8040 and 8081 in connectors and migrate +migrateConnectorPort () { + local filePath="$1" + local fileName="$2" + local connectorCount="$3" + local defaultPort="$4" + local connectorPortYamlPath="$5" + local connectorMaxThreadYamlPath="$6" + local connectorAttributesYamlPath="$7" + local connectorSendReasonPhraseYamlPath="$8" + local connectorRelaxedPathCharsYamlPath="$9" + local connectorRelaxedQueryCharsYamlPath="${10}" + local portYamlPath= + local maxThreadYamlPath= + local status= + for ((i = 1 ; i <= "${connectorCount}" ; i++)); + do + local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") + local protocolType=$(getXmlConnectorProtocol "$i" "${filePath}" "${fileName}") + [[ "${protocolType}" == *AJP* ]] && continue + [[ "${portValue}" != "${defaultPort}" ]] && continue + if [[ "${portValue}" == "${DEFAULT_RT_PORT}" ]]; then + RT_DEFAULTPORT_STATUS=success + else + AC_DEFAULTPORT_STATUS=success + fi + migrateConnectorConfig "${i}" "${protocolType}" "${portValue}" "${connectorPortYamlPath}" "${connectorMaxThreadYamlPath}" "${connectorAttributesYamlPath}" "${filePath}" "${fileName}" "${connectorSendReasonPhraseYamlPath}" "${connectorRelaxedPathCharsYamlPath}" "${connectorRelaxedQueryCharsYamlPath}" + done +} + +# migrate to extra, connector having default port and protocol is AJP +migrateDefaultPortIfAjp () { + local filePath="$1" + local fileName="$2" + local connectorCount="$3" + local defaultPort="$4" + + for ((i = 1 ; i <= "${connectorCount}" ; i++)); + do + local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") + local protocolType=$(getXmlConnectorProtocol "$i" "${filePath}" "${fileName}") + [[ "${protocolType}" != *AJP* ]] && continue + [[ "${portValue}" != "${defaultPort}" ]] && continue + migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "no" "${i}" + done + +} + +# Comparing max threads in connectors +compareMaxThreads () { + local firstConnectorMaxThread="$1" + local firstConnectorNode="$2" + local secondConnectorMaxThread="$3" + local secondConnectorNode="$4" + local filePath="$5" + local fileName="$6" + + # choose higher maxThreads connector as Artifactory. + if [[ "${firstConnectorMaxThread}" -gt ${secondConnectorMaxThread} || "${firstConnectorMaxThread}" -eq ${secondConnectorMaxThread} ]]; then + # maxThread is higher in firstConnector, + # Taking firstConnector as Artifactory and SecondConnector as Access + # maxThread is equal in both connector,considering firstConnector as Artifactory and SecondConnector as Access + local rtPortValue=$(getXmlConnectorPort "${firstConnectorNode}" "${filePath}" "${fileName}") + migrateConnectorConfig "${firstConnectorNode}" "${protocolType}" "${rtPortValue}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" + local acPortValue=$(getXmlConnectorPort "${secondConnectorNode}" "${filePath}" "${fileName}") + migrateConnectorConfig "${secondConnectorNode}" "${protocolType}" "${acPortValue}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${AC_SENDREASONPHRASE_YAMLPATH}" + else + # maxThread is higher in SecondConnector, + # Taking SecondConnector as Artifactory and firstConnector as Access + local rtPortValue=$(getXmlConnectorPort "${secondConnectorNode}" "${filePath}" "${fileName}") + migrateConnectorConfig "${secondConnectorNode}" "${protocolType}" "${rtPortValue}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" + local acPortValue=$(getXmlConnectorPort "${firstConnectorNode}" "${filePath}" "${fileName}") + migrateConnectorConfig "${firstConnectorNode}" "${protocolType}" "${acPortValue}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${AC_SENDREASONPHRASE_YAMLPATH}" + fi +} + +# Check max threads exist to compare +maxThreadsExistToCompare () { + local filePath="$1" + local fileName="$2" + local connectorCount="$3" + local firstConnectorMaxThread= + local secondConnectorMaxThread= + local firstConnectorNode= + local secondConnectorNode= + local status=success + local firstnode=fail + + for ((i = 1 ; i <= "${connectorCount}" ; i++)); + do + local protocolType=$(getXmlConnectorProtocol "$i" "${filePath}" "${fileName}") + if [[ ${protocolType} == *AJP* ]]; then + # Migrate Connectors + migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "no" "${i}" + continue + fi + # store maxthreads value of each connector + if [[ ${firstnode} == "fail" ]]; then + firstConnectorMaxThread=$(getXmlConnectorMaxThreads "${i}" "${filePath}" "${fileName}") + firstConnectorNode="${i}" + firstnode=success + else + secondConnectorMaxThread=$(getXmlConnectorMaxThreads "${i}" "${filePath}" "${fileName}") + secondConnectorNode="${i}" + fi + done + [[ -z "${firstConnectorMaxThread}" ]] && status=fail + [[ -z "${secondConnectorMaxThread}" ]] && status=fail + # maxThreads is set, now compare MaxThreads + if [[ "${status}" == "success" ]]; then + compareMaxThreads "${firstConnectorMaxThread}" "${firstConnectorNode}" "${secondConnectorMaxThread}" "${secondConnectorNode}" "${filePath}" "${fileName}" + else + # Assume first connector is RT, maxThreads is not set in both connectors + local rtPortValue=$(getXmlConnectorPort "${firstConnectorNode}" "${filePath}" "${fileName}") + migrateConnectorConfig "${firstConnectorNode}" "${protocolType}" "${rtPortValue}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" + local acPortValue=$(getXmlConnectorPort "${secondConnectorNode}" "${filePath}" "${fileName}") + migrateConnectorConfig "${secondConnectorNode}" "${protocolType}" "${acPortValue}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${AC_SENDREASONPHRASE_YAMLPATH}" + fi +} + +migrateExtraBasedOnNonAjpCount () { + local nonAjpCount="$1" + local filePath="$2" + local fileName="$3" + local connectorCount="$4" + local i="$5" + + local protocolType=$(getXmlConnectorProtocol "$i" "${filePath}" "${fileName}") + if [[ "${protocolType}" == *AJP* ]]; then + if [[ "${nonAjpCount}" -eq 1 ]]; then + # migrateExtraConnectors + migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "no" "${i}" + continue + else + # migrateExtraConnectors + migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "yes" + continue + fi + fi +} + +# find RT and AC Connector +findRtAndAcConnector () { + local filePath="$1" + local fileName="$2" + local connectorCount="$3" + local initialAjpCount=0 + local nonAjpCount=0 + + # get the count of non AJP + for ((i = 1 ; i <= "${connectorCount}" ; i++)); + do + local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") + local protocolType=$(getXmlConnectorProtocol "$i" "${filePath}" "${fileName}") + [[ "${protocolType}" != *AJP* ]] || continue + nonAjpCount=$((initialAjpCount+1)) + initialAjpCount="${nonAjpCount}" + done + if [[ "${nonAjpCount}" -eq 1 ]]; then + # Add the connector found as access and artifactory connectors + # Mark port as 8040 for access + for ((i = 1 ; i <= "${connectorCount}" ; i++)) + do + migrateExtraBasedOnNonAjpCount "${nonAjpCount}" "${filePath}" "${fileName}" "${connectorCount}" "$i" + local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") + migrateConnectorConfig "$i" "${protocolType}" "${portValue}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" + migrateConnectorConfig "$i" "${protocolType}" "${portValue}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${AC_SENDREASONPHRASE_YAMLPATH}" + setConnectorPort "${AC_PORT_YAMLPATH}" "${DEFAULT_ACCESS_PORT}" + done + elif [[ "${nonAjpCount}" -eq 2 ]]; then + # compare maxThreads in both connectors + maxThreadsExistToCompare "${filePath}" "${fileName}" "${connectorCount}" + elif [[ "${nonAjpCount}" -gt 2 ]]; then + # migrateExtraConnectors + migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "yes" + elif [[ "${nonAjpCount}" -eq 0 ]]; then + # setting with default port in system.yaml + setConnectorPort "${RT_PORT_YAMLPATH}" "${DEFAULT_RT_PORT}" + setConnectorPort "${AC_PORT_YAMLPATH}" "${DEFAULT_ACCESS_PORT}" + # migrateExtraConnectors + migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "yes" + fi +} + +# get the count of non AJP +getCountOfNonAjp () { + local port="$1" + local connectorCount="$2" + local filePath=$3 + local fileName=$4 + local initialNonAjpCount=0 + + for ((i = 1 ; i <= "${connectorCount}" ; i++)); + do + local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") + local protocolType=$(getXmlConnectorProtocol "$i" "${filePath}" "${fileName}") + [[ "${portValue}" != "${port}" ]] || continue + [[ "${protocolType}" != *AJP* ]] || continue + local nonAjpCount=$((initialNonAjpCount+1)) + initialNonAjpCount="${nonAjpCount}" + done + echo -e "${nonAjpCount}" +} + +# Find for access connector +findAcConnector () { + local filePath="$1" + local fileName="$2" + local connectorCount="$3" + + # get the count of non AJP + local nonAjpCount=$(getCountOfNonAjp "${DEFAULT_RT_PORT}" "${connectorCount}" "${filePath}" "${fileName}") + if [[ "${nonAjpCount}" -eq 1 ]]; then + # Add the connector found as access connector and mark port as that of connector + for ((i = 1 ; i <= "${connectorCount}" ; i++)) + do + migrateExtraBasedOnNonAjpCount "${nonAjpCount}" "${filePath}" "${fileName}" "${connectorCount}" "$i" + local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") + if [[ "${portValue}" != "${DEFAULT_RT_PORT}" ]]; then + migrateConnectorConfig "$i" "${protocolType}" "${portValue}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${AC_SENDREASONPHRASE_YAMLPATH}" + fi + done + elif [[ "${nonAjpCount}" -gt 1 ]]; then + # Take RT properties into access with 8040 + for ((i = 1 ; i <= "${connectorCount}" ; i++)) + do + migrateExtraBasedOnNonAjpCount "${nonAjpCount}" "${filePath}" "${fileName}" "${connectorCount}" "$i" + local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") + if [[ "${portValue}" == "${DEFAULT_RT_PORT}" ]]; then + migrateConnectorConfig "$i" "${protocolType}" "${portValue}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${AC_SENDREASONPHRASE_YAMLPATH}" + setConnectorPort "${AC_PORT_YAMLPATH}" "${DEFAULT_ACCESS_PORT}" + fi + done + elif [[ "${nonAjpCount}" -eq 0 ]]; then + # Add RT connector details as access connector and mark port as 8040 + migrateConnectorPort "${filePath}" "${fileName}" "${connectorCount}" "${DEFAULT_RT_PORT}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${AC_SENDREASONPHRASE_YAMLPATH}" + setConnectorPort "${AC_PORT_YAMLPATH}" "${DEFAULT_ACCESS_PORT}" + # migrateExtraConnectors + migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "yes" + fi +} + +# Find for artifactory connector +findRtConnector () { + local filePath="$1" + local fileName="$2" + local connectorCount="$3" + + # get the count of non AJP + local nonAjpCount=$(getCountOfNonAjp "${DEFAULT_ACCESS_PORT}" "${connectorCount}" "${filePath}" "${fileName}") + if [[ "${nonAjpCount}" -eq 1 ]]; then + # Add the connector found as RT connector + for ((i = 1 ; i <= "${connectorCount}" ; i++)) + do + migrateExtraBasedOnNonAjpCount "${nonAjpCount}" "${filePath}" "${fileName}" "${connectorCount}" "$i" + local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") + if [[ "${portValue}" != "${DEFAULT_ACCESS_PORT}" ]]; then + migrateConnectorConfig "$i" "${protocolType}" "${portValue}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" + fi + done + elif [[ "${nonAjpCount}" -gt 1 ]]; then + # Take access properties into artifactory with 8081 + for ((i = 1 ; i <= "${connectorCount}" ; i++)) + do + migrateExtraBasedOnNonAjpCount "${nonAjpCount}" "${filePath}" "${fileName}" "${connectorCount}" "$i" + local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") + if [[ "${portValue}" == "${DEFAULT_ACCESS_PORT}" ]]; then + migrateConnectorConfig "$i" "${protocolType}" "${portValue}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" + setConnectorPort "${RT_PORT_YAMLPATH}" "${DEFAULT_RT_PORT}" + fi + done + elif [[ "${nonAjpCount}" -eq 0 ]]; then + # Add access connector details as RT connector and mark as ${DEFAULT_RT_PORT} + migrateConnectorPort "${filePath}" "${fileName}" "${connectorCount}" "${DEFAULT_ACCESS_PORT}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" + setConnectorPort "${RT_PORT_YAMLPATH}" "${DEFAULT_RT_PORT}" + # migrateExtraConnectors + migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "yes" + fi +} + +checkForTlsConnector () { + local filePath="$1" + local fileName="$2" + local connectorCount="$3" + for ((i = 1 ; i <= "${connectorCount}" ; i++)) + do + local sslProtocolValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@sslProtocol' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') + if [[ "${sslProtocolValue}" == "TLS" ]]; then + bannerImportant "NOTE: Ignoring TLS connector during migration, modify the system yaml to enable TLS. Original server.xml is saved in path [${filePath}/${fileName}]" + TLS_CONNECTOR_EXISTS=${FLAG_Y} + continue + fi + done +} + +# set custom tomcat server Listeners to system.yaml +setListenerConnector () { + local filePath="$1" + local fileName="$2" + local listenerCount="$3" + for ((i = 1 ; i <= "${listenerCount}" ; i++)) + do + local listenerConnector=$($LIBXML2_PATH --xpath '//Server/Listener['$i']' ${filePath}/${fileName} 2>/dev/null) + local listenerClassName=$($LIBXML2_PATH --xpath '//Server/Listener['$i']/@className' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') + if [[ "${listenerClassName}" == *Apr* ]]; then + setExtraConnector "${EXTRA_LISTENER_CONFIG_YAMLPATH}" "${listenerConnector}" + fi + done +} +# add custom tomcat server Listeners +addTomcatServerListeners () { + local filePath="$1" + local fileName="$2" + local listenerCount="$3" + if [[ "${listenerCount}" == "0" ]]; then + logger "No listener connectors found in the [${filePath}/${fileName}],skipping migration of listener connectors" + else + setListenerConnector "${filePath}" "${fileName}" "${listenerCount}" + setSystemValue "${RT_TOMCAT_HTTPSCONNECTOR_ENABLED}" "true" "${SYSTEM_YAML_PATH}" + logger "Setting [${RT_TOMCAT_HTTPSCONNECTOR_ENABLED}] with value [true] in system.yaml" + fi +} + +# server.xml migration operations +xmlMigrateOperation () { + local filePath="$1" + local fileName="$2" + local connectorCount="$3" + local listenerCount="$4" + RT_DEFAULTPORT_STATUS=fail + AC_DEFAULTPORT_STATUS=fail + TLS_CONNECTOR_EXISTS=${FLAG_N} + + # Check for connector with TLS , if found ignore migrating it + checkForTlsConnector "${filePath}" "${fileName}" "${connectorCount}" + if [[ "${TLS_CONNECTOR_EXISTS}" == "${FLAG_Y}" ]]; then + return + fi + addTomcatServerListeners "${filePath}" "${fileName}" "${listenerCount}" + # Migrate RT default port from connectors + migrateConnectorPort "${filePath}" "${fileName}" "${connectorCount}" "${DEFAULT_RT_PORT}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" + # Migrate to extra if RT default ports are AJP + migrateDefaultPortIfAjp "${filePath}" "${fileName}" "${connectorCount}" "${DEFAULT_RT_PORT}" + # Migrate AC default port from connectors + migrateConnectorPort "${filePath}" "${fileName}" "${connectorCount}" "${DEFAULT_ACCESS_PORT}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${AC_SENDREASONPHRASE_YAMLPATH}" + # Migrate to extra if access default ports are AJP + migrateDefaultPortIfAjp "${filePath}" "${fileName}" "${connectorCount}" "${DEFAULT_ACCESS_PORT}" + + if [[ "${AC_DEFAULTPORT_STATUS}" == "success" && "${RT_DEFAULTPORT_STATUS}" == "success" ]]; then + # RT and AC default port found + logger "Artifactory 8081 and Access 8040 default port are found" + migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "yes" + elif [[ "${AC_DEFAULTPORT_STATUS}" == "success" && "${RT_DEFAULTPORT_STATUS}" == "fail" ]]; then + # Only AC default port found,find RT connector + logger "Found Access default 8040 port" + findRtConnector "${filePath}" "${fileName}" "${connectorCount}" + elif [[ "${AC_DEFAULTPORT_STATUS}" == "fail" && "${RT_DEFAULTPORT_STATUS}" == "success" ]]; then + # Only RT default port found,find AC connector + logger "Found Artifactory default 8081 port" + findAcConnector "${filePath}" "${fileName}" "${connectorCount}" + elif [[ "${AC_DEFAULTPORT_STATUS}" == "fail" && "${RT_DEFAULTPORT_STATUS}" == "fail" ]]; then + # RT and AC default port not found, find connector + logger "Artifactory 8081 and Access 8040 default port are not found" + findRtAndAcConnector "${filePath}" "${fileName}" "${connectorCount}" + fi +} + +# get count of connectors +getXmlConnectorCount () { + local filePath="$1" + local fileName="$2" + local count=$($LIBXML2_PATH --xpath 'count(/Server/Service/Connector)' ${filePath}/${fileName}) + echo -e "${count}" +} + +# get count of listener connectors +getTomcatServerListenersCount () { + local filePath="$1" + local fileName="$2" + local count=$($LIBXML2_PATH --xpath 'count(/Server/Listener)' ${filePath}/${fileName}) + echo -e "${count}" +} + +# Migrate server.xml configuration to system.yaml +migrateXmlFile () { + local xmlFiles= + local fileName= + local filePath= + local sourceFilePath= + DEFAULT_ACCESS_PORT="8040" + DEFAULT_RT_PORT="8081" + AC_PORT_YAMLPATH="migration.xmlFiles.serverXml.access.port" + AC_MAXTHREADS_YAMLPATH="migration.xmlFiles.serverXml.access.maxThreads" + AC_SENDREASONPHRASE_YAMLPATH="migration.xmlFiles.serverXml.access.sendReasonPhrase" + AC_EXTRACONFIG_YAMLPATH="migration.xmlFiles.serverXml.access.extraConfig" + RT_PORT_YAMLPATH="migration.xmlFiles.serverXml.artifactory.port" + RT_MAXTHREADS_YAMLPATH="migration.xmlFiles.serverXml.artifactory.maxThreads" + RT_SENDREASONPHRASE_YAMLPATH='migration.xmlFiles.serverXml.artifactory.sendReasonPhrase' + RT_RELAXEDPATHCHARS_YAMLPATH='migration.xmlFiles.serverXml.artifactory.relaxedPathChars' + RT_RELAXEDQUERYCHARS_YAMLPATH='migration.xmlFiles.serverXml.artifactory.relaxedQueryChars' + RT_EXTRACONFIG_YAMLPATH="migration.xmlFiles.serverXml.artifactory.extraConfig" + ROUTER_PORT_YAMLPATH="migration.xmlFiles.serverXml.router.port" + EXTRA_CONFIG_YAMLPATH="migration.xmlFiles.serverXml.extra.config" + EXTRA_LISTENER_CONFIG_YAMLPATH="migration.xmlFiles.serverXml.extra.listener" + RT_TOMCAT_HTTPSCONNECTOR_ENABLED="artifactory.tomcat.httpsConnector.enabled" + + retrieveYamlValue "migration.xmlFiles" "xmlFiles" "Skip" + xmlFiles="${YAML_VALUE}" + if [[ -z "${xmlFiles}" ]]; then + return + fi + bannerSection "PROCESSING MIGRATION OF XML FILES" + retrieveYamlValue "migration.xmlFiles.serverXml.fileName" "fileName" "Warning" + fileName="${YAML_VALUE}" + if [[ -z "${fileName}" ]]; then + return + fi + bannerSubSection "Processing Migration of $fileName" + retrieveYamlValue "migration.xmlFiles.serverXml.filePath" "filePath" "Warning" + filePath="${YAML_VALUE}" + if [[ -z "${filePath}" ]]; then + return + fi + # prepend NEW_DATA_DIR only if filePath is relative path + sourceFilePath=$(prependDir "${filePath}" "${NEW_DATA_DIR}/${filePath}") + if [[ "$(checkFileExists "${sourceFilePath}/${fileName}")" == "true" ]]; then + logger "File [${fileName}] is found in path [${sourceFilePath}]" + local connectorCount=$(getXmlConnectorCount "${sourceFilePath}" "${fileName}") + if [[ "${connectorCount}" == "0" ]]; then + logger "No connectors found in the [${filePath}/${fileName}],skipping migration of xml configuration" + return + fi + local listenerCount=$(getTomcatServerListenersCount "${sourceFilePath}" "${fileName}") + xmlMigrateOperation "${sourceFilePath}" "${fileName}" "${connectorCount}" "${listenerCount}" + else + logger "File [${fileName}] is not found in path [${sourceFilePath}] to migrate" + fi +} + +compareArtifactoryUser () { + local property="$1" + local oldPropertyValue="$2" + local newPropertyValue="$3" + local yamlPath="$4" + local sourceFile="$5" + + if [[ "${oldPropertyValue}" != "${newPropertyValue}" ]]; then + setSystemValue "${yamlPath}" "${oldPropertyValue}" "${SYSTEM_YAML_PATH}" + logger "Setting [${yamlPath}] with value of the property [${property}] in system.yaml" + else + logger "No change in property [${property}] value in [${sourceFile}] to migrate" + fi +} + +migrateReplicator () { + local property="$1" + local oldPropertyValue="$2" + local yamlPath="$3" + + setSystemValue "${yamlPath}" "${oldPropertyValue}" "${SYSTEM_YAML_PATH}" + logger "Setting [${yamlPath}] with value of the property [${property}] in system.yaml" +} + +compareJavaOptions () { + local property="$1" + local oldPropertyValue="$2" + local newPropertyValue="$3" + local yamlPath="$4" + local sourceFile="$5" + local oldJavaOption= + local newJavaOption= + local extraJavaOption= + local check=false + local success=true + local status=true + + oldJavaOption=$(echo "${oldPropertyValue}" | awk 'BEGIN{FS=OFS="\""}{for(i=2;i?{ZA$HxqETC|*rM91T19KmqNu$$X|1YRlo%n3 zS`n+nc3z*~_xy3L^Y8id#FfkCeV+S%@Acg4xkVZ1J*K8)r38UM)S4Qqh9D5w3xgb8WhxZ$y7!lHJ>wj;~wuKHH9WHeEq3jp9ZuE;pLqRwC$gNJ!(mo7B+{+cd}K+&8Pi!_0FjO5@8*ZzD}2r^##exEvognS+-{g{^6tp z?)N?|i<14ZoBG#7@~T5-j~XwSWPM+(3%fg{vsbgSZ!4kOZ9uu&gXi#;nuC`CiY{Sw zV%j!!B^&4HNe(ZP6RMff`7Jr6{@hs0t$fM^OOyG@-73;sCR;V8KQWOo;(z`#;7uN0{C(}fj z5@n%ouSwo25b(_DLVkPxNgzV7HK<<9ra*J8%b2H2?j*W-SA4d-@b|EozhM3J*N`8F zvthBl;e6p4nBymM**1$N){S1%@1+h=syyr@LJ8L_ENqes3Pk((nf;{e&%eUEIZczi zon7kPeF;>CV|2s$T|HjBz;1^>_h3;DI*uid;cNp#N0Qi^b?uMtu#!|D&bSesUd0A2 zN{2{Q2fM3X-Jkcy+AYdfVo{bzHGVT)(mSa7xXT|HQ4WERCViYA-sxNeUajfA`>7|b znNg7W@L^0+35VsKqyacqE^{9_rksZ`!VyLNsCa^+ODjnJ7-&Ji^fZRR+Qyp75u{V2 z&5j12eP5i#%3Sk1a0((z(9|N*cA(qfC$K;3oegg^ntf?qvvM0tmVH8i9>~89)S6+j zaY(#ErYd(rRU5NR4cjKsBlW88`b63V53^=Wbu5PTbOtX-m+D{S8-#D63i0bx=!T2lZ;~EkuE`n^ zhA28GWj_#TN!w zF@{uiw}r|Q<;}Rt1`b;zMDX*2gbnpbu7cqd8MnU|mbO!+GSq6U?*Q|TSi{*SBbku# zVC{ZAF=i4IBl#VF>MBP6YyRC?zu{#s$BMrG-Z=T$nXo?oQvX}Ibi{MnxZOcb zp)Tr}T}o+blPrnnl&xvJtt=gU@Y7UDvf5+78*Ovgo`Sr842uwqVQ7p}ih*_Y=TRlj zAZ2dDd_b@u#siV8w2{??>ZJti?drZ-s%*v4BO9z9q7#A(l?HZFFQ&_tphkV%ckz7ue_fp9I zvvBT2imY?!DVU3NzH50lH1E+?!h8}c79V>5s2mnAUsmeMh4DWqjTERRJ9f<~tZ3uw zcfB)>!K@PXy%LsM;&HCE8b=1>Ug8U=u}mi8|Mt6j_Ux<4?u_AXR;hAt@cVMPM1_F; z8Aj=X6hy~lcZhe8@>A)@l!(xX>gx0_`GV0aEkk;`AA1V3t^PP=6iEyAdn>@Tsr3pQ zv@h75U0Ux(Q0@pKF6&muEFCW4iff^>EiG^mbE>6sEwEoT#M48&1acXBXTLl^$osZ##d`E6CGQha8#$QZp`Oe0h9+a_0Lzxrc<3G4)xYNd;Y-GDfWl^8q5tBLe&sKReV;NS;-bvmh z?rRCPTH}a?R-tE3qsuA!*%5kDOKvDSXO{+6-}XuRxJ#FwbIVf7Lbodc>Hq@VD9G;& z()T{S)f-u|g_(Gvj%@ul;IyH{$x%NGAJkC)$uV@_^1v?BYem9kAYNB|p#8g0fS^I{ zp}O6jir+J9JH~{Kskf9X2UiG%t`O$t&q?;h#Dlhr8hDlOlz^rnonEVZyUu~9zoCVi zjRw%6N>&)@nK@Ug5AUE8Jdfn51}t}OUt~ksck3|Y4cPambR>#%_~0Z zm3J!hyiYUt2fxr$HX^Vd0--b!o&IBZJ4YJ_>UxiA{T7#B4X;y2QXxmK`5ZX2ktLu2 zLckVdrl~mtD~gazwWUGl7$O9S32UYG{SHJs=s@n0*va-+LT#NdCz@@@pUG1yww9!i zd6+PFKKIRTAs^r-@i`Ev!iDZJ*=ECXq-$$m#MoBd^Q1lMadKud`woe)rZmZ8KR!-! z-KO`G|KWA0haH-jd~yHP`!2%nzZ^2E!bp2sb)M2IO3cPgGjo;`^|xiKns2}>CKu1T zF`_!c?Jt`QCewU<$2#oHhv)RAS2>tHhz{RF@50#6zE7Obs~u;O#qjQ3Eo3-+6Eh6=};!U2!uJ`%#i#MyF$_-tb=7v-(;-CXij`(+0CdR{nKqTGQA;WE+hvbzYVmx3dTK4WIqgJHBF}~!dl@H}C zSYW{kC~=;4{MdI9B@F8CAnXnwVpncN){qeN1D@j+$Wo}|x;sR<%|8HHS3-Y9yVZ}C z#ATr_MIs!F6Eg$sQ`cjK`slZm)6mxsv^m>$=7;u&XEs}`#!f6HXX7n?yx;v%#ZbGX z;pK7|I3C&v4gCcPY<=p$)DwItnny)?bR)xLY-pRJmJo^Cv>S@*d`(b`#$2fObA< z)dzn2iLaR)(eaA@*~1cmgTfD|P!AK{zKrg=-Orkm~Ko9}b0&UvrB- z3@WK=O*@C8Ysgm~hYw)JYp2{SLkhneH(X=Tws-e?p8h3_=qzz2E#bgH8Ig$Yn;F0a zb$4)aCw+ofsrnh7GQ4T4zsn_2s}DBXv0Lxt6%)HG#x|&*x)MTz&U2(cj7#d%a~4n*N;-`IFKLEfjkgN!@r4LJD+mDz-4rekj( zlEhc&G<9j!71MCuH|1Au(3GfT@dU?JS`gYFmsZxdVRizFh_53s5@JJWRqsN8h_m`@ zeqlU)WSXpa+ZL}c7u;sC@>nLjxrX(WQ)9{ew>4{@Ak$-VbM2(I_At#7H1PPHl-w2E zv(e}9ZQ_}Yr(PU8>l39)R?`^MC`_kRMfmskTIpYuh%SYyTJ)YR5zHeG5xd{6%l<=Y{uz}Yo)P;Y#h8@53cIO<2FMBa2IN< zX#j&cqrW=qc)u-B{+lRSPVJI0T2&%@A2Mr45KZcXnQl+|l$}r`E;~_X*6&%Zv(dBq zXDegDSHPdHfIpb*_q_@M757;reU(q~|Ctg=+0JH95J?)@+1vZ_)%1d7wMf|_GSLm5 z3H4T2?0q)Do%9L-tQBhe>Y^^<7^a&w&+5bM^)-h@;BeBry2fGf=b!iY@#}m@248`I zV*71NtBtP&mZ<-M)h&Bhg7u0NmAD9?RT_q$h;F>)-Og`z>+XF@By%?Lfuxl~=I+yf zIzA5z+zem@r0KZEe}Hp@hY?LInSJm@@d?aIMt z9!iJr>7}B1_pSj}CO_ytyKm4nPpwm;(kwWKYs<6K^tkr(b!+u%`mc%eh429YWjc$; zY`a@!zCA&BOapKo$hZqTZM%L;r2U2go(6IG-N1A^zxp&8$13m-x_-nIzA%|Lw~KFk zwrC8US+sT_BN4iR{HXG6o@5zpI2CdNPL4!&w%3+p>6 z`n7qjg+9oJ6mt1?8HZHp`;F{>>!qbBdQ{)1f$a9#7pLX0kOs&Qp161M{ zzq66q{kQEDvQnNUvH0Mn4NI9xduYs$S`0-n3pod#Kr&xn_mup+*t%fx9!%3H16sRf zCJDSEwCBt;+iM-YV7*-(l>8Sc`ih)>R?ao^c$Tz%V{uAk=W2CKK;Nt?a1w6*iUv2Z zzY-m6pTdl=ZQ!keB_|t|p810hp;S$Ro+S~~K|^DLEr2?7b&0goO%l-q;f*)^4xQOo zzw2i7Rz_ng-vu1V&4rQ25DO(il7lQScF^bVy9djpIU+#`hihkH@mZ1Q8m+C``-TA14)|81jCN-VGdR^zKz57*U8`+E zQFBqe>_yIN>z!=LTA3kC5F+adzpgewPLes3=Todedy{p2&8D-kYsy=3D;(nMg-foI zXGzjfqLCdzkS-cfSC*+wLmjn0M^z9?qV$_6EB`-5767v&8&0Hrf1;D5jLHlyu+tFd zRn6%b^j-=mNS)-yi&pf(dX!f1TfTwz1cANG!HT=MXQQMIXbujrurA=R)8m@!A%O8z z-}Sx38{~Ny;cV2h2Vi-Kte`-O9esaay%UB60haehEQ>-+><=*RO1zJ2}gty zD=<_IK1p8Ii^h~{v;%q{e<8|LWak5sge2d4<`;5>wM^@ISq%MNke}#|+Lmd3;}zO$ z0BwL-P0{bTUW(@#UHW9LfhxnK?{tb^HkQYQrR27@&i*NQ{xiHfh@pfJV4rhX6GcQM zXhmzq(W;w}_40g=0Y9vT{epaMv$#meqIcq_G#k6gX!B%{x0glPGMA2FXAE#|Aprce z6GJvARBMYj_WI1VWWVIrq8@kS0vmvUduDOXsC%zZvpbmxrFMjSdxqD9w@Y8qLJ*`v zMjBaAJA#0r=oQ|*2bSc6RAztP`ndjUK!?0YO_uC6}4S;7R+NclF4 z634K%mw~jU$x>8cY}HRlaW)=7`Rx#WcbgtfHZ#QGwugHF?m2H(@$AcK_XIFklAHY@ zsw{v2IHrxA?sI_g6h6o7RaJ5(SvLUqK;Y!zYL`8+ACyfInFE@x_Bd%ZzuyLk<0qNM z%De_q$CHUu_K%z>Da{fC+}UYxOly0VbL$*JhwHn!4iU#IsK3gl3zF4XvhrvtViKYL zy0{K}+Fy3gkL>WR zDyTse349IB-md_lD>D+cOgE6vzB92ni~s{(9YAQlRgEateY|SVezW!Qf7oij=(suE z#}T8zpPIbK|7sQ23vmDPPp=@Ypf>xn6K9wbH%a=Tiy5O-PiS|BREaI;W^bg|O>;u;4eS>Tl$0*n7H@O_DX$5JdtNfF>OH-VNw@ z&Ut-9xDW{H{(uw_c+y8uN+nqEU{N>z3C~U7g#|pCHl%|zFWn+rF|L+Zw9nQ>Jx2Zx z7f~uLd~;kKbdy32cw_%g04hdo>aU){M9a;DUhyCqHZuI(!B8_{cth9~)Du) z9CsgPyTqio&khhxwtPL3!A=Fkhyc`F3w%ref^JVDWRF4wQ_72b-3@r^!YdRJgdp;p zRmhZ{|521l-x>7uRjp(0K&4D=JwQMSQy@N-uK z0{WZEJ05NxF4D<}W(5qWMO?tF3VHucfo`Ot_T8&>Ssgw!+iQjUCgskwfDgeh$?5}D z)J;jhXv}8~a^TE7fa?@8)_`}YH>DMupnmb(2Z@38?*odNNM`u0$R2r8s9bgkL`zwU{_kt#qO?iUeU1+jJChByj}fr2jZV~+y_*68;EYC)BIJ! zqxCBPZSV^4A`K#KIb*)Qamy*87_emTxe)p5%awK!nB(`K8RpAN2RPlCmbUd?b1>`Nf$eopTuQ7)S2g=7J)DUku;Y)r zP`x^}Wfr++@sg@l8BJEPXhe z2)4vAsy)(1U6cO^BZ`i^qUSw8PojN1y*s3}=_|3i|* z9!5<5&o7aK=8H-W@BWO%m%-a}Y_Dg(KIM!9qyj|XM9tqDYx$_R$|(zczF`4?XL%(_ zL-Hs~

sCPb@d4#iMxTw1P!CIbM}-ztF`V#Th=K!tjm{;>cl*pcKEIR!oQjpu;>s zhj)RNF2|Y3_cl#5rC*!*XCyC+VJDEDf>cKZzKZm-nk`%nP z$sb!*L1bht!RcS-6b<-YlAiqMn1w1y$`X`Qa%Lx!*%`0cp{s?2LjZT;mY8~oO1ugw zgI_HUUSfX%qz}X_0UDu;IsS%vrEJ=n;n`;%^C>L8fVbi$9K`0QRlLa- zx@v&%NKIl?Wql0@f70NY+VARF@Uv%@` zf05e>>_@f(MELC}-mIw_Z|<-0PIgh0Q@dY<59kVF)_e1cq^6gV?8GUiJF^7g7E`H)~GXO-rm8ok=wCA z-U(e}dL{LyZle^*2eDRktn&Xmc#jMa_;O)7riHKw(*`H|bN6^K3;cUCb7Wd@Wn4yR z#Y9CUnY=U^cC@>U56FW=v$E8ihSZ3-q#bnu9yfrvnf|@bNt0xW5+?POLUI$&PZ*5C zl>Qjr;74pzx6!s2~;RZ}Ej^}&Tm-a|2eH^(qS8L+L*Y|B(A>(z8C($g|lRD2(&bV0ezKnettBuV(U90JTnE(Fq6ZG^(Q3mnB z!#WB&uRG_fCs26fMp`Vzg5`4{;@ww2Wzg^vt|a!TTL8!`HIDZ+`MZMuHSt7e>KRs zx$zo?_>7XgnQtT<=IEPzpq?j{&0F{ah;?jxT#94#m+V*>kkV^TFQG<|&M5BF)ZLCZrheNuS}hZbgx5v! zPCQ)1-$QL%Y;jI2)mJqk;81j(az`z7q3t*QfnxNLc658FrmcQ)W1Xs>*6^0Fau8Mm zA@?ydh_u)Ke}!9l!OwQt6k-ucObo4AoC;9SjXl9DQr6anr-f@D1d?#X-ubUEomAF$ zl0Om+CxfH}s)4tyCrmS0uS(hIpw^;@b~agY&k{1s@$qO)#|OT<@1%eP*~yuqkuAIw zoZ>_@pDqJ5eJZ6Yt>XM7=QYtIA!J;|Pn+-hb^e$27+IR*FmJuZcMPzGqP5)@Uu&)A zMEyp_f|LI-9Nw>u2YZ84ES83kO9KNR+YyB5GOqdqTlg+zrRyiYdtmtXIzN*ourQQg zJAp~o_TmERQCaNIv+AH7Yqs9Ql+`ae=o16y=VHW6SA=;I7oWR_I*2m#51K!pOh*@j`8tT zBP4+%crJ`A^!76Zg6zk$%ufTnj#*yMZ*#SJ^k)wn-mc~eAluQq_3v)u5~}b{j4jhu zj|Wg}P1nx)%9BA+(v96zdl^YZg~I!$@zW$u5+y4w;-^6{b&j9s^W*>Ir+mwcfd*4S z0?@Wp=u$Ra_d{HARyEVC&`2CPJZ`pZZ5wzEh$~(%CXASIB5%%bu9IYr%f| zW+oIXn@MYBS(F$AT20;U1*FE*8kVLoqYZ6_9%{@#gL4tVCrfbDaal?e?RJ*`cjwO= z@Mf5((=gCMAh86~k&vdB`YHp-x$93V3yY0G-oKR)MZF_$(wqj)Gqwop_QpQEZ9&4i ziq&#JVJET3?X!6^eR&Yhdp`Z<;pw-$Jc4MVX4(GF&&~BW#ZPZ~!m@sTLG}FJKo?e@ zGCBDGwlQL#YcQV~c;btlluL&Gj1grQ^XOEoK27PZEA}V}h_1Ik48Z=7OYR_9b?L%H z%v4)1lUy~Mub0kITs(kTb3}7G^4NNa`sVm~9y<&<^mF-^n`JL21xKcZkjOT~6;8xU%8wdR8-ko=*;fr5YgD>q81YU?UF&4FgVI8l#l|`wB3E) zY_+$I+T{LdyS-yw`BX_}!pMf>)JB7uqeu>Dc6IGQmK{7x6vWAy&X*4 zNmr(;JzW-jyC?VSAhHejfW4yy9!Xw zVWiQ88TJdb3H@5}S>*E!YVcAwDLre^|R_=5_o%xG-I5 zJjUZm21o3T3QiwF80&(fmp1P7wnW;xfq8g}jDsV(5fqB(f;bPzX=y3rl*y=oGpMDjb@RD^4ytoVlrU@p@nE@4%@ zs~6L+X7`VI#AO*?M2W>ZnWb^x|H-z%25L<^;q4muN0x9Ssu~Sf$X~8p~ zZB}VA{!=D0T2S47fj*&M&!tNBt}-z9Gb?n=hZQY>c0}h<&iyF~Q`8-|r6qi9?CB8Q zJCi$UbxfaKXI=$8re96CgFYb6Gak@lvs++F5CTX_yTwt6Z%#%#B9-`tbtcCr zo4vzX7FgFd+650o5-!?u7*1*Y;IDq=Ax_ZyK(;01k*lEl-samx~JdR5?x2kd)D zz|jU1`P09&xP`Jeojs+Nyz(K?uCH}-oW>bpw6#9!6< z&HsKCV)^!iolU8gE)}&QpZ7XIpD6((HvoNX7ffNMe)hqb1n*7Q*Emnq5()7!Htn3h zUYaz_098-Nuc9-CaP6pX-Iq9Dtbm4+!l-cz^bktd{~4{c%$@ez9Ir@PD+Ev4ojx*)^P4*=5u0Bb z!o2*=H6OZMUC8|f7p3pgz`?%(SOY%*|ex#JHQd{MJxA67~-h<-;4Ml;G9+ZtB>XoanmQc$`V z;IS6C+Kz%f+5XdzJU7v3??+P~lE9h9aF&gz><%ld_wMQbG*|(wfc2y=u}%51UYq+s|?bjX3dEUD~^tgv}gjk~lS~EkbKn@Ia(Gt<7O)p{fn`?i;=!gG)t@RBS z!knz7$J*0&p7t_9PrZ)f^=s0`9qaVc#w0L8S?+MjmlGmzF=_Z9~C?ByYI8q~iORbkkWwiAf3H`Btx{hPq8qmXJewl)`B=5xfkvk&-5-zzDJUZoN| zetSJd=#Nmiutv;O#JQ+5*<+WG$>k(4f@n43(lxhqy8{iOORxrRSrdu2LbUhI@VVWI zh-YmSve$p~aHh27Qr27JMfI|%=(V?5*2aj2xXpozBk^{0=w!A_+HXIhsCI}fMD}%m z7`qOmakvuFHbHIy(&}5Bn}t@Z0U{PpgxpEc9+oe>y%&4H|KdJnk>B;hk(ZZhyeof= zF(ETTPkADMszkz7v)M6yk&LZva&TVDE!ITvWV*8P3DyQ70=_i9f6!{`=b|K-AT%CX zra}J#7*)L`vp{F_e1{SHqOM)#1&sp99L+`2O_4kGeQ)2-cs(p&xjG98aTlE41SnlT zs3B(NkS1{7)9!(%OciC5K)K23ICVz0#qnRZV5Ukz?xd?B!K4kq=eb95kaS$H9S=7` zny+~;7J9-YhwEufU)frh%xs$+{Bw^5Mr@;0xC*#+D?-%7t0xY{m&9N!=yenrMw&hy zsAvq6+_^RUspOP_!cQiZ|H$DJ>0V z8=dd(f4I}6Cj=5 zP1I*_?dAvN%Q?&zp>HOQqkiN7_a5A$FLnusjSlm-gHoq2P!CZQ@Ix)2e_) zyDet7p7W@@E0(koM37UEMgIokE$Dy4$yvbhxX+ui?D)m0CDPoBxObP7&tP`c=dKt> zDrsFe=jJ{$88F6OQeN1?bOw*i2$%QF*1|~BG6g-hqkXD+mkYQCpXQC$f+ow*2@S;- z{Wcd~rj=gujEO)og1nI!MDUinF!J~QjV0zP3Ut+y3v{QT3nCllIo8_ScV<&N*E=~` zCzow9ZrsBV_>Ygf6)+#wR}c37^z?JqS~{*K%~{FJvIToc&UWoWug%g2%T!^Cq43P! zu#sS0qM2fnYK40H&}$kwyZ5z(6=DrC-UObwBwdPY9Lsf0E|x(iu^lbW>q+sZu1j3W zpT^LH$Er2J^^WRiGjyv|&dBslA({IxGyaS^t5c0`jM{yGj6^^=DnRUg;&WN=(@bCX zinDn;vIk!yBz%>WkV|)MUHmPlY_9tMe^gZq63lT#??66>1R?O39?r;jI)UrTrXCLt zZ>jD9mlQQ!B&dh{|Du0XusjSa(}Vz*r0UO<>4L6vORTTQOF5CByt&KG%`Nc_@C3l; zF5o!dy?ghA7#O0tapOiB3~= 10.1.0" + ## Description / note + description: This CVE needs to be fixed in the alpine base image of nginx container. diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/NOTES.txt b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/NOTES.txt new file mode 100644 index 000000000..5afe10d1d --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/NOTES.txt @@ -0,0 +1,85 @@ +Congratulations. You have just deployed JFrog Artifactory! +{{- if .Values.artifactory.masterKey }} +{{- if and (not .Values.artifactory.masterKeySecretName) (eq .Values.artifactory.masterKey "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF") }} + + +***************************************** WARNING ****************************************** +* Your Artifactory master key is still set to the provided example: * +* artifactory.masterKey=FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF * +* * +* You should change this to your own generated key: * +* $ export MASTER_KEY=$(openssl rand -hex 32) * +* $ echo ${MASTER_KEY} * +* * +* Pass the created master key to helm with '--set artifactory.masterKey=${MASTER_KEY}' * +* * +* Alternatively, you can use a pre-existing secret with a key called master-key with * +* '--set artifactory.masterKeySecretName=${SECRET_NAME}' * +******************************************************************************************** +{{- end }} +{{- end }} + +{{- if .Values.artifactory.joinKey }} +{{- if eq .Values.artifactory.joinKey "EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE" }} + + +***************************************** WARNING ****************************************** +* Your Artifactory join key is still set to the provided example: * +* artifactory.joinKey=EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE * +* * +* You should change this to your own generated key: * +* $ export JOIN_KEY=$(openssl rand -hex 32) * +* $ echo ${JOIN_KEY} * +* * +* Pass the created master key to helm with '--set artifactory.joinKey=${JOIN_KEY}' * +* * +******************************************************************************************** +{{- end }} +{{- end }} + +1. Get the Artifactory URL by running these commands: + + {{- if .Values.ingress.enabled }} + {{- range .Values.ingress.hosts }} + http://{{ . }} + {{- end }} + + {{- else if contains "NodePort" .Values.nginx.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "artifactory.nginx.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT/ + + {{- else if contains "LoadBalancer" .Values.nginx.service.type }} + + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of the service by running 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "artifactory.nginx.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "artifactory.nginx.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo http://$SERVICE_IP/ + + {{- else if contains "ClusterIP" .Values.nginx.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "component={{ .Values.nginx.name }}" -o jsonpath="{.items[0].metadata.name}") + echo http://127.0.0.1:{{ .Values.nginx.externalPortHttp }} + kubectl port-forward --namespace {{ .Release.Namespace }} $POD_NAME {{ .Values.nginx.externalPortHttp }}:{{ .Values.nginx.internalPortHttp }} + + {{- end }} + +2. Open Artifactory in your browser + Default credential for Artifactory: + user: admin + password: password + +{{ if .Values.artifactory.javaOpts.jmx.enabled }} +JMX configuration: +{{- if not (contains "LoadBalancer" .Values.artifactory.service.type) }} +If you want to access JMX from you computer with jconsole, you should set ".Values.artifactory.service.type=LoadBalancer" !!! +{{ end }} + +1. Get the Artifactory service IP: +export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "artifactory.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + +2. Map the service name to the service IP in /etc/hosts: +sudo sh -c "echo \"${SERVICE_IP} {{ template "artifactory.fullname" . }}\" >> /etc/hosts" + +3. Launch jconsole: +jconsole {{ template "artifactory.fullname" . }}:{{ .Values.artifactory.javaOpts.jmx.port }} +{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/_helpers.tpl b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/_helpers.tpl new file mode 100644 index 000000000..14b571f91 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/_helpers.tpl @@ -0,0 +1,237 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "artifactory.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Expand the name nginx service. +*/}} +{{- define "artifactory.nginx.name" -}} +{{- default .Chart.Name .Values.nginx.name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "artifactory.fullname" -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified replicator app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "artifactory.replicator.fullname" -}} +{{- if .Values.artifactory.replicator.ingress.name -}} +{{- .Values.artifactory.replicator.ingress.name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-replication" .Chart.Name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} + +{{/* +Create a default fully qualified nginx name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "artifactory.nginx.fullname" -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- printf "%s-%s-%s" .Release.Name $name .Values.nginx.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "artifactory.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} +{{ default (include "artifactory.fullname" .) .Values.serviceAccount.name }} +{{- else -}} +{{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "artifactory.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Generate SSL certificates +*/}} +{{- define "artifactory.gen-certs" -}} +{{- $altNames := list ( printf "%s.%s" (include "artifactory.name" .) .Release.Namespace ) ( printf "%s.%s.svc" (include "artifactory.name" .) .Release.Namespace ) -}} +{{- $ca := genCA "artifactory-ca" 365 -}} +{{- $cert := genSignedCert ( include "artifactory.name" . ) nil $altNames 365 $ca -}} +tls.crt: {{ $cert.Cert | b64enc }} +tls.key: {{ $cert.Key | b64enc }} +{{- end -}} + +{{/* +Scheme (http/https) based on Access TLS enabled/disabled +*/}} +{{- define "artifactory.scheme" -}} +{{- if .Values.access.accessConfig.security.tls -}} +{{- printf "%s" "https" -}} +{{- else -}} +{{- printf "%s" "http" -}} +{{- end -}} +{{- end -}} + +{{/* +Resolve joinKey value +*/}} +{{- define "artifactory.joinKey" -}} +{{- if .Values.global.joinKey -}} +{{- .Values.global.joinKey -}} +{{- else if .Values.artifactory.joinKey -}} +{{- .Values.artifactory.joinKey -}} +{{- end -}} +{{- end -}} + +{{/* +Resolve masterKey value +*/}} +{{- define "artifactory.masterKey" -}} +{{- if .Values.global.masterKey -}} +{{- .Values.global.masterKey -}} +{{- else if .Values.artifactory.masterKey -}} +{{- .Values.artifactory.masterKey -}} +{{- end -}} +{{- end -}} + +{{/* +Resolve joinKeySecretName value +*/}} +{{- define "artifactory.joinKeySecretName" -}} +{{- if .Values.global.joinKeySecretName -}} +{{- .Values.global.joinKeySecretName -}} +{{- else if .Values.artifactory.joinKeySecretName -}} +{{- .Values.artifactory.joinKeySecretName -}} +{{- else -}} +{{ include "artifactory.fullname" . }} +{{- end -}} +{{- end -}} + +{{/* +Resolve masterKeySecretName value +*/}} +{{- define "artifactory.masterKeySecretName" -}} +{{- if .Values.global.masterKeySecretName -}} +{{- .Values.global.masterKeySecretName -}} +{{- else if .Values.artifactory.masterKeySecretName -}} +{{- .Values.artifactory.masterKeySecretName -}} +{{- else -}} +{{ include "artifactory.fullname" . }} +{{- end -}} +{{- end -}} + +{{/* +Resolve imagePullSecrets value +*/}} +{{- define "artifactory.imagePullSecrets" -}} +{{- if .Values.global.imagePullSecrets }} +imagePullSecrets: +{{- range .Values.global.imagePullSecrets }} + - name: {{ . }} +{{- end }} +{{- else if .Values.imagePullSecrets }} +imagePullSecrets: +{{- range .Values.imagePullSecrets }} + - name: {{ . }} +{{- end }} +{{- end -}} +{{- end -}} + +{{/* +Resolve customInitContainersBegin value +*/}} +{{- define "artifactory.customInitContainersBegin" -}} +{{- if .Values.global.customInitContainersBegin -}} +{{- .Values.global.customInitContainersBegin -}} +{{- else if .Values.artifactory.customInitContainersBegin -}} +{{- .Values.artifactory.customInitContainersBegin -}} +{{- end -}} +{{- end -}} + +{{/* +Resolve customInitContainers value +*/}} +{{- define "artifactory.customInitContainers" -}} +{{- if .Values.global.customInitContainers -}} +{{- .Values.global.customInitContainers -}} +{{- else if .Values.artifactory.customInitContainers -}} +{{- .Values.artifactory.customInitContainers -}} +{{- end -}} +{{- end -}} + +{{/* +Resolve customVolumes value +*/}} +{{- define "artifactory.customVolumes" -}} +{{- if .Values.global.customVolumes -}} +{{- .Values.global.customVolumes -}} +{{- else if .Values.artifactory.customVolumes -}} +{{- .Values.artifactory.customVolumes -}} +{{- end -}} +{{- end -}} + +{{/* +Resolve customVolumeMounts value +*/}} +{{- define "artifactory.customVolumeMounts" -}} +{{- if .Values.global.customVolumeMounts -}} +{{- .Values.global.customVolumeMounts -}} +{{- else if .Values.artifactory.customVolumeMounts -}} +{{- .Values.artifactory.customVolumeMounts -}} +{{- end -}} +{{- end -}} + +{{/* +Resolve customSidecarContainers value +*/}} +{{- define "artifactory.customSidecarContainers" -}} +{{- if .Values.global.customSidecarContainers -}} +{{- .Values.global.customSidecarContainers -}} +{{- else if .Values.artifactory.customSidecarContainers -}} +{{- .Values.artifactory.customSidecarContainers -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper artifactory chart image names +*/}} +{{- define "artifactory.getImageInfoByValue" -}} +{{- $dot := index . 0 }} +{{- $indexReference := index . 1 }} +{{- $registryName := index $dot.Values $indexReference "image" "registry" -}} +{{- $repositoryName := index $dot.Values $indexReference "image" "repository" -}} +{{- $tag := default $dot.Chart.AppVersion (index $dot.Values $indexReference "image" "tag") | toString -}} +{{- if $dot.Values.global }} + {{- if and $dot.Values.global.versions.artifactory (or (eq $indexReference "artifactory") (eq $indexReference "nginx") ) }} + {{- $tag = $dot.Values.global.versions.artifactory | toString -}} + {{- end -}} + {{- if $dot.Values.global.imageRegistry }} + {{- printf "%s/%s:%s" $dot.Values.global.imageRegistry $repositoryName $tag -}} + {{- else -}} + {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} + {{- end -}} +{{- else -}} + {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper artifactory app version +*/}} +{{- define "artifactory.app.version" -}} +{{- $image := split ":" ((include "artifactory.getImageInfoByValue" (list . "artifactory")) | toString) -}} +{{- $tag := $image._1 -}} +{{- printf "%s" $tag -}} +{{- end -}} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/additional-resources.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/additional-resources.yaml new file mode 100644 index 000000000..c4d06f08a --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/additional-resources.yaml @@ -0,0 +1,3 @@ +{{ if .Values.additionalResources }} +{{ tpl .Values.additionalResources . }} +{{- end -}} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/admin-bootstrap-creds.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/admin-bootstrap-creds.yaml new file mode 100644 index 000000000..c8bf2eb16 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/admin-bootstrap-creds.yaml @@ -0,0 +1,15 @@ +{{- if not (and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey) }} +{{- if .Values.artifactory.admin.password }} +kind: Secret +apiVersion: v1 +metadata: + name: {{ template "artifactory.fullname" . }}-bootstrap-creds + labels: + app: {{ template "artifactory.name" . }} + chart: {{ template "artifactory.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +data: + bootstrap.creds: {{ (printf "%s@%s=%s" .Values.artifactory.admin.username .Values.artifactory.admin.ip .Values.artifactory.admin.password) | b64enc }} +{{- end }} +{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-access-config.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-access-config.yaml new file mode 100644 index 000000000..304304e4e --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-access-config.yaml @@ -0,0 +1,15 @@ +{{- if .Values.access.accessConfig }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "artifactory.fullname" . }}-access-config + labels: + app: {{ template "artifactory.name" . }} + chart: {{ template "artifactory.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +type: Opaque +stringData: + access.config.patch.yml: | +{{ tpl (toYaml .Values.access.accessConfig) . | indent 4 }} +{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-binarystore-secret.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-binarystore-secret.yaml new file mode 100644 index 000000000..bbfbdf3be --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-binarystore-secret.yaml @@ -0,0 +1,14 @@ +{{- if not .Values.artifactory.persistence.customBinarystoreXmlSecret }} +kind: Secret +apiVersion: v1 +metadata: + name: {{ template "artifactory.fullname" . }}-binarystore + labels: + app: {{ template "artifactory.name" . }} + chart: {{ template "artifactory.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +stringData: + binarystore.xml: |- +{{ tpl .Values.artifactory.persistence.binarystoreXml . | indent 4 }} +{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-configmaps.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-configmaps.yaml new file mode 100644 index 000000000..359fa07d2 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-configmaps.yaml @@ -0,0 +1,13 @@ +{{ if .Values.artifactory.configMaps }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "artifactory.fullname" . }}-configmaps + labels: + app: {{ template "artifactory.fullname" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +data: +{{ tpl .Values.artifactory.configMaps . | indent 2 }} +{{ end -}} \ No newline at end of file diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-custom-secrets.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-custom-secrets.yaml new file mode 100644 index 000000000..a2e3895f5 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-custom-secrets.yaml @@ -0,0 +1,19 @@ +{{- if .Values.artifactory.customSecrets }} +{{- range .Values.artifactory.customSecrets }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "artifactory.fullname" $ }}-{{ .name }} + labels: + app: "{{ template "artifactory.name" $ }}" + chart: "{{ template "artifactory.chart" $ }}" + component: "{{ $.Values.artifactory.name }}" + heritage: {{ $.Release.Service | quote }} + release: {{ $.Release.Name | quote }} +type: Opaque +stringData: + {{ .key }}: | +{{ .data | indent 4 -}} +{{- end -}} +{{- end -}} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-database-secrets.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-database-secrets.yaml new file mode 100644 index 000000000..9edf87dc1 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-database-secrets.yaml @@ -0,0 +1,22 @@ +{{- if and (not .Values.database.secrets) (not .Values.postgresql.enabled) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "artifactory.fullname" . }}-database-creds + labels: + app: {{ template "artifactory.name" . }} + chart: {{ template "artifactory.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +type: Opaque +data: + {{- with .Values.database.url }} + db-url: {{ tpl . $ | b64enc | quote }} + {{- end }} + {{- with .Values.database.user }} + db-user: {{ tpl . $ | b64enc | quote }} + {{- end }} + {{- with .Values.database.password }} + db-password: {{ tpl . $ | b64enc | quote }} + {{- end }} +{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-installer-info.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-installer-info.yaml new file mode 100644 index 000000000..f2e2c0f5b --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-installer-info.yaml @@ -0,0 +1,12 @@ +kind: ConfigMap +apiVersion: v1 +metadata: + name: {{ template "artifactory.fullname" . }}-installer-info + labels: + app: {{ template "artifactory.name" . }} + chart: {{ template "artifactory.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +data: + installer-info.json: | + {{ tpl .Values.installerInfo . }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-license-secret.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-license-secret.yaml new file mode 100644 index 000000000..d37ed1e4b --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-license-secret.yaml @@ -0,0 +1,14 @@ +{{- with .Values.artifactory.license.licenseKey }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "artifactory.fullname" $ }}-license + labels: + app: {{ template "artifactory.name" $ }} + chart: {{ template "artifactory.chart" $ }} + heritage: {{ $.Release.Service }} + release: {{ $.Release.Name }} +type: Opaque +data: + artifactory.lic: {{ . | b64enc | quote }} +{{- end }} \ No newline at end of file diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-migration-scripts.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-migration-scripts.yaml new file mode 100644 index 000000000..4b1ba4027 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-migration-scripts.yaml @@ -0,0 +1,18 @@ +{{- if .Values.artifactory.migration.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "artifactory.fullname" . }}-migration-scripts + labels: + app: {{ template "artifactory.name" . }} + chart: {{ template "artifactory.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +data: + migrate.sh: | +{{ .Files.Get "files/migrate.sh" | indent 4 }} + migrationHelmInfo.yaml: | +{{ .Files.Get "files/migrationHelmInfo.yaml" | indent 4 }} + migrationStatus.sh: | +{{ .Files.Get "files/migrationStatus.sh" | indent 4 }} +{{- end }} \ No newline at end of file diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-networkpolicy.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-networkpolicy.yaml new file mode 100644 index 000000000..da6fd178a --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-networkpolicy.yaml @@ -0,0 +1,34 @@ +{{- range .Values.networkpolicy }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ template "artifactory.fullname" $ }}-{{ .name }}-networkpolicy + labels: + app: {{ template "artifactory.name" $ }} + chart: {{ template "artifactory.chart" $ }} + release: {{ $.Release.Name }} + heritage: {{ $.Release.Service }} +spec: +{{- if .podSelector }} + podSelector: +{{ .podSelector | toYaml | trimSuffix "\n" | indent 4 -}} +{{ else }} + podSelector: {} +{{- end }} + policyTypes: + {{- if .ingress }} + - Ingress + {{- end }} + {{- if .egress }} + - Egress + {{- end }} +{{- if .ingress }} + ingress: +{{ .ingress | toYaml | trimSuffix "\n" | indent 2 -}} +{{- end }} +{{- if .egress }} + egress: +{{ .egress | toYaml | trimSuffix "\n" | indent 2 -}} +{{- end }} +--- +{{- end -}} \ No newline at end of file diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-priority-class.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-priority-class.yaml new file mode 100644 index 000000000..9eb94b35b --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-priority-class.yaml @@ -0,0 +1,9 @@ +{{- if .Values.artifactory.priorityClass.create }} +apiVersion: scheduling.k8s.io/v1 +kind: PriorityClass +metadata: + name: {{ default (include "artifactory.fullname" .) .Values.artifactory.priorityClass.name }} +value: {{ .Values.artifactory.priorityClass.value }} +globalDefault: false +description: "Artifactory priority class" +{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-role.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-role.yaml new file mode 100644 index 000000000..db01f235f --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-role.yaml @@ -0,0 +1,14 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: {{ template "artifactory.name" . }} + chart: {{ template "artifactory.chart" . }} + component: {{ .Values.artifactory.name }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + name: {{ template "artifactory.fullname" . }} +rules: +{{ toYaml .Values.rbac.role.rules }} +{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-rolebinding.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-rolebinding.yaml new file mode 100644 index 000000000..dfb42258f --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-rolebinding.yaml @@ -0,0 +1,19 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: {{ template "artifactory.name" . }} + chart: {{ template "artifactory.chart" . }} + component: {{ .Values.artifactory.name }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + name: {{ template "artifactory.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ template "artifactory.serviceAccountName" . }} +roleRef: + kind: Role + apiGroup: rbac.authorization.k8s.io + name: {{ template "artifactory.fullname" . }} +{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-secrets.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-secrets.yaml new file mode 100644 index 000000000..3ac8e3a74 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-secrets.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "artifactory.fullname" . }} + labels: + app: {{ template "artifactory.name" . }} + chart: {{ template "artifactory.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +type: Opaque +data: + {{- if or .Values.artifactory.masterKey .Values.global.masterKey }} + {{- if not (or .Values.artifactory.masterKeySecretName .Values.global.masterKeySecretName) }} + master-key: {{ include "artifactory.masterKey" . | b64enc | quote }} + {{- end }} + {{- end }} + {{- if or .Values.artifactory.joinKey .Values.global.joinKey }} + {{- if not (or .Values.artifactory.joinKeySecretName .Values.global.joinKeySecretName) }} + join-key: {{ include "artifactory.joinKey" . | b64enc | quote }} + {{- end }} + {{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-service.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-service.yaml new file mode 100644 index 000000000..27f552979 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-service.yaml @@ -0,0 +1,50 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "artifactory.fullname" . }} + labels: + app: {{ template "artifactory.name" . }} + chart: {{ template "artifactory.chart" . }} + component: {{ .Values.artifactory.name }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + {{- with .Values.artifactory.labels }} +{{ toYaml . | indent 4 }} + {{- end }} +{{- if .Values.artifactory.service.annotations }} + annotations: +{{ toYaml .Values.artifactory.service.annotations | indent 4 }} +{{- end }} +spec: + type: {{ .Values.artifactory.service.type }} +{{- if .Values.artifactory.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: +{{ toYaml .Values.artifactory.service.loadBalancerSourceRanges | indent 4 }} +{{- end }} + ports: + - port: {{ .Values.artifactory.externalPort }} + targetPort: {{ .Values.artifactory.internalPort }} + protocol: TCP + name: http-router + - port: {{ .Values.artifactory.externalArtifactoryPort }} + targetPort: {{ .Values.artifactory.internalArtifactoryPort }} + protocol: TCP + name: http-artifactory + {{- if .Values.artifactory.ssh.enabled }} + - port: {{ .Values.artifactory.ssh.externalPort }} + targetPort: {{ .Values.artifactory.ssh.internalPort }} + protocol: TCP + name: tcp-ssh + {{- end }} + {{- with .Values.artifactory.javaOpts.jmx }} + {{- if .enabled }} + - port: {{ .port }} + targetPort: {{ .port }} + protocol: TCP + name: tcp-jmx + {{- end }} + {{- end }} + selector: + app: {{ template "artifactory.name" . }} + component: "{{ .Values.artifactory.name }}" + release: {{ .Release.Name }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-serviceaccount.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-serviceaccount.yaml new file mode 100644 index 000000000..4e9c5fbb5 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-serviceaccount.yaml @@ -0,0 +1,16 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: +{{- with .Values.serviceAccount.annotations }} + annotations: +{{ tpl (toYaml .) $ | indent 4 }} +{{- end }} + labels: + app: {{ template "artifactory.name" . }} + chart: {{ template "artifactory.chart" . }} + component: {{ .Values.artifactory.name }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + name: {{ template "artifactory.serviceAccountName" . }} +{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-statefulset.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-statefulset.yaml new file mode 100644 index 000000000..524fcbcbf --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-statefulset.yaml @@ -0,0 +1,734 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ template "artifactory.fullname" . }} + labels: + app: {{ template "artifactory.name" . }} + chart: {{ template "artifactory.chart" . }} + component: {{ .Values.artifactory.name }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +{{- with .Values.artifactory.labels }} +{{ toYaml . | indent 4 }} +{{- end }} +{{- if and .Release.IsUpgrade .Values.postgresql.enabled }} + databaseUpgradeReady: {{ required "\n\n*********\nIMPORTANT: UPGRADE STOPPED to prevent data loss!\nReview CHANGELOG.md (https://github.com/jfrog/charts/blob/master/stable/artifactory/CHANGELOG.md) \nNote: This applies only when you are using bundled postgresql (postgresql.enabled=true) \nIf you are upgrading from a chart version (< 11.x) that has postgresql.image.tag of 9.x or 10.x, make sure to pass the current postgresql.image.tag and set databaseUpgradeReady=true \nOR \nIf you are upgrading from a chart version (>= 11.x), just set databaseUpgradeReady=true \n" .Values.databaseUpgradeReady | quote }} +{{- end }} +spec: + serviceName: {{ template "artifactory.name" . }} + replicas: 1 + updateStrategy: + type: RollingUpdate + selector: + matchLabels: + app: {{ template "artifactory.name" . }} + role: {{ template "artifactory.name" . }} + release: {{ .Release.Name }} + template: + metadata: + labels: + app: {{ template "artifactory.name" . }} + chart: {{ template "artifactory.chart" . }} + heritage: {{ .Release.Service }} + role: {{ template "artifactory.name" . }} + component: {{ .Values.artifactory.name }} + release: {{ .Release.Name }} + {{- with .Values.artifactory.labels }} +{{ toYaml . | indent 8 }} + {{- end }} + annotations: + checksum/database-secrets: {{ include (print $.Template.BasePath "/artifactory-database-secrets.yaml") . | sha256sum }} + checksum/binarystore: {{ include (print $.Template.BasePath "/artifactory-binarystore-secret.yaml") . | sha256sum }} + checksum/systemyaml: {{ include (print $.Template.BasePath "/artifactory-system-yaml.yaml") . | sha256sum }} + {{- if .Values.access.accessConfig }} + checksum/access-config: {{ include (print $.Template.BasePath "/artifactory-access-config.yaml") . | sha256sum }} + {{- end }} + {{- if not (and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey) }} + checksum/admin-creds: {{ include (print $.Template.BasePath "/admin-bootstrap-creds.yaml") . | sha256sum }} + {{- end }} + {{- range $key, $value := .Values.artifactory.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + spec: + {{- if .Values.artifactory.priorityClass.existingPriorityClass }} + priorityClassName: {{ .Values.artifactory.priorityClass.existingPriorityClass }} + {{- else -}} + {{- if .Values.artifactory.priorityClass.create }} + priorityClassName: {{ default (include "artifactory.fullname" .) .Values.artifactory.priorityClass.name }} + {{- end }} + {{- end }} + serviceAccountName: {{ template "artifactory.serviceAccountName" . }} + terminationGracePeriodSeconds: {{ .Values.artifactory.terminationGracePeriodSeconds }} + {{- if or .Values.imagePullSecrets .Values.global.imagePullSecrets }} +{{- include "artifactory.imagePullSecrets" . | indent 6 }} + {{- end }} + {{- if .Values.artifactory.setSecurityContext }} + securityContext: + runAsUser: {{ .Values.artifactory.uid }} + fsGroup: {{ .Values.artifactory.gid }} + {{- end }} + initContainers: + {{- if or .Values.artifactory.customInitContainersBegin .Values.global.customInitContainersBegin }} +{{ tpl (include "artifactory.customInitContainersBegin" .) . | indent 6 }} + {{- end }} + {{- if .Values.artifactory.persistence.enabled }} + {{- if .Values.artifactory.deleteDBPropertiesOnStartup }} + - name: "delete-db-properties" + image: "{{ .Values.initContainerImage }}" + imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} + resources: +{{ toYaml .Values.initContainers.resources | indent 10 }} + command: + - 'sh' + - '-c' + - 'rm -fv {{ .Values.artifactory.persistence.mountPath }}/etc/db.properties' + volumeMounts: + - name: artifactory-volume + mountPath: "{{ .Values.artifactory.persistence.mountPath }}" + {{- end }} + - name: "remove-lost-found" + image: "{{ .Values.initContainerImage }}" + imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} + resources: +{{ toYaml .Values.initContainers.resources | indent 10 }} + command: + - 'sh' + - '-c' + - 'rm -rfv {{ .Values.artifactory.persistence.mountPath }}/lost+found {{ .Values.artifactory.persistence.mountPath }}/data/.lock' + volumeMounts: + - name: artifactory-volume + mountPath: "{{ .Values.artifactory.persistence.mountPath }}" + {{- end }} + {{- if or (and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey) .Values.artifactory.admin.password }} + - name: "access-bootstrap-creds" + image: "{{ .Values.initContainerImage }}" + imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} + resources: +{{ toYaml .Values.initContainers.resources | indent 10 }} + command: + - 'sh' + - '-c' + - > + echo "Preparing {{ .Values.artifactory.persistence.mountPath }}/etc/access/bootstrap.creds"; + mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/access; + cp -Lrf /tmp/access/bootstrap.creds {{ .Values.artifactory.persistence.mountPath }}/etc/access/bootstrap.creds; + chmod 600 {{ .Values.artifactory.persistence.mountPath }}/etc/access/bootstrap.creds; + volumeMounts: + - name: artifactory-volume + mountPath: "{{ .Values.artifactory.persistence.mountPath }}" + - name: access-bootstrap-creds + mountPath: "/tmp/access/bootstrap.creds" + {{- if and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey }} + subPath: {{ .Values.artifactory.admin.dataKey }} + {{- else }} + subPath: bootstrap.creds + {{- end }} + {{- end }} + - name: 'copy-system-yaml' + image: '{{ .Values.initContainerImage }}' + resources: +{{ toYaml .Values.initContainers.resources | indent 10 }} + command: + - '/bin/sh' + - '-c' + - > + echo "Copy system.yaml to {{ .Values.artifactory.persistence.mountPath }}/etc"; + mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc; + mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/access/keys/trusted; + {{- if .Values.systemYamlOverride.existingSecret }} + cp -fv /tmp/etc/{{ .Values.systemYamlOverride.dataKey }} {{ .Values.artifactory.persistence.mountPath }}/etc/system.yaml; + {{- else }} + cp -fv /tmp/etc/system.yaml {{ .Values.artifactory.persistence.mountPath }}/etc/system.yaml; + {{- end }} + echo "Remove {{ .Values.artifactory.persistence.mountPath }}/lost+found folder if exists"; + rm -rfv {{ .Values.artifactory.persistence.mountPath }}/lost+found; + {{- if .Values.access.accessConfig }} + echo "Copy access.config.patch.yml to {{ .Values.artifactory.persistence.mountPath }}/etc/access"; + mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/access; + cp -fv /tmp/etc/access.config.patch.yml {{ .Values.artifactory.persistence.mountPath }}/etc/access/access.config.patch.yml; + {{- end }} + {{- if .Values.access.resetAccessCAKeys }} + echo "Resetting Access CA Keys"; + mkdir -p {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys; + touch {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys/reset_ca_keys; + {{- end }} + {{- if .Values.access.customCertificatesSecretName }} + echo "Copying custom certificates to {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys"; + mkdir -p {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys; + cp -fv /tmp/etc/tls.crt {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys/ca.crt; + cp -fv /tmp/etc/tls.key {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys/ca.private.key; + {{- end }} + {{- if or .Values.artifactory.joinKey .Values.global.joinKey .Values.artifactory.joinKeySecretName .Values.global.joinKeySecretName }} + echo "Copy joinKey to {{ .Values.artifactory.persistence.mountPath }}/bootstrap/access/etc/security"; + mkdir -p {{ .Values.artifactory.persistence.mountPath }}/bootstrap/access/etc/security; + echo -n ${ARTIFACTORY_JOIN_KEY} > {{ .Values.artifactory.persistence.mountPath }}/bootstrap/access/etc/security/join.key; + {{- end }} + {{- if or .Values.artifactory.masterKey .Values.global.masterKey .Values.artifactory.masterKeySecretName .Values.global.masterKeySecretName }} + echo "Copy masterKey to {{ .Values.artifactory.persistence.mountPath }}/etc/security"; + mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/security; + echo -n ${ARTIFACTORY_MASTER_KEY} > {{ .Values.artifactory.persistence.mountPath }}/etc/security/master.key; + {{- end }} + env: + {{- if or .Values.artifactory.joinKey .Values.global.joinKey .Values.artifactory.joinKeySecretName .Values.global.joinKeySecretName }} + - name: ARTIFACTORY_JOIN_KEY + valueFrom: + secretKeyRef: + name: {{ include "artifactory.joinKeySecretName" . }} + key: join-key + {{- end }} + {{- if or .Values.artifactory.masterKey .Values.global.masterKey .Values.artifactory.masterKeySecretName .Values.global.masterKeySecretName }} + - name: ARTIFACTORY_MASTER_KEY + valueFrom: + secretKeyRef: + name: {{ include "artifactory.masterKeySecretName" . }} + key: master-key + {{- end }} + volumeMounts: + - name: artifactory-volume + mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} + {{- if or .Values.systemYamlOverride.existingSecret .Values.artifactory.systemYaml }} + - name: systemyaml + {{- if .Values.systemYamlOverride.existingSecret }} + mountPath: "/tmp/etc/{{.Values.systemYamlOverride.dataKey}}" + subPath: {{ .Values.systemYamlOverride.dataKey }} + {{- else if .Values.artifactory.systemYaml }} + mountPath: "/tmp/etc/system.yaml" + subPath: system.yaml + {{- end }} + {{- end }} + {{- if .Values.access.accessConfig }} + - name: access-config + mountPath: "/tmp/etc/access.config.patch.yml" + subPath: access.config.patch.yml + {{- end }} + {{- if .Values.access.customCertificatesSecretName }} + - name: access-certs + mountPath: "/tmp/etc/tls.crt" + subPath: tls.crt + - name: access-certs + mountPath: "/tmp/etc/tls.key" + subPath: tls.key + {{- end }} + {{- if and .Values.artifactory.customPersistentPodVolumeClaim (not .Values.artifactory.customPersistentPodVolumeClaim.skipPrepareContainer) }} + - name: "prepare-custom-persistent-volume" + image: "{{ .Values.initContainerImage }}" + resources: +{{ toYaml .Values.initContainers.resources | indent 10 }} + command: + - 'sh' + - '-c' + - > + echo "Setting ownership {{ .Values.artifactory.uid }}:{{ .Values.artifactory.gid }} on PVC {{ .Values.artifactory.customPersistentPodVolumeClaim.name }}" + chown -Rv {{ .Values.artifactory.uid }}:{{ .Values.artifactory.gid }} {{ .Values.artifactory.customPersistentPodVolumeClaim.mountPath }} + securityContext: + runAsUser: 0 + volumeMounts: + - name: {{ .Values.artifactory.customPersistentPodVolumeClaim.name }} + mountPath: {{ .Values.artifactory.customPersistentPodVolumeClaim.mountPath }} + {{- end }} + {{- if .Values.waitForDatabase }} + {{- if .Values.postgresql.enabled }} + - name: "wait-for-db" + image: "{{ .Values.initContainerImage }}" + resources: +{{ toYaml .Values.initContainers.resources | indent 10 }} + command: + - 'sh' + - '-c' + - > + until nc -z -w 2 {{ .Release.Name }}-postgresql {{ .Values.postgresql.service.port }} && echo database ok; do + sleep 2; + done; + {{- end }} + {{- end }} + {{- if or .Values.artifactory.customInitContainers .Values.global.customInitContainers }} +{{ tpl (include "artifactory.customInitContainers" .) . | indent 6 }} + {{- end }} +{{- if .Values.artifactory.migration.enabled }} + - name: 'migration-artifactory' + image: {{ include "artifactory.getImageInfoByValue" (list . "artifactory") }} + imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} + securityContext: + allowPrivilegeEscalation: false + command: + - '/bin/bash' + - '-c' + - > + {{- if .Values.artifactory.migration.preStartCommand }} + echo "Running custom preStartCommand command"; + {{ tpl .Values.artifactory.migration.preStartCommand . }}; + {{- end }} + scriptsPath="/opt/jfrog/artifactory/app/bin"; + mkdir -p $scriptsPath; + echo "Copy migration scripts and Run migration"; + cp -fv /tmp/migrate.sh $scriptsPath/migrate.sh; + cp -fv /tmp/migrationHelmInfo.yaml $scriptsPath/migrationHelmInfo.yaml; + cp -fv /tmp/migrationStatus.sh $scriptsPath/migrationStatus.sh; + mkdir -p {{ .Values.artifactory.persistence.mountPath }}/log; + bash $scriptsPath/migrationStatus.sh {{ include "artifactory.app.version" . }} {{ .Values.artifactory.migration.timeoutSeconds }} > >(tee {{ .Values.artifactory.persistence.mountPath }}/log/helm-migration.log) 2>&1; + env: + {{- if and (not .Values.waitForDatabase) (not .Values.postgresql.enabled) }} + - name: SKIP_WAIT_FOR_EXTERNAL_DB + value: "true" + {{- end }} + {{- if or .Values.database.secrets.user .Values.database.user }} + - name: JF_SHARED_DATABASE_USERNAME + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.user }} + name: {{ tpl .Values.database.secrets.user.name . }} + key: {{ tpl .Values.database.secrets.user.key . }} + {{- else if .Values.database.user }} + name: {{ template "artifactory.fullname" . }}-database-creds + key: db-user + {{- end }} + {{- end }} + {{ if or .Values.database.secrets.password .Values.database.password .Values.postgresql.enabled }} + - name: JF_SHARED_DATABASE_PASSWORD + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.password }} + name: {{ tpl .Values.database.secrets.password.name . }} + key: {{ tpl .Values.database.secrets.password.key . }} + {{- else if .Values.database.password }} + name: {{ template "artifactory.fullname" . }}-database-creds + key: db-password + {{- else if .Values.postgresql.enabled }} + name: {{ .Release.Name }}-postgresql + key: postgresql-password + {{- end }} + {{- end }} + {{- if or .Values.database.secrets.url .Values.database.url }} + - name: JF_SHARED_DATABASE_URL + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.url }} + name: {{ tpl .Values.database.secrets.url.name . }} + key: {{ tpl .Values.database.secrets.url.key . }} + {{- else if .Values.database.url }} + name: {{ template "artifactory.fullname" . }}-database-creds + key: db-url + {{- end }} + {{- end }} +{{- with .Values.artifactory.extraEnvironmentVariables }} +{{ tpl (toYaml .) $ | indent 8 }} +{{- end }} + volumeMounts: + - name: migration-scripts + mountPath: "/tmp/migrate.sh" + subPath: migrate.sh + - name: migration-scripts + mountPath: "/tmp/migrationHelmInfo.yaml" + subPath: migrationHelmInfo.yaml + - name: migration-scripts + mountPath: "/tmp/migrationStatus.sh" + subPath: migrationStatus.sh + - name: artifactory-volume + mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} + {{- if eq .Values.artifactory.persistence.type "nfs" }} + - name: artifactory-data + mountPath: "{{ .Values.artifactory.persistence.nfs.dataDir }}" + - name: artifactory-backup + mountPath: "{{ .Values.artifactory.persistence.nfs.backupDir }}" + {{- else }} + - name: binarystore-xml + mountPath: "/artifactory_bootstrap/binarystore.xml" + subPath: binarystore.xml + {{- end }} + {{- if or .Values.artifactory.customVolumeMounts .Values.global.customVolumeMounts }} +{{ tpl (include "artifactory.customVolumeMounts" .) . | indent 8 }} + {{- end }} +{{- end }} + containers: + - name: {{ .Values.artifactory.name }} + image: {{ include "artifactory.getImageInfoByValue" (list . "artifactory") }} + imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} + securityContext: + allowPrivilegeEscalation: false + command: + - '/bin/bash' + - '-c' + - > + set -e; + if [ -d /artifactory_extra_conf ] && [ -d /artifactory_bootstrap ]; then + echo "Copying bootstrap config from /artifactory_extra_conf to /artifactory_bootstrap"; + cp -Lrfv /artifactory_extra_conf/ /artifactory_bootstrap/; + fi; + {{- if .Values.artifactory.configMapName }} + echo "Copying bootstrap configs"; + cp -Lrf /bootstrap/* /artifactory_bootstrap/; + {{- end }} + {{- if .Values.artifactory.userPluginSecrets }} + echo "Copying plugins"; + cp -Lrf /tmp/plugin/*/* /artifactory_bootstrap/plugins; + {{- end }} + {{- range .Values.artifactory.copyOnEveryStartup }} + {{- $targetPath := printf "%s/%s" $.Values.artifactory.persistence.mountPath .target }} + {{- $baseDirectory := regexFind ".*/" $targetPath }} + mkdir -p {{ $baseDirectory }}; + cp -Lrf {{ .source }} {{ $.Values.artifactory.persistence.mountPath }}/{{ .target }}; + {{- end }} + {{- if .Values.artifactory.preStartCommand }} + echo "Running custom preStartCommand command"; + {{ tpl .Values.artifactory.preStartCommand . }}; + {{- end }} + exec /entrypoint-artifactory.sh + {{- with .Values.artifactory.postStartCommand }} + lifecycle: + postStart: + exec: + command: + - '/bin/bash' + - '-c' + - > + echo "Running custom postStartCommand command"; + {{ tpl . $ }} + {{- end }} + env: + {{- if and (not .Values.waitForDatabase) (not .Values.postgresql.enabled) }} + - name: SKIP_WAIT_FOR_EXTERNAL_DB + value: "true" + {{- end }} + {{- if or .Values.database.secrets.user .Values.database.user }} + - name: JF_SHARED_DATABASE_USERNAME + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.user }} + name: {{ tpl .Values.database.secrets.user.name . }} + key: {{ tpl .Values.database.secrets.user.key . }} + {{- else if .Values.database.user }} + name: {{ template "artifactory.fullname" . }}-database-creds + key: db-user + {{- end }} + {{- end }} + {{ if or .Values.database.secrets.password .Values.database.password .Values.postgresql.enabled }} + - name: JF_SHARED_DATABASE_PASSWORD + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.password }} + name: {{ tpl .Values.database.secrets.password.name . }} + key: {{ tpl .Values.database.secrets.password.key . }} + {{- else if .Values.database.password }} + name: {{ template "artifactory.fullname" . }}-database-creds + key: db-password + {{- else if .Values.postgresql.enabled }} + name: {{ .Release.Name }}-postgresql + key: postgresql-password + {{- end }} + {{- end }} + {{- if or .Values.database.secrets.url .Values.database.url }} + - name: JF_SHARED_DATABASE_URL + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.url }} + name: {{ tpl .Values.database.secrets.url.name . }} + key: {{ tpl .Values.database.secrets.url.key . }} + {{- else if .Values.database.url }} + name: {{ template "artifactory.fullname" . }}-database-creds + key: db-url + {{- end }} + {{- end }} +{{- with .Values.artifactory.extraEnvironmentVariables }} +{{ tpl (toYaml .) $ | indent 8 }} +{{- end }} + ports: + - containerPort: {{ .Values.artifactory.internalPort }} + name: http + - containerPort: {{ .Values.artifactory.internalArtifactoryPort }} + name: http-internal + {{- if .Values.artifactory.javaOpts.jmx.enabled }} + - containerPort: {{ .Values.artifactory.javaOpts.jmx.port }} + name: tcp-jmx + {{- end }} + {{- if .Values.artifactory.ssh.enabled }} + - containerPort: {{ .Values.artifactory.ssh.internalPort }} + name: tcp-ssh + {{- end }} + volumeMounts: + {{- if .Values.artifactory.userPluginSecrets }} + - name: bootstrap-plugins + mountPath: "/artifactory_bootstrap/plugins/" + {{- range .Values.artifactory.userPluginSecrets }} + - name: {{ tpl . $ }} + mountPath: "/tmp/plugin/{{ tpl . $ }}" + {{- end }} + {{- end }} + - name: artifactory-volume + mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} + {{- if .Values.artifactory.configMapName }} + - name: bootstrap-config + mountPath: "/bootstrap/" + {{- end }} + {{- if eq .Values.artifactory.persistence.type "nfs" }} + - name: artifactory-data + mountPath: "{{ .Values.artifactory.persistence.nfs.dataDir }}" + - name: artifactory-backup + mountPath: "{{ .Values.artifactory.persistence.nfs.backupDir }}" + {{- else }} + - name: binarystore-xml + mountPath: "/artifactory_bootstrap/binarystore.xml" + subPath: binarystore.xml + {{- end }} + {{- if or .Values.artifactory.license.secret .Values.artifactory.license.licenseKey }} + - name: artifactory-license + mountPath: "/artifactory_bootstrap/artifactory.lic" + {{- if .Values.artifactory.license.secret }} + subPath: {{ .Values.artifactory.license.dataKey }} + {{- else if .Values.artifactory.license.licenseKey }} + subPath: artifactory.lic + {{- end }} + {{- end }} + - name: installer-info + mountPath: "/artifactory_bootstrap/info/installer-info.json" + subPath: installer-info.json + {{- if or .Values.artifactory.customVolumeMounts .Values.global.customVolumeMounts }} +{{ tpl (include "artifactory.customVolumeMounts" .) . | indent 8 }} + {{- end }} + resources: +{{ toYaml .Values.artifactory.resources | indent 10 }} + {{- if .Values.artifactory.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.artifactory.readinessProbe.path }} + scheme: {{ include "artifactory.scheme" . | upper }} + port: {{ .Values.artifactory.internalPort }} + initialDelaySeconds: {{ .Values.artifactory.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.artifactory.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.artifactory.readinessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.artifactory.readinessProbe.failureThreshold }} + successThreshold: {{ .Values.artifactory.readinessProbe.successThreshold }} + {{- end }} + {{- if .Values.artifactory.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.artifactory.livenessProbe.path }} + scheme: {{ include "artifactory.scheme" . | upper }} + port: {{ .Values.artifactory.internalPort }} + initialDelaySeconds: {{ .Values.artifactory.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.artifactory.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.artifactory.livenessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.artifactory.livenessProbe.failureThreshold }} + successThreshold: {{ .Values.artifactory.livenessProbe.successThreshold }} + {{- end }} + {{- $mountPath := .Values.artifactory.persistence.mountPath }} + {{- range .Values.artifactory.loggers }} + - name: {{ . | replace "_" "-" | replace "." "-" }} + image: {{ include "artifactory.getImageInfoByValue" (list $ "logger") }} + command: + - 'sh' + - '-c' + - 'sh /scripts/tail-log.sh {{ $mountPath }}/log {{ . }}' + volumeMounts: + - name: artifactory-volume + mountPath: {{ $mountPath }} + - name: tail-logger-script + mountPath: /scripts/tail-log.sh + subPath: tail-log.sh + resources: +{{ toYaml $.Values.artifactory.loggersResources | indent 10 }} + {{- end }} + {{ if .Values.artifactory.catalinaLoggers }} + {{- range .Values.artifactory.catalinaLoggers }} + - name: {{ . | replace "_" "-" | replace "." "-" }} + image: {{ include "artifactory.getImageInfoByValue" (list $ "logger") }} + command: + - 'sh' + - '-c' + - 'sh /scripts/tail-log.sh {{ $mountPath }}/log/tomcat {{ . }}' + volumeMounts: + - name: artifactory-volume + mountPath: {{ $mountPath }} + - name: tail-logger-script + mountPath: /scripts/tail-log.sh + subPath: tail-log.sh + resources: +{{ toYaml $.Values.artifactory.catalinaLoggersResources | indent 10 }} + {{- end }} + {{- end }} + {{- if .Values.filebeat.enabled }} + - name: {{ .Values.filebeat.name }} + image: "{{ .Values.filebeat.image.repository }}:{{ .Values.filebeat.image.version }}" + imagePullPolicy: {{ .Values.filebeat.image.pullPolicy }} + args: + - "-e" + - "-E" + - "http.enabled=true" + securityContext: + runAsUser: 0 + volumeMounts: + - name: filebeat-config + mountPath: /usr/share/filebeat/filebeat.yml + readOnly: true + subPath: filebeat.yml + - name: artifactory-volume + mountPath: "{{ .Values.artifactory.persistence.mountPath }}" + livenessProbe: +{{ toYaml .Values.filebeat.livenessProbe | indent 10 }} + readinessProbe: +{{ toYaml .Values.filebeat.readinessProbe | indent 10 }} + resources: +{{ toYaml .Values.filebeat.resources | indent 10 }} + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriod }} + {{- end }} + {{- if or .Values.artifactory.customSidecarContainers .Values.global.customSidecarContainers }} +{{ tpl (include "artifactory.customSidecarContainers" .) . | indent 6 }} + {{- end }} + {{- with .Values.artifactory.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.artifactory.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.artifactory.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} + volumes: + - name: binarystore-xml + secret: + {{- if .Values.artifactory.persistence.customBinarystoreXmlSecret }} + secretName: {{ .Values.artifactory.persistence.customBinarystoreXmlSecret }} + {{- else }} + secretName: {{ template "artifactory.fullname" . }}-binarystore + {{- end }} +{{- if .Values.artifactory.migration.enabled }} + - name: migration-scripts + configMap: + name: {{ template "artifactory.fullname" . }}-migration-scripts +{{- end }} + - name: installer-info + configMap: + name: {{ template "artifactory.fullname" . }}-installer-info + {{- if .Values.artifactory.userPluginSecrets }} + - name: bootstrap-plugins + emptyDir: {} + {{- range .Values.artifactory.userPluginSecrets }} + - name: {{ tpl . $ }} + secret: + secretName: {{ tpl . $ }} + {{- end }} + {{- end }} + {{- if and .Values.artifactory.persistence.enabled .Values.artifactory.persistence.existingClaim }} + - name: artifactory-volume + persistentVolumeClaim: + claimName: {{ .Values.artifactory.persistence.existingClaim }} + {{- end }} + {{- if .Values.artifactory.configMapName }} + - name: bootstrap-config + configMap: + name: {{ .Values.artifactory.configMapName }} + {{- end}} + {{- if or .Values.artifactory.loggers .Values.artifactory.catalinaLoggers }} + - name: tail-logger-script + configMap: + name: {{ template "artifactory.fullname" . }}-logger + {{- end }} + {{- if .Values.artifactory.configMaps }} + - name: artifactory-configmaps + configMap: + name: {{ template "artifactory.fullname" . }}-configmaps + {{- end }} + {{- if or .Values.artifactory.license.secret .Values.artifactory.license.licenseKey }} + - name: artifactory-license + secret: + {{- if .Values.artifactory.license.secret }} + secretName: {{ .Values.artifactory.license.secret }} + {{- else if .Values.artifactory.license.licenseKey }} + secretName: {{ template "artifactory.fullname" . }}-license + {{- end }} + {{- end }} + {{- if or (and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey) .Values.artifactory.admin.password }} + - name: access-bootstrap-creds + secret: + {{- if and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey }} + secretName: {{ .Values.artifactory.admin.secret }} + {{- else }} + secretName: {{ template "artifactory.fullname" . }}-bootstrap-creds + {{- end }} + {{- end }} + {{- if eq .Values.artifactory.persistence.type "nfs" }} + - name: artifactory-data + persistentVolumeClaim: + claimName: {{ template "artifactory.fullname" . }}-data-pvc + - name: artifactory-backup + persistentVolumeClaim: + claimName: {{ template "artifactory.fullname" . }}-backup-pvc + {{- end }} + {{- if not .Values.artifactory.persistence.enabled }} + - name: artifactory-volume + emptyDir: + sizeLimit: {{ .Values.artifactory.persistence.size }} + {{- end }} + {{- if or .Values.systemYamlOverride.existingSecret .Values.artifactory.systemYaml }} + - name: systemyaml + secret: + secretName: {{ default (printf "%s-%s" (include "artifactory.fullname" .) "systemyaml") .Values.systemYamlOverride.existingSecret }} + {{- end }} + {{- if .Values.access.accessConfig }} + - name: access-config + secret: + secretName: {{ template "artifactory.fullname" . }}-access-config + {{- end }} + {{- if .Values.access.customCertificatesSecretName }} + - name: access-certs + secret: + secretName: {{ .Values.access.customCertificatesSecretName }} + {{- end }} + {{- if .Values.artifactory.customPersistentVolumeClaim }} + - name: {{ .Values.artifactory.customPersistentVolumeClaim.name }} + persistentVolumeClaim: + claimName: {{ .Values.artifactory.customPersistentVolumeClaim.name }} + {{- end }} + {{- if .Values.filebeat.enabled }} + - name: filebeat-config + configMap: + name: {{ template "artifactory.name" . }}-filebeat-config + {{- end }} + {{- if or .Values.artifactory.customVolumes .Values.global.customVolumes }} +{{ tpl (include "artifactory.customVolumes" .) . | indent 6 }} + {{- end }} + {{- if not .Values.artifactory.persistence.enabled }} + - name: volume + emptyDir: + sizeLimit: {{ .Values.artifactory.persistence.size }} + {{- end }} +{{- with .Values.artifactory.persistence }} + {{- if and .enabled (not .existingClaim) }} + volumeClaimTemplates: + - metadata: + name: artifactory-volume + spec: + {{- if .storageClassName }} + {{- if (eq "-" .storageClassName) }} + storageClassName: "" + {{- else }} + storageClassName: "{{ .storageClassName }}" + {{- end }} + {{- end }} + accessModes: [ "{{ .accessMode }}" ] + resources: + requests: + storage: {{ .size }} + {{- end }} +{{- end }} + {{- if .Values.artifactory.customPersistentPodVolumeClaim }} + - metadata: + name: {{ .Values.artifactory.customPersistentPodVolumeClaim.name }} + spec: + {{- if .Values.artifactory.customPersistentPodVolumeClaim.storageClassName }} + {{- if (eq "-" .Values.artifactory.customPersistentPodVolumeClaim.storageClassName) }} + storageClassName: "" + {{- else }} + storageClassName: "{{ .Values.artifactory.customPersistentPodVolumeClaim.storageClassName }}" + {{- end }} + {{- end }} + accessModes: + {{- range .Values.artifactory.customPersistentPodVolumeClaim.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.artifactory.customPersistentPodVolumeClaim.size }} + {{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-system-yaml.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-system-yaml.yaml new file mode 100644 index 000000000..f36879218 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/artifactory-system-yaml.yaml @@ -0,0 +1,15 @@ +{{- if not .Values.systemYamlOverride.existingSecret }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "artifactory.fullname" . }}-systemyaml + labels: + app: {{ template "artifactory.name" . }} + chart: {{ template "artifactory.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +type: Opaque +stringData: + system.yaml: | +{{ tpl .Values.artifactory.systemYaml . | indent 4 }} +{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/filebeat-configmap.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/filebeat-configmap.yaml new file mode 100644 index 000000000..8ceb67c01 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/filebeat-configmap.yaml @@ -0,0 +1,15 @@ +{{- if .Values.filebeat.enabled }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "artifactory.name" . }}-filebeat-config + labels: + app: {{ template "artifactory.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} +data: + filebeat.yml: | +{{ tpl .Values.filebeat.filebeatYml . | indent 4 }} +{{- end -}} \ No newline at end of file diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/ingress.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/ingress.yaml new file mode 100644 index 000000000..6f6bc11d1 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/ingress.yaml @@ -0,0 +1,107 @@ +{{- if .Values.ingress.enabled -}} +{{- $serviceName := include "artifactory.fullname" . -}} +{{- $servicePort := .Values.artifactory.externalPort -}} +{{- $artifactoryServicePort := .Values.artifactory.externalArtifactoryPort -}} +{{- $ingressName := default ( include "artifactory.fullname" . ) .Values.ingress.name -}} +{{- if semverCompare ">=v1.14.0-0" .Capabilities.KubeVersion.GitVersion }} +apiVersion: networking.k8s.io/v1beta1 +{{- else }} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $ingressName }} + labels: + app: {{ template "artifactory.name" . }} + chart: {{ template "artifactory.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- if .Values.ingress.labels }} +{{ .Values.ingress.labels | toYaml | trimSuffix "\n"| indent 4 -}} +{{- end}} +{{- if .Values.ingress.annotations }} + annotations: +{{ .Values.ingress.annotations | toYaml | trimSuffix "\n" | indent 4 -}} +{{- end }} +spec: + {{- if .Values.ingress.defaultBackend.enabled }} + backend: + serviceName: {{ $serviceName }} + servicePort: {{ $servicePort }} + {{- end }} + rules: +{{- if .Values.ingress.hosts }} + {{- range $host := .Values.ingress.hosts }} + - host: {{ $host | quote }} + http: + paths: + - path: {{ $.Values.ingress.routerPath }} + backend: + serviceName: {{ $serviceName }} + servicePort: {{ $servicePort }} + - path: {{ $.Values.ingress.artifactoryPath }} + backend: + serviceName: {{ $serviceName }} + servicePort: {{ $artifactoryServicePort }} + {{- end -}} +{{- end -}} + {{- with .Values.ingress.additionalRules }} +{{ tpl . $ | indent 2 }} + {{- end }} + + {{- if .Values.ingress.tls }} + tls: +{{ toYaml .Values.ingress.tls | indent 4 }} + {{- end -}} +{{- if .Values.artifactory.replicator.enabled }} +--- +{{- $replicatorIngressName := default ( include "artifactory.replicator.fullname" . ) .Values.artifactory.replicator.ingress.name -}} + {{- if semverCompare ">=v1.14.0-0" .Capabilities.KubeVersion.GitVersion }} +apiVersion: networking.k8s.io/v1beta1 + {{- else }} +apiVersion: extensions/v1beta1 + {{- end }} +kind: Ingress +metadata: + name: {{ $replicatorIngressName }} + labels: + app: "{{ template "artifactory.name" $ }}" + chart: "{{ template "artifactory.chart" $ }}" + release: {{ $.Release.Name | quote }} + heritage: {{ $.Release.Service | quote }} + {{- if .Values.artifactory.replicator.ingress.annotations }} + annotations: +{{ .Values.artifactory.replicator.ingress.annotations | toYaml | trimSuffix "\n" | indent 4 -}} + {{- end }} +spec: + {{- if .Values.ingress.defaultBackend.enabled }} + backend: + serviceName: {{ $serviceName }} + servicePort: {{ $servicePort }} + {{- end }} + rules: +{{- if .Values.artifactory.replicator.ingress.hosts }} + {{- range $host := .Values.artifactory.replicator.ingress.hosts }} + - host: {{ $host | quote }} + http: + paths: + - path: /replicator/ + backend: + serviceName: {{ $serviceName }} + servicePort: {{ $servicePort }} + - path: /artifactory/api/replication/replicate/file/streaming + backend: + serviceName: {{ $serviceName }} + servicePort: {{ $servicePort }} + {{- end -}} +{{- end -}} + {{- if .Values.artifactory.replicator.ingress.tls }} + tls: +{{ toYaml .Values.artifactory.replicator.ingress.tls | indent 4 }} + {{- end -}} +{{- end -}} +{{- if .Values.customIngress }} +--- +{{ .Values.customIngress | toYaml | trimSuffix "\n" }} +{{- end -}} +{{- end -}} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/logger-configmap.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/logger-configmap.yaml new file mode 100644 index 000000000..f53f35e48 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/logger-configmap.yaml @@ -0,0 +1,63 @@ +{{- if or .Values.artifactory.loggers .Values.artifactory.catalinaLoggers }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "artifactory.fullname" . }}-logger + labels: + app: {{ template "artifactory.name" . }} + chart: {{ template "artifactory.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +data: + tail-log.sh: | + #!/bin/sh + + LOG_DIR=$1 + LOG_NAME=$2 + PID= + + # Wait for log dir to appear + while [ ! -d ${LOG_DIR} ]; do + sleep 1 + done + + cd ${LOG_DIR} + + LOG_PREFIX=$(echo ${LOG_NAME} | sed 's/.log$//g') + + # Find the log to tail + LOG_FILE=$(ls -1t ./${LOG_PREFIX}*.log 2>/dev/null | head -1) + + # Wait for the log file + while [ -z "${LOG_FILE}" ]; do + sleep 1 + LOG_FILE=$(ls -1t ./${LOG_PREFIX}*.log 2>/dev/null | head -1) + done + + echo "Log file ${LOG_FILE} is ready!" + + # Get inode number + INODE_ID=$(ls -i ${LOG_FILE}) + + # echo "Tailing ${LOG_FILE}" + tail -F ${LOG_FILE} & + PID=$! + + # Loop forever to see if a new log was created + while true; do + # Check inode number + NEW_INODE_ID=$(ls -i ${LOG_FILE}) + + # If inode number changed, this means log was rotated and need to start a new tail + if [ "${INODE_ID}" != "${NEW_INODE_ID}" ]; then + kill -9 ${PID} 2>/dev/null + INODE_ID="${NEW_INODE_ID}" + + # Start a new tail + tail -F ${LOG_FILE} & + PID=$! + fi + sleep 1 + done + +{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/nginx-artifactory-conf.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/nginx-artifactory-conf.yaml new file mode 100644 index 000000000..bd2ebea96 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/nginx-artifactory-conf.yaml @@ -0,0 +1,14 @@ +{{- if and (not .Values.nginx.customArtifactoryConfigMap) .Values.nginx.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "artifactory.fullname" . }}-nginx-artifactory-conf + labels: + app: {{ template "artifactory.name" . }} + chart: {{ template "artifactory.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +data: + artifactory.conf: | +{{ tpl .Values.nginx.artifactoryConf . | indent 4 }} +{{- end }} \ No newline at end of file diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/nginx-certificate-secret.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/nginx-certificate-secret.yaml new file mode 100644 index 000000000..8d6862903 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/nginx-certificate-secret.yaml @@ -0,0 +1,14 @@ +{{- if and (not .Values.nginx.tlsSecretName) .Values.nginx.https.enabled }} +apiVersion: v1 +kind: Secret +type: kubernetes.io/tls +metadata: + name: {{ template "artifactory.fullname" . }}-nginx-certificate + labels: + app: {{ template "artifactory.name" . }} + chart: {{ template "artifactory.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +data: +{{ ( include "artifactory.gen-certs" . ) | indent 2 }} +{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/nginx-conf.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/nginx-conf.yaml new file mode 100644 index 000000000..851eae247 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/nginx-conf.yaml @@ -0,0 +1,14 @@ +{{- if and (not .Values.nginx.customConfigMap) .Values.nginx.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "artifactory.fullname" . }}-nginx-conf + labels: + app: {{ template "artifactory.name" . }} + chart: {{ template "artifactory.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +data: + nginx.conf: | +{{ tpl .Values.nginx.mainConf . | indent 4 }} +{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/nginx-deployment.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/nginx-deployment.yaml new file mode 100644 index 000000000..bc53f535b --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/nginx-deployment.yaml @@ -0,0 +1,203 @@ +{{- if .Values.nginx.enabled -}} +{{- $serviceName := include "artifactory.fullname" . -}} +{{- $servicePort := .Values.artifactory.externalPort -}} +apiVersion: apps/v1 +kind: {{ .Values.nginx.kind }} +metadata: + name: {{ template "artifactory.nginx.fullname" . }} + labels: + app: {{ template "artifactory.name" . }} + chart: {{ template "artifactory.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + component: {{ .Values.nginx.name }} +{{- if .Values.nginx.labels }} +{{ toYaml .Values.nginx.labels | indent 4 }} +{{- end }} +spec: +{{- if eq .Values.nginx.kind "StatefulSet" }} + serviceName: {{ template "artifactory.nginx.fullname" . }} +{{- end }} +{{- if ne .Values.nginx.kind "DaemonSet" }} + replicas: {{ .Values.nginx.replicaCount }} +{{- end }} + selector: + matchLabels: + app: {{ template "artifactory.name" . }} + release: {{ .Release.Name }} + component: {{ .Values.nginx.name }} + template: + metadata: + annotations: + checksum/nginx-conf: {{ include (print $.Template.BasePath "/nginx-conf.yaml") . | sha256sum }} + checksum/nginx-artifactory-conf: {{ include (print $.Template.BasePath "/nginx-artifactory-conf.yaml") . | sha256sum }} + labels: + app: {{ template "artifactory.name" . }} + chart: {{ template "artifactory.chart" . }} + component: {{ .Values.nginx.name }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + spec: + serviceAccountName: {{ template "artifactory.serviceAccountName" . }} + {{- if or .Values.imagePullSecrets .Values.global.imagePullSecrets }} +{{- include "artifactory.imagePullSecrets" . | indent 6 }} + {{- end }} + {{- if .Values.nginx.priorityClassName }} + priorityClassName: {{ .Values.nginx.priorityClassName | quote }} + {{- end }} + initContainers: + - name: "setup" + image: "{{ .Values.initContainerImage }}" + imagePullPolicy: {{ .Values.nginx.image.pullPolicy }} + command: + - '/bin/sh' + - '-c' + - > + rm -rfv {{ .Values.nginx.persistence.mountPath }}/lost+found; + mkdir -p {{ .Values.nginx.persistence.mountPath }}/logs; + volumeMounts: + - mountPath: {{ .Values.nginx.persistence.mountPath | quote }} + name: nginx-volume + securityContext: + runAsUser: {{ .Values.nginx.uid }} + fsGroup: {{ .Values.nginx.gid }} + containers: + - name: {{ .Values.nginx.name }} + image: {{ include "artifactory.getImageInfoByValue" (list . "nginx") }} + imagePullPolicy: {{ .Values.nginx.image.pullPolicy }} + command: + - 'nginx' + - '-g' + - 'daemon off;' + ports: + # DEPRECATION NOTE: The following is to maintain support for values pre 1.3.1 and + # will be cleaned up in a later version + {{- if .Values.nginx.http }} + {{- if .Values.nginx.http.enabled }} + - containerPort: {{ .Values.nginx.http.internalPort }} + name: http + {{- end }} + {{- else }} # DEPRECATED + - containerPort: {{ .Values.nginx.internalPortHttp }} + name: http-internal + {{- end }} + {{- if .Values.nginx.https }} + {{- if .Values.nginx.https.enabled }} + - containerPort: {{ .Values.nginx.https.internalPort }} + name: https + {{- end }} + {{- else }} # DEPRECATED + - containerPort: {{ .Values.nginx.internalPortHttps }} + name: https-internal + {{- end }} + {{- if .Values.artifactory.ssh.enabled }} + - containerPort: {{ .Values.nginx.ssh.internalPort }} + name: tcp-ssh + {{- end }} + volumeMounts: + - name: nginx-conf + mountPath: /etc/nginx/nginx.conf + subPath: nginx.conf + - name: nginx-artifactory-conf + mountPath: "{{ .Values.nginx.persistence.mountPath }}/conf.d/" + - name: nginx-volume + mountPath: {{ .Values.nginx.persistence.mountPath | quote }} + {{- if .Values.nginx.https.enabled }} + - name: ssl-certificates + mountPath: "{{ .Values.nginx.persistence.mountPath }}/ssl" + {{- end }} + resources: +{{ toYaml .Values.nginx.resources | indent 10 }} + {{- if .Values.nginx.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.nginx.readinessProbe.path }} + {{- if .Values.nginx.http.enabled }} + port: {{ .Values.nginx.http.internalPort }} + scheme: HTTP + {{- else }} + port: {{ .Values.nginx.https.internalPort }} + scheme: HTTPS + {{- end }} + initialDelaySeconds: {{ .Values.nginx.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.nginx.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.nginx.readinessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.nginx.readinessProbe.failureThreshold }} + successThreshold: {{ .Values.nginx.readinessProbe.successThreshold }} + {{- end }} + {{- if .Values.nginx.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.nginx.livenessProbe.path }} + {{- if .Values.nginx.http.enabled }} + port: {{ .Values.nginx.http.internalPort }} + scheme: HTTP + {{- else }} + port: {{ .Values.nginx.https.internalPort }} + scheme: HTTPS + {{- end }} + initialDelaySeconds: {{ .Values.nginx.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.nginx.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.nginx.livenessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.nginx.livenessProbe.failureThreshold }} + successThreshold: {{ .Values.nginx.livenessProbe.successThreshold }} + {{- end }} + {{- $mountPath := .Values.nginx.persistence.mountPath }} + {{- range .Values.nginx.loggers }} + - name: {{ . | replace "_" "-" | replace "." "-" }} + image: {{ include "artifactory.getImageInfoByValue" (list $ "logger") }} + command: + - tail + args: + - '-F' + - '{{ $mountPath }}/logs/{{ . }}' + volumeMounts: + - name: nginx-volume + mountPath: {{ $mountPath }} + resources: +{{ toYaml $.Values.nginx.loggersResources | indent 10 }} + {{- end }} + {{- with .Values.nginx.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.nginx.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.nginx.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} + volumes: + - name: nginx-conf + configMap: + {{- if .Values.nginx.customConfigMap }} + name: {{ .Values.nginx.customConfigMap }} + {{- else }} + name: {{ template "artifactory.fullname" . }}-nginx-conf + {{- end }} + - name: nginx-artifactory-conf + configMap: + {{- if .Values.nginx.customArtifactoryConfigMap }} + name: {{ .Values.nginx.customArtifactoryConfigMap }} + {{- else }} + name: {{ template "artifactory.fullname" . }}-nginx-artifactory-conf + {{- end }} + - name: nginx-volume + {{- if .Values.nginx.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ .Values.nginx.persistence.existingClaim | default (include "artifactory.nginx.fullname" .) }} + {{- else }} + emptyDir: {} + {{- end }} + {{- if .Values.nginx.https.enabled }} + - name: ssl-certificates + secret: + {{- if .Values.nginx.tlsSecretName }} + secretName: {{ .Values.nginx.tlsSecretName }} + {{- else }} + secretName: {{ template "artifactory.fullname" . }}-nginx-certificate + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/nginx-pvc.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/nginx-pvc.yaml new file mode 100644 index 000000000..3394a0ade --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/nginx-pvc.yaml @@ -0,0 +1,26 @@ +{{- if and .Values.nginx.persistence.enabled (.Values.nginx.enabled ) }} +{{- if (not .Values.nginx.persistence.existingClaim) }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ template "artifactory.nginx.fullname" . }} + labels: + app: {{ template "artifactory.name" . }} + chart: {{ template "artifactory.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + accessModes: + - {{ .Values.nginx.persistence.accessMode | quote }} + resources: + requests: + storage: {{ .Values.nginx.persistence.size | quote }} +{{- if .Values.nginx.persistence.storageClassName }} +{{- if (eq "-" .Values.nginx.persistence.storageClassName) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .Values.nginx.persistence.storageClassName }}" +{{- end }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/nginx-service.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/nginx-service.yaml new file mode 100644 index 000000000..7f4c8fb66 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/templates/nginx-service.yaml @@ -0,0 +1,73 @@ +{{- if .Values.nginx.enabled -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "artifactory.nginx.fullname" . }} + labels: + app: {{ template "artifactory.name" . }} + chart: {{ template "artifactory.chart" . }} + component: {{ .Values.nginx.name }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +{{- if .Values.nginx.service.annotations }} + annotations: +{{ toYaml .Values.nginx.service.annotations | indent 4 }} +{{- end }} +spec: + type: {{ .Values.nginx.service.type }} +{{- if eq .Values.nginx.service.type "LoadBalancer" }} + {{ if .Values.nginx.service.loadBalancerIP -}} + loadBalancerIP: {{ .Values.nginx.service.loadBalancerIP }} + {{ end -}} + {{- if .Values.nginx.service.externalTrafficPolicy }} + externalTrafficPolicy: {{ .Values.nginx.service.externalTrafficPolicy }} + {{- end }} +{{- end }} +{{- if .Values.nginx.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: +{{ toYaml .Values.nginx.service.loadBalancerSourceRanges | indent 4 }} +{{- end }} + ports: + # DEPRECATION NOTE: The following is to maintain support for values pre 1.3.0 and + # will be cleaned up in a later version + {{- if .Values.nginx.http }} + {{- if .Values.nginx.http.enabled }} + - port: {{ .Values.nginx.http.externalPort }} + targetPort: {{ .Values.nginx.http.internalPort }} + protocol: TCP + name: http + {{- end }} + {{- else }} # DEPRECATED + - port: {{ .Values.nginx.externalPortHttp }} + targetPort: {{ .Values.nginx.internalPortHttp }} + protocol: TCP + name: http + {{- end }} + {{- if .Values.nginx.https }} + {{- if or .Values.nginx.https.enabled .Values.nginx.service.ssloffload }} + - port: {{ .Values.nginx.https.externalPort }} + {{- if .Values.nginx.service.ssloffload }} + targetPort: {{ .Values.nginx.http.internalPort }} + {{- else }} + targetPort: {{ .Values.nginx.https.internalPort}} + {{- end }} + protocol: TCP + name: https + {{- end }} + {{- else }} # DEPRECATED + - port: {{ .Values.nginx.externalPortHttps }} + targetPort: {{ .Values.nginx.internalPortHttps }} + protocol: TCP + name: https + {{- end }} + {{- if .Values.artifactory.ssh.enabled }} + - port: {{ .Values.nginx.ssh.externalPort }} + targetPort: {{ .Values.nginx.ssh.internalPort }} + protocol: TCP + name: tcp-ssh + {{- end }} + selector: + app: {{ template "artifactory.name" . }} + component: {{ .Values.nginx.name }} + release: {{ .Release.Name }} +{{- end }} diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/values-large.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/values-large.yaml new file mode 100644 index 000000000..6399c5b8a --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/values-large.yaml @@ -0,0 +1,11 @@ +artifactory: + resources: + requests: + memory: "6Gi" + cpu: "4" + limits: + memory: "10Gi" + cpu: "8" + javaOpts: + xms: "6g" + xmx: "8g" diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/values-medium.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/values-medium.yaml new file mode 100644 index 000000000..44aff82de --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/values-medium.yaml @@ -0,0 +1,11 @@ +artifactory: + resources: + requests: + memory: "4Gi" + cpu: "2" + limits: + memory: "8Gi" + cpu: "6" + javaOpts: + xms: "4g" + xmx: "6g" diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/values-small.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/values-small.yaml new file mode 100644 index 000000000..04368ae15 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/values-small.yaml @@ -0,0 +1,11 @@ +artifactory: + resources: + requests: + memory: "4Gi" + cpu: "2" + limits: + memory: "6Gi" + cpu: "4" + javaOpts: + xms: "4g" + xmx: "4g" diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/values.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/values.yaml new file mode 100644 index 000000000..dcbf72fdb --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/charts/artifactory/values.yaml @@ -0,0 +1,1376 @@ +# Default values for artifactory. +# This is a YAML-formatted file. + +# Beware when changing values here. You should know what you are doing! +# Access the values with {{ .Values.key.subkey }} + + +global: + # imageRegistry: docker.bintray.io + # imagePullSecrets: + # - myRegistryKeySecretName + ## Chart.AppVersion can be overidden using global.versions.artifactory or .Values.artifactory.image.tag + ## Note: Order of preference is 1) global.versions 2) .Values.artifactory.image.tag 3) Chart.AppVersion + ## This applies also for nginx images (.Values.nginx.image.tag) + versions: {} + # artifactory: + # joinKey: + # masterKey: + # joinKeySecretName: + # masterKeySecretName: + # customInitContainersBegin: | + + # customInitContainers: | + + # customVolumes: | + + # customVolumeMounts: | + + # customSidecarContainers: | + + +initContainerImage: docker.bintray.io/alpine:3.12.1 + +# Init containers +initContainers: + resources: {} +# requests: +# memory: "64Mi" +# cpu: "10m" +# limits: +# memory: "128Mi" +# cpu: "250m" + +installer: + type: + platform: + +installerInfo: '{"productId": "Helm_artifactory/{{ .Chart.Version }}", "features": [ { "featureId": "Platform/{{ default "kubernetes" .Values.installer.platform }}"}]}' + +# For supporting pulling from private registries +# imagePullSecrets: +# - myRegistryKeySecretName + +## Artifactory systemYaml override +## This is for advanced usecases where users wants to provide their own systemYaml for configuring artifactory +## Refer: https://www.jfrog.com/confluence/display/JFROG/Artifactory+System+YAML +## Note: This will override existing (default) .Values.artifactory.systemYaml in values.yaml +## Alternatively, systemYaml can be overidden via customInitContainers using external sources like vaults, external repositories etc. Please refer customInitContainer section below for an example. +## Note: Order of preference is 1) customInitContainers 2) systemYamlOverride existingSecret 3) default systemYaml in values.yaml +systemYamlOverride: +## You can use a pre-existing secret by specifying existingSecret + existingSecret: +## The dataKey should be the name of the secret data key created. + dataKey: + +## Role Based Access Control +## Ref: https://kubernetes.io/docs/admin/authorization/rbac/ +rbac: + create: true + role: + ## Rules to create. It follows the role specification + rules: + - apiGroups: + - '' + resources: + - services + - endpoints + - pods + verbs: + - get + - watch + - list + +## Service Account +## Ref: https://kubernetes.io/docs/admin/service-accounts-admin/ +## +serviceAccount: + create: true + ## The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the fullname template + name: + ## Service Account annotations + annotations: {} + +ingress: + enabled: false + defaultBackend: + enabled: true + # Used to create an Ingress record. + hosts: [] + routerPath: / + artifactoryPath: /artifactory/ + annotations: {} + # kubernetes.io/ingress.class: nginx + # nginx.ingress.kubernetes.io/configuration-snippet: | + # proxy_pass_header Server; + # proxy_set_header X-JFrog-Override-Base-Url https://; + # kubernetes.io/tls-acme: "true" + # nginx.ingress.kubernetes.io/proxy-body-size: "0" + labels: {} + # traffic-type: external + # traffic-type: internal + tls: [] + # Secrets must be manually created in the namespace. + # - secretName: chart-example-tls + # hosts: + # - artifactory.domain.example + + # Additional ingress rules + additionalRules: [] + +## Allows to add custom ingress +customIngress: | + +networkpolicy: + # Allows all ingress and egress + - name: artifactory + podSelector: + matchLabels: + app: artifactory + egress: + - {} + ingress: + - {} + # Uncomment to allow only artifactory pods to communicate with postgresql (if postgresql.enabled is true) + # - name: postgresql + # podSelector: + # matchLabels: + # app: postgresql + # ingress: + # - from: + # - podSelector: + # matchLabels: + # app: artifactory + +logger: + image: + registry: docker.bintray.io + repository: busybox + tag: 1.31.1 + +# Artifactory +artifactory: + name: artifactory + # Note that by default we use appVersion to get image tag/version + image: + registry: docker.bintray.io + repository: jfrog/artifactory-pro + # tag: + pullPolicy: IfNotPresent + labels: {} + + # Create a priority class for the Artifactory pod or use an existing one + # NOTE - Maximum allowed value of a user defined priority is 1000000000 + priorityClass: + create: false + value: 1000000000 + ## Override default name + # name: + ## Use an existing priority class + # existingPriorityClass: + + # Delete the db.properties file in ARTIFACTORY_HOME/etc/db.properties + deleteDBPropertiesOnStartup: true + + database: + maxOpenConnections: 80 + tomcat: + connector: + maxThreads: 200 + extraConfig: 'acceptCount="100"' + + # Support for open metrics is only available for Artifactory 7.7.x (appVersions) and above. + # To enable set `.Values.artifactory.openMetrics.enabled` to `true` + # Refer - https://www.jfrog.com/confluence/display/JFROG/Open+Metrics + openMetrics: + enabled: false + + # Files to copy to ARTIFACTORY_HOME/ on each Artifactory startup + copyOnEveryStartup: + # # Absolute path + # - source: /artifactory_bootstrap/binarystore.xml + # # Relative to ARTIFACTORY_HOME/ + # target: etc/artifactory/ + # # Absolute path + # - source: /artifactory_bootstrap/artifactory.lic + # # Relative to ARTIFACTORY_HOME/ + # target: etc/artifactory/ + + # Sidecar containers for tailing Artifactory logs + loggers: [] + # - access-audit.log + # - access-request.log + # - access-security-audit.log + # - access-service.log + # - artifactory-access.log + # - artifactory-event.log + # - artifactory-import-export.log + # - artifactory-request.log + # - artifactory-service.log + # - frontend-request.log + # - frontend-service.log + # - metadata-request.log + # - metadata-service.log + # - router-request.log + # - router-service.log + # - router-traefik.log + # - derby.log + + # Loggers containers resources + loggersResources: {} + # requests: + # memory: "10Mi" + # cpu: "10m" + # limits: + # memory: "100Mi" + # cpu: "50m" + + # Sidecar containers for tailing Tomcat (catalina) logs + catalinaLoggers: [] + # - tomcat-catalina.log + # - tomcat-localhost.log + + # Tomcat (catalina) loggers resources + catalinaLoggersResources: {} + # requests: + # memory: "10Mi" + # cpu: "10m" + # limits: + # memory: "100Mi" + # cpu: "50m" + + # Migration support from 6.x to 7.x + migration: + enabled: true + timeoutSeconds: 3600 + ## Extra pre-start command in migration Init Container to install JDBC driver for MySql/MariaDb/Oracle + # preStartCommand: "mkdir -p /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib; cd /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib && wget -O /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib/mysql-connector-java-5.1.41.jar https://jcenter.bintray.com/mysql/mysql-connector-java/5.1.41/mysql-connector-java-5.1.41.jar" + + ## Add custom init containers execution before predefined init containers + customInitContainersBegin: | + # - name: "custom-setup" + # image: "{{ .Values.initContainerImage }}" + # imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" + # command: + # - 'sh' + # - '-c' + # - 'touch {{ .Values.artifactory.persistence.mountPath }}/example-custom-setup' + # volumeMounts: + # - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" + # name: artifactory-volume + + ## Add custom init containers execution after predefined init containers + customInitContainers: | + # - name: "custom-systemyaml-setup" + # image: "{{ .Values.initContainerImage }}" + # imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" + # command: + # - 'sh' + # - '-c' + # - 'wget -O {{ .Values.artifactory.persistence.mountPath }}/etc/system.yaml https:///systemyaml' + # volumeMounts: + # - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" + # name: artifactory-volume + + ## Add custom sidecar containers + # - The provided example uses a custom volume (customVolumes) + # - The provided example shows running container as root (id 0) + customSidecarContainers: | + # - name: "sidecar-list-etc" + # image: "{{ .Values.initContainerImage }}" + # imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" + # securityContext: + # runAsUser: 0 + # fsGroup: 0 + # command: + # - 'sh' + # - '-c' + # - 'sh /scripts/script.sh' + # volumeMounts: + # - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" + # name: artifactory-volume + # - mountPath: "/scripts/script.sh" + # name: custom-script + # subPath: script.sh + # resources: + # requests: + # memory: "32Mi" + # cpu: "50m" + # limits: + # memory: "128Mi" + # cpu: "100m" + + ## Add custom volumes + customVolumes: | + # - name: custom-script + # configMap: + # name: custom-script + + ## Add custom volumesMounts + customVolumeMounts: | + # - name: custom-script + # mountPath: "/scripts/script.sh" + # subPath: script.sh + # - name: posthook-start + # mountPath: "/scripts/posthoook-start.sh" + # subPath: posthoook-start.sh + # - name: prehook-start + # mountPath: "/scripts/prehook-start.sh" + # subPath: prehook-start.sh + + # Add custom persistent volume mounts - Available for the pod + # If skipPrepareContainer is set to true , this will skip the prepare-custom-persistent-volume init container + customPersistentPodVolumeClaim: {} + # name: + # mountPath: + # accessModes: + # - "-" + # size: + # storageClassName: + # skipPrepareContainer: false + + # Add custom persistent volume mounts - Available to the entire namespace + customPersistentVolumeClaim: {} + # name: + # mountPath: + # accessModes: + # - "-" + # size: + # storageClassName: + + ## Artifactory license. + license: + ## licenseKey is the license key in plain text. Use either this or the license.secret setting + licenseKey: + ## If artifactory.license.secret is passed, it will be mounted as + ## ARTIFACTORY_HOME/etc/artifactory.lic and loaded at run time. + secret: + ## The dataKey should be the name of the secret data key created. + dataKey: + + ## Create configMap with artifactory.config.import.xml and security.import.xml and pass name of configMap in following parameter + configMapName: + + # Add any list of configmaps to Artifactory + configMaps: | + # posthook-start.sh: |- + # echo "This is a post start script" + # posthook-end.sh: |- + # echo "This is a post end script" + + ## List of secrets for Artifactory user plugins. + ## One Secret per plugin's files. + userPluginSecrets: + # - archive-old-artifacts + # - build-cleanup + # - webhook + # - '{{ template "my-chart.fullname" . }}' + + ## Artifactory requires a unique master key. + ## You can generate one with the command: "openssl rand -hex 32" + ## An initial one is auto generated by Artifactory on first startup. + # masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF + ## Alternatively, you can use a pre-existing secret with a key called master-key by specifying masterKeySecretName + # masterKeySecretName: + + ## Join Key to connect other services to Artifactory + ## IMPORTANT: Setting this value overrides the existing joinKey + ## IMPORTANT: You should NOT use the example joinKey for a production deployment! + # joinKey: EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE + ## Alternatively, you can use a pre-existing secret with a key called join-key by specifying joinKeySecretName + # joinKeySecretName: + + # Add custom secrets - secret per file + customSecrets: + # - name: custom-secret + # key: custom-secret.yaml + # data: > + # custom_secret_config: + # parameter1: value1 + # parameter2: value2 + # - name: custom-secret2 + # key: custom-secret2.config + # data: | + # here the custom secret 2 config + + ## If false, all service console logs will not redirect to a common console.log + consoleLog: false + + binarystore: + enabled: true + + ## admin allows to set the password for the default admin user. + ## See: https://www.jfrog.com/confluence/display/JFROG/Users+and+Groups#UsersandGroups-RecreatingtheDefaultAdminUserrecreate + admin: + ip: "127.0.0.1" + username: "admin" + password: + secret: + dataKey: + + ## Extra pre-start command to install JDBC driver for MySql/MariaDb/Oracle + # preStartCommand: "mkdir -p /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib; cd /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib && wget -O /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib/mysql-connector-java-5.1.41.jar https://jcenter.bintray.com/mysql/mysql-connector-java/5.1.41/mysql-connector-java-5.1.41.jar" + ## Extra post-start command to run extra commands after container starts + # postStartCommand: + + ## Extra environment variables that can be used to tune Artifactory to your needs. + ## Uncomment and set value as needed + extraEnvironmentVariables: + # - name: SERVER_XML_ARTIFACTORY_PORT + # value: "8081" + # - name: SERVER_XML_ARTIFACTORY_MAX_THREADS + # value: "200" + # - name: SERVER_XML_ACCESS_MAX_THREADS + # value: "50" + # - name: SERVER_XML_ARTIFACTORY_EXTRA_CONFIG + # value: "" + # - name: SERVER_XML_ACCESS_EXTRA_CONFIG + # value: "" + # - name: SERVER_XML_EXTRA_CONNECTOR + # value: "" + # - name: DB_POOL_MAX_ACTIVE + # value: "100" + # - name: DB_POOL_MAX_IDLE + # value: "10" + # - name: MY_SECRET_ENV_VAR + # valueFrom: + # secretKeyRef: + # name: my-secret-name + # key: my-secret-key + + systemYaml: | + shared: + logging: + consoleLog: + enabled: {{ .Values.artifactory.consoleLog }} + extraJavaOpts: > + -Dartifactory.access.client.max.connections={{ .Values.access.tomcat.connector.maxThreads }} + {{- with .Values.artifactory.javaOpts }} + -Dartifactory.async.corePoolSize={{ .corePoolSize }} + {{- if .xms }} + -Xms{{ .xms }} + {{- end }} + {{- if .xmx }} + -Xmx{{ .xmx }} + {{- end }} + {{- if .jmx.enabled }} + -Dcom.sun.management.jmxremote + -Dcom.sun.management.jmxremote.port={{ .jmx.port }} + -Dcom.sun.management.jmxremote.rmi.port={{ .jmx.port }} + -Dcom.sun.management.jmxremote.ssl={{ .jmx.ssl }} + {{- if .jmx.host }} + -Djava.rmi.server.hostname={{ tpl .jmx.host $ }} + {{- else }} + -Djava.rmi.server.hostname={{ template "artifactory.fullname" $ }} + {{- end }} + {{- if .jmx.authenticate }} + -Dcom.sun.management.jmxremote.authenticate=true + -Dcom.sun.management.jmxremote.access.file={{ .jmx.accessFile }} + -Dcom.sun.management.jmxremote.password.file={{ .jmx.passwordFile }} + {{- else }} + -Dcom.sun.management.jmxremote.authenticate=false + {{- end }} + {{- end }} + {{- if .other }} + {{ .other }} + {{- end }} + {{- end }} + {{- if or .Values.database.type .Values.postgresql.enabled }} + database: + {{- if .Values.postgresql.enabled }} + type: postgresql + url: "jdbc:postgresql://{{ .Release.Name }}-postgresql:{{ .Values.postgresql.service.port }}/{{ .Values.postgresql.postgresqlDatabase }}" + driver: org.postgresql.Driver + username: "{{ .Values.postgresql.postgresqlUsername }}" + {{- else }} + type: "{{ .Values.database.type }}" + driver: "{{ .Values.database.driver }}" + {{- end }} + {{- end }} + artifactory: + {{- if .Values.artifactory.openMetrics }} + metrics: + enabled: {{ .Values.artifactory.openMetrics.enabled }} + {{- end }} + database: + maxOpenConnections: {{ .Values.artifactory.database.maxOpenConnections }} + tomcat: + connector: + maxThreads: {{ .Values.artifactory.tomcat.connector.maxThreads }} + extraConfig: {{ .Values.artifactory.tomcat.connector.extraConfig }} + frontend: + session: + timeMinutes: {{ .Values.frontend.session.timeoutMinutes | quote }} + access: + database: + maxOpenConnections: {{ .Values.access.database.maxOpenConnections }} + tomcat: + connector: + maxThreads: {{ .Values.access.tomcat.connector.maxThreads }} + extraConfig: {{ .Values.access.tomcat.connector.extraConfig }} + metadata: + database: + maxOpenConnections: {{ .Values.metadata.database.maxOpenConnections }} + {{- if .Values.artifactory.replicator.enabled }} + replicator: + enabled: true + {{- end }} + + annotations: {} + + service: + name: artifactory + type: ClusterIP + ## For supporting whitelist on the Artifactory service (useful if setting service.type=LoadBalancer) + ## Set this to a list of IP CIDR ranges + ## Example: loadBalancerSourceRanges: ['10.10.10.5/32', '10.11.10.5/32'] + ## or pass from helm command line + ## Example: helm install ... --set nginx.service.loadBalancerSourceRanges='{10.10.10.5/32,10.11.10.5/32}' + loadBalancerSourceRanges: [] + annotations: {} + + ## The following setting are to configure a dedicated Ingress object for Replicator service + replicator: + enabled: false + ingress: + name: + hosts: [] + annotations: {} + # kubernetes.io/ingress.class: nginx + # nginx.ingress.kubernetes.io/proxy-buffering: "off" + # nginx.ingress.kubernetes.io/configuration-snippet: | + # chunked_transfer_encoding on; + tls: [] + # Secrets must be manually created in the namespace. + # - hosts: + # - artifactory.domain.example + # secretName: chart-example-tls-secret + + ## IMPORTANT: If overriding artifactory.internalPort: + ## DO NOT use port lower than 1024 as Artifactory runs as non-root and cannot bind to ports lower than 1024! + externalPort: 8082 + internalPort: 8082 + externalArtifactoryPort: 8081 + internalArtifactoryPort: 8081 + uid: 1030 + gid: 1030 + terminationGracePeriodSeconds: 30 + + ## By default, the Artifactory StatefulSet is created with a securityContext that sets the `runAsUser` and the `fsGroup` to the `artifactory.uid` value. + ## If you want to disable the securityContext for the Artifactory StatefulSet, set this tag to false + setSecurityContext: true + + ## The following settings are to configure the frequency of the liveness and readiness probes + livenessProbe: + enabled: true + path: /router/api/v1/system/health + initialDelaySeconds: 180 + failureThreshold: 10 + timeoutSeconds: 10 + periodSeconds: 10 + successThreshold: 1 + + readinessProbe: + enabled: true + path: /router/api/v1/system/health + initialDelaySeconds: 90 + failureThreshold: 10 + timeoutSeconds: 10 + periodSeconds: 10 + successThreshold: 1 + + persistence: + mountPath: "/var/opt/jfrog/artifactory" + enabled: true + ## A manually managed Persistent Volume and Claim + ## Requires persistence.enabled: true + ## If defined, PVC must be created manually before volume will be bound + # existingClaim: + + accessMode: ReadWriteOnce + ## Storage default size. Should be increased for production deployments. + size: 20Gi + + ## Use a custom Secret to be mounted as your binarystore.xml + ## NOTE: This will ignore all settings below that make up binarystore.xml + customBinarystoreXmlSecret: + ## Cache default size. Should be increased for production deployments. + maxCacheSize: 5000000000 + cacheProviderDir: cache + + ## Set the persistence storage type. This will apply the matching binarystore.xml to Artifactory config + ## Supported types are: + ## file-system (default) + ## nfs + ## google-storage + ## aws-s3 + ## aws-s3-v3 + ## azure-blob + type: file-system + + ## Use binarystoreXml to provide a custom binarystore.xml + ## This can be a template or hardcoded. + binarystoreXml: | + {{- if eq .Values.artifactory.persistence.type "file-system" -}} + + + + {{- if .Values.artifactory.persistence.fileSystem.cache.enabled }} + + {{- end }} + + {{- if .Values.artifactory.persistence.fileSystem.cache.enabled }} + + {{- end }} + + + {{- if .Values.artifactory.persistence.fileSystem.cache.enabled }} + + {{ .Values.artifactory.persistence.maxCacheSize }} + {{ .Values.artifactory.persistence.cacheProviderDir }} + + {{- end }} + + {{- end }} + {{- if eq .Values.artifactory.persistence.type "google-storage" }} + + + + + + + + + + + + + + + {{ .Values.artifactory.persistence.maxCacheSize }} + {{ .Values.artifactory.persistence.cacheProviderDir }} + + + + {{ .Values.artifactory.persistence.mountPath }}/data/filestore + /tmp + + + + google-cloud-storage + {{ .Values.artifactory.persistence.googleStorage.endpoint }} + {{ .Values.artifactory.persistence.googleStorage.httpsOnly }} + {{ .Values.artifactory.persistence.googleStorage.bucketName }} + {{ .Values.artifactory.persistence.googleStorage.identity }} + {{ .Values.artifactory.persistence.googleStorage.credential }} + {{ .Values.artifactory.persistence.googleStorage.path }} + {{ .Values.artifactory.persistence.googleStorage.bucketExists }} + + + {{- end }} + {{- if eq .Values.artifactory.persistence.type "aws-s3-v3" }} + + + + + + + + + + + + + + + {{ .Values.artifactory.persistence.maxCacheSize }} + {{ .Values.artifactory.persistence.cacheProviderDir }} + + + {{- with .Values.artifactory.persistence.awsS3V3 }} + + {{ .testConnection }} + {{- if .identity }} + {{ .identity }} + {{- end }} + {{- if .credential }} + {{ .credential }} + {{- end }} + {{ .region }} + {{ .bucketName }} + {{ .path }} + {{ .endpoint }} + {{- with .maxConnections }} + {{ . }} + {{- end }} + {{- with .kmsServerSideEncryptionKeyId }} + {{ . }} + {{- end }} + {{- with .kmsKeyRegion }} + {{ . }} + {{- end }} + {{- with .kmsCryptoMode }} + {{ . }} + {{- end }} + {{- if .useInstanceCredentials }} + true + {{- else }} + false + {{- end }} + {{ .usePresigning }} + {{ .signatureExpirySeconds }} + {{- with .cloudFrontDomainName }} + {{ . }} + {{- end }} + {{- with .cloudFrontKeyPairId }} + {{ .cloudFrontKeyPairId }} + {{- end }} + {{- with .cloudFrontPrivateKey }} + {{ . }} + {{- end }} + {{- with .enableSignedUrlRedirect }} + {{ . }} + {{- end }} + {{- with .enablePathStyleAccess }} + {{ . }} + {{- end }} + + {{- end }} + + {{- end }} + + {{- if eq .Values.artifactory.persistence.type "aws-s3" }} + + + + + + + + + + + + + + + {{ .Values.artifactory.persistence.maxCacheSize }} + {{ .Values.artifactory.persistence.cacheProviderDir }} + + + + {{ .Values.artifactory.persistence.awsS3.endpoint }} + {{- if .Values.artifactory.persistence.awsS3.roleName }} + {{ .Values.artifactory.persistence.awsS3.roleName }} + true + {{- else }} + {{ .Values.artifactory.persistence.awsS3.refreshCredentials }} + {{- end }} + {{ .Values.artifactory.persistence.awsS3.s3AwsVersion }} + {{ .Values.artifactory.persistence.awsS3.testConnection }} + {{ .Values.artifactory.persistence.awsS3.httpsOnly }} + {{ .Values.artifactory.persistence.awsS3.region }} + {{ .Values.artifactory.persistence.awsS3.bucketName }} + {{- if .Values.artifactory.persistence.awsS3.identity }} + {{ .Values.artifactory.persistence.awsS3.identity }} + {{- end }} + {{- if .Values.artifactory.persistence.awsS3.credential }} + {{ .Values.artifactory.persistence.awsS3.credential }} + {{- end }} + {{ .Values.artifactory.persistence.awsS3.path }} + {{- range $key, $value := .Values.artifactory.persistence.awsS3.properties }} + + {{- end }} + + + {{- end }} + {{- if eq .Values.artifactory.persistence.type "azure-blob" }} + + + + + + + + + + + + + + + {{ .Values.artifactory.persistence.maxCacheSize }} + {{ .Values.artifactory.persistence.cacheProviderDir }} + + + + {{ .Values.artifactory.persistence.azureBlob.accountName }} + {{ .Values.artifactory.persistence.azureBlob.accountKey }} + {{ .Values.artifactory.persistence.azureBlob.endpoint }} + {{ .Values.artifactory.persistence.azureBlob.containerName }} + {{ .Values.artifactory.persistence.azureBlob.testConnection }} + + + {{- end }} + + ## For artifactory.persistence.type nfs + ## If using NFS as the shared storage, you must have a running NFS server that is accessible by your Kubernetes + ## cluster nodes. + ## Need to have the following set + nfs: + # Must pass actual IP of NFS server with '--set For artifactory.persistence.nfs.ip=${NFS_IP}' + ip: + haDataMount: "/data" + haBackupMount: "/backup" + dataDir: "/var/opt/jfrog/artifactory" + backupDir: "/var/opt/jfrog/artifactory-backup" + capacity: 200Gi + + ## For artifactory.persistence.type file-system + fileSystem: + cache: + enabled: false + + ## For artifactory.persistence.type google-storage + googleStorage: + endpoint: commondatastorage.googleapis.com + httpsOnly: false + # Set a unique bucket name + bucketName: "artifactory-gcp" + identity: + credential: + path: "artifactory/filestore" + bucketExists: false + + ## For artifactory.persistence.type aws-s3-v3 + awsS3V3: + testConnection: false + identity: + credential: + region: + bucketName: artifactory-aws + path: artifactory/filestore + endpoint: + maxConnections: 50 + kmsServerSideEncryptionKeyId: + kmsKeyRegion: + kmsCryptoMode: + useInstanceCredentials: true + usePresigning: false + signatureExpirySeconds: 300 + cloudFrontDomainName: + cloudFrontKeyPairId: + cloudFrontPrivateKey: + enableSignedUrlRedirect: false + enablePathStyleAccess: false + + ## For artifactory.persistence.type aws-s3 + ## IMPORTANT: Make sure S3 `endpoint` and `region` match! See https://docs.aws.amazon.com/general/latest/gr/rande.html + awsS3: + # Set a unique bucket name + bucketName: "artifactory-aws" + endpoint: + region: + roleName: + identity: + credential: + path: "artifactory/filestore" + refreshCredentials: true + httpsOnly: true + testConnection: false + s3AwsVersion: AWS4-HMAC-SHA256 + ## Additional properties to set on the s3 provider + properties: {} + # httpclient.max-connections: 100 + ## For artifactory.persistence.type azure-blob + azureBlob: + accountName: + accountKey: + endpoint: + containerName: + testConnection: false + ## artifactory data Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClassName: "-" + ## Annotations for the Persistent Volume Claim + annotations: {} + ## Uncomment the following resources definitions or pass them from command line + ## to control the cpu and memory resources allocated by the Kubernetes cluster + resources: {} + # requests: + # memory: "1Gi" + # cpu: "500m" + # limits: + # memory: "2Gi" + # cpu: "1" + ## The following Java options are passed to the java process running Artifactory. + ## You should set them according to the resources set above + javaOpts: + # xms: "1g" + # xmx: "2g" + jmx: + enabled: false + port: 9010 + host: + ssl: false + # When authenticate is true, accessFile and passwordFile are required + authenticate: false + accessFile: + passwordFile: + corePoolSize: 8 + # other: "" + + nodeSelector: {} + + tolerations: [] + + affinity: {} + + ssh: + enabled: false + internalPort: 1339 + externalPort: 1339 + +frontend: + ## Session settings + session: + ## Time in minutes after which the frontend token will need to be refreshed + timeoutMinutes: '30' + +access: + ## Enable TLS by changing the tls entry (under the security section) in the access.config.yaml file. + ## ref: https://www.jfrog.com/confluence/display/JFROG/Managing+TLS+Certificates#ManagingTLSCertificates + ## When security.tls is set to true, JFrog Access will act as the Certificate Authority (CA) and sign the TLS certificates used by all the different JFrog Platform nodes. + ## This ensures that the node to node communication is done over TLS. + accessConfig: + security: + tls: false + + ## You can use a pre-existing secret by specifying customCertificatesSecretName + ## Example : Create a tls secret using `kubectl create secret tls --cert=ca.crt --key=ca.private.key` + # customCertificatesSecretName: + + ## When resetAccessCAKeys is true, Access will regenerate the CA certificate and matching private key + # resetAccessCAKeys: false + database: + maxOpenConnections: 80 + tomcat: + connector: + maxThreads: 50 + extraConfig: 'acceptCount="100"' + +metadata: + database: + maxOpenConnections: 80 + +# Nginx +nginx: + enabled: true + kind: Deployment + name: nginx + labels: {} + replicaCount: 1 + uid: 104 + gid: 107 + # Note that by default we use appVersion to get image tag/version + image: + registry: docker.bintray.io + repository: jfrog/nginx-artifactory-pro + # tag: + pullPolicy: IfNotPresent + + # Priority Class name to be used in deployment if provided + priorityClassName: + + # Sidecar containers for tailing Nginx logs + loggers: [] + # - access.log + # - error.log + + # Loggers containers resources + loggersResources: {} + # requests: + # memory: "64Mi" + # cpu: "25m" + # limits: + # memory: "128Mi" + # cpu: "50m" + + # Logs options + logs: + stderr: false + level: warn + + mainConf: | + # Main Nginx configuration file + worker_processes 4; + + {{ if .Values.nginx.logs.stderr }} + error_log stderr {{ .Values.nginx.logs.level }}; + {{- else -}} + error_log {{ .Values.nginx.persistence.mountPath }}/logs/error.log {{ .Values.nginx.logs.level }}; + {{- end }} + pid /tmp/nginx.pid; + + {{- if .Values.artifactory.ssh.enabled }} + ## SSH Server Configuration + stream { + server { + listen {{ .Values.nginx.ssh.internalPort }}; + proxy_pass {{ include "artifactory.fullname" . }}:{{ .Values.artifactory.ssh.externalPort }}; + } + } + {{- end }} + + events { + worker_connections 1024; + } + + + http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + variables_hash_max_size 1024; + variables_hash_bucket_size 64; + server_names_hash_max_size 4096; + server_names_hash_bucket_size 128; + types_hash_max_size 2048; + types_hash_bucket_size 64; + proxy_read_timeout 2400s; + client_header_timeout 2400s; + client_body_timeout 2400s; + proxy_connect_timeout 75s; + proxy_send_timeout 2400s; + proxy_buffer_size 128k; + proxy_buffers 40 128k; + proxy_busy_buffers_size 128k; + proxy_temp_file_write_size 250m; + proxy_http_version 1.1; + client_body_buffer_size 128k; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + log_format timing 'ip = $remote_addr ' + 'user = \"$remote_user\" ' + 'local_time = \"$time_local\" ' + 'host = $host ' + 'request = \"$request\" ' + 'status = $status ' + 'bytes = $body_bytes_sent ' + 'upstream = \"$upstream_addr\" ' + 'upstream_time = $upstream_response_time ' + 'request_time = $request_time ' + 'referer = \"$http_referer\" ' + 'UA = \"$http_user_agent\"'; + + access_log {{ .Values.nginx.persistence.mountPath }}/logs/access.log timing; + + sendfile on; + #tcp_nopush on; + + keepalive_timeout 65; + + #gzip on; + + include /etc/nginx/conf.d/*.conf; + + } + + + artifactoryConf: | + {{- if .Values.nginx.https.enabled }} + ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; + ssl_certificate {{ .Values.nginx.persistence.mountPath }}/ssl/tls.crt; + ssl_certificate_key {{ .Values.nginx.persistence.mountPath }}/ssl/tls.key; + ssl_session_cache shared:SSL:1m; + ssl_prefer_server_ciphers on; + {{- end }} + ## server configuration + server { + {{- if .Values.nginx.internalPortHttps }} + listen {{ .Values.nginx.internalPortHttps }} ssl; + {{- else -}} + {{- if .Values.nginx.https.enabled }} + listen {{ .Values.nginx.https.internalPort }} ssl; + {{- end }} + {{- end }} + {{- if .Values.nginx.internalPortHttp }} + listen {{ .Values.nginx.internalPortHttp }}; + {{- else -}} + {{- if .Values.nginx.http.enabled }} + listen {{ .Values.nginx.http.internalPort }}; + {{- end }} + {{- end }} + server_name ~(?.+)\.{{ include "artifactory.fullname" . }} {{ include "artifactory.fullname" . }} + {{- range .Values.ingress.hosts -}} + {{- if contains "." . -}} + {{ "" | indent 0 }} ~(?.+)\.{{ . }} + {{- end -}} + {{- end -}}; + + if ($http_x_forwarded_proto = '') { + set $http_x_forwarded_proto $scheme; + } + ## Application specific logs + ## access_log /var/log/nginx/artifactory-access.log timing; + ## error_log /var/log/nginx/artifactory-error.log; + rewrite ^/artifactory/?$ / redirect; + if ( $repo != "" ) { + rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/$repo/$1/$2 break; + } + chunked_transfer_encoding on; + client_max_body_size 0; + + location / { + proxy_read_timeout 900; + proxy_pass_header Server; + proxy_cookie_path ~*^/.* /; + proxy_pass {{ include "artifactory.scheme" . }}://{{ include "artifactory.fullname" . }}:{{ .Values.artifactory.externalPort }}/; + {{- if .Values.nginx.service.ssloffload}} + proxy_set_header X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host; + {{- else }} + proxy_set_header X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host:$server_port; + proxy_set_header X-Forwarded-Port $server_port; + {{- end }} + proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + location /artifactory/ { + if ( $request_uri ~ ^/artifactory/(.*)$ ) { + proxy_pass {{ include "artifactory.scheme" . }}://{{ include "artifactory.fullname" . }}:{{ .Values.artifactory.externalArtifactoryPort }}/artifactory/$1; + } + proxy_pass {{ include "artifactory.scheme" . }}://{{ include "artifactory.fullname" . }}:{{ .Values.artifactory.externalArtifactoryPort }}/artifactory/; + } + } + } + + service: + ## For minikube, set this to NodePort, elsewhere use LoadBalancer + type: LoadBalancer + ssloffload: false + ## For supporting whitelist on the Nginx LoadBalancer service + ## Set this to a list of IP CIDR ranges + ## Example: loadBalancerSourceRanges: ['10.10.10.5/32', '10.11.10.5/32'] + ## or pass from helm command line + ## Example: helm install ... --set nginx.service.loadBalancerSourceRanges='{10.10.10.5/32,10.11.10.5/32}' + loadBalancerSourceRanges: [] + annotations: {} + ## Provide static ip address + loadBalancerIP: + ## There are two available options: “Cluster” (default) and “Local”. + externalTrafficPolicy: Cluster + + http: + enabled: true + externalPort: 80 + internalPort: 80 + https: + enabled: true + externalPort: 443 + internalPort: 443 + + ssh: + internalPort: 1339 + externalPort: 1339 + + # DEPRECATED: The following will be removed in a future release + # externalPortHttp: 80 + # internalPortHttp: 80 + # externalPortHttps: 443 + # internalPortHttps: 443 + + ## The following settings are to configure the frequency of the liveness and readiness probes + livenessProbe: + enabled: true + path: /router/api/v1/system/health + initialDelaySeconds: 180 + failureThreshold: 10 + timeoutSeconds: 10 + periodSeconds: 10 + successThreshold: 1 + + readinessProbe: + enabled: true + path: /router/api/v1/system/health + initialDelaySeconds: 120 + failureThreshold: 10 + timeoutSeconds: 10 + periodSeconds: 10 + successThreshold: 1 + + ## The SSL secret that will be used by the Nginx pod + # tlsSecretName: chart-example-tls + ## Custom ConfigMap for nginx.conf + customConfigMap: + ## Custom ConfigMap for artifactory-ha.conf + customArtifactoryConfigMap: + persistence: + mountPath: "/var/opt/jfrog/nginx" + enabled: false + ## A manually managed Persistent Volume and Claim + ## Requires persistence.enabled: true + ## If defined, PVC must be created manually before volume will be bound + # existingClaim: + + accessMode: ReadWriteOnce + size: 5Gi + ## nginx data Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClassName: "-" + resources: {} + # requests: + # memory: "250Mi" + # cpu: "100m" + # limits: + # memory: "250Mi" + # cpu: "500m" + nodeSelector: {} + + tolerations: [] + + affinity: {} + +## Database configurations +## Use the wait-for-db init container. Set to false to skip +waitForDatabase: true + +## Configuration values for the PostgreSQL dependency sub-chart +## ref: https://github.com/bitnami/charts/blob/master/bitnami/postgresql/README.md +postgresql: + enabled: true + image: + registry: docker.bintray.io + repository: bitnami/postgresql + tag: 12.5.0-debian-10-r25 + postgresqlUsername: artifactory + postgresqlPassword: "" + postgresqlDatabase: artifactory + postgresqlExtendedConf: + listenAddresses: "'*'" + maxConnections: "1500" + persistence: + enabled: true + size: 50Gi + service: + port: 5432 + master: + nodeSelector: {} + affinity: {} + tolerations: [] + slave: + nodeSelector: {} + affinity: {} + tolerations: [] + resources: {} + # requests: + # memory: "512Mi" + # cpu: "100m" + # limits: + # memory: "1Gi" + # cpu: "500m" + +## If NOT using the PostgreSQL in this chart (postgresql.enabled=false), +## specify custom database details here or leave empty and Artifactory will use embedded derby +database: + type: + driver: + ## If you set the url, leave host and port empty + url: + ## If you would like this chart to create the secret containing the db + ## password, use these values + user: + password: + ## If you have existing Kubernetes secrets containing db credentials, use + ## these values + secrets: {} + # user: + # name: "rds-artifactory" + # key: "db-user" + # password: + # name: "rds-artifactory" + # key: "db-password" + # url: + # name: "rds-artifactory" + # key: "db-url" + +# Filebeat Sidecar container +## The provided filebeat configuration is for Artifactory logs. It assumes you have a logstash installed and configured properly. +filebeat: + enabled: false + name: artifactory-filebeat + image: + repository: "docker.elastic.co/beats/filebeat" + version: 7.9.2 + logstashUrl: "logstash:5044" + + livenessProbe: + exec: + command: + - sh + - -c + - | + #!/usr/bin/env bash -e + curl --fail 127.0.0.1:5066 + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + + readinessProbe: + exec: + command: + - sh + - -c + - | + #!/usr/bin/env bash -e + filebeat test output + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + + resources: {} +# requests: +# memory: "100Mi" +# cpu: "100m" +# limits: +# memory: "100Mi" +# cpu: "100m" + + filebeatYml: | + logging.level: info + path.data: {{ .Values.artifactory.persistence.mountPath }}/log/filebeat + name: artifactory-filebeat + queue.spool: ~ + filebeat.inputs: + - type: log + enabled: true + close_eof: ${CLOSE:false} + paths: + - {{ .Values.artifactory.persistence.mountPath }}/log/*.log + fields: + service: "jfrt" + log_type: "artifactory" + output: + logstash: + hosts: ["{{ .Values.filebeat.logstashUrl }}"] + +## Allows to add additional kubernetes resources +## Use --- as a separator between multiple resources +## For an example, refer - https://github.com/jfrog/log-analytics-prometheus/blob/master/artifactory-values.yaml +additionalResources: | diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/ci/default-values.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/ci/default-values.yaml new file mode 100644 index 000000000..86355d3b3 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/ci/default-values.yaml @@ -0,0 +1,7 @@ +# Leave this file empty to ensure that CI runs builds against the default configuration in values.yaml. +artifactory: + databaseUpgradeReady: true + + # To Fix ct tool --reuse-values - PASSWORDS ERROR: you must provide your current passwords when upgrade the release + postgresql: + postgresqlPassword: password diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/logo/jcr-logo.png b/charts/artifactory-jcr/artifactory-jcr/3.4.000/logo/jcr-logo.png new file mode 100644 index 0000000000000000000000000000000000000000..e0ed038ca059f73c179a39841d3be9871075b3a3 GIT binary patch literal 3135 zcmZ`)c{r478-EMg5|gd$S;7$wLYet283r@&7+bOw6-rXJK^@9ch%DiVY>8uE3$s{C zNXv*29ZFd$$J!{A^?TmYxvua0@m<$5&vHNaZ@KUHxvsfMCgBD6B={f*60k7G*?^S> ze$6}_VAhkvn}LP%tTAj1LA6QzYp1xtS?-Lv4Gck7_CrwkbqHDkq3}rvqM#vY$_;|_ zGayLZH=ALNg`n+SWTKrZNFXstFdZf`h%lW%q9Zem%wWL(Y=|(pWf0jpFvtNA@*}bh z4NqbaNHq2>ok(O4fFji*gaC^~*eHtz3p@>vT+xsqxMGtKJek`6D-j+ZPHbjN(+DK$ zFA|VIrjkjG;D{JQfHbg2?2(#CfEn@3AlR4L!;D{sNi+i72wOKFBHK1FWAw;~#IOVmFbxI+vG)%Tp$Rku5d~F1n-Bq@z#ahUL`04qw|{C6ngI4B z2GNXe1~!0jD+kB{doU;&fgs*~MUWDZh2Io0(w$$ew+*1p#$!89)jIJfINEdQ12byhTE!A`Z#GDqyCvo5Qw> zXd$lxNFzP5rdxxqf+O1oJB~DJ>&?KH3`@3cn9zujgKmIKs|KsB=CDcFwIEK2KoQKq zD)`C-c3oRSfO%_JH3BwEm3yJZ!SBblHI;0mZSknc#MBky5zbJK&zV+}m$ z*+3hTEhKT&{dyszYxL`njhT-x>N3MILVN8K9(`(zwh$nX^ro6|?><9YStxhms$X5a zzg==NSfk+kZ8^=FwS2{r6!BegS9Uo5J!mW=?D`FdDr3@%GLmzPc@9O`syW2YzLq~d zue9yJ#o9TJDHC4OdJz9Z&XbStioQB{?`M@%e_E^HyZGlFZzilfS#5j`5A1x?eOkG zs(bGA{TB9i=)_pomm^DmDgWoQbu|TcRyWWw+;4gFCEow)z}ZqQ)5dSIC{Xye(*!(j zuAADc2M*kU7O*MzIKK$5jPA!91=%1HWPvlb3mKZtS$7pNmFg5XAH~_}8)+U?6eb*b zJ%QcTDnx$0fJ$M;)YwL(35nk5f6?Bq_2BD1TLQ1BaBApdTQwb>K4y%Hj_hP>uJ>ll zTzV))8xu?oUdcgpMUvN~zS zonig+Lwnmo=M>Fjo--G!gO_}He7F_NR;)3_vS|%b6V@9GGV6N^sp}U%`aL?Aw0GLk z<0FkFy#Mpi^WWulNygPLa&R9ohRn(*zAsZ#^PU{KQb^2{z;w-C?8_^fJ<-!jnbm$O zh8_3EPct1K!d1)aw~EV7^!IsmbqMFFFVwAO(@k7tWR$wCziZ@tDI2&Nt#t$SO`K-q zI>|DeQ~MPEOy{nDGb89=Rf*yktkvH_Cmy67&(Y|emTWHZn0PtIf6#_?^`@P}C;vPR z*&~-n3+wKvW~4T&8{|D*aQM;L)D%bVdf{NF=;UB8Ebs7$Z~BC#zQ#AL{u{eO5`-8# zzQ41<(aL`dJwd6ckM_N~ccK9xm z^=r&jomKefX`K5RgIBOe{0uUvIp&!^qg&)!C0XyT)00Oczcw&Kg>e-XQOe;TB3cx* zxkH3>vQ((ls4m)%^vW{r&hgB9>#G{`WA#nNx_*apX$jF(xA%3>pVL8{HMm1E zcUg0uY=})XAtyEe%*}rt1vE8 zZroX6Es9U-YD*po?0BtU7%lB5DSxp*Blk>@oB+3Zitg}9ES#bnRXAJOyMz)Po5V*J z^mkBt1(~Fyq|Lg&O4Ze6+JoiCYR=4*#3|(IBt=~56Wx64xF#IkZb%WEZ%;nF;CWim zWK938Up)TKV-!9*R7qPgFsIMHc5Vbup~CGuRK5EK+7If z(mnZITq!5}xm7XUw`k#s7Mm&3EJt%kQOuavxl?@FW0RPDwaS<=+uKK_-?^iP#@_Zc zH#1}T#gluhAGdH=i@U~%=|$)q@rmp)_O%~6D4s8J!Of>(z##4>zJrR^+U_h=;a76G zXy9lZJvL4<0K5Rp0i}MaAAOvrd^OsiO~IS7iSD{v>FH4vk({9OlkdECPekp-$ILt4 zK80zap;~$$AsoZyX?sHBWWTL<8yQnaB=9AHRX$p3Tu&p0KzTSAJTvDiufHon^~X2*w>#XS8R+m}vX z-e74?1$0SH&%g}Hf&Jt0&TN1+m z#AQL=x^%XwN#VSU2@^HlQarBCV1U%m;C7nHI0 zHT_K@^NYVGtw-+4NMuc8`D6;gFoaw;q=}*LxYS!#)rH(vWy{DEF+V>E2y2ZKJ-2rT)DP9&n3z#p(CK0JXYTTKvnH z3l=>(=8_%Ht+J`ix(3}d`Z=)Hlc^5=l$8Qaj|aM+3iQxFf=KlitTyppFy!`(Gr!<~@2LQ;zl!U7~>K6H5h0(N~ literal 0 HcmV?d00001 diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/questions.yml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/questions.yml new file mode 100644 index 000000000..9cde42870 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/questions.yml @@ -0,0 +1,271 @@ +questions: +# Advance Settings +- variable: artifactory.artifactory.masterKey + default: "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + description: "Artifactory master key. For security reasons, we strongly recommend you generate your own master key using this command: 'openssl rand -hex 32'" + type: string + label: Artifactory master key + group: "Security Settings" + +# Container Images +- variable: defaultImage + default: true + description: "Use default Docker image" + label: Use Default Image + type: boolean + show_subquestion_if: false + group: "Container Images" + subquestions: + - variable: artifactory.artifactory.image.repository + default: "docker.bintray.io/jfrog/artifactory-jcr" + description: "JFrog Container Registry image name" + type: string + label: JFrog Container Registry Image Name + - variable: artifactory.artifactory.image.version + default: "7.6.3" + description: "JFrog Container Registry image tag" + type: string + label: JFrog Container Registry Image Tag + - variable: artifactory.imagePullSecrets + description: "Image Pull Secret" + type: string + label: Image Pull Secret + +# Services and LoadBalancing Settings +- variable: artifactory.ingress.enabled + default: false + description: "Expose app using Layer 7 Load Balancer - ingress" + type: boolean + label: Expose app using Layer 7 Load Balancer + show_subquestion_if: true + group: "Services and Load Balancing" + required: true + subquestions: + - variable: artifactory.ingress.hosts[0] + default: "xip.io" + description: "Hostname to your artifactory installation" + type: hostname + required: true + label: Hostname + +# Nginx Settings +- variable: artifactory.nginx.enabled + default: true + description: "Enable nginx server" + type: boolean + label: Enable Nginx Server + group: "Services and Load Balancing" + required: true + show_if: "artifactory.ingress.enabled=false" +- variable: artifactory.nginx.service.type + default: "LoadBalancer" + description: "Nginx service type" + type: enum + required: true + label: Nginx Service Type + show_if: "artifactory.nginx.enabled=true&&artifactory.ingress.enabled=false" + group: "Services and Load Balancing" + options: + - "ClusterIP" + - "NodePort" + - "LoadBalancer" +- variable: artifactory.nginx.service.loadBalancerIP + default: "" + description: "Provide Static IP to configure with Nginx" + type: string + label: Config Nginx LoadBalancer IP + show_if: "artifactory.nginx.enabled=true&&artifactory.nginx.service.type=LoadBalancer&&artifactory.ingress.enabled=false" + group: "Services and Load Balancing" +- variable: artifactory.nginx.tlsSecretName + default: "" + description: "Provide SSL Secret name to configure with Nginx" + type: string + label: Config Nginx SSL Secret + show_if: "artifactory.nginx.enabled=true&&artifactory.ingress.enabled=false" + group: "Services and Load Balancing" +- variable: artifactory.nginx.customArtifactoryConfigMap + default: "" + description: "Provide configMap name to configure Nginx with custom `artifactory.conf`" + type: string + label: ConfigMap for Nginx Artifactory Config + show_if: "artifactory.nginx.enabled=true&&artifactory.ingress.enabled=false" + group: "Services and Load Balancing" + +# Database Settings +- variable: artifactory.postgresql.enabled + default: true + description: "Enable PostgreSQL" + type: boolean + required: true + label: Enable PostgreSQL + group: "Database Settings" + show_subquestion_if: true + subquestions: + - variable: artifactory.postgresql.postgresqlPassword + default: "" + description: "PostgreSQL password" + type: password + required: true + label: PostgreSQL Password + group: "Database Settings" + show_if: "artifactory.postgresql.enabled=true" + - variable: artifactory.postgresql.persistence.size + default: 20Gi + description: "PostgreSQL persistent volume size" + type: string + label: PostgreSQL Persistent Volume Size + show_if: "artifactory.postgresql.enabled=true" + - variable: artifactory.postgresql.persistence.storageClass + default: "" + description: "If undefined or null, uses the default StorageClass. Default to null" + type: storageclass + label: Default StorageClass for PostgreSQL + show_if: "artifactory.postgresql.enabled=true" + - variable: artifactory.postgresql.resources.requests.cpu + default: "200m" + description: "PostgreSQL initial cpu request" + type: string + label: PostgreSQL Initial CPU Request + show_if: "artifactory.postgresql.enabled=true" + - variable: artifactory.postgresql.resources.requests.memory + default: "500Mi" + description: "PostgreSQL initial memory request" + type: string + label: PostgreSQL Initial Memory Request + show_if: "artifactory.postgresql.enabled=true" + - variable: artifactory.postgresql.resources.limits.cpu + default: "1" + description: "PostgreSQL cpu limit" + type: string + label: PostgreSQL CPU Limit + show_if: "artifactory.postgresql.enabled=true" + - variable: artifactory.postgresql.resources.limits.memory + default: "1Gi" + description: "PostgreSQL memory limit" + type: string + label: PostgreSQL Memory Limit + show_if: "artifactory.postgresql.enabled=true" +- variable: artifactory.database.type + default: "postgresql" + description: "xternal database type (postgresql, mysql, oracle or mssql)" + type: enum + required: true + label: External Database Type + group: "Database Settings" + show_if: "artifactory.postgresql.enabled=false" + options: + - "postgresql" + - "mysql" + - "oracle" + - "mssql" +- variable: artifactory.database.url + default: "" + description: "External database URL. If you set the url, leave host and port empty" + type: string + label: External Database URL + group: "Database Settings" + show_if: "artifactory.postgresql.enabled=false" +- variable: artifactory.database.host + default: "" + description: "External database hostname" + type: string + label: External Database Hostname + group: "Database Settings" + show_if: "artifactory.postgresql.enabled=false" +- variable: artifactory.database.port + default: "" + description: "External database port" + type: string + label: External Database Port + group: "Database Settings" + show_if: "artifactory.postgresql.enabled=false" +- variable: artifactory.database.user + default: "" + description: "External database username" + type: string + label: External Database Username + group: "Database Settings" + show_if: "artifactory.postgresql.enabled=false" +- variable: artifactory.database.password + default: "" + description: "External database password" + type: password + label: External Database Password + group: "Database Settings" + show_if: "artifactory.postgresql.enabled=false" + +# Advance Settings +- variable: artifactory.advancedOptions + default: false + description: "Show advanced configurations" + label: Show Advanced Configurations + type: boolean + show_subquestion_if: true + group: "Advanced Options" + subquestions: + - variable: artifactory.artifactory.primary.resources.requests.cpu + default: "500m" + description: "Artifactory primary node initial cpu request" + type: string + label: Artifactory Primary Node Initial CPU Request + - variable: artifactory.artifactory.primary.resources.requests.memory + default: "1Gi" + description: "Artifactory primary node initial memory request" + type: string + label: Artifactory Primary Node Initial Memory Request + - variable: artifactory.artifactory.primary.javaOpts.xms + default: "1g" + description: "Artifactory primary node java Xms size" + type: string + label: Artifactory Primary Node Java Xms Size + - variable: artifactory.artifactory.primary.resources.limits.cpu + default: "2" + description: "Artifactory primary node cpu limit" + type: string + label: Artifactory Primary Node CPU Limit + - variable: artifactory.artifactory.primary.resources.limits.memory + default: "4Gi" + description: "Artifactory primary node memory limit" + type: string + label: Artifactory Primary Node Memory Limit + - variable: artifactory.artifactory.primary.javaOpts.xmx + default: "4g" + description: "Artifactory primary node java Xmx size" + type: string + label: Artifactory Primary Node Java Xmx Size + - variable: artifactory.artifactory.node.resources.requests.cpu + default: "500m" + description: "Artifactory member node initial cpu request" + type: string + label: Artifactory Member Node Initial CPU Request + - variable: artifactory.artifactory.node.resources.requests.memory + default: "2Gi" + description: "Artifactory member node initial memory request" + type: string + label: Artifactory Member Node Initial Memory Request + - variable: artifactory.artifactory.node.javaOpts.xms + default: "1g" + description: "Artifactory member node java Xms size" + type: string + label: Artifactory Member Node Java Xms Size + - variable: artifactory.artifactory.node.resources.limits.cpu + default: "2" + description: "Artifactory member node cpu limit" + type: string + label: Artifactory Member Node CPU Limit + - variable: artifactory.artifactory.node.resources.limits.memory + default: "4Gi" + description: "Artifactory member node memory limit" + type: string + label: Artifactory Member Node Memory Limit + - variable: artifactory.artifactory.node.javaOpts.xmx + default: "4g" + description: "Artifactory member node java Xmx size" + type: string + label: Artifactory Member Node Java Xmx Size + +# Internal Settings +- variable: installerInfo + default: '\{\"productId\": \"RancherHelm_artifactory-jcr/7.6.3\", \"features\": \[\{\"featureId\": \"Partner/ACC-007246\"\}\]\}' + type: string + group: "Internal Settings (Do not modify)" diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/requirements.lock b/charts/artifactory-jcr/artifactory-jcr/3.4.000/requirements.lock new file mode 100644 index 000000000..299d8cefe --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/requirements.lock @@ -0,0 +1,6 @@ +dependencies: +- name: artifactory + repository: https://charts.jfrog.io/ + version: 11.7.4 +digest: sha256:a4c52f49f154be6434a9a37474eee556de8d97a487be9dec923124a64651aac8 +generated: "2021-01-04T14:56:17.66958+05:30" diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/requirements.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/requirements.yaml new file mode 100644 index 000000000..4ad868b8a --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/requirements.yaml @@ -0,0 +1,4 @@ +dependencies: + - name: artifactory + version: 11.7.4 + repository: https://charts.jfrog.io/ diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/templates/NOTES.txt b/charts/artifactory-jcr/artifactory-jcr/3.4.000/templates/NOTES.txt new file mode 100644 index 000000000..035bf8417 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/templates/NOTES.txt @@ -0,0 +1 @@ +Congratulations. You have just deployed JFrog Container Registry! diff --git a/charts/artifactory-jcr/artifactory-jcr/3.4.000/values.yaml b/charts/artifactory-jcr/artifactory-jcr/3.4.000/values.yaml new file mode 100644 index 000000000..250485d27 --- /dev/null +++ b/charts/artifactory-jcr/artifactory-jcr/3.4.000/values.yaml @@ -0,0 +1,75 @@ +# Default values for artifactory-jcr. +# This is a YAML-formatted file. + +# Beware when changing values here. You should know what you are doing! +# Access the values with {{ .Values.key.subkey }} + +# This chart is based on the main artifactory chart with some customizations. +# See all supported configuration keys in https://github.com/jfrog/charts/tree/master/stable/artifactory + +## All values are under the 'artifactory' sub chart. +artifactory: + + ## Artifactory + ## See full list of supported Artifactory options and documentation in artifactory chart: https://github.com/jfrog/charts/tree/master/stable/artifactory + artifactory: + ## Default tag is from the artifactory sub-chart in the requirements.yaml + image: + registry: docker.bintray.io + repository: jfrog/artifactory-jcr + # tag: + + ## Uncomment the following resources definitions or pass them from command line + ## to control the cpu and memory resources allocated by the Kubernetes cluster + resources: {} + # requests: + # memory: "1Gi" + # cpu: "500m" + # limits: + # memory: "4Gi" + # cpu: "1" + ## The following Java options are passed to the java process running Artifactory. + ## You should set them according to the resources set above. + ## IMPORTANT: Make sure resources.limits.memory is at least 1G more than Xmx. + javaOpts: {} + # xms: "1g" + # xmx: "3g" + # other: "" + + installer: + platform: jcr-helm + + installerInfo: '{"productId": "Helm_artifactory-jcr/{{ .Chart.Version }}", "features": [ { "featureId": "Platform/{{ default "kubernetes" .Values.installer.platform }}"}]}' + ## Nginx + ## See full list of supported Nginx options and documentation in artifactory chart: https://github.com/jfrog/charts/tree/master/stable/artifactory + nginx: + enabled: true + tlsSecretName: "" + service: + type: LoadBalancer + + ## Ingress + ## See full list of supported Ingress options and documentation in artifactory chart: https://github.com/jfrog/charts/tree/master/stable/artifactory + ingress: + enabled: false + tls: + + ## PostgreSQL + ## See list of supported postgresql options and documentation in artifactory chart: https://github.com/jfrog/charts/tree/master/stable/artifactory + ## Configuration values for the PostgreSQL dependency sub-chart + ## ref: https://github.com/bitnami/charts/blob/master/bitnami/postgresql/README.md + postgresql: + enabled: true + + ## This key is required for upgrades to protect old PostgreSQL chart's breaking changes. + databaseUpgradeReady: "yes" + + ## If NOT using the PostgreSQL in this chart (artifactory.postgresql.enabled=false), + ## specify custom database details here or leave empty and Artifactory will use embedded derby. + ## See full list of database options and documentation in artifactory chart: https://github.com/jfrog/charts/tree/master/stable/artifactory + # database: + + +## Enable the PostgreSQL sub chart +postgresql: + enabled: true diff --git a/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/.helmignore b/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/.helmignore new file mode 100644 index 000000000..50af03172 --- /dev/null +++ b/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/Chart.yaml b/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/Chart.yaml new file mode 100644 index 000000000..10b3cf005 --- /dev/null +++ b/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/Chart.yaml @@ -0,0 +1,18 @@ +annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/release-name: citrix-adc-istio-ingress-gateway +apiVersion: v1 +appVersion: 1.2.1 +description: A Helm chart for Citrix ADC as Ingress Gateway installation in Istio + Service Mesh on Kubernetes platform +home: https://www.citrix.com +icon: https://raw.githubusercontent.com/citrix/citrix-helm-charts/gh-pages/icon.png +maintainers: +- email: dhiraj.gedam@citrix.com + name: dheerajng +- email: subash.dangol@citrix.com + name: subashd +name: citrix-adc-istio-ingress-gateway +sources: +- https://github.com/citrix/citrix-istio-adaptor +version: 1.2.100 diff --git a/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/README.md b/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/README.md new file mode 100644 index 000000000..0362e7b1f --- /dev/null +++ b/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/README.md @@ -0,0 +1,220 @@ +# Deploy Citrix ADC as an Ingress Gateway in Istio environment using Helm charts + +Citrix Application Delivery Controller (ADC) can be deployed as an Istio Ingress Gateway to control the ingress traffic to Istio service mesh. + +# Table of Contents +1. [TL; DR;](#tldr) +2. [Introduction](#introduction) +3. [Deploy Citrix ADC VPX or MPX as an Ingress Gateway](#deploy-citrix-adc-vpx-or-mpx-as-an-ingress-gateway) +4. [Deploy Citrix ADC CPX as an Ingress Gateway](#deploy-citrix-adc-cpx-as-an-ingress-gateway) +5. [Using Existing Certificates to deploy Citrix ADC as an Ingress Gateway](#using-existing-certificates-to-deploy-citrix-adc-as-an-ingress-gateway) +6. [Segregating traffic with multiple Ingress Gateways](#segregating-traffic-with-multiple-ingress-gateways) +7. [Visualizing statistics of Citrix ADC Ingress Gateway with Metrics Exporter](#visualizing-statistics-of-citrix-adc-ingress-gateway-with-metrics-exporter) +8. [Exposing services running on non-HTTP ports](#exposing-services-running-on-non-http-ports) +9. [Citrix ADC as Ingress Gateway: a sample deployment](#citrix-adc-as-ingress-gateway-a-sample-deployment) +10. [Uninstalling the Helm chart](#uninstalling-the-helm-chart) +11. [Configuration Parameters](#configuration-parameters) + + +## TL; DR; + +### To deploy Citrix ADC VPX or MPX as an Ingress Gateway: + + kubectl create secret generic nslogin --from-literal=username= --from-literal=password= -n citrix-system + + helm repo add citrix https://citrix.github.io/citrix-helm-charts/ + + helm install citrix-adc-istio-ingress-gateway citrix/citrix-adc-istio-ingress-gateway --namespace citrix-system --set ingressGateway.EULA=YES --set istioAdaptor.netscalerUrl=https://[:port] --set istioAdaptor.vserverIP= + +### To deploy Citrix ADC CPX as an Ingress Gateway: + + helm repo add citrix https://citrix.github.io/citrix-helm-charts/ + + helm install citrix-adc-istio-ingress-gateway citrix/citrix-adc-istio-ingress-gateway --namespace citrix-system --set ingressGateway.EULA=YES --set citrixCPX=true + + +## Introduction + +This chart deploys Citrix ADC VPX, MPX, or CPX as an Ingress Gateway in the Istio service mesh using the Helm package manager. For detailed information on different deployment options, see [Deployment Architecture](https://github.com/citrix/citrix-istio-adaptor/blob/master/docs/architecture.md). + +### Prerequisites + +The following prerequisites are required for deploying Citrix ADC as an Ingress Gateway in Istio service mesh: + +- Ensure that **Istio version 1.3.0** is installed +- Ensure that Helm with version 3.x is installed. Follow this [step](https://github.com/citrix/citrix-helm-charts/blob/master/Helm_Installation_version_3.md) to install the same. +- Ensure that your cluster has Kubernetes version 1.14.0 or later and the `admissionregistration.k8s.io/v1beta1` API is enabled +- **For deploying Citrix ADC VPX or MPX as an Ingress gateway:** + + Create a Kubernetes secret for the Citrix ADC user name and password using the following command: + + kubectl create secret generic nslogin --from-literal=username= --from-literal=password= -n citrix-system + +You can verify the API by using the following command: + + kubectl api-versions | grep admissionregistration.k8s.io/v1beta1 + +The following output indicates that the API is enabled: + + admissionregistration.k8s.io/v1beta1 + +- **Important Note:** For deploying Citrix ADC VPX or MPX as ingress gateway, you should establish the connectivity between Citrix ADC VPX or MPX and cluster nodes. This connectivity can be established by configuring routes on Citrix ADC as mentioned [here](https://github.com/citrix/citrix-k8s-ingress-controller/blob/master/docs/network/staticrouting.md) or by deploying [Citrix Node Controller](https://github.com/citrix/citrix-k8s-node-controller). + + +## Deploy Citrix ADC VPX or MPX as an Ingress Gateway + + To deploy Citrix ADC VPX or MPX as an Ingress Gateway in the Istio service mesh, do the following step. In this example, release name is specified as `citrix-adc-istio-ingress-gateway` and namespace as `citrix-system`. + + kubectl create secret generic nslogin --from-literal=username= --from-literal=password= -n citrix-system + + helm repo add citrix https://citrix.github.io/citrix-helm-charts/ + + helm install citrix-adc-istio-ingress-gateway citrix/citrix-adc-istio-ingress-gateway --namespace citrix-system --set ingressGateway.EULA=YES,istioAdaptor.netscalerUrl=https://[:port],istioAdaptor.vserverIP= + +## Deploy Citrix ADC CPX as an Ingress Gateway + + To deploy Citrix ADC CPX as an Ingress Gateway, do the following step. In this example, release name is specified as `my-release` and namespace is used as `citrix-system`. + + helm repo add citrix https://citrix.github.io/citrix-helm-charts/ + + helm install my-release citrix/citrix-adc-istio-ingress-gateway --namespace citrix-system --set ingressGateway.EULA=YES,citrixCPX=true + + +## Using Existing Certificates to deploy Citrix ADC as an Ingress Gateway + +You may want to use the existing certificate and key for authenticating access to an application using Citrix ADC Ingress Gateway. In that case, you can create a Kubernetes secret from the existing certificate and key. You can mount the Kubernetes secret as data volumes in Citrix ADC Ingress Gateway. + +To create a Kubernetes secret using an existing key named `test_key.pem` and a certificate named `test.pem`, use the following command: + + kubectl create -n citrix-system secret tls citrix-ingressgateway-certs --key test_key.pem --cert test.pem + +Note: Ensure that Kubernetes secret is created in the same namespace where Citrix ADC Ingress Gateway is deployed. + +To deploy Citrix ADC VPX or MPX with secret volume, do the following step: + + kubectl create secret generic nslogin --from-literal=username= --from-literal=password= -n citrix-system + + helm repo add citrix https://citrix.github.io/citrix-helm-charts/ + + helm install my-release citrix/citrix-adc-istio-ingress-gateway --namespace citrix-system --set ingressGateway.EULA=YES,istioAdaptor.netscalerUrl=https://[:port],istioAdaptor.vserverIP=,ingressGateway.secretVolumes[0].name=test-ingressgateway-certs,ingressGateway.secretVolumes[0].secretName=test-ingressgateway-certs,ingressGateway.secretVolumes[0].mountPath=/etc/istio/test-ingressgateway-certs + +To deploy Citrix ADC CPX with secret volume, do the following step: + + helm repo add citrix https://citrix.github.io/citrix-helm-charts/ + + helm install my-release citrix/citrix-adc-istio-ingress-gateway --namespace citrix-system --set ingressGateway.EULA=YES,citrixCPX=true,ingressGateway.secretVolumes[0].name=test-ingressgateway-certs,ingressGateway.secretVolumes[0].secretName=test-ingressgateway-certs,ingressGateway.secretVolumes[0].mountPath=/etc/istio/test-ingressgateway-certs + +## Segregating traffic with multiple Ingress Gateways + +You can deploy multiple Citrix ADC Ingress Gateway devices and segregate traffic to various deployments in the Istio service mesh. This can be achieved with *custom labels*. By default, Citrix ADC Ingress Gateway service comes up with the `app: citrix-ingressgateway` label. This label is used as a selector while deploying the Ingress Gateway or virtual service resources. If you want to deploy Ingress Gateway with the custom label, you can do it using the `ingressGateway.label` option in the Helm chart. + +To deploy Citrix ADC CPX Ingress Gateway with the label `my_custom_ingressgateway`, do the following step: + + kubectl create secret generic nslogin --from-literal=username= --from-literal=password= -n citrix-system + + helm repo add citrix https://citrix.github.io/citrix-helm-charts/ + + helm install my-release citrix/citrix-adc-istio-ingress-gateway --namespace citrix-system --set ingressGateway.EULA=YES,citrixCPX=true,ingressGateway.lightWeightCPX=NO,ingressGateway.label=my_custom_ingressgateway + +To deploy Citrix ADC VPX or MPX as an Ingress Gateway with the label `my_custom_ingressgateway`, do the following step: + + helm repo add citrix https://citrix.github.io/citrix-helm-charts/ + + helm install my-release citrix/citrix-adc-istio-ingress-gateway --namespace citrix-system --set ingressGateway.EULA=YES,istioAdaptor.netscalerUrl=https://[:port],istioAdaptor.vserverIP=,ingressGateway.label=my_custom_ingressgateway + +## Visualizing statistics of Citrix ADC Ingress Gateway with Metrics Exporter + +By default, [Citrix ADC Metrics Exporter](https://github.com/citrix/citrix-adc-metrics-exporter) is also deployed along with Citrix ADC Ingress Gateway. Citrix ADC Metrics Exporter fetches statistical data from Citrix ADC and exports it to Prometheus running in Istio service mesh. When you add Prometheus as a data source in Grafana, you can visualize this statistical data in the Grafana dashboard. + +Metrics Exporter requires the IP address of Citrix ADC CPX or VPX Ingress Gateway. It is retrieved from the value specified for `istioAdaptor.netscalerUrl`. + +When Citrix ADC CPX is deployed as Ingress Gateway, Metrics Exporter runs along with Citrix CPX Ingress Gateway in the same pod and specifying IP address is optional. + +To deploy Citrix ADC as Ingress Gateway without Metrics Exporter, set the value of `metricExporter.required` as false. + + + kubectl create secret generic nslogin --from-literal=username= --from-literal=password= -n citrix-system + + helm repo add citrix https://citrix.github.io/citrix-helm-charts/ + + helm install citrix-adc-istio-ingress-gateway citrix/citrix-adc-istio-ingress-gateway --namespace citrix-system --set ingressGateway.EULA=YES,istioAdaptor.netscalerUrl=https://[:port],istioAdaptor.vserverIP=,metricExporter.required=false + +"Note:" To remotely access telemetry addons such as Prometheus and Grafana, see [Remotely Accessing Telemetry Addons](https://istio.io/docs/tasks/telemetry/gateways/). + +## Exposing services running on non-HTTP ports + +By default, services running on HTTP ports (80 & 443) are exposed through Citrix ADC Ingress Gateway. Similarly, you can expose services that are deployed on non-HTTP ports through the Citrix ADC Ingress Gateway device. + +To deploy Citrix ADC MPX or VPX, and expose a service running on a TCP port, do the following step. + +In this example, a service running on TCP port 5000 is exposed using port 10000 on Citrix ADC. + + kubectl create secret generic nslogin --from-literal=username= --from-literal=password= -n citrix-system + + helm repo add citrix https://citrix.github.io/citrix-helm-charts/ + + helm install my-release citrix/citrix-adc-istio-ingress-gateway --namespace citrix-system --set ingressGateway.EULA=YES,istioAdaptor.netscalerUrl=https://[:port],istioAdaptor.vserverIP=,ingressGateway.tcpPort[0].name=tcp1,ingressGateway.tcpPort[0].port=10000,ingressGateway.tcpPort[0].targetPort=5000 + + To deploy Citrix ADC CPX and expose a service running on a TCP port, do the following step. + In this example, port 10000 on the Citrix ADC CPX instance is exposed using TCP port 30000 (node port configuration) on the host machine. + + helm repo add citrix https://citrix.github.io/citrix-helm-charts/ + + helm install my-release citrix/citrix-adc-istio-ingress-gateway --namespace citrix-system --set ingressGateway.EULA=YES,citrixCPX=true,ingressGateway.tcpPort[0].name=tcp1,ingressGateway.tcpPort[0].nodePort=30000,ingressGateway.tcpPort[0].port=10000,ingressGateway.tcpPort[0].targetPort=5000 + + +## Citrix ADC as Ingress Gateway: a sample deployment + +A sample deployment of Citrix ADC as an Ingress gateway for the Bookinfo application is provided [here](https://github.com/citrix/citrix-helm-charts/tree/master/examples/citrix-adc-in-istio). + +## Uninstalling the Helm chart + +To uninstall or delete a chart with release name as `my-release`, do the following step. + + helm delete my-release + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Configuration parameters + +The following table lists the configurable parameters in the Helm chart and their default values. + + +| Parameter | Description | Default | Optional/Mandatory | +|--------------------------------|-------------------------------|---------------------------|---------------------------| +| `citrixCPX` | Citrix ADC CPX | FALSE | Mandatory for Citrix ADC CPX | +| `istioAdaptor.image` | Image of the Citrix Istio-adaptor container |quay.io/citrix/citrix-istio-adaptor| Mandatory| +| `istioAdaptor.tag` | Tag of the Istio adaptor image | 1.2.0 | Mandatory| +| `istioAdaptor.imagePullPolicy` | Image pull policy for Istio-adaptor | IfNotPresent | Optional| +| `istioAdaptor.vserverIP` | Virtual server IP address on Citrix ADC (Mandatory if citrixCPX=false) | null | Mandatory for Citrix ADC MPX or VPX| +| `istioAdaptor.netscalerUrl` | URL or IP address of the Citrix ADC which Istio-adaptor configures (Mandatory if citrixCPX=false)| null |Mandatory for Citrix ADC MPX or VPX| +| `istioAdaptor.secureConnect` | If this value is set to true, Istio-adaptor establishes secure gRPC channel with Istio Pilot | TRUE | Optional| +| `istioAdaptor.netProfile ` | Network profile name used by [CNC](https://github.com/citrix/citrix-k8s-node-controller) to configure Citrix ADC VPX or MPX which is deployed as Ingress Gateway | null | Optional| +| `istioAdaptor.coeURL` | Name of [Citrix Observability Exporter](https://github.com/citrix/citrix-observability-exporter) Service in the form of "." | null | Optional| +| `istioAdaptor.ADMIP ` | Citrix Application Delivery Management (ADM) IP address | NIL | Mandatory for Citrix ADC CPX | +| `istioAdaptor.ADMFingerPrint ` | Citrix Application Delivery Management (ADM) Finger Print. For more information, see [this](https://docs.citrix.com/en-us/citrix-application-delivery-management-service/application-analytics-and-management/service-graph.html) | NIL | Optional| +| `ingressGateway.image` | Image of Citrix ADC CPX designated to run as Ingress Gateway |quay.io/citrix/citrix-k8s-cpx-ingress| Mandatory for Citrix ADC CPX | +| `ingressGateway.tag` | Version of Citrix ADC CPX | 13.0-47.22 | Mandatory for Citrix ADC CPX | +| `ingressGateway.imagePullPolicy` | Image pull policy | IfNotPresent | Optional| +| `ingressGateway.EULA` | End User License Agreement(EULA) terms and conditions. If yes, then user agrees to EULA terms and conditions. | NO | Mandatory for Citrix ADC CPX +| `ingressGateway.mgmtHttpPort` | Management port of the Citrix ADC CPX | 9080 | Optional| +| `ingressGateway.mgmtHttpsPort` | Secure management port of Citrix ADC CPX | 9443 | Optional| +| `ingressGateway.httpNodePort` | Port on host machine which is used to expose HTTP port (80) of Citrix ADC CPX | 30180 |Optional| +| `ingressGateway.httpsNodePort` | Port on host machine which is used to expose HTTPS port (443) of Citrix ADC CPX | 31443 |Optional| +| `ingressGateway.secretVolume` | A map of user defined volumes to be mounted using Kubernetes secrets | null |Optional| +| `ingressGateway.licenseServerPort` | Citrix ADM port if a non-default port is used | 27000 | Optional| +| `ingressGateway.label` | Custom label for the Ingress Gateway service | citrix-ingressgateway |Optional| +| `ingressGateway.tcpPort` | For exposing multiple TCP ingress | NIL |Optional| +| `istioPilot.name` | Name of the Istio Pilot service | istio-pilot |Optional| +| `istioPilot.namespace` | Namespace where Istio Pilot is running | istio-system |Optional| +| `istioPilot.secureGrpcPort` | Secure GRPC port where Istio Pilot is listening (default setting) | 15011 |Optional| +| `istioPilot.insecureGrpcPort` | Insecure GRPC port where Istio Pilot is listening | 15010 |Optional| +| `istioPilot.SAN` | Subject alternative name for Istio Pilot which is the secure production identity framework for everyone (SPIFFE) ID of Istio Pilot | spiffe://cluster.local/ns/istio-system/sa/istio-pilot-service-account |Optional| +| `metricExporter.required` | Metrics exporter for Citrix ADC | TRUE |Optional| +| `metricExporter.image` | Image of the Citrix ADC Metrics Exporter | quay.io/citrix/citrix-adc-metrics-exporter |Optional| +| `metricExporter.version` | Version of the Citrix ADC Metrics Exporter image | 1.4.0 |Optional| +| `metricExporter.port` | Port over which Citrix ADC Metrics Exporter collects metrics of Citrix ADC. | 8888 |Optional| +| `metricExporter.secure` | Enables collecting metrics over TLS | YES |Optional| +| `metricExporter.logLevel` | Level of logging in Citrix ADC Metrics Exporter. Possible values are: DEBUG, INFO, WARNING, ERROR, CRITICAL | ERROR |Optional| +| `metricExporter.imagePullPolicy` | Image pull policy for Citrix ADC Metrics Exporter | IfNotPresent |Optional| + diff --git a/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/app-readme.md b/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/app-readme.md new file mode 100644 index 000000000..15e4cb6fe --- /dev/null +++ b/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/app-readme.md @@ -0,0 +1,18 @@ +# Citrix ADC as an Ingress Gateway for Istio + +An [Istio](https://istio.io/) ingress gateway acts as an entry point for the incoming traffic and secures and controls access to the service mesh. It also performs routing and load balancing. Citrix ADC [CPX](https://docs.citrix.com/en-us/citrix-adc-cpx), MPX, or [VPX](https://docs.citrix.com/en-us/citrix-adc.html), can be deployed as an ingress gateway to the Istio service mesh. + +### Prerequisites + +The following prerequisites are required for deploying Citrix ADC as an Ingress Gateway in Istio service mesh: + +- Ensure that **Istio** is enabled. +- Ensure that your cluster has Kubernetes version 1.14.0 or later. +- Ensure to create secret named **nslogin** with username and password in same namespace in case of VPX/MPX . Choose the **Resources > Secrets** in the navigation bar. + +### Important NOTE: +- Follow this [link](https://github.com/citrix/citrix-helm-charts/blob/master/examples/citrix-adc-in-istio/README.md +) to deploy Citrix ADC as an ingress gateway for application. +- For deploying Citrix ADC VPX or MPX as ingress gateway, you should establish the connectivity between Citrix ADC VPX or MPX and cluster nodes. This connectivity can be established by configuring routes on Citrix ADC as mentioned [here](https://github.com/citrix/citrix-k8s-ingress-controller/blob/master/docs/network/staticrouting.md) or by deploying [Citrix Node Controller](https://github.com/citrix/citrix-k8s-node-controller). + +This catalog deploys Citrix ADC VPX, MPX, or CPX as an Ingress Gateway in the Istio service mesh. For detailed information on various deployment options,checkout this [link](https://github.com/citrix/citrix-istio-adaptor). diff --git a/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/questions.yml b/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/questions.yml new file mode 100644 index 000000000..1ee110b95 --- /dev/null +++ b/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/questions.yml @@ -0,0 +1,300 @@ +questions: +- variable: citrixCPX + required: true + type: boolean + default: true + description: "Set true to use Citrix ADC CPX as ingress device. Set false to use VPX/MPX as ingress device" + label: citrixCPX + group: "Deployment Settings" +- variable: secrets.name + required: true + type: string + default: "nslogin" + description: "Ensure to create nslogin secret in same namespace" + show_if: "citrixCPX=false" + group: "nslogin Settings" +- variable: istioAdaptor.image + required: true + type: string + default: "quay.io/citrix/citrix-istio-adaptor" + label: istioAdaptor Image + description: "Istio-adaptor Image to be used" + group: "Istio-adaptor Settings" +- variable: istioAdaptor.tag + required: true + type: string + default: "1.2.1" + label: istioAdaptor tag + group: "Istio-adaptor Settings" +- variable: istioAdaptor.imagePullPolicy + required: true + type: enum + default: IfNotPresent + label: istioAdaptor imagePullPolicy + description: "Istio-adaptor Image pull policy" + options: + - "Always" + - "IfNotPresent" + - "Never" + group: "Istio-adaptor Settings" +- variable: istioAdaptor.netscalerUrl + required: true + type: string + default: null + label: istioAdaptor netscalerUrl + description: "URL or IP address of the Citrix ADC which Istio-adaptor configures" + show_if: "citrixCPX=false" + group: "Istio-adaptor Settings" +- variable: istioAdaptor.secureConnect + type: boolean + default: true + label: istioAdaptor secureConnect + description: "If this value is set to true, Istio-adaptor establishes secure gRPC channel with Istio Pilot" + group: "Istio-adaptor Settings" +- variable: istioAdaptor.vserverIP + required: true + type: string + label: istioAdaptor vserverIP + show_if: "citrixCPX=false" + descriptions: "Virtual server IP address on Citrix ADC" + group: "Istio-adaptor Settings" +- variable: istioAdaptor.netProfile + type: string + label: istioAdaptor netProfile + description: "profile name used by CNC to configure VPX/MPX" + show_if: "citrixCPX=false" + group: "Istio-adaptor Settings" +- variable: istioAdaptor.ADMIP + type: string + label: istioAdaptor ADMIP + description: "Citrix Application Delivery Management (ADM) IP address" + group: "Istio-adaptor Settings" +- variable: istioAdaptor.ADMFingerPrint + type: string + label: istioAdaptor ADMFingerPrint + description: "Citrix Application Delivery Management (ADM) Finger Print." + group: "Istio-adaptor Settings" +- variable: istioAdaptor.coeURL + type: string + label: istioAdaptor coeURL + description: "Name of Citrix Observability Exporter Service" + group: "Istio-adaptor Settings" +- variable: istioPilot.name + required: true + type: string + default: istio-pilot + label: istio-pilot name + group: "istio-pilot Settings" + description: "Name of the Istio Pilot service" +- variable: istioPilot.namespace + required: true + type: string + default: istio-system + label: istio-pilot namespace + description: "Namespace where Istio Pilot is running" + group: "istio-pilot Settings" +- variable: istioPilot.secureGrpcPort + required: true + type: int + default: 15011 + label: istio-pilot secureGrpcPort + show_if: "istioAdaptor.secureConnect=true" + description: "Secure GRPC port where Istio Pilot is listening" + group: "istio-pilot Settings" +- variable: istioPilot.insecureGrpcPort + required: true + type: int + default: 15010 + show_if: "istioAdaptor.secureConnect=false" + label: istio-pilot insecureGrpcPort + description: "Insecure GRPC port where Istio Pilot is listening" + group: "istio-pilot Settings" +- variable: istioPilot.SAN + required: true + type: string + default: "spiffe://cluster.local/ns/istio-system/sa/istio-pilot-service-account" + label: istio-pilot SAN + description: "Subject alternative name for Istio Pilot which is (SPIFFE) ID of Istio Pilot" + show_if: "istioAdaptor.secureConnect=true" + group: "istio-pilot Settings" +- variable: ingressGateway.image + required: true + type: string + default: "quay.io/citrix/citrix-k8s-cpx-ingress" + label: ingressGateway Image + description: "ingressGateway image to be used" + group: "ingressGateway Settings" +- variable: ingressGateway.tag + required: true + type: string + default: "13.0-47.22" + label: ingressGateway tag + group: "ingressGateway Settings" +- variable: ingressGateway.imagePullPolicy + required: true + type: enum + default: IfNotPresent + label: ingressGateway imagePullPolicy + description: Ingress-gateway Image pull policy + group: "ingressGateway Settings" + options: + - "Always" + - "IfNotPresent" + - "Never" +- variable: ingressGateway.EULA + required: true + type: enum + description: "End user license agreement (read EULA before accepting it yes)" + label: ingressGateway EULA + options: + - "YES" + - "NO" + group: "ingressGateway Settings" +- variable: ingressGateway.mgmtHttpPort + required: true + type: int + default: 10080 + label: ingressGateway mgmtHttpPort + description: "Management port of the Citrix ADC CPX" + show_if: "citrixCPX=true" + group: "ingressGateway Settings" +- variable: ingressGateway.mgmtHttpsPort + required: true + type: int + default: 10443 + show_if: "citrixCPX=true" + label: ingressGateway mgmtHttpsPort + description: "Secure management port of Citrix ADC CPX" + group: "ingressGateway Settings" +- variable: ingressGateway.httpNodePort + required: true + type: int + default: 30180 + show_if: "citrixCPX=true" + label: ingressGateway httpNodePort + description: "Port on host machine which is used to expose HTTP port of Citrix ADC CPX" + group: "ingressGateway Settings" +- variable: ingressGateway.httpsNodePort + required: true + type: int + default: 31443 + show_if: "citrixCPX=true" + label: ingressGateway httpsNodePort + description: "Port on host machine which is used to expose HTTPS port of Citrix ADC CPX" + group: "ingressGateway Settings" +- variable: ingressGateway.exposeMutipleApps + required: true + type: boolean + default: false + description: "By default, only one service is exposed via ingress gateway. To expose another service, select it TRUE, and then specify a set of secret, volume name, mount path in subsequent fields" + label: exposeMutipleApps + group: "ingressGateway Settings" +- variable: ingressGateway.secretVolumes[0].name + required: true + type: string + show_if: "ingressGateway.exposeMutipleApps=true" + label: ingressGateway secretVolumes name + group: "ingressGateway Settings" +- variable: ingressGateway.secretVolumes[0].secretName + required: true + type: string + show_if: "ingressGateway.exposeMutipleApps=true" + label: ingressGateway secretVolumes secretName + description: "user defined volumes to be mounted using Kubernetes secrets name" + group: "ingressGateway Settings" +- variable: ingressGateway.secretVolumes[0].mountPath + required: true + type: string + show_if: "ingressGateway.exposeMutipleApps=true" + label: ingressGateway secretVolumes mountPath + group: "ingressGateway Settings" +- variable: ingressGateway.licenseServerPort + type: int + default: 27000 + label: ingressGateway licenseServerPort + description: "Citrix ADM port if a non-default port is used" + group: "ingressGateway Settings" +- variable: ingressGateway.label + required: true + type: string + default: "citrix-ingressgateway" + label: ingressGateway label + description: "Custom label for the Ingress Gateway service" + group: "ingressGateway Settings" +- variable: ingressGateway.exposeNonHttpService + required: true + type: boolean + default: false + description: "By default, gateway is configured to expose HTTP(S) services. To expose non-HTTP services, select exposeNonHttpService to True, and then specify a set of port, port-name, target-port, nodeport (if applicable) in subsequent field." + label: exposeNonHttpService + group: "ingressGateway Settings" +- variable: ingressGateway.tcpPort[0].name + required: true + type: string + default: + label: Services runing on tcpPort name + show_if: "ingressGateway.exposeNonHttpService=true" + group: "ingressGateway Settings" +- variable: ingressGateway.tcpPort[0].nodePort + required: true + type: int + min: 30000 + max: 32767 + label: Citrix ADC CPX exposed using nodePort + show_if: "citrixCPX=true && ingressGateway.exposeNonHttpService=true" + description: "NodePort (to set explicitly, choose port between 30000-32767)" + group: "ingressGateway Settings" +- variable: ingressGateway.tcpPort[0].port + required: true + type: int + label: Services exposed using Port on Citrix ADC + show_if: "ingressGateway.exposeNonHttpService=true" + group: "ingressGateway Settings" +- variable: ingressGateway.tcpPort[0].targetPort + required: true + type: int + label: Services running on targetPort + show_if: "ingressGateway.exposeNonHttpService=true" + group: "ingressGateway Settings" +- variable: metricExporter.image + required: true + type: string + default: "quay.io/citrix/citrix-adc-metrics-exporter" + label: Exporter Image + description: "Exporter Image to be used" + group: "metricExporter Settings" +- variable: metricExporter.version + required: true + type: string + default: "1.4.0" + label: metricExporter Version + group: "metricExporter Settings" +- variable: metricExporter.port + required: true + type: int + default: 8888 + label: metricExporter Port + group: "metricExporter Settings" +- variable: metricExporter.logLevel + required: true + type: enum + default: ERROR + label: metricExporter logLevel + group: "metricExporter Settings" + options: + - "DEBUG" + - "INFO" + - "WARNING" + - "ERROR" + - "TRACE" +- variable: metricExporter.imagePullPolicy + required: true + type: enum + default: IfNotPresent + label: metricExporter imagePullPolicy + description: "Exporter Image pull policy" + group: "metricExporter Settings" + options: + - "Always" + - "IfNotPresent" + - "Never" diff --git a/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/templates/_helpers.tpl b/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/templates/_helpers.tpl new file mode 100644 index 000000000..91374c7bd --- /dev/null +++ b/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/templates/_helpers.tpl @@ -0,0 +1,4 @@ +{{- define "exporter_nsip" -}} +{{- $match := .Values.istioAdaptor.netscalerUrl | toString | regexFind "//.*[:]*" -}} +{{- $match | trimAll ":" | trimAll "/" -}} +{{- end -}} diff --git a/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/templates/citrix-adc-ingressgateway-deployment.yaml b/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/templates/citrix-adc-ingressgateway-deployment.yaml new file mode 100644 index 000000000..fcf187f55 --- /dev/null +++ b/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/templates/citrix-adc-ingressgateway-deployment.yaml @@ -0,0 +1,330 @@ +{{- if eq .Values.citrixCPX true }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: citrix-ingressgateway + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.ingressGateway.label | default "citrix-ingressgateway" }} +spec: + replicas: 1 + selector: + matchLabels: + app: {{ .Values.ingressGateway.label | default "citrix-ingressgateway" }} + template: + metadata: + labels: + app: {{ .Values.ingressGateway.label | default "citrix-ingressgateway" }} + annotations: + scheduler.alpha.kubernetes.io/critical-pod: "" + prometheus.io/port: "{{ .Values.metricExporter.port }}" + prometheus.io/scrape: "true" + spec: + volumes: + - name: nslogin + secret: + secretName: nslogin + - name: istio-certs + secret: + optional: true + secretName: istio.default + - name: citrix-ingressgateway-certs + secret: + optional: true + secretName: "citrix-ingressgateway-certs" # IMPORTANT: This secret MUST BE created before deploying gateway and ingress-gateway + - name: citrix-ingressgateway-ca-certs + secret: + optional: true + secretName: "citrix-ingressgateway-ca-certs" # IMPORTANT: This secret MUST BE created before deploying gateway and ingress-gateway + {{- range .Values.ingressGateway.secretVolumes }} + - name: {{ .name }} + secret: + secretName: {{ .secretName | quote }} + optional: true + {{- end }} + - name: cpx-conf + emptyDir: {} + containers: +{{- if eq .Values.metricExporter.required true }} + - name: exporter + image: {{ .Values.metricExporter.image }}:{{ .Values.metricExporter.version }} + imagePullPolicy: IfNotPresent + args: + - "--target-nsip=127.0.0.1" + - "--port={{ .Values.metricExporter.port }}" + - "--log-level={{ .Values.metricExporter.logLevel }}" + env: + - name: NS_USER + valueFrom: + secretKeyRef: + name: nslogin + key: username + - name: NS_PASSWORD + valueFrom: + secretKeyRef: + name: nslogin + key: password +{{- end }} + - name: istio-adaptor + image: {{ .Values.istioAdaptor.image }}:{{ .Values.istioAdaptor.tag }} + imagePullPolicy: {{ .Values.istioAdaptor.imagePullPolicy }} + args: + - -pilot-location +{{- if eq .Values.istioAdaptor.secureConnect true }} + - {{ .Values.istioPilot.name}}.{{.Values.istioPilot.namespace }}:{{ .Values.istioPilot.secureGrpcPort }} # istio-pilot.istio-system:15011 +{{- else }} + - {{ .Values.istioPilot.name}}.{{.Values.istioPilot.namespace }}:{{ .Values.istioPilot.insecureGrpcPort }} # istio-pilot.istio-system:15010 +{{- end }} + - -proxy-type + - {{ .Values.istioAdaptor.proxyType | default "router" | quote }} + - -pilot-SAN + - {{ .Values.istioPilot.SAN }} + - -netscaler-url + - "http://127.0.0.1" + - -secure-connect={{ .Values.istioAdaptor.secureConnect}} + - -adm-ip +{{- if .Values.istioAdaptor.ADMIP }} + - {{ .Values.istioAdaptor.ADMIP }} +{{- else }} + - "" +{{- end }} +{{- if .Values.istioAdaptor.coeURL }} + - -coe-url + - {{ .Values.istioAdaptor.coeURL }} +{{- end }} + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: INSTANCE_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: APPLICATION_NAME + valueFrom: + fieldRef: + fieldPath: metadata.labels['app'] + securityContext: + readOnlyRootFilesystem: true + runAsUser: 32024 # UID of istio-adaptor container's user + volumeMounts: + - mountPath: /etc/certs + name: istio-certs + readOnly: true + - mountPath: /etc/nslogin + name: nslogin + readOnly: true + - mountPath: /etc/istio/ingressgateway-certs # Make sure that Gateway definition has this path mentioned in server.tls section for SIMPLE TLS + name: citrix-ingressgateway-certs + readOnly: true + - mountPath: /etc/istio/ingressgateway-ca-certs # Make sure that Gateway definition has this path mentioned in server.tls section for MUTUAL TLS + name: citrix-ingressgateway-ca-certs + readOnly: true + {{- range .Values.ingressGateway.secretVolumes }} + - name: {{ .name }} + mountPath: {{ .mountPath | quote }} + readOnly: true + {{- end }} + - name: citrix-ingressgateway + image: "{{ .Values.ingressGateway.image }}:{{ .Values.ingressGateway.tag }}" + imagePullPolicy: {{ .Values.ingressGateway.imagePullPolicy }} + securityContext: + privileged: true + ports: + - containerPort: 80 + - containerPort: 443 +{{- if .Values.ingressGateway.mgmtHttpPort }} + - containerPort: {{ .Values.ingressGateway.mgmtHttpPort }} +{{- end }} +{{- if .Values.ingressGateway.mgmtHttpsPort }} + - containerPort: {{ .Values.ingressGateway.mgmtHttpsPort }} +{{- end }} +{{- range .Values.ingressGateway.tcpPort }} + - containerPort: {{ .port }} +{{- end }} + volumeMounts: + - mountPath: /cpx/conf/ + name: cpx-conf + env: + - name: "EULA" + value: "{{ .Values.ingressGateway.EULA }}" + - name: "MGMT_HTTP_PORT" + value: "{{ .Values.ingressGateway.mgmtHttpPort }}" + - name: "MGMT_HTTPS_PORT" + value: "{{ .Values.ingressGateway.mgmtHttpsPort }}" + - name: "NS_CPX_LITE" + value: "{{ .Values.ingressGateway.lightWeightCPX }}" +{{- if or .Values.istioAdaptor.coeURL .Values.istioAdaptor.ADMIP }} + - name: "NS_ENABLE_NEWNSLOG" + value: "1" +{{- end }} + - name: "KUBERNETES_TASK_ID" + value: "" + - name: "LS_IP" + value: {{ .Values.istioAdaptor.ADMIP | default "" }} + - name: "LS_PORT" + value: "{{ .Values.ingressGateway.licenseServerPort}}" +{{- if .Values.istioAdaptor.ADMFingerPrint }} + - name: "NS_MGMT_SERVER" + value: {{ .Values.istioAdaptor.ADMIP }} + - name: "NS_MGMT_FINGER_PRINT" + value: {{ .Values.istioAdaptor.ADMFingerPrint | quote }} + - name: "NS_HTTP_PORT" + value: {{ .Values.ingressGateway.mgmtHttpPort | quote }} + - name: "NS_HTTPS_PORT" + value: {{ .Values.ingressGateway.mgmtHttpsPort | quote }} +{{- end }} + - name: "LOGSTREAM_COLLECTOR_IP" + value: {{ .Values.istioAdaptor.ADMIP | default ""}} + +--- +{{ else }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: citrix-ingressgateway + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.ingressGateway.label | default "citrix-ingressgateway" }} +spec: + replicas: 1 + selector: + matchLabels: + app: {{ .Values.ingressGateway.label | default "citrix-ingressgateway" }} + template: + metadata: + labels: + app: {{ .Values.ingressGateway.label | default "citrix-ingressgateway" }} + annotations: + scheduler.alpha.kubernetes.io/critical-pod: "" + prometheus.io/port: "{{ .Values.metricExporter.port }}" + prometheus.io/scrape: "true" + spec: + containers: +{{- if eq .Values.metricExporter.required true }} + - name: exporter + image: {{ .Values.metricExporter.image }}:{{ .Values.metricExporter.version }} + imagePullPolicy: {{ .Values.metricExporter.imagePullPolicy }} + args: + - "--target-nsip={{- include "exporter_nsip" . -}}" + - "--port={{ .Values.metricExporter.port }}" + - "--secure={{ .Values.metricExporter.secure | lower}}" + - "--log-level={{ .Values.metricExporter.logLevel }}" + env: + - name: NS_USER + valueFrom: + secretKeyRef: + name: nslogin + key: username + - name: NS_PASSWORD + valueFrom: + secretKeyRef: + name: nslogin + key: password +{{- end }} + - name: istio-adaptor + image: {{ .Values.istioAdaptor.image }}:{{ .Values.istioAdaptor.tag }} + imagePullPolicy: {{ .Values.istioAdaptor.imagePullPolicy }} + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: INSTANCE_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: APPLICATION_NAME + valueFrom: + fieldRef: + fieldPath: metadata.labels['app'] + args: + - -pilot-location +{{- if eq .Values.istioAdaptor.secureConnect true }} + - {{ .Values.istioPilot.name}}.{{.Values.istioPilot.namespace }}:{{ .Values.istioPilot.secureGrpcPort }} # istio-pilot.istio-system:15011 +{{- else }} + - {{ .Values.istioPilot.name}}.{{.Values.istioPilot.namespace }}:{{ .Values.istioPilot.insecureGrpcPort }} # istio-pilot.istio-system:15010 +{{- end }} + - -proxy-type + - {{ .Values.istioAdaptor.proxyType | default "router" | quote }} + - -pilot-SAN + - {{ .Values.istioPilot.SAN }} + - -netscaler-url + - {{ required "Mention Citrix ADC IP/URL in https://[:port] format" .Values.istioAdaptor.netscalerUrl }} + - -vserver-ip + - {{ required "Mention Vserver IP to be configured on Citrix ADC" .Values.istioAdaptor.vserverIP }} + - -secure-connect={{ .Values.istioAdaptor.secureConnect | default true }} + # If using VPX/MPX as Ingress gateway, then specify the network profile name + # which was provided to Citrix Node Controller (CNC) +{{- if .Values.istioAdaptor.netProfile }} + - -net-profile + - {{ .Values.istioAdaptor.netProfile }} +{{- end }} + - -adm-ip + - "" +{{- if .Values.istioAdaptor.coeURL }} + - -coe-url + - {{ .Values.istioAdaptor.coeURL }} +{{- end }} + securityContext: + readOnlyRootFilesystem: true + runAsUser: 32024 # UID of istio-adaptor container's user + volumeMounts: + - mountPath: /etc/certs + name: istio-certs + readOnly: true + - mountPath: /etc/nslogin + name: nslogin + readOnly: true + - mountPath: /etc/istio/ingressgateway-certs # Make sure that Gateway definition has this path mentioned in server.tls section for SIMPLE TLS + name: citrix-ingressgateway-certs + readOnly: true + - mountPath: /etc/istio/ingressgateway-ca-certs # Make sure that Gateway definition has this path mentioned in server.tls section for MUTUAL TLS + name: citrix-ingressgateway-ca-certs + readOnly: true + {{- range .Values.ingressGateway.secretVolumes }} + - name: {{ .name }} + mountPath: {{ .mountPath | quote }} + readOnly: true + {{- end }} + volumes: + - name: nslogin + secret: + secretName: nslogin + - name: istio-certs + secret: + optional: true + secretName: istio.default + - name: citrix-ingressgateway-certs + secret: + optional: true + secretName: "citrix-ingressgateway-certs" # IMPORTANT: This secret MUST BE created before deploying gateway and ingress-gateway + - name: citrix-ingressgateway-ca-certs + secret: + optional: true + secretName: "citrix-ingressgateway-ca-certs" # IMPORTANT: This secret MUST BE created before deploying gateway and ingress-gateway + {{- range .Values.ingressGateway.secretVolumes }} + - name: {{ .name }} + secret: + secretName: {{ .secretName | quote }} + optional: true + {{- end }} +--- +{{- end}} diff --git a/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/templates/ingressgateway-service.yaml b/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/templates/ingressgateway-service.yaml new file mode 100644 index 000000000..ba18349b3 --- /dev/null +++ b/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/templates/ingressgateway-service.yaml @@ -0,0 +1,60 @@ +{{- if eq .Values.citrixCPX true }} +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + name: citrix-ingressgateway + namespace: {{ .Release.Namespace }} +spec: + maxReplicas: 1 + minReplicas: 1 + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: citrix-ingressgateway + metrics: + - type: Resource + resource: + name: cpu + targetAverageUtilization: 60 +--- +{{- end }} +apiVersion: v1 +kind: Service +metadata: + name: citrix-ingressgateway + namespace: {{ .Release.Namespace }} + annotations: + labels: + app: {{ .Values.ingressGateway.label | default "citrix-ingressgateway" }} +spec: +{{- if eq .Values.citrixCPX true }} + type: LoadBalancer +{{- end }} + selector: + app: {{ .Values.ingressGateway.label | default "citrix-ingressgateway" }} + ports: + - + name: http2 +{{- if eq .Values.citrixCPX true }} + nodePort: {{ .Values.ingressGateway.httpNodePort }} +{{- end }} + port: 80 + targetPort: 80 + - + name: https +{{- if eq .Values.citrixCPX true }} + nodePort: {{ .Values.ingressGateway.httpsNodePort }} +{{- end }} + port: 443 + targetPort: 443 +{{- $isCPX := .Values.citrixCPX }} +{{- range .Values.ingressGateway.tcpPort }} + - + name: {{ .name }} +{{- if eq $isCPX true }} + nodePort: {{ .nodePort }} +{{- end }} + port: {{ .port }} + targetPort: {{ .targetPort }} +{{- end }} +--- diff --git a/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/templates/metrics-exporter-service.yaml b/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/templates/metrics-exporter-service.yaml new file mode 100644 index 000000000..ad77e2374 --- /dev/null +++ b/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/templates/metrics-exporter-service.yaml @@ -0,0 +1,17 @@ +{{- if eq .Values.metricExporter.required true }} +kind: Service +apiVersion: v1 +metadata: + name: exporter + annotations: + labels: + service-type: citrix-adc-monitor +spec: + selector: + app: {{ .Values.ingressGateway.label | default "citrix-ingressgateway" }} + ports: + - name: exporter-port + port: {{ .Values.metricExporter.port }} + targetPort: {{ .Values.metricExporter.port }} +--- +{{- end }} diff --git a/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/templates/secret.yaml b/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/templates/secret.yaml new file mode 100644 index 000000000..0201c116d --- /dev/null +++ b/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/templates/secret.yaml @@ -0,0 +1,11 @@ +{{- if eq .Values.citrixCPX true }} +apiVersion: v1 +kind: Secret +metadata: + name: nslogin + namespace: {{ .Release.Namespace }} +type: Opaque +data: + username: "bnNyb290" + password: "bnNyb290" +{{- end }} diff --git a/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/values.yaml b/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/values.yaml new file mode 100644 index 000000000..ba929f218 --- /dev/null +++ b/charts/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway/1.2.100/values.yaml @@ -0,0 +1,50 @@ +# Default values for citrix-adc-istio-ingress-gateway +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +citrixCPX: false + +metricExporter: + required: true + image: quay.io/citrix/citrix-adc-metrics-exporter + version: 1.4.0 + port: 8888 + secure: "YES" + logLevel: ERROR + imagePullPolicy: IfNotPresent + +istioAdaptor: + image: quay.io/citrix/citrix-istio-adaptor + tag: 1.2.1 + imagePullPolicy: IfNotPresent + netscalerUrl: null + proxyType: router + secureConnect: true + vserverIP: + netProfile: + ADMIP: + ADMFingerPrint: + coeURL: + +istioPilot: + name: istio-pilot + namespace: istio-system + secureGrpcPort: 15011 + insecureGrpcPort: 15010 + SAN: spiffe://cluster.local/ns/istio-system/sa/istio-pilot-service-account + +ingressGateway: + image: quay.io/citrix/citrix-k8s-cpx-ingress + tag: 13.0-47.22 + imagePullPolicy: IfNotPresent + EULA: NO + mgmtHttpPort: 10080 + mgmtHttpsPort: 10443 + httpNodePort: 30180 + httpsNodePort: 31443 + lightWeightCPX: 1 + secretVolumes: + #licenseServerIP: this value will be taken from istioAdaptor.ADMIP + licenseServerPort: 27000 + label: citrix-ingressgateway + tcpPort: diff --git a/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/Chart.yaml b/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/Chart.yaml new file mode 100644 index 000000000..1d7bcc0e8 --- /dev/null +++ b/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/Chart.yaml @@ -0,0 +1,18 @@ +annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/release-name: citrix-cpx-with-ingress-controller +apiVersion: v1 +appVersion: 1.8.28 +description: A Helm chart for Citrix ADC CPX with Citrix ingress Controller running + as sidecar. +home: https://www.citrix.com +icon: https://raw.githubusercontent.com/citrix/citrix-helm-charts/gh-pages/icon.png +maintainers: +- email: priyanka.sharma@citrix.com + name: priyankash-citrix +- email: subash.dangol@citrix.com + name: subashd +name: citrix-cpx-with-ingress-controller +sources: +- https://github.com/citrix/citrix-k8s-ingress-controller +version: 1.8.2800 diff --git a/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/README.md b/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/README.md new file mode 100644 index 000000000..f3cee100f --- /dev/null +++ b/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/README.md @@ -0,0 +1,234 @@ +# Citrix ADC CPX with Citrix Ingress Controller running as sidecar. + +In a [Kubernetes](https://kubernetes.io/) or [OpenShift](https://www.openshift.com) cluster, you can deploy [Citrix ADC CPX](https://docs.citrix.com/en-us/citrix-adc-cpx) with Citrix ingress controller as a [sidecar](https://kubernetes.io/docs/concepts/workloads/pods/pod-overview/). The Citrix ADC CPX instance is used for load balancing the North-South traffic to the microservices in your cluster. And, the sidecar Citrix ingress controller configures the Citrix ADC CPX. + +## TL;DR; + +### For Kubernetes + ``` + helm repo add citrix https://citrix.github.io/citrix-helm-charts/ + + helm install cpx citrix/citrix-cpx-with-ingress-controller --set license.accept=yes + ``` + +### For OpenShift + + ``` + helm repo add citrix https://citrix.github.io/citrix-helm-charts/ + + helm install cpx citrix/citrix-cpx-with-ingress-controller --set license.accept=yes,openshift=true + ``` + +> **Important:** +> +> The "license.accept" is a mandatory argument and should be set to "yes" to accept the terms of the Citrix license. + + +## Introduction +This Helm chart deploys a Citrix ADC CPX with Citrix ingress controller as a sidecar in the [Kubernetes](https://kubernetes.io/) or in the [Openshift](https://www.openshift.com) cluster using the [Helm](https://helm.sh/) package manager. + +### Prerequisites + +- The [Kubernetes](https://kubernetes.io/) version is 1.6 or later if using Kubernetes environment. +- The [Openshift](https://www.openshift.com) version 3.11.x or later if using OpenShift platform. +- The [Helm](https://helm.sh/) version 3.x or later. You can follow instruction given [here](https://github.com/citrix/citrix-helm-charts/blob/master/Helm_Installation_version_3.md) to install the same. +- You have installed [Prometheus Operator](https://github.com/coreos/prometheus-operator), if you want to view the metrics of the Citrix ADC CPX collected by the [metrics exporter](https://github.com/citrix/citrix-k8s-ingress-controller/tree/master/metrics-visualizer#visualization-of-metrics). +- Registration of Citrix ADC CPX in ADM: You may want to register your CPX in ADM for licensing or to obtain [servicegraph](https://docs.citrix.com/en-us/citrix-application-delivery-management-service/application-analytics-and-management/service-graph.html). For this you will have to create a Kubernetes secret using ADM credentials and provide it while install the chart. Create a Kubernetes secret for the user name and password using the following command: + + ``` + kubectl create secret generic admlogin --from-literal=username= --from-literal=password= -n citrix-system + ``` + +## Installing the Chart +Add the Citrix Ingress Controller helm chart repository using command: + + ``` + helm repo add citrix https://citrix.github.io/citrix-helm-charts/ + ``` + +### For Kubernetes: +#### 1. Citrix ADC CPX with Citrix Ingress Controller running as side car. +To install the chart with the release name ``` my-release```: + + ``` + helm install my-release citrix/citrix-cpx-with-ingress-controller --set license.accept=yes,ingressClass[0]= + ``` + +> **Note:** +> +> By default the chart installs the recommended [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/) roles and role bindings. + +The command deploys Citrix ADC CPX with Citrix ingress controller as a sidecar on the Kubernetes cluster with the default configuration. The [configuration](#configuration) section lists the mandatory and optional parameters that you can configure during installation. + +#### 2. Citrix ADC CPX with Citrix Ingress Controller and Exporter running as side car. +[Metrics exporter](https://github.com/citrix/citrix-k8s-ingress-controller/tree/master/metrics-visualizer#visualization-of-metrics) can be deployed as sidecar to the Citrix ADC CPX and collects metrics from the Citrix ADC CPX instance. You can then [visualize these metrics](https://developer-docs.citrix.com/projects/citrix-k8s-ingress-controller/en/latest/metrics/promotheus-grafana/) using Prometheus Operator and Grafana. +> **Note:** +> +> Ensure that you have installed [Prometheus Operator](https://github.com/coreos/prometheus-operator). + +Use the following command for this: + ``` + helm install my-release citrix/citrix-cpx-with-ingress-controller --set license.accept=yes,ingressClass[0]=,exporter.required=true + ``` + +### For OpenShift: +Add the service account named "cpx-ingress-k8s-role" to the privileged Security Context Constraints of OpenShift: + + ``` + oc adm policy add-scc-to-user privileged system:serviceaccount::cpx-ingress-k8s-role + ``` + +#### 1. Citrix ADC CPX with Citrix Ingress Controller running as side car. +To install the chart with the release name, `my-release`, use the following command: + ``` + helm install my-release citrix/citrix-cpx-with-ingress-controller --set license.accept=yes,openshift=true + ``` + +#### 2. Citrix ADC CPX with Citrix Ingress Controller and Exporter running as side car. +[Metrics exporter](https://github.com/citrix/citrix-k8s-ingress-controller/tree/master/metrics-visualizer#visualization-of-metrics) can be deployed as sidecar to the Citrix ADC CPX and collects metrics from the Citrix ADC CPX instance. You can then [visualize these metrics](https://developer-docs.citrix.com/projects/citrix-k8s-ingress-controller/en/latest/metrics/promotheus-grafana/) using Prometheus Operator and Grafana. +> **Note:** +> +> Ensure that you have installed [Prometheus Operator](https://github.com/coreos/prometheus-operator). + +Use the following command for this: + ``` + helm install my-release citrix/citrix-k8s-ingress-controller --set license.accept=yes,openshift=true,exporter.required=true + ``` + +### Installed components + +The following components are installed: + +- [Citrix ADC CPX](https://docs.citrix.com/en-us/citrix-adc-cpx/netscaler-cpx.html) +- [Citrix ingress controller](https://github.com/citrix/citrix-k8s-ingress-controller) (if enabled) +- [Exporter](https://github.com/citrix/citrix-adc-metrics-exporter) (if enabled) + + +## CRDs configuration + +CRDs gets installed/upgraded automatically when we install/upgrade Citrix ADC CPX with Citrix ingress controller using Helm. If you do not want to install CRDs, then set the option `crds.install` to `false`. By default, CRDs too get deleted if you uninstall through Helm. This means, even the CustomResource objects created by the customer will get deleted. If you want to avoid this data loss set `crds.retainOnDelete` to `true`. + +> **Note:** +> Installing again may fail due to the presence of CRDs. Make sure that you back up all CustomResource objects and clean up CRDs before re-installing Citrix ADC CPX with Citrix ingress controller. + +There are a few examples of how to use these CRDs, which are placed in the folder: [Example-CRDs](https://github.com/citrix/citrix-helm-charts/tree/master/example-crds). Refer to them and install as needed, using the following command: +```kubectl create -f ``` + +### Details of the supported CRDs: + +#### authpolicies CRD: + +Authentication policies are used to enforce access restrictions to resources hosted by an application or an API server. + +Citrix provides a Kubernetes CustomResourceDefinitions (CRDs) called the [Auth CRD](https://github.com/citrix/citrix-k8s-ingress-controller/tree/master/crd/auth) that you can use with the Citrix ingress controller to define authentication policies on the ingress Citrix ADC. + +Example file: [auth_example.yaml](https://github.com/citrix/citrix-helm-charts/tree/master/example-crds/auth_example.yaml) + +#### continuousdeployments CRD for canary: + +Canary release is a technique to reduce the risk of introducing a new software version in production by first rolling out the change to a small subset of users. After user validation, the application is rolled out to the larger set of users. Citrix ADC-Integrated [Canary Deployment solution](https://github.com/citrix/citrix-k8s-ingress-controller/tree/master/crd/canary) stitches together all components of continuous delivery (CD) and makes canary deployment easier for the application developers. + +#### httproutes and listeners CRDs for contentrouting: + +[Content Routing (CR)](https://github.com/citrix/citrix-k8s-ingress-controller/tree/master/crd/contentrouting) is the execution of defined rules that determine the placement and configuration of network traffic between users and web applications, based on the content being sent. For example, a pattern in the URL or header fields of the request. + +Example files: [HTTPRoute_crd.yaml](https://github.com/citrix/citrix-helm-charts/tree/master/example-crds/HTTPRoute_crd.yaml), [Listener_crd.yaml](https://github.com/citrix/citrix-helm-charts/tree/master/example-crds/Listener_crd.yaml) + +#### ratelimits CRD: + +In a Kubernetes deployment, you can [rate limit the requests](https://github.com/citrix/citrix-k8s-ingress-controller/tree/master/crd/ratelimit) to the resources on the back end server or services using rate limiting feature provided by the ingress Citrix ADC. + +Example files: [ratelimit-example1.yaml](https://github.com/citrix/citrix-helm-charts/tree/master/example-crds/ratelimit-example1.yaml), [ratelimit-example2.yaml](https://github.com/citrix/citrix-helm-charts/tree/master/example-crds/ratelimit-example2.yaml) + +#### vips CRD: + +Citrix provides a CustomResourceDefinitions (CRD) called [VIP](https://github.com/citrix/citrix-k8s-ingress-controller/tree/master/crd/vip) for asynchronous communication between the IPAM controller and Citrix ingress controller. + +The IPAM controller is provided by Citrix for IP address management. It allocates IP address to the service from a defined IP address range. The Citrix ingress controller configures the IP address allocated to the service as virtual IP (VIP) in Citrix ADX VPX. And, the service is exposed using the IP address. + +When a new service is created, the Citrix ingress controller creates a CRD object for the service with an empty IP address field. The IPAM Controller listens to addition, deletion, or modification of the CRD and updates it with an IP address to the CRD. Once the CRD object is updated, the Citrix ingress controller automatically configures Citrix ADC-specfic configuration in the tier-1 Citrix ADC VPX. + +#### rewritepolicies CRD: + +In kubernetes environment, to deploy specific layer 7 policies to handle scenarios such as, redirecting HTTP traffic to a specific URL, blocking a set of IP addresses to mitigate DDoS attacks, imposing HTTP to HTTPS and so on, requires you to add appropriate libraries within the microservices and manually configure the policies. Instead, you can use the [Rewrite and Responder features](https://github.com/citrix/citrix-k8s-ingress-controller/blob/master/crd/rewrite-responder-policies-deployment.yaml) provided by the Ingress Citrix ADC device to deploy these policies. + +Example files: [target-url-rewrite.yaml](https://github.com/citrix/citrix-helm-charts/tree/master/example-crds/target-url-rewrite.yaml) + + +## Configuration +The following table lists the configurable parameters of the Citrix ADC CPX with Citrix ingress controller as side car chart and their default values. + +| Parameters | Mandatory or Optional | Default value | Description | +| ---------- | --------------------- | ------------- | ----------- | +| license.accept | Mandatory | no | Set `yes` to accept the Citrix ingress controller end user license agreement. | +| image | Mandatory | `quay.io/citrix/citrix-k8s-cpx-ingress:13.0-58.30` | The Citrix ADC CPX image. | +| pullPolicy | Mandatory | IfNotPresent | The Citrix ADC CPX image pull policy. | +| cic.image | Mandatory | `quay.io/citrix/citrix-k8s-ingress-controller:1.8.28` | The Citrix ingress controller image. | +| cic.pullPolicy | Mandatory | IfNotPresent | The Citrix ingress controller image pull policy. | +| cic.required | Mandatory | true | CIC to be run as sidecar with Citrix ADC CPX | +| logLevel | Optional | DEBUG | The loglevel to control the logs generated by CIC. The supported loglevels are: CRITICAL, ERROR, WARNING, INFO, DEBUG and TRACE. For more information, see [Logging](https://github.com/citrix/citrix-k8s-ingress-controller/blob/master/docs/configure/log-levels.md).| +| defaultSSLCert | Optional | N/A | Default SSL certificate that needs to be used as a non-SNI certificate in Citrix ADC. | +| http2ServerSide | Optional | OFF | Enables HTTP2 for Citrix ADC service group configurations. | +| logProxy | Optional | N/A | Provide Elasticsearch or Kafka or Zipkin endpoint for Citrix observability exporter. | +| nsNamespace | Optional | k8s | The prefix for the resources on the Citrix ADC CPX. | +| ingressClass | Optional | N/A | If multiple ingress load balancers are used to load balance different ingress resources. You can use this parameter to specify Citrix ingress controller to configure Citrix ADC associated with specific ingress class.| +| openshift | Optional | false | Set this argument if OpenShift environment is being used. | +| nodeSelector.key | Optional | N/A | Node label key to be used for nodeSelector option for CPX-CIC deployment. | +| nodeSelector.value | Optional | N/A | Node label value to be used for nodeSelector option in CPX-CIC deployment. | + +| ADMSettings.licenseServerIP | Optional | N/A | Provide the Citrix Application Delivery Management (ADM) IP address to license Citrix ADC CPX. For more information, see [Licensing](https://developer-docs.citrix.com/projects/citrix-k8s-ingress-controller/en/latest/licensing/)| +| ADMSettings.licenseServerPort | Optional | 27000 | Citrix ADM port if non-default port is used. | +| ADMSettings.ADMIP | Optional | | Citrix Application Delivery Management (ADM) IP address. | +| ADMSettings.ADMFingerPrint | Optional | N/A | Citrix Application Delivery Management (ADM) Finger Print. For more information, see [this](https://docs.citrix.com/en-us/citrix-application-delivery-management-service/application-analytics-and-management/service-graph.html). | +| ADMSettings.loginSecret | Optional | N/A | The secret key to log on to the ADM. For information on how to create the secret keys, see [Prerequisites](#prerequistes). | +| ADMSettings.bandWidthLicense | Optional | False | Set to true if you want to use bandwidth based licensing for Citrix ADC CPX. | +| ADMSettings.bandWidth | Optional | N/A | Desired bandwidth capacity to be set for Citrix ADC CPX in Mbps. | +| ADMSettings.vCPULicense | Optional | N/A | Set to true if you want to use vCPU based licensing for Citrix ADC CPX. | +| ADMSettings.cpxCores | Optional | 1 | Desired number of vCPU to be set for Citrix ADC CPX. | + +| exporter.required | Optional | false | Use the argument if you want to run the [Exporter for Citrix ADC Stats](https://github.com/citrix/citrix-adc-metrics-exporter) along with Citrix ingress controller to pull metrics for the Citrix ADC CPX| +| exporter.image | Optional | `quay.io/citrix/citrix-adc-metrics-exporter:1.4.5` | The Exporter for Citrix ADC Stats image. | +| exporter.pullPolicy | Optional | IfNotPresent | The Exporter for Citrix ADC Stats image pull policy. | +| exporter.ports.containerPort | Optional | 8888 | The Exporter for Citrix ADC Stats container port. | + +| coeConfig.required | Mandatory | false | Set this to true if you want to configure Citrix ADC to send metrics and transaction records to COE. | +| coeConfig.distributedTracing.enable | Optional | false | Set this value to true to enable OpenTracing in Citrix ADC. | +| coeConfig.distributedTracing.samplingrate | Optional | 100 | Specifies the OpenTracing sampling rate in percentage. | +| coeConfig.endpoint.server | Optional | N/A | Set this value as the IP address or DNS address of the analytics server. | +| coeConfig.timeseries.port | Optional | 5563 | Specify the port used to expose COE service for timeseries endpoint. | +| coeConfig.timeseries.metrics.enable | Optional | Set this value to true to enable sending metrics from Citrix ADC. | +| coeConfig.timeseries.metrics.mode | Optional | avro | Specifies the mode of metric endpoint. | +| coeConfig.timeseries.auditlogs.enable | Optional | false | Set this value to true to export audit log data from Citrix ADC. | +| coeConfig.timeseries.events.enable | Optional | false | Set this value to true to export events from the Citrix ADC. | +| coeConfig.transactions.enable | Optional | false | Set this value to true to export transactions from Citrix ADC. | +| coeConfig.transactions.port | Optional | 5557 | Specify the port used to expose COE service for transaction endpoint. | + +| crds.install | Optional | true | Unset this argument if you don't want to install CustomResourceDefinitions which are consumed by CIC. | +| crds.retainOnDelete | Optional | false | Set this argument if you want to retain CustomResourceDefinitions even after uninstalling CIC. This will avoid data-loss of Custom Resource Objects created before uninstallation. | + +> **Note:** +> +> If Citrix ADM related information is not provided during installation, Citrix ADC CPX will come up with the default license. + +Alternatively, you can define a YAML file with the values for the parameters and pass the values while installing the chart. + +For example: + ``` + helm install my-release citrix/citrix-cpx-with-ingress-controller -f values.yaml + ``` + +> **Tip:** +> +> The [values.yaml](https://github.com/citrix/citrix-helm-charts/blob/master/citrix-cpx-with-ingress-controller/values.yaml) contains the default values of the parameters. + +## Uninstalling the Chart +To uninstall/delete the ```my-release``` deployment: + ``` + helm delete my-release + ``` + +## Related documentation + +- [Citrix ADC CPX Documentation](https://docs.citrix.com/en-us/citrix-adc-cpx/12-1/cpx-architecture-and-traffic-flow.html) +- [Citrix ingress controller Documentation](https://developer-docs.citrix.com/projects/citrix-k8s-ingress-controller/en/latest/) +- [Citrix ingress controller GitHub](https://github.com/citrix/citrix-k8s-ingress-controller) diff --git a/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/app-readme.md b/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/app-readme.md new file mode 100644 index 000000000..ef45a3d90 --- /dev/null +++ b/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/app-readme.md @@ -0,0 +1,5 @@ +# Citrix ADC CPX with Citrix Ingress Controller running as sidecar. + +In a [Kubernetes](https://kubernetes.io/) or [OpenShift](https://www.openshift.com) cluster, you can deploy [Citrix ADC CPX](https://docs.citrix.com/en-us/citrix-adc-cpx) with Citrix ingress controller as a [sidecar](https://kubernetes.io/docs/concepts/workloads/pods/pod-overview/). The Citrix ADC CPX instance is used for load balancing the North-South traffic to the microservices in your cluster. And, the sidecar Citrix ingress controller configures the Citrix ADC CPX. + +This Chart bootstraps deployment of Citrix ADC CPX with Citrix Ingress Controller as sidecar. diff --git a/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/questions.yml b/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/questions.yml new file mode 100644 index 000000000..0c8714413 --- /dev/null +++ b/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/questions.yml @@ -0,0 +1,211 @@ +questions: +- variable: license.accept + required: true + default: "no" + type: enum + description: "Set to yes to accept the terms and conditions of the Citrix license." + label: Accept License + group: "Deployment Settings" + options: + - "yes" + - "no" +- variable: openshift + default: false + type: boolean + description: "openshift is set to true if charts are being deployed in OpenShift environment" + label: Openshift flag + group: "Deployment Settings" +- variable: nsNamespace + type: string + description: "Prefix for the resources on Citrix ADC" + label: Resource Prefix + group: "Deployment Settings" +- variable: ingressClass[0] + type: string + description: "ingressClass is the name of the Ingress Class" + label: Ingress Class + group: "Deployment Settings" +- variable: logLevel + default: "DEBUG" + type: enum + options: + - "TRACE" + - "DEBUG" + - "INFO" + - "WARNING" + - "ERROR" + description: "logLevel of Citrix Ingress Controller pod" + label: LogLevel + group: "Deployment Settings" +- variable: defaultSSLCert + type: string + description: "Secret containing the default ceritifcate for SSL vservers" + label: Default SSLCert + group: "ADC Settings" +- variable: logProxy + type: string + description: "Elasticsearch or Kafka or Zipkin endpoint for Citrix observability exporte" + label: LogProxy + group: "Deployment Settings" +- variable: http2ServerSide + default: "OFF" + type: enum + options: + - "ON" + - "OFF" + description: "Set to ON to enable HTTP2 for Citrix ADC service group configurations" + label: HTTP2 on ADC + group: "ADC Settings" +- variable: nodeSelector.key + type: string + label: NodeSelector Key + group: "Deployment Settings" +- variable: nodeSelector.value + type: string + label: NodeSelector Value + group: "Deployment Settings" + + +- variable: ADMSettings.licenseServerIP + type: string + label: ADM LicenseServerIP + group: "ADM Settings" +- variable: ADMSettings.licenseServerPort + default: 27000 + type: int + label: ADM LicenseServerPort + group: "ADM Settings" +- variable: ADMSettings.ADMIP + type: string + label: ADM IP + group: "ADM Settings" +- variable: ADMSettings.ADMFingerPrint + type: string + label: ADM FingerPrint + group: "ADM Settings" +- variable: ADMSettings.loginSecret + type: string + label: ADM Login Secret + group: "ADM Settings" +- variable: ADMSettings.bandWidthLicense + type: boolean + label: CPX Bandwidth License + group: "ADM Settings" +- variable: ADMSettings.bandWidth + type: int + label: CPX Bandwidth + group: "ADM Settings" +- variable: ADMSettings.vCPULicense + type: boolean + label: CPX vCPU License + group: "ADM Settings" +- variable: ADMSettings.cpxCores + type: int + label: CPX Cores + group: "ADM Settings" +- variable: cic.pullpolicy + default: "IfNotPresent" + type: enum + label: CIC Image Pullpolicy + group: "CIC/CPX Image Settings" + options: + - "Always" + - "IfNotPresent" + - "Never" +- variable: pullpolicy + default: "IfNotPresent" + type: enum + label: CPX Image Pullpolicy + group: "CIC/CPX Image Settings" + options: + - "Always" + - "IfNotPresent" + - "Never" +- variable: cic.image + default: "quay.io/citrix/citrix-k8s-ingress-controller:1.8.28" + type: string + label: CIC Image + group: "CIC/CPX Image Settings" +- variable: image + type: string + default: "quay.io/citrix/citrix-k8s-cpx-ingress:13.0-58.30" + label: CPX Image + group: "CIC/CPX Image Settings" +- variable: exporter.image + default: "quay.io/citrix/citrix-adc-metrics-exporter:1.4.5" + type: string + description: "Exporter Image to be used" + label: Exporter Image + group: "Exporter Settings" +- variable: exporter.pullPolicy + default: "IfNotPresent" + type: string + description: "Exporter Image pull policy" + label: Exporter Image PullPolicy + group: "Exporter Settings" +- variable: exporter.ports.containerPort + default: 8888 + type: int + label: Exporter ContainerPort + group: "Exporter Settings" +- variable: coeConfig.distributedTracing.enable + default: false + type: boolean + label: Enable distributedTracing + group: "COE Settings" +- variable: coeConfig.distributedTracing.samplingrate + default: 100 + type: int + label: COE Sampling Rate + group: "COE Settings" +- variable: coeConfig.endpoint.server + type: string + label: COE Endpoint Server + group: "COE Settings" +- variable: coeConfig.timeseries.port + default: 5563 + type: int + label: COE timeseries port + group: "COE Settings" +- variable: coeConfig.timeseries.metrics.enable + default: false + type: boolean + label: Enable timeseries metrics + group: "COE Settings" +- variable: coeConfig.timeseries.metrics.mode + default: 'avro' + type: string + label: COE timeseries metrics Mode + group: "COE Settings" +- variable: coeConfig.timeseries.auditlogs.enable + default: false + type: string + label: Enable timeseries auditlogs + group: "COE Settings" +- variable: coeConfig.timeseries.events.enable + default: false + type: string + label: Enable timeseries events + group: "COE Settings" +- variable: coeConfig.transactions.enable + default: false + type: string + label: Enable transactions + group: "COE Settings" +- variable: coeConfig.transactions.port + default: 5557 + type: int + label: COE transactions port + group: "COE Settings" +- variable: crds.install + default: true + type: boolean + description: "If set to true the charts will install CustomResourceDefinitions which are consumed by CIC." + label: CRD flag + group: "Deployment Settings" +- variable: crds.retainOnDelete + default: false + type: boolean + description: "Set this argument to true if you want to retain CustomResourceDefinitions even after uninstalling CIC. This will avoid data-loss of Custom Resource Objects created before uninstallation." + label: CRD retainOnDelete flag + group: "Deployment Settings" diff --git a/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/templates/NOTES.txt b/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/templates/NOTES.txt new file mode 100644 index 000000000..bccfdf69a --- /dev/null +++ b/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/templates/NOTES.txt @@ -0,0 +1,14 @@ +Thank you for installing {{ .Chart.Name }}. + +Your release is named {{ .Release.Name }}. + + +To learn more about the release, try: + + $ helm status {{ .Release.Name }} + $ helm get {{ .Release.Name }} + + +To delete : + helm delete {{ .Release.Name }} + diff --git a/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/templates/_helpers.tpl b/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/templates/_helpers.tpl new file mode 100644 index 000000000..5fd1f1d61 --- /dev/null +++ b/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/templates/_helpers.tpl @@ -0,0 +1,11 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Analytics Server IP or DNS +*/}} +{{- define "analytics.server" -}} +{{- if .Values.coeConfig.endpoint.server -}} +{{- printf .Values.coeConfig.endpoint.server -}} +{{- else -}} +{{- printf "coe.%s.svc.cluster.local" .Release.Namespace -}} +{{- end -}} +{{- end -}} diff --git a/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/templates/cic_crds.yaml b/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/templates/cic_crds.yaml new file mode 100644 index 000000000..2ca841373 --- /dev/null +++ b/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/templates/cic_crds.yaml @@ -0,0 +1,1009 @@ +{{- if .Values.crds.install }} +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: rewritepolicies.citrix.com +{{- if .Values.crds.retainOnDelete }} + annotations: + "helm.sh/resource-policy": keep +{{- end }} +spec: + group: citrix.com + version: v1 + names: + kind: rewritepolicy + plural: rewritepolicies + singular: rewritepolicy + scope: Namespaced + subresources: + status: {} + additionalPrinterColumns: + - name: Status + type: string + description: "Current Status of the CRD" + JSONPath: .status.state + - name: Message + type: string + description: "Status Message" + JSONPath: .status.status_message + validation: + openAPIV3Schema: + properties: + spec: + properties: + rewrite-policies: + type: array + items: + properties: + servicenames: + description: 'Name of the services that needs to be binded to rewrite policy.' + type: array + items: + type: string + maxLength: 127 + goto-priority-expression: + description: 'Expression or other value specifying the next policy to be + evaluated if the current policy evaluates to TRUE. + Specify one of the following values: + * NEXT - Evaluate the policy with the next higher priority number. + * END - End policy evaluation. + Default value of goto-priority-expression: END' + type: string + maxLength: 1499 + logpackets: + description: 'Adds an audit message action. + The action specifies whether to log the message, and to which log.' + properties: + logexpression: + description: 'Default-syntax expression that defines the format and content of the log message.' + type: string + maxLength: 7991 + loglevel: + description: 'Audit log level, which specifies the severity level of the log message being generated.' + type: string + enum: ["EMERGENCY", "ALERT", "CRITICAL", "ERROR", "WARNING", "NOTICE", "INFORMATIONAL", "DEBUG"] + required: [logexpression, loglevel] + rewrite-policy: + properties: + rewrite-criteria: + description: 'Expression against which traffic is evaluated.' + type: string + maxLength: 1299 + default-action: + description: 'Action to perform if the result of policy evaluation is undefined (UNDEF). + An UNDEF event indicates an internal error condition.' + type: string + maxLength: 77 + enum: ['NOREWRITE', 'RESET', 'DROP'] + operation: + description: 'Type of user-defined rewrite action.' + type: string + enum: ["noop", "delete", "insert_http_header", "delete_http_header", + "corrupt_http_header", "insert_before", "insert_after", "replace", + "replace_http_res", "delete_all", "replace_all", "insert_before_all", + "insert_after_all", "clientless_vpn_encode", "clientless_vpn_encode_all", + "clientless_vpn_decode", "clientless_vpn_decode_all", "insert_sip_header", + "delete_sip_header", "corrupt_sip_header", "replace_sip_res", "replace_diameter_header_field", + "replace_dns_header_field", "replace_dns_answer_section"] + target: + description: 'Default syntax expression that specifies which part of the request or response to rewrite.' + type: string + maxLength: 1229 + modify-expression: + description: 'Default syntax expression that specifies the content to insert into the request + or response at the specified location, or that replaces the specified string.' + type: string + maxLength: 7991 + multiple-occurence-modify: + description: 'Search facility that is used to match multiple strings in the request or response.' + type: string + maxLength: 171 + additional-multiple-occurence-modify: + description: 'Specify additional criteria to refine the results of the search. + Always starts with the "extend(m,n)" operation, where "m" specifies number of bytes to the left of selected data + and "n" specifies number of bytes to the right of selected data. + You can use refineSearch only on body expressions, and only when rewrite-criteria is any one of this: + INSERT_BEFORE_ALL, INSERT_AFTER_ALL, REPLACE_ALL, and DELETE_ALL.' + type: string + maxLength: 1299 + direction: + description: 'Bind point to which to bind the policy.' + type: string + enum: ["REQUEST","RESPONSE"] + comment: + description: 'Any comments to preserve information about this rewrite policy.' + type: string + maxLength: 255 + required: [rewrite-criteria, operation, target, direction] + required: [servicenames, rewrite-policy] + + responder-policies: + type: array + items: + properties: + servicenames: + description: 'Name of the services that needs to be binded to responder policy.' + type: array + items: + type: string + maxLength: 127 + goto-priority-expression: + description: 'Expression or other value specifying the next policy to be + evaluated if the current policy evaluates to TRUE. + Specify one of the following values: + * NEXT - Evaluate the policy with the next higher priority number. + * END - End policy evaluation. + Default value of goto-priority-expression: END' + type: string + maxLength: 1499 + logpackets: + description: 'Adds an audit message action. + The action specifies whether to log the message, and to which log.' + properties: + logexpression: + description: 'Default-syntax expression that defines the format and content of the log message.' + type: string + maxLength: 7991 + loglevel: + description: 'Audit log level, which specifies the severity level of the log message being generated.' + type: string + enum: ["EMERGENCY", "ALERT", "CRITICAL", "ERROR", "WARNING", + "NOTICE", "INFORMATIONAL", "DEBUG"] + required: [logexpression, loglevel] + responder-policy: + properties: + redirect: + description: 'Use this option when you want to Redirect the request when request matches to policy.' + properties: + url: + description: 'URL on which you want to redirect the request.' + type: string + maxLength: 7991 + redirect-status-code: + description: 'HTTP response status code, for example 200, 302, 404, etc.' + type: integer + minimum: 100 + maximum: 599 + redirect-reason: + description: 'Expression specifying the reason for redirecting the request.' + type: string + maxLength: 7991 + required: [url] + respondwith: + description: 'Use this parameter when you want to respond to the request when request matches to policy.' + properties: + http-payload-string: + description: 'Expression that you want to sent as response to the request.' + type: string + maxLength: 7991 + required: [http-payload-string] + noop: + description: 'Use this option when you want to send the request to the protected server instead of + responding to it when request matches to policy.' + properties: + target: + description: 'Default syntax expression that specifies to perform noop operation on' + type: string + maxLength: 1229 + reset: + description: 'Use this option when you want to Reset the client connection by closing it when request matches to policy.' + properties: + drop: + description: 'Use this option when you want to drop the request without sending a response to the user when request matches to policy.' + properties: + respond-criteria: + description: 'Default syntax expression that the policy uses to determine whether to respond to the specified request.' + type: string + maxLength: 1299 + default-action: + description: 'Action to perform if the result of policy evaluation is undefined (UNDEF). + An UNDEF event indicates an internal error condition.' + type: string + maxLength: 77 + enum: ['NOOP', 'RESET', 'DROP'] + comment: + description: 'Any comments to preserve information about this responder policy.' + type: string + maxLength: 255 + required: [respond-criteria] + oneOf: [required: [redirect], required: [respondwith], required: [noop], required: [reset], required: [drop]] + required: [servicenames, responder-policy] + + dataset: + type: array + items: + properties: + name: + description: 'Name of the dataset.' + type: string + maxLength: 32 + type: + description: 'Type of value to bind to the dataset.' + type: string + enum: ["ipv4", "number", "ipv6", "ulong", "double", "mac"] + comment: + description: 'Any comments to preserve information about this dataset.' + type: string + maxLength: 255 + values: + description: 'Value of the specified type that is associated with this dataset.' + type: array + required: [name, type, values] + + patset: + type: array + items: + properties: + name: + description: 'Name of the Patset.' + type: string + maxLength: 32 + comment: + description: 'Any comments to preserve information about this patset.' + type: string + maxLength: 255 + values: + description: 'String of characters that constitutes a pattern and is associated with this patset.' + type: array + required: [name, values] + + stringmap: + type: array + items: + properties: + name: + description: 'Name of the Stringmap.' + type: string + maxLength: 32 + comment: + description: 'Any comments to preserve information about this stringmap.' + type: string + maxLength: 255 + values: + description: 'List of (key,value) pairs to be bound to this string map.' + type: array + items: + properties: + key: + description: 'Character string constituting the key to be bound to this string map.' + type: string + maxLength: 2047 + value: + description: 'Character string constituting the value associated with the key.' + type: string + maxLength: 2047 + required: [name, values] + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: ratelimits.citrix.com +{{- if .Values.crds.retainOnDelete }} + annotations: + "helm.sh/resource-policy": keep +{{- end }} +spec: + group: citrix.com + version: v1beta1 + names: + kind: ratelimit + plural: ratelimits + singular: ratelimit + scope: Namespaced + subresources: + status: {} + additionalPrinterColumns: + - name: Status + type: string + description: "Current Status of the CRD" + JSONPath: .status.state + - name: Message + type: string + description: "Status Message" + JSONPath: .status.status_message + validation: + openAPIV3Schema: + properties: + spec: + properties: + servicenames: + description: 'Name of the services to which the ratelimit policies are applied.' + type: array + items: + type: string + maxLength: 127 + selector_keys: + description: 'Traffic match criteria to which apply above rate-limit/throttling. All keys are applied as AND condition. If no keys are specified, rate-limit applies at service level' + properties: + basic: + description: "Basic traffic stream selection criteria to which to apply the ratelimit" + properties: + path: + type: array + description: "api resource path prefix match. e.g. /api/v1/products" + items: + type: string + method: + type: array + items: + type: string + enum: ['GET', 'PUT', 'POST','DELETE'] + header_name: + description: "HTTP header that identifies the unique API client for e.g. X-apikey" + type: string + per_client_ip: + description: "Setting this applies the throttling limit to each unique Client IP address accessing the API resource" + type: boolean + req_threshold: + description: 'Max requests per timeslice units to be allowed' + type: integer + timeslice: + description: 'Timeslice in miliseconds in multiple of 10. Defaults to 1000 miliseconds' + type: integer + limittype: + description: "Burst mode or smooth. Defaults to burst mode if the limittype is not specified" + type: string + enum: ['BURSTY','SMOOTH'] + throttle_action: + type: string + enum: ['DROP', 'RESET','REDIRECT', 'RESPOND'] + description: "Drop will drop the requests exceeding limits, RESET will reset the client connection, Redirect will redirect to specified URL, respond will respond with 429 'Exceeded allowed rate of requests'" + redirect_url: + type: string + description: "Redirect-URL" + required: [servicenames, req_threshold] +--- +#Sample CRD instance + +#apiVersion: citrix.com/v1 +#description: VIP for apache service +#kind: vip +#metadata: +# name: service-apache +# namespace: default +#spec: +# description: VIP for the apache Service +# ipaddress: 10.99.98.90 +# kind: service +# name: apache + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: vips.citrix.com +{{- if .Values.crds.retainOnDelete }} + annotations: + "helm.sh/resource-policy": keep +{{- end }} +spec: + group: citrix.com + version: v1 + names: + kind: vip + plural: vips + singular: vip + scope: Namespaced + subresources: + status: {} + additionalPrinterColumns: + - name: Status + type: string + description: "Current Status of the CRD" + JSONPath: .status.state + - name: Message + type: string + description: "Status Message" + JSONPath: .status.status_message + additionalPrinterColumns: + - JSONPath: .spec.ipaddress + name: VIP + type: string + - name: Age + type: date + JSONPath: .metadata.creationTimestamp + validation: + openAPIV3Schema: + properties: + spec: + properties: + ipaddress: + type: string + name: + type: string + kind: + type: string + enum: ["service", "ingress"] + description: + type: string +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: authpolicies.citrix.com +{{- if .Values.crds.retainOnDelete }} + annotations: + "helm.sh/resource-policy": keep +{{- end }} +spec: + group: citrix.com + version: v1beta1 + names: + kind: authpolicy + plural: authpolicies + singular: authpolicy + scope: Namespaced + subresources: + status: {} + additionalPrinterColumns: + - name: Status + type: string + description: "Current Status of the CRD" + JSONPath: .status.state + - name: Message + type: string + description: "Status Message" + JSONPath: .status.status_message + validation: + openAPIV3Schema: + properties: + spec: + properties: + servicenames: + description: 'Name of the services that needs to be binded to rewrite policy.' + type: array + items: + type: string + maxLength: 127 + auth_providers: + description: 'Auth Config for required auth providers, one or more of these can be created' + type: array + items: + description: " create config for a single auth provider of a particular type" + properties: + name: + description: 'Name for this provider, has to be unique, referenced by auth policies' + type: string + + oauth: + description: 'Auth provided by external oAuth provider' + properties: + issuer: + description: 'Identity of the server whose tokens are to be accepted' + type: string + jwks_uri: + description: 'URL of the endpoint that contains JWKs (Json Web Key) for JWT (Json Web Token) verification' + type: string + audience: + description: 'Audience for which token sent by Authorization server is applicable' + type: array + items: + type: string + token_in_hdr: + description: 'custom header name where token is present, default is Authorization header' + type: array + items: + type: string + token_in_param: + description: 'query parameter name where token is present' + type: array + items: + type: string + + basic_local_db: + description: 'Basic HTTP authentication, user data in local DB' + + required: + - name + + auth_policies: + description: "Auth policies" + type: array + items: + description: "Auth policy" + properties: + resource: + description: " endpoint/resource selection criteria" + properties: + path: + description: "api resource path e.g. /products. " + type: array + items: + type: string + method: + type: array + items: + type: string + enum: ['GET', 'PUT', 'POST','DELETE'] + required: + - path + provider: + description: "name of the auth provider for the policy, empty if no authentication required" + type: array + items: + type: string + required: + - resource + - provider + + required: + - servicenames + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: listeners.citrix.com +{{- if .Values.crds.retainOnDelete }} + annotations: + "helm.sh/resource-policy": keep +{{- end }} +status: +spec: + group: citrix.com + version: v1alpha1 + names: + kind: Listener + plural: listeners + singular: listener + scope: Namespaced + subresources: + status: {} + additionalPrinterColumns: + - name: Status + type: string + description: "Current Status of the CRD" + JSONPath: .status.state + - name: Message + type: string + description: "Status Message" + JSONPath: .status.status_message + validation: + openAPIV3Schema: + required: [spec] + properties: + spec: + type: object + required: [protocol] + properties: + protocol: + type: string + enum: ["https", "http"] + description: "Protocol for this listener" + vip: + type: string + description: "Endpoint IP address, Optional for CPX, required for Tier-1 deployments" + port: + type: integer + minimum: 1 + maximum: 65535 + certificates: + type: array + description: "certificates attached to the endpoints - Not applicable for HTTP" + minItems: 1 + items: + type: object + properties: + preconfigured: + type: string + description: "Preconfigured Certificate name on ADC " + secret: + type: object + description: "Kuberentes secret object" + required: [name] + properties: + name: + type: string + description: "name of the Kubernetes Secret object where Cert is located" + pattern: '^[a-z0-9]([-a-z0-9]*[a-z0-9])?$' + namespace: + type: string + description: "Namespace of the kubernetes secret object; Default is same namespace where the Listener object is located" + pattern: '^[a-z0-9]([-a-z0-9]*[a-z0-9])?$' + default: + type: boolean + description: "Only one of the certificate can be marked as default which will be presented if none of the cert matches with the hostname" + routes: + type: array + description: "List of route objects attached to the listener" + minItems: 1 + items: + type: object + properties: + name: + type: string + description: "Name of the HTTPRoute object" + pattern: '^[a-z0-9]([-a-z0-9]*[a-z0-9])?$' + namespace: + type: string + description: "Namespace of the HTTPRoute object" + pattern: '^[a-z0-9]([-a-z0-9]*[a-z0-9])?$' + labelSelector: + description: "Labels key value pair, if the route carries the same labels, it is automatically attached" + type: object + additionalProperties: + type: string + oneOf: + - required: [name, namespace] + - required: [labelSelector] + defaultAction: + type: object + description: "Default action for the listener: One of Backend or Redirect" + properties: + backend: + type: object + oneOf: + - required: [kube] + properties: + kube: + type: object + required: [service, port] + properties: + service: + description: "Name of the backend service" + type: string + pattern: '^[a-z0-9]([-a-z0-9]*[a-z0-9])?$' + port: + description: "Service port" + type: integer + minimum: 1 + maximum: 65535 + namespace: + description: "Service namespace" + type: string + pattern: '^[a-z0-9]([-a-z0-9]*[a-z0-9])?$' + backendConfig: + description: "General backend service options" + properties: + secure_backend: + description: "Use Secure communications to the backends" + type: boolean + lbConfig: + description: "Citrix ADC LB vserver configurations for the backend. Refer: https://developer-docs.citrix.com/projects/netscaler-nitro-api/en/12.0/configuration/load-balancing/lbvserver/lbvserver/ for all configurations" + type: object + additionalProperties: + type: string + servicegroupConfig: + description: "Citrix ADC service group configurations for the backend; Refer: https://developer-docs.citrix.com/projects/netscaler-nitro-api/en/12.0/configuration/basic/servicegroup/servicegroup/ for all configurations" + type: object + additionalProperties: + type: string + redirect: + type: object + oneOf: + - required: [targetExpression] + - required: [hostRedirect] + - required: [httpsRedirect] + properties: + httpsRedirect: + description: "Change the scheme from http to https keeping URL intact" + type: boolean + hostRedirect: + description: "Host name specified is used for redirection with URL intact" + type: string + targetExpression: + description: "A target can be specified using Citrix ADC policy expression" + type: string + responseCode: + description: "Default response code is 302, which can be customised using this attribute" + type: integer + minimum: 100 + maximum: 599 + oneOf: + - required: ["backend"] + - required: ["redirect"] +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: httproutes.citrix.com +{{- if .Values.crds.retainOnDelete }} + annotations: + "helm.sh/resource-policy": keep +{{- end }} +spec: + group: citrix.com + version: v1alpha1 + names: + kind: HTTPRoute + plural: httproutes + singular: httproute + scope: Namespaced + subresources: + status: {} + additionalPrinterColumns: + - name: Status + type: string + description: "Current Status of the CRD" + JSONPath: .status.state + - name: Message + type: string + description: "Status Message" + JSONPath: .status.status_message + validation: + openAPIV3Schema: + required: [spec] + properties: + spec: + type: object + required: [rules] + properties: + hostname: + type: array + description: "List of domain names that share the same route, default is '*'" + minItems: 1 + items: + type: string + description: "Domain name" + rules: + type: array + description: "List Content routing rules with an action defined" + minItems: 1 + items: + type: object + required: [name, action] + properties: + name: + type: string + description: "A name to represent the rule, this is used as an identifier in content routing policy name in ADC" + minLength: 1 + maxLength: 20 + pattern: '^[a-z0-9]([-a-z0-9]*[a-z0-9])?$' + match: + type: array + description: "List of rules with same action" + minItems: 1 + items: + type: object + anyOf: + - required: [path] + - required: [headers] + - required: [cookies] + - required: [queryParams] + - required: [method] + - required: [policyExpression] + properties: + path: + type: object + description: "URL Path based content routing" + properties: + prefix: + type: string + description: "URL path matches the prefix expression" + exact: + type: string + description: "URL Path must match exact path" + regex: + type: string + description: "PCRE based regex expression for path matching" + headers: + type: array + description: "List of header for content routing - Must match all the rules- Treated as AND condition if more than 1 rule" + minItems: 1 + items: + type: object + description: "Header details for content routing, Check for existence of a header or header name-value match" + properties: + headerName: + type: object + description: "Header name based content routing, Here existence of header is used for routing" + properties: + exact: + type: string + description: "Header Name - treated as exact must exist" + contains: + type: string + description: "Header Name - A header must exist that contain the string the name" + regex: + type: string + description: "header Name - treated as PCRE regex expression" + not: + type: boolean + description: "Default False, if present, rules are inverted. I.e header name must not exist" + oneOf: + - required: [exact] + - required: [contains] + - required: [regex] + headerValue: + type: object + description: "Header Name and Value based match" + properties: + name: + type: string + description: "Header name that must match the value" + exact: + type: string + description: "Header value - treated as exact" + contains: + type: string + description: "Header value - treated as contains" + regex: + type: string + description: "header value - treated as PCRE regex expression" + not: + type: boolean + description: "Default False, if present, rules are inverted. I.e header if present must not match the value" + oneOf: + - required: [name, exact] + - required: [name, contains] + - required: [name, regex] + queryParams: + type: array + description: "List of Query parameters for content routing - Must match all the rules- Treated as AND condition if more than 1 rule" + minItems: 1 + items: + type: object + description: "Query parameters Name and Value based match" + properties: + name: + type: string + description: "Query name that must match the value. If no value is specified, matches with any value" + exact: + type: string + description: "Query value - Exact match" + contains: + type: string + description: "Query value - value must have the string(substring)" + regex: + type: string + description: "Query value - Value must match this regex patterm" + not: + type: boolean + description: "Default False, if present, rules are inverted. I.e query if present must not match the value" + anyOf: + - required: [name] + - oneOf: + - required: [name, exact] + - required: [name, contains] + - required: [name, regex] + cookies: + type: array + description: "List of Cookie params for content routing - Must match all the rules- Treated as AND condition if more than 1 rule" + minItems: 1 + items: + type: object + description: "Cookie based routing" + properties: + name: + type: string + description: "cookie name that must match the value. If no value specified, it matches with any value" + exact: + type: string + description: "cookie value - treated as exact" + contains: + type: string + description: "cookie value - treated as substring" + regex: + type: string + description: "cookie value - treated as PCRE regex expression" + not: + type: boolean + description: "Default False, if present, rules are inverted. I.e cookie if present must not match the value" + anyOf: + - required: [name] + - oneOf: + - required: [name, exact] + - required: [name, contains] + - required: [name, regex] + method: + type: string + description: "HTTP method for content routing eg: POST, PUT, DELETE etc" + policyExpression: + type: string + description: "Citrix ADC policy expressions; refer: https://docs.citrix.com/en-us/netscaler/media/expression-prefix.pdf" + action: + type: object + description: "Action for the matched rule" + properties: + backend: + type: object + oneOf: + - required: [kube] + properties: + kube: + type: object + required: [service, port] + properties: + service: + description: "Name of the backend service" + type: string + pattern: '^[a-z0-9]([-a-z0-9]*[a-z0-9])?$' + port: + description: "Service port" + type: integer + minimum: 1 + maximum: 65535 + backendConfig: + description: "General backend service options" + properties: + secure_backend: + description: "Use Secure communications to the backends" + type: boolean + lbConfig: + description: "Citrix ADC LB vserver configurations for the backend. Refer: https://developer-docs.citrix.com/projects/netscaler-nitro-api/en/12.0/configuration/load-balancing/lbvserver/lbvserver/ for all configurations" + type: object + additionalProperties: + type: string + servicegroupConfig: + description: "Citrix ADC service group configurations for the backend; Refer: https://developer-docs.citrix.com/projects/netscaler-nitro-api/en/12.0/configuration/basic/servicegroup/servicegroup/ for all configurations" + type: object + additionalProperties: + type: string + redirect: + type: object + oneOf: + - required: [targetExpression] + - required: [hostRedirect] + - required: [httpsRedirect] + properties: + httpsRedirect: + description: "Change the scheme from http to https keeping URL intact" + type: boolean + hostRedirect: + description: "Host name specified is used for redirection with URL intact" + type: string + targetExpression: + description: "A target can be specified using Citrix ADC policy expression" + type: string + responseCode: + description: "Default response code is 302, which can be customised using this attribute" + type: integer + minimum: 100 + maximum: 599 + oneOf: + - required: ["backend"] + - required: ["redirect"] +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + # name must match the spec fields below, and be in the form: . + name: continuousdeployments.citrix.com +{{- if .Values.crds.retainOnDelete }} + annotations: + "helm.sh/resource-policy": keep +{{- end }} +spec: + # group name to use for REST API: /apis// + group: citrix.com + # list of versions supported by this CustomResourceDefinition + version: v1 + # - name: v1 + # Each version can be enabled/disabled by Served flag. + # served: true + # One and only one version must be marked as the storage version. + #storage: true + # either Namespaced or Cluster + scope: Namespaced + subresources: + status: {} + additionalPrinterColumns: + - name: Status + type: string + description: "Current Status of the CRD" + JSONPath: .status.state + - name: Message + type: string + description: "Status Message" + JSONPath: .status.status_message + names: + # plural name to be used in the URL: /apis/// + plural: continuousdeployments + # singular name to be used as an alias on the CLI and for display + singular: continuousdeployment + # kind is normally the CamelCased singular type. Your resource manifests use this. + kind: continuousDeploymentCustomConfig + # shortNames allow shorter string to match your resource on the CLI + shortNames: + - crd + + validation: + # openAPIV3Schema is the schema for validating custom objects. + openAPIV3Schema: + properties: + spec: + properties: + cronSpec: + type: integer +--- +{{- end }} \ No newline at end of file diff --git a/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/templates/citrix-k8s-cpx-ingress.yaml b/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/templates/citrix-k8s-cpx-ingress.yaml new file mode 100644 index 000000000..d920cb67c --- /dev/null +++ b/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/templates/citrix-k8s-cpx-ingress.yaml @@ -0,0 +1,221 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: cpx-ingress +spec: + selector: + matchLabels: + app: cpx-ingress + replicas: 1 + template: + metadata: + name: cpx-ingress + labels: + app: cpx-ingress + annotations: + spec: + serviceAccountName: cpx-ingress-k8s-role + containers: + - name: cpx-ingress + image: "{{ .Values.image }}" + imagePullPolicy: {{ .Values.pullPolicy }} + securityContext: + privileged: true + env: + - name: "EULA" + value: "{{ .Values.license.accept }}" + - name: "KUBERNETES_TASK_ID" + value: "" +{{- if .Values.ADMSettings.licenseServerIP }} + - name: "LS_IP" + value: {{ .Values.ADMSettings.licenseServerIP | quote }} +{{- end }} +{{- if .Values.ADMSettings.licenseServerPort }} + - name: "LS_PORT" + value: {{ .Values.ADMSettings.licenseServerPort | quote }} +{{- end }} + - name: "MGMT_HTTP_PORT" + value: {{ .Values.mgmtHttpPort | quote }} + - name: "MGMT_HTTPS_PORT" + value: {{ .Values.mgmtHttpsPort | quote }} +{{- if .Values.ADMSettings.ADMIP }} + - name: "NS_MGMT_SERVER" + value: {{ .Values.ADMSettings.ADMIP | quote }} + - name: "NS_MGMT_FINGER_PRINT" + value: {{ .Values.ADMSettings.ADMFingerPrint | quote }} + - name: "NS_HTTP_PORT" + value: {{ .Values.mgmtHttpPort | quote }} + - name: "NS_HTTPS_PORT" + value: {{ .Values.mgmtHttpsPort | quote }} + - name: "LOGSTREAM_COLLECTOR_IP" + value: {{ .Values.ADMSettings.ADMIP | quote }} +{{- end }} +#To povision bandwidth based licensing to Citrix ADC CPX from ADM, needs bandwidth +{{- if and ( .Values.ADMSettings.licenseServerIP ) (eq .Values.ADMSettings.bandWidthLicense true) }} + - name: "BANDWIDTH" + value: {{ required "Mention bandwidth for bandwidth based licensing" .Values.ADMSettings.bandWidth | quote }} +{{- end }} +#for multiple-PE support, need to set CPX_CORES +{{- if .Values.ADMSettings.licenseServerIP }} +{{- if or (eq .Values.ADMSettings.vCPULicense true) (eq .Values.ADMSettings.bandWidthLicense true) }} + - name: "CPX_CORES" + value: {{ .Values.ADMSettings.cpxCores | default 1 | quote }} +{{- end }} +{{- end }} +{{- if or (.Values.ADMSettings.ADMIP) (.Values.ADMSettings.licenseServerIP) }} + - name: NS_MGMT_USER + valueFrom: + secretKeyRef: + name: {{ required "Provide Secret for ADM/LicenseServer credentials" .Values.ADMSettings.loginSecret }} + key: username + - name: NS_MGMT_PASS + valueFrom: + secretKeyRef: + name: {{ required "Provide Secret for ADM/LicenseServer credentials" .Values.ADMSettings.loginSecret }} + key: password +{{- end }} + volumeMounts: + - mountPath: /cpx/conf/ + name: cpx-volume1 + - mountPath: /cpx/crash/ + name: cpx-volume2 +{{- if .Values.cic.required }} + # Add cic as a sidecar + - name: cic + image: "{{ .Values.cic.image }}" + imagePullPolicy: {{ .Values.cic.pullPolicy }} + env: + - name: "EULA" + value: "{{ .Values.license.accept }}" + - name: "NS_IP" + value: "127.0.0.1" + - name: "NS_APPS_NAME_PREFIX" + value: {{ .Values.nsNamespace | default "k8s"}} + - name: "NS_DEPLOYMENT_MODE" + value: "SIDECAR" + - name: "NS_ENABLE_MONITORING" + value: "YES" + - name: "NS_USER" + valueFrom: + secretKeyRef: + name: cpxlogin + key: username + - name: "NS_PASSWORD" + valueFrom: + secretKeyRef: + name: cpxlogin + key: password +{{- if .Values.logProxy }} + - name: "NS_LOGPROXY" + value: {{ .Values.logProxy | quote }} +{{- end }} + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace +{{- if .Values.kubernetesURL }} + - name: "kubernetes_url" + value: "{{ .Values.kubernetesURL }}" +{{- end }} + args: + - --configmap + {{ .Release.Namespace }}/cpx-cic-configmap +{{- if .Values.ingressClass }} + - --ingress-class +{{- range .Values.ingressClass}} + {{.}} +{{- end }} +{{- end }} +{{- if .Values.defaultSSLCert }} + - --default-ssl-certificate + {{ .Release.Namespace }}/{{ .Values.defaultSSLCert }} +{{- end }} +{{- end }} +{{- if .Values.exporter.required }} + - name: exporter + image: "{{ .Values.exporter.image }}" + imagePullPolicy: {{ .Values.exporter.pullPolicy }} + args: + - "--secure=no" + - "--target-nsip=127.0.0.1" + - "--port={{ .Values.exporter.ports.containerPort }}" + env: + - name: "NS_USER" + valueFrom: + secretKeyRef: + name: cpxlogin + key: username + - name: "NS_PASSWORD" + valueFrom: + secretKeyRef: + name: cpxlogin + key: password + securityContext: + readOnlyRootFilesystem: true +{{- end }} + volumes: + - name: cpx-volume1 + emptyDir: {} + - name: cpx-volume2 + emptyDir: {} +{{- if and .Values.nodeSelector.key .Values.nodeSelector.value }} + nodeSelector: + {{ .Values.nodeSelector.key }}: {{ .Values.nodeSelector.value }} +{{- end }} + +--- + +apiVersion: v1 +kind: Service +metadata: + name: cpx-service + labels: + app: cpx-service + service-type: citrix-adc-cpx-monitor +spec: + type: NodePort + ports: + - port: 80 + protocol: TCP + name: http + - port: 443 + protocol: TCP + name: https +{{- if .Values.exporter.required }} + - port: {{ .Values.exporter.ports.containerPort }} + targetPort: {{ .Values.exporter.ports.containerPort }} + name: exporter-port +{{- end }} + selector: + app: cpx-ingress + +--- + +{{- if .Values.exporter.required }} + +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: citrix-adc-cpx-servicemonitor + labels: + servicemonitor: citrix-adc-cpx +spec: + endpoints: + - interval: 30s + port: exporter-port + selector: + matchLabels: + service-type: citrix-adc-cpx-monitor + namespaceSelector: + matchNames: + - monitoring + - default + - {{ .Release.Namespace }} + +{{- end }} diff --git a/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/templates/configmap.yaml b/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/templates/configmap.yaml new file mode 100644 index 000000000..dd0c1bbee --- /dev/null +++ b/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/templates/configmap.yaml @@ -0,0 +1,31 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: cpx-cic-configmap + labels: + app: citrix-ingress-controller +data: + LOGLEVEL: {{ .Values.logLevel | quote | lower }} + NS_PROTOCOL: "http" + NS_PORT: "80" + NS_HTTP2_SERVER_SIDE: {{ .Values.http2ServerSide | quote | upper }} +{{- if .Values.coeConfig.required }} + NS_ANALYTICS_CONFIG: | + distributed_tracing: + enable: {{ .Values.coeConfig.distributedTracing.enable | quote }} + samplingrate: {{ .Values.coeConfig.distributedTracing.samplingrate }} + endpoint: + server: {{ include "analytics.server" . | quote }} + timeseries: + port: {{ .Values.coeConfig.timeseries.port }} + metrics: + enable: {{ .Values.coeConfig.timeseries.metrics.enable | quote }} + mode: {{ .Values.coeConfig.timeseries.metrics.mode | quote }} + auditlogs: + enable: {{ .Values.coeConfig.timeseries.auditlogs.enable | quote }} + events: + enable: {{ .Values.coeConfig.timeseries.events.enable | quote }} + transactions: + enable: {{ .Values.coeConfig.transactions.enable | quote }} + port: {{ .Values.coeConfig.transactions.port }} +{{- end }} diff --git a/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/templates/login_credentials.yaml b/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/templates/login_credentials.yaml new file mode 100644 index 000000000..0e22ef9dd --- /dev/null +++ b/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/templates/login_credentials.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: cpxlogin +type: Opaque +data: + username: bnNyb290 + password: bnNyb290 diff --git a/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/templates/rbac.yaml b/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/templates/rbac.yaml new file mode 100644 index 000000000..66482380d --- /dev/null +++ b/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/templates/rbac.yaml @@ -0,0 +1,73 @@ +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: cpx-ingress-k8s-role +rules: + - apiGroups: [""] +{{- if .Values.openshift }} + resources: ["endpoints", "ingresses", "pods", "secrets", "routes", "tokenreviews", "subjectaccessreviews", "nodes", "namespaces", "configmaps"] +{{- else }} + resources: ["endpoints", "ingresses", "pods", "secrets", "routes", "nodes", "namespaces", "configmaps"] +{{- end}} + verbs: ["get", "list", "watch"] + # services/status is needed to update the loadbalancer IP in service status for integrating + # service of type LoadBalancer with external-dns + - apiGroups: [""] + resources: ["services/status"] + verbs: ["patch"] + - apiGroups: [""] + resources: ["services"] + verbs: ["get", "list", "watch", "patch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["create"] + - apiGroups: ["extensions","networking.k8s.io"] + resources: ["ingresses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["extensions","networking.k8s.io"] + resources: ["ingresses/status"] + verbs: ["patch"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["get", "list", "watch"] + - apiGroups: ["apps"] + resources: ["deployments"] + verbs: ["get", "list", "watch"] + - apiGroups: ["citrix.com"] + resources: ["rewritepolicies", "continuousdeployments", "authpolicies", "ratelimits", "listeners", "httproutes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["citrix.com"] + resources: ["rewritepolicies/status", "continuousdeployments/status", "authpolicies/status", "ratelimits/status", "listeners/status", "httproutes/status"] + verbs: ["get", "list", "patch"] + - apiGroups: ["citrix.com"] + resources: ["vips"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: ["route.openshift.io"] + resources: ["routes"] + verbs: ["get", "list", "watch"] + +--- + +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: cpx-ingress-k8s-role +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cpx-ingress-k8s-role +subjects: +- kind: ServiceAccount + name: cpx-ingress-k8s-role + namespace: {{ .Release.Namespace }} +apiVersion: rbac.authorization.k8s.io/v1 + +--- + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: cpx-ingress-k8s-role + namespace: {{ .Release.Namespace }} + +--- diff --git a/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/values.yaml b/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/values.yaml new file mode 100644 index 000000000..cda67583c --- /dev/null +++ b/charts/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller/1.8.2800/values.yaml @@ -0,0 +1,81 @@ +# Default values for citrix-cpx-with-ingress-controller. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# cpximage contains information needed to fetch CPX image +image: quay.io/citrix/citrix-k8s-cpx-ingress:13.0-58.30 +pullPolicy: IfNotPresent +# cicimage contains information needed to fetch CIC image +cic: + image: quay.io/citrix/citrix-k8s-ingress-controller:1.8.28 + pullPolicy: IfNotPresent + required: true + +mgmtHttpPort: 9080 + +mgmtHttpsPort: 9443 +# openshift is set to true if charts are being deployed in OpenShift environment. +openshift: false +# nsNamespace is the prefix for the resources on the Citrix ADC +nsNamespace: +# license is used accept the terms of the Citrix license +license: + accept: no +# ingressClass is the name of the Ingress Class +ingressClass: +# logLevel is to set level of CIC Logs +logLevel: DEBUG +# Default SSL certificate +defaultSSLCert: +# Elasticsearch or Kafka or Zipkin endpoint for Citrix observability exporter +logProxy: +# Set to ON to enables HTTP2 for Citrix ADC service group configurations +http2ServerSide: "OFF" +nodeSelector: + key: + value: + +ADMSettings: + licenseServerIP: + licenseServerPort: 27000 + ADMIP: + ADMFingerPrint: + loginSecret: + bandWidthLicense: false + bandWidth: + vCPULicense: false + cpxCores: + +# exporter conatins information of prometheus-exporter +exporter: + required: false + image: quay.io/citrix/citrix-adc-metrics-exporter:1.4.4 + pullPolicy: IfNotPresent + ports: + containerPort: 8888 + +coeConfig: + required: false + distributedTracing: + enable: false + samplingrate: 100 + endpoint: + server: + timeseries: + port: 5563 + metrics: + enable: false + mode: 'avro' + auditlogs: + enable: false + events: + enable: false + transactions: + enable: false + port: 5557 + +crds: +# If false, CustomResourceDefinitions will not be installed. + install: true +# if set to true, then CustomResourceDefinitions will not be deleted during helm delete. This way, CustomResourceObjects will not be deleted from the database. + retainOnDelete: false diff --git a/charts/cloudcasa/cloudcasa/0.1.000/Chart.yaml b/charts/cloudcasa/cloudcasa/0.1.000/Chart.yaml new file mode 100644 index 000000000..3eaf82672 --- /dev/null +++ b/charts/cloudcasa/cloudcasa/0.1.000/Chart.yaml @@ -0,0 +1,19 @@ +annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/namespace: cloudcasa-io + catalog.cattle.io/release-name: cloudcasa +apiVersion: v2 +appVersion: 0.1.0 +description: CloudCasa backup service for Kubernetes and cloud native applications +home: https://cloudcasa.io +icon: https://partner-charts.rancher.io/assets/logos/cloudcasa.png +keywords: +- backup +- Catalogic +- CloudCasa +kubeVersion: '>=1.13.0-0' +maintainers: +- email: info@catalogicsoftware.com + name: catalogicsoftware +name: cloudcasa +version: 0.1.000 diff --git a/charts/cloudcasa/cloudcasa/0.1.000/README.md b/charts/cloudcasa/cloudcasa/0.1.000/README.md new file mode 100644 index 000000000..f829ec17e --- /dev/null +++ b/charts/cloudcasa/cloudcasa/0.1.000/README.md @@ -0,0 +1,51 @@ +# CloudCasa Kubernetes Agent + +[CloudCasa](https://cloudcasa.io) - A Smart Home in the Cloud for Kubernetes Backups + +# Introduction + +CloudCasa is a SaaS solution that provides class-leading data protection services for Kubernetes and cloud native applications. +Configuration is quick and easy, and basic service is free. + +This Helm chart installs and configures the CloudCasa agent on a Kubernetes cluster. +See the CloudCasa [Getting Started Guide](https://cloudcasa.io/get-started) for more information. + +## Prerequisites + +1. Kubernetes 1.17+ +2. Helm 3.0+ + +## Installation + +### Rancher Installation (Apps & Marketplace) + +1. Log in to https://home.cloudcasa.io and add your Kubernetes cluster under the Setup tab. Note the returned cluster ID. +2. Go to Apps & Marketplace in the Rancher UI. In the Deploy Chart section, check the Partners checkbox and click on the cloudcasa chart. +3. Provide a Name (e.g. CloudCasa) and optional description. +4. In the CloudCasa Configuration section, provide the Cluster ID obtained above. +5. Click on the Install button to complete installation of the agent. + +### Helm CLI Installation + +1. Log in to https://home.cloudcasa.io and add your Kubernetes cluster under the Setup tab. Note the returned cluster ID. +2. Execute the following helm commands, replacing `````` with the Cluster ID obtained above: +``` +$ helm repo add cloudcasa-repo https://catalogicsoftware.github.io/cloudcasa-helmchart +$ helm install cloudcasa.io cloudcasa-repo/cloudcasa-helmchart --set cluster_id= +``` +This will install the CloudCasa agent and complete registration of the cluster with the CloudCasa service. + +## Updating the CloudCasa Agent +1. Log in to https://home.cloudcasa.io and obtain the cluster ID for your cluster by selecting it under the Setup tab. +2. Execute the following commands to update the agent: +``` +$ helm repo update +$ helm upgrade cloudcasa.io cloudcasa-repo/cloudcasa-helmchart --set cluster_id= +``` + +## Uninstalling the CloudCasa Agent +``` +$ helm uninstall cloudcasa.io +``` + +*CloudCasa is a trademark of Catalogic Software Inc.* diff --git a/charts/cloudcasa/cloudcasa/0.1.000/app-readme.md b/charts/cloudcasa/cloudcasa/0.1.000/app-readme.md new file mode 100644 index 000000000..bae0de627 --- /dev/null +++ b/charts/cloudcasa/cloudcasa/0.1.000/app-readme.md @@ -0,0 +1,6 @@ +# CloudCasa Kubernetes Agent + +### [CloudCasa](https://cloudcasa.io) - A Smart Home in the Cloud for Kubernetes Backups + +CloudCasa is a SaaS solution that provides class-leading data protection services for Kubernetes and cloud native applications. +Configuration is quick and easy, and basic service is free. See the CloudCasa [Getting Started Guide](https://cloudcasa.io/get-started) for more information. diff --git a/charts/cloudcasa/cloudcasa/0.1.000/questions.yaml b/charts/cloudcasa/cloudcasa/0.1.000/questions.yaml new file mode 100644 index 000000000..d4443f94f --- /dev/null +++ b/charts/cloudcasa/cloudcasa/0.1.000/questions.yaml @@ -0,0 +1,13 @@ +namespace: cloudcasa-io +labels: + io.rancher.certified: partner +categories: +- Application +questions: +- variable: cluster_id + default: "" + description: "CloudCasa Cluster ID" + type: string + required: true + label: CLUSTER ID + group: "CloudCasa Configuration" diff --git a/charts/cloudcasa/cloudcasa/0.1.000/templates/NOTES.txt b/charts/cloudcasa/cloudcasa/0.1.000/templates/NOTES.txt new file mode 100644 index 000000000..e30a0df5a --- /dev/null +++ b/charts/cloudcasa/cloudcasa/0.1.000/templates/NOTES.txt @@ -0,0 +1,5 @@ +--------Please be patient while the chart is being deployed-------- + +Tip: Watch the App deployment status using the command: kubectl get pods -n cloudcasa-io + +Monitor the Cloudcasa UI, the regsitered cluster state should be moved to Ready State. If the clutser state is still in Pendingstate, wrong ClusterID would have been provided. diff --git a/charts/cloudcasa/cloudcasa/0.1.000/templates/_helpers.tpl b/charts/cloudcasa/cloudcasa/0.1.000/templates/_helpers.tpl new file mode 100644 index 000000000..75bf8467f --- /dev/null +++ b/charts/cloudcasa/cloudcasa/0.1.000/templates/_helpers.tpl @@ -0,0 +1,32 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "cloudcasa.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "cloudcasa.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "cloudcasa.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/charts/cloudcasa/cloudcasa/0.1.000/templates/cluster-register.yaml b/charts/cloudcasa/cloudcasa/0.1.000/templates/cluster-register.yaml new file mode 100644 index 000000000..57552aa2e --- /dev/null +++ b/charts/cloudcasa/cloudcasa/0.1.000/templates/cluster-register.yaml @@ -0,0 +1,2982 @@ +# +# The velero part of the agent spec has been generated using the following +# command: +# +# velero install \ +# --features=EnableCSI \ +# --no-default-backup-location=true \ +# --namespace=cloudcasa-io \ +# --use-volume-snapshots=false \ +# --no-secret \ +# --plugins velero/velero-plugin-for-aws \ +# --dry-run -o yaml > ./intermediate-template.yaml +# ----------------------------------------------------------------------- +# Steps to delete the agent deployment are: +# ----------------------------------------------------------------------- +# kubectl delete namespace/cloudcasa-io clusterrolebinding/cloudcasa-io +# kubectl delete crds -l component=kubeagent_backup_helper + +{{ if not (lookup "v1" "Namespace" .Values.namespace "cloudcasa-io") }} + +apiVersion: v1 +kind: Namespace +metadata: + name: cloudcasa-io + +{{ end }} +--- +apiVersion: v1 +items: +- apiVersion: apiextensions.k8s.io/v1beta1 + kind: CustomResourceDefinition + metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + labels: + component: kubeagent-backup-helper + name: backups.velero.io + spec: + group: velero.io + names: + kind: Backup + listKind: BackupList + plural: backups + singular: backup + preserveUnknownFields: false + scope: Namespaced + validation: + openAPIV3Schema: + description: Backup is a Velero resource that respresents the capture of Kubernetes cluster state at a point in time (API objects and associated volume state). + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BackupSpec defines the specification for a Velero backup. + properties: + defaultVolumesToRestic: + description: DefaultVolumesToRestic specifies whether restic should be used to take a backup of all pod volumes by default. + type: boolean + excludedNamespaces: + description: ExcludedNamespaces contains a list of namespaces that are not included in the backup. + items: + type: string + nullable: true + type: array + excludedResources: + description: ExcludedResources is a slice of resource names that are not included in the backup. + items: + type: string + nullable: true + type: array + hooks: + description: Hooks represent custom behaviors that should be executed at different phases of the backup. + properties: + resources: + description: Resources are hooks that should be executed when backing up individual instances of a resource. + items: + description: BackupResourceHookSpec defines one or more BackupResourceHooks that should be executed based on the rules defined for namespaces, resources, and label selector. + properties: + excludedNamespaces: + description: ExcludedNamespaces specifies the namespaces to which this hook spec does not apply. + items: + type: string + nullable: true + type: array + excludedResources: + description: ExcludedResources specifies the resources to which this hook spec does not apply. + items: + type: string + nullable: true + type: array + includedNamespaces: + description: IncludedNamespaces specifies the namespaces to which this hook spec applies. If empty, it applies to all namespaces. + items: + type: string + nullable: true + type: array + includedResources: + description: IncludedResources specifies the resources to which this hook spec applies. If empty, it applies to all resources. + items: + type: string + nullable: true + type: array + labelSelector: + description: LabelSelector, if specified, filters the resources to which this hook spec applies. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + name: + description: Name is the name of this hook. + type: string + post: + description: PostHooks is a list of BackupResourceHooks to execute after storing the item in the backup. These are executed after all "additional items" from item actions are processed. + items: + description: BackupResourceHook defines a hook for a resource. + properties: + exec: + description: Exec defines an exec hook. + properties: + command: + description: Command is the command and arguments to execute. + items: + type: string + minItems: 1 + type: array + container: + description: Container is the container in the pod where the command should be executed. If not specified, the pod's first container is used. + type: string + onError: + description: OnError specifies how Velero should behave if it encounters an error executing this hook. + enum: + - Continue + - Fail + type: string + timeout: + description: Timeout defines the maximum amount of time Velero should wait for the hook to complete before considering the execution a failure. + type: string + required: + - command + type: object + required: + - exec + type: object + type: array + pre: + description: PreHooks is a list of BackupResourceHooks to execute prior to storing the item in the backup. These are executed before any "additional items" from item actions are processed. + items: + description: BackupResourceHook defines a hook for a resource. + properties: + exec: + description: Exec defines an exec hook. + properties: + command: + description: Command is the command and arguments to execute. + items: + type: string + minItems: 1 + type: array + container: + description: Container is the container in the pod where the command should be executed. If not specified, the pod's first container is used. + type: string + onError: + description: OnError specifies how Velero should behave if it encounters an error executing this hook. + enum: + - Continue + - Fail + type: string + timeout: + description: Timeout defines the maximum amount of time Velero should wait for the hook to complete before considering the execution a failure. + type: string + required: + - command + type: object + required: + - exec + type: object + type: array + required: + - name + type: object + nullable: true + type: array + type: object + includeClusterResources: + description: IncludeClusterResources specifies whether cluster-scoped resources should be included for consideration in the backup. + nullable: true + type: boolean + includedNamespaces: + description: IncludedNamespaces is a slice of namespace names to include objects from. If empty, all namespaces are included. + items: + type: string + nullable: true + type: array + includedResources: + description: IncludedResources is a slice of resource names to include in the backup. If empty, all resources are included. + items: + type: string + nullable: true + type: array + labelSelector: + description: LabelSelector is a metav1.LabelSelector to filter with when adding individual objects to the backup. If empty or nil, all objects are included. Optional. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + orderedResources: + additionalProperties: + type: string + description: OrderedResources specifies the backup order of resources of specific Kind. The map key is the Kind name and value is a list of resource names separeted by commas. Each resource name has format "namespace/resourcename". For cluster resources, simply use "resourcename". + nullable: true + type: object + snapshotVolumes: + description: SnapshotVolumes specifies whether to take cloud snapshots of any PV's referenced in the set of objects included in the Backup. + nullable: true + type: boolean + storageLocation: + description: StorageLocation is a string containing the name of a BackupStorageLocation where the backup should be stored. + type: string + ttl: + description: TTL is a time.Duration-parseable string describing how long the Backup should be retained for. + type: string + volumeSnapshotLocations: + description: VolumeSnapshotLocations is a list containing names of VolumeSnapshotLocations associated with this backup. + items: + type: string + type: array + type: object + status: + description: BackupStatus captures the current status of a Velero backup. + properties: + completionTimestamp: + description: CompletionTimestamp records the time a backup was completed. Completion time is recorded even on failed backups. Completion time is recorded before uploading the backup object. The server's time is used for CompletionTimestamps + format: date-time + nullable: true + type: string + errors: + description: Errors is a count of all error messages that were generated during execution of the backup. The actual errors are in the backup's log file in object storage. + type: integer + expiration: + description: Expiration is when this Backup is eligible for garbage-collection. + format: date-time + nullable: true + type: string + formatVersion: + description: FormatVersion is the backup format version, including major, minor, and patch version. + type: string + phase: + description: Phase is the current state of the Backup. + enum: + - New + - FailedValidation + - InProgress + - Completed + - PartiallyFailed + - Failed + - Deleting + type: string + progress: + description: Progress contains information about the backup's execution progress. Note that this information is best-effort only -- if Velero fails to update it during a backup for any reason, it may be inaccurate/stale. + nullable: true + properties: + itemsBackedUp: + description: ItemsBackedUp is the number of items that have actually been written to the backup tarball so far. + type: integer + totalItems: + description: TotalItems is the total number of items to be backed up. This number may change throughout the execution of the backup due to plugins that return additional related items to back up, the velero.io/exclude-from-backup label, and various other filters that happen as items are processed. + type: integer + type: object + startTimestamp: + description: StartTimestamp records the time a backup was started. Separate from CreationTimestamp, since that value changes on restores. The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + validationErrors: + description: ValidationErrors is a slice of all validation errors (if applicable). + items: + type: string + nullable: true + type: array + version: + description: 'Version is the backup format major version. Deprecated: Please see FormatVersion' + type: integer + volumeSnapshotsAttempted: + description: VolumeSnapshotsAttempted is the total number of attempted volume snapshots for this backup. + type: integer + volumeSnapshotsCompleted: + description: VolumeSnapshotsCompleted is the total number of successfully completed volume snapshots for this backup. + type: integer + warnings: + description: Warnings is a count of all warning messages that were generated during execution of the backup. The actual warnings are in the backup's log file in object storage. + type: integer + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true +- apiVersion: apiextensions.k8s.io/v1beta1 + kind: CustomResourceDefinition + metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + labels: + component: kubeagent-backup-helper + name: backupstoragelocations.velero.io + spec: + additionalPrinterColumns: + - JSONPath: .status.phase + description: Backup Storage Location status such as Available/Unavailable + name: Phase + type: string + - JSONPath: .status.lastValidationTime + description: LastValidationTime is the last time the backup store location was validated + name: Last Validated + type: date + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: velero.io + names: + kind: BackupStorageLocation + listKind: BackupStorageLocationList + plural: backupstoragelocations + shortNames: + - bsl + singular: backupstoragelocation + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: BackupStorageLocation is a location where Velero stores backup objects + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BackupStorageLocationSpec defines the desired state of a Velero BackupStorageLocation + properties: + accessMode: + description: AccessMode defines the permissions for the backup storage location. + enum: + - ReadOnly + - ReadWrite + type: string + backupSyncPeriod: + description: BackupSyncPeriod defines how frequently to sync backup API objects from object storage. A value of 0 disables sync. + nullable: true + type: string + config: + additionalProperties: + type: string + description: Config is for provider-specific configuration fields. + type: object + objectStorage: + description: ObjectStorageLocation specifies the settings necessary to connect to a provider's object storage. + properties: + bucket: + description: Bucket is the bucket to use for object storage. + type: string + caCert: + description: CACert defines a CA bundle to use when verifying TLS connections to the provider. + format: byte + type: string + prefix: + description: Prefix is the path inside a bucket to use for Velero storage. Optional. + type: string + required: + - bucket + type: object + provider: + description: Provider is the provider of the backup storage. + type: string + validationFrequency: + description: ValidationFrequency defines how frequently to validate the corresponding object storage. A value of 0 disables validation. + nullable: true + type: string + required: + - objectStorage + - provider + type: object + status: + description: BackupStorageLocationStatus defines the observed state of BackupStorageLocation + properties: + accessMode: + description: "AccessMode is an unused field. \n Deprecated: there is now an AccessMode field on the Spec and this field will be removed entirely as of v2.0." + enum: + - ReadOnly + - ReadWrite + type: string + lastSyncedRevision: + description: "LastSyncedRevision is the value of the `metadata/revision` file in the backup storage location the last time the BSL's contents were synced into the cluster. \n Deprecated: this field is no longer updated or used for detecting changes to the location's contents and will be removed entirely in v2.0." + type: string + lastSyncedTime: + description: LastSyncedTime is the last time the contents of the location were synced into the cluster. + format: date-time + nullable: true + type: string + lastValidationTime: + description: LastValidationTime is the last time the backup store location was validated the cluster. + format: date-time + nullable: true + type: string + phase: + description: Phase is the current state of the BackupStorageLocation. + enum: + - Available + - Unavailable + type: string + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true +- apiVersion: apiextensions.k8s.io/v1beta1 + kind: CustomResourceDefinition + metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + labels: + component: kubeagent-backup-helper + name: deletebackuprequests.velero.io + spec: + group: velero.io + names: + kind: DeleteBackupRequest + listKind: DeleteBackupRequestList + plural: deletebackuprequests + singular: deletebackuprequest + preserveUnknownFields: false + scope: Namespaced + validation: + openAPIV3Schema: + description: DeleteBackupRequest is a request to delete one or more backups. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DeleteBackupRequestSpec is the specification for which backups to delete. + properties: + backupName: + type: string + required: + - backupName + type: object + status: + description: DeleteBackupRequestStatus is the current status of a DeleteBackupRequest. + properties: + errors: + description: Errors contains any errors that were encountered during the deletion process. + items: + type: string + nullable: true + type: array + phase: + description: Phase is the current state of the DeleteBackupRequest. + enum: + - New + - InProgress + - Processed + type: string + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true +- apiVersion: apiextensions.k8s.io/v1beta1 + kind: CustomResourceDefinition + metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + labels: + component: kubeagent-backup-helper + name: downloadrequests.velero.io + spec: + group: velero.io + names: + kind: DownloadRequest + listKind: DownloadRequestList + plural: downloadrequests + singular: downloadrequest + preserveUnknownFields: false + scope: Namespaced + validation: + openAPIV3Schema: + description: DownloadRequest is a request to download an artifact from backup object storage, such as a backup log file. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DownloadRequestSpec is the specification for a download request. + properties: + target: + description: Target is what to download (e.g. logs for a backup). + properties: + kind: + description: Kind is the type of file to download. + enum: + - BackupLog + - BackupContents + - BackupVolumeSnapshots + - BackupResourceList + - RestoreLog + - RestoreResults + type: string + name: + description: Name is the name of the kubernetes resource with which the file is associated. + type: string + required: + - kind + - name + type: object + required: + - target + type: object + status: + description: DownloadRequestStatus is the current status of a DownloadRequest. + properties: + downloadURL: + description: DownloadURL contains the pre-signed URL for the target file. + type: string + expiration: + description: Expiration is when this DownloadRequest expires and can be deleted by the system. + format: date-time + nullable: true + type: string + phase: + description: Phase is the current state of the DownloadRequest. + enum: + - New + - Processed + type: string + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true +- apiVersion: apiextensions.k8s.io/v1beta1 + kind: CustomResourceDefinition + metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + labels: + component: kubeagent-backup-helper + name: podvolumebackups.velero.io + spec: + group: velero.io + names: + kind: PodVolumeBackup + listKind: PodVolumeBackupList + plural: podvolumebackups + singular: podvolumebackup + preserveUnknownFields: false + scope: Namespaced + validation: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: PodVolumeBackupSpec is the specification for a PodVolumeBackup. + properties: + backupStorageLocation: + description: BackupStorageLocation is the name of the backup storage location where the restic repository is stored. + type: string + node: + description: Node is the name of the node that the Pod is running on. + type: string + pod: + description: Pod is a reference to the pod containing the volume to be backed up. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + repoIdentifier: + description: RepoIdentifier is the restic repository identifier. + type: string + tags: + additionalProperties: + type: string + description: Tags are a map of key-value pairs that should be applied to the volume backup as tags. + type: object + volume: + description: Volume is the name of the volume within the Pod to be backed up. + type: string + required: + - backupStorageLocation + - node + - pod + - repoIdentifier + - volume + type: object + status: + description: PodVolumeBackupStatus is the current status of a PodVolumeBackup. + properties: + completionTimestamp: + description: CompletionTimestamp records the time a backup was completed. Completion time is recorded even on failed backups. Completion time is recorded before uploading the backup object. The server's time is used for CompletionTimestamps + format: date-time + nullable: true + type: string + message: + description: Message is a message about the pod volume backup's status. + type: string + path: + description: Path is the full path within the controller pod being backed up. + type: string + phase: + description: Phase is the current state of the PodVolumeBackup. + enum: + - New + - InProgress + - Completed + - Failed + type: string + progress: + description: Progress holds the total number of bytes of the volume and the current number of backed up bytes. This can be used to display progress information about the backup operation. + properties: + bytesDone: + format: int64 + type: integer + totalBytes: + format: int64 + type: integer + type: object + snapshotID: + description: SnapshotID is the identifier for the snapshot of the pod volume. + type: string + startTimestamp: + description: StartTimestamp records the time a backup was started. Separate from CreationTimestamp, since that value changes on restores. The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true +- apiVersion: apiextensions.k8s.io/v1beta1 + kind: CustomResourceDefinition + metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + labels: + component: kubeagent-backup-helper + name: podvolumerestores.velero.io + spec: + group: velero.io + names: + kind: PodVolumeRestore + listKind: PodVolumeRestoreList + plural: podvolumerestores + singular: podvolumerestore + preserveUnknownFields: false + scope: Namespaced + validation: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: PodVolumeRestoreSpec is the specification for a PodVolumeRestore. + properties: + backupStorageLocation: + description: BackupStorageLocation is the name of the backup storage location where the restic repository is stored. + type: string + pod: + description: Pod is a reference to the pod containing the volume to be restored. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + repoIdentifier: + description: RepoIdentifier is the restic repository identifier. + type: string + snapshotID: + description: SnapshotID is the ID of the volume snapshot to be restored. + type: string + volume: + description: Volume is the name of the volume within the Pod to be restored. + type: string + required: + - backupStorageLocation + - pod + - repoIdentifier + - snapshotID + - volume + type: object + status: + description: PodVolumeRestoreStatus is the current status of a PodVolumeRestore. + properties: + completionTimestamp: + description: CompletionTimestamp records the time a restore was completed. Completion time is recorded even on failed restores. The server's time is used for CompletionTimestamps + format: date-time + nullable: true + type: string + message: + description: Message is a message about the pod volume restore's status. + type: string + phase: + description: Phase is the current state of the PodVolumeRestore. + enum: + - New + - InProgress + - Completed + - Failed + type: string + progress: + description: Progress holds the total number of bytes of the snapshot and the current number of restored bytes. This can be used to display progress information about the restore operation. + properties: + bytesDone: + format: int64 + type: integer + totalBytes: + format: int64 + type: integer + type: object + startTimestamp: + description: StartTimestamp records the time a restore was started. The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true +- apiVersion: apiextensions.k8s.io/v1beta1 + kind: CustomResourceDefinition + metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + labels: + component: kubeagent-backup-helper + name: resticrepositories.velero.io + spec: + group: velero.io + names: + kind: ResticRepository + listKind: ResticRepositoryList + plural: resticrepositories + singular: resticrepository + preserveUnknownFields: false + scope: Namespaced + validation: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ResticRepositorySpec is the specification for a ResticRepository. + properties: + backupStorageLocation: + description: BackupStorageLocation is the name of the BackupStorageLocation that should contain this repository. + type: string + maintenanceFrequency: + description: MaintenanceFrequency is how often maintenance should be run. + type: string + resticIdentifier: + description: ResticIdentifier is the full restic-compatible string for identifying this repository. + type: string + volumeNamespace: + description: VolumeNamespace is the namespace this restic repository contains pod volume backups for. + type: string + required: + - backupStorageLocation + - maintenanceFrequency + - resticIdentifier + - volumeNamespace + type: object + status: + description: ResticRepositoryStatus is the current status of a ResticRepository. + properties: + lastMaintenanceTime: + description: LastMaintenanceTime is the last time maintenance was run. + format: date-time + nullable: true + type: string + message: + description: Message is a message about the current status of the ResticRepository. + type: string + phase: + description: Phase is the current state of the ResticRepository. + enum: + - New + - Ready + - NotReady + type: string + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true +- apiVersion: apiextensions.k8s.io/v1beta1 + kind: CustomResourceDefinition + metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + labels: + component: kubeagent-backup-helper + name: restores.velero.io + spec: + group: velero.io + names: + kind: Restore + listKind: RestoreList + plural: restores + singular: restore + preserveUnknownFields: false + scope: Namespaced + validation: + openAPIV3Schema: + description: Restore is a Velero resource that represents the application of resources from a Velero backup to a target Kubernetes cluster. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: RestoreSpec defines the specification for a Velero restore. + properties: + backupName: + description: BackupName is the unique name of the Velero backup to restore from. + type: string + excludedNamespaces: + description: ExcludedNamespaces contains a list of namespaces that are not included in the restore. + items: + type: string + nullable: true + type: array + excludedResources: + description: ExcludedResources is a slice of resource names that are not included in the restore. + items: + type: string + nullable: true + type: array + hooks: + description: Hooks represent custom behaviors that should be executed during or post restore. + properties: + resources: + items: + description: RestoreResourceHookSpec defines one or more RestoreResrouceHooks that should be executed based on the rules defined for namespaces, resources, and label selector. + properties: + excludedNamespaces: + description: ExcludedNamespaces specifies the namespaces to which this hook spec does not apply. + items: + type: string + nullable: true + type: array + excludedResources: + description: ExcludedResources specifies the resources to which this hook spec does not apply. + items: + type: string + nullable: true + type: array + includedNamespaces: + description: IncludedNamespaces specifies the namespaces to which this hook spec applies. If empty, it applies to all namespaces. + items: + type: string + nullable: true + type: array + includedResources: + description: IncludedResources specifies the resources to which this hook spec applies. If empty, it applies to all resources. + items: + type: string + nullable: true + type: array + labelSelector: + description: LabelSelector, if specified, filters the resources to which this hook spec applies. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + name: + description: Name is the name of this hook. + type: string + postHooks: + description: PostHooks is a list of RestoreResourceHooks to execute during and after restoring a resource. + items: + description: RestoreResourceHook defines a restore hook for a resource. + properties: + exec: + description: Exec defines an exec restore hook. + properties: + command: + description: Command is the command and arguments to execute from within a container after a pod has been restored. + items: + type: string + minItems: 1 + type: array + container: + description: Container is the container in the pod where the command should be executed. If not specified, the pod's first container is used. + type: string + execTimeout: + description: ExecTimeout defines the maximum amount of time Velero should wait for the hook to complete before considering the execution a failure. + type: string + onError: + description: OnError specifies how Velero should behave if it encounters an error executing this hook. + enum: + - Continue + - Fail + type: string + waitTimeout: + description: WaitTimeout defines the maximum amount of time Velero should wait for the container to be Ready before attempting to run the command. + type: string + required: + - command + type: object + init: + description: Init defines an init restore hook. + properties: + initContainers: + description: InitContainers is list of init containers to be added to a pod during its restore. + items: + description: A single application container that you want to run within a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. Cannot be updated. + items: + description: EnvVar represents an environment variable present in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod''s termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod''s termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. + items: + description: ContainerPort represents a network port in a single container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". + type: string + required: + - containerPort + - protocol + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod''s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. This is a beta feature enabled by the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be used by the container. + items: + description: volumeDevice describes a mapping of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within a container. + properties: + mountPath: + description: Path within the container at which the volume should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + timeout: + description: Timeout defines the maximum amount of time Velero should wait for the initContainers to complete. + type: string + type: object + type: object + type: array + required: + - name + type: object + type: array + type: object + includeClusterResources: + description: IncludeClusterResources specifies whether cluster-scoped resources should be included for consideration in the restore. If null, defaults to true. + nullable: true + type: boolean + includedNamespaces: + description: IncludedNamespaces is a slice of namespace names to include objects from. If empty, all namespaces are included. + items: + type: string + nullable: true + type: array + includedResources: + description: IncludedResources is a slice of resource names to include in the restore. If empty, all resources in the backup are included. + items: + type: string + nullable: true + type: array + labelSelector: + description: LabelSelector is a metav1.LabelSelector to filter with when restoring individual objects from the backup. If empty or nil, all objects are included. Optional. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaceMapping: + additionalProperties: + type: string + description: NamespaceMapping is a map of source namespace names to target namespace names to restore into. Any source namespaces not included in the map will be restored into namespaces of the same name. + type: object + restorePVs: + description: RestorePVs specifies whether to restore all included PVs from snapshot (via the cloudprovider). + nullable: true + type: boolean + scheduleName: + description: ScheduleName is the unique name of the Velero schedule to restore from. If specified, and BackupName is empty, Velero will restore from the most recent successful backup created from this schedule. + type: string + required: + - backupName + type: object + status: + description: RestoreStatus captures the current status of a Velero restore + properties: + completionTimestamp: + description: CompletionTimestamp records the time the restore operation was completed. Completion time is recorded even on failed restore. The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + errors: + description: Errors is a count of all error messages that were generated during execution of the restore. The actual errors are stored in object storage. + type: integer + failureReason: + description: FailureReason is an error that caused the entire restore to fail. + type: string + phase: + description: Phase is the current state of the Restore + enum: + - New + - FailedValidation + - InProgress + - Completed + - PartiallyFailed + - Failed + type: string + startTimestamp: + description: StartTimestamp records the time the restore operation was started. The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + validationErrors: + description: ValidationErrors is a slice of all validation errors (if applicable) + items: + type: string + nullable: true + type: array + warnings: + description: Warnings is a count of all warning messages that were generated during execution of the restore. The actual warnings are stored in object storage. + type: integer + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true +- apiVersion: apiextensions.k8s.io/v1beta1 + kind: CustomResourceDefinition + metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + labels: + component: kubeagent-backup-helper + name: schedules.velero.io + spec: + group: velero.io + names: + kind: Schedule + listKind: ScheduleList + plural: schedules + singular: schedule + preserveUnknownFields: false + scope: Namespaced + validation: + openAPIV3Schema: + description: Schedule is a Velero resource that represents a pre-scheduled or periodic Backup that should be run. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ScheduleSpec defines the specification for a Velero schedule + properties: + schedule: + description: Schedule is a Cron expression defining when to run the Backup. + type: string + template: + description: Template is the definition of the Backup to be run on the provided schedule + properties: + defaultVolumesToRestic: + description: DefaultVolumesToRestic specifies whether restic should be used to take a backup of all pod volumes by default. + type: boolean + excludedNamespaces: + description: ExcludedNamespaces contains a list of namespaces that are not included in the backup. + items: + type: string + nullable: true + type: array + excludedResources: + description: ExcludedResources is a slice of resource names that are not included in the backup. + items: + type: string + nullable: true + type: array + hooks: + description: Hooks represent custom behaviors that should be executed at different phases of the backup. + properties: + resources: + description: Resources are hooks that should be executed when backing up individual instances of a resource. + items: + description: BackupResourceHookSpec defines one or more BackupResourceHooks that should be executed based on the rules defined for namespaces, resources, and label selector. + properties: + excludedNamespaces: + description: ExcludedNamespaces specifies the namespaces to which this hook spec does not apply. + items: + type: string + nullable: true + type: array + excludedResources: + description: ExcludedResources specifies the resources to which this hook spec does not apply. + items: + type: string + nullable: true + type: array + includedNamespaces: + description: IncludedNamespaces specifies the namespaces to which this hook spec applies. If empty, it applies to all namespaces. + items: + type: string + nullable: true + type: array + includedResources: + description: IncludedResources specifies the resources to which this hook spec applies. If empty, it applies to all resources. + items: + type: string + nullable: true + type: array + labelSelector: + description: LabelSelector, if specified, filters the resources to which this hook spec applies. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + name: + description: Name is the name of this hook. + type: string + post: + description: PostHooks is a list of BackupResourceHooks to execute after storing the item in the backup. These are executed after all "additional items" from item actions are processed. + items: + description: BackupResourceHook defines a hook for a resource. + properties: + exec: + description: Exec defines an exec hook. + properties: + command: + description: Command is the command and arguments to execute. + items: + type: string + minItems: 1 + type: array + container: + description: Container is the container in the pod where the command should be executed. If not specified, the pod's first container is used. + type: string + onError: + description: OnError specifies how Velero should behave if it encounters an error executing this hook. + enum: + - Continue + - Fail + type: string + timeout: + description: Timeout defines the maximum amount of time Velero should wait for the hook to complete before considering the execution a failure. + type: string + required: + - command + type: object + required: + - exec + type: object + type: array + pre: + description: PreHooks is a list of BackupResourceHooks to execute prior to storing the item in the backup. These are executed before any "additional items" from item actions are processed. + items: + description: BackupResourceHook defines a hook for a resource. + properties: + exec: + description: Exec defines an exec hook. + properties: + command: + description: Command is the command and arguments to execute. + items: + type: string + minItems: 1 + type: array + container: + description: Container is the container in the pod where the command should be executed. If not specified, the pod's first container is used. + type: string + onError: + description: OnError specifies how Velero should behave if it encounters an error executing this hook. + enum: + - Continue + - Fail + type: string + timeout: + description: Timeout defines the maximum amount of time Velero should wait for the hook to complete before considering the execution a failure. + type: string + required: + - command + type: object + required: + - exec + type: object + type: array + required: + - name + type: object + nullable: true + type: array + type: object + includeClusterResources: + description: IncludeClusterResources specifies whether cluster-scoped resources should be included for consideration in the backup. + nullable: true + type: boolean + includedNamespaces: + description: IncludedNamespaces is a slice of namespace names to include objects from. If empty, all namespaces are included. + items: + type: string + nullable: true + type: array + includedResources: + description: IncludedResources is a slice of resource names to include in the backup. If empty, all resources are included. + items: + type: string + nullable: true + type: array + labelSelector: + description: LabelSelector is a metav1.LabelSelector to filter with when adding individual objects to the backup. If empty or nil, all objects are included. Optional. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + orderedResources: + additionalProperties: + type: string + description: OrderedResources specifies the backup order of resources of specific Kind. The map key is the Kind name and value is a list of resource names separeted by commas. Each resource name has format "namespace/resourcename". For cluster resources, simply use "resourcename". + nullable: true + type: object + snapshotVolumes: + description: SnapshotVolumes specifies whether to take cloud snapshots of any PV's referenced in the set of objects included in the Backup. + nullable: true + type: boolean + storageLocation: + description: StorageLocation is a string containing the name of a BackupStorageLocation where the backup should be stored. + type: string + ttl: + description: TTL is a time.Duration-parseable string describing how long the Backup should be retained for. + type: string + volumeSnapshotLocations: + description: VolumeSnapshotLocations is a list containing names of VolumeSnapshotLocations associated with this backup. + items: + type: string + type: array + type: object + required: + - schedule + - template + type: object + status: + description: ScheduleStatus captures the current state of a Velero schedule + properties: + lastBackup: + description: LastBackup is the last time a Backup was run for this Schedule schedule + format: date-time + nullable: true + type: string + phase: + description: Phase is the current phase of the Schedule + enum: + - New + - Enabled + - FailedValidation + type: string + validationErrors: + description: ValidationErrors is a slice of all validation errors (if applicable) + items: + type: string + type: array + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true +- apiVersion: apiextensions.k8s.io/v1beta1 + kind: CustomResourceDefinition + metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + labels: + component: kubeagent-backup-helper + name: serverstatusrequests.velero.io + spec: + group: velero.io + names: + kind: ServerStatusRequest + listKind: ServerStatusRequestList + plural: serverstatusrequests + shortNames: + - ssr + singular: serverstatusrequest + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: ServerStatusRequest is a request to access current status information about the Velero server. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ServerStatusRequestSpec is the specification for a ServerStatusRequest. + type: object + status: + description: ServerStatusRequestStatus is the current status of a ServerStatusRequest. + properties: + phase: + description: Phase is the current lifecycle phase of the ServerStatusRequest. + enum: + - New + - Processed + type: string + plugins: + description: Plugins list information about the plugins running on the Velero server + items: + description: PluginInfo contains attributes of a Velero plugin + properties: + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + nullable: true + type: array + processedTimestamp: + description: ProcessedTimestamp is when the ServerStatusRequest was processed by the ServerStatusRequestController. + format: date-time + nullable: true + type: string + serverVersion: + description: ServerVersion is the Velero server version. + type: string + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true +- apiVersion: apiextensions.k8s.io/v1beta1 + kind: CustomResourceDefinition + metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + labels: + component: kubeagent-backup-helper + name: volumesnapshotlocations.velero.io + spec: + group: velero.io + names: + kind: VolumeSnapshotLocation + listKind: VolumeSnapshotLocationList + plural: volumesnapshotlocations + singular: volumesnapshotlocation + preserveUnknownFields: false + scope: Namespaced + validation: + openAPIV3Schema: + description: VolumeSnapshotLocation is a location where Velero stores volume snapshots. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: VolumeSnapshotLocationSpec defines the specification for a Velero VolumeSnapshotLocation. + properties: + config: + additionalProperties: + type: string + description: Config is for provider-specific configuration fields. + type: object + provider: + description: Provider is the provider of the volume storage. + type: string + required: + - provider + type: object + status: + description: VolumeSnapshotLocationStatus describes the current status of a Velero VolumeSnapshotLocation. + properties: + phase: + description: VolumeSnapshotLocationPhase is the lifecyle phase of a Velero VolumeSnapshotLocation. + enum: + - Available + - Unavailable + type: string + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true +- apiVersion: v1 + kind: ServiceAccount + metadata: + creationTimestamp: null + labels: + component: kubeagent-backup-helper + name: {{ .Release.Name }} + namespace: {{ .Values.namespace }} +- apiVersion: rbac.authorization.k8s.io/v1beta1 + kind: ClusterRoleBinding + metadata: + creationTimestamp: null + labels: + component: kubeagent-backup-helper + name: {{ .Release.Name }} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin + subjects: + - kind: ServiceAccount + name: {{ .Release.Name }} + namespace: {{ .Values.namespace }} +kind: List +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + api-approved.kubernetes.io: "https://github.com/kubernetes-csi/external-snapshotter/pull/139" + creationTimestamp: null + name: volumesnapshotclasses.snapshot.storage.k8s.io +spec: + additionalPrinterColumns: + - JSONPath: .driver + name: Driver + type: string + - JSONPath: .deletionPolicy + description: Determines whether a VolumeSnapshotContent created through the VolumeSnapshotClass + should be deleted when its bound VolumeSnapshot is deleted. + name: DeletionPolicy + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: snapshot.storage.k8s.io + names: + kind: VolumeSnapshotClass + listKind: VolumeSnapshotClassList + plural: volumesnapshotclasses + singular: volumesnapshotclass + preserveUnknownFields: false + scope: Cluster + subresources: {} + validation: + openAPIV3Schema: + description: VolumeSnapshotClass specifies parameters that a underlying storage + system uses when creating a volume snapshot. A specific VolumeSnapshotClass + is used by specifying its name in a VolumeSnapshot object. VolumeSnapshotClasses + are non-namespaced + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + deletionPolicy: + description: deletionPolicy determines whether a VolumeSnapshotContent created + through the VolumeSnapshotClass should be deleted when its bound VolumeSnapshot + is deleted. Supported values are "Retain" and "Delete". "Retain" means + that the VolumeSnapshotContent and its physical snapshot on underlying + storage system are kept. "Delete" means that the VolumeSnapshotContent + and its physical snapshot on underlying storage system are deleted. Required. + enum: + - Delete + - Retain + type: string + driver: + description: driver is the name of the storage driver that handles this + VolumeSnapshotClass. Required. + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + parameters: + additionalProperties: + type: string + description: parameters is a key-value map with storage driver specific + parameters for creating snapshots. These values are opaque to Kubernetes. + type: object + required: + - deletionPolicy + - driver + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + api-approved.kubernetes.io: "https://github.com/kubernetes-csi/external-snapshotter/pull/139" + creationTimestamp: null + name: volumesnapshotcontents.snapshot.storage.k8s.io +spec: + additionalPrinterColumns: + - JSONPath: .status.readyToUse + description: Indicates if a snapshot is ready to be used to restore a volume. + name: ReadyToUse + type: boolean + - JSONPath: .status.restoreSize + description: Represents the complete size of the snapshot in bytes + name: RestoreSize + type: integer + - JSONPath: .spec.deletionPolicy + description: Determines whether this VolumeSnapshotContent and its physical snapshot + on the underlying storage system should be deleted when its bound VolumeSnapshot + is deleted. + name: DeletionPolicy + type: string + - JSONPath: .spec.driver + description: Name of the CSI driver used to create the physical snapshot on the + underlying storage system. + name: Driver + type: string + - JSONPath: .spec.volumeSnapshotClassName + description: Name of the VolumeSnapshotClass to which this snapshot belongs. + name: VolumeSnapshotClass + type: string + - JSONPath: .spec.volumeSnapshotRef.name + description: Name of the VolumeSnapshot object to which this VolumeSnapshotContent + object is bound. + name: VolumeSnapshot + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: snapshot.storage.k8s.io + names: + kind: VolumeSnapshotContent + listKind: VolumeSnapshotContentList + plural: volumesnapshotcontents + singular: volumesnapshotcontent + preserveUnknownFields: false + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + description: VolumeSnapshotContent represents the actual "on-disk" snapshot + object in the underlying storage system + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + spec: + description: spec defines properties of a VolumeSnapshotContent created + by the underlying storage system. Required. + properties: + deletionPolicy: + description: deletionPolicy determines whether this VolumeSnapshotContent + and its physical snapshot on the underlying storage system should + be deleted when its bound VolumeSnapshot is deleted. Supported values + are "Retain" and "Delete". "Retain" means that the VolumeSnapshotContent + and its physical snapshot on underlying storage system are kept. "Delete" + means that the VolumeSnapshotContent and its physical snapshot on + underlying storage system are deleted. In dynamic snapshot creation + case, this field will be filled in with the "DeletionPolicy" field + defined in the VolumeSnapshotClass the VolumeSnapshot refers to. For + pre-existing snapshots, users MUST specify this field when creating + the VolumeSnapshotContent object. Required. + enum: + - Delete + - Retain + type: string + driver: + description: driver is the name of the CSI driver used to create the + physical snapshot on the underlying storage system. This MUST be the + same as the name returned by the CSI GetPluginName() call for that + driver. Required. + type: string + source: + description: source specifies from where a snapshot will be created. + This field is immutable after creation. Required. + properties: + snapshotHandle: + description: snapshotHandle specifies the CSI "snapshot_id" of a + pre-existing snapshot on the underlying storage system. This field + is immutable. + type: string + volumeHandle: + description: volumeHandle specifies the CSI "volume_id" of the volume + from which a snapshot should be dynamically taken from. This field + is immutable. + type: string + type: object + volumeSnapshotClassName: + description: name of the VolumeSnapshotClass to which this snapshot + belongs. + type: string + volumeSnapshotRef: + description: volumeSnapshotRef specifies the VolumeSnapshot object to + which this VolumeSnapshotContent object is bound. VolumeSnapshot.Spec.VolumeSnapshotContentName + field must reference to this VolumeSnapshotContent's name for the + bidirectional binding to be valid. For a pre-existing VolumeSnapshotContent + object, name and namespace of the VolumeSnapshot object MUST be provided + for binding to happen. This field is immutable after creation. Required. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an + entire object, this string should contain a valid JSON/Go field + access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part of an object. + TODO: this design is not final and this field is subject to change + in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is + made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + required: + - deletionPolicy + - driver + - source + - volumeSnapshotRef + type: object + status: + description: status represents the current information of a snapshot. + properties: + creationTime: + description: creationTime is the timestamp when the point-in-time snapshot + is taken by the underlying storage system. In dynamic snapshot creation + case, this field will be filled in with the "creation_time" value + returned from CSI "CreateSnapshotRequest" gRPC call. For a pre-existing + snapshot, this field will be filled with the "creation_time" value + returned from the CSI "ListSnapshots" gRPC call if the driver supports + it. If not specified, it indicates the creation time is unknown. The + format of this field is a Unix nanoseconds time encoded as an int64. + On Unix, the command `date +%s%N` returns the current time in nanoseconds + since 1970-01-01 00:00:00 UTC. + format: int64 + type: integer + error: + description: error is the latest observed error during snapshot creation, + if any. + properties: + message: + description: 'message is a string detailing the encountered error + during snapshot creation if specified. NOTE: message may be logged, + and it should not contain sensitive information.' + type: string + time: + description: time is the timestamp when the error was encountered. + format: date-time + type: string + type: object + readyToUse: + description: readyToUse indicates if a snapshot is ready to be used + to restore a volume. In dynamic snapshot creation case, this field + will be filled in with the "ready_to_use" value returned from CSI + "CreateSnapshotRequest" gRPC call. For a pre-existing snapshot, this + field will be filled with the "ready_to_use" value returned from the + CSI "ListSnapshots" gRPC call if the driver supports it, otherwise, + this field will be set to "True". If not specified, it means the readiness + of a snapshot is unknown. + type: boolean + restoreSize: + description: restoreSize represents the complete size of the snapshot + in bytes. In dynamic snapshot creation case, this field will be filled + in with the "size_bytes" value returned from CSI "CreateSnapshotRequest" + gRPC call. For a pre-existing snapshot, this field will be filled + with the "size_bytes" value returned from the CSI "ListSnapshots" + gRPC call if the driver supports it. When restoring a volume from + this snapshot, the size of the volume MUST NOT be smaller than the + restoreSize if it is specified, otherwise the restoration will fail. + If not specified, it indicates that the size is unknown. + format: int64 + minimum: 0 + type: integer + snapshotHandle: + description: snapshotHandle is the CSI "snapshot_id" of a snapshot on + the underlying storage system. If not specified, it indicates that + dynamic snapshot creation has either failed or it is still in progress. + type: string + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + api-approved.kubernetes.io: "https://github.com/kubernetes-csi/external-snapshotter/pull/139" + creationTimestamp: null + name: volumesnapshots.snapshot.storage.k8s.io +spec: + additionalPrinterColumns: + - JSONPath: .status.readyToUse + description: Indicates if a snapshot is ready to be used to restore a volume. + name: ReadyToUse + type: boolean + - JSONPath: .spec.source.persistentVolumeClaimName + description: Name of the source PVC from where a dynamically taken snapshot will + be created. + name: SourcePVC + type: string + - JSONPath: .spec.source.volumeSnapshotContentName + description: Name of the VolumeSnapshotContent which represents a pre-provisioned + snapshot. + name: SourceSnapshotContent + type: string + - JSONPath: .status.restoreSize + description: Represents the complete size of the snapshot. + name: RestoreSize + type: string + - JSONPath: .spec.volumeSnapshotClassName + description: The name of the VolumeSnapshotClass requested by the VolumeSnapshot. + name: SnapshotClass + type: string + - JSONPath: .status.boundVolumeSnapshotContentName + description: The name of the VolumeSnapshotContent to which this VolumeSnapshot + is bound. + name: SnapshotContent + type: string + - JSONPath: .status.creationTime + description: Timestamp when the point-in-time snapshot is taken by the underlying + storage system. + name: CreationTime + type: date + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: snapshot.storage.k8s.io + names: + kind: VolumeSnapshot + listKind: VolumeSnapshotList + plural: volumesnapshots + singular: volumesnapshot + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: VolumeSnapshot is a user's request for either creating a point-in-time + snapshot of a persistent volume, or binding to a pre-existing snapshot. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + spec: + description: 'spec defines the desired characteristics of a snapshot requested + by a user. More info: https://kubernetes.io/docs/concepts/storage/volume-snapshots#volumesnapshots + Required.' + properties: + source: + description: source specifies where a snapshot will be created from. + This field is immutable after creation. Required. + properties: + persistentVolumeClaimName: + description: persistentVolumeClaimName specifies the name of the + PersistentVolumeClaim object in the same namespace as the VolumeSnapshot + object where the snapshot should be dynamically taken from. This + field is immutable. + type: string + volumeSnapshotContentName: + description: volumeSnapshotContentName specifies the name of a pre-existing + VolumeSnapshotContent object. This field is immutable. + type: string + type: object + volumeSnapshotClassName: + description: 'volumeSnapshotClassName is the name of the VolumeSnapshotClass + requested by the VolumeSnapshot. If not specified, the default snapshot + class will be used if one exists. If not specified, and there is no + default snapshot class, dynamic snapshot creation will fail. Empty + string is not allowed for this field. TODO(xiangqian): a webhook validation + on empty string. More info: https://kubernetes.io/docs/concepts/storage/volume-snapshot-classes' + type: string + required: + - source + type: object + status: + description: 'status represents the current information of a snapshot. NOTE: + status can be modified by sources other than system controllers, and must + not be depended upon for accuracy. Controllers should only use information + from the VolumeSnapshotContent object after verifying that the binding + is accurate and complete.' + properties: + boundVolumeSnapshotContentName: + description: 'boundVolumeSnapshotContentName represents the name of + the VolumeSnapshotContent object to which the VolumeSnapshot object + is bound. If not specified, it indicates that the VolumeSnapshot object + has not been successfully bound to a VolumeSnapshotContent object + yet. NOTE: Specified boundVolumeSnapshotContentName alone does not + mean binding is valid. Controllers MUST always verify bidirectional + binding between VolumeSnapshot and VolumeSnapshotContent to + avoid possible security issues.' + type: string + creationTime: + description: creationTime is the timestamp when the point-in-time snapshot + is taken by the underlying storage system. In dynamic snapshot creation + case, this field will be filled in with the "creation_time" value + returned from CSI "CreateSnapshotRequest" gRPC call. For a pre-existing + snapshot, this field will be filled with the "creation_time" value + returned from the CSI "ListSnapshots" gRPC call if the driver supports + it. If not specified, it indicates that the creation time of the snapshot + is unknown. + format: date-time + type: string + error: + description: error is the last observed error during snapshot creation, + if any. This field could be helpful to upper level controllers(i.e., + application controller) to decide whether they should continue on + waiting for the snapshot to be created based on the type of error + reported. + properties: + message: + description: 'message is a string detailing the encountered error + during snapshot creation if specified. NOTE: message may be logged, + and it should not contain sensitive information.' + type: string + time: + description: time is the timestamp when the error was encountered. + format: date-time + type: string + type: object + readyToUse: + description: readyToUse indicates if a snapshot is ready to be used + to restore a volume. In dynamic snapshot creation case, this field + will be filled in with the "ready_to_use" value returned from CSI + "CreateSnapshotRequest" gRPC call. For a pre-existing snapshot, this + field will be filled with the "ready_to_use" value returned from the + CSI "ListSnapshots" gRPC call if the driver supports it, otherwise, + this field will be set to "True". If not specified, it means the readiness + of a snapshot is unknown. + type: boolean + restoreSize: + type: string + description: restoreSize represents the complete size of the snapshot + in bytes. In dynamic snapshot creation case, this field will be filled + in with the "size_bytes" value returned from CSI "CreateSnapshotRequest" + gRPC call. For a pre-existing snapshot, this field will be filled + with the "size_bytes" value returned from the CSI "ListSnapshots" + gRPC call if the driver supports it. When restoring a volume from + this snapshot, the size of the volume MUST NOT be smaller than the + restoreSize if it is specified, otherwise the restoration will fail. + If not specified, it indicates that the size is unknown. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kubeagent + namespace: {{ .Values.namespace }} +spec: + selector: + matchLabels: + app: kubeagent + strategy: {} + replicas: 1 + template: + metadata: + labels: + app: kubeagent + annotations: + prometheus.io/path: /metrics + prometheus.io/port: "8085" + prometheus.io/scrape: "true" + spec: + containers: + - image: "{{ .Values.kagent_image.repository }}:{{ .Values.kagent_image.tag }}" + args: ["/usr/local/bin/kubeagent", "--server_addr", "agent.cloudcasa.io:443", "--tls", "true"] + name: kubeagent + resources: + requests: + memory: "{{ .Values.request_kubeagent_memory }}" + cpu: "{{ .Values.request_kubeagent_cpu }}" + limits: + memory: "{{ .Values.limit_kubeagent_memory }}" + cpu: "{{ .Values.limit_kubeagent_cpu }}" + env: + - name: AMDS_CLUSTER_ID + value: "{{ .Values.cluster_id }}" + volumeMounts: + - mountPath: /credentials + name: cloud-credentials + - mountPath: /plugins + name: plugins + - mountPath: /scratch + name: scratch + - image: "{{ .Values.velero_image.repository }}:{{ .Values.velero_image.tag }}" + imagePullPolicy: IfNotPresent + name: kubeagent-backup-helper + args: + - server + - --features=EnableCSI,EnableAPIGroupVersions + - --backup-sync-period=0s + - --store-validation-frequency=0s + # (24 hours * 365 days * 10 years) + (2 * 24 hours[for leap years]) = 87648 hours + - --default-backup-ttl=87648h0m0s + - --disable-controllers=backup-sync,schedule,gc,download-request,restic-repo,server-status-request + - --log-format=json + - --log-level=info + command: + - /velero + env: + - name: VELERO_SCRATCH_DIR + value: /scratch + - name: VELERO_NAMESPACE + value: {{ .Values.namespace }} + - name: LD_LIBRARY_PATH + value: /plugins + - name: AWS_SHARED_CREDENTIALS_FILE + value: /credentials/s3/cloud + ports: + - containerPort: 8085 + name: metrics + resources: + limits: + cpu: "{{ .Values.limit_velero_cpu }}" + memory: "{{ .Values.limit_velero_memory }}" + requests: + cpu: "{{ .Values.request_velero_cpu }}" + memory: "{{ .Values.request_velero_memory }}" + volumeMounts: + - mountPath: /plugins + name: plugins + - mountPath: /scratch + name: scratch + - mountPath: /credentials + name: cloud-credentials + initContainers: + - image: "{{ .Values.velero_aws_plugin_image.repository }}:{{ .Values.velero_aws_plugin_image.tag }}" + imagePullPolicy: IfNotPresent + name: velero-plugin-for-aws + resources: {} + volumeMounts: + - mountPath: /target + name: plugins + - image: "{{ .Values.velero_csi_plugin_image.repository }}:{{ .Values.velero_csi_plugin_image.tag }}" + imagePullPolicy: IfNotPresent + name: velero-plugin-for-csi + resources: {} + volumeMounts: + - mountPath: /target + name: plugins + restartPolicy: Always + serviceAccountName: {{ .Release.Name }} + volumes: + - emptyDir: {} + name: plugins + - emptyDir: {} + name: scratch + - emptyDir: {} + name: cloud-credentials diff --git a/charts/cloudcasa/cloudcasa/0.1.000/values.yaml b/charts/cloudcasa/cloudcasa/0.1.000/values.yaml new file mode 100644 index 000000000..8ce3850b6 --- /dev/null +++ b/charts/cloudcasa/cloudcasa/0.1.000/values.yaml @@ -0,0 +1,92 @@ +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry +## + +## Required namespace +namespace: cloudcasa-io + +## Velero csi plugin image +## ref: https://hub.docker.com/r/velero/velero-plugin-for-csi/tags/ +velero_csi_plugin_image: + registry: docker.io + repository: catalogicsoftware/velero-plugin-for-csi + tag: v0.1.2.1 + pullPolicy: IfNotPresent + debug: false +## + +## Velero aws plugin image +## ref: https://hub.docker.com/r/velero/velero-plugin-for-aws/tags/ +velero_aws_plugin_image: + registry: docker.io + repository: velero/velero-plugin-for-aws + tag: v1.1.0 + pullPolicy: IfNotPresent + debug: false +## + +## Velero image +## ref: https://hub.docker.com/r/velero/velero/tags +velero_image: + registry: docker.io + repository: velero/velero + tag: v1.5.3 + pullPolicy: IfNotPresent + debug: false +## + +## Cloudcasa kubeagent image +## ref: https://hub.docker.com/r/catalogicsoftware/amds-kagent/tags/ +kagent_image: + registry: docker.io + repository: catalogicsoftware/amds-kagent + tag: 0.1.0-rc.515 + pullPolicy: IfNotPresent + debug: false +## + +## Cloudcasa AMDS Cluster ID. To be provided by the user +cluster_id: "" + +## Resources to be used by velero and kubeagent pods +request_velero_memory: 128Mi +request_velero_cpu: 500m +limit_velero_memory: 512Mi +limit_velero_cpu: 1 +request_kubeagent_memory: 32Mi +request_kubeagent_cpu: 250m +limit_kubeagent_memory: 64Mi +limit_kubeagent_cpu: 500m + +## Placeholder configuration below this line ## +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + create: true + annotations: {} + name: "" + +podAnnotations: {} + +podSecurityContext: {} + +securityContext: {} + +resources: {} + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 1 + targetCPUUtilizationPercentage: 80 + targetMemoryUtilizationPercentage: 80 + +nodeSelector: {} + +tolerations: [] + +affinity: {} +## diff --git a/charts/cloudcasa/cloudcasa/1/Chart.yaml b/charts/cloudcasa/cloudcasa/1/Chart.yaml new file mode 100644 index 000000000..e3f23b798 --- /dev/null +++ b/charts/cloudcasa/cloudcasa/1/Chart.yaml @@ -0,0 +1,20 @@ +annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Cloudcasa + catalog.cattle.io/namespace: cloudcasa-io + catalog.cattle.io/release-name: cloudcasa +apiVersion: v2 +appVersion: "1.0" +description: CloudCasa backup service for Kubernetes and cloud native applications +home: https://cloudcasa.io +icon: https://partner-charts.rancher.io/assets/logos/cloudcasa.png +keywords: +- backup +- Catalogic +- CloudCasa +kubeVersion: '>=1.13.0-0' +maintainers: +- email: info@catalogicsoftware.com + name: catalogicsoftware +name: cloudcasa +version: "1" diff --git a/charts/cloudcasa/cloudcasa/1/README.md b/charts/cloudcasa/cloudcasa/1/README.md new file mode 100644 index 000000000..f829ec17e --- /dev/null +++ b/charts/cloudcasa/cloudcasa/1/README.md @@ -0,0 +1,51 @@ +# CloudCasa Kubernetes Agent + +[CloudCasa](https://cloudcasa.io) - A Smart Home in the Cloud for Kubernetes Backups + +# Introduction + +CloudCasa is a SaaS solution that provides class-leading data protection services for Kubernetes and cloud native applications. +Configuration is quick and easy, and basic service is free. + +This Helm chart installs and configures the CloudCasa agent on a Kubernetes cluster. +See the CloudCasa [Getting Started Guide](https://cloudcasa.io/get-started) for more information. + +## Prerequisites + +1. Kubernetes 1.17+ +2. Helm 3.0+ + +## Installation + +### Rancher Installation (Apps & Marketplace) + +1. Log in to https://home.cloudcasa.io and add your Kubernetes cluster under the Setup tab. Note the returned cluster ID. +2. Go to Apps & Marketplace in the Rancher UI. In the Deploy Chart section, check the Partners checkbox and click on the cloudcasa chart. +3. Provide a Name (e.g. CloudCasa) and optional description. +4. In the CloudCasa Configuration section, provide the Cluster ID obtained above. +5. Click on the Install button to complete installation of the agent. + +### Helm CLI Installation + +1. Log in to https://home.cloudcasa.io and add your Kubernetes cluster under the Setup tab. Note the returned cluster ID. +2. Execute the following helm commands, replacing `````` with the Cluster ID obtained above: +``` +$ helm repo add cloudcasa-repo https://catalogicsoftware.github.io/cloudcasa-helmchart +$ helm install cloudcasa.io cloudcasa-repo/cloudcasa-helmchart --set cluster_id= +``` +This will install the CloudCasa agent and complete registration of the cluster with the CloudCasa service. + +## Updating the CloudCasa Agent +1. Log in to https://home.cloudcasa.io and obtain the cluster ID for your cluster by selecting it under the Setup tab. +2. Execute the following commands to update the agent: +``` +$ helm repo update +$ helm upgrade cloudcasa.io cloudcasa-repo/cloudcasa-helmchart --set cluster_id= +``` + +## Uninstalling the CloudCasa Agent +``` +$ helm uninstall cloudcasa.io +``` + +*CloudCasa is a trademark of Catalogic Software Inc.* diff --git a/charts/cloudcasa/cloudcasa/1/app-readme.md b/charts/cloudcasa/cloudcasa/1/app-readme.md new file mode 100644 index 000000000..bae0de627 --- /dev/null +++ b/charts/cloudcasa/cloudcasa/1/app-readme.md @@ -0,0 +1,6 @@ +# CloudCasa Kubernetes Agent + +### [CloudCasa](https://cloudcasa.io) - A Smart Home in the Cloud for Kubernetes Backups + +CloudCasa is a SaaS solution that provides class-leading data protection services for Kubernetes and cloud native applications. +Configuration is quick and easy, and basic service is free. See the CloudCasa [Getting Started Guide](https://cloudcasa.io/get-started) for more information. diff --git a/charts/cloudcasa/cloudcasa/1/questions.yaml b/charts/cloudcasa/cloudcasa/1/questions.yaml new file mode 100644 index 000000000..f2f1f51de --- /dev/null +++ b/charts/cloudcasa/cloudcasa/1/questions.yaml @@ -0,0 +1,13 @@ +namespace: cloudcasa-io +labels: + io.rancher.certified: partner +categories: +- Application +questions: +- variable: cluster_id + default: "default" + description: "CloudCasa Cluster ID" + type: string + required: true + label: CLUSTER ID + group: "CloudCasa Configuration" diff --git a/charts/cloudcasa/cloudcasa/1/templates/NOTES.txt b/charts/cloudcasa/cloudcasa/1/templates/NOTES.txt new file mode 100644 index 000000000..e30a0df5a --- /dev/null +++ b/charts/cloudcasa/cloudcasa/1/templates/NOTES.txt @@ -0,0 +1,5 @@ +--------Please be patient while the chart is being deployed-------- + +Tip: Watch the App deployment status using the command: kubectl get pods -n cloudcasa-io + +Monitor the Cloudcasa UI, the regsitered cluster state should be moved to Ready State. If the clutser state is still in Pendingstate, wrong ClusterID would have been provided. diff --git a/charts/cloudcasa/cloudcasa/1/templates/_helpers.tpl b/charts/cloudcasa/cloudcasa/1/templates/_helpers.tpl new file mode 100644 index 000000000..75bf8467f --- /dev/null +++ b/charts/cloudcasa/cloudcasa/1/templates/_helpers.tpl @@ -0,0 +1,32 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "cloudcasa.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "cloudcasa.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "cloudcasa.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/charts/cloudcasa/cloudcasa/1/templates/cluster-register.yaml b/charts/cloudcasa/cloudcasa/1/templates/cluster-register.yaml new file mode 100644 index 000000000..aae09c659 --- /dev/null +++ b/charts/cloudcasa/cloudcasa/1/templates/cluster-register.yaml @@ -0,0 +1,2984 @@ +# ----------------------------------------------------------------------- +# Steps to delete the agent deployment are: +# ----------------------------------------------------------------------- +# kubectl delete namespace/cloudcasa-io clusterrolebinding/cloudcasa-io +# kubectl delete crds -l component=kubeagent_backup_helper + +{{ if not (lookup "v1" "Namespace" .Values.namespace "cloudcasa-io") }} +apiVersion: v1 +kind: Namespace +metadata: + name: cloudcasa-io + annotations: + "helm.sh/resource-policy": keep +{{ end }} +--- +apiVersion: v1 +kind: List +items: +- apiVersion: apiextensions.k8s.io/v1beta1 + kind: CustomResourceDefinition + metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + labels: + component: kubeagent-backup-helper + name: backups.velero.io + spec: + group: velero.io + names: + kind: Backup + listKind: BackupList + plural: backups + singular: backup + preserveUnknownFields: false + scope: Namespaced + validation: + openAPIV3Schema: + description: Backup is a Velero resource that respresents the capture of Kubernetes cluster state at a point in time (API objects and associated volume state). + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BackupSpec defines the specification for a Velero backup. + properties: + defaultVolumesToRestic: + description: DefaultVolumesToRestic specifies whether restic should be used to take a backup of all pod volumes by default. + type: boolean + excludedNamespaces: + description: ExcludedNamespaces contains a list of namespaces that are not included in the backup. + items: + type: string + nullable: true + type: array + excludedResources: + description: ExcludedResources is a slice of resource names that are not included in the backup. + items: + type: string + nullable: true + type: array + hooks: + description: Hooks represent custom behaviors that should be executed at different phases of the backup. + properties: + resources: + description: Resources are hooks that should be executed when backing up individual instances of a resource. + items: + description: BackupResourceHookSpec defines one or more BackupResourceHooks that should be executed based on the rules defined for namespaces, resources, and label selector. + properties: + excludedNamespaces: + description: ExcludedNamespaces specifies the namespaces to which this hook spec does not apply. + items: + type: string + nullable: true + type: array + excludedResources: + description: ExcludedResources specifies the resources to which this hook spec does not apply. + items: + type: string + nullable: true + type: array + includedNamespaces: + description: IncludedNamespaces specifies the namespaces to which this hook spec applies. If empty, it applies to all namespaces. + items: + type: string + nullable: true + type: array + includedResources: + description: IncludedResources specifies the resources to which this hook spec applies. If empty, it applies to all resources. + items: + type: string + nullable: true + type: array + labelSelector: + description: LabelSelector, if specified, filters the resources to which this hook spec applies. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + name: + description: Name is the name of this hook. + type: string + post: + description: PostHooks is a list of BackupResourceHooks to execute after storing the item in the backup. These are executed after all "additional items" from item actions are processed. + items: + description: BackupResourceHook defines a hook for a resource. + properties: + exec: + description: Exec defines an exec hook. + properties: + command: + description: Command is the command and arguments to execute. + items: + type: string + minItems: 1 + type: array + container: + description: Container is the container in the pod where the command should be executed. If not specified, the pod's first container is used. + type: string + onError: + description: OnError specifies how Velero should behave if it encounters an error executing this hook. + enum: + - Continue + - Fail + type: string + timeout: + description: Timeout defines the maximum amount of time Velero should wait for the hook to complete before considering the execution a failure. + type: string + required: + - command + type: object + required: + - exec + type: object + type: array + pre: + description: PreHooks is a list of BackupResourceHooks to execute prior to storing the item in the backup. These are executed before any "additional items" from item actions are processed. + items: + description: BackupResourceHook defines a hook for a resource. + properties: + exec: + description: Exec defines an exec hook. + properties: + command: + description: Command is the command and arguments to execute. + items: + type: string + minItems: 1 + type: array + container: + description: Container is the container in the pod where the command should be executed. If not specified, the pod's first container is used. + type: string + onError: + description: OnError specifies how Velero should behave if it encounters an error executing this hook. + enum: + - Continue + - Fail + type: string + timeout: + description: Timeout defines the maximum amount of time Velero should wait for the hook to complete before considering the execution a failure. + type: string + required: + - command + type: object + required: + - exec + type: object + type: array + required: + - name + type: object + nullable: true + type: array + type: object + includeClusterResources: + description: IncludeClusterResources specifies whether cluster-scoped resources should be included for consideration in the backup. + nullable: true + type: boolean + includedNamespaces: + description: IncludedNamespaces is a slice of namespace names to include objects from. If empty, all namespaces are included. + items: + type: string + nullable: true + type: array + includedResources: + description: IncludedResources is a slice of resource names to include in the backup. If empty, all resources are included. + items: + type: string + nullable: true + type: array + labelSelector: + description: LabelSelector is a metav1.LabelSelector to filter with when adding individual objects to the backup. If empty or nil, all objects are included. Optional. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + orderedResources: + additionalProperties: + type: string + description: OrderedResources specifies the backup order of resources of specific Kind. The map key is the Kind name and value is a list of resource names separeted by commas. Each resource name has format "namespace/resourcename". For cluster resources, simply use "resourcename". + nullable: true + type: object + snapshotVolumes: + description: SnapshotVolumes specifies whether to take cloud snapshots of any PV's referenced in the set of objects included in the Backup. + nullable: true + type: boolean + storageLocation: + description: StorageLocation is a string containing the name of a BackupStorageLocation where the backup should be stored. + type: string + ttl: + description: TTL is a time.Duration-parseable string describing how long the Backup should be retained for. + type: string + volumeSnapshotLocations: + description: VolumeSnapshotLocations is a list containing names of VolumeSnapshotLocations associated with this backup. + items: + type: string + type: array + type: object + status: + description: BackupStatus captures the current status of a Velero backup. + properties: + completionTimestamp: + description: CompletionTimestamp records the time a backup was completed. Completion time is recorded even on failed backups. Completion time is recorded before uploading the backup object. The server's time is used for CompletionTimestamps + format: date-time + nullable: true + type: string + errors: + description: Errors is a count of all error messages that were generated during execution of the backup. The actual errors are in the backup's log file in object storage. + type: integer + expiration: + description: Expiration is when this Backup is eligible for garbage-collection. + format: date-time + nullable: true + type: string + formatVersion: + description: FormatVersion is the backup format version, including major, minor, and patch version. + type: string + phase: + description: Phase is the current state of the Backup. + enum: + - New + - FailedValidation + - InProgress + - Completed + - PartiallyFailed + - Failed + - Deleting + type: string + progress: + description: Progress contains information about the backup's execution progress. Note that this information is best-effort only -- if Velero fails to update it during a backup for any reason, it may be inaccurate/stale. + nullable: true + properties: + itemsBackedUp: + description: ItemsBackedUp is the number of items that have actually been written to the backup tarball so far. + type: integer + totalItems: + description: TotalItems is the total number of items to be backed up. This number may change throughout the execution of the backup due to plugins that return additional related items to back up, the velero.io/exclude-from-backup label, and various other filters that happen as items are processed. + type: integer + type: object + startTimestamp: + description: StartTimestamp records the time a backup was started. Separate from CreationTimestamp, since that value changes on restores. The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + validationErrors: + description: ValidationErrors is a slice of all validation errors (if applicable). + items: + type: string + nullable: true + type: array + version: + description: 'Version is the backup format major version. Deprecated: Please see FormatVersion' + type: integer + volumeSnapshotsAttempted: + description: VolumeSnapshotsAttempted is the total number of attempted volume snapshots for this backup. + type: integer + volumeSnapshotsCompleted: + description: VolumeSnapshotsCompleted is the total number of successfully completed volume snapshots for this backup. + type: integer + warnings: + description: Warnings is a count of all warning messages that were generated during execution of the backup. The actual warnings are in the backup's log file in object storage. + type: integer + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true +- apiVersion: apiextensions.k8s.io/v1beta1 + kind: CustomResourceDefinition + metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + labels: + component: kubeagent-backup-helper + name: backupstoragelocations.velero.io + spec: + additionalPrinterColumns: + - JSONPath: .status.phase + description: Backup Storage Location status such as Available/Unavailable + name: Phase + type: string + - JSONPath: .status.lastValidationTime + description: LastValidationTime is the last time the backup store location was validated + name: Last Validated + type: date + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: velero.io + names: + kind: BackupStorageLocation + listKind: BackupStorageLocationList + plural: backupstoragelocations + shortNames: + - bsl + singular: backupstoragelocation + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: BackupStorageLocation is a location where Velero stores backup objects + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BackupStorageLocationSpec defines the desired state of a Velero BackupStorageLocation + properties: + accessMode: + description: AccessMode defines the permissions for the backup storage location. + enum: + - ReadOnly + - ReadWrite + type: string + backupSyncPeriod: + description: BackupSyncPeriod defines how frequently to sync backup API objects from object storage. A value of 0 disables sync. + nullable: true + type: string + config: + additionalProperties: + type: string + description: Config is for provider-specific configuration fields. + type: object + objectStorage: + description: ObjectStorageLocation specifies the settings necessary to connect to a provider's object storage. + properties: + bucket: + description: Bucket is the bucket to use for object storage. + type: string + caCert: + description: CACert defines a CA bundle to use when verifying TLS connections to the provider. + format: byte + type: string + prefix: + description: Prefix is the path inside a bucket to use for Velero storage. Optional. + type: string + required: + - bucket + type: object + provider: + description: Provider is the provider of the backup storage. + type: string + validationFrequency: + description: ValidationFrequency defines how frequently to validate the corresponding object storage. A value of 0 disables validation. + nullable: true + type: string + required: + - objectStorage + - provider + type: object + status: + description: BackupStorageLocationStatus defines the observed state of BackupStorageLocation + properties: + accessMode: + description: "AccessMode is an unused field. \n Deprecated: there is now an AccessMode field on the Spec and this field will be removed entirely as of v2.0." + enum: + - ReadOnly + - ReadWrite + type: string + lastSyncedRevision: + description: "LastSyncedRevision is the value of the `metadata/revision` file in the backup storage location the last time the BSL's contents were synced into the cluster. \n Deprecated: this field is no longer updated or used for detecting changes to the location's contents and will be removed entirely in v2.0." + type: string + lastSyncedTime: + description: LastSyncedTime is the last time the contents of the location were synced into the cluster. + format: date-time + nullable: true + type: string + lastValidationTime: + description: LastValidationTime is the last time the backup store location was validated the cluster. + format: date-time + nullable: true + type: string + phase: + description: Phase is the current state of the BackupStorageLocation. + enum: + - Available + - Unavailable + type: string + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true +- apiVersion: apiextensions.k8s.io/v1beta1 + kind: CustomResourceDefinition + metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + labels: + component: kubeagent-backup-helper + name: deletebackuprequests.velero.io + spec: + group: velero.io + names: + kind: DeleteBackupRequest + listKind: DeleteBackupRequestList + plural: deletebackuprequests + singular: deletebackuprequest + preserveUnknownFields: false + scope: Namespaced + validation: + openAPIV3Schema: + description: DeleteBackupRequest is a request to delete one or more backups. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DeleteBackupRequestSpec is the specification for which backups to delete. + properties: + backupName: + type: string + required: + - backupName + type: object + status: + description: DeleteBackupRequestStatus is the current status of a DeleteBackupRequest. + properties: + errors: + description: Errors contains any errors that were encountered during the deletion process. + items: + type: string + nullable: true + type: array + phase: + description: Phase is the current state of the DeleteBackupRequest. + enum: + - New + - InProgress + - Processed + type: string + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true +- apiVersion: apiextensions.k8s.io/v1beta1 + kind: CustomResourceDefinition + metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + labels: + component: kubeagent-backup-helper + name: downloadrequests.velero.io + spec: + group: velero.io + names: + kind: DownloadRequest + listKind: DownloadRequestList + plural: downloadrequests + singular: downloadrequest + preserveUnknownFields: false + scope: Namespaced + validation: + openAPIV3Schema: + description: DownloadRequest is a request to download an artifact from backup object storage, such as a backup log file. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DownloadRequestSpec is the specification for a download request. + properties: + target: + description: Target is what to download (e.g. logs for a backup). + properties: + kind: + description: Kind is the type of file to download. + enum: + - BackupLog + - BackupContents + - BackupVolumeSnapshots + - BackupResourceList + - RestoreLog + - RestoreResults + type: string + name: + description: Name is the name of the kubernetes resource with which the file is associated. + type: string + required: + - kind + - name + type: object + required: + - target + type: object + status: + description: DownloadRequestStatus is the current status of a DownloadRequest. + properties: + downloadURL: + description: DownloadURL contains the pre-signed URL for the target file. + type: string + expiration: + description: Expiration is when this DownloadRequest expires and can be deleted by the system. + format: date-time + nullable: true + type: string + phase: + description: Phase is the current state of the DownloadRequest. + enum: + - New + - Processed + type: string + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true +- apiVersion: apiextensions.k8s.io/v1beta1 + kind: CustomResourceDefinition + metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + labels: + component: kubeagent-backup-helper + name: podvolumebackups.velero.io + spec: + group: velero.io + names: + kind: PodVolumeBackup + listKind: PodVolumeBackupList + plural: podvolumebackups + singular: podvolumebackup + preserveUnknownFields: false + scope: Namespaced + validation: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: PodVolumeBackupSpec is the specification for a PodVolumeBackup. + properties: + backupStorageLocation: + description: BackupStorageLocation is the name of the backup storage location where the restic repository is stored. + type: string + node: + description: Node is the name of the node that the Pod is running on. + type: string + pod: + description: Pod is a reference to the pod containing the volume to be backed up. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + repoIdentifier: + description: RepoIdentifier is the restic repository identifier. + type: string + tags: + additionalProperties: + type: string + description: Tags are a map of key-value pairs that should be applied to the volume backup as tags. + type: object + volume: + description: Volume is the name of the volume within the Pod to be backed up. + type: string + required: + - backupStorageLocation + - node + - pod + - repoIdentifier + - volume + type: object + status: + description: PodVolumeBackupStatus is the current status of a PodVolumeBackup. + properties: + completionTimestamp: + description: CompletionTimestamp records the time a backup was completed. Completion time is recorded even on failed backups. Completion time is recorded before uploading the backup object. The server's time is used for CompletionTimestamps + format: date-time + nullable: true + type: string + message: + description: Message is a message about the pod volume backup's status. + type: string + path: + description: Path is the full path within the controller pod being backed up. + type: string + phase: + description: Phase is the current state of the PodVolumeBackup. + enum: + - New + - InProgress + - Completed + - Failed + type: string + progress: + description: Progress holds the total number of bytes of the volume and the current number of backed up bytes. This can be used to display progress information about the backup operation. + properties: + bytesDone: + format: int64 + type: integer + totalBytes: + format: int64 + type: integer + type: object + snapshotID: + description: SnapshotID is the identifier for the snapshot of the pod volume. + type: string + startTimestamp: + description: StartTimestamp records the time a backup was started. Separate from CreationTimestamp, since that value changes on restores. The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true +- apiVersion: apiextensions.k8s.io/v1beta1 + kind: CustomResourceDefinition + metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + labels: + component: kubeagent-backup-helper + name: podvolumerestores.velero.io + spec: + group: velero.io + names: + kind: PodVolumeRestore + listKind: PodVolumeRestoreList + plural: podvolumerestores + singular: podvolumerestore + preserveUnknownFields: false + scope: Namespaced + validation: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: PodVolumeRestoreSpec is the specification for a PodVolumeRestore. + properties: + backupStorageLocation: + description: BackupStorageLocation is the name of the backup storage location where the restic repository is stored. + type: string + pod: + description: Pod is a reference to the pod containing the volume to be restored. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + repoIdentifier: + description: RepoIdentifier is the restic repository identifier. + type: string + snapshotID: + description: SnapshotID is the ID of the volume snapshot to be restored. + type: string + volume: + description: Volume is the name of the volume within the Pod to be restored. + type: string + required: + - backupStorageLocation + - pod + - repoIdentifier + - snapshotID + - volume + type: object + status: + description: PodVolumeRestoreStatus is the current status of a PodVolumeRestore. + properties: + completionTimestamp: + description: CompletionTimestamp records the time a restore was completed. Completion time is recorded even on failed restores. The server's time is used for CompletionTimestamps + format: date-time + nullable: true + type: string + message: + description: Message is a message about the pod volume restore's status. + type: string + phase: + description: Phase is the current state of the PodVolumeRestore. + enum: + - New + - InProgress + - Completed + - Failed + type: string + progress: + description: Progress holds the total number of bytes of the snapshot and the current number of restored bytes. This can be used to display progress information about the restore operation. + properties: + bytesDone: + format: int64 + type: integer + totalBytes: + format: int64 + type: integer + type: object + startTimestamp: + description: StartTimestamp records the time a restore was started. The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true +- apiVersion: apiextensions.k8s.io/v1beta1 + kind: CustomResourceDefinition + metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + labels: + component: kubeagent-backup-helper + name: resticrepositories.velero.io + spec: + group: velero.io + names: + kind: ResticRepository + listKind: ResticRepositoryList + plural: resticrepositories + singular: resticrepository + preserveUnknownFields: false + scope: Namespaced + validation: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ResticRepositorySpec is the specification for a ResticRepository. + properties: + backupStorageLocation: + description: BackupStorageLocation is the name of the BackupStorageLocation that should contain this repository. + type: string + maintenanceFrequency: + description: MaintenanceFrequency is how often maintenance should be run. + type: string + resticIdentifier: + description: ResticIdentifier is the full restic-compatible string for identifying this repository. + type: string + volumeNamespace: + description: VolumeNamespace is the namespace this restic repository contains pod volume backups for. + type: string + required: + - backupStorageLocation + - maintenanceFrequency + - resticIdentifier + - volumeNamespace + type: object + status: + description: ResticRepositoryStatus is the current status of a ResticRepository. + properties: + lastMaintenanceTime: + description: LastMaintenanceTime is the last time maintenance was run. + format: date-time + nullable: true + type: string + message: + description: Message is a message about the current status of the ResticRepository. + type: string + phase: + description: Phase is the current state of the ResticRepository. + enum: + - New + - Ready + - NotReady + type: string + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true +- apiVersion: apiextensions.k8s.io/v1beta1 + kind: CustomResourceDefinition + metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + labels: + component: kubeagent-backup-helper + name: restores.velero.io + spec: + group: velero.io + names: + kind: Restore + listKind: RestoreList + plural: restores + singular: restore + preserveUnknownFields: false + scope: Namespaced + validation: + openAPIV3Schema: + description: Restore is a Velero resource that represents the application of resources from a Velero backup to a target Kubernetes cluster. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: RestoreSpec defines the specification for a Velero restore. + properties: + backupName: + description: BackupName is the unique name of the Velero backup to restore from. + type: string + excludedNamespaces: + description: ExcludedNamespaces contains a list of namespaces that are not included in the restore. + items: + type: string + nullable: true + type: array + excludedResources: + description: ExcludedResources is a slice of resource names that are not included in the restore. + items: + type: string + nullable: true + type: array + hooks: + description: Hooks represent custom behaviors that should be executed during or post restore. + properties: + resources: + items: + description: RestoreResourceHookSpec defines one or more RestoreResrouceHooks that should be executed based on the rules defined for namespaces, resources, and label selector. + properties: + excludedNamespaces: + description: ExcludedNamespaces specifies the namespaces to which this hook spec does not apply. + items: + type: string + nullable: true + type: array + excludedResources: + description: ExcludedResources specifies the resources to which this hook spec does not apply. + items: + type: string + nullable: true + type: array + includedNamespaces: + description: IncludedNamespaces specifies the namespaces to which this hook spec applies. If empty, it applies to all namespaces. + items: + type: string + nullable: true + type: array + includedResources: + description: IncludedResources specifies the resources to which this hook spec applies. If empty, it applies to all resources. + items: + type: string + nullable: true + type: array + labelSelector: + description: LabelSelector, if specified, filters the resources to which this hook spec applies. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + name: + description: Name is the name of this hook. + type: string + postHooks: + description: PostHooks is a list of RestoreResourceHooks to execute during and after restoring a resource. + items: + description: RestoreResourceHook defines a restore hook for a resource. + properties: + exec: + description: Exec defines an exec restore hook. + properties: + command: + description: Command is the command and arguments to execute from within a container after a pod has been restored. + items: + type: string + minItems: 1 + type: array + container: + description: Container is the container in the pod where the command should be executed. If not specified, the pod's first container is used. + type: string + execTimeout: + description: ExecTimeout defines the maximum amount of time Velero should wait for the hook to complete before considering the execution a failure. + type: string + onError: + description: OnError specifies how Velero should behave if it encounters an error executing this hook. + enum: + - Continue + - Fail + type: string + waitTimeout: + description: WaitTimeout defines the maximum amount of time Velero should wait for the container to be Ready before attempting to run the command. + type: string + required: + - command + type: object + init: + description: Init defines an init restore hook. + properties: + initContainers: + description: InitContainers is list of init containers to be added to a pod during its restore. + items: + description: A single application container that you want to run within a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. Cannot be updated. + items: + description: EnvVar represents an environment variable present in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod''s termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod''s termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. + items: + description: ContainerPort represents a network port in a single container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". + type: string + required: + - containerPort + - protocol + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod''s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. This is a beta feature enabled by the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be used by the container. + items: + description: volumeDevice describes a mapping of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within a container. + properties: + mountPath: + description: Path within the container at which the volume should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + timeout: + description: Timeout defines the maximum amount of time Velero should wait for the initContainers to complete. + type: string + type: object + type: object + type: array + required: + - name + type: object + type: array + type: object + includeClusterResources: + description: IncludeClusterResources specifies whether cluster-scoped resources should be included for consideration in the restore. If null, defaults to true. + nullable: true + type: boolean + includedNamespaces: + description: IncludedNamespaces is a slice of namespace names to include objects from. If empty, all namespaces are included. + items: + type: string + nullable: true + type: array + includedResources: + description: IncludedResources is a slice of resource names to include in the restore. If empty, all resources in the backup are included. + items: + type: string + nullable: true + type: array + labelSelector: + description: LabelSelector is a metav1.LabelSelector to filter with when restoring individual objects from the backup. If empty or nil, all objects are included. Optional. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaceMapping: + additionalProperties: + type: string + description: NamespaceMapping is a map of source namespace names to target namespace names to restore into. Any source namespaces not included in the map will be restored into namespaces of the same name. + type: object + restorePVs: + description: RestorePVs specifies whether to restore all included PVs from snapshot (via the cloudprovider). + nullable: true + type: boolean + scheduleName: + description: ScheduleName is the unique name of the Velero schedule to restore from. If specified, and BackupName is empty, Velero will restore from the most recent successful backup created from this schedule. + type: string + required: + - backupName + type: object + status: + description: RestoreStatus captures the current status of a Velero restore + properties: + completionTimestamp: + description: CompletionTimestamp records the time the restore operation was completed. Completion time is recorded even on failed restore. The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + errors: + description: Errors is a count of all error messages that were generated during execution of the restore. The actual errors are stored in object storage. + type: integer + failureReason: + description: FailureReason is an error that caused the entire restore to fail. + type: string + phase: + description: Phase is the current state of the Restore + enum: + - New + - FailedValidation + - InProgress + - Completed + - PartiallyFailed + - Failed + type: string + startTimestamp: + description: StartTimestamp records the time the restore operation was started. The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + validationErrors: + description: ValidationErrors is a slice of all validation errors (if applicable) + items: + type: string + nullable: true + type: array + warnings: + description: Warnings is a count of all warning messages that were generated during execution of the restore. The actual warnings are stored in object storage. + type: integer + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true +- apiVersion: apiextensions.k8s.io/v1beta1 + kind: CustomResourceDefinition + metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + labels: + component: kubeagent-backup-helper + name: schedules.velero.io + spec: + group: velero.io + names: + kind: Schedule + listKind: ScheduleList + plural: schedules + singular: schedule + preserveUnknownFields: false + scope: Namespaced + validation: + openAPIV3Schema: + description: Schedule is a Velero resource that represents a pre-scheduled or periodic Backup that should be run. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ScheduleSpec defines the specification for a Velero schedule + properties: + schedule: + description: Schedule is a Cron expression defining when to run the Backup. + type: string + template: + description: Template is the definition of the Backup to be run on the provided schedule + properties: + defaultVolumesToRestic: + description: DefaultVolumesToRestic specifies whether restic should be used to take a backup of all pod volumes by default. + type: boolean + excludedNamespaces: + description: ExcludedNamespaces contains a list of namespaces that are not included in the backup. + items: + type: string + nullable: true + type: array + excludedResources: + description: ExcludedResources is a slice of resource names that are not included in the backup. + items: + type: string + nullable: true + type: array + hooks: + description: Hooks represent custom behaviors that should be executed at different phases of the backup. + properties: + resources: + description: Resources are hooks that should be executed when backing up individual instances of a resource. + items: + description: BackupResourceHookSpec defines one or more BackupResourceHooks that should be executed based on the rules defined for namespaces, resources, and label selector. + properties: + excludedNamespaces: + description: ExcludedNamespaces specifies the namespaces to which this hook spec does not apply. + items: + type: string + nullable: true + type: array + excludedResources: + description: ExcludedResources specifies the resources to which this hook spec does not apply. + items: + type: string + nullable: true + type: array + includedNamespaces: + description: IncludedNamespaces specifies the namespaces to which this hook spec applies. If empty, it applies to all namespaces. + items: + type: string + nullable: true + type: array + includedResources: + description: IncludedResources specifies the resources to which this hook spec applies. If empty, it applies to all resources. + items: + type: string + nullable: true + type: array + labelSelector: + description: LabelSelector, if specified, filters the resources to which this hook spec applies. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + name: + description: Name is the name of this hook. + type: string + post: + description: PostHooks is a list of BackupResourceHooks to execute after storing the item in the backup. These are executed after all "additional items" from item actions are processed. + items: + description: BackupResourceHook defines a hook for a resource. + properties: + exec: + description: Exec defines an exec hook. + properties: + command: + description: Command is the command and arguments to execute. + items: + type: string + minItems: 1 + type: array + container: + description: Container is the container in the pod where the command should be executed. If not specified, the pod's first container is used. + type: string + onError: + description: OnError specifies how Velero should behave if it encounters an error executing this hook. + enum: + - Continue + - Fail + type: string + timeout: + description: Timeout defines the maximum amount of time Velero should wait for the hook to complete before considering the execution a failure. + type: string + required: + - command + type: object + required: + - exec + type: object + type: array + pre: + description: PreHooks is a list of BackupResourceHooks to execute prior to storing the item in the backup. These are executed before any "additional items" from item actions are processed. + items: + description: BackupResourceHook defines a hook for a resource. + properties: + exec: + description: Exec defines an exec hook. + properties: + command: + description: Command is the command and arguments to execute. + items: + type: string + minItems: 1 + type: array + container: + description: Container is the container in the pod where the command should be executed. If not specified, the pod's first container is used. + type: string + onError: + description: OnError specifies how Velero should behave if it encounters an error executing this hook. + enum: + - Continue + - Fail + type: string + timeout: + description: Timeout defines the maximum amount of time Velero should wait for the hook to complete before considering the execution a failure. + type: string + required: + - command + type: object + required: + - exec + type: object + type: array + required: + - name + type: object + nullable: true + type: array + type: object + includeClusterResources: + description: IncludeClusterResources specifies whether cluster-scoped resources should be included for consideration in the backup. + nullable: true + type: boolean + includedNamespaces: + description: IncludedNamespaces is a slice of namespace names to include objects from. If empty, all namespaces are included. + items: + type: string + nullable: true + type: array + includedResources: + description: IncludedResources is a slice of resource names to include in the backup. If empty, all resources are included. + items: + type: string + nullable: true + type: array + labelSelector: + description: LabelSelector is a metav1.LabelSelector to filter with when adding individual objects to the backup. If empty or nil, all objects are included. Optional. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + orderedResources: + additionalProperties: + type: string + description: OrderedResources specifies the backup order of resources of specific Kind. The map key is the Kind name and value is a list of resource names separeted by commas. Each resource name has format "namespace/resourcename". For cluster resources, simply use "resourcename". + nullable: true + type: object + snapshotVolumes: + description: SnapshotVolumes specifies whether to take cloud snapshots of any PV's referenced in the set of objects included in the Backup. + nullable: true + type: boolean + storageLocation: + description: StorageLocation is a string containing the name of a BackupStorageLocation where the backup should be stored. + type: string + ttl: + description: TTL is a time.Duration-parseable string describing how long the Backup should be retained for. + type: string + volumeSnapshotLocations: + description: VolumeSnapshotLocations is a list containing names of VolumeSnapshotLocations associated with this backup. + items: + type: string + type: array + type: object + required: + - schedule + - template + type: object + status: + description: ScheduleStatus captures the current state of a Velero schedule + properties: + lastBackup: + description: LastBackup is the last time a Backup was run for this Schedule schedule + format: date-time + nullable: true + type: string + phase: + description: Phase is the current phase of the Schedule + enum: + - New + - Enabled + - FailedValidation + type: string + validationErrors: + description: ValidationErrors is a slice of all validation errors (if applicable) + items: + type: string + type: array + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true +- apiVersion: apiextensions.k8s.io/v1beta1 + kind: CustomResourceDefinition + metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + labels: + component: kubeagent-backup-helper + name: serverstatusrequests.velero.io + spec: + group: velero.io + names: + kind: ServerStatusRequest + listKind: ServerStatusRequestList + plural: serverstatusrequests + shortNames: + - ssr + singular: serverstatusrequest + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: ServerStatusRequest is a request to access current status information about the Velero server. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ServerStatusRequestSpec is the specification for a ServerStatusRequest. + type: object + status: + description: ServerStatusRequestStatus is the current status of a ServerStatusRequest. + properties: + phase: + description: Phase is the current lifecycle phase of the ServerStatusRequest. + enum: + - New + - Processed + type: string + plugins: + description: Plugins list information about the plugins running on the Velero server + items: + description: PluginInfo contains attributes of a Velero plugin + properties: + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + nullable: true + type: array + processedTimestamp: + description: ProcessedTimestamp is when the ServerStatusRequest was processed by the ServerStatusRequestController. + format: date-time + nullable: true + type: string + serverVersion: + description: ServerVersion is the Velero server version. + type: string + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true +{{- if not (lookup "apiextensions.k8s.io/v1" "CustomResourceDefinition" "" "volumesnapshotlocations.velero.io") }} +- apiVersion: apiextensions.k8s.io/v1beta1 + kind: CustomResourceDefinition + metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + "helm.sh/resource-policy": keep + creationTimestamp: null + labels: + component: kubeagent-backup-helper + name: volumesnapshotlocations.velero.io + spec: + group: velero.io + names: + kind: VolumeSnapshotLocation + listKind: VolumeSnapshotLocationList + plural: volumesnapshotlocations + singular: volumesnapshotlocation + preserveUnknownFields: false + scope: Namespaced + validation: + openAPIV3Schema: + description: VolumeSnapshotLocation is a location where Velero stores volume snapshots. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: VolumeSnapshotLocationSpec defines the specification for a Velero VolumeSnapshotLocation. + properties: + config: + additionalProperties: + type: string + description: Config is for provider-specific configuration fields. + type: object + provider: + description: Provider is the provider of the volume storage. + type: string + required: + - provider + type: object + status: + description: VolumeSnapshotLocationStatus describes the current status of a Velero VolumeSnapshotLocation. + properties: + phase: + description: VolumeSnapshotLocationPhase is the lifecyle phase of a Velero VolumeSnapshotLocation. + enum: + - Available + - Unavailable + type: string + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true +{{- end }} +- apiVersion: v1 + kind: ServiceAccount + metadata: + creationTimestamp: null + labels: + component: kubeagent-backup-helper + name: {{ .Values.namespace }} + namespace: {{ .Values.namespace }} +- apiVersion: rbac.authorization.k8s.io/v1beta1 + kind: ClusterRoleBinding + metadata: + creationTimestamp: null + labels: + component: kubeagent-backup-helper + name: {{ .Values.namespace }} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin + subjects: + - kind: ServiceAccount + name: {{ .Values.namespace }} + namespace: {{ .Values.namespace }} +{{- if not (lookup "apiextensions.k8s.io/v1" "CustomResourceDefinition" "" "volumesnapshotclasses.snapshot.storage.k8s.io") }} +- apiVersion: apiextensions.k8s.io/v1beta1 + kind: CustomResourceDefinition + metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + api-approved.kubernetes.io: "https://github.com/kubernetes-csi/external-snapshotter/pull/139" + "helm.sh/resource-policy": keep + creationTimestamp: null + name: volumesnapshotclasses.snapshot.storage.k8s.io + spec: + additionalPrinterColumns: + - JSONPath: .driver + name: Driver + type: string + - JSONPath: .deletionPolicy + description: Determines whether a VolumeSnapshotContent created through the VolumeSnapshotClass + should be deleted when its bound VolumeSnapshot is deleted. + name: DeletionPolicy + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: snapshot.storage.k8s.io + names: + kind: VolumeSnapshotClass + listKind: VolumeSnapshotClassList + plural: volumesnapshotclasses + singular: volumesnapshotclass + preserveUnknownFields: false + scope: Cluster + subresources: {} + validation: + openAPIV3Schema: + description: VolumeSnapshotClass specifies parameters that a underlying storage + system uses when creating a volume snapshot. A specific VolumeSnapshotClass + is used by specifying its name in a VolumeSnapshot object. VolumeSnapshotClasses + are non-namespaced + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + deletionPolicy: + description: deletionPolicy determines whether a VolumeSnapshotContent created + through the VolumeSnapshotClass should be deleted when its bound VolumeSnapshot + is deleted. Supported values are "Retain" and "Delete". "Retain" means + that the VolumeSnapshotContent and its physical snapshot on underlying + storage system are kept. "Delete" means that the VolumeSnapshotContent + and its physical snapshot on underlying storage system are deleted. Required. + enum: + - Delete + - Retain + type: string + driver: + description: driver is the name of the storage driver that handles this + VolumeSnapshotClass. Required. + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + parameters: + additionalProperties: + type: string + description: parameters is a key-value map with storage driver specific + parameters for creating snapshots. These values are opaque to Kubernetes. + type: object + required: + - deletionPolicy + - driver + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true + status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +{{- end }} +{{- if not (lookup "apiextensions.k8s.io/v1" "CustomResourceDefinition" "" "volumesnapshotcontents.snapshot.storage.k8s.io") }} +- apiVersion: apiextensions.k8s.io/v1beta1 + kind: CustomResourceDefinition + metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + api-approved.kubernetes.io: "https://github.com/kubernetes-csi/external-snapshotter/pull/139" + "helm.sh/resource-policy": keep + creationTimestamp: null + name: volumesnapshotcontents.snapshot.storage.k8s.io + spec: + additionalPrinterColumns: + - JSONPath: .status.readyToUse + description: Indicates if a snapshot is ready to be used to restore a volume. + name: ReadyToUse + type: boolean + - JSONPath: .status.restoreSize + description: Represents the complete size of the snapshot in bytes + name: RestoreSize + type: integer + - JSONPath: .spec.deletionPolicy + description: Determines whether this VolumeSnapshotContent and its physical snapshot + on the underlying storage system should be deleted when its bound VolumeSnapshot + is deleted. + name: DeletionPolicy + type: string + - JSONPath: .spec.driver + description: Name of the CSI driver used to create the physical snapshot on the + underlying storage system. + name: Driver + type: string + - JSONPath: .spec.volumeSnapshotClassName + description: Name of the VolumeSnapshotClass to which this snapshot belongs. + name: VolumeSnapshotClass + type: string + - JSONPath: .spec.volumeSnapshotRef.name + description: Name of the VolumeSnapshot object to which this VolumeSnapshotContent + object is bound. + name: VolumeSnapshot + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: snapshot.storage.k8s.io + names: + kind: VolumeSnapshotContent + listKind: VolumeSnapshotContentList + plural: volumesnapshotcontents + singular: volumesnapshotcontent + preserveUnknownFields: false + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + description: VolumeSnapshotContent represents the actual "on-disk" snapshot + object in the underlying storage system + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + spec: + description: spec defines properties of a VolumeSnapshotContent created + by the underlying storage system. Required. + properties: + deletionPolicy: + description: deletionPolicy determines whether this VolumeSnapshotContent + and its physical snapshot on the underlying storage system should + be deleted when its bound VolumeSnapshot is deleted. Supported values + are "Retain" and "Delete". "Retain" means that the VolumeSnapshotContent + and its physical snapshot on underlying storage system are kept. "Delete" + means that the VolumeSnapshotContent and its physical snapshot on + underlying storage system are deleted. In dynamic snapshot creation + case, this field will be filled in with the "DeletionPolicy" field + defined in the VolumeSnapshotClass the VolumeSnapshot refers to. For + pre-existing snapshots, users MUST specify this field when creating + the VolumeSnapshotContent object. Required. + enum: + - Delete + - Retain + type: string + driver: + description: driver is the name of the CSI driver used to create the + physical snapshot on the underlying storage system. This MUST be the + same as the name returned by the CSI GetPluginName() call for that + driver. Required. + type: string + source: + description: source specifies from where a snapshot will be created. + This field is immutable after creation. Required. + properties: + snapshotHandle: + description: snapshotHandle specifies the CSI "snapshot_id" of a + pre-existing snapshot on the underlying storage system. This field + is immutable. + type: string + volumeHandle: + description: volumeHandle specifies the CSI "volume_id" of the volume + from which a snapshot should be dynamically taken from. This field + is immutable. + type: string + type: object + volumeSnapshotClassName: + description: name of the VolumeSnapshotClass to which this snapshot + belongs. + type: string + volumeSnapshotRef: + description: volumeSnapshotRef specifies the VolumeSnapshot object to + which this VolumeSnapshotContent object is bound. VolumeSnapshot.Spec.VolumeSnapshotContentName + field must reference to this VolumeSnapshotContent's name for the + bidirectional binding to be valid. For a pre-existing VolumeSnapshotContent + object, name and namespace of the VolumeSnapshot object MUST be provided + for binding to happen. This field is immutable after creation. Required. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an + entire object, this string should contain a valid JSON/Go field + access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part of an object. + TODO: this design is not final and this field is subject to change + in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is + made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + required: + - deletionPolicy + - driver + - source + - volumeSnapshotRef + type: object + status: + description: status represents the current information of a snapshot. + properties: + creationTime: + description: creationTime is the timestamp when the point-in-time snapshot + is taken by the underlying storage system. In dynamic snapshot creation + case, this field will be filled in with the "creation_time" value + returned from CSI "CreateSnapshotRequest" gRPC call. For a pre-existing + snapshot, this field will be filled with the "creation_time" value + returned from the CSI "ListSnapshots" gRPC call if the driver supports + it. If not specified, it indicates the creation time is unknown. The + format of this field is a Unix nanoseconds time encoded as an int64. + On Unix, the command `date +%s%N` returns the current time in nanoseconds + since 1970-01-01 00:00:00 UTC. + format: int64 + type: integer + error: + description: error is the latest observed error during snapshot creation, + if any. + properties: + message: + description: 'message is a string detailing the encountered error + during snapshot creation if specified. NOTE: message may be logged, + and it should not contain sensitive information.' + type: string + time: + description: time is the timestamp when the error was encountered. + format: date-time + type: string + type: object + readyToUse: + description: readyToUse indicates if a snapshot is ready to be used + to restore a volume. In dynamic snapshot creation case, this field + will be filled in with the "ready_to_use" value returned from CSI + "CreateSnapshotRequest" gRPC call. For a pre-existing snapshot, this + field will be filled with the "ready_to_use" value returned from the + CSI "ListSnapshots" gRPC call if the driver supports it, otherwise, + this field will be set to "True". If not specified, it means the readiness + of a snapshot is unknown. + type: boolean + restoreSize: + description: restoreSize represents the complete size of the snapshot + in bytes. In dynamic snapshot creation case, this field will be filled + in with the "size_bytes" value returned from CSI "CreateSnapshotRequest" + gRPC call. For a pre-existing snapshot, this field will be filled + with the "size_bytes" value returned from the CSI "ListSnapshots" + gRPC call if the driver supports it. When restoring a volume from + this snapshot, the size of the volume MUST NOT be smaller than the + restoreSize if it is specified, otherwise the restoration will fail. + If not specified, it indicates that the size is unknown. + format: int64 + minimum: 0 + type: integer + snapshotHandle: + description: snapshotHandle is the CSI "snapshot_id" of a snapshot on + the underlying storage system. If not specified, it indicates that + dynamic snapshot creation has either failed or it is still in progress. + type: string + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true + status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +{{- end }} +{{- if not (lookup "apiextensions.k8s.io/v1" "CustomResourceDefinition" "" "volumesnapshots.snapshot.storage.k8s.io") }} +- apiVersion: apiextensions.k8s.io/v1beta1 + kind: CustomResourceDefinition + metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + api-approved.kubernetes.io: "https://github.com/kubernetes-csi/external-snapshotter/pull/139" + "helm.sh/resource-policy": keep + creationTimestamp: null + name: volumesnapshots.snapshot.storage.k8s.io + spec: + additionalPrinterColumns: + - JSONPath: .status.readyToUse + description: Indicates if a snapshot is ready to be used to restore a volume. + name: ReadyToUse + type: boolean + - JSONPath: .spec.source.persistentVolumeClaimName + description: Name of the source PVC from where a dynamically taken snapshot will + be created. + name: SourcePVC + type: string + - JSONPath: .spec.source.volumeSnapshotContentName + description: Name of the VolumeSnapshotContent which represents a pre-provisioned + snapshot. + name: SourceSnapshotContent + type: string + - JSONPath: .status.restoreSize + description: Represents the complete size of the snapshot. + name: RestoreSize + type: string + - JSONPath: .spec.volumeSnapshotClassName + description: The name of the VolumeSnapshotClass requested by the VolumeSnapshot. + name: SnapshotClass + type: string + - JSONPath: .status.boundVolumeSnapshotContentName + description: The name of the VolumeSnapshotContent to which this VolumeSnapshot + is bound. + name: SnapshotContent + type: string + - JSONPath: .status.creationTime + description: Timestamp when the point-in-time snapshot is taken by the underlying + storage system. + name: CreationTime + type: date + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: snapshot.storage.k8s.io + names: + kind: VolumeSnapshot + listKind: VolumeSnapshotList + plural: volumesnapshots + singular: volumesnapshot + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: VolumeSnapshot is a user's request for either creating a point-in-time + snapshot of a persistent volume, or binding to a pre-existing snapshot. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + spec: + description: 'spec defines the desired characteristics of a snapshot requested + by a user. More info: https://kubernetes.io/docs/concepts/storage/volume-snapshots#volumesnapshots + Required.' + properties: + source: + description: source specifies where a snapshot will be created from. + This field is immutable after creation. Required. + properties: + persistentVolumeClaimName: + description: persistentVolumeClaimName specifies the name of the + PersistentVolumeClaim object in the same namespace as the VolumeSnapshot + object where the snapshot should be dynamically taken from. This + field is immutable. + type: string + volumeSnapshotContentName: + description: volumeSnapshotContentName specifies the name of a pre-existing + VolumeSnapshotContent object. This field is immutable. + type: string + type: object + volumeSnapshotClassName: + description: 'volumeSnapshotClassName is the name of the VolumeSnapshotClass + requested by the VolumeSnapshot. If not specified, the default snapshot + class will be used if one exists. If not specified, and there is no + default snapshot class, dynamic snapshot creation will fail. Empty + string is not allowed for this field. TODO(xiangqian): a webhook validation + on empty string. More info: https://kubernetes.io/docs/concepts/storage/volume-snapshot-classes' + type: string + required: + - source + type: object + status: + description: 'status represents the current information of a snapshot. NOTE: + status can be modified by sources other than system controllers, and must + not be depended upon for accuracy. Controllers should only use information + from the VolumeSnapshotContent object after verifying that the binding + is accurate and complete.' + properties: + boundVolumeSnapshotContentName: + description: 'boundVolumeSnapshotContentName represents the name of + the VolumeSnapshotContent object to which the VolumeSnapshot object + is bound. If not specified, it indicates that the VolumeSnapshot object + has not been successfully bound to a VolumeSnapshotContent object + yet. NOTE: Specified boundVolumeSnapshotContentName alone does not + mean binding is valid. Controllers MUST always verify bidirectional + binding between VolumeSnapshot and VolumeSnapshotContent to + avoid possible security issues.' + type: string + creationTime: + description: creationTime is the timestamp when the point-in-time snapshot + is taken by the underlying storage system. In dynamic snapshot creation + case, this field will be filled in with the "creation_time" value + returned from CSI "CreateSnapshotRequest" gRPC call. For a pre-existing + snapshot, this field will be filled with the "creation_time" value + returned from the CSI "ListSnapshots" gRPC call if the driver supports + it. If not specified, it indicates that the creation time of the snapshot + is unknown. + format: date-time + type: string + error: + description: error is the last observed error during snapshot creation, + if any. This field could be helpful to upper level controllers(i.e., + application controller) to decide whether they should continue on + waiting for the snapshot to be created based on the type of error + reported. + properties: + message: + description: 'message is a string detailing the encountered error + during snapshot creation if specified. NOTE: message may be logged, + and it should not contain sensitive information.' + type: string + time: + description: time is the timestamp when the error was encountered. + format: date-time + type: string + type: object + readyToUse: + description: readyToUse indicates if a snapshot is ready to be used + to restore a volume. In dynamic snapshot creation case, this field + will be filled in with the "ready_to_use" value returned from CSI + "CreateSnapshotRequest" gRPC call. For a pre-existing snapshot, this + field will be filled with the "ready_to_use" value returned from the + CSI "ListSnapshots" gRPC call if the driver supports it, otherwise, + this field will be set to "True". If not specified, it means the readiness + of a snapshot is unknown. + type: boolean + restoreSize: + type: string + description: restoreSize represents the complete size of the snapshot + in bytes. In dynamic snapshot creation case, this field will be filled + in with the "size_bytes" value returned from CSI "CreateSnapshotRequest" + gRPC call. For a pre-existing snapshot, this field will be filled + with the "size_bytes" value returned from the CSI "ListSnapshots" + gRPC call if the driver supports it. When restoring a volume from + this snapshot, the size of the volume MUST NOT be smaller than the + restoreSize if it is specified, otherwise the restoration will fail. + If not specified, it indicates that the size is unknown. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true + status: + # acceptedNames: + # kind: "" + # plural: "" + conditions: [] + # storedVersions: [] +{{- end }} +- apiVersion: apps/v1 + kind: Deployment + metadata: + name: kubeagent + namespace: {{ .Values.namespace }} + spec: + selector: + matchLabels: + app: kubeagent + strategy: {} + replicas: 1 + template: + metadata: + labels: + app: kubeagent + annotations: + prometheus.io/path: /metrics + prometheus.io/port: "8085" + prometheus.io/scrape: "true" + spec: + containers: + - image: "{{ .Values.kagent_image.repository }}:{{ .Values.kagent_image.tag }}" + args: ["/usr/local/bin/kubeagent", "--server_addr", "agent.cloudcasa.io:443", "--tls", "true"] + name: kubeagent + resources: + requests: + memory: "{{ .Values.request_kubeagent_memory }}" + cpu: "{{ .Values.request_kubeagent_cpu }}" + limits: + memory: "{{ .Values.limit_kubeagent_memory }}" + cpu: "{{ .Values.limit_kubeagent_cpu }}" + env: + - name: AMDS_CLUSTER_ID + value: "{{ .Values.cluster_id }}" + - name: KUBEMOVER_IMAGE + value: "{{ .Values.kagent_image.repository }}:{{ .Values.kagent_image.tag }}" + volumeMounts: + - mountPath: /credentials + name: cloud-credentials + - mountPath: /plugins + name: plugins + - mountPath: /scratch + name: scratch + - image: "{{ .Values.velero_image.repository }}:{{ .Values.velero_image.tag }}" + imagePullPolicy: IfNotPresent + name: kubeagent-backup-helper + args: + - server + - --features=EnableCSI,EnableAPIGroupVersions + - --backup-sync-period=0s + - --store-validation-frequency=0s + # (24 hours * 365 days * 10 years) + (2 * 24 hours[for leap years]) = 87648 hours + - --default-backup-ttl=87648h0m0s + - --disable-controllers=backup-sync,schedule,gc,download-request,restic-repo,server-status-request + - --log-format=json + - --log-level=info + command: + - /velero + env: + - name: VELERO_SCRATCH_DIR + value: /scratch + - name: VELERO_NAMESPACE + value: {{ .Values.namespace }} + - name: LD_LIBRARY_PATH + value: /plugins + - name: AWS_SHARED_CREDENTIALS_FILE + value: /credentials/s3/cloud + - name: GOOGLE_APPLICATION_CREDENTIALS + value: /credentials/gcp/cloud + - name: AZURE_CREDENTIALS_FILE + value: /credentials/azure/cloud + ports: + - containerPort: 8085 + name: metrics + resources: + limits: + cpu: "{{ .Values.limit_velero_cpu }}" + memory: "{{ .Values.limit_velero_memory }}" + requests: + cpu: "{{ .Values.request_velero_cpu }}" + memory: "{{ .Values.request_velero_memory }}" + volumeMounts: + - mountPath: /plugins + name: plugins + - mountPath: /scratch + name: scratch + - mountPath: /credentials + name: cloud-credentials + initContainers: + - image: "{{ .Values.velero_aws_plugin_image.repository }}:{{ .Values.velero_aws_plugin_image.tag }}" + imagePullPolicy: IfNotPresent + name: velero-plugin-for-aws + resources: {} + volumeMounts: + - mountPath: /target + name: plugins + - image: "{{ .Values.velero_csi_plugin_image.repository }}:{{ .Values.velero_csi_plugin_image.tag }}" + imagePullPolicy: IfNotPresent + name: velero-plugin-for-csi + resources: {} + volumeMounts: + - mountPath: /target + name: plugins + restartPolicy: Always + serviceAccountName: {{ .Values.namespace }} + volumes: + - emptyDir: {} + name: plugins + - emptyDir: {} + name: scratch + - emptyDir: {} + name: cloud-credentials \ No newline at end of file diff --git a/charts/cloudcasa/cloudcasa/1/values.yaml b/charts/cloudcasa/cloudcasa/1/values.yaml new file mode 100644 index 000000000..e51d6a8d3 --- /dev/null +++ b/charts/cloudcasa/cloudcasa/1/values.yaml @@ -0,0 +1,92 @@ +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry +## + +## Required namespace +namespace: cloudcasa-io + +## Velero csi plugin image +## ref: https://hub.docker.com/r/velero/velero-plugin-for-csi/tags/ +velero_csi_plugin_image: + registry: docker.io + repository: catalogicsoftware/velero-plugin-for-csi + tag: v0.1.2.3 + pullPolicy: IfNotPresent + debug: false +## + +## Velero aws plugin image +## ref: https://hub.docker.com/r/velero/velero-plugin-for-aws/tags/ +velero_aws_plugin_image: + registry: docker.io + repository: velero/velero-plugin-for-aws + tag: v1.1.0 + pullPolicy: IfNotPresent + debug: false +## + +## Velero image +## ref: https://hub.docker.com/r/velero/velero/tags +velero_image: + registry: docker.io + repository: velero/velero + tag: v1.5.3 + pullPolicy: IfNotPresent + debug: false +## + +## Cloudcasa kubeagent image +## ref: https://hub.docker.com/r/catalogicsoftware/amds-kagent/tags/ +kagent_image: + registry: docker.io + repository: catalogicsoftware/amds-kagent + tag: 0.1.0-prod.47 + pullPolicy: IfNotPresent + debug: false +## + +## Cloudcasa AMDS Cluster ID. To be provided by the user +cluster_id: "" + +## Resources to be used by velero and kubeagent pods +request_velero_memory: 128Mi +request_velero_cpu: 500m +limit_velero_memory: 512Mi +limit_velero_cpu: 1 +request_kubeagent_memory: 32Mi +request_kubeagent_cpu: 250m +limit_kubeagent_memory: 64Mi +limit_kubeagent_cpu: 500m + +## Placeholder configuration below this line ## +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + create: true + annotations: {} + name: "" + +podAnnotations: {} + +podSecurityContext: {} + +securityContext: {} + +resources: {} + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 1 + targetCPUUtilizationPercentage: 80 + targetMemoryUtilizationPercentage: 80 + +nodeSelector: {} + +tolerations: [] + +affinity: {} +## diff --git a/charts/cockroachdb/cockroachdb/4.1.200/Chart.yaml b/charts/cockroachdb/cockroachdb/4.1.200/Chart.yaml new file mode 100644 index 000000000..b8ce2f514 --- /dev/null +++ b/charts/cockroachdb/cockroachdb/4.1.200/Chart.yaml @@ -0,0 +1,15 @@ +annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/release-name: cockroachdb +apiVersion: v1 +appVersion: 20.1.3 +description: CockroachDB is a scalable, survivable, strongly-consistent SQL database. +home: https://www.cockroachlabs.com +icon: https://raw.githubusercontent.com/cockroachdb/cockroach/master/docs/media/cockroach_db.png +maintainers: +- email: helm-charts@cockroachlabs.com + name: cockroachlabs +name: cockroachdb +sources: +- https://github.com/cockroachdb/cockroach +version: 4.1.200 diff --git a/charts/cockroachdb/cockroachdb/4.1.200/README.md b/charts/cockroachdb/cockroachdb/4.1.200/README.md new file mode 100644 index 000000000..cbb90aa27 --- /dev/null +++ b/charts/cockroachdb/cockroachdb/4.1.200/README.md @@ -0,0 +1,477 @@ +# CockroachDB Helm Chart + +[CockroachDB](https://github.com/cockroachdb/cockroach) - the open source, cloud-native distributed SQL database. + +## Documentation + +Below is a brief overview of operating the CockroachDB Helm Chart and some specific implementation details. For additional information on deploying CockroachDB, please see: +> + +Note that the documentation requires Helm 3.0 or higher. + +## Prerequisites Details + +* Kubernetes 1.8 +* PV support on the underlying infrastructure (only if using `storage.persistentVolume`). [Docker for windows hostpath provisioner is not supported](https://github.com/cockroachdb/docs/issues/3184). +* If you want to secure your cluster to use TLS certificates for all network communication, [Helm must be installed with RBAC privileges](https://helm.sh/docs/topics/rbac/) or else you will get an "attempt to grant extra privileges" error. + +## StatefulSet Details + +* + +## StatefulSet Caveats + +* + +## Chart Details + +This chart will do the following: + +* Set up a dynamically scalable CockroachDB cluster using a Kubernetes StatefulSet. + +## Add the CockroachDB Repository + +```shell +helm repo add cockroachdb https://charts.cockroachdb.com/ +``` + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```shell +helm install my-release cockroachdb/cockroachdb +``` + +Note that for a production cluster, you will likely want to override the following parameters in [`values.yaml`](values.yaml) with your own values. + +- `statefulset.resources.requests.memory` and `statefulset.resources.limits.memory` allocate memory resources to CockroachDB pods in your cluster. +- `conf.cache` and `conf.max-sql-memory` are memory limits that we recommend setting to 1/4 of the above resource allocation. When running CockroachDB, you must set these limits explicitly to avoid running out of memory. +- `storage.persistentVolume.size` defaults to `100Gi` of disk space per pod, which you may increase or decrease for your use case. +- `storage.persistentVolume.storageClass` uses the default storage class for your environment. We strongly recommend that you specify a storage class which uses an SSD. +- `tls.enabled` must be set to `yes`/`true` to deploy in secure mode. + +For more information on overriding the `values.yaml` parameters, please see: +> + +If you are running in secure mode (with configuration parameter `tls.enabled` set to `yes`/`true`) and `tls.certs.provided` set to `no`/`false`), then you will have to manually approve the cluster's security certificates as the pods are created. You can see the pending CSRs (certificate signing requests) by running `kubectl get csr`, and approve them by running `kubectl certificate approve `. You'll have to approve one certificate for each CockroachDB node (e.g., `default.node.my-release-cockroachdb-0` and one client certificate for the job that initializes the cluster (e.g., `default.node.root`). + +When `tls.certs.provided` is set to `yes`/`true`, this chart will use certificates created outside of Kubernetes. You may want to use this if you want to use a different certificate authority from the one being used by Kubernetes or if your Kubernetes cluster doesn't fully support certificate-signing requests. To use this, first set up your certificates and load them into your Kubernetes cluster as Secrets using the commands below: + +``` +mkdir certs +mkdir my-safe-directory +cockroach cert create-ca --certs-dir=certs --ca-key=my-safe-directory/ca.key +cockroach cert create-client root --certs-dir=certs --ca-key=my-safe-directory/ca.key +kubectl create secret generic cockroachdb-root --from-file=certs +cockroach cert create-node --certs-dir=certs --ca-key=my-safe-directory/ca.key localhost 127.0.0.1 eerie-horse-cockroachdb-public eerie-horse-cockroachdb-public.default eerie-horse-cockroachdb-public.default.svc.cluster.local *.eerie-horse-cockroachdb *.eerie-horse-cockroachdb.default *.eerie-horse-cockroachdb.default.svc.cluster.local +kubectl create secret generic cockroachdb-node --from-file=certs +``` + +Set `tls.certs.tlsSecret` to `yes/true` if you make use of [cert-manager][3] in your cluster. + +[cert-manager][3] stores generated certificates in dedicated TLS secrets. Thus, they are always named: + +* `ca.crt` +* `tls.crt` +* `tls.key` + +On the other hand, CockroachDB also demands dedicated certificate filenames: + +* `ca.crt` +* `node.crt` +* `node.key` +* `client.root.crt` +* `client.root.key` + +By activating `tls.certs.tlsSecret` we benefit from projected secrets and convert the TLS secret filenames to their according CockroachDB filenames. + +If you are running in secure mode, then you will have to manually approve the cluster's security certificates as the pods are created. You can see the pending CSRs (certificate signing requests) by running `kubectl get csr`, and approve them by running `kubectl certificate approve `. You'll have to approve one certificate for each CockroachDB node (e.g., `default.node.my-release-cockroachdb-0` and one client certificate for the job that initializes the cluster (e.g., `default.node.root`). + +Confirm that all pods are `Running` successfully and init has been completed: + +```shell +kubectl get pods +``` + +``` +NAME READY STATUS RESTARTS AGE +my-release-cockroachdb-0 1/1 Running 0 1m +my-release-cockroachdb-1 1/1 Running 0 1m +my-release-cockroachdb-2 1/1 Running 0 1m +my-release-cockroachdb-init-k6jcr 0/1 Completed 0 1m +``` + +Confirm that persistent volumes are created and claimed for each pod: + +```shell +kubectl get pv +``` + +``` +NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE +pvc-64878ebf-f3f0-11e8-ab5b-42010a8e0035 100Gi RWO Delete Bound default/datadir-my-release-cockroachdb-0 standard 51s +pvc-64945b4f-f3f0-11e8-ab5b-42010a8e0035 100Gi RWO Delete Bound default/datadir-my-release-cockroachdb-1 standard 51s +pvc-649d920d-f3f0-11e8-ab5b-42010a8e0035 100Gi RWO Delete Bound default/datadir-my-release-cockroachdb-2 standard 51s +``` + +## Upgrading the cluster + +### Chart version 3.0.0 and after + +Launch a temporary interactive pod and start the built-in SQL client: + +```shell +kubectl run cockroachdb --rm -it \ +--image=cockroachdb/cockroach \ +--restart=Never \ +-- sql --insecure --host=my-release-cockroachdb-public +``` + +> If you are running in secure mode, you will have to provide a client certificate to the cluster in order to authenticate, so the above command will not work. See [here](https://github.com/cockroachdb/cockroach/blob/master/cloud/kubernetes/client-secure.yaml) for an example of how to set up an interactive SQL shell against a secure cluster or [here](https://github.com/cockroachdb/cockroach/blob/master/cloud/kubernetes/example-app-secure.yaml) for an example application connecting to a secure cluster. + +Set `cluster.preserve_downgrade_option`, where `$current_version` is the CockroachDB version currently running (e.g., `19.2`): + +```sql +> SET CLUSTER SETTING cluster.preserve_downgrade_option = '$current_version'; +``` + +Exit the shell and delete the temporary pod: + +```sql +> \q +``` + +Kick off the upgrade process by changing the new Docker image, where `$new_version` is the CockroachDB version to which you are upgrading: + +```shell +kubectl delete job my-release-cockroachdb-init +``` + +```shell +helm upgrade my-release cockroachdb/cockroachdb \ +--set image.tag=$new_version \ +--reuse-values +``` + +Kubernetes will carry out a safe [rolling upgrade](https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#updating-statefulsets) of your CockroachDB nodes one-by-one. Monitor the cluster's pods until all have been successfully restarted: + +```shell +kubectl get pods +``` + +``` +NAME READY STATUS RESTARTS AGE +my-release-cockroachdb-0 1/1 Running 0 2m +my-release-cockroachdb-1 1/1 Running 0 3m +my-release-cockroachdb-2 1/1 Running 0 3m +my-release-cockroachdb-3 0/1 ContainerCreating 0 25s +my-release-cockroachdb-init-nwjkh 0/1 ContainerCreating 0 6s +``` + +```shell +kubectl get pods \ +-o jsonpath='{range .items[*]}{.metadata.name}{"\t"}{.spec.containers[0].image}{"\n"}' +``` + +``` +my-release-cockroachdb-0 cockroachdb/cockroach:v20.1.3 +my-release-cockroachdb-1 cockroachdb/cockroach:v20.1.3 +my-release-cockroachdb-2 cockroachdb/cockroach:v20.1.3 +my-release-cockroachdb-3 cockroachdb/cockroach:v20.1.3 +``` + +Resume normal operations. Once you are comfortable that the stability and performance of the cluster is what you'd expect post-upgrade, finalize the upgrade: + +```shell +kubectl run cockroachdb --rm -it \ +--image=cockroachdb/cockroach \ +--restart=Never \ +-- sql --insecure --host=my-release-cockroachdb-public +``` + +```sql +> RESET CLUSTER SETTING cluster.preserve_downgrade_option; +> \q +``` + +### Chart versions prior to 3.0.0 + +Due to a change in the label format in version 3.0.0 of this chart, upgrading requires that you delete the StatefulSet. Luckily there is a way to do it without actually deleting all the resources managed by the StatefulSet. Use the workaround below to upgrade from charts versions previous to 3.0.0: + +Get the new labels from the specs rendered by Helm: + +```shell +helm template -f deploy.vals.yml cockroachdb/cockroachdb -x templates/statefulset.yaml \ +| yq r - spec.template.metadata.labels +``` + +``` +app.kubernetes.io/name: cockroachdb +app.kubernetes.io/instance: my-release +app.kubernetes.io/component: cockroachdb +``` + +Place the new labels on all pods of the StatefulSet (change `my-release-cockroachdb-0` to the name of each pod): + +```shell +kubectl label pods my-release-cockroachdb-0 \ +app.kubernetes.io/name=cockroachdb \ +app.kubernetes.io/instance=my-release \ +app.kubernetes.io/component=cockroachdb +``` + +Delete the StatefulSet without deleting pods: + +```shell +kubectl delete statefulset my-release-cockroachdb --cascade=false +``` + +Verify that no pod is deleted and then upgrade as normal. A new StatefulSet will be created, taking over the management of the existing pods and upgrading them if needed. + +### See also + +For more information about upgrading a cluster to the latest major release of CockroachDB, see [Upgrade to CockroachDB v20.1](https://www.cockroachlabs.com/docs/stable/upgrade-cockroach-version.html). + +Note that there are some backward-incompatible changes to SQL features between versions 19.2 and 20.1. For details, see the [CockroachDB v20.1.0 release notes](https://www.cockroachlabs.com/docs/releases/v20.1.0.html#backward-incompatible-changes). + +## Configuration + +The following table lists the configurable parameters of the CockroachDB chart and their default values. +For details see the [`values.yaml`](values.yaml) file. + +| Parameter | Description | Default | +| --------- | ----------- | ------- | +| `clusterDomain` | Cluster's default DNS domain | `cluster.local` | +| `conf.attrs` | CockroachDB node attributes | `[]` | +| `conf.cache` | Size of CockroachDB's in-memory cache | `25%` | +| `conf.cluster-name` | Name of CockroachDB cluster | `""` | +| `conf.disable-cluster-name-verification` | Disable CockroachDB cluster name verification | `no` | +| `conf.join` | List of already-existing CockroachDB instances | `[]` | +| `conf.max-disk-temp-storage` | Max storage capacity for temp data | `0` | +| `conf.max-offset` | Max allowed clock offset for CockroachDB cluster | `500ms` | +| `conf.max-sql-memory` | Max memory to use processing SQL querie | `25%` | +| `conf.locality` | Locality attribute for this deployment | `""` | +| `conf.single-node` | Disable CockroachDB clustering (standalone mode) | `no` | +| `conf.sql-audit-dir` | Directory for SQL audit log | `""` | +| `conf.port` | CockroachDB primary serving port in Pods | `26257` | +| `conf.http-port` | CockroachDB HTTP port in Pods | `8080` | +| `image.repository` | Container image name | `cockroachdb/cockroach` | +| `image.tag` | Container image tag | `v20.1.3` | +| `image.pullPolicy` | Container pull policy | `IfNotPresent` | +| `image.credentials` | `registry`, `user` and `pass` credentials to pull private image | `{}` | +| `statefulset.replicas` | StatefulSet replicas number | `3` | +| `statefulset.updateStrategy` | Update strategy for StatefulSet Pods | `{"type": "RollingUpdate"}` | +| `statefulset.podManagementPolicy` | `OrderedReady`/`Parallel` Pods creation/deletion order | `Parallel` | +| `statefulset.budget.maxUnavailable` | k8s PodDisruptionBudget parameter | `1` | +| `statefulset.args` | Extra command-line arguments | `[]` | +| `statefulset.env` | Extra env vars | `[]` | +| `statefulset.secretMounts` | Additional Secrets to mount at cluster members | `[]` | +| `statefulset.labels` | Additional labels of StatefulSet and its Pods | `{"app.kubernetes.io/component": "cockroachdb"}` | +| `statefulset.annotations` | Additional annotations of StatefulSet Pods | `{}` | +| `statefulset.nodeAffinity` | [Node affinity rules][2] of StatefulSet Pods | `{}` | +| `statefulset.podAffinity` | [Inter-Pod affinity rules][1] of StatefulSet Pods | `{}` | +| `statefulset.podAntiAffinity` | [Anti-affinity rules][1] of StatefulSet Pods | auto | +| `statefulset.podAntiAffinity.type` | Type of auto [anti-affinity rules][1] | `soft` | +| `statefulset.podAntiAffinity.weight` | Weight for `soft` auto [anti-affinity rules][1] | `100` | +| `statefulset.nodeSelector` | Node labels for StatefulSet Pods assignment | `{}` | +| `statefulset.priorityClassName` | [PriorityClassName][4] for StatefulSet Pods | `""` | +| `statefulset.tolerations` | Node taints to tolerate by StatefulSet Pods | `[]` | +| `statefulset.resources` | Resource requests and limits for StatefulSet Pods | `{}` | +| `service.ports.grpc.external.port` | CockroachDB primary serving port in Services | `26257` | +| `service.ports.grpc.external.name` | CockroachDB primary serving port name in Services | `grpc` | +| `service.ports.grpc.internal.port` | CockroachDB inter-communication port in Services | `26257` | +| `service.ports.grpc.internal.name` | CockroachDB inter-communication port name in Services | `grpc-internal` | +| `service.ports.http.port` | CockroachDB HTTP port in Services | `8080` | +| `service.ports.http.name` | CockroachDB HTTP port name in Services | `http` | +| `service.public.type` | Public Service type | `ClusterIP` | +| `service.public.labels` | Additional labels of public Service | `{"app.kubernetes.io/component": "cockroachdb"}` | +| `service.public.annotations` | Additional annotations of public Service | `{}` | +| `service.discovery.labels` | Additional labels of discovery Service | `{"app.kubernetes.io/component": "cockroachdb"}` | +| `service.discovery.annotations` | Additional annotations of discovery Service | `{}` | +| `storage.hostPath` | Absolute path on host to store data | `""` | +| `storage.persistentVolume.enabled` | Whether to use PersistentVolume to store data | `yes` | +| `storage.persistentVolume.size` | PersistentVolume size | `100Gi` | +| `storage.persistentVolume.storageClass` | PersistentVolume class | `""` | +| `storage.persistentVolume.labels` | Additional labels of PersistentVolumeClaim | `{}` | +| `storage.persistentVolume.annotations` | Additional annotations of PersistentVolumeClaim | `{}` | +| `init.labels` | Additional labels of init Job and its Pod | `{"app.kubernetes.io/component": "init"}` | +| `init.annotations` | Additional labels of the Pod of init Job | `{}` | +| `init.affinity` | [Affinity rules][2] of init Job Pod | `{}` | +| `init.nodeSelector` | Node labels for init Job Pod assignment | `{}` | +| `init.tolerations` | Node taints to tolerate by init Job Pod | `[]` | +| `init.resources` | Resource requests and limits for the Pod of init Job | `{}` | +| `tls.enabled` | Whether to run securely using TLS certificates | `no` | +| `tls.serviceAccount.create` | Whether to create a new RBAC service account | `yes` | +| `tls.serviceAccount.name` | Name of RBAC service account to use | `""` | +| `tls.certs.provided` | Bring your own certs scenario, i.e certificates are provided | `no` | +| `tls.certs.clientRootSecret` | If certs are provided, secret name for client root cert | `cockroachdb-root` | +| `tls.certs.nodeSecret` | If certs are provided, secret name for node cert | `cockroachdb-node` | +| `tls.certs.tlsSecret` | Own certs are stored in TLS secret | `no` | +| `tls.init.image.repository` | Image to use for requesting TLS certificates | `cockroachdb/cockroach-k8s-request-cert` | +| `tls.init.image.tag` | Image tag to use for requesting TLS certificates | `0.4` | +| `tls.init.image.pullPolicy` | Requesting TLS certificates container pull policy | `IfNotPresent` | +| `tls.init.image.credentials` | `registry`, `user` and `pass` credentials to pull private image | `{}` | +| `networkPolicy.enabled` | Enable NetworkPolicy for CockroachDB's Pods | `no` | +| `networkPolicy.ingress.grpc` | Whitelist resources to access gRPC port of CockroachDB's Pods | `[]` | +| `networkPolicy.ingress.http` | Whitelist resources to access gRPC port of CockroachDB's Pods | `[]` | + +Override the default parameters using the `--set key=value[,key=value]` argument to `helm install`. + +Alternatively, a YAML file that specifies custom values for the parameters can be provided while installing the chart. For example: + +```shell +helm install my-release -f my-values.yaml cockroachdb/cockroachdb +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) + +## Deep dive + +### Connecting to the CockroachDB cluster + +Once you've created the cluster, you can start talking to it by connecting to its `-public` Service. CockroachDB is PostgreSQL wire protocol compatible, so there's a [wide variety of supported clients](https://www.cockroachlabs.com/docs/install-client-drivers.html). As an example, we'll open up a SQL shell using CockroachDB's built-in shell and play around with it a bit, like this (likely needing to replace `my-release-cockroachdb-public` with the name of the `-public` Service that was created with your installed chart): + +```shell +kubectl run cockroach-client --rm -it \ +--image=cockroachdb/cockroach \ +--restart=Never \ +-- sql --insecure --host my-release-cockroachdb-public +``` + +``` +Waiting for pod default/cockroach-client to be running, status is Pending, +pod ready: false +If you don't see a command prompt, try pressing enter. +root@my-release-cockroachdb-public:26257> SHOW DATABASES; ++--------------------+ +| Database | ++--------------------+ +| information_schema | +| pg_catalog | +| system | ++--------------------+ +(3 rows) +root@my-release-cockroachdb-public:26257> CREATE DATABASE bank; +CREATE DATABASE +root@my-release-cockroachdb-public:26257> CREATE TABLE bank.accounts (id INT +PRIMARY KEY, balance DECIMAL); +CREATE TABLE +root@my-release-cockroachdb-public:26257> INSERT INTO bank.accounts VALUES +(1234, 10000.50); +INSERT 1 +root@my-release-cockroachdb-public:26257> SELECT * FROM bank.accounts; ++------+---------+ +| id | balance | ++------+---------+ +| 1234 | 10000.5 | ++------+---------+ +(1 row) +root@my-release-cockroachdb-public:26257> \q +Waiting for pod default/cockroach-client to terminate, status is Running +pod "cockroach-client" deleted +``` + +> If you are running in secure mode, you will have to provide a client certificate to the cluster in order to authenticate, so the above command will not work. See [here](https://github.com/cockroachdb/cockroach/blob/master/cloud/kubernetes/client-secure.yaml) for an example of how to set up an interactive SQL shell against a secure cluster or [here](https://github.com/cockroachdb/cockroach/blob/master/cloud/kubernetes/example-app-secure.yaml) for an example application connecting to a secure cluster. + +### Cluster health + +Because our pod spec includes regular health checks of the CockroachDB processes, simply running `kubectl get pods` and looking at the `STATUS` column is sufficient to determine the health of each instance in the cluster. + +If you want more detailed information about the cluster, the best place to look is the Admin UI. + +### Accessing the Admin UI + +If you want to see information about how the cluster is doing, you can try pulling up the CockroachDB Admin UI by port-forwarding from your local machine to one of the pods (replacing `my-release-cockroachdb-0` with the name of one of your pods: + +```shell +kubectl port-forward my-release-cockroachdb-0 8080 +``` + +You should then be able to access the Admin UI by visiting in your web browser. + +### Failover + +If any CockroachDB member fails, it is restarted or recreated automatically by the Kubernetes infrastructure, and will re-join the cluster automatically when it comes back up. You can test this scenario by killing any of the CockroachDB pods: + +```shell +kubectl delete pod my-release-cockroachdb-1 +``` + +```shell +kubectl get pods -l "app.kubernetes.io/instance=my-release,app.kubernetes.io/component=cockroachdb" +``` + +``` +NAME READY STATUS RESTARTS AGE +my-release-cockroachdb-0 1/1 Running 0 5m +my-release-cockroachdb-2 1/1 Running 0 5m +``` + +After a while: + +```shell +kubectl get pods -l "app.kubernetes.io/instance=my-release,app.kubernetes.io/component=cockroachdb" +``` + +``` +NAME READY STATUS RESTARTS AGE +my-release-cockroachdb-0 1/1 Running 0 5m +my-release-cockroachdb-1 1/1 Running 0 20s +my-release-cockroachdb-2 1/1 Running 0 5m +``` + +You can check the state of re-joining from the new pod's logs: + +```shell +kubectl logs my-release-cockroachdb-1 +``` + +``` +[...] +I161028 19:32:09.754026 1 server/node.go:586 [n1] node connected via gossip and +verified as part of cluster {"35ecbc27-3f67-4e7d-9b8f-27c31aae17d6"} +[...] +cockroachdb-0.my-release-cockroachdb.default.svc.cluster.local:26257 +build: beta-20161027-55-gd2d3c7f @ 2016/10/28 19:27:25 (go1.7.3) +admin: http://0.0.0.0:8080 +sql: +postgresql://root@my-release-cockroachdb-1.my-release-cockroachdb.default.svc.cluster.local:26257?sslmode=disable +logs: cockroach-data/logs +store[0]: path=cockroach-data +status: restarted pre-existing node +clusterID: {35ecbc27-3f67-4e7d-9b8f-27c31aae17d6} +nodeID: 2 +[...] +``` + +### NetworkPolicy + +To enable NetworkPolicy for CockroachDB, install [a networking plugin that implements the Kubernetes NetworkPolicy spec](https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy#before-you-begin), and set `networkPolicy.enabled` to `yes`/`true`. + +For Kubernetes v1.5 & v1.6, you must also turn on NetworkPolicy by setting the `DefaultDeny` Namespace annotation. Note: this will enforce policy for _all_ pods in the Namespace: + +```shell +kubectl annotate namespace default "net.beta.kubernetes.io/network-policy={\"ingress\":{\"isolation\":\"DefaultDeny\"}}" +``` + +For more precise policy, set `networkPolicy.ingress.grpc` and `networkPolicy.ingress.http` rules. This will only allow pods that match the provided rules to connect to CockroachDB. + +### Scaling + +Scaling should be managed via the `helm upgrade` command. After resizing your cluster on your cloud environment (e.g., GKE or EKS), run the following command to add a pod. This assumes you scaled from 3 to 4 nodes: + +```shell +helm upgrade \ +my-release \ +cockroachdb/cockroachdb \ +--set statefulset.replicas=4 \ +--reuse-values +``` + +Note, that if you are running in secure mode (`tls.enabled` is `yes`/`true`) and increase the size of your cluster, you will also have to approve the CSR (certificate-signing request) of each new node (using `kubectl get csr` and `kubectl certificate approve`). + +[1]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#inter-pod-affinity-and-anti-affinity +[2]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-affinity +[3]: https://cert-manager.io/ +[4]: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass diff --git a/charts/cockroachdb/cockroachdb/4.1.200/app-readme.md b/charts/cockroachdb/cockroachdb/4.1.200/app-readme.md new file mode 100644 index 000000000..8fcc1fd6f --- /dev/null +++ b/charts/cockroachdb/cockroachdb/4.1.200/app-readme.md @@ -0,0 +1,9 @@ +# CockroachDB Chart + +CockroachDB is a Distributed SQL database that runs natively in Kubernetes. It gives you resilient, horizontal scale across multiple clouds with always-on availability and data partitioned by location. + +CockroachDB scales horizontally without reconfiguration or need for a massive architectural overhaul. Simply add a new node to the cluster and CockroachDB takes care of the underlying complexity. + + - Scale by simply adding new nodes to a CockroachDB cluster + - Automate balancing and distribution of ranges, not shards + - Optimize server utilization evenly across all nodes diff --git a/charts/cockroachdb/cockroachdb/4.1.200/questions.yml b/charts/cockroachdb/cockroachdb/4.1.200/questions.yml new file mode 100644 index 000000000..729c1fd58 --- /dev/null +++ b/charts/cockroachdb/cockroachdb/4.1.200/questions.yml @@ -0,0 +1,8 @@ +questions: +- default: 100Gi + variable: Storage + description: "Size of volume for each CockroachDB Node/Pod" + group: Config + label: "Storage per Node/Pod" + required: true + type: string diff --git a/charts/cockroachdb/cockroachdb/4.1.200/templates/NOTES.txt b/charts/cockroachdb/cockroachdb/4.1.200/templates/NOTES.txt new file mode 100644 index 000000000..797d5292d --- /dev/null +++ b/charts/cockroachdb/cockroachdb/4.1.200/templates/NOTES.txt @@ -0,0 +1,50 @@ +CockroachDB can be accessed via port {{ .Values.service.ports.grpc.external.port }} at the +following DNS name from within your cluster: + +{{ template "cockroachdb.fullname" . }}-public.{{ .Release.Namespace }}.svc.cluster.local + +Because CockroachDB supports the PostgreSQL wire protocol, you can connect to +the cluster using any available PostgreSQL client. + +{{- if not .Values.tls.enabled }} + +For example, you can open up a SQL shell to the cluster by running: + + kubectl run -it --rm cockroach-client \ + --image=cockroachdb/cockroach \ + --restart=Never \ + {{- if .Values.networkPolicy.enabled }} + --labels="{{ template "cockroachdb.fullname" . }}-client=true" \ + {{- end }} + --command -- \ + ./cockroach sql --insecure --host={{ template "cockroachdb.fullname" . }}-public.{{ .Release.Namespace }} + +From there, you can interact with the SQL shell as you would any other SQL +shell, confident that any data you write will be safe and available even if +parts of your cluster fail. +{{- else }} + +Note that because the cluster is running in secure mode, any client application +that you attempt to connect will either need to have a valid client certificate +or a valid username and password. +{{- end }} + +{{- if and (.Values.networkPolicy.enabled) (not (empty .Values.networkPolicy.ingress.grpc)) }} + +Note: Since NetworkPolicy is enabled, the only Pods allowed to connect to this +CockroachDB cluster are: + +1. Having the label: "{{ template "cockroachdb.fullname" . }}-client=true" + +2. Matching the following rules: {{- toYaml .Values.networkPolicy.ingress.grpc | nindent 0 }} +{{- end }} + +Finally, to open up the CockroachDB admin UI, you can port-forward from your +local machine into one of the instances in the cluster: + + kubectl port-forward {{ template "cockroachdb.fullname" . }}-0 {{ index .Values.conf `http-port` | int64 }} + +Then you can access the admin UI at http{{ if .Values.tls.enabled }}s{{ end }}://localhost:{{ index .Values.conf `http-port` | int64 }}/ in your web browser. + +For more information on using CockroachDB, please see the project's docs at: +https://www.cockroachlabs.com/docs/ diff --git a/charts/cockroachdb/cockroachdb/4.1.200/templates/_helpers.tpl b/charts/cockroachdb/cockroachdb/4.1.200/templates/_helpers.tpl new file mode 100644 index 000000000..5de031357 --- /dev/null +++ b/charts/cockroachdb/cockroachdb/4.1.200/templates/_helpers.tpl @@ -0,0 +1,64 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "cockroachdb.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 56 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "cockroachdb.fullname" -}} +{{- if .Values.fullnameOverride -}} + {{- .Values.fullnameOverride | trunc 56 | trimSuffix "-" -}} +{{- else -}} + {{- $name := default .Chart.Name .Values.nameOverride -}} + {{- if contains $name .Release.Name -}} + {{- .Release.Name | trunc 56 | trimSuffix "-" -}} + {{- else -}} + {{- printf "%s-%s" .Release.Name $name | trunc 56 | trimSuffix "-" -}} + {{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "cockroachdb.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 56 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the ServiceAccount to use. +*/}} +{{- define "cockroachdb.tls.serviceAccount.name" -}} +{{- if .Values.tls.serviceAccount.create -}} + {{- default (include "cockroachdb.fullname" .) .Values.tls.serviceAccount.name -}} +{{- else -}} + {{- default "default" .Values.tls.serviceAccount.name -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for NetworkPolicy. +*/}} +{{- define "cockroachdb.networkPolicy.apiVersion" -}} +{{- if semverCompare ">=1.4-0, <=1.7-0" .Capabilities.KubeVersion.GitVersion -}} + {{- print "extensions/v1beta1" -}} +{{- else if semverCompare "^1.7-0" .Capabilities.KubeVersion.GitVersion -}} + {{- print "networking.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for StatefulSets +*/}} +{{- define "cockroachdb.statefulset.apiVersion" -}} +{{- if semverCompare "<1.12-0" .Capabilities.KubeVersion.GitVersion -}} + {{- print "apps/v1beta1" -}} +{{- else -}} + {{- print "apps/v1" -}} +{{- end -}} +{{- end -}} diff --git a/charts/cockroachdb/cockroachdb/4.1.200/templates/clusterrole.yaml b/charts/cockroachdb/cockroachdb/4.1.200/templates/clusterrole.yaml new file mode 100644 index 000000000..77f1ffea1 --- /dev/null +++ b/charts/cockroachdb/cockroachdb/4.1.200/templates/clusterrole.yaml @@ -0,0 +1,19 @@ +{{- if and .Values.tls.enabled (not .Values.tls.certs.provided) }} +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ template "cockroachdb.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + helm.sh/chart: {{ template "cockroachdb.chart" . }} + app.kubernetes.io/name: {{ template "cockroachdb.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + {{- with .Values.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +rules: + - apiGroups: ["certificates.k8s.io"] + resources: ["certificatesigningrequests"] + verbs: ["create", "get", "watch"] +{{- end }} \ No newline at end of file diff --git a/charts/cockroachdb/cockroachdb/4.1.200/templates/clusterrolebinding.yaml b/charts/cockroachdb/cockroachdb/4.1.200/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..3222317ff --- /dev/null +++ b/charts/cockroachdb/cockroachdb/4.1.200/templates/clusterrolebinding.yaml @@ -0,0 +1,23 @@ +{{- if and .Values.tls.enabled (not .Values.tls.certs.provided) }} +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ template "cockroachdb.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + helm.sh/chart: {{ template "cockroachdb.chart" . }} + app.kubernetes.io/name: {{ template "cockroachdb.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + {{- with .Values.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "cockroachdb.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "cockroachdb.tls.serviceAccount.name" . }} + namespace: {{ .Release.Namespace | quote }} +{{- end }} \ No newline at end of file diff --git a/charts/cockroachdb/cockroachdb/4.1.200/templates/ingress.yaml b/charts/cockroachdb/cockroachdb/4.1.200/templates/ingress.yaml new file mode 100644 index 000000000..a4e7389c9 --- /dev/null +++ b/charts/cockroachdb/cockroachdb/4.1.200/templates/ingress.yaml @@ -0,0 +1,52 @@ +{{- if .Values.ingress.enabled -}} +{{- $paths := .Values.ingress.paths -}} +{{- $ports := .Values.service.ports -}} +{{- $fullName := include "cockroachdb.fullname" . -}} +apiVersion: networking.k8s.io/v1beta1 +kind: Ingress +metadata: +{{- if .Values.ingress.annotations }} + annotations: + {{- range $key, $value := .Values.ingress.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +{{- end }} + name: {{ $fullName }}-ingress + namespace: {{ .Release.Namespace }} + labels: + helm.sh/chart: {{ template "cockroachdb.chart" . }} + app.kubernetes.io/name: {{ template "cockroachdb.name" . }} + app.kubernetes.io/instance: {{ $.Release.Name | quote }} + app.kubernetes.io/managed-by: {{ $.Release.Service | quote }} +{{- if .Values.ingress.labels }} +{{- toYaml .Values.ingress.labels | nindent 4 }} +{{- end }} +spec: + rules: + {{- if .Values.ingress.hosts }} + {{- range $host := .Values.ingress.hosts }} + - host: {{ $host }} + http: + paths: + {{- range $path := $paths }} + - path: {{ $path }} + backend: + serviceName: {{ $fullName }}-public + servicePort: {{ $ports.http.name | quote }} + {{- end -}} + {{- end -}} + {{- else }} + - http: + paths: + {{- range $path := $paths }} + - path: {{ $path }} + backend: + serviceName: {{ $fullName }}-public + servicePort: {{ $ports.http.name | quote }} + {{- end -}} + {{- end -}} + {{- if .Values.ingress.tls }} + tls: +{{- toYaml .Values.ingress.tls | nindent 4 }} + {{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/cockroachdb/cockroachdb/4.1.200/templates/job.init.yaml b/charts/cockroachdb/cockroachdb/4.1.200/templates/job.init.yaml new file mode 100644 index 000000000..e0901f88d --- /dev/null +++ b/charts/cockroachdb/cockroachdb/4.1.200/templates/job.init.yaml @@ -0,0 +1,157 @@ +{{- if not (index .Values.conf `single-node`) }} +kind: Job +apiVersion: batch/v1 +metadata: + name: {{ template "cockroachdb.fullname" . }}-init + namespace: {{ .Release.Namespace | quote }} + labels: + helm.sh/chart: {{ template "cockroachdb.chart" . }} + app.kubernetes.io/name: {{ template "cockroachdb.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + {{- with .Values.init.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + template: + metadata: + labels: + app.kubernetes.io/name: {{ template "cockroachdb.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + {{- with .Values.init.labels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.init.annotations }} + annotations: {{- toYaml . | nindent 8 }} + {{- end }} + spec: + restartPolicy: OnFailure + terminationGracePeriodSeconds: 0 + {{- if or .Values.image.credentials (and .Values.tls.enabled .Values.tls.init.image.credentials (not .Values.tls.certs.provided)) }} + imagePullSecrets: + {{- if .Values.image.credentials }} + - name: {{ template "cockroachdb.fullname" . }}.db.registry + {{- end }} + {{- if and .Values.tls.enabled .Values.tls.init.image.credentials (not .Values.tls.certs.provided) }} + - name: {{ template "cockroachdb.fullname" . }}.init-certs.registry + {{- end }} + {{- end }} + {{- if and .Values.tls.enabled (not .Values.tls.certs.provided)}} + serviceAccountName: {{ template "cockroachdb.tls.serviceAccount.name" . }} + initContainers: + # The init-certs container sends a CSR (certificate signing request) to + # the Kubernetes cluster. + # You can see pending requests using: + # kubectl get csr + # CSRs can be approved using: + # kubectl certificate approve + # + # In addition to the Node certificate and key, the init-certs entrypoint + # will symlink the cluster CA to the certs directory. + - name: init-certs + image: "{{ .Values.tls.init.image.repository }}:{{ .Values.tls.init.image.tag }}" + imagePullPolicy: {{ .Values.tls.init.image.pullPolicy | quote }} + command: + - /bin/ash + - -ecx + - >- + /request-cert + -namespace=${POD_NAMESPACE} + -certs-dir=/cockroach-certs/ + -symlink-ca-from=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt + -type=client + -user=root + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + volumeMounts: + - name: client-certs + mountPath: /cockroach-certs/ + {{- end }} + {{- with .Values.init.affinity }} + affinity: {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.init.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.init.tolerations }} + tolerations: {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: cluster-init + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + # Run the command in an `while true` loop because this Job is bound + # to come up before the CockroachDB Pods (due to the time needed to + # get PersistentVolumes attached to Nodes), and sleeping 5 seconds + # between attempts is much better than letting the Pod fail when + # the init command does and waiting out Kubernetes' non-configurable + # exponential back-off for Pod restarts. + # Command completes either when cluster initialization succeeds, + # or when cluster has been initialized already. + command: + - /bin/bash + - -c + - >- + while true; do + initOUT=$(set -x; + /cockroach/cockroach init + {{- if .Values.tls.enabled }} + --certs-dir=/cockroach-certs/ + {{- else }} + --insecure + {{- end }} + {{- with index .Values.conf "cluster-name" }} + --cluster-name={{.}} + {{- end }} + --host={{ template "cockroachdb.fullname" . }}-0.{{ template "cockroachdb.fullname" . -}} + :{{ .Values.service.ports.grpc.internal.port | int64 }} + 2>&1); + initRC="$?"; + echo $initOUT; + [[ "$initRC" == "0" ]] && exit 0; + [[ "$initOUT" == *"cluster has already been initialized"* ]] && exit 0; + sleep 5; + done + {{- if .Values.tls.enabled }} + volumeMounts: + - name: client-certs + mountPath: /cockroach-certs/ + {{- end }} + {{- with .Values.init.resources }} + resources: {{- toYaml . | nindent 12 }} + {{- end }} + {{- if .Values.tls.enabled }} + volumes: + - name: client-certs + {{- if .Values.tls.certs.provided }} + {{- if .Values.tls.certs.tlsSecret }} + projected: + sources: + - secret: + name: {{ .Values.tls.certs.clientRootSecret }} + items: + - key: ca.crt + path: ca.crt + mode: 0400 + - key: tls.crt + path: client.root.crt + mode: 0400 + - key: tls.key + path: client.root.key + mode: 0400 + {{- else }} + secret: + secretName: {{ .Values.tls.certs.clientRootSecret }} + defaultMode: 0400 + {{- end }} + {{- else }} + emptyDir: {} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/cockroachdb/cockroachdb/4.1.200/templates/networkpolicy.yaml b/charts/cockroachdb/cockroachdb/4.1.200/templates/networkpolicy.yaml new file mode 100644 index 000000000..1739c45e5 --- /dev/null +++ b/charts/cockroachdb/cockroachdb/4.1.200/templates/networkpolicy.yaml @@ -0,0 +1,59 @@ +{{- if .Values.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ template "cockroachdb.networkPolicy.apiVersion" . }} +metadata: + name: {{ template "cockroachdb.tls.serviceAccount.name" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + helm.sh/chart: {{ template "cockroachdb.chart" . }} + app.kubernetes.io/name: {{ template "cockroachdb.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + {{- with .Values.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + podSelector: + matchLabels: + app.kubernetes.io/name: {{ template "cockroachdb.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + {{- with .Values.statefulset.labels }} + {{- toYaml . | nindent 6 }} + {{- end }} + ingress: + - ports: + - port: grpc + {{- with .Values.networkPolicy.ingress.grpc }} + from: + # Allow connections via custom rules. + {{- toYaml . | nindent 8 }} + # Allow client connection via pre-considered label. + - podSelector: + matchLabels: + {{ template "cockroachdb.fullname" . }}-client: "true" + # Allow other CockroachDBs to connect to form a cluster. + - podSelector: + matchLabels: + app.kubernetes.io/name: {{ template "cockroachdb.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + {{- with .Values.statefulset.labels }} + {{- toYaml . | nindent 14 }} + {{- end }} + {{- if gt (.Values.statefulset.replicas | int64) 1 }} + # Allow init Job to connect to bootstrap a cluster. + - podSelector: + matchLabels: + app.kubernetes.io/name: {{ template "cockroachdb.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + {{- with .Values.init.labels }} + {{- toYaml . | nindent 14 }} + {{- end }} + {{- end }} + {{- end }} + # Allow connections to admin UI and for Prometheus. + - ports: + - port: http + {{- with .Values.networkPolicy.ingress.http }} + from: {{- toYaml . | nindent 8 }} + {{- end }} +{{- end }} diff --git a/charts/cockroachdb/cockroachdb/4.1.200/templates/poddisruptionbudget.yaml b/charts/cockroachdb/cockroachdb/4.1.200/templates/poddisruptionbudget.yaml new file mode 100644 index 000000000..e49431f89 --- /dev/null +++ b/charts/cockroachdb/cockroachdb/4.1.200/templates/poddisruptionbudget.yaml @@ -0,0 +1,22 @@ +kind: PodDisruptionBudget +apiVersion: policy/v1beta1 +metadata: + name: {{ template "cockroachdb.fullname" . }}-budget + namespace: {{ .Release.Namespace | quote }} + labels: + helm.sh/chart: {{ template "cockroachdb.chart" . }} + app.kubernetes.io/name: {{ template "cockroachdb.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + {{- with .Values.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ template "cockroachdb.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + {{- with .Values.statefulset.labels }} + {{- toYaml . | nindent 6 }} + {{- end }} + maxUnavailable: {{ .Values.statefulset.budget.maxUnavailable | int64 }} diff --git a/charts/cockroachdb/cockroachdb/4.1.200/templates/role.yaml b/charts/cockroachdb/cockroachdb/4.1.200/templates/role.yaml new file mode 100644 index 000000000..62a044ddc --- /dev/null +++ b/charts/cockroachdb/cockroachdb/4.1.200/templates/role.yaml @@ -0,0 +1,23 @@ +{{- if .Values.tls.enabled }} +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ template "cockroachdb.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + helm.sh/chart: {{ template "cockroachdb.chart" . }} + app.kubernetes.io/name: {{ template "cockroachdb.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + {{- with .Values.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +rules: + - apiGroups: [""] + resources: ["secrets"] + {{- if .Values.tls.certs.provided }} + verbs: ["get"] + {{- else }} + verbs: ["create", "get"] + {{- end }} +{{- end }} diff --git a/charts/cockroachdb/cockroachdb/4.1.200/templates/rolebinding.yaml b/charts/cockroachdb/cockroachdb/4.1.200/templates/rolebinding.yaml new file mode 100644 index 000000000..c65441b42 --- /dev/null +++ b/charts/cockroachdb/cockroachdb/4.1.200/templates/rolebinding.yaml @@ -0,0 +1,23 @@ +{{- if .Values.tls.enabled }} +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ template "cockroachdb.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + helm.sh/chart: {{ template "cockroachdb.chart" . }} + app.kubernetes.io/name: {{ template "cockroachdb.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + {{- with .Values.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "cockroachdb.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "cockroachdb.tls.serviceAccount.name" . }} + namespace: {{ .Release.Namespace | quote }} +{{- end }} diff --git a/charts/cockroachdb/cockroachdb/4.1.200/templates/secret.registry.yaml b/charts/cockroachdb/cockroachdb/4.1.200/templates/secret.registry.yaml new file mode 100644 index 000000000..3dc34f386 --- /dev/null +++ b/charts/cockroachdb/cockroachdb/4.1.200/templates/secret.registry.yaml @@ -0,0 +1,23 @@ +{{- range $name, $cred := dict "db" (.Values.image.credentials) "init-certs" (.Values.tls.init.image.credentials) }} +{{- if not (empty $cred) }} +{{- if or (and (eq $name "init-certs") $.Values.tls.enabled) (ne $name "init-certs") }} +--- +kind: Secret +apiVersion: v1 +metadata: + name: {{ template "cockroachdb.fullname" $ }}.{{ $name }}.registry + namespace: {{ $.Release.Namespace | quote }} + labels: + helm.sh/chart: {{ template "cockroachdb.chart" $ }} + app.kubernetes.io/name: {{ template "cockroachdb.name" $ }} + app.kubernetes.io/instance: {{ $.Release.Name | quote }} + app.kubernetes.io/managed-by: {{ $.Release.Service | quote }} + {{- with $.Values.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +type: kubernetes.io/dockerconfigjson +data: + .dockerconfigjson: {{ printf `{"auths":{%s:{"auth":"%s"}}}` ($cred.registry | quote) (printf "%s:%s" $cred.username $cred.password | b64enc) | b64enc | quote }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/cockroachdb/cockroachdb/4.1.200/templates/service.discovery.yaml b/charts/cockroachdb/cockroachdb/4.1.200/templates/service.discovery.yaml new file mode 100644 index 000000000..3b7f5d0e7 --- /dev/null +++ b/charts/cockroachdb/cockroachdb/4.1.200/templates/service.discovery.yaml @@ -0,0 +1,62 @@ +# This service only exists to create DNS entries for each pod in +# the StatefulSet such that they can resolve each other's IP addresses. +# It does not create a load-balanced ClusterIP and should not be used directly +# by clients in most circumstances. +kind: Service +apiVersion: v1 +metadata: + name: {{ template "cockroachdb.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + helm.sh/chart: {{ template "cockroachdb.chart" . }} + app.kubernetes.io/name: {{ template "cockroachdb.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + {{- with .Values.service.discovery.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + annotations: + # Use this annotation in addition to the actual field below because the + # annotation will stop being respected soon, but the field is broken in + # some versions of Kubernetes: + # https://github.com/kubernetes/kubernetes/issues/58662 + service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" + # Enable automatic monitoring of all instances when Prometheus is running + # in the cluster. + prometheus.io/scrape: "true" + prometheus.io/path: _status/vars + prometheus.io/port: {{ .Values.service.ports.http.port | quote }} + {{- with .Values.service.discovery.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + clusterIP: None + # We want all Pods in the StatefulSet to have their addresses published for + # the sake of the other CockroachDB Pods even before they're ready, since they + # have to be able to talk to each other in order to become ready. + publishNotReadyAddresses: true + ports: + {{- $ports := .Values.service.ports }} + # The main port, served by gRPC, serves Postgres-flavor SQL, inter-node + # traffic and the CLI. + - name: {{ $ports.grpc.external.name | quote }} + port: {{ $ports.grpc.external.port | int64 }} + targetPort: grpc + {{- if ne ($ports.grpc.internal.port | int64) ($ports.grpc.external.port | int64) }} + - name: {{ $ports.grpc.internal.name | quote }} + port: {{ $ports.grpc.internal.port | int64 }} + targetPort: grpc + {{- end }} + # The secondary port serves the UI as well as health and debug endpoints. + - name: {{ $ports.http.name | quote }} + port: {{ $ports.http.port | int64 }} + targetPort: http + selector: + app.kubernetes.io/name: {{ template "cockroachdb.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + {{- with .Values.statefulset.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} diff --git a/charts/cockroachdb/cockroachdb/4.1.200/templates/service.public.yaml b/charts/cockroachdb/cockroachdb/4.1.200/templates/service.public.yaml new file mode 100644 index 000000000..529b89d83 --- /dev/null +++ b/charts/cockroachdb/cockroachdb/4.1.200/templates/service.public.yaml @@ -0,0 +1,46 @@ +# This Service is meant to be used by clients of the database. +# It exposes a ClusterIP that will automatically load balance connections +# to the different database Pods. +kind: Service +apiVersion: v1 +metadata: + name: {{ template "cockroachdb.fullname" . }}-public + namespace: {{ .Release.Namespace | quote }} + labels: + helm.sh/chart: {{ template "cockroachdb.chart" . }} + app.kubernetes.io/name: {{ template "cockroachdb.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + {{- with .Values.service.public.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +{{- with .Values.service.public.annotations }} + annotations: {{- toYaml . | nindent 4 }} +{{- end }} +spec: + type: {{ .Values.service.public.type | quote }} + ports: + {{- $ports := .Values.service.ports }} + # The main port, served by gRPC, serves Postgres-flavor SQL, inter-node + # traffic and the CLI. + - name: {{ $ports.grpc.external.name | quote }} + port: {{ $ports.grpc.external.port | int64 }} + targetPort: grpc + {{- if ne ($ports.grpc.internal.port | int64) ($ports.grpc.external.port | int64) }} + - name: {{ $ports.grpc.internal.name | quote }} + port: {{ $ports.grpc.internal.port | int64 }} + targetPort: grpc + {{- end }} + # The secondary port serves the UI as well as health and debug endpoints. + - name: {{ $ports.http.name | quote }} + port: {{ $ports.http.port | int64 }} + targetPort: http + selector: + app.kubernetes.io/name: {{ template "cockroachdb.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + {{- with .Values.statefulset.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} diff --git a/charts/cockroachdb/cockroachdb/4.1.200/templates/serviceaccount.yaml b/charts/cockroachdb/cockroachdb/4.1.200/templates/serviceaccount.yaml new file mode 100644 index 000000000..45c3fe09c --- /dev/null +++ b/charts/cockroachdb/cockroachdb/4.1.200/templates/serviceaccount.yaml @@ -0,0 +1,15 @@ +{{- if and .Values.tls.enabled .Values.tls.serviceAccount.create }} +kind: ServiceAccount +apiVersion: v1 +metadata: + name: {{ template "cockroachdb.tls.serviceAccount.name" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + helm.sh/chart: {{ template "cockroachdb.chart" . }} + app.kubernetes.io/name: {{ template "cockroachdb.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + {{- with .Values.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/cockroachdb/cockroachdb/4.1.200/templates/statefulset.yaml b/charts/cockroachdb/cockroachdb/4.1.200/templates/statefulset.yaml new file mode 100644 index 000000000..adb116788 --- /dev/null +++ b/charts/cockroachdb/cockroachdb/4.1.200/templates/statefulset.yaml @@ -0,0 +1,334 @@ +kind: StatefulSet +apiVersion: {{ template "cockroachdb.statefulset.apiVersion" . }} +metadata: + name: {{ template "cockroachdb.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + helm.sh/chart: {{ template "cockroachdb.chart" . }} + app.kubernetes.io/name: {{ template "cockroachdb.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + {{- with .Values.statefulset.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + serviceName: {{ template "cockroachdb.fullname" . }} + replicas: {{ .Values.statefulset.replicas | int64 }} + updateStrategy: {{- toYaml .Values.statefulset.updateStrategy | nindent 4 }} + podManagementPolicy: {{ .Values.statefulset.podManagementPolicy | quote }} + selector: + matchLabels: + app.kubernetes.io/name: {{ template "cockroachdb.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + {{- with .Values.statefulset.labels }} + {{- toYaml . | nindent 6 }} + {{- end }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ template "cockroachdb.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + {{- with .Values.statefulset.labels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.labels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.statefulset.annotations }} + annotations: {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- if or .Values.image.credentials (and .Values.tls.enabled .Values.tls.init.image.credentials (not .Values.tls.certs.provided)) }} + imagePullSecrets: + {{- if .Values.image.credentials }} + - name: {{ template "cockroachdb.fullname" . }}.db.registry + {{- end }} + {{- if and .Values.tls.enabled .Values.tls.init.image.credentials (not .Values.tls.certs.provided) }} + - name: {{ template "cockroachdb.fullname" . }}.init-certs.registry + {{- end }} + {{- end }} + {{- if .Values.tls.enabled }} + serviceAccountName: {{ template "cockroachdb.tls.serviceAccount.name" . }} + {{- if not .Values.tls.certs.provided }} + initContainers: + # The init-certs container sends a CSR (certificate signing request) to + # the Kubernetes cluster. + # You can see pending requests using: + # kubectl get csr + # CSRs can be approved using: + # kubectl certificate approve + # + # All addresses used to contact a Node must be specified in the + # `--addresses` arg. + # + # In addition to the Node certificate and key, the init-certs entrypoint + # will symlink the cluster CA to the certs directory. + - name: init-certs + image: "{{ .Values.tls.init.image.repository }}:{{ .Values.tls.init.image.tag }}" + imagePullPolicy: {{ .Values.tls.init.image.pullPolicy | quote }} + command: + - /bin/ash + - -ecx + - >- + /request-cert + -namespace=${POD_NAMESPACE} + -certs-dir=/cockroach-certs/ + -symlink-ca-from=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt + -type=node + -addresses=localhost,127.0.0.1,$(hostname -f),$(hostname -f|cut -f 1-2 -d '.'),{{ template "cockroachdb.fullname" . }}-public,{{ template "cockroachdb.fullname" . }}-public.$(hostname -f|cut -f 3- -d '.') + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + volumeMounts: + - name: certs + mountPath: /cockroach-certs/ + {{- end }} + {{- end }} + {{- if or .Values.statefulset.nodeAffinity .Values.statefulset.podAffinity .Values.statefulset.podAntiAffinity }} + affinity: + {{- with .Values.statefulset.nodeAffinity }} + nodeAffinity: {{- toYaml . | nindent 10 }} + {{- end }} + {{- with .Values.statefulset.podAffinity }} + podAffinity: {{- toYaml . | nindent 10 }} + {{- end }} + {{- if .Values.statefulset.podAntiAffinity }} + podAntiAffinity: + {{- if .Values.statefulset.podAntiAffinity.type }} + {{- if eq .Values.statefulset.podAntiAffinity.type "hard" }} + requiredDuringSchedulingIgnoredDuringExecution: + - topologyKey: kubernetes.io/hostname + labelSelector: + matchLabels: + app.kubernetes.io/name: {{ template "cockroachdb.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + {{- with .Values.statefulset.labels }} + {{- toYaml . | nindent 18 }} + {{- end }} + {{- else if eq .Values.statefulset.podAntiAffinity.type "soft" }} + preferredDuringSchedulingIgnoredDuringExecution: + - weight: {{ .Values.statefulset.podAntiAffinity.weight | int64 }} + podAffinityTerm: + topologyKey: kubernetes.io/hostname + labelSelector: + matchLabels: + app.kubernetes.io/name: {{ template "cockroachdb.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + {{- with .Values.statefulset.labels }} + {{- toYaml . | nindent 20 }} + {{- end }} + {{- end }} + {{- else }} + {{- toYaml .Values.statefulset.podAntiAffinity | nindent 10 }} + {{- end }} + {{- end }} + {{- end }} + {{- with .Values.statefulset.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.statefulset.priorityClassName }} + priorityClassName: {{ .Values.statefulset.priorityClassName }} + {{- end }} + {{- with .Values.statefulset.tolerations }} + tolerations: {{- toYaml . | nindent 8 }} + {{- end }} + # No pre-stop hook is required, a SIGTERM plus some time is all that's + # needed for graceful shutdown of a node. + terminationGracePeriodSeconds: 60 + containers: + - name: db + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + args: + - shell + - -ecx + # The use of qualified `hostname -f` is crucial: + # Other nodes aren't able to look up the unqualified hostname. + # + # `--join` CLI flag is hardcoded to exactly 3 Pods, because: + # 1. Having `--join` value depending on `statefulset.replicas` + # will trigger undesired restart of existing Pods when + # StatefulSet is scaled up/down. We want to scale without + # restarting existing Pods. + # 2. At least one Pod in `--join` is enough to successfully + # join CockroachDB cluster and gossip with all other existing + # Pods, even if there are 3 or more Pods. + # 3. It's harmless for `--join` to have 3 Pods even for 1-Pod + # clusters, while it gives us opportunity to scale up even if + # some Pods of existing cluster are down (for whatever reason). + # See details explained here: + # https://github.com/helm/charts/pull/18993#issuecomment-558795102 + - >- + exec /cockroach/cockroach + {{- if index .Values.conf `single-node` }} + start-single-node + {{- else }} + start --join= + {{- if .Values.conf.join }} + {{- join `,` .Values.conf.join -}} + {{- else }} + {{- range $i, $_ := until 3 -}} + {{- if gt $i 0 -}},{{- end -}} + ${STATEFULSET_NAME}-{{ $i }}.${STATEFULSET_FQDN}:{{ $.Values.service.ports.grpc.internal.port | int64 -}} + {{- end -}} + {{- end }} + --advertise-host=$(hostname).${STATEFULSET_FQDN} + {{- with index .Values.conf `cluster-name` }} + --cluster-name={{ . }} + {{- if index $.Values.conf `disable-cluster-name-verification` }} + --disable-cluster-name-verification + {{- end }} + {{- end }} + {{- end }} + --logtostderr={{ .Values.conf.logtostderr }} + {{- if .Values.tls.enabled }} + --certs-dir=/cockroach/cockroach-certs/ + {{- else }} + --insecure + {{- end }} + {{- with .Values.conf.attrs }} + --attrs={{ join `:` . }} + {{- end }} + --http-port={{ index .Values.conf `http-port` | int64 }} + --port={{ .Values.conf.port | int64 }} + --cache={{ .Values.conf.cache }} + --max-disk-temp-storage={{ index .Values.conf `max-disk-temp-storage` }} + --max-offset={{ index .Values.conf `max-offset` }} + --max-sql-memory={{ index .Values.conf `max-sql-memory` }} + {{- with .Values.conf.locality }} + --locality={{ . }} + {{- end }} + {{- with index .Values.conf `sql-audit-dir` }} + --sql-audit-dir={{ . }} + {{- end }} + {{- range .Values.statefulset.args }} + {{ . }} + {{- end }} + env: + - name: STATEFULSET_NAME + value: {{ template "cockroachdb.fullname" . }} + - name: STATEFULSET_FQDN + value: {{ template "cockroachdb.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} + - name: COCKROACH_CHANNEL + value: kubernetes-helm + {{- with .Values.statefulset.env }} + {{- toYaml . | nindent 12 }} + {{- end }} + ports: + - name: grpc + containerPort: {{ .Values.conf.port | int64 }} + protocol: TCP + - name: http + containerPort: {{ index .Values.conf `http-port` | int64 }} + protocol: TCP + volumeMounts: + - name: datadir + mountPath: /cockroach/cockroach-data/ + {{- if .Values.tls.enabled }} + - name: certs + mountPath: /cockroach/cockroach-certs/ + {{- end }} + {{- range .Values.statefulset.secretMounts }} + - name: {{ printf "secret-%s" . | quote }} + mountPath: {{ printf "/etc/cockroach/secrets/%s" . | quote }} + readOnly: true + {{- end }} + livenessProbe: + httpGet: + path: /health + port: http + {{- if .Values.tls.enabled }} + scheme: HTTPS + {{- end }} + initialDelaySeconds: 30 + periodSeconds: 5 + readinessProbe: + httpGet: + path: /health?ready=1 + port: http + {{- if .Values.tls.enabled }} + scheme: HTTPS + {{- end }} + initialDelaySeconds: 10 + periodSeconds: 5 + failureThreshold: 2 + {{- with .Values.statefulset.resources }} + resources: {{- toYaml . | nindent 12 }} + {{- end }} + volumes: + - name: datadir + {{- if .Values.storage.persistentVolume.enabled }} + persistentVolumeClaim: + claimName: datadir + {{- else if .Values.storage.hostPath }} + hostPath: + path: {{ .Values.storage.hostPath | quote }} + {{- else }} + emptyDir: {} + {{- end }} + {{- if .Values.tls.enabled }} + - name: certs + {{- if .Values.tls.certs.provided }} + {{- if .Values.tls.certs.tlsSecret }} + projected: + sources: + - secret: + name: {{ .Values.tls.certs.nodeSecret }} + items: + - key: ca.crt + path: ca.crt + mode: 0400 + - key: tls.crt + path: node.crt + mode: 0400 + - key: tls.key + path: node.key + mode: 0400 + {{- else }} + secret: + secretName: {{ .Values.tls.certs.nodeSecret }} + defaultMode: 0400 + {{- end }} + {{- else }} + emptyDir: {} + {{- end }} + {{- end }} + {{- range .Values.statefulset.secretMounts }} + - name: {{ printf "secret-%s" . | quote }} + secret: + secretName: {{ . | quote }} + {{- end }} +{{- if .Values.storage.persistentVolume.enabled }} + volumeClaimTemplates: + - metadata: + name: datadir + labels: + app.kubernetes.io/name: {{ template "cockroachdb.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + {{- with .Values.storage.persistentVolume.labels }} + {{- toYaml . | nindent 10 }} + {{- end }} + {{- with .Values.labels }} + {{- toYaml . | nindent 10 }} + {{- end }} + {{- with .Values.storage.persistentVolume.annotations }} + annotations: {{- toYaml . | nindent 10 }} + {{- end }} + spec: + accessModes: ["ReadWriteOnce"] + {{- if .Values.storage.persistentVolume.storageClass }} + {{- if (eq "-" .Values.storage.persistentVolume.storageClass) }} + storageClassName: "" + {{- else }} + storageClassName: {{ .Values.storage.persistentVolume.storageClass | quote}} + {{- end }} + {{- end }} + resources: + requests: + storage: {{ .Values.storage.persistentVolume.size | quote }} +{{- end }} diff --git a/charts/cockroachdb/cockroachdb/4.1.200/templates/tests/client.yaml b/charts/cockroachdb/cockroachdb/4.1.200/templates/tests/client.yaml new file mode 100644 index 000000000..8c8f96be7 --- /dev/null +++ b/charts/cockroachdb/cockroachdb/4.1.200/templates/tests/client.yaml @@ -0,0 +1,65 @@ +kind: Pod +apiVersion: v1 +metadata: + name: {{ template "cockroachdb.fullname" . }}-test + namespace: {{ .Release.Namespace | quote }} +{{- if .Values.networkPolicy.enabled }} + labels: + {{ template "cockroachdb.fullname" . }}-client: "true" +{{- end }} + annotations: + helm.sh/hook: test-success +spec: + restartPolicy: Never +{{- if .Values.image.credentials }} + imagePullSecrets: + - name: {{ template "cockroachdb.fullname" . }}.db.registry +{{- end }} + {{- if .Values.tls.certs.provided }} + volumes: + - name: client-certs + {{- if .Values.tls.certs.tlsSecret }} + projected: + sources: + - secret: + name: {{ .Values.tls.certs.clientRootSecret }} + items: + - key: ca.crt + path: ca.crt + mode: 0400 + - key: tls.crt + path: client.root.crt + mode: 0400 + - key: tls.key + path: client.root.key + mode: 0400 + {{- else }} + secret: + secretName: {{ .Values.tls.certs.clientRootSecret }} + defaultMode: 0400 + {{- end }} + {{- end }} + containers: + - name: client-test + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.tls.certs.provided }} + volumeMounts: + - name: client-certs + mountPath: /cockroach-certs + {{- end }} + command: + - /cockroach/cockroach + - sql + {{- if .Values.tls.certs.provided }} + - --certs-dir + - /cockroach-certs + {{- else }} + - --insecure + {{- end}} + - --host + - {{ template "cockroachdb.fullname" . }}-public.{{ .Release.Namespace }} + - --port + - {{ .Values.service.ports.grpc.external.port | quote }} + - -e + - SHOW DATABASES; diff --git a/charts/cockroachdb/cockroachdb/4.1.200/values.yaml b/charts/cockroachdb/cockroachdb/4.1.200/values.yaml new file mode 100644 index 000000000..0ed532d7e --- /dev/null +++ b/charts/cockroachdb/cockroachdb/4.1.200/values.yaml @@ -0,0 +1,382 @@ +image: + repository: cockroachdb/cockroach + tag: v20.1.3 + pullPolicy: IfNotPresent + credentials: {} + # registry: docker.io + # username: john_doe + # password: changeme + + +# Additional labels to apply to all Kubernetes resources created by this chart. +labels: {} + # app.kubernetes.io/part-of: my-app + + +# Cluster's default DNS domain. +# You should overwrite it if you're using a different one, +# otherwise CockroachDB nodes discovery won't work. +clusterDomain: cluster.local + + +conf: + # An ordered list of CockroachDB node attributes. + # Attributes are arbitrary strings specifying machine capabilities. + # Machine capabilities might include specialized hardware or number of cores + # (e.g. "gpu", "x16c"). + attrs: [] + # - x16c + # - gpu + + # Total size in bytes for caches, shared evenly if there are multiple + # storage devices. Size suffixes are supported (e.g. `1GB` and `1GiB`). + # A percentage of physical memory can also be specified (e.g. `.25`). + cache: 25% + + # Sets a name to verify the identity of a cluster. + # The value must match between all nodes specified via `conf.join`. + # This can be used as an additional verification when either the node or + # cluster, or both, have not yet been initialized and do not yet know their + # cluster ID. + # To introduce a cluster name into an already-initialized cluster, pair this + # option with `conf.disable-cluster-name-verification: yes`. + cluster-name: "" + + # Tell the server to ignore `conf.cluster-name` mismatches. + # This is meant for use when opting an existing cluster into starting to use + # cluster name verification, or when changing the cluster name. + # The cluster should be restarted once with `conf.cluster-name` and + # `conf.disable-cluster-name-verification: yes` combined, and once all nodes + # have been updated to know the new cluster name, the cluster can be restarted + # again with `conf.disable-cluster-name-verification: no`. + # This option has no effect if `conf.cluster-name` is not specified. + disable-cluster-name-verification: false + + # The addresses for connecting a CockroachDB nodes to an existing cluster. + # If you are deploying a second CockroachDB instance that should join a first + # one, use the below list to join to the existing instance. + # Each item in the array should be a FQDN (and port if needed) resolvable by + # new Pods. + join: [] + + # Logs at or above this threshold to STDERR. + logtostderr: INFO + + # Maximum storage capacity available to store temporary disk-based data for + # SQL queries that exceed the memory budget (e.g. join, sorts, etc are + # sometimes able to spill intermediate results to disk). + # Accepts numbers interpreted as bytes, size suffixes (e.g. `32GB` and + # `32GiB`) or a percentage of disk size (e.g. `10%`). + # The location of the temporary files is within the first store dir. + # If expressed as a percentage, `max-disk-temp-storage` is interpreted + # relative to the size of the storage device on which the first store is + # placed. The temp space usage is never counted towards any store usage + # (although it does share the device with the first store) so, when + # configuring this, make sure that the size of this temp storage plus the size + # of the first store don't exceed the capacity of the storage device. + # If the first store is an in-memory one (i.e. `type=mem`), then this + # temporary "disk" data is also kept in-memory. + # A percentage value is interpreted as a percentage of the available internal + # memory. + max-disk-temp-storage: 0 + + # Maximum allowed clock offset for the cluster. If observed clock offsets + # exceed this limit, servers will crash to minimize the likelihood of + # reading inconsistent data. Increasing this value will increase the time + # to recovery of failures as well as the frequency of uncertainty-based + # read restarts. + # Note, that this value must be the same on all nodes in the cluster. + # In order to change it, all nodes in the cluster must be stopped + # simultaneously and restarted with the new value. + max-offset: 500ms + + # Maximum memory capacity available to store temporary data for SQL clients, + # including prepared queries and intermediate data rows during query + # execution. Accepts numbers interpreted as bytes, size suffixes + # (e.g. `1GB` and `1GiB`) or a percentage of physical memory (e.g. `.25`). + max-sql-memory: 25% + + # An ordered, comma-separated list of key-value pairs that describe the + # topography of the machine. Topography might include country, datacenter + # or rack designations. Data is automatically replicated to maximize + # diversities of each tier. The order of tiers is used to determine + # the priority of the diversity, so the more inclusive localities like + # country should come before less inclusive localities like datacenter. + # The tiers and order must be the same on all nodes. Including more tiers + # is better than including fewer. For example: + # locality: country=us,region=us-west,datacenter=us-west-1b,rack=12 + # locality: country=ca,region=ca-east,datacenter=ca-east-2,rack=4 + # locality: planet=earth,province=manitoba,colo=secondary,power=3 + locality: "" + + # Run CockroachDB instances in standalone mode with replication disabled + # (replication factor = 1). + # Enabling this option makes the following values to be ignored: + # - `conf.cluster-name` + # - `conf.disable-cluster-name-verification` + # - `conf.join` + # + # WARNING: Enabling this option makes each deployed Pod as a STANDALONE + # CockroachDB instance, so the StatefulSet does NOT FORM A CLUSTER. + # Don't use this option for production deployments unless you clearly + # understand what you're doing. + # Usually, this option is intended to be used in conjunction with + # `statefulset.replicas: 1` for temporary one-time deployments (like + # running E2E tests, for example). + single-node: false + + # If non-empty, create a SQL audit log in the specified directory. + sql-audit-dir: "" + + # CockroachDB's port to listen to inter-communications and client connections. + port: 26257 + + # CockroachDB's port to listen to HTTP requests. + http-port: 8080 + + +statefulset: + replicas: 3 + updateStrategy: + type: RollingUpdate + podManagementPolicy: Parallel + budget: + maxUnavailable: 1 + + # List of additional command-line arguments you want to pass to the + # `cockroach start` command. + args: [] + # - --disable-cluster-name-verification + + # List of extra environment variables to pass into container + env: [] + # - name: COCKROACH_ENGINE_MAX_SYNC_DURATION + # value: "24h" + + # List of Secrets names in the same Namespace as the CockroachDB cluster, + # which shall be mounted into `/etc/cockroach/secrets/` for every cluster + # member. + secretMounts: [] + + # Additional labels to apply to this StatefulSet and all its Pods. + labels: + app.kubernetes.io/component: cockroachdb + + # Additional annotations to apply to the Pods of this StatefulSet. + annotations: {} + + # Affinity rules for scheduling Pods of this StatefulSet on Nodes. + # https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-affinity + nodeAffinity: {} + # Inter-Pod Affinity rules for scheduling Pods of this StatefulSet. + # https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#inter-pod-affinity-and-anti-affinity + podAffinity: {} + # Anti-affinity rules for scheduling Pods of this StatefulSet. + # https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#inter-pod-affinity-and-anti-affinity + # You may either toggle options below for default anti-affinity rules, + # or specify the whole set of anti-affinity rules instead of them. + podAntiAffinity: + # Type of anti-affinity rules: either `soft`, `hard` or empty value (which + # disables anti-affinity rules). + type: soft + # Weight for `soft` anti-affinity rules. + # Does not apply for other anti-affinity types. + weight: 100 + + # Node selection constraints for scheduling Pods of this StatefulSet. + # https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector + nodeSelector: {} + + # PriorityClassName given to Pods of this StatefulSet + # https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass + priorityClassName: "" + + # Taints to be tolerated by Pods of this StatefulSet. + # https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + tolerations: [] + + + # Uncomment the following resources definitions or pass them from + # command line to control the CPU and memory resources allocated + # by Pods of this StatefulSet. + resources: {} + # limits: + # cpu: 100m + # memory: 512Mi + # requests: + # cpu: 100m + # memory: 512Mi + + +service: + ports: + # You can set a different external and internal gRPC ports and their name. + grpc: + external: + port: 26257 + name: grpc + # If the port number is different than `external.port`, then it will be + # named as `internal.name` in Service. + internal: + port: 26257 + # If using Istio set it to `cockroach`. + name: grpc-internal + http: + port: 8080 + name: http + + # This Service is meant to be used by clients of the database. + # It exposes a ClusterIP that will automatically load balance connections + # to the different database Pods. + public: + type: ClusterIP + # Additional labels to apply to this Service. + labels: + app.kubernetes.io/component: cockroachdb + # Additional annotations to apply to this Service. + annotations: {} + + # This service only exists to create DNS entries for each pod in + # the StatefulSet such that they can resolve each other's IP addresses. + # It does not create a load-balanced ClusterIP and should not be used directly + # by clients in most circumstances. + discovery: + # Additional labels to apply to this Service. + labels: + app.kubernetes.io/component: cockroachdb + # Additional annotations to apply to this Service. + annotations: {} + +# CockroachDB's ingress for web ui. +ingress: + enabled: false + labels: {} + annotations: {} + # kubernetes.io/ingress.class: nginx + # cert-manager.io/cluster-issuer: letsencrypt + paths: [/] + hosts: [] + # - cockroachlabs.com + tls: [] + # - hosts: [cockroachlabs.com] + # secretName: cockroachlabs-tls + +# CockroachDB's data persistence. +# If neither `persistentVolume` nor `hostPath` is used, then data will be +# persisted in ad-hoc `emptyDir`. +storage: + # Absolute path on host to store CockroachDB's data. + # If not specified, then `emptyDir` will be used instead. + # If specified, but `persistentVolume.enabled` is `true`, then has no effect. + hostPath: "" + + # If `enabled` is `true` then a PersistentVolumeClaim will be created and + # used to store CockroachDB's data, otherwise `hostPath` is used. + persistentVolume: + enabled: true + + size: 100Gi + + # If defined, then `storageClassName: `. + # If set to "-", then `storageClassName: ""`, which disables dynamic + # provisioning. + # If undefined or empty (default), then no `storageClassName` spec is set, + # so the default provisioner will be chosen (gp2 on AWS, standard on + # GKE, AWS & OpenStack). + storageClass: "" + + # Additional labels to apply to the created PersistentVolumeClaims. + labels: {} + # Additional annotations to apply to the created PersistentVolumeClaims. + annotations: {} + + +# Kubernetes Job which initializes multi-node CockroachDB cluster. +# It's not created if `statefulset.replicas` is `1`. +init: + # Additional labels to apply to this Job and its Pod. + labels: + app.kubernetes.io/component: init + + # Additional annotations to apply to the Pod of this Job. + annotations: {} + + # Affinity rules for scheduling the Pod of this Job. + # https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-affinity + affinity: {} + + # Node selection constraints for scheduling the Pod of this Job. + # https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector + nodeSelector: {} + + # Taints to be tolerated by the Pod of this Job. + # https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + tolerations: [] + + # The init Pod runs at cluster creation to initialize CockroachDB. It finishes + # quickly and doesn't continue to consume resources in the Kubernetes + # cluster. Normally, you should leave this section commented out, but if your + # Kubernetes cluster uses Resource Quotas and requires all pods to specify + # resource requests or limits, you can set those here. + resources: {} + # requests: + # cpu: "10m" + # memory: "128Mi" + # limits: + # cpu: "10m" + # memory: "128Mi" + + +# Whether to run securely using TLS certificates. +tls: + enabled: false + serviceAccount: + # Specifies whether this ServiceAccount should be created. + create: true + # The name of this ServiceAccount to use. + # If not set and `create` is `true`, then a name is auto-generated. + name: "" + certs: + # Bring your own certs scenario. If provided, tls.init section will be ignored. + provided: false + # Secret name for the client root cert. + clientRootSecret: cockroachdb-root + # Secret name for node cert. + nodeSecret: cockroachdb-node + # Enable if the secret is a dedicated TLS. + # TLS secrets are created by cert-mananger, for example. + tlsSecret: false + + init: + # Image to use for requesting TLS certificates. + image: + repository: cockroachdb/cockroach-k8s-request-cert + tag: "0.4" + pullPolicy: IfNotPresent + credentials: {} + # registry: docker.io + # username: john_doe + # password: changeme + + +networkPolicy: + enabled: false + + ingress: + # List of sources which should be able to access the CockroachDB Pods via + # gRPC port. Items in this list are combined using a logical OR operation. + # Rules for allowing inter-communication are applied automatically. + # If empty, then connections from any Pod is allowed. + grpc: [] + # - podSelector: + # matchLabels: + # app.kubernetes.io/name: my-app-django + # app.kubernetes.io/instance: my-app + + # List of sources which should be able to access the CockroachDB Pods via + # HTTP port. Items in this list are combined using a logical OR operation. + # If empty, then connections from any Pod is allowed. + http: [] + # - namespaceSelector: + # matchLabels: + # project: my-project diff --git a/charts/csi-wekafs/csi-wekafsplugin/0.6.400/.helmignore b/charts/csi-wekafs/csi-wekafsplugin/0.6.400/.helmignore new file mode 100644 index 000000000..50af03172 --- /dev/null +++ b/charts/csi-wekafs/csi-wekafsplugin/0.6.400/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/csi-wekafs/csi-wekafsplugin/0.6.400/Chart.yaml b/charts/csi-wekafs/csi-wekafsplugin/0.6.400/Chart.yaml new file mode 100644 index 000000000..2831183b3 --- /dev/null +++ b/charts/csi-wekafs/csi-wekafsplugin/0.6.400/Chart.yaml @@ -0,0 +1,13 @@ +annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/release-name: csi-wekafsplugin +apiVersion: v2 +appVersion: 0.6.4 +description: Helm chart for Deployment of WekaIO Container Storage Interface (CSI) plugin for WekaFS - the world fastest filesystem +home: https://github.com/weka/csi-wekafs +icon: https://weka.github.io/csi-wekafs/logo.png +name: csi-wekafsplugin +sources: +- https://github.com/weka/csi-wekafs/tree/v0.6.4/deploy/helm/csi-wekafsplugin +type: application +version: 0.6.400 diff --git a/charts/csi-wekafs/csi-wekafsplugin/0.6.400/LOCAL.md b/charts/csi-wekafs/csi-wekafsplugin/0.6.400/LOCAL.md new file mode 100644 index 000000000..de09f09f3 --- /dev/null +++ b/charts/csi-wekafs/csi-wekafsplugin/0.6.400/LOCAL.md @@ -0,0 +1,28 @@ +# Overview +Helm Chart for Weka wekafs CSI driver deployment + +# Usage +## Install driver + + - Optionally modify values.yaml + - Create a name space for CSI driver deployment by issuing + ``` + kubectl create namespace csi-wekafsplugin + ``` + - Install the driver: + ``` + helm install csi-wekafsplugin --namespace csi-wekafsplugin -n=csi-wekafsplugin ./ + ``` + +## Uninstall driver +To uninstall a driver, issue the following command +``` +helm uninstall csi-wekafsplugin --namespace csi-wekafsplugin -n=csi-wekafsplugin +``` + +# Upgrade +To upgrade from versions before v0.6.0, first uninstall the previous version using cleanup script: +``` +./deploy/kubernetes-latest/cleanup.sh +``` +Then install as usual. \ No newline at end of file diff --git a/charts/csi-wekafs/csi-wekafsplugin/0.6.400/README.md b/charts/csi-wekafs/csi-wekafsplugin/0.6.400/README.md new file mode 100644 index 000000000..d24f05dd7 --- /dev/null +++ b/charts/csi-wekafs/csi-wekafsplugin/0.6.400/README.md @@ -0,0 +1,23 @@ +[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0) +[![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/csi-wekafs)](https://artifacthub.io/packages/search?repo=csi-wekafs) +# CSI WekaFS Driver + +This repository hosts the CSI WekaFS driver and all of its build and dependent configuration files to deploy the driver. + +## Pre-requisite +- Kubernetes cluster of version 1.18 and up, 1.19 and up recommended, 1.13 and up should work but were not tested. +- Helm v3 must be installed and configured properly +- Weka system pre-configured and Weka client installed and registered in cluster for each Kubernetes node + +## Deployment +```shell +helm repo add csi-wekafs https://weka.github.io/csi-wekafs +helm install csi-wekafsplugin csi-wekafs/csi-wekafsplugin --namespace csi-wekafsplugin --create-namespace +``` + +## Usage +- [Deploy an Example application](https://github.com/weka/csi-wekafs/blob/master/docs/usage.md) + +## Additional Documentation +- [Official Weka CSI Plugin documentation](https://docs.weka.io/appendix/weka-csi-plugin) + diff --git a/charts/csi-wekafs/csi-wekafsplugin/0.6.400/app-readme.md b/charts/csi-wekafs/csi-wekafsplugin/0.6.400/app-readme.md new file mode 100644 index 000000000..880868b3e --- /dev/null +++ b/charts/csi-wekafs/csi-wekafsplugin/0.6.400/app-readme.md @@ -0,0 +1,20 @@ +# WekaIO CSI Plugin +[Weka's](https://weka.io) parallel file system delivers the highest performance for the most data-intensive workloads, +powering solutions to problems the world has never seen before. + +This repository hosts the CSI WekaFS driver and all of its build and dependent configuration files to deploy the driver. + +## Pre-requisite +- Kubernetes cluster +- Helm v3 +- Running version 1.18 or later. Although older versions from 1.13 and up should work, they were not tested +- Weka system pre-configured and Weka client installed and registered in cluster for each Kubernetes node +## Deployment +```shell +helm repo add csi-wekafs https://weka.github.io/csi-wekafs +helm install csi-wekafsplugin csi-wekafs/csi-wekafsplugin --namespace csi-wekafsplugin --create-namespace +``` +## Usage +- [Deploy an Example application](https://github.com/weka/csi-wekafs/blob/master/docs/usage.md) +## Additional Documentation +- [Official Weka CSI Plugin documentation](https://docs.weka.io/appendix/weka-csi-plugin) diff --git a/charts/csi-wekafs/csi-wekafsplugin/0.6.400/questions.yaml b/charts/csi-wekafs/csi-wekafsplugin/0.6.400/questions.yaml new file mode 100644 index 000000000..fd0d25dd8 --- /dev/null +++ b/charts/csi-wekafs/csi-wekafsplugin/0.6.400/questions.yaml @@ -0,0 +1,6 @@ +questions: + - variable: dynamicProvisionPath + default: "csi-volumes" + required: false + label: Path for creation of dynamic volumes (relative to filesystem root) + group: "Global Settings" diff --git a/charts/csi-wekafs/csi-wekafsplugin/0.6.400/templates/NOTES.txt b/charts/csi-wekafs/csi-wekafsplugin/0.6.400/templates/NOTES.txt new file mode 100644 index 000000000..426acbc08 --- /dev/null +++ b/charts/csi-wekafs/csi-wekafsplugin/0.6.400/templates/NOTES.txt @@ -0,0 +1,10 @@ +Thank you for installing {{ .Chart.Name }}. + +Your release is named {{ .Release.Name }}. + +To learn more about the release, try: + + $ helm status {{ .Release.Name }} + $ helm get all {{ .Release.Name }} + +Official Weka CSI Plugin documentation can be found here: https://docs.weka.io/appendix/weka-csi-plugin diff --git a/charts/csi-wekafs/csi-wekafsplugin/0.6.400/templates/controllerserver.yaml b/charts/csi-wekafs/csi-wekafsplugin/0.6.400/templates/controllerserver.yaml new file mode 100644 index 000000000..48f385f99 --- /dev/null +++ b/charts/csi-wekafs/csi-wekafsplugin/0.6.400/templates/controllerserver.yaml @@ -0,0 +1,242 @@ +apiVersion: v1 +kind: ServiceAccount +imagePullSecrets: +- name: {{ .Release.Name }}-creds +metadata: + name: {{ .Release.Name }}-controller + namespace: {{ .Release.Namespace }} + +--- +# cluster role +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ .Release.Name }}-controller +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete", "update", "patch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims/status"] + verbs: ["update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments/status"] + verbs: ["patch"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodeinfos"] + verbs: ["get", "list", "watch"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["create", "list", "watch", "delete", "get", "update"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["create", "get", "list", "watch", "update", "delete", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents/status"] + verbs: ["update", "create", "get", "list", "watch", "delete", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list", "watch", "update", "create", "delete", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots/status"] + verbs: ["get", "list", "watch", "update", "create", "delete", "patch"] + +--- +# cluster role binding +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ .Release.Name }}-controller +subjects: + - kind: ServiceAccount + name: {{ .Release.Name }}-controller + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: {{ .Release.Name }}-controller + apiGroup: rbac.authorization.k8s.io + +--- +# stateful set of controller +--- +kind: StatefulSet +apiVersion: apps/v1 +metadata: + name: {{ .Release.Name }}-controller + namespace: {{ .Release.Namespace }} +spec: + selector: + matchLabels: + app: {{ .Release.Name }}-controller + serviceName: {{ .Release.Name }}-controller + replicas: 1 + template: + metadata: + labels: + app: {{ .Release.Name }}-controller + spec: + serviceAccountName: {{ .Release.Name }}-controller + containers: + - name: csi-attacher + image: {{ required "csi attacher sidercar image." .Values.images.attachersidecar }} + securityContext: + privileged: true + args: + - "--csi-address=$(ADDRESS)" + - "--v=5" + env: + - name: ADDRESS + value: unix:///csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /csi + - name: csi-provisioner + image: {{ required "csi provisioner sidecar container image." .Values.images.provisionersidecar }} + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + - "--feature-gates=Topology=true" + env: + - name: ADDRESS + value: unix:///csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: "/csi" + - name: csi-resizer + image: {{ required "csi attacher sidercar image." .Values.images.resizersidecar }} + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + env: + - name: ADDRESS + value: unix:///csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /csi + + - name: wekafs + securityContext: + privileged: true + image: {{ .Values.images.csidriver }}:v{{ .Values.images.csidriverTag }} + imagePullPolicy: Always + args: + - "--drivername=$(CSI_DRIVER_NAME)" + - "--v=5" + - "--endpoint=$(CSI_ENDPOINT)" + - "--nodeid=$(KUBE_NODE_NAME)" + - "--dynamic-path=$(CSI_DYNAMIC_PATH)" + - "--csimode=$(X_CSI_MODE)" + ports: + - containerPort: 9898 + name: healthz + protocol: TCP + livenessProbe: + failureThreshold: 5 + httpGet: + path: /healthz + port: healthz + initialDelaySeconds: 10 + timeoutSeconds: 3 + periodSeconds: 2 + env: + - name: CSI_ENDPOINT + value: unix:///csi/csi.sock + - name: CSI_DRIVER_NAME + value: {{ required "Provide CSI Driver Name" .Values.csiDriverName }} + - name: CSI_DRIVER_VERSION + value: {{ required "Provide CSI Driver version" .Values.csiDriverVersion }} + - name: X_CSI_MODE + value: controller + - name: CSI_DYNAMIC_PATH + value: {{ required "Provide CSI Driver Dynamic Volume Creation Path" .Values.dynamicProvisionPath }} + - name: X_CSI_DEBUG + value: "false" + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + volumeMounts: + - mountPath: /csi + name: socket-dir + - mountPath: /var/lib/kubelet/pods + mountPropagation: Bidirectional + name: mountpoint-dir + - mountPath: /var/lib/kubelet/plugins + mountPropagation: Bidirectional + name: plugins-dir + - mountPath: /var/lib/csi-wekafs-data + name: csi-data-dir + - mountPath: /dev + name: dev-dir + + - name: liveness-probe + volumeMounts: + - mountPath: /csi + name: socket-dir + image: {{ required "Provide Liveness Probe image." .Values.images.livenessprobesidecar }} + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + - "--health-port=$(HEALTH_PORT)" + env: + - name: ADDRESS + value: unix:///csi/csi.sock + - name: HEALTH_PORT + value: "9898" + {{- with .Values.controllerPluginTolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + volumes: + - hostPath: + path: /var/lib/kubelet/plugins/csi-wekafs + type: DirectoryOrCreate + name: socket-dir + - hostPath: + path: /var/lib/kubelet/pods + type: DirectoryOrCreate + name: mountpoint-dir + - hostPath: + path: /var/lib/kubelet/plugins_registry + type: Directory + name: registration-dir + - hostPath: + path: /var/lib/kubelet/plugins + type: Directory + name: plugins-dir + - hostPath: + # 'path' is where PV data is persisted on host. + # using /tmp is also possible while the PVs will not available after plugin container recreation or host reboot + path: /var/lib/csi-wekafs-data/ + type: DirectoryOrCreate + name: csi-data-dir + - hostPath: + path: /dev + type: Directory + name: dev-dir diff --git a/charts/csi-wekafs/csi-wekafsplugin/0.6.400/templates/driver.yaml b/charts/csi-wekafs/csi-wekafsplugin/0.6.400/templates/driver.yaml new file mode 100644 index 000000000..83e1d8689 --- /dev/null +++ b/charts/csi-wekafs/csi-wekafsplugin/0.6.400/templates/driver.yaml @@ -0,0 +1,9 @@ +apiVersion: storage.k8s.io/v1 +kind: CSIDriver +metadata: + name: {{ required "Provide CSI Driver Name" .Values.csiDriverName }} +spec: + attachRequired: true + podInfoOnMount: true + volumeLifecycleModes: + - Persistent diff --git a/charts/csi-wekafs/csi-wekafsplugin/0.6.400/templates/nodeserver.yaml b/charts/csi-wekafs/csi-wekafsplugin/0.6.400/templates/nodeserver.yaml new file mode 100644 index 000000000..76ce743d5 --- /dev/null +++ b/charts/csi-wekafs/csi-wekafsplugin/0.6.400/templates/nodeserver.yaml @@ -0,0 +1,182 @@ +apiVersion: v1 +kind: ServiceAccount +imagePullSecrets: +- name: {{ .Release.Name }}-creds +metadata: + name: {{ .Release.Name }}-node + namespace: {{ .Release.Namespace }} + +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ .Release.Name }}-node +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["create", "delete", "get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["persistentvolumesclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["events"] + verbs: ["get", "list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update"] + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ .Release.Name }}-node +subjects: + - kind: ServiceAccount + name: {{ .Release.Name }}-node + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: {{ .Release.Name }}-node + apiGroup: rbac.authorization.k8s.io +--- +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: {{ .Release.Name }}-node + namespace: {{ .Release.Namespace }} +spec: + selector: + matchLabels: + app: {{ .Release.Name }}-node + template: + metadata: + labels: + app: {{ .Release.Name }}-node + spec: + serviceAccountName: {{ .Release.Name }}-node + hostNetwork: true + containers: + - name: wekafs + securityContext: + privileged: true + image: {{ .Values.images.csidriver }}:v{{ .Values.images.csidriverTag }} + imagePullPolicy: Always + args: + - "--v=5" + - "--drivername=$(CSI_DRIVER_NAME)" + - "--endpoint=$(CSI_ENDPOINT)" + - "--nodeid=$(KUBE_NODE_NAME)" + - "--dynamic-path=$(CSI_DYNAMIC_PATH)" + - "--csimode=$(X_CSI_MODE)" + ports: + - containerPort: 9898 + name: healthz + protocol: TCP + livenessProbe: + failureThreshold: 5 + httpGet: + path: /healthz + port: healthz + initialDelaySeconds: 10 + timeoutSeconds: 3 + periodSeconds: 2 + env: + - name: CSI_DRIVER_NAME + value: {{ required "Provide CSI Driver Name" .Values.csiDriverName }} + - name: CSI_ENDPOINT + value: unix:///csi/csi.sock + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: CSI_DYNAMIC_PATH + value: {{ required "Provide CSI Driver Dynamic Volume Creation Path" .Values.dynamicProvisionPath }} + - name: X_CSI_MODE + value: node + volumeMounts: + - mountPath: /csi + name: socket-dir + - mountPath: /var/lib/kubelet/pods + mountPropagation: Bidirectional + name: mountpoint-dir + - mountPath: /var/lib/kubelet/plugins + mountPropagation: Bidirectional + name: plugins-dir + - mountPath: /var/lib/csi-wekafs-data + name: csi-data-dir + - mountPath: /dev + name: dev-dir + + - name: liveness-probe + volumeMounts: + - mountPath: /csi + name: socket-dir + image: {{ required "Provide Liveness Probe image." .Values.images.livenessprobesidecar }} + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + - "--health-port=$(HEALTH_PORT)" + env: + - name: ADDRESS + value: unix:///csi/csi.sock + - name: HEALTH_PORT + value: "9898" + + - name: csi-registrar + image: {{ required "Provide the csi node registrar sidecar container image." .Values.images.registrarsidecar }} + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + - "--kubelet-registration-path=/var/lib/kubelet/plugins/csi-wekafs/csi.sock" + securityContext: + privileged: true + env: + - name: ADDRESS + value: unix:///csi/csi.sock + volumeMounts: + - mountPath: /csi + name: socket-dir + - mountPath: /registration + name: registration-dir + - mountPath: /var/lib/csi-wekafs-data + name: csi-data-dir + {{- with .Values.nodePluginTolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + volumes: + - hostPath: + path: /var/lib/kubelet/plugins/csi-wekafs + type: DirectoryOrCreate + name: socket-dir + - hostPath: + path: /var/lib/kubelet/pods + type: DirectoryOrCreate + name: mountpoint-dir + - hostPath: + path: /var/lib/kubelet/plugins_registry + type: Directory + name: registration-dir + - hostPath: + path: /var/lib/kubelet/plugins + type: Directory + name: plugins-dir + - hostPath: + # 'path' is where PV data is persisted on host. + # using /tmp is also possible while the PVs will not available after plugin container recreation or host reboot + path: /var/lib/csi-wekafs-data/ + type: DirectoryOrCreate + name: csi-data-dir + - hostPath: + path: /dev + type: Directory + name: dev-dir diff --git a/charts/csi-wekafs/csi-wekafsplugin/0.6.400/values.schema.json b/charts/csi-wekafs/csi-wekafsplugin/0.6.400/values.schema.json new file mode 100644 index 000000000..763641204 --- /dev/null +++ b/charts/csi-wekafs/csi-wekafsplugin/0.6.400/values.schema.json @@ -0,0 +1,104 @@ +{ + "$schema": "http://json-schema.org/schema#", + "type": "object", + "properties": { + "controllerPluginTolerations": { + "type": "array", + "description": "CSI Controller component tolerations", + "items": { + "type": "object", + "properties": { + "effect": { + "type": "string" + }, + "key": { + "type": "string" + }, + "operator": { + "type": "string" + } + } + } + }, + "csiDriverName": { + "type": "string", + "description": "Override name of CSI driver" + }, + "csiDriverVersion": { + "type": "string" + }, + "dynamicProvisionPath": { + "type": "string", + "description": "Root path of dynamic volumes (relative to filesystem root)" + }, + "globalPluginTolerations": { + "type": "array", + "description": "Global tolerations for all plugin components", + "items": { + "type": "object", + "properties": { + "effect": { + "type": "string" + }, + "key": { + "type": "string" + }, + "operator": { + "type": "string" + } + } + } + }, + "images": { + "type": "object", + "properties": { + "attachersidecar": { + "type": "string", + "description": "Path to Docker image of attachersidecar container" + }, + "csidriver": { + "type": "string", + "description": "Path to Docker image of csidriver container" + }, + "csidriverTag": { + "type": "string", + "description": "Path to Docker image of csidriverTag container" + }, + "livenessprobesidecar": { + "type": "string", + "description": "Path to Docker image of livenessprobesidecar container" + }, + "provisionersidecar": { + "type": "string", + "description": "Path to Docker image of provisionersidecar container" + }, + "registrarsidecar": { + "type": "string", + "description": "Path to Docker image of registrarsidecar container" + }, + "resizersidecar": { + "type": "string", + "description": "Path to Docker image of resizersidecar container" + } + } + }, + "nodePluginTolerations": { + "type": "array", + "description": "CSI Node component tolerations", + "items": { + "type": "object", + "properties": { + "effect": { + "type": "string" + }, + "key": { + "type": "string" + }, + "operator": { + "type": "string" + } + } + } + } + } +} diff --git a/charts/csi-wekafs/csi-wekafsplugin/0.6.400/values.yaml b/charts/csi-wekafs/csi-wekafsplugin/0.6.400/values.yaml new file mode 100644 index 000000000..caf492e31 --- /dev/null +++ b/charts/csi-wekafs/csi-wekafsplugin/0.6.400/values.yaml @@ -0,0 +1,40 @@ +# Default values for csi-wekafsplugin. + +# directory in root of file system where dynamic volumes are provisioned +dynamicProvisionPath: "csi-volumes" + +# name of the driver +# note same name will be used for provisioner name +csiDriverName : "csi.weka.io" +csiDriverVersion : &csiDriverVersion "0.6.4" + +# Image paths +images: + # "images.liveness-probe-sidecar" defines the container image used for the csi liveness probe sidecar + livenessprobesidecar: quay.io/k8scsi/livenessprobe:v1.1.0 + + # "images.attacher-sidercar" defines the container image used for the csi attacher sidecar + attachersidecar: quay.io/k8scsi/csi-attacher:v3.0.0-rc1 + + # "images.provisioner-sidercar" defines the container image used for the csi provisioner sidecar + provisionersidecar: quay.io/k8scsi/csi-provisioner:v1.6.0 + + # "images.registrar-sidercar" defines the container images used for the csi registrar sidercar + registrarsidecar: quay.io/k8scsi/csi-node-driver-registrar:v1.3.0 + + # "images.resizer-sidercar" defines the container image used for the csi provisioner sidecar + resizersidecar: quay.io/k8scsi/csi-resizer:v0.5.0 + + # images.csidriver defines csidriver image used for external provisioning + csidriver: quay.io/weka.io/csi-wekafs + csidriverTag: *csiDriverVersion + +globalPluginTolerations: &globalPluginTolerations + - key: node-role.kubernetes.io/master + operator: Exists + effect: NoSchedule + +controllerPluginTolerations: *globalPluginTolerations + +nodePluginTolerations: *globalPluginTolerations + diff --git a/charts/datadog/datadog/2.4.200/.helmignore b/charts/datadog/datadog/2.4.200/.helmignore new file mode 100644 index 000000000..46fd89965 --- /dev/null +++ b/charts/datadog/datadog/2.4.200/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +# OWNERS file for Kubernetes +OWNERS diff --git a/charts/datadog/datadog/2.4.200/CHANGELOG.md b/charts/datadog/datadog/2.4.200/CHANGELOG.md new file mode 100644 index 000000000..fe4209075 --- /dev/null +++ b/charts/datadog/datadog/2.4.200/CHANGELOG.md @@ -0,0 +1,328 @@ +# Datadog changelog + +## Changelog is now available through Git history/GitHub tags, previous tags kept as reference + +## 2.3.41 + +* Fix issue with Kubernetes <= 1.14 and Cluster Agent's External Metrics Provider (must be 443) + +## 2.3.40 + +* Update documentation for resource requests & limits default values. + +## 2.3.39 + +* Propagate `datadog.checksd` to the clusterchecks runner to support custom checks there. + +## 2.3.38 + +* Add support of DD\_CONTAINER\_{INCLUDE,EXCLUDE}\_{METRICS,LOGS} + +## 2.3.37 + +* Add NET\_BROADCAST capability + +## 2.3.36 + +* Bump default Agent version to `7.21.1` + +## 2.3.35 + +* Add support for configuring the Datadog Admission Controller + +## 2.3.34 + +* Add support for scaling based on `DatadogMetric` CRD + +## 2.3.33 + +* Create new `datadog.podSecurity.securityContext` field to fix windows agent daemonset config. + +## 2.3.32 + +* Always add os in nodeSelector based on `targetSystem` + +## 2.3.31 + +* Fixed daemonset template for go 1.14 + +## 2.3.29 + +* Change the default port for the Cluster Agent's External Metrics Provider + from 443 to 8443. +* Document usage of `clusterAgent.env` + +## 2.3.28 + +* fix daemonset template generation if `datadog.securityContext` is set to `nil` + +## 2.3.27 + +* add systemProbe.collectDNSStats option + +## 2.3.26 + +* fix PodSecurityContext configuration + +## 2.3.25 + +* Use directly .env var YAML block for all agents (was already the case for Cluster Agent) + +## 2.3.24 + +* Allow enabling Orchestrator Explorer data collection from the process-agent + +## 2.3.23 + +* Add the possibility to create a `PodSecurityPolicy` or a `SecurityContextConstraints` (Openshift) for the Agent's Daemonset Pods. + +## 2.3.22 + +* Remove duplicate imagePullSecrets +* Fix DataDog location to useConfigMap in docs +* Adding explanation for metricsProvider.enabled + +## 2.3.21 + +* Fix additional default values in `values.yaml` to prevent errors with Helm 2.x + +## 2.3.20 + +* Fix process-agent <> system-probe communication + +## 2.3.19 + +* Fix the container-trace-agent.yaml template creates invalid yaml when `useSocketVolume` is enabled. + +## 2.3.18 + +* Support arguments in the cluster-agent container `command` value + +## 2.3.17 + +* grammar edits to datadog helm docs! +* Typo in log config + +## 2.3.16 + +* Add parameter `clusterChecksRunner.rbac.serviceAccountAnnotations` for specifying annotations for dedicated ServiceAccount for Cluster Checks runners. +* Add parameters `clusterChecksRunner.volumes` and `clusterChecksRunner.volumeMounts` that can be used for providing a secret backend to Cluster Checks runners. + +## 2.3.15 + +* Mount kernel headers in system-probe container +* Fix the mount of the `system-probe` socket in core agent +* Add parameters to enable eBPF based checks + +## 2.3.14 + +* Allow overriding the `command` to run in the cluster-agent container + +## 2.3.13 + +* Use two distinct health endpoints for liveness and readiness probes. + +## 2.3.12 + +* Fix endpoints checks scheduling between agent and cluster check runners +* Cluster Check Runner now runs without s6 (similar to other agents) + +## 2.3.11 + +* Bump the default version of the agent docker images + +## 2.3.10 + +* Add dnsConfig options to all containers + +## 2.3.9 + +* Add `clusterAgent.podLabels` variable to add labels to the Cluster Agent Pod(s) + +## 2.3.8 + +* Fix templating errors when `clusterAgent.datadog_cluster_yaml` is being used. + +## 2.3.7 + +* Fix an agent warning at startup because of a deprecated parameter + +## 2.3.6 + +* Add `affinity` parameter in `values.yaml` for cluster agent deployment + +## 2.3.5 + +* Add `DD_AC_INCLUDE` and `DD_AC_EXCLUDE` to all containers +* Add "Unix Domain Socket" support in trace-agent +* Add new parameter to specify the dogstatsd socket path on the host +* Fix typos in values.yaml +* Update "tags:" example in values.yaml +* Add "rate_limit_queries_*" in the datadog.cluster-agent prometheus check configuration + +## 2.3.4 + +* Fix default values in `values.yaml` to prevent warnings with Helm 2.x + +## 2.3.3 + +* Allow pre-release versions as docker image tag + +## 2.3.2 + +* Update the DCA RBAC to allow it to create events in the HPA + +## 2.3.1 + +* Update the example for `datadog.securityContext` + +## 2.3.0 + +* Mount the directory containing the CRI socket instead of the socket itself + This is to handle the cases where the docker daemon is restarted. + In this case, the docker daemon will recreate its docker socket and, + if the container bind-mounted directly the socket, the container would + still have access to the old socket instead of the one of the new docker + daemon. + ⚠ This version of the chart requires an agent image 7.19.0 or more recent + +## 2.2.12 + +* Adding resources for `system-probe` init container + +## 2.2.11 + +* Add documentations around secret management in the datadog helm chart. It is to upstream + requested changes in the IBM charts repository: https://github.com/IBM/charts/pull/690#discussion_r411702458 +* update `kube-state-metrics` dependency +* uncomment every values.yaml parameters for IBM chart compliancy + +## 2.2.10 + +* Remove `kubeStateMetrics` section from `values.yaml` as not used anymore + +## 2.2.9 + +* Fixing variables description in README and Migration documentation (#22031) +* Avoid volumes mount conflict between `system-probe` and `logs` volumes in the `agent`. + +## 2.2.8 + +* Mount `system-probe` socket in `agent` container when system-probe is enabled + +## 2.2.7 + +* Add "Cluster-Agent" `Event` `create` RBAC permission + +## 2.2.6 + +* Ensure the `trace-agent` computes the same hostname as the core `agent`. + by giving it access to all the elements that might be used to compute the hostname: + the `DD_CLUSTER_NAME` environment variable and the docker socket. + +## 2.2.5 + +* Fix RBAC + +## 2.2.4 + +* Move several EnvVars to `common-env-vars` to be accessible by the `trace-agent` #21991. +* Fix discrepancies migration-guide and readme reporded in #21806 and #21920. +* Fix EnvVars with integer value due to yaml. serialization, reported by #21853. +* Fix .Values.datadog.tags encoding, reported by #21663. +* Add Checksum to `xxx-cluster-agent-config` config map, reported by #21622 and contribution #21656. + +## 2.2.3 + +* Fix `datadog.dockerOrCriSocketPath` helper #21992 + +## 2.2.2 + +* Fix indentation for `clusterAgent.volumes`. + +## 2.2.1 + +* Updating `agents.useConfigMap` and `agents.customAgentConfig` parameter descriptions in the chart and main readme. + +## 2.2.0 + +* Add Windows support +* Update documentation to reflect some changes that were made default +* Enable endpoint checks by default in DCA/Agent + +## 2.1.2 + +* Fixed a bug where `DD_LEADER_ELECTION` was not set in the config init container, leading to a failure to adapt +config to this environment variable. + +## 2.1.1 + +* Add option to enable WPA in the Cluster Agent. + +## 2.1.0 + +* Changed the default for `processAgent.enabled` to `true`. + +## 2.0.14 + +* Fixed a bug where the `trace-agent` runs in the same container as `dd-agent` + +## 2.0.13 + +* Fix `system-probe` startup on latest versions of containerd. + Here is the error that this change fixes: + ``` State: Waiting + Reason: CrashLoopBackOff + Last State: Terminated + Reason: StartError + Message: failed to create containerd task: OCI runtime create failed: container_linux.go:349: starting container process caused "close exec fds: ensure /proc/self/fd is on procfs: operation not permitted": unknown + Exit Code: 128 + ``` + +## 2.0.11 + +* Add missing syscalls in the `system-probe` seccomp profile + +## 2.0.10 + +* Do not enable the `cri` check when running on a `docker` setup. + +## 2.0.7 + +* Pass expected `DD_DOGSTATSD_PORT` to datadog-agent rather than invalid `DD_DOGSTATD_PORT` + +## 2.0.6 + +* Introduces `procesAgent.processCollection` to correctly configure `DD_PROCESS_AGENT_ENABLED` for the process agent. + +## 2.0.5 + +* Honor the `datadog.env` parameter in all containers. + +## 2.0.4 + +* Honor the image pull policy in init containers. +* Pass the `DD_CRI_SOCKET_PATH` environment variable to the config init container so that it can adapt the agent config based on the CRI. + +## 2.0.3 + +* Fix templating error when `agents.useConfigMap` is set to true. +* Add DD\_APM\_ENABLED environment variable to trace agent container. + +## 2.0.2 + +* Revert the docker socket path inside the agent container to its standard location to fix #21223. + +## 2.0.1 + +* Add parameters `datadog.logs.enabled` and `datadog.logs.containerCollectAll` to replace `datadog.logsEnabled` and `datadog.logsConfigContainerCollectAll`. +* Update the migration document link in the `Readme.md`. + +### 2.0.0 + +* Remove Datadog agent deployment configuration. +* Cleanup resources labels, to fit with recommended labels. +* Cleanup useless or unused values parameters. +* each component have its own RBAC configuration (create,configuration). +* container runtime socket update values configuration simplification. +* `nameOverride` `fullnameOverride` is now optional in values.yaml. diff --git a/charts/datadog/datadog/2.4.200/Chart.yaml b/charts/datadog/datadog/2.4.200/Chart.yaml new file mode 100644 index 000000000..3a8c3bf85 --- /dev/null +++ b/charts/datadog/datadog/2.4.200/Chart.yaml @@ -0,0 +1,20 @@ +annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/release-name: datadog +apiVersion: v1 +appVersion: "7" +description: Datadog Agent +home: https://www.datadoghq.com +icon: https://datadog-live.imgix.net/img/dd_logo_70x75.png +keywords: +- monitoring +- alerting +- metric +maintainers: +- email: support@datadoghq.com + name: Datadog +name: datadog +sources: +- https://app.datadoghq.com/account/settings#agent/kubernetes +- https://github.com/DataDog/datadog-agent +version: 2.4.200 diff --git a/charts/datadog/datadog/2.4.200/README.md b/charts/datadog/datadog/2.4.200/README.md new file mode 100644 index 000000000..d36ee5f2e --- /dev/null +++ b/charts/datadog/datadog/2.4.200/README.md @@ -0,0 +1,481 @@ +# Datadog + +[Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/kubernetes/charts/tree/master/stable/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). + +Datadog [offers two variants](https://hub.docker.com/r/datadog/agent/tags/), switch to a `-jmx` tag if you need to run JMX/java integrations. The chart also supports running [the standalone dogstatsd image](https://hub.docker.com/r/datadog/dogstatsd/tags/). + +See the [Datadog JMX integration](https://docs.datadoghq.com/integrations/java/) to learn more. + +## How to use Datadog Helm repository + +You need to add this repository to your Helm repositories: + +``` +helm repo add datadog https://helm.datadoghq.com +helm repo update +``` + +## Prerequisites + +Kubernetes 1.4+ or OpenShift 3.4+, note that: + +- the Datadog Agent supports Kubernetes 1.4+ +- The Datadog chart's defaults are tailored to Kubernetes 1.7.6+, see [Datadog Agent legacy Kubernetes versions documentation](https://github.com/DataDog/datadog-agent/tree/master/Dockerfiles/agent#legacy-kubernetes-versions) for adjustments you might need to make for older versions + +## Quick start + +By default, the Datadog Agent runs in a DaemonSet. It can alternatively run inside a Deployment for special use cases. + +**Note:** simultaneous DaemonSet + Deployment installation within a single release will be deprecated in a future version, requiring two releases to achieve this. + +### Installing the Datadog Chart + +To install the chart with the release name ``, retrieve your Datadog API key from your [Agent Installation Instructions](https://app.datadoghq.com/account/settings#agent/kubernetes) and run: + +```bash +helm install --name \ + --set datadog.apiKey= datadog/datadog +``` + +By default, this Chart creates a Secret and puts an API key in that Secret. +However, you can use manually created secret by setting the `datadog.apiKeyExistingSecret` value. After a few minutes, you should see hosts and metrics being reported in Datadog. + +#### Create and provide a secret that contains your Datadog API Key + +To create a secret that contains your Datadog API key, replace the below with the API key for your organization. This secret is used in the manifest to deploy the Datadog Agent. + +```bash +DATADOG_SECRET_NAME=datadog-secret +kubectl create secret generic $DATADOG_SECRET_NAME --from-literal api-key="" --namespace="default" +``` + +**Note**: This creates a secret in the default namespace. If you are in a custom namespace, update the namespace parameter of the command before running it. + +Now, the installation command contains the reference to the secret. + +```bash +helm install --name \ + --set datadog.apiKeyExistingSecret=$DATADOG_SECRET_NAME datadog/datadog +``` + +**Note**: Provide a secret for the application key (AppKey) using the `datadog.appKeyExistingSecret` chart variable. + +### Enabling the Datadog Cluster Agent + +Read about the Datadog Cluster Agent in the [official documentation](https://docs.datadoghq.com/agent/kubernetes/cluster/). + +Run the following if you want to deploy the chart with the Datadog Cluster Agent: + +```bash +helm install --name datadog-monitoring \ + --set datadog.apiKey= \ + --set datadog.appKey= \ + --set clusterAgent.enabled=true \ + --set clusterAgent.metricsProvider.enabled=true \ + datadog/datadog +``` + +**Note**: Specifying `clusterAgent.metricsProvider.enabled=true` enables the External Metrics Server. +If you want to learn to use this feature, you can check out this [Datadog Cluster Agent walkthrough](https://github.com/DataDog/datadog-agent/blob/master/docs/cluster-agent/CUSTOM_METRICS_SERVER.md). + +The Leader Election is enabled by default in the chart for the Cluster Agent. Only the Cluster Agent(s) participate in the election, in case you have several replicas configured (using `clusterAgent.replicas`. + +#### Cluster Agent Token + +You can specify the Datadog Cluster Agent token used to secure the communication between the Cluster Agent(s) and the Agents with `clusterAgent.token`. + +**If you don't specify a token, a random one is generated at each deployment so you must use `--recreate-pods` to ensure all pod use the same token.** see[Datadog Chart notes](https://github.com/helm/charts/blob/57d3030941ad2ec2d6f97c86afdf36666658a884/datadog/datadog/templates/NOTES.txt#L49-L59) to learn more. + +### Upgrading + +#### From 1.x to 2.x + +⚠️ Migrating from 1.x to 2.x requires a manual action. + +The `datadog` chart has been refactored to regroup the `values.yaml` parameters in a more logical way. +Please follow the [migration guide](https://github.com/helm/charts/blob/master/datadog/datadog/docs/Migration_1.x_to_2.x.md) to update you `values.yaml` file. + +#### From 1.19.0 onwards + +Version `1.19.0` introduces the use of release name as full name if it contains the chart name(`datadog` in this case). +E.g. with a release name of `datadog`, this renames the `DaemonSet` from `datadog-datadog` to `datadog`. +The suggested approach is to delete the release and reinstall it. + +#### From 1.0.0 onwards + +Starting with version 1.0.0, this chart does not support deploying Agent 5.x anymore. If you cannot upgrade to Agent 6.x or later, you can use a previous version of the chart by calling helm install with `--version 0.18.0`. + +See [0.18.1's README](https://github.com/helm/charts/blob/847f737479bb78d89f8fb650db25627558fbe1f0/datadog/datadog/README.md) to see which options were supported at the time. + +### Uninstalling the Chart + +To uninstall/delete the `` deployment: + +```bash +helm delete --purge +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Configuration + +As a best practice, a YAML file that specifies the values for the chart parameters should be provided to configure the chart: + +1. **Copy the default [`datadog-values.yaml`](values.yaml) value file.** +2. Set the `apiKey` parameter with your [Datadog API key](https://app.datadoghq.com/account/settings#api). +3. Upgrade the Datadog Helm chart with the new `datadog-values.yaml` file: + +```bash +helm upgrade -f datadog-values.yaml datadog/datadog --recreate-pods +``` + +See the [All configuration options](#all-configuration-options) section to discover all possibilities offered by the Datadog chart. + +### Enabling Log Collection + +Update your [datadog-values.yaml](values.yaml) file with the following log collection configuration: + +```yaml +datadog: + # (...) + logs: + enabled: true + containerCollectAll: true +``` + +then upgrade your Datadog Helm chart: + +```bash +helm upgrade -f datadog-values.yaml datadog/datadog --recreate-pods +``` + +### Enabling Process Collection + +Update your [datadog-values.yaml](values.yaml) file with the process collection configuration: + +```yaml +datadog: + # (...) + processAgent: + enabled: true + processCollection: true +``` + +then upgrade your Datadog Helm chart: + +```bash +helm upgrade -f datadog-values.yaml datadog/datadog --recreate-pods +``` + +### Enabling System Probe Collection + +The system-probe agent only runs in dedicated container environment. Update your [datadog-values.yaml](values.yaml) file with the system-probe collection configuration: + +```yaml +datadog: + # (...) + systemProbe: + # (...) + enabled: true + +# (...) +``` + +then upgrade your Datadog Helm chart: + +```bash +helm upgrade -f datadog-values.yaml datadog/datadog --recreate-pods +``` + +### Kubernetes event collection + +Use the [Datadog Cluster Agent](#enabling-the-datadog-cluster-agent) to collect Kubernetes events. Please read [the official documentation](https://docs.datadoghq.com/agent/kubernetes/event_collection/) for more context. + +Alternatively set the `datadog.leaderElection`, `datadog.collectEvents` and `rbac.create` options to `true` in order to enable Kubernetes event collection. + +### conf.d and checks.d + +The Datadog [entrypoint](https://github.com/DataDog/datadog-agent/blob/master/Dockerfiles/agent/entrypoint/89-copy-customfiles.sh) copies files with a `.yaml` extension found in `/conf.d` and files with `.py` extension in `/checks.d` to `/etc/datadog-agent/conf.d` and `/etc/datadog-agent/checks.d` respectively. + +The keys for `datadog.confd` and `datadog.checksd` should mirror the content found in their respective ConfigMaps. Update your [datadog-values.yaml](values.yaml) file with the check configurations: + +```yaml +datadog: + confd: + redisdb.yaml: |- + ad_identifiers: + - redis + - bitnami/redis + init_config: + instances: + - host: "%%host%%" + port: "%%port%%" + jmx.yaml: |- + ad_identifiers: + - openjdk + instance_config: + instances: + - host: "%%host%%" + port: "%%port_0%%" + redisdb.yaml: |- + init_config: + instances: + - host: "outside-k8s.example.com" + port: 6379 +``` + +then upgrade your Datadog Helm chart: + +```bash +helm upgrade -f datadog-values.yaml datadog/datadog --recreate-pods +``` + +For more details, please refer to [the documentation](https://docs.datadoghq.com/agent/kubernetes/integrations/). + +### Kubernetes Labels and Annotations + +To map Kubernetes node labels and pod labels and annotations to Datadog tags, provide a dictionary with kubernetes labels/annotations as keys and Datadog tags key as values in your [datadog-values.yaml](values.yaml) file: + +```yaml +nodeLabelsAsTags: + beta.kubernetes.io/instance-type: aws_instance_type + kubernetes.io/role: kube_role +``` + +```yaml +podAnnotationsAsTags: + iam.amazonaws.com/role: kube_iamrole +``` + +```yaml +podLabelsAsTags: + app: kube_app + release: helm_release +``` + +then upgrade your Datadog Helm chart: + +```bash +helm upgrade -f datadog-values.yaml datadog/datadog --recreate-pods +``` + +### CRI integration + +As of the version 6.6.0, the Datadog Agent supports collecting metrics from any container runtime interface used in your cluster. Configure the location path of the socket with `datadog.criSocketPath`; default is the Docker container runtime socket. To deactivate this support, you just need to unset the `datadog.criSocketPath` setting. +Standard paths are: + +- Docker socket: `/var/run/docker.sock` +- Containerd socket: `/var/run/containerd/containerd.sock` +- Cri-o socket: `/var/run/crio/crio.sock` + +## All configuration options + +The following table lists the configurable parameters of the Datadog chart and their default values. Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```bash +helm install --name \ + --set datadog.apiKey=,datadog.logLevel=DEBUG \ + datadog/datadog +``` + +| Parameter | Description | Default | +|--------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------| +| `targetSystem` | Target OS of this installation (supported: `linux`, `windows`) | `linux` | +| `datadog.apiKey` | Your Datadog API key | `nil` You must provide your own key | +| `datadog.apiKeyExistingSecret` | If set, use the secret with a provided name instead of creating a new one | `nil` | +| `datadog.appKey` | Datadog APP key required to use metricsProvider | `nil` You must provide your own key | +| `datadog.appKeyExistingSecret` | If set, use the secret with a provided name instead of creating a new one | `nil` | +| `agents.image.repository` | The image repository to pull from | `datadog/agent` | +| `agents.image.tag` | The image tag to pull | `7.19.0` | +| `agents.image.doNotCheckTag` | By default, the helm chart will check that the version provided in `agents.image.tag` is superior to the minimal version requested by the chart. If `doNotCheckTag` is explicitly set to `true`, this check is skipped. This is useful for custom tags that are not respecting semantic versioning. | `false` | +| `agents.image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `agents.image.pullSecrets` | Image pull secrets | `nil` | +| `nameOverride` | Override name of app | `""` | +| `fullnameOverride` | Override full name of app | `""` | +| `agents.rbac.create` | If true, create & use RBAC resources | `true` | +| `agents.rbac.serviceAccountName` | existing ServiceAccount to use (ignored if rbac.create=true) | `default` | +| `datadog.site` | Site ('datadoghq.com' or 'datadoghq.eu') | `nil` | +| `datadog.dd_url` | Datadog intake server | `nil` | +| `datadog.env` | Additional Datadog environment variables | `nil` | +| `datadog.logLevel` | Agent log verbosity (possible values: trace, debug, info, warn, error, critical, and off) | `INFO` | +| `datadog.logs.enabled` | Enable log collection | `nil` | +| `datadog.logs.containerCollectAll` | Collect logs from all containers | `nil` | +| `datadog.logs.containerCollectUsingFiles` | Collect container logs from files on disk instead of container runtime API | `true` | +| `datadog.apm.enabled` | Enable tracing from the host | `false` | +| `datadog.apm.port` | Used to override the default agent APM Port | `8126` | +| `datadog.apm.useSocketVolume` | Enable APM over Unix Domain Socket | `False` | +| `datadog.apm.socketPath` | Custom path to the socket, has to be located in the `/var/run/datadog/` folder path | `/var/run/datadog/apm.socket` | +| `datadog.apm.hostPath` | host directory that contains the trace-agent socket path | `/var/run/datadog/` | +| `datadog.clusterChecks.enabled` | Enable Cluster Checks on both the Cluster Agent and the Agent daemonset | `false` | +| `datadog.processAgent.enabled` | Enable live process and container monitoring agent. Possible values: `true` enable process-agent, `false` disable process-agent | `true` | +| `datadog.processAgent.processCollection` | Enable live process collection. Possible values: `true` enable process collection, `false` disable process collection | `false` | +| `datadog.checksd` | Additional custom checks as python code | `nil` | +| `datadog.confd` | Additional check configurations (static and Autodiscovery) | `nil` | +| `datadog.dockerSocketPath` | Path to the docker socket | `/var/run/docker.sock` | +| `datadog.criSocketPath` | Path to the container runtime socket (default is Docker runtime) | `nil` | +| `datadog.tags` | Set host tags | `nil` | +| `datadog.dogstatsd.originDetection` | Enable origin detection for container tagging | `False` | +| `datadog.dogstatsd.port` | Used to override the default agent DogStatsD Port | `8125` | +| `datadog.dogstatsd.useHostPID` | If true, use the host's PID namespace | `nil` | +| `datadog.dogstatsd.useHostPort` | If true, use the same ports for both host and container | `nil` | +| `datadog.dogstatsd.nonLocalTraffic` | Enable statsd reporting from any external ip | `False` | +| `datadog.dogstatsd.useSocketVolume` | Enable dogstatsd over Unix Domain Socket | `False` | +| `datadog.dogstatsd.socketPath` | Custom path to the socket, has to be located in the `/var/run/datadog/` folder path | `/var/run/datadog/dsd.socket` | +| `datadog.dogstatsd.hostPath` | host directory that contains the dogstatsd socket | `/var/run/datadog/` | +| `datadog.nodeLabelsAsTags` | Kubernetes Node Labels to Datadog Tags mapping | `nil` | +| `datadog.podAnnotationsAsTags` | Kubernetes Annotations to Datadog Tags mapping | `nil` | +| `datadog.podLabelsAsTags` | Kubernetes Labels to Datadog Tags mapping | `nil` | +| `datadog.securityContext` | Allows you to overwrite the default securityContext applied to the container | `nil` | +| `datadog.acInclude` | (Deprecated) Include containers based on image name | `nil` | +| `datadog.acExclude` | (Deprecated) Exclude containers based on image name | `nil` | +| `datadog.containerInclude` | Include containers based on image name, container name or kubernetes namespace | `nil` | +| `datadog.containerExclude` | Exclude containers based on image name, container name or kubernetes namespace | `nil` | +| `datadog.containerIncludeMetrics` | Include containers for metrics collection based on image name, container name or kubernetes namespace | `nil` | +| `datadog.containerExcludeMetrics` | Exclude containers from metrics based on image name, container name or kubernetes namespace | `nil` | +| `datadog.containerIncludeLogs` | Include containers for logs collection based on image name, container name or kubernetes namespace | `nil` | +| `datadog.containerExcludeLogs` | Exclude containers from logs based on image name, container name or kubernetes namespace | `nil` | +| `datadog.systemProbe.enabled` | enable system probe collection | `false` | +| `datadog.systemProbe.seccomp` | Apply an ad-hoc seccomp profile to system-probe to restrict its privileges | `localhost/system-probe` | +| `datadog.systemProbe.seccompRoot` | Seccomp root directory for system-probe | `/var/lib/kubelet/seccomp` | +| `datadog.systemProbe.debugPort` | The port to expose pprof and expvar for system-probe agent, it is not enabled if the value is set to 0 | `0` | +| `datadog.systemProbe.enableConntrack` | If true, system-probe connects to the netlink/conntrack subsystem to add NAT information to connection data. Ref: http://conntrack-tools.netfilter.org/ | `true` | +| `datadog.systemProbe.bpfDebug` | If true, system-probe writes debug logs to /sys/kernel/debug/tracing/trace_pipe | `false` | +| `datadog.systemProbe.apparmor` | Apparmor profile for system-probe | `unconfined` | +| `datadog.systemProbe.enableTCPQueueLength` | Enable the TCP queue length eBPF-based check | `false` | +| `datadog.systemProbe.enableOOMKill` | Enable the OOM kill eBPF-based check | `false` | +| `datadog.orchestratorExplorer.enabled` | Enable the Orchestrator Explorer data collection | `false` | +| `agents.podAnnotations` | Annotations to add to the DaemonSet's Pods | `nil` | +| `agents.podLabels` | labels to add to each pod | `nil` | +| `agents.tolerations` | List of node taints to tolerate (requires Kubernetes >= 1.6) | `nil` | +| `agents.nodeSelector` | Node selectors | `nil` | +| `agents.affinity` | Node affinities | `nil` | +| `agents.useHostNetwork` | If true, use the host's network | `nil` | +| `agents.dnsConfig` | If set, configure dnsConfig options in datadog agent containers | `nil` | +| `agents.containers.agent.env` | Additional list of environment variables to use in the agent container | `nil` | +| `agents.containers.agent.logLevel` | Agent log verbosity | `INFO` | +| `agents.containers.agent.resources.limits.cpu` | CPU resource limits for the agent container | not set | +| `agents.containers.agent.resources.requests.cpu` | CPU resource requests for the agent container | not set | +| `agents.containers.agent.resources.limits.memory` | Memory resource limits for the agent container | not set | +| `agents.containers.agent.resources.requests.memory` | Memory resource requests for the agent container | not set | +| `agents.containers.agent.livenessProbe` | Overrides the default liveness probe | http check on /live with port 5555 | +| `agents.containers.agent.readinessProbe` | Overrides the default readiness probe | http check on /ready with port 5555 | +| `agents.containers.processAgent.env` | Additional list of environment variables to use in the process-agent container | `nil` | +| `agents.containers.processAgent.logLevel` | Process agent log verbosity | `INFO` | +| `agents.containers.processAgent.resources.limits.cpu` | CPU resource limits for the process-agent container | `100m` | +| `agents.containers.processAgent.resources.requests.cpu` | CPU resource requests for the process-agent container | `100m` | +| `agents.containers.processAgent.resources.limits.memory` | Memory resource limits for the process-agent container | `200Mi` | +| `agents.containers.processAgent.resources.requests.memory` | Memory resource requests for the process-agent container | `200Mi` | +| `agents.containers.traceAgent.env` | Additional list of environment variables to use in the trace-agent container | `nil` | +| `agents.containers.traceAgent.logLevel` | Trace agent log verbosity | `INFO` | +| `agents.containers.traceAgent.resources.limits.cpu` | CPU resource limits for the trace-agent container | `100m` | +| `agents.containers.traceAgent.resources.requests.cpu` | CPU resource requests for the trace-agent container | `100m` | +| `agents.containers.traceAgent.resources.limits.memory` | Memory resource limits for the trace-agent container | `200Mi` | +| `agents.containers.traceAgent.resources.requests.memory` | Memory resource requests for the trace-agent container | `200Mi` | +| `agents.containers.systemProbe.env` | Additional list of environment variables to use in the system-probe container | `nil` | +| `agents.containers.systemProbe.logLevel` | System probe log verbosity | `INFO` | +| `agents.containers.systemProbe.resources.limits.cpu` | CPU resource limits for the system-probe container | `100m` | +| `agents.containers.systemProbe.resources.requests.cpu` | CPU resource requests for the system-probe container | `100m` | +| `agents.containers.systemProbe.resources.limits.memory` | Memory resource limits for the system-probe container | `200Mi` | +| `agents.containers.systemProbe.resources.requests.memory` | Memory resource requests for the system-probe container | `200Mi` | +| `agents.containers.initContainers.resources.limits.cpu` | CPU resource limits for the init containers container | not set | +| `agents.containers.initContainers.resources.requests.cpu` | CPU resource requests for the init containers container | not set | +| `agents.containers.initContainers.resources.limits.memory` | Memory resource limits for the init containers container | not set | +| `agents.containers.initContainers.resources.requests.memory` | Memory resource requests for the init containers container | not set | +| `agents.priorityClassName` | Which Priority Class to associate with the daemonset | `nil` | +| `agents.useConfigMap` | Configures a configmap to provide the agent configuration. Use this in combination with the `agent.customAgentConfig` parameter. | `false` | +| `agents.customAgentConfig` | Specify custom contents for the datadog agent config (datadog.yaml). Note the `agents.useConfigMap` parameter needs to be set to `true` for this parameter to be taken into account. | `{}` | +| `agents.updateStrategy` | Which update strategy to deploy the daemonset | RollingUpdate with 10% maxUnavailable | +| `agents.volumes` | Additional volumes for the daemonset or deployment | `nil` | +| `agents.volumeMounts` | Additional volumeMounts for the daemonset or deployment | `nil` | +| `agents.podSecurity.podSecurityPolicy.create` | If true, create a PodSecurityPolicy resource for the Agent's Pods. Supported only for Linux agent's daemonset. | `False` | +| `agents.podSecurity.securityContextConstraints.create` | If true, create a SecurityContextConstraints resource for the Agent's Pods. Supported only for Linux agent's daemonset. | `False` | +| `datadog.podSecurity.securityContext` | Allows you to overwrite the default securityContext applied to the container | default security context configuration | +| `agents.podSecurity.privileged` | If true, allowed privileged containers | `False` | +| `agents.podSecurity.capabilites` | list of allowed capabilities | `[SYS_ADMIN, SYS_RESOURCE, SYS_ADMIN, IPC_LOCK]` | +| `agents.podSecurity.volumes` | list of allowed volumes types | `[configMap,downwardAPI,emptyDir,ostPath,secret]` | +| `agents.podSecurity.seccompProfiles` | List of allowed seccomp profiles | `["*"]` | +| `agents.podSecurity.apparmorProfiles` | List of allowed apparmor profiles | `["*"]` | +| `datadog.leaderElection` | Enable the leader Election feature | `false` | +| `datadog.leaderLeaseDuration` | The duration for which a leader stays elected. | 60 sec, 15 if Cluster Checks enabled | +| `datadog.collectEvents` | Enable Kubernetes event collection. Requires leader election. | `false` | +| `datadog.kubeStateMetricsEnabled` | If true, create kube-state-metrics | `true` | +| `clusterAgent.enabled` | Use the cluster-agent for cluster metrics (Kubernetes 1.10+ only) | `false` | +| `clusterAgent.token` | A cluster-internal secret for agent-to-agent communication. Must be 32+ characters a-zA-Z | Generates a random value | +| `clusterAgent.tokenExistingSecret` | If set, use the secret with a provided name instead of creating a new one | `nil` | +| `clusterAgent.image.repository` | The image repository for the cluster-agent | `datadog/cluster-agent` | +| `clusterAgent.image.tag` | The image tag to pull | `1.2.0` | +| `clusterAgent.image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `clusterAgent.image.pullSecrets` | Image pull secrets | `nil` | +| `clusterAgent.command` | Override the default command to run in the container | `nil` | +| `clusterAgent.rbac.create` | If true, create & use RBAC resources for cluster agent's pods | `true` | +| `clusterAgent.rbac.serviceAccount` | existing ServiceAccount to use (ignored if rbac.create=true) for cluster agent's pods | `default` | +| `clusterAgent.metricsProvider.enabled` | Enable Datadog metrics as a source for HPA scaling | `false` | +| `clusterAgent.metricsProvider.service.type` | The type of service to use for the clusterAgent metrics server | `ClusterIP` | +| `clusterAgent.metricsProvider.service.port` | The port for service to use for the clusterAgent metrics server (Kubernetes >= 1.15) | `8443` | +| `clusterAgent.metricsProvider.wpaController` | Allows metricsProvider to work with WatermarkPodAutoscaler (requires WPA CRD) | `false` | +| `clusterAgent.metricsProvider.useDatadogMetrics` | Enable usage of DatadogMetric CRD to autoscale on arbitrary Datadog queries (requires DatadogMetric CRD) | `false` | +| `clusterAgent.metricsProvider.createReaderRbac` | Create `external-metrics-reader` RBAC automatically (to allow HPA to read data from Cluster Agent) | `true` | +| `clusterAgent.env` | Additional Datadog environment variables for the cluster-agent | `nil` | +| `clusterAgent.confd` | Additional check configurations (static and Autodiscovery) | `nil` | +| `clusterAgent.podAnnotations` | Annotations to add to the Cluster Agent Pod(s) | `nil` | +| `clusterAgent.podLabels` | Labels to add to the Cluster Agent Pod(s) | `nil` | +| `clusterAgent.createPodDisruptionBudget` | Enable a pod disruption budget to apply to the Cluster Agent pods | `false` | +| `clusterAgent.priorityClassName` | Name of the priorityClass to apply to the Cluster Agent | `nil` | +| `clusterAgent.nodeSelector` | Node selectors to apply to the Cluster Agent deployment | `nil` | +| `clusterAgent.affinity` | Node affinities to apply to the Cluster Agent deployment | `nil` | +| `clusterAgent.resources.requests.cpu` | CPU resource requests | not set | +| `clusterAgent.resources.limits.cpu` | CPU resource limits | not set | +| `clusterAgent.resources.requests.memory` | Memory resource requests | not set | +| `clusterAgent.resources.limits.memory` | Memory resource limits | not set | +| `clusterAgent.tolerations` | List of node taints to tolerate | `[]` | +| `clusterAgent.healthPort` | Overrides the default health port used by the liveness and readiness endpoint | `5555` | +| `clusterAgent.livenessProbe` | Overrides the default liveness probe | `http check on /live with port 5555` | +| `clusterAgent.readinessProbe` | Overrides the default readiness probe | `http check on /ready with port 5555` | +| `clusterAgent.strategy` | Which update strategy to deploy the cluster-agent | RollingUpdate with 0 maxUnavailable, 1 maxSurge | +| `clusterAgent.useHostNetwork` | If true, use the host's network | `nil` | +| `clusterAgent.dnsConfig` | If set, configure dnsConfig options in datadog cluster agent containers | `nil` | +| `clusterAgent.volumes` | Additional volumes for the cluster-agent deployment | `nil` | +| `clusterAgent.volumeMounts` | Additional volumeMounts for the cluster-agent deployment | `nil` | +| `clusterChecksRunner.enabled` | Enable Datadog agent deployment dedicated for running Cluster Checks. It allows having different resources (Request/Limit) for Cluster Checks agent pods. | `false` | +| `clusterChecksRunner.env` | Additional Datadog environment variables for Cluster Checks Deployment | `nil` | +| `clusterChecksRunner.createPodDisruptionBudget` | Enable a pod disruption budget to apply to the Cluster Checks pods | `false` | +| `clusterChecksRunner.resources.requests.cpu` | CPU resource requests | not set | +| `clusterChecksRunner.resources.limits.cpu` | CPU resource limits | not set | +| `clusterChecksRunner.resources.requests.memory` | Memory resource requests | not set | +| `clusterChecksRunner.resources.limits.memory` | Memory resource limits | not set | +| `clusterChecksRunner.nodeSelector` | Node selectors | `nil` | +| `clusterChecksRunner.tolerations` | List of node taints to tolerate | `nil` | +| `clusterChecksRunner.affinity` | Node affinities | avoid running pods on the same node | +| `clusterChecksRunner.livenessProbe` | Overrides the default liveness probe | http check on /live with port 5555 | +| `clusterChecksRunner.readinessProbe` | Overrides the default readiness probe | http check on /ready with port 5555 | +| `clusterChecksRunner.rbac.create` | If true, create & use RBAC resources for clusterchecks agent's pods | `true` | +| `clusterChecksRunner.rbac.dedicated` | If true, use dedicated RBAC resources for clusterchecks agent's pods | `false` | +| `clusterChecksRunner.rbac.serviceAccount` | existing ServiceAccount to use (ignored if rbac.create=true) for clusterchecks agent's pods | `default` | +| `clusterChecksRunner.rbac.serviceAccountAnnotations` | Annotations to add to the ServiceAccount if `clusterChecksRunner.rbac.dedicated` is `true` | `{}` | +| `clusterChecksRunner.strategy` | Which update strategy to deploy the Cluster Checks Deployment | RollingUpdate with 0 maxUnavailable, 1 maxSurge | +| `clusterChecksRunner.volumes` | Additional volumes for the Cluster Checks deployment | `nil` | +| `clusterChecksRunner.volumeMounts` | Additional volumeMounts for the Cluster Checks deployment | `nil` | +| `clusterChecksRunner.dnsConfig` | If set, configure dnsConfig options in datadog cluster agent clusterChecks containers | `nil` | +| `kube-state-metrics.rbac.create` | If true, create & use RBAC resources for kube-state-metrics | `true` | +| `kube-state-metrics.serviceAccount.create` | If true, create & use serviceAccount | `true` | +| `kube-state-metrics.serviceAccount.name` | If not set & create is true, use template fullname | | +| `kube-state-metrics.resources` | Overwrite the default kube-state-metrics container resources (Optional) | | + +## Configuration options for Windows deployments + +Some options above are not working/not available on Windows, here is the list of **unsupported** options: + +| Parameter | Reason | +|------------------------------------------|--------------------------------------------------| +| `datadog.dogstatsd.useHostPID` | Host PID not supported by Windows Containers | +| `datadog.dogstatsd.useSocketVolume` | Unix sockets not supported on Windows | +| `datadog.dogstatsd.socketPath` | Unix sockets not supported on Windows | +| `datadog.processAgent.processCollection` | Unable to access host/other containers processes | +| `datadog.systemProbe.enabled` | System probe is not available for Windows | +| `datadog.systemProbe.seccomp` | System probe is not available for Windows | +| `datadog.systemProbe.seccompRoot` | System probe is not available for Windows | +| `datadog.systemProbe.debugPort` | System probe is not available for Windows | +| `datadog.systemProbe.enableConntrack` | System probe is not available for Windows | +| `datadog.systemProbe.bpfDebug` | System probe is not available for Windows | +| `datadog.systemProbe.apparmor` | System probe is not available for Windows | +| `agents.useHostNetwork` | Host network not supported by Windows Containers | diff --git a/charts/datadog/datadog/2.4.200/app-readme.md b/charts/datadog/datadog/2.4.200/app-readme.md new file mode 100644 index 000000000..4adcb1d9f --- /dev/null +++ b/charts/datadog/datadog/2.4.200/app-readme.md @@ -0,0 +1,32 @@ +# Datadog + +[Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/kubernetes/charts/tree/master/stable/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). + +Datadog [offers two variants](https://hub.docker.com/r/datadog/agent/tags/), switch to a `-jmx` tag if you need to run JMX/java integrations. The chart also supports running [the standalone dogstatsd image](https://hub.docker.com/r/datadog/dogstatsd/tags/). + +See the [Datadog JMX integration](https://docs.datadoghq.com/integrations/java/) to learn more. + +## Prerequisites + +Kubernetes 1.4+ or OpenShift 3.4+, note that: + +* the Datadog Agent supports Kubernetes 1.3+ +* The Datadog chart's defaults are tailored to Kubernetes 1.7.6+, see [Datadog Agent legacy Kubernetes versions documentation](https://github.com/DataDog/datadog-agent/tree/master/Dockerfiles/agent#legacy-kubernetes-versions) for adjustments you might need to make for older versions + +## Quick start + +By default, the Datadog Agent runs in a DaemonSet. It can alternatively run inside a Deployment for special use cases. + +**Note:** simultaneous DaemonSet + Deployment installation within a single release will be deprecated in a future version, requiring two releases to achieve this. + +### Installing the Datadog Chart + +To install the chart with the release name ``, retrieve your Datadog API key from your [Agent Installation Instructions](https://app.datadoghq.com/account/settings#agent/kubernetes) and run: + +```bash +helm install --name \ + --set datadog.apiKey= stable/datadog +``` + +By default, this Chart creates a Secret and puts an API key in that Secret. +However, you can use manually created secret by setting the `datadog.apiKeyExistingSecret` value. After a few minutes, you should see hosts and metrics being reported in Datadog. diff --git a/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/.helmignore b/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/.helmignore new file mode 100644 index 000000000..f0c131944 --- /dev/null +++ b/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/Chart.yaml b/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/Chart.yaml new file mode 100644 index 000000000..4ef688395 --- /dev/null +++ b/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/Chart.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +appVersion: 1.9.7 +description: Install kube-state-metrics to generate and expose cluster-level metrics +home: https://github.com/kubernetes/kube-state-metrics/ +keywords: +- metric +- monitoring +- prometheus +- kubernetes +maintainers: +- email: jose@armesto.net + name: fiunchinho +- email: tariq.ibrahim@mulesoft.com + name: tariq1890 +- email: manuel@rueg.eu + name: mrueg +name: kube-state-metrics +sources: +- https://github.com/kubernetes/kube-state-metrics/ +version: 2.8.11 diff --git a/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/OWNERS b/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/OWNERS new file mode 100644 index 000000000..6ffd97d74 --- /dev/null +++ b/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/OWNERS @@ -0,0 +1,8 @@ +approvers: +- fiunchinho +- tariq1890 +- mrueg +reviewers: +- fiunchinho +- tariq1890 +- mrueg diff --git a/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/README.md b/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/README.md new file mode 100644 index 000000000..7d5cee525 --- /dev/null +++ b/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/README.md @@ -0,0 +1,79 @@ +# kube-state-metrics Helm Chart + +* Installs the [kube-state-metrics agent](https://github.com/kubernetes/kube-state-metrics). + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```bash +$ helm install stable/kube-state-metrics +``` + +## Configuration + +| Parameter | Description | Default | +|:---------------------------------------------|:--------------------------------------------------------------------------------------|:-------------------------------------------| +| `image.repository` | The image repository to pull from | `quay.io/coreos/kube-state-metrics` | +| `image.tag` | The image tag to pull from | `v1.9.7` | +| `image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `imagePullSecrets` | List of container registry secrets | `[]` | +| `replicas` | Number of replicas | `1` | +| `autosharding.enabled` | Set to `true` to automatically shard data across `replicas` pods. EXPERIMENTAL | `false` | +| `service.port` | The port of the container | `8080` | +| `service.annotations` | Annotations to be added to the service | `{}` | +| `customLabels` | Custom labels to apply to service, deployment and pods | `{}` | +| `hostNetwork` | Whether or not to use the host network | `false` | +| `prometheusScrape` | Whether or not enable prom scrape | `true` | +| `rbac.create` | If true, create & use RBAC resources | `true` | +| `serviceAccount.create` | If true, create & use serviceAccount | `true` | +| `serviceAccount.name` | If not set & create is true, use template fullname | | +| `serviceAccount.imagePullSecrets` | Specify image pull secrets field | `[]` | +| `podSecurityPolicy.enabled` | If true, create & use PodSecurityPolicy resources. Note that related RBACs are created only if `rbac.enabled` is `true`. | `false` | +| `podSecurityPolicy.annotations` | Specify pod annotations in the pod security policy | `{}` | +| `podSecurityPolicy.additionalVolumes` | Specify allowed volumes in the pod security policy (`secret` is always allowed) | `[]` | +| `securityContext.enabled` | Enable security context | `true` | +| `securityContext.fsGroup` | Group ID for the filesystem | `65534` | +| `securityContext.runAsGroup` | Group ID for the container | `65534` | +| `securityContext.runAsUser` | User ID for the container | `65534` | +| `priorityClassName` | Name of Priority Class to assign pods | `nil` | +| `nodeSelector` | Node labels for pod assignment | `{}` | +| `affinity` | Affinity settings for pod assignment | `{}` | +| `tolerations` | Tolerations for pod assignment | `[]` | +| `podAnnotations` | Annotations to be added to the pod | `{}` | +| `podDisruptionBudget` | Optional PodDisruptionBudget | `{}` | +| `resources` | kube-state-metrics resource requests and limits | `{}` | +| `collectors.certificatesigningrequests` | Enable the certificatesigningrequests collector. | `true` | +| `collectors.configmaps` | Enable the configmaps collector. | `true` | +| `collectors.cronjobs` | Enable the cronjobs collector. | `true` | +| `collectors.daemonsets` | Enable the daemonsets collector. | `true` | +| `collectors.deployments` | Enable the deployments collector. | `true` | +| `collectors.endpoints` | Enable the endpoints collector. | `true` | +| `collectors.horizontalpodautoscalers` | Enable the horizontalpodautoscalers collector. | `true` | +| `collectors.ingresses` | Enable the ingresses collector. | `true` | +| `collectors.jobs` | Enable the jobs collector. | `true` | +| `collectors.limitranges` | Enable the limitranges collector. | `true` | +| `collectors.mutatingwebhookconfigurations` | Enable the mutatingwebhookconfigurations collector. | `true` | +| `collectors.namespaces` | Enable the namespaces collector. | `true` | +| `collectors.networkpolicies` | Enable the networkpolicies collector. | `true` | +| `collectors.nodes` | Enable the nodes collector. | `true` | +| `collectors.persistentvolumeclaims` | Enable the persistentvolumeclaims collector. | `true` | +| `collectors.persistentvolumes` | Enable the persistentvolumes collector. | `true` | +| `collectors.poddisruptionbudgets` | Enable the poddisruptionbudgets collector. | `true` | +| `collectors.pods` | Enable the pods collector. | `true` | +| `collectors.replicasets` | Enable the replicasets collector. | `true` | +| `collectors.replicationcontrollers` | Enable the replicationcontrollers collector. | `true` | +| `collectors.resourcequotas` | Enable the resourcequotas collector. | `true` | +| `collectors.secrets` | Enable the secrets collector. | `true` | +| `collectors.services` | Enable the services collector. | `true` | +| `collectors.statefulsets` | Enable the statefulsets collector. | `true` | +| `collectors.storageclasses` | Enable the storageclasses collector. | `true` | +| `collectors.validatingwebhookconfigurations` | Enable the validatingwebhookconfigurations collector. | `true` | +| `collectors.verticalpodautoscalers` | Enable the verticalpodautoscalers collector. | `true` | +| `collectors.volumeattachments` | Enable the volumeattachments collector. | `true` | +| `prometheus.monitor.enabled` | Set this to `true` to create ServiceMonitor for Prometheus operator | `false` | +| `prometheus.monitor.additionalLabels` | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus | `{}` | +| `prometheus.monitor.namespace` | Namespace where servicemonitor resource should be created | `the same namespace as kube-state-metrics` | +| `prometheus.monitor.honorLabels` | Honor metric labels | `false` | +| `namespaceOverride` | Override the deployment namespace | `""` (`Release.Namespace`) | +| `kubeTargetVersionOverride` | Override the k8s version of the target cluster | `""` | diff --git a/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/NOTES.txt b/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/NOTES.txt new file mode 100644 index 000000000..5a646e0cc --- /dev/null +++ b/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/NOTES.txt @@ -0,0 +1,10 @@ +kube-state-metrics is a simple service that listens to the Kubernetes API server and generates metrics about the state of the objects. +The exposed metrics can be found here: +https://github.com/kubernetes/kube-state-metrics/blob/master/docs/README.md#exposed-metrics + +The metrics are exported on the HTTP endpoint /metrics on the listening port. +In your case, {{ template "kube-state-metrics.fullname" . }}.{{ template "kube-state-metrics.namespace" . }}.svc.cluster.local:{{ .Values.service.port }}/metrics + +They are served either as plaintext or protobuf depending on the Accept header. +They are designed to be consumed either by Prometheus itself or by a scraper that is compatible with scraping a Prometheus client endpoint. + diff --git a/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/_helpers.tpl b/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/_helpers.tpl new file mode 100644 index 000000000..6ae0e647f --- /dev/null +++ b/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/_helpers.tpl @@ -0,0 +1,47 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "kube-state-metrics.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "kube-state-metrics.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "kube-state-metrics.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "kube-state-metrics.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Allow the release namespace to be overridden for multi-namespace deployments in combined charts +*/}} +{{- define "kube-state-metrics.namespace" -}} + {{- if .Values.namespaceOverride -}} + {{- .Values.namespaceOverride -}} + {{- else -}} + {{- .Release.Namespace -}} + {{- end -}} +{{- end -}} diff --git a/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/clusterrole.yaml b/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/clusterrole.yaml new file mode 100644 index 000000000..319aec16c --- /dev/null +++ b/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/clusterrole.yaml @@ -0,0 +1,180 @@ +{{- if .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + name: {{ template "kube-state-metrics.fullname" . }} +rules: +{{ if .Values.collectors.certificatesigningrequests }} +- apiGroups: ["certificates.k8s.io"] + resources: + - certificatesigningrequests + verbs: ["list", "watch"] +{{ end -}} +{{ if .Values.collectors.configmaps }} +- apiGroups: [""] + resources: + - configmaps + verbs: ["list", "watch"] +{{ end -}} +{{ if .Values.collectors.cronjobs }} +- apiGroups: ["batch"] + resources: + - cronjobs + verbs: ["list", "watch"] +{{ end -}} +{{ if .Values.collectors.daemonsets }} +- apiGroups: ["extensions", "apps"] + resources: + - daemonsets + verbs: ["list", "watch"] +{{ end -}} +{{ if .Values.collectors.deployments }} +- apiGroups: ["extensions", "apps"] + resources: + - deployments + verbs: ["list", "watch"] +{{ end -}} +{{ if .Values.collectors.endpoints }} +- apiGroups: [""] + resources: + - endpoints + verbs: ["list", "watch"] +{{ end -}} +{{ if .Values.collectors.horizontalpodautoscalers }} +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: ["list", "watch"] +{{ end -}} +{{ if .Values.collectors.ingresses }} +- apiGroups: ["extensions", "networking.k8s.io"] + resources: + - ingresses + verbs: ["list", "watch"] +{{ end -}} +{{ if .Values.collectors.jobs }} +- apiGroups: ["batch"] + resources: + - jobs + verbs: ["list", "watch"] +{{ end -}} +{{ if .Values.collectors.limitranges }} +- apiGroups: [""] + resources: + - limitranges + verbs: ["list", "watch"] +{{ end -}} +{{ if .Values.collectors.mutatingwebhookconfigurations }} +- apiGroups: ["admissionregistration.k8s.io"] + resources: + - mutatingwebhookconfigurations + verbs: ["list", "watch"] +{{ end -}} +{{ if .Values.collectors.namespaces }} +- apiGroups: [""] + resources: + - namespaces + verbs: ["list", "watch"] +{{ end -}} +{{ if .Values.collectors.networkpolicies }} +- apiGroups: ["networking.k8s.io"] + resources: + - networkpolicies + verbs: ["list", "watch"] +{{ end -}} +{{ if .Values.collectors.nodes }} +- apiGroups: [""] + resources: + - nodes + verbs: ["list", "watch"] +{{ end -}} +{{ if .Values.collectors.persistentvolumeclaims }} +- apiGroups: [""] + resources: + - persistentvolumeclaims + verbs: ["list", "watch"] +{{ end -}} +{{ if .Values.collectors.persistentvolumes }} +- apiGroups: [""] + resources: + - persistentvolumes + verbs: ["list", "watch"] +{{ end -}} +{{ if .Values.collectors.poddisruptionbudgets }} +- apiGroups: ["policy"] + resources: + - poddisruptionbudgets + verbs: ["list", "watch"] +{{ end -}} +{{ if .Values.collectors.pods }} +- apiGroups: [""] + resources: + - pods + verbs: ["list", "watch"] +{{ end -}} +{{ if .Values.collectors.replicasets }} +- apiGroups: ["extensions", "apps"] + resources: + - replicasets + verbs: ["list", "watch"] +{{ end -}} +{{ if .Values.collectors.replicationcontrollers }} +- apiGroups: [""] + resources: + - replicationcontrollers + verbs: ["list", "watch"] +{{ end -}} +{{ if .Values.collectors.resourcequotas }} +- apiGroups: [""] + resources: + - resourcequotas + verbs: ["list", "watch"] +{{ end -}} +{{ if .Values.collectors.secrets }} +- apiGroups: [""] + resources: + - secrets + verbs: ["list", "watch"] +{{ end -}} +{{ if .Values.collectors.services }} +- apiGroups: [""] + resources: + - services + verbs: ["list", "watch"] +{{ end -}} +{{ if .Values.collectors.statefulsets }} +- apiGroups: ["apps"] + resources: + - statefulsets + verbs: ["list", "watch"] +{{ end -}} +{{ if .Values.collectors.storageclasses }} +- apiGroups: ["storage.k8s.io"] + resources: + - storageclasses + verbs: ["list", "watch"] +{{ end -}} +{{ if .Values.collectors.validatingwebhookconfigurations }} +- apiGroups: ["admissionregistration.k8s.io"] + resources: + - validatingwebhookconfigurations + verbs: ["list", "watch"] +{{ end -}} +{{ if .Values.collectors.volumeattachments }} +- apiGroups: ["storage.k8s.io"] + resources: + - volumeattachments + verbs: ["list", "watch"] +{{ end -}} +{{ if .Values.collectors.verticalpodautoscalers }} +- apiGroups: ["autoscaling.k8s.io"] + resources: + - verticalpodautoscalers + verbs: ["list", "watch"] +{{ end -}} +{{- end -}} diff --git a/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/clusterrolebinding.yaml b/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..4635985aa --- /dev/null +++ b/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/clusterrolebinding.yaml @@ -0,0 +1,19 @@ +{{- if .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + name: {{ template "kube-state-metrics.fullname" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-state-metrics.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} +{{- end -}} diff --git a/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/deployment.yaml b/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/deployment.yaml new file mode 100644 index 000000000..99656046c --- /dev/null +++ b/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/deployment.yaml @@ -0,0 +1,191 @@ +apiVersion: apps/v1 +{{- if .Values.autosharding.enabled }} +kind: StatefulSet +{{- else }} +kind: Deployment +{{- end }} +metadata: + name: {{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + app.kubernetes.io/instance: "{{ .Release.Name }}" + app.kubernetes.io/managed-by: "{{ .Release.Service }}" +{{- if .Values.customLabels }} +{{ toYaml .Values.customLabels | indent 4 }} +{{- end }} +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + replicas: {{ .Values.replicas }} +{{- if .Values.autosharding.enabled }} + serviceName: {{ template "kube-state-metrics.fullname" . }} + volumeClaimTemplates: [] +{{- end }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + app.kubernetes.io/instance: "{{ .Release.Name }}" +{{- if .Values.customLabels }} +{{ toYaml .Values.customLabels | indent 8 }} +{{- end }} +{{- if .Values.podAnnotations }} + annotations: +{{ toYaml .Values.podAnnotations | indent 8 }} +{{- end }} + spec: + hostNetwork: {{ .Values.hostNetwork }} + serviceAccountName: {{ template "kube-state-metrics.serviceAccountName" . }} + {{- if .Values.securityContext.enabled }} + securityContext: + fsGroup: {{ .Values.securityContext.fsGroup }} + runAsGroup: {{ .Values.securityContext.runAsGroup }} + runAsUser: {{ .Values.securityContext.runAsUser }} + {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} + {{- end }} + containers: + - name: {{ .Chart.Name }} +{{- if .Values.autosharding.enabled }} + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace +{{- end }} + args: +{{ if .Values.collectors.certificatesigningrequests }} + - --collectors=certificatesigningrequests +{{ end }} +{{ if .Values.collectors.configmaps }} + - --collectors=configmaps +{{ end }} +{{ if .Values.collectors.cronjobs }} + - --collectors=cronjobs +{{ end }} +{{ if .Values.collectors.daemonsets }} + - --collectors=daemonsets +{{ end }} +{{ if .Values.collectors.deployments }} + - --collectors=deployments +{{ end }} +{{ if .Values.collectors.endpoints }} + - --collectors=endpoints +{{ end }} +{{ if .Values.collectors.horizontalpodautoscalers }} + - --collectors=horizontalpodautoscalers +{{ end }} +{{ if .Values.collectors.ingresses }} + - --collectors=ingresses +{{ end }} +{{ if .Values.collectors.jobs }} + - --collectors=jobs +{{ end }} +{{ if .Values.collectors.limitranges }} + - --collectors=limitranges +{{ end }} +{{ if .Values.collectors.mutatingwebhookconfigurations }} + - --collectors=mutatingwebhookconfigurations +{{ end }} +{{ if .Values.collectors.namespaces }} + - --collectors=namespaces +{{ end }} +{{ if .Values.collectors.networkpolicies }} + - --collectors=networkpolicies +{{ end }} +{{ if .Values.collectors.nodes }} + - --collectors=nodes +{{ end }} +{{ if .Values.collectors.persistentvolumeclaims }} + - --collectors=persistentvolumeclaims +{{ end }} +{{ if .Values.collectors.persistentvolumes }} + - --collectors=persistentvolumes +{{ end }} +{{ if .Values.collectors.poddisruptionbudgets }} + - --collectors=poddisruptionbudgets +{{ end }} +{{ if .Values.collectors.pods }} + - --collectors=pods +{{ end }} +{{ if .Values.collectors.replicasets }} + - --collectors=replicasets +{{ end }} +{{ if .Values.collectors.replicationcontrollers }} + - --collectors=replicationcontrollers +{{ end }} +{{ if .Values.collectors.resourcequotas }} + - --collectors=resourcequotas +{{ end }} +{{ if .Values.collectors.secrets }} + - --collectors=secrets +{{ end }} +{{ if .Values.collectors.services }} + - --collectors=services +{{ end }} +{{ if .Values.collectors.statefulsets }} + - --collectors=statefulsets +{{ end }} +{{ if .Values.collectors.storageclasses }} + - --collectors=storageclasses +{{ end }} +{{ if .Values.collectors.validatingwebhookconfigurations }} + - --collectors=validatingwebhookconfigurations +{{ end }} +{{ if .Values.collectors.verticalpodautoscalers }} + - --collectors=verticalpodautoscalers +{{ end }} +{{ if .Values.collectors.volumeattachments }} + - --collectors=volumeattachments +{{ end }} +{{ if .Values.namespace }} + - --namespace={{ .Values.namespace }} +{{ end }} +{{ if .Values.autosharding.enabled }} + - --pod=$(POD_NAME) + - --pod-namespace=$(POD_NAMESPACE) +{{ end }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + ports: + - containerPort: 8080 + livenessProbe: + httpGet: + path: /healthz + port: 8080 + initialDelaySeconds: 5 + timeoutSeconds: 5 + readinessProbe: + httpGet: + path: / + port: 8080 + initialDelaySeconds: 5 + timeoutSeconds: 5 +{{- if .Values.resources }} + resources: +{{ toYaml .Values.resources | indent 10 }} +{{- end }} +{{- if .Values.imagePullSecrets }} + imagePullSecrets: +{{ toYaml .Values.imagePullSecrets | indent 8 }} +{{- end }} +{{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} +{{- end }} +{{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} +{{- end }} +{{- if .Values.tolerations }} + tolerations: +{{ toYaml .Values.tolerations | indent 8 }} +{{- end }} diff --git a/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/pdb.yaml b/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/pdb.yaml new file mode 100644 index 000000000..6adb50d79 --- /dev/null +++ b/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/pdb.yaml @@ -0,0 +1,17 @@ +{{- if .Values.podDisruptionBudget -}} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: {{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + app.kubernetes.io/instance: "{{ .Release.Name }}" + app.kubernetes.io/managed-by: "{{ .Release.Service }}" +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} +{{ toYaml .Values.podDisruptionBudget | indent 2 }} +{{- end -}} \ No newline at end of file diff --git a/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/podsecuritypolicy.yaml b/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/podsecuritypolicy.yaml new file mode 100644 index 000000000..e822ba0e7 --- /dev/null +++ b/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/podsecuritypolicy.yaml @@ -0,0 +1,42 @@ +{{- if .Values.podSecurityPolicy.enabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "kube-state-metrics.fullname" . }} + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Values.podSecurityPolicy.annotations }} + annotations: +{{ toYaml .Values.podSecurityPolicy.annotations | indent 4 }} +{{- end }} +spec: + privileged: false + volumes: + - 'secret' +{{- if .Values.podSecurityPolicy.additionalVolumes }} +{{ toYaml .Values.podSecurityPolicy.additionalVolumes | indent 4 }} +{{- end }} + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 1 + max: 65535 + readOnlyRootFilesystem: false +{{- end }} diff --git a/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/psp-clusterrole.yaml b/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/psp-clusterrole.yaml new file mode 100644 index 000000000..217abc950 --- /dev/null +++ b/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/psp-clusterrole.yaml @@ -0,0 +1,22 @@ +{{- if and .Values.podSecurityPolicy.enabled .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + name: psp-{{ template "kube-state-metrics.fullname" . }} +rules: +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if semverCompare "> 1.15.0-0" $kubeTargetVersion }} +- apiGroups: ['policy'] +{{- else }} +- apiGroups: ['extensions'] +{{- end }} + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "kube-state-metrics.fullname" . }} +{{- end }} diff --git a/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/psp-clusterrolebinding.yaml b/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/psp-clusterrolebinding.yaml new file mode 100644 index 000000000..feb97f228 --- /dev/null +++ b/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/psp-clusterrolebinding.yaml @@ -0,0 +1,19 @@ +{{- if and .Values.podSecurityPolicy.enabled .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + name: psp-{{ template "kube-state-metrics.fullname" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: psp-{{ template "kube-state-metrics.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} +{{- end }} diff --git a/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/service.yaml b/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/service.yaml new file mode 100644 index 000000000..5dacf5217 --- /dev/null +++ b/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/service.yaml @@ -0,0 +1,36 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + app.kubernetes.io/instance: "{{ .Release.Name }}" + app.kubernetes.io/managed-by: "{{ .Release.Service }}" +{{- if .Values.customLabels }} +{{ toYaml .Values.customLabels | indent 4 }} +{{- end }} + annotations: + {{- if .Values.prometheusScrape }} + prometheus.io/scrape: '{{ .Values.prometheusScrape }}' + {{- end }} + {{- if .Values.service.annotations }} + {{- toYaml .Values.service.annotations | nindent 4 }} + {{- end }} +spec: + type: "{{ .Values.service.type }}" + ports: + - name: "http" + protocol: TCP + port: {{ .Values.service.port }} + {{- if .Values.service.nodePort }} + nodePort: {{ .Values.service.nodePort }} + {{- end }} + targetPort: 8080 +{{- if .Values.service.loadBalancerIP }} + loadBalancerIP: "{{ .Values.service.loadBalancerIP }}" +{{- end }} + selector: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/serviceaccount.yaml b/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/serviceaccount.yaml new file mode 100644 index 000000000..32bb1640f --- /dev/null +++ b/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/serviceaccount.yaml @@ -0,0 +1,14 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + name: {{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} +imagePullSecrets: +{{ toYaml .Values.serviceAccount.imagePullSecrets | indent 2 }} +{{- end -}} diff --git a/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/servicemonitor.yaml b/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/servicemonitor.yaml new file mode 100644 index 000000000..54cde362d --- /dev/null +++ b/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/servicemonitor.yaml @@ -0,0 +1,25 @@ +{{- if .Values.prometheus.monitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + app.kubernetes.io/instance: "{{ .Release.Name }}" + app.kubernetes.io/managed-by: "{{ .Release.Service }}" + {{- if .Values.prometheus.monitor.additionalLabels }} +{{ toYaml .Values.prometheus.monitor.additionalLabels | indent 4 }} + {{- end }} +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + endpoints: + - port: http + {{- if .Values.prometheus.monitor.honorLabels }} + honorLabels: true + {{- end }} +{{- end }} diff --git a/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/stsdiscovery-role.yaml b/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/stsdiscovery-role.yaml new file mode 100644 index 000000000..bf5396072 --- /dev/null +++ b/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/stsdiscovery-role.yaml @@ -0,0 +1,27 @@ +{{- if and .Values.autosharding.enabled .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get +- apiGroups: + - apps + resourceNames: + - kube-state-metrics + resources: + - statefulsets + verbs: + - get +{{- end }} diff --git a/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml b/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml new file mode 100644 index 000000000..6a2e5bfe7 --- /dev/null +++ b/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml @@ -0,0 +1,20 @@ +{{- if and .Values.autosharding.enabled .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} +{{- end }} diff --git a/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/values.yaml b/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/values.yaml new file mode 100644 index 000000000..11f48fb77 --- /dev/null +++ b/charts/datadog/datadog/2.4.200/charts/kube-state-metrics/values.yaml @@ -0,0 +1,139 @@ +# Default values for kube-state-metrics. +prometheusScrape: true +image: + repository: quay.io/coreos/kube-state-metrics + tag: v1.9.7 + pullPolicy: IfNotPresent + +imagePullSecrets: [] +# - name: "image-pull-secret" + +# If set to true, this will deploy kube-state-metrics as a StatefulSet and the data +# will be automatically sharded across <.Values.replicas> pods using the built-in +# autodiscovery feature: https://github.com/kubernetes/kube-state-metrics#automated-sharding +# This is an experimental feature and there are no stability guarantees. +autosharding: + enabled: false + +replicas: 1 + +service: + port: 8080 + # Default to clusterIP for backward compatibility + type: ClusterIP + nodePort: 0 + loadBalancerIP: "" + annotations: {} + +customLabels: {} + +hostNetwork: false + +rbac: + # If true, create & use RBAC resources + create: true + +serviceAccount: + # Specifies whether a ServiceAccount should be created, require rbac true + create: true + # The name of the ServiceAccount to use. + # If not set and create is true, a name is generated using the fullname template + name: + # Reference to one or more secrets to be used when pulling images + # ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + imagePullSecrets: [] + +prometheus: + monitor: + enabled: false + additionalLabels: {} + namespace: "" + honorLabels: false + +## Specify if a Pod Security Policy for kube-state-metrics must be created +## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ +## +podSecurityPolicy: + enabled: false + annotations: {} + ## Specify pod annotations + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl + ## + # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' + # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' + # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' + + additionalVolumes: [] + +securityContext: + enabled: true + runAsGroup: 65534 + runAsUser: 65534 + fsGroup: 65534 + +## Node labels for pod assignment +## Ref: https://kubernetes.io/docs/user-guide/node-selection/ +nodeSelector: {} + +## Affinity settings for pod assignment +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ +affinity: {} + +## Tolerations for pod assignment +## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +tolerations: [] + +# Annotations to be added to the pod +podAnnotations: {} + +## Assign a PriorityClassName to pods if set +# priorityClassName: "" + +# Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ +podDisruptionBudget: {} + +# Available collectors for kube-state-metrics. By default all available +# collectors are enabled. +collectors: + certificatesigningrequests: true + configmaps: true + cronjobs: true + daemonsets: true + deployments: true + endpoints: true + horizontalpodautoscalers: true + ingresses: true + jobs: true + limitranges: true + mutatingwebhookconfigurations: true + namespaces: true + networkpolicies: true + nodes: true + persistentvolumeclaims: true + persistentvolumes: true + poddisruptionbudgets: true + pods: true + replicasets: true + replicationcontrollers: true + resourcequotas: true + secrets: true + services: true + statefulsets: true + storageclasses: true + validatingwebhookconfigurations: true + verticalpodautoscalers: false + volumeattachments: true + +# Namespace to be enabled for collecting resources. By default all namespaces are collected. +# namespace: "" + +## Override the deployment namespace +## +namespaceOverride: "" + +## Provide a k8s version to define apiGroups for podSecurityPolicy Cluster Role. +## For example: kubeTargetVersionOverride: 1.14.9 +## +kubeTargetVersionOverride: "" diff --git a/charts/datadog/datadog/2.4.200/ci/cluster-agent-and-worker-with-dedicated-rbac-values.yaml b/charts/datadog/datadog/2.4.200/ci/cluster-agent-and-worker-with-dedicated-rbac-values.yaml new file mode 100644 index 000000000..d290ace8a --- /dev/null +++ b/charts/datadog/datadog/2.4.200/ci/cluster-agent-and-worker-with-dedicated-rbac-values.yaml @@ -0,0 +1,17 @@ +datadog: + apiKey: "00000000000000000000000000000000" + appKey: "0000000000000000000000000000000000000000" + kubeStateMetricsEnabled: false + clusterChecks: + enabled: true + +clusterAgent: + enabled: true + +clusterChecksRunner: + enabled: true + replicas: 1 + rbac: + dedicated: true + serviceAccountAnnotations: + "eks.amazonaws.com/role-arn": "arn:aws:iam::123456789012:role/datadog-clusterchecker" diff --git a/charts/datadog/datadog/2.4.200/ci/cluster-agent-metrics-server-service-port-values.yaml b/charts/datadog/datadog/2.4.200/ci/cluster-agent-metrics-server-service-port-values.yaml new file mode 100644 index 000000000..2006b81a4 --- /dev/null +++ b/charts/datadog/datadog/2.4.200/ci/cluster-agent-metrics-server-service-port-values.yaml @@ -0,0 +1,13 @@ +datadog: + apiKey: "00000000000000000000000000000000" + appKey: "0000000000000000000000000000000000000000" + kubeStateMetricsEnabled: false + +clusterAgent: + enabled: true + + metricsProvider: + enabled: true + + service: + port: 4443 diff --git a/charts/datadog/datadog/2.4.200/ci/cluster-agent-values.yaml b/charts/datadog/datadog/2.4.200/ci/cluster-agent-values.yaml new file mode 100644 index 000000000..7a5aeb66a --- /dev/null +++ b/charts/datadog/datadog/2.4.200/ci/cluster-agent-values.yaml @@ -0,0 +1,25 @@ +datadog: + clusterName: kubernetes-cluster.example.com + apiKey: "00000000000000000000000000000000" + appKey: "0000000000000000000000000000000000000000" + kubeStateMetricsEnabled: false + clusterChecks: + enabled: true + +clusterAgent: + enabled: true + wpaController: true + +clusterChecksRunner: + enabled: true + replicas: 1 + + volumes: + - name: tmp + hostPath: + path: /tmp + + volumeMounts: + - name: tmp + mountPath: /etc/tmp + readOnly: true diff --git a/charts/datadog/datadog/2.4.200/ci/default-values.yaml b/charts/datadog/datadog/2.4.200/ci/default-values.yaml new file mode 100644 index 000000000..ff92bd38a --- /dev/null +++ b/charts/datadog/datadog/2.4.200/ci/default-values.yaml @@ -0,0 +1,4 @@ +# Empty values file for testing default parameters. +datadog: + apiKey: "00000000000000000000000000000000" + appKey: "0000000000000000000000000000000000000000" diff --git a/charts/datadog/datadog/2.4.200/ci/dogstastd-socket-values.yaml b/charts/datadog/datadog/2.4.200/ci/dogstastd-socket-values.yaml new file mode 100644 index 000000000..a514bea92 --- /dev/null +++ b/charts/datadog/datadog/2.4.200/ci/dogstastd-socket-values.yaml @@ -0,0 +1,12 @@ +# Empty values file for testing default parameters. +datadog: + apiKey: "00000000000000000000000000000000" + appKey: "0000000000000000000000000000000000000000" + kubeStateMetricsEnabled: false + + dogstatsd: + useSocketVolume: true + + apm: + enabled: true + useSocketVolume: true diff --git a/charts/datadog/datadog/2.4.200/ci/kubeval.yaml b/charts/datadog/datadog/2.4.200/ci/kubeval.yaml new file mode 100644 index 000000000..c1723ded6 --- /dev/null +++ b/charts/datadog/datadog/2.4.200/ci/kubeval.yaml @@ -0,0 +1,46 @@ +datadog: + apiKey: "00000000000000000000000000000000" + appKey: "0000000000000000000000000000000000000000" + env: + - name: "DD_KUBELET_TLS_VERIFY" + value: "false" + logs: + enabled: true + containerCollectAll: true + apm: + enabled: true + processAgent: + enabled: true + processCollection: true + systemProbe: + enabled: true + enableConntrack: true + enableTCPQueueLength: true + enableOOMKill: true + collectDNSStats: true + orchestratorExplorer: + enabled: true + clusterChecks: + enabled: true + kubeStateMetricsEnabled: true +clusterAgent: + enabled: true + createPodDisruptionBudget: true + nodeSelector: + kubernetes.io/os: linux + metricsProvider: + enabled: false + admissionController: + enabled: true + mutateUnlabelled: true +clusterChecksRunner: + enabled: true + createPodDisruptionBudget: true + nodeSelector: + kubernetes.io/os: linux +agents: + nodeSelector: + kubernetes.io/os: linux + podSecurity: + podSecurityPolicy: + create: true diff --git a/charts/datadog/datadog/2.4.200/ci/no_hardened_seccomp-values.yaml b/charts/datadog/datadog/2.4.200/ci/no_hardened_seccomp-values.yaml new file mode 100644 index 000000000..bafa362ef --- /dev/null +++ b/charts/datadog/datadog/2.4.200/ci/no_hardened_seccomp-values.yaml @@ -0,0 +1,7 @@ +datadog: + apiKey: "00000000000000000000000000000000" + appKey: "0000000000000000000000000000000000000000" + kubeStateMetricsEnabled: false + systemProbe: + enabled: true + seccomp: runtime/default diff --git a/charts/datadog/datadog/2.4.200/ci/psp-test-values.yaml b/charts/datadog/datadog/2.4.200/ci/psp-test-values.yaml new file mode 100644 index 000000000..f0bb23a43 --- /dev/null +++ b/charts/datadog/datadog/2.4.200/ci/psp-test-values.yaml @@ -0,0 +1,9 @@ +# Empty values file for testing default parameters. +datadog: + apiKey: "00000000000000000000000000000000" + appKey: "0000000000000000000000000000000000000000" + kubeStateMetricsEnabled: false +agents: + podSecurity: + podSecurityPolicy: + create: true diff --git a/charts/datadog/datadog/2.4.200/ci/securitycontext-nil-values.yaml b/charts/datadog/datadog/2.4.200/ci/securitycontext-nil-values.yaml new file mode 100644 index 000000000..155e92a35 --- /dev/null +++ b/charts/datadog/datadog/2.4.200/ci/securitycontext-nil-values.yaml @@ -0,0 +1,7 @@ +# Test the support of `securitContext` set to `nil` +datadog: + apiKey: "00000000000000000000000000000000" + appKey: "0000000000000000000000000000000000000000" + kubeStateMetricsEnabled: false + + securityContext: diff --git a/charts/datadog/datadog/2.4.200/docs/Migration_1.x_to_2.x.md b/charts/datadog/datadog/2.4.200/docs/Migration_1.x_to_2.x.md new file mode 100644 index 000000000..062bcc5c5 --- /dev/null +++ b/charts/datadog/datadog/2.4.200/docs/Migration_1.x_to_2.x.md @@ -0,0 +1,72 @@ +# Chart 1.x to 2.x migration guide + +The `datadog` chart has been refactored to regroup the `values.yaml` parameters in a more logical way. +Migrating from chart v1 to chart v2 hence requires that you restructure the `values.yaml` file. +For all the parameters in the existing `values.yaml` file that applied to chart v1, you’ll +find the parameters to which they correspond to in v2 in the following table. +Parameters that are not listed in the table below haven’t been touched and are at the same +location in v1 and v2. + +| Old parameter | New location | comment | +| ------------- | ------------ | ------- | +| `image.repository` | `agents.image.repository` and `clusterCheckRunner.image.repository` | | +| `image.tag` | `agents.image.tag` and `clusterCheckRunner.image.tag` | | +| `image.pullPolicy` | `agents.image.pullPolicy` and `clusterCheckRunner.image.pullPolicy` | | +| `image.pullSecrets` | `agents.image.pullSecrets` and `clusterCheckRunner.image.pullSecrets` | | +| `datadog.name` | ∅ | The name of the container inside the Agent and Cluster Agent pod isn’t configurable anymore | +| `datadog.useCriSocketVolume` | ∅ | If `datadog.criSocketPath` is defined, the socket will be mounted inside the container without needing to set `datadog.useCriSocketVolume` in addition. | +| `datadog.containerLogsPath` | ∅ | Not needed anymore because the chart automatically detects if the CRI is `docker` based on `criSocketPath` and mounts the path accordingly | +| `datadog.apmEnabled` | `datadog.apm.enabled` | | +| `datadog.processAgentEnabled` | `datadog.processAgent.enabled` and `datadog.processAgent.processCollection:true` | | +| `datadog.volumes` | `agent.volumes` | | +| `datadog.volumeMounts` | `agent.VolumeMounts` | | +| `datadog.livenessProbe` | `agents.containers.agent.livenessProbe` | | +| `datadog.resources` | `agents.containers.agent.resources` | | +| `datadog.dogstatsdOriginDetection` | `datadog.dogstatsd.originDetection` | | +| `datadog.useDogStatsDSocketVolume` | `datadog.dogstatsd.useSocketVolume` | | +| `systemProbe.enabled` | `datadog.systemProbe.enabled` | | +| `systemProbe.debugPort` | `datadog.systemProbe.debugPort` | | +| `systemProbe.enableConntrack` | `datadog.systemProbe.enableConntrack` | | +| `systemProbe.seccomp` | `datadog.systemProbe.seccomp` | | +| `systemProbe.seccompRoot` | `datadog.systemProbe.seccompRoot` | | +| `systemProbe.bpfDebug` | `datadog.systemProbe.bpfDebug` | | +| `systemProbe.apparmor` | `datadog.systemProbe.apparmor` | | +| `clusterAgent.containerName` | ∅ | The name of the container inside the Cluster Agent pod isn’t configurable anymore | +| `clusterAgent.clusterChecks.enabled` | `datadog.clusterChecks.enabled` | | +| `rbac.create` | `agents.rbac.create` and `clusterAgent.rbac.create` | | +| `rbac.serviceAccountName` | `agents.rbac.serviceAccountName` and `clusterAgent.rabc.serviceAccountName` | | +| `toleration` | `agents.toleration` | | +| `kubeStateMetrics.enabled` | `datadog.kubeStateMetricsEnabled` | | +| `daemonset.enabled` | `agents.enabled` | | +| `daemonset.containers.agent.*` | `agents.containers.agent.*` | | +| `daemonset.containers.processAgent.*` | `agents.containers.processAgent.*` | | +| `daemonset.containers.traceAgent.*` | `agents.containers.traceAgent.*` | | +| `daemonset.containers.systemProbe.*` | `agents.containers.systemProbe.*` | | +| `daemonset.useHostNetwork` | `agents.useHostNetwork` | | +| `daemonset.dogstatsdPort` | `datadog.dogstatsd.port` | | +| `daemonset.useHostPort` | `datadog.dogstatsd.useHostPort` | | +| `daemonset.useHostPID` | `datadog.dogstatsd.useHostPID` | | +| `daemonset.nonLocalTraffic` | `datadog.dogstatsd.nonLocalTraffic` | | +| `daemonset.podAnnotations` | `agents.podAnnotations` | | +| `daemonset.tolerations` | `agents.tolerations` | | +| `daemonset.nodeSelector` | `agents.nodeSelector` | | +| `daemonset.affinity` | `agents.affinity` | | +| `daemonset.updateStrategy` | `agents.updateStrategy` | | +| `daemonset.priorityClassName` | `agents.priorityClassName` | | +| `daemonset.podLabels` | `agents.podLabels` | | +| `daemonset.useConfigMap` | `agents.useConfigMap` | | +| `daemonset.customAgentConfig.*` | `agents.customAgentConfig.*` | | +| `daemonset.useDedicatedContainers` | ∅ | | +| `deployment.*` | ∅ | | +| `clusterchecksDeployment.enabled` | `clusterChecksRunner.enabled` | | +| `clusterchecksDeployment.rbac.*` | `clusterChecksRunner.rbac.*` | | +| `clusterchecksDeployment.replicas` | `clusterChecksRunner.replicas` | | +| `clusterchecksDeployment.resources.*` | `clusterChecksRunner.resources.*` | | +| `clusterchecksDeployment.affinity` | `clusterChecksRunner.affinity` | | +| `clusterchecksDeployment.strategy` | `clusterChecksRunner.strategy` | | +| `clusterchecksDeployment.nodeSelector` | `clusterChecksRunner.nodeSelector` | | +| `clusterchecksDeployment.tolerations` | `clusterChecksRunner.tolerations` | | +| `clusterchecksDeployment.livenessProbe` | `clusterChecksRunner.livenessProbe` | | +| `clusterchecksDeployment.env` | `clusterChecksRunner.env` | | +| `logsEnabled` | `datadog.logs.enabled` | | +| `logsConfigContainerCollectAll` | `datadog.logs.containerCollectAll` | | diff --git a/charts/datadog/datadog/2.4.200/questions.yml b/charts/datadog/datadog/2.4.200/questions.yml new file mode 100644 index 000000000..4305c70e0 --- /dev/null +++ b/charts/datadog/datadog/2.4.200/questions.yml @@ -0,0 +1,221 @@ +questions: +#image configurations +- variable: defaultImage + default: true + description: "Use default Datadog image or specify a custom one" + label: Use Default Datadog Image + type: boolean + show_subquestion_if: false + group: "Container Images" + subquestions: + - variable: agents.image.repository + default: "datadog/agent" + description: "Datadog image name" + type: string + label: Datadog Image Name + - variable: agents.image.tag + default: "7.21.1" + description: "Datadog Image Tag" + type: string + label: Datadog Image Tag + - variable: clusterAgent.image.repository + default: "datadog/cluster-agent" + description: "Datadog clusterAgent image name" + type: string + label: Datadog ClusterAgent Image Name + - variable: clusterAgent.image.tag + default: "1.7.0" + description: "Datadog ClusterAgent Image Tag" + type: string + label: Datadog ClusterAgent Image Tag + - variable: clusterChecksRunner.image.repository + default: "datadog/agent" + description: "Datadog clusterChecksRunner image name" + type: string + label: Datadog Cluster Checks Runner Image Name + show_if: "clusterChecksRunner.enabled=true&&defaultImage=false" + - variable: clusterChecksRunner.image.tag + default: "7.21.1" + description: "Datadog Cluster Checks Runner Image Tag" + type: string + label: Datadog Cluster Checks Runner Image Tag + show_if: "clusterChecksRunner.enabled=true&&defaultImage=false" + - variable: kube-state-metrics.image.repository + default: "quay.io/coreos/kube-state-metrics" + description: "KubeState image name" + type: string + label: KubeState Image Name + show_if: "kubeStateMetrics.enabled=true&&defaultImage=false" + - variable: kube-state-metrics.image.tag + default: "v1.9.7" + description: "KubeState Image Tag" + type: string + label: KubeState Image Tag + show_if: "kubeStateMetrics.enabled=true&&defaultImage=false" +#cluster agent configurations +- variable: clusterAgent.enabled + default: false + description: "Use the cluster-agent for cluster metrics (Kubernetes 1.10+ only), https://docs.datadoghq.com/agent/kubernetes/cluster/" + type: boolean + label: Enable Cluster Agent Metrics(Kubernetes 1.10+ only) + group: "Cluster Agent" +- variable: clusterAgent.metricsProvider.enabled + default: true + description: "Enable the metricsProvider to be able to scale based on metrics in Datadog" + type: boolean + label: Enable the metricsProvider + show_if: "clusterAgent.enabled=true" + group: "Cluster Agent" +- variable: datadog.appKey + default: "" + description: "Datadog App key required to use metricsProvider" + type: string + required: true + label: Datadog Metrics App Key + group: "Cluster Agent" + show_if: "clusterAgent.enabled=true&&clusterAgent.metricsProvider.enabled=true&&datadog.appKeyExistingSecret=" +- variable: datadog.appKeyExistingSecret + default: "" + description: "If set, use the secret with a provided name instead of creating a new appKey secret." + type: secret + label: Select Existing Datadog App Key(Secret) + group: "Cluster Agent" + show_if: "clusterAgent.enabled=true&&clusterAgent.metricsProvider.enabled=true&&datadog.appKey=" +#datadog agent configurations +- variable: datadog.apiKey + default: "" + description: "Enter your Datadog API Key." + type: string + label: Datadog API Key + group: "Agent Configuration" + required: true + show_if: "datadog.apiKeyExistingSecret=" +- variable: datadog.apiKeyExistingSecret + default: "" + description: "If set, use the secret with a provided name instead of creating a new apiKey secret." + type: secret + label: Select Existing Datadog API Key(Secret) + group: "Agent Configuration" + show_if: "datadog.apiKey=" +- variable: datadog.site + default: "datadoghq.com" + description: "The site of the Datadog intake to send Agent data to" + type: enum + label: Datadog Site URL + group: "Agent Configuration" + required: true + options: + - "datadoghq.com" + - "datadoghq.eu" + - "custom" +- variable: datadog.dd_url + required: true + default: "" + description: "The host of the Datadog intake server to send Agent data to, only set this option if you need the Agent to send data to a custom URL" + type: string + label: Datadog Custom Site URL + group: "Agent Configuration" + show_if: "datadog.site=custom" +- variable: datadog.logLevel + default: "warn" + description: "Set Agent logging verbosity" + type: enum + options: + - "trace" + - "debug" + - "info" + - "warn" + - "error" + - "critical" + - "off" + label: Log Level + group: "Agent Configuration" +- variable: datadog.tags + default: "" + description: "Host tags, separated by spaces. For example: 'simple-tag-0 tag-key-1:tag-value-1'" + type: string + label: Host Tags + group: "Agent Configuration" +- variable: datadog.criSocketPath + default: "" + description: "Path to the container runtime socket (if different from Docker), default to `/var/run/docker.sock`" + type: string + label: Path To The Container Runtime Socket(Optional) + group: "Agent Configuration" +- variable: datadog.dogstatsd.nonLocalTraffic + default: false + description: "Whether DogStatsD should listen to non local UDP traffic, required to send custom metrics" + type: boolean + label: DogStatsD Non-Local Traffic + group: "Agent Configuration" +- variable: datadog.collectEvents + default: false + description: "Enable event collection from the kubernetes API" + type: boolean + label: Collect Events + group: "Agent Configuration" +# Datadog Tagging +- variable: datadog.podLabelsAsTags + default: "" + description: "Specify a JSON map, where the map key is the source label name and the map value the datadog tag name. E.g: '{\"app\":\"kube_app\",\"release\":\"helm_release\"}'" + type: string + label: Extract Pod Labels as Tags + group: "Datadog Tagging" +- variable: datadog.podAnnotationsAsTags + default: "" + description: "Specify a JSON map, where the map key is the source label name and the map value the datadog tag name. E.g: '{\"app\":\"kube_app\",\"release\":\"helm_release\"}'" + type: string + label: Extract Pod Annotations as Tags + group: "Datadog Tagging" +- variable: datadog.nodeLabelsAsTags + default: "" + description: "Specify a JSON map, where the map key is the source label name and the map value the datadog tag name. E.g: '{\"app\":\"kube_app\",\"release\":\"helm_release\"}'" + type: string + label: Extract Node Labels As Tags + group: "Datadog Tagging" +# DaemonSet configurations +- variable: agents.useHostNetwork + default: false + description: "Bind ports on the hostNetwork. Useful for CNI networking where hostPort might not be supported. The ports will need to be available on all hosts" + type: boolean + label: Use HostNetwork + group: "Daemonset Configuration" +- variable: agents.dogstatsd.useHostPort + default: false + description: "Sets the hostPort to the same value of the container port" + type: boolean + label: Use HostPort + group: "Daemonset Configuration" +- variable: agents.useHostPID + default: false + description: "Run the agent in the host's PID namespace" + type: boolean + label: Use HostPID + group: "Daemonset Configuration" +# Optional Collection agents +- variable: datadog.apm.enabled + default: false + description: "Run the trace-agent along with the infrastructure agent, allowing the container to accept traces on 8126/tcp" + type: boolean + label: Enable APM + group: "Optional Collection Agents" +- variable: datadog.processAgent.enabled + default: false + description: "Enable live process collection in the process-agent" + type: boolean + label: Enable Live Process Agent + group: "Optional Collection Agents" +- variable: datadog.logs.enabled + default: false + description: "Run the log-agent along with the infrastructure agent" + type: boolean + label: Collect Logs + group: "Optional Collection Agents" + +#Kube State Metrics +- variable: kubeStateMetrics.enabled + default: true + description: "Create a kube-state-metrics deployment" + type: boolean + label: Deployment KubeState Metrics Deployment + group: "Kube-State-Metrics" diff --git a/charts/datadog/datadog/2.4.200/requirements.lock b/charts/datadog/datadog/2.4.200/requirements.lock new file mode 100644 index 000000000..2ffda047e --- /dev/null +++ b/charts/datadog/datadog/2.4.200/requirements.lock @@ -0,0 +1,6 @@ +dependencies: +- name: kube-state-metrics + repository: https://charts.helm.sh/stable + version: 2.8.11 +digest: sha256:2ba76abd3b45ad9c43b7bef2126e96240281172e58135223393b749bf235e6b6 +generated: "2020-12-21T19:54:44.539642454Z" diff --git a/charts/datadog/datadog/2.4.200/requirements.yaml b/charts/datadog/datadog/2.4.200/requirements.yaml new file mode 100644 index 000000000..30a43801a --- /dev/null +++ b/charts/datadog/datadog/2.4.200/requirements.yaml @@ -0,0 +1,5 @@ +dependencies: + - name: kube-state-metrics + version: "=2.8.11" + repository: https://charts.helm.sh/stable + condition: datadog.kubeStateMetricsEnabled diff --git a/charts/datadog/datadog/2.4.200/templates/NOTES.txt b/charts/datadog/datadog/2.4.200/templates/NOTES.txt new file mode 100644 index 000000000..ba3dac236 --- /dev/null +++ b/charts/datadog/datadog/2.4.200/templates/NOTES.txt @@ -0,0 +1,76 @@ +{{- if (or (.Values.datadog.apiKeyExistingSecret) (not (eq .Values.datadog.apiKey ""))) }} +Datadog agents are spinning up on each node in your cluster. After a few +minutes, you should see your agents starting in your event stream: + https://app.datadoghq.com/event/stream + + {{- if .Values.datadog.apiKeyExistingSecret }} +You disabled creation of Secret containing API key, therefore it is expected +that you create Secret named '{{ .Values.datadog.apiKeyExistingSecret }}' which includes a key called 'api-key' containing the API key. + {{- else if not (eq .Values.datadog.apiKey "") }} + {{- end }} +{{- else }} +############################################################################## +#### ERROR: You did not set a datadog.apiKey. #### +############################################################################## + +This deployment will be incomplete until you get your API key from Datadog. +One can sign up for a free Datadog trial at https://app.datadoghq.com/signup + +Once registered you can request an API key at: + + https://app.datadoghq.com/account/settings#agent/kubernetes + +Then run: + + helm upgrade {{ .Release.Name }} \ + --set datadog.apiKey=YOUR-KEY-HERE stable/datadog +{{- end }} + +{{- if .Values.clusterAgent.enabled }} + + {{- if .Values.clusterAgent.metricsProvider.enabled }} + {{- if .Values.datadog.appKeyExistingSecret }} +You disabled creation of Secret containing APP key, therefore it is expected +that you create a Secret named '{{ .Values.datadog.appKeyExistingSecret }}' which includes a key called 'app-key' containing the APP key. + {{- else if (.Values.datadog.appKey) }} + {{- else }} + +############################################################################## +#### ERROR: You did not set a datadog.appKey. #### +############################################################################## + +This deployment will be incomplete until you get your APP key from Datadog. +Create an application key at https://app.datadoghq.com/account/settings#api + {{- end }} + {{- end }} + +{{- end }} + +{{- if .Values.datadog.apm.enabled }} +The Datadog Agent is listening on port {{ .Values.datadog.apm.port }} for APM service. +{{- end }} + +{{- if .Values.datadog.autoconf }} + +################################################################# +#### WARNING: Deprecation notice #### +################################################################# + +The autoconf value is deprecated, Autodiscovery templates can now +be safely moved to the confd value. As a temporary measure, both +values were merged into the {{ template "datadog.fullname" . }}-confd configmap, +but this will be removed in a future chart release. +Please note that duplicate file names may have conflicted during +the merge. In that case, the confd entry will take precedence. +{{- end }} + +{{- if eq .Values.agents.image.repository "datadog/docker-dd-agent" }} + +###################################################################### +#### ERROR: Unsupported agent version #### +###################################################################### + +This version of the chart does not support deploying Agent 5.x. +If you cannot upgrade to Agent 6.x or later, you can use a previous version +of the chart by calling helm install with `--version 0.18.0`. +{{- end }} diff --git a/charts/datadog/datadog/2.4.200/templates/_helpers.tpl b/charts/datadog/datadog/2.4.200/templates/_helpers.tpl new file mode 100644 index 000000000..07035db99 --- /dev/null +++ b/charts/datadog/datadog/2.4.200/templates/_helpers.tpl @@ -0,0 +1,137 @@ +{{/* vim: set filetype=mustache: */}} + +{{- define "check-version" -}} +{{- if not .Values.agents.image.doNotCheckTag -}} +{{- $version := .Values.agents.image.tag | toString | trimSuffix "-jmx" -}} +{{- $length := len (split "." $version) -}} +{{- if and (eq $length 1) (eq $version "6") -}} +{{- $version = "6.19.0" -}} +{{- end -}} +{{- if and (eq $length 1) (eq $version "7") -}} +{{- $version = "7.19.0" -}} +{{- end -}} +{{- if and (eq $length 1) (eq $version "latest") -}} +{{- $version = "7.19.0" -}} +{{- end -}} +{{- if not (semverCompare "^6.19.0-0 || ^7.19.0-0" $version) -}} +{{- fail "This version of the chart requires an agent image 7.19.0 or greater. If you want to force and skip this check, use `--set agents.image.doNotCheckTag=true`" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "datadog.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +And depending on the resources the name is completed with an extension. +If release name contains chart name it will be used as a full name. +*/}} +{{- define "datadog.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "datadog.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Return secret name to be used based on provided values. +*/}} +{{- define "datadog.apiSecretName" -}} +{{- $fullName := include "datadog.fullname" . -}} +{{- default $fullName .Values.datadog.apiKeyExistingSecret | quote -}} +{{- end -}} + +{{/* +Return secret name to be used based on provided values. +*/}} +{{- define "datadog.appKeySecretName" -}} +{{- $fullName := printf "%s-appkey" (include "datadog.fullname" .) -}} +{{- default $fullName .Values.datadog.appKeyExistingSecret | quote -}} +{{- end -}} + +{{/* +Return secret name to be used based on provided values. +*/}} +{{- define "clusterAgent.tokenSecretName" -}} +{{- if not .Values.clusterAgent.tokenExistingSecret -}} +{{- include "datadog.fullname" . -}}-cluster-agent +{{- else -}} +{{- .Values.clusterAgent.tokenExistingSecret -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for RBAC APIs. +*/}} +{{- define "rbac.apiVersion" -}} +{{- if semverCompare "^1.8-0" .Capabilities.KubeVersion.GitVersion -}} +"rbac.authorization.k8s.io/v1" +{{- else -}} +"rbac.authorization.k8s.io/v1beta1" +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate os label +*/}} +{{- define "label.os" -}} +{{- if semverCompare "^1.14-0" .Capabilities.KubeVersion.GitVersion -}} +kubernetes.io/os +{{- else -}} +beta.kubernetes.io/os +{{- end -}} +{{- end -}} + +{{/* +Correct `clusterAgent.metricsProvider.service.port` if Kubernetes <= 1.15 +*/}} +{{- define "clusterAgent.metricsProvider.port" -}} +{{- if semverCompare "^1.15-0" .Capabilities.KubeVersion.GitVersion -}} +{{- .Values.clusterAgent.metricsProvider.service.port -}} +{{- else -}} +443 +{{- end -}} +{{- end -}} + +{{/* +Return the container runtime socket +*/}} +{{- define "datadog.dockerOrCriSocketPath" -}} +{{- if eq .Values.targetSystem "linux" -}} +{{- .Values.datadog.dockerSocketPath | default .Values.datadog.criSocketPath | default "/var/run/docker.sock" -}} +{{- end -}} +{{- if eq .Values.targetSystem "windows" -}} +\\.\pipe\docker_engine +{{- end -}} +{{- end -}} + +{{/* +Return agent config path +*/}} +{{- define "datadog.confPath" -}} +{{- if eq .Values.targetSystem "linux" -}} +/etc/datadog-agent +{{- end -}} +{{- if eq .Values.targetSystem "windows" -}} +C:/ProgramData/Datadog +{{- end -}} +{{- end -}} diff --git a/charts/datadog/datadog/2.4.200/templates/agent-apiservice.yaml b/charts/datadog/datadog/2.4.200/templates/agent-apiservice.yaml new file mode 100644 index 000000000..2a7ab8331 --- /dev/null +++ b/charts/datadog/datadog/2.4.200/templates/agent-apiservice.yaml @@ -0,0 +1,24 @@ +{{- if and .Values.clusterAgent.rbac.create .Values.clusterAgent.enabled .Values.clusterAgent.metricsProvider.enabled -}} +apiVersion: apiregistration.k8s.io/v1 +kind: APIService +metadata: + name: v1beta1.external.metrics.k8s.io + labels: + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +spec: + service: + name: {{ template "datadog.fullname" . }}-cluster-agent-metrics-api + namespace: {{ .Release.Namespace }} +{{- if semverCompare "^1.15-0" .Capabilities.KubeVersion.GitVersion }} + port: {{ template "clusterAgent.metricsProvider.port" . }} +{{- end }} + version: v1beta1 + insecureSkipTLSVerify: true + group: external.metrics.k8s.io + groupPriorityMinimum: 100 + versionPriority: 100 +{{- end -}} diff --git a/charts/datadog/datadog/2.4.200/templates/agent-clusterchecks-deployment.yaml b/charts/datadog/datadog/2.4.200/templates/agent-clusterchecks-deployment.yaml new file mode 100644 index 000000000..55020526a --- /dev/null +++ b/charts/datadog/datadog/2.4.200/templates/agent-clusterchecks-deployment.yaml @@ -0,0 +1,191 @@ +{{- if and .Values.clusterAgent.enabled .Values.datadog.clusterChecks.enabled .Values.clusterChecksRunner.enabled -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "datadog.fullname" . }}-clusterchecks + labels: + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +spec: + replicas: {{ .Values.clusterChecksRunner.replicas }} + strategy: +{{ toYaml .Values.clusterChecksRunner.strategy | indent 4 }} + selector: + matchLabels: + app: {{ template "datadog.fullname" . }}-clusterchecks + template: + metadata: + labels: + app: {{ template "datadog.fullname" . }}-clusterchecks + name: {{ template "datadog.fullname" . }}-clusterchecks + annotations: + checksum/install_info: {{ printf "%s-%s" .Chart.Name .Chart.Version | sha256sum }} + {{- if .Values.datadog.checksd }} + checksum/checksd-config: {{ tpl (toYaml .Values.datadog.checksd) . | sha256sum }} + {{- end }} + spec: + {{- if .Values.clusterChecksRunner.rbac.dedicated }} + serviceAccountName: {{ if .Values.clusterChecksRunner.rbac.create }}{{ template "datadog.fullname" . }}-cluster-checks{{ else }}"{{ .Values.clusterChecksRunner.rbac.serviceAccountName }}"{{ end }} + {{- else }} + serviceAccountName: {{ if .Values.clusterChecksRunner.rbac.create }}{{ template "datadog.fullname" . }}{{ else }}"{{ .Values.clusterChecksRunner.rbac.serviceAccountName }}"{{ end }} + {{- end }} + imagePullSecrets: +{{ toYaml .Values.clusterChecksRunner.image.pullSecrets | indent 8 }} + {{- if .Values.clusterChecksRunner.dnsConfig }} + dnsConfig: +{{ toYaml .Values.clusterChecksRunner.dnsConfig | indent 8 }} + {{- end }} + initContainers: + - name: init-volume + image: "{{ .Values.agents.image.repository }}:{{ .Values.agents.image.tag }}" + imagePullPolicy: {{ .Values.agents.image.pullPolicy }} + command: ["bash", "-c"] + args: + - cp -r /etc/datadog-agent /opt + volumeMounts: + - name: config + mountPath: /opt/datadog-agent + resources: +{{ toYaml .Values.agents.containers.initContainers.resources | indent 10 }} + - name: init-config + image: "{{ .Values.agents.image.repository }}:{{ .Values.agents.image.tag }}" + imagePullPolicy: {{ .Values.agents.image.pullPolicy }} + command: ["bash", "-c"] + args: + - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done + volumeMounts: + - name: config + mountPath: /etc/datadog-agent + {{- if .Values.datadog.checksd }} + - name: checksd + mountPath: /checks.d + readOnly: true + {{- end }} + resources: +{{ toYaml .Values.agents.containers.initContainers.resources | indent 10 }} + containers: + - name: agent + image: "{{ .Values.clusterChecksRunner.image.repository }}:{{ .Values.clusterChecksRunner.image.tag }}" + command: ["bash", "-c"] + args: + - rm -rf /etc/datadog-agent/conf.d && touch /etc/datadog-agent/datadog.yaml && exec agent run + imagePullPolicy: {{ .Values.clusterChecksRunner.image.pullPolicy }} + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: {{ template "datadog.apiSecretName" . }} + key: api-key + - name: KUBERNETES + value: "yes" + {{- if .Values.datadog.site }} + - name: DD_SITE + value: {{ .Values.datadog.site | quote }} + {{- end }} + {{- if .Values.datadog.dd_url }} + - name: DD_DD_URL + value: {{ .Values.datadog.dd_url | quote }} + {{- end }} + {{- if .Values.datadog.logLevel }} + - name: DD_LOG_LEVEL + value: {{ .Values.datadog.logLevel | quote }} + {{- end }} + - name: DD_EXTRA_CONFIG_PROVIDERS + value: "clusterchecks" + - name: DD_HEALTH_PORT + value: "5555" + # Cluster checks + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: {{ template "datadog.fullname" . }}-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + name: {{ template "clusterAgent.tokenSecretName" . }} + key: token + - name: DD_CLUSTER_AGENT_ENABLED + value: {{ .Values.clusterAgent.enabled | quote }} + # Safely run alongside the daemonset + - name: DD_ENABLE_METADATA_COLLECTION + value: "false" + # Expose CLC stats + - name: DD_CLC_RUNNER_ENABLED + value: "true" + - name: DD_CLC_RUNNER_HOST + valueFrom: + fieldRef: + fieldPath: status.podIP + # Remove unused features + - name: DD_USE_DOGSTATSD + value: "false" + - name: DD_PROCESS_AGENT_ENABLED + value: "false" + - name: DD_LOGS_ENABLED + value: "false" + - name: DD_APM_ENABLED + value: "false" + - name: DD_HOSTNAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName +{{- if .Values.clusterChecksRunner.env }} +{{ toYaml .Values.clusterChecksRunner.env | indent 10 }} +{{- end }} + resources: +{{ toYaml .Values.clusterChecksRunner.resources | indent 10 }} + volumeMounts: + - name: installinfo + subPath: install_info + {{- if eq .Values.targetSystem "windows" }} + mountPath: C:/ProgramData/Datadog/install_info + {{- else }} + mountPath: /etc/datadog-agent/install_info + {{- end }} + readOnly: true +{{- if .Values.clusterChecksRunner.volumeMounts }} + - name: config + mountPath: {{ template "datadog.confPath" . }} +{{ toYaml .Values.clusterChecksRunner.volumeMounts | indent 10 }} +{{- end }} + livenessProbe: +{{ toYaml .Values.clusterChecksRunner.livenessProbe | indent 10 }} + readinessProbe: +{{ toYaml .Values.clusterChecksRunner.readinessProbe | indent 10 }} + volumes: + - name: installinfo + configMap: + name: {{ template "datadog.fullname" . }}-installinfo +{{- if .Values.clusterChecksRunner.volumes }} +{{ toYaml .Values.clusterChecksRunner.volumes | indent 8 }} +{{- end }} + - name: config + emptyDir: {} +{{- if .Values.datadog.checksd }} + - name: checksd + configMap: + name: {{ template "datadog.fullname" . }}-checksd +{{- end }} + affinity: +{{- if .Values.clusterChecksRunner.affinity }} +{{ toYaml .Values.clusterChecksRunner.affinity | indent 8 }} +{{- else }} + # Ensure we only run one worker per node, to avoid name collisions + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app: {{ template "datadog.fullname" . }}-clusterchecks + topologyKey: kubernetes.io/hostname +{{- end }} + nodeSelector: + {{ template "label.os" . }}: {{ .Values.targetSystem }} + {{- if .Values.clusterChecksRunner.nodeSelector }} +{{ toYaml .Values.clusterChecksRunner.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.clusterChecksRunner.tolerations }} + tolerations: +{{ toYaml .Values.clusterChecksRunner.tolerations | indent 8 }} + {{- end }} +{{ end }} diff --git a/charts/datadog/datadog/2.4.200/templates/agent-clusterchecks-pdb.yaml b/charts/datadog/datadog/2.4.200/templates/agent-clusterchecks-pdb.yaml new file mode 100644 index 000000000..3acb7a752 --- /dev/null +++ b/charts/datadog/datadog/2.4.200/templates/agent-clusterchecks-pdb.yaml @@ -0,0 +1,17 @@ +{{- if .Values.clusterChecksRunner.createPodDisruptionBudget -}} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: {{ template "datadog.fullname" . }}-clusterchecks + labels: + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +spec: + maxUnavailable: 1 + selector: + matchLabels: + app: {{ template "datadog.fullname" . }}-clusterchecks +{{- end -}} diff --git a/charts/datadog/datadog/2.4.200/templates/agent-clusterchecks-rbac.yaml b/charts/datadog/datadog/2.4.200/templates/agent-clusterchecks-rbac.yaml new file mode 100644 index 000000000..46ff0f9cf --- /dev/null +++ b/charts/datadog/datadog/2.4.200/templates/agent-clusterchecks-rbac.yaml @@ -0,0 +1,38 @@ +{{- if and .Values.clusterChecksRunner.rbac.create .Values.clusterAgent.enabled .Values.datadog.clusterChecks.enabled .Values.clusterChecksRunner.enabled .Values.clusterChecksRunner.rbac.dedicated -}} +apiVersion: {{ template "rbac.apiVersion" . }} +kind: ClusterRoleBinding +metadata: + labels: + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} + name: {{ template "datadog.fullname" . }}-cluster-checks +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "datadog.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "datadog.fullname" . }}-cluster-checks + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: "{{ template "datadog.fullname" . }}" + chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} + name: {{ template "datadog.fullname" . }}-cluster-checks + {{- if .Values.clusterChecksRunner.rbac.serviceAccountAnnotations }} + annotations: {{ toYaml .Values.clusterChecksRunner.rbac.serviceAccountAnnotations | nindent 4 }} + {{- end }} +{{- end -}} diff --git a/charts/datadog/datadog/2.4.200/templates/agent-psp.yaml b/charts/datadog/datadog/2.4.200/templates/agent-psp.yaml new file mode 100644 index 000000000..719c5a1db --- /dev/null +++ b/charts/datadog/datadog/2.4.200/templates/agent-psp.yaml @@ -0,0 +1,33 @@ +{{- if .Values.agents.podSecurity.podSecurityPolicy.create}} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "datadog.fullname" . }} + labels: + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} + annotations: + seccomp.security.alpha.kubernetes.io/allowedProfileNames: {{ join "," .Values.agents.podSecurity.seccompProfiles | quote }} + apparmor.security.beta.kubernetes.io/allowedProfileNames: {{ join "," .Values.agents.podSecurity.apparmorProfiles | quote }} + seccomp.security.alpha.kubernetes.io/defaultProfileName: "runtime/default" + apparmor.security.beta.kubernetes.io/defaultProfileName: "runtime/default" +spec: + privileged: {{ .Values.agents.podSecurity.privileged }} + hostNetwork: {{ .Values.agents.useHostNetwork }} + hostPID: {{ .Values.datadog.dogstatsd.useHostPID }} + allowedCapabilities: +{{ toYaml .Values.agents.podSecurity.capabilites | indent 4 }} + volumes: +{{ toYaml .Values.agents.podSecurity.volumes | indent 4 }} + fsGroup: + rule: RunAsAny + runAsUser: + rule: RunAsAny + seLinux: +{{ toYaml .Values.agents.podSecurity.securityContext | indent 4 }} + supplementalGroups: + rule: RunAsAny +{{- end }} diff --git a/charts/datadog/datadog/2.4.200/templates/agent-scc.yaml b/charts/datadog/datadog/2.4.200/templates/agent-scc.yaml new file mode 100644 index 000000000..10edb45e1 --- /dev/null +++ b/charts/datadog/datadog/2.4.200/templates/agent-scc.yaml @@ -0,0 +1,56 @@ +{{- if .Values.agents.podSecurity.securityContextConstraints.create }} +kind: SecurityContextConstraints +apiVersion: security.openshift.io/v1 +metadata: + name: {{ template "datadog.fullname" . }} + labels: + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +users: +- system:serviceaccount:{{ .Release.Namespace }}:{{ template "datadog.fullname" . }} +priority: 10 +# Allow host ports for dsd / trace intake ++allowHostPorts: {{ or .Values.datadog.dogstatsd.useHostPort .Values.datadog.apm.enabled }} +# Allow host PID for dogstatsd origin detection +allowHostPID: {{ .Values.datadog.dogstatsd.useHostPID }} +# Allow host network for the CRIO check to reach Prometheus through localhost +allowHostNetwork: {{ .Values.agents.useHostNetwork }} +# Allow hostPath for docker / process metrics +volumes: +{{ toYaml .Values.agents.podSecurity.volumes | indent 2 }} +# Use the `spc_t` selinux type to access the +# docker/cri socket + proc and cgroup stats +seLinuxContext: +{{ toYaml .Values.agents.podSecurity.securityContext | indent 2 }} +# system-probe requires some specific seccomp and capabilities +seccompProfiles: +{{ toYaml .Values.agents.podSecurity.seccompProfiles | indent 2 }} +allowedCapabilities: +{{ toYaml .Values.agents.podSecurity.capabilites | indent 2 }} +# +# The rest is copied from restricted SCC +# +allowHostDirVolumePlugin: true +allowHostIPC: false +allowPrivilegedContainer: {{ .Values.agents.podSecurity.privileged }} +allowedFlexVolumes: [] +defaultAddCapabilities: [] +fsGroup: + type: MustRunAs +readOnlyRootFilesystem: false +runAsUser: + type: RunAsAny +supplementalGroups: + type: RunAsAny +# If your environment restricts user access to the Docker socket or journald (for logging) +# create or use an existing group that has access and add the GID to +# the lines below (also remove the previous line, `type: RunAsAny`) +# type: MustRunAs +# ranges: +# - min: +# - max: +requiredDropCapabilities: [] +{{- end }} diff --git a/charts/datadog/datadog/2.4.200/templates/agent-secret.yaml b/charts/datadog/datadog/2.4.200/templates/agent-secret.yaml new file mode 100644 index 000000000..33e13d1bb --- /dev/null +++ b/charts/datadog/datadog/2.4.200/templates/agent-secret.yaml @@ -0,0 +1,23 @@ +{{- if not .Values.clusterAgent.tokenExistingSecret }} +{{- if .Values.clusterAgent.enabled -}} + +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "datadog.fullname" . }}-cluster-agent + labels: + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +type: Opaque +data: + {{ if .Values.clusterAgent.token -}} + token: {{ .Values.clusterAgent.token | b64enc | quote }} + {{ else -}} + token: {{ randAlphaNum 32 | b64enc | quote }} + {{ end }} +{{- end }} + +{{ end }} \ No newline at end of file diff --git a/charts/datadog/datadog/2.4.200/templates/agent-services.yaml b/charts/datadog/datadog/2.4.200/templates/agent-services.yaml new file mode 100644 index 000000000..52954571d --- /dev/null +++ b/charts/datadog/datadog/2.4.200/templates/agent-services.yaml @@ -0,0 +1,70 @@ +{{- if .Values.clusterAgent.enabled -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "datadog.fullname" . }}-cluster-agent + labels: + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +spec: + type: ClusterIP + selector: + app: {{ template "datadog.fullname" . }}-cluster-agent + ports: + - port: 5005 + name: agentport + protocol: TCP +{{ end }} + +{{- if and .Values.clusterAgent.enabled .Values.clusterAgent.metricsProvider.enabled -}} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "datadog.fullname" . }}-cluster-agent-metrics-api + labels: + app: "{{ template "datadog.fullname" . }}" + chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +spec: + type: {{ .Values.clusterAgent.metricsProvider.service.type }} + selector: + app: {{ template "datadog.fullname" . }}-cluster-agent + ports: + - port: {{ template "clusterAgent.metricsProvider.port" . }} + name: metricsapi + protocol: TCP +{{ end }} + +{{- if and .Values.clusterAgent.enabled .Values.clusterAgent.admissionController.enabled -}} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "datadog.fullname" . }}-cluster-agent-admission-controller + labels: + app: "{{ template "datadog.fullname" . }}" + chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +spec: + selector: + app: {{ template "datadog.fullname" . }}-cluster-agent + ports: + - port: 443 + targetPort: 8000 +{{ end }} diff --git a/charts/datadog/datadog/2.4.200/templates/checksd-configmap.yaml b/charts/datadog/datadog/2.4.200/templates/checksd-configmap.yaml new file mode 100644 index 000000000..486b5f649 --- /dev/null +++ b/charts/datadog/datadog/2.4.200/templates/checksd-configmap.yaml @@ -0,0 +1,16 @@ +{{- if .Values.datadog.checksd }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "datadog.fullname" . }}-checksd + labels: + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} + annotations: + checksum/checksd-config: {{ tpl (toYaml .Values.datadog.checksd) . | sha256sum }} +data: +{{ tpl (toYaml .Values.datadog.checksd) . | indent 2 }} +{{- end -}} diff --git a/charts/datadog/datadog/2.4.200/templates/cluster-agent-confd-configmap.yaml b/charts/datadog/datadog/2.4.200/templates/cluster-agent-confd-configmap.yaml new file mode 100644 index 000000000..b39963055 --- /dev/null +++ b/charts/datadog/datadog/2.4.200/templates/cluster-agent-confd-configmap.yaml @@ -0,0 +1,16 @@ +{{- if .Values.clusterAgent.confd }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "datadog.fullname" . }}-cluster-agent-confd + labels: + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} + annotations: + checksum/confd-config: {{ tpl (toYaml .Values.clusterAgent.confd) . | sha256sum }} +data: +{{ tpl (toYaml .Values.clusterAgent.confd) . | indent 2 }} +{{- end -}} diff --git a/charts/datadog/datadog/2.4.200/templates/cluster-agent-config-configmap.yaml b/charts/datadog/datadog/2.4.200/templates/cluster-agent-config-configmap.yaml new file mode 100644 index 000000000..6bfc98bde --- /dev/null +++ b/charts/datadog/datadog/2.4.200/templates/cluster-agent-config-configmap.yaml @@ -0,0 +1,21 @@ +{{- if .Values.clusterAgent.datadog_cluster_yaml }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "datadog.fullname" . }}-cluster-agent-config + labels: + app: "{{ template "datadog.fullname" . }}" + chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} + annotations: + checksum/clusteragent-config: {{ tpl (toYaml .Values.clusterAgent.datadog_cluster_yaml) . | sha256sum }} +data: + datadog-cluster.yaml: | +{{ tpl (toYaml .Values.clusterAgent.datadog_cluster_yaml) . | indent 4 }} +{{- end }} diff --git a/charts/datadog/datadog/2.4.200/templates/cluster-agent-deployment.yaml b/charts/datadog/datadog/2.4.200/templates/cluster-agent-deployment.yaml new file mode 100644 index 000000000..2f7d0bd56 --- /dev/null +++ b/charts/datadog/datadog/2.4.200/templates/cluster-agent-deployment.yaml @@ -0,0 +1,245 @@ +{{- if .Values.clusterAgent.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "datadog.fullname" . }}-cluster-agent + labels: + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +spec: + replicas: {{ .Values.clusterAgent.replicas }} + strategy: +{{- if .Values.clusterAgent.strategy }} +{{ toYaml .Values.clusterAgent.strategy | indent 4 }} +{{- else }} + type: RollingUpdate + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 +{{- end }} + selector: + matchLabels: + app: {{ template "datadog.fullname" . }}-cluster-agent + {{- if .Values.clusterAgent.podLabels }} +{{ toYaml .Values.clusterAgent.podLabels | indent 6 }} + {{- end }} + template: + metadata: + labels: + app: {{ template "datadog.fullname" . }}-cluster-agent + {{- if .Values.clusterAgent.podLabels }} +{{ toYaml .Values.clusterAgent.podLabels | indent 8 }} + {{- end }} + name: {{ template "datadog.fullname" . }}-cluster-agent + annotations: + checksum/install_info: {{ printf "%s-%s" .Chart.Name .Chart.Version | sha256sum }} + {{- if .Values.clusterAgent.datadog_cluster_yaml }} + checksum/clusteragent-config: {{ tpl (toYaml .Values.clusterAgent.datadog_cluster_yaml) . | sha256sum }} + {{- end }} + {{- if .Values.clusterAgent.confd }} + checksum/confd-config: {{ tpl (toYaml .Values.clusterAgent.confd) . | sha256sum }} + {{- end }} + ad.datadoghq.com/cluster-agent.check_names: '["prometheus"]' + ad.datadoghq.com/cluster-agent.init_configs: '[{}]' + ad.datadoghq.com/cluster-agent.instances: | + [{ + "prometheus_url": "http://%%host%%:5000/metrics", + "namespace": "datadog.cluster_agent", + "metrics": [ + "go_goroutines", "go_memstats_*", "process_*", + "api_requests", + "datadog_requests", "external_metrics", "rate_limit_queries_*", + "cluster_checks_*" + ] + }] + {{- if .Values.clusterAgent.podAnnotations }} +{{ toYaml .Values.clusterAgent.podAnnotations | indent 8 }} + {{- end }} + + spec: + {{- if .Values.clusterAgent.priorityClassName }} + priorityClassName: "{{ .Values.clusterAgent.priorityClassName }}" + {{- end }} + {{- if .Values.clusterAgent.image.pullSecrets }} + imagePullSecrets: +{{ toYaml .Values.clusterAgent.image.pullSecrets | indent 8 }} + {{- end }} + serviceAccountName: {{ if .Values.clusterAgent.rbac.create }}{{ template "datadog.fullname" . }}-cluster-agent{{ else }}"{{ .Values.clusterAgent.rbac.serviceAccountName }}"{{ end }} + {{- if .Values.clusterAgent.useHostNetwork }} + hostNetwork: {{ .Values.clusterAgent.useHostNetwork }} + dnsPolicy: ClusterFirstWithHostNet + {{- end }} + {{- if .Values.clusterAgent.dnsConfig }} + dnsConfig: +{{ toYaml .Values.clusterAgent.dnsConfig | indent 8 }} + {{- end }} + containers: + - name: cluster-agent + image: "{{ .Values.clusterAgent.image.repository }}:{{ .Values.clusterAgent.image.tag }}" + {{- with .Values.clusterAgent.command }} + command: {{ range . }} + - {{ . | quote }} + {{- end }} + {{- end }} + imagePullPolicy: {{ .Values.clusterAgent.image.pullPolicy }} + resources: +{{ toYaml .Values.clusterAgent.resources | indent 10 }} + ports: + - containerPort: 5005 + name: agentport + protocol: TCP + {{- if .Values.clusterAgent.metricsProvider.enabled }} + - containerPort: {{ template "clusterAgent.metricsProvider.port" . }} + name: metricsapi + protocol: TCP + {{- end }} + env: + - name: DD_HEALTH_PORT + value: {{ .Values.clusterAgent.healthPort | quote }} + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: {{ template "datadog.apiSecretName" . }} + key: api-key + optional: true + {{- if .Values.clusterAgent.metricsProvider.enabled }} + - name: DD_APP_KEY + valueFrom: + secretKeyRef: + name: {{ template "datadog.appKeySecretName" . }} + key: app-key + - name: DD_EXTERNAL_METRICS_PROVIDER_ENABLED + value: {{ .Values.clusterAgent.metricsProvider.enabled | quote }} + - name: DD_EXTERNAL_METRICS_PROVIDER_PORT + value: {{ include "clusterAgent.metricsProvider.port" . | quote }} + - name: DD_EXTERNAL_METRICS_PROVIDER_WPA_CONTROLLER + value: {{ .Values.clusterAgent.metricsProvider.wpaController | quote }} + - name: DD_EXTERNAL_METRICS_PROVIDER_USE_DATADOGMETRIC_CRD + value: {{ .Values.clusterAgent.metricsProvider.useDatadogMetrics | quote }} + {{- end }} + {{- if .Values.clusterAgent.admissionController.enabled }} + - name: DD_ADMISSION_CONTROLLER_ENABLED + value: {{ .Values.clusterAgent.admissionController.enabled | quote }} + - name: DD_ADMISSION_CONTROLLER_MUTATE_UNLABELLED + value: {{ .Values.clusterAgent.admissionController.mutateUnlabelled | quote }} + - name: DD_ADMISSION_CONTROLLER_SERVICE_NAME + value: {{ template "datadog.fullname" . }}-cluster-agent-admission-controller + {{- end }} + {{- if .Values.datadog.clusterChecks.enabled }} + - name: DD_CLUSTER_CHECKS_ENABLED + value: {{ .Values.datadog.clusterChecks.enabled | quote }} + - name: DD_EXTRA_CONFIG_PROVIDERS + value: "kube_endpoints kube_services" + - name: DD_EXTRA_LISTENERS + value: "kube_endpoints kube_services" + {{- end }} + {{- if .Values.datadog.clusterName }} + {{- if not (regexMatch "^([a-z]([a-z0-9\\-]{0,38}[a-z0-9])?\\.)*([a-z]([a-z0-9\\-]{0,38}[a-z0-9])?)$" .Values.datadog.clusterName) }} + {{- fail "Your `clusterName` isn’t valid. It must be dot-separated tokens where a token start with a lowercase letter followed by up to 39 lowercase letters, numbers, or hyphens and cannot end with a hyphen."}} + {{- end}} + - name: DD_CLUSTER_NAME + value: {{ .Values.datadog.clusterName | quote }} + {{- end }} + {{- if .Values.datadog.site }} + - name: DD_SITE + value: {{ .Values.datadog.site | quote }} + {{- end }} + {{- if .Values.datadog.dd_url }} + - name: DD_DD_URL + value: {{ .Values.datadog.dd_url | quote }} + {{- end }} + {{- if .Values.datadog.logLevel }} + - name: DD_LOG_LEVEL + value: {{ .Values.datadog.logLevel | quote }} + {{- end }} + - name: DD_LEADER_ELECTION + value: {{ default "true" .Values.datadog.leaderElection | quote}} + {{- if .Values.datadog.leaderLeaseDuration }} + - name: DD_LEADER_LEASE_DURATION + value: {{ .Values.datadog.leaderLeaseDuration | quote }} + {{- else if .Values.datadog.clusterChecks.enabled }} + - name: DD_LEADER_LEASE_DURATION + value: "15" + {{- end }} + {{- if .Values.datadog.collectEvents }} + - name: DD_COLLECT_KUBERNETES_EVENTS + value: {{ .Values.datadog.collectEvents | quote}} + {{- end }} + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: {{ template "datadog.fullname" . }}-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + name: {{ template "clusterAgent.tokenSecretName" . }} + key: token + - name: DD_KUBE_RESOURCES_NAMESPACE + value: {{ .Release.Namespace }} + {{- if .Values.datadog.orchestratorExplorer.enabled }} + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + {{- end }} +{{- if .Values.clusterAgent.env }} +{{ toYaml .Values.clusterAgent.env | indent 10 }} +{{- end }} + livenessProbe: +{{ toYaml .Values.clusterAgent.livenessProbe | indent 10 }} + readinessProbe: +{{ toYaml .Values.clusterAgent.readinessProbe | indent 10 }} + volumeMounts: + - name: installinfo + subPath: install_info + {{- if eq .Values.targetSystem "windows" }} + mountPath: C:/ProgramData/Datadog/install_info + {{- else }} + mountPath: /etc/datadog-agent/install_info + {{- end }} + readOnly: true +{{- if .Values.clusterAgent.volumeMounts }} +{{ toYaml .Values.clusterAgent.volumeMounts | indent 10 }} +{{- end }} +{{- if .Values.clusterAgent.confd }} + - name: confd + mountPath: /conf.d + readOnly: true +{{- end }} +{{- if .Values.clusterAgent.datadog_cluster_yaml }} + - name: cluster-agent-yaml + mountPath: /etc/datadog-agent/datadog-cluster.yaml + subPath: datadog-cluster.yaml + readOnly: true +{{- end}} + volumes: + - name: installinfo + configMap: + name: {{ template "datadog.fullname" . }}-installinfo +{{- if .Values.clusterAgent.confd }} + - name: confd + configMap: + name: {{ template "datadog.fullname" . }}-cluster-agent-confd +{{- end }} +{{- if .Values.clusterAgent.datadog_cluster_yaml }} + - name: cluster-agent-yaml + configMap: + name: {{ template "datadog.fullname" . }}-cluster-agent-config +{{- end}} + +{{- if .Values.clusterAgent.volumes }} +{{ toYaml .Values.clusterAgent.volumes | indent 8 }} +{{- end }} + {{- if .Values.clusterAgent.tolerations }} + tolerations: +{{ toYaml .Values.clusterAgent.tolerations | indent 8 }} + {{- end }} + {{- if .Values.clusterAgent.affinity }} + affinity: +{{ toYaml .Values.clusterAgent.affinity | indent 8 }} + {{- end }} + nodeSelector: + {{ template "label.os" . }}: {{ .Values.targetSystem }} + {{- if .Values.clusterAgent.nodeSelector }} +{{ toYaml .Values.clusterAgent.nodeSelector | indent 8 }} + {{- end }} +{{ end }} diff --git a/charts/datadog/datadog/2.4.200/templates/cluster-agent-pdb.yaml b/charts/datadog/datadog/2.4.200/templates/cluster-agent-pdb.yaml new file mode 100644 index 000000000..3d341f0de --- /dev/null +++ b/charts/datadog/datadog/2.4.200/templates/cluster-agent-pdb.yaml @@ -0,0 +1,17 @@ +{{- if .Values.clusterAgent.createPodDisruptionBudget -}} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: {{ template "datadog.fullname" . }}-cluster-agent + labels: + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +spec: + minAvailable: 1 + selector: + matchLabels: + app: {{ template "datadog.fullname" . }}-cluster-agent +{{- end -}} diff --git a/charts/datadog/datadog/2.4.200/templates/cluster-agent-rbac.yaml b/charts/datadog/datadog/2.4.200/templates/cluster-agent-rbac.yaml new file mode 100644 index 000000000..5b722750d --- /dev/null +++ b/charts/datadog/datadog/2.4.200/templates/cluster-agent-rbac.yaml @@ -0,0 +1,225 @@ +{{- if and .Values.clusterAgent.enabled .Values.clusterAgent.rbac.create -}} +apiVersion: {{ template "rbac.apiVersion" . }} +kind: ClusterRole +metadata: + labels: + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} + name: {{ template "datadog.fullname" . }}-cluster-agent +rules: +- apiGroups: + - "" + resources: + - services + - endpoints + - pods + - nodes + - componentstatuses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - get + - list + - watch + - create +- apiGroups: ["quota.openshift.io"] + resources: + - clusterresourcequotas + verbs: + - get + - list +- apiGroups: + - "autoscaling" + resources: + - horizontalpodautoscalers + verbs: + - list + - watch +{{- if .Values.datadog.collectEvents }} +- apiGroups: + - "" + resources: + - configmaps + resourceNames: + - datadogtoken # Kubernetes event collection state + verbs: + - get + - update +{{- end }} +- apiGroups: + - "" + resources: + - configmaps + resourceNames: + - datadog-leader-election # Leader election token +{{- if .Values.clusterAgent.metricsProvider.enabled }} + - datadog-custom-metrics + - extension-apiserver-authentication +{{- end }} + verbs: + - get + - update +- apiGroups: # To create the leader election token and hpa events + - "" + resources: + - configmaps + - events + verbs: + - create +- nonResourceURLs: + - "/version" + - "/healthz" + verbs: + - get +{{- if and .Values.clusterAgent.metricsProvider.enabled .Values.clusterAgent.metricsProvider.wpaController }} +- apiGroups: + - "datadoghq.com" + resources: + - "watermarkpodautoscalers" + verbs: + - "list" + - "get" + - "watch" +{{- end }} +{{- if .Values.datadog.orchestratorExplorer.enabled }} +- apiGroups: # to get the kube-system namespace UID and generate a cluster ID + - "" + resources: + - namespaces + resourceNames: + - "kube-system" + verbs: + - get +- apiGroups: # To create the cluster-id configmap + - "" + resources: + - configmaps + resourceNames: + - "datadog-cluster-id" + verbs: + - create + - get + - update +{{- end }} +{{- if and .Values.clusterAgent.metricsProvider.enabled .Values.clusterAgent.metricsProvider.useDatadogMetrics }} +- apiGroups: + - "datadoghq.com" + resources: + - "datadogmetrics" + verbs: + - "list" + - "create" + - "delete" + - "watch" +- apiGroups: + - "datadoghq.com" + resources: + - "datadogmetrics/status" + verbs: + - "update" +{{- end }} +{{- if .Values.clusterAgent.admissionController.enabled }} +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + verbs: ["get", "list", "watch", "update", "create"] +- apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "watch", "update", "create"] +- apiGroups: ["batch"] + resources: ["jobs", "cronjobs"] + verbs: ["get"] +- apiGroups: ["apps"] + resources: ["statefulsets", "replicasets", "deployments"] + verbs: ["get"] +{{- end }} +--- +apiVersion: {{ template "rbac.apiVersion" . }} +kind: ClusterRoleBinding +metadata: + labels: + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} + name: {{ template "datadog.fullname" . }}-cluster-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "datadog.fullname" . }}-cluster-agent +subjects: + - kind: ServiceAccount + name: {{ template "datadog.fullname" . }}-cluster-agent + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: "{{ template "datadog.fullname" . }}" + chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} + name: {{ template "datadog.fullname" . }}-cluster-agent +{{- end }} + +{{- if and .Values.clusterAgent.enabled .Values.clusterAgent.rbac.create .Values.clusterAgent.metricsProvider.enabled }} +--- +apiVersion: {{ template "rbac.apiVersion" . }} +kind: ClusterRoleBinding +metadata: + labels: + app: "{{ template "datadog.fullname" . }}" + chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} + name: {{ template "datadog.fullname" . }}-cluster-agent:system:auth-delegator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:auth-delegator +subjects: + - kind: ServiceAccount + name: {{ template "datadog.fullname" . }}-cluster-agent + namespace: {{ .Release.Namespace }} +--- +apiVersion: {{ template "rbac.apiVersion" . }} +kind: RoleBinding +metadata: + labels: + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} + name: "{{ template "datadog.fullname" . }}-cluster-agent" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: extension-apiserver-authentication-reader +subjects: + - kind: ServiceAccount + name: {{ template "datadog.fullname" . }}-cluster-agent + namespace: {{ .Release.Namespace }} +{{- end -}} diff --git a/charts/datadog/datadog/2.4.200/templates/confd-configmap.yaml b/charts/datadog/datadog/2.4.200/templates/confd-configmap.yaml new file mode 100644 index 000000000..44d64966c --- /dev/null +++ b/charts/datadog/datadog/2.4.200/templates/confd-configmap.yaml @@ -0,0 +1,26 @@ +{{- if (or (.Values.datadog.confd) (.Values.datadog.autoconf)) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "datadog.fullname" . }}-confd + labels: + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} + annotations: + checksum/confd-config: {{ tpl (toYaml .Values.datadog.confd) . | sha256sum }} + checksum/autoconf-config: {{ tpl (toYaml .Values.datadog.autoconf) . | sha256sum }} +data: +{{/* +Merge the legacy autoconf dict before so confd static configurations +override duplicates +*/}} +{{- if .Values.datadog.autoconf }} +{{ tpl (toYaml .Values.datadog.autoconf) . | indent 2 }} +{{- end }} +{{- if .Values.datadog.confd }} +{{ tpl (toYaml .Values.datadog.confd) . | indent 2 }} +{{- end }} +{{- end -}} diff --git a/charts/datadog/datadog/2.4.200/templates/container-agent.yaml b/charts/datadog/datadog/2.4.200/templates/container-agent.yaml new file mode 100644 index 000000000..99ac7e2a2 --- /dev/null +++ b/charts/datadog/datadog/2.4.200/templates/container-agent.yaml @@ -0,0 +1,161 @@ +{{- define "container-agent" -}} +- name: agent + image: "{{ .Values.agents.image.repository }}:{{ .Values.agents.image.tag }}" + imagePullPolicy: {{ .Values.agents.image.pullPolicy }} + command: ["agent", "run"] + resources: +{{ toYaml .Values.agents.containers.agent.resources | indent 4 }} + ports: + - containerPort: {{ .Values.datadog.dogstatsd.port }} + {{- if .Values.datadog.dogstatsd.useHostPort }} + hostPort: {{ .Values.datadog.dogstatsd.port }} + {{- end }} + name: dogstatsdport + protocol: UDP + env: + {{- include "containers-common-env" . | nindent 4 }} + {{- if .Values.datadog.logLevel }} + - name: DD_LOG_LEVEL + value: {{ .Values.agents.containers.agent.logLevel | default .Values.datadog.logLevel | quote }} + {{- end }} + {{- if .Values.datadog.dogstatsd.port }} + - name: DD_DOGSTATSD_PORT + value: {{ .Values.datadog.dogstatsd.port | quote }} + {{- end }} + {{- if .Values.datadog.dogstatsd.nonLocalTraffic }} + - name: DD_DOGSTATSD_NON_LOCAL_TRAFFIC + value: {{ .Values.datadog.dogstatsd.nonLocalTraffic | quote }} + {{- end }} + {{- if .Values.datadog.dogstatsd.originDetection }} + - name: DD_DOGSTATSD_ORIGIN_DETECTION + value: {{ .Values.datadog.dogstatsd.originDetection | quote }} + {{- end }} + {{- if not .Values.clusterAgent.enabled }} + {{- if .Values.datadog.leaderElection }} + - name: DD_LEADER_ELECTION + value: {{ .Values.datadog.leaderElection | quote}} + {{- end }} + {{- if .Values.datadog.leaderLeaseDuration }} + - name: DD_LEADER_LEASE_DURATION + value: {{ .Values.datadog.leaderLeaseDuration | quote }} + {{- end }} + {{- if .Values.datadog.collectEvents }} + - name: DD_COLLECT_KUBERNETES_EVENTS + value: {{.Values.datadog.collectEvents | quote}} + {{- end }} + {{- else }} + - name: DD_CLUSTER_AGENT_ENABLED + value: {{ .Values.clusterAgent.enabled | quote }} + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: {{ template "datadog.fullname" . }}-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + name: {{ template "clusterAgent.tokenSecretName" . }} + key: token + {{- end }} + - name: DD_APM_ENABLED + value: "false" + - name: DD_LOGS_ENABLED + value: {{ (default false (or .Values.datadog.logs.enabled .Values.datadog.logsEnabled)) | quote}} + - name: DD_LOGS_CONFIG_CONTAINER_COLLECT_ALL + value: {{ (default false (or .Values.datadog.logs.containerCollectAll .Values.datadog.logsConfigContainerCollectAll)) | quote}} + - name: DD_LOGS_CONFIG_K8S_CONTAINER_USE_FILE + value: {{ .Values.datadog.logs.containerCollectUsingFiles | quote }} + {{- if not .Values.datadog.livenessProbe }} + - name: DD_HEALTH_PORT + value: "5555" + {{- end }} + {{- if .Values.datadog.dogstatsd.useSocketVolume }} + - name: DD_DOGSTATSD_SOCKET + value: {{ .Values.datadog.dogstatsd.socketPath | quote }} + {{- end }} + {{- if .Values.datadog.clusterChecks.enabled }} + {{- if .Values.clusterChecksRunner.enabled }} + - name: DD_EXTRA_CONFIG_PROVIDERS + value: "endpointschecks" + {{ else }} + - name: DD_EXTRA_CONFIG_PROVIDERS + value: "clusterchecks endpointschecks" + {{- end }} + {{- end }} +{{- if .Values.agents.containers.agent.env }} +{{ toYaml .Values.agents.containers.agent.env | indent 4 }} +{{- end }} + volumeMounts: + - name: installinfo + subPath: install_info + {{- if eq .Values.targetSystem "windows" }} + mountPath: C:/ProgramData/Datadog/install_info + {{- else }} + mountPath: /etc/datadog-agent/install_info + {{- end }} + readOnly: true + - name: config + mountPath: {{ template "datadog.confPath" . }} + {{- if eq .Values.targetSystem "linux" }} + - name: runtimesocketdir + mountPath: {{ print "/host/" (dir (include "datadog.dockerOrCriSocketPath" .)) | clean }} + readOnly: true + {{- end }} + {{- if eq .Values.targetSystem "windows" }} + - name: runtimesocket + mountPath: {{ template "datadog.dockerOrCriSocketPath" . }} + {{- end }} + {{- if .Values.agents.useConfigMap }} + - name: {{ template "datadog.fullname" . }}-datadog-yaml + mountPath: {{ template "datadog.confPath" . }}/datadog.yaml + subPath: datadog.yaml + {{- end }} + {{- if eq .Values.targetSystem "linux" }} + {{- if .Values.datadog.dogstatsd.useSocketVolume }} + - name: dsdsocket + mountPath: {{ (dir .Values.datadog.dogstatsd.socketPath) }} + {{- end }} + {{- if .Values.datadog.systemProbe.enabled }} + - name: sysprobe-socket-dir + mountPath: /var/run/sysprobe + readOnly: true + - name: sysprobe-config + mountPath: /etc/datadog-agent/system-probe.yaml + subPath: system-probe.yaml + {{- end }} + - name: procdir + mountPath: /host/proc + readOnly: true + - name: cgroups + mountPath: /host/sys/fs/cgroup + readOnly: true + {{- if or .Values.datadog.logs.enabled .Values.datadog.logsEnabled }} + - name: pointerdir + mountPath: /opt/datadog-agent/run + - name: logpodpath + mountPath: /var/log/pods + readOnly: true + {{- if not .Values.datadog.criSocketPath }} + - name: logdockercontainerpath + mountPath: /var/lib/docker/containers + readOnly: true + {{- end }} + {{- end }} + {{- end }} + {{- if eq .Values.targetSystem "windows" }} + {{- if or .Values.datadog.logs.enabled .Values.datadog.logsEnabled }} + - name: pointerdir + mountPath: C:/var/log + - name: logpodpath + mountPath: C:/var/log/pods + readOnly: true + - name: logdockercontainerpath + mountPath: C:/ProgramData/docker/containers + readOnly: true + {{- end }} + {{- end }} +{{- if .Values.agents.volumeMounts }} +{{ toYaml .Values.agents.volumeMounts | indent 4 }} +{{- end }} + livenessProbe: +{{ toYaml .Values.agents.containers.agent.livenessProbe | indent 4 }} + readinessProbe: +{{ toYaml .Values.agents.containers.agent.readinessProbe | indent 4 }} +{{- end -}} diff --git a/charts/datadog/datadog/2.4.200/templates/container-process-agent.yaml b/charts/datadog/datadog/2.4.200/templates/container-process-agent.yaml new file mode 100644 index 000000000..d0c60c54f --- /dev/null +++ b/charts/datadog/datadog/2.4.200/templates/container-process-agent.yaml @@ -0,0 +1,72 @@ +{{- define "container-process-agent" -}} +- name: process-agent + image: "{{ .Values.agents.image.repository }}:{{ .Values.agents.image.tag }}" + imagePullPolicy: {{ .Values.agents.image.pullPolicy }} + {{- if eq .Values.targetSystem "linux" }} + command: ["process-agent", "-config={{ template "datadog.confPath" . }}/datadog.yaml"] + {{- end }} + {{- if eq .Values.targetSystem "windows" }} + command: ["process-agent", "-foreground", "-config={{ template "datadog.confPath" . }}/datadog.yaml"] + {{- end }} + resources: +{{ toYaml .Values.agents.containers.processAgent.resources | indent 4 }} + env: + {{- include "containers-common-env" . | nindent 4 }} + {{- if .Values.datadog.processAgent.processCollection }} + - name: DD_PROCESS_AGENT_ENABLED + value: "true" + {{- end }} + - name: DD_LOG_LEVEL + value: {{ .Values.agents.containers.processAgent.logLevel | default .Values.datadog.logLevel | quote }} + {{- if .Values.datadog.systemProbe.enabled }} + - name: DD_SYSTEM_PROBE_ENABLED + value: {{ .Values.datadog.systemProbe.enabled | quote }} + {{- end }} + {{- if .Values.datadog.orchestratorExplorer.enabled }} + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + - name: DD_ORCHESTRATOR_CLUSTER_ID + valueFrom: + configMapKeyRef: + name: datadog-cluster-id + key: id + {{- end }} +{{- if .Values.agents.containers.processAgent.env }} +{{ toYaml .Values.agents.containers.processAgent.env | indent 4 }} +{{- end }} + volumeMounts: + - name: config + mountPath: {{ template "datadog.confPath" . }} + {{- if eq .Values.targetSystem "linux" }} + - name: runtimesocketdir + mountPath: {{ print "/host/" (dir (include "datadog.dockerOrCriSocketPath" .)) | clean }} + readOnly: true + {{- end }} + {{- if eq .Values.targetSystem "windows" }} + - name: runtimesocket + mountPath: {{ template "datadog.dockerOrCriSocketPath" . }} + {{- end }} + {{- if .Values.agents.useConfigMap }} + - name: {{ template "datadog.fullname" . }}-datadog-yaml + mountPath: {{ template "datadog.confPath" . }}/datadog.yaml + subPath: datadog.yaml + {{- end }} + {{- if eq .Values.targetSystem "linux" }} + - name: cgroups + mountPath: /host/sys/fs/cgroup + readOnly: true + - name: passwd + mountPath: /etc/passwd + - name: procdir + mountPath: /host/proc + readOnly: true + {{- if .Values.datadog.systemProbe.enabled }} + - name: sysprobe-socket-dir + mountPath: /var/run/sysprobe + readOnly: true + - name: sysprobe-config + mountPath: /etc/datadog-agent/system-probe.yaml + subPath: system-probe.yaml + {{- end }} + {{- end }} +{{- end -}} diff --git a/charts/datadog/datadog/2.4.200/templates/container-system-probe.yaml b/charts/datadog/datadog/2.4.200/templates/container-system-probe.yaml new file mode 100644 index 000000000..e56b3f6b6 --- /dev/null +++ b/charts/datadog/datadog/2.4.200/templates/container-system-probe.yaml @@ -0,0 +1,33 @@ +{{- define "container-system-probe" -}} +- name: system-probe + image: "{{ .Values.agents.image.repository }}:{{ .Values.agents.image.tag }}" + imagePullPolicy: {{ .Values.agents.image.pullPolicy }} + securityContext: + capabilities: + add: ["SYS_ADMIN", "SYS_RESOURCE", "SYS_PTRACE", "NET_ADMIN", "IPC_LOCK"] + command: ["/opt/datadog-agent/embedded/bin/system-probe", "--config=/etc/datadog-agent/system-probe.yaml"] + env: + - name: DD_LOG_LEVEL + value: {{ .Values.agents.containers.systemProbe.logLevel | default .Values.datadog.logLevel | quote }} +{{- if .Values.agents.containers.systemProbe.env }} +{{ toYaml .Values.agents.containers.systemProbe.env | indent 4 }} +{{- end }} + resources: +{{ toYaml .Values.agents.containers.systemProbe.resources | indent 4 }} + volumeMounts: + - name: debugfs + mountPath: /sys/kernel/debug + - name: sysprobe-config + mountPath: /etc/datadog-agent + - name: sysprobe-socket-dir + mountPath: /var/run/sysprobe + - name: procdir + mountPath: /host/proc + readOnly: true + - name: modules + mountPath: /lib/modules + readOnly: true + - name: src + mountPath: /usr/src + readOnly: true +{{- end -}} diff --git a/charts/datadog/datadog/2.4.200/templates/container-trace-agent.yaml b/charts/datadog/datadog/2.4.200/templates/container-trace-agent.yaml new file mode 100644 index 000000000..ff64c5113 --- /dev/null +++ b/charts/datadog/datadog/2.4.200/templates/container-trace-agent.yaml @@ -0,0 +1,58 @@ +{{- define "container-trace-agent" -}} +- name: trace-agent + image: "{{ .Values.agents.image.repository }}:{{ .Values.agents.image.tag }}" + imagePullPolicy: {{ .Values.agents.image.pullPolicy }} + {{- if eq .Values.targetSystem "linux" }} + command: ["trace-agent", "-config={{ template "datadog.confPath" . }}/datadog.yaml"] + {{- end }} + {{- if eq .Values.targetSystem "windows" }} + command: ["trace-agent", "-foreground", "-config={{ template "datadog.confPath" . }}/datadog.yaml"] + {{- end }} + resources: +{{ toYaml .Values.agents.containers.traceAgent.resources | indent 4 }} + ports: + - containerPort: {{ .Values.datadog.apm.port }} + hostPort: {{ .Values.datadog.apm.port }} + name: traceport + protocol: TCP + env: + {{- include "containers-common-env" . | nindent 4 }} + - name: DD_LOG_LEVEL + value: {{ .Values.agents.containers.traceAgent.logLevel | default .Values.datadog.logLevel | quote }} + - name: DD_APM_ENABLED + value: "true" + - name: DD_APM_NON_LOCAL_TRAFFIC + value: "true" + - name: DD_APM_RECEIVER_PORT + value: {{ .Values.datadog.apm.port | quote }} + {{- if .Values.datadog.apm.useSocketVolume }} + - name: DD_APM_RECEIVER_SOCKET + value: {{ .Values.datadog.apm.socketPath | quote }} + {{- end }} +{{- if .Values.agents.containers.traceAgent.env }} +{{ toYaml .Values.agents.containers.traceAgent.env | indent 4 }} +{{- end }} + volumeMounts: + - name: config + mountPath: {{ template "datadog.confPath" . }} + {{- if .Values.agents.useConfigMap }} + - name: {{ template "datadog.fullname" . }}-datadog-yaml + mountPath: {{ template "datadog.confPath" . }}/datadog.yaml + subPath: datadog.yaml + {{- end }} + {{- if eq .Values.targetSystem "linux" }} + - name: runtimesocketdir + mountPath: {{ print "/host/" (dir (include "datadog.dockerOrCriSocketPath" .)) | clean }} + readOnly: true + {{- end }} + {{- if eq .Values.targetSystem "windows" }} + - name: runtimesocket + mountPath: {{ template "datadog.dockerOrCriSocketPath" . }} + {{- end }} + {{- if .Values.datadog.apm.useSocketVolume }} + - name: apmsocket + mountPath: {{ (dir .Values.datadog.apm.socketPath) }} + {{- end }} + livenessProbe: +{{ toYaml .Values.agents.containers.traceAgent.livenessProbe | indent 4 }} +{{- end -}} diff --git a/charts/datadog/datadog/2.4.200/templates/containers-common-env.yaml b/charts/datadog/datadog/2.4.200/templates/containers-common-env.yaml new file mode 100644 index 000000000..d8dd0fba6 --- /dev/null +++ b/charts/datadog/datadog/2.4.200/templates/containers-common-env.yaml @@ -0,0 +1,95 @@ +# The purpose of this template is to define a minimal set of environment +# variables required to operate dedicated containers in the daemonset +{{- define "containers-common-env" -}} +- name: DD_API_KEY + valueFrom: + secretKeyRef: + name: {{ template "datadog.apiSecretName" . }} + key: api-key +{{- if semverCompare "^1.7-0" .Capabilities.KubeVersion.GitVersion }} +- name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP +{{- end }} +{{- if .Values.datadog.clusterName }} +{{- if not (regexMatch "^([a-z]([a-z0-9\\-]{0,38}[a-z0-9])?\\.)*([a-z]([a-z0-9\\-]{0,38}[a-z0-9])?)$" .Values.datadog.clusterName) }} +{{- fail "Your `clusterName` isn’t valid. It must be dot-separated tokens where a token start with a lowercase letter followed by up to 39 lowercase letters, numbers, or hyphens and cannot end with a hyphen."}} +{{- end}} +- name: DD_CLUSTER_NAME + value: {{ .Values.datadog.clusterName | quote }} +{{- end }} +{{- if .Values.datadog.tags }} +- name: DD_TAGS + value: {{ .Values.datadog.tags | join " " | quote }} +{{- end }} +{{- if .Values.datadog.nodeLabelsAsTags }} +- name: DD_KUBERNETES_NODE_LABELS_AS_TAGS + value: '{{ toJson .Values.datadog.nodeLabelsAsTags }}' +{{- end }} +{{- if .Values.datadog.podLabelsAsTags }} +- name: DD_KUBERNETES_POD_LABELS_AS_TAGS + value: '{{ toJson .Values.datadog.podLabelsAsTags }}' +{{- end }} +{{- if .Values.datadog.podAnnotationsAsTags }} +- name: DD_KUBERNETES_POD_ANNOTATIONS_AS_TAGS + value: '{{ toJson .Values.datadog.podAnnotationsAsTags }}' +{{- end }} +- name: KUBERNETES + value: "yes" +{{- if .Values.datadog.site }} +- name: DD_SITE + value: {{ .Values.datadog.site | quote }} +{{- end }} +{{- if .Values.datadog.dd_url }} +- name: DD_DD_URL + value: {{ .Values.datadog.dd_url | quote }} +{{- end }} +{{- if .Values.datadog.env }} +{{ toYaml .Values.datadog.env }} +{{- end }} +{{- if .Values.datadog.acInclude }} +- name: DD_AC_INCLUDE + value: {{ .Values.datadog.acInclude | quote }} +{{- end }} +{{- if .Values.datadog.acExclude }} +- name: DD_AC_EXCLUDE + value: {{ .Values.datadog.acExclude | quote }} +{{- end }} +{{- if .Values.datadog.containerInclude }} +- name: DD_CONTAINER_INCLUDE + value: {{ .Values.datadog.containerInclude | quote }} +{{- end }} +{{- if .Values.datadog.containerExclude }} +- name: DD_CONTAINER_EXCLUDE + value: {{ .Values.datadog.containerExclude | quote }} +{{- end }} +{{- if .Values.datadog.containerIncludeMetrics }} +- name: DD_CONTAINER_INCLUDE_METRICS + value: {{ .Values.datadog.containerIncludeMetrics | quote }} +{{- end }} +{{- if .Values.datadog.containerExcludeMetrics }} +- name: DD_CONTAINER_EXCLUDE_METRICS + value: {{ .Values.datadog.containerExcludeMetrics | quote }} +{{- end }} +{{- if .Values.datadog.containerIncludeLogs }} +- name: DD_CONTAINER_INCLUDE_LOGS + value: {{ .Values.datadog.containerIncludeLogs | quote }} +{{- end }} +{{- if .Values.datadog.containerExcludeLogs }} +- name: DD_CONTAINER_EXCLUDE_LOGS + value: {{ .Values.datadog.containerExcludeLogs | quote }} +{{- end }} +{{- if .Values.datadog.criSocketPath }} +- name: DD_CRI_SOCKET_PATH + value: {{ print "/host/" .Values.datadog.criSocketPath | clean }} +{{- else }} +- name: DOCKER_HOST +{{- if eq .Values.targetSystem "linux" }} + value: unix://{{ print "/host/" (include "datadog.dockerOrCriSocketPath" .) | clean }} +{{- end }} +{{- if eq .Values.targetSystem "windows" }} + value: npipe://{{ (include "datadog.dockerOrCriSocketPath" .) | replace "\\" "/" }} +{{- end }} +{{- end }} +{{- end -}} diff --git a/charts/datadog/datadog/2.4.200/templates/containers-init-linux.yaml b/charts/datadog/datadog/2.4.200/templates/containers-init-linux.yaml new file mode 100644 index 000000000..bfb0ef1ea --- /dev/null +++ b/charts/datadog/datadog/2.4.200/templates/containers-init-linux.yaml @@ -0,0 +1,51 @@ +{{- define "containers-init-linux" -}} +- name: init-volume + image: "{{ .Values.agents.image.repository }}:{{ .Values.agents.image.tag }}" + imagePullPolicy: {{ .Values.agents.image.pullPolicy }} + command: ["bash", "-c"] + args: + - cp -r /etc/datadog-agent /opt + volumeMounts: + - name: config + mountPath: /opt/datadog-agent + resources: +{{ toYaml .Values.agents.containers.initContainers.resources | indent 4 }} +- name: init-config + image: "{{ .Values.agents.image.repository }}:{{ .Values.agents.image.tag }}" + imagePullPolicy: {{ .Values.agents.image.pullPolicy }} + command: ["bash", "-c"] + args: + - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done + volumeMounts: + - name: config + mountPath: /etc/datadog-agent + {{- if (or (.Values.datadog.confd) (.Values.datadog.autoconf)) }} + - name: confd + mountPath: /conf.d + readOnly: true + {{- end }} + {{- if .Values.datadog.checksd }} + - name: checksd + mountPath: /checks.d + readOnly: true + {{- end }} + - name: procdir + mountPath: /host/proc + readOnly: true + - name: runtimesocketdir + mountPath: {{ print "/host/" (dir (include "datadog.dockerOrCriSocketPath" .)) | clean }} + readOnly: true + {{- if .Values.datadog.systemProbe.enabled }} + - name: sysprobe-config + mountPath: /etc/datadog-agent/system-probe.yaml + subPath: system-probe.yaml + {{- end }} + env: + {{- include "containers-common-env" . | nindent 4 }} + {{- if and (not .Values.clusterAgent.enabled) .Values.datadog.leaderElection }} + - name: DD_LEADER_ELECTION + value: {{ .Values.datadog.leaderElection | quote }} + {{- end }} + resources: +{{ toYaml .Values.agents.containers.initContainers.resources | indent 4 }} +{{- end -}} diff --git a/charts/datadog/datadog/2.4.200/templates/containers-init-windows.yaml b/charts/datadog/datadog/2.4.200/templates/containers-init-windows.yaml new file mode 100644 index 000000000..e5ae9ec88 --- /dev/null +++ b/charts/datadog/datadog/2.4.200/templates/containers-init-windows.yaml @@ -0,0 +1,38 @@ +{{- define "containers-init-windows" -}} +- name: init-volume + image: "{{ .Values.agents.image.repository }}:{{ .Values.agents.image.tag }}" + imagePullPolicy: {{ .Values.agents.image.pullPolicy }} + command: ["pwsh", "-Command"] + args: + - Copy-Item -Recurse -Force {{ template "datadog.confPath" . }} C:/Temp + volumeMounts: + - name: config + mountPath: C:/Temp/Datadog + resources: +{{ toYaml .Values.agents.containers.initContainers.resources | indent 4 }} +- name: init-config + image: "{{ .Values.agents.image.repository }}:{{ .Values.agents.image.tag }}" + imagePullPolicy: {{ .Values.agents.image.pullPolicy }} + command: ["pwsh", "-Command"] + args: + - Get-ChildItem 'entrypoint-ps1' | ForEach-Object { & $_.FullName if (-Not $?) { exit 1 } } + volumeMounts: + - name: config + mountPath: {{ template "datadog.confPath" . }} + {{- if (or (.Values.datadog.confd) (.Values.datadog.autoconf)) }} + - name: confd + mountPath: C:/conf.d + readOnly: true + {{- end }} + {{- if .Values.datadog.checksd }} + - name: checksd + mountPath: C:/checks.d + readOnly: true + {{- end }} + - name: runtimesocket + mountPath: {{ template "datadog.dockerOrCriSocketPath" . }} + env: + {{- include "containers-common-env" . | nindent 4 }} + resources: +{{ toYaml .Values.agents.containers.initContainers.resources | indent 4 }} +{{- end -}} diff --git a/charts/datadog/datadog/2.4.200/templates/daemonset-volumes-linux.yaml b/charts/datadog/datadog/2.4.200/templates/daemonset-volumes-linux.yaml new file mode 100644 index 000000000..17529c31b --- /dev/null +++ b/charts/datadog/datadog/2.4.200/templates/daemonset-volumes-linux.yaml @@ -0,0 +1,69 @@ +{{- define "daemonset-volumes-linux" -}} +- hostPath: + path: /proc + name: procdir +- hostPath: + path: /sys/fs/cgroup + name: cgroups +{{- if .Values.datadog.dogstatsd.useSocketVolume }} +- hostPath: + path: {{ .Values.datadog.dogstatsd.hostSocketPath }} + type: DirectoryOrCreate + name: dsdsocket +{{- end }} +{{- if .Values.datadog.apm.useSocketVolume }} +- hostPath: + path: {{ .Values.datadog.apm.hostSocketPath }} + type: DirectoryOrCreate + name: apmsocket +{{- end }} +- name: s6-run + emptyDir: {} +{{- if (or (.Values.datadog.confd) (.Values.datadog.autoconf)) }} +- name: confd + configMap: + name: {{ template "datadog.fullname" . }}-confd +{{- end }} +{{- if .Values.datadog.systemProbe.enabled }} +- name: sysprobe-config + configMap: + name: {{ template "datadog.fullname" . }}-system-probe-config +{{- if eq .Values.datadog.systemProbe.seccomp "localhost/system-probe" }} +- name: datadog-agent-security + configMap: + name: {{ template "datadog.fullname" . }}-security +- hostPath: + path: {{ .Values.datadog.systemProbe.seccompRoot }} + name: seccomp-root +{{- end }} +- hostPath: + path: /sys/kernel/debug + name: debugfs +- name: sysprobe-socket-dir + emptyDir: {} +- hostPath: + path: /lib/modules + name: modules +- hostPath: + path: /usr/src + name: src +{{- end }} +{{- if or .Values.datadog.processAgent.enabled .Values.datadog.systemProbe.enabled }} +- hostPath: + path: /etc/passwd + name: passwd +{{- end }} +{{- if or .Values.datadog.logs.enabled .Values.datadog.logsEnabled }} +- hostPath: + path: "/var/lib/datadog-agent/logs" + name: pointerdir +- hostPath: + path: /var/log/pods + name: logpodpath +{{- if not .Values.datadog.criSocketPath }} +- hostPath: + path: /var/lib/docker/containers + name: logdockercontainerpath +{{- end }} +{{- end }} +{{- end -}} diff --git a/charts/datadog/datadog/2.4.200/templates/daemonset-volumes-windows.yaml b/charts/datadog/datadog/2.4.200/templates/daemonset-volumes-windows.yaml new file mode 100644 index 000000000..eb9e0fd52 --- /dev/null +++ b/charts/datadog/datadog/2.4.200/templates/daemonset-volumes-windows.yaml @@ -0,0 +1,13 @@ +{{- define "daemonset-volumes-windows" -}} +{{- if or .Values.datadog.logs.enabled .Values.datadog.logsEnabled }} +- hostPath: + path: C:/var/log + name: pointerdir +- hostPath: + path: C:/var/log/pods + name: logpodpath +- hostPath: + path: C:/ProgramData/docker/containers + name: logdockercontainerpath +{{- end }} +{{- end -}} diff --git a/charts/datadog/datadog/2.4.200/templates/daemonset.yaml b/charts/datadog/datadog/2.4.200/templates/daemonset.yaml new file mode 100644 index 000000000..5f3e3a90b --- /dev/null +++ b/charts/datadog/datadog/2.4.200/templates/daemonset.yaml @@ -0,0 +1,150 @@ +{{- template "check-version" . }} +{{- if .Values.agents.enabled }} +{{- if (or (.Values.datadog.apiKeyExistingSecret) (.Values.datadog.apiKey)) }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ template "datadog.fullname" . }} + labels: + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +spec: + selector: + matchLabels: + app: {{ template "datadog.fullname" . }} + {{- if .Values.agents.podLabels }} +{{ toYaml .Values.agents.podLabels | indent 6 }} + {{- end }} + template: + metadata: + labels: + app: {{ template "datadog.fullname" . }} + {{- if .Values.agents.podLabels }} +{{ toYaml .Values.agents.podLabels | indent 8 }} + {{- end }} + name: {{ template "datadog.fullname" . }} + annotations: + checksum/install_info: {{ printf "%s-%s" .Chart.Name .Chart.Version | sha256sum }} + checksum/autoconf-config: {{ tpl (toYaml .Values.datadog.autoconf) . | sha256sum }} + checksum/confd-config: {{ tpl (toYaml .Values.datadog.confd) . | sha256sum }} + checksum/checksd-config: {{ tpl (toYaml .Values.datadog.checksd) . | sha256sum }} + {{- if .Values.agents.customAgentConfig }} + checksum/agent-config: {{ tpl (toYaml .Values.agents.customAgentConfig) . | sha256sum }} + {{- end }} + {{- if .Values.datadog.systemProbe.enabled }} + container.apparmor.security.beta.kubernetes.io/system-probe: {{ .Values.datadog.systemProbe.apparmor }} + container.seccomp.security.alpha.kubernetes.io/system-probe: {{ .Values.datadog.systemProbe.seccomp }} + {{- end }} + {{- if .Values.agents.podAnnotations }} +{{ toYaml .Values.agents.podAnnotations | indent 8 }} + {{- end }} + spec: + {{- if .Values.datadog.securityContext }} + securityContext: +{{ toYaml .Values.datadog.securityContext| indent 8 }} + {{- else if or .Values.agents.podSecurity.podSecurityPolicy.create .Values.agents.podSecurity.securityContextConstraints.create -}} + {{- if and (.Values.agents.podSecurity.securityContext) .Values.agents.podSecurity.securityContext.seLinuxOptions }} + securityContext: + seLinuxOptions: +{{ toYaml .Values.agents.podSecurity.securityContext.seLinuxOptions | indent 10 }} + {{- end }} + {{- end }} + {{- if .Values.agents.useHostNetwork }} + hostNetwork: {{ .Values.agents.useHostNetwork }} + dnsPolicy: ClusterFirstWithHostNet + {{- end }} + {{- if .Values.agents.dnsConfig }} + dnsConfig: +{{ toYaml .Values.agents.dnsConfig | indent 8 }} + {{- end }} + {{- if .Values.datadog.dogstatsd.useHostPID }} + hostPID: {{ .Values.datadog.dogstatsd.useHostPID }} + {{- end }} + {{- if .Values.agents.image.pullSecrets }} + imagePullSecrets: +{{ toYaml .Values.agents.image.pullSecrets | indent 8 }} + {{- end }} + {{- if .Values.agents.priorityClassName }} + priorityClassName: {{ .Values.agents.priorityClassName }} + {{- end }} + containers: + {{- include "container-agent" . | nindent 6 }} + {{- if .Values.datadog.apm.enabled }} + {{- include "container-trace-agent" . | nindent 6 }} + {{- end }} + {{- if .Values.datadog.processAgent.enabled }} + {{- include "container-process-agent" . | nindent 6 }} + {{- end }} + {{- if .Values.datadog.systemProbe.enabled }} + {{- include "container-system-probe" . | nindent 6 }} + {{- end }} + initContainers: + {{- if eq .Values.targetSystem "windows" }} + {{ include "containers-init-windows" . | nindent 6 }} + {{- end }} + {{- if eq .Values.targetSystem "linux" }} + {{ include "containers-init-linux" . | nindent 6 }} + {{- end }} + {{- if and .Values.datadog.systemProbe.enabled (eq .Values.datadog.systemProbe.seccomp "localhost/system-probe") }} + {{ include "system-probe-init" . | nindent 6 }} + {{- end }} + volumes: + - name: installinfo + configMap: + name: {{ template "datadog.fullname" . }}-installinfo + - name: config + emptyDir: {} + {{- if eq .Values.targetSystem "linux" }} + - hostPath: + path: {{ dir (include "datadog.dockerOrCriSocketPath" .) }} + name: runtimesocketdir + {{- end }} + {{- if eq .Values.targetSystem "windows" }} + - hostPath: + path: {{ template "datadog.dockerOrCriSocketPath" . }} + name: runtimesocket + {{- end }} + {{- if .Values.datadog.checksd }} + - name: checksd + configMap: + name: {{ template "datadog.fullname" . }}-checksd + {{- end }} + {{- if .Values.agents.useConfigMap }} + - name: {{ template "datadog.fullname" . }}-datadog-yaml + configMap: + name: {{ template "datadog.fullname" . }}-datadog-yaml + {{- end }} + {{- if eq .Values.targetSystem "windows" }} + {{ include "daemonset-volumes-windows" . | nindent 6 }} + {{- end }} + {{- if eq .Values.targetSystem "linux" }} + {{ include "daemonset-volumes-linux" . | nindent 6 }} + {{- end }} +{{- if .Values.agents.volumes }} +{{ toYaml .Values.agents.volumes | indent 6 }} +{{- end }} + tolerations: + {{- if eq .Values.targetSystem "windows" }} + - effect: NoSchedule + key: node.kubernetes.io/os + value: windows + operator: Equal + {{- end }} + {{- if .Values.agents.tolerations }} +{{ toYaml .Values.agents.tolerations | indent 6 }} + {{- end }} + affinity: +{{ toYaml .Values.agents.affinity | indent 8 }} + serviceAccountName: {{ if .Values.agents.rbac.create }}{{ template "datadog.fullname" . }}{{ else }}"{{ .Values.agents.rbac.serviceAccountName }}"{{ end }} + nodeSelector: + {{ template "label.os" . }}: {{ .Values.targetSystem }} + {{- if .Values.agents.nodeSelector }} +{{ toYaml .Values.agents.nodeSelector | indent 8 }} + {{- end }} + updateStrategy: +{{ toYaml .Values.agents.updateStrategy | indent 4 }} +{{ end }} +{{ end }} diff --git a/charts/datadog/datadog/2.4.200/templates/datadog-yaml-configmap.yaml b/charts/datadog/datadog/2.4.200/templates/datadog-yaml-configmap.yaml new file mode 100644 index 000000000..cfb827dfe --- /dev/null +++ b/charts/datadog/datadog/2.4.200/templates/datadog-yaml-configmap.yaml @@ -0,0 +1,51 @@ +{{- if .Values.agents.useConfigMap }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "datadog.fullname" . }}-datadog-yaml + labels: + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} + annotations: + {{- if .Values.agents.customAgentConfig }} + checksum/agent-config: {{ tpl (toYaml .Values.agents.customAgentConfig) . | sha256sum }} + {{- end }} +data: + datadog.yaml: | + {{- if .Values.agents.customAgentConfig }} +{{ tpl (toYaml .Values.agents.customAgentConfig) . | indent 4 }} + {{- else }} + ## Provides autodetected defaults, for kubernetes environments, + ## please see datadog.yaml.example for all supported options + + # Autodiscovery for Kubernetes + listeners: + - name: kubelet + config_providers: + - name: kubelet + polling: true + + # Enable APM by setting the DD_APM_ENABLED envvar to true, or override this configuration + apm_config: + enabled: true + apm_non_local_traffic: true + max_memory: 0 + max_cpu_percent: 0 + + {{- $version := (.Values.agents.image.tag | toString | trimSuffix "-jmx") }} + {{- $length := len (split "." $version ) -}} + {{- if and (eq $length 1) (ge $version "6") -}} + {{- $version := "6.15" }} + {{- end -}} + {{ if semverCompare ">=6.15" $version }} + # Enable java container awareness (agent version >= 6.15) + jmx_use_container_support: true + {{ else }} + # Enable java cgroup memory awareness (agent version < 6.15) + jmx_use_cgroup_memory_limit: true + {{ end }} + {{- end }} +{{- end }} diff --git a/charts/datadog/datadog/2.4.200/templates/hpa-external-metrics-rbac.yaml b/charts/datadog/datadog/2.4.200/templates/hpa-external-metrics-rbac.yaml new file mode 100644 index 000000000..4ba6c9557 --- /dev/null +++ b/charts/datadog/datadog/2.4.200/templates/hpa-external-metrics-rbac.yaml @@ -0,0 +1,52 @@ +{{- if and .Values.clusterAgent.enabled .Values.clusterAgent.rbac.create .Values.clusterAgent.metricsProvider.enabled .Values.clusterAgent.metricsProvider.createReaderRbac -}} +apiVersion: {{ template "rbac.apiVersion" . }} +kind: ClusterRole +metadata: + labels: + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- if contains "-gke." .Capabilities.KubeVersion.GitVersion }} + name: external-metrics-reader +{{- else }} + name: {{ template "datadog.fullname" . }}-cluster-agent-external-metrics-reader +{{- end }} +rules: +- apiGroups: + - "external.metrics.k8s.io" + resources: + - "*" + verbs: + - list + - get + - watch +--- +apiVersion: {{ template "rbac.apiVersion" . }} +kind: ClusterRoleBinding +metadata: + labels: + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- if contains "-gke." .Capabilities.KubeVersion.GitVersion }} + name: external-metrics-reader +{{- else }} + name: {{ template "datadog.fullname" . }}-cluster-agent-external-metrics-reader +{{- end }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole +{{- if contains "-gke." .Capabilities.KubeVersion.GitVersion }} + name: external-metrics-reader +{{- else }} + name: {{ template "datadog.fullname" . }}-cluster-agent-external-metrics-reader +{{- end }} +subjects: +- kind: ServiceAccount + name: horizontal-pod-autoscaler + namespace: kube-system +{{- end -}} diff --git a/charts/datadog/datadog/2.4.200/templates/install_info-configmap.yaml b/charts/datadog/datadog/2.4.200/templates/install_info-configmap.yaml new file mode 100644 index 000000000..52059f8ae --- /dev/null +++ b/charts/datadog/datadog/2.4.200/templates/install_info-configmap.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "datadog.fullname" . }}-installinfo + labels: + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} + annotations: + checksum/install_info: {{ printf "%s-%s" .Chart.Name .Chart.Version | sha256sum }} +data: + install_info: | + --- + install_method: + tool: helm + tool_version: {{ .Release.Service }} + installer_version: {{ .Chart.Name }}-{{ .Chart.Version }} diff --git a/charts/datadog/datadog/2.4.200/templates/rbac.yaml b/charts/datadog/datadog/2.4.200/templates/rbac.yaml new file mode 100644 index 000000000..74a5b044c --- /dev/null +++ b/charts/datadog/datadog/2.4.200/templates/rbac.yaml @@ -0,0 +1,116 @@ +{{- if .Values.agents.rbac.create -}} +apiVersion: {{ template "rbac.apiVersion" . }} +kind: ClusterRole +metadata: + labels: + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} + name: {{ template "datadog.fullname" . }} +rules: +{{- if not .Values.clusterAgent.enabled }} +- apiGroups: + - "" + resources: + - services + - events + - endpoints + - pods + - nodes + - componentstatuses + verbs: + - get + - list + - watch +- apiGroups: ["quota.openshift.io"] + resources: + - clusterresourcequotas + verbs: + - get + - list +{{- if .Values.datadog.collectEvents }} +- apiGroups: + - "" + resources: + - configmaps + resourceNames: + - datadogtoken # Kubernetes event collection state + verbs: + - get + - update +{{- end }} +{{- if .Values.datadog.leaderElection }} +- apiGroups: + - "" + resources: + - configmaps + resourceNames: + - datadog-leader-election # Leader election token + verbs: + - get + - update +- apiGroups: # To create the leader election token + - "" + resources: + - configmaps + verbs: + - create +{{- end }} +- nonResourceURLs: + - "/version" + - "/healthz" + verbs: + - get +{{- end }} +- nonResourceURLs: + - "/metrics" + verbs: + - get +- apiGroups: # Kubelet connectivity + - "" + resources: + - nodes/metrics + - nodes/spec + - nodes/proxy + - nodes/stats + verbs: + - get +- apiGroups: # leader election check + - "" + resources: + - endpoints + verbs: + - get +--- +apiVersion: {{ template "rbac.apiVersion" . }} +kind: ClusterRoleBinding +metadata: + labels: + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} + name: {{ template "datadog.fullname" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "datadog.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "datadog.fullname" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} + name: {{ template "datadog.fullname" . }} +{{- end -}} diff --git a/charts/datadog/datadog/2.4.200/templates/secrets.yaml b/charts/datadog/datadog/2.4.200/templates/secrets.yaml new file mode 100644 index 000000000..c386893bb --- /dev/null +++ b/charts/datadog/datadog/2.4.200/templates/secrets.yaml @@ -0,0 +1,38 @@ +# API Key +{{- if not .Values.datadog.apiKeyExistingSecret }} + +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "datadog.fullname" . }} + labels: + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +type: Opaque +data: + api-key: {{ default "MISSING" .Values.datadog.apiKey | b64enc | quote }} + +{{- end }} + +# APP Key +{{- if not .Values.datadog.appKeyExistingSecret }} +{{- if and .Values.clusterAgent.enabled .Values.clusterAgent.metricsProvider.enabled }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "datadog.appKeySecretName" . }} + labels: + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +type: Opaque +data: + app-key: {{ default "MISSING" .Values.datadog.appKey | b64enc | quote }} +{{- end }} +{{- end }} diff --git a/charts/datadog/datadog/2.4.200/templates/system-probe-configmap.yaml b/charts/datadog/datadog/2.4.200/templates/system-probe-configmap.yaml new file mode 100644 index 000000000..40059e149 --- /dev/null +++ b/charts/datadog/datadog/2.4.200/templates/system-probe-configmap.yaml @@ -0,0 +1,218 @@ +{{- if .Values.datadog.systemProbe.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "datadog.fullname" . }}-system-probe-config + namespace: {{ $.Release.Namespace }} + labels: + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +data: + system-probe.yaml: | + system_probe_config: + enabled: {{ $.Values.datadog.systemProbe.enabled }} + debug_port: {{ $.Values.datadog.systemProbe.debugPort }} + sysprobe_socket: /var/run/sysprobe/sysprobe.sock + enable_conntrack: {{ $.Values.datadog.systemProbe.enableConntrack }} + bpf_debug: {{ $.Values.datadog.systemProbe.bpfDebug }} + enable_tcp_queue_length: {{ $.Values.datadog.systemProbe.enableTCPQueueLength }} + enable_oom_kill: {{ $.Values.datadog.systemProbe.enableOOMKill }} + collect_dns_stats: {{ $.Values.datadog.systemProbe.collectDNSStats }} + +{{- if eq .Values.datadog.systemProbe.seccomp "localhost/system-probe" }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "datadog.fullname" . }}-security + namespace: {{ $.Release.Namespace }} + labels: + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +data: + system-probe-seccomp.json: | + { + "defaultAction": "SCMP_ACT_ERRNO", + "syscalls": [ + { + "names": [ + "accept4", + "access", + "arch_prctl", + "bind", + "bpf", + "brk", + "capget", + "capset", + "chdir", + "clock_gettime", + "clone", + "close", + "connect", + "copy_file_range", + "creat", + "dup", + "dup2", + "dup3", + "epoll_create", + "epoll_create1", + "epoll_ctl", + "epoll_ctl_old", + "epoll_pwait", + "epoll_wait", + "epoll_wait", + "epoll_wait_old", + "execve", + "execveat", + "exit", + "exit_group", + "fchmod", + "fchmodat", + "fchown", + "fchown32", + "fchownat", + "fcntl", + "fcntl64", + "fstat", + "fstat64", + "fstatfs", + "fsync", + "futex", + "getcwd", + "getdents", + "getdents64", + "getegid", + "geteuid", + "getgid", + "getpeername", + "getpid", + "getppid", + "getpriority", + "getrandom", + "getresgid", + "getresgid32", + "getresuid", + "getresuid32", + "getrlimit", + "getrusage", + "getsid", + "getsockname", + "getsockopt", + "gettid", + "gettimeofday", + "getuid", + "getxattr", + "ioctl", + "ipc", + "listen", + "lseek", + "lstat", + "lstat64", + "madvise", + "mkdir", + "mkdirat", + "mmap", + "mmap2", + "mprotect", + "mremap", + "munmap", + "nanosleep", + "newfstatat", + "open", + "openat", + "pause", + "perf_event_open", + "pipe", + "pipe2", + "poll", + "ppoll", + "prctl", + "pread64", + "prlimit64", + "pselect6", + "read", + "readlink", + "readlinkat", + "recvfrom", + "recvmmsg", + "recvmsg", + "rename", + "restart_syscall", + "rmdir", + "rt_sigaction", + "rt_sigpending", + "rt_sigprocmask", + "rt_sigqueueinfo", + "rt_sigreturn", + "rt_sigsuspend", + "rt_sigtimedwait", + "rt_tgsigqueueinfo", + "sched_getaffinity", + "sched_yield", + "seccomp", + "select", + "semtimedop", + "send", + "sendmmsg", + "sendmsg", + "sendto", + "set_robust_list", + "set_tid_address", + "setgid", + "setgid32", + "setgroups", + "setgroups32", + "setns", + "setrlimit", + "setsid", + "setsidaccept4", + "setsockopt", + "setuid", + "setuid32", + "sigaltstack", + "socket", + "socketcall", + "socketpair", + "stat", + "stat64", + "statfs", + "sysinfo", + "umask", + "uname", + "unlink", + "unlinkat", + "wait4", + "waitid", + "waitpid", + "write" + ], + "action": "SCMP_ACT_ALLOW", + "args": null + }, + { + "names": [ + "setns" + ], + "action": "SCMP_ACT_ALLOW", + "args": [ + { + "index": 1, + "value": 1073741824, + "valueTwo": 0, + "op": "SCMP_CMP_EQ" + } + ], + "comment": "", + "includes": {}, + "excludes": {} + } + ] + } +{{- end }} +{{- end }} diff --git a/charts/datadog/datadog/2.4.200/templates/system-probe-init.yaml b/charts/datadog/datadog/2.4.200/templates/system-probe-init.yaml new file mode 100644 index 000000000..3507c7192 --- /dev/null +++ b/charts/datadog/datadog/2.4.200/templates/system-probe-init.yaml @@ -0,0 +1,15 @@ +{{- define "system-probe-init" -}} +- name: seccomp-setup + image: "{{ .Values.agents.image.repository }}:{{ .Values.agents.image.tag }}" + command: + - cp + - /etc/config/system-probe-seccomp.json + - /host/var/lib/kubelet/seccomp/system-probe + volumeMounts: + - name: datadog-agent-security + mountPath: /etc/config + - name: seccomp-root + mountPath: /host/var/lib/kubelet/seccomp + resources: +{{ toYaml .Values.agents.containers.initContainers.resources | indent 4 }} +{{- end -}} diff --git a/charts/datadog/datadog/2.4.200/values.yaml b/charts/datadog/datadog/2.4.200/values.yaml new file mode 100644 index 000000000..8ab4ac1be --- /dev/null +++ b/charts/datadog/datadog/2.4.200/values.yaml @@ -0,0 +1,1254 @@ +## Default values for Datadog Agent +## See Datadog helm documentation to learn more: +## https://docs.datadoghq.com/agent/kubernetes/helm/ + +## @param nameOverride - string - optional +## Override name of app. +# +nameOverride: # "" + +## @param fullnameOverride - string - optional +## Override the full qualified app name. +# +fullnameOverride: # "" + +## @param targetSystem - string - required +## Set the target OS for this deployment +## Possible values: linux, windows +# +targetSystem: "linux" + +datadog: + ## @param apiKey - string - required + ## Set this to your Datadog API key before the Agent runs. + ## ref: https://app.datadoghq.com/account/settings#agent/kubernetes + # + apiKey: + + ## @param apiKeyExistingSecret - string - optional + ## Use existing Secret which stores API key instead of creating a new one. + ## If set, this parameter takes precedence over "apiKey". + # + apiKeyExistingSecret: # + + ## @param appKey - string - optional + ## If you are using clusterAgent.metricsProvider.enabled = true, you must set + ## a Datadog application key for read access to your metrics. + # + appKey: # + + ## @param appKeyExistingSecret - string - optional + ## Use existing Secret which stores APP key instead of creating a new one + ## If set, this parameter takes precedence over "appKey". + # + appKeyExistingSecret: # + + ## @param securityContext - object - optional + ## You can modify the security context used to run the containers by + ## modifying the label type below: + # + securityContext: {} + # seLinuxOptions: + # user: "system_u" + # role: "system_r" + # type: "spc_t" + # level: "s0" + + ## @param clusterName - string - optional + ## Set a unique cluster name to allow scoping hosts and Cluster Checks easily + ## The name must be unique and must be dot-separated tokens where a token can be up to 40 characters with the following restrictions: + ## * Lowercase letters, numbers, and hyphens only. + ## * Must start with a letter. + ## * Must end with a number or a letter. + ## Compared to the rules of GKE, dots are allowed whereas they are not allowed on GKE: + ## https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#Cluster.FIELDS.name + # + clusterName: # + + ## @param site - string - optional - default: 'datadoghq.com' + ## The site of the Datadog intake to send Agent data to. + ## Set to 'datadoghq.eu' to send data to the EU site. + # + site: # datadoghq.com + + ## @param dd_url - string - optional - default: 'https://app.datadoghq.com' + ## The host of the Datadog intake server to send Agent data to, only set this option + ## if you need the Agent to send data to a custom URL. + ## Overrides the site setting defined in "site". + # + dd_url: # https://app.datadoghq.com + + ## @param logLevel - string - required + ## Set logging verbosity, valid log levels are: + ## trace, debug, info, warn, error, critical, and off + # + logLevel: INFO + + ## @param kubeStateMetricsEnabled - boolean - required + ## If true, deploys the kube-state-metrics deployment. + ## ref: https://github.com/kubernetes/charts/tree/master/stable/kube-state-metrics + # + kubeStateMetricsEnabled: true + + ## @param clusterChecks - object - required + ## Enable the Cluster Checks feature on both the cluster-agents and the daemonset + ## ref: https://docs.datadoghq.com/agent/autodiscovery/clusterchecks/ + ## Autodiscovery via Kube Service annotations is automatically enabled + # + clusterChecks: + enabled: false + + ## @param nodeLabelsAsTags - list of key:value strings - optional + ## Provide a mapping of Kubernetes Node Labels to Datadog Tags. + # + nodeLabelsAsTags: {} + # beta.kubernetes.io/instance-type: aws-instance-type + # kubernetes.io/role: kube_role + # : + + ## @param podLabelsAsTags - list of key:value strings - optional + ## Provide a mapping of Kubernetes Labels to Datadog Tags. + # + podLabelsAsTags: {} + # app: kube_app + # release: helm_release + # : + + ## @param podAnnotationsAsTags - list of key:value strings - optional + ## Provide a mapping of Kubernetes Annotations to Datadog Tags + # + podAnnotationsAsTags: {} + # iam.amazonaws.com/role: kube_iamrole + # : + + ## @param tags - list of key:value elements - optional + ## List of tags to attach to every metric, event and service check collected by this Agent. + ## + ## Learn more about tagging: https://docs.datadoghq.com/tagging/ + # + tags: [] + # - ":" + # - ":" + + ## @param dogstatsd - object - required + ## dogstatsd configuration + ## ref: https://docs.datadoghq.com/agent/kubernetes/dogstatsd/ + ## To emit custom metrics from your Kubernetes application, use DogStatsD. + # + dogstatsd: + ## @param port - integer - optional - default: 8125 + ## Override the Agent DogStatsD port. + ## Note: Make sure your client is sending to the same UDP port. + # + port: 8125 + + ## @param originDetection - boolean - optional + ## Enable origin detection for container tagging + ## https://docs.datadoghq.com/developers/dogstatsd/unix_socket/#using-origin-detection-for-container-tagging + # + originDetection: false + + ## @param useSocketVolume - boolean - optional + ## Enable dogstatsd over Unix Domain Socket + ## ref: https://docs.datadoghq.com/developers/dogstatsd/unix_socket/ + # + useSocketVolume: false + + ## @param socketPath - string - optional + ## Path to the DogStatsD socket + # + socketPath: /var/run/datadog/dsd.socket + + ## @param hostSocketPath - string - optional + ## host path to the DogStatsD socket + # + hostSocketPath: /var/run/datadog/ + + ## @param useHostPort - boolean - optional + ## Sets the hostPort to the same value of the container port. Needs to be used + ## for sending custom metrics. + ## The ports need to be available on all hosts. + ## + ## WARNING: Make sure that hosts using this are properly firewalled otherwise + ## metrics and traces are accepted from any host able to connect to this host. + # + useHostPort: false + + ## @param useHostPID - boolean - optional + ## Run the agent in the host's PID namespace. This is required for Dogstatsd origin + ## detection to work. See https://docs.datadoghq.com/developers/dogstatsd/unix_socket/ + # + useHostPID: false + + ## @param nonLocalTraffic - boolean - optional - default: false + ## Enable this to make each node accept non-local statsd traffic. + ## ref: https://github.com/DataDog/docker-dd-agent#environment-variables + # + nonLocalTraffic: false + + ## @param collectEvents - boolean - optional - default: false + ## Enables this to start event collection from the kubernetes API + ## ref: https://docs.datadoghq.com/agent/kubernetes/event_collection/ + # + collectEvents: false + + ## @param leaderElection - boolean - optional - default: false + ## Enables leader election mechanism for event collection. + # + leaderElection: false + + ## @param leaderLeaseDuration - integer - optional - default: 60 + ## Set the lease time for leader election in second. + # + leaderLeaseDuration: # 60 + + ## @param logs - object - required + ## Enable logs agent and provide custom configs + # + logs: + ## @param enabled - boolean - optional - default: false + ## Enables this to activate Datadog Agent log collection. + ## ref: https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/#log-collection-setup + # + enabled: false + + ## @param containerCollectAll - boolean - optional - default: false + ## Enable this to allow log collection for all containers. + ## ref: https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/#log-collection-setup + # + containerCollectAll: false + + ## @param containerUseFiles - boolean - optional - default: true + ## Collect logs from files in /var/log/pods instead of using container runtime API. + ## It's usually the most efficient way of collecting logs. + ## ref: https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/#log-collection-setup + # + containerCollectUsingFiles: true + + ## @param apm - object - required + ## Enable apm agent and provide custom configs + # + apm: + ## @param enabled - boolean - optional - default: false + ## Enable this to enable APM and tracing, on port 8126 + ## ref: https://github.com/DataDog/docker-dd-agent#tracing-from-the-host + # + enabled: false + + ## @param port - integer - optional - default: 8126 + ## Override the trace Agent port. + ## Note: Make sure your client is sending to the same UDP port. + # + port: 8126 + + ## @param useSocketVolume - boolean - optional + ## Enable APM over Unix Domain Socket + ## ref: https://docs.datadoghq.com/agent/kubernetes/apm/ + # + useSocketVolume: false + + ## @param socketPath - string - optional + ## Path to the trace-agent socket + # + socketPath: /var/run/datadog/apm.socket + + ## @param hostSocketPath - string - optional + ## host path to the trace-agent socket + # + hostSocketPath: /var/run/datadog/ + + ## @param env - list of object - optional + ## The dd-agent supports many environment variables + ## ref: https://docs.datadoghq.com/agent/docker/?tab=standard#environment-variables + # + env: [] + # - name: + # value: + + ## @param confd - list of objects - optional + ## Provide additional check configurations (static and Autodiscovery) + ## Each key becomes a file in /conf.d + ## ref: https://github.com/DataDog/datadog-agent/tree/master/Dockerfiles/agent#optional-volumes + ## ref: https://docs.datadoghq.com/agent/autodiscovery/ + # + confd: {} + # redisdb.yaml: |- + # init_config: + # instances: + # - host: "name" + # port: "6379" + # kubernetes_state.yaml: |- + # ad_identifiers: + # - kube-state-metrics + # init_config: + # instances: + # - kube_state_url: http://%%host%%:8080/metrics + + ## @param checksd - list of key:value strings - optional + ## Provide additional custom checks as python code + ## Each key becomes a file in /checks.d + ## ref: https://github.com/DataDog/datadog-agent/tree/master/Dockerfiles/agent#optional-volumes + # + checksd: {} + # service.py: |- + + ## @param dockerSocketPath - string - optional + ## Path to the docker socket + # + dockerSocketPath: # /var/run/docker.sock + + ## @param criSocketPath - string - optional + ## Path to the container runtime socket (if different from Docker) + ## This is supported starting from agent 6.6.0 + # + criSocketPath: # /var/run/containerd/containerd.sock + + ## @param processAgent - object - required + ## Enable process agent and provide custom configs + # + processAgent: + ## @param enabled - boolean - required + ## Set this to true to enable live process monitoring agent + ## Note: /etc/passwd is automatically mounted to allow username resolution. + ## ref: https://docs.datadoghq.com/graphing/infrastructure/process/#kubernetes-daemonset + # + enabled: true + + ## @param processCollection - boolean - required + ## Set this to true to enable process collection in process monitoring agent + ## Requires processAgent.enabled to be set to true to have any effect + # + processCollection: false + + ## @param systemProbe - object - required + ## Enable systemProbe agent and provide custom configs + # + systemProbe: + ## @param enabled - boolean - required + ## Set this to true to enable system-probe agent + # + enabled: false + + ## @param debugPort - integer - required + ## Specify the port to expose pprof and expvar for system-probe agent + # + debugPort: 0 + + ## @param enableConntrack - boolean - required + ## Enable the system-probe agent to connect to the netlink/conntrack subsystem to add NAT information to connection data + ## Ref: http://conntrack-tools.netfilter.org/ + # + enableConntrack: true + + ## @param seccomp - string - required + ## Apply an ad-hoc seccomp profile to the system-probe agent to restrict its privileges + ## Note that this will break `kubectl exec … -c system-probe -- /bin/bash` + # + seccomp: localhost/system-probe + + ## @param seccompRoot - string - required + ## Specify the seccomp profile root directory + # + seccompRoot: /var/lib/kubelet/seccomp + + ## @param bpfDebug - boolean - required + ## Enable logging for kernel debug + # + bpfDebug: false + + ## @param apparmor profile - string - required + ## specify a apparmor profile for system-probe + # + apparmor: unconfined + + ## @param enableTCPQueueLength - boolean - optional + ## Enable the TCP queue length eBPF-based check + # + enableTCPQueueLength: false + + ## @param enableOOMKill - boolean - optional + ## Enable the OOM kill eBPF-based check + # + enableOOMKill: false + + ## @param collectDNSStats - boolean - optional + ## Enable DNS stat collection + # + collectDNSStats: false + + orchestratorExplorer: + ## @param enabled - boolean - required + ## Set this to true to enable the orchestrator explorer. + ## This requires processAgent.enabled and clusterAgent.enabled to be set to true + ## ref: TODO - add doc link + # + enabled: false + +## @param clusterAgent - object - required +## This is the Datadog Cluster Agent implementation that handles cluster-wide +## metrics more cleanly, separates concerns for better rbac, and implements +## the external metrics API so you can autoscale HPAs based on datadog metrics +## ref: https://docs.datadoghq.com/agent/kubernetes/cluster/ +# +clusterAgent: + ## @param enabled - boolean - required + ## Set this to true to enable Datadog Cluster Agent + # + enabled: false + + ## @param image - object - required + ## Define the Datadog Cluster-Agent image to work with. + # + image: + ## @param repository - string - required + ## Define the repository to use: + # + repository: datadog/cluster-agent + + ## @param tag - string - required + ## Define the Cluster-Agent version to use. + # + tag: 1.7.0 + + ## @param pullPolicy - string - required + ## The Kubernetes pull policy. + # + pullPolicy: IfNotPresent + + ## @param pullSecrets - list of key:value strings - optional + ## It is possible to specify docker registry credentials + ## See https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod + # + pullSecrets: [] + # - name: "" + + ## @param command - array - optional + ## Command to run in the Cluster Agent container + # + command: [] + + ## @param token - string - required + ## This needs to be at least 32 characters a-zA-z + ## It is a preshared key between the node agents and the cluster agent + ## ref: + # + token: "" + + ## @param replicas - integer - required + ## Specify the of cluster agent replicas, if > 1 it allow the cluster agent to + ## work in HA mode. + # + replicas: 1 + + ## @param rbac - object - required + ## Provide Cluster Agent Deployment pod(s) RBAC configuration + rbac: + ## @param created - boolean - required + ## If true, create & use RBAC resources + # + create: true + + ## @param serviceAccountName - string - required + ## Ignored if clusterAgentrbac.create is true + # + serviceAccountName: default + + ## @param metricsProvider - object - required + ## Enable the metricsProvider to be able to scale based on metrics in Datadog + # + metricsProvider: + ## @param enabled - boolean - required - default: false + ## Set this to true to enable Metrics Provider + # + enabled: false + + ## @param wpaController - boolean - optional + ## Enable informer and controller of the watermark pod autoscaler + ## NOTE: You need to install the `WatermarkPodAutoscaler` CRD before + # + wpaController: false + + ## @param useDatadogMetrics - boolean - optional + ## Enable usage of DatadogMetric CRD to autoscale on arbitrary Datadog queries + ## NOTE: You need to install the `DatadogMetric` CRD before + # + useDatadogMetrics: false + + ## @param createReaderRbac - boolean - optional + ## Create `external-metrics-reader` RBAC automatically (to allow HPA to read data from Cluster Agent) + # + createReaderRbac: true + + ## Configuration for the service for the cluster-agent metrics server + # + service: + ## @param type - string - optional + ## + # + type: ClusterIP + ## @param port - int - optional + ## + port: 8443 + + ## @param env - list of object - optional + ## The Cluster-Agent supports many additional environment variables that can + ## be passed literally. + ## ref: https://docs.datadoghq.com/agent/cluster_agent/commands/#cluster-agent-options + # + env: [] + + ## @param admissionController - object - required + ## Enable the admissionController to be able to inject APM/Dogstatsd config + ## and standard tags (env, service, version) automatically into your pods + # + admissionController: + enabled: false + + ## @param mutateUnlabelled - boolean - optional + ## Enable injecting config without having the pod label 'admission.datadoghq.com/enabled="true"' + # + mutateUnlabelled: false + + ## @param confd - list of objects - optional + ## Provide additional cluster check configurations + ## Each key will become a file in /conf.d + ## ref: https://docs.datadoghq.com/agent/autodiscovery/ + # + confd: {} + # mysql.yaml: |- + # cluster_check: true + # instances: + # - server: '' + # port: 3306 + # user: datadog + # pass: '' + + ## @param resources - object -required + ## Datadog cluster-agent resource requests and limits. + # + resources: {} + # requests: + # cpu: 200m + # memory: 256Mi + # limits: + # cpu: 200m + # memory: 256Mi + + ## @param priorityclassName - string - optional + ## Name of the priorityClass to apply to the Cluster Agent + # + priorityClassName: # system-cluster-critical + + ## @param nodeSelector - object - optional + ## Allow the Cluster Agent Deployment to schedule on selected nodes + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector + ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ + # + nodeSelector: {} + + ## @param affinity - object - optional + ## Allow the Cluster Agent Deployment to schedule using affinity rules + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + # + affinity: {} + + ## @param healthPort - integer - optional - default: 5555 + ## Port number use the cluster-agent to server healthz endpoint + healthPort: 5555 + + ## @param livenessProbe - object - required + ## Override the agent's liveness probe logic from the default: + ## In case of issues with the probe, you can disable it with the + ## following values, to allow easier investigating: + # + livenessProbe: + httpGet: + port: 5555 + path: /live + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + + ## @param readinessProbe - object - required + ## Override the cluster-agent's readiness probe logic from the default: + # + readinessProbe: + httpGet: + port: 5555 + path: /ready + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + + ## @param strategy - string - required + ## Allow the Cluster Agent deployment to perform a rolling update on helm update + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy + # + strategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + + ## @param podAnnotations - list of key:value strings - optional + ## Annotations to add to the cluster-agents's pod(s) + # + podAnnotations: {} + # key: "value" + + ## @param useHostNetwork - boolean - optional + ## Bind ports on the hostNetwork. Useful for CNI networking where hostPort might + ## not be supported. The ports need to be available on all hosts. It can be + ## used for custom metrics instead of a service endpoint. + ## + ## WARNING: Make sure that hosts using this are properly firewalled otherwise + ## metrics and traces are accepted from any host able to connect to this host. + # + useHostNetwork: # true + + ## @param dnsConfig - list of objects - optional + ## specify dns configuration options for datadog cluster agent containers e.g ndots + ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config + dnsConfig: {} + # options: + # - name: ndots + # value: "1" + + ## @param volumes - list of objects - optional + ## Specify additional volumes to mount in the cluster-agent container + # + volumes: [] + # - hostPath: + # path: + # name: + + ## @param volumeMounts - list of objects - optional + ## Specify additional volumes to mount in the cluster-agent container + # + volumeMounts: [] + # - name: + # mountPath: + # readOnly: true + + ## @param datadog-cluster.yaml - object - optional + ## Specify custom contents for the datadog cluster agent config (datadog-cluster.yaml). + # + datadog_cluster_yaml: {} + + ## @param createPodDisruptionBudget - boolean - optional + ## Specify the pod disruption budget to apply to the cluster agents + # + createPodDisruptionBudget: false + +agents: + ## @param enabled - boolean - required + ## You should keep Datadog DaemonSet enabled! + ## The exceptional case could be a situation when you need to run + ## single Datadog pod per every namespace, but you do not need to + ## re-create a DaemonSet for every non-default namespace install. + ## Note: StatsD and DogStatsD work over UDP, so you may not + ## get guaranteed delivery of the metrics in Datadog-per-namespace setup! + # + enabled: true + + ## @param image - object - required + ## Define the Datadog image to work with. + # + image: + ## @param repository - string - required + ## Define the repository to use: + ## use "datadog/agent" for Datadog Agent 7 + ## use "datadog/dogstatsd" for Standalone Datadog Agent DogStatsD 7 + # + repository: datadog/agent + + ## @param tag - string - required + ## Define the Agent version to use. + ## Use 7-jmx to enable jmx fetch collection + # + tag: 7.21.1 + + ## @param doNotCheckTag - boolean - optional + ## By default, the version passed in agents.image.tag is checked + ## for compatibility with the version of the chart. + ## This boolean permits to completely skip this check. + ## This is useful, for example, for custom tags that are not + ## respecting semantic versioning + # + doNotCheckTag: # false + + ## @param pullPolicy - string - required + ## The Kubernetes pull policy. + # + pullPolicy: IfNotPresent + + ## @param pullSecrets - list of key:value strings - optional + ## It is possible to specify docker registry credentials + ## See https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod + # + pullSecrets: [] + # - name: "" + + ## @param rbac - object - required + ## Provide Daemonset RBAC configuration + rbac: + + ## @param created - boolean - required + ## If true, create & use RBAC resources + # + create: true + + ## @param serviceAccountName - string - required + ## Ignored if daemonset.rbac.create is true + # + serviceAccountName: default + + ## @param podSecurity - object - optional + ## Provide Daemonset PodSecurityPolicy configuration + podSecurity: + + ## @param podSecurityPolicy - object - required + ## Provide Daemonset PodSecurityPolicy configuration + podSecurityPolicy: + + ## @param created - boolean - optional + ## If true, create a PodSecurityPolicy resource for Agent pods + # + create: false + + ## @param securityContextConstraints - object - required + ## Provide Daemonset securityContextConstraints configuration + securityContextConstraints: + + ## @param created - boolean - optional + ## If true, create a SecurityContextConstraints resource for Agent pods + # + create: false + + ## @param securityContext - object - required + ## Provide securityContext configuration + # + securityContext: + rule: MustRunAs + seLinuxOptions: + user: system_u + role: system_r + type: spc_t + level: s0 + + ## @param privileged - boolean - optional + ## If true, Allow to run privileged containers + # + privileged: false + + ## @param capabilites - list - optional + ## Allowed capabilites + # + capabilites: + - SYS_ADMIN + - SYS_RESOURCE + - SYS_PTRACE + - NET_ADMIN + - NET_BROADCAST + - IPC_LOCK + + ## @param volumes - list - optional + ## Allowed volumes types + # + volumes: + - configMap + - downwardAPI + - emptyDir + - hostPath + - secret + + ## @param seccompProfiles - list - optional + ## Allowed seccomp profiles + # + seccompProfiles: + - "runtime/default" + - "localhost/system-probe" + + ## @param apparmorProfiles - list - optional + ## Allowed apparmor profiles + # + apparmorProfiles: + - "runtime/default" + + containers: + agent: + ## @param env - list - required + ## Additional environment variables for the agent container. + # + env: [] + + ## @param logLevel - string - optional + ## Set logging verbosity, valid log levels are: + ## trace, debug, info, warn, error, critical, and off. + ## If not set, fall back to the value of datadog.logLevel. + # + logLevel: # INFO + + ## @param resources - object - required + ## Resource requests and limits for the agent container. + # + resources: {} + # requests: + # cpu: 200m + # memory: 256Mi + # limits: + # cpu: 200m + # memory: 256Mi + + ## @param livenessProbe - object - required + ## Override the agent's liveness probe logic from the default: + ## In case of issues with the probe, you can disable it with the + ## following values, to allow easier investigating: + # + livenessProbe: + httpGet: + path: /live + port: 5555 + initialDelaySeconds: 15 + periodSeconds: 15 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + + ## @param readinessProbe - object - required + ## Override the agent's readiness probe logic from the default: + ## In case of issues with the probe, you can disable it with the + ## following values, to allow easier investigating: + # + readinessProbe: + httpGet: + path: /ready + port: 5555 + initialDelaySeconds: 15 + periodSeconds: 15 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + + processAgent: + ## @param env - list - required + ## Additional environment variables for the process-agent container. + # + env: [] + + ## @param logLevel - string - optional + ## Set logging verbosity, valid log levels are: + ## trace, debug, info, warn, error, critical, and off. + ## If not set, fall back to the value of datadog.logLevel. + # + logLevel: # INFO + + ## @param resources - object - required + ## Resource requests and limits for the process-agent container. + # + resources: {} + # requests: + # cpu: 100m + # memory: 200Mi + # limits: + # cpu: 100m + # memory: 200Mi + + traceAgent: + ## @param env - list - required + ## Additional environment variables for the trace-agent container. + # + env: + + ## @param logLevel - string - optional + ## Set logging verbosity, valid log levels are: + ## trace, debug, info, warn, error, critical, and off. + ## If not set, fall back to the value of datadog.logLevel. + # + logLevel: # INFO + + ## @param resources - object - required + ## Resource requests and limits for the trace-agent container. + # + resources: {} + # requests: + # cpu: 100m + # memory: 200Mi + # limits: + # cpu: 100m + # memory: 200Mi + + ## @param livenessProbe - object - optional + ## Override the trace agent's liveness probe logic from the default: + ## In case of issues with the probe, you can disable it with the + ## following values, to allow easier investigating: + # + livenessProbe: + tcpSocket: + port: 8126 + initialDelaySeconds: 15 + periodSeconds: 15 + timeoutSeconds: 5 + + systemProbe: + ## @param env - list - required + ## Additional environment variables for the system-probe container. + # + env: [] + + ## @param logLevel - string - optional + ## Set logging verbosity, valid log levels are: + ## trace, debug, info, warn, error, critical, and off. + ## If not set, fall back to the value of datadog.logLevel. + # + logLevel: # INFO + + ## @param resources - object - required + ## Resource requests and limits for the system-probe container. + # + resources: {} + # requests: + # cpu: 100m + # memory: 200Mi + # limits: + # cpu: 100m + # memory: 200Mi + + initContainers: + ## @param resources - object - required + ## Resource requests and limits for the init containers. + # + resources: {} + # requests: + # cpu: 100m + # memory: 200Mi + # limits: + # cpu: 100m + # memory: 200Mi + + ## @param volumes - list of objects - optional + ## Specify additional volumes to mount in the dd-agent container + # + volumes: [] + # - hostPath: + # path: + # name: + + ## @param volumeMounts - list of objects - optional + ## Specify additional volumes to mount in the dd-agent container + # + volumeMounts: [] + # - name: + # mountPath: + # readOnly: true + + ## @param useHostNetwork - boolean - optional + ## Bind ports on the hostNetwork. Useful for CNI networking where hostPort might + ## not be supported. The ports need to be available on all hosts. It Can be + ## used for custom metrics instead of a service endpoint. + ## + ## WARNING: Make sure that hosts using this are properly firewalled otherwise + ## metrics and traces are accepted from any host able to connect to this host. + # + useHostNetwork: false + + ## @param dnsConfig - list of objects - optional + ## specify dns configuration options for datadog cluster agent containers e.g ndots + ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config + dnsConfig: {} + # options: + # - name: ndots + # value: "1" + + ## @param podAnnotations - list of key:value strings - optional + ## Annotations to add to the DaemonSet's Pods + # + podAnnotations: {} + # : '[{"key": "", "value": ""}]' + + ## @param tolerations - array - optional + ## Allow the DaemonSet to schedule on tainted nodes (requires Kubernetes >= 1.6) + # + tolerations: [] + + ## @param nodeSelector - object - optional + ## Allow the DaemonSet to schedule on selected nodes + ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ + # + nodeSelector: {} + + ## @param affinity - object - optional + ## Allow the DaemonSet to schedule using affinity rules + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + # + affinity: {} + + ## @param updateStrategy - string - optional + ## Allow the DaemonSet to perform a rolling update on helm update + ## ref: https://kubernetes.io/docs/tasks/manage-daemon/update-daemon-set/ + # + updateStrategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: "10%" + + ## @param priorityClassName - string - optional + ## Sets PriorityClassName if defined. + # + priorityClassName: + + ## @param podLabels - object - optional + ## Sets podLabels if defined. + # + podLabels: {} + + ## @param useConfigMap - boolean - optional + ## Configures a configmap to provide the agent configuration + ## Use this in combination with the `agent.customAgentConfig` parameter. + # + useConfigMap: # false + + ## @param customAgentConfig - object - optional + ## Specify custom contents for the datadog agent config (datadog.yaml). + ## ref: https://docs.datadoghq.com/agent/guide/agent-configuration-files/?tab=agentv6 + ## ref: https://github.com/DataDog/datadog-agent/blob/master/pkg/config/config_template.yaml + ## Note the `agents.useConfigMap` needs to be set to `true` for this parameter to be taken into account. + # + customAgentConfig: {} + # # Autodiscovery for Kubernetes + # listeners: + # - name: kubelet + # config_providers: + # - name: kubelet + # polling: true + # # needed to support legacy docker label config templates + # - name: docker + # polling: true + # + # # Enable APM by setting the DD_APM_ENABLED envvar to true, or override this configuration + # apm_config: + # enabled: false + # apm_non_local_traffic: true + # + # # Enable java cgroup handling. Only one of those options should be enabled, + # # depending on the agent version you are using along that chart. + # + # # agent version < 6.15 + # # jmx_use_cgroup_memory_limit: true + # + # # agent version >= 6.15 + # # jmx_use_container_support: true + +clusterChecksRunner: + ## @param enabled - boolean - required + ## If true, deploys agent dedicated for running the Cluster Checks instead of running in the Daemonset's agents. + ## ref: https://docs.datadoghq.com/agent/autodiscovery/clusterchecks/ + # + enabled: false + + ## @param image - object - required + ## Define the Datadog image to work with. + # + image: + + ## @param repository - string - required + ## Define the repository to use: + ## use "datadog/agent" for Datadog Agent 7 + ## use "datadog/dogstatsd" for Standalone Datadog Agent DogStatsD 7 + # + repository: datadog/agent + + ## @param tag - string - required + ## Define the Agent version to use. + ## Use 7-jmx to enable jmx fetch collection + # + tag: 7.21.1 + + ## @param pullPolicy - string - required + ## The Kubernetes pull policy. + # + pullPolicy: IfNotPresent + + ## @param pullSecrets - list of key:value strings - optional + ## It is possible to specify docker registry credentials + ## See https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod + # + pullSecrets: [] + # - name: "" + + ## @param createPodDisruptionBudget - boolean - optional + ## Specify the pod disruption budget to apply to the cluster checks agents + # + createPodDisruptionBudget: false + + ## @param rbac - object - required + ## Provide Cluster Checks Deployment pods RBAC configuration + rbac: + ## @param created - boolean - required + ## If true, create & use RBAC resources + # + create: true + + ## @param dedicated - boolean - required + ## If true, use a dedicated RBAC resource for the cluster checks agent(s) + # + dedicated: false + + ## @param serviceAccountAnnotations - object - required + ## Annotations to add to the ServiceAccount if clusterChecksRunner.rbac.dedicated is true + # + serviceAccountAnnotations: {} + + ## @param serviceAccountName - string - required + ## Ignored if clusterChecksRunner.rbac.create is true + # + serviceAccountName: default + + ## @param replicas - integer - required + ## If you want to deploy the clusterChecks agent in HA, keep at least clusterChecksRunner.replicas set to 2. + ## And increase the clusterChecksRunner.replicas according to the number of Cluster Checks. + # + replicas: 2 + + ## @param resources - object -required + ## Datadog clusterchecks-agent resource requests and limits. + # + resources: {} + # requests: + # cpu: 200m + # memory: 500Mi + # limits: + # cpu: 200m + # memory: 500Mi + + ## @param affinity - object - optional + ## Allow the ClusterChecks Deployment to schedule using affinity rules. + ## By default, ClusterChecks Deployment Pods are forced to run on different Nodes. + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + # + affinity: {} + + ## @param strategy - string - optional + ## Allow the ClusterChecks deployment to perform a rolling update on helm update + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy + # + strategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + + ## @param dnsConfig - list of objects - optional + ## specify dns configuration options for datadog cluster agent containers e.g ndots + ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config + dnsConfig: {} + # options: + # - name: ndots + # value: "1" + + ## @param nodeSelector - object - optional + ## Allow the ClusterChecks Deployment to schedule on selected nodes + ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ + # + nodeSelector: {} + + ## @param tolerations - array - required + ## Tolerations for pod assignment + ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + # + tolerations: [] + + ## @param livenessProbe - object - required + ## In case of issues with the probe, you can disable it with the + ## following values, to allow easier investigating: + # + # livenessProbe: + # exec: + # command: ["/bin/true"] + # + livenessProbe: + httpGet: + path: /live + port: 5555 + initialDelaySeconds: 15 + periodSeconds: 15 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + + ## @param readinessProbe - object - required + ## In case of issues with the probe, you can disable it with the + ## following values, to allow easier investigating: + # + # readinessProbe: + # exec: + # command: ["/bin/true"] + # + readinessProbe: + httpGet: + path: /ready + port: 5555 + initialDelaySeconds: 15 + periodSeconds: 15 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + + ## @param env - list of object - optional + ## The dd-agent supports many environment variables + ## ref: https://github.com/DataDog/datadog-agent/tree/master/Dockerfiles/agent#environment-variables + # + env: [] + # - name: + # value: + + ## @param volumes - list of objects - optional + ## Specify additional volumes to mount in the cluster checks container + # + volumes: [] + # - hostPath: + # path: + # name: + + ## @param volumeMounts - list of objects - optional + ## Specify additional volumes to mount in the cluster checks container + # + volumeMounts: [] + # - name: + # mountPath: + # readOnly: true + +kube-state-metrics: + rbac: + ## @param created - boolean - required + ## If true, create & use RBAC resources + # + create: true + + serviceAccount: + ## @param created - boolean - required + ## If true, create ServiceAccount, require rbac kube-state-metrics.rbac.create true + # + create: true + ## @param name - string - required + ## The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the fullname template + # + name: + + ## @param resources - object - optional + ## Resource requests and limits for the kube-state-metrics container. + # + resources: {} + # requests: + # cpu: 200m + # memory: 256Mi + # limits: + # cpu: 200m + # memory: 256Mi diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/.helmignore b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/.helmignore new file mode 100644 index 000000000..50af03172 --- /dev/null +++ b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/Chart.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/Chart.yaml new file mode 100644 index 000000000..5cb97fa16 --- /dev/null +++ b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/Chart.yaml @@ -0,0 +1,20 @@ +annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/release-name: dynatrace-oneagent-operator +apiVersion: v2 +appVersion: 0.8.0 +description: The Dynatrace OneAgent Operator Helm chart for Kubernetes and Openshift +home: https://www.dynatrace.com/ +icon: https://assets.dynatrace.com/global/resources/Signet_Logo_RGB_CP_512x512px.png +maintainers: +- email: marco.mader@dynatrace.com + name: DTMad +- email: luis.garcia@dynatrace.com + name: lrgar +- email: michael.mayr@dynatrace.com + name: mmayr-at +name: dynatrace-oneagent-operator +sources: +- https://github.com/Dynatrace/helm-charts +type: application +version: 0.8.000 diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/README.md b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/README.md new file mode 100644 index 000000000..1f45987fb --- /dev/null +++ b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/README.md @@ -0,0 +1,86 @@ +# Welcome + +Dynatrace automatically discovers, baselines, and intelligently monitors Kubernetes clusters and workloads. Learn more about Dynatrace at [our website](https://www.dynatrace.com/platform/). + +# Dynatrace OneAgent Operator Helm Chart + +The Dynatrace OneAgent Operator Helm Chart which supports the rollout and lifecycle of [Dynatrace OneAgent](https://www.dynatrace.com/support/help/get-started/introduction/what-is-oneagent/) in Kubernetes and OpenShift clusters. + +This Helm Chart requires Helm 3. + +### Platforms +Depending of the version of the Dynatrace OneAgent Operator, it supports the following platforms: + +| Dynatrace OneAgent Operator Helm Chart version | Kubernetes | OpenShift Container Platform | +| ---------------------------------------------- | ---------- | ---------------------------- | +| v0.8.0 | 1.14+ | 3.11+ | +| v0.7.1 | 1.14+ | 3.11+ | +| v0.6.0 | 1.11+ | 3.11+ | +| v0.5.4 | 1.11+ | 3.11+ | + + +## Quick Start + +The Dynatrace OneAgent Operator acts on its separate namespace `dynatrace`. +It holds the operator deployment and all dependent objects like permissions, custom resources and +corresponding DaemonSets. +To install the Dynatrace OneAgent Operator via Helm run the following command: + +### Adding Dynatrace OneAgent Helm repository +``` +$ helm repo add dynatrace https://raw.githubusercontent.com/Dynatrace/helm-charts/master/repos/stable +``` + +### Prepare tokens + +Generate an API and a PaaS token in your Dynatrace environment. + +https://www.dynatrace.com/support/help/reference/dynatrace-concepts/why-do-i-need-an-environment-id/#create-user-generated-access-tokens + +To install the Dynatrace OneAgent Operator replace the APIUrl, the API token and the PaaS token in command and execute it + +#### Kubernetes +``` +$ kubectl create namespace dynatrace +$ helm install dynatrace-oneagent-operator dynatrace/dynatrace-oneagent-operator -n dynatrace --set platform="kubernetes",oneagent.apiUrl="https://ENVIRONMENTID.live.dynatrace.com/api",secret.apiToken="DYNATRACE_API_TOKEN",secret.paasToken="PLATFORM_AS_A_SERVICE_TOKEN" +``` + +#### OpenShift +``` +$ oc adm new-project --node-selector="" dynatrace +$ helm install dynatrace-oneagent-operator dynatrace/dynatrace-oneagent-operator -n dynatrace --set platform="openshift",oneagent.apiUrl="https://ENVIRONMENTID.live.dynatrace.com/api",secret.apiToken="DYNATRACE_API_TOKEN",secret.paasToken="PLATFORM_AS_A_SERVICE_TOKEN" +``` + +This will automatically install the Dynatrace OneAgent Operator and create OneAgents for every of your nodes. + +## Update procedure + +To update simply update your helm repositories and check the latest version + +``` +$ helm repo update +``` + +You can then check for the latest version by searching your Helm repositories for the Dynatrace OneAgent Operator + +``` +$ helm search repo dynatrace-oneagent-operator +``` + +To then update to the latest version run this command and do not forget to add the `reuse-values` flag to keep your configuration + +``` +$ helm upgrade dynatrace-oneagent-operator dynatrace/dynatrace-oneagent-operator -n dynatrace --reuse-values +``` + +## Uninstall dynatrace-oneagent-operator +Remove OneAgent custom resources and clean-up all remaining OneAgent Operator specific objects: + + +```sh +$ helm uninstall dynatrace-oneagent-operator -n dynatrace +``` + +## License + +Dynatrace OneAgent Operator Helm Chart is under Apache 2.0 license. See [LICENSE](../LICENSE) for details. diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/app-readme.md b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/app-readme.md new file mode 100644 index 000000000..9376a87ed --- /dev/null +++ b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/app-readme.md @@ -0,0 +1,6 @@ +# Dynatrace OneAgent Operator + +This is the home of the Dynatrace OneAgent Operator's Helm Chart which supports the rollout and lifecycle of [Dynatrace OneAgent](https://www.dynatrace.com/support/help/get-started/introduction/what-is-oneagent/) in Kubernetes and OpenShift clusters. +Rolling out Dynatrace OneAgent via DaemonSet on a cluster is straightforward. +Maintaining its lifecycle places a burden on the operational team. +Dynatrace OneAgent Operator closes this gap by automating the repetitive steps involved in keeping Dynatrace OneAgent at its latest desired version. diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/crds/dynatrace.com_oneagentapms_crd.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/crds/dynatrace.com_oneagentapms_crd.yaml new file mode 100644 index 000000000..a3fefe9ef --- /dev/null +++ b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/crds/dynatrace.com_oneagentapms_crd.yaml @@ -0,0 +1,145 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: oneagentapms.dynatrace.com +spec: + additionalPrinterColumns: + - JSONPath: .spec.apiUrl + name: ApiUrl + type: string + - JSONPath: .spec.tokens + name: Tokens + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: dynatrace.com + names: + categories: + - dynatrace + kind: OneAgentAPM + listKind: OneAgentAPMList + plural: oneagentapms + singular: oneagentapm + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: OneAgentAPM configures the Dynatrace OneAgent for application monitoring + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: OneAgentAPMSpec defines the desired state of OneAgentAPM + properties: + apiUrl: + description: Location of the Dynatrace API to connect to, including + your specific environment ID + type: string + enableIstio: + description: If enabled, Istio on the cluster will be configured automatically + to allow access to the Dynatrace environment + type: boolean + networkZone: + description: 'Optional: Adds the OneAgent to the given NetworkZone' + type: string + proxy: + description: 'Optional: Set custom proxy settings either directly or + from a secret with the field ''proxy''' + properties: + value: + type: string + valueFrom: + type: string + type: object + skipCertCheck: + description: Disable certificate validation checks for installer download + and API communication + type: boolean + tokens: + description: Credentials for the OneAgent to connect back to Dynatrace. + type: string + trustedCAs: + description: 'Optional: Adds custom RootCAs from a configmap' + type: string + required: + - apiUrl + type: object + status: + description: OneAgentAPMStatus defines the observed state of OneAgentAPM + properties: + conditions: + description: Conditions includes status about the current state of the + instance + items: + description: "Condition represents an observation of an object's state. + Conditions are an extension mechanism intended to be used when the + details of an observation are not a priori known or would not apply + to all instances of a given Kind. \n Conditions should be added + to explicitly convey properties that users and components care about + rather than requiring those properties to be inferred from other + observations. Once defined, the meaning of a Condition can not be + changed arbitrarily - it becomes part of the API, and has the same + backwards- and forwards-compatibility concerns of any other part + of the API." + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + description: ConditionReason is intended to be a one-word, CamelCase + representation of the category of cause of the current status. + It is intended to be used in concise output, such as one-line + kubectl get output, and in summarizing occurrences of causes. + type: string + status: + type: string + type: + description: "ConditionType is the type of the condition and is + typically a CamelCased word or short phrase. \n Condition types + should indicate state in the \"abnormal-true\" polarity. For + example, if the condition indicates when a policy is invalid, + the \"is valid\" case is probably the norm, so the condition + should be called \"Invalid\"." + type: string + required: + - status + - type + type: object + type: array + lastAPITokenProbeTimestamp: + description: LastAPITokenProbeTimestamp tracks when the last request + for the API token validity was sent + format: date-time + type: string + lastPaaSTokenProbeTimestamp: + description: LastPaaSTokenProbeTimestamp tracks when the last request + for the PaaS token validity was sent + format: date-time + type: string + updatedTimestamp: + description: UpdatedTimestamp indicates when the instance was last updated + format: date-time + type: string + type: object + required: + - spec + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/crds/dynatrace.com_oneagents_crd.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/crds/dynatrace.com_oneagents_crd.yaml new file mode 100644 index 000000000..f2a47603d --- /dev/null +++ b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/crds/dynatrace.com_oneagents_crd.yaml @@ -0,0 +1,368 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: oneagents.dynatrace.com +spec: + additionalPrinterColumns: + - JSONPath: .spec.apiUrl + name: ApiUrl + type: string + - JSONPath: .spec.tokens + name: Tokens + type: string + - JSONPath: .status.version + name: Version + type: string + - JSONPath: .status.phase + name: Phase + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: dynatrace.com + names: + categories: + - dynatrace + kind: OneAgent + listKind: OneAgentList + plural: oneagents + singular: oneagent + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: OneAgent configures the Dynatrace OneAgent for full-stack monitoring + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: OneAgentSpec defines the desired state of OneAgent + properties: + apiUrl: + description: Location of the Dynatrace API to connect to, including + your specific environment ID + type: string + args: + description: 'Optional: Arguments to the OneAgent installer' + items: + type: string + type: array + disableAgentUpdate: + description: Disable automatic restarts of OneAgent pods in case a new + version is available + type: boolean + dnsPolicy: + description: 'Optional: Sets DNS Policy for the OneAgent pods' + type: string + enableIstio: + description: If enabled, Istio on the cluster will be configured automatically + to allow access to the Dynatrace environment + type: boolean + env: + description: 'Optional: List of environment variables to set for the + installer' + items: + description: EnvVar represents an environment variable present in + a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded using + the previous defined environment variables in the container + and any service environment variables. If a variable cannot + be resolved, the reference in the input string will be unchanged. + The $(VAR_NAME) syntax can be escaped with a double $$, ie: + $$(VAR_NAME). Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. Cannot + be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is written + in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only resources + limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, + requests.cpu, requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, optional + for env vars' + type: string + divisor: + description: Specifies the output format of the exposed + resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: 'Optional: the Dynatrace installer container image Defaults + to docker.io/dynatrace/oneagent:latest for Kubernetes and to registry.connect.redhat.com/dynatrace/oneagent + for OpenShift' + type: string + labels: + additionalProperties: + type: string + description: 'Optional: Adds additional labels for the OneAgent pods' + type: object + networkZone: + description: 'Optional: Adds the OneAgent to the given NetworkZone' + type: string + nodeSelector: + additionalProperties: + type: string + description: Node selector to control the selection of nodes (optional) + type: object + priorityClassName: + description: 'Optional: If specified, indicates the pod''s priority. + Name must be defined by creating a PriorityClass object with that + name. If not specified the setting will be removed from the DaemonSet.' + type: string + proxy: + description: 'Optional: Set custom proxy settings either directly or + from a secret with the field ''proxy''' + properties: + value: + type: string + valueFrom: + type: string + type: object + resources: + description: 'Optional: define resources requests and limits for single + pods' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute resources + required. If Requests is omitted for a container, it defaults + to Limits if that is explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + serviceAccountName: + description: 'Optional: set custom Service Account Name used with OneAgent + pods' + type: string + skipCertCheck: + description: Disable certificate validation checks for installer download + and API communication + type: boolean + tokens: + description: Credentials for the OneAgent to connect back to Dynatrace. + type: string + tolerations: + description: 'Optional: set tolerations for the OneAgent pods' + items: + description: The pod this Toleration is attached to tolerates any + taint that matches the triple using the matching + operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, operator + must be Exists; this combination means to match all values and + all keys. + type: string + operator: + description: Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. Exists + is equivalent to wildcard for value, so that a pod can tolerate + all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time the + toleration (which must be of effect NoExecute, otherwise this + field is ignored) tolerates the taint. By default, it is not + set, which means tolerate the taint forever (do not evict). + Zero and negative values will be treated as 0 (evict immediately) + by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise + just a regular string. + type: string + type: object + type: array + trustedCAs: + description: 'Optional: Adds custom RootCAs from a configmap' + type: string + waitReadySeconds: + description: 'Optional: Defines the time to wait until OneAgent pod + is ready after update - default 300 sec' + minimum: 0 + type: integer + required: + - apiUrl + type: object + status: + description: OneAgentStatus defines the observed state of OneAgent + properties: + conditions: + description: Conditions includes status about the current state of the + instance + items: + description: "Condition represents an observation of an object's state. + Conditions are an extension mechanism intended to be used when the + details of an observation are not a priori known or would not apply + to all instances of a given Kind. \n Conditions should be added + to explicitly convey properties that users and components care about + rather than requiring those properties to be inferred from other + observations. Once defined, the meaning of a Condition can not be + changed arbitrarily - it becomes part of the API, and has the same + backwards- and forwards-compatibility concerns of any other part + of the API." + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + description: ConditionReason is intended to be a one-word, CamelCase + representation of the category of cause of the current status. + It is intended to be used in concise output, such as one-line + kubectl get output, and in summarizing occurrences of causes. + type: string + status: + type: string + type: + description: "ConditionType is the type of the condition and is + typically a CamelCased word or short phrase. \n Condition types + should indicate state in the \"abnormal-true\" polarity. For + example, if the condition indicates when a policy is invalid, + the \"is valid\" case is probably the norm, so the condition + should be called \"Invalid\"." + type: string + required: + - status + - type + type: object + type: array + instances: + additionalProperties: + properties: + ipAddress: + type: string + podName: + type: string + version: + type: string + type: object + type: object + lastAPITokenProbeTimestamp: + description: LastAPITokenProbeTimestamp tracks when the last request + for the API token validity was sent + format: date-time + type: string + lastPaaSTokenProbeTimestamp: + description: LastPaaSTokenProbeTimestamp tracks when the last request + for the PaaS token validity was sent + format: date-time + type: string + phase: + description: Defines the current state (Running, Updating, Error, ...) + type: string + updatedTimestamp: + description: UpdatedTimestamp indicates when the instance was last updated + format: date-time + type: string + version: + description: Dynatrace version being used. + type: string + type: object + required: + - spec + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/logo.png b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/logo.png new file mode 100644 index 0000000000000000000000000000000000000000..6714eb8a59509d9513133b43b2de290f73be9c18 GIT binary patch literal 9908 zcmYj%c|27A_y22#u?!l?E=H*kp(IM0@s_kAN~kOqDnhHhJ7sHEy(=UQZ6sT~C83!{ zsqAU7r7>k+r)-1k-tX(`^Lspgf8@^0z305nd7kBUU(eG;M|(RtsyY<_Ah%`nMkfHs z@FN*WNx;ik=$C1Dkq+MMb`k)Y1;jrRxO-0({-}1!*7cNgkngDw?-M@2`cTjTAMGv2 zy#0Kfe7p~Z9slUF9)M-mTQ*wn3T+*1-+yIalQ&&hT8duR+q=)!<+Ju3i@@m3F{vjs z$DXdN@;)bV`m#%;^FqZ2g&qDl!7q(F9R#1M=tJmAHp5=__ujmogst%Pp^KO4e(*uuGQNdfaJ6RFPqenFM$+onoTezZ9RIp1K^;W{2e6tv5qD^H|haSJlChGx{0Ac;) zH4)of{SrA1T;C)r9?j^gIfYbxD=5uSdu6F8vB#Q4W{OoX7LFq=n@wV{0A9z^f44%> zFNUI?2)kJa4Y{rVMJ-Fm^I7vLV6hY)>mg#BsBdo`*Yu^mxSwMOo$jw-L^f!dsc-Br zIL{)3t~kUJd8LOQVOsa**}R+_R1~9v!G+l6sn3@;osSzZ-ZjV=zAb)PaVL<+ye7PY zC%EMrj_~vKd`w9;wdN^B5yUXAM+G1CKApcrPf`!ORmHp+NZT~;l<&NIE{?!!xqx$z zVdcL>`_hR9_S)VFB*6Ls8SvEGt}OcGNh z_I+fUyWJXjk@gV4n~keO)zkm|8hTQP!dg{>R-Bnxd`{FJe+4WmVV}k6$2W&Aq>|@WsT0zav!+dzU=X#@U$VHD z2N9Un#;8hRx%t6o0TSHBTwe)J+Z6ff-s)i^(ZD7xY-a!MuTF$(74eA0AJ2qwjfJaF zgB9R^2K$K&00dOLf{__u3@B-80=@#q5+-aw6AQ?e&$~H!H{IaRn1Ih;i*PP zWbF4YkbZ*LIun(y^p zfM?$T3a70~OH27jJK7#J< z{|1pc8SXYuH2unf0ux7su?%&!Z%N^r!bReAc)1u-+-}|FMw}0CzvVIB>-eGX@m3y?%vxaTt zQ@c;Nr)tMJ!dH_^Md)+KXkpNwvxbii#dpCv5LSVFGq>B5!l8MQsU>mwc=Tusi%sBL64HB)rOC!iPF+Y0 zdvcX2fVrcMYCK`M#4dSGtSf~m7{KyMQx+iZqJ-=mqMF;YziOi@qZvU`_{XDz>a6wX z-l@;FM7`CHyK>%mh}y2?B;6qgBO=QLaR_1_7)(E&F=v>=Th|crfL(-LMN;@EkE3`n z^=IIA;(NhphV&k7U8SKHl*Wn9lEI_N=6B0>^{+-n>%Yseq(Eo$@;%Nv(?3bf|{on9t>N1Fhpz1y+GV}orH&H5I zj_T$LL+#2X(n2ixu+=OX{Qr6`d)D>nlGaoZA>e;ncJ6HjBVedheZX7~edu`DoU7+B z*URf0s5xR6a_5TK;lNy#E=E;ikzLdwiu?|e>Pr|INv9&^4K@Dqm@yTfzWj4J>zr^h zj_fp#=mZ|o!uLd`$Ya~xX1~p;sXw)SE5W#}m>M{5UY^*FX zD|y-L1zyHz(H8AKVSO~RvO6eW1$*J0mtbdf@6{@&hp+tAX8)q)77cqvfCSq&&HKv4HvUuI_B*lKb`qU3)^-h9+9G1KL6JAA%e8a z9m?OJM&!^6zxGdG$34D!9xQ&rV01SfrcI?UR;)a^jE4IN90HcZ9Ahg~gcZvVO=wMi zWCUBv(KGb0vr|Y<4*JyWpEpVM!=Bk+I&UsQlW$FAas*6UIu&k+^flL1eP!2bD zbM$lEi`PHOe*Z>)zb$WgJw1{4ea0^@2U#95(p@om_H5TxPlJidh>kb>(9z5EsaKzT z$)*e1{4^yl+la=OuUT^03LSdey51j_kXoM;w~@+(=zf%nn!L&>IOs)-oBEnVcNi}0 z$U&x?uk4BYu(hJ&)uoAfUEWCr^7h`T*TQ_aiOlzSfKAi;tQ;E=3m$S_BBN0x`R zM91T}Ja(&p0W_%3{)B|r77-13``S5Q#VWyr-@116bqGZY+1gZf#`D(RKvI4y9{q6Q z&ASt`Cx@R1LaOnW;w$9shNy~ZTfVa|sds3I-zyxUm&i;uYH(??WGMvhrkO9mm`n9H zY{z)(v~KY~W%TaZBUAaAxeP0~Y3>9C5tlKeZ!0@yo^@)LJG2ZA+D60h_AOr}mVb|N z?VYf8vYsOo3Iq;o8aFX@lvrplernC*{TQ!gQhrcyFA`6Fb$9B;O4e2$V_{lLoYj7v zcI|*(vPpjJ$i|qync%SR1`JU^c;ZL1?{K?dm=f9g!}-%^ocpGR6b+Y9A>h(fid*=^Lb>Fj^H*5?PxGeyo9Z_I0qPbIk;&6LXa zjB%!B>wD~G*yA^0nJx?9N02)0@FBF%$qnhK&f8FU`oEE~vstD<5+BSluEo!vV?965 zw{mT+%`k=q^hNGzTr$bR^V@vf9P42yqfgE2T3SZbDDv1Y-(CaKyup)W{3^Enwb9g= zlc?v+zle7he0N!JW7Zc`uA9cYC-FDmc5-%vsV0#{BNC(-#_c}-)bmhM@BT^TRqsxG zWcCwhWqbWRiuTM6Yu1el&h7U0^ZP}GY$tnCjF3LnFngPhT^;0i2}UyMX}4hLK2143 z-Zi7dx)C|#fVoZ7jzs;)EO=(l5#3ly09PejuGVmkl4d^3XuOYeChhR>fj=8y-8!32 z=(ExjFn;NH@Pskmalk65&eT#Ra7P5+xV~lx9k|`v{9(<=_m(MktS6^Xa7^xqn*z4$ zNHMt~cfW{k5o%s$6C4jXGykIR>8O(5yiUgbYiksTwLo+=)$QtDRDH*VQO4p+ga1;49gy+r=PPc znBGY({$~U~j$BNxmXJ?#_x_wIlaV_ZQFXeLEI%=Zw;JGO9iO_>X|WqF))+-PD!%sj z0?W<61hQam=l2Hnb=?+lVohQZJ=$z^JY)S=S+M=9J;kfZU#j8(Cn`iV5R26aBo}rS z?td@OZE%qz{c8j)>%d@$0YBL$zR(Z}uo5#dO00F-WoZyf?Rag2Hhp81>;`9KF?2K1 z{YFPwNMhFdf#C&#!#X0hrlOvEWRSUoB$bFp9WG>xNfx%mZ}^FB0B?_EYLJJLe|mq# zJHFsGHxdq+($*h7Ov>_;1GaLfZPKhpLKoyt^4-T7mWj1mQ5!|3*UW4{MQL#VrDq`X zORgyh`XLgvw`1M&4i(bs+pekDnF9S95IH)-R>6QHLzk+;3LeJy=AAW4neDCMu?tSg zk(lex7=k>sqp-z+#tjiz$i_^-JZcJzIlm|6G{Bd(UVo6b_{l2L z;s?NFe$)Nx0Do#406^)eJ^*Pz4{U$8+Xl$1P*_`f)yaBqTh*Wq;w9m65B5n&0qJ$_ zk3e(8-Gbyw@e4Kf6z;7BKBM=^neb!`js|k}k_`Z8*bWa}pTC)jgX24aBY>~Pp%=8;ceEIU^Q*9H?0^pjZy-3eWx3ds)ESd9j}0IyvuD6FS1C+a~3ktqOXmM6q0tme~lq$^!XiWYaJ%sB#;{?=M##blY@uW7K=$FJ@^-@ zsf7sr)eNq#0DI)-gD)QbU&sw+zTn@}!;QaR?DT3SlxP!5SToJCQb55FtPvw8mEBo1 zcZ&kxEh1AkDYLFEIv~5k2E@Y9)qpg>3|E$gOauG`z*iM80|0Y2b>UO6FQU$#1y)A7 zRy=~iBjh(f2H9%MSRXAy`d(Ur3r~QnBrsV!0krRuf$iFxFp$AZ#F(j6=6e&;_U+a3 zUJ?YXP%vp9DOd@BC9dE*4S1a}yuTDma64Z{DpOdkCv6t6)Kvfs+OiBEsS6Ll%cUmV zjhd$7Z&!&y8F!GYu^ep9gNrd2B}9F_S;1i$o~NMu zcXLebNx=+o>8Ki6^{zA6B{(1;f?!E<+T8q4_(v0N!!>ns6}IqoaDP?5g(+}cg0@xZ zFeB~ohswZQ{DAA8SjLrZSVvFrr#vS$3O9ajh1ARrV<|*6*#PLxdIc2s;X7r3EIfmM z;6K>O>a*lDF$khYKK{j`w2gxQX5SS+>_Qi#q@&(_@Z2%r3o;vh1hmKb60B7T*krl* z4D0v-S%Wa4vATp_>@$$m{0YxA1)2vh2_-MIehv5_*L;u66xl3vk7Fs^)9mi`guI2# z`fFHgi6+d%k^2ay35Ru<3J$Jmy zI&=&-dRET%3)|Tn`t;(h{UG_UNRnU{Z1C!YsM7=Mzb?(Qei+lR@5*|#VkdriDbi9c z#?Ug9n55e1m4zK~41f9s=2OKn7JrSx_EqR*MG*9*I~LMQ2^0O-F7Y^58ci&!^FP`)fDx>kk&+TyC@meVDSv09Cn1rW1#s7iP?xSEqUJJ9|9F0MaY7R8~3oIlrn|UqI_hO73vsLOKIq z4JkcH1n!;LwD*Gq56?`L*-*2F%j3&JUc$)`BrFHgp^GYobUz91Ea9W19X>cj6wmXs zCm~Ld^x^Cgv6Zp>`cH}Q1n=(-dAOu&IVrXqwFsu&Jcd!UVI4d58CoB_KwH2VSLi>T zwObUggCF+u3>V-J5-+_v#ZxrMDUz8=k4%7@)FeF0~m@cVhx*jkBD`k zNKTH~A~gEAJ>(~)V-YQMbn5dv^myYo+ff;Az++Fo5-6hKn>yLf;JE0Yxd^5|I`6IF zCGZ?o169Z2(Yp)M0@B7xx5nN)15)@pNGqj({e52^W5L5E+m&EgDKgxLROXI-fk#D> zzwVP?-ep`1OIU4$suYyUU}Y~ldKtTk99%PHY!OK6rCz)du-{UBYA8}Ae2#|P9of4a z($@-5G*~}PD7i@=7?Bh)Ie4KcVq87?t2HDA;;R(mCH{h>jP1||nj^`r@%RIwq$#*) z`LDZ3at%4F&RrQFimcGUY>kz+*QM)vnoIqT#ZTPyIaR~wkN=pDu^u9X#UI4%A(h0v zeh*i{cHAXN(iFL_ozWm00%`*N7=#Om70P9V@^N#{0$Sx#us%9Yy9v zVD)KkUK1qY3Q7k|Vi<4tL6eA$$+N@C?WZjFvz#oRUljCTp+@-}fnI)l(VvGa5`l}) zQW|DkVN$NfTBbDxHx0!(%q`qD$SqSKnd1z6*6N_YQb@h=hxb=-G*4cfk2wa# z-~Uf4|B=vhjqGt{*19^#A#gu&;LxP z20tpRL)3XWX#aqng`^*xmUv5e z6$m(idi@MB`EAh)VB9o9s`LTuU&vO9cAUzp31N^lvbll;6X`vQ1vJPqT{jja#pCZT zR3Pap1ZOWzv>&z;De0TctD^I(|Flg}kd{HYd7$7A&v$oeBKZPNXD zSE7JIyBJf{l#}T)b~>*+;o#E9)VWYMonTJ24oe4VdcCK8?RLOr5Q>+Bt;-<$V+9e#BFypF zgc9I!th3z3O!`x7L}Jb%qZ6W@VU0)%_b$xW3A3MOGd%j?I$5Tv3=96S=|l-hz|lq* zX{NMf8OJ6|k8=Q|F z6VO%#1NT3Rd5Uy18>@kTupL7{3n($`UdoEUKb;QAWu~SS(qUr?T3*Tk z{}M^A8YJ=`DP!Asbk)_v%a|wW5gFG6oWa`;P3OK~JV@7@qlF&fgv2iovM4l%7)8K? z5^U|}#g)zCnZ8XB@r|RqRXM7b*56C60P&JhFmC>Hhm})6)i7@ADOigOe)-r0erU&5Y3O->#nJuEo zh!s+Fugb1=xG{OPO@n~coUqU*+XL~qR6o^x*t7i z8Vk%o_eD*KknZ^g=_O=rf8 zAz%vn5;-+b#gi_X|CrhtV22ayd^*rzEH-rRKu4B%Ci6x$-i-{<3UoLVR)PdF_wA)O z9lNDR#VCTLPv;KsO7MIMFV}c>xK+g1He+c-5j@bB9P-dtHI%Z~P2L-f{P+(FW9nI5cy*cz$ew@Qr5#GCNwAsXeJQ^K4XUpU$^ z$>Qc72dYhaFas)5JZcO7zm8H2rXQPDKGdQld$HNS3wilvqzC(iRL`@T3QtB3HMg1% z4mYiw)&ugmAm=^g7z1tV9W08uZ)W-%}AB4&Bmg>@Ld*wE8E8 z*VEcIG8_6#JYe$EXXIYgSYJ@$tle2?@aQHj3TQN-4jt?Aitsi`F|oF6{~ZKRK;3q; zc+sHTS>8_kLFrUF01>xi-Z(X|-K1K@IKG>_w_COgGtNK6f^+dmEp*$ag%qGyXgKDl zAR)t>Ag3D+!t;LI1{&U7?L!~uz>#6;G*t5GR&44en+8$4iev?2`(*sysSU!uJ=Lg= zOZXf9c&-fz^t-A`Tz=D$P^@yXHG6Nb=dg;)Bx7uVuRr<L#ryU768OY`g zMvqgYGZwu_j1!J*AN%iZZJT+a#>pUGNeA@EnNCx_!N6TC_$+=Pv@;#~WCuV5;ZBpWEW~XNS2uF<4d~6b9PTxF?GQu78W$e<0Z| R5fVsXi>>{}+<&~z{~v%ki3tDz literal 0 HcmV?d00001 diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/overview.svg b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/overview.svg new file mode 100644 index 000000000..5e1092df4 --- /dev/null +++ b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/overview.svg @@ -0,0 +1,2 @@ + +
OneAgent Pods
[Not supported by viewer]
trigger
rollout
[Not supported by viewer]
query
version
query<br>version
trigger
update
[Not supported by viewer]
OneAgent
CustomResource
[Not supported by viewer]
DaemonSet
DaemonSet
watch
changes
watch<br>changes
DynatraceOneAgentOperatorDynatrace Cluster
\ No newline at end of file diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/questions.yml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/questions.yml new file mode 100644 index 000000000..561642772 --- /dev/null +++ b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/questions.yml @@ -0,0 +1,175 @@ +questions: + +#################### Agent Configuration (REQUIRED) #################### +- variable: mode + label: "Monitoring mode" + description: "Either fullstack for full monitoring or apm for application only monitoring" + default: "fullstack" + type: enum + group: "Agent Configuration (REQUIRED)" + options: + - "fullstack" + - "apm" + +- variable: oneagent.apiUrl + label: "Dynatrace API URL" + description: "Dynatrace API URL including `/api` path at the end" + default: "https://ENVIRONMENTID.live.dynatrace.com/api" + type: string + required: true + group: "Agent Configuration (REQUIRED)" + +- variable: secret.apiToken + label: "Dynatrace API token" + description: "Your Dynatrace API token - You can generate this token in your Dynatrace environment" + default: "" + type: string + required: true + group: "Agent Configuration (REQUIRED)" + +- variable: secret.paasToken + label: "Dynatrace PaaS token" + description: "Your Dynatrace Platform as a Service token - You can generate this token in your Dynatrace environment" + default: "" + type: string + required: true + group: "Agent Configuration (REQUIRED)" + +#################### Advanced Agent Configuration (OPTIONAL) #################### +- variable: show_advanced_config + label: "Show advanced configuration" + description: "Show advanced configuration options for the Dynatrace OneAgent Operator" + default: false + type: boolean + group: "Advanced Agent Configuration (OPTIONAL)" + +- variable: operator.image + label: "Custom Operator image location" + description: "The location from where to grab the Dynatrace OneAgent operator image - default is quay.io/dynatrace/dynatrace-oneagent-operator" + default: "" + type: string + group: "Advanced Agent Configuration (OPTIONAL)" + show_if: "show_advanced_config=true" + +- variable: oneagent.name + label: "OneAgent CustomResource name" + default: "oneagent" + type: string + group: "Advanced Agent Configuration (OPTIONAL)" + show_if: "show_advanced_config=true && mode=fullstack" + +- variable: oneagent.disableAgentUpdate + label: "Disable automatic OneAgent updates" + description: "Disables automatic restarts of oneagent pods in case a new version is available" + default: false + type: boolean + group: "Advanced Agent Configuration (OPTIONAL)" + show_if: "show_advanced_config=true && mode=fullstack" + +- variable: oneagent.dnsPolicy + label: "Set custom DNS Policy" + description: "DNS Policy for OneAgent pods. Empty for default (ClusterFirst), more at https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy" + default: "" + type: string + group: "Advanced Agent Configuration (OPTIONAL)" + show_if: "show_advanced_config=true && mode=fullstack" + +- variable: oneagent.enableIstio + label: "Enable istio" + description: "When enabled, and if Istio is installed on the Kubernetes environment, then the Operator will create the corresponding VirtualService and ServiceEntries objects to allow access to the Dynatrace cluster from the agent." + default: false + type: boolean + group: "Advanced Agent Configuration (OPTIONAL)" + show_if: "show_advanced_config=true" + +- variable: oneagent.image + label: "Custom OneAgent image location" + description: "The location from where to grab the Dynatrace OneAgent image - default for Kubernetes is docker.io/dynatrace/oneagent" + default: "" + type: string + group: "Advanced Agent Configuration (OPTIONAL)" + show_if: "show_advanced_config=true && mode=fullstack" + +- variable: oneagent.skipCertCheck + label: "Skip certificate check" + description: "Disable certificate validation checks for installer download and API communication" + default: false + type: boolean + group: "Advanced Agent Configuration (OPTIONAL)" + show_if: "show_advanced_config=true" + +- variable: oneagent.priorityClassName + label: "Assign priority class to OneAgent pods" + description: "Priority class to assign to OneAgent pods, more at https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/" + default: "" + type: string + group: "Advanced Agent Configuration (OPTIONAL)" + show_if: "show_advanced_config=true && mode=fullstack" + +- variable: oneagent.proxy + label: "Define a proxy" + description: "Configures a proxy for the Agent, AgentDownload and the Operator. Provide the proxy here" + default: "" + type: string + group: "Advanced Agent Configuration (OPTIONAL)" + show_if: "show_advanced_config=true" + +- variable: oneagent.trustedCAs + label: "Add custom CA certificates" + description: "Adds the provided CA certficates to the Operator and the OneAgent. Provide your custom certificates here. If this is not set the default embedded certificates on the images will be used" + default: "" + type: multiline + group: "Advanced Agent Configuration (OPTIONAL)" + show_if: "show_advanced_config=true" + +- variable: oneagent.waitReadySeconds + label: "Wait seconds until ready" + description: "Define the time to wait until OneAgent pod is ready after update - defaults to 300s" + default: "" + type: int + group: "Advanced Agent Configuration (OPTIONAL)" + show_if: "show_advanced_config=true && mode=fullstack" + +- variable: oneagent.args + label: "Arguments to OneAgent installer" + description: "Defines additional arguments which get passed to the OneAgent installer - Please edit as Yaml for the best experience. The expected format is YAML and not a string" + default: "" + type: string + group: "Advanced Agent Configuration (OPTIONAL)" + show_if: "show_advanced_config=true && mode=fullstack" + +- variable: oneagent.env + label: "Environment variables for OneAgent" + description: "Defines additional environment variables which get passed to the OneAgent - Please edit as Yaml for the best experience" + type: string + group: "Advanced Agent Configuration (OPTIONAL)" + show_if: "show_advanced_config=true && mode=fullstack" + +- variable: oneagent.nodeSelector + label: "Node selector to control the selection of nodes" + description: "Defines a NodeSelector to customize to which nodes the OneAgent will be rolled out - Please edit as Yaml for the best experience" + type: string + group: "Advanced Agent Configuration (OPTIONAL)" + show_if: "show_advanced_config=true && mode=fullstack" + +- variable: oneagent.labels + label: "Custom labels for the OneAgent pods" + description: "Defines labels for OneAgent pods to structure workloads as desired - Please edit as Yaml for the best experience" + type: string + group: "Advanced Agent Configuration (OPTIONAL)" + show_if: "show_advanced_config=true && mode=fullstack" + +- variable: oneagent.resources + label: "Resource definition for the OneAgent pods" + description: "Defines the resources the OneAgent pods can use - Please edit as Yaml for the best experience" + type: string + group: "Advanced Agent Configuration (OPTIONAL)" + show_if: "show_advanced_config=true && mode=fullstack" + +- variable: oneagent.tolerations + label: "Custom tolerations for the OneAgent" + description: "Defines custom tolerations to the OneAgent - Please edit as Yaml for the best experience - see https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/" + default: "" + type: string + group: "Advanced Agent Configuration (OPTIONAL)" + show_if: "show_advanced_config=true && mode=fullstack" diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/clusterrole-operator.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/clusterrole-operator.yaml new file mode 100644 index 000000000..aedff9f83 --- /dev/null +++ b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/clusterrole-operator.yaml @@ -0,0 +1,47 @@ +# Copyright 2019 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ .Release.Name }} + labels: + {{- include "dynatrace-oneagent-operator.commonlabels" . | nindent 4 }} +rules: + - apiGroups: + - "" # "" indicates the core API group + resources: + - nodes + - namespaces + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - create + - apiGroups: + - "" + resources: + - secrets + resourceNames: + - dynatrace-oneagent-config + verbs: + - get + - update + - delete diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/clusterrole-webhook.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/clusterrole-webhook.yaml new file mode 100644 index 000000000..661399f81 --- /dev/null +++ b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/clusterrole-webhook.yaml @@ -0,0 +1,47 @@ +# Copyright 2019 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: dynatrace-oneagent-webhook + labels: + {{- include "dynatrace-oneagent-operator.commonlabelswebhook" . | nindent 4 }} +rules: + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch + - apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + verbs: + - list + - create + - watch + - apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + resourceNames: + - dynatrace-oneagent-webhook + verbs: + - get + - update diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/clusterrolebinding-operator.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/clusterrolebinding-operator.yaml new file mode 100644 index 000000000..cca2b78f8 --- /dev/null +++ b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/clusterrolebinding-operator.yaml @@ -0,0 +1,29 @@ +# Copyright 2019 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ .Release.Name }} + labels: + {{- include "dynatrace-oneagent-operator.commonlabels" . | nindent 4 }} +subjects: + - kind: ServiceAccount + name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: {{ .Release.Name }} + apiGroup: rbac.authorization.k8s.io diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/clusterrolebinding-webhook.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/clusterrolebinding-webhook.yaml new file mode 100644 index 000000000..b2305a81f --- /dev/null +++ b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/clusterrolebinding-webhook.yaml @@ -0,0 +1,29 @@ +# Copyright 2019 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: dynatrace-oneagent-webhook + labels: + {{- include "dynatrace-oneagent-operator.commonlabelswebhook" . | nindent 4 }} +subjects: + - kind: ServiceAccount + name: dynatrace-oneagent-webhook + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: dynatrace-oneagent-webhook + apiGroup: rbac.authorization.k8s.io diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/configmap.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/configmap.yaml new file mode 100644 index 000000000..10d35fcf3 --- /dev/null +++ b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/configmap.yaml @@ -0,0 +1,25 @@ +# Copyright 2020 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} +{{- if .Values.oneagent.trustedCAs }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Values.oneagent.name }} + namespace: {{ .Release.Namespace }} +data: + certs: | +{{ .Values.oneagent.trustedCAs | indent 4 }} +{{- end }} diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/customresource-oneagent.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/customresource-oneagent.yaml new file mode 100644 index 000000000..64229cfb0 --- /dev/null +++ b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/customresource-oneagent.yaml @@ -0,0 +1,99 @@ +# Copyright 2019 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} +{{- if eq .Values.mode "fullstack" }} +apiVersion: dynatrace.com/v1alpha1 +kind: OneAgent +metadata: + name: {{ .Values.oneagent.name }} + namespace: {{ .Release.Namespace }} +spec: + apiUrl: {{ required "ApiUrl needs to be set!" .Values.oneagent.apiUrl }} + tokens: {{ .Values.oneagent.name }} + image: {{ include "dynatrace-oneagent.image" . }} + + {{- if ne (printf "%T" .Values.oneagent.args) "string" }} + args: {{- toYaml .Values.oneagent.args | nindent 4 }} + {{- else }} + args: + - --set-app-log-content-access=true + {{- end }} + + {{- if .Values.oneagent.env }} + env: {{- toYaml .Values.oneagent.env | nindent 4 }} + {{- end }} + + {{- if .Values.oneagent.labels }} + labels: {{- toYaml .Values.oneagent.labels | nindent 4 }} + {{- end }} + + {{- if .Values.oneagent.nodeSelector }} + nodeSelector: {{- toYaml .Values.oneagent.nodeSelector | nindent 4 }} + {{- end }} + + {{- if .Values.oneagent.proxy }} + proxy: + valueFrom: {{ .Values.oneagent.name }} + {{- end }} + + {{- if ne (printf "%T" .Values.oneagent.tolerations) "string" }} + tolerations: {{- toYaml .Values.oneagent.tolerations | nindent 4 }} + {{- else }} + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + operator: Exists + {{- end }} + + {{- if .Values.oneagent.resources }} + resources: {{- toYaml .Values.oneagent.resources | nindent 4 }} + {{- end }} + + {{- if .Values.oneagent.dnsPolicy }} + dnsPolicy: {{ .Values.oneagent.dnsPolicy }} + {{- end }} + + {{- if .Values.oneagent.enableIstio }} + enableIstio: {{ .Values.oneagent.enableIstio }} + {{- end }} + + {{- if .Values.oneagent.disableAgentUpdate }} + disableAgentUpdate: {{ .Values.oneagent.disableAgentUpdate }} + {{- end }} + + {{- if .Values.oneagent.skipCertCheck }} + skipCertCheck: {{ .Values.oneagent.skipCertCheck }} + {{- end }} + + {{- if .Values.oneagent.waitReadySeconds }} + waitReadySeconds: {{ .Values.oneagent.waitReadySeconds }} + {{- end }} + + {{- if .Values.oneagent.priorityClassName }} + priorityClassName: {{ .Values.oneagent.priorityClassName }} + {{- end }} + + {{- if .Values.oneagent.serviceAccountName }} + serviceAccountName: {{ .Values.oneagent.serviceAccountName }} + {{- end }} + + {{- if .Values.oneagent.trustedCAs }} + trustedCAs: {{ .Values.oneagent.name }} + {{- end }} + + {{- if .Values.oneagent.networkZone }} + networkZone: {{ .Values.oneagent.networkZone }} + {{- end }} +{{ end }} diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/customresource-oneagentapm.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/customresource-oneagentapm.yaml new file mode 100644 index 000000000..74d88a980 --- /dev/null +++ b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/customresource-oneagentapm.yaml @@ -0,0 +1,46 @@ +# Copyright 2019 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} +{{- if eq .Values.mode "apm" }} +apiVersion: dynatrace.com/v1alpha1 +kind: OneAgentAPM +metadata: + name: {{ include "oneagentapm.name" . }} + namespace: {{ .Release.Namespace }} +spec: + apiUrl: {{ .Values.oneagent.apiUrl }} + tokens: {{ .Values.oneagent.name }} + + {{- if .Values.oneagent.skipCertCheck }} + skipCertCheck: {{ .Values.oneagent.skipCertCheck }} + {{- end }} + + {{- if .Values.oneagent.enableIstio }} + enableIstio: {{ .Values.oneagent.enableIstio }} + {{- end }} + + {{- if .Values.oneagent.proxy }} + proxy: + valueFrom: {{ .Values.oneagent.name }} + {{- end }} + + {{- if .Values.oneagent.trustedCAs }} + trustedCAs: {{ .Values.oneagent.name }} + {{- end }} + + {{- if .Values.oneagent.networkZone }} + networkZone: {{ .Values.oneagent.networkZone }} + {{- end }} +{{ end }} diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/deployment-operator.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/deployment-operator.yaml new file mode 100644 index 000000000..159ec6410 --- /dev/null +++ b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/deployment-operator.yaml @@ -0,0 +1,86 @@ +# Copyright 2019 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "dynatrace-oneagent-operator.commonlabels" . | nindent 4 }} +spec: + replicas: 1 + revisionHistoryLimit: 1 + selector: + matchLabels: + name: {{ .Release.Name }} + strategy: + type: Recreate + template: + metadata: + labels: + name: {{ .Release.Name }} + {{- include "dynatrace-oneagent-operator.commonlabels" . | nindent 8 }} + spec: + containers: + - name: {{ .Release.Name }} + args: + - operator + image: {{ include "dynatrace-oneagent-operator.image" . }} + imagePullPolicy: Always + env: + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + ports: + - containerPort: 60000 + name: metrics + resources: + requests: + cpu: 10m + memory: 64Mi + limits: + cpu: 100m + memory: 256Mi + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + - arm64 + - key: beta.kubernetes.io/os + operator: In + values: + - linux + - matchExpressions: + - key: kubernetes.io/arch + operator: In + values: + - amd64 + - arm64 + - key: kubernetes.io/os + operator: In + values: + - linux + serviceAccountName: {{ .Release.Name }} diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/deployment-webhook.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/deployment-webhook.yaml new file mode 100644 index 000000000..de3143983 --- /dev/null +++ b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/deployment-webhook.yaml @@ -0,0 +1,125 @@ +# Copyright 2019 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: dynatrace-oneagent-webhook + namespace: {{ .Release.Namespace }} + labels: + dynatrace.com/operator: oneagent +spec: + replicas: 1 + revisionHistoryLimit: 1 + selector: + matchLabels: + internal.oneagent.dynatrace.com/component: webhook + internal.oneagent.dynatrace.com/app: webhook + strategy: + type: Recreate + template: + metadata: + labels: + dynatrace.com/operator: oneagent + internal.oneagent.dynatrace.com/component: webhook + internal.oneagent.dynatrace.com/app: webhook + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + - arm64 + - key: beta.kubernetes.io/os + operator: In + values: + - linux + - matchExpressions: + - key: kubernetes.io/arch + operator: In + values: + - amd64 + - arm64 + - key: kubernetes.io/os + operator: In + values: + - linux + containers: + - name: webhook + args: + - webhook-server + image: {{ include "dynatrace-oneagent-operator.image" . }} + imagePullPolicy: Always + env: + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + readinessProbe: + httpGet: + path: /healthz + port: server-port + scheme: HTTPS + initialDelaySeconds: 15 + periodSeconds: 10 + ports: + - name: server-port + containerPort: 8443 + resources: + requests: + cpu: 10m + memory: 64Mi + limits: + cpu: 100m + memory: 256Mi + volumeMounts: + - name: certs-volume + mountPath: /mnt/webhook-certs + - name: bootstrapper + args: + - webhook-bootstrapper + image: {{ include "dynatrace-oneagent-operator.image" . }} + imagePullPolicy: Always + env: + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + resources: + requests: + cpu: 10m + memory: 64Mi + limits: + cpu: 100m + memory: 256Mi + volumeMounts: + - name: certs-volume + mountPath: /mnt/webhook-certs + serviceAccountName: dynatrace-oneagent-webhook + volumes: + - name: certs-volume + emptyDir: {} diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/mutatingwebhookconfiguration.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/mutatingwebhookconfiguration.yaml new file mode 100644 index 000000000..9248d5217 --- /dev/null +++ b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/mutatingwebhookconfiguration.yaml @@ -0,0 +1,39 @@ +# Copyright 2019 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: MutatingWebhookConfiguration +metadata: + name: dynatrace-oneagent-webhook + labels: + {{- include "dynatrace-oneagent-operator.commonlabelswebhook" . | nindent 4 }} +webhooks: +- name: webhook.oneagent.dynatrace.com + rules: + - apiGroups: [""] + apiVersions: ["v1"] + operations: ["CREATE"] + resources: ["pods"] + scope: Namespaced + namespaceSelector: + matchExpressions: + - key: oneagent.dynatrace.com/instance + operator: Exists + clientConfig: + service: + name: dynatrace-oneagent-webhook + namespace: {{ .Release.Namespace }} + path: /inject + admissionReviewVersions: ["v1beta1"] diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/rolebinding-operator.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/rolebinding-operator.yaml new file mode 100644 index 000000000..82df3260e --- /dev/null +++ b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/rolebinding-operator.yaml @@ -0,0 +1,29 @@ +# Copyright 2019 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "dynatrace-oneagent-operator.commonlabels" . | nindent 4 }} +subjects: + - kind: ServiceAccount + name: {{ .Release.Name }} +roleRef: + kind: Role + name: {{ .Release.Name }} + apiGroup: rbac.authorization.k8s.io diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/rolebinding-webhook.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/rolebinding-webhook.yaml new file mode 100644 index 000000000..f16fb26b1 --- /dev/null +++ b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/rolebinding-webhook.yaml @@ -0,0 +1,30 @@ +# Copyright 2019 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: dynatrace-oneagent-webhook + namespace: {{ .Release.Namespace }} + labels: + {{- include "dynatrace-oneagent-operator.commonlabelswebhook" . | nindent 4 }} +subjects: + - kind: ServiceAccount + name: dynatrace-oneagent-webhook + namespace: {{ .Release.Namespace }} +roleRef: + kind: Role + name: dynatrace-oneagent-webhook + apiGroup: rbac.authorization.k8s.io diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/secret.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/secret.yaml new file mode 100644 index 000000000..7449e6b65 --- /dev/null +++ b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/secret.yaml @@ -0,0 +1,29 @@ +# Copyright 2019 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} +{{- if .Values.secret.autoCreate }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.oneagent.name }} + namespace: {{ .Release.Namespace }} +data: + apiToken: {{ .Values.secret.apiToken | b64enc }} + paasToken: {{ .Values.secret.paasToken | b64enc }} + {{- if .Values.oneagent.proxy }} + proxy: {{ .Values.oneagent.proxy | b64enc }} + {{- end }} +type: Opaque +{{- end }} diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/service.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/service.yaml new file mode 100644 index 000000000..cd280bb0f --- /dev/null +++ b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/service.yaml @@ -0,0 +1,31 @@ + +# Copyright 2019 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} +apiVersion: v1 +kind: Service +metadata: + name: dynatrace-oneagent-webhook + namespace: {{ .Release.Namespace }} + labels: + {{- include "dynatrace-oneagent-operator.commonlabelswebhook" . | nindent 4 }} +spec: + selector: + internal.oneagent.dynatrace.com/app: webhook + internal.oneagent.dynatrace.com/component: webhook + ports: + - port: 443 + protocol: TCP + targetPort: server-port diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/serviceaccount-webhook.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/serviceaccount-webhook.yaml new file mode 100644 index 000000000..21e17344a --- /dev/null +++ b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Common/serviceaccount-webhook.yaml @@ -0,0 +1,20 @@ +# Copyright 2019 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: dynatrace-oneagent-webhook + namespace: {{ .Release.Namespace }} diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Kubernetes/podsecuritypolicy-oneagent.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Kubernetes/podsecuritypolicy-oneagent.yaml new file mode 100644 index 000000000..f17e25282 --- /dev/null +++ b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Kubernetes/podsecuritypolicy-oneagent.yaml @@ -0,0 +1,44 @@ +# Copyright 2019 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} +{{- if eq .Values.platform "kubernetes" }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: dynatrace-oneagent + annotations: + seccomp.security.alpha.kubernetes.io/allowedProfileNames: "*" +spec: + privileged: true + allowPrivilegeEscalation: true + allowedCapabilities: + - "*" + volumes: + - "*" + hostNetwork: true + hostIPC: true + hostPID: true + hostPorts: + - min: 0 + max: 65535 + runAsUser: + rule: "RunAsAny" + seLinux: + rule: "RunAsAny" + supplementalGroups: + rule: "RunAsAny" + fsGroup: + rule: "RunAsAny" +{{ end }} diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Kubernetes/podsecuritypolicy-operator.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Kubernetes/podsecuritypolicy-operator.yaml new file mode 100644 index 000000000..7d792073c --- /dev/null +++ b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Kubernetes/podsecuritypolicy-operator.yaml @@ -0,0 +1,50 @@ +# Copyright 2019 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} +{{- if eq .Values.platform "kubernetes" }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: dynatrace-oneagent-operator + annotations: + seccomp.security.alpha.kubernetes.io/allowedProfileNames: "docker/default" + apparmor.security.beta.kubernetes.io/allowedProfileNames: "runtime/default" + seccomp.security.alpha.kubernetes.io/defaultProfileName: "docker/default" + apparmor.security.beta.kubernetes.io/defaultProfileName: "runtime/default" +spec: + privileged: false + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + requiredDropCapabilities: + - ALL + volumes: + - "configMap" + - "emptyDir" + - "projected" + - "secret" + - "downwardAPI" + - "persistentVolumeClaim" + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: "MustRunAsNonRoot" + seLinux: + rule: "RunAsAny" + supplementalGroups: + rule: "RunAsAny" + fsGroup: + rule: "RunAsAny" +{{ end }} diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Kubernetes/podsecuritypolicy-webhook.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Kubernetes/podsecuritypolicy-webhook.yaml new file mode 100644 index 000000000..a8cb0925f --- /dev/null +++ b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Kubernetes/podsecuritypolicy-webhook.yaml @@ -0,0 +1,50 @@ +# Copyright 2019 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} +{{- if eq .Values.platform "kubernetes" }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: dynatrace-oneagent-webhook + annotations: + seccomp.security.alpha.kubernetes.io/allowedProfileNames: "docker/default" + apparmor.security.beta.kubernetes.io/allowedProfileNames: "runtime/default" + seccomp.security.alpha.kubernetes.io/defaultProfileName: "docker/default" + apparmor.security.beta.kubernetes.io/defaultProfileName: "runtime/default" +spec: + privileged: false + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + requiredDropCapabilities: + - ALL + volumes: + - "configMap" + - "emptyDir" + - "projected" + - "secret" + - "downwardAPI" + - "persistentVolumeClaim" + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: "MustRunAsNonRoot" + seLinux: + rule: "RunAsAny" + supplementalGroups: + rule: "RunAsAny" + fsGroup: + rule: "RunAsAny" +{{ end }} diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Kubernetes/role-oneagent.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Kubernetes/role-oneagent.yaml new file mode 100644 index 000000000..f20b85ea8 --- /dev/null +++ b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Kubernetes/role-oneagent.yaml @@ -0,0 +1,31 @@ +# Copyright 2019 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} +{{- if eq .Values.platform "kubernetes" }} +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: dynatrace-oneagent + namespace: {{ .Release.Namespace }} +rules: + - apiGroups: + - policy + resources: + - podsecuritypolicies + resourceNames: + - dynatrace-oneagent + verbs: + - use +{{ end }} diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Kubernetes/role-operator.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Kubernetes/role-operator.yaml new file mode 100644 index 000000000..2b7a7866b --- /dev/null +++ b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Kubernetes/role-operator.yaml @@ -0,0 +1,124 @@ +# Copyright 2019 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} +{{- if eq .Values.platform "kubernetes" }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "dynatrace-oneagent-operator.commonlabels" . | nindent 4 }} +rules: + - apiGroups: + - dynatrace.com + resources: + - oneagents + - oneagentapms + verbs: + - get + - list + - watch + - update + - apiGroups: + - apps + resources: + - daemonsets + verbs: + - get + - list + - watch + - create + - update + - delete + - apiGroups: + - apps + resources: + - replicasets + - deployments + verbs: + - get + - list + - watch + - apiGroups: + - apps + resources: + - deployments/finalizers + verbs: + - update + - apiGroups: + - "" # "" indicates the core API group + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - delete + - apiGroups: + - "" # "" indicates the core API group + resources: + - pods + verbs: + - get + - list + - watch + - delete + - apiGroups: + - "" # "" indicates the core API group + resources: + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create + - apiGroups: + - dynatrace.com + resources: + - oneagents/finalizers + - oneagents/status + - oneagentapms/finalizers + - oneagentapms/status + verbs: + - update + - apiGroups: + - networking.istio.io + resources: + - serviceentries + - virtualservices + verbs: + - get + - list + - create + - update + - delete + - apiGroups: + - policy + resources: + - podsecuritypolicies + resourceNames: + - dynatrace-oneagent-operator + verbs: + - use +{{ end }} diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Kubernetes/role-webhook.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Kubernetes/role-webhook.yaml new file mode 100644 index 000000000..e3fb9c037 --- /dev/null +++ b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Kubernetes/role-webhook.yaml @@ -0,0 +1,61 @@ +# Copyright 2019 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} +{{- if eq .Values.platform "kubernetes" }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: dynatrace-oneagent-webhook + namespace: {{ .Release.Namespace }} + labels: + {{- include "dynatrace-oneagent-operator.commonlabelswebhook" . | nindent 4 }} +rules: + - apiGroups: + - "" + resources: + - services + - configmaps + - secrets + verbs: + - get + - list + - watch + - create + - update + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - apiGroups: + - dynatrace.com + resources: + - oneagentapms + verbs: + - get + - list + - watch + - apiGroups: + - policy + resources: + - podsecuritypolicies + resourceNames: + - dynatrace-oneagent-webhook + verbs: + - use +{{ end }} diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Kubernetes/rolebinding-oneagent.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Kubernetes/rolebinding-oneagent.yaml new file mode 100644 index 000000000..a16c6ce73 --- /dev/null +++ b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Kubernetes/rolebinding-oneagent.yaml @@ -0,0 +1,30 @@ +# Copyright 2019 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} +{{- if eq .Values.platform "kubernetes" }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: dynatrace-oneagent + namespace: {{ .Release.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: dynatrace-oneagent +subjects: + - kind: ServiceAccount + name: dynatrace-oneagent + namespace: {{ .Release.Namespace }} +{{ end }} diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Kubernetes/serviceaccount-oneagent.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Kubernetes/serviceaccount-oneagent.yaml new file mode 100644 index 000000000..4b958ab6f --- /dev/null +++ b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Kubernetes/serviceaccount-oneagent.yaml @@ -0,0 +1,22 @@ +# Copyright 2019 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} +{{- if eq .Values.platform "kubernetes" }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: dynatrace-oneagent + namespace: {{ .Release.Namespace }} +{{ end }} diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Kubernetes/serviceaccount-operator.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Kubernetes/serviceaccount-operator.yaml new file mode 100644 index 000000000..5477dd8fb --- /dev/null +++ b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Kubernetes/serviceaccount-operator.yaml @@ -0,0 +1,22 @@ +# Copyright 2019 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} +{{- if eq .Values.platform "kubernetes" }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} +{{ end }} diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/NOTES.txt b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/NOTES.txt new file mode 100644 index 000000000..288d31baa --- /dev/null +++ b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/NOTES.txt @@ -0,0 +1,58 @@ +Thank you for installing {{ .Chart.Name }}. + +Your release is named {{ .Release.Name }}. + +To find more information about the Dynatrace OneAgent Operator, try: +https://github.com/Dynatrace/dynatrace-oneagent-operator + +To verify the current state of the OneAgent deployment, try: + $ kubectl get pods -n {{ .Release.Namespace }} + $ kubectl logs -f deployment/{{ .Release.Name }} -n {{ .Release.Namespace }} + $ kubectl get oneagent {{ .Values.oneagent.name }} -n {{ .Release.Namespace }} + +{{- if eq .Values.mode "apm" -}} + {{- if .Values.oneagent.image -}} +WARNING: +The following argument did not get applied since it can only be used with fullstack: oneagent.image + {{- end -}} + {{- if .Values.oneagent.args -}} +WARNING: +The following argument did not get applied since it can only be used with fullstack: oneagent.args + {{- end -}} + {{- if .Values.oneagent.env -}} +WARNING: +The following argument did not get applied since it can only be used with fullstack: oneagent.env + {{- end -}} + {{- if .Values.oneagent.nodeSelector -}} +WARNING: +The following argument did not get applied since it can only be used with fullstack: oneagent.nodeSelector + {{- end -}} + {{- if .Values.oneagent.labels -}} +WARNING: +The following argument did not get applied since it can only be used with fullstack: oneagent.labels + {{- end -}} + {{- if .Values.oneagent.disableAgentUpdate -}} +WARNING: +The following argument did not get applied since it can only be used with fullstack: oneagent.disableAgentUpdate + {{- end -}} + {{- if .Values.oneagent.dnsPolicy -}} +WARNING: +The following argument did not get applied since it can only be used with fullstack: oneagent.dnsPolicy + {{- end -}} + {{- if .Values.oneagent.resources -}} +WARNING: +The following argument did not get applied since it can only be used with fullstack: oneagent.resources + {{- end -}} + {{- if .Values.oneagent.tolerations -}} +WARNING: +The following argument did not get applied since it can only be used with fullstack: oneagent.tolerations + {{- end -}} + {{- if .Values.oneagent.waitReadySeconds -}} +WARNING: +The following argument did not get applied since it can only be used with fullstack: oneagent.waitReadySeconds + {{- end -}} + {{- if .Values.oneagent.priorityClassName -}} +WARNING: +The following argument did not get applied since it can only be used with fullstack: oneagent.priorityClassName + {{- end -}} +{{- end -}} diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Openshift/role-operator.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Openshift/role-operator.yaml new file mode 100644 index 000000000..7f02c04d4 --- /dev/null +++ b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Openshift/role-operator.yaml @@ -0,0 +1,116 @@ +# Copyright 2019 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} +{{- if eq .Values.platform "openshift" }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "dynatrace-oneagent-operator.commonlabels" . | nindent 4 }} +rules: + - apiGroups: + - dynatrace.com + resources: + - oneagents + - oneagentapms + verbs: + - get + - list + - watch + - update + - apiGroups: + - apps + resources: + - daemonsets + verbs: + - get + - list + - watch + - create + - update + - delete + - apiGroups: + - apps + resources: + - replicasets + - deployments + verbs: + - get + - list + - watch + - apiGroups: + - apps + resources: + - deployments/finalizers + verbs: + - update + - apiGroups: + - "" # "" indicates the core API group + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - delete + - apiGroups: + - "" # "" indicates the core API group + resources: + - pods + verbs: + - get + - list + - watch + - delete + - apiGroups: + - "" # "" indicates the core API group + resources: + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create + - apiGroups: + - dynatrace.com + resources: + - oneagents/finalizers + - oneagents/status + - oneagentapms/finalizers + - oneagentapms/status + verbs: + - update + - apiGroups: + - networking.istio.io + resources: + - serviceentries + - virtualservices + verbs: + - get + - list + - create + - update + - delete +{{ end }} diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Openshift/role-webhook.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Openshift/role-webhook.yaml new file mode 100644 index 000000000..39ce2371b --- /dev/null +++ b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Openshift/role-webhook.yaml @@ -0,0 +1,53 @@ +# Copyright 2019 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} +{{- if eq .Values.platform "openshift" }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: dynatrace-oneagent-webhook + namespace: {{ .Release.Namespace }} + labels: + {{- include "dynatrace-oneagent-operator.commonlabelswebhook" . | nindent 4 }} +rules: + - apiGroups: + - "" + resources: + - services + - configmaps + - secrets + verbs: + - get + - list + - watch + - create + - update + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - apiGroups: + - dynatrace.com + resources: + - oneagentapms + verbs: + - get + - list + - watch +{{ end }} diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Openshift/securitycontextconstraints.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Openshift/securitycontextconstraints.yaml new file mode 100644 index 000000000..86a76840d --- /dev/null +++ b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Openshift/securitycontextconstraints.yaml @@ -0,0 +1,50 @@ +# Copyright 2019 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} +{{- if eq .Values.platform "openshift" }} +apiVersion: security.openshift.io/v1 +kind: SecurityContextConstraints +metadata: + annotations: + kubernetes.io/description: "dynatrace-oneagent-privileged allows access to all privileged and host features and the ability to run as any user, any group, any fsGroup, and with any SELinux context. This is a copy of privileged scc." + name: dynatrace-oneagent-privileged +allowHostDirVolumePlugin: true +allowHostIPC: true +allowHostNetwork: true +allowHostPID: true +allowHostPorts: true +allowPrivilegedContainer: true +allowedCapabilities: + - "*" +allowedFlexVolumes: null +defaultAddCapabilities: [] +fsGroup: + type: RunAsAny +priority: 1 +readOnlyRootFilesystem: false +requiredDropCapabilities: [] +runAsUser: + type: RunAsAny +seLinuxContext: + type: RunAsAny +seccompProfiles: + - "*" +supplementalGroups: + type: RunAsAny +users: + - system:serviceaccount:dynatrace:dynatrace-oneagent +volumes: + - "*" +{{ end }} diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Openshift/serviceaccount-oneagent.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Openshift/serviceaccount-oneagent.yaml new file mode 100644 index 000000000..100b93ecc --- /dev/null +++ b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Openshift/serviceaccount-oneagent.yaml @@ -0,0 +1,25 @@ +# Copyright 2019 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} +{{- if eq .Values.platform "openshift" }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: dynatrace-oneagent + namespace: {{ .Release.Namespace }} +imagePullSecrets: + - name: redhat-connect + - name: redhat-connect-sso +{{ end }} diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Openshift/serviceaccount-operator.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Openshift/serviceaccount-operator.yaml new file mode 100644 index 000000000..d80abab71 --- /dev/null +++ b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/Openshift/serviceaccount-operator.yaml @@ -0,0 +1,25 @@ +# Copyright 2019 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}} +{{- if eq .Values.platform "openshift" }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: dynatrace-oneagent-operator + namespace: {{ .Release.Namespace }} +imagePullSecrets: + - name: redhat-connect + - name: redhat-connect-sso +{{ end }} diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/_helpers.tpl b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/_helpers.tpl new file mode 100644 index 000000000..1ad8117c3 --- /dev/null +++ b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/templates/_helpers.tpl @@ -0,0 +1,113 @@ +// Copyright 2019 Dynatrace LLC + +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at + +// http://www.apache.org/licenses/LICENSE-2.0 + +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "dynatrace-oneagent-operator.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "dynatrace-oneagent-operator.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "dynatrace-oneagent-operator.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "dynatrace-oneagent-operator.commonlabels" -}} +dynatrace: operator +operator: oneagent +helm.sh/chart: {{ include "dynatrace-oneagent-operator.chart" . }} +{{- end -}} + +{{/* +Common labels webhook +*/}} +{{- define "dynatrace-oneagent-operator.commonlabelswebhook" -}} +dynatrace.com/operator: oneagent +internal.oneagent.dynatrace.com/component: webhook +helm.sh/chart: {{ include "dynatrace-oneagent-operator.chart" . }} +{{- end -}} + +{{/* +Check if platform is set +*/}} +{{- define "dynatrace-oneagent-operator.platformSet" -}} +{{- if or (eq .Values.platform "kubernetes") (eq .Values.platform "openshift") -}} + {{ default "set" }} +{{- end -}} +{{- end -}} + +{{/* +Check if default oneagent image is used +*/}} +{{- define "dynatrace-oneagent.image" -}} +{{- if .Values.oneagent.image -}} + {{- printf "%s" .Values.oneagent.image -}} +{{- else -}} + {{- if eq .Values.platform "kubernetes" -}} + {{- printf "docker.io/dynatrace/oneagent" }} + {{- end -}} + {{- if eq .Values.platform "openshift" -}} + {{- printf "registry.connect.redhat.com/dynatrace/oneagent" }} + {{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Check if default operator image is used +*/}} +{{- define "dynatrace-oneagent-operator.image" -}} +{{- if .Values.operator.image -}} + {{- printf "%s" .Values.operator.image -}} +{{- else -}} + {{- printf "%s:v%s" "docker.io/dynatrace/dynatrace-oneagent-operator" .Chart.AppVersion }} +{{- end -}} +{{- end -}} + +{{/* +Check for correct oneagentapm name +*/}} +{{- define "oneagentapm.name" -}} +{{- if eq .Values.mode "apm" }} + {{- if eq .Values.oneagent.name "oneagent" -}} + {{- printf "oneagentapm" -}} + {{- else -}} + {{- printf "%s" .Values.oneagent.name -}} + {{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/values.yaml b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/values.yaml new file mode 100644 index 000000000..2636c7880 --- /dev/null +++ b/charts/dynatrace-oneagent-operator/dynatrace-oneagent-operator/0.8.000/values.yaml @@ -0,0 +1,51 @@ +# Copyright 2019 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +platform: "kubernetes" +mode: "fullstack" + +operator: + image: "" + +oneagent: + name: "oneagent" + apiUrl: "" + image: "" + # The expected format is YAML and not a string + args: "" + # The expected format is YAML and not a string + env: "" + # The expected format is YAML and not a string + nodeSelector: "" + # The expected format is YAML and not a string + labels: "" + skipCertCheck: false + disableAgentUpdate: false + enableIstio: false + dnsPolicy: "" + # The expected format is YAML and not a string + resources: "" + # The expected format is YAML and not a string + tolerations: "" + waitReadySeconds: null + priorityClassName: "" + serviceAccountName: "" + proxy: "" + trustedCAs: "" + networkZone: "" + +secret: + autoCreate: true + apiToken: "" + paasToken: "" diff --git a/charts/falcon-sensor/falcon-sensor/0.9.300/.helmignore b/charts/falcon-sensor/falcon-sensor/0.9.300/.helmignore new file mode 100644 index 000000000..0e8a0eb36 --- /dev/null +++ b/charts/falcon-sensor/falcon-sensor/0.9.300/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/falcon-sensor/falcon-sensor/0.9.300/Chart.yaml b/charts/falcon-sensor/falcon-sensor/0.9.300/Chart.yaml new file mode 100644 index 000000000..f00d7c5e8 --- /dev/null +++ b/charts/falcon-sensor/falcon-sensor/0.9.300/Chart.yaml @@ -0,0 +1,26 @@ +annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: CrowdStrike Falcon Platform + catalog.cattle.io/release-name: falcon-helm +apiVersion: v2 +appVersion: 0.9.3 +description: A Helm chart to deploy CrowdStrike Falcon sensors into Kubernetes clusters. +home: https://crowdstrike.com +icon: https://raw.githubusercontent.com/CrowdStrike/falcon-helm/main/images/crowdstrike-logo.svg +keywords: +- CrowdStrike +- Falcon +- EDR +- kubernetes +- security +- monitoring +- alerting +maintainers: +- name: CrowdStrike Solution Architecture +- email: gabriel.alford@crowdstrike.com + name: Gabe Alford +name: falcon-sensor +sources: +- https://github.com/CrowdStrike/falcon-helm +type: application +version: 0.9.300 diff --git a/charts/falcon-sensor/falcon-sensor/0.9.300/README.md b/charts/falcon-sensor/falcon-sensor/0.9.300/README.md new file mode 100644 index 000000000..b8b5925aa --- /dev/null +++ b/charts/falcon-sensor/falcon-sensor/0.9.300/README.md @@ -0,0 +1,90 @@ +# CrowdStrike Falcon Helm Chart + +[Falcon](https://www.crowdstrike.com/) is the [CrowdStrike](https://www.crowdstrike.com/) +platform purpose-built to stop breaches via a unified set of cloud-delivered +technologies that prevent all types of attacks — including malware and much +more. + +# Kubernetes Cluster Compatability + +The Falcon Helm chart has been tested to deploy on the following Kubernetes distributions: + +* Amazon Elastic Kubernetes Service (EKS) +* Azure Kubernetes Service (AKS) - Linux Nodes Only +* Google Kubernetes Engine (GKE) +* Rancher K3s + * Nodes must be Linux distributions supported by CrowdStrike. See [https://falcon.crowdstrike.com/support/documentation/20/falcon-sensor-for-linux#operating-systems](https://falcon.crowdstrike.com/support/documentation/20/falcon-sensor-for-linux#operating-systems) for supported Linux distributions and kernels. +* Red Hat OpenShift Container Platform 4.6+ + +# Dependencies + +1. Requires a x86_64 Kubernetes cluster +1. Must be a CrowdStrike customer with access to the Falcon Linux Sensor and Falcon Container downloads. +1. Before deploying the Helm chart, you should have a Falcon Linux Sensor in the container registry before installing the Helm Chart. See the Deployment Considerations for more. +1. Helm 3.x is installed and supported by the Kubernetes vendor. + +# Deployment Considerations + +To ensure a successful deployment, you will want to ensure that: +1. By default, the Helm Chart installs in the `default` namespace. Best practices for deploying to Kubernetes is to create a new namespace. This can be done by adding `-n falcon-system --create-namespace` to your `helm install` command. +1. You have access to a containerized falcon sensor image. This is most likely through a private image registry on your network or cloud provider. See [https://github.com/CrowdStrike/Dockerfiles](https://github.com/CrowdStrike/Dockerfiles) as an example of how to build a Falcon sensor for your registry. +1. The Falcon Linux Sensor (not the Falcon Container) should be used in the container image to deploy to Kubernetes nodes. +1. When deploying the Falcon Linux Sensor to a node, the container image should match the node's operating system. For example, if the node is running Red Hat Enterprise Linux 8.2, the container image should be based on Red Hat Enterprise Linux 8.2, etc. This is important to ensure sensor and image compatibility with the base node operating system. +1. You must have sufficient permissions to deploy Helm Charts to the cluster. This is often received through cluster admin privileges. +1. Only deploying to Kubernetes nodes are supported at this time. +1. When deploying the Falcon Linux Sensor as a container to Kubernetes nodes, it is a requirement that the Falcon Sensor run as a privileged container so that the Sensor can properly work with the kernel. If this is unacceptable, you can install the Falcon Linux Sensor (still runs with privileges) using an RPM or DEB package on the nodes themselves. This assumes that you have the capability to actually install RPM or DEB packages on the nodes. If you do not have this capability and you want to protect the nodes, you have to install using a privileged container. +1. CrowdStrike's Helm Operator is a project, not a product, and released to the community as a way to automate sensor deployment to kubernetes clusters. The upstream repository for this project is [https://github.com/CrowdStrike/falcon-helm](https://github.com/CrowdStrike/falcon-helm). + +# Installation + +### Add the CrowdStrike Falcon Helm repository + +``` +helm repo add crowdstrike https://crowdstrike.github.io/falcon-helm +``` + +### Install CrowdStrike Falcon Helm Chart + +``` +helm upgrade --install falcon-helm crowdstrike/falcon-sensor \ + --set falcon.cid="" \ + --set node.image.repository="/falcon-node-sensor" +``` + +Above command will install the CrowdStrike Falcon Helm Chart with the release name `falcon-helm` in the namespace your `kubectl` context is currently set to. +You can install also install into a customized namespace by running the following: + +``` +helm upgrade --install falcon-helm crowdstrike/falcon-sensor \ + -n falcon-system --create-namespace \ + --set falcon.cid="" \ + --set node.image.repository="/falcon-node-sensor" +``` + +For more details please see the [falcon-helm](https://github.com/CrowdStrike/falcon-helm) repository. + +## Node Configuration + +The following tables lists the more common configurable parameters of the chart and their default values for installing on a Kubernetes node. + +| Parameter | Description | Default | +|:--------------------------------|:---------------------------------------------------------------------|:----------------------------------------- | +| `node.enabled` | Enable installation on the Kubernetes node | `true` | +| `node.image.repository` | Falcon Sensor Node registry/image name | `falcon-node-sensor` | +| `node.image.tag` | The version of the official image to use | `latest` | +| `node.image.pullPolicy` | Policy for updating images | `Always` | +| `node.image.pullSecrets` | Pull secrets for private registry | `{}` | +| `falcon.cid` | CrowdStrike Customer ID (CID) | None (Required) | + +`falcon.cid` and `node.image.repository` are required values. + +### Uninstall Helm Chart +To uninstall, run the following command: +``` +helm uninstall falcon-helm +``` + +To uninstall from a custom namespace, run the following command: +``` +helm uninstall falcon-helm -n falcon-system +``` diff --git a/charts/falcon-sensor/falcon-sensor/0.9.300/app-readme.md b/charts/falcon-sensor/falcon-sensor/0.9.300/app-readme.md new file mode 100644 index 000000000..7f653f423 --- /dev/null +++ b/charts/falcon-sensor/falcon-sensor/0.9.300/app-readme.md @@ -0,0 +1,9 @@ +# CrowdStrike Falcon + +[CrowdStrike](https://www.crowdstrike.com/) [Container Security](https://www.crowdstrike.com/cloud-security-products/falcon-cloud-workload-protection/) +comes complete with vulnerability management, continuous +threat detection and response, and runtime protection, combined with compliance +enforcement and automated continuous integration/continuous delivery (CI/CD) pipeline security, enabling +DevOps teams to stay secure while building in the cloud. + +For more information, please visit [https://www.crowdstrike.com/cloud-security-products/falcon-cloud-workload-protection/](https://www.crowdstrike.com/cloud-security-products/falcon-cloud-workload-protection/) diff --git a/charts/falcon-sensor/falcon-sensor/0.9.300/ci/cid-values.yaml b/charts/falcon-sensor/falcon-sensor/0.9.300/ci/cid-values.yaml new file mode 100644 index 000000000..8e93d8809 --- /dev/null +++ b/charts/falcon-sensor/falcon-sensor/0.9.300/ci/cid-values.yaml @@ -0,0 +1,2 @@ +falcon: + cid: 123456789TESTS-00 diff --git a/charts/falcon-sensor/falcon-sensor/0.9.300/questions.yaml b/charts/falcon-sensor/falcon-sensor/0.9.300/questions.yaml new file mode 100644 index 000000000..9fa523a3a --- /dev/null +++ b/charts/falcon-sensor/falcon-sensor/0.9.300/questions.yaml @@ -0,0 +1,97 @@ +questions: + - variable: node.image.repository + description: "URL of container image repository holding containerized Falcon sensor. Defaults to 'falcon-node-sensor'." + required: true + type: string + default: falcon-node-sensor + label: Container Image Repository + group: "Node Container Images" + + - variable: node.image.tag + description: "Container registry image tag. Defaults to 'latest'." + required: true + type: string + default: "latest" + label: Container Image Tag + group: "Node Container Images" + + - variable: falcon.cid + description: "Passed to falconctl as \"--cid=\"{uuid string}\"\"" + required: true + type: string + label: CrowdStrike Customer ID (CID) + group: "Falcon Sensor Node Settings" + + - variable: falcon.apd + description: "App Proxy Disable. Passed to falconctl as \"--apt=true\" or \"--apt=false\"." + required: false + type: boolean + default: false + label: Disable using a proxy + group: "Falcon Sensor Node Settings" + + - variable: falcon.aph + description: "App Proxy Hostname (APH). Uncommon in container-based deployments. Passed to falconctl as \"--aph \"" + required: false + type: string + label: Configure Proxy Host + group: "Falcon Sensor Node Settings" + + - variable: falcon.app + description: "App Proxy Port (APP). Uncommon in container-based deployments. Passed to falconctl as \"--app=\"" + required: false + type: string + label: Configure Proxy Port + group: "Falcon Sensor Node Settings" + + - variable: falcon.trace + description: "Options are [none|err|warn|info|debug]. Passed to falconctl as \"--trace=[none|err|warn|info|debug]\"" + required: false + type: string + label: Set logging trace level + default: "none" + group: "Falcon Sensor Node Settings" + + - variable: falcon.feature + description: "Options to pass to the \"--feature\" flag. Options are [none,[enableLog[,disableLogBuffer[,disableOsfm[,emulateUpdate]]]]]" + required: false + type: string + label: Enable or disable certain sensor features + group: "Falcon Sensor Node Settings" + + - variable: falcon.update + description: "SIGHUP the sensor for immediate trace/feature update." + required: false + type: boolean + default: false + label: Update sensor immediately + group: "Falcon Sensor Node Settings" + + - variable: falcon.message_log + description: "Enable message log (true/false)" + required: false + type: boolean + default: false + label: Enable logging + group: "Falcon Sensor Node Settings" + + - variable: falcon.billing + description: "Utilize default or metered billing. Should only be configured when needing to switch between the two. Options are: [default|metered]" + required: false + type: string + label: Configure Billing + group: "Falcon Sensor Node Settings" + + - variable: falcon.tags + description: "Comma separated list of tags for sensor grouping. Allowed characters: all alphanumerics, '/', '-', '_', and ','." + required: false + type: string + label: Configure tags for sensor grouping + group: "Falcon Sensor Node Settings" + + - variable: falcon.provisioning_token + description: "Used to protect the CID. Provisioning token value." + required: false + type: string + label: Set a provisioning installation token + group: "Falcon Sensor Node Settings" diff --git a/charts/falcon-sensor/falcon-sensor/0.9.300/templates/NOTES.txt b/charts/falcon-sensor/falcon-sensor/0.9.300/templates/NOTES.txt new file mode 100644 index 000000000..4c3c475f2 --- /dev/null +++ b/charts/falcon-sensor/falcon-sensor/0.9.300/templates/NOTES.txt @@ -0,0 +1,10 @@ +Thank you for installing the CrowdStrike Falcon Helm Chart! + +Access to the Falcon Linux and Container Sensor downloads at https://falcon.crowdstrike.com/hosts/sensor-downloads are +required to complete the install of this Helm chart. This is provided automatically to all active CrowdStrike customers. +Additionally, a containerized sensor must be present in a container registry accessible from Kubernetes installation. +Sample Dockerfiles are available at https://github.com/CrowdStrike/Dockerfiles. +CrowdStrike Falcon sensors will deploy across all nodes in your Kubernetes cluster after +installing this Helm chart. An extremely common error on installation is accidentally +forgetting to add your containerized sensor to your local image registry prior to executing +`helm install`. The default image name to deploy a kernel sensor to a node is `falcon-node-sensor`. diff --git a/charts/falcon-sensor/falcon-sensor/0.9.300/templates/_helpers.tpl b/charts/falcon-sensor/falcon-sensor/0.9.300/templates/_helpers.tpl new file mode 100644 index 000000000..316fee125 --- /dev/null +++ b/charts/falcon-sensor/falcon-sensor/0.9.300/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "falcon-sensor.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "falcon-sensor.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "falcon-sensor.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "falcon-sensor.labels" -}} +helm.sh/chart: {{ include "falcon-sensor.chart" . }} +{{ include "falcon-sensor.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "falcon-sensor.selectorLabels" -}} +app.kubernetes.io/name: {{ include "falcon-sensor.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "falcon-sensor.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "falcon-sensor.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/charts/falcon-sensor/falcon-sensor/0.9.300/templates/configmap.yaml b/charts/falcon-sensor/falcon-sensor/0.9.300/templates/configmap.yaml new file mode 100644 index 000000000..69fba2e22 --- /dev/null +++ b/charts/falcon-sensor/falcon-sensor/0.9.300/templates/configmap.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "falcon-sensor.fullname" . }}-config + namespace: {{ .Release.Namespace }} + labels: + app: "{{ include "falcon-sensor.fullname" . }}" + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} +data: + FALCONCTL_OPT_CID: {{ .Values.falcon.cid }} + {{- range $key, $value := .Values.falcon }} + {{- if and ($value) (ne $key "cid") }} + FALCONCTL_OPT_{{ $key | upper }}: {{ $value | quote }} + {{- end }} + {{- end }} diff --git a/charts/falcon-sensor/falcon-sensor/0.9.300/templates/daemonset.yaml b/charts/falcon-sensor/falcon-sensor/0.9.300/templates/daemonset.yaml new file mode 100644 index 000000000..79da7e17c --- /dev/null +++ b/charts/falcon-sensor/falcon-sensor/0.9.300/templates/daemonset.yaml @@ -0,0 +1,134 @@ +{{- if .Values.node.enabled }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ include "falcon-sensor.fullname" . }} + labels: + name: {{ include "falcon-sensor.fullname" . }} + app: {{ include "falcon-sensor.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} + {{- if .Values.node.daemonset.labels }} + {{- range $key, $value := .Values.node.daemonset.labels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + {{- if .Values.node.daemonset.annotations }} + annotations: + {{- range $key, $value := .Values.node.daemonset.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + namespace: {{ .Release.Namespace }} +spec: + selector: + matchLabels: + name: {{ include "falcon-sensor.fullname" . }} + app: {{ include "falcon-sensor.fullname" . }} + release: {{ .Release.Name | quote }} + updateStrategy: + type: {{ .Values.node.daemonset.updateStrategy }} + template: + metadata: + annotations: + sensor.falcon-system.crowdstrike.com/injection: disabled + {{- range $key, $value := .Values.node.podAnnotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + labels: + name: {{ include "falcon-sensor.fullname" . }} + app: {{ include "falcon-sensor.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} + {{- if .Values.node.daemonset.labels }} + {{- range $key, $value := .Values.node.daemonset.labels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + spec: + {{- with .Values.node.image.pullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + tolerations: + # this toleration is to have the daemonset runnable on master nodes + - key: node-role.kubernetes.io/master + effect: NoSchedule + nodeSelector: + beta.kubernetes.io/os: linux + initContainers: + # This init container creates empty falconstore file so that when + # it's mounted into the sensor-node-container, k8s would just use it + # rather than creating a directory. Mounting falconstore file as + # a file volume ensures that AID is preserved across container + # restarts. + - name: init-falconstore + image: busybox + args: [/bin/sh, -c, 'touch /var/lib/crowdstrike/falconstore'] + volumeMounts: + - name: falconstore-dir + mountPath: /var/lib/crowdstrike + containers: + - name: falcon-node-sensor + image: "{{ .Values.node.image.repository }}:{{ .Values.node.image.tag }}" + imagePullPolicy: "{{ .Values.node.image.pullPolicy }}" + volumeMounts: + - name: dev + mountPath: /dev + - name: var-run + mountPath: /var/run + - name: etc + mountPath: /etc + - name: var-log + mountPath: /var/log + - name: falconstore + mountPath: /opt/CrowdStrike/falconstore + # Various pod security context settings. Bear in mind that many of these have an impact + # on the Falcon Sensor working correctly. + # + # - User that the container will execute as. Typically necessary to run as root (0). + # - Runs the Falcon Sensor containers as privileged containers. This is required when + # running the Falcon Linux Sensor on Kubernetes nodes to properly run in the node's + # kernel and to actually protect the node. + securityContext: + runAsUser: 0 + privileged: true + readOnlyRootFilesystem: false + allowPrivilegeEscalation: true + envFrom: + - configMapRef: + name: {{ include "falcon-sensor.fullname" . }}-config + # This spits out logs from sensor-node-container to stdout so that they + # are routed through k8s log driver. + - name: log + image: busybox + args: [/bin/sh, -c, 'tail -n1 -f /var/log/falcon-sensor.log'] + volumeMounts: + - name: var-log + mountPath: /var/log + readOnly: True + volumes: + - name: dev + hostPath: + path: /dev + - name: etc + hostPath: + path: /etc + - name: var-run + hostPath: + path: /var/run + - name: var-log + emptyDir: {} + - name: falconstore + hostPath: + path: /var/lib/crowdstrike/falconstore + - name: falconstore-dir + hostPath: + path: /var/lib/crowdstrike + terminationGracePeriodSeconds: {{ .Values.node.terminationGracePeriod }} + hostNetwork: true + hostPID: true + hostIPC: true +{{- end }} diff --git a/charts/falcon-sensor/falcon-sensor/0.9.300/values.yaml b/charts/falcon-sensor/falcon-sensor/0.9.300/values.yaml new file mode 100644 index 000000000..1c1c8c1fe --- /dev/null +++ b/charts/falcon-sensor/falcon-sensor/0.9.300/values.yaml @@ -0,0 +1,50 @@ +# Default values for falcon-sensor. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +node: + # When enabled, Helm chart deploys the Falcon Senors to Kubernetes nodes + enabled: true + + daemonset: + # Annotations to apply to the daemonset + annotations: {} + + # additionals labels + labels: {} + + updateStrategy: RollingUpdate + + image: + repository: falcon-node-sensor + pullPolicy: Always + pullSecrets: {} + # Overrides the image tag whose default is the chart appVersion. + tag: "latest" + + # Override various naming aspects of this chart + # Only edit these if you know what you're doing + nameOverride: "" + fullnameOverride: "" + + podAnnotations: {} + + # How long to wait for Falcon pods to stop gracefully + terminationGracePeriod: 10 + +falcon: + cid: + aid: + apd: + aph: + app: + trace: + feature: + update: + message_log: + billing: + tags: + assert: + memfail_grace_period: + memfail_every_n: + provisioning_token: diff --git a/charts/federatorai/federatorai/4.5.100/.helmignore b/charts/federatorai/federatorai/4.5.100/.helmignore new file mode 100644 index 000000000..50af03172 --- /dev/null +++ b/charts/federatorai/federatorai/4.5.100/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/federatorai/federatorai/4.5.100/Chart.yaml b/charts/federatorai/federatorai/4.5.100/Chart.yaml new file mode 100644 index 000000000..dd2812c46 --- /dev/null +++ b/charts/federatorai/federatorai/4.5.100/Chart.yaml @@ -0,0 +1,25 @@ +annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Federator.ai + catalog.cattle.io/release-name: federatorai +apiVersion: v1 +appVersion: 4.5.1-ga +description: Federator.ai helps enterprises optimize cloud resources, maximize application + performance, and save significant cost without excessive over-provisioning or under-provisioning + of resources, meeting the service-level requirements of their applications. +home: https://www.prophetstor.com +icon: https://raw.githubusercontent.com/prophetstor-ai/public/master/images/logo.png +keywords: +- AI +- Resource Orchestration +- NoOps +- AIOps +- Intelligent Workload Management +- Cost Optimization +maintainers: +- email: support@prophetstor.com + name: ProphetStor Data Services, Inc. +name: federatorai +sources: +- https://www.prophetstor.com +version: 4.5.100 diff --git a/charts/federatorai/federatorai/4.5.100/README.md b/charts/federatorai/federatorai/4.5.100/README.md new file mode 100644 index 000000000..6e13bf0bb --- /dev/null +++ b/charts/federatorai/federatorai/4.5.100/README.md @@ -0,0 +1,96 @@ +# Federator.ai Operator +Federator.ai helps enterprises optimize cloud resources, maximize application performance, and save significant cost without excessive over-provisioning or under-provisioning of resources, meeting the service-level requirements of their applications. + +Enterprises often lack understanding of the resources needed to support their applications. This leads to either excessive over-provisioning or under-provisioning of resources (CPU, memory, storage). Using machine learning, Federator.ai determines the optimal cloud resources needed to support any workload on OpenShift and helps users find the best-cost instances from cloud providers for their applications. + + +**Multi-layer workload prediction** + +Using machine learning and math-based algorithms, Federator.ai predicts containerized application and cluster node resource usage as the basis for resource recommendations at application level as well as at cluster node level. Federator.ai supports prediction for both physical/virtual CPUs and memories. + + +**Auto-scaling via resource recommendation** + +Federator.ai utilizes the predicted resource usage to recommend the right number and size of pods for applications. Integrated with Datadog's WPA, applications are automatically scaled to meet the predicted resource usage. + + +**Application-aware recommendation execution** + +Optimizing the resource usage and performance goals, Federator.ai uses application specific metrics for workload prediction and pod capacity estimation to auto-scale the right number of pods for best performance without overprovisioning. + + +**Multi-cloud Cost Analysis** + +With resource usage prediction, Federator.ai analyzes potential cost of a cluster on different public cloud providers. It also recommend appropriate cluster nodes and instance types based on resource usage. + + +**Custom Datadog/Sysdig Dashboards** + +Predefined custom Datadog/Sysdig Dashboards for workload prediction/recommendation visualization for cluster nodes and applications. + + +**Additional resources** + +Want more product information? Explore detailed information about using this product and where to find additional help. + +* [Federator.ai Datasheet](https://www.prophetstor.com/wp-content/uploads/2021/02/Federator.ai%C2%AE_202102ver.pdf) +* [Quick Start Guide](https://www.prophetstor.com/wp-content/uploads/2021/04/ProphetStor-Federator.ai-v4.5.1-Quick-Installation-Guide.pdf) +* [Federator.ai User Guide](https://www.prophetstor.com/wp-content/uploads/2021/04/Federator.ai-4.5.1-User-Guide.pdf) +* [Company Information](https://www.prophetstor.com/) + +## Prerequisites +- The [Kubernetes](https://kubernetes.io/) version 1.18 or later if using Kubernetes environment. +- The [Openshift](https://www.openshift.com) version 4.x.x or later if using OpenShift platform. +- The [Helm](https://helm.sh/) version is 3.x.x or later. + +## Add Helm chart repository +``` +helm repo add prophetstor https://prophetstor-ai.github.io/federatorai-operator-helm/ +``` + +## Test the Helm chart repository +``` +helm search repo federatorai +``` + +## Installing with the release name `my-name`: +``` +helm install `my-name` prophetstor/federatorai --namespace=federatorai --create-namespace +``` + +## To uninstall/delete the `my-name` deployment: +``` +helm ls --all-namespaces +helm delete `my-name` --namespace=federatorai +``` + + +## Configuration + +The following table lists the configurable parameters of the chart and their default values are specfied insde values.yaml. + +| Parameter | Description | +| -------------------------------------------------------------- | --------------------------------------------- | +| `image.pullPolicy` | Container pull policy | +| `image.repository` | Image for Federator.ai operator | +| `image.tag` | Image Tag for Federator.ai operator | +| `federatorai.imageLocation` | Image Location for services containers | +| `federatorai.version` | Image Tag for services containers | +| `federatorai.persistence.enabled` | Enable persistent volumes | +| `federatorai.persistence.storageClass` | Storage Class Name of persistent volumes | +| `federatorai.persistence.storages.logStorage.size` | Log volume size | +| `federatorai.persistence.aiCore.dataStorage.size` | AICore data volume size | +| `federatorai.persistence.influxdb.dataStorage.size` | Influxdb data volume size | +| `federatorai.persistence.fedemeterInfluxdb.dataStorage.size` | Fedemeter influxdb data volume size | +| `services.dashboardFrontend.nodePort` | Port of the Dashboard service | +| `services.rest.nodePort` | Port of the REST service | + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, + +```shell +helm install `my-name` prophetstor/federatorai -f values.yaml --namespace=federatorai --create-namespace +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) diff --git a/charts/federatorai/federatorai/4.5.100/app-readme.md b/charts/federatorai/federatorai/4.5.100/app-readme.md new file mode 100644 index 000000000..a7612f8f4 --- /dev/null +++ b/charts/federatorai/federatorai/4.5.100/app-readme.md @@ -0,0 +1,39 @@ +# Federator.ai Operator +Federator.ai helps enterprises optimize cloud resources, maximize application performance, and save significant cost without excessive over-provisioning or under-provisioning of resources, meeting the service-level requirements of their applications. + +Enterprises often lack understanding of the resources needed to support their applications. This leads to either excessive over-provisioning or under-provisioning of resources (CPU, memory, storage). Using machine learning, Federator.ai determines the optimal cloud resources needed to support any workload on OpenShift and helps users find the best-cost instances from cloud providers for their applications. + + +**Multi-layer workload prediction** + +Using machine learning and math-based algorithms, Federator.ai predicts containerized application and cluster node resource usage as the basis for resource recommendations at application level as well as at cluster node level. Federator.ai supports prediction for both physical/virtual CPUs and memories. + + +**Auto-scaling via resource recommendation** + +Federator.ai utilizes the predicted resource usage to recommend the right number and size of pods for applications. Integrated with Datadog's WPA, applications are automatically scaled to meet the predicted resource usage. + + +**Application-aware recommendation execution** + +Optimizing the resource usage and performance goals, Federator.ai uses application specific metrics for workload prediction and pod capacity estimation to auto-scale the right number of pods for best performance without overprovisioning. + + +**Multi-cloud Cost Analysis** + +With resource usage prediction, Federator.ai analyzes potential cost of a cluster on different public cloud providers. It also recommend appropriate cluster nodes and instance types based on resource usage. + + +**Custom Datadog/Sysdig Dashboards** + +Predefined custom Datadog/Sysdig Dashboards for workload prediction/recommendation visualization for cluster nodes and applications. + + +**Additional resources** + +Want more product information? Explore detailed information about using this product and where to find additional help. + +* [Federator.ai Datasheet](https://www.prophetstor.com/wp-content/uploads/2021/02/Federator.ai%C2%AE_202102ver.pdf) +* [Quick Start Guide](https://www.prophetstor.com/wp-content/uploads/2021/04/ProphetStor-Federator.ai-v4.5.1-Quick-Installation-Guide.pdf) +* [Federator.ai User Guide](https://www.prophetstor.com/wp-content/uploads/2021/04/Federator.ai-4.5.1-User-Guide.pdf) +* [Company Information](https://www.prophetstor.com/) diff --git a/charts/federatorai/federatorai/4.5.100/crds/02-alamedaservice.crd.yaml b/charts/federatorai/federatorai/4.5.100/crds/02-alamedaservice.crd.yaml new file mode 100644 index 000000000..7afa71628 --- /dev/null +++ b/charts/federatorai/federatorai/4.5.100/crds/02-alamedaservice.crd.yaml @@ -0,0 +1,5009 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + helm.sh/hook: crd-install + creationTimestamp: null + name: alamedaservices.federatorai.containers.ai +spec: + additionalPrinterColumns: + - JSONPath: .spec.enableExecution + name: Execution + type: boolean + - JSONPath: .spec.version + name: Version + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: federatorai.containers.ai + names: + kind: AlamedaService + listKind: AlamedaServiceList + plural: alamedaservices + singular: alamedaservice + scope: Namespaced + subresources: {} + validation: + openAPIV3Schema: + description: AlamedaService is the Schema for the alamedaservices API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AlamedaServiceSpec defines the desired state of AlamedaService + properties: + alameda-analyzer: + properties: + bootstrap: + properties: + image: + type: string + imagepullpolicy: + description: PullPolicy describes a policy for if/when to pull + a container image + type: string + version: + type: string + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + type: string + imagepullpolicy: + description: PullPolicy describes a policy for if/when to pull a + container image + type: string + replicas: + format: int32 + minimum: 0 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + storages: + items: + properties: + accessModes: + items: + type: string + type: array + class: + type: string + size: + type: string + type: + enum: + - pvc + - ephemeral + type: string + usage: + enum: + - log + - data + type: string + required: + - type + - usage + type: object + type: array + version: + type: string + type: object + alameda-dispatcher: + properties: + bootstrap: + properties: + image: + type: string + imagepullpolicy: + description: PullPolicy describes a policy for if/when to pull + a container image + type: string + version: + type: string + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + type: string + imagepullpolicy: + description: PullPolicy describes a policy for if/when to pull a + container image + type: string + replicas: + format: int32 + minimum: 0 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + storages: + items: + properties: + accessModes: + items: + type: string + type: array + class: + type: string + size: + type: string + type: + enum: + - pvc + - ephemeral + type: string + usage: + enum: + - log + - data + type: string + required: + - type + - usage + type: object + type: array + version: + type: string + type: object + alameda-weavescope: + properties: + bootstrap: + properties: + image: + type: string + imagepullpolicy: + description: PullPolicy describes a policy for if/when to pull + a container image + type: string + version: + type: string + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + type: string + imagepullpolicy: + description: PullPolicy describes a policy for if/when to pull a + container image + type: string + replicas: + format: int32 + minimum: 0 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + storages: + items: + properties: + accessModes: + items: + type: string + type: array + class: + type: string + size: + type: string + type: + enum: + - pvc + - ephemeral + type: string + usage: + enum: + - log + - data + type: string + required: + - type + - usage + type: object + type: array + version: + type: string + type: object + alamedaAdmissionController: + properties: + bootstrap: + properties: + image: + type: string + imagepullpolicy: + description: PullPolicy describes a policy for if/when to pull + a container image + type: string + version: + type: string + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + type: string + imagepullpolicy: + description: PullPolicy describes a policy for if/when to pull a + container image + type: string + replicas: + format: int32 + minimum: 0 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + storages: + items: + properties: + accessModes: + items: + type: string + type: array + class: + type: string + size: + type: string + type: + enum: + - pvc + - ephemeral + type: string + usage: + enum: + - log + - data + type: string + required: + - type + - usage + type: object + type: array + version: + type: string + type: object + alamedaAi: + properties: + bootstrap: + properties: + image: + type: string + imagepullpolicy: + description: PullPolicy describes a policy for if/when to pull + a container image + type: string + version: + type: string + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + type: string + imagepullpolicy: + description: PullPolicy describes a policy for if/when to pull a + container image + type: string + replicas: + format: int32 + minimum: 0 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + storages: + items: + properties: + accessModes: + items: + type: string + type: array + class: + type: string + size: + type: string + type: + enum: + - pvc + - ephemeral + type: string + usage: + enum: + - log + - data + type: string + required: + - type + - usage + type: object + type: array + version: + type: string + type: object + alamedaDatahub: + properties: + bootstrap: + properties: + image: + type: string + imagepullpolicy: + description: PullPolicy describes a policy for if/when to pull + a container image + type: string + version: + type: string + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + type: string + imagepullpolicy: + description: PullPolicy describes a policy for if/when to pull a + container image + type: string + replicas: + format: int32 + minimum: 0 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + storages: + items: + properties: + accessModes: + items: + type: string + type: array + class: + type: string + size: + type: string + type: + enum: + - pvc + - ephemeral + type: string + usage: + enum: + - log + - data + type: string + required: + - type + - usage + type: object + type: array + version: + type: string + type: object + alamedaEvictioner: + properties: + bootstrap: + properties: + image: + type: string + imagepullpolicy: + description: PullPolicy describes a policy for if/when to pull + a container image + type: string + version: + type: string + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + type: string + imagepullpolicy: + description: PullPolicy describes a policy for if/when to pull a + container image + type: string + replicas: + format: int32 + minimum: 0 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + storages: + items: + properties: + accessModes: + items: + type: string + type: array + class: + type: string + size: + type: string + type: + enum: + - pvc + - ephemeral + type: string + usage: + enum: + - log + - data + type: string + required: + - type + - usage + type: object + type: array + version: + type: string + type: object + alamedaExecutor: + properties: + bootstrap: + properties: + image: + type: string + imagepullpolicy: + description: PullPolicy describes a policy for if/when to pull + a container image + type: string + version: + type: string + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + type: string + imagepullpolicy: + description: PullPolicy describes a policy for if/when to pull a + container image + type: string + replicas: + format: int32 + minimum: 0 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + storages: + items: + properties: + accessModes: + items: + type: string + type: array + class: + type: string + size: + type: string + type: + enum: + - pvc + - ephemeral + type: string + usage: + enum: + - log + - data + type: string + required: + - type + - usage + type: object + type: array + version: + type: string + type: object + alamedaInfluxdb: + description: Component Section Schema + properties: + bootstrap: + properties: + image: + type: string + imagepullpolicy: + description: PullPolicy describes a policy for if/when to pull + a container image + type: string + version: + type: string + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + type: string + imagepullpolicy: + description: PullPolicy describes a policy for if/when to pull a + container image + type: string + replicas: + format: int32 + minimum: 0 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + storages: + items: + properties: + accessModes: + items: + type: string + type: array + class: + type: string + size: + type: string + type: + enum: + - pvc + - ephemeral + type: string + usage: + enum: + - log + - data + type: string + required: + - type + - usage + type: object + type: array + version: + type: string + type: object + alamedaNotifier: + properties: + bootstrap: + properties: + image: + type: string + imagepullpolicy: + description: PullPolicy describes a policy for if/when to pull + a container image + type: string + version: + type: string + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + type: string + imagepullpolicy: + description: PullPolicy describes a policy for if/when to pull a + container image + type: string + replicas: + format: int32 + minimum: 0 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + storages: + items: + properties: + accessModes: + items: + type: string + type: array + class: + type: string + size: + type: string + type: + enum: + - pvc + - ephemeral + type: string + usage: + enum: + - log + - data + type: string + required: + - type + - usage + type: object + type: array + version: + type: string + type: object + alamedaOperator: + properties: + bootstrap: + properties: + image: + type: string + imagepullpolicy: + description: PullPolicy describes a policy for if/when to pull + a container image + type: string + version: + type: string + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + type: string + imagepullpolicy: + description: PullPolicy describes a policy for if/when to pull a + container image + type: string + replicas: + format: int32 + minimum: 0 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + storages: + items: + properties: + accessModes: + items: + type: string + type: array + class: + type: string + size: + type: string + type: + enum: + - pvc + - ephemeral + type: string + usage: + enum: + - log + - data + type: string + required: + - type + - usage + type: object + type: array + version: + type: string + type: object + alamedaRabbitMQ: + properties: + bootstrap: + properties: + image: + type: string + imagepullpolicy: + description: PullPolicy describes a policy for if/when to pull + a container image + type: string + version: + type: string + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + type: string + imagepullpolicy: + description: PullPolicy describes a policy for if/when to pull a + container image + type: string + replicas: + format: int32 + minimum: 0 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + storages: + items: + properties: + accessModes: + items: + type: string + type: array + class: + type: string + size: + type: string + type: + enum: + - pvc + - ephemeral + type: string + usage: + enum: + - log + - data + type: string + required: + - type + - usage + type: object + type: array + version: + type: string + type: object + alamedaRecommender: + properties: + bootstrap: + properties: + image: + type: string + imagepullpolicy: + description: PullPolicy describes a policy for if/when to pull + a container image + type: string + version: + type: string + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + type: string + imagepullpolicy: + description: PullPolicy describes a policy for if/when to pull a + container image + type: string + replicas: + format: int32 + minimum: 0 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + storages: + items: + properties: + accessModes: + items: + type: string + type: array + class: + type: string + size: + type: string + type: + enum: + - pvc + - ephemeral + type: string + usage: + enum: + - log + - data + type: string + required: + - type + - usage + type: object + type: array + version: + type: string + type: object + autoPatchPrometheusRules: + type: boolean + enableAgentApp: + type: boolean + enableExecution: + type: boolean + enableGPU: + type: boolean + enablePreloader: + type: boolean + enableWeavescope: + type: boolean + env: + items: + description: EnvVar represents an environment variable present in + a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded using + the previous defined environment variables in the container + and any service environment variables. If a variable cannot + be resolved, the reference in the input string will be unchanged. + The $(VAR_NAME) syntax can be escaped with a double $$, ie: + $$(VAR_NAME). Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. Cannot + be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is written + in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only resources + limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, + requests.cpu, requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, optional + for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + fedemeter: + properties: + bootstrap: + properties: + image: + type: string + imagepullpolicy: + description: PullPolicy describes a policy for if/when to pull + a container image + type: string + version: + type: string + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + type: string + imagepullpolicy: + description: PullPolicy describes a policy for if/when to pull a + container image + type: string + replicas: + format: int32 + minimum: 0 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + storages: + items: + properties: + accessModes: + items: + type: string + type: array + class: + type: string + size: + type: string + type: + enum: + - pvc + - ephemeral + type: string + usage: + enum: + - log + - data + type: string + required: + - type + - usage + type: object + type: array + version: + type: string + type: object + fedemeterInfluxdb: + properties: + bootstrap: + properties: + image: + type: string + imagepullpolicy: + description: PullPolicy describes a policy for if/when to pull + a container image + type: string + version: + type: string + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + type: string + imagepullpolicy: + description: PullPolicy describes a policy for if/when to pull a + container image + type: string + replicas: + format: int32 + minimum: 0 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + storages: + items: + properties: + accessModes: + items: + type: string + type: array + class: + type: string + size: + type: string + type: + enum: + - pvc + - ephemeral + type: string + usage: + enum: + - log + - data + type: string + required: + - type + - usage + type: object + type: array + version: + type: string + type: object + federatoraiAgent: + properties: + bootstrap: + properties: + image: + type: string + imagepullpolicy: + description: PullPolicy describes a policy for if/when to pull + a container image + type: string + version: + type: string + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + type: string + imagepullpolicy: + description: PullPolicy describes a policy for if/when to pull a + container image + type: string + replicas: + format: int32 + minimum: 0 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + storages: + items: + properties: + accessModes: + items: + type: string + type: array + class: + type: string + size: + type: string + type: + enum: + - pvc + - ephemeral + type: string + usage: + enum: + - log + - data + type: string + required: + - type + - usage + type: object + type: array + version: + type: string + type: object + federatoraiAgentApp: + properties: + bootstrap: + properties: + image: + type: string + imagepullpolicy: + description: PullPolicy describes a policy for if/when to pull + a container image + type: string + version: + type: string + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + type: string + imagepullpolicy: + description: PullPolicy describes a policy for if/when to pull a + container image + type: string + replicas: + format: int32 + minimum: 0 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + storages: + items: + properties: + accessModes: + items: + type: string + type: array + class: + type: string + size: + type: string + type: + enum: + - pvc + - ephemeral + type: string + usage: + enum: + - log + - data + type: string + required: + - type + - usage + type: object + type: array + version: + type: string + type: object + federatoraiAgentGPU: + properties: + bootstrap: + properties: + image: + type: string + imagepullpolicy: + description: PullPolicy describes a policy for if/when to pull + a container image + type: string + version: + type: string + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + type: string + imagepullpolicy: + description: PullPolicy describes a policy for if/when to pull a + container image + type: string + influxDB: + properties: + address: + type: string + password: + type: string + username: + type: string + required: + - address + - password + - username + type: object + prometheus: + properties: + address: + type: string + password: + type: string + username: + type: string + required: + - address + - password + - username + type: object + replicas: + format: int32 + minimum: 0 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + storages: + items: + properties: + accessModes: + items: + type: string + type: array + class: + type: string + size: + type: string + type: + enum: + - pvc + - ephemeral + type: string + usage: + enum: + - log + - data + type: string + required: + - type + - usage + type: object + type: array + version: + type: string + type: object + federatoraiAgentPreloader: + properties: + bootstrap: + properties: + image: + type: string + imagepullpolicy: + description: PullPolicy describes a policy for if/when to pull + a container image + type: string + version: + type: string + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + type: string + imagepullpolicy: + description: PullPolicy describes a policy for if/when to pull a + container image + type: string + replicas: + format: int32 + minimum: 0 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + storages: + items: + properties: + accessModes: + items: + type: string + type: array + class: + type: string + size: + type: string + type: + enum: + - pvc + - ephemeral + type: string + usage: + enum: + - log + - data + type: string + required: + - type + - usage + type: object + type: array + version: + type: string + type: object + federatoraiBackend: + properties: + bootstrap: + properties: + image: + type: string + imagepullpolicy: + description: PullPolicy describes a policy for if/when to pull + a container image + type: string + version: + type: string + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + type: string + imagepullpolicy: + description: PullPolicy describes a policy for if/when to pull a + container image + type: string + replicas: + format: int32 + minimum: 0 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + storages: + items: + properties: + accessModes: + items: + type: string + type: array + class: + type: string + size: + type: string + type: + enum: + - pvc + - ephemeral + type: string + usage: + enum: + - log + - data + type: string + required: + - type + - usage + type: object + type: array + version: + type: string + type: object + federatoraiDataAdapter: + properties: + bootstrap: + properties: + image: + type: string + imagepullpolicy: + description: PullPolicy describes a policy for if/when to pull + a container image + type: string + version: + type: string + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + type: string + imagepullpolicy: + description: PullPolicy describes a policy for if/when to pull a + container image + type: string + replicas: + format: int32 + minimum: 0 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + storages: + items: + properties: + accessModes: + items: + type: string + type: array + class: + type: string + size: + type: string + type: + enum: + - pvc + - ephemeral + type: string + usage: + enum: + - log + - data + type: string + required: + - type + - usage + type: object + type: array + version: + type: string + type: object + federatoraiFrontend: + properties: + bootstrap: + properties: + image: + type: string + imagepullpolicy: + description: PullPolicy describes a policy for if/when to pull + a container image + type: string + version: + type: string + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + type: string + imagepullpolicy: + description: PullPolicy describes a policy for if/when to pull a + container image + type: string + replicas: + format: int32 + minimum: 0 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + storages: + items: + properties: + accessModes: + items: + type: string + type: array + class: + type: string + size: + type: string + type: + enum: + - pvc + - ephemeral + type: string + usage: + enum: + - log + - data + type: string + required: + - type + - usage + type: object + type: array + version: + type: string + type: object + federatoraiRecommendDispatcher: + properties: + bootstrap: + properties: + image: + type: string + imagepullpolicy: + description: PullPolicy describes a policy for if/when to pull + a container image + type: string + version: + type: string + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + type: string + imagepullpolicy: + description: PullPolicy describes a policy for if/when to pull a + container image + type: string + replicas: + format: int32 + minimum: 0 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + storages: + items: + properties: + accessModes: + items: + type: string + type: array + class: + type: string + size: + type: string + type: + enum: + - pvc + - ephemeral + type: string + usage: + enum: + - log + - data + type: string + required: + - type + - usage + type: object + type: array + version: + type: string + type: object + federatoraiRecommendWorker: + properties: + bootstrap: + properties: + image: + type: string + imagepullpolicy: + description: PullPolicy describes a policy for if/when to pull + a container image + type: string + version: + type: string + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + type: string + imagepullpolicy: + description: PullPolicy describes a policy for if/when to pull a + container image + type: string + replicas: + format: int32 + minimum: 0 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + storages: + items: + properties: + accessModes: + items: + type: string + type: array + class: + type: string + size: + type: string + type: + enum: + - pvc + - ephemeral + type: string + usage: + enum: + - log + - data + type: string + required: + - type + - usage + type: object + type: array + version: + type: string + type: object + federatoraiRest: + properties: + bootstrap: + properties: + image: + type: string + imagepullpolicy: + description: PullPolicy describes a policy for if/when to pull + a container image + type: string + version: + type: string + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + type: string + imagepullpolicy: + description: PullPolicy describes a policy for if/when to pull a + container image + type: string + replicas: + format: int32 + minimum: 0 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + storages: + items: + properties: + accessModes: + items: + type: string + type: array + class: + type: string + size: + type: string + type: + enum: + - pvc + - ephemeral + type: string + usage: + enum: + - log + - data + type: string + required: + - type + - usage + type: object + type: array + version: + type: string + type: object + imageLocation: + type: string + kafka: + properties: + brokerAddresses: + items: + type: string + type: array + sasl: + properties: + enabled: + type: boolean + password: + type: string + username: + type: string + type: object + tls: + description: Version string `json:"version,omitempty"` + properties: + enabled: + type: boolean + insecureSkipVerify: + type: boolean + type: object + type: object + keycode: + description: KeycodeSpec contains data for keycode check + properties: + codeNumber: + description: CodeNumber provides user to apply keycode to Federator.ai + type: string + signatureData: + description: SignatureData provides user to apply signature data + type: string + required: + - codeNumber + type: object + platform: + enum: + - openshift3.9 + type: string + prometheusService: + type: string + resources: + description: ResourceRequirements describes the compute resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources + required. If Requests is omitted for a container, it defaults + to Limits if that is explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + selfDriving: + type: boolean + serviceExposures: + items: + description: ServiceExposureSpec defines the service to be exposed + properties: + name: + type: string + nodePort: + description: NodePortSpec defines the ports to be proxied from + node to service + properties: + ports: + items: + description: PortSpec defines the service port + properties: + nodePort: + format: int32 + maximum: 65535 + minimum: 0 + type: integer + port: + format: int32 + maximum: 65535 + minimum: 0 + type: integer + required: + - nodePort + - port + type: object + type: array + required: + - ports + type: object + type: + description: ServiceExposureType defines the type of the service + to be exposed + enum: + - NodePort + type: string + required: + - name + - type + type: object + type: array + storages: + items: + properties: + accessModes: + items: + type: string + type: array + class: + type: string + size: + type: string + type: + enum: + - pvc + - ephemeral + type: string + usage: + enum: + - log + - data + type: string + required: + - type + - usage + type: object + type: array + version: + type: string + required: + - keycode + - version + type: object + status: + description: AlamedaServiceStatus defines the observed state of AlamedaService + properties: + conditions: + items: + properties: + message: + type: string + paused: + description: Represents whether any actions on the underlaying + managed objects are being performed. Only delete actions will + be performed. + type: boolean + required: + - message + - paused + type: object + type: array + crdversion: + properties: + crdname: + type: string + scalerversion: + type: string + required: + - crdname + - scalerversion + type: object + keycodeStatus: + description: KeycodeStatus contains current keycode information + properties: + codeNumber: + description: CodeNumber represents the last keycode user successfully + applied + type: string + lastErrorMessage: + description: LastErrorMessage stores the error message that happend + when Federatorai-Operator handled keycode + type: string + registrationData: + description: RegistrationData contains data needs to be sent for + activating keycode + type: string + state: + description: State represents the state of keycode processing + type: string + summary: + description: Summary stores the summary of the keycode + type: string + required: + - codeNumber + - lastErrorMessage + - registrationData + - state + - summary + type: object + required: + - conditions + - crdversion + - keycodeStatus + type: object + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/charts/federatorai/federatorai/4.5.100/logo.png b/charts/federatorai/federatorai/4.5.100/logo.png new file mode 100644 index 0000000000000000000000000000000000000000..fc33e50090d9dc92ba5496ae3db538a91846dd29 GIT binary patch literal 2838 zcmai$c{CJUAII;EED^G2&yX!K%5Jib%pkIqY-6%3>&P}$#P>V41i$NR^7-h0mPe!jooJ?D4N_xHy=H|>(8DJQ!KI{<(ajY8TS zl6)9;Y%GU+?Ck#1A&z((UNi*Y36W#>8uMX((j8@U5r9Zp00@Zy{5mWVW&sF=1MnRS zfX-n9p&&|wHRAAq#m(FldC0@HZTvd!5J!Vh4j}+2OaBf?M45gV0PK-yq@i8J=weY+ z=H<8I9W5<0&ugKTSJDwMq9C&BR+;?0%kzTO4XOgW9jHY~GhcIGw=~~@VOb4-H5+rK zYCEHL*!?tqzY&`!<0}FFBG!s9jv4ET_sW08tPJmM5ew*hiwpR%rXLdT$H%v23X9II z@AT|?^)6Ei&UyDb8$#{u)Rmc640!P`6C8%}%l>-kXMCqT%4nMl^l8pCl({ss8la7~ zi_KrV0g(X>YAz)Kj{uDcc;3Ht$#T}eMcFxB@&kWDd5G@SmS>zRGMe0faE3q@KwmX= zJH6UIG(B|vYX8kzp~t7qxy!~uu?PBThFDJ6%z4^CK?k-NM*XMJ+ux!;I{jE#0Iky+ z)Ij?v?t-Vl^)88V7rI2*zO6m+2wcf(ok(#Ap4D3KnbsQgPa@#QH zz#5A-COnt@q+EZZ>oyJ!+n-iwe>;@y77DkLd-GqWevj$j?*5NBrNAnBH_4&|vH7Lb zGp-iGEFT_pc5GS%?Ct6%xa{hbyZ~tFr1z2O&-opY}q~m9tVkN4yhMBMu{Z4RsU|9;^$-^Tgh#g;6BmRL) zmh$H3Gc*iXN-n_G2;_wN(g#O)NZeGVNB$Qw+J=~ZzD!*(qf?EH)*L~~;^(703hfyF zlEiUakeR%FZ%4-|3YXTn5-$f(d8V#xQ!W6)c@MoW&Q8$0GnW~GW#lmKNYhNz*09k6|XpaC(t20F%R;O`c-wbHd+i;{Gty;fKVRfH)J{jkJGx2ER{KRzC zrgxQ$m)CdYdxozTt@9V$s zWvxkt>NYE!Twhh(yH3g-TAg7l#c&GSBZO=VQt}ppNbj|OU6d&|ot;-+QzsFbhijp# z*%TDcw3GZ?3Hc4Jz8`{@HP~0r*E`)STc&ATWP691C-Uh?)-;(J{v|4-r(r0837^>ix6%W=n~C2dcCp%hJrw);C$F zMYptm>8I9St8ia-B#92KP8x4q(eiXYiEkfOl{VOyGYb=<#XIN>yOmQiWQe1u3C8J{N_ES6L`bJUAkX#_(is-}dWPLFrkn6@zW|Q{mZ+ zlcM@vS72?!*+T#|PXNi4_(8OWq1n+nQSLE`>;E+{ z=8MKTr8duFt0fR-lodfTy3rnZh#bh&?cCe2h1JPl@FKGxyhZO6vb&~4Jl=>ex{2`Q z{tE(^zi>cE-Hj``I-gyBE=5Y`3zlUQT=G__4c-c@>Ob&HZC+w_yHiPz-}3>H&RS3^ zFR3N{(vVd}uvK?><%(eW?m2jOJp`-dPvkS?BS_A%{U{}3dcnQ=({JPJEXzqD1_eN9ImcIRedb2{6UEl<*7&8Z^N!jpo@y}*WNcx|y^-j9H;++IkSo91)`nRBQLN}(Xo9h4X`gGFo_F5} z33iK-b5((H&x|?Nub%-#r=4z&>=Hdzd)5c@#n?a#jDN$ID-vk$yD$h>#Y(m1-C`E) zViSx&)}p6Ra4ick<*hw955D>T{3^Dwd6aG3I>lqK$jJ4?wI)LIuuA*zGfYxK1NGY0 zfilm?E|YZX^=ZDn_eoXT;T zTRIt;Z-P^%Ns<~dZ#N+;XB{a@3rTx;0f}kG{6xL|{jwWTm-HP58ZF+Bz4^!(^vNXq z^cdM&*|zJ2ITeNH_v+lmm&JX5#pV(&ktyRUwVlkTsfyI!@YJLgtMQR!>g8IKgDo8b zNzus+#0v|Uec~);X13-5zH;?J)bvQ?TKH*NOWkI>Cfbrspse*ye=b%%#`#P1kZxh&AMuzBAv97gkzkUWue;+^E*2 zV={BA#5=%|k=+yToG1O^1CmYt!s=z)j0&b-LX$_QcI!H;f5OwV<`o^L-dj!!3KEnthe3`|4d=Y^e)MP0|c o&HC&l3^8eWw~f5pin93{7w|&HX1`Ql>h~8FZDNV6F~Z*Z7cBZPT>t<8 literal 0 HcmV?d00001 diff --git a/charts/federatorai/federatorai/4.5.100/questions.yaml b/charts/federatorai/federatorai/4.5.100/questions.yaml new file mode 100644 index 000000000..ab341a49c --- /dev/null +++ b/charts/federatorai/federatorai/4.5.100/questions.yaml @@ -0,0 +1,90 @@ +questions: +#image configurations +- variable: defaultImage + default: true + description: "Use default Federator.ai image or specify a custom one" + label: Use Default Federator.ai Image + type: boolean + show_subquestion_if: false + group: "Container Images" + subquestions: + - variable: image.repository + default: "quay.io/prophetstor/federatorai-operator-ubi" + description: "Federator.ai Operator image name" + type: string + group: "Container Images" + label: Federator.ai Operator Image Name + - variable: image.tag + default: "v4.5.1-ga" + description: "Federator.ai Operator image tag" + type: string + group: "Container Images" + label: Federator.ai Operator Image Tag +#service configurations +- variable: federatorai.imageLocation + default: "quay.io/prophetstor" + description: "Service containers image location" + type: string + required: true + group: "Container Images" + label: Federator.ai imageLocation +- variable: federatorai.version + default: "v4.5.1-ga" + description: "Service containers version" + type: string + required: true + group: "Container Images" + label: Service Containers Image Tag +- variable: services.dashboardFrontend.nodePort + required: true + default: "31012" + description: "The port where the Federator.ai Dashboard listens to" + type: string + group: "Service Settings" + label: Federator.ai Dashboard Port +- variable: services.rest.nodePort + required: true + default: "31011" + description: "The port where the Federator.ai REST listens to" + type: string + group: "Service Settings" + label: Federator.ai REST Port +- variable: federatorai.persistence.enabled + default: true + description: "Enable persistent volume for Federator.ai" + type: boolean + required: true + label: Federator.ai Persistent Volume Enabled + show_subquestion_if: true + group: "PV Settings" + subquestions: + - variable: federatorai.persistence.storageClass + default: "" + description: "If undefined or set to null, using the default storageClass. Defaults to null." + type: storageclass + group: "PV Settings" + label: Storage Class for Federator.ai + - variable: federatorai.persistence.storages.logStorage.size + default: "2Gi" + description: "Log volume size" + type: string + group: "PV Settings" + label: Log Volume Size + - variable: federatorai.persistence.aiCore.dataStorage.size + default: "10Gi" + description: "AICore data volume Size" + type: string + group: "PV Settings" + label: AICore Data Volume Size + - variable: federatorai.persistence.influxdb.dataStorage.size + default: "100Gi" + description: "Influxdb data volume Size" + type: string + group: "PV Settings" + label: Influxdb Data Volume Size + - variable: federatorai.persistence.fedemeterInfluxdb.dataStorage.size + default: "10Gi" + description: "Fedemeter influxdb data volume Size" + type: string + group: "PV Settings" + label: Fedemeter Influxdb Data Volume Size diff --git a/charts/federatorai/federatorai/4.5.100/requirements.yaml b/charts/federatorai/federatorai/4.5.100/requirements.yaml new file mode 100644 index 000000000..e69de29bb diff --git a/charts/federatorai/federatorai/4.5.100/templates/01-serviceaccount.yaml b/charts/federatorai/federatorai/4.5.100/templates/01-serviceaccount.yaml new file mode 100644 index 000000000..937627cd3 --- /dev/null +++ b/charts/federatorai/federatorai/4.5.100/templates/01-serviceaccount.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: federatorai-operator + namespace: {{ .Release.Namespace }} diff --git a/charts/federatorai/federatorai/4.5.100/templates/03-federatorai-operator.deployment.yaml b/charts/federatorai/federatorai/4.5.100/templates/03-federatorai-operator.deployment.yaml new file mode 100644 index 000000000..d7ca3e7f3 --- /dev/null +++ b/charts/federatorai/federatorai/4.5.100/templates/03-federatorai-operator.deployment.yaml @@ -0,0 +1,99 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: federatorai-operator + namespace: {{ .Release.Namespace }} + labels: + name: federatorai-operator + app: Federator.ai + annotations: + "helm.sh/hook-weight": "1000" +spec: + replicas: 1 + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + selector: + matchLabels: + name: federatorai-operator + template: + metadata: + labels: + name: federatorai-operator + app: Federator.ai + spec: + securityContext: + fsGroup: 1001 + serviceAccountName: federatorai-operator + initContainers: + - name: upgrader + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + command: + - federatorai-operator + args: + - "upgrade" + env: + - name: NAMESPACE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: FEDERATORAI_OPERATOR_INFLUXDB_ADDRESS + value: "" + - name: FEDERATORAI_OPERATOR_INFLUXDB_SERVICE_NAME + value: alameda-influxdb + - name: FEDERATORAI_OPERATOR_INFLUXDB_SERVICE_PORT + value: "8086" + - name: FEDERATORAI_OPERATOR_INFLUXDB_USERNAME + value: admin + - name: FEDERATORAI_OPERATOR_INFLUXDB_PASSWORD + value: adminpass + volumeMounts: + - mountPath: /var/log/alameda + name: log + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + containers: + - name: federatorai-operator + # Replace this with the built image name + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: "{{ .Values.image.pullPolicy }}" + command: + - federatorai-operator + env: + - name: NAMESPACE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: OPERATOR_NAME + value: "federatorai-operator" + - name: DISABLE_OPERAND_RESOURCE_PROTECTION + value: "false" + readinessProbe: + failureThreshold: 20 + httpGet: + path: /readyz + port: 8083 + initialDelaySeconds: 5 + periodSeconds: 60 + successThreshold: 1 + timeoutSeconds: 5 + volumeMounts: + - mountPath: /var/log/alameda + name: log + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + volumes: + - name: log + emptyDir: {} + - name: cert + secret: + defaultMode: 420 + secretName: federatorai-operator-service-cert diff --git a/charts/federatorai/federatorai/4.5.100/templates/04-clusterrole.yaml b/charts/federatorai/federatorai/4.5.100/templates/04-clusterrole.yaml new file mode 100644 index 000000000..2703f91a2 --- /dev/null +++ b/charts/federatorai/federatorai/4.5.100/templates/04-clusterrole.yaml @@ -0,0 +1,257 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: federatorai-operator +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - list + - update + - watch +- apiGroups: + - "" + resources: + - endpoints + - pods + verbs: + - delete + - get + - list + - patch + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + - persistentvolumeclaims + - serviceaccounts + verbs: + - create + - delete + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + - pods/log + - replicationcontrollers + - services + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - list + - watch +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create + - delete + - update +- apiGroups: + - "" + resources: + - services + verbs: + - create + - delete + - list + - update + - watch +- apiGroups: + - "" + - extensions + resources: + - replicationcontrollers + verbs: + - '*' +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + - validatingwebhookconfigurations + verbs: + - create + - delete + - get + - list + - update + - watch +- apiGroups: + - analysis.containers.ai + - autoscaling.containers.ai + - federatorai.containers.ai + - notifying.containers.ai + - tenant.containers.ai + resources: + - '*' + verbs: + - '*' +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - create + - delete + - get + - update +- apiGroups: + - apps + - extensions + resources: + - daemonsets + - deployments/scale + verbs: + - create + - delete + - get + - list + - update + - watch +- apiGroups: + - apps + - extensions + resources: + - deployments + - replicasets + - statefulsets + verbs: + - '*' +- apiGroups: + - apps.openshift.io + resources: + - deploymentconfigs + verbs: + - '*' +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - list +- apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - get + - list + - watch +- apiGroups: + - extensions + - policy + resources: + - podsecuritypolicies + verbs: + - '*' +- apiGroups: + - extensions + - policy + resourceNames: + - federatorai-alameda-weave-scope + resources: + - podsecuritypolicies + verbs: + - use +- apiGroups: + - monitoring.coreos.com + resources: + - prometheuses + verbs: + - list +- apiGroups: + - monitoring.coreos.com + resources: + - prometheusrules + verbs: + - create + - delete + - get + - list + - update +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + - clusterroles/finalizers + - rolebindings + - roles + verbs: + - create + - delete + - get + - list + - update + - watch +- apiGroups: + - route.openshift.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - security.openshift.io + resources: + - securitycontextconstraints + verbs: + - create + - delete + - get + - list + - update + - use + - watch +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - list + - watch +- apiGroups: + - volumesnapshot.external-storage.k8s.io + resources: + - volumesnapshotdatas + - volumesnapshots + verbs: + - list + - watch + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: alameda-gc + annotations: + "helm.sh/hook-weight": "5000" + "helm.sh/hook": post-install,post-delete +rules: [] diff --git a/charts/federatorai/federatorai/4.5.100/templates/05-clusterrolebinding.yaml b/charts/federatorai/federatorai/4.5.100/templates/05-clusterrolebinding.yaml new file mode 100644 index 000000000..7c55d4828 --- /dev/null +++ b/charts/federatorai/federatorai/4.5.100/templates/05-clusterrolebinding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: federatorai-operator +subjects: +- kind: ServiceAccount + name: federatorai-operator + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: federatorai-operator + apiGroup: rbac.authorization.k8s.io diff --git a/charts/federatorai/federatorai/4.5.100/templates/06-role.yaml b/charts/federatorai/federatorai/4.5.100/templates/06-role.yaml new file mode 100644 index 000000000..6e53fba0b --- /dev/null +++ b/charts/federatorai/federatorai/4.5.100/templates/06-role.yaml @@ -0,0 +1,107 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + creationTimestamp: null + name: federatorai-operator + namespace: {{ .Release.Namespace }} +rules: +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - persistentvolumeclaims + - pods + - secrets + - services + verbs: + - '*' +- apiGroups: + - "" + resources: + - nodes + - persistentvolumeclaims + - persistentvolumes + - pods/log + - replicationcontrollers + - services + verbs: + - get + - list + - watch +- apiGroups: + - apps + resources: + - daemonsets + - statefulsets + verbs: + - '*' +- apiGroups: + - apps + resources: + - deployments/finalizers + verbs: + - update +- apiGroups: + - apps + - extensions + resources: + - deployments + - deployments/scale + - replicasets + verbs: + - get + - list + - watch +- apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - get + - list + - watch +- apiGroups: + - extensions + resources: + - deployments/scale + verbs: + - update +- apiGroups: + - extensions + resources: + - podsecuritypolicies + verbs: + - '*' +- apiGroups: + - extensions + resourceNames: + - federatorai-alameda-weave-scope + resources: + - podsecuritypolicies + verbs: + - use +- apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - create + - get +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - list + - watch +- apiGroups: + - volumesnapshot.external-storage.k8s.io + resources: + - volumesnapshotdatas + - volumesnapshots + verbs: + - list + - watch diff --git a/charts/federatorai/federatorai/4.5.100/templates/07-rolebinding.yaml b/charts/federatorai/federatorai/4.5.100/templates/07-rolebinding.yaml new file mode 100644 index 000000000..e72f197b5 --- /dev/null +++ b/charts/federatorai/federatorai/4.5.100/templates/07-rolebinding.yaml @@ -0,0 +1,13 @@ +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: federatorai-operator + namespace: {{ .Release.Namespace }} +subjects: +- kind: ServiceAccount + name: federatorai-operator + namespace: {{ .Release.Namespace }} +roleRef: + kind: Role + name: federatorai-operator + apiGroup: rbac.authorization.k8s.io diff --git a/charts/federatorai/federatorai/4.5.100/templates/08-service.yaml b/charts/federatorai/federatorai/4.5.100/templates/08-service.yaml new file mode 100644 index 000000000..843abc896 --- /dev/null +++ b/charts/federatorai/federatorai/4.5.100/templates/08-service.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + component: federatorai-operator + name: federatorai-operator-service + namespace: {{ .Release.Namespace }} +spec: + ports: + - port: 443 + targetPort: 50443 + selector: + name: federatorai-operator + app: Federator.ai diff --git a/charts/federatorai/federatorai/4.5.100/templates/09-secret.yaml b/charts/federatorai/federatorai/4.5.100/templates/09-secret.yaml new file mode 100644 index 000000000..e4beb366a --- /dev/null +++ b/charts/federatorai/federatorai/4.5.100/templates/09-secret.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Secret +metadata: + name: federatorai-operator-service-cert + namespace: {{ .Release.Namespace }} +data: +type: Opaque \ No newline at end of file diff --git a/charts/federatorai/federatorai/4.5.100/templates/10-mutatingwebhook.yaml b/charts/federatorai/federatorai/4.5.100/templates/10-mutatingwebhook.yaml new file mode 100644 index 000000000..71d502abe --- /dev/null +++ b/charts/federatorai/federatorai/4.5.100/templates/10-mutatingwebhook.yaml @@ -0,0 +1,24 @@ +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: MutatingWebhookConfiguration +metadata: + creationTimestamp: null + name: federatorai-operator-servicesmutation +webhooks: +- clientConfig: + caBundle: Cg== + service: + name: federatorai-operator-service + namespace: {{ .Release.Namespace }} + path: /mutate-federatorai-containers-ai-v1alpha1-alamedaservice + failurePolicy: Ignore + name: alamedaservicemutate.federatorai.containers.ai + rules: + - apiGroups: + - federatorai.containers.ai + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - alamedaservices \ No newline at end of file diff --git a/charts/federatorai/federatorai/4.5.100/templates/11-validatingwebhook.yaml b/charts/federatorai/federatorai/4.5.100/templates/11-validatingwebhook.yaml new file mode 100644 index 000000000..bf568d17d --- /dev/null +++ b/charts/federatorai/federatorai/4.5.100/templates/11-validatingwebhook.yaml @@ -0,0 +1,24 @@ +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: ValidatingWebhookConfiguration +metadata: + creationTimestamp: null + name: federatorai-operator-servicesvalidation +webhooks: +- clientConfig: + caBundle: Cg== + service: + name: federatorai-operator-service + namespace: {{ .Release.Namespace }} + path: /validate-federatorai-containers-ai-v1alpha1-alamedaservice + failurePolicy: Ignore + name: alamedaservicevalidate.federatorai.containers.ai + rules: + - apiGroups: + - federatorai.containers.ai + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - alamedaservices \ No newline at end of file diff --git a/charts/federatorai/federatorai/4.5.100/templates/NOTES.txt b/charts/federatorai/federatorai/4.5.100/templates/NOTES.txt new file mode 100644 index 000000000..b381d6fed --- /dev/null +++ b/charts/federatorai/federatorai/4.5.100/templates/NOTES.txt @@ -0,0 +1,3 @@ + +Get the Federator.ai pods by running the following command: + kubectl --namespace {{ .Release.Namespace }} get pods diff --git a/charts/federatorai/federatorai/4.5.100/templates/_helpers.tpl b/charts/federatorai/federatorai/4.5.100/templates/_helpers.tpl new file mode 100644 index 000000000..66323e843 --- /dev/null +++ b/charts/federatorai/federatorai/4.5.100/templates/_helpers.tpl @@ -0,0 +1,45 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "federatorai-operator.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "federatorai-operator.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "federatorai-operator.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "federatorai-operator.labels" -}} +app.kubernetes.io/name: {{ include "federatorai-operator.name" . }} +helm.sh/chart: {{ include "federatorai-operator.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} diff --git a/charts/federatorai/federatorai/4.5.100/templates/alamedaservice.yaml b/charts/federatorai/federatorai/4.5.100/templates/alamedaservice.yaml new file mode 100644 index 000000000..6fc00b321 --- /dev/null +++ b/charts/federatorai/federatorai/4.5.100/templates/alamedaservice.yaml @@ -0,0 +1,87 @@ +apiVersion: federatorai.containers.ai/v1alpha1 +kind: AlamedaService +metadata: + name: my-alamedaservice + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/hook": post-install + "helm.sh/hook-weight": "3000" +spec: +{{ if .Values.federatorai.persistence.enabled }} + env: + - name: FEDERATORAI_MAXIMUM_LOG_SIZE + ## Use about 90% of 2Gi + value: "1931476992" +{{ end }} + keycode: + codeNumber: FFSFM-RGBTF-F7I7O-UFKPM-LL6VI-QVFNQ + version: {{ .Values.federatorai.version }} +{{ if .Values.federatorai.imageLocation }} + imageLocation: {{ .Values.federatorai.imageLocation }} +{{ else }} + imageLocation: quay.io/prophetstor +{{ end }} +{{ if .Values.federatorai.persistence.enabled }} + storages: + - accessModes: + - ReadWriteOnce + {{ if .Values.federatorai.persistence.storageClass }} + class: {{ .Values.federatorai.persistence.storageClass }} + {{ end }} + size: {{ .Values.federatorai.persistence.storages.logStorage.size }} + type: pvc + usage: log + alamedaAi: + storages: + - accessModes: + - ReadWriteOnce + {{ if .Values.federatorai.persistence.storageClass }} + class: {{ .Values.federatorai.persistence.storageClass }} + {{ end }} + size: {{ .Values.federatorai.persistence.aiCore.dataStorage.size }} + type: pvc + usage: data + alamedaInfluxdb: + storages: + - accessModes: + - ReadWriteOnce + {{ if .Values.federatorai.persistence.storageClass }} + class: {{ .Values.federatorai.persistence.storageClass }} + {{ end }} + size: {{ .Values.federatorai.persistence.influxdb.dataStorage.size }} + type: pvc + usage: data + fedemeterInfluxdb: + storages: + - accessModes: + - ReadWriteOnce + {{ if .Values.federatorai.persistence.storageClass }} + class: {{ .Values.federatorai.persistence.storageClass }} + {{ end }} + size: {{ .Values.federatorai.persistence.fedemeterInfluxdb.dataStorage.size }} + type: pvc + usage: data +{{ else }} + storages: + - type: ephemeral + usage: data + - type: ephemeral + usage: log +{{ end }} + serviceExposures: +{{ if .Values.services.dashboardFrontend.nodePort }} + - name: federatorai-dashboard-frontend + nodePort: + ports: + - nodePort: {{ .Values.services.dashboardFrontend.nodePort }} + port: 9001 + type: NodePort +{{ end }} +{{ if .Values.services.rest.nodePort }} + - name: federatorai-rest + nodePort: + ports: + - nodePort: {{ .Values.services.rest.nodePort }} + port: 5056 + type: NodePort +{{ end }} diff --git a/charts/federatorai/federatorai/4.5.100/values.yaml b/charts/federatorai/federatorai/4.5.100/values.yaml new file mode 100644 index 000000000..40414637a --- /dev/null +++ b/charts/federatorai/federatorai/4.5.100/values.yaml @@ -0,0 +1,41 @@ +## Default values for Federator.ai +## This is a YAML-formatted file. +## Declare variables to be passed into your templates. +## +image: + pullPolicy: IfNotPresent + repository: quay.io/prophetstor/federatorai-operator-ubi + tag: v4.5.1-ga + +## Set default values +## +federatorai: + imageLocation: quay.io/prophetstor + version: v4.5.1-ga + ## If thhe persistence is enabled, a default StorageClass + ## is needed in the k8s cluster to provision volumes. + persistence: + enabled: true + storageClass: "" + storages: + logStorage: + size: 2Gi + aiCore: + dataStorage: + size: 10Gi + influxdb: + dataStorage: + size: 100Gi + fedemeterInfluxdb: + dataStorage: + size: 10Gi + +services: + dashboardFrontend: + ## Specify the nodePort value for the dashboard frontend + ## Comment out the following line to disable nodePort service + nodePort: 31012 + rest: + ## Specify the nodePort value for the REST service + ## Comment out the following line to disable nodePort service + nodePort: 31011 diff --git a/charts/haproxy/haproxy/1.12.100/.helmignore b/charts/haproxy/haproxy/1.12.100/.helmignore new file mode 100644 index 000000000..f0c131944 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.100/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/charts/haproxy/haproxy/1.12.100/Chart.yaml b/charts/haproxy/haproxy/1.12.100/Chart.yaml new file mode 100644 index 000000000..f29ee9c29 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.100/Chart.yaml @@ -0,0 +1,23 @@ +annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/release-name: haproxy +apiVersion: v1 +appVersion: 1.5.1 +description: A Helm chart for HAProxy Kubernetes Ingress Controller +home: https://github.com/haproxytech/helm-charts/tree/master/kubernetes-ingress +icon: http://www.haproxy.org/img/HAProxyCommunityEdition_60px.png +keywords: +- ingress +- haproxy +kubeVersion: '>=1.12.0-0' +maintainers: +- email: mmhedhbi@haproxy.com + name: Moemen Mhedhbi +- email: bassmann@haproxy.com + name: Baptiste Assmann +- email: dkorunic@haproxy.com + name: Dinko Korunic +name: haproxy +sources: +- https://github.com/haproxytech/kubernetes-ingress +version: 1.12.100 diff --git a/charts/haproxy/haproxy/1.12.100/README.md b/charts/haproxy/haproxy/1.12.100/README.md new file mode 100644 index 000000000..d4f04dbb8 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.100/README.md @@ -0,0 +1,199 @@ +# ![HAProxy](https://github.com/haproxytech/kubernetes-ingress/raw/master/assets/images/haproxy-weblogo-210x49.png "HAProxy") + +## HAProxy Kubernetes Ingress Controller + +An ingress controller is a Kubernetes resource that routes traffic from outside your cluster to services within the cluster. HAProxy Kubernetes Ingress Controller uses ConfigMap to store the haproxy configuration. + +Detailed documentation can be found within the [Official Documentation](https://www.haproxy.com/documentation/hapee/2-0r1/traffic-management/kubernetes-ingress-controller/). + +Additional configuration details can be found in [annotation reference](https://github.com/haproxytech/kubernetes-ingress/tree/master/documentation) and in image [arguments reference](https://github.com/haproxytech/kubernetes-ingress/blob/master/documentation/controller.md). + +## Introduction + +This chart bootstraps an HAProxy kubernetes-ingress deployment/daemonset on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +### Prerequisites + +- Kubernetes 1.12+ +- Helm 2.9+ + +## Before you begin + +### Setup a Kubernetes Cluster + +The quickest way to setup a Kubernetes cluster is with [Azure Kubernetes Service](https://azure.microsoft.com/en-us/services/kubernetes-service/), [AWS Elastic Kubernetes Service](https://aws.amazon.com/eks/) or [Google Kubernetes Engine](https://cloud.google.com/kubernetes-engine/) using their respective quick-start guides. + +For setting up Kubernetes on other cloud platforms or bare-metal servers refer to the Kubernetes [getting started guide](http://kubernetes.io/docs/getting-started-guides/). + +### Install Helm + +Get the latest [Helm release](https://github.com/helm/helm#install). + +### Add Helm chart repo + +Once you have Helm installed, add the repo as follows: + +```console +helm repo add haproxytech https://haproxytech.github.io/helm-charts +helm repo update +``` + +## Install the chart + +To install the chart with Helm v3 as *my-release* deployment: + +```console +helm install my-release haproxytech/kubernetes-ingress +``` + +***NOTE***: To install the chart with Helm v2 (legacy Helm) the syntax requires adding deployment name to `--name` parameter: + +```console +helm install haproxytech/kubernetes-ingress \ + --name my-release +``` + +### Installing with unique name + +To auto-generate controller and its resources names when installing, use the following: + +```console +helm install haproxytech/kubernetes-ingress \ + --generate-name +``` + +### Installing from a private registry + +To install the chart using a private registry for controller into a separate namespace *prod*. + +***NOTE***: Helm v3 requires namespace to be precreated (eg. with ```kubectl create namespace prod```) + +```console +helm install my-ingress haproxytech/kubernetes-ingress \ + --namespace prod \ + --set controller.image.tag=SOMETAG \ + --set controller.imageCredentials.registry=myregistry.domain.com \ + --set controller.imageCredentials.username=MYUSERNAME \ + --set controller.imageCredentials.password=MYPASSWORD +``` + +### Installing as DaemonSet + +Default controller mode is [Deployment](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/), but it is possible to use [DaemonSet](https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/) as well: + +```console +helm install my-ingress2 haproxytech/kubernetes-ingress \ + --set controller.kind=DaemonSet +``` + +### Installing in multi-ingress environment + +It is also possible to set controller ingress class to be used in [multi-ingress environments](https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/#using-multiple-ingress-controllers): + +```console +helm install my-ingress3 haproxytech/kubernetes-ingress \ + --set controller.kind=DaemonSet \ + --set controller.ingressClass=haproxy +``` + +***NOTE***: make sure your Ingress routes have corresponding `ingress.class: haproxy` annotation. + +### Installing with service annotations + +On some environments like EKS and GKE there might be a need to pass service annotations. Syntax can become a little tedious however: + +```console +helm install my-ingress3 haproxytech/kubernetes-ingress \ + --set controller.kind=DaemonSet \ + --set controller.ingressClass=haproxy \ + --set controller.service.type=LoadBalancer \ + --set controller.service.annotations."service\.beta\.kubernetes\.io/aws-load-balancer-internal"="0.0.0.0/0" \ + --set controller.service.annotations."service\.beta\.kubernetes\.io/aws-load-balancer-cross-zone-load-balancing-enabled"="true" +``` + +***NOTE***: With helm `--set` it is needed to put quotes and escape dots in the annotation key and commas in the value string. + +### Installing with Horizontal Pod Autoscaler + +[HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) automatically scales number of replicas in Deployment or Replication Controller and adjusts replica count. Therefore we want to unset default replicaCount for controller and defaultBackend by setting corresponding key values to null: + +```console +helm install my-ingress4 haproxytech/kubernetes-ingress \ + --set controller.replicaCount=null \ + --set defaultBackend.replicaCount=null +``` + +### Installing the ServiceMonitor + +If you're using the [Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator), you can automatically install the `ServiceMonitor` definition in order to automate the scraping options according to your needs. + +```console +helm install my-ingress5 haproxytech/kubernetes-ingress \ + --set "controller.serviceMonitor.enabled=true" +``` + +### Using values from YAML file + +As opposed to using many `--set` invocations, much simpler approach is to define value overrides in a separate YAML file and specify them when invoking Helm: + +*mylb.yaml*: + +```yaml +controller: + kind: DaemonSet + ingressClass: haproxy + service: + type: LoadBalancer + annotations: + service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: 'true' + service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0 +``` + +And invoking Helm becomes (compare to the previous example): + +```console +helm install my-ingress4 -f mylb.yml haproxytech/kubernetes-ingress +``` + +A typical YAML file for TCP services looks like (provided that configmap "[default/tcp](https://github.com/haproxytech/kubernetes-ingress/blob/master/documentation/controller.md)" was created) : + +```yaml +controller: + service: + tcpPorts: + - name: mysql + port: 3306 + targetPort: 3306 + extraArgs: + - --configmap-tcp-services=default/tcp +``` + +## Upgrading the chart + +To upgrade the *my-release* deployment: + +```console +helm upgrade my-release haproxytech/kubernetes-ingress +``` + +## Uninstalling the chart + +To uninstall/delete the *my-release* deployment: + +```console +helm delete my-release +``` + +## Debugging + +It is possible to generate a set of YAML files for testing/debugging: + +```console +helm install my-release haproxytech/kubernetes-ingress \ + --debug \ + --dry-run +``` + +## Contributing + +We welcome all contributions. Please refer to [guidelines](../CONTRIBUTING.md) on how to make a contribution. diff --git a/charts/haproxy/haproxy/1.12.100/app-readme.md b/charts/haproxy/haproxy/1.12.100/app-readme.md new file mode 100644 index 000000000..aae3d1bd8 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.100/app-readme.md @@ -0,0 +1,8 @@ +# HAProxy +[HAProxy](https://www.haproxy.org/) is the world's fastest and most widely used software load balancer. HAProxy allows organizations to deliver websites and applications with the utmost performance, observability, and security at any scale and in any environment. + +# HAProxy Enterprise +[HAProxy Enterprise](https://www.haproxy.com/products/haproxy-enterprise-edition/) is an enterprise-class version of HAProxy providing a robust and reliable code base with cutting edge features, an enterprise suite of add-ons, expert support, and professional services. At its core, it incorporates feature backports from the HAProxy development branch for customers who require immediate access to the latest functionality in a hardened version of code. + +## Introduction +This chart bootstraps the [HAProxy Ingress Controller](https://github.com/haproxytech/kubernetes-ingress) or the [HAProxy Enterprise Ingress Controller](https://www.haproxy.com/products/haproxy-enterprise-kubernetes-ingress-controller/) using the [Helm](https://helm.sh) package manager. diff --git a/charts/haproxy/haproxy/1.12.100/ci/daemonset-customconfig-values.yaml b/charts/haproxy/haproxy/1.12.100/ci/daemonset-customconfig-values.yaml new file mode 100644 index 000000000..116158a14 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.100/ci/daemonset-customconfig-values.yaml @@ -0,0 +1,4 @@ +controller: + kind: DaemonSet + config: + rate-limit: "ON" diff --git a/charts/haproxy/haproxy/1.12.100/ci/daemonset-customnodeport-values.yaml b/charts/haproxy/haproxy/1.12.100/ci/daemonset-customnodeport-values.yaml new file mode 100644 index 000000000..c9de04c16 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.100/ci/daemonset-customnodeport-values.yaml @@ -0,0 +1,7 @@ +controller: + kind: DaemonSet + service: + type: NodePort + ports: + 8000: 10000 + 8001: 10001 diff --git a/charts/haproxy/haproxy/1.12.100/ci/daemonset-default-values.yaml b/charts/haproxy/haproxy/1.12.100/ci/daemonset-default-values.yaml new file mode 100644 index 000000000..ddb25623a --- /dev/null +++ b/charts/haproxy/haproxy/1.12.100/ci/daemonset-default-values.yaml @@ -0,0 +1,2 @@ +controller: + kind: DaemonSet diff --git a/charts/haproxy/haproxy/1.12.100/ci/daemonset-disableddefaultbackend-values.yaml b/charts/haproxy/haproxy/1.12.100/ci/daemonset-disableddefaultbackend-values.yaml new file mode 100644 index 000000000..3a1687a33 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.100/ci/daemonset-disableddefaultbackend-values.yaml @@ -0,0 +1,4 @@ +controller: + kind: DaemonSet +defaultBackend: + enabled: false diff --git a/charts/haproxy/haproxy/1.12.100/ci/daemonset-disabledsecretconfig-values.yaml b/charts/haproxy/haproxy/1.12.100/ci/daemonset-disabledsecretconfig-values.yaml new file mode 100644 index 000000000..362fbb982 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.100/ci/daemonset-disabledsecretconfig-values.yaml @@ -0,0 +1,4 @@ +controller: + kind: DaemonSet + defaultTLSSecret: + enabled: false diff --git a/charts/haproxy/haproxy/1.12.100/ci/daemonset-enableports-values.yaml b/charts/haproxy/haproxy/1.12.100/ci/daemonset-enableports-values.yaml new file mode 100644 index 000000000..9a41dac52 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.100/ci/daemonset-enableports-values.yaml @@ -0,0 +1,7 @@ +controller: + kind: DaemonSet + service: + enablePorts: + http: false + https: true + stat: false diff --git a/charts/haproxy/haproxy/1.12.100/ci/daemonset-extraargs-values.yaml b/charts/haproxy/haproxy/1.12.100/ci/daemonset-extraargs-values.yaml new file mode 100644 index 000000000..691acbc44 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.100/ci/daemonset-extraargs-values.yaml @@ -0,0 +1,4 @@ +controller: + kind: DaemonSet + extraArgs: + - --namespace-whitelist=default diff --git a/charts/haproxy/haproxy/1.12.100/ci/daemonset-hostport-values.yaml b/charts/haproxy/haproxy/1.12.100/ci/daemonset-hostport-values.yaml new file mode 100644 index 000000000..45042ea50 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.100/ci/daemonset-hostport-values.yaml @@ -0,0 +1,8 @@ +controller: + kind: DaemonSet + daemonset: + useHostPort: true + hostPorts: + http: 80 + https: 443 + stat: 1024 diff --git a/charts/haproxy/haproxy/1.12.100/ci/daemonset-nodeport-values.yaml b/charts/haproxy/haproxy/1.12.100/ci/daemonset-nodeport-values.yaml new file mode 100644 index 000000000..ebc8f1020 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.100/ci/daemonset-nodeport-values.yaml @@ -0,0 +1,4 @@ +controller: + kind: DaemonSet + service: + type: NodePort diff --git a/charts/haproxy/haproxy/1.12.100/ci/daemonset-publishservice-values.yaml b/charts/haproxy/haproxy/1.12.100/ci/daemonset-publishservice-values.yaml new file mode 100644 index 000000000..b538cb542 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.100/ci/daemonset-publishservice-values.yaml @@ -0,0 +1,5 @@ +controller: + kind: DaemonSet + service: + annotations: + service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0 diff --git a/charts/haproxy/haproxy/1.12.100/ci/daemonset-serviceannotation-values.yaml b/charts/haproxy/haproxy/1.12.100/ci/daemonset-serviceannotation-values.yaml new file mode 100644 index 000000000..b538cb542 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.100/ci/daemonset-serviceannotation-values.yaml @@ -0,0 +1,5 @@ +controller: + kind: DaemonSet + service: + annotations: + service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0 diff --git a/charts/haproxy/haproxy/1.12.100/ci/deployment-customconfig-values.yaml b/charts/haproxy/haproxy/1.12.100/ci/deployment-customconfig-values.yaml new file mode 100644 index 000000000..12c48d22d --- /dev/null +++ b/charts/haproxy/haproxy/1.12.100/ci/deployment-customconfig-values.yaml @@ -0,0 +1,3 @@ +controller: + config: + rate-limit: "ON" diff --git a/charts/haproxy/haproxy/1.12.100/ci/deployment-customnodeport-values.yaml b/charts/haproxy/haproxy/1.12.100/ci/deployment-customnodeport-values.yaml new file mode 100644 index 000000000..f044362aa --- /dev/null +++ b/charts/haproxy/haproxy/1.12.100/ci/deployment-customnodeport-values.yaml @@ -0,0 +1,6 @@ +controller: + service: + type: NodePort + ports: + 8000: 10000 + 8001: 10001 diff --git a/charts/haproxy/haproxy/1.12.100/ci/deployment-default-values.yaml b/charts/haproxy/haproxy/1.12.100/ci/deployment-default-values.yaml new file mode 100644 index 000000000..792d60054 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.100/ci/deployment-default-values.yaml @@ -0,0 +1 @@ +# diff --git a/charts/haproxy/haproxy/1.12.100/ci/deployment-disableddefaultbackend-values.yaml b/charts/haproxy/haproxy/1.12.100/ci/deployment-disableddefaultbackend-values.yaml new file mode 100644 index 000000000..ba2a61ebe --- /dev/null +++ b/charts/haproxy/haproxy/1.12.100/ci/deployment-disableddefaultbackend-values.yaml @@ -0,0 +1,2 @@ +defaultBackend: + enabled: false diff --git a/charts/haproxy/haproxy/1.12.100/ci/deployment-disabledsecretconfig-values.yaml b/charts/haproxy/haproxy/1.12.100/ci/deployment-disabledsecretconfig-values.yaml new file mode 100644 index 000000000..767645997 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.100/ci/deployment-disabledsecretconfig-values.yaml @@ -0,0 +1,3 @@ +controller: + defaultTLSSecret: + enabled: false diff --git a/charts/haproxy/haproxy/1.12.100/ci/deployment-enableports-values.yaml b/charts/haproxy/haproxy/1.12.100/ci/deployment-enableports-values.yaml new file mode 100644 index 000000000..03ff297b4 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.100/ci/deployment-enableports-values.yaml @@ -0,0 +1,6 @@ +controller: + service: + enablePorts: + http: false + https: true + stat: false diff --git a/charts/haproxy/haproxy/1.12.100/ci/deployment-extraargs-values.yaml b/charts/haproxy/haproxy/1.12.100/ci/deployment-extraargs-values.yaml new file mode 100644 index 000000000..d0e1dbe73 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.100/ci/deployment-extraargs-values.yaml @@ -0,0 +1,3 @@ +controller: + extraArgs: + - --namespace-whitelist=default diff --git a/charts/haproxy/haproxy/1.12.100/ci/deployment-hpa-values.yaml b/charts/haproxy/haproxy/1.12.100/ci/deployment-hpa-values.yaml new file mode 100644 index 000000000..0c8326236 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.100/ci/deployment-hpa-values.yaml @@ -0,0 +1,14 @@ +controller: + kind: Deployment + autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 5 + targetCPUUtilizationPercentage: 80 + +defaultBackend: + autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 2 + targetCPUUtilizationPercentage: 50 diff --git a/charts/haproxy/haproxy/1.12.100/ci/deployment-nodeport-values.yaml b/charts/haproxy/haproxy/1.12.100/ci/deployment-nodeport-values.yaml new file mode 100644 index 000000000..ffdc47b2d --- /dev/null +++ b/charts/haproxy/haproxy/1.12.100/ci/deployment-nodeport-values.yaml @@ -0,0 +1,3 @@ +controller: + service: + type: NodePort diff --git a/charts/haproxy/haproxy/1.12.100/ci/deployment-psp-values.yaml b/charts/haproxy/haproxy/1.12.100/ci/deployment-psp-values.yaml new file mode 100644 index 000000000..7aae8605d --- /dev/null +++ b/charts/haproxy/haproxy/1.12.100/ci/deployment-psp-values.yaml @@ -0,0 +1,2 @@ +podSecurityPolicy: + enabled: true diff --git a/charts/haproxy/haproxy/1.12.100/ci/deployment-publishservice-values.yaml b/charts/haproxy/haproxy/1.12.100/ci/deployment-publishservice-values.yaml new file mode 100644 index 000000000..6d8bf9bf7 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.100/ci/deployment-publishservice-values.yaml @@ -0,0 +1,4 @@ +controller: + kind: DaemonSet + publishService: + enabled: true diff --git a/charts/haproxy/haproxy/1.12.100/ci/deployment-replicacount-unset.yaml b/charts/haproxy/haproxy/1.12.100/ci/deployment-replicacount-unset.yaml new file mode 100644 index 000000000..78ee30060 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.100/ci/deployment-replicacount-unset.yaml @@ -0,0 +1,5 @@ +controller: + replicaCount: null + +defaultBackend: + replicaCount: null diff --git a/charts/haproxy/haproxy/1.12.100/questions.yml b/charts/haproxy/haproxy/1.12.100/questions.yml new file mode 100644 index 000000000..27ff89e72 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.100/questions.yml @@ -0,0 +1,73 @@ +questions: +- variable: imageDefault + default: true + description: "Use default Docker image" + label: Use Default Image + type: boolean + group: "Settings" + show_subquestion_if: false + subquestions: + - variable: controller.image.tag + default: "1.4.6" + description: "HAProxy Ingress Controller Tag" + type: string + label: HAProxy Ingress Controller Tag +- variable: controller.kind + type: enum + options: + - "DaemonSet" + - "Deployment" + default: "Deployment" + description: "Deployment Type" + label: Deployment Type + group: "Settings" +- variable: controller.service.type + type: enum + options: + - "LoadBalancer" + - "NodePort" + default: "NodePort" + description: "Service Type for HAProxy Ingress Controller" + label: Service Type + group: "Settings" +- variable: controller.ingressClass + default: "" + description: "Ingress Class for targeting this controller" + label: Ingress Class + type: string + group: "Settings" +- variable: controller.defaultTLSSecret.secret + default: "" + description: "Default TLS certificate secret" + label: TLS Certificate Secret + type: string + group: "Settings" +- variable: enableEnterprise + default: false + description: "Use HAProxy Enterprise" + label: Enable + type: boolean + group: "HAProxy Enterprise" + show_subquestion_if: true + subquestions: + - variable: controller.imageCredentials.registry + type: string + default: "kubernetes-registry.haproxy.com" + description: "HAProxy Enterprise Registtry" + label: Registry + - variable: controller.image.repository + type: string + default: "kubernetes-registry.haproxy.com/hapee-ingress" + description: "HAProxy Enterprise Registry" + label: Repository + - variable: controller.imageCredentials.username + type: string + default: "MYUSERNAME" + description: "HAProxy Enterprise Username" + label: Username + - variable: controller.imageCredentials.password + type: string + default: "MYPASSWORD" + description: "HAProxy Enterprise Password" + label: Password + diff --git a/charts/haproxy/haproxy/1.12.100/templates/NOTES.txt b/charts/haproxy/haproxy/1.12.100/templates/NOTES.txt new file mode 100644 index 000000000..522e23017 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.100/templates/NOTES.txt @@ -0,0 +1,67 @@ +HAProxy Kubernetes Ingress Controller has been successfully installed. + +Controller image deployed is: "{{ .Values.controller.image.repository }}:{{ tpl .Values.controller.image.tag . }}". +Your controller is of a "{{ .Values.controller.kind }}" kind. Your controller service is running as a "{{ .Values.controller.service.type }}" type. +{{- if and .Values.rbac.create}} +RBAC authorization is enabled. +{{- else}} +RBAC authorization is disabled. +{{- end}} +{{- if .Values.controller.ingressClass}} +Controller ingress.class is set to "{{ .Values.controller.ingressClass }}" so make sure to use same annotation for +Ingress resource. +{{- end}} + +Service ports mapped are: +{{- if eq .Values.controller.kind "Deployment" }} +{{- range $key, $value := .Values.controller.containerPort }} + - name: {{ $key }} + containerPort: {{ $value }} + protocol: TCP +{{- end }} +{{- end }} +{{- if eq .Values.controller.kind "DaemonSet" }} +{{- $hostPorts := .Values.controller.daemonset.hostPorts -}} +{{- range $key, $value := .Values.controller.containerPort }} + - name: {{ $key }} + containerPort: {{ $value }} + protocol: TCP + hostPort: {{ index $hostPorts $key | default $value }} +{{- end }} +{{- end }} + +Node IP can be found with: + $ kubectl --namespace {{ .Release.Namespace }} get nodes -o jsonpath="{.items[0].status.addresses[1].address}" + +The following ingress resource routes traffic to pods that match the following: + * service name: web + * client's Host header: webdemo.com + * path begins with / + + --- + apiVersion: networking.k8s.io/v1beta1 + kind: Ingress + metadata: + name: web-ingress + namespace: default + spec: + rules: + - host: webdemo.com + http: + paths: + - path: / + backend: + serviceName: web + servicePort: 80 + +In case that you are using multi-ingress controller environment, make sure to use ingress.class annotation and match it +with helm chart option controller.ingressClass. + +For more examples and up to date documentation, please visit: + * Helm chart documentation: https://github.com/haproxytech/helm-charts/tree/master/kubernetes-ingress + * Controller documentation: https://www.haproxy.com/documentation/hapee/2-0r1/traffic-management/kubernetes-ingress-controller/ + * Annotation reference: https://github.com/haproxytech/kubernetes-ingress/tree/master/documentation + * Image parameters reference: https://github.com/haproxytech/kubernetes-ingress/blob/master/documentation/controller.md + + + diff --git a/charts/haproxy/haproxy/1.12.100/templates/_helpers.tpl b/charts/haproxy/haproxy/1.12.100/templates/_helpers.tpl new file mode 100644 index 000000000..5a1e28588 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.100/templates/_helpers.tpl @@ -0,0 +1,130 @@ +{{/* +Copyright 2019 HAProxy Technologies LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "kubernetes-ingress.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "kubernetes-ingress.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "kubernetes-ingress.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Encode an imagePullSecret string. +*/}} +{{- define "kubernetes-ingress.imagePullSecret" }} +{{- printf "{\"auths\": {\"%s\": {\"auth\": \"%s\"}}}" .Values.controller.imageCredentials.registry (printf "%s:%s" .Values.controller.imageCredentials.username .Values.controller.imageCredentials.password | b64enc) | b64enc }} +{{- end }} + +{{/* +Generate default certificate for HAProxy. +*/}} +{{- define "kubernetes-ingress.gen-certs" -}} +{{- $ca := genCA "kubernetes-ingress-ca" 365 -}} +{{- $cn := printf "%s.%s" .Release.Name .Release.Namespace -}} +{{- $cert := genSignedCert $cn nil nil 365 $ca -}} +tls.crt: {{ $cert.Cert | b64enc }} +tls.key: {{ $cert.Key | b64enc }} +{{- end -}} + +{{/* +Create the name of the controller service account to use. +*/}} +{{- define "kubernetes-ingress.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "kubernetes-ingress.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the backend service account to use - only used when podsecuritypolicy is also enabled +*/}} +{{- define "kubernetes-ingress.defaultBackend.serviceAccountName" -}} +{{- if or .Values.serviceAccount.create .Values.defaultBackend.serviceAccount.create -}} + {{ default (printf "%s-%s" (include "kubernetes-ingress.fullname" .) .Values.defaultBackend.name) .Values.defaultBackend.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.defaultBackend.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create a default fully qualified default backend name. +*/}} +{{- define "kubernetes-ingress.defaultBackend.fullname" -}} +{{- printf "%s-%s" (include "kubernetes-ingress.fullname" .) .Values.defaultBackend.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified default cert secret name. +*/}} +{{- define "kubernetes-ingress.defaultTLSSecret.fullname" -}} +{{- printf "%s-%s" (include "kubernetes-ingress.fullname" .) "default-cert" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Construct the path for the publish-service. +By default this will use the / matching the controller's service name. +Users can provide an override for an explicit service they want to use via `.Values.controller.publishService.pathOverride` +*/}} +{{- define "kubernetes-ingress.publishServicePath" -}} +{{- $defServicePath := printf "%s/%s" .Release.Namespace (include "kubernetes-ingress.fullname" .) -}} +{{- $servicePath := default $defServicePath .Values.controller.publishService.pathOverride }} +{{- print $servicePath | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Construct the syslog-server annotation +*/}} +{{- define "kubernetes-ingress.syslogServer" -}} +{{- range $key, $val := .Values.controller.logging.traffic -}} +{{- printf "%s:%s, " $key $val }} +{{- end -}} +{{- end -}} + +{{/* +Create a default fully qualified ServiceMonitor name. +*/}} +{{- define "kubernetes-ingress.serviceMonitorName" -}} +{{- default (include "kubernetes-ingress.fullname" .) .Values.controller.serviceMonitor.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* vim: set filetype=mustache: */}} diff --git a/charts/haproxy/haproxy/1.12.100/templates/clusterrole.yaml b/charts/haproxy/haproxy/1.12.100/templates/clusterrole.yaml new file mode 100644 index 000000000..4f9b4734a --- /dev/null +++ b/charts/haproxy/haproxy/1.12.100/templates/clusterrole.yaml @@ -0,0 +1,60 @@ +{{/* +Copyright 2019 HAProxy Technologies LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "kubernetes-ingress.fullname" . }} + labels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} +rules: +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - services + - namespaces + - events + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "extensions" + - "networking.k8s.io" + resources: + - ingresses + - ingresses/status + - ingressclasses + verbs: + - get + - list + - watch +- apiGroups: + - "extensions" + - "networking.k8s.io" + resources: + - ingresses/status + verbs: + - update +{{- end -}} diff --git a/charts/haproxy/haproxy/1.12.100/templates/clusterrolebinding.yaml b/charts/haproxy/haproxy/1.12.100/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..cfd226083 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.100/templates/clusterrolebinding.yaml @@ -0,0 +1,37 @@ +{{/* +Copyright 2019 HAProxy Technologies LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "kubernetes-ingress.fullname" . }} + labels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kubernetes-ingress.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ template "kubernetes-ingress.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end -}} + diff --git a/charts/haproxy/haproxy/1.12.100/templates/controller-configmap.yaml b/charts/haproxy/haproxy/1.12.100/templates/controller-configmap.yaml new file mode 100644 index 000000000..94aa9c554 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.100/templates/controller-configmap.yaml @@ -0,0 +1,34 @@ +{{/* +Copyright 2019 HAProxy Technologies LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "kubernetes-ingress.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} +data: +{{- if .Values.controller.logging.traffic }} + syslog-server: {{ template "kubernetes-ingress.syslogServer" . }} +{{- end }} +{{- if .Values.controller.config }} +{{ toYaml .Values.controller.config | indent 2 }} +{{- end }} diff --git a/charts/haproxy/haproxy/1.12.100/templates/controller-daemonset.yaml b/charts/haproxy/haproxy/1.12.100/templates/controller-daemonset.yaml new file mode 100644 index 000000000..e892c4b8d --- /dev/null +++ b/charts/haproxy/haproxy/1.12.100/templates/controller-daemonset.yaml @@ -0,0 +1,234 @@ +{{/* +Copyright 2019 HAProxy Technologies LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if eq .Values.controller.kind "DaemonSet" }} +{{- $useHostNetwork := .Values.controller.daemonset.useHostNetwork -}} +{{- $useHostPort := .Values.controller.daemonset.useHostPort -}} +{{- $hostPorts := .Values.controller.daemonset.hostPorts -}} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ template "kubernetes-ingress.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + {{- if .Values.controller.extraLabels }} +{{ toYaml .Values.controller.extraLabels | indent 4 }} + {{- end }} +spec: + minReadySeconds: 0 + updateStrategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 1 + selector: + matchLabels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.controller.podLabels }} +{{ toYaml .Values.controller.podLabels | indent 8 }} + {{- end }} + {{- if .Values.controller.podAnnotations }} + annotations: +{{ toYaml .Values.controller.podAnnotations | indent 8 }} + {{- end }} + spec: + serviceAccountName: {{ template "kubernetes-ingress.serviceAccountName" . }} + terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }} + {{- if $useHostNetwork }} + hostNetwork: true + {{- end }} +{{- if .Values.controller.dnsConfig }} + dnsConfig: +{{ toYaml .Values.controller.dnsConfig | indent 8 }} +{{- end }} + dnsPolicy: {{ .Values.controller.dnsPolicy }} +{{- if .Values.controller.imageCredentials.registry }} + imagePullSecrets: + - name: {{ template "kubernetes-ingress.fullname" . }} +{{- end }} +{{- if .Values.controller.priorityClassName }} + priorityClassName: {{ .Values.controller.priorityClassName }} +{{- end }} + containers: + - name: {{ template "kubernetes-ingress.name" . }}-{{ .Values.controller.name }} + image: "{{ .Values.controller.image.repository }}:{{ tpl .Values.controller.image.tag . }}" + imagePullPolicy: {{ .Values.controller.image.pullPolicy }} + args: +{{- if and .Values.controller.defaultTLSSecret.enabled -}} +{{- if .Values.controller.defaultTLSSecret.secret }} + - --default-ssl-certificate={{ .Release.Namespace }}/{{ .Values.controller.defaultTLSSecret.secret }} +{{- else }} + - --default-ssl-certificate={{ .Release.Namespace }}/{{ template "kubernetes-ingress.defaultTLSSecret.fullname" . }} +{{- end }} +{{- end }} + - --configmap={{ .Release.Namespace }}/{{ template "kubernetes-ingress.fullname" . }} +{{- if .Values.defaultBackend.enabled }} + - --default-backend-service={{ .Release.Namespace }}/{{ template "kubernetes-ingress.defaultBackend.fullname" . }} +{{- end }} +{{- if .Values.controller.ingressClass }} + - --ingress.class={{ .Values.controller.ingressClass }} +{{- end }} +{{- if .Values.controller.publishService.enabled }} + - --publish-service={{ template "kubernetes-ingress.publishServicePath" . }} +{{- end }} +{{- if .Values.controller.logging.level }} + - --log={{ .Values.controller.logging.level }} +{{- end }} +{{- range .Values.controller.extraArgs }} + - {{ . }} +{{- end }} + {{- if .Values.controller.unprivileged }} + securityContext: + runAsUser: 1000 + runAsGroup: 1000 + capabilities: + drop: + - ALL + add: + - NET_BIND_SERVICE + {{- end }} + ports: + {{- range $key, $value := .Values.controller.containerPort }} + - name: {{ $key }} + containerPort: {{ $value }} + protocol: TCP + {{- if $useHostPort }} + hostPort: {{ index $hostPorts $key | default $value }} + {{- end }} + {{- end }} + {{- range .Values.controller.service.tcpPorts }} + - name: {{ .name }}-tcp + containerPort: {{ .port }} + protocol: TCP + {{- if $useHostPort }} + hostPort: {{ .port }} + {{- end }} + {{- end }} + livenessProbe: + failureThreshold: {{ .Values.controller.livenessProbe.failureThreshold }} + httpGet: + path: {{ .Values.controller.livenessProbe.path }} + port: {{ .Values.controller.livenessProbe.port }} + scheme: {{ .Values.controller.livenessProbe.scheme }} + initialDelaySeconds: {{ .Values.controller.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.controller.livenessProbe.periodSeconds }} + successThreshold: {{ .Values.controller.livenessProbe.successThreshold }} + timeoutSeconds: {{ .Values.controller.livenessProbe.timeoutSeconds }} + readinessProbe: + failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }} + httpGet: + path: {{ .Values.controller.readinessProbe.path }} + port: {{ .Values.controller.readinessProbe.port }} + scheme: {{ .Values.controller.readinessProbe.scheme }} + initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }} + successThreshold: {{ .Values.controller.readinessProbe.successThreshold }} + timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }} + startupProbe: + failureThreshold: {{ .Values.controller.startupProbe.failureThreshold }} + httpGet: + path: {{ .Values.controller.startupProbe.path }} + port: {{ .Values.controller.startupProbe.port }} + scheme: {{ .Values.controller.startupProbe.scheme }} + initialDelaySeconds: {{ .Values.controller.startupProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.controller.startupProbe.periodSeconds }} + successThreshold: {{ .Values.controller.startupProbe.successThreshold }} + timeoutSeconds: {{ .Values.controller.startupProbe.timeoutSeconds }} + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + {{- range .Values.controller.extraEnvs }} + - name: "{{ .name }}" + value: "{{ .value }}" + {{- end }} + resources: + {{- toYaml .Values.controller.resources | nindent 12 }} + {{- if .Values.controller.lifecycle }} + lifecycle: + {{- if eq "string" (printf "%T" .Values.controller.lifecycle) }} +{{ tpl .Values.controller.lifecycle . | indent 12 }} + {{- else }} +{{ toYaml .Values.controller.lifecycle | indent 12 }} + {{- end }} + {{- end }} + {{- if .Values.controller.extraVolumeMounts }} + volumeMounts: + {{- if eq "string" (printf "%T" .Values.controller.extraVolumeMounts) }} +{{ tpl .Values.controller.extraVolumeMounts . | indent 12 }} + {{- else }} +{{ toYaml .Values.controller.extraVolumeMounts | indent 12 }} + {{- end }} + {{- end}} + {{- if .Values.controller.extraContainers }} + {{- if eq "string" (printf "%T" .Values.controller.extraContainers) }} +{{ tpl .Values.controller.extraContainers . | indent 8 }} + {{- else }} +{{ toYaml .Values.controller.extraContainers | indent 8 }} + {{- end }} + {{- end }} + {{- if .Values.controller.extraVolumes }} + volumes: + {{- if eq "string" (printf "%T" .Values.controller.extraVolumes) }} +{{ tpl .Values.controller.extraVolumes . | indent 8 }} + {{- else }} +{{ toYaml .Values.controller.extraVolumes | indent 8 }} + {{- end }} + {{- end }} + {{- if or .Values.controller.unprivileged .Values.controller.initContainers }} + initContainers: + {{- if .Values.controller.unprivileged }} + - name: sysctl + image: busybox:musl + command: + - /bin/sh + - -c + - sysctl -w net.ipv4.ip_unprivileged_port_start=0 + securityContext: + privileged: true + {{- end }} + {{- with.Values.controller.initContainers }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- end }} + {{- with .Values.controller.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end }} diff --git a/charts/haproxy/haproxy/1.12.100/templates/controller-defaultcertsecret.yaml b/charts/haproxy/haproxy/1.12.100/templates/controller-defaultcertsecret.yaml new file mode 100644 index 000000000..b409c7b25 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.100/templates/controller-defaultcertsecret.yaml @@ -0,0 +1,35 @@ +{{/* +Copyright 2019 HAProxy Technologies LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.controller.defaultTLSSecret.enabled }} +apiVersion: v1 +kind: Secret +type: kubernetes.io/tls +metadata: + name: {{ template "kubernetes-ingress.defaultTLSSecret.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + annotations: + "helm.sh/hook": "pre-install" + "helm.sh/hook-delete-policy": "before-hook-creation" +data: +{{ ( include "kubernetes-ingress.gen-certs" . ) | indent 2 }} +{{- end }} \ No newline at end of file diff --git a/charts/haproxy/haproxy/1.12.100/templates/controller-deployment.yaml b/charts/haproxy/haproxy/1.12.100/templates/controller-deployment.yaml new file mode 100644 index 000000000..2868add91 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.100/templates/controller-deployment.yaml @@ -0,0 +1,222 @@ +{{/* +Copyright 2019 HAProxy Technologies LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if eq .Values.controller.kind "Deployment" }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "kubernetes-ingress.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + {{- if .Values.controller.extraLabels }} +{{ toYaml .Values.controller.extraLabels | indent 4 }} + {{- end }} +spec: + {{- if not .Values.controller.autoscaling.enabled }} + replicas: {{ .Values.controller.replicaCount }} + {{- end }} + selector: + matchLabels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- with .Values.controller.strategy }} + strategy: + {{- toYaml . | nindent 4 }} + {{- end }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.controller.podLabels }} +{{ toYaml .Values.controller.podLabels | indent 8 }} + {{- end }} + {{- if .Values.controller.podAnnotations }} + annotations: +{{ toYaml .Values.controller.podAnnotations | indent 8 }} + {{- end }} + spec: + serviceAccountName: {{ template "kubernetes-ingress.serviceAccountName" . }} + terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }} +{{- if .Values.controller.dnsConfig }} + dnsConfig: +{{ toYaml .Values.controller.dnsConfig | indent 8 }} +{{- end }} + dnsPolicy: {{ .Values.controller.dnsPolicy }} +{{- if .Values.controller.imageCredentials.registry }} + imagePullSecrets: + - name: {{ template "kubernetes-ingress.fullname" . }} +{{- end }} +{{- if .Values.controller.priorityClassName }} + priorityClassName: {{ .Values.controller.priorityClassName }} +{{- end }} + containers: + - name: {{ template "kubernetes-ingress.name" . }}-{{ .Values.controller.name }} + image: "{{ .Values.controller.image.repository }}:{{ tpl .Values.controller.image.tag . }}" + imagePullPolicy: {{ .Values.controller.image.pullPolicy }} + args: +{{- if .Values.controller.defaultTLSSecret.secret }} + - --default-ssl-certificate={{ .Release.Namespace }}/{{ .Values.controller.defaultTLSSecret.secret }} +{{- else }} + - --default-ssl-certificate={{ .Release.Namespace }}/{{ template "kubernetes-ingress.defaultTLSSecret.fullname" . }} +{{- end }} + - --configmap={{ .Release.Namespace }}/{{ template "kubernetes-ingress.fullname" . }} +{{- if .Values.defaultBackend.enabled }} + - --default-backend-service={{ .Release.Namespace }}/{{ template "kubernetes-ingress.defaultBackend.fullname" . }} +{{- end }} +{{- if .Values.controller.ingressClass }} + - --ingress.class={{ .Values.controller.ingressClass }} +{{- end }} +{{- if .Values.controller.publishService.enabled }} + - --publish-service={{ template "kubernetes-ingress.publishServicePath" . }} +{{- end }} +{{- if .Values.controller.logging.level }} + - --log={{ .Values.controller.logging.level }} +{{- end }} +{{- range .Values.controller.extraArgs }} + - {{ . }} +{{- end }} + {{- if .Values.controller.unprivileged }} + securityContext: + runAsUser: 1000 + runAsGroup: 1000 + capabilities: + drop: + - ALL + add: + - NET_BIND_SERVICE + {{- end }} + ports: + {{- range $key, $value := .Values.controller.containerPort }} + - name: {{ $key }} + containerPort: {{ $value }} + protocol: TCP + {{- end }} + {{- range .Values.controller.service.tcpPorts }} + - name: {{ .name }}-tcp + containerPort: {{ .targetPort }} + protocol: TCP + {{- end }} + livenessProbe: + failureThreshold: {{ .Values.controller.livenessProbe.failureThreshold }} + httpGet: + path: {{ .Values.controller.livenessProbe.path }} + port: {{ .Values.controller.livenessProbe.port }} + scheme: {{ .Values.controller.livenessProbe.scheme }} + initialDelaySeconds: {{ .Values.controller.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.controller.livenessProbe.periodSeconds }} + successThreshold: {{ .Values.controller.livenessProbe.successThreshold }} + timeoutSeconds: {{ .Values.controller.livenessProbe.timeoutSeconds }} + readinessProbe: + failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }} + httpGet: + path: {{ .Values.controller.readinessProbe.path }} + port: {{ .Values.controller.readinessProbe.port }} + scheme: {{ .Values.controller.readinessProbe.scheme }} + initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }} + successThreshold: {{ .Values.controller.readinessProbe.successThreshold }} + timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }} + startupProbe: + failureThreshold: {{ .Values.controller.startupProbe.failureThreshold }} + httpGet: + path: {{ .Values.controller.startupProbe.path }} + port: {{ .Values.controller.startupProbe.port }} + scheme: {{ .Values.controller.startupProbe.scheme }} + initialDelaySeconds: {{ .Values.controller.startupProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.controller.startupProbe.periodSeconds }} + successThreshold: {{ .Values.controller.startupProbe.successThreshold }} + timeoutSeconds: {{ .Values.controller.startupProbe.timeoutSeconds }} + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + {{- range .Values.controller.extraEnvs }} + - name: {{ .name }} + value: {{ .value }} + {{- end }} + resources: + {{- toYaml .Values.controller.resources | nindent 12 }} + {{- if .Values.controller.lifecycle }} + lifecycle: + {{- if eq "string" (printf "%T" .Values.controller.lifecycle) }} +{{ tpl .Values.controller.lifecycle . | indent 12 }} + {{- else }} +{{ toYaml .Values.controller.lifecycle | indent 12 }} + {{- end }} + {{- end }} + {{- if .Values.controller.extraVolumeMounts }} + volumeMounts: + {{- if eq "string" (printf "%T" .Values.controller.extraVolumeMounts) }} +{{ tpl .Values.controller.extraVolumeMounts . | indent 12 }} + {{- else }} +{{ toYaml .Values.controller.extraVolumeMounts | indent 12 }} + {{- end }} + {{- end}} + {{- if .Values.controller.extraContainers }} + {{- if eq "string" (printf "%T" .Values.controller.extraContainers) }} +{{ tpl .Values.controller.extraContainers . | indent 8 }} + {{- else }} +{{ toYaml .Values.controller.extraContainers | indent 8 }} + {{- end }} + {{- end }} + {{- if .Values.controller.extraVolumes }} + volumes: + {{- if eq "string" (printf "%T" .Values.controller.extraVolumes) }} +{{ tpl .Values.controller.extraVolumes . | indent 8 }} + {{- else }} +{{ toYaml .Values.controller.extraVolumes | indent 8 }} + {{- end }} + {{- end }} + {{- if or .Values.controller.unprivileged .Values.controller.initContainers }} + initContainers: + {{- if .Values.controller.unprivileged }} + - name: sysctl + image: busybox:musl + command: + - /bin/sh + - -c + - sysctl -w net.ipv4.ip_unprivileged_port_start=0 + securityContext: + privileged: true + {{- end }} + {{- with.Values.controller.initContainers }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- end }} + {{- with .Values.controller.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end }} diff --git a/charts/haproxy/haproxy/1.12.100/templates/controller-hpa.yaml b/charts/haproxy/haproxy/1.12.100/templates/controller-hpa.yaml new file mode 100644 index 000000000..102b23439 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.100/templates/controller-hpa.yaml @@ -0,0 +1,49 @@ +{{/* +Copyright 2020 HAProxy Technologies LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and (eq .Values.controller.kind "Deployment") .Values.controller.autoscaling.enabled }} +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + name: {{ template "kubernetes-ingress.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ template "kubernetes-ingress.fullname" . }} + minReplicas: {{ .Values.controller.autoscaling.minReplicas }} + maxReplicas: {{ .Values.controller.autoscaling.maxReplicas }} + metrics: + {{- if .Values.controller.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + targetAverageUtilization: {{ .Values.controller.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.controller.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + targetAverageUtilization: {{ .Values.controller.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/haproxy/haproxy/1.12.100/templates/controller-podsecuritypolicy.yaml b/charts/haproxy/haproxy/1.12.100/templates/controller-podsecuritypolicy.yaml new file mode 100644 index 000000000..7851e2acf --- /dev/null +++ b/charts/haproxy/haproxy/1.12.100/templates/controller-podsecuritypolicy.yaml @@ -0,0 +1,80 @@ +{{/* +Copyright 2019 HAProxy Technologies LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled }} +{{- $useHostNetwork := .Values.controller.daemonset.useHostNetwork }} +{{- $useHostPort := .Values.controller.daemonset.useHostPort }} +{{- $hostPorts := .Values.controller.daemonset.hostPorts -}} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: +{{- if .Values.podSecurityPolicy.annotations }} + annotations: +{{ toYaml .Values.podSecurityPolicy.annotations | indent 4 }} +{{- end }} + labels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + name: {{ template "kubernetes-ingress.fullname" . }} + annotations: + seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default,runtime/default' + apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default' + seccomp.security.alpha.kubernetes.io/defaultProfileName: 'runtime/default' + apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' +spec: + allowPrivilegeEscalation: false + allowedCapabilities: + - NET_BIND_SERVICE + defaultAllowPrivilegeEscalation: false + fsGroup: + rule: MustRunAs + ranges: + - max: 65535 + min: 1 +{{- if $useHostNetwork }} + hostNetwork: true +{{- end }} +{{- if or $useHostPort $useHostNetwork }} + hostPorts: +{{- range $key, $value := .Values.controller.containerPort }} + - min: {{ $value }} + max: {{ $value }} +{{- end }} +{{- range .Values.controller.service.tcpPorts }} + - min: {{ .port }} + max: {{ .port }} +{{- end }} +{{- end }} + hostIPC: false + hostPID: false + privileged: false + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + rule: MustRunAs + ranges: + - max: 65535 + min: 1 + volumes: + - configMap + - downwardAPI + - secret +{{- end }} diff --git a/charts/haproxy/haproxy/1.12.100/templates/controller-pullsecret.yaml b/charts/haproxy/haproxy/1.12.100/templates/controller-pullsecret.yaml new file mode 100644 index 000000000..88252394c --- /dev/null +++ b/charts/haproxy/haproxy/1.12.100/templates/controller-pullsecret.yaml @@ -0,0 +1,32 @@ +{{/* +Copyright 2019 HAProxy Technologies LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.controller.imageCredentials.registry }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "kubernetes-ingress.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} +type: kubernetes.io/dockerconfigjson +data: + .dockerconfigjson: {{ template "kubernetes-ingress.imagePullSecret" . }} +{{- end }} diff --git a/charts/haproxy/haproxy/1.12.100/templates/controller-role.yaml b/charts/haproxy/haproxy/1.12.100/templates/controller-role.yaml new file mode 100644 index 000000000..3e41df6e4 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.100/templates/controller-role.yaml @@ -0,0 +1,38 @@ +{{/* +Copyright 2019 HAProxy Technologies LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "kubernetes-ingress.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} +rules: +- apiGroups: + - "policy" + resources: + - podsecuritypolicies + verbs: + - use + resourceNames: + - {{ template "kubernetes-ingress.fullname" . }} +{{- end -}} diff --git a/charts/haproxy/haproxy/1.12.100/templates/controller-rolebinding.yaml b/charts/haproxy/haproxy/1.12.100/templates/controller-rolebinding.yaml new file mode 100644 index 000000000..40404a401 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.100/templates/controller-rolebinding.yaml @@ -0,0 +1,37 @@ +{{/* +Copyright 2019 HAProxy Technologies LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "kubernetes-ingress.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kubernetes-ingress.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ template "kubernetes-ingress.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end -}} diff --git a/charts/haproxy/haproxy/1.12.100/templates/controller-service.yaml b/charts/haproxy/haproxy/1.12.100/templates/controller-service.yaml new file mode 100644 index 000000000..eb2eea381 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.100/templates/controller-service.yaml @@ -0,0 +1,101 @@ +{{/* +Copyright 2019 HAProxy Technologies LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.controller.service.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "kubernetes-ingress.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} +{{- if .Values.controller.service.labels }} +{{ toYaml .Values.controller.service.labels | indent 4 }} +{{- end }} + annotations: +{{- range $key, $value := .Values.controller.service.annotations }} + {{ $key }}: {{ $value | quote }} +{{- end }} +spec: + {{ with .Values.controller.service.clusterIP }}clusterIP: {{ . }}{{ end }} + type: {{ .Values.controller.service.type }} + {{- if .Values.controller.service.externalTrafficPolicy }} + externalTrafficPolicy: {{ .Values.controller.service.externalTrafficPolicy }} + {{- end }} + {{- if .Values.controller.service.healthCheckNodePort }} + healthCheckNodePort: {{ .Values.controller.service.healthCheckNodePort }} + {{- end }} + ports: + {{- if .Values.controller.service.enablePorts.http }} + - name: http + port: {{ .Values.controller.service.ports.http }} + protocol: TCP + targetPort: {{ .Values.controller.service.targetPorts.http }} + {{- if .Values.controller.service.nodePorts.http }} + nodePort: {{ .Values.controller.service.nodePorts.http }} + {{- end }} + {{- end }} + {{- if .Values.controller.service.enablePorts.https }} + - name: https + port: {{ .Values.controller.service.ports.https }} + protocol: TCP + targetPort: {{ .Values.controller.service.targetPorts.https }} + {{- if .Values.controller.service.nodePorts.https }} + nodePort: {{ .Values.controller.service.nodePorts.https }} + {{- end }} + {{- end }} + {{- if .Values.controller.service.enablePorts.stat }} + - name: stat + port: {{ .Values.controller.service.ports.stat }} + protocol: TCP + targetPort: {{ .Values.controller.service.targetPorts.stat }} + {{- if .Values.controller.service.nodePorts.stat }} + nodePort: {{ .Values.controller.service.nodePorts.stat }} + {{- end }} + {{- end }} + {{- range .Values.controller.service.tcpPorts }} + - name: {{ .name }}-tcp + port: {{ .port }} + protocol: TCP + targetPort: {{ .targetPort }} + {{- if .nodePort }} + nodePort: {{ .nodePort }} + {{- end }} + {{- end }} + selector: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.controller.service.sessionAffinity }} + sessionAffinity: {{ .Values.controller.service.sessionAffinity }} + {{- end }} + externalIPs: +{{- if .Values.controller.service.externalIPs }} +{{ toYaml .Values.controller.service.externalIPs | indent 4 }} +{{- end -}} +{{- if (eq .Values.controller.service.type "LoadBalancer") }} +{{- if .Values.controller.service.loadBalancerIP }} + loadBalancerIP: "{{ .Values.controller.service.loadBalancerIP }}" +{{- end }} +{{- if .Values.controller.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: +{{ toYaml .Values.controller.service.loadBalancerSourceRanges | indent 4 }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/haproxy/haproxy/1.12.100/templates/controller-serviceaccount.yaml b/charts/haproxy/haproxy/1.12.100/templates/controller-serviceaccount.yaml new file mode 100644 index 000000000..c90710990 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.100/templates/controller-serviceaccount.yaml @@ -0,0 +1,29 @@ +{{/* +Copyright 2019 HAProxy Technologies LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if or .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "kubernetes-ingress.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} +{{- end -}} diff --git a/charts/haproxy/haproxy/1.12.100/templates/controller-servicemonitor.yaml b/charts/haproxy/haproxy/1.12.100/templates/controller-servicemonitor.yaml new file mode 100644 index 000000000..0f4c2c3af --- /dev/null +++ b/charts/haproxy/haproxy/1.12.100/templates/controller-servicemonitor.yaml @@ -0,0 +1,41 @@ +{{/* +Copyright 2019 HAProxy Technologies LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.controller.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kubernetes-ingress.serviceMonitorName" . }} + labels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + {{- if .Values.controller.serviceMonitor.extraLabels }} + {{ toYaml .Values.controller.serviceMonitor.extraLabels | nindent 4 }} + {{- end }} +spec: + endpoints: + {{ .Values.controller.serviceMonitor.endpoints | toYaml | nindent 4 }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + selector: + matchLabels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} diff --git a/charts/haproxy/haproxy/1.12.100/templates/default-backend-deployment.yaml b/charts/haproxy/haproxy/1.12.100/templates/default-backend-deployment.yaml new file mode 100644 index 000000000..9331f5f35 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.100/templates/default-backend-deployment.yaml @@ -0,0 +1,84 @@ +{{/* +Copyright 2019 HAProxy Technologies LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.defaultBackend.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} +spec: + {{- if not .Values.defaultBackend.autoscaling.enabled }} + replicas: {{ .Values.defaultBackend.replicaCount }} + {{- end }} + selector: + matchLabels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.defaultBackend.podLabels }} +{{ toYaml .Values.defaultBackend.podLabels | indent 8 }} + {{- end }} + {{- if .Values.defaultBackend.podAnnotations }} + annotations: +{{ toYaml .Values.defaultBackend.podAnnotations | indent 8 }} + {{- end }} + spec: +{{- if .Values.controller.priorityClassName }} + priorityClassName: {{ .Values.controller.priorityClassName }} +{{- end }} + containers: + - name: {{ template "kubernetes-ingress.name" . }}-{{ .Values.defaultBackend.name }} + image: "{{ .Values.defaultBackend.image.repository }}:{{ .Values.defaultBackend.image.tag }}" + imagePullPolicy: {{ .Values.defaultBackend.image.pullPolicy }} + ports: + - name: http + containerPort: {{ .Values.defaultBackend.containerPort }} + protocol: TCP + {{- if .Values.defaultBackend.extraEnvs }} + env: + {{- range .Values.defaultBackend.extraEnvs }} + - name: "{{ .name }}" + value: "{{ .value }}" + {{- end }} + {{- end }} + resources: + {{- toYaml .Values.defaultBackend.resources | nindent 12 }} + {{- with .Values.defaultBackend.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.defaultBackend.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ template "kubernetes-ingress.defaultBackend.serviceAccountName" . }} + terminationGracePeriodSeconds: 60 + {{- with .Values.defaultBackend.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end }} diff --git a/charts/haproxy/haproxy/1.12.100/templates/default-backend-hpa.yaml b/charts/haproxy/haproxy/1.12.100/templates/default-backend-hpa.yaml new file mode 100644 index 000000000..0fd8a65b7 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.100/templates/default-backend-hpa.yaml @@ -0,0 +1,49 @@ +{{/* +Copyright 2020 HAProxy Technologies LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.defaultBackend.autoscaling.enabled .Values.defaultBackend.enabled }} +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }} + minReplicas: {{ .Values.defaultBackend.autoscaling.minReplicas }} + maxReplicas: {{ .Values.defaultBackend.autoscaling.maxReplicas }} + metrics: + {{- if .Values.defaultBackend.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + targetAverageUtilization: {{ .Values.defaultBackend.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.defaultBackend.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + targetAverageUtilization: {{ .Values.defaultBackend.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/haproxy/haproxy/1.12.100/templates/default-backend-podsecuritypolicy.yaml b/charts/haproxy/haproxy/1.12.100/templates/default-backend-podsecuritypolicy.yaml new file mode 100644 index 000000000..82397b57b --- /dev/null +++ b/charts/haproxy/haproxy/1.12.100/templates/default-backend-podsecuritypolicy.yaml @@ -0,0 +1,64 @@ +{{/* +Copyright 2019 HAProxy Technologies LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: +{{- if .Values.podSecurityPolicy.annotations }} + annotations: +{{ toYaml .Values.podSecurityPolicy.annotations | indent 4 }} +{{- end }} + labels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }} + annotations: + seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default,runtime/default' + apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default' + seccomp.security.alpha.kubernetes.io/defaultProfileName: 'runtime/default' + apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' +spec: + allowPrivilegeEscalation: false + allowedCapabilities: + - NET_BIND_SERVICE + defaultAllowPrivilegeEscalation: false + fsGroup: + rule: MustRunAs + ranges: + - max: 65535 + min: 1 + hostNetwork: false + hostIPC: false + hostPID: false + privileged: false + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + rule: MustRunAs + ranges: + - max: 65535 + min: 1 + volumes: + - configMap + - downwardAPI + - secret +{{- end }} diff --git a/charts/haproxy/haproxy/1.12.100/templates/default-backend-role.yaml b/charts/haproxy/haproxy/1.12.100/templates/default-backend-role.yaml new file mode 100644 index 000000000..8475d04fc --- /dev/null +++ b/charts/haproxy/haproxy/1.12.100/templates/default-backend-role.yaml @@ -0,0 +1,38 @@ +{{/* +Copyright 2019 HAProxy Technologies LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} +rules: +- apiGroups: + - "policy" + resources: + - podsecuritypolicies + verbs: + - use + resourceNames: + - {{ template "kubernetes-ingress.defaultBackend.fullname" . }} +{{- end -}} diff --git a/charts/haproxy/haproxy/1.12.100/templates/default-backend-rolebinding.yaml b/charts/haproxy/haproxy/1.12.100/templates/default-backend-rolebinding.yaml new file mode 100644 index 000000000..3a94e9418 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.100/templates/default-backend-rolebinding.yaml @@ -0,0 +1,37 @@ +{{/* +Copyright 2019 HAProxy Technologies LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ template "kubernetes-ingress.defaultBackend.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end -}} diff --git a/charts/haproxy/haproxy/1.12.100/templates/default-backend-service.yaml b/charts/haproxy/haproxy/1.12.100/templates/default-backend-service.yaml new file mode 100644 index 000000000..6e0cf0e98 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.100/templates/default-backend-service.yaml @@ -0,0 +1,40 @@ +{{/* +Copyright 2019 HAProxy Technologies LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.defaultBackend.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} +spec: + type: ClusterIP + clusterIP: None + ports: + - name: http + port: {{ .Values.defaultBackend.service.port }} + protocol: TCP + targetPort: http + selector: + app.kubernetes.io/name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }} + app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} diff --git a/charts/haproxy/haproxy/1.12.100/templates/default-backend-serviceaccount.yaml b/charts/haproxy/haproxy/1.12.100/templates/default-backend-serviceaccount.yaml new file mode 100644 index 000000000..3c0853b14 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.100/templates/default-backend-serviceaccount.yaml @@ -0,0 +1,29 @@ +{{/* +Copyright 2019 HAProxy Technologies LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.serviceAccount.create .Values.defaultBackend.serviceAccount.create .Values.defaultBackend.enabled -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "kubernetes-ingress.defaultBackend.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} +{{- end -}} diff --git a/charts/haproxy/haproxy/1.12.100/values.yaml b/charts/haproxy/haproxy/1.12.100/values.yaml new file mode 100644 index 000000000..0ca2b7932 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.100/values.yaml @@ -0,0 +1,157 @@ +controller: + affinity: {} + autoscaling: + enabled: false + maxReplicas: 20 + minReplicas: 2 + targetCPUUtilizationPercentage: 80 + config: {} + containerPort: + http: 80 + https: 443 + stat: 1024 + daemonset: + hostPorts: + http: 80 + https: 443 + stat: 1024 + useHostNetwork: false + useHostPort: false + defaultTLSSecret: + enabled: true + secret: null + dnsConfig: {} + dnsPolicy: ClusterFirst + extraArgs: [] + extraContainers: [] + extraEnvs: [] + extraLabels: {} + extraVolumeMounts: [] + extraVolumes: [] + image: + pullPolicy: IfNotPresent + repository: haproxytech/kubernetes-ingress + tag: '{{ .Chart.AppVersion }}' + imageCredentials: + password: null + registry: null + username: null + ingressClass: null + initContainers: [] + kind: Deployment + lifecycle: {} + livenessProbe: + failureThreshold: 3 + initialDelaySeconds: 0 + path: /healthz + periodSeconds: 10 + port: 1042 + scheme: HTTP + successThreshold: 1 + timeoutSeconds: 1 + logging: + level: info + traffic: {} + name: controller + nodeSelector: {} + podAnnotations: {} + podLabels: {} + priorityClassName: "" + publishService: + enabled: false + pathOverride: "" + readinessProbe: + failureThreshold: 3 + initialDelaySeconds: 0 + path: /healthz + periodSeconds: 10 + port: 1042 + scheme: HTTP + successThreshold: 1 + timeoutSeconds: 1 + replicaCount: 2 + resources: + requests: + cpu: 100m + memory: 64Mi + service: + annotations: {} + enablePorts: + http: true + https: true + stat: true + enabled: true + externalIPs: [] + healthCheckNodePort: 0 + labels: {} + loadBalancerIP: "" + loadBalancerSourceRanges: [] + nodePorts: {} + ports: + http: 80 + https: 443 + stat: 1024 + targetPorts: + http: http + https: https + stat: stat + tcpPorts: [] + type: NodePort + serviceMonitor: + enabled: false + endpoints: + - path: /metrics + port: stat + scheme: http + extraLabels: {} + startupProbe: + failureThreshold: 20 + initialDelaySeconds: 0 + path: /healthz + periodSeconds: 1 + port: 1042 + scheme: HTTP + successThreshold: 1 + timeoutSeconds: 1 + strategy: {} + terminationGracePeriodSeconds: 60 + tolerations: [] + unprivileged: false +defaultBackend: + affinity: {} + autoscaling: + enabled: false + maxReplicas: 2 + minReplicas: 1 + targetCPUUtilizationPercentage: 80 + containerPort: 8080 + enabled: true + extraEnvs: [] + image: + pullPolicy: IfNotPresent + repository: k8s.gcr.io/defaultbackend-amd64 + runAsUser: 65534 + tag: 1.5 + name: default-backend + nodeSelector: {} + podAnnotations: {} + podLabels: {} + priorityClassName: "" + replicaCount: 2 + resources: + requests: + cpu: 10m + memory: 16Mi + service: + port: 8080 + serviceAccount: + create: true + tolerations: [] +podSecurityPolicy: + annotations: {} + enabled: false +rbac: + create: true +serviceAccount: + create: true + name: null diff --git a/charts/haproxy/haproxy/1.12.500/.helmignore b/charts/haproxy/haproxy/1.12.500/.helmignore new file mode 100644 index 000000000..f0c131944 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.500/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/charts/haproxy/haproxy/1.12.500/Chart.yaml b/charts/haproxy/haproxy/1.12.500/Chart.yaml new file mode 100644 index 000000000..323874d61 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.500/Chart.yaml @@ -0,0 +1,23 @@ +annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/release-name: haproxy +apiVersion: v1 +appVersion: 1.5.4 +description: A Helm chart for HAProxy Kubernetes Ingress Controller +home: https://github.com/haproxytech/helm-charts/tree/master/kubernetes-ingress +icon: http://www.haproxy.org/img/HAProxyCommunityEdition_60px.png +keywords: +- ingress +- haproxy +kubeVersion: '>=1.12.0-0' +maintainers: +- email: mmhedhbi@haproxy.com + name: Moemen Mhedhbi +- email: bassmann@haproxy.com + name: Baptiste Assmann +- email: dkorunic@haproxy.com + name: Dinko Korunic +name: haproxy +sources: +- https://github.com/haproxytech/kubernetes-ingress +version: 1.12.500 diff --git a/charts/haproxy/haproxy/1.12.500/README.md b/charts/haproxy/haproxy/1.12.500/README.md new file mode 100644 index 000000000..c7534e846 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.500/README.md @@ -0,0 +1,208 @@ +# ![HAProxy](https://github.com/haproxytech/kubernetes-ingress/raw/master/assets/images/haproxy-weblogo-210x49.png "HAProxy") + +## HAProxy Kubernetes Ingress Controller + +An ingress controller is a Kubernetes resource that routes traffic from outside your cluster to services within the cluster. HAProxy Kubernetes Ingress Controller uses ConfigMap to store the haproxy configuration. + +Detailed documentation can be found within the [Official Documentation](https://www.haproxy.com/documentation/hapee/2-0r1/traffic-management/kubernetes-ingress-controller/). + +Additional configuration details can be found in [annotation reference](https://github.com/haproxytech/kubernetes-ingress/tree/master/documentation) and in image [arguments reference](https://github.com/haproxytech/kubernetes-ingress/blob/master/documentation/controller.md). + +## Introduction + +This chart bootstraps an HAProxy kubernetes-ingress deployment/daemonset on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +### Prerequisites + +- Kubernetes 1.12+ +- Helm 2.9+ + +## Before you begin + +### Setup a Kubernetes Cluster + +The quickest way to setup a Kubernetes cluster is with [Azure Kubernetes Service](https://azure.microsoft.com/en-us/services/kubernetes-service/), [AWS Elastic Kubernetes Service](https://aws.amazon.com/eks/) or [Google Kubernetes Engine](https://cloud.google.com/kubernetes-engine/) using their respective quick-start guides. + +For setting up Kubernetes on other cloud platforms or bare-metal servers refer to the Kubernetes [getting started guide](http://kubernetes.io/docs/getting-started-guides/). + +### Install Helm + +Get the latest [Helm release](https://github.com/helm/helm#install). + +### Add Helm chart repo + +Once you have Helm installed, add the repo as follows: + +```console +helm repo add haproxytech https://haproxytech.github.io/helm-charts +helm repo update +``` + +## Install the chart + +To install the chart with Helm v3 as *my-release* deployment: + +```console +helm install my-release haproxytech/kubernetes-ingress +``` + +***NOTE***: To install the chart with Helm v2 (legacy Helm) the syntax requires adding deployment name to `--name` parameter: + +```console +helm install haproxytech/kubernetes-ingress \ + --name my-release +``` + +### Installing with unique name + +To auto-generate controller and its resources names when installing, use the following: + +```console +helm install haproxytech/kubernetes-ingress \ + --generate-name +``` + +### Installing from a private registry + +To install the chart using a private registry for controller into a separate namespace *prod*. + +***NOTE***: Helm v3 requires namespace to be precreated (eg. with ```kubectl create namespace prod```) + +```console +helm install my-ingress haproxytech/kubernetes-ingress \ + --namespace prod \ + --set controller.image.tag=SOMETAG \ + --set controller.imageCredentials.registry=myregistry.domain.com \ + --set controller.imageCredentials.username=MYUSERNAME \ + --set controller.imageCredentials.password=MYPASSWORD +``` + +Alternatively, use a pre-configured (existing) imagePullSecret in the same namespace: + +```console +helm install my-ingress haproxytech/kubernetes-ingress \ + --namespace prod \ + --set controller.image.tag=SOMETAG \ + --set controller.existingImagePullSecret name-of-existing-image-pull-secret +``` + +### Installing as DaemonSet + +Default controller mode is [Deployment](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/), but it is possible to use [DaemonSet](https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/) as well: + +```console +helm install my-ingress2 haproxytech/kubernetes-ingress \ + --set controller.kind=DaemonSet +``` + +### Installing in multi-ingress environment + +It is also possible to set controller ingress class to be used in [multi-ingress environments](https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/#using-multiple-ingress-controllers): + +```console +helm install my-ingress3 haproxytech/kubernetes-ingress \ + --set controller.kind=DaemonSet \ + --set controller.ingressClass=haproxy +``` + +***NOTE***: make sure your Ingress routes have corresponding `ingress.class: haproxy` annotation. + +### Installing with service annotations + +On some environments like EKS and GKE there might be a need to pass service annotations. Syntax can become a little tedious however: + +```console +helm install my-ingress3 haproxytech/kubernetes-ingress \ + --set controller.kind=DaemonSet \ + --set controller.ingressClass=haproxy \ + --set controller.service.type=LoadBalancer \ + --set controller.service.annotations."service\.beta\.kubernetes\.io/aws-load-balancer-internal"="0.0.0.0/0" \ + --set controller.service.annotations."service\.beta\.kubernetes\.io/aws-load-balancer-cross-zone-load-balancing-enabled"="true" +``` + +***NOTE***: With helm `--set` it is needed to put quotes and escape dots in the annotation key and commas in the value string. + +### Installing with Horizontal Pod Autoscaler + +[HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) automatically scales number of replicas in Deployment or Replication Controller and adjusts replica count. Therefore we want to unset default replicaCount for controller and defaultBackend by setting corresponding key values to null: + +```console +helm install my-ingress4 haproxytech/kubernetes-ingress \ + --set controller.replicaCount=null \ + --set defaultBackend.replicaCount=null +``` + +### Installing the ServiceMonitor + +If you're using the [Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator), you can automatically install the `ServiceMonitor` definition in order to automate the scraping options according to your needs. + +```console +helm install my-ingress5 haproxytech/kubernetes-ingress \ + --set "controller.serviceMonitor.enabled=true" +``` + +### Using values from YAML file + +As opposed to using many `--set` invocations, much simpler approach is to define value overrides in a separate YAML file and specify them when invoking Helm: + +*mylb.yaml*: + +```yaml +controller: + kind: DaemonSet + ingressClass: haproxy + service: + type: LoadBalancer + annotations: + service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: 'true' + service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0 +``` + +And invoking Helm becomes (compare to the previous example): + +```console +helm install my-ingress4 -f mylb.yml haproxytech/kubernetes-ingress +``` + +A typical YAML file for TCP services looks like (provided that configmap "[default/tcp](https://github.com/haproxytech/kubernetes-ingress/blob/master/documentation/controller.md)" was created) : + +```yaml +controller: + service: + tcpPorts: + - name: mysql + port: 3306 + targetPort: 3306 + extraArgs: + - --configmap-tcp-services=default/tcp +``` + +## Upgrading the chart + +To upgrade the *my-release* deployment: + +```console +helm upgrade my-release haproxytech/kubernetes-ingress +``` + +## Uninstalling the chart + +To uninstall/delete the *my-release* deployment: + +```console +helm delete my-release +``` + +## Debugging + +It is possible to generate a set of YAML files for testing/debugging: + +```console +helm install my-release haproxytech/kubernetes-ingress \ + --debug \ + --dry-run +``` + +## Contributing + +We welcome all contributions. Please refer to [guidelines](../CONTRIBUTING.md) on how to make a contribution. diff --git a/charts/haproxy/haproxy/1.12.500/app-readme.md b/charts/haproxy/haproxy/1.12.500/app-readme.md new file mode 100644 index 000000000..aae3d1bd8 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.500/app-readme.md @@ -0,0 +1,8 @@ +# HAProxy +[HAProxy](https://www.haproxy.org/) is the world's fastest and most widely used software load balancer. HAProxy allows organizations to deliver websites and applications with the utmost performance, observability, and security at any scale and in any environment. + +# HAProxy Enterprise +[HAProxy Enterprise](https://www.haproxy.com/products/haproxy-enterprise-edition/) is an enterprise-class version of HAProxy providing a robust and reliable code base with cutting edge features, an enterprise suite of add-ons, expert support, and professional services. At its core, it incorporates feature backports from the HAProxy development branch for customers who require immediate access to the latest functionality in a hardened version of code. + +## Introduction +This chart bootstraps the [HAProxy Ingress Controller](https://github.com/haproxytech/kubernetes-ingress) or the [HAProxy Enterprise Ingress Controller](https://www.haproxy.com/products/haproxy-enterprise-kubernetes-ingress-controller/) using the [Helm](https://helm.sh) package manager. diff --git a/charts/haproxy/haproxy/1.12.500/ci/daemonset-customconfig-values.yaml b/charts/haproxy/haproxy/1.12.500/ci/daemonset-customconfig-values.yaml new file mode 100644 index 000000000..116158a14 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.500/ci/daemonset-customconfig-values.yaml @@ -0,0 +1,4 @@ +controller: + kind: DaemonSet + config: + rate-limit: "ON" diff --git a/charts/haproxy/haproxy/1.12.500/ci/daemonset-customnodeport-values.yaml b/charts/haproxy/haproxy/1.12.500/ci/daemonset-customnodeport-values.yaml new file mode 100644 index 000000000..c9de04c16 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.500/ci/daemonset-customnodeport-values.yaml @@ -0,0 +1,7 @@ +controller: + kind: DaemonSet + service: + type: NodePort + ports: + 8000: 10000 + 8001: 10001 diff --git a/charts/haproxy/haproxy/1.12.500/ci/daemonset-default-values.yaml b/charts/haproxy/haproxy/1.12.500/ci/daemonset-default-values.yaml new file mode 100644 index 000000000..ddb25623a --- /dev/null +++ b/charts/haproxy/haproxy/1.12.500/ci/daemonset-default-values.yaml @@ -0,0 +1,2 @@ +controller: + kind: DaemonSet diff --git a/charts/haproxy/haproxy/1.12.500/ci/daemonset-disableddefaultbackend-values.yaml b/charts/haproxy/haproxy/1.12.500/ci/daemonset-disableddefaultbackend-values.yaml new file mode 100644 index 000000000..3a1687a33 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.500/ci/daemonset-disableddefaultbackend-values.yaml @@ -0,0 +1,4 @@ +controller: + kind: DaemonSet +defaultBackend: + enabled: false diff --git a/charts/haproxy/haproxy/1.12.500/ci/daemonset-disabledsecretconfig-values.yaml b/charts/haproxy/haproxy/1.12.500/ci/daemonset-disabledsecretconfig-values.yaml new file mode 100644 index 000000000..362fbb982 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.500/ci/daemonset-disabledsecretconfig-values.yaml @@ -0,0 +1,4 @@ +controller: + kind: DaemonSet + defaultTLSSecret: + enabled: false diff --git a/charts/haproxy/haproxy/1.12.500/ci/daemonset-enableports-values.yaml b/charts/haproxy/haproxy/1.12.500/ci/daemonset-enableports-values.yaml new file mode 100644 index 000000000..9a41dac52 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.500/ci/daemonset-enableports-values.yaml @@ -0,0 +1,7 @@ +controller: + kind: DaemonSet + service: + enablePorts: + http: false + https: true + stat: false diff --git a/charts/haproxy/haproxy/1.12.500/ci/daemonset-extraargs-values.yaml b/charts/haproxy/haproxy/1.12.500/ci/daemonset-extraargs-values.yaml new file mode 100644 index 000000000..691acbc44 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.500/ci/daemonset-extraargs-values.yaml @@ -0,0 +1,4 @@ +controller: + kind: DaemonSet + extraArgs: + - --namespace-whitelist=default diff --git a/charts/haproxy/haproxy/1.12.500/ci/daemonset-hostport-values.yaml b/charts/haproxy/haproxy/1.12.500/ci/daemonset-hostport-values.yaml new file mode 100644 index 000000000..45042ea50 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.500/ci/daemonset-hostport-values.yaml @@ -0,0 +1,8 @@ +controller: + kind: DaemonSet + daemonset: + useHostPort: true + hostPorts: + http: 80 + https: 443 + stat: 1024 diff --git a/charts/haproxy/haproxy/1.12.500/ci/daemonset-nodeport-values.yaml b/charts/haproxy/haproxy/1.12.500/ci/daemonset-nodeport-values.yaml new file mode 100644 index 000000000..ebc8f1020 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.500/ci/daemonset-nodeport-values.yaml @@ -0,0 +1,4 @@ +controller: + kind: DaemonSet + service: + type: NodePort diff --git a/charts/haproxy/haproxy/1.12.500/ci/daemonset-publishservice-values.yaml b/charts/haproxy/haproxy/1.12.500/ci/daemonset-publishservice-values.yaml new file mode 100644 index 000000000..b538cb542 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.500/ci/daemonset-publishservice-values.yaml @@ -0,0 +1,5 @@ +controller: + kind: DaemonSet + service: + annotations: + service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0 diff --git a/charts/haproxy/haproxy/1.12.500/ci/daemonset-serviceannotation-values.yaml b/charts/haproxy/haproxy/1.12.500/ci/daemonset-serviceannotation-values.yaml new file mode 100644 index 000000000..b538cb542 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.500/ci/daemonset-serviceannotation-values.yaml @@ -0,0 +1,5 @@ +controller: + kind: DaemonSet + service: + annotations: + service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0 diff --git a/charts/haproxy/haproxy/1.12.500/ci/deployment-customconfig-values.yaml b/charts/haproxy/haproxy/1.12.500/ci/deployment-customconfig-values.yaml new file mode 100644 index 000000000..12c48d22d --- /dev/null +++ b/charts/haproxy/haproxy/1.12.500/ci/deployment-customconfig-values.yaml @@ -0,0 +1,3 @@ +controller: + config: + rate-limit: "ON" diff --git a/charts/haproxy/haproxy/1.12.500/ci/deployment-customnodeport-values.yaml b/charts/haproxy/haproxy/1.12.500/ci/deployment-customnodeport-values.yaml new file mode 100644 index 000000000..f044362aa --- /dev/null +++ b/charts/haproxy/haproxy/1.12.500/ci/deployment-customnodeport-values.yaml @@ -0,0 +1,6 @@ +controller: + service: + type: NodePort + ports: + 8000: 10000 + 8001: 10001 diff --git a/charts/haproxy/haproxy/1.12.500/ci/deployment-default-values.yaml b/charts/haproxy/haproxy/1.12.500/ci/deployment-default-values.yaml new file mode 100644 index 000000000..792d60054 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.500/ci/deployment-default-values.yaml @@ -0,0 +1 @@ +# diff --git a/charts/haproxy/haproxy/1.12.500/ci/deployment-disableddefaultbackend-values.yaml b/charts/haproxy/haproxy/1.12.500/ci/deployment-disableddefaultbackend-values.yaml new file mode 100644 index 000000000..ba2a61ebe --- /dev/null +++ b/charts/haproxy/haproxy/1.12.500/ci/deployment-disableddefaultbackend-values.yaml @@ -0,0 +1,2 @@ +defaultBackend: + enabled: false diff --git a/charts/haproxy/haproxy/1.12.500/ci/deployment-disabledsecretconfig-values.yaml b/charts/haproxy/haproxy/1.12.500/ci/deployment-disabledsecretconfig-values.yaml new file mode 100644 index 000000000..767645997 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.500/ci/deployment-disabledsecretconfig-values.yaml @@ -0,0 +1,3 @@ +controller: + defaultTLSSecret: + enabled: false diff --git a/charts/haproxy/haproxy/1.12.500/ci/deployment-enableports-values.yaml b/charts/haproxy/haproxy/1.12.500/ci/deployment-enableports-values.yaml new file mode 100644 index 000000000..03ff297b4 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.500/ci/deployment-enableports-values.yaml @@ -0,0 +1,6 @@ +controller: + service: + enablePorts: + http: false + https: true + stat: false diff --git a/charts/haproxy/haproxy/1.12.500/ci/deployment-extraargs-values.yaml b/charts/haproxy/haproxy/1.12.500/ci/deployment-extraargs-values.yaml new file mode 100644 index 000000000..d0e1dbe73 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.500/ci/deployment-extraargs-values.yaml @@ -0,0 +1,3 @@ +controller: + extraArgs: + - --namespace-whitelist=default diff --git a/charts/haproxy/haproxy/1.12.500/ci/deployment-hpa-values.yaml b/charts/haproxy/haproxy/1.12.500/ci/deployment-hpa-values.yaml new file mode 100644 index 000000000..0c8326236 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.500/ci/deployment-hpa-values.yaml @@ -0,0 +1,14 @@ +controller: + kind: Deployment + autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 5 + targetCPUUtilizationPercentage: 80 + +defaultBackend: + autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 2 + targetCPUUtilizationPercentage: 50 diff --git a/charts/haproxy/haproxy/1.12.500/ci/deployment-nodeport-values.yaml b/charts/haproxy/haproxy/1.12.500/ci/deployment-nodeport-values.yaml new file mode 100644 index 000000000..ffdc47b2d --- /dev/null +++ b/charts/haproxy/haproxy/1.12.500/ci/deployment-nodeport-values.yaml @@ -0,0 +1,3 @@ +controller: + service: + type: NodePort diff --git a/charts/haproxy/haproxy/1.12.500/ci/deployment-psp-values.yaml b/charts/haproxy/haproxy/1.12.500/ci/deployment-psp-values.yaml new file mode 100644 index 000000000..7aae8605d --- /dev/null +++ b/charts/haproxy/haproxy/1.12.500/ci/deployment-psp-values.yaml @@ -0,0 +1,2 @@ +podSecurityPolicy: + enabled: true diff --git a/charts/haproxy/haproxy/1.12.500/ci/deployment-publishservice-values.yaml b/charts/haproxy/haproxy/1.12.500/ci/deployment-publishservice-values.yaml new file mode 100644 index 000000000..6d8bf9bf7 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.500/ci/deployment-publishservice-values.yaml @@ -0,0 +1,4 @@ +controller: + kind: DaemonSet + publishService: + enabled: true diff --git a/charts/haproxy/haproxy/1.12.500/ci/deployment-replicacount-unset.yaml b/charts/haproxy/haproxy/1.12.500/ci/deployment-replicacount-unset.yaml new file mode 100644 index 000000000..78ee30060 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.500/ci/deployment-replicacount-unset.yaml @@ -0,0 +1,5 @@ +controller: + replicaCount: null + +defaultBackend: + replicaCount: null diff --git a/charts/haproxy/haproxy/1.12.500/questions.yml b/charts/haproxy/haproxy/1.12.500/questions.yml new file mode 100644 index 000000000..298326086 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.500/questions.yml @@ -0,0 +1,73 @@ +questions: +- variable: imageDefault + default: true + description: "Use default Docker image" + label: Use Default Image + type: boolean + group: "Settings" + show_subquestion_if: false + subquestions: + - variable: controller.image.tag + default: "1.5.4" + description: "HAProxy Ingress Controller Tag" + type: string + label: HAProxy Ingress Controller Tag +- variable: controller.kind + type: enum + options: + - "DaemonSet" + - "Deployment" + default: "Deployment" + description: "Deployment Type" + label: Deployment Type + group: "Settings" +- variable: controller.service.type + type: enum + options: + - "LoadBalancer" + - "NodePort" + default: "NodePort" + description: "Service Type for HAProxy Ingress Controller" + label: Service Type + group: "Settings" +- variable: controller.ingressClass + default: "" + description: "Ingress Class for targeting this controller" + label: Ingress Class + type: string + group: "Settings" +- variable: controller.defaultTLSSecret.secret + default: "" + description: "Default TLS certificate secret" + label: TLS Certificate Secret + type: string + group: "Settings" +- variable: enableEnterprise + default: false + description: "Use HAProxy Enterprise" + label: Enable + type: boolean + group: "HAProxy Enterprise" + show_subquestion_if: true + subquestions: + - variable: controller.imageCredentials.registry + type: string + default: "kubernetes-registry.haproxy.com" + description: "HAProxy Enterprise Registtry" + label: Registry + - variable: controller.image.repository + type: string + default: "kubernetes-registry.haproxy.com/hapee-ingress" + description: "HAProxy Enterprise Registry" + label: Repository + - variable: controller.imageCredentials.username + type: string + default: "MYUSERNAME" + description: "HAProxy Enterprise Username" + label: Username + - variable: controller.imageCredentials.password + type: string + default: "MYPASSWORD" + description: "HAProxy Enterprise Password" + label: Password + diff --git a/charts/haproxy/haproxy/1.12.500/templates/NOTES.txt b/charts/haproxy/haproxy/1.12.500/templates/NOTES.txt new file mode 100644 index 000000000..522e23017 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.500/templates/NOTES.txt @@ -0,0 +1,67 @@ +HAProxy Kubernetes Ingress Controller has been successfully installed. + +Controller image deployed is: "{{ .Values.controller.image.repository }}:{{ tpl .Values.controller.image.tag . }}". +Your controller is of a "{{ .Values.controller.kind }}" kind. Your controller service is running as a "{{ .Values.controller.service.type }}" type. +{{- if and .Values.rbac.create}} +RBAC authorization is enabled. +{{- else}} +RBAC authorization is disabled. +{{- end}} +{{- if .Values.controller.ingressClass}} +Controller ingress.class is set to "{{ .Values.controller.ingressClass }}" so make sure to use same annotation for +Ingress resource. +{{- end}} + +Service ports mapped are: +{{- if eq .Values.controller.kind "Deployment" }} +{{- range $key, $value := .Values.controller.containerPort }} + - name: {{ $key }} + containerPort: {{ $value }} + protocol: TCP +{{- end }} +{{- end }} +{{- if eq .Values.controller.kind "DaemonSet" }} +{{- $hostPorts := .Values.controller.daemonset.hostPorts -}} +{{- range $key, $value := .Values.controller.containerPort }} + - name: {{ $key }} + containerPort: {{ $value }} + protocol: TCP + hostPort: {{ index $hostPorts $key | default $value }} +{{- end }} +{{- end }} + +Node IP can be found with: + $ kubectl --namespace {{ .Release.Namespace }} get nodes -o jsonpath="{.items[0].status.addresses[1].address}" + +The following ingress resource routes traffic to pods that match the following: + * service name: web + * client's Host header: webdemo.com + * path begins with / + + --- + apiVersion: networking.k8s.io/v1beta1 + kind: Ingress + metadata: + name: web-ingress + namespace: default + spec: + rules: + - host: webdemo.com + http: + paths: + - path: / + backend: + serviceName: web + servicePort: 80 + +In case that you are using multi-ingress controller environment, make sure to use ingress.class annotation and match it +with helm chart option controller.ingressClass. + +For more examples and up to date documentation, please visit: + * Helm chart documentation: https://github.com/haproxytech/helm-charts/tree/master/kubernetes-ingress + * Controller documentation: https://www.haproxy.com/documentation/hapee/2-0r1/traffic-management/kubernetes-ingress-controller/ + * Annotation reference: https://github.com/haproxytech/kubernetes-ingress/tree/master/documentation + * Image parameters reference: https://github.com/haproxytech/kubernetes-ingress/blob/master/documentation/controller.md + + + diff --git a/charts/haproxy/haproxy/1.12.500/templates/_helpers.tpl b/charts/haproxy/haproxy/1.12.500/templates/_helpers.tpl new file mode 100644 index 000000000..5a1e28588 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.500/templates/_helpers.tpl @@ -0,0 +1,130 @@ +{{/* +Copyright 2019 HAProxy Technologies LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "kubernetes-ingress.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "kubernetes-ingress.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "kubernetes-ingress.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Encode an imagePullSecret string. +*/}} +{{- define "kubernetes-ingress.imagePullSecret" }} +{{- printf "{\"auths\": {\"%s\": {\"auth\": \"%s\"}}}" .Values.controller.imageCredentials.registry (printf "%s:%s" .Values.controller.imageCredentials.username .Values.controller.imageCredentials.password | b64enc) | b64enc }} +{{- end }} + +{{/* +Generate default certificate for HAProxy. +*/}} +{{- define "kubernetes-ingress.gen-certs" -}} +{{- $ca := genCA "kubernetes-ingress-ca" 365 -}} +{{- $cn := printf "%s.%s" .Release.Name .Release.Namespace -}} +{{- $cert := genSignedCert $cn nil nil 365 $ca -}} +tls.crt: {{ $cert.Cert | b64enc }} +tls.key: {{ $cert.Key | b64enc }} +{{- end -}} + +{{/* +Create the name of the controller service account to use. +*/}} +{{- define "kubernetes-ingress.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "kubernetes-ingress.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the backend service account to use - only used when podsecuritypolicy is also enabled +*/}} +{{- define "kubernetes-ingress.defaultBackend.serviceAccountName" -}} +{{- if or .Values.serviceAccount.create .Values.defaultBackend.serviceAccount.create -}} + {{ default (printf "%s-%s" (include "kubernetes-ingress.fullname" .) .Values.defaultBackend.name) .Values.defaultBackend.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.defaultBackend.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create a default fully qualified default backend name. +*/}} +{{- define "kubernetes-ingress.defaultBackend.fullname" -}} +{{- printf "%s-%s" (include "kubernetes-ingress.fullname" .) .Values.defaultBackend.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified default cert secret name. +*/}} +{{- define "kubernetes-ingress.defaultTLSSecret.fullname" -}} +{{- printf "%s-%s" (include "kubernetes-ingress.fullname" .) "default-cert" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Construct the path for the publish-service. +By default this will use the / matching the controller's service name. +Users can provide an override for an explicit service they want to use via `.Values.controller.publishService.pathOverride` +*/}} +{{- define "kubernetes-ingress.publishServicePath" -}} +{{- $defServicePath := printf "%s/%s" .Release.Namespace (include "kubernetes-ingress.fullname" .) -}} +{{- $servicePath := default $defServicePath .Values.controller.publishService.pathOverride }} +{{- print $servicePath | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Construct the syslog-server annotation +*/}} +{{- define "kubernetes-ingress.syslogServer" -}} +{{- range $key, $val := .Values.controller.logging.traffic -}} +{{- printf "%s:%s, " $key $val }} +{{- end -}} +{{- end -}} + +{{/* +Create a default fully qualified ServiceMonitor name. +*/}} +{{- define "kubernetes-ingress.serviceMonitorName" -}} +{{- default (include "kubernetes-ingress.fullname" .) .Values.controller.serviceMonitor.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* vim: set filetype=mustache: */}} diff --git a/charts/haproxy/haproxy/1.12.500/templates/clusterrole.yaml b/charts/haproxy/haproxy/1.12.500/templates/clusterrole.yaml new file mode 100644 index 000000000..4f9b4734a --- /dev/null +++ b/charts/haproxy/haproxy/1.12.500/templates/clusterrole.yaml @@ -0,0 +1,60 @@ +{{/* +Copyright 2019 HAProxy Technologies LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "kubernetes-ingress.fullname" . }} + labels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} +rules: +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - services + - namespaces + - events + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "extensions" + - "networking.k8s.io" + resources: + - ingresses + - ingresses/status + - ingressclasses + verbs: + - get + - list + - watch +- apiGroups: + - "extensions" + - "networking.k8s.io" + resources: + - ingresses/status + verbs: + - update +{{- end -}} diff --git a/charts/haproxy/haproxy/1.12.500/templates/clusterrolebinding.yaml b/charts/haproxy/haproxy/1.12.500/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..cfd226083 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.500/templates/clusterrolebinding.yaml @@ -0,0 +1,37 @@ +{{/* +Copyright 2019 HAProxy Technologies LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "kubernetes-ingress.fullname" . }} + labels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kubernetes-ingress.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ template "kubernetes-ingress.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end -}} + diff --git a/charts/haproxy/haproxy/1.12.500/templates/controller-configmap.yaml b/charts/haproxy/haproxy/1.12.500/templates/controller-configmap.yaml new file mode 100644 index 000000000..94aa9c554 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.500/templates/controller-configmap.yaml @@ -0,0 +1,34 @@ +{{/* +Copyright 2019 HAProxy Technologies LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "kubernetes-ingress.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} +data: +{{- if .Values.controller.logging.traffic }} + syslog-server: {{ template "kubernetes-ingress.syslogServer" . }} +{{- end }} +{{- if .Values.controller.config }} +{{ toYaml .Values.controller.config | indent 2 }} +{{- end }} diff --git a/charts/haproxy/haproxy/1.12.500/templates/controller-daemonset.yaml b/charts/haproxy/haproxy/1.12.500/templates/controller-daemonset.yaml new file mode 100644 index 000000000..5d2ae478a --- /dev/null +++ b/charts/haproxy/haproxy/1.12.500/templates/controller-daemonset.yaml @@ -0,0 +1,237 @@ +{{/* +Copyright 2019 HAProxy Technologies LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if eq .Values.controller.kind "DaemonSet" }} +{{- $useHostNetwork := .Values.controller.daemonset.useHostNetwork -}} +{{- $useHostPort := .Values.controller.daemonset.useHostPort -}} +{{- $hostPorts := .Values.controller.daemonset.hostPorts -}} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ template "kubernetes-ingress.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + {{- if .Values.controller.extraLabels }} +{{ toYaml .Values.controller.extraLabels | indent 4 }} + {{- end }} +spec: + minReadySeconds: 0 + updateStrategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 1 + selector: + matchLabels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.controller.podLabels }} +{{ toYaml .Values.controller.podLabels | indent 8 }} + {{- end }} + {{- if .Values.controller.podAnnotations }} + annotations: +{{ toYaml .Values.controller.podAnnotations | indent 8 }} + {{- end }} + spec: + serviceAccountName: {{ template "kubernetes-ingress.serviceAccountName" . }} + terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }} + {{- if $useHostNetwork }} + hostNetwork: true + {{- end }} +{{- if .Values.controller.dnsConfig }} + dnsConfig: +{{ toYaml .Values.controller.dnsConfig | indent 8 }} +{{- end }} + dnsPolicy: {{ .Values.controller.dnsPolicy }} +{{- if .Values.controller.imageCredentials.registry }} + imagePullSecrets: + - name: {{ template "kubernetes-ingress.fullname" . }} +{{- else if .Values.controller.existingImagePullSecret }} + imagePullSecrets: + - name: {{ .Values.controller.existingImagePullSecret }} +{{- end }} +{{- if .Values.controller.priorityClassName }} + priorityClassName: {{ .Values.controller.priorityClassName }} +{{- end }} + containers: + - name: {{ template "kubernetes-ingress.name" . }}-{{ .Values.controller.name }} + image: "{{ .Values.controller.image.repository }}:{{ tpl .Values.controller.image.tag . }}" + imagePullPolicy: {{ .Values.controller.image.pullPolicy }} + args: +{{- if and .Values.controller.defaultTLSSecret.enabled -}} +{{- if .Values.controller.defaultTLSSecret.secret }} + - --default-ssl-certificate={{ .Release.Namespace }}/{{ .Values.controller.defaultTLSSecret.secret }} +{{- else }} + - --default-ssl-certificate={{ .Release.Namespace }}/{{ template "kubernetes-ingress.defaultTLSSecret.fullname" . }} +{{- end }} +{{- end }} + - --configmap={{ .Release.Namespace }}/{{ template "kubernetes-ingress.fullname" . }} +{{- if .Values.defaultBackend.enabled }} + - --default-backend-service={{ .Release.Namespace }}/{{ template "kubernetes-ingress.defaultBackend.fullname" . }} +{{- end }} +{{- if .Values.controller.ingressClass }} + - --ingress.class={{ .Values.controller.ingressClass }} +{{- end }} +{{- if .Values.controller.publishService.enabled }} + - --publish-service={{ template "kubernetes-ingress.publishServicePath" . }} +{{- end }} +{{- if .Values.controller.logging.level }} + - --log={{ .Values.controller.logging.level }} +{{- end }} +{{- range .Values.controller.extraArgs }} + - {{ . }} +{{- end }} + {{- if .Values.controller.unprivileged }} + securityContext: + runAsUser: 1000 + runAsGroup: 1000 + capabilities: + drop: + - ALL + add: + - NET_BIND_SERVICE + {{- end }} + ports: + {{- range $key, $value := .Values.controller.containerPort }} + - name: {{ $key }} + containerPort: {{ $value }} + protocol: TCP + {{- if $useHostPort }} + hostPort: {{ index $hostPorts $key | default $value }} + {{- end }} + {{- end }} + {{- range .Values.controller.service.tcpPorts }} + - name: {{ .name }}-tcp + containerPort: {{ .port }} + protocol: TCP + {{- if $useHostPort }} + hostPort: {{ .port }} + {{- end }} + {{- end }} + livenessProbe: + failureThreshold: {{ .Values.controller.livenessProbe.failureThreshold }} + httpGet: + path: {{ .Values.controller.livenessProbe.path }} + port: {{ .Values.controller.livenessProbe.port }} + scheme: {{ .Values.controller.livenessProbe.scheme }} + initialDelaySeconds: {{ .Values.controller.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.controller.livenessProbe.periodSeconds }} + successThreshold: {{ .Values.controller.livenessProbe.successThreshold }} + timeoutSeconds: {{ .Values.controller.livenessProbe.timeoutSeconds }} + readinessProbe: + failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }} + httpGet: + path: {{ .Values.controller.readinessProbe.path }} + port: {{ .Values.controller.readinessProbe.port }} + scheme: {{ .Values.controller.readinessProbe.scheme }} + initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }} + successThreshold: {{ .Values.controller.readinessProbe.successThreshold }} + timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }} + startupProbe: + failureThreshold: {{ .Values.controller.startupProbe.failureThreshold }} + httpGet: + path: {{ .Values.controller.startupProbe.path }} + port: {{ .Values.controller.startupProbe.port }} + scheme: {{ .Values.controller.startupProbe.scheme }} + initialDelaySeconds: {{ .Values.controller.startupProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.controller.startupProbe.periodSeconds }} + successThreshold: {{ .Values.controller.startupProbe.successThreshold }} + timeoutSeconds: {{ .Values.controller.startupProbe.timeoutSeconds }} + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + {{- range .Values.controller.extraEnvs }} + - name: "{{ .name }}" + value: "{{ .value }}" + {{- end }} + resources: + {{- toYaml .Values.controller.resources | nindent 12 }} + {{- if .Values.controller.lifecycle }} + lifecycle: + {{- if eq "string" (printf "%T" .Values.controller.lifecycle) }} +{{ tpl .Values.controller.lifecycle . | indent 12 }} + {{- else }} +{{ toYaml .Values.controller.lifecycle | indent 12 }} + {{- end }} + {{- end }} + {{- if .Values.controller.extraVolumeMounts }} + volumeMounts: + {{- if eq "string" (printf "%T" .Values.controller.extraVolumeMounts) }} +{{ tpl .Values.controller.extraVolumeMounts . | indent 12 }} + {{- else }} +{{ toYaml .Values.controller.extraVolumeMounts | indent 12 }} + {{- end }} + {{- end}} + {{- if .Values.controller.extraContainers }} + {{- if eq "string" (printf "%T" .Values.controller.extraContainers) }} +{{ tpl .Values.controller.extraContainers . | indent 8 }} + {{- else }} +{{ toYaml .Values.controller.extraContainers | indent 8 }} + {{- end }} + {{- end }} + {{- if .Values.controller.extraVolumes }} + volumes: + {{- if eq "string" (printf "%T" .Values.controller.extraVolumes) }} +{{ tpl .Values.controller.extraVolumes . | indent 8 }} + {{- else }} +{{ toYaml .Values.controller.extraVolumes | indent 8 }} + {{- end }} + {{- end }} + {{- if or .Values.controller.unprivileged .Values.controller.initContainers }} + initContainers: + {{- if .Values.controller.unprivileged }} + - name: sysctl + image: busybox:musl + command: + - /bin/sh + - -c + - sysctl -w net.ipv4.ip_unprivileged_port_start=0 + securityContext: + privileged: true + {{- end }} + {{- with.Values.controller.initContainers }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- end }} + {{- with .Values.controller.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end }} diff --git a/charts/haproxy/haproxy/1.12.500/templates/controller-defaultcertsecret.yaml b/charts/haproxy/haproxy/1.12.500/templates/controller-defaultcertsecret.yaml new file mode 100644 index 000000000..b409c7b25 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.500/templates/controller-defaultcertsecret.yaml @@ -0,0 +1,35 @@ +{{/* +Copyright 2019 HAProxy Technologies LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.controller.defaultTLSSecret.enabled }} +apiVersion: v1 +kind: Secret +type: kubernetes.io/tls +metadata: + name: {{ template "kubernetes-ingress.defaultTLSSecret.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + annotations: + "helm.sh/hook": "pre-install" + "helm.sh/hook-delete-policy": "before-hook-creation" +data: +{{ ( include "kubernetes-ingress.gen-certs" . ) | indent 2 }} +{{- end }} \ No newline at end of file diff --git a/charts/haproxy/haproxy/1.12.500/templates/controller-deployment.yaml b/charts/haproxy/haproxy/1.12.500/templates/controller-deployment.yaml new file mode 100644 index 000000000..53568e1d9 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.500/templates/controller-deployment.yaml @@ -0,0 +1,229 @@ +{{/* +Copyright 2019 HAProxy Technologies LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if eq .Values.controller.kind "Deployment" }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "kubernetes-ingress.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + {{- if .Values.controller.extraLabels }} +{{ toYaml .Values.controller.extraLabels | indent 4 }} + {{- end }} +spec: + {{- if not .Values.controller.autoscaling.enabled }} + replicas: {{ .Values.controller.replicaCount }} + {{- end }} + selector: + matchLabels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- with .Values.controller.strategy }} + strategy: + {{- toYaml . | nindent 4 }} + {{- end }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.controller.podLabels }} +{{ toYaml .Values.controller.podLabels | indent 8 }} + {{- end }} + {{- if .Values.controller.podAnnotations }} + annotations: +{{ toYaml .Values.controller.podAnnotations | indent 8 }} + {{- end }} + spec: + serviceAccountName: {{ template "kubernetes-ingress.serviceAccountName" . }} + terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }} +{{- with .Values.controller.topologySpreadConstraints }} + topologySpreadConstraints: + {{- toYaml . | nindent 8 }} +{{- end }} +{{- if .Values.controller.dnsConfig }} + dnsConfig: +{{ toYaml .Values.controller.dnsConfig | indent 8 }} +{{- end }} + dnsPolicy: {{ .Values.controller.dnsPolicy }} +{{- if .Values.controller.imageCredentials.registry }} + imagePullSecrets: + - name: {{ template "kubernetes-ingress.fullname" . }} +{{- else if .Values.controller.existingImagePullSecret }} + imagePullSecrets: + - name: {{ .Values.controller.existingImagePullSecret }} +{{- end }} +{{- if .Values.controller.priorityClassName }} + priorityClassName: {{ .Values.controller.priorityClassName }} +{{- end }} + containers: + - name: {{ template "kubernetes-ingress.name" . }}-{{ .Values.controller.name }} + image: "{{ .Values.controller.image.repository }}:{{ tpl .Values.controller.image.tag . }}" + imagePullPolicy: {{ .Values.controller.image.pullPolicy }} + args: +{{- if .Values.controller.defaultTLSSecret.secret }} + - --default-ssl-certificate={{ .Release.Namespace }}/{{ .Values.controller.defaultTLSSecret.secret }} +{{- else }} + - --default-ssl-certificate={{ .Release.Namespace }}/{{ template "kubernetes-ingress.defaultTLSSecret.fullname" . }} +{{- end }} + - --configmap={{ .Release.Namespace }}/{{ template "kubernetes-ingress.fullname" . }} +{{- if .Values.defaultBackend.enabled }} + - --default-backend-service={{ .Release.Namespace }}/{{ template "kubernetes-ingress.defaultBackend.fullname" . }} +{{- end }} +{{- if .Values.controller.ingressClass }} + - --ingress.class={{ .Values.controller.ingressClass }} +{{- end }} +{{- if .Values.controller.publishService.enabled }} + - --publish-service={{ template "kubernetes-ingress.publishServicePath" . }} +{{- end }} +{{- if .Values.controller.logging.level }} + - --log={{ .Values.controller.logging.level }} +{{- end }} +{{- range .Values.controller.extraArgs }} + - {{ . }} +{{- end }} + {{- if .Values.controller.unprivileged }} + securityContext: + runAsUser: 1000 + runAsGroup: 1000 + capabilities: + drop: + - ALL + add: + - NET_BIND_SERVICE + {{- end }} + ports: + {{- range $key, $value := .Values.controller.containerPort }} + - name: {{ $key }} + containerPort: {{ $value }} + protocol: TCP + {{- end }} + {{- range .Values.controller.service.tcpPorts }} + - name: {{ .name }}-tcp + containerPort: {{ .targetPort }} + protocol: TCP + {{- end }} + livenessProbe: + failureThreshold: {{ .Values.controller.livenessProbe.failureThreshold }} + httpGet: + path: {{ .Values.controller.livenessProbe.path }} + port: {{ .Values.controller.livenessProbe.port }} + scheme: {{ .Values.controller.livenessProbe.scheme }} + initialDelaySeconds: {{ .Values.controller.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.controller.livenessProbe.periodSeconds }} + successThreshold: {{ .Values.controller.livenessProbe.successThreshold }} + timeoutSeconds: {{ .Values.controller.livenessProbe.timeoutSeconds }} + readinessProbe: + failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }} + httpGet: + path: {{ .Values.controller.readinessProbe.path }} + port: {{ .Values.controller.readinessProbe.port }} + scheme: {{ .Values.controller.readinessProbe.scheme }} + initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }} + successThreshold: {{ .Values.controller.readinessProbe.successThreshold }} + timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }} + startupProbe: + failureThreshold: {{ .Values.controller.startupProbe.failureThreshold }} + httpGet: + path: {{ .Values.controller.startupProbe.path }} + port: {{ .Values.controller.startupProbe.port }} + scheme: {{ .Values.controller.startupProbe.scheme }} + initialDelaySeconds: {{ .Values.controller.startupProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.controller.startupProbe.periodSeconds }} + successThreshold: {{ .Values.controller.startupProbe.successThreshold }} + timeoutSeconds: {{ .Values.controller.startupProbe.timeoutSeconds }} + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + {{- range .Values.controller.extraEnvs }} + - name: {{ .name }} + value: {{ .value }} + {{- end }} + resources: + {{- toYaml .Values.controller.resources | nindent 12 }} + {{- if .Values.controller.lifecycle }} + lifecycle: + {{- if eq "string" (printf "%T" .Values.controller.lifecycle) }} +{{ tpl .Values.controller.lifecycle . | indent 12 }} + {{- else }} +{{ toYaml .Values.controller.lifecycle | indent 12 }} + {{- end }} + {{- end }} + {{- if .Values.controller.extraVolumeMounts }} + volumeMounts: + {{- if eq "string" (printf "%T" .Values.controller.extraVolumeMounts) }} +{{ tpl .Values.controller.extraVolumeMounts . | indent 12 }} + {{- else }} +{{ toYaml .Values.controller.extraVolumeMounts | indent 12 }} + {{- end }} + {{- end}} + {{- if .Values.controller.extraContainers }} + {{- if eq "string" (printf "%T" .Values.controller.extraContainers) }} +{{ tpl .Values.controller.extraContainers . | indent 8 }} + {{- else }} +{{ toYaml .Values.controller.extraContainers | indent 8 }} + {{- end }} + {{- end }} + {{- if .Values.controller.extraVolumes }} + volumes: + {{- if eq "string" (printf "%T" .Values.controller.extraVolumes) }} +{{ tpl .Values.controller.extraVolumes . | indent 8 }} + {{- else }} +{{ toYaml .Values.controller.extraVolumes | indent 8 }} + {{- end }} + {{- end }} + {{- if or .Values.controller.unprivileged .Values.controller.initContainers }} + initContainers: + {{- if .Values.controller.unprivileged }} + - name: sysctl + image: busybox:musl + command: + - /bin/sh + - -c + - sysctl -w net.ipv4.ip_unprivileged_port_start=0 + securityContext: + privileged: true + {{- end }} + {{- with.Values.controller.initContainers }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- end }} + {{- with .Values.controller.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end }} diff --git a/charts/haproxy/haproxy/1.12.500/templates/controller-hpa.yaml b/charts/haproxy/haproxy/1.12.500/templates/controller-hpa.yaml new file mode 100644 index 000000000..102b23439 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.500/templates/controller-hpa.yaml @@ -0,0 +1,49 @@ +{{/* +Copyright 2020 HAProxy Technologies LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and (eq .Values.controller.kind "Deployment") .Values.controller.autoscaling.enabled }} +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + name: {{ template "kubernetes-ingress.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ template "kubernetes-ingress.fullname" . }} + minReplicas: {{ .Values.controller.autoscaling.minReplicas }} + maxReplicas: {{ .Values.controller.autoscaling.maxReplicas }} + metrics: + {{- if .Values.controller.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + targetAverageUtilization: {{ .Values.controller.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.controller.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + targetAverageUtilization: {{ .Values.controller.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/haproxy/haproxy/1.12.500/templates/controller-poddisruptionbudget.yaml b/charts/haproxy/haproxy/1.12.500/templates/controller-poddisruptionbudget.yaml new file mode 100644 index 000000000..e08d25cc7 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.500/templates/controller-poddisruptionbudget.yaml @@ -0,0 +1,40 @@ +{{/* +Copyright 2019 HAProxy Technologies LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.controller.PodDisruptionBudget.enable }} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: {{ template "kubernetes-ingress.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} +spec: + {{- if .Values.controller.PodDisruptionBudget.maxUnavailable }} + maxUnavailable: {{ .Values.controller.PodDisruptionBudget.maxUnavailable }} + {{- end }} + {{- if .Values.controller.PodDisruptionBudget.minAvailable }} + minAvailable: {{ .Values.controller.PodDisruptionBudget.minAvailable }} + {{- end }} + selector: + matchLabels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} \ No newline at end of file diff --git a/charts/haproxy/haproxy/1.12.500/templates/controller-podsecuritypolicy.yaml b/charts/haproxy/haproxy/1.12.500/templates/controller-podsecuritypolicy.yaml new file mode 100644 index 000000000..7851e2acf --- /dev/null +++ b/charts/haproxy/haproxy/1.12.500/templates/controller-podsecuritypolicy.yaml @@ -0,0 +1,80 @@ +{{/* +Copyright 2019 HAProxy Technologies LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled }} +{{- $useHostNetwork := .Values.controller.daemonset.useHostNetwork }} +{{- $useHostPort := .Values.controller.daemonset.useHostPort }} +{{- $hostPorts := .Values.controller.daemonset.hostPorts -}} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: +{{- if .Values.podSecurityPolicy.annotations }} + annotations: +{{ toYaml .Values.podSecurityPolicy.annotations | indent 4 }} +{{- end }} + labels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + name: {{ template "kubernetes-ingress.fullname" . }} + annotations: + seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default,runtime/default' + apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default' + seccomp.security.alpha.kubernetes.io/defaultProfileName: 'runtime/default' + apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' +spec: + allowPrivilegeEscalation: false + allowedCapabilities: + - NET_BIND_SERVICE + defaultAllowPrivilegeEscalation: false + fsGroup: + rule: MustRunAs + ranges: + - max: 65535 + min: 1 +{{- if $useHostNetwork }} + hostNetwork: true +{{- end }} +{{- if or $useHostPort $useHostNetwork }} + hostPorts: +{{- range $key, $value := .Values.controller.containerPort }} + - min: {{ $value }} + max: {{ $value }} +{{- end }} +{{- range .Values.controller.service.tcpPorts }} + - min: {{ .port }} + max: {{ .port }} +{{- end }} +{{- end }} + hostIPC: false + hostPID: false + privileged: false + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + rule: MustRunAs + ranges: + - max: 65535 + min: 1 + volumes: + - configMap + - downwardAPI + - secret +{{- end }} diff --git a/charts/haproxy/haproxy/1.12.500/templates/controller-pullsecret.yaml b/charts/haproxy/haproxy/1.12.500/templates/controller-pullsecret.yaml new file mode 100644 index 000000000..88252394c --- /dev/null +++ b/charts/haproxy/haproxy/1.12.500/templates/controller-pullsecret.yaml @@ -0,0 +1,32 @@ +{{/* +Copyright 2019 HAProxy Technologies LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.controller.imageCredentials.registry }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "kubernetes-ingress.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} +type: kubernetes.io/dockerconfigjson +data: + .dockerconfigjson: {{ template "kubernetes-ingress.imagePullSecret" . }} +{{- end }} diff --git a/charts/haproxy/haproxy/1.12.500/templates/controller-role.yaml b/charts/haproxy/haproxy/1.12.500/templates/controller-role.yaml new file mode 100644 index 000000000..3e41df6e4 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.500/templates/controller-role.yaml @@ -0,0 +1,38 @@ +{{/* +Copyright 2019 HAProxy Technologies LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "kubernetes-ingress.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} +rules: +- apiGroups: + - "policy" + resources: + - podsecuritypolicies + verbs: + - use + resourceNames: + - {{ template "kubernetes-ingress.fullname" . }} +{{- end -}} diff --git a/charts/haproxy/haproxy/1.12.500/templates/controller-rolebinding.yaml b/charts/haproxy/haproxy/1.12.500/templates/controller-rolebinding.yaml new file mode 100644 index 000000000..40404a401 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.500/templates/controller-rolebinding.yaml @@ -0,0 +1,37 @@ +{{/* +Copyright 2019 HAProxy Technologies LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "kubernetes-ingress.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kubernetes-ingress.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ template "kubernetes-ingress.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end -}} diff --git a/charts/haproxy/haproxy/1.12.500/templates/controller-service.yaml b/charts/haproxy/haproxy/1.12.500/templates/controller-service.yaml new file mode 100644 index 000000000..eb2eea381 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.500/templates/controller-service.yaml @@ -0,0 +1,101 @@ +{{/* +Copyright 2019 HAProxy Technologies LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.controller.service.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "kubernetes-ingress.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} +{{- if .Values.controller.service.labels }} +{{ toYaml .Values.controller.service.labels | indent 4 }} +{{- end }} + annotations: +{{- range $key, $value := .Values.controller.service.annotations }} + {{ $key }}: {{ $value | quote }} +{{- end }} +spec: + {{ with .Values.controller.service.clusterIP }}clusterIP: {{ . }}{{ end }} + type: {{ .Values.controller.service.type }} + {{- if .Values.controller.service.externalTrafficPolicy }} + externalTrafficPolicy: {{ .Values.controller.service.externalTrafficPolicy }} + {{- end }} + {{- if .Values.controller.service.healthCheckNodePort }} + healthCheckNodePort: {{ .Values.controller.service.healthCheckNodePort }} + {{- end }} + ports: + {{- if .Values.controller.service.enablePorts.http }} + - name: http + port: {{ .Values.controller.service.ports.http }} + protocol: TCP + targetPort: {{ .Values.controller.service.targetPorts.http }} + {{- if .Values.controller.service.nodePorts.http }} + nodePort: {{ .Values.controller.service.nodePorts.http }} + {{- end }} + {{- end }} + {{- if .Values.controller.service.enablePorts.https }} + - name: https + port: {{ .Values.controller.service.ports.https }} + protocol: TCP + targetPort: {{ .Values.controller.service.targetPorts.https }} + {{- if .Values.controller.service.nodePorts.https }} + nodePort: {{ .Values.controller.service.nodePorts.https }} + {{- end }} + {{- end }} + {{- if .Values.controller.service.enablePorts.stat }} + - name: stat + port: {{ .Values.controller.service.ports.stat }} + protocol: TCP + targetPort: {{ .Values.controller.service.targetPorts.stat }} + {{- if .Values.controller.service.nodePorts.stat }} + nodePort: {{ .Values.controller.service.nodePorts.stat }} + {{- end }} + {{- end }} + {{- range .Values.controller.service.tcpPorts }} + - name: {{ .name }}-tcp + port: {{ .port }} + protocol: TCP + targetPort: {{ .targetPort }} + {{- if .nodePort }} + nodePort: {{ .nodePort }} + {{- end }} + {{- end }} + selector: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.controller.service.sessionAffinity }} + sessionAffinity: {{ .Values.controller.service.sessionAffinity }} + {{- end }} + externalIPs: +{{- if .Values.controller.service.externalIPs }} +{{ toYaml .Values.controller.service.externalIPs | indent 4 }} +{{- end -}} +{{- if (eq .Values.controller.service.type "LoadBalancer") }} +{{- if .Values.controller.service.loadBalancerIP }} + loadBalancerIP: "{{ .Values.controller.service.loadBalancerIP }}" +{{- end }} +{{- if .Values.controller.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: +{{ toYaml .Values.controller.service.loadBalancerSourceRanges | indent 4 }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/haproxy/haproxy/1.12.500/templates/controller-serviceaccount.yaml b/charts/haproxy/haproxy/1.12.500/templates/controller-serviceaccount.yaml new file mode 100644 index 000000000..c90710990 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.500/templates/controller-serviceaccount.yaml @@ -0,0 +1,29 @@ +{{/* +Copyright 2019 HAProxy Technologies LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if or .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "kubernetes-ingress.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} +{{- end -}} diff --git a/charts/haproxy/haproxy/1.12.500/templates/controller-servicemonitor.yaml b/charts/haproxy/haproxy/1.12.500/templates/controller-servicemonitor.yaml new file mode 100644 index 000000000..0f4c2c3af --- /dev/null +++ b/charts/haproxy/haproxy/1.12.500/templates/controller-servicemonitor.yaml @@ -0,0 +1,41 @@ +{{/* +Copyright 2019 HAProxy Technologies LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.controller.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kubernetes-ingress.serviceMonitorName" . }} + labels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + {{- if .Values.controller.serviceMonitor.extraLabels }} + {{ toYaml .Values.controller.serviceMonitor.extraLabels | nindent 4 }} + {{- end }} +spec: + endpoints: + {{ .Values.controller.serviceMonitor.endpoints | toYaml | nindent 4 }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + selector: + matchLabels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} diff --git a/charts/haproxy/haproxy/1.12.500/templates/default-backend-deployment.yaml b/charts/haproxy/haproxy/1.12.500/templates/default-backend-deployment.yaml new file mode 100644 index 000000000..af9930dc3 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.500/templates/default-backend-deployment.yaml @@ -0,0 +1,88 @@ +{{/* +Copyright 2019 HAProxy Technologies LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.defaultBackend.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} +spec: + {{- if not .Values.defaultBackend.autoscaling.enabled }} + replicas: {{ .Values.defaultBackend.replicaCount }} + {{- end }} + selector: + matchLabels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.defaultBackend.podLabels }} +{{ toYaml .Values.defaultBackend.podLabels | indent 8 }} + {{- end }} + {{- if .Values.defaultBackend.podAnnotations }} + annotations: +{{ toYaml .Values.defaultBackend.podAnnotations | indent 8 }} + {{- end }} + spec: +{{- with .Values.defaultBackend.topologySpreadConstraints }} + topologySpreadConstraints: + {{- toYaml . | nindent 8 }} +{{- end }} +{{- if .Values.controller.priorityClassName }} + priorityClassName: {{ .Values.controller.priorityClassName }} +{{- end }} + containers: + - name: {{ template "kubernetes-ingress.name" . }}-{{ .Values.defaultBackend.name }} + image: "{{ .Values.defaultBackend.image.repository }}:{{ .Values.defaultBackend.image.tag }}" + imagePullPolicy: {{ .Values.defaultBackend.image.pullPolicy }} + ports: + - name: http + containerPort: {{ .Values.defaultBackend.containerPort }} + protocol: TCP + {{- if .Values.defaultBackend.extraEnvs }} + env: + {{- range .Values.defaultBackend.extraEnvs }} + - name: "{{ .name }}" + value: "{{ .value }}" + {{- end }} + {{- end }} + resources: + {{- toYaml .Values.defaultBackend.resources | nindent 12 }} + {{- with .Values.defaultBackend.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.defaultBackend.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ template "kubernetes-ingress.defaultBackend.serviceAccountName" . }} + terminationGracePeriodSeconds: 60 + {{- with .Values.defaultBackend.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end }} diff --git a/charts/haproxy/haproxy/1.12.500/templates/default-backend-hpa.yaml b/charts/haproxy/haproxy/1.12.500/templates/default-backend-hpa.yaml new file mode 100644 index 000000000..0fd8a65b7 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.500/templates/default-backend-hpa.yaml @@ -0,0 +1,49 @@ +{{/* +Copyright 2020 HAProxy Technologies LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.defaultBackend.autoscaling.enabled .Values.defaultBackend.enabled }} +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }} + minReplicas: {{ .Values.defaultBackend.autoscaling.minReplicas }} + maxReplicas: {{ .Values.defaultBackend.autoscaling.maxReplicas }} + metrics: + {{- if .Values.defaultBackend.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + targetAverageUtilization: {{ .Values.defaultBackend.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.defaultBackend.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + targetAverageUtilization: {{ .Values.defaultBackend.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/haproxy/haproxy/1.12.500/templates/default-backend-podsecuritypolicy.yaml b/charts/haproxy/haproxy/1.12.500/templates/default-backend-podsecuritypolicy.yaml new file mode 100644 index 000000000..82397b57b --- /dev/null +++ b/charts/haproxy/haproxy/1.12.500/templates/default-backend-podsecuritypolicy.yaml @@ -0,0 +1,64 @@ +{{/* +Copyright 2019 HAProxy Technologies LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: +{{- if .Values.podSecurityPolicy.annotations }} + annotations: +{{ toYaml .Values.podSecurityPolicy.annotations | indent 4 }} +{{- end }} + labels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }} + annotations: + seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default,runtime/default' + apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default' + seccomp.security.alpha.kubernetes.io/defaultProfileName: 'runtime/default' + apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' +spec: + allowPrivilegeEscalation: false + allowedCapabilities: + - NET_BIND_SERVICE + defaultAllowPrivilegeEscalation: false + fsGroup: + rule: MustRunAs + ranges: + - max: 65535 + min: 1 + hostNetwork: false + hostIPC: false + hostPID: false + privileged: false + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + rule: MustRunAs + ranges: + - max: 65535 + min: 1 + volumes: + - configMap + - downwardAPI + - secret +{{- end }} diff --git a/charts/haproxy/haproxy/1.12.500/templates/default-backend-role.yaml b/charts/haproxy/haproxy/1.12.500/templates/default-backend-role.yaml new file mode 100644 index 000000000..8475d04fc --- /dev/null +++ b/charts/haproxy/haproxy/1.12.500/templates/default-backend-role.yaml @@ -0,0 +1,38 @@ +{{/* +Copyright 2019 HAProxy Technologies LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} +rules: +- apiGroups: + - "policy" + resources: + - podsecuritypolicies + verbs: + - use + resourceNames: + - {{ template "kubernetes-ingress.defaultBackend.fullname" . }} +{{- end -}} diff --git a/charts/haproxy/haproxy/1.12.500/templates/default-backend-rolebinding.yaml b/charts/haproxy/haproxy/1.12.500/templates/default-backend-rolebinding.yaml new file mode 100644 index 000000000..3a94e9418 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.500/templates/default-backend-rolebinding.yaml @@ -0,0 +1,37 @@ +{{/* +Copyright 2019 HAProxy Technologies LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ template "kubernetes-ingress.defaultBackend.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end -}} diff --git a/charts/haproxy/haproxy/1.12.500/templates/default-backend-service.yaml b/charts/haproxy/haproxy/1.12.500/templates/default-backend-service.yaml new file mode 100644 index 000000000..6e0cf0e98 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.500/templates/default-backend-service.yaml @@ -0,0 +1,40 @@ +{{/* +Copyright 2019 HAProxy Technologies LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.defaultBackend.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} +spec: + type: ClusterIP + clusterIP: None + ports: + - name: http + port: {{ .Values.defaultBackend.service.port }} + protocol: TCP + targetPort: http + selector: + app.kubernetes.io/name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }} + app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} diff --git a/charts/haproxy/haproxy/1.12.500/templates/default-backend-serviceaccount.yaml b/charts/haproxy/haproxy/1.12.500/templates/default-backend-serviceaccount.yaml new file mode 100644 index 000000000..3c0853b14 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.500/templates/default-backend-serviceaccount.yaml @@ -0,0 +1,29 @@ +{{/* +Copyright 2019 HAProxy Technologies LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.serviceAccount.create .Values.defaultBackend.serviceAccount.create .Values.defaultBackend.enabled -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "kubernetes-ingress.defaultBackend.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} +{{- end -}} diff --git a/charts/haproxy/haproxy/1.12.500/values.yaml b/charts/haproxy/haproxy/1.12.500/values.yaml new file mode 100644 index 000000000..98b3e74a9 --- /dev/null +++ b/charts/haproxy/haproxy/1.12.500/values.yaml @@ -0,0 +1,162 @@ +controller: + PodDisruptionBudget: + enable: false + affinity: {} + autoscaling: + enabled: false + maxReplicas: 20 + minReplicas: 2 + targetCPUUtilizationPercentage: 80 + config: {} + containerPort: + http: 80 + https: 443 + stat: 1024 + daemonset: + hostPorts: + http: 80 + https: 443 + stat: 1024 + useHostNetwork: false + useHostPort: false + defaultTLSSecret: + enabled: true + secret: null + dnsConfig: {} + dnsPolicy: ClusterFirst + existingImagePullSecret: null + extraArgs: [] + extraContainers: [] + extraEnvs: [] + extraLabels: {} + extraVolumeMounts: [] + extraVolumes: [] + image: + pullPolicy: IfNotPresent + repository: haproxytech/kubernetes-ingress + tag: '{{ .Chart.AppVersion }}' + imageCredentials: + password: null + registry: null + username: null + ingressClass: null + initContainers: [] + kind: Deployment + lifecycle: {} + livenessProbe: + failureThreshold: 3 + initialDelaySeconds: 0 + path: /healthz + periodSeconds: 10 + port: 1042 + scheme: HTTP + successThreshold: 1 + timeoutSeconds: 1 + logging: + level: info + traffic: {} + name: controller + nodeSelector: {} + podAnnotations: {} + podLabels: {} + priorityClassName: "" + publishService: + enabled: false + pathOverride: "" + readinessProbe: + failureThreshold: 3 + initialDelaySeconds: 0 + path: /healthz + periodSeconds: 10 + port: 1042 + scheme: HTTP + successThreshold: 1 + timeoutSeconds: 1 + replicaCount: 2 + resources: + requests: + cpu: 100m + memory: 64Mi + service: + annotations: {} + enablePorts: + http: true + https: true + stat: true + enabled: true + externalIPs: [] + healthCheckNodePort: 0 + labels: {} + loadBalancerIP: "" + loadBalancerSourceRanges: [] + nodePorts: {} + ports: + http: 80 + https: 443 + stat: 1024 + targetPorts: + http: http + https: https + stat: stat + tcpPorts: [] + type: NodePort + serviceMonitor: + enabled: false + endpoints: + - path: /metrics + port: stat + scheme: http + extraLabels: {} + startupProbe: + failureThreshold: 20 + initialDelaySeconds: 0 + path: /healthz + periodSeconds: 1 + port: 1042 + scheme: HTTP + successThreshold: 1 + timeoutSeconds: 1 + strategy: {} + terminationGracePeriodSeconds: 60 + tolerations: [] + topologySpreadConstraints: [] + unprivileged: false +defaultBackend: + affinity: {} + autoscaling: + enabled: false + maxReplicas: 2 + minReplicas: 1 + targetCPUUtilizationPercentage: 80 + containerPort: 8080 + enabled: true + extraEnvs: [] + image: + pullPolicy: IfNotPresent + repository: k8s.gcr.io/defaultbackend-amd64 + runAsUser: 65534 + tag: 1.5 + name: default-backend + nodeSelector: {} + podAnnotations: {} + podLabels: {} + priorityClassName: "" + replicaCount: 2 + resources: + requests: + cpu: 10m + memory: 16Mi + service: + port: 8080 + serviceAccount: + create: true + tolerations: [] + topologySpreadConstraints: [] +podSecurityPolicy: + annotations: {} + enabled: false +rbac: + create: true +serviceAccount: + create: true + name: null diff --git a/charts/haproxy/haproxy/1.4.300/.helmignore b/charts/haproxy/haproxy/1.4.300/.helmignore new file mode 100644 index 000000000..f0c131944 --- /dev/null +++ b/charts/haproxy/haproxy/1.4.300/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/charts/haproxy/haproxy/1.4.300/Chart.yaml b/charts/haproxy/haproxy/1.4.300/Chart.yaml new file mode 100644 index 000000000..82f44ba5e --- /dev/null +++ b/charts/haproxy/haproxy/1.4.300/Chart.yaml @@ -0,0 +1,23 @@ +annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/release-name: haproxy +apiVersion: v1 +appVersion: 1.4.6 +description: A Helm chart for HAProxy Kubernetes Ingress Controller +home: https://github.com/haproxytech/helm-charts/tree/master/kubernetes-ingress +icon: http://www.haproxy.org/img/HAProxyCommunityEdition_60px.png +keywords: +- ingress +- haproxy +kubeVersion: '>=1.12.0-0' +maintainers: +- email: mmhedhbi@haproxy.com + name: Moemen Mhedhbi +- email: bassmann@haproxy.com + name: Baptiste Assmann +- email: dkorunic@haproxy.com + name: Dinko Korunic +name: haproxy +sources: +- https://github.com/haproxytech/kubernetes-ingress +version: 1.4.300 diff --git a/charts/haproxy/haproxy/1.4.300/README.md b/charts/haproxy/haproxy/1.4.300/README.md new file mode 100644 index 000000000..73e4e2fcb --- /dev/null +++ b/charts/haproxy/haproxy/1.4.300/README.md @@ -0,0 +1,190 @@ +# ![HAProxy](https://github.com/haproxytech/kubernetes-ingress/raw/master/assets/images/haproxy-weblogo-210x49.png "HAProxy") + +## HAProxy Kubernetes Ingress Controller + +An ingress controller is a Kubernetes resource that routes traffic from outside your cluster to services within the cluster. HAProxy Kubernetes Ingress Controller uses ConfigMap to store the haproxy configuration. + +Detailed documentation can be found within the [Official Documentation](https://www.haproxy.com/documentation/hapee/2-0r1/traffic-management/kubernetes-ingress-controller/). + +Additional configuration details can be found in [annotation reference](https://github.com/haproxytech/kubernetes-ingress/tree/master/documentation) and in image [arguments reference](https://github.com/haproxytech/kubernetes-ingress/blob/master/documentation/controller.md). + +## Introduction + +This chart bootstraps an HAProxy kubernetes-ingress deployment/daemonset on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +### Prerequisites + + - Kubernetes 1.12+ + - Helm 2.9+ + +## Before you begin + +### Setup a Kubernetes Cluster + +The quickest way to setup a Kubernetes cluster is with [Azure Kubernetes Service](https://azure.microsoft.com/en-us/services/kubernetes-service/), [AWS Elastic Kubernetes Service](https://aws.amazon.com/eks/) or [Google Kubernetes Engine](https://cloud.google.com/kubernetes-engine/) using their respective quick-start guides. + +For setting up Kubernetes on other cloud platforms or bare-metal servers refer to the Kubernetes [getting started guide](http://kubernetes.io/docs/getting-started-guides/). + +### Install Helm + +Get the latest [Helm release](https://github.com/helm/helm#install). + +### Add Helm chart repo + +Once you have Helm installed, add the repo as follows: + +```console +helm repo add haproxytech https://haproxytech.github.io/helm-charts +helm repo update +``` + +## Install the chart + +To install the chart with Helm v3 as *my-release* deployment: + +```console +helm install my-release haproxytech/kubernetes-ingress +``` + +***NOTE***: To install the chart with Helm v2 (legacy Helm) the syntax requires adding deployment name to `--name` parameter: + +```console +helm install haproxytech/kubernetes-ingress \ + --name my-release +``` + +### Installing with unique name + +To auto-generate controller and its resources names when installing, use the following: + +```console +helm install haproxytech/kubernetes-ingress \ + --generate-name +``` + +### Installing from a private registry + +To install the chart using a private registry for controller into a separate namespace *prod*. + +***NOTE***: Helm v3 requires namespace to be precreated (eg. with ```kubectl create namespace prod```) + +```console +helm install my-ingress haproxytech/kubernetes-ingress \ + --namespace prod \ + --set controller.image.tag=SOMETAG \ + --set controller.imageCredentials.registry=myregistry.domain.com \ + --set controller.imageCredentials.username=MYUSERNAME \ + --set controller.imageCredentials.password=MYPASSWORD +``` + +### Installing as DaemonSet + +Default controller mode is [Deployment](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/), but it is possible to use [DaemonSet](https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/) as well: + +```console +helm install my-ingress2 haproxytech/kubernetes-ingress \ + --set controller.kind=DaemonSet +``` + +### Installing in multi-ingress environment + +It is also possible to set controller ingress class to be used in [multi-ingress environments](https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/#using-multiple-ingress-controllers): + +```console +helm install my-ingress3 haproxytech/kubernetes-ingress \ + --set controller.kind=DaemonSet \ + --set controller.ingressClass=haproxy +``` + +***NOTE***: make sure your Ingress routes have corresponding `ingress.class: haproxy` annotation. + +### Installing with service annotations + +On some environments like EKS and GKE there might be a need to pass service annotations. Syntax can become a little tedious however: + +```console +helm install my-ingress3 haproxytech/kubernetes-ingress \ + --set controller.kind=DaemonSet \ + --set controller.ingressClass=haproxy \ + --set controller.service.type=LoadBalancer \ + --set controller.service.annotations."service\.beta\.kubernetes\.io/aws-load-balancer-internal"="0.0.0.0/0" \ + --set controller.service.annotations."service\.beta\.kubernetes\.io/aws-load-balancer-cross-zone-load-balancing-enabled"="true" +``` + +***NOTE***: With helm `--set` it is needed to put quotes and escape dots in the annotation key and commas in the value string. + +### Installing with Horizontal Pod Autoscaler + +[HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) automatically scales number of replicas in Deployment or Replication Controller and adjusts replica count. Therefore we want to unset default replicaCount for controller and defaultBackend by setting corresponding key values to null: + +```console +helm install my-ingress4 haproxytech/kubernetes-ingress \ + --set controller.replicaCount=null \ + --set defaultBackend.replicaCount=null +``` + +### Using values from YAML file + +As opposed to using many `--set` invocations, much simpler approach is to define value overrides in a separate YAML file and specify them when invoking Helm: + +*mylb.yaml*: + +```yaml +controller: + kind: DaemonSet + ingressClass: haproxy + service: + type: LoadBalancer + annotations: + service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: 'true' + service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0 +``` + +And invoking Helm becomes (compare to the previous example): + +```console +helm install my-ingress4 -f mylb.yml haproxytech/kubernetes-ingress +``` + +A typical YAML file for TCP services looks like (provided that configmap "[default/tcp](https://github.com/haproxytech/kubernetes-ingress/blob/master/documentation/controller.md)" was created) : + +```yaml +controller: + service: + tcpPorts: + - name: mysql + port: 3306 + targetPort: 3306 + extraArgs: + - --configmap-tcp-services=default/tcp +``` + +## Upgrading the chart + +To upgrade the *my-release* deployment: + +```console +helm upgrade my-release haproxytech/kubernetes-ingress +``` + +## Uninstalling the chart + +To uninstall/delete the *my-release* deployment: + +```console +helm delete kubernetes-ingress +``` + +## Debugging + +It is possible to generate a set of YAML files for testing/debugging: + +```console +helm install my-release haproxytech/kubernetes-ingress \ + --debug \ + --dry-run +``` + +## Contributing + +We welcome all contributions. Please refer to [guidelines](../CONTRIBUTING.md) on how to make a contribution. diff --git a/charts/haproxy/haproxy/1.4.300/app-readme.md b/charts/haproxy/haproxy/1.4.300/app-readme.md new file mode 100644 index 000000000..aae3d1bd8 --- /dev/null +++ b/charts/haproxy/haproxy/1.4.300/app-readme.md @@ -0,0 +1,8 @@ +# HAProxy +[HAProxy](https://www.haproxy.org/) is the world's fastest and most widely used software load balancer. HAProxy allows organizations to deliver websites and applications with the utmost performance, observability, and security at any scale and in any environment. + +# HAProxy Enterprise +[HAProxy Enterprise](https://www.haproxy.com/products/haproxy-enterprise-edition/) is an enterprise-class version of HAProxy providing a robust and reliable code base with cutting edge features, an enterprise suite of add-ons, expert support, and professional services. At its core, it incorporates feature backports from the HAProxy development branch for customers who require immediate access to the latest functionality in a hardened version of code. + +## Introduction +This chart bootstraps the [HAProxy Ingress Controller](https://github.com/haproxytech/kubernetes-ingress) or the [HAProxy Enterprise Ingress Controller](https://www.haproxy.com/products/haproxy-enterprise-kubernetes-ingress-controller/) using the [Helm](https://helm.sh) package manager. diff --git a/charts/haproxy/haproxy/1.4.300/ci/daemonset-customconfig-values.yaml b/charts/haproxy/haproxy/1.4.300/ci/daemonset-customconfig-values.yaml new file mode 100644 index 000000000..116158a14 --- /dev/null +++ b/charts/haproxy/haproxy/1.4.300/ci/daemonset-customconfig-values.yaml @@ -0,0 +1,4 @@ +controller: + kind: DaemonSet + config: + rate-limit: "ON" diff --git a/charts/haproxy/haproxy/1.4.300/ci/daemonset-customnodeport-values.yaml b/charts/haproxy/haproxy/1.4.300/ci/daemonset-customnodeport-values.yaml new file mode 100644 index 000000000..c9de04c16 --- /dev/null +++ b/charts/haproxy/haproxy/1.4.300/ci/daemonset-customnodeport-values.yaml @@ -0,0 +1,7 @@ +controller: + kind: DaemonSet + service: + type: NodePort + ports: + 8000: 10000 + 8001: 10001 diff --git a/charts/haproxy/haproxy/1.4.300/ci/daemonset-default-values.yaml b/charts/haproxy/haproxy/1.4.300/ci/daemonset-default-values.yaml new file mode 100644 index 000000000..ddb25623a --- /dev/null +++ b/charts/haproxy/haproxy/1.4.300/ci/daemonset-default-values.yaml @@ -0,0 +1,2 @@ +controller: + kind: DaemonSet diff --git a/charts/haproxy/haproxy/1.4.300/ci/daemonset-disabledsecretconfig-values.yaml b/charts/haproxy/haproxy/1.4.300/ci/daemonset-disabledsecretconfig-values.yaml new file mode 100644 index 000000000..362fbb982 --- /dev/null +++ b/charts/haproxy/haproxy/1.4.300/ci/daemonset-disabledsecretconfig-values.yaml @@ -0,0 +1,4 @@ +controller: + kind: DaemonSet + defaultTLSSecret: + enabled: false diff --git a/charts/haproxy/haproxy/1.4.300/ci/daemonset-enableports-values.yaml b/charts/haproxy/haproxy/1.4.300/ci/daemonset-enableports-values.yaml new file mode 100644 index 000000000..9a41dac52 --- /dev/null +++ b/charts/haproxy/haproxy/1.4.300/ci/daemonset-enableports-values.yaml @@ -0,0 +1,7 @@ +controller: + kind: DaemonSet + service: + enablePorts: + http: false + https: true + stat: false diff --git a/charts/haproxy/haproxy/1.4.300/ci/daemonset-extraargs-values.yaml b/charts/haproxy/haproxy/1.4.300/ci/daemonset-extraargs-values.yaml new file mode 100644 index 000000000..691acbc44 --- /dev/null +++ b/charts/haproxy/haproxy/1.4.300/ci/daemonset-extraargs-values.yaml @@ -0,0 +1,4 @@ +controller: + kind: DaemonSet + extraArgs: + - --namespace-whitelist=default diff --git a/charts/haproxy/haproxy/1.4.300/ci/daemonset-hostport-values.yaml b/charts/haproxy/haproxy/1.4.300/ci/daemonset-hostport-values.yaml new file mode 100644 index 000000000..45042ea50 --- /dev/null +++ b/charts/haproxy/haproxy/1.4.300/ci/daemonset-hostport-values.yaml @@ -0,0 +1,8 @@ +controller: + kind: DaemonSet + daemonset: + useHostPort: true + hostPorts: + http: 80 + https: 443 + stat: 1024 diff --git a/charts/haproxy/haproxy/1.4.300/ci/daemonset-nodeport-values.yaml b/charts/haproxy/haproxy/1.4.300/ci/daemonset-nodeport-values.yaml new file mode 100644 index 000000000..ebc8f1020 --- /dev/null +++ b/charts/haproxy/haproxy/1.4.300/ci/daemonset-nodeport-values.yaml @@ -0,0 +1,4 @@ +controller: + kind: DaemonSet + service: + type: NodePort diff --git a/charts/haproxy/haproxy/1.4.300/ci/daemonset-publishservice-values.yaml b/charts/haproxy/haproxy/1.4.300/ci/daemonset-publishservice-values.yaml new file mode 100644 index 000000000..b538cb542 --- /dev/null +++ b/charts/haproxy/haproxy/1.4.300/ci/daemonset-publishservice-values.yaml @@ -0,0 +1,5 @@ +controller: + kind: DaemonSet + service: + annotations: + service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0 diff --git a/charts/haproxy/haproxy/1.4.300/ci/daemonset-serviceannotation-values.yaml b/charts/haproxy/haproxy/1.4.300/ci/daemonset-serviceannotation-values.yaml new file mode 100644 index 000000000..b538cb542 --- /dev/null +++ b/charts/haproxy/haproxy/1.4.300/ci/daemonset-serviceannotation-values.yaml @@ -0,0 +1,5 @@ +controller: + kind: DaemonSet + service: + annotations: + service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0 diff --git a/charts/haproxy/haproxy/1.4.300/ci/deployment-customconfig-values.yaml b/charts/haproxy/haproxy/1.4.300/ci/deployment-customconfig-values.yaml new file mode 100644 index 000000000..12c48d22d --- /dev/null +++ b/charts/haproxy/haproxy/1.4.300/ci/deployment-customconfig-values.yaml @@ -0,0 +1,3 @@ +controller: + config: + rate-limit: "ON" diff --git a/charts/haproxy/haproxy/1.4.300/ci/deployment-customnodeport-values.yaml b/charts/haproxy/haproxy/1.4.300/ci/deployment-customnodeport-values.yaml new file mode 100644 index 000000000..f044362aa --- /dev/null +++ b/charts/haproxy/haproxy/1.4.300/ci/deployment-customnodeport-values.yaml @@ -0,0 +1,6 @@ +controller: + service: + type: NodePort + ports: + 8000: 10000 + 8001: 10001 diff --git a/charts/haproxy/haproxy/1.4.300/ci/deployment-default-values.yaml b/charts/haproxy/haproxy/1.4.300/ci/deployment-default-values.yaml new file mode 100644 index 000000000..792d60054 --- /dev/null +++ b/charts/haproxy/haproxy/1.4.300/ci/deployment-default-values.yaml @@ -0,0 +1 @@ +# diff --git a/charts/haproxy/haproxy/1.4.300/ci/deployment-disabledsecretconfig-values.yaml b/charts/haproxy/haproxy/1.4.300/ci/deployment-disabledsecretconfig-values.yaml new file mode 100644 index 000000000..767645997 --- /dev/null +++ b/charts/haproxy/haproxy/1.4.300/ci/deployment-disabledsecretconfig-values.yaml @@ -0,0 +1,3 @@ +controller: + defaultTLSSecret: + enabled: false diff --git a/charts/haproxy/haproxy/1.4.300/ci/deployment-enableports-values.yaml b/charts/haproxy/haproxy/1.4.300/ci/deployment-enableports-values.yaml new file mode 100644 index 000000000..03ff297b4 --- /dev/null +++ b/charts/haproxy/haproxy/1.4.300/ci/deployment-enableports-values.yaml @@ -0,0 +1,6 @@ +controller: + service: + enablePorts: + http: false + https: true + stat: false diff --git a/charts/haproxy/haproxy/1.4.300/ci/deployment-extraargs-values.yaml b/charts/haproxy/haproxy/1.4.300/ci/deployment-extraargs-values.yaml new file mode 100644 index 000000000..d0e1dbe73 --- /dev/null +++ b/charts/haproxy/haproxy/1.4.300/ci/deployment-extraargs-values.yaml @@ -0,0 +1,3 @@ +controller: + extraArgs: + - --namespace-whitelist=default diff --git a/charts/haproxy/haproxy/1.4.300/ci/deployment-nodeport-values.yaml b/charts/haproxy/haproxy/1.4.300/ci/deployment-nodeport-values.yaml new file mode 100644 index 000000000..ffdc47b2d --- /dev/null +++ b/charts/haproxy/haproxy/1.4.300/ci/deployment-nodeport-values.yaml @@ -0,0 +1,3 @@ +controller: + service: + type: NodePort diff --git a/charts/haproxy/haproxy/1.4.300/ci/deployment-publishservice-values.yaml b/charts/haproxy/haproxy/1.4.300/ci/deployment-publishservice-values.yaml new file mode 100644 index 000000000..6d8bf9bf7 --- /dev/null +++ b/charts/haproxy/haproxy/1.4.300/ci/deployment-publishservice-values.yaml @@ -0,0 +1,4 @@ +controller: + kind: DaemonSet + publishService: + enabled: true diff --git a/charts/haproxy/haproxy/1.4.300/ci/deployment-replicacount-unset.yaml b/charts/haproxy/haproxy/1.4.300/ci/deployment-replicacount-unset.yaml new file mode 100644 index 000000000..78ee30060 --- /dev/null +++ b/charts/haproxy/haproxy/1.4.300/ci/deployment-replicacount-unset.yaml @@ -0,0 +1,5 @@ +controller: + replicaCount: null + +defaultBackend: + replicaCount: null diff --git a/charts/haproxy/haproxy/1.4.300/ci/deployment-serviceannotation-values.yaml b/charts/haproxy/haproxy/1.4.300/ci/deployment-serviceannotation-values.yaml new file mode 100644 index 000000000..c103bd6c9 --- /dev/null +++ b/charts/haproxy/haproxy/1.4.300/ci/deployment-serviceannotation-values.yaml @@ -0,0 +1,4 @@ +controller: + service: + annotations: + service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0 diff --git a/charts/haproxy/haproxy/1.4.300/questions.yml b/charts/haproxy/haproxy/1.4.300/questions.yml new file mode 100644 index 000000000..27ff89e72 --- /dev/null +++ b/charts/haproxy/haproxy/1.4.300/questions.yml @@ -0,0 +1,73 @@ +questions: +- variable: imageDefault + default: true + description: "Use default Docker image" + label: Use Default Image + type: boolean + group: "Settings" + show_subquestion_if: false + subquestions: + - variable: controller.image.tag + default: "1.4.6" + description: "HAProxy Ingress Controller Tag" + type: string + label: HAProxy Ingress Controller Tag +- variable: controller.kind + type: enum + options: + - "DaemonSet" + - "Deployment" + default: "Deployment" + description: "Deployment Type" + label: Deployment Type + group: "Settings" +- variable: controller.service.type + type: enum + options: + - "LoadBalancer" + - "NodePort" + default: "NodePort" + description: "Service Type for HAProxy Ingress Controller" + label: Service Type + group: "Settings" +- variable: controller.ingressClass + default: "" + description: "Ingress Class for targeting this controller" + label: Ingress Class + type: string + group: "Settings" +- variable: controller.defaultTLSSecret.secret + default: "" + description: "Default TLS certificate secret" + label: TLS Certificate Secret + type: string + group: "Settings" +- variable: enableEnterprise + default: false + description: "Use HAProxy Enterprise" + label: Enable + type: boolean + group: "HAProxy Enterprise" + show_subquestion_if: true + subquestions: + - variable: controller.imageCredentials.registry + type: string + default: "kubernetes-registry.haproxy.com" + description: "HAProxy Enterprise Registtry" + label: Registry + - variable: controller.image.repository + type: string + default: "kubernetes-registry.haproxy.com/hapee-ingress" + description: "HAProxy Enterprise Registry" + label: Repository + - variable: controller.imageCredentials.username + type: string + default: "MYUSERNAME" + description: "HAProxy Enterprise Username" + label: Username + - variable: controller.imageCredentials.password + type: string + default: "MYPASSWORD" + description: "HAProxy Enterprise Password" + label: Password + diff --git a/charts/haproxy/haproxy/1.4.300/templates/NOTES.txt b/charts/haproxy/haproxy/1.4.300/templates/NOTES.txt new file mode 100644 index 000000000..522e23017 --- /dev/null +++ b/charts/haproxy/haproxy/1.4.300/templates/NOTES.txt @@ -0,0 +1,67 @@ +HAProxy Kubernetes Ingress Controller has been successfully installed. + +Controller image deployed is: "{{ .Values.controller.image.repository }}:{{ tpl .Values.controller.image.tag . }}". +Your controller is of a "{{ .Values.controller.kind }}" kind. Your controller service is running as a "{{ .Values.controller.service.type }}" type. +{{- if and .Values.rbac.create}} +RBAC authorization is enabled. +{{- else}} +RBAC authorization is disabled. +{{- end}} +{{- if .Values.controller.ingressClass}} +Controller ingress.class is set to "{{ .Values.controller.ingressClass }}" so make sure to use same annotation for +Ingress resource. +{{- end}} + +Service ports mapped are: +{{- if eq .Values.controller.kind "Deployment" }} +{{- range $key, $value := .Values.controller.containerPort }} + - name: {{ $key }} + containerPort: {{ $value }} + protocol: TCP +{{- end }} +{{- end }} +{{- if eq .Values.controller.kind "DaemonSet" }} +{{- $hostPorts := .Values.controller.daemonset.hostPorts -}} +{{- range $key, $value := .Values.controller.containerPort }} + - name: {{ $key }} + containerPort: {{ $value }} + protocol: TCP + hostPort: {{ index $hostPorts $key | default $value }} +{{- end }} +{{- end }} + +Node IP can be found with: + $ kubectl --namespace {{ .Release.Namespace }} get nodes -o jsonpath="{.items[0].status.addresses[1].address}" + +The following ingress resource routes traffic to pods that match the following: + * service name: web + * client's Host header: webdemo.com + * path begins with / + + --- + apiVersion: networking.k8s.io/v1beta1 + kind: Ingress + metadata: + name: web-ingress + namespace: default + spec: + rules: + - host: webdemo.com + http: + paths: + - path: / + backend: + serviceName: web + servicePort: 80 + +In case that you are using multi-ingress controller environment, make sure to use ingress.class annotation and match it +with helm chart option controller.ingressClass. + +For more examples and up to date documentation, please visit: + * Helm chart documentation: https://github.com/haproxytech/helm-charts/tree/master/kubernetes-ingress + * Controller documentation: https://www.haproxy.com/documentation/hapee/2-0r1/traffic-management/kubernetes-ingress-controller/ + * Annotation reference: https://github.com/haproxytech/kubernetes-ingress/tree/master/documentation + * Image parameters reference: https://github.com/haproxytech/kubernetes-ingress/blob/master/documentation/controller.md + + + diff --git a/charts/haproxy/haproxy/1.4.300/templates/_helpers.tpl b/charts/haproxy/haproxy/1.4.300/templates/_helpers.tpl new file mode 100644 index 000000000..23a9063ef --- /dev/null +++ b/charts/haproxy/haproxy/1.4.300/templates/_helpers.tpl @@ -0,0 +1,123 @@ +{{/* +Copyright 2019 HAProxy Technologies LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "kubernetes-ingress.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "kubernetes-ingress.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "kubernetes-ingress.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{kubernetes-ingress.publishServicePath{/* +Encode an imagePullSecret string. +*/}} +{{- define "kubernetes-ingress.imagePullSecret" }} +{{- printf "{\"auths\": {\"%s\": {\"auth\": \"%s\"}}}" .Values.controller.imageCredentials.registry (printf "%s:%s" .Values.controller.imageCredentials.username .Values.controller.imageCredentials.password | b64enc) | b64enc }} +{{- end }} + +{{/* +Generate default certificate for HAProxy. +*/}} +{{- define "kubernetes-ingress.gen-certs" -}} +{{- $ca := genCA "kubernetes-ingress-ca" 365 -}} +{{- $cn := printf "%s.%s" .Release.Name .Release.Namespace -}} +{{- $cert := genSignedCert $cn nil nil 365 $ca -}} +tls.crt: {{ $cert.Cert | b64enc }} +tls.key: {{ $cert.Key | b64enc }} +{{- end -}} + +{{/* +Create the name of the controller service account to use. +*/}} +{{- define "kubernetes-ingress.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "kubernetes-ingress.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the backend service account to use - only used when podsecuritypolicy is also enabled +*/}} +{{- define "kubernetes-ingress.defaultBackend.serviceAccountName" -}} +{{- if or .Values.serviceAccount.create .Values.defaultBackend.serviceAccount.create -}} + {{ default (printf "%s-%s" (include "kubernetes-ingress.fullname" .) .Values.defaultBackend.name) .Values.defaultBackend.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.defaultBackend.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create a default fully qualified default backend name. +*/}} +{{- define "kubernetes-ingress.defaultBackend.fullname" -}} +{{- printf "%s-%s" (include "kubernetes-ingress.fullname" .) .Values.defaultBackend.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified default cert secret name. +*/}} +{{- define "kubernetes-ingress.defaultTLSSecret.fullname" -}} +{{- printf "%s-%s" (include "kubernetes-ingress.fullname" .) "default-cert" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Construct the path for the publish-service. +By default this will use the / matching the controller's service name. +Users can provide an override for an explicit service they want to use via `.Values.controller.publishService.pathOverride` +*/}} +{{- define "kubernetes-ingress.publishServicePath" -}} +{{- $defServicePath := printf "%s/%s" .Release.Namespace (include "kubernetes-ingress.fullname" .) -}} +{{- $servicePath := default $defServicePath .Values.controller.publishService.pathOverride }} +{{- print $servicePath | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Construct the syslog-server annotation +*/}} +{{- define "kubernetes-ingress.syslogServer" -}} +{{- range $key, $val := .Values.controller.logging.traffic -}} +{{- printf "%s:%s, " $key $val }} +{{- end -}} +{{- end -}} + +{{/* vim: set filetype=mustache: */}} diff --git a/charts/haproxy/haproxy/1.4.300/templates/clusterrole.yaml b/charts/haproxy/haproxy/1.4.300/templates/clusterrole.yaml new file mode 100644 index 000000000..89cb9f829 --- /dev/null +++ b/charts/haproxy/haproxy/1.4.300/templates/clusterrole.yaml @@ -0,0 +1,61 @@ +{{/* +Copyright 2019 HAProxy Technologies LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "kubernetes-ingress.fullname" . }} + labels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} +rules: +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - services + - namespaces + - events + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "extensions" + resources: + - ingresses + - ingresses/status + verbs: + - get + - list + - watch + - update +- apiGroups: + - "networking.k8s.io/v1beta1" + resources: + - ingresses + - ingresses/status + verbs: + - get + - list + - watch +{{- end -}} diff --git a/charts/haproxy/haproxy/1.4.300/templates/clusterrolebinding.yaml b/charts/haproxy/haproxy/1.4.300/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..cfd226083 --- /dev/null +++ b/charts/haproxy/haproxy/1.4.300/templates/clusterrolebinding.yaml @@ -0,0 +1,37 @@ +{{/* +Copyright 2019 HAProxy Technologies LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "kubernetes-ingress.fullname" . }} + labels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kubernetes-ingress.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ template "kubernetes-ingress.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end -}} + diff --git a/charts/haproxy/haproxy/1.4.300/templates/controller-configmap.yaml b/charts/haproxy/haproxy/1.4.300/templates/controller-configmap.yaml new file mode 100644 index 000000000..94aa9c554 --- /dev/null +++ b/charts/haproxy/haproxy/1.4.300/templates/controller-configmap.yaml @@ -0,0 +1,34 @@ +{{/* +Copyright 2019 HAProxy Technologies LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "kubernetes-ingress.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} +data: +{{- if .Values.controller.logging.traffic }} + syslog-server: {{ template "kubernetes-ingress.syslogServer" . }} +{{- end }} +{{- if .Values.controller.config }} +{{ toYaml .Values.controller.config | indent 2 }} +{{- end }} diff --git a/charts/haproxy/haproxy/1.4.300/templates/controller-daemonset.yaml b/charts/haproxy/haproxy/1.4.300/templates/controller-daemonset.yaml new file mode 100644 index 000000000..7260d3227 --- /dev/null +++ b/charts/haproxy/haproxy/1.4.300/templates/controller-daemonset.yaml @@ -0,0 +1,153 @@ +{{/* +Copyright 2019 HAProxy Technologies LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if eq .Values.controller.kind "DaemonSet" }} +{{- $useHostNetwork := .Values.controller.daemonset.useHostNetwork -}} +{{- $useHostPort := .Values.controller.daemonset.useHostPort -}} +{{- $hostPorts := .Values.controller.daemonset.hostPorts -}} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ template "kubernetes-ingress.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} +spec: + minReadySeconds: 0 + updateStrategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 1 + selector: + matchLabels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.controller.podLabels }} +{{ toYaml .Values.controller.podLabels | indent 8 }} + {{- end }} + {{- if .Values.controller.podAnnotations }} + annotations: +{{ toYaml .Values.controller.podAnnotations | indent 8 }} + {{- end }} + spec: + serviceAccountName: {{ template "kubernetes-ingress.serviceAccountName" . }} + {{- if $useHostNetwork }} + hostNetwork: true + {{- end }} +{{- if .Values.controller.imageCredentials.registry }} + imagePullSecrets: + - name: {{ template "kubernetes-ingress.fullname" . }} +{{- end }} + containers: + - name: {{ template "kubernetes-ingress.name" . }}-{{ .Values.controller.name }} + image: "{{ .Values.controller.image.repository }}:{{ tpl .Values.controller.image.tag . }}" + imagePullPolicy: {{ .Values.controller.image.pullPolicy }} + args: +{{- if and .Values.controller.defaultTLSSecret.enabled -}} +{{- if .Values.controller.defaultTLSSecret.secret }} + - --default-ssl-certificate={{ .Values.controller.defaultTLSSecret.secret }} +{{- else }} + - --default-ssl-certificate={{ .Release.Namespace }}/{{ template "kubernetes-ingress.defaultTLSSecret.fullname" . }} +{{- end }} +{{- end }} + - --configmap={{ .Release.Namespace }}/{{ template "kubernetes-ingress.fullname" . }} + - --default-backend-service={{ .Release.Namespace }}/{{ template "kubernetes-ingress.defaultBackend.fullname" . }} +{{- if .Values.controller.ingressClass }} + - --ingress.class={{ .Values.controller.ingressClass }} +{{- end }} +{{- if .Values.controller.publishService.enabled }} + - --publish-service={{ template "kubernetes-ingress.publishServicePath" . }} +{{- end }} +{{- if .Values.controller.logging.level }} + - --log={{ .Values.controller.logging.level }} +{{- end }} +{{- range .Values.controller.extraArgs }} + - {{ . }} +{{- end }} + ports: + {{- range $key, $value := .Values.controller.containerPort }} + - name: {{ $key }} + containerPort: {{ $value }} + protocol: TCP + {{- if $useHostPort }} + hostPort: {{ index $hostPorts $key | default $value }} + {{- end }} + {{- end }} + {{- range .Values.controller.service.tcpPorts }} + - name: {{ .name }}-tcp + containerPort: {{ .port }} + protocol: TCP + {{- if $useHostPort }} + hostPort: {{ .port }} + {{- end }} + {{- end }} + livenessProbe: + failureThreshold: {{ .Values.controller.livenessProbe.failureThreshold }} + httpGet: + path: {{ .Values.controller.livenessProbe.path }} + port: {{ .Values.controller.livenessProbe.port }} + scheme: {{ .Values.controller.livenessProbe.scheme }} + initialDelaySeconds: {{ .Values.controller.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.controller.livenessProbe.periodSeconds }} + successThreshold: {{ .Values.controller.livenessProbe.successThreshold }} + timeoutSeconds: {{ .Values.controller.livenessProbe.timeoutSeconds }} + readinessProbe: + failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }} + httpGet: + path: {{ .Values.controller.readinessProbe.path }} + port: {{ .Values.controller.readinessProbe.port }} + scheme: {{ .Values.controller.readinessProbe.scheme }} + initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }} + successThreshold: {{ .Values.controller.readinessProbe.successThreshold }} + timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }} + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + resources: + {{- toYaml .Values.controller.resources | nindent 12 }} + {{- with.Values.controller.initContainers }} + initContainers: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end }} diff --git a/charts/haproxy/haproxy/1.4.300/templates/controller-defaultcertsecret.yaml b/charts/haproxy/haproxy/1.4.300/templates/controller-defaultcertsecret.yaml new file mode 100644 index 000000000..bb97b1e05 --- /dev/null +++ b/charts/haproxy/haproxy/1.4.300/templates/controller-defaultcertsecret.yaml @@ -0,0 +1,33 @@ +{{/* +Copyright 2019 HAProxy Technologies LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +apiVersion: v1 +kind: Secret +type: kubernetes.io/tls +metadata: + name: {{ template "kubernetes-ingress.defaultTLSSecret.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + annotations: + "helm.sh/hook": "pre-install" + "helm.sh/hook-delete-policy": "before-hook-creation" +data: +{{ ( include "kubernetes-ingress.gen-certs" . ) | indent 2 }} diff --git a/charts/haproxy/haproxy/1.4.300/templates/controller-deployment.yaml b/charts/haproxy/haproxy/1.4.300/templates/controller-deployment.yaml new file mode 100644 index 000000000..7fd2aae2e --- /dev/null +++ b/charts/haproxy/haproxy/1.4.300/templates/controller-deployment.yaml @@ -0,0 +1,141 @@ +{{/* +Copyright 2019 HAProxy Technologies LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if eq .Values.controller.kind "Deployment" }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "kubernetes-ingress.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} +spec: + {{- if not ( kindIs "invalid" .Values.controller.replicaCount) }} + replicas: {{ .Values.controller.replicaCount }} + {{- end }} + selector: + matchLabels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- with .Values.controller.strategy }} + strategy: + {{- toYaml . | nindent 4 }} + {{- end }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.controller.podLabels }} +{{ toYaml .Values.controller.podLabels | indent 8 }} + {{- end }} + {{- if .Values.controller.podAnnotations }} + annotations: +{{ toYaml .Values.controller.podAnnotations | indent 8 }} + {{- end }} + spec: + serviceAccountName: {{ template "kubernetes-ingress.serviceAccountName" . }} +{{- if .Values.controller.imageCredentials.registry }} + imagePullSecrets: + - name: {{ template "kubernetes-ingress.fullname" . }} +{{- end }} + containers: + - name: {{ template "kubernetes-ingress.name" . }}-{{ .Values.controller.name }} + image: "{{ .Values.controller.image.repository }}:{{ tpl .Values.controller.image.tag . }}" + imagePullPolicy: {{ .Values.controller.image.pullPolicy }} + args: +{{- if .Values.controller.defaultTLSSecret.secret }} + - --default-ssl-certificate={{ .Values.controller.defaultTLSSecret.secret }} +{{- else }} + - --default-ssl-certificate={{ .Release.Namespace }}/{{ template "kubernetes-ingress.defaultTLSSecret.fullname" . }} +{{- end }} + - --configmap={{ .Release.Namespace }}/{{ template "kubernetes-ingress.fullname" . }} + - --default-backend-service={{ .Release.Namespace }}/{{ template "kubernetes-ingress.defaultBackend.fullname" . }} +{{- if .Values.controller.ingressClass }} + - --ingress.class={{ .Values.controller.ingressClass }} +{{- end }} +{{- if .Values.controller.publishService.enabled }} + - --publish-service={{ template "kubernetes-ingress.publishServicePath" . }} +{{- end }} +{{- if .Values.controller.logging.level }} + - --log={{ .Values.controller.logging.level }} +{{- end }} +{{- range .Values.controller.extraArgs }} + - {{ . }} +{{- end }} + ports: + {{- range $key, $value := .Values.controller.containerPort }} + - name: {{ $key }} + containerPort: {{ $value }} + protocol: TCP + {{- end }} + {{- range .Values.controller.service.tcpPorts }} + - name: {{ .name }}-tcp + containerPort: {{ .port }} + protocol: TCP + {{- end }} + livenessProbe: + failureThreshold: {{ .Values.controller.livenessProbe.failureThreshold }} + httpGet: + path: {{ .Values.controller.livenessProbe.path }} + port: {{ .Values.controller.livenessProbe.port }} + scheme: {{ .Values.controller.livenessProbe.scheme }} + initialDelaySeconds: {{ .Values.controller.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.controller.livenessProbe.periodSeconds }} + successThreshold: {{ .Values.controller.livenessProbe.successThreshold }} + timeoutSeconds: {{ .Values.controller.livenessProbe.timeoutSeconds }} + readinessProbe: + failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }} + httpGet: + path: {{ .Values.controller.readinessProbe.path }} + port: {{ .Values.controller.readinessProbe.port }} + scheme: {{ .Values.controller.readinessProbe.scheme }} + initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }} + successThreshold: {{ .Values.controller.readinessProbe.successThreshold }} + timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }} + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + resources: + {{- toYaml .Values.controller.resources | nindent 12 }} + {{- with.Values.controller.initContainers }} + initContainers: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end }} diff --git a/charts/haproxy/haproxy/1.4.300/templates/controller-podsecuritypolicy.yaml b/charts/haproxy/haproxy/1.4.300/templates/controller-podsecuritypolicy.yaml new file mode 100644 index 000000000..77d220f3a --- /dev/null +++ b/charts/haproxy/haproxy/1.4.300/templates/controller-podsecuritypolicy.yaml @@ -0,0 +1,75 @@ +{{/* +Copyright 2019 HAProxy Technologies LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled }} +{{- $useHostNetwork := .Values.controller.daemonset.useHostNetwork }} +{{- $useHostPort := .Values.controller.daemonset.useHostPort }} +{{- $hostPorts := .Values.controller.daemonset.hostPorts -}} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: +{{- if .Values.podSecurityPolicy.annotations }} + annotations: +{{ toYaml .Values.podSecurityPolicy.annotations | indent 4 }} +{{- end }} + labels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + name: {{ template "kubernetes-ingress.fullname" . }} +spec: + allowPrivilegeEscalation: false + allowedCapabilities: + - NET_BIND_SERVICE + defaultAllowPrivilegeEscalation: false + fsGroup: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs +{{- if $useHostNetwork }} + hostNetwork: true +{{- end }} +{{- if or $useHostPort $useHostNetwork }} + hostPorts: +{{- range $key, $value := .Values.controller.containerPort }} + - min: {{ $value }} + max: {{ $value }} +{{- end }} +{{- range .Values.controller.service.tcpPorts }} + - min: {{ .port }} + max: {{ .port }} +{{- end }} +{{- end }} + hostIPC: false + hostPID: false + privileged: false + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + volumes: + - configMap + - downwardAPI + - secret +{{- end }} diff --git a/charts/haproxy/haproxy/1.4.300/templates/controller-pullsecret.yaml b/charts/haproxy/haproxy/1.4.300/templates/controller-pullsecret.yaml new file mode 100644 index 000000000..88252394c --- /dev/null +++ b/charts/haproxy/haproxy/1.4.300/templates/controller-pullsecret.yaml @@ -0,0 +1,32 @@ +{{/* +Copyright 2019 HAProxy Technologies LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.controller.imageCredentials.registry }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "kubernetes-ingress.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} +type: kubernetes.io/dockerconfigjson +data: + .dockerconfigjson: {{ template "kubernetes-ingress.imagePullSecret" . }} +{{- end }} diff --git a/charts/haproxy/haproxy/1.4.300/templates/controller-role.yaml b/charts/haproxy/haproxy/1.4.300/templates/controller-role.yaml new file mode 100644 index 000000000..3e41df6e4 --- /dev/null +++ b/charts/haproxy/haproxy/1.4.300/templates/controller-role.yaml @@ -0,0 +1,38 @@ +{{/* +Copyright 2019 HAProxy Technologies LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "kubernetes-ingress.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} +rules: +- apiGroups: + - "policy" + resources: + - podsecuritypolicies + verbs: + - use + resourceNames: + - {{ template "kubernetes-ingress.fullname" . }} +{{- end -}} diff --git a/charts/haproxy/haproxy/1.4.300/templates/controller-rolebinding.yaml b/charts/haproxy/haproxy/1.4.300/templates/controller-rolebinding.yaml new file mode 100644 index 000000000..40404a401 --- /dev/null +++ b/charts/haproxy/haproxy/1.4.300/templates/controller-rolebinding.yaml @@ -0,0 +1,37 @@ +{{/* +Copyright 2019 HAProxy Technologies LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "kubernetes-ingress.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kubernetes-ingress.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ template "kubernetes-ingress.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end -}} diff --git a/charts/haproxy/haproxy/1.4.300/templates/controller-service.yaml b/charts/haproxy/haproxy/1.4.300/templates/controller-service.yaml new file mode 100644 index 000000000..2fa164137 --- /dev/null +++ b/charts/haproxy/haproxy/1.4.300/templates/controller-service.yaml @@ -0,0 +1,100 @@ +{{/* +Copyright 2019 HAProxy Technologies LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +apiVersion: v1 +kind: Service +metadata: + name: {{ template "kubernetes-ingress.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} +{{- if .Values.controller.service.labels }} +{{ toYaml .Values.controller.service.labels | indent 4 }} +{{- end }} + annotations: +{{- range $key, $value := .Values.controller.service.annotations }} + {{ $key }}: {{ $value | quote }} +{{- end }} +spec: + {{ with .Values.controller.service.clusterIP }}clusterIP: {{ . }}{{ end }} + type: {{ .Values.controller.service.type }} + {{- if .Values.controller.service.externalTrafficPolicy }} + externalTrafficPolicy: {{ .Values.controller.service.externalTrafficPolicy }} + {{- end }} + {{- if .Values.controller.service.healthCheckNodePort }} + healthCheckNodePort: {{ .Values.controller.service.healthCheckNodePort }} + {{- end }} + ports: + {{- if .Values.controller.service.enablePorts.http }} + - name: http + port: {{ .Values.controller.service.ports.http }} + protocol: TCP + targetPort: {{ .Values.controller.service.targetPorts.http }} + {{- if .Values.controller.service.nodePorts.http }} + nodePort: {{ .Values.controller.service.nodePorts.http }} + {{- end }} + {{- end }} + {{- if .Values.controller.service.enablePorts.https }} + - name: https + port: {{ .Values.controller.service.ports.https }} + protocol: TCP + targetPort: {{ .Values.controller.service.targetPorts.https }} + {{- if .Values.controller.service.nodePorts.https }} + nodePort: {{ .Values.controller.service.nodePorts.https }} + {{- end }} + {{- end }} + {{- if .Values.controller.service.enablePorts.stat }} + - name: stat + port: {{ .Values.controller.service.ports.stat }} + protocol: TCP + targetPort: {{ .Values.controller.service.targetPorts.stat }} + {{- if .Values.controller.service.nodePorts.stat }} + nodePort: {{ .Values.controller.service.nodePorts.stat }} + {{- end }} + {{- end }} + {{- range .Values.controller.service.tcpPorts }} + - name: {{ .name }}-tcp + port: {{ .port }} + protocol: TCP + targetPort: {{ .targetPort }} + {{- if .nodePort }} + nodePort: {{ .nodePort }} + {{- end }} + {{- end }} + selector: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.controller.service.sessionAffinity }} + sessionAffinity: {{ .Values.controller.service.sessionAffinity }} + {{- end }} + externalIPs: +{{- if .Values.controller.service.externalIPs }} +{{ toYaml .Values.controller.service.externalIPs | indent 4 }} +{{- end -}} +{{- if (eq .Values.controller.service.type "LoadBalancer") }} +{{- if .Values.controller.service.loadBalancerIP }} + loadBalancerIP: "{{ .Values.controller.service.loadBalancerIP }}" +{{- end }} +{{- if .Values.controller.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: +{{ toYaml .Values.controller.service.loadBalancerSourceRanges | indent 4 }} +{{- end }} +{{- end }} + diff --git a/charts/haproxy/haproxy/1.4.300/templates/controller-serviceaccount.yaml b/charts/haproxy/haproxy/1.4.300/templates/controller-serviceaccount.yaml new file mode 100644 index 000000000..c90710990 --- /dev/null +++ b/charts/haproxy/haproxy/1.4.300/templates/controller-serviceaccount.yaml @@ -0,0 +1,29 @@ +{{/* +Copyright 2019 HAProxy Technologies LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if or .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "kubernetes-ingress.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} +{{- end -}} diff --git a/charts/haproxy/haproxy/1.4.300/templates/default-backend-deployment.yaml b/charts/haproxy/haproxy/1.4.300/templates/default-backend-deployment.yaml new file mode 100644 index 000000000..3dd04e012 --- /dev/null +++ b/charts/haproxy/haproxy/1.4.300/templates/default-backend-deployment.yaml @@ -0,0 +1,71 @@ +{{/* +Copyright 2019 HAProxy Technologies LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} +spec: + {{- if not (kindIs "invalid" .Values.defaultBackend.replicaCount) }} + replicas: {{ .Values.defaultBackend.replicaCount }} + {{- end }} + selector: + matchLabels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.defaultBackend.podLabels }} +{{ toYaml .Values.defaultBackend.podLabels | indent 8 }} + {{- end }} + {{- if .Values.defaultBackend.podAnnotations }} + annotations: +{{ toYaml .Values.defaultBackend.podAnnotations | indent 8 }} + {{- end }} + spec: + containers: + - name: {{ template "kubernetes-ingress.name" . }}-{{ .Values.defaultBackend.name }} + image: "{{ .Values.defaultBackend.image.repository }}:{{ .Values.defaultBackend.image.tag }}" + imagePullPolicy: {{ .Values.defaultBackend.image.pullPolicy }} + ports: + - name: http + containerPort: {{ .Values.defaultBackend.containerPort }} + protocol: TCP + resources: + {{- toYaml .Values.defaultBackend.resources | nindent 12 }} + {{- with .Values.defaultBackend.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.defaultBackend.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ template "kubernetes-ingress.defaultBackend.serviceAccountName" . }} + {{- with .Values.defaultBackend.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/haproxy/haproxy/1.4.300/templates/default-backend-podsecuritypolicy.yaml b/charts/haproxy/haproxy/1.4.300/templates/default-backend-podsecuritypolicy.yaml new file mode 100644 index 000000000..a31d60e8f --- /dev/null +++ b/charts/haproxy/haproxy/1.4.300/templates/default-backend-podsecuritypolicy.yaml @@ -0,0 +1,59 @@ +{{/* +Copyright 2019 HAProxy Technologies LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: +{{- if .Values.podSecurityPolicy.annotations }} + annotations: +{{ toYaml .Values.podSecurityPolicy.annotations | indent 4 }} +{{- end }} + labels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }} +spec: + allowPrivilegeEscalation: false + allowedCapabilities: + - NET_BIND_SERVICE + defaultAllowPrivilegeEscalation: false + fsGroup: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + hostNetwork: false + hostIPC: false + hostPID: false + privileged: false + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + volumes: + - configMap + - downwardAPI + - secret +{{- end }} diff --git a/charts/haproxy/haproxy/1.4.300/templates/default-backend-role.yaml b/charts/haproxy/haproxy/1.4.300/templates/default-backend-role.yaml new file mode 100644 index 000000000..8ca2416ae --- /dev/null +++ b/charts/haproxy/haproxy/1.4.300/templates/default-backend-role.yaml @@ -0,0 +1,38 @@ +{{/* +Copyright 2019 HAProxy Technologies LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} +rules: +- apiGroups: + - "policy" + resources: + - podsecuritypolicies + verbs: + - use + resourceNames: + - {{ template "kubernetes-ingress.defaultBackend.fullname" . }} +{{- end -}} diff --git a/charts/haproxy/haproxy/1.4.300/templates/default-backend-rolebinding.yaml b/charts/haproxy/haproxy/1.4.300/templates/default-backend-rolebinding.yaml new file mode 100644 index 000000000..a27f80465 --- /dev/null +++ b/charts/haproxy/haproxy/1.4.300/templates/default-backend-rolebinding.yaml @@ -0,0 +1,37 @@ +{{/* +Copyright 2019 HAProxy Technologies LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ template "kubernetes-ingress.defaultBackend.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end -}} diff --git a/charts/haproxy/haproxy/1.4.300/templates/default-backend-service.yaml b/charts/haproxy/haproxy/1.4.300/templates/default-backend-service.yaml new file mode 100644 index 000000000..b3108ad61 --- /dev/null +++ b/charts/haproxy/haproxy/1.4.300/templates/default-backend-service.yaml @@ -0,0 +1,38 @@ +{{/* +Copyright 2019 HAProxy Technologies LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +apiVersion: v1 +kind: Service +metadata: + name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} +spec: + type: ClusterIP + clusterIP: None + ports: + - name: http + port: {{ .Values.defaultBackend.service.port }} + protocol: TCP + targetPort: http + selector: + app.kubernetes.io/name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }} + app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/charts/haproxy/haproxy/1.4.300/templates/default-backend-serviceaccount.yaml b/charts/haproxy/haproxy/1.4.300/templates/default-backend-serviceaccount.yaml new file mode 100644 index 000000000..9a5e8169f --- /dev/null +++ b/charts/haproxy/haproxy/1.4.300/templates/default-backend-serviceaccount.yaml @@ -0,0 +1,29 @@ +{{/* +Copyright 2019 HAProxy Technologies LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.serviceAccount.create .Values.defaultBackend.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "kubernetes-ingress.defaultBackend.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} + helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} +{{- end -}} diff --git a/charts/haproxy/haproxy/1.4.300/values.yaml b/charts/haproxy/haproxy/1.4.300/values.yaml new file mode 100644 index 000000000..addf65446 --- /dev/null +++ b/charts/haproxy/haproxy/1.4.300/values.yaml @@ -0,0 +1,116 @@ +controller: + affinity: {} + config: {} + containerPort: + http: 80 + https: 443 + stat: 1024 + daemonset: + hostPorts: + http: 80 + https: 443 + stat: 1024 + useHostNetwork: false + useHostPort: false + defaultTLSSecret: + enabled: true + secret: null + extraArgs: [] + image: + pullPolicy: IfNotPresent + repository: haproxytech/kubernetes-ingress + tag: '{{ .Chart.AppVersion }}' + imageCredentials: + password: null + registry: null + username: null + ingressClass: null + initContainers: [] + kind: Deployment + livenessProbe: + failureThreshold: 3 + initialDelaySeconds: 0 + path: /healthz + periodSeconds: 10 + port: 1042 + scheme: HTTP + successThreshold: 1 + timeoutSeconds: 1 + logging: + level: info + traffic: {} + name: controller + nodeSelector: {} + podAnnotations: {} + podLabels: {} + publishService: + enabled: false + pathOverride: "" + readinessProbe: + failureThreshold: 3 + initialDelaySeconds: 0 + path: /healthz + periodSeconds: 10 + port: 1042 + scheme: HTTP + successThreshold: 1 + timeoutSeconds: 1 + replicaCount: 2 + resources: + requests: + cpu: 100m + memory: 64Mi + service: + annotations: {} + enablePorts: + http: true + https: true + stat: true + externalIPs: [] + healthCheckNodePort: 0 + labels: {} + loadBalancerIP: "" + loadBalancerSourceRanges: [] + nodePorts: {} + ports: + http: 80 + https: 443 + stat: 1024 + targetPorts: + http: http + https: https + stat: stat + tcpPorts: [] + type: NodePort + strategy: {} + tolerations: [] +defaultBackend: + affinity: {} + containerPort: 8080 + image: + pullPolicy: IfNotPresent + repository: k8s.gcr.io/defaultbackend-amd64 + runAsUser: 65534 + tag: 1.5 + name: default-backend + nodeSelector: {} + podAnnotations: {} + podLabels: {} + replicaCount: 2 + resources: + requests: + cpu: 10m + memory: 16Mi + service: + port: 8080 + serviceAccount: + create: true + tolerations: [] +podSecurityPolicy: + annotations: {} + enabled: false +rbac: + create: true +serviceAccount: + create: true + name: null diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/Chart.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/Chart.yaml new file mode 100644 index 000000000..cb4b7dd2f --- /dev/null +++ b/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/Chart.yaml @@ -0,0 +1,22 @@ +annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/release-name: hpe-csi-driver +apiVersion: v1 +appVersion: 1.3.0 +description: A Helm chart for installing the HPE CSI Driver for Kubernetes +home: https://hpe.com/storage/containers +icon: https://raw.githubusercontent.com/hpe-storage/co-deployments/master/docs/assets/hpedev.png +keywords: +- HPE +- Storage +- StorageClass +- CentOS +- Ubuntu +- RHEL +maintainers: +- email: hpe-containers-dev@hpe.com + name: shivamerla +name: hpe-csi-driver +sources: +- https://scod.hpedev.io/csi_driver +version: 1.3.000 diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/README.md b/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/README.md new file mode 100644 index 000000000..4cdf3f49d --- /dev/null +++ b/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/README.md @@ -0,0 +1,110 @@ +# HPE CSI Driver for Kubernetes Helm chart + +The [HPE CSI Driver for Kubernetes](https://scod.hpedev.io/csi_driver/index.html) leverages HPE storage platforms to provide scalable and persistent storage for stateful applications. + +## Prerequisites + +- Upstream Kubernetes version >= 1.15 +- Most Kubernetes distributions are supported +- Recent Ubuntu, SLES, CentOS or RHEL compute nodes connected to their respective official package repositories +- Helm 3 (Version >= 3.2.0 required) + +Depending on which [Container Storage Provider](https://scod.hpedev.io/container_storage_provider/index.html) (CSP) is being used, other prerequisites and requirements may apply, such as storage platform OS and features. + +- [HPE Nimble Storage](https://scod.hpedev.io/container_storage_provider/hpe_nimble_storage/index.html) +- [HPE 3PAR and Primera](https://scod.hpedev.io/container_storage_provider/hpe_3par_primera/index.html) + +## Configuration and installation + +The following table lists the configurable parameters of the HPE-CSI chart and their default values. + +| Parameter | Description | Default | +|---------------------------|------------------------------------------------------------------------|--------------| +| logLevel | Log level. Can be one of `info`, `debug`, `trace`, `warn` and `error`. | info | +| imagePullPolicy | Image pull policy (`Always`, `IfNotPresent`, `Never`). | IfNotPresent | +| disableNodeConformance | Disable automatic installation of iSCSI/Multipath Packages. | false | +| iscsi.chapUser | Username for iSCSI CHAP authentication. | "" | +| iscsi.chapPassword | Password for iSCSI CHAP authentication. | "" | + +It's recommended to create a [values.yaml](https://github.com/hpe-storage/co-deployments/blob/master/helm/values/csi-driver) file from the corresponding release of the chart and edit it to fit the environment the chart is being deployed to. Download and edit [a sample file](https://github.com/hpe-storage/co-deployments/blob/master/helm/values/csi-driver). + +These are the bare minimum required parameters for a successful deployment to an iSCSI environment if CHAP authentication is required. + +``` +iscsi: + chapUser: + chapPassword: +``` + +Tweak any additional parameters to suit the environment or as prescribed by HPE. + +### Installing the chart + +To install the chart with the name `hpe-csi`: + +Add HPE helm repo: + +``` +helm repo add hpe https://hpe-storage.github.io/co-deployments +helm repo update +``` + +Install the latest chart: + +``` +helm install hpe-csi hpe/hpe-csi-driver --namespace kube-system -f myvalues.yaml +``` + +**Note**: values.yaml is optional if no parameters are overridden from defaults. + +### Upgrading the Chart + +To upgrade the chart, specify the version you want to upgrade to as below. Please do NOT re-use a full blown `values.yaml` from prior versions to upgrade to later versions. Always use `values.yaml` from corresponding release from [values.yaml](https://github.com/hpe-storage/co-deployments/blob/master/helm/values/csi-driver) + +List the avaiable version of the plugin: + +``` +helm repo update +helm search repo hpe-csi-driver -l +``` + +Select the target version to upgrade as below: + +``` +helm upgrade hpe-csi hpe/hpe-csi-driver --namespace kube-system --version=x.x.x.x -f myvalues.yaml +``` + +### Uninstalling the Chart + +To uninstall the `hpe-csi` chart: + +``` +helm uninstall hpe-csi --namespace kube-system +``` + +**Note**: Due to a limitation in Helm, CRDs are not deleted as part of the chart uninstall. + +### Alternative install method + +In some cases it's more practical to provide the local configuration via the `helm` CLI directly. Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. These will take precedence over entries in [values.yaml](https://github.com/hpe-storage/co-deployments/blob/master/helm/values/csi-driver). For example: + +``` +helm install hpe-csi hpe/hpe-csi-driver --namespace kube-system --set iscsi.chapUsername=admin \ +--set iscsi.chapPassword=xxxxxxxx +``` + +## Using persistent storage with Kubernetes + +Enable dynamic provisioning of persistent storage by creating a `StorageClass` API object that references a `Secret` which maps to a supported HPE primary storage backend. Refer to the [HPE CSI Driver for Kubernetes](https://scod.hpedev.io/csi_driver/using.html) documentation on [HPE Storage Container Orchestration Documentation](https://scod.hpedev.io/). Also, it's helpful to be familiar with [persistent storage concepts](https://kubernetes.io/docs/concepts/storage/volumes/) in Kubernetes prior to deploying stateful workloads. + +## Support + +The HPE CSI Driver for Kubernetes Helm chart is covered by your HPE support contract. Please file any issues, questions or feature requests [here](https://github.com/hpe-storage/co-deployments/issues) or contact HPE through the regular support channels. You may also join our Slack community to chat with HPE folks close to this project. We hang out in `#NimbleStorage`, `#3par-primera` and `#Kubernetes` at [hpedev.slack.com](https://hpedev.slack.com), sign up here: [slack.hpedev.io](https://slack.hpedev.io/). + +## Contributing + +We value all feedback and contributions. If you find any issues or want to contribute, please feel free to open an issue or file a PR. More details in [CONTRIBUTING.md](https://github.com/hpe-storage/co-deployments/blob/master/CONTRIBUTING.md) + +## License + +This is open source software licensed using the Apache License 2.0. Please see [LICENSE](https://github.com/hpe-storage/co-deployments/blob/master/LICENSE) for details. diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/app-readme.md b/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/app-readme.md new file mode 100644 index 000000000..29ca912cb --- /dev/null +++ b/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/app-readme.md @@ -0,0 +1,3 @@ +# HPE CSI Driver for Kubernetes + +The [HPE CSI Driver for Kubernetes](https://github.com/hpe-storage/csi-driver) leverages HPE storage platforms to provide scalable and persistent storage for stateful applications. diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/crds/hpe-nodeinfo-crd.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/crds/hpe-nodeinfo-crd.yaml new file mode 100644 index 000000000..e63caf45c --- /dev/null +++ b/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/crds/hpe-nodeinfo-crd.yaml @@ -0,0 +1,54 @@ +--- +############################################# +############ HPE Node Info CRD ############ +############################################# +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: hpenodeinfos.storage.hpe.com +spec: + group: storage.hpe.com + names: + kind: HPENodeInfo + plural: hpenodeinfos + scope: Cluster + validation: + openAPIV3Schema: + properties: + hpeNodes: + description: List of HPE nodes configured for storage access. + items: + properties: + uuid: + description: The UUID of the node. + type: string + iqns: + description: List of IQNs configured on the node. + items: + type: string + type: array + chapUser: + description: The CHAP User Name + type: string + chapPassword: + description: The CHAP Password + type: string + networks: + description: List of networks configured on the node. + items: + type: string + type: array + wwpns: + description: List of WWPNs configured on the node. + items: + type: string + type: array + type: array + version: v1 +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] \ No newline at end of file diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/crds/hpe-replicated-device-info-crd.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/crds/hpe-replicated-device-info-crd.yaml new file mode 100644 index 000000000..846d76edd --- /dev/null +++ b/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/crds/hpe-replicated-device-info-crd.yaml @@ -0,0 +1,57 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: hpereplicationdeviceinfos.storage.hpe.com +spec: + group: storage.hpe.com + names: + kind: HPEReplicationDeviceInfo + plural: hpereplicationdeviceinfos + shortNames: + - hperdi + + scope: Cluster + validation: + openAPIV3Schema: + properties: + hpeReplicationDeviceInfos: + description: List of HPE Replicated Arrays configured for 3PAR/Primera arrays. + items: + properties: + targets: + description: Target Array Details + type: array + items: + properties: + targetName: + description: Target Name of the array + type: string + targetCpg: + description: Target CPG of the array + type: string + targetSnapCpg: + description: Target Snap CPG of the array + type: string + targetSecret: + description: Secret of the replicated array + type: string + targetMode: + description: Replication Mode + type: string + targetSecretNamespace: + description: Namespace of secret + type: string + required: + - targetName + - targetCpg + - targetSecret + - targetSecretNamespace + type: array + version: v1 +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/crds/hpe-volumeinfo-crd.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/crds/hpe-volumeinfo-crd.yaml new file mode 100644 index 000000000..417f4f4f3 --- /dev/null +++ b/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/crds/hpe-volumeinfo-crd.yaml @@ -0,0 +1,32 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: hpevolumeinfos.storage.hpe.com +spec: + group: storage.hpe.com + names: + kind: HPEVolumeInfo + plural: hpevolumeinfos + scope: Cluster + validation: + openAPIV3Schema: + properties: + hpeVolumes: + description: List of HPE volumes configured for 3PAR/Primera arrays. + items: + properties: + uuid: + description: The UUID of the volume. + type: string + record: + description: Metadata for the volume. + type: map[string]string + type: array + version: v1 +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/files/config.json b/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/files/config.json new file mode 100644 index 000000000..d00650184 --- /dev/null +++ b/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/files/config.json @@ -0,0 +1,128 @@ +[ + { + "category": "iscsi", + "severity": "warning", + "description": "Manual startup of iSCSI nodes on boot. Can be set in /etc/iscsi/iscsid.conf", + "parameter": "startup", + "recommendation": "manual" + }, + { + "category": "iscsi", + "severity": "warning", + "description": "Replacement_timeout of 10 seconds is recommended for faster failover of I/O by multipath on path failures. Can be set in /etc/iscsi/iscsid.conf", + "parameter": "replacement_timeout", + "recommendation": "10" + }, + { + "category": "iscsi", + "severity": "warning", + "description": "Minimum login timeout of 15 seconds is recommended with iSCSI. Can be set in /etc/iscsi/iscsid.conf", + "parameter": "login_timeout", + "recommendation": "15" + }, + { + "category": "iscsi", + "severity": "warning", + "description": "Minimum timeout of 10 seconds is recommended with noop requests. Can be set in /etc/iscsi/iscsid.conf", + "parameter": "noop_out_timeout", + "recommendation": "10" + }, + { + "category": "iscsi", + "severity": "info", + "description": "Minimum cmds_max of 512 is recommended for each session if handling multiple LUN's. Can be set in /etc/iscsi/iscsid.conf", + "parameter": "cmds_max", + "recommendation": "512" + }, + { + "category": "iscsi", + "severity": "warning", + "description": "Minimum queue_depth of 256 is recommended for each iSCSI session/path. Can be set in /etc/iscsi/iscsid.conf", + "parameter": "queue_depth", + "recommendation": "256" + }, + { + "category": "iscsi", + "severity": "info", + "description": "Minimum number of sessions per iSCSI login is recommended to be 1 by default. If additional sessions are needed this can be set in /etc/iscsi/iscsid.conf. If NCM is running, please change min_session_per_array in /etc/ncm.conf and restart nlt service instead", + "parameter": "nr_sessions", + "recommendation": "1" + }, + { + "category": "multipath", + "severity": "critical", + "description": "product attribute recommended to be set to Server in /etc/multipath.conf", + "parameter": "product", + "recommendation": "\"Server\"" + }, + { + "category": "multipath", + "severity": "critical", + "description": "alua prioritizer is recommended. Can be set in /etc/multipath.conf", + "parameter": "prio", + "recommendation": "alua" + }, + { + "category": "multipath", + "severity": "critical", + "description": "scsi_dh_alua device handler is recommended. Can be set in /etc/multipath.conf", + "parameter": "hardware_handler", + "recommendation": "\"1 alua\"" + }, + { + "category": "multipath", + "severity": "warning", + "description": "immediate failback setting is recommended. Can be set in /etc/multipath.conf", + "parameter": "failback", + "recommendation": "immediate" + }, + { + "category": "multipath", + "severity": "critical", + "description": "immediately fail i/o on transient path failures to retry on other paths, value=1. Can be set in /etc/multipath.conf", + "parameter": "fast_io_fail_tmo", + "recommendation": "5" + }, + { + "category": "multipath", + "severity": "critical", + "description": "queueing is recommended for 150 seconds, with no_path_retry value of 30. Can be set in /etc/multipath.conf", + "parameter": "no_path_retry", + "recommendation": "30" + }, + { + "category": "multipath", + "severity": "warning", + "description": "service-time path selector is recommended. Can be set in /etc/multipath.conf", + "parameter": "path_selector", + "recommendation": "\"service-time 0\"" + }, + { + "category": "multipath", + "severity": "critical", + "description": "vendor attribute recommended to be set to Nimble in /etc/multipath.conf", + "parameter": "vendor", + "recommendation": "\"Nimble\"" + }, + { + "category": "multipath", + "severity": "critical", + "description": "group paths according to ALUA path priority of active/standby. Recommended to be set to group_by_prio in /etc/multipath.conf", + "parameter": "path_grouping_policy", + "recommendation": "group_by_prio" + }, + { + "category": "multipath", + "severity": "critical", + "description": "tur path checker is recommended. Can be set in /etc/multipath.conf", + "parameter": "path_checker", + "recommendation": "tur" + }, + { + "category": "multipath", + "severity": "critical", + "description": "infinite value is recommended for timeout in cases of device loss for FC. Can be set in /etc/multipath.conf", + "parameter": "dev_loss_tmo", + "recommendation": "infinity" + } +] \ No newline at end of file diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/questions.yml b/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/questions.yml new file mode 100644 index 000000000..ac34ad76f --- /dev/null +++ b/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/questions.yml @@ -0,0 +1,29 @@ +questions: +- variable: imagePullPolicy + label: "ImagePullPolicy" + default: "IfNotPresent" + type: enum + options: + - "IfNotPresent" + - "Always" + - "Never" + description: "ImagePullPolicy for all CSI driver images" + group: "HPE CSI Driver settings" +- variable: disableNodeConformance + label: "Disable automatic installation of iSCSI/Multipath Packages" + type: boolean + default: false + description: "Disable automatic installation of iSCSI/Multipath Packages" + group: "HPE CSI Driver settings" +- variable: iscsi.chapUser + label: "iSCSI CHAP Username" + type: string + required: true + description: "Specify username for iSCSI CHAP authentication" + group: "HPE iSCSI settings" +- variable: iscsi.chapPassword + label: "iSCSI CHAP Password" + type: password + required: true + description: "Specify password for iSCSI CHAP authentication" + group: "HPE iSCSI settings" diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/NOTES.txt b/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/NOTES.txt new file mode 100644 index 000000000..e69de29bb diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/_helpers.tpl b/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/_helpers.tpl new file mode 100644 index 000000000..165840d52 --- /dev/null +++ b/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/_helpers.tpl @@ -0,0 +1,32 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "hpe-csi-storage.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "hpe-csi-storage.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "hpe-csi-storage.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/csi-driver-crd.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/csi-driver-crd.yaml new file mode 100644 index 000000000..39fbe4292 --- /dev/null +++ b/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/csi-driver-crd.yaml @@ -0,0 +1,16 @@ +{{- if semverCompare ">=1.14.0" .Capabilities.KubeVersion.GitVersion }} +--- + +################# CSI Driver ########### +apiVersion: storage.k8s.io/v1beta1 +kind: CSIDriver +metadata: + name: csi.hpe.com +spec: + podInfoOnMount: true + {{- if semverCompare ">=1.16.0" .Capabilities.KubeVersion.GitVersion }} + volumeLifecycleModes: + - Persistent + - Ephemeral + {{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/hpe-csi-controller.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/hpe-csi-controller.yaml new file mode 100644 index 000000000..61705ec11 --- /dev/null +++ b/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/hpe-csi-controller.yaml @@ -0,0 +1,171 @@ +--- + +############################################# +############ Controller driver ############ +############################################# + +kind: Deployment +apiVersion: apps/v1 +metadata: + name: hpe-csi-controller + namespace: {{ .Release.Namespace }} +spec: + replicas: 1 + selector: + matchLabels: + app: hpe-csi-controller + template: + metadata: + labels: + app: hpe-csi-controller + role: hpe-csi + spec: + serviceAccount: hpe-csi-controller-sa + {{- if semverCompare ">=1.17.0" .Capabilities.KubeVersion.GitVersion }} + priorityClassName: system-cluster-critical + {{- end }} + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + dnsConfig: + options: + - name: ndots + value: "1" + containers: + - name: csi-provisioner + {{- if semverCompare "<=1.16.0" .Capabilities.KubeVersion.GitVersion }} + image: quay.io/k8scsi/csi-provisioner:v1.4.0 + {{- else }} + image: quay.io/k8scsi/csi-provisioner:v1.5.0 + {{- end }} + args: + - "--csi-address=$(ADDRESS)" + - "--v=5" + {{- if semverCompare ">= 1.13.0" .Capabilities.KubeVersion.GitVersion }} + - "--timeout=30s" + - "--worker-threads=16" + {{- end }} + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + imagePullPolicy: {{ .Values.imagePullPolicy | quote }} + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy + - name: csi-attacher + {{- if semverCompare "~1.13.0" .Capabilities.KubeVersion.GitVersion }} + image: quay.io/k8scsi/csi-attacher:v1.1.0 + {{- else }} + image: quay.io/k8scsi/csi-attacher:v2.1.1 + {{- end }} + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + imagePullPolicy: {{ .Values.imagePullPolicy | quote }} + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy + {{- if semverCompare ">=1.17.0" .Capabilities.KubeVersion.GitVersion }} + - name: csi-snapshotter + image: quay.io/k8scsi/csi-snapshotter:v2.0.1 + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + imagePullPolicy: "Always" + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + {{- end }} + {{- if semverCompare ">=1.15.0" .Capabilities.KubeVersion.GitVersion }} + - name: csi-resizer + image: quay.io/k8scsi/csi-resizer:v0.4.0 + args: + - "--csi-address=$(ADDRESS)" + - "--v=5" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + imagePullPolicy: {{ .Values.imagePullPolicy | quote }} + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy + {{- end }} + - name: hpe-csi-driver + image: hpestorage/csi-driver:v1.3.0 + args : + - "--endpoint=$(CSI_ENDPOINT)" + - "--flavor=kubernetes" + - "--pod-monitor" + - "--pod-monitor-interval=30" + env: + - name: CSI_ENDPOINT + value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock + - name: LOG_LEVEL + value: {{ .Values.logLevel }} + imagePullPolicy: {{ .Values.imagePullPolicy | quote }} + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy + - name: log-dir + mountPath: /var/log + - name: k8s + mountPath: /etc/kubernetes + - name: hpeconfig + mountPath: /etc/hpe-storage + - name: root-dir + mountPath: /host + - name: csi-volume-mutator + image: quay.io/hpestorage/volume-mutator:v1.0.0 + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi-extensions.sock + imagePullPolicy: {{ .Values.imagePullPolicy | quote }} + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-extensions + image: quay.io/hpestorage/csi-extensions:v1.0.0 + args: + - "--v=5" + - "--endpoint=$(CSI_ENDPOINT)" + env: + - name: CSI_ENDPOINT + value: unix:///var/lib/csi/sockets/pluginproxy/csi-extensions.sock + - name: LOG_LEVEL + value: {{ .Values.logLevel }} + imagePullPolicy: {{ .Values.imagePullPolicy | quote }} + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + volumes: + - name: socket-dir + emptyDir: {} + - name: log-dir + hostPath: + path: /var/log + - name: k8s + hostPath: + path: /etc/kubernetes + - name: hpeconfig + hostPath: + path: /etc/hpe-storage + - name: root-dir + hostPath: + path: / + tolerations: + - effect: NoExecute + key: node.kubernetes.io/not-ready + operator: Exists + tolerationSeconds: 30 + - effect: NoExecute + key: node.kubernetes.io/unreachable + operator: Exists + tolerationSeconds: 30 diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/hpe-csi-node.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/hpe-csi-node.yaml new file mode 100644 index 000000000..8a3953638 --- /dev/null +++ b/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/hpe-csi-node.yaml @@ -0,0 +1,165 @@ +--- + +####################################### +############ Node driver ############ +####################################### + +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: hpe-csi-node + namespace: {{ .Release.Namespace }} +spec: + selector: + matchLabels: + app: hpe-csi-node + template: + metadata: + labels: + app: hpe-csi-node + role: hpe-csi + spec: + serviceAccount: hpe-csi-node-sa + {{- if semverCompare ">=1.17.0" .Capabilities.KubeVersion.GitVersion }} + priorityClassName: system-node-critical + {{- end }} + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + dnsConfig: + options: + - name: ndots + value: "1" + containers: + - name: csi-node-driver-registrar + image: quay.io/k8scsi/csi-node-driver-registrar:v1.1.0 + args: + - "--csi-address=$(ADDRESS)" + - "--kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)" + - "--v=5" + lifecycle: + preStop: + exec: + command: ["/bin/sh", "-c", "rm -rf /registration/csi.hpe.com /registration/csi.hpe.com-reg.sock"] + env: + - name: ADDRESS + value: /csi/csi.sock + - name: DRIVER_REG_SOCK_PATH + value: /var/lib/kubelet/plugins/csi.hpe.com/csi.sock + {{- if semverCompare "~1.12.0" .Capabilities.KubeVersion.GitVersion }} + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + {{- end }} + imagePullPolicy: "Always" + volumeMounts: + - name: plugin-dir + mountPath: /csi/ + - name: registration-dir + mountPath: /registration + - name: hpe-csi-driver + image: hpestorage/csi-driver:v1.3.0 + args : + - "--endpoint=$(CSI_ENDPOINT)" + - "--node-service" + - "--flavor=kubernetes" + env: + - name: CSI_ENDPOINT + value: unix:///csi/csi.sock + - name: LOG_LEVEL + value: {{ .Values.logLevel }} + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + {{ if and .Values.iscsi.chapUser .Values.iscsi.chapPassword }} + - name: CHAP_USER + value: {{ .Values.iscsi.chapUser }} + - name: CHAP_PASSWORD + value: {{ .Values.iscsi.chapPassword }} + {{- end }} + {{ if .Values.disableNodeConformance -}} + - name: DISABLE_NODE_CONFORMANCE + value: "true" + {{- end }} + imagePullPolicy: {{ .Values.imagePullPolicy | quote }} + securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + allowPrivilegeEscalation: true + volumeMounts: + - name: plugin-dir + mountPath: /csi + - name: pods-mount-dir + mountPath: /var/lib/kubelet + # needed so that any mounts setup inside this container are + # propagated back to the host machine. + mountPropagation: "Bidirectional" + - name: root-dir + mountPath: /host + mountPropagation: "Bidirectional" + - name: device-dir + mountPath: /dev + - name: log-dir + mountPath: /var/log + - name: etc-hpe-storage-dir + mountPath: /etc/hpe-storage + - name: etc-kubernetes + mountPath: /etc/kubernetes + - name: sys + mountPath: /sys + - name: runsystemd + mountPath: /run/systemd + - name: etcsystemd + mountPath: /etc/systemd/system + - name: linux-config-file + mountPath: /opt/hpe-storage/nimbletune/config.json + subPath: config.json + volumes: + - name: registration-dir + hostPath: + path: /var/lib/kubelet/plugins_registry + - name: plugin-dir + hostPath: + path: /var/lib/kubelet/plugins/csi.hpe.com + - name: pods-mount-dir + hostPath: + path: /var/lib/kubelet + - name: root-dir + hostPath: + path: / + - name: device-dir + hostPath: + path: /dev + - name: log-dir + hostPath: + path: /var/log + - name: etc-hpe-storage-dir + hostPath: + path: /etc/hpe-storage + - name: etc-kubernetes + hostPath: + path: /etc/kubernetes + - name: runsystemd + hostPath: + path: /run/systemd + - name: etcsystemd + hostPath: + path: /etc/systemd/system + - name: sys + hostPath: + path: /sys + - name: linux-config-file + configMap: + name: hpe-linux-config + tolerations: + - effect: NoExecute + key: node.kubernetes.io/not-ready + operator: Exists + tolerationSeconds: 30 + - effect: NoExecute + key: node.kubernetes.io/unreachable + operator: Exists + tolerationSeconds: 30 diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/hpe-csi-rbac.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/hpe-csi-rbac.yaml new file mode 100644 index 000000000..bbde8540e --- /dev/null +++ b/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/hpe-csi-rbac.yaml @@ -0,0 +1,408 @@ +--- + +kind: ServiceAccount +apiVersion: v1 +metadata: + name: hpe-csi-controller-sa + namespace: {{ .Release.Namespace }} + +--- + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-provisioner-role +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["namespaces"] + verbs: ["get", "list", "create"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["serviceaccounts"] + verbs: ["get", "list", "create"] + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "create"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete", "update"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["create", "get", "list", "watch", "update", "delete"] + - apiGroups: [""] + resources: ["services"] + verbs: ["create", "get", "list", "watch", "update", "delete"] + - apiGroups: ["apps"] + resources: ["deployments"] + verbs: ["create", "get", "list", "watch", "update", "delete"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] +{{- if semverCompare ">=1.17.0" .Capabilities.KubeVersion.GitVersion }} + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["get", "list"] +{{- end }} + - apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "delete"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update", "patch", "delete"] + +--- + +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-provisioner-binding +subjects: + - kind: ServiceAccount + name: hpe-csi-controller-sa + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: hpe-csi-provisioner-role + apiGroup: rbac.authorization.k8s.io + +--- + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-attacher-role +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments/status"] + verbs: ["get", "list", "watch", "update", "create", "delete"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "watch", "list"] + {{- if semverCompare "~1.12.0" .Capabilities.KubeVersion.GitVersion }} + resources: ["csinodeinfos"] + verbs: ["get", "list", "watch"] + {{- else if semverCompare "~1.13.0" .Capabilities.KubeVersion.GitVersion }} + - apiGroups: ["csi.storage.k8s.io"] + resources: ["csinodeinfos"] + verbs: ["get", "list", "watch"] + {{ else }} + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch"] + {{- end }} + +--- + +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-attacher-binding +subjects: + - kind: ServiceAccount + name: hpe-csi-controller-sa + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: hpe-csi-attacher-role + apiGroup: rbac.authorization.k8s.io + + +{{- if semverCompare ">=1.17.0" .Capabilities.KubeVersion.GitVersion }} +--- + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-snapshotter-role +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["create", "update", "delete", "get", "list", "watch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots/status"] + verbs: ["update"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["create", "update", "delete", "get", "list", "watch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents/status"] + verbs: ["create", "get", "list", "watch", "update", "delete"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["get", "list", "watch", "create", "delete", "update"] + +--- + +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-snapshotter-binding +subjects: + - kind: ServiceAccount + name: hpe-csi-controller-sa + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: hpe-csi-snapshotter-role + apiGroup: rbac.authorization.k8s.io + +{{- end }} + + +{{- if semverCompare ">=1.15.0" .Capabilities.KubeVersion.GitVersion }} +--- +# Resizer must be able to work with PVCs, PVs, SCs. +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: external-resizer-role +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims/status"] + verbs: ["update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + +--- + +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-resizer-role +subjects: + - kind: ServiceAccount + name: hpe-csi-controller-sa + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: external-resizer-role + apiGroup: rbac.authorization.k8s.io + +--- + +# Resizer must be able to work with end point in current namespace +# if (and only if) leadership election is enabled +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + namespace: {{ .Release.Namespace }} + name: external-resizer-cfg +rules: + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] + +--- + +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-resizer-role-cfg + namespace: {{ .Release.Namespace }} +subjects: + - kind: ServiceAccount + name: hpe-csi-controller-sa + namespace: {{ .Release.Namespace }} +roleRef: + kind: Role + name: external-resizer-cfg + apiGroup: rbac.authorization.k8s.io + + +--- +# mutator must be able to work with PVCs, PVs, SCs. +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-mutator-role +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims/status"] + verbs: ["update", "patch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-mutator-binding +subjects: + - kind: ServiceAccount + name: hpe-csi-controller-sa + # replace with non-default namespace name + namespace: kube-system +roleRef: + kind: ClusterRole + name: csi-mutator-role + apiGroup: rbac.authorization.k8s.io + +--- +# mutator must be able to work with end point in current namespace +# if (and only if) leadership election is enabled +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + namespace: kube-system + name: csi-mutator-cfg +rules: +- apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] + +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-mutator-role-cfg + namespace: kube-system +subjects: + - kind: ServiceAccount + name: hpe-csi-controller-sa + namespace: kube-system +roleRef: + kind: Role + name: csi-mutator-cfg + apiGroup: rbac.authorization.k8s.io +{{- end }} + +--- + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-driver-role + namespace: {{ .Release.Namespace }} +rules: + - apiGroups: ["storage.hpe.com"] + resources: ["hpenodeinfos"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["storage.hpe.com"] + resources: ["hpevolumeinfos"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["storage.hpe.com"] + resources: ["hpereplicationdeviceinfos"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["services"] + verbs: ["get"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["namespaces"] + verbs: ["get", "list"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + +--- + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: hpe-csi-node-sa + namespace: {{ .Release.Namespace }} + +--- + +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-driver-binding +subjects: + - kind: ServiceAccount + name: hpe-csi-controller-sa + namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: hpe-csi-node-sa + namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: hpe-csp-sa + namespace: {{ .Release.Namespace }} + +roleRef: + kind: ClusterRole + name: hpe-csi-driver-role + apiGroup: rbac.authorization.k8s.io + +--- + +kind: ServiceAccount +apiVersion: v1 +metadata: + name: hpe-csp-sa + namespace: {{ .Release.Namespace }} diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/hpe-linux-config.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/hpe-linux-config.yaml new file mode 100644 index 000000000..5e4c4944a --- /dev/null +++ b/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/hpe-linux-config.yaml @@ -0,0 +1,13 @@ +--- +kind: ConfigMap +apiVersion: v1 +metadata: + name: hpe-linux-config + namespace: {{ .Release.Namespace }} +data: +{{ if and .Values.iscsi.chapUser .Values.iscsi.chapPassword }} + CHAP_USER: {{ .Values.iscsi.chapUser | quote }} + CHAP_PASSWORD: {{ .Values.iscsi.chapPassword | quote }} +{{- end }} + config.json: |- +{{ (.Files.Get "files/config.json") | indent 4 }} \ No newline at end of file diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/hpe-secret.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/hpe-secret.yaml new file mode 100644 index 000000000..f5b252758 --- /dev/null +++ b/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/hpe-secret.yaml @@ -0,0 +1,47 @@ +{{ if $secret := (lookup "v1" "Secret" .Release.Namespace "nimble-secret") -}} +# This is required to maintain backward compatibility of resources(secret) +# created with previous releases as we no longer create a secret with CSI driver install. +# Annotation "helm.sh/resource-policy": keep" should help to remove this file altogether +# in future. +# Also, manage the secret only if created by previous versions of helm with below check. +--- +apiVersion: v1 +kind: Secret +metadata: + name: nimble-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/managed-by: Helm + annotations: + helm.sh/resource-policy: keep + meta.helm.sh/release-name: {{ .Release.Name }} + meta.helm.sh/release-namespace: {{ .Release.Namespace }} +data: + username: {{ $secret.data.username }} + password: {{ $secret.data.password }} + servicePort: {{ $secret.data.servicePort }} + backend: {{ $secret.data.backend }} + serviceName: {{ $secret.data.serviceName }} +{{- end }} + +{{ if $secret := (lookup "v1" "Secret" .Release.Namespace "primera3par-secret") -}} +--- +apiVersion: v1 +kind: Secret +metadata: + name: primera3par-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/managed-by: Helm + annotations: + helm.sh/resource-policy: keep + meta.helm.sh/release-name: {{ .Release.Name }} + meta.helm.sh/release-namespace: {{ .Release.Namespace }} +data: + username: {{ $secret.data.username }} + password: {{ $secret.data.password }} + servicePort: {{ $secret.data.servicePort }} + backend: {{ $secret.data.backend }} + serviceName: {{ $secret.data.serviceName }} +{{- end }} + diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/nimble-csp.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/nimble-csp.yaml new file mode 100644 index 000000000..a2efbe5fb --- /dev/null +++ b/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/nimble-csp.yaml @@ -0,0 +1,60 @@ +--- +### CSP Service ### +kind: Service +apiVersion: v1 +metadata: + name: nimble-csp-svc + namespace: {{ .Release.Namespace }} + labels: + app: nimble-csp-svc +spec: + ports: + - port: 8080 + protocol: TCP + selector: + app: nimble-csp + +--- +### CSP deployment ### +kind: Deployment +apiVersion: apps/v1 +metadata: + name: nimble-csp + namespace: {{ .Release.Namespace }} +spec: + selector: + matchLabels: + app: nimble-csp + replicas: 1 + template: + metadata: + labels: + app: nimble-csp + spec: + serviceAccount: hpe-csp-sa + {{- if semverCompare ">=1.17.0" .Capabilities.KubeVersion.GitVersion }} + priorityClassName: system-cluster-critical + {{- end }} + containers: + - name: nimble-csp + image: hpestorage/nimble-csp:v1.3.0 + imagePullPolicy: {{ .Values.imagePullPolicy | quote }} + ports: + - containerPort: 8080 + volumeMounts: + - name: log-dir + mountPath: /var/log + volumes: + - name: log-dir + hostPath: + path: /var/log + tolerations: + - effect: NoExecute + key: node.kubernetes.io/not-ready + operator: Exists + tolerationSeconds: 30 + - effect: NoExecute + key: node.kubernetes.io/unreachable + operator: Exists + tolerationSeconds: 30 + diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/primera-3par-csp.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/primera-3par-csp.yaml new file mode 100644 index 000000000..2e13db55e --- /dev/null +++ b/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/primera-3par-csp.yaml @@ -0,0 +1,61 @@ +--- +### CSP Service ### +kind: Service +apiVersion: v1 +metadata: + name: primera3par-csp-svc + namespace: {{ .Release.Namespace }} + labels: + app: primera3par-csp-svc +spec: + ports: + - port: 8080 + protocol: TCP + selector: + app: primera3par-csp + +--- +### CSP deployment ### +kind: Deployment +apiVersion: apps/v1 +metadata: + name: primera3par-csp + labels: + app: primera3par-csp + namespace: {{ .Release.Namespace }} +spec: + selector: + matchLabels: + app: primera3par-csp + replicas: 1 + template: + metadata: + labels: + app: primera3par-csp + spec: + serviceAccount: hpe-csp-sa + {{- if semverCompare ">=1.17.0" .Capabilities.KubeVersion.GitVersion }} + priorityClassName: system-cluster-critical + {{- end }} + containers: + - name: primera3par-csp + image: hpestorage/hpe3parprimera-csp:v1.1.0 + imagePullPolicy: {{ .Values.imagePullPolicy | quote }} + ports: + - containerPort: 8080 + volumeMounts: + - name: log-dir + mountPath: /var/log + volumes: + - name: log-dir + hostPath: + path: /var/log + tolerations: + - effect: NoExecute + key: node.kubernetes.io/not-ready + operator: Exists + tolerationSeconds: 30 + - effect: NoExecute + key: node.kubernetes.io/unreachable + operator: Exists + tolerationSeconds: 30 \ No newline at end of file diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/sc.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/sc.yaml new file mode 100644 index 000000000..8d34426d8 --- /dev/null +++ b/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/templates/sc.yaml @@ -0,0 +1,38 @@ +{{ if $sc := (lookup "storage.k8s.io/v1" "StorageClass" "" "hpe-standard") -}} +# This is required to maintain backward compatibility of resources(storageclass) +# created with previous releases as we no longer create a storageclass with CSI driver install. +# Annotation "helm.sh/resource-policy": keep" should help to remove this file altogether +# in future. +# Also, manage the storageClass only if created by previous versions of helm with below check. +--- +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: hpe-standard + labels: + plugin: {{ $.Release.Name }} + app.kubernetes.io/managed-by: Helm + annotations: + helm.sh/resource-policy: keep + meta.helm.sh/release-name: {{ .Release.Name }} + meta.helm.sh/release-namespace: {{ .Release.Namespace }} + {{- range $k, $v := $sc.metadata.annotations }} + {{- if or (eq $v "true") (eq $v "false")}} + {{ $k }}: {{ $v | quote }} + {{- else }} + {{ $k }}: {{ $v }} + {{- end }} + {{- end }} +provisioner: csi.hpe.com +{{- if semverCompare ">=1.15.0" .Capabilities.KubeVersion.GitVersion }} +allowVolumeExpansion: {{ $sc.allowVolumeExpansion }} +{{- end }} +parameters: + {{- range $k, $v := $sc.parameters }} + {{- if or (eq $v "true") (eq $v "false")}} + {{ $k }}: {{ $v | quote }} + {{- else }} + {{ $k }}: {{ $v }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/values.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/values.yaml new file mode 100644 index 000000000..a05ed5b12 --- /dev/null +++ b/charts/hpe-csi-driver/hpe-csi-driver/1.3.000/values.yaml @@ -0,0 +1,20 @@ +# Default values for hpe-csi-storage. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# image pull policy for all images in csi deployment +imagePullPolicy: 'IfNotPresent' + +# flavor +flavor: kubernetes + +# log level for all csi driver components +logLevel: info + +## For controlling automatic iscsi/multipath package installation (default: false) +disableNodeConformance: false + +# values for CHAP Authentication +iscsi: + chapUser: "" + chapPassword: "" \ No newline at end of file diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/Chart.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/Chart.yaml new file mode 100644 index 000000000..796edcf93 --- /dev/null +++ b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/Chart.yaml @@ -0,0 +1,19 @@ +annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/release-name: hpe-csi-driver +apiVersion: v1 +appVersion: 1.4.0 +description: A Helm chart for installing the HPE CSI Driver for Kubernetes +home: https://hpe.com/storage/containers +icon: https://raw.githubusercontent.com/hpe-storage/co-deployments/master/docs/assets/hpedev.png +keywords: +- HPE +- Storage +- StorageClass +maintainers: +- email: hpe-containers-dev@hpe.com + name: raunakkumar +name: hpe-csi-driver +sources: +- https://scod.hpedev.io/csi_driver +version: 1.4.200 diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/README.md b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/README.md new file mode 100644 index 000000000..3ffbdd953 --- /dev/null +++ b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/README.md @@ -0,0 +1,101 @@ +# HPE CSI Driver for Kubernetes Helm chart + +The [HPE CSI Driver for Kubernetes](https://scod.hpedev.io/csi_driver/index.html) leverages HPE storage platforms to provide scalable and persistent storage for stateful applications. + +## Prerequisites + +- Upstream Kubernetes version >= 1.15 +- Most Kubernetes distributions are supported +- Recent Ubuntu, SLES, CentOS or RHEL compute nodes connected to their respective official package repositories +- Helm 3 (Version >= 3.2.0 required) + +Depending on which [Container Storage Provider](https://scod.hpedev.io/container_storage_provider/index.html) (CSP) is being used, other prerequisites and requirements may apply, such as storage platform OS and features. + +- [HPE Nimble Storage](https://scod.hpedev.io/container_storage_provider/hpe_nimble_storage/index.html) +- [HPE 3PAR and Primera](https://scod.hpedev.io/container_storage_provider/hpe_3par_primera/index.html) + +## Configuration and installation + +The following table lists the configurable parameters of the HPE-CSI chart and their default values. + +| Parameter | Description | Default | +|---------------------------|------------------------------------------------------------------------|--------------| +| logLevel | Log level. Can be one of `info`, `debug`, `trace`, `warn` and `error`. | info | +| imagePullPolicy | Image pull policy (`Always`, `IfNotPresent`, `Never`). | IfNotPresent | +| disableNodeConformance | Disable automatic installation of iSCSI/Multipath Packages. | false | +| iscsi.chapUser | Username for iSCSI CHAP authentication. | "" | +| iscsi.chapPassword | Password for iSCSI CHAP authentication. | "" | +| registry | Registry to pull HPE CSI Driver container images from. | quay.io | + +It's recommended to create a [values.yaml](https://github.com/hpe-storage/co-deployments/blob/master/helm/values/csi-driver) file from the corresponding release of the chart and edit it to fit the environment the chart is being deployed to. Download and edit [a sample file](https://github.com/hpe-storage/co-deployments/blob/master/helm/values/csi-driver). + +These are the bare minimum required parameters for a successful deployment to an iSCSI environment if CHAP authentication is required. + +``` +iscsi: + chapUser: "" + chapPassword: "" +``` + +Tweak any additional parameters to suit the environment or as prescribed by HPE. + +### Installing the chart + +To install the chart with the name `my-hpe-csi-driver`: + +Add HPE helm repo: + +``` +helm repo add hpe-storage https://hpe-storage.github.io/co-deployments/ +helm repo update +``` + +Install the latest chart: + +``` +kubectl create ns hpe-storage +helm install my-hpe-csi-driver hpe-storage/hpe-csi-driver -n hpe-storage -f myvalues.yaml +``` + +**Note**: `values.yaml` is optional if no parameters are overridden from defaults. + +### Upgrading the chart + +Due to the [helm limitation](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/#some-caveats-and-explanations) to not support upgrade of CRDs between different chart versions, `hpe-csi-driver` helm chart upgrade is not supported. +Our recommendation is to uninstall the existing chart and install the chart with the desired version. CRDs will be preserved between uninstall and install. + +### Uninstalling the chart + +To uninstall the `my-hpe-csi-driver` chart: + +``` +helm uninstall my-hpe-csi-driver -n hpe-storage +``` + +**Note**: Due to a limitation in Helm, CRDs are not deleted as part of the chart uninstall. + +### Alternative install method + +In some cases it's more practical to provide the local configuration via the `helm` CLI directly. Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. These will take precedence over entries in [values.yaml](https://github.com/hpe-storage/co-deployments/blob/master/helm/values/csi-driver). For example: + +``` +helm install my-hpe-csi-driver hpe-storage/hpe-csi-driver -n hpe-storage \ + --set iscsi.chapUsername=admin \ + --set iscsi.chapPassword=xxxxxxxx +``` + +## Using persistent storage with Kubernetes + +Enable dynamic provisioning of persistent storage by creating a `StorageClass` API object that references a `Secret` which maps to a supported HPE primary storage backend. Refer to the [HPE CSI Driver for Kubernetes](https://scod.hpedev.io/csi_driver/using.html) documentation on [HPE Storage Container Orchestration Documentation](https://scod.hpedev.io/). Also, it's helpful to be familiar with [persistent storage concepts](https://kubernetes.io/docs/concepts/storage/volumes/) in Kubernetes prior to deploying stateful workloads. + +## Support + +The HPE CSI Driver for Kubernetes Helm chart is covered by your HPE support contract. Please file any issues, questions or feature requests [here](https://github.com/hpe-storage/co-deployments/issues) or contact HPE through the regular support channels. You may also join our Slack community to chat with HPE folks close to this project. We hang out in `#NimbleStorage`, `#3par-primera` and `#Kubernetes` at [hpedev.slack.com](https://hpedev.slack.com), sign up here: [slack.hpedev.io](https://slack.hpedev.io/). + +## Contributing + +We value all feedback and contributions. If you find any issues or want to contribute, please feel free to open an issue or file a PR. More details in [CONTRIBUTING.md](https://github.com/hpe-storage/co-deployments/blob/master/CONTRIBUTING.md) + +## License + +This is open source software licensed using the Apache License 2.0. Please see [LICENSE](https://github.com/hpe-storage/co-deployments/blob/master/LICENSE) for details. diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/app-readme.md b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/app-readme.md new file mode 100644 index 000000000..29ca912cb --- /dev/null +++ b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/app-readme.md @@ -0,0 +1,3 @@ +# HPE CSI Driver for Kubernetes + +The [HPE CSI Driver for Kubernetes](https://github.com/hpe-storage/csi-driver) leverages HPE storage platforms to provide scalable and persistent storage for stateful applications. diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/hpe-nodeinfo-crd.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/hpe-nodeinfo-crd.yaml new file mode 100644 index 000000000..86c60cf34 --- /dev/null +++ b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/hpe-nodeinfo-crd.yaml @@ -0,0 +1,70 @@ +--- +############################################# +############ HPE Node Info CRD ############ +############################################# +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: hpenodeinfos.storage.hpe.com +spec: + group: storage.hpe.com + names: + kind: HPENodeInfo + plural: hpenodeinfos + scope: Cluster + versions: + - name: v1 + # Each version can be enabled/disabled by Served flag. + served: true + # One and only one version must be marked as the storage version. + storage: true + schema: + openAPIV3Schema: + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation of an object." + type: string + kind: + description: "Kind is a string value representing the REST resource this object represents" + type: string + spec: + description: "spec defines the desired characteristics of a HPE nodeinfo requested by a user." + properties: + chapPassword: + description: "The CHAP Password" + type: string + chapUser: + description: "The CHAP User Name" + type: string + iqns: + description: "List of IQNs configured on the node." + items: + type: string + type: array + networks: + description: "List of networks configured on the node." + items: + type: string + type: array + uuid: + description: "The UUID of the node." + type: string + wwpns: + description: "List of WWPNs configured on the node." + items: + type: string + type: array + required: + - uuid + - networks + type: object + required: + - spec + type: object +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] \ No newline at end of file diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/hpe-replicated-device-info-crd.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/hpe-replicated-device-info-crd.yaml new file mode 100644 index 000000000..253d87d05 --- /dev/null +++ b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/hpe-replicated-device-info-crd.yaml @@ -0,0 +1,57 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: hpereplicationdeviceinfos.storage.hpe.com +spec: + group: storage.hpe.com + names: + kind: HPEReplicationDeviceInfo + plural: hpereplicationdeviceinfos + shortNames: + - hperdi + + scope: Cluster + validation: + openAPIV3Schema: + properties: + hpeReplicationDeviceInfos: + description: List of HPE Replicated Arrays configured for 3PAR/Primera arrays. + items: + properties: + targets: + description: Target Array Details + type: array + items: + properties: + targetName: + description: Target Name of the array + type: string + targetCpg: + description: Target CPG of the array + type: string + targetSnapCpg: + description: Target Snap CPG of the array + type: string + targetSecret: + description: Secret of the replicated array + type: string + targetMode: + description: Replication Mode + type: string + targetSecretNamespace: + description: Namespace of secret + type: string + required: + - targetName + - targetCpg + - targetSecret + - targetSecretNamespace + type: array + version: v1 +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/hpe-snapshotgroupinfo-crd.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/hpe-snapshotgroupinfo-crd.yaml new file mode 100644 index 000000000..76789eda9 --- /dev/null +++ b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/hpe-snapshotgroupinfo-crd.yaml @@ -0,0 +1,57 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: hpesnapshotgroupinfos.storage.hpe.com +spec: + group: storage.hpe.com + names: + kind: HPESnapshotGroupInfo + plural: hpesnapshotgroupinfos + shortNames: + - hpesgi + scope: Cluster + version: v1 + validation: + openAPIV3Schema: + properties: + hpeSnapshotGroupInfos: + description: List of HPE snapshot groups created for 3PAR/Primera arrays. + type: array + items: + properties: + uuid: + description: The UUID of the node. + type: string + + record: + description: Metadata for the volume group + type: map[string]string + + snapshotVolumes: + description: Snapshot volumes that are part of this snapshot group + type: array + items: + properties: + srcVolumeId: + description: ID of the volume that is the source of this snapshot volume + type: string + + srcVolumeName: + description: Name of the volume that is the source of this snapshot volume + type: string + + snapshotId: + description: Snapshot volume Id + type: string + + snapshotName: + description: Snapshot volume name + type: string + +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/hpe-volumegroupinfo-crd.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/hpe-volumegroupinfo-crd.yaml new file mode 100644 index 000000000..c9e58e415 --- /dev/null +++ b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/hpe-volumegroupinfo-crd.yaml @@ -0,0 +1,64 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: hpevolumegroupinfos.storage.hpe.com +spec: + group: storage.hpe.com + names: + kind: HPEVolumeGroupInfo + plural: hpevolumegroupinfos + shortNames: + - hpevgi + scope: Cluster + version: v1 + validation: + openAPIV3Schema: + properties: + hpeVolumeGroupInfos: + description: List of HPE volume groups configured for 3PAR/Primera arrays. + type: array + items: + properties: + uuid: + description: The UUID of the node. + type: string + + record: + description: Metadata for the volume group + type: map[string]string + + snapshotGroups: + description: Snapshot groups that are linked to this volume group + type: array + items: + properties: + id: + description: ID of the snapshot group + type: string + + name: + description: Name of the snapshot group + type: string + + volumes: + description: Volumes that are members in this volume group + type: array + items: + properties: + volumeId: + description: ID of the member volume + type: string + + volumeName: + description: Name of the member volume + type: string + + + +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/hpe-volumeinfo-crd.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/hpe-volumeinfo-crd.yaml new file mode 100644 index 000000000..417f4f4f3 --- /dev/null +++ b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/hpe-volumeinfo-crd.yaml @@ -0,0 +1,32 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: hpevolumeinfos.storage.hpe.com +spec: + group: storage.hpe.com + names: + kind: HPEVolumeInfo + plural: hpevolumeinfos + scope: Cluster + validation: + openAPIV3Schema: + properties: + hpeVolumes: + description: List of HPE volumes configured for 3PAR/Primera arrays. + items: + properties: + uuid: + description: The UUID of the volume. + type: string + record: + description: Metadata for the volume. + type: map[string]string + type: array + version: v1 +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/storage.hpe.com_snapshotgroupclasses.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/storage.hpe.com_snapshotgroupclasses.yaml new file mode 100644 index 000000000..b58878471 --- /dev/null +++ b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/storage.hpe.com_snapshotgroupclasses.yaml @@ -0,0 +1,60 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: snapshotgroupclasses.storage.hpe.com +spec: + conversion: + strategy: None + group: storage.hpe.com + names: + kind: SnapshotGroupClass + listKind: SnapshotGroupClassList + plural: snapshotgroupclasses + singular: snapshotgroupclass + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: SnapshotGroupClass specifies parameters that a underlying + storage system uses when creating a volumegroup snapshot. A specific SnapshotGroupClass + is used by specifying its name in a VolumeGroupSnapshot object. SnapshotGroupClasses + are non-namespaced + properties: + apiVersion: + description: APIVersion defines the versioned schema of this representation + of an object. + type: string + deletionPolicy: + description: deletionPolicy determines whether a SnapshotGroupContent + created through the SnapshotGroupClass should be deleted when its + bound SnapshotGroup is deleted. Supported values are "Retain" and + "Delete". "Retain" means that the SnapshotGroupContent and its physical + snapshotGroup on underlying storage system are kept. "Delete" means that + the SnapshotGroupContent and its physical snapshotGroup on underlying + storage system are deleted. Required. + enum: + - Delete + - Retain + type: string + snapshotter: + description: snapshotter is the name of the storage driver that handles this + SnapshotGroupClass. Required. + type: string + kind: + description: Kind is a string value representing the REST resource + this object represents. + type: string + parameters: + additionalProperties: + type: string + description: parameters is a key-value map with storage driver specific + parameters for creating snapshotGroups. These values are opaque to Kubernetes. + type: object + required: + - deletionPolicy + - snapshotter + type: object + served: true + storage: true \ No newline at end of file diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/storage.hpe.com_snapshotgroupcontents.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/storage.hpe.com_snapshotgroupcontents.yaml new file mode 100644 index 000000000..a7132c59e --- /dev/null +++ b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/storage.hpe.com_snapshotgroupcontents.yaml @@ -0,0 +1,104 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: snapshotgroupcontents.storage.hpe.com +spec: + conversion: + strategy: None + group: storage.hpe.com + names: + kind: SnapshotGroupContent + listKind: SnapshotGroupContentList + plural: snapshotgroupcontents + singular: snapshotgroupcontent + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: SnapshotGroupContent represents the actual "on-disk" snapshotGroup + object in the underlying storage system + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + spec: + description: spec defines properties of a SnapshotGroupContent created + by the underlying storage system. Required. + properties: + deletionPolicy: + description: deletionPolicy determines whether this SnapshotGroupContent + and its physical snapshotgroup on the underlying storage system should + be deleted when its bound SnapshotGroup is deleted. Supported + values are "Retain" and "Delete". "Retain" means that the SnapshotGroupContent + and its physical snapshotGroup on underlying storage system are kept. + "Delete" means that the SnapshotGroupContent and its physical + snapshotGroup on underlying storage system are deleted. + Required. + enum: + - Delete + - Retain + type: string + source: + description: source specifies from where a snapshotGroup will be created.Required. + properties: + snapshotGroupHandle: + description: snapshotGroupHandle specifies the snapshotGroup Id + of a pre-existing snapshotGroup on the underlying storage system. + This field is immutable. + type: string + type: object + snapshotGroupClassName: + description: name of the SnapshotGroupClass to which this snapshotGroup belongs. + type: string + snapshotGroupRef: + description: snapshotGroupRef specifies the SnapshotGroup object + to which this SnapshotGroupContent object is bound. SnapshotGroup.Spec.SnapshotGroupContentName + field must reference to this SnapshotGroupContent's name for + the bidirectional binding to be valid. + Required. + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + volumeSnapshotContentNames: + description: list of volumeSnapshotContentNames associated with this snapshotGroups + type: array + items: + type: string + required: + - deletionPolicy + - source + - snapshotGroupClassName + type: object + required: + - spec + type: object + served: true + storage: true \ No newline at end of file diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/storage.hpe.com_snapshotgroups.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/storage.hpe.com_snapshotgroups.yaml new file mode 100644 index 000000000..3372a7db7 --- /dev/null +++ b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/storage.hpe.com_snapshotgroups.yaml @@ -0,0 +1,83 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: snapshotgroups.storage.hpe.com +spec: + conversion: + strategy: None + group: storage.hpe.com + names: + kind: SnapshotGroup + listKind: SnapshotGroupList + plural: snapshotgroups + singular: snapshotgroup + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: SnapshotGroup is a user's request for creating a snapshotgroup + properties: + apiVersion: + description: APIVersion defines the versioned schema of this representation + of an object. + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents' + type: string + spec: + description: spec defines the desired characteristics of a snapshotGroup + requested by a user. + Required. + properties: + source: + description: source specifies where a snapshotGroup will be created. + This field is immutable after creation. Required. + properties: + kind: + description: kind of the source (VolumeGroup) is the only supported one. + type: string + apiGroup: + description: apiGroup of the source. Current supported is storage.hpe.com + type: string + name: + description: name specifies the volumeGroupName of the VolumeGroup object in the same namespace as the SnapshotGroup object where the snapshotGroup should be dynamically taken from. This field is immutable. + type: string + type: object + volumeSnapshotClassName: + description: name of the volumeSnapshotClass to create pre-provisioned snapshots + type: string + snapshotGroupClassName: + description: snapshotGroupClassName is the name of the SnapshotGroupClass requested by the SnapshotGroup. + type: string + snapshotGroupContentName: + description: snapshotGroupContentName is the name of the snapshotGroupContent the snapshotGroup is bound. + type: string + required: + - source + - volumeSnapshotClassName + - snapshotGroupClassName + type: object + status: + description: status represents the current information of a snapshotGroup. + properties: + creationTime: + description: creationTime is the timestamp when the point-in-time + snapshotGroup is taken by the underlying storage system. + format: date-time + type: string + phase: + description: the state of the snapshotgroup + enum: + - Pending + - Ready + - Failed + type: string + type: object + required: + - spec + type: object + served: true + storage: true \ No newline at end of file diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/storage.hpe.com_volumegroupclasses.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/storage.hpe.com_volumegroupclasses.yaml new file mode 100644 index 000000000..e201ec94e --- /dev/null +++ b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/storage.hpe.com_volumegroupclasses.yaml @@ -0,0 +1,60 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: volumegroupclasses.storage.hpe.com +spec: + conversion: + strategy: None + group: storage.hpe.com + names: + kind: VolumeGroupClass + listKind: VolumeGroupClassList + plural: volumegroupclasses + singular: volumegroupclass + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: VolumeGroupClass specifies parameters that a underlying + storage system uses when creating a volumegroup. A specific VolumeGroupClass + is used by specifying its name in a VolumeGroup object. VolumeGroupClasses + are non-namespaced + properties: + apiVersion: + description: APIVersion defines the versioned schema of this representation + of an object. + type: string + deletionPolicy: + description: deletionPolicy determines whether a VolumeGroupContent + created through the VolumeGroupClass should be deleted when its + bound VolumeGroup is deleted. Supported values are "Retain" and + "Delete". "Retain" means that the VolumeGroupContent and its physical + volumeGroup on underlying storage system are kept. "Delete" means that + the VolumeGroupContent and its physical volumeGroup on underlying + storage system are deleted. Required. + enum: + - Delete + - Retain + type: string + provisioner: + description: provisioner is the name of the storage driver that handles this + VolumeGroupClass. Required. + type: string + kind: + description: Kind is a string value representing the REST resource + this object represents. + type: string + parameters: + additionalProperties: + type: string + description: parameters is a key-value map with storage driver specific + parameters for creating volumeGroups. These values are opaque to Kubernetes. + type: object + required: + - deletionPolicy + - provisioner + type: object + served: true + storage: true \ No newline at end of file diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/storage.hpe.com_volumegroupcontents.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/storage.hpe.com_volumegroupcontents.yaml new file mode 100644 index 000000000..d944909eb --- /dev/null +++ b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/storage.hpe.com_volumegroupcontents.yaml @@ -0,0 +1,96 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: volumegroupcontents.storage.hpe.com +spec: + conversion: + strategy: None + group: storage.hpe.com + names: + kind: VolumeGroupContent + listKind: VolumeGroupContentList + plural: volumegroupcontents + singular: volumegroupcontent + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: VolumeGroupContent represents the actual "on-disk" volumeGroup + object in the underlying storage system + properties: + apiVersion: + description: APIVersion defines the versioned schema of this representation + of an object. + type: string + kind: + description: Kind is a string value representing the REST resource + this object represents. + type: string + spec: + description: spec defines properties of a VolumeGroupContent created + by the underlying storage system. Required. + properties: + deletionPolicy: + description: deletionPolicy determines whether this VolumeGroupContent + and its physical volumegroup on the underlying storage system should + be deleted when its bound VolumeGroup is deleted. Supported + values are "Retain" and "Delete". "Retain" means that the VolumeGroupContent + and its physical volumeGroup on underlying storage system are kept. + "Delete" means that the VolumeGroupContent and its physical + volumeGroup on underlying storage system are deleted. + Required. + enum: + - Delete + - Retain + type: string + source: + description: source specifies from where a volumeGroup will be created.Required. + properties: + volumeGroupHandle: + description: volumeGroupHandle specifies the volumeGroup Id + of a pre-existing volumeGroup on the underlying storage system. + This field is immutable. + type: string + type: object + volumeGroupClassName: + description: name of the VolumeGroupClass to which this volumeGroup belongs. + type: string + volumeGroupRef: + description: volumeGroupRef specifies the VolumeGroup object + to which this VolumeGroupContent object is bound. VolumeGroup.Spec.VolumeGroupContentName + field must reference to this VolumeGroupContent's name for + the bidirectional binding to be valid. + Required. + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + required: + - deletionPolicy + - source + - volumeGroupClassName + type: object + required: + - spec + type: object + served: true + storage: true \ No newline at end of file diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/storage.hpe.com_volumegroups.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/storage.hpe.com_volumegroups.yaml new file mode 100644 index 000000000..862b4398a --- /dev/null +++ b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/crds/storage.hpe.com_volumegroups.yaml @@ -0,0 +1,69 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: volumegroups.storage.hpe.com +spec: + conversion: + strategy: None + group: storage.hpe.com + names: + kind: VolumeGroup + listKind: VolumeGroupList + plural: volumegroups + singular: volumegroup + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: VolumeGroup is a user's request for creating a volumegroup + properties: + apiVersion: + description: APIVersion defines the versioned schema of this representation + of an object. + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents' + type: string + spec: + description: spec defines the desired characteristics of a volumeGroup + requested by a user. + Required. + properties: + volumeGroupClassName: + description: name of the volumeGroupClassName to create volumeGroups + type: string + persistentVolumeClaimNames: + description: persistentVolumeClaimNames are the name of the PVC associated with this volumeGroup. + type: array + items: + type: string + volumeGroupContentName: + description: volumeGroupContentName is the name of the volumeGroupContent to which the volumeGroup is bound. + type: string + required: + - volumeGroupClassName + type: object + status: + description: status represents the current information of a volumeGroup. + properties: + creationTime: + description: creationTime is the timestamp when the point-in-time + volumeGroup is taken by the underlying storage system. + format: date-time + type: string + phase: + description: the state of the volumegroup + enum: + - Pending + - Ready + - Failed + type: string + type: object + required: + - spec + type: object + served: true + storage: true \ No newline at end of file diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/files/config.json b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/files/config.json new file mode 100644 index 000000000..d00650184 --- /dev/null +++ b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/files/config.json @@ -0,0 +1,128 @@ +[ + { + "category": "iscsi", + "severity": "warning", + "description": "Manual startup of iSCSI nodes on boot. Can be set in /etc/iscsi/iscsid.conf", + "parameter": "startup", + "recommendation": "manual" + }, + { + "category": "iscsi", + "severity": "warning", + "description": "Replacement_timeout of 10 seconds is recommended for faster failover of I/O by multipath on path failures. Can be set in /etc/iscsi/iscsid.conf", + "parameter": "replacement_timeout", + "recommendation": "10" + }, + { + "category": "iscsi", + "severity": "warning", + "description": "Minimum login timeout of 15 seconds is recommended with iSCSI. Can be set in /etc/iscsi/iscsid.conf", + "parameter": "login_timeout", + "recommendation": "15" + }, + { + "category": "iscsi", + "severity": "warning", + "description": "Minimum timeout of 10 seconds is recommended with noop requests. Can be set in /etc/iscsi/iscsid.conf", + "parameter": "noop_out_timeout", + "recommendation": "10" + }, + { + "category": "iscsi", + "severity": "info", + "description": "Minimum cmds_max of 512 is recommended for each session if handling multiple LUN's. Can be set in /etc/iscsi/iscsid.conf", + "parameter": "cmds_max", + "recommendation": "512" + }, + { + "category": "iscsi", + "severity": "warning", + "description": "Minimum queue_depth of 256 is recommended for each iSCSI session/path. Can be set in /etc/iscsi/iscsid.conf", + "parameter": "queue_depth", + "recommendation": "256" + }, + { + "category": "iscsi", + "severity": "info", + "description": "Minimum number of sessions per iSCSI login is recommended to be 1 by default. If additional sessions are needed this can be set in /etc/iscsi/iscsid.conf. If NCM is running, please change min_session_per_array in /etc/ncm.conf and restart nlt service instead", + "parameter": "nr_sessions", + "recommendation": "1" + }, + { + "category": "multipath", + "severity": "critical", + "description": "product attribute recommended to be set to Server in /etc/multipath.conf", + "parameter": "product", + "recommendation": "\"Server\"" + }, + { + "category": "multipath", + "severity": "critical", + "description": "alua prioritizer is recommended. Can be set in /etc/multipath.conf", + "parameter": "prio", + "recommendation": "alua" + }, + { + "category": "multipath", + "severity": "critical", + "description": "scsi_dh_alua device handler is recommended. Can be set in /etc/multipath.conf", + "parameter": "hardware_handler", + "recommendation": "\"1 alua\"" + }, + { + "category": "multipath", + "severity": "warning", + "description": "immediate failback setting is recommended. Can be set in /etc/multipath.conf", + "parameter": "failback", + "recommendation": "immediate" + }, + { + "category": "multipath", + "severity": "critical", + "description": "immediately fail i/o on transient path failures to retry on other paths, value=1. Can be set in /etc/multipath.conf", + "parameter": "fast_io_fail_tmo", + "recommendation": "5" + }, + { + "category": "multipath", + "severity": "critical", + "description": "queueing is recommended for 150 seconds, with no_path_retry value of 30. Can be set in /etc/multipath.conf", + "parameter": "no_path_retry", + "recommendation": "30" + }, + { + "category": "multipath", + "severity": "warning", + "description": "service-time path selector is recommended. Can be set in /etc/multipath.conf", + "parameter": "path_selector", + "recommendation": "\"service-time 0\"" + }, + { + "category": "multipath", + "severity": "critical", + "description": "vendor attribute recommended to be set to Nimble in /etc/multipath.conf", + "parameter": "vendor", + "recommendation": "\"Nimble\"" + }, + { + "category": "multipath", + "severity": "critical", + "description": "group paths according to ALUA path priority of active/standby. Recommended to be set to group_by_prio in /etc/multipath.conf", + "parameter": "path_grouping_policy", + "recommendation": "group_by_prio" + }, + { + "category": "multipath", + "severity": "critical", + "description": "tur path checker is recommended. Can be set in /etc/multipath.conf", + "parameter": "path_checker", + "recommendation": "tur" + }, + { + "category": "multipath", + "severity": "critical", + "description": "infinite value is recommended for timeout in cases of device loss for FC. Can be set in /etc/multipath.conf", + "parameter": "dev_loss_tmo", + "recommendation": "infinity" + } +] \ No newline at end of file diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/questions.yml b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/questions.yml new file mode 100644 index 000000000..dee65bb8e --- /dev/null +++ b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/questions.yml @@ -0,0 +1,37 @@ +labels: + io.rancher.certified: partner +questions: +- variable: imagePullPolicy + label: "ImagePullPolicy" + default: "IfNotPresent" + type: enum + options: + - "IfNotPresent" + - "Always" + - "Never" + description: "ImagePullPolicy for all CSI driver images" + group: "HPE CSI Driver settings" +- variable: disableNodeConformance + label: "Disable automatic installation of iSCSI/Multipath Packages" + type: boolean + default: false + description: "Disable automatic installation of iSCSI/Multipath Packages" + group: "HPE CSI Driver settings" +- variable: iscsi.chapUser + label: "iSCSI CHAP Username" + type: string + required: false + description: "Specify username for iSCSI CHAP authentication" + group: "HPE iSCSI settings" +- variable: iscsi.chapPassword + label: "iSCSI CHAP Password" + type: password + required: false + description: "Specify password for iSCSI CHAP authentication" + group: "HPE iSCSI settings" +- variable: registry + label: "Registry" + type: string + default: "quay.io" + description: "Specify registry prefix (hostname[:port]) for CSI driver images" + group: "HPE CSI Driver settings" diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/NOTES.txt b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/NOTES.txt new file mode 100644 index 000000000..e69de29bb diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/_helpers.tpl b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/_helpers.tpl new file mode 100644 index 000000000..165840d52 --- /dev/null +++ b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/_helpers.tpl @@ -0,0 +1,32 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "hpe-csi-storage.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "hpe-csi-storage.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "hpe-csi-storage.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/csi-driver-crd.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/csi-driver-crd.yaml new file mode 100644 index 000000000..61275fffa --- /dev/null +++ b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/csi-driver-crd.yaml @@ -0,0 +1,24 @@ + + + +--- + +################# CSI Driver ########### +{{- if and (eq .Capabilities.KubeVersion.Major "1") ( ge ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "18") }} +apiVersion: storage.k8s.io/v1 +{{- else if and (eq .Capabilities.KubeVersion.Major "1") ( ge ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "14") }} +apiVersion: storage.k8s.io/v1beta1 +{{- end }} + +{{- if and (eq .Capabilities.KubeVersion.Major "1") ( ge ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "14") }} +kind: CSIDriver +metadata: + name: csi.hpe.com +spec: + podInfoOnMount: true + {{- if and (eq .Capabilities.KubeVersion.Major "1") ( ge ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "16") }} + volumeLifecycleModes: + - Persistent + - Ephemeral + {{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/hpe-csi-controller.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/hpe-csi-controller.yaml new file mode 100644 index 000000000..c1a3e3e39 --- /dev/null +++ b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/hpe-csi-controller.yaml @@ -0,0 +1,223 @@ +--- + +############################################# +############ Controller driver ############ +############################################# + +kind: Deployment +apiVersion: apps/v1 +metadata: + name: hpe-csi-controller + namespace: {{ .Release.Namespace }} +spec: + replicas: 1 + selector: + matchLabels: + app: hpe-csi-controller + template: + metadata: + labels: + app: hpe-csi-controller + role: hpe-csi + spec: + serviceAccount: hpe-csi-controller-sa + {{- if and (eq .Capabilities.KubeVersion.Major "1") ( ge ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "17") }} + priorityClassName: system-cluster-critical + {{- end }} + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + dnsConfig: + options: + - name: ndots + value: "1" + containers: + - name: csi-provisioner + {{- if .Values.registry }} + image: {{ .Values.registry }}/k8scsi/csi-provisioner:v1.5.0 + {{- else }} + image: quay.io/k8scsi/csi-provisioner:v1.5.0 + {{- end }} + args: + - "--csi-address=$(ADDRESS)" + - "--v=5" + {{- if and (eq .Capabilities.KubeVersion.Major "1") ( ge ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "13") }} + - "--timeout=30s" + - "--worker-threads=16" + {{- end }} + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + imagePullPolicy: {{ .Values.imagePullPolicy | quote }} + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy + - name: csi-attacher + {{- if .Values.registry }} + image: {{ .Values.registry }}/k8scsi/csi-attacher:v2.1.1 + {{- else }} + image: quay.io/k8scsi/csi-attacher:v2.1.1 + {{- end }} + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + imagePullPolicy: {{ .Values.imagePullPolicy | quote }} + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy + {{- if and (eq .Capabilities.KubeVersion.Major "1") ( ge ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "17") }} + - name: csi-snapshotter + {{- if .Values.registry }} + image: {{ .Values.registry }}/k8scsi/csi-snapshotter:v3.0.2 + {{- else }} + image: quay.io/k8scsi/csi-snapshotter:v3.0.2 + {{- end }} + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + imagePullPolicy: {{ .Values.imagePullPolicy | quote }} + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + {{- end }} + {{- if and (eq .Capabilities.KubeVersion.Major "1") ( ge ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "15") }} + - name: csi-resizer + {{- if .Values.registry }} + image: {{ .Values.registry }}/k8scsi/csi-resizer:v0.4.0 + {{- else }} + image: quay.io/k8scsi/csi-resizer:v0.4.0 + {{- end }} + args: + - "--csi-address=$(ADDRESS)" + - "--v=5" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + imagePullPolicy: {{ .Values.imagePullPolicy | quote }} + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy + {{- end }} + - name: hpe-csi-driver + {{- if .Values.registry }} + image: {{ .Values.registry }}/hpestorage/csi-driver:v1.4.0 + {{- else }} + image: quay.io/hpestorage/csi-driver:v1.4.0 + {{- end }} + args : + - "--endpoint=$(CSI_ENDPOINT)" + - "--flavor=kubernetes" + - "--pod-monitor" + - "--pod-monitor-interval=30" + env: + - name: CSI_ENDPOINT + value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock + - name: LOG_LEVEL + value: {{ .Values.logLevel }} + imagePullPolicy: {{ .Values.imagePullPolicy | quote }} + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy + - name: log-dir + mountPath: /var/log + - name: k8s + mountPath: /etc/kubernetes + - name: hpeconfig + mountPath: /etc/hpe-storage + - name: root-dir + mountPath: /host + - name: csi-volume-mutator + {{- if .Values.registry }} + image: {{ .Values.registry }}/hpestorage/volume-mutator:v1.2.0 + {{- else }} + image: quay.io/hpestorage/volume-mutator:v1.2.0 + {{- end }} + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi-extensions.sock + imagePullPolicy: {{ .Values.imagePullPolicy | quote }} + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-volume-group-snapshotter + {{- if .Values.registry }} + image: {{ .Values.registry }}/hpestorage/volume-group-snapshotter:v1.0.0 + {{- else }} + image: quay.io/hpestorage/volume-group-snapshotter:v1.0.0 + {{- end }} + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi-extensions.sock + imagePullPolicy: {{ .Values.imagePullPolicy | quote }} + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-volume-group-provisioner + {{- if .Values.registry }} + image: {{ .Values.registry }}/hpestorage/volume-group-provisioner:v1.0.0 + {{- else }} + image: quay.io/hpestorage/volume-group-provisioner:v1.0.0 + {{- end }} + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi-extensions.sock + imagePullPolicy: {{ .Values.imagePullPolicy | quote }} + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-extensions + {{- if .Values.registry }} + image: {{ .Values.registry }}/hpestorage/csi-extensions:v1.2.0 + {{- else }} + image: quay.io/hpestorage/csi-extensions:v1.2.0 + {{- end }} + args: + - "--v=5" + - "--endpoint=$(CSI_ENDPOINT)" + env: + - name: CSI_ENDPOINT + value: unix:///var/lib/csi/sockets/pluginproxy/csi-extensions.sock + - name: LOG_LEVEL + value: {{ .Values.logLevel }} + imagePullPolicy: {{ .Values.imagePullPolicy | quote }} + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + volumes: + - name: socket-dir + emptyDir: {} + - name: log-dir + hostPath: + path: /var/log + - name: k8s + hostPath: + path: /etc/kubernetes + - name: hpeconfig + hostPath: + path: /etc/hpe-storage + - name: root-dir + hostPath: + path: / + tolerations: + - effect: NoExecute + key: node.kubernetes.io/not-ready + operator: Exists + tolerationSeconds: 30 + - effect: NoExecute + key: node.kubernetes.io/unreachable + operator: Exists + tolerationSeconds: 30 diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/hpe-csi-node.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/hpe-csi-node.yaml new file mode 100644 index 000000000..d6657199b --- /dev/null +++ b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/hpe-csi-node.yaml @@ -0,0 +1,171 @@ +--- + +####################################### +############ Node driver ############ +####################################### + +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: hpe-csi-node + namespace: {{ .Release.Namespace }} +spec: + selector: + matchLabels: + app: hpe-csi-node + template: + metadata: + labels: + app: hpe-csi-node + role: hpe-csi + spec: + serviceAccount: hpe-csi-node-sa + {{- if and (eq .Capabilities.KubeVersion.Major "1") ( ge ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "17") }} + priorityClassName: system-node-critical + {{- end }} + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + dnsConfig: + options: + - name: ndots + value: "1" + containers: + - name: csi-node-driver-registrar + {{- if .Values.registry }} + image: {{ .Values.registry }}/k8scsi/csi-node-driver-registrar:v2.0.1 + {{- else }} + image: quay.io/k8scsi/csi-node-driver-registrar:v2.0.1 + {{- end}} + args: + - "--csi-address=$(ADDRESS)" + - "--kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)" + - "--v=5" + env: + - name: ADDRESS + value: /csi/csi.sock + - name: DRIVER_REG_SOCK_PATH + value: /var/lib/kubelet/plugins/csi.hpe.com/csi.sock + {{- if and (eq .Capabilities.KubeVersion.Major "1") ( eq ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "12") }} + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + {{- end }} + imagePullPolicy: "Always" + volumeMounts: + - name: plugin-dir + mountPath: /csi + - name: registration-dir + mountPath: /registration + - name: hpe-csi-driver + {{- if .Values.registry }} + image: {{ .Values.registry }}/hpestorage/csi-driver:v1.4.0 + {{- else }} + image: quay.io/hpestorage/csi-driver:v1.4.0 + {{- end}} + args : + - "--endpoint=$(CSI_ENDPOINT)" + - "--node-service" + - "--flavor=kubernetes" + env: + - name: CSI_ENDPOINT + value: unix:///csi/csi.sock + - name: LOG_LEVEL + value: {{ .Values.logLevel }} + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + {{ if and .Values.iscsi.chapUser .Values.iscsi.chapPassword }} + - name: CHAP_USER + value: {{ .Values.iscsi.chapUser }} + - name: CHAP_PASSWORD + value: {{ .Values.iscsi.chapPassword }} + {{- end }} + {{ if .Values.disableNodeConformance -}} + - name: DISABLE_NODE_CONFORMANCE + value: "true" + {{- end }} + imagePullPolicy: {{ .Values.imagePullPolicy | quote }} + securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + allowPrivilegeEscalation: true + volumeMounts: + - name: plugin-dir + mountPath: /csi + - name: pods-mount-dir + mountPath: /var/lib/kubelet + # needed so that any mounts setup inside this container are + # propagated back to the host machine. + mountPropagation: "Bidirectional" + - name: root-dir + mountPath: /host + mountPropagation: "Bidirectional" + - name: device-dir + mountPath: /dev + - name: log-dir + mountPath: /var/log + - name: etc-hpe-storage-dir + mountPath: /etc/hpe-storage + - name: etc-kubernetes + mountPath: /etc/kubernetes + - name: sys + mountPath: /sys + - name: runsystemd + mountPath: /run/systemd + - name: etcsystemd + mountPath: /etc/systemd/system + - name: linux-config-file + mountPath: /opt/hpe-storage/nimbletune/config.json + subPath: config.json + volumes: + - name: registration-dir + hostPath: + path: /var/lib/kubelet/plugins_registry + type: Directory + - name: plugin-dir + hostPath: + path: /var/lib/kubelet/plugins/csi.hpe.com + type: DirectoryOrCreate + - name: pods-mount-dir + hostPath: + path: /var/lib/kubelet + - name: root-dir + hostPath: + path: / + - name: device-dir + hostPath: + path: /dev + - name: log-dir + hostPath: + path: /var/log + - name: etc-hpe-storage-dir + hostPath: + path: /etc/hpe-storage + - name: etc-kubernetes + hostPath: + path: /etc/kubernetes + - name: runsystemd + hostPath: + path: /run/systemd + - name: etcsystemd + hostPath: + path: /etc/systemd/system + - name: sys + hostPath: + path: /sys + - name: linux-config-file + configMap: + name: hpe-linux-config + tolerations: + - effect: NoExecute + key: node.kubernetes.io/not-ready + operator: Exists + tolerationSeconds: 30 + - effect: NoExecute + key: node.kubernetes.io/unreachable + operator: Exists + tolerationSeconds: 30 diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/hpe-csi-rbac.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/hpe-csi-rbac.yaml new file mode 100644 index 000000000..1da7d7c2e --- /dev/null +++ b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/hpe-csi-rbac.yaml @@ -0,0 +1,563 @@ +--- + +kind: ServiceAccount +apiVersion: v1 +metadata: + name: hpe-csi-controller-sa + namespace: {{ .Release.Namespace }} + +--- + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-provisioner-role +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["namespaces"] + verbs: ["get", "list", "create"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["serviceaccounts"] + verbs: ["get", "list", "create"] + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "create"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete", "update"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["create", "get", "list", "watch", "update", "delete"] + - apiGroups: [""] + resources: ["services"] + verbs: ["create", "get", "list", "watch", "update", "delete"] + - apiGroups: ["apps"] + resources: ["deployments"] + verbs: ["create", "get", "list", "watch", "update", "delete"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] +{{- if and (eq .Capabilities.KubeVersion.Major "1") ( ge ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "17") }} + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["get", "list"] +{{- end }} + - apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "delete"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update", "patch", "delete"] + +--- + +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-provisioner-binding +subjects: + - kind: ServiceAccount + name: hpe-csi-controller-sa + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: hpe-csi-provisioner-role + apiGroup: rbac.authorization.k8s.io + +--- + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-attacher-role +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments/status"] + verbs: ["get", "list", "watch", "update", "create", "delete"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "watch", "list"] + {{- if and (eq .Capabilities.KubeVersion.Major "1") ( eq ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "12") }} + resources: ["csinodeinfos"] + verbs: ["get", "list", "watch"] + {{- else if and (eq .Capabilities.KubeVersion.Major "1") ( eq ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "13") }} + - apiGroups: ["csi.storage.k8s.io"] + resources: ["csinodeinfos"] + verbs: ["get", "list", "watch"] + {{ else }} + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch"] + {{- end }} + +--- + +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-attacher-binding +subjects: + - kind: ServiceAccount + name: hpe-csi-controller-sa + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: hpe-csi-attacher-role + apiGroup: rbac.authorization.k8s.io + + +{{- if and (eq .Capabilities.KubeVersion.Major "1") ( ge ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "17") }} +--- + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-snapshotter-role +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["create", "update", "delete", "get", "list", "watch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots/status"] + verbs: ["update"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["create", "update", "delete", "get", "list", "watch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents/status"] + verbs: ["create", "get", "list", "watch", "update", "delete"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["get", "list", "watch", "create", "delete", "update"] + +--- + +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-snapshotter-binding +subjects: + - kind: ServiceAccount + name: hpe-csi-controller-sa + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: hpe-csi-snapshotter-role + apiGroup: rbac.authorization.k8s.io + +{{- end }} + +{{- if and (eq .Capabilities.KubeVersion.Major "1") ( ge ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "15") }} +--- +# Resizer must be able to work with PVCs, PVs, SCs. +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: external-resizer-role +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims/status"] + verbs: ["update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + +--- + +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-resizer-role +subjects: + - kind: ServiceAccount + name: hpe-csi-controller-sa + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: external-resizer-role + apiGroup: rbac.authorization.k8s.io + +--- + +# Resizer must be able to work with end point in current namespace +# if (and only if) leadership election is enabled +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + namespace: {{ .Release.Namespace }} + name: external-resizer-cfg +rules: + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] + +--- + +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-resizer-role-cfg + namespace: {{ .Release.Namespace }} +subjects: + - kind: ServiceAccount + name: hpe-csi-controller-sa + namespace: {{ .Release.Namespace }} +roleRef: + kind: Role + name: external-resizer-cfg + apiGroup: rbac.authorization.k8s.io + + +--- +# cluster role to support volumegroup +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-volumegroup-role +rules: + - apiGroups: ["storage.hpe.com"] + resources: ["volumegroups"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["storage.hpe.com"] + resources: ["volumegroupcontents"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["storage.hpe.com"] + resources: ["volumegroupclasses"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["storage.hpe.com"] + resources: ["volumegroups/status"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["storage.hpe.com"] + resources: ["volumegroupcontents/status"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: [""] + resources: ["namespaces"] + verbs: ["get", "list", "create"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["create", "get", "list", "watch", "update", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims/status"] + verbs: ["update", "patch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["create", "list", "watch", "delete", "get", "update"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] + +--- + +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-volumegroup-binding +subjects: + - kind: ServiceAccount + name: hpe-csi-controller-sa + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: hpe-csi-volumegroup-role + apiGroup: rbac.authorization.k8s.io + +--- +# cluster role to support snapshotgroup +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-snapshotgroup-role +rules: + - apiGroups: ["storage.hpe.com"] + resources: ["snapshotgroups"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["storage.hpe.com"] + resources: ["snapshotgroupcontents"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["storage.hpe.com"] + resources: ["snapshotgroupclasses"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["storage.hpe.com"] + resources: ["snapshotgroups/status"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["storage.hpe.com"] + resources: ["snapshotgroupcontents/status"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: [""] + resources: ["namespaces"] + verbs: ["get", "list", "create"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["create", "get", "list", "watch", "update", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims/status"] + verbs: ["update", "patch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["create", "list", "watch", "delete", "get", "update"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] + - apiGroups: ["storage.hpe.com"] + resources: ["volumegroups"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.hpe.com"] + resources: ["volumegroupcontents"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.hpe.com"] + resources: ["volumegroupclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["create", "get", "list", "watch", "update", "delete"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents/status"] + verbs: ["create", "get", "list", "watch", "update", "delete"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["create", "get", "list", "watch", "update", "delete"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots/status"] + verbs: ["update"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses"] + verbs: ["get", "list"] + +--- + +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-snapshotgroup-binding +subjects: + - kind: ServiceAccount + name: hpe-csi-controller-sa + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: hpe-csi-snapshotgroup-role + apiGroup: rbac.authorization.k8s.io + +--- +# mutator must be able to work with PVCs, PVs, SCs. +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-mutator-role +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims/status"] + verbs: ["update", "patch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-mutator-binding +subjects: + - kind: ServiceAccount + name: hpe-csi-controller-sa + # replace with non-default namespace name + namespace: {{ .Release.Namespace }} + +roleRef: + kind: ClusterRole + name: csi-mutator-role + apiGroup: rbac.authorization.k8s.io + +--- +# mutator must be able to work with end point in current namespace +# if (and only if) leadership election is enabled +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + namespace: {{ .Release.Namespace }} + name: csi-mutator-cfg +rules: +- apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] + +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-mutator-role-cfg + namespace: {{ .Release.Namespace }} +subjects: + - kind: ServiceAccount + name: hpe-csi-controller-sa + namespace: {{ .Release.Namespace }} + +roleRef: + kind: Role + name: csi-mutator-cfg + apiGroup: rbac.authorization.k8s.io +{{- end }} + +--- + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-driver-role + namespace: {{ .Release.Namespace }} +rules: + - apiGroups: ["storage.hpe.com"] + resources: ["hpenodeinfos"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["storage.hpe.com"] + resources: ["hpevolumeinfos"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["storage.hpe.com"] + resources: ["hpereplicationdeviceinfos"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["storage.hpe.com"] + resources: ["hpevolumegroupinfos"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["storage.hpe.com"] + resources: ["hpesnapshotgroupinfos"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["services"] + verbs: ["get"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["namespaces"] + verbs: ["get", "list"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + +--- + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: hpe-csi-node-sa + namespace: {{ .Release.Namespace }} + +--- + +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-driver-binding +subjects: + - kind: ServiceAccount + name: hpe-csi-controller-sa + namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: hpe-csi-node-sa + namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: hpe-csp-sa + namespace: {{ .Release.Namespace }} + +roleRef: + kind: ClusterRole + name: hpe-csi-driver-role + apiGroup: rbac.authorization.k8s.io + +--- + +kind: ServiceAccount +apiVersion: v1 +metadata: + name: hpe-csp-sa + namespace: {{ .Release.Namespace }} diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/hpe-linux-config.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/hpe-linux-config.yaml new file mode 100644 index 000000000..5e4c4944a --- /dev/null +++ b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/hpe-linux-config.yaml @@ -0,0 +1,13 @@ +--- +kind: ConfigMap +apiVersion: v1 +metadata: + name: hpe-linux-config + namespace: {{ .Release.Namespace }} +data: +{{ if and .Values.iscsi.chapUser .Values.iscsi.chapPassword }} + CHAP_USER: {{ .Values.iscsi.chapUser | quote }} + CHAP_PASSWORD: {{ .Values.iscsi.chapPassword | quote }} +{{- end }} + config.json: |- +{{ (.Files.Get "files/config.json") | indent 4 }} \ No newline at end of file diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/hpe-secret.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/hpe-secret.yaml new file mode 100644 index 000000000..f5b252758 --- /dev/null +++ b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/hpe-secret.yaml @@ -0,0 +1,47 @@ +{{ if $secret := (lookup "v1" "Secret" .Release.Namespace "nimble-secret") -}} +# This is required to maintain backward compatibility of resources(secret) +# created with previous releases as we no longer create a secret with CSI driver install. +# Annotation "helm.sh/resource-policy": keep" should help to remove this file altogether +# in future. +# Also, manage the secret only if created by previous versions of helm with below check. +--- +apiVersion: v1 +kind: Secret +metadata: + name: nimble-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/managed-by: Helm + annotations: + helm.sh/resource-policy: keep + meta.helm.sh/release-name: {{ .Release.Name }} + meta.helm.sh/release-namespace: {{ .Release.Namespace }} +data: + username: {{ $secret.data.username }} + password: {{ $secret.data.password }} + servicePort: {{ $secret.data.servicePort }} + backend: {{ $secret.data.backend }} + serviceName: {{ $secret.data.serviceName }} +{{- end }} + +{{ if $secret := (lookup "v1" "Secret" .Release.Namespace "primera3par-secret") -}} +--- +apiVersion: v1 +kind: Secret +metadata: + name: primera3par-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/managed-by: Helm + annotations: + helm.sh/resource-policy: keep + meta.helm.sh/release-name: {{ .Release.Name }} + meta.helm.sh/release-namespace: {{ .Release.Namespace }} +data: + username: {{ $secret.data.username }} + password: {{ $secret.data.password }} + servicePort: {{ $secret.data.servicePort }} + backend: {{ $secret.data.backend }} + serviceName: {{ $secret.data.serviceName }} +{{- end }} + diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/nimble-csp.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/nimble-csp.yaml new file mode 100644 index 000000000..332b95d5b --- /dev/null +++ b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/nimble-csp.yaml @@ -0,0 +1,64 @@ +--- +### CSP Service ### +kind: Service +apiVersion: v1 +metadata: + name: nimble-csp-svc + namespace: {{ .Release.Namespace }} + labels: + app: nimble-csp-svc +spec: + ports: + - port: 8080 + protocol: TCP + selector: + app: nimble-csp + +--- +### CSP deployment ### +kind: Deployment +apiVersion: apps/v1 +metadata: + name: nimble-csp + namespace: {{ .Release.Namespace }} +spec: + selector: + matchLabels: + app: nimble-csp + replicas: 1 + template: + metadata: + labels: + app: nimble-csp + spec: + serviceAccount: hpe-csp-sa + {{- if and (eq .Capabilities.KubeVersion.Major "1") ( ge ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "17") }} + priorityClassName: system-cluster-critical + {{- end }} + containers: + - name: nimble-csp + {{- if .Values.registry }} + image: {{ .Values.registry }}/hpestorage/nimble-csp:v1.4.0 + {{- else }} + image: quay.io/hpestorage/nimble-csp:v1.4.0 + {{- end }} + imagePullPolicy: {{ .Values.imagePullPolicy | quote }} + ports: + - containerPort: 8080 + volumeMounts: + - name: log-dir + mountPath: /var/log + volumes: + - name: log-dir + hostPath: + path: /var/log + tolerations: + - effect: NoExecute + key: node.kubernetes.io/not-ready + operator: Exists + tolerationSeconds: 30 + - effect: NoExecute + key: node.kubernetes.io/unreachable + operator: Exists + tolerationSeconds: 30 + diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/primera-3par-csp.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/primera-3par-csp.yaml new file mode 100644 index 000000000..5b1c65e2d --- /dev/null +++ b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/primera-3par-csp.yaml @@ -0,0 +1,65 @@ +--- +### CSP Service ### +kind: Service +apiVersion: v1 +metadata: + name: primera3par-csp-svc + namespace: {{ .Release.Namespace }} + labels: + app: primera3par-csp-svc +spec: + ports: + - port: 8080 + protocol: TCP + selector: + app: primera3par-csp + +--- +### CSP deployment ### +kind: Deployment +apiVersion: apps/v1 +metadata: + name: primera3par-csp + labels: + app: primera3par-csp + namespace: {{ .Release.Namespace }} +spec: + selector: + matchLabels: + app: primera3par-csp + replicas: 1 + template: + metadata: + labels: + app: primera3par-csp + spec: + serviceAccount: hpe-csp-sa + {{- if and (eq .Capabilities.KubeVersion.Major "1") ( ge ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "17") }} + priorityClassName: system-cluster-critical + {{- end }} + containers: + - name: primera3par-csp + {{- if .Values.registry }} + image: {{ .Values.registry }}/hpestorage/hpe3parprimera-csp:v1.2.0 + {{- else }} + image: quay.io/hpestorage/hpe3parprimera-csp:v1.2.0 + {{- end }} + imagePullPolicy: {{ .Values.imagePullPolicy | quote }} + ports: + - containerPort: 8080 + volumeMounts: + - name: log-dir + mountPath: /var/log + volumes: + - name: log-dir + hostPath: + path: /var/log + tolerations: + - effect: NoExecute + key: node.kubernetes.io/not-ready + operator: Exists + tolerationSeconds: 30 + - effect: NoExecute + key: node.kubernetes.io/unreachable + operator: Exists + tolerationSeconds: 30 diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/sc.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/sc.yaml new file mode 100644 index 000000000..a864865bf --- /dev/null +++ b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/templates/sc.yaml @@ -0,0 +1,38 @@ +{{ if $sc := (lookup "storage.k8s.io/v1" "StorageClass" "" "hpe-standard") -}} +# This is required to maintain backward compatibility of resources(storageclass) +# created with previous releases as we no longer create a storageclass with CSI driver install. +# Annotation "helm.sh/resource-policy": keep" should help to remove this file altogether +# in future. +# Also, manage the storageClass only if created by previous versions of helm with below check. +--- +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: hpe-standard + labels: + plugin: {{ $.Release.Name }} + app.kubernetes.io/managed-by: Helm + annotations: + helm.sh/resource-policy: keep + meta.helm.sh/release-name: {{ .Release.Name }} + meta.helm.sh/release-namespace: {{ .Release.Namespace }} + {{- range $k, $v := $sc.metadata.annotations }} + {{- if or (eq $v "true") (eq $v "false")}} + {{ $k }}: {{ $v | quote }} + {{- else }} + {{ $k }}: {{ $v }} + {{- end }} + {{- end }} +provisioner: csi.hpe.com +{{- if and (eq .Capabilities.KubeVersion.Major "1") ( ge ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "15") }} +allowVolumeExpansion: {{ $sc.allowVolumeExpansion }} +{{- end }} +parameters: + {{- range $k, $v := $sc.parameters }} + {{- if or (eq $v "true") (eq $v "false")}} + {{ $k }}: {{ $v | quote }} + {{- else }} + {{ $k }}: {{ $v }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/values.yaml b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/values.yaml new file mode 100644 index 000000000..edf47eaee --- /dev/null +++ b/charts/hpe-csi-driver/hpe-csi-driver/1.4.200/values.yaml @@ -0,0 +1,24 @@ +# Default values for hpe-csi-storage. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# image pull policy for all images in csi deployment +imagePullPolicy: 'IfNotPresent' + +# flavor +flavor: kubernetes + +# log level for all csi driver components +logLevel: info + +## For controlling automatic iscsi/multipath package installation (default: false) +disableNodeConformance: false + +# values for CHAP Authentication +iscsi: + chapUser: "" + chapPassword: "" + +# registry prefix for hpe csi images +registry: "quay.io" + diff --git a/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/Chart.yaml b/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/Chart.yaml new file mode 100644 index 000000000..3a61ef6be --- /dev/null +++ b/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/Chart.yaml @@ -0,0 +1,23 @@ +annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/release-name: hpe-flexvolume-driver +apiVersion: v1 +appVersion: "3.1" +description: A Helm chart for installing the HPE Volume Driver for Kubernetes FlexVolume + plugin +home: https://hpe.com/storage/containers +icon: https://raw.githubusercontent.com/hpe-storage/co-deployments/master/docs/assets/hpedev.png +keywords: +- HPE +- Storage +- StorageClass +- CentOS +- Ubuntu +- CloudVolumes +maintainers: +- email: hpe-containers-dev@hpe.com + name: shivamerla +name: hpe-flexvolume-driver +sources: +- https://github.com/hpe-storage/flexvolume-driver +version: 3.1.000 diff --git a/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/README.md b/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/README.md new file mode 100644 index 000000000..6cf393897 --- /dev/null +++ b/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/README.md @@ -0,0 +1,173 @@ +# HPE Volume Driver for Kubernetes FlexVolume Plugin Helm chart +The [HPE Volume Driver for Kubernetes FlexVolume Plugin](https://github.com/hpe-storage/flexvolume-driver) leverages HPE storage platforms to provide scalable and persistent storage for stateful applications. This chart also deploys the [HPE Dynamic Provisioner for Kubernetes](https://github.com/hpe-storage/k8s-dynamic-provisioner). + +## Prerequisites + +- Upstream Kubernetes version 1.11 or later +- Other Kubernetes distributions supported +- Rancher 2.x +- OpenShift 3.10, 3.11 (4.x will not be supported, see [CSI Driver Helm chart](https://github.com/hpe-storage/co-deployments/tree/master/helm/charts/hpe-csi-driver)) +- More distributions will be listed as tests are ongoing +- Recent Ubuntu, CentOS or RHEL compute nodes connected to their respective official package repositories + +Depending on which `pluginType` is being used, other prerequisites and requirements may apply. + +### HPE Nimble Storage (nimble) + +- NimbleOS 5.0.8 or later +- NimbleOS 5.1.3 or later + +### HPE Cloud Volumes + +- Amazon EKS 1.12.x/1.13.x +- Microsoft AKS 1.12.x/1.13.x +- US Regions Only + +## Configuration & Installation +The following table lists the configurable parameters of the FlexVolume driver chart and their default values. + +| Parameter | Description | Default | +|---------------------------|----------------------------------------------------------------------------------------------------|------------ | +| backend | HPE storage platform API endpoint. | 192.168.1.1 | +| pluginType | Backend plugin type to use. Currently `nimble` and `cv` are supported. | nimble | +| username | Username for the backend. Access key for HPE Cloud Volumes. | admin | +| password | Password for the backend. Access secret for HPE Cloud Volumes. | admin | +| protocol | Data plane protocol (`fc`, `iscsi`). | iscsi | +| fsType | Type of file to format volumes with (ext4, ext3, xfs, btrfs). | xfs | +| logLevel | Log level. Can be one of `info`, `debug`, `trace`, `warn` and `error` | info | +| mountConflictDelay | Wait this long (in seconds) before forcefully taking over a volume from an isolated or crashed node. | 120 | +| flavor | Kubernetes distribution specific tweaks. Supported flavors include `k8s`, `ocp`, `eks`, `aks` and `rke`. | k8s | +| podsMountDir | This is the directory where the kubelet bind mounts the volume for pods. May differ between Kubernetes distributions. | /var/lib/kubelet/pods | +| storageClass.name | The name to assign the created StorageClass. | hpe-standard | +| storageClass.create | Enables creation of StorageClass to consume this hpe-flexvolume-driver instance. | true | +| storageClass.defaultClass | Whether to set the created StorageClass as the clusters default StorageClass. | false | +| nimble.config | HPE Nimble Storage volume config parameters. | - | +| cv.config | HPE Cloud Volumes volume config parameters. | - | + +It's recommended to create a `values.yaml` file and edit it to fit the environment the chart is being deployed to. + +Example `values.yaml` using a Nimble backend: + +``` +--- +backend: 192.168.1.1 +username: admin +password: admin +pluginType: nimble +fsType: xfs +storageClass: + defaultClass: true +``` + +This will connect the driver to a Nimble based backend with management IP address of `192.168.1.1` and format new volumes with a XFS filesystem. + +The `nimble.config` or `cv.config` stanza will be hosted in a `ConfigMap` and can be used to tweak default parmaters and also override `StorageClass` parameters. More information on these stanzas can be found in the [ADVANCED.md](https://github.com/hpe-storage/flexvolume-driver/blob/master/ADVANCED.md) documentation. + +Example `nimble.config` stanza: + +``` +nimble: + config: + limitIOPS: "-1" + limitMBPS: "-1" + perfPolicy: DockerDefault +``` + +Example `cv.config` stanza: + +``` +cv: + config: + snapPrefix: BaseFor + automatedConnection: true + existingCloudSubnet: 10.1.0.0/24 + region: us-east-1 + privateCloud: vpc-data + cloudComputeProvider: "Amazon AWS" + perfPolicy: Other + volumeType: PF + encryption: true + protectionTemplate: twicedaily:4 + destroyOnRm: true + limitIOPS: "1000" + initiators: + - '"eth0"' + privateCloudResourceGroup: "" +``` + +**Note:** Storage class parameters will override the settings in `defaults` and `global` section. + +### Platform notes +Certain distributions demand certain tweaks to the variables for the driver and dynamic provisioner to operate correctly. See each platform for details. + +#### Upstream Kubernetes +This is the default operating mode, no tweaks are needed. + +#### Red Hat OpenShift and OKD +Applicable to Red Hat OpenShift 3.10 and 3.11. 4.x is not supported*. + +| Key | Value | Description | +|------------|---------------------------|------------------------------------------------------------------------------------| +| podsMountDir | /var/lib/origin/openshift.local.volumes | This is the directory where the kubelet bind mounts the volume for pods. | + +* = If experimentation is desirable with OpenShift 4.x, set `flexVolumeExec` default path for ocp to `/etc/kubernetes/kubelet-plugins/volume/exec`. The driver will only work on RHEL 7.x nodes. + +#### Rancher +Applicable to installing the Helm Chart via the Rancher catalog system. + +| Key | Value | Description | +|------------|---------------------------|------------------------------------------------------------------------------------| +| flavor | rke | Required and prepopulated by default. | +| podsMountDir | /var/lib/kubelet/volumeplugins | This is the directory where the kubelet bind mounts the volume for pods. Required and prepopulated by default.| + +## Installing the Chart +To install the chart with the name `hpe-flexvolume`: + +``` +helm repo add hpe-storage https://hpe-storage.github.io/co-deployments/ +helm install hpe-storage/hpe-flexvolume-driver --namespace kube-system --name hpe-flexvolume -f values.yaml +``` + +**Note:** Omitting the `--name` flag will generate a human readable name. + +## Check status of the Chart +To check status of the `hpe-flexvolume` deployment: + +``` +helm status hpe-flexvolume +``` + +## Uninstalling the Chart +To uninstall/delete the `hpe-flexvolume` deployment: + +``` +helm delete hpe-flexvolume --purge +``` + +## Alternative install method +In some cases it's more practical provide the local configuration via the `helm` command directly. Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example: + +``` +helm install --name hpe-flexvolume hpe/hpe-flexvolume-driver \ +--set backend=X.X.X.X --set username=admin --set password=xxxxxxxxx \ +--set protocol=iscsi --set fsType=xfs +``` + +## Using the HPE Volume Driver for Kubernetes FlexVolume Plugin +To enable dynamic provisioning of `PersistentVolume` through the use of `PersistentVolumeClaim` API objects, a `StorageClass` needs to be declared on the cluster. Please see the [HPE Volume Driver for Kubernetes FlexVolume Plugin](https://github.com/hpe-storage/flexvolume-driver) repository for the official documentation for this Helm chart. Also, it's helpful to be familar with [persistent storage concepts](https://kubernetes.io/docs/concepts/storage/volumes/) in Kubernetes prior to deploying stateful workloads. + +## Support +The HPE Volume Driver for Kubernetes FlexVolume Plugin Helm chart is supported by the respective platform team. Currently supported platforms: + +- HPE Nimble Storage +- HPE Cloud Volumes + +Please file issues through the regular support channels for the particular platform. Feature requests or general questions to developers may be filed through the [GitHub issue tracker](https://github.com/hpe-storage/co-deployments) for this project. + +You may also join our Slack community to chat with HPE folks close to this project for inquiries not requring our immediate response. We hang out in `#NimbleStorage` and `#Kubernetes` at [slack.hpedev.io](https://slack.hpedev.io/). + +## Contributing +We value all feedback and contributions. If you find any issues or want to contribute, please feel free to open an issue or file a PR. More details in [CONTRIBUTING.md](https://github.com/hpe-storage/co-deployments/blob/master/CONTRIBUTING.md) + +## License +This is open source software licensed using the Apache License 2.0. Please see [LICENSE](https://github.com/hpe-storage/co-deployments/blob/master/LICENSE) for details. diff --git a/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/app-readme.md b/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/app-readme.md new file mode 100644 index 000000000..4d8e79cf5 --- /dev/null +++ b/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/app-readme.md @@ -0,0 +1,3 @@ +# HPE Volume Driver for Kubernetes FlexVolume Plugin + +The [HPE Volume Driver for Kubernetes FlexVolume plugin](https://github.com/hpe-storage/flexvolume-driver) leverages HPE storage platforms to provide scalable and persistent storage for stateful applications. This chart also deploys the [HPE Dynamic Provisioner for Kubernetes](https://github.com/hpe-storage/k8s-dynamic-provisioner). diff --git a/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/questions.yml b/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/questions.yml new file mode 100644 index 000000000..034718811 --- /dev/null +++ b/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/questions.yml @@ -0,0 +1,172 @@ +questions: +- variable: flavor + label: "Kubernetes flavor" + type: enum + default: "rke" + required: true + options: + - "rke" + - "eks" + - "ocp" + - "aks" + - "gke" + - "gkeop" + - "k8s" + description: "Tweak Helm chart behavior." + group: "Rancher specific settings" +- variable: pluginType + label: "HPE platform" + type: enum + options: + - "nimble" + - "cv" + - "simplivity" + default: "nimble" + description: "HPE platform type for the deployment." + group: "HPE backend settings" +- variable: backend + label: "IP address" + type: string + required: true + description: "Please specify HPE backend IP address." + group: "HPE backend settings" +- variable: username + label: "Username" + type: string + required: true + description: "Specify username with backend storage admin permissions." + group: "HPE backend settings" +- variable: password + label: "Password" + type: password + required: true + description: "Specify password for the backend user." + group: "HPE backend settings" +- variable: fsType + label: "Filesystem" + default: "xfs" + type: enum + options: + - "xfs" + - "ext4" + - "ext3" + - "btrfs" + description: "Select the filesystem for Persistent Volumes, defaults to xfs." + group: "HPE StorageClass and volume settings" +- variable: protocol + label: "HPE storage protocol" + type: enum + default: "iscsi" + options: + - "iscsi" + - "fc" + description: "Specify storage protocol for HPE backend connectivity." + group: "HPE StorageClass and volume settings" +- variable: storageClass.create + label: "Create a StorageClass" + type: boolean + default: true + required: true + description: "If specified as 'true', a StorageClass named 'hpe-standard' will be created with the HPE Volume Driver for Kubernetes FlexVolume Plugin as provisioner." + group: "HPE StorageClass and volume settings" +- variable: storageClass.defaultClass + label: "Mark StorageClass 'hpe-standard' as 'default'." + type: boolean + default: false + description: "If specified as 'true', the 'hpe-standard' StorageClass will be annotated as 'default'. This option is ignored if 'Create a StorageClass' is set to 'false'." + group: "HPE StorageClass and volume settings" +- variable: cv.config.existingCloudSubnet + show_if: "pluginType=cv" + label: "Cloud subnet" + type: string + default: "" + required: true + description: "Cloud subnet of the cluster for connection provisioning" + group: "Cloud instance settings" +- variable: cv.config.privateCloud + show_if: "pluginType=cv" + label: "Virtual private cloud" + type: string + required: true + description: "Virtual private cloud of the cluster" + group: "Cloud instance settings" +- variable: cv.config.region + show_if: "pluginType=cv" + label: "Public cloud region" + type: string + required: true + description: "Public cloud provider region in which cluster resides" + group: "Cloud instance settings" +- variable: cv.config.cloudComputeProvider + show_if: "pluginType=cv" + label: "Public cloud provider" + type: enum + default: "Amazon AWS" + options: + - "Amazon AWS" + - "Microsoft Azure" + description: "Public cloud provider name" + group: "Cloud instance settings" +- variable: cv.config.privateCloudResourceGroup + show_if: "cv.config.cloudComputeProvider=Microsoft Azure" + label: "Azure Resource Group" + type: string + required: true + description: "Azure resource group for the cluster" + group: "Cloud instance settings" +- variable: cv.config.volumeType + show_if: "pluginType=cv" + label: "Volume type" + type: enum + default: "PF" + options: + - "PF" + - "GPF" + description: "HPE Cloud Volume type" + group: "HPE Cloud Volumes settings" +- variable: cv.config.encryption + show_if: "pluginType=cv" + label: "Volume Encryption" + type: boolean + default: true + required: true + description: "Encryption for HPE Cloud Volume" + group: "HPE Cloud Volumes settings" +- variable: cv.config.protectionTemplate + show_if: "pluginType=cv" + label: "Protection template" + type: enum + default: "twicedaily:4" + options: + - "daily:3" + - "daily:7" + - "daily:14" + - "hourly:6" + - "hourly:12" + - "hourly:24" + - "twicedaily:4" + - "twicedaily:8" + - "twicedaily:14" + - "weekly:2" + - "weekly:4" + - "weekly:8" + - "monthly:3" + - "monthly:6" + - "monthly:12" + - "none" + description: "Protection Template" + group: "HPE Cloud Volumes settings" +- variable: cv.config.perfPolicy + show_if: "pluginType=cv" + label: "Performance policy" + type: enum + default: "Other" + options: + - "Other" + - "Exchange" + - "Oracle" + - "SharePoint" + - "SQL" + - "Windows File Server" + description: "Performance policy" + group: "HPE Cloud Volumes settings" diff --git a/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/templates/NOTES.txt b/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/templates/NOTES.txt new file mode 100644 index 000000000..e69de29bb diff --git a/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/templates/_helpers.tpl b/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/templates/_helpers.tpl new file mode 100644 index 000000000..d0a095b72 --- /dev/null +++ b/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/templates/_helpers.tpl @@ -0,0 +1,32 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "hpe-flexvolume-driver.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "hpe-flexvolume-driver.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "hpe-flexvolume-driver.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/templates/hpe-config.yaml b/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/templates/hpe-config.yaml new file mode 100644 index 000000000..c65a2a576 --- /dev/null +++ b/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/templates/hpe-config.yaml @@ -0,0 +1,58 @@ +--- +kind: ConfigMap +apiVersion: v1 +metadata: + name: hpe-config + namespace: {{ .Release.Namespace }} +data: + volume-driver.json: |- + {{- if eq .Values.pluginType "nimble"}} + { + "global": {}, + "defaults": { + "limitIOPS": {{ .Values.nimble.config.limitIOPS | quote }}, + "limitMBPS": {{ .Values.nimble.config.limitMBPS | quote }}, + "perfPolicy": {{ .Values.nimble.config.perfPolicy | quote }} + }, + "overrides": {} + } + {{- else if eq .Values.pluginType "cv"}} + { + "global": { + "snapPrefix": {{ .Values.cv.config.snapPrefix | quote }}, + "automatedConnection": {{ .Values.cv.config.automatedConnection }}, + "initiators": [{{- join "," .Values.cv.config.initiators }}], + "automatedConnection": {{ .Values.cv.config.automatedConnection }}, + "existingCloudSubnet": {{ .Values.cv.config.existingCloudSubnet | quote }}, + "region": {{ .Values.cv.config.region | quote }}, + "privateCloud": {{ .Values.cv.config.privateCloud | quote }}, + {{- if and .Values.cv.config.privateCloudResourceGroup (ne .Values.cv.config.privateCloudResourceGroup "") }} + "privateCloudResourceGroup": {{ .Values.cv.config.privateCloudResourceGroup | quote }}, + {{- end }} + "cloudComputeProvider": {{ .Values.cv.config.cloudComputeProvider | quote }} + }, + "defaults": { + "perfPolicy": {{ .Values.cv.config.perfPolicy | quote }}, + "limitIOPS": {{ .Values.cv.config.limitIOPS | quote }}, + "volumeType": {{ .Values.cv.config.volumeType | quote }}, + "encryption": {{ .Values.cv.config.encryption }}, + "protectionTemplate": {{ .Values.cv.config.protectionTemplate | quote }}, + "destroyOnRm": {{ .Values.cv.config.destroyOnRm }} + }, + "overrides": {} + } + {{- else }} + { + "global": {}, + "defaults": {}, + "overrides": {} + } + {{- end }} + + {{- if eq .Values.flavor "rke"}} + {{ .Values.pluginType }}.json: |- + { + "dockerVolumePluginSocketPath": "/host/etc/hpe-storage/{{ .Values.pluginType }}.sock" + } + {{- end }} + diff --git a/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/templates/hpe-doryd-rbac.yaml b/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/templates/hpe-doryd-rbac.yaml new file mode 100644 index 000000000..788ed97ac --- /dev/null +++ b/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/templates/hpe-doryd-rbac.yaml @@ -0,0 +1,40 @@ +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-dynamic-provisioner-role + namespace: {{ .Release.Namespace }} +rules: + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete", "update"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-dynamic-provisioner-binding +subjects: + - kind: ServiceAccount + name: hpe-flexvolume-sa + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: hpe-dynamic-provisioner-role + apiGroup: rbac.authorization.k8s.io + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: hpe-flexvolume-sa + namespace: {{ .Release.Namespace }} \ No newline at end of file diff --git a/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/templates/hpe-doryd.yaml b/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/templates/hpe-doryd.yaml new file mode 100644 index 000000000..eff543acc --- /dev/null +++ b/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/templates/hpe-doryd.yaml @@ -0,0 +1,67 @@ +#### HPE Dynamic Provisioner ### +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: hpe-dynamic-provisioner + namespace: {{ .Release.Namespace }} + labels: + app: hpe-dynamic-provisioner +spec: + selector: + matchLabels: + daemon: hpe-dynamic-provisioner-daemon + strategy: + type: RollingUpdate + template: + metadata: + labels: + daemon: hpe-dynamic-provisioner-daemon + name: hpe-dynamic-provisioner + spec: + restartPolicy: Always + serviceAccountName: hpe-flexvolume-sa + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + containers: + - + image: {{ .Values.dynamicProvisionerImage}}: {{- .Values.dynamicProvisionerTag}} + imagePullPolicy: Always + name: hpe-dynamic-provisioner + env: + - name: LOG_LEVEL + value: {{ .Values.logLevel }} + volumeMounts: + - name: k8s + mountPath: /etc/kubernetes + - name: flexvolumedriver + mountPath: /usr/libexec/kubernetes/kubelet-plugins/volume/exec + - name: varlog + mountPath: /var/log + {{- if eq .Values.flavor "rke"}} + - name: hpeconfig + mountPath: /host/etc/hpe-storage + {{- else }} + - name: hpeconfig + mountPath: /etc/hpe-storage + {{- end }} + securityContext: + privileged: true + volumes: + - name: k8s + hostPath: + path: /etc/kubernetes + - name: flexvolumedriver + hostPath: + {{- $flavor := .Values.flavor -}} + {{- range .Values.flexVolumeExec }} + {{- if eq .name $flavor }} + path: {{ .value }} + {{- end }} + {{- end }} + - name: hpeconfig + hostPath: + path: /etc/hpe-storage + - name: varlog + hostPath: + path: /var/log diff --git a/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/templates/hpe-flexvolume-plugin.yaml b/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/templates/hpe-flexvolume-plugin.yaml new file mode 100644 index 000000000..af86aae33 --- /dev/null +++ b/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/templates/hpe-flexvolume-plugin.yaml @@ -0,0 +1,216 @@ + #### Flexvolume Driver ### +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: hpe-flexvolume-driver + namespace: {{ .Release.Namespace }} + labels: + k8s-app: hpe-flexvolume-driver +spec: + selector: + matchLabels: + name: hpe-flexvolume-driver + template: + metadata: + labels: + name: hpe-flexvolume-driver + spec: + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + serviceAccountName: hpe-flexvolume-sa + containers: + - name: flexvolume + image: {{ .Values.flexVolumeDriverImage}}: {{- .Values.flexVolumeDriverTag}} + imagePullPolicy: "Always" + lifecycle: + preStop: + # create empty file to let plugin signal handler to perform cleanup of config/cert/dory files + exec: + command: [ "/bin/sh", "-c", "touch /etc/hpe-storage/remove" ] + {{- if eq .Values.flavor "rke"}} + postStart: + exec: + command: [ "/bin/bash", "-c", + "while [[ ! -d /var/lib/kubelet/volumeplugins/hpe.com~{{ .Values.pluginType }} ]] || [[ ! -f /etc/hpe-storage/{{ .Values.pluginType }}.json ]]; do sleep 1; done; cp -a /etc/hpe-storage/{{ .Values.pluginType }}.json /var/lib/kubelet/volumeplugins/hpe.com~{{ .Values.pluginType }}/{{ .Values.pluginType }}.json" ] + {{- end }} + env: + - name: LOG_LEVEL + value: {{ .Values.logLevel }} + - name: FLAVOR + value: {{ .Values.flavor }} + - name: PROVIDER_IP + valueFrom: + secretKeyRef: + name: hpe-secret + key: backend + - name: PROVIDER_USERNAME + valueFrom: + secretKeyRef: + name: hpe-secret + key: username + - name: PROVIDER_PASSWORD + valueFrom: + secretKeyRef: + name: hpe-secret + key: password + - name: PROTOCOL + valueFrom: + secretKeyRef: + name: hpe-secret + key: protocol + {{- if eq .Values.pluginType "cv"}} + - name: PROVIDER_PORT + valueFrom: + secretKeyRef: + name: hpe-secret + key: servicePort + - name: PROVIDER_SERVICE + valueFrom: + secretKeyRef: + name: hpe-secret + key: serviceName + {{- end }} + - name: SCOPE + value: global + - name: PLUGIN_TYPE + value: {{ .Values.pluginType }} + volumeMounts: + - name: pluginmountdir + mountPath: /var/lib/kubelet + mountPropagation: Bidirectional + - name: bindmountdir + mountPath: {{ .Values.podsMountDir }} + mountPropagation: Bidirectional + - name: legacymounts + mountPath: /opt/nimble + mountPropagation: Bidirectional + - name: dev + mountPath: /dev + - name: libmodules + mountPath: /lib/modules + - name: var-log + mountPath: /var/log + - name: var-lib-iscsi + mountPath: /var/lib/iscsi + - name: exec + mountPath: /usr/libexec/kubernetes/kubelet-plugins/volume/exec + - name: runlock + mountPath: /run/lock + - name: etc-iscsi + mountPath: /etc/iscsi + - name: etc-multipath + mountPath: /etc/multipath + {{- if ne .Values.flavor "rke"}} + - name: etc-multipath-conf + mountPath: /etc/multipath.conf + {{- end }} + - name: etc-redhat-release + mountPath: /etc/redhat-release + - name: etc-os-release + mountPath: /etc/os-release + - name: etc-hpe-storage-dir + mountPath: /etc/hpe-storage + {{- if eq .Values.flavor "rke"}} + - name: etc-hpe-storage-dir + mountPath: /host/etc/hpe-storage + {{- end }} + - name: sys + mountPath: /sys + - name: iscsiadm + mountPath: /sbin/iscsiadm + - name: config-file + mountPath: /etc/hpe-storage/volume-driver.json + subPath: volume-driver.json + {{- if eq .Values.flavor "rke"}} + - name: config-file + mountPath: /etc/hpe-storage/{{ .Values.pluginType }}.json + subPath: {{ .Values.pluginType }}.json + {{- end }} + - name: runsystemd + mountPath: /run/systemd + - name: libsystemd + mountPath: /lib/systemd/system + - name: usrlocal + mountPath: /usr_local + securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + allowPrivilegeEscalation: true + volumes: + - name: pluginmountdir + hostPath: + path: /var/lib/kubelet + - name: bindmountdir + hostPath: + path: {{ .Values.podsMountDir }} + # required to handle legacy mounts from NLT based plugin. Remove this for CoreOS + - name: legacymounts + hostPath: + path: /opt/nimble/ + - name: dev + hostPath: + path: /dev + - name: libmodules + hostPath: + path: /lib/modules + - name: var-log + hostPath: + path: /var/log + - name: var-lib-iscsi + hostPath: + path: /var/lib/iscsi/ + - name: exec + hostPath: + {{- $flavor := .Values.flavor -}} + {{- range .Values.flexVolumeExec }} + {{- if eq .name $flavor }} + path: {{ .value }} + {{- end }} + {{- end }} + - name: runlock + hostPath: + path: /run/lock + - name: etc-iscsi + hostPath: + path: /etc/iscsi/ + - name: etc-multipath + hostPath: + path: /etc/multipath/ + {{- if ne .Values.flavor "rke"}} + - name: etc-multipath-conf + hostPath: + path: /etc/multipath.conf + type: FileOrCreate + {{- end }} + - name: etc-redhat-release + hostPath: + path: /etc/redhat-release + type: FileOrCreate + - name: etc-os-release + hostPath: + path: /etc/os-release + type: FileOrCreate + - name: etc-hpe-storage-dir + hostPath: + path: /etc/hpe-storage/ + - name: sys + hostPath: + path: /sys + - name: iscsiadm + hostPath: + path: /sbin/iscsiadm + type: FileOrCreate + - name: config-file + configMap: + name: hpe-config + - name: runsystemd + hostPath: + path: /run/systemd + - name: libsystemd + hostPath: + path: /lib/systemd/system + - name: usrlocal + hostPath: + path: /usr diff --git a/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/templates/hpe-secret.yaml b/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/templates/hpe-secret.yaml new file mode 100644 index 000000000..7aaee67e9 --- /dev/null +++ b/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/templates/hpe-secret.yaml @@ -0,0 +1,18 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: hpe-secret + namespace: {{ .Release.Namespace }} +stringData: + username: {{ .Values.username }} + password: {{ .Values.password }} + {{- if eq .Values.pluginType "cv"}} + backend: {{ .Values.backend }} + servicePort: {{ .Values.servicePort | quote }} + serviceName: {{ .Values.serviceName }} + protocol: "iscsi" + {{- else }} + backend: {{ .Values.backend }} + protocol: {{ .Values.protocol }} + {{- end }} diff --git a/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/templates/hpecv-cp.yaml b/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/templates/hpecv-cp.yaml new file mode 100644 index 000000000..fd28355ee --- /dev/null +++ b/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/templates/hpecv-cp.yaml @@ -0,0 +1,66 @@ +{{- if eq .Values.pluginType "cv"}} +# Configuration to deploy the HPE Nimble Storage Container Provider service +# +# example usage: kubectl create -f + +--- + +####################################### +############ CP Service ############ +####################################### +kind: Service +apiVersion: v1 +metadata: + name: {{ .Values.serviceName }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.serviceName }} +spec: + ports: + - port: {{ .Values.servicePort }} + protocol: TCP + selector: + app: cv-cp + +--- + +########################################## +############ CP Deployment ############ +########################################## +kind: Deployment +apiVersion: apps/v1 +metadata: + name: cv-cp + namespace: {{ .Release.Namespace }} +spec: + selector: + matchLabels: + app: cv-cp + replicas: 1 + template: + metadata: + labels: + app: cv-cp + spec: + serviceAccountName: hpe-flexvolume-sa + containers: + - name: cv-cp + image: {{ .Values.containerProviderImage}}: {{- .Values.containerProviderTag}} + imagePullPolicy: Always + env: + - name: CLOUDVOLUMES_PORTAL_SERVER + value: {{ .Values.backend }} + - name: CLOUDVOLUMES_PORT + value: {{ .Values.servicePort | quote }} + - name: LOG_LEVEL + value: {{ .Values.logLevel }} + ports: + - containerPort: {{ .Values.servicePort }} + volumeMounts: + - name: log-dir + mountPath: /var/log + volumes: + - name: log-dir + hostPath: + path: /var/log +{{- end }} diff --git a/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/templates/post-install.yaml b/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/templates/post-install.yaml new file mode 100644 index 000000000..60dfa8559 --- /dev/null +++ b/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/templates/post-install.yaml @@ -0,0 +1,28 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: "{{.Release.Name}}" + labels: + app.kubernetes.io/managed-by: {{.Release.Service | quote}} + app.kubernetes.io/instance: {{.Release.Name | quote}} + app.kubernetes.io/version: {{.Chart.AppVersion | quote}} + helm.sh/chart: "{{.Chart.Name}}-{{.Chart.Version}}" + annotations: + "helm.sh/hook": post-install + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": hook-succeeded +spec: + template: + metadata: + name: "{{.Release.Name}}" + labels: + app.kubernetes.io/managed-by: {{.Release.Service | quote }} + app.kubernetes.io/instance: {{.Release.Name | quote }} + helm.sh/chart: "{{.Chart.Name}}-{{.Chart.Version}}" + spec: + restartPolicy: Never + containers: + - name: post-install-job + image: "alpine:3.3" + command: ["/bin/sleep","{{default "10" .Values.serviceWaitTime}}"] + diff --git a/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/templates/sc.yaml b/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/templates/sc.yaml new file mode 100644 index 000000000..3dc98eb48 --- /dev/null +++ b/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/templates/sc.yaml @@ -0,0 +1,16 @@ +{{ if .Values.storageClass.create -}} +--- +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: {{ .Values.storageClass.name }} + labels: + plugin: {{ .Release.Name }} + {{- if .Values.storageClass.defaultClass }} + annotations: + storageclass.kubernetes.io/is-default-class: "true" + {{- end }} +provisioner: hpe.com/{{ .Values.pluginType }} +parameters: + description: {{ .Values.volumeDescription }} +{{- end }} diff --git a/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/values.yaml b/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/values.yaml new file mode 100644 index 000000000..77d2762c2 --- /dev/null +++ b/charts/hpe-flexvolume-driver/hpe-flexvolume-driver/3.1.000/values.yaml @@ -0,0 +1,97 @@ +# Default values for hpe-flexvolume-driver +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +#doryd image +dynamicProvisionerTag: v3.1.0 +dynamicProvisionerImage: store/hpestorage/k8s-dynamic-provisioner + +#flexvolume plugin image +flexVolumeDriverTag: v3.1.0 +flexVolumeDriverImage: store/hpestorage/flexvolume-driver + +#container-provider image +containerProviderTag: v3.1.0 +containerProviderImage: store/hpestorage/cv-cp + +#parameters +backend: 192.168.1.1 +username: admin +password: admin +protocol: iscsi +servicePort: "8080" +serviceName: cv-cp-svc + +#storage class parameters +fsType: xfs +volumeDescription: "Volume created by HPE Volume Driver for Kubernetes FlexVolume Plugin" + +#service parameters +# wait seconds for doryd/flexvolume node plugins to start +serviceWaitTime: "10" + +#flavor +flavor: k8s + +#platform for which plugin is being deployed.i.e nimble or cv +pluginType: nimble + +#bindMountPath where kubelet bindmounts volume to pod namespace +podsMountDir: /var/lib/kubelet/pods + +#volumePluginDir volume plugin directory where kubelet watches for flexvolume plugin +flexVolumeExec: + - name: eks + value: /usr/libexec/kubernetes/kubelet-plugins/volume/exec + - name: k8s + value: /usr/libexec/kubernetes/kubelet-plugins/volume/exec + - name: ocp + value: /etc/kubernetes/kubelet-plugins/volume/exec + - name: gkeop + value: /usr/libexec/kubernetes/kubelet-plugins/volume/exec + - name: gke + value: /home/kubernetes/flexvolume + - name: aks + value: /etc/kubernetes/volumeplugins + - name: rke + value: /var/lib/kubelet/volumeplugins + +#log level for flexvolume driver and dynamic provisioner +logLevel: info + +## For creating the StorageClass automatically: +storageClass: + create: true + + ## Set StorageClass as the default StorageClass + ## Ignored if storageClass.create is false + defaultClass: false + + ## Set a StorageClass name + ## Ignored if storageClass.create is false + name: hpe-standard + +nimble: + config: + limitIOPS: "-1" + limitMBPS: "-1" + perfPolicy: DockerDefault + +cv: + config: + snapPrefix: BaseFor + automatedConnection: true + existingCloudSubnet: 10.1.0.0/24 + region: us-east-1 + privateCloud: vpc-data + cloudComputeProvider: "Amazon AWS" + perfPolicy: Other + volumeType: PF + encryption: true + protectionTemplate: twicedaily:4 + destroyOnRm: true + limitIOPS: "1000" + # In case of multiple initiators, add one per line and escape double quotes as below + initiators: + - '"eth0"' + privateCloudResourceGroup: "" diff --git a/charts/instana-agent/instana-agent/1.0.2900/.helmignore b/charts/instana-agent/instana-agent/1.0.2900/.helmignore new file mode 100644 index 000000000..b4fa6cb0d --- /dev/null +++ b/charts/instana-agent/instana-agent/1.0.2900/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +# OWNERS file for helm +OWNERS diff --git a/charts/instana-agent/instana-agent/1.0.2900/Chart.yaml b/charts/instana-agent/instana-agent/1.0.2900/Chart.yaml new file mode 100644 index 000000000..6b52668cd --- /dev/null +++ b/charts/instana-agent/instana-agent/1.0.2900/Chart.yaml @@ -0,0 +1,27 @@ +annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/release-name: instana-agent +apiVersion: v1 +appVersion: "1.1" +description: Instana Agent for Kubernetes +home: https://www.instana.com/ +icon: https://instana-management-assets.s3-eu-west-1.amazonaws.com/stan-logo-2020.png +maintainers: +- email: jon.brisbin@instana.com + name: jbrisbin +- email: william.james@instana.com + name: wiggzz +- email: jeroen.soeters@instana.com + name: JeroenSoeters +- email: fabian.staeber@instana.com + name: fstab +- email: miel.donkers@instana.com + name: mdonkers +- email: dahlia.bock@instana.com + name: dlbock +- email: nathan.fisher@instana.com + name: nfisher +name: instana-agent +sources: +- https://github.com/instana/instana-agent-docker +version: 1.0.2900 diff --git a/charts/instana-agent/instana-agent/1.0.2900/README.md b/charts/instana-agent/instana-agent/1.0.2900/README.md new file mode 100644 index 000000000..dd17e51d6 --- /dev/null +++ b/charts/instana-agent/instana-agent/1.0.2900/README.md @@ -0,0 +1,164 @@ +# Instana + +Instana is an [APM solution](https://www.instana.com/) built for microservices that enables IT Ops to build applications faster and deliver higher quality services by automating monitoring, tracing and root cause analysis. This solution is optimized for [Kubernetes](https://www.instana.com/automatic-kubernetes-monitoring/). + +## Introduction + +This chart adds the Instana Agent to all schedulable nodes in your cluster via a `DaemonSet`. + +## Prerequisites + +Kubernetes 1.9.x - 1.18.x + +#### Helm 3 prerequisites + +Working `helm` with the `stable` repo added to your helm client. + +#### Helm 2 prerequisites + +Working `helm` and `tiller`. + +_Note:_ Tiller may need a service account and role binding if RBAC is enabled in your cluster. + +## Installing the Chart + +To configure the installation you can either specify the options on the command line using the **--set** switch, or you can edit **values.yaml**. Either way you should ensure that you set values for: + +* agent.key +* zone.name or cluster.name + +For most users, setting the `zone.name` is sufficient. However, if you would like to be able group your hosts based on the availability zone rather than cluster name, then you can specify the cluster name using the `cluster.name` instead of the `zone.name` setting. If you omit the `zone.name` the host zone will be automatically determined by the availability zone information on the host. + +If you're in the EU, you'll probably also want to set the regional equivalent values for: + +* agent.endpointHost +* agent.endpointPort + +_Note:_ You can find the options mentioned in the [configuration section below](#configuration) + +Optionally, if your infrastructure uses a proxy, you should ensure that you set values for: + +* agent.pod.proxyHost +* agent.pod.proxyPort +* agent.pod.proxyProtocol +* agent.pod.proxyUser +* agent.pod.proxyPassword +* agent.pod.proxyUseDNS + +Optionally, if your infrastructure has multiple networks defined, you might need to allow the agent to listen on all addresses (typically with value set to '*'): + +* agent.listenAddress + +If your agent requires download key, you should ensure that you set values for it: + +* agent.downloadKey + +Agent can have APM, INFRASTRUCTURE or AWS mode. Default is APM and if you want to override that, ensure you set value: + +* agent.mode + +#### Installing with Helm 3 + +First, create a namespace for the instana-agent + +```bash +$ kubectl create namespace instana-agent +``` + +To install the chart with the release name `instana-agent` and set the values on the command line run: + +```bash +$ helm install instana-agent --namespace instana-agent \ +--set agent.key=INSTANA_AGENT_KEY \ +--set agent.endpointHost=HOST \ +--set zone.name=ZONE_NAME \ +stable/instana-agent +``` + +#### Installing with Helm 2 + +To install the chart with the release name `instana-agent` and set the values on the command line run: + +```bash +$ helm install --name instana-agent --namespace instana-agent \ +--set agent.key=INSTANA_AGENT_KEY \ +--set agent.endpointHost=HOST \ +--set zone.name=ZONE_NAME \ +stable/instana-agent +``` + +## Uninstalling the Chart + +To uninstall/delete the `instana-agent` release: + +#### Uninstalling with Helm 2 + +```bash +$ helm del --purge instana-agent +``` + +#### Uninstalling with Helm 3 + +```bash +$ helm del instana-agent -n instana-agent +``` + +## Configuration + +### Helm Chart + +The following table lists the configurable parameters of the Instana chart and their default values. + +| Parameter | Description | Default | +|------------------------------------|-------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------| +| `agent.configuration_yaml` | Custom content for the agent configuration.yaml file | `nil` See [below](#agent) for more details | +| `agent.downloadKey` | Your Instana Download key | `nil` Usually not required | +| `agent.endpointHost` | Instana Agent backend endpoint host | `ingress-red-saas.instana.io` (US and ROW). If in Europe, please override with `ingress-blue-saas.instana.io` | +| `agent.endpointPort` | Instana Agent backend endpoint port | `443` | +| `agent.image.name` | The image name to pull | `instana/agent` | +| `agent.image.tag` | The image tag to pull | `latest` | +| `agent.image.pullPolicy` | Image pull policy | `Always` | +| `agent.key` | Your Instana Agent key | `nil` You must provide your own key | +| `agent.listenAddress` | List of addresses to listen on, or "*" for all interfaces | `nil` | +| `agent.mode` | Agent mode (Supported values are APM, INFRASTRUCTURE, AWS) | `APM` | +| `agent.pod.annotations` | Additional annotations to apply to the pod | `{}` | +| `agent.pod.limits.cpu` | Container cpu limits in cpu cores | `1.5` | +| `agent.pod.limits.memory` | Container memory limits in MiB | `512` | +| `agent.pod.proxyHost` | Hostname/address of a proxy | `nil` | +| `agent.pod.proxyPort` | Port of a proxy | `nil` | +| `agent.pod.proxyProtocol` | Proxy protocol (Supported proxy types are "http", "socks4", "socks5") | `nil` | +| `agent.pod.proxyUser` | Username of the proxy auth | `nil` | +| `agent.pod.proxyPassword` | Password of the proxy auth | `nil` | +| `agent.pod.proxyUseDNS` | Boolean if proxy also does DNS | `nil` | +| `agent.pod.requests.memory` | Container memory requests in MiB | `512` | +| `agent.pod.requests.cpu` | Container cpu requests in cpu cores | `0.5` | +| `agent.pod.tolerations` | Tolerations for pod assignment | `[]` | +| `agent.env` | Additional environment variables for the agent | `{}` | +| `agent.redactKubernetesSecrets` | Enable additional secrets redaction for selected Kubernetes resources | `nil` See [Kubernetes secrets](https://docs.instana.io/setup_and_manage/host_agent/on/kubernetes/#secrets) for more details. | +| `cluster.name` | Display name of the monitored cluster | Value of `zone.name` | +| `leaderElector.port` | Instana leader elector sidecar port | `42655` | +| `leaderElector.image.name` | The elector image name to pull | `instana/leader-elector` | +| `leaderElector.image.tag` | The elector image tag to pull | `0.5.4` | +| `podSecurityPolicy.enable` | Whether a PodSecurityPolicy should be authorized for the Instana Agent pods. Requires `rbac.create` to be `true` as well. | `false` See [PodSecurityPolicy](https://docs.instana.io/setup_and_manage/host_agent/on/kubernetes/#podsecuritypolicy) for more details. | +| `podSecurityPolicy.name` | Name of an _existing_ PodSecurityPolicy to authorize for the Instana Agent pods. If not provided and `podSecurityPolicy.enable` is `true`, a PodSecurityPolicy will be created for you. | `nil` | +| `rbac.create` | Whether RBAC resources should be created | `true` | +| `serviceAccount.create` | Whether a ServiceAccount should be created | `true` | +| `serviceAccount.name` | Name of the ServiceAccount to use | `instana-agent` | +| `zone.name` | Zone that detected technologies will be assigned to | `nil` You must provide either `zone.name` or `cluster.name`, see [above](#installing-the-chart) for details | + +#### Development and debugging options + +These options will be rarely used outside of development or debugging of the agent. + +| Parameter | Description | Default | +|------------------------------------|-------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------| +| `agent.host.repository` | Host path to mount as the agent maven repository | `nil` | + +### Agent + +To configure the agent, you can either: + +- edit the [config map](templates/configmap.yaml), or +- provide the configuration via the `agent.configuration_yaml` parameter in [values.yaml](values.yaml) + +This configuration will be used for all Instana Agents on all nodes. Visit the [agent configuration documentation](https://docs.instana.io/setup_and_manage/host_agent/#agent-configuration-file) for more details on configuration options. diff --git a/charts/instana-agent/instana-agent/1.0.2900/app-readme.md b/charts/instana-agent/instana-agent/1.0.2900/app-readme.md new file mode 100644 index 000000000..0e26c8623 --- /dev/null +++ b/charts/instana-agent/instana-agent/1.0.2900/app-readme.md @@ -0,0 +1,5 @@ +# Instana + +Instana is an [APM solution(https://www.instana.com/) built for microservices that enables IT Ops to build applications faster and deliver higher quality services by automating monitoring tracing and root cause analysis. This solution is optimized for [Rancher](https://www.instana.com/rancher/). + +This chart adds the Instana Agent to all schedulable nodes in your cluster via a `DaemonSet`. diff --git a/charts/instana-agent/instana-agent/1.0.2900/questions.yml b/charts/instana-agent/instana-agent/1.0.2900/questions.yml new file mode 100644 index 000000000..bf9d1a46d --- /dev/null +++ b/charts/instana-agent/instana-agent/1.0.2900/questions.yml @@ -0,0 +1,236 @@ +questions: +# Basic agent configuration +- variable: agent.key + label: agent.key + description: "Your Instana Agent key is the secret token which your agent uses to authenticate to Instana's servers" + type: string + required: true + group: "Agent Configuration" +- variable: agent.endpointHost + label: agent.endpointHost + description: "The hostname of the Instana server your agents will connect to. Defaults to ingress-red-saas.instana.io for US and ROW. If in Europe, please use ingress-blue-saas.instana.io" + type: string + required: true + default: "ingress-red-saas.instana.io" + group: "Agent Configuration" +- variable: zone.name + label: zone.name + description: "Custom zone that detected technologies will be assigned to" + type: string + required: true + group: "Agent Configuration" +# Advanced agent configuration +- variable: advancedAgentConfiguration + description: "Show advanced configuration for the Instana Agent" + label: Show advanced configuration + type: boolean + default: false + show_subquestion_if: true + group: "Advanced Agent Configuration" + subquestions: + - variable: agent.configuration_yaml + label: agent.configuration_yaml (Optional) + description: "Custom content for the agent configuration.yaml file in YAML format. Please use the 'Edit as YAML' feature in the Rancher UI for the best editing experience." + type: string + required: false + group: "Advanced Agent Configuration" + - variable: agent.downloadKey + label: agent.downloadKey (Optional) + description: "Your Instana download key" + type: string + required: false + group: "Advanced Agent Configuration" + - variable: agent.endpointPort + label: agent.endpointPort + description: "The Agent backend port number (as a string) of the Instana server your agents will connect to" + type: string + required: true + default: "443" + group: "Advanced Agent Configuration" + - variable: agent.image.name + label: agent.image.name + description: "The name of the Instana Agent container image" + type: string + required: true + default: "instana/agent" + group: "Advanced Agent Configuration" + - variable: agent.image.tag + label: agent.image.tag + description: "The tag name of the Instana Agent container image" + type: string + required: true + default: "latest" + group: "Advanced Agent Configuration" + - variable: agent.image.pullPolicy + label: agent.image.pullPolicy + description: "Specifies when to pull the Instana Agent image container" + type: string + required: true + default: "Always" + group: "Advanced Agent Configuration" + - variable: agent.listenAddress + label: agent.listenAddress (Optional) + description: "The IP address the agent HTTP server will listen to, or '*' for all interfaces" + type: string + required: false + group: "Advanced Agent Configuration" + - variable: agent.mode + label: agent.mode (Optional) + description: "Agent mode. Possible options are: APM, INFRASTRUCTURE or AWS" + type: enum + options: + - "APM" + - "INFRASTRUCTURE" + - "AWS" + required: false + group: "Advanced Agent Configuration" + - variable: agent.pod.annotations + label: agent.pod.annotations (Optional) + description: "Additional annotations to be added to the agent pods in YAML format. Please use the 'Edit as YAML' feature in the Rancher UI for the best editing experience." + type: string + required: false + group: "Advanced Agent Configuration" + - variable: agent.pod.limits.cpu + label: agent.pod.limits.cpu + description: "CPU units allocation limits for the agent pods" + type: string + required: true + default: "1.5" + group: "Advanced Agent Configuration" + - variable: agent.pod.limits.memory + label: agent.pod.limits.memory + description: "Memory allocation limits in MiB for the agent pods" + type: int + required: true + default: 512 + group: "Advanced Agent Configuration" + - variable: agent.pod.proxyHost + label: agent.pod.proxyHost (Optional) + description: "Hostname/address of a proxy. Sets the INSTANA_AGENT_PROXY_HOST environment variable" + type: string + required: false + group: "Advanced Agent Configuration" + - variable: agent.pod.proxyPort + label: agent.pod.proxyPort (Optional) + description: "Port of a proxy. Sets the INSTANA_AGENT_PROXY_PORT environment variable" + type: string + required: false + group: "Advanced Agent Configuration" + - variable: agent.pod.proxyProtocol + label: agent.pod.proxyProtocol (Optional) + description: "Proxy protocol. Sets the INSTANA_AGENT_PROXY_PROTOCOL environment variable. Supported proxy types are http, socks4, socks5" + type: string + required: false + group: "Advanced Agent Configuration" + - variable: agent.pod.proxyUser + label: agent.pod.proxyUser (Optional) + description: "Username of the proxy auth. Sets the INSTANA_AGENT_PROXY_USER environment variable" + type: string + required: false + group: "Advanced Agent Configuration" + - variable: agent.pod.proxyPassword + label: agent.pod.proxyPassword (Optional) + description: "Password of the proxy auth. Sets the INSTANA_AGENT_PROXY_PASSWORD environment variable" + type: string + required: false + group: "Advanced Agent Configuration" + - variable: agent.pod.proxyUseDNS + label: agent.pod.proxyUseDNS. (Optional) + description: "Boolean if proxy also does DNS. Sets the INSTANA_AGENT_PROXY_USE_DNS environment variable" + type: enum + options: + - "true" + - "false" + required: false + group: "Advanced Agent Configuration" + - variable: agent.pod.requests.cpu + label: agent.pod.requests.cpu + description: "Requested CPU units allocation for the agent pods" + type: string + required: true + default: "0.5" + group: "Advanced Agent Configuration" + - variable: agent.pod.requests.memory + label: agent.pod.requests.memory + description: "Requested memory allocation in MiB for the agent pods" + type: int + required: true + default: 512 + group: "Advanced Agent Configuration" + - variable: agent.pod.tolerations + label: agent.pod.tolerations (Optional) + description: "Tolerations to influence agent pod assignment in YAML format. Please use the 'Edit as YAML' feature in the Rancher UI for the best editing experience." + type: string + required: false + group: "Advanced Agent Configuration" + - variable: agent.redactKubernetesSecrets + label: agent.redactKubernetesSecrets (Optional) + description: "Enable additional secrets redaction for selected Kubernetes resources" + type: boolean + required: false + default: false + group: "Advanced Agent Configuration" + - variable: cluster.name + label: cluster.name (Optional) + description: "The name that will be assigned to this cluster in Instana. See the 'Installing the Chart' section in the 'Detailed Descriptions' tab for more details" + type: string + required: false + group: "Advanced Agent Configuration" + - variable: leaderElector.image.name + label: leaderElector.image.name + description: "The name of the leader elector container image" + type: string + required: true + default: "instana/leader-elector" + group: "Advanced Agent Configuration" + - variable: leaderElector.image.tag + label: leaderElector.image.tag + description: "The tag name of the leader elector container image" + type: string + required: true + default: "0.5.4" + group: "Advanced Agent Configuration" + - variable: leaderElector.port + label: leaderElector.port + description: "The port on which the leader elector sidecar is exposed" + type: int + required: true + default: 42655 + group: "Advanced Agent Configuration" +- variable: podSecurityPolicy.enable + label: podSecurityPolicy.enable (Optional) + description: "Specifies whether a PodSecurityPolicy should be authorized for the Instana Agent pods. Requires `rbac.create` to also be `true`" + type: boolean + show_if: "rbac.create=true" + required: false + default: false + group: "Pod Security Policy Configuration" +- variable: podSecurityPolicy.name + label: podSecurityPolicy.name (Optional) + description: "The name of an existing PodSecurityPolicy you would like to authorize for the Instana Agent pods. If not set and `podSecurityPolicy.enable` is `true`, a PodSecurityPolicy will be created with a name generated using the fullname template" + type: string + show_if: "rbac.create=true&&podSecurityPolicy.enable=true" + required: false + group: "Pod Security Policy Configuration" +- variable: rbac.create + label: rbac.create + description: "Specifies whether RBAC resources should be created" + type: boolean + required: true + default: true + group: "RBAC Configuration" +- variable: serviceAccount.create + label: serviceAccount.create + description: "Specifies whether a ServiceAccount should be created" + type: boolean + required: true + default: true + show_subquestion_if: true + group: "RBAC Configuration" + subquestions: + - variable: serviceAccount.name + label: Name of the ServiceAccount (Optional) + description: "The name of the ServiceAccount to use. If not set and `serviceAccount.create` is true, a name is generated using the fullname template." + type: string + required: false + group: "RBAC Configuration" diff --git a/charts/instana-agent/instana-agent/1.0.2900/templates/NOTES.txt b/charts/instana-agent/instana-agent/1.0.2900/templates/NOTES.txt new file mode 100644 index 000000000..8e05968f1 --- /dev/null +++ b/charts/instana-agent/instana-agent/1.0.2900/templates/NOTES.txt @@ -0,0 +1,66 @@ +{{- if (and (not .Values.agent.key) (and (not .Values.zone.name) (not .Values.cluster.name))) }} +############################################################################## +#### ERROR: You did not specify your secret agent key. #### +#### ERROR: You also did not specify a zone or name for this cluster. #### +############################################################################## + +This agent deployment will be incomplete until you set your agent key and zone or name for this cluster: + + helm upgrade {{ .Release.Name }} --reuse-values \ + --set agent.key=$(YOUR_SECRET_AGENT_KEY) \ + --set zone.name=$(YOUR_ZONE_NAME) stable/instana-agent + +Alternatively, you may specify a cluster name and the zone will be detected from availability zone information on the host: + + helm upgrade {{ .Release.Name }} --reuse-values \ + --set agent.key=$(YOUR_SECRET_AGENT_KEY) \ + --set cluster.name=$(YOUR_CLUSTER_NAME) stable/instana-agent + +- YOUR_SECRET_AGENT_KEY can be obtained from the Management Portal section of your Instana installation. +- YOUR_ZONE_NAME should be the zone that detected technologies will be assigned to. +- YOUR_CLUSTER_NAME should be the custom name of your cluster. + +At least one of zone.name or cluster.name is required. This cluster will be reported with the name of the zone unless you specify a cluster name. + +{{- else if (and (not .Values.zone.name) (not .Values.cluster.name)) }} +############################################################################## +#### ERROR: You did not specify a zone or name for this cluster. #### +############################################################################## + +This agent deployment will be incomplete until you set a zone for this cluster: + + helm upgrade {{ .Release.Name }} --reuse-values \ + --set zone.name=$(YOUR_ZONE_NAME) stable/instana-agent + +Alternatively, you may specify a cluster name and the zone will be detected from availability zone information on the host: + + helm upgrade {{ .Release.Name }} --reuse-values \ + --set cluster.name=$(YOUR_CLUSTER_NAME) stable/instana-agent + +- YOUR_ZONE_NAME should be the zone that detected technologies will be assigned to. +- YOUR_CLUSTER_NAME should be the custom name of your cluster. + +At least one of zone.name or cluster.name is required. This cluster will be reported with the name of the zone unless you specify a cluster name. + +{{- else if not .Values.agent.key }} +############################################################################## +#### ERROR: You did not specify your secret agent key. #### +############################################################################## + +This agent deployment will be incomplete until you set your agent key: + + helm upgrade {{ .Release.Name }} --reuse-values \ + --set agent.key=$(YOUR_SECRET_AGENT_KEY) stable/instana-agent + +- YOUR_SECRET_AGENT_KEY can be obtained from the Management Portal section of your Instana installation. + +{{- else -}} +It may take a few moments for the agents to fully deploy. You can see what agents are running by listing resources in the {{ .Release.Namespace }} namespace: + + kubectl get all -n {{ .Release.Namespace }} + +You can get the logs for all of the agents with `kubectl logs`: + + kubectl logs -l app.kubernetes.io/name={{ .Release.Name }} -n {{ .Release.Namespace }} -c instana-agent + +{{- end }} diff --git a/charts/instana-agent/instana-agent/1.0.2900/templates/_helpers.tpl b/charts/instana-agent/instana-agent/1.0.2900/templates/_helpers.tpl new file mode 100644 index 000000000..674e730f2 --- /dev/null +++ b/charts/instana-agent/instana-agent/1.0.2900/templates/_helpers.tpl @@ -0,0 +1,76 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "instana-agent.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "instana-agent.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "instana-agent.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +The name of the ServiceAccount used. +*/}} +{{- define "instana-agent.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "instana-agent.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +The name of the PodSecurityPolicy used. +*/}} +{{- define "instana-agent.podSecurityPolicyName" -}} +{{- if .Values.podSecurityPolicy.enable -}} +{{ default (include "instana-agent.fullname" .) .Values.podSecurityPolicy.name }} +{{- end -}} +{{- end -}} + +{{/* +Add Helm metadata to resource labels. +*/}} +{{- define "instana-agent.commonLabels" -}} +app.kubernetes.io/name: {{ include "instana-agent.name" . }} +{{ if .Values.templating -}} +app.kubernetes.io/version: {{ .Chart.Version }} +{{- else -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +helm.sh/chart: {{ include "instana-agent.chart" . }} +{{- end -}} +{{- end -}} + +{{/* +Add Helm metadata to selector labels specifically for deployments/daemonsets/statefulsets. +*/}} +{{- define "instana-agent.selectorLabels" -}} +app.kubernetes.io/name: {{ include "instana-agent.name" . }} +{{ if not .Values.templating -}} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} +{{- end -}} diff --git a/charts/instana-agent/instana-agent/1.0.2900/templates/agentsecret.yaml b/charts/instana-agent/instana-agent/1.0.2900/templates/agentsecret.yaml new file mode 100644 index 000000000..2e378276c --- /dev/null +++ b/charts/instana-agent/instana-agent/1.0.2900/templates/agentsecret.yaml @@ -0,0 +1,19 @@ +{{- if or .Values.agent.key .Values.agent.downloadKey }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "instana-agent.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "instana-agent.commonLabels" . | nindent 4 }} +type: Opaque +data: +{{- if .Values.templating }} + key: {{ .Values.agent.key }} +{{- else }} + key: {{ .Values.agent.key | b64enc | quote }} +{{- end }} +{{- if .Values.agent.downloadKey }} + downloadKey: {{ .Values.agent.downloadKey | b64enc | quote }} +{{- end }} +{{- end }} diff --git a/charts/instana-agent/instana-agent/1.0.2900/templates/clusterrole.yaml b/charts/instana-agent/instana-agent/1.0.2900/templates/clusterrole.yaml new file mode 100644 index 000000000..91b3ad026 --- /dev/null +++ b/charts/instana-agent/instana-agent/1.0.2900/templates/clusterrole.yaml @@ -0,0 +1,68 @@ +{{- if .Values.rbac.create -}} +kind: ClusterRole +{{- if .Values.agent.supportOpenshift }} +apiVersion: v1 +{{- else }} +apiVersion: rbac.authorization.k8s.io/v1 +{{- end }} +metadata: + name: {{ template "instana-agent.fullname" . }} + labels: + {{- include "instana-agent.commonLabels" . | nindent 4 }} +rules: +- nonResourceURLs: + - "/version" + - "/healthz" + verbs: ["get"] +- apiGroups: ["batch"] + resources: + - "jobs" + - "cronjobs" + verbs: ["get", "list", "watch"] +- apiGroups: ["extensions"] + resources: + - "deployments" + - "replicasets" + - "ingresses" + verbs: ["get", "list", "watch"] +- apiGroups: ["apps"] + resources: + - "deployments" + - "replicasets" + - "daemonsets" + - "statefulsets" + verbs: ["get", "list", "watch"] +- apiGroups: [""] + resources: + - "namespaces" + - "events" + - "services" + - "endpoints" + - "nodes" + - "pods" + - "replicationcontrollers" + - "componentstatuses" + - "resourcequotas" + verbs: ["get", "list", "watch"] +- apiGroups: [""] + resources: + - "endpoints" + verbs: ["create", "update", "patch"] +- apiGroups: ["networking.k8s.io"] + resources: + - "ingresses" + verbs: ["get", "list", "watch"] +{{- if .Values.agent.supportOpenshift }} +- apiGroups: ["apps.openshift.io"] + resources: + - "deploymentconfigs" + verbs: ["get", "list", "watch"] +{{- end -}} +{{- if .Values.podSecurityPolicy.enable}} +- apiGroups: ["policy"] + resources: ["podsecuritypolicies"] + verbs: ["use"] + resourceNames: + - {{ template "instana-agent.podSecurityPolicyName" . }} +{{- end -}} +{{- end -}} diff --git a/charts/instana-agent/instana-agent/1.0.2900/templates/clusterrolebinding.yaml b/charts/instana-agent/instana-agent/1.0.2900/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..4d8ab6adb --- /dev/null +++ b/charts/instana-agent/instana-agent/1.0.2900/templates/clusterrolebinding.yaml @@ -0,0 +1,22 @@ +{{- if .Values.rbac.create -}} +kind: ClusterRoleBinding +{{- if .Values.agent.supportOpenshift }} +apiVersion: v1 +{{- else }} +apiVersion: rbac.authorization.k8s.io/v1 +{{- end }} +metadata: + name: {{ template "instana-agent.fullname" . }} + labels: + {{- include "instana-agent.commonLabels" . | nindent 4 }} +subjects: +- kind: ServiceAccount + name: {{ template "instana-agent.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: {{ template "instana-agent.fullname" . }} + {{- if not .Values.agent.supportOpenshift }} + apiGroup: rbac.authorization.k8s.io + {{- end -}} +{{- end -}} diff --git a/charts/instana-agent/instana-agent/1.0.2900/templates/configmap.yaml b/charts/instana-agent/instana-agent/1.0.2900/templates/configmap.yaml new file mode 100644 index 000000000..11334323d --- /dev/null +++ b/charts/instana-agent/instana-agent/1.0.2900/templates/configmap.yaml @@ -0,0 +1,44 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "instana-agent.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "instana-agent.commonLabels" . | nindent 4 }} +data: + configuration.yaml: | + # Manual a-priori configuration. Configuration will be only used when the sensor + # is actually installed by the agent. + # The commented out example values represent example configuration and are not + # necessarily defaults. Defaults are usually 'absent' or mentioned separately. + # Changes are hot reloaded unless otherwise mentioned. + + # It is possible to create files called 'configuration-abc.yaml' which are + # merged with this file in file system order. So 'configuration-cde.yaml' comes + # after 'configuration-abc.yaml'. Only nested structures are merged, values are + # overwritten by subsequent configurations. + + # Secrets + # To filter sensitive data from collection by the agent, all sensors respect + # the following secrets configuration. If a key collected by a sensor matches + # an entry from the list, the value is redacted. + #com.instana.secrets: + # matcher: 'contains-ignore-case' # 'contains-ignore-case', 'contains', 'regex' + # list: + # - 'key' + # - 'password' + # - 'secret' + + # Host + #com.instana.plugin.host: + # tags: + # - 'dev' + # - 'app1' + + # Hardware & Zone + #com.instana.plugin.generic.hardware: + # enabled: true # disabled by default + # availability-zone: 'zone' + {{- if .Values.agent.configuration_yaml -}} + {{ .Values.agent.configuration_yaml | nindent 4 }} + {{- end }} diff --git a/charts/instana-agent/instana-agent/1.0.2900/templates/daemonset.yaml b/charts/instana-agent/instana-agent/1.0.2900/templates/daemonset.yaml new file mode 100644 index 000000000..7918ec7a1 --- /dev/null +++ b/charts/instana-agent/instana-agent/1.0.2900/templates/daemonset.yaml @@ -0,0 +1,210 @@ +{{- if .Values.agent.key -}} +{{- if or .Values.zone.name .Values.cluster.name -}} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ template "instana-agent.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "instana-agent.commonLabels" . | nindent 4 }} +spec: + selector: + matchLabels: + {{- include "instana-agent.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "instana-agent.commonLabels" . | nindent 8 }} + {{- if .Values.agent.pod.annotations }} + annotations: + {{- toYaml .Values.agent.pod.annotations | nindent 8 }} + {{- end }} + spec: + {{- if .Values.agent.pod.nodeSelector }} + nodeSelector: + {{- range $key, $value := .Values.agent.pod.nodeSelector }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + serviceAccountName: {{ template "instana-agent.serviceAccountName" . }} + hostIPC: true + hostNetwork: true + hostPID: true + containers: + - name: instana-agent + image: "{{ .Values.agent.image.name }}:{{ .Values.agent.image.tag }}" + imagePullPolicy: {{ .Values.agent.image.pullPolicy }} + env: + - name: INSTANA_AGENT_LEADER_ELECTOR_PORT + value: {{ .Values.leaderElector.port | quote }} + - name: INSTANA_ZONE + value: {{ .Values.zone.name | quote }} + {{- if .Values.cluster.name }} + - name: INSTANA_KUBERNETES_CLUSTER_NAME + value: {{ .Values.cluster.name | quote }} + {{- end }} + - name: INSTANA_AGENT_ENDPOINT + value: {{ .Values.agent.endpointHost | quote }} + - name: INSTANA_AGENT_ENDPOINT_PORT + value: {{ .Values.agent.endpointPort | quote }} + - name: INSTANA_AGENT_KEY + valueFrom: + secretKeyRef: + name: {{ template "instana-agent.fullname" . }} + key: key + {{- if .Values.agent.mode }} + - name: INSTANA_AGENT_MODE + value: {{ .Values.agent.mode | quote }} + {{- end }} + {{- if .Values.agent.downloadKey }} + - name: INSTANA_DOWNLOAD_KEY + valueFrom: + secretKeyRef: + name: {{ template "instana-agent.fullname" . }} + key: downloadKey + {{- end }} + {{- if .Values.agent.proxyHost }} + - name: INSTANA_AGENT_PROXY_HOST + value: {{ .Values.agent.proxyHost | quote }} + {{- end }} + {{- if .Values.agent.proxyPort }} + - name: INSTANA_AGENT_PROXY_PORT + value: {{ .Values.agent.proxyPort | quote }} + {{- end }} + {{- if .Values.agent.proxyProtocol }} + - name: INSTANA_AGENT_PROXY_PROTOCOL + value: {{ .Values.agent.proxyProtocol | quote }} + {{- end }} + {{- if .Values.agent.proxyUser }} + - name: INSTANA_AGENT_PROXY_USER + value: {{ .Values.agent.proxyUser | quote }} + {{- end }} + {{- if .Values.agent.proxyPassword }} + - name: INSTANA_AGENT_PROXY_PASSWORD + value: {{ .Values.agent.proxyPassword | quote }} + {{- end }} + {{- if .Values.agent.proxyUseDNS }} + - name: INSTANA_AGENT_PROXY_USE_DNS + value: {{ .Values.agent.proxyUseDNS | quote }} + {{- end }} + {{- if .Values.agent.listenAddress }} + - name: INSTANA_AGENT_HTTP_LISTEN + value: {{ .Values.agent.listenAddress | quote }} + {{- end }} + {{- if .Values.agent.redactKubernetesSecrets }} + - name: INSTANA_KUBERNETES_REDACT_SECRETS + value: {{ .Values.agent.redactKubernetesSecrets | quote }} + {{- end }} + - name: JAVA_OPTS + # Approximately 1/3 of container memory requests to allow for direct-buffer memory usage and JVM overhead + value: "-Xmx{{ div (default 512 .Values.agent.pod.requests.memory) 3 }}M -XX:+ExitOnOutOfMemoryError" + - name: INSTANA_AGENT_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + {{- range $key, $value := .Values.agent.env }} + - name: {{ $key }} + value: {{ $value | quote }} + {{- end }} + securityContext: + privileged: true + volumeMounts: + - name: dev + mountPath: /dev + - name: run + mountPath: /run + - name: var-run + mountPath: /var/run + - name: sys + mountPath: /sys + - name: var-log + mountPath: /var/log + - name: var-lib + mountPath: /var/lib/containers/storage + - name: machine-id + mountPath: /etc/machine-id + - name: configuration + subPath: configuration.yaml + mountPath: /root/configuration.yaml + {{- if .Values.agent.host.repository }} + - name: repo + mountPath: /opt/instana/agent/data/repo + {{- end }} + livenessProbe: + httpGet: + path: /status + port: 42699 + initialDelaySeconds: 300 + timeoutSeconds: 3 + resources: + requests: + memory: "{{ default 512 .Values.agent.pod.requests.memory }}Mi" + cpu: {{ default 0.5 .Values.agent.pod.requests.cpu }} + limits: + memory: "{{ default 512 .Values.agent.pod.limits.memory }}Mi" + cpu: {{ default 1.5 .Values.agent.pod.limits.cpu }} + ports: + - containerPort: 42699 + - name: instana-agent-leader-elector + image: "{{ .Values.leaderElector.image.name }}:{{ .Values.leaderElector.image.tag }}" + env: + - name: INSTANA_AGENT_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + command: + - "/busybox/sh" + - "-c" + - "sleep 12 && /app/server --election=instana --http=localhost:{{ .Values.leaderElector.port }} --id=$(INSTANA_AGENT_POD_NAME)" + resources: + requests: + cpu: 0.1 + memory: 64Mi + livenessProbe: + httpGet: # Leader elector liveness is tied to agent, published on localhost:42699 + path: /com.instana.agent.coordination.sidecar/health + port: 42699 + initialDelaySeconds: 300 + timeoutSeconds: 3 + ports: + - containerPort: {{ .Values.leaderElector.port }} + {{- if .Values.agent.pod.tolerations }} + tolerations: + {{- toYaml .Values.agent.pod.tolerations | nindent 8 }} + {{- end }} + volumes: + - name: dev + hostPath: + path: /dev + - name: run + hostPath: + path: /run + - name: var-run + hostPath: + path: /var/run + - name: sys + hostPath: + path: /sys + - name: var-log + hostPath: + path: /var/log + - name: var-lib + hostPath: + path: /var/lib/containers/storage + - name: machine-id + hostPath: + path: /etc/machine-id + - name: configuration + configMap: + name: {{ template "instana-agent.fullname" . }} + {{- if .Values.agent.host.repository }} + - name: repo + hostPath: + path: {{ .Values.agent.host.repository }} + {{- end }} +{{- end -}} +{{- end -}} diff --git a/charts/instana-agent/instana-agent/1.0.2900/templates/namespace.yaml b/charts/instana-agent/instana-agent/1.0.2900/templates/namespace.yaml new file mode 100644 index 000000000..98f3d61b3 --- /dev/null +++ b/charts/instana-agent/instana-agent/1.0.2900/templates/namespace.yaml @@ -0,0 +1,8 @@ +{{- if .Values.templating }} +apiVersion: v1 +kind: Namespace +metadata: + name: {{ .Release.Namespace }} + labels: + {{- include "instana-agent.commonLabels" . | nindent 4 }} +{{- end }} diff --git a/charts/instana-agent/instana-agent/1.0.2900/templates/podsecuritypolicy.yaml b/charts/instana-agent/instana-agent/1.0.2900/templates/podsecuritypolicy.yaml new file mode 100644 index 000000000..6ade65a5f --- /dev/null +++ b/charts/instana-agent/instana-agent/1.0.2900/templates/podsecuritypolicy.yaml @@ -0,0 +1,55 @@ +{{- if .Values.rbac.create -}} +{{- if (and .Values.podSecurityPolicy.enable (not .Values.podSecurityPolicy.name)) -}} +kind: PodSecurityPolicy +apiVersion: policy/v1beta1 +metadata: + name: {{ template "instana-agent.podSecurityPolicyName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "instana-agent.commonLabels" . | nindent 4 }} +spec: + privileged: true + allowPrivilegeEscalation: true + volumes: + - configMap + - downwardAPI + - emptyDir + - persistentVolumeClaim + - secret + - projected + - hostPath + allowedHostPaths: + - pathPrefix: "/dev" + readOnly: false + - pathPrefix: "/run" + readOnly: false + - pathPrefix: "/var/run" + readOnly: false + - pathPrefix: "/sys" + readOnly: false + - pathPrefix: "/var/log" + readOnly: false + - pathPrefix: "/etc/machine-id" + readOnly: false + - pathPrefix: "/var/lib/containers/storage" + readOnly: false + {{- if .Values.agent.host.repository }} + - pathPrefix: {{ .Values.agent.host.repository }} + readOnly: false + {{- end }} + hostNetwork: true + hostPorts: + - min: 0 + max: 65535 + hostIPC: true + hostPID: true + runAsUser: + rule: "RunAsAny" + seLinux: + rule: "RunAsAny" + supplementalGroups: + rule: "RunAsAny" + fsGroup: + rule: "RunAsAny" +{{- end -}} +{{- end -}} diff --git a/charts/instana-agent/instana-agent/1.0.2900/templates/serviceaccount.yaml b/charts/instana-agent/instana-agent/1.0.2900/templates/serviceaccount.yaml new file mode 100644 index 000000000..0a0b52f8a --- /dev/null +++ b/charts/instana-agent/instana-agent/1.0.2900/templates/serviceaccount.yaml @@ -0,0 +1,9 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "instana-agent.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "instana-agent.commonLabels" . | nindent 4 }} +{{- end -}} diff --git a/charts/instana-agent/instana-agent/1.0.2900/values.yaml b/charts/instana-agent/instana-agent/1.0.2900/values.yaml new file mode 100644 index 000000000..3b23ad868 --- /dev/null +++ b/charts/instana-agent/instana-agent/1.0.2900/values.yaml @@ -0,0 +1,111 @@ +# name is the value which will be used as the base resource name for various resources associated with the agent. +# name: instana-agent + +agent: + # agent.key is the secret token which your agent uses to authenticate to Instana's servers. + key: null + # agent.mode is used to set agent mode and it can be APM, INFRASTRUCTURE or AWS + # mode: APM + # agent.downloadKey is optional, if used it doesn't have to match agent.key + # downloadKey: null + # agent.listenAddress is the IP address the agent HTTP server will listen to. + # listenAddress: * + + # agent.endpointHost is the hostname of the Instana server your agents will connect to. + endpointHost: ingress-red-saas.instana.io + # agent.endpointPort is the port number (as a String) of the Instana server your agents will connect to. + endpointPort: 443 + + image: + # agent.image.name is the name of the container image of the Instana agent. + name: instana/agent + # agent.image.tag is the tag name of the agent container image. + tag: latest + # agent.image.pullPolicy specifies when to pull the image container. + pullPolicy: Always + + pod: + # agent.pod.annotations are additional annotations to be added to the agent pods. + annotations: {} + + # agent.pod.tolerations are tolerations to influence agent pod assignment. + # https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + tolerations: [] + + requests: + # agent.pod.requests.memory is the requested memory allocation in MiB for the agent pods. + memory: 512 + # agent.pod.requests.cpu are the requested CPU units allocation for the agent pods. + cpu: 0.5 + limits: + # agent.pod.limits.memory set the memory allocation limits in MiB for the agent pods. + memory: 512 + # agent.pod.limits.cpu sets the CPU units allocation limits for the agent pods. + cpu: 1.5 + + # agent.proxyHost sets the INSTANA_AGENT_PROXY_HOST environment variable. + # proxyHost: null + # agent.proxyPort sets the INSTANA_AGENT_PROXY_PORT environment variable. + # proxyPort: null + # agent.proxyProtocol sets the INSTANA_AGENT_PROXY_PROTOCOL environment variable. + # proxyProtocol: null + # agent.proxyUser sets the INSTANA_AGENT_PROXY_USER environment variable. + # proxyUser: null + # agent.proxyPassword sets the INSTANA_AGENT_PROXY_PASSWORD environment variable. + # proxyPassword: null + # agent.proxyUseDNS sets the INSTANA_AGENT_PROXY_USE_DNS environment variable. + # proxyUseDNS: null + + # use this to set additional environment variables for the instana agent + # for example: + # env: + # INSTANA_AGENT_TAGS: dev + env: {} + + configuration_yaml: | + # Place agent configuration here + + # agent.redactKubernetesSecrets sets the INSTANA_KUBERNETES_REDACT_SECRETS environment variable. + # redactKubernetesSecrets: null + + # agent.host.repository sets a host path to be mounted as the agent maven repository (for debugging or development purposes) + host: + repository: null + + # agent.supportOpenshift specifies whether the cluster role should include openshift permissions + # supportOpenshift: true + +cluster: + # cluster.name represents the name that will be assigned to this cluster in Instana + name: null + +leaderElector: + image: + # leaderElector.image.name is the name of the container image of the leader elector. + name: instana/leader-elector + # leaderElector.image.tag is the tag name of the agent container image. + tag: 0.5.4 + port: 42655 + +rbac: + # Specifies whether RBAC resources should be created + create: true + +serviceAccount: + # Specifies whether a ServiceAccount should be created + create: true + # The name of the ServiceAccount to use. + # If not set and `create` is true, a name is generated using the fullname template + # name: instana-agent + +podSecurityPolicy: + # Specifies whether a PodSecurityPolicy should be authorized for the Instana Agent pods. + # Requires `rbac.create` to be `true` as well. + enable: false + # The name of an existing PodSecurityPolicy you would like to authorize for the Instana Agent pods. + # If not set and `enable` is true, a PodSecurityPolicy will be created with a name generated using the fullname template. + name: null + +zone: + # zone.name is the custom zone that detected technologies will be assigned to + name: null diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/.helmignore b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/.helmignore new file mode 100644 index 000000000..be86b789d --- /dev/null +++ b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +# Helm files +OWNERS diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/Chart.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/Chart.yaml new file mode 100644 index 000000000..21103e362 --- /dev/null +++ b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/Chart.yaml @@ -0,0 +1,17 @@ +annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: TrilioVault for Kubernetes Operator + catalog.cattle.io/release-name: k8s-triliovault-operator +apiVersion: v1 +appVersion: v2.0.5 +description: K8s-TrilioVault-Operator is an operator designed to manage the K8s-TrilioVault + Application Lifecycle. +home: https://github.com/trilioData/k8s-triliovault-operator +icon: https://www.trilio.io/wp-content/uploads/2021/01/Trilio-2020-logo-RGB-gray-green.png +maintainers: +- email: prafull.ladha@trilio.io + name: prafull11 +name: k8s-triliovault-operator +sources: +- https://github.com/trilioData/k8s-triliovault-operator +version: 2.0.500 diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/LICENSE b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/LICENSE new file mode 100644 index 000000000..76b559d3b --- /dev/null +++ b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/LICENSE @@ -0,0 +1 @@ +# Placeholder for the License if we decide to provide one diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/README.md b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/README.md new file mode 100644 index 000000000..600ce8dfd --- /dev/null +++ b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/README.md @@ -0,0 +1,41 @@ +# K8s-TrilioVault-Operator +This operator is to manage the lifecycle of TrilioVault Backup/Recovery solution. This operator install, updates and manage the TrilioVault application. + +## Introduction + +## Prerequisites + +- Kubernetes 1.13+ +- Alpha feature gates should be enabled +- PV provisioner support +- CSI driver should be installed + +## Installation + +To install the chart with the operator name `trilio`: + +```bash +# For helm version 2 +helm install --name trilio k8s-triliovault-operator + +# For helm version 3 +helm install --name-template trilio k8s-triliovault-operator +``` + +The command deploys the K8s-triliovault-operator with the default configuration. + +## Uninstall + +To uninstall/delete the chart `trilio` : + +```bash +# For helm version 2 +helm delete trilio --purge + +# For helm version 3 +helm uninstall trilio +``` + +## Configuration + +TODO: Add possible configuration in helm chart. diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/app-readme.md b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/app-readme.md new file mode 100644 index 000000000..65a2b3495 --- /dev/null +++ b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/app-readme.md @@ -0,0 +1,37 @@ +# TrilioVault for Kubernetes + +[K8s-TrilioVault-Operator](https://trilio.io) is an operator designed to manage +the K8s-TrilioVault Application Lifecycle. + +This operator is to manage the lifecycle of TrilioVault Backup/Recovery solution. This operator install, updates and manage the TrilioVault application. + +Introduction: + +Prerequisites: + +Kubernetes 1.17+ +Alpha feature gates should be enabled +PV provisioner support +CSI driver should be installed + +Installation: + +To install the chart with the operator name trilio: + +helm install k8s-triliovault-operator triliovault-operator/k8s-triliovault-operator + +# For helm version 3 + +helm install triliovault-operator triliovault-operator/k8s-triliovault-operator + +The command deploys the Triliovault for Kubernetes Operator with the default configuration. + +Uninstall: + +To uninstall/delete the chart trilio : + +# For helm version 3 +helm uninstall k8s-triliovault-operator + +For more information around TVM manager installation, please follow below link: +https://docs.trilio.io/kubernetes/use-triliovault/installing-triliovault diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/NOTES.txt b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/NOTES.txt new file mode 100644 index 000000000..19cd282d3 --- /dev/null +++ b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/NOTES.txt @@ -0,0 +1,3 @@ +To verify that TrilioVault Operator has started, run: + + kubectl --namespace={{ .Release.Namespace }} get deployments -l "release={{ .Release.Name }}" \ No newline at end of file diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/_helpers.tpl b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/_helpers.tpl new file mode 100644 index 000000000..7cea76a18 --- /dev/null +++ b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/_helpers.tpl @@ -0,0 +1,33 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "k8s-triliovault-operator.name" -}} +{{- default .Release.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "k8s-triliovault-operator.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper TrilioVault Operator image name +*/}} +{{- define "k8s-triliovault-operator.image" -}} +{{- $registryName := .Values.image.registry -}} +{{- $repositoryName := .Values.image.repository -}} +{{- $tag := .Values.image.tag | toString -}} +{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} +{{- end -}} diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/clusterrole.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/clusterrole.yaml new file mode 100644 index 000000000..47e151e09 --- /dev/null +++ b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/clusterrole.yaml @@ -0,0 +1,53 @@ + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{template "k8s-triliovault-operator.name" .}}-{{.Release.Namespace}}-manager-role +rules: +- apiGroups: + - triliovault.trilio.io + resources: + - triliovaulthpas + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - triliovault.trilio.io + resources: + - triliovaulthpas/status + verbs: + - get + - patch + - update +- apiGroups: + - triliovault.trilio.io + resources: + - triliovaultmanagers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - triliovault.trilio.io + resources: + - triliovaultmanagers/status + verbs: + - get + - patch + - update +- apiGroups: + - "*" + resources: + - "*" + verbs: + - "*" diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/clusterrole_binding.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/clusterrole_binding.yaml new file mode 100644 index 000000000..6b69f7acf --- /dev/null +++ b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/clusterrole_binding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "k8s-triliovault-operator.name" . }}-{{ .Release.Namespace }}-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "k8s-triliovault-operator.name" . }}-{{ .Release.Namespace }}-manager-role +subjects: +- kind: ServiceAccount + name: default + namespace: {{ .Release.Namespace }} diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/deployment.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/deployment.yaml new file mode 100644 index 000000000..c0a850409 --- /dev/null +++ b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/deployment.yaml @@ -0,0 +1,101 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "k8s-triliovault-operator.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: k8s-triliovault-operator + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + selector: + matchLabels: + app: {{ template "k8s-triliovault-operator.fullname" . }} + release: "{{ .Release.Name }}" + replicas: {{ .Values.replicaCount }} + template: + metadata: + labels: + app: {{ template "k8s-triliovault-operator.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + spec: + containers: + - name: k8s-triliovault-operator + image: {{ .Values.registry }}/{{ index .Values "k8s-triliovault-operator" "repository" }}:{{ .Values.tag }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + env: + - name: TVK_ENV + value: {{ .Values.tvkEnv }} + - name: REGISTRY + value: {{ .Values.registry }} + - name: ADMISSION_MUTATION_CONFIG + value: {{ template "k8s-triliovault-operator.name" . }}-mutating-webhook-configuration + - name: ADMISSION_VALIDATION_CONFIG + value: {{ template "k8s-triliovault-operator.name" . }}-validating-webhook-configuration + - name: NAMESPACE_VALIDATION_CONFIG + value: {{ template "k8s-triliovault-operator.name" . }}-ns-validating-webhook-configuration + volumeMounts: + {{- if .Values.tls.enable }} + - name: helm-tls-certs + mountPath: /root/.helm + readOnly: true + {{- if .Values.tls.verify }} + - name: helm-tls-ca + mountPath: /root/.helm/ca.crt + readOnly: true + {{- end }} + {{- end }} + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: webhook-certs + readOnly: true + resources: + limits: + cpu: 200m + memory: 512Mi + requests: + cpu: 10m + memory: 10Mi + initContainers: + - name: webhook-init + image: {{ .Values.registry }}/{{ index .Values "operator-webhook-init" "repository" }}:{{ .Values.tag }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + env: + - name: ADMISSION_MUTATION_CONFIG + value: {{ template "k8s-triliovault-operator.name" . }}-mutating-webhook-configuration + - name: ADMISSION_VALIDATION_CONFIG + value: {{ template "k8s-triliovault-operator.name" . }}-validating-webhook-configuration + - name: NAMESPACE_VALIDATION_CONFIG + value: {{ template "k8s-triliovault-operator.name" . }}-ns-validating-webhook-configuration + - name: WEBHOOK_SERVICE + value: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-service + - name: WEBHOOK_NAMESPACE + value: {{ .Release.Namespace }} + - name: SECRET_NAME + value: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-certs + {{- if .Values.nodeSelector }} + nodeSelector: {{- .Values.nodeSelector | toYaml | nindent 8 }} + {{- end }} + {{- if .Values.affinity }} + affinity: + {{- toYaml .Values.affinity | nindent 8 }} + {{- end }} + volumes: + {{- if .Values.tls.enable }} + - name: helm-tls-certs + secret: + secretName: {{ .Values.tls.secretName }} + defaultMode: 0400 + {{- if .Values.tls.verify }} + - name: helm-tls-ca + configMap: + name: {{ template "helm-operator.fullname" . }}-helm-tls-ca-config + defaultMode: 0600 + {{- end }} + {{- end }} + - name: webhook-certs + secret: + defaultMode: 420 + secretName: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-certs diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/mutating-webhook.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/mutating-webhook.yaml new file mode 100644 index 000000000..6a17a0e1e --- /dev/null +++ b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/mutating-webhook.yaml @@ -0,0 +1,24 @@ +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: MutatingWebhookConfiguration +metadata: + name: {{ template "k8s-triliovault-operator.name" . }}-mutating-webhook-configuration +webhooks: +- clientConfig: + caBundle: Cg== + service: + name: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-service + namespace: {{ .Release.Namespace }} + path: /mutate-triliovault-trilio-io-v1-triliovaultmanager + failurePolicy: Fail + name: v1-tvm-mutation.trilio.io + rules: + - apiGroups: + - triliovault.trilio.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - triliovaultmanagers + sideEffects: None diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/ns-validating-webhook.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/ns-validating-webhook.yaml new file mode 100644 index 000000000..a51d3f375 --- /dev/null +++ b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/ns-validating-webhook.yaml @@ -0,0 +1,30 @@ +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: ValidatingWebhookConfiguration +metadata: + name: {{ template "k8s-triliovault-operator.name" . }}-ns-validating-webhook-configuration +webhooks: +- clientConfig: + caBundle: Cg== + service: + name: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-service + namespace: {{ .Release.Namespace }} + path: /validate-core-v1-namespace + failurePolicy: Fail + name: v1-tvm-ns-validation.trilio.io + namespaceSelector: + matchExpressions: + - key: trilio-operator-label + operator: In + values: + - {{ .Release.Namespace }} + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - DELETE + resources: + - namespaces + scope: '*' + sideEffects: None diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/secret.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/secret.yaml new file mode 100644 index 000000000..ea1faf3e1 --- /dev/null +++ b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/secret.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-certs + namespace: {{ .Release.Namespace }} +type: Opaque diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/triliovault.trilio.io_triliovaultmanagers.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/triliovault.trilio.io_triliovaultmanagers.yaml new file mode 100644 index 000000000..c1e40f2e7 --- /dev/null +++ b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/triliovault.trilio.io_triliovaultmanagers.yaml @@ -0,0 +1,826 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + name: triliovaultmanagers.triliovault.trilio.io +spec: + additionalPrinterColumns: + - JSONPath: .spec.trilioVaultAppVersion + name: TrilioVault-Version + type: string + - JSONPath: .spec.applicationScope + name: Scope + type: string + - JSONPath: .status.conditions.type + name: Status + type: string + - JSONPath: .spec.restoreNamespaces + name: Restore-Namespaces + type: string + group: triliovault.trilio.io + names: + kind: TrilioVaultManager + listKind: TrilioVaultManagerList + plural: triliovaultmanagers + shortNames: + - tvm + singular: triliovaultmanager + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: TrilioVaultManager is the Schema for the triliovaultmanagers API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: TrilioVaultManagerSpec defines the desired state of TrilioVaultManager + properties: + affinity: + description: The scheduling constraints on application pods. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of the + expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets + all of the scheduling requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the sum + if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches all + objects with implicit weight 0 (i.e. it's a no-op). A null + preferred scheduling term matches no objects (i.e. is also + a no-op). + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to an update), the system may or may not try to + eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The + terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. The + TopologySelectorTerm type implements a subset of the + NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of the + expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets + all of the scheduling requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the sum + if the node has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may or may not + try to eventually evict the pod from its node. When there + are multiple elements, the lists of nodes corresponding to + each podAffinityTerm are intersected, i.e. all terms must + be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) that + this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a set of resources, in + this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any + node on which any of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some other + pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the anti-affinity expressions specified by this + field, but it may choose a node that violates one or more + of the expressions. The node that is most preferred is the + one with the greatest sum of weights, i.e. for each node that + meets all of the scheduling requirements (resource request, + requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field + and adding "weight" to the sum if the node has pods which + matches the corresponding podAffinityTerm; the node(s) with + the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by + this field are not met at scheduling time, the pod will not + be scheduled onto the node. If the anti-affinity requirements + specified by this field cease to be met at some point during + pod execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all terms must + be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) that + this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a set of resources, in + this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any + node on which any of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + applicationScope: + description: Scope for the application which will be installed in the + cluster NamespaceScope or ClusterScope + enum: + - Cluster + - Namespaced + type: string + dataJobLimits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: DataJobLimits are the resource limits for all the data + processing jobs. + type: object + deploymentLimits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: DeploymentLimits are the resource limits for all the deployments. + type: object + helmValues: + description: HelmValues holds all the additional fields in the values.yaml + of TVK helm chart. + type: object + helmVersion: + description: 'Deprecated: Helm Version' + properties: + tillerNamespace: + type: string + version: + enum: + - v3 + type: string + required: + - version + type: object + metadataJobLimits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: MetadataJobLimits are the resource limits for all the meta + processing jobs. + type: object + nodeSelector: + additionalProperties: + type: string + description: NodeSelector specifies a map of key-value pairs. For the + pod to be eligible to run on a node, the node must have each of the + indicated key-value pairs as labels. + type: object + resources: + description: 'Deprecated: Resources are the resource requirements for + the containers.' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources + required. If Requests is omitted for a container, it defaults + to Limits if that is explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + restoreNamespaces: + description: 'Deprecated: RestoreNamespaces are the namespace where + you want to restore your applications. Restore Namespaces depends + on your k8s RBAC' + items: + type: string + type: array + tolerations: + description: The toleration of application against the specific taints + on the nodes + items: + description: The pod this Toleration is attached to tolerates any + taint that matches the triple using the matching + operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, operator + must be Exists; this combination means to match all values and + all keys. + type: string + operator: + description: Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. Exists + is equivalent to wildcard for value, so that a pod can tolerate + all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time the + toleration (which must be of effect NoExecute, otherwise this + field is ignored) tolerates the taint. By default, it is not + set, which means tolerate the taint forever (do not evict). + Zero and negative values will be treated as 0 (evict immediately) + by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise + just a regular string. + type: string + type: object + type: array + trilioVaultAppVersion: + description: Helm Chart version + type: string + required: + - applicationScope + type: object + status: + description: TrilioVaultManagerStatus defines the observed state of TrilioVaultManager + properties: + conditions: + properties: + lastTransitionTime: + format: date-time + nullable: true + type: string + message: + minLength: 0 + type: string + reason: + enum: + - InstallSuccessful + - UpdateSuccessful + - UninstallSuccessful + - InstallError + - UpdateError + - ReconcileError + - UninstallError + type: string + status: + enum: + - "True" + - "False" + - Unknown + type: string + type: + enum: + - Initialized + - Deployed + - Updated + - ReleaseFailed + - Irreconcilable + type: string + type: object + deployedRelease: + properties: + manifest: + type: string + name: + type: string + type: object + releaseVersion: + type: string + required: + - conditions + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/validating-webhook.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/validating-webhook.yaml new file mode 100644 index 000000000..fe001ffe9 --- /dev/null +++ b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/validating-webhook.yaml @@ -0,0 +1,24 @@ +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: ValidatingWebhookConfiguration +metadata: + name: {{ template "k8s-triliovault-operator.name" . }}-validating-webhook-configuration +webhooks: +- clientConfig: + caBundle: Cg== + service: + name: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-service + namespace: {{ .Release.Namespace }} + path: /validate-triliovault-trilio-io-v1-triliovaultmanager + failurePolicy: Fail + name: v1-tvm-validation.trilio.io + rules: + - apiGroups: + - triliovault.trilio.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - triliovaultmanagers + sideEffects: None diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/webhook-service.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/webhook-service.yaml new file mode 100644 index 000000000..68f7a53c6 --- /dev/null +++ b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/templates/webhook-service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-service + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "k8s-triliovault-operator.fullname" . }} + release: "{{ .Release.Name }}" +spec: + ports: + - port: 443 + targetPort: 9443 + selector: + app: {{ template "k8s-triliovault-operator.fullname" . }} + release: "{{ .Release.Name }}" \ No newline at end of file diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/values.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/values.yaml new file mode 100644 index 000000000..c95368c61 --- /dev/null +++ b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.0.500/values.yaml @@ -0,0 +1,33 @@ +## TrilioVault Operator +registry: "eu.gcr.io/amazing-chalice-243510" + +operator-webhook-init: + repository: operator-webhook-init + +k8s-triliovault-operator: + repository: k8s-triliovault-operator + +tag: "v2.0.5" + +affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/arch + operator: In + values: + - amd64 + +image: + pullPolicy: Always +tls: + secretName: "helm-client-certs" + verify: false + enable: false + keyFile: "tls.key" + certFile: "tls.crt" + caContent: "" + hostname: "" + +nameOverride: "" diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/.helmignore b/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/.helmignore new file mode 100644 index 000000000..be86b789d --- /dev/null +++ b/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +# Helm files +OWNERS diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/Chart.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/Chart.yaml new file mode 100644 index 000000000..1fdd56a76 --- /dev/null +++ b/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/Chart.yaml @@ -0,0 +1,15 @@ +annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/release-name: k8s-triliovault-operator +apiVersion: v1 +appVersion: v2.0.2 +description: K8s-TrilioVault-Operator is an operator designed to manage the K8s-TrilioVault Application Lifecycle. +home: https://github.com/trilioData/k8s-triliovault-operator +icon: https://www.trilio.io/wp-content/uploads/2021/01/Trilio-2020-logo-RGB-gray-green.png +maintainers: +- email: prafull.ladha@trilio.io + name: prafull11 +name: k8s-triliovault-operator +sources: +- https://github.com/trilioData/k8s-triliovault-operator +version: v2.0.200 diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/LICENSE b/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/LICENSE new file mode 100644 index 000000000..76b559d3b --- /dev/null +++ b/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/LICENSE @@ -0,0 +1 @@ +# Placeholder for the License if we decide to provide one diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/README.md b/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/README.md new file mode 100644 index 000000000..600ce8dfd --- /dev/null +++ b/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/README.md @@ -0,0 +1,41 @@ +# K8s-TrilioVault-Operator +This operator is to manage the lifecycle of TrilioVault Backup/Recovery solution. This operator install, updates and manage the TrilioVault application. + +## Introduction + +## Prerequisites + +- Kubernetes 1.13+ +- Alpha feature gates should be enabled +- PV provisioner support +- CSI driver should be installed + +## Installation + +To install the chart with the operator name `trilio`: + +```bash +# For helm version 2 +helm install --name trilio k8s-triliovault-operator + +# For helm version 3 +helm install --name-template trilio k8s-triliovault-operator +``` + +The command deploys the K8s-triliovault-operator with the default configuration. + +## Uninstall + +To uninstall/delete the chart `trilio` : + +```bash +# For helm version 2 +helm delete trilio --purge + +# For helm version 3 +helm uninstall trilio +``` + +## Configuration + +TODO: Add possible configuration in helm chart. diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/app-readme.md b/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/app-readme.md new file mode 100644 index 000000000..2836184dd --- /dev/null +++ b/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/app-readme.md @@ -0,0 +1,4 @@ +# TrilioVault for Kubernetes + +[K8s-TrilioVault-Operator](https://trilio.io) is an operator designed to manage the K8s-TrilioVault Application +Lifecycle. diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/NOTES.txt b/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/NOTES.txt new file mode 100644 index 000000000..19cd282d3 --- /dev/null +++ b/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/NOTES.txt @@ -0,0 +1,3 @@ +To verify that TrilioVault Operator has started, run: + + kubectl --namespace={{ .Release.Namespace }} get deployments -l "release={{ .Release.Name }}" \ No newline at end of file diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/_helpers.tpl b/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/_helpers.tpl new file mode 100644 index 000000000..7cea76a18 --- /dev/null +++ b/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/_helpers.tpl @@ -0,0 +1,33 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "k8s-triliovault-operator.name" -}} +{{- default .Release.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "k8s-triliovault-operator.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper TrilioVault Operator image name +*/}} +{{- define "k8s-triliovault-operator.image" -}} +{{- $registryName := .Values.image.registry -}} +{{- $repositoryName := .Values.image.repository -}} +{{- $tag := .Values.image.tag | toString -}} +{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} +{{- end -}} diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/clusterrole.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/clusterrole.yaml new file mode 100644 index 000000000..47e151e09 --- /dev/null +++ b/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/clusterrole.yaml @@ -0,0 +1,53 @@ + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{template "k8s-triliovault-operator.name" .}}-{{.Release.Namespace}}-manager-role +rules: +- apiGroups: + - triliovault.trilio.io + resources: + - triliovaulthpas + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - triliovault.trilio.io + resources: + - triliovaulthpas/status + verbs: + - get + - patch + - update +- apiGroups: + - triliovault.trilio.io + resources: + - triliovaultmanagers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - triliovault.trilio.io + resources: + - triliovaultmanagers/status + verbs: + - get + - patch + - update +- apiGroups: + - "*" + resources: + - "*" + verbs: + - "*" diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/clusterrole_binding.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/clusterrole_binding.yaml new file mode 100644 index 000000000..6b69f7acf --- /dev/null +++ b/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/clusterrole_binding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "k8s-triliovault-operator.name" . }}-{{ .Release.Namespace }}-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "k8s-triliovault-operator.name" . }}-{{ .Release.Namespace }}-manager-role +subjects: +- kind: ServiceAccount + name: default + namespace: {{ .Release.Namespace }} diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/deployment.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/deployment.yaml new file mode 100644 index 000000000..a57ad1025 --- /dev/null +++ b/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/deployment.yaml @@ -0,0 +1,84 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "k8s-triliovault-operator.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: k8s-triliovault-operator + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + selector: + matchLabels: + app: {{ template "k8s-triliovault-operator.fullname" . }} + release: "{{ .Release.Name }}" + replicas: {{ .Values.replicaCount }} + template: + metadata: + labels: + app: {{ template "k8s-triliovault-operator.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + spec: + containers: + - name: k8s-triliovault-operator + image: {{ .Values.registry }}/{{ index .Values "k8s-triliovault-operator" "repository" }}:{{ .Values.tag }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + env: + - name: TVK_ENV + value: {{ .Values.tvkEnv }} + volumeMounts: + {{- if .Values.tls.enable }} + - name: helm-tls-certs + mountPath: /root/.helm + readOnly: true + {{- if .Values.tls.verify }} + - name: helm-tls-ca + mountPath: /root/.helm/ca.crt + readOnly: true + {{- end }} + {{- end }} + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: webhook-certs + readOnly: true + resources: + limits: + cpu: 200m + memory: 512Mi + requests: + cpu: 10m + memory: 10Mi + initContainers: + - name: webhook-init + image: {{ .Values.registry }}/{{ index .Values "operator-webhook-init" "repository" }}:{{ .Values.tag }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + env: + - name: MUTATE_CONFIG + value: {{ template "k8s-triliovault-operator.name" . }}-mutating-webhook-configuration + - name: VALIDATE_CONFIG + value: {{ template "k8s-triliovault-operator.name" . }}-validating-webhook-configuration + - name: WEBHOOK_SERVICE + value: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-service + - name: WEBHOOK_NAMESPACE + value: {{ .Release.Namespace }} + - name: SECRET_NAME + value: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-certs + volumes: + {{- if .Values.tls.enable }} + - name: helm-tls-certs + secret: + secretName: {{ .Values.tls.secretName }} + defaultMode: 0400 + {{- if .Values.tls.verify }} + - name: helm-tls-ca + configMap: + name: {{ template "helm-operator.fullname" . }}-helm-tls-ca-config + defaultMode: 0600 + {{- end }} + {{- end }} + - name: webhook-certs + secret: + defaultMode: 420 + secretName: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-certs diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/mutating-webhook.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/mutating-webhook.yaml new file mode 100644 index 000000000..466916239 --- /dev/null +++ b/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/mutating-webhook.yaml @@ -0,0 +1,41 @@ +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: MutatingWebhookConfiguration +metadata: + name: {{ template "k8s-triliovault-operator.name" . }}-mutating-webhook-configuration +webhooks: +- clientConfig: + caBundle: Cg== + service: + name: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-service + namespace: {{ .Release.Namespace }} + path: /mutate-triliovault-trilio-io-v1-triliovaultmanager + failurePolicy: Fail + name: v1-tvm-mutation.trilio.io + rules: + - apiGroups: + - triliovault.trilio.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - triliovaultmanagers +- clientConfig: + caBundle: Cg== + service: + name: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-service + namespace: {{ .Release.Namespace }} + path: /mutate-triliovault-trilio-io-v1alpha1-triliovaultmanager + failurePolicy: Fail + name: v1alpha1-tvm-mutation.trilio.io + rules: + - apiGroups: + - triliovault.trilio.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - triliovaultmanagers diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/secret.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/secret.yaml new file mode 100644 index 000000000..ea1faf3e1 --- /dev/null +++ b/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/secret.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-certs + namespace: {{ .Release.Namespace }} +type: Opaque diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/triliovault.trilio.io_triliovaultmanagers.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/triliovault.trilio.io_triliovaultmanagers.yaml new file mode 100644 index 000000000..6e9ae260e --- /dev/null +++ b/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/triliovault.trilio.io_triliovaultmanagers.yaml @@ -0,0 +1,1605 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + name: triliovaultmanagers.triliovault.trilio.io +spec: + additionalPrinterColumns: + - JSONPath: .spec.trilioVaultAppVersion + name: TrilioVault-Version + type: string + - JSONPath: .spec.applicationScope + name: Scope + type: string + - JSONPath: .status.conditions.type + name: Status + type: string + - JSONPath: .spec.restoreNamespaces + name: Restore-Namespaces + type: string + group: triliovault.trilio.io + names: + kind: TrilioVaultManager + listKind: TrilioVaultManagerList + plural: triliovaultmanagers + singular: triliovaultmanager + scope: Namespaced + subresources: + status: {} + version: v1 + versions: + - name: v1 + schema: + openAPIV3Schema: + description: TrilioVaultManager is the Schema for the triliovaultmanagers + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: TrilioVaultManagerSpec defines the desired state of TrilioVaultManager + properties: + affinity: + description: The scheduling constraints on application pods. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the affinity expressions specified by + this field, but it may choose a node that violates one or + more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node matches + the corresponding matchExpressions; the node(s) with the + highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects (i.e. + is also a no-op). + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to an update), the system may or may not try to + eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. The + TopologySelectorTerm type implements a subset of the + NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the affinity expressions specified by + this field, but it may choose a node that violates one or + more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node has + pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may or may + not try to eventually evict the pod from its node. When + there are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all terms + must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of + pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of + any node on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates one + or more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node has + pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the anti-affinity requirements + specified by this field cease to be met at some point during + pod execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, i.e. + all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of + pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of + any node on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + applicationScope: + description: Scope for the application which will be installed in + the cluster NamespaceScope or ClusterScope + enum: + - Cluster + - Namespaced + type: string + dataJobLimits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: DataJobLimits are the resource limits for all the data + processing jobs. + type: object + deploymentLimits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: DeploymentLimits are the resource limits for all the + deployments. + type: object + helmVersion: + description: Helm Version + properties: + tillerNamespace: + type: string + version: + enum: + - v2 + - v3 + type: string + required: + - version + type: object + metadataJobLimits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: MetadataJobLimits are the resource limits for all the + meta processing jobs. + type: object + nodeSelector: + additionalProperties: + type: string + description: NodeSelector specifies a map of key-value pairs. For + the pod to be eligible to run on a node, the node must have each + of the indicated key-value pairs as labels. + type: object + resources: + description: 'Deprecated: Resources are the resource requirements + for the containers.' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + restoreNamespaces: + description: ResourceNamespaces are the namespace where you want to + restore your applications + items: + type: string + type: array + tolerations: + description: The toleration of application against the specific taints + on the nodes + items: + description: The pod this Toleration is attached to tolerates any + taint that matches the triple using the matching + operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match all + values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the + value. Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod + can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time + the toleration (which must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. By default, it + is not set, which means tolerate the taint forever (do not + evict). Zero and negative values will be treated as 0 (evict + immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + trilioVaultAppVersion: + description: Helm Chart version + type: string + required: + - applicationScope + - helmVersion + type: object + status: + description: TrilioVaultManagerStatus defines the observed state of TrilioVaultManager + properties: + conditions: + properties: + lastTransitionTime: + format: date-time + nullable: true + type: string + message: + minLength: 0 + type: string + reason: + enum: + - InstallSuccessful + - UpdateSuccessful + - UninstallSuccessful + - InstallError + - UpdateError + - ReconcileError + - UninstallError + type: string + status: + enum: + - "True" + - "False" + - Unknown + type: string + type: + enum: + - Initialized + - Deployed + - ReleaseFailed + - Irreconcilable + type: string + type: object + deployedRelease: + properties: + manifest: + type: string + name: + type: string + type: object + required: + - conditions + type: object + type: object + served: true + storage: true + - name: v1alpha1 + schema: + openAPIV3Schema: + description: TrilioVaultManager is the Schema for the triliovaultmanagers + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: TrilioVaultManagerSpec defines the desired state of TrilioVaultManager + properties: + affinity: + description: The scheduling constraints on application pods. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the affinity expressions specified by + this field, but it may choose a node that violates one or + more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node matches + the corresponding matchExpressions; the node(s) with the + highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects (i.e. + is also a no-op). + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to an update), the system may or may not try to + eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. The + TopologySelectorTerm type implements a subset of the + NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the affinity expressions specified by + this field, but it may choose a node that violates one or + more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node has + pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may or may + not try to eventually evict the pod from its node. When + there are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all terms + must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of + pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of + any node on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates one + or more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node has + pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the anti-affinity requirements + specified by this field cease to be met at some point during + pod execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, i.e. + all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of + pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of + any node on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + applicationScope: + description: Scope for the application which will be installed in + the cluster NamespaceScope or ClusterScope + enum: + - Cluster + - Namespaced + type: string + helmVersion: + description: Helm Version + properties: + tillerNamespace: + type: string + version: + enum: + - v2 + - v3 + type: string + required: + - version + type: object + nodeSelector: + additionalProperties: + type: string + description: NodeSelector specifies a map of key-value pairs. For + the pod to be eligible to run on a node, the node must have each + of the indicated key-value pairs as labels. + type: object + resources: + description: Resources is the resource requirements for the containers. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + restoreNamespaces: + description: ResourceNamespaces are the namespace where you want to + restore your applications + items: + type: string + type: array + tolerations: + description: The toleration of application against the specific taints + on the nodes + items: + description: The pod this Toleration is attached to tolerates any + taint that matches the triple using the matching + operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match all + values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the + value. Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod + can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time + the toleration (which must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. By default, it + is not set, which means tolerate the taint forever (do not + evict). Zero and negative values will be treated as 0 (evict + immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + trilioVaultAppVersion: + description: Helm Chart version + type: string + required: + - applicationScope + - helmVersion + type: object + status: + properties: + conditions: + properties: + lastTransitionTime: + format: date-time + type: string + message: + minLength: 0 + type: string + reason: + enum: + - InstallSuccessful + - UpdateSuccessful + - UninstallSuccessful + - InstallError + - UpdateError + - ReconcileError + - UninstallError + type: string + status: + enum: + - "True" + - "False" + - Unknown + type: string + type: + enum: + - Initialized + - Deployed + - ReleaseFailed + - Irreconcilable + type: string + type: object + deployedRelease: + properties: + manifest: + type: string + name: + type: string + type: object + required: + - conditions + type: object + type: object + served: true + storage: false +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/validating-webhook.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/validating-webhook.yaml new file mode 100644 index 000000000..41bd41dcc --- /dev/null +++ b/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/validating-webhook.yaml @@ -0,0 +1,41 @@ +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: ValidatingWebhookConfiguration +metadata: + name: {{ template "k8s-triliovault-operator.name" . }}-validating-webhook-configuration +webhooks: +- clientConfig: + caBundle: Cg== + service: + name: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-service + namespace: {{ .Release.Namespace }} + path: /validate-triliovault-trilio-io-v1-triliovaultmanager + failurePolicy: Fail + name: v1-tvm-validation.trilio.io + rules: + - apiGroups: + - triliovault.trilio.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - triliovaultmanagers +- clientConfig: + caBundle: Cg== + service: + name: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-service + namespace: {{ .Release.Namespace }} + path: /validate-triliovault-trilio-io-v1alpha1-triliovaultmanager + failurePolicy: Fail + name: v1alpha1-tvm-validation.trilio.io + rules: + - apiGroups: + - triliovault.trilio.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - triliovaultmanagers diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/webhook-service.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/webhook-service.yaml new file mode 100644 index 000000000..68f7a53c6 --- /dev/null +++ b/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/templates/webhook-service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-service + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "k8s-triliovault-operator.fullname" . }} + release: "{{ .Release.Name }}" +spec: + ports: + - port: 443 + targetPort: 9443 + selector: + app: {{ template "k8s-triliovault-operator.fullname" . }} + release: "{{ .Release.Name }}" \ No newline at end of file diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/values.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/values.yaml new file mode 100644 index 000000000..e8bfb211d --- /dev/null +++ b/charts/k8s-triliovault-operator/k8s-triliovault-operator/v2.0.200/values.yaml @@ -0,0 +1,23 @@ +## TrilioVault Operator +registry: "eu.gcr.io/amazing-chalice-243510" + +operator-webhook-init: + repository: operator-webhook-init + +k8s-triliovault-operator: + repository: k8s-triliovault-operator + +tag: "v2.0.2" + +image: + pullPolicy: Always +tls: + secretName: "helm-client-certs" + verify: false + enable: false + keyFile: "tls.key" + certFile: "tls.crt" + caContent: "" + hostname: "" + +nameOverride: "" diff --git a/charts/kubecost/cost-analyzer/1.70.000/Chart.yaml b/charts/kubecost/cost-analyzer/1.70.000/Chart.yaml new file mode 100644 index 000000000..6b33309a1 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/Chart.yaml @@ -0,0 +1,10 @@ +annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/release-name: kubecost +apiVersion: v1 +appVersion: 1.70.0 +description: A Helm chart that sets up Kubecost, Prometheus, and Grafana to monitor + cloud costs. +icon: https://kubecost.com/images/logo-white.png +name: cost-analyzer +version: 1.70.000 diff --git a/charts/kubecost/cost-analyzer/1.70.000/app-readme.md b/charts/kubecost/cost-analyzer/1.70.000/app-readme.md new file mode 100644 index 000000000..dfb1e5854 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/app-readme.md @@ -0,0 +1,23 @@ +# Kubecost +[Kubecost](https://kubecost.com/) is an open-source Kubernetes cost monitoring solution. + +Kubecost gives teams visibility into current and historical Kubernetes spend and resource allocation. These models provide cost transparency in Kubernetes environments that support multiple applications, teams, departments, etc. + +To see more on the functionality of the full Kubecost product, please visit the [features page](https://kubecost.com/#features) on our website. + +Here is a summary of features enabled by this cost model: + +- Real-time cost allocation by Kubernetes service, deployment, namespace, label, statefulset, daemonset, pod, and container +- Dynamic asset pricing enabled by integrations with AWS, Azure, and GCP billing APIs +- Supports on-prem k8s clusters with custom pricing sheets +- Allocation for in-cluster resources like CPU, GPU, memory, and persistent volumes. +- Allocation for AWS & GCP out-of-cluster resources like RDS instances and S3 buckets with key (optional) +- Easily export pricing data to Prometheus with /metrics endpoint ([learn more](PROMETHEUS.md)) +- Free and open source distribution (Apache2 license) + +## Requirements +- Kubernetes 1.8+ +- kube-state-metrics +- Grafana +- Prometheus +- Node Exporter diff --git a/charts/kubecost/cost-analyzer/1.70.000/attached-disks.json b/charts/kubecost/cost-analyzer/1.70.000/attached-disks.json new file mode 100644 index 000000000..0ae9d4411 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/attached-disks.json @@ -0,0 +1,425 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "id": 10, + "iteration": 1589748792557, + "links": [], + "panels": [ + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "default-kubecost", + "fill": 1, + "gridPos": { + "h": 9, + "w": 12, + "x": 0, + "y": 0 + }, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(container_fs_limit_bytes{instance=~'$disk', device!=\"tmpfs\", id=\"/\"}) by (instance)", + "format": "time_series", + "intervalFactor": 1, + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Disk Size", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "decbytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "default-kubecost", + "fill": 1, + "gridPos": { + "h": 9, + "w": 12, + "x": 12, + "y": 0 + }, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(container_fs_usage_bytes{instance=~'$disk',id=\"/\"}) by (instance) / sum(container_fs_limit_bytes{instance=~'$disk',device!=\"tmpfs\", id=\"/\"}) by (instance)", + "format": "time_series", + "intervalFactor": 1, + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Disk Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "default-kubecost", + "fill": 1, + "gridPos": { + "h": 9, + "w": 12, + "x": 0, + "y": 9 + }, + "id": 5, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "1 - sum(container_fs_inodes_free{instance=~'$disk',id=\"/\"}) by (instance) / sum(container_fs_inodes_total{instance=~'$disk',id=\"/\"}) by (instance)", + "format": "time_series", + "intervalFactor": 1, + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "iNode Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "default-kubecost", + "fill": 1, + "gridPos": { + "h": 9, + "w": 12, + "x": 12, + "y": 9 + }, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(container_fs_usage_bytes{instance=~'$disk',id=\"/\"}) by (instance)", + "format": "time_series", + "intervalFactor": 1, + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Disk Usage", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "decbytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "schemaVersion": 16, + "style": "dark", + "tags": [ + "cost", + "utilization", + "metrics" + ], + "templating": { + "list": [ + { + "allValue": null, + "current": { + "text": "All", + "value": "$__all" + }, + "datasource": "default-kubecost", + "hide": 0, + "includeAll": true, + "label": null, + "multi": false, + "name": "disk", + "options": [], + "query": "query_result(sum(container_fs_limit_bytes{device!=\"tmpfs\", id=\"/\"}) by (instance))", + "refresh": 1, + "regex": "/instance=\\\"(.*?)(\\\")/", + "skipUrlSync": false, + "sort": 0, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-7d", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "", + "title": "Attached disk metrics", + "uid": "nBH7qBgMk", + "version": 2 +} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/Chart.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/Chart.yaml new file mode 100644 index 000000000..eb46b5995 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/Chart.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +appVersion: 6.0.0 +description: The leading tool for querying and visualizing time series and metrics. +home: https://grafana.net +icon: https://raw.githubusercontent.com/grafana/grafana/master/public/img/logo_transparent_400x.png +kubeVersion: ^1.8.0-0 +maintainers: +- email: zanhsieh@gmail.com + name: zanhsieh +- email: rluckie@cisco.com + name: rtluckie +name: grafana +sources: +- https://github.com/grafana/grafana +version: 1.17.2 diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/README.md b/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/README.md new file mode 100644 index 000000000..03c70b520 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/README.md @@ -0,0 +1,162 @@ +# Grafana Helm Chart + +* Installs the web dashboarding system [Grafana](http://grafana.org/) + +## TL;DR; + +```console +$ helm install stable/grafana +``` + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +$ helm install --name my-release stable/grafana +``` + +## Uninstalling the Chart + +To uninstall/delete the my-release deployment: + +```console +$ helm delete my-release +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + + +## Configuration + +| Parameter | Description | Default | +|---------------------------------|-----------------------------------------------|---------------------------------------------------------| +| `replicas` | Number of nodes | `1` | +| `deploymentStrategy` | Deployment strategy | `RollingUpdate` | +| `livenessProbe` | Liveness Probe settings | `{ "httpGet": { "path": "/api/health", "port": 3000 } "initialDelaySeconds": 60, "timeoutSeconds": 30, "failureThreshold": 10 }` | +| `readinessProbe` | Rediness Probe settings | `{ "httpGet": { "path": "/api/health", "port": 3000 } }`| +| `securityContext` | Deployment securityContext | `{"runAsUser": 472, "fsGroup": 472}` | +| `image.repository` | Image repository | `grafana/grafana` | +| `image.tag` | Image tag. (`Must be >= 5.0.0`) | `5.3.1` | +| `image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `service.type` | Kubernetes service type | `ClusterIP` | +| `service.port` | Kubernetes port where service is exposed | `80` | +| `service.annotations` | Service annotations | `{}` | +| `service.labels` | Custom labels | `{}` | +| `ingress.enabled` | Enables Ingress | `false` | +| `ingress.annotations` | Ingress annotations | `{}` | +| `ingress.labels` | Custom labels | `{}` | +| `ingress.hosts` | Ingress accepted hostnames | `[]` | +| `ingress.tls` | Ingress TLS configuration | `[]` | +| `resources` | CPU/Memory resource requests/limits | `{}` | +| `nodeSelector` | Node labels for pod assignment | `{}` | +| `tolerations` | Toleration labels for pod assignment | `[]` | +| `affinity` | Affinity settings for pod assignment | `{}` | +| `persistence.enabled` | Use persistent volume to store data | `false` | +| `persistence.size` | Size of persistent volume claim | `10Gi` | +| `persistence.existingClaim` | Use an existing PVC to persist data | `nil` | +| `persistence.storageClassName` | Type of persistent volume claim | `nil` | +| `persistence.accessModes` | Persistence access modes | `[]` | +| `persistence.subPath` | Mount a sub dir of the persistent volume | `""` | +| `schedulerName` | Alternate scheduler name | `nil` | +| `env` | Extra environment variables passed to pods | `{}` | +| `envFromSecret` | Name of a Kubenretes secret (must be manually created in the same namespace) containing values to be added to the environment | `""` | +| `extraSecretMounts` | Additional grafana server secret mounts | `[]` | +| `plugins` | Plugins to be loaded along with Grafana | `[]` | +| `datasources` | Configure grafana datasources | `{}` | +| `dashboardProviders` | Configure grafana dashboard providers | `{}` | +| `dashboards` | Dashboards to import | `{}` | +| `dashboardsConfigMaps` | ConfigMaps reference that contains dashboards | `{}` | +| `grafana.ini` | Grafana's primary configuration | `{}` | +| `ldap.existingSecret` | The name of an existing secret containing the `ldap.toml` file, this must have the key `ldap-toml`. | `""` | +| `ldap.config ` | Grafana's LDAP configuration | `""` | +| `annotations` | Deployment annotations | `{}` | +| `podAnnotations` | Pod annotations | `{}` | +| `sidecar.dashboards.enabled` | Enabled the cluster wide search for dashboards and adds/updates/deletes them in grafana | `false` | +| `sidecar.dashboards.label` | Label that config maps with dashboards should have to be added | `false` | +| `sidecar.datasources.enabled` | Enabled the cluster wide search for datasources and adds/updates/deletes them in grafana |`false` | +| `sidecar.datasources.label` | Label that config maps with datasources should have to be added | `false` | +| `smtp.existingSecret` | The name of an existing secret containing the SMTP credentials, this must have the keys `user` and `password`. | `""` | + +## Sidecar for dashboards + +If the parameter `sidecar.dashboards.enabled` is set, a sidecar container is deployed in the grafana pod. This container watches all config maps in the cluster and filters out the ones with a label as defined in `sidecar.dashboards.label`. The files defined in those configmaps are written to a folder and accessed by grafana. Changes to the configmaps are monitored and the imported dashboards are deleted/updated. A recommendation is to use one configmap per dashboard, as an reduction of multiple dashboards inside one configmap is currently not properly mirrored in grafana. +Example dashboard config: +``` +apiVersion: v1 +kind: ConfigMap +metadata: + name: sample-grafana-dashboard + labels: + grafana_dashboard: 1 +data: + k8s-dashboard.json: |- + [...] +``` + +## Sidecar for datasources + +If the parameter `sidecar.datasource.enabled` is set, a sidecar container is deployed in the grafana pod. This container watches all config maps in the cluster and filters out the ones with a label as defined in `sidecar.datasources.label`. The files defined in those configmaps are written to a folder and accessed by grafana on startup. Using these yaml files, the data sources in grafana can be modified. + +Example datasource config adapted from [Grafana](http://docs.grafana.org/administration/provisioning/#example-datasource-config-file): +``` +apiVersion: v1 +kind: ConfigMap +metadata: + name: sample-grafana-datasource + labels: + grafana_datasource: 1 +data: + datasource.yaml: |- + # config file version + apiVersion: 1 + + # list of datasources that should be deleted from the database + deleteDatasources: + - name: Graphite + orgId: 1 + + # list of datasources to insert/update depending + # whats available in the database + datasources: + # name of the datasource. Required + - name: Graphite + # datasource type. Required + type: graphite + # access mode. proxy or direct (Server or Browser in the UI). Required + access: proxy + # org id. will default to orgId 1 if not specified + orgId: 1 + # url + url: http://localhost:8080 + # database password, if used + password: + # database user, if used + user: + # database name, if used + database: + # enable/disable basic auth + basicAuth: + # basic auth username + basicAuthUser: + # basic auth password + basicAuthPassword: + # enable/disable with credentials headers + withCredentials: + # mark as default datasource. Max one per org + isDefault: + # fields that will be converted to json and stored in json_data + jsonData: + graphiteVersion: "1.1" + tlsAuth: true + tlsAuthWithCACert: true + # json object of data that will be encrypted. + secureJsonData: + tlsCACert: "..." + tlsClientCert: "..." + tlsClientKey: "..." + version: 1 + # allow users to edit datasources from the UI. + editable: false + +``` diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/NOTES.txt b/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/NOTES.txt new file mode 100644 index 000000000..57e84cd69 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/NOTES.txt @@ -0,0 +1,37 @@ +1. Get your '{{ .Values.adminUser }}' user password by running: + + kubectl get secret --namespace {{ .Release.Namespace }} {{ template "grafana.fullname" . }} -o jsonpath="{.data.admin-password}" | base64 --decode ; echo + +2. The Grafana server can be accessed via port {{ .Values.service.port }} on the following DNS name from within your cluster: + + {{ template "grafana.fullname" . }}.{{ .Release.Namespace }}.svc +{{ if .Values.ingress.enabled }} + From outside the cluster, the server URL(s) are: +{{- range .Values.ingress.hosts }} + http://{{ . }} +{{- end }} +{{ else }} + Get the Grafana URL to visit by running these commands in the same shell: +{{ if contains "NodePort" .Values.service.type -}} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "grafana.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{ else if contains "LoadBalancer" .Values.service.type -}} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "grafana.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "grafana.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + http://$SERVICE_IP:{{ .Values.service.port -}} +{{ else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "grafana.fullname" . }},component={{ .Values.name }}" -o jsonpath="{.items[0].metadata.name}") + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 3000 +{{- end }} +{{- end }} + +3. Login with the password from step 1 and the username: {{ .Values.adminUser }} + +{{- if not .Values.persistence.enabled }} +################################################################################# +###### WARNING: Persistence is disabled!!! You will lose your data when ##### +###### the Grafana pod is terminated. ##### +################################################################################# +{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/_helpers.tpl b/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/_helpers.tpl new file mode 100644 index 000000000..3a3ebd3ec --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/_helpers.tpl @@ -0,0 +1,43 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "grafana.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "grafana.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "grafana.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the service account +*/}} +{{- define "grafana.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "grafana.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/clusterrole.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/clusterrole.yaml new file mode 100644 index 000000000..d49193651 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/clusterrole.yaml @@ -0,0 +1,25 @@ +{{ if .Values.global.grafana.enabled }} +{{- if .Values.rbac.create }} +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + labels: + app: {{ template "grafana.name" . }} + chart: {{ template "grafana.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- with .Values.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} + name: {{ template "grafana.fullname" . }}-clusterrole +{{- if or .Values.sidecar.dashboards.enabled .Values.sidecar.datasources.enabled }} +rules: +- apiGroups: [""] # "" indicates the core API group + resources: ["configmaps"] + verbs: ["get", "watch", "list"] +{{- else }} +rules: [] +{{- end}} +{{- end}} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/clusterrolebinding.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..99dada9f4 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/clusterrolebinding.yaml @@ -0,0 +1,25 @@ +{{ if .Values.global.grafana.enabled }} +{{- if .Values.rbac.create }} +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ template "grafana.fullname" . }}-clusterrolebinding + labels: + app: {{ template "grafana.name" . }} + chart: {{ template "grafana.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- with .Values.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +subjects: + - kind: ServiceAccount + name: {{ template "grafana.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: {{ template "grafana.fullname" . }}-clusterrole + apiGroup: rbac.authorization.k8s.io +{{- end}} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/configmap-dashboard-provider.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/configmap-dashboard-provider.yaml new file mode 100644 index 000000000..1765e9aff --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/configmap-dashboard-provider.yaml @@ -0,0 +1,28 @@ +{{ if .Values.global.grafana.enabled }} +{{- if .Values.sidecar.dashboards.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + app: {{ template "grafana.name" . }} + chart: {{ template "grafana.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- with .Values.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} + name: {{ template "grafana.fullname" . }}-config-dashboards +data: + provider.yaml: |- + apiVersion: 1 + providers: + - name: 'default' + orgId: 1 + folder: '' + type: file + disableDeletion: false + options: + path: {{ .Values.sidecar.dashboards.folder }} +{{- end}} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/configmap.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/configmap.yaml new file mode 100644 index 000000000..d283d04c0 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/configmap.yaml @@ -0,0 +1,76 @@ +{{ if .Values.global.grafana.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "grafana.fullname" . }} + labels: + app: {{ template "grafana.name" . }} + chart: {{ template "grafana.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{- if .Values.plugins }} + plugins: {{ join "," .Values.plugins }} +{{- end }} + grafana.ini: | +{{- range $key, $value := index .Values "grafana.ini" }} + [{{ $key }}] + {{- range $elem, $elemVal := $value }} + {{ $elem }} = {{ $elemVal }} + {{- end }} +{{- end }} + +{{- if .Values.datasources }} + {{- range $key, $value := .Values.datasources }} + {{ $key }}: | +{{ toYaml $value | trim | indent 4 }} + {{- end -}} +{{- end -}} +{{- if .Values.global.prometheus.enabled }} + - access: proxy + isDefault: true + name: Prometheus + type: prometheus + url: http://{{ template "cost-analyzer.prometheus.server.name" . }}.{{ .Release.Namespace }}.svc +{{ else }} + - access: proxy + isDefault: true + name: Prometheus + type: prometheus + url: {{ .Values.global.prometheus.fqdn }} +{{- end -}} + +{{- if .Values.dashboardProviders }} + {{- range $key, $value := .Values.dashboardProviders }} + {{ $key }}: | +{{ toYaml $value | indent 4 }} + {{- end -}} +{{- end -}} + +{{- if .Values.dashboards }} + download_dashboards.sh: | + #!/usr/bin/env sh + set -euf + {{- if .Values.dashboardProviders }} + {{- range $key, $value := .Values.dashboardProviders }} + {{- range $value.providers }} + mkdir -p {{ .options.path }} + {{- end }} + {{- end }} + {{- end }} + + {{- range $provider, $dashboards := .Values.dashboards }} + {{- range $key, $value := $dashboards }} + {{- if (or (hasKey $value "gnetId") (hasKey $value "url")) }} + curl -sk \ + --connect-timeout 60 \ + --max-time 60 \ + -H "Accept: application/json" \ + -H "Content-Type: application/json;charset=UTF-8" \ + {{- if $value.url -}}{{ $value.url }}{{- else -}} https://grafana.com/api/dashboards/{{ $value.gnetId }}/revisions/{{- if $value.revision -}}{{ $value.revision }}{{- else -}}1{{- end -}}/download{{- end -}}{{ if $value.datasource }}| sed 's|\"datasource\":[^,]*|\"datasource\": \"{{ $value.datasource }}\"|g'{{ end }} \ + > /var/lib/grafana/dashboards/{{ $provider }}/{{ $key }}.json + {{- end }} + {{- end }} + {{- end }} +{{- end }} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/dashboards-json-configmap.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/dashboards-json-configmap.yaml new file mode 100644 index 000000000..c1ab8c4ba --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/dashboards-json-configmap.yaml @@ -0,0 +1,24 @@ +{{ if .Values.global.grafana.enabled }} +{{- if .Values.dashboards }} + {{- range $provider, $dashboards := .Values.dashboards }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "grafana.fullname" $ }}-dashboards-{{ $provider }} + labels: + app: {{ template "grafana.name" $ }} + chart: {{ template "grafana.chart" $ }} + release: {{ $.Release.Name }} + heritage: {{ $.Release.Service }} + dashboard-provider: {{ $provider }} +data: + {{- range $key, $value := $dashboards }} + {{- if hasKey $value "json" }} + {{ $key }}.json: | +{{ $value.json | indent 4 }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/deployment.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/deployment.yaml new file mode 100644 index 000000000..ea8e814f3 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/deployment.yaml @@ -0,0 +1,272 @@ +{{ if .Values.global.grafana.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "grafana.fullname" . }} + labels: + app: {{ template "grafana.name" . }} + chart: {{ template "grafana.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- with .Values.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: + replicas: {{ .Values.replicas }} + selector: + matchLabels: + app: {{ template "grafana.name" . }} + release: {{ .Release.Name }} + strategy: + type: {{ .Values.deploymentStrategy }} + {{- if ne .Values.deploymentStrategy "RollingUpdate" }} + rollingUpdate: null + {{- end }} + template: + metadata: + labels: + app: {{ template "grafana.name" . }} + release: {{ .Release.Name }} +{{- with .Values.podAnnotations }} + annotations: +{{ toYaml . | indent 8 }} +{{- end }} + spec: + serviceAccountName: {{ template "grafana.serviceAccountName" . }} +{{- if .Values.schedulerName }} + schedulerName: "{{ .Values.schedulerName }}" +{{- end }} +{{- if .Values.securityContext }} + securityContext: +{{ toYaml .Values.securityContext | indent 8 }} +{{- end }} +{{- if .Values.dashboards }} + initContainers: + - name: download-dashboards + image: "{{ .Values.downloadDashboardsImage.repository }}:{{ .Values.downloadDashboardsImage.tag }}" + imagePullPolicy: {{ .Values.downloadDashboardsImage.pullPolicy }} + command: ["sh", "/etc/grafana/download_dashboards.sh"] + volumeMounts: + - name: config + mountPath: "/etc/grafana/download_dashboards.sh" + subPath: download_dashboards.sh + - name: storage + mountPath: "/var/lib/grafana" + subPath: {{ .Values.persistence.subPath }} + {{- range .Values.extraSecretMounts }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + readOnly: {{ .readOnly }} + {{- end }} +{{- end }} + {{- if .Values.image.pullSecrets }} + imagePullSecrets: + {{- range .Values.image.pullSecrets }} + - name: {{ . }} + {{- end}} + {{- end }} + containers: +{{- if .Values.sidecar.dashboards.enabled }} + - name: {{ template "grafana.name" . }}-sc-dashboard + image: "{{ .Values.sidecar.image }}" + imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }} + env: + - name: LABEL + value: "{{ .Values.sidecar.dashboards.label }}" + - name: FOLDER + value: "{{ .Values.sidecar.dashboards.folder }}" + resources: +{{ toYaml .Values.sidecar.resources | indent 12 }} + volumeMounts: + - name: sc-dashboard-volume + mountPath: {{ .Values.sidecar.dashboards.folder | quote }} +{{- end}} +{{- if .Values.sidecar.datasources.enabled }} + - name: {{ template "grafana.name" . }}-sc-datasources + image: "{{ .Values.sidecar.image }}" + imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }} + env: + - name: LABEL + value: "{{ .Values.sidecar.datasources.label }}" + - name: FOLDER + value: "/etc/grafana/provisioning/datasources" + resources: +{{ toYaml .Values.sidecar.resources | indent 12 }} + volumeMounts: + - name: sc-datasources-volume + mountPath: "/etc/grafana/provisioning/datasources" +{{- end}} + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + volumeMounts: + - name: config + mountPath: "/etc/grafana/grafana.ini" + subPath: grafana.ini + - name: ldap + mountPath: "/etc/grafana/ldap.toml" + subPath: ldap.toml +{{- if .Values.dashboards }} + {{- range $provider, $dashboards := .Values.dashboards }} + {{- range $key, $value := $dashboards }} + {{- if hasKey $value "json" }} + - name: dashboards-{{ $provider }} + mountPath: "/var/lib/grafana/dashboards/{{ $provider }}/{{ $key }}.json" + subPath: "{{ $key }}.json" + {{- end }} + {{- end }} + {{- end }} +{{- end -}} +{{- if .Values.dashboardsConfigMaps }} + {{- range keys .Values.dashboardsConfigMaps }} + - name: dashboards-{{ . }} + mountPath: "/var/lib/grafana/dashboards/{{ . }}" + {{- end }} +{{- end }} +{{- if .Values.datasources }} + - name: config + mountPath: "/etc/grafana/provisioning/datasources/datasources.yaml" + subPath: datasources.yaml +{{- end }} +{{- if .Values.dashboardProviders }} + - name: config + mountPath: "/etc/grafana/provisioning/dashboards/dashboardproviders.yaml" + subPath: dashboardproviders.yaml +{{- end }} +{{- if .Values.sidecar.dashboards.enabled }} + - name: sc-dashboard-volume + mountPath: {{ .Values.sidecar.dashboards.folder | quote }} + - name: sc-dashboard-provider + mountPath: "/etc/grafana/provisioning/dashboards/sc-dashboardproviders.yaml" + subPath: provider.yaml +{{- end}} +{{- if .Values.sidecar.datasources.enabled }} + - name: sc-datasources-volume + mountPath: "/etc/grafana/provisioning/datasources" +{{- end}} + - name: storage + mountPath: "/var/lib/grafana" + subPath: {{ .Values.persistence.subPath }} + {{- range .Values.extraSecretMounts }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + readOnly: {{ .readOnly }} + {{- end }} + ports: + - name: service + containerPort: {{ .Values.service.port }} + protocol: TCP + - name: grafana + containerPort: 3000 + protocol: TCP + env: + - name: GF_SECURITY_ADMIN_USER + valueFrom: + secretKeyRef: + name: {{ template "grafana.fullname" . }} + key: admin-user + - name: GF_SECURITY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "grafana.fullname" . }} + key: admin-password + {{- if .Values.plugins }} + - name: GF_INSTALL_PLUGINS + valueFrom: + configMapKeyRef: + name: {{ template "grafana.fullname" . }} + key: plugins + {{- end }} + {{- if .Values.smtp.existingSecret }} + - name: GF_SMTP_USER + valueFrom: + secretKeyRef: + name: {{ .Values.smtp.existingSecret }} + key: user + - name: GF_SMTP_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.smtp.existingSecret }} + key: password + {{- end }} +{{- range $key, $value := .Values.env }} + - name: "{{ $key }}" + value: "{{ $value }}" +{{- end }} + {{- if .Values.envFromSecret }} + envFrom: + - secretRef: + name: {{ .Values.envFromSecret }} + {{- end }} + livenessProbe: +{{ toYaml .Values.livenessProbe | indent 12 }} + readinessProbe: +{{ toYaml .Values.readinessProbe | indent 12 }} + resources: +{{ toYaml .Values.resources | indent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} + volumes: + - name: config + configMap: + name: {{ template "grafana.fullname" . }} + {{- if .Values.dashboards }} + {{- range keys .Values.dashboards }} + - name: dashboards-{{ . }} + configMap: + name: {{ template "grafana.fullname" $ }}-dashboards-{{ . }} + {{- end }} + {{- end }} + {{- if .Values.dashboardsConfigMaps }} + {{- range $provider, $name := .Values.dashboardsConfigMaps }} + - name: dashboards-{{ $provider }} + configMap: + name: {{ $name }} + {{- end }} + {{- end }} + - name: ldap + secret: + {{- if .Values.ldap.existingSecret }} + secretName: {{ .Values.ldap.existingSecret }} + {{- else }} + secretName: {{ template "grafana.fullname" . }} + {{- end }} + items: + - key: ldap-toml + path: ldap.toml + - name: storage + {{- if .Values.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ .Values.persistence.existingClaim | default (include "grafana.fullname" .) }} + {{- else }} + emptyDir: {} + {{- end -}} + {{- if .Values.sidecar.dashboards.enabled }} + - name: sc-dashboard-volume + emptyDir: {} + - name: sc-dashboard-provider + configMap: + name: {{ template "grafana.fullname" . }}-config-dashboards + {{- end }} + {{- if .Values.sidecar.datasources.enabled }} + - name: sc-datasources-volume + emptyDir: {} + {{- end -}} + {{- range .Values.extraSecretMounts }} + - name: {{ .name }} + secret: + secretName: {{ .secretName }} + defaultMode: {{ .defaultMode }} + {{- end }} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/ingress.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/ingress.yaml new file mode 100644 index 000000000..556f0fab0 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/ingress.yaml @@ -0,0 +1,44 @@ +{{ if .Values.global.grafana.enabled }} +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "grafana.fullname" . -}} +{{- $servicePort := .Values.service.port -}} +{{- $ingressPath := .Values.ingress.path -}} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + app: {{ template "grafana.name" . }} + chart: {{ template "grafana.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- if .Values.ingress.labels }} +{{ toYaml .Values.ingress.labels | indent 4 }} +{{- end }} +{{- with .Values.ingress.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: +{{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} +{{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ . }} + http: + paths: + - path: {{ $ingressPath }} + backend: + serviceName: {{ $fullName }} + servicePort: {{ $servicePort }} + {{- end }} +{{- end }} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/podsecuritypolicy.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/podsecuritypolicy.yaml new file mode 100644 index 000000000..e2b47f42b --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/podsecuritypolicy.yaml @@ -0,0 +1,42 @@ +{{ if .Values.global.grafana.enabled }} +{{- if .Values.rbac.pspEnabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "grafana.fullname" . }} + labels: + app: {{ template "grafana.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + annotations: + seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default' + apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default' + seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' + apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' +spec: + privileged: false + allowPrivilegeEscalation: false + requiredDropCapabilities: + - ALL + volumes: + - 'configMap' + - 'emptyDir' + - 'projected' + - 'secret' + - 'downwardAPI' + - 'persistentVolumeClaim' + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'RunAsAny' + fsGroup: + rule: 'RunAsAny' + readOnlyRootFilesystem: false +{{- end }} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/pvc.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/pvc.yaml new file mode 100644 index 000000000..e13c78378 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/pvc.yaml @@ -0,0 +1,26 @@ +{{ if .Values.global.grafana.enabled }} +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ template "grafana.fullname" . }} + labels: + app: {{ template "grafana.name" . }} + chart: {{ template "grafana.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + {{- with .Values.persistence.annotations }} + annotations: +{{ toYaml . | indent 4 }} + {{- end }} +spec: + accessModes: + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + storageClassName: {{ .Values.persistence.storageClassName }} +{{- end -}} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/role.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/role.yaml new file mode 100644 index 000000000..6c9195769 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/role.yaml @@ -0,0 +1,20 @@ +{{ if .Values.global.grafana.enabled }} +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + name: {{ template "grafana.fullname" . }} + labels: + app: {{ template "grafana.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +{{- if .Values.rbac.pspEnabled }} +rules: +- apiGroups: ['extensions'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: [{{ template "grafana.fullname" . }}] +{{- end }} +{{- end }} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/rolebinding.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/rolebinding.yaml new file mode 100644 index 000000000..e777ddabc --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/rolebinding.yaml @@ -0,0 +1,20 @@ +{{ if .Values.global.grafana.enabled }} +{{- if .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + name: {{ template "grafana.fullname" . }} + labels: + app: {{ template "grafana.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "grafana.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ template "grafana.serviceAccountName" . }} +{{- end -}} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/secret.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/secret.yaml new file mode 100644 index 000000000..cd16c2fc7 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/secret.yaml @@ -0,0 +1,22 @@ +{{ if .Values.global.grafana.enabled }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "grafana.fullname" . }} + labels: + app: {{ template "grafana.name" . }} + chart: {{ template "grafana.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +type: Opaque +data: + admin-user: {{ .Values.adminUser | b64enc | quote }} + {{- if .Values.adminPassword }} + admin-password: {{ .Values.adminPassword | b64enc | quote }} + {{- else }} + admin-password: {{ randAlphaNum 40 | b64enc | quote }} + {{- end }} + {{- if not .Values.ldap.existingSecret }} + ldap-toml: {{ .Values.ldap.config | b64enc | quote }} + {{- end }} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/service.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/service.yaml new file mode 100644 index 000000000..307d0abf1 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/service.yaml @@ -0,0 +1,51 @@ +{{ if .Values.global.grafana.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "grafana.fullname" . }} + labels: + app: {{ template "grafana.name" . }} + chart: {{ template "grafana.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- if .Values.service.labels }} +{{ toYaml .Values.service.labels | indent 4 }} +{{- end }} +{{- with .Values.service.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: +{{- if (or (eq .Values.service.type "ClusterIP") (empty .Values.service.type)) }} + type: ClusterIP + {{- if .Values.service.clusterIP }} + clusterIP: {{ .Values.service.clusterIP }} + {{end}} +{{- else if eq .Values.service.type "LoadBalancer" }} + type: {{ .Values.service.type }} + {{- if .Values.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + {{- if .Values.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: +{{ toYaml .Values.service.loadBalancerSourceRanges | indent 4 }} + {{- end -}} +{{- else }} + type: {{ .Values.service.type }} +{{- end }} +{{- if .Values.service.externalIPs }} + externalIPs: +{{ toYaml .Values.service.externalIPs | indent 4 }} +{{- end }} + ports: + - name: service + port: {{ .Values.service.port }} + protocol: TCP + targetPort: 3000 +{{ if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePort))) }} + nodePort: {{.Values.service.nodePort}} +{{ end }} + selector: + app: {{ template "grafana.name" . }} + release: {{ .Release.Name }} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/serviceaccount.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/serviceaccount.yaml new file mode 100644 index 000000000..bbcb5055e --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{ if .Values.global.grafana.enabled }} +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: {{ template "grafana.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + name: {{ template "grafana.serviceAccountName" . }} +{{- end }} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/values.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/values.yaml new file mode 100644 index 000000000..504a3e86a --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/grafana/values.yaml @@ -0,0 +1,275 @@ +rbac: + create: true + pspEnabled: true +serviceAccount: + create: true + name: + +replicas: 1 + +deploymentStrategy: RollingUpdate + +readinessProbe: + httpGet: + path: /api/health + port: 3000 + +livenessProbe: + httpGet: + path: /api/health + port: 3000 + initialDelaySeconds: 60 + timeoutSeconds: 30 + failureThreshold: 10 + +image: + repository: grafana/grafana + tag: 7.1.1 + pullPolicy: IfNotPresent + + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistrKeySecretName + +securityContext: + runAsUser: 472 + fsGroup: 472 + +downloadDashboardsImage: + repository: appropriate/curl + tag: latest + pullPolicy: IfNotPresent + +## Pod Annotations +# podAnnotations: {} + +## Deployment annotations +# annotations: {} + +## Expose the grafana service to be accessed from outside the cluster (LoadBalancer service). +## or access it from within the cluster (ClusterIP service). Set the service type and the port to serve it. +## ref: http://kubernetes.io/docs/user-guide/services/ +## +service: + type: ClusterIP + port: 80 + annotations: {} + labels: {} + +ingress: + enabled: false + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + labels: {} + path: / + hosts: + - chart-example.local + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: {} +# limits: +# cpu: 100m +# memory: 128Mi +# requests: +# cpu: 100m +# memory: 128Mi + +## Node labels for pod assignment +## ref: https://kubernetes.io/docs/user-guide/node-selection/ +# +nodeSelector: {} + +## Tolerations for pod assignment +## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] + +## Affinity for pod assignment +## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## +affinity: {} + +## Enable persistence using Persistent Volume Claims +## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ +## +persistence: + enabled: false + # storageClassName: default + # accessModes: + # - ReadWriteOnce + # size: 10Gi + # annotations: {} + # subPath: "" + # existingClaim: + +adminUser: admin +adminPassword: strongpassword + +## Use an alternate scheduler, e.g. "stork". +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +# schedulerName: + +## Extra environment variables that will be pass onto deployment pods +env: {} + +## The name of a secret in the same kubernetes namespace which contain values to be added to the environment +## This can be useful for auth tokens, etc +envFromSecret: "" + +## Additional grafana server secret mounts +# Defines additional mounts with secrets. Secrets must be manually created in the namespace. +extraSecretMounts: [] + # - name: secret-files + # mountPath: /etc/secrets + # secretName: grafana-secret-files + # readOnly: true + +## Pass the plugins you want installed as a list. +## +plugins: [] + # - digrich-bubblechart-panel + # - grafana-clock-panel + +## Configure grafana datasources +## ref: http://docs.grafana.org/administration/provisioning/#datasources +## +datasources: {} +# datasources.yaml: +# apiVersion: 1 +# datasources: +# - name: Prometheus2 +# type: prometheus +# url: http://prometheus-server.default.svc +# access: proxy +# isDefault: false + +## Configure grafana dashboard providers +## ref: http://docs.grafana.org/administration/provisioning/#dashboards +## +## `path` must be /var/lib/grafana/dashboards/ +## +dashboardProviders: {} +# dashboardproviders.yaml: +# apiVersion: 1 +# providers: +# - name: 'default' +# orgId: 1 +# folder: '' +# type: file +# disableDeletion: false +# editable: true +# options: +# path: /var/lib/grafana/dashboards/default + +## Configure grafana dashboard to import +## NOTE: To use dashboards you must also enable/configure dashboardProviders +## ref: https://grafana.com/dashboards +## +## dashboards per provider, use provider name as key. +## +dashboards: {} +# default: +# prometheus-stats: +# gnetId: 3662 +# revision: 2 +# datasource: Prometheus + +## Reference to external ConfigMap per provider. Use provider name as key and ConfiMap name as value. +## A provider dashboards must be defined either by external ConfigMaps or in values.yaml, not in both. +## ConfigMap data example: +## +## data: +## example-dashboard.json: | +## RAW_JSON +## +dashboardsConfigMaps: {} +# default: "" + +## Grafana's primary configuration +## NOTE: values in map will be converted to ini format +## ref: http://docs.grafana.org/installation/configuration/ +## +grafana.ini: + paths: + data: /var/lib/grafana/data + logs: /var/log/grafana + plugins: /var/lib/grafana/plugins + provisioning: /etc/grafana/provisioning + analytics: + check_for_updates: true + log: + mode: console + grafana_net: + url: https://grafana.net + auth.anonymous: + enabled: true + org_role: Admin + org_name: Main Org. + +## LDAP Authentication can be enabled with the following values on grafana.ini +## NOTE: Grafana will fail to start if the value for ldap.toml is invalid + # auth.ldap: + # enabled: true + # allow_sign_up: true + # config_file: /etc/grafana/ldap.toml + +## Grafana's LDAP configuration +## Templated by the template in _helpers.tpl +## NOTE: To enable the grafana.ini must be configured with auth.ldap.enabled +## ref: http://docs.grafana.org/installation/configuration/#auth-ldap +## ref: http://docs.grafana.org/installation/ldap/#configuration +ldap: + # `existingSecret` is a reference to an existing secret containing the ldap configuration + # for Grafana in a key `ldap-toml`. + existingSecret: "" + # `config` is the content of `ldap.toml` that will be stored in the created secret + config: "" + # config: |- + # verbose_logging = true + + # [[servers]] + # host = "my-ldap-server" + # port = 636 + # use_ssl = true + # start_tls = false + # ssl_skip_verify = false + # bind_dn = "uid=%s,ou=users,dc=myorg,dc=com" + +## Grafana's SMTP configuration +## NOTE: To enable, grafana.ini must be configured with smtp.enabled +## ref: http://docs.grafana.org/installation/configuration/#smtp +smtp: + # `existingSecret` is a reference to an existing secret containing the smtp configuration + # for Grafana in keys `user` and `password`. + existingSecret: "" + +## Sidecars that collect the configmaps with specified label and stores the included files them into the respective folders +## Requires at least Grafana 5 to work and can't be used together with parameters dashboardProviders, datasources and dashboards +sidecar: + image: kiwigrid/k8s-sidecar:0.1.144 + imagePullPolicy: IfNotPresent + resources: +# limits: +# cpu: 100m +# memory: 100Mi +# requests: +# cpu: 50m +# memory: 50Mi + dashboards: + enabled: false + # label that the configmaps with dashboards are marked with + label: grafana_dashboard + # folder in the pod that should hold the collected dashboards + folder: /tmp/dashboards + datasources: + enabled: false + # label that the configmaps with datasources are marked with + label: grafana_datasource diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/.helmignore b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/.helmignore new file mode 100644 index 000000000..825c00779 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj + +OWNERS diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/Chart.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/Chart.yaml new file mode 100644 index 000000000..dd81a9c69 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/Chart.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +appVersion: 2.17.2 +description: Prometheus is a monitoring system and time series database. +home: https://prometheus.io/ +icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png +maintainers: +- email: gianrubio@gmail.com + name: gianrubio +- email: zanhsieh@gmail.com + name: zanhsieh +name: prometheus +sources: +- https://github.com/prometheus/alertmanager +- https://github.com/prometheus/prometheus +- https://github.com/prometheus/pushgateway +- https://github.com/prometheus/node_exporter +- https://github.com/kubernetes/kube-state-metrics +version: 11.0.2 diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/README.md b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/README.md new file mode 100644 index 000000000..dc32dcd15 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/README.md @@ -0,0 +1,471 @@ +# Prometheus + +[Prometheus](https://prometheus.io/), a [Cloud Native Computing Foundation](https://cncf.io/) project, is a systems and service monitoring system. It collects metrics from configured targets at given intervals, evaluates rule expressions, displays the results, and can trigger alerts if some condition is observed to be true. + +## TL;DR; + +```console +$ helm install stable/prometheus +``` + +## Introduction + +This chart bootstraps a [Prometheus](https://prometheus.io/) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +## Prerequisites + +- Kubernetes 1.3+ with Beta APIs enabled + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +$ helm install --name my-release stable/prometheus +``` + +The command deploys Prometheus on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```console +$ helm delete my-release +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Prometheus 2.x + +Prometheus version 2.x has made changes to alertmanager, storage and recording rules. Check out the migration guide [here](https://prometheus.io/docs/prometheus/2.0/migration/) + +Users of this chart will need to update their alerting rules to the new format before they can upgrade. + +## Upgrading from previous chart versions. + +Version 9.0 adds a new option to enable or disable the Prometheus Server. +This supports the use case of running a Prometheus server in one k8s cluster and scraping exporters in another cluster while using the same chart for each deployment. +To install the server `server.enabled` must be set to `true`. + +As of version 5.0, this chart uses Prometheus 2.x. This version of prometheus introduces a new data format and is not compatible with prometheus 1.x. It is recommended to install this as a new release, as updating existing releases will not work. See the [prometheus docs](https://prometheus.io/docs/prometheus/latest/migration/#storage) for instructions on retaining your old data. + +### Example migration + +Assuming you have an existing release of the prometheus chart, named `prometheus-old`. In order to update to prometheus 2.x while keeping your old data do the following: + +1. Update the `prometheus-old` release. Disable scraping on every component besides the prometheus server, similar to the configuration below: + + ``` + alertmanager: + enabled: false + alertmanagerFiles: + alertmanager.yml: "" + kubeStateMetrics: + enabled: false + nodeExporter: + enabled: false + pushgateway: + enabled: false + server: + extraArgs: + storage.local.retention: 720h + serverFiles: + alerts: "" + prometheus.yml: "" + rules: "" + ``` + +1. Deploy a new release of the chart with version 5.0+ using prometheus 2.x. In the values.yaml set the scrape config as usual, and also add the `prometheus-old` instance as a remote-read target. + + ``` + prometheus.yml: + ... + remote_read: + - url: http://prometheus-old/api/v1/read + ... + ``` + + Old data will be available when you query the new prometheus instance. + +## Scraping Pod Metrics via Annotations + +This chart uses a default configuration that causes prometheus +to scrape a variety of kubernetes resource types, provided they have the correct annotations. +In this section we describe how to configure pods to be scraped; +for information on how other resource types can be scraped you can +do a `helm template` to get the kubernetes resource definitions, +and then reference the prometheus configuration in the ConfigMap against the prometheus documentation +for [relabel_config](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config) +and [kubernetes_sd_config](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#kubernetes_sd_config). + +In order to get prometheus to scrape pods, you must add annotations to the the pods as below: + +``` +metadata: + annotations: + prometheus.io/scrape: "true" + prometheus.io/path: /metrics + prometheus.io/port: "8080" +spec: +... +``` + +You should adjust `prometheus.io/path` based on the URL that your pod serves metrics from. +`prometheus.io/port` should be set to the port that your pod serves metrics from. +Note that the values for `prometheus.io/scrape` and `prometheus.io/port` must be +enclosed in double quotes. + +## Configuration + +The following table lists the configurable parameters of the Prometheus chart and their default values. + +Parameter | Description | Default +--------- | ----------- | ------- +`alertmanager.enabled` | If true, create alertmanager | `true` +`alertmanager.name` | alertmanager container name | `alertmanager` +`alertmanager.image.repository` | alertmanager container image repository | `prom/alertmanager` +`alertmanager.image.tag` | alertmanager container image tag | `v0.20.0` +`alertmanager.image.pullPolicy` | alertmanager container image pull policy | `IfNotPresent` +`alertmanager.prefixURL` | The prefix slug at which the server can be accessed | `` +`alertmanager.baseURL` | The external url at which the server can be accessed | `"http://localhost:9093"` +`alertmanager.extraArgs` | Additional alertmanager container arguments | `{}` +`alertmanager.extraSecretMounts` | Additional alertmanager Secret mounts | `[]` +`alertmanager.configMapOverrideName` | Prometheus alertmanager ConfigMap override where full-name is `{{.Release.Name}}-{{.Values.alertmanager.configMapOverrideName}}` and setting this value will prevent the default alertmanager ConfigMap from being generated | `""` +`alertmanager.configFromSecret` | The name of a secret in the same kubernetes namespace which contains the Alertmanager config, setting this value will prevent the default alertmanager ConfigMap from being generated | `""` +`alertmanager.configFileName` | The configuration file name to be loaded to alertmanager. Must match the key within configuration loaded from ConfigMap/Secret. | `alertmanager.yml` +`alertmanager.ingress.enabled` | If true, alertmanager Ingress will be created | `false` +`alertmanager.ingress.annotations` | alertmanager Ingress annotations | `{}` +`alertmanager.ingress.extraLabels` | alertmanager Ingress additional labels | `{}` +`alertmanager.ingress.hosts` | alertmanager Ingress hostnames | `[]` +`alertmanager.ingress.extraPaths` | Ingress extra paths to prepend to every alertmanager host configuration. Useful when configuring [custom actions with AWS ALB Ingress Controller](https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/ingress/annotation/#actions) | `[]` +`alertmanager.ingress.tls` | alertmanager Ingress TLS configuration (YAML) | `[]` +`alertmanager.nodeSelector` | node labels for alertmanager pod assignment | `{}` +`alertmanager.tolerations` | node taints to tolerate (requires Kubernetes >=1.6) | `[]` +`alertmanager.affinity` | pod affinity | `{}` +`alertmanager.podDisruptionBudget.enabled` | If true, create a PodDisruptionBudget | `false` +`alertmanager.podDisruptionBudget.maxUnavailable` | Maximum unavailable instances in PDB | `1` +`alertmanager.schedulerName` | alertmanager alternate scheduler name | `nil` +`alertmanager.persistentVolume.enabled` | If true, alertmanager will create a Persistent Volume Claim | `true` +`alertmanager.persistentVolume.accessModes` | alertmanager data Persistent Volume access modes | `[ReadWriteOnce]` +`alertmanager.persistentVolume.annotations` | Annotations for alertmanager Persistent Volume Claim | `{}` +`alertmanager.persistentVolume.existingClaim` | alertmanager data Persistent Volume existing claim name | `""` +`alertmanager.persistentVolume.mountPath` | alertmanager data Persistent Volume mount root path | `/data` +`alertmanager.persistentVolume.size` | alertmanager data Persistent Volume size | `2Gi` +`alertmanager.persistentVolume.storageClass` | alertmanager data Persistent Volume Storage Class | `unset` +`alertmanager.persistentVolume.volumeBindingMode` | alertmanager data Persistent Volume Binding Mode | `unset` +`alertmanager.persistentVolume.subPath` | Subdirectory of alertmanager data Persistent Volume to mount | `""` +`alertmanager.podAnnotations` | annotations to be added to alertmanager pods | `{}` +`alertmanager.podLabels` | labels to be added to Prometheus AlertManager pods | `{}` +`alertmanager.podSecurityPolicy.annotations` | Specify pod annotations in the pod security policy | `{}` | +`alertmanager.replicaCount` | desired number of alertmanager pods | `1` +`alertmanager.statefulSet.enabled` | If true, use a statefulset instead of a deployment for pod management | `false` +`alertmanager.statefulSet.podManagementPolicy` | podManagementPolicy of alertmanager pods | `OrderedReady` +`alertmanager.statefulSet.headless.annotations` | annotations for alertmanager headless service | `{}` +`alertmanager.statefulSet.headless.labels` | labels for alertmanager headless service | `{}` +`alertmanager.statefulSet.headless.enableMeshPeer` | If true, enable the mesh peer endpoint for the headless service | `{}` +`alertmanager.statefulSet.headless.servicePort` | alertmanager headless service port | `80` +`alertmanager.priorityClassName` | alertmanager priorityClassName | `nil` +`alertmanager.resources` | alertmanager pod resource requests & limits | `{}` +`alertmanager.securityContext` | Custom [security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for Alert Manager containers | `{}` +`alertmanager.service.annotations` | annotations for alertmanager service | `{}` +`alertmanager.service.clusterIP` | internal alertmanager cluster service IP | `""` +`alertmanager.service.externalIPs` | alertmanager service external IP addresses | `[]` +`alertmanager.service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""` +`alertmanager.service.loadBalancerSourceRanges` | list of IP CIDRs allowed access to load balancer (if supported) | `[]` +`alertmanager.service.servicePort` | alertmanager service port | `80` +`alertmanager.service.sessionAffinity` | Session Affinity for alertmanager service, can be `None` or `ClientIP` | `None` +`alertmanager.service.type` | type of alertmanager service to create | `ClusterIP` +`alertmanager.strategy` | Deployment strategy | `{ "type": "RollingUpdate" }` +`alertmanagerFiles.alertmanager.yml` | Prometheus alertmanager configuration | example configuration +`configmapReload.prometheus.enabled` | If false, the configmap-reload container for Prometheus will not be deployed | `true` +`configmapReload.prometheus.name` | configmap-reload container name | `configmap-reload` +`configmapReload.prometheus.image.repository` | configmap-reload container image repository | `jimmidyson/configmap-reload` +`configmapReload.prometheus.image.tag` | configmap-reload container image tag | `v0.3.0` +`configmapReload.prometheus.image.pullPolicy` | configmap-reload container image pull policy | `IfNotPresent` +`configmapReload.prometheus.extraArgs` | Additional configmap-reload container arguments | `{}` +`configmapReload.prometheus.extraVolumeDirs` | Additional configmap-reload volume directories | `{}` +`configmapReload.prometheus.extraConfigmapMounts` | Additional configmap-reload configMap mounts | `[]` +`configmapReload.prometheus.resources` | configmap-reload pod resource requests & limits | `{}` +`configmapReload.alertmanager.enabled` | If false, the configmap-reload container for AlertManager will not be deployed | `true` +`configmapReload.alertmanager.name` | configmap-reload container name | `configmap-reload` +`configmapReload.alertmanager.image.repository` | configmap-reload container image repository | `jimmidyson/configmap-reload` +`configmapReload.alertmanager.image.tag` | configmap-reload container image tag | `v0.3.0` +`configmapReload.alertmanager.image.pullPolicy` | configmap-reload container image pull policy | `IfNotPresent` +`configmapReload.alertmanager.extraArgs` | Additional configmap-reload container arguments | `{}` +`configmapReload.alertmanager.extraVolumeDirs` | Additional configmap-reload volume directories | `{}` +`configmapReload.alertmanager.extraConfigmapMounts` | Additional configmap-reload configMap mounts | `[]` +`configmapReload.alertmanager.resources` | configmap-reload pod resource requests & limits | `{}` +`initChownData.enabled` | If false, don't reset data ownership at startup | true +`initChownData.name` | init-chown-data container name | `init-chown-data` +`initChownData.image.repository` | init-chown-data container image repository | `busybox` +`initChownData.image.tag` | init-chown-data container image tag | `latest` +`initChownData.image.pullPolicy` | init-chown-data container image pull policy | `IfNotPresent` +`initChownData.resources` | init-chown-data pod resource requests & limits | `{}` +`kubeStateMetrics.enabled` | If true, create kube-state-metrics sub-chart, see the [kube-state-metrics chart for configuration options](https://github.com/helm/charts/tree/master/stable/kube-state-metrics) | `true` +`nodeExporter.enabled` | If true, create node-exporter | `true` +`nodeExporter.name` | node-exporter container name | `node-exporter` +`nodeExporter.image.repository` | node-exporter container image repository| `prom/node-exporter` +`nodeExporter.image.tag` | node-exporter container image tag | `v0.18.1` +`nodeExporter.image.pullPolicy` | node-exporter container image pull policy | `IfNotPresent` +`nodeExporter.extraArgs` | Additional node-exporter container arguments | `{}` +`nodeExporter.extraHostPathMounts` | Additional node-exporter hostPath mounts | `[]` +`nodeExporter.extraConfigmapMounts` | Additional node-exporter configMap mounts | `[]` +`nodeExporter.hostNetwork` | If true, node-exporter pods share the host network namespace | `true` +`nodeExporter.hostPID` | If true, node-exporter pods share the host PID namespace | `true` +`nodeExporter.nodeSelector` | node labels for node-exporter pod assignment | `{}` +`nodeExporter.podAnnotations` | annotations to be added to node-exporter pods | `{}` +`nodeExporter.pod.labels` | labels to be added to node-exporter pods | `{}` +`nodeExporter.podDisruptionBudget.enabled` | If true, create a PodDisruptionBudget | `false` +`nodeExporter.podDisruptionBudget.maxUnavailable` | Maximum unavailable instances in PDB | `1` +`nodeExporter.podSecurityPolicy.annotations` | Specify pod annotations in the pod security policy | `{}` | +`nodeExporter.podSecurityPolicy.enabled` | Specify if a Pod Security Policy for node-exporter must be created | `false` +`nodeExporter.tolerations` | node taints to tolerate (requires Kubernetes >=1.6) | `[]` +`nodeExporter.priorityClassName` | node-exporter priorityClassName | `nil` +`nodeExporter.resources` | node-exporter resource requests and limits (YAML) | `{}` +`nodeExporter.securityContext` | securityContext for containers in pod | `{}` +`nodeExporter.service.annotations` | annotations for node-exporter service | `{prometheus.io/scrape: "true"}` +`nodeExporter.service.clusterIP` | internal node-exporter cluster service IP | `None` +`nodeExporter.service.externalIPs` | node-exporter service external IP addresses | `[]` +`nodeExporter.service.hostPort` | node-exporter service host port | `9100` +`nodeExporter.service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""` +`nodeExporter.service.loadBalancerSourceRanges` | list of IP CIDRs allowed access to load balancer (if supported) | `[]` +`nodeExporter.service.servicePort` | node-exporter service port | `9100` +`nodeExporter.service.type` | type of node-exporter service to create | `ClusterIP` +`podSecurityPolicy.enabled` | If true, create & use pod security policies resources | `false` +`pushgateway.enabled` | If true, create pushgateway | `true` +`pushgateway.name` | pushgateway container name | `pushgateway` +`pushgateway.image.repository` | pushgateway container image repository | `prom/pushgateway` +`pushgateway.image.tag` | pushgateway container image tag | `v1.0.1` +`pushgateway.image.pullPolicy` | pushgateway container image pull policy | `IfNotPresent` +`pushgateway.extraArgs` | Additional pushgateway container arguments | `{}` +`pushgateway.ingress.enabled` | If true, pushgateway Ingress will be created | `false` +`pushgateway.ingress.annotations` | pushgateway Ingress annotations | `{}` +`pushgateway.ingress.hosts` | pushgateway Ingress hostnames | `[]` +`pushgateway.ingress.extraPaths` | Ingress extra paths to prepend to every pushgateway host configuration. Useful when configuring [custom actions with AWS ALB Ingress Controller](https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/ingress/annotation/#actions) | `[]` +`pushgateway.ingress.tls` | pushgateway Ingress TLS configuration (YAML) | `[]` +`pushgateway.nodeSelector` | node labels for pushgateway pod assignment | `{}` +`pushgateway.podAnnotations` | annotations to be added to pushgateway pods | `{}` +`pushgateway.podSecurityPolicy.annotations` | Specify pod annotations in the pod security policy | `{}` | +`pushgateway.tolerations` | node taints to tolerate (requires Kubernetes >=1.6) | `[]` +`pushgateway.replicaCount` | desired number of pushgateway pods | `1` +`pushgateway.podDisruptionBudget.enabled` | If true, create a PodDisruptionBudget | `false` +`pushgateway.podDisruptionBudget.maxUnavailable` | Maximum unavailable instances in PDB | `1` +`pushgateway.schedulerName` | pushgateway alternate scheduler name | `nil` +`pushgateway.persistentVolume.enabled` | If true, Prometheus pushgateway will create a Persistent Volume Claim | `false` +`pushgateway.persistentVolume.accessModes` | Prometheus pushgateway data Persistent Volume access modes | `[ReadWriteOnce]` +`pushgateway.persistentVolume.annotations` | Prometheus pushgateway data Persistent Volume annotations | `{}` +`pushgateway.persistentVolume.existingClaim` | Prometheus pushgateway data Persistent Volume existing claim name | `""` +`pushgateway.persistentVolume.mountPath` | Prometheus pushgateway data Persistent Volume mount root path | `/data` +`pushgateway.persistentVolume.size` | Prometheus pushgateway data Persistent Volume size | `2Gi` +`pushgateway.persistentVolume.storageClass` | Prometheus pushgateway data Persistent Volume Storage Class | `unset` +`pushgateway.persistentVolume.volumeBindingMode` | Prometheus pushgateway data Persistent Volume Binding Mode | `unset` +`pushgateway.persistentVolume.subPath` | Subdirectory of Prometheus server data Persistent Volume to mount | `""` +`pushgateway.priorityClassName` | pushgateway priorityClassName | `nil` +`pushgateway.resources` | pushgateway pod resource requests & limits | `{}` +`pushgateway.service.annotations` | annotations for pushgateway service | `{}` +`pushgateway.service.clusterIP` | internal pushgateway cluster service IP | `""` +`pushgateway.service.externalIPs` | pushgateway service external IP addresses | `[]` +`pushgateway.service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""` +`pushgateway.service.loadBalancerSourceRanges` | list of IP CIDRs allowed access to load balancer (if supported) | `[]` +`pushgateway.service.servicePort` | pushgateway service port | `9091` +`pushgateway.service.type` | type of pushgateway service to create | `ClusterIP` +`pushgateway.strategy` | Deployment strategy | `{ "type": "RollingUpdate" }` +`rbac.create` | If true, create & use RBAC resources | `true` +`server.enabled` | If false, Prometheus server will not be created | `true` +`server.name` | Prometheus server container name | `server` +`server.image.repository` | Prometheus server container image repository | `prom/prometheus` +`server.image.tag` | Prometheus server container image tag | `v2.16.0` +`server.image.pullPolicy` | Prometheus server container image pull policy | `IfNotPresent` +`server.configPath` | Path to a prometheus server config file on the container FS | `/etc/config/prometheus.yml` +`server.global.scrape_interval` | How frequently to scrape targets by default | `1m` +`server.global.scrape_timeout` | How long until a scrape request times out | `10s` +`server.global.evaluation_interval` | How frequently to evaluate rules | `1m` +`server.remoteWrite` | The remote write feature of Prometheus allow transparently sending samples. | `{}` +`server.remoteRead` | The remote read feature of Prometheus allow transparently receiving samples. | `{}` +`server.extraArgs` | Additional Prometheus server container arguments | `{}` +`server.extraFlags` | Additional Prometheus server container flags | `["web.enable-lifecycle"]` +`server.extraInitContainers` | Init containers to launch alongside the server | `[]` +`server.prefixURL` | The prefix slug at which the server can be accessed | `` +`server.baseURL` | The external url at which the server can be accessed | `` +`server.env` | Prometheus server environment variables | `[]` +`server.extraHostPathMounts` | Additional Prometheus server hostPath mounts | `[]` +`server.extraConfigmapMounts` | Additional Prometheus server configMap mounts | `[]` +`server.extraSecretMounts` | Additional Prometheus server Secret mounts | `[]` +`server.extraVolumeMounts` | Additional Prometheus server Volume mounts | `[]` +`server.extraVolumes` | Additional Prometheus server Volumes | `[]` +`server.configMapOverrideName` | Prometheus server ConfigMap override where full-name is `{{.Release.Name}}-{{.Values.server.configMapOverrideName}}` and setting this value will prevent the default server ConfigMap from being generated | `""` +`server.ingress.enabled` | If true, Prometheus server Ingress will be created | `false` +`server.ingress.annotations` | Prometheus server Ingress annotations | `[]` +`server.ingress.extraLabels` | Prometheus server Ingress additional labels | `{}` +`server.ingress.hosts` | Prometheus server Ingress hostnames | `[]` +`server.ingress.extraPaths` | Ingress extra paths to prepend to every Prometheus server host configuration. Useful when configuring [custom actions with AWS ALB Ingress Controller](https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/ingress/annotation/#actions) | `[]` +`server.ingress.tls` | Prometheus server Ingress TLS configuration (YAML) | `[]` +`server.nodeSelector` | node labels for Prometheus server pod assignment | `{}` +`server.tolerations` | node taints to tolerate (requires Kubernetes >=1.6) | `[]` +`server.affinity` | pod affinity | `{}` +`server.podDisruptionBudget.enabled` | If true, create a PodDisruptionBudget | `false` +`server.podDisruptionBudget.maxUnavailable` | Maximum unavailable instances in PDB | `1` +`server.priorityClassName` | Prometheus server priorityClassName | `nil` +`server.schedulerName` | Prometheus server alternate scheduler name | `nil` +`server.persistentVolume.enabled` | If true, Prometheus server will create a Persistent Volume Claim | `true` +`server.persistentVolume.accessModes` | Prometheus server data Persistent Volume access modes | `[ReadWriteOnce]` +`server.persistentVolume.annotations` | Prometheus server data Persistent Volume annotations | `{}` +`server.persistentVolume.existingClaim` | Prometheus server data Persistent Volume existing claim name | `""` +`server.persistentVolume.mountPath` | Prometheus server data Persistent Volume mount root path | `/data` +`server.persistentVolume.size` | Prometheus server data Persistent Volume size | `8Gi` +`server.persistentVolume.storageClass` | Prometheus server data Persistent Volume Storage Class | `unset` +`server.persistentVolume.volumeBindingMode` | Prometheus server data Persistent Volume Binding Mode | `unset` +`server.persistentVolume.subPath` | Subdirectory of Prometheus server data Persistent Volume to mount | `""` +`server.emptyDir.sizeLimit` | emptyDir sizeLimit if a Persistent Volume is not used | `""` +`server.podAnnotations` | annotations to be added to Prometheus server pods | `{}` +`server.podLabels` | labels to be added to Prometheus server pods | `{}` +`server.alertmanagers` | Prometheus AlertManager configuration for the Prometheus server | `{}` +`server.deploymentAnnotations` | annotations to be added to Prometheus server deployment | `{}` +`server.podSecurityPolicy.annotations` | Specify pod annotations in the pod security policy | `{}` | +`server.replicaCount` | desired number of Prometheus server pods | `1` +`server.statefulSet.enabled` | If true, use a statefulset instead of a deployment for pod management | `false` +`server.statefulSet.annotations` | annotations to be added to Prometheus server stateful set | `{}` +`server.statefulSet.labels` | labels to be added to Prometheus server stateful set | `{}` +`server.statefulSet.podManagementPolicy` | podManagementPolicy of server pods | `OrderedReady` +`server.statefulSet.headless.annotations` | annotations for Prometheus server headless service | `{}` +`server.statefulSet.headless.labels` | labels for Prometheus server headless service | `{}` +`server.statefulSet.headless.servicePort` | Prometheus server headless service port | `80` +`server.resources` | Prometheus server resource requests and limits | `{}` +`server.verticalAutoscaler.enabled` | If true a VPA object will be created for the controller (either StatefulSet or Deployemnt, based on above configs) | `false` +`server.securityContext` | Custom [security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for server containers | `{}` +`server.service.annotations` | annotations for Prometheus server service | `{}` +`server.service.clusterIP` | internal Prometheus server cluster service IP | `""` +`server.service.externalIPs` | Prometheus server service external IP addresses | `[]` +`server.service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""` +`server.service.loadBalancerSourceRanges` | list of IP CIDRs allowed access to load balancer (if supported) | `[]` +`server.service.nodePort` | Port to be used as the service NodePort (ignored if `server.service.type` is not `NodePort`) | `0` +`server.service.servicePort` | Prometheus server service port | `80` +`server.service.sessionAffinity` | Session Affinity for server service, can be `None` or `ClientIP` | `None` +`server.service.type` | type of Prometheus server service to create | `ClusterIP` +`server.service.gRPC.enabled` | If true, open a second port on the service for gRPC | `false` +`server.service.gRPC.servicePort` | Prometheus service gRPC port, (ignored if `server.service.gRPC.enabled` is not `true`) | `10901` +`server.service.gRPC.nodePort` | Port to be used as gRPC nodePort in the prometheus service | `0` +`server.service.statefulsetReplica.enabled` | If true, send the traffic from the service to only one replica of the replicaset | `false` +`server.service.statefulsetReplica.replica` | Which replica to send the traffice to | `0` +`server.sidecarContainers` | array of snippets with your sidecar containers for prometheus server | `""` +`server.strategy` | Deployment strategy | `{ "type": "RollingUpdate" }` +`serviceAccounts.alertmanager.create` | If true, create the alertmanager service account | `true` +`serviceAccounts.alertmanager.name` | name of the alertmanager service account to use or create | `{{ prometheus.alertmanager.fullname }}` +`serviceAccounts.kubeStateMetrics.create` | If true, create the kubeStateMetrics service account | `true` +`serviceAccounts.kubeStateMetrics.name` | name of the kubeStateMetrics service account to use or create | `{{ prometheus.kubeStateMetrics.fullname }}` +`serviceAccounts.nodeExporter.create` | If true, create the nodeExporter service account | `true` +`serviceAccounts.nodeExporter.name` | name of the nodeExporter service account to use or create | `{{ prometheus.nodeExporter.fullname }}` +`serviceAccounts.pushgateway.create` | If true, create the pushgateway service account | `true` +`serviceAccounts.pushgateway.name` | name of the pushgateway service account to use or create | `{{ prometheus.pushgateway.fullname }}` +`serviceAccounts.server.create` | If true, create the server service account | `true` +`serviceAccounts.server.name` | name of the server service account to use or create | `{{ prometheus.server.fullname }}` +`server.terminationGracePeriodSeconds` | Prometheus server Pod termination grace period | `300` +`server.retention` | (optional) Prometheus data retention | `"15d"` +`serverFiles.alerts` | (Deprecated) Prometheus server alerts configuration | `{}` +`serverFiles.rules` | (Deprecated) Prometheus server rules configuration | `{}` +`serverFiles.alerting_rules.yml` | Prometheus server alerts configuration | `{}` +`serverFiles.recording_rules.yml` | Prometheus server rules configuration | `{}` +`serverFiles.prometheus.yml` | Prometheus server scrape configuration | example configuration +`extraScrapeConfigs` | Prometheus server additional scrape configuration | "" +`alertRelabelConfigs` | Prometheus server [alert relabeling configs](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs) for H/A prometheus | "" +`networkPolicy.enabled` | Enable NetworkPolicy | `false` | + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```console +$ helm install stable/prometheus --name my-release \ + --set server.terminationGracePeriodSeconds=360 +``` + +Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, + +```console +$ helm install stable/prometheus --name my-release -f values.yaml +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) + +Note that you have multiple yaml files. This is particularly useful when you have alerts belonging to multiple services in the cluster. For example, + +```yaml +# values.yaml +# ... + +# service1-alert.yaml +serverFiles: + alerts: + service1: + - alert: anAlert + # ... + +# service2-alert.yaml +serverFiles: + alerts: + service2: + - alert: anAlert + # ... +``` + +```console +$ helm install stable/prometheus --name my-release -f values.yaml -f service1-alert.yaml -f service2-alert.yaml +``` + +### RBAC Configuration +Roles and RoleBindings resources will be created automatically for `server` and `kubeStateMetrics` services. + +To manually setup RBAC you need to set the parameter `rbac.create=false` and specify the service account to be used for each service by setting the parameters: `serviceAccounts.{{ component }}.create` to `false` and `serviceAccounts.{{ component }}.name` to the name of a pre-existing service account. + +> **Tip**: You can refer to the default `*-clusterrole.yaml` and `*-clusterrolebinding.yaml` files in [templates](templates/) to customize your own. + +### ConfigMap Files +AlertManager is configured through [alertmanager.yml](https://prometheus.io/docs/alerting/configuration/). This file (and any others listed in `alertmanagerFiles`) will be mounted into the `alertmanager` pod. + +Prometheus is configured through [prometheus.yml](https://prometheus.io/docs/operating/configuration/). This file (and any others listed in `serverFiles`) will be mounted into the `server` pod. + +### Ingress TLS +If your cluster allows automatic creation/retrieval of TLS certificates (e.g. [kube-lego](https://github.com/jetstack/kube-lego)), please refer to the documentation for that mechanism. + +To manually configure TLS, first create/retrieve a key & certificate pair for the address(es) you wish to protect. Then create a TLS secret in the namespace: + +```console +kubectl create secret tls prometheus-server-tls --cert=path/to/tls.cert --key=path/to/tls.key +``` + +Include the secret's name, along with the desired hostnames, in the alertmanager/server Ingress TLS section of your custom `values.yaml` file: + +```yaml +server: + ingress: + ## If true, Prometheus server Ingress will be created + ## + enabled: true + + ## Prometheus server Ingress hostnames + ## Must be provided if Ingress is enabled + ## + hosts: + - prometheus.domain.com + + ## Prometheus server Ingress TLS configuration + ## Secrets must be manually created in the namespace + ## + tls: + - secretName: prometheus-server-tls + hosts: + - prometheus.domain.com +``` + +### NetworkPolicy + +Enabling Network Policy for Prometheus will secure connections to Alert Manager +and Kube State Metrics by only accepting connections from Prometheus Server. +All inbound connections to Prometheus Server are still allowed. + +To enable network policy for Prometheus, install a networking plugin that +implements the Kubernetes NetworkPolicy spec, and set `networkPolicy.enabled` to true. + +If NetworkPolicy is enabled for Prometheus' scrape targets, you may also need +to manually create a networkpolicy which allows it. diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/.helmignore b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/.helmignore new file mode 100644 index 000000000..f0c131944 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/Chart.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/Chart.yaml new file mode 100644 index 000000000..7752ccb44 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/Chart.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +appVersion: 1.9.5 +description: Install kube-state-metrics to generate and expose cluster-level metrics +home: https://github.com/kubernetes/kube-state-metrics/ +keywords: +- metric +- monitoring +- prometheus +- kubernetes +maintainers: +- email: jose@armesto.net + name: fiunchinho +- email: tariq.ibrahim@mulesoft.com + name: tariq1890 +- email: manuel@rueg.eu + name: mrueg +name: kube-state-metrics +sources: +- https://github.com/kubernetes/kube-state-metrics/ +version: 2.7.2 diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/OWNERS b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/OWNERS new file mode 100644 index 000000000..6ffd97d74 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/OWNERS @@ -0,0 +1,8 @@ +approvers: +- fiunchinho +- tariq1890 +- mrueg +reviewers: +- fiunchinho +- tariq1890 +- mrueg diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/README.md b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/README.md new file mode 100644 index 000000000..5c6456983 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/README.md @@ -0,0 +1,73 @@ +# kube-state-metrics Helm Chart + +* Installs the [kube-state-metrics agent](https://github.com/kubernetes/kube-state-metrics). + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```bash +$ helm install stable/kube-state-metrics +``` + +## Configuration + +| Parameter | Description | Default | +|:---------------------------------------------|:--------------------------------------------------------------------------------------|:-------------------------------------------| +| `image.repository` | The image repository to pull from | quay.io/coreos/kube-state-metrics | +| `image.tag` | The image tag to pull from | `v1.9.5` | +| `image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `replicas` | Number of replicas | `1` | +| `autosharding.enabled` | Set to `true` to automatically shard data across `replicas` pods. EXPERIMENTAL | `false` | +| `service.port` | The port of the container | `8080` | +| `service.annotations` | Annotations to be added to the service | `{}` | +| `customLabels` | Custom labels to apply to service, deployment and pods | `{}` | +| `hostNetwork` | Whether or not to use the host network | `false` | +| `prometheusScrape` | Whether or not enable prom scrape | `true` | +| `rbac.create` | If true, create & use RBAC resources | `true` | +| `serviceAccount.create` | If true, create & use serviceAccount | `true` | +| `serviceAccount.name` | If not set & create is true, use template fullname | | +| `serviceAccount.imagePullSecrets` | Specify image pull secrets field | `[]` | +| `podSecurityPolicy.enabled` | If true, create & use PodSecurityPolicy resources | `false` | +| `podSecurityPolicy.annotations` | Specify pod annotations in the pod security policy | {} | +| `securityContext.enabled` | Enable security context | `true` | +| `securityContext.fsGroup` | Group ID for the container | `65534` | +| `securityContext.runAsUser` | User ID for the container | `65534` | +| `priorityClassName` | Name of Priority Class to assign pods | `nil` | +| `nodeSelector` | Node labels for pod assignment | {} | +| `affinity` | Affinity settings for pod assignment | {} | +| `tolerations` | Tolerations for pod assignment | [] | +| `podAnnotations` | Annotations to be added to the pod | {} | +| `resources` | kube-state-metrics resource requests and limits | {} | +| `collectors.certificatesigningrequests` | Enable the certificatesigningrequests collector. | `true` | +| `collectors.configmaps` | Enable the configmaps collector. | `true` | +| `collectors.cronjobs` | Enable the cronjobs collector. | `true` | +| `collectors.daemonsets` | Enable the daemonsets collector. | `true` | +| `collectors.deployments` | Enable the deployments collector. | `true` | +| `collectors.endpoints` | Enable the endpoints collector. | `true` | +| `collectors.horizontalpodautoscalers` | Enable the horizontalpodautoscalers collector. | `true` | +| `collectors.ingresses` | Enable the ingresses collector. | `true` | +| `collectors.jobs` | Enable the jobs collector. | `true` | +| `collectors.limitranges` | Enable the limitranges collector. | `true` | +| `collectors.mutatingwebhookconfigurations` | Enable the mutatingwebhookconfigurations collector. | `false` | +| `collectors.namespaces` | Enable the namespaces collector. | `true` | +| `collectors.nodes` | Enable the nodes collector. | `true` | +| `collectors.persistentvolumeclaims` | Enable the persistentvolumeclaims collector. | `true` | +| `collectors.persistentvolumes` | Enable the persistentvolumes collector. | `true` | +| `collectors.poddisruptionbudgets` | Enable the poddisruptionbudgets collector. | `true` | +| `collectors.pods` | Enable the pods collector. | `true` | +| `collectors.replicasets` | Enable the replicasets collector. | `true` | +| `collectors.replicationcontrollers` | Enable the replicationcontrollers collector. | `true` | +| `collectors.resourcequotas` | Enable the resourcequotas collector. | `true` | +| `collectors.secrets` | Enable the secrets collector. | `true` | +| `collectors.services` | Enable the services collector. | `true` | +| `collectors.statefulsets` | Enable the statefulsets collector. | `true` | +| `collectors.storageclasses` | Enable the storageclasses collector. | `true` | +| `collectors.validatingwebhookconfigurations` | Enable the validatingwebhookconfigurations collector. | `false` | +| `collectors.verticalpodautoscalers` | Enable the verticalpodautoscalers collector. | `false` | +| `collectors.volumeattachments` | Enable the volumeattachments collector. | `false` | +| `prometheus.monitor.enabled` | Set this to `true` to create ServiceMonitor for Prometheus operator | `false` | +| `prometheus.monitor.additionalLabels` | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus | `{}` | +| `prometheus.monitor.namespace` | Namespace where servicemonitor resource should be created | `the same namespace as kube-state-metrics` | +| `prometheus.monitor.honorLabels` | Honor metric labels | `false` | +| `namespaceOverride` | Override the deployment namespace | `""` (`Release.Namespace`) | diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/NOTES.txt b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/NOTES.txt new file mode 100644 index 000000000..5a646e0cc --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/NOTES.txt @@ -0,0 +1,10 @@ +kube-state-metrics is a simple service that listens to the Kubernetes API server and generates metrics about the state of the objects. +The exposed metrics can be found here: +https://github.com/kubernetes/kube-state-metrics/blob/master/docs/README.md#exposed-metrics + +The metrics are exported on the HTTP endpoint /metrics on the listening port. +In your case, {{ template "kube-state-metrics.fullname" . }}.{{ template "kube-state-metrics.namespace" . }}.svc.cluster.local:{{ .Values.service.port }}/metrics + +They are served either as plaintext or protobuf depending on the Accept header. +They are designed to be consumed either by Prometheus itself or by a scraper that is compatible with scraping a Prometheus client endpoint. + diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/_helpers.tpl b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/_helpers.tpl new file mode 100644 index 000000000..6ae0e647f --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/_helpers.tpl @@ -0,0 +1,47 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "kube-state-metrics.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "kube-state-metrics.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "kube-state-metrics.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "kube-state-metrics.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Allow the release namespace to be overridden for multi-namespace deployments in combined charts +*/}} +{{- define "kube-state-metrics.namespace" -}} + {{- if .Values.namespaceOverride -}} + {{- .Values.namespaceOverride -}} + {{- else -}} + {{- .Release.Namespace -}} + {{- end -}} +{{- end -}} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/clusterrole.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/clusterrole.yaml new file mode 100644 index 000000000..319aec16c --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/clusterrole.yaml @@ -0,0 +1,180 @@ +{{- if .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + name: {{ template "kube-state-metrics.fullname" . }} +rules: +{{ if .Values.collectors.certificatesigningrequests }} +- apiGroups: ["certificates.k8s.io"] + resources: + - certificatesigningrequests + verbs: ["list", "watch"] +{{ end -}} +{{ if .Values.collectors.configmaps }} +- apiGroups: [""] + resources: + - configmaps + verbs: ["list", "watch"] +{{ end -}} +{{ if .Values.collectors.cronjobs }} +- apiGroups: ["batch"] + resources: + - cronjobs + verbs: ["list", "watch"] +{{ end -}} +{{ if .Values.collectors.daemonsets }} +- apiGroups: ["extensions", "apps"] + resources: + - daemonsets + verbs: ["list", "watch"] +{{ end -}} +{{ if .Values.collectors.deployments }} +- apiGroups: ["extensions", "apps"] + resources: + - deployments + verbs: ["list", "watch"] +{{ end -}} +{{ if .Values.collectors.endpoints }} +- apiGroups: [""] + resources: + - endpoints + verbs: ["list", "watch"] +{{ end -}} +{{ if .Values.collectors.horizontalpodautoscalers }} +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: ["list", "watch"] +{{ end -}} +{{ if .Values.collectors.ingresses }} +- apiGroups: ["extensions", "networking.k8s.io"] + resources: + - ingresses + verbs: ["list", "watch"] +{{ end -}} +{{ if .Values.collectors.jobs }} +- apiGroups: ["batch"] + resources: + - jobs + verbs: ["list", "watch"] +{{ end -}} +{{ if .Values.collectors.limitranges }} +- apiGroups: [""] + resources: + - limitranges + verbs: ["list", "watch"] +{{ end -}} +{{ if .Values.collectors.mutatingwebhookconfigurations }} +- apiGroups: ["admissionregistration.k8s.io"] + resources: + - mutatingwebhookconfigurations + verbs: ["list", "watch"] +{{ end -}} +{{ if .Values.collectors.namespaces }} +- apiGroups: [""] + resources: + - namespaces + verbs: ["list", "watch"] +{{ end -}} +{{ if .Values.collectors.networkpolicies }} +- apiGroups: ["networking.k8s.io"] + resources: + - networkpolicies + verbs: ["list", "watch"] +{{ end -}} +{{ if .Values.collectors.nodes }} +- apiGroups: [""] + resources: + - nodes + verbs: ["list", "watch"] +{{ end -}} +{{ if .Values.collectors.persistentvolumeclaims }} +- apiGroups: [""] + resources: + - persistentvolumeclaims + verbs: ["list", "watch"] +{{ end -}} +{{ if .Values.collectors.persistentvolumes }} +- apiGroups: [""] + resources: + - persistentvolumes + verbs: ["list", "watch"] +{{ end -}} +{{ if .Values.collectors.poddisruptionbudgets }} +- apiGroups: ["policy"] + resources: + - poddisruptionbudgets + verbs: ["list", "watch"] +{{ end -}} +{{ if .Values.collectors.pods }} +- apiGroups: [""] + resources: + - pods + verbs: ["list", "watch"] +{{ end -}} +{{ if .Values.collectors.replicasets }} +- apiGroups: ["extensions", "apps"] + resources: + - replicasets + verbs: ["list", "watch"] +{{ end -}} +{{ if .Values.collectors.replicationcontrollers }} +- apiGroups: [""] + resources: + - replicationcontrollers + verbs: ["list", "watch"] +{{ end -}} +{{ if .Values.collectors.resourcequotas }} +- apiGroups: [""] + resources: + - resourcequotas + verbs: ["list", "watch"] +{{ end -}} +{{ if .Values.collectors.secrets }} +- apiGroups: [""] + resources: + - secrets + verbs: ["list", "watch"] +{{ end -}} +{{ if .Values.collectors.services }} +- apiGroups: [""] + resources: + - services + verbs: ["list", "watch"] +{{ end -}} +{{ if .Values.collectors.statefulsets }} +- apiGroups: ["apps"] + resources: + - statefulsets + verbs: ["list", "watch"] +{{ end -}} +{{ if .Values.collectors.storageclasses }} +- apiGroups: ["storage.k8s.io"] + resources: + - storageclasses + verbs: ["list", "watch"] +{{ end -}} +{{ if .Values.collectors.validatingwebhookconfigurations }} +- apiGroups: ["admissionregistration.k8s.io"] + resources: + - validatingwebhookconfigurations + verbs: ["list", "watch"] +{{ end -}} +{{ if .Values.collectors.volumeattachments }} +- apiGroups: ["storage.k8s.io"] + resources: + - volumeattachments + verbs: ["list", "watch"] +{{ end -}} +{{ if .Values.collectors.verticalpodautoscalers }} +- apiGroups: ["autoscaling.k8s.io"] + resources: + - verticalpodautoscalers + verbs: ["list", "watch"] +{{ end -}} +{{- end -}} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/clusterrolebinding.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..4635985aa --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/clusterrolebinding.yaml @@ -0,0 +1,19 @@ +{{- if .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + name: {{ template "kube-state-metrics.fullname" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-state-metrics.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} +{{- end -}} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/deployment.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/deployment.yaml new file mode 100644 index 000000000..b6affcc20 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/deployment.yaml @@ -0,0 +1,186 @@ +apiVersion: apps/v1 +{{- if .Values.autosharding.enabled }} +kind: StatefulSet +{{- else }} +kind: Deployment +{{- end }} +metadata: + name: {{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + app.kubernetes.io/instance: "{{ .Release.Name }}" + app.kubernetes.io/managed-by: "{{ .Release.Service }}" +{{- if .Values.customLabels }} +{{ toYaml .Values.customLabels | indent 4 }} +{{- end }} +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + replicas: {{ .Values.replicas }} +{{- if .Values.autosharding.enabled }} + serviceName: {{ template "kube-state-metrics.fullname" . }} + volumeClaimTemplates: [] +{{- end }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + app.kubernetes.io/instance: "{{ .Release.Name }}" +{{- if .Values.customLabels }} +{{ toYaml .Values.customLabels | indent 8 }} +{{- end }} +{{- if .Values.podAnnotations }} + annotations: +{{ toYaml .Values.podAnnotations | indent 8 }} +{{- end }} + spec: + hostNetwork: {{ .Values.hostNetwork }} + serviceAccountName: {{ template "kube-state-metrics.serviceAccountName" . }} + {{- if .Values.securityContext.enabled }} + securityContext: + fsGroup: {{ .Values.securityContext.fsGroup }} + runAsUser: {{ .Values.securityContext.runAsUser }} + {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} + {{- end }} + containers: + - name: {{ .Chart.Name }} +{{- if .Values.autosharding.enabled }} + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace +{{- end }} + args: +{{ if .Values.collectors.certificatesigningrequests }} + - --collectors=certificatesigningrequests +{{ end }} +{{ if .Values.collectors.configmaps }} + - --collectors=configmaps +{{ end }} +{{ if .Values.collectors.cronjobs }} + - --collectors=cronjobs +{{ end }} +{{ if .Values.collectors.daemonsets }} + - --collectors=daemonsets +{{ end }} +{{ if .Values.collectors.deployments }} + - --collectors=deployments +{{ end }} +{{ if .Values.collectors.endpoints }} + - --collectors=endpoints +{{ end }} +{{ if .Values.collectors.horizontalpodautoscalers }} + - --collectors=horizontalpodautoscalers +{{ end }} +{{ if .Values.collectors.ingresses }} + - --collectors=ingresses +{{ end }} +{{ if .Values.collectors.jobs }} + - --collectors=jobs +{{ end }} +{{ if .Values.collectors.limitranges }} + - --collectors=limitranges +{{ end }} +{{ if .Values.collectors.mutatingwebhookconfigurations }} + - --collectors=mutatingwebhookconfigurations +{{ end }} +{{ if .Values.collectors.namespaces }} + - --collectors=namespaces +{{ end }} +{{ if .Values.collectors.networkpolicies }} + - --collectors=networkpolicies +{{ end }} +{{ if .Values.collectors.nodes }} + - --collectors=nodes +{{ end }} +{{ if .Values.collectors.persistentvolumeclaims }} + - --collectors=persistentvolumeclaims +{{ end }} +{{ if .Values.collectors.persistentvolumes }} + - --collectors=persistentvolumes +{{ end }} +{{ if .Values.collectors.poddisruptionbudgets }} + - --collectors=poddisruptionbudgets +{{ end }} +{{ if .Values.collectors.pods }} + - --collectors=pods +{{ end }} +{{ if .Values.collectors.replicasets }} + - --collectors=replicasets +{{ end }} +{{ if .Values.collectors.replicationcontrollers }} + - --collectors=replicationcontrollers +{{ end }} +{{ if .Values.collectors.resourcequotas }} + - --collectors=resourcequotas +{{ end }} +{{ if .Values.collectors.secrets }} + - --collectors=secrets +{{ end }} +{{ if .Values.collectors.services }} + - --collectors=services +{{ end }} +{{ if .Values.collectors.statefulsets }} + - --collectors=statefulsets +{{ end }} +{{ if .Values.collectors.storageclasses }} + - --collectors=storageclasses +{{ end }} +{{ if .Values.collectors.validatingwebhookconfigurations }} + - --collectors=validatingwebhookconfigurations +{{ end }} +{{ if .Values.collectors.verticalpodautoscalers }} + - --collectors=verticalpodautoscalers +{{ end }} +{{ if .Values.collectors.volumeattachments }} + - --collectors=volumeattachments +{{ end }} +{{ if .Values.namespace }} + - --namespace={{ .Values.namespace }} +{{ end }} +{{ if .Values.autosharding.enabled }} + - --pod=$(POD_NAME) + - --pod-namespace=$(POD_NAMESPACE) +{{ end }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + ports: + - containerPort: 8080 + livenessProbe: + httpGet: + path: /healthz + port: 8080 + initialDelaySeconds: 5 + timeoutSeconds: 5 + readinessProbe: + httpGet: + path: / + port: 8080 + initialDelaySeconds: 5 + timeoutSeconds: 5 +{{- if .Values.resources }} + resources: +{{ toYaml .Values.resources | indent 10 }} +{{- end }} +{{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} +{{- end }} +{{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} +{{- end }} +{{- if .Values.tolerations }} + tolerations: +{{ toYaml .Values.tolerations | indent 8 }} +{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/podsecuritypolicy.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/podsecuritypolicy.yaml new file mode 100644 index 000000000..aeff11791 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/podsecuritypolicy.yaml @@ -0,0 +1,39 @@ +{{- if .Values.podSecurityPolicy.enabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "kube-state-metrics.fullname" . }} + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Values.podSecurityPolicy.annotations }} + annotations: +{{ toYaml .Values.podSecurityPolicy.annotations | indent 4 }} +{{- end }} +spec: + privileged: false + volumes: + - 'secret' + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 1 + max: 65535 + readOnlyRootFilesystem: false +{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/psp-clusterrole.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/psp-clusterrole.yaml new file mode 100644 index 000000000..dcd65e13e --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/psp-clusterrole.yaml @@ -0,0 +1,17 @@ +{{- if and .Values.podSecurityPolicy.enabled -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + name: psp-{{ template "kube-state-metrics.fullname" . }} +rules: +- apiGroups: ['extensions'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "kube-state-metrics.fullname" . }} +{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/psp-clusterrolebinding.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/psp-clusterrolebinding.yaml new file mode 100644 index 000000000..a206e640d --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/psp-clusterrolebinding.yaml @@ -0,0 +1,19 @@ +{{- if and .Values.podSecurityPolicy.enabled -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + name: psp-{{ template "kube-state-metrics.fullname" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: psp-{{ template "kube-state-metrics.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} +{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/service.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/service.yaml new file mode 100644 index 000000000..5dacf5217 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/service.yaml @@ -0,0 +1,36 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + app.kubernetes.io/instance: "{{ .Release.Name }}" + app.kubernetes.io/managed-by: "{{ .Release.Service }}" +{{- if .Values.customLabels }} +{{ toYaml .Values.customLabels | indent 4 }} +{{- end }} + annotations: + {{- if .Values.prometheusScrape }} + prometheus.io/scrape: '{{ .Values.prometheusScrape }}' + {{- end }} + {{- if .Values.service.annotations }} + {{- toYaml .Values.service.annotations | nindent 4 }} + {{- end }} +spec: + type: "{{ .Values.service.type }}" + ports: + - name: "http" + protocol: TCP + port: {{ .Values.service.port }} + {{- if .Values.service.nodePort }} + nodePort: {{ .Values.service.nodePort }} + {{- end }} + targetPort: 8080 +{{- if .Values.service.loadBalancerIP }} + loadBalancerIP: "{{ .Values.service.loadBalancerIP }}" +{{- end }} + selector: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/serviceaccount.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/serviceaccount.yaml new file mode 100644 index 000000000..32bb1640f --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/serviceaccount.yaml @@ -0,0 +1,14 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + name: {{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} +imagePullSecrets: +{{ toYaml .Values.serviceAccount.imagePullSecrets | indent 2 }} +{{- end -}} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/servicemonitor.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/servicemonitor.yaml new file mode 100644 index 000000000..54cde362d --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/servicemonitor.yaml @@ -0,0 +1,25 @@ +{{- if .Values.prometheus.monitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + app.kubernetes.io/instance: "{{ .Release.Name }}" + app.kubernetes.io/managed-by: "{{ .Release.Service }}" + {{- if .Values.prometheus.monitor.additionalLabels }} +{{ toYaml .Values.prometheus.monitor.additionalLabels | indent 4 }} + {{- end }} +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + endpoints: + - port: http + {{- if .Values.prometheus.monitor.honorLabels }} + honorLabels: true + {{- end }} +{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/stsdiscovery-role.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/stsdiscovery-role.yaml new file mode 100644 index 000000000..bf5396072 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/stsdiscovery-role.yaml @@ -0,0 +1,27 @@ +{{- if and .Values.autosharding.enabled .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get +- apiGroups: + - apps + resourceNames: + - kube-state-metrics + resources: + - statefulsets + verbs: + - get +{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml new file mode 100644 index 000000000..6a2e5bfe7 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml @@ -0,0 +1,20 @@ +{{- if and .Values.autosharding.enabled .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} +{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/values.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/values.yaml new file mode 100644 index 000000000..888ca544b --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/charts/kube-state-metrics/values.yaml @@ -0,0 +1,126 @@ +# Default values for kube-state-metrics. +prometheusScrape: true +image: + repository: quay.io/coreos/kube-state-metrics + tag: v1.9.5 + pullPolicy: IfNotPresent + +# If set to true, this will deploy kube-state-metrics as a StatefulSet and the data +# will be automatically sharded across <.Values.replicas> pods using the built-in +# autodiscovery feature: https://github.com/kubernetes/kube-state-metrics#automated-sharding +# This is an experimental feature and there are no stability guarantees. +autosharding: + enabled: false + +replicas: 1 + +service: + port: 8080 + # Default to clusterIP for backward compatibility + type: ClusterIP + nodePort: 0 + loadBalancerIP: "" + annotations: {} + +customLabels: {} + +hostNetwork: false + +rbac: + # If true, create & use RBAC resources + create: true + +serviceAccount: + # Specifies whether a ServiceAccount should be created, require rbac true + create: true + # The name of the ServiceAccount to use. + # If not set and create is true, a name is generated using the fullname template + name: + # Reference to one or more secrets to be used when pulling images + # ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + imagePullSecrets: [] + +prometheus: + monitor: + enabled: false + additionalLabels: {} + namespace: "" + honorLabels: false + +## Specify if a Pod Security Policy for kube-state-metrics must be created +## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ +## +podSecurityPolicy: + enabled: false + annotations: {} + ## Specify pod annotations + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl + ## + # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' + # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' + # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' + + +securityContext: + enabled: true + runAsUser: 65534 + fsGroup: 65534 + +## Node labels for pod assignment +## Ref: https://kubernetes.io/docs/user-guide/node-selection/ +nodeSelector: {} + +## Affinity settings for pod assignment +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ +affinity: {} + +## Tolerations for pod assignment +## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +tolerations: [] + +# Annotations to be added to the pod +podAnnotations: {} + +## Assign a PriorityClassName to pods if set +# priorityClassName: "" + +# Available collectors for kube-state-metrics. By default all available +# collectors are enabled. +collectors: + certificatesigningrequests: true + configmaps: true + cronjobs: true + daemonsets: true + deployments: true + endpoints: true + horizontalpodautoscalers: true + ingresses: true + jobs: true + limitranges: true + mutatingwebhookconfigurations: false + namespaces: true + networkpolicies: false + nodes: true + persistentvolumeclaims: true + persistentvolumes: true + poddisruptionbudgets: true + pods: true + replicasets: true + replicationcontrollers: true + resourcequotas: true + secrets: false + services: true + statefulsets: true + storageclasses: true + validatingwebhookconfigurations: false + verticalpodautoscalers: false + volumeattachments: false + +# Namespace to be enabled for collecting resources. By default all namespaces are collected. +# namespace: "" + +## Override the deployment namespace +## +namespaceOverride: "" diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/requirements.lock b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/requirements.lock new file mode 100644 index 000000000..4a4bde218 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/requirements.lock @@ -0,0 +1,6 @@ +dependencies: +- name: kube-state-metrics + repository: https://kubernetes-charts.storage.googleapis.com/ + version: 2.7.2 +digest: sha256:695d0dbc2db8bccf5672145697546891da60ff12fbdb4f1bfc02459f4b755e4c +generated: 2020-03-18T18:57:59.00056179Z diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/requirements.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/requirements.yaml new file mode 100644 index 000000000..6e079ae7d --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/requirements.yaml @@ -0,0 +1,7 @@ +dependencies: + + - name: kube-state-metrics + version: "2.7.*" + repository: https://kubernetes-charts.storage.googleapis.com/ + condition: kubeStateMetrics.enabled + diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/NOTES.txt b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/NOTES.txt new file mode 100644 index 000000000..0e8868f0b --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/NOTES.txt @@ -0,0 +1,112 @@ +{{- if .Values.server.enabled -}} +The Prometheus server can be accessed via port {{ .Values.server.service.servicePort }} on the following DNS name from within your cluster: +{{ template "prometheus.server.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local + +{{ if .Values.server.ingress.enabled -}} +From outside the cluster, the server URL(s) are: +{{- range .Values.server.ingress.hosts }} +http://{{ . }} +{{- end }} +{{- else }} +Get the Prometheus server URL by running these commands in the same shell: +{{- if contains "NodePort" .Values.server.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "prometheus.server.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.server.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "prometheus.server.fullname" . }}' + + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "prometheus.server.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo http://$SERVICE_IP:{{ .Values.server.service.servicePort }} +{{- else if contains "ClusterIP" .Values.server.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "prometheus.name" . }},component={{ .Values.server.name }}" -o jsonpath="{.items[0].metadata.name}") + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 9090 +{{- end }} +{{- end }} + +{{- if .Values.server.persistentVolume.enabled }} +{{- else }} +################################################################################# +###### WARNING: Persistence is disabled!!! You will lose your data when ##### +###### the Server pod is terminated. ##### +################################################################################# +{{- end }} +{{- end }} + +{{ if .Values.alertmanager.enabled }} +The Prometheus alertmanager can be accessed via port {{ .Values.alertmanager.service.servicePort }} on the following DNS name from within your cluster: +{{ template "prometheus.alertmanager.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local + +{{ if .Values.alertmanager.ingress.enabled -}} +From outside the cluster, the alertmanager URL(s) are: +{{- range .Values.alertmanager.ingress.hosts }} +http://{{ . }} +{{- end }} +{{- else }} +Get the Alertmanager URL by running these commands in the same shell: +{{- if contains "NodePort" .Values.alertmanager.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "prometheus.alertmanager.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.alertmanager.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "prometheus.alertmanager.fullname" . }}' + + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "prometheus.alertmanager.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo http://$SERVICE_IP:{{ .Values.alertmanager.service.servicePort }} +{{- else if contains "ClusterIP" .Values.alertmanager.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "prometheus.name" . }},component={{ .Values.alertmanager.name }}" -o jsonpath="{.items[0].metadata.name}") + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 9093 +{{- end }} +{{- end }} + +{{- if .Values.alertmanager.persistentVolume.enabled }} +{{- else }} +################################################################################# +###### WARNING: Persistence is disabled!!! You will lose your data when ##### +###### the AlertManager pod is terminated. ##### +################################################################################# +{{- end }} +{{- end }} + +{{- if .Values.nodeExporter.podSecurityPolicy.enabled }} +{{- else }} +################################################################################# +###### WARNING: Pod Security Policy has been moved to a global property. ##### +###### use .Values.podSecurityPolicy.enabled with pod-based ##### +###### annotations ##### +###### (e.g. .Values.nodeExporter.podSecurityPolicy.annotations) ##### +################################################################################# +{{- end }} + +{{ if .Values.pushgateway.enabled }} +The Prometheus PushGateway can be accessed via port {{ .Values.pushgateway.service.servicePort }} on the following DNS name from within your cluster: +{{ template "prometheus.pushgateway.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local + +{{ if .Values.pushgateway.ingress.enabled -}} +From outside the cluster, the pushgateway URL(s) are: +{{- range .Values.pushgateway.ingress.hosts }} +http://{{ . }} +{{- end }} +{{- else }} +Get the PushGateway URL by running these commands in the same shell: +{{- if contains "NodePort" .Values.pushgateway.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "prometheus.pushgateway.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.pushgateway.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "prometheus.pushgateway.fullname" . }}' + + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "prometheus.pushgateway.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo http://$SERVICE_IP:{{ .Values.pushgateway.service.servicePort }} +{{- else if contains "ClusterIP" .Values.pushgateway.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "prometheus.name" . }},component={{ .Values.pushgateway.name }}" -o jsonpath="{.items[0].metadata.name}") + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 9091 +{{- end }} +{{- end }} +{{- end }} + +For more information on running Prometheus, visit: +https://prometheus.io/ diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/_helpers.tpl b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/_helpers.tpl new file mode 100644 index 000000000..295aa01c5 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/_helpers.tpl @@ -0,0 +1,276 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "prometheus.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "prometheus.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create unified labels for prometheus components +*/}} +{{- define "prometheus.common.matchLabels" -}} +app: {{ template "prometheus.name" . }} +release: {{ .Release.Name }} +{{- end -}} + +{{- define "prometheus.common.metaLabels" -}} +chart: {{ template "prometheus.chart" . }} +heritage: {{ .Release.Service }} +{{- end -}} + +{{- define "prometheus.alertmanager.labels" -}} +{{ include "prometheus.alertmanager.matchLabels" . }} +{{ include "prometheus.common.metaLabels" . }} +{{- end -}} + +{{- define "prometheus.alertmanager.matchLabels" -}} +component: {{ .Values.alertmanager.name | quote }} +{{ include "prometheus.common.matchLabels" . }} +{{- end -}} + +{{- define "prometheus.kubeStateMetrics.labels" -}} +{{ include "prometheus.kubeStateMetrics.matchLabels" . }} +{{ include "prometheus.common.metaLabels" . }} +{{- end -}} + +{{- define "prometheus.kubeStateMetrics.matchLabels" -}} +component: {{ .Values.kubeStateMetrics.name | quote }} +{{ include "prometheus.common.matchLabels" . }} +{{- end -}} + +{{- define "prometheus.nodeExporter.labels" -}} +{{ include "prometheus.nodeExporter.matchLabels" . }} +{{ include "prometheus.common.metaLabels" . }} +{{- end -}} + +{{- define "prometheus.nodeExporter.matchLabels" -}} +component: {{ .Values.nodeExporter.name | quote }} +{{ include "prometheus.common.matchLabels" . }} +{{- end -}} + +{{- define "prometheus.pushgateway.labels" -}} +{{ include "prometheus.pushgateway.matchLabels" . }} +{{ include "prometheus.common.metaLabels" . }} +{{- end -}} + +{{- define "prometheus.pushgateway.matchLabels" -}} +component: {{ .Values.pushgateway.name | quote }} +{{ include "prometheus.common.matchLabels" . }} +{{- end -}} + +{{- define "prometheus.server.labels" -}} +{{ include "prometheus.server.matchLabels" . }} +{{ include "prometheus.common.metaLabels" . }} +{{- end -}} + +{{- define "prometheus.server.matchLabels" -}} +component: {{ .Values.server.name | quote }} +{{ include "prometheus.common.matchLabels" . }} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "prometheus.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create a fully qualified alertmanager name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} + +{{- define "prometheus.alertmanager.fullname" -}} +{{- if .Values.alertmanager.fullnameOverride -}} +{{- .Values.alertmanager.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- printf "%s-%s" .Release.Name .Values.alertmanager.name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s-%s" .Release.Name $name .Values.alertmanager.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create a fully qualified kube-state-metrics name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "prometheus.kubeStateMetrics.fullname" -}} +{{- if .Values.kubeStateMetrics.fullnameOverride -}} +{{- .Values.kubeStateMetrics.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- printf "%s-%s" .Release.Name .Values.kubeStateMetrics.name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s-%s" .Release.Name $name .Values.kubeStateMetrics.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create a fully qualified node-exporter name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "prometheus.nodeExporter.fullname" -}} +{{- if .Values.nodeExporter.fullnameOverride -}} +{{- .Values.nodeExporter.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- printf "%s-%s" .Release.Name .Values.nodeExporter.name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s-%s" .Release.Name $name .Values.nodeExporter.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create a fully qualified Prometheus server name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "prometheus.server.fullname" -}} +{{- if .Values.server.fullnameOverride -}} +{{- .Values.server.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- printf "%s-%s" .Release.Name .Values.server.name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s-%s" .Release.Name $name .Values.server.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create a fully qualified pushgateway name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "prometheus.pushgateway.fullname" -}} +{{- if .Values.pushgateway.fullnameOverride -}} +{{- .Values.pushgateway.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- printf "%s-%s" .Release.Name .Values.pushgateway.name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s-%s" .Release.Name $name .Values.pushgateway.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for deployment. +*/}} +{{- define "prometheus.deployment.apiVersion" -}} +{{- if semverCompare "<1.9-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "extensions/v1beta1" -}} +{{- else if semverCompare "^1.9-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} +{{/* +Return the appropriate apiVersion for daemonset. +*/}} +{{- define "prometheus.daemonset.apiVersion" -}} +{{- if semverCompare "<1.9-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "extensions/v1beta1" -}} +{{- else if semverCompare "^1.9-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} +{{/* +Return the appropriate apiVersion for networkpolicy. +*/}} +{{- define "prometheus.networkPolicy.apiVersion" -}} +{{- if semverCompare ">=1.4-0, <1.7-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "extensions/v1beta1" -}} +{{- else if semverCompare "^1.7-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "networking.k8s.io/v1" -}} +{{- end -}} +{{- end -}} +{{/* +Return the appropriate apiVersion for podsecuritypolicy. +*/}} +{{- define "prometheus.podSecurityPolicy.apiVersion" -}} +{{- if semverCompare ">=1.3-0, <1.10-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "extensions/v1beta1" -}} +{{- else if semverCompare "^1.10-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "policy/v1beta1" -}} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the service account to use for the alertmanager component +*/}} +{{- define "prometheus.serviceAccountName.alertmanager" -}} +{{- if .Values.serviceAccounts.alertmanager.create -}} + {{ default (include "prometheus.alertmanager.fullname" .) .Values.serviceAccounts.alertmanager.name }} +{{- else -}} + {{ default "default" .Values.serviceAccounts.alertmanager.name }} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the service account to use for the kubeStateMetrics component +*/}} +{{- define "prometheus.serviceAccountName.kubeStateMetrics" -}} +{{- if .Values.serviceAccounts.kubeStateMetrics.create -}} + {{ default (include "prometheus.kubeStateMetrics.fullname" .) .Values.serviceAccounts.kubeStateMetrics.name }} +{{- else -}} + {{ default "default" .Values.serviceAccounts.kubeStateMetrics.name }} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the service account to use for the nodeExporter component +*/}} +{{- define "prometheus.serviceAccountName.nodeExporter" -}} +{{- if .Values.serviceAccounts.nodeExporter.create -}} + {{ default (include "prometheus.nodeExporter.fullname" .) .Values.serviceAccounts.nodeExporter.name }} +{{- else -}} + {{ default "default" .Values.serviceAccounts.nodeExporter.name }} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the service account to use for the pushgateway component +*/}} +{{- define "prometheus.serviceAccountName.pushgateway" -}} +{{- if .Values.serviceAccounts.pushgateway.create -}} + {{ default (include "prometheus.pushgateway.fullname" .) .Values.serviceAccounts.pushgateway.name }} +{{- else -}} + {{ default "default" .Values.serviceAccounts.pushgateway.name }} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the service account to use for the server component +*/}} +{{- define "prometheus.serviceAccountName.server" -}} +{{- if .Values.serviceAccounts.server.create -}} + {{ default (include "prometheus.server.fullname" .) .Values.serviceAccounts.server.name }} +{{- else -}} + {{ default "default" .Values.serviceAccounts.server.name }} +{{- end -}} +{{- end -}} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-clusterrole.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-clusterrole.yaml new file mode 100644 index 000000000..9bec69257 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-clusterrole.yaml @@ -0,0 +1,23 @@ +{{ if .Values.global.prometheus.enabled }} +{{- if and .Values.alertmanager.enabled .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + {{- include "prometheus.alertmanager.labels" . | nindent 4 }} + name: {{ template "prometheus.alertmanager.fullname" . }} +rules: +{{- if .Values.podSecurityPolicy.enabled }} + - apiGroups: + - extensions + resources: + - podsecuritypolicies + verbs: + - use + resourceNames: + - {{ template "prometheus.alertmanager.fullname" . }} +{{- else }} + [] +{{- end }} +{{- end }} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-clusterrolebinding.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-clusterrolebinding.yaml new file mode 100644 index 000000000..a058c7121 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-clusterrolebinding.yaml @@ -0,0 +1,18 @@ +{{ if .Values.global.prometheus.enabled }} +{{- if and .Values.alertmanager.enabled .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + {{- include "prometheus.alertmanager.labels" . | nindent 4 }} + name: {{ template "prometheus.alertmanager.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "prometheus.serviceAccountName.alertmanager" . }} + namespace: {{ .Release.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "prometheus.alertmanager.fullname" . }} +{{- end }} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-configmap.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-configmap.yaml new file mode 100644 index 000000000..09708915c --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-configmap.yaml @@ -0,0 +1,20 @@ +{{ if .Values.global.prometheus.enabled }} +{{- if and .Values.alertmanager.enabled (and (empty .Values.alertmanager.configMapOverrideName) (empty .Values.alertmanager.configFromSecret)) -}} +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + {{- include "prometheus.alertmanager.labels" . | nindent 4 }} + name: {{ template "prometheus.alertmanager.fullname" . }} +data: +{{- $root := . -}} +{{- range $key, $value := .Values.alertmanagerFiles }} + {{- if $key | regexMatch ".*\\.ya?ml$" }} + {{ $key }}: | +{{ toYaml $value | default "{}" | indent 4 }} + {{- else }} + {{ $key }}: {{ toYaml $value | indent 4 }} + {{- end }} +{{- end -}} +{{- end -}} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-deployment.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-deployment.yaml new file mode 100644 index 000000000..892204ab2 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-deployment.yaml @@ -0,0 +1,141 @@ +{{ if .Values.global.prometheus.enabled }} +{{- if and .Values.alertmanager.enabled (not .Values.alertmanager.statefulSet.enabled) -}} +apiVersion: {{ template "prometheus.deployment.apiVersion" . }} +kind: Deployment +metadata: + labels: + {{- include "prometheus.alertmanager.labels" . | nindent 4 }} + name: {{ template "prometheus.alertmanager.fullname" . }} +spec: + selector: + matchLabels: + {{- include "prometheus.alertmanager.matchLabels" . | nindent 6 }} + replicas: {{ .Values.alertmanager.replicaCount }} + {{- if .Values.alertmanager.strategy }} + strategy: +{{ toYaml .Values.alertmanager.strategy | indent 4 }} + {{- end }} + template: + metadata: + {{- if .Values.alertmanager.podAnnotations }} + annotations: +{{ toYaml .Values.alertmanager.podAnnotations | indent 8 }} + {{- end }} + labels: + {{- include "prometheus.alertmanager.labels" . | nindent 8 }} + {{- if .Values.alertmanager.podLabels}} + {{ toYaml .Values.alertmanager.podLabels | nindent 8 }} + {{- end}} + spec: +{{- if .Values.alertmanager.schedulerName }} + schedulerName: "{{ .Values.alertmanager.schedulerName }}" +{{- end }} + serviceAccountName: {{ template "prometheus.serviceAccountName.alertmanager" . }} +{{- if .Values.alertmanager.priorityClassName }} + priorityClassName: "{{ .Values.alertmanager.priorityClassName }}" +{{- end }} + containers: + - name: {{ template "prometheus.name" . }}-{{ .Values.alertmanager.name }} + image: "{{ .Values.alertmanager.image.repository }}:{{ .Values.alertmanager.image.tag }}" + imagePullPolicy: "{{ .Values.alertmanager.image.pullPolicy }}" + env: + {{- range $key, $value := .Values.alertmanager.extraEnv }} + - name: {{ $key }} + value: {{ $value }} + {{- end }} + - name: POD_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + args: + - --config.file=/etc/config/{{ .Values.alertmanager.configFileName }} + - --storage.path={{ .Values.alertmanager.persistentVolume.mountPath }} + - --cluster.advertise-address=$(POD_IP):6783 + {{- range $key, $value := .Values.alertmanager.extraArgs }} + - --{{ $key }}={{ $value }} + {{- end }} + {{- if .Values.alertmanager.baseURL }} + - --web.external-url={{ .Values.alertmanager.baseURL }} + {{- end }} + + ports: + - containerPort: 9093 + readinessProbe: + httpGet: + path: {{ .Values.alertmanager.prefixURL }}/-/ready + port: 9093 + initialDelaySeconds: 30 + timeoutSeconds: 30 + resources: +{{ toYaml .Values.alertmanager.resources | indent 12 }} + volumeMounts: + - name: config-volume + mountPath: /etc/config + - name: storage-volume + mountPath: "{{ .Values.alertmanager.persistentVolume.mountPath }}" + subPath: "{{ .Values.alertmanager.persistentVolume.subPath }}" + {{- range .Values.alertmanager.extraSecretMounts }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + subPath: {{ .subPath }} + readOnly: {{ .readOnly }} + {{- end }} + + {{- if .Values.configmapReload.alertmanager.enabled }} + - name: {{ template "prometheus.name" . }}-{{ .Values.alertmanager.name }}-{{ .Values.configmapReload.alertmanager.name }} + image: "{{ .Values.configmapReload.alertmanager.image.repository }}:{{ .Values.configmapReload.alertmanager.image.tag }}" + imagePullPolicy: "{{ .Values.configmapReload.alertmanager.image.pullPolicy }}" + args: + - --volume-dir=/etc/config + - --webhook-url=http://127.0.0.1:9093{{ .Values.alertmanager.prefixURL }}/-/reload + resources: +{{ toYaml .Values.configmapReload.alertmanager.resources | indent 12 }} + volumeMounts: + - name: config-volume + mountPath: /etc/config + readOnly: true + {{- end }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: + {{ toYaml .Values.imagePullSecrets | indent 2 }} + {{- end }} + {{- if .Values.alertmanager.nodeSelector }} + nodeSelector: +{{ toYaml .Values.alertmanager.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.alertmanager.securityContext }} + securityContext: +{{ toYaml .Values.alertmanager.securityContext | indent 8 }} + {{- end }} + {{- if .Values.alertmanager.tolerations }} + tolerations: +{{ toYaml .Values.alertmanager.tolerations | indent 8 }} + {{- end }} + {{- if .Values.alertmanager.affinity }} + affinity: +{{ toYaml .Values.alertmanager.affinity | indent 8 }} + {{- end }} + volumes: + - name: config-volume + {{- if empty .Values.alertmanager.configFromSecret }} + configMap: + name: {{ if .Values.alertmanager.configMapOverrideName }}{{ .Release.Name }}-{{ .Values.alertmanager.configMapOverrideName }}{{- else }}{{ template "prometheus.alertmanager.fullname" . }}{{- end }} + {{- else }} + secret: + secretName: {{ .Values.alertmanager.configFromSecret }} + {{- end }} + {{- range .Values.alertmanager.extraSecretMounts }} + - name: {{ .name }} + secret: + secretName: {{ .secretName }} + {{- end }} + - name: storage-volume + {{- if .Values.alertmanager.persistentVolume.enabled }} + persistentVolumeClaim: + claimName: {{ if .Values.alertmanager.persistentVolume.existingClaim }}{{ .Values.alertmanager.persistentVolume.existingClaim }}{{- else }}{{ template "prometheus.alertmanager.fullname" . }}{{- end }} + {{- else }} + emptyDir: {} + {{- end -}} +{{- end }} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-ingress.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-ingress.yaml new file mode 100644 index 000000000..dc6ba4418 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-ingress.yaml @@ -0,0 +1,44 @@ +{{ if .Values.global.prometheus.enabled }} +{{- if and .Values.alertmanager.enabled .Values.alertmanager.ingress.enabled -}} +{{- $releaseName := .Release.Name -}} +{{- $serviceName := include "prometheus.alertmanager.fullname" . }} +{{- $servicePort := .Values.alertmanager.service.servicePort -}} +{{- $extraPaths := .Values.alertmanager.ingress.extraPaths -}} +{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} +apiVersion: networking.k8s.io/v1beta1 +{{ else }} +apiVersion: extensions/v1beta1 +{{ end -}} +kind: Ingress +metadata: +{{- if .Values.alertmanager.ingress.annotations }} + annotations: +{{ toYaml .Values.alertmanager.ingress.annotations | indent 4 }} +{{- end }} + labels: + {{- include "prometheus.alertmanager.labels" . | nindent 4 }} +{{- range $key, $value := .Values.alertmanager.ingress.extraLabels }} + {{ $key }}: {{ $value }} +{{- end }} + name: {{ template "prometheus.alertmanager.fullname" . }} +spec: + rules: + {{- range .Values.alertmanager.ingress.hosts }} + {{- $url := splitList "/" . }} + - host: {{ first $url }} + http: + paths: +{{ if $extraPaths }} +{{ toYaml $extraPaths | indent 10 }} +{{- end }} + - path: /{{ rest $url | join "/" }} + backend: + serviceName: {{ $serviceName }} + servicePort: {{ $servicePort }} + {{- end -}} +{{- if .Values.alertmanager.ingress.tls }} + tls: +{{ toYaml .Values.alertmanager.ingress.tls | indent 4 }} + {{- end -}} +{{- end -}} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-networkpolicy.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-networkpolicy.yaml new file mode 100644 index 000000000..62633d0bc --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-networkpolicy.yaml @@ -0,0 +1,21 @@ +{{ if .Values.global.prometheus.enabled }} +{{- if and .Values.alertmanager.enabled .Values.networkPolicy.enabled -}} +apiVersion: {{ template "prometheus.networkPolicy.apiVersion" . }} +kind: NetworkPolicy +metadata: + name: {{ template "prometheus.alertmanager.fullname" . }} + labels: + {{- include "prometheus.alertmanager.labels" . | nindent 4 }} +spec: + podSelector: + matchLabels: + {{- include "prometheus.alertmanager.matchLabels" . | nindent 6 }} + ingress: + - from: + - podSelector: + matchLabels: + {{- include "prometheus.server.matchLabels" . | nindent 12 }} + - ports: + - port: 9093 +{{- end -}} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-pdb.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-pdb.yaml new file mode 100644 index 000000000..bb190f23d --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-pdb.yaml @@ -0,0 +1,15 @@ +{{ if .Values.global.prometheus.enabled }} +{{- if .Values.alertmanager.podDisruptionBudget.enabled }} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: {{ template "prometheus.alertmanager.fullname" . }} + labels: + {{- include "prometheus.alertmanager.labels" . | nindent 4 }} +spec: + maxUnavailable: {{ .Values.alertmanager.podDisruptionBudget.maxUnavailable }} + selector: + matchLabels: + {{- include "prometheus.alertmanager.labels" . | nindent 6 }} +{{- end }} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-podsecuritypolicy.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-podsecuritypolicy.yaml new file mode 100644 index 000000000..da2fbbd1c --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-podsecuritypolicy.yaml @@ -0,0 +1,50 @@ +{{ if .Values.global.prometheus.enabled }} +{{- if .Values.rbac.create }} +{{- if .Values.podSecurityPolicy.enabled }} +apiVersion: {{ template "prometheus.podSecurityPolicy.apiVersion" . }} +kind: PodSecurityPolicy +metadata: + name: {{ template "prometheus.alertmanager.fullname" . }} + labels: + {{- include "prometheus.alertmanager.labels" . | nindent 4 }} + annotations: +{{- if .Values.alertmanager.podSecurityPolicy.annotations }} +{{ toYaml .Values.alertmanager.podSecurityPolicy.annotations | indent 4 }} +{{- end }} +spec: + privileged: false + allowPrivilegeEscalation: false + requiredDropCapabilities: + - ALL + volumes: + - 'configMap' + - 'persistentVolumeClaim' + - 'emptyDir' + - 'secret' + allowedHostPaths: + - pathPrefix: /etc + readOnly: true + - pathPrefix: {{ .Values.alertmanager.persistentVolume.mountPath }} + hostNetwork: false + hostPID: false + hostIPC: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 1 + max: 65535 + readOnlyRootFilesystem: true +{{- end }} +{{- end }} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-pvc.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-pvc.yaml new file mode 100644 index 000000000..58de9fd39 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-pvc.yaml @@ -0,0 +1,34 @@ +{{ if .Values.global.prometheus.enabled }} +{{- if not .Values.alertmanager.statefulSet.enabled -}} +{{- if and .Values.alertmanager.enabled .Values.alertmanager.persistentVolume.enabled -}} +{{- if not .Values.alertmanager.persistentVolume.existingClaim -}} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + {{- if .Values.alertmanager.persistentVolume.annotations }} + annotations: +{{ toYaml .Values.alertmanager.persistentVolume.annotations | indent 4 }} + {{- end }} + labels: + {{- include "prometheus.alertmanager.labels" . | nindent 4 }} + name: {{ template "prometheus.alertmanager.fullname" . }} +spec: + accessModes: +{{ toYaml .Values.alertmanager.persistentVolume.accessModes | indent 4 }} +{{- if .Values.alertmanager.persistentVolume.storageClass }} +{{- if (eq "-" .Values.alertmanager.persistentVolume.storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .Values.alertmanager.persistentVolume.storageClass }}" +{{- end }} +{{- end }} +{{- if .Values.alertmanager.persistentVolume.volumeBindingMode }} + volumeBindingModeName: "{{ .Values.alertmanager.persistentVolume.volumeBindingMode }}" +{{- end }} + resources: + requests: + storage: "{{ .Values.alertmanager.persistentVolume.size }}" +{{- end -}} +{{- end -}} +{{- end -}} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-service-headless.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-service-headless.yaml new file mode 100644 index 000000000..1519344ba --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-service-headless.yaml @@ -0,0 +1,32 @@ +{{ if .Values.global.prometheus.enabled }} +{{- if and .Values.alertmanager.enabled .Values.alertmanager.statefulSet.enabled -}} +apiVersion: v1 +kind: Service +metadata: +{{- if .Values.alertmanager.statefulSet.headless.annotations }} + annotations: +{{ toYaml .Values.alertmanager.statefulSet.headless.annotations | indent 4 }} +{{- end }} + labels: + {{- include "prometheus.alertmanager.labels" . | nindent 4 }} +{{- if .Values.alertmanager.statefulSet.headless.labels }} +{{ toYaml .Values.alertmanager.statefulSet.headless.labels | indent 4 }} +{{- end }} + name: {{ template "prometheus.alertmanager.fullname" . }}-headless +spec: + clusterIP: None + ports: + - name: http + port: {{ .Values.alertmanager.statefulSet.headless.servicePort }} + protocol: TCP + targetPort: 9093 +{{- if .Values.alertmanager.statefulSet.headless.enableMeshPeer }} + - name: meshpeer + port: 6783 + protocol: TCP + targetPort: 6783 +{{- end }} + selector: + {{- include "prometheus.alertmanager.matchLabels" . | nindent 4 }} +{{- end }} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-service.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-service.yaml new file mode 100644 index 000000000..9bc45f7c6 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-service.yaml @@ -0,0 +1,54 @@ +{{ if .Values.global.prometheus.enabled }} +{{- if .Values.alertmanager.enabled -}} +apiVersion: v1 +kind: Service +metadata: +{{- if .Values.alertmanager.service.annotations }} + annotations: +{{ toYaml .Values.alertmanager.service.annotations | indent 4 }} +{{- end }} + labels: + {{- include "prometheus.alertmanager.labels" . | nindent 4 }} +{{- if .Values.alertmanager.service.labels }} +{{ toYaml .Values.alertmanager.service.labels | indent 4 }} +{{- end }} + name: {{ template "prometheus.alertmanager.fullname" . }} +spec: +{{- if .Values.alertmanager.service.clusterIP }} + clusterIP: {{ .Values.alertmanager.service.clusterIP }} +{{- end }} +{{- if .Values.alertmanager.service.externalIPs }} + externalIPs: +{{ toYaml .Values.alertmanager.service.externalIPs | indent 4 }} +{{- end }} +{{- if .Values.alertmanager.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.alertmanager.service.loadBalancerIP }} +{{- end }} +{{- if .Values.alertmanager.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{- range $cidr := .Values.alertmanager.service.loadBalancerSourceRanges }} + - {{ $cidr }} + {{- end }} +{{- end }} + ports: + - name: http + port: {{ .Values.alertmanager.service.servicePort }} + protocol: TCP + targetPort: 9093 + {{- if .Values.alertmanager.service.nodePort }} + nodePort: {{ .Values.alertmanager.service.nodePort }} + {{- end }} +{{- if .Values.alertmanager.service.enableMeshPeer }} + - name: meshpeer + port: 6783 + protocol: TCP + targetPort: 6783 +{{- end }} + selector: + {{- include "prometheus.alertmanager.matchLabels" . | nindent 4 }} +{{- if .Values.alertmanager.service.sessionAffinity }} + sessionAffinity: {{ .Values.alertmanager.service.sessionAffinity }} +{{- end }} + type: "{{ .Values.alertmanager.service.type }}" +{{- end }} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-serviceaccount.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-serviceaccount.yaml new file mode 100644 index 000000000..d99c29996 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-serviceaccount.yaml @@ -0,0 +1,10 @@ +{{ if .Values.global.prometheus.enabled }} +{{- if and .Values.alertmanager.enabled .Values.serviceAccounts.alertmanager.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + {{- include "prometheus.alertmanager.labels" . | nindent 4 }} + name: {{ template "prometheus.serviceAccountName.alertmanager" . }} +{{- end -}} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-statefulset.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-statefulset.yaml new file mode 100644 index 000000000..25a9b7a9c --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/alertmanager-statefulset.yaml @@ -0,0 +1,154 @@ +{{ if .Values.global.prometheus.enabled }} +{{- if and .Values.alertmanager.enabled .Values.alertmanager.statefulSet.enabled -}} +apiVersion: apps/v1 +kind: StatefulSet +metadata: + labels: + {{- include "prometheus.alertmanager.labels" . | nindent 4 }} + name: {{ template "prometheus.alertmanager.fullname" . }} +spec: + serviceName: {{ template "prometheus.alertmanager.fullname" . }}-headless + selector: + matchLabels: + {{- include "prometheus.alertmanager.matchLabels" . | nindent 6 }} + replicas: {{ .Values.alertmanager.replicaCount }} + podManagementPolicy: {{ .Values.alertmanager.statefulSet.podManagementPolicy }} + template: + metadata: + {{- if .Values.alertmanager.podAnnotations }} + annotations: +{{ toYaml .Values.alertmanager.podAnnotations | indent 8 }} + {{- end }} + labels: + {{- include "prometheus.alertmanager.labels" . | nindent 8 }} + spec: +{{- if .Values.alertmanager.affinity }} + affinity: +{{ toYaml .Values.alertmanager.affinity | indent 8 }} +{{- end }} +{{- if .Values.alertmanager.schedulerName }} + schedulerName: "{{ .Values.alertmanager.schedulerName }}" +{{- end }} + serviceAccountName: {{ template "prometheus.serviceAccountName.alertmanager" . }} +{{- if .Values.alertmanager.priorityClassName }} + priorityClassName: "{{ .Values.alertmanager.priorityClassName }}" +{{- end }} + containers: + - name: {{ template "prometheus.name" . }}-{{ .Values.alertmanager.name }} + image: "{{ .Values.alertmanager.image.repository }}:{{ .Values.alertmanager.image.tag }}" + imagePullPolicy: "{{ .Values.alertmanager.image.pullPolicy }}" + env: + {{- range $key, $value := .Values.alertmanager.extraEnv }} + - name: {{ $key }} + value: {{ $value }} + {{- end }} + - name: POD_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + args: + - --config.file=/etc/config/alertmanager.yml + - --storage.path={{ .Values.alertmanager.persistentVolume.mountPath }} + - --cluster.advertise-address=$(POD_IP):6783 + {{- if .Values.alertmanager.statefulSet.headless.enableMeshPeer }} + - --cluster.listen-address=0.0.0.0:6783 + {{- range $n := until (.Values.alertmanager.replicaCount | int) }} + - --cluster.peer={{ template "prometheus.alertmanager.fullname" $ }}-{{ $n }}.{{ template "prometheus.alertmanager.fullname" $ }}-headless:6783 + {{- end }} + {{- end }} + {{- range $key, $value := .Values.alertmanager.extraArgs }} + - --{{ $key }}={{ $value }} + {{- end }} + {{- if .Values.alertmanager.baseURL }} + - --web.external-url={{ .Values.alertmanager.baseURL }} + {{- end }} + + ports: + - containerPort: 9093 + readinessProbe: + httpGet: + path: {{ .Values.alertmanager.prefixURL }}/#/status + port: 9093 + initialDelaySeconds: 30 + timeoutSeconds: 30 + resources: +{{ toYaml .Values.alertmanager.resources | indent 12 }} + volumeMounts: + - name: config-volume + mountPath: /etc/config + - name: storage-volume + mountPath: "{{ .Values.alertmanager.persistentVolume.mountPath }}" + subPath: "{{ .Values.alertmanager.persistentVolume.subPath }}" + {{- range .Values.alertmanager.extraSecretMounts }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + subPath: {{ .subPath }} + readOnly: {{ .readOnly }} + {{- end }} + {{- if .Values.configmapReload.alertmanager.enabled }} + - name: {{ template "prometheus.name" . }}-{{ .Values.alertmanager.name }}-{{ .Values.configmapReload.alertmanager.name }} + image: "{{ .Values.configmapReload.alertmanager.image.repository }}:{{ .Values.configmapReload.alertmanager.image.tag }}" + imagePullPolicy: "{{ .Values.configmapReload.alertmanager.image.pullPolicy }}" + args: + - --volume-dir=/etc/config + - --webhook-url=http://localhost:9093{{ .Values.alertmanager.prefixURL }}/-/reload + resources: +{{ toYaml .Values.configmapReload.alertmanager.resources | indent 12 }} + volumeMounts: + - name: config-volume + mountPath: /etc/config + readOnly: true + {{- end }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: + {{ toYaml .Values.imagePullSecrets | indent 2 }} + {{- end }} + {{- if .Values.alertmanager.nodeSelector }} + nodeSelector: +{{ toYaml .Values.alertmanager.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.alertmanager.securityContext }} + securityContext: +{{ toYaml .Values.alertmanager.securityContext | indent 8 }} + {{- end }} + {{- if .Values.alertmanager.tolerations }} + tolerations: +{{ toYaml .Values.alertmanager.tolerations | indent 8 }} + {{- end }} + volumes: + - name: config-volume + configMap: + name: {{ if .Values.alertmanager.configMapOverrideName }}{{ .Release.Name }}-{{ .Values.alertmanager.configMapOverrideName }}{{- else }}{{ template "prometheus.alertmanager.fullname" . }}{{- end }} + {{- range .Values.alertmanager.extraSecretMounts }} + - name: {{ .name }} + secret: + secretName: {{ .secretName }} + {{- end }} +{{- if .Values.alertmanager.persistentVolume.enabled }} + volumeClaimTemplates: + - metadata: + name: storage-volume + {{- if .Values.alertmanager.persistentVolume.annotations }} + annotations: +{{ toYaml .Values.alertmanager.persistentVolume.annotations | indent 10 }} + {{- end }} + spec: + accessModes: +{{ toYaml .Values.alertmanager.persistentVolume.accessModes | indent 10 }} + resources: + requests: + storage: "{{ .Values.alertmanager.persistentVolume.size }}" + {{- if .Values.server.persistentVolume.storageClass }} + {{- if (eq "-" .Values.server.persistentVolume.storageClass) }} + storageClassName: "" + {{- else }} + storageClassName: "{{ .Values.alertmanager.persistentVolume.storageClass }}" + {{- end }} + {{- end }} +{{- else }} + - name: storage-volume + emptyDir: {} +{{- end }} +{{- end }} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/node-exporter-daemonset.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/node-exporter-daemonset.yaml new file mode 100644 index 000000000..fce0f2714 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/node-exporter-daemonset.yaml @@ -0,0 +1,125 @@ +{{ if .Values.global.prometheus.enabled }} +{{- if .Values.nodeExporter.enabled -}} +apiVersion: {{ template "prometheus.daemonset.apiVersion" . }} +kind: DaemonSet +metadata: +{{- if .Values.nodeExporter.deploymentAnnotations }} + annotations: +{{ toYaml .Values.nodeExporter.deploymentAnnotations | indent 4 }} +{{- end }} + labels: + {{- include "prometheus.nodeExporter.labels" . | nindent 4 }} + name: {{ template "prometheus.nodeExporter.fullname" . }} +spec: + selector: + matchLabels: + {{- include "prometheus.nodeExporter.matchLabels" . | nindent 6 }} + {{- if .Values.nodeExporter.updateStrategy }} + updateStrategy: +{{ toYaml .Values.nodeExporter.updateStrategy | indent 4 }} + {{- end }} + template: + metadata: + {{- if .Values.nodeExporter.podAnnotations }} + annotations: +{{ toYaml .Values.nodeExporter.podAnnotations | indent 8 }} + {{- end }} + labels: + {{- include "prometheus.nodeExporter.labels" . | nindent 8 }} +{{- if .Values.nodeExporter.pod.labels }} +{{ toYaml .Values.nodeExporter.pod.labels | indent 8 }} +{{- end }} + spec: + serviceAccountName: {{ template "prometheus.serviceAccountName.nodeExporter" . }} +{{- if .Values.nodeExporter.priorityClassName }} + priorityClassName: "{{ .Values.nodeExporter.priorityClassName }}" +{{- end }} + containers: + - name: {{ template "prometheus.name" . }}-{{ .Values.nodeExporter.name }} + image: "{{ .Values.nodeExporter.image.repository }}:{{ .Values.nodeExporter.image.tag }}" + imagePullPolicy: "{{ .Values.nodeExporter.image.pullPolicy }}" + args: + - --path.procfs=/host/proc + - --path.sysfs=/host/sys + {{- if .Values.nodeExporter.hostNetwork }} + - --web.listen-address=:{{ .Values.nodeExporter.service.hostPort }} + {{- end }} + {{- range $key, $value := .Values.nodeExporter.extraArgs }} + {{- if $value }} + - --{{ $key }}={{ $value }} + {{- else }} + - --{{ $key }} + {{- end }} + {{- end }} + ports: + - name: metrics + {{- if .Values.nodeExporter.hostNetwork }} + containerPort: {{ .Values.nodeExporter.service.hostPort }} + {{- else }} + containerPort: 9100 + {{- end }} + hostPort: {{ .Values.nodeExporter.service.hostPort }} + resources: +{{ toYaml .Values.nodeExporter.resources | indent 12 }} + volumeMounts: + - name: proc + mountPath: /host/proc + readOnly: true + - name: sys + mountPath: /host/sys + readOnly: true + {{- range .Values.nodeExporter.extraHostPathMounts }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + readOnly: {{ .readOnly }} + {{- if .mountPropagation }} + mountPropagation: {{ .mountPropagation }} + {{- end }} + {{- end }} + {{- range .Values.nodeExporter.extraConfigmapMounts }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + readOnly: {{ .readOnly }} + {{- end }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: + {{ toYaml .Values.imagePullSecrets | indent 2 }} + {{- end }} + {{- if .Values.nodeExporter.hostNetwork }} + hostNetwork: true + {{- end }} + {{- if .Values.nodeExporter.hostPID }} + hostPID: true + {{- end }} + {{- if .Values.nodeExporter.tolerations }} + tolerations: +{{ toYaml .Values.nodeExporter.tolerations | indent 8 }} + {{- end }} + {{- if .Values.nodeExporter.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeExporter.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.nodeExporter.securityContext }} + securityContext: +{{ toYaml .Values.nodeExporter.securityContext | indent 8 }} + {{- end }} + volumes: + - name: proc + hostPath: + path: /proc + - name: sys + hostPath: + path: /sys + {{- range .Values.nodeExporter.extraHostPathMounts }} + - name: {{ .name }} + hostPath: + path: {{ .hostPath }} + {{- end }} + {{- range .Values.nodeExporter.extraConfigmapMounts }} + - name: {{ .name }} + configMap: + name: {{ .configMap }} + {{- end }} + +{{- end -}} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/node-exporter-podsecuritypolicy.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/node-exporter-podsecuritypolicy.yaml new file mode 100644 index 000000000..243667dd1 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/node-exporter-podsecuritypolicy.yaml @@ -0,0 +1,57 @@ +{{ if .Values.global.prometheus.enabled }} +{{- if and .Values.nodeExporter.enabled .Values.rbac.create }} +{{- if .Values.podSecurityPolicy.enabled }} +apiVersion: {{ template "prometheus.podSecurityPolicy.apiVersion" . }} +kind: PodSecurityPolicy +metadata: + name: {{ template "prometheus.nodeExporter.fullname" . }} + labels: + {{- include "prometheus.nodeExporter.labels" . | nindent 4 }} + annotations: +{{- if .Values.nodeExporter.podSecurityPolicy.annotations }} +{{ toYaml .Values.nodeExporter.podSecurityPolicy.annotations | indent 4 }} +{{- end }} +spec: + privileged: false + allowPrivilegeEscalation: false + requiredDropCapabilities: + - ALL + volumes: + - 'configMap' + - 'hostPath' + - 'secret' + allowedHostPaths: + - pathPrefix: /proc + readOnly: true + - pathPrefix: /sys + readOnly: true + {{- range .Values.nodeExporter.extraHostPathMounts }} + - pathPrefix: {{ .hostPath }} + readOnly: {{ .readOnly }} + {{- end }} + hostNetwork: {{ .Values.nodeExporter.hostNetwork }} + hostPID: {{ .Values.nodeExporter.hostPID }} + hostIPC: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + hostPorts: + - min: 1 + max: 65535 +{{- end }} +{{- end }} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/node-exporter-role.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/node-exporter-role.yaml new file mode 100644 index 000000000..1926db04e --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/node-exporter-role.yaml @@ -0,0 +1,19 @@ +{{ if .Values.global.prometheus.enabled }} +{{- if and .Values.nodeExporter.enabled .Values.rbac.create }} +{{- if or (default .Values.nodeExporter.podSecurityPolicy.enabled false) (.Values.podSecurityPolicy.enabled) }} +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + name: {{ template "prometheus.nodeExporter.fullname" . }} + labels: + {{- include "prometheus.nodeExporter.labels" . | nindent 4 }} + namespace: {{ .Release.Namespace }} +rules: +- apiGroups: ['extensions'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "prometheus.nodeExporter.fullname" . }} +{{- end }} +{{- end }} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/node-exporter-rolebinding.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/node-exporter-rolebinding.yaml new file mode 100644 index 000000000..fb39ab64f --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/node-exporter-rolebinding.yaml @@ -0,0 +1,21 @@ +{{ if .Values.global.prometheus.enabled }} +{{- if and .Values.nodeExporter.enabled .Values.rbac.create }} +{{- if .Values.podSecurityPolicy.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "prometheus.nodeExporter.fullname" . }} + labels: + {{- include "prometheus.nodeExporter.labels" . | nindent 4 }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: Role + name: {{ template "prometheus.nodeExporter.fullname" . }} + apiGroup: rbac.authorization.k8s.io +subjects: +- kind: ServiceAccount + name: {{ template "prometheus.serviceAccountName.nodeExporter" . }} + namespace: {{ .Release.Namespace }} +{{- end }} +{{- end }} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/node-exporter-service.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/node-exporter-service.yaml new file mode 100644 index 000000000..40cbd8d69 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/node-exporter-service.yaml @@ -0,0 +1,46 @@ +{{ if .Values.global.prometheus.enabled }} +{{- if .Values.nodeExporter.enabled -}} +apiVersion: v1 +kind: Service +metadata: +{{- if .Values.nodeExporter.service.annotations }} + annotations: +{{ toYaml .Values.nodeExporter.service.annotations | indent 4 }} +{{- end }} + labels: + {{- include "prometheus.nodeExporter.labels" . | nindent 4 }} +{{- if .Values.nodeExporter.service.labels }} +{{ toYaml .Values.nodeExporter.service.labels | indent 4 }} +{{- end }} + name: {{ template "prometheus.nodeExporter.fullname" . }} +spec: +{{- if .Values.nodeExporter.service.clusterIP }} + clusterIP: {{ .Values.nodeExporter.service.clusterIP }} +{{- end }} +{{- if .Values.nodeExporter.service.externalIPs }} + externalIPs: +{{ toYaml .Values.nodeExporter.service.externalIPs | indent 4 }} +{{- end }} +{{- if .Values.nodeExporter.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.nodeExporter.service.loadBalancerIP }} +{{- end }} +{{- if .Values.nodeExporter.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{- range $cidr := .Values.nodeExporter.service.loadBalancerSourceRanges }} + - {{ $cidr }} + {{- end }} +{{- end }} + ports: + - name: metrics + port: {{ .Values.nodeExporter.service.servicePort }} + protocol: TCP + {{- if .Values.nodeExporter.hostNetwork }} + targetPort: {{ .Values.nodeExporter.service.hostPort }} + {{- else }} + targetPort: 9100 + {{- end }} + selector: + {{- include "prometheus.nodeExporter.matchLabels" . | nindent 4 }} + type: "{{ .Values.nodeExporter.service.type }}" +{{- end -}} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/node-exporter-serviceaccount.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/node-exporter-serviceaccount.yaml new file mode 100644 index 000000000..b75c4a4b6 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/node-exporter-serviceaccount.yaml @@ -0,0 +1,10 @@ +{{ if .Values.global.prometheus.enabled }} +{{- if and .Values.nodeExporter.enabled .Values.serviceAccounts.nodeExporter.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + {{- include "prometheus.nodeExporter.labels" . | nindent 4 }} + name: {{ template "prometheus.serviceAccountName.nodeExporter" . }} +{{- end -}} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-clusterrole.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-clusterrole.yaml new file mode 100644 index 000000000..9ea81e4a2 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-clusterrole.yaml @@ -0,0 +1,23 @@ +{{ if .Values.global.prometheus.enabled }} +{{- if and .Values.pushgateway.enabled .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + {{- include "prometheus.pushgateway.labels" . | nindent 4 }} + name: {{ template "prometheus.pushgateway.fullname" . }} +rules: +{{- if .Values.podSecurityPolicy.enabled }} + - apiGroups: + - extensions + resources: + - podsecuritypolicies + verbs: + - use + resourceNames: + - {{ template "prometheus.pushgateway.fullname" . }} +{{- else }} + [] +{{- end }} +{{- end }} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-clusterrolebinding.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-clusterrolebinding.yaml new file mode 100644 index 000000000..475d9d63d --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-clusterrolebinding.yaml @@ -0,0 +1,18 @@ +{{ if .Values.global.prometheus.enabled }} +{{- if and .Values.pushgateway.enabled .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + {{- include "prometheus.pushgateway.labels" . | nindent 4 }} + name: {{ template "prometheus.pushgateway.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "prometheus.serviceAccountName.pushgateway" . }} + namespace: {{ .Release.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "prometheus.pushgateway.fullname" . }} +{{- end }} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-deployment.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-deployment.yaml new file mode 100644 index 000000000..9dec641fc --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-deployment.yaml @@ -0,0 +1,99 @@ +{{ if .Values.global.prometheus.enabled }} +{{- if .Values.pushgateway.enabled -}} +apiVersion: {{ template "prometheus.deployment.apiVersion" . }} +kind: Deployment +metadata: + labels: + {{- include "prometheus.pushgateway.labels" . | nindent 4 }} + name: {{ template "prometheus.pushgateway.fullname" . }} +spec: + selector: + {{- if .Values.schedulerName }} + schedulerName: "{{ .Values.schedulerName }}" + {{- end }} + matchLabels: + {{- include "prometheus.pushgateway.matchLabels" . | nindent 6 }} + replicas: {{ .Values.pushgateway.replicaCount }} + {{- if .Values.pushgateway.strategy }} + strategy: +{{ toYaml .Values.pushgateway.strategy | indent 4 }} + {{- end }} + template: + metadata: + {{- if .Values.pushgateway.podAnnotations }} + annotations: +{{ toYaml .Values.pushgateway.podAnnotations | indent 8 }} + {{- end }} + labels: + {{- include "prometheus.pushgateway.labels" . | nindent 8 }} + spec: + serviceAccountName: {{ template "prometheus.serviceAccountName.pushgateway" . }} +{{- if .Values.pushgateway.priorityClassName }} + priorityClassName: "{{ .Values.pushgateway.priorityClassName }}" +{{- end }} + containers: + - name: {{ template "prometheus.name" . }}-{{ .Values.pushgateway.name }} + image: "{{ .Values.pushgateway.image.repository }}:{{ .Values.pushgateway.image.tag }}" + imagePullPolicy: "{{ .Values.pushgateway.image.pullPolicy }}" + args: + {{- range $key, $value := .Values.pushgateway.extraArgs }} + - --{{ $key }}={{ $value }} + {{- end }} + ports: + - containerPort: 9091 + livenessProbe: + httpGet: + {{- if (index .Values "pushgateway" "extraArgs" "web.route-prefix") }} + path: /{{ index .Values "pushgateway" "extraArgs" "web.route-prefix" }}/-/healthy + {{- else }} + path: /-/healthy + {{- end }} + port: 9091 + initialDelaySeconds: 10 + timeoutSeconds: 10 + readinessProbe: + httpGet: + {{- if (index .Values "pushgateway" "extraArgs" "web.route-prefix") }} + path: /{{ index .Values "pushgateway" "extraArgs" "web.route-prefix" }}/-/ready + {{- else }} + path: /-/ready + {{- end }} + port: 9091 + initialDelaySeconds: 10 + timeoutSeconds: 10 + resources: +{{ toYaml .Values.pushgateway.resources | indent 12 }} + {{- if .Values.pushgateway.persistentVolume.enabled }} + volumeMounts: + - name: storage-volume + mountPath: "{{ .Values.pushgateway.persistentVolume.mountPath }}" + subPath: "{{ .Values.pushgateway.persistentVolume.subPath }}" + {{- end }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: + {{ toYaml .Values.imagePullSecrets | indent 2 }} + {{- end }} + {{- if .Values.pushgateway.nodeSelector }} + nodeSelector: +{{ toYaml .Values.pushgateway.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.pushgateway.securityContext }} + securityContext: +{{ toYaml .Values.pushgateway.securityContext | indent 8 }} + {{- end }} + {{- if .Values.pushgateway.tolerations }} + tolerations: +{{ toYaml .Values.pushgateway.tolerations | indent 8 }} + {{- end }} + {{- if .Values.pushgateway.affinity }} + affinity: +{{ toYaml .Values.pushgateway.affinity | indent 8 }} + {{- end }} + {{- if .Values.pushgateway.persistentVolume.enabled }} + volumes: + - name: storage-volume + persistentVolumeClaim: + claimName: {{ if .Values.pushgateway.persistentVolume.existingClaim }}{{ .Values.pushgateway.persistentVolume.existingClaim }}{{- else }}{{ template "prometheus.pushgateway.fullname" . }}{{- end }} + {{- end -}} +{{- end }} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-ingress.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-ingress.yaml new file mode 100644 index 000000000..422129b6f --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-ingress.yaml @@ -0,0 +1,41 @@ +{{ if .Values.global.prometheus.enabled }} +{{- if and .Values.pushgateway.enabled .Values.pushgateway.ingress.enabled -}} +{{- $releaseName := .Release.Name -}} +{{- $serviceName := include "prometheus.pushgateway.fullname" . }} +{{- $servicePort := .Values.pushgateway.service.servicePort -}} +{{- $extraPaths := .Values.pushgateway.ingress.extraPaths -}} +{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} +apiVersion: networking.k8s.io/v1beta1 +{{ else }} +apiVersion: extensions/v1beta1 +{{ end -}} +kind: Ingress +metadata: +{{- if .Values.pushgateway.ingress.annotations }} + annotations: +{{ toYaml .Values.pushgateway.ingress.annotations | indent 4}} +{{- end }} + labels: + {{- include "prometheus.pushgateway.labels" . | nindent 4 }} + name: {{ template "prometheus.pushgateway.fullname" . }} +spec: + rules: + {{- range .Values.pushgateway.ingress.hosts }} + {{- $url := splitList "/" . }} + - host: {{ first $url }} + http: + paths: +{{ if $extraPaths }} +{{ toYaml $extraPaths | indent 10 }} +{{- end }} + - path: /{{ rest $url | join "/" }} + backend: + serviceName: {{ $serviceName }} + servicePort: {{ $servicePort }} + {{- end -}} +{{- if .Values.pushgateway.ingress.tls }} + tls: +{{ toYaml .Values.pushgateway.ingress.tls | indent 4 }} + {{- end -}} +{{- end -}} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-networkpolicy.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-networkpolicy.yaml new file mode 100644 index 000000000..70a5ada3b --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-networkpolicy.yaml @@ -0,0 +1,21 @@ +{{ if .Values.global.prometheus.enabled }} +{{- if and .Values.pushgateway.enabled .Values.networkPolicy.enabled -}} +apiVersion: {{ template "prometheus.networkPolicy.apiVersion" . }} +kind: NetworkPolicy +metadata: + name: {{ template "prometheus.pushgateway.fullname" . }} + labels: + {{- include "prometheus.pushgateway.labels" . | nindent 4 }} +spec: + podSelector: + matchLabels: + {{- include "prometheus.pushgateway.matchLabels" . | nindent 6 }} + ingress: + - from: + - podSelector: + matchLabels: + {{- include "prometheus.server.matchLabels" . | nindent 12 }} + - ports: + - port: 9091 +{{- end -}} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-pdb.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-pdb.yaml new file mode 100644 index 000000000..edf2318fe --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-pdb.yaml @@ -0,0 +1,15 @@ +{{ if .Values.global.prometheus.enabled }} +{{- if .Values.pushgateway.podDisruptionBudget.enabled }} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: {{ template "prometheus.pushgateway.fullname" . }} + labels: + {{- include "prometheus.pushgateway.labels" . | nindent 4 }} +spec: + maxUnavailable: {{ .Values.pushgateway.podDisruptionBudget.maxUnavailable }} + selector: + matchLabels: + {{- include "prometheus.pushgateway.labels" . | nindent 6 }} +{{- end }} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-podsecuritypolicy.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-podsecuritypolicy.yaml new file mode 100644 index 000000000..80617cbc7 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-podsecuritypolicy.yaml @@ -0,0 +1,46 @@ +{{ if .Values.global.prometheus.enabled }} +{{- if .Values.rbac.create }} +{{- if .Values.podSecurityPolicy.enabled }} +apiVersion: {{ template "prometheus.podSecurityPolicy.apiVersion" . }} +kind: PodSecurityPolicy +metadata: + name: {{ template "prometheus.pushgateway.fullname" . }} + labels: + {{- include "prometheus.pushgateway.labels" . | nindent 4 }} + annotations: +{{- if .Values.pushgateway.podSecurityPolicy.annotations }} +{{ toYaml .Values.pushgateway.podSecurityPolicy.annotations | indent 4 }} +{{- end }} +spec: + privileged: false + allowPrivilegeEscalation: false + requiredDropCapabilities: + - ALL + volumes: + - 'persistentVolumeClaim' + - 'secret' + allowedHostPaths: + - pathPrefix: {{ .Values.pushgateway.persistentVolume.mountPath }} + hostNetwork: false + hostPID: false + hostIPC: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 1 + max: 65535 + readOnlyRootFilesystem: true +{{- end }} +{{- end }} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-pvc.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-pvc.yaml new file mode 100644 index 000000000..5b4eeb937 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-pvc.yaml @@ -0,0 +1,32 @@ +{{ if .Values.global.prometheus.enabled }} +{{- if .Values.pushgateway.persistentVolume.enabled -}} +{{- if not .Values.pushgateway.persistentVolume.existingClaim -}} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + {{- if .Values.pushgateway.persistentVolume.annotations }} + annotations: +{{ toYaml .Values.pushgateway.persistentVolume.annotations | indent 4 }} + {{- end }} + labels: + {{- include "prometheus.pushgateway.labels" . | nindent 4 }} + name: {{ template "prometheus.pushgateway.fullname" . }} +spec: + accessModes: +{{ toYaml .Values.pushgateway.persistentVolume.accessModes | indent 4 }} +{{- if .Values.pushgateway.persistentVolume.storageClass }} +{{- if (eq "-" .Values.pushgateway.persistentVolume.storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .Values.pushgateway.persistentVolume.storageClass }}" +{{- end }} +{{- end }} +{{- if .Values.pushgateway.persistentVolume.volumeBindingMode }} + volumeBindingModeName: "{{ .Values.pushgateway.persistentVolume.volumeBindingMode }}" +{{- end }} + resources: + requests: + storage: "{{ .Values.pushgateway.persistentVolume.size }}" +{{- end -}} +{{- end -}} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-service.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-service.yaml new file mode 100644 index 000000000..ffcc4a20b --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-service.yaml @@ -0,0 +1,42 @@ +{{ if .Values.global.prometheus.enabled }} +{{- if .Values.pushgateway.enabled -}} +apiVersion: v1 +kind: Service +metadata: +{{- if .Values.pushgateway.service.annotations }} + annotations: +{{ toYaml .Values.pushgateway.service.annotations | indent 4}} +{{- end }} + labels: + {{- include "prometheus.pushgateway.labels" . | nindent 4 }} +{{- if .Values.pushgateway.service.labels }} +{{ toYaml .Values.pushgateway.service.labels | indent 4}} +{{- end }} + name: {{ template "prometheus.pushgateway.fullname" . }} +spec: +{{- if .Values.pushgateway.service.clusterIP }} + clusterIP: {{ .Values.pushgateway.service.clusterIP }} +{{- end }} +{{- if .Values.pushgateway.service.externalIPs }} + externalIPs: +{{ toYaml .Values.pushgateway.service.externalIPs | indent 4 }} +{{- end }} +{{- if .Values.pushgateway.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.pushgateway.service.loadBalancerIP }} +{{- end }} +{{- if .Values.pushgateway.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{- range $cidr := .Values.pushgateway.service.loadBalancerSourceRanges }} + - {{ $cidr }} + {{- end }} +{{- end }} + ports: + - name: http + port: {{ .Values.pushgateway.service.servicePort }} + protocol: TCP + targetPort: 9091 + selector: + {{- include "prometheus.pushgateway.matchLabels" . | nindent 4 }} + type: "{{ .Values.pushgateway.service.type }}" +{{- end }} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-serviceaccount.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-serviceaccount.yaml new file mode 100644 index 000000000..3b221e43d --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/pushgateway-serviceaccount.yaml @@ -0,0 +1,10 @@ +{{ if .Values.global.prometheus.enabled }} +{{- if and .Values.pushgateway.enabled .Values.serviceAccounts.pushgateway.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + {{- include "prometheus.pushgateway.labels" . | nindent 4 }} + name: {{ template "prometheus.serviceAccountName.pushgateway" . }} +{{- end -}} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-clusterrole.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-clusterrole.yaml new file mode 100644 index 000000000..410685193 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-clusterrole.yaml @@ -0,0 +1,49 @@ +{{ if .Values.global.prometheus.enabled }} +{{- if and .Values.server.enabled .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + {{- include "prometheus.server.labels" . | nindent 4 }} + name: {{ template "prometheus.server.fullname" . }} +rules: +{{- if .Values.podSecurityPolicy.enabled }} + - apiGroups: + - extensions + resources: + - podsecuritypolicies + verbs: + - use + resourceNames: + - {{ template "prometheus.server.fullname" . }} +{{- end }} + - apiGroups: + - "" + resources: + - nodes + - nodes/proxy + - nodes/metrics + - services + - endpoints + - pods + - ingresses + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - "extensions" + resources: + - ingresses/status + - ingresses + verbs: + - get + - list + - watch + - nonResourceURLs: + - "/metrics" + verbs: + - get +{{- end }} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-clusterrolebinding.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-clusterrolebinding.yaml new file mode 100644 index 000000000..a89f3bd76 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-clusterrolebinding.yaml @@ -0,0 +1,18 @@ +{{ if .Values.global.prometheus.enabled }} +{{- if and .Values.server.enabled .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + {{- include "prometheus.server.labels" . | nindent 4 }} + name: {{ template "prometheus.server.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "prometheus.serviceAccountName.server" . }} + namespace: {{ .Release.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "prometheus.server.fullname" . }} +{{- end }} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-configmap.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-configmap.yaml new file mode 100644 index 000000000..52a5d5e53 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-configmap.yaml @@ -0,0 +1,83 @@ +{{ if .Values.global.prometheus.enabled }} +{{- if .Values.server.enabled -}} +{{- if (empty .Values.server.configMapOverrideName) -}} +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + {{- include "prometheus.server.labels" . | nindent 4 }} + name: {{ template "prometheus.server.fullname" . }} +data: +{{- $root := . -}} +{{- range $key, $value := .Values.serverFiles }} + {{ $key }}: | +{{- if eq $key "prometheus.yml" }} + global: +{{ $root.Values.server.global | toYaml | trimSuffix "\n" | indent 6 }} +{{- if $root.Values.server.remoteWrite }} + remote_write: +{{ $root.Values.server.remoteWrite | toYaml | indent 4 }} +{{- end }} +{{- if $root.Values.server.remoteRead }} + remote_read: +{{ $root.Values.server.remoteRead | toYaml | indent 4 }} +{{- end }} +{{- end }} +{{- if eq $key "alerts" }} +{{- if and (not (empty $value)) (empty $value.groups) }} + groups: +{{- range $ruleKey, $ruleValue := $value }} + - name: {{ $ruleKey -}}.rules + rules: +{{ $ruleValue | toYaml | trimSuffix "\n" | indent 6 }} +{{- end }} +{{- else }} +{{ toYaml $value | indent 4 }} +{{- end }} +{{- else }} +{{ toYaml $value | default "{}" | indent 4 }} +{{- end }} +{{- if eq $key "prometheus.yml" -}} +{{- if $root.Values.extraScrapeConfigs }} +{{ tpl $root.Values.extraScrapeConfigs $root | indent 4 }} +{{- end -}} +{{- if or ($root.Values.alertmanager.enabled) ($root.Values.server.alertmanagers) }} + alerting: +{{- if $root.Values.alertRelabelConfigs }} +{{ $root.Values.alertRelabelConfigs | toYaml | trimSuffix "\n" | indent 6 }} +{{- end }} + alertmanagers: +{{- if $root.Values.server.alertmanagers }} +{{ toYaml $root.Values.server.alertmanagers | indent 8 }} +{{- else }} + - kubernetes_sd_configs: + - role: pod + tls_config: + ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + {{- if $root.Values.alertmanager.prefixURL }} + path_prefix: {{ $root.Values.alertmanager.prefixURL }} + {{- end }} + relabel_configs: + - source_labels: [__meta_kubernetes_namespace] + regex: {{ $root.Release.Namespace }} + action: keep + - source_labels: [__meta_kubernetes_pod_label_app] + regex: {{ template "prometheus.name" $root }} + action: keep + - source_labels: [__meta_kubernetes_pod_label_component] + regex: alertmanager + action: keep + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_probe] + regex: {{ index $root.Values.alertmanager.podAnnotations "prometheus.io/probe" | default ".*" }} + action: keep + - source_labels: [__meta_kubernetes_pod_container_port_number] + regex: + action: drop +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-deployment.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-deployment.yaml new file mode 100644 index 000000000..4a1c14f08 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-deployment.yaml @@ -0,0 +1,216 @@ +{{ if .Values.global.prometheus.enabled }} +{{- if .Values.server.enabled -}} +{{- if not .Values.server.statefulSet.enabled -}} +apiVersion: {{ template "prometheus.deployment.apiVersion" . }} +kind: Deployment +metadata: +{{- if .Values.server.deploymentAnnotations }} + annotations: +{{ toYaml .Values.server.deploymentAnnotations | indent 4 }} +{{- end }} + labels: + {{- include "prometheus.server.labels" . | nindent 4 }} + name: {{ template "prometheus.server.fullname" . }} +spec: + selector: + matchLabels: + {{- include "prometheus.server.matchLabels" . | nindent 6 }} + replicas: {{ .Values.server.replicaCount }} + {{- if .Values.server.strategy }} + strategy: +{{ toYaml .Values.server.strategy | indent 4 }} + {{- end }} + template: + metadata: + {{- if .Values.server.podAnnotations }} + annotations: +{{ toYaml .Values.server.podAnnotations | indent 8 }} + {{- end }} + labels: + {{- include "prometheus.server.labels" . | nindent 8 }} + {{- if .Values.server.podLabels}} + {{ toYaml .Values.server.podLabels | nindent 8 }} + {{- end}} + spec: +{{- if .Values.server.priorityClassName }} + priorityClassName: "{{ .Values.server.priorityClassName }}" +{{- end }} +{{- if .Values.server.schedulerName }} + schedulerName: "{{ .Values.server.schedulerName }}" +{{- end }} + serviceAccountName: {{ template "prometheus.serviceAccountName.server" . }} + {{- if .Values.server.extraInitContainers }} + initContainers: +{{ toYaml .Values.server.extraInitContainers | indent 8 }} + {{- end }} + containers: + {{- if .Values.configmapReload.prometheus.enabled }} + - name: {{ template "prometheus.name" . }}-{{ .Values.server.name }}-{{ .Values.configmapReload.prometheus.name }} + image: "{{ .Values.configmapReload.prometheus.image.repository }}:{{ .Values.configmapReload.prometheus.image.tag }}" + imagePullPolicy: "{{ .Values.configmapReload.prometheus.image.pullPolicy }}" + args: + - --volume-dir=/etc/config + - --webhook-url=http://127.0.0.1:9090{{ .Values.server.prefixURL }}/-/reload + {{- range $key, $value := .Values.configmapReload.prometheus.extraArgs }} + - --{{ $key }}={{ $value }} + {{- end }} + {{- range .Values.configmapReload.prometheus.extraVolumeDirs }} + - --volume-dir={{ . }} + {{- end }} + resources: +{{ toYaml .Values.configmapReload.prometheus.resources | indent 12 }} + volumeMounts: + - name: config-volume + mountPath: /etc/config + readOnly: true + {{- range .Values.configmapReload.prometheus.extraConfigmapMounts }} + - name: {{ $.Values.configmapReload.prometheus.name }}-{{ .name }} + mountPath: {{ .mountPath }} + subPath: {{ .subPath }} + readOnly: {{ .readOnly }} + {{- end }} + {{- end }} + + - name: {{ template "prometheus.name" . }}-{{ .Values.server.name }} + image: "{{ .Values.server.image.repository }}:{{ .Values.server.image.tag }}" + imagePullPolicy: "{{ .Values.server.image.pullPolicy }}" + {{- if .Values.server.env }} + env: +{{ toYaml .Values.server.env | indent 12}} + {{- end }} + args: + {{- if .Values.server.retention }} + - --storage.tsdb.retention.time={{ .Values.server.retention }} + {{- end }} + - --config.file={{ .Values.server.configPath }} + - --storage.tsdb.path={{ .Values.server.persistentVolume.mountPath }} + - --web.console.libraries=/etc/prometheus/console_libraries + - --web.console.templates=/etc/prometheus/consoles + {{- range .Values.server.extraFlags }} + - --{{ . }} + {{- end }} + {{- if .Values.server.baseURL }} + - --web.external-url={{ .Values.server.baseURL }} + {{- end }} + + {{- range $key, $value := .Values.server.extraArgs }} + - --{{ $key }}={{ $value }} + {{- end }} + ports: + - containerPort: 9090 + readinessProbe: + httpGet: + path: {{ .Values.server.prefixURL }}/-/ready + port: 9090 + initialDelaySeconds: {{ .Values.server.readinessProbeInitialDelay }} + timeoutSeconds: {{ .Values.server.readinessProbeTimeout }} + failureThreshold: {{ .Values.server.readinessProbeFailureThreshold }} + successThreshold: {{ .Values.server.readinessProbeSuccessThreshold }} + livenessProbe: + httpGet: + path: {{ .Values.server.prefixURL }}/-/healthy + port: 9090 + initialDelaySeconds: {{ .Values.server.livenessProbeInitialDelay }} + timeoutSeconds: {{ .Values.server.livenessProbeTimeout }} + failureThreshold: {{ .Values.server.livenessProbeFailureThreshold }} + successThreshold: {{ .Values.server.livenessProbeSuccessThreshold }} + resources: +{{ toYaml .Values.server.resources | indent 12 }} + volumeMounts: + - name: config-volume + mountPath: /etc/config + - name: storage-volume + mountPath: {{ .Values.server.persistentVolume.mountPath }} + subPath: "{{ .Values.server.persistentVolume.subPath }}" + {{- range .Values.server.extraHostPathMounts }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + subPath: {{ .subPath }} + readOnly: {{ .readOnly }} + {{- end }} + {{- range .Values.server.extraConfigmapMounts }} + - name: {{ $.Values.server.name }}-{{ .name }} + mountPath: {{ .mountPath }} + subPath: {{ .subPath }} + readOnly: {{ .readOnly }} + {{- end }} + {{- range .Values.server.extraSecretMounts }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + subPath: {{ .subPath }} + readOnly: {{ .readOnly }} + {{- end }} + {{- if .Values.server.extraVolumeMounts }} + {{ toYaml .Values.server.extraVolumeMounts | nindent 12 }} + {{- end }} + {{- if .Values.server.sidecarContainers }} + {{- toYaml .Values.server.sidecarContainers | nindent 8 }} + {{- end }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: + {{ toYaml .Values.imagePullSecrets | indent 2 }} + {{- end }} + {{- if .Values.server.nodeSelector }} + nodeSelector: +{{ toYaml .Values.server.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.server.securityContext }} + securityContext: +{{ toYaml .Values.server.securityContext | indent 8 }} + {{- end }} + {{- if .Values.server.tolerations }} + tolerations: +{{ toYaml .Values.server.tolerations | indent 8 }} + {{- end }} + {{- if .Values.server.affinity }} + affinity: +{{ toYaml .Values.server.affinity | indent 8 }} + {{- end }} + terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }} + volumes: + - name: config-volume + configMap: + name: {{ if .Values.server.configMapOverrideName }}{{ .Release.Name }}-{{ .Values.server.configMapOverrideName }}{{- else }}{{ template "prometheus.server.fullname" . }}{{- end }} + - name: storage-volume + {{- if .Values.server.persistentVolume.enabled }} + persistentVolumeClaim: + claimName: {{ if .Values.server.persistentVolume.existingClaim }}{{ .Values.server.persistentVolume.existingClaim }}{{- else }}{{ template "prometheus.server.fullname" . }}{{- end }} + {{- else }} + emptyDir: + {{- if .Values.server.emptyDir.sizeLimit }} + sizeLimit: {{ .Values.server.emptyDir.sizeLimit }} + {{- else }} + {} + {{- end -}} + {{- end -}} +{{- if .Values.server.extraVolumes }} +{{ toYaml .Values.server.extraVolumes | indent 8}} +{{- end }} + {{- range .Values.server.extraHostPathMounts }} + - name: {{ .name }} + hostPath: + path: {{ .hostPath }} + {{- end }} + {{- range .Values.configmapReload.prometheus.extraConfigmapMounts }} + - name: {{ $.Values.configmapReload.prometheus.name }}-{{ .name }} + configMap: + name: {{ .configMap }} + {{- end }} + {{- range .Values.server.extraConfigmapMounts }} + - name: {{ $.Values.server.name }}-{{ .name }} + configMap: + name: {{ .configMap }} + {{- end }} + {{- range .Values.server.extraSecretMounts }} + - name: {{ .name }} + secret: + secretName: {{ .secretName }} + {{- end }} + {{- range .Values.configmapReload.prometheus.extraConfigmapMounts }} + - name: {{ .name }} + configMap: + name: {{ .configMap }} + {{- end }} +{{- end -}} +{{- end -}} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-ingress.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-ingress.yaml new file mode 100644 index 000000000..4cdca92a3 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-ingress.yaml @@ -0,0 +1,46 @@ +{{ if .Values.global.prometheus.enabled }} +{{- if .Values.server.enabled -}} +{{- if .Values.server.ingress.enabled -}} +{{- $releaseName := .Release.Name -}} +{{- $serviceName := include "prometheus.server.fullname" . }} +{{- $servicePort := .Values.server.service.servicePort -}} +{{- $extraPaths := .Values.server.ingress.extraPaths -}} +{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} +apiVersion: networking.k8s.io/v1beta1 +{{ else }} +apiVersion: extensions/v1beta1 +{{ end -}} +kind: Ingress +metadata: +{{- if .Values.server.ingress.annotations }} + annotations: +{{ toYaml .Values.server.ingress.annotations | indent 4 }} +{{- end }} + labels: + {{- include "prometheus.server.labels" . | nindent 4 }} +{{- range $key, $value := .Values.server.ingress.extraLabels }} + {{ $key }}: {{ $value }} +{{- end }} + name: {{ template "prometheus.server.fullname" . }} +spec: + rules: + {{- range .Values.server.ingress.hosts }} + {{- $url := splitList "/" . }} + - host: {{ first $url }} + http: + paths: +{{ if $extraPaths }} +{{ toYaml $extraPaths | indent 10 }} +{{- end }} + - path: /{{ rest $url | join "/" }} + backend: + serviceName: {{ $serviceName }} + servicePort: {{ $servicePort }} + {{- end -}} +{{- if .Values.server.ingress.tls }} + tls: +{{ toYaml .Values.server.ingress.tls | indent 4 }} + {{- end -}} +{{- end -}} +{{- end -}} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-networkpolicy.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-networkpolicy.yaml new file mode 100644 index 000000000..152f3a967 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-networkpolicy.yaml @@ -0,0 +1,19 @@ +{{ if .Values.global.prometheus.enabled }} +{{- if .Values.server.enabled -}} +{{- if .Values.networkPolicy.enabled }} +apiVersion: {{ template "prometheus.networkPolicy.apiVersion" . }} +kind: NetworkPolicy +metadata: + name: {{ template "prometheus.server.fullname" . }} + labels: + {{- include "prometheus.server.labels" . | nindent 4 }} +spec: + podSelector: + matchLabels: + {{- include "prometheus.server.matchLabels" . | nindent 6 }} + ingress: + - ports: + - port: 9090 +{{- end }} +{{- end }} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-pdb.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-pdb.yaml new file mode 100644 index 000000000..ec90cd5c9 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-pdb.yaml @@ -0,0 +1,15 @@ +{{ if .Values.global.prometheus.enabled }} +{{- if .Values.server.podDisruptionBudget.enabled }} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: {{ template "prometheus.server.fullname" . }} + labels: + {{- include "prometheus.server.labels" . | nindent 4 }} +spec: + maxUnavailable: {{ .Values.server.podDisruptionBudget.maxUnavailable }} + selector: + matchLabels: + {{- include "prometheus.server.labels" . | nindent 6 }} +{{- end }} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-podsecuritypolicy.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-podsecuritypolicy.yaml new file mode 100644 index 000000000..73bf065dc --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-podsecuritypolicy.yaml @@ -0,0 +1,55 @@ +{{ if .Values.global.prometheus.enabled }} +{{- if .Values.rbac.create }} +{{- if .Values.podSecurityPolicy.enabled }} +apiVersion: {{ template "prometheus.podSecurityPolicy.apiVersion" . }} +kind: PodSecurityPolicy +metadata: + name: {{ template "prometheus.server.fullname" . }} + labels: + {{- include "prometheus.server.labels" . | nindent 4 }} + annotations: +{{- if .Values.server.podSecurityPolicy.annotations }} +{{ toYaml .Values.server.podSecurityPolicy.annotations | indent 4 }} +{{- end }} +spec: + privileged: false + allowPrivilegeEscalation: false + allowedCapabilities: + - 'CHOWN' + volumes: + - 'configMap' + - 'persistentVolumeClaim' + - 'emptyDir' + - 'secret' + - 'hostPath' + allowedHostPaths: + - pathPrefix: /etc + readOnly: true + - pathPrefix: {{ .Values.server.persistentVolume.mountPath }} + {{- range .Values.server.extraHostPathMounts }} + - pathPrefix: {{ .hostPath }} + readOnly: {{ .readOnly }} + {{- end }} + hostNetwork: false + hostPID: false + hostIPC: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 1 + max: 65535 + readOnlyRootFilesystem: false +{{- end }} +{{- end }} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-pvc.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-pvc.yaml new file mode 100644 index 000000000..22cb51afc --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-pvc.yaml @@ -0,0 +1,36 @@ +{{ if .Values.global.prometheus.enabled }} +{{- if .Values.server.enabled -}} +{{- if not .Values.server.statefulSet.enabled -}} +{{- if .Values.server.persistentVolume.enabled -}} +{{- if not .Values.server.persistentVolume.existingClaim -}} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + {{- if .Values.server.persistentVolume.annotations }} + annotations: +{{ toYaml .Values.server.persistentVolume.annotations | indent 4 }} + {{- end }} + labels: + {{- include "prometheus.server.labels" . | nindent 4 }} + name: {{ template "prometheus.server.fullname" . }} +spec: + accessModes: +{{ toYaml .Values.server.persistentVolume.accessModes | indent 4 }} +{{- if .Values.server.persistentVolume.storageClass }} +{{- if (eq "-" .Values.server.persistentVolume.storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .Values.server.persistentVolume.storageClass }}" +{{- end }} +{{- end }} +{{- if .Values.server.persistentVolume.volumeBindingMode }} + volumeBindingModeName: "{{ .Values.server.persistentVolume.volumeBindingMode }}" +{{- end }} + resources: + requests: + storage: "{{ .Values.server.persistentVolume.size }}" +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-service-headless.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-service-headless.yaml new file mode 100644 index 000000000..018a75b79 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-service-headless.yaml @@ -0,0 +1,28 @@ +{{ if .Values.global.prometheus.enabled }} +{{- if .Values.server.enabled -}} +{{- if .Values.server.statefulSet.enabled -}} +apiVersion: v1 +kind: Service +metadata: +{{- if .Values.server.statefulSet.headless.annotations }} + annotations: +{{ toYaml .Values.server.statefulSet.headless.annotations | indent 4 }} +{{- end }} + labels: + {{- include "prometheus.server.labels" . | nindent 4 }} +{{- if .Values.server.statefulSet.headless.labels }} +{{ toYaml .Values.server.statefulSet.headless.labels | indent 4 }} +{{- end }} + name: {{ template "prometheus.server.fullname" . }}-headless +spec: + clusterIP: None + ports: + - name: http + port: {{ .Values.server.statefulSet.headless.servicePort }} + protocol: TCP + targetPort: 9090 + selector: + {{- include "prometheus.server.matchLabels" . | nindent 4 }} +{{- end -}} +{{- end -}} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-service.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-service.yaml new file mode 100644 index 000000000..e03faf974 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-service.yaml @@ -0,0 +1,61 @@ +{{ if .Values.global.prometheus.enabled }} +{{- if .Values.server.enabled -}} +apiVersion: v1 +kind: Service +metadata: +{{- if .Values.server.service.annotations }} + annotations: +{{ toYaml .Values.server.service.annotations | indent 4 }} +{{- end }} + labels: + {{- include "prometheus.server.labels" . | nindent 4 }} +{{- if .Values.server.service.labels }} +{{ toYaml .Values.server.service.labels | indent 4 }} +{{- end }} + name: {{ template "prometheus.server.fullname" . }} +spec: +{{- if .Values.server.service.clusterIP }} + clusterIP: {{ .Values.server.service.clusterIP }} +{{- end }} +{{- if .Values.server.service.externalIPs }} + externalIPs: +{{ toYaml .Values.server.service.externalIPs | indent 4 }} +{{- end }} +{{- if .Values.server.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.server.service.loadBalancerIP }} +{{- end }} +{{- if .Values.server.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{- range $cidr := .Values.server.service.loadBalancerSourceRanges }} + - {{ $cidr }} + {{- end }} +{{- end }} + ports: + - name: http + port: {{ .Values.server.service.servicePort }} + protocol: TCP + targetPort: 9090 + {{- if .Values.server.service.nodePort }} + nodePort: {{ .Values.server.service.nodePort }} + {{- end }} + {{- if .Values.server.service.gRPC.enabled }} + - name: grpc + port: {{ .Values.server.service.gRPC.servicePort }} + protocol: TCP + targetPort: 10901 + {{- if .Values.server.service.gRPC.nodePort }} + nodePort: {{ .Values.server.service.gRPC.nodePort }} + {{- end }} + {{- end }} + selector: + {{- if and .Values.server.statefulSet.enabled .Values.server.service.statefulsetReplica.enabled }} + statefulset.kubernetes.io/pod-name: {{ .Release.Name }}-{{ .Values.server.name }}-{{ .Values.server.service.statefulsetReplica.replica }} + {{- else -}} + {{- include "prometheus.server.matchLabels" . | nindent 4 }} +{{- if .Values.server.service.sessionAffinity }} + sessionAffinity: {{ .Values.server.service.sessionAffinity }} +{{- end }} + {{- end }} + type: "{{ .Values.server.service.type }}" +{{- end -}} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-serviceaccount.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-serviceaccount.yaml new file mode 100644 index 000000000..6cf017c20 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-serviceaccount.yaml @@ -0,0 +1,12 @@ +{{ if .Values.global.prometheus.enabled }} +{{- if .Values.server.enabled -}} +{{- if .Values.serviceAccounts.server.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + {{- include "prometheus.server.labels" . | nindent 4 }} + name: {{ template "prometheus.serviceAccountName.server" . }} +{{- end }} +{{- end }} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-statefulset.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-statefulset.yaml new file mode 100644 index 000000000..9369ddf38 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-statefulset.yaml @@ -0,0 +1,224 @@ +{{ if .Values.global.prometheus.enabled }} +{{- if .Values.server.enabled -}} +{{- if .Values.server.statefulSet.enabled -}} +apiVersion: apps/v1 +kind: StatefulSet +metadata: +{{- if .Values.server.statefulSet.annotations }} + annotations: +{{ toYaml .Values.server.statefulSet.annotations | indent 4 }} +{{- end }} + labels: + {{- include "prometheus.server.labels" . | nindent 4 }} + {{- if .Values.server.statefulSet.labels}} + {{ toYaml .Values.server.statefulSet.labels | nindent 4 }} + {{- end}} + name: {{ template "prometheus.server.fullname" . }} +spec: + serviceName: {{ template "prometheus.server.fullname" . }}-headless + selector: + matchLabels: + {{- include "prometheus.server.matchLabels" . | nindent 6 }} + replicas: {{ .Values.server.replicaCount }} + podManagementPolicy: {{ .Values.server.statefulSet.podManagementPolicy }} + template: + metadata: + {{- if .Values.server.podAnnotations }} + annotations: +{{ toYaml .Values.server.podAnnotations | indent 8 }} + {{- end }} + labels: + {{- include "prometheus.server.labels" . | nindent 8 }} + {{- if .Values.server.statefulSet.labels}} + {{ toYaml .Values.server.statefulSet.labels | nindent 8 }} + {{- end}} + spec: +{{- if .Values.server.affinity }} + affinity: +{{ toYaml .Values.server.affinity | indent 8 }} +{{- end }} +{{- if .Values.server.priorityClassName }} + priorityClassName: "{{ .Values.server.priorityClassName }}" +{{- end }} +{{- if .Values.server.schedulerName }} + schedulerName: "{{ .Values.server.schedulerName }}" +{{- end }} + serviceAccountName: {{ template "prometheus.serviceAccountName.server" . }} + containers: + {{- if .Values.configmapReload.prometheus.enabled }} + - name: {{ template "prometheus.name" . }}-{{ .Values.server.name }}-{{ .Values.configmapReload.prometheus.name }} + image: "{{ .Values.configmapReload.prometheus.image.repository }}:{{ .Values.configmapReload.prometheus.image.tag }}" + imagePullPolicy: "{{ .Values.configmapReload.prometheus.image.pullPolicy }}" + args: + - --volume-dir=/etc/config + - --webhook-url=http://127.0.0.1:9090{{ .Values.server.prefixURL }}/-/reload + {{- range $key, $value := .Values.configmapReload.prometheus.extraArgs }} + - --{{ $key }}={{ $value }} + {{- end }} + {{- range .Values.configmapReload.prometheus.extraVolumeDirs }} + - --volume-dir={{ . }} + {{- end }} + resources: +{{ toYaml .Values.configmapReload.prometheus.resources | indent 12 }} + volumeMounts: + - name: config-volume + mountPath: /etc/config + readOnly: true + {{- range .Values.configmapReload.prometheus.extraConfigmapMounts }} + - name: {{ $.Values.configmapReload.prometheus.name }}-{{ .name }} + mountPath: {{ .mountPath }} + subPath: {{ .subPath }} + readOnly: {{ .readOnly }} + {{- end }} + {{- end }} + - name: {{ template "prometheus.name" . }}-{{ .Values.server.name }} + image: "{{ .Values.server.image.repository }}:{{ .Values.server.image.tag }}" + imagePullPolicy: "{{ .Values.server.image.pullPolicy }}" + {{- if .Values.server.env }} + env: +{{ toYaml .Values.server.env | indent 12}} + {{- end }} + args: + {{- if .Values.server.retention }} + - --storage.tsdb.retention.time={{ .Values.server.retention }} + {{- end }} + - --config.file={{ .Values.server.configPath }} + - --storage.tsdb.path={{ .Values.server.persistentVolume.mountPath }} + - --web.console.libraries=/etc/prometheus/console_libraries + - --web.console.templates=/etc/prometheus/consoles + {{- range .Values.server.extraFlags }} + - --{{ . }} + {{- end }} + {{- range $key, $value := .Values.server.extraArgs }} + - --{{ $key }}={{ $value }} + {{- end }} + {{- if .Values.server.baseURL }} + - --web.external-url={{ .Values.server.baseURL }} + {{- end }} + ports: + - containerPort: 9090 + readinessProbe: + httpGet: + path: {{ .Values.server.prefixURL }}/-/ready + port: 9090 + initialDelaySeconds: {{ .Values.server.readinessProbeInitialDelay }} + timeoutSeconds: {{ .Values.server.readinessProbeTimeout }} + livenessProbe: + httpGet: + path: {{ .Values.server.prefixURL }}/-/healthy + port: 9090 + initialDelaySeconds: {{ .Values.server.livenessProbeInitialDelay }} + timeoutSeconds: {{ .Values.server.livenessProbeTimeout }} + resources: +{{ toYaml .Values.server.resources | indent 12 }} + volumeMounts: + - name: config-volume + mountPath: /etc/config + - name: storage-volume + mountPath: {{ .Values.server.persistentVolume.mountPath }} + subPath: "{{ .Values.server.persistentVolume.subPath }}" + {{- range .Values.server.extraHostPathMounts }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + subPath: {{ .subPath }} + readOnly: {{ .readOnly }} + {{- end }} + {{- range .Values.server.extraConfigmapMounts }} + - name: {{ $.Values.server.name }}-{{ .name }} + mountPath: {{ .mountPath }} + subPath: {{ .subPath }} + readOnly: {{ .readOnly }} + {{- end }} + {{- range .Values.server.extraSecretMounts }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + subPath: {{ .subPath }} + readOnly: {{ .readOnly }} + {{- end }} + {{- if .Values.server.extraVolumeMounts }} + {{ toYaml .Values.server.extraVolumeMounts | nindent 12 }} + {{- end }} + {{- if .Values.server.sidecarContainers }} + {{- toYaml .Values.server.sidecarContainers | nindent 8 }} + {{- end }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: + {{ toYaml .Values.imagePullSecrets | indent 2 }} + {{- end }} + {{- if .Values.server.nodeSelector }} + nodeSelector: +{{ toYaml .Values.server.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.server.securityContext }} + securityContext: +{{ toYaml .Values.server.securityContext | indent 8 }} + {{- end }} + {{- if .Values.server.tolerations }} + tolerations: +{{ toYaml .Values.server.tolerations | indent 8 }} + {{- end }} + {{- if .Values.server.affinity }} + affinity: +{{ toYaml .Values.server.affinity | indent 8 }} + {{- end }} + terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }} + volumes: + - name: config-volume + configMap: + name: {{ if .Values.server.configMapOverrideName }}{{ .Release.Name }}-{{ .Values.server.configMapOverrideName }}{{- else }}{{ template "prometheus.server.fullname" . }}{{- end }} + {{- range .Values.server.extraHostPathMounts }} + - name: {{ .name }} + hostPath: + path: {{ .hostPath }} + {{- end }} + {{- range .Values.configmapReload.prometheus.extraConfigmapMounts }} + - name: {{ $.Values.configmapReload.prometheus.name }}-{{ .name }} + configMap: + name: {{ .configMap }} + {{- end }} + {{- range .Values.server.extraConfigmapMounts }} + - name: {{ $.Values.server.name }}-{{ .name }} + configMap: + name: {{ .configMap }} + {{- end }} + {{- range .Values.server.extraSecretMounts }} + - name: {{ .name }} + secret: + secretName: {{ .secretName }} + {{- end }} + {{- range .Values.configmapReload.prometheus.extraConfigmapMounts }} + - name: {{ .name }} + configMap: + name: {{ .configMap }} + {{- end }} +{{- if .Values.server.extraVolumes }} +{{ toYaml .Values.server.extraVolumes | indent 8}} +{{- end }} +{{- if .Values.server.persistentVolume.enabled }} + volumeClaimTemplates: + - metadata: + name: storage-volume + {{- if .Values.server.persistentVolume.annotations }} + annotations: +{{ toYaml .Values.server.persistentVolume.annotations | indent 10 }} + {{- end }} + spec: + accessModes: +{{ toYaml .Values.server.persistentVolume.accessModes | indent 10 }} + resources: + requests: + storage: "{{ .Values.server.persistentVolume.size }}" + {{- if .Values.server.persistentVolume.storageClass }} + {{- if (eq "-" .Values.server.persistentVolume.storageClass) }} + storageClassName: "" + {{- else }} + storageClassName: "{{ .Values.server.persistentVolume.storageClass }}" + {{- end }} + {{- end }} +{{- else }} + - name: storage-volume + emptyDir: {} +{{- end }} +{{- end }} +{{- end }} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-vpa.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-vpa.yaml new file mode 100644 index 000000000..8aec16ad5 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/templates/server-vpa.yaml @@ -0,0 +1,26 @@ +{{ if .Values.global.prometheus.enabled }} +{{- if .Values.server.enabled -}} +{{- if .Values.server.verticalAutoscaler.enabled -}} +apiVersion: autoscaling.k8s.io/v1beta2 +kind: VerticalPodAutoscaler +metadata: + labels: + {{- include "prometheus.server.labels" . | nindent 4 }} + name: {{ template "prometheus.server.fullname" . }}-vpa +spec: + targetRef: +{{- if .Values.server.statefulSet.enabled }} + apiVersion: "apps/v1" + kind: StatefulSet +{{- else }} + apiVersion: "extensions/v1beta1" + kind: Deployment +{{- end }} + name: {{ template "prometheus.server.fullname" . }} + updatePolicy: + updateMode: {{ .Values.server.verticalAutoscaler.updateMode | default "Off" | quote }} + resourcePolicy: + containerPolicies: {{ .Values.server.verticalAutoscaler.containerPolicies | default list | toYaml | trim | nindent 4 }} +{{- end -}} {{/* if .Values.server.verticalAutoscaler.enabled */}} +{{- end -}} {{/* .Values.server.enabled */}} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/values.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/values.yaml new file mode 100644 index 000000000..3d44e7f59 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/prometheus/values.yaml @@ -0,0 +1,1387 @@ +rbac: + create: true + +podSecurityPolicy: + enabled: false + +imagePullSecrets: +# - name: "image-pull-secret" + +## Define serviceAccount names for components. Defaults to component's fully qualified name. +## +serviceAccounts: + alertmanager: + create: true + name: + nodeExporter: + create: true + name: + pushgateway: + create: true + name: + server: + create: true + name: + +alertmanager: + ## If false, alertmanager will not be installed + ## + enabled: true + + strategy: + type: Recreate + rollingUpdate: null + + ## alertmanager container name + ## + name: alertmanager + + ## alertmanager container image + ## + image: + repository: prom/alertmanager + tag: v0.20.0 + pullPolicy: IfNotPresent + + ## alertmanager priorityClassName + ## + priorityClassName: "" + + ## Additional alertmanager container arguments + ## + extraArgs: {} + + ## The URL prefix at which the container can be accessed. Useful in the case the '-web.external-url' includes a slug + ## so that the various internal URLs are still able to access as they are in the default case. + ## (Optional) + prefixURL: "" + + ## External URL which can access alertmanager + baseURL: "http://localhost:9093" + + ## Additional alertmanager container environment variable + ## For instance to add a http_proxy + ## + extraEnv: {} + + ## Additional alertmanager Secret mounts + # Defines additional mounts with secrets. Secrets must be manually created in the namespace. + extraSecretMounts: [] + # - name: secret-files + # mountPath: /etc/secrets + # subPath: "" + # secretName: alertmanager-secret-files + # readOnly: true + + ## ConfigMap override where fullname is {{.Release.Name}}-{{.Values.alertmanager.configMapOverrideName}} + ## Defining configMapOverrideName will cause templates/alertmanager-configmap.yaml + ## to NOT generate a ConfigMap resource + ## + configMapOverrideName: "" + + ## The name of a secret in the same kubernetes namespace which contains the Alertmanager config + ## Defining configFromSecret will cause templates/alertmanager-configmap.yaml + ## to NOT generate a ConfigMap resource + ## + configFromSecret: "" + + ## The configuration file name to be loaded to alertmanager + ## Must match the key within configuration loaded from ConfigMap/Secret + ## + configFileName: alertmanager.yml + + ingress: + ## If true, alertmanager Ingress will be created + ## + enabled: false + + ## alertmanager Ingress annotations + ## + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: 'true' + + ## alertmanager Ingress additional labels + ## + extraLabels: {} + + ## alertmanager Ingress hostnames with optional path + ## Must be provided if Ingress is enabled + ## + hosts: [] + # - alertmanager.domain.com + # - domain.com/alertmanager + + ## Extra paths to prepend to every host configuration. This is useful when working with annotation based services. + extraPaths: [] + # - path: /* + # backend: + # serviceName: ssl-redirect + # servicePort: use-annotation + + ## alertmanager Ingress TLS configuration + ## Secrets must be manually created in the namespace + ## + tls: [] + # - secretName: prometheus-alerts-tls + # hosts: + # - alertmanager.domain.com + + ## Alertmanager Deployment Strategy type + # strategy: + # type: Recreate + + ## Node tolerations for alertmanager scheduling to nodes with taints + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + ## + tolerations: [] + # - key: "key" + # operator: "Equal|Exists" + # value: "value" + # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" + + ## Node labels for alertmanager pod assignment + ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + + ## Pod affinity + ## + affinity: {} + + ## PodDisruptionBudget settings + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ + ## + podDisruptionBudget: + enabled: false + maxUnavailable: 1 + + ## Use an alternate scheduler, e.g. "stork". + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + ## + # schedulerName: + + persistentVolume: + ## If true, alertmanager will create/use a Persistent Volume Claim + ## If false, use emptyDir + ## + enabled: true + + ## alertmanager data Persistent Volume access modes + ## Must match those of existing PV or dynamic provisioner + ## Ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ + ## + accessModes: + - ReadWriteOnce + + ## alertmanager data Persistent Volume Claim annotations + ## + annotations: {} + + ## alertmanager data Persistent Volume existing claim name + ## Requires alertmanager.persistentVolume.enabled: true + ## If defined, PVC must be created manually before volume will be bound + existingClaim: "" + + ## alertmanager data Persistent Volume mount root path + ## + mountPath: /data + + ## alertmanager data Persistent Volume size + ## + size: 2Gi + + ## alertmanager data Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + + ## alertmanager data Persistent Volume Binding Mode + ## If defined, volumeBindingMode: + ## If undefined (the default) or set to null, no volumeBindingMode spec is + ## set, choosing the default mode. + ## + # volumeBindingMode: "" + + ## Subdirectory of alertmanager data Persistent Volume to mount + ## Useful if the volume's root directory is not empty + ## + subPath: "" + + ## Annotations to be added to alertmanager pods + ## + podAnnotations: {} + ## Tell prometheus to use a specific set of alertmanager pods + ## instead of all alertmanager pods found in the same namespace + ## Useful if you deploy multiple releases within the same namespace + ## + ## prometheus.io/probe: alertmanager-teamA + + ## Labels to be added to Prometheus AlertManager pods + ## + podLabels: {} + + ## Specify if a Pod Security Policy for node-exporter must be created + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ + ## + podSecurityPolicy: + annotations: {} + ## Specify pod annotations + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl + ## + # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' + # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' + # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' + + ## Use a StatefulSet if replicaCount needs to be greater than 1 (see below) + ## + replicaCount: 1 + + statefulSet: + ## If true, use a statefulset instead of a deployment for pod management. + ## This allows to scale replicas to more than 1 pod + ## + enabled: false + + podManagementPolicy: OrderedReady + + ## Alertmanager headless service to use for the statefulset + ## + headless: + annotations: {} + labels: {} + + ## Enabling peer mesh service end points for enabling the HA alert manager + ## Ref: https://github.com/prometheus/alertmanager/blob/master/README.md + # enableMeshPeer : true + + servicePort: 80 + + ## alertmanager resource requests and limits + ## Ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: {} + # limits: + # cpu: 10m + # memory: 32Mi + # requests: + # cpu: 10m + # memory: 32Mi + + ## Security context to be added to alertmanager pods + ## + securityContext: + runAsUser: 65534 + runAsNonRoot: true + runAsGroup: 65534 + fsGroup: 65534 + + service: + annotations: {} + labels: {} + clusterIP: "" + + ## Enabling peer mesh service end points for enabling the HA alert manager + ## Ref: https://github.com/prometheus/alertmanager/blob/master/README.md + # enableMeshPeer : true + + ## List of IP addresses at which the alertmanager service is available + ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips + ## + externalIPs: [] + + loadBalancerIP: "" + loadBalancerSourceRanges: [] + servicePort: 80 + # nodePort: 30000 + sessionAffinity: None + type: ClusterIP + +## Monitors ConfigMap changes and POSTs to a URL +## Ref: https://github.com/jimmidyson/configmap-reload +## +configmapReload: + prometheus: + ## If false, the configmap-reload container will not be deployed + ## + enabled: true + + ## configmap-reload container name + ## + name: configmap-reload + + ## configmap-reload container image + ## + image: + repository: jimmidyson/configmap-reload + tag: v0.3.0 + pullPolicy: IfNotPresent + + ## Additional configmap-reload container arguments + ## + extraArgs: {} + ## Additional configmap-reload volume directories + ## + extraVolumeDirs: [] + + + ## Additional configmap-reload mounts + ## + extraConfigmapMounts: [] + # - name: prometheus-alerts + # mountPath: /etc/alerts.d + # subPath: "" + # configMap: prometheus-alerts + # readOnly: true + + + ## configmap-reload resource requests and limits + ## Ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: {} + alertmanager: + ## If false, the configmap-reload container will not be deployed + ## + enabled: true + + ## configmap-reload container name + ## + name: configmap-reload + + ## configmap-reload container image + ## + image: + repository: jimmidyson/configmap-reload + tag: v0.3.0 + pullPolicy: IfNotPresent + + ## Additional configmap-reload container arguments + ## + extraArgs: {} + ## Additional configmap-reload volume directories + ## + extraVolumeDirs: [] + + + ## Additional configmap-reload mounts + ## + extraConfigmapMounts: [] + # - name: prometheus-alerts + # mountPath: /etc/alerts.d + # subPath: "" + # configMap: prometheus-alerts + # readOnly: true + + + ## configmap-reload resource requests and limits + ## Ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: {} + +kubeStateMetrics: + ## If false, kube-state-metrics sub-chart will not be installed + ## Please see https://github.com/helm/charts/tree/master/stable/kube-state-metrics for configurable values + ## + enabled: true + +nodeExporter: + ## If false, node-exporter will not be installed + ## + enabled: true + + ## If true, node-exporter pods share the host network namespace + ## + hostNetwork: true + + ## If true, node-exporter pods share the host PID namespace + ## + hostPID: true + + ## node-exporter container name + ## + name: node-exporter + + ## node-exporter container image + ## + image: + repository: prom/node-exporter + tag: v0.18.1 + pullPolicy: IfNotPresent + + ## Specify if a Pod Security Policy for node-exporter must be created + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ + ## + podSecurityPolicy: + annotations: {} + ## Specify pod annotations + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl + ## + # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' + # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' + # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' + + ## node-exporter priorityClassName + ## + priorityClassName: "" + + ## Custom Update Strategy + ## + updateStrategy: + type: RollingUpdate + + ## Additional node-exporter container arguments + ## + extraArgs: {} + + ## Additional node-exporter hostPath mounts + ## + extraHostPathMounts: [] + # - name: textfile-dir + # mountPath: /srv/txt_collector + # hostPath: /var/lib/node-exporter + # readOnly: true + # mountPropagation: HostToContainer + + extraConfigmapMounts: [] + # - name: certs-configmap + # mountPath: /prometheus + # configMap: certs-configmap + # readOnly: true + + ## Node tolerations for node-exporter scheduling to nodes with taints + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + ## + tolerations: [] + # - key: "key" + # operator: "Equal|Exists" + # value: "value" + # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" + + ## Node labels for node-exporter pod assignment + ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + + ## Annotations to be added to node-exporter pods + ## + podAnnotations: {} + + ## Labels to be added to node-exporter pods + ## + pod: + labels: {} + + ## PodDisruptionBudget settings + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ + ## + podDisruptionBudget: + enabled: false + maxUnavailable: 1 + + ## node-exporter resource limits & requests + ## Ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: {} + # limits: + # cpu: 200m + # memory: 50Mi + # requests: + # cpu: 100m + # memory: 30Mi + + ## Security context to be added to node-exporter pods + ## + securityContext: {} + # runAsUser: 0 + + service: + annotations: + prometheus.io/scrape: "true" + labels: {} + + # Exposed as a headless service: + # https://kubernetes.io/docs/concepts/services-networking/service/#headless-services + clusterIP: None + + ## List of IP addresses at which the node-exporter service is available + ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips + ## + externalIPs: [] + + hostPort: 9100 + loadBalancerIP: "" + loadBalancerSourceRanges: [] + servicePort: 9100 + type: ClusterIP + +server: + ## Prometheus server container name + ## + enabled: true + name: server + sidecarContainers: + strategy: + type: Recreate + rollingUpdate: null + + ## Prometheus server container image + ## + image: + repository: prom/prometheus + tag: v2.17.2 + pullPolicy: IfNotPresent + + ## prometheus server priorityClassName + ## + priorityClassName: "" + + ## The URL prefix at which the container can be accessed. Useful in the case the '-web.external-url' includes a slug + ## so that the various internal URLs are still able to access as they are in the default case. + ## (Optional) + prefixURL: "" + + ## External URL which can access alertmanager + ## Maybe same with Ingress host name + baseURL: "" + + ## Additional server container environment variables + ## + ## You specify this manually like you would a raw deployment manifest. + ## This means you can bind in environment variables from secrets. + ## + ## e.g. static environment variable: + ## - name: DEMO_GREETING + ## value: "Hello from the environment" + ## + ## e.g. secret environment variable: + ## - name: USERNAME + ## valueFrom: + ## secretKeyRef: + ## name: mysecret + ## key: username + env: [] + + extraFlags: + - web.enable-lifecycle + ## web.enable-admin-api flag controls access to the administrative HTTP API which includes functionality such as + ## deleting time series. This is disabled by default. + # - web.enable-admin-api + ## + ## storage.tsdb.no-lockfile flag controls BD locking + # - storage.tsdb.no-lockfile + ## + ## storage.tsdb.wal-compression flag enables compression of the write-ahead log (WAL) + # - storage.tsdb.wal-compression + + ## Path to a configuration file on prometheus server container FS + configPath: /etc/config/prometheus.yml + + global: + ## How frequently to scrape targets by default + ## + scrape_interval: 1m + ## How long until a scrape request times out + ## + scrape_timeout: 10s + ## How frequently to evaluate rules + ## + evaluation_interval: 1m + ## https://prometheus.io/docs/prometheus/latest/configuration/configuration/#remote_write + ## + remoteWrite: {} + ## https://prometheus.io/docs/prometheus/latest/configuration/configuration/#remote_read + ## + remoteRead: {} + + ## Additional Prometheus server container arguments + ## + extraArgs: {} + + ## Additional InitContainers to initialize the pod + ## + extraInitContainers: [] + + ## Additional Prometheus server Volume mounts + ## + extraVolumeMounts: [] + + ## Additional Prometheus server Volumes + ## + extraVolumes: [] + + ## Additional Prometheus server hostPath mounts + ## + extraHostPathMounts: [] + # - name: certs-dir + # mountPath: /etc/kubernetes/certs + # subPath: "" + # hostPath: /etc/kubernetes/certs + # readOnly: true + + extraConfigmapMounts: [] + # - name: certs-configmap + # mountPath: /prometheus + # subPath: "" + # configMap: certs-configmap + # readOnly: true + + ## Additional Prometheus server Secret mounts + # Defines additional mounts with secrets. Secrets must be manually created in the namespace. + extraSecretMounts: [] + # - name: secret-files + # mountPath: /etc/secrets + # subPath: "" + # secretName: prom-secret-files + # readOnly: true + + ## ConfigMap override where fullname is {{.Release.Name}}-{{.Values.server.configMapOverrideName}} + ## Defining configMapOverrideName will cause templates/server-configmap.yaml + ## to NOT generate a ConfigMap resource + ## + configMapOverrideName: "" + + ingress: + ## If true, Prometheus server Ingress will be created + ## + enabled: false + + ## Prometheus server Ingress annotations + ## + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: 'true' + + ## Prometheus server Ingress additional labels + ## + extraLabels: {} + + ## Prometheus server Ingress hostnames with optional path + ## Must be provided if Ingress is enabled + ## + hosts: [] + # - prometheus.domain.com + # - domain.com/prometheus + + ## Extra paths to prepend to every host configuration. This is useful when working with annotation based services. + extraPaths: [] + # - path: /* + # backend: + # serviceName: ssl-redirect + # servicePort: use-annotation + + ## Prometheus server Ingress TLS configuration + ## Secrets must be manually created in the namespace + ## + tls: [] + # - secretName: prometheus-server-tls + # hosts: + # - prometheus.domain.com + + ## Server Deployment Strategy type + # strategy: + # type: Recreate + + ## Node tolerations for server scheduling to nodes with taints + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + ## + tolerations: [] + # - key: "key" + # operator: "Equal|Exists" + # value: "value" + # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" + + ## Node labels for Prometheus server pod assignment + ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + + ## Pod affinity + ## + affinity: {} + + ## PodDisruptionBudget settings + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ + ## + podDisruptionBudget: + enabled: false + maxUnavailable: 1 + + ## Use an alternate scheduler, e.g. "stork". + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + ## + # schedulerName: + + persistentVolume: + ## If true, Prometheus server will create/use a Persistent Volume Claim + ## If false, use emptyDir + ## + enabled: true + + ## Prometheus server data Persistent Volume access modes + ## Must match those of existing PV or dynamic provisioner + ## Ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ + ## + accessModes: + - ReadWriteOnce + + ## Prometheus server data Persistent Volume annotations + ## + annotations: {} + + ## Prometheus server data Persistent Volume existing claim name + ## Requires server.persistentVolume.enabled: true + ## If defined, PVC must be created manually before volume will be bound + existingClaim: "" + + ## Prometheus server data Persistent Volume mount root path + ## + mountPath: /data + + ## Prometheus server data Persistent Volume size + ## + size: 8Gi + + ## Prometheus server data Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + + ## Prometheus server data Persistent Volume Binding Mode + ## If defined, volumeBindingMode: + ## If undefined (the default) or set to null, no volumeBindingMode spec is + ## set, choosing the default mode. + ## + # volumeBindingMode: "" + + ## Subdirectory of Prometheus server data Persistent Volume to mount + ## Useful if the volume's root directory is not empty + ## + subPath: "" + + emptyDir: + sizeLimit: "" + + ## Annotations to be added to Prometheus server pods + ## + podAnnotations: {} + # iam.amazonaws.com/role: prometheus + + ## Labels to be added to Prometheus server pods + ## + podLabels: {} + + ## Prometheus AlertManager configuration + ## + alertmanagers: [] + + ## Specify if a Pod Security Policy for node-exporter must be created + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ + ## + podSecurityPolicy: + annotations: {} + ## Specify pod annotations + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl + ## + # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' + # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' + # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' + + ## Use a StatefulSet if replicaCount needs to be greater than 1 (see below) + ## + replicaCount: 1 + + statefulSet: + ## If true, use a statefulset instead of a deployment for pod management. + ## This allows to scale replicas to more than 1 pod + ## + enabled: false + + annotations: {} + labels: {} + podManagementPolicy: OrderedReady + + ## Alertmanager headless service to use for the statefulset + ## + headless: + annotations: {} + labels: {} + servicePort: 80 + + ## Prometheus server readiness and liveness probe initial delay and timeout + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ + ## + readinessProbeInitialDelay: 30 + readinessProbeTimeout: 30 + readinessProbeFailureThreshold: 3 + readinessProbeSuccessThreshold: 1 + livenessProbeInitialDelay: 30 + livenessProbeTimeout: 30 + livenessProbeFailureThreshold: 3 + livenessProbeSuccessThreshold: 1 + + ## Prometheus server resource requests and limits + ## Ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: {} + # limits: + # cpu: 500m + # memory: 512Mi + # requests: + # cpu: 500m + # memory: 512Mi + + ## Vertical Pod Autoscaler config + ## Ref: https://github.com/kubernetes/autoscaler/tree/master/vertical-pod-autoscaler + verticalAutoscaler: + ## If true a VPA object will be created for the controller (either StatefulSet or Deployemnt, based on above configs) + enabled: false + # updateMode: "Auto" + # containerPolicies: + # - containerName: 'prometheus-server' + + ## Security context to be added to server pods + ## + securityContext: + runAsUser: 65534 + runAsNonRoot: true + runAsGroup: 65534 + fsGroup: 65534 + + service: + annotations: {} + labels: {} + clusterIP: "" + + ## List of IP addresses at which the Prometheus server service is available + ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips + ## + externalIPs: [] + + loadBalancerIP: "" + loadBalancerSourceRanges: [] + servicePort: 80 + sessionAffinity: None + type: ClusterIP + + ## Enable gRPC port on service to allow auto discovery with thanos-querier + gRPC: + enabled: false + servicePort: 10901 + # nodePort: 10901 + + ## If using a statefulSet (statefulSet.enabled=true), configure the + ## service to connect to a specific replica to have a consistent view + ## of the data. + statefulsetReplica: + enabled: false + replica: 0 + + ## Prometheus server pod termination grace period + ## + terminationGracePeriodSeconds: 300 + + ## Prometheus data retention period (default if not specified is 15 days) + ## + retention: "15d" + +pushgateway: + ## If false, pushgateway will not be installed + ## + enabled: true + + ## Use an alternate scheduler, e.g. "stork". + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + ## + # schedulerName: + + ## pushgateway container name + ## + name: pushgateway + + ## pushgateway container image + ## + image: + repository: prom/pushgateway + tag: v1.0.1 + pullPolicy: IfNotPresent + + ## pushgateway priorityClassName + ## + priorityClassName: "" + + ## Additional pushgateway container arguments + ## + ## for example: persistence.file: /data/pushgateway.data + extraArgs: {} + + ingress: + ## If true, pushgateway Ingress will be created + ## + enabled: false + + ## pushgateway Ingress annotations + ## + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: 'true' + + ## pushgateway Ingress hostnames with optional path + ## Must be provided if Ingress is enabled + ## + hosts: [] + # - pushgateway.domain.com + # - domain.com/pushgateway + + ## Extra paths to prepend to every host configuration. This is useful when working with annotation based services. + extraPaths: [] + # - path: /* + # backend: + # serviceName: ssl-redirect + # servicePort: use-annotation + + ## pushgateway Ingress TLS configuration + ## Secrets must be manually created in the namespace + ## + tls: [] + # - secretName: prometheus-alerts-tls + # hosts: + # - pushgateway.domain.com + + ## Node tolerations for pushgateway scheduling to nodes with taints + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + ## + tolerations: [] + # - key: "key" + # operator: "Equal|Exists" + # value: "value" + # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" + + ## Node labels for pushgateway pod assignment + ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + + ## Annotations to be added to pushgateway pods + ## + podAnnotations: {} + + ## Specify if a Pod Security Policy for node-exporter must be created + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ + ## + podSecurityPolicy: + annotations: {} + ## Specify pod annotations + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl + ## + # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' + # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' + # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' + + replicaCount: 1 + + ## PodDisruptionBudget settings + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ + ## + podDisruptionBudget: + enabled: false + maxUnavailable: 1 + + ## pushgateway resource requests and limits + ## Ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: {} + # limits: + # cpu: 10m + # memory: 32Mi + # requests: + # cpu: 10m + # memory: 32Mi + + ## Security context to be added to push-gateway pods + ## + securityContext: + runAsUser: 65534 + runAsNonRoot: true + + service: + annotations: + prometheus.io/probe: pushgateway + labels: {} + clusterIP: "" + + ## List of IP addresses at which the pushgateway service is available + ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips + ## + externalIPs: [] + + loadBalancerIP: "" + loadBalancerSourceRanges: [] + servicePort: 9091 + type: ClusterIP + + strategy: + type: Recreate + rollingUpdate: null + + + persistentVolume: + ## If true, pushgateway will create/use a Persistent Volume Claim + ## If false, use emptyDir + ## + enabled: false + + ## pushgateway data Persistent Volume access modes + ## Must match those of existing PV or dynamic provisioner + ## Ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ + ## + accessModes: + - ReadWriteOnce + + ## pushgateway data Persistent Volume Claim annotations + ## + annotations: {} + + ## pushgateway data Persistent Volume existing claim name + ## Requires pushgateway.persistentVolume.enabled: true + ## If defined, PVC must be created manually before volume will be bound + existingClaim: "" + + ## pushgateway data Persistent Volume mount root path + ## + mountPath: /data + + ## pushgateway data Persistent Volume size + ## + size: 2Gi + + ## pushgateway data Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + + ## pushgateway data Persistent Volume Binding Mode + ## If defined, volumeBindingMode: + ## If undefined (the default) or set to null, no volumeBindingMode spec is + ## set, choosing the default mode. + ## + # volumeBindingMode: "" + + ## Subdirectory of pushgateway data Persistent Volume to mount + ## Useful if the volume's root directory is not empty + ## + subPath: "" + + +## alertmanager ConfigMap entries +## +alertmanagerFiles: + alertmanager.yml: + global: {} + # slack_api_url: '' + + receivers: + - name: default-receiver + # slack_configs: + # - channel: '@you' + # send_resolved: true + + route: + group_wait: 10s + group_interval: 5m + receiver: default-receiver + repeat_interval: 3h + +## Prometheus server ConfigMap entries +## +serverFiles: + + ## Alerts configuration + ## Ref: https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/ + alerting_rules.yml: {} + # groups: + # - name: Instances + # rules: + # - alert: InstanceDown + # expr: up == 0 + # for: 5m + # labels: + # severity: page + # annotations: + # description: '{{ $labels.instance }} of job {{ $labels.job }} has been down for more than 5 minutes.' + # summary: 'Instance {{ $labels.instance }} down' + ## DEPRECATED DEFAULT VALUE, unless explicitly naming your files, please use alerting_rules.yml + alerts: {} + + ## Records configuration + ## Ref: https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/ + recording_rules.yml: {} + ## DEPRECATED DEFAULT VALUE, unless explicitly naming your files, please use recording_rules.yml + rules: {} + + prometheus.yml: + rule_files: + - /etc/config/recording_rules.yml + - /etc/config/alerting_rules.yml + ## Below two files are DEPRECATED will be removed from this default values file + - /etc/config/rules + - /etc/config/alerts + + scrape_configs: + - job_name: prometheus + static_configs: + - targets: + - localhost:9090 + + # A scrape configuration for running Prometheus on a Kubernetes cluster. + # This uses separate scrape configs for cluster components (i.e. API server, node) + # and services to allow each to use different authentication configs. + # + # Kubernetes labels will be added as Prometheus labels on metrics via the + # `labelmap` relabeling action. + + - job_name: 'kubernetes-nodes-cadvisor' + + # Default to scraping over https. If required, just disable this or change to + # `http`. + scheme: https + + # This TLS & bearer token file config is used to connect to the actual scrape + # endpoints for cluster components. This is separate to discovery auth + # configuration because discovery & scraping are two separate concerns in + # Prometheus. The discovery auth config is automatic if Prometheus runs inside + # the cluster. Otherwise, more config options have to be provided within the + # . + tls_config: + ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + # If your node certificates are self-signed or use a different CA to the + # master CA, then disable certificate verification below. Note that + # certificate verification is an integral part of a secure infrastructure + # so this should only be disabled in a controlled environment. You can + # disable certificate verification by uncommenting the line below. + # + insecure_skip_verify: true + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + + kubernetes_sd_configs: + - role: node + + # This configuration will work only on kubelet 1.7.3+ + # As the scrape endpoints for cAdvisor have changed + # if you are using older version you need to change the replacement to + # replacement: /api/v1/nodes/$1:4194/proxy/metrics + # more info here https://github.com/coreos/prometheus-operator/issues/633 + relabel_configs: + - action: labelmap + regex: __meta_kubernetes_node_label_(.+) + - target_label: __address__ + replacement: kubernetes.default.svc:443 + - source_labels: [__meta_kubernetes_node_name] + regex: (.+) + target_label: __metrics_path__ + replacement: /api/v1/nodes/$1/proxy/metrics/cadvisor + + metric_relabel_configs: + - source_labels: [ __name__ ] + regex: (container_cpu_usage_seconds_total|container_memory_working_set_bytes|container_network_receive_errors_total|container_network_transmit_errors_total|container_network_receive_packets_dropped_total|container_network_transmit_packets_dropped_total|container_memory_usage_bytes|container_cpu_cfs_throttled_periods_total|container_cpu_cfs_periods_total|container_fs_usage_bytes|container_fs_limit_bytes|container_cpu_cfs_periods_total|container_fs_inodes_free|container_fs_inodes_total|container_fs_usage_bytes|container_fs_limit_bytes|container_cpu_cfs_throttled_periods_total|container_cpu_cfs_periods_total|container_network_receive_bytes_total|container_network_transmit_bytes_total|container_fs_inodes_free|container_fs_inodes_total|container_fs_usage_bytes|container_fs_limit_bytes|container_spec_cpu_shares|container_spec_memory_limit_bytes|container_network_receive_bytes_total|container_network_transmit_bytes_total|container_fs_reads_bytes_total|container_network_receive_bytes_total|container_fs_writes_bytes_total|container_fs_reads_bytes_total|cadvisor_version_info) + action: keep + - source_labels: [ container ] + target_label: container_name + regex: (.+) + action: replace + - source_labels: [ pod ] + target_label: pod_name + regex: (.+) + action: replace + + # Scrape config for service endpoints. + # + # The relabeling allows the actual service scrape endpoint to be configured + # via the following annotations: + # + # * `prometheus.io/scrape`: Only scrape services that have a value of `true` + # * `prometheus.io/scheme`: If the metrics endpoint is secured then you will need + # to set this to `https` & most likely set the `tls_config` of the scrape config. + # * `prometheus.io/path`: If the metrics path is not `/metrics` override this. + # * `prometheus.io/port`: If the metrics are exposed on a different port to the + # service then set this appropriately. + - job_name: 'kubernetes-service-endpoints' + + kubernetes_sd_configs: + - role: endpoints + + relabel_configs: + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape] + action: keep + regex: true + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme] + action: replace + target_label: __scheme__ + regex: (https?) + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path] + action: replace + target_label: __metrics_path__ + regex: (.+) + - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port] + action: replace + target_label: __address__ + regex: ([^:]+)(?::\d+)?;(\d+) + replacement: $1:$2 + - action: labelmap + regex: __meta_kubernetes_service_label_(.+) + - source_labels: [__meta_kubernetes_namespace] + action: replace + target_label: kubernetes_namespace + - source_labels: [__meta_kubernetes_service_name] + action: replace + target_label: kubernetes_name + - source_labels: [__meta_kubernetes_pod_node_name] + action: replace + target_label: kubernetes_node + metric_relabel_configs: + - source_labels: [ __name__ ] + regex: (container_cpu_allocation|container_cpu_usage_seconds_total|container_fs_limit_bytes|container_memory_allocation_bytes|container_memory_usage_bytes|container_memory_working_set_bytes|container_network_receive_bytes_total|container_network_transmit_bytes_total|deployment_match_labels|kube_deployment_spec_replicas|kube_deployment_status_replicas_available|kube_job_status_failed|kube_namespace_annotations|kube_namespace_labels|kube_node_info|kube_node_labels|kube_node_status_capacity_cpu_cores|kube_node_status_capacity_memory_bytes|kube_node_status_condition|kube_persistentvolume_capacity_bytes|kube_persistentvolume_status_phase|kube_persistentvolumeclaim_info|kube_persistentvolumeclaim_resource_requests_storage_bytes|kube_persistentvolumeclaim_resource_requests_storage_bytes|container_memory_allocation_bytes|kube_pod_container_resource_limits_cpu_cores|kube_pod_container_resource_limits_memory_bytes|kube_pod_container_resource_requests_cpu_cores|kube_pod_container_resource_requests_cpu_cores|container_cpu_usage_seconds_total|kube_pod_container_resource_requests_memory_bytes|kube_pod_container_resource_requests_memory_bytes|kube_node_status_capacity_memory_bytes|kube_pod_container_resource_requests|kube_pod_container_status_restarts_total|kube_pod_container_status_running|kube_pod_container_status_terminated_reason|kube_pod_labels|kube_pod_owner|kube_pod_status_phase|kubecost_cluster_memory_working_set_bytes|kubecost_pod_network_egress_bytes_total|node_cpu_hourly_cost|node_cpu_seconds_total|node_disk_reads_completed|node_disk_reads_completed_total|node_disk_writes_completed|node_disk_writes_completed_total|node_filesystem_device_error|node_gpu_hourly_cost|node_memory_Buffers_bytes|node_memory_Cached_bytes|node_memory_MemAvailable_bytes|node_memory_MemFree_bytes|node_memory_MemTotal_bytes|node_network_transmit_bytes_total|node_ram_hourly_cost|pod_pvc_allocation|pv_hourly_cost|service_selector_labels|statefulSet_match_labels|up|kube_node_status_allocatable_cpu_cores|kube_node_status_allocatable_memory_bytes|container_fs_writes_bytes_total|kube_deployment_status_replicas|kube_statefulset_replicas|kube_daemonset_status_desired_number_scheduled|kube_deployment_status_replicas_available|kube_statefulset_status_replicas|kube_daemonset_status_number_ready|kube_deployment_status_replicas|kube_statefulset_replicas|kube_daemonset_status_desired_number_scheduled|kube_replicaset_owner|kube_pod_container_info) + action: keep + + # Scrape config for slow service endpoints; same as above, but with a larger + # timeout and a larger interval + # + # The relabeling allows the actual service scrape endpoint to be configured + # via the following annotations: + # + # * `prometheus.io/scrape-slow`: Only scrape services that have a value of `true` + # * `prometheus.io/scheme`: If the metrics endpoint is secured then you will need + # to set this to `https` & most likely set the `tls_config` of the scrape config. + # * `prometheus.io/path`: If the metrics path is not `/metrics` override this. + # * `prometheus.io/port`: If the metrics are exposed on a different port to the + # service then set this appropriately. + - job_name: 'kubernetes-service-endpoints-slow' + + scrape_interval: 5m + scrape_timeout: 30s + + kubernetes_sd_configs: + - role: endpoints + + relabel_configs: + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape_slow] + action: keep + regex: true + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme] + action: replace + target_label: __scheme__ + regex: (https?) + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path] + action: replace + target_label: __metrics_path__ + regex: (.+) + - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port] + action: replace + target_label: __address__ + regex: ([^:]+)(?::\d+)?;(\d+) + replacement: $1:$2 + - action: labelmap + regex: __meta_kubernetes_service_label_(.+) + - source_labels: [__meta_kubernetes_namespace] + action: replace + target_label: kubernetes_namespace + - source_labels: [__meta_kubernetes_service_name] + action: replace + target_label: kubernetes_name + - source_labels: [__meta_kubernetes_pod_node_name] + action: replace + target_label: kubernetes_node + + - job_name: 'prometheus-pushgateway' + honor_labels: true + + kubernetes_sd_configs: + - role: service + + relabel_configs: + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_probe] + action: keep + regex: pushgateway + + # Example scrape config for probing services via the Blackbox Exporter. + # + # The relabeling allows the actual service scrape endpoint to be configured + # via the following annotations: + # + # * `prometheus.io/probe`: Only probe services that have a value of `true` + - job_name: 'kubernetes-services' + + metrics_path: /probe + params: + module: [http_2xx] + + kubernetes_sd_configs: + - role: service + + relabel_configs: + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_probe] + action: keep + regex: true + - source_labels: [__address__] + target_label: __param_target + - target_label: __address__ + replacement: blackbox + - source_labels: [__param_target] + target_label: instance + - action: labelmap + regex: __meta_kubernetes_service_label_(.+) + - source_labels: [__meta_kubernetes_namespace] + target_label: kubernetes_namespace + - source_labels: [__meta_kubernetes_service_name] + target_label: kubernetes_name + +# adds additional scrape configs to prometheus.yml +# must be a string so you have to add a | after extraScrapeConfigs: +# example adds prometheus-blackbox-exporter scrape config +extraScrapeConfigs: + # - job_name: 'prometheus-blackbox-exporter' + # metrics_path: /probe + # params: + # module: [http_2xx] + # static_configs: + # - targets: + # - https://example.com + # relabel_configs: + # - source_labels: [__address__] + # target_label: __param_target + # - source_labels: [__param_target] + # target_label: instance + # - target_label: __address__ + # replacement: prometheus-blackbox-exporter:9115 + +# Adds option to add alert_relabel_configs to avoid duplicate alerts in alertmanager +# useful in H/A prometheus with different external labels but the same alerts +alertRelabelConfigs: + # alert_relabel_configs: + # - source_labels: [dc] + # regex: (.+)\d+ + # target_label: dc + +networkPolicy: + ## Enable creation of NetworkPolicy resources. + ## + enabled: false diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/.helmignore b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/.helmignore new file mode 100644 index 000000000..f0c131944 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/Chart.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/Chart.yaml new file mode 100644 index 000000000..bf76cbf27 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/Chart.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +appVersion: 0.15.0 +description: Thanos is a set of components that can be composed into a highly available + metric system with unlimited storage capacity, which can be added seamlessly on + top of existing Prometheus deployments. +icon: https://raw.githubusercontent.com/thanos-io/thanos/master/website/static/Thanos-logo_full.svg +keywords: +- thanos +- prometheus +- metrics +maintainers: +- email: info@banzaicloud.com + name: Banzai Cloud +name: thanos +sources: +- https://github.com/thanos-io/thanos +- https://github.com/banzaicloud/banzai-charts/tree/master/thanos +version: 0.15.0 diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/requirements.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/requirements.yaml new file mode 100644 index 000000000..e69de29bb diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/NOTES.txt b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/NOTES.txt new file mode 100644 index 000000000..e69de29bb diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/_helpers.tpl b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/_helpers.tpl new file mode 100644 index 000000000..7b5fb57d8 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/_helpers.tpl @@ -0,0 +1,51 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "thanos.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "thanos.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "thanos.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + + +{{/* +Create a default fully qualified component name from the full app name and a component name. +We truncate the full name at 63 - 1 (last dash) - len(component name) chars because some Kubernetes name fields are limited to this (by the DNS naming spec) +and we want to make sure that the component is included in the name. +*/}} +{{- define "thanos.componentname" -}} +{{- $global := index . 0 -}} +{{- $component := index . 1 | trimPrefix "-" -}} +{{- printf "%s-%s" (include "thanos.fullname" $global | trunc (sub 62 (len $component) | int) | trimSuffix "-" ) $component | trimSuffix "-" -}} +{{- end -}} + +{{/* + +*/}} +{{- define "thanos.secretname" }} +{{- default (include "thanos.name" .) .Values.storeSecretName }} +{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/bucket-deployment.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/bucket-deployment.yaml new file mode 100644 index 000000000..e8757af68 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/bucket-deployment.yaml @@ -0,0 +1,87 @@ +{{ if .Values.global.thanos.enabled }} +{{ if .Values.bucket.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "thanos.componentname" (list $ "bucket") }} + labels: + app.kubernetes.io/name: {{ include "thanos.name" . }} + helm.sh/chart: {{ include "thanos.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} + app.kubernetes.io/component: bucket +{{ with .Values.bucket.deploymentLabels }}{{ toYaml . | indent 4 }}{{ end -}} + {{- with .Values.bucket.deploymentAnnotations }} + annotations: {{ toYaml . | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.bucket.replicaCount | default 1 }} + selector: + matchLabels: + app.kubernetes.io/name: {{ include "thanos.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: bucket +{{ with .Values.bucket.deploymentMatchLabels }}{{ toYaml . | indent 6 }}{{ end }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "thanos.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: bucket +{{ with .Values.bucket.labels }}{{ toYaml . | indent 8 }}{{ end }} + {{- with .Values.bucket.annotations }} + annotations: {{ toYaml . | nindent 8 }} + {{- end }} + spec: + containers: + - name: thanos-bucket + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: {{- with .Values.bucket.extraEnv }}{{ toYaml . | nindent 8 }}{{- end }} + args: + - "tools" + - "bucket" + - "web" + - "--log.level={{ .Values.bucket.logLevel }}" + - "--http-address=0.0.0.0:{{ .Values.bucket.http.port }}" + - "--objstore.config-file=/etc/config/object-store.yaml" + {{- if .Values.bucket.refresh }} + - "--refresh={{ .Values.bucket.refresh }}" + {{- end }} + {{- if .Values.bucket.timeout }} + - "--timeout={{ .Values.bucket.timeout }}" + {{- end }} + {{- if .Values.bucket.label }} + - "--label={{ .Values.bucket.label }}" + {{- end }} + {{ with .Values.bucket.extraArgs }}{{ toYaml . | nindent 8 }}{{- end }} + ports: + - name: http + containerPort: {{ .Values.bucket.http.port }} + volumeMounts: + - name: config-volume + mountPath: /etc/config + readOnly: true + resources: {{ toYaml .Values.bucket.resources | nindent 10 }} + volumes: + - name: config-volume + secret: + secretName: {{ include "thanos.secretname" . }} + {{- with .Values.bucket.securityContext }} + securityContext: {{ toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.bucket.nodeSelector }} + nodeSelector: {{ toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.bucket.affinity }} + affinity: {{ toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.bucket.tolerations }} + tolerations: {{ toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.bucket.serviceAccount }} + serviceAccountName: "{{ . }}" + {{- end }} +{{- end }} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/bucket-ingress.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/bucket-ingress.yaml new file mode 100644 index 000000000..28b037bda --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/bucket-ingress.yaml @@ -0,0 +1,42 @@ +{{ if .Values.global.thanos.enabled }} +{{ if and .Values.bucket.enabled .Values.bucket.http.ingress.enabled }} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ include "thanos.componentname" (list $ "bucket") }} + {{- with .Values.bucket.http.ingress.annotations }} + annotations: {{ toYaml . | nindent 4 }} + {{- end }} + labels: + app.kubernetes.io/name: {{ include "thanos.name" . }} + helm.sh/chart: {{ include "thanos.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} + app.kubernetes.io/component: bucket + {{- if .Values.bucket.http.ingress.labels }} +{{ toYaml .Values.bucket.http.ingress.labels | indent 4 }} + {{- end }} +spec: + {{- if .Values.bucket.http.ingress.tls }} + tls: + {{- range .Values.bucket.http.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.bucket.http.ingress.hosts }} + - host: {{ . }} + http: + paths: + - path: {{ $.Values.bucket.http.ingress.path }} + backend: + serviceName: {{ include "thanos.componentname" (list $ "bucket") }} + servicePort: {{ $.Values.bucket.http.port }} + {{- end }} +{{ end }} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/bucket-poddisruptionbudget.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/bucket-poddisruptionbudget.yaml new file mode 100644 index 000000000..fb3fd1cb7 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/bucket-poddisruptionbudget.yaml @@ -0,0 +1,27 @@ +{{ if .Values.global.thanos.enabled }} +{{- if and .Values.bucket.enabled .Values.bucket.podDisruptionBudget.enabled }} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: {{ include "thanos.componentname" (list $ "bucket") }} + labels: + app.kubernetes.io/name: {{ include "thanos.name" . }} + helm.sh/chart: {{ include "thanos.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/version: {{ $.Chart.AppVersion | replace "+" "_" }} + app.kubernetes.io/component: bucket +{{ with .Values.bucket.deploymentLabels }}{{ toYaml . | indent 4 }}{{ end }} +spec: + {{- if .Values.bucket.podDisruptionBudget.minAvailable }} + minAvailable: {{ .Values.bucket.podDisruptionBudget.minAvailable }} + {{- end }} + {{- if .Values.bucket.podDisruptionBudget.maxUnavailable }} + maxUnavailable: {{ .Values.bucket.podDisruptionBudget.maxUnavailable }} + {{- end }} + selector: + matchLabels: + app.kubernetes.io/name: {{ include "thanos.name" . }} + app.kubernetes.io/component: bucket +{{- end }} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/bucket-service.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/bucket-service.yaml new file mode 100644 index 000000000..0d56d8a2b --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/bucket-service.yaml @@ -0,0 +1,30 @@ +{{ if .Values.global.thanos.enabled }} +{{ if .Values.bucket.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "thanos.componentname" (list $ "bucket") }} + {{- with .Values.bucket.http.service.annotations }} + annotations: {{ toYaml . | nindent 4 }} + {{- end }} + labels: + app.kubernetes.io/name: {{ include "thanos.name" . }} + helm.sh/chart: {{ include "thanos.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/version: {{ $.Chart.AppVersion | replace "+" "_" }} + app.kubernetes.io/component: bucket +{{ with .Values.bucket.http.service.labels }}{{ toYaml . | indent 4 }}{{ end }} +spec: + ports: + - port: {{ .Values.bucket.http.port }} + protocol: TCP + targetPort: http + name: http + selector: + app.kubernetes.io/name: {{ include "thanos.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: bucket +{{ with .Values.bucket.http.service.matchLabels }}{{ toYaml . | indent 4 }}{{ end }} +{{ end }} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/compact-deployment.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/compact-deployment.yaml new file mode 100644 index 000000000..a5b0347ad --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/compact-deployment.yaml @@ -0,0 +1,108 @@ +{{ if .Values.global.thanos.enabled }} +{{ if .Values.compact.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "thanos.componentname" (list $ "compact") }} + labels: + app.kubernetes.io/name: {{ include "thanos.name" . }} + helm.sh/chart: {{ include "thanos.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} + app.kubernetes.io/component: compact +{{ with .Values.compact.deploymentLabels }}{{ toYaml . | indent 4 }}{{ end -}} + {{- with .Values.compact.deploymentAnnotations }} + annotations: {{ toYaml . | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.compact.replicaCount | default 1 }} + selector: + matchLabels: + app.kubernetes.io/name: {{ include "thanos.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: compact +{{ with .Values.compact.deploymentMatchLabels }}{{ toYaml . | indent 6 }}{{ end }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "thanos.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: compact +{{ with .Values.compact.labels }}{{ toYaml . | indent 8 }}{{ end }} + {{- with .Values.compact.annotations }} + annotations: {{ toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.compact.metrics.annotations.enabled }} + prometheus.io/scrape: "true" + prometheus.io/port: "{{ .Values.compact.http.port }}" + {{- end }} + spec: + containers: + - name: thanos-compact + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: {{- with .Values.compact.extraEnv }}{{ toYaml . | nindent 8 }}{{- end }} + args: + - "compact" + - "--log.level={{ .Values.compact.logLevel }}" + - "--http-address=0.0.0.0:{{ .Values.compact.http.port }}" + - "--objstore.config-file=/etc/config/object-store.yaml" + - "--data-dir=/var/thanos/compact" + - "--consistency-delay={{ .Values.compact.consistencyDelay }}" + - "--retention.resolution-raw={{ .Values.compact.retentionResolutionRaw }}" + - "--retention.resolution-5m={{ .Values.compact.retentionResolution5m }}" + - "--retention.resolution-1h={{ .Values.compact.retentionResolution1h }}" + - "--block-sync-concurrency={{ .Values.compact.blockSyncConcurrency }}" + - "--compact.concurrency={{ .Values.compact.compactConcurrency }}" +{{- if .Values.compact.disableDownsampling }} + - "--downsampling.disable" +{{- end }} + - "--wait" +{{ with .Values.compact.extraArgs }}{{ toYaml . | indent 8 }}{{- end }} + ports: + - name: http + containerPort: {{ .Values.compact.http.port }} + volumeMounts: + - name: config-volume + mountPath: /etc/config + readOnly: true + - name: data-volume + mountPath: /var/thanos/compact + resources: {{ toYaml .Values.compact.resources | nindent 10 }} + volumes: + - name: data-volume + {{- if .Values.compact.dataVolume }} + {{- if .Values.compact.dataVolume.persistentVolumeClaim }} + {{- if .Values.compact.dataVolume.persistentVolumeClaim.claimName }} + persistentVolumeClaim: + claimName: {{ .Values.compact.dataVolume.persistentVolumeClaim.claimName }} + {{- else }} + emptyDir: {} + {{- end }} + {{- else }} + emptyDir: {} + {{- end }} + {{- else }} + emptyDir: {} + {{- end }} + - name: config-volume + secret: + secretName: {{ include "thanos.secretname" . }} + {{- with .Values.compact.securityContext }} + securityContext: {{ toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.compact.nodeSelector }} + nodeSelector: {{ toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.compact.affinity }} + affinity: {{ toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.compact.tolerations }} + tolerations: {{ toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.compact.serviceAccount }} + serviceAccountName: "{{ . }}" + {{- end }} +{{- end }} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/compact-pvc.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/compact-pvc.yaml new file mode 100644 index 000000000..f6b33e491 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/compact-pvc.yaml @@ -0,0 +1,27 @@ +{{ if .Values.global.thanos.enabled }} +{{- if .Values.compact.enabled }} +{{- if .Values.compact.dataVolume -}} +{{- if .Values.compact.dataVolume.persistentVolumeClaim -}} +{{- if .Values.compact.dataVolume.persistentVolumeClaim.claimName -}} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ .Values.compact.dataVolume.persistentVolumeClaim.claimName }} +spec: + accessModes: + - ReadWriteOnce + {{- if .Values.compact.dataVolume.persistentVolumeClaim.storageClass }} + storageClassName: {{ .Values.compact.dataVolume.persistentVolumeClaim.storageClass }} + {{- end }} + resources: + requests: + {{- if .Values.compact.dataVolume.persistentVolumeClaim.storage }} + storage: {{ .Values.compact.dataVolume.persistentVolumeClaim.storage }} + {{- else }} + storage: 100Gi + {{- end }} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/compact-service.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/compact-service.yaml new file mode 100644 index 000000000..080821849 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/compact-service.yaml @@ -0,0 +1,30 @@ +{{ if .Values.global.thanos.enabled }} +{{ if .Values.compact.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "thanos.componentname" (list $ "compact") }} + {{- with .Values.compact.http.service.annotations }} + annotations: {{ toYaml . | nindent 4 }} + {{- end }} + labels: + app.kubernetes.io/name: {{ include "thanos.name" . }} + helm.sh/chart: {{ include "thanos.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/version: {{ $.Chart.AppVersion | replace "+" "_" }} + app.kubernetes.io/component: compact +{{ with .Values.compact.http.service.labels }}{{ toYaml . | indent 4 }}{{ end }} +spec: + ports: + - port: {{ .Values.compact.http.port }} + protocol: TCP + targetPort: http + name: http + selector: + app.kubernetes.io/name: {{ include "thanos.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: compact +{{ with .Values.compact.http.service.matchLabels }}{{ toYaml . | indent 4 }}{{ end }} +{{ end}} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/compact-servicemonitor.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/compact-servicemonitor.yaml new file mode 100644 index 000000000..bc224d802 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/compact-servicemonitor.yaml @@ -0,0 +1,32 @@ +{{ if .Values.global.thanos.enabled }} +{{- if and .Values.compact.enabled .Values.compact.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "thanos.componentname" (list $ "compact") }} + labels: + app.kubernetes.io/name: {{ include "thanos.name" . }} + helm.sh/chart: {{ include "thanos.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} + app.kubernetes.io/component: compact +{{ with .Values.compact.metrics.serviceMonitor.labels }}{{ toYaml . | indent 4 }}{{ end }} +spec: + jobLabel: thanos-compact + selector: + matchLabels: + app.kubernetes.io/name: {{ include "thanos.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: compact + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + endpoints: + - port: http + interval: {{ .Values.compact.metrics.serviceMonitor.interval | default "15s" }} + {{- with .Values.compact.metrics.serviceMonitor.relabellings }} + metricRelabelings: {{ toYaml . | nindent 8 }} + {{- end }} +{{- end -}} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-deployment.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-deployment.yaml new file mode 100644 index 000000000..74e96d09c --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-deployment.yaml @@ -0,0 +1,148 @@ +{{ if .Values.global.thanos.enabled }} +{{ if .Values.query.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "thanos.componentname" (list $ "query") }} + labels: + app.kubernetes.io/name: {{ include "thanos.name" . }} + helm.sh/chart: {{ include "thanos.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} + app.kubernetes.io/component: query +{{ with .Values.query.deploymentLabels }}{{ toYaml . | indent 4 }}{{ end }} + {{- with .Values.query.deploymentAnnotations }} + annotations: {{ toYaml . | nindent 4 }} + {{- end }} +spec: +{{- if not .Values.query.autoscaling.enabled }} + replicas: {{ .Values.query.replicaCount | default 1 }} +{{- end }} + selector: + matchLabels: + app.kubernetes.io/name: {{ include "thanos.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: query +{{ with .Values.query.deploymentMatchLabels }}{{ toYaml . | indent 6 }}{{ end }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "thanos.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: query +{{ with .Values.query.labels }}{{ toYaml . | indent 8 }}{{ end }} + {{- with .Values.query.annotations }} + annotations: {{ toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.query.metrics.annotations.enabled }} + prometheus.io/scrape: "true" + prometheus.io/port: "{{ .Values.query.http.port }}" + {{- end }} + spec: + containers: + - name: thanos-query + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + args: + - "query" + - "--log.level={{ .Values.query.logLevel }}" + - "--grpc-address=0.0.0.0:{{ .Values.query.grpc.port }}" + - "--http-address=0.0.0.0:{{ .Values.query.http.port }}" + - "--query.timeout={{ .Values.query.timeout }}" + - "--query.max-concurrent={{ .Values.query.maxConcurrent }}" + {{- if .Values.query.autoDownsampling }} + - "--query.auto-downsampling" + {{- end }} + {{- if .Values.query.replicaLabel }} + - "--query.replica-label={{ .Values.query.replicaLabel }}" + {{- end }} + {{- if .Values.query.webRoutePrefix }} + - "--web.route-prefix={{ .Values.query.webRoutePrefix }}" + {{- end }} + {{- if .Values.query.webExternalPrefix }} + - "--web.external-prefix={{ .Values.query.webExternalPrefix }}" + {{- end }} + {{- if .Values.query.webPrefixHeader }} + - "--web.prefix-header={{ .Values.query.webPrefixHeader }}" + {{- end }} + {{- if .Values.query.storeDNSResolver }} + - "--store.sd-dns-resolver={{ .Values.query.storeDNSResolver }}" + {{- end }} + {{- if .Values.query.storeDNSDiscovery }} + - "--store=dnssrv+_grpc._tcp.{{ include "thanos.componentname" (list $ "store") }}-grpc.{{ .Release.Namespace }}.svc" + {{- end }} + {{- if .Values.query.sidecarDNSDiscovery }} + - "--store=dnssrv+_grpc._tcp.{{ include "thanos.componentname" (list $ "sidecar") }}-grpc.{{ .Release.Namespace }}.svc" + {{- end }} + {{- range .Values.query.stores }} + - "--store={{ . }}" + {{- end }} + {{- range .Values.query.serviceDiscoveryFiles }} + - "--store.sd-files={{ . }}" + {{- end }} + {{- range .Values.query.serviceDiscoveryFileConfigMaps }} + - "--store.sd-files=/etc/query/{{ . }}/*.yaml" + - "--store.sd-files=/etc/query/{{ . }}/*.yml" + - "--store.sd-files=/etc/query/{{ . }}/*.json" + {{- end }} + {{- if .Values.query.serviceDiscoveryInterval }} + - "--store.sd-interval={{ .Values.query.serviceDiscoveryInterval }}" + {{- end }} + + {{- if .Values.query.extraArgs }} + {{ toYaml .Values.query.extraArgs | nindent 8 }} + {{- end }} + ports: + - name: http + containerPort: {{ .Values.query.http.port }} + - name: grpc + containerPort: {{ .Values.query.grpc.port }} + resources: + {{ toYaml .Values.query.resources | nindent 10 }} + env: + {{- toYaml .Values.query.extraEnv | nindent 10 }} + volumeMounts: + {{- range .Values.query.serviceDiscoveryFileConfigMaps }} + - mountPath: /etc/query/{{ . }} + name: {{ . }} + {{- end }} + {{- if .Values.query.certSecretName }} + - mountPath: /etc/certs + name: {{ .Values.query.certSecretName }} + readOnly: true + {{- end }} + livenessProbe: + httpGet: + path: /-/healthy + port: http + volumes: + {{- range .Values.query.serviceDiscoveryFileConfigMaps }} + - name: {{ . }} + configMap: + defaultMode: 420 + name: {{ . }} + {{- end }} + {{- if .Values.query.certSecretName }} + - name: {{ .Values.query.certSecretName }} + secret: + defaultMode: 420 + secretName: {{ .Values.query.certSecretName }} + {{- end }} + {{- with .Values.query.securityContext }} + securityContext: {{ toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.query.nodeSelector }} + nodeSelector: {{ toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.query.affinity }} + affinity: {{ toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.query.tolerations }} + tolerations: {{ toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.query.serviceAccount }} + serviceAccountName: "{{ . }}" + {{- end }} +{{ end }} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-frontend-deployment.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-frontend-deployment.yaml new file mode 100644 index 000000000..05c32682d --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-frontend-deployment.yaml @@ -0,0 +1,122 @@ +{{ if .Values.global.thanos.enabled }} +{{ if .Values.queryFrontend.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "thanos.componentname" (list $ "query-frontend") }} + labels: + app.kubernetes.io/name: {{ include "thanos.name" . }} + helm.sh/chart: {{ include "thanos.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} + app.kubernetes.io/component: query-frontend +{{ with .Values.queryFrontend.deploymentLabels }}{{ toYaml . | indent 4 }}{{ end }} + {{- with .Values.queryFrontend.deploymentAnnotations }} + annotations: {{ toYaml . | nindent 4 }} + {{- end }} +spec: +{{- if not .Values.queryFrontend.autoscaling.enabled }} + replicas: {{ .Values.queryFrontend.replicaCount | default 1 }} +{{- end }} + selector: + matchLabels: + app.kubernetes.io/name: {{ include "thanos.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: query-frontend +{{ with .Values.queryFrontend.deploymentMatchLabels }}{{ toYaml . | indent 6 }}{{ end }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "thanos.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: query-frontend +{{ with .Values.queryFrontend.labels }}{{ toYaml . | indent 8 }}{{ end }} + {{- with .Values.queryFrontend.annotations }} + annotations: {{ toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.queryFrontend.metrics.annotations.enabled }} + prometheus.io/scrape: "true" + prometheus.io/port: "{{ .Values.queryFrontend.http.port }}" + {{- end }} + spec: + containers: + - name: thanos-query-frontend + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + args: + - "query-frontend" + - "--log.level={{ .Values.queryFrontend.logLevel }}" + - "--http-address=0.0.0.0:{{ .Values.queryFrontend.http.port }}" + - "--query-frontend.downstream-url=http://{{ include "thanos.componentname" (list $ "query") }}-http.{{ .Release.Namespace }}:{{ .Values.query.http.port }}" + - "--query-range.split-interval={{ .Values.queryFrontend.splitInterval }}" + - "--query-range.max-retries-per-request={{ .Values.queryFrontend.maxRetriesPerRequest }}" + - "--query-range.max-query-length={{ .Values.queryFrontend.maxQueryLength }}" + - "--query-range.max-query-parallelism={{ .Values.queryFrontend.maxQueryParallelism }}" + - "--query-range.response-cache-max-freshness={{ .Values.queryFrontend.responseCacheMaxFreshness }}" + {{- if .Values.queryFrontend.responseCache.enabled }} + {{- with .Values.queryFrontend.responseCache }} + - |- + --query-range.response-cache-config= + config: + max_size: {{ quote .maxSize }} + max_size_items: {{ .maxSizeItems }} + validity: {{ quote .validity }} + type: "in-memory" + {{- end }} + {{- else if .Values.queryFrontend.responseCacheConfigFile }} + - "--query-range.response-cache-config-file={{ .Values.queryFrontend.responseCacheConfigFile }}" + {{- else if .Values.queryFrontend.responseCacheConfig }} + - |- + --query-range.response-cache-config={{ toYaml .Values.queryFrontend.responseCacheConfig | nindent 12 }} + {{- end }} + {{- if .Values.queryFrontend.compressResponses }} + - "--query-frontend.compress-responses" + {{- end }} + {{- if .Values.queryFrontend.partialResponse }} + - "--query-range.partial-response" + {{- end }} + {{- if .Values.queryFrontend.extraArgs }} + {{ toYaml .Values.queryFrontend.extraArgs | nindent 8 }} + {{- end }} + ports: + - name: http + containerPort: {{ .Values.queryFrontend.http.port }} + resources: + {{ toYaml .Values.queryFrontend.resources | nindent 10 }} + env: + {{- toYaml .Values.queryFrontend.extraEnv | nindent 10 }} + volumeMounts: + {{- if .Values.queryFrontend.certSecretName }} + - mountPath: /etc/certs + name: {{ .Values.queryFrontend.certSecretName }} + readOnly: true + {{- end }} + livenessProbe: + httpGet: + path: /-/healthy + port: http + volumes: + {{- if .Values.queryFrontend.certSecretName }} + - name: {{ .Values.queryFrontend.certSecretName }} + secret: + defaultMode: 420 + secretName: {{ .Values.queryFrontend.certSecretName }} + {{- end }} + {{- with .Values.queryFrontend.securityContext }} + securityContext: {{ toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.queryFrontend.nodeSelector }} + nodeSelector: {{ toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.queryFrontend.affinity }} + affinity: {{ toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.queryFrontend.tolerations }} + tolerations: {{ toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.queryFrontend.serviceAccount }} + serviceAccountName: "{{ . }}" + {{- end }} +{{ end }} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-frontend-horizontalpodautoscaler.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-frontend-horizontalpodautoscaler.yaml new file mode 100644 index 000000000..3d08e459b --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-frontend-horizontalpodautoscaler.yaml @@ -0,0 +1,37 @@ +{{ if .Values.global.thanos.enabled }} +{{- if .Values.queryFrontend.enabled }} +{{- if .Values.queryFrontend.autoscaling.enabled }} +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "thanos.componentname" (list $ "query-frontend") }} + labels: + app.kubernetes.io/name: {{ include "thanos.name" . }} + helm.sh/chart: {{ include "thanos.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} + app.kubernetes.io/component: query-frontend +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "thanos.componentname" (list $ "query-frontend") }} + minReplicas: {{ .Values.queryFrontend.autoscaling.minReplicas }} + maxReplicas: {{ .Values.queryFrontend.autoscaling.maxReplicas }} + metrics: +{{- with .Values.queryFrontend.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + targetAverageUtilization: {{ . }} +{{- end }} +{{- with .Values.queryFrontend.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + targetAverageUtilization: {{ . }} +{{- end }} +{{- end }} +{{- end }} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-frontend-ingress.yml b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-frontend-ingress.yml new file mode 100644 index 000000000..5423cecf2 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-frontend-ingress.yml @@ -0,0 +1,45 @@ +--- +{{ if .Values.global.thanos.enabled }} +{{- if and .Values.queryFrontend.enabled .Values.queryFrontend.http.ingress.enabled }} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ include "thanos.componentname" (list $ "query-frontend") }}-http + labels: + app.kubernetes.io/name: {{ include "thanos.name" . }} + helm.sh/chart: {{ include "thanos.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} + app.kubernetes.io/component: query-frontend + {{- if .Values.queryFrontend.http.ingress.labels }} + {{ toYaml .Values.queryFrontend.http.ingress.labels | indent 4 }} + {{- end }} + {{- with .Values.queryFrontend.http.ingress.annotations }} + annotations: {{ toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if .Values.queryFrontend.http.ingress.tls }} + tls: + {{- range .Values.queryFrontend.http.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + {{- if .secretName }} + secretName: {{ .secretName }} + {{- end}} + {{- end }} + {{- end }} + rules: + {{- range .Values.queryFrontend.http.ingress.hosts }} + - host: {{ . }} + http: + paths: + - path: {{ $.Values.queryFrontend.http.ingress.path }} + backend: + serviceName: {{ include "thanos.componentname" (list $ "query-frontend") }}-http + servicePort: {{ $.Values.queryFrontend.http.port }} + {{- end }} +{{- end }} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-frontend-poddisruptionbudget.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-frontend-poddisruptionbudget.yaml new file mode 100644 index 000000000..5cfef4756 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-frontend-poddisruptionbudget.yaml @@ -0,0 +1,27 @@ +{{ if .Values.global.thanos.enabled }} +{{- if and .Values.queryFrontend.enabled .Values.queryFrontend.podDisruptionBudget.enabled }} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: {{ include "thanos.componentname" (list $ "query-frontend") }} + labels: + app.kubernetes.io/name: {{ include "thanos.name" . }} + helm.sh/chart: {{ include "thanos.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/version: {{ $.Chart.AppVersion | replace "+" "_" }} + app.kubernetes.io/component: query-frontend +{{ with .Values.queryFrontend.deploymentLabels }}{{ toYaml . | indent 4 }}{{ end }} +spec: + {{- if .Values.queryFrontend.podDisruptionBudget.minAvailable }} + minAvailable: {{ .Values.queryFrontend.podDisruptionBudget.minAvailable }} + {{- end }} + {{- if .Values.queryFrontend.podDisruptionBudget.maxUnavailable }} + maxUnavailable: {{ .Values.queryFrontend.podDisruptionBudget.maxUnavailable }} + {{- end }} + selector: + matchLabels: + app.kubernetes.io/name: {{ include "thanos.name" . }} + app.kubernetes.io/component: query-frontend +{{- end }} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-frontend-service.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-frontend-service.yaml new file mode 100644 index 000000000..2521e898a --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-frontend-service.yaml @@ -0,0 +1,34 @@ +{{ if .Values.global.thanos.enabled }} +{{- if .Values.queryFrontend.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "thanos.componentname" (list $ "query-frontend") }}-http + {{- with .Values.queryFrontend.http.service.annotations }} + annotations: {{ toYaml .| nindent 4 }} + {{- end }} + labels: + app.kubernetes.io/name: {{ include "thanos.name" . }} + helm.sh/chart: {{ include "thanos.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/version: {{ $.Chart.AppVersion | replace "+" "_" }} + app.kubernetes.io/component: query-frontend +{{ with .Values.queryFrontend.http.service.labels }}{{ toYaml . | indent 4 }}{{ end }} +spec: + type: {{ .Values.queryFrontend.http.service.type }} + {{- if .Values.queryFrontend.http.service.externalTrafficPolicy }} + externalTrafficPolicy: {{ .Values.queryFrontend.http.externalTrafficPolicy }} + {{- end }} + ports: + - port: {{ .Values.queryFrontend.http.port }} + targetPort: http + protocol: TCP + name: http + selector: + app.kubernetes.io/name: {{ include "thanos.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: query-frontend +{{ with .Values.queryFrontend.http.service.matchLabels }}{{ toYaml . | indent 4 }}{{ end }} +{{- end -}} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-frontend-servicemonitor.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-frontend-servicemonitor.yaml new file mode 100644 index 000000000..004367519 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-frontend-servicemonitor.yaml @@ -0,0 +1,32 @@ +{{ if .Values.global.thanos.enabled }} +{{- if and .Values.queryFrontend.enabled .Values.queryFrontend.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "thanos.componentname" (list $ "query-frontend") }} + labels: + app.kubernetes.io/name: {{ include "thanos.name" . }} + helm.sh/chart: {{ include "thanos.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} + app.kubernetes.io/component: query-frontend +{{ with .Values.queryFrontend.metrics.serviceMonitor.labels }}{{ toYaml . | indent 4 }}{{ end }} +spec: + jobLabel: thanos-query + selector: + matchLabels: + app.kubernetes.io/name: {{ include "thanos.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: query-frontend + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + endpoints: + - port: http + interval: {{ .Values.queryFrontend.metrics.serviceMonitor.interval | default "15s" }} + {{- with .Values.queryFrontend.metrics.serviceMonitor.relabellings }} + metricRelabelings: {{ toYaml . | nindent 8 }} + {{- end }} +{{- end -}} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-horizontalpodautoscaler.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-horizontalpodautoscaler.yaml new file mode 100644 index 000000000..9b38473d8 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-horizontalpodautoscaler.yaml @@ -0,0 +1,37 @@ +{{ if .Values.global.thanos.enabled }} +{{- if .Values.query.enabled }} +{{- if .Values.query.autoscaling.enabled }} +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "thanos.componentname" (list $ "query") }} + labels: + app.kubernetes.io/name: {{ include "thanos.name" . }} + helm.sh/chart: {{ include "thanos.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} + app.kubernetes.io/component: query +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "thanos.componentname" (list $ "query") }} + minReplicas: {{ .Values.query.autoscaling.minReplicas }} + maxReplicas: {{ .Values.query.autoscaling.maxReplicas }} + metrics: +{{- with .Values.query.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + targetAverageUtilization: {{ . }} +{{- end }} +{{- with .Values.query.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + targetAverageUtilization: {{ . }} +{{- end }} +{{- end }} +{{- end }} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-ingress.yml b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-ingress.yml new file mode 100644 index 000000000..cfda4a0e3 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-ingress.yml @@ -0,0 +1,89 @@ +--- +{{ if .Values.global.thanos.enabled }} +{{- if and .Values.query.enabled .Values.query.http.ingress.enabled }} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ include "thanos.componentname" (list $ "query") }}-http + labels: + app.kubernetes.io/name: {{ include "thanos.name" . }} + helm.sh/chart: {{ include "thanos.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} + app.kubernetes.io/component: query + {{- if .Values.query.http.ingress.labels }} + {{ toYaml .Values.query.http.ingress.labels | indent 4 }} + {{- end }} + {{- with .Values.query.http.ingress.annotations }} + annotations: {{ toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if .Values.query.http.ingress.tls }} + tls: + {{- range .Values.query.http.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + {{- if .secretName }} + secretName: {{ .secretName }} + {{- end}} + {{- end }} + {{- end }} + rules: + {{- range .Values.query.http.ingress.hosts }} + - host: {{ . }} + http: + paths: + - path: {{ $.Values.query.http.ingress.path }} + backend: + serviceName: {{ include "thanos.componentname" (list $ "query") }}-http + servicePort: {{ $.Values.query.http.port }} + {{- end }} +{{- end }} + +{{- if and .Values.query.enabled .Values.query.grpc.ingress.enabled }} +--- +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ include "thanos.componentname" (list $ "query") }}-grpc + labels: + app.kubernetes.io/name: {{ include "thanos.name" . }} + helm.sh/chart: {{ include "thanos.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} + app.kubernetes.io/component: query + {{- if .Values.query.grpc.ingress.labels }} + {{ toYaml .Values.grpc.ingress.labels | indent 4 }} + {{- end }} + {{- with .Values.query.grpc.ingress.annotations }} + annotations: {{ toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if .Values.query.grpc.ingress.tls }} + tls: + {{- range .Values.query.grpc.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + {{- if .secretName }} + secretName: {{ .secretName }} + {{- end}} + {{- end }} + {{- end }} + rules: + {{- range .Values.query.grpc.ingress.hosts }} + - host: {{ . }} + http: + paths: + - path: {{ $.Values.query.grpc.ingress.path }} + backend: + serviceName: {{ include "thanos.componentname" (list $ "query") }}-grpc + servicePort: {{ $.Values.query.http.port }} + {{- end }} +{{- end }} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-poddisruptionbudget.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-poddisruptionbudget.yaml new file mode 100644 index 000000000..efc2c817c --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-poddisruptionbudget.yaml @@ -0,0 +1,27 @@ +{{ if .Values.global.thanos.enabled }} +{{- if and .Values.query.enabled .Values.query.podDisruptionBudget.enabled }} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: {{ include "thanos.componentname" (list $ "query") }} + labels: + app.kubernetes.io/name: {{ include "thanos.name" . }} + helm.sh/chart: {{ include "thanos.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/version: {{ $.Chart.AppVersion | replace "+" "_" }} + app.kubernetes.io/component: query +{{ with .Values.query.deploymentLabels }}{{ toYaml . | indent 4 }}{{ end }} +spec: + {{- if .Values.query.podDisruptionBudget.minAvailable }} + minAvailable: {{ .Values.query.podDisruptionBudget.minAvailable }} + {{- end }} + {{- if .Values.query.podDisruptionBudget.maxUnavailable }} + maxUnavailable: {{ .Values.query.podDisruptionBudget.maxUnavailable }} + {{- end }} + selector: + matchLabels: + app.kubernetes.io/name: {{ include "thanos.name" . }} + app.kubernetes.io/component: query +{{- end }} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-service.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-service.yaml new file mode 100644 index 000000000..89178a4e1 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-service.yaml @@ -0,0 +1,65 @@ +{{ if .Values.global.thanos.enabled }} +{{- if .Values.query.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "thanos.componentname" (list $ "query") }}-grpc + {{- with .Values.query.grpc.service.annotations }} + annotations: {{ toYaml . | nindent 4 }} + {{- end }} + labels: + app.kubernetes.io/name: {{ include "thanos.name" . }} + helm.sh/chart: {{ include "thanos.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/version: {{ $.Chart.AppVersion | replace "+" "_" }} + app.kubernetes.io/component: query +{{ with .Values.query.grpc.service.labels }}{{ toYaml . | indent 4 }}{{ end }} +spec: + type: ClusterIP + clusterIP: None + ports: + - port: {{ .Values.query.grpc.port }} + targetPort: grpc + protocol: TCP + name: grpc + selector: + app.kubernetes.io/name: {{ include "thanos.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: query +{{ with .Values.query.grpc.service.matchLabels }}{{ toYaml . | indent 4 }}{{ end }} + +--- + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "thanos.componentname" (list $ "query") }}-http + {{- with .Values.query.http.service.annotations }} + annotations: {{ toYaml .| nindent 4 }} + {{- end }} + labels: + app.kubernetes.io/name: {{ include "thanos.name" . }} + helm.sh/chart: {{ include "thanos.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/version: {{ $.Chart.AppVersion | replace "+" "_" }} + app.kubernetes.io/component: query +{{ with .Values.query.http.service.labels }}{{ toYaml . | indent 4 }}{{ end }} +spec: + type: {{ .Values.query.http.service.type }} + {{- if .Values.query.http.service.externalTrafficPolicy }} + externalTrafficPolicy: {{ .Values.query.http.externalTrafficPolicy }} + {{- end }} + ports: + - port: {{ .Values.query.http.port }} + targetPort: http + protocol: TCP + name: http + selector: + app.kubernetes.io/name: {{ include "thanos.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: query +{{ with .Values.query.http.service.matchLabels }}{{ toYaml . | indent 4 }}{{ end }} +{{- end -}} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-servicemonitor.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-servicemonitor.yaml new file mode 100644 index 000000000..673445428 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/query-servicemonitor.yaml @@ -0,0 +1,32 @@ +{{ if .Values.global.thanos.enabled }} +{{- if and .Values.query.enabled .Values.query.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "thanos.componentname" (list $ "query") }} + labels: + app.kubernetes.io/name: {{ include "thanos.name" . }} + helm.sh/chart: {{ include "thanos.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} + app.kubernetes.io/component: query +{{ with .Values.query.metrics.serviceMonitor.labels }}{{ toYaml . | indent 4 }}{{ end }} +spec: + jobLabel: thanos-query + selector: + matchLabels: + app.kubernetes.io/name: {{ include "thanos.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: query + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + endpoints: + - port: http + interval: {{ .Values.query.metrics.serviceMonitor.interval | default "15s" }} + {{- with .Values.query.metrics.serviceMonitor.relabellings }} + metricRelabelings: {{ toYaml . | nindent 8 }} + {{- end }} +{{- end -}} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/sidecar-service.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/sidecar-service.yaml new file mode 100644 index 000000000..021bdfaf9 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/sidecar-service.yaml @@ -0,0 +1,61 @@ +{{ if .Values.global.thanos.enabled }} +{{- if .Values.sidecar.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "thanos.componentname" (list $ "sidecar") }}-grpc + {{- with .Values.sidecar.grpc.service.annotations }} + annotations: {{ toYaml . | nindent 4 }} + {{- end }} + labels: + app.kubernetes.io/name: {{ include "thanos.name" . }} + helm.sh/chart: {{ include "thanos.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/version: {{ $.Chart.AppVersion | replace "+" "_" }} + app.kubernetes.io/component: sidecar +{{ with .Values.sidecar.grpc.service.labels }}{{ toYaml . | indent 4 }}{{ end }} +spec: + type: ClusterIP + clusterIP: None + ports: + - port: {{ .Values.sidecar.grpc.port }} + protocol: TCP + targetPort: grpc + name: grpc + selector: + app: prometheus +{{ with .Values.sidecar.grpc.service.matchLabels }}{{ toYaml . | indent 4 }}{{ end }} + +--- + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "thanos.componentname" (list $ "sidecar") }}-http + {{- with .Values.sidecar.http.service.annotations }} + annotations: {{ toYaml .| nindent 4 }} + {{- end }} + labels: + app.kubernetes.io/name: {{ include "thanos.name" . }} + helm.sh/chart: {{ include "thanos.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/version: {{ $.Chart.AppVersion | replace "+" "_" }} + app.kubernetes.io/component: sidecar +{{ with .Values.store.http.service.labels }}{{ toYaml . | indent 4 }}{{ end }} +spec: + type: {{ .Values.sidecar.http.service.type }} + {{- if .Values.sidecar.http.service.externalTrafficPolicy }} + externalTrafficPolicy: {{ .Values.sidecar.http.externalTrafficPolicy }} + {{- end }} + ports: + - port: {{ .Values.sidecar.http.port }} + targetPort: http + protocol: TCP + name: http + selector: + app: prometheus +{{ with .Values.sidecar.http.service.matchLabels }}{{ toYaml . | indent 4 }}{{ end }} +{{- end }} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/sidecar-servicemonitor.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/sidecar-servicemonitor.yaml new file mode 100644 index 000000000..6271a23ca --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/sidecar-servicemonitor.yaml @@ -0,0 +1,32 @@ +{{ if .Values.global.thanos.enabled }} +{{- if and .Values.sidecar.enabled .Values.sidecar.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "thanos.componentname" (list $ "sidecar") }} + labels: + app.kubernetes.io/name: {{ include "thanos.name" . }} + helm.sh/chart: {{ include "thanos.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} + app.kubernetes.io/component: sidecar +{{ with .Values.sidecar.metrics.serviceMonitor.labels }}{{ toYaml . | indent 4 }}{{ end }} +spec: + jobLabel: thanos-sidecar + selector: + matchLabels: + app.kubernetes.io/name: {{ include "thanos.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: sidecar + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + endpoints: + - port: http + interval: {{ .Values.sidecar.metrics.serviceMonitor.interval | default "15s" }} + {{- with .Values.sidecar.metrics.serviceMonitor.relabellings }} + metricRelabelings: {{ toYaml . | nindent 8 }} + {{- end }} +{{- end -}} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/store-deployment.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/store-deployment.yaml new file mode 100644 index 000000000..d8f0d3b1b --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/store-deployment.yaml @@ -0,0 +1,121 @@ +{{ if .Values.global.thanos.enabled }} +{{ if .Values.store.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "thanos.componentname" (list $ "store") }} + labels: + app.kubernetes.io/name: {{ include "thanos.name" . }} + helm.sh/chart: {{ include "thanos.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} + app.kubernetes.io/component: store +{{ with .Values.store.deploymentLabels }}{{ toYaml . | indent 4 }}{{ end }} + {{- with .Values.store.deploymentAnnotations }} + annotations: {{ toYaml . | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.store.replicaCount | default 1 }} + selector: + matchLabels: + app.kubernetes.io/name: {{ include "thanos.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: store +{{ with .Values.store.deploymentMatchLabels }}{{ toYaml . | indent 6 }}{{ end }} + template: + metadata: + labels: +{{ with .Values.store.labels }}{{ toYaml . | indent 8 }}{{ end }} + app.kubernetes.io/name: {{ include "thanos.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: store + {{- with .Values.store.annotations }} + annotations: {{ toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.store.metrics.annotations.enabled }} + prometheus.io/scrape: "true" + prometheus.io/port: "{{ .Values.store.http.port }}" + {{- end }} + spec: + containers: + - name: thanos-store + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + args: + - "store" + - "--data-dir=/var/thanos/store" + - "--log.level={{ .Values.store.logLevel }}" + - "--http-address=0.0.0.0:{{ .Values.store.http.port }}" + - "--grpc-address=0.0.0.0:{{ .Values.store.grpc.port }}" + - "--objstore.config-file=/etc/config/object-store.yaml" + {{- if .Values.store.indexCacheSize }} + - "--index-cache-size={{ .Values.store.indexCacheSize }}" + {{- end }} + {{- if .Values.store.chunkPoolSize }} + - "--chunk-pool-size={{ .Values.store.chunkPoolSize }}" + {{- end }} + {{- if .Values.store.grpcSeriesSampleLimit }} + - "--store.grpc.series-sample-limit={{ .Values.store.grpcSeriesSampleLimit }}" + {{- end }} + {{- if .Values.store.grpcSeriesMaxConcurrency }} + - "--store.grpc.series-max-concurrency={{ .Values.store.grpcSeriesMaxConcurrency }}" + {{- end }} + {{- if .Values.store.syncBlockDuration }} + - "--sync-block-duration={{ .Values.store.syncBlockDuration }}" + {{- end }} + {{- if .Values.store.blockSyncConcurrency }} + - "--block-sync-concurrency={{ .Values.store.blockSyncConcurrency }}" + {{- end }} + {{- if .Values.store.extraArgs }} + {{ toYaml .Values.store.extraArgs | nindent 8 }} + {{- end }} + ports: + - name: http + containerPort: {{ .Values.store.http.port }} + - name: grpc + containerPort: {{ .Values.store.grpc.port }} + env: + {{- toYaml .Values.store.extraEnv | nindent 10 }} + volumeMounts: + - name: config-volume + mountPath: /etc/config + readOnly: true + - name: data + mountPath: /var/thanos/store + {{- if .Values.store.certSecretName }} + - mountPath: /etc/certs + name: {{ .Values.store.certSecretName }} + readOnly: true + {{- end }} + resources: + {{ toYaml .Values.store.resources | nindent 10 }} + volumes: + - name: data + emptyDir: {} + - name: config-volume + secret: + secretName: {{ include "thanos.secretname" . }} + {{- if .Values.store.certSecretName }} + - name: {{ .Values.store.certSecretName }} + secret: + defaultMode: 420 + secretName: {{ .Values.store.certSecretName }} + {{- end }} + {{- with .Values.store.securityContext }} + securityContext: {{ toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.store.nodeSelector }} + nodeSelector: {{ toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.store.affinity }} + affinity: {{ toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.store.tolerations }} + tolerations: {{ toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.store.serviceAccount }} + serviceAccountName: "{{ . }}" + {{- end }} +{{- end }} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/store-ingress.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/store-ingress.yaml new file mode 100644 index 000000000..4d18c019e --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/store-ingress.yaml @@ -0,0 +1,85 @@ +{{ if .Values.global.thanos.enabled }} +{{- if and .Values.store.enabled .Values.store.http.ingress.enabled }} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ include "thanos.componentname" (list $ "store") }}-http + labels: + app.kubernetes.io/name: {{ include "thanos.name" . }} + helm.sh/chart: {{ include "thanos.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} + app.kubernetes.io/component: store + {{- if .Values.store.http.ingress.labels }} + {{ toYaml .Values.store.http.ingress.labels | indent 4 }} + {{- end }} + {{- with .Values.store.http.ingress.annotations }} + annotations: {{ toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if .Values.store.http.ingress.tls }} + tls: + {{- range .Values.store.http.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.store.http.ingress.hosts }} + - host: {{ . }} + http: + paths: + - path: {{ $.Values.store.http.ingress.path }} + backend: + serviceName: {{ include "thanos.componentname" (list $ "store") }}-http + servicePort: {{ $.Values.store.http.port }} + {{- end }} +{{- end }} + +--- + + {{- if and .Values.store.enabled .Values.store.grpc.ingress.enabled }} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ include "thanos.componentname" (list $ "store") }}-grpc + labels: + app.kubernetes.io/name: {{ include "thanos.name" . }} + helm.sh/chart: {{ include "thanos.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} + app.kubernetes.io/component: store + {{- if .Values.store.grpc.ingress.labels }} + {{ toYaml .Values.grpc.ingress.labels | indent 4 }} + {{- end }} + {{- with .Values.store.grpc.ingress.annotations }} + annotations: {{ toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if .Values.store.grpc.ingress.tls }} + tls: + {{- range .Values.store.grpc.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.store.grpc.ingress.hosts }} + - host: {{ . }} + http: + paths: + - path: {{ $.Values.store.grpc.ingress.path }} + backend: + serviceName: {{ include "thanos.componentname" (list $ "store") }}-grpc + servicePort: {{ $.Values.store.http.port }} + {{- end }} +{{- end }} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/store-service.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/store-service.yaml new file mode 100644 index 000000000..ce5894fa3 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/store-service.yaml @@ -0,0 +1,65 @@ +{{ if .Values.global.thanos.enabled }} +{{- if .Values.store.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "thanos.componentname" (list $ "store") }}-grpc + {{- with .Values.store.grpc.service.annotations }} + annotations: {{ toYaml . | nindent 4 }} + {{- end }} + labels: + app.kubernetes.io/name: {{ include "thanos.name" . }} + helm.sh/chart: {{ include "thanos.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/version: {{ $.Chart.AppVersion | replace "+" "_" }} + app.kubernetes.io/component: store +{{ with .Values.store.grpc.service.labels }}{{ toYaml . | indent 4 }}{{ end }} +spec: + type: ClusterIP + clusterIP: None + ports: + - port: {{ .Values.store.grpc.port }} + targetPort: grpc + protocol: TCP + name: grpc + selector: + app.kubernetes.io/name: {{ include "thanos.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: store +{{ with .Values.store.grpc.service.matchLabels }}{{ toYaml . | indent 4 }}{{ end }} + +--- + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "thanos.componentname" (list $ "store") }}-http + {{- with .Values.store.http.service.annotations }} + annotations: {{ toYaml .| nindent 4 }} + {{- end }} + labels: + app.kubernetes.io/name: {{ include "thanos.name" . }} + helm.sh/chart: {{ include "thanos.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/version: {{ $.Chart.AppVersion | replace "+" "_" }} + app.kubernetes.io/component: store +{{ with .Values.store.http.service.labels }}{{ toYaml . | indent 4 }}{{ end }} +spec: + type: {{ .Values.store.http.service.type }} + {{- if .Values.store.http.service.externalTrafficPolicy }} + externalTrafficPolicy: {{ .Values.store.http.externalTrafficPolicy }} + {{- end }} + ports: + - port: {{ .Values.store.http.port }} + targetPort: http + protocol: TCP + name: http + selector: + app.kubernetes.io/name: {{ include "thanos.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: store +{{ with .Values.store.http.service.matchLabels }}{{ toYaml . | indent 4 }}{{ end }} +{{- end -}} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/store-servicemonitor.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/store-servicemonitor.yaml new file mode 100644 index 000000000..c181c6416 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/templates/store-servicemonitor.yaml @@ -0,0 +1,32 @@ +{{ if .Values.global.thanos.enabled }} +{{- if and .Values.store.enabled .Values.store.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "thanos.componentname" (list $ "store") }} + labels: + app.kubernetes.io/name: {{ include "thanos.name" . }} + helm.sh/chart: {{ include "thanos.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} + app.kubernetes.io/component: store +{{ with .Values.store.metrics.serviceMonitor.labels }}{{ toYaml . | indent 4 }}{{ end }} +spec: + jobLabel: thanos-store + selector: + matchLabels: + app.kubernetes.io/name: {{ include "thanos.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: store + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + endpoints: + - port: http + interval: {{ .Values.store.metrics.serviceMonitor.interval | default "15s" }} + {{- with .Values.store.metrics.serviceMonitor.relabellings }} + metricRelabelings: {{ toYaml . | nindent 8 }} + {{- end }} +{{- end -}} +{{ end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/values.yaml b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/values.yaml new file mode 100644 index 000000000..0a11a2627 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/charts/thanos/values.yaml @@ -0,0 +1,739 @@ +image: + repository: thanosio/thanos + tag: v0.15.0 + pullPolicy: IfNotPresent + +store: + enabled: true + # Maximum size of items held in the index cache. + indexCacheSize: 250MB + # Maximum size of concurrently allocatable bytes for chunks. + chunkPoolSize: 2GB + # Maximum amount of samples returned via a single series call. 0 means no limit. + # NOTE: for efficiency we take 120 as the number of samples in chunk (it cannot be bigger than that), + # so the actual number of samples might be lower, even though the maximum could be hit. + grpcSeriesSampleLimit: 0 + # Maximum number of concurrent Series calls. + grpcSeriesMaxConcurrency: 20 + # Repeat interval for syncing the blocks between local and remote view. + syncBlockDuration: 3m + # Number of goroutines to use when syncing blocks from object storage. + blockSyncConcurrency: 20 + # Log filtering level. + logLevel: info + # Add extra environment variables to store + extraEnv: [] + # - name: ENV + # value: value + # + # Add extra arguments to the store service + extraArgs: [] + # - "--extraargs=extravalue" + # + # Number of replicas running from store component + replicaCount: 1 + # Extra labels for store pod template + labels: {} + # cluster: example + # + # Extra annotations for store pod template + annotations: {} + # example.com: default + # + # Add extra labels to store deployment + deploymentLabels: {} + # extraLabel: extraLabelValue + # + # Add extra annotations to store deployment + deploymentAnnotations: {} + # extraAnnotation: extraAnnotationValue + # + # Add extra selector matchLabels to store deployment + deploymentMatchLabels: {} + # Enable metrics collecting for store service + metrics: + # This is the Prometheus annotation type scraping configuration + annotations: + enabled: false + # Enable ServiceMonitor https://github.com/coreos/prometheus-operator + serviceMonitor: + enabled: false + # Labels for prometheus-operator to find servicemonitor + labels: {} + # The grpc endpoint to communicate with other components + grpc: + # grpc listen port number + port: 10901 + # Service definition for query grpc service + service: + # Annotations to query grpc service + annotations: {} + # Labels to query grpc service + labels: {} + matchLabels: {} + # Set up ingress for the grpc service + ingress: + enabled: false + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + labels: {} + path: "/" + hosts: + - "/" + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + + # The http endpoint to communicate with other components + http: + # http listen port number + port: 10902 + # Service definition for query http service + service: + type: ClusterIP + # Annotations to query http service + annotations: {} + # Labels to query http service + labels: {} + matchLabels: {} + # Set up ingress for the http service + ingress: + enabled: false + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + labels: {} + path: "/" + hosts: + - "/" + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + # Optional securityContext + securityContext: {} + resources: {} + # limits: + # cpu: 2000m + # memory: 16Gi + # requests: + # cpu: 1000m + # memory: 4Gi + # + # Node tolerations for server scheduling to nodes with taints + # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + tolerations: [] + # - key: "key" + # operator: "Equal|Exists" + # value: "value" + # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" + # + # Node labels for store pod assignment + # Ref: https://kubernetes.io/docs/user-guide/node-selection/ + # + nodeSelector: {} + # + # Pod affinity + # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-affinity + affinity: {} + serviceAccount: "" + +# Query Frontend Component +queryFrontend: + enabled: true + + # Split queries by an interval and execute in parallel, 0 disables it. + splitInterval: 24h + + # Maximum number of retries for a single request; beyond this, the downstream error is returned. + maxRetriesPerRequest: 5 + + # Limit the query time range (end - start time) in the query-frontend, 0 disables it. + maxQueryLength: 0 + + # Maximum number of queries will be scheduled in parallel by the frontend.\ + maxQueryParallelism: 14 + + # Most recent allowed cacheable result, to prevent caching very recent results that might still be in flux. + responseCacheMaxFreshness: 1m + + # Path to YAML file that contains response cache configuration. + # responseCacheConfigFile: + + # Response Cache Configuration + responseCache: + enabled: false + maxSize: 512MB + maxSizeItems: 0 + validity: 10m + + # Response cache configuration content + # responseCacheConfig: + + # Enable partial response for queries if no partial_response param is specified. --no-query-range.partial-response for disabling. + # partialResponse: false + + # Compress HTTP responses. + compressResponses: true + + logLevel: info + # Add extra environment variables to query + extraEnv: [] + # - name: ENV + # value: value + # + # Add extra arguments to the query service + extraArgs: [] + # - "--extraargs=extravalue" + # + # Number of replicas running from query component + replicaCount: 1 + # Enable HPA for query component + autoscaling: + enabled: false + minReplicas: 2 + maxReplicas: 3 + targetCPUUtilizationPercentage: 50 + targetMemoryUtilizationPercentage: 50 + # Enable podDisruptionBudget for query component + podDisruptionBudget: + enabled: false + # minAvailable and maxUnavailable can't be used simultaneous. Choose one. + minAvailable: 1 + # maxUnavailable: 50% + + serviceAccount: "" + + # The http endpoint to communicate with other components + http: + # http listen port number + port: 10902 + # Service definition for query http service + service: + type: ClusterIP + # Annotations to query http service + annotations: {} + # Labels to query http service + labels: {} + matchLabels: {} + # Set up ingress for the http service + ingress: + enabled: false + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + labels: {} + path: "/" + hosts: + - "/" + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + + certSecretName: "" + # Extra labels for query pod template + labels: {} + # cluster: example + # + # Extra annotations for query pod template + annotations: {} + # example.com: default + # + # Add extra labels to query deployment + deploymentLabels: {} + # extraLabel: extraLabelValue + # + # Add extra annotations to query deployment + deploymentAnnotations: {} + # extraAnnotation: extraAnnotationValue + # + # Add extra selector matchLabels to query deployment + deploymentMatchLabels: {} + + # Enable metrics collecting for query service + metrics: + # This is the Prometheus annotation type scraping configuration + annotations: + enabled: false + # Enable ServiceMonitor https://github.com/coreos/prometheus-operator + serviceMonitor: + enabled: false + # Labels for prometheus-operator to find servicemonitor + labels: {} + + # Optional securityContext + securityContext: {} + resources: {} + # limits: + # cpu: 2000m + # memory: 16Gi + # requests: + # cpu: 1000m + # memory: 4Gi + # + # Node tolerations for server scheduling to nodes with taints + # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + tolerations: [] + # - key: "key" + # operator: "Equal|Exists" + # value: "value" + # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" + # + # Node labels for compact pod assignment + # Ref: https://kubernetes.io/docs/user-guide/node-selection/ + # + nodeSelector: {} + # + # Pod affinity + # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-affinity + affinity: {} + +query: + enabled: true + # Label to treat as a replica indicator along which data is deduplicated. + # Still you will be able to query without deduplication using 'dedup=false' parameter. + replicaLabel: "" + # Prefix for API and UI endpoints. This allows thanos UI to be served on a sub-path. + # This option is analogous to --web.route-prefix of Promethus. + webRoutePrefix: "" + # Static prefix for all HTML links and redirect + # URLs in the UI query web interface. Actual + # endpoints are still served on / or the + # web.route-prefix. This allows thanos UI to be + # served behind a reverse proxy that strips a URL + # sub-path. + webExternalPrefix: "" + # Name of HTTP request header used for dynamic prefixing of UI links and redirects. + # This option is ignored if web.external-prefix argument is set. Security risk: enable this + # option only if a reverse proxy in front of thanos is resetting the header. The --web.prefix-header=X-Forwarded-Prefix option + # can be useful, for example, if Thanos UI is served via Traefik reverse proxy with PathPrefixStrip option enabled, which sends the + # stripped prefix value in X-Forwarded-Prefix header. This allows thanos UI to be served on a sub-path + webPrefixHeader: "" + # Maximum time to process query by query node. + timeout: 2m + # Maximum number of queries processed concurrently by query node. + maxConcurrent: 16 + # Maximum number of select requests made concurrently per a query. + maxConcurrentSelect: 4 + # Enable automatic adjustment (step / 5) to what source of data should be used in store gateways + # if no max_source_resolution param is specified. + autoDownsampling: false + # https://github.com/improbable-eng/thanos/issues/1015 + storeDNSResolver: miekgdns + # Enable DNS discovery for stores + storeDNSDiscovery: true + # Enable DNS discovery for sidecars (this is for the chart built-in sidecar service) + sidecarDNSDiscovery: true + # Addresses of statically configured store API servers (repeatable). + # The scheme may be prefixed with 'dns+' or 'dnssrv+' to detect store API servers through respective DNS lookups. + stores: [] + # - "dnssrv+_grpc._tcp...svc" + # + # Path to files that contains addresses of store API servers. The path can be a glob pattern (repeatable). + serviceDiscoveryFiles: [] + # Names of configmaps that contain addresses of store API servers, used for file service discovery. + serviceDiscoveryFileConfigMaps: [] + # Refresh interval to re-read file SD files. It is used as a resync fallback. + serviceDiscoveryInterval: 5m + # Log filtering level. + logLevel: info + # Add extra environment variables to query + extraEnv: [] + # - name: ENV + # value: value + # + # Add extra arguments to the query service + extraArgs: [] + # - "--extraargs=extravalue" + # + # Number of replicas running from query component + replicaCount: 1 + # Enable HPA for query component + autoscaling: + enabled: false + minReplicas: 2 + maxReplicas: 3 + targetCPUUtilizationPercentage: 50 + targetMemoryUtilizationPercentage: 50 + # Enable podDisruptionBudget for query component + podDisruptionBudget: + enabled: false + # minAvailable and maxUnavailable can't be used simultaneous. Choose one. + minAvailable: 1 + # maxUnavailable: 50% + + # The http endpoint to communicate with other components + http: + # http listen port number + port: 10902 + # Service definition for query http service + service: + type: ClusterIP + # Annotations to query http service + annotations: {} + # Labels to query http service + labels: {} + matchLabels: {} + # Set up ingress for the http service + ingress: + enabled: false + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + labels: {} + path: "/" + hosts: + - "/" + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + + certSecretName: "" + # Extra labels for query pod template + labels: {} + # cluster: example + # + # Extra annotations for query pod template + annotations: {} + # example.com: default + # + # Add extra labels to query deployment + deploymentLabels: {} + # extraLabel: extraLabelValue + # + # Add extra annotations to query deployment + deploymentAnnotations: {} + # extraAnnotation: extraAnnotationValue + # + # Add extra selector matchLabels to query deployment + deploymentMatchLabels: {} + + # Enable metrics collecting for query service + metrics: + # This is the Prometheus annotation type scraping configuration + annotations: + enabled: false + # Enable ServiceMonitor https://github.com/coreos/prometheus-operator + serviceMonitor: + enabled: false + # Labels for prometheus-operator to find servicemonitor + labels: {} + + # Optional securityContext + securityContext: {} + resources: {} + # limits: + # cpu: 2000m + # memory: 16Gi + # requests: + # cpu: 1000m + # memory: 4Gi + # + # Node tolerations for server scheduling to nodes with taints + # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + tolerations: [] + # - key: "key" + # operator: "Equal|Exists" + # value: "value" + # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" + # + # Node labels for compact pod assignment + # Ref: https://kubernetes.io/docs/user-guide/node-selection/ + # + nodeSelector: {} + # + # Pod affinity + # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-affinity + affinity: {} + + # The grpc endpoint to communicate with other components + grpc: + # grpc listen port number + port: 10901 + # Service definition for query grpc service + service: + # Annotations to query grpc service + annotations: {} + # labels to query grpc service + labels: {} + matchLabels: {} + # Set up ingress for the grpc service + ingress: + enabled: false + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + labels: {} + path: "/" + hosts: + - "/" + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + serviceAccount: "" + +compact: + enabled: true + # Minimum age of fresh (non-compacted) blocks before they are being processed. + # Malformed blocks older than the maximum of consistency-delay and 30m0s will be removed. + consistencyDelay: 30m + # How long to retain raw samples in bucket. Setting this to 0d will retain samples of this resolution forever + retentionResolutionRaw: 1825d + # How long to retain samples of resolution 1 (5 minutes) in bucket. Setting this to 0d will retain samples of this resolution forever + retentionResolution5m: 1825d + # How long to retain samples of resolution 2 (1 hour) in bucket. Setting this to 0d will retain samples of this resolution forever + retentionResolution1h: 1825d + # Number of goroutines to use when compacting groups. + compactConcurrency: 1 + # Number of goroutines to use when syncing block metadata from object storage. + blockSyncConcurrency: 20 + # Disables Downsampling data + disableDownsampling: false + # Log filtering level. + logLevel: info + # Compact service listening http port + http: + port: 10902 + service: + labels: {} + # Add extra environment variables to compact + extraEnv: + # - name: ENV + # value: value + # + # Add extra arguments to the compact service + extraArgs: + # - "--extraargs=extravalue" + # + # Data volume for the compactor to store temporary data defaults to emptyDir + # dataVolume: + # persistentVolumeClaim: + # claimName: compact-data-volume + # storage: 100Gi + # Extra labels for compact pod template + labels: {} + # cluster: example + # + # Extra annotations for compact pod template + annotations: {} + # example.com: default + # + # Add extra labels to compact deployment + deploymentLabels: {} + # extraLabel: extraLabelValue + # + # Add extra annotations to compact deployment + deploymentAnnotations: {} + # extraAnnotation: extraAnnotationValue + # + # Add extra selector matchLabels to compact deployment + deploymentMatchLabels: {} + # + # Enable metrics collecting for compact service + metrics: + # This is the Prometheus annotation type scraping configuration + annotations: + enabled: false + # Enable ServiceMonitor https://github.com/coreos/prometheus-operator + serviceMonitor: + enabled: false + # Labels for prometheus-operator to find servicemonitor + labels: {} + serviceAccount: "" + + # Optional securityContext + securityContext: {} + resources: {} + # limits: + # cpu: 2000m + # memory: 16Gi + # requests: + # cpu: 1000m + # memory: 4Gi + # + # Node tolerations for server scheduling to nodes with taints + # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + tolerations: [] + # - key: "key" + # operator: "Equal|Exists" + # value: "value" + # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" + # + # Node labels for compact pod assignment + # Ref: https://kubernetes.io/docs/user-guide/node-selection/ + # + nodeSelector: {} + # + # Pod affinity + # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-affinity + affinity: {} + +bucket: + enabled: true + # Number of replicas running from bucket component + replicaCount: 1 + # Log filtering level. + logLevel: info + # Refresh interval to download metadata from remote storage + refresh: 30m + # Timeout to download metadata from remote storage + timeout: 5m + # Prometheus label to use as timeline title + label: "" + # The http endpoint to communicate with other components + http: + # http listen port number + port: 8080 + # Service definition for bucket http service + service: + type: ClusterIP + # Annotations to bucket http service + annotations: {} + # Labels to bucket http service + labels: {} + matchLabels: {} + # Set up ingress for the http service + ingress: + enabled: false + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + labels: {} + path: "/" + hosts: + - "/" + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + # Add extra environment variables to bucket + extraEnv: + # - name: ENV + # value: value + # + # Add extra arguments to the bucket service + extraArgs: + # - "--extraargs=extravalue" + # + # Extra labels for bucket pod template + labels: {} + # cluster: example + # + # Extra annotations for bucket pod template + annotations: {} + # example.com: default + # + # Add extra labels to bucket deployment + deploymentLabels: {} + # extraLabel: extraLabelValue + # + # Add extra annotations to bucket deployment + deploymentAnnotations: {} + # + # Add extra selector matchLabels to bucket deployment + deploymentMatchLabels: {} + + # Enable podDisruptionBudget for bucket component + podDisruptionBudget: + enabled: false + # minAvailable and maxUnavailable can't be used simultaneous. Choose one. + minAvailable: 1 + # maxUnavailable: 50% + + # Optional securityContext + securityContext: {} + resources: {} + # limits: + # cpu: 2000m + # memory: 16Gi + # requests: + # cpu: 1000m + # memory: 4Gi + # + # Node tolerations for server scheduling to nodes with taints + # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + tolerations: [] + # - key: "key" + # operator: "Equal|Exists" + # value: "value" + # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" + # + # Node labels for bucket pod assignment + # Ref: https://kubernetes.io/docs/user-guide/node-selection/ + # + nodeSelector: {} + # + # Pod affinity + # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-affinity + affinity: {} + serviceAccount: "" + +sidecar: + # NOTE: This is only the service references for the sidecar + enabled: true + # Enable metrics collecting for sidecar service + metrics: + # Enable ServiceMonitor https://github.com/coreos/prometheus-operator + serviceMonitor: + enabled: false + # Labels for prometheus-operator to find servicemonitor + labels: {} + # The grpc endpoint to communicate with other components + grpc: + # grpc listen port number + port: 10901 + # Service definition for sidecar grpc service + service: + # Annotations to sidecar grpc service + annotations: {} + # Labels to sidecar grpc service + labels: {} + matchLabels: {} + # Set up ingress for the grpc service + ingress: + enabled: false + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + labels: {} + path: "/" + hosts: + - "/" + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + + # The http endpoint to communicate with other components + http: + # http listen port number + port: 10902 + # Service definition for sidecar http service + service: + type: ClusterIP + # Annotations to sidecar http service + annotations: {} + # Labels to sidecar http service + labels: {} + matchLabels: {} + # Set up ingress for the http service + ingress: + enabled: false + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + labels: {} + path: "/" + hosts: + - "/" + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +storeSecretName: diff --git a/charts/kubecost/cost-analyzer/1.70.000/cluster-metrics.json b/charts/kubecost/cost-analyzer/1.70.000/cluster-metrics.json new file mode 100644 index 000000000..0e6638252 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/cluster-metrics.json @@ -0,0 +1,1663 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "description": "Cost metrics from the Kubecost product", + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "id": 7, + "iteration": 1558062099204, + "links": [], + "panels": [ + { + "content": "Note: this dashboard requires Kubecost metrics to be available in your Prometheus deployment. [Learn more](https://github.com/kubecost/cost-model/blob/master/PROMETHEUS.md)", + "gridPos": { + "h": 2, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 27, + "links": [], + "mode": "markdown", + "title": "", + "transparent": true, + "type": "text" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "default-kubecost", + "decimals": 2, + "description": "Monthly run rate of CPU + GPU costs based on currently provisioned resources.", + "format": "currencyUSD", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 3, + "w": 6, + "x": 0, + "y": 2 + }, + "hideTimeOverride": true, + "id": 2, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": true, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "label_cloud_google_com_gke_preemptible", + "targets": [ + { + "expr": "sum(\n avg(kube_node_status_capacity_cpu_cores) by (node) * avg(node_cpu_hourly_cost) by (node) * 730 * (1-$useDiscount/100) +\n avg(node_gpu_hourly_cost) by (node) * 730 * (1-$useDiscount/100)\n)", + "format": "time_series", + "instant": true, + "interval": "", + "intervalFactor": 1, + "legendFormat": " {{ node }}", + "refId": "A" + } + ], + "thresholds": "", + "timeFrom": "15m", + "timeShift": null, + "title": "CPU Cost", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "default-kubecost", + "decimals": 2, + "description": "Monthly run rate of memory costs based on currently provisioned expenses.", + "format": "currencyUSD", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 3, + "w": 6, + "x": 6, + "y": 2 + }, + "hideTimeOverride": true, + "id": 3, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "label_cloud_google_com_gke_preemptible", + "targets": [ + { + "expr": "sum(\n avg(kube_node_status_capacity_memory_bytes) by (node) / 1024 / 1024 / 1024 * avg(node_ram_hourly_cost) by (node) * 730 * (1-$useDiscount/100)\n)", + "format": "time_series", + "instant": true, + "interval": "", + "intervalFactor": 1, + "legendFormat": " {{ node }}", + "refId": "A" + } + ], + "thresholds": "", + "timeFrom": "15m", + "timeShift": null, + "title": "Memory Cost", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "default-kubecost", + "decimals": 2, + "description": "Monthly run rate of attached storage and PV costs based on currently provisioned resources.", + "format": "currencyUSD", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 3, + "w": 6, + "x": 12, + "y": 2 + }, + "hideTimeOverride": true, + "id": 4, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "label_cloud_google_com_gke_preemptible", + "targets": [ + { + "expr": "sum(avg(pv_hourly_cost) by (persistentvolume) * 730 * avg(kube_persistentvolume_capacity_bytes) by (persistentvolume) / 1024 / 1024 / 1024) \n+\nsum(sum(container_fs_limit_bytes{device!=\"tmpfs\", id=\"/\"}) by (instance) / 1024 / 1024 / 1024) * $localStorageGBCost", + "format": "time_series", + "instant": true, + "interval": "", + "intervalFactor": 1, + "legendFormat": " {{ node }}", + "refId": "A" + } + ], + "thresholds": "", + "timeFrom": "15m", + "timeShift": null, + "title": "Storage Cost", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "default-kubecost", + "decimals": 2, + "description": "Sum of compute, memory, storage and network costs.", + "format": "currencyUSD", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 7, + "w": 6, + "x": 18, + "y": 2 + }, + "hideTimeOverride": true, + "id": 11, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "label_cloud_google_com_gke_preemptible", + "targets": [ + { + "expr": "# Compute\nsum(\n avg(kube_node_status_capacity_cpu_cores) by (node) * avg(node_cpu_hourly_cost) by (node) * 730 * (1-$useDiscount/100) +\n avg(node_gpu_hourly_cost) by (node) * 730 * (1-$useDiscount/100)\n) +\n\n\n# Memory\nsum(\n avg(kube_node_status_capacity_memory_bytes) by (node) / 1024 / 1024 / 1024 * avg(node_ram_hourly_cost) by (node) * 730 * (1-$useDiscount/100)\n) +\n\n# Storage \n\nsum(avg(pv_hourly_cost) by (persistentvolume) * 730 * avg(kube_persistentvolume_capacity_bytes) by (persistentvolume) / 1024 / 1024 / 1024) \n+\nsum(sum(container_fs_limit_bytes{device!=\"tmpfs\", id=\"/\"}) by (instance) / 1024 / 1024 / 1024) * $localStorageGBCost", + "format": "time_series", + "instant": true, + "interval": "", + "intervalFactor": 1, + "legendFormat": " {{ node }}", + "refId": "A" + } + ], + "thresholds": "", + "timeFrom": "15m", + "timeShift": null, + "title": "Total Cost", + "type": "singlestat", + "valueFontSize": "120%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": true, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(50, 172, 45, 0.97)", + "#c15c17" + ], + "datasource": "default-kubecost", + "decimals": 2, + "description": "Current CPU use from applications divided by allocatable CPUs", + "editable": true, + "error": false, + "format": "percent", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": true, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 4, + "w": 3, + "x": 0, + "y": 5 + }, + "height": "180px", + "hideTimeOverride": true, + "id": 13, + "interval": null, + "isNew": true, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "(\n sum(\n count(irate(container_cpu_usage_seconds_total{id=\"/\"}[10m])) by (instance)\n * on (instance) \n sum(irate(container_cpu_usage_seconds_total{id=\"/\"}[10m])) by (instance)\n ) \n / \n (sum (kube_node_status_allocatable_cpu_cores))\n) * 100", + "format": "time_series", + "interval": "", + "intervalFactor": 1, + "refId": "A", + "step": 10 + } + ], + "thresholds": "30, 80", + "timeFrom": "", + "title": "CPU Utilization", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": true, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(50, 172, 45, 0.97)", + "#c15c17" + ], + "datasource": "default-kubecost", + "decimals": 2, + "description": "Current CPU reservation requests from applications vs allocatable CPU", + "editable": true, + "error": false, + "format": "percent", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": true, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 4, + "w": 3, + "x": 3, + "y": 5 + }, + "height": "180px", + "id": 15, + "interval": null, + "isNew": true, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "SUM(kube_pod_container_resource_requests_cpu_cores) / SUM(kube_node_status_allocatable_cpu_cores) * 100", + "format": "time_series", + "interval": "", + "intervalFactor": 1, + "refId": "A", + "step": 10 + } + ], + "thresholds": "30, 80", + "title": "CPU Requests", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": true, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(50, 172, 45, 0.97)", + "#c15c17" + ], + "datasource": "default-kubecost", + "description": "Current RAM use vs RAM available", + "editable": true, + "error": false, + "format": "percent", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": true, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 4, + "w": 3, + "x": 6, + "y": 5 + }, + "height": "180px", + "hideTimeOverride": true, + "id": 17, + "interval": null, + "isNew": true, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "SUM(container_memory_usage_bytes{namespace!=\"\"}) / SUM(kube_node_status_allocatable_memory_bytes) * 100", + "format": "time_series", + "interval": "", + "intervalFactor": 1, + "refId": "A", + "step": 10 + }, + { + "expr": "", + "format": "time_series", + "intervalFactor": 1, + "refId": "B" + } + ], + "thresholds": "30,80", + "timeFrom": "", + "title": "RAM Utilization", + "transparent": false, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": true, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(50, 172, 45, 0.97)", + "#c15c17" + ], + "datasource": "default-kubecost", + "description": "Current RAM requests vs RAM available", + "editable": true, + "error": false, + "format": "percent", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": true, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 4, + "w": 3, + "x": 9, + "y": 5 + }, + "height": "180px", + "id": 19, + "interval": null, + "isNew": true, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "(\n sum(kube_pod_container_resource_requests_memory_bytes{namespace!=\"\"})\n /\n sum(kube_node_status_allocatable_memory_bytes)\n) * 100", + "format": "time_series", + "interval": "", + "intervalFactor": 1, + "refId": "A", + "step": 10 + } + ], + "thresholds": "30,80", + "title": "RAM Requests", + "transparent": false, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": true, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(50, 172, 45, 0.97)", + "#c15c17" + ], + "datasource": "default-kubecost", + "decimals": 2, + "description": "This gauge shows the current standard storage use, including cluster storage, vs storage available", + "editable": true, + "error": false, + "format": "percent", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": true, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 4, + "w": 6, + "x": 12, + "y": 5 + }, + "height": "180px", + "hideTimeOverride": true, + "id": 21, + "interval": null, + "isNew": true, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum (\n sum(kube_persistentvolumeclaim_info) by (persistentvolumeclaim, namespace, storageclass)\n + on (persistentvolumeclaim, namespace) group_right(storageclass)\n sum(kubelet_volume_stats_used_bytes) by (persistentvolumeclaim, namespace) or up * 0\n + sum(container_fs_usage_bytes{device=~\"^/dev/[sv]d[a-z][1-9]$\",id=\"/\"})\n) /\nsum (\n sum(kube_persistentvolumeclaim_info) by (persistentvolumeclaim, namespace, storageclass)\n + on (persistentvolumeclaim, namespace) group_right(storageclass)\n sum(kube_persistentvolumeclaim_resource_requests_storage_bytes) by (persistentvolumeclaim, namespace) or up * 0\n + sum(container_fs_limit_bytes{device=~\"^/dev/[sv]d[a-z][1-9]$\",id=\"/\"})\n) * 100", + "format": "time_series", + "interval": "", + "intervalFactor": 1, + "refId": "A", + "step": 10 + } + ], + "thresholds": "30, 80", + "timeFrom": "", + "title": "Storage Utilization", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "default-kubecost", + "description": "Monthly run rate of CPU + GPU costs", + "fill": 1, + "gridPos": { + "h": 7, + "w": 6, + "x": 0, + "y": 9 + }, + "id": 6, + "interval": "1m", + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(\n avg(kube_node_status_capacity_cpu_cores) by (node) * avg(node_cpu_hourly_cost) by (node) * 730 +\n avg(node_gpu_hourly_cost) by (node) * 730\n)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "compute cost", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Compute Cost", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "currencyUSD", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "default-kubecost", + "description": "Monthly run rate of memory costs", + "fill": 1, + "gridPos": { + "h": 7, + "w": 6, + "x": 6, + "y": 9 + }, + "id": 9, + "interval": "1m", + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(\n avg(kube_node_status_capacity_memory_bytes) by (node) / 1024 / 1024 / 1024 * avg(node_ram_hourly_cost) by (node) * 730\n)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "memory cost", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Memory Cost", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "currencyUSD", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "default-kubecost", + "description": "Monthly run rate of attached disk + PV storage costs", + "fill": 1, + "gridPos": { + "h": 7, + "w": 6, + "x": 12, + "y": 9 + }, + "id": 10, + "interval": "1m", + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(\n avg(avg_over_time(pv_hourly_cost[$timeRange] offset 1m)) by (persistentvolume) * 730 \n * avg(avg_over_time(kube_persistentvolume_capacity_bytes[$timeRange] offset 1m)) by (persistentvolume) / 1024 / 1024 / 1024\n) +\nsum(avg(container_fs_limit_bytes{device!=\"tmpfs\", id=\"/\"}) by (instance) / 1024 / 1024 / 1024) * $localStorageGBCost", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "storage cost", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Storage Cost", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "default-kubecost", + "description": "Sum of compute, memory, and storage costs", + "fill": 1, + "gridPos": { + "h": 7, + "w": 6, + "x": 18, + "y": 9 + }, + "id": 22, + "interval": "1m", + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "# Compute\nsum(\n avg(kube_node_status_capacity_cpu_cores) by (node) * avg(node_cpu_hourly_cost) by (node) * 730 * (1-$useDiscount/100) +\n avg(node_gpu_hourly_cost) by (node) * 730 * (1-$useDiscount/100)\n) +\n\n\n# Memory\nsum(\n avg(kube_node_status_capacity_memory_bytes) by (node) / 1024 / 1024 / 1024 * avg(node_ram_hourly_cost) by (node) * 730 * (1-$useDiscount/100)\n) +\n\n# Storage \n\nsum(avg(pv_hourly_cost) by (persistentvolume) * 730 * avg(kube_persistentvolume_capacity_bytes) by (persistentvolume) / 1024 / 1024 / 1024) \n+\nsum(sum(container_fs_limit_bytes{device!=\"tmpfs\", id=\"/\"}) by (instance) / 1024 / 1024 / 1024) * $localStorageGBCost", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "total cost", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Total Cost", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "columns": [], + "datasource": "default-kubecost", + "description": "Cost of by resource class of currently provisioned nodes", + "fontSize": "100%", + "gridPos": { + "h": 9, + "w": 12, + "x": 0, + "y": 16 + }, + "id": 8, + "links": [], + "pageSize": null, + "scroll": true, + "showHeader": true, + "sort": { + "col": 4, + "desc": false + }, + "styles": [ + { + "alias": "", + "colorMode": null, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "mappingType": 1, + "pattern": "Time", + "thresholds": [], + "type": "hidden", + "unit": "short" + }, + { + "alias": "Compute Cost", + "colorMode": null, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "mappingType": 1, + "pattern": "Value", + "thresholds": [], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Cost", + "colorMode": null, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "mappingType": 1, + "pattern": "Value #A", + "thresholds": [], + "type": "number", + "unit": "currencyUSD" + }, + { + "alias": "Mem Cost", + "colorMode": null, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "mappingType": 1, + "pattern": "Value #B", + "thresholds": [], + "type": "number", + "unit": "currencyUSD" + }, + { + "alias": "Total", + "colorMode": null, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "mappingType": 1, + "pattern": "Value #C", + "thresholds": [], + "type": "number", + "unit": "currencyUSD" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "mappingType": 1, + "pattern": "instance", + "thresholds": [], + "type": "hidden", + "unit": "short" + }, + { + "alias": "GPU", + "colorMode": null, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "mappingType": 1, + "pattern": "Value #D", + "thresholds": [], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "decimals": 2, + "pattern": "/.*/", + "thresholds": [], + "type": "number", + "unit": "short" + } + ], + "targets": [ + { + "expr": "avg(kube_node_status_capacity_cpu_cores) by (node) * avg(node_cpu_hourly_cost or up * 0) by (node) * 730 * (1-$useDiscount/100)", + "format": "table", + "instant": true, + "intervalFactor": 1, + "legendFormat": "", + "refId": "A" + }, + { + "expr": "avg(kube_node_status_capacity_memory_bytes) by (node) / 1024 / 1024 / 1024 * avg(node_ram_hourly_cost) by (node) * 730 * (1-$useDiscount/100)", + "format": "table", + "instant": true, + "intervalFactor": 1, + "legendFormat": "", + "refId": "B" + }, + { + "expr": "avg(node_gpu_hourly_cost) by (node) * 730 * (1-$useDiscount/100)", + "format": "table", + "instant": true, + "intervalFactor": 1, + "refId": "D" + }, + { + "expr": "# CPU \navg(kube_node_status_capacity_cpu_cores) by (node) * avg(node_cpu_hourly_cost or up * 0) by (node) * 730 * (1-$useDiscount/100) +\n# GPU\navg(node_gpu_hourly_cost) by (node) * 730 * (1-$useDiscount/100) +\n# Memory\navg(kube_node_status_capacity_memory_bytes) by (node) / 1024 / 1024 / 1024 * avg(node_ram_hourly_cost) by (node) * 730 * (1-$useDiscount/100)\n", + "format": "table", + "instant": true, + "intervalFactor": 1, + "refId": "C" + } + ], + "title": "Cost by node", + "transform": "table", + "type": "table" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "default-kubecost", + "description": "Monthly run rate of attached disk + PV storage costs based on currently provisioned resources.", + "fill": 1, + "gridPos": { + "h": 9, + "w": 12, + "x": 12, + "y": 16 + }, + "id": 25, + "interval": "1m", + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(\n avg(kube_node_status_capacity_cpu_cores) by (node) * avg(node_cpu_hourly_cost) by (node) * 730 +\n avg(node_gpu_hourly_cost) by (node) * 730\n)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "cpu", + "refId": "B" + }, + { + "expr": "sum(\n avg(kube_node_status_capacity_memory_bytes) by (node) / 1024 / 1024 / 1024 * avg(node_ram_hourly_cost) by (node) * 730\n)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "memory", + "refId": "A" + }, + { + "expr": "sum(\n avg(avg_over_time(pv_hourly_cost[$timeRange] offset 1m)) by (persistentvolume) * 730 \n * avg(avg_over_time(kube_persistentvolume_capacity_bytes[$timeRange] offset 1m)) by (persistentvolume) / 1024 / 1024 / 1024\n) +\nsum(avg(container_fs_limit_bytes{device!=\"tmpfs\", id=\"/\"}) by (instance) / 1024 / 1024 / 1024) * $localStorageGBCost", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "storage", + "refId": "C" + }, + { + "expr": "SUM(rate(node_network_transmit_bytes_total{device=\"eth0\"}[60m]) / 1024 / 1024 / 1024 ) * (60 * 60 * 24 * 30) * $percentEgress * $egressCost ", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "network", + "refId": "D" + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Cost by Resource", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "currencyUSD", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "refresh": false, + "schemaVersion": 16, + "style": "dark", + "tags": [ + "cost", + "utilization", + "metrics" + ], + "templating": { + "list": [ + { + "auto": true, + "auto_count": 1, + "auto_min": "1m", + "current": { + "text": "auto", + "value": "$__auto_interval_timeRange" + }, + "hide": 2, + "label": null, + "name": "timeRange", + "options": [ + { + "selected": true, + "text": "auto", + "value": "$__auto_interval_timeRange" + }, + { + "selected": false, + "text": "1h", + "value": "1h" + }, + { + "selected": false, + "text": "6h", + "value": "6h" + }, + { + "selected": false, + "text": "12h", + "value": "12h" + }, + { + "selected": false, + "text": "1d", + "value": "1d" + }, + { + "selected": false, + "text": "7d", + "value": "7d" + }, + { + "selected": false, + "text": "14d", + "value": "14d" + }, + { + "selected": false, + "text": "30d", + "value": "30d" + }, + { + "selected": false, + "text": "90d", + "value": "90d" + } + ], + "query": "1h,6h,12h,1d,7d,14d,30d,90d", + "refresh": 2, + "skipUrlSync": false, + "type": "interval" + }, + { + "current": { + "text": ".04", + "value": ".04" + }, + "hide": 2, + "label": "Cost per Gb hour for attached disks", + "name": "localStorageGBCost", + "options": [ + { + "selected": true, + "text": ".04", + "value": ".04" + } + ], + "query": ".04", + "skipUrlSync": false, + "type": "constant" + }, + { + "current": { + "tags": [], + "text": "0", + "value": "0" + }, + "hide": 0, + "label": "Sustained Use Discount %", + "name": "useDiscount", + "options": [ + { + "selected": true, + "text": "0", + "value": "0" + } + ], + "query": "0", + "skipUrlSync": false, + "type": "constant" + }, + { + "current": { + "text": ".1", + "value": ".1" + }, + "hide": 2, + "label": null, + "name": "percentEgress", + "options": [ + { + "selected": true, + "text": ".1", + "value": ".1" + } + ], + "query": ".1", + "skipUrlSync": false, + "type": "constant" + }, + { + "current": { + "text": ".12", + "value": ".12" + }, + "hide": 2, + "label": null, + "name": "egressCost", + "options": [ + { + "selected": true, + "text": ".12", + "value": ".12" + } + ], + "query": ".12", + "skipUrlSync": false, + "type": "constant" + } + ] + }, + "time": { + "from": "now-7d", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "", + "title": "Kubecost cluster metrics", + "uid": "JOUdHGZZz", + "version": 20 +} diff --git a/charts/kubecost/cost-analyzer/1.70.000/cluster-utilization.json b/charts/kubecost/cost-analyzer/1.70.000/cluster-utilization.json new file mode 100644 index 000000000..0c3acfc76 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/cluster-utilization.json @@ -0,0 +1,3473 @@ +{ + "annotations":{ + "list":[ + { + "builtIn":1, + "datasource":"-- Grafana --", + "enable":true, + "hide":true, + "iconColor":"rgba(0, 211, 255, 1)", + "name":"Annotations & Alerts", + "type":"dashboard" + } + ] + }, + "description":"A dashboard to help manage Kubernetes cluster costs and resources", + "editable":true, + "gnetId":6873, + "graphTooltip":0, + "id":4, + "iteration":1556759633456, + "links":[ + + ], + "panels":[ + { + "content":"This dashboard shows monthly cost estimates for the cluster, based on **current** CPU, RAM and storage provisioned.", + "gridPos":{ + "h":2, + "w":24, + "x":0, + "y":0 + }, + "id":86, + "links":[ + + ], + "mode":"markdown", + "title":"", + "transparent":true, + "type":"text" + }, + { + "cacheTimeout":null, + "colorBackground":false, + "colorValue":false, + "colors":[ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource":"default-kubecost", + "decimals":2, + "format":"currencyUSD", + "gauge":{ + "maxValue":100, + "minValue":0, + "show":false, + "thresholdLabels":false, + "thresholdMarkers":true + }, + "gridPos":{ + "h":4, + "w":6, + "x":0, + "y":2 + }, + "hideTimeOverride":true, + "id":75, + "interval":null, + "links":[ + + ], + "mappingType":1, + "mappingTypes":[ + { + "name":"value to text", + "value":1 + }, + { + "name":"range to text", + "value":2 + } + ], + "maxDataPoints":100, + "nullPointMode":"connected", + "nullText":null, + "postfix":"", + "postfixFontSize":"50%", + "prefix":"", + "prefixFontSize":"50%", + "rangeMaps":[ + { + "from":"null", + "text":"N/A", + "to":"null" + } + ], + "sparkline":{ + "fillColor":"rgba(31, 118, 189, 0.18)", + "full":false, + "lineColor":"rgb(31, 120, 193)", + "show":false + }, + "tableColumn":"label_cloud_google_com_gke_preemptible", + "targets":[ + { + "expr":"sum(\n (\n (\n sum(kube_node_status_capacity_cpu_cores) by (node)\n * on (node) group_left (label_cloud_google_com_gke_preemptible)\n avg(kube_node_labels{label_cloud_google_com_gke_preemptible=\"true\"}) by (node)\n ) * $costpcpu\n )\n or\n (\n (\n sum(kube_node_status_capacity_cpu_cores) by (node)\n * on (node) group_left (label_cloud_google_com_gke_preemptible)\n avg(kube_node_labels{label_cloud_google_com_gke_preemptible!=\"true\"}) by (node)\n ) * ($costcpu - ($costcpu / 100 * $costDiscount))\n )\n) ", + "format":"time_series", + "instant":true, + "interval":"", + "intervalFactor":1, + "legendFormat":" {{ node }}", + "refId":"A" + } + ], + "thresholds":"", + "timeFrom":"15m", + "timeShift":null, + "title":"CPU Cost", + "type":"singlestat", + "valueFontSize":"80%", + "valueMaps":[ + { + "op":"=", + "text":"N/A", + "value":"null" + } + ], + "valueName":"current" + }, + { + "cacheTimeout":null, + "colorBackground":false, + "colorValue":false, + "colors":[ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource":"default-kubecost", + "decimals":2, + "format":"currencyUSD", + "gauge":{ + "maxValue":100, + "minValue":0, + "show":false, + "thresholdLabels":false, + "thresholdMarkers":true + }, + "gridPos":{ + "h":4, + "w":6, + "x":6, + "y":2 + }, + "hideTimeOverride":true, + "id":77, + "interval":null, + "links":[ + + ], + "mappingType":1, + "mappingTypes":[ + { + "name":"value to text", + "value":1 + }, + { + "name":"range to text", + "value":2 + } + ], + "maxDataPoints":100, + "nullPointMode":"connected", + "nullText":null, + "postfix":"", + "postfixFontSize":"50%", + "prefix":"", + "prefixFontSize":"50%", + "rangeMaps":[ + { + "from":"null", + "text":"N/A", + "to":"null" + } + ], + "sparkline":{ + "fillColor":"rgba(31, 118, 189, 0.18)", + "full":false, + "lineColor":"rgb(31, 120, 193)", + "show":false + }, + "tableColumn":"label_cloud_google_com_gke_preemptible", + "targets":[ + { + "expr":"sum(\n (\n (\n sum(kube_node_status_capacity_memory_bytes) by (node)\n * on (node) group_left (label_cloud_google_com_gke_preemptible)\n avg(kube_node_labels{label_cloud_google_com_gke_preemptible=\"true\"}) by (node)\n ) /1024/1024/1024 * $costpram\n )\n or\n (\n (\n sum(kube_node_status_capacity_memory_bytes) by (node)\n * on (node) group_left (label_cloud_google_com_gke_preemptible)\n avg(kube_node_labels{label_cloud_google_com_gke_preemptible!=\"true\"}) by (node)\n ) /1024/1024/1024 * ($costram - ($costram / 100 * $costDiscount))\n)\n) ", + "format":"time_series", + "instant":true, + "interval":"", + "intervalFactor":1, + "legendFormat":" {{ node }}", + "refId":"A" + } + ], + "thresholds":"", + "timeFrom":"15m", + "timeShift":null, + "title":"RAM Cost", + "type":"singlestat", + "valueFontSize":"80%", + "valueMaps":[ + { + "op":"=", + "text":"N/A", + "value":"null" + } + ], + "valueName":"current" + }, + { + "cacheTimeout":null, + "colorBackground":false, + "colorValue":false, + "colors":[ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource":"default-kubecost", + "decimals":2, + "format":"currencyUSD", + "gauge":{ + "maxValue":100, + "minValue":0, + "show":false, + "thresholdLabels":false, + "thresholdMarkers":true + }, + "gridPos":{ + "h":4, + "w":6, + "x":12, + "y":2 + }, + "hideTimeOverride":true, + "id":78, + "interval":null, + "links":[ + + ], + "mappingType":1, + "mappingTypes":[ + { + "name":"value to text", + "value":1 + }, + { + "name":"range to text", + "value":2 + } + ], + "maxDataPoints":100, + "nullPointMode":"connected", + "nullText":null, + "postfix":"", + "postfixFontSize":"50%", + "prefix":"", + "prefixFontSize":"50%", + "rangeMaps":[ + { + "from":"null", + "text":"N/A", + "to":"null" + } + ], + "sparkline":{ + "fillColor":"rgba(31, 118, 189, 0.18)", + "full":false, + "lineColor":"rgb(31, 120, 193)", + "show":false + }, + "tableColumn":"label_cloud_google_com_gke_preemptible", + "targets":[ + { + "expr":"sum (\n sum(kube_persistentvolumeclaim_info{storageclass=~\".*ssd.*\"}) by (persistentvolumeclaim, namespace, storageclass)\n + on (persistentvolumeclaim, namespace) group_right(storageclass)\n sum(kube_persistentvolumeclaim_resource_requests_storage_bytes) by (persistentvolumeclaim, namespace) or up * 0\n) / 1024 / 1024 /1024 * $costStorageSSD\n\n+\n\nsum (\n sum(kube_persistentvolumeclaim_info{storageclass!~\".*ssd.*\"}) by (persistentvolumeclaim, namespace, storageclass)\n + on (persistentvolumeclaim, namespace) group_right(storageclass)\n sum(kube_persistentvolumeclaim_resource_requests_storage_bytes) by (persistentvolumeclaim, namespace) or up * 0\n) / 1024 / 1024 /1024 * $costStorageStandard\n\n+ \n\nsum(container_fs_limit_bytes{id=\"/\"}) / 1024 / 1024 / 1024 * 1.03 * $costStorageStandard", + "format":"time_series", + "instant":true, + "interval":"", + "intervalFactor":1, + "legendFormat":" {{ node }}", + "refId":"A" + } + ], + "thresholds":"", + "timeFrom":"15m", + "timeShift":null, + "title":"Storage Cost (Cluster and PVC)", + "type":"singlestat", + "valueFontSize":"80%", + "valueMaps":[ + { + "op":"=", + "text":"N/A", + "value":"null" + } + ], + "valueName":"current" + }, + { + "cacheTimeout":null, + "colorBackground":false, + "colorValue":false, + "colors":[ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource":"default-kubecost", + "decimals":2, + "description":"Represents a near worst-case approximation of network costs.", + "format":"currencyUSD", + "gauge":{ + "maxValue":100, + "minValue":0, + "show":false, + "thresholdLabels":false, + "thresholdMarkers":true + }, + "gridPos":{ + "h":4, + "w":6, + "x":18, + "y":2 + }, + "hideTimeOverride":true, + "id":129, + "interval":null, + "links":[ + + ], + "mappingType":1, + "mappingTypes":[ + { + "name":"value to text", + "value":1 + }, + { + "name":"range to text", + "value":2 + } + ], + "maxDataPoints":100, + "nullPointMode":"connected", + "nullText":null, + "postfix":"", + "postfixFontSize":"50%", + "prefix":"", + "prefixFontSize":"50%", + "rangeMaps":[ + { + "from":"null", + "text":"N/A", + "to":"null" + } + ], + "sparkline":{ + "fillColor":"rgba(31, 118, 189, 0.18)", + "full":false, + "lineColor":"rgb(31, 120, 193)", + "show":false + }, + "tableColumn":"label_cloud_google_com_gke_preemptible", + "targets":[ + { + "expr":"SUM(rate(node_network_transmit_bytes_total{device=\"eth0\"}[60m]) / 1024 / 1024 / 1024 ) * (60 * 60 * 24 * 30) * $costEgress", + "format":"time_series", + "instant":true, + "interval":"", + "intervalFactor":1, + "legendFormat":" {{ node }}", + "refId":"A" + } + ], + "thresholds":"", + "timeFrom":"15m", + "timeShift":null, + "title":"Network Egress Cost", + "type":"singlestat", + "valueFontSize":"80%", + "valueMaps":[ + { + "op":"=", + "text":"N/A", + "value":"null" + } + ], + "valueName":"current" + }, + { + "cacheTimeout":null, + "colorBackground":false, + "colorValue":true, + "colors":[ + "rgba(245, 54, 54, 0.9)", + "rgba(50, 172, 45, 0.97)", + "#c15c17" + ], + "datasource":"default-kubecost", + "decimals":2, + "description":"Current CPU use from applications divided by allocatable CPUs", + "editable":true, + "error":false, + "format":"percent", + "gauge":{ + "maxValue":100, + "minValue":0, + "show":true, + "thresholdLabels":false, + "thresholdMarkers":true + }, + "gridPos":{ + "h":4, + "w":3, + "x":0, + "y":6 + }, + "height":"180px", + "hideTimeOverride":true, + "id":82, + "interval":null, + "isNew":true, + "links":[ + + ], + "mappingType":1, + "mappingTypes":[ + { + "name":"value to text", + "value":1 + }, + { + "name":"range to text", + "value":2 + } + ], + "maxDataPoints":100, + "nullPointMode":"connected", + "nullText":null, + "postfix":"", + "postfixFontSize":"50%", + "prefix":"", + "prefixFontSize":"50%", + "rangeMaps":[ + { + "from":"null", + "text":"N/A", + "to":"null" + } + ], + "sparkline":{ + "fillColor":"rgba(31, 118, 189, 0.18)", + "full":false, + "lineColor":"rgb(31, 120, 193)", + "show":false + }, + "tableColumn":"", + "targets":[ + { + "expr":"(\n sum(\n count(irate(container_cpu_usage_seconds_total{id=\"/\"}[10m])) by (instance)\n * on (instance) \n sum(irate(container_cpu_usage_seconds_total{id=\"/\"}[10m])) by (instance)\n ) \n / \n (sum (kube_node_status_allocatable_cpu_cores))\n) * 100", + "format":"time_series", + "interval":"", + "intervalFactor":1, + "refId":"A", + "step":10 + } + ], + "thresholds":"30, 80", + "timeFrom":"", + "title":"CPU Utilization", + "type":"singlestat", + "valueFontSize":"80%", + "valueMaps":[ + { + "op":"=", + "text":"N/A", + "value":"null" + } + ], + "valueName":"current" + }, + { + "cacheTimeout":null, + "colorBackground":false, + "colorValue":true, + "colors":[ + "rgba(245, 54, 54, 0.9)", + "rgba(50, 172, 45, 0.97)", + "#c15c17" + ], + "datasource":"default-kubecost", + "decimals":2, + "description":"Current CPU reservation requests from applications vs allocatable CPU", + "editable":true, + "error":false, + "format":"percent", + "gauge":{ + "maxValue":100, + "minValue":0, + "show":true, + "thresholdLabels":false, + "thresholdMarkers":true + }, + "gridPos":{ + "h":4, + "w":3, + "x":3, + "y":6 + }, + "height":"180px", + "id":91, + "interval":null, + "isNew":true, + "links":[ + + ], + "mappingType":1, + "mappingTypes":[ + { + "name":"value to text", + "value":1 + }, + { + "name":"range to text", + "value":2 + } + ], + "maxDataPoints":100, + "nullPointMode":"connected", + "nullText":null, + "postfix":"", + "postfixFontSize":"50%", + "prefix":"", + "prefixFontSize":"50%", + "rangeMaps":[ + { + "from":"null", + "text":"N/A", + "to":"null" + } + ], + "sparkline":{ + "fillColor":"rgba(31, 118, 189, 0.18)", + "full":false, + "lineColor":"rgb(31, 120, 193)", + "show":false + }, + "tableColumn":"", + "targets":[ + { + "expr":"SUM(kube_pod_container_resource_requests_cpu_cores) / SUM(kube_node_status_allocatable_cpu_cores) * 100", + "format":"time_series", + "interval":"", + "intervalFactor":1, + "refId":"A", + "step":10 + } + ], + "thresholds":"30, 80", + "title":"CPU Requests", + "type":"singlestat", + "valueFontSize":"80%", + "valueMaps":[ + { + "op":"=", + "text":"N/A", + "value":"null" + } + ], + "valueName":"current" + }, + { + "cacheTimeout":null, + "colorBackground":false, + "colorValue":true, + "colors":[ + "rgba(245, 54, 54, 0.9)", + "rgba(50, 172, 45, 0.97)", + "#c15c17" + ], + "datasource":"default-kubecost", + "description":"Current RAM use vs RAM available", + "editable":true, + "error":false, + "format":"percent", + "gauge":{ + "maxValue":100, + "minValue":0, + "show":true, + "thresholdLabels":false, + "thresholdMarkers":true + }, + "gridPos":{ + "h":4, + "w":3, + "x":6, + "y":6 + }, + "height":"180px", + "hideTimeOverride":true, + "id":80, + "interval":null, + "isNew":true, + "links":[ + + ], + "mappingType":1, + "mappingTypes":[ + { + "name":"value to text", + "value":1 + }, + { + "name":"range to text", + "value":2 + } + ], + "maxDataPoints":100, + "nullPointMode":"connected", + "nullText":null, + "postfix":"", + "postfixFontSize":"50%", + "prefix":"", + "prefixFontSize":"50%", + "rangeMaps":[ + { + "from":"null", + "text":"N/A", + "to":"null" + } + ], + "sparkline":{ + "fillColor":"rgba(31, 118, 189, 0.18)", + "full":false, + "lineColor":"rgb(31, 120, 193)", + "show":false + }, + "tableColumn":"", + "targets":[ + { + "expr":"SUM(container_memory_usage_bytes{namespace!=\"\"}) / SUM(kube_node_status_allocatable_memory_bytes) * 100", + "format":"time_series", + "interval":"", + "intervalFactor":1, + "refId":"A", + "step":10 + }, + { + "expr":"", + "format":"time_series", + "intervalFactor":1, + "refId":"B" + } + ], + "thresholds":"30,80", + "timeFrom":"", + "title":"RAM Utilization", + "transparent":false, + "type":"singlestat", + "valueFontSize":"80%", + "valueMaps":[ + { + "op":"=", + "text":"N/A", + "value":"null" + } + ], + "valueName":"current" + }, + { + "cacheTimeout":null, + "colorBackground":false, + "colorValue":true, + "colors":[ + "rgba(245, 54, 54, 0.9)", + "rgba(50, 172, 45, 0.97)", + "#c15c17" + ], + "datasource":"default-kubecost", + "description":"Current RAM requests vs RAM available", + "editable":true, + "error":false, + "format":"percent", + "gauge":{ + "maxValue":100, + "minValue":0, + "show":true, + "thresholdLabels":false, + "thresholdMarkers":true + }, + "gridPos":{ + "h":4, + "w":3, + "x":9, + "y":6 + }, + "height":"180px", + "id":92, + "interval":null, + "isNew":true, + "links":[ + + ], + "mappingType":1, + "mappingTypes":[ + { + "name":"value to text", + "value":1 + }, + { + "name":"range to text", + "value":2 + } + ], + "maxDataPoints":100, + "nullPointMode":"connected", + "nullText":null, + "postfix":"", + "postfixFontSize":"50%", + "prefix":"", + "prefixFontSize":"50%", + "rangeMaps":[ + { + "from":"null", + "text":"N/A", + "to":"null" + } + ], + "sparkline":{ + "fillColor":"rgba(31, 118, 189, 0.18)", + "full":false, + "lineColor":"rgb(31, 120, 193)", + "show":false + }, + "tableColumn":"", + "targets":[ + { + "expr":"(\n sum(kube_pod_container_resource_requests_memory_bytes{namespace!=\"\"})\n /\n sum(kube_node_status_allocatable_memory_bytes)\n) * 100", + "format":"time_series", + "interval":"", + "intervalFactor":1, + "refId":"A", + "step":10 + } + ], + "thresholds":"30,80", + "title":"RAM Requests", + "transparent":false, + "type":"singlestat", + "valueFontSize":"80%", + "valueMaps":[ + { + "op":"=", + "text":"N/A", + "value":"null" + } + ], + "valueName":"current" + }, + { + "cacheTimeout":null, + "colorBackground":false, + "colorValue":true, + "colors":[ + "rgba(245, 54, 54, 0.9)", + "rgba(50, 172, 45, 0.97)", + "#c15c17" + ], + "datasource":"default-kubecost", + "decimals":2, + "description":"This gauge shows the current standard storage use, including cluster storage, vs storage available", + "editable":true, + "error":false, + "format":"percent", + "gauge":{ + "maxValue":100, + "minValue":0, + "show":true, + "thresholdLabels":false, + "thresholdMarkers":true + }, + "gridPos":{ + "h":4, + "w":3, + "x":12, + "y":6 + }, + "height":"180px", + "hideTimeOverride":true, + "id":95, + "interval":null, + "isNew":true, + "links":[ + + ], + "mappingType":1, + "mappingTypes":[ + { + "name":"value to text", + "value":1 + }, + { + "name":"range to text", + "value":2 + } + ], + "maxDataPoints":100, + "nullPointMode":"connected", + "nullText":null, + "postfix":"", + "postfixFontSize":"50%", + "prefix":"", + "prefixFontSize":"50%", + "rangeMaps":[ + { + "from":"null", + "text":"N/A", + "to":"null" + } + ], + "sparkline":{ + "fillColor":"rgba(31, 118, 189, 0.18)", + "full":false, + "lineColor":"rgb(31, 120, 193)", + "show":false + }, + "tableColumn":"", + "targets":[ + { + "expr":"sum (\n sum(kube_persistentvolumeclaim_info{storageclass!~\".*ssd.*\"}) by (persistentvolumeclaim, namespace, storageclass)\n + on (persistentvolumeclaim, namespace) group_right(storageclass)\n sum(kubelet_volume_stats_used_bytes) by (persistentvolumeclaim, namespace) or up * 0\n + sum(container_fs_usage_bytes{device=~\"^/dev/[sv]d[a-z][1-9]$\",id=\"/\"})\n) /\nsum (\n sum(kube_persistentvolumeclaim_info{storageclass!~\".*ssd.*\"}) by (persistentvolumeclaim, namespace, storageclass)\n + on (persistentvolumeclaim, namespace) group_right(storageclass)\n sum(kube_persistentvolumeclaim_resource_requests_storage_bytes) by (persistentvolumeclaim, namespace) or up * 0\n + sum(container_fs_limit_bytes{device=~\"^/dev/[sv]d[a-z][1-9]$\",id=\"/\"})\n) * 100", + "format":"time_series", + "interval":"", + "intervalFactor":1, + "refId":"A", + "step":10 + } + ], + "thresholds":"30, 80", + "timeFrom":"", + "title":"Storage Utilization", + "type":"singlestat", + "valueFontSize":"80%", + "valueMaps":[ + { + "op":"=", + "text":"N/A", + "value":"null" + } + ], + "valueName":"current" + }, + { + "cacheTimeout":null, + "colorBackground":false, + "colorValue":true, + "colors":[ + "rgba(245, 54, 54, 0.9)", + "rgba(50, 172, 45, 0.97)", + "#c15c17" + ], + "datasource":"default-kubecost", + "decimals":2, + "description":"This gauge shows the current SSD use vs SSD available", + "editable":true, + "error":false, + "format":"percent", + "gauge":{ + "maxValue":100, + "minValue":0, + "show":true, + "thresholdLabels":false, + "thresholdMarkers":true + }, + "gridPos":{ + "h":4, + "w":3, + "x":15, + "y":6 + }, + "height":"180px", + "hideTimeOverride":true, + "id":96, + "interval":null, + "isNew":true, + "links":[ + + ], + "mappingType":1, + "mappingTypes":[ + { + "name":"value to text", + "value":1 + }, + { + "name":"range to text", + "value":2 + } + ], + "maxDataPoints":100, + "nullPointMode":"connected", + "nullText":null, + "postfix":"", + "postfixFontSize":"50%", + "prefix":"", + "prefixFontSize":"50%", + "rangeMaps":[ + { + "from":"null", + "text":"N/A", + "to":"null" + } + ], + "sparkline":{ + "fillColor":"rgba(31, 118, 189, 0.18)", + "full":false, + "lineColor":"rgb(31, 120, 193)", + "show":false + }, + "tableColumn":"", + "targets":[ + { + "expr":"sum (\n sum(kube_persistentvolumeclaim_info{storageclass=~\".*ssd.*\"}) by (persistentvolumeclaim, namespace, storageclass)\n + on (persistentvolumeclaim, namespace) group_right(storageclass)\n sum(kubelet_volume_stats_used_bytes) by (persistentvolumeclaim, namespace)\n) /\nsum (\n sum(kube_persistentvolumeclaim_info{storageclass=~\".*ssd.*\"}) by (persistentvolumeclaim, namespace, storageclass)\n + on (persistentvolumeclaim, namespace) group_right(storageclass)\n sum(kube_persistentvolumeclaim_resource_requests_storage_bytes) by (persistentvolumeclaim, namespace)\n) * 100", + "format":"time_series", + "interval":"", + "intervalFactor":1, + "refId":"A", + "step":10 + } + ], + "thresholds":"30, 80", + "timeFrom":"", + "title":"SSD Utilization", + "type":"singlestat", + "valueFontSize":"80%", + "valueMaps":[ + { + "op":"=", + "text":"N/A", + "value":"null" + } + ], + "valueName":"current" + }, + { + "cacheTimeout":null, + "colorBackground":false, + "colorValue":false, + "colors":[ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource":"default-kubecost", + "decimals":2, + "description":"Expected monthly cost given current CPU, memory storage, and network resource consumption", + "format":"currencyUSD", + "gauge":{ + "maxValue":100, + "minValue":0, + "show":false, + "thresholdLabels":false, + "thresholdMarkers":true + }, + "gridPos":{ + "h":4, + "w":6, + "x":18, + "y":6 + }, + "hideTimeOverride":true, + "id":93, + "interval":null, + "links":[ + + ], + "mappingType":1, + "mappingTypes":[ + { + "name":"value to text", + "value":1 + }, + { + "name":"range to text", + "value":2 + } + ], + "maxDataPoints":100, + "nullPointMode":"connected", + "nullText":null, + "postfix":"", + "postfixFontSize":"50%", + "prefix":"", + "prefixFontSize":"50%", + "rangeMaps":[ + { + "from":"null", + "text":"N/A", + "to":"null" + } + ], + "sparkline":{ + "fillColor":"rgba(31, 118, 189, 0.18)", + "full":false, + "lineColor":"rgb(31, 120, 193)", + "show":false + }, + "tableColumn":"label_cloud_google_com_gke_preemptible", + "targets":[ + { + "expr":"# CPU\nsum(\n (\n (\n sum(kube_node_status_capacity_cpu_cores) by (node)\n * on (node) group_left (label_cloud_google_com_gke_preemptible)\n avg(kube_node_labels{label_cloud_google_com_gke_preemptible=\"true\"}) by (node)\n ) * $costpcpu\n )\n or\n (\n (\n sum(kube_node_status_capacity_cpu_cores) by (node)\n * on (node) group_left (label_cloud_google_com_gke_preemptible)\n avg(kube_node_labels{label_cloud_google_com_gke_preemptible!=\"true\"}) by (node)\n ) * ($costcpu - ($costcpu / 100 * $costDiscount))\n )\n) \n\n+ \n\n# Storage\nsum (\n sum(kube_persistentvolumeclaim_info{storageclass=~\".*ssd.*\"}) by (persistentvolumeclaim, namespace, storageclass)\n + on (persistentvolumeclaim, namespace) group_right(storageclass)\n sum(kube_persistentvolumeclaim_resource_requests_storage_bytes) by (persistentvolumeclaim, namespace) or up * 0\n) / 1024 / 1024 /1024 * $costStorageSSD\n\n+\n\nsum (\n sum(kube_persistentvolumeclaim_info{storageclass!~\".*ssd.*\"}) by (persistentvolumeclaim, namespace, storageclass)\n + on (persistentvolumeclaim, namespace) group_right(storageclass)\n sum(kube_persistentvolumeclaim_resource_requests_storage_bytes) by (persistentvolumeclaim, namespace) or up * 0\n) / 1024 / 1024 /1024 * $costStorageStandard\n\n+ \n\nsum(container_fs_limit_bytes{id=\"/\"}) / 1024 / 1024 / 1024 * 1.03 * $costStorageStandard \n\n+\n\n# END STORAGE\n# RAM \nsum(\n (\n (\n sum(kube_node_status_capacity_memory_bytes) by (node)\n * on (node) group_left (label_cloud_google_com_gke_preemptible)\n avg(kube_node_labels{label_cloud_google_com_gke_preemptible=\"true\"}) by (node)\n ) /1024/1024/1024 * $costpram\n )\n or\n (\n (\n sum(kube_node_status_capacity_memory_bytes) by (node)\n * on (node) group_left (label_cloud_google_com_gke_preemptible)\n avg(kube_node_labels{label_cloud_google_com_gke_preemptible!=\"true\"}) by (node)\n ) /1024/1024/1024 * ($costram - ($costram / 100 * $costDiscount))\n)\n)\n\n+\n\n#Network \nSUM(rate(node_network_transmit_bytes_total{device=\"eth0\"}[60m]) / 1024 / 1024 / 1024 ) * (60 * 60 * 24 * 30) * $costEgress", + "format":"time_series", + "instant":true, + "interval":"", + "intervalFactor":1, + "legendFormat":" {{ node }}", + "refId":"A" + } + ], + "thresholds":"", + "timeFrom":"15m", + "timeShift":null, + "title":"Total Monthly Cost", + "type":"singlestat", + "valueFontSize":"120%", + "valueMaps":[ + { + "op":"=", + "text":"N/A", + "value":"null" + } + ], + "valueName":"current" + }, + { + "aliasColors":{ + + }, + "bars":false, + "dashLength":10, + "dashes":false, + "datasource":"default-kubecost", + "description":"Expected monthly CPU, memory and storage costs given provisioned resources", + "fill":1, + "gridPos":{ + "h":8, + "w":12, + "x":0, + "y":10 + }, + "id":120, + "legend":{ + "avg":false, + "current":false, + "max":false, + "min":false, + "show":false, + "total":false, + "values":false + }, + "lines":true, + "linewidth":1, + "links":[ + + ], + "nullPointMode":"null", + "percentage":false, + "pointradius":5, + "points":false, + "renderer":"flot", + "seriesOverrides":[ + + ], + "spaceLength":10, + "stack":false, + "steppedLine":false, + "targets":[ + { + "expr":"# CPU\nsum(\n (\n (\n sum(kube_node_status_capacity_cpu_cores) by (node)\n * on (node) group_left (label_cloud_google_com_gke_preemptible)\n avg(kube_node_labels{label_cloud_google_com_gke_preemptible=\"true\"}) by (node)\n ) * $costpcpu\n )\n or\n (\n (\n sum(kube_node_status_capacity_cpu_cores) by (node)\n * on (node) group_left (label_cloud_google_com_gke_preemptible)\n avg(kube_node_labels{label_cloud_google_com_gke_preemptible!=\"true\"}) by (node)\n ) * ($costcpu - ($costcpu / 100 * $costDiscount))\n )\n) \n\n+ \n\n# Storage\nsum (\n sum(kube_persistentvolumeclaim_info{storageclass=~\".*ssd.*\"}) by (persistentvolumeclaim, namespace, storageclass)\n + on (persistentvolumeclaim, namespace) group_right(storageclass)\n sum(kube_persistentvolumeclaim_resource_requests_storage_bytes) by (persistentvolumeclaim, namespace) or up * 0\n) / 1024 / 1024 /1024 * $costStorageSSD\n\n+\n\nsum (\n sum(kube_persistentvolumeclaim_info{storageclass!~\".*ssd.*\"}) by (persistentvolumeclaim, namespace, storageclass)\n + on (persistentvolumeclaim, namespace) group_right(storageclass)\n sum(kube_persistentvolumeclaim_resource_requests_storage_bytes) by (persistentvolumeclaim, namespace) or up * 0\n) / 1024 / 1024 /1024 * $costStorageStandard\n\n+ \n\nsum(container_fs_limit_bytes{id=\"/\"}) / 1024 / 1024 / 1024 * 1.03 * $costStorageStandard \n\n+\n\n# END STORAGE\n# RAM \nsum(\n (\n (\n sum(kube_node_status_capacity_memory_bytes) by (node)\n * on (node) group_left (label_cloud_google_com_gke_preemptible)\n avg(kube_node_labels{label_cloud_google_com_gke_preemptible=\"true\"}) by (node)\n ) /1024/1024/1024 * $costpram\n )\n or\n (\n (\n sum(kube_node_status_capacity_memory_bytes) by (node)\n * on (node) group_left (label_cloud_google_com_gke_preemptible)\n avg(kube_node_labels{label_cloud_google_com_gke_preemptible!=\"true\"}) by (node)\n ) /1024/1024/1024 * ($costram - ($costram / 100 * $costDiscount))\n)\n) \n\n+\n\n#Network \nSUM(rate(node_network_transmit_bytes_total{device=\"eth0\"}[60m]) / 1024 / 1024 / 1024 ) * (60 * 60 * 24 * 30) * $costEgress", + "format":"time_series", + "intervalFactor":1, + "legendFormat":"cluster cost", + "refId":"A" + } + ], + "thresholds":[ + + ], + "timeFrom":null, + "timeShift":null, + "title":"Total monthly cost", + "tooltip":{ + "shared":true, + "sort":0, + "value_type":"individual" + }, + "type":"graph", + "xaxis":{ + "buckets":null, + "mode":"time", + "name":null, + "show":true, + "values":[ + + ] + }, + "yaxes":[ + { + "format":"currencyUSD", + "label":null, + "logBase":1, + "max":null, + "min":null, + "show":true + }, + { + "format":"short", + "label":null, + "logBase":1, + "max":null, + "min":null, + "show":true + } + ], + "yaxis":{ + "align":false, + "alignLevel":null + } + }, + { + "columns":[ + { + "text":"Avg", + "value":"avg" + } + ], + "datasource":"default-kubecost", + "description":"Resources allocated to namespace based on container requests", + "fontSize":"100%", + "gridPos":{ + "h":8, + "w":12, + "x":12, + "y":10 + }, + "hideTimeOverride":false, + "id":73, + "links":[ + + ], + "pageSize":10, + "repeat":null, + "repeatDirection":"v", + "scroll":true, + "showHeader":true, + "sort":{ + "col":7, + "desc":true + }, + "styles":[ + { + "alias":"Namespace", + "colorMode":null, + "colors":[ + "rgba(245, 54, 54, 0.9)", + "rgba(50, 172, 45, 0.97)", + "#c15c17" + ], + "dateFormat":"YYYY-MM-DD HH:mm:ss", + "decimals":2, + "link":true, + "linkTooltip":"View namespace cost metrics", + "linkUrl":"d/at-cost-analysis-namespace2/namespace-cost-metrics?&var-namespace=$__cell", + "pattern":"namespace", + "thresholds":[ + "30", + "80" + ], + "type":"string", + "unit":"currencyUSD" + }, + { + "alias":"RAM", + "colorMode":null, + "colors":[ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat":"YYYY-MM-DD HH:mm:ss", + "decimals":2, + "pattern":"Value #B", + "thresholds":[ + + ], + "type":"number", + "unit":"currencyUSD" + }, + { + "alias":"CPU", + "colorMode":null, + "colors":[ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat":"YYYY-MM-DD HH:mm:ss", + "decimals":2, + "mappingType":1, + "pattern":"Value #A", + "thresholds":[ + + ], + "type":"number", + "unit":"currencyUSD" + }, + { + "alias":"", + "colorMode":null, + "colors":[ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat":"YYYY-MM-DD HH:mm:ss", + "decimals":2, + "mappingType":1, + "pattern":"Time", + "thresholds":[ + + ], + "type":"hidden", + "unit":"short" + }, + { + "alias":"PV Storage", + "colorMode":null, + "colors":[ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat":"YYYY-MM-DD HH:mm:ss", + "decimals":2, + "mappingType":1, + "pattern":"Value #C", + "thresholds":[ + + ], + "type":"number", + "unit":"currencyUSD" + }, + { + "alias":"Total", + "colorMode":null, + "colors":[ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat":"YYYY-MM-DD HH:mm:ss", + "decimals":2, + "mappingType":1, + "pattern":"Value #D", + "thresholds":[ + + ], + "type":"number", + "unit":"currencyUSD" + }, + { + "alias":"CPU Utilization", + "colorMode":"value", + "colors":[ + "#bf1b00", + "rgba(50, 172, 45, 0.97)", + "#ef843c" + ], + "dateFormat":"YYYY-MM-DD HH:mm:ss", + "decimals":2, + "mappingType":1, + "pattern":"Value #E", + "thresholds":[ + "30", + "80" + ], + "type":"number", + "unit":"percent" + }, + { + "alias":"RAM Utilization", + "colorMode":"value", + "colors":[ + "rgba(245, 54, 54, 0.9)", + "rgba(50, 172, 45, 0.97)", + "#ef843c" + ], + "dateFormat":"YYYY-MM-DD HH:mm:ss", + "decimals":2, + "mappingType":1, + "pattern":"Value #F", + "thresholds":[ + "30", + "80" + ], + "type":"number", + "unit":"percent" + } + ], + "targets":[ + { + "expr":"(\n sum(kube_pod_container_resource_requests_cpu_cores{namespace!=\"\",namespace!=\"kube-system\",cloud_google_com_gke_preemptible!=\"true\"}*($costcpu - ($costcpu / 100 * $costDiscount))) by(namespace)\n or\n count(\n count(container_spec_cpu_shares{namespace!=\"\",namespace!=\"kube-system\"}) by(namespace)\n ) by(namespace) -1\n)\n\n+\n\n(\n sum(kube_pod_container_resource_requests_cpu_cores{namespace!=\"\",namespace!=\"kube-system\",cloud_google_com_gke_preemptible=\"true\"}*$costpcpu) by(namespace)\n or\n count(\n count(container_spec_cpu_shares{namespace!=\"\",namespace!=\"kube-system\"}) by(namespace)\n ) by(namespace) -1\n)", + "format":"table", + "hide":false, + "instant":true, + "interval":"", + "intervalFactor":1, + "legendFormat":"{{ namespace }}", + "refId":"A" + }, + { + "expr":"(\n sum(kube_pod_container_resource_requests_memory_bytes{namespace!=\"\",namespace!=\"kube-system\",cloud_google_com_gke_preemptible!=\"true\"} / 1024 / 1024 / 1024*($costram- ($costram / 100 * $costDiscount))) by (namespace) \n or\n count(\n count(container_spec_memory_limit_bytes{namespace!=\"\",namespace!=\"kube-system\"}) by(namespace)\n ) by(namespace) -1\n)\n\n+\n\n(\n sum(kube_pod_container_resource_requests_memory_bytes{namespace!=\"\",namespace!=\"kube-system\",cloud_google_com_gke_preemptible=\"true\"} / 1024 / 1024 / 1024 * $costpram ) by (namespace) \n or\n count(\n count(container_spec_memory_limit_bytes{namespace!=\"\",namespace!=\"kube-system\"}) by(namespace)\n ) by(namespace) -1\n)", + "format":"table", + "instant":true, + "intervalFactor":1, + "legendFormat":"{{ namespace }}", + "refId":"B" + }, + { + "expr":"sum (\n sum(kube_persistentvolumeclaim_info{storageclass=~\".*ssd.*\"}) by (persistentvolumeclaim, namespace, storageclass)\n + on (persistentvolumeclaim, namespace) group_right(storageclass)\n sum(kube_persistentvolumeclaim_resource_requests_storage_bytes) by (persistentvolumeclaim, namespace) \n) by (namespace) / 1024 / 1024 /1024 * $costStorageSSD \n\nor\n\nsum (\n sum(kube_persistentvolumeclaim_info{storageclass!~\".*ssd.*\"}) by (persistentvolumeclaim, namespace, storageclass)\n + on (persistentvolumeclaim, namespace) group_right(storageclass)\n sum(kube_persistentvolumeclaim_resource_requests_storage_bytes) by (persistentvolumeclaim, namespace) \n) by (namespace) / 1024 / 1024 /1024 * $costStorageStandard", + "format":"table", + "instant":true, + "intervalFactor":1, + "legendFormat":"{{ namespace }}", + "refId":"C" + }, + { + "expr":"# CPU \n(\n sum(kube_pod_container_resource_requests_cpu_cores{namespace!=\"\",namespace!=\"kube-system\",cloud_google_com_gke_preemptible!=\"true\"}*($costcpu - ($costcpu / 100 * $costDiscount))) by(namespace)\n or\n count(\n count(container_spec_cpu_shares{namespace!=\"\",namespace!=\"kube-system\"}) by(namespace)\n ) by(namespace) -1\n)\n\n+\n\n(\n sum(kube_pod_container_resource_requests_cpu_cores{namespace!=\"\",namespace!=\"kube-system\",cloud_google_com_gke_preemptible=\"true\"}*$costpcpu) by(namespace)\n or\n count(\n count(container_spec_cpu_shares{namespace!=\"\",namespace!=\"kube-system\"}) by(namespace)\n ) by(namespace) -1\n)\n\n+\n\n#END CPU \n# Memory \n\n(\n sum(kube_pod_container_resource_requests_memory_bytes{namespace!=\"\",namespace!=\"kube-system\",cloud_google_com_gke_preemptible!=\"true\"} / 1024 / 1024 / 1024*($costram- ($costram / 100 * $costDiscount))) by (namespace) \n or\n count(\n count(container_spec_memory_limit_bytes{namespace!=\"\",namespace!=\"kube-system\"}) by(namespace)\n ) by(namespace) -1\n)\n\n+\n\n(\n sum(kube_pod_container_resource_requests_memory_bytes{namespace!=\"\",namespace!=\"kube-system\",cloud_google_com_gke_preemptible=\"true\"} / 1024 / 1024 / 1024 * $costpram ) by (namespace) \n or\n count(\n count(container_spec_memory_limit_bytes{namespace!=\"\",namespace!=\"kube-system\"}) by(namespace)\n ) by(namespace) -1\n)\n\n+\n\n# PV storage\n\n(\nsum (\n sum(kube_persistentvolumeclaim_info{storageclass=~\".*ssd.*\"}) by (persistentvolumeclaim, namespace, storageclass)\n + on (persistentvolumeclaim, namespace) group_right(storageclass)\n sum(kube_persistentvolumeclaim_resource_requests_storage_bytes) by (persistentvolumeclaim, namespace) \n) by (namespace) / 1024 / 1024 /1024 * $costStorageSSD \n\nor\n\nsum (\n sum(kube_persistentvolumeclaim_info{storageclass!~\".*ssd.*\"}) by (persistentvolumeclaim, namespace, storageclass)\n + on (persistentvolumeclaim, namespace) group_right(storageclass)\n sum(kube_persistentvolumeclaim_resource_requests_storage_bytes) by (persistentvolumeclaim, namespace) \n) by (namespace) / 1024 / 1024 /1024 * $costStorageStandard \n)", + "format":"table", + "instant":true, + "intervalFactor":1, + "legendFormat":"Total", + "refId":"D" + } + ], + "timeFrom":"", + "timeShift":null, + "title":"Namespace cost allocation", + "transform":"table", + "transparent":false, + "type":"table" + }, + { + "collapsed":false, + "gridPos":{ + "h":1, + "w":24, + "x":0, + "y":18 + }, + "id":108, + "panels":[ + + ], + "title":"CPU Metrics", + "type":"row" + }, + { + "aliasColors":{ + + }, + "bars":false, + "dashLength":10, + "dashes":false, + "datasource":"default-kubecost", + "fill":1, + "gridPos":{ + "h":8, + "w":24, + "x":0, + "y":19 + }, + "id":116, + "legend":{ + "alignAsTable":false, + "avg":false, + "current":false, + "max":false, + "min":false, + "rightSide":false, + "show":true, + "total":false, + "values":false + }, + "lines":true, + "linewidth":1, + "links":[ + + ], + "nullPointMode":"null", + "percentage":false, + "pointradius":5, + "points":false, + "renderer":"flot", + "seriesOverrides":[ + + ], + "spaceLength":10, + "stack":false, + "steppedLine":false, + "targets":[ + { + "expr":"SUM(kube_node_status_capacity_cpu_cores)", + "format":"time_series", + "intervalFactor":1, + "legendFormat":"capacity", + "refId":"A" + }, + { + "expr":"SUM(kube_pod_container_resource_requests_cpu_cores)", + "format":"time_series", + "intervalFactor":1, + "legendFormat":"requests", + "refId":"C" + }, + { + "expr":"SUM(irate(container_cpu_usage_seconds_total{id=\"/\"}[5m]))", + "format":"time_series", + "intervalFactor":1, + "legendFormat":"usage", + "refId":"B" + }, + { + "expr":"SUM(kube_pod_container_resource_limits_cpu_cores) ", + "format":"time_series", + "intervalFactor":1, + "legendFormat":"limits", + "refId":"D" + } + ], + "thresholds":[ + + ], + "timeFrom":null, + "timeShift":null, + "title":"Cluster CPUs", + "tooltip":{ + "shared":true, + "sort":0, + "value_type":"individual" + }, + "type":"graph", + "xaxis":{ + "buckets":null, + "mode":"time", + "name":null, + "show":true, + "values":[ + + ] + }, + "yaxes":[ + { + "decimals":1, + "format":"short", + "label":null, + "logBase":1, + "max":null, + "min":null, + "show":true + }, + { + "format":"short", + "label":null, + "logBase":1, + "max":null, + "min":null, + "show":true + } + ], + "yaxis":{ + "align":false, + "alignLevel":null + } + }, + { + "aliasColors":{ + + }, + "bars":false, + "dashLength":10, + "dashes":false, + "datasource":"default-kubecost", + "fill":1, + "gridPos":{ + "h":8, + "w":24, + "x":0, + "y":27 + }, + "id":130, + "legend":{ + "avg":false, + "current":false, + "max":false, + "min":false, + "show":true, + "total":false, + "values":false + }, + "lines":true, + "linewidth":1, + "links":[ + + ], + "nullPointMode":"null", + "percentage":false, + "pointradius":5, + "points":false, + "renderer":"flot", + "seriesOverrides":[ + + ], + "spaceLength":10, + "stack":false, + "steppedLine":false, + "targets":[ + { + "expr":"avg(irate(node_cpu_seconds_total{mode!=\"idle\"}[5m])) by (mode) * 100", + "format":"time_series", + "intervalFactor":1, + "legendFormat":"{{mode}}", + "refId":"A" + } + ], + "thresholds":[ + + ], + "timeFrom":null, + "timeShift":null, + "title":"CPU Mode", + "tooltip":{ + "shared":true, + "sort":0, + "value_type":"individual" + }, + "type":"graph", + "xaxis":{ + "buckets":null, + "mode":"time", + "name":null, + "show":true, + "values":[ + + ] + }, + "yaxes":[ + { + "format":"percent", + "label":null, + "logBase":1, + "max":null, + "min":null, + "show":true + }, + { + "format":"percent", + "label":null, + "logBase":1, + "max":null, + "min":null, + "show":false + } + ], + "yaxis":{ + "align":false, + "alignLevel":null + } + }, + { + "columns":[ + { + "text":"Avg", + "value":"avg" + } + ], + "datasource":"default-kubecost", + "description":"This table shows the comparison of CPU requests and usage by namespace", + "fontSize":"100%", + "gridPos":{ + "h":10, + "w":12, + "x":0, + "y":35 + }, + "hideTimeOverride":true, + "id":104, + "links":[ + + ], + "pageSize":8, + "repeatDirection":"v", + "scroll":true, + "showHeader":true, + "sort":{ + "col":1, + "desc":true + }, + "styles":[ + { + "alias":"CPU Requests", + "colorMode":null, + "colors":[ + "#fceaca", + "#fce2de", + "rgba(245, 54, 54, 0.9)" + ], + "dateFormat":"YYYY-MM-DD HH:mm:ss", + "decimals":2, + "mappingType":1, + "pattern":"Value #A", + "thresholds":[ + "" + ], + "type":"number", + "unit":"short" + }, + { + "alias":"Node", + "colorMode":null, + "colors":[ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat":"YYYY-MM-DD HH:mm:ss", + "decimals":2, + "mappingType":1, + "pattern":"node", + "thresholds":[ + + ], + "type":"string", + "unit":"short" + }, + { + "alias":"", + "colorMode":null, + "colors":[ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat":"YYYY-MM-DD HH:mm:ss", + "decimals":2, + "mappingType":1, + "pattern":"Time", + "thresholds":[ + + ], + "type":"hidden", + "unit":"short" + }, + { + "alias":"CPU Requests", + "colorMode":"value", + "colors":[ + "rgba(245, 54, 54, 0.9)", + "rgba(50, 172, 45, 0.97)", + "#cffaff" + ], + "dateFormat":"YYYY-MM-DD HH:mm:ss", + "decimals":2, + "mappingType":1, + "pattern":"Value #B", + "thresholds":[ + "" + ], + "type":"number", + "unit":"short" + }, + { + "alias":"24h CPU Usage", + "colorMode":null, + "colors":[ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat":"YYYY-MM-DD HH:mm:ss", + "decimals":2, + "mappingType":1, + "pattern":"Value #C", + "thresholds":[ + "30" + ], + "type":"number", + "unit":"none" + }, + { + "alias":"", + "colorMode":null, + "colors":[ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat":"YYYY-MM-DD HH:mm:ss", + "decimals":2, + "link":true, + "linkTooltip":"View namespace cost metrics", + "linkUrl":"d/at-cost-analysis-namespace2/namespace-cost-metrics?&var-namespace=$__cell", + "mappingType":1, + "pattern":"namespace", + "thresholds":[ + + ], + "type":"number", + "unit":"short" + } + ], + "targets":[ + { + "expr":"sum(kube_pod_container_resource_requests_cpu_cores{namespace!=\"\"}) by (namespace) ", + "format":"table", + "hide":false, + "instant":true, + "interval":"", + "intervalFactor":1, + "legendFormat":"", + "refId":"A" + }, + { + "expr":"sum (rate (container_cpu_usage_seconds_total{image!=\"\",namespace!=\"\"}[24h])) by (namespace)", + "format":"table", + "instant":true, + "intervalFactor":1, + "legendFormat":"{{ namespace }}", + "refId":"C" + } + ], + "timeFrom":null, + "timeShift":null, + "title":"CPU request utilization by namespace", + "transform":"table", + "transparent":false, + "type":"table" + }, + { + "columns":[ + { + "text":"Avg", + "value":"avg" + } + ], + "datasource":"default-kubecost", + "description":"This table shows the comparison of application CPU usage vs the capacity of the node (measured over last 60 minutes)", + "fontSize":"100%", + "gridPos":{ + "h":10, + "w":12, + "x":12, + "y":35 + }, + "hideTimeOverride":true, + "id":90, + "links":[ + + ], + "pageSize":8, + "repeatDirection":"v", + "scroll":true, + "showHeader":true, + "sort":{ + "col":2, + "desc":true + }, + "styles":[ + { + "alias":"CPU Request Utilization", + "colorMode":"value", + "colors":[ + "#ef843c", + "rgba(50, 172, 45, 0.97)", + "rgba(245, 54, 54, 0.9)" + ], + "dateFormat":"YYYY-MM-DD HH:mm:ss", + "decimals":2, + "mappingType":1, + "pattern":"Value #A", + "thresholds":[ + ".30", + " .80" + ], + "type":"number", + "unit":"percentunit" + }, + { + "alias":"Node", + "colorMode":null, + "colors":[ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat":"YYYY-MM-DD HH:mm:ss", + "decimals":2, + "mappingType":1, + "pattern":"node", + "thresholds":[ + + ], + "type":"string", + "unit":"short" + }, + { + "alias":"", + "colorMode":null, + "colors":[ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat":"YYYY-MM-DD HH:mm:ss", + "decimals":2, + "mappingType":1, + "pattern":"Time", + "thresholds":[ + + ], + "type":"hidden", + "unit":"short" + }, + { + "alias":"CPU Utilization", + "colorMode":"value", + "colors":[ + "#ef843c", + "rgba(50, 172, 45, 0.97)", + "rgba(245, 54, 54, 0.9)" + ], + "dateFormat":"YYYY-MM-DD HH:mm:ss", + "decimals":2, + "mappingType":1, + "pattern":"Value #B", + "thresholds":[ + ".20", + " .80" + ], + "type":"number", + "unit":"percentunit" + }, + { + "alias":"24h Utilization ", + "colorMode":null, + "colors":[ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat":"YYYY-MM-DD HH:mm:ss", + "decimals":2, + "mappingType":1, + "pattern":"Value", + "thresholds":[ + + ], + "type":"number", + "unit":"percentunit" + } + ], + "targets":[ + { + "expr":"SUM(\nSUM(rate(container_cpu_usage_seconds_total[24h])) by (pod_name)\n* on (pod_name) group_left (node) \nlabel_replace(\n avg(kube_pod_info{}),\n \"pod_name\", \n \"$1\", \n \"pod\", \n \"(.+)\"\n)\n) by (node) \n/ \nsum(kube_node_status_capacity_cpu_cores) by (node)", + "format":"table", + "instant":true, + "intervalFactor":1, + "refId":"B" + }, + { + "expr":"sum(kube_pod_container_resource_requests_cpu_cores) by (node) / sum(kube_node_status_capacity_cpu_cores) by (node)", + "format":"table", + "instant":true, + "intervalFactor":1, + "refId":"A" + } + ], + "timeFrom":null, + "timeShift":null, + "title":"Cluster cost & utilization by node", + "transform":"table", + "transparent":false, + "type":"table" + }, + { + "collapsed":false, + "gridPos":{ + "h":1, + "w":24, + "x":0, + "y":45 + }, + "id":113, + "panels":[ + + ], + "title":"Memory Metrics", + "type":"row" + }, + { + "aliasColors":{ + + }, + "bars":false, + "dashLength":10, + "dashes":false, + "datasource":"default-kubecost", + "fill":1, + "gridPos":{ + "h":8, + "w":24, + "x":0, + "y":46 + }, + "id":117, + "legend":{ + "avg":false, + "current":false, + "max":false, + "min":false, + "show":false, + "total":false, + "values":false + }, + "lines":true, + "linewidth":1, + "links":[ + + ], + "nullPointMode":"null", + "percentage":false, + "pointradius":5, + "points":false, + "renderer":"flot", + "seriesOverrides":[ + + ], + "spaceLength":10, + "stack":false, + "steppedLine":false, + "targets":[ + { + "expr":"SUM(kube_node_status_capacity_memory_bytes / 1024 / 1024 / 1024)", + "format":"time_series", + "intervalFactor":1, + "legendFormat":"capacity", + "refId":"A" + }, + { + "expr":"SUM(kube_pod_container_resource_requests_memory_bytes{namespace!=\"\"} / 1024 / 1024 / 1024)", + "format":"time_series", + "intervalFactor":1, + "legendFormat":"requests", + "refId":"C" + }, + { + "expr":"SUM(container_memory_usage_bytes{image!=\"\"} / 1024 / 1024 / 1024)", + "format":"time_series", + "intervalFactor":1, + "legendFormat":"usage", + "refId":"B" + }, + { + "expr":"SUM(kube_pod_container_resource_limits_memory_bytes {namespace!=\"\"} / 1024 / 1024 / 1024)", + "format":"time_series", + "intervalFactor":1, + "legendFormat":"limits", + "refId":"D" + } + ], + "thresholds":[ + + ], + "timeFrom":null, + "timeShift":null, + "title":"Cluster memory (GB)", + "tooltip":{ + "shared":true, + "sort":0, + "value_type":"individual" + }, + "type":"graph", + "xaxis":{ + "buckets":null, + "mode":"time", + "name":null, + "show":true, + "values":[ + + ] + }, + "yaxes":[ + { + "format":"decgbytes", + "label":null, + "logBase":1, + "max":null, + "min":null, + "show":true + }, + { + "format":"short", + "label":null, + "logBase":1, + "max":null, + "min":null, + "show":true + } + ], + "yaxis":{ + "align":false, + "alignLevel":null + } + }, + { + "aliasColors":{ + + }, + "bars":false, + "dashLength":10, + "dashes":false, + "datasource":"default-kubecost", + "fill":1, + "gridPos":{ + "h":8, + "w":24, + "x":0, + "y":54 + }, + "id":131, + "legend":{ + "avg":false, + "current":false, + "max":false, + "min":false, + "show":false, + "total":false, + "values":false + }, + "lines":true, + "linewidth":1, + "links":[ + + ], + "nullPointMode":"null", + "percentage":false, + "pointradius":5, + "points":false, + "renderer":"flot", + "seriesOverrides":[ + + ], + "spaceLength":10, + "stack":false, + "steppedLine":false, + "targets":[ + { + "expr":"1 - sum(node_memory_MemAvailable_bytes) by (node) / sum(node_memory_MemTotal_bytes) by (node)", + "format":"time_series", + "intervalFactor":1, + "legendFormat":"usage", + "refId":"A" + } + ], + "thresholds":[ + + ], + "timeFrom":null, + "timeShift":null, + "title":"Cluster Memory Utilization", + "tooltip":{ + "shared":true, + "sort":0, + "value_type":"individual" + }, + "type":"graph", + "xaxis":{ + "buckets":null, + "mode":"time", + "name":null, + "show":true, + "values":[ + + ] + }, + "yaxes":[ + { + "format":"percentunit", + "label":null, + "logBase":1, + "max":null, + "min":null, + "show":true + }, + { + "format":"short", + "label":null, + "logBase":1, + "max":null, + "min":null, + "show":true + } + ], + "yaxis":{ + "align":false, + "alignLevel":null + } + }, + { + "columns":[ + { + "text":"Avg", + "value":"avg" + } + ], + "datasource":"default-kubecost", + "description":"Comparison of memory requests and current usage by namespace", + "fontSize":"100%", + "gridPos":{ + "h":10, + "w":12, + "x":0, + "y":62 + }, + "hideTimeOverride":true, + "id":109, + "links":[ + + ], + "pageSize":7, + "repeatDirection":"v", + "scroll":true, + "showHeader":true, + "sort":{ + "col":1, + "desc":true + }, + "styles":[ + { + "alias":"Mem Requests (GB)", + "colorMode":null, + "colors":[ + "#fceaca", + "#fce2de", + "rgba(245, 54, 54, 0.9)" + ], + "dateFormat":"YYYY-MM-DD HH:mm:ss", + "decimals":2, + "mappingType":1, + "pattern":"Value #A", + "thresholds":[ + "" + ], + "type":"number", + "unit":"short" + }, + { + "alias":"Node", + "colorMode":null, + "colors":[ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat":"YYYY-MM-DD HH:mm:ss", + "decimals":2, + "mappingType":1, + "pattern":"node", + "thresholds":[ + + ], + "type":"string", + "unit":"short" + }, + { + "alias":"", + "colorMode":null, + "colors":[ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat":"YYYY-MM-DD HH:mm:ss", + "decimals":2, + "mappingType":1, + "pattern":"Time", + "thresholds":[ + + ], + "type":"hidden", + "unit":"short" + }, + { + "alias":"CPU Requests", + "colorMode":"value", + "colors":[ + "rgba(245, 54, 54, 0.9)", + "rgba(50, 172, 45, 0.97)", + "#cffaff" + ], + "dateFormat":"YYYY-MM-DD HH:mm:ss", + "decimals":2, + "mappingType":1, + "pattern":"Value #B", + "thresholds":[ + "" + ], + "type":"number", + "unit":"short" + }, + { + "alias":"24h Mem Usage", + "colorMode":null, + "colors":[ + "rgba(245, 54, 54, 0.9)", + "#508642", + "#e5ac0e" + ], + "dateFormat":"YYYY-MM-DD HH:mm:ss", + "decimals":2, + "mappingType":1, + "pattern":"Value #C", + "thresholds":[ + ".30", + ".75" + ], + "type":"number", + "unit":"none" + }, + { + "alias":"Namespace", + "colorMode":null, + "colors":[ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat":"YYYY-MM-DD HH:mm:ss", + "decimals":2, + "link":true, + "linkTooltip":"View namespace cost metrics", + "linkUrl":"d/at-cost-analysis-namespace2/namespace-cost-metrics?&var-namespace=$__cell", + "mappingType":1, + "pattern":"namespace", + "thresholds":[ + + ], + "type":"number", + "unit":"short" + } + ], + "targets":[ + { + "expr":"sum(kube_pod_container_resource_requests_memory_bytes{namespace!=\"\"} / 1024 / 1024 / 1024) by (namespace) ", + "format":"table", + "hide":false, + "instant":true, + "interval":"", + "intervalFactor":1, + "legendFormat":"", + "refId":"A" + }, + { + "expr":"SUM(container_memory_usage_bytes{image!=\"\",namespace!=\"\"} / 1024 / 1024 / 1024) by (namespace)", + "format":"table", + "instant":true, + "intervalFactor":1, + "legendFormat":"", + "refId":"C" + } + ], + "timeFrom":null, + "timeShift":null, + "title":"Memory requests & utilization by namespace", + "transform":"table", + "transparent":false, + "type":"table" + }, + { + "columns":[ + { + "text":"Avg", + "value":"avg" + } + ], + "datasource":"default-kubecost", + "description":"Container RAM usage vs node capacity", + "fontSize":"100%", + "gridPos":{ + "h":10, + "w":12, + "x":12, + "y":62 + }, + "hideTimeOverride":true, + "id":114, + "links":[ + + ], + "pageSize":8, + "repeatDirection":"v", + "scroll":true, + "showHeader":true, + "sort":{ + "col":1, + "desc":true + }, + "styles":[ + { + "alias":"RAM Requests", + "colorMode":"value", + "colors":[ + "#ef843c", + "rgba(50, 172, 45, 0.97)", + "rgba(245, 54, 54, 0.9)" + ], + "dateFormat":"YYYY-MM-DD HH:mm:ss", + "decimals":2, + "mappingType":1, + "pattern":"Value #A", + "thresholds":[ + "30", + " 80" + ], + "type":"number", + "unit":"percentunit" + }, + { + "alias":"Node", + "colorMode":null, + "colors":[ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat":"YYYY-MM-DD HH:mm:ss", + "decimals":2, + "mappingType":1, + "pattern":"node", + "thresholds":[ + + ], + "type":"string", + "unit":"short" + }, + { + "alias":"", + "colorMode":null, + "colors":[ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat":"YYYY-MM-DD HH:mm:ss", + "decimals":2, + "mappingType":1, + "pattern":"Time", + "thresholds":[ + + ], + "type":"hidden", + "unit":"short" + }, + { + "alias":"RAM Usage", + "colorMode":"value", + "colors":[ + "#ef843c", + "rgba(50, 172, 45, 0.97)", + "rgba(245, 54, 54, 0.9)" + ], + "dateFormat":"YYYY-MM-DD HH:mm:ss", + "decimals":2, + "mappingType":1, + "pattern":"Value #B", + "thresholds":[ + "25", + " 80" + ], + "type":"number", + "unit":"percent" + }, + { + "alias":"", + "colorMode":null, + "colors":[ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat":"YYYY-MM-DD HH:mm:ss", + "decimals":2, + "mappingType":1, + "pattern":"", + "thresholds":[ + + ], + "type":"number", + "unit":"short" + } + ], + "targets":[ + { + "expr":"SUM(label_replace(container_memory_usage_bytes{namespace!=\"\"}, \"node\", \"$1\", \"instance\",\"(.+)\")) by (node) * 100\n/\nSUM(kube_node_status_capacity_memory_bytes) by (node)", + "format":"table", + "instant":true, + "intervalFactor":1, + "refId":"B" + }, + { + "expr":"sum(kube_pod_container_resource_requests_memory_bytes{namespace!=\"\"}) by (node) / SUM(kube_node_status_capacity_memory_bytes) by (node)", + "format":"table", + "instant":true, + "intervalFactor":1, + "refId":"A" + } + ], + "timeFrom":null, + "timeShift":null, + "title":"Node utilization of allocatable RAM", + "transform":"table", + "transparent":false, + "type":"table" + }, + { + "collapsed":false, + "gridPos":{ + "h":1, + "w":24, + "x":0, + "y":72 + }, + "id":101, + "panels":[ + + ], + "title":"Storage Metrics", + "type":"row" + }, + { + "columns":[ + { + "text":"Avg", + "value":"avg" + } + ], + "datasource":"default-kubecost", + "fontSize":"100%", + "gridPos":{ + "h":9, + "w":12, + "x":0, + "y":73 + }, + "hideTimeOverride":true, + "id":97, + "links":[ + + ], + "pageSize":8, + "repeatDirection":"v", + "scroll":true, + "showHeader":true, + "sort":{ + "col":4, + "desc":true + }, + "styles":[ + { + "alias":"Node", + "colorMode":null, + "colors":[ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat":"YYYY-MM-DD HH:mm:ss", + "decimals":2, + "mappingType":1, + "pattern":"instance", + "thresholds":[ + + ], + "type":"string", + "unit":"short" + }, + { + "alias":"PVC Name", + "colorMode":null, + "colors":[ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat":"YYYY-MM-DD HH:mm:ss", + "decimals":2, + "mappingType":1, + "pattern":"persistentvolumeclaim", + "thresholds":[ + + ], + "type":"number", + "unit":"short" + }, + { + "alias":"Storage Class", + "colorMode":null, + "colors":[ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat":"YYYY-MM-DD HH:mm:ss", + "decimals":2, + "mappingType":1, + "pattern":"storageclass", + "thresholds":[ + + ], + "type":"number", + "unit":"short" + }, + { + "alias":"Cost", + "colorMode":null, + "colors":[ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat":"YYYY-MM-DD HH:mm:ss", + "decimals":2, + "mappingType":1, + "pattern":"Value", + "thresholds":[ + + ], + "type":"number", + "unit":"currencyUSD" + }, + { + "alias":"", + "colorMode":null, + "colors":[ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat":"YYYY-MM-DD HH:mm:ss", + "decimals":2, + "mappingType":1, + "pattern":"Time", + "thresholds":[ + + ], + "type":"hidden", + "unit":"short" + }, + { + "alias":"Cost", + "colorMode":null, + "colors":[ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat":"YYYY-MM-DD HH:mm:ss", + "decimals":2, + "mappingType":1, + "pattern":"Value #A", + "thresholds":[ + + ], + "type":"number", + "unit":"currencyUSD" + }, + { + "alias":"Size (GB)", + "colorMode":null, + "colors":[ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat":"YYYY-MM-DD HH:mm:ss", + "decimals":2, + "mappingType":1, + "pattern":"Value #B", + "thresholds":[ + + ], + "type":"number", + "unit":"short" + }, + { + "alias":"Usage", + "colorMode":null, + "colors":[ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat":"YYYY-MM-DD HH:mm:ss", + "decimals":2, + "mappingType":1, + "pattern":"Value #C", + "thresholds":[ + + ], + "type":"number", + "unit":"percentunit" + } + ], + "targets":[ + { + "expr":"SUM(container_fs_limit_bytes{id=\"/\"}) by (instance) / 1024 / 1024 / 1024 * 1.03", + "format":"table", + "instant":true, + "intervalFactor":1, + "refId":"B" + }, + { + "expr":"SUM(container_fs_limit_bytes{id=\"/\"}) by (instance) / 1024 / 1024 / 1024 * 1.03 * $costStorageStandard\n", + "format":"table", + "hide":false, + "instant":true, + "interval":"", + "intervalFactor":1, + "legendFormat":"{{ persistentvolumeclaim }}", + "refId":"A" + }, + { + "expr":"sum(container_fs_usage_bytes{device=~\"^/dev/[sv]d[a-z][1-9]$\",id=\"/\"} / container_fs_limit_bytes{device=~\"^/dev/[sv]d[a-z][1-9]$\",id=\"/\"}) by (instance) \n", + "format":"table", + "instant":true, + "intervalFactor":1, + "refId":"C" + } + ], + "timeFrom":null, + "timeShift":null, + "title":"Local Storage", + "transform":"table", + "transparent":false, + "type":"table" + }, + { + "aliasColors":{ + + }, + "bars":false, + "dashLength":10, + "dashes":false, + "datasource":"default-kubecost", + "fill":1, + "gridPos":{ + "h":9, + "w":12, + "x":12, + "y":73 + }, + "id":128, + "legend":{ + "avg":false, + "current":false, + "max":false, + "min":false, + "show":true, + "total":false, + "values":false + }, + "lines":true, + "linewidth":1, + "links":[ + + ], + "nullPointMode":"null", + "percentage":false, + "pointradius":5, + "points":false, + "renderer":"flot", + "seriesOverrides":[ + + ], + "spaceLength":10, + "stack":false, + "steppedLine":false, + "targets":[ + { + "expr":"SUM(container_fs_usage_bytes{id=\"/\"}) / SUM(container_fs_limit_bytes{id=\"/\"})", + "format":"time_series", + "intervalFactor":1, + "legendFormat":"reads", + "refId":"D" + } + ], + "thresholds":[ + + ], + "timeFrom":null, + "timeShift":null, + "title":"Local storage utilization", + "tooltip":{ + "shared":true, + "sort":0, + "value_type":"individual" + }, + "type":"graph", + "xaxis":{ + "buckets":null, + "mode":"time", + "name":null, + "show":true, + "values":[ + + ] + }, + "yaxes":[ + { + "format":"percent", + "label":"IOPS", + "logBase":1, + "max":null, + "min":null, + "show":true + }, + { + "format":"short", + "label":null, + "logBase":1, + "max":null, + "min":null, + "show":true + } + ], + "yaxis":{ + "align":false, + "alignLevel":null + } + }, + { + "columns":[ + { + "text":"Avg", + "value":"avg" + } + ], + "datasource":"default-kubecost", + "fontSize":"100%", + "gridPos":{ + "h":10, + "w":12, + "x":0, + "y":82 + }, + "hideTimeOverride":true, + "id":94, + "links":[ + + ], + "pageSize":10, + "repeatDirection":"v", + "scroll":true, + "showHeader":true, + "sort":{ + "col":2, + "desc":true + }, + "styles":[ + { + "alias":"Namespace", + "colorMode":null, + "colors":[ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat":"YYYY-MM-DD HH:mm:ss", + "decimals":2, + "link":true, + "linkTooltip":"View namespace cost metrics", + "linkUrl":"d/at-cost-analysis-namespace2/namespace-cost-metrics?&var-namespace=$__cell", + "mappingType":1, + "pattern":"namespace", + "thresholds":[ + + ], + "type":"string", + "unit":"short" + }, + { + "alias":"PVC Name", + "colorMode":null, + "colors":[ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat":"YYYY-MM-DD HH:mm:ss", + "decimals":2, + "mappingType":1, + "pattern":"persistentvolumeclaim", + "thresholds":[ + + ], + "type":"number", + "unit":"short" + }, + { + "alias":"Storage Class", + "colorMode":null, + "colors":[ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat":"YYYY-MM-DD HH:mm:ss", + "decimals":2, + "mappingType":1, + "pattern":"storageclass", + "thresholds":[ + + ], + "type":"number", + "unit":"short" + }, + { + "alias":"Cost", + "colorMode":null, + "colors":[ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat":"YYYY-MM-DD HH:mm:ss", + "decimals":2, + "mappingType":1, + "pattern":"Value", + "thresholds":[ + + ], + "type":"number", + "unit":"currencyUSD" + }, + { + "alias":"", + "colorMode":null, + "colors":[ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat":"YYYY-MM-DD HH:mm:ss", + "decimals":2, + "mappingType":1, + "pattern":"Time", + "thresholds":[ + + ], + "type":"hidden", + "unit":"short" + }, + { + "alias":"Cost", + "colorMode":null, + "colors":[ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat":"YYYY-MM-DD HH:mm:ss", + "decimals":2, + "mappingType":1, + "pattern":"Value #A", + "thresholds":[ + + ], + "type":"number", + "unit":"currencyUSD" + }, + { + "alias":"Usage", + "colorMode":null, + "colors":[ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat":"YYYY-MM-DD HH:mm:ss", + "decimals":2, + "mappingType":1, + "pattern":"Value #B", + "thresholds":[ + + ], + "type":"number", + "unit":"percentunit" + }, + { + "alias":"Size (GB)", + "colorMode":null, + "colors":[ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat":"YYYY-MM-DD HH:mm:ss", + "decimals":2, + "mappingType":1, + "pattern":"Value #C", + "thresholds":[ + + ], + "type":"number", + "unit":"short" + } + ], + "targets":[ + { + "expr":"sum (\n sum(kube_persistentvolumeclaim_info{storageclass=~\".*ssd.*\"}) by (persistentvolumeclaim, namespace, storageclass)\n * on (persistentvolumeclaim, namespace) group_right(storageclass)\n sum(kube_persistentvolumeclaim_resource_requests_storage_bytes{storageclass=~\".*ssd.*\"}) by (persistentvolumeclaim, namespace)\n) by (namespace,persistentvolumeclaim,storageclass) / 1024 / 1024 /1024\n\nor\n\nsum (\n sum(kube_persistentvolumeclaim_info{storageclass!~\".*ssd.*\"}) by (persistentvolumeclaim, namespace, storageclass)\n * on (persistentvolumeclaim, namespace) group_right(storageclass)\n sum(kube_persistentvolumeclaim_resource_requests_storage_bytes{storageclass!~\".*ssd.*\"}) by (persistentvolumeclaim, namespace)\n) by (namespace,persistentvolumeclaim,storageclass) / 1024 / 1024 /1024\n\n\n", + "format":"table", + "instant":true, + "intervalFactor":1, + "refId":"C" + }, + { + "expr":"sum (\n sum(kube_persistentvolumeclaim_info{storageclass=~\".*ssd.*\"}) by (persistentvolumeclaim, namespace, storageclass)\n * on (persistentvolumeclaim, namespace) group_right(storageclass)\n sum(kube_persistentvolumeclaim_resource_requests_storage_bytes{storageclass=~\".*ssd.*\"}) by (persistentvolumeclaim, namespace)\n) by (namespace,persistentvolumeclaim,storageclass) / 1024 / 1024 /1024 * $costStorageSSD\n\nor\n\nsum (\n sum(kube_persistentvolumeclaim_info{storageclass!~\".*ssd.*\"}) by (persistentvolumeclaim, namespace, storageclass)\n * on (persistentvolumeclaim, namespace) group_right(storageclass)\n sum(kube_persistentvolumeclaim_resource_requests_storage_bytes{storageclass!~\".*ssd.*\"}) by (persistentvolumeclaim, namespace)\n) by (namespace,persistentvolumeclaim,storageclass) / 1024 / 1024 /1024 * $costStorageStandard\n", + "format":"table", + "hide":false, + "instant":true, + "interval":"", + "intervalFactor":1, + "legendFormat":"{{ persistentvolumeclaim }}", + "refId":"A" + }, + { + "expr":"sum(kubelet_volume_stats_used_bytes) by (persistentvolumeclaim, namespace) \n/\nsum (\n sum(kube_persistentvolumeclaim_info{storageclass!~\".*ssd.*\"}) by (persistentvolumeclaim, namespace, storageclass)\n * on (persistentvolumeclaim, namespace) group_right(storageclass)\n sum(kube_persistentvolumeclaim_resource_requests_storage_bytes{storageclass!~\".*ssd.*\"}) by (persistentvolumeclaim, namespace)\n) by (namespace,persistentvolumeclaim)", + "format":"table", + "instant":true, + "intervalFactor":1, + "refId":"B" + } + ], + "timeFrom":null, + "timeShift":null, + "title":"Persistent Volume Claims", + "transform":"table", + "transparent":false, + "type":"table" + }, + { + "aliasColors":{ + + }, + "bars":false, + "dashLength":10, + "dashes":false, + "datasource":"default-kubecost", + "fill":1, + "gridPos":{ + "h":10, + "w":12, + "x":12, + "y":82 + }, + "id":132, + "legend":{ + "avg":false, + "current":false, + "max":false, + "min":false, + "show":true, + "total":false, + "values":false + }, + "lines":true, + "linewidth":1, + "links":[ + + ], + "nullPointMode":"null", + "percentage":false, + "pointradius":5, + "points":false, + "renderer":"flot", + "seriesOverrides":[ + + ], + "spaceLength":10, + "stack":false, + "steppedLine":false, + "targets":[ + { + "expr":"SUM(rate(node_disk_reads_completed_total[10m])) or SUM(rate(node_disk_reads_completed[10m]))\n", + "format":"time_series", + "intervalFactor":1, + "legendFormat":"reads", + "refId":"D" + }, + { + "expr":"SUM(rate(node_disk_writes_completed_total[10m])) or SUM(rate(node_disk_writes_completed[10m]))", + "format":"time_series", + "intervalFactor":1, + "legendFormat":"writes", + "refId":"A" + } + ], + "thresholds":[ + + ], + "timeFrom":null, + "timeShift":null, + "title":"Disk IOPS", + "tooltip":{ + "shared":true, + "sort":0, + "value_type":"individual" + }, + "type":"graph", + "xaxis":{ + "buckets":null, + "mode":"time", + "name":null, + "show":true, + "values":[ + + ] + }, + "yaxes":[ + { + "format":"none", + "label":"IOPS", + "logBase":1, + "max":null, + "min":null, + "show":true + }, + { + "format":"short", + "label":null, + "logBase":1, + "max":null, + "min":null, + "show":true + } + ], + "yaxis":{ + "align":false, + "alignLevel":null + } + }, + { + "aliasColors":{ + + }, + "bars":false, + "dashLength":10, + "dashes":false, + "datasource":"default-kubecost", + "fill":1, + "gridPos":{ + "h":9, + "w":24, + "x":0, + "y":92 + }, + "id":122, + "legend":{ + "avg":false, + "current":false, + "max":false, + "min":false, + "show":true, + "total":false, + "values":false + }, + "lines":true, + "linewidth":1, + "links":[ + + ], + "nullPointMode":"null", + "percentage":false, + "pointradius":5, + "points":false, + "renderer":"flot", + "seriesOverrides":[ + + ], + "spaceLength":10, + "stack":false, + "steppedLine":false, + "targets":[ + { + "expr":"SUM( kubelet_volume_stats_inodes_used / kubelet_volume_stats_inodes) by (persistentvolumeclaim) * 100", + "format":"time_series", + "intervalFactor":1, + "legendFormat":"", + "refId":"D" + } + ], + "thresholds":[ + + ], + "timeFrom":null, + "timeShift":null, + "title":"Inode usage", + "tooltip":{ + "shared":true, + "sort":0, + "value_type":"individual" + }, + "type":"graph", + "xaxis":{ + "buckets":null, + "mode":"time", + "name":null, + "show":true, + "values":[ + + ] + }, + "yaxes":[ + { + "format":"percent", + "label":null, + "logBase":1, + "max":null, + "min":null, + "show":true + }, + { + "format":"short", + "label":null, + "logBase":1, + "max":null, + "min":null, + "show":true + } + ], + "yaxis":{ + "align":false, + "alignLevel":null + } + }, + { + "collapsed":false, + "gridPos":{ + "h":1, + "w":24, + "x":0, + "y":101 + }, + "id":127, + "panels":[ + + ], + "title":"Network", + "type":"row" + }, + { + "aliasColors":{ + + }, + "bars":false, + "dashLength":10, + "dashes":false, + "datasource":"default-kubecost", + "fill":1, + "gridPos":{ + "h":9, + "w":24, + "x":0, + "y":102 + }, + "id":123, + "legend":{ + "avg":false, + "current":false, + "max":false, + "min":false, + "show":true, + "total":false, + "values":false + }, + "lines":true, + "linewidth":1, + "links":[ + + ], + "nullPointMode":"null", + "percentage":false, + "pointradius":5, + "points":false, + "renderer":"flot", + "seriesOverrides":[ + + ], + "spaceLength":10, + "stack":false, + "steppedLine":false, + "targets":[ + { + "expr":"sum (rate (node_network_transmit_bytes_total{}[60m]))\n", + "format":"time_series", + "intervalFactor":1, + "legendFormat":"node_out", + "refId":"B" + }, + { + "expr":"SUM ( rate(node_network_transmit_bytes_total{device=\"eth0\"}[60m]))", + "format":"time_series", + "instant":false, + "intervalFactor":1, + "legendFormat":"eth0 out", + "refId":"C" + } + ], + "thresholds":[ + + ], + "timeFrom":null, + "timeShift":null, + "title":"Node network transmit", + "tooltip":{ + "shared":true, + "sort":0, + "value_type":"individual" + }, + "type":"graph", + "xaxis":{ + "buckets":null, + "mode":"time", + "name":null, + "show":true, + "values":[ + + ] + }, + "yaxes":[ + { + "format":"decbytes", + "label":null, + "logBase":1, + "max":null, + "min":null, + "show":true + }, + { + "format":"short", + "label":null, + "logBase":1, + "max":null, + "min":null, + "show":true + } + ], + "yaxis":{ + "align":false, + "alignLevel":null + } + } + ], + "refresh":"15m", + "schemaVersion":16, + "style":"dark", + "tags":[ + "cost", + "utilization", + "metrics" + ], + "templating":{ + "list":[ + { + "current":{ + "text":"23.076", + "value":"23.076" + }, + "hide":0, + "label":"CPU", + "name":"costcpu", + "options":[ + { + "text":"23.076", + "value":"23.076" + } + ], + "query":"23.076", + "skipUrlSync":false, + "type":"constant" + }, + { + "current":{ + "text":"5.10", + "value":"5.10" + }, + "hide":0, + "label":"PE CPU", + "name":"costpcpu", + "options":[ + { + "text":"5.10", + "value":"5.10" + } + ], + "query":"5.10", + "skipUrlSync":false, + "type":"constant" + }, + { + "current":{ + "text":"3.25", + "value":"3.25" + }, + "hide":0, + "label":"RAM", + "name":"costram", + "options":[ + { + "text":"3.25", + "value":"3.25" + } + ], + "query":"3.25", + "skipUrlSync":false, + "type":"constant" + }, + { + "current":{ + "text":"0.6862", + "value":"0.6862" + }, + "hide":0, + "label":"PE RAM", + "name":"costpram", + "options":[ + { + "text":"0.6862", + "value":"0.6862" + } + ], + "query":"0.6862", + "skipUrlSync":false, + "type":"constant" + }, + { + "current":{ + "text":"0.040", + "value":"0.040" + }, + "hide":0, + "label":"Storage", + "name":"costStorageStandard", + "options":[ + { + "text":"0.040", + "value":"0.040" + } + ], + "query":"0.040", + "skipUrlSync":false, + "type":"constant" + }, + { + "current":{ + "text":".17", + "value":".17" + }, + "hide":0, + "label":"SSD", + "name":"costStorageSSD", + "options":[ + { + "text":".17", + "value":".17" + } + ], + "query":".17", + "skipUrlSync":false, + "type":"constant" + }, + { + "current":{ + "text":".12", + "value":".12" + }, + "hide":0, + "label":"Egress", + "name":"costEgress", + "options":[ + { + "selected":true, + "text":".12", + "value":".12" + } + ], + "query":".12", + "skipUrlSync":false, + "type":"constant" + }, + { + "current":{ + "text":"30", + "value":"30" + }, + "hide":0, + "label":"Discount", + "name":"costDiscount", + "options":[ + { + "text":"30", + "value":"30" + } + ], + "query":"30", + "skipUrlSync":false, + "type":"constant" + } + ] + }, + "time":{ + "from":"now-24h", + "to":"now" + }, + "timepicker":{ + "hidden":false, + "refresh_intervals":[ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options":[ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone":"browser", + "title":"Cluster cost & utilization metrics", + "uid":"cluster-costs", + "version":1 +} diff --git a/charts/kubecost/cost-analyzer/1.70.000/deployment-utilization.json b/charts/kubecost/cost-analyzer/1.70.000/deployment-utilization.json new file mode 100644 index 000000000..ff5526c15 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/deployment-utilization.json @@ -0,0 +1,1366 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "description": "Monitors Kubernetes deployments in cluster using Prometheus and kube-state-metrics. Shows resource utilization of deployments, daemonsets, and statefulsets.", + "editable": true, + "gnetId": 8588, + "graphTooltip": 0, + "id": 2, + "iteration": 1586200623748, + "links": [], + "panels": [ + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": true, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "default-kubecost", + "editable": true, + "error": false, + "format": "percent", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": true, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 5, + "w": 8, + "x": 0, + "y": 0 + }, + "height": "180px", + "id": 1, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum (container_memory_working_set_bytes{container!=\"\",pod_name=~\"^$Deployment$Statefulset$Daemonset.*$\", kubernetes_io_hostname=~\"^$Node$\", pod_name!=\"\"}) / sum (kube_node_status_allocatable_memory_bytes{node=~\"^$Node.*$\"}) * 100", + "format": "time_series", + "interval": "10s", + "intervalFactor": 1, + "refId": "A", + "step": 900 + } + ], + "thresholds": "65, 90", + "title": "Deployment memory usage", + "transparent": false, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": true, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "default-kubecost", + "decimals": 2, + "editable": true, + "error": false, + "format": "percent", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": true, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 5, + "w": 8, + "x": 8, + "y": 0 + }, + "height": "180px", + "id": 2, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum (rate (container_cpu_usage_seconds_total{pod_name=~\"^$Deployment$Statefulset$Daemonset.*$\", kubernetes_io_hostname=~\"^$Node$\"}[2m])) / sum (machine_cpu_cores{kubernetes_io_hostname=~\"^$Node$\"}) * 100", + "format": "time_series", + "interval": "10s", + "intervalFactor": 1, + "refId": "A", + "step": 900 + } + ], + "thresholds": "65, 90", + "title": "Deployment CPU usage", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": true, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "default-kubecost", + "editable": true, + "error": false, + "format": "percent", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": true, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 5, + "w": 8, + "x": 16, + "y": 0 + }, + "height": "180px", + "id": 3, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "(((sum(kube_deployment_status_replicas{deployment=~\".*$Deployment$Statefulset$Daemonset\"}) or vector(0)) + (sum(kube_statefulset_replicas{statefulset=~\".*$Deployment$Statefulset$Daemonset\"}) or vector(0)) + (sum(kube_daemonset_status_desired_number_scheduled{daemonset=~\".*$Deployment$Statefulset$Daemonset\"}) or vector(0))) - ((sum(kube_deployment_status_replicas_available{deployment=~\".*$Deployment$Statefulset$Daemonset\"}) or vector(0)) + (sum(kube_statefulset_status_replicas{statefulset=~\".*$Deployment$Statefulset$Daemonset\"}) or vector(0)) + (sum(kube_daemonset_status_number_ready{daemonset=~\".*$Deployment$Statefulset$Daemonset\"}) or vector(0)))) / ((sum(kube_deployment_status_replicas{deployment=~\".*$Deployment$Statefulset$Daemonset\"}) or vector(0)) + (sum(kube_statefulset_replicas{statefulset=~\".*$Deployment$Statefulset$Daemonset\"}) or vector(0)) + (sum(kube_daemonset_status_desired_number_scheduled{daemonset=~\".*$Deployment$Statefulset$Daemonset\"}) or vector(0))) * 100", + "format": "time_series", + "intervalFactor": 2, + "refId": "A", + "step": 1800 + } + ], + "thresholds": "1,30", + "title": "Unavailable Replicas", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "datasource": "default-kubecost", + "editable": true, + "error": false, + "format": "bytes", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 0, + "y": 5 + }, + "height": "100px", + "id": 4, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(container_memory_working_set_bytes{container!=\"\",pod_name=~\"^$Deployment$Statefulset$Daemonset.*$\", kubernetes_io_hostname=~\"^$Node$\", pod_name!=\"\"})", + "format": "time_series", + "intervalFactor": 2, + "refId": "A", + "step": 1800 + } + ], + "thresholds": "", + "title": "Used", + "type": "singlestat", + "valueFontSize": "50%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "datasource": "default-kubecost", + "editable": true, + "error": false, + "format": "bytes", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 4, + "y": 5 + }, + "height": "100px", + "id": 5, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum (kube_node_status_allocatable_memory_bytes{node=~\"^$Node.*$\"})", + "format": "time_series", + "intervalFactor": 2, + "refId": "A", + "step": 1800 + } + ], + "thresholds": "", + "title": "Total", + "type": "singlestat", + "valueFontSize": "50%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "datasource": "default-kubecost", + "editable": true, + "error": false, + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 8, + "y": 5 + }, + "height": "100px", + "id": 6, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": " cores", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum (rate (container_cpu_usage_seconds_total{pod_name=~\"^$Deployment$Statefulset$Daemonset.*$\", kubernetes_io_hostname=~\"^$Node$\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "refId": "A", + "step": 1800 + } + ], + "thresholds": "", + "title": "Used", + "type": "singlestat", + "valueFontSize": "50%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "datasource": "default-kubecost", + "editable": true, + "error": false, + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 12, + "y": 5 + }, + "height": "100px", + "id": 7, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": " cores", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum (machine_cpu_cores{kubernetes_io_hostname=~\"^$Node$\"})", + "intervalFactor": 2, + "refId": "A", + "step": 1800 + } + ], + "thresholds": "", + "title": "Total", + "type": "singlestat", + "valueFontSize": "50%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "avg" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "datasource": "default-kubecost", + "editable": true, + "error": false, + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 16, + "y": 5 + }, + "height": "100px", + "id": 8, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "(sum(kube_deployment_status_replicas_available{deployment=~\".*$Deployment$Statefulset$Daemonset\"}) or vector(0)) + (sum(kube_statefulset_status_replicas{statefulset=~\".*$Deployment$Statefulset$Daemonset\"}) or vector(0)) + (sum(kube_daemonset_status_number_ready{daemonset=~\".*$Deployment$Statefulset$Daemonset\"}) or vector(0))", + "format": "time_series", + "intervalFactor": 2, + "refId": "A", + "step": 1800 + } + ], + "thresholds": "", + "title": "Available (cluster)", + "type": "singlestat", + "valueFontSize": "50%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "datasource": "default-kubecost", + "editable": true, + "error": false, + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 20, + "y": 5 + }, + "height": "100px", + "id": 9, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "(sum(kube_deployment_status_replicas{deployment=~\".*$Deployment$Statefulset$Daemonset\"}) or vector(0)) + (sum(kube_statefulset_replicas{statefulset=~\".*$Deployment$Statefulset$Daemonset\"}) or vector(0)) + (sum(kube_daemonset_status_desired_number_scheduled{daemonset=~\".*$Deployment$Statefulset$Daemonset\"}) or vector(0))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{ $Daemonset }}", + "refId": "A", + "step": 1800 + } + ], + "thresholds": "", + "title": "Total (cluster)", + "type": "singlestat", + "valueFontSize": "50%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "default-kubecost", + "decimals": 3, + "editable": true, + "error": false, + "fill": 0, + "grid": {}, + "gridPos": { + "h": 11, + "w": 24, + "x": 0, + "y": 8 + }, + "height": "", + "id": 10, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "hideEmpty": false, + "hideZero": false, + "max": true, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/avlbl.*/", + "yaxis": 2 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum (irate (container_cpu_usage_seconds_total{container!=\"\",image!=\"\",name=~\"^k8s_.*\",io_kubernetes_container_name!=\"POD\",pod_name=~\"^$Deployment$Statefulset$Daemonset.*$\",kubernetes_io_hostname=~\"^$Node$\"}[5m])) by (pod_name,kubernetes_io_hostname)", + "format": "time_series", + "hide": false, + "interval": "10s", + "intervalFactor": 1, + "legendFormat": "usage: {{ kubernetes_io_hostname }} | {{ pod_name }} ", + "metric": "container_cpu", + "refId": "A", + "step": 60 + }, + { + "expr": "sum (kube_pod_container_resource_requests_cpu_cores{pod=~\"^$Deployment$Statefulset$Daemonset.*$\",node=~\"^$Node$\"}) by (pod,node)", + "format": "time_series", + "hide": false, + "intervalFactor": 2, + "legendFormat": "rqst: {{ node }} | {{ pod }}", + "refId": "B", + "step": 120 + }, + { + "expr": "sum ((kube_node_status_allocatable_cpu_cores{node=~\"^$Node$\"})) by (node)", + "format": "time_series", + "hide": true, + "intervalFactor": 2, + "legendFormat": "avlbl: {{ node }}", + "refId": "C", + "step": 30 + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "CPU usage & requests", + "tooltip": { + "msResolution": true, + "shared": true, + "sort": 2, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "none", + "label": "cores", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "default-kubecost", + "decimals": 2, + "editable": true, + "error": false, + "fill": 0, + "grid": {}, + "gridPos": { + "h": 13, + "w": 24, + "x": 0, + "y": 19 + }, + "id": 11, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": true, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/^avlbl.*$/", + "yaxis": 2 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "max (container_memory_working_set_bytes{container!=\"POD\",container!=\"\",id!=\"/\",pod_name=~\"^$Deployment$Statefulset$Daemonset.*$\",kubernetes_io_hostname=~\"^$Node$\"}) by (pod_name,kubernetes_io_hostname)", + "format": "time_series", + "hide": false, + "interval": "10s", + "intervalFactor": 1, + "legendFormat": "usage: {{kubernetes_io_hostname }} | {{ pod_name }}", + "metric": "container_memory_usage:sort_desc", + "refId": "A", + "step": 60 + }, + { + "expr": "sum ((kube_pod_container_resource_requests_memory_bytes{pod=~\"^$Deployment$Statefulset$Daemonset.*$\",node=~\"^$Node$\"})) by (pod,node)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "rqst: {{ node }} | {{ pod }}", + "refId": "B", + "step": 120 + }, + { + "expr": "sum ((kube_node_status_allocatable_memory_bytes{node=~\"^$Node$\"})) by (node)", + "format": "time_series", + "hide": true, + "intervalFactor": 2, + "legendFormat": "avlbl: {{ node }}", + "refId": "C", + "step": 30 + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Memory usage & requests", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 2, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "default-kubecost", + "fill": 1, + "gridPos": { + "h": 9, + "w": 24, + "x": 0, + "y": 32 + }, + "id": 12, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "100 * (kubelet_volume_stats_used_bytes{kubernetes_io_hostname=~\"^$Node$\", persistentvolumeclaim=~\".*$Deployment$Statefulset$Daemonset.*$\"} / kubelet_volume_stats_capacity_bytes{kubernetes_io_hostname=~\"^$Node$\", persistentvolumeclaim=~\".*$Deployment$Statefulset$Daemonset.*$\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{ persistentvolumeclaim }} | {{ kubernetes_io_hostname }}", + "refId": "A", + "step": 120 + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Disk Usage", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "percent", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "default-kubecost", + "decimals": 2, + "editable": true, + "error": false, + "fill": 1, + "grid": {}, + "gridPos": { + "h": 13, + "w": 24, + "x": 0, + "y": 41 + }, + "id": 13, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum (rate (container_network_receive_bytes_total{id!=\"/\",pod_name=~\"^$Deployment$Statefulset$Daemonset.*$\",kubernetes_io_hostname=~\"^$Node$\"}[2m])) by (pod_name, kubernetes_io_hostname)", + "format": "time_series", + "interval": "10s", + "intervalFactor": 1, + "legendFormat": "-> {{ kubernetes_io_hostname }} | {{ pod_name }}", + "metric": "network", + "refId": "A", + "step": 60 + }, + { + "expr": "- sum( rate (container_network_transmit_bytes_total{id!=\"/\",pod_name=~\"^$Deployment$Statefulset$Daemonset.*$\",kubernetes_io_hostname=~\"^$Node$\"}[2m])) by (pod_name, kubernetes_io_hostname)", + "format": "time_series", + "interval": "10s", + "intervalFactor": 1, + "legendFormat": "<- {{ kubernetes_io_hostname }} | {{ pod_name }}", + "metric": "network", + "refId": "B", + "step": 60 + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "All processes network I/O", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 2, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "refresh": false, + "schemaVersion": 16, + "style": "dark", + "tags": [ + "kubernetes", + "deployment" + ], + "templating": { + "list": [ + { + "allValue": "()", + "current": { + "selected": false, + "tags": [], + "text": "All", + "value": "$__all" + }, + "datasource": "default-kubecost", + "hide": 0, + "includeAll": true, + "label": null, + "multi": false, + "name": "Deployment", + "options": [], + "query": "label_values(deployment)", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": "()", + "current": { + "text": "All", + "value": "$__all" + }, + "datasource": "default-kubecost", + "hide": 0, + "includeAll": true, + "label": null, + "multi": false, + "name": "Statefulset", + "options": [], + "query": "label_values(statefulset)", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": "()", + "current": { + "text": "All", + "value": "$__all" + }, + "datasource": "default-kubecost", + "hide": 0, + "includeAll": true, + "label": null, + "multi": false, + "name": "Daemonset", + "options": [], + "query": "label_values(daemonset)", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": ".*", + "current": { + "text": "All", + "value": "$__all" + }, + "datasource": "default-kubecost", + "hide": 0, + "includeAll": true, + "label": null, + "multi": false, + "name": "Node", + "options": [], + "query": "label_values(kubernetes_io_hostname)", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-24h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "browser", + "title": "Deployment/Statefulset/Daemonset utilization metrics", + "uid": "deployment-metrics", + "version": 1 +} diff --git a/charts/kubecost/cost-analyzer/1.70.000/label-cost-utilization.json b/charts/kubecost/cost-analyzer/1.70.000/label-cost-utilization.json new file mode 100644 index 000000000..46d508aa0 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/label-cost-utilization.json @@ -0,0 +1,1193 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "id": 7, + "iteration": 1586214000479, + "links": [], + "panels": [ + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "default-kubecost", + "decimals": 2, + "description": "Monthly projected CPU cost given last 10m", + "format": "currencyUSD", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 5, + "w": 6, + "x": 0, + "y": 0 + }, + "hideTimeOverride": true, + "id": 15, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "label_cloud_google_com_gke_preemptible", + "targets": [ + { + "expr": "sum(\n avg(container_cpu_allocation) by (pod,node)\n\n * on (node) group_left()\n avg(avg_over_time(node_cpu_hourly_cost[10m])) by (node)\n\n * on (pod) group_left()\n label_replace(\n max(kube_pod_labels{label_$label=~\"$label_value\"}) by (pod),\n \"pod_name\",\n \"$1\", \n \"pod\", \n \"(.+)\"\n )\n) * 730", + "format": "time_series", + "instant": true, + "interval": "", + "intervalFactor": 1, + "legendFormat": " {{ node }}", + "refId": "A" + } + ], + "thresholds": "", + "timeFrom": "15m", + "timeShift": null, + "title": "CPU Cost", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "default-kubecost", + "decimals": 2, + "description": "Based on CPU usage over last 24 hours", + "format": "currencyUSD", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 5, + "w": 6, + "x": 6, + "y": 0 + }, + "hideTimeOverride": true, + "id": 16, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "label_cloud_google_com_gke_preemptible", + "targets": [ + { + "expr": "sum(\n avg(container_memory_allocation_bytes) by (pod,node) / 1024 / 1024 / 1024\n\n * on (node) group_left()\n avg(avg_over_time(node_ram_hourly_cost[10m])) by (node)\n\n * on (pod) group_left()\n label_replace(\n max(kube_pod_labels{label_$label=~\"$label_value\"}) by (pod),\n \"pod_name\",\n \"$1\", \n \"pod\", \n \"(.+)\"\n )\n) * 730", + "format": "time_series", + "instant": true, + "interval": "", + "intervalFactor": 1, + "legendFormat": " {{ node }}", + "refId": "A" + } + ], + "thresholds": "", + "timeFrom": "15m", + "timeShift": null, + "title": "Memory Cost", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "default-kubecost", + "decimals": 2, + "description": "", + "format": "currencyUSD", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 5, + "w": 6, + "x": 12, + "y": 0 + }, + "hideTimeOverride": true, + "id": 21, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "label_cloud_google_com_gke_preemptible", + "targets": [ + { + "expr": "sum(\n sum(kube_persistentvolumeclaim_info{storageclass!=\".*ssd.*\"}) by (persistentvolumeclaim, storageclass)\n * on (persistentvolumeclaim) group_right(storageclass)\n sum(kube_persistentvolumeclaim_resource_requests_storage_bytes) by (persistentvolumeclaim)\n * on (persistentvolumeclaim) group_left(label_app)\n max(kube_persistentvolumeclaim_labels{label_$label=~\"$label_value\"}) by (persistentvolumeclaim) or up * 0\n) / 1024 / 1024 /1024 * .04 \n\n+\n\nsum(\n sum(kube_persistentvolumeclaim_info{storageclass=~\".*ssd.*\"}) by (persistentvolumeclaim, storageclass)\n * on (persistentvolumeclaim) group_right(storageclass)\n sum(kube_persistentvolumeclaim_resource_requests_storage_bytes) by (persistentvolumeclaim)\n * on (persistentvolumeclaim) group_left(label_app)\n max(kube_persistentvolumeclaim_labels{label_$label=~\"$label_value\"}) by (persistentvolumeclaim) or up * 0\n) / 1024 / 1024 /1024 * .17 \n", + "format": "time_series", + "instant": true, + "interval": "", + "intervalFactor": 1, + "legendFormat": " {{ node }}", + "refId": "A" + } + ], + "thresholds": "", + "timeFrom": "15m", + "timeShift": null, + "title": "Storage Cost", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "default-kubecost", + "decimals": 2, + "description": "Cost of memory + CPU usage", + "format": "currencyUSD", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 5, + "w": 6, + "x": 18, + "y": 0 + }, + "hideTimeOverride": true, + "id": 20, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "label_cloud_google_com_gke_preemptible", + "targets": [ + { + "expr": "# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ CPU ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\nsum(\n avg(container_cpu_allocation) by (pod,node)\n\n * on (node) group_left()\n avg(avg_over_time(node_cpu_hourly_cost[10m])) by (node)\n\n * on (pod) group_left()\n label_replace(\n max(kube_pod_labels{label_$label=~\"$label_value\"}) by (pod),\n \"pod_name\",\n \"$1\", \n \"pod\", \n \"(.+)\"\n )\n) * 730\n\n#END CPU\n+\n\n# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Memory ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\nsum(\n avg(container_memory_allocation_bytes) by (pod,node) / 1024 / 1024 / 1024\n\n * on (node) group_left()\n avg(avg_over_time(node_ram_hourly_cost[10m])) by (node)\n\n * on (pod) group_left()\n label_replace(\n max(kube_pod_labels{label_$label=~\"$label_value\"}) by (pod),\n \"pod_name\",\n \"$1\", \n \"pod\", \n \"(.+)\"\n )\n) * 730\n\n# END MEMORY\n\n+\n\n# ~~~~~~~~~~~~~~~~~~~~~~~~~~~ STORAGE ~~~~~~~~~~~~~~~~~~~~~~~~~\n\nsum(\n sum(kube_persistentvolumeclaim_info{storageclass!=\".*ssd.*\"}) by (persistentvolumeclaim, storageclass)\n * on (persistentvolumeclaim) group_right(storageclass)\n sum(kube_persistentvolumeclaim_resource_requests_storage_bytes) by (persistentvolumeclaim)\n * on (persistentvolumeclaim) group_left(label_app)\n max(kube_persistentvolumeclaim_labels{label_$label=~\"$label_value\"}) by (persistentvolumeclaim) or up * 0\n) / 1024 / 1024 /1024 * .04 \n\n+\n\nsum(\n sum(kube_persistentvolumeclaim_info{storageclass=~\".*ssd.*\"}) by (persistentvolumeclaim, storageclass)\n * on (persistentvolumeclaim) group_right(storageclass)\n sum(kube_persistentvolumeclaim_resource_requests_storage_bytes) by (persistentvolumeclaim)\n * on (persistentvolumeclaim) group_left(label_app)\n max(kube_persistentvolumeclaim_labels{label_$label=~\"$label_value\"}) by (persistentvolumeclaim) or up * 0\n) / 1024 / 1024 /1024 * .17 \n\n\n# END STORAGE\n", + "format": "time_series", + "instant": true, + "interval": "", + "intervalFactor": 1, + "legendFormat": " {{ node }}", + "refId": "A" + } + ], + "thresholds": "", + "timeFrom": "15m", + "timeShift": null, + "title": "Total Cost", + "type": "singlestat", + "valueFontSize": "110%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "default-kubecost", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 4, + "w": 3, + "x": 0, + "y": 5 + }, + "id": 10, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": " cores", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(\n sum (kube_pod_container_resource_requests_cpu_cores) by (pod)\n * on (pod) group_left()\n max(kube_pod_labels{label_$label=~\"$label_value\"}) by (pod)\n or up * 0\n) ", + "format": "time_series", + "intervalFactor": 1, + "refId": "A" + } + ], + "thresholds": "", + "title": "CPU Request", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "default-kubecost", + "decimals": 2, + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 4, + "w": 3, + "x": 3, + "y": 5 + }, + "id": 17, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": " cores", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(\n label_replace(\n sum(rate(container_cpu_usage_seconds_total{image!=\"\",container_name!=\"POD\"}[1h])) by (kubernetes_io_hostname,pod_name),\n \"node\",\n \"$1\", \n \"kubernetes_io_hostname\", \n \"(.+)\"\n ) \n * on (pod_name) group_left()\n label_replace(\n max(kube_pod_labels{label_$label=~\"$label_value\"}) by (pod),\n \"pod_name\",\n \"$1\", \n \"pod\", \n \"(.+)\"\n ) or up * 0\n) ", + "format": "time_series", + "intervalFactor": 2, + "refId": "A" + } + ], + "thresholds": "", + "title": "CPU Used", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "default-kubecost", + "decimals": 0, + "format": "bytes", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 4, + "w": 3, + "x": 6, + "y": 5 + }, + "id": 11, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": true, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(\n sum (kube_pod_container_resource_requests_memory_bytes) by (pod)\n * on (pod) group_left()\n max(kube_pod_labels{label_$label=~\"$label_value\"}) by (pod)\n or up * 0\n) ", + "format": "time_series", + "intervalFactor": 1, + "refId": "A" + } + ], + "thresholds": "", + "title": "Memory Request", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "default-kubecost", + "format": "bytes", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 4, + "w": 3, + "x": 9, + "y": 5 + }, + "id": 18, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(\n label_replace(\n sum (container_memory_working_set_bytes{pod_name!=\"\",container!=\"POD\",container!=\"\"}) by (pod_name),\n \"pod\",\n \"$1\", \n \"pod_name\", \n \"(.+)\")\n * on (pod) group_left()\n max(kube_pod_labels{label_$label=~\"$label_value\"}) by (pod)\n or up * 0\n)", + "format": "time_series", + "instant": true, + "intervalFactor": 1, + "refId": "A" + } + ], + "thresholds": "", + "title": "Memory Usage", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "default-kubecost", + "decimals": 0, + "format": "bytes", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 4, + "w": 6, + "x": 12, + "y": 5 + }, + "id": 22, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(\n max(kube_persistentvolumeclaim_info) by (persistentvolumeclaim, storageclass)\n * on (persistentvolumeclaim) group_right(storageclass)\n sum(kube_persistentvolumeclaim_resource_requests_storage_bytes) by (persistentvolumeclaim)\n * on (persistentvolumeclaim) group_left(label_app)\n max(kube_persistentvolumeclaim_labels{label_$label=~\"$label_value\"}) by (persistentvolumeclaim) or up * 0\n) \n", + "format": "time_series", + "instant": true, + "intervalFactor": 1, + "refId": "A" + } + ], + "thresholds": "", + "title": "Storage Request", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "default-kubecost", + "fill": 1, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 9 + }, + "id": 8, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(\n label_replace(\n sum (kube_pod_container_resource_limits_cpu_cores) by (pod, container)\n * on (pod) group_left()\n max(kube_pod_labels{label_$label=~\"$label_value\"}) by (pod,container),\n \"container_name\",\n \"$1\", \n \"container\", \n \"(.+)\"\n )\n) \n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "limit", + "refId": "C" + }, + { + "expr": "sum(\n label_replace(\n sum (kube_pod_container_resource_requests_cpu_cores) by (pod, container)\n * on (pod) group_left()\n max(kube_pod_labels{label_$label=~\"$label_value\"}) by (pod,container),\n \"container_name\",\n \"$1\", \n \"container\", \n \"(.+)\"\n )\n) \n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "request", + "refId": "B" + }, + { + "expr": "sum(\n label_replace(\n sum (rate (container_cpu_usage_seconds_total{image!=\"\",container!=\"POD\",container!=\"\"}[10m])) by (container,pod),\n \"pod\", \n \"$1\", \n \"pod_name\", \n \"(.+)\"\n )\n * on (pod) group_left (label_$label)\n max(kube_pod_labels{label_$label=~\"$label_value\"}) by (pod,container)\n)\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "usage", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "CPU Usage vs Requests vs Limits", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "default-kubecost", + "fill": 1, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 9 + }, + "id": 23, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(\n label_replace(\n sum (kube_pod_container_resource_limits_memory_bytes) by (pod, container)\n * on (pod) group_left()\n max(kube_pod_labels{label_$label=~\"$label_value\"}) by (pod,container),\n \"container_name\",\n \"$1\", \n \"container\", \n \"(.+)\"\n )\n) \n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "limit", + "refId": "C" + }, + { + "expr": "sum(\n label_replace(\n sum (kube_pod_container_resource_requests_memory_bytes) by (pod, container)\n * on (pod) group_left()\n max(kube_pod_labels{label_$label=~\"$label_value\"}) by (pod,container),\n \"container_name\",\n \"$1\", \n \"container\", \n \"(.+)\"\n )\n) \n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "request", + "refId": "B" + }, + { + "expr": "sum(\n label_replace(\n sum (container_memory_working_set_bytes{container!=\"\",container!=\"POD\"}) by (container,pod),\n \"pod\", \n \"$1\", \n \"pod_name\", \n \"(.+)\"\n )\n * on (pod) group_left (label_$label)\n max(kube_pod_labels{label_$label=~\"$label_value\"}) by (pod,container)\n)\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "usage", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Memory Usage vs Requests vs Limits", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "refresh": false, + "schemaVersion": 16, + "style": "dark", + "tags": [ + "cost", + "utilization", + "metrics" + ], + "templating": { + "list": [ + { + "datasource": "default-kubecost", + "filters": [], + "hide": 0, + "label": "", + "name": "Filters", + "skipUrlSync": false, + "type": "adhoc" + }, + { + "allValue": null, + "current": { + "tags": [], + "text": "app", + "value": "app" + }, + "hide": 0, + "includeAll": false, + "label": "Label", + "multi": false, + "name": "label", + "options": [ + { + "selected": false, + "text": "app", + "value": "app" + }, + { + "selected": false, + "text": "tier", + "value": "tier" + }, + { + "selected": false, + "text": "component", + "value": "component" + }, + { + "selected": true, + "text": "release", + "value": "release" + }, + { + "selected": false, + "text": "name", + "value": "name" + }, + { + "selected": false, + "text": "team", + "value": "team" + }, + { + "selected": false, + "text": "department", + "value": "department" + }, + { + "selected": false, + "text": "owner", + "value": "owner" + }, + { + "selected": false, + "text": "contact", + "value": "contact" + } + ], + "query": "app, tier, component, release, name, team, department, owner, contact", + "skipUrlSync": false, + "type": "custom" + }, + { + "allValue": ".*", + "current": { + "tags": [], + "text": "All", + "value": "$__all" + }, + "datasource": "default-kubecost", + "hide": 0, + "includeAll": true, + "label": "Value", + "multi": false, + "name": "label_value", + "options": [], + "query": "query_result(SUM(kube_pod_labels{label_$label!=\"\",namespace!=\"kube-system\"}) by (label_$label))", + "refresh": 1, + "regex": "/label_$label=\\\"(.*?)(\\\")/", + "skipUrlSync": false, + "sort": 0, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": "()", + "current": { + "text": "All", + "value": "$__all" + }, + "datasource": "default-kubecost", + "hide": 0, + "includeAll": true, + "label": "", + "multi": false, + "name": "Deployments", + "options": [], + "query": "label_values(deployment)", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + "tags": [], + "text": "All", + "value": "$__all" + }, + "datasource": "default-kubecost", + "hide": 0, + "includeAll": true, + "label": null, + "multi": false, + "name": "Secondary", + "options": [ + { + "selected": true, + "text": "All", + "value": "$__all" + }, + { + "selected": false, + "text": "app", + "value": "app" + }, + { + "selected": false, + "text": "component", + "value": "component" + }, + { + "selected": false, + "text": "controller_revision_hash", + "value": "controller_revision_hash" + }, + { + "selected": false, + "text": "k8s_app", + "value": "k8s_app" + } + ], + "query": "query_result(kube_pod_labels)", + "refresh": 0, + "regex": "/.+?label_([^=]*).*/", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-24h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "", + "title": "Label costs & utilization", + "uid": "lWMhIA-ik", + "version": 2 +} diff --git a/charts/kubecost/cost-analyzer/1.70.000/namespace-utilization.json b/charts/kubecost/cost-analyzer/1.70.000/namespace-utilization.json new file mode 100644 index 000000000..7260cced1 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/namespace-utilization.json @@ -0,0 +1,1156 @@ +{ + "annotations":{ + "list":[ + { + "builtIn":1, + "datasource":"-- Grafana --", + "enable":true, + "hide":true, + "iconColor":"rgba(0, 211, 255, 1)", + "name":"Annotations & Alerts", + "type":"dashboard" + } + ] + }, + "description":"A dashboard to help with utilization and resource allocation", + "editable":true, + "gnetId":8673, + "graphTooltip":0, + "id":9, + "iteration":1553150922105, + "links":[ + + ], + "panels":[ + { + "columns":[ + { + "text":"Avg", + "value":"avg" + } + ], + "datasource":"default-kubecost", + "fontSize":"100%", + "gridPos":{ + "h":9, + "w":16, + "x":0, + "y":0 + }, + "hideTimeOverride":true, + "id":73, + "links":[ + + ], + "pageSize":8, + "repeat":null, + "repeatDirection":"v", + "scroll":true, + "showHeader":true, + "sort":{ + "col":2, + "desc":false + }, + "styles":[ + { + "alias":"Pod", + "colorMode":null, + "colors":[ + "rgba(245, 54, 54, 0.9)", + "rgba(50, 172, 45, 0.97)", + "#c15c17" + ], + "dateFormat":"YYYY-MM-DD HH:mm:ss", + "decimals":2, + "link":false, + "linkTooltip":"", + "linkUrl":"", + "pattern":"pod_name", + "thresholds":[ + "30", + "80" + ], + "type":"string", + "unit":"currencyUSD" + }, + { + "alias":"RAM", + "colorMode":null, + "colors":[ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat":"YYYY-MM-DD HH:mm:ss", + "decimals":2, + "pattern":"Value #B", + "thresholds":[ + + ], + "type":"number", + "unit":"decbytes" + }, + { + "alias":"CPU %", + "colorMode":null, + "colors":[ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat":"YYYY-MM-DD HH:mm:ss", + "decimals":2, + "mappingType":1, + "pattern":"Value #A", + "thresholds":[ + + ], + "type":"number", + "unit":"percent" + }, + { + "alias":"", + "colorMode":null, + "colors":[ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat":"YYYY-MM-DD HH:mm:ss", + "decimals":2, + "mappingType":1, + "pattern":"Time", + "thresholds":[ + + ], + "type":"hidden", + "unit":"short" + }, + { + "alias":"Storage", + "colorMode":null, + "colors":[ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat":"YYYY-MM-DD HH:mm:ss", + "decimals":2, + "mappingType":1, + "pattern":"Value #C", + "thresholds":[ + + ], + "type":"number", + "unit":"currencyUSD" + }, + { + "alias":"Total", + "colorMode":null, + "colors":[ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat":"YYYY-MM-DD HH:mm:ss", + "decimals":2, + "mappingType":1, + "pattern":"Value #D", + "thresholds":[ + + ], + "type":"number", + "unit":"currencyUSD" + }, + { + "alias":"CPU Utilization", + "colorMode":"value", + "colors":[ + "#bf1b00", + "rgba(50, 172, 45, 0.97)", + "#ef843c" + ], + "dateFormat":"YYYY-MM-DD HH:mm:ss", + "decimals":2, + "mappingType":1, + "pattern":"Value #E", + "thresholds":[ + "30", + "80" + ], + "type":"number", + "unit":"percent" + }, + { + "alias":"RAM Utilization", + "colorMode":"value", + "colors":[ + "rgba(245, 54, 54, 0.9)", + "rgba(50, 172, 45, 0.97)", + "#ef843c" + ], + "dateFormat":"YYYY-MM-DD HH:mm:ss", + "decimals":2, + "mappingType":1, + "pattern":"Value #F", + "thresholds":[ + "30", + "80" + ], + "type":"number", + "unit":"percent" + } + ], + "targets":[ + { + "expr":"sum (rate (container_cpu_usage_seconds_total{namespace=\"$namespace\"}[10m])) by (pod_name) * 100", + "format":"table", + "hide":false, + "instant":true, + "interval":"", + "intervalFactor":1, + "legendFormat":"{{ pod_name }}", + "refId":"A" + }, + { + "expr":"sum (avg_over_time (container_memory_working_set_bytes{namespace=\"$namespace\", container_name!=\"POD\"}[10m])) by (pod_name)", + "format":"table", + "hide":false, + "instant":true, + "intervalFactor":1, + "legendFormat":"{{ pod_name }}", + "refId":"B" + } + ], + "timeFrom":"1M", + "timeShift":null, + "title":"Pod utilization analysis", + "transform":"table", + "transparent":false, + "type":"table" + }, + { + "columns":[ + { + "text":"Avg", + "value":"avg" + } + ], + "datasource":"default-kubecost", + "fontSize":"100%", + "gridPos":{ + "h":9, + "w":8, + "x":16, + "y":0 + }, + "hideTimeOverride":true, + "id":90, + "links":[ + + ], + "pageSize":8, + "repeatDirection":"v", + "scroll":true, + "showHeader":true, + "sort":{ + "col":4, + "desc":true + }, + "styles":[ + { + "alias":"Namespace", + "colorMode":null, + "colors":[ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat":"YYYY-MM-DD HH:mm:ss", + "decimals":2, + "mappingType":1, + "pattern":"namespace", + "thresholds":[ + + ], + "type":"hidden", + "unit":"short" + }, + { + "alias":"PVC Name", + "colorMode":null, + "colors":[ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat":"YYYY-MM-DD HH:mm:ss", + "decimals":2, + "mappingType":1, + "pattern":"persistentvolumeclaim", + "thresholds":[ + + ], + "type":"number", + "unit":"short" + }, + { + "alias":"Storage Class", + "colorMode":null, + "colors":[ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat":"YYYY-MM-DD HH:mm:ss", + "decimals":2, + "mappingType":1, + "pattern":"storageclass", + "thresholds":[ + + ], + "type":"number", + "unit":"short" + }, + { + "alias":"Size", + "colorMode":null, + "colors":[ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat":"YYYY-MM-DD HH:mm:ss", + "decimals":1, + "mappingType":1, + "pattern":"Value", + "thresholds":[ + + ], + "type":"number", + "unit":"gbytes" + }, + { + "alias":"", + "colorMode":null, + "colors":[ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat":"YYYY-MM-DD HH:mm:ss", + "decimals":2, + "mappingType":1, + "pattern":"Time", + "thresholds":[ + + ], + "type":"hidden", + "unit":"short" + } + ], + "targets":[ + { + "expr":"sum (\n sum(kube_persistentvolumeclaim_info) by (persistentvolumeclaim, namespace, storageclass)\n + on (persistentvolumeclaim, namespace) group_right (storageclass)\n sum(kube_persistentvolumeclaim_resource_requests_storage_bytes{namespace=~\"$namespace\"}) by (persistentvolumeclaim, namespace)\n) by (namespace,persistentvolumeclaim,storageclass) / 1024 / 1024 /1024 ", + "format":"table", + "hide":false, + "instant":true, + "interval":"", + "intervalFactor":1, + "legendFormat":"{{ persistentvolumeclaim }}", + "refId":"A" + } + ], + "timeFrom":null, + "timeShift":null, + "title":"Persistent Volume Claims", + "transform":"table", + "transparent":false, + "type":"table" + }, + { + "aliasColors":{ + + }, + "bars":false, + "dashLength":10, + "dashes":false, + "datasource":"default-kubecost", + "description":"CPU requests by pod divided by the rate of CPU usage over the last hour", + "fill":1, + "gridPos":{ + "h":9, + "w":24, + "x":0, + "y":9 + }, + "id":100, + "legend":{ + "avg":false, + "current":false, + "max":false, + "min":false, + "show":true, + "total":false, + "values":false + }, + "lines":true, + "linewidth":1, + "links":[ + + ], + "nullPointMode":"null", + "percentage":false, + "pointradius":5, + "points":false, + "renderer":"flot", + "seriesOverrides":[ + + ], + "spaceLength":10, + "stack":false, + "steppedLine":false, + "targets":[ + { + "expr":"topk(10,\n label_replace(\n sum(kube_pod_container_resource_requests_cpu_cores{namespace=\"$namespace\"}) by (pod),\n \"pod_name\", \n \"$1\", \n \"pod\", \n \"(.+)\"\n ) \n/ on (pod_name) sum(rate(container_cpu_usage_seconds_total{namespace=\"$namespace\",pod_name=~\".+\"}[1h])) by (pod_name))", + "format":"time_series", + "intervalFactor":1, + "refId":"A" + } + ], + "thresholds":[ + + ], + "timeFrom":null, + "timeShift":null, + "title":"Ratio of CPU requests to usage (Top 10 pods)", + "tooltip":{ + "shared":true, + "sort":0, + "value_type":"individual" + }, + "type":"graph", + "xaxis":{ + "buckets":null, + "mode":"time", + "name":null, + "show":true, + "values":[ + + ] + }, + "yaxes":[ + { + "format":"short", + "label":null, + "logBase":1, + "max":null, + "min":null, + "show":true + }, + { + "format":"short", + "label":null, + "logBase":1, + "max":null, + "min":null, + "show":true + } + ], + "yaxis":{ + "align":false, + "alignLevel":null + } + }, + { + "aliasColors":{ + + }, + "bars":false, + "dashLength":10, + "dashes":false, + "datasource":"default-kubecost", + "decimals":3, + "description":"This panel shows historical utilization as an average across all pods in this namespace. It only accounts for currently deployed pods", + "editable":true, + "error":false, + "fill":0, + "grid":{ + + }, + "gridPos":{ + "h":6, + "w":12, + "x":0, + "y":18 + }, + "height":"", + "id":94, + "isNew":true, + "legend":{ + "alignAsTable":false, + "avg":false, + "current":false, + "hideEmpty":false, + "hideZero":false, + "max":false, + "min":false, + "rightSide":false, + "show":false, + "sideWidth":null, + "sort":"current", + "sortDesc":true, + "total":false, + "values":true + }, + "lines":true, + "linewidth":2, + "links":[ + + ], + "nullPointMode":"connected", + "percentage":false, + "pointradius":5, + "points":false, + "renderer":"flot", + "seriesOverrides":[ + + ], + "spaceLength":10, + "stack":false, + "steppedLine":true, + "targets":[ + { + "expr":"sum (rate (container_cpu_usage_seconds_total{namespace=\"$namespace\"}[10m])) by (namespace)\n", + "format":"time_series", + "hide":false, + "instant":false, + "interval":"10s", + "intervalFactor":1, + "legendFormat":"cpu utilization", + "metric":"container_cpu", + "refId":"A", + "step":10 + } + ], + "thresholds":[ + + ], + "timeFrom":"", + "timeShift":null, + "title":"Overall CPU Utilization", + "tooltip":{ + "msResolution":true, + "shared":true, + "sort":2, + "value_type":"cumulative" + }, + "type":"graph", + "xaxis":{ + "buckets":null, + "mode":"time", + "name":null, + "show":true, + "values":[ + + ] + }, + "yaxes":[ + { + "decimals":null, + "format":"percent", + "label":"", + "logBase":1, + "max":"110", + "min":"0", + "show":true + }, + { + "format":"short", + "label":null, + "logBase":1, + "max":null, + "min":null, + "show":false + } + ], + "yaxis":{ + "align":false, + "alignLevel":null + } + }, + { + "aliasColors":{ + + }, + "bars":false, + "dashLength":10, + "dashes":false, + "datasource":"default-kubecost", + "decimals":2, + "description":"This panel shows historical utilization as an average across all pods in this namespace. It only accounts for currently deployed pods", + "editable":true, + "error":false, + "fill":0, + "grid":{ + + }, + "gridPos":{ + "h":6, + "w":12, + "x":12, + "y":18 + }, + "id":92, + "isNew":true, + "legend":{ + "alignAsTable":false, + "avg":false, + "current":false, + "max":false, + "min":false, + "rightSide":false, + "show":false, + "sideWidth":200, + "sort":"current", + "sortDesc":true, + "total":false, + "values":true + }, + "lines":true, + "linewidth":2, + "links":[ + + ], + "nullPointMode":"connected", + "percentage":false, + "pointradius":5, + "points":false, + "renderer":"flot", + "seriesOverrides":[ + + ], + "spaceLength":10, + "stack":false, + "steppedLine":true, + "targets":[ + { + "expr":"sum (container_memory_working_set_bytes{namespace=\"$namespace\"})\n/\nsum(node_memory_MemTotal_bytes)", + "format":"time_series", + "instant":false, + "intervalFactor":1, + "legendFormat":"mem utilization", + "refId":"B" + } + ], + "thresholds":[ + + ], + "timeFrom":"", + "timeShift":null, + "title":"Overall RAM Utilization", + "tooltip":{ + "msResolution":false, + "shared":true, + "sort":2, + "value_type":"cumulative" + }, + "type":"graph", + "xaxis":{ + "buckets":null, + "mode":"time", + "name":null, + "show":true, + "values":[ + + ] + }, + "yaxes":[ + { + "decimals":null, + "format":"percent", + "label":null, + "logBase":1, + "max":"110", + "min":"0", + "show":true + }, + { + "format":"short", + "label":null, + "logBase":1, + "max":null, + "min":null, + "show":false + } + ], + "yaxis":{ + "align":false, + "alignLevel":null + } + }, + { + "aliasColors":{ + + }, + "bars":false, + "dashLength":10, + "dashes":false, + "datasource":"default-kubecost", + "decimals":2, + "description":"Traffic in and out of this namespace, as a sum of the pods within it", + "editable":true, + "error":false, + "fill":1, + "grid":{ + + }, + "gridPos":{ + "h":6, + "w":12, + "x":0, + "y":24 + }, + "height":"", + "id":96, + "isNew":true, + "legend":{ + "alignAsTable":false, + "avg":true, + "current":true, + "hideEmpty":false, + "hideZero":false, + "max":false, + "min":false, + "rightSide":false, + "show":true, + "sideWidth":null, + "sort":"current", + "sortDesc":true, + "total":false, + "values":true + }, + "lines":true, + "linewidth":2, + "links":[ + + ], + "nullPointMode":"connected", + "percentage":false, + "pointradius":5, + "points":false, + "renderer":"flot", + "seriesOverrides":[ + + ], + "spaceLength":10, + "stack":false, + "steppedLine":false, + "targets":[ + { + "expr":"sum (rate (container_network_receive_bytes_total{namespace=\"$namespace\"}[10m])) by (namespace)", + "format":"time_series", + "hide":false, + "instant":false, + "interval":"", + "intervalFactor":1, + "legendFormat":"<- in", + "metric":"container_cpu", + "refId":"A", + "step":10 + }, + { + "expr":"- sum (rate (container_network_transmit_bytes_total{namespace=\"$namespace\"}[10m])) by (namespace)", + "format":"time_series", + "hide":false, + "instant":false, + "interval":"", + "intervalFactor":1, + "legendFormat":"-> out", + "refId":"B" + } + ], + "thresholds":[ + + ], + "timeFrom":"", + "timeShift":null, + "title":"Network IO", + "tooltip":{ + "msResolution":true, + "shared":true, + "sort":2, + "value_type":"cumulative" + }, + "type":"graph", + "xaxis":{ + "buckets":null, + "mode":"time", + "name":null, + "show":true, + "values":[ + + ] + }, + "yaxes":[ + { + "format":"Bps", + "label":"", + "logBase":1, + "max":null, + "min":null, + "show":true + }, + { + "format":"short", + "label":null, + "logBase":1, + "max":null, + "min":null, + "show":false + } + ], + "yaxis":{ + "align":false, + "alignLevel":null + } + }, + { + "aliasColors":{ + + }, + "bars":false, + "dashLength":10, + "dashes":false, + "datasource":"default-kubecost", + "decimals":2, + "description":"Disk reads and writes for the namespace, as a sum of the pods within it", + "editable":true, + "error":false, + "fill":1, + "grid":{ + + }, + "gridPos":{ + "h":6, + "w":12, + "x":12, + "y":24 + }, + "height":"", + "id":98, + "isNew":true, + "legend":{ + "alignAsTable":false, + "avg":true, + "current":true, + "hideEmpty":false, + "hideZero":false, + "max":false, + "min":false, + "rightSide":false, + "show":true, + "sideWidth":null, + "sort":"current", + "sortDesc":true, + "total":false, + "values":true + }, + "lines":true, + "linewidth":2, + "links":[ + + ], + "nullPointMode":"connected", + "percentage":false, + "pointradius":5, + "points":false, + "renderer":"flot", + "seriesOverrides":[ + + ], + "spaceLength":10, + "stack":false, + "steppedLine":false, + "targets":[ + { + "expr":"sum (rate (container_fs_writes_bytes_total{namespace=\"$namespace\"}[10m])) by (namespace)", + "format":"time_series", + "hide":false, + "instant":false, + "interval":"", + "intervalFactor":1, + "legendFormat":"<- write", + "metric":"container_cpu", + "refId":"A", + "step":10 + }, + { + "expr":"- sum (rate (container_fs_reads_bytes_total{namespace=\"$namespace\"}[10m])) by (namespace)", + "format":"time_series", + "hide":false, + "instant":false, + "interval":"", + "intervalFactor":1, + "legendFormat":"-> read", + "refId":"B" + } + ], + "thresholds":[ + + ], + "timeFrom":"", + "timeShift":null, + "title":"Disk IO", + "tooltip":{ + "msResolution":true, + "shared":true, + "sort":2, + "value_type":"cumulative" + }, + "type":"graph", + "xaxis":{ + "buckets":null, + "mode":"time", + "name":null, + "show":true, + "values":[ + + ] + }, + "yaxes":[ + { + "format":"Bps", + "label":"", + "logBase":1, + "max":null, + "min":null, + "show":true + }, + { + "format":"short", + "label":null, + "logBase":1, + "max":null, + "min":null, + "show":false + } + ], + "yaxis":{ + "align":false, + "alignLevel":null + } + } + ], + "refresh":"10s", + "schemaVersion":16, + "style":"dark", + "tags":[ + "cost", + "utilization", + "metrics" + ], + "templating":{ + "list":[ + { + "current":{ + "text":"23.06", + "value":"23.06" + }, + "hide":0, + "label":"CPU", + "name":"costcpu", + "options":[ + { + "text":"23.06", + "value":"23.06" + } + ], + "query":"23.06", + "skipUrlSync":false, + "type":"constant" + }, + { + "current":{ + "text":"7.28", + "value":"7.28" + }, + "hide":0, + "label":"PE CPU", + "name":"costpcpu", + "options":[ + { + "text":"7.28", + "value":"7.28" + } + ], + "query":"7.28", + "skipUrlSync":false, + "type":"constant" + }, + { + "current":{ + "text":"3.25", + "value":"3.25" + }, + "hide":0, + "label":"RAM", + "name":"costram", + "options":[ + { + "text":"3.25", + "value":"3.25" + } + ], + "query":"3.25", + "skipUrlSync":false, + "type":"constant" + }, + { + "current":{ + "text":"0.6862", + "value":"0.6862" + }, + "hide":0, + "label":"PE RAM", + "name":"costpram", + "options":[ + { + "text":"0.6862", + "value":"0.6862" + } + ], + "query":"0.6862", + "skipUrlSync":false, + "type":"constant" + }, + { + "current":{ + "text":"0.04", + "value":"0.04" + }, + "hide":0, + "label":"Storage", + "name":"costStorageStandard", + "options":[ + { + "text":"0.04", + "value":"0.04" + } + ], + "query":"0.04", + "skipUrlSync":false, + "type":"constant" + }, + { + "current":{ + "text":".17", + "value":".17" + }, + "hide":0, + "label":"SSD", + "name":"costStorageSSD", + "options":[ + { + "text":".17", + "value":".17" + } + ], + "query":".17", + "skipUrlSync":false, + "type":"constant" + }, + { + "current":{ + "text":"30", + "value":"30" + }, + "hide":0, + "label":"Disc.", + "name":"costDiscount", + "options":[ + { + "text":"30", + "value":"30" + } + ], + "query":"30", + "skipUrlSync":false, + "type":"constant" + }, + { + "allValue":null, + "current":{ + "text":"kube-system", + "value":"kube-system" + }, + "datasource":"default-kubecost", + "hide":0, + "includeAll":false, + "label":"NS", + "multi":false, + "name":"namespace", + "options":[ + + ], + "query":"query_result(sum(kube_namespace_created{namespace!=\"\"}) by (namespace))", + "refresh":1, + "regex":"/namespace=\\\"(.*?)(\\\")/", + "skipUrlSync":false, + "sort":0, + "tagValuesQuery":"", + "tags":[ + + ], + "tagsQuery":"", + "type":"query", + "useTags":false + }, + { + "datasource":"default-kubecost", + "filters":[ + + ], + "hide":0, + "label":"", + "name":"Filters", + "skipUrlSync":false, + "type":"adhoc" + } + ] + }, + "time":{ + "from":"now-15m", + "to":"now" + }, + "timepicker":{ + "hidden":false, + "refresh_intervals":[ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options":[ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone":"browser", + "title":"Namespace utilization metrics", + "uid":"at-cost-analysis-namespace2", + "version":1 +} diff --git a/charts/kubecost/cost-analyzer/1.70.000/node-utilization.json b/charts/kubecost/cost-analyzer/1.70.000/node-utilization.json new file mode 100644 index 000000000..ce751c199 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/node-utilization.json @@ -0,0 +1,1370 @@ +{ + "annotations":{ + "list":[ + { + "builtIn":1, + "datasource":"-- Grafana --", + "enable":true, + "hide":true, + "iconColor":"rgba(0, 211, 255, 1)", + "name":"Annotations & Alerts", + "type":"dashboard" + } + ] + }, + "editable":true, + "gnetId":null, + "graphTooltip":0, + "id":6, + "iteration":1557245882378, + "links":[ + + ], + "panels":[ + { + "cacheTimeout":null, + "colorBackground":false, + "colorValue":false, + "colors":[ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource":"default-kubecost", + "format":"percentunit", + "gauge":{ + "maxValue":100, + "minValue":0, + "show":true, + "thresholdLabels":false, + "thresholdMarkers":true + }, + "gridPos":{ + "h":7, + "w":8, + "x":0, + "y":0 + }, + "id":2, + "interval":null, + "links":[ + + ], + "mappingType":1, + "mappingTypes":[ + { + "name":"value to text", + "value":1 + }, + { + "name":"range to text", + "value":2 + } + ], + "maxDataPoints":100, + "nullPointMode":"connected", + "nullText":null, + "postfix":"", + "postfixFontSize":"50%", + "prefix":"", + "prefixFontSize":"50%", + "rangeMaps":[ + { + "from":"null", + "text":"N/A", + "to":"null" + } + ], + "sparkline":{ + "fillColor":"rgba(31, 118, 189, 0.18)", + "full":false, + "lineColor":"rgb(31, 120, 193)", + "show":false + }, + "tableColumn":"", + "targets":[ + { + "expr":"sum(irate(container_cpu_usage_seconds_total{id=\"/\",instance=\"$node\"}[10m]))", + "format":"time_series", + "intervalFactor":1, + "refId":"A" + } + ], + "thresholds":"", + "title":"CPU Usage", + "type":"singlestat", + "valueFontSize":"80%", + "valueMaps":[ + { + "op":"=", + "text":"N/A", + "value":"null" + } + ], + "valueName":"avg" + }, + { + "cacheTimeout":null, + "colorBackground":false, + "colorValue":false, + "colors":[ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource":"default-kubecost", + "format":"percentunit", + "gauge":{ + "maxValue":100, + "minValue":0, + "show":true, + "thresholdLabels":false, + "thresholdMarkers":true + }, + "gridPos":{ + "h":7, + "w":8, + "x":8, + "y":0 + }, + "id":3, + "interval":null, + "links":[ + + ], + "mappingType":1, + "mappingTypes":[ + { + "name":"value to text", + "value":1 + }, + { + "name":"range to text", + "value":2 + } + ], + "maxDataPoints":100, + "nullPointMode":"connected", + "nullText":null, + "postfix":"", + "postfixFontSize":"50%", + "prefix":"", + "prefixFontSize":"50%", + "rangeMaps":[ + { + "from":"null", + "text":"N/A", + "to":"null" + } + ], + "sparkline":{ + "fillColor":"rgba(31, 118, 189, 0.18)", + "full":false, + "lineColor":"rgb(31, 120, 193)", + "show":false + }, + "tableColumn":"", + "targets":[ + { + "expr":"SUM(container_memory_usage_bytes{namespace!=\"\",instance=\"$node\"}) / SUM(kube_node_status_capacity_memory_bytes{node=\"$node\"})", + "format":"time_series", + "intervalFactor":1, + "refId":"A" + } + ], + "thresholds":"", + "title":"Memory Usage", + "type":"singlestat", + "valueFontSize":"80%", + "valueMaps":[ + { + "op":"=", + "text":"N/A", + "value":"null" + } + ], + "valueName":"avg" + }, + { + "cacheTimeout":null, + "colorBackground":false, + "colorValue":false, + "colors":[ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource":"default-kubecost", + "format":"percentunit", + "gauge":{ + "maxValue":100, + "minValue":0, + "show":true, + "thresholdLabels":false, + "thresholdMarkers":true + }, + "gridPos":{ + "h":7, + "w":8, + "x":16, + "y":0 + }, + "id":4, + "interval":null, + "links":[ + + ], + "mappingType":1, + "mappingTypes":[ + { + "name":"value to text", + "value":1 + }, + { + "name":"range to text", + "value":2 + } + ], + "maxDataPoints":100, + "nullPointMode":"connected", + "nullText":null, + "postfix":"", + "postfixFontSize":"50%", + "prefix":"", + "prefixFontSize":"50%", + "rangeMaps":[ + { + "from":"null", + "text":"N/A", + "to":"null" + } + ], + "sparkline":{ + "fillColor":"rgba(31, 118, 189, 0.18)", + "full":false, + "lineColor":"rgb(31, 120, 193)", + "show":false + }, + "tableColumn":"", + "targets":[ + { + "expr":"sum(container_fs_usage_bytes{device=~\"^/dev/[sv]d[a-z][1-9]$\",id=\"/\",instance=\"$node\"}) /\nsum(container_fs_limit_bytes{device=~\"^/dev/[sv]d[a-z][1-9]$\",id=\"/\",instance=\"$node\"})", + "format":"time_series", + "intervalFactor":1, + "refId":"A" + } + ], + "thresholds":"", + "title":"Storage Usage", + "type":"singlestat", + "valueFontSize":"80%", + "valueMaps":[ + { + "op":"=", + "text":"N/A", + "value":"null" + } + ], + "valueName":"avg" + }, + { + "columns":[ + { + "text":"Avg", + "value":"avg" + } + ], + "datasource":"default-kubecost", + "fontSize":"100%", + "gridPos":{ + "h":8, + "w":16, + "x":0, + "y":7 + }, + "hideTimeOverride":true, + "id":21, + "links":[ + + ], + "pageSize":8, + "repeat":null, + "repeatDirection":"v", + "scroll":true, + "showHeader":true, + "sort":{ + "col":4, + "desc":true + }, + "styles":[ + { + "alias":"Pod", + "colorMode":null, + "colors":[ + "rgba(245, 54, 54, 0.9)", + "rgba(50, 172, 45, 0.97)", + "#c15c17" + ], + "dateFormat":"YYYY-MM-DD HH:mm:ss", + "decimals":2, + "link":false, + "linkTooltip":"", + "linkUrl":"", + "pattern":"pod_name", + "thresholds":[ + "30", + "80" + ], + "type":"string", + "unit":"currencyUSD" + }, + { + "alias":"", + "colorMode":null, + "colors":[ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat":"YYYY-MM-DD HH:mm:ss", + "decimals":2, + "mappingType":1, + "pattern":"Time", + "thresholds":[ + + ], + "type":"hidden", + "unit":"short" + }, + { + "alias":"CPU Usage", + "colorMode":null, + "colors":[ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat":"YYYY-MM-DD HH:mm:ss", + "decimals":2, + "mappingType":1, + "pattern":"Value #C", + "thresholds":[ + + ], + "type":"number", + "unit":"short" + }, + { + "alias":"CPU Request", + "colorMode":null, + "colors":[ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat":"YYYY-MM-DD HH:mm:ss", + "decimals":2, + "mappingType":1, + "pattern":"Value #A", + "thresholds":[ + + ], + "type":"number", + "unit":"short" + }, + { + "alias":"CPU Limit", + "colorMode":null, + "colors":[ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat":"YYYY-MM-DD HH:mm:ss", + "decimals":2, + "mappingType":1, + "pattern":"Value #B", + "thresholds":[ + + ], + "type":"number", + "unit":"short" + }, + { + "alias":"Mem Usage", + "colorMode":null, + "colors":[ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat":"YYYY-MM-DD HH:mm:ss", + "decimals":2, + "mappingType":1, + "pattern":"Value #D", + "thresholds":[ + + ], + "type":"number", + "unit":"bytes" + }, + { + "alias":"Mem Request", + "colorMode":null, + "colors":[ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat":"YYYY-MM-DD HH:mm:ss", + "decimals":2, + "mappingType":1, + "pattern":"Value #E", + "thresholds":[ + + ], + "type":"number", + "unit":"bytes" + }, + { + "alias":"Mem Limit", + "colorMode":null, + "colors":[ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat":"YYYY-MM-DD HH:mm:ss", + "decimals":2, + "mappingType":1, + "pattern":"Value #F", + "thresholds":[ + + ], + "type":"number", + "unit":"bytes" + } + ], + "targets":[ + { + "expr":"sum(rate(container_cpu_usage_seconds_total{container_name!=\"\",container_name!=\"POD\",pod_name!=\"\",instance=\"$node\"}[24h])) by (pod_name)", + "format":"table", + "instant":true, + "intervalFactor":1, + "refId":"C" + }, + { + "expr":"sum(label_replace(\nsum(avg_over_time(kube_pod_container_resource_requests_cpu_cores{container!=\"\",container!=\"POD\",node=\"$node\"}[24h])) by (pod), \n\"pod_name\",\"$1\",\"pod\",\"(.+)\")\nor up * 0\n) by (pod_name)", + "format":"table", + "instant":true, + "intervalFactor":1, + "refId":"A" + }, + { + "expr":"sum(avg_over_time(container_memory_usage_bytes{container_name!=\"\",container_name!=\"POD\",pod_name!=\"\",instance=\"$node\"}[24h])) by (pod_name)\n", + "format":"table", + "instant":true, + "intervalFactor":1, + "refId":"D" + }, + { + "expr":"sum(label_replace(label_replace(\nsum(avg_over_time(kube_pod_container_resource_requests_memory_bytes{container!=\"\",container!=\"POD\",node=\"$node\"}[24h])) by (pod),\n\"container_name\",\"$1\",\"container\",\"(.+)\"), \"pod_name\",\"$1\",\"pod\",\"(.+)\")\nor up * 0\n) by (pod_name)\n", + "format":"table", + "instant":true, + "intervalFactor":1, + "refId":"E" + } + ], + "timeFrom":"1M", + "timeShift":null, + "title":"Current pods", + "transform":"table", + "transparent":false, + "type":"table" + }, + { + "cacheTimeout":null, + "colorBackground":false, + "colorValue":false, + "colors":[ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource":"default-kubecost", + "decimals":0, + "format":"none", + "gauge":{ + "maxValue":100, + "minValue":0, + "show":false, + "thresholdLabels":false, + "thresholdMarkers":true + }, + "gridPos":{ + "h":4, + "w":4, + "x":16, + "y":7 + }, + "id":8, + "interval":null, + "links":[ + + ], + "mappingType":1, + "mappingTypes":[ + { + "name":"value to text", + "value":1 + }, + { + "name":"range to text", + "value":2 + } + ], + "maxDataPoints":100, + "nullPointMode":"connected", + "nullText":null, + "postfix":"", + "postfixFontSize":"50%", + "prefix":"", + "prefixFontSize":"50%", + "rangeMaps":[ + { + "from":"null", + "text":"N/A", + "to":"null" + } + ], + "sparkline":{ + "fillColor":"rgba(31, 118, 189, 0.18)", + "full":false, + "lineColor":"rgb(31, 120, 193)", + "show":false + }, + "tableColumn":"", + "targets":[ + { + "expr":"sum(\n count(avg_over_time(kube_pod_container_resource_requests_cpu_cores{container!=\"\",container!=\"POD\",node=\"$node\"}[24h])) by (pod)\n * on (pod) group_right()\n sum(kube_pod_container_status_running) by (pod)\n)", + "format":"time_series", + "instant":true, + "intervalFactor":1, + "refId":"A" + } + ], + "thresholds":"", + "title":"Pods Running", + "type":"singlestat", + "valueFontSize":"80%", + "valueMaps":[ + { + "op":"=", + "text":"N/A", + "value":"null" + } + ], + "valueName":"current" + }, + { + "cacheTimeout":null, + "colorBackground":false, + "colorValue":false, + "colors":[ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource":"default-kubecost", + "format":"bytes", + "gauge":{ + "maxValue":100, + "minValue":0, + "show":false, + "thresholdLabels":false, + "thresholdMarkers":true + }, + "gridPos":{ + "h":4, + "w":4, + "x":20, + "y":7 + }, + "id":18, + "interval":null, + "links":[ + + ], + "mappingType":1, + "mappingTypes":[ + { + "name":"value to text", + "value":1 + }, + { + "name":"range to text", + "value":2 + } + ], + "maxDataPoints":100, + "nullPointMode":"connected", + "nullText":null, + "postfix":"", + "postfixFontSize":"50%", + "prefix":"", + "prefixFontSize":"50%", + "rangeMaps":[ + { + "from":"null", + "text":"N/A", + "to":"null" + } + ], + "sparkline":{ + "fillColor":"rgba(31, 118, 189, 0.18)", + "full":false, + "lineColor":"rgb(31, 120, 193)", + "show":false + }, + "tableColumn":"", + "targets":[ + { + "expr":"sum(container_fs_limit_bytes{device=~\"^/dev/[sv]d[a-z][1-9]$\",id=\"/\",instance=\"$node\"})", + "format":"time_series", + "intervalFactor":1, + "refId":"A" + } + ], + "thresholds":"", + "title":"Storage Capacity", + "type":"singlestat", + "valueFontSize":"80%", + "valueMaps":[ + { + "op":"=", + "text":"N/A", + "value":"null" + } + ], + "valueName":"current" + }, + { + "cacheTimeout":null, + "colorBackground":false, + "colorValue":false, + "colors":[ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource":"default-kubecost", + "format":"none", + "gauge":{ + "maxValue":100, + "minValue":0, + "show":false, + "thresholdLabels":false, + "thresholdMarkers":true + }, + "gridPos":{ + "h":4, + "w":4, + "x":16, + "y":11 + }, + "id":9, + "interval":null, + "links":[ + + ], + "mappingType":1, + "mappingTypes":[ + { + "name":"value to text", + "value":1 + }, + { + "name":"range to text", + "value":2 + } + ], + "maxDataPoints":100, + "nullPointMode":"connected", + "nullText":null, + "postfix":"", + "postfixFontSize":"50%", + "prefix":"", + "prefixFontSize":"50%", + "rangeMaps":[ + { + "from":"null", + "text":"N/A", + "to":"null" + } + ], + "sparkline":{ + "fillColor":"rgba(31, 118, 189, 0.18)", + "full":false, + "lineColor":"rgb(31, 120, 193)", + "show":false + }, + "tableColumn":"", + "targets":[ + { + "expr":"kube_node_status_capacity_cpu_cores{node=\"$node\"}", + "format":"time_series", + "intervalFactor":1, + "refId":"A" + } + ], + "thresholds":"", + "title":"CPU Capacity", + "type":"singlestat", + "valueFontSize":"80%", + "valueMaps":[ + { + "op":"=", + "text":"N/A", + "value":"null" + } + ], + "valueName":"avg" + }, + { + "cacheTimeout":null, + "colorBackground":false, + "colorValue":false, + "colors":[ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource":"default-kubecost", + "format":"bytes", + "gauge":{ + "maxValue":100, + "minValue":0, + "show":false, + "thresholdLabels":false, + "thresholdMarkers":true + }, + "gridPos":{ + "h":4, + "w":4, + "x":20, + "y":11 + }, + "id":19, + "interval":null, + "links":[ + + ], + "mappingType":1, + "mappingTypes":[ + { + "name":"value to text", + "value":1 + }, + { + "name":"range to text", + "value":2 + } + ], + "maxDataPoints":100, + "nullPointMode":"connected", + "nullText":null, + "postfix":"", + "postfixFontSize":"50%", + "prefix":"", + "prefixFontSize":"50%", + "rangeMaps":[ + { + "from":"null", + "text":"N/A", + "to":"null" + } + ], + "sparkline":{ + "fillColor":"rgba(31, 118, 189, 0.18)", + "full":false, + "lineColor":"rgb(31, 120, 193)", + "show":false + }, + "tableColumn":"", + "targets":[ + { + "expr":"kube_node_status_capacity_memory_bytes{node=\"$node\"}", + "format":"time_series", + "intervalFactor":1, + "refId":"A" + } + ], + "thresholds":"", + "title":"RAM Capacity", + "type":"singlestat", + "valueFontSize":"80%", + "valueMaps":[ + { + "op":"=", + "text":"N/A", + "value":"null" + } + ], + "valueName":"current" + }, + { + "aliasColors":{ + + }, + "bars":false, + "dashLength":10, + "dashes":false, + "datasource":"default-kubecost", + "decimals":3, + "description":"This panel shows historical utilization for the node.", + "editable":true, + "error":false, + "fill":0, + "grid":{ + + }, + "gridPos":{ + "h":6, + "w":12, + "x":0, + "y":15 + }, + "height":"", + "id":11, + "isNew":true, + "legend":{ + "alignAsTable":false, + "avg":false, + "current":false, + "hideEmpty":false, + "hideZero":false, + "max":false, + "min":false, + "rightSide":false, + "show":false, + "sideWidth":null, + "sort":"current", + "sortDesc":true, + "total":false, + "values":true + }, + "lines":true, + "linewidth":2, + "links":[ + + ], + "nullPointMode":"connected", + "percentage":false, + "pointradius":5, + "points":false, + "renderer":"flot", + "seriesOverrides":[ + + ], + "spaceLength":10, + "stack":false, + "steppedLine":true, + "targets":[ + { + "expr":"sum(irate(container_cpu_usage_seconds_total{id=\"/\",instance=\"$node\"}[10m]))", + "format":"time_series", + "hide":false, + "instant":false, + "interval":"10s", + "intervalFactor":1, + "legendFormat":"cpu utilization", + "metric":"container_cpu", + "refId":"A", + "step":10 + } + ], + "thresholds":[ + + ], + "timeFrom":"", + "timeShift":null, + "title":"CPU Utilization", + "tooltip":{ + "msResolution":true, + "shared":true, + "sort":2, + "value_type":"cumulative" + }, + "type":"graph", + "xaxis":{ + "buckets":null, + "mode":"time", + "name":null, + "show":true, + "values":[ + + ] + }, + "yaxes":[ + { + "decimals":null, + "format":"percentunit", + "label":"", + "logBase":1, + "max":"1.1", + "min":"0", + "show":true + }, + { + "format":"short", + "label":null, + "logBase":1, + "max":null, + "min":null, + "show":false + } + ], + "yaxis":{ + "align":false, + "alignLevel":null + } + }, + { + "aliasColors":{ + + }, + "bars":false, + "dashLength":10, + "dashes":false, + "datasource":"default-kubecost", + "decimals":2, + "description":"This panel shows historical utilization for the node.", + "editable":true, + "error":false, + "fill":0, + "grid":{ + + }, + "gridPos":{ + "h":6, + "w":12, + "x":12, + "y":15 + }, + "id":13, + "isNew":true, + "legend":{ + "alignAsTable":false, + "avg":false, + "current":false, + "max":false, + "min":false, + "rightSide":false, + "show":false, + "sideWidth":200, + "sort":"current", + "sortDesc":true, + "total":false, + "values":true + }, + "lines":true, + "linewidth":2, + "links":[ + + ], + "nullPointMode":"connected", + "percentage":false, + "pointradius":5, + "points":false, + "renderer":"flot", + "seriesOverrides":[ + + ], + "spaceLength":10, + "stack":false, + "steppedLine":true, + "targets":[ + { + "expr":"SUM(container_memory_usage_bytes{namespace!=\"\",instance=\"$node\"}) / SUM(kube_node_status_capacity_memory_bytes{node=\"$node\"})", + "format":"time_series", + "instant":false, + "interval":"10s", + "intervalFactor":1, + "legendFormat":"ram utilization", + "metric":"container_memory_usage:sort_desc", + "refId":"A", + "step":10 + } + ], + "thresholds":[ + + ], + "timeFrom":"", + "timeShift":null, + "title":"RAM Utilization", + "tooltip":{ + "msResolution":false, + "shared":true, + "sort":2, + "value_type":"cumulative" + }, + "type":"graph", + "xaxis":{ + "buckets":null, + "mode":"time", + "name":null, + "show":true, + "values":[ + + ] + }, + "yaxes":[ + { + "decimals":null, + "format":"percentunit", + "label":null, + "logBase":1, + "max":"1.1", + "min":"0", + "show":true + }, + { + "format":"short", + "label":null, + "logBase":1, + "max":null, + "min":null, + "show":false + } + ], + "yaxis":{ + "align":false, + "alignLevel":null + } + }, + { + "aliasColors":{ + + }, + "bars":false, + "dashLength":10, + "dashes":false, + "datasource":"default-kubecost", + "decimals":2, + "description":"Traffic in and out of this namespace, as a sum of the pods within it", + "editable":true, + "error":false, + "fill":1, + "grid":{ + + }, + "gridPos":{ + "h":6, + "w":12, + "x":0, + "y":21 + }, + "height":"", + "id":15, + "isNew":true, + "legend":{ + "alignAsTable":false, + "avg":true, + "current":true, + "hideEmpty":false, + "hideZero":false, + "max":false, + "min":false, + "rightSide":false, + "show":true, + "sideWidth":null, + "sort":"current", + "sortDesc":true, + "total":false, + "values":true + }, + "lines":true, + "linewidth":2, + "links":[ + + ], + "nullPointMode":"connected", + "percentage":false, + "pointradius":5, + "points":false, + "renderer":"flot", + "seriesOverrides":[ + + ], + "spaceLength":10, + "stack":false, + "steppedLine":false, + "targets":[ + { + "expr":"sum (rate (container_network_receive_bytes_total{instance=\"$node\"}[10m]))", + "format":"time_series", + "hide":false, + "instant":false, + "interval":"", + "intervalFactor":1, + "legendFormat":"<- in", + "metric":"container_cpu", + "refId":"A", + "step":10 + }, + { + "expr":"- sum (rate (container_network_transmit_bytes_total{instance=\"$node\"}[10m]))", + "format":"time_series", + "hide":false, + "instant":false, + "interval":"", + "intervalFactor":1, + "legendFormat":"-> out", + "refId":"B" + } + ], + "thresholds":[ + + ], + "timeFrom":"", + "timeShift":null, + "title":"Network IO", + "tooltip":{ + "msResolution":true, + "shared":true, + "sort":2, + "value_type":"cumulative" + }, + "type":"graph", + "xaxis":{ + "buckets":null, + "mode":"time", + "name":null, + "show":true, + "values":[ + + ] + }, + "yaxes":[ + { + "format":"Bps", + "label":"", + "logBase":1, + "max":null, + "min":null, + "show":true + }, + { + "format":"short", + "label":null, + "logBase":1, + "max":null, + "min":null, + "show":false + } + ], + "yaxis":{ + "align":false, + "alignLevel":null + } + }, + { + "aliasColors":{ + + }, + "bars":false, + "dashLength":10, + "dashes":false, + "datasource":"default-kubecost", + "decimals":2, + "description":"Disk reads and writes for the namespace, as a sum of the pods within it", + "editable":true, + "error":false, + "fill":1, + "grid":{ + + }, + "gridPos":{ + "h":6, + "w":12, + "x":12, + "y":21 + }, + "height":"", + "id":17, + "isNew":true, + "legend":{ + "alignAsTable":false, + "avg":true, + "current":true, + "hideEmpty":false, + "hideZero":false, + "max":false, + "min":false, + "rightSide":false, + "show":true, + "sideWidth":null, + "sort":"current", + "sortDesc":true, + "total":false, + "values":true + }, + "lines":true, + "linewidth":2, + "links":[ + + ], + "nullPointMode":"connected", + "percentage":false, + "pointradius":5, + "points":false, + "renderer":"flot", + "seriesOverrides":[ + + ], + "spaceLength":10, + "stack":false, + "steppedLine":false, + "targets":[ + { + "expr":"sum (rate (container_fs_writes_bytes_total{instance=\"$node\"}[10m]))", + "format":"time_series", + "hide":false, + "instant":false, + "interval":"", + "intervalFactor":1, + "legendFormat":"<- write", + "metric":"container_cpu", + "refId":"A", + "step":10 + }, + { + "expr":"- sum (rate (container_fs_reads_bytes_total{instance=\"$node\"}[10m]))", + "format":"time_series", + "hide":false, + "instant":false, + "interval":"", + "intervalFactor":1, + "legendFormat":"-> read", + "refId":"B" + } + ], + "thresholds":[ + + ], + "timeFrom":"", + "timeShift":null, + "title":"Disk IO", + "tooltip":{ + "msResolution":true, + "shared":true, + "sort":2, + "value_type":"cumulative" + }, + "type":"graph", + "xaxis":{ + "buckets":null, + "mode":"time", + "name":null, + "show":true, + "values":[ + + ] + }, + "yaxes":[ + { + "format":"Bps", + "label":"", + "logBase":1, + "max":null, + "min":null, + "show":true + }, + { + "format":"short", + "label":null, + "logBase":1, + "max":null, + "min":null, + "show":false + } + ], + "yaxis":{ + "align":false, + "alignLevel":null + } + } + ], + "schemaVersion":16, + "style":"dark", + "tags":[ + "cost", + "utilization", + "metrics" + ], + "templating":{ + "list":[ + { + "allValue":null, + "current":{ + "text":"ip-172-20-44-170.us-east-2.compute.internal", + "value":"ip-172-20-44-170.us-east-2.compute.internal" + }, + "datasource":"default-kubecost", + "hide":0, + "includeAll":false, + "label":null, + "multi":false, + "name":"node", + "options":[ + + ], + "query":"query_result(kube_node_labels)", + "refresh":1, + "regex":"/node=\\\"(.*?)(\\\")/", + "skipUrlSync":false, + "sort":0, + "tagValuesQuery":"", + "tags":[ + + ], + "tagsQuery":"", + "type":"query", + "useTags":false + } + ] + }, + "time":{ + "from":"now-6h", + "to":"now" + }, + "timepicker":{ + "refresh_intervals":[ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options":[ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone":"", + "title":"Node utilization metrics", + "uid":"NUQW37Lmk", + "version":1 +} diff --git a/charts/kubecost/cost-analyzer/1.70.000/pod-utilization.json b/charts/kubecost/cost-analyzer/1.70.000/pod-utilization.json new file mode 100644 index 000000000..4e0abff2d --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/pod-utilization.json @@ -0,0 +1,798 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "description": "Visualize your kubernetes costs at the pod level.", + "editable": true, + "gnetId": 9063, + "graphTooltip": 0, + "id": 4, + "iteration": 1560100821196, + "links": [], + "panels": [ + { + "columns": [ + { + "text": "Avg", + "value": "avg" + } + ], + "datasource": "default-kubecost", + "fontSize": "100%", + "gridPos": { + "h": 5, + "w": 24, + "x": 0, + "y": 0 + }, + "hideTimeOverride": true, + "id": 98, + "links": [], + "pageSize": 5, + "repeatDirection": "v", + "scroll": true, + "showHeader": true, + "sort": { + "col": 6, + "desc": true + }, + "styles": [ + { + "alias": "Container", + "colorMode": null, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(50, 172, 45, 0.97)", + "#c15c17" + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "pattern": "container_name", + "thresholds": [ + "30", + "80" + ], + "type": "string", + "unit": "currencyUSD" + }, + { + "alias": "Memory Allocation", + "colorMode": null, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "Value #B", + "thresholds": [], + "type": "number", + "unit": "bytes" + }, + { + "alias": "CPU Allocation", + "colorMode": null, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "mappingType": 1, + "pattern": "Value #A", + "thresholds": [], + "type": "number", + "unit": "none" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "mappingType": 1, + "pattern": "Time", + "thresholds": [], + "type": "hidden", + "unit": "short" + }, + { + "alias": "Memory ($/hour)", + "colorMode": null, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "mappingType": 1, + "pattern": "Value #C", + "thresholds": [], + "type": "number", + "unit": "currencyUSD" + }, + { + "alias": "Spot/PE RAM", + "colorMode": null, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "mappingType": 1, + "pattern": "Value #D", + "thresholds": [], + "type": "number", + "unit": "currencyUSD" + }, + { + "alias": "Total", + "colorMode": null, + "colors": [ + "#bf1b00", + "rgba(50, 172, 45, 0.97)", + "#ef843c" + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "mappingType": 1, + "pattern": "Value #E", + "thresholds": [ + "" + ], + "type": "number", + "unit": "currencyUSD" + } + ], + "targets": [ + { + "expr": "sum(\n avg_over_time(container_memory_allocation_bytes{namespace=\"$namespace\", pod=\"$pod\", container!=\"POD\"}[$__range])\n) by (container,node)", + "format": "table", + "instant": true, + "intervalFactor": 1, + "refId": "B" + }, + { + "expr": "sum(\n avg_over_time(container_cpu_allocation{namespace=\"$namespace\", pod=\"$pod\", container!=\"POD\"}[$__range])\n or up * 0 \n) by (container,node)", + "format": "table", + "hide": false, + "instant": true, + "interval": "", + "intervalFactor": 1, + "legendFormat": "", + "refId": "A" + } + ], + "timeFrom": "1M", + "timeShift": null, + "title": "Container cost & allocation analysis", + "transform": "table", + "transparent": false, + "type": "table" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "default-kubecost", + "decimals": 3, + "description": "This graph attempts to show you CPU use of your application vs its requests", + "editable": true, + "error": false, + "fill": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 12, + "x": 0, + "y": 5 + }, + "height": "", + "id": 94, + "isNew": true, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": false, + "hideZero": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": true, + "targets": [ + { + "expr": "avg (rate (container_cpu_usage_seconds_total{namespace=~\"$namespace\", pod_name=\"$pod\", container_name!=\"POD\",container_name!=\"\"}[10m])) by (container_name)", + "format": "time_series", + "hide": false, + "instant": false, + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{ container_name }} (usage)", + "metric": "container_cpu", + "refId": "A", + "step": 10 + }, + { + "expr": "avg(kube_pod_container_resource_requests_cpu_cores{namespace=~\"$namespace\", pod=\"$pod\", container!=\"POD\"}) by (container)", + "format": "time_series", + "instant": false, + "intervalFactor": 1, + "legendFormat": "{{ container}} (request)", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": "", + "timeShift": null, + "title": "CPU Usage vs Requested", + "tooltip": { + "msResolution": true, + "shared": true, + "sort": 2, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "none", + "label": "", + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "default-kubecost", + "decimals": 3, + "description": "This graph attempts to show you RAM use of your application vs its requests", + "editable": true, + "error": false, + "fill": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 12, + "x": 12, + "y": 5 + }, + "height": "", + "id": 96, + "isNew": true, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": false, + "hideZero": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": true, + "targets": [ + { + "expr": "avg (avg_over_time (container_memory_working_set_bytes{namespace=\"$namespace\", pod_name=\"$pod\", container_name!=\"POD\",container_name!=\"\"}[1m])) by (container_name)", + "format": "time_series", + "hide": false, + "instant": false, + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{ container_name }} (usage)", + "metric": "container_cpu", + "refId": "A", + "step": 10 + }, + { + "expr": "avg(kube_pod_container_resource_requests_memory_bytes{namespace=~\"$namespace\", pod=\"$pod\", container!=\"POD\"}) by (container)", + "format": "time_series", + "hide": false, + "instant": false, + "intervalFactor": 1, + "legendFormat": "{{ container }} (requested)", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": "", + "timeShift": null, + "title": "RAM Usage vs Requested", + "tooltip": { + "msResolution": true, + "shared": true, + "sort": 2, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "bytes", + "label": "", + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "default-kubecost", + "decimals": 2, + "description": "Traffic in and out of this pod, as a sum of its containers", + "editable": true, + "error": false, + "fill": 1, + "grid": {}, + "gridPos": { + "h": 7, + "w": 12, + "x": 0, + "y": 12 + }, + "height": "", + "id": 95, + "isNew": true, + "legend": { + "alignAsTable": false, + "avg": true, + "current": true, + "hideEmpty": false, + "hideZero": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "avg (rate (container_network_receive_bytes_total{namespace=\"$namespace\",pod_name=\"$pod\"}[10m])) by (pod_name)", + "format": "time_series", + "hide": false, + "instant": false, + "interval": "", + "intervalFactor": 1, + "legendFormat": "<- in", + "metric": "container_cpu", + "refId": "A", + "step": 10 + }, + { + "expr": "- avg (rate (container_network_transmit_bytes_total{namespace=\"$namespace\",pod_name=\"$pod\"}[10m])) by (pod_name)", + "format": "time_series", + "hide": false, + "instant": false, + "interval": "", + "intervalFactor": 1, + "legendFormat": "-> out", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": "", + "timeShift": null, + "title": "Network IO", + "tooltip": { + "msResolution": true, + "shared": true, + "sort": 2, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "Bps", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "default-kubecost", + "decimals": 2, + "description": "Disk read writes", + "editable": true, + "error": false, + "fill": 1, + "grid": {}, + "gridPos": { + "h": 7, + "w": 12, + "x": 12, + "y": 12 + }, + "height": "", + "id": 97, + "isNew": true, + "legend": { + "alignAsTable": false, + "avg": true, + "current": true, + "hideEmpty": false, + "hideZero": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "avg (rate (container_fs_writes_bytes_total{namespace=\"$namespace\",pod_name=\"$pod\"}[10m])) by (pod_name)", + "format": "time_series", + "hide": false, + "instant": false, + "interval": "", + "intervalFactor": 1, + "legendFormat": "<- write", + "metric": "container_cpu", + "refId": "A", + "step": 10 + }, + { + "expr": "- avg (rate (container_fs_reads_bytes_total{namespace=\"$namespace\",pod_name=\"$pod\"}[10m])) by (pod_name)", + "format": "time_series", + "hide": false, + "instant": false, + "interval": "", + "intervalFactor": 1, + "legendFormat": "-> read", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": "", + "timeShift": null, + "title": "Disk IO", + "tooltip": { + "msResolution": true, + "shared": true, + "sort": 2, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "Bps", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "refresh": false, + "schemaVersion": 16, + "style": "dark", + "tags": [ + "cost", + "utilization", + "metrics" + ], + "templating": { + "list": [ + { + "current": { + "text": "0.044", + "value": "0.044" + }, + "hide": 0, + "label": "Storage", + "name": "costStorageStandard", + "options": [ + { + "text": "0.044", + "value": "0.044" + } + ], + "query": "0.044", + "skipUrlSync": false, + "type": "constant" + }, + { + "current": { + "text": "0.187", + "value": "0.187" + }, + "hide": 0, + "label": "SSD", + "name": "costStorageSSD", + "options": [ + { + "text": "0.187", + "value": "0.187" + } + ], + "query": "0.187", + "skipUrlSync": false, + "type": "constant" + }, + { + "current": { + "text": "30", + "value": "30" + }, + "hide": 0, + "label": "Disc.", + "name": "costDiscount", + "options": [ + { + "text": "30", + "value": "30" + } + ], + "query": "30", + "skipUrlSync": false, + "type": "constant" + }, + { + "allValue": null, + "current": { + "selected": false, + "text": "kubecost", + "value": "kubecost" + }, + "datasource": "default-kubecost", + "hide": 0, + "includeAll": false, + "label": "NS", + "multi": false, + "name": "namespace", + "options": [], + "query": "query_result(sum(container_memory_working_set_bytes{namespace!=\"\"}) by (namespace))", + "refresh": 1, + "regex": "/namespace=\\\"(.*?)(\\\")/", + "skipUrlSync": false, + "sort": 0, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + "selected": false, + "tags": [], + "text": "kubecost-grafana-5cc9f5bf6-7kmgl", + "value": "kubecost-grafana-5cc9f5bf6-7kmgl" + }, + "datasource": "default-kubecost", + "hide": 0, + "includeAll": false, + "label": "Pod", + "multi": false, + "name": "pod", + "options": [], + "query": "query_result(sum(container_memory_working_set_bytes{namespace=\"$namespace\"}) by (pod_name))", + "refresh": 1, + "regex": "/pod_name=\\\"(.*?)(\\\")/", + "skipUrlSync": false, + "sort": 0, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-24h", + "to": "now" + }, + "timepicker": { + "hidden": false, + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "browser", + "title": "Pod cost & utilization metrics", + "uid": "at-cost-analysis-pod", + "version": 1 +} diff --git a/charts/kubecost/cost-analyzer/1.70.000/prom-benchmark.json b/charts/kubecost/cost-analyzer/1.70.000/prom-benchmark.json new file mode 100644 index 000000000..83c778bd5 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/prom-benchmark.json @@ -0,0 +1,5670 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "description": "Metrics useful for benchmarking and loadtesting Prometheus itself. Designed primarily for Prometheus 2.17.x.", + "editable": true, + "gnetId": 12054, + "graphTooltip": 1, + "id": 9, + "iteration": 1603144824023, + "links": [], + "panels": [ + { + "collapsed": false, + "datasource": "default-kubecost", + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 49, + "panels": [], + "title": "Basics", + "type": "row" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "default-kubecost", + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 1 + }, + "hiddenSeries": false, + "id": 40, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.1", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "prometheus_build_info{job=\"prometheus\",instance=\"$Prometheus:9090\"}", + "format": "time_series", + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{version}} - {{revision}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Prometheus Version", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "default-kubecost", + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 1 + }, + "hiddenSeries": false, + "id": 72, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.1", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "time() - process_start_time_seconds{job=\"prometheus\",instance=\"$Prometheus:9090\"}", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "Age", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Uptime", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "dtdurations", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "default-kubecost", + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 1 + }, + "hiddenSeries": false, + "id": 107, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.1", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "time() - prometheus_config_last_reload_success_timestamp_seconds{job=\"prometheus\",instance=\"$Prometheus:9090\"}", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "Age", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Last Successful Config Reload", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "dtdurations", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "collapsed": false, + "datasource": "default-kubecost", + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 8 + }, + "id": 46, + "panels": [], + "title": "Ingestion", + "type": "row" + }, + { + "aliasColors": { + "Chunks": "#1F78C1", + "Chunks to persist": "#508642", + "Max chunks": "#052B51", + "Max to persist": "#3F6833", + "Time series": "#70dbed" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "default-kubecost", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 9 + }, + "hiddenSeries": false, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.1", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "prometheus_tsdb_head_series{job=\"prometheus\",instance=\"$Prometheus:9090\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Time series", + "metric": "prometheus_local_storage_memory_series", + "refId": "A", + "step": 10 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Head Time series", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "Chunks": "#1F78C1", + "Chunks to persist": "#508642", + "Max chunks": "#052B51", + "Max to persist": "#3F6833" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "default-kubecost", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 9 + }, + "hiddenSeries": false, + "id": 26, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.1", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "prometheus_tsdb_head_active_appenders{job=\"prometheus\",instance=\"$Prometheus:9090\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Head Appenders", + "metric": "prometheus_local_storage_memory_series", + "refId": "A", + "step": 10 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Head Active Appenders", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "samples/s": "#e5a8e2" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "default-kubecost", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 9 + }, + "hiddenSeries": false, + "id": 1, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.1", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "rate(prometheus_tsdb_head_samples_appended_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[2m])", + "format": "time_series", + "interval": "", + "intervalFactor": 2, + "legendFormat": "samples/s", + "metric": "prometheus_local_storage_ingested_samples_total", + "refId": "A", + "step": 10 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Samples Appended/s", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": "", + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "Chunks": "#1F78C1", + "Chunks to persist": "#508642", + "Max chunks": "#052B51", + "Max to persist": "#3F6833", + "To persist": "#9AC48A" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "default-kubecost", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 16 + }, + "hiddenSeries": false, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.1", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/Max.*/", + "fill": 0 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "prometheus_tsdb_head_chunks{job=\"prometheus\",instance=\"$Prometheus:9090\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Chunks", + "metric": "prometheus_local_storage_memory_chunks", + "refId": "A", + "step": 10 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Head Chunks", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "Chunks": "#1F78C1", + "Chunks to persist": "#508642", + "Max chunks": "#052B51", + "Max to persist": "#3F6833" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "default-kubecost", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 16 + }, + "hiddenSeries": false, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.1", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "rate(prometheus_tsdb_head_chunks_created_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[2m])", + "format": "time_series", + "interval": "", + "intervalFactor": 2, + "legendFormat": "Created", + "metric": "prometheus_local_storage_chunk_ops_total", + "refId": "A", + "step": 10 + }, + { + "expr": "rate(prometheus_tsdb_head_chunks_removed_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[2m])", + "format": "time_series", + "interval": "", + "intervalFactor": 2, + "legendFormat": "Removed", + "metric": "prometheus_local_storage_chunk_ops_total", + "refId": "B", + "step": 10 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Head Chunks/s", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "Chunks": "#1F78C1", + "Chunks to persist": "#508642", + "Max chunks": "#052B51", + "Max to persist": "#3F6833", + "Removed": "#e5ac0e" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "default-kubecost", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 16 + }, + "hiddenSeries": false, + "id": 25, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.1", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "prometheus_tsdb_isolation_high_watermark{job=\"prometheus\",instance=\"$Prometheus:9090\"} - prometheus_tsdb_isolation_low_watermark{job=\"prometheus\",instance=\"$Prometheus:9090\"}", + "format": "time_series", + "interval": "", + "intervalFactor": 2, + "legendFormat": "Difference", + "metric": "prometheus_local_storage_chunk_ops_total", + "refId": "B", + "step": 10 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Isolation Watermarks", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "collapsed": false, + "datasource": "default-kubecost", + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 23 + }, + "id": 52, + "panels": [], + "title": "Compaction", + "type": "row" + }, + { + "aliasColors": { + "Chunks": "#1F78C1", + "Chunks to persist": "#508642", + "Max": "#447ebc", + "Max chunks": "#052B51", + "Max to persist": "#3F6833", + "Min": "#447ebc", + "Now": "#7eb26d" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "default-kubecost", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 24 + }, + "hiddenSeries": false, + "id": 28, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.1", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "Max", + "fillBelowTo": "Min", + "lines": false + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "prometheus_tsdb_head_min_time{job=\"prometheus\",instance=\"$Prometheus:9090\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Min", + "metric": "prometheus_local_storage_series_chunks_persisted_count", + "refId": "A", + "step": 10 + }, + { + "expr": "time() * 1000", + "format": "time_series", + "hide": false, + "intervalFactor": 2, + "legendFormat": "Now", + "refId": "C" + }, + { + "expr": "prometheus_tsdb_head_max_time{job=\"prometheus\",instance=\"$Prometheus:9090\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Max", + "metric": "prometheus_local_storage_series_chunks_persisted_count", + "refId": "B", + "step": 10 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Head Time Range", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": null, + "format": "dateTimeAsIso", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "Chunks": "#1F78C1", + "Chunks to persist": "#508642", + "Max chunks": "#052B51", + "Max to persist": "#3F6833" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "default-kubecost", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 24 + }, + "hiddenSeries": false, + "id": 29, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.1", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "rate(prometheus_tsdb_head_gc_duration_seconds_sum{job=\"prometheus\",instance=\"$Prometheus:9090\"}[2m])", + "format": "time_series", + "interval": "", + "intervalFactor": 2, + "legendFormat": "GC Time/s", + "metric": "prometheus_local_storage_series_chunks_persisted_count", + "refId": "A", + "step": 10 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Head GC Time/s", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "Chunks": "#1F78C1", + "Chunks to persist": "#508642", + "Max chunks": "#052B51", + "Max to persist": "#3F6833" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "default-kubecost", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 24 + }, + "hiddenSeries": false, + "id": 14, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.1", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "Queue length", + "yaxis": 2 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "prometheus_tsdb_blocks_loaded{job=\"prometheus\",instance=\"$Prometheus:9090\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Blocks Loaded", + "metric": "prometheus_local_storage_indexing_batch_sizes_sum", + "refId": "A", + "step": 10 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Blocks Loaded", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "Chunks": "#1F78C1", + "Chunks to persist": "#508642", + "Failed Compactions": "#bf1b00", + "Failed Reloads": "#bf1b00", + "Max chunks": "#052B51", + "Max to persist": "#3F6833" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "default-kubecost", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 31 + }, + "hiddenSeries": false, + "id": 30, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.1", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "rate(prometheus_tsdb_reloads_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[10m])", + "format": "time_series", + "interval": "", + "intervalFactor": 2, + "legendFormat": "Reloads", + "metric": "prometheus_local_storage_series_chunks_persisted_count", + "refId": "A", + "step": 10 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "TSDB Reloads/s", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "none", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "Chunks": "#1F78C1", + "Chunks to persist": "#508642", + "Failed Compactions": "#bf1b00", + "Max chunks": "#052B51", + "Max to persist": "#3F6833" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "default-kubecost", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 31 + }, + "hiddenSeries": false, + "id": 31, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.1", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "rate(prometheus_tsdb_wal_fsync_duration_seconds_sum{job=\"prometheus\",instance=\"$Prometheus:9090\"}[2m]) / rate(prometheus_tsdb_wal_fsync_duration_seconds_count{job=\"prometheus\",instance=\"$Prometheus:9090\"}[2m])", + "format": "time_series", + "interval": "", + "intervalFactor": 2, + "legendFormat": "Fsync Latency", + "metric": "prometheus_local_storage_series_chunks_persisted_count", + "refId": "A", + "step": 10 + }, + { + "expr": "rate(prometheus_tsdb_wal_truncate_duration_seconds_sum{job=\"prometheus\",instance=\"$Prometheus:9090\"}[1m]) / rate(prometheus_tsdb_wal_trunacte_duration_seconds_count{job=\"prometheus\",instance=\"$Prometheus:9090\"}[1m])", + "format": "time_series", + "interval": "", + "intervalFactor": 2, + "legendFormat": "Truncate Latency", + "metric": "prometheus_local_storage_series_chunks_persisted_count", + "refId": "B", + "step": 10 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "WAL Fsync&Truncate Latency", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "Chunks": "#1F78C1", + "Chunks to persist": "#508642", + "Failed Compactions": "#bf1b00", + "Max chunks": "#052B51", + "Max to persist": "#3F6833", + "{instance=\"demo.robustperception.io:9090\",job=\"prometheus\"}": "#bf1b00" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "default-kubecost", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 31 + }, + "hiddenSeries": false, + "id": 32, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.1", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "rate(prometheus_tsdb_wal_corruptions_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[10m])", + "format": "time_series", + "interval": "", + "intervalFactor": 2, + "legendFormat": "WAL Corruptions", + "metric": "prometheus_local_storage_series_chunks_persisted_count", + "refId": "A", + "step": 10 + }, + { + "expr": "rate(prometheus_tsdb_reloads_failures_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[10m])", + "format": "time_series", + "interval": "", + "intervalFactor": 2, + "legendFormat": "Reload Failures", + "metric": "prometheus_local_storage_series_chunks_persisted_count", + "refId": "B", + "step": 10 + }, + { + "expr": "rate(prometheus_tsdb_head_series_not_found{job=\"prometheus\",instance=\"$Prometheus:9090\"}[10m])", + "format": "time_series", + "interval": "", + "intervalFactor": 2, + "legendFormat": "Head Series Not Found", + "metric": "prometheus_local_storage_series_chunks_persisted_count", + "refId": "C", + "step": 10 + }, + { + "expr": "rate(prometheus_tsdb_compactions_failed_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[10m])", + "format": "time_series", + "interval": "", + "intervalFactor": 2, + "legendFormat": "Compaction Failures", + "metric": "prometheus_local_storage_series_chunks_persisted_count", + "refId": "D", + "step": 10 + }, + { + "expr": "rate(prometheus_tsdb_retention_cutoffs_failures_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[10m])", + "format": "time_series", + "interval": "", + "intervalFactor": 2, + "legendFormat": "Retention Cutoff Failures", + "metric": "prometheus_local_storage_series_chunks_persisted_count", + "refId": "E", + "step": 10 + }, + { + "expr": "rate(prometheus_tsdb_checkpoint_creations_failed_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[10m])", + "format": "time_series", + "interval": "", + "intervalFactor": 2, + "legendFormat": "WAL Checkpoint Creation Failures", + "metric": "prometheus_local_storage_series_chunks_persisted_count", + "refId": "F", + "step": 10 + }, + { + "expr": "rate(prometheus_tsdb_checkpoint_deletions_failed_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[10m])", + "format": "time_series", + "interval": "", + "intervalFactor": 2, + "legendFormat": "WAL Checkpoint Deletion Failures", + "metric": "prometheus_local_storage_series_chunks_persisted_count", + "refId": "G", + "step": 10 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "TSDB Problems/s", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "none", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "Chunks": "#1F78C1", + "Chunks to persist": "#508642", + "Failed Compactions": "#bf1b00", + "Max chunks": "#052B51", + "Max to persist": "#3F6833" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "default-kubecost", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 38 + }, + "hiddenSeries": false, + "id": 19, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.1", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "rate(prometheus_tsdb_compactions_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[10m])", + "format": "time_series", + "interval": "", + "intervalFactor": 2, + "legendFormat": "Compactions", + "metric": "prometheus_local_storage_series_chunks_persisted_count", + "refId": "A", + "step": 10 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Compactions/s", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "none", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "Chunks": "#1F78C1", + "Chunks to persist": "#508642", + "Max chunks": "#052B51", + "Max to persist": "#3F6833" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "default-kubecost", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 38 + }, + "hiddenSeries": false, + "id": 33, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.1", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "rate(prometheus_tsdb_compaction_duration_seconds_sum{job=\"prometheus\",instance=\"$Prometheus:9090\"}[10m])", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "metric": "prometheus_local_storage_series_chunks_persisted_count", + "refId": "A", + "step": 10 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Compaction Time/s", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "Allocated bytes": "#F9BA8F", + "Chunks": "#1F78C1", + "Chunks to persist": "#508642", + "Max chunks": "#052B51", + "Max to persist": "#3F6833", + "RSS": "#890F02" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "default-kubecost", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 38 + }, + "hiddenSeries": false, + "id": 8, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.1", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "rate(prometheus_tsdb_time_retentions_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[10m])", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Time Cutoffs", + "metric": "last", + "refId": "A", + "step": 10 + }, + { + "expr": "rate(prometheus_tsdb_size_retentions_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[10m])", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Size Cutoffs", + "metric": "last", + "refId": "B", + "step": 10 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Retention Cutoffs/s", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "none", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "Chunks": "#1F78C1", + "Chunks to persist": "#508642", + "Max chunks": "#052B51", + "Max to persist": "#3F6833" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "default-kubecost", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 45 + }, + "hiddenSeries": false, + "id": 27, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.1", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "rate(prometheus_tsdb_compaction_chunk_range_seconds_sum{job=\"prometheus\",instance=\"$Prometheus:9090\"}[10m]) / rate(prometheus_tsdb_compaction_chunk_range_seconds_count{job=\"prometheus\",instance=\"$Prometheus:9090\"}[10m])", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Chunk Time Range", + "metric": "prometheus_local_storage_series_chunks_persisted_count", + "refId": "A", + "step": 10 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "First Compaction, Avg Chunk Time Range", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": null, + "format": "dtdurationms", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "Chunks": "#1F78C1", + "Chunks to persist": "#508642", + "Max chunks": "#052B51", + "Max to persist": "#3F6833" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "default-kubecost", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 45 + }, + "hiddenSeries": false, + "id": 35, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.1", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "rate(prometheus_tsdb_compaction_chunk_size_bytes_sum{job=\"prometheus\",instance=\"$Prometheus:9090\"}[10m]) / rate(prometheus_tsdb_compaction_chunk_samples_sum{job=\"prometheus\",instance=\"$Prometheus:9090\"}[10m])", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Bytes/Sample", + "metric": "prometheus_local_storage_series_chunks_persisted_count", + "refId": "A", + "step": 10 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "First Compaction, Avg Bytes/Sample", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": null, + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "Chunks": "#1F78C1", + "Chunks to persist": "#508642", + "Max chunks": "#052B51", + "Max to persist": "#3F6833" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "default-kubecost", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 45 + }, + "hiddenSeries": false, + "id": 34, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.1", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "rate(prometheus_tsdb_compaction_chunk_samples_sum{job=\"prometheus\",instance=\"$Prometheus:9090\"}[10m]) / rate(prometheus_tsdb_compaction_chunk_samples_count{job=\"prometheus\",instance=\"$Prometheus:9090\"}[10m])", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Chunk Samples", + "metric": "prometheus_local_storage_series_chunks_persisted_count", + "refId": "A", + "step": 10 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "First Compaction, Avg Chunk Samples", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": null, + "format": "none", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "collapsed": false, + "datasource": "default-kubecost", + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 52 + }, + "id": 55, + "panels": [], + "title": "Resource Usage", + "type": "row" + }, + { + "aliasColors": { + "Allocated bytes": "#7EB26D", + "Allocated bytes - 1m max": "#BF1B00", + "Allocated bytes - 1m min": "#BF1B00", + "Allocated bytes - 5m max": "#BF1B00", + "Allocated bytes - 5m min": "#BF1B00", + "Chunks": "#1F78C1", + "Chunks to persist": "#508642", + "Max chunks": "#052B51", + "Max to persist": "#3F6833", + "RSS": "#447EBC" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "default-kubecost", + "decimals": null, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 53 + }, + "hiddenSeries": false, + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.1", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/-/", + "fill": 0 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "process_resident_memory_bytes{job=\"prometheus\",instance=\"$Prometheus:9090\"}", + "intervalFactor": 2, + "legendFormat": "RSS", + "metric": "process_resident_memory_bytes", + "refId": "B", + "step": 10 + }, + { + "expr": "prometheus_local_storage_target_heap_size_bytes{job=\"prometheus\",instance=\"$Prometheus:9090\"}", + "intervalFactor": 2, + "legendFormat": "Target heap size", + "metric": "go_memstats_alloc_bytes", + "refId": "D", + "step": 10 + }, + { + "expr": "go_memstats_next_gc_bytes{job=\"prometheus\",instance=\"$Prometheus:9090\"}", + "intervalFactor": 2, + "legendFormat": "Next GC", + "metric": "go_memstats_next_gc_bytes", + "refId": "C", + "step": 10 + }, + { + "expr": "go_memstats_alloc_bytes{job=\"prometheus\",instance=\"$Prometheus:9090\"}", + "intervalFactor": 2, + "legendFormat": "Allocated", + "metric": "go_memstats_alloc_bytes", + "refId": "A", + "step": 10 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Memory", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "Allocated bytes": "#F9BA8F", + "Chunks": "#1F78C1", + "Chunks to persist": "#508642", + "Max chunks": "#052B51", + "Max to persist": "#3F6833", + "RSS": "#890F02" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "default-kubecost", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 53 + }, + "hiddenSeries": false, + "id": 7, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.1", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "rate(go_memstats_alloc_bytes_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[2m])", + "interval": "", + "intervalFactor": 2, + "legendFormat": "Allocated Bytes/s", + "metric": "go_memstats_alloc_bytes", + "refId": "A", + "step": 10 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Allocations", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "default-kubecost", + "decimals": 2, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 53 + }, + "hiddenSeries": false, + "id": 9, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.1", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "irate(process_cpu_seconds_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[1m])", + "intervalFactor": 2, + "legendFormat": "Irate", + "metric": "prometheus_local_storage_ingested_samples_total", + "refId": "A", + "step": 10 + }, + { + "expr": "rate(process_cpu_seconds_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[5m])", + "intervalFactor": 2, + "legendFormat": "5m rate", + "metric": "prometheus_local_storage_ingested_samples_total", + "refId": "B", + "step": 10 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "CPU", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + "avg" + ] + }, + "yaxes": [ + { + "format": "none", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "default-kubecost", + "decimals": 2, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 60 + }, + "hiddenSeries": false, + "id": 70, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.1", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "prometheus_tsdb_symbol_table_size_bytes{job=\"prometheus\",instance=\"$Prometheus:9090\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "RAM Used", + "metric": "prometheus_local_storage_ingested_samples_total", + "refId": "A", + "step": 10 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Symbol Tables Size", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + "avg" + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "default-kubecost", + "decimals": 2, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 60 + }, + "hiddenSeries": false, + "id": 71, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.1", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "prometheus_tsdb_storage_blocks_bytes_total{job=\"prometheus\",instance=\"$Prometheus:9090\"} or prometheus_tsdb_storage_blocks_bytes{job=\"prometheus\",instance=\"$Prometheus:9090\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Disk Used", + "metric": "prometheus_local_storage_ingested_samples_total", + "refId": "A", + "step": 10 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Block Size", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + "avg" + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "Max": "#e24d42", + "Open": "#508642" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "default-kubecost", + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 60 + }, + "hiddenSeries": false, + "id": 41, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.1", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "process_max_fds{job=\"prometheus\",instance=\"$Prometheus:9090\"}", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "Max", + "refId": "A" + }, + { + "expr": "process_open_fds{job=\"prometheus\",instance=\"$Prometheus:9090\"}", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "Open", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "File Descriptors", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "collapsed": false, + "datasource": "default-kubecost", + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 67 + }, + "id": 91, + "panels": [], + "title": "Service Discovery", + "type": "row" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "default-kubecost", + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 68 + }, + "hiddenSeries": false, + "id": 42, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.1", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "prometheus_sd_discovered_targets{job=\"prometheus\",instance=\"$Prometheus:9090\"}", + "format": "time_series", + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{name}}-{{config}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Discovered Targets", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "default-kubecost", + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 68 + }, + "hiddenSeries": false, + "id": 96, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.1", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "rate(prometheus_sd_updates_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[5m])", + "format": "time_series", + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{name}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Sent Updates/s", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "default-kubecost", + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 68 + }, + "hiddenSeries": false, + "id": 97, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.1", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "rate(prometheus_sd_received_updates_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[5m])", + "format": "time_series", + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{name}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Received Updates/s", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "collapsed": false, + "datasource": "default-kubecost", + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 75 + }, + "id": 99, + "panels": [], + "title": "Scraping", + "type": "row" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "default-kubecost", + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 76 + }, + "hiddenSeries": false, + "id": 105, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.1", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "rate(prometheus_target_interval_length_seconds_sum{job=\"prometheus\",instance=\"$Prometheus:9090\"}[2m]) / rate(prometheus_target_interval_length_seconds_count{job=\"prometheus\",instance=\"$Prometheus:9090\"}[2m])", + "format": "time_series", + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{interval}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Scrape Interval", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "default-kubecost", + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 76 + }, + "hiddenSeries": false, + "id": 104, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.1", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "rate(prometheus_target_scrapes_exceeded_sample_limit_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[2m])", + "format": "time_series", + "interval": "", + "intervalFactor": 1, + "legendFormat": "Exceeded Sample Limit", + "refId": "A" + }, + { + "expr": "rate(prometheus_target_scrapes_sample_duplicate_timestamp_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[2m])", + "format": "time_series", + "interval": "", + "intervalFactor": 1, + "legendFormat": "Duplicate Timestamp", + "refId": "C" + }, + { + "expr": "rate(prometheus_target_scrapes_sample_out_of_bounds_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[1m])", + "format": "time_series", + "interval": "", + "intervalFactor": 1, + "legendFormat": "Out Of Bounds ", + "refId": "D" + }, + { + "expr": "rate(prometheus_target_scrapes_sample_out_of_order_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[1m])", + "format": "time_series", + "interval": "", + "intervalFactor": 1, + "legendFormat": "Out of Order", + "refId": "E" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Scrape Problems/s", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "none", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "default-kubecost", + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 76 + }, + "hiddenSeries": false, + "id": 95, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.1", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "prometheus_target_metadata_cache_bytes{job=\"prometheus\",instance=\"$Prometheus:9090\"}", + "format": "time_series", + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{scrape_job}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Metadata Cache Size", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "collapsed": false, + "datasource": "default-kubecost", + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 83 + }, + "id": 63, + "panels": [], + "title": "Query Engine", + "type": "row" + }, + { + "aliasColors": { + "Chunks": "#1F78C1", + "Chunks to persist": "#508642", + "Max chunks": "#052B51", + "Max to persist": "#3F6833" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "default-kubecost", + "description": "Time spent in each mode, per second", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 84 + }, + "hiddenSeries": false, + "id": 24, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.1", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "rate(prometheus_engine_query_duration_seconds_sum{job=\"prometheus\",}[2m])", + "format": "time_series", + "interval": "", + "intervalFactor": 2, + "legendFormat": "{{slice}}", + "metric": "prometheus_local_storage_memory_chunkdescs", + "refId": "A", + "step": 10 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Query engine timings/s", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "Chunks": "#1F78C1", + "Chunks to persist": "#508642", + "Max chunks": "#052B51", + "Max to persist": "#3F6833" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "default-kubecost", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 84 + }, + "hiddenSeries": false, + "id": 22, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.1", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "rate(prometheus_rule_group_iterations_missed_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[2m]) ", + "format": "time_series", + "interval": "", + "intervalFactor": 2, + "legendFormat": "Rule group missed", + "metric": "prometheus_local_storage_memory_chunkdescs", + "refId": "B", + "step": 10 + }, + { + "expr": "rate(prometheus_rule_evaluation_failures_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[1m])", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Rule evals failed", + "metric": "prometheus_local_storage_memory_chunkdescs", + "refId": "C", + "step": 10 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Rule group evaulation problems/s", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "Chunks": "#1F78C1", + "Chunks to persist": "#508642", + "Max chunks": "#052B51", + "Max to persist": "#3F6833" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "default-kubecost", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 84 + }, + "hiddenSeries": false, + "id": 23, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.1", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "rate(prometheus_rule_group_duration_seconds_sum{job=\"prometheus\",instance=\"$Prometheus:9090\"}[2m])", + "format": "time_series", + "interval": "", + "intervalFactor": 2, + "legendFormat": "Rule evaluation duration", + "metric": "prometheus_local_storage_memory_chunkdescs", + "refId": "A", + "step": 10 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Evaluation time of rule groups/s", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "collapsed": true, + "datasource": "default-kubecost", + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 91 + }, + "id": 77, + "panels": [ + { + "aliasColors": { + "Chunks": "#1F78C1", + "Chunks to persist": "#508642", + "Max chunks": "#052B51", + "Max to persist": "#3F6833" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "default-kubecost", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 92 + }, + "hiddenSeries": false, + "id": 86, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.1", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "rate(prometheus_notifications_sent_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[1m])", + "format": "time_series", + "interval": "", + "intervalFactor": 2, + "legendFormat": "{{alertmanager}}", + "metric": "prometheus_local_storage_memory_chunkdescs", + "refId": "A", + "step": 10 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Notification Sent/s", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "Chunks": "#1F78C1", + "Chunks to persist": "#508642", + "Max chunks": "#052B51", + "Max to persist": "#3F6833" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "default-kubecost", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 92 + }, + "hiddenSeries": false, + "id": 87, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.1", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "rate(prometheus_notifications_errors_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[2m]) / rate(prometheus_notifications_sent_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[2m])", + "format": "time_series", + "interval": "", + "intervalFactor": 2, + "legendFormat": "{{alertmanager}}", + "metric": "prometheus_local_storage_memory_chunkdescs", + "refId": "A", + "step": 10 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Notification Error Ratio", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "none", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "Chunks": "#1F78C1", + "Chunks to persist": "#508642", + "Max chunks": "#052B51", + "Max to persist": "#3F6833" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "default-kubecost", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 92 + }, + "hiddenSeries": false, + "id": 81, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.1", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "rate(prometheus_notifications_latency_seconds_sum{job=\"prometheus\",instance=\"$Prometheus:9090\"}[1m]) / rate(prometheus_notifications_latency_seconds_count{job=\"prometheus\",instance=\"$Prometheus:9090\"}[1m])", + "format": "time_series", + "interval": "", + "intervalFactor": 2, + "legendFormat": "{{alertmanager}}", + "metric": "prometheus_local_storage_memory_chunkdescs", + "refId": "A", + "step": 10 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Notification Latency", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "Chunks": "#1F78C1", + "Chunks to persist": "#508642", + "Max chunks": "#052B51", + "Max to persist": "#3F6833" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "default-kubecost", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 99 + }, + "hiddenSeries": false, + "id": 85, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.1", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "prometheus_notifications_alertmanagers_discovered{job=\"prometheus\",instance=\"$Prometheus:9090\"}", + "format": "time_series", + "interval": "", + "intervalFactor": 2, + "legendFormat": "Alertmanagers", + "metric": "prometheus_local_storage_memory_chunkdescs", + "refId": "A", + "step": 10 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Alertmanagers Discovered", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "none", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "Chunks": "#1F78C1", + "Chunks to persist": "#508642", + "Max chunks": "#052B51", + "Max to persist": "#3F6833" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "default-kubecost", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 99 + }, + "hiddenSeries": false, + "id": 89, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.1", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "rate(prometheus_notifications_dropped_total{job=\"prometheus\",instance=\"$Prometheus:9090\"}[1m])", + "format": "time_series", + "interval": "", + "intervalFactor": 2, + "legendFormat": "Dropped", + "metric": "prometheus_local_storage_memory_chunkdescs", + "refId": "A", + "step": 10 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Notifications Dropped/s", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "none", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "Chunks": "#1F78C1", + "Chunks to persist": "#508642", + "Max chunks": "#052B51", + "Max to persist": "#3F6833" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "default-kubecost", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 99 + }, + "hiddenSeries": false, + "id": 88, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.1", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "prometheus_notifications_queue_length{job=\"prometheus\",instance=\"$Prometheus:9090\"}", + "format": "time_series", + "interval": "", + "intervalFactor": 2, + "legendFormat": "Pending", + "metric": "prometheus_local_storage_memory_chunkdescs", + "refId": "A", + "step": 10 + }, + { + "expr": "prometheus_notifications_queue_capacity{job=\"prometheus\",instance=\"$Prometheus:9090\"}", + "format": "time_series", + "interval": "", + "intervalFactor": 2, + "legendFormat": "Max", + "metric": "prometheus_local_storage_memory_chunkdescs", + "refId": "B", + "step": 10 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Notification Queue", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "none", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "title": "Notification", + "type": "row" + }, + { + "collapsed": false, + "datasource": "default-kubecost", + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 92 + }, + "id": 58, + "panels": [], + "title": "HTTP Server", + "type": "row" + }, + { + "aliasColors": { + "Chunks": "#1F78C1", + "Chunks to persist": "#508642", + "Max chunks": "#052B51", + "Max to persist": "#3F6833" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "default-kubecost", + "description": "", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 93 + }, + "hiddenSeries": false, + "id": 38, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.1", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "rate(prometheus_http_request_duration_seconds_count{job=\"prometheus\",instance=\"$Prometheus:9090\"}[2m])", + "format": "time_series", + "interval": "", + "intervalFactor": 2, + "legendFormat": "{{handler}}", + "metric": "prometheus_local_storage_memory_chunkdescs", + "refId": "A", + "step": 10 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "HTTP requests/s", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "Chunks": "#1F78C1", + "Chunks to persist": "#508642", + "Max chunks": "#052B51", + "Max to persist": "#3F6833" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "default-kubecost", + "description": "", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 93 + }, + "hiddenSeries": false, + "id": 37, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.1", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "rate(prometheus_http_request_duration_seconds_sum{job=\"prometheus\",instance=\"$Prometheus:9090\"}[2m]) / rate(prometheus_http_request_duration_seconds_count{job=\"prometheus\",instance=\"$Prometheus:9090\"}[2m])", + "format": "time_series", + "interval": "", + "intervalFactor": 2, + "legendFormat": "{{handler}}", + "metric": "prometheus_local_storage_memory_chunkdescs", + "refId": "A", + "step": 10 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "HTTP request latency", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "Chunks": "#1F78C1", + "Chunks to persist": "#508642", + "Max chunks": "#052B51", + "Max to persist": "#3F6833" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "default-kubecost", + "description": "", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 93 + }, + "hiddenSeries": false, + "id": 36, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.1", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "rate(prometheus_http_request_duration_seconds_sum{job=\"prometheus\",instance=\"$Prometheus:9090\"}[2m])", + "format": "time_series", + "interval": "", + "intervalFactor": 2, + "legendFormat": "{{handler}}", + "metric": "prometheus_local_storage_memory_chunkdescs", + "refId": "A", + "step": 10 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Time spent in HTTP requests/s", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "collapsed": false, + "datasource": "default-kubecost", + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 100 + }, + "id": 61, + "panels": [], + "repeat": "RuleGroup", + "scopedVars": { + "RuleGroup": { + "selected": false, + "text": "/etc/config/rules;CPU", + "value": "/etc/config/rules;CPU" + } + }, + "title": "Rule Group: $RuleGroup", + "type": "row" + }, + { + "aliasColors": { + "Chunks": "#1F78C1", + "Chunks to persist": "#508642", + "Interval": "#890f02", + "Last Duration": "#f9934e", + "Max chunks": "#052B51", + "Max to persist": "#3F6833" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "default-kubecost", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 12, + "x": 0, + "y": 101 + }, + "hiddenSeries": false, + "id": 43, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.1", + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "repeatDirection": "h", + "scopedVars": { + "RuleGroup": { + "selected": false, + "text": "/etc/config/rules;CPU", + "value": "/etc/config/rules;CPU" + } + }, + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "prometheus_rule_group_interval_seconds{job=\"prometheus\",instance=\"$Prometheus:9090\",rule_group=~\"$RuleGroup\"}\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Interval", + "metric": "prometheus_local_storage_memory_chunkdescs", + "refId": "A", + "step": 10 + }, + { + "expr": "prometheus_rule_group_last_duration_seconds{job=\"prometheus\",instance=\"$Prometheus:9090\",rule_group=~\"$RuleGroup\"}\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Last Duration", + "metric": "prometheus_local_storage_memory_chunkdescs", + "refId": "B", + "step": 10 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "$RuleGroup: Duration", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "Chunks": "#1F78C1", + "Chunks to persist": "#508642", + "Interval": "#890f02", + "Last Duration": "#f9934e", + "Max chunks": "#052B51", + "Max to persist": "#3F6833" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "default-kubecost", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 12, + "x": 12, + "y": 101 + }, + "hiddenSeries": false, + "id": 66, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.1", + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeatDirection": "h", + "scopedVars": { + "RuleGroup": { + "selected": false, + "text": "/etc/config/rules;CPU", + "value": "/etc/config/rules;CPU" + } + }, + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "prometheus_rule_group_rules{job=\"prometheus\",instance=\"$Prometheus:9090\",rule_group=~\"$RuleGroup\"}\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Rules", + "metric": "prometheus_local_storage_memory_chunkdescs", + "refId": "A", + "step": 10 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "$RuleGroup: Rules", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 0, + "format": "none", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "collapsed": false, + "datasource": "default-kubecost", + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 108 + }, + "id": 108, + "panels": [], + "repeat": null, + "repeatIteration": 1603144824023, + "repeatPanelId": 61, + "scopedVars": { + "RuleGroup": { + "selected": false, + "text": "/etc/config/rules;Savings", + "value": "/etc/config/rules;Savings" + } + }, + "title": "Rule Group: $RuleGroup", + "type": "row" + }, + { + "aliasColors": { + "Chunks": "#1F78C1", + "Chunks to persist": "#508642", + "Interval": "#890f02", + "Last Duration": "#f9934e", + "Max chunks": "#052B51", + "Max to persist": "#3F6833" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "default-kubecost", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 12, + "x": 0, + "y": 109 + }, + "hiddenSeries": false, + "id": 109, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.1", + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "repeatDirection": "h", + "repeatIteration": 1603144824023, + "repeatPanelId": 43, + "repeatedByRow": true, + "scopedVars": { + "RuleGroup": { + "selected": false, + "text": "/etc/config/rules;Savings", + "value": "/etc/config/rules;Savings" + } + }, + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "prometheus_rule_group_interval_seconds{job=\"prometheus\",instance=\"$Prometheus:9090\",rule_group=~\"$RuleGroup\"}\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Interval", + "metric": "prometheus_local_storage_memory_chunkdescs", + "refId": "A", + "step": 10 + }, + { + "expr": "prometheus_rule_group_last_duration_seconds{job=\"prometheus\",instance=\"$Prometheus:9090\",rule_group=~\"$RuleGroup\"}\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Last Duration", + "metric": "prometheus_local_storage_memory_chunkdescs", + "refId": "B", + "step": 10 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "$RuleGroup: Duration", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "Chunks": "#1F78C1", + "Chunks to persist": "#508642", + "Interval": "#890f02", + "Last Duration": "#f9934e", + "Max chunks": "#052B51", + "Max to persist": "#3F6833" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "default-kubecost", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 12, + "x": 12, + "y": 109 + }, + "hiddenSeries": false, + "id": 110, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.1", + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeatDirection": "h", + "repeatIteration": 1603144824023, + "repeatPanelId": 66, + "repeatedByRow": true, + "scopedVars": { + "RuleGroup": { + "selected": false, + "text": "/etc/config/rules;Savings", + "value": "/etc/config/rules;Savings" + } + }, + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "prometheus_rule_group_rules{job=\"prometheus\",instance=\"$Prometheus:9090\",rule_group=~\"$RuleGroup\"}\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Rules", + "metric": "prometheus_local_storage_memory_chunkdescs", + "refId": "A", + "step": 10 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "$RuleGroup: Rules", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 0, + "format": "none", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "refresh": false, + "schemaVersion": 26, + "style": "dark", + "tags": [], + "templating": { + "list": [ + { + "allValue": null, + "current": { + "selected": false, + "text": "localhost", + "value": "localhost" + }, + "datasource": "default-kubecost", + "definition": "", + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "Prometheus", + "options": [], + "query": "query_result(up{job=\"prometheus\"} == 1)", + "refresh": 2, + "regex": ".*instance=\"([^\"]+):9090\".*", + "skipUrlSync": false, + "sort": 0, + "tagValuesQuery": null, + "tags": [], + "tagsQuery": null, + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + "selected": false, + "text": "All", + "value": "$__all" + }, + "datasource": "default-kubecost", + "definition": "", + "hide": 2, + "includeAll": true, + "label": null, + "multi": false, + "name": "RuleGroup", + "options": [], + "query": "prometheus_rule_group_last_duration_seconds{job=\"prometheus\",instance=\"$Prometheus:9090\"}", + "refresh": 2, + "regex": ".*rule_group=\"(.*?)\".*", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-24h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "utc", + "title": "Prometheus Benchmark - 2.17.x", + "uid": "L0HBvojWz", + "version": 4 +} diff --git a/charts/kubecost/cost-analyzer/1.70.000/questions.yml b/charts/kubecost/cost-analyzer/1.70.000/questions.yml new file mode 100644 index 000000000..ce86c64fb --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/questions.yml @@ -0,0 +1,160 @@ +questions: +# General Settings +- variable: kubecostProductConfigs.clusterName + label: Cluster Name + description: "Used for display in the cost-analyzer UI (Can be renamed in the UI)" + type: string + required: true + default: "" + group: General Settings +- variable: persistentVolume.enabled + label: Enable Persistent Volume for CostAnalyzer + description: "If true, Kubecost will create a Persistent Volume Claim for product config data" + type: boolean + default: false + show_subquestion_if: true + group: "General Settings" + subquestions: + - variable: persistentVolume.size + label: CostAnalyzer Persistent Volume Size + type: string + default: "0.2Gi" + +# Prometheus Server +- variable: global.prometheus.enabled + label: Enable Prometheus + description: If false, use an existing Prometheus install + type: boolean + default: true + group: "Prometheus" +- variable: prometheus.kubeStateMetrics.enabled + label: Enable KubeStateMetrics + description: "If true, deploy kube-state-metrics for Kubernetes metrics" + type: boolean + default: true + show_if: "global.prometheus.enabled=true" + group: "Prometheus" +- variable: prometheus.server.retention + label: Prometheus Server Retention + description: "Determines when to remove old data" + type: string + default: "15d" + show_if: "global.prometheus.enabled=true" + group: "Prometheus" +- variable: prometheus.server.persistentVolume.enabled + label: Create Persistent Volume for Prometheus + description: "If true, prometheus will create a persistent volume claim" + type: boolean + required: true + default: false + group: "Prometheus" + show_if: "global.prometheus.enabled=true" + show_subquestion_if: true + subquestions: + - variable: prometheus.server.persistentVolume.size + label: Prometheus Persistent Volume Size + type: string + default: "8Gi" + - variable: prometheus.server.persistentVolume.storageClass + label: Prometheus Persistent Volume StorageClass + description: "Prometheus data persistent volume storageClass, if not set use default StorageClass" + default: "" + type: storageclass + - variable: prometheus.server.persistentVolume.existingClaim + label: Existing Persistent Volume Claim for Prometheus + description: "If not empty, uses the specified existing PVC instead of creating new one" + type: pvc + default: "" + +# Prometheus Node Exporter +- variable: prometheus.nodeExporter.enabled + label: Enable NodeExporter + description: "If false, do not create NodeExporter daemonset" + type: boolean + default: true + group: "NodeExporter" +- variable: prometheus.serviceAccounts.nodeExporter.create + label: Enable Service Accounts NodeExporter + description: "If false, do not create NodeExporter daemonset" + type: boolean + default: true + group: "NodeExporter" + +# Prometheus AlertManager +- variable: prometheus.alertmanager.enabled + label: Enable AlertManager + type: boolean + default: true + group: "AlertManager" +- variable: prometheus.alertmanager.persistentVolume.enabled + label: Create Persistent Volume for AlertManager + description: "If true, alertmanager will create a persistent volume claim" + type: boolean + required: true + default: false + group: "AlertManager" + show_if: "prometheus.alertmanager.enabled=true" + show_subquestion_if: true + subquestions: + - variable: prometheus.alertmanager.persistentVolume.size + default: "2Gi" + description: "AlertManager data persistent volume size" + type: string + label: AlertManager Persistent Volume Size + - variable: prometheus.alertmanager.persistentVolume.storageClass + default: "" + description: "Alertmanager data persistent volume storageClass, if not set use default StorageClass" + type: storageclass + label: AlertManager Persistent Volume StorageClass + - variable: prometheus.alertmanager.persistentVolume.existingClaim + default: "" + description: "If not empty, uses the specified existing PVC instead of creating new one" + type: pvc + label: Existing Persistent Volume Claim for AlertManager + +# PushGateway +- variable: prometheus.pushgateway.enabled + label: Enable PushGateway + type: boolean + default: true + group: "PushGateway" +- variable: prometheus.pushgateway.persistentVolume.enabled + label: Create Persistent Volume for PushGateway + description: "If true, PushGateway will create a persistent volume claim" + required: true + type: boolean + default: false + group: "PushGateway" + show_if: "prometheus.pushgateway.enabled=true" + show_subquestion_if: true + subquestions: + - variable: prometheus.prometheus.pushgateway.persistentVolume.size + label: PushGateway Persistent Volume Size + type: string + default: "2Gi" + - variable: prometheus.pushgateway.persistentVolume.storageClass + label: PushGateway Persistent Volume StorageClass + description: "PushGateway data persistent volume storageClass, if not set use default StorageClass" + type: storageclass + default: "" + - variable: prometheus.pushgateway.persistentVolume.existingClaim + label: Existing Persistent Volume Claim for PushGateway + description: "If not empty, uses the specified existing PVC instead of creating new one" + type: pvc + default: "" + +# Services and Load Balancing +- variable: ingress.enabled + label: Enable Ingress + description: "Expose app using Ingress (Layer 7 Load Balancer)" + default: true + type: boolean + show_subquestion_if: true + group: "Services and Load Balancing" + subquestions: + - variable: ingress.hosts[0] + default: "xip.io" + description: "Hostname to your CostAnalyzer installation" + type: hostname + required: true + label: Hostname diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/NOTES.txt b/charts/kubecost/cost-analyzer/1.70.000/templates/NOTES.txt new file mode 100644 index 000000000..bbc2594e9 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/templates/NOTES.txt @@ -0,0 +1,10 @@ + + +-------------------------------------------------- +{{- $servicePort := .Values.service.port | default 9090 -}} +Kubecost has been successfully installed. When pods are Ready, you can enable port-forwarding with the following command: + + kubectl port-forward --namespace {{ .Release.Namespace }} deployment/{{ template "cost-analyzer.fullname" . }} {{ $servicePort }} + +Next, navigate to http://localhost:{{ $servicePort }} in a web browser. + diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/_helpers.tpl b/charts/kubecost/cost-analyzer/1.70.000/templates/_helpers.tpl new file mode 100644 index 000000000..95e2dca20 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/templates/_helpers.tpl @@ -0,0 +1,200 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "cost-analyzer.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "cost-analyzer.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create the fully qualified name for Prometheus server service. +*/}} +{{- define "cost-analyzer.prometheus.server.name" -}} +{{- if .Values.prometheus -}} +{{- if .Values.prometheus.server -}} +{{- if .Values.prometheus.server.fullnameOverride -}} +{{- .Values.prometheus.server.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-prometheus-server" .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- else -}} +{{- printf "%s-prometheus-server" .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- else -}} +{{- printf "%s-prometheus-server" .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} + +{{/* +Create the fully qualified name for Prometheus alertmanager service. +*/}} +{{- define "cost-analyzer.prometheus.alertmanager.name" -}} +{{- if .Values.prometheus -}} +{{- if .Values.prometheus.alertmanager -}} +{{- if .Values.prometheus.alertmanager.fullnameOverride -}} +{{- .Values.prometheus.alertmanager.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-prometheus-alertmanager" .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- else -}} +{{- printf "%s-prometheus-alertmanager" .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- else -}} +{{- printf "%s-prometheus-alertmanager" .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} + +{{- define "cost-analyzer.serviceName" -}} +{{- printf "%s-%s" .Release.Name "cost-analyzer" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Network Costs name used to tie autodiscovery of metrics to daemon set pods +*/}} +{{- define "cost-analyzer.networkCostsName" -}} +{{- printf "%s-%s" .Release.Name "network-costs" -}} +{{- end -}} + +{{- define "kubecost.clusterControllerName" -}} +{{- printf "%s-%s" .Release.Name "cluster-controller" -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "cost-analyzer.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the service account +*/}} +{{- define "cost-analyzer.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "cost-analyzer.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create the common labels. +*/}} +{{- define "cost-analyzer.commonLabels" -}} +app.kubernetes.io/name: {{ include "cost-analyzer.name" . }} +helm.sh/chart: {{ include "cost-analyzer.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +app: cost-analyzer +{{- end -}} + +{{/* +Create the selector labels. +*/}} +{{- define "cost-analyzer.selectorLabels" -}} +app.kubernetes.io/name: {{ include "cost-analyzer.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +app: cost-analyzer +{{- end -}} + +{{/* +Return the appropriate apiVersion for daemonset. +*/}} +{{- define "cost-analyzer.daemonset.apiVersion" -}} +{{- if semverCompare "<1.9-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "extensions/v1beta1" -}} +{{- else if semverCompare "^1.9-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for priorityClass. +*/}} +{{- define "cost-analyzer.priorityClass.apiVersion" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "scheduling.k8s.io/v1beta1" -}} +{{- else if semverCompare "^1.14-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "scheduling.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for networkpolicy. +*/}} +{{- define "cost-analyzer.networkPolicy.apiVersion" -}} +{{- if semverCompare ">=1.4-0, <1.7-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "extensions/v1beta1" -}} +{{- else if semverCompare "^1.7-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "networking.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for podsecuritypolicy. +*/}} +{{- define "cost-analyzer.podSecurityPolicy.apiVersion" -}} +{{- if semverCompare ">=1.3-0, <1.10-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "extensions/v1beta1" -}} +{{- else if semverCompare "^1.10-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "policy/v1beta1" -}} +{{- end -}} +{{- end -}} + +{{/* +Recursive filter which accepts a map containing an input map (.v) and an output map (.r). The template +will traverse all values inside .v recursively writing non-map values to the output .r. If a nested map +is discovered, we look for an 'enabled' key. If it doesn't exist, we continue traversing the +map. If it does exist, we omit the inner map traversal iff enabled is false. This filter writes the +enabled only version to the output .r +*/}} +{{- define "cost-analyzer.filter" -}} +{{- $v := .v }} +{{- $r := .r }} +{{- range $key, $value := .v }} + {{- $tp := kindOf $value -}} + {{- if eq $tp "map" -}} + {{- $isEnabled := true -}} + {{- if (hasKey $value "enabled") -}} + {{- $isEnabled = $value.enabled -}} + {{- end -}} + {{- if $isEnabled -}} + {{- $rr := "{}" | fromYaml }} + {{- template "cost-analyzer.filter" (dict "v" $value "r" $rr) }} + {{- $_ := set $r $key $rr -}} + {{- end -}} + {{- else -}} + {{- $_ := set $r $key $value -}} + {{- end -}} +{{- end -}} +{{- end -}} + +{{/* +This template accepts a map and returns a base64 encoded json version of the map where all disabled +leaf nodes are omitted. + +The implied use case is {{ template "cost-analyzer.filterEnabled" .Values }} +*/}} +{{- define "cost-analyzer.filterEnabled" -}} +{{- $result := "{}" | fromYaml }} +{{- template "cost-analyzer.filter" (dict "v" . "r" $result) }} +{{- $result | toJson | b64enc }} +{{- end -}} \ No newline at end of file diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/aws-service-key-secret.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/aws-service-key-secret.yaml new file mode 100644 index 000000000..6b8de4d5e --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/templates/aws-service-key-secret.yaml @@ -0,0 +1,17 @@ +{{- if .Values.kubecostProductConfigs }} +{{- if .Values.kubecostProductConfigs.createServiceKeySecret }} +{{- if .Values.kubecostProductConfigs.awsServiceKeyName }} +apiVersion: v1 +kind: Secret +metadata: + name: cloud-service-key +type: Opaque +stringData: + service-key.json: |- + { + "aws_access_key_id": "{{ .Values.kubecostProductConfigs.awsServiceKeyName }}", + "aws_secret_access_key": "{{ .Values.kubecostProductConfigs.awsServiceKeyPassword }}" + } +{{- end -}} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/awsstore-deployment-template.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/awsstore-deployment-template.yaml new file mode 100644 index 000000000..35f5b9991 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/templates/awsstore-deployment-template.yaml @@ -0,0 +1,26 @@ +{{- if .Values.awsstore }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "cost-analyzer.fullname" . }}-awsstore + labels: + {{ include "cost-analyzer.commonLabels" . | nindent 4 }} +spec: + selector: + matchLabels: + app: awsstore + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + labels: + app: awsstore + spec: + serviceAccountName: awsstore-serviceaccount + containers: + - image: {{ .Values.awsstore.imageNameAndVersion }} + name: awsstore +{{- end }} \ No newline at end of file diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/awsstore-service-account-template.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/awsstore-service-account-template.yaml new file mode 100644 index 000000000..65f37e652 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/templates/awsstore-service-account-template.yaml @@ -0,0 +1,12 @@ +{{- if .Values.awsstore }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: awsstore-serviceaccount + labels: + {{ include "cost-analyzer.commonLabels" . | nindent 4 }} +{{- with .Values.awsstore.annotations }} + annotations: + {{- toYaml . | nindent 4 }} +{{- end }} +{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/azure-service-key-secret.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/azure-service-key-secret.yaml new file mode 100644 index 000000000..bb71e064b --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/templates/azure-service-key-secret.yaml @@ -0,0 +1,21 @@ +{{- if .Values.kubecostProductConfigs }} +{{- if .Values.kubecostProductConfigs.createServiceKeySecret }} +{{- if .Values.kubecostProductConfigs.azureSubscriptionID }} +apiVersion: v1 +kind: Secret +metadata: + name: cloud-service-key +type: Opaque +stringData: + service-key.json: |- + { + "subscriptionId": "{{ .Values.kubecostProductConfigs.azureSubscriptionID }}", + "serviceKey": { + "appId": "{{ .Values.kubecostProductConfigs.azureClientID }}", + "password": "{{ .Values.kubecostProductConfigs.azureClientPassword }}", + "tenant": "{{ .Values.kubecostProductConfigs.azureTenantID }}" + } + } +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-alerts-configmap.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-alerts-configmap.yaml new file mode 100644 index 000000000..b627cf874 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-alerts-configmap.yaml @@ -0,0 +1,12 @@ +{{- if .Values.global.notifications.alertConfigs }} +{{- if .Values.global.notifications.alertConfigs.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: alert-configs + labels: + {{ include "cost-analyzer.commonLabels" . | nindent 4 }} +data: + alerts.json: '{{ toJson .Values.global.notifications.alertConfigs }}' +{{- end -}} +{{- end -}} diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-checks-template.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-checks-template.yaml new file mode 100644 index 000000000..eef8d187d --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-checks-template.yaml @@ -0,0 +1,63 @@ +{{- if .Values.kubecostChecks -}} +{{- if .Values.kubecostChecks.enabled -}} +apiVersion: batch/v1beta1 +kind: CronJob +metadata: + name: cost-analyzer-checks + labels: + {{ include "cost-analyzer.commonLabels" . | nindent 4 }} +spec: + {{- if .Values.kubecostChecks.debug }} + schedule: "*/1 * * * *" + {{- else if .Values.kubecostChecks.schedule }} + schedule: {{ .Values.kubecostChecks.schedule | quote }} + {{- else }} + schedule: "*/10 * * * *" + {{- end }} + jobTemplate: + metadata: + labels: + {{ include "cost-analyzer.commonLabels" . | nindent 8 }} + spec: + template: + spec: + containers: + - name: cost-analyzer-checks + {{- if .Values.kubecostChecks }} + image: {{ .Values.kubecostChecks.image }}:prod-{{ $.Chart.AppVersion }} + {{- else }} + image: gcr.io/kubecost1/checks:prod-{{ $.Chart.AppVersion }} + {{ end }} + imagePullPolicy: Always + args: + - node + - ./node/cron.js + resources: +{{ toYaml .Values.kubecostChecks.resources | indent 14 }} + env: + - name: COST_ANALYZER_SERVER_ENDPOINT + value: {{ template "cost-analyzer.serviceName" . }}.{{ .Release.Namespace }}:9001 + - name: COST_ANALYZER_MODEL_ENDPOINT + {{- if .Values.saml.enabled }} + value: {{ template "cost-analyzer.serviceName" . }}.{{ .Release.Namespace }}:9004 + {{- else }} + value: {{ template "cost-analyzer.serviceName" . }}.{{ .Release.Namespace }}:9003 + {{ end }} + {{- if .Values.kubecostChecks }} + {{- if .Values.kubecostChecks.debug }} + - name: SEND_UPDATES_NOW + value: "true" + {{- end }} + {{- end }} + - name: PROMETHEUS_ALERTMANAGER_ENDPOINT + valueFrom: + configMapKeyRef: + name: {{ template "cost-analyzer.fullname" . }} + key: prometheus-alertmanager-endpoint + {{- if .Values.imagePullSecrets }} + imagePullSecrets: + {{ toYaml .Values.imagePullSecrets | indent 2 }} + {{- end }} + restartPolicy: OnFailure +{{- end -}} +{{- end -}} diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-cluser-role-template.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-cluser-role-template.yaml new file mode 100644 index 000000000..16f926e8a --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-cluser-role-template.yaml @@ -0,0 +1,105 @@ +{{- if and .Values.reporting .Values.reporting.logCollection -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + namespace: {{ .Release.Namespace }} + name: {{ template "cost-analyzer.serviceAccountName" . }} +rules: +- apiGroups: + - '' + resources: + - "pods/log" + verbs: + - get + - list + - watch +--- +{{- end }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "cost-analyzer.serviceAccountName" . }} + labels: + {{ include "cost-analyzer.commonLabels" . | nindent 4 }} +rules: + - apiGroups: + - '' + resources: + - configmaps + - deployments + - nodes + - pods + - events + - services + - resourcequotas + - replicationcontrollers + - limitranges + - persistentvolumeclaims + - persistentvolumes + - namespaces + - endpoints + verbs: + - get + - list + - watch + - apiGroups: + - extensions + resources: + - daemonsets + - deployments + - replicasets + verbs: + - get + - list + - watch + - apiGroups: + - apps + resources: + - statefulsets + - deployments + - daemonsets + - replicasets + verbs: + - list + - watch + - apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - get + - list + - watch + - apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch + - apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - get + - list + - watch + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch + - apiGroups: + - events.k8s.io + resources: + - events + verbs: + - get + - list + - watch diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-cluster-role-binding-template.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-cluster-role-binding-template.yaml new file mode 100644 index 000000000..f2952b923 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-cluster-role-binding-template.yaml @@ -0,0 +1,33 @@ +{{- if .Values.reporting }} +{{- if .Values.reporting.logCollection }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "cost-analyzer.serviceAccountName" . }} + labels: + {{ include "cost-analyzer.commonLabels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "cost-analyzer.serviceAccountName" . }} +subjects: + - kind: ServiceAccount + name: {{ template "cost-analyzer.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +--- +{{- end }} +{{- end }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "cost-analyzer.serviceAccountName" . }} + labels: + {{ include "cost-analyzer.commonLabels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "cost-analyzer.serviceAccountName" . }} +subjects: + - kind: ServiceAccount + name: {{ template "cost-analyzer.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} \ No newline at end of file diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-config-map-template.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-config-map-template.yaml new file mode 100644 index 000000000..86aa0ee51 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-config-map-template.yaml @@ -0,0 +1,30 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "cost-analyzer.fullname" . }} + labels: + {{ include "cost-analyzer.commonLabels" . | nindent 4 }} +data: + {{- if .Values.global.prometheus.enabled }} + {{- if .Values.global.zone }} + prometheus-alertmanager-endpoint: http://{{ template "cost-analyzer.prometheus.alertmanager.name" . }}.{{ .Release.Namespace }}.svc.{{ .Values.global.zone }} + {{ else }} + prometheus-alertmanager-endpoint: http://{{ template "cost-analyzer.prometheus.alertmanager.name" . }}.{{ .Release.Namespace }} + {{- end -}} + {{ else }} + prometheus-alertmanager-endpoint: {{ .Values.global.notifications.alertmanager.fqdn }} + {{- end -}} + {{- if .Values.global.prometheus.enabled }} + {{- if .Values.global.zone }} + prometheus-server-endpoint: http://{{ template "cost-analyzer.prometheus.server.name" . }}.{{ .Release.Namespace }}.svc.{{ .Values.global.zone }} + {{ else }} + prometheus-server-endpoint: http://{{ template "cost-analyzer.prometheus.server.name" . }}.{{ .Release.Namespace }} + {{- end -}} + {{ else }} + prometheus-server-endpoint: {{ .Values.global.prometheus.fqdn }} + {{- end -}} + {{- if .Values.kubecostToken }} + kubecost-token: {{ .Values.kubecostToken }} + {{ else }} + kubecost-token: not-applied + {{- end -}} diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-db-pvc-template.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-db-pvc-template.yaml new file mode 100644 index 000000000..38b7e92f8 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-db-pvc-template.yaml @@ -0,0 +1,29 @@ +{{- if (.Values.kubecostModel.etlToDisk | default true) -}} +{{- if .Values.persistentVolume -}} +{{- if not .Values.persistentVolume.dbExistingClaim -}} +{{- if .Values.persistentVolume.enabled -}} +{{- if .Values.persistentVolume.dbPVEnabled -}} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ template "cost-analyzer.fullname" . }}-db + labels: + {{ include "cost-analyzer.commonLabels" . | nindent 4 }} +spec: + accessModes: + - ReadWriteOnce + {{- if .Values.persistentVolume.dbStorageClass }} + storageClassName: {{ .Values.persistentVolume.dbStorageClass }} + {{ end }} + resources: + requests: + {{- if .Values.persistentVolume }} + storage: {{ .Values.persistentVolume.dbSize }} + {{- else }} + storage: 32.0Gi + {{ end }} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-deployment-template.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-deployment-template.yaml new file mode 100644 index 000000000..2bfd2896b --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-deployment-template.yaml @@ -0,0 +1,672 @@ +{{- $nginxPort := int .Values.service.port | default 9090 -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "cost-analyzer.fullname" . }} + labels: + {{ include "cost-analyzer.commonLabels" . | nindent 4 }} +{{- if .Values.kubecostDeployment }} +{{- with .Values.kubecostDeployment.labels }} +{{ toYaml . | indent 4 }} +{{- end }} +{{- end }} +spec: +{{- if .Values.kubecostDeployment }} + replicas: {{ .Values.kubecostDeployment.replicas | default 1 }} +{{- end }} + selector: + matchLabels: +{{ include "cost-analyzer.selectorLabels" . | nindent 8}} + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + labels: + {{ include "cost-analyzer.selectorLabels" . | nindent 8 }} +{{- if .Values.kubecostDeployment }} +{{- with .Values.kubecostDeployment.labels }} +{{ toYaml . | indent 8 }} +{{- end }} +{{- end }} +{{- if .Values.global.podAnnotations}} + annotations: +{{- with .Values.global.podAnnotations }} +{{ toYaml . | indent 8 }} +{{- end }} +{{- end }} + spec: + {{- if .Values.kubecostFrontend.tls }} + {{- if .Values.kubecostFrontend.tls.enabled }} + securityContext: + runAsUser: 0 + {{- else }} + securityContext: + runAsUser: 1001 + runAsGroup: 1001 + fsGroup: 1001 + {{- end }} + {{- else if lt $nginxPort 1025 }} + securityContext: + runAsUser: 0 + {{- else }} + securityContext: + runAsUser: 1001 + runAsGroup: 1001 + fsGroup: 1001 + {{- end }} + restartPolicy: Always + serviceAccountName: {{ template "cost-analyzer.serviceAccountName" . }} + volumes: + - name: nginx-conf + configMap: + name: nginx-conf + items: + - key: nginx.conf + path: default.conf + {{- if .Values.kubecostProductConfigs }} + {{- if .Values.kubecostProductConfigs.productKey }} + {{- if .Values.kubecostProductConfigs.productKey.secretname }} + - name: productkey-secret + secret: + secretName: {{ .Values.kubecostProductConfigs.productKey.secretname }} + items: + - key: productkey.json + path: productkey.json + {{- end }} + {{- end -}} + {{- if .Values.kubecostProductConfigs.gcpSecretName }} + - name: gcp-key-secret + secret: + secretName: {{ .Values.kubecostProductConfigs.gcpSecretName }} + items: + - key: compute-viewer-kubecost-key.json + path: key.json + {{- end }} + {{- if .Values.kubecostProductConfigs.serviceKeySecretName }} + - name: service-key-secret + secret: + secretName: {{ .Values.kubecostProductConfigs.serviceKeySecretName }} + {{- else if .Values.kubecostProductConfigs.createServiceKeySecret }} + - name: service-key-secret + secret: + secretName: cloud-service-key + {{- end }} + {{- if .Values.kubecostProductConfigs.clusters }} + - name: kubecost-clusters + configMap: + name: kubecost-clusters + {{- range .Values.kubecostProductConfigs.clusters }} + {{- if .auth }} + {{- if .auth.secretName }} + - name: {{ .auth.secretName }} + secret: + secretName: {{ .auth.secretName }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.kubecostFrontend.tls }} + {{- if .Values.kubecostFrontend.tls.enabled }} + - name: tls + secret: + secretName : {{ .Values.kubecostFrontend.tls.secretName }} + items: + - key: tls.crt + path: kc.crt + - key: tls.key + path: kc.key + {{- end }} + {{- end }} + {{- if .Values.saml }} + {{- if .Values.saml.enabled }} + {{- if .Values.saml.secretName }} + - name: secret-volume + secret: + secretName: {{ .Values.saml.secretName }} + {{- end }} + {{- if .Values.saml.metadataSecretName }} + - name: metadata-secret-volume + secret: + secretName: {{ .Values.saml.metadataSecretName }} + {{- end }} + {{- if .Values.saml.rbac.enabled }} + - name: saml-roles + configMap: + name: {{ template "cost-analyzer.fullname" . }}-saml + {{- end }} + {{- end }} + {{- end }} + - name: persistent-configs +{{- if .Values.persistentVolume }} +{{- if .Values.persistentVolume.enabled }} + persistentVolumeClaim: +{{- if .Values.persistentVolume.existingClaim }} + claimName: {{ .Values.persistentVolume.existingClaim }} +{{- else }} + claimName: {{ template "cost-analyzer.fullname" . }} +{{- end -}} +{{- else }} + emptyDir: {} +{{- end -}} +{{- else }} + persistentVolumeClaim: + claimName: {{ template "cost-analyzer.fullname" . }} +{{- end }} +{{- if and (.Values.kubecostModel.etlToDisk | default true) .Values.persistentVolume.dbPVEnabled }} + - name: persistent-db +{{- if .Values.persistentVolume }} +{{- if .Values.persistentVolume.enabled }} + persistentVolumeClaim: +{{- if .Values.persistentVolume.dbExistingClaim }} + claimName: {{ .Values.persistentVolume.dbExistingClaim }} +{{- else }} + claimName: {{ template "cost-analyzer.fullname" . }}-db +{{- end -}} +{{- else }} + emptyDir: {} +{{- end -}} +{{- else }} + persistentVolumeClaim: + claimName: {{ template "cost-analyzer.fullname" . }}-db +{{- end }} +{{- end }} + initContainers: +{{- if .Values.supportNFS }} + - name: config-db-perms-fix + {{- if .Values.initChownDataImage }} + image: {{ .Values.initChownDataImage }} + {{- else }} + image: busybox + {{- end }} + resources: +{{ toYaml .Values.initChownData.resources | indent 12 }} + {{- if and (.Values.kubecostModel.etlToDisk | default true) .Values.persistentVolume.dbPVEnabled }} + command: ["sh", "-c", "/bin/chmod -R 777 /var/configs && /bin/chmod -R 777 /var/db"] + {{- else }} + command: ["sh", "-c", "/bin/chmod -R 777 /var/configs"] + {{- end}} + volumeMounts: + - name: persistent-configs + mountPath: /var/configs + {{- if and (.Values.kubecostModel.etlToDisk | default true) .Values.persistentVolume.dbPVEnabled }} + - name: persistent-db + mountPath: /var/db + {{- end }} + securityContext: + runAsUser: 0 +{{ end }} + containers: + {{- if .Values.kubecostModel }} + {{- if .Values.imageVersion}} + - image: {{ .Values.kubecostModel.image }}:{{ .Values.imageVersion }} + {{- else }} + - image: {{ .Values.kubecostModel.image }}:prod-{{ $.Chart.AppVersion }} + {{ end }} + {{- else }} + - image: gcr.io/kubecost1/cost-model:prod-{{ $.Chart.AppVersion }} + {{ end }} + name: cost-model + {{- if .Values.kubecostModel.imagePullPolicy }} + imagePullPolicy: {{ .Values.kubecostModel.imagePullPolicy }} + {{- else }} + imagePullPolicy: Always + {{- end }} + resources: +{{ toYaml .Values.kubecostModel.resources | indent 12 }} + readinessProbe: + httpGet: + path: /healthz + port: 9003 + initialDelaySeconds: 30 + periodSeconds: 10 + failureThreshold: 200 + volumeMounts: + - name: persistent-configs + mountPath: /var/configs + {{- if and (.Values.kubecostModel.etlToDisk | default true) .Values.persistentVolume.dbPVEnabled }} + - name: persistent-db + mountPath: /var/db + {{- end }} + {{- if .Values.kubecostProductConfigs }} + {{- if .Values.kubecostProductConfigs.productKey }} + {{- if .Values.kubecostProductConfigs.productKey.secretname }} + - name: productkey-secret + mountPath: /var/configs/productkey + {{- end }} + {{- end }} + {{- if .Values.kubecostProductConfigs.gcpSecretName }} + - name: gcp-key-secret + mountPath: /models + {{- end }} + {{- if or .Values.kubecostProductConfigs.serviceKeySecretName .Values.kubecostProductConfigs.createServiceKeySecret }} + - name: service-key-secret + mountPath: /var/secrets + {{- end }} + {{- if .Values.kubecostProductConfigs.clusters }} + - name: kubecost-clusters + mountPath: /var/configs/clusters + {{- range .Values.kubecostProductConfigs.clusters }} + {{- if .auth }} + {{- if .auth.secretName }} + - name: {{ .auth.secretName }} + mountPath: /var/secrets/{{ .auth.secretName }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.saml }} + {{- if .Values.saml.enabled }} + {{- if .Values.saml.secretName }} + - name: secret-volume + mountPath: /var/configs/secret-volume + {{- end }} + {{- if .Values.saml.metadataSecretName }} + - name: metadata-secret-volume + mountPath: /var/configs/metadata-secret-volume + {{- end }} + {{- if .Values.saml.rbac.enabled }} + - name: saml-roles + mountPath: /var/configs/saml + {{- end }} + {{- end }} + {{- end }} + env: + - name: PROMETHEUS_SERVER_ENDPOINT + valueFrom: + configMapKeyRef: + name: {{ template "cost-analyzer.fullname" . }} + key: prometheus-server-endpoint + - name: CLOUD_PROVIDER_API_KEY + value: "AIzaSyDXQPG_MHUEy9neR7stolq6l0ujXmjJlvk" # The GCP Pricing API requires a key. + - name: GOOGLE_APPLICATION_CREDENTIALS + value: /var/configs/key.json + - name: CONFIG_PATH + value: /var/configs/ + - name: DB_PATH + value: /var/db/ + - name: CLUSTER_PROFILE + {{- if .Values.kubecostProductConfigs }} + value: {{ .Values.kubecostProductConfigs.clusterProfile | default "production" }} + {{- else }} + value: production + {{- end }} + - name: REMOTE_WRITE_PASSWORD + value: {{ .Values.remoteWrite.postgres.auth.password }} + {{- if .Values.remoteWrite.postgres.enabled }} + - name: REMOTE_WRITE_ENABLED + value: "true" + {{- end }} + - name: GOGC + value: "60" + {{- if .Values.global.thanos.queryServiceBasicAuthSecretName}} + - name: MC_BASIC_AUTH_USERNAME + valueFrom: + secretKeyRef: + name: {{ .Values.global.thanos.queryServiceBasicAuthSecretName }} + key: USERNAME + - name: MC_BASIC_AUTH_PW + valueFrom: + secretKeyRef: + name: {{ .Values.global.thanos.queryServiceBasicAuthSecretName }} + key: PASSWORD + {{- end }} + {{- if .Values.global.prometheus.queryServiceBasicAuthSecretName}} + - name: DB_BASIC_AUTH_USERNAME + valueFrom: + secretKeyRef: + name: {{ .Values.global.prometheus.queryServiceBasicAuthSecretName }} + key: USERNAME + - name: DB_BASIC_AUTH_PW + valueFrom: + secretKeyRef: + name: {{ .Values.global.prometheus.queryServiceBasicAuthSecretName }} + key: PASSWORD + {{- end }} + {{- if .Values.global.prometheus.queryServiceBearerTokenSecretName }} + - name: DB_BEARER_TOKEN + valueFrom: + secretKeyRef: + name: {{ .Values.global.prometheus.queryServiceBearerTokenSecretName }} + key: TOKEN + {{- end }} + {{- if .Values.global.thanos.queryServiceBearerTokenSecretName }} + - name: MC_BEARER_TOKEN + valueFrom: + secretKeyRef: + name: {{ .Values.global.thanos.queryServiceBearerTokenSecretName }} + key: TOKEN + {{- end }} + {{- if .Values.global.prometheus.insecureSkipVerify }} + - name: INSECURE_SKIP_VERIFY + value: {{ (quote .Values.global.prometheus.insecureSkipVerify) }} + {{- end }} + {{- if .Values.pricingCsv }} + {{- if .Values.pricingCsv.enabled }} + - name: USE_CSV_PROVIDER + value: "true" + - name: CSV_PATH + value: {{ .Values.pricingCsv.location.URI }} + - name: CSV_REGION + value: {{ .Values.pricingCsv.location.region }} + {{- if eq .Values.pricingCsv.location.provider "AWS"}} + {{- if .Values.pricingCsv.location.csvAccessCredentials }} + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: {{ .Values.pricingCsv.location.csvAccessCredentials }} + key: AWS_ACCESS_KEY_ID + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: {{ .Values.pricingCsv.location.csvAccessCredentials }} + key: AWS_SECRET_ACCESS_KEY + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.reporting }} + - name: LOG_COLLECTION_ENABLED + value: {{ (quote .Values.reporting.logCollection ) | default (quote true) }} + - name: PRODUCT_ANALYTICS_ENABLED + value: {{ (quote .Values.reporting.productAnalytics ) | default (quote true) }} + - name: ERROR_REPORTING_ENABLED + value: {{ (quote .Values.reporting.errorReporting ) | default (quote true) }} + - name: VALUES_REPORTING_ENABLED + value: {{ (quote .Values.reporting.valuesReporting) | default (quote true) }} + {{- if .Values.reporting.errorReporting }} + - name: SENTRY_DSN + value: "https://71964476292e4087af8d5072afe43abd@o394722.ingest.sentry.io/5245431" + {{- end }} + {{- end }} + - name: CACHE_WARMING_ENABLED + value: {{ (quote .Values.kubecostModel.warmCache) | default (quote true) }} + - name: SAVINGS_CACHE_WARMING_ENABLED + value: {{ (quote .Values.kubecostModel.warmSavingsCache) | default (quote true) }} + - name: ETL_ENABLED + value: {{ (quote .Values.kubecostModel.etl) | default (quote true) }} + - name: ETL_TO_DISK_ENABLED + value: {{ (quote .Values.kubecostModel.etlToDisk) | default (quote true) }} + - name : ETL_CLOUD_ASSETS_ENABLED + value: {{ (quote .Values.kubecostModel.etlCloudAssets) | default (quote true) }} + {{- if .Values.persistentVolume.dbPVEnabled }} + - name: ETL_PATH_PREFIX + value: "/var/db" + {{- end }} + {{- if .Values.kubecostModel.etlStoreDurationDays }} + - name: ETL_STORE_DURATION_DAYS + value: {{ (quote .Values.kubecostModel.etlStoreDurationDays) | default (quote 120) }} + {{- end }} + - name: PV_ENABLED + value: {{ (quote .Values.persistentVolume.enabled) | default (quote true) }} + - name: MAX_QUERY_CONCURRENCY + value: {{ (quote .Values.kubecostModel.maxQueryConcurrency) | default (quote 5) }} + - name: UTC_OFFSET + value: {{ (quote .Values.kubecostModel.utcOffset) | default (quote ) }} + {{- if .Values.networkCosts }} + {{- if .Values.networkCosts.enabled }} + - name: NETWORK_COSTS_PORT + value: {{ quote .Values.networkCosts.port | default (quote 3001) }} + {{- end }} + {{- end }} + {{- /* + If queryService is set, the cost-analyzer will always pass THANOS_ENABLED as true + to ensure that the custom query service target is used. The global.thanos.enabled + flag does not have any affect on this behavior. + */}} + {{- if .Values.global.thanos.queryService }} + - name: THANOS_ENABLED + value: "true" + - name: THANOS_QUERY_URL + value: {{ .Values.global.thanos.queryService }} + - name: THANOS_QUERY_OFFSET + value: {{ .Values.global.thanos.queryOffset | default "3h" }} + - name: THANOS_MAX_SOURCE_RESOLUTION + value: {{ .Values.kubecostModel.maxSourceResolution | default "raw" }} + {{- else if and .Values.global.thanos.enabled .Values.thanos }} + {{- if .Values.thanos.query }} + {{- if .Values.thanos.query.enabled }} + - name: THANOS_ENABLED + value: "true" + - name: THANOS_QUERY_URL + value: http://{{ .Release.Name }}-thanos-query-frontend-http.{{ .Release.Namespace }}:{{ .Values.thanos.queryFrontend.http.port }} + - name: THANOS_QUERY_OFFSET + value: {{ .Values.global.thanos.queryOffset | default "3h" }} + - name: THANOS_MAX_SOURCE_RESOLUTION + value: {{ .Values.kubecostModel.maxSourceResolution | default "raw" }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.saml }} + {{- if .Values.saml.enabled }} + - name: SAML_ENABLED + value: "true" + - name: IDP_URL + value: {{ .Values.saml.idpMetadataURL }} + - name: SP_HOST + value: {{ .Values.saml.appRootURL }} + {{- if .Values.saml.audienceURI }} + - name: AUDIENCE_URI + value: {{ .Values.saml.audienceURI }} + {{- end }} + {{- if .Values.saml.rbac.enabled }} + - name: SAML_RBAC_ENABLED + value: "true" + {{- end }} + {{- end }} + {{- end }} + {{- if and (.Values.prometheus.server.global.external_labels.cluster_id) (not .Values.prometheus.server.clusterIDConfigmap) }} + - name: CLUSTER_ID + value: {{ .Values.prometheus.server.global.external_labels.cluster_id }} + {{- end }} + {{- if .Values.prometheus.server.clusterIDConfigmap }} + - name: CLUSTER_ID + valueFrom: + configMapKeyRef: + name: {{ .Values.prometheus.server.clusterIDConfigmap }} + key: CLUSTER_ID + {{- end }} + {{- if .Values.remoteWrite.postgres.installLocal }} + - name: SQL_ADDRESS + value: pgprometheus + {{- else }} + - name: SQL_ADDRESS + value: {{ .Values.remoteWrite.postgres.remotePostgresAddress }} + {{- end }} + - name: RELEASE_NAME + value: {{ .Release.Name }} + - name: KUBECOST_NAMESPACE + value: {{ .Release.Namespace }} + - name: KUBECOST_TOKEN + valueFrom: + configMapKeyRef: + name: {{ template "cost-analyzer.fullname" . }} + key: kubecost-token + {{- if .Values.kubecostFrontend }} + {{- if .Values.imageVersion}} + - image: {{ .Values.kubecostFrontend.image }}:{{ .Values.imageVersion }} + {{- else }} + - image: {{ .Values.kubecostFrontend.image }}:prod-{{ $.Chart.AppVersion }} + {{ end }} + {{- else }} + - image: gcr.io/kubecost1/frontend:prod-{{ $.Chart.AppVersion }} + {{ end }} + {{- if .Values.kubecostFrontend.tls }} + {{- if .Values.kubecostFrontend.tls.enabled }} + command: ["nginx", "-g", "daemon off;"] + ports: + - containerPort: 443 + {{- end }} + {{- end }} + env: + - name: GET_HOSTS_FROM + value: dns + name: cost-analyzer-frontend + volumeMounts: + - name: nginx-conf + mountPath: /etc/nginx/conf.d/ + {{- if .Values.kubecostFrontend.tls }} + {{- if .Values.kubecostFrontend.tls.enabled }} + - name: tls + mountPath: /etc/ssl/certs + {{- end }} + {{- end }} + resources: +{{ toYaml .Values.kubecostFrontend.resources | indent 12 }} + {{- if .Values.kubecostFrontend.imagePullPolicy }} + imagePullPolicy: {{ .Values.kubecostFrontend.imagePullPolicy }} + {{- else }} + imagePullPolicy: Always + {{- end }} + readinessProbe: + httpGet: + path: /healthz + port: 9003 + initialDelaySeconds: 30 + periodSeconds: 10 + failureThreshold: 200 + {{- if .Values.kubecost }} + {{- if .Values.imageVersion}} + - image: {{ .Values.kubecost.image }}:{{ .Values.imageVersion }} + {{- else }} + - image: {{ .Values.kubecost.image }}:prod-{{ $.Chart.AppVersion }} + {{ end }} + {{- else }} + - image: gcr.io/kubecost1/server:prod-{{ $.Chart.AppVersion }} + {{ end }} + resources: +{{ toYaml .Values.kubecost.resources | indent 12 }} + name: cost-analyzer-server + readinessProbe: + httpGet: + path: /healthz + port: 9003 + initialDelaySeconds: 30 + periodSeconds: 10 + failureThreshold: 200 + volumeMounts: + - name: persistent-configs + mountPath: /var/configs + env: + - name: PROMETHEUS_SERVER_ENDPOINT + valueFrom: + configMapKeyRef: + name: {{ template "cost-analyzer.fullname" . }} + key: prometheus-server-endpoint + {{- if .Values.reporting }} + {{- if .Values.reporting.valuesReporting }} + - name: HELM_VALUES + value: {{ template "cost-analyzer.filterEnabled" .Values }} + {{- end }} + {{- end }} + {{- if .Values.global.prometheus.insecureSkipVerify }} + - name: INSECURE_SKIP_VERIFY + value: {{ (quote .Values.global.prometheus.insecureSkipVerify) }} + {{- end }} + {{- /* + If queryService is set, the cost-analyzer will always pass THANOS_ENABLED as true + to ensure that the custom query service target is used. The global.thanos.enabled + flag does not have any affect on this behavior. + */}} + {{- if .Values.global.thanos.queryService }} + - name: THANOS_ENABLED + value: "true" + - name: THANOS_QUERY_URL + value: {{ .Values.global.thanos.queryService }} + - name: THANOS_QUERY_OFFSET + value: {{ .Values.global.thanos.queryOffset | default "3h" }} + - name: THANOS_MAX_SOURCE_RESOLUTION + value: {{ .Values.kubecostModel.maxSourceResolution | default "raw" }} + {{- else if and .Values.global.thanos.enabled .Values.thanos }} + {{- if .Values.thanos.query }} + {{- if .Values.thanos.query.enabled }} + - name: THANOS_ENABLED + value: "true" + - name: THANOS_QUERY_URL + value: http://{{ .Release.Name }}-thanos-query-frontend-http.{{ .Release.Namespace }}:{{ .Values.thanos.queryFrontend.http.port }} + - name: THANOS_QUERY_OFFSET + value: {{ .Values.global.thanos.queryOffset | default "3h" }} + - name: THANOS_MAX_SOURCE_RESOLUTION + value: {{ .Values.kubecostModel.maxSourceResolution | default "raw" }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.global.thanos.queryServiceBasicAuthSecretName}} + - name: MC_BASIC_AUTH_USERNAME + valueFrom: + secretKeyRef: + name: {{ .Values.global.thanos.queryServiceBasicAuthSecretName }} + key: USERNAME + - name: MC_BASIC_AUTH_PW + valueFrom: + secretKeyRef: + name: {{ .Values.global.thanos.queryServiceBasicAuthSecretName }} + key: PASSWORD + {{- end }} + {{- if .Values.global.prometheus.queryServiceBasicAuthSecretName}} + - name: DB_BASIC_AUTH_USERNAME + valueFrom: + secretKeyRef: + name: {{ .Values.global.prometheus.queryServiceBasicAuthSecretName }} + key: USERNAME + - name: DB_BASIC_AUTH_PW + valueFrom: + secretKeyRef: + name: {{ .Values.global.prometheus.queryServiceBasicAuthSecretName }} + key: PASSWORD + {{- end }} + {{- if .Values.global.prometheus.queryServiceBearerTokenSecretName }} + - name: DB_BEARER_TOKEN + valueFrom: + secretKeyRef: + name: {{ .Values.global.prometheus.queryServiceBearerTokenSecretName }} + key: TOKEN + {{- end }} + {{- if .Values.global.thanos.queryServiceBearerTokenSecretName }} + - name: MC_BEARER_TOKEN + valueFrom: + secretKeyRef: + name: {{ .Values.global.thanos.queryServiceBearerTokenSecretName }} + key: TOKEN + {{- end }} + - name: KUBECOST_NAMESPACE + value: {{ .Release.Namespace }} + - name: GOOGLE_APPLICATION_CREDENTIALS + value: /var/configs/key.json + - name: KUBECOST_TOKEN + valueFrom: + configMapKeyRef: + name: {{ template "cost-analyzer.fullname" . }} + key: kubecost-token + {{- if eq .Values.global.grafana.proxy false }} + - name: GRAFANA_URL + valueFrom: + configMapKeyRef: + name: external-grafana-config-map + key: grafanaURL + {{- end }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: + {{ toYaml .Values.imagePullSecrets | indent 2 }} + {{- end }} + {{- if .Values.priority }} + {{- if .Values.priority.enabled }} + priorityClassName: {{ template "cost-analyzer.fullname" . }}-priority + {{- end }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-frontend-config-map-template.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-frontend-config-map-template.yaml new file mode 100644 index 000000000..429ed1f90 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-frontend-config-map-template.yaml @@ -0,0 +1,174 @@ +{{- $serviceName := include "cost-analyzer.serviceName" . -}} +{{- $nginxPort := .Values.service.targetPort | default 9090 -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: nginx-conf + labels: + {{ include "cost-analyzer.commonLabels" . | nindent 4 }} +data: + nginx.conf: | + gzip_static on; + + # Enable gzip encoding for content of the provided types of 50kb and higher. + gzip on; + gzip_min_length 50000; + gzip_proxied expired no-cache no-store private auth; + gzip_types + text/plain + text/css + text/xml + text/javascript + application/x-javascript + application/xml + application/json; + + upstream api { + server {{ $serviceName }}.{{ .Release.Namespace }}:9001; + } + + upstream model { + server {{ $serviceName }}.{{ .Release.Namespace }}:9003; + } + +{{- if .Values.clusterController }} +{{- if .Values.clusterController.enabled }} + upstream clustercontroller { + server {{ template "kubecost.clusterControllerName" . }}-service.{{ .Release.Namespace }}:9731; + } +{{- end }} +{{- end }} + +{{- if .Values.global.grafana.proxy }} + upstream grafana { +{{- if .Values.global.grafana.enabled }} + server {{ .Release.Name }}-grafana.{{ .Release.Namespace }}; +{{ else }} + server {{.Values.global.grafana.domainName}}; +{{ end }} + } +{{ end }} + + server { + server_name _; + root /var/www; + index index.html; + add_header Cache-Control "max-age=300"; + add_header Cache-Control "must-revalidate"; +{{- if .Values.imageVersion }} + add_header ETag "{{ $.Values.imageVersion }}"; +{{- else }} + add_header ETag "{{ $.Chart.Version }}"; +{{- end }} +{{- if .Values.kubecostFrontend.tls }} +{{- if .Values.kubecostFrontend.tls.enabled }} + ssl_certificate /etc/ssl/certs/kc.crt; + ssl_certificate_key /etc/ssl/certs/kc.key; + listen 443 ssl; +{{- else }} + listen {{ $nginxPort }}; +{{- end }} +{{- else }} + listen {{ $nginxPort }}; +{{- end }} + location /api/ { + {{- if .Values.saml.enabled }} + auth_request /auth; + {{- end }} + proxy_pass http://api/; + proxy_redirect off; + proxy_http_version 1.1; + proxy_set_header Connection ""; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + location /model/ { + proxy_connect_timeout 180; + proxy_send_timeout 180; + proxy_read_timeout 180; + proxy_pass http://model/; + proxy_redirect off; + proxy_http_version 1.1; + proxy_set_header Connection ""; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + location ~ ^/(turndown|cluster)/ { + + add_header 'Access-Control-Allow-Origin' '*' always; +{{- if .Values.clusterController }} +{{- if .Values.clusterController.enabled }} + {{- if .Values.saml }} + {{- if .Values.saml.enabled }} + auth_request /auth; + {{- else if .Values.saml.rbac.enabled}} + auth_request /authrbac; + {{- end }} + {{- end }} + + rewrite ^/(?:turndown|cluster)/(.*)$ /$1 break; + proxy_pass http://clustercontroller; + proxy_connect_timeout 180; + proxy_send_timeout 180; + proxy_read_timeout 180; + proxy_redirect off; + proxy_http_version 1.1; + proxy_set_header Connection ""; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + +{{- else }} + return 404; +{{- end }} +{{- else }} + return 404; +{{- end }} + } + location /saml/ { + proxy_connect_timeout 180; + proxy_send_timeout 180; + proxy_read_timeout 180; + proxy_pass http://model/saml/; + proxy_redirect off; + proxy_http_version 1.1; + proxy_set_header Connection ""; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + location /login { + proxy_connect_timeout 180; + proxy_send_timeout 180; + proxy_read_timeout 180; + proxy_pass http://model/login; + proxy_redirect off; + proxy_http_version 1.1; + proxy_set_header Connection ""; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + {{- if .Values.global.grafana.proxy }} + location /grafana/ { + {{- if .Values.saml.enabled }} + auth_request /auth; + {{- end }} + proxy_pass http://grafana/; + proxy_redirect off; + proxy_http_version 1.1; + proxy_set_header Connection ""; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + {{ end }} + {{- if .Values.saml.enabled }} + location /auth { + proxy_pass http://model/isAuthenticated; + } + {{- end }} + {{- if .Values.saml.rbac.enabled }} + location /authrbac { + proxy_pass http://model/isAdminAuthenticated; + } + {{- end }} + } diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-ingress-template.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-ingress-template.yaml new file mode 100644 index 000000000..1b6e8776a --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-ingress-template.yaml @@ -0,0 +1,40 @@ +{{- if .Values.ingress -}} +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "cost-analyzer.fullname" . -}} +{{- $serviceName := include "cost-analyzer.serviceName" . -}} +{{- $ingressPaths := .Values.ingress.paths -}} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{ include "cost-analyzer.commonLabels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: +{{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} +{{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ . | quote }} + http: + paths: + {{- range $ingressPaths }} + - path: {{ . }} + backend: + serviceName: {{ $serviceName }} + servicePort: frontend + {{- end }} + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-network-costs-config-map-template.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-network-costs-config-map-template.yaml new file mode 100644 index 000000000..37276f297 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-network-costs-config-map-template.yaml @@ -0,0 +1,15 @@ +{{- if .Values.networkCosts -}} +{{- if .Values.networkCosts.enabled -}} +{{- if .Values.networkCosts.config -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: network-costs-config + labels: + {{ include "cost-analyzer.commonLabels" . | nindent 4 }} +data: + config.yaml: | +{{- toYaml .Values.networkCosts.config | nindent 4 }} +{{- end -}} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-network-costs-podmonitor-template.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-network-costs-podmonitor-template.yaml new file mode 100644 index 000000000..d45567616 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-network-costs-podmonitor-template.yaml @@ -0,0 +1,31 @@ +{{- if .Values.networkCosts }} +{{- if .Values.networkCosts.enabled }} +{{- if .Values.networkCosts.podMonitor }} +{{- if .Values.networkCosts.podMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: PodMonitor +metadata: + name: {{ include "cost-analyzer.networkCostsName" . }} + labels: + {{ include "cost-analyzer.commonLabels" . | nindent 4 }} + {{- if .Values.networkCosts.podMonitor.additionalLabels }} + {{ toYaml .Values.networkCosts.podMonitor.additionalLabels | nindent 4 }} + {{- end }} +spec: + podMetricsEndpoints: + - port: http-server + honorLabels: true + interval: 1m + scrapeTimeout: 10s + path: /metrics + scheme: http + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + selector: + matchLabels: + app: {{ template "cost-analyzer.networkCostsName" . }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-network-costs-template.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-network-costs-template.yaml new file mode 100644 index 000000000..e87d8d44b --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-network-costs-template.yaml @@ -0,0 +1,93 @@ +{{- if .Values.networkCosts -}} +{{- if .Values.networkCosts.enabled -}} +apiVersion: {{ include "cost-analyzer.daemonset.apiVersion" . }} +kind: DaemonSet +metadata: + name: {{ template "cost-analyzer.networkCostsName" . }} + labels: + {{- include "cost-analyzer.commonLabels" . | nindent 4 }} +spec: + updateStrategy: + type: RollingUpdate + selector: + matchLabels: + app: {{ template "cost-analyzer.networkCostsName" . }} + template: + metadata: + labels: + app: {{ template "cost-analyzer.networkCostsName" . }} + spec: + hostNetwork: true + serviceAccountName: {{ template "cost-analyzer.serviceAccountName" . }} + containers: + - name: {{ template "cost-analyzer.networkCostsName" . }} + image: {{ .Values.networkCosts.image }} +{{- if .Values.networkCosts.imagePullPolicy }} + imagePullPolicy: {{ .Values.networkCosts.imagePullPolicy }} +{{- else }} + imagePullPolicy: Always +{{- end }} +{{- if .Values.networkCosts.resources }} + resources: +{{ toYaml .Values.networkCosts.resources | indent 10 }} +{{- end }} + env: + {{- if .Values.networkCosts.hostProc }} + - name: HOST_PROC + value: {{ .Values.networkCosts.hostProc.mountPath }} + {{- end }} + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_PORT + value: {{ (quote .Values.networkCosts.port) | default (quote 3001) }} + - name: TRAFFIC_LOGGING_ENABLED + value: {{ (quote .Values.networkCosts.trafficLogging) | default (quote true) }} + volumeMounts: + {{- if .Values.networkCosts.hostProc }} + - mountPath: {{ .Values.networkCosts.hostProc.mountPath }} + name: host-proc + {{- else }} + - mountPath: /net + name: nf-conntrack + - mountPath: /netfilter + name: netfilter + {{- end }} + {{- if .Values.networkCosts.config }} + - mountPath: /network-costs/config + name: network-costs-config + {{- end }} + securityContext: + privileged: true + ports: + - name: http-server + containerPort: {{ .Values.networkCosts.port | default 3001 }} + hostPort: {{ .Values.networkCosts.port | default 3001 }} +{{- if .Values.networkCosts.priorityClassName }} + priorityClassName: "{{ .Values.networkCosts.priorityClassName }}" +{{- end }} +{{- if .Values.networkCosts.tolerations }} + tolerations: +{{ toYaml .Values.networkCosts.tolerations | indent 8 }} + {{- end }} + volumes: + {{- if .Values.networkCosts.config }} + - name: network-costs-config + configMap: + name: network-costs-config + {{- end }} + {{- if .Values.networkCosts.hostProc }} + - name: host-proc + hostPath: + path: {{ default "/proc" .Values.networkCosts.hostProc.hostPath }} + {{- else }} + - name: nf-conntrack + hostPath: + path: /proc/net + - name: netfilter + hostPath: + path: /proc/sys/net/netfilter + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-network-policy.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-network-policy.yaml new file mode 100644 index 000000000..872951bd1 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-network-policy.yaml @@ -0,0 +1,19 @@ +{{- if .Values.networkPolicy -}} +{{- if .Values.networkPolicy.enabled -}} +apiVersion: {{ include "cost-analyzer.networkPolicy.apiVersion" . }} +kind: NetworkPolicy +metadata: + name: deny-egress + labels: + {{ include "cost-analyzer.commonLabels" . | nindent 4 }} +spec: + podSelector: + matchLabels: + {{ include "cost-analyzer.selectorLabels" . | nindent 6 }} + policyTypes: + - Egress + egress: + - to: + - namespaceSelector: {} +{{- end -}} +{{- end -}} diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-pkey-configmap.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-pkey-configmap.yaml new file mode 100644 index 000000000..5ce22f52b --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-pkey-configmap.yaml @@ -0,0 +1,16 @@ +{{- if .Values.kubecostProductConfigs }} +{{- if .Values.kubecostProductConfigs.productKey }} +{{- if .Values.kubecostProductConfigs.productKey.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: product-configs + labels: + {{ include "cost-analyzer.commonLabels" . | nindent 4 }} +data: + {{- if .Values.kubecostProductConfigs.productKey.key }} + key: {{ .Values.kubecostProductConfigs.productKey.key | quote }} + {{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-postgres-deployment.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-postgres-deployment.yaml new file mode 100644 index 000000000..08f82a5ac --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-postgres-deployment.yaml @@ -0,0 +1,49 @@ +{{- if .Values.remoteWrite -}} +{{- if .Values.remoteWrite.postgres -}} +{{- if .Values.remoteWrite.postgres.enabled -}} +{{- if .Values.remoteWrite.postgres.installLocal -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "cost-analyzer.fullname" . }}-postgres + labels: + {{ include "cost-analyzer.commonLabels" . | nindent 4 }} +spec: + selector: + matchLabels: + app: postgres + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + labels: + app: postgres + spec: + containers: + - image: timescale/pg_prometheus:latest-pg11 + name: pgprometheus + ports: + - containerPort: 5432 + args: + - -csynchronous_commit=off + - -S 1GB + env: + - name: POSTGRES_PASSWORD + value: {{ .Values.remoteWrite.postgres.auth.password }} + - name: POSTGRES_USER + value: postgres + volumeMounts: + - mountPath: /var/lib/postgresql/data + name: postgres-pv-volume + subPath: postgres + volumes: + - name: postgres-pv-volume + persistentVolumeClaim: + claimName: postgres-pv-claim +{{- end }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-postgres-pv.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-postgres-pv.yaml new file mode 100644 index 000000000..0a67fa928 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-postgres-pv.yaml @@ -0,0 +1,22 @@ +{{- if .Values.remoteWrite -}} +{{- if .Values.remoteWrite.postgres -}} +{{- if .Values.remoteWrite.postgres.enabled -}} +{{- if .Values.remoteWrite.postgres.installLocal -}} +kind: PersistentVolume +apiVersion: v1 +metadata: + name: postgres-pv-volume + labels: + type: local + app: postgres +spec: + capacity: + storage: {{ .Values.remoteWrite.postgres.persistentVolume.size }} + accessModes: + - ReadWriteOnce + hostPath: + path: "/mnt/data" +{{- end }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-postgres-pvc.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-postgres-pvc.yaml new file mode 100644 index 000000000..8c5deb444 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-postgres-pvc.yaml @@ -0,0 +1,20 @@ +{{- if .Values.remoteWrite -}} +{{- if .Values.remoteWrite.postgres -}} +{{- if .Values.remoteWrite.postgres.enabled -}} +{{- if .Values.remoteWrite.postgres.installLocal -}} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: postgres-pv-claim + labels: + app: postgres +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: {{ .Values.remoteWrite.postgres.persistentVolume.size }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-postgres-service.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-postgres-service.yaml new file mode 100644 index 000000000..5488c58b1 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-postgres-service.yaml @@ -0,0 +1,22 @@ +{{- if .Values.remoteWrite -}} +{{- if .Values.remoteWrite.postgres -}} +{{- if .Values.remoteWrite.postgres.enabled -}} +{{- if .Values.remoteWrite.postgres.installLocal -}} +kind: Service +apiVersion: v1 +metadata: + name: pgprometheus + labels: + {{ include "cost-analyzer.commonLabels" . | nindent 4 }} +spec: + selector: + app: postgres + type: ClusterIP + ports: + - name: server + port: 5432 + targetPort: 5432 +{{- end }} +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-pricing-configmap.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-pricing-configmap.yaml new file mode 100644 index 000000000..7163cec98 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-pricing-configmap.yaml @@ -0,0 +1,121 @@ +{{- if .Values.kubecostProductConfigs }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: pricing-configs + labels: + {{ include "cost-analyzer.commonLabels" . | nindent 4 }} +data: + {{- if .Values.kubecostProductConfigs.defaultModelPricing }} + {{- if .Values.kubecostProductConfigs.defaultModelPricing.enabled }} + {{- if .Values.kubecostProductConfigs.customPricesEnabled }} + customPricesEnabled: "{{ .Values.kubecostProductConfigs.customPricesEnabled }}" + {{- end -}} + {{- if .Values.kubecostProductConfigs.defaultModelPricing.CPU }} + CPU: "{{ .Values.kubecostProductConfigs.defaultModelPricing.CPU | toString }}" + {{- end -}} + {{- if .Values.kubecostProductConfigs.defaultModelPricing.spotCPU }} + spotCPU: "{{ .Values.kubecostProductConfigs.defaultModelPricing.spotCPU | toString }}" + {{- end -}} + {{- if .Values.kubecostProductConfigs.defaultModelPricing.RAM }} + RAM: "{{ .Values.kubecostProductConfigs.defaultModelPricing.RAM | toString }}" + {{- end -}} + {{- if .Values.kubecostProductConfigs.defaultModelPricing.spotRAM }} + spotRAM: "{{ .Values.kubecostProductConfigs.defaultModelPricing.spotRAM | toString }}" + {{- end -}} + {{- if .Values.kubecostProductConfigs.defaultModelPricing.GPU }} + GPU: "{{ .Values.kubecostProductConfigs.defaultModelPricing.GPU | toString }}" + {{- end -}} + {{- if .Values.kubecostProductConfigs.defaultModelPricing.spotGPU }} + spotGPU: "{{ .Values.kubecostProductConfigs.defaultModelPricing.spotGPU | toString }}" + {{- end -}} + {{- if .Values.kubecostProductConfigs.defaultModelPricing.storage }} + storage: "{{ .Values.kubecostProductConfigs.defaultModelPricing.storage | toString }}" + {{- end -}} + {{- if .Values.kubecostProductConfigs.defaultModelPricing.zoneNetworkEgress }} + zoneNetworkEgress: "{{ .Values.kubecostProductConfigs.defaultModelPricing.zoneNetworkEgress | toString }}" + {{- end -}} + {{- if .Values.kubecostProductConfigs.defaultModelPricing.regionNetworkEgress }} + regionNetworkEgress: "{{ .Values.kubecostProductConfigs.defaultModelPricing.regionNetworkEgress | toString }}" + {{- end -}} + {{- if .Values.kubecostProductConfigs.defaultModelPricing.internetNetworkEgress }} + internetNetworkEgress: "{{ .Values.kubecostProductConfigs.defaultModelPricing.internetNetworkEgress | toString }}" + {{- end -}} + {{- end -}} + {{- end -}} + {{- if .Values.kubecostProductConfigs.clusterName }} + clusterName: "{{ .Values.kubecostProductConfigs.clusterName }}" + {{- end -}} + {{- if .Values.kubecostProductConfigs.currencyCode }} + currencyCode: "{{ .Values.kubecostProductConfigs.currencyCode }}" + {{- end -}} + {{- if .Values.kubecostProductConfigs.azureBillingRegion }} + azureBillingRegion: "{{ .Values.kubecostProductConfigs.azureBillingRegion }}" + {{- end -}} + {{- if .Values.kubecostProductConfigs.azureSubscriptionID }} + azureSubscriptionID: "{{ .Values.kubecostProductConfigs.azureSubscriptionID }}" + {{- end -}} + {{- if .Values.kubecostProductConfigs.azureClientID }} + azureClientID: "{{ .Values.kubecostProductConfigs.azureClientID }}" + {{- end -}} + {{- if .Values.kubecostProductConfigs.azureTenantID }} + azureTenantID: "{{ .Values.kubecostProductConfigs.azureTenantID }}" + {{- end -}} + {{- if .Values.kubecostProductConfigs.discount }} + discount: "{{ .Values.kubecostProductConfigs.discount }}" + {{- end -}} + {{- if .Values.kubecostProductConfigs.negotiatedDiscount }} + negotiatedDiscount: "{{ .Values.kubecostProductConfigs.negotiatedDiscount }}" + {{- end -}} + {{- if .Values.kubecostProductConfigs.defaultIdle }} + defaultIdle: "{{ .Values.kubecostProductConfigs.defaultIdle }}" + {{- end -}} + {{- if .Values.kubecostProductConfigs.sharedNamespaces }} + sharedNamespaces: "{{ .Values.kubecostProductConfigs.sharedNamespaces }}" + {{- end -}} + {{- if .Values.kubecostProductConfigs.spotLabel }} + spotLabel: "{{ .Values.kubecostProductConfigs.spotLabel }}" + {{- end -}} + {{- if .Values.kubecostProductConfigs.spotLabelValue }} + spotLabelValue: "{{ .Values.kubecostProductConfigs.spotLabelValue }}" + {{- end -}} + {{- if .Values.kubecostProductConfigs.awsSpotDataRegion }} + spotDataRegion: "{{ .Values.kubecostProductConfigs.awsSpotDataRegion }}" + {{- end -}} + {{- if .Values.kubecostProductConfigs.awsSpotDataBucket }} + spotDataBucket: "{{ .Values.kubecostProductConfigs.awsSpotDataBucket }}" + {{- end -}} + {{- if .Values.kubecostProductConfigs.awsSpotDataPrefix }} + spotDataPrefix: "{{ .Values.kubecostProductConfigs.awsSpotDataPrefix }}" + {{- end -}} + {{- if .Values.kubecostProductConfigs.projectID }} + projectID: "{{ .Values.kubecostProductConfigs.projectID }}" + {{- end -}} + {{- if .Values.kubecostProductConfigs.bigQueryBillingDataDataset }} + billingDataDataset: "{{ .Values.kubecostProductConfigs.bigQueryBillingDataDataset }}" + {{- end -}} + {{- if .Values.kubecostProductConfigs.athenaProjectID }} + athenaProjectID: "{{ .Values.kubecostProductConfigs.athenaProjectID }}" + {{- end -}} + {{- if .Values.kubecostProductConfigs.athenaBucketName }} + athenaBucketName: "{{ .Values.kubecostProductConfigs.athenaBucketName }}" + {{- end -}} + {{- if .Values.kubecostProductConfigs.athenaRegion }} + athenaRegion: "{{ .Values.kubecostProductConfigs.athenaRegion }}" + {{- end -}} + {{- if .Values.kubecostProductConfigs.athenaDatabase }} + athenaDatabase: "{{ .Values.kubecostProductConfigs.athenaDatabase }}" + {{- end -}} + {{- if .Values.kubecostProductConfigs.athenaTable }} + athenaTable: "{{ .Values.kubecostProductConfigs.athenaTable }}" + {{- end -}} + {{- if .Values.kubecostProductConfigs.masterPayerARN}} + masterPayerARN: "{{ .Values.kubecostProductConfigs.masterPayerARN }}" + {{- end }} + {{- if .Values.kubecostProductConfigs.gpuLabel }} + gpuLabel: "{{ .Values.kubecostProductConfigs.gpuLabel }}" + {{- end -}} + {{- if .Values.kubecostProductConfigs.gpuLabelValue }} + gpuLabelValue: "{{ .Values.kubecostProductConfigs.gpuLabelValue }}" + {{- end -}} +{{- end -}} diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-prometheus-postgres-adapter-deployment.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-prometheus-postgres-adapter-deployment.yaml new file mode 100644 index 000000000..c2b282772 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-prometheus-postgres-adapter-deployment.yaml @@ -0,0 +1,53 @@ +{{- if .Values.remoteWrite -}} +{{- if .Values.remoteWrite.postgres -}} +{{- if .Values.remoteWrite.postgres.enabled -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "cost-analyzer.fullname" . }}-adapter + labels: + {{ include "cost-analyzer.commonLabels" . | nindent 4 }} +spec: + selector: + matchLabels: + app: adapter + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + labels: + app: adapter + spec: + initContainers: + - name: kubecost-sql-init + image: {{ .Values.remoteWrite.postgres.initImage }}:prod-{{ $.Chart.AppVersion }} + {{- if .Values.remoteWrite.postgres.initImagePullPolicy }} + imagePullPolicy: {{ .Values.remoteWrite.postgres.initImagePullPolicy }} + {{- else }} + imagePullPolicy: Always + {{- end }} + env: + - name: PROMETHEUS_SERVER_ENDPOINT + valueFrom: + configMapKeyRef: + name: {{ template "cost-analyzer.fullname" . }} + key: prometheus-server-endpoint + containers: + - image: timescale/prometheus-postgresql-adapter:latest + name: pgprometheusadapter + ports: + - containerPort: 9201 + args: + {{- if .Values.remoteWrite.postgres.installLocal }} + - "-pg-host=pgprometheus" + {{- else }} + - "-pg-host={{ .Values.remoteWrite.postgres.remotePostgresAddress }}" + {{- end }} + - "-pg-prometheus-log-samples=true" + - "-pg-password={{ .Values.remoteWrite.postgres.auth.password }}" +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-prometheus-postgres-adapter-service.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-prometheus-postgres-adapter-service.yaml new file mode 100644 index 000000000..d36479439 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-prometheus-postgres-adapter-service.yaml @@ -0,0 +1,20 @@ +{{- if .Values.remoteWrite -}} +{{- if .Values.remoteWrite.postgres -}} +{{- if .Values.remoteWrite.postgres.enabled -}} +kind: Service +apiVersion: v1 +metadata: + name: pgprometheus-adapter + labels: + {{ include "cost-analyzer.commonLabels" . | nindent 4 }} +spec: + selector: + app: adapter + type: ClusterIP + ports: + - name: server + port: 9201 + targetPort: 9201 +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-prometheusrule-template.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-prometheusrule-template.yaml new file mode 100644 index 000000000..61380b424 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-prometheusrule-template.yaml @@ -0,0 +1,21 @@ +{{- if .Values.prometheus }} +{{- if .Values.prometheus.serverFiles }} +{{- if .Values.prometheus.serverFiles.rules }} +{{- if .Values.prometheusRule }} +{{- if .Values.prometheusRule.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ include "cost-analyzer.fullname" . }} + labels: + {{ include "cost-analyzer.commonLabels" . | nindent 4 }} + {{- if .Values.prometheusRule.additionalLabels }} + {{ toYaml .Values.prometheusRule.additionalLabels | nindent 4 }} + {{- end }} +spec: + {{ toYaml .Values.prometheus.serverFiles.rules | nindent 2 }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-psp-role.template.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-psp-role.template.yaml new file mode 100644 index 000000000..f326b1f1c --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-psp-role.template.yaml @@ -0,0 +1,18 @@ +{{- if .Values.podSecurityPolicy }} +{{- if .Values.podSecurityPolicy.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: kubecost-cost-analyzer-psp + annotations: +{{- if .Values.podSecurityPolicy.annotations }} +{{ toYaml .Values.podSecurityPolicy.annotations | indent 4 }} +{{- end }} +rules: +- apiGroups: ['extensions'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - kubecost-cost-analyzer-psp +{{- end }} +{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-psp-rolebinding.template.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-psp-rolebinding.template.yaml new file mode 100644 index 000000000..8e1d925c5 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-psp-rolebinding.template.yaml @@ -0,0 +1,16 @@ +{{- if .Values.podSecurityPolicy }} +{{- if .Values.podSecurityPolicy.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: kubecost-cost-analyzer-psp +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: kubecost-cost-analyzer-psp +subjects: +- kind: ServiceAccount + name: {{ template "cost-analyzer.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end }} +{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-psp.template.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-psp.template.yaml new file mode 100644 index 000000000..885ab9ca9 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-psp.template.yaml @@ -0,0 +1,20 @@ +{{- if .Values.podSecurityPolicy }} +{{- if .Values.podSecurityPolicy.enabled }} +apiVersion: {{ include "cost-analyzer.podSecurityPolicy.apiVersion" . }} +kind: PodSecurityPolicy +metadata: + name: kubecost-cost-analyzer-psp +spec: + privileged: true + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + runAsUser: + rule: RunAsAny + fsGroup: + rule: RunAsAny + volumes: + - '*' +{{- end }} +{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-pvc-template.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-pvc-template.yaml new file mode 100644 index 000000000..d3e257668 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-pvc-template.yaml @@ -0,0 +1,25 @@ +{{- if .Values.persistentVolume -}} +{{- if not .Values.persistentVolume.existingClaim -}} +{{- if .Values.persistentVolume.enabled -}} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ template "cost-analyzer.fullname" . }} + labels: + {{ include "cost-analyzer.commonLabels" . | nindent 4 }} +spec: + accessModes: + - ReadWriteOnce + {{- if .Values.persistentVolume.storageClass }} + storageClassName: {{ .Values.persistentVolume.storageClass }} + {{ end }} + resources: + requests: + {{- if .Values.persistentVolume }} + storage: {{ .Values.persistentVolume.size }} + {{- else }} + storage: 0.2Gi + {{ end }} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-saml-config-map-template.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-saml-config-map-template.yaml new file mode 100644 index 000000000..71ac8659c --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-saml-config-map-template.yaml @@ -0,0 +1,13 @@ +{{- if .Values.saml }} +{{- if .Values.saml.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "cost-analyzer.fullname" . }}-saml + labels: + {{ include "cost-analyzer.commonLabels" . | nindent 4 }} +data: +{{- $root := . }} + saml.json: '{{ toJson .Values.saml }}' +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-server-configmap.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-server-configmap.yaml new file mode 100644 index 000000000..edf5ca6fa --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-server-configmap.yaml @@ -0,0 +1,69 @@ +{{- if .Values.kubecostProductConfigs }} +{{- if or .Values.kubecostProductConfigs.grafanaURL .Values.kubecostProductConfigs.labelMappingConfigs }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: app-configs + labels: + {{ include "cost-analyzer.commonLabels" . | nindent 4 }} +data: +{{- if .Values.kubecostProductConfigs.labelMappingConfigs }} +{{- if .Values.kubecostProductConfigs.labelMappingConfigs.enabled }} + {{- if .Values.kubecostProductConfigs.labelMappingConfigs.owner_label }} + owner_label: "{{ .Values.kubecostProductConfigs.labelMappingConfigs.owner_label }}" + {{- end -}} + {{- if .Values.kubecostProductConfigs.labelMappingConfigs.team_label }} + team_label: "{{ .Values.kubecostProductConfigs.labelMappingConfigs.team_label }}" + {{- end -}} + {{- if .Values.kubecostProductConfigs.labelMappingConfigs.department_label }} + department_label: "{{ .Values.kubecostProductConfigs.labelMappingConfigs.department_label }}" + {{- end -}} + {{- if .Values.kubecostProductConfigs.labelMappingConfigs.product_label }} + product_label: "{{ .Values.kubecostProductConfigs.labelMappingConfigs.product_label }}" + {{- end -}} + {{- if .Values.kubecostProductConfigs.labelMappingConfigs.environment_label }} + environment_label: "{{ .Values.kubecostProductConfigs.labelMappingConfigs.environment_label }}" + {{- end -}} + {{- if .Values.kubecostProductConfigs.labelMappingConfigs.namespace_external_label }} + namespace_external_label: "{{ .Values.kubecostProductConfigs.labelMappingConfigs.namespace_external_label }}" + {{- end -}} + {{- if .Values.kubecostProductConfigs.labelMappingConfigs.cluster_external_label }} + cluster_external_label: "{{ .Values.kubecostProductConfigs.labelMappingConfigs.cluster_external_label }}" + {{- end -}} + {{- if .Values.kubecostProductConfigs.labelMappingConfigs.controller_external_label }} + controller_external_label: "{{ .Values.kubecostProductConfigs.labelMappingConfigs.controller_external_label }}" + {{- end -}} + {{- if .Values.kubecostProductConfigs.labelMappingConfigs.product_external_label }} + product_external_label: "{{ .Values.kubecostProductConfigs.labelMappingConfigs.product_external_label }}" + {{- end -}} + {{- if .Values.kubecostProductConfigs.labelMappingConfigs.service_external_label }} + service_external_label: "{{ .Values.kubecostProductConfigs.labelMappingConfigs.service_external_label }}" + {{- end -}} + {{- if .Values.kubecostProductConfigs.labelMappingConfigs.deployment_external_label }} + deployment_external_label: "{{ .Values.kubecostProductConfigs.labelMappingConfigs.deployment_external_label }}" + {{- end -}} + {{- if .Values.kubecostProductConfigs.labelMappingConfigs.team_external_label }} + team_external_label: "{{ .Values.kubecostProductConfigs.labelMappingConfigs.team_external_label }}" + {{- end -}} + {{- if .Values.kubecostProductConfigs.labelMappingConfigs.environment_external_label }} + environment_external_label: "{{ .Values.kubecostProductConfigs.labelMappingConfigs.environment_external_label }}" + {{- end -}} + {{- if .Values.kubecostProductConfigs.labelMappingConfigs.department_external_label }} + department_external_label: "{{ .Values.kubecostProductConfigs.labelMappingConfigs.department_external_label }}" + {{- end -}} + {{- if .Values.kubecostProductConfigs.labelMappingConfigs.statefulset_external_label }} + statefulset_external_label: "{{ .Values.kubecostProductConfigs.labelMappingConfigs.statefulset_external_label }}" + {{- end -}} + {{- if .Values.kubecostProductConfigs.labelMappingConfigs.daemonset_external_label }} + daemonset_external_label: "{{ .Values.kubecostProductConfigs.labelMappingConfigs.daemonset_external_label }}" + {{- end -}} + {{- if .Values.kubecostProductConfigs.labelMappingConfigs.pod_external_label }} + pod_external_label: "{{ .Values.kubecostProductConfigs.labelMappingConfigs.pod_external_label }}" + {{- end -}} +{{- end -}} +{{- end -}} + {{- if .Values.kubecostProductConfigs.grafanaURL }} + grafanaURL: "{{ .Values.kubecostProductConfigs.grafanaURL }}" + {{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-service-account-template.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-service-account-template.yaml new file mode 100644 index 000000000..d5e3be3b9 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-service-account-template.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "cost-analyzer.serviceAccountName" . }} + labels: + {{ include "cost-analyzer.commonLabels" . | nindent 4 }} +{{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} +{{- end }} +{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-service-template.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-service-template.yaml new file mode 100644 index 000000000..dd48bb3f8 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-service-template.yaml @@ -0,0 +1,69 @@ +{{- $nginxPort := .Values.service.targetPort | default 9090 -}} +{{- $servicePort := .Values.service.port | default 9090 -}} +kind: Service +apiVersion: v1 +metadata: + name: {{ template "cost-analyzer.serviceName" . }} + labels: + {{ include "cost-analyzer.commonLabels" . | nindent 4 }} +{{- if .Values.service.labels }} +{{ toYaml .Values.service.labels | indent 4 }} +{{- end }} +{{- if .Values.service.annotations }} + annotations: +{{ toYaml .Values.service.annotations | indent 4 }} +{{- end }} +spec: + selector: + {{ include "cost-analyzer.selectorLabels" . | nindent 4 }} +{{- if .Values.service -}} +{{- if .Values.service.type }} + type: "{{ .Values.service.type }}" +{{- else }} + type: ClusterIP +{{- end }} +{{- else }} + type: ClusterIP +{{- end }} + ports: + - name: server + port: 9001 + targetPort: 9001 + - name: model + port: 9003 + targetPort: 9003 + - name: frontend + {{- if .Values.kubecostFrontend.tls }} + {{- if .Values.kubecostFrontend.tls.enabled }} + port: 443 + targetPort: 443 + {{- if (eq .Values.service.type "NodePort") }} + {{- if .Values.service.nodePort }} + nodePort: {{ .Values.service.nodePort }} + {{- end }} + {{- end }} + {{- else }} + port: {{ $servicePort }} + targetPort: {{ $nginxPort }} + {{- if (eq .Values.service.type "NodePort") }} + {{- if .Values.service.nodePort }} + nodePort: {{ .Values.service.nodePort }} + {{- end }} + {{- end }} + {{- end}} + {{- else }} + port: {{ $servicePort }} + targetPort: {{ $nginxPort }} + {{- if (eq .Values.service.type "NodePort") }} + {{- if .Values.service.nodePort }} + nodePort: {{ .Values.service.nodePort }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.saml }} + {{- if .Values.saml.enabled }} + - name: apiserver + port: 9004 + targetPort: 9004 + {{- end }} + {{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-servicemonitor-template.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-servicemonitor-template.yaml new file mode 100644 index 000000000..6f79d8cd4 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/templates/cost-analyzer-servicemonitor-template.yaml @@ -0,0 +1,27 @@ +{{- if .Values.serviceMonitor }} +{{- if .Values.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "cost-analyzer.fullname" . }} + labels: + {{ include "cost-analyzer.commonLabels" . | nindent 4 }} + {{- if .Values.serviceMonitor.additionalLabels }} + {{ toYaml .Values.serviceMonitor.additionalLabels | nindent 4 }} + {{- end }} +spec: + endpoints: + - port: model + honorLabels: true + interval: 1m + scrapeTimeout: 10s + path: /metrics + scheme: http + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + selector: + matchLabels: + {{ include "cost-analyzer.selectorLabels" . | nindent 6 }} +{{- end }} +{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/external-grafana-config-map-template.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/external-grafana-config-map-template.yaml new file mode 100644 index 000000000..5e81ed359 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/templates/external-grafana-config-map-template.yaml @@ -0,0 +1,10 @@ +{{- if eq .Values.global.grafana.proxy false -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: external-grafana-config-map + labels: + {{ include "cost-analyzer.commonLabels" . | nindent 4 }} +data: + grafanaURL: {{ .Values.global.grafana.scheme | default "http" }}://{{- .Values.global.grafana.domainName }} +{{- end -}} \ No newline at end of file diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/grafana-attached-disk-metrics-template.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/grafana-attached-disk-metrics-template.yaml new file mode 100644 index 000000000..6d896a34c --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/templates/grafana-attached-disk-metrics-template.yaml @@ -0,0 +1,25 @@ +{{- if .Values.grafana -}} +{{- if .Values.grafana.sidecar -}} +{{- if .Values.grafana.sidecar.dashboards -}} +{{- if .Values.grafana.sidecar.dashboards.enabled -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: attached-disk-metrics-dashboard + {{- if $.Values.grafana.namespace_dashboards }} + namespace: {{ $.Values.grafana.namespace_dashboards }} + {{- end }} + labels: + {{ include "cost-analyzer.commonLabels" . | nindent 4 }} + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- else }} + grafana_dashboard: "1" + {{- end }} +data: + attached-disks.json: |- +{{ .Files.Get "attached-disks.json" | indent 8 }} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/grafana-dashboard-cluster-metrics-template.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/grafana-dashboard-cluster-metrics-template.yaml new file mode 100644 index 000000000..91650c74b --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/templates/grafana-dashboard-cluster-metrics-template.yaml @@ -0,0 +1,27 @@ +{{- if .Values.grafana -}} +{{- if .Values.grafana.sidecar -}} +{{- if .Values.grafana.sidecar.dashboards -}} +{{- if .Values.grafana.sidecar.dashboards.enabled -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: cluster-metrics-dashboard + {{- if $.Values.grafana.namespace_dashboards }} + namespace: {{ $.Values.grafana.namespace_dashboards }} + {{- end }} + labels: + {{ include "cost-analyzer.commonLabels" . | nindent 4 }} + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- else }} + grafana_dashboard: "1" + {{- end }} +data: + cluster-metrics.json: |- +{{ .Files.Get "cluster-metrics.json" | indent 8 }} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} + + diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/grafana-dashboard-cluster-utilization-template.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/grafana-dashboard-cluster-utilization-template.yaml new file mode 100644 index 000000000..8fe764c3e --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/templates/grafana-dashboard-cluster-utilization-template.yaml @@ -0,0 +1,25 @@ +{{- if .Values.grafana -}} +{{- if .Values.grafana.sidecar -}} +{{- if .Values.grafana.sidecar.dashboards -}} +{{- if .Values.grafana.sidecar.dashboards.enabled -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: cluster-utilization-dashboard + {{- if $.Values.grafana.namespace_dashboards }} + namespace: {{ $.Values.grafana.namespace_dashboards }} + {{- end }} + labels: + {{ include "cost-analyzer.commonLabels" . | nindent 4 }} + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- else }} + grafana_dashboard: "1" + {{- end }} +data: + cluster-utilization.json: |- +{{ .Files.Get "cluster-utilization.json" | indent 8 }} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/grafana-dashboard-deployment-utilization-template.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/grafana-dashboard-deployment-utilization-template.yaml new file mode 100644 index 000000000..d16c70bcd --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/templates/grafana-dashboard-deployment-utilization-template.yaml @@ -0,0 +1,25 @@ +{{- if .Values.grafana -}} +{{- if .Values.grafana.sidecar -}} +{{- if .Values.grafana.sidecar.dashboards -}} +{{- if .Values.grafana.sidecar.dashboards.enabled -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: deployment-utilization-dashboard + {{- if $.Values.grafana.namespace_dashboards }} + namespace: {{ $.Values.grafana.namespace_dashboards }} + {{- end }} + labels: + {{ include "cost-analyzer.commonLabels" . | nindent 4 }} + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- else }} + grafana_dashboard: "1" + {{- end }} +data: + deployment-utilization.json: |- +{{ .Files.Get "deployment-utilization.json" | indent 8 }} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/grafana-dashboard-label-cost-utilization-template.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/grafana-dashboard-label-cost-utilization-template.yaml new file mode 100644 index 000000000..2372514d4 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/templates/grafana-dashboard-label-cost-utilization-template.yaml @@ -0,0 +1,25 @@ +{{- if .Values.grafana -}} +{{- if .Values.grafana.sidecar -}} +{{- if .Values.grafana.sidecar.dashboards -}} +{{- if .Values.grafana.sidecar.dashboards.enabled -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: label-cost-dashboard + {{- if $.Values.grafana.namespace_dashboards }} + namespace: {{ $.Values.grafana.namespace_dashboards }} + {{- end }} + labels: + {{ include "cost-analyzer.commonLabels" . | nindent 4 }} + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- else }} + grafana_dashboard: "1" + {{- end }} +data: + label-cost-utilization.json: |- +{{ .Files.Get "label-cost-utilization.json" | indent 8 }} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/grafana-dashboard-namespace-utilization-template.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/grafana-dashboard-namespace-utilization-template.yaml new file mode 100644 index 000000000..17393dd16 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/templates/grafana-dashboard-namespace-utilization-template.yaml @@ -0,0 +1,25 @@ +{{- if .Values.grafana -}} +{{- if .Values.grafana.sidecar -}} +{{- if .Values.grafana.sidecar.dashboards -}} +{{- if .Values.grafana.sidecar.dashboards.enabled -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: namespace-utilization-dashboard + {{- if $.Values.grafana.namespace_dashboards }} + namespace: {{ $.Values.grafana.namespace_dashboards }} + {{- end }} + labels: + {{ include "cost-analyzer.commonLabels" . | nindent 4 }} + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- else }} + grafana_dashboard: "1" + {{- end }} +data: + namespace-utilization.json: |- +{{ .Files.Get "namespace-utilization.json" | indent 8 }} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/grafana-dashboard-node-utilization-template.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/grafana-dashboard-node-utilization-template.yaml new file mode 100644 index 000000000..586a3dfca --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/templates/grafana-dashboard-node-utilization-template.yaml @@ -0,0 +1,25 @@ +{{- if .Values.grafana -}} +{{- if .Values.grafana.sidecar -}} +{{- if .Values.grafana.sidecar.dashboards -}} +{{- if .Values.grafana.sidecar.dashboards.enabled -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: node-utilization-dashboard + {{- if $.Values.grafana.namespace_dashboards }} + namespace: {{ $.Values.grafana.namespace_dashboards }} + {{- end }} + labels: + {{ include "cost-analyzer.commonLabels" . | nindent 4 }} + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- else }} + grafana_dashboard: "1" + {{- end }} +data: + node-utilization.json: |- +{{ .Files.Get "node-utilization.json" | indent 8 }} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/grafana-dashboard-pod-utilization-template.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/grafana-dashboard-pod-utilization-template.yaml new file mode 100644 index 000000000..92017afb8 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/templates/grafana-dashboard-pod-utilization-template.yaml @@ -0,0 +1,25 @@ +{{- if .Values.grafana -}} +{{- if .Values.grafana.sidecar -}} +{{- if .Values.grafana.sidecar.dashboards -}} +{{- if .Values.grafana.sidecar.dashboards.enabled -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: pod-utilization-dashboard + {{- if $.Values.grafana.namespace_dashboards }} + namespace: {{ $.Values.grafana.namespace_dashboards }} + {{- end }} + labels: + {{ include "cost-analyzer.commonLabels" . | nindent 4 }} + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- else }} + grafana_dashboard: "1" + {{- end }} +data: + pod-utilization.json: |- +{{ .Files.Get "pod-utilization.json" | indent 8 }} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/grafana-dashboard-prometheus-metrics-template.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/grafana-dashboard-prometheus-metrics-template.yaml new file mode 100644 index 000000000..32e1fc707 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/templates/grafana-dashboard-prometheus-metrics-template.yaml @@ -0,0 +1,25 @@ +{{- if .Values.grafana -}} +{{- if .Values.grafana.sidecar -}} +{{- if .Values.grafana.sidecar.dashboards -}} +{{- if .Values.grafana.sidecar.dashboards.enabled -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: prom-benchmark-dashboard + {{- if $.Values.grafana.namespace_dashboards }} + namespace: {{ $.Values.grafana.namespace_dashboards }} + {{- end }} + labels: + {{ include "cost-analyzer.commonLabels" . | nindent 4 }} + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- else }} + grafana_dashboard: "1" + {{- end }} +data: + pod-utilization.json: |- +{{ .Files.Get "prom-benchmark.json" | indent 8 }} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/grafana-datasource-template.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/grafana-datasource-template.yaml new file mode 100644 index 000000000..e79d2fa35 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/templates/grafana-datasource-template.yaml @@ -0,0 +1,72 @@ +{{- if .Values.grafana -}} +{{- if .Values.grafana.sidecar -}} +{{- if .Values.grafana.sidecar.datasources -}} +{{- if .Values.grafana.sidecar.datasources.enabled -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: grafana-datasource + {{- if $.Values.grafana.namespace_datasources }} + namespace: {{ $.Values.grafana.namespace_datasources }} + {{- end }} + labels: + {{ include "cost-analyzer.commonLabels" . | nindent 4 }} + {{- if $.Values.grafana.sidecar.datasources.label }} + {{ $.Values.grafana.sidecar.datasources.label }}: "1" + {{- else }} + {{- if .Values.global.grafana.enabled }} + kubecost_grafana_datasource: "1" + {{- else }} + grafana_datasource: "1" + {{- end }} + {{- end }} +data: + {{ default "datasource.yaml" .Values.grafana.sidecar.datasources.dataSourceFilename }}: |- + apiVersion: 1 + datasources: + - access: proxy +{{- if .Values.global.thanos }} +{{- if .Values.global.thanos.enabled }} + name: {{ default "Prometheus" .Values.grafana.sidecar.datasources.dataSourceName }} + isDefault: false +{{- else }} + name: "default-kubecost" +{{- if .Values.grafana.sidecar.datasources.defaultDatasourceEnabled }} + isDefault: true +{{- else }} + isDefault: false +{{- end }} +{{- end }} +{{- else }} + name: "default-kubecost" +{{- if .Values.grafana.sidecar.datasources.defaultDatasourceEnabled }} + isDefault: true +{{- else }} + isDefault: false +{{- end }} +{{- end }} + type: prometheus +{{- if .Values.global.prometheus.enabled }} + url: http://{{ template "cost-analyzer.prometheus.server.name" . }}.{{ .Release.Namespace }} +{{- else }} + url: {{ .Values.global.prometheus.fqdn }} +{{- end }} +{{- if .Values.global.thanos.enabled }} + - access: proxy + name: "default-kubecost" + type: prometheus +{{- if .Values.grafana.sidecar.datasources.defaultDatasourceEnabled }} + isDefault: true +{{- else }} + isDefault: false +{{- end }} +{{- if .Values.global.prometheus.enabled }} + url: http://{{ .Release.Name }}-thanos-query-http.{{ .Release.Namespace }}:{{ .Values.thanos.query.http.port }} +{{ else }} + url: {{ .Values.global.thanos.queryService }} +{{- end }} +{{- end }} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/kubecost-cluster-controller-template.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/kubecost-cluster-controller-template.yaml new file mode 100644 index 000000000..1a947e696 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/templates/kubecost-cluster-controller-template.yaml @@ -0,0 +1,282 @@ +{{- if .Values.clusterController }} +{{- if .Values.clusterController.enabled }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "kubecost.clusterControllerName" . }} + labels: + app: {{ template "kubecost.clusterControllerName" . }} +--- +# +# NOTE: +# The following ClusterRole permissions are only created and assigned for the +# cluster controller feature. They will not be added to any clusters by default. +# +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "kubecost.clusterControllerName" . }} + labels: + app: {{ template "kubecost.clusterControllerName" . }} +rules: + - apiGroups: + - kubecost.k8s.io + resources: + - turndownschedules + - turndownschedules/status + verbs: + - get + - list + - watch + - create + - patch + - update + - delete + - apiGroups: + - "" + - events.k8s.io + resources: + - events + verbs: + - create + - patch + - update + - apiGroups: + - '' + resources: + - deployments + - nodes + - pods + - resourcequotas + - replicationcontrollers + - limitranges + - pods/eviction + verbs: + - get + - list + - watch + - create + - patch + - update + - delete + - apiGroups: + - '' + resources: + - configmaps + - namespaces + - persistentvolumeclaims + - persistentvolumes + - endpoints + - events + - services + verbs: + - get + - list + - watch + - apiGroups: + - extensions + resources: + - daemonsets + - deployments + - replicasets + verbs: + - get + - list + - watch + - create + - patch + - update + - delete + - apiGroups: + - apps + resources: + - statefulsets + - deployments + - daemonsets + - replicasets + verbs: + - get + - list + - watch + - create + - patch + - update + - delete + - apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - get + - list + - watch + - create + - patch + - update + - delete + - apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch + - apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - get + - list + - watch + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch + - apiGroups: + - events.k8s.io + resources: + - events + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "kubecost.clusterControllerName" . }} + labels: + app: {{ template "kubecost.clusterControllerName" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kubecost.clusterControllerName" . }} +subjects: + - kind: ServiceAccount + name: {{ template "kubecost.clusterControllerName" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "kubecost.clusterControllerName" . }} +spec: + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + selector: + matchLabels: + app: {{ template "kubecost.clusterControllerName" . }} + template: + metadata: + labels: + app: {{ template "kubecost.clusterControllerName" . }} + spec: + containers: + - name: {{ template "kubecost.clusterControllerName" . }} + image: {{ .Values.clusterController.image }} + imagePullPolicy: {{ .Values.clusterController.imagePullPolicy }} + volumeMounts: + - name: cluster-controller-keys + mountPath: /var/keys + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: TURNDOWN_NAMESPACE + value: {{ .Release.Namespace }} + - name: TURNDOWN_DEPLOYMENT + value: {{ template "kubecost.clusterControllerName" . }} + - name: GOOGLE_APPLICATION_CREDENTIALS + value: /var/keys/service-key.json + ports: + - name: http-server + containerPort: 9731 + hostPort: 9731 + serviceAccount: {{ template "kubecost.clusterControllerName" . }} + serviceAccountName: {{ template "kubecost.clusterControllerName" . }} + volumes: + - name: cluster-controller-keys + secret: + secretName: {{ .Values.clusterController.secretName | default "cluster-controller-service-key" }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "kubecost.clusterControllerName" . }}-service +spec: + type: ClusterIP + ports: + - name: http + protocol: TCP + port: 9731 + targetPort: 9731 + selector: + app: {{ template "kubecost.clusterControllerName" . }} +--- +# TurndownSchedule Custom Resource Definition for persistence +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: turndownschedules.kubecost.k8s.io +spec: + group: kubecost.k8s.io + version: v1alpha1 + names: + kind: TurndownSchedule + singular: turndownschedule + plural: turndownschedules + shortNames: + - td + - tds + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + type: object + properties: + start: + type: string + format: date-time + end: + type: string + format: date-time + repeat: + type: string + enum: [none, daily, weekly] + additionalPrinterColumns: + - name: State + type: string + description: The state of the turndownschedule + JSONPath: .status.state + - name: Next Turndown + type: string + description: The next turndown date-time + JSONPath: .status.nextScaleDownTime + - name: Next Turn Up + type: string + description: The next turn up date-time + JSONPath: .status.nextScaleUpTime +{{- end }} +{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/kubecost-cluster-manager-configmap-template.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/kubecost-cluster-manager-configmap-template.yaml new file mode 100644 index 000000000..907252f93 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/templates/kubecost-cluster-manager-configmap-template.yaml @@ -0,0 +1,13 @@ +{{- if .Values.kubecostProductConfigs }} +{{- if .Values.kubecostProductConfigs.clusters }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: kubecost-clusters + labels: + {{- include "cost-analyzer.commonLabels" . | nindent 4 }} +data: + default-clusters.yaml: | +{{- toYaml .Values.kubecostProductConfigs.clusters | nindent 4 }} +{{- end }} +{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/kubecost-priority-class-template.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/kubecost-priority-class-template.yaml new file mode 100644 index 000000000..a098a766e --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/templates/kubecost-priority-class-template.yaml @@ -0,0 +1,11 @@ +{{- if .Values.priority }} +{{- if .Values.priority.enabled }} +apiVersion: {{ include "cost-analyzer.priorityClass.apiVersion" . }} +kind: PriorityClass +metadata: + name: {{ template "cost-analyzer.fullname" . }}-priority +value: {{ .Values.priority.value | default "1000000" }} +globalDefault: false +description: "Priority class for scheduling the cost-analyzer pod" +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/network-costs-psp.template.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/network-costs-psp.template.yaml new file mode 100644 index 000000000..c6d1c5385 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/templates/network-costs-psp.template.yaml @@ -0,0 +1,24 @@ +{{- if .Values.networkCosts }} +{{- if .Values.networkCosts.enabled }} +{{- if .Values.networkCosts.podSecurityPolicy }} +{{- if .Values.networkCosts.podSecurityPolicy.enabled }} +apiVersion: {{ include "cost-analyzer.podSecurityPolicy.apiVersion" . }} +kind: PodSecurityPolicy +metadata: + name: kubecost-network-costs +spec: + privileged: true + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + runAsUser: + rule: RunAsAny + fsGroup: + rule: RunAsAny + volumes: + - '*' +{{- end }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/network-costs-role.template.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/network-costs-role.template.yaml new file mode 100644 index 000000000..04424a44e --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/templates/network-costs-role.template.yaml @@ -0,0 +1,22 @@ +{{- if .Values.networkCosts }} +{{- if .Values.networkCosts.enabled }} +{{- if .Values.networkCosts.podSecurityPolicy }} +{{- if .Values.networkCosts.podSecurityPolicy.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: kubecost-network-costs + annotations: +{{- if .Values.networkCosts.podSecurityPolicy.annotations }} +{{ toYaml .Values.networkCosts.podSecurityPolicy.annotations | indent 4 }} +{{- end }} +rules: +- apiGroups: ['extensions'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - kubecost-network-costs +{{- end }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/templates/network-costs-rolebinding.template.yaml b/charts/kubecost/cost-analyzer/1.70.000/templates/network-costs-rolebinding.template.yaml new file mode 100644 index 000000000..84ab0d1c2 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/templates/network-costs-rolebinding.template.yaml @@ -0,0 +1,20 @@ +{{- if .Values.networkCosts }} +{{- if .Values.networkCosts.enabled }} +{{- if .Values.networkCosts.podSecurityPolicy }} +{{- if .Values.networkCosts.podSecurityPolicy.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: kubecost-network-costs +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: kubecost-network-costs +subjects: +- kind: ServiceAccount + name: {{ template "cost-analyzer.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/kubecost/cost-analyzer/1.70.000/values-thanos.yaml b/charts/kubecost/cost-analyzer/1.70.000/values-thanos.yaml new file mode 100644 index 000000000..b0bc33889 --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/values-thanos.yaml @@ -0,0 +1,117 @@ +global: + thanos: + enabled: true + +# For Thanos Installs, Allow Higher Concurrency from Cost-Model +# Still may require tweaking for some installs, but the thanos-query-frontend +# will greatly assist in reduction memory bloat in query. +kubecostModel: + maxQueryConcurrency: 5 + # This configuration is applied to thanos only. Expresses the resolution to + # use for longer query ranges. Options: raw, 5m, 1h - Default: raw + maxSourceResolution: 5m + +prometheus: + server: + extraArgs: + storage.tsdb.min-block-duration: 2h + storage.tsdb.max-block-duration: 2h + storage.tsdb.retention: 2w + extraVolumes: + - name: object-store-volume + secret: + # Ensure this secret name matches thanos.storeSecretName + secretName: kubecost-thanos + enableAdminApi: true + sidecarContainers: + - name: thanos-sidecar + image: thanosio/thanos:v0.15.0 + args: + - sidecar + - --log.level=debug + - --tsdb.path=/data/ + - --prometheus.url=http://127.0.0.1:9090 + - --objstore.config-file=/etc/config/object-store.yaml + # Start of time range limit to serve. Thanos sidecar will serve only metrics, which happened + # later than this value. Option can be a constant time in RFC3339 format or time duration + # relative to current time, such as -1d or 2h45m. Valid duration units are ms, s, m, h, d, w, y. + - --min-time=-3h + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + ports: + - name: sidecar-http + containerPort: 10902 + - name: grpc + containerPort: 10901 + - name: cluster + containerPort: 10900 + volumeMounts: + - name: config-volume + mountPath: /etc/prometheus + - name: storage-volume + mountPath: /data + subPath: "" + - name: object-store-volume + mountPath: /etc/config + +thanos: + store: + enabled: true + grpcSeriesMaxConcurrency: 20 + blockSyncConcurrency: 20 + extraEnv: + - name: GOGC + value: "100" + resources: + requests: + memory: "2.5Gi" + query: + enabled: true + timeout: 3m + # Maximum number of queries processed concurrently by query node. + maxConcurrent: 8 + # Maximum number of select requests made concurrently per a query. + maxConcurrentSelect: 2 + resources: + requests: + memory: "2.5Gi" + autoDownsampling: false + extraEnv: + - name: GOGC + value: "100" + + # Thanos Query Frontend + queryFrontend: + enabled: true + compressResponses: true + # Response Cache Configuration + # Configure either a max size constraint or max items. + responseCache: + enabled: true + # Maximum memory size of the cache in bytes. A unit suffix (KB, MB, GB) may be applied. + maxSize: 1.25GB + # Maximum number of entries in the cache. + maxSizeItems: 0 + # The expiry duration for the cache. + validity: 2m + resources: + requests: + memory: "1.5Gi" + + # Thanos Sidecar Service Discovery + sidecar: + enabled: true + bucket: + enabled: false + compact: + enabled: true + dataVolume: + persistentVolumeClaim: + claimName: compact-data-volume + storage: 100Gi + # This secret name should match the sidecar configured secret name volume + # in the prometheus.server.extraVolumes entry + storeSecretName: kubecost-thanos diff --git a/charts/kubecost/cost-analyzer/1.70.000/values.yaml b/charts/kubecost/cost-analyzer/1.70.000/values.yaml new file mode 100644 index 000000000..29e3d558f --- /dev/null +++ b/charts/kubecost/cost-analyzer/1.70.000/values.yaml @@ -0,0 +1,561 @@ +global: + # zone: cluster.local (use only if your DNS server doesn't live in the same zone as kubecost) + prometheus: + enabled: true # If false, Prometheus will not be installed -- only actively supported on paid Kubecost plans + fqdn: http://cost-analyzer-prometheus-server.default.svc #example fqdn. Ignored if enabled: true + # insecureSkipVerify : false # If true, kubecost will not check the TLS cert of prometheus + # queryServiceBasicAuthSecretName: dbsecret # kubectl create secret generic dbsecret -n kubecost --from-file=USERNAME --from-file=PASSWORD + # queryServiceBearerTokenSecretName: dbsecret # kubectl create secret generic mcdbsecret -n kubecost --from-file=TOKEN + + # Durable storage option, product key required + thanos: + enabled: false + # queryService: http://thanos-query-frontend-http.kubecost:{{ .Values.thanos.queryFrontend.http.port }} # an address of the thanos query-frontend endpoint, if different from installed thanos + # queryServiceBasicAuthSecretName: mcdbsecret # kubectl create secret generic mcdbsecret -n kubecost --from-file=USERNAME --from-file=PASSWORD <---enter basic auth credentials like that + # queryServiceBearerTokenSecretName mcdbsecret # kubectl create secret generic mcdbsecret -n kubecost --from-file=TOKEN + # queryOffset: 3h # The offset to apply to all thanos queries in order to achieve syncronization on all cluster block stores + + grafana: + enabled: true # If false, Grafana will not be installed + domainName: cost-analyzer-grafana.default.svc #example grafana domain Ignored if enabled: true + scheme: "http" # http or https, for the domain name above. + proxy: true # If true, the kubecost frontend will route to your grafana through its service endpoint + + notifications: + # Kubecost alerting configuration + # Ref: http://docs.kubecost.com/alerts + alertConfigs: + enabled: false # the example values below are never read unless enabled is set to true + frontendUrl: http://localhost:9090 # optional, used for linkbacks + slackWebhookUrl: https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX # optional, used for Slack alerts + globalAlertEmails: + - recipient@example.com + - additionalRecipient@example.com + alerts: + # Daily namespace budget alert on namespace `kubecost` + - type: budget # supported: budget, recurringUpdate + threshold: 50 # optional, required for budget alerts + window: daily # or 1d + aggregation: namespace + filter: kubecost + ownerContact: # optional, overrides globalAlertEmails default + - owner@example.com + - owner2@example.com + # Daily cluster budget alert (clusterCosts alert) on cluster `cluster-one` + - type: budget + threshold: 200.8 # optional, required for budget alerts + window: daily # or 1d + aggregation: cluster + filter: cluster-one + # Recurring weekly update (weeklyUpdate alert) + - type: recurringUpdate + window: weekly # or 7d + aggregation: namespace + filter: '*' + # Recurring weekly namespace update on kubecost namespace + - type: recurringUpdate + window: weekly # or 7d + aggregation: namespace + filter: kubecost + ownerContact: # ownerContact(s) should be the same for the same namespace, otherwise the last namespace alert overwrites + - owner@example.com + - owner2@example.com + alertmanager: # Supply an alertmanager FQDN to receive notifications from the app. + enabled: false # If true, allow kubecost to write to your alertmanager + fqdn: http://cost-analyzer-prometheus-server.default.svc #example fqdn. Ignored if prometheus.enabled: true + + podAnnotations: {} + # iam.amazonaws.com/role: role-arn + +pricingCsv: + enabled: false + location: + provider: "AWS" + region: "us-east-1" + URI: s3://kc-csv-test/pricing_schema.csv # a valid file URI + csvAccessCredentials: pricing-schema-access-secret + +saml: # enterprise key required to use + enabled: false + secretName: "kubecost-authzero" + #metadataSecretName: "kubecost-authzero-metadata" # One of metadataSecretName or idpMetadataURL must be set. defaults to metadataURL if set + idpMetadataURL: "https://dev-elu2z98r.auth0.com/samlp/metadata/c6nY4M37rBP0qSO1IYIqBPPyIPxLS8v2" + appRootURL: "http://localhost:9090" # sample URL + # audienceURI: "http://localhost:9090" # by convention, the same as the appRootURL, but any string uniquely identifying kubecost to your samp IDP. Optional if you follow the convention + rbac: + enabled: false + groups: + - name: admin + enabled: false # if admin is disabled, all SAML users will be able to make configuration changes to the kubecost frontend + assertionName: "http://schemas.auth0.com/userType" # a SAML Assertion, one of whose elements has a value that matches on of the values in assertionValues + assertionValues: + - "admin" + - "superusers" + - name: readonly + enabled: false # if readonly is disabled, all users authorized on SAML will default to readonly + assertionName: "http://schemas.auth0.com/userType" + assertionvalues: + - "readonly" + +# imagePullSecrets: +# - name: "image-pull-secret" + +kubecostChecks: + enabled: true + image: "quay.io/kubecost1/checks" + resources: + requests: + cpu: "20m" + memory: "100Mi" + limits: + cpu: "100m" + memory: "200Mi" + +kubecostFrontend: + image: "gcr.io/kubecost1/frontend" + imagePullPolicy: Always + resources: + requests: + cpu: "10m" + memory: "55Mi" + #limits: + # cpu: "100m" + # memory: "256Mi" + +kubecost: + image: "gcr.io/kubecost1/server" + resources: + requests: + cpu: "100m" + memory: "55Mi" + #limits: + # cpu: "100m" + # memory: "256Mi" + +kubecostModel: + image: "gcr.io/kubecost1/cost-model" + imagePullPolicy: Always + warmCache: true + warmSavingsCache: true + etl: true + # The total number of days the ETL storage will build + etlStoreDurationDays: 120 + maxQueryConcurrency: 5 + # utcOffset represents a timezone in hours and minutes east (+) or west (-) + # of UTC, itself, which is defined as +00:00. + # See the tz database of timezones to look up your local UTC offset: + # https://en.wikipedia.org/wiki/List_of_tz_database_time_zones + utcOffset: "+00:00" + resources: + requests: + cpu: "200m" + memory: "55Mi" + #limits: + # cpu: "800m" + # memory: "256Mi" + +ingress: + enabled: false + annotations: + kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + paths: ["/"] # There's no need to route specifically to the pods-- we have an nginx deployed that handles routing + hosts: + - cost-analyzer.local + tls: [] + # - secretName: cost-analyzer-tls + # hosts: + # - cost-analyzer.local + +nodeSelector: {} + +tolerations: [] +# - key: "key" +# operator: "Equal|Exists" +# value: "value" +# effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" + +affinity: {} + +# If true, creates a PriorityClass to be used by the cost-analyzer pod +priority: + enabled: false + # value: 1000000 + +# If true, enable creation of NetworkPolicy resources. +networkPolicy: + enabled: false + +podSecurityPolicy: + enabled: false + +# Define persistence volume for cost-analyzer +persistentVolume: + size: 0.2Gi + dbSize: 32.0Gi + enabled: true # Note that setting this to false means configurations will be wiped out on pod restart. + # storageClass: "-" # + # existingClaim: kubecost-cost-analyzer # a claim in the same namespace as kubecost + +service: + type: ClusterIP + port: 9090 + targetPort: 9090 + # nodePort: + labels: {} + annotations: {} + +# enabling long-term durable storage with Postgres requires an enterprise license +remoteWrite: + postgres: + enabled: false + initImage: "gcr.io/kubecost1/sql-init" + initImagePullPolicy: Always + installLocal: true + remotePostgresAddress: "" # ignored if installing locally + persistentVolume: + size: 200Gi + auth: + password: admin # change me + +prometheus: + extraScrapeConfigs: | + - job_name: kubecost + honor_labels: true + scrape_interval: 1m + scrape_timeout: 10s + metrics_path: /metrics + scheme: http + dns_sd_configs: + - names: + - {{ template "cost-analyzer.serviceName" . }} + type: 'A' + port: 9003 + - job_name: kubecost-networking + kubernetes_sd_configs: + - role: pod + relabel_configs: + # Scrape only the the targets matching the following metadata + - source_labels: [__meta_kubernetes_pod_label_app] + action: keep + regex: {{ template "cost-analyzer.networkCostsName" . }} + server: + # If clusterIDConfigmap is defined, instead use user-generated configmap with key CLUSTER_ID + # to use as unique cluster ID in kubecost cost-analyzer deployment. + # This overrides the cluster_id set in prometheus.server.global.external_labels. + # NOTE: This does not affect the external_labels set in prometheus config. + # clusterIDConfigmap: cluster-id-configmap + + resources: {} + # limits: + # cpu: 500m + # memory: 512Mi + # requests: + # cpu: 500m + # memory: 512Mi + global: + scrape_interval: 1m + scrape_timeout: 10s + evaluation_interval: 1m + external_labels: + cluster_id: cluster-one # Each cluster should have a unique ID + persistentVolume: + size: 32Gi + enabled: true + extraArgs: + query.max-concurrency: 1 + query.max-samples: 100000000 + tolerations: [] + # - key: "key" + # operator: "Equal|Exists" + # value: "value" + # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" + alertmanager: + # enabled: false + persistentVolume: + enabled: true + nodeExporter: + enabled: true + pushgateway: + enabled: false + persistentVolume: + enabled: true + serverFiles: + # prometheus.yml: # Sample block -- enable if using an in cluster durable store. + # remote_write: + # - url: "http://pgprometheus-adapter:9201/write" + # write_relabel_configs: + # - source_labels: [__name__] + # regex: 'container_.*_allocation|container_.*_allocation_bytes|.*_hourly_cost|kube_pod_container_resource_requests_memory_bytes|container_memory_working_set_bytes|kube_pod_container_resource_requests_cpu_cores|kube_pod_container_resource_requests|pod_pvc_allocation|kube_namespace_labels|kube_pod_labels' + # action: keep + # queue_config: + # max_samples_per_send: 1000 + #remote_read: + # - url: "http://pgprometheus-adapter:9201/read" + rules: + groups: + - name: CPU + rules: + - expr: sum(rate(container_cpu_usage_seconds_total{container_name!=""}[5m])) + record: cluster:cpu_usage:rate5m + - expr: rate(container_cpu_usage_seconds_total{container_name!=""}[5m]) + record: cluster:cpu_usage_nosum:rate5m + - expr: avg(irate(container_cpu_usage_seconds_total{container_name!="POD", container_name!=""}[5m])) by (container_name,pod_name,namespace) + record: kubecost_container_cpu_usage_irate + - expr: sum(container_memory_working_set_bytes{container_name!="POD",container_name!=""}) by (container_name,pod_name,namespace) + record: kubecost_container_memory_working_set_bytes + - expr: sum(container_memory_working_set_bytes{container_name!="POD",container_name!=""}) + record: kubecost_cluster_memory_working_set_bytes + - name: Savings + rules: + - expr: sum(avg(kube_pod_owner{owner_kind!="DaemonSet"}) by (pod) * sum(container_cpu_allocation) by (pod)) + record: kubecost_savings_cpu_allocation + labels: + daemonset: "false" + - expr: sum(avg(kube_pod_owner{owner_kind="DaemonSet"}) by (pod) * sum(container_cpu_allocation) by (pod)) / sum(kube_node_info) + record: kubecost_savings_cpu_allocation + labels: + daemonset: "true" + - expr: sum(avg(kube_pod_owner{owner_kind!="DaemonSet"}) by (pod) * sum(container_memory_allocation_bytes) by (pod)) + record: kubecost_savings_memory_allocation_bytes + labels: + daemonset: "false" + - expr: sum(avg(kube_pod_owner{owner_kind="DaemonSet"}) by (pod) * sum(container_memory_allocation_bytes) by (pod)) / sum(kube_node_info) + record: kubecost_savings_memory_allocation_bytes + labels: + daemonset: "true" + - expr: label_replace(sum(kube_pod_status_phase{phase="Running",namespace!="kube-system"} > 0) by (pod, namespace), "pod_name", "$1", "pod", "(.+)") + record: kubecost_savings_running_pods + - expr: sum(rate(container_cpu_usage_seconds_total{container_name!="",container_name!="POD",instance!=""}[5m])) by (namespace, pod_name, container_name, instance) + record: kubecost_savings_container_cpu_usage_seconds + - expr: sum(container_memory_working_set_bytes{container_name!="",container_name!="POD",instance!=""}) by (namespace, pod_name, container_name, instance) + record: kubecost_savings_container_memory_usage_bytes + - expr: avg(sum(kube_pod_container_resource_requests_cpu_cores{namespace!="kube-system"}) by (pod, namespace, instance)) by (pod, namespace) + record: kubecost_savings_pod_requests_cpu_cores + - expr: avg(sum(kube_pod_container_resource_requests_memory_bytes{namespace!="kube-system"}) by (pod, namespace, instance)) by (pod, namespace) + record: kubecost_savings_pod_requests_memory_bytes + +networkCosts: + enabled: false + podSecurityPolicy: + enabled: false + image: gcr.io/kubecost1/kubecost-network-costs:v13.7 + imagePullPolicy: Always + # Traffic Logging will enable logging the top 5 destinations for each source + # every 30 minutes. + trafficLogging: true + # Port will set both the containerPort and hostPort to this value. + # These must be identical due to network-costs being run on hostNetwork + port: 3001 + resources: {} + #requests: + # cpu: "50m" + # memory: "20Mi" + config: + # Configuration for traffic destinations, including specific classification + # for IPs and CIDR blocks. This configuration will act as an override to the + # automatic classification provided by network-costs. + destinations: + # In Zone contains a list of address/range that will be + # classified as in zone. + in-zone: + # Loopback + - "127.0.0.1" + # IPv4 Link Local Address Space + - "169.254.0.0/16" + # Private Address Ranges in RFC-1918 + - "10.0.0.0/8" + - "172.16.0.0/12" + - "192.168.0.0/16" + + # In Region contains a list of address/range that will be + # classified as in region. This is synonymous with cross + # zone traffic, where the regions between source and destinations + # are the same, but the zone is different. + in-region: [] + + # Cross Region contains a list of address/range that will be + # classified as non-internet egress from one region to another. + cross-region: [] + + # Direct Classification specifically maps an ip address or range + # to a region (required) and/or zone (optional). This classification + # takes priority over in-zone, in-region, and cross-region configurations. + direct-classification: [] + # - region: "us-east1" + # zone: "us-east1-c" + # ips: + # - "10.0.0.0/24" + + ## Node tolerations for server scheduling to nodes with taints + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + ## + tolerations: [] + # - key: "key" + # operator: "Equal|Exists" + # value: "value" + # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" + + ## PriorityClassName + ## Ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass + priorityClassName: [] + ## PodMonitor + ## Allows scraping of network metrics from a dedicated prometheus operator setup + podMonitor: + enabled: false + additionalLabels: {} + +# Kubecost Deployment Configuration +# Used for HA mode in Business & Enterprise tier +kubecostDeployment: + replicas: 1 + +# Kubecost Cluster Controller for Right Sizing and Cluster Turndown +clusterController: + enabled: false + image: gcr.io/kubecost1/cluster-controller:v0.0.2 + imagePullPolicy: Always + +reporting: + # Kubecost bug report feature: Logs access/collection limited to .Release.Namespace + # Ref: http://docs.kubecost.com/bug-report + logCollection: true + productAnalytics: true + errorReporting: true + valuesReporting: true + +serviceMonitor: + enabled: false + additionalLabels: {} + +prometheusRule: + enabled: false + additionalLabels: {} + +supportNFS: true +initChownDataImage: "busybox" # Supports a fully qualified Docker image eg: registry.hub.docker.com/library/busybox:latest. +initChownData: + resources: {} + #requests: + # cpu: "50m" + # memory: "20Mi" + + +grafana: + # namespace_datasources: kubecost # override the default namespace here + # namespace_dashboards: kubecost # override the default namespace here + sidecar: + dashboards: + enabled: true + # label that the configmaps with dashboards are marked with + label: grafana_dashboard + datasources: + # dataSourceFilename: foo.yml # If you need to change the name of the datasource file + enabled: true + defaultDatasourceEnabled: false + dataSourceName: default-kubecost + # label that the configmaps with datasources are marked with + label: kubecost_grafana_datasource +# For grafana to be accessible, add the path to root_url. For example, if you run kubecost at www.foo.com:9090/kubecost +# set root_url to "%(protocol)s://%(domain)s:%(http_port)s/kubecost/grafana". No change is necessary here if kubecost runs at a root URL + grafana.ini: + server: + root_url: "%(protocol)s://%(domain)s:%(http_port)s/grafana" +serviceAccount: + create: true # Set this to false if you're bringing your own service account. + annotations: {} + # name: kc-test + +# These configs can also be set from the Settings page in the Kubecost product UI +# Values in this block override config changes in the Settings UI on pod restart +# +# kubecostProductConfigs: +# An optional list of cluster definitions that can be added for frontend access. The local +# cluster is *always* included by default, so this list is for non-local clusters. +# Ref: https://github.com/kubecost/docs/blob/master/multi-cluster.md +# clusters: +# - name: "Cluster A" +# address: http://cluster-a.kubecost.com:9090 +# # Optional authentication credentials - only basic auth is currently supported. +# auth: +# type: basic +# # Secret name should be a secret formatted based on: https://github.com/kubecost/docs/blob/master/ingress-examples.md +# secretName: cluster-a-auth +# # Or pass auth directly as base64 encoded user:pass +# data: YWRtaW46YWRtaW4= +# # Or user and pass directly +# user: admin +# pass: admin +# - name: "Cluster B" +# address: http://cluster-b.kubecost.com:9090 +# defaultModelPricing: # default monthly resource prices, used predominately for on-prem clusters +# CPU: 28.0 +# spotCPU: 4.86 +# RAM: 3.09 +# spotRAM: 0.65 +# GPU: 693.50 +# spotGPU: 225.0 +# storage: 0.04 +# zoneNetworkEgress: 0.01 +# regionNetworkEgress: 0.01 +# internetNetworkEgress: 0.12 +# enabled: true +# # The cluster profile represents a predefined set of parameters to use when calculating savings. +# # Possible values are: [ development, production, high-availability ] +# clusterProfile: production +# customPricesEnabled: false # This makes the default view custom prices-- generally used for on-premises clusters +# spotLabel: lifecycle +# spotLabelValue: Ec2Spot +# gpuLabel: gpu +# gpuLabelValue: true +# awsServiceKeyName: ACCESSKEYID +# awsServiceKeyPassword: fakepassword # Only use if your values.yaml are stored encrypted. Otherwise provide an existing secret via serviceKeySecretName +# awsSpotDataRegion: us-east-1 +# awsSpotDataBucket: spot-data-feed-s3-bucket +# awsSpotDataPrefix: dev +# athenaProjectID: "530337586277" # The AWS AccountID where the Athena CUR is. Generally your masterpayer account +# athenaBucketName: "s3://aws-athena-query-results-530337586277-us-east-1" +# athenaRegion: us-east-1 +# athenaDatabase: athenacurcfn_athena_test1 +# athenaTable: "athena_test1" +# masterPayerARN: "" +# projectID: "123456789" # Also known as AccountID on AWS -- the current account/project that this instance of Kubecost is deployed on. +# gcpSecretName: gcp-secret # Name of a secret representing the gcp service key +# bigQueryBillingDataDataset: billing_data.gcp_billing_export_v1_01AC9F_74CF1D_5565A2 +# labelMappingConfigs: # names of k8s labels used to designate different allocation concepts +# enabled: true +# owner_label: "owner" +# team_label: "team" +# department_label: "dept" +# product_label: "product" +# environment_label: "env" +# namespace_external_label: "kubernetes_namespace" # external labels are used to map external cloud costs to kubernetes concepts +# cluster_external_label: "kubernetes_cluster" +# controller_external_label: "kubernetes_controller" +# product_external_label: "kubernetes_label_app" +# service_external_label: "kubernetes_service" +# deployment_external_label: "kubernetes_deployment" +# team_external_label: "kubernetes_label_team" +# environment_external_label: "kubernetes_label_env" +# department_external_label: "kubernetes_label_department" +# statefulset_external_label: "kubernetes_statefulset" +# daemonset_external_label: "kubernetes_daemonset" +# pod_external_label: "kubernetes_pod" +# grafanaURL: "" +# clusterName: "" # used for display in Kubecost UI +# currencyCode: "USD" # offical support for USD, CAD, EUR, and CHF +# azureBillingRegion: US # Represents 2-letter region code, e.g. West Europe = NL, Canada = CA. ref: https://en.wikipedia.org/wiki/List_of_ISO_3166_country_codes +# azureSubscriptionID: 0bd50fdf-c923-4e1e-850c-196dd3dcc5d3 +# azureClientID: f2ef6f7d-71fb-47c8-b766-8d63a19db017 +# azureTenantID: 72faf3ff-7a3f-4597-b0d9-7b0b201bb23a +# azureClientPassword: fake key # Only use if your values.yaml are stored encrypted. Otherwise provide an existing secret via serviceKeySecretName +# discount: "" # percentage discount applied to compute +# negotiatedDiscount: "" # custom negotiated cloud provider discount +# defaultIdle: false +# serviceKeySecretName: "" # Use an existing AWS or Azure secret with format as in aws-service-key-secret.yaml or azure-service-key-secret.yaml. Leave blank if using createServiceKeySecret +# createServiceKeySecret: true # Creates a secret representing your cloud service key based on data in values.yaml. If you are storing unencrypted values, add a secret manually +# sharedNamespaces: "" # namespaces with shared workloads, example value: "kube-system\,ingress-nginx\,kubecost\,monitoring" +# productKey: # apply business or enterprise product license +# key: "" +# enabled: false +# secretname: productkeysecret # create a secret out of a file named productkey.json of format { "key": "kc-b1325234" } diff --git a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/.helmignore b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/.helmignore new file mode 100644 index 000000000..f0c131944 --- /dev/null +++ b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/Chart.yaml b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/Chart.yaml new file mode 100644 index 000000000..3f57d6b38 --- /dev/null +++ b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/Chart.yaml @@ -0,0 +1,21 @@ +annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/release-name: nutanix-csi-storage +apiVersion: v1 +appVersion: 2.3.1 +description: A Helm chart for installing Nutanix CSI Volume Driver +home: https://github.com/nutanix/helm +icon: https://avatars2.githubusercontent.com/u/6165865?s=200&v=4 +keywords: +- Nutanix +- Storage +- Volumes +- Files +- StorageClass +- CentOS +- Ubuntu +kubeVersion: '>= 1.13.0' +maintainers: +- name: tuxtof +name: nutanix-csi-storage +version: 2.3.100 diff --git a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/README.md b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/README.md new file mode 100644 index 000000000..97f4c99fc --- /dev/null +++ b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/README.md @@ -0,0 +1,93 @@ +# Nutanix CSI Volume Driver Helm chart + +## Introduction + +The Container Storage Interface (CSI) Volume Driver for Kubernetes leverages Nutanix Volumes and Nutanix Files to provide scalable and persistent storage for stateful applications. + +When Files is used for persistent storage, applications on multiple pods can access the same storage, and also have the benefit of multi-pod read and write access. + +## Important notice + +If you plan to update an existing Nutanix CSI deployement from 1.x to 2.x with this Chart, you need first deploy manually the CRD present here https://github.com/nutanix/csi-plugin/tree/master/deploy/Centos/crd. + +Please note that starting with v2.2.0, Nutanix CSI driver has changed format of driver name from com.nutanix.csi to csi.nutanix.com. All deployment yamls uses this new driver name format. However, if you are upgrading the CSI driver then you should continue to use old driver name com.nutanix.csi by setting `legacy` parameter to `true`. If not existing PVC/PV will not work with the new driver name. + +## Nutanix CSI driver documentation +https://portal.nutanix.com/page/documents/details?targetId=CSI-Volume-Driver-v2_3:CSI-Volume-Driver-v2_3 + +## Features list + +- Nutanix CSI Driver v2.3.1 +- Nutanix Volumes support +- Nutanix Files support +- Volume resize support ( beta in Kubernetes >= 1.16.0 ) +- Volume clone ( beta Kubernetes >= 1.16.0 ) +- Volume snapshot and Restore ( beta Kubernetes >= 1.17.0 ) +- IP Address Whitelisting +- LVM Volume supporting multi vdisks volume group +- NFS dynamic share provisioning +- iSCSI Auto CHAP Authentication +- OS independence + +## Prerequisites + +- Kubernetes 1.13 or later +- Kubernetes worker nodes must have the iSCSI package installed (Nutanix Volumes only) +- This chart have been validated on CentOS 7 and Ubuntu 18.04/20.04, but the new architecture enables easy portability to other distributions. + +## Installing the Chart + +To install the chart with the name `nutanix-csi`: + +```console +helm repo add nutanix https://nutanix.github.io/helm/ + +helm install nutanix-csi nutanix/nutanix-csi-storage -n +``` + +## Uninstalling the Chart + +To uninstall/delete the `nutanix-csi` deployment: + +```console +helm delete nutanix-csi -n +``` + +## Configuration + +The following table lists the configurable parameters of the Nutanix-CSI chart and their default values. + +| Parameter | Description | Default | +|------------------------------|----------------------------------------|--------------------------------| +| `legacy` | use old reverse notation for CSI driver name | `false` | +| `volumeClass` | Activate Nutanix Volumes Storage Class | `true` | +| `fileClass` | Activate Nutanix Files Storage Class | `false` | +| `dynamicFileClass` | Activate Nutanix Dynamic Files Storage Class | `false` | +| `defaultStorageClass` | Choose your default Storage Class (none, volume, file, dynfile) | `none`| +| `prismEndPoint` | Cluster Virtual IP Address |`10.0.0.1`| +| `dataServiceEndPoint` | Prism data service IP |`10.0.0.2`| +| `username` | name used for the admin role (if created) |`admin`| +| `password` | password for the admin role (if created) |`nutanix/4u`| +| `secretName` | name of the secret to use for admin role| `ntnx-secret`| +| `createSecret` | create secret for admin role (if false use existing)| `true`| +| `storageContainer` | Nutanix storage container name | `default`| +| `fsType` | type of file system you are using (ext4, xfs) |`xfs`| +| `fileHost` | NFS server IP address | `10.0.0.3`| +| `filePath` | path of the NFS share |`share`| +| `fileServerName` | name of the Nutanix FIle Server | `file`| +| `nodeSelector` | add nodeSelector to pods spec | | +| `tolerations` | add tolerations to pods spec | | + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install` or provide a a file whit `-f value.yaml`. + +Example: + +```console +helm install nutanix-csi nutanix/nutanix-csi-storage --set prismEndPoint=X.X.X.X --set dataServiceEndPoint=Y.Y.Y.Y --set username=admin --set password=xxxxxxxxx --set storageContainer=container_name --set fsType=xfs --set defaultStorageClass=volume --set os=centos +``` + +or + +```console +helm install nutanix-csi nutanix/nutanix-csi-storage -f value.yaml +``` diff --git a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/app-readme.md b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/app-readme.md new file mode 100644 index 000000000..bffca7493 --- /dev/null +++ b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/app-readme.md @@ -0,0 +1 @@ +A Helm chart for installing Nutanix CSI Volume/File Storage Driver diff --git a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/crds/snapshot.storage.k8s.io_volumesnapshotclasses.yaml b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/crds/snapshot.storage.k8s.io_volumesnapshotclasses.yaml new file mode 100644 index 000000000..4aa980cc7 --- /dev/null +++ b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/crds/snapshot.storage.k8s.io_volumesnapshotclasses.yaml @@ -0,0 +1,85 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.5 + api-approved.kubernetes.io: "https://github.com/kubernetes-csi/external-snapshotter/pull/260" + creationTimestamp: null + name: volumesnapshotclasses.snapshot.storage.k8s.io +spec: + additionalPrinterColumns: + - JSONPath: .driver + name: Driver + type: string + - JSONPath: .deletionPolicy + description: Determines whether a VolumeSnapshotContent created through the VolumeSnapshotClass + should be deleted when its bound VolumeSnapshot is deleted. + name: DeletionPolicy + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: snapshot.storage.k8s.io + names: + kind: VolumeSnapshotClass + listKind: VolumeSnapshotClassList + plural: volumesnapshotclasses + singular: volumesnapshotclass + preserveUnknownFields: false + scope: Cluster + subresources: {} + validation: + openAPIV3Schema: + description: VolumeSnapshotClass specifies parameters that a underlying storage + system uses when creating a volume snapshot. A specific VolumeSnapshotClass + is used by specifying its name in a VolumeSnapshot object. VolumeSnapshotClasses + are non-namespaced + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + deletionPolicy: + description: deletionPolicy determines whether a VolumeSnapshotContent created + through the VolumeSnapshotClass should be deleted when its bound VolumeSnapshot + is deleted. Supported values are "Retain" and "Delete". "Retain" means + that the VolumeSnapshotContent and its physical snapshot on underlying + storage system are kept. "Delete" means that the VolumeSnapshotContent + and its physical snapshot on underlying storage system are deleted. Required. + enum: + - Delete + - Retain + type: string + driver: + description: driver is the name of the storage driver that handles this + VolumeSnapshotClass. Required. + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + parameters: + additionalProperties: + type: string + description: parameters is a key-value map with storage driver specific + parameters for creating snapshots. These values are opaque to Kubernetes. + type: object + required: + - deletionPolicy + - driver + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/crds/snapshot.storage.k8s.io_volumesnapshotcontents.yaml b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/crds/snapshot.storage.k8s.io_volumesnapshotcontents.yaml new file mode 100644 index 000000000..34c51ad62 --- /dev/null +++ b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/crds/snapshot.storage.k8s.io_volumesnapshotcontents.yaml @@ -0,0 +1,233 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.5 + api-approved.kubernetes.io: "https://github.com/kubernetes-csi/external-snapshotter/pull/260" + creationTimestamp: null + name: volumesnapshotcontents.snapshot.storage.k8s.io +spec: + additionalPrinterColumns: + - JSONPath: .status.readyToUse + description: Indicates if a snapshot is ready to be used to restore a volume. + name: ReadyToUse + type: boolean + - JSONPath: .status.restoreSize + description: Represents the complete size of the snapshot in bytes + name: RestoreSize + type: integer + - JSONPath: .spec.deletionPolicy + description: Determines whether this VolumeSnapshotContent and its physical snapshot + on the underlying storage system should be deleted when its bound VolumeSnapshot + is deleted. + name: DeletionPolicy + type: string + - JSONPath: .spec.driver + description: Name of the CSI driver used to create the physical snapshot on the + underlying storage system. + name: Driver + type: string + - JSONPath: .spec.volumeSnapshotClassName + description: Name of the VolumeSnapshotClass to which this snapshot belongs. + name: VolumeSnapshotClass + type: string + - JSONPath: .spec.volumeSnapshotRef.name + description: Name of the VolumeSnapshot object to which this VolumeSnapshotContent + object is bound. + name: VolumeSnapshot + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: snapshot.storage.k8s.io + names: + kind: VolumeSnapshotContent + listKind: VolumeSnapshotContentList + plural: volumesnapshotcontents + singular: volumesnapshotcontent + preserveUnknownFields: false + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + description: VolumeSnapshotContent represents the actual "on-disk" snapshot + object in the underlying storage system + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + spec: + description: spec defines properties of a VolumeSnapshotContent created + by the underlying storage system. Required. + properties: + deletionPolicy: + description: deletionPolicy determines whether this VolumeSnapshotContent + and its physical snapshot on the underlying storage system should + be deleted when its bound VolumeSnapshot is deleted. Supported values + are "Retain" and "Delete". "Retain" means that the VolumeSnapshotContent + and its physical snapshot on underlying storage system are kept. "Delete" + means that the VolumeSnapshotContent and its physical snapshot on + underlying storage system are deleted. In dynamic snapshot creation + case, this field will be filled in with the "DeletionPolicy" field + defined in the VolumeSnapshotClass the VolumeSnapshot refers to. For + pre-existing snapshots, users MUST specify this field when creating + the VolumeSnapshotContent object. Required. + enum: + - Delete + - Retain + type: string + driver: + description: driver is the name of the CSI driver used to create the + physical snapshot on the underlying storage system. This MUST be the + same as the name returned by the CSI GetPluginName() call for that + driver. Required. + type: string + source: + description: source specifies from where a snapshot will be created. + This field is immutable after creation. Required. + properties: + snapshotHandle: + description: snapshotHandle specifies the CSI "snapshot_id" of a + pre-existing snapshot on the underlying storage system. This field + is immutable. + type: string + volumeHandle: + description: volumeHandle specifies the CSI "volume_id" of the volume + from which a snapshot should be dynamically taken from. This field + is immutable. + type: string + type: object + volumeSnapshotClassName: + description: name of the VolumeSnapshotClass to which this snapshot + belongs. + type: string + volumeSnapshotRef: + description: volumeSnapshotRef specifies the VolumeSnapshot object to + which this VolumeSnapshotContent object is bound. VolumeSnapshot.Spec.VolumeSnapshotContentName + field must reference to this VolumeSnapshotContent's name for the + bidirectional binding to be valid. For a pre-existing VolumeSnapshotContent + object, name and namespace of the VolumeSnapshot object MUST be provided + for binding to happen. This field is immutable after creation. Required. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an + entire object, this string should contain a valid JSON/Go field + access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part of an object. + TODO: this design is not final and this field is subject to change + in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is + made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + required: + - deletionPolicy + - driver + - source + - volumeSnapshotRef + type: object + status: + description: status represents the current information of a snapshot. + properties: + creationTime: + description: creationTime is the timestamp when the point-in-time snapshot + is taken by the underlying storage system. In dynamic snapshot creation + case, this field will be filled in with the "creation_time" value + returned from CSI "CreateSnapshotRequest" gRPC call. For a pre-existing + snapshot, this field will be filled with the "creation_time" value + returned from the CSI "ListSnapshots" gRPC call if the driver supports + it. If not specified, it indicates the creation time is unknown. The + format of this field is a Unix nanoseconds time encoded as an int64. + On Unix, the command `date +%s%N` returns the current time in nanoseconds + since 1970-01-01 00:00:00 UTC. + format: int64 + type: integer + error: + description: error is the latest observed error during snapshot creation, + if any. + properties: + message: + description: 'message is a string detailing the encountered error + during snapshot creation if specified. NOTE: message may be logged, + and it should not contain sensitive information.' + type: string + time: + description: time is the timestamp when the error was encountered. + format: date-time + type: string + type: object + readyToUse: + description: readyToUse indicates if a snapshot is ready to be used + to restore a volume. In dynamic snapshot creation case, this field + will be filled in with the "ready_to_use" value returned from CSI + "CreateSnapshotRequest" gRPC call. For a pre-existing snapshot, this + field will be filled with the "ready_to_use" value returned from the + CSI "ListSnapshots" gRPC call if the driver supports it, otherwise, + this field will be set to "True". If not specified, it means the readiness + of a snapshot is unknown. + type: boolean + restoreSize: + description: restoreSize represents the complete size of the snapshot + in bytes. In dynamic snapshot creation case, this field will be filled + in with the "size_bytes" value returned from CSI "CreateSnapshotRequest" + gRPC call. For a pre-existing snapshot, this field will be filled + with the "size_bytes" value returned from the CSI "ListSnapshots" + gRPC call if the driver supports it. When restoring a volume from + this snapshot, the size of the volume MUST NOT be smaller than the + restoreSize if it is specified, otherwise the restoration will fail. + If not specified, it indicates that the size is unknown. + format: int64 + minimum: 0 + type: integer + snapshotHandle: + description: snapshotHandle is the CSI "snapshot_id" of a snapshot on + the underlying storage system. If not specified, it indicates that + dynamic snapshot creation has either failed or it is still in progress. + type: string + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/crds/snapshot.storage.k8s.io_volumesnapshots.yaml b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/crds/snapshot.storage.k8s.io_volumesnapshots.yaml new file mode 100644 index 000000000..483706f16 --- /dev/null +++ b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/crds/snapshot.storage.k8s.io_volumesnapshots.yaml @@ -0,0 +1,188 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.5 + api-approved.kubernetes.io: "https://github.com/kubernetes-csi/external-snapshotter/pull/260" + creationTimestamp: null + name: volumesnapshots.snapshot.storage.k8s.io +spec: + additionalPrinterColumns: + - JSONPath: .status.readyToUse + description: Indicates if a snapshot is ready to be used to restore a volume. + name: ReadyToUse + type: boolean + - JSONPath: .spec.source.persistentVolumeClaimName + description: Name of the source PVC from where a dynamically taken snapshot will + be created. + name: SourcePVC + type: string + - JSONPath: .spec.source.volumeSnapshotContentName + description: Name of the VolumeSnapshotContent which represents a pre-provisioned + snapshot. + name: SourceSnapshotContent + type: string + - JSONPath: .status.restoreSize + description: Represents the complete size of the snapshot. + name: RestoreSize + type: string + - JSONPath: .spec.volumeSnapshotClassName + description: The name of the VolumeSnapshotClass requested by the VolumeSnapshot. + name: SnapshotClass + type: string + - JSONPath: .status.boundVolumeSnapshotContentName + description: The name of the VolumeSnapshotContent to which this VolumeSnapshot + is bound. + name: SnapshotContent + type: string + - JSONPath: .status.creationTime + description: Timestamp when the point-in-time snapshot is taken by the underlying + storage system. + name: CreationTime + type: date + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: snapshot.storage.k8s.io + names: + kind: VolumeSnapshot + listKind: VolumeSnapshotList + plural: volumesnapshots + singular: volumesnapshot + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: VolumeSnapshot is a user's request for either creating a point-in-time + snapshot of a persistent volume, or binding to a pre-existing snapshot. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + spec: + description: 'spec defines the desired characteristics of a snapshot requested + by a user. More info: https://kubernetes.io/docs/concepts/storage/volume-snapshots#volumesnapshots + Required.' + properties: + source: + description: source specifies where a snapshot will be created from. + This field is immutable after creation. Required. + properties: + persistentVolumeClaimName: + description: persistentVolumeClaimName specifies the name of the + PersistentVolumeClaim object in the same namespace as the VolumeSnapshot + object where the snapshot should be dynamically taken from. This + field is immutable. + type: string + volumeSnapshotContentName: + description: volumeSnapshotContentName specifies the name of a pre-existing + VolumeSnapshotContent object. This field is immutable. + type: string + type: object + volumeSnapshotClassName: + description: 'volumeSnapshotClassName is the name of the VolumeSnapshotClass + requested by the VolumeSnapshot. If not specified, the default snapshot + class will be used if one exists. If not specified, and there is no + default snapshot class, dynamic snapshot creation will fail. Empty + string is not allowed for this field. TODO(xiangqian): a webhook validation + on empty string. More info: https://kubernetes.io/docs/concepts/storage/volume-snapshot-classes' + type: string + required: + - source + type: object + status: + description: 'status represents the current information of a snapshot. NOTE: + status can be modified by sources other than system controllers, and must + not be depended upon for accuracy. Controllers should only use information + from the VolumeSnapshotContent object after verifying that the binding + is accurate and complete.' + properties: + boundVolumeSnapshotContentName: + description: 'boundVolumeSnapshotContentName represents the name of + the VolumeSnapshotContent object to which the VolumeSnapshot object + is bound. If not specified, it indicates that the VolumeSnapshot object + has not been successfully bound to a VolumeSnapshotContent object + yet. NOTE: Specified boundVolumeSnapshotContentName alone does not + mean binding is valid. Controllers MUST always verify bidirectional + binding between VolumeSnapshot and VolumeSnapshotContent to + avoid possible security issues.' + type: string + creationTime: + description: creationTime is the timestamp when the point-in-time snapshot + is taken by the underlying storage system. In dynamic snapshot creation + case, this field will be filled in with the "creation_time" value + returned from CSI "CreateSnapshotRequest" gRPC call. For a pre-existing + snapshot, this field will be filled with the "creation_time" value + returned from the CSI "ListSnapshots" gRPC call if the driver supports + it. If not specified, it indicates that the creation time of the snapshot + is unknown. + format: date-time + type: string + error: + description: error is the last observed error during snapshot creation, + if any. This field could be helpful to upper level controllers(i.e., + application controller) to decide whether they should continue on + waiting for the snapshot to be created based on the type of error + reported. + properties: + message: + description: 'message is a string detailing the encountered error + during snapshot creation if specified. NOTE: message may be logged, + and it should not contain sensitive information.' + type: string + time: + description: time is the timestamp when the error was encountered. + format: date-time + type: string + type: object + readyToUse: + description: readyToUse indicates if a snapshot is ready to be used + to restore a volume. In dynamic snapshot creation case, this field + will be filled in with the "ready_to_use" value returned from CSI + "CreateSnapshotRequest" gRPC call. For a pre-existing snapshot, this + field will be filled with the "ready_to_use" value returned from the + CSI "ListSnapshots" gRPC call if the driver supports it, otherwise, + this field will be set to "True". If not specified, it means the readiness + of a snapshot is unknown. + type: boolean + restoreSize: + anyOf: + - type: integer + - type: string + description: restoreSize represents the complete size of the snapshot + in bytes. In dynamic snapshot creation case, this field will be filled + in with the "size_bytes" value returned from CSI "CreateSnapshotRequest" + gRPC call. For a pre-existing snapshot, this field will be filled + with the "size_bytes" value returned from the CSI "ListSnapshots" + gRPC call if the driver supports it. When restoring a volume from + this snapshot, the size of the volume MUST NOT be smaller than the + restoreSize if it is specified, otherwise the restoration will fail. + If not specified, it indicates that the size is unknown. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/questions.yml b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/questions.yml new file mode 100644 index 000000000..a8f3d2b16 --- /dev/null +++ b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/questions.yml @@ -0,0 +1,116 @@ +questions: + - variable: volumeClass + label: "Volumes Storage Class" + type: boolean + default: true + description: "Activate Nutanix Volumes Storage Class" + group: "global Settings" + - variable: fileClass + label: "Files Storage Class" + type: boolean + default: false + description: "Activate Nutanix Files Storage Class" + group: "global Settings" + - variable: dynamicFileClass + label: "Dynamic Files Storage Class" + type: boolean + default: false + description: "Activate Nutanix Files Storage Class with dynamic share provisioning" + group: "global Settings" + - variable: legacy + label: "Driver Name Legacy mode" + type: boolean + default: false + description: "Set to True to continue to use old driver name in case of initial install with chart < 2.2.0" + group: "global Settings" + - variable: defaultStorageClass + label: "Default Storage Class" + type: enum + default: "none" + options: ["none", "volume", "file", "dynfile"] + description: "Select the default Storage Class you want" + group: "global Settings" + show_if: "volumeClass=true||dynamicFileClass=true||fileClass=true" + + - variable: prismEndPoint + label: "Prism Endpoint" + type: string + required: true + description: "Please specify the cluster virtual address" + group: "global Settings" + show_if: "volumeClass=true||dynamicFileClass=true" + - variable: username + label: "Username" + type: string + required: true + description: "Specify username with cluster admin permission" + group: "global Settings" + show_if: "volumeClass=true||dynamicFileClass=true" + - variable: password + label: "Password" + type: password + required: true + description: "Specify password of the user" + group: "global Settings" + show_if: "volumeClass=true||dynamicFileClass=true" + + - variable: lvmVolume + label: "LVM Volume" + type: boolean + default: false + description: "Activate LVM to support multi vdisks volume group for PV" + group: "Nutanix Volumes Settings" + show_if: "volumeClass=true" + - variable: dataServiceEndPoint + label: "Data Service Endpoint" + type: string + required: true + description: "Please specify the ISCSI data services address" + group: "Nutanix Volumes Settings" + show_if: "volumeClass=true" + - variable: storageContainer + label: "Storage Container" + type: string + required: true + description: "Specify Nutanix container name where the Persistent Volume will be stored" + group: "Nutanix Volumes Settings" + show_if: "volumeClass=true" + - variable: fsType + label: "Filesystem" + type: enum + options: ["xfs", "ext4"] + description: "Select the filesystem for the Persistent Volume" + group: "Nutanix Volumes Settings" + show_if: "volumeClass=true" + - variable: lvmDisks + label: "LVM Disks" + type: int + required: true + default: "4" + min: 1 + max: 8 + description: "Number of vdisk for each PV" + group: "Nutanix Volumes Settings" + show_if: "lvmVolume=true&&volumeClass=true" + + - variable: fileHost + label: "File Server Address" + type: string + required: true + description: "Specify Nutanix Files address" + group: "Nutanix Files Settings" + show_if: "fileClass=true" + - variable: filePath + label: "Export share" + type: string + required: true + description: "Specify Nutanix Files share path" + group: "Nutanix Files Settings" + show_if: "fileClass=true" + - variable: fileServerName + label: "NFS File Server Name" + type: string + required: true + description: "Specify Nutanix Files server name" + group: "Nutanix Files Settings" + show_if: "dynamicFileClass=true" diff --git a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/NOTES.txt b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/NOTES.txt new file mode 100644 index 000000000..3921d167a --- /dev/null +++ b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/NOTES.txt @@ -0,0 +1,3 @@ +Driver name: {{ include "nutanix-csi-storage.drivername" . }} + +Nutanix CSI provider was deployed in namespace {{ .Release.Namespace }} diff --git a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/_helpers.tpl b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/_helpers.tpl new file mode 100644 index 000000000..5fe53b26a --- /dev/null +++ b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/_helpers.tpl @@ -0,0 +1,43 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "nutanix-csi-storage.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "nutanix-csi-storage.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "nutanix-csi-storage.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create CSI driver name. +*/}} +{{- define "nutanix-csi-storage.drivername" -}} +{{- if .Values.legacy -}} +com.nutanix.csi +{{- else -}} +csi.nutanix.com +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/csi-driver.yaml b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/csi-driver.yaml new file mode 100644 index 000000000..fa56a6a1c --- /dev/null +++ b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/csi-driver.yaml @@ -0,0 +1,7 @@ +apiVersion: storage.k8s.io/v1beta1 +kind: CSIDriver +metadata: + name: {{ include "nutanix-csi-storage.drivername" . }} +spec: + attachRequired: false + podInfoOnMount: true \ No newline at end of file diff --git a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/ntnx-cs-scc.yaml b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/ntnx-cs-scc.yaml new file mode 100644 index 000000000..89a543a54 --- /dev/null +++ b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/ntnx-cs-scc.yaml @@ -0,0 +1,30 @@ +{{- if eq .Values.os "openshift4"}} +kind: SecurityContextConstraints +apiVersion: security.openshift.io/v1 +metadata: + name: ntnx-csi-scc +allowHostDirVolumePlugin: true +allowHostIPC: false +allowHostNetwork: true +allowHostPID: false +allowHostPorts: true +allowPrivilegeEscalation: true +allowPrivilegedContainer: true +allowedCapabilities: [] +defaultAddCapabilities: [] +fsGroup: + type: RunAsAny +groups: [] +priority: +readOnlyRootFilesystem: false +requiredDropCapabilities: [] +runAsUser: + type: RunAsAny +seLinuxContext: + type: RunAsAny +supplementalGroups: + type: RunAsAny +users: + - system:serviceaccount:{{ .Release.Namespace }}:csi-provisioner + - system:serviceaccount:{{ .Release.Namespace }}:csi-node-ntnx-plugin +{{- end}} \ No newline at end of file diff --git a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/ntnx-csi-node.yaml b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/ntnx-csi-node.yaml new file mode 100644 index 000000000..59519e9f0 --- /dev/null +++ b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/ntnx-csi-node.yaml @@ -0,0 +1,128 @@ +# Copyright 2019 Nutanix Inc +# +# example usage: kubectl create -f + +--- +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: csi-node-ntnx-plugin + namespace: {{ .Release.Namespace }} +spec: + selector: + matchLabels: + app: csi-node-ntnx-plugin + template: + metadata: + labels: + app: csi-node-ntnx-plugin + spec: + serviceAccount: csi-node-ntnx-plugin + hostNetwork: true + containers: + - name: driver-registrar + image: quay.io/k8scsi/csi-node-driver-registrar:v1.2.0 + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + - "--kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)" + env: + - name: ADDRESS + value: /csi/csi.sock + - name: DRIVER_REG_SOCK_PATH + value: /var/lib/kubelet/plugins/{{ include "nutanix-csi-storage.drivername" . }}/csi.sock + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + volumeMounts: + - name: plugin-dir + mountPath: /csi/ + - name: registration-dir + mountPath: /registration + - name: csi-node-ntnx-plugin + securityContext: + privileged: true + allowPrivilegeEscalation: true + image: quay.io/karbon/ntnx-csi:v2.3.1 + args : + - "--endpoint=$(CSI_ENDPOINT)" + - "--nodeid=$(NODE_ID)" + - "--drivername={{ include "nutanix-csi-storage.drivername" . }}" + env: + - name: CSI_ENDPOINT + value: unix:///csi/csi.sock + - name: NODE_ID + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: NODE_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + volumeMounts: + - name: plugin-dir + mountPath: /csi + - name: pods-mount-dir + mountPath: /var/lib/kubelet + # needed so that any mounts setup inside this container are + # propagated back to the host machine. + mountPropagation: "Bidirectional" + - mountPath: /dev + name: device-dir + - mountPath: /etc/iscsi + name: iscsi-dir + - mountPath: /host + name: root-dir + ports: + - containerPort: 9808 + name: healthz + protocol: TCP + livenessProbe: + httpGet: + path: /healthz + port: healthz + initialDelaySeconds: 10 + timeoutSeconds: 3 + periodSeconds: 2 + failureThreshold: 3 + - name: liveness-probe + imagePullPolicy: Always + volumeMounts: + - mountPath: /csi + name: plugin-dir + image: quay.io/k8scsi/livenessprobe:v1.1.0 + args: + - --csi-address=/csi/csi.sock + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + volumes: + - name: registration-dir + hostPath: + path: /var/lib/kubelet/plugins_registry/ + type: Directory + - name: plugin-dir + hostPath: + path: /var/lib/kubelet/plugins/{{ include "nutanix-csi-storage.drivername" . }}/ + type: DirectoryOrCreate + - name: pods-mount-dir + hostPath: + path: /var/lib/kubelet + type: Directory + - name: device-dir + hostPath: + path: /dev + - name: iscsi-dir + hostPath: + path: /etc/iscsi + type: Directory + - name: root-dir + hostPath: + path: / + type: Directory diff --git a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/ntnx-csi-provisioner.yaml b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/ntnx-csi-provisioner.yaml new file mode 100644 index 000000000..5de6f7a29 --- /dev/null +++ b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/ntnx-csi-provisioner.yaml @@ -0,0 +1,111 @@ +# Copyright 2019 Nutanix Inc +# +# example usage: kubectl create -f + +--- +kind: StatefulSet +apiVersion: apps/v1 +metadata: + name: csi-provisioner-ntnx-plugin + namespace: {{ .Release.Namespace }} +spec: + serviceName: csi-provisioner-ntnx-plugin + replicas: 1 + selector: + matchLabels: + app: csi-provisioner-ntnx-plugin + template: + metadata: + labels: + app: csi-provisioner-ntnx-plugin + spec: + serviceAccount: csi-provisioner + containers: + - name: csi-provisioner + image: quay.io/k8scsi/csi-provisioner:v1.5.0 + args: + - --provisioner={{ include "nutanix-csi-storage.drivername" . }} + - --csi-address=$(ADDRESS) + - --timeout=60s + - --v=5 + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + imagePullPolicy: IfNotPresent + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-resizer + image: quay.io/k8scsi/csi-resizer:v0.3.0 + args: + - --v=5 + - --csi-address=$(ADDRESS) + - --leader-election=false + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + imagePullPolicy: IfNotPresent + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-snapshotter + image: quay.io/k8scsi/csi-snapshotter:v2.1.0 + args: + - --csi-address=$(ADDRESS) + - --leader-election=false + - --logtostderr=true + env: + - name: ADDRESS + value: /csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /csi + - name: ntnx-csi-plugin + image: quay.io/karbon/ntnx-csi:v2.3.1 + securityContext: + allowPrivilegeEscalation: true + privileged: true + args: + - "--endpoint=$(CSI_ENDPOINT)" + - "--nodeid=$(NODE_ID)" + - "--drivername={{ include "nutanix-csi-storage.drivername" . }}" + env: + - name: CSI_ENDPOINT + value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock + - name: NODE_ID + valueFrom: + fieldRef: + fieldPath: spec.nodeName + volumeMounts: + - mountPath: /var/lib/csi/sockets/pluginproxy/ + name: socket-dir + ports: + - containerPort: 9808 + name: healthz + protocol: TCP + livenessProbe: + httpGet: + path: /healthz + port: healthz + initialDelaySeconds: 10 + timeoutSeconds: 3 + periodSeconds: 2 + failureThreshold: 3 + - name: liveness-probe + volumeMounts: + - mountPath: /csi + name: socket-dir + image: quay.io/k8scsi/livenessprobe:v1.1.0 + args: + - --csi-address=/csi/csi.sock + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + volumes: + - emptyDir: {} + name: socket-dir diff --git a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/ntnx-csi-rbac.yaml b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/ntnx-csi-rbac.yaml new file mode 100644 index 000000000..1b79eed11 --- /dev/null +++ b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/ntnx-csi-rbac.yaml @@ -0,0 +1,124 @@ +# Copyright 2018 Nutanix Inc +# +# Configuration to deploy the Nutanix CSI driver +# +# example usage: kubectl create -f + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: csi-provisioner + namespace: {{ .Release.Namespace }} +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: external-provisioner-runner + namespace: {{ .Release.Namespace }} +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete", "update", "patch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["persistentvolumeclaims/status"] + verbs: ["update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots/status"] + verbs: ["update"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["create", "get", "list", "watch", "update", "delete"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents/status"] + verbs: ["update"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-provisioner-role + namespace: {{ .Release.Namespace }} +subjects: + - kind: ServiceAccount + name: csi-provisioner + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: external-provisioner-runner + apiGroup: rbac.authorization.k8s.io +--- +# needed for StatefulSet +kind: Service +apiVersion: v1 +metadata: + name: csi-provisioner-ntnx-plugin + namespace: {{ .Release.Namespace }} + labels: + app: csi-provisioner-ntnx-plugin +spec: + selector: + app: csi-provisioner-ntnx-plugin + ports: + - name: dummy + port: 12345 +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: csi-node-ntnx-plugin + namespace: {{ .Release.Namespace }} +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-node-runner + namespace: {{ .Release.Namespace }} +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "update"] + - apiGroups: [""] + resources: ["namespaces"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-node-role + namespace: {{ .Release.Namespace }} +subjects: + - kind: ServiceAccount + name: csi-node-ntnx-plugin + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: csi-node-runner + apiGroup: rbac.authorization.k8s.io + diff --git a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/ntnx-secret.yaml b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/ntnx-secret.yaml new file mode 100644 index 000000000..dbf22bdfc --- /dev/null +++ b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/ntnx-secret.yaml @@ -0,0 +1,11 @@ +{{- if eq .Values.createSecret true }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.secretName }} + namespace: {{ .Release.Namespace }} +data: + # base64 encoded prism-ip:prism-port:admin:password. + # E.g.: echo -n "10.83.0.91:9440:admin:mypassword" | base64 + key: {{ printf "%s:9440:%s:%s" .Values.prismEndPoint .Values.username .Values.password | b64enc}} +{{- end }} \ No newline at end of file diff --git a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/sc.yaml b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/sc.yaml new file mode 100644 index 000000000..b7ba803e2 --- /dev/null +++ b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/sc.yaml @@ -0,0 +1,73 @@ +{{- if eq .Values.volumeClass true }} +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: nutanix-volume +{{- if eq .Values.defaultStorageClass "volume" }} + annotations: + storageclass.kubernetes.io/is-default-class: "true" +{{- end }} +provisioner: {{ include "nutanix-csi-storage.drivername" . }} +parameters: + storageType: NutanixVolumes + csi.storage.k8s.io/provisioner-secret-name: {{ .Values.secretName }} + csi.storage.k8s.io/provisioner-secret-namespace: {{ .Release.Namespace }} + csi.storage.k8s.io/node-publish-secret-name: {{ .Values.secretName }} + csi.storage.k8s.io/node-publish-secret-namespace: {{ .Release.Namespace }} + csi.storage.k8s.io/controller-expand-secret-name: {{ .Values.secretName }} + csi.storage.k8s.io/controller-expand-secret-namespace: {{ .Release.Namespace }} + dataServiceEndPoint: {{ .Values.dataServiceEndPoint }} + storageContainer: {{ .Values.storageContainer }} + csi.storage.k8s.io/fstype: {{ .Values.fsType }} +{{- if eq .Values.lvmVolume true }} + isLVMVolume: "true" + numLVMDisks: {{ quote .Values.lvmDisks }} +{{- end }} +allowVolumeExpansion: true +reclaimPolicy: Delete +--- +apiVersion: snapshot.storage.k8s.io/v1beta1 +kind: VolumeSnapshotClass +metadata: + name: nutanix-snapshot-class +driver: {{ include "nutanix-csi-storage.drivername" . }} +parameters: + storageType: NutanixVolumes + csi.storage.k8s.io/snapshotter-secret-name: {{ .Values.secretName }} + csi.storage.k8s.io/snapshotter-secret-namespace: {{ .Release.Namespace }} +deletionPolicy: Delete +{{- end }} +--- +{{- if eq .Values.fileClass true }} +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: nutanix-file +{{- if eq .Values.defaultStorageClass "file" }} + annotations: + storageclass.kubernetes.io/is-default-class: "true" +{{- end }} +provisioner: {{ include "nutanix-csi-storage.drivername" . }} +parameters: + storageType: NutanixFiles + nfsServer: {{ .Values.fileHost }} + nfsPath: {{ .Values.filePath }} +{{- end }} +--- +{{- if eq .Values.dynamicFileClass true }} +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: nutanix-dynamicfile +{{- if eq .Values.defaultStorageClass "dynfile" }} + annotations: + storageclass.kubernetes.io/is-default-class: "true" +{{- end }} +provisioner: {{ include "nutanix-csi-storage.drivername" . }} +parameters: + storageType: NutanixFiles + dynamicProv: ENABLED + nfsServerName: {{ .Values.fileServerName }} + csi.storage.k8s.io/provisioner-secret-name: {{ .Values.secretName }} + csi.storage.k8s.io/provisioner-secret-namespace: {{ .Release.Namespace }} +{{- end }} \ No newline at end of file diff --git a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/snapshot-controller-rbac.yaml b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/snapshot-controller-rbac.yaml new file mode 100644 index 000000000..eb6bb088c --- /dev/null +++ b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/snapshot-controller-rbac.yaml @@ -0,0 +1,78 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: snapshot-controller + namespace: {{ .Release.Namespace }} +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: snapshot-controller-runner + namespace: {{ .Release.Namespace }} +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["create", "get", "list", "watch", "update", "delete"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots/status"] + verbs: ["update"] + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: snapshot-controller-role + namespace: {{ .Release.Namespace }} +subjects: + - kind: ServiceAccount + name: snapshot-controller + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: snapshot-controller-runner + apiGroup: rbac.authorization.k8s.io + +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: snapshot-controller-leaderelection + namespace: {{ .Release.Namespace }} +rules: +- apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] + +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: snapshot-controller-leaderelection + namespace: {{ .Release.Namespace }} +subjects: + - kind: ServiceAccount + name: snapshot-controller + namespace: {{ .Release.Namespace }} +roleRef: + kind: Role + name: snapshot-controller-leaderelection + apiGroup: rbac.authorization.k8s.io + diff --git a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/snapshot-controller-setup.yaml b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/snapshot-controller-setup.yaml new file mode 100644 index 000000000..57cf273ae --- /dev/null +++ b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/templates/snapshot-controller-setup.yaml @@ -0,0 +1,24 @@ +kind: StatefulSet +apiVersion: apps/v1 +metadata: + name: snapshot-controller + namespace: {{ .Release.Namespace }} +spec: + serviceName: "snapshot-controller" + replicas: 1 + selector: + matchLabels: + app: snapshot-controller + template: + metadata: + labels: + app: snapshot-controller + spec: + serviceAccount: snapshot-controller + containers: + - name: snapshot-controller + image: quay.io/k8scsi/snapshot-controller:v2.0.1 + args: + - "--v=5" + - "--leader-election=false" + imagePullPolicy: Always diff --git a/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/values.yaml b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/values.yaml new file mode 100644 index 000000000..b8be1d667 --- /dev/null +++ b/charts/nutanix-csi-storage/nutanix-csi-storage/2.3.100/values.yaml @@ -0,0 +1,67 @@ +# Default values for nutanix-csi-storage. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# parameters + +# Legacy mode +# +# if legacy set to true we keep the old reverse domain notation for CSI driver name (com.nutanix.csi). +# need to be set to true only if upgrade and initialy installed with helm package before 2.2.x +legacy: false + +# OS settings +# +# Starting v2.3.1 CSI driver is OS independent, this value is deprecated +os: none + + +# Storage Class settings +# +# choose for wich mode (Volume, File, Dynamic File) storageclass need to be created +volumeClass: true +fileClass: false +dynamicFileClass: false + + +# Default Storage Class settings +# +# Decide wich storageclass will be the default +# value are: node, volume, file, dynfile +defaultStorageClass: none + +# Nutanix Prism Elements settings +# +# Allow dynamic creation of Volumes and Fileshare +# needed if volumeClass or dynamicFileClass is set to true + +prismEndPoint: 10.0.0.1 + +username: admin +password: nutanix/4u + +secretName: ntnx-secret + +# Nutanix Prism Elements Existing Secret +# +# if set to false a new secret will not be created +createSecret: true + + +# Volumes Settings +# +dataServiceEndPoint: 10.0.0.2 +storageContainer: default +fsType: xfs + +lvmVolume: false +lvmDisks: 4 + +# Files Settings +# +fileHost: 10.0.0.3 +filePath: share + +# Dynamic Files Settings +# +fileServerName: file diff --git a/charts/openebs/openebs/1.12.300/Chart.yaml b/charts/openebs/openebs/1.12.300/Chart.yaml new file mode 100644 index 000000000..bd1066ace --- /dev/null +++ b/charts/openebs/openebs/1.12.300/Chart.yaml @@ -0,0 +1,22 @@ +annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/release-name: openebs +apiVersion: v1 +appVersion: 1.12.0 +description: Containerized Storage for Containers +home: http://www.openebs.io/ +icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/openebs/icon/color/openebs-icon-color.png +keywords: +- cloud-native-storage +- block-storage +- iSCSI +- storage +maintainers: +- email: kiran.mova@openebs.io + name: kmova +- email: prateek.pandey@openebs.io + name: prateekpandey14 +name: openebs +sources: +- https://github.com/openebs/openebs +version: 1.12.300 diff --git a/charts/openebs/openebs/1.12.300/OWNERS b/charts/openebs/openebs/1.12.300/OWNERS new file mode 100644 index 000000000..874423e12 --- /dev/null +++ b/charts/openebs/openebs/1.12.300/OWNERS @@ -0,0 +1,6 @@ +approvers: +- kmova +- prateekpandey14 +reviewers: +- kmova +- prateekpandey14 diff --git a/charts/openebs/openebs/1.12.300/README.md b/charts/openebs/openebs/1.12.300/README.md new file mode 100644 index 000000000..a97908152 --- /dev/null +++ b/charts/openebs/openebs/1.12.300/README.md @@ -0,0 +1,135 @@ +# OpenEBS Helm Chart + +[OpenEBS](https://github.com/openebs/openebs) is an *open source storage platform* that provides persistent and containerized block storage for DevOps and container environments. +OpenEBS provides multiple storage engines that can be plugged in easily. A common pattern is the use of OpenEBS to deliver Dynamic LocalPV for those applications and workloads that want to access disks and cloud volumes directly. + +OpenEBS can be deployed on any Kubernetes cluster - either in cloud, on-premise or developer laptop (minikube). OpenEBS itself is deployed as just another container on your cluster, and enables storage services that can be designated on a per pod, application, cluster or container level. + +## Introduction + +This chart bootstraps OpenEBS deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +## Quickstart and documentation + +You can run OpenEBS on any Kubernetes 1.13+ cluster in a matter of seconds. See the [Quickstart Guide to OpenEBS](https://docs.openebs.io/docs/next/quickstart.html) for detailed instructions. + +For more comprehensive documentation, start with the [Welcome to OpenEBS](https://docs.openebs.io/docs/next/overview.html) docs. + +## Prerequisites + +- Kubernetes 1.13+ with RBAC enabled +- iSCSI PV support in the underlying infrastructure + +## Adding OpenEBS Helm repository + +Before installing OpenEBS Helm charts, you need to add the [OpenEBS Helm repository](https://openebs.github.io/charts) to your Helm client. + +```bash +helm repo add openebs https://openebs.github.io/charts +``` + +## Installing OpenEBS + +```bash +helm install --namespace openebs openebs/openebs +``` + +## Installing OpenEBS with the release name + +```bash +helm install --name `my-release` --namespace openebs openebs/openebs +``` + +## To uninstall/delete instance with release name + +```bash +helm ls --all +helm delete `my-release` +``` + +## Configuration + +The following table lists the configurable parameters of the OpenEBS chart and their default values. + +| Parameter | Description | Default | +| ----------------------------------------| --------------------------------------------- | ----------------------------------------- | +| `rbac.create` | Enable RBAC Resources | `true` | +| `rbac.pspEnabled` | Create pod security policy resources | `false` | +| `image.pullPolicy` | Container pull policy | `IfNotPresent` | +| `image.repository` | Specify which docker registry to use | `""` | +| `apiserver.enabled` | Enable API Server | `true` | +| `apiserver.image` | Image for API Server | `openebs/m-apiserver` | +| `apiserver.imageTag` | Image Tag for API Server | `1.12.0` | +| `apiserver.replicas` | Number of API Server Replicas | `1` | +| `apiserver.sparse.enabled` | Create Sparse Pool based on Sparsefile | `false` | +| `provisioner.enabled` | Enable Provisioner | `true` | +| `provisioner.image` | Image for Provisioner | `openebs/openebs-k8s-provisioner` | +| `provisioner.imageTag` | Image Tag for Provisioner | `1.12.0` | +| `provisioner.replicas` | Number of Provisioner Replicas | `1` | +| `localprovisioner.enabled` | Enable localProvisioner | `true` | +| `localprovisioner.image` | Image for localProvisioner | `openebs/provisioner-localpv` | +| `localprovisioner.imageTag` | Image Tag for localProvisioner | `1.12.0` | +| `localprovisioner.replicas` | Number of localProvisioner Replicas | `1` | +| `localprovisioner.basePath` | BasePath for hostPath volumes on Nodes | `/var/openebs/local` | +| `webhook.enabled` | Enable admission server | `true` | +| `webhook.image` | Image for admission server | `openebs/admission-server` | +| `webhook.imageTag` | Image Tag for admission server | `1.12.0` | +| `webhook.replicas` | Number of admission server Replicas | `1` | +| `webhook.hostNetwork` | Use hostNetwork in admission server | `false` | +| `snapshotOperator.enabled` | Enable Snapshot Provisioner | `true` | +| `snapshotOperator.provisioner.image` | Image for Snapshot Provisioner | `openebs/snapshot-provisioner` | +| `snapshotOperator.provisioner.imageTag` | Image Tag for Snapshot Provisioner | `1.12.0` | +| `snapshotOperator.controller.image` | Image for Snapshot Controller | `openebs/snapshot-controller` | +| `snapshotOperator.controller.imageTag` | Image Tag for Snapshot Controller | `1.12.0` | +| `snapshotOperator.replicas` | Number of Snapshot Operator Replicas | `1` | +| `ndm.enabled` | Enable Node Disk Manager | `true` | +| `ndm.image` | Image for Node Disk Manager | `openebs/node-disk-manager` | +| `ndm.imageTag` | Image Tag for Node Disk Manager | `0.7.0` | +| `ndm.sparse.path` | Directory where Sparse files are created | `/var/openebs/sparse` | +| `ndm.sparse.size` | Size of the sparse file in bytes | `10737418240` | +| `ndm.sparse.count` | Number of sparse files to be created | `0` | +| `ndm.filters.enableOsDiskExcludeFilter` | Enable filters of OS disk exclude | `true` | +| `ndm.filters.enableVendorFilter` | Enable filters of venders | `true` | +| `ndm.filters.excludeVendors` | Exclude devices with specified vendor | `CLOUDBYT,OpenEBS` | +| `ndm.filters.enablePathFilter` | Enable filters of paths | `true` | +| `ndm.filters.includePaths` | Include devices with specified path patterns | `""` | +| `ndm.filters.excludePaths` | Exclude devices with specified path patterns | `loop,fd0,sr0,/dev/ram,/dev/dm-,/dev/md,/dev/rbd`| +| `ndm.probes.enableSeachest` | Enable Seachest probe for NDM | `false` | +| `ndmOperator.enabled` | Enable NDM Operator | `true` | +| `ndmOperator.image` | Image for NDM Operator | `openebs/node-disk-operator` | +| `ndmOperator.imageTag` | Image Tag for NDM Operator | `0.7.0` | +| `jiva.image` | Image for Jiva | `openebs/jiva` | +| `jiva.imageTag` | Image Tag for Jiva | `1.12.0` | +| `jiva.replicas` | Number of Jiva Replicas | `3` | +| `jiva.defaultStoragePath` | hostpath used by default Jiva StorageClass | `/var/openebs` | +| `cstor.pool.image` | Image for cStor Pool | `openebs/cstor-pool` | +| `cstor.pool.imageTag` | Image Tag for cStor Pool | `1.12.0` | +| `cstor.poolMgmt.image` | Image for cStor Pool Management | `openebs/cstor-pool-mgmt` | +| `cstor.poolMgmt.imageTag` | Image Tag for cStor Pool Management | `1.12.0` | +| `cstor.target.image` | Image for cStor Target | `openebs/cstor-istgt` | +| `cstor.target.imageTag` | Image Tag for cStor Target | `1.12.0` | +| `cstor.volumeMgmt.image` | Image for cStor Volume Management | `openebs/cstor-volume-mgmt` | +| `cstor.volumeMgmt.imageTag` | Image Tag for cStor Volume Management | `1.12.0` | +| `helper.image` | Image for helper | `openebs/linux-utils` | +| `helper.imageTag` | Image Tag for helper | `1.12.0` | +| `featureGates.enabled` | Enable feature gates for OpenEBS | `false` | +| `featureGates.GPTBasedUUID.enabled` | Enable GPT based UUID generation in NDM | `false` | +| `crd.enableInstall` | Enable installation of CRDs by OpenEBS | `true` | +| `policies.monitoring.image` | Image for Prometheus Exporter | `openebs/m-exporter` | +| `policies.monitoring.imageTag` | Image Tag for Prometheus Exporter | `1.12.0` | +| `analytics.enabled` | Enable sending stats to Google Analytics | `true` | +| `analytics.pingInterval` | Duration(hours) between sending ping stat | `24h` | +| `defaultStorageConfig.enabled` | Enable default storage class installation | `true` | +| `varDirectoryPath.baseDir` | To store debug info of OpenEBS containers | `/var/openebs` | +| `healthCheck.initialDelaySeconds` | Delay before liveness probe is initiated | `30` | +| `healthCheck.periodSeconds` | How often to perform the liveness probe | `60` | + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, + +```bash +helm install --name openebs -f values.yaml openebs/openebs +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) diff --git a/charts/openebs/openebs/1.12.300/app-readme.md b/charts/openebs/openebs/1.12.300/app-readme.md new file mode 100644 index 000000000..e6a3d5f48 --- /dev/null +++ b/charts/openebs/openebs/1.12.300/app-readme.md @@ -0,0 +1,10 @@ +# OpenEBS + +OpenEBS is an open source storage platform that provides persistent container attached, cloud-native block storage for DevOps and for Kubernetes environments. + +OpenEBS allows you to treat your persistent workload containers, such as DBs on containers, just like other containers. OpenEBS itself is deployed as just another container on your host and enables storage services that can be designated on a per pod, application, cluster or container level, including: +- Data persistence across nodes, dramatically reducing time spent rebuilding Cassandra rings for example. +- Synchronization of data across availability zones and cloud providers. +- Use of commodity hardware plus a container engine to deliver so called container attached block storage. +- Integration with Kubernetes, so developer and application intent flows into OpenEBS configurations automatically. +- Management of tiering to and from S3 and other targets. diff --git a/charts/openebs/openebs/1.12.300/questions.yml b/charts/openebs/openebs/1.12.300/questions.yml new file mode 100644 index 000000000..c0d4641cb --- /dev/null +++ b/charts/openebs/openebs/1.12.300/questions.yml @@ -0,0 +1,200 @@ +questions: +- variable: defaultImage + default: true + description: "Use default OpenEBS images" + label: Use Default Image + type: boolean + show_subquestion_if: false + group: "Container Images" + subquestions: + - variable: apiserver.image + default: "openebs/m-apiserver" + description: "Default API Server image for OpenEBS" + type: string + label: API Server Image + - variable: apiserver.imageTag + default: "1.12.0" + description: "The image tag of API Server image" + type: string + label: Image Tag For OpenEBS API Server Image + - variable: provisioner.image + default: "openebs/openebs-k8s-provisioner" + description: "Default K8s Provisioner image for OpenEBS" + type: string + label: Provisioner Image + - variable: provisioner.imageTag + default: "1.12.0" + description: "The image tag of Provisioner image" + type: string + label: Image Tag For Provisioner Image + - variable: snapshotOperator.controller.image + default: "openebs/snapshot-controller" + description: "Default Snapshot Controller image for OpenEBS" + type: string + label: Snapshot Controller Image + - variable: snapshotOperator.controller.imageTag + default: "1.12.0" + description: "The image tag of Snapshot Controller image" + type: string + label: Image Tag For OpenEBS Snapshot Controller Image + - variable: snapshotOperator.provisioner.image + default: "openebs/snapshot-provisioner" + description: "Default Snapshot Provisioner image for OpenEBS" + type: string + label: Snapshot Provisioner Image + - variable: snapshotOperator.provisioner.imageTag + default: "1.12.0" + description: "The image tag of Snapshot Provisioner image" + type: string + label: Image Tag For OpenEBS Snapshot Provisioner Image + - variable: ndm.image + default: "openebs/node-disk-manager" + description: "Default NDM image" + type: string + label: Node Disk Manager Image + - variable: ndm.imageTag + default: "0.7.0" + description: "The image tag of NDM image" + type: string + label: Image Tag For Node Disk Manager Image + - variable: ndmOperator.image + default: "openebs/node-disk-operator" + description: "Default NDO image" + type: string + label: Node Disk Operator Image + - variable: ndmOperator.imageTag + default: "0.7.0" + description: "The image tag of NDO image" + type: string + label: Image Tag For Node Disk Manager Image + - variable: jiva.image + default: "openebs/jiva" + description: "Default Jiva Storage Engine image for OpenEBS" + type: string + label: Jiva Storage Engine Image + - variable: jiva.imageTag + default: "1.12.0" + description: "The image tag of Jiva image" + type: string + label: Image Tag For OpenEBS Jiva Storage Engine Image + - variable: cstor.pool.image + default: "openebs/cstor-pool" + description: "Default cStor Storage Engine Pool image for OpenEBS" + type: string + label: cStor Storage Engine Pool Image + - variable: cstor.pool.imageTag + default: "1.12.0" + description: "The image tag of cStor Storage Engine Pool image" + type: string + label: Image Tag For OpenEBS cStor Storage Engine Pool Image + - variable: cstor.poolMgmt.image + default: "openebs/cstor-pool-mgmt" + description: "Default cStor Storage Engine Pool Management image for OpenEBS" + type: string + label: cStor Storage Engine Pool Management Image + - variable: cstor.poolMgmt.imageTag + default: "1.12.0" + description: "The image tag of cStor Storage Engine Pool Management image" + type: string + label: Image Tag For OpenEBS cStor Storage Engine Pool Management Image + - variable: cstor.target.image + default: "openebs/cstor-istgt" + description: "Default cStor Storage Engine Target image for OpenEBS" + type: string + label: cStor Storage Engine Target Image + - variable: cstor.target.imageTag + default: "1.12.0" + description: "The image tag of cStor Storage Engine Target image" + type: string + label: Image Tag For OpenEBS cStor Storage Engine Target Image + - variable: cstor.volumeMgmt.image + default: "openebs/cstor-volume-mgmt" + description: "Default cStor Storage Engine Target Management image for OpenEBS" + type: string + label: cStor Storage Engine Target Management Image + - variable: cstor.volumeMgmt.imageTag + default: "1.12.0" + description: "The image tag of cStor Storage Engine Target Management image" + type: string + label: Image Tag For OpenEBS cStor Storage Engine Target Management Image + - variable: policies.monitoring.image + default: "openebs/m-exporter" + description: "Default OpeneEBS Volume and pool Exporter image" + type: string + label: Monitoring Exporter Image + show_if: "policies.monitoring.enabled=true&&defaultImage=false" + - variable: policies.monitoring.imageTag + default: "1.12.0" + description: "The image tag of OpenEBS Exporter" + type: string + label: Image Tag For OpenEBS Exporter Image + show_if: "policies.monitoring.enabled=true&&defaultImage=false" +- variable: ndm.filters.excludeVendors + default: 'CLOUDBYT,OpenEBS' + type: string + description: "Configure NDM to filter disks from following vendors" + label: Filter Disks belonging to vendors + group: "NDM Disk Filter by Vendor " +- variable: ndm.filters.excludePaths + default: 'loop,fd0,sr0,/dev/ram,/dev/dm-,/dev/md' + type: string + description: "Configure NDM to filter disks from following paths" + label: Filter Disks belonging to paths + group: "NDM Disk Filter by Path" +- variable: ndm.sparse.enabled + default: true + description: "Create a cStor Pool on Sparse Disks" + label: Create cStor Pool on Sprase Disks + type: boolean + show_subquestion_if: true + group: "NDM Sparse Disk Settings" + subquestions: + - variable: ndm.sparse.size + default: "10737418240" + description: "Default Size of Sparse Disk" + type: string + label: Sparse Disk Size in bytes + - variable: ndm.sparse.count + default: "0" + description: "Number of Sparse Disks" + type: string + label: Number of Sparse Disks + - variable: ndm.sparse.path + default: "/var/openebs/sparse" + description: "Directory where Sparse Disks should be created" + type: string + label: Directory for Sparse Disks +- variable: defaultPorts + default: true + description: "Use default Communication Ports" + label: Use Default Ports + type: boolean + show_subquestion_if: false + group: "Communication Ports" + subquestions: + - variable: apiserver.ports.externalPort + default: 5656 + description: "Default External Port for OpenEBS API Server" + type: int + min: 0 + max: 9999 + label: OpenEBS API Server External Port + - variable: apiserver.ports.internalPort + default: 5656 + description: "Default Internal Port for OpenEBS API Server" + type: int + min: 0 + max: 9999 + label: OpenEBS API Server Internal Port +- variable: policies.monitoring.enabled + default: true + description: "Enable prometheus monitoring" + type: boolean + label: Enable Prometheus Monitoring + group: "Monitoring Settings" +- variable: analytics.enabled + default: true + description: "Enable sending anonymous statistics to OpenEBS Google Analytics" + type: boolean + label: Enable updating OpenEBS with usage details + group: "Anonymous Analytics" diff --git a/charts/openebs/openebs/1.12.300/templates/NOTES.txt b/charts/openebs/openebs/1.12.300/templates/NOTES.txt new file mode 100644 index 000000000..299a52638 --- /dev/null +++ b/charts/openebs/openebs/1.12.300/templates/NOTES.txt @@ -0,0 +1,27 @@ +The OpenEBS has been installed. Check its status by running: +$ kubectl get pods -n {{ .Release.Namespace }} + +For dynamically creating OpenEBS Volumes, you can either create a new StorageClass or +use one of the default storage classes provided by OpenEBS. + +Use `kubectl get sc` to see the list of installed OpenEBS StorageClasses. A sample +PVC spec using `openebs-jiva-default` StorageClass is given below:" + +--- +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: demo-vol-claim +spec: + storageClassName: openebs-jiva-default + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5G +--- + +Please note that, OpenEBS uses iSCSI for connecting applications with the +OpenEBS Volumes and your nodes should have the iSCSI initiator installed. + +For more information, visit our Slack at https://openebs.io/community or view the documentation online at http://docs.openebs.io/. diff --git a/charts/openebs/openebs/1.12.300/templates/_helpers.tpl b/charts/openebs/openebs/1.12.300/templates/_helpers.tpl new file mode 100644 index 000000000..09c63c5a4 --- /dev/null +++ b/charts/openebs/openebs/1.12.300/templates/_helpers.tpl @@ -0,0 +1,43 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "openebs.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "openebs.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "openebs.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "openebs.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "openebs.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/charts/openebs/openebs/1.12.300/templates/clusterrole.yaml b/charts/openebs/openebs/1.12.300/templates/clusterrole.yaml new file mode 100644 index 000000000..3a8d3ced8 --- /dev/null +++ b/charts/openebs/openebs/1.12.300/templates/clusterrole.yaml @@ -0,0 +1,50 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "openebs.fullname" . }} + labels: + app: {{ template "openebs.name" . }} + chart: {{ template "openebs.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +rules: +- apiGroups: ["*"] + resources: ["nodes", "nodes/proxy"] + verbs: ["*"] +- apiGroups: ["*"] + resources: ["namespaces", "services", "pods", "pods/exec", "deployments", "deployments/finalizers", "replicationcontrollers", "replicasets", "events", "endpoints", "configmaps", "secrets", "jobs", "cronjobs" ] + verbs: ["*"] +- apiGroups: ["*"] + resources: ["statefulsets", "daemonsets"] + verbs: ["*"] +- apiGroups: ["*"] + resources: ["resourcequotas", "limitranges"] + verbs: ["list", "watch"] +- apiGroups: ["*"] + resources: ["ingresses", "horizontalpodautoscalers", "verticalpodautoscalers", "poddisruptionbudgets", "certificatesigningrequests"] + verbs: ["list", "watch"] +- apiGroups: ["*"] + resources: ["storageclasses", "persistentvolumeclaims", "persistentvolumes"] + verbs: ["*"] +- apiGroups: ["volumesnapshot.external-storage.k8s.io"] + resources: ["volumesnapshots", "volumesnapshotdatas"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] +- apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: [ "get", "list", "create", "update", "delete", "patch"] +- apiGroups: ["openebs.io"] + resources: [ "*"] + verbs: ["*" ] +- apiGroups: ["cstor.openebs.io"] + resources: [ "*"] + verbs: ["*" ] +- apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] +- apiGroups: ["admissionregistration.k8s.io"] + resources: ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"] + verbs: ["get", "create", "list", "delete", "update", "patch"] +- nonResourceURLs: ["/metrics"] + verbs: ["get"] +{{- end }} diff --git a/charts/openebs/openebs/1.12.300/templates/clusterrolebinding.yaml b/charts/openebs/openebs/1.12.300/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..0ada25cd6 --- /dev/null +++ b/charts/openebs/openebs/1.12.300/templates/clusterrolebinding.yaml @@ -0,0 +1,19 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "openebs.fullname" . }} + labels: + app: {{ template "openebs.name" . }} + chart: {{ template "openebs.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "openebs.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ template "openebs.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/charts/openebs/openebs/1.12.300/templates/cm-node-disk-manager.yaml b/charts/openebs/openebs/1.12.300/templates/cm-node-disk-manager.yaml new file mode 100644 index 000000000..165eabb50 --- /dev/null +++ b/charts/openebs/openebs/1.12.300/templates/cm-node-disk-manager.yaml @@ -0,0 +1,46 @@ +{{- if .Values.ndm.enabled }} +# This is the node-disk-manager related config. +# It can be used to customize the disks probes and filters +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "openebs.fullname" . }}-ndm-config + labels: + app: {{ template "openebs.name" . }} + chart: {{ template "openebs.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + component: ndm-config + openebs.io/component-name: ndm-config +data: + # udev-probe is default or primary probe which should be enabled to run ndm + # filterconfigs contains configs of filters - in the form of include + # and exclude comma separated strings + node-disk-manager.config: | + probeconfigs: + - key: udev-probe + name: udev probe + state: true + - key: seachest-probe + name: seachest probe + state: {{ .Values.ndm.probes.enableSeachest }} + - key: smart-probe + name: smart probe + state: true + filterconfigs: + - key: os-disk-exclude-filter + name: os disk exclude filter + state: {{ .Values.ndm.filters.enableOsDiskExcludeFilter }} + exclude: "/,/etc/hosts,/boot" + - key: vendor-filter + name: vendor filter + state: {{ .Values.ndm.filters.enableVendorFilter }} + include: "" + exclude: "{{ .Values.ndm.filters.excludeVendors }}" + - key: path-filter + name: path filter + state: {{ .Values.ndm.filters.enablePathFilter }} + include: "{{ .Values.ndm.filters.includePaths }}" + exclude: "{{ .Values.ndm.filters.excludePaths }}" +--- +{{- end }} diff --git a/charts/openebs/openebs/1.12.300/templates/daemonset-ndm.yaml b/charts/openebs/openebs/1.12.300/templates/daemonset-ndm.yaml new file mode 100644 index 000000000..2d8aae373 --- /dev/null +++ b/charts/openebs/openebs/1.12.300/templates/daemonset-ndm.yaml @@ -0,0 +1,147 @@ +{{- if .Values.ndm.enabled }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ template "openebs.fullname" . }}-ndm + labels: + app: {{ template "openebs.name" . }} + chart: {{ template "openebs.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + component: ndm + openebs.io/component-name: ndm + openebs.io/version: {{ .Values.release.version }} +spec: + updateStrategy: + type: "RollingUpdate" + selector: + matchLabels: + app: {{ template "openebs.name" . }} + release: {{ .Release.Name }} + component: ndm + template: + metadata: + labels: + app: {{ template "openebs.name" . }} + release: {{ .Release.Name }} + component: ndm + openebs.io/component-name: ndm + name: openebs-ndm + openebs.io/version: {{ .Values.release.version }} + spec: + serviceAccountName: {{ template "openebs.serviceAccountName" . }} + hostNetwork: true + containers: + - name: {{ template "openebs.name" . }}-ndm + image: "{{ .Values.image.repository }}{{ .Values.ndm.image }}:{{ .Values.ndm.imageTag }}" + args: + - -v=4 +{{- if .Values.featureGates.enabled }} +{{- if .Values.featureGates.GPTBasedUUID.enabled }} + - --feature-gates={{ .Values.featureGates.GPTBasedUUID.featureGateFlag }} +{{- end}} +{{- end}} + imagePullPolicy: {{ .Values.image.pullPolicy }} + securityContext: + privileged: true + env: + # namespace in which NDM is installed will be passed to NDM Daemonset + # as environment variable + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + # pass hostname as env variable using downward API to the NDM container + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName +{{- if .Values.ndm.sparse }} +{{- if .Values.ndm.sparse.path }} + # specify the directory where the sparse files need to be created. + # if not specified, then sparse files will not be created. + - name: SPARSE_FILE_DIR + value: "{{ .Values.ndm.sparse.path }}" +{{- end }} +{{- if .Values.ndm.sparse.size }} + # Size(bytes) of the sparse file to be created. + - name: SPARSE_FILE_SIZE + value: "{{ .Values.ndm.sparse.size }}" +{{- end }} +{{- if .Values.ndm.sparse.count }} + # Specify the number of sparse files to be created + - name: SPARSE_FILE_COUNT + value: "{{ .Values.ndm.sparse.count }}" +{{- end }} +{{- end }} + # Process name used for matching is limited to the 15 characters + # present in the pgrep output. + # So fullname can be used here with pgrep (cmd is < 15 chars). + livenessProbe: + exec: + command: + - pgrep + - "ndm" + initialDelaySeconds: {{ .Values.ndm.healthCheck.initialDelaySeconds }} + periodSeconds: {{ .Values.ndm.healthCheck.periodSeconds }} + volumeMounts: + - name: config + mountPath: /host/node-disk-manager.config + subPath: node-disk-manager.config + readOnly: true + - name: udev + mountPath: /run/udev + - name: procmount + mountPath: /host/proc + readOnly: true + - name: basepath + mountPath: /var/openebs/ndm +{{- if .Values.ndm.sparse }} +{{- if .Values.ndm.sparse.path }} + - name: sparsepath + mountPath: {{ .Values.ndm.sparse.path }} +{{- end }} +{{- end }} + volumes: + - name: config + configMap: + name: {{ template "openebs.fullname" . }}-ndm-config + - name: udev + hostPath: + path: /run/udev + type: Directory + # mount /proc (to access mount file of process 1 of host) inside container + # to read mount-point of disks and partitions + - name: procmount + hostPath: + path: /proc + type: Directory + - name: basepath + hostPath: + path: "{{ .Values.varDirectoryPath.baseDir }}/ndm" + type: DirectoryOrCreate +{{- if .Values.ndm.sparse }} +{{- if .Values.ndm.sparse.path }} + - name: sparsepath + hostPath: + path: {{ .Values.ndm.sparse.path }} +{{- end }} +{{- end }} + # By default the node-disk-manager will be run on all kubernetes nodes + # If you would like to limit this to only some nodes, say the nodes + # that have storage attached, you could label those node and use + # nodeSelector. + # + # e.g. label the storage nodes with - "openebs.io/nodegroup"="storage-node" + # kubectl label node "openebs.io/nodegroup"="storage-node" + #nodeSelector: + # "openebs.io/nodegroup": "storage-node" +{{- if .Values.ndm.nodeSelector }} + nodeSelector: +{{ toYaml .Values.ndm.nodeSelector | indent 8 }} +{{- end }} +{{- if .Values.ndm.tolerations }} + tolerations: +{{ toYaml .Values.ndm.tolerations | indent 8 }} +{{- end }} +{{- end }} diff --git a/charts/openebs/openebs/1.12.300/templates/deployment-admission-server.yaml b/charts/openebs/openebs/1.12.300/templates/deployment-admission-server.yaml new file mode 100644 index 000000000..a577de02d --- /dev/null +++ b/charts/openebs/openebs/1.12.300/templates/deployment-admission-server.yaml @@ -0,0 +1,76 @@ +{{- if .Values.webhook.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "openebs.fullname" . }}-admission-server + labels: + app: admission-webhook + chart: {{ template "openebs.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + component: admission-webhook + openebs.io/component-name: admission-webhook + openebs.io/version: {{ .Values.release.version }} +spec: + replicas: {{ .Values.webhook.replicas }} + strategy: + type: "Recreate" + rollingUpdate: null + selector: + matchLabels: + app: admission-webhook + template: + metadata: + labels: + app: admission-webhook + name: admission-webhook + release: {{ .Release.Name }} + openebs.io/version: {{ .Values.release.version }} + openebs.io/component-name: admission-webhook + spec: +{{- if .Values.webhook.hostNetwork }} + hostNetwork: true +{{- end }} +{{- if .Values.webhook.nodeSelector }} + nodeSelector: +{{ toYaml .Values.webhook.nodeSelector | indent 8 }} +{{- end }} +{{- if .Values.webhook.tolerations }} + tolerations: +{{ toYaml .Values.webhook.tolerations | indent 8 }} +{{- end }} +{{- if .Values.webhook.affinity }} + affinity: +{{ toYaml .Values.webhook.affinity | indent 8 }} +{{- end }} + serviceAccountName: {{ template "openebs.serviceAccountName" . }} + containers: + - name: admission-webhook + image: "{{ .Values.image.repository }}{{ .Values.webhook.image }}:{{ .Values.webhook.imageTag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + args: + - -alsologtostderr + - -v=2 + - 2>&1 + env: + - name: OPENEBS_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: ADMISSION_WEBHOOK_FAILURE_POLICY + value: "{{ .Values.webhook.failurePolicy }}" + # Process name used for matching is limited to the 15 characters + # present in the pgrep output. + # So fullname can't be used here with pgrep (>15 chars).A regular expression + # Anchor `^` : matches any string that starts with `admission-serve` + # `.*`: matche any string that has `admission-serve` followed by zero or more char + # that matches the entire command name has to specified. + livenessProbe: + exec: + command: + - sh + - -c + - test `pgrep -c "^admission-serve.*"` = 1 + initialDelaySeconds: {{ .Values.webhook.healthCheck.initialDelaySeconds }} + periodSeconds: {{ .Values.webhook.healthCheck.periodSeconds }} +{{- end }} diff --git a/charts/openebs/openebs/1.12.300/templates/deployment-local-provisioner.yaml b/charts/openebs/openebs/1.12.300/templates/deployment-local-provisioner.yaml new file mode 100644 index 000000000..ba064a790 --- /dev/null +++ b/charts/openebs/openebs/1.12.300/templates/deployment-local-provisioner.yaml @@ -0,0 +1,99 @@ +{{- if .Values.localprovisioner.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "openebs.fullname" . }}-localpv-provisioner + labels: + app: {{ template "openebs.name" . }} + chart: {{ template "openebs.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + component: localpv-provisioner + openebs.io/component-name: openebs-localpv-provisioner + openebs.io/version: {{ .Values.release.version }} +spec: + replicas: {{ .Values.localprovisioner.replicas }} + strategy: + type: "Recreate" + rollingUpdate: null + selector: + matchLabels: + app: {{ template "openebs.name" . }} + release: {{ .Release.Name }} + template: + metadata: + labels: + app: {{ template "openebs.name" . }} + release: {{ .Release.Name }} + component: localpv-provisioner + name: openebs-localpv-provisioner + openebs.io/component-name: openebs-localpv-provisioner + openebs.io/version: {{ .Values.release.version }} + spec: + serviceAccountName: {{ template "openebs.serviceAccountName" . }} + containers: + - name: {{ template "openebs.name" . }}-localpv-provisioner + image: "{{ .Values.image.repository }}{{ .Values.localprovisioner.image }}:{{ .Values.localprovisioner.imageTag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + # OPENEBS_IO_K8S_MASTER enables openebs provisioner to connect to K8s + # based on this address. This is ignored if empty. + # This is supported for openebs provisioner version 0.5.2 onwards + #- name: OPENEBS_IO_K8S_MASTER + # value: "http://10.128.0.12:8080" + # OPENEBS_IO_KUBE_CONFIG enables openebs provisioner to connect to K8s + # based on this config. This is ignored if empty. + # This is supported for openebs provisioner version 0.5.2 onwards + #- name: OPENEBS_IO_KUBE_CONFIG + # value: "/home/ubuntu/.kube/config" + # OPENEBS_NAMESPACE is the namespace that this provisioner will + # lookup to find maya api service + - name: OPENEBS_NAMESPACE + value: "{{ .Release.Namespace }}" + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + # OPENEBS_SERVICE_ACCOUNT provides the service account of this pod as + # environment variable + - name: OPENEBS_SERVICE_ACCOUNT + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + # OPENEBS_IO_BASE_PATH is the environment variable that provides the + # default base path on the node where host-path PVs will be provisioned. + - name: OPENEBS_IO_ENABLE_ANALYTICS + value: "{{ .Values.analytics.enabled }}" + - name: OPENEBS_IO_BASE_PATH + value: "{{ .Values.localprovisioner.basePath }}" + - name: OPENEBS_IO_HELPER_IMAGE + value: "{{ .Values.image.repository }}{{ .Values.helper.image }}:{{ .Values.helper.imageTag }}" + - name: OPENEBS_IO_INSTALLER_TYPE + value: "charts-helm" + # Process name used for matching is limited to the 15 characters + # present in the pgrep output. + # So fullname can't be used here with pgrep (>15 chars).A regular expression + # that matches the entire command name has to specified. + # Anchor `^` : matches any string that starts with `provisioner-loc` + # `.*`: matches any string that has `provisioner-loc` followed by zero or more char + livenessProbe: + exec: + command: + - sh + - -c + - test `pgrep -c "^provisioner-loc.*"` = 1 + initialDelaySeconds: {{ .Values.localprovisioner.healthCheck.initialDelaySeconds }} + periodSeconds: {{ .Values.localprovisioner.healthCheck.periodSeconds }} +{{- if .Values.localprovisioner.nodeSelector }} + nodeSelector: +{{ toYaml .Values.localprovisioner.nodeSelector | indent 8 }} +{{- end }} +{{- if .Values.localprovisioner.tolerations }} + tolerations: +{{ toYaml .Values.localprovisioner.tolerations | indent 8 }} +{{- end }} +{{- if .Values.localprovisioner.affinity }} + affinity: +{{ toYaml .Values.localprovisioner.affinity | indent 8 }} +{{- end }} +{{- end }} diff --git a/charts/openebs/openebs/1.12.300/templates/deployment-maya-apiserver.yaml b/charts/openebs/openebs/1.12.300/templates/deployment-maya-apiserver.yaml new file mode 100644 index 000000000..5f4b5884e --- /dev/null +++ b/charts/openebs/openebs/1.12.300/templates/deployment-maya-apiserver.yaml @@ -0,0 +1,165 @@ +{{- if .Values.apiserver.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "openebs.fullname" . }}-apiserver + labels: + app: {{ template "openebs.name" . }} + chart: {{ template "openebs.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + component: apiserver + name: maya-apiserver + openebs.io/component-name: maya-apiserver + openebs.io/version: {{ .Values.release.version }} +spec: + replicas: {{ .Values.apiserver.replicas }} + strategy: + type: "Recreate" + rollingUpdate: null + selector: + matchLabels: + app: {{ template "openebs.name" . }} + release: {{ .Release.Name }} + template: + metadata: + labels: + app: {{ template "openebs.name" . }} + release: {{ .Release.Name }} + component: apiserver + name: maya-apiserver + openebs.io/component-name: maya-apiserver + openebs.io/version: {{ .Values.release.version }} + spec: + serviceAccountName: {{ template "openebs.serviceAccountName" . }} + containers: + - name: {{ template "openebs.name" . }}-apiserver + image: "{{ .Values.image.repository }}{{ .Values.apiserver.image }}:{{ .Values.apiserver.imageTag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - containerPort: {{ .Values.apiserver.ports.internalPort }} + env: + # OPENEBS_IO_KUBE_CONFIG enables maya api service to connect to K8s + # based on this config. This is ignored if empty. + # This is supported for maya api server version 0.5.2 onwards + #- name: OPENEBS_IO_KUBE_CONFIG + # value: "/home/ubuntu/.kube/config" + # OPENEBS_IO_K8S_MASTER enables maya api service to connect to K8s + # based on this address. This is ignored if empty. + # This is supported for maya api server version 0.5.2 onwards + #- name: OPENEBS_IO_K8S_MASTER + # value: "http://172.28.128.3:8080" + # OPENEBS_NAMESPACE provides the namespace of this deployment as an + # environment variable + - name: OPENEBS_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + # OPENEBS_SERVICE_ACCOUNT provides the service account of this pod as + # environment variable + - name: OPENEBS_SERVICE_ACCOUNT + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + # OPENEBS_MAYA_POD_NAME provides the name of this pod as + # environment variable + - name: OPENEBS_MAYA_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + # If OPENEBS_IO_CREATE_DEFAULT_STORAGE_CONFIG is false then OpenEBS default + # storageclass and storagepool will not be created. + - name: OPENEBS_IO_CREATE_DEFAULT_STORAGE_CONFIG + value: "{{ .Values.defaultStorageConfig.enabled }}" + # OPENEBS_IO_INSTALL_DEFAULT_CSTOR_SPARSE_POOL decides whether default cstor sparse pool should be + # configured as a part of openebs installation. + # If "true" a default cstor sparse pool will be configured, if "false" it will not be configured. + # This value takes effect only if OPENEBS_IO_CREATE_DEFAULT_STORAGE_CONFIG + # is set to true + - name: OPENEBS_IO_INSTALL_DEFAULT_CSTOR_SPARSE_POOL + value: "{{ .Values.apiserver.sparse.enabled }}" + # OPENEBS_IO_CSTOR_TARGET_DIR can be used to specify the hostpath + # to be used for saving the shared content between the side cars + # of cstor volume pod. + # The default path used is /var/openebs/sparse + - name: OPENEBS_IO_CSTOR_TARGET_DIR + value: "{{ .Values.ndm.sparse.path }}" + # OPENEBS_IO_CSTOR_POOL_SPARSE_DIR can be used to specify the hostpath + # to be used for saving the shared content between the side cars + # of cstor pool pod. This ENV is also used to indicate the location + # of the sparse devices. + # The default path used is /var/openebs/sparse + - name: OPENEBS_IO_CSTOR_POOL_SPARSE_DIR + value: "{{ .Values.ndm.sparse.path }}" + # OPENEBS_IO_JIVA_POOL_DIR can be used to specify the hostpath + # to be used for default Jiva StoragePool loaded by OpenEBS + # The default path used is /var/openebs + # This value takes effect only if OPENEBS_IO_CREATE_DEFAULT_STORAGE_CONFIG + # is set to true + - name: OPENEBS_IO_JIVA_POOL_DIR + value: "{{ .Values.jiva.defaultStoragePath }}" + # OPENEBS_IO_LOCALPV_HOSTPATH_DIR can be used to specify the hostpath + # to be used for default openebs-hostpath storageclass loaded by OpenEBS + # The default path used is /var/openebs/local + # This value takes effect only if OPENEBS_IO_CREATE_DEFAULT_STORAGE_CONFIG + # is set to true + - name: OPENEBS_IO_LOCALPV_HOSTPATH_DIR + value: "{{ .Values.localprovisioner.basePath }}" + # OPENEBS_IO_BASE_DIR used by the OpenEBS to store debug information and + # so forth that are generated in the course of running OpenEBS containers. + - name: OPENEBS_IO_BASE_DIR + value: "{{ .Values.varDirectoryPath.baseDir }}" + - name: OPENEBS_IO_JIVA_CONTROLLER_IMAGE + value: "{{ .Values.image.repository }}{{ .Values.jiva.image }}:{{ .Values.jiva.imageTag }}" + - name: OPENEBS_IO_JIVA_REPLICA_IMAGE + value: "{{ .Values.image.repository }}{{ .Values.jiva.image }}:{{ .Values.jiva.imageTag }}" + - name: OPENEBS_IO_JIVA_REPLICA_COUNT + value: "{{ .Values.jiva.replicas }}" + - name: OPENEBS_IO_CSTOR_TARGET_IMAGE + value: "{{ .Values.image.repository }}{{ .Values.cstor.target.image }}:{{ .Values.cstor.target.imageTag }}" + - name: OPENEBS_IO_CSTOR_POOL_IMAGE + value: "{{ .Values.image.repository }}{{ .Values.cstor.pool.image }}:{{ .Values.cstor.pool.imageTag }}" + - name: OPENEBS_IO_CSTOR_POOL_MGMT_IMAGE + value: "{{ .Values.image.repository }}{{ .Values.cstor.poolMgmt.image }}:{{ .Values.cstor.poolMgmt.imageTag }}" + - name: OPENEBS_IO_CSTOR_VOLUME_MGMT_IMAGE + value: "{{ .Values.image.repository }}{{ .Values.cstor.volumeMgmt.image }}:{{ .Values.cstor.volumeMgmt.imageTag }}" + - name: OPENEBS_IO_VOLUME_MONITOR_IMAGE + value: "{{ .Values.image.repository }}{{ .Values.policies.monitoring.image }}:{{ .Values.policies.monitoring.imageTag }}" + - name: OPENEBS_IO_CSTOR_POOL_EXPORTER_IMAGE + value: "{{ .Values.image.repository }}{{ .Values.policies.monitoring.image }}:{{ .Values.policies.monitoring.imageTag }}" + - name: OPENEBS_IO_HELPER_IMAGE + value: "{{ .Values.image.repository }}{{ .Values.helper.image }}:{{ .Values.helper.imageTag }}" + # OPENEBS_IO_ENABLE_ANALYTICS if set to true sends anonymous usage + # events to Google Analytics + - name: OPENEBS_IO_ENABLE_ANALYTICS + value: "{{ .Values.analytics.enabled }}" + # OPENEBS_IO_ANALYTICS_PING_INTERVAL can be used to specify the duration (in hours) + # for periodic ping events sent to Google Analytics. Default is 24 hours. + - name: OPENEBS_IO_ANALYTICS_PING_INTERVAL + value: "{{ .Values.analytics.pingInterval }}" + - name: OPENEBS_IO_INSTALLER_TYPE + value: "charts-helm" + # OPENEBS_IO_INSTALL_CRD environment variable is used to enable/disable CRD installation + # from Maya API server. By default the CRDs will be installed + - name: OPENEBS_IO_INSTALL_CRD + value: "{{ .Values.crd.enableInstall }}" + livenessProbe: + exec: + command: + - /usr/local/bin/mayactl + - version + initialDelaySeconds: {{ .Values.apiserver.healthCheck.initialDelaySeconds }} + periodSeconds: {{ .Values.apiserver.healthCheck.periodSeconds }} +{{- if .Values.apiserver.nodeSelector }} + nodeSelector: +{{ toYaml .Values.apiserver.nodeSelector | indent 8 }} +{{- end }} +{{- if .Values.apiserver.tolerations }} + tolerations: +{{ toYaml .Values.apiserver.tolerations | indent 8 }} +{{- end }} +{{- if .Values.apiserver.affinity }} + affinity: +{{ toYaml .Values.apiserver.affinity | indent 8 }} +{{- end }} +{{- end }} diff --git a/charts/openebs/openebs/1.12.300/templates/deployment-maya-provisioner.yaml b/charts/openebs/openebs/1.12.300/templates/deployment-maya-provisioner.yaml new file mode 100644 index 000000000..df917018e --- /dev/null +++ b/charts/openebs/openebs/1.12.300/templates/deployment-maya-provisioner.yaml @@ -0,0 +1,98 @@ +{{- if .Values.provisioner.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "openebs.fullname" . }}-provisioner + labels: + app: {{ template "openebs.name" . }} + chart: {{ template "openebs.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + component: provisioner + name: openebs-provisioner + openebs.io/component-name: openebs-provisioner + openebs.io/version: {{ .Values.release.version }} +spec: + replicas: {{ .Values.provisioner.replicas }} + strategy: + type: "Recreate" + rollingUpdate: null + selector: + matchLabels: + app: {{ template "openebs.name" . }} + release: {{ .Release.Name }} + template: + metadata: + labels: + app: {{ template "openebs.name" . }} + release: {{ .Release.Name }} + component: provisioner + name: openebs-provisioner + openebs.io/component-name: openebs-provisioner + openebs.io/version: {{ .Values.release.version }} + spec: + serviceAccountName: {{ template "openebs.serviceAccountName" . }} + containers: + - name: {{ template "openebs.name" . }}-provisioner + image: "{{ .Values.image.repository }}{{ .Values.provisioner.image }}:{{ .Values.provisioner.imageTag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + # OPENEBS_IO_K8S_MASTER enables openebs provisioner to connect to K8s + # based on this address. This is ignored if empty. + # This is supported for openebs provisioner version 0.5.2 onwards + #- name: OPENEBS_IO_K8S_MASTER + # value: "http://10.128.0.12:8080" + # OPENEBS_IO_KUBE_CONFIG enables openebs provisioner to connect to K8s + # based on this config. This is ignored if empty. + # This is supported for openebs provisioner version 0.5.2 onwards + #- name: OPENEBS_IO_KUBE_CONFIG + # value: "/home/ubuntu/.kube/config" + # OPENEBS_NAMESPACE is the namespace that this provisioner will + # lookup to find maya api service + - name: OPENEBS_NAMESPACE + value: "{{ .Release.Namespace }}" + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + # OPENEBS_MAYA_SERVICE_NAME provides the maya-apiserver K8s service name, + # that provisioner should forward the volume create/delete requests. + # If not present, "maya-apiserver-service" will be used for lookup. + # This is supported for openebs provisioner version 0.5.3-RC1 onwards + - name: OPENEBS_MAYA_SERVICE_NAME + value: "{{ template "openebs.fullname" . }}-apiservice" + # The following values will be set as annotations to the PV object. + # Refer : https://github.com/openebs/external-storage/pull/15 + #- name: OPENEBS_MONITOR_URL + # value: "{{ .Values.provisioner.monitorUrl }}" + #- name: OPENEBS_MONITOR_VOLKEY + # value: "{{ .Values.provisioner.monitorVolumeKey }}" + #- name: MAYA_PORTAL_URL + # value: "{{ .Values.provisioner.mayaPortalUrl }}" + # Process name used for matching is limited to the 15 characters + # present in the pgrep output. + # So fullname can't be used here with pgrep (>15 chars).A regular expression + # that matches the entire command name has to specified. + # Anchor `^` : matches any string that starts with `openebs-provis` + # `.*`: matches any string that has `openebs-provis` followed by zero or more char + livenessProbe: + exec: + command: + - sh + - -c + - test `pgrep -c "^openebs-provisi.*"` = 1 + initialDelaySeconds: {{ .Values.provisioner.healthCheck.initialDelaySeconds }} + periodSeconds: {{ .Values.provisioner.healthCheck.periodSeconds }} +{{- if .Values.provisioner.nodeSelector }} + nodeSelector: +{{ toYaml .Values.provisioner.nodeSelector | indent 8 }} +{{- end }} +{{- if .Values.provisioner.tolerations }} + tolerations: +{{ toYaml .Values.provisioner.tolerations | indent 8 }} +{{- end }} +{{- if .Values.provisioner.affinity }} + affinity: +{{ toYaml .Values.provisioner.affinity | indent 8 }} +{{- end }} +{{- end }} diff --git a/charts/openebs/openebs/1.12.300/templates/deployment-maya-snapshot-operator.yaml b/charts/openebs/openebs/1.12.300/templates/deployment-maya-snapshot-operator.yaml new file mode 100644 index 000000000..707986831 --- /dev/null +++ b/charts/openebs/openebs/1.12.300/templates/deployment-maya-snapshot-operator.yaml @@ -0,0 +1,131 @@ +{{- if .Values.snapshotOperator.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "openebs.fullname" . }}-snapshot-operator + labels: + app: {{ template "openebs.name" . }} + chart: {{ template "openebs.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + component: snapshot-operator + openebs.io/component-name: openebs-snapshot-operator + openebs.io/version: {{ .Values.release.version }} +spec: + replicas: {{ .Values.snapshotOperator.replicas }} + selector: + matchLabels: + app: {{ template "openebs.name" . }} + release: {{ .Release.Name }} + strategy: + type: "Recreate" + rollingUpdate: null + template: + metadata: + labels: + app: {{ template "openebs.name" . }} + release: {{ .Release.Name }} + component: snapshot-operator + name: openebs-snapshot-operator + openebs.io/version: {{ .Values.release.version }} + openebs.io/component-name: openebs-snapshot-operator + spec: + serviceAccountName: {{ template "openebs.serviceAccountName" . }} + containers: + - name: {{ template "openebs.name" . }}-snapshot-controller + image: "{{ .Values.image.repository }}{{ .Values.snapshotOperator.controller.image }}:{{ .Values.snapshotOperator.controller.imageTag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + # OPENEBS_IO_K8S_MASTER enables openebs snapshot controller to connect to K8s + # based on this address. This is ignored if empty. + # This is supported for openebs snapshot controller version 0.6-RC1 onwards + #- name: OPENEBS_IO_K8S_MASTER + # value: "http://10.128.0.12:8080" + # OPENEBS_IO_KUBE_CONFIG enables openebs snapshot controller to connect to K8s + # based on this config. This is ignored if empty. + # This is supported for openebs snapshot controller version 0.6-RC1 onwards + #- name: OPENEBS_IO_KUBE_CONFIG + # value: "/home/ubuntu/.kube/config" + # OPENEBS_NAMESPACE is the namespace that this snapshot controller will + # lookup to find maya api service + - name: OPENEBS_NAMESPACE + value: "{{ .Release.Namespace }}" + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + # OPENEBS_MAYA_SERVICE_NAME provides the maya-apiserver K8s service name, + # that snapshot controller should forward the volume snapshot requests. + # If not present, "maya-apiserver-service" will be used for lookup. + # This is supported for openebs snapshot controller version 0.6-RC1 onwards + - name: OPENEBS_MAYA_SERVICE_NAME + value: "{{ template "openebs.fullname" . }}-apiservice" + # Process name used for matching is limited to the 15 characters + # present in the pgrep output. + # So fullname can't be used here with pgrep (>15 chars).A regular expression + # that matches the entire command name has to specified. + # Anchor `^` : matches any string that starts with `snapshot-contro` + # `.*`: matches any string that has `snapshot-contro` followed by zero or more char + livenessProbe: + exec: + command: + - sh + - -c + - test `pgrep -c "^snapshot-contro.*"` = 1 + initialDelaySeconds: {{ .Values.snapshotOperator.healthCheck.initialDelaySeconds }} + periodSeconds: {{ .Values.snapshotOperator.healthCheck.periodSeconds }} + - name: {{ template "openebs.name" . }}-snapshot-provisioner + image: "{{ .Values.image.repository }}{{ .Values.snapshotOperator.provisioner.image }}:{{ .Values.snapshotOperator.provisioner.imageTag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + # OPENEBS_IO_K8S_MASTER enables openebs snapshot provisioner to connect to K8s + # based on this address. This is ignored if empty. + # This is supported for openebs snapshot provisioner version 0.6-RC1 onwards + #- name: OPENEBS_IO_K8S_MASTER + # value: "http://10.128.0.12:8080" + # OPENEBS_IO_KUBE_CONFIG enables openebs snapshot provisioner to connect to K8s + # based on this config. This is ignored if empty. + # This is supported for openebs snapshot provisioner version 0.6-RC1 onwards + #- name: OPENEBS_IO_KUBE_CONFIG + # value: "/home/ubuntu/.kube/config" + # OPENEBS_NAMESPACE is the namespace that this snapshot provisioner will + # lookup to find maya api service + - name: OPENEBS_NAMESPACE + value: "{{ .Release.Namespace }}" + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + # OPENEBS_MAYA_SERVICE_NAME provides the maya-apiserver K8s service name, + # that snapshot provisioner should forward the volume snapshot PV requests. + # If not present, "maya-apiserver-service" will be used for lookup. + # This is supported for openebs snapshot provisioner version 0.6-RC1 onwards + - name: OPENEBS_MAYA_SERVICE_NAME + value: "{{ template "openebs.fullname" . }}-apiservice" + # Process name used for matching is limited to the 15 characters + # present in the pgrep output. + # So fullname can't be used here with pgrep (>15 chars).A regular expression + # that matches the entire command name has to specified. + # Anchor `^` : matches any string that starts with `snapshot-provis` + # `.*`: matches any string that has `snapshot-provis` followed by zero or more char + livenessProbe: + exec: + command: + - sh + - -c + - test `pgrep -c "^snapshot-provis.*"` = 1 + initialDelaySeconds: {{ .Values.snapshotOperator.healthCheck.initialDelaySeconds }} + periodSeconds: {{ .Values.snapshotOperator.healthCheck.periodSeconds }} +{{- if .Values.snapshotOperator.nodeSelector }} + nodeSelector: +{{ toYaml .Values.snapshotOperator.nodeSelector | indent 8 }} +{{- end }} +{{- if .Values.snapshotOperator.tolerations }} + tolerations: +{{ toYaml .Values.snapshotOperator.tolerations | indent 8 }} +{{- end }} +{{- if .Values.snapshotOperator.affinity }} + affinity: +{{ toYaml .Values.snapshotOperator.affinity | indent 8 }} +{{- end }} +{{- end }} diff --git a/charts/openebs/openebs/1.12.300/templates/deployment-ndm-operator.yaml b/charts/openebs/openebs/1.12.300/templates/deployment-ndm-operator.yaml new file mode 100644 index 000000000..27e61d5a0 --- /dev/null +++ b/charts/openebs/openebs/1.12.300/templates/deployment-ndm-operator.yaml @@ -0,0 +1,87 @@ +{{- if .Values.ndmOperator.enabled }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "openebs.fullname" . }}-ndm-operator + labels: + app: {{ template "openebs.name" . }} + chart: {{ template "openebs.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + component: ndm-operator + openebs.io/component-name: ndm-operator + openebs.io/version: {{ .Values.release.version }} + name: ndm-operator +spec: + replicas: {{ .Values.ndmOperator.replicas }} + strategy: + type: "Recreate" + rollingUpdate: null + selector: + matchLabels: + app: {{ template "openebs.name" . }} + release: {{ .Release.Name }} + template: + metadata: + labels: + app: {{ template "openebs.name" . }} + release: {{ .Release.Name }} + component: ndm-operator + name: ndm-operator + openebs.io/component-name: ndm-operator + openebs.io/version: {{ .Values.release.version }} + spec: + serviceAccountName: {{ template "openebs.serviceAccountName" . }} + containers: + - name: {{ template "openebs.fullname" . }}-ndm-operator + image: "{{ .Values.image.repository }}{{ .Values.ndmOperator.image }}:{{ .Values.ndmOperator.imageTag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + readinessProbe: + exec: + command: + - stat + - /tmp/operator-sdk-ready + initialDelaySeconds: {{ .Values.ndmOperator.readinessCheck.initialDelaySeconds }} + periodSeconds: {{ .Values.ndmOperator.readinessCheck.periodSeconds }} + failureThreshold: {{ .Values.ndmOperator.readinessCheck.failureThreshold }} + env: + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: SERVICE_ACCOUNT + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + - name: OPERATOR_NAME + value: "node-disk-operator" + - name: CLEANUP_JOB_IMAGE + value: "{{ .Values.image.repository }}{{ .Values.helper.image }}:{{ .Values.helper.imageTag }}" + # OPENEBS_IO_INSTALL_CRD environment variable is used to enable/disable CRD installation + # from NDM Operator. By default the CRDs will be installed + - name: OPENEBS_IO_INSTALL_CRD + value: "{{ .Values.crd.enableInstall }}" + # Process name used for matching is limited to the 15 characters + # present in the pgrep output. + # So fullname can be used here with pgrep (cmd is < 15 chars). + livenessProbe: + exec: + command: + - pgrep + - "ndo" + initialDelaySeconds: {{ .Values.ndmOperator.healthCheck.initialDelaySeconds }} + periodSeconds: {{ .Values.ndmOperator.healthCheck.periodSeconds }} +{{- if .Values.ndmOperator.nodeSelector }} + nodeSelector: +{{ toYaml .Values.ndmOperator.nodeSelector | indent 8 }} +{{- end }} +{{- if .Values.ndmOperator.tolerations }} + tolerations: +{{ toYaml .Values.ndmOperator.tolerations | indent 8 }} +{{- end }} +{{- end }} diff --git a/charts/openebs/openebs/1.12.300/templates/psp-clusterrole.yaml b/charts/openebs/openebs/1.12.300/templates/psp-clusterrole.yaml new file mode 100644 index 000000000..a6c4807dd --- /dev/null +++ b/charts/openebs/openebs/1.12.300/templates/psp-clusterrole.yaml @@ -0,0 +1,14 @@ +{{- if and .Values.rbac.create .Values.rbac.pspEnabled }} +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ template "openebs.fullname" . }}-psp + labels: + app: {{ template "openebs.name" . }} +rules: +- apiGroups: ['extensions'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "openebs.fullname" . }}-psp +{{- end }} diff --git a/charts/openebs/openebs/1.12.300/templates/psp-clusterrolebinding.yaml b/charts/openebs/openebs/1.12.300/templates/psp-clusterrolebinding.yaml new file mode 100644 index 000000000..5a4205877 --- /dev/null +++ b/charts/openebs/openebs/1.12.300/templates/psp-clusterrolebinding.yaml @@ -0,0 +1,17 @@ +{{- if and .Values.rbac.create .Values.rbac.pspEnabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "openebs.fullname" . }}-psp + labels: + app: {{ template "openebs.name" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "openebs.fullname" . }}-psp +subjects: + - kind: ServiceAccount + name: {{ template "openebs.serviceAccountName" . }} + namespace: {{ $.Release.Namespace }} +{{- end }} + diff --git a/charts/openebs/openebs/1.12.300/templates/psp.yaml b/charts/openebs/openebs/1.12.300/templates/psp.yaml new file mode 100644 index 000000000..0442f0e5d --- /dev/null +++ b/charts/openebs/openebs/1.12.300/templates/psp.yaml @@ -0,0 +1,28 @@ +{{- if and .Values.rbac.create .Values.rbac.pspEnabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "openebs.fullname" . }}-psp + namespace: {{ $.Release.Namespace }} + labels: + app: {{ template "openebs.name" . }} +spec: + privileged: true + allowPrivilegeEscalation: true + allowedCapabilities: ['*'] + volumes: ['*'] + hostNetwork: true + hostPorts: + - min: 0 + max: 65535 + hostIPC: true + hostPID: true + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'RunAsAny' + fsGroup: + rule: 'RunAsAny' +{{- end }} diff --git a/charts/openebs/openebs/1.12.300/templates/service-maya-apiserver.yaml b/charts/openebs/openebs/1.12.300/templates/service-maya-apiserver.yaml new file mode 100644 index 000000000..d44bcb0f8 --- /dev/null +++ b/charts/openebs/openebs/1.12.300/templates/service-maya-apiserver.yaml @@ -0,0 +1,23 @@ +{{- if .Values.apiserver.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "openebs.fullname" . }}-apiservice + labels: + app: {{ template "openebs.name" . }} + chart: {{ template "openebs.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + openebs.io/component-name: maya-apiserver-svc +spec: + ports: + - name: api + port: {{ .Values.apiserver.ports.externalPort }} + targetPort: {{ .Values.apiserver.ports.internalPort }} + protocol: TCP + selector: + app: {{ template "openebs.name" . }} + release: {{ .Release.Name }} + component: apiserver + sessionAffinity: None +{{- end }} diff --git a/charts/openebs/openebs/1.12.300/templates/serviceaccount.yaml b/charts/openebs/openebs/1.12.300/templates/serviceaccount.yaml new file mode 100644 index 000000000..31a500455 --- /dev/null +++ b/charts/openebs/openebs/1.12.300/templates/serviceaccount.yaml @@ -0,0 +1,11 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "openebs.serviceAccountName" . }} + labels: + app: {{ template "openebs.name" . }} + chart: {{ template "openebs.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- end }} diff --git a/charts/openebs/openebs/1.12.300/values.yaml b/charts/openebs/openebs/1.12.300/values.yaml new file mode 100644 index 000000000..ff2cc72c0 --- /dev/null +++ b/charts/openebs/openebs/1.12.300/values.yaml @@ -0,0 +1,184 @@ +# Default values for openebs. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +rbac: + # Specifies whether RBAC resources should be created + create: true + pspEnabled: false + +serviceAccount: + create: true + name: + +release: + # "openebs.io/version" label for control plane components + version: "1.12.0" + +image: + pullPolicy: IfNotPresent + repository: "" + +apiserver: + enabled: true + image: "openebs/m-apiserver" + imageTag: "1.12.0" + replicas: 1 + ports: + externalPort: 5656 + internalPort: 5656 + sparse: + enabled: "false" + nodeSelector: {} + tolerations: [] + affinity: {} + healthCheck: + initialDelaySeconds: 30 + periodSeconds: 60 + +defaultStorageConfig: + enabled: "true" + +# Directory used by the OpenEBS to store debug information and so forth +# that are generated in the course of running OpenEBS containers. +varDirectoryPath: + baseDir: "/var/openebs" + +provisioner: + enabled: true + image: "openebs/openebs-k8s-provisioner" + imageTag: "1.12.0" + replicas: 1 + nodeSelector: {} + tolerations: [] + affinity: {} + healthCheck: + initialDelaySeconds: 30 + periodSeconds: 60 + +localprovisioner: + enabled: true + image: "openebs/provisioner-localpv" + imageTag: "1.12.0" + replicas: 1 + basePath: "/var/openebs/local" + nodeSelector: {} + tolerations: [] + affinity: {} + healthCheck: + initialDelaySeconds: 30 + periodSeconds: 60 + +snapshotOperator: + enabled: true + controller: + image: "openebs/snapshot-controller" + imageTag: "1.12.0" + provisioner: + image: "openebs/snapshot-provisioner" + imageTag: "1.12.0" + replicas: 1 + upgradeStrategy: "Recreate" + nodeSelector: {} + tolerations: [] + affinity: {} + healthCheck: + initialDelaySeconds: 30 + periodSeconds: 60 + +ndm: + enabled: true + image: "openebs/node-disk-manager" + imageTag: "0.7.0" + sparse: + path: "/var/openebs/sparse" + size: "10737418240" + count: "0" + filters: + enableOsDiskExcludeFilter: true + enableVendorFilter: true + excludeVendors: "CLOUDBYT,OpenEBS" + enablePathFilter: true + includePaths: "" + excludePaths: "loop,fd0,sr0,/dev/ram,/dev/dm-,/dev/md,/dev/rbd" + probes: + enableSeachest: false + nodeSelector: {} + tolerations: [] + healthCheck: + initialDelaySeconds: 30 + periodSeconds: 60 + +ndmOperator: + enabled: true + image: "openebs/node-disk-operator" + imageTag: "0.7.0" + replicas: 1 + upgradeStrategy: Recreate + nodeSelector: {} + tolerations: [] + healthCheck: + initialDelaySeconds: 30 + periodSeconds: 60 + readinessCheck: + initialDelaySeconds: 4 + periodSeconds: 10 + failureThreshold: 1 + +webhook: + enabled: true + image: "openebs/admission-server" + imageTag: "1.12.0" + failurePolicy: "Fail" + replicas: 1 + healthCheck: + initialDelaySeconds: 30 + periodSeconds: 60 + nodeSelector: {} + tolerations: [] + affinity: {} + hostNetwork: false + +jiva: + image: "openebs/jiva" + imageTag: "1.12.0" + replicas: 3 + defaultStoragePath: "/var/openebs" + +cstor: + pool: + image: "openebs/cstor-pool" + imageTag: "1.12.0" + poolMgmt: + image: "openebs/cstor-pool-mgmt" + imageTag: "1.12.0" + target: + image: "openebs/cstor-istgt" + imageTag: "1.12.0" + volumeMgmt: + image: "openebs/cstor-volume-mgmt" + imageTag: "1.12.0" + +helper: + image: "openebs/linux-utils" + imageTag: "1.12.0" + +featureGates: + enabled: false + GPTBasedUUID: + enabled: false + featureGateFlag: "GPTBasedUUID" + +crd: + enableInstall: true + +policies: + monitoring: + enabled: true + image: "openebs/m-exporter" + imageTag: "1.12.0" + +analytics: + enabled: true + # Specify in hours the duration after which a ping event needs to be sent. + pingInterval: "24h" diff --git a/charts/portshift-operator/portshift-operator/0.1.000/.helmignore b/charts/portshift-operator/portshift-operator/0.1.000/.helmignore new file mode 100644 index 000000000..0e8a0eb36 --- /dev/null +++ b/charts/portshift-operator/portshift-operator/0.1.000/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/portshift-operator/portshift-operator/0.1.000/Chart.yaml b/charts/portshift-operator/portshift-operator/0.1.000/Chart.yaml new file mode 100644 index 000000000..82b157203 --- /dev/null +++ b/charts/portshift-operator/portshift-operator/0.1.000/Chart.yaml @@ -0,0 +1,23 @@ +annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/release-name: portshift-operator +apiVersion: v1 +appVersion: v0.1.3 +description: | + Portshift cloud-native security platform is an agentless security solution for containerized applications +home: https://www.portshift.io/ +icon: https://www.portshift.io/wp-content/uploads/2019/10/portshift-logo-68.png +keywords: +- portshift +- operator +- monitoring +- security +- alerting +- metric +- troubleshooting +- run-time +maintainers: +- email: idan@portshift.io + name: idan +name: portshift-operator +version: 0.1.000 diff --git a/charts/portshift-operator/portshift-operator/0.1.000/README.md b/charts/portshift-operator/portshift-operator/0.1.000/README.md new file mode 100644 index 000000000..80073c37f --- /dev/null +++ b/charts/portshift-operator/portshift-operator/0.1.000/README.md @@ -0,0 +1,5 @@ +# Portshift Operator + +Please [contact us](https://www.portshift.io/contact-us/) to get installation instructions. + +This Helm Chart requires Helm 3. diff --git a/charts/portshift-operator/portshift-operator/0.1.000/app-readme.md b/charts/portshift-operator/portshift-operator/0.1.000/app-readme.md new file mode 100644 index 000000000..2dafd7ac4 --- /dev/null +++ b/charts/portshift-operator/portshift-operator/0.1.000/app-readme.md @@ -0,0 +1,5 @@ +Portshift cloud-native security platform is an agentless security solution for containerized applications. + +Portshift provides a real-time Kubernetes container security solution that addresses images, containers and cluster resources security. Detecting images vulnerabilities, pods misconfiguration, overly permissive roles and clusters misconfiguration and threats. + +Portshift security platform leverages service mesh to enable unmatched network security enforcement tools that simplifies the implementation of zero trust security model in Kubernetes clusters, complemented by declarative security policies cluster entities visualisation. \ No newline at end of file diff --git a/charts/portshift-operator/portshift-operator/0.1.000/crds/crd.yaml b/charts/portshift-operator/portshift-operator/0.1.000/crds/crd.yaml new file mode 100644 index 000000000..adf76f92d --- /dev/null +++ b/charts/portshift-operator/portshift-operator/0.1.000/crds/crd.yaml @@ -0,0 +1,53 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: portshiftinstallers.portshift.io + labels: + app: portshift-operator +spec: + group: portshift.io + names: + kind: PortshiftInstaller + listKind: PortshiftInstallerList + plural: portshiftinstallers + singular: portshiftinstaller + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: PortshiftInstaller is the Schema for the portshiftinstallers API + properties: + apiVersion: + description: APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info in https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info in https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: PortshiftInstallerSpec defines the desired state of PortshiftInstaller + properties: + portshiftClusterId: + description: Portshift cluster id as specified in Portshift console + type: string + managementUrl: + description: Portshift console URL + type: string + required: + - portshiftClusterId + - managementUrl + type: object + status: + description: Place holder for future use. + properties: + phase: + type: string + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/charts/portshift-operator/portshift-operator/0.1.000/questions.yaml b/charts/portshift-operator/portshift-operator/0.1.000/questions.yaml new file mode 100644 index 000000000..c08055359 --- /dev/null +++ b/charts/portshift-operator/portshift-operator/0.1.000/questions.yaml @@ -0,0 +1,60 @@ +questions: +#operator image configurations +- variable: defaultImage + default: true + description: "Use default Portshift operator image or specify a custom one" + label: Use Default Portshift Image + type: boolean + show_subquestion_if: false + group: "Operator Container Images" + subquestions: + - variable: operator.image.repository + default: "gcr.io/development-infra-208909/k8s_operator" + description: "Portshift Operator Image Name" + type: string + label: Portshift Operator Image Name + - variable: operator.image.tag + default: "v0.1.3" + description: "Portshift Operator Image Tag" + type: string + label: Portshift Operator Image Tag + - variable: operator.image.pullPolicy + default: "IfNotPresent" + description: "Portshift Operator Image Pull Policy" + type: string + label: Portshift Operator Image Pull Policy +#operator access configurations +- variable: operator.secret.accessKey + default: "" + description: "Operator access key retrieved from Portshift console" + type: string + required: true + label: Portshift Operator Access Key + group: "Operator Access Configuration" +- variable: operator.secret.secretKey + default: "" + description: "Operator secret key retrieved from Portshift console" + type: string + required: true + label: Portshift Operator Secret Key + group: "Operator Access Configuration" +- variable: defaultMgmtUrl + default: true + description: "Use default Portshift console url or specify a custom one" + label: Use Default Portshift Url + type: boolean + show_subquestion_if: false + group: "Operator Access Configuration" + subquestions: + - variable: operator.portshiftinstaller.managementUrl + default: "console.portshift.io" + description: "Portshift Console Url" + type: string + label: Portshift Console Url +- variable: operator.portshiftinstaller.portshiftClusterId + default: "" + description: "Cluster id definition retrieved from Portshift console" + type: string + required: true + label: Portshift Cluster ID + group: "Operator Access Configuration" diff --git a/charts/portshift-operator/portshift-operator/0.1.000/templates/_helpers.tpl b/charts/portshift-operator/portshift-operator/0.1.000/templates/_helpers.tpl new file mode 100644 index 000000000..96fb234df --- /dev/null +++ b/charts/portshift-operator/portshift-operator/0.1.000/templates/_helpers.tpl @@ -0,0 +1,45 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "portshift-operator.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "portshift-operator.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "portshift-operator.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "portshift-operator.labels" -}} +app.kubernetes.io/name: {{ include "portshift-operator.name" . }} +helm.sh/chart: {{ include "portshift-operator.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + diff --git a/charts/portshift-operator/portshift-operator/0.1.000/templates/clusterrolebinding.yaml b/charts/portshift-operator/portshift-operator/0.1.000/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..9421465ea --- /dev/null +++ b/charts/portshift-operator/portshift-operator/0.1.000/templates/clusterrolebinding.yaml @@ -0,0 +1,18 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: portshift-operator + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "portshift-operator.name" . }} + chart: {{ template "portshift-operator.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: +- kind: ServiceAccount + name: portshift-operator + namespace: {{ .Release.Namespace }} diff --git a/charts/portshift-operator/portshift-operator/0.1.000/templates/deployment.yaml b/charts/portshift-operator/portshift-operator/0.1.000/templates/deployment.yaml new file mode 100644 index 000000000..4fc8aacfe --- /dev/null +++ b/charts/portshift-operator/portshift-operator/0.1.000/templates/deployment.yaml @@ -0,0 +1,41 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: portshift-operator + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "portshift-operator.name" . }} + chart: {{ template "portshift-operator.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + replicas: 1 + selector: + matchLabels: + app: {{ template "portshift-operator.name" . }} + template: + metadata: + labels: + app: {{ template "portshift-operator.name" . }} + chart: {{ template "portshift-operator.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + spec: + serviceAccountName: portshift-operator + containers: + - name: portshift-operator + image: "{{ .Values.operator.image.repository }}:{{ .Values.operator.image.tag }}" + command: + - portshift-operator + imagePullPolicy: "{{ .Values.operator.image.pullPolicy }}" + env: + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: OPERATOR_NAME + value: portshift-operator diff --git a/charts/portshift-operator/portshift-operator/0.1.000/templates/portshiftinstaller.yaml b/charts/portshift-operator/portshift-operator/0.1.000/templates/portshiftinstaller.yaml new file mode 100644 index 000000000..1cec0ff15 --- /dev/null +++ b/charts/portshift-operator/portshift-operator/0.1.000/templates/portshiftinstaller.yaml @@ -0,0 +1,13 @@ +apiVersion: portshift.io/v1 +kind: PortshiftInstaller +metadata: + name: portshiftinstaller + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "portshift-operator.name" . }} + chart: {{ template "portshift-operator.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + managementUrl: {{ .Values.operator.portshiftinstaller.managementUrl }} + portshiftClusterId: {{ .Values.operator.portshiftinstaller.portshiftClusterId }} diff --git a/charts/portshift-operator/portshift-operator/0.1.000/templates/secret.yaml b/charts/portshift-operator/portshift-operator/0.1.000/templates/secret.yaml new file mode 100644 index 000000000..24064d7f1 --- /dev/null +++ b/charts/portshift-operator/portshift-operator/0.1.000/templates/secret.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Secret +metadata: + name: portshift-operator-secret + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "portshift-operator.name" . }} + chart: {{ template "portshift-operator.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +type: Opaque +data: + accessKey: {{ required "A valid .Values.operator.secret.accessKey is required" .Values.operator.secret.accessKey | b64enc | quote }} + secretKey: {{ required "A valid .Values.operator.secret.secretKey is required" .Values.operator.secret.secretKey | b64enc | quote }} diff --git a/charts/portshift-operator/portshift-operator/0.1.000/templates/serviceaccount.yaml b/charts/portshift-operator/portshift-operator/0.1.000/templates/serviceaccount.yaml new file mode 100644 index 000000000..0604efeb6 --- /dev/null +++ b/charts/portshift-operator/portshift-operator/0.1.000/templates/serviceaccount.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: portshift-operator + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "portshift-operator.name" . }} + chart: {{ template "portshift-operator.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} diff --git a/charts/portshift-operator/portshift-operator/0.1.000/values.yaml b/charts/portshift-operator/portshift-operator/0.1.000/values.yaml new file mode 100644 index 000000000..438fa39e8 --- /dev/null +++ b/charts/portshift-operator/portshift-operator/0.1.000/values.yaml @@ -0,0 +1,11 @@ +operator: + image: + repository: gcr.io/development-infra-208909/k8s_operator + tag: v0.1.3 + pullPolicy: IfNotPresent + secret: + accessKey: "" + secretKey: "" + portshiftinstaller: + managementUrl: console.portshift.io + portshiftClusterId: "" diff --git a/charts/streamsets/control-agent/2.0.100/.helmignore b/charts/streamsets/control-agent/2.0.100/.helmignore new file mode 100644 index 000000000..f0c131944 --- /dev/null +++ b/charts/streamsets/control-agent/2.0.100/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/charts/streamsets/control-agent/2.0.100/Chart.yaml b/charts/streamsets/control-agent/2.0.100/Chart.yaml new file mode 100644 index 000000000..918242aac --- /dev/null +++ b/charts/streamsets/control-agent/2.0.100/Chart.yaml @@ -0,0 +1,19 @@ +annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/release-name: streamsets +apiVersion: v1 +appVersion: 3.8.0 +description: Control Agent for managing StreamSets Control Hub Deployments +home: https://streamsets.com +icon: https://github.com/streamsets/datacollector/raw/master/basic-lib/src/main/resources/sdcipc.png +keywords: +- streamsets +- sdc +- sch +maintainers: +- email: thomas.ganka@streamsets.com + name: thomasganka +name: control-agent +sources: +- https://github.com/streamsets/helm-charts/tree/master/incubating/control-agent +version: 2.0.100 diff --git a/charts/streamsets/control-agent/2.0.100/README.md b/charts/streamsets/control-agent/2.0.100/README.md new file mode 100644 index 000000000..fd7dd1e5a --- /dev/null +++ b/charts/streamsets/control-agent/2.0.100/README.md @@ -0,0 +1,52 @@ +# StreamSets Control Agent + +The [StreamSets](https://streamsets.com) control agent manages StreamSets Control Hub deployments. + +## Introduction + +This chart supports both RBAC and non-RBAC enabled clusters. It has no dependencies. + +## Installing the Chart + +First, add the streamsets stable repository to helm. + +```bash +helm repo add streamsets https://streamsets.github.io/helm-charts/stable +``` + +To install the chart with the release name `my-release` into the namespace `streamsets`: + +```bash +helm install streamsets/control-agent --name my-release --namespace streamsets +``` + +## Configuration + +The following tables lists the configurable parameters of the chart and their default values. + +| Parameter | Description | Default | +| ------------------------------- | -------------------------------------------------------------------- | ----------------------------------------- | +| `image.repository` | Control Agent image name | `streamsets/control-agent` | +| `image.tag` | The version of the official image to use | `3.0.0` | +| `image.pullPolicy` | Pull policy for the image | `IfNotPresent` | +| `streamsets.orgId` | This is the part of your SCH/DPM username after the `@` | None (Required) | +| `streamsets.api.url` | The URL for the SCH/DPM instance to connect to | `https://cloud.streamsets.com` | +| `streamsets.api.token` | Agent auth token from the SCH/DPM REST API or UI | None (Required) | +| `rbac.enabled` | Creates req'd ServiceAccount and Role on RBAC-enabled cluster | `true` | +| `resources` | Resource request for the pod | None | +| `nodeSelector` | Node Selector to apply to the deployment | None | + +`streamsets.api.token` and `streamsets.orgId` are required values + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example: + +```bash +helm install streamsets/control-agent --set streamsets.api.token="my_api_token" --set streamsets.orgId="my_org" +``` + +Alternatively, a YAML file that specifies the values for the parameters can be provided while +installing the chart. For example: + +```bash +helm install streamsets/control-agent --values values.yaml +``` diff --git a/charts/streamsets/control-agent/2.0.100/app-readme.md b/charts/streamsets/control-agent/2.0.100/app-readme.md new file mode 100644 index 000000000..f511468db --- /dev/null +++ b/charts/streamsets/control-agent/2.0.100/app-readme.md @@ -0,0 +1,5 @@ +# Streamsets + +[Streamsets](https://www.streamsets.com/) is a data engineering platform. This chart adds the Streamsets Agent to all nodes in your cluster. The agent communicates with Control Hub to automatically provision Data Collector containers in the Kubernetes cluster in which it runs [Streamsets Control Hub](https://streamsets.com/documentation/controlhub/latest/help/controlhub/UserGuide/GettingStarted/DPM.html#concept_l45_qwf_xw. For more information about deploying Streamsets on Kubernetes, please refer to the [Streamsets documentation website](https://streamsets.com/documentation/controlhub/latest/help/controlhub/UserGuide/DataCollectorsProvisioned/Provisioned.html#concept_jsd_v24_lbb). + +Streamsets [Docker Image](https://hub.docker.com/r/streamsets/datacollector). \ No newline at end of file diff --git a/charts/streamsets/control-agent/2.0.100/krb/krb5.conf b/charts/streamsets/control-agent/2.0.100/krb/krb5.conf new file mode 100644 index 000000000..d97d77d1e --- /dev/null +++ b/charts/streamsets/control-agent/2.0.100/krb/krb5.conf @@ -0,0 +1,17 @@ +[libdefaults] +default_realm = +dns_lookup_kdc = false +dns_lookup_realm = false +ticket_lifetime = 86400 +renew_lifetime = 604800 +forwardable = true +default_tgs_enctypes = aes256-cts +default_tkt_enctypes = aes256-cts +permitted_enctypes = aes256-cts +udp_preference_limit = 1 +[realms] + = { +kdc = +admin_server = +} + diff --git a/charts/streamsets/control-agent/2.0.100/questions.yml b/charts/streamsets/control-agent/2.0.100/questions.yml new file mode 100644 index 000000000..b34ac722c --- /dev/null +++ b/charts/streamsets/control-agent/2.0.100/questions.yml @@ -0,0 +1,65 @@ +questions: +#image configurations +- variable: defaultImage + default: true + description: "Use default Streamsets image or specify a custom one" + label: Use Default Streamsets Image + type: boolean + show_subquestion_if: false + group: "Container Images" + subquestions: + - variable: image.repository + default: "streamsets/control-agent" + description: "Streamsets Control Agent Image Name" + type: string + label: Streamsets Control Agent Image Name + - variable: image.tag + default: "3.0.0" + description: "Streamsets Image Tag" + type: string + label: Streamsets Image Tag + - variable: image.pullPolicy + default: "IfNotPresent" + description: "Pull policy for the image" + type: string + label: Streamsets Pull Policy +#streamsets configurations +- variable: streamsets.orgId + default: "" + description: "This is the part of your Streamsets Control Hub username after the `@`" + type: string + label: Enable Org ID + required: true + group: "Streamsets Org ID" +- variable: streamsets.api.url + default: "https://cloud.streamsets.com" + description: "The URL for the Streamsets Control Hub instance to connect to. Default is Streamsets Hosted Service" + type: string + label: Enable Streamsets API URL + required: false + group: "Streamsets API URL" +- variable: streamsets.api.token + default: "" + description: "Agent auth token from the Streamsets Control Hub REST API or UI" + type: string + required: true + label: Agent Auth Token + group: "Agent Auth Token" +- variable: rbac.enabled + default: true + description: "Creates req'd ServiceAccount and Role on RBAC-enabled cluster" + type: boolean + label: Enable RBAC + group: "RBAC" +- variable: resources + default: "" + description: "Resource request for the Control Agent pod" + type: string + label: Resource request for Streamsets Control Agent + group: "Resource request" +- variable: nodeSelector + default: "" + description: "Node Selector to apply to the deployment " + type: string + label: Node Selector for Streamsets Control Agent + group: "Node Selector" diff --git a/charts/streamsets/control-agent/2.0.100/templates/NOTES.txt b/charts/streamsets/control-agent/2.0.100/templates/NOTES.txt new file mode 100644 index 000000000..f17b2e5d9 --- /dev/null +++ b/charts/streamsets/control-agent/2.0.100/templates/NOTES.txt @@ -0,0 +1,2 @@ +The agent has been successfully installed. +Visit {{ .Values.streamsets.api.url }}/sch/provisioning/deployments to continue setup. diff --git a/charts/streamsets/control-agent/2.0.100/templates/_helpers.tpl b/charts/streamsets/control-agent/2.0.100/templates/_helpers.tpl new file mode 100644 index 000000000..8288985e9 --- /dev/null +++ b/charts/streamsets/control-agent/2.0.100/templates/_helpers.tpl @@ -0,0 +1,32 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "control-agent.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "control-agent.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "control-agent.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/charts/streamsets/control-agent/2.0.100/templates/deployment.yaml b/charts/streamsets/control-agent/2.0.100/templates/deployment.yaml new file mode 100644 index 000000000..6dc75545b --- /dev/null +++ b/charts/streamsets/control-agent/2.0.100/templates/deployment.yaml @@ -0,0 +1,87 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "control-agent.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "control-agent.name" . }} + helm.sh/chart: {{ include "control-agent.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: {{ include "control-agent.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "control-agent.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + spec: + {{- if .Values.rbac.enabled }} + serviceAccountName: {{ include "control-agent.fullname" . }} + {{- else }} + serviceAccountName: default + {{- end }} + terminationGracePeriodSeconds: 60 + containers: + - name: {{ include "control-agent.fullname" . }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.krb.enabled }} + volumeMounts: + - name: krb5conf + mountPath: "/opt/kerberos" + readOnly: true + {{- end}} + {{- if .Values.resources }} + resources: +{{ toYaml .Values.resources | indent 12 }} + {{- end }} + env: + - name: HOST + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: dpm_agent_master_url + value: "https://kubernetes.default.svc.cluster.local" + - name: dpm_agent_cof_type + value: KUBERNETES + - name: dpm_agent_dpm_baseurl + value: {{ default "https://cloud.streamsets.com" .Values.streamsets.api.url }} + - name: dpm_agent_component_id + value: {{ .Release.Name }}-{{ .Values.streamsets.orgId }} + - name: dpm_agent_token_string + valueFrom: + secretKeyRef: + name: {{ include "control-agent.fullname" . }} + key: apiToken + - name: dpm_agent_name + value: {{ .Release.Name }} + - name: dpm_agent_orgId + value: {{required "An SCH orgId is required!" .Values.streamsets.orgId }} + - name: dpm_agent_secret + value: {{ include "control-agent.fullname" . }} + - name: dpm_agent_crd_enabled + value: "{{.Values.streamsets.crdEnabled}}" + {{- if .Values.krb.enabled }} + - name: dpm_agent_kerberos_enabled + value: "true" + - name: KRB5_CONFIG + value: "/opt/kerberos/krb5.conf" + - name: dpm_agent_kerberos_secret + value: kerbsecret + - name: dpm_agent_kdc_type + value: {{ .Values.krb.kdcType }} + {{- end}} + {{- if .Values.krb.enabled }} + volumes: + - name: krb5conf + secret: + secretName: krb5conf + {{- end}} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end }} diff --git a/charts/streamsets/control-agent/2.0.100/templates/krb5-secret.yaml b/charts/streamsets/control-agent/2.0.100/templates/krb5-secret.yaml new file mode 100644 index 000000000..6af832276 --- /dev/null +++ b/charts/streamsets/control-agent/2.0.100/templates/krb5-secret.yaml @@ -0,0 +1,32 @@ +{{- if .Values.krb.enabled }} +apiVersion: v1 +kind: Secret +metadata: + name: krb5conf + labels: + app: {{ template "control-agent.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +type: Opaque +data: +{{ (.Files.Glob "krb/krb5.conf").AsSecrets | indent 2 }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: kerbsecret + labels: + app: {{ template "control-agent.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +type: Opaque +data: + encryption_types: {{required "encryption types to use when creating a keytab for service principal!" .Values.krb.encryptionTypes | b64enc }} + container_dn: {{required "distinguished name of the container under which new principals will be created is required!" .Values.krb.containerDn | b64enc }} + ldap_url: {{required "URL of the LDAP service provider is required!" .Values.krb.ldapUrl | b64enc }} + admin_principal: {{required "user account which has privileges to create, search and destroy service principals is required!" .Values.krb.adminPrincipal | b64enc }} + admin_key : {{required "secret key for the admin principal is required!" .Values.krb.adminKey | b64enc }} + realm : {{required "the realm of the organization is required!" .Values.krb.realm | b64enc }} +{{- end}} diff --git a/charts/streamsets/control-agent/2.0.100/templates/rbac.yaml b/charts/streamsets/control-agent/2.0.100/templates/rbac.yaml new file mode 100644 index 000000000..29607415a --- /dev/null +++ b/charts/streamsets/control-agent/2.0.100/templates/rbac.yaml @@ -0,0 +1,91 @@ +{{- if .Values.rbac.enabled }} +kind: ServiceAccount +apiVersion: v1 +metadata: + name: {{ include "control-agent.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "control-agent.name" . }} + helm.sh/chart: {{ include "control-agent.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + namespace: {{ .Release.Namespace }} + name: {{ include "control-agent.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "control-agent.name" . }} + helm.sh/chart: {{ include "control-agent.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +rules: +- apiGroups: ["", "extensions", "autoscaling", "apps"] + resources: ["pods", "deployments", "replicasets", "horizontalpodautoscalers", "services", "ingresses"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] +- apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "update"] +{{- if .Values.streamsets.crdEnabled }} +- apiGroups: ["streamsets.k8s.io"] + resources: ["sdcs"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] +{{- end }} +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + name: {{ include "control-agent.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ include "control-agent.name" . }} + helm.sh/chart: {{ include "control-agent.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "control-agent.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ include "control-agent.fullname" . }} + namespace: {{ .Release.Namespace }} +--- +{{- if .Values.streamsets.crdEnabled }} +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: streamsets-crd-handler + labels: + app.kubernetes.io/name: {{ include "control-agent.name" . }} + helm.sh/chart: {{ include "control-agent.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +rules: +- apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions", ] + verbs: ["get", "list", "watch"] +- apiGroups: ["apiextensions.k8s.io", "streamsets.k8s.io"] + resources: ["customresourcedefinitions", "sdcs"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "control-agent.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ include "control-agent.name" . }} + helm.sh/chart: {{ include "control-agent.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: streamsets-crd-handler +subjects: +- kind: ServiceAccount + name: {{ include "control-agent.fullname" . }} + namespace: {{ .Release.Namespace }} +{{- end }} +{{- end }} diff --git a/charts/streamsets/control-agent/2.0.100/templates/sdc.yaml b/charts/streamsets/control-agent/2.0.100/templates/sdc.yaml new file mode 100644 index 000000000..bd061f56e --- /dev/null +++ b/charts/streamsets/control-agent/2.0.100/templates/sdc.yaml @@ -0,0 +1,22 @@ +{{- if .Values.streamsets.crdEnabled }} +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: sdcs.streamsets.k8s.io + labels: + app.kubernetes.io/name: {{ include "control-agent.name" . }} + helm.sh/chart: {{ include "control-agent.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + annotations: + "helm.sh/hook": crd-install + "helm.sh/hook-delete-policy": before-hook-creation +scope: Namespaced +spec: + group: streamsets.k8s.io + version: v1 + names: + kind: SdcCustomResource + plural: sdcs + singular: sdc +{{- end }} diff --git a/charts/streamsets/control-agent/2.0.100/templates/token-secret.yaml b/charts/streamsets/control-agent/2.0.100/templates/token-secret.yaml new file mode 100644 index 000000000..fa397f495 --- /dev/null +++ b/charts/streamsets/control-agent/2.0.100/templates/token-secret.yaml @@ -0,0 +1,12 @@ +kind: Secret +apiVersion: v1 +metadata: + name: {{ include "control-agent.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "control-agent.name" . }} + helm.sh/chart: {{ include "control-agent.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +type: Opaque +data: + apiToken: {{ required "A Control Agent API token is required!" .Values.streamsets.api.token | b64enc }} diff --git a/charts/streamsets/control-agent/2.0.100/values.yaml b/charts/streamsets/control-agent/2.0.100/values.yaml new file mode 100644 index 000000000..3ccdef683 --- /dev/null +++ b/charts/streamsets/control-agent/2.0.100/values.yaml @@ -0,0 +1,28 @@ +# Default values for Streamsets Control Agent +image: + repository: streamsets/control-agent + tag: latest + pullPolicy: Always +streamsets: + orgId: + crdEnabled: false + api: + url: https://cloud.streamsets.com + token: +rbac: + enabled: true +krb: + enabled: false + encryptionTypes: + containerDn: + ldapUrl: + adminPrincipal: + adminKey: + realm: + kdcType: < AD | MIT > +## +## Configure resource requests and limits +## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +## +resources: {} +nodeSelector: {} diff --git a/charts/sysdig/sysdig/1.9.200/CHANGELOG.md b/charts/sysdig/sysdig/1.9.200/CHANGELOG.md new file mode 100644 index 000000000..3b017ffe4 --- /dev/null +++ b/charts/sysdig/sysdig/1.9.200/CHANGELOG.md @@ -0,0 +1,437 @@ +# Chart: Sysdig + +## Change Log + +This file documents all notable changes to Sysdig Helm Chart. The release +numbering uses [semantic versioning](http://semver.org). + +## v1.9.2 + +### Minor changes + +* Use latest image from Agent (10.3.0) + +## v1.9.1 + +### Minor changes + +* Remove explicit *onPrem* option. Use *collectorSettings* section instead. + +## v1.9.0 + +### Major changes + +* Option to deploy the [Node Image Analyzer](https://docs.sysdig.com/en/scan-running-images.html). + +### Minor changes + +* Include get/list/watch endpoints in agent clusterrole permissions. + +## v1.8.1 + +### Minor changes + +* Use the latest image from Agent (10.2.0) by default. + +### Bug fixes + +* Fix logic in template that was disabling captures in the agent settings. + +## v1.8.0 + +### Major changes + +* Migrated charts to *sysdiglabs* repository + +### Minor changes + +* Add explicit *clusterName* option in values.yaml +* Add beta.kubernetes.io labels for node affinity, to support older versions +* SCC deployed by default in Openshift (check API security.openshift.io/v1) + +## v1.7.20 + +### Minor changes + +* Use the latest image from Agent (10.1.1) by default. + +## v1.7.19 + +### Minor changes + +* Use the latest image from Agent (10.1.0) by default. + +## v1.7.18 + +### Minor changes + +* Add explicit *disable captures* option to agent settings. + +## v1.7.17 + +### Minor changes + +* Add onPrem as explicit option to set collector host, port and settings +* Fail if no sysdig.accessKey value is provided + +## v1.7.16 + +### Minor changes + +* Include support links in README.md + +## v1.7.15 + +### Minor changes + +* Use the latest image from Agent (10.0.0) by default. + +## v1.7.14 + +### Minor changes + +* Implement a more comprehensive securityContext for running the pod. + +## v1.7.13 + +### Minor changes + +* Implement scheduling with affinity and not with nodeSelector on amd64 & linux nodes. +* Add support for custom annotations on daemonSet. + +## v1.7.12 + +### Minor changes + +* Use the latest image from Agent (9.9.1) by default. +* Use kubernetes.io/arch label on daemonSet to schedule pods only on amd64 nodes. +* Add a livenessProbe to daemonSet. + +## v1.7.11 + +### Minor changes + +* Use app.kubernetes.io labels instead of custom ones + +## v1.7.10 + +### Minor changes + +* Use the latest image from Agent (9.9.0) by default. + +## v1.7.9 + +### Minor changes + +* Add the SecurityContextConstraints if the security.openshift.io/v1 API is detected. + +## v1.7.8 + +### Minor changes + +* Add an image.overrideValue value which is a hack to support + RELATED_IMAGE_ feature in Helm based operators. + +## v1.7.7 + +### Minor changes + +* Use the latest image from Agent (9.8.0) by default. + +## v1.7.6 + +### Minor changes + +* Use rbac.authorization.k8s.io/v1 instead of the beta1 API. +* Fix security key duplication when enabling secure and auditLog. + +## v1.7.5 + +### Minor changes + +* Use the latest image from Agent (9.7.0) by default. + +## v1.7.4 + +### Minor changes + +* Use the latest image from Agent (9.6.1) by default. + +## v1.7.3 + +### Minor changes + +* Removed dependency on ebpf.enabled to set environment variables + +## v1.7.2 + +### Minor changes + +* Use the latest image from Agent (9.5.0) by default. + +## v1.7.1 + +### Major changes + +* Remove the auditLog.clusterIP dependency. Using dynamic backend allows to + rely on DNS queries. + +## v1.7.0 + +### Major changes + +* Enable Sysdig Secure by default. + +## v1.6.0 + +### Major changes + +* Add audit log configuration when deploying the agent. + +## v1.5.0 + +### Major changes + +* Add slim configuration for deploying the agent. + +### Minor changes + +* Mount /etc/modprobe.d from host. +* Drop permissions to read secrets and configmaps. + +## v1.4.25 + +### Minor changes + +* Use the latest image from Agent (0.94.0) by default. + +## v1.4.24 + +### Minor changes + +* Use the latest image from Agent (0.93.1) by default. + +## v1.4.23 + +### Minor changes + +* Update NOTES.txt to use the newest URL for finding the infrastructure. + +## v1.4.22 + +### Minor changes + +* Use the latest image from Agent (0.93.0) by default. + +## v1.4.21 + +* Add 'How to upgrade to last version' to the README + +## v1.4.20 + +### Minor changes + +* Fixes compatibility errors introduced in v1.4.19. + +## v1.4.19 + +### Minor changes + +* Fixes compatibility with kubernetes 1.16. + +## v1.4.18 + +### Minor changes + +* Use the latest image from Agent (0.92.3) by default. + +## v1.4.17 + +### Minor changes + +* Use the latest image from Agent (0.92.2) by default. + +## v1.4.16 + +### Minor changes + +* Allow the DaemonSet to schedule using affinity rules + +## v1.4.15 + +### Minor changes + +* Add configmaps and secrets to the resources we can read +* Add support for priorityClassName, httpProxy, timezone and any env variable settings + +## v1.4.14 + +### Minor changes + +* Update REAMED.md to fix the example in how to use the `sysdig.settings.tags` in the command line with `--set` + +## v1.4.13 + +### Minor changes + +* Use the latest image from Agent (0.92.1) by default. +* Increase `resources.requests` and `resources.limits` to match the [values + provided by Sysdig's agent team.](https://github.com/draios/sysdig-cloud-scripts/blob/master/agent_deploy/kubernetes/sysdig-agent-daemonset-v2.yaml#L70) + +## v1.4.12 + +### Minor changes + +* Use the latest image from Agent (0.92.0) by default. + +## v1.4.11 + +### Minor Changes + +* Add nestorsalceda as an approver in the OWNERS file + +## v1.4.10 + +### Minor Changes + +* Use the latest image from Agent (0.90.3) by default. + +## v1.4.9 + +### Minor Changes + +* Use the latest image from Agent (0.90.2) by default. + +## v1.4.8 + +### Minor Changes + +* Add a volume with the os release information. +* Use the latest image from Agent (0.90.1) by default. + +## v1.4.7 + +### Minor Changes + +* Add apiVersion to Chart.yaml. + +## v1.4.6 + +### Minor Changes + +* Dont allow to change the value of `new_k8s` flag. + +## v1.4.5 + +### Minor Changes + +* Enable `new_k8s` flag by default. This allows kube state metrics to be + automatically detected, monitored, and displayed in Sysdig Monitor. + +## v1.4.4 + +### Minor Changes + +* Use the latest image from Agent (0.89.5) by default. +* Add `persistentvolumes` and `persistentvolumeclaims` to ClusterRole + +## v1.4.3 + +### Minor Changes + +* Provide an empty value to `sysdig.accessKey` key. + +## v1.4.2 + +### Minor Changes + +* Use the latest image from Agent (0.89.4) by default. +* Use latest shovel logo. + +## v1.4.0 + +### Major Changes + +* Use the latest image from Agent (0.89.0) by default. +* eBPF support added. + +## v1.3.2 + +### Minor Changes + +* Provide sane defaults resources for the Sysdig Agent. +* Use RollingUpdate strategy by default. + +## v1.3.1 + +### Minor Changes + +* Revert v1.2.1 changes. The agent automatically restarts when detects a change in the configuration. + +## v1.3.0 + +### Major Changes + +* Use a lower pod termination grace period for avoiding data gaps when pod fails to terminate quickly. +* Check running file on readinessProbe instead of relaying on logs. +* Mount /run and /var/run instead of Docker socket. It allows to access CRI / containerd socket. +* Avoid floating references for the image. + +## v1.2.2 + +### Minor Changes + +* Fix value in the agent tags example. + +## v1.2.1 + +### Minor Changes + +* Add checksum annotations to DaemonSet so that rolling upgrades works when a ConfigMap changes. + +## v1.2.0 + +### Major Changes + +* Allow to use other Docker registries (ECR, Quay ...) to download the Sysdig agent image. + +## v1.1.0 + +### Major Changes + +* Add support for uploading custom app checks for Sysdig agent + +## v1.0.4 + +### Minor Changes + +* Update README file with instructions for setting up the agent with On-Premise deployments + +## v1.0.3 + +### Minor Changes + +* Fixed error in ClusterRoleBinding's roleRef + +## v1.0.2 + +### Minor Changes + +* Fix readinessProbe in daemonset's pod spec + +## v1.0.1 + +### Minor Changes + +* Add dnsPolicy to daemonset. Its value is ClusterFirstWithHostNet +* Fix link target for retrieving Sysdig Monitor Access Key in README + +## v1.0.0 + +### Major Changes + +* Run Sysdig agent as [daemonset v2.0](https://github.com/draios/sysdig-cloud-scripts/blob/master/agent_deploy/kubernetes/sysdig-agent-daemonset-v2.yaml). +* Fix value's naming in order to follow [best practices](https://docs.helm.sh/chart_best_practices/#naming-conventions). +* Use a secure.enabled flag for enabling Sysdig Secure. +* Allow rbac resource creation or use existing serviceAccountName. +* Use required function for retrieving sysdig.accessKey. This ensures that key is present. diff --git a/charts/sysdig/sysdig/1.9.200/Chart.yaml b/charts/sysdig/sysdig/1.9.200/Chart.yaml new file mode 100644 index 000000000..8bff7b41f --- /dev/null +++ b/charts/sysdig/sysdig/1.9.200/Chart.yaml @@ -0,0 +1,31 @@ +annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/release-name: sysdig +apiVersion: v1 +appVersion: 10.3.0 +description: Sysdig Monitor and Secure agent +home: https://www.sysdig.com/ +icon: https://478h5m1yrfsa3bbe262u7muv-wpengine.netdna-ssl.com/wp-content/uploads/2019/02/Shovel_600px.png +keywords: +- monitoring +- security +- alerting +- metric +- troubleshooting +- run-time +maintainers: +- email: lachlan@deis.com + name: lachie83 +- email: jorge.salamero@sysdig.com + name: bencer +- email: nestor.salceda@sysdig.com + name: nestorsalceda +- email: alvaro.iradier@sysdig.com + name: airadier +- email: carlos.arilla@sysdig.com + name: carillan81 +name: sysdig +sources: +- https://app.sysdigcloud.com/#/settings/user +- https://github.com/draios/sysdig +version: 1.9.200 diff --git a/charts/sysdig/sysdig/1.9.200/DESIGN.md b/charts/sysdig/sysdig/1.9.200/DESIGN.md new file mode 100644 index 000000000..607f73d67 --- /dev/null +++ b/charts/sysdig/sysdig/1.9.200/DESIGN.md @@ -0,0 +1,34 @@ +# Chart: Sysdig + +## Design and Known Issues Justification Document + +### Goal + +The goal of this file is to document and give some context about some issues that +forced me to take some decisions in this Chart. + +### Loading Custom App Checks using a ConfigMap and a Yaml file + +In Helm, we are not able to add an external file to a Chart deployment, in fact, +there is an [issue](https://github.com/helm/helm/issues/3276) about this. + +This means that external files like SSL certificates or pluggable files, like +Falco rules or Custom App Checks, should be managed using Helm exclusively. You +can see comments in [first Falco pull request](https://github.com/helm/charts/pull/5853). + +And the way to manage them using Helm is to pass file contents as values to Chart +deployment. A nice tip is using a Yaml file and pass to deployment command line +using the -f flag. + +### OpenShift support + +Right now, there are an issue in [OpenShift](https://github.com/openshift/origin/issues/20788) +and other in [Helm](https://github.com/helm/helm/issues/4533) that makes a bit +cumbersome the OpenShift support for this Chart. + +Eventually, they will be fixed. But meanwhile a workaround is to create a +serviceAccount using the `oc` utility. Also manage permissions for creating privileged +containers and allowing hostPath mount with `oc` and deploy the Chart with the +`serviceAccount.name` created with `oc`. + +You can see more details about this workaround on [Sysdig Documentation about OpenShift](https://sysdigdocs.atlassian.net/wiki/spaces/Platform/pages/256671843/). diff --git a/charts/sysdig/sysdig/1.9.200/OWNERS b/charts/sysdig/sysdig/1.9.200/OWNERS new file mode 100644 index 000000000..a424cc075 --- /dev/null +++ b/charts/sysdig/sysdig/1.9.200/OWNERS @@ -0,0 +1,6 @@ +approvers: +- bencer +- nestorsalceda +reviewers: +- bencer +- nestorsalceda diff --git a/charts/sysdig/sysdig/1.9.200/README-AWS.md b/charts/sysdig/sysdig/1.9.200/README-AWS.md new file mode 100644 index 000000000..a9eea4564 --- /dev/null +++ b/charts/sysdig/sysdig/1.9.200/README-AWS.md @@ -0,0 +1,45 @@ +# Chart: Sysdig + +## Deploying the AWS Marketplace Sysdig agent image + +This is an use case similar to pulling images from a private registry. First you +need to get the authorization token for the AWS Marketplace ECS image registry: + +```bash +aws ecr --region=us-east-1 get-authorization-token --output text --query authorizationData[].authorizationToken | base64 -d | cut -d: -f2 +``` + +And then use it to create the Secret. Don't forget to replace TOKEN and EMAIL +with your own values: + +```bash +kubectl create secret docker-registry aws-marketplace-credentials \ + --docker-server=217273820646.dkr.ecr.us-east-1.amazonaws.com \ + --docker-username=AWS \ + --docker-password="TOKEN" \ + --docker-email="EMAIL" +``` + +Next you need to create a values YAML file to pass the specific ECS registry +configuration (you will find these values when you activate the software from +the AWS Marketplace): + +```yaml +sysdig: + accessKey: XxxXXxXXxXXxxx + +image: + registry: 217273820646.dkr.ecr.us-east-1.amazonaws.com + repository: 2df5da52-6fa2-46f6-b164-5b879e86fd85/cg-3361214151/agent + tag: 0.85.1-latest + pullSecrets: + - name: aws-marketplace-credentials +``` + +Finally, set the accessKey value and you are ready to deploy the Sysdig agent +using the Helm chart: + +```bash +helm install --name sysdig-agent -f aws-marketplace-values.yaml stable/sysdig +``` + diff --git a/charts/sysdig/sysdig/1.9.200/README.md b/charts/sysdig/sysdig/1.9.200/README.md new file mode 100644 index 000000000..cac7539cb --- /dev/null +++ b/charts/sysdig/sysdig/1.9.200/README.md @@ -0,0 +1,377 @@ +# Chart: Sysdig + +[Sysdig](https://sysdig.com/) is a unified platform for container and microservices monitoring, troubleshooting, security and forensics. Sysdig platform has been built on top of [Sysdig tool](https://sysdig.com/opensource/sysdig/) and [Sysdig Inspect](https://sysdig.com/blog/sysdig-inspect/) open-source technologies. + +## Introduction + +This chart adds the Sysdig agent for [Sysdig Monitor](https://sysdig.com/product/monitor/) and [Sysdig Secure](https://sysdig.com/product/secure/) to all nodes in your cluster via a DaemonSet. + +## Prerequisites + +- Kubernetes 1.9+ with Beta APIs enabled + +## Installing the Chart + +To install the chart with the release name `my-release`, retrieve your Sysdig Monitor Access Key from your [Account Settings](https://app.sysdigcloud.com/#/settings/agentInstallation) and run: + +```bash +$ helm repo add sysdiglabs https://sysdiglabs.github.io/charts/ +``` + +to add the `sysdiglabs` Helm chart repository. Then run: + +```bash +$ helm install --name my-release --set sysdig.accessKey=YOUR-KEY-HERE sysdiglabs/sysdig +``` + +After a few seconds, you should see hosts and containers appearing in Sysdig Monitor and Sysdig Secure. + +> **Tip**: List all releases using `helm list` + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```bash +$ helm delete my-release +``` +> **Tip**: Use helm delete --purge my-release to completely remove the release from Helm internal storage + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Configuration + +The following table lists the configurable parameters of the Sysdig chart and their default values. + +| Parameter | Description | Default | +| --- | --- | --- | +| `image.registry` | Sysdig Agent image registry | `docker.io` | +| `image.repository` | The image repository to pull from | `sysdig/agent` | +| `image.tag` | The image tag to pull | `10.3.0` | +| `image.pullPolicy` | The Image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Image pull secrets | `nil` | +| `resources.requests.cpu` | CPU requested for being run in a node | `600m` | +| `resources.requests.memory` | Memory requested for being run in a node | `512Mi` | +| `resources.limits.cpu` | CPU limit | `2000m` | +| `resources.limits.memory` | Memory limit | `1536Mi` | +| `rbac.create` | If true, create & use RBAC resources | `true` | +| `scc.create` | Create OpenShift's Security Context Constraint | `true` | +| `serviceAccount.create` | Create serviceAccount | `true` | +| `serviceAccount.name` | Use this value as serviceAccountName | ` ` | +| `daemonset.updateStrategy.type` | The updateStrategy for updating the daemonset | `RollingUpdate` | +| `daemonset.affinity` | Node affinities | `schedule on amd64 and linux` | +| `daemonset.annotations` | Custom annotations for daemonset | `{}` | +| `slim.enabled` | Use the slim based Sysdig Agent image | `false` | +| `slim.kmoduleImage.repository` | The kernel module image builder repository to pull from | `sysdig/agent-kmodule` | +| `slim.resources.requests.cpu` | CPU requested for building the kernel module | `1000m` | +| `slim.resources.requests.memory` | Memory requested for building the kernel module | `348Mi` | +| `slim.resources.limits.memory` | Memory limit for building the kernel module | `512Mi` | +| `ebpf.enabled` | Enable eBPF support for Sysdig instead of `sysdig-probe` kernel module | `false` | +| `ebpf.settings.mountEtcVolume` | Needed to detect which kernel version are running in Google COS | `true` | +| `clusterName` | Set a cluster name to identify events using *kubernetes.cluster.name* tag | ` ` | +| `sysdig.accessKey` | Your Sysdig Monitor Access Key | `Nil` You must provide your own key | +| `sysdig.disableCaptures` | Disable capture functionality (see https://docs.sysdig.com/en/disable-captures.html) | `false` | +| `sysdig.settings` | Additional settings, directly included in the agent's configuration file `dragent.yaml` | `{}` | +| `secure.enabled` | Enable Sysdig Secure | `true` | +| `auditLog.enabled` | Enable K8s audit log support for Sysdig Secure | `false` | +| `auditLog.auditServerUrl` | The URL where Sysdig Agent listens for K8s audit log events | `0.0.0.0` | +| `auditLog.auditServerPort` | Port where Sysdig Agent listens for K8s audit log events | `7765` | +| `auditLog.dynamicBackend.enabled` | Deploy the Audit Sink where Sysdig listens for K8s audit log events | `false` | +| `customAppChecks` | The custom app checks deployed with your agent | `{}` | +| `nodeImageAnalyzer.deploy` | Deploy the Node Image Analyzer (See https://docs.sysdig.com/en/scan-running-images.html)| `false` | +| `nodeImageAnalyzer.image.repository` | The image repository to pull the Node Image Analyzer from | `sysdig/node-image-analyzer` | +| `nodeImageAnalyzer.image.tag` | The image tag to pull the Node Image Analyzer | `0.1.1` | +| `nodeImageAnalyzer.image.pullPolicy` | The Image pull policy for the Node Image Analyzer | `IfNotPresent` | +| `nodeImageAnalyzer.image.pullSecrets` | Image pull secrets for the Node Image Analyzer | `nil` | +| `nodeImageAnalyzer.resources.requests.cpu` | Node Image Analyzer CPU requests per node | `250m` | +| `nodeImageAnalyzer.resources.requests.memory` | Node Image Analyzer Memory requests per node | `512Mi` | +| `nodeImageAnalyzer.resources.limits.cpu` | Node Image Analyzer CPU limit per node | `500m` | +| `nodeImageAnalyzer.resources.limits.memory` | Node Image Analyzer Memory limit per node | `1024Mi` | +| `nodeImageAnalyzer.settings` | Additional Node Image Analyzer settings | `{}` | +| `tolerations` | The tolerations for scheduling | `node-role.kubernetes.io/master:NoSchedule` | +| `prometheus.file` | Use file to configure promscrape | `false` | +| `prometheus.yaml` | prometheus.yaml content to configure metric collection: relabelling and filtering | ` ` | +| `extraVolume.volumes` | Additional volumes to mount in the sysdig agent to pass new secrets or configmaps | `[]` | +| `extraVolume.mounts` | Mount points for additional volumes | `[]` | + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```bash +$ helm install --name my-release \ + --set sysdig.accessKey=YOUR-KEY-HERE,sysdig.settings.tags="role:webserver\,location:europe" \ + sysdiglabs/sysdig +``` + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, + +```bash +$ helm install --name my-release -f values.yaml sysdiglabs/sysdig +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) + +## On-Premise backend deployment settings + +Sysdig platform backend can be also deployed On-Premise in your own infrastructure. + +Installing the agent using the Helm chart is also possible in this scenario, and you can enable it with the following parameters: + +| Parameter | Description | Default | +| --- | --- | --- | +| `collectorSettings.collectorHost` | The IP address or hostname of the collector | ` ` | +| `collectorSettings.collectorPort` | The port where collector is listening | 6443 | +| `collectorSettings.ssl` | The collector accepts SSL | `true` | +| `collectorSettings.sslVerifyCertificate` | Set to false if you don't want to verify SSL certificate | `true` | + +For example: + +```bash +$ helm install --name my-release \ + --set sysdig.accessKey=YOUR-KEY-HERE \ + --set collectorSettings.collectorHost=42.32.196.18 \ + --set collectorSettings.collectorPort=6443 \ + --set collectorSettings.sslVerifyCertificate=false \ + sysdiglabs/sysdig +``` + +## Using private Docker image registry + +If you pull the Sysdig agent Docker image from a private registry that requires authentication, some additional configuration is required. + +First, create a secret that stores the registry credentials: + +```bash +$ kubectl create secret docker-registry SECRET_NAME \ + --docker-server=SERVER \ + --docker-username=USERNAME \ + --docker-password=TOKEN \ + --docker-email=EMAIL +``` + +Then, point to this secret in the values YAML file: + +```yaml +sysdig: + accessKey: YOUR-KEY-HERE +image: + registry: myrepo.mydomain.tld + repository: sysdig-agent + tag: latest-tag + pullSecrets: + - name: SECRET_NAME +``` + +Finally, set the accessKey value and you are ready to deploy the Sysdig agent +using the Helm chart: + +```bash +$ helm install --name my-release -f values.yaml sysdiglabs/sysdig +``` + +You can read more details about this in [Kubernetes Documentation](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/). + +## Modifying Sysdig agent configuration + +The Sysdig agent uses a file called `dragent.yaml` to store the configuration. + +Using the Helm chart, the default configuration settings can be updated using `sysdig.settings` either via `--set sysdig.settings.key = value` or in the values YAML file. For example, to eanble Prometheus metrics scraping, you need this in your `values.yaml` file:: + +```yaml +sysdig: + accessKey: YOUR-KEY-HERE + settings: + prometheus: + enabled: true + histograms: true +``` + +```bash +$ helm install --name my-release -f values.yaml sysdiglabs/sysdig +``` + +## Upgrading Sysdig agent configuration + +If you need to upgrade the agent configuration file, first modify the YAML file (in this case we are increasing the metrics limit scraping Prometheus metrics): + +```yaml +sysdig: + accessKey: YOUR-KEY-HERE + settings: + prometheus: + enabled: true + histograms: true + max_metrics: 2000 + max_metrics_per_process: 400 +``` + +And then, upgrade Helm chart with: + +```bash +$ helm upgrade my-release -f values.yaml sysdiglabs/sysdig +``` + +## How to upgrade to the last version + +First of all ensure you have the lastest chart version + +```bash +$ helm repo update +``` + +In case you deployed the chart with a values.yaml file, you just need to modify (or add if it's missing) the `image.tag` field and execute: + +```bash +$ helm install --name sysdig -f values.yaml sysdiglabs/sysdig +``` + +If you deployed the chart setting the values as CLI parameters, like for example: + +```bash +$ helm install \ + --name sysdig \ + --set sysdig.accessKey=xxxx \ + --set ebpf.enabled=true \ + --namespace sysdig-agent \ + sysdiglabs/sysdig +``` + +You will need to execute: + +```bash +$ helm upgrade --set image.tag= --reuse-values sysdig sysdiglabs/sysdig +``` + +## Adding custom AppChecks + +[Application checks](https://sysdigdocs.atlassian.net/wiki/spaces/Monitor/pages/204767363/) are integrations that allow the Sysdig agent to collect metrics exposed by specific services. Sysdig has several built-in AppChecks, but sometimes you might need to [create your own](https://sysdigdocs.atlassian.net/wiki/spaces/Monitor/pages/204767436/). + +Your own AppChecks can deployed with the Helm chart embedding them in the values YAML file: + +```yaml +customAppChecks: + sample.py: |- + from checks import AgentCheck + + class MyCustomCheck(AgentCheck): + def check(self, instance): + self.gauge("testhelm", 1) + +sysdig: + accessKey: YOUR-KEY-HERE + settings: + app_checks: + - name: sample + interval: 10 + pattern: # pattern to match the application + comm: myprocess + conf: + mykey: myvalue +``` + +The first section, dumps the AppCheck in a Kubernetes configmap and makes it available within the Sysdig agent container. The second, configures it on the `dragent.yaml` file. + +Once the values YAML file is ready, we will deploy the Chart like before: + +```bash +$ helm install --name my-release -f values.yaml sysdiglabs/sysdig +``` + +### Automating the generation of custom-app-checks.yaml file + +Sometimes editing and maintaining YAML files can be a bit cumbersome and error-prone, so we have created a script for automating this process and make your life easier. + +Imagine that you have custom AppChecks for a number of services like Redis, MongoDB and Traefik. + +You have already a `values.yaml` with just your configuration: + +```yaml +sysdig: + accessKey: YOUR-KEY-HERE + settings: + app_checks: + - name: myredis + [...] + - name: mymongo + [...] + - name: mytraefik + [...] +``` + +You can generate an additional values YAML file with the custom AppChecks: + +```bash +$ git clone https://github.com/kubernetes/charts.git +$ cd charts/sysdiglabs/sysdig +$ ./scripts/appchecks2helm appChecks/solr.py appChecks/traefik.py appChecks/nats.py > custom-app-checks.yaml +``` + +And deploy the Chart with both of them: + +```bash +$ helm install --name my-release -f custom-app-checks.yaml -f values.yaml sysdiglabs/sysdig +``` + +### Adding prometheus.yaml to configure promscrape + +Promscrape is the component used to collect Prometheus metrics from the sysdig agent. It is based on Prometheus and accepts the same configuration format. + +This file can contain relabelling rules and filters to remove certain metrics or add some configurations to the collection. An example of this file could be: + +```yaml +global: + scrape_interval: 15s + evaluation_interval: 15s +scrape_configs: +- job_name: 'prometheus' # config for federation + honor_labels: true + metrics_path: '/federate' + metric_relabel_configs: + - regex: 'kubernetes_pod_name' + action: labeldrop + params: + 'match[]': + - '{sysdig="true"}' + sysdig_sd_configs: + - tags: + namespace: monitoring + deployment: prometheus-server +``` +`sysdig_sd_configs` allows to select the targets obtained by Sysdig agents to apply the rules in the job. Check [how to configure filtering in sysdig documentation](https://docs.sysdig.com/en/filtering-prometheus-metrics.html). + + +### Adding additional volumes + +To add a new volume to the sysdig agent. + +In order to pass new config maps or secrets used for authentication (for example for Prometheus endpoints) you can mount additional secrets, configmaps or volumes. An example of this could be: + +```yaml +extraVolumes: + volumes: + - name: sysdig-new-cm + configMap: + name: my-cm + optional: true + - name: sysdig-new-secret + secret: + secretName: my-secret + mounts: + - mountPath: /opt/draios/cm + name: sysdig-new-cm + - mountPath: /opt/draios/secret + name: sysdig-new-secret +``` + +## Support + +For getting support from the Sysdig team, you should refer to the official +[Sysdig Support page](https://sysdig.com/support). + +In addition to this, you can browse the documentation for the different +components of the Sysdig Platform: + +* [Sysdig Monitor](https://app.sysdigcloud.com) +* [Sysdig Secure](https://secure.sysdig.com) +* [Platform Documentation](https://docs.sysdig.com/en/sysdig-platform.html) +* [Monitor Documentation](https://docs.sysdig.com/en/sysdig-monitor.html) +* [Secure Documentation](https://docs.sysdig.com/en/sysdig-secure.html) diff --git a/charts/sysdig/sysdig/1.9.200/app-readme.md b/charts/sysdig/sysdig/1.9.200/app-readme.md new file mode 100644 index 000000000..80c6133f0 --- /dev/null +++ b/charts/sysdig/sysdig/1.9.200/app-readme.md @@ -0,0 +1,20 @@ +# Sysdig Secure DevOps Platform + +Sysdig enables companies to confidently run cloud-native workloads in production. With the Sysdig Secure DevOps Platform, cloud teams embed security, maximize availability, and validate compliance. The Sysdig platform is open by design, with the scale, performance, and usability enterprises demand. The largest companies rely on Sysdig for cloud-native security and visibility. + +## Embed security +* Detect vulnerabilities and misconfigurations with a single workflow +* Block threats without impacting performance using K8s controls +* Conduct forensics even after the container is gone + +## Maximize availability +* Prevent issues by monitoring performance and capacity +* Accelerate troubleshooting with a single source of truth +* Scale Prometheus monitoring across clusters and clouds + +## Validate compliance +* Verify configuration meets CIS best practices +* Ensure application compliance with NIST, PCI +* Enable audit by correlating Kubernetes activity + +Learn more at [sysdig.com](https://sysdig.com/) diff --git a/charts/sysdig/sysdig/1.9.200/ci/test-values.yaml b/charts/sysdig/sysdig/1.9.200/ci/test-values.yaml new file mode 100644 index 000000000..a6745f8b2 --- /dev/null +++ b/charts/sysdig/sysdig/1.9.200/ci/test-values.yaml @@ -0,0 +1,2 @@ +sysdig: + accessKey: xxx diff --git a/charts/sysdig/sysdig/1.9.200/questions.yml b/charts/sysdig/sysdig/1.9.200/questions.yml new file mode 100644 index 000000000..26e0d4358 --- /dev/null +++ b/charts/sysdig/sysdig/1.9.200/questions.yml @@ -0,0 +1,100 @@ +questions: +#image configurations +- variable: defaultImage + default: true + description: "Use default Sysdig image or specify a custom one" + label: Use Default Sysdig Image + type: boolean + show_subquestion_if: false + group: "Container Images" + subquestions: + - variable: image.repository + default: "sysdig/agent" + description: "Sysdig Image Name" + type: string + label: Sysdig Image Name + - variable: image.tag + default: "10.3.0" + description: "Sysdig Image Tag" + type: string + label: Sysdig Image Tag +#agent configurations +- variable: sysdig.accessKey + default: "" + description: "You need your Sysdig accessKey before running agents" + type: string + required: true + label: Sysdig accessKey +- variable: sysdig.backend + default: "Sysdig SaaS" + description: "Where is Sysdig backend hosted on" + type: enum + label: Sysdig Backend + group: "Agent Configuration" + required: true + options: + - "sysdig-saas" + - "self-hosted" +- variable: sysdig.settings.collector + required: true + default: "collector.sysdigcloud.com" + description: "The host of the Sysdig collector the agent sends data to, only set this option if you need the agent to send data to a custom backend" + type: string + label: Sysdig Collector + group: "Agent Configuration" + show_if: "sysdig.backend=self-hosted" +- variable: sysdig.settings.collector_port + required: true + default: "6443" + description: "The port where the Sysdig collector listens to" + type: string + label: Sysdig Collector Port + group: "Agent Configuration" + show_if: "sysdig.backend=self-hosted" +- variable: sysdig.settings.ssl + required: true + default: true + description: "Use SSL to connect to the Sysdig collector" + type: boolean + label: Sysdig Collector SSL + group: "Agent Configuration" + show_if: "sysdig.backend=self-hosted" +- variable: sysdig.settings.ssl_verify_certificate + required: true + default: true + description: "Validate SSL certificate from the Sysdig collector" + type: boolean + label: Sysdig Collector Verify SSL Certificate + group: "Agent Configuration" + show_if: "sysdig.backend=self-hosted&&sysdig.settings.ssl=true" +- variable: sysdig.settings.tags + default: "" + description: "Agent tags, separated by commas. For example: 'linux:ubuntu,dept:dev,local:nyc'" + type: string + label: Agent Tags + group: "Agent Configuration" +- variable: ebpf.enabled + default: false + description: "Enable eBPF support for Sysdig agent instead of kernel module" + type: boolean + label: Enable eBPF + group: "Agent Configuration" +#proxy configurations +- variable: proxy.httpProxy + default: "" + description: "An http URL to use as a proxy for http requests" + type: string + label: Proxy for HTTP Requests + group: "Proxy Configuration" +- variable: proxy.httpsProxy + default: "" + description: "An http URL to use as a proxy for https requests" + type: string + label: Proxy for HTTPS Requests + group: "Proxy Configuration" +- variable: proxy.noProxy + default: "" + description: "A space-separated list of URLs for which no proxy should be used" + type: string + label: No Proxy List (separated by a space) + group: "Proxy Configuration" diff --git a/charts/sysdig/sysdig/1.9.200/scripts/appchecks2helm b/charts/sysdig/sysdig/1.9.200/scripts/appchecks2helm new file mode 100644 index 000000000..f9e0f2d21 --- /dev/null +++ b/charts/sysdig/sysdig/1.9.200/scripts/appchecks2helm @@ -0,0 +1,11 @@ +#!/bin/bash + +echo "customAppChecks:" +for app_check in "$@" +do + echo -e " $(basename $app_check): |-" + while IFS= read -r line + do + echo -e " $line" + done <"$app_check" +done diff --git a/charts/sysdig/sysdig/1.9.200/templates/NOTES.txt b/charts/sysdig/sysdig/1.9.200/templates/NOTES.txt new file mode 100644 index 000000000..131548b8a --- /dev/null +++ b/charts/sysdig/sysdig/1.9.200/templates/NOTES.txt @@ -0,0 +1,9 @@ +The agent for Sysdig Secure DevOps Platform is spinning up on each node in your +cluster. After a few seconds, you should see your hosts appearing in the +Explore tab: + + https://app.sysdigcloud.com/#/explore/overview/l:10 + + https://secure.sysdig.com/#/events/l:600/*/*?viewAs=list + +No further action should be required. diff --git a/charts/sysdig/sysdig/1.9.200/templates/_helpers.tpl b/charts/sysdig/sysdig/1.9.200/templates/_helpers.tpl new file mode 100644 index 000000000..5649026a7 --- /dev/null +++ b/charts/sysdig/sysdig/1.9.200/templates/_helpers.tpl @@ -0,0 +1,109 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "sysdig.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "sysdig.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "sysdig.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "sysdig.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "sysdig.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Define the proper imageRegistry to use for agent and kmodule image +*/}} +{{- define "sysdig.imageRegistry" -}} +{{- if and .Values.global (hasKey (default .Values.global dict) "imageRegistry") -}} + {{- .Values.global.imageRegistry -}} +{{- else -}} + {{- .Values.image.registry -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper Sysdig Agent image name +*/}} +{{- define "sysdig.repositoryName" -}} +{{- .Values.image.repository -}} {{- if .Values.slim.enabled -}} -slim {{- end -}} +{{- end -}} + +{{- define "sysdig.image" -}} +{{- if .Values.image.overrideValue }} + {{- printf .Values.image.overrideValue -}} +{{- else -}} + {{- include "sysdig.imageRegistry" . -}} / {{- include "sysdig.repositoryName" . -}} : {{- .Values.image.tag -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper Sysdig Agent image name for module building +*/}} +{{- define "sysdig.image.kmodule" -}} + {{- include "sysdig.imageRegistry" . -}} / {{- .Values.slim.kmoduleImage.repository -}} : {{- .Values.image.tag -}} +{{- end -}} + +{{/* +Return the proper Sysdig Agent image name for the Node Image Analyzer +*/}} +{{- define "sysdig.image.nodeImageAnalyzer" -}} + {{- include "sysdig.imageRegistry" . -}} / {{- .Values.nodeImageAnalyzer.image.repository -}} : {{- .Values.nodeImageAnalyzer.image.tag -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "sysdig.labels" -}} +helm.sh/chart: {{ include "sysdig.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + + +{{/* +Use like: {{ include "get_or_fail_if_in_settings" (dict "root" . "key" "" "setting" "") }} +Return the value of key "" and if "" is also defined in sysdig.settings., and error is thrown +NOTE: I don't like the error message! Too much information. +*/}} +{{- define "get_or_fail_if_in_settings" -}} +{{- $keyValue := tpl (printf "{{- .Values.%s -}}" .key) .root }} +{{- if $keyValue -}} + {{- if hasKey .root.Values.sysdig.settings .setting }}{{ fail (printf "Value '%s' is also set via .sysdig.settings.%s'." .key .setting) }}{{- end -}} + {{- $keyValue -}} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/sysdig/sysdig/1.9.200/templates/auditsink.yaml b/charts/sysdig/sysdig/1.9.200/templates/auditsink.yaml new file mode 100644 index 000000000..4f8378ea0 --- /dev/null +++ b/charts/sysdig/sysdig/1.9.200/templates/auditsink.yaml @@ -0,0 +1,24 @@ +{{- if and .Values.auditLog.enabled .Values.auditLog.dynamicBackend.enabled }} +apiVersion: auditregistration.k8s.io/v1alpha1 +kind: AuditSink +metadata: + name: {{ template "sysdig.fullname" . }} + labels: +{{ include "sysdig.labels" . | indent 4 }} +spec: + policy: + level: RequestResponse + stages: + - ResponseComplete + - ResponseStarted + webhook: + throttle: + qps: 10 + burst: 15 + clientConfig: + service: + namespace: {{ .Release.Namespace }} + name: {{ template "sysdig.fullname" . }} + port: {{ .Values.auditLog.auditServerPort }} + path: /k8s_audit +{{- end }} diff --git a/charts/sysdig/sysdig/1.9.200/templates/clusterrole.yaml b/charts/sysdig/sysdig/1.9.200/templates/clusterrole.yaml new file mode 100644 index 000000000..35fde6101 --- /dev/null +++ b/charts/sysdig/sysdig/1.9.200/templates/clusterrole.yaml @@ -0,0 +1,66 @@ +{{- if .Values.rbac.create }} +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ template "sysdig.fullname" .}} + labels: +{{ include "sysdig.labels" . | indent 4 }} +rules: + - apiGroups: + - "" + resources: + - pods + - replicationcontrollers + - services + - endpoints + - events + - limitranges + - namespaces + - nodes + - resourcequotas + - persistentvolumes + - persistentvolumeclaims + verbs: + - get + - list + - watch + - apiGroups: + - apps + resources: + - daemonsets + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - watch + - apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch + - apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - get + - list + - watch + - apiGroups: + - extensions + resources: + - daemonsets + - deployments + - ingresses + - replicasets + verbs: + - get + - list + - watch +{{- end }} diff --git a/charts/sysdig/sysdig/1.9.200/templates/clusterrolebinding.yaml b/charts/sysdig/sysdig/1.9.200/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..f8ab01298 --- /dev/null +++ b/charts/sysdig/sysdig/1.9.200/templates/clusterrolebinding.yaml @@ -0,0 +1,16 @@ +{{- if .Values.rbac.create }} +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ template "sysdig.fullname" .}} + labels: +{{ include "sysdig.labels" . | indent 4 }} +subjects: + - kind: ServiceAccount + name: {{ template "sysdig.serviceAccountName" .}} + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: {{ template "sysdig.fullname" .}} + apiGroup: rbac.authorization.k8s.io +{{- end }} diff --git a/charts/sysdig/sysdig/1.9.200/templates/configmap-custom-app-checks.yaml b/charts/sysdig/sysdig/1.9.200/templates/configmap-custom-app-checks.yaml new file mode 100644 index 000000000..6f0495efa --- /dev/null +++ b/charts/sysdig/sysdig/1.9.200/templates/configmap-custom-app-checks.yaml @@ -0,0 +1,13 @@ +{{- if .Values.customAppChecks }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "sysdig.fullname" . }}-custom-app-checks + labels: +{{ include "sysdig.labels" . | indent 4 }} +data: +{{- range $file, $content := .Values.customAppChecks }} + {{ $file }}: |- +{{ $content | indent 4}} +{{- end }} +{{- end }} diff --git a/charts/sysdig/sysdig/1.9.200/templates/configmap-image-analyzer.yaml b/charts/sysdig/sysdig/1.9.200/templates/configmap-image-analyzer.yaml new file mode 100644 index 000000000..d62acb6d5 --- /dev/null +++ b/charts/sysdig/sysdig/1.9.200/templates/configmap-image-analyzer.yaml @@ -0,0 +1,34 @@ +{{- if .Values.nodeImageAnalyzer.deploy }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "sysdig.fullname" . }}-image-analyzer + labels: +{{ include "sysdig.labels" . | indent 4 }} +data: + debug: "{{ .Values.nodeImageAnalyzer.settings.debug | default false }}" + {{- if .Values.nodeImageAnalyzer.settings.imagePeriod }} + image_period: {{ .Values.nodeImageAnalyzer.settings.imagePeriod }} + {{- end }} + {{- if .Values.nodeImageAnalyzer.settings.imageCacheTTL }} + image_cache_ttl: {{ .Values.nodeImageAnalyzer.settings.imageCacheTTL }} + {{- end }} + {{- if .Values.nodeImageAnalyzer.settings.reportPeriod }} + report_period: {{ .Values.nodeImageAnalyzer.settings.reportPeriod }} + {{- end }} + {{- if .Values.nodeImageAnalyzer.settings.dockerSocketPath }} + docker_socket_path: {{ .Values.nodeImageAnalyzer.settings.dockerSocketPath }} + {{- end }} + {{- if .Values.nodeImageAnalyzer.settings.criSocketPath }} + cri_socket_path: {{ .Values.nodeImageAnalyzer.settings.criSocketPath }} + {{- end }} + {{- if .Values.nodeImageAnalyzer.settings.collectorEndpoint }} + collector_endpoint: {{ .Values.nodeImageAnalyzer.settings.collectorEndpoint }} + {{- end }} + {{- if .Values.nodeImageAnalyzer.settings.checkCertificate }} + check_certificate: {{ .Values.nodeImageAnalyzer.settings.checkCertificate }} + {{- end }} + {{- if .Values.nodeImageAnalyzer.settings.collectorTimeout }} + collector_timeout: {{ .Values.nodeImageAnalyzer.settings.collectorTimeout }} + {{- end }} +{{- end }} diff --git a/charts/sysdig/sysdig/1.9.200/templates/configmap.yaml b/charts/sysdig/sysdig/1.9.200/templates/configmap.yaml new file mode 100644 index 000000000..543f62af7 --- /dev/null +++ b/charts/sysdig/sysdig/1.9.200/templates/configmap.yaml @@ -0,0 +1,54 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "sysdig.fullname" . }} + labels: +{{ include "sysdig.labels" . | indent 4 }} +data: + dragent.yaml: | + new_k8s: true +{{- $clusterName := include "get_or_fail_if_in_settings" (dict "root" . "key" "clusterName" "setting" "k8s_cluster_name")}} +{{- if $clusterName }} + k8s_cluster_name: {{ $clusterName }} +{{- end }} +{{- if or .Values.secure.enabled .Values.auditLog.enabled }} + security: + {{- if .Values.auditLog.enabled }} + k8s_audit_server_url: {{ .Values.auditLog.auditServerUrl }} + k8s_audit_server_port: {{ .Values.auditLog.auditServerPort }} + {{- end }} + {{- if .Values.secure.enabled }} + enabled: true + commandlines_capture: + enabled: true + memdump: + enabled: true + {{- end }} +{{- end }} +{{- $disableCaptures := include "get_or_fail_if_in_settings" (dict "root" . "key" "sysdig.disableCaptures" "setting" "sysdig_capture_enabled")}} +{{- if eq $disableCaptures "true" }} + sysdig_capture_enabled: false +{{- end }} +{{- $collectorHost := include "get_or_fail_if_in_settings" (dict "root" . "key" "collectorSettings.collectorHost" "setting" "collector")}} +{{- if $collectorHost }} + collector: {{ $collectorHost }} +{{- end }} +{{- $collectorPort := include "get_or_fail_if_in_settings" (dict "root" . "key" "collectorSettings.collectorPort" "setting" "collector_port")}} +{{- if $collectorPort }} + collector_port: {{ $collectorPort }} +{{- end }} +{{- $ssl := include "get_or_fail_if_in_settings" (dict "root" . "key" "collectorSettings.ssl" "setting" "ssl")}} +{{- if $ssl }} + ssl: {{ $ssl }} +{{- end }} +{{- $sslVerifyCertificate := include "get_or_fail_if_in_settings" (dict "root" . "key" "collectorSettings.sslVerifyCertificate" "setting" "ssl_verify_certificate")}} +{{- if $sslVerifyCertificate }} + ssl_verify_certificate: {{ $sslVerifyCertificate }} +{{- end }} +{{- if .Values.sysdig.settings }} +{{ toYaml .Values.sysdig.settings | indent 4 }} +{{- end }} +{{- if .Values.prometheus.file }} + prometheus.yaml: | +{{ toYaml .Values.prometheus.yaml | indent 4 }} +{{- end }} \ No newline at end of file diff --git a/charts/sysdig/sysdig/1.9.200/templates/daemonset-image-analyzer.yaml b/charts/sysdig/sysdig/1.9.200/templates/daemonset-image-analyzer.yaml new file mode 100644 index 000000000..ae9888bbf --- /dev/null +++ b/charts/sysdig/sysdig/1.9.200/templates/daemonset-image-analyzer.yaml @@ -0,0 +1,148 @@ +{{- if .Values.nodeImageAnalyzer.deploy }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ template "sysdig.fullname" . }}-image-analyzer + labels: + app.kubernetes.io/name: {{ include "sysdig.name" . }}-image-analyzer +{{ include "sysdig.labels" . | indent 4 }} +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ include "sysdig.name" . }}-image-analyzer + app.kubernetes.io/instance: {{ .Release.Name }} + updateStrategy: + type: RollingUpdate + template: + metadata: + name: {{ template "sysdig.fullname" . }}-image-analyzer + labels: + app.kubernetes.io/name: {{ include "sysdig.name" . }}-image-analyzer +{{ include "sysdig.labels" . | indent 8 }} + spec: + volumes: + # Needed for cri-o image inspection. + # cri-o and especially OCP 4.x by default use containers/storage to handle images, and this makes sure that the + # analyzer has access to the configuration. This file is mounted read-only. + - name: etc-containers-storage-vol + hostPath: + path: /etc/containers/storage.conf + # Needed for cri-o image inspection. + # This is the directory where image data is stored by default when using cri-o and OCP 4.x and the analyzer + # uses it to get the data to scan. This directory must be mounted r/w because proper access to its files through + # the containers/storage library is always regulated with a lockfile. + - name: var-lib-containers-vol + hostPath: + path: /var/lib/containers + # Needed for socket access + - name: varrun-vol + hostPath: + path: /var/run + # Add custom volume here + - name: sysdig-image-analyzer-config + configMap: + name: {{ template "sysdig.fullname" . }}-image-analyzer + optional: true + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + # The following line is necessary for RBAC + serviceAccount: {{ template "sysdig.serviceAccountName" .}} + {{- if .Values.nodeImageAnalyzer.image.pullSecrets }} + imagePullSecrets: +{{ toYaml .Values.nodeImageAnalyzer.image.pullSecrets | indent 8 }} + {{- end }} + terminationGracePeriodSeconds: 5 + containers: + - name: sysdig-image-analyzer + image: {{ template "sysdig.image.nodeImageAnalyzer" . }} + securityContext: + # The privileged flag is necessary for OCP 4.x and other Kubernetes setups that deny host filesystem access to + # running containers by default regardless of volume mounts. In those cases, access to the CRI socket would fail. + privileged: true + imagePullPolicy: {{ .Values.nodeImageAnalyzer.image.pullPolicy }} + resources: +{{ toYaml .Values.nodeImageAnalyzer.resources | indent 10 }} + volumeMounts: + - mountPath: /var/run + name: varrun-vol + - mountPath: /etc/containers/storage.conf + name: etc-containers-storage-vol + readOnly: true + - mountPath: /var/lib/containers + name: var-lib-containers-vol + env: + - name: ACCESS_KEY + valueFrom: + secretKeyRef: + name: {{ template "sysdig.fullname" . }} + key: access-key + - name: IMAGE_PERIOD + valueFrom: + configMapKeyRef: + name: {{ template "sysdig.fullname" . }}-image-analyzer + key: image_period + optional: true + - name: IMAGE_CACHE_TTL + valueFrom: + configMapKeyRef: + name: {{ template "sysdig.fullname" . }}-image-analyzer + key: image_cache_ttl + optional: true + - name: REPORT_PERIOD + valueFrom: + configMapKeyRef: + name: {{ template "sysdig.fullname" . }}-image-analyzer + key: report_period + optional: true + - name: DOCKER_SOCKET_PATH + valueFrom: + configMapKeyRef: + name: {{ template "sysdig.fullname" . }}-image-analyzer + key: docker_socket_path + optional: true + - name: CRI_SOCKET_PATH + valueFrom: + configMapKeyRef: + name: {{ template "sysdig.fullname" . }}-image-analyzer + key: cri_socket_path + optional: true + #TODO: Get from agent config instead? + - name: AM_COLLECTOR_ENDPOINT + valueFrom: + configMapKeyRef: + name: {{ template "sysdig.fullname" . }}-image-analyzer + key: collector_endpoint + optional: true + #TODO: Get from agent config instead? + - name: AM_COLLECTOR_TIMEOUT + valueFrom: + configMapKeyRef: + name: {{ template "sysdig.fullname" . }}-image-analyzer + key: collector_timeout + optional: true + - name: CHECK_CERTIFICATE + valueFrom: + configMapKeyRef: + name: {{ template "sysdig.fullname" . }}-image-analyzer + key: check_certificate + optional: true + - name: K8S_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: K8S_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: K8S_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: DEBUG + valueFrom: + configMapKeyRef: + name: {{ template "sysdig.fullname" . }}-image-analyzer + key: debug + optional: true +{{- end }} \ No newline at end of file diff --git a/charts/sysdig/sysdig/1.9.200/templates/daemonset.yaml b/charts/sysdig/sysdig/1.9.200/templates/daemonset.yaml new file mode 100644 index 000000000..2e1447f92 --- /dev/null +++ b/charts/sysdig/sysdig/1.9.200/templates/daemonset.yaml @@ -0,0 +1,227 @@ +{{- if .Values.sysdig.accessKey }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ template "sysdig.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "sysdig.name" . }} +{{ include "sysdig.labels" . | indent 4 }} +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ include "sysdig.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + name: {{ template "sysdig.fullname" .}} + labels: + app.kubernetes.io/name: {{ include "sysdig.name" . }} +{{ include "sysdig.labels" . | indent 8 }} + {{- if .Values.daemonset.annotations }} + annotations: +{{ toYaml .Values.daemonset.annotations | indent 8 }} + {{- end }} + spec: + serviceAccountName: {{ template "sysdig.serviceAccountName" .}} +{{- if .Values.priorityClassName }} + priorityClassName: "{{ .Values.priorityClassName }}" +{{- end }} + tolerations: +{{ toYaml .Values.tolerations | indent 8 }} + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + hostPID: true + terminationGracePeriodSeconds: 5 + {{- if .Values.daemonset.affinity }} + affinity: +{{ toYaml .Values.daemonset.affinity | indent 8 }} + {{- end }} + {{- if .Values.image.pullSecrets }} + imagePullSecrets: +{{ toYaml .Values.image.pullSecrets | indent 8 }} + {{- end }} + {{- if .Values.slim.enabled }} + initContainers: + - name: sysdig-agent-kmodule + image: {{ template "sysdig.image.kmodule" . }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.image.pullSecrets }} + imagePullSecrets: +{{ toYaml .Values.image.pullSecrets | indent 12 }} + {{- end }} + securityContext: + capabilities: + drop: + - ALL + privileged: true + runAsNonRoot: false + runAsUser: 0 + readOnlyRootFilesystem: false + allowPrivilegeEscalation: true + resources: +{{ toYaml .Values.slim.resources | indent 12 }} + volumeMounts: + - mountPath: /etc/modprobe.d + name: modprobe-d + readOnly: true + - mountPath: /host/boot + name: boot-vol + readOnly: true + - mountPath: /host/lib/modules + name: modules-vol + readOnly: true + - mountPath: /host/usr + name: usr-vol + readOnly: true + {{- end }} + containers: + - name: {{ .Chart.Name }} + image: {{ template "sysdig.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + resources: +{{ toYaml .Values.resources | indent 12 }} + securityContext: + capabilities: + drop: + - ALL + privileged: true + runAsNonRoot: false + runAsUser: 0 + readOnlyRootFilesystem: false + allowPrivilegeEscalation: true + env: + {{- if .Values.ebpf.enabled }} + - name: SYSDIG_BPF_PROBE + value: + {{- end }} + {{- if .Values.proxy.httpProxy }} + - name: http_proxy + value: {{ .Values.proxy.httpProxy }} + {{- end }} + {{- if .Values.proxy.httpsProxy }} + - name: https_proxy + value: {{ .Values.proxy.httpsProxy }} + {{- end }} + {{- if .Values.proxy.noProxy }} + - name: no_proxy + value: {{ .Values.proxy.noProxy }} + {{- end }} + {{- if .Values.timezone }} + - name: TZ + value: {{ .Values.timezone }} + {{- end }} + {{- range $key, $value := .Values.daemonset.env }} + - name: "{{ $key }}" + value: "{{ $value }}" + {{- end }} + readinessProbe: + exec: + command: [ "test", "-e", "/opt/draios/logs/running" ] + initialDelaySeconds: 10 + livenessProbe: + exec: + command: [ "test", "-e", "/opt/draios/logs/running" ] + initialDelaySeconds: 10 + volumeMounts: + {{- if not .Values.slim.enabled }} + - mountPath: /etc/modprobe.d + name: modprobe-d + readOnly: true + {{- end }} + - mountPath: /host/dev + name: dev-vol + readOnly: false + - mountPath: /host/proc + name: proc-vol + readOnly: true + {{- if not .Values.slim.enabled }} + - mountPath: /host/boot + name: boot-vol + readOnly: true + - mountPath: /host/lib/modules + name: modules-vol + readOnly: true + - mountPath: /host/usr + name: usr-vol + readOnly: true + {{- end }} + - mountPath: /host/run + name: run-vol + - mountPath: /host/var/run + name: varrun-vol + - mountPath: /dev/shm + name: dshm + - mountPath: /opt/draios/etc/kubernetes/config + name: sysdig-agent-config + - mountPath: /opt/draios/etc/kubernetes/secrets + name: sysdig-agent-secrets + {{- if (and .Values.ebpf.enabled .Values.ebpf.settings.mountEtcVolume) }} + - mountPath: /host/etc + name: etc-fs + readOnly: true + {{- end }} + {{- if .Values.customAppChecks }} + - mountPath: /opt/draios/lib/python/checks.custom.d + name: custom-app-checks-volume + {{- end }} + - mountPath: /host/etc/os-release + name: osrel + readOnly: true + {{- if .Values.extraVolumes.mounts }} +{{ toYaml .Values.extraVolumes.mounts | indent 12 }} + {{- end }} + volumes: + - name: modprobe-d + hostPath: + path: /etc/modprobe.d + - name: osrel + hostPath: + path: /etc/os-release + type: FileOrCreate + - name: dshm + emptyDir: + medium: Memory + - name: dev-vol + hostPath: + path: /dev + - name: proc-vol + hostPath: + path: /proc + - name: boot-vol + hostPath: + path: /boot + - name: modules-vol + hostPath: + path: /lib/modules + - name: usr-vol + hostPath: + path: /usr + - name: run-vol + hostPath: + path: /run + - name: varrun-vol + hostPath: + path: /var/run + {{- if (and .Values.ebpf.enabled .Values.ebpf.settings.mountEtcVolume) }} + - name: etc-fs + hostPath: + path: /etc + {{- end }} + - name: sysdig-agent-config + configMap: + name: {{ template "sysdig.fullname" . }} + optional: true + - name: sysdig-agent-secrets + secret: + secretName: {{ template "sysdig.fullname" . }} + {{- if .Values.customAppChecks }} + - name: custom-app-checks-volume + configMap: + name: {{ template "sysdig.fullname" . }}-custom-app-checks + {{- end }} + {{- if .Values.extraVolumes.volumes }} +{{ toYaml .Values.extraVolumes.volumes | indent 8 }} + {{- end }} + updateStrategy: +{{ toYaml .Values.daemonset.updateStrategy | indent 4 }} +{{- end }} diff --git a/charts/sysdig/sysdig/1.9.200/templates/secrets.yaml b/charts/sysdig/sysdig/1.9.200/templates/secrets.yaml new file mode 100644 index 000000000..7e458160f --- /dev/null +++ b/charts/sysdig/sysdig/1.9.200/templates/secrets.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "sysdig.fullname" . }} + labels: +{{ include "sysdig.labels" . | indent 4 }} +type: Opaque +data: + access-key : {{ required "A valid .Values.sysdig.accessKey is required" .Values.sysdig.accessKey | b64enc | quote }} diff --git a/charts/sysdig/sysdig/1.9.200/templates/securitycontextconstraint.yaml b/charts/sysdig/sysdig/1.9.200/templates/securitycontextconstraint.yaml new file mode 100644 index 000000000..e604859b2 --- /dev/null +++ b/charts/sysdig/sysdig/1.9.200/templates/securitycontextconstraint.yaml @@ -0,0 +1,42 @@ +{{- if and .Values.scc.create (.Capabilities.APIVersions.Has "security.openshift.io/v1") }} +apiVersion: security.openshift.io/v1 +kind: SecurityContextConstraints +metadata: + annotations: + kubernetes.io/description: | + This provides the minimum requirements to the Sysdig agent to run in the Openshift. + name: {{ template "sysdig.fullname" . }} + labels: +{{ include "sysdig.labels" . | indent 4 }} +allowHostDirVolumePlugin: true +allowHostIPC: false +allowHostNetwork: true +allowHostPID: true +allowHostPorts: false +allowPrivilegeEscalation: true +allowPrivilegedContainer: true +allowedCapabilities: [] +allowedUnsafeSysctls: [] +defaultAddCapabilities: [] +fsGroup: + type: RunAsAny +groups: [] +priority: 0 +readOnlyRootFilesystem: false +requiredDropCapabilities: [] +runAsUser: + type: RunAsAny +seLinuxContext: + type: RunAsAny +seccompProfiles: +- '*' +supplementalGroups: + type: RunAsAny +users: +- system:serviceaccount:{{ .Release.Namespace }}:{{ template "sysdig.serviceAccountName" .}} +volumes: +- hostPath +- emptyDir +- secret +- configMap +{{- end }} diff --git a/charts/sysdig/sysdig/1.9.200/templates/service.yaml b/charts/sysdig/sysdig/1.9.200/templates/service.yaml new file mode 100644 index 000000000..ba94d6894 --- /dev/null +++ b/charts/sysdig/sysdig/1.9.200/templates/service.yaml @@ -0,0 +1,15 @@ +{{- if .Values.auditLog.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "sysdig.fullname" . }} + labels: +{{ include "sysdig.labels" . | indent 4 }} +spec: + selector: + app.kubernetes.io/name: {{ include "sysdig.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + ports: + - protocol: TCP + port: {{ .Values.auditLog.auditServerPort }} +{{- end }} diff --git a/charts/sysdig/sysdig/1.9.200/templates/serviceaccount.yaml b/charts/sysdig/sysdig/1.9.200/templates/serviceaccount.yaml new file mode 100644 index 000000000..141affa38 --- /dev/null +++ b/charts/sysdig/sysdig/1.9.200/templates/serviceaccount.yaml @@ -0,0 +1,8 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "sysdig.serviceAccountName" .}} + labels: +{{ include "sysdig.labels" . | indent 4 }} +{{- end }} diff --git a/charts/sysdig/sysdig/1.9.200/values.yaml b/charts/sysdig/sysdig/1.9.200/values.yaml new file mode 100644 index 000000000..fb1e29cbb --- /dev/null +++ b/charts/sysdig/sysdig/1.9.200/values.yaml @@ -0,0 +1,220 @@ +# Default values for Sysdig Monitor and Secure Helm package. + +image: + # This is a hack to support RELATED_IMAGE_ feature in Helm based + # Operators + # + # As long as I don't want to people to use this, I will keep it undocumented + overrideValue: + + registry: docker.io + repository: sysdig/agent + tag: 10.3.0 + # Specify a imagePullPolicy + # Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + # ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + pullPolicy: IfNotPresent + # Optionally specify an array of imagePullSecrets. + # Secrets must be manually created in the namespace. + # ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + # + # pullSecrets: + # - name: myRegistrKeySecretName + +resources: + # Although resources needed are subjective on the actual workload we provide + # a sane defaults ones. If you have more questions or concerns, please refer + # to Sysdig Support for more info about it + requests: + cpu: 600m + memory: 512Mi + limits: + cpu: 2000m + memory: 1536Mi + +rbac: + # true here enables creation of rbac resources + create: true + +scc: + # true here enabled creation of Security Context Constraints in Openshift + create: true + +serviceAccount: + # Create and use serviceAccount resources + create: true + # Use this value as serviceAccountName + name: + +daemonset: + # Perform rolling updates by default in the DaemonSet agent + # ref: https://kubernetes.io/docs/tasks/manage-daemon/update-daemon-set/ + updateStrategy: + # You can also customize maxUnavailable, maxSurge or minReadySeconds if you + # need it + type: RollingUpdate + ## Extra environment variables that will be pass onto deployment pods + env: {} + # Allow the DaemonSet to schedule using affinity rules + # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/arch + operator: In + values: + - amd64 + - key: kubernetes.io/os + operator: In + values: + - linux + - matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + - key: beta.kubernetes.io/os + operator: In + values: + - linux + # Allow the DaemonSet to set annotations + annotations: {} + +# If is behind a proxy you can set the proxy server +proxy: + httpProxy: + httpsProxy: + noProxy: + +# Set daemonset timezone +timezone: + +# Set daemonset priorityClassName +priorityClassName: + +ebpf: + # Enable eBPF support for Sysdig Agent + enabled: false + + settings: + # Needed to correctly detect the kernel version for the eBPF program + # Set to false if not running on Google COS + mountEtcVolume: true + +slim: + # Uses a slim version of the Sysdig Agent + enabled: false + # When using slim the kernel module is built in other container, which + # contains the toolchain required to build the kernel module. + kmoduleImage: + repository: sysdig/agent-kmodule + + resources: + # Resources required by the kernel module builder image. These are some + # a sane defaults ones, but you can tweak or ask Sysdig Support for more + # info about this + requests: + cpu: 1000m + memory: 348Mi + limits: + memory: 512Mi + +# For Sysdig On-Prem installations or for custom collector settings, set the following fields +collectorSettings: + collectorHost: + collectorPort: + ssl: + sslVerifyCertificate: + +# Setting a cluster name allows you to filter events from this cluster using kubernetes.cluster.name +clusterName: "" + +sysdig: + # Required: You need your Sysdig Agent access key before running agents. + accessKey: "" + + # Disable capture functionality (see https://docs.sysdig.com/en/disable-captures.html) + disableCaptures: false + + # Advanced settings. Any option in here will be directly translated into dragent.yaml in the Configmap + settings: {} + ### Agent tags + # tags: linux:ubuntu,dept:dev,local:nyc + +secure: + # true here enables Sysdig Secure: container run-time security & forensics + enabled: true + +auditLog: + # true here activates the K8s Audit Log feature for Sysdig Secure + enabled: false + auditServerUrl: 0.0.0.0 + auditServerPort: 7765 + + dynamicBackend: + # true here configures an AuditSink who will receive the K8s audit logs + enabled: false + +nodeImageAnalyzer: + deploy: false + image: + repository: sysdig/node-image-analyzer + tag: 0.1.0 + pullPolicy: IfNotPresent + # pullSecrets: + # - name: myRegistrKeySecretName + resources: + requests: + cpu: 250m + memory: 512Mi + limits: + cpu: 500m + memory: 1024Mi + + # Additional advanced settings + settings: {} + +customAppChecks: {} + # Allow passing custom app checks for Sysdig Agent. + # Example: + # + # sample.py: |- + # from checks import AgentCheck + # + # class MyCustomCheck(AgentCheck): + # def check(self, instance): + # self.gauge("testhelm", 1) + +# Promscrape prometheus.yaml not configured by default +prometheus: + file: false + yaml: {} + +extraVolumes: + volumes: [] + mounts: [] + # Allow passing extra volumes to the agent to mount secrets or certificates + # to authenticate in different services. + # Any kind of volume can be passed. Example: + # + # extraVolumes: + # volumes: + # - name: sysdig-new-cm + # configMap: + # name: my-cm + # optional: true + # - name: sysdig-new-secret + # secret: + # secretName: my-secret + # mounts: + # - mountPath: /opt/draios/cm + # name: sysdig-new-cm + # - mountPath: /opt/draios/secret + # name: sysdig-new-secret + +# Allow sysdig to run on Kubernetes 1.6 masters. +tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/.helmignore b/charts/universal-crossplane/universal-crossplane/1.2.200100/.helmignore new file mode 100644 index 000000000..f0c131944 --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.2.200100/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/Chart.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100/Chart.yaml new file mode 100644 index 000000000..d7090fa7d --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.2.200100/Chart.yaml @@ -0,0 +1,42 @@ +annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Upbound Universal Crossplane + catalog.cattle.io/release-name: universal-crossplane +apiVersion: v1 +appVersion: 1.2.2001 +description: 'Upbound Universal Crossplane (UXP) is Upbound''s official enterprise-grade + distribution of Crossplane. It''s fully compatible with upstream Crossplane, open + source, capable of connecting to Upbound Cloud for real-time dashboard visibility, + and maintained by Upbound. It''s the easiest way for both individual community members + and enterprises to build their production control planes. ' +home: https://upbound.io +icon: https://raw.githubusercontent.com/upbound/universal-crossplane/66ce9eb2c5a0c3af8ed7d19551a2c4d743b933b9/docs/media/logo.png +keywords: +- cloud +- infrastructure +- services +- application +- database +- cache +- bucket +- infra +- app +- ops +- oam +- gcp +- azure +- aws +- alibaba +- cloudsql +- rds +- s3 +- azuredatabase +- asparadb +- gke +- aks +- eks +maintainers: +- email: info@upbound.io + name: Upbound Inc. +name: universal-crossplane +version: 1.2.200100 diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/app-readme.md b/charts/universal-crossplane/universal-crossplane/1.2.200100/app-readme.md new file mode 100644 index 000000000..c6d8ecfe0 --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.2.200100/app-readme.md @@ -0,0 +1,36 @@ +# Upbound Universal Crossplane (UXP) + +Upbound Universal Crossplane (UXP) is [Upbound's](https://upbound.io) official enterprise-grade distribution of [Crossplane](https://crossplane.io). It's fully compatible with upstream Crossplane, [open source](https://github.com/upbound/universal-crossplane), capable of connecting to [Upbound Cloud](https://cloud.upbound.io) for real-time dashboard visibility, and maintained by Upbound. It's the easiest way for both individual community members and enterprises to build their production control planes. + +## Connecting to Upbound Cloud + +You can optionally connect your Universal Crossplane instance to Upbound Cloud. +Follow the steps below to connect your Universal Crossplane cluster to your Upbound Cloud Console. + +1. Install Upbound CLI + + You will need to make sure you have the Upbound CLI installed before you continue. If you need more information on how to install the Upbound CLI, you can read the [Installing Upbound CLI Documentation](https://cloud.upbound.io/docs/cli). + + ``` + curl -sL https://cli.upbound.io | sh + ``` + +2. Log in to Upbound Cloud + + ``` + up cloud login --profile=rancher --account=$UPBOUND_ACCOUNT + ``` + + Or, to log in using an Upbound [API token](https://cloud.upbound.io/account/settings/tokens): + + ``` + up cloud login --profile=rancher --account=$UPBOUND_ACCOUNT --token=$API_TOKEN + ``` + +3. Create a Self-Hosted Control Plane + + ``` + up cloud controlplane attach $CONTROL_PLANE_NAME --profile=rancher + ``` + +4. Provide the token obtained in the previous step as `upbound.controlPlane.token` under `Upbound Cloud` section \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/questions.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100/questions.yaml new file mode 100644 index 000000000..c5cb628bf --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.2.200100/questions.yaml @@ -0,0 +1,184 @@ +questions: +# Upbound Cloud configuration +- variable: upbound.controlPlane.token + label: upbound.controlPlane.token + required: false + type: password + description: Token used to connect Upbound Cloud + group: "Upbound Cloud" +- variable: upbound.controlPlane.permission + label: upbound.controlPlane.permission + required: false + type: enum + default: "edit" + options: + - "edit" + - "view" + description: Cluster permissions for Upbound Cloud + group: "Upbound Cloud" +# Basic Crossplane configuration +- variable: replicas + label: replicas + description: Number of replicas to run for Crossplane pods + type: int + default: 1 + required: true + group: "Crossplane" +# Advanced Crossplane configuration +- variable: advancedCrossplaneConfiguration + description: View advanced configuration settings + label: View advanced configuration + type: boolean + default: false + show_subquestion_if: true + group: "Crossplane" + subquestions: + - variable: leaderElection + label: leaderElection + description: "Enable leader election for Crossplane Managers pod" + type: boolean + default: true + required: false + group: "Crossplane" + - variable: deploymentStrategy + label: deploymentStrategy + description: "The deployment strategy for the Crossplane and RBAC Manager (if enabled) pods" + type: enum + default: "RollingUpdate" + options: + - "RollingUpdate" + - "Recreate" + required: true + group: "Crossplane" + - variable: priorityClassName + label: priorityClassName + description: "Priority class name for Crossplane and RBAC Manager (if enabled) pods" + type: string + required: false + group: "Crossplane" + - variable: metrics.enabled + label: metrics.enabled + description: "Expose Crossplane and RBAC Manager metrics endpoint" + type: boolean + required: false + group: "Crossplane" +# Basic Crossplane RBAC Manager configuration +- variable: rbacManager.deploy + label: rbacManager.deploy + description: "Deploy RBAC Manager" + type: boolean + default: true + required: true + group: "Crossplane RBAC Manager" +- variable: rbacManager.replicas + label: rbacManager.replicas + description: "The number of replicas to run for the RBAC Manager pods" + type: int + default: 1 + required: true + group: "Crossplane RBAC Manager" +# Advanced Crossplane RBAC Manager configuration +- variable: advancedRBACManagerConfiguration + description: View advanced configuration settings + label: View advanced configuration + type: boolean + default: false + show_subquestion_if: true + group: "Crossplane RBAC Manager" + subquestions: + - variable: rbacManager.leaderElection + label: rbacManager.leaderElection + description: "Enable leader election for RBAC Managers pod" + type: boolean + default: true + group: "Crossplane RBAC Manager" + - variable: rbacManager.managementPolicy + label: rbacManager.managementPolicy + description: RBAC manager permissions. 'All' enables management for every Crossplane controller and user role. 'Basic' enables management just for Crossplane controller roles and the crossplane-admin, crossplane-edit, and crossplane-view user roles. + type: enum + default: "Basic" + options: + - "Basic" + - "All" + required: true + group: "Crossplane RBAC Manager" + - variable: rbacManager.skipAggregatedClusterRoles + label: rbacManager.skipAggregatedClusterRoles + description: "Opt out of deploying aggregated ClusterRoles" + type: boolean + default: true + group: "Crossplane RBAC Manager" +# Basic Package configuration +- variable: provider.packages + label: provider.packages + description: List of Provider packages to install with Crossplane. Select 'Edit as YAML' for the best editing experience. + type: string + required: false + group: "Packages" +- variable: configuration.packages + label: configuration.packages + description: List of Configuration packages to install with Crossplane. Select 'Edit as YAML' for the best editing experience. + type: string + required: false + group: "Packages" +# Advanced Package configuration +- variable: advancedPackageConfiguration + description: View advanced configuration settings + label: View advanced configuration + type: boolean + default: false + show_subquestion_if: true + group: "Packages" + subquestions: + - variable: packageCache.sizeLimit + label: packageCache.sizeLimit + description: "Size limit for package cache. If medium is Memory then maximum usage would be the minimum of this value the sum of all memory limits on containers in the Crossplane pod" + type: string + default: "5Mi" + group: "Packages" + - variable: packageCache.medium + label: packageCache.medium + description: "Storage medium for package cache. Memory means volume will be backed by tmpfs, which can be useful for development" + type: string + group: "Packages" + - variable: packageCache.pvc + label: packageCache.pvc + description: "Name of the PersistentVolumeClaim to be used as the package cache. Providing a value will cause the default emptyDir volume to not be mounted" + type: string + group: "Packages" +# Basic XGQL configuration +- variable: xgql.config.debugMode + label: xgql.config.debugMode + description: "Enable debug mode for XGQL" + type: boolean + default: false + group: "XGQL" +# Advanced Crossplane configuration +- variable: advancedXGQLConfiguration + description: View advanced configuration settings + label: View advanced configuration + type: boolean + default: false + show_subquestion_if: true + group: "XGQL" + subquestions: + - variable: xgql.metrics.enabled + label: xgql.metrics.enabled + description: "Expose XGQL metrics endpoint" + type: boolean + required: false + group: "XGQL" +# Basic Agent configuration +- variable: agent.config.debugMode + label: agent.config.debugMode + description: "Enable debug mode for Upbound Agent" + type: boolean + default: false + group: "Upbound Agent" +# Basic Bootstrapper configuration +- variable: bootstrapper.config.debugMode + label: bootstrapper.config.debugMode + description: "Enable debug mode for Bootstrapper" + type: boolean + default: false + group: "Bootstrapper" \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/NOTES.txt b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/NOTES.txt new file mode 100644 index 000000000..33260c04f --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/NOTES.txt @@ -0,0 +1,15 @@ +By proceeding, you are accepting to comply with terms and conditions in https://licenses.upbound.io/upbound-software-license.html + +✨ Thank you for installing Universal Crossplane! +{{- if or (eq .Values.upbound.controlPlane.permission "view") (eq .Values.upbound.controlPlane.permission "edit") }} +🚀 You can now connect your cluster to Upbound Cloud! + +Example command: +{{ if eq .Values.upbound.controlPlane.permission "edit" }} +$ up cloud controlplane attach | \ +up uxp connect --token-secret-name {{ .Values.upbound.controlPlane.tokenSecretName }} --namespace {{ .Release.Namespace }} - +{{- else if eq .Values.upbound.controlPlane.permission "view" }} +$ up cloud controlplane attach --view-only | \ +up uxp connect --token-secret-name {{ .Values.upbound.controlPlane.tokenSecretName }} --namespace {{ .Release.Namespace }} - +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/_helpers.tpl b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/_helpers.tpl new file mode 100644 index 000000000..7ba5d8058 --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/_helpers.tpl @@ -0,0 +1,21 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Common labels +*/}} +{{- define "labels" -}} +helm.sh/chart: {{ include "chart" . }} +{{ include "selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "selectorLabels" -}} +app.kubernetes.io/name: {{ include "name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/_helpers.tpl b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/_helpers.tpl new file mode 100644 index 000000000..bdca1ae09 --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/_helpers.tpl @@ -0,0 +1,21 @@ +{{/* vim: set filetype=mustache: */}} + +{{- define "bootstrapper-name" -}} +{{- "upbound-bootstrapper" -}} +{{- end -}} + +{{/* +Labels - bootstrapper +*/}} +{{- define "labelsBootstrapper" -}} +{{ include "labels" . }} +app.kubernetes.io/component: bootstrapper +{{- end }} + +{{/* +Selector labels - bootstrapper +*/}} +{{- define "selectorLabelsBootstrapper" -}} +{{ include "selectorLabels" . }} +app.kubernetes.io/component: bootstrapper +{{- end }} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/clusterrole.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/clusterrole.yaml new file mode 100644 index 000000000..162abdd7a --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/clusterrole.yaml @@ -0,0 +1,26 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "bootstrapper-name" . }} + labels: + {{- include "labelsBootstrapper" . | nindent 4 }} +rules: + # Bootstrapper needs to identify the cluster uniquely and it does that by using + # UID of kube-system namespace. + - apiGroups: + - "" + resources: + - namespaces + resourceNames: + - "kube-system" + verbs: + - "get" + # Controller-runtime requires watch and list permissions to build its resource + # cache of the kind that any client query is made for. + - apiGroups: + - "" + resources: + - namespaces + verbs: + - "list" + - "watch" diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/clusterrolebinding.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/clusterrolebinding.yaml new file mode 100644 index 000000000..33fd634cd --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/clusterrolebinding.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "bootstrapper-name" . }} + labels: + {{- include "labelsBootstrapper" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "bootstrapper-name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "bootstrapper-name" . }} + namespace: {{ .Release.Namespace }} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/deployment.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/deployment.yaml new file mode 100644 index 000000000..14dd4335e --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/deployment.yaml @@ -0,0 +1,53 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "bootstrapper-name" . }} + labels: + {{- include "labelsBootstrapper" . | nindent 4 }} +spec: + replicas: 1 + selector: + matchLabels: + {{- include "selectorLabelsBootstrapper" . | nindent 6 }} + template: + metadata: + labels: + {{- include "selectorLabelsBootstrapper" . | nindent 8 }} + spec: + serviceAccountName: {{ template "bootstrapper-name" . }} + {{- if .Values.billing.awsMarketplace.enabled }} + securityContext: + # Providing this is not required for 1.19 or later clusters. + # See https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts-technical-overview.html + fsGroup: 1337 + {{- end }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: + {{- range $index, $secret := .Values.imagePullSecrets }} + - name: {{ $secret }} + {{- end }} + {{ end }} + containers: + - name: bootstrapper + image: "{{ .Values.bootstrapper.image.repository }}:{{ .Values.bootstrapper.image.tag }}" + args: + - start + - --namespace + - {{ .Release.Namespace }} + - --upbound-api-url + - {{ .Values.upbound.apiURL }} + - --controller + - tls-secrets + {{- if .Values.billing.awsMarketplace.enabled }} + - --controller + - aws-marketplace + {{- end }} + {{- if .Values.bootstrapper.config.debugMode }} + - "--debug" + {{- end }} + {{- range $arg := .Values.bootstrapper.config.args }} + - {{ $arg }} + {{- end }} + imagePullPolicy: {{ .Values.bootstrapper.image.pullPolicy }} + resources: + {{- toYaml .Values.bootstrapper.resources | nindent 12 }} diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/role.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/role.yaml new file mode 100644 index 000000000..e14c58f58 --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/role.yaml @@ -0,0 +1,24 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "bootstrapper-name" . }} + labels: + {{- include "labelsBootstrapper" . | nindent 4 }} +rules: + - apiGroups: [""] + resources: ["events"] + verbs: ["create", "update", "patch", "delete"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["watch", "list"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "update", "patch"] + resourceNames: + - uxp-ca + - upbound-agent-public-certs + - upbound-agent-tls + - xgql-tls + {{- if .Values.billing.awsMarketplace.enabled }} + - upbound-entitlement + {{- end}} diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/rolebinding.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/rolebinding.yaml new file mode 100644 index 000000000..aa41bb33a --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/rolebinding.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "bootstrapper-name" . }} + labels: + {{- include "labelsBootstrapper" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "bootstrapper-name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "bootstrapper-name" . }} + namespace: {{ .Release.Namespace }} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/secret-entitlement.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/secret-entitlement.yaml new file mode 100644 index 000000000..7e311b629 --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/secret-entitlement.yaml @@ -0,0 +1,9 @@ +{{- if .Values.billing.awsMarketplace.enabled }} +apiVersion: v1 +kind: Secret +metadata: + name: upbound-entitlement + labels: + {{- include "labelsBootstrapper" . | nindent 4 }} +type: Opaque +{{- end }} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/serviceaccount.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/serviceaccount.yaml new file mode 100644 index 000000000..1768272a3 --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/serviceaccount.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "bootstrapper-name" . }} + {{- if and .Values.billing.awsMarketplace.enabled .Values.billing.awsMarketplace.iamRoleARN }} + annotations: + eks.amazonaws.com/role-arn: {{ .Values.billing.awsMarketplace.iamRoleARN | quote }} + {{- end }} + labels: + {{- include "labelsBootstrapper" . | nindent 4 }} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/uxp-ca-tls-secret.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/uxp-ca-tls-secret.yaml new file mode 100644 index 000000000..07163971e --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/uxp-ca-tls-secret.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Secret +metadata: + name: uxp-ca + labels: + {{- include "labels" . | nindent 4 }} +type: Opaque diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/versions-configmap.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/versions-configmap.yaml new file mode 100644 index 000000000..1eacb8d16 --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/bootstrapper/versions-configmap.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: universal-crossplane-config + labels: + {{- include "labelsBootstrapper" . | nindent 4 }} +data: + crossplaneVersion: {{ (trimPrefix "v" .Values.image.tag) }} + xgqlVersion: {{ (trimPrefix "v" .Values.xgql.image.tag) }} + agentVersion: {{ (trimPrefix "v" .Values.agent.image.tag) }} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/NOTES.txt b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/NOTES.txt new file mode 100644 index 000000000..f1c8a0c63 --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/NOTES.txt @@ -0,0 +1,8 @@ +Release: {{.Release.Name}} + +Chart Name: {{.Chart.Name}} +Chart Description: {{.Chart.Description}} +Chart Version: {{.Chart.Version}} +Chart Application Version: {{.Chart.AppVersion}} + +Kube Version: {{.Capabilities.KubeVersion}} diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/_helpers.tpl b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/_helpers.tpl new file mode 100644 index 000000000..921e9df26 --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/clusterrole.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/clusterrole.yaml new file mode 100644 index 000000000..8a6b573cc --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/clusterrole.yaml @@ -0,0 +1,93 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "name" . }} + labels: + app: {{ template "name" . }} + chart: {{ template "chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.crossplane.io/aggregate-to-crossplane: "true" +rules: [] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "name" . }}:system:aggregate-to-crossplane + labels: + app: {{ template "name" . }} + chart: {{ template "chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + crossplane.io/scope: "system" + rbac.crossplane.io/aggregate-to-crossplane: "true" +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create + - update + - patch + - delete +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - "*" +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - create + - update + - patch +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - "*" +- apiGroups: + - apiextensions.crossplane.io + - pkg.crossplane.io + resources: + - "*" + verbs: + - "*" +- apiGroups: + - extensions + - apps + resources: + - deployments + verbs: + - get + - list + - create + - update + - patch + - delete + - watch +- apiGroups: + - "" + - coordination.k8s.io + resources: + - configmaps + - leases + verbs: + - get + - list + - create + - update + - patch + - watch + - delete diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/clusterrolebinding.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/clusterrolebinding.yaml new file mode 100644 index 000000000..d0fb877c2 --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/clusterrolebinding.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "name" . }} + labels: + app: {{ template "name" . }} + chart: {{ template "chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "name" . }} +subjects: +- kind: ServiceAccount + name: {{ template "name" . }} + namespace: {{ .Release.Namespace }} diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/deployment.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/deployment.yaml new file mode 100644 index 000000000..b51ab99ad --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/deployment.yaml @@ -0,0 +1,104 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "name" . }} + labels: + app: {{ template "name" . }} + chart: {{ template "chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicas }} + selector: + matchLabels: + app: {{ template "name" . }} + release: {{ .Release.Name }} + strategy: + type: {{ .Values.deploymentStrategy }} + template: + metadata: + {{- if .Values.metrics.enabled }} + annotations: + prometheus.io/path: /metrics + prometheus.io/port: "8080" + prometheus.io/scrape: "true" + {{- end }} + labels: + app: {{ template "name" . }} + release: {{ .Release.Name }} + spec: + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName | quote }} + {{- end }} + serviceAccountName: {{ template "name" . }} + initContainers: + - image: {{ .Values.image.repository }}:{{ .Values.image.tag }} + args: + - core + - init + {{- range $arg := .Values.provider.packages }} + - --provider + - "{{ $arg }}" + {{- end }} + {{- range $arg := .Values.configuration.packages }} + - --configuration + - "{{ $arg }}" + {{- end }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + name: {{ .Chart.Name }}-init + resources: + {{- toYaml .Values.resourcesCrossplane | nindent 12 }} + securityContext: + {{- toYaml .Values.securityContextCrossplane | nindent 12 }} + containers: + - image: {{ .Values.image.repository }}:{{ .Values.image.tag }} + args: + - core + - start + {{- range $arg := .Values.args }} + - {{ $arg }} + {{- end }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + name: {{ .Chart.Name }} + resources: + {{- toYaml .Values.resourcesCrossplane | nindent 12 }} + {{- if .Values.metrics.enabled }} + ports: + - name: metrics + containerPort: 8080 + {{- end }} + securityContext: + {{- toYaml .Values.securityContextCrossplane | nindent 12 }} + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: LEADER_ELECTION + value: "{{ .Values.leaderElection }}" + {{- range $key, $value := .Values.extraEnvVarsCrossplane }} + - name: {{ $key | replace "." "_" }} + value: {{ $value | quote }} + {{- end}} + volumeMounts: + - mountPath: /cache + name: package-cache + volumes: + - name: package-cache + {{- if .Values.packageCache.pvc }} + persistentVolumeClaim: + claimName: {{ .Values.packageCache.pvc }} + {{- else }} + emptyDir: + medium: {{ .Values.packageCache.medium }} + sizeLimit: {{ .Values.packageCache.sizeLimit }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: {{ toYaml .Values.tolerations | nindent 8 }} + {{- end }} + {{- if .Values.affinity }} + affinity: {{ toYaml .Values.affinity | nindent 8 }} + {{- end }} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/rbac-manager-allowed-provider-permissions.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/rbac-manager-allowed-provider-permissions.yaml new file mode 100644 index 000000000..3b6ce2270 --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/rbac-manager-allowed-provider-permissions.yaml @@ -0,0 +1,16 @@ +{{- if .Values.rbacManager.deploy }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "name" . }}:allowed-provider-permissions + labels: + app: {{ template "name" . }} + chart: {{ template "chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.crossplane.io/aggregate-to-allowed-provider-permissions: "true" +{{- end}} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/rbac-manager-clusterrole.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/rbac-manager-clusterrole.yaml new file mode 100644 index 000000000..de8478697 --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/rbac-manager-clusterrole.yaml @@ -0,0 +1,94 @@ +{{- if .Values.rbacManager.deploy }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "name" . }}-rbac-manager + labels: + app: {{ template "name" . }} + chart: {{ template "chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - namespaces + - serviceaccounts + verbs: + - get + - list + - watch +- apiGroups: + - apiextensions.crossplane.io + resources: + - compositeresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - pkg.crossplane.io + resources: + - providerrevisions + verbs: + - get + - list + - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + - roles + verbs: + - get + - list + - watch + - create + - update + - patch + # The RBAC manager may grant access it does not have. + - escalate +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + verbs: + - bind +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + verbs: + - "*" +- apiGroups: + - "" + - coordination.k8s.io + resources: + - configmaps + - leases + verbs: + - get + - list + - create + - update + - patch + - watch + - delete +{{- end}} diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/rbac-manager-clusterrolebinding.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/rbac-manager-clusterrolebinding.yaml new file mode 100644 index 000000000..bda467f24 --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/rbac-manager-clusterrolebinding.yaml @@ -0,0 +1,19 @@ +{{- if .Values.rbacManager.deploy }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "name" . }}-rbac-manager + labels: + app: {{ template "name" . }} + chart: {{ template "chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "name" . }}-rbac-manager +subjects: +- kind: ServiceAccount + name: rbac-manager + namespace: {{ .Release.Namespace }} +{{- end}} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/rbac-manager-deployment.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/rbac-manager-deployment.yaml new file mode 100644 index 000000000..110a5285d --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/rbac-manager-deployment.yaml @@ -0,0 +1,85 @@ +{{- if .Values.rbacManager.deploy }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "name" . }}-rbac-manager + labels: + app: {{ template "name" . }}-rbac-manager + chart: {{ template "chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.rbacManager.replicas }} + selector: + matchLabels: + app: {{ template "name" . }}-rbac-manager + release: {{ .Release.Name }} + strategy: + type: {{ .Values.deploymentStrategy }} + template: + metadata: + {{- if .Values.metrics.enabled }} + annotations: + prometheus.io/path: /metrics + prometheus.io/port: "8080" + prometheus.io/scrape: "true" + {{- end }} + labels: + app: {{ template "name" . }}-rbac-manager + release: {{ .Release.Name }} + spec: + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName | quote }} + {{- end }} + serviceAccountName: rbac-manager + initContainers: + - image: {{ .Values.image.repository }}:{{ .Values.image.tag }} + args: + - rbac + - init + imagePullPolicy: {{ .Values.image.pullPolicy }} + name: {{ .Chart.Name }}-init + resources: + {{- toYaml .Values.resourcesRBACManager | nindent 12 }} + securityContext: + {{- toYaml .Values.securityContextRBACManager | nindent 12 }} + containers: + - image: {{ .Values.image.repository }}:{{ .Values.image.tag }} + args: + - rbac + - start + {{- if .Values.rbacManager.managementPolicy }} + - --manage={{ .Values.rbacManager.managementPolicy }} + {{- end }} + {{- range $arg := .Values.rbacManager.args }} + - {{ $arg }} + {{- end }} + - --provider-clusterrole={{ template "name" .}}:allowed-provider-permissions + imagePullPolicy: {{ .Values.image.pullPolicy }} + name: {{ .Chart.Name }} + resources: + {{- toYaml .Values.resourcesRBACManager | nindent 12 }} + {{- if .Values.metrics.enabled }} + ports: + - name: metrics + containerPort: 8080 + {{- end }} + securityContext: + {{- toYaml .Values.securityContextRBACManager | nindent 12 }} + env: + - name: LEADER_ELECTION + value: "{{ .Values.rbacManager.leaderElection }}" + {{- range $key, $value := .Values.extraEnvVarsRBACManager }} + - name: {{ $key | replace "." "_" }} + value: {{ $value | quote }} + {{- end}} + {{- if .Values.rbacManager.nodeSelector }} + nodeSelector: {{ toYaml .Values.rbacManager.nodeSelector | nindent 8 }} + {{- end }} + {{- if .Values.rbacManager.tolerations }} + tolerations: {{ toYaml .Values.rbacManager.tolerations | nindent 8 }} + {{- end }} + {{- if .Values.rbacManager.affinity }} + affinity: {{ toYaml .Values.rbacManager.affinity | nindent 8 }} + {{- end }} +{{- end}} diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/rbac-manager-managed-clusterroles.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/rbac-manager-managed-clusterroles.yaml new file mode 100644 index 000000000..3d41fb9b5 --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/rbac-manager-managed-clusterroles.yaml @@ -0,0 +1,279 @@ +{{- if .Values.rbacManager.deploy }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "name" . }}-admin +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "name" . }}-admin +subjects: +- apiGroup: rbac.authorization.k8s.io + kind: Group + name: {{ template "name" . }}:masters +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "name" . }}-admin + labels: + app: {{ template "name" . }} + chart: {{ template "chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.crossplane.io/aggregate-to-admin: "true" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "name" . }}-edit + labels: + app: {{ template "name" . }} + chart: {{ template "chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.crossplane.io/aggregate-to-edit: "true" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "name" . }}-view + labels: + app: {{ template "name" . }} + chart: {{ template "chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.crossplane.io/aggregate-to-view: "true" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "name" . }}-browse + labels: + app: {{ template "name" . }} + chart: {{ template "chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.crossplane.io/aggregate-to-browse: "true" +{{- if not .Values.rbacManager.skipAggregatedClusterRoles }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "name" . }}:aggregate-to-admin + labels: + rbac.crossplane.io/aggregate-to-admin: "true" + app: {{ template "name" . }} + chart: {{ template "chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +rules: +# Crossplane administrators have access to view events. +- apiGroups: [""] + resources: [events] + verbs: [get, list, watch] +# Crossplane administrators must create provider credential secrets, and may +# need to read or otherwise interact with connection secrets. They may also need +# to create or annotate namespaces. +- apiGroups: [""] + resources: [secrets, namespaces] + verbs: ["*"] +# Crossplane administrators have access to view the roles that they may be able +# to grant to other subjects. +- apiGroups: [rbac.authorization.k8s.io] + resources: [clusterroles, roles] + verbs: [get, list, watch] +# Crossplane administrators have access to grant the access they have to other +# subjects. +- apiGroups: [rbac.authorization.k8s.io] + resources: [clusterrolebindings, rolebindings] + verbs: ["*"] +# Crossplane administrators have full access to built in Crossplane types. +- apiGroups: + - apiextensions.crossplane.io + resources: ["*"] + verbs: ["*"] +- apiGroups: + - pkg.crossplane.io + resources: [providers, configurations, providerrevisions, configurationrevisions] + verbs: ["*"] +# Crossplane administrators have access to view CRDs in order to debug XRDs. +- apiGroups: [apiextensions.k8s.io] + resources: [customresourcedefinitions] + verbs: [get, list, watch] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "name" . }}:aggregate-to-edit + labels: + rbac.crossplane.io/aggregate-to-edit: "true" + app: {{ template "name" . }} + chart: {{ template "chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +rules: +# Crossplane editors have access to view events. +- apiGroups: [""] + resources: [events] + verbs: [get, list, watch] +# Crossplane editors must create provider credential secrets, and may need to +# read or otherwise interact with connection secrets. +- apiGroups: [""] + resources: [secrets] + verbs: ["*"] +# Crossplane editors may see which namespaces exist, but not edit them. +- apiGroups: [""] + resources: [namespaces] + verbs: [get, list, watch] +# Crossplane editors have full access to built in Crossplane types. +- apiGroups: + - apiextensions.crossplane.io + resources: ["*"] + verbs: ["*"] +- apiGroups: + - pkg.crossplane.io + resources: [providers, configurations, providerrevisions, configurationrevisions] + verbs: ["*"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "name" . }}:aggregate-to-view + labels: + rbac.crossplane.io/aggregate-to-view: "true" + app: {{ template "name" . }} + chart: {{ template "chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +rules: +# Crossplane viewers have access to view events. +- apiGroups: [""] + resources: [events] + verbs: [get, list, watch] +# Crossplane viewers may see which namespaces exist. +- apiGroups: [""] + resources: [namespaces] + verbs: [get, list, watch] +# Crossplane viewers have read-only access to built in Crossplane types. +- apiGroups: + - apiextensions.crossplane.io + resources: ["*"] + verbs: [get, list, watch] +- apiGroups: + - pkg.crossplane.io + resources: [providers, configurations, providerrevisions, configurationrevisions] + verbs: [get, list, watch] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "name" . }}:aggregate-to-browse + labels: + rbac.crossplane.io/aggregate-to-browse: "true" + app: {{ template "name" . }} + chart: {{ template "chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +rules: +# Crossplane browsers have access to view events. +- apiGroups: [""] + resources: [events] + verbs: [get, list, watch] +# Crossplane browsers have read-only access to compositions and XRDs. This +# allows them to discover and select an appropriate composition when creating a +# resource claim. +- apiGroups: + - apiextensions.crossplane.io + resources: ["*"] + verbs: [get, list, watch] +{{- if .Values.rbacManager.managementPolicy }} +--- +# The below ClusterRoles are aggregated to the namespaced RBAC roles created by +# the Crossplane RBAC manager when it is running in --manage=All mode. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "name" . }}:aggregate-to-ns-admin + labels: + rbac.crossplane.io/aggregate-to-ns-admin: "true" + rbac.crossplane.io/base-of-ns-admin: "true" + app: {{ template "name" . }} + chart: {{ template "chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +rules: +# Crossplane namespace admins have access to view events. +- apiGroups: [""] + resources: [events] + verbs: [get, list, watch] +# Crossplane namespace admins may need to read or otherwise interact with +# resource claim connection secrets. +- apiGroups: [""] + resources: [secrets] + verbs: ["*"] +# Crossplane namespace admins have access to view the roles that they may be +# able to grant to other subjects. +- apiGroups: [rbac.authorization.k8s.io] + resources: [roles] + verbs: [get, list, watch] +# Crossplane namespace admins have access to grant the access they have to other +# subjects. +- apiGroups: [rbac.authorization.k8s.io] + resources: [rolebindings] + verbs: ["*"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "name" . }}:aggregate-to-ns-edit + labels: + rbac.crossplane.io/aggregate-to-ns-edit: "true" + rbac.crossplane.io/base-of-ns-edit: "true" + app: {{ template "name" . }} + chart: {{ template "chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +rules: +# Crossplane namespace editors have access to view events. +- apiGroups: [""] + resources: [events] + verbs: [get, list, watch] +# Crossplane namespace editors may need to read or otherwise interact with +# resource claim connection secrets. +- apiGroups: [""] + resources: [secrets] + verbs: ["*"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "name" . }}:aggregate-to-ns-view + labels: + rbac.crossplane.io/aggregate-to-ns-view: "true" + rbac.crossplane.io/base-of-ns-view: "true" + app: {{ template "name" . }} + chart: {{ template "chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +rules: +# Crossplane namespace viewers have access to view events. +- apiGroups: [""] + resources: [events] + verbs: [get, list, watch] +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/rbac-manager-serviceaccount.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/rbac-manager-serviceaccount.yaml new file mode 100644 index 000000000..dfefe4050 --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/rbac-manager-serviceaccount.yaml @@ -0,0 +1,11 @@ +{{- if .Values.rbacManager.deploy }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: rbac-manager + labels: + app: {{ template "name" . }} + chart: {{ template "chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- end}} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/serviceaccount.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/serviceaccount.yaml new file mode 100644 index 000000000..d3d47223c --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/crossplane/serviceaccount.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "name" . }} + labels: + app: {{ template "name" . }} + chart: {{ template "chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- if .Values.imagePullSecrets }} +imagePullSecrets: +{{- range $index, $secret := .Values.imagePullSecrets }} +- name: {{ $secret }} +{{- end }} +{{ end }} diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/_helpers.tpl b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/_helpers.tpl new file mode 100644 index 000000000..4db04bfaa --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/_helpers.tpl @@ -0,0 +1,22 @@ +{{/* vim: set filetype=mustache: */}} + +{{- define "agent-name" -}} +{{- "upbound-agent" -}} +{{- end -}} + +{{/* +Labels - agent +*/}} +{{- define "labelsAgent" -}} +{{ include "labels" . }} +app.kubernetes.io/component: agent +{{- end }} + +{{/* +Selector labels - agent +*/}} +{{- define "selectorLabelsAgent" -}} +{{ include "selectorLabels" . }} +app.kubernetes.io/component: agent +{{- end }} + diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/clusterrole.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/clusterrole.yaml new file mode 100644 index 000000000..9dc24441e --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/clusterrole.yaml @@ -0,0 +1,40 @@ +{{- if or (eq .Values.upbound.controlPlane.permission "view") (eq .Values.upbound.controlPlane.permission "edit") }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "agent-name" . }} + labels: + {{- include "labelsAgent" . | nindent 4 }} +rules: + - apiGroups: [""] + resources: ["namespaces"] + resourceNames: ["kube-system"] + verbs: ["get"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "agent-name" . }}-impersonator + labels: + {{- include "labelsAgent" . | nindent 4 }} +rules: + - apiGroups: [""] + resources: ["users"] + verbs: ["impersonate"] + resourceNames: ["upbound-cloud-impersonator"] + - apiGroups: ["authentication.k8s.io"] + resources: ["userextras/upbound-id"] + verbs: ["impersonate"] + - apiGroups: [""] + resources: ["groups"] + resourceNames: + # system:authenticated is required for calls to discovery API. Some Kubernetes + # clients like kubectl use it to figure out exactly which endpoints to call + # for given arguments. + - "system:authenticated" + - "upbound:view" +{{- if eq .Values.upbound.controlPlane.permission "edit" }} + - "upbound:edit" +{{- end }} + verbs: ["impersonate"] +{{- end }} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/clusterrolebindings-managed.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/clusterrolebindings-managed.yaml new file mode 100644 index 000000000..66e157620 --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/clusterrolebindings-managed.yaml @@ -0,0 +1,34 @@ +{{- if or (eq .Values.upbound.controlPlane.permission "view") (eq .Values.upbound.controlPlane.permission "edit") }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "name" . }}-view + labels: + {{- include "labelsAgent" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "name" . }}-view +subjects: + - apiGroup: rbac.authorization.k8s.io + kind: Group + name: upbound:view +{{- if eq .Values.upbound.controlPlane.permission "edit" }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "name" . }}-edit + labels: + {{- include "labelsAgent" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "name" . }}-edit +subjects: + - apiGroup: rbac.authorization.k8s.io + kind: Group + name: upbound:edit +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/clusterrolebindings.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/clusterrolebindings.yaml new file mode 100644 index 000000000..ec99faf43 --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/clusterrolebindings.yaml @@ -0,0 +1,31 @@ +{{- if or (eq .Values.upbound.controlPlane.permission "view") (eq .Values.upbound.controlPlane.permission "edit") }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "agent-name" . }} + labels: + {{- include "labelsAgent" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "agent-name" . }} +subjects: +- kind: ServiceAccount + name: {{ template "agent-name" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "agent-name" . }}-impersonator + labels: + {{- include "labelsAgent" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "agent-name" . }}-impersonator +subjects: + - kind: ServiceAccount + name: {{ template "agent-name" . }} + namespace: {{ .Release.Namespace }} +{{- end }} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/clusterroles-managed.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/clusterroles-managed.yaml new file mode 100644 index 000000000..fcca427a0 --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/clusterroles-managed.yaml @@ -0,0 +1,66 @@ +{{- if or (eq .Values.upbound.controlPlane.permission "view") (eq .Values.upbound.controlPlane.permission "edit") }} +# There are more permissions in upstream aggregated ClusterRoles than we'd like +# to have, so, we have our own ClusterRoles with only the permissions we need. +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "name" . }}:aggregate-to-view + labels: + rbac.crossplane.io/aggregate-to-view: "true" + {{- include "labelsAgent" . | nindent 4 }} +rules: + # Universal Crossplane viewers have access to view events. + - apiGroups: [""] + resources: [events] + verbs: [get, list, watch] + # Universal Crossplane viewers may see which namespaces exist. + - apiGroups: [""] + resources: [namespaces] + verbs: [get, list, watch] + # Universal Crossplane viewers may see CRDs installed in the cluster. + - apiGroups: [apiextensions.k8s.io] + resources: [customresourcedefinitions] + verbs: [get, list, watch] + # Universal Crossplane viewers have read-only access to built in Crossplane types. + - apiGroups: + - apiextensions.crossplane.io + resources: ["*"] + verbs: [get, list, watch] + - apiGroups: + - pkg.crossplane.io + resources: [providers, configurations, providerrevisions, configurationrevisions] + verbs: [get, list, watch] +{{- if eq .Values.upbound.controlPlane.permission "edit" }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "name" . }}:aggregate-to-edit + labels: + rbac.crossplane.io/aggregate-to-edit: "true" + {{- include "labelsAgent" . | nindent 4 }} +rules: + # Universal Crossplane editors have access to view events. + - apiGroups: [""] + resources: [events] + verbs: [get, list, watch] + # Universal Crossplane editors may see which namespaces exist, but not edit them. + - apiGroups: [""] + resources: [namespaces] + verbs: [get, list, watch] + # Universal Crossplane editors may see CRDs installed in the cluster. + - apiGroups: [apiextensions.k8s.io] + resources: [customresourcedefinitions] + verbs: [get, list, watch] + # Universal Crossplane editors have full access to built in Crossplane types. + - apiGroups: + - apiextensions.crossplane.io + resources: ["*"] + verbs: ["*"] + - apiGroups: + - pkg.crossplane.io + resources: [providers, configurations, providerrevisions, configurationrevisions] + verbs: ["*"] +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/control-plane-token-secret.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/control-plane-token-secret.yaml new file mode 100644 index 000000000..897846ae7 --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/control-plane-token-secret.yaml @@ -0,0 +1,11 @@ +{{- if .Values.upbound.controlPlane.token }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.upbound.controlPlane.tokenSecretName }} + labels: + {{- include "labels" . | nindent 4 }} +type: Opaque +data: + token: {{ .Values.upbound.controlPlane.token | b64enc | quote }} +{{- end }} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/deployment.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/deployment.yaml new file mode 100644 index 000000000..c8cfd788a --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/deployment.yaml @@ -0,0 +1,103 @@ +{{- if or (eq .Values.upbound.controlPlane.permission "view") (eq .Values.upbound.controlPlane.permission "edit") }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "agent-name" . }} + labels: + {{- include "labelsAgent" . | nindent 4 }} +spec: + replicas: 1 + selector: + matchLabels: + {{- include "selectorLabelsAgent" . | nindent 6 }} + template: + metadata: + labels: + {{- include "selectorLabelsAgent" . | nindent 8 }} + spec: + serviceAccountName: {{ template "agent-name" . }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: + {{- range $index, $secret := .Values.imagePullSecrets }} + - name: {{ $secret }} + {{- end }} + {{ end }} + containers: + - name: agent + image: "{{ .Values.agent.image.repository }}:{{ .Values.agent.image.tag }}" + args: + - agent + - --tls-cert-file + - /etc/certs/upbound-agent/tls.crt + - --tls-key-file + - /etc/certs/upbound-agent/tls.key + - --xgql-ca-bundle-file + - /etc/certs/upbound-agent/ca.crt + - --nats-endpoint + - nats://{{ .Values.upbound.connectHost }}:{{ .Values.upbound.connectPort | default "443" }} + - --upbound-api-endpoint + - {{ .Values.upbound.apiURL }} + - --pod-name + - $(POD_NAME) + - --control-plane-token-path + - /etc/tokens/control-plane/token + {{- if .Values.agent.config.debugMode }} + - "--debug" + {{- end }} + {{- range $arg := .Values.agent.config.args }} + - {{ $arg }} + {{- end }} + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + imagePullPolicy: {{ .Values.agent.image.pullPolicy }} + ports: + - name: agent + containerPort: 6443 + protocol: TCP + resources: + {{- toYaml .Values.agent.resources | nindent 12 }} +# TODO(muvaf): Disabled temporarily since we'd like to complete the installation +# even if the control plane token is not there, which makes these probes return +# false. +# readinessProbe: +# httpGet: +# scheme: HTTPS +# path: /readyz +# port: 6443 +# initialDelaySeconds: 5 +# timeoutSeconds: 5 +# periodSeconds: 5 +# failureThreshold: 3 +# livenessProbe: +# httpGet: +# scheme: HTTPS +# path: /livez +# port: 6443 +# initialDelaySeconds: 10 +# timeoutSeconds: 5 +# periodSeconds: 30 +# failureThreshold: 5 + volumeMounts: + - mountPath: /etc/certs/upbound-agent + name: certs + readOnly: true + - mountPath: /etc/tokens/control-plane + name: upbound-control-plane-token + readOnly: true + volumes: + - name: certs + secret: + defaultMode: 420 + secretName: upbound-agent-tls + - name: upbound-control-plane-token + secret: + defaultMode: 420 + secretName: {{ .Values.upbound.controlPlane.tokenSecretName }} + optional: true + items: + - key: token + path: token +{{- end }} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/role.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/role.yaml new file mode 100644 index 000000000..960bc4d48 --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/role.yaml @@ -0,0 +1,66 @@ +{{- if or (eq .Values.upbound.controlPlane.permission "view") (eq .Values.upbound.controlPlane.permission "edit") }} +--- +# We need to be able to read universal-crossplane-config configmap in the namespace +# where UXP is deployed to provide version/configuration information. +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "agent-name" . }}-uxp-config + labels: + {{- include "labelsAgent" . | nindent 4 }} +rules: + - apiGroups: [""] + resources: ["configmaps"] + resourceNames: ["universal-crossplane-config"] + verbs: ["get"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "agent-name" . }}-uxp-config + labels: + {{- include "labelsAgent" . | nindent 4 }} +subjects: + - apiGroup: rbac.authorization.k8s.io + kind: Group + name: upbound:view +{{- if eq .Values.upbound.controlPlane.permission "edit" }} + - apiGroup: rbac.authorization.k8s.io + kind: Group + name: upbound:edit +{{- end }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "agent-name" . }}-uxp-config +{{- end }} +{{- if eq .Values.upbound.controlPlane.permission "edit" }} +--- +# We need to be able to manage Secrets in the namespace where UXP is deployed +# so that Secrets pointed by ProviderConfig objects can be created by the agent. +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "agent-name" . }}-secret + labels: + {{- include "labelsAgent" . | nindent 4 }} +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["*"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "agent-name" . }}-secret + labels: + {{- include "labelsAgent" . | nindent 4 }} +subjects: + - apiGroup: rbac.authorization.k8s.io + kind: Group + name: upbound:edit +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "agent-name" . }}-secret +{{- end }} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/service.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/service.yaml new file mode 100644 index 000000000..7e22879a3 --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/service.yaml @@ -0,0 +1,16 @@ +{{- if or (eq .Values.upbound.controlPlane.permission "view") (eq .Values.upbound.controlPlane.permission "edit") }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "agent-name" . }} + labels: + {{- include "labelsAgent" . | nindent 4 }} +spec: + selector: + {{- include "selectorLabelsAgent" . | nindent 4 }} + ports: + - port: 6443 + targetPort: 6443 + protocol: TCP + name: https +{{- end }} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/serviceaccount.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/serviceaccount.yaml new file mode 100644 index 000000000..fe136d5c0 --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/serviceaccount.yaml @@ -0,0 +1,8 @@ +{{- if or (eq .Values.upbound.controlPlane.permission "view") (eq .Values.upbound.controlPlane.permission "edit") }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "agent-name" . }} + labels: + {{- include "labelsAgent" . | nindent 4 }} +{{- end }} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/tls-secret.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/tls-secret.yaml new file mode 100644 index 000000000..19a5c9748 --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/upbound-agent/tls-secret.yaml @@ -0,0 +1,9 @@ +{{- if or (eq .Values.upbound.controlPlane.permission "view") (eq .Values.upbound.controlPlane.permission "edit") }} +apiVersion: v1 +kind: Secret +metadata: + name: upbound-agent-tls + labels: + {{- include "labelsAgent" . | nindent 4 }} +type: Opaque +{{- end }} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/xgql/_helpers.tpl b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/xgql/_helpers.tpl new file mode 100644 index 000000000..bd1141516 --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/xgql/_helpers.tpl @@ -0,0 +1,22 @@ +{{/* vim: set filetype=mustache: */}} + +{{- define "xgql-name" -}} +{{- "xgql" -}} +{{- end -}} + +{{/* +Labels - xgql +*/}} +{{- define "labelsXgql" -}} +{{ include "labels" . }} +app.kubernetes.io/component: xgql +{{- end }} + +{{/* +Selector labels - xgql +*/}} +{{- define "selectorLabelsXgql" -}} +{{ include "selectorLabels" . }} +app.kubernetes.io/component: xgql +{{- end }} + diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/xgql/deployment.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/xgql/deployment.yaml new file mode 100644 index 000000000..520345385 --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/xgql/deployment.yaml @@ -0,0 +1,59 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "xgql-name" . }} + labels: + {{- include "labelsXgql" . | nindent 4 }} +spec: + selector: + matchLabels: + {{- include "selectorLabelsXgql" . | nindent 6 }} + template: + metadata: + labels: + {{- include "selectorLabelsXgql" . | nindent 8 }} + spec: + serviceAccountName: {{ template "xgql-name" . }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: + {{- range $index, $secret := .Values.imagePullSecrets }} + - name: {{ $secret }} + {{- end }} + {{ end }} + containers: + - name: xgql + image: "{{ .Values.xgql.image.repository }}:{{ .Values.xgql.image.tag }}" + imagePullPolicy: {{ .Values.xgql.image.pullPolicy }} + resources: + {{- toYaml .Values.xgql.resources | nindent 12 }} + ports: + - name: https + containerPort: 8443 + protocol: TCP + {{- if .Values.xgql.metrics.enabled }} + - name: metrics + containerPort: 8080 + {{- end }} + args: + - --tls-key=/etc/certs/xgql/tls.key + - --tls-cert=/etc/certs/xgql/tls.crt + {{- if .Values.xgql.config.debugMode }} + - "--debug" + {{- end }} + {{- range $arg := .Values.xgql.config.args }} + - {{ $arg }} + {{- end }} + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + volumeMounts: + - mountPath: /etc/certs/xgql + name: certs + readOnly: true + volumes: + - name: certs + secret: + defaultMode: 420 + secretName: xgql-tls diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/xgql/service.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/xgql/service.yaml new file mode 100644 index 000000000..80f822d3c --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/xgql/service.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "xgql-name" . }} + labels: + {{- include "labelsXgql" . | nindent 4 }} +spec: + selector: + {{- include "selectorLabelsXgql" . | nindent 4 }} + ports: + - port: 443 + targetPort: https + protocol: TCP + name: https diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/xgql/serviceaccount.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/xgql/serviceaccount.yaml new file mode 100644 index 000000000..88e8bbdb7 --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/xgql/serviceaccount.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "xgql-name" . }} + labels: + {{- include "labelsXgql" . | nindent 4 }} diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/xgql/tls-secret.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/xgql/tls-secret.yaml new file mode 100644 index 000000000..4b06ca735 --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.2.200100/templates/xgql/tls-secret.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Secret +metadata: + name: xgql-tls + labels: + {{- include "labelsXgql" . | nindent 4 }} +type: Opaque diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/values.yaml b/charts/universal-crossplane/universal-crossplane/1.2.200100/values.yaml new file mode 100644 index 000000000..f5ed73d78 --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.2.200100/values.yaml @@ -0,0 +1,152 @@ +nameOverride: "crossplane" + +replicas: 1 + +deploymentStrategy: RollingUpdate + +image: + repository: crossplane/crossplane + tag: v1.2.2 + pullPolicy: IfNotPresent + +nodeSelector: {} +tolerations: {} +affinity: {} + +leaderElection: true +args: {} + +provider: + packages: [] + +configuration: + packages: [] + +imagePullSecrets: + - dockerhub + +rbacManager: + deploy: true + skipAggregatedClusterRoles: true + replicas: 1 + managementPolicy: Basic + leaderElection: true + args: {} + nodeSelector: {} + tolerations: {} + affinity: {} + +priorityClassName: "" + +resourcesCrossplane: + limits: + cpu: 100m + memory: 512Mi + requests: + cpu: 100m + memory: 256Mi + +securityContextCrossplane: + runAsUser: 65532 + runAsGroup: 65532 + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + +packageCache: + medium: "" + sizeLimit: 5Mi + pvc: "" + +resourcesRBACManager: + limits: + cpu: 100m + memory: 512Mi + requests: + cpu: 100m + memory: 256Mi + +securityContextRBACManager: + runAsUser: 65532 + runAsGroup: 65532 + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + +alpha: + oam: + enabled: false + +metrics: + enabled: false + +# List of extra environment variables to set in the crossplane deployment. +# EXAMPLE +# extraEnvironmentVars: +# sample.key=value1 +# ANOTHER.KEY=value2 +# RESULT +# - name: sample_key +# value: "value1" +# - name: ANOTHER_KEY +# value: "value2" +extraEnvVarsCrossplane: {} + +# List of extra environment variables to set in the crossplane rbac manager deployment. +# EXAMPLE +# extraEnvironmentVars: +# sample.key=value1 +# ANOTHER.KEY=value2 +# RESULT +# - name: sample_key +# value: "value1" +# - name: ANOTHER_KEY +# value: "value2" +extraEnvVarsRBACManager: {} + +### Agent Values + +upbound: + apiURL: "https://api.upbound.io" + connectHost: "connect.upbound.io" + controlPlane: + permission: edit + tokenSecretName: upbound-control-plane-token + token: "" + +xgql: + image: + repository: upbound/xgql + tag: v0.1.3 + pullPolicy: IfNotPresent + resources: {} + metrics: + enabled: false + config: + debugMode: false + args: [] + +agent: + image: + repository: upbound/upbound-agent + tag: v1.2.2-up.1 + pullPolicy: IfNotPresent + resources: {} + config: + debugMode: false + args: [] + +### Bootstrapper Values + +bootstrapper: + image: + repository: upbound/uxp-bootstrapper + tag: v1.2.2-up.1 + pullPolicy: IfNotPresent + resources: {} + config: + debugMode: false + args: [] + +billing: + awsMarketplace: + enabled: false + iamRoleARN: arn:aws:iam:::role/ diff --git a/charts/universal-crossplane/universal-crossplane/1.2.200100/values.yaml.tmpl b/charts/universal-crossplane/universal-crossplane/1.2.200100/values.yaml.tmpl new file mode 100644 index 000000000..a9a0a3389 --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.2.200100/values.yaml.tmpl @@ -0,0 +1,152 @@ +nameOverride: "crossplane" + +replicas: 1 + +deploymentStrategy: RollingUpdate + +image: + repository: crossplane/crossplane + tag: %%CROSSPLANE_TAG%% + pullPolicy: IfNotPresent + +nodeSelector: {} +tolerations: {} +affinity: {} + +leaderElection: true +args: {} + +provider: + packages: [] + +configuration: + packages: [] + +imagePullSecrets: + - dockerhub + +rbacManager: + deploy: true + skipAggregatedClusterRoles: true + replicas: 1 + managementPolicy: Basic + leaderElection: true + args: {} + nodeSelector: {} + tolerations: {} + affinity: {} + +priorityClassName: "" + +resourcesCrossplane: + limits: + cpu: 100m + memory: 512Mi + requests: + cpu: 100m + memory: 256Mi + +securityContextCrossplane: + runAsUser: 65532 + runAsGroup: 65532 + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + +packageCache: + medium: "" + sizeLimit: 5Mi + pvc: "" + +resourcesRBACManager: + limits: + cpu: 100m + memory: 512Mi + requests: + cpu: 100m + memory: 256Mi + +securityContextRBACManager: + runAsUser: 65532 + runAsGroup: 65532 + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + +alpha: + oam: + enabled: false + +metrics: + enabled: false + +# List of extra environment variables to set in the crossplane deployment. +# EXAMPLE +# extraEnvironmentVars: +# sample.key=value1 +# ANOTHER.KEY=value2 +# RESULT +# - name: sample_key +# value: "value1" +# - name: ANOTHER_KEY +# value: "value2" +extraEnvVarsCrossplane: {} + +# List of extra environment variables to set in the crossplane rbac manager deployment. +# EXAMPLE +# extraEnvironmentVars: +# sample.key=value1 +# ANOTHER.KEY=value2 +# RESULT +# - name: sample_key +# value: "value1" +# - name: ANOTHER_KEY +# value: "value2" +extraEnvVarsRBACManager: {} + +### Agent Values + +upbound: + apiURL: "https://api.upbound.io" + connectHost: "connect.upbound.io" + controlPlane: + permission: edit + tokenSecretName: upbound-control-plane-token + token: "" + +xgql: + image: + repository: upbound/xgql + tag: %%XGQL_TAG%% + pullPolicy: IfNotPresent + resources: {} + metrics: + enabled: false + config: + debugMode: false + args: [] + +agent: + image: + repository: upbound/upbound-agent + tag: %%AGENT_TAG%% + pullPolicy: IfNotPresent + resources: {} + config: + debugMode: false + args: [] + +### Bootstrapper Values + +bootstrapper: + image: + repository: upbound/uxp-bootstrapper + tag: %%BOOTSTRAPPER_TAG%% + pullPolicy: IfNotPresent + resources: {} + config: + debugMode: false + args: [] + +billing: + awsMarketplace: + enabled: false + iamRoleARN: arn:aws:iam:::role/ diff --git a/index.yaml b/index.yaml new file mode 100644 index 000000000..1b76f53e5 --- /dev/null +++ b/index.yaml @@ -0,0 +1,917 @@ +apiVersion: v1 +entries: + ambassador: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Ambassador Edge Stack + catalog.cattle.io/release-name: ambassador + apiVersion: v1 + appVersion: 1.13.8 + created: "2021-06-23T17:44:55.380609-07:00" + description: A Helm chart for Datawire Ambassador + digest: f56e602f017a6e48d2838033b31ce356a47db561fcd9c02e008d06b67be95b90 + home: https://www.getambassador.io/ + icon: https://www.getambassador.io/images/logo.png + keywords: + - api gateway + - ambassador + - datawire + - envoy + maintainers: + - email: markus@maga.se + name: flydiverny + - email: flynn@datawire.io + name: kflynn + - email: nkrause@datawire.io + name: nbkrause + - email: lukeshu@datawire.io + name: lukeshu + name: ambassador + sources: + - https://github.com/datawire/ambassador + - https://github.com/prometheus/statsd_exporter + urls: + - assets/ambassador/ambassador-6.7.1100.tgz + version: 6.7.1100 + artifactory-ha: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/release-name: artifactory-ha + apiVersion: v1 + appVersion: 7.17.5 + created: "2021-06-23T17:44:55.406602-07:00" + dependencies: + - condition: postgresql.enabled + name: postgresql + repository: https://charts.bitnami.com/bitnami + version: 9.3.4 + description: Universal Repository Manager supporting all major packaging formats, + build tools and CI servers. + digest: 63b4083aaf16e3f8f46c01943a6113b11beebdab0b3bd9e6b482ad3e8cc4e56a + home: https://www.jfrog.com/artifactory/ + icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory-ha/logo/artifactory-logo.png + keywords: + - artifactory + - jfrog + - devops + maintainers: + - email: installers@jfrog.com + name: Chart Maintainers at JFrog + name: artifactory-ha + sources: + - https://github.com/jfrog/charts + urls: + - assets/artifactory-ha/artifactory-ha-4.13.000.tgz + version: 4.13.000 + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/release-name: artifactory-ha + apiVersion: v1 + appVersion: 7.12.6 + created: "2021-06-23T17:44:55.417983-07:00" + dependencies: + - condition: postgresql.enabled + name: postgresql + repository: https://charts.bitnami.com/bitnami + version: 9.3.4 + description: Universal Repository Manager supporting all major packaging formats, + build tools and CI servers. + digest: 6f13240e67c292e0a7229b1e0b1d8389991e10850d629fab7bac34b7f702fa3c + home: https://www.jfrog.com/artifactory/ + icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory-ha/logo/artifactory-logo.png + keywords: + - artifactory + - jfrog + - devops + maintainers: + - email: installers@jfrog.com + name: Chart Maintainers at JFrog + name: artifactory-ha + sources: + - https://bintray.com/jfrog/product/JFrog-Artifactory-Pro/view + - https://github.com/jfrog/charts + urls: + - assets/artifactory-ha/artifactory-ha-4.7.600.tgz + version: 4.7.600 + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/release-name: artifactory-ha + apiVersion: v1 + appVersion: 7.6.3 + created: "2021-06-23T17:44:55.395076-07:00" + dependencies: + - condition: postgresql.enabled + name: postgresql + repository: https://charts.bitnami.com/bitnami + version: 8.7.3 + description: Universal Repository Manager supporting all major packaging formats, + build tools and CI servers. + digest: cfe8c5e0fbf007f8f858b65ab788ad297cdece703364d94ff9d36beca395ca6a + home: https://www.jfrog.com/artifactory/ + icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory-ha/logo/artifactory-logo.png + keywords: + - artifactory + - jfrog + - devops + maintainers: + - email: amithk@jfrog.com + name: amithins + - email: daniele@jfrog.com + name: danielezer + - email: eldada@jfrog.com + name: eldada + - email: ramc@jfrog.com + name: chukka + - email: rimasm@jfrog.com + name: rimusz + name: artifactory-ha + sources: + - https://bintray.com/jfrog/product/JFrog-Artifactory-Pro/view + - https://github.com/jfrog/charts + urls: + - assets/artifactory-ha/artifactory-ha-3.0.1400.tgz + version: 3.0.1400 + artifactory-jcr: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/release-name: artifactory-jcr + apiVersion: v1 + appVersion: 7.12.5 + created: "2021-06-23T17:44:55.44209-07:00" + dependencies: + - name: artifactory + repository: https://charts.jfrog.io/ + version: 11.7.4 + description: JFrog Container Registry + digest: 148af8042991b7d031770887a8d64e034268c2e1e3eb03f55e13310a40cb2a60 + home: https://jfrog.com/container-registry/ + icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory-jcr/logo/jcr-logo.png + keywords: + - artifactory + - jfrog + - container + - registry + - devops + - jfrog-container-registry + maintainers: + - email: helm@jfrog.com + name: Chart Maintainers at JFrog + name: artifactory-jcr + sources: + - https://github.com/jfrog/charts + urls: + - assets/artifactory-jcr/artifactory-jcr-3.4.000.tgz + version: 3.4.000 + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/release-name: artifactory-jcr + apiVersion: v1 + appVersion: 7.6.3 + created: "2021-06-23T17:44:55.431809-07:00" + dependencies: + - name: artifactory + repository: https://charts.jfrog.io/ + version: 10.0.12 + description: JFrog Container Registry + digest: 4f32c8460467e79492bfab5da99afbd5867f6e8dc305d96458790b6de083f4da + home: https://jfrog.com/container-registry/ + icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory-jcr/logo/jcr-logo.png + keywords: + - artifactory + - jfrog + - container + - registry + - devops + - jfrog-container-registry + maintainers: + - email: amithk@jfrog.com + name: amithins + - email: daniele@jfrog.com + name: danielezer + - email: eldada@jfrog.com + name: eldada + - email: ramc@jfrog.com + name: chukka + - email: rimasm@jfrog.com + name: rimusz + - email: vinaya@jfrog.com + name: vinaya + name: artifactory-jcr + sources: + - https://github.com/jfrog/charts + urls: + - assets/artifactory-jcr/artifactory-jcr-2.5.100.tgz + version: 2.5.100 + citrix-adc-istio-ingress-gateway: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/release-name: citrix-adc-istio-ingress-gateway + apiVersion: v1 + appVersion: 1.2.1 + created: "2021-06-23T17:44:55.442927-07:00" + description: A Helm chart for Citrix ADC as Ingress Gateway installation in Istio + Service Mesh on Kubernetes platform + digest: 41121dad6ac7271f2ada14e5f8cbc7d398e1e656db95e1937ab1dc5bab563e4c + home: https://www.citrix.com + icon: https://raw.githubusercontent.com/citrix/citrix-helm-charts/gh-pages/icon.png + maintainers: + - email: dhiraj.gedam@citrix.com + name: dheerajng + - email: subash.dangol@citrix.com + name: subashd + name: citrix-adc-istio-ingress-gateway + sources: + - https://github.com/citrix/citrix-istio-adaptor + urls: + - assets/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway-1.2.100.tgz + version: 1.2.100 + citrix-cpx-with-ingress-controller: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/release-name: citrix-cpx-with-ingress-controller + apiVersion: v1 + appVersion: 1.8.28 + created: "2021-06-23T17:44:55.443962-07:00" + description: A Helm chart for Citrix ADC CPX with Citrix ingress Controller running + as sidecar. + digest: 298c1472ff1afea8333346f2d67dc4bb6fb64779b4b90378b18e57180995286e + home: https://www.citrix.com + icon: https://raw.githubusercontent.com/citrix/citrix-helm-charts/gh-pages/icon.png + maintainers: + - email: priyanka.sharma@citrix.com + name: priyankash-citrix + - email: subash.dangol@citrix.com + name: subashd + name: citrix-cpx-with-ingress-controller + sources: + - https://github.com/citrix/citrix-k8s-ingress-controller + urls: + - assets/citrix-cpx-with-ingress-controller/citrix-cpx-with-ingress-controller-1.8.2800.tgz + version: 1.8.2800 + citrix-k8s-cpx-ingress-controller: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/namespace: citrix-k8s-cpx-ingress-controller + catalog.cattle.io/release-name: citrix-k8s-cpx-ingress-controller + apiVersion: v1 + appVersion: 1.8.28 + created: "2020-09-10T18:19:56.040802801Z" + description: A Helm chart for Citrix ADC CPX with Citrix ingress Controller running + as sidecar. + digest: 0a54474018a40043d75aad6209bdc585a3ba2cd9d1fa6c2131536091ec99bfd0 + home: https://www.citrix.com + icon: https://raw.githubusercontent.com/citrix/citrix-helm-charts/gh-pages/icon.png + maintainers: + - email: priyanka.sharma@citrix.com + name: priyankash-citrix + - email: subash.dangol@citrix.com + name: subashd + name: citrix-k8s-cpx-ingress-controller + sources: + - https://github.com/citrix/citrix-k8s-ingress-controller + urls: + - assets/citrix-k8s-cpx-ingress-controller/citrix-k8s-cpx-ingress-controller-1.8.2800.tgz + version: 1.8.2800 + cloudcasa: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Cloudcasa + catalog.cattle.io/namespace: cloudcasa-io + catalog.cattle.io/release-name: cloudcasa + apiVersion: v2 + appVersion: "1.0" + created: "2021-06-23T17:44:55.447795-07:00" + description: CloudCasa backup service for Kubernetes and cloud native applications + digest: 9bb36abfa6db450688840c60a4181791da4f4d637f5a48e7aee93238f4d471c1 + home: https://cloudcasa.io + icon: https://partner-charts.rancher.io/assets/logos/cloudcasa.png + keywords: + - backup + - Catalogic + - CloudCasa + kubeVersion: '>=1.13.0-0' + maintainers: + - email: info@catalogicsoftware.com + name: catalogicsoftware + name: cloudcasa + urls: + - assets/cloudcasa/cloudcasa-1.tgz + version: "1" + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/namespace: cloudcasa-io + catalog.cattle.io/release-name: cloudcasa + apiVersion: v2 + appVersion: 0.1.0 + created: "2021-06-23T17:44:55.446342-07:00" + description: CloudCasa backup service for Kubernetes and cloud native applications + digest: be87ab1b0e0e9c74998d5d3e5041f75ac732174389ee3bf68a3d8016aace786f + home: https://cloudcasa.io + icon: https://partner-charts.rancher.io/assets/logos/cloudcasa.png + keywords: + - backup + - Catalogic + - CloudCasa + kubeVersion: '>=1.13.0-0' + maintainers: + - email: info@catalogicsoftware.com + name: catalogicsoftware + name: cloudcasa + urls: + - assets/cloudcasa/cloudcasa-0.1.000.tgz + version: 0.1.000 + cockroachdb: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/release-name: cockroachdb + apiVersion: v1 + appVersion: 20.1.3 + created: "2021-06-23T17:44:55.449351-07:00" + description: CockroachDB is a scalable, survivable, strongly-consistent SQL database. + digest: ba272eab2f61dd699854035f1bfdfafb15cd0b99eefc2b8486702dc990202bea + home: https://www.cockroachlabs.com + icon: https://raw.githubusercontent.com/cockroachdb/cockroach/master/docs/media/cockroach_db.png + maintainers: + - email: helm-charts@cockroachlabs.com + name: cockroachlabs + name: cockroachdb + sources: + - https://github.com/cockroachdb/cockroach + urls: + - assets/cockroachdb/cockroachdb-4.1.200.tgz + version: 4.1.200 + control-agent: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/release-name: streamsets + apiVersion: v1 + appVersion: 3.8.0 + created: "2021-06-23T17:44:55.488571-07:00" + description: Control Agent for managing StreamSets Control Hub Deployments + digest: 5289b93c60200cc9896b2e903c4143a8db1d312409ab86da5dc77df693bc395f + home: https://streamsets.com + icon: https://github.com/streamsets/datacollector/raw/master/basic-lib/src/main/resources/sdcipc.png + keywords: + - streamsets + - sdc + - sch + maintainers: + - email: thomas.ganka@streamsets.com + name: thomasganka + name: control-agent + sources: + - https://github.com/streamsets/helm-charts/tree/master/incubating/control-agent + urls: + - assets/streamsets/control-agent-2.0.100.tgz + version: 2.0.100 + cost-analyzer: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/release-name: kubecost + apiVersion: v1 + appVersion: 1.70.0 + created: "2021-06-23T17:44:55.485546-07:00" + description: A Helm chart that sets up Kubecost, Prometheus, and Grafana to monitor + cloud costs. + digest: b633966fdce3fa9d0c899ff38b6090ac687ac1070000c2742e6834b7430c9975 + icon: https://kubecost.com/images/logo-white.png + name: cost-analyzer + urls: + - assets/kubecost/cost-analyzer-1.70.000.tgz + version: 1.70.000 + csi-wekafsplugin: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/release-name: csi-wekafsplugin + apiVersion: v2 + appVersion: 0.6.4 + created: "2021-06-23T17:44:55.449955-07:00" + description: Helm chart for Deployment of WekaIO Container Storage Interface (CSI) + plugin for WekaFS - the world fastest filesystem + digest: 78feaf34b9a8d8cb5ddcf3928e5782ecb6da0d4de94bdfc9b65162be3e357a7d + home: https://github.com/weka/csi-wekafs + icon: https://weka.github.io/csi-wekafs/logo.png + name: csi-wekafsplugin + sources: + - https://github.com/weka/csi-wekafs/tree/v0.6.4/deploy/helm/csi-wekafsplugin + type: application + urls: + - assets/csi-wekafs/csi-wekafsplugin-0.6.400.tgz + version: 0.6.400 + datadog: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/release-name: datadog + apiVersion: v1 + appVersion: "7" + created: "2021-06-23T17:44:55.454771-07:00" + dependencies: + - condition: datadog.kubeStateMetricsEnabled + name: kube-state-metrics + repository: https://charts.helm.sh/stable + version: =2.8.11 + description: Datadog Agent + digest: 5e05f58feb6bd16390bd3ed6f668d830bf134efee0dbec4a441f16f16e3a4122 + home: https://www.datadoghq.com + icon: https://datadog-live.imgix.net/img/dd_logo_70x75.png + keywords: + - monitoring + - alerting + - metric + maintainers: + - email: support@datadoghq.com + name: Datadog + name: datadog + sources: + - https://app.datadoghq.com/account/settings#agent/kubernetes + - https://github.com/DataDog/datadog-agent + urls: + - assets/datadog/datadog-2.4.200.tgz + version: 2.4.200 + dynatrace-oneagent-operator: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/release-name: dynatrace-oneagent-operator + apiVersion: v2 + appVersion: 0.8.0 + created: "2021-06-23T17:44:55.4562-07:00" + description: The Dynatrace OneAgent Operator Helm chart for Kubernetes and Openshift + digest: 7daf37239c0ca6f903d0e92bcb0ffff02584872f45e2e83822bb986dbf61ee58 + home: https://www.dynatrace.com/ + icon: https://assets.dynatrace.com/global/resources/Signet_Logo_RGB_CP_512x512px.png + maintainers: + - email: marco.mader@dynatrace.com + name: DTMad + - email: luis.garcia@dynatrace.com + name: lrgar + - email: michael.mayr@dynatrace.com + name: mmayr-at + name: dynatrace-oneagent-operator + sources: + - https://github.com/Dynatrace/helm-charts + type: application + urls: + - assets/dynatrace-oneagent-operator/dynatrace-oneagent-operator-0.8.000.tgz + version: 0.8.000 + falcon-sensor: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: CrowdStrike Falcon Platform + catalog.cattle.io/release-name: falcon-helm + apiVersion: v2 + appVersion: 0.9.3 + created: "2021-06-23T17:44:55.456824-07:00" + description: A Helm chart to deploy CrowdStrike Falcon sensors into Kubernetes + clusters. + digest: cb98b5a7e6020ed2d06db01575e76b4cfd3e94549805323e65f551a832a1254a + home: https://crowdstrike.com + icon: https://raw.githubusercontent.com/CrowdStrike/falcon-helm/main/images/crowdstrike-logo.svg + keywords: + - CrowdStrike + - Falcon + - EDR + - kubernetes + - security + - monitoring + - alerting + maintainers: + - name: CrowdStrike Solution Architecture + - email: gabriel.alford@crowdstrike.com + name: Gabe Alford + name: falcon-sensor + sources: + - https://github.com/CrowdStrike/falcon-helm + type: application + urls: + - assets/falcon-sensor/falcon-sensor-0.9.300.tgz + version: 0.9.300 + federatorai: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Federator.ai + catalog.cattle.io/release-name: federatorai + apiVersion: v1 + appVersion: 4.5.1-ga + created: "2021-06-23T17:44:55.458574-07:00" + description: Federator.ai helps enterprises optimize cloud resources, maximize + application performance, and save significant cost without excessive over-provisioning + or under-provisioning of resources, meeting the service-level requirements of + their applications. + digest: bb91267948c7571fcc0ff6604bf950a17da2b4704d31c6a0033ce444d2c0399b + home: https://www.prophetstor.com + icon: https://raw.githubusercontent.com/prophetstor-ai/public/master/images/logo.png + keywords: + - AI + - Resource Orchestration + - NoOps + - AIOps + - Intelligent Workload Management + - Cost Optimization + maintainers: + - email: support@prophetstor.com + name: ProphetStor Data Services, Inc. + name: federatorai + sources: + - https://www.prophetstor.com + urls: + - assets/federatorai/federatorai-4.5.100.tgz + version: 4.5.100 + haproxy: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/release-name: haproxy + apiVersion: v1 + appVersion: 1.5.4 + created: "2021-06-23T17:44:55.461488-07:00" + description: A Helm chart for HAProxy Kubernetes Ingress Controller + digest: fd110caa557e3b385d407578a4e7693429d5bc722d233f51f19ca58840372ca7 + home: https://github.com/haproxytech/helm-charts/tree/master/kubernetes-ingress + icon: http://www.haproxy.org/img/HAProxyCommunityEdition_60px.png + keywords: + - ingress + - haproxy + kubeVersion: '>=1.12.0-0' + maintainers: + - email: mmhedhbi@haproxy.com + name: Moemen Mhedhbi + - email: bassmann@haproxy.com + name: Baptiste Assmann + - email: dkorunic@haproxy.com + name: Dinko Korunic + name: haproxy + sources: + - https://github.com/haproxytech/kubernetes-ingress + urls: + - assets/haproxy/haproxy-1.12.500.tgz + version: 1.12.500 + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/release-name: haproxy + apiVersion: v1 + appVersion: 1.5.1 + created: "2021-06-23T17:44:55.46002-07:00" + description: A Helm chart for HAProxy Kubernetes Ingress Controller + digest: 29aa101f4851cac5b94d2de40c961d0f24c90bb361c0bf1bc17d3244ddf92046 + home: https://github.com/haproxytech/helm-charts/tree/master/kubernetes-ingress + icon: http://www.haproxy.org/img/HAProxyCommunityEdition_60px.png + keywords: + - ingress + - haproxy + kubeVersion: '>=1.12.0-0' + maintainers: + - email: mmhedhbi@haproxy.com + name: Moemen Mhedhbi + - email: bassmann@haproxy.com + name: Baptiste Assmann + - email: dkorunic@haproxy.com + name: Dinko Korunic + name: haproxy + sources: + - https://github.com/haproxytech/kubernetes-ingress + urls: + - assets/haproxy/haproxy-1.12.100.tgz + version: 1.12.100 + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/release-name: haproxy + apiVersion: v1 + appVersion: 1.4.6 + created: "2021-06-23T17:44:55.462834-07:00" + description: A Helm chart for HAProxy Kubernetes Ingress Controller + digest: f4b11d983e29c3748e04fba10d626277cc4c35c977a2bda016925a326af38b54 + home: https://github.com/haproxytech/helm-charts/tree/master/kubernetes-ingress + icon: http://www.haproxy.org/img/HAProxyCommunityEdition_60px.png + keywords: + - ingress + - haproxy + kubeVersion: '>=1.12.0-0' + maintainers: + - email: mmhedhbi@haproxy.com + name: Moemen Mhedhbi + - email: bassmann@haproxy.com + name: Baptiste Assmann + - email: dkorunic@haproxy.com + name: Dinko Korunic + name: haproxy + sources: + - https://github.com/haproxytech/kubernetes-ingress + urls: + - assets/haproxy/haproxy-1.4.300.tgz + version: 1.4.300 + hpe-csi-driver: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/release-name: hpe-csi-driver + apiVersion: v1 + appVersion: 1.4.0 + created: "2021-06-23T17:44:55.464439-07:00" + description: A Helm chart for installing the HPE CSI Driver for Kubernetes + digest: 487dca3d6bdf6961bf29425945b40974667a67723d2a8d9edbca87285e628793 + home: https://hpe.com/storage/containers + icon: https://raw.githubusercontent.com/hpe-storage/co-deployments/master/docs/assets/hpedev.png + keywords: + - HPE + - Storage + - StorageClass + maintainers: + - email: hpe-containers-dev@hpe.com + name: raunakkumar + name: hpe-csi-driver + sources: + - https://scod.hpedev.io/csi_driver + urls: + - assets/hpe-csi-driver/hpe-csi-driver-1.4.200.tgz + version: 1.4.200 + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/release-name: hpe-csi-driver + apiVersion: v1 + appVersion: 1.3.0 + created: "2021-06-23T17:44:55.463517-07:00" + description: A Helm chart for installing the HPE CSI Driver for Kubernetes + digest: f5e5ce5e51d1b76ea667aca7e7689ccf9439825a30485fa2372ca0b9b86c7af0 + home: https://hpe.com/storage/containers + icon: https://raw.githubusercontent.com/hpe-storage/co-deployments/master/docs/assets/hpedev.png + keywords: + - HPE + - Storage + - StorageClass + - CentOS + - Ubuntu + - RHEL + maintainers: + - email: hpe-containers-dev@hpe.com + name: shivamerla + name: hpe-csi-driver + sources: + - https://scod.hpedev.io/csi_driver + urls: + - assets/hpe-csi-driver/hpe-csi-driver-1.3.000.tgz + version: 1.3.000 + hpe-flexvolume-driver: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/release-name: hpe-flexvolume-driver + apiVersion: v1 + appVersion: "3.1" + created: "2021-06-23T17:44:55.4653-07:00" + description: A Helm chart for installing the HPE Volume Driver for Kubernetes + FlexVolume plugin + digest: 50fc38e25308bf32156bed37bd549a5855309ac69945ff402fbe5ea809f88ddc + home: https://hpe.com/storage/containers + icon: https://raw.githubusercontent.com/hpe-storage/co-deployments/master/docs/assets/hpedev.png + keywords: + - HPE + - Storage + - StorageClass + - CentOS + - Ubuntu + - CloudVolumes + maintainers: + - email: hpe-containers-dev@hpe.com + name: shivamerla + name: hpe-flexvolume-driver + sources: + - https://github.com/hpe-storage/flexvolume-driver + urls: + - assets/hpe-flexvolume-driver/hpe-flexvolume-driver-3.1.000.tgz + version: 3.1.000 + instana-agent: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/release-name: instana-agent + apiVersion: v1 + appVersion: "1.1" + created: "2021-06-23T17:44:55.466349-07:00" + description: Instana Agent for Kubernetes + digest: 164723f111d03fe67c775d916b0bdf29691b29005b8d93da7caa210cf43cab9c + home: https://www.instana.com/ + icon: https://instana-management-assets.s3-eu-west-1.amazonaws.com/stan-logo-2020.png + maintainers: + - email: jon.brisbin@instana.com + name: jbrisbin + - email: william.james@instana.com + name: wiggzz + - email: jeroen.soeters@instana.com + name: JeroenSoeters + - email: fabian.staeber@instana.com + name: fstab + - email: miel.donkers@instana.com + name: mdonkers + - email: dahlia.bock@instana.com + name: dlbock + - email: nathan.fisher@instana.com + name: nfisher + name: instana-agent + sources: + - https://github.com/instana/instana-agent-docker + urls: + - assets/instana-agent/instana-agent-1.0.2900.tgz + version: 1.0.2900 + k8s-triliovault-operator: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: TrilioVault for Kubernetes Operator + catalog.cattle.io/release-name: k8s-triliovault-operator + apiVersion: v1 + appVersion: v2.0.5 + created: "2021-06-23T17:44:55.467976-07:00" + description: K8s-TrilioVault-Operator is an operator designed to manage the K8s-TrilioVault + Application Lifecycle. + digest: e3272d943f70ec0c442c94920e4093fd0db9d1833711bcb8d23181f10098c000 + home: https://github.com/trilioData/k8s-triliovault-operator + icon: https://www.trilio.io/wp-content/uploads/2021/01/Trilio-2020-logo-RGB-gray-green.png + maintainers: + - email: prafull.ladha@trilio.io + name: prafull11 + name: k8s-triliovault-operator + sources: + - https://github.com/trilioData/k8s-triliovault-operator + urls: + - assets/k8s-triliovault-operator/k8s-triliovault-operator-2.0.500.tgz + version: 2.0.500 + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/release-name: k8s-triliovault-operator + apiVersion: v1 + appVersion: v2.0.2 + created: "2021-06-23T17:44:55.469031-07:00" + description: K8s-TrilioVault-Operator is an operator designed to manage the K8s-TrilioVault + Application Lifecycle. + digest: 24d6699876b92315e0b3ce5bd4f171f315ad2f963316e4d8d4e4f6993b3e9021 + home: https://github.com/trilioData/k8s-triliovault-operator + icon: https://www.trilio.io/wp-content/uploads/2021/01/Trilio-2020-logo-RGB-gray-green.png + maintainers: + - email: prafull.ladha@trilio.io + name: prafull11 + name: k8s-triliovault-operator + sources: + - https://github.com/trilioData/k8s-triliovault-operator + urls: + - assets/k8s-triliovault-operator/k8s-triliovault-operator-v2.0.200.tgz + version: v2.0.200 + nutanix-csi-storage: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/release-name: nutanix-csi-storage + apiVersion: v1 + appVersion: 2.3.1 + created: "2021-06-23T17:44:55.486353-07:00" + description: A Helm chart for installing Nutanix CSI Volume Driver + digest: 319009a424d1748dc5e7e32e3c0a424621f9555b3ccb0a583f204c561078ef29 + home: https://github.com/nutanix/helm + icon: https://avatars2.githubusercontent.com/u/6165865?s=200&v=4 + keywords: + - Nutanix + - Storage + - Volumes + - Files + - StorageClass + - CentOS + - Ubuntu + kubeVersion: '>= 1.13.0' + maintainers: + - name: tuxtof + name: nutanix-csi-storage + urls: + - assets/nutanix-csi-storage/nutanix-csi-storage-2.3.100.tgz + version: 2.3.100 + openebs: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/release-name: openebs + apiVersion: v1 + appVersion: 1.12.0 + created: "2021-06-23T17:44:55.4876-07:00" + description: Containerized Storage for Containers + digest: fa46a4405ad4ad523d246d175bb48fc237c556bf606bb3d0af724920dc166bf6 + home: http://www.openebs.io/ + icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/openebs/icon/color/openebs-icon-color.png + keywords: + - cloud-native-storage + - block-storage + - iSCSI + - storage + maintainers: + - email: kiran.mova@openebs.io + name: kmova + - email: prateek.pandey@openebs.io + name: prateekpandey14 + name: openebs + sources: + - https://github.com/openebs/openebs + urls: + - assets/openebs/openebs-1.12.300.tgz + version: 1.12.300 + portshift-operator: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/release-name: portshift-operator + apiVersion: v1 + appVersion: v0.1.3 + created: "2021-06-23T17:44:55.488041-07:00" + description: | + Portshift cloud-native security platform is an agentless security solution for containerized applications + digest: e332d44b698d4327c96780453f7de16e32e7b905e9f8797b05c02ba268536ed0 + home: https://www.portshift.io/ + icon: https://www.portshift.io/wp-content/uploads/2019/10/portshift-logo-68.png + keywords: + - portshift + - operator + - monitoring + - security + - alerting + - metric + - troubleshooting + - run-time + maintainers: + - email: idan@portshift.io + name: idan + name: portshift-operator + urls: + - assets/portshift-operator/portshift-operator-0.1.000.tgz + version: 0.1.000 + sysdig: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/release-name: sysdig + apiVersion: v1 + appVersion: 10.3.0 + created: "2021-06-23T17:44:55.489923-07:00" + description: Sysdig Monitor and Secure agent + digest: 37cef38a742229947b02dfc764da69ec382b260e062372f2fb7cc3056a31790f + home: https://www.sysdig.com/ + icon: https://478h5m1yrfsa3bbe262u7muv-wpengine.netdna-ssl.com/wp-content/uploads/2019/02/Shovel_600px.png + keywords: + - monitoring + - security + - alerting + - metric + - troubleshooting + - run-time + maintainers: + - email: lachlan@deis.com + name: lachie83 + - email: jorge.salamero@sysdig.com + name: bencer + - email: nestor.salceda@sysdig.com + name: nestorsalceda + - email: alvaro.iradier@sysdig.com + name: airadier + - email: carlos.arilla@sysdig.com + name: carillan81 + name: sysdig + sources: + - https://app.sysdigcloud.com/#/settings/user + - https://github.com/draios/sysdig + urls: + - assets/sysdig/sysdig-1.9.200.tgz + version: 1.9.200 + universal-crossplane: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Upbound Universal Crossplane + catalog.cattle.io/release-name: universal-crossplane + apiVersion: v1 + appVersion: 1.2.2001 + created: "2021-06-23T17:44:55.491386-07:00" + description: 'Upbound Universal Crossplane (UXP) is Upbound''s official enterprise-grade + distribution of Crossplane. It''s fully compatible with upstream Crossplane, + open source, capable of connecting to Upbound Cloud for real-time dashboard + visibility, and maintained by Upbound. It''s the easiest way for both individual + community members and enterprises to build their production control planes. ' + digest: 3c1dfa0f7f6181ab4101f23c41aadddb330484a1d6f48efcbbd523c6cf92eec9 + home: https://upbound.io + icon: https://raw.githubusercontent.com/upbound/universal-crossplane/66ce9eb2c5a0c3af8ed7d19551a2c4d743b933b9/docs/media/logo.png + keywords: + - cloud + - infrastructure + - services + - application + - database + - cache + - bucket + - infra + - app + - ops + - oam + - gcp + - azure + - aws + - alibaba + - cloudsql + - rds + - s3 + - azuredatabase + - asparadb + - gke + - aks + - eks + maintainers: + - email: info@upbound.io + name: Upbound Inc. + name: universal-crossplane + urls: + - assets/universal-crossplane/universal-crossplane-1.2.200100.tgz + version: 1.2.200100 +generated: "2021-06-23T17:44:55.374388-07:00" From 9ae3c498f3db03ccac4cb80d43c53906d1ce1890 Mon Sep 17 00:00:00 2001 From: Arvind Iyengar Date: Wed, 18 Aug 2021 11:07:34 -0700 Subject: [PATCH 3/9] Bump to v0.2.2 and add omitBuildMetadataOnExport v0.2.2 of charts-build-scripts added the ability to remove +up annotations by setting omitBuildMetadataOnExport=true on a repository-level. This has been enabled for partner-charts. --- configuration.yaml | 4 +++- scripts/version | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/configuration.yaml b/configuration.yaml index 2598fdb45..7ccd26d7e 100644 --- a/configuration.yaml +++ b/configuration.yaml @@ -4,4 +4,6 @@ validate: - url: https://github.com/aiyengar2/partner-charts.git branch: migrate_to_v0.2.1_live helmRepo: - cname: partner-charts.rancher.io \ No newline at end of file + cname: partner-charts.rancher.io + +omitBuildMetadataOnExport: true \ No newline at end of file diff --git a/scripts/version b/scripts/version index 9cb263a16..6a93f5c8d 100755 --- a/scripts/version +++ b/scripts/version @@ -2,4 +2,4 @@ set -e CHARTS_BUILD_SCRIPTS_REPO=https://github.com/rancher/charts-build-scripts.git -CHARTS_BUILD_SCRIPT_VERSION=v0.2.1 \ No newline at end of file +CHARTS_BUILD_SCRIPT_VERSION=v0.2.2 \ No newline at end of file From 433f71e9b50396fc9e88b3b85546b55b54802371 Mon Sep 17 00:00:00 2001 From: Arvind Iyengar Date: Wed, 18 Aug 2021 12:10:43 -0700 Subject: [PATCH 4/9] Bump csi-wekafs due to small change in Chart.yaml --- packages/csi-wekafs/package.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/csi-wekafs/package.yaml b/packages/csi-wekafs/package.yaml index 0026a86d3..1da9bdc2d 100644 --- a/packages/csi-wekafs/package.yaml +++ b/packages/csi-wekafs/package.yaml @@ -1,2 +1,2 @@ url: https://weka.github.io/csi-wekafs/csi-wekafsplugin-0.6.4.tgz -packageVersion: 00 +packageVersion: 01 From 529da84340866acc5937ba4c6148a57cc5b2bdf6 Mon Sep 17 00:00:00 2001 From: Arvind Iyengar Date: Wed, 18 Aug 2021 12:13:25 -0700 Subject: [PATCH 5/9] Exclude requirements.lock from datadog and bump Not needed since direct dependency versions are tracked under packages/datadog/generated-changes/dependencies --- .../datadog/generated-changes/exclude/requirements.lock | 6 ++++++ packages/datadog/package.yaml | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) create mode 100644 packages/datadog/generated-changes/exclude/requirements.lock diff --git a/packages/datadog/generated-changes/exclude/requirements.lock b/packages/datadog/generated-changes/exclude/requirements.lock new file mode 100644 index 000000000..cc7ddfb40 --- /dev/null +++ b/packages/datadog/generated-changes/exclude/requirements.lock @@ -0,0 +1,6 @@ +dependencies: +- name: kube-state-metrics + repository: https://kubernetes-charts.storage.googleapis.com/ + version: =2.8.11 +digest: sha256:35a0ae8724925c531b15f2eb8f78adee8d688bd1ac2e06289edb3e4238e3d037 +generated: "2020-08-04T09:21:38.189722549Z" diff --git a/packages/datadog/package.yaml b/packages/datadog/package.yaml index 39614d4d4..9670b666a 100644 --- a/packages/datadog/package.yaml +++ b/packages/datadog/package.yaml @@ -1,2 +1,2 @@ url: https://github.com/DataDog/helm-charts/releases/download/datadog-2.4.2/datadog-2.4.2.tgz -packageVersion: 00 +packageVersion: 01 From f886d21586f61f53e51ed8cd2cf85da1bd8d4f3b Mon Sep 17 00:00:00 2001 From: Arvind Iyengar Date: Wed, 18 Aug 2021 13:10:32 -0700 Subject: [PATCH 6/9] Bump version of released charts w/ invalid semver Starting in Helm 3.5.2, SemVer version strings are strictly enforced. Therefore, charts with SemVer version strings like X.X.000 will no longer work. This commit addresses the following semvers that are invalid. The fix is to bump the packageVersion only (no Helm chart changes otherwise): - artifactory-ha 4.13.000 -> 4.13.1 - artifactory-jcr 3.4.000 -> 3.4.1 - dynatrace-oneagent-operator 0.8.000 -> 0.8.1 - hpe-flexvolume-driver 3.1.000 -> 3.1.1 - kubecost (cost-analyzer) 1.70.000 -> 1.70.1 - portshift-operator 0.1.000 -> 0.1.1 --- packages/artifactory-ha/package.yaml | 2 +- packages/artifactory-jcr/package.yaml | 2 +- packages/dynatrace-oneagent-operator/package.yaml | 2 +- packages/hpe-flexvolume-driver/package.yaml | 2 +- packages/kubecost/package.yaml | 2 +- packages/portshift-operator/package.yaml | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/packages/artifactory-ha/package.yaml b/packages/artifactory-ha/package.yaml index 2259600ff..019278b0d 100644 --- a/packages/artifactory-ha/package.yaml +++ b/packages/artifactory-ha/package.yaml @@ -1,2 +1,2 @@ url: https://charts.jfrog.io/artifactory-ha-4.13.0.tgz -packageVersion: 00 +packageVersion: 01 diff --git a/packages/artifactory-jcr/package.yaml b/packages/artifactory-jcr/package.yaml index 2462db22e..94ad5184a 100644 --- a/packages/artifactory-jcr/package.yaml +++ b/packages/artifactory-jcr/package.yaml @@ -1,2 +1,2 @@ url: https://charts.jfrog.io/artifactory-jcr-3.4.0.tgz -packageVersion: 00 +packageVersion: 01 diff --git a/packages/dynatrace-oneagent-operator/package.yaml b/packages/dynatrace-oneagent-operator/package.yaml index 14df658ad..e870248fe 100644 --- a/packages/dynatrace-oneagent-operator/package.yaml +++ b/packages/dynatrace-oneagent-operator/package.yaml @@ -1,2 +1,2 @@ url: https://raw.githubusercontent.com/Dynatrace/helm-charts/master/repos/stable/dynatrace-oneagent-operator-0.8.0.tgz -packageVersion: 00 +packageVersion: 01 diff --git a/packages/hpe-flexvolume-driver/package.yaml b/packages/hpe-flexvolume-driver/package.yaml index 8899c79cb..26a70d067 100644 --- a/packages/hpe-flexvolume-driver/package.yaml +++ b/packages/hpe-flexvolume-driver/package.yaml @@ -1,2 +1,2 @@ url: https://hpe-storage.github.io/co-deployments/hpe-flexvolume-driver-3.1.0.tgz -packageVersion: 00 +packageVersion: 01 diff --git a/packages/kubecost/package.yaml b/packages/kubecost/package.yaml index 661233526..d620b1097 100644 --- a/packages/kubecost/package.yaml +++ b/packages/kubecost/package.yaml @@ -1,2 +1,2 @@ url: https://kubecost.github.io/rancher-helm-chart/cost-analyzer-1.70.0.tgz -packageVersion: 00 +packageVersion: 01 diff --git a/packages/portshift-operator/package.yaml b/packages/portshift-operator/package.yaml index 9f07e4e90..e0f252e25 100644 --- a/packages/portshift-operator/package.yaml +++ b/packages/portshift-operator/package.yaml @@ -1,2 +1,2 @@ url: https://raw.githubusercontent.com/Portshift/helm-charts/master/repos/stable/portshift-operator-0.1.0.tgz -packageVersion: 00 +packageVersion: 01 From 2629e7cfd77a7feff3136a89b4898b2691ccb12e Mon Sep 17 00:00:00 2001 From: Arvind Iyengar Date: Wed, 18 Aug 2021 12:19:43 -0700 Subject: [PATCH 7/9] Remove +up annotation from docs --- README.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 192418543..c978a58c2 100644 --- a/README.md +++ b/README.md @@ -57,9 +57,9 @@ Set up the following in your `package.yaml` to track your upstream chart: - `url` - the URL that references your upstream chart's tarball hosted in a Helm repository. -- `packageVersion` - The version of the package. This is used along with your upstream chart's name and version to generate a filename with the format `{PACKAGE_NAME}-{VERSION}{packageVersion}+up{VERSION}.tgz` for the package's tarball that gets generated. +- `packageVersion` - The version of the package. This is used along with your upstream chart's name and version to generate a filename with the format `{PACKAGE_NAME}-{VERSION}{packageVersion}.tgz` for the package's tarball that gets generated. - For example, an upstream chart `chart-0.1.2.tgz` and the `package.yaml` from below would generate a package with the name `chart-0.1.201+up0.1.2`. + For example, an upstream chart `chart-0.1.2.tgz` and the `package.yaml` from below would generate an asset with the name `chart-0.1.201.tgz`. ```yaml url: https://example.com/helm-repo/chart-0.1.2.tgz @@ -186,7 +186,7 @@ Update the `url` to reference the new upstream chart. If your chart uses `packag For example, an existing package tracking an upstream chart `url: https://example.com/helm-repo/chart-0.1.2.tgz` can be updated to track the new `url: https://example.com/helm-repo/chart-0.1.3.tgz`, and a new package -`chart-0.1.301+up0.1.3.tgz` will be generated. +`chart-0.1.301.tgz` will be generated. ```yaml url: https://example.com/helm-repo/chart-0.1.3.tgz @@ -207,8 +207,8 @@ If your chart uses `packageVersion`, increase the `packageVersion` in `package.y create a new version of a package tracking the same upstream chart. For example, an existing package tracking an upstream chart `url: https://example.com/helm-repo/chart-0.1.2.tgz` -generated a package `chart-0.1.201+up0.1.2.tgz`. Increasing the `packageVersion` without changing the `url` -will generate a new package `chart-0.1.202+up0.1.2.tgz` based off of the same upstream chart. +generated a package `chart-0.1.201.tgz`. Increasing the `packageVersion` without changing the `url` +will generate a new package `chart-0.1.202.tgz` based off of the same upstream chart. ### 7. Test your changes @@ -226,7 +226,7 @@ to set up a Helm repo in your current branch. - `charts/{PACKAGE_NAME}/{PACKAGE_NAME}/{VERSION}` - Contains an unarchived version of your modified chart - `assets/{PACKAGE_NAME}/` - Contains an archived (tarball) version of your modified chart -named `{PACKAGE_NAME}-{VERSION}{packageVersion}+up{VERSION}.tgz` +named `{PACKAGE_NAME}-{VERSION}{packageVersion}.tgz` #### Test modified chart To test your changes, just push the generated files to your fork as a separate commit and add your From 0e21a2d1c7485964f96b623621bd82dc4017e741 Mon Sep 17 00:00:00 2001 From: Arvind Iyengar Date: Wed, 18 Aug 2021 13:17:13 -0700 Subject: [PATCH 8/9] make charts: assets + index.yaml --- .../artifactory-ha/artifactory-ha-4.13.1.tgz | Bin 0 -> 158048 bytes .../artifactory-jcr/artifactory-jcr-3.4.1.tgz | Bin 0 -> 154569 bytes assets/cloudcasa/cloudcasa-2.0.0.tgz | Bin 0 -> 26851 bytes .../csi-wekafs/csi-wekafsplugin-0.6.401.tgz | Bin 0 -> 4772 bytes assets/datadog/datadog-2.4.201.tgz | Bin 0 -> 47478 bytes .../dynatrace-oneagent-operator-0.8.1.tgz | Bin 0 -> 30367 bytes .../hpe-csi-driver/hpe-csi-driver-2.0.0.tgz | Bin 0 -> 14681 bytes .../hpe-flexvolume-driver-3.1.1.tgz | Bin 0 -> 8831 bytes assets/kubecost/cost-analyzer-1.70.1.tgz | Bin 0 -> 107873 bytes assets/neuvector/neuvector-1.8.0.tgz | Bin 0 -> 12282 bytes assets/openebs/openebs-2.11.0.tgz | Bin 0 -> 164587 bytes .../portshift-operator-0.1.1.tgz | Bin 0 -> 3391 bytes index.yaml | 319 ++++++++++++++++++ 13 files changed, 319 insertions(+) create mode 100644 assets/artifactory-ha/artifactory-ha-4.13.1.tgz create mode 100644 assets/artifactory-jcr/artifactory-jcr-3.4.1.tgz create mode 100644 assets/cloudcasa/cloudcasa-2.0.0.tgz create mode 100644 assets/csi-wekafs/csi-wekafsplugin-0.6.401.tgz create mode 100644 assets/datadog/datadog-2.4.201.tgz create mode 100644 assets/dynatrace-oneagent-operator/dynatrace-oneagent-operator-0.8.1.tgz create mode 100644 assets/hpe-csi-driver/hpe-csi-driver-2.0.0.tgz create mode 100644 assets/hpe-flexvolume-driver/hpe-flexvolume-driver-3.1.1.tgz create mode 100644 assets/kubecost/cost-analyzer-1.70.1.tgz create mode 100644 assets/neuvector/neuvector-1.8.0.tgz create mode 100644 assets/openebs/openebs-2.11.0.tgz create mode 100644 assets/portshift-operator/portshift-operator-0.1.1.tgz mode change 100644 => 100755 index.yaml diff --git a/assets/artifactory-ha/artifactory-ha-4.13.1.tgz b/assets/artifactory-ha/artifactory-ha-4.13.1.tgz new file mode 100644 index 0000000000000000000000000000000000000000..56dff75dbb6506b08a33a1280abdba324513f876 GIT binary patch literal 158048 zcmV)XK&`(YiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMZ}dfPU#Fy6m)6)5dp+igfmcARvTkMlaV(|Qxf{#kCjeRlV_ z5D7_$DS`z++uFqEIT!N2H+Qb&_uz{JKSjw-vh6XS-Nqt;!2lQxW(I>9NI4!upA$NF zr?9&}g_L`9I19hJzo*yh^`1O_EdTBGdc}YH{q3Ev`j7j)r`u0AI4F{C^~ zw6YjQA%YCK5uBj`$Wv7Z#`q^h879#HT=hFJj?o?#BpUA+v7l;dauU>JfKd`~Edp??V{;@z0g8RYCy2Y^w6!vJtXLIz+I zfc+!D5EYQU&Xfo=r<})Z(CuDdUwiMzRCI{Ux)$=?4)z5`rXYpa-URb$GD;YtK8ZMr zxU3|rcYU#ZSa${)N3_d09EGS`SYjcWklZ`*!i%Fx=Mv4Y2@TkwuUkFa>^JZokO?cb+_c;QycF zSpx@X43m%pHT8ml7I=ZzSp(-&%m8Kpf?xKI-@1y+auk3u4v{GE3SC2r!1WYGz@NfM zGGh&LiYW5HFC+nMN|G=Dml3%J*Hg&BoFqWh3kZ%TUw78Pp6?^Z0G}dL`x^5p`0xRE zKPlS0M01ZNqf0agx3`_nBqSpkioI(M;2E5tGc>`B)A<1CJ&Cyi@h=h8EFP1r>}e8) zL*!G$nSua-3ubcz;tiUsukYXtiSKKQk9vFQ4hDP}fe`}a3Q-&cC;|x+T~}y%nm01f z8d5-L+8OJ$Co%FkoT!%G5sn7nga(KLG6pe4V?KKllmbWOfu`zE8|<_6kjKGyoqvwIvE4eAV5Ou09=eJlemLx9EO5Qd=g{zb^Wie&rZI-_~GREFeh+aLE1&!?=s{k6!Ura z63tnc(}aoD7GR2$OaL@m`&QdxcmP0=kUD|^7{ibu`6`E^J)9kEkI|8s)%s=Ag<*^% zG}uwwd?%GRM7w+*%jt6=T4Nb*eZ>GymwUt${s@4X`=mX!Z-7g_3(v9H7ox z#%d)a4z6J2qW~lf`C?84gQZCPqzqich%-SaBp;BtL zB+Ioma3K4EJi*a&(#3hO?N=y#X!+A0s-Xk4Vs(1 zeh_bGxL1zrc3$^*H0&Pa&BE67k_!~`)ul!Tg&Gb+wjzu;Q| z@mUuJGaPkc!l#7de@TtEOGnV}cEo?B?kk%e08SIZHYo{_;-~_85+b?OR3Q%>aWE!f zNUoKvA`0ul5lmKXtpHF_O#yKMjPduBB(Z)WUTtjXKPgHTF7r+3s@O*?eSxANCOG2R zo0tUV#}%R@tMWw7i2C~)a(|ls3NhnyG=~bl7)r6*@(GpX zJS9vB7JvVzq_2b{dJ6e;0J@!=%%orD3=w6VMWgvi(w*@95HdDU5?nRCX6}wiFn1aLm#Ehhl|nc|VTKE*a6HDoD@B2ngI0XPQTmC8W;g^v z%54> zAdWm;OG$luL4d_rL%~1wJc`vUCL;YL*@EnV+MEB&TkEG_5_(dCX zJ^`?nMEZ6O{22LUHbZKqLV+(JQ8>4uO1>nQ0-4Q{NJ^bbjf)B60_blc*u-P&r>EDG zS=(EBYE^f$a(V&_{avf-@tWP|5(KMrN@^2wo=qQ>O*Ax9H@uQE4j_jkAvG95Of6&a z=|`qE#A}GT(5u~G1cX#BimJWe14AT7Tk<3E2fM^^M^t!Cr~$1xkpQ`GH)8Acq8)1r z0u-YtK#?y6L25I9%hor-Jc2W9Y@4HyjEsTPe9B;U&kpwvjt{+AAhv_-eU7hcmMP_D zMP0Ow&JHqRY(40S$A^}Rt+AMUznyfg?NUms`bAw zR@#-7I!cy!cXDpY2d8SrhX3DNwX#bD}+_P&I|}jZX!l zsT%Pn6)JR#%x*Fm36ug9aSTHy8&j|fE$XTn6&V!dtgBV+(15wt`b>%95(zR1My{x& z-{w$X28OAqznGz43Jn@MolZz56V-=1^2CJAN94w0gx=1!*Y9+4hKEkUI#+rABM=pO zD&SKnH9wc_V)mVNHd6F9x?URmUnN?rxd|} z4ZyY@E+DiJ3Y9!G02|QvQOx&+p7}y-C(eep@cw=cxKeRaR!d3LBt{XKAx^O`t%yoC zzk)avKxGk|=AU{`y&JHZt!B0*_Y^oHS6aV1CmJKU3H@4SvJ;ISt2WJs`KuVCU&Z|X zDxpX-BXF0sGYUfZR)g*UU^P@ZRtjM;Z|OjbK@bY3kjP~B#qyTQ$h+4=fUZ!)6ByBeplCQBbD3N$B{w*ygKq7#kKh4{W)yfgn zL*n^Kba;j6+$<-xyR3n|5hG#3k!(-BbhVi?Z&kP$5yBa#Fz$|U1nHb{LXmefGg^|I zxKNr~D{(Z%IHVKA2S5;h!D_KGMmB-@p;$iD3$c$PB^TTWc53yggPly@(z^r1(*AFc zen=*Q3e|R<87^D^r8&}tNr1T*l1cux7IVuV43DU*sAYQlgS8o|LNy;HVb^@aGr=xg zbR+($DN}*7^|g%Hm`Z1uprT^>sa$J@I26pkqE`B;TuWKbD(dJDwKX_}XpAqd4*{a1 zx%@3(yj3%6(?Y7YWD|e3j3(3XRVXqG^_X6{)~-}!T2Sn{+$O=Mbkf2R+%j})Uc4>Q zui9B%Q@|P^{Uszm428y#ja6kclj4vS+WgW(cZ?^R#WS;MQZfTiyc@wmo_a!do|!Ur zdN;>2L=rwkK8b|5vGXJo&klvaAx}>vtCl7(v7zE9gA0x#%t3Zw#EJ3U0)IVtwXYRG zIj6_-;csF07*Y%mM%@z%{m@7RF-4N`@2eIDz?oeJm;yHjT@v$dNqUx|NhN>ns#)%a zc=QbT!CmTuKmQqA3w6LfxeJ)?Y|efQ-BikR-@_~D?s|Riao>9nX(~s&_faHvh7pc9 zg>xxQ$hwsfx(dP~=uStU?C;rjT-zqc0J=ebqR;upgd#B?M)WU~O=Z0rp9Q@iYMoIP zbs6GGoYJvUq<~}j!IY2g!R>9n!l|Vj*;UK_A(<9s1JT55nK@ms!KNFz->#qk%}L_t z9Cqy1EUT6`6LR<|SJwPZY3>d!!4HInUT$Z+)>a!`iW`HJ}U*go8~SfZkS0bd^p` zdAig1yCG)WMcn_w1ZPBM(G0rb)`UuX%qhiJI7Ab4$b1;8T|8C5R;O4t1zqK!&h)>Y zRpoQDr%L!`{3<{gCL)X2pII_eaMIf5YtA!4moJHIISFjXHr*G5u=H&~e9Mb)+uv0} zPzL~|6{f}|i7mvLh-@pa`IdV`_O_RP^>U zc2%!K%P8~1p5#ZE%AGTb@NWsyXP)2^%{_2fG@?Z$K+4NRo=?dWFgUX-eXW`?E^)@Y z2#`qI4n-Y5RlG=yBE~{Mg{J3D(GA$yb`*$H$QZzq-liy=soEQ^D_xqbeIWIAezE@H zcyD-qcy{sT@R!>S-QT?1<9wm3o@_>Y)4?!Af$p3u-sJuGD*UWfqesW5Cuiq-@6HFd z@4h-iRikF4jueFQb_CkbSIEBsibFD=p@@H7f|^|_5aS5t+z0?;ir5q!X_c6afwWQY z#j$ZUS0Yg6Mh;%z@yWw08ravsUkQ$Y=$|y$O07}+N%&Oydn!jgX@j(;wA9}r;#?iB zVrGtw^l1*$ae6T4?CBnFjy_d| zgdwUI+Yr^>>a0Ct`jH{ZzJ*cnt@6%YlP_QtsGsf`lBcscn(!&om!;L&}gqq5DEE6kchS^-9BdA5Q3{$ZZfYM|pkR^+NWZ29`JfKN$Z%sqx>QEy8$tx&*tCo+aib z({|p>;3n%RS`sjFla-?f6kTCTBI!|mB_?_#9RsG2n=4I;zF5GMDDSYui4esoh!6_Q zYRKHP6~oc@dI4mz7z#StDdsS1_b1crK${lTJ~cc%`|0rP;%~=qFKqTKgi*b!wUd(b zUGKZT)28n6-rp|He>gkbI~W!~Y%8zVY6$!Lhr?k*<=uw5R_ljsi@YJkO9*HR_|Wpa2X7Y zf|dtm-sXW-k8t}AW{!e2qggq;$_QmODUd9@TnsJmf}26tY^LI-mer!V)>pWRBc6nY z1K_+5M*hIM3)GeO{LhpdxF>WNaC_@o1uW)hHEi6v^cw3{mnz@X(WhzZ5%jHhU)^za z+X4_evB4b3*I7q0?R`|zj+y@2c{hG#FiASL5 z^4}JiRmngzZmR}Qh8Rno0)ch|JjPMNQ66hk(bF|N?Juayf{)<0gk;;G+Li_@Pl(#- zKK)!QA*D7>Lk*mY87QxrLSJjQBBx=1O6*l_QVlf{8ZP9=#X2RnT(^gm8e@fOads26 zp;~GquiXfYL-op(W&pIIwFYKKQ5*_+hm`nr_Ql{-_Pw<_RXQCz8k_U9LYy1VL>xFJ zlb@s97=V6nr`G{sV*Sk#o#9COLw!%7k4_QA zB*;9NdwMiqr5F7kmF~w4Ipk=ZghOT5H&Ge%Szp01OIffO;_4LQSDHk7Oo&Fm%8`@r z#!Mcu{AxT6ezm78!NIS}I+4W!k@s1l3Ox{Dro0rC?LOCb)$KkD`$zg@2{XXqB)wTL z@0Rjm!NJTvpgNx-%Oal|Cm==oU|3!uQaFvJlT_r-%>hG*uTW$nItYe|<*%5Mk-A)< zzn_X1b*|^JiVULeGjw5$yH|bf^w^yu7;+Wp1xJ`;7#^Sy&eKU&KI&tL!-OKiv)Pn{ zl0+)K+ILlhc|y@;St8kw4WuKlcA&fRR5RfE~3h*iKtlkXGC69ZOU>7D6>RLooQ6VvbHC-wsEx-RpgiJLc?7UP3j; z&-#>xll&Q=GGdo6ps6T`C+CNDG%-Ah2u1p&TCYD9XiGAj8N5Uwi7TNgEM8?_{x%Cu ztg4RQ|MsCjMME7|A%FMQ7oSd*!!4E4xO}5VUSA_L`&N|9Mu?t_Q$ebqUJ$Y4q{zd@ z%#8{tKPoU(UQb{@yQnMKpLQXCRCbF3&+S()tvcG*&2gQoYL4>=Tu-q-HSCmuU>?C4 z_LXa~5MRyNuY#9E#*ux~I*H#BI-G7QO2Y6Fh)Ah9>GuI}+9Szs9|3<#NE(yDob0Eq zBkBRLIf=IciNM~^L(vNu1&{_n$JmmPzJGK0NPGr=20|hka_C=f>Cft)s@}U!N~lBQ zYmhA}Q$xy>o<)N&j>EYuEn~q5+za$pIC2H4pN48nT|Gj9ge>=u^ssu2L!_Pjvp9L? zV>C_&Z$ijKlvF6D#C6SFwv+$mUS%)-l~Cl4LNe-Pva;1;ZrP4<3&jpIm@ep=H7iF- zA6~)CibyD!LK^raFvsfoCX69Jl^)S=3tgtAFz;Aha581!`PZ&1@7e0Zf>gf5Bm%Dc zaih&;2RHk^M%#)$>OI4qiBtdAVceNHVZ~zXat+b|yQ# zmt|G#UpaXeX7vp+G5I)}m8wT2Dj82JEf%Wt*!IR(WuH`@EY2P=sFGn%lHctRq_~0qRr_ zlJ&aV1w$PNNCtvLFpz8ZTF6F#aSAz_%(c*Ogs)UXNeNrA!j!&ihrE6j6$eFN@(NAi z6(;m0B}o*Vkr9rbcXJ<#wItf<*BDVBMI27hYl_e?hCX`U%@-**YdZOITeOw_T0E5h zjw`p@eNCu}!;o9In^Jz=dXxr%k~&|?5QX5KMggsz$7R-hX`p2nMPq_a)0XQ%KJVtr z*Gxu!E^?gYc~|W@_O_Wn)F^FA+xNIBwccJ_?I~DXAnE%$-kD!8J|&F3QxO`6dJ#7- zofJ-feN+Q#TtgN{>FR00(Jb~N=DT|7<=}@X!YJZz@eFgZT64eaD$Q^-j3Gro#?t?i z9?H9}gbDz)-`ekm7RfKO^F7ykOCFj!Wi^2GuX-3daM4`4y1a1yMIyu;WrTX+NL~6- z6O4xq_ET)IQWO--JCL!NluaY2C#6G{58{&-5uYzZX3fl2vJ`jB+#b4670s>E%}V+&&+ZiYm&zjia;GP#GW%UDs}JFif|ndI6@^6r?LY5kUy60K z_3EVzX7;>mepZf_0#_a`P_aIzNbnd>yHboo;$Nn#RR%WhHt%zlTUr~Ri`I&1UP~|P zrr*o2shOccy?fY6|IK&OPrE4^^I~yEO7H7HmM57aPUjh85I>qKgZ73JMf2L|;Z6KF zAK<;}(6$Z2`K9DuZ5!mvA8I#vyC+45oaJ$-MxbTubxL~LaIGwnm9XjL4=)$VeGzdm zgEzo1GkN6DxB)&0P{k2hnU}02&3s~MiNY1eJ*_HR$N&|a7$yFtx^}*N8(Cf1hy|)N$dFH$hp)XmpLb>T zYRsikldX!os%>Gf!QEYxT1Ih7k1mTk)85ZRFx&w@?JTV>$@=Cn@`a;ilUq+qnl7s|s9ub!(x%U_rgB%3y(Nr!^Eho*Qk`)7;BO`T28*#knqiPHW%2 zP{m!9@4GAApGw(YRSj7}HZ4#6Cy*uYvN~5cDXy$KEye2ouxeEE#Y?L>c+G}8KkYOL zoGqAOg_zHH=4UPYoqr{}RVbAMVg!Cm{A`qITZpMOBBW_4Cx$MNZ(E71O+qV06EiUC zPt8pxrGY4mcq>S4&4O4?3T`3TX4I9>2UXF}d;!@&x^ArZZRbg~dO2f5dH-{W19TYq zbRG*ZZ_xaxYOI@zXBah>S{grjA6?ID1wQHLT>IJErQ6#V=#pa+R9Fe0=f3A!v|cZ> zRH`-Eik53sUQUx%`f!u&^Ulh4)ACFhI;Du=Nra<`9I@ORIehstMF`@(%=&zI6Ju%| zswJrEPZDNLt(tk4dhTmVB7PuKLTZ*!;$0QRGAgM2x*YvwAl{()Da5pL8CH~1ytJ~m zjaXKGRlH7BM(j7JY9Fa8Ry97>*X8g~R;MAJL@4-?hG!-!Ss9g@k{LF21y(`m6!Phi z&qJis6W5_rC|5+L_<1oZRT@V-51#ZY6F}XXPO-MC+Bt$h5rTNqzH4E7D zZd$!Oi87dSSyia`Q0P{Tl2B2xJRd$Oe(X?vn&*+yE<(~<_1R#016S(aK*ZB1Fr0;{%nRTAP-_%34*TOQyF2fZ!N zAXQ_vCNJyW#wD6R0_!T|80tsuJwjP9cWJ5Le2M8Z93g-H^W#r`cw8b*v->pB-co$B zgeg?+g{=il0a7d$&#EXFqz$O15o4TQwhd+bPMauMv6t02Q~2#X;nG;+%MVhns^VKY zU?t|8gdCqjsu$H#ZRP7KR-6Y{*;))KKMZBK)V3_Y&}IQb)^ZW_J*a$X%S)+!OG%>g z&Dt7xO(OkEbzY(^9r8y8vX_A^3^WzC5(Jns9ft-|1Q;C4fLan20Ojrh z)YOG27eGgb1NX|^GMBQe?|G|?3xNtoJSEp)1|t)ut9~drQ89}=u&J}afES>@l{K!j zf}H-e&(x_<8Y1afz}NAKxIZ3J#c&L$|ULWmG3^6h`K~< z?U@F+EI2j60$>KQNnl?Jc{_+1%vxO)=~(_};JnUWL*-!qEWyJjEfB zVc{Z#0>H0{7=9JHQ-&0hFW94udQN}JLep@r;+W|0b20~!A$ZBG~iKa5j zjAS?@8p>2wGUB7xu~0+`cA8`^7dlRttB6ie5oyzn_*^TLZ&1(+vdv6o&y& z2b*Hqknys)cT>oL35UCELQ^}Mn4Iw}!sRFnaN7`qOp}4i&E1X_TJe&O#y}D8yVpYi zSsHu;1!l@sUb8GMAWYNfiYh8Rx?047jF^R^^!|{vt5AR+NFOE)SazUWdRq4M}Fk_j% zRLq4vO(w>0`q4~BkuDl$aGF9}a>`XDAI8wfd~Slwskf5IPGTLe^zZ*{O&t{>v~mvd z7DN7diXu%v-|wFSWx8aA*mXdK{@BbiXv&F^DQaShS(b~7MB&`<%F>mZh09;Z=hB(G zU<8WU_jLNwKrk^FT*1hf!MEas>%5iH%Ct#Q96}$NcN|50OH>iRrAEZ;CMgp%>0{g=Jch3&@4vr7KS+G_y{EFc1^nE73Y5GkE6#i(v z1K>mM7XZK!6YLCtqc5djXc^skR4N%$@*es80tce}^X%u#%EHoN<>C^}b%p;BPjg98 z%oWe8!|#vYfzz|2pZ3lV!JEThIP)fY6!aj7X{(22b*r*tFyYgSgkn+3kb?%y^o0^h7o(e1AIZv`AqE>Tnj zq^f8zFvd)Rl11xKF(UNE&2H~67e1o=BB7xT^!oa`2vMVU)$fW5tbR0>0ZPe;@a|RL z6OWUFn5K@=%G^MwP83|zh|+mzhU=O$ojemz@e0#yw~8MDosdU7+2P8dDDb%xKjo;S>MQK3!?AhOGePOd$5Rme*F*p3nB;}mKKYJ)&teaa8RV)WJV)u3Wj>>j~u zmg}yamMraRaSF}$lk>YBfL$ZxHo3nJvNEZQs`V~&A~i3ooiD9Oud+zyJ((Y;YA476 z*y$N$t9%v*rEjU*VEI$#%9oGbU2?3;V^-<#wju$gqFxpe{1{#$z!HkUa0mQqrcQ;R z{#DV&uSzHT8VnIi_qTxf%!Aj=gEROq63OMQl0b)Dp+qs>ozO0YQGmQD*O4zJ;STO& zg~Ds*)R0@Apv}4e;J(*$`A9xTYZhCw-Zm{&`;dJAoV}likKG@R_x9c44}06YPaI2c z+6w|K0KgDfCxbd4EK%|a+bM?1%Zln0}5a6+i)@(k>L4EO-z~B`O1zV$Ol-pq%oSgue<}*Dy z1^Y(_XX>CiRk5^XVjy$D8c0KuP#>Mif&=jPjegHl|J&{EY;QaQ@w)^2h>hB!i{CS?hexzqDJpfs>(f}@)>Sy3HcFE&2p(0Y`^NvmcJol;24`~%RW zYPdBh{wz&tDz%;#=#4I#CBW4mOvVA(7#Qi+KukyoHl>c5mf#eQ$Jhrl?zu6W%(8h) z!y3!VmI|@9rqlhUKVhhNrYJc`KUPKA|0}$LfGG7&S_f4=VPmv;FFwbVNPlaiu$Qy2 zXTh6CHUu$qW@I!H9yry>2gStOSqcTH_i5TcGukQ%yi6(8kR+g-BLIQ`DHCJ>j-m+_ z_>+;4+og&0EX{>sR!payAfrM-#0pdzh}_~UQzC^kO*+-Yqq=mNnle00x*DYChfwUz zlD@6Nir!73eASqeo4Gqm#$!aKRN|2F*lAfg7v{`m5sqWTi>jYLO`=N_TyP2_Hb(RU zMLv-cRY~;B@WRmUwydW!0V{LQ2!R=l5*UVQ+Gn#m#Q3oo`pC0tyLu>dh`71!Bal** zr!APdf-F;PfmEAaW9Q@{%M#OPc86@%0cK{-Rg77k3nO7jEKdItQ7}eQ(tBiHXxd5x zb&NwevABQ^+Me#>YiruX9T-<~2wT~1u_@3(*2{_b@9^iSJ= z`SyTZM}p5NK9I+-l=H{0r=U zZ4K;8YZNva3NQr}F}WA3OfG5zGRfIxyz+oV2#B@?2;D@Dz$K)8T|#dsh0NYr7xji` zP!>2o(g$laiF5+$d^*@1q-yvIuMmz=*=L85F?R$@aHfz3&NCnn*X3D-^3pX&?+io)z=&hlw3=IeX^vJ-ViJwfcjZ4c ze=Uk15B&AtfWNMR!kEby_K>ZCRxDZQa}e`V_8(jRyM~y*CRCdshAJ0bbvDc#%TV4f zc!rdbL#M%1XS<^Whg@m{h^f4lvdnwIFGPDfg(8>r&6>qR->Tn9gkVgB(9bg=T!kao z*$%CpM8C0#`%_9TaDeO0ny}?9;%l*nLZ)tzHJT{CoUdd6bZc@2ao#GEcFR90YPH3wXId2YUD#pLo z!gAgREiDnpFoFV^Z_nQjzuiY-#i==3Ghfc%4(<1y%;sXy^h75xv&|%rfHZLc9pgb| zg!8#^DzX5Ay@XGR?Cs|M-j-Z?3{O;l#fbS<$|&{1lx~hvi?#(Omq{P8r@MnhW`6tr4w3r(@gT7~*Qi_xIkQIm5o~Zj{W<6q<+n8@(i!PZdtjsj*ptV{ z*fDRl{3Rqe`Nqg?#Y+9{?@G0{cSSXU;X7&jlV&@CPBCxlC60mtI6!eo<}(!Wj!`I# z%`hj(myHd1!M2yBWqzDxWqv9r{T-2%0_Acs_j<08T2^svZYgsDCWr$(li4WYq^oZT zc7S>}&{FXPGcLNXWqalZ#J@yTGfPa2;7%Cka-5X&mh4te5r`?#k`0HNCB#V>o{|vz z^8q*-za#uqP;4YkeQV&9V#VlWdQGKoSWe$K0zo>QVpGmM`9_8aDKlDl>p*1x2Hv zW~@~ZYEDtu-ks?;nS!xaMW_YMWagw;GNVu^th6N0cz`IiMcfcwp>P1MA&o@c8N_03 zj*Y2#4ID!p=~2rkkP+Lg5tUaWlV=huC7u zB0o%mMIQfy8b@x~r<=-#R1a^9gQzC&3Pqfy9nmypxm^I67XO(ALdbP#1%tGn2*iCg z5#1S{DX#%$(9jI?Li%UOth`#v=@OqK?y4a+rLQ2xGR5)56td~X4BlMG`>7c=r83G# zM-_XL7E)7nAnIs}(hUm1AZtNh5)5_JGLn#C7_ zpIykyrFtxPd$W8oL2ws(4+VX%Uo{GKn1*C>A;fUV6_W*EV_jY6ynsPKfeXyfgdqz4 zzAi@NLSDN3CvevF_Td2Ie7~{IIOGWf>#Er~M@$SO2hO_0Q=Y>jYSqvm1pEs)K@oRM z*&Bh{HKYLw#9z)v1=bwPi$@zc1}{Jk^|S$r`3vw5$L`8MEDU6K1CxG{V>?YC=x(8WFidak{hSZlL z&T0AFZ>yA?Db=_=cXr!9?pfcnDf~w^S4wnQY5&Wl9-!wr<3>>+7KYg=vXkXC?#CAq zi4!(0e7Qs@h9SN}>52wVcGGH;f8p3JZ5X%3vW1-C1>J9?R&O}IP&l(~#+FeE8?5TE zRQijXD`TM$Q#kQS$b=eu)mQ)Z%)i_E-<@Y^1zQzcVqh5yyF6qxID9+k&z@O5Mv^6|jm5|DR4~hI4hr(j+M1Cn{Ic|s7dI+L-j*_c z5VMfo1FI8Gs;UUopIPnXM7?Duy}nshydV{o+HI5Buem$R4}c{!Ez|eqx?U#_F7CA@ zqk#X~{Ez2CH+<=RyY&yRwfNXx(6o?H(Sl4*jOUE>Ny+73)&r!KGzJ_`fN~2Fn1JJe zj{rx3*b90Br&3=$P=G3i!7UApn++ZwgU#}$Dwz&=0X8>ge4CQ5K z<>;JAtl9aa)@XGRYcG)3tX&3AM$2#Z& zsvY_5ff74nOu*MK#8lWLlfl`%>VLf2-s*08-)w;#R2bu~GE{UWnC^PNyS@!Z6v4~l zsI_sG(o&p|rKO-CMY!IxPAUrNA@5pvR*2BxFTGxsW~Jq50JLsbEaMY$iP43OmIc6n zee<7P?;Fsq)X{7ju3JNjdbFz6?cQ0fE2wl9VwK#;_%SmUlJPhsFt8Sqk@1sQUGq+#6(8Faf+Ld+vlj6Qg;O%2vH0u)2w4$X-U z46oswJRl6N@umJxI``d!qr+AG-Uk;h!2wx^6^ho-BJn0`Unk;wGWNi)TsAfQD<=6)}7F5|4$wE8_GRb7g5Y{ zga)AS$op8W={N2rnh*4!^2ENQ%#H;Q<~MeY{P18r7ONp;!H`ik#G)A{g?i?il76h6gBw+0|J^5o3tMgrf5) zMQln!d9tUNnGzz?;=8Ir8IC-CsmroNitjd%jyzY?z4{&Zfhh;3Pu7E-x-LBFRUx}u z)31ymhr_q2SHTqWbnzMIjBI0xNg!7S4{e`;@{I`l7J)tnI)<@4%2W(oPgmQo4+q zT4%~tkJ-3*WnxfHtpOV22nCO%6RWx3Vy?BMt&h-{Pz01mYdTXSlB8a^dFNH_11$+v z-mT99be%+6Dq!j^tqv};rtkKs@Mq;-n#i2;=(-Aj9or#0+6K?xg;)Y);~BA%E@tJQTfvQ2=QGw9QdM`u@$~Bbg!Q&)_6R(U3#` z(%c}`vsTf2*C~08EI5qc-tCpn)%)7xx8XRxs+w{X?o_*VR(MC|T@u&8YaF5xg1qd} z(9vASctgmecv&=mLXTO=X;dC(gCh-xf@_)IeXB59eOT zw3zdQG3&kTMsJE2Jx?;15=Z--pb#>Sea|OdQGs<$RmEGbOelb--e0_J?b{%b{*i_Q z;Fw>7-QMHJa_~8#GaSkB_?|)^sni~F1FG5YZ;+qev$x#vfxPU-rq&PFw|;!IRJFCQ zy9uM+5stbjx&k9HsxGn$_z4Yx>xvx+^tYdSJ+J5W2fMu|Pil6io%-FZU%6@3?#6X8 z!e{AsN~zMRm?S(-_~+^I60T$YUa!J;Y_aoLZM9C;@n2@4IkyVQWP+oKr(JMxG$yHJ z<4NziWy9@BGp)7O7A!>oeoIh-Jf^PG|5wMJArD7!Vr~GqTFq8|QPl#O4C}(s1tQ}C zSpTs9_GEZCkSxI%0z}8G>(9Vlsej*i85U!V!oUJ)>u$? zfT0*td2id?IZeY*<|@h9Baw-g`lxjCx)g0KBoh}#Fr0JjGdHGWhWHdE`S@#vi#^Jn zT{>2GvW{2|ZXd;7wHHWZI*K^eL02F+CBX($$GYl-MmmfwMmz7-9uS{(eG>U7=B%sd zm${LO3XY>m7Y2c=8+JKyV-mQC`>t%$y~cbh|8!x9Aw#Sqe(b5g<<7e%=n%)!r%v-> zy@riLeYVtH;EW0Jq{o6|y&OSmy)@u@UfE$w z9}Yc!!|&ckuh;86dHnb*9igW1Z-2Mf-~FopxZiua{bYB0=jm6y{_d0Q{#T%PA01ru zBtl31s(0tMikH@e#b9uvr3kBBPGqIHdWbD8-j{sgdG%xNtG8*_Nd-SlF>y7gE5K2w*GPEkWj)1vS z5ddk$T>|(zKsPa=931Zr&kxTo-W>k&VttduC}J!GRFI=PMK@q)duw^j*8%dU1gw9^ zfZwh#2-Uzp*&~3TLZ&V&Wj2+R6gg4n4R%oBYU;{$eB<+Az86YsGRIdaoU41!&DW4* zH=yj9uT){x0av_{A2Z-hz0G*ii}eq~!~L_v^NV+T$A`M(3o-wMPsciYw!N_%c=LOL zqdaG>VY8;7bGYDfz6=i)_}!g@mU*b|_lrf{ZcVtK?D>2=^sgsJ@9vL-7I>%uem@-a z-<*dU>ax1M@!2r{gijqODzc)OFg~G({TAAej-7+O^SxJl!^1)6oT$5rK2Nicj37hl zef>u=7)LI6en(U3!K;hYz2WfZle2>t>zn4n=mc@#x@jmZX|Fg_ho#=T^zH2}$XC&u zNUNGIQPD8?RJ_6CtCy#;a2FND?+Un>9 zV)ZLOxWmKqA5RCJz6ZWn;URJi^5|3w-9MhamB$|?hf3p~;netj$-6bmsYws;yOV>% zi_?>{^HqkoFcK_Az9*ovzxV#>MH-h|$Jl>ZW9AZtY2N8&tBC2*X#r0a7IPJBF-J3r zsJfWoY5xZ#-{~K>j>14pnshMecGoo?gY|Uiy6I#{KeybB*d8k_W<}`f18~G;-Wv`t zg&;IW*J%I%6GSEF2ooox5c`5S)FsW-G2?5An7Q43oo1`iS26VIy9w_)nx|n*Hge16 z$_MWC(sQ?A&E4?u?5Cssis_TE+f3fFt>9{Q$M=U`sY@ z`UAe}eb*Z(2OE1Nv$GUYAR9}~^tL^De3)Z(IMUfTD7j|J9mphVvhw5>4$`D~IAMq? znFt0mEKe&9PadRy+5EFgRMyEoJiTWKEO)&8nVl-J$+lz|24h;0w&E;%jNWu~YONXK zQxb^s6ou#tMk;=cK25Q2Rg);3e=Ts7A(qTJtw}kOMf{ZEAFeRWq4whuAQYS(4$r~f z>5&JH#!|O30Y)zoiq&bqfeXw1(m@*1R7wiLnC84(nD~W( zNY2h*cYoOX_DG$>N)y|+FbcjMBGFqhkuyRO2oQ%jWL}BP)xB#%s}EOHkRZ>*c=F!Q zZc=%ws)7vLS6TY@w)5BHzvWMz2S#d(2nU;W`&0GRVT+AP<6427ln(|FO-dI?Ng-qw zC){K+dhe5nkx+*=v%+6Fi`sjU$M5T}zZRot2DC;>G8@{_>7Yq%ZXEI3TO)#=o*f#SW|Wc zb|)%fNk9Ob0@nwQ-17e6tbZuejMRjeBY=N6;N?pTP3Jylw-VjbTmYUxVZSfLHa~HV zm^hXA}K`8#IX2N zGyvapC5z~O(>c6}O`LSOM`~k$^mz6U&|`DWL9ogNGfLDzN{_1PE&;x&XBp% z2R;H$lgI~8cI2OUHcZB2d;=Ue17_~>Dm2dv5xG^;rA6rF*}q$6-#M(z_n6{{kAd?i zX2O#@cj$(>94>yW%OM`T$csoRobA6<;b5bo0NCTZ%urSjs};ht-Kfg_XXPPP&3)++ zHCWvDfEJgN@-#Q9%;KR<%{CRQs%+Z1r^S`VW;9I+Ib;rgOJIn{7zF^vvFwi5`57tb zvOE`U2u{Jk2>CE!2rx23w%J3Xsr&%tB_QdYX@VzX1~&Eei-UJVlRTTn$lvmWcBwBu zDIlq?Dp`|yhYNQ(q|rqnud!V;+?l*pLCEG~iI{5(tWLeHIj4nZIv|>ca|C& z1f2f`+g(xfGS*3*XH;i`TR7J&mu~)D-F)YZc{=2_Dws~nW{Xf1TXi7ynPYKqQ{ayN z!)XOz(db#LMabPI{3B$!%e|_U3>2_<)yTq5Elt=2tNu0toj;n}{J{Cv0nUZ9f++sI zi8MYOzRg9FUx@YuMXt(wo~9v2R5U99>u7-TR+ntR zlR!U$(UZq0@_{ZQ9qrO0Z_qqfqCBBP8RrFTPC1Xe@`!OudIJUWMy)zBJAXSgH@3R^ zCUCHL!Rr7rRXe_l9A;+#@N&5i%Czn1B=`#%qb}HH-#tT&gjWa{cT*LjV^P0!>B^2x zLNbD3>c3jtrD{GKSB)lD*e1!R1aD!FvwIBf`ka<;>U9RRrr+fPO+Bv%*IcUgd}q$p z%guaNuLTWQjWkn3MZp$y(Ez?(X?q838BlRa5?gwhD{8hPyTwD@RJ0W-wjAz-?R<&> zmp9{2lQ1+XTHB3wv0Bqmmzub}?G)dsGt+#i&4%g#xcZi{iI-VCBP`6zsyM9H_`*?F zAyAHT$wpqGiE$}fEX>u_Z<>etMr#OvafK%GZ{OT`;fn8j3xluV5D%~nWqbjx?AKgrgK`NANJ5n_bv@G6s z%ycZ76&GWv_TteiH`q9Y^~D#DX2K?0`r`6h{HN0iKLgtv<*%XUOCyx61U>GA6gvJ8cwGB?L@8BqcD8#M}Xn zscNB;#p_uKo~dj>Leg#^4QDLSZyxR3WpPC3w#8e3^~Qo#HLRRfF?QQkrAX4f25>1NRDixV=9lz(1a8Jnju- z*XoDtg0^UyPRy?EyAxfVic|E(CcZE2{`SBAsrCQNVnn%Vuqt^gXZbdo{XcuX{!Tyd z|GC}oKiPfo|NIzsQddcXKywZ45Rg`xB8oYjXtTCC z(jIER4P8h(_Y6uG;zR+{_p~dX?20VBnaTG5=TGc~^f{;<@Pr|n^8_vz!EuWT+p0Xp z&j0zPiTdGb{nYb+>w|I+aMktT<@bO^^52uEMgG6t@9#YD|IhI(_6HFQy1(Y9)X)$;H2+4Tc)+SdlsDm0kH7i@UD- zNfd{5vzpEIj|!&YEEWp{7{_KAjdiqOU{x})^i;+5%J3^Xs9u@Pte5!ANAO!hcqPAC zFWyy3OEzd9Vt_7Xh-a;ENc)^EG&G%&e`&IOcs|q9ivOGVyDRPhi}=6b`33&}r2qJV z|9_6h@|enJ<}h=v?fz^l|G6B(dFzuJic%8%-CFWzM^Uw`qK^Q_wd6W{75xW#rTQ0&O4aNbp${)n%G^I7#??Pb>aE@zn{M3ZcuE zwE-^T|NY0kqW$mbL;SDL^DJTin-DSykzDHmjG==NBm@V z#)%*QZugeF=s)q*DY0Iz-g_p-r@f_d;Y6!*p#}@&hlh}ozmumG|2KJrsf(jAxo`VV zZ})N0{=2=i{b2w3EKkvpd!HONPd2|tzG}K&SOA)#c1+A;i>Ia~kD@VAsC?-uZhTs; ze;xdOm9yWk+MNGvZ|&E_oqAswOntk(N&)^-5>u=7Kf@E16T)Ra#qqKRz=ir>uW0|<>FqwO|IhL?C}`=d z+v?Y+JO?h3+3#6oP@O>@o0{{N*EmGX`yO%NjK!bbtcX)krA&29q90H=J2F!D0#L=` z4Pb{VQ^rE>9>m>a#39&!FcmLo1sJ1lmhD9~bf;kyAd*PZOo(VS*1iW-UI7(LA5Wh?!F;ftZPftOGLXsJ&I^KcY0s z6+WyeTM1YHP#ra2+H`U|=cQnQw-G@WaC8UQuIt(k5np{~t3qzVcVR{=10( zKk4;~_dj}1ALRef^L%Jb|8AcO$cO<>G-fi@``X%CG25bG_tpBrsR6@P%%i)z0=V(j z?@>7r1#r+7PphW@DEop~iC1b2)t=IrlGL8QXv|cshLczb^_pGUZq(X_$+FM&P#u$y|>r($U?> zmZkEYfHi~MpT4z5ePy<={DdtST0w#p%zXs?%cOKX^eNc8YUzImgSY$oz~cV^EdG_8 z(0?B$pAy&uoB!Rh`8;#DcSiqUy?uDv>i;A_ZXAq0P5iI^_HNPs+wVPn(EmTn(;!;N z>S21%g*zLdcKEC^Y1cu_=EHAMkhKs8fpOaeSf2X z*Sk|>n}I~)-3mjlGi9=7POD4pYlXD~KoSR#qamk|qlrvl<~CUjB$Rv|@DW6&U+t8l zf154JK+~97R4<+|hx96FuSCsv>2FKwUPZ2Gp}PZ6aa(ZNweejMT55BWa}Y&@Lv7s3 z1{wL6ESYtS7ndcfCJ4Ifo6fedg&{)|Sy3#NP@=AqGULakDKnk2uAIVm_C4FAv>d#&I+`wcln9 zo23&dVa z_6<4gye+VJYFaY#0;68mhh&UHq<0r*=}kmb9?H5Y6BB&x7Lo5Ju`cy+uDlto(7A%NfGZ+OKIlEwkO*ibHu5bT* znf?uco%W>7?cN0gD8}RfQ^}y7S)yKgXi`2w%&!J7Et^qWzh`&%%1V4@_c=`^((3Rf zOFUBAHpQc6U7s1X~P2L29bB8;smIE&p#vVL>#AP!uY z#W+9|xNbyTsb0Bu(l2)i+;gx48ge3=bn;?{7<9W$lCK^D%Pujf=_|V7h(<6xB~-|J zU9kP~&wcO_Oel)M#(x6v!}FW|*=6Jw8v%3;}!x%Pv66aL*jUr>% zSi~4M8W(kUgrn|~D_drMQ#eU2d&P`zxe>lgmbd$Y(^bAFgw=G=6qg+mGdrE3?jt#w-LYAnB|t;C97qZQ1P9Fq7NEosF~s*&u7SNbXwIsKnISH>XH^pH?*UoX1tEa}7*jF>#z5*kt7lYo zSomquNRt;bA3>^!&|A@JRW`}xF{x42XOMA3#hNOp=H(BS)hzt$05o?|vdyfqJEqCJ zH}082EK#-_f%Ol2XXi(+_x8_E&VIQ#-W#4Do?W~-{N)zByc;#Eamdp%imvRvN$r5u z?OUiy8|!OIW`mrNpsc`e(EJRI^Ixp9&N^ABVnz$+FY38O^MRgH_Y%#Ui1V|k+7;T2 zB#-;jnaV3{@g`Vl3`}dOi@rw*6XT;8=U`;w{)#tpH%js5Fp`+jrIOTW2D* zM`aP}*4A2ypY^?I=dDn78x%0bpfmsGQxaG%&iPQX?dy5$633?$#gL+O6>L>#$+0S9 z0@r8$;@XM$E?V=7hLo2%j^Izpbp+hA+O1xhtLwBSWu308yI>G)UYjCSYgy0P)_b4Z zh!Zs(NiFDS@wghaVsOh2UY*sa@f^SwcS;tC+(AHP$r8a!%5)4}RmaI)0mP9vW+cxY?TffjR{sIDBLyUCmwjP8{u zE@K5uB9224`M~`baIe93l{<->^~RnStB?AS)r*w@3HXBiq)52vVN98GRBMbJFN2p}CYG4Et#3d~rMPu@6E)j9S zW{4RFUaqjSWv|csuzNS`m(mP;O7RsA(F7ebABM7{=KfdHqLEg%5p2D7T1`Ssk+d7{ zs|G98{3MEmlCKr(VhxRI!PHrM+*seVS7o#=qNJmL2^RUn>5`at-;XJo*uFen7{_9) zs+HSy3qsipqtt7IqG?TvvS&$@eaXSL4PIH?u3Ssj`{tU(FkMwpie(l;OrvzwKuf>h zi#Z@96B~}8*hTF&Eo2zS-j#AgR_b#dLK$UoJVPYmnZpZs30`h;w2Db^(w(Akmc^g* zLNeKsClD>Sf(pOd1rm{E!mw1SoL*Ge>)R#Z$k>G9v%@z>rx!o(9i3miJ~_KM{M-5A z*}J{B7YDD3hLHhqI89KE7*e%E6*GjW%n}XxCi0m5_4UQ@hrP4IgNuW`^SxJl!^4Xo zhXT9f!&Qwo1#Vc4V97RYc^*KOu3tNLMTA#Po>IbHrvj=~F>dRd zEEc_|=CgRXjZLS;O3gMMyR->4VoR@1=YITeKauyXby_3}# zY&w!KPsWG(n|#YY;)qwu#d*%6Jb^!asKB!RghemA%FLfDINYuaT||an=7gd;Tx#X> z+OFxyO|^ZvEB*?;=z+nm z^`#$;SxPXr0d~c?Z_`|He)E2Y4Sd7Sb>AS>+gIFfa%Ye^7HmPj7!kr5r!ejo^66J{ zQvgzvV6?er5xGvsu0d`Q}^POY~ue zq%b3Ws9B7BJjVVi9g`wcBiaC<8{~s7ia4Fe1V`M>`O!?r*-@jvaP47R|Aq=>;Kq#N=Fa|sv z$b7m3nFZwb#SdjF@vD;>9}Yb##;+V;;dgoX(KPRW%yW-rd+eKZ#>ES|>8u&lTvfEL zJ6RW&Fhtpym;~&s{)S|Aj`pS{lBHQ+Vh(cS6DIObt_D=(fHk99=u6(?yW+BBRo#_t zOE!;?)p(&&6JuXS_rek5FbolOaWp2&4ZEn(%>$?>|B7<0sO*cMyVnfhJ-b{tX(;Nf z>y(mFCA+r2+x88izkQDiR{pq&l5;J^rQ<6ARCJxjL(MDz&qt8NaoMOEucq_j2n)V> zfI>K56n-+-kBW+U$Z@NXmie)%if5^wF~ng)(fO1jHYH)u4q&lX9%lYJK|6@0D+nv< z#}vT;M~Jan`pcKN8wD0x`yJC@p(po5g~joyr^A*sQvg^`HA_%-0cJC8vqXkkSsH4w z-s%({;w#ih;JE^KqwjoMzhm;wcjTU^yD&O;Chk1Ed!g+-$a^B~JkX^mTY98q=AN2B z-wSSqH@n@0WHQnBbyacOyaqnXWDd|rz`1aM<2v>mPrbP>uc&q4C}i>uQL9D|WmC}A zzSUh0ap;C*qVEE(7cb$d&f0P4?i9Udz0x9RDjQ@bh-&BWYCu)kSIOR0pDX3pO3RL( z|Ffm8kegHMN|7FN7~%-NEfUrO_piEY|Mv8_DB!?Sl-T8D=0pC!m>>&;usmTlTU*9B zL?Z+%3`P~_3TfdQ_fMy)tn$pHC?*VR@4rEPIequIb#&Z9^=b!DNGCZWaopU&s^cE! zehNv)jK>Sxd1?9JJk4ZkkZ&|zbrVLr(%#)Q<ZzQZCloc2ufb zG$7Swm{{zuD*iLniK((tu-^_AkfVpSMS`SOWm_W(CxYg|y~qNBQuQ zU@zi$Pq(7aco-RTrwRu{goSE3M_7u+h*A_BBos%Jp+7}I65?obG>J(1`tSz%iFAO^ zNsreEPo{hT`n_I3_XtcF)kJC?`h-e_?OX|O6SQuJGbS0u$xK~s$s z)ksfwp{Av1>AooG?sQZ|Ma!^zPC`VBdAO{XOL9~rW3htU`{#}NSBx&Fj@E2?VQE;} zT;8n3japFzE8-b1=v#H=*4jbqbM!^0=;iTfdCsl+^eO}Uw^>*fE4DDa_XW1>X;9Hv zTfb6kaEeVVqq5zbOF*+jz{*p$2oEh#)&$;Oaw6~6*u74#8OBxS_S1MBwDCDuYML88 z2Nq9UQ}sLh4y-n5WfzR5Icpf27LgX~gIuJ3F7`Yu?YCZrU+T*OPl)@$qZ0V?UOo$b ze44Rcq9r{{Z5O3B$*yF!Z7?q0&)_TAD{Lic^A%XzO{#J;7~ePfmH^+`C-T9o_f9^& zag}eoJ;lDPx5PZJo9i`heC4-sDz0T<&7P*82y@knz`aw8;5|F?wsGUV|K57`JbmGj z_bNxeg&=hgc`gcFugG!HTG89gqBFREVotriwUDW83piFTF=uOu?yaOzw7P6_k5_G$ zB$&H3clXndS(mQKm~9zP-Jh zQOeTKx5kqx6*1Q&S(7!MD}wdX+(;PHaj;tN0wwq6I;@i7yCiv5 z9HvFeVl9#~SVy1_Pabq6d2bXSMx#r@{`h3O{A6cz9;v0{75m1FV4~TWc;Lc#7#(92 zb`+b!=8?|AyydFm-e3F&eZqTp%ZLoZ&qp!6rW;w@heE1Lj?rqhTD#lZ@OP`#D*xT? z>}`M1-fp+{I=efa?%o%zPJ6f8{sOf=(wu`&A#%*WXgzqW^5p&^pIP^~Rtd&5J-ER% zkrD@L{PD*M&gef>z|>2WLD8m0hl6=L#0hX3f zH7YCGX{t~7vTo35gmut%?Hllj{|XytEG6lTA`0G(F(RDimfINTs`d?-hh{op&3z^U zw{V3scsa!G<1(J_vz_klZF%!dAG1$T^+HM&^@YVh{_L~!pYU0V|BD>wWKbl6kJ)9ticCH~*t?mY4TPxA43InFY%bz_+LrQYnzrI~jnU-+yU_l;SCWqK4n63d?% zyJD77t)8)*OogdzmpJ2ZUUybA-idgh4LOdTuwGxh%+#XNZ(I-@tGFi-QhwNajD;^o%XkmjSJ-;CH;_x^(Y6s_=Es;x{w@Mt$hqsRY zm7cPkyhK+cDkRw@lnBJqWP)x-Bt;WeAj}CW1WkviU!<{I1h3cN+VmPhY_^1aGH~z1 zI!PGNg&Zr2HDra>{ugaG@77U1!Z{jY;fDk3{xPSW%Ais%zDMUUOy3>-Yp7PZ?k6fM9 z1IK2*oxYO8aFQi7!u7do<}Ll;AuCdCt}e0|=j1ZyI447(^v0}wa|0-R4gHQ%a~=We zTp{jr63PrfjcmzYlawM6?-PM|4=(<|DK9T3FUZgrSWjnDc_?$=F9Qs%GHJ?k6T|41 znnc&47;o94g1Wk4aKkC*5PIG;7U|y|K_42mnW%V1EUw5wwo?IyJ(xY^^Ua>P%1a6a|RjV9uALrk@Y) z&&9LL{0Yo_%SSzQCfj^V6-O}TL!SEG=s7hDU4DLbk-V|lRf0%<8D?VoD_@hM=_P2^ ztXDw;);SPwI4iQ+$A@&5voUN+{<3DRr#&EH1MpX5NYiR3e$|8bY%>loFVt)Netz-C z3f=oifqS+Izv3*7vc%PhDSt>){>Nxy^N0=b?~%0cceL;uyVSNdS-!|;*!iR`ae97r z+UkttscREe1!v6X>oX`YCJD*O(W`ULGQx98#92Dky2p~5db$z!8<~CnznjLs;$!Hh zzHHZUl1E!{zv-57ewBz%Ohw+db24T(q>(U@HwLUo}8-$MkQmzfA)>ASh=#WgPQ7|cFswLIZcQ6k`UBdyF$=Swbo&)HD9#7=LjJ{ z)7udGR#&6&h_fk;JsPtZ?Y3GUWrRQH4hon}<>{#%amE%*b2#I&eK2PzbMtxiwP(Iu zov!THm=EVQi*eV782fAdRm8Hu{Qgy$Iej&cIeqo%L`~?^xUjsbxXK~RCOWYPth^{^ z_c<>CBY6lLc`P`F)UU}zY~{QVIf=hsnWFN0WD_CH*9JF=t;xYW1S=ppa=zD0yxl3! zVEQzaG4r?fu?Medt_mvN1JoEaU`b3k2-|WG!dvPw)uiRTWxXDrc2<|mHu#~>~-Yz%H@drP;%|WKH-*>={!$F zGvfIpZc>CLzhA+3j?+z}njxX-J!@-8Cb(p)QUN`g4 z?pzxcspMT`S2aV6QI*kUrkYx%W!8nFRMZQpMcq>- zEAjJwpQURqEDqOcawQYm?B02E6sF3F)I9s~1p4xff@+*K6Vj4#lsz? ze|Tg@JrD1uyTvqr&G?Z{?U+S%^?8CGcb4!P1I8P1{~?U{L9sk4$RdqU<5$$UMV+eD zoQ9X(=b`1z(Umoa?rrFQ{zqx1CJP3!>#tGFLa9F?Btsovn~hmYzWx}8V0N(J^1;4~ z#QEMg#CM_S-iOt<{mK=f4H24h8s4u1RWo=vY(w?Y10Sl>7w7QE886JXCE(o8W-Buj1!1fJyZi$Ivk2L^{nOPH#DlNp`WZa{H}iJ zFci4P*`{k8OQ!qH>K4m#ouBLtv4u0}&0cLRd+tG)GJa`uok7uz1`_#2k-A@2>+Im_ z3DOj!U?lJR*>6&oen*nAJO|2qSplW|%v^|U{e@?XRm0mYxb1=wqepejSBBPhaut zReJ8__b2BcemFR}`tbVf;=}PjuZ}NH58i$_dR4ZIy+o^i3$q18TXVZMO^#_HNX4)4 zZ3Sk3fBoU|yMv44qYp<1R|l^SE{{LFzm(X$JHD^YuEf8p5u7s3x$+nu1FC#isTFnB zy@eoLlSv4m%5GGH7WoIN!5n$6`%8mSzv>Kv+WZ zx8R=iu*h&#dp;d?J%hK*>=`(}Yha08dyqf4crkyByPAum^vs-npSLvksKPV5)!st$ z97ZauL)YGEN(hyct$J|Qj6K`$tkoDXksl-!3%^RZ_hpsQ)PHAg(+H&6Xaof_=K2e3 zI?;cg2IkMi94ttV8pOBE(E<7iHDVNy9tfu&B9;!&&**>tr{W1qoapDTQ9dGRAghNF z*6vvq6rySz)(x1mnvqs3^XqQv0BzNP+48{*XnjV6e^*sEkDEVLF=Zo$lt72f#(XRn z2$=CB5(MGrNin3USE8p5-3%VAK~jpy>Vd6|dOS6Vx#-SlQNXgvS$cd!_++YPhI#vW zj`@%%5&7je$Td{j`hQ||zJTN8>!t!!F@jV(k0^&?krO!xCqr`gnx-*YZEkF>1~`Ob zqh};9feD=%W@#n=Q0^mb$zEatfBXR%S9Th67k)?9Pwtc_cgmAH<;k5A;_&27xetv#xl{fN z-6D9#zLFJ(^CobVJU=PGbL3x2~qzlg$UB<)}D4L-|q z(fnn6SAEAUhHE9ftOnaW${N3n@9wGV3Nd;JrtXSS5$u;@pnp}e8{Aao*=Pp65Yi9aZot^9K=Cp)`&&MR8 z5lOAmH}etwcPZn%>dfdTm)n$JeUbv|ZD>GcmRPf@rMZOJ7jx4L%BVlTmo~PV`=bZH`Ikx}1 zZz__y@EcO{m}IkPHyA0K^7J7jq7j)>KSVvE(pZZuo3>A9_p=|+luFilL=rri*Zw7# zN5zXFGxF=9!)7{KydA~%FhcR3#csY5BebOxCAM-* zlSaaZIurMKIR#ct)-US)psHriE3K;LWrNI+aGl9f4X6tHD)GDO=SmT_(zv7d|6-|< z5GDYiQmV%}PH2kXmI-T4q+H!=pFKU!Z2+|lC2r+x9O3-Gm>^4pusmVTwyz9mLiz+( z*o-QCGxp({c)Cm9n|2TH!If6lZ)U$osx>GkS}Y|MuNk*qcXC-rLMIQXxW zbb{{l?$;Ty-CpC#)`Dbeke_L;+A0L!0+aWadEWjbsJ5q+le09LyhIY~Dq5_3@nia8 zrUc4q6N1Glc(TrRP*%WZzzZL(2ROsL;lY|?(^$NBYxR@0M|KgT(It&Zg!#N0L(`8f zY(AQLwQNJG>+rfz=x@qma;dxbyM^$-eL1IBd-bBt8WRr&Qj(u6g=qODgv>YhK+qUR z>)bphE}F#$X-*IHK-%Ra*dSl6Lc9ruhn3DnFoWw^3r|IxA8j-k2XgWL@rp$hQ zd`F@JvQq*{@|MuyD1V9CtyW17i_KV9gpbQ1$vMkd!iJOYNqtsL?Tp>K(~(lp&EJs; zDt*Q{k4A5y}?(#?4u9=%P zbE_V*QHyQUk~}MC3E|~_?%tP6G6W+lh?h$^3m&~1Wx491atisoA#7pZp#S>(LA~mh z6~)5m%&q$6dwCIOx`gLBgs0bIL6@zX(<=w|pW~#e7ItZQ9}DcX)4XD^MMF)!#VHSQ zU)Sz~yxX&V+xOnGd3b2SsHPpnk{kK3!5(#c%`)C+Z$FN|d=YQ?QrkS!=RJSpX1)Gk zulM~nZ8~^hUKaTMD}dHlUa=7x{yr=n%03N$YA$n}`j3N0CGh)2e$J2kB;zcf98vxf z{kE8eaDmaPBRc2a=~M4~jHsQtF*~#OaEXyLvWv1RZE(GpQFeyu@Nq~|!G6dtRAB87 zsh%6-?6D8^6yObdp`*E(*YZM47L)|L)^Qvp&URKPVbItIF#L z+DE{9OHjablVH}!ZlXoP!E5j9*)hT&33D}y#C_%C5p5WPy+{D|>7%pAGsec}vH1MnbPQl6=~sXK}r8)N-Y_ z2~5@t3TFZS4KyY>mKT;mb80U0md3as{2_eF$}E(~T=AR*Q5DJ+_r{9$sW0r>8M9>m~R?@y&NECgLUfX`%7lD{>_Cvxelk*$q8% z^6!F(u)mYWc1a4YI8Wunb>BqgIvRa=%CaNLd!zU;8eJ0h$0yt6Cp)9}RxKT`*f(Z` z-_6Fv0~bb+>8QN0H|rEOk8~F1Emsu-|KjQMr+z|lVarH5!cRPFWSlZi^GPF;qz>iJ zml>ngYPEK^x8d(rt5yEHwbR-DqP^X2?R9o{I^Df5TAfaJcl!&}`gqfJpF-rAf6;pI zSmnw6MLx3wlVI0@zcnLHu;L*&qyJD*kuM=(LIrU&ulGfhvaOr;$~8^nm+0JoeZ{}D z(kZ33PI~p^>uTd^h@-j9bn%}0FcI$^cviloB<5WXnhX zf+Zw4>4_ISwQRstG{QQOs`d?d#D9g2GnSIHUZM2m-4Wq5xAKe$!_sjM=Ak*ETFaUU zR(O$ANA|+!R|HC2rNc?|q zyVaTE|J$7>{{JaH&y3)S28<(|B*-^%=?ZR;`6!wzHJ1gv{};P0KD~}GCyh%kaZ@dV z@#|{?fpyn!SGbdAl`hk#7N;r8{lqZui+Lr~s$hipc(@n`qPj=x>SSq%5T)kd3eaMu zCcG_pY4uQ1<;nSKwNcnS9hv9UIQGADaVx#JsQcEuo-iE0!U;|z!Y{$Gc7fBOan05J zy69HaLNC)vfVM3u-K|acgSnFR{)w5N0m92WMpwX5?4V4{5)4Q?ePe$rfBz zRg=G73>97mz6pt4qiJebvt-UCRf?gs>~3}fwK=F6V+mRv zlW`x)6D&L`;9PB9x!2|BZo0ZShtv;Vn0bvg8jY1_=tNT?5}xc(a*jbiG&vQ-(q!`G z$}{v{kQntRNUeyHDNxQ(G$PTptD}L~Abh`1280?)s0B85TN-pZ#5Y?+f)$zta9}4gAmjEMxz{I`{vvJ9{B2}6 z(Z`7Y*lX`j#eZ~npU(fM_{=C2J3Et12YFWgTxJ%P3fcWL!5(tnZwy*>aznY^=bz$; zG&)o%OJKPafjRjBRk;E8%~P450dkM*j|EacYSKQ!l#lzTdn}OaQ7;;oaw^LC6wBsP zOeIoy8~599Fl^(GKbAlLi}8P#Is6g$e`{}NXFC4x$^Z9BJ{9?l3uS~qUfjsEPUzFy zf4+PdM4gD7({y;G7f-DN9J!b1_mxts=fD=>$_#?igk&A!;D_WaXy$jLpD{VG1Q&wsnqD(C;T<=;=||5JQQ z=iltQIsOezh0nEx0jT}uH?;wFeppZWU9geY^vDTJ@b*RTiOa=dl>G}9oSvMSgUvo% zXg2FpYXo9I!^PkTGQJ`Fkc~6U30nR3o11pCz1?gzTC1peh%?-$3C$@H&F_mo(Tu41 zhUOkm^7(8^@>|BQgWSqK$#HwdS8)6{M^LLbUI=(Ch1A2#6|CO$KY`Nk1a{Xv??VGb+s7C`;%;Ad=&IMv3=s6mq$?k&~h)H(kj`C2n(!M>Dd{pHXk|f^n3~o zYxr-l#f?x-sd8vq?Bke9635AfOL4T-T`g^Q<{P67#5~c&kSCS#bN+L6;c<=GQItA( zC}+GZ6T_Wiex@uvS@wGIKv&;1HF*3dUqChMS$!9+&cBSFmo2$7-_h66^GeV0^IDmI z>SB66Ta{Rh+?KvfmVmSP9a9fawBa0nb(hR0N%nG-SSSR z{kLiXwk2{-@R+8hj&$dZEeLmf%*8Z=% zhCJN+H`o8y+3QUC|2j|ge?HA;c2fV6&1W9fOIX)w<}X)P!c5ugyZsXV4(~nta;s0% zEiqbw|GqtY^Wo^^;+yAf``^=pcgNp6@4)}hPmaD(4?aUbV46ePRl$7DCD`RPAu^C$?4hA@rRQmjScl-*!inrt}sn#I`p4d z)j1zDL5HH)q!C>*nD*Eyp`Gt>~B9DATT&u=wnk1<40zLoj{N(5lfAj4lc4AY|R_rs73Ri{K ztWEMZO8sX*YtQWi3YFB}|LKsXcYfX#hywSL0_Mj5P1XNxZ|^+ie|(aUpFHUY0mAlc zZNhV?+sk~t^rWX5e@rQ$nkxUwQb8b6v2;)oE2LH!hr2K%&TpChpL71bKF7KW+&wtJ z-1EQPEua6r?Wg+RpX4+9{O5`A3vE>&`S9COo@Zh%JJ6BBD)#ld=o6ljoPeb^Pim~I z%kc=0a{s#Q;kVyrSmlQ#Rqdyg4LVb#bME%XHqOpD|1rrDHW`z9WPQ8O?DOAg?d+8A|5kVRN&f#N zpOSkaJlB6(^smoNaFz*IV%&3eC|u>&@?0#Lf&lOS*+mE+r;<-~!jhVyNmZ)c=E~|m zRZq;R_-As+NY&P?9$_+O=_ScmO=2Xt#Y6?RexWW@PV*0Ijf`;~joy0Owfu%Hu(XRU zF0w;v+)54F0w=ez?LgHlQH(u7D=1y78oi?DP1Dt|`3egHQJ<@2;cQiPbrd7q+1VAv z*mskb#wn}L%Z^!T5UL+P33li{dvvdZwfN4d&q4=rA&T+)I!;$*xMvjyRM|9?j`5J3 z7fGU&si|I}Q@IL{0rvu|LzVmwVVv<3UrJAF?#Z zG$q`UoM}h8Do9>rt9Bz{vSBKC0N_Oa?ltt&Z^-32X9v<#=+N-3go*rb16HK**B+elbxb*GWJ>`W z3I{@ULwzS72;w{JD^(j>33_T%k*z+ZxJ}SRR*kou(fHC#p(0?$hrK7p5L=)DGBIHAo19hFG1NLeHz*f;(LPd_6XceHYu1|q{Jjw$) zgZI7)ziSLjU&L^ABQ_X(?S8QZ?9}HOIyyeTI6geMIypNNavskti}KKQ>?-LGv|%GEPvt*=@F^9_m59rAdPN1VstKDTz^$A(|qLB=_W| zmWO@5k`ayaJo8th_Mz!c#&QWPAxu?*^WLl~0_W4Rd?-L5;9EgNqPLvKM@!)0qwrm6 z%0VGL^WZ#uD%VIX_SF5CQY^HV;u9~Xs72&H%Q>@J;i4$k)gJUQboB;nQLAI+J`dJ* z7xVGB{1(Y0B^GWu`phS87g<9_Q{_=tLki zg_978Z>|;(p1lysYQ?sDLwnU}>U2N*h!X8Ou-= z3%bOL%zph*m!@XA-Xc}5QgHgKeH$JNt`HWos+z67)Dp=r>Kq?FY+ZCym0bSazL>o}nU0XHr=Zaag)|?e`T6SMy#qMU@~uB(Sh{ z(Y*eApK}k^R1)yI&y)C6|v^E zqA$Gn&~_uA`Q`KQx~DZgLrkNO+NE~Shc3-~^skr(KHaHejy_e@J><9Q-XZf}p4BDf zwjhToT-oYCNY=0Nki?adneVXgl|SaX~HS3F+Xt~Y#cp+>zkUzuLYIY_wWZ@(7l>q4fvj^vSQm6!SF}9#A6>lL@f;WT ztd7l|OeVK2j(0&>s1Krra})l`}=F z&rwDCkN%YOzvhS}V>(P3CyzJAy!sD2ol^dHd%N3t>i_sjKF`oO&L!snp+@aIx*d@e z^$VKBQr^jMbd85ZG*_OXs}U7O;t@!UNRpso!ura4LDS);Jl{B{Hw0qyyziwb^bDnB z2)YDX%QzX(I})p?kT2Jp=qybph^6qRL6#e7y z62+8@mFAGmq|%ePU&!DQ>fsjb2XRbd)C1t6`OAQ_VUw~R!omi?D2%@&$ry2x zF+nBPD;wy27DGiyZ!RWDP$Iq8Z0|L9Py_v>r4Dq;aw2|S18MH%*4FLqtsXF9V@M%N z3X(=-E2bh#@MP=nuP@HtYyUzRG#OyX~(0fB?jx^NJThBZo@QpwBmYI8Jd#Sm1 zRyNRCmeVo)mBc}I6of$A5!!Bq_P!lKu9~qwnDVFkb^B(^dvj+A+;*E?1LH+=$AD

aig2Lqwr_dE30~-n}4Wc0*#+r)kdd1iim_t9DdUsZbn*C=TP` zbS)Cgtntq0a8h=>lk&nHd2b@GK^B5KyA*P+(NwsZuE40ovr|}TDo{)XD3%U9oWs|o zkJ>Lv>xBA+nDp5l%JI-&re3?*?KImx2cu@T&}-OpjIyX*RFFbGP5qmhw_4koBj z>mYKDb26NO)y|)f$Z<{vMIwkLynSy$9g9A`%a|ZBS{)ZjPR}vV-_kM7SHYyMzRWPs zj}szq#Y_4tS+&Kg4}L8;L9e9Te5pK%=oL*dpP+NjZfH!n8{2L~YnhGcH244fjp#J@ z=9kmJ-G_;VSz;pqSmJVC5Qc zHby=5V^i}JkQgLgYh#0G=-;h8;f@4OGMbX96Va6ti#ri}%@<}Py8f9(5z8iL>G2KW zlS{>ZVWQt17∈Xhc#$9He~->F+p2ot;WfF5e$9ksl;f;_hDDGcS5{C~?pUD?)Jw zwVn|tu@b@5!t1*W=kmuPW5a|Px3?Q$w_<=rh;8?CAhz9gH<2APk=9=6zVa7Yu?L(W z-Jb=;BnG0CGOX&L(yKD(&F#O{Lu*=C1#x+R6G1%ewk>vL{y(H4h865+Pu+t@Br+0X z%T8|A>zc-h6tDa`Drk`4p%%5+ZMn({>L)C^mOuBU%%yH^IC6M4*W6RLoJ6zp!lGF^ z+eQqqt2`z-r;+FZ7q#C4#pH5TU#ow?&*z+tNj@TlloxU`)EOh|6{ksEtLYHA7NlO) zSr_Xf$yf=Npp$&CAH@yj_2~Qatu|O-w{i#y{e5qVSpi{_KWuPGiz@<80ftwd0(OGtO=ZBAhdh#zY7y z!f=uoJSDNZg>aseaR!HOBsKLS8*&^Ilj!H*12;QmH%4n*j4IoogC^gWJYCJAV`kCm zE;WnJXE6(hE3nKInt2MuQd7fD0LRT(EZj{Y87mbzW!BFmb&-fkQD|jD8;?q@9aS|# z5Xd!qmVyq6(f5`cYxZq!C9U2Bnvo9HdB;+kGp^_jI1iYs-L;@^la&p0&dCi)bCABz znaICm?Anl`zTC(ii3+&-2k=-Sq(DGpl(O8a57@q>RaEWqht@Mn7^6ZIL>aa7L`z^p zlIny;g>03(mcQR;paWhTsN6x0t7rF>6lqnoAj7GB9N~l@H}ALP-?f`nD}ztza9=EH>jrGUiOA{&ESoKXXU7}Qyy)u8gs_71N z*Mi=$pp~HMT^P{&sv@Bd-HvE9LO2l&4N0z4nJh~viRC3NFQSaoF@}p*l7_sZFs!-K zMZPB!b@!Ulz)%1pnS=$R>u&Q-?aZCS+LCm8yKX_0FfeAEpnQZ=)JEqD6?sLL+)9^M zmkzci%W$og0#L!JPl5ukugH+54wxmu))H6Ki>C5Gz2XD|e^<<1%Fc2Tdw!TdNX!xA zoJ4u}i`@J=)uiJPbK9;=hra%*1r@l^a7ny@i;oM};!ePts8`?)QnaI0V{7+UBVUqi zDZ%SD#n~y^m-^T$y)I&m z$20}|Cr#0q4ylTG{!zSudzv2$;=lxef{tUQDA zO4B&bTBqHb*YzZ8-`lb8m8}zFn$w|sWy(>|KtH{cJddUWHp5T^+Z~ZKCp@qXfp5~# zksC|iF3oZ59e{0vp(k@!*iQrzk_Oh^pR8MPfTohMD-mH#BhIuk=YV%BfXihQV=0B? zlZ;6q7sm%j?~XwO#4xgw^bGaK2n>ZvixMEis1}jN^kQ^>?}*q_?cFPLdDGr!;MCY_ z?)%)yOk=;aH~#JA8%i_Ij6VRaN#QObaOtlDtHMbFRM2!IxbyE>c`EKJrESNkSFYmT zQ`eHZ;ziEoYq>;1iPpSh-lutr z$5b73v6XW|%o#U7xgnpuXtmZWf?iGrDq@BT-6YgWkce?KVFkhoG>(NE3a3u(wMyt( z&y8b@3g0Ncy}l_$L_w_by0H;6P;BvFAmy0}D>gR1EFqFwo1NTwz=0F(U6K-~3CB5C z!(RU1+iDzgUH}Rbf@#zWw`s=74Mf$wXx?qLTg|(#gtt9SOHVMqnWx^73%M8oS|66K zk$4V@A!;vSgxmWJeAavGW)iJtd&kbARpKgYMK9?vCGmTnT#%T8I4Td5)7Fez50bH* zBHr|dP!6af@jXaJs2UN&@CAvK#mz(;TwcCKIpJd|xajrcWROS{_1|A-$d(JOkW#8X1?=Qn&c7eZq zT7I$%F?CALe>ai0q@{>oFjtY;G)29P69`&3R7UNdllI)CEw6AV<>)w){N(+X6NiWme%$iOZxY~+C@ zbLagqF<@OIH~zgyrkUUhNK4ZDaInG?IOl_24DH@Y; zpK!RE9IRant37qqKpk8*FjvmhOm`~YJw3ZRzHH`qIZ{b8G&QzJnhqEr!+q;OY+DdZ z_*8b9d!L*XcA9$*>#o7ty8v>W(+DTY#2Tl})o&Oe$Y41`woX9PIef*`)1U|Ui3CJ+ z2xnIG6B;EGKYY&5?^h$R6h#RuV(ZB=cS*;%|3l0#z`|t$P8-%-Bcc0S0P-H=I7&#| zcM#hK;!c?sl}YRT=#?hHIcEHhaohqqEJF=DpPm|Kp14e^9$@Cu99j! zvv1*)O|>OM94AApL@6g}Ynz{gwr8M)t}Ln9=%OuhYG)ZqJvGO@zH44@g_gmdwo?&) zk`7qUSda@UT$9ZtP2APnD%%kDqA%|eh9xjJb?4mpWQnp2#Jp2w@L%7hb?upx~g z>R_DBCE&e)fIHRhrjGGJOXS;5sy$TqjCSHe`EuiRn5Cz6jO(}r&asLf zZ~b672e)P6E@A)OZnh1CuEmU2Xk+G}0BeQlvzx97+z}3hmyhPh4GJmRWh9MB8cmdi zQ0U-3!wq$Inl|wHcEDc6j!qjH_nUjoE^MOjK{7VZU0fP?Z-LBw%c75>L)y?t!b$5AeMK^VuOlQ9?c&3E_+DXtW?IHk%&rqXh@tVp}!7` z@Fdy?n`Ld*Vf(@$+nScfoP%7B{0pNg{9BaevW{ZVB`C+KD3s@0*}&xc=$cGGgGdBJ z5zDBFiPVxqjQW#6hfyQR6||Ff^QEbkVI+cJ0rBFkL7?SCWF*Rk5h+ddEW80~F+?p$ zMCAKh2A~amc9Yzzn54G%;Alh|37#mVq7kO4RDz%>hziVmqw)$4K~6HMEjHjsu@0`~ zA^}2MuQ4Kbs0$p;`fAme?OksNcS~84-gO}7cZ(-V+4p!y&-9e&$<2^UC74tKAY)az zu#$<=#4x%%d2@Aq@lK-j3%lj>rx1_(-Re-3c(W zESZ!#?|O~nRLpZWX{eyRhGa~=O)xvn3^eL(s`!6*b%$0;&k-#&$F{Z~t(AjxM5Mk? z#aI$sY?lmI+%NC|Nd!^0t04by>HP*~kSPTOf)F8GXZpN5W?Hdb;QZEITLg_sgt;gM zX8K{YDY;dlrfR8Cf+wuV6~`dAu%9U&`v<*MGpN4WaXhA}3W6=m;(Gi#_aQf7=RTKK zR=5KRv{$w}H(@M$*xMfYZU@)0XI(kI%i-cWWa&Wp8;yFXS)gZ?39v?MKBI8}5B-OF z>kb)9_nqmxLymiS`4*XqOVoHuw6?kCtC8yncxMxxq&a7C5y>^GE8f&Y14<2(4z< z^6XOFp`qC~hv$%{rUm8ZFM_2A7x_qj5d{{FR!$Jwd>x>)}}2 zm#~T1$%)Vjrg@%$99eja*0Dqws(autl3d%*Y5QRBgcJs-&DpqTEY}<#r#FT)oj10 zcx^5V?l>jcc*r4pe6J+ELeh?Q@IxSYugb&F(~-yWsH@nooS8skU2twH%*zemsu+Fl z1X|6Og3z}1IY_eaVw$W=oRP#w~WWSRH(g!+QvdB z->&EWy*x{LMt%hGqCzEY8~dDuwO!+i)(&;W_^+u+nQI&491upx7m(8Db2!)P;Ne{J zTVL7NfwR6y>WNF5VE~NCt%qVVQf|>EBNwkG9BMn&sQF7|I28mjTi1zEQKPakz`?d@ z(_#1sEVZljV5_uvX}w1DR|2)KJy_sfo0PvhmFH-WMpMee`VzO_nHB0Olb+msYm7AW z2F51W9MX{hz!+aEwIvi!6Uk&a$w*FfdP5w79gAScJIVu^f}uHnbLMce&Kr?(jI%H4ZE>tI8=RvCBf)D-{K(B2HfzMm?~Vo+(wiCvPt)+@1f!gSl&S z@qs4WFHA`Wn+&207Y#6ldkG9d2`*BoX`w8X@+uC?xJb}8!B=TP0QwclbHc0A*aC&h zF9zCk5N#^2lIa2BJIt?DCpa|5nGpd2uikHecrV+k18NW8<%5*vBf=rK3C>2!2^%u^lFKg*F%S8vHd@*R#M4r@)TyU=p2&;A044OA zSTADCBGJURqKU`&SC)d|oLq}7XgQH@N$xr)#l#i2jH;q=s zH0JN&j@!ewmXlm&t0l>v@+36JaZmfW(3&=o7uCKUnR#$t@FJL?? z;2Usb?AtLqOYDbr?nn@O7DU^pOyfE;wFcFC1d6|dQOY3px5Kv$m3=c(0Bvh~6YO|W zZ%XpLo^nW=_FK&f0v0{5SiRCNZbvjHiDnyNicS@uP5xLklAYM@sa#|Ph^oW4P-yzJ$d8yo-I=ijbuY#g2aaC&v}?ijs0dGp;BdUcF0 zj{ood$;I&zdVO|*4o=bg^EVdfGw!sUEg9JL#cP1(|$rW zHgu&6DKaFneP^xLYQAXh^ZlthuFr33YXQHk!tBz5ZZvg8zx`U=er{; zOeWHo=#mihlV{%kdCf1hWO;+6mTNK*U~&ZLB^;>G)I?&0!6m4jtd}H*=V2gkJx3O4 zmo73Y`cOi>DMltENPwW=B>^d%aFQTwTWD5Q+-N~L-PEdWyiTEerdNWO@|&h zSE8U@%SkJ57_GGHRzy_>zslDnmtW)^-5_5-=8Q(SV;$pk0vI;4^uqFWSgMYS#E-k7I*you>Al%qh4N)FekC<8t+0T zg^m`LTtXX7e4yJF==KtrwVS&>kgf&N4lvWz5fNvFDqW#6iPil)g-XXjaRTF!x`n|U zgL=xByhZY8%eo+%Q17ybiWCfJ;I}qGFOr#SD~Yvc0%=0Qpfz2-#t06&RujC%aT@z? z(Sa%lWa4;OO4gM$V5~4x2vOl4UsFN>Ttm)sqwrYYH1$_hj7mO|%TwYcLM6FK)~>w$ zF(X2uq+%%ib+lycgl1#VR5f{2n2EZ2pfyXoi4IwMLv+5C@kq#@I!%@JqfLLIM;V^z zHmw1>F4jTe)tbiZh^1fUS}^vGnKdQ~zid`@!7PCN!V+LWe@Z*NCX+3zC#q~asN3S| zdqJR zsk3Nu@%yaE(MWmDFht=5b{-Xx;sbTLZ=JFrVUFj)`HA)%Iss2nA}5g)vAvR+Cc?}c zVW(n*MOaAJgJF}+LdC!8a#9_D-$68M&-c^?P6aPeE-X9+!*y$h3;4H5EjyjT`hh%+ zTayZtk0oCnkt9>Ac%(Aoy|geXlE-X}XyV9JyO6&~JJA*X8{lVjfJJRZ*h zyS?=UbwSXf$=(p2OC;3hJet%V6XP`vi-kgNV%w#%EF<8xn%f?b7h$5;yxn$&M{~k? zk$B9t>vGd7q$eHks^mg-|HhU1Zt|iii$h(Pl(xInbi3YjHX5v6JId`-``*b*e9-3HYgVF(KmeDZ|Z`9R1;p=I<89$c@XU>UB({P^3;Q_ z2`!u~CxN#-KGro6ffJtuLClbnwyM`RG?hEGY|6OC1UHQzwe(Xl!Q z8SlLCUoKUy84({!BO5*oSBj6qUYPn5(9pC4=0Xb*=O9EJRthtnW_#BH?aW-8X$jAVVzSGU zIbixlbWQSOsTYf$igK#SNm6ia&Y33;UXU!o5s^6Yq-Pkk@sQsRN!~+oLChVTl3QJ6 zZd?N1wMe(>-Mi|}F_z;BkzSc5Gm}2(58zV2mavt*@Hm^7E0pNg1l6t)M z(EARwyHRwRmdfHR-n;gAY?m|#n~klNG?$(`mGz5@oHdNS!KI5@dxJOJZWXGEcTATDPI8qJV5f>Qn5)oHRM6epc7IK9IxIqxw#TIv+R2om=~-u|i`EKJu|<%5 zD!G(yy{N0{_*>JhfUQtJRV1T(kC!qcg0>qfv=k?a54htNrQQVYtwz~^;b&{?&X67> zmQ4`0x&BJB&KWwmxH@@#aCmig@#BZ@&fXnEk@b?K<0oedq-j&Igh2JNzfWa4gI;)GH(ymC~IC?zveDyHN_ zz=Fewa~;U&LoYSYQxO5ibXTR$f-0kZ`^o@Aa}VH)3V0wq7Y9 z1Ss|hmW*`MduuNmoro7nk`Wa>-a^T*?b0xpaXjsN&JQnVZQ5o#1H!fkAxv+myq6-J zv#c#(hb`^xE249M@zd#DgTt$9fi?WHKiUhOYj>Ogx5JIJ2f*RI;K2V##x<9qKp$HWa_JSG%0`Z6vdxjbzL8^8|QHVPvUp-&kI4 z0>a{=P#8u~A+v;cl5k_bFhjQMOet(&Y}dwTqoN=jj8g7^zJ!W2_tF-Wb7W2Npmpun zNgyk0%RTi0)ZGuRxvd26dNL|{*{`6<#W!l-Yr)tJHa;}DDAiK2WKft9jU9}g3K(-Y zd)IWElMrmG&3-5`)^tHs8I13F;%b6}XGWeFFFC|H#@t9Y?`Dacch|OzuBE&g@u{Z# z9*BNbVXmSweM}k=S2^A3{*v}XY=FzvR3U=tU#!(~AT z_CW7xO%8G&mOx^s+3tEUZ2pV3#O==@*D7*Ww6@cH;eoKB%$*lLoe(9)-#AOJb*q+6l7sc40@Rt#hlXk- zQBuTVWfVkHRUz0V$*CMU2X(&!s%whps@%FMLK&vEgJ6>umO0Zq&3y;Kr7Z0GcS*T# znJtK?)gFC|&M?6%IXW=$@40LRt>7()uXp-wN`by-_N|dFV==;MP8+7^wyO+~v&t=U zP;J71$5L!$Q4o?E#=gq6;YAA3JElvY*277f^NI46gRM=t(QInL-qc_&>yszW^SL=ag`RG(ejJTpm9uIdl!y2Xg4 zXuq}J2EIh@Mz|0;i9H-#4E}y;H>XRHc_H5*x$CGOu$ahIEBsn3ijaDyVvreeSDix` zu^X^{=fkM#&1W6nUgZx5bN}a{g_=iEV3G~edkyp}E{QDC24OkITZZGl&VX^S_bOmJ z7x`5AGjrtD;OrQ`&$=IC9h-n2)glAkblhmWKZlXl3!W|y!p_e@Gcx~l*%i(>X;`a= zUS%yvLj@$4U}oOMyiaqks)@M-J{A@k^Fyd0MR)@prvt_#0!2qqLdP~u#Pq0(~Nur|Ux?%AYoo7v`%959f@CNKQiPX}4}G-rBzb$g~op^Are zjS88o5@ymdl-IT~5IrZlPp_;O*x)S@yk9$<+jrN5u6&Ybi)9Xi>ovC*=p+Z3#2$5; zt*|M*e5cgu4c-Bf|FUa?n!=VtYqwY+xs4HvP2h7+baiegzEv%a*WC~|$(tDGW-Oo67=_@SBIu80^{pJ2`Ntu7~{JSUh{-%Lyn5JRuLjLjBlYpqGoI5 zi>J?D;uA*1ZoNG@JU+cVe%vuytyXJydmH|4wOXaWJG<@f&KK?Nc5AP*yVL3JebH)n zJFV?6Q0sBgsQwgEA^4*8;IYb+`-^);_khB!gT0D20EBGrPrZukXq zw#GtLbJJi{VHo&H%E2(St_ioP(%^N0I6!(6L8C;XYeh@-ouwL*e$XTu<6IBeM6XQ| z+=6FJ5aCwUZn)W_RSjhorXtW9U01KNTf#TB#a|*pQ}ypnP&Tm^{52Gv@F7=#qcKkL zkf_}A0TM+t(ui$JsUN1_pD64x!1h<>mP%@39Ia8huC_;vXr@Ai2KfYKghS5F+D_~L zt;29qTTlyc02R5&aSFPS7-24DCIykMqdrN=fJPK2A#@K;A4o z7FtYiXk18G9QpL20gyYwBMMrMpK%CurVasY%M_`pf)}e$NTWna~m zYF1@*D4kK54OTWK`LiiK2}-KU!I5g`tt2m%bc&?LvRO)XQDD>qo96tN;yOI`aRyD9 zrcuY~M19AJ(84SDOLZ~g2%7_vbDRnnEGS7?ev?>L7$dbj0B$p!poUSJX2ixB1vN=^ zj8fBd0fxbZeeM-O)}Js%h1J;|lbB+t2jWfp2ga|bm;!`wN{oRINlJ4^fTm^|_5hsO zepcg6G={`j{&V^xU_;XKDsY)gme zN^CWVHJ5=JBx>sVeFs@a(wN?%K1tZ^x?6=K!s!hLKd@X7v0A18IY#vw=-F#XY7GqH zeUQ^x3P&-PV@T@fY^->d910mrrz&gWm;s3)m>nmGlN$A zf!p;%$;$N|U%BJuGhmObH=bQUqcZ8c)Z!t51$zQCtOJ?NlESQTuHIt27Wqx@P~@td zB~B8CaI%mxUm4sn*!XjAS&A16RZw_LuLg78tK#wICGfxqa)EtFiR zT)4vm>n}EEUPYF7`D3uu!wHRbNM1rkE;juu%Zfs(maXtvxQg+Uq6XZN`U$oD^5#?0 zij}qeMc?$;NI(VNYD3jADxyLNlfkc&*^C(Z18_WdHIX~B2;p1}Jw_}Q8I1~7h-8As zm|rXNo|TS_$VCJlrrJmkdjtzxNr{qKt)8+RVdS6H=IZnjF3Hz++U5k#6?yyxl>BjA z8q_7AauN~XlRoiTmo z8L3L$4kl{U&CO*5mRHZVLroZZj3mAMcEi-}OtpC{$P zmPoM?vh_DjOG)^f*&8`jo00CbRmsUVohk$i;z(;uNM5St=6Ki36{}aRtCiyS>pWN!z)3d9S!{b#1xgn}2l`vySk=q-`KV2RRs5mK8D+~MOfikKmhLR1s zET17dQn{=qX4zkU&D4N1sENQ7HWyh}4@~t6SFS4%8_rQeu#oDMZ>86-xYG*R%;Kd% z6B``eTDuhrs7lPl;cK6n2Snzd>(Bs&=)mzAd1VgW4LA*-@y+Q~#zxljtXx_*s92>z z>7;-FaRc?#!InaK+>n!;*u6=i0&p^sf(606sY+5Z(51!nGJE?C!h=$!t&tBWp7JUs zln|ZRR5^?3U=rBo?X`j9SpJ(!eaELr4~juuuh1eVVNb1-4PorQCiYbV3x6(N=Xw4He?5s9aDk=bX6w>iY9um>h#G?GquN)iGt`kNUVKh zQkEh;W0q&esx@6XNnegwHsmN#ukTx*mr>2Mm<4Eh1fxJG(KR;SNA>MvXkWl?6I~erMCgEWBS+h!gdlSJrATzZG9V4Df;7v*VMr_({1Ny(N z_l&Mtpo!LCyy>h?T1~ZyC=eD*uwbc;Z&d-)n5(!x=wd1&PWyT*tkOY;blN^^PLtU; zeH&C<0cxf8n&^lMP@M>uPyK+oT$hPG1Qyl)L@BVKc}o?`u>sh{SOrfTE7+#nFn#ug zLv;-bed1_TR#E+@X)eOeT}M!m3#}epqLa&2^y=X9`$gPTw5AJ3hVIMDLC-4!=7%y*hYx^7iEFM)A_{wNZ#-47!S8*Hi#!7c8PyO;$`@`&q#n>pNPfm03l5`%U!L zE~$L!EyaDBfb;xB-ndo}{s&6q^o9PobSjlN8OcCsmvG|rIzU}ZDiJWB_9+FLv z35r}-4Jf#}jc_t3QYYNNC0G#&0xeK@6s(6Dn27aFphGF3mkn_mhBc<+_=bX$R5vDI zLQuU3Cb&U^S0~^_6CFhIPLQi$IIkSpYbW9ziXTQ&bPtbf*;zQ#-DafFXvCPZf`X+p zaJGZZ6=5_Wz)v=zGD-%0Hq|6DWd_yUZvu2j#wpG1d9>c!#NdutKhahwkXyDS+mVv5 zale0+K&@71a>IQaeG z{QUUz=;WU-XeiON9MMh7-CWxno8^QH0dTnU<|3FY6!hxF(X=)0sl@+4KWK(VBd~#$2v{ zEkPK4ME40+Hy$jV7UQ8TvJ@AAHCl?YB95o^vp!hMaA2}Cgp6}T?(;%Ub^LP!0{0PG zNJ6iZJ#@_3if^S1*2|zrMesnK1pYwr+X&vUY?p)tC>SEQO*l=tH#B57L{&uh1x{@( zaq_yDo>%iJ3E=bpl;ZzwySv96V`lt+duO*Z9sj?*+kJ}v{}i8R=WfnGOxJEnvT>Cl7qRhH#L_`hNKJH0dj+=s{`%tV&6Wf6HxJBub7KRt zv(7mI1}~8k=!oQ)CSqk}1AXuM9kiS6&fiux!gV?b(kRs$nAgD~rrT}NBtbC?MW>f5 zP!BsxSlGH@M2Dkf;nlTYj=`>z#wO(-Vp4gLX{QxU`>c@9seE=lipDv}me3U} zO+kXnR*)HENw2wLcYFoCSGESf;U8z#OuS}dO+fh+W@TYUa?tm%-qb}ZEsfSXEj3?o4@;+w+PRZSC*smOKIZ0(sO(m2-a@H>;3s~UBzth`c% zB&d5=J?NUiiA@k_Q!NT&U7_$N?>Pt1v9MB_@4D5x6y$`GG+$Zi^?H3QMk`As413QO zkg+L&tT=)|=UByZ+MYP-e5El4;*cWYfD>pi3zG&_0M6msUh@teWSI_OURSGksA_s) zRHXFZ1wrpr@qzEjWTobGYq46mcU-}OrbKmNE+ul#(jnMtr`eS$km3PHC!m*`W;|Yo zzsW#%537Dm%0YBPB#Xv8F4eg8o|bALlBzIQ%`)XBBefK*f*L=yo3ms!P_kX>iqs1Z z)RmWUZl=6tXg#N6(zHb3E&Vl_tdKj%;eB^-d3Aj8;rrtszj?mKGLj0BKtn6k7?C^F z?X0hmXvEO--`tabC>nX@PKiDqSIkmDZksY%g-qAxSBh>g6e)WzOVn%T&}bNl;R{GL z%Jcb*rO}las}zN_z{njm*{uUs{i-Lv-cMtE`PkdI)3*-BKzU+?DX}?oA(z7 zQZN11ExVEr%B9e4yO}K&zqVD?Y33yL2+wrXoou38qHA)+Dp*b4y?!&BO*mf4I1-Hl zpsLkzqhf3b^AI5*kZUb>!7eS-^uVwk4S}sefo*7;qe`U=RC`(;V4%WD^e7U(pYv0S z+xh9fv~+y#%fBrBo0DpvxgS{SzHTVO)7)8(Db|%!ObR0dsxINNv7kkaE7Puu_78Um zHISZQ1J)U+Z_|9G7TvX`(qF4hFr_4(A=RO;L^s||c9Nqp*r#%+QHTcQ7L92Naipc< zzh4O*6pl{LRc(=ojlBf4O(SDyc~586LE9SBxeaR8HCJB4-stQiuRAX*{(tt~y}xZ+ z$sgXo^(s(WZ7j#6d`Z%C+{kAYTTayawvwDSoAgK!2}`UgQcF;_bzJXje?FK2K=2}2 zcGC3h^Q-o=r?CVKZiB&KF!P;cI!g>sBqitEG)e17dQqDDpnVQ)Uv!Q^f55DSe&XO9 z0O~@13eG~8!8s;z=|Xms&1jA~i3>T3!C@76(8!t$-W{d#xgeFFAZy!~8GZ8xLizBH z=jlh^6wt>2)?1o}o~+X}C!-)rXGx?Tz-jv`US-=MZ{_5JjXz9M zQp33d5KG11`B}I3w$tkN&zs%u&u5*(Ms@vaHe_xRz$!}6B|9Xq^#tvc*OR$C6!&cd zcf*dzZ#)X8G#NLnJ4am1jN#d;Bli~h9fAR0y&$&jF*ov94Q6!5As0#qFb>|~90s9O z+G)(LeGIJ0rI^6p?v<~&(dox7w>-3$u3DpdSC~wxaKKFmbS!*~fM?RoX{)f%qYznG z<36RlEH_FQUuN|@okj`c;+O0tR1F$L?JEbesR^}qy*ZsK%XO{NjCBR0jH+wsuW(=V zCrk(;+2v^*i7lL>EyATzEXaf=z6)BXC>D7t0R-e1Wz1uqQ)wqcRKfEmK2fK@XP|KE zW<;xE8>J5}rf0S>g+5%{g+M1R<&5L$qrJv7{-b^>NwM)+2(Sf+J_yp#a2(TJ0gV)- zc1~wlBPY7M8e%3p?-i2L*#osgB0BAnB%a}eh#aYeY~CZgueP>;e=x=Po>J-oM?hy? zfrhrRp%>0AK28rIm#HZ!`6ij-X7bV`WhuItfg~MWnov3l>0h^Js3|DQhB3pqb;ZMe zXcFMFArw#bc_m(CM~t>Pd3|<#*zdHCTg`5(f7(20nervov`kK)ut_9w-44z#Qaz>2 z?qVilk0vV3Q4xJ|7DHw`8Jk$9@E|xUpvO7n&0MjU%CN8DAQ1`zUfh@`&Q8Jlm~$RY zVH+FyOC3k~EvQ84>32DUBNhWBmCtqn$h<~h%|1Gnicr@lc(FG^@k8>lsMTo=&YUtG zu{{lF7%~r)@keN9o!*hs^E-yVwT9oBU)h~>7T(d=yP+{yG}2pOD@CNwcmJU!GJQqV zN%9-Lriyt?^iI=+y5g1Yli|n&0r7rJ3(D*Cj{g@r$yk8;@O) z@{T-qIe^NO)*@eX`9dtpo1a^T?Io+QkVIw;UOt6FVG&-vI9WV@4|PPZ;P6*rw|6&dX&(UeNBt z^Y!>E=YHmRHjgmoO<%EbwaR%QIxCSwv()6Y1$xra&Ojskx&+O7Z%;*xJ8l zq=H12U#;}*z^PQk?G#iJ4_^|6cA=E6yy;9@V4iMp6beK$5clxWSenw!JBOH$bl_5L zKqq*qPQdHj4V`Z;elC%bNhr)*NrehK|PmerHko@Xco(qH<=fVS_OB4dfG=jrM%c7LmPt@zui#fzPvC`wx~8p zpVH7kCLQ;(rVw?Vao`TDEg!PEg3|#YcZ=O)-e2|`d z(xJeYX)mRCA4fN2Lc_W0GlnT>jB;%Z028ont4IL+PAZ6lr5XIw+4hcBV9=whZmQx*x*!PCa4yJ zMwoMXU`U0?v>Obx4a0Gq%Hqqb$>Eu-pban)D&v<}fD^-K=kpdIf<1 zIgodw%XHf*#8~=}lg+?fQ@-M&;xO#j&~q0BHvfh0`?ZRnp3 z*%9D2xZt=IssZYnnhm?a4Zw_!N?wumi~~^+&lpaEZIgo7dvpuP_Mb-z1;g28%iK@A zv19C})1z*sr?<-KQCB6yq`YwOmIzFo(AhLw8J}gv6{CGF2n|k;y8ZU~z&zsyVg;qJ zz-1a}4INRxFa-OkOVA05d4>iLd+kQ-vrH%hDribfiMocR;7godISsWDUUKs3fr8;B zcl>FidWW-cPd)+lbPe7{(I{Xloupol-1lTSbFWyUgNF3Fz*SIabkbufS50Q8JeRp? z9(i3jNUasmlQ9EtC1`BT_$3)L{k@IN%hs`R)pkv-OsN02}p=9JvjV8GB z8(02pQoV=3vvlWBE-wUhj!bhq2_(XS>7$&1;3+s#jNBladBmp^)k#}+l9MYo=PD=c zYeBdVN(`}WpH5UU@>N zhO8c>kF$3bLWm`J#M&cPu16LGYFX1b`i;3s-}gkB*Xf`8x`2O86V|_Cb6Myg;#2%p z{A7#Io7UU*DLL=7-#2?L@>A;reETWjf?=0H*J*iT$$nh1`8V1vLQbaq351UCW*!Je?$j2oabnwI2)5``!>O0` z0#>Z63=5K|FTISG&Rx#Q#gOLcz>*Q^@@-?}PP@3dnz%Ri^rJ`7-$i_|2goj`bi($^ z2a0^x3^8y%!+X&yvsU%4OS=Pvtr zv|KL`v8mW@6JJ3F4xEjN@z_f6oe|JgXO3@_CvOgNK&YDWnL_~(hO5` zwDgmMbB4M}iX^NjLt7{yE(3o0ktN;TWIzIc2st+)`aWThY6ot5&7ZqE%m*G1^yrPj z5!sTSEet$`7G#p}_k5s0uAPc;@0CBVdc*4Oe)U^bcXz>6N_PEou25^_XH1KW*nMVZ z)xA~jSGckdUW@1r@9sJ(|7fFn*ZjHL@9y?nr-$cf?bF`F7b~O?vymT#vVN!awtaTG zYE|PhCn`4&4qDx=xR9-MuR|J{`y33Rbc~2$>g=L4^dwV z>O%1Fq&|x4F%3QDjFU-F%gA@~e)kE20X>mbm`Ccrt(`f5(BV&;T7aCXU%H1seRXNl zgqi8?s!ntdf9grGT$8dq9a>Rf7e_S<1OJL;1-(C+1}t4GI0+WYe5Z1uE)TjrKP&L% zNo7iWdD3Ja*&;7hhSw=4(R3QgH&UbkVc|*ckgH2DU6T}?lkrTjSYfbY%}2iLUj2=$JYgJPqtez@|52xpJibX_`aX(l(T-0iDFclBWIP+f>I(rb1B2^H z%vc>mDeF8D+CyE{tx4oIgdXMo#1ClfRC4FV`^=G{?*(bfbl6nJE0>=0bwkTB*22*@ zKh=>GfCkc#(>b{oOztsA#1)Q|c9Z3k+G^*QaqImOhnIc5qJVw>IRf(iu7i@q5R%>9 z{+o+~pISXFDOV%(1&*@!k2%ah56(^cXCG?+-qUVmTyviJbn+=phyF=k8v^!B5^Oh5 z@W5+!PVdth>#20+Z%Cygq4k$)y&w<)=N$t6!wuZmLkMcM5lfCVz zQ-LL8X2?5zJk%axU{@22gY5dFka-tz&|xTp;T5a!;Bn%+am1s`gf#yp&i^+-G|WGL z6n}YGFE6R{)lXK@1126fHiuchpcEX&zA9=f5vHEg>P! zE>2gLT6tOs0FWgmrOm38OjQ@?JVMjeL{!#?I5W6|v(sL)ecI|2)K_HS12nFoW0ihJ z0cZ&H{0x=d&b-qro7~4-y)VU-HRts(-mmn)g^dc$?Iu!Qg3=$x=atH~Ls}lDUNfzR z9}P?4uj|GiwMC(T1&g3Du3u720YYAXW80W*0Vm*>lVid|e>!CevF&|TN}4id5MRT( z-nRA)Tg+>B3`sPkdf2cGFFvcTsYo09eg)TS$5CeSuWhlHA>w-W0GtZ)o|y*PuC&hk zLbby0Y?D851+M(i+mmH0bn45X);)5)U74_idNiS84MH$07s*rz3Fwdsoroa5b;kG% zUxI3x{hB9&%MK;+9NX@Z-|atjfpaQ}b}cA-@X#*~7?f;>nP7JNk~sARlV1@Fms@Fb zq18I?JsA?kluX!(H<^uu%ibvV@9Cf^OYnUv%>eMg691Y7^VGl7%}uYAoXXf~pyo_y zIKxCM|1L;4CEStgJ^%^z@E`i+980SAFEQ1g9H%Y1wEPikGPf0;06ts=e!^lJG*SwU zLNCviv$J}TktC7`c<%F2chc9VhS|Z#vyp+=5h{REmvXiVsRGfiBMv_`AaFx4m?R3p zukLb|h>|W1g4GnBZ-@-Lxb$O44kns}tEWs38{E)2*MYBtl@W*rj-t#VDE+Ba%Vrn{ z!a|N=KSrtvo&7>C1tv%)vrwifdk6?Y?%bc)oOnpwz&1!D^#KVXh4@MrPm~5IZVeWf zLWqGSWBU~m8*6=cCk4Cbc>YQI3}`%JI?|eWF&vcb&jDF~^&&&c4@ECFWu8a9vY7@E z2Y@qAMl5km=;)8aC}y5R-U;EkSuzD0hycQJlGvY=lMg*(2v=;boJ@R~IY-dqi5~>1 z2}=-5B?9pDrD$6BW>Cr>1LcS>pMC^SF;8_p#e&FzDmdkW`^U%+3$ScOEVkc7F_3X- z_`VUmG^QM4k}$9{L)m_!;0JB`UxBb`a8ZffGdvGCfD zqj18)Fz1j;{7PMRW5aCbqP?-PNj5e* zt!|Gr&*3k~>ASIEIE&%rY-~6c2&cm=1oF^LNhfmiDah;1ME~ZSh0akB1B@YlFaeT zS)7=wyp9T#_~xQ5&7kj^#ei$Tx%*O~qBU3sGfq`7o6t$|5pA9>0t>+dFbH%CXK`Xg zp-w9TA<#jZJwfHX!~6^+WH*5yGDpZNi3laZcr`sh;z|gGb7xa$q8PzuMGKd55C%kH zo#HPKMJ#6d1~QQZ5%tm((h#4dmQt~8MTP8&{^-73`&5@8kDF~{xt|LX&ztA%HRDV1 zUGuzc%O!c&l%{2wp@G*NlCFRljqV4#oiaD!#QGFkIxbF5ELYs4hM)&p*tmMc82wpz zc{Ml^Qdxd1_@I7{#m%WG>lroj+vSE;l|16zFokG~T#*$8LmR0j;LdEGXyZD)E zj#NB^#K%zNfL)6<#T=vgm}WRNz9Ar`bN+5vh=Bc5`@<+ocoNfTJ^x~jvNfUch$VZ3C9YYoE`gtoWC3Z4 zjI`J0P>ism1;E5hRES5S6lcV_e(Y_AbM*>Yg7L5I)fo_8gR)EmNjVt=(P&8BD=|+4 zW98%{=7dg-^oE(j*@m6Ums)kx{3}rp@?LtSoh!~mMFk_h2Qpke)!Xs`S&qiOodh=4 zp3tdIsVM$Fq0=<9XL%*Fr4tAC*y@25qRw)Vh$ibSJDlecO5aNR7nMJ+&?yaPRjgF zgkCMa$KI$Ndv_22kloFEtHf}i#5qtnP1I~UjAn^MO-Jwf zlQ*Dkf%VxYPd04*c=F40Bvq-j&@Wc>P6e%|H>StPP>D9W0#fpCliLiw%EFpiT;GM& z9)E*OV+W*LunZc>Mee~7BW6Y_z)I-A+u8cxx3;%xj#@?3XU5EMIW)3aL5-nC{U(FK z;K3;pbp`|ZhBGK4Sd|s7DBmb|9Qm01T>O$nWRknKJWf#z7smaY8-v_JaMNK9dzP}??{}Wal{iqv-1^108TS} zx2^(80MS<~u|uglS61O<(ZI@_EDP5*Nf**TKftz?EVCNs8=-#ZIS4G?EJUL(juNvL z6~>Lb0sRako=E+Ya=4iw!qjVX+7&>XLSpf!`*1vDRwfTACo5$si7CmGA%tYBLI-vo za!hBTYm8rO#TvH8^R&7lL_xYkbe)y@xc6F(@VCjWEhz1$6tY$JUc(U5a{4@cqprZy z{PQdICVr^%2I)r*eP@1{zi1pAVo%rwxCrIF4l!WoWZm!| z+TQuz*>bj=?bIDwOv}RiE3|_;j6dBY*6a3pztcQ@+uFB?&Ump$tPLyGpylz18eTXD zcvhewRs!`i3+Q6hzU~9DUPE4@!+k3?4S?%!x}0T07JKbcqWlS$w*`%_!mMsijmx}! zFRq4QQQ9#89((lTCr?eMcn+o!@*6}j5AuvylLgHEHi(8a$m*C+3~ESoBJ#D&ckq>+ z8DcVK*m4ezc*S0K)g|;#=(lP+52S4DO5JH`5|Ipw;ibkoCV$0;N-(S9dp|ai`ChH` zkOk3=u}!n_1Q=^@pv*ia@dcB)t;BA=mlaiVX%}_6NolWAzBc<6Qr7du#d9GZ+BPMa zIeli`E2LwRQ2>{ube7c-m-=&Qy6RcKQ>0gyW?P4LB&uUCTIb1q0yqgGk}CE_+sF}#)E z5kO=k82iHfI!0FT>fOQd1vt%j+yC9VA1F_7%yqXZ6SC`Em*OWQe+-)kMrzeGn38iHS#fs7S}#vQ`EL~Bizg>C@W4I{yRYUi!V1RjZz zUb4`>W*q6)diZ8ha>?>klM(9tzmrkSriQtw_WAiG#U>rBmdnxT^}Re|Th5Qzi+O=XR!v>x(x0*9c=LEmLzNZh-#NqD5Yr~9OxPMmx) z%;~i&M`jnS5Ib3A17O@Cm?0pCQU+Hl8yoPRlLnI@S7oyFEY4+Q(libLiQmE#n)t4k z^BWs7^gAtS1X_c$hRhwJ5!Te!5p6AL$n!5RS@v*&BY`<1hYTk3%-ndx!6rUL>5~#R ziqggm^6G^o3du$1SYvw5eIfddA|pOP2r)FY_`h``vG${2Y`1D+x=Zn`*(XBuAVjPFQOqJQ!&sCq z>)J~&M~)Qy^pa@e(xe{v!zb^R5#uW4LQ-IdH=(kc0YxZdZ~C*OTXZp3M5pM4IQ`eZH?aVck` z*#3=PQ~RZ}?Y!7_extE|CH>8XCgoW4Sn#R7EImfUj zO4qZT=ULX8tjvMNnOQMln_(F$YSiK)U^SwY61$berFOM`oe;hy7dl z_#PXhMZVqcZ#lcp_V$*&+ou!n)eFaCLm1dzy?&WYonb7#@oDHp@u-gftWTpTs86UL ziYcUZBvoHV@w@K`@upWJTl`_)E^XZrrQNA0Q@{P&tNyDOI4FA*&gvV)u?P`dew)O! zm4>3fmwO0YZj>WXZnJ?&8n)Hm=P-?WGcOAu{gR%B3!bCO@58B&p)J`^+r^FG;Y)%! zWOc(i%z{nOe88c9klV2XG7E(;&tfDf@PoYGpm4V^uyh(TTZ0Z3!_=fRIwIttTai*} zjQ3XsL{Ls@fV2ji1s_8Q4!!oNaoV6Qj}Kr6G3tri{UCE#N(Y3(`8e2Hf?t%2ZZ8|e zQv=xZ2YBx11;_W3u6A;AU>ck-8@s-|@D-awM;8}U{al%@t{`Y@6LJ>ajU2Lo<%6`v zAup{KdB=`4+_zFW3(+=MaDY#n=Ob4gNgYh5O!me_*wh8DAt&l8!E8k04{MO8^T zH8ay$5a93G`z$(65Shm!B?nm$wO#K&4boHd3}C%2$-V#nfJYCcaG36QZ!QjapPAw)$X5>-$@daXX5`p zh0k!x-uvt(jkO4(QK17c14|lr$?M~@w>h9w=}%#bAwTpJW6TR|gcLhNgH19EC6XB2 zb$wVrmvK?n=kk>p(azm5bFaWZH<~aEx6t8!fr<$s;>7gXUUS#ucqfM>L$Bo?hGI^u)m9YsKc?^p`RS+uivndA1W^!0JF(9pwXU25tBgx zYip}_3+L|9y?S(q(nu)mkdzNA@NbAWz+#P*X&tcmsz9Ad6#7X7mLfVrn4nl}I^sq_ zp#A4o=0APpmUQ4Dp86szRWemNVHy5Zx-Q*9wPj1Ad~4IlOYj$#G?ECCEx;qH>=mg0 z+PTCGW5}AnRVI5qX{r-?@Fevxg-qR2i%n}#PU0v^$hz;5t(xJ7CdSQfWg@e97B=|> zSgp3;i%Smfx8lz{_el*luc_hliEEb0B=>{85yiz7$w$NcTpow3FdFPUL(<94eI@Qv zQ?VfIG(TseiDlaw^^W|+3XLG$M>_f6SDskexj$}VGrLwcW~=c|S*!wlv-t*j8fTWl zh{k$4uI!4JBbO}tkhweP@VB0!{S(AQ!f*q0r@T9d=W-kHaPqv4WZ*k z9>#3>>@cv&lKx9xg#cv}E#+Z`TR7N70yi@_LC$t*oZg7!n6Awb>y?(<46cr*Nqx!6 z^Vtv!E-4c;>YatbT;_O8gAqM1ix?ur`gt%L`Juu+HGMY9HulE_^-DA56z>}1AhD-V zgV&br_q-7fF27&0adC*H2babUH@v5ehPfY(0w$wQfPhx;7lJ>zWB;1jQQ&E}hHUCo zS>i14)Tp>KilgW{6U&gdmOR)o{JsQg;DHX`u;Dn0t}Ghu{wCeE#TCloc&;z$ zKEk1Tp6aaZ1eAyCuv{J$_`*%ljs=@l3?BI)BVz6HHITo_?q~I(FuF-yTora`u1jzy z%6Tm-_Cc`(plpTL17nGJIxhZbjDkyI_UDV?(N5@G!mkPCJDDNl_$u8bxKcn&9p)E{ z3gER+^IZzg01@<8`{a3*~v7p)mUnJR6@7# zCsWf2JEk|XBl$N9*(dR5K*Q0DjwI@HBK@4fLYV@Lsb^{Ra59_=VPDkm)7WAf3r%TI z9tC<}yhLZ|sS^E_6U z)MZpXC3B1#n+h*jMiLM{W8~f7)@njdH@2r<%>#TMj4|LE+Mk1E@Ldoc$CE!VF zHk8_E^u|b9lO2G^hO<$_f>*9=))G1e9*Tj(8`i# z#mqUt=+&mInV|S(~CblRVjr?%r zU@7Mfb+39cb=f&hgxJP*N(lq;DHhxR))Nc%@mu>PB;oy)d|Ln3-q~{RcJKGTJ^oZ9 z-%c3kbi}?5U)NQovfkFQBZaxC%aLamp{`b8zhZtJpj{bP#ypdXQx3gFdDO7lr$=XL z%9+Aa+cCQon>JnTdbT&%?*78Ah`DEO;7>Voeq%}UP=9`Ic22)se_m%XR^^llA%?pB zG~$U3C}uY3T6~;t3&3T!RJ!Mh2HO&K5c!OVI#y*RX9Qhc)vInXNx<%~3_Y!F~P z!l~~WwWCld{lzsIsKlmZP-I>~tt$hvg< z*wmE8fB>u%VW?1j0MJpM`z^=?>vMP{=^c0B<)VoimCM8w`L0kIEA5cH>-EmNQs0aw zlUXR=rbQo;$c+Mt@)ggg31G4V&6tK90^N@3oW*Gj^?L8Pn=xr^Li-9G`NyL;8jOiyb?WU~PL=XVD%E}2oNJm4Ovt%4$FAkbD!u?T*g#kRa2={^d#V>8LEe7BzahgUYm@u znF=29Q$B&5Q52<@5$;y*9U!Q@P695?WQa~eY+F!jxYTjugxHWm#HEgOVsNh596Ku( zIcDmqLqcF=7}@Yk6EhBlahDu4e`52({7V|jaJ_UD(1U`-z}QrJCCT%|scaz1{2qcC zXU-b2pQDg%F6$F|iCso9;jv;Ep<@`=({OkVFA zM&iPHRtPB!vS9i&>@k9MhKwfpTbFz?G`toH4q7Go9583W1QQ#$LbT8z_X0_H6wKfs zU_EIa|FqgwOLbIUv>re$E!?+M^^E(toMJJ?g!1tPc!Ga8yXf?f&)#->&F(wp6dp6w zndEId7EHp^yZ3}m#6^x++gn>FzNJt}r!)L&VoAjDiT{{78G9T~30Q8BCH#NM2!q_r zKvaDQ?={mICaE{h6n%=r?DJ@~8B)J}FmNwmo(?X$y|a`4QTw>{rq%5AKb#!z|KU1f zX26fq5c6(`csJlO_j`fEf%&DDC%Bl7Mll=FB#KFNX(G#QLbSUH{$^g&mBM7q;$Ufl zo)okK_EnF?6F(IDpxZqb)bOV+Vp^@65NS0>oGShjj94i|#drm^=<*U0i^x7^;MM|A zr=m-VpCL|w*6p5jcy9jOCC!7AtPD&d;zeb2#lMFcx=sd!4^XLTvZ?HPDmpD=ZlhV1 zn)6@*PLg~80@MrKZm55#>tZ&11SK%cr7FRBAP1ngfcO~6*UdLOgsU5}ggRNjL3+b& z$ZxKO4t*9gwnr=)hkNvf?@@QMcYAB!-rnBs-OA6NF{|}k^J6`&U7^{t(6f~uy+Q3mFj!#0-p5^+V$SxCyJE+TSb_$7!_Ey5?)xQ2FyZkDXoa+Y&>Zg`P9o3JpU+B*YYgCb=ZbNWRP50jAVX!w@CR;X30r8Tre{GVOc9+yuZdjhu^OCeo)XWx#;>-&^HY zVJ@fmTiz+AG#S^EsGbDe5nssLh55CcXi-!fb4bpzxvz^+PEqO3$*a*cUeo>H?Ud=()A5=dhJBft#|he52C2E>k|2FUom- zGY69d#!yVxm>j?9Lo74;r87`+7U=1a3Zl;8B3+uH+c@PsGYLsVZld@K-wve?e%;v%Y@4Q>!P@6$>*dS?YA^*D->l9?pWG ze!YXGekiA~{_&rm>c4K(>g&!%Z6T%VPQAKaukQZvVE-4aftCVxUbf~oO6oMv+COj>D;%KIQgzL94ofB~k z3bMb%bpH95p)p-{7h1SESKFOsoA2u}thN3RzXo%*UjMyX6WnHzdUb~kV@9vwsViN! zj##bqMNja@9(jH80Wfwjo?R7a=&z%ANt)^ z=Y6XK|7jnz`ew_yT0#+DQ0x4x)7vlWl$eZv%Z}xfa6G1e8Sj-0%o^}e){SLZm+$U~ z^By+?R#h+=;^%isG8Ogp{YJXoe}x1&i}$M;=<9(#?`ioZFQ1oSf5&LeC{_c0tT25J^ z%TL)N}q?*^SQ`uByIPUiv|R8!qBZHJDzB z<#R+vRreDTGne_-D&QJ3=SaMu%#1na4eF(Le zXtAIA9)wAMSV+p3@3RqJ{vd8xkYesQ8j)s5gL&e+T!OM3iED9kxJk}q2+(CSH21!Z z=_L&*FnnriD=#EA@Q8v8ny@7H-D3DQNyc$B8{uq0ZvV@)=`w2|ydtT-isLHUt5g;S zYy{EB)}`&K?q#LY!<=l>NO?PRLUEmz-U=`=DIVfVI!Y(~bPhJv%Mv-kfYQy(tVr(A z9_$dCO)faVPy~K>#Ve0U#??B{n=2kuyVE(z@F@ZYVit=xaNUv9nF`H$@v+gso7yn4B_`~81xZGZp$ z&h~$htuH##1)mvDX#5{rpWRk|aQ{a>Ysy{D5So$+2yg-E;`Zm#R4Q{dfE3RZtZWcM zWCUc+TTNla9vppt%la_>{cGfE#gTa%0AFaX~`13S~_O z4>3?NFMSqZ;zt#&Ln;~k#jLx4RMT@*0bp6-@L_@jdD^0pGnl6l=W)#VG(x8aBfqwM z{)px1;9fyw)-ytgn&5!ZSebfF5Zu$Z?bBa`R@|IYcg*CC)TE`4x~wT#KVL*4`H1Xr z<6rro0i;Wx%O!daOH_ld8-9A`x*84;GtRhF_=}wvQ);NikRMe{%EoDwu#Js9SrPGv zJi%!G5RfF`KwQwGI3-QoB77{w^_x&1V`ahp6XwMM;6G%3a)fy_xL7!oJnj%N;&a8a zYTWq*;>nnB7F>e+Df7TF!+bL|^HLB--EryTE^d``gu%)+A;yuX>W5?iD1#~fASiH# zYp@>Vf$5G~wtA@gLC%y5UaBaImCSgxV)#~cDR0JNng#C&&c$zxGfDg)RAJ7_lCKX_ zA8M(;>F!8`2IZNp-MgKNfyl8}L_3w*H0G7bDrYMs-_{;2xgn@4J?BARxp=^<-1Rp8 zucQ9EBmXPy@uGscc17EnhCg$eqk|vF{e7MD0AF_Fq?A_wip`%w?~2V+dYp0YM`7Ou ziNnVpWPR74j>YYmXamODnv`-SZw)4 za_;UlWVn^pzj8)YvU15ER0NZMN!F`EZuf8d`htl(M;heWvznet0>|H?vZTu0F`F0arMsM;H z%~_JJ1^LA`1fqR*&EnYinEi%wW?#g?BB`@iuUFwkuquV;G>Q|m*@s$94ZqN5V$yj; zU66na`na6TyND+w^FcCVRI7JDs3?R~u^9EdOfN2@I4cnDbwRx!+a8$Ry&Y|$H8 zK`%<-|JI03;3p18nG7cv(p^yN{ZMLsLKh=%SyGxq+emVZrY#9#G05acyLO2klB$L; z#92vm)@Ix?RmMOgxnQ=l4mpWpMn0DOq!dWLBAScB-ITTJNz7P%LV3dCIs^yF!%Z~e zcr{cZ;D3%%yt35gsW_6fLV6#_a3@Z%MmJ1NBun+DX) z88eN457gbpSiOW^u@Eh^JYiF^?WCPnyh)_`;CVuMgV;A80rx^Q7ebbUp}5v_bcU1} zL`j*hEIwryofTE%rB(kOwBQ#nc1v{Jzis{D3haVaCkwv+OF4zlU&`rU%4w#|AETTu z)d?5u(7nHH{cSs^ZDyBuMV)hH`hV$<|3>;F!6O*Y44SHFuQ#c=}gmLEpBGbdr;+pIQ2z3odL%tjy!3EqzQ>!eTPtSU-?&rMunxEzGzgypLz0AM=zIgfa z@A{zK+W23SGFWlw`s2Uxa#(o5^tJ}^kIvZki zpa$`l)slz+24kXYMwg-vyp+qyh1>T+(*h!=)Q3SdR8|B4oMAZ;UO#x(Jbl|bK6~p- zJO#tCM+_fL?2|Z($Bs-ey4TZYIda$y`9ohu4!3T+(K3q99dw% zjg7;zpHF-3lNM=rNvHK+7wt~#kQ|+LNb{6Pp^5zQZ^NiYCR#olDu@Bf6(0gmDh?dH za$Y*O1BbvqSKs;^C=aQ7C6q_V3PlrtXu3Z}fv3x_54N1YJ1+;dZxrN9_PI2h*VjZ~ zm7}Q;vH@9l<+mA|+n91$&ie+V@)j#wD$rIez!jULuQ5>1^}*+Ife?p_>WocYfV|$o zhK#vP6-)y(bvASqaH`y!azCc)hF|vhoxk)I|N%0hf zsb;M-pNe)m7AvTp&jr7#9HnY4%rxjJVVR;uB?A9=IST@ne}&xw+!r{(OvFDQ=}OXu zO5jKmde2+8@~@h-Kc?BndJ*9eTj5XGrfN0{gE^V7go=?sC$fCB4oPIlpmmFnBM0cV zJJ2{FT^t4Wf_z7?1A`jjklZXEX9fmbNF3;MosGW$Q{vCK3@htJ8o3N&Df7Bsemx_}(x{)45GO!*Z$o&b8=Q7j2n2Gg)__rfNFAkzv zm^8M;U?M5IW#S!gSTa}2&Ekqp#l(^*WaKIo?Lq_VnA--LOglJqhzj}70jK=*H?EDs z7^4aZvTQPBu>^RNeOB=<(|z4i>OpA{kk-FxaHlDPO>6 zFawg)2zBF#^Aym^ScQXe6rq)us|X~$M>4tdvQYaHM{zyxC1l!f25CdCLkO1X`qT?^O)J-i;r$fzDEMzWg%xZhjg#}DV!@&IE-iv z%GHhkFL7Rj&@pEsm7IrB_$(neQ5?^e3*)ndaGC5(90@20U~&<^ju zihh*$8a9C4CTJLvy?AMCHMxyGZ>wdAm}7ktM>oj)n6Js;exU`49r1X!f302Q?0Ga3 z9I`*iZaLfu*sX_m!YhY#f<&G~nP=58;NyqU z4elec4-!P#QDnj>p3p$>r+kO{vu~<@eg23~?!ri?Q-DpFurFo&dD#B5y}P|zu>b7r z{$>C98lN)z&pUrKCQZDh_<^6y@pb{1;!5Qr^u@tU0~0aj1VNTm{t0lp4FWQuzeO>b zQuhi#VF`vm@=Y?F`Ecuq0u1RoXv^nj4yeS^1a*iRcFoM5Z~%Ex_F}nLsce)z35@;G zIGCFkE}5{HY-hDa(S@CiICWBr)YLun?I`_O;r-zN))f$Btr&OpCWuCRkx(Vh1{*YJb!QDvcG8NP&WFlax zn*2in4FlRG4GCnO6-UcQ)fecuEz9%&)Wi67T@+2Cy@v|c)T!ks&R+-AQ$9KQ@A`Gr zL+m8TK)!uW8xP3;t(Pxe=HtJ%w*QL%`YNBY`;CNS$YD32q4_5^-y=t#`KhdtUPO-k zTLM@YQ9x`vW;4zt#}S*HH@n@R&pL-)(&}{1I(rzr50^N3*OE|iF~H`kl-JT%Oq<%l zd<9~tlA7Z7WEu$k>s(gd(?p((1-%H_`OjYDC7LzA2I-(Kx4m`&Nw6QnqUjzsTe{O^f1)OuLws1`kXWvq6IopZWfp) zRrd_+VyLf@SNQPty>m-Wl!;q(ER!qY^WWn-t>)oL%b9p<^6k`?lFEj+Q+xaWVWInH z?}Yz1KSlXJ3ZfwmzM%MjNdE6`y?T+C|2tdX|0Vyw#%Gya{`Zy_$fu&1a!o*$%#@(y zduMyc`P&y3q=fty`61A1J@C;9LfWC96tdx~jAoY3kDSaD<~zir?-9$0&GJneZHQOD zzc-7Y&w}7Q3Ve5-t!TPZLP2M$OQs}rUSVl+w#hR-erEh-yXId>G;_yfK`RTRh-CAw1i_^mh5gxqvm|n@ds`dlDy~Bhw~+w!gI_h>)L_O6PqROpT>~tss*p4w`m%7 zz>hzV{cAs9Bi7bgJnQL}; z(!@17cg@SK6#6fl@g|e>X6J7ubusVFpM7Ti_4#t2qW-5{d~B6y?{js*hwOhZUghk6 zJ6kXR(*M5B=l`z$_XpmTN$TfTinsk|FWMLU6!(9^_?I;Pt+M}j^Y*`&-|y`Fwg11y z=g+bK6Jn_BWl+#72m(t<0xMIXb(?^zD!?uQSI_Hv3kka&XbymMI2c9lHJz9MW@~S(EstQefm@D zgRY^jvW~PIEv|Xe?Dkrn(z;p#i-BgVpPn7I`t3tq2VA~=uh7ho&G*fBXD6+6DD;}X zizci{^03)!zG-$_F!8#)Ixn1LK4k^+nL0TA{qwVK?`@~mZCI(0UR?38(|+IT6r1y6 z|C+^%>zT`=E6qxlD6P?LbxxZnB}1EW76Urc!n#WFE!IsBrF`YqakJZNA9P#I&cVA( ze_23z;=7#D*d3R4I#)N}^BjRi-Oo}fj3G-U9mrBD2getJU%Rc|#rXnC(&?&;#?9p; zJ8d5{yS=0K@xsA{zDs#>hHEfkr}^ehyLa+m{pJCPM-UhpCW`5B=qD%t<6!4dgk<@slt}x0ISGFX zQ!eHQljlJXMbrK6hiu7kXX>UVLDyi(z@>KoH zN`K6-M8nGbX%tfn*|5~VtV%_Z>mN7Yw2m8A>h)+FTcceZVu+)?6lWxpNca@oj>{E7)98EAsIztJ*-aau$^fjW}eT*N;W+YacB7i z@;pnR7#Rdhaet$K1(yyA;7aR9A;3+?S;S~WvaXn*GmS0hrC^ye@Ri^sW&xErxDfW1 z!b&Sdo633T?Bu)$yw^W$clyU?2Td`j4XbTtia%5}t%}(5CB@S%B%11be!M^-dDm>6 z3RN(tmyBr(Z(5e>Q}gh!-#b&AMlc6rR8cvPp_wZQJUo&Joke8ev6A3Y!2SdKo+q1j zd`zv%`{r@`5JhFTP_(MGU8_<#X?45Jx9QeXLZxB##*ApH5a*%s^hht#Kvh@`PCao6B)k;-qJcm)lYcVgDP!APV(Y5 zdh=8<>P7}TT|Zzbk}*qWF}85&SC%$1ivx$qzU`5ZB|ZMts@zvP zt+%aT{_VGzvtjNiXX6jtQ_eB zR26Ilk9z%bdEX8(4!LX_XuUBlUR`3hu_|j2l}y^82xA1XR2-zLg1NcqkOdCuY7mAA z;~bNA%*CY{&3a-#Uv!QIB>*ZY9yr>1QrKPEaFQKBTHzsE(pMfzYQo76CAHpUhGJBB z$h2iu+TDI?PAwyWMqooFFcgaH4Qn-hx#W_W>JpFBnU|5$I>^J_U8KgAke9mb!!(P! zZSK;UQEwlnms58$m+~^5S1neS++nNNY#(>Cid^Y5E>Y@AOq``8w2&yP@Q~S5T<%Mo zOSfrRo7v61uY)s?Kax$U`-nBJpnO znN~HEALQ-&nToMU{V>WQOn+VJEQ zmv!m{n}??mF;!({^7B}HVad&5DUpJVOYMeSwDuF5%RHCf#1F|n>B`B2e`2n- z^lF}VS5?LtOTS+@Px1{bH%mrEH8-ekra%1iBenn4wEug{{`;?Y+pjk7g*uT{Cep%6 zkx08&StH7HsCiWx&W#MZdPSC)wiWXN04$i?t9My5aNso*DGu{eFD!`VJc+lp*@*I=(khwxN5gRxR z5G+R~GZ4pZ#93|WpxWmT4auJ_84y%|;Pt`WoARMn-F8sNWdye>>@T5Df&VZk)jRW| zb8p6zL6Y&>YjmUVr(JM|Cw-Kl=jyH1zxkF?94kO&g=P%JM#{@(*v!86v71yMMHEg`OL zWH?KdfIK@r{s2Ht5LSpGeSSiCM6MW{0w!{Tk$-~K!sx~!2Y9$lsNj|mmS)0|afHB6 z5rTtDby>5k=82Pw<6isxxYa*@+wUH{Yk^o$zy!%`TDZX=n6*1*6S@$Qb4Amtk@{A? zYCPAk8kPQtB_}YBvsp5oC1>$_8vAq@FmRGzSE%l@kh6rej*eQ$_Htmxb^eOYdr=n@ zzD9N1_<;c=q<_s$@OsfOev28O1xdr&!mHvM38GQg4}v+dkd(yhkaN99K30u(e#KhH z2YsP~9*|@{WyCT|SY)5nJ$79WXF))A_P^UEzyGdVt^UK(#+Q%8s^a$+X*7tnWszU= zW*4)2N1$a$77#rw>zViz=B!~=*UhpuYnc(|ng%5#K2`5b68EVM=^L~n6{-}CNX5p? z@g4eJ_$(opemcr1CfAZVN=JMTd$!X$(i}SRx$9g8(a7h~WrElsl#lC)Kkd6w5XHPt zLjZ%HP!LQN_aI<2Zdjk#$E}G~ao+?p27m4T?T42?y!yNNuEV^;SrEY2+du4Xi|;-# zAx_m-yRz7u*dL9PwEp(rzXzgG;9=2;kTd-t8jV=|mL(^V$2#;zb3HQY3A~4Pzi8`X8tVXW$1uFBrl-uAskekb(iiafi+!IC7JO{XkguWr@I{j*wD+_U8D zGHtLxa9f65$p&>Fs@bX*&W6ya_>{SX20S91&f)ngVPT@c<%Wy|>@u;F*q=<82TFiK zMh>GSJ*vgQ3Sk12Gl%@lhzDpwF(kYNYneas6UUg;ZbIFwUQFF|UekU3t-ZU&aeIq( z-QKJ2;Huu6JEk{|8TCr4i+U64hxrOJ=YDTKEpPN?+9n^fAkb~DK}SjZPz{`7iXtJ) zlSsN6akFcpeEV=g-;ih!jZA5YYi4DNtF5no!&*WBXVl|-tvis>_toumhvdoN>U%U{ zWax)t1#hDGiWASjyks#8lVDDUlw;cBn=u1i2J~`xdwNlS(><*Cyf5naCH?~Q8e0`0 zXxj=*x=ej2R@)Z3=-bl^wNt8vBDKu2`x9{=pG@`C!O?A1?~u%Ws)8(d_^GaAKWF6m zw@1Bid(OAJr~i#Rjp^XSW#zZFwq*HBA7|6lDuH*T`xzeByw0b77_zut>5G4@*DBa^ z`E|pp|NiNd4gZ5ng@K9a)9yvsR1^~*GCyy`^dI+?3Li%|U8JX{e2sJy8Y6m${0%z`<0Ie6LMQZ!5eiuagnacA zPR=Fhbo-F3pSKTdSgm{BKJA~k4;$5QWYwSiAV7Nzl2bn>T$oh`Pss@;4um$@G zAAMHnxMf7PWHs zmh9_gs?2X&d4;EXw_{sEwXyCix!2u;v(sMdmtJva%O4umbr*uu+L94BI0xNU=Y9J?yKI9P zv2ta4o#p}hiWh!)*J(8m8^(>r=8>GG!BbKty(Yy?MUFFNvr(tAbqZd-4&^rwWzBL=S7jgno_X&tsZVztgrl?ZDeNliLn z#OGo#Q_4B>HVGX@agy6-Df!iI)IdGeH-}8f`*?=fR4g7woRNt_|Ac=)GKk@9B<|Zm zbi?98N381I`&Q@8S+~`f_l0j7L|ekiujIS$7M4ol8GE1zv|b#YY+4jV{RFOCg4XZ9 z=YHw7kB>hTDdgtJm?tIY)>P8BbVbCOOT37|%7C>yW9$HJFAvPFp{NP{5^1xu#6jv@$}V>{KLH^*@&$fGds+8_@e*v6CFvp=LsXOGp^~MYnGHXyKTBILYfy+e!*ceSgSWE9RcEZHQh}=;OFGOWISt7Vr?aGy zwZGVme1e7E6$=j~?mx+uuiOhlZ)3*7$C27uKngALkE69)MoXS+ed>9~e#jsd70DW% z#H87_{VBB4h0{7}`PyN3hWHYId%--$!ss9hqFF3|%q#S2`4vW-yIV-n88B=x}StRQaSb_cpQd_=Mkg~lmrLv#4|PB0kQGEqx#BC zUzTTFQA#2riaU~w{Lj1SMsy6a3uZh(ZW#G(#uG6_GNJP!1i4<$0x&5`BdfST>YR?^ zA~mIAFkz;r-@O`;bwA_@qaNgwb|>CG**E%+xebdw_PKJ1)j5LH6v-BbvqTS@>1=ks z8P=wjMGd>Mb|`_10qaKe=#^**1`9SRcFSDyYTvL@sV0u25zk$YO`UyBKjR>8$}jZ` z@!h4oE@g~lnW{qZ_Txr%-SaVWz^aN$R!tSlT*5Ak*RM6u{yq}h69tf*YI1Vr`7yDl zME@YZ{bbZzm*WwtQ~UHS*&_!sVNjxScuy%{I;9SN>zY~(GghTL29`=Jz#h?^{XvhM z)MU%)RdnqYY)C_~OUnynRl1>s2y0g+tHe}ZQ5${Km2 zURzRQuG~whqqWCeA*K9;OOBULo6=>4ftNuT337yVAq;@b;GVfheEt)gcXcnU>fIHa z-&^Fn?^Jd0S!qbg4|n6t57j$p^S+X$lr`*Lv3XWU(BuAz&3Quu{``(!mcL)I`R_?| z#iX$^XD*UmEVoI>=ZX>&D%gEo%0-*T^D7b)H-7T$;~u=S?)~~q{2MBWfA6G{BDGb5 zcgvkgRNU$QmsIaEgS#icf?-JSiBvLdtGn8Lr7~j4xwz14FQK!`pV&MX++)srZg#cy zmrm0an-?d^KxB85860t7G?bCak}sl5)5ZuwSlS^+n1n6}2%@*oLUubv*{lvw`SO4a znl*jcA+Z*D<`@IIMwYAY$RVxDqtz0Sm?Fnoie*iWAtY6^5WH8QJUl=tcN}S3iNT3K z9`%*0;k&bw)^bakyp@-jR10(stEc`{9ruQkvbsct3pmUFxIl*apx+z4<^@Hh(Q%2mSFfbuo&81(Mp;1 zw#$`!inrZ23%u>X#A3mbuRYPy9FHI9BzVVyDT^`rBzSF#=}kn z^V{Fg2mwO}CTl7$sSLOhBcSmBCV315)!Stl66XojGYgN|PL|v&tsjlqFuNwY@{NG+X}C9rllW`TH$r0x(+MO z!fWN!@J}(h1+^$uM+%2|$?j@}*AJeTc*M|zynanur|w>m^omJBnjr?Y| zK84@fyVBQ95wzf5XKG8@4M=qR2T+r!=N(6*PL!Y^Ne^X%m+-NPSm+i{s&_{hrw6Ca zlh((rU+>kaIiaCP;l>H}N^UTbIP9f}%eaOF(MW#1W2q~qY$MGL>4&86M`tSEEqD01 zclIe+gMN;Lj-V#5Jax z;ZYPYG-2!({Snx0B7|HN5;6b!XEb3F``Zupw-ftY#M^+x`qjI1^6xA6mFx&>#4zYp z?~FMSx(mT?@NQ&oHzDJ6vg|g0Gw;#~yWj;UK-7H14|ypiVbaAz+tCbfx zr4y!#gf-*XtY)Z)4OLBBRH|t;N2yS35$MUB@$`+^JRWq3FtQALg^>COaTNX-4UeMu zSTXS9M80C+AtaW+H1>gVs8*5`N(!m6?nixTMsC6Vi9B=TC`{<^Sq-l}VkGE`gUYw~ zxj@e{OfuSxyX5?lv7hgvN#O`Gj;5W=_c%LeH{i)z-PQZ`XQs8_8E4?9DxIzUOEQf( z_u*2|P84RuB#MPH?g~vN8B;W`L?Kg_ma}g5M8r9K12h{})#!VjPN(%`?8lxxrExN^ z>(c4JtV+&mU{!N8i%MIeQG=Q)vtadf$wlk8m?^T0Nb(jIcj7e)eb4N2+vX_8%qbEV zCYHEmQ-j4VvIf5F!-z}2BiO8@YOZ+c34SMs1Y0p%+>02F4y*zW?ujL5LuTwhkb84K zb=V}jX4yz)aYIAV4L>S{O~}>^hY01*?3k7Ju*?|A6x|6IXl7elXM4pg<8 zHk>_!_cVC!idCK`Gd%W~ANqu8}?9S!uK@Thhogv$oe-S=*Yfks8f(kGp&HKs#W6+1 zArM}M7?SYXTposifomWb90-IEUXCFl*aY+V|LWOQ)z$ORWBrH)Kd;nXed^SyQ>RXy zI*(q!w0bDaJkm`}CKpkoanr7%CS}(l2_1cOGDh>lKC-cqjomgaurOVG-RRb^y}_r& zIZe;3!2o&$Msj!rU*NI`e8;TeQ+#rt{CvqJ&&OaLI+hPy2hdt_z(MDh-d=F5jx-2A z^1OhTl0O2bvxx*-Y2q^Jd}r%;H^Ezd#BiS!-p1IICS-Gc3S=eHU_r?lwnFlj;Q?_Q z6CG5n1dZML_UVyDZ@WhpXE3Z_-EWIHYmbB*0&*=3VdTJ)>~A324G=F}(_6Kj7PiMp z0U=dQUox3nGIaPTpp^nraC*&j@byc)jZc|}2GJg|CLv7$dC@ubY5Q#>_@d`F>PWBM zI509uv1!T^LIem=g_0W=3eA)yH5!8hFnuDfXX%%7dr7}wHc9)R+Z#s3V?hRvkq_kl z=M0sw*qxDwPYT!JQK`r0P{mtAM1n>4qd zY)gMzpFzeZ1~>x*kl4{6M*?9{b=4akI^tv!ju2kWxvLIIv#(LlAP~wW5^Skcd#KSH z)FnnhttsIaaduG*E(oA#V~HXjZ|>A$!vEO%48d*q^wRjm(frva4+YqGnW78vwFdC9fQN-(h@T2^{De?*IX z*qu41OGStRoOT0X*XmVBtMDULf_#>0t=qJ>tjHD=$-1(&DeS=&-mNW{Dsl?*)NdE1LoF4IvlBi%|6nHR(AbO^dc*&t}=EvKPB7@y&!db+Fj! zz{L&m4RQi&=q22%;AGIyJQ7_`na?)M&H$8-|{G3FA0F>q_dc3xs#a4Nlq(DX08;1rhG8$W31-&4LD|0YsHXrnp16`U$N2SrGI6zXLM43#%i$f(o(qZ~n?A(Ao@nNlQdM-L( z*=yn90lTX5By8eH@wPHCT`Udmd+snAY{g!KmN@yXqHnw7u{eNJIb7a=<$%OufSO0Z zapKezN&`}98<$10Ao0o~MZ*)eUm&{M1b&z0<-}$EVXy*>bc$pigw9H8kkoSyEQqi3mN{zmejUAUNskSr72Y< z+mJvt#mHy%4GsV$ogCK)4XLNW75ToGs3Yftevl+2K)uk*EHDt~+g2n^O~;}{LM$5E z;_!N-^p2<}!W5STd0jmi%S09xSyjHoZj51OzvTnjvNp6ILER(KYb>Oev* z3v?{deupE1B=BkSPin1J)qW8ncboPK@mu2<*LkE<60njcbCqsNjg=lLGbT4wAkBpI znP^E8qMT%C#(;bbXA4dUdXjQb;C>8rsG1jKth(c%MJAlNxwBfuM*k&p2moSr8v$2M zOpoQSDuU;ur=$EdQ#03qTZax6RyY+c`jcJ`LgH#nLvo0BR|21fj!oJ%BuW&&kecmG znQQqvbcowga$|U8aR0ucp`oU>)eP$=lib)hGB`Z6?||6QhXISc**`Lf1ikncZGyJ5 zIOQ*nyB_QBKx_-KuM0zKJig<=6v3IaWMYJL!0G#Z*{DtYPvimjH*iZZ=*ZFcqolD) zaogv9EFv7?P?Frxyl-Onfrf+of|elvbilx1H9$MJJUOu$S~eKjHChb%;Uh$C6`)N+ z2!`a&07PAxGS`69s4b98lL8TRNF&Nr-PQBurNefP=+rZpb!O?)wFs4HQB%MVLJgoR zEcfD!(5{P6#W|kQ*6Ps&>_WK5`4OX=e6J*f7C4o&Q=<(#g`65?DGtvN?Kp95I%F;3 z1C_mmS6gJUhRk9d@I%37V(0O!CbZgCcH?lj#B$99ceas9@9I-3MFJkKv zan=)cK4OLPGsXgTiv$a<8~8Z!Ag-DLgEBEZth(MZ6`YK)VPBY-h{FV$WF2uJf|49L z-VhrK+K6zMe&99ALBoRvkWL0%;S7hubVjjTZYX1(1-i~yn@ETBNAe-Usv^DgcR+H3 zl8o$8f?7zPXC%U;S#$K8hBn51Ljgl@eK?Yz8uT0lF@MT8)NB@(r` zDY=<+NTYXdO_0gpb-P zU^g?rBV-X4#aK%gT`;YVFy!~E1j!lY6BV@SL9pn$7B%%B3+$>LtTW?UxRr@Dzp!ye zG~?kA%kq-D>VOI~1ANKiCt|%q(Qtjl@Qu*680jUUbp$QAt|;uV{csi6mBB@t5Mng{ z1-0-oPti%+$9XkEH=FX3T@87{#wUAxi%gtQ{JL2tey00J2%%S(T;{EUMv9A}F-%gl zV!K(zpBxyW4r-l#6YsSe*G+x2LJgJOv)T&= zFwl7CaaAf{;DL}o5>eQ)UDR{kAfhg#SwY&htSh4~GRghI6WkGXB-}u+o1*2S(x_Ik zC5r7c>^_3_sZYEkIW~nY4cY%gE+dcV+Ex&FT(Ec;KfWkANnsmjJ{j{0eitVuU&KbvL z0+$y0(O#+p+gWj!p+#inY?4Bz4yo)oMxU~ym|*8;eX!WUAb_lb+h}rP7IYU{x*cn-J$_YJz_p2_xI1u32#8~;a;8_cNxn1N$8j%U6*CXr>=8Yo1%|0ZK?R@KQefI$MStQXVXLO+ z_$eR&)q1PM_Jnkq1xV_gkQ=6OfZTNf`=p?rg>FdMV4L1znblQNeWeC@CKTL@$+C7} z9}gBL##|+_=YiuogGegjnc6E|*<;vzoWQOK2>7IyovdbiXa zkDXNHaU@|9zMVo4Gs%9ms8L_kVSs-YJxk&6Jnn|JUc+CBvrMw%QNcdTZoyDLO`!%J zu~|fj%CFn;eO7p&z{`}EGBtxGa%VMWdo&U=N)&1oz*oJ9G-RJ*cg#|QCi8dTt~eyv zAMG^k3CZU}E84ZtP^br=Ryon>9QfK0@<-KFquDc zWMcY=l0b~GJc6d@`3m=Jkl3BiS@)dIMnI1Q{G2Hzf$S%j8#wFgg4k?eGs7FRJ(|^^ zlQk`FT-Z%yShu!Mfz>h?tPU8sV9-!h6w1WVSVI-kMCX`QZ3yRCJZf}J1xf<_JX4Rl zaF#g*A`~>ZUz0H)75j*#fG|Qm2|^Mv3KXF4R%xU$OI6h6py7&HWmRU?;gV##>h{jE zhO@*uxGJiV+#s!+M&?9v!(geysed4Dg9k!hvbIgS7h?kivt#N~H8i|x-+-tTbvaBG zq%uRvFxO9nkQq0|3X%`gIp+5S-p-c?su}#K8i3(Zh+E z43-CrFqmm9RPFLn{BWS{kdx%=HUp-u&fstvUfRKq=>|L2>0rk?8tm8^AMBWRuq=<0 zGF#slv+LrKY>90Kn!{nL@*IMpT?<~KBzUyOSnD( zO;NU0G=)Og8YBl|?R(U-u9cw(--wEum}oGF(Yf|^W*@TM`30WwusfY9YC($B`d}7@ zR>74lyGZ!KTu7Ey@s((7B^z%`xV-QM2Fsv0xa;WPuBpLYMY=LVzk7;rXpBmcep1N| z29Azy9s1xDI6kFQ0a&RwAY5c+1Bo3-$vEAt|d zq~C(MIYd^nxgyeBNe1sr@tU(B*^9RGeW*ERm1uoSsteR?XP%XOXFg{&+p%knTFV*` zS;TL{yLP4aP)0e79_*tJBzsMkR%so^s*I65O#j|T|IX3~#KVRb-RM{mvkv#}Ns-%z zefYPiDaWn=KINpB-MghHhrJxem-~6;z># z)9B)BQO~sTaT0&)Z$jPl?3$tmu9!kbSC*cG_Zngf%1fqameGcTo09J~R!py#{IhG< z?D?}Jxb4W?+@7YT@NSxVnr!fIHbpJrR)G? zi`kh(FRLz(^YhW_M2-bKSg#_y0=S0Fw6s(PeprHQ!FF;y?L7nrTA_ zY2)|Wp`SP>=Tb;g);=nEXxC?=U$&Gt#|4l6Y44TE-z$^9cgLoEhx-MRx>+F2EijuD zI-O%KOhV6d2okyRoa=;v>K<0ZWd@=TyJVo?5yd%u={`fALZdHjpXf{Wop4T^K=06a znnoXf(${)AITgEPqce*H;{?;9^No%xaM33IN)oo?rG2f8A&WxMlqbrS|rr-apLQ|83;!%G1{0<+uT#u$D zNlWQS8u(ByRK4qFV#JR_+YYU00#0F48h&zvqtHaO;G<~DZ^S`Jujsj1nx!+_H8Y`w z<|v_mVvU-w*p7Alim+&KTeAh|p9mcut0X5jtAqi@SavPMO?X(6ffQE}9kV@MX+r+8 zvwC^adq$RhWER_|v8y(P*fhW(wp|Hn?r9DROLAddzb-=)Rdo8fP|csXK&@ZbOs`+3 zNm)cPD;>XLekNNwnh9G9>nkA^klE=eiNBFwzfQi7Z#x^3-72qbi#aVi>brPc^hs^hT~M+*}(dde!V;zuGilqlL{7sc4bK4v2YZ9&fRIXN+X?CSZkiDIcR zarhWcGsf#3nadF1glf$9*mVGgM2t*KMuS0r0PnrbkS}<)Q&8h*A-atKtS*@WfdMQ5 z9d=vnI$=#PoakiFpa)4>HFjxXg95Z7E(E)G>qb(5)=@K1YaHZ@;9zP^?#K51222T; zBiqo)A+;0TV9L-5T))GvMxhhri~5)ISLO;C<4~lcL%s+uqKJ?_uS4A$43motf}01e zB{Sd%c7zY<@*-WAhgx)bXvRGPdd?ijicon{oYe{nC0J%2(l{Zm~fc zG!046$KGQdbNogfX-Uum`Jzw)6{8uSI9NFV#>AxK;6>XK-jcXOwF;%$j+c1FZ>0`2 zT3&e1J>jgFRolWmRpzAtSk>YwQadeD5ya38iiBE9sB<@N@v(S7!Vl(oz$QIJIj#{c zufS3|iSa!yv)gdsb75%lY^3Ko#_O!~g7i|Y=@Vq+*meciW((aDf87tn==NR5Xt=tB zZgT)=j$gXZ8(`OB{O9sa&~ax-U^!Y2nrUKhhv%BI8DfKePS*qfJM0zvkt1fCPAb2;EsipDPY?(CWy83jXbkbBUGuh=@NnsA- z_nUy0+ggBlA2q90Xd&UwQlsx>QPlbA$>TUb0%?NtF?rBmVj2{1JseY7HXA<9iGkf8 zaAYbv1nq!s^=Mg)k1fD6vH%AQ-K@d3tvg$WEH%CDS%8=Y=~l(9I!ZmQ8P^XMz4+xq zSs!N~BQytfe^e5$}? zVME2)6S^rez|3DdY$MT;3fLK(C@8=>jQ0CEif0PoM1j!4^#=%Nh@r>YkJFYJnAC2q zL^HNPSa^eT!s{Q&`4@^b=3bKU@na$}!7|7Z^}!s?YhY|6KTj{(&e}u6%p^ts&hs%I z;-;Bc!Ll3vRX^>Nbt7HIGHet%{xD=zp%g;LY#K$KaHs%#M25T*%$cj2eqfi2*w^5p zVba`Wwpf}NJp*hi4R+J)8o{?4hK+vQDa%H`Y$IxQc%sLmgzZ+g>d+@_D~Qyc6s84e z*$6hMtgf9(Wo zPPxva`_Ql^F0V6o_zW;79^|H(GlFL~>>2&IQwEKGnXbBvz9yTFrX>mWvKBgP&D!a> zUpIR8Sm1x@@6PyNM;fvM1Yjf5Uppe4&4mR!n7ZO2lFzKD)EN-bbfBA;(h*#{64cSJ zJC@a&j^o9(4omU5AheZ79m;LpK&a@J0FI~+WcCGF%R(H)ymU>P4L4W^HZEtdVq4H+ z4{hjkugSbeU3D3K6?Z)bhlC{$Yu->twSCc7HuOoZN-%y@V4biL^9K{KGf2Mp=)+6~7%cgYU=&kf;BgoV4EC@y7<9mf1cN`+ zzzE$6jB9Z%QI2@?guf@b!HLyO?MWJdH=!`4^yK(*ocYf@9}GGW3;`kI5Cp~vN9jcD zA$-M(Nj&d)(H?OJqFec?_K2VAqSsT47i-2zn7jyskgr{*x-Qn>@?k)&s*ICK2`^vz?hrny7$&;rWw<+2nxwz^e4`$v-@B;ab+{$R{$6k&%iS{4veJGxd8@O zuaiG!vwnUC3;~^&2Sx^sNvXk$LqAx^nQ2+jQqbaDBVvGgLqJv8mBS>VbiSlv(WwDp zs*3nTK_*SA(@$dY>qt`zpf^C362wxb15D2|*Fpb2$099|E;o?q1;gwU^Z*zHRN&(L z8AhTPNFM+Lscr-mu9%F2WNe35iLINy4@?#^gKyHHS!QW}c#JYnRE~O}CGbXgez_be z%MFZm0~qVzIB>wUkx<{N>CrGQ^rc$&2EEE6tTX+|eWJs6#ceni&Ci6CXh^=Fa3&lJ zt|8LlVl({v*-Ph|#>F%zHg)M&zR6@jQbH!`-%om#>WcHKZ!Aj`ZWA~6i;(2V?c=4{ zBNK^TQqhv~m$}22W zaKLdejeaxw64JM9*JV|{;iS8m$BEx4l}&3tuxrq51exT9_~*#rQ0hY2Qwagg7>=pN zZ=scL*?zrhuFD)p2`ca6ltA+o9#u>cVSM(CY;O%Gz{Nq8)sQ5O4E~#MNa@*WRsM_F zzoAo66~a15ih~5bI5{-Lm8E^a?z*uuj(elJ1Pgag2{*f@1qSgEMIiwgF&H{dHhY8?IkiK1u&xisB}02lHzCKp4Rz*X%GS}K#prR^3$&>VZw8CP?;3~x00I3Efow^deEbFxguWQ&II$)W>l8=Uwt=CDyWP&|) zq#v6oWWv&x$)N%9<aGus#L?X36n(Y?t2HB0m|=f=^_r0w z%N?eF65n4Vksx_4N!@r|W>hgNDi2Sflc84kp{18apIMrD5AAidL^CbI9BLF|CKOFX zg8-jRq}Tx#^SWp`(w)RP+VuCdA#Jx8)LFT9A&nrdw}Q{^xG0Ng;t5>lEkl#$;1GKu z>Zcdb^3$oNdE6mG3Po>(0J4IueB$#1X)8xeAtEVRS#Wkzi3v0FNzVw3aq}OWIs_oE>c&rTl z*!<+g;X<}>yd8w9O>L7B!y@HEp#_e5WBFxyRsvu<6&I|VHNw?l(dTG#>?!umgi~=5 zTrxF+#zOd&laqIH6jp2KqZH~#6P7qNaioyN&icjU#Zqo+{&;q3a(-fZJfGDx4iPNWx0QwxI6Z<)NOp+e7+ly+1SN2K z1ew_G5W!Kh9c(9(5s-RB#cfF!!YtNIM5{1do)dg|Do010Uw~tz)H(<}8?HdKMz16% zI9Y}wcyiKfIf_{dRp$AUr6A>+Sl&P~z-%z+VQ%nnbnIQEbSBy#$ypAUuu5*k&jd?* zv+hws)NIfjxWSd#$zyDa#6t8eP&vXe+{K+`f5yh8t4P7um>fbxQ_I!r z!8#i>u0+O1Kxenb7z79OFnN)TLvh)z#~>is%_6)Q(JgAc!~}aSSBph^L(W+Nvb!h8 zi7y0-mMHk5*!5BcBj>Exp6lQvgAxXdc*lnUSb!DR6V?icF`c`LTs>g@G1)I=12@FC z1~3%hVkLHQ{>86!cq>#B(PvqjbmO1^YCx60HeOni28YE`RY=gD_{JNV0YWjeUWX3O zzO-U`a?z=z(q|lv&X(H<$ajjaeWhUaIoZihU zrw4havKZ-93jLp+<-4aDO|3_C9WX=6IFd}QSciz;JrS8%d%kN$wI+ivgA^?ii8TvR zPatVz40$teI2PR8c1}4-tBtUCVe%CE1gB34JkU2g(x}&=H!|0Uey_T##<90TMjXCq)fgpNG&xEv?I*sqsM!u>J(^_` zUjo(4HTh|R5DMbsI%^sAVi3MimH9|Vs$w7MQ`PZh_y>nC$`}Vz!xyE7#6}IL$U>K8 zX#Sy0zi}wFFEs?ve}|0$B{h{k->BRv(d8qUVsqgjybcTzv9~R-hU1IU@l68rA$N~T zfsg|bld^lvXwTtNK&xPQSW&LJ!C#%$t| zxPRfqkCciCen$LRZNYRL=oJIg3xF{O16U5ACE^k3elM^cJFrb`<*#+7(z2DH8D|7O zAGs}!kp@?4IwXri*w@4TIY#v9gxhdC;U-Bx2d)YQ&Lp|#RxRPx0YxNYUxx{2%q=ft z>+^-W_ZcI3FkX~qM0++Vd?3q4z9H$AxVXhh3||8JaayxR1IVZvKy3Eo$hL#4Jzfsi zMaLGhW+hYx)SSx-BkN%k&y1Fk6n&ji)bL3q(Ws$>kV#;GI5KrKQpO5o#1d2mPli|p zsf_UpTFnG64t)+OG_!IybK!jtv!t;E<8&dW6w0IJHWXd%vE0{E8+wfOI$}Mg$4GB2 zL_QF$tC6jdoaiEtMHe^5QG(D`dJ}9>ShJ5~5jpMqwy&kluc0ovaGMyZ^ZDMSIh6gV zGGS}$U&sDCE_IZpqUSK_WVShmS13rR?u#{n*la1QW7_443mF#8!yKW8Ffa{t%$Z$) zmWY~Clp;CPlkQB|xoRJC`XM()g!yCK*wBu4C^8{GH%+G&>8<58r2A1Wxp(_8_7%XAAN|co5#va3ISNA>U6c8St+n z_QwyNQ`B6L<}X{#x*$xg0MLNMn2tr7i-?bs)GTbkUHF6)gP` z;kByYS^8$4a95o6UKR~B=`IQdX34`zcTuX2-a>+f_pq^6$nY*%dsT4EhhEmPj(BdP zKJK|SB!z_0#MW+)7znE_E*OVhQsztf`O%}f(aQ<%<8W)?nPf-AAf@vVTD&BngoQQ{ zD*z&lx=<$bN9M;TCUf)C*{NJcFmfSua66Hv!iS;Ri-CyRJge?vI=LZrq4GpKt8eVI zwAAeM$cc_vF?dm){e3li6mQVL#P~?6z_~M$+ylAInK05Nm!JwQLK)0B)^V?4b z+e$=Snd>+~7Vj!}RI|wq6+6j8fU-M`tog7&eq60=bt~ZB0n%om3OB`PAiSw5D|i5* z+V*z)oXKJYh=si=AJvvE+XI7j<((qiPo0X4uPfoad5;0zUHsRp-!?tMW zGP%*aMf{HVZQ}|lK}cg2OE$AWE-sg(2V1eKoM2Lr%fqPyH?X93>p}Vj70+Ev3m=NV zr^48&a5)J@=)~)>HXSN=+qi$KnfdLyS@XdjVt0c z0apwqFL1_QHuMuLr3HC4W{YmR)E?bfDAGFO#%LjzElo@x0fpQZ$0iE7F)%h!$c>ir zg^65oCo~zILfp9uiMMS^u@)-fijzF$r_AM{jE701R9#&m%d1oNglARsH z)`&pGp`^7G?2hkZ{OG!y^mLu3hU+vpnmpo&rS{={7K1^#)3ewX*e0@EceXpec6YX$ z$U@%P?)a+S*=~d--d#uhn2t{Z&%z6&LR@52%jTp3p*AIS5 z4q$tXjIoD#EVH^nREK9pv(Y15F-r)gAOu_DE-s@PwqZJJEv?n#HQSIO^8dNtyOYcn`Ix%e1Mw zi&Na;T%rydY4~ctG`V`CZ{$uS1kTdAv^MIpvzX8|jjbuW^>rLx37xr~>BL*RfhieD>;K zkf@FXiKda>19+|KrjbS?SFbzJy3k+95S+w$7Aa~J34ltYT15n_+k$?nQgD`|#FEHR zoaPL%h#RK;CSd6FV80H_cEv77NmQ?hBs#MMViyJ-Q={Dnx}n$2Ab_5O_I$tH@Xs)V z;7TR{C-cYIk2xZHIwM7g-|DDR;l7g+HN47W3x*yV`F6ehA^u?WmN zqog&izqUQnP&!VM@|R*KzBpsF)>}*sOeUmb7Cbhuxt6vhrEu@Z>A_i1p|7mq;Nofe zO#{8!;-(SVAZjc0&RjdfjybsVOIC@I(TGGoZpU>UZOkEuV_J3wos{NXuT^blnbIzd zflkmDTO~e$Qfw@cI*|KYSEz0mR=?vtpB!6{&_E`z~wBV&NRjk;$$0Z0xv`)JQaT&=g$WBGRUy$|=@3rfT@Nu+E7oq-F` zcdIKcF0FK2V38Onb*eitS#RQor)4~nTeWD!l>rRt4|b0jUQ1A{bumR)&B1Gsw$ia3 zX`qSFq%6mXi#wq~UJ@O7z7}!%gs%vPVsSRpVs3;Q+wuf37o1GYD&rB}v|)6JtVO@X z8{roN+BLQk7L#TUL)1m21(ySzAt+L;A7^oFp(5z*M*Z?C4;RTmjE{Q1vN$7OD2{ls zPElkp<=Jd)pJa$+Ho92`caEhMVQ16M3{P?8=rsukw1|mm2MA&n;?c;*G}o0OEQ-&g z+~I9YUfXS)8!jsKV)Uvb!};UvcILn-EDufk5Mqirb?o%%5_Cx)3qel%AsPD~#O{USkr9LyB* zGr2_gX4d29lC3a)3!JQ(bvZCsSYvt);J3u0#@lX! z*^jF13x`peL5+y47k{*2IDqS{NN*-Xl(pv$lO@;=&qYeE$M-6K13Lx7!vh;r6isEn z=809cLuj!ER!v{ttlF;yY{Vr*ju?b69_ZMJy$wp(Y^1U3)ZB&>kmGNx%`G8fP9O=E z#t`S(5=?#4Xz+dw4j|i-Ed}OF;M^2v3Ux1B!Qf*sKF{ zJm|ntTL74lmgytXH61Mhx4xd|Hu-IKl+g1$r6IHOsV@*GW@K|9ORU`ss9jmg+Qs*0 zdRu_gyH(8qEo7Wl6>y_2wmpTWX~ifmd-IAm{&tqgmKH{Nyb<@wsF_UpfZF=xuauNd zbWYK1PI5mRHdjDU)1C$CE~=42~QP?>BTn!@*QV*R%SxKfDpi? zB9{1Vj&xsGcWo!2wIuk}6Y52>3e}X3!qrPAS^6+)&0@;QnC)rrbIy-fPxv92kWfTj zx0BJ`x4nT)KxvfSv~-PB=eOV;q7qU^;z)68XpNbwG(;dp@1g`oR@@e}H&_~!1g@v@ ztw{ZhvlOJBFN4_I+m3jDhB%r{QJ1W3UILNp zStGe|fF%yz^3q_}ExP3q9{u!7M9L%a=vpS4eT$8DGkX_318#o*s;Y>jMc>6?wSrfS zF1&rqZIeq5$cOOA(o=`l=|YS!NlTHX^s=Y51PgU|fp;Q@S4&vidRJw=CoWG$7U$(k zJ-BA$3DK?hYotq^H))hcTfimib1LBw=eg-eHNY((p>q{K!)Q?dQp`+;vB8}3Q)Ii4 z87i!%G)128>z>h+JAl#r%yE$1U@)7a&A($#(!rd{mPT=*S^;>6OwkTSA=DC#=BG=! z>5?8}-BfQ2a5jOqv*Ip8#5Lm$2Se;=2DuWjPpbqlx43SmHL81e=HuJ(9Je%`CpS?4 zOofu8we4J|(Zm|kV->8n$(3!y>ITwyF>tQty?lj?Nhp(^LLC zylPc}x4Usw+IM#G%7+_Taw%`JG}k<}wV3iclIB{oVMuJQNZKyeZ0to>+y&PoK+li4 zQ4{Rk+i-&xS{B+lp2-91z_*S4aNZMagrT=LUGy|2QgH_B{F2Rxy_n?PbMYj0PsPj5 zb+6lFHL^YClo2u5pTV0*I?)6_?ZHPXKgq8D$bhHZ6&R~jbmer9+s0l295#LEaHp0n z+Ywkln=-T|!sWryk}53nLn$2wO=V6D-Ql*UYU)fUR}^;jmR8o++ZqD+@wPKtz*sbD zC&Vjyi%f%kHfcT64~-FZ6GpUX8VVI8|C$ALMF|y;nNIL`11EsBx)h%we5`NT78e%2 zHYMESw9%|kr!BN9{90DLw60|B)Ts7*yMhSX*&|Ov6-as4Rs~YpZ_4*ZdwQ96(dJJ1#*ayT0)8-S& zaAp95nb_KVrZYzwzz}U{#8;hoUuazUy3yl9pDf|wf~38R4QEUbI$?7`wI=6oty--d z?M0U^a*ASdjN29OGLGIiiXCbP0>%xjvUXbTKo@lKmOo7?$OhrCFQ&Xf8iU=bHdprE{ zTKVAVUF|^V+X850zI4ns0bWw*v|+iizGJb}=*pL@^|4$(4}$Yom#4d45c<`I0ZaN~354*z08q-w!lLOVV+Q{kl-p`=ZY#w3q7wS{WrxXVO^;cW zk1Vgc;JQkfe-IQ^n@He-)g`;U#9U4n+^StB0*t1h$3CYiK_QAWm7v#Hf!ZMh35Rb0 zL;O87ii8-nGl%e&n=*tHk55fbOkdumErj>^U)Ku4g*N5N&ZI_|SSL;>K4xo)2#vNE z){g)~3y3qekeK;V*Kx>_Bq8&vKoU|?NQxi}y;mGJokf?lrZMIC2@aSSntA5Jf*sVZ zlUkC8Q`f1DS(;_3v1JA(ItfG|L(7(1;wP!HGRg?jDj6~c!MxRngy7s_Lmn=ZF1gc&i-Ju*=2IiwGLyx-xLY=?Fyk0^!**6JlNDE~1HT zx=C0>6Yc0z0xiQwP?{n%lC5SaT7-e19Sf;)!pTH`lS5Skh7B5mR=mT4!V zHN@uFiBho3%tL4i*<~|uy&2D~*j3wEjGL8Mot!cj{0;zu&Qv_E22HhsL561$*2 zVw1YyKF&}+7fh5hn8rov?_rR=McQt+X2 zpFXT|sYn;ioT}TDM#bKVEGoT#Y|%d7KupI9D~AX>2(~6OQdfW9(cn>{c=4 z`TV+34P$qG!Y_)E=)Zz`xOH8nV?AY-L5r#<+{6@CUDYWkArnS)jP^=~+JOO#5T2xO zs4d&79_k01(n5~SjActXT3xNrK8~T+;Nbd9s?MIPK@6wN}CN{kT;LEV>%;- zbB!ztKaZEL5BZ*;q_84xO8ACC$vc4m%ol=v&N5Nyk?X@dRVC-?p%S#d?>lp@E5pRoSGTiBF-@Stjrd6d}k3pmhGia zq|?gbkNwDCcfi<*`9vC|wp^ex+(?_9tjrfdPpzQV0?WA4=OE0**{X;e=OH5hB}|k@ zxJ#*Yo5F^?Ca?fCEu8MVK}Rfi+Z|Hfb-+@2ZFcY^o7Sl01d!3X1;q8NI-BVrHrrOS zi6*WQoz_|oJoF_b)&oMoeAVh+@G$+br8f}%Pn!T6y1(e+YohW@39%6l7V6!mE@yh@ zGbm8B!%6EbgVL-BT6DD`Cjne5s0u|DU%J4H(>&z8L$lUHI;kn1Gy6yk=8Id6`P4fxe86^SUu0{EyRWds|{OtW{~C3f!-PcY5+s`ObFMF zpwTv9SN&pB8tmv~E;|j5&7frq(9-JCVIzV?_eyJfa|iY*G?M-3UvR;${=iZ5*yQ~J*!uARYb5`+*FwYuvCrV{{T5B>r9s)Y-2AQUS0VuK9S2c`$92YaJV zmCtYiimRN!5m6KL#nzi?dsSQ`%wr`%oaVYCdZ%DmJn)!4`smk3AJawu%jlvs-c-t$ zE8GOM9Jw5Fq9~+YOCtiFikYq}@tg@|RYFp)v?@*Fl-Kb3Bcs0&iJ6ZUa~^)bIbAj_ zU!>So7_ZXCX|O!GjUpX1gi}sD%7qaL8EM6sJF4C?dvXkQwxZ>B1X{1`YF89}-OlfL z6WT3vFOELZX||oY9V_j(uGI<`!`%$)QK86^^mm(5U1N1o00cpy2rXtC&a^ZZ^Y3*+ ziha>qM1eDF9G3SUe!;GqiM9JtN3P=fEv^%vap}Tdx}2xt1xXVe8Mib3)VzOHf{RFm zrstoGlAJ}u}_GMOvo z#z67d=xDB396vTWdE6jbbnL)3tM&_pn>HT?**Y2~{%gK&Hhh>{gXIQ+%U@Gr>)63j zSgk|P*S8lMP!W#TCBuKhsklgh>Oa=EC2$sDFypyaqa5hJ4d3(j)T$8Mp4n2co0Mq_ z#3ioD^nf6GCJX*(vM(mRdC!LL`D?*V)3W`*vllQ5+V97N208$1o~iBFcAcv|Gtwt_ z3x#WT0ES2&g`DFzJm`ZO3`}CJuzjMhSc%E}k@>^9quDDb@`d^A*x3A3u9VFf$??hT zk@@3Bg8P$2iu);g1M%aG3k#67%&>|cuAaAhH;}7+?lG)|)RJ3+hUPrq`SD!44_Isf z8KXrW2t+06A^uGE{$O5^(ZYT{w1DBC+MuIoo=WmwPYEu)kqb-#H+4%tBM5~tZ$MuT zHLgPA7I>khaU#xsu?ag&TpPh!63=QO!wOT7S~79$Ny@T420ykT*<46dEnl+9iIdS&xp zlzyy2ydd5|o$NMX1$sV`)_A6b23L~jk<>G`L-#4#AY&X%4W)*pup@I#ZF5L%!zy`A zIAd;k8G0E5DG%e>(Nex}eE!N@p@{W|=m!~z7b*5eXyAxjik(PQp0P%BP0h~C5TTVy zrBl#ZQ59FWYKhHdlLrjSqMQ?I-?cM+##vs^T<_OR%ydU7S;i}!w?t&y#v|p4KNBco z82X*J6*Oi=4%I%k-q0CZU1KzTu)3_sV_}5kfq)-*psqFfDX+Xg+VBInMzu=C#b=Xc z-p5Uw>c8SdMl1+euR8(*w8#Uu>{i220UD*~dI-a-Yt>Qq_Y7;Q2q=5218 zoSZm(_0;4(>_i9#2iLGKYhOBDgx(7D@IQ7Lra5M_eM!4-E`2Ej)CXd`zr|$0;1sE! zY-EhEg7Q9GK{@cipauF2T0NP>MnO7-A*v!B&1w~x0a3-F-;$2mu-SG~vK;MWEA-sc z5g`YtnHwEM>Yxfu3vH%2x1(p`7#rZ%%`#13q(@PxORj0aG#9qdYMTf=?Rr5c{EV7y zJ1@IluysCmy`V!L2Ag4GhNDQdnz>e5@}Oz?9guD+Y`onBA<7t~L- zo8Br;Tc)=PaJ%W|ZrO(a21<~63BIHdDl2%NK(AD?fi&qLJB!-R2i1`i|G~vevU^^8Tzl}R# zNFx_Xq+Ci$)N6OgDmLznpwXBk1%^WCu40cQP}=w-3{@M0)EUc$iigCvTxsf*c>_TY zid2iCu(q9tv5$kO(RA{)z=1V$4KUqsn;0=N*vJ*RN{sg5O3D|TwDY6N>Ei$X(hBfB*d)*y^5@?1hvtQtb`a1yUUdjIbUtlN{AzY zvJzq`)ovxkeYn|`&;niyT6eV)V!KdRg1)z{uY^!t*DZzkV^y2ApdKmoiy>^aldB5NNTz>mf=7{esX?tHTu${c?*-LJP1J#W%AkG@Zn(3bnt@FAHCZ&XE>HZY}W4 zQT)Es<)AZxD{BFUP`CSpsx_W>$^8O)+r{@HNSV`BTD0SDrG1BkI|J7j(UlWLHFko! zS}ZDDxu-kX&UI&1s4nq2;RbCxCGGNN$c*wjik-p)5GN<1bIm?$%uqI zWE?q>+!)J^XOB&m=Cjy`e10ZhC^eaHZhY%PiM5=Y!%}g*$_=9F^V8 zNN(h=E)}x#qxtFai6eMLQ5mNbD#GN@%x;p;)I&71tqx1O!b9~!(U z<(RWgX}um<*C9{GxxmcGcN7P-jixlF;|ts9>O#|lF?WcEVnowLTF|PoRp{Wk+7DEl zl&Ap=4>enTqdzYW4>tve&R%{8g{aI_S5;D^YrL`L>dqqZ8@r?xmGt*5z{DW>)g=J$)fwAYCvqX zT?0hNg6S(V)aaFXTfc)%4_1N^8Li&baw6W?g2t;1Sn*g4+)zV9!WpiW zVV(NY?F|kx>t|rPCmdZRzvVb*%jLiL$HDNT(P3 z!X}~E!VMKMp|)1Zgul@*J@r$So*CmrUmPd*ozQ9gokm_&_%-}{Fa|A&||t7A{vU$$7Fkt9#;IBBTj|UD<(P> z=3wV4%%N^o61@)7LM3Ub!^G$#vJw+@)@kVlLAT<-3>q{A!DbFrn%ML0J4k61+$c!q zZ{ImsdNvcl(tyb9Wixx?a(l-e=q%~98uKwf;)>sAVvl&5z_mhYp0-4-=8L6l=~yx2 zlQbCNIZ2Im%#L>QnGh-;a|kh#8#WKm5Xq*DskOq}PNi%s+T!N63$?Bzm8dgaA_1gA z>Viue))Dp!N4+I;1?>)!)J2k&2bS1A$X+(XB&=WpnW$u6P=5%7>|+w){GF5tF?PI8 zd7M$+a9o2f&X61FUhmfGrpKJk0(vNvHuppsw}J723KiS)HRr=9--*qpT}$K5RCXOp z3u%9gb`;cs7z@IMG0cCE>+$6!*YzP-vKN=2=yNFE^7vu^YD%_A#t@)sfWgH8AXQaA zt|kptZt*?5uI2ZdvghIX!uHvaY)7H~Ug3k1xr`V-e?>z3u9j9xd@|YAr%GqDb<(c65_dk{xX|B~c4^?BZ6I z$X*a#-nvz!EHuqh-1ItosHgR@mG&?beGl_>#x7up@k3OG!gB6J4@!jk0nW)-a)}b9 zE$_B{`gfd?)rtDlS_x~TSVips;>l2e>Y&yY)2=2qeJr3ygPqpoiQ=Yksd%{8oUOyV zIl*B^Y_LPhI{S$n4utb~FYp7`!iJNWf>VNz+`~x;!tWKRpAszFlG# zfzB?(wMT>qDMD^*Yuboi65ENj{x~9`EtaDJa`L}8)t{UR>5{|CO8PMNOc3{FuXwPr zec;1jFL2ydCfC4}e3i&gHv|yN3q&Zc%{Z(c6I%|i#pcmsXq(Y2xE>{HMOoi()F5Fc z;h1OppitVYP|9%wM6KvS=CKpVqd_lvs8!WRgk~h}Zih`DT6t&Mb+Rw0<9$n2eVp*s zw&h`A&~!d!;swWcDhr`WKK33UE>E360&2$@2638&UUhg#wTsA3dPcEa7ZX=$@e8x= zVYR(tI~FLE@G&+!8meds^r8@C9V=Uo^{U=pMV%&k<@`Ssvo401^>GmfxYA`AuOzpE zT46gsc+9vS8rQWRjUqjh{rw8*FBl#Wbbe)8)FmqGXDyd8uOlKU6qZG2k#QMGv2Xgo z#3~c!O(CtCPL1dVQ>M2}Z+?7o<&HSORIcK>VhZtO1!9-0MyN-I-|afa^Dp(d6JE5j zo3P#4UF4%w1KJMKJiIg!_M`Kl)MKi3q!!i#cO!1G-uLM)S=gCLJSfDU4q`1vT`s6L z$SwwYWZP`q+rDYHBp0>%(GtdH*yzj?m}xz+n!_R* zTEhwQ6(Y}7jfZ&X#e`C_{V}4RV;w2EU#B4@4@5Pf>8P^vUrd{c-1^t~b-zxV*_;j( z)ht6zNSFehGBhn6(^~06LLMr)73RZnqh~GYyxVBfAVvkpQ!OtPt+SPO zHFkV|Z9u+4>+CErq^TiF zBzK`Ch-V81rd{c$-AIY!>3k_S0wxw67YBcoCX3?A zZjeYMmhWpXsJWJ1S;xvExdkA(!2%aR$6TmF1Rw?Sp1o*0*nJhzDYaI^p>n>t0xe)W zB$e1~3|;1A*;Se>&X4A&r*osFd|^I!^+d5$%p^BR4bG<2G|nd>4EFP30Lr*96$so~ z*$gO#VAA#j=)h>^CLadu-L`RYl>_X6iKWI79##$URTb9`xR{M^Q^|IeZmXv6llzA* zyG>tOX5a4Uiiu##oQLXOjGu9fbV8F8#ZqoMSJ3Abip)if`)M=L3rx#u!ypqx2WkyKO*D>n zt+v_5l+lT>lvH(v(tIgDHJUBWA1#$;ih@j<&K{o3jUjlX#(LKo>Dq#p)4-x$q8VR- zU>*_Vu0Y2+WJ#;mYE|kypJxwu)(1;vGU_v^kB{db()u`f{<_uHFx_O{Tw(T%aAU*N zM0?#{#OIVX(H;mHy_`j0lk`wpJ!Uh00(?d3@a88dy0LYXxH48GY=Y^-aEd}nzVXL7 zKZTWyoA0Pq^bxADha}_)hwO??PYGwQJXlU+&JD$vNC^Rk|8jn1}I-qY|-Xj2#$l`M zl-)Y%L{~O`p(Sh+iuqU@ZPLB&NUp_Vj*R$qf2`4EAojo*DcM&Rous4@YEBqvs9N>v z%#WFMz1g8o@$8=bTp*>fjmcMib*(yXS0i!MYvi$?(G62a65*NeHoP(%m)>YL$c%wF z-;iEY#Rk2)h>}=UCo)1EafW4z4EpL?HAQy)R48xsibrQqLLXudD^?fj45FGqk;By~ zK%IdUGJ5k9S637htIl(>={4~#K&iBArJ-l~ItCjl*~@^(D)(IgkJP7CfNRbL-9r~j zq%!cEnS23olmqg|O1VN;T;REl0D1xgXtQaz0fG@pl?6;%8__xf$HX>gqn37*j3H8n z7}`=xK~N7*_9{4~gqgR7?|!T7{vu4r^V5`n%7@RMpl5Ydk*Ds#I&>^Box5s&EL+OX zk4+SSiCI*1%N zC1t>zEHCcX-qtXkAs`-KsT1Uug^bIdD~dFB!hqW2!WS_zMB^ zoGsN}xks7WU1ybo)}IWIBrwPq-c! ztugM%yrAU+AzMNL)~j~e)ZF22cK(I=-A`w6Tj{?;v=7(CW#)>Ruj6Z>hufNvdJOT* z$X)4QVD(V{3h#6oT(L{+oEX0{Xh#ztlcYWPDSj-Y5~kqS%qqE}?mL`2GBLd|Ud-gj ziy7mDVKg@?uGep8_FZgWGCh8=eL-g5z@pz+=ud<6UgJ_@Z_*xU4%6Ffd4yqq8cDD% z{Z(8~9wXwNq&hkl2^elot|z04KU0wulZr_johbQ282nO9g51iXkjyQgL-A+9gXXgI zG?G#ygb;EEAE3sEPQo02$PI>7U#AzfVIXOY#E-!T#-#=@fZ~EFm8^?M7)^;fu|gdm zzp_SjIxhQR%OgsdNEN=$W~#N6JP{#CY^gUXwU&yUc8XcuG8NbJGhk12B3LHr_6VyG zLFZ#Qbt--g0_Uk&%k(M1;<#_iOe2Wad_B;gYr)Pc43q+N)PyOU;#q`P^Tox;&M4?r z8x`ZS?3LO1{0urm7dzB3nu!EU9Ztb8W2>^8LMQMdTdB0=Ntpo(zbL^;Ap@$7_G?^Dyz{K=;UOb4lF1OmMP%A-@nHZ2fP%3ANDR#M7?}f-{cy#sUTJzZcH}hF28KKX1Bp(04Y{}}3oKzO z(Ha#Oo`!~@Cdw`Yqz^U{sCgldI9}WMML+7hlr3wS@@5Nd#oQMXOZA z*jmC87TH2+Vmv!q$`_8$A1mex33EjqEf6AvA94K%Cl^ zL)as;%^rCG;=$(3Azv(I3#IwV{AhM^zL1-loEXiP@@-~9{|%du=+U*q(X7iQPo#q| z^=r}H?zvSV)~#B)i$Djij%yy*%)0oe6~b+IW2kPC@wbfn_L*>FYiTqV zP%?la{}tN#Ma0|LiG{Y?YVD_TaeQJj*MTuyz#`>VE&Q(~Ppg4InGD|xZ z=&L9Xf>pa(Wk=Kn)5mdBeqdIs(33U9iRoe~J2{yvaAVmu6EpLr<1;zk{-SJ|Msg!N zGehPgl}hVZ1O8Ytq{zoW<7C;2Ts0a9-o^D*>!i`5a|uwhRsWP=(y4eu21vi}f-8j6 zNrzl9E#ZfzTkLV0xS~@Q?4qMi@z;V>$UN7j9Iu&mB+T%CC6SHvKb@%N%2Lg&>ua&0 zvok)r}H&2tpMsDob%_5i2CI3DnFw9ffS2Xk!Fm zccQo`oaezZVmYs7278sift`Y(VTK(U;)2i;IEiKrIstH83#M#K&Gks*zgaVAfl1qe zz+7-wAZD1D?`ZpJ*MbvPtly;aOg${v*5z?6wWWX?lQm?$~kNz4us|% zT(jdtD(MoCz-+dn%BBMrATS$&TQdW@Y*wr5z=8qvYPJI{sv@{VZkHRLhnDe@>j#cm zgTVFB$36@|13OWnM#ZDqLT+q+IzN`1pBMwsS+PCW!OMSzn#xk3v;;j!i;&K^Ryy1K*!dBuuUZfsYghU9f?qSi-3b7DlAtk-k-W$@^nw!+<6&>MU z9|lLw9Pub6LZWTdz~&@xbOPH5VD&ar5W%S>hVo`3nzg{_#b4X#We?We6|7Ok#wIVA z<>f{lpFN_%7U4x&D^gaN(%*tc-?!^($ZBUc+4sR?nE=F?WvT=L~BOV%LtRiiM7`JHWW4Xia@GH!8fgb92zLcLI zJ(?T6ylH?ISRN_lkIe{eWjz@2SkbKnleV**b*xd$Vbo+4t`RncSBGx($qfmqru+!^ zF2##(wkyhv-Sr5z*k#DPn;xkwFgqS%WQ8_24OAI~vTR8xnkrMmTde{<5OgeAJmtf9 z$q=>_ew9LG!X4-_LGefv6ycOIF4&P36w{543kjo>Z}G~|Dt;U`c9ti8L4;WGyRL{5 z`HT{+-J;Td7+wa80mvLp4AOQTYWA9R7fDxjv*E+s8Z0*mnWF6oPFUv>AYTbR-*%lC zAo|7xk{_5}z~g@O0OU6GJEr0urzWtNPt|5dIDS}w*EMVpT4OfNkf9&H)Ql1JABanSKDh%i+5IJE;lnkIeiGKYC!U zkLgz1R)Rw}l$PJqHqv*3UAyJCLObbuwticF%vV2d)u>x$07LGH|6JFS&T|!-&aryF zYSC+uHZvaAT!q$R5|l=a-vlFV9JdKg$X9v;jsA0eTe?R%R+|+rw!p%RmQ1l<2op8a zc6uKBQGW!24=$N$Y|2Sd&V87#bQHI(Xm!{-Nd0%;{)78_h7Sx6 z9ol#B!hQP>^$ZOky7172Jz!{CM;i0fK-)sk(3bmB2loj1;Zr@5z%G%d=f8&wN^ZaeJa z46d2AdKHf70Aw_HQ!SS$S@d|7p;is@khTb|9qcs>%JiLO2Bz{7J)&<{U2j==8`K!s zDxR+LlDz^grBT&g^tG+R+06)T2+AA?!?mFteRSjGSm0;aCn14g!oQYc)K? zsFh&$z~lxcZ4=j1NN$9rX@a@A1Q2Rg;a_6h|__B2R*nW9FoIy6=agnPq2BSk(0DI((c`0umX@~m4=?@dZNXXU>_!+p>9}o zKZF)YrBeE_p))R>OJfZ=-eBc7j1=26iU^5QG3oZiK{ZCg^RV zIz}`=2O?H6z4i9v8%k8{hg#}A_QQUZ{lDriy5cGtL=RGRXK^ciwBG;s4-XGtsP6y6 z`wl#||DTDUm(ENdIXCglL{Cr8xf4gn3OzlKySk_6tc#y?PESwIS@-?w_MV=eCoE>C zvOPVwz4F(7Zl2xK(*w#!3sXHkFWlYJbN&D9>G@etPtWz=?dfR@_4IuIWKYk?O+7uo zS-<&juDGP9r{|o7%a4rp{0jZ=k3aO5SNHS`TN7j1(%M)5^=qqvb=7Mg_{9%DeC$;t z@AsehlCORCH;&vqa`XkqCcbv?rkg);`uf*BaMpP@eQfC0fBNjoOKedoTF@BHyh#v>8GzA{O#}k%m29NgD?8@Pw)T753igq|KoFh<5Q{M%k=!lr(RKf z*NKr2y<^u$((itk`Qv{$^}Nr1`ZM>!)2B|J_wL^us@?IcZ|9rmeCQ88x9i2X{_1_t zzWVW(ob$_P-2KKUzq03*-~8oYm0$UaS6um=58d~&fB*ZtAIOirXY{Pg$5yV{c4iX@qhlm{`{{`fBp1-++A*-chB`-I{n{If9s;BocxFT?)%7Z zzv~rWf8D=S{WskHXD^v+zW#epz44YmyMC9EzU;_fU-a=iE5HA<4_8+H&+BeUJnKkp z{B8F?>D~7~!+no;a{ujjynOjt&f`DwiHUdJ@vk?2toG?kZ*!CPgPi5foPO$!-}&NK z=5PA;t@ke0pHz9v$lmvSb@EI5zdR0)T~>R?m#_TBlW%^FbK-aWL$^NflB@UDUY5D^ zH|!IMtBrsEmH&bt{@;P3_l5ay-hIKHKTp2)&^GdAa9}r{_-J`KA*;{Fg%~ zzx0n!S^0_k%FNJj*n1OK8;2i!+T1(-{#6^#9shry`I{ShZ#eslmACzK{R_OqhEhg(BuF4;N+JV zKl<6PBrdsO|3BaNhbMo&d)M6l6aBBe36^QhtHeIz5Zi=`t>)z z_s9SF+9$u{s!9f7Er5? z{pr8o^`UFt{_U5ap1nTTfA!Qky{B(~#jig3we++1{K1uXocH^`JNfHp@4a!t`M1}6 z{B?i*^b4MGfA(dse(SSmdtd$O$~Q)C{_*v9UHT`h#e2_s=_lWL#p$QM?oF@#gBM=& z-@jFQ*#pn~;4^P}_QvFUE`QeDkNf%m{pLO2IP~i)Ke0ESc;m!nXI*YR_51w~Jj?vV zJvY3+c+Yin@A>xm-+1D!KYJkalZ*fN3orZXZ(VD>3IQ7%`Pr|%_htWl?#UmXJ$;UM z+a1ZjEnWYH8{8MdpTFfLnG62o?iuT;sM!;q{=m~`U-bZnKzYBxXWw%2IpeQ<{2T5Z z|Iw$v@Wo%%zV*Jr_y5DsUcY?%i(mW6#lE%Jh*ZH%6IOp{PO)LpZF(Jhu?5T z;var+-~9f2Uv-MEL&fM^?r{8?v z_r84h`+oU}zuoWNRekNzmlRGv)xNZE{@R-lHs1E3JKz13vyS|~4?h1de);xa{o*qZ ze*WzbB+qv4_{H**fAid@|LlFAIPdp=_viULe|FZcyMF(*fAH18+ury1;Rk>JOJDzQ z|1fy}O^=&+>z$u?*}Xq~=GmWEIaPb&!EaSRe)oMtm9_6*{eqL%Zj61kGW4{Y#%urh zuD4$LgIB!keb1gRuAYKFx$*nszw?|oefAFz)&Av|v-4m6i$mw;p830vd+pJeeD~h@ z*Ixgd*T3>{mw#${=ox2US-kj1Yv;cE>1)5f_OV;ORC)V#cfI9pU;6&f{_d~bqhI*@ z8^8C3>+*m5j)O0O7ro-&J~OfRqvyWt-x3E8UU|ztnE1f!c75QtKHOJ%@TUDweD8mr zK6Ubk&z^s<$N%JKQx6s%y)WAT;xFFT_cr@)UUjh{LY@+p7@{DTi*Q65B7bk+WVESeeFAE-SPh)Jn*gL3*LL;3)i2z_qzMu zbnZ8P^U5#$$B#ey@qaJh_Qc-1?)@L{9y7k*-+0dQOPh~dd)nupx^YSRu8V&3gdbgh z@t0r!pNZ8Mz2vsrUjJuryx{k~{Wo_`PyNBi-+b$df3n~3mV+03%D<#?`MJ|?e&6N4 zeAWw=Kd}2Hi633C`m4YE&Rw&=GxF&detIVP)U)^A_@wE3=U+eBH-Gfq`Lo_K^xPLc z{f~N_xBag@@0_~edoLf&y!qVQp7^xC`=<|o_G_i5r{JvY4_x;t= zfBJ;aU;OzufBc8W@Z|q~O5?`K@7?5|P7r*}f4}9sC3r=6P z@bmL7zx5d>UU;ndi@WaI+xXo1-+bCD2LJM_)o%@d@#%ke=-(H=J9pnNzj9gQo>yM= zlea(f_cG78vGRpaKIh5C>%MTs_iuGxdds;#?;SdH|Jtpi|Ld!>FaC>XedI}hHQboZ zocQjuU;h8G_a0zPWZmO1MMPs;D^?tX2x61O!0@M1)B)2_s1+&P)gqDfW&F z?qbEV_O*eC4H2wZ(Y2z|?23rkK*jPsQxX!2;I{Yof47!wows@% z@^wy`6EEL*c|%O;gx2SGS?9MHzvXq+oxAP7ZumKF`o>+mv9@kyBlSJ|r&aAb`ZTC` zICyp_yjyPHzVJas$(h|(20f28WK81TdEnP?gJ-$ksl~ZjClWWOiw=xQXp?ZIE&hI5 zFXN=#E@`d?ldlD?+HmplaKm+O4=+tys;|^DDV;Lzq?w^-%zNIq7I4@fNf`$erUkt& zN1Mp)mSq^_bh`Y+WGeFsA=50+XO?f$KIr zO7?l>ly;<}Xz#82pHCNYz1Z2)5BuI)tx#M$&JWHn^l^CFr#qrwwb*$;c<;|AZ+t1- zG}^;9n5l0WzQ`*r5v?u`-%ynPWZJk#_m}Dq_OIT@Z`(ofUb-+geoesGBjRpX!Lua> zOBVJ$Hg?vl=(4BnyVV@13>D5E7{17BV?KJtwEI(oS7sGlU*n3rFEf|6X?gV1fgMNm zdw*CFwKhi_H$MMOJeZkbVWQ`8y5BN`lGE3H+I1QCf?v`%iA9KNAoYuL#;oOfeSeDz zlC#Wme=Q9wIjT5ywVk+lqoZN3OTYQ~3}4Q*$;dey-F5n@50;gWZ(NV>Gw2tGyyK3{ z;7tkUHu~M(cisL7J8#@>c>D5h(=9s;jWgX+(xZIP2-BM5=iWwgt1tOfD*08TN*{Mz zu-~ZKM+KFa7_V%Xc=|Y(8T|7SXT7BJd$XsUdz}1;b!xbNc@MaI*YICYjUAS`WIp4L z^V}hxrpGFaFTc&d`{L-7Yo9`F?=7EvZt?4LXdQ~7FLgUlN=CYQZ_-*0FP$+)*(*)3R27aW2^3 z>haiF7mKcE+?IyKZao=rux(dQfh-DIvn^i#bMoEQN$-UtmB|HpcP|#joIc){x#Cw* znroC_P1kwHG6(dv$?!4oe=#Ml&4=pic3)O*;s@ug6HbZQ85x)S=-cYM!6~*cro`=f zxWPO7&9C=QGO~j$_ph*ez*!7VPpa4U4LdpLBRydzUj`^RC_a7N$JT z*u4+?_p!`9@O+odj zGVzXrL+w9w%D0%6so;$0TmI1FT9mN72C%tf8NTS4d!NS-rix~+`otX;*V}2qjVryL zmEB%D+dCrdYSy9~-`Z3!H+VmM-N(bHKjfJ|&L88nWwP*^Z*C`5$Ge{MCfU|trR@}) zFKG|^_S*a=br#=a$(^+YBb6nsCVe#hke6WmB8Yb)+B<)8$@M!W*E`h=U+C415ya%q z4wiK+2-Cm*BB-jP@>_xBuS@n;l%GzK!Y+~NE>$9qd;-`-r zGgr(rNIBOg=tjso@!7ltBL%Bw)x)QfqJv-ZZb$9$J)AsZ@`UofySBugPh7n_uPo@3 z-kjwJs=HM$i|yb#z|e@5^z@J7lIv@(+%ewqDy+hXH}lx!$73DWAKBlt#?<{`@XgSk zd4o;HwhH!KaV$IDV`o9n8q4w#=PVZ6Js^U;+~=F3-0-Retc~vQTbP*^3Rjr=FN`P+mSbU z#qUE`MqgODfRWuxP|aC!rSi?2ZNCS8HF~;zjLuD@pv! z@_o5j6t92dVbITtT#G@!;sNEy&4>DB{OYv9uxz^MvBb7!aHqAsvXG=Pn-k3UpGwae z&gu91w!UYXuk3Wu70>JMp6;44?tPH0nKwTgMviVh`jKDy&3A*_t9_S1WJJ~C&UQ=8 z-?U`}F^67~-FxeMs<@rkPM0Ht3(Jpf;(H)%FU-wKf4b(68(&IhT`cpJt?7Z>%a-oj zEU0E*bMKPonvnRF@5w(Ok{~Gat!S_OcG5TS)#mh?l=7Z~-Z?-2U^1)Z)~3SO701B) z0nT^thYF32SRE67aXC?J^vEFa?xXy`L0xl(M_o*gof8^+dxmsCq)Vyaq8{SRgK}Z{ zdbghQ3{vc}A97xv3r;>}T)>qN%sWz$H^^kq{lxO0?q6~L4 z-`wPFQJ=5edpke7wUeEE=dy~K56eOvZwZ{2p35j|J+nuvJ{8qQ#hC{tw)(Oobj$sL z;U4~Loiknr*-kZ@8+Yb&;Cl3VK}qPV^q7<IB$#{e z+?->PzAiO!dQhpKV?Z`~g1xVAt1m5Ao@>+7a_^39AB=L@vpiEvD^eGHanH)~eCwB+ zyiHh<<-az2TI(QDn-8k>ONVvJ3QO94WczZbuN&ruR<5_raJ*a;qfDJ(>FufSxn@PM ziF{(|pzOn;nfqT%V@p=fx1Lh2{QYa>#u4(JD=sJd^Q#AUT4Io5ml`pidtIwzr4A=bFSLnTEzjtn>kjZxz0q5dZS2ZtE|GZ&Iel z%xGO1ooiDQlzePJ)IO%QWw?j`bIa=T1%G%Peiduna@VhA;pJ1^rn)PJ_0bz0x9?#0 z1Ik|*HD@aVwiI_s+j9OxQtnRuHWEek+d%e^e=C^R^*Q>-If4Ny??(twKHtV2)fp#+tdk{%+K~18M3ic*UD?*fv;lIW4hjf zyRO%Z8~4(D*-v-drbMM=Z9gLm*fO8cdn)c`IVQy%0E*Pu*I}XTK~5^ z&oip-`&tD((BHSkFukVBodDRrk3mIi{A2I5G~T4tj#)lQGkkNC%QGIyOMf02s9bl^ zLn0`5aErR>tNb`&UBF0l-$fs9CEpf|h8c{YWRL7ycGKdF`*}h3kWipKS9A`zgyO>1vm>{tstz zX`-d(cBlF%}?c}ZdW@)o%UzaGY}KN+_pa}e{7=rwy=?rj(J zpfb^KW#Z)|FaO-+a+}H4i56bDcUyjbl5%@btM|Mtce^=fu5~MnH{1daD(DzAKJSV9 zwt?XuqJUk;P11m?k8eMS!^%zFPNrwgT3`_R*=kOaKxx@2*&szYiF02L+z>3Z59s?X zw%pWh^z^qivuX@NJ9gua%Q?%!p?Bc1pZGu#` ziO(#RWm869@hrFXlJp)Bg{$QS;u4|c7`mdz#x*@Uh|SyYh)Pp8B3P zJHK2=bV&QsIwLo>w-3^zqO473$Ib2nxy<;M@!|dY3uY5&4-EGhpgInj{#3@^`hNcN z=-%gtDJxozc4mwSpLuEf>52*cyBM*~Z|UzbwdJMu)1?ctiX4!rtfKUzEYLD)av$=@xyK$?UHoXI>xb=am9d3aY1a+!FZz9gxut%`&BJ? z%)FvkJ13pZ<0~yYtsk11(3S5})J;irOqaC&yPoLvyQOsc5IcC~o*idpzWoo(+B;lX z9n-2yTEfaRG)C(>=fq5$ogvlcb3d&=G{hn-Zm~nJU%mWtlP`Io4u);sw(OU7H;qk{S$R5n!n!|?)Ot`*T7vz&E#3=;dk!GJJ9$|Y^qM=&e$t+4 z9aykw#X~2bmPbEzv5i_%^qYGtMo{t)k=NF4`wc4Fy>J+Q*g0xB^L_G+%*Co5CPVMC zTEETv*mtXCEH7>R;uP~h!nS5-m_p+kR zBo=P$8>4Tz_EO+2H`#3t4_Wc(vh(S_F3dj&5)NPQ^z2$!tnad-4er_IXDxqv5WS7X8Gpz8+F87H9(oZ%e7P~uN3VY35mfspP1^J(x z`}f$2NY3|u8(wl-wvpX)OKa7*Rj*=Qau)R8{B9XLSeR}MFqxOV^*wF!*afT=N3!BX zTUrP2SUq5D#>wOfpP+uhU8bc@oV_|uw55mn$c3595(kHSI6PlDPq^Gzb+7fbn5t*X zEZ{LiP9A%?@~BbpFm9(*gA`%n>Sabpanp>SdaYV)=TJQf=v#WB>#o$Ff#e}13038= z(S}Z0Ly|tViJBUIGgGxs_=`b`@Q?1`*FiGFHu%B=?q(Umvp7@qufO&u$sRS_K+-{e z|MaOZ=G<#PcMJO?6_Z45yto`ZZXdOr+0QcEqvajTH1^d@7qS4VLR-ePJo>r&Ph|j{ zw4+N}f2=Te=ueOK@#hq!{IbMfP;KeQT_04;4$nnPdS{JI`l(A=|CptFM(*hF(z(-B z9t-ZdD9LeE=Vx!sRv}C2J{vNBUfZA;aGN6Nn(MF*m)hX3lNM(Tk6J)B|0H^Hk-^+g zyQ2HL=zFdiyJqrWs}WZpAKD%EVlBVgveRsX6k-1SKmNEpJ}qbQQv+K90mppP+=^Ly zkAJEo0hL!=6))@cTH!JN%f%0=<=_w#H`&t+52VJ z%0(%TGf(_>k;jgj!`zfvt?c!o-`v(g4-b#%lr=WVw@X_8wS|2xZj4qw{Q2{ZnIYxf z+(vumwjKIQxc-s_1U`!mQiREZ<(*}Qr%qk+()YAMgm_GQr!MD=4u6iGHmo}hWJT}z z7OmbzCHHB+&1Hl6+q;vuUFuiZYwo?@Cz>V}ZFaXL2IbANXPa~9k6c+|p@>(No4U=m zZErL>)#XF@lFSyoYvcM4Cxq5aPEMcMdtOC&mwrg}o6x4n{Q9NxR^f;ARz_836~zvV zTF%^L8SXKlUAIqtK66eU^C)0M9Si;~!MulffuXHI=;!ff0lCSS{Bo1aQJL`=!zn{f zI7JB${BGOYJR{|oqfhmWjgQV;v#oHruVv(l38Y|V?K9e)G;-yJd$&@0cO%H@lwml_ z&>%EUn!KtiH&FUi;ad~VM!=~nhh#Nr7@y%?Te(`B`#$m>kd_`@X~s+T8DdbPZ0yL$v9C>eH{ z_vTZdHbpK&y82|c_p~|P!8ox!{@S|qV5ATC#X@rBh7F>OE2B3qd9}zq_2ri{Gs`({ z1Lof8F?VQu<-p2bf~m$i%hXqePRvx93&(3j;G(9<6G@OSm=CeEseZ zAJ~MJWNgGbe{9o&aUJw>Is`q~(cfeI(xUC>_Kr&~gh%e^%a& zge7+>auvDrM|KshHQzU);@X){s$`EB9|kYKs2`g9d8GN-OS`Z1TUNBo-T9fxY`b{} z%627K7={iPr$s-xG|>1=h5w_iYl@Cm-w*dRNQq{iLAnomH}CF;z%9h!@-G;kJUqd8 zsDp9o)ziBzqBbzOsi|WQUv|^)>mc?n=eU)*>3gm@c>wk>ddLX3o7md+MTKScrA0-% z&gGX`Dqpob);^;3M5bapl6H0b!|7XK0%mvCJ5^a*L!TC`j1~_c6=W|iXU*xnBip(A zh0ys$JqdM=*i$5x`WS3YFt4(TmWt!6cNb(YJ{I&ckd-?7PF8|EWSP_8T@M5LEI0Ee z5I8$>6SC`JV8;sUe!08+m3{QsE5=+~Gh)%*@_-$-_Kt$xJ*Q4B?vxcsLVoffYOoy3 zWyDyB;*W31`DxnbF-fhl@+(I}tYU^*al=;+9rk{gpn8xW!U(!Ham*oUR!Qot1oKX5 zw#yzJCeZk~NSQHjq~m?jKEKj6C-^1Kg!b)d#DWLiUVmi&Z0lCTdZ%4F-nwdU;$V}= zZk|1Fo!m8JTh`l_rMU^vt)ts>78dPtZ_5a}h7ZcOA9?QW)lT6@GRKE@&k9U>ntWyY z>>fy~;8XWSK1ce|dywnF0ndtBd}g#dVsT|wxLA?$e#|Dj_2ye2EbV{4DEFd4N)Ou) z9T!QL740Lzt}EQvqN3fD$C-)j#G>ENWtg}2+#zN4y!Pt4U7xFeI9=P_C2fnxork$s z5~k%cYgWBJJ})rpRmZH5r0wkI+zPmV-xeq1!j6WO!;jO6J>hQ&=HBqet0CUb*{j%cJ$Pqt%QoJz`y?SnG62h-$UEZ8=qbS7_?W;Gw&6Eq%Ij6jP zEm^!V!ThA+%<(^Ne7Tp~d6wtn6U9q{mF4TVF6w^KI=|)UzD4g2pHdnx$-XBz#Jbk1 zOPZ_RDcNraxs#p+?^ezK;v$ZJU0UGmS*55__MLxcL4rzQscikhJ3Xcw+=UUu%nje9 z?C*WOjl5!?%aJqDZ#JFDK659%CZ)XW+2BhpYkHl0r81JQJmu4}O)Rh5SfQ~IE2+=S z!g%AjexOomd=6aq>qT>MDhl=Mn}wWTpYPW%y}!!1ay;;Ez@dk^Tg{e+nPeeJV}468 z-+!v|`Qr(fxGl?GuM#-g4j;DFK5+RRBiLr==TXXUrfEmoKW=aHK{)nENY=57bDvw9EFZr#zD2hin+l@}bBqf6(1xTp ztf_mZv}k*KXW{5m!|zPx%q`yFzGmduu-j8?hZ+a@ZBHJ2ZQQ37C-?*3UF^qPk!X-| zE~D-H-O+=*KlZE?_PJo*eV-@m6~tQRw64RHknPDadQVrqKAZ2?&m=2;^{~61&PSZ9+>1d`UwzT7 zo#pKkQ%Bs$=7*>)e^__cyP`!k@p|uPw6HPx!16%HJnd@qMRK9dXl=~Yr0g`oY=Ifnw#vg`|X9_ zj%0SRuIVBVPra}$_sq?*g01N_CNRzjVqOt!^etXD9TFbeXNjq}e;C45Y>1M7 z6kZmd@2l7owEoeGnG06O8aW+I++5|LFB2MfkTdsi(SD z>g9{O?sbhK22cKuPe4VOfy0d>Z|;YG1N+C{nozO2TaAPJ7gl))@64r=Wv{!Irtwym zEPOkpmrvl?;~khQmKmg+8{hrez^!J_t6mL_)A!wpef*NZ<@{>`%9~fYFPOiCy{Zh| zH*tjH4gaZqYNon(@AKu%$N8~c$|YroTx$9b`MS&Q@xJ*>Vmq8YZo*ta3|-F~!4+}l zqHp@^dT;t{DeqD7H1XqyK7l622R=BPF$_KT_(_MHU5d@Joz?wCh3vK6m-v=TwyqVF zbVxcsZh0%WslUw{U9zm=YY*V;gA#|*Wvfz4`0VYjeET>` zIV}2qtXcZ2MaS%3K7KIu$jlctm&&i_c08>*nRcsagwf3G}o71xp5x5tMXJIzK)#&2_-Yu}7Tlu|8Uqa(6l(U$Ti&_+V%JaPRA3 z9jbphbmlns&1c@HEb*Fq&$~a>8{7G55|G>dgJWLam%@OH<9hK+Op;i>xt&%6eYRE{ zNhuH~jIhY}x^?~55o}hElAh1XvIkeiCVhK;!*4<6A2U{&R}C*M%9V9ou)?6kr)Y%D z#Anw-b}~D=>U#5NG7OcHoo}GK*^tW$G# zb*^&mbpE%35s#RwZw6NkZ<)c>D>~gF*!SK#d}~%%>CRC58%0?TRSEm|Zk|$@mu7mY z*pM}#;_fkV8TKLT#NOhPGo}mOCk+f=)Z)gSlGwHdPj_Ax+F!VGujR(JGne1+G(0nW z&y_XdOJ=MbkDNcmGR`+(j5JH_qnei$kEdO&zE@z_@%;WVA9GF4?@mOoB#Ax`mbYA% zQN7MEGGSC+j(6E@S>Ni*w>M0!DllBTJLQ*^7V8r)yC(}L@T+oiyLFCFy=l8OcVE9R zJ51Xwp1VE4+|M}mOVNUa*q+gb%igYPH7y5sykGpH(q+zz-@C@6(ZL?0A}#P=VxAam zU-P>C#x@1cRjbyU8^z798Dco^_=wY{OWkdKb35%^k^gnQQSJzXSHGo?zIENfU`|Ec zYQf`@WdRjo${9JcZ(&YfP1>wjZM&_{&#SuTPBmf~iO!nd-e9%(tyyKfspUK8E-_Zj z%cJ!@wjF#0PN6r-Gq)yuPjaPX6o3Q-ELc7jJtR&uxXD`-6Lx#7iQl1{FtT@x% zaMI8z%WKSY?FSy8aoBg-QL|{?r>yNqZ1YO(Y-2iCjtg&pwP%dvieOn*{GQQ|d+lNj zb~tOg)IDQDZl^`z6J9+ym{NG-kRYmkW^7W=)rJpqvlFZDw=Ip@u9{IYQaLbVfdRMd z)tWUHhxDGhFKvHnMuOoE=VIx*EBP@eMmXB+|59^%eY#D?w=v9RyZ;!`-_<7aH58h% zA!S6L4^HyQ<*&= zCam4MMxtL0`y9dIe!Z|Vu-k!Ep<6myhA*;PcxI)-`@Hw%4ba&V{jq0Eue5OA>Ae3g zV_2)g7Zn}!JFLF*u+-;B#vkFG^Pl{lp_s`k`t)qgGC_x&nzJU(HRy-sKKoZ+7athE z`kGA;ND z-)|U%@T1!w>bBG&eDP3!>utf(meX2h-q}&KLt1rY=+DcGBtTbX+{=8E-6u2WT#VV3 zZrq>w&0F7di$0s9xO^q}Ypm!q((}dPUuR%nV+NEz58flp3$%@o+oS*WV(K^Bpl7j8 zRpG9W;-@|7V3{=k;FcS<=CfqB!xvBQbSL$4vdKP!DNifHykg5Q+<&m~VE9k4FC&QA zZg0kvVFwPr&C2dmU{Mv_e~rbgC56|K_T9!Q&zLS5 z*LJ7&_F%nB%rpIYVR>(&{b_#$%)7&8pMPor!EXG6Y317!dy5qWm$-x~ z(Ld_Vne7F?IE&csOK;El!kuP3HZu0sqZI~9{ik!jNjC0!b-ci^Q&Q;W1oLG5m$9C2 zgDN(jPF8})T08x8?u_ZmV;dQnp%vWmsckxYzUuMpn*L>G@Wur5%^V(+ph_Mg)w&DBQYaYVf4zHzT(w=NZrlP;Sy_|u(zhbELxRdNiz z1=zpO3XF;zF*u2JeZg+`&JoKxk|8+$dj#*~j{Ka?C zQCoTtb0I15t0`9P+-bAk!KHVr+Ru0^=MRxPrZEl=+B2!Yo^J*!ORs4 z4N}}!ls$W~Ubd)@(ea-$uFvvM2!4j$-zpEc&ChHfI6EwK=iOJ6-oKMAbGGWZ$ffTV zruW`hH|z8pRn`x!!g~}v&ou~dx#rG{;Q`^cl|cTlJ8QbOj&fYTx5u+vliDyZkJtBf z{kkJNXV=!U=jGilZZNpjE~-;zT4o1Ei0{2a)9foZo@)2x-O-QlpBw~7=G|F%&ek$~ z(K)P))%EES^E|=22zlGgGp~)WP04$+)S%ih2Rq#Ev&i$vkUft!be|kI?^eK~a~rlK zm@~N%udAyL35)y1th)0xcT{d`QPsF5I4BjSuRF?A){U zsL5y1g0-`T%GZx8a_C?ZGnU_BqU(UZMy!r^%$JOFPI2tSy1Z=r&0zMU4h|3HOXuWv z)58*qlrvwBVJF;t+wo!dwAKY_4{*+bquICI`KBSidkMd1|3d%b2Nw)alGc5ZvG^GwIIq8-knb!X$R%=Fg3 zyTd4bSf(JZt^0=8_T$*YmiexoH{(;}if`8LA9<&4-QR6^tMvHMY0pv#ug>|e=?VxV zufyV~{zAf+I=?2)f7#kt+0{A!W#?$;_}}@jf8(d=a2}buKMIryAb?KNi!s=mJl{O+ z)4d$2Rst~k>^Bc!j`@o}CJBu?nF}K_p6;n+s!bpgQgMJW2nt}3K!L)z3P2$cLu42W zP(lEPqlio_Azo6MsDywDQD`z>6AvhWC}mpEH2Kb9j7)F^%7i??0+B;943hvTC=&wg z2q+q`wXq-q;LN3;XW#0&tCfP6^80~$t@0RUnYQOJ1!(_f9Pnzu{_!>smnEZ`vp z#gHz;X~vRYwE0Zm0I18U01VQc!goakkq`>NQaW`OjU!QnPHYCKfl}1)5kvxkG6n!( z5r{GjQ}ETpA`BMs0QEJWYFg@IO|+p^hfKVpO$aQ5aZMd{%i04+NFvPP!!jHNRU8=M zf)Y6_gLt+aYa8|bY1-71M~g}N02wHy^Mlpt84cZa3fDnSdsvf&I4C4XFqlqh^nEnz zojPaBQKTV+wZ}(u@z$Y9Q32Kk|@^V?#OZA*ftL{92Ea3ViQ4e9lT^>SQhTD@d2VLU_2tEBuB#nwb3e#2`O4C*2>#D^Z^#S1(<_G;sDec)ztgG#HN@MfnYcm zVij6v9z?@(4&2~`bXQ*|f+N>D6&qyq!!d{VK&5^&KR1p4~clYPh9_O$=XZ4mCJZ zscGCmcQ&|gQWp

WERq5pC! z8`^&|RqYu|1+^%z#Rm7zXgiO*%muX=@JI90KA;u@-i3;rD#ol6-8w!9QL%_DT?dL;M1X)|2|{f4Onb=;cP5yOOhN7@fsn%<{{#!U*(#La@CZPMowHALmmapGu? zNfmZW=P)GX!#CxZDc)mo2nWM(c!ZZB2B(tN3=Ju%BS3_AMLUzKt!pvJKDD}{F+2FD zC+yh4PB3BXMWCE+Xq|!FlD0mf&t_cPFegw^5C|wxr@+>Wc{QsK>$7e`XnxzRtHS;8jjh~CKY!H@WpH@QCZal<2q1Fu2oQ7Bdg}~b3oHw-7XlW zt`QT#!g@PfvTZ2Fla}L}YC#8<4L^2t7nD#C6>OB*m`wL{j}4}}d&c^@fo@J4wq+vm zpC+!d7#N<^Z5`_yVCuSt@6Z(UM%HlibHFL;StBUzLF@*4Mz|aHXRo6!u2rCBtock4hw&# zv4o@EoTLVi=rI2}y1P;B!4aicNmRWxurSRVoWLpySUk;SRB&vPqP)-> z%~D|G;IHcKWm_*;)5xLfrjs6NW$`(OeG3U32zj<9_ zm4XeqUe(BB<(RdKbKc2P&U5v1-}!4v0kpB;CGapY1c((vr!x59MZiF_bZj!>(s?wD z&b0_7kq*FJu`@B2wRP3i*P}M6T)#B|e}((|TIU1bLg=?9U<qS5Zg7XgYZ|1FgSWHr)OPbTHoyGc0%@IgKd?FOM00X79JNRI)73xI)q_24LnwX zHq0HjVCUUE>#O0H9;yR9*zeeIYOHHxPuHfh0xDp+A)VSh#I)t@V8~+`E9dqb=2X(u zx)6sEmys_cbPBilVfE2@4yiK#2=&h07hPyqgcuw`6|huE_W+&})j~m8K~CDWzPnED{vbjf@L1 zqvLOpWJnD^4>k&x$8kZJSmCQKixU2f5UrX}Nk8-tgV_tn9-0WGVVT73)o)GUu8L~O z(R*g~YzdPo*bd`_Y%T`!DZ1?#mKg#>-WWr2T-A2Hdp~jjd>ir|HF38R7g)%rVl%}b zzn<22lnh(fx($*cLq2}49qE0pkT=XJN^wIE`99c=^lugCs(vgqB5qY{TCe)0&8E@XQZ+TMxwbA>B&ba&X9kQt^AzhWn23Yghc1X~%s}<+tL; zp7f(urJ|;~y3ak~pUYa3dCu#qxw)9iYvdTD%8Z9K7ok;{1fdb-H^xaD#%)X!{FU56 zBmZ39maI{xRzJX@@F@}wBdJ531;); zBT9xTZ^jK54N2aP85)O|yfwiPT1sfmdbzOQ%ZBv?A6OzVTkOl=9I zYw|22F zgo}KlJ2{RQ1_RDov$nlGLL;|lVbfH}?KAP^9VZd(hzzK+X#z3Y+$?Jq?`Q`tEs;iW zs%oGx70|sNC7*)(cMx&%x?Tip+9M^?HS%BtDBH6oI}h3%&}IQY`E%P0P*%)Ox^8hS ziwpU~-#g>+j@8G++GFjpj?QD-k6j(diEH9&(TGoX#PNYsd{S5Q?&Nmt-df$>u7J^X z5fnOvf(amIhB<+dV?84tmThfq03k|Sb+l7zMW{b8I!{PjM)ee;^FC?HV01JBn3`3n zSO3TdbrQpGW(^l~M2J_+W=KnZKe7X$RN$Cy9qkbm%R|Vxx;=uUBiK$Yv#tj7~$?s&t*Vg|%@bmtm!3_sQ-X3XaXgHv6V|Tit zVec&s4STJ7{eBG%4SPND;&lxT4X>L>4kQ~It~vh=&#U`3G&F$h#`Hi#!qi(IqF~4n{V6a`~y}Va`pFL_m2D0A3NbN651Lu~j^F+7zufnovu=I%=?A|%y*vBh zJKyr-*as60Z~5_gnXhc?yx~hLz8AmxE9zf zyWyihS@G^mU%dXXE&Cj|-#-qy=khn5-*En~|M89N`RAQ?$~$j(;@m&~{GMl0-Cyn6 zYg701Y4e|(j7ERv?#vx;ByPL<@?Dqj+UGz2?LWV{`+?nmy(e2f{Jvd3+x^eGA3pZY z+kf@M6W@EsSI&Fj6aSlcK6TxHoHJVfpML$-Pak4^)!x45x?4Upb*Q<|_ipa{$}NAm;D?1^z3JkQncLp$9CPXM$8BjX zoSQiDEylLU7Uj<`I%hojgO-ea*VwP`Ir8@BqgVg)**EUG{+{eq!{xh2ci(=+wkQAh znC(A%@XgatS?4F(-(s{zwkYeLd+X?zetzNnyL$iowr`!?c=o<`=RW_N)I0WiVjpwn zs*5|Xy!cQ5-yP4Mc+IK5zrOpE7w`S?jUPE9{?^kjjQ;YzUmttp1Fv@*od0a=|HZ_O zcl^TfYze}3hP(KXwe&%fpHi{AIc&%F8M3s&BBdTemh#`E^GZh8FZ-S59U z_xZohUH$uu@4fBk1LwVX;Lgc>>kEH4`qt;Ze$(L>z3=XSKYpm^lRy0I16N-Am%n}d zP3N4t*Co4;`0W~S#j4_EH}3kr{;^f(9Qp0}>)KDhqVKmiZjRpA`S%Zg^G_Z3ed)@d z-O)aKL7-|8wYDCp^8YTN{V1e)!ox-+9AnUwq_4 zyGM5QG;bN$uW|Qv=e_u&`{ReL`sgXQ9RA_=^}li7)(iT~KYi?`Pki&BBM*5xdG1F( zci2edM{dnM)Oqn=cHMd6XJ#^w@Adv4efi|w2Y%v;kAL*c)BgG4;d7sP`*+@c(P8ub zU)^-*J$pa@gJ0kG&@peEe#)5N|AM}g_S&Q!_*nBZhpIQLW)ywEv}l ze+byf8?HU~HwSEga^J!I>}zg`et&q^r_Q#{)StiVoWzlT zy=O=}5H@?=LC+jCa^ZIlyJY)2d(YqJQ@8j2@z%TUezEZI^=)7O)!#okb=|u^{-fxp zcdfYdq0Z;#pPqj7_S`?dzJ34C46Ogu$&p|E{)w?Qk6(E9`X@hf&Hhp4C#k(QU6H)x z-c$QeyM3_#wtwvR@O6`y51svo-B&*GyIfAirVe&6${+yB1T ziaS62@sHlycFpzsbUgRrpFQyZ{i^Nhi}vpO-0e4?`}nhO-}mO}orV3^KAgYlo+sLK zvyW{#WBcjz-S_6&-+EDR;lZzb?!@1p_m%4p8_Ue>)StTGvEKK-^NKtE{g}f4{$ph9 z7hgE$fS$L%Z|{$9Jm>X_ccwQH@zW9awJMW);>I?5(bU@4x@iy>9t`ZAU#EJ>%MKckSBw z_>L#8IN+g!Pr2)_f4T9dKWDGmzwyq;|K;j#<+0|{JEz`X-h1|~KRs~%xcHsN{_%Bx z+_ml(pZr^7=B#tBx#pAqaru!SeB@iV4-S0vrYkSq_CLm_u3CHKkDcRkn+_Pf^7>8x zIP{FEZ?8Nj^2Z}*Ui{jlcaFTb^VTzO9f}^fZ|eoGAAEf5ll@I&8?R37byfSj&N}F_ z2J`d(w(83RNB-_ZU5P6XxMu&i{@4F}_m2B7yyB^kv?ToyEp%E$K410*D-&d`0eNu|M=xerTfl5^{Fqu{ey`^ zF38>Wqj$bZ`NUl(KX$44{!0#czOnt7r)Mwi`nP*W-u;C`zxVoYbd*LC+kSi4hZ0xc zbMJE>{L(-D_|TcbqaH5oKJbjG>)&3w;phK+-iuQ=y)g2H$dv_1!2W-^y8E#!F8|(q z%6Sgl{NB&~;r_cPdv|^N`?ng8opAVJ*WH)9ZDa3$9d`TCBTtQAY(KJk>ellII&Qt; z2d#5Q4t@IR-topS|Lor1{&Dj&kNx63kw>0_09zrzPhbA4HMg95e#4VjUBBYQ#?LkU zVxRBXkN){jXPo)m&k|SmeSIkL@pIl?{PgXY%|CSVKmGU%9e2EL@QOb@{mXmb^pDFv zeAbRnf8mSH8+#r*aj#9$tDpYDw;tW{!13zM>x?fJkABmy{^yAYZ~Ed-R{gHLPvn&N zFaIZf#ATZvZ@BRTyTASY^De(8_qE<#Z`k#dH@Z)q@s9m3*!?e8ckg}Lou^)O*{zQp zzt6=z58rmixqHnt9Q@F>lYY>+&!+jOI$wO9G4|gVT>G`s;rG1b_Su7rM}6qpeQ!DB zj%R-L!mqwR{@~@;?B95y9@(Ot-P&^S*rnSqTYK%bljn|I-BNt>vo{%M9K7WR`&(>Vd}|aum0v+a$o-WuK;{NgTJ5u;r;Rcwi|YQW9a9fD3$K~?)cU_ewAAL=wXLg zdp-Su#LDf5KL3NeU-;E$*7vR1s_fOg{r&w{pJzYw!1l}Tzvh3>IO#XPK6kGpGtYcw z{EcreJym#L`Q4w~yy2S@2mMsN`N6$E_`Y|3XT#Y~&OY|&n+|&JYkwTo{$I=X_xFGL z4*MsEAM)tlPc}XgAKL$kTVB|C?i=>|*5AMOpWoc;&}Tm~{i*LwoHcmIpWm%scWu+b z4Shd6;zN5s_`|zW2mH%PzaM|_ofou1RShnAA#v^5=Qq6bv(sCOt&O`s_R!da-zwes z(*q_R`1CRRyyLddrc=kCA76d#_imnj>y8_rZT{mUci;8y!&ZHC?JeIuM%ntAT`N}a zb|_%}U%(2nLeuRH7TD;|8?3S)Z!->g>-LY` zxZ$|#KKP!TOr2PG0ws*n3J3J^1Adzq{t&9{9{>?|9?I z{a@aCR(XZhciB}JAMpIaS9jbw^z_i zDwh9eXLplL2!eOs-S_wTUq0XO$?nd)dGF24n>X*hdBe{N>K4GyTCwU%@-I%s%d=mk zPI+GC`A>azjy`<4X#3R*q4>PSd)lJHI`b-L1!(aVthnR%~|v`M?0x&bIBFEvdPr1zf%M(4W?RI=oVv zm%Q!S)RXcxy(jU-J(4zLWG(#Ym$SY4{odox9DBl5qp~jHvB@?9+)$S3bw;5Arr`CEh)r@)0@za-F#7>BZJ}`JIDpLgdcm zk4bZO9zAdK;P<_+Bl92jd~;^v*XLCq_^#F4 z6DbZ)VkCzX!_E)RyL>(Ga=p^7(?T2ZV))_-gEVz>Vr?!zi7BqD|D5CU)66YJ1zSrN z%P*x=+c$95kij3PXDzquGT_9e%i~KrlSdCa@aIjoO+Q&P=E{&I%Ht~(_D1$Q5+ za(8_^aV=qU_@1x&G@zCF+5$&B1X zL8~IO>ltc4{pct5cnf8WTiQoscQBx!@pp|+556c8$FGlRr7O&;9cx$cX3FC+8Hb7r zpNusWehO^1&^G<#@{7M6+TnCKkN5h@hI$(q~nxtI+fdp2Zf!7n9Er!&=d+#|Ny_FdPtTkDc44{J9(tv^~c zq}`#z(#M(;-Ry4-pF6tR)^me2*Z(;9^Z5=942|pssmez#Zwi%)aW+@(#{8hmcJA;K z8C7`DsdGf;Prl3T3PvgJt2|0O)?3^>3rp>_D#dC0k!^>%irT!mW)o5nt~r`}A>{Jw zhZ{%tc@yK|7$!|bv3+ayy_4pD4qqPlZ0lJV>sCCYzUNG*m*4SX_?^#cZoUdXa=TXO z2LHVsZx!xeDGkQHJ3T3D+rve_UHOHh@<^lEARk9M{rJx2G0V#7nNkgQk zhNQ>}!i#F_KmQsY{cP2?()7Y+9bWrAe%p9_-qn@2UKH(z??n0CxHC-dU@xef@}vLZ z+xGWtqi@_hAKjthp{@yM(vl|*OTIQ*-EO3Re#G>q%ALEk^1@|-%_iHXdmgwedU|qD z+J1)|v9|q*y*Vd3G~PUTtu8vEHM-`#EWaM~dT;vFltTwHHxazR?lvKl24xQJS7o^U zq}xBe_sNfKEjchQq;T09!*}8*c>~@QM5p9Ah>$oeA!N?9+{_@y@a(j;2_G)pd^P1j z4PQ^~hS^19?iLL3xhnIUbuu%z#+atnTNahr-`=@nK=qI7hpoQTJ}x+Nv0vuX7?0uh zlg1wV5WNh4oRc@~*|wzg2OdLR)}g1j-rCz%yJ7#~rf6D=)>+EboCX=IQQ_WSa%^|C zm>@oT;9Bm5<^@H=T4yQI;r_>NzxiQo%{?8p8z$CDI(Mn#KF^s>VPQ5Qiw36UoEg8n zZbI>h77u?7TYP-$%-pTh3~wa2##NtHRWQ#kJ!#0N=Q$r|99^B_6t-d2A?IyNmd+U! zlON#|bpSss+}gVO$7=IW)@_SwSmAxra%mQMW`l$90oDk3{=t-L5Ja`Ax? zHDVMs-x`+9>QXN&Hg((`7)18pL4lM`lbC{!a{697R?*fSUVuU!+|}+ zc5Z(%La3TQ#cgPz{+CZ9S9H^En0GEMQd-in-b~wc&!y4BckQT^*fJw2+kN9#yD%@{?8=ey?M+gd4;W_Y%+7od{M>+bin?aLdgfOMl}B^_Qa zIlHA@A$+mguAG)FZG~aMHX)1V?A>YSU@zF#PWQPed?glHI6QFKnYfkurAeb}JWtGa zFO5mt-!5S*-_0d1IP$SeN#WGrg7-X2cBr=Tr-Hb`;eo@0bX{6j={a`mt|mM5Kk`bC z7e%eU-5_K2skf=w8*FN-bS1B%g-`ODWkseo-i{kSEA(Tlc4?S#wtxD)zB6+-1|4W0 z7koKh+<2XowDYh_Zx1IVQ&2bcK{m~*|1v2-{5NB*kuheRvTiruls$@@fyhD zBmEq*M*E+yHZ64hsNI|AjGMnAE9>STtC7>=wHjs+Dp53X_VD3b^eH`3)uznC5qQCRrw{IQ~_)vX$2w0$KB zIc8|GwR+4SHd|NQZ7XeXJqq<|X78qrq~BlBn)Z;nUw;O}i%RiSl?cX$DP;+J%iDy&Q7uaZ5q*;} ze$YKS&tqG@!{(WuRqX|*cFZ|gwD3WTkUh`d3<=ufldzm$|JWU$?AEr!#&*!&`r}Na zT}O)|+j`myPVG8c{Hw2Ms7>q8jk116HIee469+H;$?4Xz7>5UILu0?s>X&-4K}OrV zV?^4-6*DpI!}L2v<6q5w-DP;|%EH{cC@WB??;w{<Lsbd?MDDW<1CO7O>RswB>%23iq0~ROk)G<91{rNPKB&^>s^0f)a>x0b*B{q} zx7{&*OILkKQuPKIDf5pp7%i!PC~3fiOy!C*TYWNjZcA#gq49~1Ki z{g<4u9X3`m2685jOG3ep0n%i{-)7aeMp(=4lZ>OQv)F&QadlUIjL?HbaK`tBR* zoYQ<#7q5YvN7NCZt%~mY_N%tI zP7R^ClWWGr4Ibwdc7LUF#|>HP>g2nD&%0-y9-Tt`-0>A5Oy$h>>!{EoKv=l@2Lu;+5UN0%BBt!L*h z4?5s<+~xZ}64$p-@M6+}sfsIYulg$PZd+V`L+4etliuF$*X7oQjX?t_q#vxDb34fI zZ0rmE?DI8|DmaESG}Gs93;E2UGpNCcr2{4`9IIH})T#TlowMh3j0^UD zJb$u$u7lxbjS)%3k7hfgy*mB6|LOdF_Jg{J>n*iSm(N)^+kPL}D)am13ubtFmkfkj z=bvu4ap@0GS|>n4aUp8Iyk1tP)b}+LhR6NB)38^%=S4*n4??aRC3m`OgeS?g)#I5Ac-{0FRotT^c6+OG9FJ;#oT0E)-~^A__C1&Szm1!@v#R7$pSE2op*2QysO5ys&*H=K-_D8X zUo+R~^4Y@bal5O`Pk5e{o7^Q~E`Oy?LL3`&8z7x8d2ob%d{JBXFF`HI&DF5b{e&$oc(3+n^F0{b)TPiX4YL0t5P)Z$(Lsd-ge<-g3#?wh}T-j3QK?#fYlm)d8$b^qbx?OS^t zH&^R?zRzlE2q-$;l}*VDSde0`O)R}~z4REh;N8cCNzD`btbfvc?89(9wqRbPfM%0y z)8$vg;lSUw-K@U5_LJ(F_on3}&j|G``IsWJ83BJc5}>$cJc3tbeU z$71^K$*WT`ch10Pb92`P#q(m)Q2)s<-?yxp>))wizn!&1+>h3Am{Xg4;g-K^WIyqf zX<+3>Z4(@xC$5VDq|W1>w}0MTw%aA54yAk)jcr_Y$biL7 z5)^~O)}1Jdlt=HJzpuEeB;{&%r)8Voz7)QtRot3-p z+>S?huZf(b0a5t#+8Y->GHhmMcKOSDcu_?7CUY2R&?pudqZ0AleZn` zp0OF0{h_cSQR_Xtd}N!N4Ih5HURE@K{NRs-j#?s{m*lJ%cX0Kg??!L53i78z#`)+pXGr(@%hjY67T{dME$wOOyKzr6@6Nu%nq)<%K1{nXYC==2`k*6s6#e$LVfG-G2Sq)~t@?pi zeXsL{@o`FB`kP)WJ(oGH`D0ewJGt3sY}1>1ysbN3Jv(r?< zmy?-JHA2>_1L(h(Gdj$b%F7+ zY(&G|&Bt%FosZhwUgYy+M($S6twZM|c-#)oxsdG8di{XC?Gg?FttWEGpu*fKgxmA* z{0MR8(NDi*4!tE#xNvDq`s;?pUYT=k3ETOD@1B3RarEfk(h@E7-8 z_qvz1if4~q8V`|{2+pm_ypo$9g14^Hx8~5(qeMr-n$MiEBE{)f-LZqeUHN!3yZ-o) z`-gAO9HcK?wq|;hGj8Xr^=zH{de0HP!^{IWWxEBJsyE08sB%Q}^DgngM}syQrhN2Q zj(d@x;}=q_E7rH3a(!xwLFb~c@iuH*QX{khFNU8Tw^H9W>~c+Q(N_Px#}Z$zJa*vN z^=+l;g$0i~o~>5e{MTm&d+q!q{i@YWmNe=ucd!?vwj6V7oWs~QuwL(Q5?=Dt87JjZ z9BI=!3p=&!d_e1ODCSqM$$4ht5!gAD4z+kwqeZPQOKk6Z1( zCpPG9;8V_MviGq|VSG>(Y{{JY4YN`1y!7jkCrr>~bT-Z?9i*&}~@J+D378Lt(8sOS@e;ARWS5 z{)i@m*SXV6$5nYVx~hBQw}N22*TaVPA62Jo4jx=^*6G1kyRLoT64jRPYW1P{#9;?^ zpD2o5o%+~+=sm-lLsdm>KHQG!*SSg|aeGmN;?lz_SC)v=f;YW7{qx?P4ctl_XycZi zUYmXF_kx@?+e#awBrk@4LAE0N_L9->b@^8%>3*kYiCeg0hXS{i&Og3mJ+{FxbEmA> zkbhE=e$f8m$RoKEZ)_WO&)y|&`u^`X-m3AbQ{1qYGg~R!#$saK@&xTW`8oNi*1F9x z%kIq^Gj(CIz3;9$YpzMgytqx?o0C)0UG5&9UC&_SKg@2~+M##O@7~a|W`y{J^Ymm{ z?Bd_YKCd%(;K_QDtuAfRMF|V9AF?@dZQE<#^ZH++4t=;&)aI$d=_UV>|B!ou1&_o< zSlfp->#ps6jotd#y2J4HTRUtClI1x}UzK@iL5k3!v~fXaVzU48q&La_lX1V={*6yn zJr_59f6&BXYaB*>=4<;c4QZ`Z#A3lOmE`NjI$yH>2=SYHFYf8$KKELBq~Y@_=amh& z1SC*{=luHjP*JR{_m#ab@5FtE+m5^1zi45jQtzOTg2Ew^V`uYbzi61BA(@{y?Nz7d z{i2T_tizu-+cy1V-zJaRuW@`_{H*g>oA3?9yN@Yi>6naFhm;A0Np0>33&dwfoVx${ z>e;UTPxB5fJKjPxwE^K6^fF>ws=P zS0abEEFB)yq~*tB@1`U-C{z{f_AhPS>C;Bf`&*~XOs;eMU}OF~YUqYs8B{dZN%7fc zNsE;qT(nJ#9?p69wqyjn3>Xr{KKQ~V(@prj#;y)+vQnU|HUn5 z*WJ>JEE(4SlY&Y;p6Z@sl!~KURZm(v!4$!bD^->+Fnh5J*Y@%=3DytT@QVi z#5>83+n!C|@A>rpAH(;Kc~W||@N#zDqlRBIuI6^L|9xh(sP&ai>raZpv+G^AA2}}L z_`^@vC)|AXuC1GI!}#g0vvSX=RxW(HJAbLe?N`~8OEynWj+H+YJbu!t!~C3euBBBn zqF2KzUCGvgmrwglo!POMEU$j*slFpK0@`)&z1R1q;GJ{6c!S@;nJam>{@5_CYuM%3 zIwe2uK6X(2@`L1kmU7X}$4wqq>0SR}DwN&itC;@A*Em%Wo?UMt)N)PH z-t-)0N;l{8p;s?o-Ajybn%C@6!GVs&$*G?oUx}Ey^S99poQk{V=Voi_PMv3)*Dtr5 z`+!H6hiu^253mW5+vK3uS>E~Wg&;FW&6>K^7v2o)2 z-#xc=p1QBko7*j-65_?WhxPBeWE?u2=#`%$LG_C-X=tDui*eMHG*RP>?S-*23EzM)^QMMV#D7N09TkbU^*=R#e6hoEj< zE=KM1EB32*>gSwp_xKBcA5_$}TBf*4?$J7f!f!4i*JQ=!Zy4rvB{$2vIA!~mRYPx` z$Y^!;ww<6|(T)Ae0^)7f;VrlGj<7qZp_>( zA$G^QZoaT6ZszFueX&!!1rFzJdEFhCwlqx68b@YaEV-FuSNGKRUhlFSpV~ABzmTf< z&{11$c4o;EyOAk9P8;g4aeb$gMxdE zbS8gHdSJV5(TmzEYUcPAFIeVeKXyuKC%ef9yB%#cE65`}yWWO*=RYm8&+caX?B{Jg zuU_`Homez>q3nL%?5Ltx{pdpzt`feV8rPh+&|_`O9~Lys9&RtNR~&D3ZMo}=SB}re zwQ_mw*C5H2f3BxZ$m%(gGm|_0Fs5o|iQQ${+=rc1_8Pl^`5$iG*{zvXTldC0Ij6&S zjnsF0ja=My_A24FYmtjLkG7v(itRm?duZvvjh`jAE`OF69-ih|-(HX^dGhGVGNe=2 z>c#q_o%Kb>n%E8OJalfUQ?^(8gQNF^kJ#s!D0!c?Zm-9Qd{2+0`p^5s)xOv)Np(Rs zJ8RtLp7)z?Z=X5UR$TCG(IV&FRUQV-s(oa1irsp@+v?XB&Lk{Y@I~RIr`gzHETOQ`5$ufuBE=un>8a| zl)k!d+r_p^zPA2`*!gQ8Z%)54c(8iEd(Zm?9`BoJo(@!wn>+qt@PRdpZY&F)bJwl& zu@U1(jLS!|XXV_z6)elXzoFE*qg<#YWbR}dHJ_gMI}GvjD9ZsX@o8Wk(2jsctrpHbp5i(tsMrB{B=O4d`eS~ zh!VfEzDH-tQtD^dc2M+Ryk?QgrUdP`ml*rg>G{!(b}SgSx~@yybkAwW=Ig>vg`HcD z9M7}qeXP}mszDq4w%_1&sebE8Q5~B)3$NeJ@3%Mex48P}AN-Q38zabl|7g){S)D_r z#~b^V;&12n+rIF!a!22Vm)vs&OEn6QQH#~bRdIDrJX~~hY_?4k2iuw{8?JQy-0V*E zRm1LNFZGS(ziC~IEb+>%S)D(-k4?zx@dAdT;n@?w!e)foYl&FL`}!z0>n1&&T;~9{$7XQ~n)Czc1KzVDhxWX34%YL)~YJo}PTD z+$r!3`IL48K9Y32)x6L>wYtX^e5!S1OH;w?IVW2EFs-l!)&7Xzq9$J#3Qs*beA`|S zFf%`Mh3zKtZL8<64sW@wqqrodREf3;FORLu`O!}y44QRq;z#iahu$NTuil$ytG9VL z@v~~h#%Bj}?CPZsTb1IJX7e;TG-%p7}l*~o>zCkUn=u=BO^opfqki_k_<gzWBnZ&w)<&A4KIQ-w+IFJF!7VfV(PquX52H zhvxgQp1s{iJ$qos_t&@X?w>zgFS7j{<@F{jI$>nDj;VsnQ#S?Gj~6!_4Ef~M8;(40 zlpnw2fPZ}LF7~%-f11}obh9;=&Db0Kxkr&dIXU%gdTcFnp`Tzm8@t+bQY zCxf@A!{&jdmuoFvHu&9x=3^Rf?Z}@u%{Dz~UcsX$%QVwl+8_Kr^YZw}ltGV(J8QIY z9_M$~j-C)ZY{QLb1K+&X%=UAwJKewaYJS+3%r@N@7_Gv1$RGjecDM6m$>OCi2^~xhkKn)$d<%wzuS52g~O$xCtl97 zEwMX9?5XuZ5wf?_=6lPV3?4iAYSi?T%U7p3@x}2kN{V;OZ?{QWaQ#zukL((X;yxo* zj`ZGneY2pjMQrYiovq$(J~F%7?kXjcF1|UxXL%P_VSy*l1^wX-H>H>yIUEd2>-g2HJ0!~nUXD7}aP(_uepY}@NWg?nFaJ1ps#WF?<->Wm zhWgxWJ_hr+dE|xPcQ@;g@yWOJf1fkR}x zUZWQOadAYinimT$N`J7sFww8&mMSeyxZPShV`22D<8I9fWs5Q2m8AaS;VxOE%DVHr zr2C+N|9$}ht5XLR+DxlL7MBQY*B)y%bz11?$K9i`PQ_5b%WV$O_9OP$JzQSTJh`Q5 zk8zuV?ZUIudcoc6C4J9#fBbl^CtCgeKA)sH?r8Zr!@6HP)s$ee=qtpQ{88D1_>tf8|-FN);zE zFou-FBqE{H5LIz^b?YQ_a}&C|4sh)x@$izkdv$bmmAJYNezbR`Sp_vFM-_&$72MqD z3jKBbr&X#{sS+I6H(*Q8xC#IEVV3`XU;VQ<|20a75a2p2k>M{Se6jddaQ@4~-PP0L z{FkSXr|W;`zy67zvBM=Gb$^`E9`4Q*f}}xEz_JV(>%SSVNxD-m;sGmHgaxO`@A05s=R6oD8| z;Rj%{kq8cz*5ngY84zb864B_?*03{^Rt#y- z0J>ch=4RXmmlL;ZR}M9mW)!C73`)MgN=NBa!Qp)R8C-pY;Ux2DPI&noQ*p`#hnw-P zEWg5WECH1xP$UVHs0<1Yr|)ghC{U#iN9ao`0AtD*VE**oC^Y-HNJ60XFLSVLXZvwM z{8bj0ltxjZo}i_aD1t;Z zGDJk6qs_;amuqkI%NsspbrMRzR5~>RQ9vrU2MagV9Z1)Wq!B11=2#9`p^#rG%F2jh z1*$@XbRMz4Mj#`Zzf2z68;oQwLmx+&0(ohH9eAfv5XQfi7^b93uqV){$Rl=OC0-^lJwu2DxPC+AiN<)ctgb3h+kUpGfj)6 zI@w4o+MxLu7b<06=xhcVc0uR~AOgcnS+-apPPc9}>3ka=S*~nf&lFUSXh_T9P-zCR zd#D~V86_{F;DB=Z5NYf{x(duxLFNBT?2zFIU`bmbFfC zXmxk(jaEQyxz?NVU2$A8%d=2@L#pWM;ID!Sq7pqBtblYHIidiU#bY?6(Wz7dNJk(9 zxPXI=E{Nnn6&V8xNDP!WCm$4)8JlOA5MTumFmIX-_P@pk9HFm4Aw<-eLkN-($+S8P zCb+x0sw)`M%mreQOsj(!NR{s4V5Y8rcoY;t*Zn)_QX}fJo^>x**D$n_w9x?mG0t13RR<4`^~Ka!l=#yl`BmP)kUFHjc<>>)$VcYT~X&So$_^LFkSIgl$b>vF;cdy zP1{txtVuhOL~sqPGS&u|LN2B%0!VED|6n*QQz4XWQ4_={Rr^XiAp_YqjOzen?yh)A zERTAl3&heuZcZwA1<*G>(Nvf|65yj%KI-tYdZA@BfhG5%B0@z_umZ%b5eNxnuMSrU zAQb{9Ai!A;yfj)2Cm}?wB@N{(S!MYa6;U}&q5`&ArIteNtI1`Z|6fBykSSo`@1cab zyz1*H(K1fy%2E+dH}dyTpd%3ct0|x=eQjSvF?IgFzA)*7U)diVb+n8!T7IvX%KT+| zDh#QmKg#>jBB(i>GJ}8`g5&)H#d@&C{LPA0Ht5sRJ<393aOGF9tuWhl z;iwwM4V6>Myvk9^%p9jQKuCkhk*`k8YSpz3SZ{0iy%8uhF~(#j}n z6;U?=PJsJqNkWvUw%kLwDZh#y3KA5fCMvN_Dwm8tEDUC^RQbLsSDCaLUtBH`l~gUu zC4j4Fel_w|hn4474y(#5mgN#*p=N%?5K6Q}{!a~|#BVT!5-S=)Opxn0l2~d4gtPv2 zffYsr`V;c1Jc6u_D))*eCzRdZxQ zsS!L_qrkX&qw~TrYrm4;Aom^Un(a2O{w2rlm7?=N(9^>O#~9?Bn@JapL5WaskZw93!{xddR~&OrKf zX?s5J-#!EP|MSmcJTL|rHKHL2kqVQI{1$CgaR0BXho_sx`A;t|FVFwZfBq9cIepEx zMh5Qd7Xtq{*PscEa_sRf3AjR+kch>yco-)MkrX90uo@M~FtwQZn+HM6;VB8!N#r5& z3 zP!BCEi$|bPREB5>1R6+Bb;w=h%5!vNFU{BM^&%J)6k)hhtfC7O;?Q9Kz`l`zLU)m? zh)g7TRFz0sJfenKnE_!6I=RB29$}%70#zYA0u&g?%9I2*P_17Ag2O5mWEy%9p;N12 z+`wc0l|aTc3Y(~ZGea6Fm4gq_4;*+@hVNe#fCR^BiN=s{#WOga;g z7RE^<^6`jD4FT~c0?3A$+SgztLI*IQ8abMP%5|^`@*fyT@J!Gd*(ysw7)K-Z9F%W&so_+?+zzPK-BN2Hx-9i+OO4usajxw;QMFRu?6WGorn7kPY2w(#wMN}BI z$0ISbhM2A@eP>uKx41_cYBB!83QUp?B^pEY@bsK0}PbP6F}0SwkPt^Rzk%#P?)h&;~*)mE2s* z*7Buau(mn2R-&2`9^Oj6@i~zy44yTZ9APmwC8dx+9{-1^_#fzh&iq#+a#W}ORsx{H z`S0p&Isd)g|I`2ek>9tP|DI*%fO~~A$G2=H?=MXpPm77;{l)3;{(pyv|B3$R%zr`+ zt5pBo`d@bbd;Vwt{bzpv>ijQ%xvkvP@%-Zacl*CX#Q#M9Q}drT;E7GvIk7+3^Zq4K zP?7z|&D%2nr;nG9&wum(pZLKV4Mv(w6f&4Zlwe%5L61CGi*hYBuvTk)baNAR61nos zw(4NKSRCgNK(GeFq$3a+DZ~*v0T?$@Qw?iiC2%@GbY>FBrC&rq&#=h$bmAOX10iZ{ zJWQYjglQlokwi2EDn(T&X#la%mp6#< zfFX;A$|$Va5?sqQOb`f3hzSywjWnAQs9MQ+6oLXmH#gTrH#Z-VR-@#NL=1Wimjj0y z$B=G%;0cYy^MnxnjS*fHZ+JpTMrXa^sbQ3{UI1u_8b(zTlSzZ<&cT?Hg}`{W z6Ff&pC|rfW1R|hKyktB~(pFzRs!~B%0)peH9068X%gO=>)yPyjIjT`YTu-CGlpswG zkr<>S==w?;6)@(ghW&LoPOS=X0*tD_fmr1ik!8}SMj%R*AaQzaD3egt(UC_(0Sd2i zq)VWrWS%1gnS+o(Y6JT>NL64g!2u}&Zy`v?DI9_rI2rY*@7&{<6j<*0N8nRn#5VUt z7fm3Wjn>f-!V!gOwW1_2lS7vh#JEuubLKAzD+w`0GXNz4@f<8^OkEVSi1H{4h6h0; ztYlYwp&XH-utw_`p#Z7pFo_7+z8168Is$r)lvakrX3jWF1F0}2&1fi?gh(B(A)uZ;B7?xh?As$O7?LAWol;532UG*8 zQ4K0bq#Ry+N#9^f3qiw#*pUJ+#56)FOvDR~a6xdSRHtN*)Bp!12vVdF*HY^r=ozCN z<0yyK<2SZ8R$bC0n!olWqWF(If6g?G4Lc7EmANm*%}RueQgGi z2Rwx+$6NJm=Fm8Mj$KXdpS2jO0lglf z)AS&s2n3fXh~7A+(^Acs1%tIJp{V)h!sc6w z8)gcciyRt1wxvHIZvMQ$`TIqVk>WC9ry{|__`P&#ak6+! zuVKeDNT8>{RB}p9ARsxWVI&m|g8?DJ+0jh{qvVnXqYvFm5f!E{JB>sYfQXJqG?4Kf z)iyJ>K!>v04aA3aB*qtjqZ1q&fqbD<7ZQVH@p=q&8x5FC5s5)meK|GV)gWO5H3-{* zplbn>Oq{vQf{;LQs2mdN;w0eT-q09GrXwMtoDcCKp~5|m22UeI;fpYsstgoVg-!*w z^Zm4lCNdsXkW3&#JWN1@Oh)g}5T=9F zumRG;w1lCxKa}_yUi-1=YA8CTsD@s0C}ikHw3xh1XPX_*1bt1!tLf|;B3Zl|lbe@d z*GvmAj6gGrMaUJ1_$UApf>j{iokSo)7LUkvDg+lmh)5}d_>=-Tk}oQw#+5tkU^yiU zDcL7v>;asKsMe`SRI5US#&&2u&(YK{HIwM|CmfTPoj!kg_8Y@!WHdz3z7=j67Y61~ zDYKABAU9W6N`K_=61*{CY?dJIuOn=F&*YI4GI`|0Jmv+{l-1>o5;oNOj49}j#t~R< zfRIF#AgTFgk(y4#o_Ju!HkkEtl%Rmp8C9qetOg0jEwkDIsf}V9FkxsLP1$Z_7QIR^ zMTTi)h!*VYsVZWMDaO8I-tn}A7FYnmg2C06{J|Rn!Z8&BBtfJZtEeIoOx_0C?iU%( z!=DVwnT%?2&EeE$0L`p@I{T2pS+kTl*PRl`v>z@i?Zzbo7lr zC^&0^NFYojfG~wZ0O5!lBav8Gt5q3{PkJ0BX{n&XWFVoJC2OtN4*`EWiM++QPD7$< zL`V-Yp&nL=;z_m2v3HceFuF&mFf?#rU?_#Q2|0g&n*?&k6bfcz(+kJc^g?aC|02$e z&^Uq(^nX0f7=qLze+_Fr`3rHRmr6 zq8f-a0WmS&m4*>v0tzuH`^|#zs6i~Ege1G306M7Y!3r`iUJw|SC{UX?P=G*#)P`8j zJ7!`Sx6D9j8pjRfq9YJFq^B0;I8)!TSqtLWCCd0Mu6>yq^)E!>7P5w4Ay6AJjZlH&1S!OI8pws(M`k%A|r6lJSTT$1qaJ_JtX-yt18PvN>DQ zXPox`9=c#ULqq;c9AzC&WjM;F!u}hO zq;N3DAOOWBkTp9Rg$2N@2fH7mba1(xv3pqS1YkSuh2apA2&=U!L_+sIiNk@K1n^)w zZ_%q?Kl%kkYYGyGFNJYF%_LJD<6qE_VE`MWLc+N!g3)*A;m06HAw`%&8wlfse;8w* zU^bhq5eFsZQV7PC#NWhpZpR0M)_UMd!WsEjmj-(WSO@&|TzYWqL|OX3spFpkK3>J$nD zC-_XFx1RiDFff^&2bzFTT8#nIQR_LR)sgg7OdQRH!U81wqxlKab&5^t*2{3QJjF*w z+vmjuxF^R#2Lk$!CHKsd(Uf5y@a)PhQ`-RI2v*^d>PU!M|3Sf6V3&+XfJp$EKxV(r zO05c5(!n|>sFxzS1w;PKh;jrwUm=?uSx90+DI!#1upE&K6*#6Af(C^c8IRyXG9K1| zWr#V=%>hJVWXZ}vhFKI#%ML^p3LGaoG9J;8tX5U-@B|w;4ehtrDr4iNu!w1rwWdiR zIel!KR_QHERXF%e#lJZ4AgwY;3Y(7-Xp9gzP=Hzv!7BRyB(5V!@SaYI#=HiFz#EGK zYJ(}>z(4>M$*q&S$j#eVuvfi+AMm(Lltqh4g zM|03d3?vmGRNjO!exRyaKx3pk9kW4jM*$^%P)q~kz}UzXU`|_5`YB98VEKlm7)Dm6 z*I5vjJoaVsieeV83J4^ zl`^v#4I>n@D6ve4wHW;$u_Fr=#WX@pA*4RgW0LcsH`QJ^f}@z6zNeCqKpwO`Ff^b? zco~7gQ^{eib<+o~l0eSRz}$!@AUN}&#c-1S6Gs$iB3nqOFg;L0Eub&^fNJDs4@RSj z1OSI|S$r%^lDM%s@J4}BbD4c7i$^G}6g-eBg1dPz+nvy6D|0HDw-VYe5RMU)9OM>f zvWwCQLyXt^0aKTZeUdrjnxm$uG<5yMz$Om1)`Ep zSK}aIDicBtLQ(?;)hO9_Vn+(1kiv(_9m#lGSqvo%_Ux5$u*N{`9#CeObHeZ#^ST-~ z0I9%O)sL>MV?HLwFo2r0YgNz5}gCR^~C_(6uVJ=p*WoFS= zp;8>i4aU8-7}Oxdo^Ial0jexO4$9>NH5KCi$$<3m_VR2mpn%bHN(O=!q`<}oAsS4l zjE7K##d=0N(p4%%1(r~1Zx)Zh2`Ig!@QfZKiD`z#ncPT>T&Foj;yMKU1w85y3~3NO zM5?t4*40IQ!x1%>z_=HHr@+*`#<^|jKrzK+nA(T~9xTYm#|JX?7o~BU-@nex7oaB4 zsgEI)fKZJR!x1^fjkvO2I3rOg0mXrpAdbZhG)jBK%#pNa#Icg|p1D4T4uW!Ygn|{U zfm>h}FhyH_yKrB1Wy&+|RlbmKtqPwnV0z!^dtsfGV4hPHq8cRw%aj1$g_HBXJ*6`- z&Cpr#HCUOZfPWW43EGT9Afy12#bX#jdw@*&^Np<{xCnw=lv;PHmwH4;3XCz#5WTs8 zpxz;Y0&r7CJKFt9!m^Pd#)OmR-E^G3Q8nXl=P*BfpuaJi zfDIxrLX;v33`f{O476b>0!cBQM$Qf|gjthO0z#}yZUIDK0aqEJFUl)yWh=l$-)#m?S|jXax6DS^Hw;v~)_=! zfskTH8Yv+`V}&9F&m2vOQSpqxKzL3R_{_#sag*uO3$a-wERSBDC2Zu091%dULO}^w zg8(8i6~bg$7SJ0a9K~>yG=M8Gj8|mQMiz{k4FswLUHp|gmzlmTrojMDH>GWg9jX5k zhzbn3Zwr~FRS0Y3LRdqhLiWwKZHHQ_NCLFNVX9Dykg$+RO8A!=q*`J-N2tXSM6G4K zp;Y^k4DT2#|7}{FTfkdGP!cVtbs9y01>Dhk-<2@T8_1toWnme zcMW*MmM_Cb1E#~7*f)(aWR1f~(|3zc;nu?cm;%)9(bN08~n)5{9XgjzC@PxMxv*-z4v(_&w1zHPT6NFyn!Zy`s)O7Nc; z{ZEYkLt@mblp4dtp_U^T=@8X2Vv&AbfmAG4TG5l?+ekhxtp5bxUle>mBK-xq$Hx8w za|($uTQW0iDd;XH$ceDr5gU)AnD6YYZL3+=5n?>tZamaZhp&O7>b$QCT$f>Ltqw$Q zGX^&h%V~Ca-u&P^d;ZH*ySYH6}+?fE=w>Wf0Nv-i&boR1p9>DmA?b+Rp=G(=nXd1JckK=PVF- zoESZZRAz5xnx?o}ND#0PQ3J%NysyN2ske8<2;S?M=pJl?v0dm*=oU6F@-~5Rym@aTEmdgTn>{yA)8!1FMoo$uX%U zB{M8z_!5o*Cl5?QFpd~cE^s^8nJ}GXFzt>(6*WxC;#sREwVTCJm^Lh68iWB0xDC!5 zVwjxn1_3ZR;0Vm5*bC^%7|MF;NZNOZsu4l}=@BMu9h6~QcXWrL)R-hOh6;wsG$KZ1 z!HGyFXC4Uc(9^aKHUyrrfKwP5c?M1`P=8a65{MZv?upDV@CYK}f$0-g5ddMfhg84` zfyhOig&@#u5h%Yejj|eWoLQPpG8)G~%oz>>3*=^H0~58>Y-EoO(G`SH(n!Q00rdnB zrlphvN_Pm>2xvA)uDt~W5}RcHdDq2?JibZ`Wgqu@!4 zV^XA2W{Jv%nzIcFjg1KDM#PSs%HU0V9$Pq^dbVcTW3Ji=Kvb}S>v9Au2iFbhM!lm( zEv6%lFTHpWq<~SC4o3#W;|LLtspJyK8(59NAm+Sv2x72atw(t+0jn{adDP0{V+ue5y&{f`3^htfsqv~9#z?M)U@pM` ze5E7ssiuUK5{}6UI`)jF$-jq@BqKf48*ZE=Y(`!LlE8)>hN9r^85yoJ0Wp^>YJ|j5 z89|9745#+aj*dL$o%K^BoRmbge#vo|Tl0#WZ-$uML0TN_HxM0=M}!QAscO#DaC5d= zgb5_*{9l>A=r$BLxvUdTo^=tcT(+`x)qJm2xzc8&WF6a0Da7CQb|4h0BqS zU1htPKJ36=z^65%>+2cKVY9RGkm>-S98en52pvJPv=R`mQ&F0NmL?3A!&;J_Y9vMn zX@M{r<9X09cq9T5)WD`x8B9ZvIE*q14*$RCx*eM6L0#3ZaH! zkWPtk4vd7tN>d@Qu;UU)tBmCw2#Hm}$|MH9A3rI{bR?T^JJB{_s5+iX>w@`zz zax_?K{xE%5UTUD~Q+#MkkK^QIK2*!q>OVxoL}34bXq5r!7xU2LM6IjWS~5>6vNqWznX`F&#o^5S6i~ zV%eT@q(EwvLJgv4rtG@@)1u!0AtJjcLvB zPw(g~{7G8(QmITI-wI^0u|*Y-}N@>_+>41h;=XKiPl3zxP+!{D1V7Eus+w zruphND#-up>Fw!mk^j%l!}Y)XfB(oYi3dUawsi0EB@mx+7E%2yWcnP#m16o&N4|h6 zP8zfbRhG`^O25&NW^4;WmD`qlCNsYSgGQMOzt^rEpS*u7ca{e@E%+g%Y9QmmKKX zZuTBWG;#z7O{h>ghpjY9;9VH1;Y%PlYhU0*KF|TIe2dbcBn6k73Okv{{g>sR(e_mt z?ir~z<`;=DRyP*nD4ua4OZ{4L-ELR`)ORf^&8HUu1-9c?DQTs4e)w zv-Wp+lg4PPsm!#oHo7@e$z=BlKu8!>5fzIoMinh@3P>?bg}|C}L>A+c;WS*XxH9oU zz>$^QL^S20fNDrYX(`f-DA18IMi`Znmhq@uj%doxU!V~2nJtpVVAjH9Jk=hj!^AA_ zzM{X&oWS@iOU<9@yYhHq*{2{upDCou9Ehc0{wB#MD_UPzlkY#wFq1$j*Dq9wL2phG zkNSV|-@F5>Q2%GGRfM>2zX5@fA~KQu+BUwd|GT+*d3co7|Np!H?H~Dd=)h$6hNR%g z3<$u{$J5tfBFtrvC;>?kCWkj2xz(WqkH^i60BcNfFo+yVKw&y=sXQkK^^tLK&?zn< z1*TGAda99tzO>1g4xrJaWIX!+*n8LRwsB=a^nBg=6&R)W#7CTFfaN8Hrj4Z1<03wEZpMgx7p?hBpf&PmJmCC6EE!yLeI2c_u%K)<>KIy6!Q9g` zi#Rz*1+;1+XMG)pbjHwF`ya=l0Y)se`bJ^o>(x|j5}kbLoxM9f=$&`>-ya^IpLBb@ z-#(n~zxiqHA{vmP@SsT@7OT}tES$=qS-K=VzAn*-*kVW?d*vSfruo%zvA`BI;$SRs ze6Vj#bPcZeFLqF?<&q(D$$Dx{N&!$dCKFCUji?Gd4+$`p@Q^^zC>!56$2S9ElqG&+ zSFL7krY6hPBrR=2*lLAS)M^PaLoF)*B9hOGH&2hrB?+I_gHTId&XslzUk#92#J_yg zJb9O_Om4B7$fi<5aVe`k!%)^06&IIDSzoSe-qUKSyX)Gw;|fx5;9>$LXp34cy$Gn) zLIMBNL#-A>(5ZQ2-TDX+E$2P5jEgc%H6I90<7j087`CU%ngaGzf*L!JW>rYIn(Ut5QN$wycrh#*kjOkc#t? zqhj8P_odjxt!ZL$G-Eg#vk{0#@$FlR;T?b2KR7=;$*?(a&8bPlY34-*nexwDe>hxV z5pf5*ZYX6Ic&GpP)?CjG;pD^VS!NK+bk74a1k{86j5EQvX6(gVbLH2Kv_VJ3+p=NG zviLee-@aLlsaedKG$Pm(|C0tkYPA3qKgF|t)$e~uX6JV;h?`peV2SehR|$tLx*aAjIDK8T}S>;uV(X`A-~$# zy)1GkATsz}QLq3=m)N5&7DSCk)@8F}zKqLo=Q0bGco}&Ut+{k4P?PI3W#Ot@xVA2P085r8`f0s< zVgyF!M8P=3E=f9c$TSeMxZBIjRGMhbqmpNo&9$Ka`&RALdKS?Coll4tkdQkfSS%Ib zocw=V?X9f-Z@c~C#iRc3E}pMnH=m(PI_-cn-iUfc?h$XM5-h_B>7Zwu-@Y|usm8&V zK!@j2>N%~y2b6Idx?D@!=cnjY(P%3v0D+K{fj#Uj$&t!RbcL>w2qS-pUOb1NblQWU zhp5>~8k0Ov6Z__~MiSUu_o1?F{TX48jwo>v4g!^lpz#|~twVVs`;ZgiXh4QI;skvD z&_80+Hm#AQ#B(_q*@Kg<%3cVktF?g&NvO4#5b`}B!}V&&Bpl34$l6b`nZM#Pr3Gq1 zOzt)2kDp*#oj3It#TsWUa;R2PvO+S})Z2vz7=+XpBh>smZ~a|vS*g}kzl)$r`S0%$ zdsMKF0wh{~S$~SN&{?(D=C8u~e5{?LK`&YHWI#OQx>Igi}7nCorkzhKV zWz0E$CEgTmJMA{&Q2^>KMHq2p9+jd(c@zl-Kb7@;oX&{)kpDnO-$Q)J020bYA-OovXR>v3jW@1F{A z{>6w>f9wJ38z%1Izh=g%P`gP%HalNiohNH%u{NEcIKB@o_~@jQ6n{(1LDJ~C`FGv{ z46Ul2U0hhWmeqaC39CCvBh~y?Z5puS!zKjTU8eWb5X@II2Vnt5YnXuZw=Pwy1f#<$({Uym}@Bu7sA}QUg_K` z6qA);sDpF0U}7)Tg7C4bLVnyu@eL}?g-mvUOYSbAn6sDIa%JVTwFVxN5Y(EoU19EY zjeb8!m0n<~#?d)W2v;@j*nf0Uim-&)~9|`mR2=iUm23B3_Rx9mnE7V$IMmnu7Dx6jm zt%<;^--y1+EfP60C5yqB>2FT!rESc;`>xL%!w6<^6^DcbBJwjyiK~~Uz~tLnAiVg2@To+S z?+dA?IN4<3eMt&|OX?LNaz@jhs<|4JHlQlbfw>UO>};9yU{{z~b3W*btJQ#SU;u(v)nW3brgnYtAp!BiwoCu>oqTG@%)+Zmt)XN>a-<*9*>i z=>)9t_goUzd04(YG3&T3^e@$q$@{qohNd%i7Gq{{R?qpUSyHbCZpxZ1J)PAObqUDy z2C*Q#vYfmgBno!v!l9a@#Ujh8>(~ovfz>#%E&M0&Yg!H zqHRyrP<*h3t_`^ta_mH5?r3j4@`VghFg~YTHapV>=OrhL*d_ED{TVS~tk0Y7Kz?{r zQqk&EnW4v?hX&rli&J~1-lcna7s(?#nYRBVYRojSHsm1O0={Eh{e3UQ-VskXG|pVKHxo<;ry z1Gb84>#2HKB~?D_?(fato6THb38B_)r$CKbIU9pDl}c3m;xGy4R^D(Wu*zDuO_PisfFA@3zz4S;(k5#!A%0L0~Mm zx2w$FVs%S;xcp7E?C{o`T?C zSNH`7ke?%YS14qsJ8?W02PyU5d&mrvQkvYnmw*Q=Zc%u=yu~XjCM*)x%Vr*$vf#fN z^-=S8ziAb1Sz&_WvRUoZ@BXLm(Z_=x`qVu--0z+pemL&@?!#4}sd5b~UIUx7kEBku z!lgKM63-j8(BTNlRdS-xLsZ-LiwS{XPsnBdQ=uiJ3DJ4fQn_Dc-38FD93w0WwFQ3| zo00t2tiVdsK+MvmqR?AkFaNBvO0BD~NXY;@@$@&4RSr1UzgUEZkXZyA^9D>zP~Q~q z!#Mj^oj%ej;5b+%(W#C`pksUK{7eX=$ftis1YN1n`$>@fqy6rQs`8#e(!CLrP0q`^ zq?5p?+)FSXNW64oyg2EdSV2D%s}bt7S33&s{f03g?7Ucvz$>JPcq zOX_SOs~kYFWW+Q#HR>Z4x+GNj^Lr3g;);bA6^l`opjUYsL1x}K^uK=hL@p8w>0i_z zt9O*}`ZhHcdt|^|(^-Y5Q?^X~O>%45O|rnrsdB5-kjj@`5|_`8dZ?vxbIPA~*dNZ~ zbTgl_dap&08up74q_$NTDXh+G+TsXD863Bo*g&P#09Om937j0Jsng-+T0oeiE8=-7 zWiI5MvNPU+M>2R{1Qj|7Q$QTeanZIs1S6`F1w`*Y57~ z$Nm3K9!qObCIHBFcHGTp<(vC~W!s$DzzfZu*KcwAE;g6`LHBVm*`B+kn!i_WHt{Z? znyf?tH6W(rKh@Zzoz?8Tj~mqD&jS2EZIWG|{mh7LyJ1lS+)9@bRx-Aq|N7j=p_^HTubPPlWz(jRr4vh(EOKFH1Q3 z{0*%Rj(%Hcqidyix)jFhc9hi#;6_C=4|`Wyfd89R{|oB@=kWinmpeNd{=d`Sd5r&i zCr`nxp)u*t8a`t0uPDt*ejGM!Af%vcT)=?D6u>mIsa%X=PFl78 zOVB^R94>YPFjxL-XX$_Y<;(3y`oD`OLmpY$FQe|B3OKdAIHo&V35napTbtt1{g8QV zzgkSrCXkmkrEGINAVWD#F$=T{R7o2q*#}Bx9kbE`7FI~7%~>xkZ0B=1Jki`b^{#So zMb%Sa0*8zaz{|LMO@s(6#F39I)j_Y@uU_gG0*7NFPT+N>JSQHJjBXC9O|ckGj^KA8 zwjmTUk93fVM*SU#c$Lor{68JbdVw8a-u>_M=UW;6|9ofXG5_nGJQ-$LnD$QMwqpCK zEOx1#p^WX9M>PitZ`u9hhY}49#}Am>vv?Rn7OU#yx3rpU?S<-3r{q%YJV9O0V^@g! z0~YzNm2;MBj%=~#EqN1vMM6q9l-; zLFF{_CGhBwia22wH{(mY7{zI}lHup2{Mt>&8i@9Gx|@vXu`JM*L9F&p-djy=osiML zQ8++@c|pjgL`+D;5g&#)Aaf88M1b#nFTRgwf&D*k!Mz&&PkZ-8R{y{AeEa3&{(l!w zhL>4x5SgQ2+Oe?8mfuO_g%inWR6#8>JZ|`lZ1^F)q#hX)w}VF5ANt9(5m*DIs?P5OXdE6JtadYwXN&LDt+SjwW-ww zi)1l+=wplTx8`7n!i=Aig9o&u$_E}=Gca98KUsr)_1#_DuIyQW|I4%6qOKqC%;W#< z_R9?aZ|}T({>cCD;>mCi%Z)ja;!l}JQoJ2X8E;~hWF=1V_bB1lVTOt=!g<^ONh!ar^UtK9~eM^4E|PSx6K7Y3NwBPy1p!6V3o z0AOvQlodyJIAoD88s=I8dX95H&j~?|5)%QQYR<89-(}8QcK+!2RQ9-y+{3c~|5tiN zzW5Pf9{+#2ljZ;0+wDjDuRD3ZR)j51r$KSb&GS`}N0wiQY zE$w5fSF6nY5frD;tu;|YKc#`=QZJ?Wd~SMJ&yHCZNe{NX^8B&Y3(>L=|A*}z>+OAI z`v0vLJG)u=e|Ps$|9>ZsZ5mo4$Hk$+QZ8Ht!d}$|krFiRjpF8ga!a`(@Vtn*j|SCE;xV2mxV!*A3%MWQ(utq(l$ReZ|dMpzIM(S zv)(Y20puB-5*CT1a_V)R0hP3q8dZT=YHS#qzbYtJA*?RQPpa zTNG$nS43q#{@KWAOZp$)llNiCoN>|cY8fDzy;tuw$BQ_DP6&2A!a3Ma0^;%1K4xPh zjPq2Ny4_u-$W_5iNB3nRZ|c^h-VszjUdqd2VFZ3<`&QUPEm`1zxkuG_U1S7R+)#lp zZH5SHbpSGq#-0LUhz}>kjXV+_TlYv(>akucrcqX-nHO-%s4k!1)EfAUQh`l@#Ahza zJNejei+pZUJ670e@H789(O<(=C#m+4=Sa7uk> z;9ZD^AfU5zF_ql3cB+ zEiP_GGFIjPlfv$*e6Ol_`f|fOIhj@4z@a9x{#U{9i*p&OE-Uz7GVpKTI<@%Z zvg6AxyL_e>E)8|I)p>1hN^(L~x9dMA1lx_dbzdrJq&h4eYZ|C zs5OCa1 z9YwY3EXXP|ippjcUpE>|5K;z&WKvKk<#V6X3WRypbNvr<2iy5xmxT&WH2)A;^T=rH z_;M%2M9o(Ky}LacE~*Mb%kkNpa8=@8W>2naY2O~69e3X!p6?&L{rE0Jc5nfqS26T) zIMX4KP!pmXG&76il0h^sKDj6ToqXt>y*oYV{nyd?rw>OT-yfXsAD$NX+pNKvoAWw3 z`EYu6e*E$M+k=W;=7g?lR&mQ(dqzC4cl+J5ZYh}acD?&p;C&jFLA8XTXW?*udT?@d zxCdFC&)O-HEbKH3L_*kBeBi zc`nGTGta($*mv`;@|0gt)#Q}UFhrA552PrCb!5I zSKi57mQ!kTuNY1>FpKFZ)Xo(S21Ub)I63%2xuE_yaS2&pF{vg$R!gTjkB23R zG&jBnOrg0s*F6KwKN>8&tSes48!qB^uy!}#sQ-0zesJ7A^1tr{}$c(@zJd=X-}IzaE?}J=h>5BNFyVcuB%N8cgK* ztG@gxhqHHZdRBp)bCf+bHU-_!KMwx2d^g29rGll%B%!Veg6@(d>z06^zLvqxG+lGB zr$CGn6x0|__Rd+}(7I=W+yqFUkRD*J4C>Wnp9un-%Q0rrvj8uGR0CluG zkRRTZRI~=6?yhq82R1LOBr3$YCtsFzm0}LE@CBL8DH~IGf_Y8UnxOXfOJ~d3a@zX# zu|DQlh+J~NvjVW+2#RveZV{4A`!;Vykj!%mof~hTcz9N1U6iKSg3{RrgHl7KbW=gG znUZ>hGWDO|O1faS86FLXg!8jWNce<#Zbd`cqS>ZKn0ir2>NJ%ty0`*PVl$n?C(~u_ zj#0KyixhLuLUoBf$UQZLOt9@2i=t!(Iyb_}Ok2w$Wu}=MU}dJI8=+;UttIfX>Mm=U zbJe_qLamz;bFNxKX1o8psqgXDuVPv&$-EqYF3h=H1D7(XlPeak=;Dp}BQxLy7PMsM znH>Mk^%^<#^Uz7>wvWH()7~e(6}E}c0-#$KVoM&F=Ais7-liszt~*GC5m|{>>C+oe zqLW%eZ&k3)-w`=i!!Jk4ae)0a0IOAg!G3slCtg!iU7XBWfs$#MObs3M zwGQBF$!aBXTHI9%W>ezQXxc&V$&`h&G&t#BHcE?2PM*c+2Q=-DQ zHLEJdFbkRIQGfgqigb`4d0qn*?wYCCWChaq+;vi2UM4w6&WvZdiPn(yszmw4%sD06 z9p#)@)su10O&Zc!%rD4n1N{U$x|PH{DF`LvH0G*Y74OQuu$>$c!f+IQ&)n>muZB}N zv7}0Ra4HBx(OpLYawk?#DgDQv5#iZmDHkj>mRp5q9Qqe2?zK>U(#?VSSu>Yy;p<~i zhx>b$i~q37_|Lm9cekHs<3F|AkMSSwv2S>|;EN$9NQ#lvnxTF&@QZJc{}Iz+*g$|32|3zI)TO z@5AWtM-50(aTrZkSw`7h(Rig9)6M3xbU=&w^>ZV5jA-!~(IP{)w;a)8^}#0YBy2`@ zBa4S6`GPy>O1XQ^OX)CY1NE$Oz*Q0gH{Y%Hz6Vlx4ltM1ltxi6zIy zOEMUiL$q$}7PUb>25)%`-eNtg3f^MtwXCossXPrce>e%5&mz9Zrc)|VlZ{5r^?4BN z{p)z|*V7NjA3pZZ_ddLTe|T1bJT` z(4rjpmxaZuwKIjvnYcYm6|-K~-K`2nNsOSQ{qD*9({VoTPAbWDJ!(r;nLj`|G94gj z?w$uta|i%bw`F-quh*_TlrM1lSL5FM^`ORHt;Ri^km9{L3q0Y?J%O76l*WE)whP#e z@79Id>A^3D|EvkOkc{Y;g(3Ixm)bq>Xk_(JvxB$Y-og3)alIZSU)VpcJNCDS$NTl0 zroNkR+HgT7cTEE^%hyU$$j@blsgZpL8%8Pz{tfW7chEiE`}Mqgc2=8t;BYuO$3oQR zAi9rV4v)_2vnc3gL_JZTQ++%=s@HlHdL{co?d{+(WZYxOxW|xjD-Ib~A|-ypA>VtS zyUxgS;#T5&UC4(ME^LLS&-79dQSLFc-D7CG$Iy0a>VXydZs1qoZk7vU^m)E6yv^$SsMzVgWi|I?HIIpe>+SpjcUq24g0f#69g7gTP`7%_KWfMD^wC!LQ3`=^P;>(7z)>{ z$}Yi%*~invxgd+7)%m--`FH+*5*XD3M?w?vw3kvR*Oc78_Yy?eC*$quGy91rA1 zZ<$m^DO9R511cP(t;(CT>6?Ac(v`2ucB8QEo7r)!R98L`B6ydLi;7U71gq>@Q0&Vp zt^7tmUm;^)u|i#8ag)ocXNp_9ftIGY!5b-SikrNDUE+Np(keB4C2igml~$+mD`{~h z$n==p;=i3X#VoB-AimezC{)|XCYe|mK+(1pO zmP_>v5k;GS%%5(>9d#*J$=y)DZohh2&JYvYSi;vbU%8ggWp1uzSpmKW%}#-O;4#Af zLyfRsgFQdEG!qZxR;k{N(o(CM9@65gIp?Bjp-ZM^7q(ywk9i-;NouuuAM#4+dC3ck zYShVIkm}x6!DY3^wFQ*9!pTx3rJGrTm>x(DjRFu?WnxHu({6Q;c%g9g>07P1uK1KB zZ0NuUO4Bct_5mv)>iiE|?X4GE`TP%CkNF?&;<58TT((U%2NgYeflLnNQU6zy z%VB=DgfzB?`W^GQFJ50#c)S$Ow~d7hYx?JYv{=i#_ZQ zB_poUw3n`s?IiQLs=FSDsi#sLt^+c!tZLN|QU$YviT9!!y~lf1uDj$*w*6z~61nNr zXx=wPv#rM;WaGCZl}P5b5{cw{O9w?qh16SjSgBDJHB@5NFi%91$4{Hw?eWS(dI{;S zkw4S*ns$MvKA5NJGu2t9y;7J#{G)lD%_aEUXzZ`GMAbt0m-bhCG3LxOW*XKc6Gj5{ zExFbLZ>CVH$HnB{6$!ow<;WoBSaA!6|D>jpFZQ)8N!Zd7HHvd=0jIoUO~PXG-@>9F zJoDtg-QBGG*M9!|QU1G=XA#NH7?a3iDtf*P=`Pd#%Eh}(`}Zi{ zJ&JaZqTQot_nnA#KbB;tv!~woW?%5kmH(Ux@uqa_vyd#?#~k@@Yqy=1|D;s-DF5BX z^8}q>AxP+RBp6cbtZZ8b5%pZ^k5Pb!7kEs#(|Cf;CX^!{1wibGPl)HCvBw4~Lo)Tp z8z>|m7W9&U0l4)Z`)=b2^2u0P5U#1{fW%ez-~VIXK_7f?hL{gE<&aQ7LgZ1OI1OjN zcis~$B#kF%4@eMw+Up^ghP>g7sn~@7tKm1C!C&Df{NKEoj5p=~%%A+y-%J`B;Ne9S zAg~~7JahO}(0Jwy@I~X9Bc?&)+5gvgf@tczrDS?yPcu`_RIFp_9Ok@#q$K|(A>TMI%+gNCx860 zHW4D=oz2awt1H_9l!fEXbwoMBK4Jq&2Q5YN%*S5hU^>M<9+Rou4Ec-;GDT}2PWRuw z@2x9>$37y{V1ha2i1`StSUDX~kBS+HEzCzoQs=E9n+6`05|Ptr{K7)?Yj*<$9+5q9 zLeOV10pq-YCF34bF^L9J#*R(zHF}GXkWIBG7g*)DCV0Kkc=80D9sRHU(?+A;?+=;J znMWEwA-NkuKM1=n(v^|vQnl~s*LK&YD)qU*o`>l9p_8%vw=@|qea~;Yy*Bw~j zlaPQxDW`()Mx%uiu%ouq-u}7KQWM#he;|qX@~`L4R%<{6elEYCd_qCUE~z|ClhAC= za?WxLk?)ewo5>}j{wTy;gwaq$A<_5+*k~3Iz|}ZoF_y}g3RD0R`KQ5J@Sg4`Xx#4< zQOW}7ekS`;@t^d{a*HB_QTSmpBBMiEGNOS}|PTWM?PW;Ft*_ z7hzx4Fo0DZUr{eIG&QYv;CEW6O88{>(B>WFzB zyMhk!z$4s3sTd;%UJAc7o3M~P0jHP{8pb$%snkV{#x=@6@kk236_vlyvrm+pfFzm~ zKb2$M*N~{H-?(lq_AFZdKA)S8^}2D5`Z}Bk1Wq|6W6DK1>zA*`J1CC!L0&+IvK9(; zwVSN;>Yr=W_o-JpmHG88=u`$f=_fr}ben`#VV5KfsY^KO7gSzf)qEG6-EBk1qyj32 zj)})m0-d<>e=q2eR3@W-x<^RH#74*zGTujmNoav|YXQ(W+wl|xGacL#^llw@jMHH; z?qGLH{TKix7!)^g=NNQL(9ufj6BdeW+bQUPq;JE-+_uRN_eD?kSZ@V7mXTr>d9KlE z@(~zMG49xQj=?=)&nlr4hf7n;fETx#-O=N{Tyr1Eg{6Fsu#a#U;``j>uTlT=AAPju zGQz$w6DP z?E8FHf;%dHUN}zV-Ljrw2Dy6+(B-?t@@$AV50nQ~Fw0S*_apq3BnxkmlN(J>Pz zA>qW&2`BUGr=e51TbUkvI(p?{p7}qp$8hCkH!TY~kaB)LcoXQ*5mIUDm97Z!35z@z z4G7|-Qf+c)&o$~pcKu~{Er5>Xsvoo*H@Bf{)Dxhq6$}M96cl^j3>h&H6x&*tQbN%0s6@KD*AvX|NnR1@d8i z=-j`MXi0-p>Qk2t7K2eGbPDCe`p~(5AyGmHZW)&(txD(=%7^u#bN@o(HR^Z0D?FyOO==EU_s|DVrT zh>#8j z0Odd$zm#Gk@F67-vT$mQ!S;`3p#k;XrH8u2vqH*>Mhim+2M-!JE8Vl=JpOaEUtO~$ z%Nc{83c_PdeV&1l-sV-qOONm-&&r{r<3Ur*+Q!CKLfVlNKA+? z%+>oHKC6R{l-Bl->rmDyW5Upilm~4LF(*^NAbQ^ndWF!TzFQAE`^QrHgZUd~BA60+ z9@w*5=$r>xTc)BO&3QhJC=U@(D}hcyNU^F@s6L}xwU+MwmYe%5&mz9Zrc+vARVmL|Rx$9Bp#n{rOB~eoJa$D~eHqt5edhN!WEWE= z$TFM0M~iPqg7m0Vr@`xqB#G_FmoUt|@9ql1G! zax#iM*y*u*iTxpQQ(GG+LQsEvXC!!y`qSCDHO>V=1<wf8qGr$XI@? zOdGcnxzd8J{+072uzRfVDNugLa_tMTf+|xk8wsedVLQZ}Bp(c>sSb?W%ld+FyGG|B z_FXnb?Je*K#6w^%UNFIaG$kP&YU7*pI?&1a=FEW(2u^E5;L>vSedf242`vJrTd}9N z=C%|9WpSt0i7f-22P;;t8h3JDZ$&*8`N2KRXT^L+LT8^=o^Eo`K`sr^hCk%|*a^xW4&+u$S%;80 zt{aZad3=hpRHiu%4;+r8Da0;#D9^1x=Qr$?GoKW6vQZ0C3K2Y{FdTQl0G#K5@QEA zNo5g+kb7uNX^1`)d3I-3MV)u^%eB7DPPP)`OSDN#fF*x=u^G^gwRqSs`>j*1I6dpF#yg-_I=GU<|MY-BRDR?8gxdk-nQ!^5(=!8TGGI~e zURv$UiO(s-wx#}vg;O2LRzWTo#ISUYShzHBR{|Y7mqHDzc`GiQ4$%)m-j^Q3?LF71 zA4e!(`p!8OLS=rB*=Q^e_qj&>-JR##OCwJTIwq+49D9WV+=&xGJgjG>lx1a+sNy?z zqJ_*gm~Lt5;jH+%M*Xkf`e?0$G0i>WrJ$3}-%z?|WsrcLuR*)E8m2w2567I>X77xz#WN-5|n3JC@1{=;h0o2AN{`tf^!I zuH;Kqkp(21Qf7jy2ii)YW8df0x6ia{>FCBMpZ1m=$L&0;hmJO2+4C@+7TegJgzS>K z1fts;bC>>!X+tP9RP{FipYBeflN;+QG^a&(f#upS`4#lVvZ$KA;ym~PN`r-Wp|$I0 zp~Is=6>Q)X8V!@}i*AgnhA#{!UuinvB;?BI2X#Nzc1Logg7Ps~2Q|R*b)qPeb=VG<2Y(odUy%2WwwI_yj z0y>OaNH`qUI9dyd?~-ugbIwhll|VJfXC>z>4IQu? zJ@l#AGm+$qun4s7RA)L&2cCOyh_uQ*3!tNPSMOQmmzeUTprg-IptX2#u(>tpRNwYx zq4NOYV#c~U=y2+iAuc4RRF7TPm9Q`nN)wib&hjH#<+D=g)H21mRu0G}k07?Z6H`~B zl1sl=cQ*I-tdc9&Gd8GzPHb!N5FmqY2|B|{la~tU#1$V3cvf>4>fuXLQ-QIV1_N5Y zzsus4NP`MG^%NM3YcTE+LMwz$Jq5-x8jO2`&r0?zjXSjz7z=7J_`QN@g}75sfl*(B zale4kV_g|^>M1am(qP;dX{{DIH53?&YB26~*IFfXYAG-l*I?Z5p0z4@r=9}iMjDKJ z;L5Aov+5}@ZlJ-qdnCFY=v3d>EUv-0N3Ogo=+skS{CFA+4V`+vB#US;da~i=2Y2IV zgyWDH^+k_~Sc7{|r#dVWNeYUOcy*?|k z$Q2}6*Lk=GP+A1{0&em5x zHtEb#b36gGt-GlOTRQpjAWU#G&uaW6GSC_EcOi>PoQkgze6&+>C0V#0*mI5g?X9il zL&_FH$I41p)MGYJ*@Fens-OdVd3QLJ=cPH0Bo<{U*$=B~#+BN*it5&MEKJ{x$&4Wtm5`Gq-Mm&3<-2fX^3yvZ$4I&M;)jrp#eY5&XgMnRI zR~)?7F>WnsFkSxviGwTI(KFDg-n24%R$TWXZdxnhI~nLyZ(2Xxo|S=4^``a1?O7S< zRBu{8+@6(zPW7hs!|hqZcY!z_XhJ^?pcX$&_L%G>XA8FY~VgCnJ|P+h6KJ3@>xj?6$71rklB0y zrJ-{{W)B!bD}~Npw+8lHqrGk+`Z(xtBzLMy>JoRuju`^i5~*}rXGguwUhhcrAC3ky zbDOI3YflljiE`N-cQ+#}3p$}!i?Gl&lI85&BRB=DQ*vpNOdL^uzuVYKpfe>Rq{EuK z`Zeka914Ubo=oNL6>&tq$PN9$-S@3zM>o)^W&QQTMi8E3*JOI^2`uQ)vSnf+I%d8y zhMN%Vdh*Dw8@<6Q{oyI%v#Yt;X0F#w0MO+E~9Ksu-? z#l+@D=Bpfa2Q^=}U%hO8>lZ_(GFEO;jNFj8l*gcXI1zJi19#ptp9&V1Flm+3S4=3F zdud5sFp~zQmuf@B153C!3rL9N`@4B=gDV^8BsR&mcS(w}j3)^kAgnm{oMpjel8L&M z57{Lg*9S8jaJTWSCJsh1bmBYAe!9mGfrd?7Aj$e!ibVJF+$LpFUy$%JdzXHVdcfF_ z`3y3$HnUN2O)ZQtS)q8kj$}uGWVid=CUn${&XgXtpY*7qqZO=+07qB3BiO7MI?3*K z8hK?mH)*acnX*Mr=@$4sGv(ECxx(~LzQm&kVP8nBDnDNzwgn5LCjhOkw zSe+OP!8?AgmEsali8W}wm!UB3c4p`2^Meb#6A@W%o(tj+e02Y0*|W?>E+N7_#q@wjUUOC&${ovTd*YVall-Y4kQJgVZ;TSzE^*hn=4!5j;ax>E*{#mQc>AX1YV&yJ*Y_Vop@d+ zn&uj5nlk5^8van_eo(d&?qNJD)}z$$_^I;rd1&xiiKmZ&PA%){AI@sJ7&;|}Xg{0< zS}}A=4AFi#3$$YBlo+D@a29CA&?zxQ`{69m40LK)PycXM(5sD+O%ReBsQudL@a4`eJ zk5lG()E}#{H)|^7R2DBDI7;naC%OsRQ#WWQ%tbwOPJfu*-zzzzhXXvU4W1Y}r_3Xe z&Q|_-OMO=o$eMNschz-c??lqp6$>x!E33r~q0?v>m7|Jxi9eqo`x@7ZWH`u)D-K+GeJpO9S= zO=qo;cm#8Tes3V8`b+MllQ+{@%hkW3DTMNgIpsha zjk5_sc)%_tTbxcIYcXgmC&boJ_f55a98SY@4--z0sP9-RN^gd!(05@RVHA(c$5Y~> zzBSao(`a-(2t**+xHsEC82zjJ{s`=f)txSfWuk;9nP4q0ZEj(EU&J?AaL&o;~ZJf3XM#W!y825yNMzoj=yBKh_(KCr{9x zebWeJs7Iq-xI|#;aar^U`m7lz`qV>*(`h6?11a#>y54lzkUM&~&X7$vlaPy>6L!@S zY%}s*5^{lkw-u@eTe6LoRdT)2I0S?NyWZX*AI=x zTLl1R0$|n@BcEI;oKP)DP*TC|sFZZ1i(QhC%US50vr|m{q}&GLbnJtjw{J$xHxLWa zFr+YUbQyU*3Gsk>R7h+FzZ6HU<4FRfVQ%>+ETn(Qjy%MNSgwvFV#@WvsXz207bvZ- zkg1ix9Pp~Is7cuZ%rsVxsHA*0P0Kl8f4C*{{vPy@OygX#8CKQJ#zyb+*uP zG#!vo_6*_wcpU$)tP3c1Y6_utrjyL)ZPQPW2*hXpa1t_~MI3l76==#_Qrc5ed=E-@ zP?L>D&1{cF#r$S|f^lR+V55Ne6D(zAYgjd4>_^jHQX`q_R%Tpf<=Qbw%B}zHzB4`r z$=c>VB&kM?#E#CnItaiD<)-a zkqN(YP}k!u-$x}mve53&B0@f4SH9Y!HG9~DJ3soDWKTK)iDV2al4or44(!&f2yxR? z+h}xEE^)yE(=Ne4R47i^ zRb4^?66#w@`WN(Vdcq;ebYwNBcxt*yFvyk@bLk~@Be}GCP!=|uf-tKbZN?F4xyB7WoT1!yNhb4;s!7Kqv+kbDVc<_Cj~H$y{$T+8+t zq%CUh=LH@og3%-zINE+libY{TD*H_-$84_KX9CL-CZ^f6KxvhE^H1kr&j0Njqz!_Q z$-@R9FlX|GBvufZ7-Ha^3w60tI2-oJHL#L_Ig+^1CJM&qlL1zLNv^^X=9=)|<3P&^ zAkr%MK)2e98gRo9s-m5%2~+-S)^;zOm14TKfMhUWvq%=MD4*#3F(Zp8R+aShEyiqN zK{DNxxNhNuvMF%sP;BUmLp&wk9_C~N5ohe6uT4I|A#vYEl4N`N`5~1u1RX{g=fRGSW(y*k?Nztluy%dxqm-z$@X0k02Pcl^_ zZZ(DX$4n5zN2z87DQ+yT6#t!Hv~y`p-LUD*Pa z6X7Cg3^qYaAhTH^+3b?IoWWy_#)s;9OtMgnMj_!7bzt|0L@8T7o3m$vc*!O-rb6yR zasx8kkN&r%_NG<>#&x}mrG=kJNfa?-=EIN%in-JBp*iT#M=W%8MD#CY7zrIkLe&SM zZHA^17i!s+P)R|Pp6F80h1S3~CWXljhF z;w72Ssx$LUVYBS3r#@tOvE;5TvCYvNK$dI>ch0Ye4hQc!~=~l+XCm|iCV9^pDZ|U!? zmfY}KvfVe%rYz+Q!@}2cQkmCSmNjFMlR29Ze^-he7Z z7O`+C{W6ayZ<-~uZKf)j#Z$%QRMOwA_0>f#$gG)6SN`}<#myv6ODg}AokzzO%JfAO zPb9CTAYwM_Qu4=I%(c?E#lbCy3#Hw4(7tk_!#-kuYs@6TKU2;lQn(vm#L*b+pHQA} z?!J7z{d^sTWQ;?&9ZQO&Mk^;Pmsl<}8&yTeSDY1gTg^B6xz+BgLmhdw+1BwsJ)m4@f{(E zbXp~xi%}s@^`8?(af!3uy4s%O+P(`iCt8Dz_I3N!%XO34K(@@Ku&GoCG@%wt4XE3Z zqREhXp85smaE!LCmhiK}tO+XP@?5x&I7KO+)S zDLM3r0??jZ>8Ct>6_oLUgmr)ufF}%Ow5|)KW>E-MM#tmnFR9a=?|%FN|HyRO~TKu)bn$3sq3sELt*uw5mM`*ERcRKZ1=jV z-NHUnh2jR2F6Y#!c=^z4To%6r5}v*gBkC$W6b6+Y^eelP zlFtU>(Lh&j125SIA~aVcIzxs0X+Z{abVWQbt@;3|q^Ld9)`icmvU{*~KHiW*jXdJ3 ztqnMfx)}tWuQ?;CS20b-ra2X%vuon{SYN-PT zPJKk}TjCL>9$@OsAL?_k?+#|#oB^aU&(mfpe8b2=Ko$@(Sl0PGWNz{4cQg?^hv;;ID7cc=r*oY%$e34yO>B(CF$+SUu_*~G-iyX?62L-^!6SfR*)wc9 zDV03OCQD$+?!2E)5VppP{JO#A$;bhY#Ll1|fr3cVbLw%wgc3LwQwFYEN{dI-C zlB1Pn(TW4ZX~mp1*vq!Fi~gtl=Y^%h0R6d$LSOFY>G@uO&+LzdaS1jwJ{yUGj(rvqSE(~#L5iap z=+0H#Dp4?Q4U>?dlMlVKcc%xv^N+oQ(~acM{kPU1C*5A}w-2ZL)~mzg!?XRj=iSqH zz5LtXx<~tmrvUSlcl+J5u7kSz8Z0DJ9rL(&=wSS%Ou2_faaXpej$W10MF*vh-;x`J zgoLJCjn%RK82GGQmoW0<%*KG;Sw*b6d{RclItj9^b5@dt(#Pt{KVRK^?HOsK@1QPR zXbgx?MpURulxJ;cd7^HTqtTLK5;S5!B&mmZD8Skdb}KH)T%Lzqqo!rP&4XRaMMwvc zl9XV46CAp!NEBRzn99ut42wPl#P3b$NJvOaW)i>HfU}G|OA!k9`dSAIOKh~&Ff5(- zHc`iVGcb4-;Y`h3=~rfQ1&8`{)G4^aDAkF-Y2rw*=0-{Q4aLef_++YNJ7+kVGB^EI zX?6D1*-P7bgOpxD?}v&n{1P%_G-d3~cAPC|YeTCK1I9VkmRqrPvvt%cqRu>?za^YX zc`S25>60r{If+Q6ZWHj>j6g{-+RUZcQVt};*un%F&{#ZGE**^e!a;8_SEltFWerHV zP;$S4!UU_fZeG@<0!^^76OrtFU>Uc-2AB=9^~SK{Mq)D8-f~_v(r27~8ot?-L)i?* z@}Gt+6T?_eu$br~M*oaH2ICOBq|rDOPdW05+-tBzP8ORID1#DxK^ot3>)T-Mv038}c7gip#3f%?k!FvPygrryljQRBWGbV{ZKPPS#^(pH+93-$AdMSXQ{ z??|y@PWqCYn0chm#!5ySU_LSaFJ`iq{|g7l4(r&Z-Hb|omOh)!T zr}NMC3QsYMF7g@*)M}ZQUODY8r@do*B0gB1fEyE_W*GTWk}BxVvWJJFg^_BxkcRFcjCGYW6uj=2k4jX;nBf<$LzZS7Q+c@7S5`vIMxOAUC5FkNvTIf$Ns~?LBLDv zL$nSch7N2&9Z56;>bk`5BvLU;5vnW)hwl+3o}01)eQK_#pKhS1CaT&~#dV*i-PxZ4 zC67#R2KM_2m$3RQKFMp2VwK}+wi)(;3Mb#N>Qw_tvzpk?N;7J+x?qK&M#%kzSO3n) zdp>bLFDCAt?atOKXKQ=w`K#SmuXg4T_iLx^Y#Y+n5c^H})m+fnlGg}c%#AH&q~vR( znN45%PFlHRGG95;l_G>}wS)^aCUNL7#ZIVPYb9%Je!qEg?+^}g{e2O;Q{5`s=b zGNND1>6(Q)FM8Yr4N(v>!G_FJ1_%sHfZ+2X7ZkKkm&7+71jg7ueQB7qYwYYf5mB&# zruc#&CAKro(qgr6NJfyT-5lZkv2wgaFP*j=de?Ph)eEq^qy6ql`e1L$!&E_b)29b1 z2YHNLL_zGct{u<@m=hQ{6&#J>D7_{b(E3Iqc3if#b{3fX+J1a1v98_9)RhG0&{7tQiH@KrWPf4`Uwci3E-9ZO9^eBnNMmXXC?4Bc+x**@#fs-^Chb&YF zPVJ>AkDQ$PLxKi`_(&od2-8#8GGPl*reKFYDiD?>;-)0!_RH;8ZH3f0pc8y)T?y=Vk8nv5~qH^*m5sq|&wNk-|H$lhQWZ#?xG@DN|l}Q0pYw;>^eP z)&^>;8};_K#5&XJwzKP?L!~f)b(1rP5IhA}ASbq%@_nC@`prZnq zLt`>MkNOw9gFYMVyt=xw?|WG|-oyhIiA|qe@y+(D*E^fZxvxgyb)_VqTVq79h(a>O zBBWpHbdj#GZZ0MOOSRsBr{T7t&&%4S0@O=fun>nPG+9kK(QA!? zKQ^0<<&z)}#t_kfNLgB|I@6$*qPvE_$HqK;JM5#|j$KXdE8@@&TbYZ~hZKd!}6ZGo%6=EqeB>5f}ULW`h^9&LH z5?$huJC4;u>{6BK!i0@+Ql+zAvEat1lmkN9L!);}@utFiWNK$TXzSP9kF9*N?9-?x zT^Mn?)}H07YF`s2dOEA{5mO46w98YvLGTw*txct5s4wT_hH91S2^IwDv8J1O_AI}c z<}Uny$Yq_60neT_5c=Hy1O3uH>mGGb68T5FCWl~aqqjIu?~2MpSJ&J>IO`tDs%OR^ zBhg;VO*ZjpQ>k0>PT_LLQG$WiVrBbFsp8sg=eeWJjEo~W2-%XSXb+z$9f!v01cn4+ z5lC{LYwN*?Iha@s2m6WJx3LZuI`lxwJoqzouI)l9c`w}h52G+7zSxYFa?V6dy(db2 zaCrQ#_35zNI(fJM@%>5n=xE&2&nc1f90OE62yne0}HOvjJne+ydhXtjuB4Et} z7Zbh>32j%qqqg5O`;J759?A7x*_EJW({GRtW@FZ{-`;XwI$N#q#Vd2MZ9d5X@**!i zkB#Y2HRCgvIR94H7MM?T3k4B>)WGB0#gso^?nbq50HMRoXxqaL`8u{ej9tajHb8xg zCn-;22g0Xo`|H@}&z75$0ZJ;v?j_acO-BDfr&HomEQmLgvhe$p52t6{&DK2)=K1{7u#i_4`M>XD{9CLP+@G+UBTY1Zi^%jC{W-RUND12 z|1=OYdFIh+#2lSOixk)B9vyx7?fl^V$=Sc+w%^Qj&VX1EpJ1OlA_EQ@F?HZ!|H8h^ zF{Wa6a4fjbS7xD?#AAURMdBp!+#-!wW&-e1k-B6wcSA{p4~e-w;sJZyKzJnCwb0ju z%p;+l1T-6EBw#Lg8i(3cN1e>EuOtqAM{cnl9SUR=d7jFGJRx2nL86s=0C6@Tup63E zAGEWo;sH<4TX~v+-AoC>;QI)p7PEeG5D1Bi6DQA6x?eLjebJ@Dki;*Qw_!5j>b6n^ zt>*0a(4r09>L$}Atu|91G%MVWPa-iJFtir)=>C@TPv@U~GzhV;5-IlE@Fuk{S+_;X zfSL;ufahQfeSkYFeMPClu0VdGwSMp5^wZ(q0c5`EtCK+-*l(@>;b=c$Ve5u=Elph_ z3ai_d+zBXkKPH&IJ<}%Lx*z@b@rSd6o+G~Ke1EBdng~4R?rkuOZ$*l=ev*Ok%b`&= z9_o9UHFYZs0A7!GrZ~n-URxiMz$l0+q5+nL|7%J4&e%qo-U8;LHFHR@-~kg&CWiW1 zZDW7E%zTY}Aw$%n0)ajfu5QhZl00^LY&-_B!rsi~9u5+2jA!vq5^wbC04z5kS-iiY zl~!1wt2kTSFg?S#kt}j#$F3VitqHP`5VbzWRndO;toydx(_j7*ZHj5IDUT*m;KV@g zg572q`I$JD7Hz0NkW;u=1zXn``ScxNf{Q#o3$@vml7zN$Q#lq@Y&_W?gg=6_r=U}! z6&C8i8Ox0TU{3#1LGECkrO^G~ z#n8>m!5~q9sh;I@>9HZUuRS+(e1`;d$x_&&@meYXp%NHlMzEeJc8wrn0FZ*Bxh+V* zI-HOxPOS8RV;Mu4lpmt9U%V*Qd4 zCn5USJ2=gk0KWtjGLIw$jEjQ?|I@dJXUE<5hhP90WAM{dGviP~8Sbw`dPzMpCg5US zJVpt=s^OH>Vpm#vvg%4q`;YJEk;je^hGS@Jf@5`YqE#8vO-Yx`?e7A6whoFP^vm18v>r#LW{)vG+f=ZroRP za^K05TiZ?pfo$OL$>xNyiw=4kgrub3?fy=aK&J;(3COh!WFGYxj}<@8XG_ z4CKC_2~2(8V|#pV|CvkwD*EB+L3jWCfircN>0|Exzx_Nz|6AMJkMw^h&mIeA$fQpQ zb2rY|cQ;vB5RBR6#SkjUr4Dp8#lhoN|6M&b>0bx=U5*XRqyLvXS@~c7^+^AB@zjhg zebaE#!!(;I4l3<5&LC)QI!-k8|ET60$A%^q=aKu14E-LI-2N!el<>LK zgb6A7S}rcdlhlM&G_d*1xF-FVM?bE?6XwzX&Q@0cxBL9%i%0sui|1d(1gg!l(qW8Q zm_#vFJir9L#vw70wq4{V=?c`9#DFnjE?iC4ss*TGNphf;sa*?0*gO*=eBJUrcJ6xx z?)RBX|Jo`@1q|}o@M7^k=F$K2=UMr`z5S^FyPGF%fNnyes#}2uvgo7}8|CU?T6W?+ z{kwsT{Xqw9IWL^;hD*nUiw@!wyuJIP^KxhF<*Vo0uXo+&TkVnSwqLv&;gLJQ_~nZ& zmu$bpgWa9M)@bzn#bCGneD~FByo;Kz)JcrbI7Nh@#RsZnJJ^%0Q=IDR-Z6+ecXnUwN#d4lYGwxzJ&O z;wbPcH-wy!4m~RQU4rQy^z~cgi3uBTn&_bE%=|vaQ<9Xhn(V+^$vl(7{~$B429yrkr5|hYaCIRY^tP#n@@s}w1P-wfL8CIC5Zu6f&jZK z)zgP0tbd$&(MLE8@k}0RvzXv$Xz1WcCdbqi`;kfw0QPTgE|{Z}nO9{*%$Rms0dtd7 z*5Kr;Gb02cy~KjF%vx`n**<~!#&|1VRN<|ej z${R%i8XXD0-ZPNRjTW4c9EeozoLVJR2 zAAwG$N7-i0-c(~*rvqrPq0_V3iB9Y=+fSb4VVb1=B^Xl+j*&sR(MyAzmVe;qN)DX64LgmFz~7V4CGvIZ2jd zH_J1e+h;lPjB{*f9^+9wBZc8QWtx~F9WPN8GEsC18bW$$lX@Ne8C42DldBFmRY^=n z)tL5bw_Hya25k-cizo{?Zk z)^{bjPr;2uBH{mpU>k8(R%K4lJE%`x)Qb8Y`1k*3@7ufL#+7~l_ovWtXD*P94NVee zcHfh|E+I@dYw}Y#|h(ZB#{+UOKPfU%+x3{z4Og@UZh zj@;Icsu(1119!Rq;RWDu8jm~;GPyj2CL&ApqeN{vk{DG<%EQKBR}eIn%h*heO`N{9 zVvwO3wn(-WC?gbUaP^hteptjT!>G8f6aX(=zahpg1ASdC#BmYlQ5rMP)T89QPFb;B zNoxN&;$d_7+fSouxu1%cd>?oM#| z9$m6Ls*2un@C8=Yx}8a8Q-&YZK=oD_LPaeW2|k+WM=R$xta>z{Q=U0;21`*XsAt7+ zjXZ$`qck$jVZ=>ufldi{60j7`^)kzr>=ZM0_|8d1DqF2K3|m^-hc`m`WJpeMQt2w0 zLs!zhevUVIMS<3R4}?azr_V(0Wko{PdY_HyC@TOXa{kTY320tyYr)U5v;AjzvuiaKOo$&Gz0~B*lk42@iPIEAN zr3+fEeP-2vJ91%PZ9)MzhQdrdC4$vL)XK#Am6COP`iuPZ26%r3s{}%{g5e9?w_Au! zvZiU6^iD^PxF+)FC~o2B76`_DP5D_psssKsdQ?NDd<7yU4GlQ%9%<8}0XDZJVNajN zqy!#@sP$+K3?P$Ng8jni=NUanF5yRc+w$|fcj^UEazc-|eVVzdlgd2iFY@ts6~sl0 zBUT7+ly=ngL*f94s9M^4nu+~4sGY#0rdHuZdDtg38;Y;g>Gr@MLT!5)Kvq>w_h^Fx z@!56!u^Nbbp3y|mKm(uL8@V57ET>9+u2w9t?8cyUP_s$10L)>Dhf$E5!y6s5cptRx z^6(%F`|OGl%~<%N7z|h@+#YeCZEwGM;oiW+Y!5A;7J0j6Z;`+`a)jn~TO}M(qZj8P z^@v;wu{9A0#GiWa?c42dbf2*bZ1m%v&;n1t$cfzlA>o;J*#>aBX0AD1^0>Vx(AKru zA-6I?f^)B@jS0P+dwu39W5P0yw(!81(91_Ofo({;+m!`Lit1f?fSo0~v^fz~SQ}d8 zBbMY^s+u}I;rNy)1W?P=+bMNvJ&mG+4&1d=b0?o=KR#>Xk#zX)KCR9Ya_zzOiE_)Q zvHE|W6(WcCBQA3D8WO>qT7vP!_;8OW0z{YuHSE;Ztb#|IujWW$`a zKD?6k9kDFp;fbQIN1iBcU=v7L=8i*}wyKtjEbfuDHBdHYmn_2{Da0OEe*((1PE-ua zACjrPe5-#%Nm%(|bS4l_ozW~9ozXncOm*;P5XrTy-vuKkrBe8j$HG25R8A*KX;p0{ zzU?W!z!4Xc58BD|Nh(_`|I^dDg2N+FbOriXkG$mxGac~k>60C&de00>4<523p5>@p z)AHeKPQw>8rb&RfU~hFgn*_1om8+Q~m|1vb*hBqpt0PPFBt4Sg@~%}=*hA`%(6NFh z6Fb;=85B^Ua(zrE3bkD6)qHXw+enQYguWv5bzN2wV8~G3+tz!;?gY7f3}h`&pz$UQ7(z%yu*Zj#m}w>Rws+HefWaO%e0Bi(IZ{ZEP>ctcFHyn$x7E;b~y zlmF3>_z*o2Cks!A7>&u8jUf_Mr$b(ppp$Bw)gfn<20TYi?fjRVA!**}^Cp zVp&p9RqFM1%d2Zc3NctsQpE8lNqD0w6*VRjN{u5}zDa@+=f>+yFG^D@%X~uChv|+S zC5W^Pag1pe5_PyBhd+G!39{DSV7|2u2H0DURnT*X+noAZ0UZv+#qZ; z-nLtvfAoIe*b-m7iXp7fGn67ls&v+vIl6y$QkT2h|W(7DQqh{=z>- z3mcvhAHvL+d{%2yp&5FYJq4^b9qOz~C9FkB3us#4Izoj2gOM@_q(*wF7~%=DBu!|( zR&}98haD=g7H-pUhMXH(BH8duTc0RO!vvl%a`axIp6Xi@y#X7_MA27tt*rqWHM2w4 zbEUKZ``8;EGBn2U$T6eghb+q3y972e5&eht$WO1L7U4op&uX-zT9{}%K$9}U%!S4a zwmvoWi;GF=lGkTEhAVF?Y{gbb5#)s5t{YOmaNG|F=*fR#L zpv6~T;6_Okx>#Xt#Z*fmA_`eRGZX(N<)PuowJQ&JqtoNh^4epArb%YEj9q`?e2?~wJ@Roax96T326&iP~kYc<3E@C@{A> zuuyG?t57;Po{%caOBgO4&a-|%HNGL$gI3!qci#lK&_UCzNJao=J&tOE?p!PKfREDx zOsP@-1%{R8mvZ7!bttlw0;orJp6$Mg;7yPg^5^zgSuKQNMaih*K;Xd?;~tvgWnE2J zSdjZs%ZJkjm%i#-ZL%m2IdAP`Wx+mqm&6ltn8;I-AbBPknmjZUrG7^H!GvEmRUfE< zHs>lVd(1-?LvzwJp7_f68qew~ioU|AfzZk({u&0_Q>EcusftKln#^HS@u*ZT)2w2l z0}2~CK@11u2~r_v$YwQwQXE5ZX>NxyQm`^KnV_;$6|-I^mV`{6bhUk4mT#20-#F%1 z2cML(RZmSQB^nU+Nlx(ytm?t?U+7&$5)VqAWN2wPKHp%MVZR)4xO1U72022=b8CRt zMCn#g9#$cXid2Y7MtQi*BD$%e-LY7M5k?AvVA;6fLOt4B}wtM7^ zKGN{<5TB&a%m~GBC%{7A+6WFRo51w3G`t#m9C!JWM`s*Nz%sb!4=ZU8KBaOsY9Ahz z!6Tn9*rW&fHZdfC6hjV^O@wvrk&n8#-)~^2n@XD27?hk+*%>MQqmn}7=#nLJovD~h zG>qU^n(;ncNK3G&-M6mDGnII%lC6%F8QyF-I`NVG-KJ?njG31#rW5-H5OxmxR_Y zoQFc0f~hv`@0li<_Q*H3*&?kp@0eX`3&7Wr$ib-~E(@u0mNCn-C=ikz@k}1WI~@n# zwQ9;s;RMA?>-xIwj=FlRa+LI&W^fQ;1+XI#WK?EblXa}MCc$g{e|CTRQ6*^Jgd!bp zcoHFdZ&^9Sx)A#f*xy93%$!YlSV#qA_jn{NoCW3uE>ydPLX1Qma#dP=?%YW{E z{#?38yDjd_F7e6Djfbnyy&+rV$?o*FY+Y>lHTsM3 zn98%7RhUiAvIVPg#S``|9j-Dz(Qw{Ior=J==%r)2qvhrlEdosTSMrqsp zpmjSgi`lI0D&qwc35(50o#~P4$Rd*=z#C#&-ep8Rsy)%9bfDBDP~n?$Gn8bf!?VzM zUZ_`u{8=zLJKU3l*9ZHjB=kcHIv=uk0^Pnz_V-Q>$cKL)yp;t6G^a5i`Xee#VQ0qw zXx(JrBy0Qc-o8E9KV91(r?t!$A!j1`kCknM9K1d`Alu~N?Mq34{7Qa4e)ncdb^`uh z8F+vL)d`1CT_ zdvkDle7Jw2yGVP~NO{b4YNf*A6fgT*T%^AMV`(}`lNoO1Euu%=JNgUIbj$Owk_T^n zj3=aVpl*ufGfuJX=h*g>?6kA&l+!FB&C~UFLfhBH|C%5FMZHl9;VqEEmqmbE9{+vk z$+H#y+r2zBfmxoohaejsCWDNsfVV})9GXV&H4fxu*P&_pzJ~N_??8LxwX*Xh|7P)+ zz^nlV0RSZ$oWw*c@3Z`hu|&(G1fe8}6;&M_wbg9}XqEaC66J!$1K%0(F*8>yS65dR z5K1QsBuScA+Mhyxl_-m%m=C!yo?K&^UHEA-bS~Hg!e93sPa|S_7$Ms6N}MK-42lG_ z`HrU>;b@R3xcKx48`CK6Sr@1O$D+g`xUC@soKpeeG}k`fEH^aOX-*A*ckcKvxBhPx z0&Xt;>ytYE>(1`>3jh6Ho=(S{0&%t}tTu?*j-Vd>3E4l~+J8xM&SQZFC0uS)O!y9p zZ10tnr3&$2)~s+}zyD{+^{-i;*g6YnO8Ze90rF@}jn(;J?07t?|1_4vl@N8yl>8o!&;a5-Pxjp}9S;n(DoL@b2`2Wt%PM!Zh-R(YE@&EgH zmf-)VqYQlJVBpbf1_FW0^Bm$GLF{1dag3mMXy*e8eZ&`obiU*K3OY^T505Ts9EETa zJ&+Y_Z_6m|`T4N`E0VzhQsyl7HlH%qu=J&r`) zHX_X~*pRh>{?a9nHi+B|4H%#SPyowy3@=fyjd&Uy*)uSLKHT&ZKCn^~0jUgt0c^IL z0P72<6*cvuoLoUDyL^=KD>YSps28aup4RPF>N}!ve~O8wZ_e|&RE`88ZL>wl$?^w} z65_hVZ}x)87(vv{mi)e^4ll<2L-DJk19M}=KqK~P?>TXQOOEzVPCmRletAL;j*s6R zgHfmP($sS`wkLAB~;1Fk{uX*G2vAAIxY_WM72M1Fz& z|H-p@{I93aR{G!jd2V<9lcyUKegkaJTDBjYAn+fTtP{1{sOTD;=PvQztNl^$fBA^1 z)WlT*I`oz@jT={MF#B|7#p{q9&^LAZ`jeel+e5S_*B{FaIUUwg$v4*|=XxJ2&u2b{ zE3sH*`PQ$-D#0|Q*@Wj)a@ZWWjg?xQ+5JIm{UCahZ&%B%w;!4}_k4@vk5O0-VayC! zXiN!~z%%BBWkyk(9Yz9~IzhUd)4%O(l+#BiQok3OOBJfD-Q0RFM<2+$fve-`L!Cji zh054j7B6P_T55Ps6vSQit=~H0)n87fYSpMpHvE#_6Cu%ntV^MPUCC#5F&i)*%~(2B zN-GsZE!qU&^JlQis?bp(VW_v-Fp15r_Y|O;{V;tv&8=Yi?K2( zp-R*wn95Xfj_BlyqtZ0>s}?I}J=eDiF!J+D3ruIk;;}DAYF5t30^c!DvpyXMSn&{j zoPzzYH9bP8c>PH=hmKFsx?L(eVeQYr6V#0RB4vTEy`p`~Uq_)nT?W+@^ZM2*;O^bK zY*($=>tFr3J^xpeX94y<_x!j0^l6>{Kiz(|;{W&YEW!T|KBWlIrcj#Dz!WCPbd8zK zW4tm6fMF@O4#iEhsBVWklc%bzNCL9^1pbW1Cjfj&T(5b_q=-atdu23apj^=?hEPEu zAVhyslCJi!c@4k~rFpFKtOxvWD{E=ZpRRPIB9j~TIca_Az^Dhu#e0e5v3loK3d*RiW!z6INF zh-HwnV8eF~2bIuwrQe*@_fc+ux1iruB!eQ3k=ogPUV2~HM{1lW^{{v*&C~=7^}Bu1 z`6xk+z{2y@qSJJTDy6!08d@uFmnN`23oE6mdY74OE0yfu@45Z{FVJykz63C5|9{eb z_G5kj|8aMFwg2D8v&8=YiX|+Az;;T(r&xG-hub(_=ozATINml^xcKsnF&&wtYOUGPG-4Pb+2lrV*;lM(Yn72F&U^OSw`b}yM^3PZ2PY2z3NLjzV@Z+>4=%n8l2m>S)zk5;M`6V1F93Ku`RE+ zpJy$nO{{%G%Th{$Xz8Fz(a%XhbG>g*Pi)C(p2C)?PuzO3Kwx|Raw~T+dAlfBUxXKI zvd|j5V3Rv7LC7!v1w(|@IwPL!`gY?5+sjWT(#r?3&Y$hj)n@9*0(#Gh54G8|xMi-D zml4&EGV>dnruufusQP80&qvne= z`kx=4t>nLZd6vKbw=aOJ0Pbzu4^9#Q9xbnVEnL0!?Z-;6s4+mTD#Mc=*#OwUO0B~E z%Ey+Qd$0ZKzL8BkVmE7iK0DJ)ei{vGg;luxI{OpO@s%VSwd-8XlAGB0zq!A;_8m8< z78cA441Nk_Q(Lpz1iruL_WVCjV-(Ql?ErK5|Mu>7{rvyz$)0GAOIu5a4zDRsgRWhx}=~K(mS(2baw|6q2V&xm}s!78c)A3G+18 zU-TieVro)hm1UN7%yUh0{y%gaZ?xzBj%-tIzy6CnTFm@ouKc(AwBi5p^yzB--^;Va z`ac4{uP9NV02)Vl$Z|rpHUeh{%HN8=(8Y?p>wcnJg)?R{rtIU%x{2G z$;}NUzTI$O0a+jTYU}iz13c z4e_Hc=#*N8svE$$<5uefHE4Pu#uF1e-JL%YwW2IbOZWonwlt1%IUqv*0UjYz+QnvD zIf^u8**+EQ=SEhr(`?v9*6XO~M5dKinnF%Xu}ZnZtqCpeb=6_0`_@4#+tt!_wY#P|8EV+phT0v1&-Wy6 z7k|da+s%c_^uE@1w`6O;F`dHXYp++3Azo{QTO#Kf3o8|yeMNXUSU>>o1M})v$tpT{ z0L5#s!kxNrwG6V3!q)WuLo0g&p;9@7+}UH)Hv?^EuND{d#Km3GnmyIauoexs(lzm91Z(Xd}muX$^-B5ADF$M?HFs?)gY8w&%m2MCl^5zn{hcRdd{v{s4& zX(WHw|3iKh zQ}u;hfTmRyN7#mxSZVKbvX1w27Gb4;+31AlI^!&l9B8MV%v5O(L2{8? zzcG8Pbls|a82<*hv{1i8vgUbG-1NOs_SXKUeu)W$4Ip zON1}useeZ%FZ?<)7t;>+$kUhL-c5$ue&t?asKC9n#7Z+p7UQ4G2m#F&H=Oyw1+K=M zOvdWH`^NNi3XQb79`z6&8K3>yskgkkno=yzb}XnYr?%pBMaP`yZ&X&D7EENP?dlol z`LBXyZQHwFP6casR~bE-(c0&ykWRlDs=^=9VR2fog?+yeEZeAD{?%w( zrkmR3pP3!h);D+UpSHd!ORX@zxf9DmwQtPbwux0HUuE6l`K*g~xM3yba|qUfW82Eb-Fww0s1ZX;HUm)=XD zQY4Ug`*TIjhYP4-86=h}!j+gu7rLu0*AmK}FR_%RjiPJT!vKDo?RfN`c z)a?l?1>(wItR$7VR)k*sM<%_^Am*2P!6xRdI5Nw;T5k*WwMF~=^_n;app1L*6Zb8+S zxF+6BF^p?XWz|!Yf6(T5ZZ5Dqz9xSbJZHBOTUw`pRuE*-aD?gs3`$lpfnIJ7)VD#L z2MbuhuMeq3OHH=GQQfFEr)H11P#wz_ z{Dme9a%`)GOHLRq?c8~$=z^*Xw{@UqjSn`cy4)H=fx%F|U{7jCiH4B2WQR@>^z_le z91>J0pxLK{Zy~TR+@i0-3d*Fv3YH}`{oFKm0Aglyoz0kq#9lFJLn^Bp*|lYArmXG- zcD}}r(q7}2XA2em#I5*3^-S>>p2V%~xf`o$(=E+mTWuvSSj?B@a&3yMTQIuTli*)? zmP~EaoS8CZR;0DXZBK<+>HcQ;2e-HXx}sSUCBp?wfam&uZ8z+{x;v}*Klk!1VgL0( z4LG5FUgQY)p7A(_aN%?~%k0<86-<9hhcn<`k2%k03BawT**;UC|1zElu6E^hi3RAo zfw+`)^ww*Vu_62PbCiU{^|If73;*%xT8!wIEd%hr>SM*d%r$T#_ZV=YQ26B{&v-J7<@O+($&yf^@X$*hh0Wdu(*jD; zjEBk?n^=)GeFt2gjmLAy15t^IRz@M)8u2SH=UWB%cH}e(J*>r(wRl!a$MRkH+wjMS z{w&G={Sk}D(J#8JY0$A5Wpc9QdqIUTaELPx&eKOte13CABs`4;@E z$annyf3hw3SHBnyx8y(ir?^bE%7XedxF}NC`-Jn@7gwqC*zeN|=dquUQ|Iyjb2{Wb z%_3e1a`^HMUx*_vx&Dt2_Fld@@W zyW2ZI*8RV_KXzB^|6ZPs4mqk5$Xc|NG^!yrXUuXM z(wz28oY$#fycT$ol(TfM@kB>4|2KV};Gd_%4D_-RA~? zNrkZ$jiNEdjSx%q)LzO}^I%cwqvGIshIfX_0?xdcNXw?Oc0HKex#8ZJxgjp?80-oojO5fN4ITGx}r}4z%Pv zg<#~o4IXz+$zS-nCg=V+hMw0T3=i~a4x|<%W_0;ASsYgSJ{!|Q=-+rCVO7muIM>)W zuo%<05C-o2JA3|C1L-_|3~{kmlF!3=R+7&Hd2Bvw2N9gfXs<~#0-h9vAf7=P3i1A? z<8(sLZxw6te3J;q$j3vS?f3N#q{%qXH;fH~!v86k%Z>nUq`!uEf zD30=I#cdzZv*NZ7;rjhHro<*Zkjl2!f0!_ zJ#tC22tYELF}1(x1=#ce-QOv{yyepz$XW=$w&q@wg#+4ugCGo4)iRxr8FNiu>8rOoW(>0F`#Hi6+6MB1P38fOn1RIY@q&FH_s_NG zP6KJ;HbHE`?_#uOH5Gu}PEr;`G$s*jBqA8GF%|MlhZq%RiB_1Qw_eX7B%h?LC#jB- zp+iVm?wvjD;-`~aA<7kUKqN@a1DdnYA%uOR<1}VH5<)IN;*MhhFV3mzxWvn*Nob)d z*d^;b)?^qZpByKr!+FK3a&kJfi|P8^UBByvtRKu!75?i0sJi#R^waTLs@6*_w` zAygHAWHOrI2OvkT?ZsDgBGyPWDCv-Wwx*(WuWhQJ1cK#|{BZD==SLY6EXmgtJtzs4 z1ko&`6Niu}XDWKbY)W+yhj>DSCOT1tNDges$9jCn30c3edbO|OK{R?mkqp;`(Lh}a z!X089T`>7Yt{L_z&nStK0nf$?@>d~#3VSS6kO(=2_Y#oAX%a9jtj~H*$IL!^Vs$Ez zp4Dm5k=;CHkUPX0Wny=@(;=$qND%^Sc8KMmR4yP46*9M=ZpzTF8BP{~0j zF>v#mHw9mfxKL60O9FH9p2x+QRUO7Q$>BgxG1qf9iCxWGz#?^BL~{%yA?Xw(oX8Fh z6ndzLcoHSU3dOGHIt~p2Cd3;avU%k0K}s^_VHpW!D&3Weju{OkkyU|zXLG#_CQK0T0Or6dC&J8L@YsiOwHQyC7`uN`7_Y^?)21bP67 z?f}5HRjrw`)y>MxT0owi(?~l2uHNFblxDYeJi)>**yIgO(0?CLVb% z*hEQ!ZBT;pW0XuILebCr0Kq-0uNBm;A+M0D4(c$;gWR3qD<8LLh@@pwjEMNX2G6<_nzmqgA-$)+#Z>jAcBM1g=m^Co>dLt zyOjP}FoSShj>YHCmYjwrIM<}V`;;YtiOzI$<5U_Qrg7O~-}f8f96_}T&ZFM2)MxSP7hA}{8KJhmQ1F@B{%F0 zd(U;NrrDQnZ#OMW-&WOQnm})R+ublRp4v&KX^3=S!Ep=_+hjb!AYGo6 zJ!(Vs+;ul=z4_dAVXm*$lCCwaV@(7d8ir)8y@E%2iJ!?Lq^LS#0Dw-D&?l#5jJBZ2 zGNr+f3)XYYdSjnbp5??U=J})bi=xkhJci6ViaaP`MM?u^P*ls=Ks-+V5Im9OJ$FC* zlGpjxJiKuwW21uYJ|&(PvVezd!)fb??yWkaYj;HV%XCEdD|AG+y(2Wb{adc!$%7G1 lhD7AyvwBv~>iI68{~rJV|Nn@mQ;7hM3;Dc zVQyr3R8em|NM&qo0PKAUcpOKSuyzRx3}-eR%av3{4z?W4sl)czPLL(pmaQw29LKSP zRMTBE(@{@%r>aNN#1v_m?l$bXUE4?^V^S_g=kv1+j0Hpy9i?p1Rb)nf?mIe!32;cH0Si zve|65x4WDDo6TmU|K_@SyV`PHo4UKYdV6x4y4$k3?yg*S8_1qG6q-LZ;zQh)U2|Je z;{Hq?=s2zqeam%7Apw8^eQ3Mov;lqJMrq5<7>JG#3z-GrLF_vS#}>oLMv$PC1FNV2 zBBLq+J?lb*iRC&4Fqca}&r?4)rF+v|2@??mTb|Ee?b(UlGU#_5A6gE=U;>pb;^TUv z;!@xh-}gu%lex5nDGF{iW5}W@EQ)3lmO(+uvKY>%%a&iM6>9`xS{^w*tIMEd3_9#d zrV5FVaEAD>XroMYZrEh^=akTpkphvm98DYnXpX#1AOq*06yX zXJi-i?rrGP#GD*y`E*Y@m(3;~=_&Uo^+d<`9JFhQoY)0m8TsGSn{AN)Jw08guK0kqJtcjnaukJJ^BdAx2=n zf*fE}pi{P-vIJT|7^T4hw+2YXt=T4+b=-L{Ux7ZTyEQ=TnXcuO&rY<1KEptS0KbA{ z?Rm?ufWwDD`a(W9XHh*(YQs}eEdnMgS&qed>SEwQK8mZHAX=Mp+O`}dVfrr953p-9poUjtol!+qN^$@h+O}&z z+JD75E4jB;MA$(-BEYa~l;a6buv{0x;YHpEV2nb|vM9dt7rIT1OkHX$e&m zAO!iGxzI3NY|NyJpSshsNkfpE}EycO))c*vudy$wOTEnCjQ zveJl^I{9*lE=>!Z-^iig%>wXojZaJ8CX>j($RA~jXOedtL3qwGlw|Si9x8xg7n(bu z4IKkvA&ZBcGDd_fOSvd_@@cnt!x8FB&?bs}xvq@6#4lqsdBJc%P9r5AFGVi1Pd+j2 z?bJ%tmS#Q&PGi~ zCkIPBWLTxT(5Dn0z(hW@Y_0;*Wzj}(4gpm4{5l&bx<)c@**2&V`niZq6Pdt7xX9#x z+;mcHocw{O+AbuRA~(ob5@n~-+Y;d+5grhasQw>aHhfg25*?Au=-AZYWZGZw*WAW3 z_Fp!a%}4CN-fZ@i|L>$c{jO8S(68CT{$V;+g-+2+Ys9Bw({}5~Z0eIc`;PaKTu;>hlh5W)&Ht0}v^SmEfLRap|4td%ZaL9s+fviu zww6*9*t%UrYVAd)(j=sNs2v<+{?|)D3hb%bAit#(_Y}}|!$&DKm8$ln_Rv5?nDFZN| zMw#Y;pbX(UqC~P=BI$sxRU^42-J8xf;+Rvc=#ngVKrX-fR(jG64DU&A(ppipdUL9kHPPEJA-lD~p6A1mwvy{!ODhfI z@Z`6WOZTc)x>nyxS2`DMrHhI%)k=?SWeuI5Pj6nj5izCknj~GmvGc>Nbe))1mSI?4 zwvz8%eJi=fi5qSur&{S*ODheNGTcg5wX%jGmRq`Cvgw@anB1yY{VnNiI^QtL^4f%< zN`Y!;4KgO1&NqneNIR-?a@uO=uqX)*kpQn&v@HXOun4WLV)+{8TQ;3R%=EcRk* zaAIT<^orPf`U}$n`Vra)c`i23> zrNKZDnUPKiY?6YaBp?-N+n|ad4=nK!uJWxU!*xs%&%t))2nG zxBNPQHNWCw>vGnf+@g-D;a4DwkSb&7_;UMC@IgZWm7xs=8R!NiY7Qk($aH8hC=v_D z1kknx7#8KgKUs+IrbVzzCyN0QKWv6{CtzV`G6c$St5w$#kYtDqi`imuc!O!MQ|$A4 zHSDCGeG4hLbjy+_sbG-fj&M20JMOxVX+-$58%~W5r96;WwfVojQMq5vkd1ez5qjDl#h2u?#3Dh>xK|xGzo& zDE7t{KT7}t&K?G?Gfbd>5h2rXtDZ$Cl*^D4WR{VGFjI^}1nbhva2=u5GS@zzyH#Xb zkcGNvWbb$JY=cmkckwL4n8_hJ(t;^qIg$)D0XXXfSygBv0Oz1(vmNvx1X2u^PAX05 z08{~RP{{=;-5l4q45Y*x=M>+Bpkl@M>Dr>g%_z14#0Ka9v;eD~jc7#=yK|N)cP|j= z^QhWwEr24j-T97y3j+vSbI`Zu5TFbp$><26ZN&3HP%j{H9!SJhUQgB^|};bVnyZHY~bW{&KPGW_>mVk&_q^- z8C8UlT?e-1%reFmEr*R02Ubys>~zcV5iUW4EfSsD8mXAtfE48pa!Wz4Q{zRh@v%J~ zodashYV9coN;6Wdr3w!UEYv4#44Xm|k&s-@8&=E3O_A@^CWTL>zUx5SmSUUKidD-O z!b9pEY;-ZqiHM+4=!xjlh*}|gnJsrqt`@qYLZvcmo{sk-szAF0+){JprM1-_Bo$2} z-cqdhN-Vo2fNW&=*mW$UllDRp+H4%nV_MH)%16x++y`_P=uAfeqbQ$z5=<7xf6}?+ zQlw;;-iGUFIDsm(Y+Bj2h)+88B}=J7q)vQPCAtW=2&o~ugcxj%6eW1~)0K~FD@xbW znck_1k`0`-Dmm)<00Mokrjw0RIHF%GvgHh1R^`zdNabTS z(kQ4v0*VMZ03!o2NnWgn+6g8hL6_B#ubV7^|_yj5f`5sf?ge0UCo?$X>C|wK%319B^v@QVq{Tehu1k_|3c6Hs>v> zYdEfxVm(i+Irfu9T9&Ed*Ha~oP$#f3Msuz~1$o12F6=+rptQD7CshYMI*uD8 zT_Dc6&)u%mf$G_?-Wj~{5avrQVQ++Dq1$b`ny+LrQCq!^#BjT4WbU(XGTMEhUaLd3UxI;K^p_*R*t0LzemWOiL`?L9eGAdw0ibEk{Jr?@L3o=h$Zy3=3+ z>7F4TURj0pK(a-pkl}ik)NMlYXbCNkbqQ4)k!jVcoqQZojmGjTu3C}9W;0*Hn@F>qFF% z*vghs*=A8|lRIt#RazWWB;2Wk=@7zh)pF=K;npM3nx`U84QUFKhrOAca0(~fvZ1w% zkq<4WQ|ir{3D2wpr`|xE*05?Y7!aN8ETUQ+JH_bkq+-!TRB!6klnFLO{b0HY+JZB6 z5qzQ|HLSUD=_z3_w8gOv+9^Q9{E^GdrlzQvELsKibvF(Xpwa z{=p>h(SpzTO{bk`gR0zGJNoR>L_o|;Y2YmDFAbD5Jt4pdn#{%w1|5oJt30=_vtI}` zCK)&(jD*fs_^N@4=Wr}v*#zd~SfxPD&?U1RtbmR1UEJBoWhiw$&C4ZhgBUKAA~S_45OWCg&hjf3HdB>-@8}~^gCbEE9BO4IbaL(!%M1-2W=}zfHi{gxR+VaNXv9dt!tFoVol%*_7%ZI_ z(2k!>%v%MDi0c8k79D?_G0pZZVp$Ye6-;gA=XYKHJ?vx&x`F}`bm%C%7?>8-T0>fH zj0PXL_F}e-I2diO$SuWS(-}+~b{^lUH!($Y@0^-S3?6M-^X3HzH0)M|R$--e8*Y`W z(sUe!+%n2iiC6-m4(VaWj@Sv{wrZdSk~G-o*oY9;X=uT-EyJSbFN3IUkSPB~J*q`& z&MeK1)zozrX!^9ps3V7~dPUv)yb{w)s96k6ZNP94Ty-_&?jx^1>iV>j+Pz`xOVQ;< z8J)IeX5P_dq#{xgAWV>n_(l+&23nVhhPZaY9i%=AOrkPIeBjr`3}F@-T0n*-;+f!8 z48f=j`Jw6t+e7RH^rpd-R6t0YA7_+$wCOU*>2sA^+YzFS7aM9^eUaN3u!@ML(U4Ag z;1-CVE(T%@^TKk_N{l-LuahuSLx(Ccg2d%V^jMd&Gl~$`88(&!c>1BD=n7?YSY@lx zKPzXG>^HF*#4G`vQ=8IYz#`0aLYS7?4>9FST}=XoYO&4@SY~-s6Dtq{tQVQ_5_rKn zgANmOp9H9GptvGvRH7!TUfS|WxN|#z%Xa*deUo5lG6{C{O%6>;=I$Sw+C8>!3heKj znCKgw8XBAgV-xze{Mb&=H+lf<9U2|z1jyn$zzZHf=`1O+m|QV6H)$|~n4c6%IaLSq zoK?&q!i^%F*LesaAa_FsuPS1PW12Y8=dOgF*H0hb$|__ zokLTjgOfabpijUU@0*w!>fblqHvz`?O^lCC4)WEO?-ts~W{DU)*C7_$bznO)+$szY z7wCD|^{_?Nb4GAUoUvu&FOayJzm$6$38__?ts=#>MVMqKu3;%NnG1EX&&s^9`bKM` zG0Vr^<}?^qETxr(Em*W{ws}58S6+bT=-8!ra2SpYZ079rE6Bxl&DA1zvV0f&y34>p zW!owv$3PvOYPY*Hur^gzb*U&krs= zL(7MYK~Z*@ZShmP+#|rc7FJ<7?8B$EWk^5}9Ken{2TnH2F)WiRwtOprDlpuqYe8EA zl@i*hK*}P70mOXIoUY<(ttK_wj~cp+n>8h4YW$7mh|bjHs_rq^u;iY&#EOz_yL`Zw zUDuqqY~6P_3yAM}9xS6yrW4dC;w5O=HGZDE3hh$O36vYQ2*yN$uN64CPFR=A6YgNlPMpgAhwFK?XMn@O%brNwb7P9-DVk^3s<3f`wX}6#FYw zbq`P1=w{)P+ig+{H7c&ly`ap~8QN@TK34!i2{C!n2_VA|ItJ2mD|AZfS7+l6RUOM$ z^HJ^I+7fr*7H#2$VtPx4iXE!?@~sw&utiGPR~89v_nT)kOpFu;mb6gU>7Bj=z*t58wSEBOl>Bs#N{)c@O-{A-joz? zOjJUS$!kX_j;vY#4Bz^(tOKo1+r=*&Tpc>QS%Zowz(ZIE+OnW&W=)J7;X>Nx^wupa?v6Bl5_OA9}#l;W%`A2)0hx>kgDK1J{gMH4|{sr`7tIl1qu+%tib17f3M%}GfaY$hJA*X#8~ zaG2rkmZH0?i>$a9B&KFFg@;e49uNvP&;lyvvSTX+A?*<=2>9|P+~-n_w;W-HGSR3; zlu~gttKTg$Zy5}^?Bqa(z8vn$g`A4;=TttOWmQ_y(3|NVBIYcidnrTwlIU3^RG^s# zzDD(1D&CB3lL&=Skb|6Oaj^_wL#JGWWdzFZ9KudCvQKzR0)3q{(v?0H&;O_YMC1R* z_KyxuOrF>_mdpQ=&-F&*|GV<1@_(L`hb@0|GRd&a^{bNfhEfHKjJzp5*|5m_i_x5g z=GP47k>%)g7Jxz1_X1=KslfmdO9YGMM!9lZ8zSv6R3i zYKrNn5)rp%xXL!bQm--vIGhy4LPQ$7JVnenMoiNpmX8P+;F;qRiH&-`(_A{2KbMu} z`DtXSsYp5+(+!&{1qx??rL$_DU|yAgjz}s8ZIPvtAUua~dTz|iDT5(jm# zl`zPWp)5`g-nRI`sF|6WA|#cB0>fG{1Z9@o zJe{iAu<`320yBDQ)R|6T`Jl=SNFUB}&(}PtS`G{JqNYc)*4L{<3Pa;`a1^PztsNIh zb28Z3<|U~ZqXuMMrnZB?LG$6$+C`( z32;LP^IR;G_^Xt*GCON07I-wQv<2(b>Jr6vqybk{baWHp z)aX8UBw57ge!Yzwi;!5x#*G1yw15XOtRf#_vTQyD&Tq(ElE}g;kGHtlBcY9{zR)cP zS{wXAhHx@JahJkD_($SZB5_2`o^grF(v$3n_V7dB+KbJ?vw@DMa zjwl=`cfxD%h68;g!ySw(2QOLcux(5=-#AwGi7+yKCdFl5R~1?s!wslNMWT7dBcMN$ z@jk*Ct0XqKcpQdf+Q^Kc%C95n2(48NmE}1RMny|Q-wI<|=1O8xWcO!V=}J-1E)kgF zM(ixAZ)b|e!A|w(B{Klxa!tnG&M>7x7{xPbX^-=fMb(z6;Yn(dmyyr?5xxryjCdrF zyuU(bIA9Y1f{IIgY5{ag{{tNz^Det=hbXTCgC_3bS-rJ>C;^1UzRbL9QZh2Y2 zrYI$k9L!#_J*j^++^Pp1_HVKY0R3-W_HG|_O*HOeU({QRA7RP`Rp`{1pGyvXL_4t) zlq^hq(Rmq+d~6|Reb1sgcpeZpOB#@!Q?r62$Ivt>*&7h)U{?9OMJn2L7%T|iQDZ`v z)k0BK5isLGDY}DVBQ?UJ{)6lrB~{!a5_+^zHYW<| zfI#z`G}ER_4Ht2@Bw#^Up*v6c6LzusHc3H)T>wOhN-j-Q!+IDL=Q;-AXTyp}n<|`_ z4MR3cC%cd*pps~J6GaBDc32|9oYom6P5XTWm1;K2sX-FbvYVfuPY3sO#=gx^HrO@f z7$|dUH}B8jiSGYF&r4yJtMbI{0WP!upX=I`i{AgR>D2!J$$47b|J&zS)V7B)}^Wt+fvU7IU<{X@dwBc90OTh zwB2&1g0PwLDg2b>_-=~o7%9x*r)*dxsVakSQ1~e#;HN13lqNjHR%4&xTXR&uVrYif zO2Q+Y6FhKJY{ZDjyYs;~-((|*C1ByVLsO;ipu~kQUouiJxG?&X4Ya857M3f>wil^Y zVfpFAsl|yuQTcCJ8R0Naov^E*m%ab1CmX&0tEcx={@0W8w1Z)GA)gj|%dY10U4R^R zJt_-q?jHiU<`6EziAo~EEgJ4d54$}qc^M-cKc_-L|5Tso{I}h*o4M4$Df&m+bIK>6 zjb-M4Z+6qB$o%g)HUCf2^UCqjT~ACri_Xs{4(%S8XlrXb+Sb-~>ti3)*4DNO?AqDZ z)^=LCZ=|oS?W3=I{O{qT+uGWIv3p{qt?lyXwY6RG(zdqWwzaigac^5&E!)=iqnWn0 z!du(gp5a|{{DN(5ZGU;^`0&(VTU*=c@zIfEBg4msM~>|sJx2dOLjONJa%@EYF+6gd z{>RFUj2;^vJw7`A$?=J!yGD=i9X-mv9vdEJ|Iq>;9p!cD8&+%R6GOX>?xLTL@-o8= z$llT&U3wE&Tye$lt?cikdq-~?RS1mVG(LLsC`XJ|JUYtJ8@*+8=o3Q}=i__#y?@`x zaZ!Hs=-!c=M=rSKf>Bmw?C9RTAK%L{=fFpf?Hy)l4<8$T{wJS5dVJ5w@x3EQM@Ej0 zQ1m36y|?V;5QdKrw>{jp_t;)a(NX$|HpkxY`{#Y5#~EVBhj$*^Il=()GNZ>R;Uh!D(=R?0Ih-y5>e%q`O}v|iM{gS4%jg=`hS2b_;jx?d zj2_!Fa?{Aj@sT~Z?4hHGp}O~Gh7t#Ld}QP}?Z?q$bUZx#@Wbe_==W`HZTI;TqmymV z+F`!*UB~bI-hco44?p?tzkU2|S8RRCGxxpblmB`1RYOl4|Mr*Pxbrc8Z5;jWgC98b z=o^3ci+}jbXWu)Ye&^5s7UXXD{X5pZ_YKc@($$y$)q(%}wZ1dYnEu(o>F>Ye*t_5Q z`s?2F*zPMQ&)xru`@WPc{`8!`=yX1M|D%4?|G3eI<{tmC(_ZkYzkAx}Gk^b^4?pMb zH+}la-+I-*e)cOr7%M&SnZzglamssh^|sx;hrj>NAH4L{mi?V4yySl!Is3=2+i>Ca zU1vS@#Wy{_(thj2HP_Z(JNw03W}d$JSO4-K-~7<+Us%XqG~DqwZ@FvZ;@7`%$vtoX z;g(w=HeMh>RV>pA~_XHyZhg6zdiqt|9$r4-p4)dj5i+n z)a1E6J$K#l@(n#_-TUe5W*>g}{ck=}>)JYh)BNwQ{pQIPkwd> zcq};W(J%kjT_0Yoy!FE`*>Lsuj=%QwYYX$Qe8RE)Pk!U*%inwNTR;5V!Dsldy6=V4 z;2Xcn`p2e!KCp1;3%`EM$9rq<{@P1!J!9L&5AVJHKb*JWz-7<)bnc10v+usP_`p{#PS#%0`y=cBzW?LT zUH62=yMOwPXMX0${p)tW{9o^Q@FVlT^d4J%O#9B?Ua<8&XT9kYFZsa*e|YfBhyLbW zH$CKh_p(n`UiZu&A3)zd`oI~_`>${O>)~YYXx~Tv?b?CwY(4*u5B-z(?{9qL_5aj; z`MZYS_N=XU-sjwP{k!kG#R=UxBL5AOf<=We;>>hU}OZU5A|i}&w4Bf0;Ri639Gr;z?x{_dAOY2h_b zIsR8a|JKC7(GP4qa!KujH(uqv@R?8O_`_A(&VT9;9ysTm9oOCR^v`b{xbD2u?!9K~ zk46so|9Wuz+c!QqeQ)80ogD`^JpQLgPkY|+uU)=v%Vp=i^`>igzwI|y-3C7W><7N} z(qpgx_KW}f6L%arW8i}ye98JNzH{Ym?Ol&qcuLRPH{5j7OYS`S>oy9bdZR z6`RgRU2QM_-1yTUer(4#pZvp-gU@;Hdrtf1#H)`lJaxi+>2r1u?%(#Tj*B04??cxw z-1MxT=YUt8HE{crFF4)3@M-T{|EhPEAL#qZE84$*<_G#d_rVLEw(E6we&+Sx_CNcj z_VcfL?q$zTI`2$hXUu^oK4$kDdcXOCZ6j~!eaXA-`_PwvdHR#@xp&u#-+A|EYhQly z9iux&AO86Nd0#4Z=I!&zdu}j(^4_c4ukU%?m6zZ3w1>Zb;P+=-b^H0Xr~mZ!*KdBX zRD5#(J%#dRuiEvNPo2K&sw3xgt$Xb?Pdsx}c@_{3#_22W+&)-vf!Ykj?{=?5q%-wE0<$<^T9@T#fj{o%m79%a4y z{&iN@#BV=(;2YmMw|e~>J~4LqDd)fB74AFJ_dm*f;0vce@X?>V;w@)??a0^HKkj(u zrLRBZ*utBi`#@sgNPg=*_l|!m^WIlnf7b`zab@Rie{=fl{yzDnN5A0(cR!|M>la>q z^orLGJ^Y5}K5$_7fv0V~$Ev_Y*FE=cJ^Q2Ux85`Pw>zHuE%Wqm-1GG>-g@gDuXy}3 zUjOBfeCoDGUGR+Qmp^^el|5UkFaBbmx9=O7XT0O7_DuB?Up?>YSMK`kP1*ck9(>9N zFMDtO-Cx~t^|4o6{cQ5_r%&wp>N$5m=ht_gHki1f>%Rs+^s+ZiTy^K)eW--qedX(4 z)AO6erCndV@}thD?s&^=^<8f|awNa$yKMu<5B>A)uetf&yC-KqGrsjblP`L7*I8eG z{%3yo7k=tKaLy0@dhC5q9{JpzU--p~e>r;am0vskaj$>> zTRwE!#~yq1&j0-OI{n?CXb z@3|Yk@!M-Vk3Y+P$N&Dz-&}ppv6#yGShM^B69(QHx{V#eIcK-H`&wl-zxBc%Md*Arwi(mY`Tkrd?+k19> z=8cPQO&|E?+n;*Q-@SL?@&9z_!Q=(+yYH4;+AlrSf5+)RzU@8VPd)bhr@mqKslOUL z_XQjN@$R`V5B|%W&$8-|-*M}|f8~l-J^9Ri-r&Y(z3qoMcl3+k@^8QRhMPZd?;G~^ zzX<>Cw=cTm7Z24w{HxLH`tSPYw@Ysy*yLYy+2?M!_KOb={o_QH?6>#09m_{DAW@7w$j-~Qa=-~H0}?VlU}%8&L}w~`ljz3*$c;m7{> zJNj}rlh?iPuCJnhdTnKDbn4Yt_q^og?xPl7`rtDkdd)9xvmQS4AAWJu4gc`=H&3}A zdd)*G={xhrul)6mbG4)R$G3mx(SPw^`H9at?IC!<-TzTL;~yV&|3_xb8_#^}raQ0w z`Hkn7A9~si*B77ldGnX&fAp_^y!n5fzCQi6-*12Z?50PXkN%G{t?E|) z@pgwQ@Z3VpE5P)>{G6H%LxZCOAKo$Z;z!ziIrXgZiQ4~{)ezxnp6Y9L`>AJ{`=7e9 z4fp@|hD6L9rT%V%tb$meBW})B#{Dh5VIsXg{E;OJfwFoswaT-1r|VZ z=Ng|RgQh}y3m~a)Ch#`FEE1Oh5oFY`<;&a~q!Y{|Kz!^vWtP85CTXa zQvppZK|K!?0_$B5IfU2%L&pTE3R(bN`Slb*zwV)exK=p13?b`0u5X)Z^V!mK3`=axiMO;KVwT}c|S#kJ|h36&%9BC05|15!WYKpFF zBj_XmAQg9hn$(JNh)i3h0$`C%8ZA+*X&YJ{7KG5sD2j$Mv)F}TIJFq8oD|h`ZZto- z$YP@%SQX(Nk=|6iY6^f+3`SuUt%yhwBpsoU-C(~8{C!wn6Z%uIyae{Fjq#doi#V1T z{5Tj|Mg+SojZQ;xI`${U-YDA^4kCQ%TwGQbMdIo7*&zpO7~w&_$qPMCO!r|}M;L5k z4Fefl3{o;mDj7331Tn3FYBra|1H9O)2Amb=By8IId_R8Kjt+%bE-M5@D6AgWzEnr@(h?IE z8L)<)p}kFeIJs2dCmWr~WysZ|HbV=n9tYpJST=^z2gD<%R*l12up;0Atvbcqji)Fa z^h&`z?|Cgy+%jXusR%x}ll^v$E~Z1{N&Z{Lu!^5yhP1|2TdOlP9^!8!Psc@0;7K3) z>O^V~@ya4D81tH|2K*$LV6l!cV6Cr?%Z&qNyAJw9cFEFQ4IQaym6?;nVjTcd)U1J} z0klVG%r4C!9=faPhaCA4=(Wf#Lza(W7UuwCnG6vQM~ge9ndR6>AqVGObVZhbe}uT2 z2+o==zf3fqnP_#b2#!g_trX4VWkY3+ss^l+%jg2FuIWoA3y3W6aZ9^)B1GmB&=+w} zhtzx#*Pw*jUXuJ~L#VOew#(4#R=6O~KpQActjkfD2l?zSYZ)#?&rkyjWocDbCqJlu zA+J6uk@%xi>$@11QNIldX`$zbN-R?wzn$2{z^U1GC#VsTJ6hU}lN!{tG8KK7l@GIp z6*N@yf;j^*fS7CvO_V|F4Mph_pG*4aNU zh6Yc&S|#K%yQ5``XHd4G)+=H4EWeDm!WE_KXyy#FSi)qpSBw<(i&GSQB<$m|{HiGu6yutAiWnWA#Qiz@i@5@(!N+Rg`TjOTcvKCH*#_*s}bgZSs7)t(n|YopQv;4`!3Lz zSJ;1=y569yH}A!u%n7A)MVm&vpvlkMkmVhC~)7+C_S5^`cIvWfhW6 zr(>mpE}n+fN;#d7)d@MBmQ~2O=(t+BfQuPdE0u3C<4TCPL^~LAga#d})r!4ugom7x ztLw4r4;?;~6c-f^nTL`Ea40FxYVSsNbvhbt$AUf%B|E{PWC=mPh7nFe)LWwV>|-MxpBhZYZAa%gdVqroE;*#d}LMR z_#|z+#_S1bW4ZI+U0u=h-#wdpdQQcEo{Yyt9&$|N7#3o8cR10^LdJGQP2Ksfu2QbFX>)H+zH3Wwm(jDS2#Z}^33bIc+r7zWQ`t?a{FbR) zZ=rj0p?gz0+m*}Zw{-V*U3^NawfZbM|JR=Sfj!ISf9P(A|K7Ce)cNm|@`UF?wK^82R|0};Kvi|3@xqSDj`F}DV=vf!a zsXdoVK$U{K0GM%-2-#pKA`MsqESU(b;!^PwpIlHMl?ltB7^&-D;Cz~Ap05#v#hvVp zN$8vApXZ5B^w}U2pd@Bdecr_;Q;&49C^9N0QouxWu16A8Xo(J zp-KQLVuS0?L{V`~T1?r{1!|%+zh*6_u)2Ru6vVJ<#1s>Et_8)cDkRmIg5nyt#)U!n zBPg-5ALI#*fb+r}&aiU`Da`^;jbk@6XQ6qmdXvio5)I4GBRy~ar#vml|25|UTT=e# z@?F`kd{q8-^`6TAcv7Br6{yF%nO}*m`RWqwfMsH27rh2dYaUVv#1Uh7x}TdYSncTmSg$qj1xO!Q~-^K#-Qz44k~m}36fA=yn^(fB>?bj z=u-j<+V>%+-#8B6_T=z>+sk zxHbYiAVH?=2zIl%YqO826s)!}c`l(@wVVvB`4tyim$TjX3@$<=lc4{ntmTK%)m}Sx zZNx*NDD;}m6Sea~X)xrAOrLx-(8B6+;vmH`rqyIT74)oK*sXag@o@^QUoZYtzVqOl z%*Ux-AjkAv%khIZo@>eSPJrr zB*kAR+S?Q2lK>gR)b@6E=efMOo3d^)REP4o#_!JNS-&0EX8~VS4->i3Eh2J(Lk`Fy z>d>sIrTj0|Y?~iLKvj14yHpqwBJ*{Kem(1UBAkO89A2ceO{FAP`NV^;5H>M(Kw}m; zChvuC(s2M-_Ea-`S%A#eijm=BcJVb&j13N6!UkZ?M|d3il>*3wv!sicA$_wEXWD4E z7v(Vr77bnChtF6sem+8e4p#~Vwxoz-c^>i$;0UV-fQQ|MI=l66x`Lp|u4myV)V797 z5ab61z(pypZ;j0%j4czT=)6wt!?qfK+w`TMrvN{1YYa^>snD0EhoO@yx@J8^tjlS= ztcunN80TYHDp^KKL}-eLrI=5aqdxhz?7LMYR%b&#l0ltmJ1MjPtDcQS4)u0De|o!^ z)u9+Jo-SR~O0ZIWCcp6%+UkZ1CY$J}QJf_RmnogE>8wO&3 zF5#K+TyqlHh`x~WsY)f%Fz2^Q0uMc}u`<%`0Z8$#iQEp5k{!0s;iu@C2!Rw?;5v3a zbSRVxOnxeEBez{AxB-GjTstF= zu913I$2PGFNbYMnpl@PoXlGyl)Y!y< z>D^-^gBj!-nNU%-;!-FBJI2+^F=x_;*spoPH6Jo2l_Ot;3u7K~`d!E2H(l|}l1A)F4XJh@(d%o&_RxGss~6T2Ps6^U!t*v&M4g}+Pzu0w_ugXyB{ z`ozc3%M>jK;yUqNjM58LDR2PQ`)uf2b0`)^S6iVqLMYMeJ~L&*4c0NVwm@=J{FY46?FWBGQy-zA!FNu1(nAm6+kj4 zj;gV@hF4>+s^Sd~fQqZsSgVKDYGuSuF*yY`7|@5d<-iU(Zsm*NhVjcqTS^wt7$m;f zt^sYTO$NM*ZKfP$S)|QJnsp;qStNEBUIy-3=uIzB39>0owU(+Z6K|ja;9FJX*8E9i zxDJ)~UA@5qIY=cw@Gwd-@hr11(FIGvWx+&xZx8&>odR8|ULWVt82rSxV!GxnDn|&D4{dGiHyHfE_@=_^+{FX7@_9|(Rq(baXRkVBD1U39{Ih1w9@%jz?CqFGu zI+m(WD%3E>HOHZ1I=H$Q5`bOT2OBICWINQ*5@LR-(IxOt*%t9r$TuG05hnE++6-Fo zwa&#gr;qF-2p2#$cv~X7czkDeO=FZ)K!$Jb67g?ZtMbSVw^`h#SKk2ajU-?;bPJ>jO$q9 zRn8a0e}a0?Sv|v@-4>6F?%N#QJ<9aGAH+b|GDPp-)#Hrm&|IVuixUS6INq47pgWxST3E>_mnLP znEG$6u^;`lnuzJxF8wq ztkc5WGbQ9-G6DoSW-A~N<%s~mIXf({Ct|~diV=OdGxw)w*UFYd#J1p=gJe=RPkmg^ zU5Km=|F84=^^$=FBBW}SKUPrzQrE(@0z*-X}3$$#uN#arxblttc$(&I<29Q4JG$$k9#j?^B&i702K~A zLmjmify*SJ+;wl9K~&g{jE_xB^^Hyy6!Xm@uXDZeU;JiT9(P=IwLrSrd!np$P z=v?gAy!e`50>^xFB=chZ2;+GqXsUuRA0Q#7fxM9HVqg!I_-;=p+ozTJRSnl6u8o+# zkgvjy>jR8T3)7MByVUw+aZ0kN@Dz$)!){sbA|(LOwh`hyX&ez26T)}1*j$o1dt@>Y zr7g-0CtiUHZXpaOQPVhE?GkU(BAyNFnLRrv#&%_>B}&ePj(IMRv}tEApkwl%sR_i^ zc*`mK6(j=7`e?(n9OfSp+Y_%^!cAy-%pTg5W`Ujj_@>O{QUFO-lE0Ot6&f^>h%V90 zm$-6&;VEz7AJto^_m)fi#_pm@DBBB^FA0Dpx~2zCAXbNK7!*dRvqIwmIdc|v9TveL zkMa_}M@|KFk@=}utA5Q1Z!ydK*A7Ca)RBU42(E^T07?J}E5@>pGSmlyb}y987KFQt z5Aw;ui3W)Z(uS4BA?ARhtS_Y zI61jQ<(?(#YON1mG&RvT-9I+Eb7)rt!g6h|rmCtlI!N1Jvf99o>G83#VMb$L|J2Zh zgOTF7D1Y=CLj%K&<-^5C4opuD_D>8>O%IMcmIY1F&lIWeosQff$)`quqAPWp-=2@;C)+k9w!AHBCHw zK`pSjsPESA5y$!Y;xGJn1ECB6eBafuE#&y=DqKh#L9D=by**x#%c-=IAL$@gAZYvW z;S|@P;*gao27=-ZIFY(zqzxCNao4pct;-QZM1K)(%PN8NLNyHWqAH=4La%9AYKz5G zUWim);FT9zsC;QvC0P#BWVqEdsX6H?JBveQ4K0gN)%8(}#aKEyMm=qX?eVqTL>gDE zHPt7?R#mCx6-zlwLKuQcJD9c2j}N6~`aTNF_iU}&x(Ih|f>r=Z*`xZ{2~5%`@Mc{H zYkmbeK97rQojH27?P@o*m5O{KQB_}Ym%rO-*(pV!p&Ir za_drSk|G&-*)lX2D{&G^TB_d0#4jos;ixDb#}+E9oPK)PB7bVwE`a2vX3;1FUke#_ z>|g@fh$2btKd`u%(h6vDRcly=dWdP7i7yrWsgecqJsd$P)1M2##bv$L0DB$a9Vqk5 zwIZ`IhFXamPn=0Qyl_9oVHsOmm;ep!EipY?2pf*6{s9bvZo207|zH*tyS|z0%(Oh5fP;K zB1WD~B`?J?ERKRN5~s$P9&K{Oo$3J6N5Ub*N3iqRtgd&Fn+%aNP4gAYN8AJ{f;c7SJ}dzJ>X=Ek ze>}ko7Qn&vxon#M*OTeWukQrxMNYlAL;_>yqY2@$R25`bmF;U=4r*wUm5?5cbUF=E zDQb5%ztTp>Yy0}cA+$O}I4$ynQcDoUk&fwLu^kj_t4PK}9J!$c0uz~RkvG-R9JhEW zGJNKPnNY(`_F1BF3^tq%iX2w}S~zw1xKAAVVxqNpj7OAh;p|JTR6>|qTOjF{O3Bvh zE^!V>)CRz))SOvlPWu=-q=fJ^atznx@$Ort9JFFWVkJA^;;yXQlYK{jDXP{?g=5iVCm&jBQwEc>huWbKp0NJpv$jEKxp`ayb*)@#l zqDv~S&DandJStv$VQz@Gq{h}^9ZG@;6G7M?jf^cPfeJ0SN}RmVqf+J|j`s*Bn~>Yy z4*CL#!0j_L=0Y2msKbUJa<-C;Vc3*FBTfdVn^`hqN+IJtwJ~Yp;0*zoT$PD25ORVq$hmh$)I1vrDb@) z!Ug^&5!SenK5}Ge4$}tH8atrp*>zT$9l)c)Ekb%^FBzzvKHe5rA(6=-Gl8g>QL=25 z;!_)J5Ij+8p;J;?U)gobv?NDSzJ>E7MY_VjQggwJ%WD{=ind$Sv|O#l&u+u5lU zJCY?_(L7p&wgyru=@Z_@`$irN+@74vCC}6Bs%=IET8{o^N!vw7jy5;RT28aU7Ux_M zjR@9aV42&KtZ=GClB|cc-;G#=+yc!Zh8VaQ|?Z1OS^n-(b8mJu9p=B-*AKC5Ci z0NZrwa$YMz##(u>xVSA70uY5B6;G|S5Us;nX#kX1x*Hn0V4KkT&s)YL+4AHJOR6LY zPtRTKs}i+K%**_;({k0F+gOzyx~oB3R#m^_sy0@~$j5bAm;Y#1v9WTLVH`^2ZKf$A zP3GEiU*o?tPDashbiJ&?1t59K)@`l(*3cXO)23Qejw~aU8!%@AjxJvIytDr;H zWGyH#4U-Hb_6gc6Zy~75r&$21VW>dAvU2zypAp+Kta?2E2dPm&eY z314`X`X60$`}R+Q$u4kV*Qw>!+@2&|QnWBuaUkKBrxx2kzr}XRFdV%(I8P?KF6>&$ zN@!t-#4Mr254OD+-Qib^tVpR?Gfb1XON#LpBy$s!QMMG4yvvC67NvAkBXt`_Wyu)+ zCxav2F0(4OzR;;9Vri)#QXE>)1%lBpAG}?0d;Jt$cf>VOe1pOFP>b5@ zl}wcyK|>Dlp<|$aHT2`UKfd63KCYo{nI<0_5s5^bEDf7&M6LjM?DVV=G>#Fm%8uof z8OK6z82iFyq7dkNmREFe!LzX3kzkJw7*l8G3ip$d2+B#xE`PJez&U3ErMRDs$T(LO*XkS}#OsPZn^p=A=mX~4E+RP{!cvxE_;G_J!jA0lKmS%G6JwvKZ{U7-Oli%aZ+O}hH#iAbZ_ zIud#UCRD3-;!1(V8;$M*s;w2NS1XeE?2S12u%wjNLeqvy;!2Luos$6a z+$j9yuMG3xNk~}CWd+V5097hQT7@5X7EX5P2MADYG zecj>Fos-i;QK2e%6IaoLJox|wN_!!65I0pe6f>pntT>>wQu&5Q zckA_oIE`eeCBBWkVs3@wK*fHSY&|R}!VFj*cWw|BV)zltZ$3{#w8oMe?K1H@yiHO7 zJu)NzQo9v}pp4p4(B1_;fB7=rSFXj3vm$}BJItqepLGFrsp|vcT+D@rZ_3Nt_$lzb z7FOEvN-hTnT1Mb30)#5xlU-m&vV4X`)X(rfo#DaFXM;(ERMr*KH3&6R(y$6IcO8~> zg(n)bGgJX5ex{5w7&<0OS9}o>%m!Rx&2tLQlVp=I5*~%p{ZlxhGqBMu6B-?w2+`gy zHMw+0O9AxlpX^TU9_i~(P44c?_w-73g)Z{ZOhb`iNgO;RT{1XZo^lR~YRAgjIi5kj zi#IuBGR(#53VZ- zpZ{pczzMeLug=rz5Pp&(nM%f0OC~$Pe8n;lmb6dj~t&j>+@Dn1`H69~!gr5CZ=vgib*uHWldz)qzHp@vE^@f@3=| zSD1xvb_!{2DlszeJ&QLZ53TwYROKgEBZpSo+r@!1AGuJ1z@vZ_Fp1sHS9IqnZ)HXsHeK7nLX{4OTsbL!E>L3l zPjG2JBe)OxbsBgyqOTcnLeLUSgxV zu8yjc$`Xf+^<$p7uC6V-&0zgz$rh9Ov3t8Mr+n_z@Z`DubopX;Ya-Gv zzf28J>hF0|Y#6AtyOaovNcqV}1G{-pULnfQa2dX|O*Md^kKY#R*TIJVz7C#9%_?(x zDaQ=0ah{#6SZC+rn7Fk{C4{Ne;_b7H+Ih1HQAw9_HS@k9ku2y z0!-K8$wny-6b@&7ze-&hB;v+4$P0J;A9!RAqYquLPZD1dyQnRQ|e~6o6)3c~P!^GiIXvyq) zY&>8@kk5O(zi%(9lR!4;;{YR-dY6rbKD~?i5+Tp{$y;k@d1}|j7PRX@Pw+itJ*{6u zrYG@e35`TM7-i`MSSEl%qVYuTtmT*mFrdy`syqH<8iLS8nj$|!KX+beXUDq}0F?Qk zn-~L6`jvnT-_%+z24r|Ib88dh=5jZTX%{mgj9vUky}7ElyWt|Ge9yAiFNJP|h+e-m z?3RhtJ2+Otk4AhGVXQAyHkw0r0n9_}(7M$8r6X7#_iP6v&~gOVLK!DyMqmKuT|A5M zv`}Oa0ib&;H-ir!);An^G7E}Kn&TlioEVR%ZMQ5D)YH~zwHU5oadE2vE;jyCjbIw; zH$8bn0cTVvx888D=jK@^5KqRhdKuB6Why2#-F79U53r~#ongISk3hFvq8X0J%)eA+{Ax-eQ!4 zyyxbS;}b=N7*Lw|3s_Q(tpWtEMAa8nMdB>_0r>{+hfLL~a-*0?M1(AxW|lHLE-n`H zjBEJFPjL=!l^Z)M_v>^8lFD=yE=;q{umGWkGTckTi}k8PysM^J(v%3S?(CM{=EZby zx%_68w}lcF0hG^n$9<1Si1#{O#HK}_36Ss3W)-8jCqi5jy=0N1Yu4in@HRwGsv?_u zA_WL?njpcy^9(tP1+#Hq3Fywoek7_yGXOrSdec;%P0wS?M}n6<*=o2L9dXlQDFV54 zE{+S0n2JKSTb`!+CiJ%{tz1ah-t z{W{`9zed11-frDTg!0h`$#o1-jHtegwHo3Bg+C3;$nlf1>;gq?9%2)j^snUlIJAAM zN>|YJmIt_&z~wJSo!*4{ASeh*VnjUGA&7s8;;hPteru&zSMkR6&ePl8 z*Qb3C`tXp}SzLQr)e;yeK0tJ|f=VYRyA4=8LF%Y>-|(g#*Q=3=`XU|q2zk)9=8&4! zptnbTZ7*MLd7<)BfNP?gsvBuDvymCGq97Ok+LEIyE0L9!lg+H$=qgKyP4yMuHC&re zyKOGV|DTrs=Ec8VTU7|x zyQu~pdN`OcAD2U5r%PY05R}(UYFadA*-)AF%$St3Go2!#fYaSnvGdR9#k#InynR4r`V0;iI7KK z6H)M;Y(mbn>#=GC0X>5qRc1`ViP zZ5hDw05yz}h}h7f4vp)Veqz3z>(9FYs%u?^U%CM9x#Aj;#QUBrt_|`jvVEOs*EuA3!qc!JAqZ;+Q42$T zh}IyIw#GU{5qK(r@SjEk;avVCkRdvIa&lO05m#Vvf3VzX52P`_a=IP(w!Q(}nA2O_ z<;(Mx_N!ZWOD+~tkB%aB>tuiEX7VQWbTg#_!vOliZX*S2B^i<#UXk3$q4ny2baG^# z&$wroC9z@bI2GLYNC)?=DC8~QlWo{L&b1Kq7E?{e%B?Dbs=XbkdxAn9Mv@R&jwvVS zq2;GaE>4+6CIW-4_cYh+Tt5F;(Cw_{C1{16E|#F>HKp$8K<>2 zG-T~TLvP(aebv|&d}feG2r zrMh&f9WcmytE_LD{g%5}U!{5uA?sv%;EHF>Y(fU|_wHU@({rqjpD>T@6(! z6o3k3jkPpjt-{kZQxdxw3|hRC{MJEz85pXg{6#JOQfQszxK8}TU!t! zR%Kq@65l-akOh&IYp8|T*!rX8TYvm%`MREc)6N-}dU2b?*J!}ktwpQ`ex63C)#By~ z(p9|owmUmJHD*k2hV3)UlquRh+qL%Cqs&{=Vn$eoXr3i`_Bb=PWy>=`UrM&f3c*H5 zbU?#XmG~{$@=OS8AzK#j)-V(Q#gvecrG-5idKkt-s_kG;6xv@le|AJiZR<46Icy01 zo|Bw-ETJ^oL;t5??~oV9Nv;Z5wWPaJ#Di8V8}Ja2k&lE9_t46xgLkL>qdhqE%Av|9 z#;mG>tvk(c-7{DWLlOlRNTuVT=5NC^Yg*p;(MMVQvh@B~5TRA?S?~yhrmBW!SHje* zWN{eu`E&C>jlVs8{vY_*C+aspRVI&pp`h};u=dI6#ZlkOZnNda=yW=rovp3E$qGS* z|987PyIX(j_I9^=y`Amu?$+Nro86t>?%z=7OHJDTP?R!i*Fh;;-G~gCbM74c3jC?jcGQ!gK;meq1BqCM+SQH z%{@QOHHcYmtS|aOKkuKP9G|>J3-?%Wtn)>66;v?=t_{QMsVo%5zSQGCt@09emsIoN zz$=&L)qPh+0{>zkxh(1-B)p6x`dSYXkIMup`xi&&AAdah z<<-h6O-RgGgi=n9tueVpz0I}dF<(K%A5*mQ$pHU+hefCc{>45V_?djWYx$QoDP~mM zS=xD5s;SGF`18lXd_RKAt1P@G(NrY0nf=5Lrh#E*zA*H}1X}zX_|X8LHCw}zUafrU zA03<@U3@&*e}5z=J{R*Z_-RldVKP59JIhg74V1Qp#SAOR8f~T?dOk%`4{}uaiXq=-bxp) zeRw~dze9tmPLd!zozh*y#MNbihp8}OHzs;sII)V#gJ2Sf!1An~CT_1`M;|&d$0`u2 zSrZ=#&&~u8d00+P505^cot|I3T3J;uvPUFCt(GpZ4Gx2I5$55Y=x;xNMlFhdV>C{1 zHh$Io{aRcMJ%#THfxWB$`b%BD-MBiotI!2!@13HVWw29v!$g$mp^U1qa!D7ia=?8F z_gn}ElMo^+^tF}#7gu;|^<9}V$NOz^YYUHmzW#sjblPEqf1;_z2EbyD9q6XJ9Rj}C>qyTS5+A~r@XA2s2~{kzGnI5k;NIv2$J z-%a%W_ZIMGqtWxwJDkV9*}=Vr`q!dh>jJ(V%1uP5x2;<}g#T|T|L?~!i4u}BFH52& z#+dE@?QCytcMAUB&F#(JlmGWIKA%3d*U@!2*#l-X3?l+OWx|)mACo<_-Ugy;uQ!fv z6K?WB0wsR(q_zVT<27WvmJ9|gXbeE>Ez<(HzIOm!Ap}p07(5~BRS)_TWoaJ!Xr~AN z3@813I1F!5vt@v(mweSYif~57F6SVrMfrlL8qxni*z3$rYFN%Ers($^N8vCe0m4ZF z^YR)$69FCCXM7C44-5^6k8?&4qZ22a9-t|186lz@?tWF~x{#q&8Si^|(&uf#i1lw!&?8tny!qIV86hU$^=RoO~1AHRPuJM{^+n^9a>q1zfnPgf*BsFEvCfNDeoLmY`*`mhajG zB>t^(!~F@|l56|TZ=0z3v3Untc&ics_WSRg1dp?E9+4Pw7BY+UaRdawIQhdXz*TE5 z9-m9~4x8OAn=xxeARfE+?*>TY>0^%Jh{Ol`Zjx;uH&JhA+iFSDOt$TZqnHE-{EOA< zSEI^+SVM6bS*yVz@-aD7nWqE-umHLT5dTDjoh=gkNH&3c0o~+BGId&%H?a@zTG8q_ z%MwxhYYh!BCq^2pgpU{R`YO1pEgx|NbI!JWEn6j>M1})96Q}3oAT1Mf6Ey*|xnf2( zoGm%Nwx0f_K1cIFs!?7wceTa5qN-rRnQ|9O;;?egNn zrAoDfZTIA*dVPZcXZS}lT|={#OVL<)?s#L7@l@QhH*gZ_H2v3IC&8+S0bS6kQY2H8 zI8{93NRk<#3R!F5P|Rp91*&d8CTW=Akw8|)`rq8Dn(zwrwb}Q7O(MYqzMv9kM*C|q2$v^V)9`MA6|@vDn78T!XT2Ys zE8O|~3;s62$$SHFuKe#5<^T3}Z~N)|KgOp%Zo*d?RamVCpp&lLkUFBW+iu-@}^AFNMivHO=V6Ob%+9~S)z1^qt z|0tgsjvBGUeVMO7${IJ;c4qTdtF^r0pl?Phm_c)nxL-k^KR0bwP~Slce5;2F?i0OM zs%EI7{K~vzrNlh`M8D@Wt7IZ8E*G&{&af)@(pAucX`z!svY|Z_-oH%Cf%Q*@(t^EZ(xz3pm^l5I1u+P$J z=kWZ#fsja%B2eYJ1zIs4Sckbd?-*tPW+XL`A)xl5K-<220B-_xml@*8ll&Dvcjo^p zdrsO4;~~A5{3@&%DM@wvWXU~N|Cg`EA6&=dR+yrv zJ1~lsB^kv^C8H>taPv*KI`yuwhJwjdDnLf(`AYkL=kq@aN8;I3i}`7o%rXGy*?*l* zQU33Cwx9ezkMj9qe%%s%{54eoF%9CevGTjT2_wS1w(!)%cHm9WSN{Vaf~15tHw= zM4J{m7JpXx|9ETSG(M_mTM1YGAttJRS!9x%&TWPT-bRF2z{x#ew^}Xx;^b?e&M*JD zGyhN0kfvcaZTS&q_q+ey-YnbyyPYTg{}`Vc_rGd~p)iShLRXLn%pa2=kE-Osncclw z9^By}UOj^9;uzB9*Jqq|`aoOWX%x``j$}F#mEt`h!gPU|HtqBo3JL<^Z~ld^F7AB( zQyP)^Pk-Pu*Z)`2|F(MDPyYW$`4rB7I>3I-QHP&!o{ec5{s9(c>Byhch&U(x(F}eo ze52;z$91~fo!kRUdP5p%9uc9Q6hgmYRpBf_lSjV?z1R64gmJ)G{~R_j&;ILniuqr* zcXl_Q&i`Y49{l{j7Bun12CCQq%Ll&^KVy517E<>nc3yz_0ITvJ2o6Ida!#NOm&J_v zdWUaQnkO?haOr9Mb=94xPvLWC{=Z1zul&sA|E2if?at1V{r4!JFA}i#*ShMdjnI>E zk+VxsELYM(+}`Lc^tEEjz+W&jZw9U^k9#eqvOx(?{{2iW738@%er+m$`qX{y!T&{0 zz5Db3UT0^w#Q&e{|Ht{%@PF9bzlH#Ke4W1{7TSsUftkw}Udr4rUEx>Wn9NA^i{qGP zqDYefV0}^LSeOT+_8Fz1^bYI}hR*!g|?P{Z&X$0H(VQ}^qlQ>%quJ5NzN z7$~$Q%Lvy@*3OEpHZQ~Jh-7E8y4iWMRktLi8TDzjhb|7ztipyV%`-@ey&x)_-ibdSm5ZF5H3EO)!};gJb~| zf1BJ^p{W00`o4I1zUsbkoBP0RCKLSHV(aPiK%e{Se=>LHJ>UP9?tiy7pW;6s<+D)U z)cT-r$9ZYg#S&XBz@4wm*jaMc;PqIo82`Um)4Z!QcyZJF?&m+l85!mgoAdZ%?)l%{ z+TAXm|LxtKr~HqP^0Ch~P7-D=bNX_F`+pTr;A0=pdmDje0}xzzYMf*CAsMAOATu6a zD@4^>T-oEC;6S+TQu2EqrX)bkf5-ohb+xvC$H(u_PR}p)PcHV*hqJfm`-exUe{p(t zc65j`ijtIEb37r*Ktvh)=HKx-xemz_SS2b-aOmGRln!a zcC=*DC$o=@L;EuCJ=;Uw210of;EeRM6lY{43L;74{G3Kn7>_C(6^&o36{0(V)8W!cd}Zm0XYo?a9InfiyQpo5u3 zCH@u5Cv7Va86c=a_Cz*XwBlXJh4EfvM$T|HM$JVM1~x^eLpH{n+dC|uxH~EbXH%Au ziFi75m$60v76&kA(8cm$mJoDOS>6rDazfSFSUP+6h0-{e=Ls3WO)lcaW?7pye90M# zhYBlKWV(S?MC|6?tLmu~4GaYYdP5c+{%--JkgKOOxZ>n9{a$WhsVYV71i_jCoW@!* z+!L&m;=Y=i7l`hih2R&7*R5Rg()O24ox9jY0#-)SNf-llyiKuB&PW>4pig`nOR}!Q zer7KlZ@XqK*I&-^D6-OG2^@;QD305*Qen*jQn5y&Ai@ESGjf|5CZ6W;KKr0@zEn*v z4+Hz044I4>TBLaxhuMKBTSQVe|DagOEel%gj9vkWNJb7{pQSV*X%-T88uv4tW_e;T zQH$3Uty{sMmFV_OJv&%X*9+>*;h6uf{h-cniPuf_&UMgN6Wy?&4@__zm|fxcK4;_S z?iVe;@I^X7t>JYof3Q|_!l@m2?&r@?q%atGX8s23HI4EKdCyxj7oC!?za`pQjS$kq z)H{;vuxeHluHLtlOz1UfMU-W&A+p{{B3EF}p}xtV(xW+9fR zU8p$G{LVf5S3#JfR&tLKT!4OpTJO>!YG;$A289QlO=0Zuga&A*)A=GJd~GgU7_E}{ zYe$^19ZjdxoY=GF4z_(R_=n{Kflti>%q2)4AXc2Q--?fhSmAD5H0wdWRj{hZ#H+97Uv8WXjrE znzM`qHf+vchS!3<@aFas++{ece|eG5L4CQ8=pWK3ASpjlVCuQ-_x`HIca6fiUC__r zP?1~U0&a$&z{S@lsS5d0-2J-R9QUETI+)+pd)n%jKP8N0qI}-L{*PqJs`lWVH_Et_ zmxcBY_7QLUFzcw9V)1a<&@-C**jgVzgES zeD!ZqI@xp8c>wt%naanH_D352vtO@RH1p>&9&Xpp;vaY_qaMwCC0egqOhYwaayhFI zdx!-!ucc-!>BIQDmO4?TYa=tBxv#A8t5w+}_UyHhYW;pk-M!!e(AD;4qE)BVR^nLK z_{%AB#W|5QWAmmYHKNKH$lvY_|B6g&;m;u8xkXsc6ai*uH24V!_#ndJq{7RYfD@3Y z`aGI+GfDXO@pnF;ud**~7CIjYA{@}&v-``^WB zQ&DS(UVVoG>I!^t8E)FTXFy}}owcU*j?lS`>)5#)R)I-%wbH7(Sm8@M%e|b_nQ!a& z{<+CgZ1tS!!!6(Iq$Hs%%UYfx+a1_y-voyR8 zBQhdK%*PQHxz0rTvsr`taN_macp^RiajK%j%hZ7;Od9= z(C5$J74RoTlw@LS&beMS+ce2!=&K#zij#z|Rkg9WVnL{J*=rQlXmHhXp2y~wW}Q#Q zB&K#ovc8|)vzUjv3QDofT!=aibqzHA`-7O*5gplZIK|Ez7v1{=*Cut))L;v~a zWB-T!^P|I$hx-@%ulM^$A3yYu&QJE=AKlg5EO3iz1PfY-{V>5g?v;Io8sn8gsAL!O zAzX3uycA9wF;a>6JcRF51g(U)EbLWpc2#^aj}~-1MX5#Ums!fzOmaEf@ArQ`JwN|ND`RhO!*#EQ0)lk&hZ|CTg?yxq#aYCAJC&^J@(*bI5rvSy`+(!!P#e9amyfNVSz$L}yq9lt}>NCWI&<;nfV5-{A+ zs$#0t`1bpr+j_^hHRMNgZD@7&ZfnT0&}NPhsCO{@WS!lGJQ7Za>gQC|WlY6yejzq~ zt`Dy0WP9>LJdhWHkqotnZ4ib-^ebuw$RSG*7ax5Z57B?n-~V3GLK80f&vz&rleoge zt%6KUTX8`m-k{bEn9-V%nw4?0*L8r}HDKB{m|D^5k{DgLlqZ)YB9end^=Nh z*LYX%jl0mMeACR8d~$|8Im4cuVNcGmCui7`GwjJ3_5jW>okvwsjJ9}}&X0PR{xz9Q zE6B`={k5Jq*nVaY)$tvsiFa~5wcEaz8oPcCJvmp5s4EU4L+nd|W6CH)I~NozvT zqtGX@7Kt;P$p04};8rcSY`NT&3qv*+Gw2KWyHPuH9u=#;mCuT+)PTiT#g3VFJI%8F zXE2*EW*LqmlD5KlNS9k#-lOdT@P1=7uB57pb_;N#$8fhRR8t~6NpmyC>xKq$x3dsu zO$iRdm@syh(m^SCjX=U~VJpJpEKA;!g7+nvMTdpal9Ia(LG{&%n~u%Rg9N`fVG;8r zDVyChGqcy}5+dVIh@(Ri;px1zNrh=tbai1T3ngPJE>2Z0Ch>7Ytri7X3ed734sjUe zDY+P@gpFwwEDE#OugDqTt-;bzi~Z(Xgw=fOn#`nZr@{RQ+a2q#O4sfz9*C?9OLK3k zcHun;QM(`?h^AejOOo^o+&tQu03$jYk+kY!)b5tyQEeywo7>tb<25M<>#ivlvSq~J z)}Gi`#OP1R2#bA!njf2}*=pL~c;cJt`(n8^;zoEy%xZSRk=fa;*ci2Cv`0I`VbqG~ zNXE>r6ys6_?)G>O_DFA~@`;QBq!1gCREDNh1FD)ymGV>dbEUdbd3`0f_I$qDQQ?iQ z)RJ(9qcFzriZnCldar!(3spoW{{~4{@xkXtA>6<0KM9WyP~>+iCoqmesUgw$Nt4bDP!! zoMCrbux6gYWpdJ1x2!$BbM5nf7!V()OTN-8_nPxi56!#jk7+>qGJ(CBjs5N3oUG={ zjE09puCrTbUVZbBqhvH9X)z78_2rUdDdtcLB&_o)3jf#MVoo#rEQ(EjZNUC(BGV5S zG<^L$e<6?dqF}3Y_Z0?P=w8iQnQ9-~{T`6k$3Sa0yuJF%-3gX~*XALtaRfd95|xne zc26|_mWWJ}YxpRo?)WPezftihUN=lj?F|Rwcfk+fF8YugUf>L;RY= z57twAd%iyZV&RipgUC|R*VPwObFZal6Y&xwNn{tj1Ce&poouNY2EhZINdfpiTTp?r zO-rKP1Sb#5&q`1q_f~3=JE^4v=FD5B`GRp)_j}(n-9c2A@8^~YGWx2yz2{^%uHDry zk+yh&op->0DaEHY)APc+ddF-1xtID&il&9*r&`IiKLdxtb^n*ZLJVQyQMa@)t){CP z#W5C=`dWdqsVDq{ybC8`{f&q{DsMf5G-hNto3BzWvVK1v-I3d=+Nt7(cQw+O?r0Rr3toGObc!!;huRIl3m>b>s#v#?_fMR+P(8Uh@D`_$`@?=< zs(O&g*3jWhDs1Q;Gj2&|V`71G?*ZlIsT-zS!saf7euw3%IvRELpDnhuT>bAtNzEBG zrsviF-`?IS)&K5vp6Y);#;2yPKUWd&UiI5m;vcO5`29oVH6*OYH)I9Y67}0#r&zPl~xCgxt0kY zU}SPl(gQk4a7s|~`&ZXpue;@Sn#eoA2_A$|n1zISKjs4>*^u`(%q)&%^VgVUH#EHp z~Ou zEM_2GUo}7ese*6*L|Gb6`uT7e-lFEe>g@N6n9t~8D2OmOt z5o!>U1pXTPS0oNxPuxI!DR$R7*@71Aqpmy_<^Vcv%o7U7)J^k9#KTo$Hl|F)X&764 zg@0=w?uyne#QzWoK=Xo>9%q^Mv?e$kJK>Z1NyQvx)HWluzoy_RRICU!ULlS3zr|aEHp^0iCt*B#T!d!}pT((Qp7>ax`#h;q_3y83 z=GA_dvj1g3<8t1=x%U6&Zl`GfZ}mD)_Wz@N9yA8_;k<-(0k40dy96~;>n-0N`V;y+ z`$m@aZ@{1LPTzh!JU)N5($#;S?7u&HwXz9+pB*2*5)GfBpK+L>Ax%+4M<@tWlu^D8 z1dC|kn{gNs^eg%XwF0#ANdo?i{$rK>5(U4+PyvmJ0PWlD4O(aCM{kb*^=f4mvY?6< z9JkNtPsB)op0hS5l9hIQ^n6Vr3AtjkF##kq3M-%?zBzt(^lD`_VyM;4kk=M4#WkJSgZLA9gK;8 zRh|k$Cr3YjTwp>R#_`Yrzz=IYBEbgA#vwx!f@7vpO1WN30tnNI2?+rA45yhyT@#y3 z?%iDZq_FthMBlvPU)ZP#@^Er^UxiVGS})Pcr?cb3&-Ui)CVFBeXbs)w8R}Q#HEWZs zjS_zh!`gE@|8{@=XDRs~kHYx2ReUHgR|}YT|F_%i74QGIwzr?;|6_ctptn^!q7SxO z2AWttbuG--3N0=B?~7>x)#Ufr)C!8Paw;wg#lm8D@oR4i?|4yohx6~7VB(etKAyt? z=HCDBmd^j~)A@g#&+PM`MOL`@vPWJ<5s8?Zt9(Gxm}CSTi&<3T3|xW_SY-HDWC5Q( z)%l4>Bo;yc!aMAG$sa=I+n>9f|3zfJ{h53Iw>yRN-|P0C;{P7yvxxlvFA(~FT|qAw za+Zjn;4q#e+rO9t@eb!dAW1~06B5sp`|30M{C9VDy2be4t={g|)A@glPr-Zcp6jm@ z{bREdoFuHR`H6M^B@pFb^V6|R{2_F7nap2{vmlX9Euk@qvx-GgPfaSf)`^NK+CB34O(Jz%E?+{QaS1&CKDQ)G3EUYt5_rX(*e!n ztn_e*>3l$RreM;s4IF@NB7fS{xwrf@arBGK$i+qApJg49AM{xZ*2-hD*<9@;5>A)2@l!Zl;%lA z!%?_wvDNA`T2W@zrj9!lShc$^TUzxFgb8E_{hqtuwMK<60+5u54u{{FUkYV>o}t5| zv-6{a{fpz%6LfNVakPgn#sm#%6w#Y79-)w-j3REm@FhnqPoVzIkfx#-6hlc$P}l2u zU2b4nkZ-~$LIZ;Qh~St6C{IurBaArLN|9VD-M&(h8E2VOAG5a6vL$t_o=a5Iu>$0* zl{-3IVn}@vA#V#brswc+JHH3MgYiyIfeOg6*T)ibqR|7M*m4MYh|wuDaCXvti6C zqBAp-t1=trq;ai0ZePA`NaZ+Hl@*ralBlYZ!UF6OStT5PxVShgVNlL+HFKbPep4K& zUmmJhGIm~#hsveAM|p?pt+`WWhe}X)F6vMT?H=_UD&f_aa#&oZed*dHRiiweox7i% z2dj)yxiR-RIS*6~r3%=+&&{G0Q2zUBpv)GrR(Ch)ik$X;OEC&3Jgb=e|9R_;W9nCx zpkVDKi%%@1FjbeGm|Y6OS=r@^Ka?JFNlW>Qr)HP2E?+Duy9{S|q;%{R`h7(zxJr3a zxN)s=u#|Ymj6T&8;~qD#H9TlRtE03EGuEIg>THSSnBD#1)}>~yb5_VX_LYk;GmYMz zGb2{Ob`pF4X&y0FUhXf2&)}5R4vU0VYK&684tlX@%5-#k7M}DF@5IA+w+b zcCO^IGdJ2)Qbd2tyqhyQQw zbhe7|pF3MSPyGKeK6B&0YC^k#1pZ1KdC_Q%`^RThE~z>+a}zvN-aAzFo)e&jkO;gl z-(*QxP`bgOTZ-gz+BM%%9K6O6j(w6!r;A&m)a?{m&5zIIOMUmt8K@O{tI=xT{JXtX zK;cD-hr`gfFU~7}nt{j+Q1#+rp+)I~Fh0leNM#bP`*l85)WWSL5$m%5A+Py6@|u6~ z3;sD*`wP0OiB zM3Zn7)0Et8jCt?Bwl|CZpH8pWebWCQ$q(IiK1PQw1YL)J$92c*1Z9~YOH(NBx$VwpT;xv6HY^# zGjx1-#2Q|b(%*=mHM}q&xGmbH^tZ<8&nHLc{ja^HOMMnN{|7(ppS(SKcly?w1a}%^ z_W9r5-su(dKXp1!?>`^s^9=p-O-e_|x-LTy&&>ZDk4QvEjr}N+DOrF?KvEW<6RqY4 z)Xyg*&Pc%3d}zRrlhFzI%<~q z!5Z&{9=087qepgp4a^kV8qAnTGft6A5dt&#ngB)nGp)0c7GSlTJnv4g$H6 zae$IEoZxgSojv^Lga!Z^&8<2+Yr|fr&9Dc*85Ts#@E|Zi%N}&T0zjDdHJU`k$ ze1BxkdP~pREZci}O%S6Kf)dKIQA+q2(s<7(m-i{q!W6MF&7**yY3%zn1qA@kJV7iU zz^S*!>Z!5Jq3IL%G>iKP@2gNn~im} zzJC1v?DYI%|KwtQT^|Xc)&tJBQuG6fCdi7Ds#;pje>z>~Fb5<6;^W*8@~ z*7LfXR;xkIrUQCghVJ#cUiY$M36F<@(T7ZCxH9j;5lzvQ<_JfS^^EgOgyRZkw|Z$N zrtHO6LmV-3xwgS+fe|fv*4G0HMF;V4$k%pC^Y!&_3W&rgPev)0dRxS>{NSl!VPC6^2(wK4f2Sf0r4@X znlR(r8q*tuk~jkv#S@Z|)IjPfNZoEp z+(aSE5FIM9Q<~?d?z_48E^d3fkG_lB-mbyAtFSiQo0I5-m~|5YTY1X&%AN@5JT%3A zM1p~VsHu6jmQYxR?Z;mRDQ+3kWwK3d8rK{rAp;CU#&WU{8?N91mug|Qgc|rBPYY@w z3D5}_LspsX49P=fLeR7bJfW%pdBgQpC zpQb67k6Pcy5sK(2^ueN;By)*)*CFCf&@zRt2v`0F`L05~YptE&kTNiqcb#Kia6lam zXlt2m>?#O7jY?Rd>??W(o;Bub-gQrffHMQ4V}Y>rFUFOIgv0@f{i!f}85*W^f-V)$ z5?^|QFpKdd1jZ%*eOa;Q!g97({e`#d^8@!Qpsj8Xku;@-rECh;aP*RbvEgj|PadB7y_X z3AQ_<0b*h76G`DB%$DmYG>)cdvojj3d1kB~P1q%sVuD#l(jUnbG{xU&7{k9=QMuR@ zJkkZi5l*G3W(3HfH72*H2d7n|E57XRShL>}3^zr+Zjs+{{&j<=!UVHU-KBaiamnY& zNQM~YiWxY6l9VPSjiy37#;AY%_TuRLJxA#`e2vY(JvH#ABPgWy7ts--iHL$gEDJ~q zn;X#)C#T5+`FmMcsZ8_v%8F)vx8L+qm8V@gl2pGwL zKBQ`I8HUcnp;h}_8Gr|NqsujejHb=a&C=QD2qsxWR0IcPfC-73Do|Q$gr>n=dtpj>9QzFRbC7SsG4IAS{#}?^Xc3wY82Rd~bS$ z4D~h<=Zvd6TX3wg&sF3#3x^j9hprK6$FZMsdqVN7B&E00kAr+T6zBa9VgcCI0Co#} zHb6LvxDXjdL`2d8QwV52Fkfi#t*)g|wZez4aTvMHo0_Bn!7YXOv59E}t+%{r)N6pzAO&9HQfGZdKsHY3oBQsS6Aj#_)&; zC660*f~GdTTePal$|e@gcP#6luanR_y-8rLn8W%y-lk>~UE5?9F04c9Gii!jJ-Ssr zVsTR-)zc&&M4_+Z53IiWbhS7a(xI=)6> zJhD3ORCI(}ZqpT34)Q3QZrc^z=JME0V=k%dE)K%7yU)plUK5C+5q3HnMtFoStGt+( z=w=-HW8gX%?1zks9B@d*pvmLuEIDleYZ4qIe1_s?86K(&WGXH<4npA+jz`q z$=`1&RlwS@fZ>DDa6?nU%M;LUq^AHB5nGJBP|livV&{ScJknz#tp^}Osge=%=EbfT zGa{*#CCmWdRKTrMbv)rRgqSnnapn3FIGg!S&Eit{S@;GC-;t&31MB1K;$ubxYnkB5a!vKzB0a~K{yRO`2pmr*t&N+)aUU%0V z#-6;WjLqLL<$K51!(q=_;Pc*FXi-j-&iSJ1HPBC^bOpiML3WB zv5F#s$YFW69T?DC3bZf`0Q75;Wh8ZFnlJ$zGsliHyfhGd8e&gFe2>#B@!%CraH8}# z!0YnUXRGt3>MYjFnQ2BxBbZ%m8w4U;+d$}Q2%8#0ky$JTsiPrjK=XHh$LzlJah%X= zDO@XY5e!g0{zGSJNFg6!gbf8qM+ZRKt%X$6bxU{cI$gP{p&0|PCCB0hr%!7rcZr`x z{%cGAItXK&P8kSf6&PxU?CBvpg{5;=PTZ)NZksc^sa_EsQPZcZ`gGkTcKM!EclA!= zvPRCW*fMWoSw0-1D7+&28YZAV^Y9Jx@C5%sWAJH`E7pd0U|E}U!BHLtq|FlIhr_9Q z6xNc1wo)1qZ=6k{H8YJ)#Wdy<+qNOLt_%SJ7=}g;#l5haKi0Rr!sg?8l!x{~5e+jb zvT>eKG$JucVfew+!GP;NVahU5St?H~1UeN6fd4Qhf`8MYvgKHW+1T)5+tuVcWi<4c z8n|IpeUc$^%UO7s*`5c_{PRo-pjXZ2rSa4%S2uWT%@{BA7@JG%g7&s^5W5P*OPd_k zWrGR^6U*UP>js488r{+{uw5`kUpZF;yV9)#mqAgz$Hu-adZ9d2e8_4(by<-txAtj` zFb;0UVMZd!)Ic05Z&D?&Y?_c)wrl6oAg3AFPA%)h@l-^x(IFznA~7z2!BlCQwN}d| z!mJfCGj6YX+?WPLMaaASR}-Cqp;_8?y)YVEfp@~E!P)ADG$U{jFsFS&19ZIq9&t8e zVXIHSIUYarWtY?TX)-;HkFH5N?TdqZxgpdnmJ7=>15Cu*0t7J&>Ix#{T3Jd|$vbta z$3ZF^SGZy{GMW?gmO4k8n{~`|Y$d{A>w2g8l91alV}jDS1ugCEBqc3T0*_^QBsC;6 z3gCI_XO>tsp**OCUY{TB|9E`z7KuRL{x|FE{}`m-H`dn=Pk%nSIDUVG-XFjH;R3xr zLgz>S`{DTf=n%a*JxBW|=)>9D^Zmo4Z~otj2%6+96PGSyqCs-tDC)g7DS1Azuf+2m|b2-QYBU z=P5V~2N79cH;N670^Mizvg5tjts)brBjTaFa{lKxiFa3CeFB zzB|TDRdDwavx3QnX3VY{vm}UTv9X>~2LOiVFuO~E z=x7kTLOAzHVz1<>R&Ci;n4lXRX00JjTfv|ZN+78Gd8@@p2F>2k^iXmX!91Q@Lv5*{ zy35!+o9d1NVDuD>mrH@@S|CK|M?R7lL|T!A#*74r^t{y6u@Hx|IG=Wj-Jf70(w!n8Pz%Md+v)wyVkLN%vO?N(!uD4?Y(U@2} z$(Qh0I-paU1M!0+T3Cb9BVj>#seo)34GPG;hc3l6DCA_;E^*IKNx&{q9)r6Eu3UvF z1bT#WC20Q^oJ4Q}ukMTJW+e%g4Z?e+I1cPy;m|g00xt8{gm_b~iV{L0GtF0plmotM z+#3RqwGGal5-tnjDnA?Z)hQe+CL**suM%c+KnW8liI5~~8DFSnH2bN%XSN+JSSdV@ z?0V>c#@9qX7*Kw0{?n!>Le`}#%e{z%7CldUG;KY?_LT!#=HbFiYkTA8nN;+wTc+HiIzjdbTNNWLa`<`{3?2I4b!C;qlvIrW$qar5Ypt$~ zLZ;&4dDk(C5;3hq>R*x6j?d@%Qa~p-jH`@kKv6#z=sDa$I_9p(RD@jdSrT!ZTfrW5 z%>OdXu4{36JI1>xA7_EkTq`9)xpyxwiZE^*$&r`q(U2 z61YM+y&31BJcojx*f9Y@RKUFv%`>qq?ut6z01J^FjYv@dNTpIGoX}2s=(b(aO&$(G zWbn8sj59@gwh3jwGq+%x81mi%?ll~v<1=H_0yl4o$Qu#|Ft&|wuLih%y)QJi367!- zG$BElPejBMH&d(bLIALiIky~%9593~bK{1jlQ4#EZ&U1(GbeL$fu$O-Iw-umjB3;I zwk#MX4BR4kMr;miy!x*3U=fsb`m0+m6|$+v*)qhukY5xV7nNc+X&zaucS}i&xJoOr zV-rFl*@DV95S-%|`N)=`_ocMX4!jIg?R0!jOT_0mK4}<5ACH~VAa5xhMFbs0G!NjG z8IK4Ek`L$aVA(~!4;3_G0oCWj(vV0*r0@&|o(KZWLP^hv#_qML?L-BL`cN$6I_X#% z_?C*Vnl7h>b}Yucr6QrGHm!3Bp^lKeEfl$=Gd!}oc2w78OrDOV1NU?!$8?6@tkT-U zY#RHXPg8P6Y19w@AeS~+jhYee@@hYi!FZ6{HFcrNXpuo42NCgx1ZR1wQ$N}RboFBf zSL+tJhGftcV>vO-2kQz_-mNGcY`8j%xYwy&kbl1a7n;zR>j1Xx+>=ol5K8YXCn;Q^ z!N9S`50UgXA5IQE`l5L6SwX;M9ya4h7~!}ng@FkQ*LWTrql|FV z(#i4QlMSuZG3^%!gbrzg-F3sV>!xpfxaxkuQS?h>xG7~v8FG<1{=*2Cj5f*p_rG<7~{#LxwTIQ8q4m5;mnU0i3$CaB@Tw4Ad8|7tC8XfrN0G zC`XcLV+T_$2wg~+Dwy)!m_3KBiaEe7nc8oNUezaQU}@c(Qf5K4tWoj6wIl+sk|`(e z;$sOB`fDr?Fd~F2--f+e0h=pAZc6>4DX=MJl8G*#!6Ky%WXRkGqmP*-)qhrQr7GhJ zlyiBpDQx-Bp3ut*c%Wcp#R{JK3QoL*g3J*&Bqhkl5-!*O>}`Be0UMM?P!ykSZtbGg zg7;Cyd5Kq+YZfpQT)%|#_=UGy!7Huit%D=@>fqaNt+7lHe9tAI;*uEAKvMgm5v&%uis#3opn)l1X=_A=vcSr9gzuyt<_^(e*VeT^jnP;#rlwTZ8{Fsj73za4L6{lxg$_~Ptr?OIl}lFLV2HbN17p_> zbC!}Ik2A}?A-v+NLhP=|TaE~xakNdVk6^)lgmOU|yosWAuPa=m-&PC2XhUIOU~E^w zn7cPS-nN0Tr69a;l`Yp(q^B!h8huD3^>jTD_YwuCkGa+{Bk5rNB_yIqlvR2bVIwyq z^iAdPfmr;i2s&2zK!hW!L$+m*^9%jjSH3K{EYJYl#QHP|;U>!f(vjOz624e$+Fb)d zM{G+mwjcz3{&uBO3_;&ZAhGRrdlrn%LJ0bc8RS~!P!WD|p)I;b>aJ9f0eHs&F5QYI z*rq`L@O?%6DlXZ&g5EU?nWF?G=KbUsx}roRlkt$SuA;X&%QwYVtd2NRc>8 zr{c;HJR!`CrUPSlOM{sQMQLRGifHxl^~VqA@763z)-hpb@1!43zK2my7+-X@I%rkI zY)nOV28atJXb@5VO0i}fMJN+Vhh&C5uDZPFyy!w?B)J{qoMj}ia4-?1FAD2kPHbWY zEJBc>inkxgG!D7_AYTyErAqyvMwHPcFk;W4A>*hmgnWqSq3ROOH!q|O%-sr@!YKz1 zGw0=4b>Rm-#yg6GfsEfauy-`<%@So+WK&VcZdJZ?7S8Q8J3uf{5f3BIucqjF(~P!V zh!b4!99R&xbkyI=!djRWPEyj+{8g^9)U6<)hJIY3`{HyEW+_gm&YKe&>ja?i?2W6z zsYni*(11a3+K{Hc%)SzZ6CLE7%WF8F@3XwJ6gL2>u;Arlh%+1W@}+Ghz3AZ1ZjtI| zOGyJk$8%b8mMbs&2_&1@^g2o$nm#5Tvs+{uOs;uLhOR)G6FEHyF_QK`i;+w%i&kf~ zBlB{A{VNg&m-1w)cpLq^ngp&RS~gfSICd&EV6QWsKKM>|#M zu1c-v!Yw97g+;bXt4^dyq+0 zXiOFsMQz(DO3LR!muhRm3T8H#C)QcAN$Mz&%{dzFJ6Ng6(Xy?>xiOQnu;R(Law zRxc+aZtp4o`(u32ypNPs@1&fX(NdO)<6>=t z8}>Pu_?w;1R&6KFQDx3g48wRd9kr!MWbFp;cyV<8zK`}#4$;Bs$>H(E@##q)ULSqv zA8nxXqqFnV!w(1i>kVjic-+4@KYsmze**xz9y%moT<|mMH6%7oIin_GW3CcUAX5@V zJEs#NPjv=GeG$CDWr9vqu%U{S#{n0e#;Sx=Ji{;+4@>(h;dPfQ+%zAJ(M$1kD`eVS zF5*Sg5@J40rfE1DXNca!Bt^nm9cEL=azWGZ4;W9CHLvI)GBz+YN^zX2Xa~6t76N31 zBXk6yOGxCgwBSVWBS2ADh;%O!49&(wA{cVfJC-@SQW|ZDhjuc93?RM1X9EwjAU~iF zl{q9N*-%9j;Y<$bp*J!JGs)A0GQ!NN>J3+W)Ra(~FcpSY!!^;B-jH-dI_fwQVJ!Z= z0R{n*m8V&N5_JYyM-LFZ*-oD!xWhHGd*VloW<5JxU_ z3s1Ae8?2}&4+Y5H`MgrLid^z&kxCXB|Ju+6=Ec!$AMfg4#74K#tLnfj@nIR6%3+Th%j6QHji>SN6p6nBeh z7Wzc9H(9wp5Q$h2&N2)sLS(EM$5w(^H7|mkmow71+D{S^2jMLmkci%_nN>I>X?QKF z9PtHV%_0TxF{;-<&R#+iYoHJxfPzV5IEn!ugHwM>CxTb;p^)-MiHFmM8IS;CB5{OL zavj1}ZrEn{1|kt2&{X|JQ?jKl5kd#DI6ov5>EZiWBflj!gxTZE8 z^0*AK4?<$Yl975*OGxq6A#`YV{eZJ_DdQ`5ym$umk+sIt3#fE`DN8jT9GJ5wK*KV2 zT`eih3TL7hO>2?guntAWxjv0?6e+gN^1&p`B=b;u2T&JaF5VZ%2EDyQdQMFVOUQf8mgx|I+c~9i=x^{{7~lx#=qBa; zVo*NvSfvc(r@&rxVit<8Q^w3;f%Rt_Gewc+UG^9>ws1ld8TS%}EMptC$kM8i2%=^- z3l~=-T-5*>DO-r`=aNroD_YmG7k$HGBMucSrYm=%~>=>6P#WNAC%UPl*&a|IEtks74`@gwvrM#vud8u3}IxSRj*k- z!Ug?WPg|Y9xhjvnfSf;03WJ(gSSj%daPq;_8OIz#Mt;vpoJCWSzCEErTyurjI(~u? zZF=Y}SF8B22YUKSvqJq`2-l3(8#C51v$-6s9S;ranaL6{WelADqh6UJ~F!s#5QVLVb64GER(vk(3%TSGX4^eoZrKf*S$7kUF#j2toHX25jlj~nbxIj)iRAWh zHJo$(NhZ4&g}iTA9%g*15gF-pkP3OD6BM}OECvTMK_Jegscqo+W^<-$T53Ngps8kX zyBSXll&DlDWsJ&`q6`gl#-zwoT9uFvDy&M;3T8@SgX>R8e0p_d;ln_%f-Mi76WcT7 z!O#;tHJq);g&<~xxrY8cEf2PYtBvq>bVF6=f&Wu2kzKPH$=V8)oNU9GLa-o)v?hdP zg={f~ckMN_U9~1=nzIazIKCV`VQ-|w50j8^re&+X+B)Q)(nPV2)wXx+I}oF4%z-tg zaNHPGn%hz84TFzUPC_Z2gfXWRVLdWycqhXthbhz9m@H84$i6jlN-`YA8%l4sOn9&k z;%RAe*1&o|Ll7HqVXvj*hNSKd&K3j0^`;F=nE(>a%yE-*6E27fe2Og9)!YR4R4@QJ znQzdAz=AI&OoJAmT-n^ISCtL z^;sA=qyzR8jv>K!9OM(7&BLY`#aM*>r?#`m(_n$E2l$nT3A|MzsR;yD7wJzdOx?Xj z9v|BB<{1P^w^fc5)>^kuCqk9xbmX{Yw53w81e^`o24hFPg$7&IXo1W_ zA4K9LzG*7CX*3lOtqT(E-K$-l<{Lb0`rcG5kQUQ2}v0Vh`0#i$H3YWIgrpUgo89A z#v~f0L=gT|o)ECe$Sv_L77vV9FNi7qSF%0iUBHfqE|dboWJ*G%N9!z6pmN)9;$>hd zAPpq}B+J4R!Yqx3ZRjM%@=uc^G#tpS&_+i%3d{akb(++^Noi0a0>nz~dgw4@U^)0*&fmDhyb# zyt#>G*Z}Mz7%#>PwqZ6*o_%IeUFEnE?2n5ks@*!wn7g@a2y(EX=6)X?_nYYTe*d_y z7We1liyuxuT%e!#&(HTyE{>1-==9vamOp)i_D_C6KOUbPZXgnh8{peSR76%YfdpA3 zu-v5P1c9FvD?T+vH)5&4AWF+DmJZRy@x{BN4RmsP(mFnQbAEjC_UQf5$;AeGe{_EE z!~V&|{_Ep+#}~f<3B5VKI63Nz@PT~^<81%@;`rdhyZv)?_Tl{Ow0|U|t+*|WNW^V5 zme80%k}U``CBiCn$pt4#N|Q9?>N!kU)qMc^GaT3QmkMtqWBCMZ6~(SY2ArKyKh$Qj zVCwRo6}++bMQhoZ6}0!lL+|vG@=otUJP0GWJU`}=7m;fci>J~8Moduz&dzL1XgalA zE$SvKgTPheGKk423P&XN$=Zg#?cQ))x!UtHm)=)}qQFo}L#a$E(kW;GT~7peY)tEsI3nWa$wQ5yTTba((!`w+aa`!2yu$&p6q_*bgE5iMUGO z3XJgSh7e{7Koy796{iqR#hp2q;#yX-Jj#lOF05v*c}y<831hjL7GJeJ2CFmg#1&S2 z+7T55JEAnW2_xHgc!gL-lLU{*2IvHNCZFc!sgOoE8s@Q4Za@fDM1nwpkkoh9LkvvV z+6K@eSI~=&I0-{L({XSe!X>FpeM}h(mK5vALtFYgoG)n7Yx?Z0&M07 z5iN0K-G*qLTV9KR6IXuC8L45TfG=n|<`%_pbmJ+q$Uyppxy=*~1%KuTUYvJWo1tEt zfDB0-h#q4a1r@GyoKAofDdk$PqB+ianwr}(={d%X5hxKRov0gSzwuxyl?^kYDPIAz zrdpZ5v8d5f8#OM1fR9cNxm>LZgM;7q&(4lc4v+t}$F~r?1xXT3W%z;}y2pP5RBrTL z5<=)=!44ZTjKcLMD7Bh~5lKZh6k*M6*cCNM6fi_$KccdT;~>TU70DQCe)`-rMoNTz zCGDn)n1HKFtIx8eJ+vyacuJ>@bw(BNZ`Kf4>tLpuimnDI!Dtu!?*e( z6pVU-fQNo22uF;X!bkGLKpAb21r6wiF;OWB%q}9z;7Vbvu2u)cgsi{~slo(mm^PC% z1jjY!!A&kJ+?!7s`~q*+F$?v5yj(eT@2cH1#>s(Ge;i&bPH8R^KTW68>1Xsw)pRS| zvVMlWWC*m2n@LdKaQ_jw_wGS;~T5$6akq@ma89x~>vVS6c^^-}1C%xO@kf!|a8R*E+) zTb~dI1x4gChq14d8le%rCTU!Z?33OSqp!2_yu2?Tz5evM?`MJde_h7%u4BxM|KHr+ z+1}nN#{X~a?mor;KgQ=7`sbUJx*6D@-ot?|cYT%;;D0R42t$V?!(qf4jdk>+NiyB_ zx|`oN)*UcsDMcAXBq~?buOkBY6T)lERc2G0fpcW>q{^oghyI2sAuRyZ7H`l1HH`?k zo@C{WFp5w>T^(hw0r^UcDLGnaDQ(+-9|a=<@q?%Re*55v>zOL61myn|wa?cKFl;|E z(@zOaWsy>835n&Zk7Mw1i%Z2dw7!0FdU3S3z78R7RvAQ7Ttp`TUbf((XW^@Aq2b6$ z$gL|afHRfcf=*IOUZPTu|Em7s+~t^kG?~Y}kU|}?wohX&&RJVJ^;k=0APnPCTR!-c zTYD_#s+Ld_;WLr@jsJN78F~bfntb4m#%u8$J2VgkWt&1EYy(t|SPE+_)4u&`gB`nI z&Ab4D4~@K#u4(01fR92FXN|_?<>dggal?H+=u6NN693+F!C4(-z2D2rOEGV`B62A% zsG6YA0wvk&G^>!pRVbWxR*cI%7d2J4rqxo=>@?Y}7Wh~b?7Qi+1-flGrS=Im$o55Y zS2qu-O-eZvB*bpw;#^;xxV+kS$1*2D-&tf6Hm_1c#RkFRyX*6n}N+Xy_ss*vfvuTea6by%W#Sp{$2%Z>!^^Sos=FO2 zcg>kB3g<8+gqk($WU{B$(Uv7hP=RvXnlmKyicCq9BqDb3ghmCV3glWS$oFUHy+&8( z2XNQDfef5IPyyt;WEQ_Y)Z6KFjM%rgazZ9lCRjN*`(ScjG%gB^)h^~oCn}?QIS*8x zLd^^L`h@Q?WL<{3BqBqLn=5TY+7!HjWqu%6(I6u87gU&#uYkeXN&+q^_>PN$hU0KF zj;8DDMMH-PzQv(X!}EtZ2o&))MuqD|kZ;PGgpIuC2-n~6HC8LAb1^|clDI|}Bd^S*v@ zYQ|Naw>x#6@1T2eB?tI-AY4UU(kSLuG?wIT(A`bUHLuawkGMKF8cQdQExGvI4R4SK zRfH4C0}NK!4W4e)yLhBx(;DPqlsOfo8jDttQa8{tz5N8L#EVcb<G|LUMwFNWgEhp}rD}Zi>svuf-;a99AXWN9F0ZN`ZsErW1Kb zD$2p>rIM;)bQ5w#7S05hu`$F^N@=*nwwzzQX&)H& z^ldgK-)eYk4MFhAQzL9zsSfF~@CtSQ+YMIn9*&k_)e?Y$^s;UdW=xt>@}|?(o0Xp6 zfj+6#WI0@DW5#(GhjhsgNlUo3E_E_sFvrEiJ^6?V3uY&NmY!Ki1`xo_G#D)>Z~Bc3 z?dCpt)0eJm&XwQ{`BBa?sA4N|a$LQQ7V67FoK|OH1@ohLe8vG?p1kRQJU+W@w9tXb zDvi-4M^Nf&oF4Mz(y16PuIm9Px#i@nJL3zJtXpTsJBM*jxr%Gh{@K8S;*s|SIf zR(f!)U=O|LcGU_XP)@*%D$7fWIe1N^1f{x$Ha>eLJM%5w#ptVw|nxWNs0G?jPddhQ`Z*w1qD zjHGJ$#G!&<4-xyVUa?v^Ffn3Kok*UzfIxJ#4wv-D1Scp6*%e#UhXRVDsve9+B6hyu z+Vh0tL1ak~Z#75?ulj`zCacVdGL=dQRZODo;K!LIxD~ktyV1ZhK;}80(^RZFSlGa% zFoL3NVh}+)vN5o}KqLSao&r8av^vBr6SGB8ctudZf5`POXGzhc3hCbSs zD6jDwWF*eOTh_M-P*kXqwV{>D1o*gnQ|kwKb~kVcIkj`tB|!@=d-l*|+JZ%F@xCo3 z5ry)si7^wMp;XA8Rj?kD37%kQOE7mcbmBtnvb2 z4`pdi8p?I4kS$%X%)oT1%exs~%W4ymxMtNV6(x6Fkyff2)jb#=QdzF7=_-5!0I7Ul#IwW z;GzN)Z~)0W(bY&D@|-lPwEB6`HQe6*;_J4(U9wme>vvhC56I7mzm5TjHVpXAA}bh2 zcJ9KXSE9Y`>Ez(MD<2y_w>$0aPV;#G^yJ|9Z2r>47GgFCc%`6Q{lgY+CQpZ+v;TLASN2G1P`dKTVY74GIBMD( zYWnaF33Y_jncCZ=s~K0b6}jl*xSsMoMV$x%e13F5Fe-I?YNe{+eZr|E1If)so zV-keAa<9~N*HrKs-k?P=3PKutmCR}J&N(pfTFUIq9I&L6HC+B=WWIXkSQqv89u8h0 zh-M`9p@(c2bV@Ge6!#fmiADph;JEW-ZL!nKdKJ8nqpNng;P(3NF5Ba~Z4dVmYm01e zcV4{Rd(%8K`{ZH`-NQllZkeMDRN;)!?|h{Fy~S>U#(EC}I{He@{5&CzKjmrnBILd7bu$0Ud@Zz~&KEyNBny%Q#lRjiTc)b! z8UD<7ODZYWdXnPYxuUz`(LUh3>FM%+-nN=@MV!1nUU-#e+j_&Mxu(?WTC^owv4eJ& z(CbViCMTrRxxJI)v&O-3vz1fUD(l49J5uwRw$>pI9u=v*izIx25%PF#%MJL372+9A z)Atq&n5ke!%$gEpb!7C&t}&FUl37Dm7Y{als)4Op=VM!2VsbgzhIdy!f{XIrVdLOv z{%9B;ck6td)X|_OWjC*4wln$q?!L2!VH-VIjJR=JkHX4(<02YasostCK}UOh$ke;H z7d-FBUi`dr25(zY?m4k3du^TOMip2y$!mxga7REF0Z#tJXi($_&jpV>heSldc+3(~t3B7HRBCkPQ@dNe+^Rme+%$gd4*{-BX|cOi z>#d|(H?7pMndfK_tvvShTbqga{m=#n&BY>0oL9;^x^~vr(kIOzHL7R!Sml3gqz7?M zfG~>>iYSY=N-h^j4G_Pp+4BQO;3A0p9aXkM$ANO4+##1+l@Uv*PZKJ~01e*xW-5eW zvRND`Iv(%Xivdm3QUi9s7Kxl?`>OHGwA~>$wZC+LGn$imchUL!j6*{ZvWj*mM%UL` zl(kTM^%CJ%c9Zp955UaUQ3!{Ajfx0ePJS9UKW7-Sj&SaOS3Bc6Ke~N?-*!p^9eI4$w z(3Vh8J|k}8@KaY$ZK9qipa5$3-pU;O)%tn`&J|Tndzq(W0`AW4ZiJ9s>atH0Eyuc^ zn@KQYUeU_AVABeE8IYq!`>ffLs?_evDj%~*h>*mRP;JPr$@b&53IJ+AmA~r`Ia&Fb zmi%Pa3d{(6Te2mVa9BEvhr1L`nO%qGEu$tHAw&Qr!6gf)Y5Yb%vx!(q9W$dpqLF%W z{~HNEy9Z|2hXrwlf4KP_5n8r~k$t|E2GVStN;0ZA%)_8hM$?)O&Zx-^w-yEoi)px< zwy-;Yil`>;XL{hy2x_>^-7O}G70DE7xPv|wY=fkVu}=AIlwNC!aLk2!K1pQBJ`Kag z?qXjN<$8D?!~iucNhYZi1r4w0R2X;b?!s%O>*)nM5i+d0t3~I-lOKDeYr+>>gAT*-omMeDU)fG>iK`Qhqu) zI9}vH(dCLaYAxftZPiM`yB4)CdWxG~e9klcRsz4T^IP`tE~mGyzdLV2+{ekSro&%+ zZktJQ`&0XDnZvYT5!~^3o*~COAI@m;3jUO}O%h`rN?Xz1>kfK>dZm*4ezpQxRl9Jx z(P?eN4!8{x1fn)3Og;Ov!QNpIvHL)xSR?{>>v3oJ%l4B$u2}p(kLPSuT0(e11%OqU zmX=LcuV*qPXID9%eSex zU0iViSwchU)2<3_W#Lq}0Vb6!u8$pYyuN;Lbb8V{YaE~LIM2ioE@`&{-u`GqS3wm} zE`-B6M7W2qP*4`Okha0Oe#<5!@dM?Zt`KmXwEt#c6$(Z6)!blY%h~(EqABidgY+ue zo=C0S3dTP|Q`Sl6f(TYoZ&E@B(l;$-TnyD@jJ-TZUHA7MaAWGl6$z~>#nDjIzN&j z_c3H8WS2Bb6zF__P`@dtguG0AMF5;4<2#6jn6F}ZQVsQjv9Z0W2b9;sWEv0y2#ix>KvVaYHLqeYHSEUI0C))4zYM6;iMI!Y$E4M4pOMDtfmg|R zC_+CV;h+JxFIaRIQWo6IL9!NBhcX2A`FMH~H7{8_Z7YZXow8L70U|WAoTu^105)Z{ zGgvD`&FD-j6NSA5s1KElD|FGrisBz__39sQ*wi+-D;PRQ2Q@+blW2V@vC*^s-9*4e?!#@^XU z>wV|-$x*Y;lD=JUGUm3qOTlz_*=Q~!Nqj!br_MGGV@pw&_j54z8@gv#T#HhqDci2p z$nU@ls%#n_UCeVBCS=gh4cSMA9vjljfKTELWIywkmgx@6Mi6D%pCTD;RM3KB#a3wu z7lgjOV4#yDXo{8y(r&AVq;3&y?La?9Kv!Zr$ftKG90)}a6cH?+lW7r3*`i@m`14NL zUYVcAJ1Y1GL!)bJO{GBmsI+!Swh*XcAO>@7>VJ?4;pQ+SmMytZ?{4LQL%nUT2ZpWl_OZvk@%f+VD%?3&8 zMfvd){GoVqzBNquc@)W!zm!uY%O`>`IbeRu^Bps?kR+z(fVa*l1YNu3>~88`mhYp5 zWLeM~$+E6cD{8p3@j@ZWg`NfI`041E3?}UQx`U|!ilmj^fzTeG;PVjT5&Pum1!z&= zJy#=3x#U@_Jo@SAmq*xCrJ}-_C3iuT1%+H{cSO9R8AwjQkFE_OXcAADsd0tl-YZ@nH_501O%{5Pt1L_(>X8A>0PBl=YXTZWpw_A)`COaw1 zcDr5Ui`5_U0MpvYUn)*4r&>A15uB29=)&)P9zp&XjS;J2J4nKLxMqQAYFI>_rO3v> zw6qtIurY#QTI27a8$l*Mgwjie;6TTy_FoM1@MO0?~fLpq827UxEZ(`-=RH|L{VQt3=Hb;_yi{P_Fmx+bex z=+Q6qrE8qU;iCR1i1P19=9Z@7n`No4yi>>N6Oyx_G`Lz?F;B$`U|Jf``>kNHctj)r z(W{tG#^M2dK_egkS!*#+LNJJ9AE$9cQkCUm{E@AZ!6fjR2L=Rnfx*7jByXZ-DRl}o zNx6>WeJJQhH|sI(V`M;~i4{@!+)6Y8=06KCco30J%e| z>(x|mQ`S}6X#8{6I2`R$8c;I{oU)7v0CPRjloq}tNa^2Q9 zr@w%2O*_N6y{HY->K3o&H%72p2ax(T7|9J2?11Q`g#?`M^+@+v$giwb?#2ROoWP#8 zOccZhjHWfcVQ0Cl=#n#8G|2;$iADPnJg<-<&dZBu!ZVCHMNa1Qr7_(PG9LWrq)^KG zm`goXOuPDpaH$RE^Sl&pW! zeYIGAd=vo?f?4gm8Gh~}Upv>2_V-yTPGjNxK{~EqBs2;7Mu}KoSFv_!Nh`7qo`e+2 zqXFO1&usH)rD^t!YZ55m%o}*5JDS$)W$pL68))@1fRC_5^c=LB*OnR{k+-cw4MSPb zpuWB61c(}`QYF{Gj8mAz2_6~?Y~<++XhC#kX_^on32BJIMb5GblXT03)J?B{8ZOcxMH&=GLw~(%4TT5s`+Sm+0MY1k zFUw!4X?+6jU;8f*xN@19T{L^8+7NMN&(irv*VogjxxVgI+C|v1He9tm3-1_|s`rew z%5%8dr?@88RGR={k zUqHe~eVWw6pm*za_`m|-$vL;#od&0L+1$~zpsVPzwalt^0tjOU4?uh9Be+`~UHCyv zYGVSy&AI)*eo5nc`aEj?l8WR9()aIDpM3KTxf-y9)K2cwOno#Jf4~!21cv0=@AQ(^ zo_br}lP&Lenr1@#T_r&41yK^yDa>G~Ti8M!TbS2+wPY8CYNZ=!pN~8!;mPfB<_3z} zUF)!5xBI_uJ5)YYC8+tBVoaapCo%1Z=^ka!q_Pz_l=FLP=_|l#P*b8r<sOVnHpX7YoQQfQ%wO{BjaDt(%aGF&JnZ)4^`4Q)pysF8Gq`qi3 zTk@OKeDk9--Ixel$=o%ZWn-#^>jtS?RTn{UV@l7G~GkCx}y>MhRO ztpnDekcqCq4@NbA^CeO8O# zd_#yoz8KWxKWf)Ase7_?e=N(?ufKcNdG-W5RU1T;`a1EdgveQboy4@6Mo7I=YY3hJ z_0wc#v4KSametN(Ce42VWNuAOMPu5qVq4A$ruZn!vIU4R=tS7ftlF+hrtOCBnG{pm z(hflTIA%5D1)uYx*FKMkMPQurL9MYY@H$4WxT!9-)!oSXHb5Z6Wk9VH2Q4w83#*7x zU*4y>&Vi|-b#iBdJ;XCVmmJ}@y51?_fEc{Ujjftp_<~J=(eh%N z&xPAH6=d7yA*Y;;I9#0NI7E))FoV`p91(M7;zlx0b>4qlu*~a*1~PL(we&qBW`jT^ zD&-AkgMsUoUZ*-&@pux3_`7>6!^a;oj)O}%#dULTqGKIVQn4dkvJ5N`@sdz+k%qgl z+L-$_1FTh-EY^UnnqsG>8_y&1IF?>(br*95VSdaf4`VjKZyuH`ZXfC!!o*Y{wVL`3 zU#fS1l+rW>)wj>nV)_wH6@*u$^jEV9;ICu(xAij{(I8a6!QW_42e*24Lg5fuB7xws z?()V)5c%mORG2ej*Y5Lejf{tUFkmqefzSFhc9N{CS5J}g7lFe}6$h=H1|ewNd?HB5 z2Wqa`YZ=h|z|UUik=4ifY``l>?4_OP%mg$cdSmYAjKc%imVE(9N{<^y&Gu+~q(I%p>_J^#0 z0S+>J#L%(OIJKvlUgQ;%sSrC;u7|1D#W=vk(37!(V+o>^S>@Q63y1BFu|4Nf0$ zrd-w@JjjiuS}h9GLo&Z_vvRM*#z0 zWJC%?r3a;rKNXHkJ6CPNp;0la*;Cj-u~M$>pefrEhsSw#v++TJP&?-$qu{f1RCFD} z;tPphi=xC8KPxkpRJL@^;~A9|tUNr@Nrs2lmlv#J?(+%OnbL|_P4{=qVjc8g<~Ei| zy>lG^K^5YxJ#jDCH1iW)OZD&IK0s_lKdm#-gsK$OnJJD1Hq0=Az;a8VJmv8+6KPiG zbjog*@#BK>Za0u*0sl_cB`X|s{)8*-Y}sz)bWS!`>(e+@n^m7K?XZ)DhT9G}0XWq1 zkr$I57MxKgX4F54!l_DED*yaik8CT49C;1VeRnWoY9eK$;0 z_Tn_041!2wBH2&qMSItWlKO>!_Bpj1?i#f*)DUa4wzRAj1k7OfNnDPZodZo_XQnr` zwnbP3(I8~X@e>*_>TW59Kz|rqvKkM4^R_G;-wajaB=mK!gg1yezjW^8yN-|YJg)Hj zg7C6A++MNXkn;AKMjVQ$Sf(jynWP)=h(7B+}+=7_=gXbWvpr(~-A3~-u1%yf(s_)YZR45Qc^jReD z%Nsf06Wu6gI}E49pGI_~5?^YJG9L`DM!!9uM4;)24I;P+&)1GTP!qwZOykkRG!tja zm4-Le&x!`6k4cRPWAG7(7-RhveSzFaHL9D8!*046$#M0>P=TmGUXM-^j75h=ekX~8 z{)MPN06+U$GGw)69M*JS)=aOY+7yh&Hj;WwuM{I$+P1sA8Aj$sbPFt>NBdnd>3lf!0} z^g}AdZnZ!3{@}vXH2OSd-X2DdG*nHeJ!q3feJ-1v(S|DG9nvYEBtI*U>?VGjYY|!v zp{Q<@#{OZoJ>f zud83z9&h$PZhzYO`ta8^^7V)bK?m&X=*POQRK#r^8Oh0}u6phaLS2u-^NRg-h;~&R z8T%;8iyXMcooKguaQyNl1zFDxbuDJ+a?z%vU3a-by3b2lk+Ns~Fc=Hw{mznP9zQ=f zTF3Xt&yOyKmJ*rV#PGs0=8zed#z_qnEHO-%1>iJRbr!~vK~<1-5a5EyI@QWTA^x^v zoG$Q^82^zjQybB-Y+urJy)SMQcK?X`zX&F0-B9QkOGta~p8UoW#*iWj)o-GM?tzxQ%!$DIy{S>)7>X z!dN)Xfj-eKo<`luI)Q12Sx3{_Jd&z@enh$^`FA%zb!BU9mH*#4^sba)gZUbKshgdc zvhE%qtB5ZL6hxn~K?0}(V-}l4F$QgDWe#eOI`x~7qAd{cMsRl6hDX2#YEpeBMFc7T zMdctOug}g-+e**mqtPS^6wPtW6W-^cf^&$cW7#p3%UMh#0ny2abjsp1?r8PwuYQ2gt&=8>(Idf+`L(huiQE*C9l?0zu=f*tWl4L$P326Lej{Tg3)CP9~v%aC8Wq)_yh6q3-N=#=MmmJ^hRt2aP~P7W{=y zlDN-mQECM}359K0J43UPI;tes_QcpoHy-&@HerfY6n8JLQWgxO@qa@>eoR84EPv)P zTeh^@r(Qo!NDTmm`_xm9_ud6ld#W7dm}yI%iaK>BvgHUQB@TsgmFzX%uxU>Ists+6 zpE(NXIly9=*i^Z2sMEx&tOE``*+IlQ=cJMAnMZ767EkDwbIxNTCOyIan8?Ma8W3bP z;e=lDz@O87gQsQFU%TTx(b|eV*V~reJ2##cLUNt7=Uf()Lr$F@qe=G8rJe|_H~XAZ zi){{7F_D-_a|8xaIHO}4W?meL;Nb-R0INy!@XcZuEzPL9X3YVo%H6hfb;oB{iCFeA zpFb6Sp$Jp@jK!lMl2fqVK9pM&{?tYo zhE*F}W6hHrdN2cpOYL8Be#+MP`FY5x!9{R@IzrH7__+#}l$&q!dPg~THhylC#@>;; z{Un_Dyr^CIch70p&7}{he>B<9rZgRm<5;+;tIY}#mY@QtcN>UuRGXU!6-Q<|5#`OT zFK@07J?@AgU|qsWMryzRA69PQ96u|xZ#o$Kq` z_4W1j&b9jNSTe0&+n?&~=t`BEMSe{yusftG`+m#TWG}$(s+tki&%4-WjQO3GUJCAY zcG#B7X223Olv`Hx$e@5Bl$Z_-)#x%Cda4SB5%&PGjt?d_BmrC@qinOIX{k7B6OjV7$0 z0HTtW2}MdGeLB*H1Q>>$MYMZ+SmnQ!Za=2Uu%7UG5(-a#p|pJaYoq2LSOK2O$rce6 zHwX=RG)R>#p9zTA(#uh7Xr}EWRj+l`H4TkuXV)xxFezJ_a`!lgb-7VUMn|rxXG&G4 zU{&kZiW)IJ(uIyx-WG$e7@V8Jsb#<>He0?8Dy&|LOa_{Co~!rV?0mC3lY~}RY_FTld^2a7)BBkcC^!?0IFudF0A?%4T3{PR zE*v2woLuqv0^jbG3wcYsfTw`nEjH#NK*%7P3>9{_PAYD-M@6=kCF8AM;cf8|*xZ=^ zNG_d6HVh#ZkLV+$@krBHE7+-waU~0k7|820;9;8uV=b5LIi{=_FHj}fDLQqWv8$2M zRQ}UbL!i&N?2J_;Guq2JkNXU?hM1vE(3!!-mBul@p4NKYpVmb1r=0Vf^NYuf`n4n& zF+Pzro^38rM_!SN>bPZf3-C6zV;$Cr?NLm?S%5W_VmE!Nh}l&fB#iv0zIyq1t)B1; z7CHFWbvh2}7(!5wCSh2=e2k@jC~jf(!+(CQ|F*tXU-j14N?TfaTwmF$uWbJ?m;aJ6 zFuOo4ySr8M)1+!^1P@~knU`5!?e>Y@Q)6}N!|`$*)9IQ86ri1~3_xXiH?bz;1}08H zuto=e4>z3W7Roe!lipZ7Z?Vm|bVA%|N)Q4v?~JJsogt%A90V?zEdC)=MzAC;LVl@% z(YJP@k~-C1P{C?%i^Zwhjg_M5OJxEzCe`z(|ciPR?yJidibFkO!*pxH1?0FGWQW$?r z#zga6a=e{;%Y+p>6W6hL zE!uIQK3t=GvoWc=|2aHAj6?Y=k9B93-KA7xYMW~1+PlRrl`>T~o0Su)`Wg1DG9RLp zmoh_!bD7d`gL3U39KUKc+ihpEXVmx-b&!i64OYWv$z9pJQ()&gY_I^Nul6&Q>X#iOV4_-Q6}?tbFbArQ^s=VDDJUg z5cz~g2%iMDTx|i=&one<#vPuzMK;i|5eVbms13sE`5Er%=P{2GV_-J4_jr`VJPc(s zJl2_&B{lu@wZ8sK?In+|XzVk;w!XejP#aOePNQHjOw22idXQaTe>f4Wc5bSvDga~s zaD83B_aNZbRUjA+tGUjf2VsaSjtiy9OGP(f`r7Z&w@)GAB`~b3Z%x7m}fs8 zYg3z>#c|%whp2vfo3YJj?l16e&+6IYf+aP}YZXU8zqFT&4kizeGdWI+dA%o+g+0)G z^xf1ksgJ-yPjo38sXwIgc+In8Zj%^|&mvMh7j|vC--u4mI{yNqp9&S0AYz$}aK?JKI3`8PaFeLf4 zmD#PpeHov;C_V-UvGJZzf~Zt(%+7dfa>eS;jis{eGjwK>y|6zwr0k<$y-R;5HubycsqcWO}U7;rLkxp zigG(p#eh}Z5bt)e<+w-tmLzTd@-l6`XzZol1O*Z$%gGdo$2?>n+`zjQ@s_@l7l_XE z;lpop>68;k|6LDev=q{VR5ZkU6EW@a>!mr!6Hn;CT1N>Tlu=EI zZ+Y9Bx9K|&ckW(h9_OYJ%)@*OPW`2L$Prg6|DK$sU6+Wu-VmI@*~H0djvFb9g_y_@ zN7>6=>QrUFGQ>^nD{f+#<|!+MgY#paoW@MB4D*W71D480Zkg>;5@!ZhK&8Pa zK}6aKP1yM)Y_o*i%x8K5j(ch7oU*>DRUw>nC)>GKNA0l}ZtksTjW3uC3tRl~Ke3XVQrx zs9+vyx)}MdouNSKRqmH=9w?ZCnOsjEQ4cDTuO3f^7g`r;wQ4?MNV;Fd3!HVpQ@rsc2yybWxQCdVPKWgdCrot*^r#17C*x3U*Z*k*&?gPu4yMrxu4r zOy8Z`#q64MxYYx;Ah$*1doO&1!6l2B5T`NkF^wsoy^!j3*19km%hJUJX1p`ZAwH(b zu*7^r4qeKx&(2QCE0&;h%#7|5(yik(1-I49tvZ4Y*N2RTlH44g)Wvk4g>>3xeIEI! zn8OzuoH!$vK;LKK<>iKKeYbhL(HOHh;C@P0_vtmiBK$mI;FP4}mjRwSJ1jS3tBm$M z;>wLVL;Z#TdO=D|788U|3hfBDCN3rrX?!+}nHciW*Y=j9APPnk09+ERKS_d1MpRj) zwOX91Tt1P!G{(%=1a%_@q9H-tA%9K7 zo~>>_CPQ`&ukf^=uvn~lWDh;pQj|FKap7YY2@%RO*e5kvYx{B6Bapp>fS-b-83?N) zoXkAxqrTXO6BKmhv9EsbJI})f>(ar!Q-k5~qzSQK>7rP~RGS|G%!&fd-Q&AEVER544#PQ5Z zuk%RSBW(@jX~ARS7L|;{?%eBfk+NKzDXeQV*Mvj{EG=fT^1%*@Xr7s!wEee$9940G zPK@4?VSx&HB8UbU5r|%257MvYxA1>vm`A+uqHsf6y42^tBxD#Wyd`8V32}xy=aw+*k}zK!Mc0JSc1y?*FT5sv zwp&7mc;PkSuec>-_$s_6{3W*p%pJD>;uPTal7NYmNTD`%%}AlC+s%tsfWlYzd*0Zz zgD%ghs^F1*fVe}uyLLv7*@&w+8rloOAeowux~*Y{wZ4y_9MP2Qzo^A5gzt(sb`_b4 zah@vG_y)mjr)!ouA}<-8NNz;0PsS|TGa1|+f5#(w4P!>ph|SN5)UvI7@A>3Y+7iD1 z0_`E+Z5EKvqiEVx4^;*#M397w!FXyvWC2ZlH72Ww93BWldw_$*)-X#}JYb3SD+n^c z?AY1y#ceQusWOQni_HN!eaTcXf;+>C1l1^6`G$12pQX-HGl=F-nKEknNa3+TTFe`x z@=A|>!0R*5Ag~s`yjvyR3?KH{aznaRNIzPbn6$bO8`&<;WuxdYUC7mUHXF**D}BGlUS?S~@E!Gq!%RDU<5R#gMF4>(w<9Kxm_-Zt0khDfweU zLu^I|;<}`fKP$>`Bj1{R^2*xlQt{ZQ3EdCkb&wx)U}?$06K$q^7JE<+BRqAMP7@5| zQtNbSK4RuiBA-T%vwjI5Y1v{vwr5Z4nS4a&B5O3fA;&M<1XHk*gVS;WEb^I4d`RV} z9_hFVBo1aH17Ka;>$)s-$DR-A3);V!j1_q#-h;1Zke9@<&@A$EiTgO4t?OrFe#e1$ zslrrZ49HSO<_&G2Jh#`gDc7_><`VDIG3^J*)F_Qo=HT|F5B`#FKi-_H4a_7imunkV zEAF2Kilch8wbvo;+~5LX#kN@|w5`kN9b>WhirMPqC5w^?4ZUbG>aqCbTwaZ-dP{Ap z9|``5{#fucQSlXvMXi+)A8m7@-Tfyc<|F0~ypRdDc^Uo)Omvpk5F zpd3Kve6>z;l(T`6fj@ssUV?aoWwb$`SiV`Yvw=oC_uLfIF|yl!-j!dJX` zqurD@IngZ}ZMf(OOk)amN}n@9BAysEKlL;8ZZQGrm1u9f6E77;HIQZ@%` z^eP)PG@k)y)t51#3l%URb$)G+_jzB)W<5Hhe{z5vtm9K`Sck`gq&|r2F^zn=;z!{k z{KagL57*1`hlL6SH1o3veIByh6R@Fw&^RKpMA;B6`__~r?`#h_@{OO{oyOi?v)%5z zX}<3q?B9F$ogJc(J|e4FY}_mT)DT)k-@+WSET;ELzxYK((J$PjoPxL9uk_qMkC_K$sKZdK{!Ku4oHbg*OL1ku_A!1{$L?F5~K{TcwUzTZBvd>^98d z*{qCC>T;)~1THP*=I1;CxpAaM=x$~VBBB=~fiR}+ zz-LWN+!gTX4VxbL`MJVO0Z{D^_91m=7*LU$po>y}!=|m0A7C+FuuKcHcI|IL|$ zhcmBd6T!eECF(QxxX*O)tzZV=iB6KCET~e<7;OD7)aMNOr3Z5&*lEn<@fk#e;-0>3 z9THWbi z;=hb}l!2Q_0RGZpRtk1M!@WQAoT<$+!pN#&uK+ zzL0q8V44d49*F1e7=^^MHw`l9PEp_+wjf-`=fLMEAYKf}@i`DU;zc1hJ_p7|j(8cU z#^*rM_?=$TlW`)v>rwXpk%_6Gmz4Z66502ndm^4i!TW;5`#ff+oQLRKpuiZ-0}mC` zs87Z*S5BFLF5IUPxRpa(LQKPug`{Q7$QP5 zOi1ddJWjMUGxWdTT;RQIG4ew$iplF-Mr3tNV}Sq!6my7apP97`TMOWntpHBhY?g$` zy4#phX}1qEG}TbdZqd^3^S%_;fS29_7N-PeLV2^u(UFV8b}s>fXjME9LbicVwgqgY ziK3kL=1eOU^s_K4CQ9g@nSn63tkJ-UzA=Vx*sBoHdl3YZw88wjpyBMxpUjJK{K;y} zLUu_N?qxGdSUipc!5)FJcTKfnc7QyFfEX5TErn0@?e=Ru1#as}De1ZK`=yeW)ZB>p z8`9m{-u`~Ut)#fG*9+6m#kVg`J4ZTE=~V+By^3j{oo3@BZcGMNIco>9jJ^x6s+;hd zy84z`4`-1FkSlThQJwKOfb54QjO`*=Xw7fWaHmt=~ch?x3f=EM%cb3ZH|IBoFdjOgxwN zldQ_^aVF00JmPN7GdqaEtUb&Ei>CjsN?+AAtB?A=!R5D-SOIK=m5VC#@IG_l6)ZNX z;s*U8q^P-ygCt=Q1TO~X&XUxrXO$0C5a}a>KwMWclw1bj1#U806jX=4(eaqkm|U{B zN0VTrt06F*n1m3SJfcx>&P0Oo!rcPSyQWo4UJXEqm_G=zY7F_6+%-dX$B*3zZ44G9n`Q)}I5E38EBK|7olW_@kApY&$h!>`JxMOMuOwDAQ9d&|-LgJb9 z4vVFBSSGW>te$7GYAljb!?3VSUX2X#!rT&i%+s79`Q#F});?|GnLGoU?!6@!D5E$N zr`_h^-d=v@kx!p~3d!H~?Wcr%!Q+oZ{=Qy+W|Oy{e;o4n_5NeX3r{3Ii(^Bs%_3hN z$2$8OmMEhL7t7_zO06!;cM`O{aEJJ;HyLa|KEn+X@dR?bUC}t&AS{k~yg~YLkZced zvN(ZEjcml??3QGhlr@*)aYO^Dn4McIaSzk=Y3jn-xZ?b`UXcUB1sh|hrAbs73RK)Wt8+7^5k)ARG7ugTI}#rz$++ab(;|)y z%d#mVE!L@9a2r?_5_&E}yzG_0C0>k#n=PxaWs4FoeI6+$?mm&+k$9mMvViz!5xbZp z_a(*t5BE}cwB!_5BVU7x-;0h2OP~Mmg$#-(VR#8v%+Z3BmNh`Xl~A6 z=`TXiv^h#bVMC+e5V-3p$TaX*wKF+s@H9NW$K1aKNVG*95y19zMkd!!0cl{4F=oo( z6NVH*H#L|@zPn^eb1f2YxKGsz+>Sj0;(88zYAK#TRzL5-;piE##L zz5Onkf_MSyHuB*N25h{;1(6OHATE^8b}3nK7{4Lir}GgF7a~40MgqAgvytBti+win ztfBlKEaY>Emzv4%!9Kny@w}1z9<1Xz;#V|CUh;TfJ=z!D3x1{ndfDoieX@#9AF?j^ z_4~a{Hqy1Z7Ze~q<{}xyO#Bg+s$P%)FzSa~?(3&mzWqOk;B%SI-jHPmzN_ zBq^}cjZF_9BXyC2CJP=VOSHKX;%=JzLgKne0r6gtM06C?(}oMF7ZXqDAmbC9BVP6% z3dFzno_Sl})qK_qXjI$Uti|)+hO?Zcf7)}=;lvDhDfCS_KGved-&!d|iit!1&Cf&p z)XEl8Ox$??XNfQRDJR~%PFUnKU+NKF2!~9=_hZm7yDmHUE1~#vMhex3>kmuL_yvjQ zfD9bsBYNGj9fMLhnH$pGdRm_OKS#X~>e-E}#lS%aHtclVZCPBEmhL%e{n6C4Jv zy$c=sS>pON#f@nynQ^5C&!loQYC7g^$W z*E8l4xB8tSes?`1OB@q|c@g(nn}y&UUZiO_s~i%7f&0EtRouc0c%ziCk;V!XRw`q| zL=oH*8wn3tOv@Z2OWClh*=)>r1J3ONA-!bFj0se@=OIBRmKYI>iF+FmWMYZ&u$Z{p za2RLV0{Ccbsi~hl%#IB2_p28F-3`(mP1PSfru~qi-{wfjFW1UfuFHcT2bYCD4MkjF zVFI~6x;!3OhqO+`|8HA|g_RclWOxt@_uOQTD{c9fJd`AhE8?L< z54<}MXj2m)4==JHIA+M9tMT$PQn?o%E-WODMR;&hf8U)4EokGSJYy_AmmCZaD2v5- zxMw*`;?OhQDwe|}4ogLFZ#<;aVLlHT5!{A{h$UA%zCd4GFP~fThP+^XK4NeUF}`!h zSPQ+SwA1~}EyHSXscWRm-99sk|65wN#yGaYbE@#EPJ=(k57^TUy46INpcJVf9FBSdW!vNq4!)E`*yR4zd$I0|%*V zOf)_zU_P&B<%E{VqfrjjT1DFq30Wjk((D<-n{`{>=Xgq+d&T>I?0V6BGq|9BfQhD%zycO(x5|S{8 zE<~je!ld|H8`z}sufO5PR=j@i$0|FvGbAl0^%!;<^XuuJJ!$=H}+JCr|#R za?fS{yY+N)>+!#~w!eL{z5VRz*0)dowfT7a+s9A;MK(Ws@Bj6$e@#R}<9}`5nO3%Q z|0SOX+|K zdE`rZrs>c4Io`=))w?nD4zU5GuAv1SG8#vO_V^?*oWaPvIynA?@R&5lkU>o9Hf~!n zJ6B1h?IiYEvOeJv`GC{mD!2%iOm1(ZcGE{{h#tWZtpV#VrUo;_9#`0HVcU_jKq!}% zJo8edAln{}1 zHv4F*PsW3o`V5!KDLx8kNXULNE|Obt3!Emj`Uu~&JS zqFd}#wmh;2SW$*^WEy?1YEGmm3>W0$<6+3JWW)ITPNm!J$}$zGwNoJ^(}f*!Q;~{_ z5MgH=^Mv<#2;e=JTloK;{_kV;-|Zhv1$*qs$B)E&hg{8Y#U!6T)rAP_NhrL2oD{az z0W0Y8?Om{G+MZxS1U%|s&O$MyG4prY?Zcg|(GOOS<-XIwovhOj#zPhhLI{tr%!3CS z0mT_(tdBo@te~c+987Xt=R$bMr%#gh4@=gQ)pQ*_{o!6HxB30!HrlS_Kjev(aP8Y^ zF9}s$br&l9@9MvQjMV5o3f~X%({8E%vPx7%?u^%dmUT{uUSLBY}x$da+ zxy;AeMs~@=higWN1P;EkvSdZ{hit^O7(S)qXp9kV6HY;eK?EkmvFpJtow< zi<7!j0nW)%NiYhcfhBVYbD!4$6q5CI#h6{iLBhy?>MNuuuz|!3cei{6yY#eiQ>ML9ImB*wPGkTF7 zgM#)x{HOlgqcz#=N_o4Fq0#Mp-*q$PRk!N8R)08&E|}j*Vj2m#pjp)Cpu^~eOh`Wr zSd?@|^t#jI{jLx`W+Q)LCE);roJvPrb2XvjQZekhiPWA zW%`_71gxXtVE%XgKXq@N)YDRW+`t&nnZyD4-^^S zWk)~Ct=8sZWh>?RQ-K^(-ab1kSrH4Cq@zH7sacy~?c|chap1Gs3o2OcZ5)>EH#_zE z%8-j>XGLw8V;(0q*?Cl7>h@~DGqKxQqAu)xB|Oe<<~7e+u&^1~tHl|32|hC`Sd99< z!^Js|-L2r0R5>b@#~wLwl|ftc0KKF~#jpZuqb^aa>6;0)aptr6l}Sx$XtoxFWKlP4 zCu}VAsLBgwJ^V!I?yB$&tF4@0sil$(JTXzLa^m}l2%A>Klo2#`fqg>+#vGepaL)A z=fO3D1VeojD0IQ5UfN=djYHaJnWSy@W3;--SfiKF3l`xss7TnDYSkP6ac08x^p92RTF@>6uJSx^z4S@rLr^FDd9U7*o^xB1!C)sj&s z0A)a$za`)QqmaVqABFTEh14nYc@)x_s$j_q-T7|wyRD3p=??FLs^-G&|D!qnjWkDs zM=+kp+o{Hs9{>EjNMF#P>Uh}8L!I{cCG&D;y4KSAcDo}wmM2CHRZ4(ntJS1_0RBF^ zS#pNUCmzvYx%R1r+F@$RMK0beV?6B-19r(!d+h1A18snWGmf8I9oAig4#6AX+#qYI zj<~Ox&eLUyPNy|laKcKo$&n@`oZoXMRO?vy&Ci$IN=hQ_cE$&w@j=O~i868E(qq(D~+RT}Pw-+8~tz3_YQ z7qW_E6?C##t5nt@;eaF@2trB3u527)9>c|khEhA5!Ucy$DG*p1lU@)_zKiawYmmu6 zFnph4f~>FmTy}%d^K;fuB!REi*DLGru5I&8jc?~T4miB2e&=0p07vIRED{g{7)MmK zgcHo*ZEEs!S;tM16GWuc#GsaDFXTOKO(<}n*?ZkMe$_lYdF73KFE8+KQQ+Sd34DEh z|K#W6vxB21IcSqs^MBqRw3_?my+(eQj2~sSvUbUcKsD$JR8YLY4Esf(#Nflnm{?C>GcTeM`Af&RZ%k*F_XF(#F|?TtK^rmL0R*| z`6LW=?kjc;A<*FJF_M2S=`e8smB3vh@*g#?)xXx1-EDnc9=JQ}u=xmjiO5nLnk>Ng znzR>^iA)}t{*d)ANVj>7ZvhH5xvM4H#cWyxxgg&VWT3l7L=g2^4(j<_CtH`Y(2vBv z;#F@k@>U>r)O};iBQHYUzd&FFYEoX=t*)wNEryfC=U361s{7a@r^+w2i;NNEx0{Y= zx8aY1s7q?kNjKXI_)^!9f4hyCyA}1wUWuF%C3PilFdVE>Q6d!ZM^IuRv>$U}wxBgb zttY8*j;1&q(jiL+6kTw&XdOZd(q}d6xMA=7-IP$@BYR$L^D6jL9xkv#Y)Pcce4j@T6LQ7lc&fe19wy*5tM@O3WiEvaGtVOj3gAotOS1LH_ z;LZkrp-pK=y;1ciaga>)VV{ITRU>jEVhQGa+-tmHQ~k?d-PeCU`OjkOUwMAsX7Mku z{vU5{XV(AY?Qb9dv;M!t=K(onR9niyzQac2WQy4Y#RLv%nvlH%5>FyQdXpgZ1)&2P zL?Us#g5B#!nrBf?7Oyg6pZTjr@c;B@vGs2*#5JALVwtUA?)ks9nOXl&o^Edav;M!t zXU4j8JjqCE6u~238SHj2ht5BX_`meC*!oYHxb5M;!1~{Q`Yf~lx4zwe_RsqN5}(D_ zzZDpg*#YpjkQ#yI&k#<95f4xa(=d9K(SR93v`EUZ9bmQT}@yVVH)YD(Ur@hxYI6do}y+3VsTBk?*%@?~>{BO0e%>K#V zn`W!CcXD)k(r)fn@!#s7)k>w^JZ>MH9lUFH-ZbBL-Zc*2N{YAT-mRwF zd3nYC*1@}GD^CtlCClsC!(-z|&ZyCDwvHP|1zpqFf#r2i8}0VbC$0T_U444x<=H%J zw9gLq+Ra95@3q6Pf}j$N#{FR-)0w(i&NB^^vG2B$>x0`$+L4*9>>a+9^R?YPdwW{a zlFI1WX31ncuV=>xdyV$l%Y(zx&P73=isWSw&g-AencfNBH`}o0_t|+6DWgXKue|=G zZ#k@pejJPwkF?RSui}aEeU2tW@au?zL~;T~6S;E+VVYznhy=V9DNp`{6ZCIZq9C*n zFhp{d3dr@VToTe}Gz#rFeXl%NRCc<%)+B5-Uc5LsJNlnaV-L1R*f5+)6w_WWNRIyS zkU88!+<8>k$ieCCCW0}DT*^nbCMv+8B;9GhZ=W@fI`11taxuUL4A+aQRYvZl9oP=# z*6Cfy-7ozWcT4ZnIRjm?g_JN3Yt5Oj5uX-cdt?G>f7}2nm zt7v3dGf$m@RMNf2?5Fy#YWkxyC3dUMKdoYVAa|?!uWF^Do9i4lUNjGPtLgJ@wc<`S zRiJ6l&T7TX4)t>jX2a-@YNgU>ogKVv?46yo-s@kj_p@r{rmfnoVHGmPS0TOb@mThox_v8hLq`URmBjZ z<#u1!tXAZjFDRZaAxWy^2XTo)^19JHma1SzFBwwAr}V3ur^fz%=j=o;8aX*IYKba2 zLP`k`4-GZCHae9BB9SHZ4z4!Xedz8v|4%BI6TTHr^hd?Pjx-rTd4jrzb{w z9;8jlg|l1Dj^2=ul(P`PbQPuL-)(uIhbi+-+DPD7%t))!v14?bS7mXu=%u#v;`Un-~GR3%~Ydi`A9W*2(_c zy)!u6t0ah=Sg4iUL9{`9NxalIlvHXqEi-10Z{))%rtDY7xmT?6)NHj*TAkwk{vbl9 z$D(Cm^v1OK$_%?rwekR5AjttJ!sxE36bGfMz_Ak29t%CvHtxwICIo`EP35H-&3bY@ zzil1LmM$WG73B{cV?D{OE@L=xJCIhGXG{9RT}e$i*{-D48>cH)g?Xl}YUQBaNzJK6 zO`s9jQVA@D!o6WFrY{#xca?J9DGVw|DW6__{+n=qS1QH6PCQ+c^BB$qDJBAV{vF0Hzd z;kAqfYi$&<;4aG2stZ|dGt0BIF|$S=kUeF5)TROe8i0@-Jtef!%C@T6^FiIN0lXEO z0-TtG1Xg8_k#k5@p^O$8GlUA!QNeNY3O|W_7Lz(l`gQ%pQMYY)O2kD>9U*ym3X!5J zDwCCC{)HtY!@@>#dt7RdlzZ7vJcuBjj0zA^naAZfU_?wfVGtx0h#^VhiAYF~C07V( z18_Me)CuD-PeYoV^LXU_8m+!J``s9i4WRahP0=wQeDcY2(pJKQKM|`py_%=&>dGjw z^!rjdsW+^Ql&p$cHmGi{EdH?Ubv%(eM1EMu}7vA$GIR-&NGbR56cE5kaJz(eK=EkQF zu>LkTo)oP=Q_ZZulmmDbS94a1LOu5LNC!^I9YKWy%i+bx|4%Th;2EpOLLLoZNyuv( z=}i*7L7p5RzK5tVa4U`&^T7ZvIJsbK3@8~1f#4uH)gpf7kv%+IMpVw02!>|Fk|D<^ zGmdaEN?kV7)y#>bw})p3r-#kX>8nnA?{yQlg^)>=Qm|w)&fQ=T-lRWdBU&1py`X7T z+0}z+@JPLCJTk8umCk@AN6?RxNiv=!C-FNP2ecP5fMs0OI6sp}u!J;UzHH*OR~@si z^A~J-#@nFq?XGNDKQIWE4ldadUN3g7-(n^vVX|A@#H->167oSi2*W9u|3lb(|vSt^Xy_cY6s3{;hEaFUlax&YkuB_T+*Q&FOFqbqeXyVtEk9HHEQXA4& zXhq6Z$s3XK#O(g<2Y&Q0A?HEbOCFO;H8~1<{0Y`P;|3x@q@UQLfet7!Bv+w11E#~h} z!VtdR`eA!Ze)pcq?NooYt%|*fgTXLK>u-JkEi}qQAB&FUKGO;LV8G&6EIHynYtbt+ z>v57E!RzVDRy8$Gt;p}RQR?9M<;j`_loUkCIjLf4W%Sr@zIgj8U*>C3CDjirA7yKw zej`qmpBt^?e2tZly8EBL7GH~%k0`KDvYo2@8Jen+YNj>Vc*~kYF)i01m~cMjq<1f( zTlom%E*Yvloz2ujQm%dL$a!foFU7=yl3uD!E$jzmkB)5GdMgB20=tay)Rc+l*JBzhNkz1G~QiV1s$fk@-b6oXLD!kQsu8~g<*WB%%B`4=8!CZq|pQ@?SR9!JVthiOHC=IDmi81RF8VXJXox<}K z=A=ibnI0n{J5Op!9E?WH2PHsbhD1C`k7{|a@<|MH)FVGL;zJ;G3<(dwS{96g#IuCj zPH6w)ET;WbuIak|y0*P3aCysd-P&1sjHCL=UNL9Gm{Gr=x~w;%L6oh~#_QVIbX-jI zX-ZQJSr{6c4}ei}u&+B#5wue7a#Ht@RQ1=uazK=?cjzOmgdy5vuz7uR7r`K+;f4Z82c*zRO!yU8krjqu64NoMUdR?|-;)*HcvXvT z>uHyKV^2;{Yo$U*HlfD}A7^{4cKv>T636nMAa++)$AZ+@Ik_Q&n2ky8sxL*aseP)d z&6_2pYSnwRYxH%vw$Vi0q?8kp+^eI6tUfjO)S`PAB)Xdyl+}F!gncu2r6`qxkk84$_ z+EhPPGOxRPC&y>aU(WI?Tm7)Rvf2l`yjh$$C-YZ;Ov8sKuR1T9uN&_UPFmncbksa+ z=~DB*hZ?EGH0#E9{P&setF$$ zHuiU`^7u=C%M?=5>Kq;%H&gY*2v;j4sE@2{X)Pq*066)UHBft5tyj}#j$hjCEG$y9 z+piJ(YwIX?e~?3<)W`zktFDH6dg57eV4f6f zN>A#;>sd6#49@CSjKD2{P+xfDXY?%YbMQhSL3AEOLBdGL`Pd_G1;gz<;lyXX$pDVb zGyXCN3-1*xAGgdhOMgmeJYe9Oy<4yrAC7k?5zWJuKR1#0voFYIy-#bNG7DW97u3NILo14rp?SsR^_xTnw zGP2~P_qhie1~?rNdFB$IGZ-1Lc00xn&=%7{`80D>kVL{K{UNbNvQW!YFe27aDrF#m zTY)cCXZ1sWIO0Be_GELhMpdmtKG3%nkx{XKjpU^vzp+%w^XHj4s2fGadSD&*YP@nw z;JEoSYzjD3>8vSIHLK1hP;@Gi>dOB&^8j41XGp-TcRig{zxL&n)CaIVWp~{fT&qGL zxFTD8rj{%rR~ULu7nRaWXhspUgdCCL0Kuh5ub!eaG*^f`|K?fQW~?oCpIislcE`?F-Qt>=>TO$rs~$^Q%qJNQDTv0CWY@L7)EM~{ z26|f#Je2tKs~Y*rC)v;|NLIU4Q;$oULW}%zZEY8|rOveu_5H&jVgS-gT%(f|TCG<5 zHL9iqXLQu!u|sxx_!59?!9K<1h$bV5&9MV7EW=ZB4gJYIxt#yb9Zw<)P3mC7j6O zo@z$@=QY2Qi~;Vp;{kHT$nO)8$S#r*o%SHe^?VY7Nl_VD1A^{mvv8(cUg6B&AqqySavBZ z*h!FwrMwKR64`MeKz0lmk`>5_0!!Kei3Gut{mX%1Suz46R+PsENDN7^V#zq)dEE25 zRk!%)d1$zcY4YB4zw@2%eCIpg`Of#CyvZJl8{&%|J1!|kGUZdEc>7Vcxaj#ba=HS ztGW!`h^&Lu!EaGOTcYW4(-i|#MJ8Ys31r_8BS%ZD=kzE#{}7U?4nsdkVtrw;Hhg** zME)hzUBf{a3$ywt@XyL|;&zYm8BH$^*Wtqbv9j{u)rYUHRG_3xiGVG+fmcc}E+t`! zkE7HN4`cEmPP}lGKogfdg!(llKPV+fxD>ksTuS_bf+QS4-$ZXNCK#iVo6gu0yIF(` z)P4`S=+HmG;62Df&SPq}=IJX?oIt5}HzxE?s9C%)j~?;cmeiQb)>7(d?cpwwQhpLM zj%QAr%w+|Gmq8E`a0s<&>A?}4Ggpxxzk|=)0t=^jag5K$4!V7te-1t?RVMl2Y^=N} zUO=DYf(l7B>>lHDRYwrxeg~h&Rfqe}zMx)~FOKo~izGb8%vhk?$B}t6Qu?}ZhSz`!LQEmkH6;vLsQ7N|>3R{W9iEnT0b63MB&8_-mOBp+r zTTH4398r&u$=Gr~Jf!Ff5kKK8N3pe~8;WAoGcdiJ32#O_9f(Eh7RTzXq=g`}l>&kMKW=fMK(f_^|Wzc=4hgn*<2qj_EgfdyQV zk-EWo0?w!n4VS2Y+YkAl zLOmjI-sLBQQ~`rBJ3LKKsyewbKlM6=`FZj!)1WvitL$+#W znOjy@Jvf=VU(zkcP0$y=i0a$#?zcO&R!2BW7cyy=N$|`sEYJ~iufah=ec3qH%3?TH zv`J_?PA|I`stXx+=9Dfuzr07j6rWB|h)xV`{X|vMIShRuIFurhpjN7f+XFPC0?SJO~|2c@u+yQ@pOA_yS7!|UEUk>U31_Do(m^V zuvf+s6OqlHi8#eIq#qu#$M+n5#AJP>WvcuD?fYSq7wCw~tN^FF>-yn-jFV?y+HsSk zj6IiW?Ua?J<`a81wpMHJx%Paye`bh)s=`6{yy|$a-#?dW1Frrjcq8n4II24APtPeR zbR7&M9LJlKj&XI;CeGCVazv)u4}&uQ+F|#1Q#N#V$EUA&0|!UI&7)cvSPk4Wfa4&C zJF{{7bF=rz?H-SYtREG}nR{vbU&mVq4s!0jDt8n6U&l?(t#S`rg7kbjuxwKO@DSi? z71dZk0ORpJvTg1b`AXOm{9g0)3SmSI;^vfe{j6~#>LL@Uo6X0qW~bJvuQj(f3cMe- zW{ZNg=&{3(V?Q_ykKr$dZBe5r{ZOAzcp8L>--7}K@MqZf$T6m<@F*29Zi4X{^+&*G z2@!H(fC&A?YihzorCZNRw+5wKG~WhP@hV=V#2**N1$Bh1b}tvW5>1Hig6I=^Hj2$FQq70F(4`dhw}V%W^=fg^_fToHWN)zT4lr*LEJ@pDQGr4h zR59(5tENQ_lF=+H>B%{c(>rE)dk`&x(2?vFMCz|aVeoc%un|U^oPlQ(`J90dpo&#b zS_j;rnoCk>Nu0go5v|kToPuUGaEcmC zQ)x3gm7wu98M7x^X3bwVQ>c@ObPG#&;8hLWl~rCU#Z->TBq9eUoOErZq0JpM55DXN zVa)uFV6md2Jmc0K{DKV$mZI9+3o#uXSOv;-O-$Gul(E0TYQHlEYeA_#HIkW}(5UE! zmt0{ZvQ^;_qWsB-Il6~cYZOR0fzpB81l_y8`s%CbC>%wxwgwtOf}<0+Uv*x672Ug! z?!f_eK55bo1Den=CMRPuFZ?4P zjBNb2>41mn!gXUf0DD6m2IQk1H*yC!!4ZW~Tv>$+TpocRxC1!F7w@Uhk3#x<9S?Ef z#V8EWA!LAEMFBatK*?mHLBz)M7A&QB6>ZlF1-{bcWs-kq%e|YxR&N;Yi_+T+ds0I+ z*OyUEAq_2(%Ne#u^OnJYgpG*}DpP`HZhiOc$db3SBMTV}d!YMW5oha>@Ipdvf+36^ zSc;1yLc1mEh3iJAelWrIxG5o|tLaBBcT2{B7zOsqNC{3KxB*M;JiFC51_!$oq>6G-6#8|(h1q;DJ98ojD(J?q!ce?!i=p7 zM<#eOhL_L`V4Y5anMU3fWnRrJrYQZYNp=U&LObIgp25Cga!CdeNQ`;b5!)4VP8v+`u!X1ZlXwV){0m8%^W zue<>x#VaZQ`7h`3Ps9$NP)F7ti%Xj6^k+Z(O$V*;B29YQk(_~qrGh#+FrQ7;`W$2M zy@=EsdZBKX3#l6t+$+-j|7CJmJWaDi(2wt;Bph_zg!+cii{eA9dxg5}98qCKTfnnf zHLBbNmnE^8P^S(aI}L^0nJ;t!H1rPiDmfXeEy6-Na>Zc*K>0q<&S{EezVlzPailxgNc9Gpzb z%g!+}B%Rh|n{TIxATN@@J#E)p)h~SE3x(~+jqUg7pDW7`*q@JE&8IunmF3q8yy?pF z@-nLgBR<_~Za;3Oe~QF~;t8Q9lqlM%x3(H>D2w;-!E#}zv2J<(0Gx!w;W@pp>xRQ~ z>R%?`E5+d`>S{4I^h$@vL(pfC9KU#Rf3*~z;0Vf6$;WV7FY{e$x2A`6DZ`)KlG(O5 z`tBiAn$lIW3kB3zj(pbNKmaK1^ujK)&{CFfTbnj@ z1CJ4juxM(FgZ0MfZKx+Jmj2~n=&?l+g1hbk-Sm+oDDN=0-$m3NqT+=#&@lx`hvbOJ zW6Sqx;8eZiCP!u(k<_=3zfX@%VZ^rS02LR(uatI&O5oqp zQ@q8H;z32X(RCd8Cs<%X%kdEobCbk{BsV%gXaHD+1GK8Ypg&~7D)=mk+01^sQeQ|3@^np{W(MvV3Wqpg!U|H+l0VtyAf~RyEF_0|cNO3)^mNl75K*G} zg$(>)%ROrjaX{UUiWe)ZrTh1mmzT%ZRy(|(YVqRUYH4Np-UGQ|j1wMtbAPo&1ik#0 zY=VApxD_96gc0xWL1qiNuUAuRJlt^rMIe)wN{o~akiIWgjoQ@zL>=(r2wI|2phn-X z(Z)K({aE<1$Z(`XN%6w+ehlsdqX7ECo+STlz)-25keyqdoXiX@7o6-CEr$Gv5t6nV z(6J*0LkedAs;+FgXDApA4rr!Hi3m2N31#}>=_~5e;X8*p_1tBhTl#D*QYBi}6yQOs z0nCKuUC0O>h6Gi}@l3YXh$Uc`!aZIwjBe_^k_uYlRKZT8DeRPTs>xCUo+I0FvfAWi zE$IWDy`)!HWU-OTVgm4o!De#j*{mkDx>j}*aIeI2<3d4fS+OR&-QjTEOw7c+!1>lZ0BxdowTDiMy{7-&+VrOBmvp?)50n;gYB0_GESfp3uc zuFid&Rb`7=|7*^*>GgzMq_P<663v$u+;gI3t_! zAjGnJ6rKjChus7&S>i&bS11{7Oc;KY+7^vo3RXwZRv5~{4(x}gP*(5{w!iSSR+#*valz8ZNsh{cnRZ8g7qmX;6kdZ<$G>%D`Rcv?r z@X3Q!=Af4Mn{2Pu45wAaXLX)5gKYnWc{cDCA19b%s`zyh5VY^vZAO%b$P0Yfo)O5gHdiAL)Y7`%;w zxM-DuIg;a~bFJYUS)7XPo_@ra->eJh{>xoJ=^0Q@x)P~=+T3l$4|sa#Y7laP%L@Hi zFV&GBoP@{Nqq1_h$RIO^RDK*|Px(Wh3{SV-^?o zRQS-D`EBZM)c0w=Ge3s77jz2D!!~TtR zN@h<)mpQ<+&I!F?N(U%h7r-Zl^elBl%Le=G7R&9Q(&{S%EHa@$FD}p80X`l)OpLoq zg6BaH1|=euV5aUWSM~r~j1&1i34xf_vQyOz*YC$@F%Ai2<|pHVr#1Ldh!CS*KRk_7 z)sY5BgLhJVd6DWrUhkf#0Q@Kx2Kp$~J+<`gl*iaiz|H?XZ_@`oVE6@YckBVxH}6B5v{;7jXy% zeVpP0`bNb-5kcn8oJuE03@zQ^_#ZN9v$i_gEpkyD_J}qU9BZ_gI(~K^yQ#@zBViKU zP7#RJ;v!kpq%Y<$AU-qCQV^ae+|bSk@RdBvG&>#>?7RFHjPx^>YT!|ug+Wwt-46Fz z>45^4sVHUYCP(znYTb`mB&JCeW)y&{UP2nWPw_iurNNl{I|x@C8thMY8vcal^I;Y3 zCTJ+kgU_m**mMrKc9ztQYtaKtHyqN9zDy?X_q#>@O}fX6td8a;&x|@W4VT&~Bm2Wg zb{E!UKg)4BS>Rie;&Cp9i(!R5>*U@J4@#Dt!V=aLgWqAV4 z&htIt*`Tnyn6ueAosWPW3B);5Ndmb@FE=3T>Ve#B=`zDx_am0oAkUhXH!g4!S+T9{ z7wEK$O8q4V3I;8kqEID<#Tu%S#++kbwIQ8n`KU276&MNZ^UOTz(peT1FevB`0cnJG5~L*J6lmc%?6XK?o~mfZLE{s*&#TPp!==e~_3fQ!4d;n-pem|Uyr8Ye zPW5^5!r`gInSUU(fq~GMyzQ9n#bAKoc1&BUhEddCSdx{Z8HcHZ)JDqQbwV1fBFX9_ zH$I|)F=~skBReL^c8sK2{6X0)8_^=R%Usy0xij9Ni8JJE8E=UBwa{f0_2~$dtOu8% zh5(eh)#_w-NF%!O`r-bO8*jNu_ek~ypR|q1Jj2osE^9|o78(>BqFu@yPI2YA!y^rz zJH>m?jl1bRDf=drVPLHZL)z}KS=TE}vxL2Zr8~^DdB|B9S$6tNdXCHm-&@T zsv;#eo@=n{FMY7<*1_^TPTFwEV{^dv5mSA6`j|<( zmpy90jgC8Gi%Z<-T6Q=AXTk=TxDivgX9TXTJ58NvwrRaZ9ug_rf2FUg%Iz)th?#yw z0HuCH8nzQR8O4M}dem7L;b2+pf-$_+sxHzrkOBnjkb`19x{v`OBUo0(+TODt;6#cM zB!52CYdqn)M~3+OB6hW8uD?h?{;eIx|P4jfSu#I4PBUHQI$eKM`4tJfS?Xli=!crETd(| zy)c>e*k_Y5S}h-fpG2T|DFeM8A()I^%;MDC7!5|q+U>R_Ruot&G&~p5dDsqsp|Oa`A$LW1~CAF?xZX(`X>o;B%qE z6GsYa58a?i7t${FU@X`plN_f8Q1SVm2ujoof;EJYV9Zc@77!GMswRiembG|%PZwOON!XssdYN_)^>H_`B$IsE|;0OD>p=5@ubQzf-2S4fo(T)0E@)keG7X%kA6BlSk&e$1iFa`E`fZk%T z=kLf+1<-U)JrUY*f(OGef`nhZCVV@0*HR6(W7ZP?py7(l0iQ$z%HZSBe+XpvLg07|6KdNFi8_&Hw3^a^D4Obb6 zJ)Dt&l8+VVEL0X8bqbw@ivN6}xbQr9{+zrc;~6^(@MK}~bP6iY$VM+03C;Kl0w$}4tmR%YqtcFj#_sX0pOpIW2#dw$?O`%+poc&ga~EjChz z$3D%8%`0J`b)H>|a1#tmF_1zP(RDwvl_nG~^VQ2U?-_aakzKG&gR3@!ICfA8Y*$j6 zdzOR3Q(RcjKd7=q6?s3Gs`*nFsPhlTmGciQDT`=krDtE-->G$;RMVEy`YOl;WNvy& zvTx+iKTz-Er_P3Ax5})O23|sxNYhh?F}}1mws%cCX7nBFZb=tw&8?kgyKY5Cf0vDm z+EPY@iK2!Vg<9LM2(&flCbn=?siES`l93)|!v#T{6B+a({<^H?% zR@HgUsOZpaqt_WCw9gMnw+_eTb%){>VeiOI1cJHnp+-b;UA}hZF0G?{IHAjj zSMKtm*5y27%j)xC?H^|xdI&GXE`siR3B%_?rpVG#1z1VEu zo=|w0hCQBo0WyHbSrsXO8NdxziN;9_Ak$(EsDw6Zo!X|At-q9tJuHQQ1NR6sL3ajk)-qN^3y$Yq?PLz0sw@L>VEib+2ZUiT8-}iv0x}p>SuUfoCYo{3%K^)7V zXsD%vx^Ux`AIk?Mc(5-5HrXL62pzM$0#E5A$M=NXZXUM$dbk*Lmp$<)vQJ zC#kBj?HaD*3A!hIy@=%K_FGR`xVnPwcnMjKU$)Oj=+OcCL0bAj=7LI{?FW7g&N^j&shWb=GX&VK1+!IK z?|T{9GN)#zuuE^qfUAgadY@lm60wA~o7-uq_VtT%DsM&7a2DlOVnc}0iYCg@bXm^h zP;OL`7be8j3AsK+ZqFjJGmG>~b*By4OXRIZ)T-h&1@JOut0Ygynsl`8fn_9lH`A$Q z@z;ErjMcjOY@y_7s+XCZajler!^Hh2V&%3DFzlmlzmGj4+<9vByF7}zxxM)e@*~hD zkdGY1bXakP`#kA0RT79D;5@xB8?k#!naEOId)W)+}pqYU_N&foB!r9J=B z=KgxEQ`>Jfo1M$Eye)P;hEoNQg%1_7C(Ke}fSbQ;*c#E18rU636qJAtWBq=Q;aNtI zC=h#4e}Hm^9C~d1xZ=5q%k0)#G~)z>r8kfh-u_6Y_8eL{Gtcjd>m@=wV3L!U}ny6C_ zm0+)`kZ*!H>wPy){B9e34L%$ut#8)aoyOWrU{htVmu6Q3-&q*e{5UVmnqN*4wKhD- zV_Cw^DqC&nQ?`{v>P-sM7WVuPNi(1&O>Uk`VThOJP7TXhcvJs0FJ~HEX0oJ-oOqb> zr1Ez@wlp!POeuj{RsOmO*4zq%!|=mlO(?Ik{^%tzCk*n^%xT~`3wxR$=Vegy%St~y zj4j!8EG=oMmv@k_HE(C*e%t8zV~PKjzw`0GjWl!xNWfN=zivc0y9Wn;vh}48Nj~$U zQZGS7vw>b-N*lP&B&f}=bIWQ=$JyfAhNb*m6586MoO0VX5GJ}6fUEigm3>jo^9ToV zFI|^q!%fbS59JI_d=Gp4p^szXHQ9`qt1hRn=B~%#(6Hnc%NypXcF%m}DOG`_KF! zDg_uVBPrt$M$Yp<>qPD$eZ`AOy!octBXl6UmA{yd_=_2OeR24PWt^1B+c-)2It=>f zat*E+C(NqKIhmH=ihNH?$aPID{VCI$OuL$!M`=EL!KT)vNW4U~1Rv$&($sgEOJ2b@ zQz1e;f(2wMagFOsk&%%*BTyGw!VRL|RlR2iy?OhgeBlW~+@+a1X=U29d@0$ZgM~!h zkcs@>^aHGkYyx0E3HM#kvlV}2l^8g4vt0MlIm}hBTu8}bS-jGn$ zcI7llD4Q>3SZr!gnyMl@QIN}$>MYV&{2|fQ5*#ftrG&7Q8z47|+;g;eFYss!qRTB6 z=FtlOggihF1(k%5Kf@`^Bjp3+5Y>%>f{MuyB;yC7O6<^$W90IX8MsNqZkMP15i!al zQ90>>mB3pS`Q_@gEH`q_9ps#&XDC41PCm*PRFEL8IUVRT^ zh%oJsy2s}~h;~N7@hiX^0eXhE$#2d=LHU;Ny1dFa-V6_$kob*J+4c4le}KbLQY~J{ zf3B96%de`QN(5ll30ysXi>!3dkB5EtT;(`MP<0n)1lnitm|{u@6Z2drDMeJxXbE{r;ii=%Ot$%p|$spRzr>!-5kY0kc z0mD;|mBOs;>;Pov{jTZW|HkmtdmqsKN@Is+C33#*51j&!QlO8z;b0iX*eN`zZ*H+? zN4P(53auUfcQhP0h4uO)_9ylIbqWQV=aSZqw`E3^v!aUd1U4CZbstuGS@xM_nfJ(E z$4WG_BFw2qA!kCdL^Me7`9#VcfS9*M%hB!>&atMyXAN1qyJ*PEwM%IPS-llFyF*bH z*~F8C+*^hv&4CbmDe7k)vGUY{(~fX|h@-gR2Y&K|{%&l?P-66%JLuB}Ri}8tcx7DC zUzXz|MYJCIk+I;Dvd`=jHOWa3?dCNr9P$HElK?y|=Y_FRNMKKR6ro?^O=` zpmH|o_x*rn#N%b?*Y`IYk6N|XvuP0eKC?|K3`>*?jTR8~#`DXHtOUppdLcS@2b8PR zqR(b>>@EIHBj|+$E}a@lW1;*i$SFE`g8KvVQJM5(2}|5+JZ{y%S-<_P-KlTwKdWtR z?l-nKn$;Ze1enHlyHnfTthdNlV#$k;(aAV|#UEZLiV8S8hFo;zM6flyRvIec>!CPu(!cfuGX2lO;~k%~k6*dJyfAlc0fUNm%zfhaM-U#rz( z$=*;8PLS&EDR2@CfuSV}J`=lnreM^A6F&+AI5KEqu!MJFoS*~T3nOW*2pHS-FVm|B z&>xG7N;Ysue(NAd11?u$m*-#p%7(W_H5q-LrO7r9X5(cgX&@|?sX~(WBsN}S1}Mec z;SdLqed)xF)S^>Gt@;Jk^{B3cc4!$#nyD3Zi0s{ykeRm^yOyanIbs=N4 zEMz@_rjc>f&3qJi_;TAh<0Pv#!r!IIQ`i$opOQpqVRv;j9O7toZ-M;Y4^QduQuf~^ zm7h`ouT+uaMv32ZX{lkFFj8wEXCSb*IE&nKTQ!h$ks2h;K^wkNGTWLkMS#F^V;a}P z!MQQ2wK|QB+FGaCdWOOX$pO{Mg1hY2_VxyND^%s-%T|pwnnhEf#M6Glt;N6(80)bt zn{WvAO*Q?IM^2+PwWx3HPX!Foz z6RI>Db?i-Ou<}O!XKbzD)z1g)=G9!I#1MShFB;=nN)Pia z?q53b6Q#ny&&fWk9k@Y&qjus(33AqPg1ZU!WIT-S?;=0&6W;|Z{~(`A%U6PBoCbU` za$gxE3$C9K9vfbDRM9Dd(x{1nn(m+heog-c8|gO z{HpDJ)hRyA7Nu3$o=poMsIpOPNOmPIYjIM;mxO+n)@;!Ls=5Y{nf=(@oPnO%Vx!g0kZ=yEzDeL88J*`Khw+SL2 z$<|e4YosSSP+aJ+SRQ7B8q&Zl(19~&0Id+U ztSLomrYGB(Fu!V_ar&V*MwIz8+~l*94X4jexM~B>PLIgw8XN8ELUn<;_C)9ya}x@Gsf&hctl;U7D6jS7 zeCeA-!d-dV=Xo^HW_TzSn57Rl!$YMy`UDA<-os{EA=A5L>s7(i7)Q0hdmM$M;YJh= zh!m1WlUcjnFc9`bC>RGWDf^w~{@RoJ+B=l@A>3Merq~eyq;ei2i1#Z$gu? zDa83zNZ7U+#U`vIny2+rJwS$+8-d&h_U#_|C)m509!|sP_+}uplAXC>TSTDdP%>Ex z&c=5cesr@kU(ZlG;oK=j}a|M%c2zAVI5v;>I{4%2kpT6fv5BUcE_nYceuwg zuN%a4cwRJ{Jc5c@QYZyAXi@(ki05^qpg{i9=+TE3y~^f%EjeXd&Qb-#E;`A?Z8{kH z0d&BRhnMp-){i~P*&{t6+3Zg2U_@rIA0DoS!*g1u-3aet7Il?2{qS&0IGiigAtOy+ z-B%{pZuB+oL{i{9oy%mSEp{ENQ|Az9VBX1 zkDUq`xqjV2)`k5-hTq{XQYs(3kW}or1dpC7wiv;k4(-Mcjb)mw;i@ zgX1CY`aQpEl4#hIN%V3F#4ikTQ)Ai(wxJK*B*9TY_WXF-@Lw{6KqV6d$^0Svu|VWb zK2qfT)<%_{@SRks5%oS@FznDMwnG6&gefr*$Xv@ww|;O4BCr{((biCZ?Ruo4a-5{) zFXc{RdB#|+w~QK?Tu5gucrdSpp0y;UbnhqVAy`qPud3ic@ihCUL0(;P(=axO!3n!F zw~jD32j{G#Gr=CIY)94Gb8m7llLw)D^i)g7WZ;b-G1M`L=#WHaHWqtxf=U!Kr4fG7;g;8k$4oEfy8tNWWOJuCbG}m^617VlE;R zxE$FGK}NBD$l^FbMX=kA7S&arE|R4TAN56TaT;G}j(C|)QFJdA*=+roW{BiAx?K); zkEa#kXVZL!r>t`HmV^UV#N@OC6tN!lXcS}Go5>Jn;`0f2c)OCcaokr(TE8ue*8`TZwhc#MpE5_W)^Q>%rxprD*3u z$fTN3%$XC!t_p6C1~={kOjt{X<5LF7bTl*QZbwr&GH}c!2n;Q{1X<>}p_Fo4UH&r4 z8UCEM;|;QTZmRbllC_@wPLrkPIi~RO?bz{7y|5*pV$s7MciVa5)*-W(2NBxo{={KBQc8)&E1+^M%Z&(KC=lY28j4MCsg(2}|} zB);h?0cqZ83Ar@pH0+^bn!I&J(!rNyK0}O#>{mlqlvEPCvUsVEY4&GF`qkPo(|PP2 z+pfKC-4`btQk{IBMwSSQbP=Wtl;6K)_PM7DOYnvQ zv3A54FcoPam3X%BBew){SjvR&$B+#b2Z=6iHA$e5RB1c&Tn}8btq+I}q(t6GOJVGW$RvAS7JUkhNwr9?Ii zLVyQ3HiEZ72h2tmtIi-C1qnU=X4>2eGUgPLWNA!s-Ys5ma0E|of4rMI%lV1y?JvBk zMM+|MXTU&cMl-Qu#GowSUt)A?mR9c}7ES<?dX<9Ri ztKPh_jenXYa-xM%9k1a&X`0Ej516e_{Yp#e#O9RD=BDto(XLMC>1r2bg4z&1r2D59 zeOZ&=REU!?CYUN3(+f8O>K$i#R^~##MG$~e5l7-SN4YN?hJKK+S`y;wiS(jag$7zj z>FTAEtbAx%v$%4y?nl=9oL92d6LAQpB$QFN?PP5Coo-;0P+H?REi)sP{}wzaDk*go zj+D2C$(ZR%g8|9Bi;@^wb6c?9U|CR-xSq+kHuE#G9<(nn<31HhR~AW=&Wo2?k%ljp zna+3S75O1AgUs98T)e+S9nH3wOV%|n0pohsDPBC_iG#1aH28IkZF!_eKl>6<@<@EL zmWgHG;-kIH-o?&cX36p;FX~ZU*B@O3Gc`q1(&M1x5tiY%>{ zJCh|?s>4gXV;o*RX>HqGmF=FmA{kkhmn-w&+RY}!tlqCimo{%wlSWs-#q>E7coWGcn&M|Y_$cKk`Sl+i z@K$(&GnI;&obI7*<`uvrH^zZ*YPqr z&UJE4Vb^bIRegP`AwV2&^VtH{&8VFeFY^|e1^ZmmdS)LQC+a1PXl5D;9i;f02X&c* z%Ertl_-BEW;K5Ld&yYU0x15R#4`17o?s2AQR;1GjS{1xj6)&qR*)%n3`rfV~LUwlJ zNvZ;A@209iTKh}+o^3VXt(!S>W*OA%D$A$(z$Zr^P`AgAuNGj{0OnCA@&|~fwt5Gj z)BEEX9pV7fLgORwr#!-E=>9!aNFsl*B^v8ehrb}(az;w96E{+l&Pbn!eNTX{78k!* zypREorTkk<8DH&h;@~hj;%A@Y#k~A>EPoc@)3h^5?m)I;9pD(14ihqdV;yR;rqgO{ zp{-iGQ*XUff0j;x(wo3e?rC*-_5QtadV=o`QTF(aS2Q)ue%iv&37V0A=m+v75#A!- zkvSehP4Fo&)w}wrHvvIa?SwSV=`^4>^L)t>SMVk5H^80+TOG~RhHh+=;(V){CLB1X za&PHTzwb9#>vzenDZ?w@FD$Nnv*_`uPnPuX zK+)dihC6PAgS5G%TGMm4Rjt;J_OeSCJ=$k`sYtQrM;OJU10}njSU_4%)(J|O#b`LQ z!kcTuR>PYooKGfWt49b^LByuVDK7HgEd&?TvFNL6kh}25IWYBZTUfEq3+lXQ6K&Fj zX)tGFQ95;i* zkhW$q#>Ef}G9uzL3`J|W~+La$XKF5bGJV;Qfa#kFuS3}cK$oKmVA^N~1j6~zbAF$!FH z(wrTtv@Bl8vpcpVJ`f~!Qp_Er8D&PGc|-@wm|0CaAfVAd8RoL0k5oq%ilgA_DF||U zzHI#D<{`3#{H~jX(M}Zh{JtL?X3a__@^bA)pqXVZ zB+~6!%r;lbZDSykH^B|zY#C1@6A!iJvA}x56KX-7G=EEcnItcgY_J_iC!W*@j!LqZ z*vRxU{fODS^zl+j>_Ym;OzHxCyrg_CK$Mr5#zpJzBappC*=}Y@t%P!g@=?+E;Usv; zI}?9ga;wOih?-YLo-5ngeRlwA(ZR8NG7DXqF{Q%+JQ zG<1yVN`~HngPateqHpLer>Y+M2ba=9p6;yII(1fGHdRB=mm8fY=$-mARNG!hfI%MP zw~o?fgBR4zW9pb*is9TMi_*`trR#^jCuk|GsGAbpP-xj1`{7~R@AuDzs_ z*t0Tw;P}oXd^|s@Jg-!=!yo@q!QOze6Zk|Kq_te2He934O;+YJ(9HfG`)*=cR!z*ApBYCWI?Z1%m`1rOH`Cwc?Hf2IW3u>HjrUt`KM zEyPATSm<|~ww&qtXHcSO&PmIcL1|Y8ExX##lK|8T>SI~OS1$0fG!J#}u&nizPI`(t z=G>vP(Nu?y%ankj>}D+h1N3k*Am?!rnG917y<*tN}iZ5ut^A0FXK6$|(DM&R zbf7VEBg{P5M?@;`;AD( zd`y`0^!v-{vK93r#qZ;6l{QO*70GQh>0lw8cH+@4jA+QnB*wf^^_JU{GpKVFEjJfv zyRvItQS9|JzvD}2x7@whd}7mV^SK>s?XRxYN*BYk4C@o2$kOz8mr`9bby0*QL7@pP zZX2#nG!~2RZ9Z z#-CdBuS;+liS)E`gP3S~MXo)@;)P&%QzM9{OWY_)9YchO)x#b-wN^)|JOq}19C*{e zO?_I(p=7h(sjs8<)3vpFyS?#rbMu))v*`GV@Amz#OE+yXPHICkO!#Ym=#FAsKf~P- zg)3e&VH^0#6Wkx-D7Lqk8ZZ$K>yqQ&2zntAp!SdLZ7G~Xoa{uQH|i$#Z`1dpJ+mrg zw&%7KaFcR;h&t%CTP4&fOH}AFdy?8CTX?lK~ME(JwVEukwYG4C!7P;1r z{V;eha*aNPTPQyB6SPe8DAa>^6yX>RaN<&Hg&$LW#Vc$!AMZb^KdHUjXtwri>+Abl z^-ito6gM_&kN2NB1>sL-6!+8g2I|L|6&9dsnQ0Y0sGfKGHd3p7-f_Hx@=-Xzj^#X` z|9EcQ2RuH2sxu)E1fi1h5I$4AKe!j9S=cYe9&+Lr7i<*c7e&$Q3(2L|xWJTf)3@}O zf>0XshV11~vnn)RffptkC$j7pm$1WRwUMkP*{qf_tTYAXBNt*%%AOx__?Zpq=0clV z`I1kbSuR(1pv^N=6Kh~zC8{T9NQ>kgU#ak5jSu>(+Hq5IMS%k4mVlmY@8elq>MIo~ zAO$(|s`<~PAFmKEiFY)lyA3+QQB0&Y%#_sNUHaTeJ>v&#pJENF&cpI@d07cNa?kWO zujy@gC9g)X9(Ip$RCS2*uu)stXWpg))&R25!i*gL6#BWo$ad4t5u3_Jko2w=doOES5C)K{2X8O#syuQ5NztY&5jZ&(N*E*kw$hD0} z$rJxFPy`tEop%y6ZbeSjKEB?_8CqXsEPb%PtmtEDg!F-gAAO*&HT9{eyuUVzlW@Sa zO3lURl4agET%YN`@Ef5Fc&u)kKWtbya!H%s8l)wU)F_6rH!K#9Kk<+7gq#ky9-5sVXyKQ2eg1PyuamS zz~}|7pX^kfw1V!VT!6uN4MWcZbDUY98aWUEp2w)l;F1e)v*If8MYi%O&bQmRh z_?a}jc3uvna&IY_saHok5G3Oue%#dJhBNJ|x6 zruz|k#yId=*p0(r=O}VxoP(-u{gdmat&Y=`Nvs3BK|)(`m*^egzI%o}((~Gp8|C5R zmj20g(_6>s%JkL&UN^n-3h}IgNn+gEL=oh4UNhS1^ZKO`j?QPCSm~P^n%T66>zdjW z;)gu9=FrT^)!JmwuF;V0J5Prm%`GLxdeDFnK_0r97h;@D+_xv%Ajk*$#1gR2lu)C* zF*lQ=bwr2R;X0Cf!Y?K6qOK^X%xq*dt(X>}Ywv#^RtgXjU;`O}@1UTGI5r?Z=!Nh$ z>x7|;s@U2jq@-lBC z=|M)d7zXRwc^G^gWQ``z*AfQ~+%v>=!)szhW3a{*xlWAf;Y!*Um*q6}VJas1#nErix~)`yqn z^9k@K(0V4u&+J0ye|v9NSP8lcs;q=*hlH$^U{{f~m7q7ek(H34Vb8b{jPunst%NKR zXe%L;QqxvK)`yo}2@~K=p!G~EA+rm8CD?nr`btREb=y+NK2}Xx3;L15z8KP0H@O;& z6UpV4gG7t#T@NM|>T8-y3a=(P$b@9CnQss1=7Ss4!YoBv)FX8&aTsbDHnG-bA zV$tEUB_bfpS5-5v3IHvw4YC;c8eqV4E(5H5m9+xs+nX@es6AYI4FtFwCed{-19jLL zD?+19-i4ulmT%xnmcWU??3{{}41$^*1pdiUG*)hILpytc8Ccrpf97<18PNCSmC{Xj z5nIkZ+>bFrl9&4|V|Z>-1sUUd?tC~S6Q%!{J=6F|HE?p@Kvk9)DyC$pHw^f;P%Y8l zS~v<4BY(+Rw?FdmI_|lne!}d;N<^t&b&9WM?95e^EzKnEg(=kgVIFJeIJWR{j|kC4 zA63x`dIS0Bi&cgHVJKsVy!!m-mzE@NVL4m^S?{E6ci>LZ7w+ll@{oeO6qs~G(j78H zP82WJ>l?MFo1Og{_>k}KG+Ui9_sz|2-Rkg`dwUQyWy?IL(e~1}EHk(>NXt>%-JIe@ z{k=}Bw!hZg-e^3A6~$znO{hqd!!o-mK2smk(5^Zx>k3cR3r$~UOM5M4V4J#ZT*`50 zo6h;rSl1~}XSu-asCN_(tc|uTrsG$q=;~6_hZ%Q>uVsj)*R7y+W2@A`7px!XHYr&H zSXmxV`o?}1dAdm+CKj;L1qsS_{K)n>$tSSvcP}#H z#_S8XKh>v0L*KBRqp2Pi(>y(9ACU#b#Z-=(Xs)%*lwlf0Q=J>8Ia$m;R11iUscV7j zM|K<8bH}ldR5E=TLp86&r}`aSdaw!%W3+Zt%kykw3mLCAV9jGO2~!P?2xolO#Y5&x zcQ;*}=&pGua@Vj8lhgAgg4$2f*?yAw$Y_T;(P@yywk*VzAt-+fvg}%LDwV^9v`H$q zprIxv^wv6=;2ZnW(?8YeS#_Q-WO4GsbNk0B-IcF(#$cbnJRi<1+nN0^jT@m1Lq0lcA5ON{s2OGtmozZN-V3j93bS%N(dIvFF!!kg_PaCP?mYpC2qc zn@M0*t;?kn<@n-6VfoFwue?mJ3 z>OqDD;nfW0e<<|$?ok-V7#;bCM_Bebly7-rIRLe++9WdwFm_PsFhN9BwU2AeLX{_c zk3X3By`}7VdcN>uJ|sWTsDD@bpyM7B22dMl0|q(NR?&ba>K>u>jz1W=ebV_sC|{Y~ z?S?_@dpNqTZrRZiR?}n=a$z#zR%d^!_Fm^nt6p1g zoA1E5Xtga)5({K!uWzrn>a})rd*?~3)~=hNTlLM_d-ZklZ0$*{W$B!?_|nsQ>zUp} zn-I5~V?r!z`RX&03Dlet2}$~(wq~1>+FJIM)YdLJCAGClQ({`UGZ(kEMD8MUdD~Wz zw$Lm~@zU$;!=BbpSK3ER^nJwF8NYy`#t&H;O3S%ZJ*bfC2auDo6H+D0THfvY^zSSs zE06j#SqYn>SebSJ`D7?T4M^*r>-P(nJ{GW}!A)!ORB_X|R6g8W&erMOoaC@0H@G2X zo&Okz1L-_IkK!bZ;4&!D1CO!Wl~gZ-1Y+jKEX}2F%kx6}voql2+a+!h$af)bJt7#S zNV#pQX(MwUoV9H9;G0%@tt8-VQ zR1hYFTINCK(-X)iK`;8SRn?D$W+d-!kK7o0&0sqWYF`_|zNM=^LHg?2^007dHlH&2 zg5x@sh14XUc@L14r%oaPv*WCwEX~5MI((?wg|U;qR4mWs#8p=O(yV)+w)gzNL#+-R zV{2=vidG;mT1hSNYTZn)>g!e1S)y0L|H~QcVwqbX4{-vOF1xUj!X9Y_c7F7!aXmGz zTRj?OdKMQKHPU~6Wl7TcwQ13psH&e$T*jh~h@wz<9-BqZWi-XU8zUD~Cg4pet(r}Z zm`7V~bj)skVtVCHIKb7e;$~tB`DBGMm#amn8^fP<9mD)9J>G;DZRRHI=evvigla(7 zL7I=2Cc=Mg9+Y-Wt&Y^vdJt~J6W04Z+a(J>Gsy>q?9)M}#c0L_H3iwj#E$Hgjr-a+ z?TO@EwqY2va0v*BQ0~9A(%6$&z`l+R*NKTRF2hDIpTJz}$n`t1Rnh8VmmNiAIjo~ktX9?Y<=Dv_y3t``XXK81jLBI% zO&g8;APG4a!yZpgHlMO+ZWf)%3-puAqUaj6Hl$vm$=&Km;@QKA>-Xb) zq8kqRDAS~zUK`BBsrFs$nx{4A)P4LF?Nq_B*>9MU@#CrGs4>PLwx%O5qfhsTOR6yH zl-}4L@d>t@&9*U2RD{?DU?@Y9AYmHO>nopf{3SJ_PdWao9FMNas5blRQPnErPQ_55 zB;`s`x`blo#>m9*#`G&=|GZ`^q?9^9L<1h#z_@lGgmRI(OMk4WiUw6?U^!(mA zD2wzKfaV5ELWBeNppOZFGHOQtp&x+zDxp*PYyhEhv3r6&vg;!# zTWht>{*z8;r!C2(?b@Tw`Z|F}Ypl7< zPt!wL^_a`}35XSC!&{u7*v6JCab>1RxCGOu;S{ZodgBi{Kc$rn&2Q8y`Z3kmQxb}V zLw-*uXN=qk3va@#%mLRyNe!pk+QezSky$m)VlUs`ZJ!i&h<&LOquS6_kzkc{dV~kf zH))lbQ-eX~C1+ff4T$hFHYYg}719gAr<7=LKceQuh%klY+}xp3vR7Oau`)ud=20`~ zpWEqlm%BBaHgQh54cJU-Dt`gV2pCxdRIezm=y^7YCUl@z;~t=iu`{GJsjW??iNsSW zVP0Rc5JvV;`3Mk3C5>%H zzUub|{SCiw#8IEo$8ps*OdCn0XK^@+x_Co*W7#094&i)9dCe3X^6GU)VqKl6N_E6J zmSsBV_Xhnk-Sx|y1=;MH z_za+Q+D+2Xs|&fo8YO!<@J!`?2H-}0S`E16TrfLysYEIVf0@ab0Gk}peA=nEX5xY< z93?oC7{HoMdkPRhq}-J-nQTPM1&)ht!A2A9C{;(M3^lZskCJ4Vp6tuij_ol8-BQxR z#L7XA^lSUrA5wILoSatufj7)|>ZdmRHtvGtc6M4#A~qY_kI`1+ajVv8G`CT61HHGk zi8dOW^|q6LBockOKzEQM{i>AekhZqTtEhquXSqs>x~u)iIVO2M6bw?A=Pl=pJ2E& zfseH@PlnGG2KrWY6N7YZNZ>D?8*jS zG9+ON=J!BaM|*nIxMo{4d>DlDga#uie1dVkD0@)12Q$No#fY{89is61TyNJ`yB$go>EYn)~$|c9Nae-$`lulVsV{F{v zF?XPIU40Mx-VS?ZE$kQIQ~kYS_&(35(vadW1nHE%Z@a6H1RMo>jFg`wLJH?XO^`t3t&txpQj#s*)W| zeoT}0z*BgvqLQZIx6CTNqF#7Zf85x<*l1Uq8||v|+;PSiy)atztM}gUzqq~ehX48M zy`{r=bg)=KmAlSc&fTKFG+tr1*Xjt<{w$K=9HhBmDkbX-31cZyCs(KwUwe0i9JF{<$8o2kiC^0`5f z%u;VkYAqc(>lE|4Wjd~}RM8!CB6ue0=?Lo(QT{Q!c#%B@iSzWVW%iU{S=@JJrjbNz zbC}rAwdiIQ21WrkYRZ&j`7A=M`SN1qXB6^kii+`e?cLgbbB7$E+c|ZNaiPFdhchtT z*sATOI7lL6D^<2UWfM)@=nyCDjeYyHZPk;u=}BAkg#FP#YTZrTbw8>WY)HW&WW$f* zq)rA5D~-|azJqr zpSb;Z-N*+=PDgLxs57us$kS`e#bZ@qNmEJIsJ!qjG)y&7ei@*AAd|tOd};&JTj&F0 zYP^_Si)N<^lO4PGQqHXtLzG!h{!Zt6&$+KEHBqq5B%bpZ0g=H(&Z?$lbH{mtfDZF9d> z-`Q-e)jG{7GhzRR&xd(*%{iKLwd9F%5N3WYw%fh1?@4d&vp?Q;L{Du zna@4<4JHL$hG&`}>_FAp|OfGITHtRWz z;Sv_*u;UV=L&ZF9;T0PJX2wOjabS;Z_Ycym33PXgi)0IK^y;wf(&eII zO%}{-)LEhyxeS?{r7c)-*^msVImt3>@3|*{tyBv$miGZR{)JC_0I^VoQf}0fb9DjxI#Leg`#j#gu8_0qJf*-)&53)8K;IBeq_iBLMuQL z%>fP)6oeiw`<|Zbk;Q-WX4pfUet?mC5T0OQn2hgO`|Z%f4KLGgQhTN!7JTm=d|u7r zmBYtLy*-Xx(k-9E4402omA@f>kEsh-!+CkK71*Wx_sr zP0^Gc(%Tbx?C1qLjPMXSU-i9JBe!IP5Aj($iTvOYih>Y8MxBBP5BqKxcko$Kb>?r& z(ptRO7gM-@6o$tLDwGS@R2)dnb6m5-A(eKCXka#9QC&Ac2N=1dBpkSj-*x-_bL8O! zM*}~=9#auQD!03%C?d=FD2$W99bgnj2{L<(j1$cqsR86ePggzhTn zUKzcf52Z`fPIjWON6V^P=II!7tJjb>TlZt?a+y`U;T0yrPO>~+lpao`LM;3Imv5I;1mI@-)2f8xO~J>zHCIZ z6&Sntn;N|w;X!x;8dYX&@`2ku9u48_VFp{I7ip77+2cz81R8aRs5I=Qt;uhqYbsKx zBDdlCeJUKg;qYACEcJw`U->TGO9rSUgSWt=#Lys4aGh$?ix&+8FT_-3q^0w?8(k7I zN`efaUCA@C-;J=F;78D=+1m^c$*<&mpLafJ6vAeBNLuhyo65yF=~ig7N}skXpK*p@ zK%&H-4kFztvf$ue4|fy)1V4>&RJFZ$9EBrhlD^@MMa9J_Uc9{lmoW07LB+~wBgMFx zov+s)O~bFXGXr|0-~CQ=f9*+q?VYiMCSduv)qJ`mwN>?C!ei~Qmu&jMaV_xHfWw%{ zC|x6b3g1iJ>Wdc&Qe*WI^sdB*{u$gq!JX~%j$AN2j;m{Z)x8Q+`jSpVVheCo$qBW6|&Pw><)wMO*IB=QGaZk*ug z9ei&8PHDpWqcguFjvm1E8QogjDsb3_GVy!XM)^*%Yft=EYNve9*YCuS#p;JvqoL;} zIOU$~&uuN)Jom91JRLUs9=isaGUHjzb!ZbNL2JbMO)}DEahueHeq}e%*gvlq&hYudWzst+Z`oH(?KfFJ;a{sjl_wPS^b>+1ObL7eLgE_Q(;he_pYy(m1C`J`a%DyvjMNpg$z(`?$Cpc$! z!S0vME*R1ScZlMnaMbt6=YGI1&hVK#820h14M5d`H`8*dlEsc!Rc6(o4_S-U+QDDr zq|4rUZsKY$$s_jmG>ne5x5fF@n|>*zW*=Z zf9=!#|7HBlzfw8ygUW#$9~BBTLJX3jE-qaZxD_oSn|XD)Fpsv}Gt}`1I2_R;pAeH1 z3pW__L-!vpFBiDy_8Do~93_o_2Jghx;!0u5J!>(D#l=NitIEnUT3Ra1qc6KYxT&D^ zN05AqoZnF)?qfVe_m>N!Ao2TX7dh{DM^PV@VpIxIn*6zRikw>)M@cf=@6tm4m5nd1dwW<=5|3XyTfRJM=3jD;0X-R5`+KKRJ4znz!yPFFR=OjRLq1finTY z%nuF$IoUEIuq>5I2oUA1R+c%n3fvx8ykMjqLp_D!MM|16+S@B2sb&@QnqK)pCuREP z%umotfmy{OiL~tZ z1y1RM>VQr_7vRJivuRu5*X?U=MJHes2!d5}G_=5#LPb_kh6-T;#8nxw9~(L2vbp5OSheG2v!AJKXqhvFDzJ?XLqAAL z+6>$-AS4L^RJ=%uH!iT-M1728fB`0~;zsAw$G2SQ`5(5_`}BwZ10z=H@>0?LYe2xw*OTJgjZi=H~w9kN(U5zx!Qtb91Qsq_s6S_x0OzbKm&$b94V} zZf@=y|NGqBXnAh#|9F3HZuOgUbAM|1l9M^7?Oo`{cL(%FgKb{^0S?{^?)*f$#qZf1~|ZlmGMgp1pJYH~;pZJpHf6yLbM1 z^6j7d?eBG*AO8OMcRoM(rGNUT+q+Tezx~FKee>78HU8YM|K;8<{8aZ3=KkQDfACx1 z{I$>Ze)#WwNADY3-}RH#x7{UElkezxA2jAN~v9y8Z8c_vem(^Vw(r z@H>CM+xwOFxBlem!|(f@fAVks#^3&-zw`UQ`;UI%->4}STN{p$_Y{^;C~{;z-d-*%{p2eb|IJac`1g|+y*K^pum1E;eB&p+@!7xj@BFo&`_^xL>!1F5cl-mt z@r}R#t$*WN|M>NP?frlF?Qj3$_x;q5{ML{ClYabP{_IcwxxMj!@jL(efAW`p@*B6D z%G-~B?)Crq*Lwf)Kl_E=$$#);f2r{Oj|Urn{dfPwPyg=shCdU%fB$EH`7a!QfAHB~ z{H4ZE{qnzH@4MrgNZQ9KA{yI?3N~O3AgBqUgFzGp6r?IDAR=j-5J|Ezn-CCbcBLqA zqN1RlSP%<{*bs>#U_tZ%6_lo^C`P~rDx$y7?j|9ickjLL_btCaZa;UDot=5+nP=uH z^UO0dZ<4QbZ#(8ehFyRQL*OIPN^Y&G3*P-aQ_A8GVICzD&OGwCZ~1UOxO5@+7goz zBteopSt~kT*i!B{jSBk+ZFevm%_iXd@$-7d1)Y455;=4J?-iHg4B|9un8%-aPf~4H z=ZTN*BOl)P_Ls^}j(L8s&pD^>Q%iGAT}2wVJjJl?@e{j}#vwu#_!!aSA*-aa4mT^# z@>%;X%GaqzL6$2_wwLSe-g5oms71+Bt5=$Oxw|F}hRUVZlC3q&;~ye&U+;TV@xU|b zyVlwe4x#sr_3fVXrFy%!)a;t=;x5mTy??0!FT<@ovA(`^h63Cj)-(M1Y72G*} z{fxrM0<)D_ZZAug8kUg1#9w@C{`lnK`;}(lGYaaCN8RXp9FtfUXB@Y;;qxML=E^6_ zg3b%-wpn#aoDC;y5R!*4U%oOeD~nWaGCs_vp!YcQx}IMuyehPSC+Z%yxJs+?P)Vu4 zs7vC^csh-;mEpn4X2ngqedm*9^VqXR^9&|xoDzS?>8>dgIh0iPoO1v|raOAJeiVp?l)xiMw?pJm!*^!#bZVOf28Cq>7-IJ+hkK@k!K3*Mk=J}Ln&CD;|4j=6|ty%bJ!b(O80?e8G zWmtZ~vk{aI4X?q1ymG^qpCw`0p!?>k>q zjjDE}{rZTQcTU~BXUF}6RWF^9>3rA<<S5Mlk z2knyHR=5#LMkKt&+1M=0umEv|dyEPvTrp<$?6%a*|14Qc>Cg@CQGst%nszUx)Hcl7 zuX6(7!+LYIl+&m?(Jbzf`?0cV9HhYPS)uqvvF*SL{ z$Jv+G%*sAhcq-JTV5K_w`NMel_!b+7?_>e#i?)$Lg$nst^{e|TR~`i`Eb zX;38{o9m2kGZE>BZjDk4A9qhHau%t|u5(alto_6E&p2`P`n_$2U$tBQ;Nu|cfM2F1QCpC?2h4(XNNc?DD_1rVZ zuUNCxx3{XDAi6u{$+#rq*+-lf^BV12w(nRkgWA8Lxnm);{WqKRNW~WU-f33s<7G zD)ih$QPG1jN#8?DdjoTDhq(v=J;vrbw`CnFj`W6mfU?cmZyIVs=EoLZz0Gc$qo-T& zm|5XE|Ca6@>%fn+eS+r}p|`htn%^$EMu?c7Y)6cV_rGP zE9-4n-J_A;_V0*ZeIVxqJlv(tQPtfrw=3sTtAFEcYMDLz1mAjO{nPfQ(i3;5zlu`F zEhE)ET|8yKyHurQo22k+(xE)&+4-@~9FVyqfRS zJP5H~x2>f6?T7uE!wzqzkD70ogJ9xc<+pGDvlQgtsVy| z1$Xtvx2km*w3B=^+sk{`CJY;V>C4$;7gZ;JN)6jv%!>A^d>2D4$T!weal1YxQLX8E zwfBgz3t!Wk^pgpQs0K269rEM0tLXn0=FcY>NOm>{H(e5y+#A7aJYcInsp7ZA-m|xp zEb@!X!pE&H`DD`hyrw!vclxh3atamE@bJidNis zp7M-PGFw$Tfjxd4WoOBPSq1T%aCHtFX1eQL?rgmCzVgxQODn3r1X@1czWm0vw>NUf z<+r#BLc7*fN1u0y{#|`d;Sz>U>Dn$*%Fy{|DssIS*{7Or5;ZrSO1WaWvGL$+~iHG<4eBlN!yA{yLx}wQ!zHzdF5|O zg13NW54m>2=v(%m?nvg$Jsfi&bR+Ym#cxGRI0c5&Chi-yZ!&er$Q3(}e7ky())bZ3 zvH1q$@PZ9^(%i`G+`>J*4z*{7JYNuZyP-P&AvZAU@U^AqhL3Zn^TNRNBQdI9Qy%R} z{>X3?r_`1|y4?_Y{fa(5btf~|Ic#yyxQ&+!rs`Ydd#m}rUJ*U)Q+Ksh@2-QifbxBe z6_MGY(J9Zq?|BrEX8C$WbWY2D&!TrbpIpNg1(=*kwOVg9_K#n(x8lE4UM<;m@x&^@5e}j*{Bn+|zHt+qhEhKCFAY+Q-@ZK3};0sody!<$SxW<%}vH ziB`nuNA4S!S@yuqBSfaXxh?vW4!z5Wqq)V`?X7hbHw{_#S?^PMtmbQf^3`z9%H>Vf zbxqY;J+rrXXyg3xq;&zj(Y3*<)vx`#MvK4Kn(T}})!ufxdoQCZcJQTT34zOdw-)YK zpS7gCsyeRQUU>bACO&neTH1|a{xyO7SY_q08X`i^?v_?g!@1t_hhZmuE~Ly^zDTN{ zlNEh4Y0ruBHvcaw>$jin*6vP>8s$7yU4xL^`g>zjb^6^p&0`(G?cU_ImzO_ZV4HdI z%)}l&*Oq|$K@-bo=qwl#;GTN9D8?@CftXb z>}R`6Y<*kjXl{#oOzS44mQ(yX9tcl-86o~&Eb$N8HZdr(_ObWZ=T&Qw!aI?|JC?mK zUl*lvtbBRuar<52w{~sD6-}ado2K6FeE06ialdaGtw$Y~Z%*Md_c_4xXO~fH@Tu$6 z(r)AvE*}q_Z_0}C%xIh_94|P&f5P;x2XNjQM#ZhC+pODP8OM$jO^-N6?+9GccD#GS zR#~yL&*0N)UPouo(eGAi9Xaln_6PCqr;m-$ z)*vLaUYdNAvY0WdH7))-L=xlaJB3T7SB&fz=kK)Juimzr`J7|fGec|dq(Ufp{-Ic- zGbMS&vrVVGeW>c*=EJ+*aM!*1Lu<~Og&+Mb4LoV#Z0OSAOP^`Y-+lJGbeyiBLUX#d zjj@V1dN&;BkGHSjJ$~;~(m28++v(zrdgdm^aZL{n*1v7P zOntJ{;n9;IhNcE#bnLHAR~t2+srfy6R_Ql=T=DF%+bL1&gQ6a;;Z6;8YF@l`0;}L0 zpCQe3nYd9c&8n!y^v#Wcl*^j6B>uGWi?!v`bxtlnBJx|T&p!Nx-mC?DxR|y%wzw$& z1dMZWRCV7FkiXnpWu?Z3#+_emn}hYqMKSKu%)=4GNw1rhd~EZJZPGLaDNvYu(w2sN zR|6kO%8{_IcOSpsR5aAiil3d>zP6<;(Dnh{A>l@T!_c)8hUm6;Ycv*|T{5KiSWwoJ zX%si#y$<X#{aRofKQkr$cv!g7VlQTDCV^%o8K*_W?QV5dyhFJvXx zj?K+t6E7aGRXaC%9jT(|VZ+@?ZS6t&g)H_;r_#ocJEDhOn8D9pKO*u@)r?D4@kXAW zs_yB_QfhC%!cDrx;Hw1NNTISo{X^0eOEHd$QS9MQM4bb5) zX`WtmA*kTY>s3U~u1)4Eq~hb>LJ!R0XQ$pt@uhXo(27?}v&!&WdG73paNXQUiABy; z(nOOFvnLb=C$lC=O;5hBDb_eK%%3^E^IVc3PmdM3&1$j+flaPH`rKR13%7y^h}O`% zr@z}*acZiRdT;Q#T3uZ=qNkgxdwSBv0(DIdLf%x-_jaFykgs&5OXh9LL2*XpnxUQH z5{n-Hl*?1YPUFo@C~m&5OuD6;e|Njk5v4geXJ;Ely3%E(t7w+4%Dm{)=fSaGlGckOmXy}S>tjm7NtG&if_nqEt*Dg zs}3RQ9Hj}>E!ESeQNyATs3#VJClbcIiwq-my1el#IFEqM9GjaJ;eY1n{iL#?;NB8% z&B8TKm4ml<99w<?e1D@Lu*E%Z#zSl#<> zTzloh<|DD-$|p~{Gsdt@aQ;E_RQc|BvZbuYt_=blCVzIYuvhfY5t3)(vHf~_N7^RV{;APlif=r#-ASI|5WvK zmU>>#*t(@`YhAVWp~BCTb92edGDa7AC$I65q)79h@tb!z`ib}5cH_{cHZEcJeZ-#^ z?OW<-HPYqx3$k*Z}&B{(jeSCcfISH zo#_fyeUBWv_jR5xBlkDLuNs(GC zH%~J5kUSdv^+npllS4j|3tg?&msV-l$Easfr`L}5_bPwkdSn{Kjkz@EicT(Y@A<>0 z(Xdp{7|LdZNx~nv)49u5TKeupyhWfI@u4Ut-~|>TZ$Udn?H%w|8j1Bx<6^MU4tGpd`{A!tvdxJ`|?0_y$JMm+p+)2r~wH)o042hVfB&7rKVIC{N( zk>OYk!p$s0x0Qn{My}>=E^OcgBDg<3yLCbA{W#M(IfplX&Wjv7)J4_Z;$~-rB*ECHGM-5y`Xbddi}GPpDp0dY<^zO9Uso7{QZP!~BnsRxsXJW%46blz(&AbQBlSIP72dxfK0#l#eak#GU zg#R6B!i8$BmsR6n{ltd-u0=*=CciulKQ@_(^G|U@3LaE@V8?99+dC%P{*c;+PmSKQ z>hI>bErUFiN@^tGp}8Kv+I&Zz$}thhFTgUX-}fYC81va zFOzm}v$E-42Ix268kdu?14x;PHla((*4VFAI5YXnu&|Ys`vnoF8NaHfF@7IU{WhJa zK1{gftgAtOK%D6c)#|stXtU?eR^yD~Ke=AgYecHrp&k5t2FwXNaCm#*_&p~m8yh6pbO1{VnGDM1Hrcf8V*?n-nm z$(!6WhN;s%y)#_;%^Bg^6U#l{jO*N*X1n(4Z@0NFFpQdaW>fdrpy^obH*Fo;~W&~P>)wAPvy>#jT55#rhWDQWSd zVGTyr71AM;^D4W-Itv@3W`%9XA2gx3O&y{AMfa=ewaad`xUkCszr`9&U~N{nR15m* zWw2C|Qn6T)A{Fp7=c})ndDSkAarU_7P^0{`UoW+)XlhLOGy6HaTK zNOs({|M7#g$=XPBwDQ&C)YXEbxhcE5Bq@kWsW`s;F68k`(#U%4;~ z83N3iE%Z%I&bwnZ_~AV@bv>ns!h0?tMotP_c}Vn z$3xDKd_5%p*_PUry|HxlpeSOQKJC1TR=QdmBmK#C-@uO1*H-MKx9)E`SiT`; zg6`qW%hdQG=N(GalNxknD!F>G_rrBf+HGH$1Ttgp>)CldWA~UaJxcw(E;Nnm-k!9q zV|&9<*ASe43fpPpyDz%K8k}a1^DY?aZgG8-X3|LETl3~~q28p|TTso-RtwYY3_lRx zvDGN!O>gO1sj17<4RsSX*vE8E>zqVCZ?bq4Vtlkm>kJB9vUhwKbGhfy@^)W_U%{?R zU4zK64;+m$Pkj1BM64uD4Z_XK2RAPqrBXb~|LHM9H?M?-qc=`1OsQu(9vg#OEH0k5 z;P#{1sBJat)zTPEb?p+7WRv4K=3b-IbK0v)zeJ?Cz5X;~`)$=A$yZ0CvWgRTrzAGy zxH`PlS!cEJY+FvOv3k&KR&MxcenN3qOAE)BLgS}@*!bv^UluaB zd~0W?%#PKxx6y3Acm0HM*nT`IBV+!BJ1(mFHY`u6sY{!Ss(bpivurnw797QD$xzGJ z?Izt7TN`q2RJNIjJ4Rd{88UPUUUU@7y?3-_bru_eIiBz#qHVak_aH+4pq6K~Mcbr= z^<$0|IgGy*w5eetV$LCRisWW*wZpMSU1s52R!sMa+M;cj{onWzGS<}<#_|Ib?Plb( zEY;m^;E5nm=6DdwY4ID~Zazhl<15xxA*Rl+N}sd!k#y-XOKV&DiHR#$Hfk06p^#rZ z4V%G-CAdgqX3UkW;$K!Bnx8xrmfpP-XclR2MxyMopY<_^-aUOWg!8XjGXFfcuqh)h z)<`SYGV$331dSaH;{1({wojO+7dNM0r8PMq*0-$&fj#|U=EXDX%!kaHoLg~aXxFKv z89Jfb?h_we%UN@z@crOsNi6u_($V5A4LPpEasE}p>6O-wH{RdVqFgNS3L0PNm)x3i zclEjn(2#(VCrs~)Q)F|H>VTy$8wP#F4Y_E1H;%#*rG1=#&??jD@Y4jtCk>L@YH1TJ zKaJkXO>8)gg56htdQkg_70(Njh)E5{Z{!;dbw9=>Oswjtw$i=#yIs|ZvAJ1pbuE&+ zv8yEbp51S+Z1fB37+n~ce3bZ#)Xp~4A9O7`_)@Tx{X7qu6aE%!{1x@2u)9@j(>{#rvd-VG2CMB_-ctEFXU&=g zv~GgdUbQr z8eJ2WUirPI_pxM5ocr^ujqw3uY3AXr<8PZ+4xXpq@Zmy)_rc>Jsa3s@ohJAu*OMk~dpVti&dr%=UW z%^TExJ8v7YG6dih{X*zwX6523d4>_1onF9)spnfHhYb>fbqb;6`M<>)ohj*j^?XqU zX>i-y-E>>a*|QE?`)#k&U|VEAzhvGMNtv&EtGBWGgZ)F%$z#{s1GAD%C|hThIQqQ` z6Mxssy*TpuNQ+O51s4MgFW=tq%0y?oS3=An?V5x2VfDot^|~@g(mTS+lPd-df0$iA zuVi-JO4ALE`(4u=7X&|CVQH`FzxZg%jH-oSQm@jceYiaZpPHnWb|ZiI#}nbxJwH$E zWa!>98h_fI@cD6<;NgkdqTA0zkH&3$m3BL7yfjfX{qu#w7tfu8mZtzAE!Uwsb^N#+;fWTA073&xuFjO9}@ZXJ=7 z-fyctoY$kn7UKNzcj*Uw8uzXFB5Hm>PII`GK$>g@6}#m1>?%8Z49bp(FQ9itG~Xbn zUD0R_EooT)C@<)lh6!cspb{%6J=#!Y?EN&n1escSdy ziPEq;mvs0cdF|Uq;j^ULZbycNk3=g%)hS3l^T>)PmFKf{hb<U;I4ubg&z`YBg>ljhb#`Ng|qiJCn+ZT9d+r~Q#1qntJh97a0n+#Ga=vh}j-`k=#_ ztH0y<-Wl%tEM_p|_Kqd|pd+#qj#)+e`0VX75#{^*jFNGkDwV8pr<}u(!Bctc3(y{{ zW>a(V-4n`ps$tB7MeTdEdu&{L3DQ7vX+=}w+i}gg!laQ?o)Fte6{~JO|Nfw2w$q!Y;>Dd$bYryXwBl2fv!|C$zUFeg35Dr=xlH zlY;?H-TmZZ?#!|TIL- zX-?do(L^I275|#{YRAjr{({ff)*eouQ=I@U+N+y5`jnoqJ7!|jY=OJ9XNtw1S3UvB zL1u669%;09u!ZCI5Cx=$~wzGb^Pe#U%y)0pI&UZJ_p zQymvvw0lhWY}`!BcDNFM5Lf>+J7%_Lb?~U}U(c6bA-(%b{!++FfBb5EtIC2gt;v97 z{3qM;^4|KTw--*LHR&W1d?Z?X0Numw7t?B4v2%<`N_PF#F~9;1G>*<`@TtJUf%y`(lK*!tGM|n+q$>sV0+3r`Y(GNasK!* zCl1xa$0mHA|EA(vE!1|Zv{xtm%YCan`^}dYer%k)G%SQ9Y8}&Jl3RQ=+&WkMY|6~e z*H+IVwjdr;Ey=!mELenVWQorKHUvg3_$2rVT zZ*Q&Ldq-L%xqAJ(RMb4(bdSNWDjL-ZQ`;Y1X0^ee3a_4OY%0~;;<{`aW$U1tx~8b% zwXNBA7}mG$J|28v_}c9??&_tpPu@+Z#IM=q1>HPP(5zI$IT~c>Mrs#s|Ir15p9 z)B4xP$HfT31Kj3@8Vi4oe4%zU{q4vD!)hJ6c4r!CL~rVuslM^boa=fCu9iL$t?bmw zZQ{b zF_Lqao>&-ja^CYvIk*`%WqJv&`HLi4TPce=o}NpquQ^W-8(9#QJaLbDi=-&2`^oU; zu%i)cnjFQ`@;9rI+B(wHjnAvJx+aV)Sre;%%%PF{;cjK*)j75nXL@@cX69Msf1i&} zJn{P+LuZT7w_s4({cX_NA-h zR>d@fl7!lpdN;b{d3KNSjKI{#r=ssH9U*RVN#ClL=BggjL8|ne_4${w$PlS0;4UlS zk@UgfX5Qwe=6X(h_m0{%oy481MD8F%`0SCT-~BhoGJQ`^UmkjGNj_uK1k1(U4i$FS z6X>yHBqKGMi}oH)=csnGy)VMiJ8$js(>}X9C~LF{WvkVe(p@6Yo1S;}gJn&s3rh9w z4sy+QIP(ZMYe@a;_ED;%_SCgBdtc1|oie8K#qoU6T0+B@m+6W0QN=xFIu1R8PusoE z?5Sp*_1aTq(Ll)HF)df`<(6?Mqsm*;A4f}6$7`w$i_NZ?{e9w-A%}vVNHXk#@gMa^ z2)nHth7G|dE>v~TiX)hco(t0UtxEfubp5+*=Fx+ek6c9c-7#7x?>H;xLp_RcWiIq0OQ2bZz^?8Tq{_A zJ2EFv(-8mNQ`J37m1ruub2s2y6!R-I@%4qBYv6B@Q>Cv0PBO~f!VS}n?S|p+jlotWUAE!2wRMu)zu)Dj&FmcC z8RKwr<&LbIPBYegX**Z6af@_flwG`sMZD>o8?CGYf|dKXltUrKMF^Ehh$&$h z_OA43?XM0@qHDs#^}VE3nhQds9z07`6RWna|IRs(({ZI%T`M{0P^?jk>YFI{_x|k% zuBV8pmxtQ@a-&pl*X0Aaf}nPiSH`e0?i~|eR;k{>2ONksN|_QL{U9@R&;2mM)*^K~ zb-N8WViNJ-EckmOXRy|YSc|Pu-%H=9=2} z@^vO}tFFeCU-GNtd}9M%!cPwKDVCK5BmLF|2W3C%SoZM)FVVql^j0VREWGEbC>Qg* znlAGeGs=Y8R}wYK;PkpRvzJmVJAulb**)WihS_GGn(*?$vSIi;UaIcS-;Na(=NxW( zCDp#YU+uw&Fs*{zf>F3YpU3A{S$7^N8S&!7rOzK8A6`)UR@>|_I{yFmx?SnIpbVb zjkVFPXRIUaOPd1(gUa3xHuiaZPdL>~clY44*Y#e%AFp{%H8A_+;Y&JSnVa{<+4D0O zHrR~PiCjP%wZwUhD>h8R5=DVk* zH}&!ZS*@w{D{LQ6S_@e|E_v%P{PCEzwz&<*9GLscV(zZ>RDEUKX)i+{n@P5`CRF31zYrW}YK`p?$!5B7hX zSz6i-*#Bj2ZTt8B@Bhlfz>Znq(b4l-hyahu1<3#(f`u#r2(RX#dy4rG%tnR+8Qnq+ zlS#5+VoGBRc~majln!x8vfnrW2*XZhBLjA(wx*Ui2Ac)KLNWk{P%W%&$hLGdkWQaz zZAYKUm}$l|qgm4}?W`!{U9ua z$%@mIxG2BlZ5FWQhYQpBA~Jxtk{yoB=CXg1-P~+oemmrK6?XlqEPpr`Mj*@1h7IS2 zBiUGg>+t{R^Vj*G3o_Uu?!O`c{xSbs{Gk6WZT{x}|Hkt#^1szUezy2i{M(`+x*S`|KaDa^FPd`ayb7X{r?01TiN{0|NoWezr+7OHy8df|6Bdd|Nr6VFYv!C zsc*(cazax6ZRbCmn_F1@aQ?IT-}e81<)QM~%j9$WFmoK0&sV&fo15C2n&B8Ac2*vm zhW0#q-kc9M9DEmf5CAF#KRE*I!6QxK>>O!J$67I z3Jv5^*&H%@ku8?!sDv>NkU3}O$$Tn(`9X$&O?PB~FanN?a4*l4DNq#X_W}2Vhesjv zi3&oo*uoGIP1%DZ|4U>*^iWVhR4PBfJM_OE(|IeU? zm6`S5_TPWyF)#oYa3C6$1305>4Y0XX76|aE0xB02f&v(4U;y}VKq?Fp03IX+0bvML z2na*iFm_fq6b1?eYzB6@^T5IcfX$+vXJM#dXP_Gx z08X-7YN=sVHit^%D02J(vSch}G00-WLII{b&=emLhvN&<1)vaV5DtTaUU{Gx)np(t z3TFTS{XvicZiM`|7nKY4uSgyN$n4W*h=j(ZF)FA93Q?`Zt3oOZCLwJ`L18w&ylJwsY-qqL-;ZE$ z03f8Y`4WOfN|2BLHELCp5;uDab%3kwQf@P{0F) zAZ*HpNDPP$lSD8mAhJYk21r6HfJp{?0Z8PFI2<;QMa0rjNXQUSph^amtHNsX=41AZ z(pAP(9zYccs1X3f{9!1V%BX?80bCI*1Zb!YBtl_eF&K*L^AS}H^Qnj_)4yHt&l@JB z!l5up!8}Ah#2_k+1rpK{tZ_uXfE`8^f<$>|ljN;6K-;SrxJbgE4P1G1(4G(qL?F^> z5s(NFqt_B}*r6bL+%O0tW}AQtuzA=e1#F0im~FC484L^nHz6Pt33xCtZ?3N^%9&ns zJ>38XNE5MGh=5@804|%yW`Hy$TKt(oBFjxgD~3r12zVmIBhsjF2vGqS2VixO0rXN{ zl+&@r39B(FnqeMZCH2QWzAFnJ{`U9#Z{}z;OT|Tgj7CS|%vv zu7saSouA8{zF{B}J2cE#MsJSzb5Zke7dHP+aU)~F{vrp%PhQi%Aa4G3f%BgiIf@ql zAa?$d;K5`@zY&f!QY1j;gia7o2!_ifv=<}<$=Id#A&{6SAJfPL3}8YW24W|`00ZL5 zBozij2EtSzAKe%*L@x0lAqs&8av<@KY-IWmK=_4#JV23#)GZrZXot$p8vsug2_ZaU zA@yq`Dqn=yA@1}LF?L-)23Wa8LI}O+U+H>(WDrheA^b^@UExoMxLhia0h0j=n*k6- z6f*jE0k9UJi-Z7?fd}vak!eA}z+(s@_<}M_IS~j{rig>i_`Ufc&o_k46awN9Ha!Fg zp~3)6r(;uiMg+pSbQB9V0|rbGLYm3Xzo&9IkQii4lWDmCNCa@H5rCMANf^xhW5fRp ztsUg(@{o4Y*gQ<-Ajn{q@FB(zoh=hk4yb%W`x*}6E<-CdrH61KM*kdgojCxEOrR;m zB4CD!_@yXFfXWeq0v@6(V0sA15OF{O0RT-|rT`wX07LPnKiF}9$aPc(A_@`NN0d1X zlo*jK;t1J%4oFnggBf}TeH9~|M8=`m`9O>x`RD)4{&LEoNnp4TMc^moQfLOmgunrS zOp}lSb2Bq@Tt8x>DSa3V!q{{Wm`kT4I_dw8a9=u%fhJNh&?KBJK~~jI^%){<5Csh} zv7Q!yR7M1LV>-fcG6;YSq$wc3?H(K4DBCmGFai`tB@8lz5nG8qu&Cl{Rg_~eFAff; zdLop7NUmTJCXV=27#2eUhAdV7ie3jo4FhGjz`|to1`(N|2S@PeAp(d8iC|QO zu!R5@Vt`}-;t>Fd$t0k6;R?ZEDxc4ZP`rr+Y$3)|=>0E0v1fncoTgomd$ceSsX$Q1N+fL*^!403GXE?WW>IuQ+bHA zqk+Ke{`AEGNCm!qK>7%8hQV0e2NZC^SRFvz2Qs$gVn7)$fR7j# z*ae|VP*8CIa3g}1(qycrm~o;aM=@>y6A=tD05PJ{D1Cj0a4LckMK0hK-zd|5;L(4^ zl}Ms-AR38_ULH$Y>@wHc)5Vm_Fu=Hh$0AaRa=$7OHM$@kk;xXoLZU##15A)v2oDm1 zQ>NhzlniTG>tG)_GYo7q0tzre^_hqd3eZ=?nqhN576>Djqe#|Zq`m*)w!)aqAPPf3 zq5y(~M0sEIYb@@^&ggUL4s4%-?f-Y^qIyZGOa7=U6ax=4VU$EGVi_Wt|QwbXO4WPmR6=1SCAi(CqLXgTp_#CMTt%4WE7C=07eIkr1U?VaWXMps$9Lf1? z4yZhP#O@gfsC_>E|I(2EGm1LPGW|eN)M{j~1^)pg5ghtsfZY-L6E_rk2OomMT={GU zv0xbtnb+WFoq)O?=R*R;b%$8*3k6gcUKsk)7p^+r+Z#&&Ff~gC@HDCbj}fV_jN%s% z7=&V@(B_Cq#ALHPseHLDjtxHruc7Nl<)C*#4j8L) z>kQLON{x}32mLcBIXo~HXRzr)#pH*|1vyTr+Zr*x5nz#cID{$y8S_L;CMbaMWB_k% zX688$AB7G~ncdC~0}-nx0umwm9N>$D$ZvtNqXxkO5b@A?SO^GU7bGG)hF!V&0~P89&l-E-W{AXd)qi=zlb0aNq5k=sap* zseeF{=|86gl4!~pK#+fBL>Zv-Mxso`z(gTLq=7^ZL}h>sB2xfyiD-pHNEiYNh{6ym z4^>05+X$5aAs7uLrHhPM2uXh&h#WS$?jRC|fIOkxs`|s>iOzm_*uprU6&ymNn#!t_ z`=ZDI141n&%pWr_*FPM5ecAtX-~oJ=D~;NJlmKgq==uY8EhCkK{Vx=VU?G|w0>MH> zGMWiZ8IXY+(YK%<0i!08`AiE_a~nHTGgC8?g%!YMSYzr@AxTlsz@M=@+d&W4;$i91*oe|mI2`~8i)um zfGPw~^$pMwiPr&Z_bA|vI;)22uHjibB{~1mHLSz51ulwOR5a$8J$Be$eR3~79h%{up z_W9Rf00wz58@;euX`y1;0Q`_n5JQ4cfXac;g$X5u07&o$7!E{TW}x;{$^+D|Vp@TY zYq{wwga9xcq>F^IMb!ZVPL_arOB8SY4Qja;8DPj6N9nd!)Zq^?03HZ3Q0ieWL_{jF z1XMbRUHJJ|TrG5nM+f;rn1m1u5z8=%4`Kh14CGMR5RV8kiO2_ROe%d?fYj#$3fK@s zcKItAu*AG+9?o-peh?Tq4gfI|lGc+^=Z2m=MO7d|8q%6|$#COcf7NyO}X zL4=yKm;8mzWAuAbI8DeXaH@bF5=<2e1&Zp>6eb(tWqBGs1VpS-^hL;ll_wAVW+#}> zr++JDsbtJA-~+*k98}IOjNl_JM*fiHz5+KN)K5g0zmWkihzBYNU~Oe-f$P6ci#k0Z z2IvC`gfiEZ+&=VxsEm134wXj-1=vEJJfAWO@LycAR16YXVVKARg~)(m^H}mUk^usd zh~Oi;H(a(>DaVj3!`?>#g&{J7%8Ni|4{X^mNBu4+`CyrInoEs9r2@8hkzoqBAZ^z+Z4hqt~nxl{`m3aY@rTkcdI#W1S>GCaa*B%Hfa<1RyLFu<1gg z3=9(zppBBZN$!pPdE0!^HY}#{SfFglnh2PinPUGTwufwql>oIsO1~-)0@(Zm^X+q} zVW0^-4Uu-pA4F?FA|V!}EE_El4}e3svPflA=*^2zTxX5xSrnGSgUrB|Huw+>vuT_N z0JS}p)^B7+JdElTv?hRpUP=vza4E=eq1ae?QZQc?x+)+HLH!4TvdY*nECPc}eqt`m zv_6MT6Ho;aipezzEdi6P%x$KjsLBBBmg$k1 z21YJG7DEJJK|}@yfE!cp;U@G8IKo`Nvy_u&%ks-sC-Fr5&x+vj1X=GZRxadgeJGzJ zEoAdpGFXVEiuu<~&^1_$k)|O=ldKw^h{GWOJm`n2(B)Bp4P$;B7!(o!dI$u;*!qbA zR$r~4z!U&XSbPhlm*)EU5)?7Q05-b-fCcU@1mqJi6+hz4IyNlelHWPHr+ zTSCVIm>EAIKf-QK94ebDTdr0jzRxlz#bUgC4PF6}1~MT5C?CYAIZOiq8YJQ|$OwuRe$;}+0`3svm@bxus6Yb16b<3-le2PnD%uRW3PGyp zQ-vWYzyVmIyolg}x?0fn2y}S>bGtCuOeQE$L{AM2WrGzgiGuN=3PXPCFI2(<7SR-w z8u{9OANOODK?o^uVIvI>Q+6oAeJlGA4+MOcp)^x0o5(e=0y9`d!|=l6Q8Wew?%|1u zRfp*@PlzGkDnkSogH(o}fGq^Qd8i_T*=s;DV7Gw%6YByQo+3VjDg=Fn0;&*XMGOe4 zN3@v`X%Hf(&@e_Jj43o&`O}XM#=mB!BeGrqanLnmSOyLTg(L$EDI$zv#Rg$qe>BMo z%X2Y=Mz<_QKg&aslp5fPDdK*Sq&Q4FljVUM43Gd&nM_2$Mi2lY!~roQ7$#sdA^{r` zu!RwHgz|vg4TO1FAcPxWHVf_If70mcXK<4+Fz7llVs4TQkbhy2gATcWFJyUJiBukg zNaYFHM0v`;w;n`Q31PGrC882(ppZ&rf>fbM0REpUL~4?E4v{YaK`vjm9E#NME2Evv zj+Qr3_Ns&s>V^jZ4wVLSME_^p-jStI)Yu{=E10pK?A@XnXU^jp!f+J{9cwf3K42KK^8Z#hc0${8tYaE1B z`m-9*^$AQ5_04jAWUggO@p_7QRumrg1zix6lliX!`x%)25CE9X0O?c#EO#FBA%;Sq z3|O&2Q{?%7pko9i63Bwbc#4=WB~tc%AMnZNXYq5g49EnsuPOjgKGQ@X>|c-UP!f#l z=sXiJx3IKAg|`gnzMk+_j&%R&+#ORaR9UQ|EOZE)&C8~gnCu)dwe3H1|A{E|Mdbbf zNs8)%zXj>vg7m*6NPjA&*2)4o|3ENeF`hrjMJ)Nx#NwYxD~uWbJ(5ou*588f|0wuS ziS&Pydw_gd2UP4tSL{K@Ld($o<+y(;B%2O#`64tfS>_8vgB1Jibnm~C&Cm9KbB3l(IN!YF^LRT7+W|&L!}`B zGN;0z$yPg2@u3v-CTpr}uG2T@1^r@dP>%~TD^?go5Ko2$GMgqS=S5*7;P|L5#sle? z7mg`_xTsGTBNGP3WFWEt14O2(@(4G9a9W@DmcxO>F5#HFRPI4Rp|F_%7|!Rg>1;Hv z9F2X4<$@JK9`(}jSV}I6$S4`fWOVU?&{Y$v5TFV`MIgO$2OGnEf%Sc}O|%G?Dx`2kfK)n00_S-$$J0EK5L=96b3vE@h(TEt zHJV4Z7KU{g8yS;ANY)A&kugLR$f7&+Ft-^Ujg=5%z5{tgw#=i9V5FcK8bpu$Mk2>uC;05}A7B~m#sim<$gIH*@2WSA<6RhNDu^^f~fA^A{>%M@Lo#1lYh5SIX5 zsb}=d>k`gKxKX}~1uH-VB16FlGFpxRKzu~iBAVEZN5DKYh=i1b3yMPZ#vh_4pYr#K zH!M;Jb0A`d7>6AO@(?~lhK>NFGT7)FUjWg-zckJNtAWq*iinCzh*%{g1Es=f$~2rj zvk&tAGgld6k+7*8XOKgUP+r3W0Dk{+# z8L&aUFz6swN;Svf6d3<==ve<}u<6&KTu>-r(_v&3Kmud}U|@igrTsjVT@WFC|1dO;4hcXACiPL8D3=!oSPY)LtFfSMvzB zhz5apuuwo{%k&HiN^TCwV%U@-cH{%7Z-*I@pDcevL@Sj8BE!&C!~&H9-#w_TzD%e* z6_5cwD_AM8J(xpfMatki;3FgZHfG{~vXK%Gm;zBzL>U|6qW}_MX=7#v%tp66C@Nwi z655=roWxP64<(Zs2E#xBI{!ixIUC#Lp!og+cPh&DJ3&P`N*@`Ff2|Dz4K6CSWtJ9! zlt<`bh>hc@C_Iuo1QH2M;Ay4<@E38pRK&1V0;Y`4KMNS^SJ^z_U)<^`Z!u9JHx-*c z%}nk3Z#B2I_+j(pfc@HkZ=w8Q3#BtECzXRGWMRQFuK07wCKf;<5axj#MMnk8JIVk7 z$zu_Dpjggf#4t9MNR{v5VX`sLs;olKK4plY&1VHO6d~(a5&*0gf#`W*zAhdvPD=oW zDT9hmT!Fd1DA@^s(_CK{z|Ymi3jsi<3aK23Wg0?-6~KZO8#hc8#R-71led?bi_;S0 zX~2>Jg_RHqhS_VBicJGtJbYaMGr+~m8NmSg3d~>Z?fD1A0d%8`0Nr|uV$Fku$e=MX zmUFn7F#%A#m?JN8vKmjrE2zNjPbsCDyiyACh+x!PfcKa?&&2~j;A20jgO>-o%Xh{i z_~QFjfV3`{79j-TKdNTI+@%X#{=6DrghT_XK}dkY#mm+h3;;jc@c*CS_P;)g z=YR72U(SC*!yKumt6+%tr*-^;^Z%@DtOnlyVQp#o_xb<-l_wGh0QmpM-n+lIZ7T_& z`?LNEtlZt&sVUjctJQAKUdMJ*ePzhrYlXYnNRV({D~I0wSY8EBZZ^A$-^cPt-&Zo_!oLK508_;_GIyD{Bb7P*-WC z`5k43LsdOEDAC2sXo2@?v(3G!hq3@^*#t~Al`HJPo_o(p6c7$wgfwu_szHKxM>J~p z(00`q{J9MqW5u`k5tXXlEX*rHUt8|K7JsSIqY3uXQJ)$!UUZsPPYXE$h$=ec2BC6x z=T22xyJoryK+kFmzUkYA()-y2Fl%1t&ut!=M*sji)#EA`%n`y?-DjYNovmj-))cTL zapaH$$_ODX?Z?SI;$rXQ{fZE=Rad|wVp70EtLpE%MUx)Vn=G3u>UNe=cHrM964Ox3 zXIDl(t6KsC#zKOl8kS{l$DEF9*;R&zO@~*ykre7cpphh_B1=m_(D%G)8;!W-m<9of z%Ih~xV$(KfhXO%^aHKkQX3bgvw-=c7k{R($_M2rUunsZBiG?6dnN>i(ks^0qNdU5W zn~YWX-7&&4u2Op|(17yuBWkJtf4#l4$x`ya)nJJ3@w@YbvyS{MXZ0~#{@>nu{-PNF z|M}CM$N1lO@;rHBqPwC2n0&*9_tlt(oXTp}vafS4GrA)Ar_J$ce zfG#Q4b^>+UZS~P;wsnLvG-P4Ou2d)c$6DE^FRZVq9Mec&Q5a(puu?}2HRqi#U()-W zPI@(~K8Q=dV_NKJ-)L>a-323V$3CI;<%@^t5OqH2b8iJ>M_<1#02And76;52CFJ2E z5p-^0#8HsKSswuhtw&6vb@E3=S$kH?;BRkiKo{o>jf_KF>Z>|r+$o575}Dc291oqm zJ3D`KdT@5JyMJ_ed~vdScJ}ML)BRW9t$#`e#Frs7Y2vhaUS=Ushn-p!i&XJ#2+Lzg z9b;oG$FJI7Isum08D<(CAPrdawT-U97xcw5&IIcxN9Zc50S3@)lJr4;n zGx4F2U`Q~%I!raaJSi?_Yvrd$ZHK1HHC!sj2FLUG1bLp6Q{++gizvP=UwwZ}E(!m> z8HPN4%~IPne6>jONObwCeex!onbKsnk+bU7?NZ8Fy;ugZp_g2BnVj{~hT$cir!OHJ zUvp|qy@I=cl#wm+JTnQ%^H41Q2$APONQZ`3kKTL0Xg#A)Wdc-SlI6%mhDK)=0I)+{ z))sJw5;xdU6feA$Nzs8u&uHY6f_)zqR)t+Mw$ny+%S@qlxWd+sD_eD7u$2o}qIZiT zx2j#J+7>L4!kTrO7IJ|HN~>7((tRcksL-~~;q4TU_WmCnq!lC%!#jSre{gYlQebmn zDBf@l=b0CkWFkIp{oWB0%S3c=5O5`fz&rEfYkQ*v!pXbS^8ygdbT4A!1L;A3*0l9& zJM}7SIP)7;dZ0tJu4CpG$lGctQ3q`x^!2O5nA+8x$q<6O;=eQKN1g|$_%6l816t*p z#^8I7&|D|{nZ%aHW1QeAlK2xr7!Ao4n$RebL{!H)I6Se&lQ!2tCq0w>3O1Zz{R~tF zE4zoj&+XKgenSenYDg2`=N8V{!Rd#?y^6KdxZ|em-pfjT`Jy%-4rlgt8U^GtvJ1_% z8|zSG&%Ct(v)fVsF|*nJYL{PQ>Ry((GZb0+ZgBi~_;jBd0nXvDmMGNVydmRPmiNEfi z9v>dRNnL~?;(kCR@g)h+x`V(X2!?#h5Pbc*k=ib1Hs%ym6GCzpjlwD7M9C>SpqFF_ zUovXri1G{)foOy;InaY(IZd(Eq*I*?#`0|GSIl%a`sG zbV(;YaDExmkf=T7)kLAiACn$>(*63irAoC9KF21!j8@MX)jg0$r)A1{#xOg_sPz8f zWd$IRhqkPSohUnkIeAVL+u=#%qZd!%PdYh+s9mV-WsRvtWw>7VNh^!YYx>a1R{ltE zNQaaJ2*dURDGy{2s9u*P6PoT8}#?o-pgntDG37s*45yNrWp;K#?}Wq zrk2rOLd@cr_#3k^lkKi{K+gVCO#G6TsV&e5V`^`*KfZ%u^e z+}ni#j5&?u5Vik9c>kfcxLj+x-$lrz{_k&*dbF!~1raSjt>2|dh@9H%^JigWKGn|A zpx4ZJ22fiMw|x^La@$*$ZZxr+5}9zV?Zk1+SuCCupaCXH=ofASJeapl{{O8nqlNtXQNM;lnQ|xTc z9M)zMRHpZV6(2kKB$Zz?OOQNycK<{4fI?^0E>12?oac0(a>Ci2{S zjaaUmEyAo3oxvkbb1`cz**_f>L&XMVP+d{4;xg44`BL?Bc&yYvR8}eW*|Z0@F2_-@ z8^&XNoJ`R6)^d~32<=N_ds!?mfZc{zy%TKaviLN?tSd_`h-IhhVrZ_aScm5-_$o17 zTkzI!ZLjBN;y1g)UyyPg<>Eq=o7Srx`wT_qOf)p1xkfl~r)oj`I8`A%;-d5hmF8lm z2;h>t3zu{D5?8LAIc%e`hbY>OhU`|DJ6wAo5a&uSFjVW}nr1YbHSE-XaM2avXvr5^ z5ox{oygXO5e!Y}iY;w>u0(>U5>m;42NvpA5jWe6wnRqM*3T`Us*VJ4{^sjGY?qQ&= z>f`a?@py3W$AjvVwl&0Vc;Yt2=Pt-pMb=J39b^-dYh3&1t>1jjGFk z$1Y=I0p`dP7zMVL#o8an#$(H3)z4O_LK!`ZrDvxhQY*0o!)Q);`B;@%>MDJgGjpW5 zv|>kTjy%7hCVE+sxzW3gflmH+C1D<=2@GMy6S2TFlQ^? zCJIgH3i_u;olR4=2nzEF#;Q?QorG*Y?rQ2aK%T1Unc>_C$_yJ=5MM>U)C?09Jh>87 zD@ZOfou-aEkq%m|x8f2QtrL9rbuOVp5O!0M!weBj|K{H}IU%yz_bM@h@U{w(5gNKB zp>c-5=pa&+EWYctj5>2fnpDrCI)C}1Z3Vw%wq@>~%6Q@O&WRpYb4;izQFqpl7avt+ z#ku3jw^0x9;%zk?+I)-`W$H)l-xu~PS#}{lmi1j-9DT zJI0rbd?r4MM;BD6W~as+xvH+~FnEprNSMrQlNX|tjOEohU zJ?`a37ILb-;hD&)YoUy>bMQIy>d(-*b53+^u07v z$C#MBCArLHs_p_)T90jq`rYs;0GqW=hosLYYRV**(|oCfhZ`I9pLI(54ecJ60oY52 zzlof3z!m<%668Zjd2q}bFgZqjTf7f&_MJL?WKymOuu7m45m%4U~#)_5xPb+3P>c;PTjR`9T|MpStxTY_l$N;D+|B- zM5dcI2Z>|v0_TH9%|n<0)eO2uBEp}DuMH4ixw%cMbc&f!FrVIM;LRuTmbEv;S}JJS)Wie7gPo`P0Y!|1KWq+*2n2 zs5$Kf-6!>%`+;MQQP{vMEj2c7ar>^e@c7r*$04BH+!-?bedcD9?gF~WnKP;ZX2zYn z!6w~V&CdI{LEXV~L;jyP+^J^&bNT6n}*3|DDmFU!CnCXI)j;6{>B}ZuMB_8n1oJyTPn|VCGEe8G_wmKqJhj`{}-7 z*m#WPcoTgGx!N2){^biq0oLEq*RKHLceZ;X&4+6=c=3!xei7I*N1wl;H6gjL3vF~> zey7V3plL^6(0~oYjAs7DcBLEgf1CJmrXFw(|KED?;%R~ZZ*9ML)c@VdQ*rNMjlAsD zNAZ0wo##qfwqqx2c+WS>rtN?=vaF3StPTy9VKy^yTg^#VI{zzL|KifGzX6yl|CRE8 zyxiJ;l>hGJDHy;M*M8mVHWa_SIF@A}{$`hWA?0`dqPE`oPVs_fR>Z_t7|>b&9i48m z2^;Vi86S%7C4&Oo$P{GW!HR>Hp89T(F9#yJ` ze%k)=rFkJS9}#&1uM6b`35nuTi<3`1J=g*)Bt4{K&iyM&e)_o~|If#_tJwkO-Tyv) zR*e7p^4W_QkNp2Go&x``Op~FgUbFpN){ETEP`m1CqZ-0WTz3EXmiG|++3<=EE* zOMm><8P;M0YYeN2*01|mL%U(ft`Lm|EQtaqy_7JF+Tq&Si+ZRWbN-yYY{N_|S-l}= zlYF-YeA%Z0Z`7e6dyRyNsMu*_kda*c+ql5OD|2kQCz{e zagI1k;=<`~HdeoLBpcO^E+2v{41cjx8vmyh}1@8tPXk-*qY>aLm8>SVcv zLOKV`oa-V}IJZ%Jvz&j4gNk0t_dVsgXEp2J9QKx5|2sQ7MfvaLi=D^ye<#lp=YKQj zM`q5KJO7{M8mSf?=Y&J66eenboPGRXsP4apo}faxT{HYSnt}x@=k*E&m9M=SAyEKU zf2p=0uDbheJ_H&`!Y|#s1^cGS{FiH&H0{m6(5mZmIw35PS>@d8CIHp6lY^?_&LP$M z!=-{%ntQcrflJrxw|GDGsI9rD=cfCA7Er{4dz>m&(Cq#H>GsyklKtniNBgh4d77QY zo80u*#g^%0<^yM@$XTVbsNL|g7U-<~EpNUh?Kupo6E3ESuW7}#GMj0oHc!W|*gt@N zyoh1nnBX8JLT%87m_%+*b14h}J~gH8c*iMSO6M=5ZSw{WhgcC>Si7m7uyEDB=q3At zM7!{f{6dmr5nnZ=7_(r`?NZg1O?5-NMY0AY&L!<)2Ow}6@~)8Fgg+)h5)$rO0xA*B zd968BU5$2G8v9a{zrP%2*#Z1Tt#qkT60v}k%}w05RaPbyb@QldCg2)QGaS;0N+%PB zeN*3cT4(ugB?}2JQiAiczH_(cGW|=!Cp3Zv-f--b6T&GA&WO*Vz=dU2u^cmO*x+2e z5I^BmPWN;=<3dC6hO;Ej0aa|xlvxCvD*d4gjr%>_UD9mR^UnPnvy_l? zp>!fMYpNihCC7&mm3um3A>kr_0Z@)qoJIw68gpYT=AwqBy^SXyprw*#CHvx!CoD)c zuJ*16!HLxcu)w|^2DEw0GrdQG+a;9q)CTGpfC2Zb-_UB4qZLfgQYNY`=W>)hE5x)e zUTvFJ5{d;&xKBjBRQkH7qdn$1PF5*1P-tMWhir7}yiuNqx&s<@#kla+^FJ5fT$e2% zYXY2>)}?(Wp90EF#OA7s6Sde*v@(|~QJ4+6X;=-8wp}+_i=3wPkHGz7k=;h0os2h;Wt{6|6fOPw_ zUAv{%P2!9S2&LW4;h(c+dLCobtsSY=RxmkUm`B;&rDCP0tGU-?y%#ErWH7U;`ChD8 zLzP9bs6>x-qbd`bGpb55tQ28X8v zcz(Qlba=6U@cR9m!U}_cL}nIwg!$AsgP`^hhk_KdP6T9-jOsiaY=0;3&d%SQ9-RH} z+lvqH-o8INxY$2Dt?swofLXQYb#n6V^!(!Z{n6`#8NJML+G)>XVU5^m3fPwA-mU>%u>1BVccHNcidY4>u zCHNljiYtw|sh~Yy{$6-mS3H|HoWyTn?ix>7!EMtWu=HauYqNMBw{rW*VlK$2ObsEu zBx!!PYOys}Bo8h5oLwPhz*Q*jP_6O~83kVHZuQ$tL{gp(#s6^kx@D$QqatX|#uGIzJUJ>-$R9cCp2-=cPS#;{frbA5KS z^#-(52%0`);ws2V)v*9CFrg13-AwwaI?+r6)Gdp#WfotihyUR4m8x2m<}c-%^}64( z0aFnUK?CArdtp$$ea%hjSZK=0=ZH3Dc=l@uHFI_NYIC02jGt;ondjTtxoC;AQ^h=g zL#tsn{z?nMxApP}oPF%f_k46y{M{BGU5JM+g$NgfWf0P6$FA9}A%)>SEk=wY0Zk@7 zbVMeMPxFg{{z=}_36(vx{f0Jx&h;dnv!mDS<|&Nm%R=ZVazaroJdbsXB44WPJc$D= z$(iI>lF?KnvJ~AjU&smWnNKo&N^~TK_NdJHr_u3SN<1@22`=<(E82|i9cQ%VyPoTgHUogX zL)sEBJbI)x1m_+-(&mHd_+=Twc=Sno^huj@!~ISBq%C@-_vn=N=#=*8l;#rXqf^?g zJEeW|b_Wm6qNAZmUE`LPRdK!3X4GkR5Niz9(hh3#>pyy^J$k6!vxnO1oyYFP4X((h zQ?L#p#q+Kb59SR1;_&$JeE;>u?&+JeTAa`9U@?!iIUxUv!+pw|0{!dm+gfbS0NZqO zBfxbM?J~(%&b$KmZ142&T| z#ObfcXj5NIy+J-YV?H`#I?t+{F&&d5*GDiHh;SPDW6mO$h&?u$P>I@XIBajs!{FIJ zj`w~!eRurs{n^FdyQ8DS^BGiL7X-1?cf&nfZPqym%zVz@!`$wpWO9~4kOpJCp%3Q<6u4zH|WupTTw5$%@&DvFm>;+Eq8t%Pc4jSye8g73~s`uI=@?<#o zL~Q{$e_JDrw6`nRO%yc6+Udd1hyT|QZ=4M2=Y=u%{^!O$h-B#W(6EEoyJrU%`^U|C zP<&zkxGC(f50CeoH%+6U+_dF_T1cA2a$2sHB|e+W40Diu0~zR>=%pe;#AB$6$50iIp(-9jRXm2OcnnqX7^=dV@md$#fcc*Y z_edo96tcE?`aT5QZoi1}ruZXN|L=_c{OWk%>OyBer?C{7k8S1WIvK@Jgk%%w&l9?6 zfn0MI3iW_4amvmCs72lCk)SV6UUpL6af;zUx@GAdmW=`KiT!jYIc!yC& zTzjeo!;I8cT`tauX>KKfMv84UjWkjOsgN7j8H=5@e1cLm-~7t9xwtKPuI4-o@|uy{ zmU&cN`;}%=&5Wc}sqgH;4)tDvKRo3mK<&c_F&+?(Btv=xb{^1_B`6{!P@hChd^(&W zjM8S-tF0yAo8y}>3fTaMo!t4WSbn3u{Jp{c?)mP;*}M0rdj}WqPY-KVEitE&9HMr5 zMC|=X(EShbKSG2P7LZo~6>9VVNsZ%*IXG@?ILKV-O_e*Alijnkd%dVC0`q{?j>|-t z&e6@RyUI!+T@}RbX`seZ#&3#oln{#b&Q*L{m+DzR^A3!b?W|CjQQhRS$H(f{Zg7gM zZtzBj$?7KWU)OOTgtSTxL`|DFC8gDABx+h*2{Ane)2tK0w0_{o$Sbpz2vwwoxT*3a33JdE#pHFdvB?`q=i&;k@%lLip5E3#z?|+UC@q>lwnlw11yJ+!+@qwTrTJ zZSvFhk1y-_Nk&>r_!pEbH}W$mjkPWc;kR(|tT?_rM)Z5=5&gcUu$B)*Y1~XYf zEUGKi!7%dRVu|7E9Hyg{*avdGJa4$@hv~qaTQhST}yN8Zhq|VdMS$C#!V7!>8Hg_p$!-!dG$ z#vzV;#km_a9p)<(J1Kmg)!iA0ji*XHZGy6}uIelhas`XPq?=cR-qX#k)Lr(a*#0pK zh}xwZG#}Zb#n#ggs`1;AN))5|mL-x@Pf)cK;d?0}?IQkuRjt;z{MCn&P9r_%7P1Sx zIu6$?%60NbzFylc&^AZl{L0I9R%ovXWDbV8oy}d!C1~8Q%j3Vczs8d>XPhZJa0Z#N z2&nIfxDI*?g>pSECIYWW21cl~CQ@FMwqQ9+ZYbqqU+SZTuUxoBX>@Dgj`x^VNP^qiurF^SM1pM26&frhph5yBvdkdh-9Z*3bvcDN6)8+&>VlPR!Xqi7#6n z8W7yo=EtpiUlc^2U?^Q)TR2#?4_Nikw7 zB$=S~cc=TWkIpvqg2xdelX#2;6^KO$j3Wgd(2&Y02sbQ3LgFaEJP@AGCUHoW+|+5c zer6o~vb%|5*n*KD1bvi>F>w;J4DJz?<7CkB*(9~wHl!>$Azi&cSD18rW4zI7t*xQ+ zxBs<&`d_V9zu)&+Bv?pV-yya2K}QG&0W!6b?NfKqF|XaeZB-fxiNg?0rk)WfP#FZ( zC4g`kNzQ`ASJ-W}fcruhXuy~hlH*t)j4G$CV)*7?&sbk({cWIt#37r)bg@V^`S)Z% zctj)-y2)O*`zd|Zp=`qnk|+^smylzEKK??&Nd|!$Z%2$b><(gRf_GZ2*9LDIU&zN1 z8W5BSyB$FHIF3cu+9&e{Mzn#3jJrT9ig8Ge4UvKc?dkSuWT6!u%X6z z=0^~77IY}Nrif-JR8#6%0uf5FSp|6wzqNv5-9RWx|P}FQ7&{fq<^oIZLTjz0{}z zl&GJUY9T~wKO^IQuWF?%Kjr0K}sw=&^-$%3x|7rpf`>7j{kVpcbU2HqVUx|2AEvr#RGA9#uNd&SJ z?V^@VViu7|3WSAVKE={5&5R`UM1@enp$tRWDH?UBLl%bY3I>V?ArTJ7(+L}dIrN)V zpR$) z=>y--dUV!p=55a|3FkB*0`)5@Z>(y(3y$u#v13DuS7XO|Vb@?Mt^BWr9c$gL{Z0D$ z9zm_fhR7B&ZY)YbO9TPo&q1K|aS}NU7CN{k?A&MD}Y zuwzucCydKt+d1rjAnfAA-bSep_qCo}SZ@V8juBsxc&^cD_7NCQHSM@|fbl(1&nmG~ zOmbb_YH>$T_j1F16c<(kF~SkToa6i4Iryo-4oEx?@wrC*vWj8>G&$Ijc+{j~1$HF9-vw0rT%-P% z^W8U))#vLH#N%Km3s|-&?Er_1b*!@o^<1O=;qaKr6HWw)O2Wzf`g!ck+^uYnXC|oG zVVU_qu*Y)cWj8GcJCNOSK6*3k&>_+pF}1D;i7`vU01XHdWTx8W&Yo-3heV#s?plBy z#Z})KIc{!4*T^J+mJG$1ONzsAimVujDlDxsLkWF}gM`Tc2vdXFmpH0O0ZMTtZiI?s@lCq2RhCoji}7R_86V{SerHJ7EzovnJVkC z#3-N~Y;mS&T}hEXsLHR#gp-^?|I?4^L}KGc_Cf#KADSO#IR^~*$raZrCp4k~87zjQnb@h651V7>{)I$^ z9k_&Ba%s)PPNjU<96R?fBwnNbZg_>KGX=O=^{cT{8&bEAt`UURJ=}+5xniOP_Ph?Z zT|?}{4WVOFtT^9=Qo|Q<0HkntWX0G+n-=Drk12UpfqzxossSO#Q z=;l6(-+SHemBbJiWK_bcTAOGj0@L3Fh=oDqY|Ni^$H(?Yd zSXYG|o$Im5DfI9}9d$VoLNVCLP?ExqUTn}%XK9dD_^b{)amDRSb&p`KA0?9k;nvK@ zL5o^oK8qsa!&1U0LcVQ3yA9b4?rzAkz*1`d-Z;Y&+4$F^AI;#S*MIiyH=Du=u(J1nF0mT z`)1H9#15oVZi1ctV{%^#(v;CNSC&1`=LzK@B5EbrsR+3>>lA9v z=uWMryT9dUC1-ROJBgTc*s8E@da#cf+r`{L)zvRzXYSgXW&8Ee9*dm@45PY!5jzlP z$Be)7XmO2>%>i_%gYpQw#va@?y28%(jWwq^>`Wtn%vr<|vBxG8T47bG&RI?|a3Y}+ zO;|uWXg3Vm6$#8`To3hG)ZbKHOqe7WIF7@q^ZSZZN!0I<`8YK9d2Bdbk&fs3hK-f5 z6D5#an z?n0$z*Zh5qt27$dHh3;_io(&MgWd}=OhVY{ad3$vp9HzBO%N$*G`h1Tc#Zm#>4gL5 zf~W%QG*u~^9+$Lr@0cS9lpSMX)MOGHY5NnI=8V8ocTX>4s#jy`j}f(wZ;sqm<$s`$ zHdLw#0UZtrH?EdxVYR3$a*x=KU^S#h6jcW5`T7ne%xkN9Cj`#oG^ixe>XyI`2&7Br zphggjK-$!}*4JQEAfo=l>9vuy{I~~g+)5-+XCBO7C7%Pg#~I!S+JRS5NhSSIZS<9q z%Pm`!U!x0-qkv7&_7?aKVjtL07>{w3ObDmGG1Iwdf}N5VPgRd4>^xX8)EV1S1XQG* zMrXTP+IeWtifO0hA6M05mB-w}d{)eN6n6IM%yUo)J1C$W4OtjGyybO``W0~{`e_$@rRS=0TDQ6MHLAb=6YIo}?OVAaVyoU4>(H5V= z1T4_oKMU?=n=_s(%hz|Y^8s_Qchp$M!boQgLq|Ba(vlLn9uDSKys{1@ct zr%5E~gxGbJg?+feIBw@zF?QTEleM&C3(Y{&y1skVhmVOmy)j-L%j8z2<<(%Plz?=m zyaNV|`UvSHJY5=uTYNNj(7G`*_d!SF0=+TE@=#%?ItObl?PU2a)3_^cD3n~9R|sB* z*0nC_U6l`bVOI3XxIA4O%j{$;p`FSMt#xfyV#l^H2TgZnfsU!XfVS(rbwD*a(6=J8s`5eu- ze-+?IM@fKav>?K7~)#ZtsFb^?W0ZdVn9s+E!ru}D5nL9 z1ceB(G#WBKG4WtE=1P$OYv+jZrIEW5?6?^T8rar5!PRX1cgSV%@SbbbPose^eKVa4 zv@*ZPV$7C@`&^^`^Jh4tTlNuB*%S=m4 zgR|o28uhQcRY+w*hbdBk{ZN7WZdQW(+Rj%^J9W7m3SPRq z#wi0fD9j1M#*zUpvBagX5ai-#6$4#vbSB=<&1lCTlOPERufC}-_IT|0seJlTptL$# zXL4+96pXIoUZZKPhIWc+_h;Wn7)v~x_uV?XD;CrZ$YocIC-6fDn$`!35MPpYv4Kul zurBTlW7nuJd9t)2UJ*O~c*26&I0C&O!qT{(stV}k%a@jzQv9szkoMQ7qRZ%^B&3W(xlm;vBK^xaEVn-x{S-62yXfnvc ziWqid@RQ=~VIb-n_1o>6-h<|_GcSzaHL#a66TWXR4d3TT%m!8W|EzpvVc#c09I>Fz z+(lz&7m6WO?!n?lOM|Bb2fuPE$-BrW3tp&~X@~wfFB+0dJE!E2gb4XSF?5akKfa-> zq@8&u(ef!2u4^9JW)6=zg)U!TVaKF>j95UvXJn3>K$~A&eL)a9X~6vY_hb|K=-A3 zJi?G}#!a{@b#5YKog^fdWSE44+%uL|NjsVl=4&tvb`0G-P{bHmSBIUL1-tWgrwwQ) zW`TGBxLG-N-p(hV*|hUu5My9nA$B-r5L`^14rWr?-nPY_GtU|Cq2KM|w@N?6X zL=HV*7R`tl8Q@_4;Ba$m z*qMEyRm9E%#EXS>b=VO!AU>{KPPra;gFxZJVkp0`40e`>XqC@OvD3)f;97g)+I(}^ zansA)`YASjq^~9J?OBO}r+}T=_vtgRlU}Dk1k9jY!j3=Fs$&Lr(uxlSJ*&Cy3-Kjs zsKHoFg#j(!-+kyx#6gXnW*UseRT%e(p%r4MnFeDS6~?{cXC-@B zL!+me2IEF5jC)|qtJ<`hX)tb}!nk`Xx*hDyzOz|eg>jE;c~#hHros5@sW1$7n)ypC zqQW>+4KEMejh_`BLmPSoG*w~TH)hc7U}v@lqqz#>0ib6k*pY-!XasWa8;*T)LO5l? z8Sz;Zl-Lk>XsHh=i-`ycG|w^Z5HwQF=xk^A`K&0issPLXM&XUF(ca1X?h%#X5)S1A`5{$uGN=lHQJa)Ypi;f(=Qe2Pa~x8iO2uA8jC~?pY4e^Y1Lukm^#D><5M%urWzL8PCVFIG#@ph?~|*_)Y;kvp223+@4jy&g@O=FSlnEurqtp`pfNE z1?k-i)r6C8wUgEx)ds}^H5=G+C^ndz0Dv%$ax=XBFjw$kp` z;NTkdzc>t_Ls?h&9LJ=G+Dc4pZx+5PsC%gW)Ao-q+h6iyk3x51Syb}}0s*W5C< zvaD$(1UPkKmkL%ylT9-fP~o#n*xUzG7jd`otj0668at`Rv!CzrU2JfZ7ChYT%Wr7 zS&s%g<~X(pa!i#w!p(}YlkIM&Nm!@n$#Z4Jl%3_2Z$aEMQ(i4sE@0_5--0^d*U0d*kI6z~89An|x^=Dv*tFcySzdpi; z-`B@d#-i8l=Eco``NDbC4Y4Fbc5}HUx;P|U(r9!6O?5ZySzaS?6ZvD}e=-?zb;8pK zkIcmKM0kg?rH`RS z?8Ho{U8@>D71&W^d-I{(!gG!K#dwUKJp(o}k}P9K;?e9wdI>ucKZIOa6^~-e=eut% zj(3j^mSN8o*ol)c)D{O#X-CyS@dGqfxkmlN;W3jZoCp%l59(j4UyU7|HKN7^=?s#N zOkLFIgva-8l2UxEIJh1#qOI(35FlEHTQU@oIAl{2fD??d#LHpFPlRNXBmJx1yvY%G zbd6Mb@z9WnoC8k%qn9P!)FFYFTxS4xeLFoEvX^MFoA&6GWmTwbhEC~9og^=zqyE(AA zZC`11Ol*E`W+nEq!~-nItI5<0%-_%yLgiF83XoRod`u7?uuDbRlL_Sc0!>doVRxE~ zyPvu)+U{Y%d5HQQN4*nH5w%Ij1;QwWE5Z{JpuPiYztd{%hT!z2R$@5aL>T>J_vkI; zzScKlHkGf)awj)ZM9x&1n3J?JEs^$5%Gn|_e$_#{pny2QQ1anq3 zuz+6DAW>6mHV&*KCn=0ehL}lU?@9C z<68+s8wMO-Z959;D;(AItxp|_HBRF!bGD{nSi}+03|bJ~LfRGF)}`PWJOC#rm+B2h zzS`Z@F6QK(chU))$uqF#<8do`&4ss0rx1XW_>+>oh))8@52~hQ<^)*M)*HN=l}+!n zu&A8{QZAv5qyX4-Gqg)k7}*|!v_6*<8lunsf+dG}D&Q@QKHEXw{)+XwrcyuuyVEs!m1%a?I>-Gr8W}63zR1Xg;QW8lV z+v&FJOq2fAn1!UUTdQW3lpO?`ftkBkEnhR#hHkqB(Ap`#yJGy48he_h(kwtNQ5b79 zh$X4Bn5Mv6!N3uvK$ewhEtozNy8!^UI4-0_C%k-0D9*D}B|m(JuR4>M4L2ukJ5#DN zvIf+bo2H_VCnVg%f@~tv8FkQ?wishhg4c;!aiZNr?dMxtN3YvoJFV7Xl!i<+h!6xZ zFf|q#^m;mp)W%gh_JxuE6$Z61s}|R|YF34r3Mx>*B7z1})s{>LnX8eunj_m|CW&Q( z)U4zjGnH4GeNYBwnE=08xe&b0_9zV73K>@C0f;G~3ED}$?aF%n0>$-Pt-~Q8CV)U6 znm;mooO8&#cB+9S6^%i>AxjxP;fnqoLU8bJ7llGT9Ax?$7z2B@KGfSz(4Dm|TIXXX zh^e{g$_N4)jk*f;SL(cArqCiQKTek!Y1#iGpuBHDp_gVx%@(<`394U&i;ywIWL<)o z?F^}Am!#za9UC$})E5+rg<>@1M2z)$JMxLvm3*{E$Bgi@J!C|s+D6p=VRsMnucx;b zFGJ&o*@W`4OQHpWlramR(^xZiS`S(W9Y%=pfSC9$#80FirKt}x*Az_>A@#ItnUI1m zGgF12Aq!O_eNE;DW)ew0jTw!kr(g&MouID;CNj0MkcTj4)U5hC z(;o`FSaIT8;j1ZZ>Dts<;ys$DrIuv~`<145KbI;eTKeLauud7yBJC?r*Ap{s{ZPdEw8_=+C}cTxTZ6 zaLU|4cCC*l%##Ra$4H={;n8^~T(-Xs`!9~%cB~B$<0xdKk(w!cxZKEw9WX`4mlW&4 zXCaU^LvrWuj85WkYR*7rg{D?V*!LL^fE+Y0cRXLSQi|d`pk7qRzSbH@i3I^i3)wCG zPp^fLg-QMGfy%T8y?eksJoN(9yYSQfl)XJk%{Y5#H@w1A0pCDq?7^S5Vf89)F@yXB z92U2Co<6Gv+Mb+Sa3FYqP=iuH5umY3)MTtV9*a{oHLxY4l_)uxD#`R?rmLv2w%^bv zskC+!0N+IGsulFp_Kz<&Y#>9`vJ!cX7)+rr;)A*^J&Brj)bdh?HT@ZOYln4z`cc@^ zrs1CgK!U&MgoYS+rrypK>loOB5?2nw zZ7}O{PK_BaA9{_;su~q9FIzuUpyh`$u1c?3RWne8>AK>Ts_5(wX~nZ-;Q5vYt_!br zOvUATERrfJlW%T}De0w`pmMAh2f!lGfT+`~UM7e|RwqmJZ4Q@~lso7bc114X#wQt= z%GxkYwH?rA3BoB=Ctr6mzk{l8@)-|j3}VW(+@%3|r|cQDwV2Sa7q zn(lLDfm{xUg-Zd;Po^3Y*h+3s{tJjsh@uNa%36hF8Hrb(ND3dq~HP4XA)=inE#Mq(?a%a)JXR zbpYTrLe#ye7-AX%rA{Ls{*^ci22*pR2GUpMPrE;LUUUO8pg8h=>T<^9 zP;^5&aHw94*WNzg{?U8;{P~LwdsI)Ev_4WZp^>qPVr^ppZrVUO6TrbAp*{di;DDgb z$nxexXh}0W1{^Aprs_ zo?-JbsMR?(n*v9Ex6Z~Ai%+7914Vx76yTY|NjD&Vh&k~L0GVjsckzG2imO7C-z+P^5o}>R%|Gdz|2TCu{0m+0%YB$f1r=ZQ**BZ}#5=~tf z?lcII*5&jZJr0S6jQhmJ`~?of3!Nv*9JJD=dIbw3g+O1XVUAqCajSf7M?`i8MB+{! z+j%^``tn=bglzt;-BUjV(^f*iwR^v{opJrv{`%Ee2>hxxp*%hek~h=1&z4a`8WBz1 z|5P{yl70T{>5iEMIFH1f_*7VAY*x);F1YtA?LB6AT9zOH3TX_cqREIvgzL*}H{f@j zc-7IHk1phdN{B-|%}&59k#Qm+52I_*Y1WHgbo=HS)h9|clvjjAsJ#1Fg>Dp}kNd!W z&^v`dio@D##*1{@FuPEz<$(&J&_KDH)F{ea0OqVOEH{d=5C}(8_oHigl}ZJhhMuiN zK}QkeB+%*%n2@Sk!gj6$Psj?m4Nf>gC-2VA-<%$tUA#X#INi*C?!R_^oa~;R{rc{7 z-+6U-e0aY9`eOI=%~|>Fue)#e4^IK-CvWz5&v!d$*QjzinP3`$>aP-Xus_h&guYeW z)lF*0%u4N~gHk8*)JCB&VOFl8Y7?g3T&=5l;YpMxG6M20W+l-IRBgv*avl*rp+c)$ zjbveR_h|)oq_wwcV#Iz2?V?X)iUuSiLn?J8DvIV?B2zahXpCf-xtfd2m35_7 zXBl;tA{6eXj1Cs2*!qV8SSHO)rj8A#U~?z=RF7QiSEgzPeRDeM86=)$*sb?MebvT^ zWbMrwCtl6UHpO_NWxI|)p0FVQRcm$j_1Vjq8iJHQW4#}0zVI_=_Tt}~JUr`cb+$H* z`Y>if(1E_kPYvvxqej*0EYtaGBB+wb%>9hr6(e$GD`z1k0P7NuECgDLF;}(K#u^|Q zrnjWffSZ95fx5JVUSpxHJ2&eZP;#N-egjPjPHoe?s!JsrV|&-B*!#e_poI;v7$xJC zWydYYYGbSOqLn}6>{I@#t3c_-BlSpOS|eT?xygQGliv*Hheonx1=bgwm=|7bUl|9zY8Gr#95RRR3!ZvF0{aVQQgx;wtOw(2f*U9n*hlZlkCI@H8~sch$(pyDDX$c zFj}n>PKNZe-B^_H077Tl5#=c6OfsM8%*&u;p6btsLQ)X8F4aL^8-Q3_jl8}rYuB1d z2qKes6HV|Zb-d@ARcR*^dm`dw2q{S{_lic^>=C`}Y%9=rgCLbUK-7M_zk8D3(`Mx3V%)$`}qmZ#rNt}8N81ugYR%dUu9ZG>lu#2qYI2Ie5DX(3>+%^Z3Pc#b9`hI#K z-!Mjf`ZSIOGy+@E2VM8?GzwrRdh_A$9c|-g$^FfTzazaTTdyLl&8Z~?)9@)8aDo-v zg}Ki5*zXOqV?%UF$rUL5%)O>s_HDCZ+U5{yt@DhWqu4og9eF^X9dv+sNC~&Yh1CtX zdx`=Y04s4l4-Fc9#x<`sHlm8#3L5zY4U~+mhz!=m1WR9&u(<_2j8MfPUM=;mR{C_~ zBn-RTFL!?2)?5b1)S$DUYKXE7@@WV#fv#}o0HDr^Y970n+kIFYNkp>cgk$lr07{b2o zY<4N6@D8pB&6T^g^EVQD&IS@{on&m$e%#*LMB7@KyuG8S&bGSKdEP;Xdas0eQzHi- zwhFDVdw0}RrxoB7gJkIZ>G>@W{Zp_A{umJ^^v8b!E}rX^S&54$PmCLb)m}Q-*xq(s z1>6r?Po8AX1>nk%`eX#@(G3Q!&e%#uGCmoWUuMG#Y4l0-&__$1S65fAs*~|i7Y|q> zyAin(-R&QLde+SjcMS?}==0&+8bg9*qK+_<)6Y%1$XD2~XL6uYvt^1r-ZsrvVJu=m zvJ#SUb)L~yB;etbXcnoq0YI9nrd=4!W*Lp__UxFH2tu?!3E`Y^Bjx8&t>k)x|B#JD zUNQ132|*QJIG8!ReX3V&oh1W(t!+#M0bYA{8cflZ;y$X!W%P!s^$EzgA~EM5gX%QF zD#CK9rn|b$)|uKh6XW+ZBqSJM|C4GoGl%(q9G9(D>+tyJcL=?D^*8k7iFTwYEEU*j z(UT{wwBQFN_+gWT(AWUd2sz@&6Ln5j=VQ_7I6b5mafL3d(_SZ6x@go4R+wt@2#5sh zg${b7Wlrr}Rj6GsfNoxMKfT~8vQI0S2LN%t)}CW(>}p6d5!EUDmT4(9Z?Tqd5PX$% zYZE4kn}^ORbtYLH=V8q^^W;f+GOZf;-_^9vr+_Ca*>5SzhTzh}==5%-e@c51Q;c(YGd9(li=w$cp+YJY1 zdk)W8nBFxL2RSy`^Bhy^f zX~P_IHcNCc8as#m?XAws&X&ht{AhK$_LBloR2f-@Y(#zCOvD1x`KLayV=*=@RQOwJ zz*EIq&K$F(Ozc}k7$-k-?Y^mAr`PT=XEEX7v~c~^cX*OE1n)rnF=Kj^nrymqa|WPV zWjMH`=4Q{HV(DZ;0*WOGr%Dz+I(c_`zI%M$L#fd_tQKqao}Tp6b}crfIzVT~DOESM z<#cAEguV1i61|gS!mp@ZW$)hZmlR$JfPz2TB%zFW41{wr|QgOLST1H0BBNO zWB2XbcfVd79G#s1BW?TDR2$vvtAHHbMx_HZXvNe)h@(%g9>d;}x~|Ef%GMSUmn3Ad zf+DjIeCjNXRAvJ7Qkm1QS+z*!U!^G5CfVFXc&OO5G#WA%67D9jDEfHCED)X6p}D2f zCvzNWiNmOe9kyc}v4%+)>h!~762=N8WD|dI#zn z2Me;6~Ebt^ML=kb; zh7Q9qiKTJy!zuBZTgQwRMSc`|v#VVa=7Lw}2hfoTRDa-n3TIDAC&VZ$^no*#8v((B z{;5L@z&t64Q=3^mOqinVOzTKiCbEPbZF;%|_YlPZN(fg|QIFmKuEuUz4hD$=ZmAuA zgOK?+bmn~1xaVZ3%cjB=jn{MGAGE-jGJ=gvv15HJi7pAF1g|1X~v<^Si;wqHK3|GRh^h6uW8Tp&NsW~!qDbz0{TeIy_7herR@KKlhm zqwNTA5TrqV$c*#I{e}2B0(Dn3Oe5BPtTkppdMz#IoVAu4uy%=`&x~)d{_8{A6nMhC z_5W;Zry&1tKihuxxc=|r`A78vH3k~_cr=V>;b=4uun~+fCpKhKfPyUUoK{W_7?bwu z#YPWaU{x%+9H?V-<6(#$VPidQI0pEg`<{XOeU@7P)lpb$`Wl`t@aBxp^!|b$=2GM@xSl2kaOVap)X%sYc_V0ZK8)JQ~UQZ zo{+4B(_|0cBIG%R|4yd*Yg)_Lh3d>|DgD{F&Voes zy$(k8J)*-biY%f6eXkQMf4_-HD2R^7z|i+@+R^WIb153C-KP^lxHn2@K)TR@=&r?_ zcyXdb@#}Zck|F^oOqSb~?&)0?+$s%$8zIa&o~k{qND3W;4dX&&qXkZIl;{9iCZ~4M zrMXiW*G#|gbn$pG3$mO7VDE3@gTZ>)AYn3!qbYn&PBWSQ?0&TkC{@h?QYinh%%$|)64Y%xYi)o}X zW8jr0qj^S-!qp(P@3Zk5)`e^=34(lx^KWxtfN8T1 z#%iOE0;j6+OxBGV2N%Z*Z2{+I-2^04%iOBL3R_}!)PwY6o9=%GFhkeBp(@b4RRjr>F+FKDAS@`gKo z-Mj_}3{MTD;Z(IcOhT|ZO5Mp_M>XF!LHmtMxPpQP0<9}VZdsdk6Yg}w>~iYRIlbA@a(^chmrkIV| zpV?4Pv<}ylT9aCXPtzorYa5e#Mcc6I&270h(o2&t6{~8l4Su+aPeytgbE##@NKF8L zs?bHEnUS@fGH>lqMbX71JE@pgmtqI8XcMvFaMSqZT;Mnkr|B=Pe+4@}=HswJnyvHv z_^I=v%acgb39;ckuW+c{Ki<6G^M2iZ>%BeraPU@vU6ZK?di&X$fo4JF`nhrTP27t> z+gWaA`99JL+S9jLdLKg&@6Hc;O1RB}Df}&u-WEdjnS7v)Q^#*=&qSeB=(X?E{DaGc zWyLTKMOl^yT%hIVLV7%j(7HN;L`;%@-)OmsL97$64PnqL zjv1^H*I_eDV#494V?9WRPy*y~DsFqM=HkJVV*-J2JUbV;!M4hi(aTIZ3*$>y{r!Op zn^HNNL}@Bg!qf7L!&sGAs0!OxT2SoSFY40~FwUIMpZcb+jfzRqR8MtbjaqAJ#x0OP z(~!7F$GxI6*3 zaNy9JZ|wu-V(-Wt?QPamqyL~X7$D3?;+Bx^PW&PCw#&iwJ9jiTH#m@{!iKOd!~v2V zM*{oSf$+}2{S}9bREo5k&#vYS#z+VCd5Gp^7E+DXCl><3tj@3zC$icu2J(BFE3S}; zZsyio!s0xSS0R-ISP+3g{3&8DmszQVzVuGLgvVWB1)f17k=p;E;DvR4u!%PdwdSDY zNi`;nRY)EoOI_f>q0zHf@t$PffOz^U-Wzf@fh%s|!BxB`$2fv*$Qq_+4Jn9+6fQYpH(@tmm1q4It?mR=2;JK4) zH_Zt%Yk6zQ`Mi9SR73IFx34tB)*7nL%hj6$P~Cz-m6?%rYlgd#z2^jBU&EKFeo+}4s-4kbkt z73NyYn2q{G>xzS7Z4hZh2vMC7L>i+qA|%kEtU!OLxYCGYpTO-zBMp_$BA>)kbQSc9EsJi<^nbc*wpGd^j}1Nb zLDQu3;f?C=gmB7&GYwr2J=LnTazHXwI}Fs+ROn?A9`;bX4VpTBNx1nDL;4#1Cq!$r zg_2?RLov1eWBY?fLGDMYGl7&m1ap6Ufu-bWckpIN)mpai{4r5dDg2P3a1RfKJdD&Y z2sKs-)zf-`6DAZNbc@SrtVXO8_3zpIsGucEv!(XXF^fowfalMi?zHlkw9-j(Y7|pe zK77k?@EV6W@{ND}u`QQN*V^#DG9?n5?bgd8XWMt(HPxc0;86f)7nK&mo`L?vm?h$9 z>gKD-;z|pnnV#S&EK?oYBIuw4HAb8o5!(B;j_u270?YuiOV1)kTqNj>awhZ>i`2SV zAyRD1Ao6$v13-qI&;jf4#NtQ+i!x|+JhwRrXrPA%Z&}aL998I}{g5SrXKY8gI;@f_ z9EROBPK4ytm!4^6$T$qjj>+m`tH*W*V>pEn3;Mp=L)%*&{XZppnEO@CWhpGgy4X^rA|$o`64c#FEh%(P3f#*O$;?NJ7}u)ZuJQ z@FmrIN-O7WWR_SzyMiglrq@w$6G*ijkt-x8@z7oqX>aNYyELkK(6VRKn=bC6o; z$olBR?GJkS@+HdVONpE)7ZBR47vnN-gFn+~#5f5QHu~iotaMORpuUdOZXttC^=(of z$SN&PIq!urAVS)LXl)H04y}fJGiPn2Rloo3zWSRfZ>}cWUc0JFyKRF{rS}&0q7T-& z8X=8FrY$9@YW@1UV-&psd9HOgQ4)rmC}O3q;BFLAq4hX|$W7#r85704t!b}>cMw`1 z#XD-2AX^9I!oWO0`gDQNo4@Ns9_T;y)uqJ#C$P_O0u5K)qbS)tyFZ`c2#-imfqu2z zAoYm3t9Foo@?kH%iMJQ>C|n~>mW=qAZdLvTP| z#x#y>=hWDzFpfHqswm^LR-FpNuv^GE1U<0fa`RB8*>^$J0{0O*0I|@idrc^xRD8+V zv59m^rs16{^@R=`Zn)_}$o7;oNS4Av)xa-Zg`&u=^;tyF$p;-i$X=V+9XN$dBm)gs zyA5CztoGWTlIrw6cEkdb=21K)IQW%QN!~@UkqP=I>7gIr&Kw zqINTg%6bMFR|ANKYXWaMpUMixW@5VH^_+!pVeG_z?XGE{JfWeYM6~i?_EO37l!0l> zdmUHC*dsXuIMN$&&WzMa$q7~)0m*_qZMqSjbco=XQ^u*B`U>-zM+RtFAc3i%Bbed^ zg|3{y-PO&&EwK_eyK9h2$HX{VZOeA79*zPJN0NH>&1(CRkP`rUaggc_h{T==yLqDy zRZn(uyqFU*iOqGW8z0KZ(RPUDrvnhE;gL=)Vx{h~93Hdaty>~y!EU*bfhMRk_EI`V^z)MTSzmzrU8dokaFb0od>*eGr{KWJ<91|%`He( zPFVL-Wnx%UAk7YIepe=mO}|wqi*>Ts!d;8DY;z68D^I^pWVg)nMxTexp-gk1!r?G~ z_N`z>XF5V$ju)kQb{|>MBP+TaR&_7g04{X_p3_{X7p_$V`gfO)BEwzT>O ziI@)9=j^>P2kfDb-v{jbP4s1Tuja#EFDxiYuWD7XZ|k+k zvtxTa9?ypA*2hz0uQ&Xa%Ar$A#lr;A7fk6fiKpgJY+CuyU0SM@#JU? z&djP=C{z91bXK83P~v;gUzSNcjmgHF?9emIr4e~jnk;6X#$dA*k_laI(@3&yarAA8 z#pexhBP)#Di^Cr^;S?I8w8O)iiB-$S92BrFeBmrjBOZp9L@rd4f8**>^gx&Sitona zx#pzdY|%`0Y|11KG$=uD`7eaXjEF;)yyg5@g`fE-Z>^(6!HXCs?X2J1HN;Xx7F3zJ;-SEp2SEKbP z;RbEk{I1u1YS)rjmAI|{v}j3`u|E82!Tq+Sed8c%_5@zAH#Xd1eI847N&Ki6I?E&& zxQb$WTblGvKk3x{R4ZiLQQLLW=1$J*USle0)@;J^~%K43}-=V z@HA1c*QBgc;aBVlvPXK?a8-A0W$94T$uA9wQ#z+vkWG!kW&!pQR92De$?tma-g1TA z8y$zob-IXURaM-6f_E8K5>Tz_IOj}-IYZ&C0l(1=(*pHgMmXMY-hmc zWVh}QKIP2OC=EKPJ^!}ylAAqAdwI}MZJHXLX6FT^+m>C_*&@ykHJea#S_yw-@V}l< zXphW6U_GlinhEYxlp^^ zM>44JX$+tP+ihD`VX%dBc=e{+g&)WU-gR`347xY>ixRhccoK7_AGM*g9PZ;WdmOm$ zd#ls6~`Ljy}sXmyXVKa<2rrvX58~;yyC2@p6P-Z>B_1& z&e=YjG}qZeCvKo7cA)AAaxtSACjzVe7^}9j4mI~ND;K20>tZiNw3o9<MGA?iem&aH4UBC@w&a4`zumk;3$0+_0mO43>9L1hlu#JN$Nx#lfs3_jl6 zgoAOT3FDo{9wL)0{?lvLgm5?tp$p;76=Hy2;m1!OuMac_a$7Ov1xi>iQi{xd*03wQ z+h~D%>EVkdYoi%BD$L82@(%J|2|js7%7S2caTyMSosT816IiozKj3#z>Hz<4a<^XT z>`*uFFMfU>9`9y^B--f)NkDJ|dqY>@75Ej_(Y{~cF;B{hjds@|@GIc-LZO?bpBJAM z0QRKzeF5}{s9Y^9SBuMs1m*)GGr+zG{~y8a-;RoNdQQ*jIX(aX=dS<&0RR80Zq~*C GxC#JLgfnLV literal 0 HcmV?d00001 diff --git a/assets/artifactory-jcr/artifactory-jcr-3.4.000.tgz b/assets/artifactory-jcr/artifactory-jcr-3.4.000.tgz new file mode 100644 index 0000000000000000000000000000000000000000..7335cf942c66ba9855d0e60a69a70ba9237726f2 GIT binary patch literal 154564 zcmV)IK)k;niwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKAUcpOKSuol7s!n{Xc? z|5vZ7x~qG7bQ%ZtbAS0_O?TD1>eZ`PRj*!Q&o?Vr_Z_d1yF~Z$12ydVS_9Xuwqy1b z3WY*nPY?WCC=`U4W9;ncmZU z9aEopdFtb`Me@ncVL4SNe~Iqp*dLl}S2MGuG4FT=EoE{l)0rFsu$deRNz3GrBrcOf z2AOkQD$C`X8OYSJDc%8eQpcuMLN#L5pA#~kL5K?+x-A-wsvzuhF=o9ZlCvicE?yx~PA2Bv)~~I`(~Hpo(b`Et6?SJIFlt2%4`E z8|gJ{S53Prf!2seG<1;@AX;+*%RsZXGmqwL*hdW~K&+nOn0EE_Ogrk=bwVlfYed$b zH~ktqbO>qZbLE^R4UGonS<*m@iy28ASSvdEa2;v_F?y5JEIL`4FvDAb*IiS10@y5vYdIQ z=^hb7Dl$mLv`sEs$3rgW+Fa+%vD!@HmT40S(|5p4@Ei+(>TUpyQYUrBegqj?mZM|V zj^zfF+#8gMXA_@Lq+0=#e1@|ohj(;nkt0DMG(vq^k}r@zP(s<_E;Adw*4?0lvb}{u zJ$z}Ibu+zcPfFEdR&q8SlhGbLhaCG4~7Ine*Tz_wW(MPoGyRWT%# z_*}SH*B#GbH3YOsY^)3}J98uiFg!XjJ~`b#HeEuac$OdeQa68 z<1%(F>@yo%Ld@M{PG79huw8LVXv3kb>p4cC`@=@IgtEJdRi8-?=*({NNu6-H(c)sZ z6J;v|`+-MjwuJVhL*Z`@X+of9wGGijv$LVHWkXXOQlv?W8TiGE7dLQIG*&h3g=MW0 zlsf+Qhz(H-T;9ZH-;EOTy?}R1-=b4Q_lQ3R{&SW$8ztVHsfSj^Z@8p{MjUMHz!tW3 z;t88PY*#%(>9U-Qa>t){lOs-WU%?g)*_Y$XghTzRN2bmjiP&l8#O0;vrPlFhroEj_ z7L_4d@nx7Ph&Vt7afxjZTUUk^4#6XpR8q>OZ{xZti78u7SrQ{ZMZD)Hhx!LchqStp zL5fJylq@3*q)C}a!K{oJ)(oIKaH}3R2xaEX^&Fq*K5{HWIgIVhap;@V-6*M+JjRFcbGcF|lhi(W&k`!m?zh&Yo5m$(Z#Q#qY7e1*oOHOEhYmoO{#Pg# zx)Srh-c5Zc=6}cK8F1{XhyB13^B?f7YOHHs5>TI+OUr2xqvev^=_gi${;Z#-_5a=d zW4ne%#&>CT<5=NXy8jo8-G$!d`cJX9c%uIwkEgw5&lYRS1K?9wPBqhSS<=JcbF9!o zfbqIa!ZDW^p$8$ChuYD8SU$cO<=1^Dny6|+R;OPqSbZK1@&z5zd z>Ct+d&=j;j1x+zzXI*HTrB+a+*2SeZuKTFCK6VNzcp|A4Ii4xvqVB>v@D!WzY|#oK zngVYehNejgm`9I|I*G~_W!YlyI!G#L#Ux3aw9N`hA?L-Yo1Jymj`%d8bkrm`1T3@rs`?O*xif$=#8x_}V4z{G(wq9+Mf+gf-&6b)WX=0@}v^ZT_m)6UW zjN%6B+O&2oJ=&HemL5fSy0o4U%Q~8+N9$V}OSi;QSQjr%V*y|Rg+vEq>x>5x^*v@b z_?}Nh2^hY9*F#;K*F#Cua1rOX7-Cr$zfB#oM^Sb$CNV6_? zm26@CKZ&I~99RUUOVspoh zV=0DM*6d+0EKQvK>Nef!BNlW8s z3KGqFe2WyPu@HLZMX9B1vblEk+01Nf97~^8+!RAol+3KTFEA`U$C>UzG)e9TZ7gnC z3z}}NH-cD@5V=`cE5vRNu^>l(n8UWtoPmdW5$(_TNv{8n z3=a&AO${AW980hNcJ&pzlk30T-Mu|0)_;%3gO+>xU98s#8ZmWZi`ak`kBl$r(h8ky z_zJMc=E8-ZmX&J0@0RlU`T2Pb0~*cos(Fi}qIrn9njV@QokIO%gJ@uUY;bsbczkRM z?Hr#(`=*9E(d5v?uw|h- z!92LkCtjUzA?uE9h&V3Tk*A~+c|?TVn2y~kK*4r1GfHMTfZb*+g1~s7))dh>kRtMH zo)c7SXbZP)CJmR&lXN*=6JfgJHaxRh^N};pETQ8eV*94wKsfMgj%Qv5_+)5GN)5k; zAwsh1VcVD6{z4840i=p8Gz6fVhzM-Pps>wY2Pl#X+d$Z|1Q>{J;-5@HIcgE))(Np+ z;)ex9cOnQol_8M2Q?EO=fFwiXAZ8QbaD*D#DdIcaz;hi+Xe8CJ!DSm|1(YnXLeWOE zgI9ItiPwn?(}MsD51BUqyAz`Fa6n-qiJ^V=AkvyWsoXn#cv>&csc{UvA1w$2cUC2IVeg%flqyGL(m(o zVUJJ=(dyZlaL^wQ3D? zS%-3fIKgI>*u(<|H^#7Py>!PG-YIPD@xEIphKV7>O=0^2$D3_33iFOP3lxJLVwx6p z0n?UjgdKp3POw$S20?fZn-)aQL?O^ZSvr|DWeOMuzT(g>Nb6=hzNwSYym3kKO-N=| ze4mXiVVEhSR)E-uZA2Du-L(j-=z7kaX~^A6g8E(NKAQ`uOe|-81icd(7X|rfM053)jkJPal_D|ws4>X0z1=y$)k5~<4nf5FQu58+%CpNB=4%z6Y z?Gvwpbr>W%l`%3DY7f0&txysT`rN7;}k5oayN`_L>q6+|qe`<`Q)dM9gzGPXdE z<~>%=2InKNh4c~Y1**_VBq$~)pGKVpV^i1E11F$X1J$uN%S@jac}LRaBGjzfSj3dDHUhz>Y9cdM z*)hjQ7^!_#%Qko6gnu2fEqmayE{`feW*_Sbq^O1|DidNOkLUy}dASk86LmsLE)9t7 zTMVu4c&@{TYv%AO-H#ihE)DHsZWTj25V9{lD>N1G!ByyL>SRXgW~x;tSg#>PKoF{1 zZg4LS{DO;|0Ac3gxx^2!CDm`<@hoHBWWI*&*g0r3L+%(U~D{8qLN0k0F$^Ez-%{L6_-qlckHyIbS=s8cb1L3pYBWH!kt`P)p&Ba4gh$ zo9gC=wiuk{CX6Y=IoKB7K;23MO<-np{|~gzMzWw2*JmA!`dAI{qI^Qsfn3h3(t33~ zOFDTlDf99qK`@VYDi!AEIfxR=>J#pPZykSB+ARJ}k6@r4OuHJMzcS_6r*`~}v;$$w zv56QFb*El7?a-@-YRL+cAwI(uqpj}Zn38!MJ9l_C~#%V~lWP8-XQ}t_vyJB%olrEE;jEbHjCmK;76GNW#s`%)@ zx+rTssVkUDhYgm+h4O{c6%mgHHw8T!nk4GV5D%}e<3?oJl2%A}TvPfsF?+Oxmj_M4 z+(u%ULA{gf5%XwFzvhG^a(vp%hwv7btTUPlfj}bFsuPkt`54)*QYM^Nb#P7t>Z2;7 zmyyTk8y?Y3*CfnnsjhE0J7iB2qZr1A=7TEcBk~4l_@;T4(vt~a|+@RVWbe9a27cn z9Xo|~cQUhR5au^^D$WF`s2_DV!CQ2$HbGC)q{clrZapOoAkJ{Wp>>JJ*kt15J>e%Wky{HoP zR@cICFj$a@C5@4+BMHT{iY`gRR@IotluYf{@dYSkRw6sYhRkX-0ye{Uyv}ARW9jQD zt6XAkkRqi@qNjiZF-JV!Sboj)j2vUK5w?x(cy%^mW{w5Ho(2b+MfMolEM}#>!Fk|Q z>2Q$`Tgv2>c_?vmMBf67)rhUlhryJ4;s}%0u!1z*j_@s<=+bT@&*f3HPsYr-Ni9z^A5bFj?lL$oI zyWk6?K8dD8RgZARZ-^cOGcvM3bj8Gj;SB}ikt*iN6q@E9VlSXiL(|d$p&CENEd6N1 z0n6!gms{BpVuBYNYTSL1+Zeb`sN&JkPI=HCiJy*#gbwqU5T!(%%q zhsSmejSh`XccRgu$${PdW7GXRhDU~{F9H?XIXpc!G{wUQ`UQ-M{>ka#fqf(WlW1b! zxNjj*`UvYjh28P={=uzhZ1`|IRF+L`I!YkOc z0-ndAj;%^yN6rllf+>+8kTuEEWAfmL3GL_vJ!B4gav@H@2p7|_F=xUiX+?x@P-+Sx z$lwM6p7($)8YC2Rq2Ec%%P{vx1GUmAE~qirJ>FfDn}thmw@EKluQ?811%;K)*k(Jd zxgv}z1nfyC!ayOmb)w`{>6F&50eVO3w&{ocG2FeiB<;v4TVfRo{FXd3JIwRtTP-Gq zK}yW8Od8wnAsX84%(IygpGt-T19>WdBmN+w#kQ2)kkIEA+aj=tD_%208ktd`7d)M4 z7bUXj(Mpk`24YQ^&6&&!x6iD@^ZpL9sf4mINQKx2uTgU>BW39vdv&lx(zy<$7MmCDw$nTHv}?LxeA=p?mBbkTM_cB_V{SS6HD_gi*v-6Qo=1m=^IMZ-|)9 zbw)G!ib*VkB4X>7L%Go}dsv?(K1JC>i`i(BVqsm5b`7aaU{%GePnk(;Xyc$`ZwTWB zls+nfpWcCBwhq%&ku9uDB09wEKpD1`y;;^*Xv6mLLbwqMlX^~ohAtooThu`w;ibho zskGuymg^0r;IZ;)SCr%yMsTsUS|(A*3Qt=ow+30otm~PuaLsIRmW>tholg<`!pJ0; zn&E!Dkeu9i4VP!4MGoxgHFHi{%4jq3P@~akETTg|w^K>(vMxe#p(KVfXNs#&ry3B7 zHnIX?%w@+`213q9m?7Z9msmcRZoFxWX(*V+P@_T@N163IWmql4u_ZgH$k>alg0|P^1#>WeoMz2#5P4pj0CCVJbRO=BMaNr z09OgBI&;LclaYO5wIuS_X)|BiiMaef{U;g!ALcJRhB%hX|FWqm|5JBg*NOa3$K_cf z{|jUy7~m&_S{8zoz!m0-si%tw_hz`s9^~mE*Z>$$ZosDX!r9d_nX}H?O|U^x;Fi#M z;3?>l;pjYHXkEk`IS7_anZ=Lid84LJc%+z0PI#Uj7M2LwKg?ew@{3-)Q6_|A!$T~) ze8mdb3^y-!8}fU0PLA)&M_|rYz;tM5odrjoCOiTI2P2B2L7o6FlQ~OG+gj9$U1vjS z&Z;amoye|ZIC0Ob#NZ4{5+y@ZmvZcwDR%bbPA-EhH` zEP&q?0aEE(+tx5O3$IyU&G?|v0*Ee-?2ujIQ`_<*DKzehxY~+ z@(>$rCiZCyOdgxG1+=l>b>%FgBh&9GXPLt?vaWE^*>L381o>v2u!a$bH$+xxEzDzY zutGTS9X6lT!K$%hj)9mz;0G=;D_{kf!#wP>)`F!bzFa6zhHxi3Lc_2+fzsJxQ8LP5 z64ORx!S_g=ARSXe`Nnd%gC}z?N7L3Q>ol?92w4S|8SAb^)J?pQ6pb|k9J)#}A`2$vYgIn>NhPqD@nMteC?9c|Tm1-MWEG77+B2C! zm$i=qfCgoeeqVMHHiGHCB?(b*Q?zY-WN>D3Xk@5=YG`Jxe{|@aTm(x9W2ZdOCDY>K zGVCBW9U2eQ0K;i0w7*6?5)C-564$CpiklPH=J!qPn(QAOn&By4>qZCft%Ho2C2dV+ z+~$MXTvuXz5Q50%+`y~0wj10ugiyLeDCkf9iLtrF*w=d8dWh&gc<>-X8SYSWSCaDp zgFs8aJ{ldgZDsEqWvql17Z~wiz_CchM`cnoZ3DTipYny~ImZg>gvKuYP&WFb4qT6q zK8cRy&gn?gwC30FR*W-|mpZ*v!T{c(*eENm6p5z==Xq|+4QYHi-#ht!AM{airHGn= zJ7(0GMdr7OggLckdgx9x;yANNM99iK)neN@T8!MUj*5{}x_pOUI#YFrCf!8tmNWZ0 zJu<}{#VYZ+o6JTvkMR9AnH^r9BLrz-RCB1$)Vou<#grg_-hrzuXz1($G;zzt+MUP) z8IQ^?#VjKR=wg901Eqq0d`HI`e9D_`- z@s!tFk4ro4pgOh#a8x4iV|rw&6ID!)`l9jj9`QYsfFn3d8tBhR!ol>T$`-*C!g3ksxg)8+d0^|*RalJDcJ!lXL%e7KtX&8^Ib}-o;1Z&cd z0xcHl>klgTVI73EY0m75Jge9p3o_?EQ^d|xGGrEAE;}QvmFjLqFw;PVd`HDb0}8Qq z(HYlDSlpx%dJ-x0iBcGb*ZR6T&2Z}2w8f=#2(~(7Hw*G7KJ)i2n!`F=ufdqgF3l8c zrkKHviu0Q~D38D{6Q!$gSvIL`l25qqBI1%NH-97)R|!c>2xsL2lH=As%A7_xxk@vs zYftHK)fK6AF0v=rf3fT4c-Gouw+6i2{h!^Nipl)neVaC&SpPj9&kEOn_t_?!gkcL! zMyY8>;Yg_`XN|CaVp*t;FM(^X^jTbu@`ln*R1QqbK)&Nx+yxmJ7R!)Sdni{x|1=gh zo9w|3%c+*o{@uhg(6q-4+psM|mnX5U*NBHkaG9df!1B%9faL@Rn({sDld2#)b!|Jc zB4x{|=4-?=az2BfGi~3=vC%K*arik4muapJ@O1`1M+N*GgP&99lzeTrU-!*9Hu3|R zaVt)FgiD5R+>6yJvGaN^n&2~gO5gx4zwVT|Bl{&S+_1`>+UO3{i#M{OzEfJRAgsqS zf7kT2%!$28{v_?cZsx`OCwI)Q0$uL@m!3_9g#GX9?KyG(!*O}q(Fk0`q{Lppl}x^a zh)wwlC-#}C_5z!76HdcJq}rP%Kn2gqhm)##*U6nd~#y)@UF3=d&dsL*CQh%@E9%-9je_~>C?Wi)!jC}eN;-8eWR1rB&Y@`pz`($T{sqaPELi~!lZ@Cd8Ehr=8T zr3WoIb_AN^$liUQ+&3l*Gt`2BQQ&d!-XnYWT)$`ZlcOBS$PJ9b2~OAzdj$$!{pg6G z=;+bWJvZ%PS_Gu-y%9*_ppK4?9%bz~c7*A}gAYDP9z}lN z*4B29KRGtl_VgXbOWt+#_V4}gumA9q@BZ7z-}=I>Pkh?GSAX)qZoG2%aTDME@*8$O z@~`y6zrFth2Oe?#?|$+34|~Sl^V&Oq{x_(2-S6LV#(Q7?)W=_S*P z4W9h|+m5{ZEw8)gJ&)?SV(RP*UVhJ)vgMzi`4^q`NAG?3j|Lt+_Q2d@K6cXcKJ~Xx z{(S!Le)HjH-ucE)KjB-i{MXNZrz2yYJBV|M`QLyvnq`^Vk>v zzspbm@oP7pe{J_^PkPY}&#ATFJo)yk8?TxD;!OviviVp4@}J-Q(5+usC|o$w@z-y@ z;OV26h&p2i8mM{Ha+v7j|#ECE6fAZ^Zd)akUSG@6wPk!m0|90!GUH|yM zr%&yD^pj6{!{wivI=i>`j@w?gvG=sQKYh*YgD<=HO_vAVTjy_>|J~K!eB1MW_6Kw3 zRlj@d4WIeR&u&AHLMJ`qW#78v!;7`IeE7v1ulnB6*PMKHY5oe-+guYzOOtt z8@#;lN9O;$|Kra(6UO+jsuO zde8eWzVi-p`)5zNHh2HWfA{ty0|!n$^~^7v_jB#)AHM&q&%d(kr6>RFsfQ`s)^hG?Sknuo_oQ*Q?eI)GV|k$ z_ms4sb=~>W$1lA4iAVqP=iizfJp6&PF26YV;PqF!&wtuuJN|IxwsW8KgZs`rbH_C| zJ>~OT2d_Ejq`Tj~^+%%@`Tx3q;@j8XKXZ5Kx}6>SH$LX4hfjL;(XU;$ZOf(Syyb?g zcfa*FSKfj?{fzs*^^zm6`}T|e_Y=2We#+nnKltJeFZ|9Gx3qUZa^Z=+Z`*jo4KKd^ z@UP$Wq4#%x?)z{3y9a)!{q(NuZ+cJPr9Iaie)W|%9Q@CZxBbJ9=YlJKTl)R)M?d?F zYkpPy>BPC)UNbQ9+M9oK%{%_{8R!4>Q!}5t_lwWneR{`Rel_-?m%j1K&-lf?JOAr% zUiYvYulvhQwcNYj_~`fkYTJhv-}vR%UG=;l-SP3KO#WLTGjII?ec-R}>$~Tx&)waz z^^1S`;B#hA`|MBpZ+i8??`-|i*)RO`{r~=@4?NIy-Cvqdy5iIK|0?^^@154we#;X& ztS9{U=>BaFzo+9%x4nGR>7={uWuKdP%7c&U_~sLSIJ*Ct&w9^Eznpy4(S;{X8ZUX~ z?x72|J-y?(55N0?YZq>KdhavQD^DA|^$F*l?41APcW!v)JFEBg|K#QE-#_&O{h#~b zc~9Q;+S@<#x^MfR{Zjk6S3c{~XJqYnYS-v<=y8wS{rbLdK5yIT>-%2(u6sW8lgk0 zlq+vNH+afVZ++e7`zz%q4BS3$Hr-!q*Hx`1)tvchT;Pp1k!gvxYO>cip}9^p9@Xde_w7?0D9< zjFZ1{*Vn&z^Ub%t{4q~`-IqV|saqa?-cx5@_LNOm^lquY=!^aCzHj88`i>`A2kW2s z>N!`vV%KMHD0Dq+{}VrW>3bXR{_2jaj=cP;XV8y7Wpd9~&%E=QzrN$7q0DvN|2_1f zm%efG%G>|;LlyGwD_-~N-rr;{>HgvsAGJSq+nZWs3qN)4JM#yBHU7RQjDGI+ zFZ|*~zZ~2Dim#pg=-0jf%^y1HV~;v~`+t4=9f-c*BX9cdk-b+`25$K1ub+O+%;S2V zyZEeAJFonUTfTA08$a>`_gNdi@!P9Ak3QXc$3HymH&>l`0e?)J8#t)9{?SIe1zWRxOnZ58k@9hh&8oMU5c*Tvw7jD~d z`Fr0#q-J{ujK`v;XF{&wl-zxBSEP zeQ)^kb6@nmoA3GWTYGnX<_(K)(JuPt+n#jh-@bR@G5>Vn{_J`0yXU5x+AldUaNEg0 zzU4jN&pqngC%u05NxvF8`*|Dx@y@v~5BUr~f8~X*e8Q>w+@Z6c{?;FQ z#lv4jmwo$1*WLJmyI;R|;050Ae*1#ke(^x?;a`niGjPW@zg>CT;3ogVOFwtr)nB}S z_!l=k{xxS``Z4{I$6Z{1%)4Lmz6<6i zzVf3B>RajayWjVqX7H`3R>?~bpMe|k-AdTjbtSM|R5WzNGFUUL7_9(eUH zZZRJ`_3wXi!*zfEwl_^XAA0ozFYZ6}`mg-e^>e{t@5i@(<`I8!fAw+CJm~>^-ktv$ zobrzkzxN{tjq6W+%ck3}{`vLiRv&osb=Q`k{(0k<=YI6Be!ThroxDN&+V8hNXLi#g zj7R+EspjVT$Nocm`saJDsaA%b_V|~5=6mkuXU6~eTIazlK7Z1s-#O>x-#zVFPyOLt z2euWych`Zpzw(hAAKY-?3)=qfIluYp@4xugTw7b)nf}m)zJYyG;@cl>U4`P7T(Owz zDohu)l)4M0-k!4yg;JsLMC$I2Rp4jKTUWr^zxC1^{olkQ9 ze`!D{Kjz<9@3LR`ER+AgyU=|9bFtWUV*YShARiDrpN0#At^c&0DUUeZo9PZ0Gz z$F9QpeR)W);RIo#py-TY1TDM`9}<-E5Eit-afwZ-g*`FszIS!&sV}rs7QZr^MbUYzs#L_N*^1 zYl{+*UTW`<${Htlh;Q;@*A?A;1UHC>HUVNJL;F!q#_wcP`i5X;WuRL1CDC~!vyc!1 z3Z=kEkY`ZCdMoW_$@sQ};w_l2W;$t_w_8LJg`s`8`Aik;_NXl`LyzE96V0LIBy86D zd_R8KhK>dQEo%gac)A~3+3R1bA$e&@2}B00qh(lYvlh-S6_NQq&`8LaRLhLL~`PdJS?L@Jd5OD#*Ywa2gKxrXjm0$$e*Cyp= zMcJ-`K9)_gv{ZeIPKAMUD;4I{h!_WuG&SoGX$0*d(%Gd2#Dhu||Bw?uirp1TOPA$S zgvBKQB9pytb#@tFV5MXFk|!z?1AN-huAE_zAr0yv?y8Vl58?`x815z6Z>2)b?Y3P81+PR3 z^5}_9G-_T(;xgze>@t^;Lh|SeVo;WLWmWd0>gV(7Q<8{3I=8;#;VK!hFr_PK`QZv= z>fpE2IUceD%j!e{6}bcDym3l_s)bWU-+}URu|PpRL@$Ihm;wlFORS^(am3>herXET znC=qlQ%!e+gmAhFh59mG!xUGN>TZApq!nv~yv}rBVjr61b&n^%by9DhMfVm8qvi^E z<^a~r_9(A@{5XeHG->TzT!vxRxKMe;JhCQ*w2H@%t<>f$?pm%fMI)|`J<)V)=CBoi zGUl&&E)#)jc6}Cn;@OZiP>dyT3V&l%r4!W~@Q>qRou}QZQ+lb@vEmueki-#=S7O$) z{4l-}sf50cGM#}LOPpI7iV(3Llr1Z{S(W_>)6TQr$N>qRGSAR9x{8cvdH} zAUu@K>cKUGX`hpa7D&7mu1 z%q!(?f+IP;oCOrtUslH%tF+p-+b8NA|F(<##bWcDsxQvT-Bx#FKF=d zHgx%g+Nqi|k7TWQd^uJ2GN4$$EH)4;w$g2l#8PYsP0+g5T@BYW>)30o%pvV<;gG7+ zZ~+k6jzL!Mo~n>01f($rDcxCJCx@%?S(fE-HSXxLY&JQktKsw#Jcq|!pK1&BD(z=*#2X1`0(-tqynO$_K(0{O)Ya2>AbVi(z{Lj^ zH#ARpq$AtJ2iiEO-ZIva{XcV(@x-&1C#jKQjjT>=pK6w)&mIFD%box3?oOWn?%mXV z;{5kr?#+FUEXY-~q*^z{}o);DLu8y;cvrmL7M6mx~1>0(c*x35&(r1kY}>D_#Gp|{jsIAPUR z`YhT1*Pr?Up5^*~u_u}Tr*~6N_lf?0Jf3*}XYN~?1!(TvJTPDdcHyCB@Wiv^)0F>( z=aW=3`#@Tz_1J>t@_!Y2dgJ}St57VQxc}j}JlHkQmtA|Vn8B_a{@kP$yR_a+Y!dcI z&jVI-nDt4|dZ#L7#?%=-VY+-gukqZd0VSTelCwEYYU`B9koQFG3^M;oW|lM{bqw>4 zRI4ab{bh2AUS2eo15^Q{G3VVmFg|B$!3zq{-IXV6VD&*S%LjucOI}M?SHYmyD9%q zSE0N2#Qg8LJndnip2)2QS0XBFb(!|?&IF7u>K`4+aXSvzZSzZx+tCg(k3GVZYe5Qq zX72^S8u3Uh4fw3>%%k}l_QRV149B#qr)T7)9T0pXYC}Bpp+iVJpKIYPX=pSk&yogO zT+C!LRm&-3NZ8fR4@Al1O(oQHW-KbCoM_@znd4h;$hvz;BNoUmb5m;l;qVCeX_N_a z=7?t+2C>BfAWn}w<3+W^g(8xT=2KxloWp8w7xyHLdj`KP+J(gb#Ma@SxMD{V1M2En z8Y=4UXri8Df_8=L>qZHh2Y81-JEHkMEulk;LWqehZ|&$3$F%nn z@gqDb8v7PWI#DY5fk(9u+om5LW}`bu)wE0K@=VJTiH|%wH~sCX6WD(8)0Alt9eW9Y z8B;|9XWCK}E{`qOv`ML(c~V8bu53c4JOL{X26Qo84O^-|B8qLfK-WF5d86g62xauFXxgx_Vi)Oz5nX+>b$`>(%8I%cukJXmp$k`~fYBp5&kQz;r z$iOdNytsjh8qNhr9;qAf3!mVw5!d5cN=0&Jlh90>WmwuSWDaqG%r5J{2k0;kbuiBPKthtia|MzwjWJ#Fa%1-6S&? ztvu+KH<>AXoIM4&&Sthg6WXKb`UuHebo0ta(MsutNFhC*6cXfT!TyAA&JnB8sj}H* zU*}Am+QEh4B{JqobRT4yvuqRzEH>o`zs4?~BfhT5#IyWaGrj+wr7K#gVA)j_4|&mSSuMQ({zIBrkoU1Yt&0F1jj*LoYYPeV+|3 zKoxZcC0>-cF7qob_L7EjH<8S&E-xVx;8{U9R4|2jz!Q8Oo<@}ez-~5 zv4kE+TAY$s85?!e&f~zZIi7hLM0@4EGS>4M_J3x#INC6_%X2IuZaiv7lYzyrtl)(- zH0+Da(%k!Cg~Q8Gqh#|Qt0v=jv1{(~oWKoJz~|704dTzpiih81{^#%ou?^QTZ9jVB zI)?l)N4&C9xk~)-?|JO&weXi^Qn>vtJh9oY>uelbxeNtiIm|249Dki@Z_kKN0%VF% zg-)ogKNYJZuBO*A^8N$c@gcw%ZbIj`M3_|EihwyFlZHtej4&euL6yL=_^~%qhr6cb zG&&>h0EqFg-an9u-$uX&){JsFLwK`76ov?WZU@$9iEZ#!NZxh@*}9GRwJ9juSyyCy!zE5!mS zbJR9nm-x)9;Xa(}ISUQAif^VyFtce$oQU2UD?y1L6+jo}_=DG_SehRoCs%fiMvj`7v3i9tIy4fT@8L?t)N|rQfEW)_KACp-$+u+N zt>KCZQ2E4N5-_{YiLpc6Ceg0mB+)KUmPK7ao@B*x-VYd)dRMPX-)VEj2tk) zhgxpk#C4PWh^VNXkwX;k6U@UES?XQKGIimw3kcYXkg{G(IEdDJ2d-mG5sR=F(xTOw z4IAMt6kec#UAMV1QSMO5@y1Nttdf&Wyw8?bw=*UgvBKY`q@X{8}8C zV=C9ZZ8X*E<7CLQG*ca-T{*AH&2FM|#F=eRW4B#pxCw&79CtvO%c?3zDvBl0q{=p9 zIn^q6^uh5hi7lO_X3z00pK?GOWrxS^__$g^MXkHYr#Xr{naup1rXt*h;+e*y3%Jlc z;m%7m>6QunW#*H7luKoeOf;vFaXntD9hl+@99Y%_?+9qPGUoUb9-+kc<5mV38IboS zxt{4jk{>-h`Ix+a$aUZZCh%xS?zCg`@nvj$dI;svC|)q@L7gi!F}Ul;23ri%1|-jN zh6tI{DYsS&Z2l%bz!6N&kQ~M3fQLBLQoJGztD$QuTO~~H(H@SzP;g&@jko|r4f%B< zP80Au7+vaUlr`6LT;lo6O^3Afrj7b1r-yg;4@{3wUNp0Nd~_&Jd_5m43S&2eGPq+R zd^v7U@hd%}1oQGV1t-3a7sg#;4>-2XU42?Yo0$N7r>U+#P1wS8%_G>LCDbM4 zh2U0C%+DZ{&<3pQ#PtW5Ke9brEEKXEIIC0go=wL?j!SG*C%$LuFi+$rOI`yDMO3BP zq`}RoQKz6C(S4bkOrFne7C2f5(k;YV@Z15`Ur>5V%sTs_d#(#Ww9!Fnw|;pWZCyi&()jN3zV#B0d5=Ju~0^_Qt* z1#tP9U*j)xVvZR1xMs?Z<5SQBl}1_2$6l2=R7^V) z9^INLQrpfl^YXbj@W*SZ)TnKz8qPAtLM|pq|mHVZ!KR~;QZfA0 zT&qre%#2Y=t?*NGEk2V-sUtqLtl@i@RLoiBgF(D<1AfDc5#F+@E`(FrsNpALYm}g5 z(Hf=DxoEjjoH=h#tWm-nxklMssks(kqFjN-PJ`J-8+Ghs%d~Na)LZ#tq)C6drO(L% zih#ry%h9pL-1JCRsc5Q6ktJ|G)S_F-UC)V|o}2G^PQB$>xB)|K0EFcxFwZiLA{)P> zd$M5}JX&G%qYLZz4DJ{}hG)(ZepBUWW9m{XKZ-pQ50>-ea3EUv60S$U*bm4=joJFF zVR|U%qP*k!%^3pobJ)wL+SEL6<-BES4k-G%X z;asm))Ow2ACD;pxB0CiI#d4YA)jJ^tHw0zI~689UvjByOoQw{QacHMF>xmumtl_aWRlb$d!h7J_Ka zUn`7Rb%NM5Da&z`t5E}7@rk#3EoiL(u&mv{b?eVp7o;IrwKn*Ap7Re&{Lva3o4V!# z&pIa`iRVvIO=!~yEr!$SnsNoLP4~l;^>JRQ#(cRUSHZYk{ko))a8kx2GY!fdPFP!hjcw*gxhI{r zm=D(7rMO@TH!OUcaNtnN9(@ypVnKRxvF;{r+YdEdiE@bPbt>~=QbC23wBoI>at%n} zj$$d6Ct!tb*s6ilrP!L|%yP$bN#LTWESrj@xl96`M^=hWEt!rhQ6gOAm!fV?PY0MN z%Ax+)QjyQ>qhmn*;R>R&raR#g7keafw@u1Z{5aszqfVah95(k^c@BeDlKx19U-ZGm z=pMFyln8IaF}NxWSlFyb)17e3PL&q_%_sDujzN^w?`%%U3pRJepGs1>C_pHc+t@pTaC@o`JdsctoXf`z`8JFM!bQYdDBL&g-si= zQAL9#Tw?k)HYH;!A@oUt7yJ5@A0_4IYD4fL#^DM|tX8R&O$zyHh|!5mKfLlDq(cmZ zsf3cc)|-F}>z&Y||yI zA6eCV&vzSP2NiWFi1?$&Lu>sn~K&E`h_g zhie5@)21S@VB97$jj$Vj+`zXEpbV=s0dM1RpE-m*y=KmloMRc`h1OJlgrf>M-6GhA zg=Tm;Ps)rz`E$deLt#h)%GMh>*yYt^xIz|bXmN2vO1Bkf?U*D2+q^U&>b(}cxD4V6 zFRgHFv0us5HN2uCn|4J-R$#Qlgc7VW6MO*sXfnd0+=x--*r;N9vTXyG?6waZDRA*ud({GEv07@VGhgnVIzxIw$gddC?hObcUPBn3o<};bMt5bTRd7m-yPX1dUy- ziR=>NN1V>fBUBJM3T8kR8tM|3T`2Z&g*!l<5Vs+31kfFuIu?P2aXt#$j*mQIm>$u2 z`~+AR$CgFKlDPOa;#3vKO4%<f956$jPa&j^=m{Nh3IF9Svik?BoI|oH^q9m>B0nU zlUC3Qn#e9Ia}SnK7E1EBlC@HkN0RU*S}mHdeqsE?viKi$SzK)`hx*OU#hg%x0gx}L zSQw2~rJxS?Fc^$jW5x7=*mI`m*bvbqlh05dB_pDv0}+Dg2X;KPMBdn96JkgoDGHC` zZm2l&gD{0+kS8BVABymvFVU97`WsjBsiDd9hbCt(937ca9d$O63Hv1CNwS*@n~T|% z)E(`=aAtb<>L8;-eSMObrc84o%Mtjh#Pp zet(Rdow3+6Zo>AG#w4kzLm~%MZ-}8QXJd7hjt_3p*ICkFdLG5C^I;7kTEiYOWPpw3 zRI8?4jp759u_t_|j5RHm8lzfhaZ!!Z*&`BA@xfm#C=SMQR`CD>-7<;oYjwP!=~0Z( zb`>8l$nBIC+7B&?5sGjhI+WucR2s1|DOOaxi6+{xbxn6XGT}JZlzABeLev*=TxJDn z3-vg}3+t3sioIrK*<388@h>W)uV zSPT*%1NRIIY-X<*h33`Gb=9ZT3ahf2S1RX_HaiBBH89}jC*C!gaGJsLT}!EUMnbw4 zC941x&PP?B(9IvX@8idyo-H|iD92S{BJccDrpSX}zc=2{hqcXL$m;yB6TS7|`5!g-5+afSD zf>&1qIME8m+?4QA39X6PX6;Lh$8CWq6iaiR2!k5Ni_$`QQ6ikT1+oTr(h3%5(<{k{td-~#{cWhcXw^*MDU^*zPMNdgB(Vb z@;J#FvFhP;-!g5|gc3@~MH@}iP%g)&+O6-MRO#Bj;ZTgM&KOOL{B-FOOmU)98d&Ur zMLS7S@YqXSBZ!ef4Df4=@I0eazJ%!fw8CVlZnDiX%{th0pfYh{3n?c@;%6k&$QK=L zg=Zf{*%cfZ3@R1ku?Z&1I+aRxWp$T0JSl1;q}Kv_mKZa>hizIR-VCvI$KXeMwn{r_ zsVuWOP zP>d$|QkGOuhu@1zrB>eq(bk>uuY-9Q>^nd!;Py9n6wF$_*03nHg&ro)m+hLdj%)M zAsWlp8*(4tGUtdb&!;laz=U6}=al(52JwA@y=WEX?(##~{OCj;yJmi_D8erDHG(a_ zCM+9lt_~6lH^N3PZsq~;6>M68N0@s;YmNmdB2?Z3#@zfZqIqaox7i3$o+un})BiqR*??%e~oRE0X!e(98nv}coYHVUE{Nai` zblHg}&L0RZw(O-Lb`cpb;)`UkOW6r*eotz29+C$RWfX6G)G0%og@X9)`2RA`)v9nqHy>(*2}u4e%2wPPWPI$i)! zQy`Jv_%T?WeGzvsdxNG|;%_o>-;}7DBjdKfZ`KrXVAr)8P#R8aGvk(EJrQVt!fjxV zi#yxI0LWkvLt#`*i-@@SC@GKpXjel2xav4nR+5t_-{N_iquudexw+`YWr0U>Wy>im z^8p28OoPg?HdAvNg}T*3eLzxTdkaVFn2v{P*fVs;kl|Qy6p;%iW>MtQWdo04;U%lE zkVUz00=ezqgBP` z%1ME7D2ccEmV~tEYs-C2|I*wUMZ2-_vW^#!lqrncO7pFwHU6)4wU!cD#ws^a4hD`5 zUn`_Kb{@^ZKF)^&;I@1WSP~N(v)TK+Uw60V<*(K9w<1Mu*@cIVb3{?yasoqEh%gTu zO?72Hwv|YS0~e0CCTl{=hG3HLAv9^+wi>HP5LN{Y5uhZBa-h%hwVc)Ci0T3o1ymA? zX%O2t{Wb6*YXXK4Oj9TG2zM=xhc{htdHK_{rYpaLv@*c4*57pDSXsR2X-+f}ZHMVDIw=^vvDh?$6^2A{K=Qr3c8Kb45 z!}D~i`~2>uW(g}$k(42n`q2g<@Ev~zY$ZyiPQw(7yQCRkfn{znWt5m=mUkJGzCtVA za+12uBULFF{wKf@ZZIwE_nz#UH}k;{YH7e(strl zXX}(F^qevcGGyys18#TOOB%yzvR;&AKN+^2vt9=`O^!Y<9h+wmT&Q~nUF*%($cVDduA2DQ@dwC z$%IF!S+z~O3KEOG0rADlBq6Z(kQ07r!8JX(BLSe&KLN}ZwOX`0ObvE=j_nV^?x-*c zO|~ngSfmB1UstDp5s1B{F@a4lwHv0C;!SZr_RNz@OoCV95qu*E$l+AC~tSSGbA6 zp?Qu)S`20K)5=LxfNjf%)tlY%ibrUz*+)tFkYKBYcal#Lel5%^F6wLl{0+N;IE zr}80+rb+o~{n!xx%JxFTYzV6tQmiU(?ijFR;97;aR^?u;%HqQtaeih=E3bs@4Ohf% zSYtb<5az+&{K&ivf#KPEARe`b=Lo`KQdCxjpA+U`mnIc)re@h9sNCQooqNNx4icx% z5Bwn8F^CA2Y;Q+ngy)?ABz`hd8%o)g@Hj#{8f6s0DH^OZJC24YkW*2Kf`ye0{H)AU zGO;UEGu`cH92(m>H8VW1C@)+y-S9XG9>hL|{F5b=h0uj;_-O~$X9G9Va(GQ zuc@pi8&CX>Zzh#cue{7=sXd)iR3_YaQQk#6Bl2bXj)D?d4@IIafw-K~SN2P&JG^-( zZ6UtY^etQqZ~hdmPsdMEHmw%NDN9|&U84epmOeUYHHv2mqRgG2>P81;)A5r%2f1z> zdEaM?H|ZZ?e6dD?UUk)-O8s- zHbt&8aUhm<%TRcka3CtG9CvKzbVjLXa=O|@i_wJ}%d1vAa6j~Jq(~JnGw~|c72@p} z^SPEcbnWf2TlgTsYV(;KIaeKsZVZc`wrNU+i?*q+&Qa=!49D4AHmzDV+ll6Dre2e0 z+bA*`Hm;jGZynasGRLj(yli=|!A2!XT?c}Luz<=AEUOdQP7^vviHOXQBRKokiS(M| zgqNGj6D%Qi;%NwNth!xHar!TqVq9R`z@CA`WwZck*WRH{*n@dC8h4330 z7&$H%1ontXhAdBIUcx@Ro}=>%J-O?yoCQ*{!iq$pB8y@jx~vC>aRsbMNO0Y5*_mUq zl?kSx%eJG1I%Tw0v-0NxV}}1km(&-Uatf$s(S_5nTM9)v1lJrI8VE|Qq^oy9jo2ub zQ7F3kH_GuNb0LR$dYG6*s$4_bCk03xO9UtyF(O#Z#-8>32o>uY{+Dy93k!P zXoz1gI6X4O`kh|Gc2ycO-=c`vzSlq-naT8Ghlb@{>K*bhyUei0GiAeFCu}$udhV(B zSFbSP=P0%@Bj)Vsk*Tu>*tiNecoW(#zf6xzsqZ-|(9JM4H)A56CBGBF{l@a5a(29m=(A@-WT{LEbLbtuO3an z;*Kw+Hr6;C==bc10+x9@ zV%K$xgdzicokmHv&=cia*aQN6h%XKX>T_$oJ{UNVSK)H6m)`)u%`(^qQ$4JV%u0Cs zQSxSAC6o3t_aj16Eq9lvas?vsJjeT^-Vxc?({yEFSMRbH9mej+NnUg~;#8^hv^Z5_ zJ(Btc@jP{Cw#Xc@N@yN?Hmh65CR6Z=JW||_MzLuNsm1cY$du#=%{$&K@n(eUMkqo( zTlwVw&>?l>mZz3s#Auujxp4?8m~3#nK*drf)pc+1TZ z+ovHHLZOsNKY|oDTLlPSiTOrh6-l#b2jc6z9rAUv&X)qHBt#g>8CV~Hlmx<4$UC}E z{2Z6?R=GhICZC?EVOpE1K;}9(w7TMIB zC_stbf(ZVd=c@`uFq`(3qMkzPM;exB1;8hDcZS)snR(CjiI8P)p&l>BG;T%=o~Wo5 z)1=T$sVHPQ)fwi@VxL=Cgf^VP6ROT&!|+fJ$)9k=%l;fZg9(x8c*k9QVX=M9m zosFOyOc!lOG1@~6K>BucAgl6nKp_G6ftKdQA|};RkOO!-Is^U<-wF{(`0zumCFHRk zNy&s?Ksf9}QdAM)t}v_sT>b*?R21O{!9i5gBh+1D86-TZ%o{D>4 zzw$k5!vjiVaqneKLty0iAkokvRMt6J=a8dCl*p~!*WDT0aRXWlzlcw>gt*u;=SbMC zQD1NPwY_?o>Bh=S1Fo2E=5A<4{w$awi-O$vD?^UztRzNS&NfV;lcOx97V}qpM|UjB zCWUiF{(nvW+a><(-Wpa=CpN1PFQr!Aw&x_fvr%POMYr< zq*SbLRX8SKoA?N$n{JI+&8R^Wj!k>JbT9N~H$?S2Qsu5X8@pK>L}6O3e3bvs-n(wM zaU+Yu`K_lw7|mGHh|P;`wz8e`$&&17#+I~2Ihm}P9IM$4k{vZ0J&kTjOya%vgPikn z`$@iq!o6>7QnDP+5!afDOag^Mp-`wQR29m)FvKhLy+szhdQjdxryA)|3sfoj=iIq3 zKJ{uXw`SIhO}a`Qte>x?prHR+`(N-Z?|05$*8k}=(;XYCm74gd(u2&I{B1!fqsUW$4JK^svu z0F=EXJ0=(uC-lFqr)&P#D(a|rmA*9y#m>Q)ps!!DwJ<58;jG>Ce!uCjch;PZb!0(x zlzA>AbH2YvqW`9FS^|_i%RIv z2nm}m-^L^4I=~+w@)x21+W6lcX9IOgZ8MXJOLq`w9buwDt@(S{aydKBK&ey!$@0FG zhGaAfiR&ACNNV}1rUv?Z8@#;jGx1Pd`;|*^`+X8t?T!6T2Q)$(k$eutgATR7Dx_UZ zk~F_2`7vHg7;PXKD(_noFg+I>NQMej>#_QtY0%b(gR$v24}sT&eYMJ)xxSyb7rxce zq6Oq5r9-x|o8Cr-%*{v#o- z(f*k8)Z}ZUi+GD^5CzxS5S!I)2|6V{X5cqrL*Bysd>O^atY;2TcA^R{i>%66h$~WVs>@lp&&-gFvcQI#e{ltZoWF4@C)qpmLONXD=qxe z`{;lE`~QfN`v3Fa|5w-SgiE9U`S1VpmUwRXKmYxIdEl+&=F7w#jRH?zDF^_JSD9R^ zsso%aj16Dr3u6lyv>A}??X40h>|66Pe1V&9guX#X$LANvhX zuSQ%n%F+x11mHcH6<$==HYCKvzCn2lL;aBNLFL?veW;q?Q<3UFMv>}X{}HAk7JD#w ztL~pCu71E=UgK+NEFa-dL-TgISYcm0CeCZ(9;#=*M1B(o7c?Vc@s!%fE-UDjemrY#)Sg?`a9ji{c*2Bs9#Ap z86mh-+}JnYAoW<86SpU9}fdJYWKSB zq`$*tVBuM}{4+?p#kqXinLpQBe0Q$8>+xO6$m)aJo@ zdv~YTUuN%C#rCdnfyf`Jk@Cyf2@tIqP=0!&wc>k-{0+$UO$JB=z{xuIGJp#CICX=N z@^{-wf%cJi^I49G9galIZe#imIfZI)&Ksvz` z3n8<@-&O>D!+0894-WZ+DyGng<)-3sBx6W_XrzZw7)->D+arpunyVxVzy;!+$Hb@Y zT$Z1HmcQi>+pLrL)1B;G?sAYtjG~9X)YDSf>>?K=6PAK zWqC`8dmOqn4Lrvq9oB(%WLGXLZ)Aqfp7X-#i=Z!t^m}-SRQ_v!r@OrkQDS8l)*beA zj*EDdU3!Pwh)#@uv_0b=zZ>qZZ@%tilpT6e2S+z($mrI_MguQPLey?Eiv{)idrsHs zI=%g!?(S}dC9_py{?u7BdDCa7(jWXU68)@(t%NdA5jG%Jm`9 z1qDxhZJsUP@WYy)EzP^F=!yTNUn&vLn>!-iv&YzX}; z!x?sHOh~wo{%gftAt#99Oui`B79L9;5?ZcoKqe){A21p1qt)LI-<}PQ_hHjZpDLS} z@rEpFFEzgnM`JMxaOfK#rH+GIzl@T!WjN%=AH)N^g;Z|NgvOimTt;X#<@1E*YrKj| zhJ-;MKem1bP2wO7$t`!a`ab)gObXOb2^tZzLdS2n+sLKxxLfQd@WA2_r?(hKXqts- z5Qo_A1bKfE60U?z1c42xU8b0Gvppo^wi~(OEDb!`juSG)=>%uCqHgjEKSCiZV@1!x z2<-iR<*TR9m;Eu<`xh^fwwrl7B8vdg>3Z@xV#%(#6K;cDvo(?d`9`lUlj|_IkT} z+h6szyS?51c7Lne`>NaT?e@05Lfua_Y4elO)J?wX-g~V4}- z0iExcjHV*>0Q)lgNwdY*D>XsgT$qS*v7#MQ7uO<^)_2gp(si^}Q3*>!Z@s?fr?n0N z*ee@NKj_DUi_??SH>h!sjg<{XR9n^NQ($^MwVvAUy#YBc0FLNc?;=Qhv+z*iBz15@|i!Qk@v;=|vLe|ovPMq(UM z8lr@;V|#+{&{ltaam-f{_9g_a{-%L{T!IMYz(3iC0Y4Y1*M_rPv0_U21*}<&r<}X2 zi9dTB%nw4iiA#eU9L{*9qxxh-@memMna535K7ls-27c7Q>t?HE(#zG~2FHgN$Cn>Y z58fS%iO7^ zRE-PnvlWgf%I{%wGEBxi+X3G5VxwhbkVD6T zh|O|(c69vV{OscL@7^InN;pbq1C~HAwLku;i&njw|o8 z*mvR|A6py)w(-T1tO`8#R~6klE7i+kM!B`noHb!!_(Al$mCsIMWCtwdmtz{2G3XC{g1jn|OCw~MXrGh=lJ#}_}G z9F{C_cAD!Ok)z^D1BMTC5d<`(pKe`kQEi6WyvPcmjDIW`PeiuGdT}7zqW`(ZZ?-yNsVGo zOvzY9gvv5|asqXw??CK^CGvwvyc?g8TgpRTk3@)wQD8iGDFu#LxUoa7KMf#EL|wqC zznH>Xsqc!4N6s(PJM-}P>$|_(S7Q58AC5?h*5*naD`?r^Jn$&U%TzZ4jg&_eAvPog z!h-EWrg4_a(x<<8B%&k~6x^K0$PX+8%1bmiuRmS#ff*pma9G{GToK-FF7?*2>D3 zgWkGXLL7p3;BOPOmG7*R5{iXj4;{Js>z)8Q6d79I>JS`)#`N2deU7QARN_SWanObaqOqg5Db z|7G)4mObMnh|&>i{fV~!L|gV5Bfx$Fl8RDODM>yHbx%ezb%6s>Y6p+Ig71P{oH<+* zvv~+?Ygb6muVk?*R3@X3w59tbjyQMc_{^XE4o2WL-NR&}rPY2QGK-VlTxhgLf6m?(slR2X6ED|b)+}|bYOO_PZlM-nHusnj4V#=C7nqXp1|xYj1`$&A zlM+o!XEhGV&<)i^TmE>h_*r_y>hA37PU-@@xzp7F7Y!z?8rMx(L#&u|u|eImtHIT` zYP{0=3V4Av*PR-yzA-{QACxp~z!5dzo3%ENxhAD+7UZnO2wc*w5x31Ja$VC#9N3W1 zbH{mbQbTP0c@~BPkxS8l&iOudL@vPp_;Drw9e1(X_jNVh5o(JNW_fRyzhum<$g(&r zH~3tV^9-PqC`b=gt=w0597IiMU)i~C5voV5;P?3*>bSo7aEtX?j3U`J^k3R!hI?=JSa-f2c+J)R8mIl1PTE#n`IeAZ&VGwH_|u<{8Q9 z32S>2jmWDR;Axo4J^|Y@h~R1p`3bd2yg$0a#mLl++!!*3s`MC4)2xqOr-G1^~fv zxl)*J+IM&g+IX=+hW#jR4Q$!`@9xJEK6{ica z!1;=i+QjbsiS9E)doF}LXTV%6wCp;dl>=G)Iv=XJKg|*D1^qrd-;HDG=&RrJZXC;X zHMRp68T&60jl&>Ct^F2SEB9fQ%8WH|r#U$uG`GWgVe9cRoe#ZI7fUHoKKJG4(`T{! zf1L!_R;h@P9#}s{{r!Kp+uQ2p?*DgsJKd-I|Ht^`;--pOo?HV!X&lzJDmWrO_r#t) zjXn$R|7j4lhlHdwP29NcCD?Bu0OsufUayzW|J>`Es%I7yDi!MS)=_70p5Ry9q6xWPKDm);24e|~OWe)=r_Sxo*Ljrmn<+jzONa*TQU-|lW+{_l48 zwx8txV|?b{v$LI@6UvsrUS2|5Ec9i`XI@R_EO!5u;S~xN@sXf`{iJQ|rryMv@v=Wc zk6ug3Pwq6VBlm15g#j@3F%*A1$=OOCHM7o7@ax{rIu1 zzmXR~4{WE^Y-NLr#@6i%ubOa{ea7`)e*eR1Addce88FZP)9vl%_5ZEyC;#uGd}1$vYMZy)?T0rUR^^745%eWOqcuk@U@%&y$f)ih6a%A&OakYenK9BubTK>yQaKb@mU@!A*Y$+u*+ucUOFmwhNu zJ4-|?5ij=6QDwR%TGbwS>(KbktYcIInBqi3hJqRo1=_sJ0r0v&$09>K-6VX5&(iW= zz5|f7gJ?wVqyKkzw)zGAzxSm7KguU>$Um6p&gPFVOJ>U%=Xm@V%BUjW*|$u7)$$}7 z5su2|UfE`!rT2drcsQbSeg9uI@&EPm@n5_B-6#F;Q9gxJ-P~DXjpctu)!0vC(~B{d z5EQEm3X0WIK~Xf#=bPkJ>Rpb8B7>|<0n$3pXIlTI_y05)^Rj7e>Lo#3X8_Li{}t*# z?RB@G;=dl{Q{(?rD{NNH`(*b31%CQ6RR%r{?9hqyzr7AZOr1A4MXeG0v!k1|a+i6s zdqAS^aX3AZiuD{&`Q|lX2fWtaTJT{PKk--TALeq$X0pdr4eOP@M#>{X zD>TNQsw(Tm#Fy`)av;VRaEENQ_#KHTF}tqPKciOhGKc4^6=0&@ET+^Z&8d*lK)S(zXSF2rpO6qY$o>4PiT|&l|7~w=J^BA1<&)e0$4N$2+OJ1_)(Sawv@TQpm$>>$wJK4lU(dSP!;wPG-bn2gbUq0679`c{RsdIn%ztter@ItAt)TPXteA0*AKY&&tV~uVTu@OWkCQ z)APD+<~y0PTbz)TcqH6Mmxt%@4c}LjG>zK{$x?V1vmri)M|w%rDj?KiX~0=2Jko3} z4V~DJHP4wAv|o11w-gQZFsuQBFsM5`tl*UTbrh~_WTyIKv6svG3R zC9R#yI5(BCRxEz*gY4Y#7Sd8yUK zf*{Soov+N8Ws=q*d#v&p|2Nh&mvsg=H)NOJ|EZheQ5MoU$shCff3Mr`_4D~*q8T~Wbke`1>C-2VBE-nvFFZa>=^EVd<9Ed~8}ePvwf{i9o^!X3(utd*iA#+k_;UqL>W&c^ zp%=~_A_?ksox4pmb+0j^SprYe$1bJ(Rn9C)7$HkRu;r#WEnPi89Q`voyI2hQ?_P53 zH_pGw|#lR%(16rN&# za~QeuR)xXkNmA=bv}1PhT|mDv+>KK`bC*?Zm)Uy)LBP!)`ib&u1GN|?B-0VnqEE*af**#ox^)wX@Kcj zG)Ubf&0G2l@y<$6~=7>Du{yXwmwurFfO(ALAm zgFR*UYBn=Cs;#DXubWc?r*7nH=4F$AMkmkgFWO%2i)4!0qnk>xY%I-`2^l!*K7Q=r z)a&>|M-x+ny)oXfw9(;fVJZW>tsfpLry<{0-0Yvgz48+4Su3j=|0_h&r`rp($3lP&p*=4Dktq4UbZ? z%yzNl$bF>9L&1^UeT`?dlO`EWv2Vi8UqS-~*ovIp;3NrrtgLhW-iYqa#M zPT3Acyd^q3K&~Xz<-{IwN%DN2hSc$r^Z^&ia~Z&SV_xIg!;Tpz!Ht_@2Dk}lESEp? zFu5|7Qd16dFWwS#fzwI&G#{G3N{0A0KcjYpR)0IVxIB4%aCmuk@zaODo}HY2_}lSM zAJKOYJ9LMU?Vju2AbsrNQpGCQUk|qAIr*>)zS#P{I~ZIZUo5-A)`D_6%w19(-R%ES z_q8;U%65Q3O1P7Iosj9iZKVOszu}q4A2&ZL+N&_@s)?ChWrd|ZDMZUtqDV<0~+fS#|=VyeI zl+K%w(2h$dAbz_y{A)a`gkK{$=C~d?RnFz^PtS?}14xg<&<&>c%R$ZiIrKV+xuYE` zciei()kVzP$Tta<6iS5*yU!)YAN2xaAk1xY%Z8o=l?oS+7uc^24?rYB=RX`)fta&Q zR+5;S>V(`zsC`lC9BPEuatN8aocu=a=~ZGZU3-DdNyrOgeNMQISC$V2U4QTrD4%R*M$M$ox2M}uH8 zFIl8{qCfwc?^_uqipcf1$S1a*7-AfwzG?jUB*Nd8pR$$L$W5bmngr}D6|2)EOs6hm zy!7D#o9&+I=K_qLg$to7y?TsOV8N4UL|)ARg%(;11DYboYT2@4H6P+ayG9JTVMuPz zli(%@@faUd&kbE(e3aKCtz&PvZW_9cxx5ki;{-!^(;*+Q)bE=`k>Rw=_YkPI?CXlk z*OIG;W=7B4I}h=41e1g>TOAUoA{WKXIC0~c(W=~Mv1&jl_#lMWM4~811EuI9i}Ww8 zDtDxQ`N0~=_`bep{-K95DET&XA*y#CDxj&~AH>TOlCcSgaqPTtD|fLQ$BxK*;Z|`K zHkz%{V2VkW>d;d39r|u9#miigjXM(@PW8hjPDsY&? z*~QVPVwYk}++r*v``?dk6qLnSrwQ^8#y)beTGZ;-Ifq+~VqJ!V{7Kc&Seo}+v*3bFFFPWG~=&g7@yxHDc0EA!jwpC4kF!b@V+L*|=4(D3@z zvD%?kv!X-vF>f&Nzvcpg3TdrqL|diq;amb~1&taY8;$t(I|>rZu~IhD(Dkmf_==rTj-Jj}*HWaNfcp&UcQ3PjoI#T#@ss&N${8lh}I z$7d5co}ERAo5Ym+32(^9PCSI!)=rUW4rexd6^{P&VJ$ESzrPmKSC(Dn#O(j<=Onf?9IFon-W@eu?-!DPCnkH zOFb&p1gYh z=3YHjFJ5wtvd0&$18uc=fYs@c(VO8DuJc2Z*JU4LnE^B-$f0@c27q;VK9y8IYW2%JJhGip+%GKi%XRa`Z zt@gF5X^xzq#g)5|Q=_;@^&!i8UFNCiPafreGmml@csNq0Zfz6s-(1Ll8M#Hv#ipDa zvenG&gNBA%uS=Ds|`DDRHrdd zoU$^F{A0)2H3e9R&NCp6+#t*nd^t%losiIP3Nzm?FGL`JW?`uLe)H|qauIifYdPC$ za6iVj$NEzF+MdM&v2~6#_vUIF-h(i;4f26_+6KBHORs8`x}s2U)vZh;izFoDvB*E* z&CQ!`^gGm%cRh?+A6lr@ZkgXW{F?{4_FhFTj){Hay?EV2Izb%~2h&O2AZ&+ZEMl8i z^Kr#|j%Ky02TR&rElrJ*fFxpLoQR;EazJG>DN}XIelFD*N^kW93tY_C97^2Vr5co* zx?vExZ}Yr0=hn5V+y6r>*-6RNbJHizEaQm9Ika9y7zH67VmGZ$e=-ERYFrWP(<*Dr zBXJTO6B>xy_x)Yq!5o;<(uSQwEbqTH*@du zg?^>M{(TyjRVbmV8bu?&cvG-te%QibjV=HU%9MNR?w1%`9d)jp`6l%jySyv{FYv=0 zcj5yeQ3`pv+ot(TQ2(hcT(J@!T8om+v(BJQV(>#ez$TlGx5z(@kwrZ*|V{#wdL zt1%!RU{7+u_gR7xlucgZ?WS)0pz^E$^>OdEn%rzHbYRxrRn0#b>$>0jwrYu^vUtn4 zNHo-EeNAFc3H-`c{S>wB8?3wq{!=MFmCpe*UezUo1LlSXEO<0E4)kirH(m`6xuAhh zfdwDJz@v(^RTau=9*Syo>MI4xIbT~g$F8DIiE>{^9x>qga{VPm1dR}*45!S{$a(~zl%vBFE*$O_a<-!%! zqvl$<9uotceIY7to9!s(0yfJq`V!h`|s_IGx7dS9XLV-O&tshfP&z4uu8 z$$cT85*4eFq2PG);nNd?W~9l+fQtzpvD! z{2Layp&4)Iw2cQ||AqE{&X}0G@w}}MpSk;gyPwDcDr4^-4CT{ zy2y^NwM`#j%R7hcPnCJBzxhE$F*VrqIsK}7^BWB%0nB)wk}a=(mVf+Iv*FtxKYrTv zUugda(Kx}BHrn*YXU_iL-RtM~e}AX9`?UWbr74__a=l5Th2d$ci zdA=ir{Z|Bv<2xfYKy@@)44T8p=R+%SVrFsz$~`@QD(eO6fQjAKu__c#Z*X!*rm>q~ z)cWq_P0#6VJKc7-g`7h-c85V2qyeVR-?AYVg2;Ijq=rl~C2WM#TasJ{(b&0uPMv^s zZhAwUy1fJJkAT)G`EeTTA5X(cCB^sTo>ke6e4Kf!U!N4OET?8$x<_Di9JZ z{>t^Papc<`(jotnudcDTIWL%-U3!xA7PQ*vbRNqEkz^qc*eu0tLZ}Q3(ms+^_N}?S zOIo)P`v*q=n&-~xNt!A@dF-YWE528yN3G^ZNJy6Aq*$)ZqLOl%G@w?lZ4K4tBWG-# z$H1^c>{?6Qwl$QMlAue4z3&H%#oh2CvukfSX333yfrqO3It>Lkq+!KtF}j_tRTXDY znR6P4f#;?q$t%Kemgt{P7CKc7u;m9#MdQM`qiFMZCy(uRopbhBE7|1qDW_=pInAdVv4!#s;tD>ePXp|o0WKs4jDg%6Si;50v9tfl+nPMA3)X?E~52l4>t zQAdx^`J6{j?vb28;T4cb{ms)|Iy6nNI}M`o<04#t{50o+c?U>??(@!-iZe#OmIZ+H zky7z{&896GM*h8+{kM?)FXCqx^Zw1X|NDF0y}bXgzx(9>dz8P5067(C?eCq1Y{*tiV6tp1t{SbaL@>wWt1hdhqV}!9kDFF&7h_6rH9=}{& z3n^;%Qsi_vOg_%X4F(MLzw7w;rW0i$6MYlx`l#JoFOWcvz>Xwq_U&I$i-To@eQZ@u z|GpU6B;@6X-wKS7fdL9A*7=pIz9gJLxTx17$+kO0Nbq582g(jodgt3u^Ul^Qo?jv>_hNW zgs~5}r*4u8)D^Rd(*3Q~-y{|vTj=YT>r5<5jmv#zOIbjDpI2`w+K+3!VSbIEe1r`Mi|5TEM*fzrEg8{{DY^>*@ag zQ9i#_)Gvpn7W$~+Q&)%idak8m`+YJkpq%}_OsycF1XglU$O-G(#IFerSZe*3*#Djm z1aI@e@i`J;?*8u<;(zw~Py7E-KK1)Q4UJI${Fa}jX-wyCd=V4GBV?|#Ax5aH1FJ(pZfjZ+uJI{|7>q< zKl%S2<&$$z+xzyXlBZ{*RY#^4I zHi*V3peQAX8BdI$h-NXoF*PCyf1{0}IKimrY&kt<-x`o_gD^xxjJy!L5%y6QqaZ>q zVnQ=PqTH=&Un+$rX=**bTiIyQ=c$aI3q2fG5L#Bio6O&dVvJ5$`vwrbs(Kw2q@If>!=q#6x{Fv31aq4kBu%o>vMpIQe zx#U-SjFP*elJQ#2k1Nnc{Z8>Qtdc_oRlZWT;K9{sM;LE3tFlcrH2vdMFUU2YJ*CD& zS$f%xp=*mZOVevkrRLJEuw9jHzM z+9M5$L*?HYpZ8)*DJk#qSWEfREcH%HDX68NXeotukJnjB;Z;A(()^VD)GrN{jqh#*3KKG{?cYM}Z18G$;$cTYwz(-5-uF6?2_KA#2;0dwc6@ zJT6__vjnzPPXBkE$yq9E3-?s(^)#(`Mq$3QyTb1=*TS<)yq1EtV!Lu@ZFxD^+J5D% zv`lf_vcRrNiWSQ-e(oFfFYB{J{6~D_Emi?$PW)GIr;z{E-+QY6_Bfy4igov^1@BsU zn8>Jnmo9MBeij%8It@4>F_ht>sG06$H%}11&2A zS_BUDJ`J#QkL3}iqYs6BKfR#t+&MWU%8> zuzSmZ(#ymhjRMb%Tqymi29X+2)ki`jq72|LzHpwK=Lgj>lXMzqC4##wYl zoJI2pi#f3s4X+E@wbukzfU(%Xshf;(x@ho4oRE}wB-}@rhx}H-3dHy=|0Y01yg((o zCZ=YzMJ={fAsUM!TNjy83=b@GPn2^fr6C!O7>_nsELyr+wYw@0f7!*&J22)#v9E>7 zeWP`YKtBb`(4}~WE{$)~0F=rJK+8pUXjPa>75X}4r6$mOG4-RNIx$yM_{;`G1O4Bb z;BXp@Ba-0d#+aA?x6{w(|97{#J5T!mV|>0r=Wfb25*+e;mC@}4M`)M@q0i3$*!8a6 zF{aMSH|TN_P^ke>L?<{5(KsYSo+S}P<4wl#ZW`QR2of;9XR5(BD8ggVU(s5e;8Adg zeSSmr^}2)3qHu;t1U(r_D8>m2g9tk-&e7n*0N#xL1|5>=ltk!la+#HrkN-!*ka*YZ=OIQ3 zo{}5vqftVpX4#GkJo^&Q{tJcY#>UB%q31^F{>BEn5D>4V+Azgw5_t3q-0#{YyKDfe4dagPA52{h-pCLL3+9_r)m%asy8tSu8Z&*6&SQf7`4$q55@qKY6Jm{j88wZr}%@qvj z!8z-@saw&?SQ0K*q_Y7h6yd2G=t=K5J95(7)%%NS;Kst~mvuNo#qZ@yM_0x`+lsns zpc8h^-(ZB3gd}K+DRsw8LZn#|F-?Z)O-y&0#<1_0;*7F*oVY%g(N@L)Akt3B4cf{t zUma`qoE^4dg)M{^v(8^%U!1+^7~uaRApHd( zePjG0et_@W#`g?~bz>fVIgkFiTdHXUfV3I#2Koj#8+Xcur{gJt5bU8^sxi@35D_={g|2KqY^{YBQU>+F7hfzWk!*Nus6 zE74{i<9x$G#`++gg;+3AoRAnN>5MPJEp5}S_RSU=29cZ0*snK%j}zrzGKSeI4%38Q ze}IFa>+G2Hf}`NfOHp6XG|8m0Wwf@UU#dkV3xwUT*J8z-0v>o(sV zZ5>}IVih5NU#HO-BXs2m3kj_5AK?`2I(@x}TY3?DI~J{^^k65LI1`H5^o;jG#3NlN z$bhZZ;YBHEEtpQMocmXJ97F~fMeGGc@e7c|8yl|@?1DJsvW#hrjFqm;AP~?KJ(48Y zOYL9SBr8?&zD7)w?)WYy6q|;dIGaI$ySWn`1bsqvX=4gR;ax!H^7B>Lglgy>A9{e} zh1AIxPWQ9(-;4Fq14`ScK~%Nvx=ybrr`_Ml8$l^yM2cv*fL?jN#X~QoAUWjgK@xb{*lFTUFSvh{N)RSma@Utynkf?c&-5CJu}0ET;oV+ zb#1P`QGw;vtsA7TNpd8#fPJpPT^WRfvdmeGXc~keV(mFEAH6b0-&3RO6XOEA{uHAO zW?|B8x1=%KyG-f}G;3+KQ_){cw7TQA>X^6Zr$HKwbsw0Zx!c<4AMZ%Q@EVaC*9t7U zhoclHmN&&G9_>hW(ql3C>rDN11H~2HVkO$Q~?uCDqgB1!Q+6Y$&9-aJ!>54UE)3v{#ELZ zuYhHJ;$7o}=a`k-3*1E|jy+?6OkYh9ap}cR#fHwPE!!Ej*Sjk1$;G1C_l2|NY{OY> zidk+Owb4IbICtp1aK7ZY!`ObqAY~@My!c2HjOE^wKWQYsdC~2zbBEKr^RtV~gVW26 zjg<{_GU86}fQoAGTK7RDK{JveH-r}e-~e$WZMP{aYVAsoBMsx1T&AvXGJBh1WqoaI z_yjC7cQj%e%8XzL zbe-OgnnpJ#D>+FA!8pSH`y{-;egGOK+h5w$km1V^!KV#L#~g!Sr(~gd9U`@!2}T#k z2S@LYnI6LZMiDv%oqRBOi&C6SnPMR*nBY;!aA4hBFU{N#{dDl|EfYVPmu3mJ#@$lm z=I7>-h~F}p<`e@u4a6k{qFxfjDYXFhB|t+HIuh4O)}q4$5i$|d0?{i0Ar5Ev?vO+g zrvhDq%-s^u!cWq%q+>>Lavo;mAd>aaKub3#ux9{%q2OA_DHMlINr`ljK9&vij`+bS zU{alDo?jslhF0_q|G^mVxf*Y4@ny61VUs?43T*ua4Zl%jinQ;Gg^ZZy5KP@i#sTuN56tIFC#zs* z5EvKgVL8R@+Lw=g1H6zyQPHliRjin>wl%A*=U0tf(MGFbMrT8ESA_0t^&C*to>U=F zg-X<(moJ=Mr}x~_ZJVeh%2_Cy#0ni$va3pDHyAoROMP4NrDPwGEXEBZp z{akn7k=?s{mY?n_h-m7DAx=)B5xJ5sk`YO!t}#07{)0F%$vT(ewq@AR3wa?25O$4w zEV$GsiH{Su>zR-$yQ=`BDvQt%j|kVFP)m`@ER@l*3ky4X_`Vu`+n#?_aE^OR2U|aE zIT^(#j6{)#4-@R;C=J|@GL2APW+;8%4N*wOfd>}NG@i@EdlnP-%kMy5$g4Jne9xdA zmyn`RjBwJ{nHMkQjT!)2z%97#^dy8Wg-TGO>`Q(InFWzLH(N5ofoc$41B9V}QKmG+ zIP!7i&A4w$xb3c_%;H}oH>__!XlyZ3OL%hvwDMPIo*+G>AMbIGmTAVLA$l z!Wrs!$HR3;kF~29yP#5V*W=&t3^c`GND#r_G_PFrxs0@dFoY9vR8zSAx@u4G9omB3 zs?gJY@0k3$b!XfJGj`pTEFX5o=1FmiC}D~j#02w8fpEsPV;2oh z-drAEykjW+;@-G=;4L|D-@Xv$+FwYS>NCc4q_y!xy+*gya zH>@%%g}M)C7-ohIEfFu!0EZNFyI2H48MZGQyH_$FxS1B)q{2`1{K#@u0IVT9@CZAYsC0fcMFM(q%?OE zx5Ez@(5r&$3C2>4)srW=b&xXDZgiOs`3i&?v%$J5p0qU^xy2yM3f5#e(>I;DD`Eym zv)H!94u*kue3ycVJ0#JF--pO+PNCWxhM`3`v}W!r4e-!xbhWOLQM_r~Kn@H);$ZL= z$#lj*dToV+V9iXzUT1uP69=6{X+r$WW6M;P8F__90S-l~&5)1~yAilO9gUgh+^w9r zR!SFKVzMPS&JeNd1Bymj7|sO2f?t`ztbun+fX_Y3x17F&&~^GR6o_tR=!lk{X%bA4 z&n=W)=Z*usGqsKpe6M>16m9hplZ!sW<0zPHj%ozL#O0ctmqI!)E~vZW6WWcy7cj zb6|i{(xI1k-C0~A&NSd&e3vF}i7G>N|I6O|g~9EK2V5>|g_~cREwwpqM54x=vq-iJoaPa~IYT@u)Dx zjUK(S9udDO5b9~14a2~bDXB(ZwL5JY4Gv}|;LV(l59$cHDvRABOd5rubmD-J7PgXJ zGhake!?WWlnsPJAjUf5YV|_GoJ+<$*E4Mwrwt%PC7+YUngXGC7oP}dmP;a35l3m{)5d4+B# zfj0rEdj+l7#7Fw?W&QvbGH2o@e%m903}6>pdN}t#UzKErUuhf^GgJpmUZrt(CG}BI zLP~6$=hCghU~O02oQdl{evn-UGF#=j^r--MS$OcI0Dhawlg-kJn~L+pG#*7Pp6Ty5 zlqwMIE{EZP(Qr!=F3V%kZiJ@*6cO_nc`ltbe|4kWoivbxTMs;%ldELd2rQK9KG)8T zfIbbpFM%7oN~Qs+J>W3qTBPr(@8m45xSxeB5ceG!x;}_LMi+?F2LMy|nwu)Nq8TzV zl;9YrK^oj(jbKkA*n5#Xj@1PdUts{pu;Agj#_#;6sT*sk-4dvC_TsM7+tZtIOI*}4 z5WD#>h&y*0huFR@;KjvcI)Z|t(!KcN_FjnT={Vy!Aw#y7ZU9FB+@ghU7I_nyTn+_g z#ND>9L8}BWZWsXQS2#^^QkE!TnK@?hi7O3JC8=^X7a+cKlWSf87ERq)>TiJ8)o&k- z&MI@1)61G^O2%WDU1S;ryo!&8ptBD93PN63G=tQ&a^C>Z{MFyptKZidEc|dS#f1w% zSrZbSo5AE7l1e7w-rQ116FIO6xha{jKm<>fXX)1w@80E%cJBUarkB{E};dlpO#nC=rK zG?kIf1_Ip@1i*i2r0xk@j)pFsXgO@Unrx?xg8o7Q*Me$*Q-trB2oF-z^Wf+|&&2`s zvemlMo?7YZ25+q%T$Qq$Bl@OWzi&C{wk)^FqBB! zsXmM*M&KRyX)v+6Da;7h_o>xBCO$ejc!!u6F|bv;UvG~e8QI0OJrd8(qT?H!%m#ep zUTtzUi)P&Nj=n zLSt)trx{7`U64}FY0QEa_I8}$HV7&vuEs(`(xa$MC4H>wP#)AquP%-c{&sTu2J!kY zgReI>{$rSYx3aNuboS%v<;lBa^zP)%_m}9^F}gVZ&-W)6$4BV(*#$Z{MeonwTpS!7 zfBpYXM9?&&DZg}?UDlG+z?u3#ujRj4XNVeu(rhSet+>i$ z25U+((ABQ9uM=o46>6gc$Jq%>fbE1&eG2)YK2sO?eI+1ArG-b_9`W5=?TLFYs>s} zs=0V2M>N!9syxlYL0l)swxl`$Fzh7F#vr;1#Ga9`r73x)R9ku-#E@6k9+9N&5A&IO zz~#@{ZHiNrOIPE<3HTJg@| z9MIB<3onf2jh>}K(KEK2a*k26eo1-d5`e7}6bx%En8sl+nyD?EW-(86n2;pJk$e^q z#FTV4r!5$QK^!WQu@BBqgdM97d%lPX_L#b5RR5Btri>A`OGaq2`L+xgD)hf+ zpH-Gnk}>|LHS!E-Ew79MD&yi=*9i_|KCL63wP?iWGkwV?Q#XjpjA=kor3-9X(m^=p zuJMeAT(MbVew$k&9#qW#BEqg`NP08IJAXdbflyK_!CbkwFE2#xPJ93JUCI=&A;uA! ziVPx!%Z|(sit;`-!<7WCP{wcCc_{WFmnUXS06!|=-iTx=CyPx{%Nt-Iva1lu9{|PD zU`Dr{l5S#ia3+J~q995o>zO8$S$^1nsbk2u8o1Zo2%Vg3qZXujn@8TrT4^T2TNS{~ z>wT`NP2DiuL{sbs*_1~-F*CL7E(8Fpm~+FC$N)p=GBa*;_TQVt_3*j%7-&wUYOpFO zytjyI({;8D7&;8xV0em639G&Ow((#vlyLgXTQ0k<+8#5d6*D*TiyFldrMOA5&=9@b z^0bJ`v=TEmA>b#QUz!8KBz|6wY-@gBNbBrEW|(ZJ;&a+OKF9J&!zgNd>=p)j1Eu)T zVMsC`iRylEki5Tm3uNbI;APN=0aWb|LqozL7Kf)lbVNO*K=3mnk$r7yI#B_l+7yep zPP&E$zAfXcW{YW|T|+Q$%Sfo1$?NQdkXuOH7D6yRO5L&1wJWXfsN^g-f zSKQzVu6)i#WYAHNSTob{y3g&?1@d3cPfV|a6@-1$c~jk=#||ndMf-74lNUf z9XqJr;;f=){X(3z=Wx~@mMTJ9B8eP;*3$-1{lR#~*P@Qhl?Zd!j(IS{%)7?v@m)Yu zdc}iCpss{jSJZ^7k{}Gxcp;ugzVfmpypr-%UZ>uUae9UP49inK!ndNN&ol?Tr;zSe z-zxGWLb?Ra4IBm@jwt3nr(D(;A3!HBEZ{(SVaTB^6_g)}n#tuZbRq5ic`-=<@_E^` zg`yPU^p+&oDCV!+Fuooq#1PP1DoEbKNaVwpX2BbM)h61`83z1922S}Q$x`9uEKMzQ zvy`;;^_&VNlBTgS+>S zY_3yTMcsZ5{3)lscwi_O8@?u-(MJ7IHKP= zT#W}0Zz`pZD!+iwbx0HJo*kB5HGS>FmG=XdqF-RczBoIIkn_UvKa6wWcR=qu=RcIU z?RV*f`%b*z@1_%8qE3Wu3CFUVPN+^~m|!u7?320VK~=eltu zxXVO3l6V_4n5rRke!`T&6nSIj9JWj50Jmgvy&-zlEPZA6*0H%-#RJz854?(JjJ@;8 z5%FU}+#U0x$1g$<FiA^us;VeJ0&&6%I7glvc57E-(OZZVviO3G zs3aqFH8{Tb;rQai-`~CcaQyeni-Qk`XQ!vf>~Ow98MQH2Vcao;JI)j>-PFNMQ$8us48CB4yG&yb_TyPX<|I)fv#$OWLJ8O zEjh+cPF@?={v<*Zp6b9as*6f3o(?ha+YwHNGvzYU!}QCCdC;jS{#$4j`x<}>8163w zL2=S^Q4@H}DCA6P35UPn>e*A=$WZ>j}gw4uP)Fm_5{%w3yZ`4kI- zpkD8JZYx{1r$|kgXBxdvLR}UV?j>?gAAPN(M^eH33!I3&P*x!=!bGkn^i9_Afmr;q z2s&DtAi|KybEsn=B1TzjU*w05zC)PeV`<+u|5&2tn^QwG14cg=g8saQUCSIQ+)vK6McYW-6AH3^??wR^ZbcpPr$Wjh58r^G zsI;R12q)-KK+_}`X8a8ZqjH=I;dL||6_C5N0I_$R7aD>Jw-p!A&#iYzbTKv!017(v zG=#leSbReqo@)p?*jD3E@=k;*fFok%g;1^WG4gZG@?q}jI9s8e7xoI%T_WP+fe0|Y z+C*2f-lNE^Nl7T4>Ck7_o(_^VAUB|d!M0nu;OFN?W|UQOB^S8`Wy-TC0#*~>2}24; zX)@zij^GKQdNdUnyH^-YCln>2_A8>bqgNl^U%Xv6I9bJn>9rGnJdqD0Qy8Cjx4USK z$85}abq0tF#Qc>r^=wfXqLddM5*7BC>hiq%ya$ny_-^86G{wGwgN`75o}+uQu!#|{ z2tkH2-hL>`IAmr*K4+#YS^7baD56PV#4U@5w4=7{Jrs2b=jjY-4RfyqCU?q#!_3MY zD}N81jq#Sa{!qkkYuLL#ThC!woLN#$MQ*z_k?G8x+v{e4pf4jHc%5f-)7PWz69AckTyeWxprL)}NmWA^ewg9@6rMd%8YIT6!?5F=p^w8evnj4Vo>RgTQ7 zq3d1a$iEUhQ^wn<^lI$ej%d+fUE|m-!Lb2llnSz=`A@Uoe`X}rPCXSqB=^H@5c-~* z_-09zJz2JoLE5%RY(xURps~Q^-`qV)}g4v*)Hec1)UVrv|SSBv8}887sXZO0&YPiRr#i+ zxJy3&;ZQ^E=0aMFdWNW&=28@q2p-pHGO`gnx>Y*JvEbp0R|ki3x0LEQ=ee9|w0235 zPi`Zq!y;pb(O-{V9m-m@Bw4qLe;6m;)V=#)RJ1KOV|f@MzwtekDpsR#0jK+buZ1^w z|M%_5;qmFE}X5esOm6{*ZmW39XJ!2A3Bnuimq706@<{M;NRKcv*EtVAB#aY9Tsdy6+T9B0*Sl zGUW%SDwU{id^ef!SM>-s1t_TLYnqQxb7vGpJcD!~D_i%NW=*p31ij!nS^-sdaUL&{ z6cF=BJWGP{Bt_&l!U^JD=^&j!ISY~mzruI|PFW9Lnt`Hm;zp?qYY=oW5Wr(MM8^QS zfJ7DvQ%yV<0E&~qg4cBsU`RT_0>OZtu@h08Da4p9yx|Y5b?h^LGyP- zN|%5l!jl;V5;S!qcZ_)&+X&Ijn+U`Q$&8H#ZNA=_&^-9N3vaLlUYgqMJ_l%{S3$}OF^38oTau#Sc}!lS?o+|Y(@;Hj7V zCz7?$8cE=i6`!A;<23|4|n{ty809ZtLev~nHlB>0SP0$7#;tMS~~7UbmS zIW2}KsS|#eJrxPVP@j&+FLSQ}l?xn1UYG$XWLYb)7B${|&jc$)qV`Ku>1myGkxd=@yYR@URkZ zoKn1|851jM>Ow6L5fsL-6(H7h>W`HoBdn-{IL475+@T>3$?dwP!Vyk_8yE5v7(r+& z&jD67eBuk|cty=(91zyYpODv7wN3JMj!@Eex;^!H;f;5_}WDQf`{| z_9nuiJ0ywx7fIwYo4ZK>W2YRZI7&Bpgxl?egs>?PNrG{}jO5~)7v-^(QzL8pZ=yW; z1oap4~nMarZ;iQF)hVw+~eX^;xxA@vUawl%|?ClW^*z2U4(t&pn>$6f7dVJa$M z!?WQTzYp=m4M&KKs+E^!r#)(^Ikf~Ve%>pwOhyR&%L$1BZI?gX(mv1bY}H`EX{9qcX}ND8YCW1xbQ$hzDVL`O{op1;X28+}grA zEwv!&v^eLt&fyG+MYH%4$MO$NX!x;x+Qdh~% z2z!`PHwj>Oj*=i6ON#~v^6WD={u*6JZU}W)gaJ4m%IEg@Ssx_%4st>=F$NeAUf^O% zo{gLs;+8FiJnI~EGGgnmY$2KkDdTCiDC&_~ckHsCLC6WieN7)&O1Dl3rEOlt9`1lM zray_Q_7QSX=-$#SNZC|FJXUodCGuJ)$VtUI0S9LSN1O^%Tf_16;>_f<Gn7R5zcCf^7#~VAC_? zz|d27rX^cm3PErPwGI7wS{^J3QyU>kbW=XV1OFxJM7GUlBpy*Hm1LXR6as>1)|z6R z=E}lo*|oo-?5cG>(~PEQ%>-6mMukQn~`O zxhV>0 z*icZ#SZ`1sxGAlid~RqMuS`R+(eY({89x}!EZ@93HeBCle<#e|F*(wJB2gC>>mUcCe&sPp{C2~%}% zQA#3hRe;(G&U&r@;g_YLrkttWD86R108D**DECFjlcEH$?NzY)bYAujD z=smBH#1>6fF%4%NqH#f@{2Q~p7HK%M3^!J#>q=|-Y{a}HhpT!+)BC)LX(rSxK+|9t z4uY$$zPx?p{ZC2CI;q1i5Q4$7u-Rb zVr>$Q6U-TZCUyu|WcUtyhKL8js|cds_$$~R;x1sY8}bNNH{k^* zg9!PUdPy)8OQDR8U>p?vvvN1dbrYvS$q~RQwdbItfP(47-wpiHO&DEfY7;0_hcj-# zg5}LjEG-6L6~TDXUa(EQU}Eo6jp`c16}#RfZ=#y5gOu8fyN;mP3Thn;(8-{MUL6ch z29mfxo?L!^_Wlz6cyMuXaC&)iJV0j`=C%CUYjkk>6Z+f9>Cq;_0lxvhi}};Xawbp- z3;TwfRPP}0le$t)&Co3;6&OTGQN)rFx;(jjd%THG&raJXr>`$gPTw5AJ3hVKMDLC- z4!=J*y*zkz^7iENCt#u1Czq$k10FtbAYhyyTwI;z=>L3T<|A<2WI45-{}~CM+L#0RGbw*YKBeZzHAI6l@hKt^*2^of0ol zW-=G*;+_?}vF1f<(U|4D_uN5m6-imAw}Cqh!vCMWcW-aoMjnOtZ+!}sRvXJPDPNLw z>qOaCvE@XKZ$C+Co0D{9N`xfV6rm+3+p6o|XMZ2e03bk8ww$zS_nc~~mV;T=>ZBtvjH!W4J z*8JQ{@9QWia1zic9DqOvlN%?Db8WX!L#D(ZrW~x}<>v#rr*(a>gbdV{MVKI2Y6Q?# zcDcQn!7($v8G$jZD26eh2_>%%q#i4a+DdHz+GZ(kGzN`5> zO7jn0z~)@@m^pqE#&RM)NomZr~Cu@dSZNAj#0e2M$bmZ4>BF23(n-f{|3_IA)xO z5(&z=L4wB<@SR7RP&QX!L2+I&vXPnGI21olgy?P`*SxXtPIH@*LWdK^Pzws0PRrO1 zI#=S85e0s-DGU4h@sQ#oW~c_0+;0JNN2hU^>hq|rw~?AVVS`9&p+Ih_3$`O9Uo^Eq zoOr6 z6(!^7nWo4f1E~`hZ>DgB{8=1$Jnw*;k;Y9xM>Gzw$Am>eiR#=>rof4maILYJ9p`zH zWY#jNIrcfHPzy{dQ8$Zv>bW2Rw@wbky;|l52fsJZ z&RQo2?Vt9<7J{~5Hj5V0eZh3y6TiV!uCy(Q5Yk(*!=`kju(b(FtY%?E6HI%8uenXL zbOwzAPG~%gn5@<~Nc`aiO*wIHZk_Cr68S@Q+bt9^0aul;KI0|rk#$VhDU~+H8CAf) zsu6gt!!tE2-KysyUkApuZP;d^pwS{u{cCLqg-1P3z#~6W;zyii6^^9AKt0+Z-5Jmg z=U5U7o?R5{-O9^YnN|lhb6EikshSBCD|Kc`2#RaLgB@{K*p^S}`~pGhJ`c4$USdw! zUA1~9Q*!vpa1vfBPMH}KZx)Ni;+EW~;%zxA>n${wL=qTpCYyXVO@~mj4rQ>F&t>ho z0HNL^vIZgEcz`-7#zPWMAua-I)D)#f9OKo`2B0nTEtQ=jWIt8pexJ*!^mTT@wVaTZ zB=lvnhx9qCm|98;Uut?Gw;C*yz&}&`R)RO6txKsj1x4gCS@BS3FCt@hNs~D5*(bFn znY_-6>+*g_H}$_if6!+I|9@St@>9pS)Bk__$=1_n&+`8NPo6yc+yDPdeAdYKhY7P& ztwCXjeXMJ}vGE3CLFcnQayn0p-$=lQSQ}+3y?_`2MW*1xcDOeWQ;Pmu<}f-98>o9I z`OwBMa+%+m? zv1WTM1Lm8-aXJJttB6u4i6LjXKJ;Ty+M|uMMm9E1PJ6ArjSbjwqkLml6h$X4erTac z&zP^O;pRtHB5_?I0(8Ul8bquBTtK70LedqLGW~=4hefg3K4uxyy^uluGeLMlI^lJx zqvWp4oEXOAx(rm5TWe6XK;gcs6~Bf#>%^b?kXZ=NRhGxRQh9}8qI2{%$3VIXj?LL@HU`_pKT z{074Ji}$DRI{ohZZm)IR7nAMppPn4HU%%@#h4}h1LpvVu(gdK(awWZ5sQGW=GXhBo zQ!eo$9J8#GO5gy`2W>u?v7qKv+UX-Ml}xB8T$03z&FxZAQm-I`pz?v`HC5mYIlM%? zv`XnEez4b=(M2#Y-!6e@Rj+w^C)UV;tmA8LYsR-%J2RY`ee9ZBpLV2doJA4l#gLiP z1)i5|t|vJrWZKM8MJ2mz+9{dBBQ=G@L}Wy-$TW<>nJkym?~$&B-af-{_aU1aQ7B&J zkYR!HNv?<&o2RpRYIqqawZ?> z2C9e8Q>I-yYMYYd5UliOZpmI{+as?f%0X)vrx~chLgi=4IMvx{xA(f!>h{l?-R_U4 zor6YoU0n0SG=ja8IW63nywDhWNnT7B@;-X$8ZwZ}$S<75Ge4a)oEuNjtg$>-P2|=g zzd?ASNScH-sW(mCv(N#W|0~u$#wrTXT79? zX!WLmwOfmV3{)YZfE)|Q9QBJ}`LJ$Al`NFSNWnTcM@Gu>oOIFHq7ik%Qp&|IYt|uC zs|IoWnFmEbzV)ujdUG~Y%BWhUndlBi8`W28dc>_RB>Oa+Qo&Z_lxGPOCs^9MA$&K+ zqOnsy4Tm6cie@ZO>5rjU6QuzSN-mQuv5eT`Y#1@BI7gWd)pWKrP#A)coY1K(Addb? z+7U$Y{!IG`L8R$K2-h)0B4dW9=`5nAFNmHB+$xYGB6q*9kz+kwo!7v|dxd0h_CN%X zm&hJTlR4@*0HU(D|{PoS2G z3^o#{0J3RAy&25BW9Puzly5H4z<8b!TM(m|(G4nx$e?e~tE9BVQL#Sav6l=5XO+D3tQfj3AGgu?TbWo+W(z;$Qj-gF43+_@ANI1Rj?fYWN2f zXTiwSPo@2%Y%t6}WF`v}!<^1i?p;s0%wM+T=j(G*dTV95TveTq`!+^MATt(l)8wnJ z4|BD8FYL{%ts)YBG@S9^gZGA=0a9YaQ}gtOvw6dLy0tZR9tJ?}8+6}!U|&5ruDaoD zzYafbcm?3eiU7t(MOV*$ujIBUn|Ei9{ZFE+^) zl@Fx=qg4`0EmUoyh8C=&!-1ILyImz$Cr)r5>XQoP=#g8*Z_geM?i?gp?R4GYWSd7VQ=oKgK$WaL9ZaP(` zXvh-u?FghqWbP1giCiEO3FwtJ)mMo0tZ1P88aDxRlNDqim4DqR@ecB=PS74HrxvT1 zN|xu7t568~a3;hZD-#F~{NV+malo^ca!Lyv<%0?IP*to~sVX0^EuG$BeLrJQkJAZ# ztl`xvNbpLNg>QZ-4(W3LYU<**D_^jBf=BiWIZaMbNSqqhHd*@q2vS)B<7DMrYI#h@;p(6M)W74!iyK*?Gk!`|Z5eN-bMCuCU?~@tTIdhR~TZnN?7-1v$7W zkDY7T(DS@XQGUp8aU&ja^6{RA@rZljtWmu|EZmZh09`#c*2p_NSh^|{=&_}S+wkqt zdu~=E0Rj~S%$a(bs%s8{$J9lsybdy(hPpfFGu&u_EvUE5bFXZr(UVJq!REt>8cey7 zB7125*d?vQE)ogoB-HgkSh={aE8ax!`g%5KBhlgk(T_g0`Lr(l*I>)G?GW6l0 z0^c5V^;bd5Ms8D|aHu*ZPh3F38D4wG4ky%~ks#z3yrvHY7+zHm&LRwz$f-U(RLo#f z3=GYo37Bv34JNAxVfj&Y36(6OZp}|HOHjLt_xxtXm;O+X#F`d}bJg+dUBSmr}w^*p)Fxrc?>jy^22C##O#VuaeR@ z1#M#2AV91Lyo7{m6+bm0OLUD4N7HzEqpnix~; z3?*Rpw1^G9j3>*XxUo4_jk}`=}XUZqisP@F6n?w4C|rWRKLR3v7Xn z;TN1$+b|d!j6?6KxzV5~2MP!(#5|>lj(pL_rNg2}A4)|Elh7hVtF7Bos$DhNf&uD| znLfz4d52cF{0ZfbtO~yw!yc1>Nyxhej^w=&kbR1|;j1#OkZ^w60zT{NmUulLXT?StC~ z0?1NXOAv2c?~9kdxG1~3(x|qvLEch26XM=9R35Iz9fkMj6?ggWdExdq?phhtsX{Hx zg4xYuB~r~;fYq^V3w1t%EU&rBCnMrG^LOp61YP1$F8ST z-f&lH6c{TcawLs1bf1C|a0AH?{9Gkw5%;7PrRC47p5gB97eBY%-6e-rPW^KZ=^FVF z^Xg-~shQq=ZSR4bE(Aw{`dIm7XKTPE2>aQr8{l5#nVnsrN zQk_qa&~9Tg)XXsf3MFwNGj(^#xth47R-DB-8W-fT6QpiCP_me)euf(e8*(ur&!76g zvKY=G+J&RKU_3mnkCS@h#{u;w=@bjbY9>#9*!={?fR;Ap#*m3JT8|2V4&H8R26C!? z=^niO;@qSOnCb4SNpuh1_9R=bNnV~Ut;n#8tD48~07)mB&4<%jM6;cOdtfQY_bTsH zoP!=MwAsD9tW16{?-}z-61-nm5nJ~;VY3-TwP*-f#xr-t)#aP7;EI#X1(AtImA?Bk z1HQUPAv42t0C}yk95a;NlbLNf=IG5vSM%rS{Soj@e7$|Rm=EYq=ufllABX8=K7hR! z>|1%ErwOHXEN)Sk?x(76O~xAH3z~=1F!B?xlDjQ_ur3UImQu6g3LGh^4HrLYoUdP5 z+C}xfhnp92q9&4sOh6SAe?cw0cKL)kJvoWPpbo2O5?%4tqAQgKzl5qJyy`x z@K^Xz{-%C%w>@BQXI2)y; z`K!47Uqx(?e_j`VxnC+T>GQ?!RWSuI137_xoa{2uy*S}N_^s`W5#50p@!qqemg4zC zNOP!;&;NPXX$cN-`tD?9u9b)NmM#jQB)3@=k}2o{oCnCc8i=laYAtU6^rY8ppR_s! z;kB|swEibkCo1hFrh)W%rvD=;8)Je9e8v_weA9?uFSZuU(2&;Ebh>QPDvka{Ycci>CKtki4w)z!vBWar=rXtEn^u zg}hSP_DCzh9M4+54P)}b&{_VxZv0VOrg$$XdyRGdltm>F^5QGk#k6jSfS-?r zjHbkOU#eE9`Bt8V4d-&(d1<(XoAra$uu1O!b0~cW& z?8&wje-=tt+dXo*U76C<5B$^@dw>RjBA5yxSX3D|%Ad{l%)@}HdhsH#zvii+vI7Y` zN49(9H}_B7;G86>?NF*NrFQTLBdWba(N)@w^BQ}vz6ALdv2nSbHaA-B^WNtKO5MYr zU}mqZ(}lFqC{B8Xpev23c^v*{PRTJAlzdAUmJ_Gps4W|2l_yO%RKsg%BHqa{`g4Y{ zX$B$dmLV7+y`_tDd=al4$H>!!#bZbrRSalU^k>df>UyDk0o;trFs){vHAa04=Bc}+ z$%0J$1gpMi_b#)wpF);q@h4CHG2PgxY;3@r9$;~q$!f}U8j8&IRjKUfGEatYuHLAS z{nf@s1@0BuO+_VSdjjt9HaEhIbyE4^rwWgCMVo0jrC!;|xuA;*dR>s?X1CYs2vMq0 zU1u{Ia~_dI4CGGeHQC*%Rp@ZSNcARbd8^L~Pz2iAOpK)rj?U`gQKcl)u*UqvD4S*k z5o2k1Nuxy;?=#FX5uR3R9Z+Q6q!UxSvEMh~I}ikTZf9ZqDu#h{T9|i&eIdq0i|i z$pm9n+FlF228l4N`8=AZqUF$!qSfAFUlHkwISLcVv@M2AGp76PjBgh1PI)SD#~JHAO`7D z#UL4*Ct5>ZD{fcweM_aM!1gmDj@A0^PL?^2ql_n2#~{@UbYwkIXLVk7I?u`avnLj) zFc!1eltmNt&RPRv1dg~5(2JR4b%bynvxEj7c_U9=<8A(v^%A^6Pe`3^jO_T`KkukcsV zTNmqAq1P4V&2MG9kXAdv_wyady5z#kl}@!yGeA2`F%P>|VJhm+CkKeanEoD_OIC^4 z-rng?e%gKVpDUXD&(1xJN?`~esE}V6$kNcss`D&}5u%pt0QIRL%yJbItlCrYKM^e? zJgA(;sI$1-$+~<_n2L-Y) zExFqS$YT3-NUg0{3V4<4fnho!Cy)Fj^`db2sCLh7WG2c}K;*q7U^TqDgk;@BMm4lg zzk*ae6V9knGLy}+=7O9A50~@$+}ldtAL)bz7{U|LOFvF!&4my%U1v#1#AD(s0?ABr zzLeOA1~R58lTa@xotaF9TXsU<#%L%morLdDdzGBWCaeSMZR*+%C5O()tOhT0z^swmMJfV^ zY_>R!TbDFhbY)5jRk4^)AVY3!IFsX(0d&feGZ-gCQgp78kIdBtc@io)*YGmKikv^{ z>g6AA>B3aF%PguwY{)6XSD}B)LH%#4{eO&V;rc7-KBB%5c`IO0RFOgw%DG7ZF1=0@ z-xb%=xe=Tvt|CxyK!H774E(&=>9r4=`@Pf7`~I8L<5r!fL$lv}#!PjWOzYz1quVql z(R@~{9IqYd9yGdmpM$brkK4Oq3Y9#oSa>COeh)0D0yG$1v^fmxktlOR-pDYZ6aO+~ z^JEjJpR=XqmIKrXsLa+=hNI02YH*BLGnFj`Ge2KYkjXL0j=~6z-Ia!<^Rls3K*0?2 z851*LAbUgMM#up{5W)5ZoR(#^TQzJ9f8JZhD~oizCxf9dRD6$^l-nOLmhv?5XZ5`C z9vN%uCu5rK5tSBrtsF@P*et;FJYwU4 zKfDlFIyd%BT63rV%t$D2HMR%#D!s@2Fq8K(EuCBu5BCKD%GJ2n)5yi%Q-7wD z*o(i9{aF^Fc6X=yBlqqa&Wzkkr!$Km%YOCM&cm|a8zpDpzl`od9Mj}{fqG=}nr zX6BMG7Wjd@O~ZL2>#D$gFN2p=CXRC%6+D9(>v$v4+`QG5WPqbCh!1t`MJs#7464s^ zuTlYPI}5r{5}!dylKkqSmZPea7IL#%Erp_xDwnBCZf?&3SCaWlqk@XcXIFR^03@$c zX<~Az^}#$vBRk}ZU^5!mv;YG)8P@3my~s}aO2~jhV6j1MKnfPxFqK+UOa%6`Y^PIJ zhnKJU#;atgQK=!3W;=5M+qv(+!tYn?$>`bvLtnx{;`CSA^DI8rV!6xhF5n-op6Jh(|p*1y}@ z-l}fpVJ+?rl$3cFT?xSF=jS!A(uFEB_YsjzI)=tV$ej88 z1nsUs0oN18e8q(&AZ?%36#kqwz4x3(iVG3`uvm4G{0=G1NdLdO#uqCJ^+V#kh zKaYpT%(W1wrr`&Hz8}Sr$|z0uSw70%i(jVKuIOfD8-Jx9U9)^%GC!DxanX*XUuiPl zTeLbCZ|Wp7Az24XC7a7S7Dq7xx*i-P^N!PmKlbC`@#}=mXM7F5@Z$jgbUPG;5Delt zKr(KMQAN81f21`so`(VTK!G41Ft|2X%#FK-P$!c}N!M|Rn>!=xhGWC_&bQu{x8-eT zzQ_VCOW#Z|4&JQcY>zlE+GqVv^W=5wr9*T=%st|4IGNlg**=OK@dA=e0R*uVC^I+! z7b}eEIS}Usq%b~s>15AQT>@?Sk_D;%;ctc|qvJ$(J<_3=G~F^tv4E_fzqJ$0&R9TR z%vjI|!auLwN9)6!d}7(OmUqMCfjZ$D*gXuZlGgR%osy*_*dT)TkmSUcE;$>oBR23O zTX_1!fP}0f0$;PfgRfj`iRpym$X3JJs-}$u*^?iaxE2QiIa7_^Evo6YeOl2 zp9jThtXywOxaP4A2Irfo_0kD2;fN?2G{7rO4U5UU&XG#XSprbKUR3>0mAO+EW5Eh#So8}F zjU_tr%mP{xUAeTZjEaQRgTX`2&=eF2jmKD$tfOYANvOFTo{|u=^A{}3UrDk)1^2ImSD482A(UN4 zy+Uk=nbc>g^1B-w8EI~8c$IEhu3a;Iw@HPc8I-DcMy>J^p7vRu7lRcYu;B$wuv#8h z1$to?Wp(n95WUJvD0+wPbNWYtMP8PeOqOiZUI{sHq~I5jvgy!I>rpuPFX-XM(A z#9sgfL*G&eb%byqbY}?{g>Fk3=#Wi4XyFO=cqaozcGo#7;dcM`u|w%YwWNvwmZVcR z`Dx-0ql`!C>{|H_4B7<)dGuuhZV*%ARMuY9DFS5<`zRdvA;S}y_agzq6D>T_j5y{` zK04?hwO@6bo%j8-X73H5@g=$RlMt($WsgBspUbv&+sXj-nltXqijnUWwxOa{Eq)U8 zwkMZaA(CIHFOa|xS4d_RLgq=dM_wRZiKm(%B>6?R)e+xh>YEn^<-9CJ{o8zHkNo8r zi`-}2W_RH8aOg&1Jiqp?pFMH6zw@4f=4>k%By;cAa7MCpZ^t*!cl$Nc6SGLOYS++X5{&)8Tk((QJC%iHy~x3}EgzCR6~J@EoMP^H*M z>C77>;+xQqWko~r&-#q9s6O?>SfJ3aBdGda5Wo3`kYIK(cEum=^_`=8qV;el+SITA z`KOxvV8`hwtf*kBI3pvtXT-z5l-~SmsSrB{H)@wbVN!q2rLJvIG!T$ARaTI;X0(^=uwR_`Cfo zL*oybCE=wYaRtsUjIAO{DrSUBegZ2*yre$A$iiKyJ7a;X6KmDQ6kV8>E2rZs;KhtQ zmZsM@-Q}}_Fh3fQM+qI{H;d}flb{|e)}?Ori^H^Ay|>J zUo{iJUuWXq#?N%>hmrgZ{*C%{aI2R$6mF4$5(pkUf4H&{P<}R#WX>7hFxUL4O2#8L z9@B*IFrY&}v5N9bt0&L-i@;?jn}byDhY?8JY|cr<#*$Xevkck%z|UUQ9ah)*-3hOt z(3x_g(*&qP^kyt5D2K2qMr>S|0AS#b!H49<(dp}4MmobtFWE*IhpDmT zC7LN8=i*13WFE`33h=@TQ&qv0f+GeNX2qDZV~LJp731cO1e+oa%tR|#f5)7o2mz1oprDQ#HU1)!$3 zRdDkTm*r*3J`Q7*6Uj88m+`I-OZt~4 z_%Ddv@YZl=(1X|RVrh9T2&ln+&%wo>nKj{L?#%3^)-?v^VLXngbo>MWTHIZlLtr=w zFR9C-K--qN<(nZ}oJN6K75ByoW0%&OykYq$-#07#z9hWtp4nc}!Gy63Yku-OHK)?w zq`#ARO?Vt>c-h=BO;Ql3naUYJV|WzGjZt2w+>Fs&!imJnkpisy!!5_Y{7uf?KKL=a z%F^(toI<%N!Q&w3F{3k|q$*QLQF&|Z56{-cALd{>BIaa%zbsW#A7Xn!1mR&iN16#$ zZLF-;A{Ikog_Ks%^Nmr}bKA;ZY$yx|Nd-hUYP)EGmS zP;Vb2N1C#y1rK1-c*q3EJ7CBr-jTmx^YlmQk=?>?3lITn1WgrCmW(~ivz3j-P^sdk3QDO z*Hg;5Kc-*DFY2mO*=*}Lkpgb&a^==0)YUG$te9U%s8_|EF|VQ`%3-$1i5gD(F~H=!eOXtUj}+q1!OUoM@Bz&#yC;fz!77n-K`&F9Bv=j8XB&kH+;mPDCgV)$U0 zF{qU5C#eep7N2Ct0`fFEsw(AFXH^h=Fu?^8eVoclA^xUdoE`8bG5%B4#+~{z0bh)1 zdtdw}bN5eKKptP0bgSRB%IDDg!JSsmGhjnC*iKol0hE@6SSQ$`Dt-s4Dh%0AW#N3N zAeUpOpD4>|+uSBRGUrLWSJ}vtg8VMbZ_}x)hyCtxNApDmG}Kk}sX-2~+glXEPb`WhDhscWjtK zR)HB!bfFlXZK!%r)*gB5x1eNQ$iYU?JL-ZFu!)k?kO~xqLm?_w+A(?4>z#F_oXMus zc^t|yX9-K$kVP_`L$a8Og&|&gi63)_PCoJ%G|A$Q)_X@?OG~#2;}2+hMQKdFKTOz| zoJD>rL?05f0L>vm$iZCik;;z~8bco#7QWq-{hAne2Txat;Qeehq&ZI~3}><5tPviL zV{9a#naf5QR0x+ccSq(qTsA?hV@nlI?_JQIif@O83k>MiB5@>^l_m?aj;<#1nStn& zO46FzaEvtcj5r>dPDzN8;Ik}*$W3zg`O@RD%)j-xchr4spp~zwUwTJf^ZS}vd@V)S z6?|1}qT^&5aR^6;z-i@I0}DF8+s;_j@}j4o7UKX2L}bCg&`A>ctU{#{(9?*UnzbIP zjpS7&W^EG2X2y8LPx*o=MpNWoUS(M@jLQETaq=RKxYYb~CVG zq!T5rn6%zC^xlR2tPoOIq)Bu6q#S~D2GmdUZ!T#fG;H<-rxsHkDq|wCvgi~PqHsqi zew4E~63(JI`~$Qmt)sWAJ+#zB`D}iHKsnFyaV@JC}wta`nua| zcHbyZ+=QaUB;VSJAQGOvyr*;uPkLv2YwI|4RPw3W9KV`6GE3w%d`KTl3x_BHjg8Dt z{Ht{9&S55HxDjlg&gNK4*SJ&kEe_b{Y&8t2-`*RsqFD6pUAK37+&^p|wO+NFz5e^- zqnCfIglMhyGkjZ?`jbLCett$^w;ek3I2pXbukCSx|vy{<_T^d-jRY!GA}`# z0va2QBIfI)2v(Mk2*emRl97^v^R}+{q-SUI$1Z8^AKSbqWh7u_aK*m|7F^Ftz5*%# z{B%?4(NrjorQY&wQI_*)NlE}|w1E&uBy+s?)g#UJl}FA8xKu4TkK_V0>4}d~o7FV` zVV08tO?}VyQ}eI53*}GM(qYa5V|&E$lX%a+;(PvZx_5o;USD5d?_JB!o`Kc+wfS*A zZCoKy(>QRI{JKXRfs#*zCRPDzR|$qYf9zSiW7j|Hk#4lL44;zB3`qSuW7`jDNp_3Mcr&!tL4R8gWm2A%%SNYc1usjrdOKV~YtDH;Esyc$~>v0p$>| zrH&)tRFgJuRCU(n(o|+dv$$rNy=2+Z6x?G3=W?@j7!|lCt(3A)$*ES*%7EwQ5>7>;z~Ofg^%b_c@<*whbW$uCN;Hv1M30=_?lG(KYH&RsKyqhtlG$;Q%9qzlkw zbS}-gd3rM!lSal;OsAV1z3Ds6TK%0ED7h0fI;0v;=gXFUwJ>c&Ik%9IGIGU|3pCwH z5Au%k0MGJucj%1q5Hkk(=|raPRyD;9cs|cVd0@EpYkVv|29+BP9*d*%*vvxc^T+;U z9OJPXqgKMHv~DGz7cmsCXGn*w4~%hK^7oijV!T3;WUuVjvG&d-(}noclUtzfxID$m zA#>8ph$TY`QbQuk!&?+w-f5Pw>xDaD!NTR?uY%^c?r)w@KXB77h26|jk5!}JXa zn`=M8x}X9ggcJexr^H`;{>$}_SL;%~xfxiw&ES}=%?vWSA?;-UI#+%4%JWY+X>0&2xm--BipqBY}U?M5|$aj!b zTK?2&zVCNiogZ2q_)mMk)i+1Z^%8HTCB4p0JH3}>lM=}IOHM4GYWgAbv%GsukqT+Z zcJsMw$~QN}`vDIFc2(IM#LsWibSC=iC#dwhz4w&~C-%;?j^$_339h` z?zFmHi`a8w{1S1HEYr`ed~>cOj?70Rng}8!4jYY}mAc-0?GiGa%;O6h^wY$T`G_Wc z@Z!O!x95g6#=t_!>!wr!GLN2Nu#p<`Zfn2O>b)%9!~;4B z?F{eRO*T=l5pwO@s5HXT_zchVQNrR>Ynb)e`z%fq7DWOKOH^HDF`6=bZEXDH9(gu%)R94((DinNPt= zCcSKang68rkS)$rKR+>gpT?wo`#w9V$R9)v#Y!q!3Ig_ang+aXpx3PE)$U)Mspgc2b<(9fe>Lj zN0tBU#2@*w52r3uvz9j!lOFrP2&Xhn!eKFfoTQV4&BwT9;;Lq&Z0IsgFd#t9Rot0u zuTohWBNMT)t6RG>JBg(!0|;tV=_xfMEJ?uK=a;kH5^v+_7JV ziHu0Flqns0NfS=bggj!UmG-8=N@HwoZEZb!@&x|7wY8P|@AlKJ?VW#YKiS%Tw)13X zcWe6}TRXeoZf*aAZ2jS@|HnW6F&8Z4A6uV2R(^5+C7(6r)n_mkx#0wMoOJP&aH-0Y zNsNKhSq&>2gb*2fn$vd$xwIzWO*Zx8z*h=v(aD150XP$mPQ2mgCTP(ld5!Tv;%zfb zD9wc}2^J)zDjC~EK^7c^G{Q1PDwv2=tlWI|Z6M|898}1`t8%mf-%{5iDuJU#7WbJX zl+PI6Sw^i#c_Srqb?^Wnva$#vL?Jk$exg+2W`fj{*X@&^g!tN=`NIj7Pe&7$z7A|v zyEgBzn0!ETxC$@A&q%WBKbBkc7`CVeQ#afR&3!feMdqAxDVY~152eI2`4#GQ38ZYC zu#|3W?8%Opx-<}k77pg(MGg1Hk`cvaB14{`9~x6}|E7M3;kMwV3V87#DI5|%ImC*j zP@~=ik0(T|_)L+kT6eyfWjZ08MkDZ&r2+V{m^RfcwvEMv`ol@75gd=o8J3gH4I$Q% zhZ@G@95T>lx#>XCGCY{|BKJ+N*|Ob384Z$&zvHD6t=LJ+`4*$g*hoHM1)2rz2+GB8 zjLS#-AY@if%L;)GGFNXYVfxpzecmMSA052>dkG|263o%0AS-$_~utA9Zk zp91fKE;4wWavrj{KLn1$Cw@YMy>9ntZ+rUOSh3(cedJ{QVK|$JXDrd0hP5@x-D z5(!*<%i5AEA5Q3$Dm2_?=xEMR&jz=kk?x6SO%NY_@zwwy6DjUu1>H-JdeJHkr(rxc za88qiCHDbRRBtbZ=gc!&y$e+Z;loar{;E=Yl-W%vPomLaBg^Pe@+mHBCzkOB%HXQQsr;X`Gw+4Eg1dxG|~fjDm=dtahE{tf~s<7&Ufs z1;EKMODOqJ@{_K&zhX)ml?7Aws;3F1^{LNOn$#g;NnU7T5HF~qzySYunB@q{9Kebz z$vR}OAN-T(^&5-L$7D)$_*{l{h1ci^mqlb=(1n*l?9f@{4|D20R-?p zb(TD(GqUYvlU7toq{t8iLR5o*Jgj(4W7MHRzWafA#B+2Fm8HN)nPerlp z{uN~2Cr@@uB-(#&{o&&3l3gcDzW-Ywh0ost>E8mW)#i^8NbeK{mz>bOe{TJAJ11n? z+qB>voe6W z#CP^^dX`T-LJo>a)KEIiG`Tnn6*KA&ClIIt(&Iqc4wM2?(&i=dgboc4s_TMk@DYO6XgK6xY zR2PT`rmTPfZ%S3yo~tbTnM;*usj}btX(o|hVi9PL4jX1YpnrNl310Y}_Y;_^kpHgZ z1Z3%GUaM4~o=_^2T=^uXSJHcAN@GZK2kv^2kkb~03ah#}&ie8yaW#{oNR0a z42o9zqY)jZVt}tUHYyun;Wk&`tJRTN5;Cx^{?ofguRx5R)alb@x0De`5t-_qY$W=C zrCcHx-s4M^4f2o_gUX2*V{`K2^yr}9X&tqiUFpW|X0Vj!sZEIAA|VQTERf&E#=+^2C%yJ@i?q9> z)B2xx?M~}}9G-Sa^MpwDh}7|yAycD9DW4BiJ_esFDg=sD^mqQud+J@Edjw9o`ZnYM zdEgH(gfI!^e*82Xm|lu33UvGR^DXZ?@9BB%E0veVHkR5IU(NKeay1n~HlQA>{MORJ zO?)of1z%yz;&S0jg&~U#xS$Jk2?pr7IfPtp5GD)rNmr6l7gCLH;6Mg0GlA2{=sF*G zDyyqJnesGd`-pP_ovSYPVy%x?HWWd^zz55Zg;?2ATy7Gd=u&C<;>||Q6YU!;c2F75 z1-+{3m1-}{QrQ_`Sw=-wivBQ~N0F+LLa!kw8MweerTqswlC+@{xRJ!c6Y3cZl?)-~El_R+icTswJoaTPcV@(sZW zoYx2s<6)s97p9 zDz3@CJ03Zc$)L`0Vg%=Vp6%#)Gnj_)IdNZ-^ZY8{OVvaC+XkZFoW4i)m*6RtSeN() zh040mmmmfFG$dMxKTH_sS&Aq%+CYrP7^*0_ifYjtie-%yYOR4}X2SKnLyLJ2o@WCM zJ+dE#xGcoSda9}@r%)A{O_82dpIwi1=8`fjuW}>jA-z&O&?Bc&V3%}9HEPj-dE0!b+VM@=51&pT>15Ob}s5_W~ej}?y$>K9kG zI1vvg`xn}q%U!U!ppcj6_L0MrfYZAFBs}v-M`E&+XGxZ4+4CllB|c_Xcm@OwrM_L3h)16SjP=_)5uDfv+5Z4y#KeJJj=iTcfS4hZ~yNv z@+rGCWZdMM5U>uzYXXs@EF!L(&^f1)1c*yi_17+Gbvmb=Jq(3|>r37;GT%)CDfm>? zNNM8L?_rQK;aQohF%CYtC^n`3c#mxFc)Q+~i}j)1?JYO?c3bA1#!hFtO1K*9lhaQw zOD6eeZ`kkrS?&Bw&)-iu{HvV*C%gIczx(vb-{=2JeAdVj^_8Ur^m}wVOBWc$%CYE` zpOXDHN#-#pgLxPQocLoujCpE#g%?8R3}W#rckr3N0He8+gZ$ZB^oM>{J^#sI;ii;- z5(~KR{BM1mzyEi)w!Z!Q{C|nhUFXt1Be}#cfA+-x{`@YV)z1GoVgo<=#OwdQ^S`^j zwUxjBx1aqj|9_FsUt0dZ^IArl6wQ=z3dMM<)Y!M)_O`cEAq352Z|P!>9De4fLdY*H zi~&~bp3mLIvsKw0M^`3I=PE@qzI}*e`00lxj5fq8-rkzc&*o8d#-ebzusfR0HPFzT z>6RG?UG7ql+A||vSgH{QDoAo*)>-zp_UbaC9YX^XxW;Ujb`Mc zDb_c_;qrBf?=I7uuSp9PXK)Y@n-9W7&zy(9(xY%1rh5bu-7gsl*LzoWraJ~TaZ|@1 zxKk*#{P61GnlNQwHwt;`(scNz5oc+ATXEW>h+Ul};bj=nF>Udok98T$TScK%t?7fUt# z+4tAqpU?ZOCjV)}ud8ZAJwz6~@BO#?l9p&Aejb0o%+}NERM0X0v9s&&i#}8v$6fx`>b&OF=Q3_EA{x~!DHNc{+~SC z-F^BrfBtv=*8hB&&)Qe@K^WJ;rM9w04kLfeD~CtT*ZubmXW`&KPZ~~)|LpePi@&Pa zg5ZBoRI}4wzj=0c)ZTBtI%+kX{z0fJbEYQ(dRVgVH#dStZ#o31_6!xeKEN;(uDwCrSiNa58qjyyHQq{X?r$94<)0OPVb2XKs(~G%wkrtVg%i zIcXl3EN#wd0+}+F_Emy!v9G$liui0DHM_m`ez(=^?7y+*OCz7B;gC~58BR(ko$H&Q zc@Ds`>Dy2WYp|hY3%L`@{?R)@uiaMf-PsaIvMg2?m7903?4-Tl?Dh`ZM@ttMheMyI zhhcQz`plUrPVm0fg)@IZM`0|D-XVB12lJs3u!3q9k95(2O=`~24^`$mpT}V;W`Y&f z)`*yqE@>Rb9DE{WB!9{X#y9Ht*lneY|aVeOg7`oqm-|e-I z`|q2_;xGUMhUbN2v=N-N0Bk^$zYpwCuuktnaKG$V=YC1o~1x4*ZD4 z)G=B}>H`!t9DxY)SH(ygj$#}zk(P`FSw|&HO}q4RQptFa=BMgkPWGck5)H@t(`cqP zvf-$IIhBe6*FS2$Y8^G4%#GQp*rX;Kv`p%BDw;av&mEwK>3^I`#VnXEe>MC>oyzxz z$NTDs;}FtosGRIh<)Gc|b=t4q_1dQ=s?mYU?-;V!sX!eH`O8mDt%rpdzE$^uynNvt1&q+cfU*1h%;Z(JUc>SsD2P8O9YZP&DMz!1#@!A#K+R?furWsJUHn0 zPSv3i#DQ5$e2K@{ENUTOKrWLw3q4aDTr${y;oS3Jvx!f9r}9JdsC|H}vRi0c)zYq0 zsT{Yu-RA4;=qaYsaC#F;G*ob&*145P)jm-AFmI|zFwuO7Z`k~Lj99B>U_Qp{Mk~!J z_Et|~jV0&NAN_F$lif~fobomN&iu+X|2X#3B)qQa?JMHtfLTSg6;g6*k=s=4o^6!; zSKpK!t&J;owzh6fMPqP97(b+^mRk$K*n)_j(O8nuu9uaggsiQ45X54fqu*(Kyw!&gsFs z{T^KI4hdr`7fQ8o(bTNp#isc6A z!OByh+#kXp;fQ=7?ytnD76*06&(9&Vch+qU zaMBI^CVmo{&J!GA6jtsWWS&GGk#pN4A4+EYvs1aPbXu=lKmFy8n73h`C~xBrJX79A z{s`SS-0yd2ybbG&+&A!NoC^AF}Sbn7-+dM zYhJxWZ{t+fAk>evK@i5UJSjLxQ3dOl_yZbwq^rYlr<8L{+P)BvW>o8m^Zc%JBp_YH z>?$r^I9hvBI9*zCVlN=;aGx&e3oj*8;pCT+X>Y8h7#;3YZ8?>8x1Xs~%RrzK*boT} zfx>=attKy*JTfy`;$brLU7)lKa{qLfiLoW%r7U|t%%W_Ydvsdj?fvj_;;!{5FOzxI zX4&8lTD@lbsA~&yrD(iEs4G!%mV(esqO8MxYE$vJFC8vBre$N=hkI$)l@zbbreK_n zvMJbya%tC9%*EJMx0Z@=9wyi5W zjo3WaCDn6k2$_mPro<6X_<0=Agw$y|tSb{o-PGYp6qilv7>5T_h(J|Yn>-$i7M2_i zOMw)4T&9l{yzF}x#sUi}5e8N~gl|-tD+r3#D@2h^S56r`K7WwIj zB~$NXy#8MEyBS^^Fxp$XkhQ>qX&952q$`mJ|HN87+0#6muIh{!%f4TVCuzgVVae#I zaD(Dz_QStF`0lSw_y26U-~D{E{cQ7Ah!eIjku_F=L^i$38d0i4O{+?AZj?IIJ939= zTM;j$1O%0P^~P3H-Xbju&X8q#P+9suK+Q{#++9w7CQwjCld`^elo}uH1GXkg#k;4I zFyoVV%(yr|!&X2t26h*Sdv*RRF%*5bNloYwAKRQv3{C55v) z76jezu|Ak*QyOa3YX@aqO7N({`4aLJ_zZJWy)hp;w_>ME$s%_kG0}QFq~#}517G22 z-s;1t4a>T}Je~T7{OMG`=u@X#{u}gu|AKeG-p$tL?FTr2TbobH&Y$k4&tEnJu!>8X z6{wKLex_aa1V@l*uf+DE@&6X63d~po8nJi`M?yT?$Y7o-26=jN^d7RGKv-!^X#fgv z&d3F&Gsu#e5=ep}NG)bp9@)psW$FuRiD7G|G@UTarou2?tQ40uxoVm?es|PspB=UO zXRrI+{WmRO3z)+Uf)5HW7))e&5e@xS3SjXu+oz2tJ zW+pxb zoHd;4y4kko+@*xM^rI3GAFDSeh}%qu^c8B63SEjyq~c)a`VPV%ew30?n5~i}56aR%ywFbnnI@`A9|yRjYG~xDUj*F=aYIG&iX?Zv4r>i7}5hzePB$L;eJH@q~Uy| zAGW4WW%w$ZQ}}E5pUc20^tsyAx+w_o$GdG!Vnb}QgG;%5Nm z5GMx>81FK0h^B`D1QpJ00eim->Z&)e?_xsk)4M0N5|-U>Ej&LM%@3NyikN;7Ooi+< zvhUBr)Q>_=x$%;TXewkTDH2LGj=3}VO>T2o5{|>zj}%{as#0TzKLhCfiJvs8>mb88 z)tg+Gy{*0NTZjBc{HqJ{=mr-{QZ}E>XtG}2s*&4AHJjbj^mLRBSOB;!L#^b1dJa{) ztAp4O5*44(A@L*52=^CU)u~olp9YjfbdBTy03kr-#*A5-UDe`Zg)jl1Q;+;e zNdO7I5-4~G+OlvOrk;V+Zt4#&dWk>G@S2_Luif1(j>lW<>-JuC2Y2<>JTbjVLj9nm zyXZId!#LkTmL~2kX61uE&Bo*t8bx}{HJB)AAE<@5U<-&VJ?6OspmyC3)|C4(>)J9x#C3r>P?G@=QO z(`b>E)4rNeC}WLY4zEw%)n9cFDk1NS{(U~5%~+Dsps`f}fUc|3iI#~E#cta|7JYs4 zPMwr$p-Ii!_HZiR1yINO_~WKI6otBk~&=Cv-;KtD!)>8tvAR z%$ugfG5S4jXn7r;ZGI|WQqqY?@ai}v>pMDIX~>Dx1&1lrn#H>L6Lv-BGo`dZ@tfDO z6Hzq=CGI#S+l3QRKoR-oWjR(ny-)oT`q zDFNhE*9#IbN@+Fg7ik=-%6{_MVzC>$)O2nWt3`eUnAz% z##L_rAhtl_-}+wO$T=ul2q9H-P1#=pML9qqb<~JUR@h(pG*sk?cST#96kRDN4Z(UA zFT@K{zlt$IX~^Xl9{CYHi-!!n5J(u0!Z=JRi5Q!CbI+%~)%IvYjFe-gl zRByKRG0T2R{bWqRHM>!ADmtx$c1P^i>4{=t?L#R^N0fwIEN13&PJ>P24_K1s&RGV2 zwHGx&&*aSk75qM#V{S5<3>c?m$^!JtfPX+b@WFg6-rEtoqDf&QPW9%8R_E1ex7C;L zg|8Y!Yr@ITA5pm~|fKk{P&~{tO4v-eJO}V{uS8xc-8Di{Ysgx%(FdADag@F)W1%VKq0JJUOUinGBUk9?&iouczJJ58Kn~4Ya$3KUE$UXq|yYKZ{iXZ`|`CYDjWl%hJir2cI>c zJ4Y`YP_Q{ebM~2wckJeBGR~($fu|l#J2W6U2`P+c^R!{>UtCH)!bb0kjfWPuALY(h zZUvy%38nGFKG*x6>Z;!MlA);m2o#nKW!?gFMpD7>I0n{)3edeEnAQRRdsMY=|H2mUlz^V0KPm3<7oCdB%I3HypnXf)$w z&UKMpt>nI`F`w z>PuN3AXk+9GUusSBANP&0R*{@<`JkArIJ-VAazwQ@sOJNVllBb({G-gll3s>DfI)W zFglzDFUd<|{#f0rIOC8jhge;BL!n5HFqo%$*;Lmv3eB)KwJmDdm9+zzxEk`>h#5T- zBf(-pCq=L6kUV>7XsOf?M{LYUt1j z9NDNm*Bbb^SPSQ%c>G zxoRD5#Kv5F!P9`vQ)uFgFQI;|8^&%rp)U8Q)J?;wHA#4az9cW#Q%Z^JXFFDtmPM$v z6pn~b#^EIe??D-I&QWcx(pM0kCJ+$G1^!c1i&xgjD`joTl)3UOWscSX9SSZLrd(3I zblQ|ID-^s8VkW>5(uFVpGKY8O9trtdy6EazIMtgAy0~@7H{Yo4;Iq<@oFCrC)(_Pi z81uGbL$VdS7j$9E2zuRb>4G;L-vhMx-Nc7oFdazf_KY}2~@o4{+Cp5ti|1upFuIC z&qT%^h`YHwU^N8=q+93f_qH7=di1#zYI+mbWuc-^y3OS@rUUgt~gK{ z%E)9%7i?te7=Z~(J>(cGJ4F#0`r^u($MkxJyjfkK((-@=YO6lnm^jNkbBqODBFR;E z7uhkfO0_~!Jub+@KWzRF8f zss%U@pBk}oUGi8jVq=`HX7P9Qax7h2cA;2Gy~0dCO@;SBJsq$`bc>T!R?%iI`1K=5 z$H1Y2=`5V7>)z0Hw^IT|{)CikSEbNSRG{ZhX)+CCP;{2~E{LZOz^<%mv4q9MKsDY* z>Vl9~g`8|)>}A2@Zm9S^s9fhU233q{is9ElVyJgTEv4;kmuvSa-gaLt@wNjMivw4_ z_C(7Hr@i;5(Hk1gXo3~pz-v>WLtz2}jdT2V%R0chxvT5|Lw$%)-_q~4diKn3-Zzhr z@W@Kt7%J9^Yf!qIPBtk5wos6Oq1QvE|J<7Y-Dg{?CyT#{85d7K;yc$`%yu5@a-pA$ z>(65(@P7p!hmg_F0CHKl35miOk{|2YNY(SBuldLL5!`}dEF`~|FD)iu$iQSx75kF` zS7N1pyhyKgS9nsAVckFd>JMzhU&ZO=yQC@;supX$oGeR;zvyV zsl_7!=LhvN$OJGbC#%x*WTKPL)vMR3tgVT@Qi4)b*^^&4mVCr--yf1z*^KY$hh1}- zz)1142c$4zJhgksIFHgExF#H=BA45WFLSD;?+;t?Wuv+dJ5J+E<<#(Rf!u;vl!+sS z%e>@twc^Wr?@PR5{FJ7mID@$>=6yZyIlt3ray@tjq`m(86TZiGo zk|v?;ZD#C#)OfVSW{!ASvFDEHsk`1G5M36e^-Eh!S1|I2+4&fM?e0onHwDmvcbzFM zX*VD-?dKpS`9W~R#vPU-BgrmhgOzRBC)Jz7cPINN&EwXGt)FkztvU7Mz=szn z=qtHFMB=iSEY5NbiP%_vz2m4SrW_+H#~j9_AF@+bh?0AJQgZ8ttj}rs{(qptK>3|3 zrFJA`qxqd97p~UQ(O0_j&GDro0usZ=!$rdh{4iRWxB*xHOM1wnfF=z`{uwwG3$N2z zLODM|Jo3g}m$(%Fy+mwv$YM|RcBK98o(o;t`0^*dFb7A&T}8Ag%xdai1007q%9%~+ zpHD}x{NcrXCdaYo_~22x;ji>~;1Fl$sW}V}f2F62TFnuTHR{!IklCanHU_x4%Hc8~ zK+^cn;@bRBRVU$RP47?;!s;i)Af-;p&d#6%S=G%a3)zzB}`L~tZioL=bF%){$8v`dob|Lr;zKzV|CU~5# zV%z4g7F~Zz-|>PIAWA;shdh^(Y0||{?Sn>jJq(CDua!4A@uyTZiEGBSS+$^u169pN zRHA7$2dU6(S<;gQ<(ZAyydHFmm^p^NLU8^4gvH;p!68eI6ahbs~MStIz9?R7=5gPQg!AI$MV$GGm;F@F-}fDrdx$B~YzjNHXcf zNA(JesnWEZcI_Jxarg>gHk_(4_qsou)ze9s1n$gF(nVdj&i>_8a#{nYnuA#s+6sdj z&{UfxyQf<&+rQ;RVQ(VIYgmTUpi!8+b;@0rBOfzSBpysO9hRX6n>%C;eAx$#OTQyH ztfXr0cB@;GJcJ);KO<9`;Dohv5jcf|~ z2F_y9>C8|3DNSjDFsj>oV8B%o__05QSA2EH{(i#n`vW?oali?SiL50@V)1TSTO;pg zLW1Ch?>lgm_#QcFRx0YGna5=Hn{DOW1g`pm;=XG9xR?<3Z1^TI zd~pIH1e+&07}3D@#*7y<@91Hs^!KnUS7hJ;`f%<=!#*;UomGd()iM=bbxrS9ri zuU@@+_3G6-M00%#WChY7LCF}lg7cQ40WljB8C0YMjokWntC59oJ4Y5}FsvZmZ<9DH zkA&+SaxDyD_`s6vZ9v-fVJ}?WU9s#Iw#Nw$Az4jd)TvvtX|qw7MhXbQ={4O(*DujF zK4~5rSbId8gfIp8MSSX$_FG2q1=nfRp)- zKgJTlWUCd&FsDXnASw6}6EVo?2k-R`R1h1k2M3RDOR(t-nRiDmxNi!bzk!7f`?-`30>gJu9MPDn%Pgbq`%G2AY~H`oCE?0?5N=*0k^0+>WvH? zaxxA_2(IRw6&t77SEy$u;7TN7Y>88QpwVl@C5A(-Dc}}zc99G&5Fl@32_qhD?o?vJ z{@DBsMI5I!X%OsJxi!aL7NR}br zvKyupVU2fp-2ej~C@(rzSqdiBc*{!n#*b*B4?8o*bf^dsfK!eStXjQ_5{R2PZwvk` z)mpb{Z&?v7D1vombH~L^Z@@tCN{WB}i+TKGvBS&Qk+nkNk~%v5sSkhcK?}Tylb)71 zXCP*&z)lXtXH&F3dnWR|aK#&Xrf#MZfg2LKSH$`MQ}D335@d_sg-pf`-b3) z;ssOo3f0LuB29|6AkSvesM3#Ime^*3ojPdjwC|vX=mt4~H1rbcm2)!aY%wtwBNywP zUCxK^<U|~;MH8m2v(5M&DW;x+3cpDx_1uDcFAU|Fld;Q_g-vLtN$NYS=3K2=Ot*q3kPrT3i3`~iNKI6tXgXJz9514> zc>DGaCZ@+n70>q~Ct;_)hVSdjPJIpgm+|*XxE8qRKZ~z)XgmadhLYna*Y^w$ILoGs z%2M&ia9l6*GHkcThjlK)AK#MLw#Taa0;)76t7Pi}s3srzEWbekptzI63ZWtNG_Wk* z_hNPAY|smmm;|sFa+wACqI}zmxT$U%gh-G@16v$gZ-m|<^<+rVKOYR;R478|uDgae zeV{SQYsBrh7nJKDxy}u=i9zBaX)N*>X>mbhrFO`s?u-oIewMy;7(zu3ofu3L1Ss|i zLQm8PPBJQjCc)U;3l6$flJIuHS~hLM=v?3d^5yh=%f^ZYdqLF)B7;_}D#mQS;bRZ3 zseB2rsX$fX0w~nQ3-1*M-dE)7M!FKcDJM_iNUPEDlSN2F~H$N`MhU%fGvoo zCU6>BTb^6S2Q>UAgsNgYg_{%>r$zvTEz91j2L`eLKkrlR-Pnt@s{7V5I#o~W{$eGTB|C*2$8!@ zdx`k1ag6Fb)F}>FN#nUnH-*MhkAxYM>oSmLLimigBymwrA~dZ}JciQ+#|1qJIVey+ z8a!0ZaWYokao{53&fLsdtzyCdVmSl=wz>_2%g3ii^OqOF3*pldcABZ_tH7z7HW5}R z6)pUeTn?Jp)tH3jVDGL3Itv||uxe10NPZzT%bwI%^L5k4Zb!-Wq2Yl&y9Wmco61(x zw4Y3JefRLd(BSU9d_&LlY2?kG;Q=V<`L}QrwCsgRZ(+=FX@7eoTkw6I8(8Df9S5Qa z%A_R{BcKCH-{*-&ZR~#{4!F00T7m&vjJ_Yijb(~k9`j@2;c$nN6Pcl9oswOl#lRmnLfBRU+SIsUNahTH)s;zo71)j1JkB)95kZAC zq)gRWIa^#hbms_9J#|^9mOfRBK#Arx1@s`$06N05A7zAg9Ed8)@eH?Cmn2~4!adFo z8QsKtB@r~osf?W(ZP+Q`)G$jicp7iViE0y*wYU#t_TpY`lEoS#i!s2D1e@`lN3$B& zYD?LT!QB+gH4_Q8WqFe9*6a0A-PcjXt{A_FtVh^ckJtII70SzK^T;g{%sYWsDtbx3{$A0nhGl1qOZB-aVa@E*mfh4^_!AWWJzhrjWdhwcuL z9!%P**Ao*Pa11ynIznm~1Rn|?@S%4MvUpS))2%AD6%ooPKoQQPQ7sAI^!$RU8<#_! zX4-T~J+qJ=VOZ{*@5~`pL&^pZ5y+s(C&p4x|K`7F;`Pbl+9NgSVaBz9yM(n^DmwB{mZdY2?nW2{IY9E;Cp zatlb$Kq4&a9->JamnP@t1^aoBZL;B+E@D1b7kC?)Z}Z&On6nI(@3dvidA^&`EZ8Y* z)YL>hma<7eAQ`zf1Vb0m$#vWjcV<5uL@r&a2ic_Af;Z@eEH<7gxr5z+`EyX5nPITwfF`5MC-%fN+(Z@|Ed)#^|7bo} zL?#>LZdrGoy6Lu^gfLJ>5XIX`r-3df10JZM)F=9~*~!dr3t6~DG1`(v=XE0%hU|V7 zBRMU7B7@dl6D&B6K}`LJe5-2tYt*`*dr|5*`p}ZP_n@xGqss=n^ zp_4tjMaE7jUR^I^Khr(Kn9wVW4)s=nBSpo~C?+XVv0bmCPxcNI2er80M0>49IIRjk ztKF~}%J!e=CIc_faUxR;U+o&-brT=0KtrYXtk%2+G&tTlRFw*7Xdw8HL>RVc7j+%S z52?#=R-kq*>dLT-OmYwR1a(9l3D@E4CU3c@G^$l(iK6=qy^kP$suS-Bj!i*JjdXy1 zL;W^287@Uz4Va-5fDIH}s3{`tmcbBAp4_+eSE$h%5C&}{AkJDvU=H{==~!!cTNbBa zyT>2V<=5!~+H-OjP;ds6ldia;pEh+{v22>&Ib%Ci;F3Z=%1d=%*~`w7X<%77lO&Ld zLn=Lvk*D-1#@YF4A2fE*_sv=zX*T?EgME*h^GB8da^&?624Vy{#7ywntR^j8Y0fvY}K?R-IQeetifq$YTVJo_8dnv#HReGyL_5^jAc@x(;!8c67 z0GaCo@=1X`bKT&w!4|p2(yJ@D`by1YnNUzKI?dXFd^~8F7;piVcX`{9}+%3?7=Tx9JV=qaxXghv#A3Gt*<50pRbUOthW|F;dQNzB7 z!vOm%e3nAtdCU!Mt%knhXBlV5BZ7T~-h#n?np_P$Y_kXvm0h=^`>fzVftD#NWvcs& z_|9t7a!Dj+m?*?3fUbHWY4AQp@0f)KP3rH!Tyb!)Kip~P6P(Y7RJ3cMp%4!~rE;Ru zIncE;r*3SC9uRiJf!)Z30@;f%H&E8qdA?cSMusKWcPL1wsP#JQI()V3rvLLKM`PUz64+6#Iyz05?K4 z2?7#P3KUGwsgg)znyRS7L7U5Zl~$RRhl`W#%G*258cq}EpsJ`^avisBYMCR+b&aMD zC;ow`4H^i3N!vEbUW^P7)Q+i2)zEOOJ$<}V)Zs8?kkUxWyOM*0RXAC_sC$bzFh*?A z)Og1v-j3mCk}u@VvMw%SJ4l6{m^`_UjfWU8mlt_o@K)Ox&od(w2oK`?sj`^1! z@VFzkIA3?SWQSvLT5NE>?hfO`nSqgn#an zYd;ETv~uKvJ%RCQG3$$qwOu3ZjAd5UM4Yhf#%g#((r6%CA}6H*OAL4*MW%5*V5uj(^;YE`P~Y*A>6O{D`VE5_JWsA&ZXdBLRUOs(KrB8d-+RjvJ2O z>9J2GW29O>5I>GUUS9-y6-Y21JCDSv=^m&x%8RHz0ZCD|Sv0vq*a{^3BJF#`v#yn) z2;GSCniy{|h|szEm8yKTfxSv#Voq{8yTQfay3>?AHK%&8CU4+Mu z6xbd*hLbJ?UCg4fm*K)IpD8216V)z1}uBPaQp$!tn0`LfL1IYz!@ju`+414grLqH+;?s_`8Q#C zbJ$&#@k3enOrRzAXNw2tF3S~)JLp%FEg_iI&@`T43gwqFgpv$iZ@qCn#=IuJt1Cm z1|+-TcD@@nN30UAZ%K54nq|+?lJC^#tY+C(tx;=P10oCgZD_}i)Gop(`{9G##(n3&v0@7}a<%1|%R{t_;DQy3?h(XW#SBJNJCL zGJV&o4Xi9$zKI-g1}d&o8_?0p8{n*CP*<)4y;=oTQ%7lZ(Y2_nTj)56zV$YsZn{=Y zQUjNDE~6_=&%t^PFa_mB-POx*!$D2)ck9c#+l~L(v18`!nPJp+cy@MIQ)@~v8TN62 z?jW$cckxge&|ptpX4eNOdCH0IpfD zLcDx)6`5&CsSNb6WUl&iHERK9f|y%$oX};PYc80pVY>l-#em3n8Wo(TV~^5a%Ng{8 z0!%H9wc)+7liVksX+Rybrw0|9^U}$6Zct71CmTpJt#Ki3>|Q(Y6KCXH3`k1bhb0f` z`egJ=m-5EA;PF50-6HwBMe=uV+q7?Uzd%qo3%I!fW|CZ|v($x&>v z&C&hoVZ?aDIg~7GU550z1t(cLkBL$C22|0LOPNLI+Sx&?>dEw1zO=y8Rit8U+qvk4>Z5+NdC>q?> zYyo=51Bb^d&WTMcVSrJZT?=v(8kS%nMO8#cEmu{VkiCpoFE4!0NVAX3Alo!@)g};| z8W=#fD=y7F$w6TVF05fs%#Ds0ONH_Mhfta^R_{n(G671cMtzSR z8z4y7$V6o{81VYg-b)SnoM$@$H3k==)9}H{qV8iDz~IoKx5bVf)C5C`PIe8rCQhqH zFD)!kFpZE4!OoqkkrYhhpzg~x4)R5?FSRQ6V|iY~OmUYZThPgQawn?6lug@ryqH~$ zn6{rUs$b4smMdhm^FkFJ@N&v~Q2YJWQPmO}&6JfO=6CDG)OtH&`JWCn$i7i#31&FqSQ4C%E=FyA|GE z!+ENAl86DRcm??!g<6x}gUEvJZWRNG5l8g9GUP$y1c4pbuzXR#QmJI+ZUS z9G^NseV+0~i14IdMpk`DF`O)RBd%YLS6Zu^;#D}WTdd;-O-&H=k@r}KY_Cy=T9Rpi ze32`GiqMQs94s9GBVy7~@S1SD-1K`1l@&+HDx{*&wud zCe-sR<#k$mL3k{|k z=%s1^Vm2heW)zqWt9qY}$d=hQJB3<$qYSu$_{R77X(AB^z*K%J2-V(tagOCJOBzn1 z+y=-HJTN4Qa?oCu(>RoEmE?&Qadk|tw~^bOi0sHB{aoGYknDx>Rv~Id@frX)nX;9W zr%g#ZD)+z?;Jlmh)ROpXx=fm4U461p;xv`ZOm?_dQi#LY{U#vgw&qQ=kLuN`X+Ysl zQ=|9ODC+#w#9@>l0XISUm|W9aq#6`(TohAU)*BwmiGkc7P-H4R1Z{(E^>|r~Pb|Qb zvH%APovgvOt>Z02nws8n4S>ypWUFFU9jTtywBz{;ZuD{?tdFvfVVVX(zm5xZ&$AY6 zWiYn98YuTt{zmUf+Ve{%=0>xn>|7zAFKwLVRk7%?v?MKiWQn0teA!mA&N`4@^L z=3bES(PP3f!6L|E`N1s7YoKi*KTj=K_Ua?U%s55=_VY0s;)a=6!m<@-=v5m^3$$EtbYdP6C?>gWWK@ zhVbo#VZ$HCW!dnTZA7gKPxzRZu${_Q75bQMIgz@Z!n9x-)+3}D;F2cW&!uRH8|F?4 z%T9Px{xmLUhPsSo$uM&4VZf8Z-|^Toj5%gX4%D#l*LJYxq+>5Qj|^*~@;amYPXcqI zL2j5iLwI(=p5c$L%4P%sKZ~!meq=mqs6rfOa3`0w53Ne z<+f@dM05)Phvf$%`+}@tKn|i_x;n{*>#qR|l`~kj4AYQeej?s^ms z4oethY==Ipb1&VQECNG+Pz}JplUE^zTd8SXSs+5y)2`<+%q=Z~s#L`bNZJ23?WAiA^ zXV2JFnG}hZsOI2p?N_@*sH6px?)8A#mF^(D*5NSzU|3oYaZ*6*;~vj$$U zb02@*|{&6xU%lED*yzFW#AbY16q>nTmu6u*N7j}SwA}i27$`U10e&) zB-P+Wp&vBlOg9YEkkDdW!()JWgF{u?m4hUqWWI!9k*NVes*31DK{`pQ(~D#A>rhkk zO}CFIC6J|b8|bd9uYum(wt-tfU9K;DBnT(GqglE5Iz7JRNXKrR52L^ z$yhe45?j|j59l;x2Hm8YdYPvEVKK@qQ90~^l)xKi`Q>uBEH}{BG@z}4!@vepT0(v+ zr$S46{levBtH{WqD}n$xIJzg<|-r|DmKHupSftZsa-&F zViT8s>6=UjBn4!`{{6UDp{_Wq`bM)vp*B%-zhL4Vxjn2jduSq&ODbGa-V$^8Qp_i6 zhGC%0QF^&-*8P6PRC)00J#P4G%fsod&5GWrQedFhcVM4Xr$>G{o>i+?as6Y@^gzyr zJjk&C=vgrRL!Rl5U>I7~#r5hdrimg|DI|Gr7e?#ef-OV z`N>>HOZJuxvHs;cN(NEPA1aLCgLEHC8&F>{NGZ(h^fZF39W965`!A@k7)KGhSB_8P ztVG(2th$zx+?cmkOWxw;Q2z0CW}lFWN>uOlUzNfG8iqu?{4C?Xm-_;e!q4v?5vMa$vt z1kO>Wzb6ezyM9oo<=VM4f~4LGI=iEyEWC-wcc`}vNt%N~?766)Za~UYGfrDHt98@$ z5|(ZG2l4Nr?HH99J*?NNxIsost`lBqrsbC@Z&47fi#o0sYI4xRyzKK-s$IBK zIF?C(8H6=WjPJiv#K?}TC46(&s%nSwN|ZKHpz%b%g~R`O^oj^WDAGeL8w~9 zHYqSHR4yc1pr|*RUzTMh0G3^Gz?xpeTpbjB4kyQ+q~DC&6$iq_Q^RR2m|qz=Stke0 zY7Ksrg8eAM5+}zG6tc)!zj(M<%1zE4&Q4CujZcl`Gcn*XFym9jQg&h@SAbu!CC@@e zTjO}8Ro_Y!1#oH%spyJ{V4=RHG!($85u`#gCW52p{8l0;fKww##db^tNAPyAl}Ls_ zsuAV4B~=JBUo#P|!eDuhv*jrr9Z`M(hLKe3z;`Wk*@SEKGJJv)WhjIvCcPG;n1xVf zmM>WdQm*mk4Fm(sI)xtO1`kF@--SwN!u=7S(6mPjrXP$@>{o03y^xlg z4tgCmxGXzyh)xk-h@J*2hd740xYO*<$hdSlF8CUeLkMeXxmw*{qk~43$k+(T?6w#K z=YSq0FA{MmE?M;m1US1{h!;b;MU9o1ps&Shv2bt5*~>t5_hdM+g+S2a1z#AuZlYl1 z>}AV!Y;%3Y4H9+3W+>=m+sYy4XcXcBO~5<5Tt{8uWx zC93i0(=1J@aS$6XDM^FEVu>omX-{n94b1?im|m}&Hp;%Vth-{-sif3r6ph63p;~AO ziMPV@$ZfGhTC<1N9a(=`=|&0}XuH@Cn# zSY%xI`GV<_^%7F9+lf+i(V=J}>K;+8TCQa(;=`QY$touYd8)E#=~N2-pPc18rx{7D zhjkq=jmtRVOszaFS9R zq3?p^DdY)CpW?fqXJ)ujubb}hY!Cds>a5`3x$M7vB0mKH&dvZ$cYUj(<5I&oVWiZ6 z&p@DVvFhq;s%jv?A`Ou=25sm@No;G(6oCYm?%}u|3QqSxwon=$%Z`-tg~Pyc0UuB; zEVzwsZ5NLrZ-op$eBP=tg0pBclxW&dbZb$wY{GgZ%O<)6s_CoZ(*!1ziH_^EW!Q^> z`$AUcLmkPAeW*`a#~0!68#+Iu?Mn@vpBm&FHS8h{T^6Bv=Vf}e^HRH0g8=?_Nb8eQ zQ>pWfik)IzK7=VU7Y>-$fI%$wwglEtbWu9CNgzIC?olZaZ~$addXE|IIamsC6$}kY z%2g-$%hS3UT13K9&;sMy+ffH04%!5=(XfX4kT3$t^%l%HbJ1)QpcKEb;mDyvAvaZ` z*@)pArFwzOkEQ)uJ&lCe1(C`JN$JZm1YP#Mq4D$uhj|kB&z<<8QW3&Wi$1H(>$YvW zMPGM)ppBZoS@unX$0O8zKd@}ew{&FXuf%smU zA^KFpZK$1a6QrMQu5bm;1i9x_4er%mNhBg)hjDwQ`g z87(16`Z}Sg=HW`BVM7Tf6UP8iWQsLX$_jYI0#pf4idY4zjL{2P&IHd7eHJP-Gh#Qh z!F><4q|pT9WFe*`%ERS07+&s?+}BbYdV=+0v7XdpsJ9j(AMn=I(AJ1gbfL$*iyP%A zPH0QLakeO=*+;R6nD%|k*V4w#*)mma(6g0AIJ)t%Vx}k4LtJ}Yuw+sb2~N9!uwOFQkaq+6j`KR2 znE_`9?=vq3N4itHAW^Ba1%AOj2<~VYkR=l$-%BbPu&+Y)$e^E$BmtC5ayby&w9}nC zv6(F6yA2cmHSe1GQnWz8jnO@nya)`(Ho=8~i-u^dpy`h=uT{Nx>6=-?U4GiTX*AG; zv%nRY#SbT(1)(~63keq7!$w*mgS%wqRly<8bhEZ`z;zn+G1sX+X(#dt93z;X{S$!j?rKM)4MviyHiolET z9IM?O21FW$UE?$k;&iSsIbOudP)ji8s#yj*UjSav>zgJR(4!jnVJka{xzPPZu(D{n zCh;jk7x*+Q5GkMTnSPP^(V&ZKHuJollKSX~6KDG6GzYrHoSof%GU!&q<4Rq}F|ue^ zL8F>UuFKd79s-2j&Cr?;3gk!C%9ghR<{cnx2C{IIdnzDok;HqtJwa=L-MgU*f zoA6O>$*^27P?z3Gvi;bx(D*tM&Kvg_P~F9E{O+DCKo%UhU-wKSZ;#uauUD)1yueck zyRt?%Z_hH1+!n&+J`#6^;n2PyPkzX=mJ4^ZK{8-nF_31PWwRXEDItxMhX;Y2><`h% z#?vg?$rVuV?1p841zUU(r*Bv}SMC=F!~bri){OahUiWNcUl>0Bf?e7At!VZUuu zA;k}9EMrM$7Kp{=lH_2^SC!*T3SxOUdEgq7)K1+`UtMvXg*5je|9dKkoeGu{SA>qg z9&6K~bhnNACz_epuA5a?Z#Nzpyl0jhuH~<#Yr5x~ZfeO~Q-Ven@tS}shJqJ3WiQM0 z5;Ua+el=?GZo0%C-Iy2+Xv02ibsQ3`rJhh9tS4Elx-+Cl3FJ;evGU0O!lMLm{j z-5{dF)1uk%5vrKQg;HRH7WV%^@w~cgC*Xg^EBK*8uTnW*b57Zcvs5Bv7j0$Y4m%iI zHtK*L4>#s%EFXJ>vqx}3QrVrz!3fS`)ma#E>T9@6dnmkzSky(@RGo!M=5Q`h2aYs& zwMUp-wb3_pClUas>0DYHb?I4*>zc&Yl%4t-3a>P6-@{I5B#O#+fMI&RWn-^O*l?s~ zga(fqhYI?k=&_LZj$@di%3>d=Ryjy@?z~P9N@u1_4!#e46CSqMn&Kqhxzh7i&=w!MP<02_^Xb{R&CwViG3n_zlx&UmLK_?d`pOa* z7}GKu=vlA3mhFS&P_u{hTtwA+;~vYmqVL_P?`}}So=H4q6YvaNFg>Tb+~U$o#RUeA zagwJxj>&ohH#{xlk({bQBCa%`34hRg#Nb+jV6BQNLTV0LgQS&;?QjD{geGA*N?gQw1>Ok0=u@t-<)D}} zbr>QpA}zQas0=}&V*MzKV+$2QZ8z!_S9!2V`XYSPd!@x0`a*KVi*$;@dnwCiYk4?B zB(>4aP`I-+tq47v#xp!cm7`ZA98e<0ryanERj@}R8`Eq@hOjU`k8_8&O?hpz)kXXl z$pRZS-FYM*0%SrfE(Vx`P;PAm3{Hb7%G&!Nm- z28z%Q_9v3l54Ix9YMQwpAS0ma`eMTJ{ETWRQ|)5Bl}4{~wug2B*Jy+YhZHj3X+Wc$ zYb3h~k-!9_b~#*V!w79llIX;bfjTiv7xE*yVsU)xK;Rb%@?&7Ske|*KN{7MN_yqN4 zKs5v{oI{K2HYD-Gt`aECJ1!v?#GE=6kPMQyc1Sw(Ws1%ap&|J-q$_eNiCS6QP{%m? zv&Q|Z?3n00>W)>{UORVk&q(%Ryk?-#wd{r*tU?dX5W(QY9B-+%K2HNh1Vyk2g9S?O z-y-{*6@?}8hC*U(kuG2?(vVc5*}@m~0VIdHO!$_EvZ0!`FH2iV5(p#}+IBqGH63m% z_`jhUhCguqM@_IW$u+$mJ(qNav0LC|O|OfAx!f94a{#*~<~81S6HI?(WuH5YiVUiS zWIg|*48s9TXN7t*9-^o{$4r)B*(?_+z8>$F{svac3=R);Okp&o{hB3KRSu!W8d%Xi zakFZ_7LXAa6FFoMLU_PqBl0#VA+wRfs#9|swvUg$kv6vkk2!|KSsDYJXOim_9K@5_ zANvDmIm_q0{h2p4D@ly+3jDJ@zqvPUQ-!vI1QT77N6#9gfKy+~Gn@PtJ4&c|p3sn5`Q#Un6EmVYkS5md2E?u`WbI=6Gr285>D{Wj4;L~@ zs|uJ=7ulWy)3jt17rl9T8-F`XWJ?R9INp%^WY|n5eL!q|;#X2iCo-pSHYb>$jdXR| zjaNG(6RHhip>+S)qR(sc69RD}#)PH{$Mm8b0r8GAI4e`3Uw{apQW1;nHb=NGtUH$N zlUfq&>IwEDScPg*N5SgFlPr7~wq{Y~WYlt%_c>=rt0(Lbj7i9&uG-1S?%UqL#-TJq zZ(2G=D*i2aOjH8u2pq|84XrVgm4*g|k@BFuaT)i7 zNZPbWYIR=R(25NCVujQBcDy1V;bjncdmD@Qr?I2iByq{w;w2Eep4F1;duig}O)m|4 z-J)6^!O>5>M1(vNkFRB-*th6tH?nt;GvLPeud0kln)h8Ck}G&c=)zmK+%~x6fOrTG zEj@W?aTj8UNm`05sh3@?C0L-tbG#Eeyc*ovR=X;zJ#kqwvM4WC;=wf&O^8mtUqfB0 zyh+0}+5|3PpHl&cD9=qVtO0HU36-n(Nk)VCmm+4`j|}F7pF-P($WTEwrAhpJcjt^I z-2sf`rw@bVI)&NfZT_)2NdgZ3^FBPw^9k9ZgHJVYgqS==i?iDj$4|}lk2emF=T{orUJ>)+IFte zXd(^ikqTDZafW=yVlkm;tl1DTl|d<+0~>gzJ9P`y=2A$gK!EACK?M|-7sIKq5h+EZ zpJk>EW;2w8QV=}S9jL(FVa`^`uuv<7tt!9<*L%gQBR)eSdWwGsSFJMeb~mn4`*;_x zY`B3Xm+&S{bInp)^C_=GX|5F;hQQ{Mr0rnMMqYG9U2r`H^!$h$HO|hx1vhAcWucwp znK+;rzHRh}@g8R*47|O`q9-wtk~3KROExX?Vv=>w#1r2=5ii@5 zp~50Nl#*ePROZ;w9c+8DrcQNoNnw|7X+?d#ts#INZ{yhlM#E7%0bb!-WD@MNLF<`% zXq2cMFrtOiP{<(J*EFarOsHtgRD!<~IKEk{3-KA;$Lf}CaiQUBliWQ{8_f!K+Cr;B zuSLa6=}Oj4jcUKQONhXoJ@h0{fuwhBRUoPThJ4Q^^OxnqIdeK0ROc$o6Z*j8M;{Qk z$H%S~pws}mLCLjh0H?OP#9YJo#~xTPZ4(z7ZyA9$=HpzttD<)!c+>FZhe}?2}yY=HE8?&unug=!}y) zC|j`%un7hhd^rBlI+SEhsW3hXCbPv-u5d~2a4-czZwx!Wr{TfjJ-eI13BFth(c=%j z!l_~Af)*j2An#fWmd#HR#cvtUMS|BK@ohVInFb&`ZalWL83;06z ztC@xZTN%y3h924`+4)vBO=#$tO1-5U)vDII=^qL(ae6qNQ^MdxyH=Nd8(+-+*sx>}$E7fZ0XwSQJ;iG-DmkJka zzGwokF)w7-V+%;i$=X5*Qy2|9R(NA=*kX8di}OiqY~=`HEQrYTXvtpsyMo}1ItqPN z4031wIP+n>TNPF;^MW|<(L`%CVG_(vXDamh$(kaWP*@mI*jwS3*UAS^?P>=C-xfe3 z^Mzx!4$zW>^pRl!rghty7>&Jkh1w~_JV_3lbCY!1O?1<&0Kwc-tueL2rco$$!p}sG|jTm z*wB3)o&-XWO~Vpfq9>`cG|CXtG8r-&#=O;snBdG}gC8zBoyBEV9qQ0Ky+lmI5MtogCM2n$;OXgPHj+R6MfQgqzkhhf{6Vdkr|dnz@u)q zkq;D*Oz1cd4VS(MuC-257hyEURAu0>(-8>o1>CbGD#SX-T|^Swbds=$B-&A@1X?m5 zLurcONH&|HXuCG z^gls8+`O(5TThvx(8B5oGcg5KS5?YMz=R8+=h4#j5#JM} z6js)*ZiBHC z@rf`C3z$fcP?tjKHi->cO<)dc znmgThf(~EqwlkzU>wu>6+UVeMHmwoC2_U0%3yA7jb~aN%Y__dt6HZ*iJFT@Gc;HKj ztp}KZ`Kr;m;Gz0qOK%|bpEdzDWPee`*M#Mn6k@|2EabaQRnGMIGssai=A^~TpftmS z=3Q;@NdVOfs+zotFI?b7X&&Op~ zq%}-N#bzQ=u9~`isGeu_79vA}<%TUhGw^bVp|^&BYCuyx@Q&IJW5>ZAlVsKM;!9b@l>9S* zYG+WJ1SZ6It?szKZu>yng?>Q3YM??K5QU1h(7*%rfbN>agS}BF%4e_u`BjeL@ThV6 zV(ZPcy(+E{=8=*hN^{*7y^}L6?tMZZef;aAPw1lmV{}mxZz|-=M9fEvIS;WSB)uZm9;5I= z2zgTj6i?^tt{*stFcB+Nu|pFR zhc%o<$MP+`YQ2cNY4c1!TZh9$f6dkPhG*th&2j_7Wv_{_wJrakS*@F{r*6+RAR-*C zON#%vU2&iQRe!8*i{UJo{QDFh1mKjvhL)G(k?gV1B&s~}^pIUTkrlvU0$3LDc_W^?rAfvU&0|BWdJVc*~ z-XGKpGF;ftGYz15$JWUxn#Yo?*JGSZZ|DM(!%g1OPYOao%o|XbLyfA?xCvfpX`G0% zUu?h*6V-;ZmPE5!z_8pDq!x7)dy+CNm%@*1h&LD9RLPfg^1|hEWe3_gGu5&N=4PUL zVurME&hhCq4c54(IxHPGIad@^pj;8q6YYK6iA#Mt%>|?Yty?tzh3Q8t#B<^u)bVZu zmQB}#(i+Va*WfbzJd}FIvdKP08f3J6sln8s5O$=m%5Bb*+t5m0_{nJI6QY*u24k!L->P?z>5TXEiiCIEyXwzm1V5qT~o8u(^zPwQt6awFUyLnQ#JVJ zqRGSb%eeju+k@hPjkKhp4gr$)3&$;D@bW!}ehi|D`nM20K~ zNUu9!`f!o^PT8pjp#mgI(QzS$SJbK_^zUifR1#3uW($~894;e*IXN-D|BA_p-N=a$ z3=FIyU)G*W2E)s!rU``8RUcf}%PA2D;ogGe1z zP2GT-Da!5W>L|trcy+x@5*VpbYf>cszv#et){Jv)22x*1KdVJD{<%O?V446)ihwwBa6Blhl>mHCtFQ#8K+ItTL!q* z^o}dUqXx!_ab*)hkmGrcXeZC>r47?v>u_SZZ?gC4eOY6FOm@Z5%n7M@(GP4w)B z8sdHDP~E_}rMOrR91z0DgE#YpXZkJo?UptO_<=mJ5bR+g)F^JuP3veK)?swG4yT^b zONo9^X62NLjSQz1lOlB0{dc34f(VIVBQhesLj_IPu>n|i#X)bQP8h<-c@jyNk^=SG z-LdkG;}J9*b0oo#2;EWakpM~=e}teaW02ypY@m1ue9M%kxXkNwdQhlZ41u-fJdAuC zc#S5`*Bl4d^i@E0!!2UO&|pJXo=6 z{IBk96DvVhL4}pj?vN0*64WZPv=Zb-+p-cOH0%ynLg;+8MJpkS1ky@~q*S|=5cT0k zS3(PTEoj}*N{H-2UJ2^nHop=AbzQX-qK{Q=)`EPbP%nm{)po9i(1~PY%YmcC)~<&z z71RqtL9Li8BK+khmxK~vD~fMqQ7AfzSQT=A8($Wl6rCe1irlL2>LciV+~uG$flF(_ z44`iH2~}x4?~waB^tOucd5|Kf%d}|6-%|USgF6Y=7vYr?Mm2JRI$A6;T(U$MWd5qE z!&QMmb87=G2D%0a@R-ZM6uydD0r>59m}-&}=u^a2ZEsharCTFM*8Squ1TCBejr(ye{{3Wa9 zYQr!`&5GWr`ovBwM3h@13!Qe~c#XuIKCmJZw*xaBDAZd!6ZcSWg?og2wd zjg22bD~iZCl~Ca(hh%mWe5M|up>1|p$`u}{7m~hAmi9=%z$$e)bSX!jZAxqP(7FzI zI?4rRTD+s!t86r>Fdd)UMpx&W?u)oXJTF2tov#Ef8(X;!p0E5swn_0Cz|df`)i>(% z;?Pi&bLi}5cTkYZRCSeQ#=4Ty#M6!QFj0WzE=WMM<43g5Nj!n2zI)*j56wPv`xAXS zB=kd;bI{hqqMfHl=Oa>pSZ~WwEzPy6nF^UkL0jjBc1{+Z4^;tTz3p0{`jOg3c0|+E zBjrqAp`nJa#M}BEYM+rj{eo#uhkUX~2@lqVEJ68WhgvYT2w4U%LKaaf1Hv zok)MkHVjYCtq7_)~ZrkCsj^^aM=;v4t8+VnS{$ zlL>vJUV8GUGCecek)9|{?m43VIH0@mwaggg^ONVp8D%?DeN+yW}j23E2$ z=bk^fcMuKZ{K4~waQH1dS-{6+F@!V}m5<5R9zBfcGe?vPqgG5*D$Kt4D$IGEsw8S1 zriDtNd-JL2-+XCjYyiomr(X^ymnt>%iQZ0S%j$ z`HTydk2r*A$#si`XYgc`#?)HjZKqPU6>U*-+ksjaOC^e@OC*3$NS$*@Lpnk~chpiQ!fWS@`-XK$xOh_K_u<#9@R&2}`hI0J4Z zd%aVu>n?RR^U0x5*xVCk)W(bsRH#_4r#K&m`HpWke`VHRc5Kfw zOn0lgB}YrNnp%sH^)M5*-Zc7RYi3PZ`=cYyrxoj~%HGQy`3&KWJfkQCE1ZyQxdjtM=ow@iS&c;@>Z=PX`v~W z;)d7RBR#E8th7g&=zEl}GkO7ojUT)+6qIwvdQc+J4^U3Vl7p2fWqG%))4!vXtT^gZ zYbC6WVimRn@FznKstsFLbgP=!@Ueg#4Ypg8$BLW8rTpPuakdWb<~WBPzQHyr>+~md zIN;9X-N5r57hMMVa^SJ4mpRodL;^N*O_Ju)QssHU{izwS_3aY12*kS(R~`{UqzJgJ zt!X22No*z7>f?xjHeZegh{^w=RDXOXBufr0E8)Y)GeOjs-TcAE@_=Xh{lIoss9Xb+ z;#DF$-C#g8FA%10I7V0sj<6=glIQ8O_samPH%1BFt*L@C?x zA+^E>nI}#lj|aWzkyce76PgjfyY1IK)5zOXj-9=_j`l5C^|6CjTb74~LR0ya@fRFh zsVoF0`N(^Ks62HX35XqM2t;WXYSrNp)hz#JU)y*2e|YN0lziXeBun*b3SC!4t;yz__mT zXyoac?Cq6Ef6h=Jr}InGA}>)SQjMw7k(yf%%#FCkdf%*Y7Pr zOlzeNae1i3R)`PBp!OZ;DV(_xs^2F;^KPR_g9sHIO|`gCl+ISl)foHi*h+=$NP*fb! ziEebr2azV_;M$-gPF3$>TRg2Xr|z+@Xa@?8%6>zPjE_w%M~pFkq%|FW89lK-Y*2*} zr*zx)h{v(rth0@wr6NQ&fRHl82@;|aoj>#h$8S(0dV=FO%kf}~jB1^)9#O3d-Km5W zC{DQ&lrE-N=^hAUxNZ7XX#d<|COMgmuoVpONGWN!(6-~2s@}FMVjB?8h9ep5Jg+*v zRmFNZSX-UyUJ$@C&O{EECW;Y4H&o(yDqqSCgYgC1LBSuTi6XzU8#oe)=KJagHOH_j zYe-qdw*WXdnC}47*5|7x1dsxG*IKY_^6N-nSQ&iD<*^~ zbsnm_5q`!k(g{tB7fZRRTtS^zC^Q!l?x)Q}H_#2E4Pz#B!ziIwn0^7rZVxwxDMlC& z3YbA<5kH)1ZOUOF`HTekL}}Sbc0{iIes9UD*9D;i57Y{PifA0=T5Yq9Nu%RoNvY}z zrMXgmawJ=tJ6I}B7de?UmEAv)8-?(2jrEQ*(zOLGrh$dMgfqSZ&OE}&U5<`*lP0ZN ztyPKhe4aksULP!($%xOOIzFCxNUP)E+3QwY!&H-ca|PKmf{hJP6Yh2Wkk1Kg!adNW z^s*O#h0{YR^_Y$L39uEV!ke9-$i@~cab=`P*Z|W9;S`0Ec;k<9esU`rHQ!dN=wno4 z4@k%o4p|kMoF33!lX(+HWe(U1N=i6oM_Nwnw#;hiEOzqk-RemphuD)kF`^A!6bVX6 zCr5bTe3MF<*)|xYn{&n$*#HW^(B{NPqN4Od=u=EIbUz~I#BfavN87$bC1}HLkhz19x9Il!iby#M4MQ|y0RTgAM6VsO`Xoy8iOsfQ+D&D<6YU zNakZ@v`Oc>Bfb`kI5MKwy^%(jzQ_Y(sAON6cajoDs5oK3p(@p@lRswK^+ty}$+CO0 zbAgb?HX>j36}9S^RSm^auj0pEMm0 zI+5Y(h*K<6c+gkWswuqdrviDSRy^WC34DkdtVmrX9z;2TB7>_^fZ~DVGJ3NUS4R}% ztIjjBsWtHqK*_XgrJ-kfVuKBp?4`gXmHQ5Whw9Txz!m3$&Y^Q9QYrY2Og;xV%mMjB zrCgySE^wWOZ@L@(NJ`xLfg z8$>}@l(YzAr2&omwYX%}F*;06wyXX?8^$~JV;g?aEF;OSO&9V|Y>rPI0F&bf3faSg*kH zP^w|yS~k(83Hn&tLX*7&)~Kb>_;~nKVZd)iSD{{P=CZ0LiiklcHL)W>-O&25W{eG< zk+xu@JN8C%M|GLJI3yLgp? z)`TRf3g8{zSga`v)HxNj2q-O4MQZZ9qC{OJ8^HCosM`xBns7BRQe)f}c|pksT(*RQ zS+81UU2%uI(fQ}*cMqAxEv5f9(LPug7wgM}LWLAMgp66P=jY&n(Mp5A(9?y4FKUic;i}v7;)U^sg1J|87h4MOR9YS|YjyaG z4QhHF)qO-@XX#O`LJk|uXfnsIfbprZJbw^vU2e5ip;n9-Z4n>_cgzsKZvvl&?U_E{ z0CL6xATTi1V?+)}_L|Fj^)lVHkRzuiH_*fx=u5=uHQ?f=D6qJxglm*vcnTT@nkc;t z5I*3^pin-gfypi8fe|&HO|C+-6NSmNT6_uT))pcJB@qzy7Nt@VVQUFWSY!*O@v-bk zDPK4|cc_>vB*YC*BDvf;D0-kgFN**ok1-0hG_=!jgiyGt1Ab~-4q=zbHoL?D@CTcd zhkUV=EtKXa@*~-axk7GwVtgc9%D0&b^*3}r!bjJbqgfM6o(KnF;@6_O-E*o2_g3C$ zY;&c>Tc>KME&^?HWlZt7rq}sDjR0=D8$)@EjJ{=5x6cF{TT7!chmr;~@vp$n&m-Q> zPRzC4Qfohvi(}&xxfsT94vUmiHPF9?IISAm0Y*a)1@pLqS5yS(7#Hrwfjm;(KX9*F z&|ORR!Yz2bl0(}rUM>>WaKUs&ojz=li;&4t+JX|7G0uP*lPsO~9(w}FN>wmJc;U;_ zp%4w5Vg`x}#|*Z)5_K8H%a~4>A&hnOJVa4vtC)csLwh7P%nWTVpTetSL)TEsMHaq~ zQZ(z6z-N?KQNqFzsoL@?tJ#KLRH@4gh(Z00?@`k3&>^<%WtMU(;8$TD1S?jxN{^`X zx`*PXJYTO?O;^+q$ES*=?8HQ_z>H;Aj!(~(4o~M)`-`+?YRUEN^faD}R4T1r4d`RR zkRl!fwWDPtbk(Rqco)=HjH6nM&ILftR{ax#38&(95g_@#1FqmsCo#EVO27|JH{atH zaYbAf?4YB#_$xt5WS;F%j@R@$6lUnZg2;yYpGs6SWvQmu)wS5**%=+@k(Ifo*F*Mb zaoQ*KddRxa@=(R8b+TC}03iz&nWY%CkQEZ!1ZsMnj6$?dv@rtEJ5f{=&UMW)WI4B{ z`~A}2z)G2cVTK+VqJq#8D2Zmxw0&SZhMBSqIoBhJ|EA4M158-93G{hq*+dKz@f~SD zmWkn&L&u4|Jr;G?EuF&%mybY|-zI;L%^@6i!x0hQ1|OVO zQZv$}qyq;L(G=}1>aJ;|Ap68MMPqgdZcq5JgJWR9HS0jT$})ySxg}k5!CWo+u4ONv zq971Zs7`@v)~kBiESal*M(f_mOKbLGj!og*qT?(9RH2-~#^Qi$9^;xF9a3?Z00(B% z6;;-4FmD3A;X5_mx5|38x&{o>H{F_Ln+8!494xoX4cCRsc+v5ETd$eGapA|F>4OGx zqJoWz2eXCT=-gC(G&eUs3QT+1avd8j|7Bt-OM%j&>6%#H0NXST979vDT4l?xt^u!Z zmaWPfuzUa;rZmoAhjc+WZY5p(b_BuJ3eH_`+^#s2rswGk#A4A-4I0T$PUnj`stV!4 zj^Snpa}$%1>XL4dA#@`-iuTME-2)4zZNkmKz)@7jd@4vM)9*4%4HAFIoqtguKvT(O zogua8D`?fXB89Mf#Knk&3_$2ILj3}|n?|o;;cOzpmZLmggdUc;L`{t^ zMBAu=jY;0{1hx^t@@*z3f>VnW<&8!(D}j-VzqZlKu32-Ikwz66n>??Vml}0+_6P@C z1Q%(oNLisue+wFw>tLW>30lM7Sl3vjU`1|Bx2jk;mYw<c|`M|1nz;a8aM06p06Tq!>{axgb?NmBzY zusl%6ADZUcih3~Qv7%G)CoFp@Ya1ho!-&Z!SR-@_uL#`glj{OfP4N-xU5FRmXjg<8 zJL?f_vde&ZH#|~NV8$L|XoWU63{)C~v}|!Gnk-X-Tde{*5X6=&uJmEFWC&VvzX~BT z!4C9G|O=Hv|88X!47uu2D*J@SEUZNDY%!u#9 z?MVMleXZ@sQX^tkb(YPxUrLSem%eM&CUws@-Al|h^>;!O(jT7rX?FBLTp!V`vaJAz zY$z?iCvAl9IJ&yUH*Yoq8Sr(ha5@-vq-TdGXj>A)hY=eg)_z zd)}lbVQkkx2}F^tf~h3v+MBqA6ITSm=>QoiLf|3J(Or=H6%^#-lEf}8t`+= zrWa@Cs$Q#C&0!UQi~?_>czBc_bd1vUpF1>`0$lDdiU6S7V zH43(hrmMVYEt`hasOl_u%2vVbX1F%ui7CS!o&rS4FxAb3;i4g_+i^n^@KU!X7(z`6 z?OBf&_IuQ@o@4{dgl3C>8J;8lEjKe>qh5DhUwBQPB^0WQFc}@tid}?@vkJsAs{uQZ z2Q|~zMK_yxxs)J@7Xsvn4q59tFURl z;g8!mc*n~mhZ2+eYJosZ_V%h;rH2MVUtgjdT&`QlO$ChZN6Dw)`5h#@s%h52p20-J z_N^+I0ou`W!>xh=4-7aUNd7#q0<<0Li@slYH0ZU!Si>g zapIb^UboWALuq{BlwLITs=s&?o40lk4r*Zbf&_9MLe2ybGs|8;$nlmDhULJ(06>V+ zRzri7S_x_oOs*5sHc>r=NU9XL7k-Vn^nsPLkVIPb2-wI-_IEW zC>1!S+t6SF`SK7l?jB5F?+AVr2)bziuK^`%rBSV}rBW%&2IIEngAvE}bqnRw!Jig= z2WPF|%cF!^r&1{`kzDu6u2uIvd?P93Wm*KD@6-v*+$tup0tUJ>4WMK+wK|&C>vhQ5 zS|VVvOmcSuaypRkAP0AdLvo0$f=u#-2|7}P8%$KJM_TGV@k4)N?Eh6~!Qmeazz33J1>+0${<$+({-qqFh zl!feMwyW#5>wn`H`l(%AU7&ohFxl1hqMcn`$Nx`P*U!7Ux{iOhtE(~C)%E?OU0uUB zc6I%3{ic7o^un&LuG8i(IWXGwYxuvv_|RKl)73R(jE`nZt6%%!eJj3k`D-8g<&Qpm z=+(pT_n!LF`#$$u2W}cZc=e(2`}W;<(J2Y>TtXI3Vj`-gk~kN(Ne zKKc67cRu^pk3Qx1?=8Ic%D=q#`A468-TB{nVEH?LG2M9R;RCn--bc=Q?$_Q`e5?P1 zhYnw|blV4?wesi9nO(p1ANc$4JX_PQeXjStb84Ubuiq=qxC8Gy{`wp5I?+7so?9v( zeoy(~u7_`Y`0F>`bz0@x&p)YheDc)4e$v22@BP*}r@sB7Q=fgx9jDA(`>GQ=Uv~Ow zOZOdq@~@uqvvTFr#S_n3+4uY3`}g0u_k%C~%+DVDmk%$WDF4gze(TezS7f?=>(kd2 z-*aU6L+{%0k@T(a(SP#K$6oNc&wTcN^Te^EXWja{gS9(<{q217v=9C1=Xbp1mS5j- z<`qxA@U&k&`<^#F{rax!zxk`bD_?)zb(cNwLl3<2KmX~Thw`KE9XaKa(d8@G-?o@c ze%U`(d4ZMr?5%G){-)zk{+mDeo4-Ht^%MVfPq}&4y~n?N;-=XN{pSZB_{i_S z=en=I{@<(K8*l&Xm(Did@Vzr`xcRS-@6gg0ANc$8KXF&(Pk#R4%JLt-{^rDU57frq z{@~MYeel`Nd)=dZZol(YOV72R{E<(Nzvs>$-th6-XD+(UNj?a2hC6-Yj2pi5rLWH2 z`0ZQnU#LH=^48)0_kL~S%X_{uW*)k@_O7p7_Km0C^jiDK%e?b$dBKHO^w(aQx#+j7 zBZ(`t|NOOg^^g8b>7Q|6^Z&n&0L9&A`N07C!d5 zuO=?McF(^(@MlMVv2(}lo+G{2-+9)JfAsOce8#0W?EKg#WL-%tMg zbx(ik<)_?y;_UD40dL+_|MQO>|ET%eT`xW71M9aBUiIej?|$r1@?*n4f5qSb$I!j+ zddrtTH@JGv?O%O+^HUGr`;u3E^4gwj-+14DUpjotRo}d9_WkZx|9J0%Cq|RcJ+=Ra z-@Nk5t6ul!H>dCHefILc+kg4?%E!;T{59UyOSjvNhkm1Q_Zgpi)5kvH?s)LTsPV6T zM_+DCEWB;u+TZ`oT|e9NjordU6K6BTfUUuhMfAU8YzjEl-&E=n3>rcI5{NhtCG0ymY??cbkKY8!9?=Rka z&Fp)>efBq=ddtrr%KY?#KYY=}U;DkQj8{Woqr*S{jrYCs-%daJqf@6&b8ovd`O(tx zH(u+!$o$1yUz$1RzwVhf&VbFH@~nrRHS_8Zo_X`p=Z#(e`K1OJ4V>WHwb^GF*rmy|siMKrPy|3JJ$FDy5(LK)H z)z=+-Y2m~f)Ycy-rejZ7x}w>e#(x!|KxRl`n7@E?s)Rh!+-MSumA6V9(eG^Cyl@Du1~)5 z{+~VP)K4xSt37q!x2m7G=Yhe>>i4g>`sh{bqhG5GKJ&)0+P}Q#Z5RFEy7%01=3H^* znEBHizCZS|=e_xJe|BE&-+whT_my{?cY5wQfApl+9en9`@1J|!@!vgu{gW>F^wi+9 zPra;o!H-u@zx7$Gzq$JHo4;In=QVe~_3dB&{?GsM@0^2Q{HGhf_r+`SAAQ%pmzw8a z_aC1f@Bi58ul$e1zI~V7yxUBC;PpE`@OvNbsXTn+o~OR=zfT-H`lB=F9`5o!^|{nT zhmPKJ-wXe2diJ)z`oas(TE9puyy^IkyStwC)6~tc|NM9U<+g9#@Qt%?yYqd&amx$7 z@UyGFF}3oMC*S|#JumsvZ9Q+d{^3OzzU|!~c=uB7_N$&e{Ozy2!h6@dip%*k-dMip z$W6^NpFa4l!EZe68%K{0zvkhe{P-Dv_mU44&b;6y=I8(7tl#_Ny~jWOi)*!4|F4^W znR)n0&pYkwAN#j^U;LN*e|W>!UvuJB54`x?pS|no^%uPJ9o6UExBAm}ylmHPPyO%e z&2M@42YWtU?f&Y0_kHJ-JO96dz28b+{k|h#Jbvu{YaV#>>EHO>%f9$uKl#`v{>n@?JO<`>Rbzc79G`9FTjkB?vQl{fr%V&%mzz3sL){Pmm8 zdBwN?;jXF4KmEj8ZaMO=)*Iit@0?G27gjDged;ZDT=J{uUcK~zoi9!N_?(qr|Lu3~ zo_X2uXI}J~>Es!w_TTWdsr%>NFwrx2@Yeh(ZykL8i=Xx9UH04mVAs1R&-vb~Mlx?X z{kEq*^B@29!=JnF)o=dkYb!TZZlC>0{x9yhWoh@{J?m#r`N9QXc*`e#qzz5{;WHXH zOnmSDAJ{wYeB+7Fo%-}wWp4S-H^21t?|GyB3Uw-rHzvv!3@4?kuM*iSyGcS3^b3gL5zZ+`IWR86I%vWV@z2|EWzv5m0>(kF& zncDlU+KDr+Ub^EsjSv0PZ(sN8rBD2F<{gQ*)F1&Te&^QF@4xv?A6d_P4}(v>>}@~1 z?@Nng$3O7V&sg7o;aO+iesATo2gm;L%)8E=`RV*k?zeX@edhZApS|afiy~Q?AfjtJ zBSst-5zq}}a1|4vARq`LV1n7**=2NhXPued1(9IRc;JZ&Bg@m7&#Tw`Q{*y`unfD1hrW6guTCTx|4m%RcKtR@;njnI6NRynZ!tO3e+AO}_hs zJkn+)D%V|F8&^8A>ACF=`HeXZZu<_Rxp&zhW51pmRof3e2`?T1 zpXrD0P`b1%ykAjrddKD7&*Dv4qxrY*2lrU(S8jB2es0e3}ec3i^w%mYhAOlq8CPH*eP4RKaEbb2tQ#u zV?1m0`mP^7ERnrztL}FeuNqN$>H5uRm+A9QR=;|?*1XxKIiglWdv2#N3BMY)dhNs1 zz?beB2U|;a-MshdR1x2wdt~x~pqndHs;ftZ5&4CIu1~sk#Eh%vd-RIx`su{=&xPxU z_&P|h*+TjX(ro?2y z-0p{mO?w$r_M~Npn!T0d#nbJg=J~J7$1huUd}8v_s)8S6UXk~C>cVD?4}ILb^`LRr z_e<2Pj!6?nRMoncEg_wOS-3UC{+!mfA+|lw%Dlquj+6m z$0~PeX=KSE)yXR@q{ZvpOuJnCH8^mc);( zpJeT5+~HmOEf0xv<}C)aEblPcwpG6b%Z(+S%6kvAtT}r2%_M&H#lT99uxfDWqtwmWLN4@r&-18f6Z^c+J9F>LcBHRyLQX!7N0CK9Iggcxn?a6 zTw9Ev$s9O-^Oi2`9G`(+?3{HQuE+moU9~p%Rm$v2qspbjv!@(CU$N)rWq*9Z`O}?Z z%RMAjw{i!k%$~g9y zN5iIFD7uz)OFlM!(}~c1&D;Bl6l!GU=0xL9sdrYSyb}-7q!#4exlj~$>S%ZNlBJRi zFLiKD`&oyxdv$lr3N#6MJ}#lz`|4}XpO>u{M&zv)kBi$jDIxXY*A;gn(wv@;OW6Kk zZNQP&OYfav9f`2rv&4CZ^`0d=tYfoR#LxXWXL~?tq`EqB^nr;jJx_nhyL$a=q~<7V z$8O@ov)P}K{MTFf6)&!If57hNYwRbsA%BTW&OViI{P@Pfw;`oZhP=BlW7gG`1=WMg zq+1L2w|w6w-)362iZ`%(`2*jpYH@iD5X|tNWbmm%BVI zyR~Y1Ky=2HoO##3HmhE2@@~ND4+l=Y&$E7%Kh%BW81dDh+%~bT@A%Cc?NmdQwovgt zXFTZMWy9tk0-&*UYUsW>&uA3Tv2?faZ}OT9DbKc3H^z6) z>tivjNrc~$!$%T*w-t1*v7GBHpz6U_5Xs9%cgjZL-7245-#&2M?V_-GMaP_XO*=7v z_{z-#jlXg-4vj#@<`yq;dOpACn9qig+%~Z-Uwro9JH3Z864Qq(Opkh%Sv0peKjsRL zAH6l)QdOSQGSal{-Rx&mGmcf1KTn7)|Kinu5E5pB`PEN>yG;RsMPOo4o1qMqBg7 zEcvb9vY7MB=CF=*5mob+T&{fmdh>5#U(B9t88l{2s$8<#gBUvC41ArvWV%V(*(}cC z-zE*^NfQIoi#wAY@!!^V>Rok{$lN2oc>ex;mx^aLN$pj=W4DT4jvZI_TXm;-Otrla ziQOh6whS29z1rwW%l79rrz*zwI(A(6Op!OxtZ>5ODUEkuics9XfArV<-tA&Lm~m31 zPi^0oOC^cM*B^xctje|Ny_5_sKWg1CIBTi{D2Nc)idUYkq!aPUe%9zhD1cGVMZHkYZ&g?Cufy z?hT@9?p2?58D2@rUxa?bb7PZ4WkD4!HD6Bzg}vO6S(8@Yx%XR-XYVbhmE2rk_^RSC zd@t1F&b{$sb2Cosq+dLb7n?ma3A^(!Kdg8AV*}I|QsZZgkH0lV-fNO)Y4E&G((HXo zarqkW&a+I?oR2)xue8fMSdiD-V&|C6s<7bh=%$aN(l*fBgK2Y;jvdL` zL9o0B8T-wQ$Ql!9G{J0U@zRfOrIFnQM-u(Y*KCSy&VODq>Rnk_Qi(YaiNe%=$#aXc ze5`_UQ#Y$WUB3Hf_K~LU&dP0zDyBXt8|!vc6lau53 zCO9{Bv$!HBWYv+0O~WP4-p8(4*uPCqWXhIQV`e*=g-d!@?n}lqEv0euox7TGP{Fk=j{;3b zu*OLs)f7>6@7Jp@?&?(zUunFrpj$T+Zh)_`-^%2J*{0@ZoXlRTuN6V-v5@i!-fJ#I zt=FW-O=(&glj~R$o_e^KdNZ2+Q72fnC!sV`FUi zo-H?$&oo6=oeVV3nc|t>c&`7}$@_OECoWr;lXLg}M&$go%((X3Y|J>QWxj8&v2mYq zt;TiB2}ntw{P}hJiu~cFo0E_U_wH4vw?%DP;aA&rm@x99^_fnC#;$AAzVd2R*vt6L zxc0Zv_G^q1hQF|0^wXW@Y3j6`EvFTs8z;2O*k~7?d@$E;X3d&o7S-E@)poCgn{!`o zpWez;)0h+DlkOp`?j6jh;J)rVw#mh2;rC~gvbXyR;^!Y8^^4YzFw6S*)n}V{|-5UDa$5?Ud~ll8lRBgzLFLmTweY%|8zy@M$2{? zJ>LlYPRDlK-6Z_J@$QYLnKkWhhoUasOe&g^AG&5_2u7#3&IwGJ5|o=-p7l^!`tzVL z&FTxjGEup!xB5nq=EKOv(>-YC~(=>g)}&9Fy^%>}M2-G`4M0P13}pdH0mibDqTsS$i zS$M2d@>5$)*|;I+IA)x4d#sXf8r|w)#T z&)Cm#+voGit{I=3X643r4a7QClr_t4y}?JMRG8m1Kd{Gm&U6ZGyC~mYu}2ZhpUSwK z-pzg%)Ad|`O-17&9;|^;Q!j2gRWY(>J2TF?jXixQG``q!vV2ZXk!&o5``x|sh9%vY z#v8bO)2t7faqXIV8~Zt)tBlQEXn*VRi2m0PwM#kU5a-s#yrS2|gmA88Um{g&WNzxh zJ+X}h?7X6v+eV+s6KZVRtm&7X)L!UW)ImcHOuLMp+aDYCxT$e}AKz!$&aGz@K|S|Q z+ciK_9oM8?M$)p=3`VQl9*Y|_JxjXo!fv;$?98}!+br_BL;ktvR~@`bck8kLs(zXd z_mc0$6sBLI3UraW%>1}!e_xx(g!!&rmihk@miU6gN!Y!kWhu70fO&r6+`nio5iS6EJ*lzMno zz@nlJ01I#K^&vOCx~Ry;>zy}5ja~BalE|MsFI929$xV03gUnTJxAog#GV^_LVE@9)+kHk+NIzbmTDd2CM44R055BgC2J5Sx7|z}U|*k6XZ5 zaxf=BvaxBz))l>mWt~VJ`4Q<6(Qab;sOc*bBpW+f51O03D7jCRuj{jAv&4(dWA8Sd z7+3XlkqtVu?}@`NmK`#S=+AGHZjvTWUa`pR5NVn9Q>jpJzKw6&W^k`$dx8RZEZ#V-@u5#0 ze=38}l&$SDdJ={4{eF75TR5XA?Uw~1qH5b<{+jS&Zd5K_(luvT%1`Ywdd4l>IcRIE z7anb{2smixc`0to+dh45wH#Z>j9K5=vzmv;!JAd#SH1eTy4Z|-l`=nTfO-yS{&CEh zB9oaPx5sq%H1=CLY~`3f_5-gx+P@?6`6^+xZJX&PY2y6ZzyE$|M8>iCPfVOB1l;m1 zb1SCpI{L9{f7K)#&AFbGERBuK#tWmyue?B zF##{ySI$dwn|l1$3j(fs277&WwWiDa9y6PUKR7V3P0p~CpmrHOR~2@*xjsbm;O9@* zr;aV};621Iw|T!`qKp^Jq41e+k|s_SEpDqYJ$dq?zp|4N6ACCAn$-0wtj;WK$_)jCOLUU6u2Ir=h;|lYk zrsMh^cUOz|{^r!wIxFp$Lr;v%%@0joxw&vaknN-;BY|S(>^9qxGHBV_yEoIicA&b` zCd+i1smb^RdFt}2+*E2xx%k_dcauwhAGECG!omllYTGsoKOE1UJ}B(iDrH{8JTQ6g z==x#goDw6;($`tJBTDxy+1t|3Q98Ngs$H(bpr1b%7ap|Q*|=Z+@QoA;Ncuhy%`Wj; zo@Azsskwf;<}@|oJ;J$hUDU(3KJSw7BuIlTU(&&=^GuU8@y#IE`$p#7Ci`1HZ<6(J zZbAHffA{LoNg~tn@!T`rh5K#WtTagzue`T7WbDh^97N2NV zcq-~S>-EQO&5Atxwhzp1>F0Q=m3eYY@|8pBzDa@n=X1f#jhd**Uvm18dPC@+q z>oZK!#3i>Ya#gvr2ep^1vfe$g;_B&-v8le#-}hO3!FYV`r$N?dF7CM8V^Ps|ACIRN z)17DSE!&=CV>*6-G$ZEmMLYA;6(J8dtt>iJeJ{$-BrS%08td5m?W{ZR!!}aP6;d!D zbwHANKUee8E2nnYsMoUj>FGlcT=F*V?kWu^=XsZT8~d$1u^06<_gmKcR-_A)=j$P#5XZwTD zZi}q~CireIb0mzT< ztNSR4TvnWoB=P9RV?RyYFf^qpQGWT*So^qs_WY<7{rbP#E~@SwjIqM6jvBgOo>P)O zEy=n~hSQ>l2PiatF4APp8sv6QvOBnR<#Az&2W5S`nQ_qGx7HloGu@#{|E?Jqk2bB^ zmE6Z-QU|}zH&1MzvN`8XzD8ac{#Bafo1mDQOt^4T&e?4qhJ)d8++j;l6WVKVV zZ^7kw^X^+m9qgq(2CSZtu@U7(vk8aFpweJ|)~PSQWsNK3t1n-jn)bGRl}pxQ6T)QK zm^+_uyF9vv@U5TPkwvuR$(3l8~>hjcG`d*GzTe8G{s zqWzq!P1wvan zg|l;`)@ynOTx+JR*zI}nbj<7Zr;nVzomrDsUiP%l#l|&VPP~jYQ!YCh*tl7|pu;e+ zxfv&=+tk8D^MoF-Mq_>!UcK~!wKN?^dUVgh&aKH0?vdFu*1U2A^tRXj2f3T97Dig+ zU@1d?O|sr|vhvxZkr(-m%U&%Pxj7B!zsV(R@oh8IaoeLq4mEL6L%W^-Tzu_qzgw!E zTTfMt-I!tG)ne?BLj(!xv^gv$a?}Vqs#V4%gQgstb>q z6?S7BNv}B*c8+V*{MNR@Atwjip1_+~yw+#spka}>#yRyf4-ejw+UM%f5*?`phuNY zF)ZnBEV;R@yhU>Q!0ShZW3`??q9f;R(Y%^OqjyspIa<8u_~JvKv^V=KJKt=~n6iu3 zk9V6681bHHymp`Er!F(bAK9N*5xFttndi8Nv73%H;`R7c93I%usGKNX*{-VQ`1YO*>^&`uWYdr*D)MY|5;$KuK0O`?6?VQ1R+1A62C{1!*4V7xKH> zW5>KRYnGkayA|6OyC7Rs6#o`vzUJYQsdHAuo4M~x-gHYa^;I$XFu9<5kk~OOw@s|E=XldK zo5$VD-@mO}vtWLn&AfO~^$mJ)anFxpnX@R`|Jl?+JFhd++iQm6*@lkacW%64$)OqO2b= z%X4kqyLiu8xJOG*i*t=GMa?_xGh_TF^T}V?%D{BL?ovr4=KESozO_)flWiyR-#vWw zP!;ucX!^wE$s&`qvm-h_wcBL%tm#D~vGeBsoL4acPF z^0*%NxMlo{6VE;Rdh_A{&le@f)|~0a^Lf?11&4oQ(yBHo7q4{Yq%4c_jeLb19QXQV z?sN7pkuNL9?;bVK?RvaOcQ*(y6#JW2lWzFU}u`QG;)RxDG$ox$?HXBHCEoThbrUZHs9 z{5i4lf=#PLC9P7<4PV^Ed%~~NhLkL-_|geFbHBv3bkXwk5+Qes=9jc*KR<0Aj(<2Y zb<@g$*A`+US9M#|dY2_xo!Gf#0Pa^_)5CGav!IBS@%Aq+Z!YfV;YKW2!EL;GXvY&r zCF;)ZHD5mr*7T3L7jKpMa^7L*7mw~wI5_or&BgL-xvfvdp2)aaG|=qEf-qk9>pQld z z_wBu`V2gc?QAXHCSf;ApJ^I>tw>b;?3>B5MO*uDWQifNrLBkHZ-{pL;DdlhTIJ#gx ztMLA|!~p@e6mL2I+6`%6;+4bN#*}qR&Ze2B?v?y26 zdd?D)lE9*Yj-#Gl8@r9&*2~yWY@({FE^jr}IHv97NcJ|9u$-D$yJ!44%^vN{e7WfQ z>ZuXcd$)zWSR^^T_D+|r4w@&L(k-aV=bH5usry7ftr)}#XSdz4p^(_x>FdxJ7f%#m zWxGy)wut$7!#T6xoI}Ik6?Y9)NAp!r+CH$&ICeb7B}4PDN8ifl&W}!ddS4>v`#YO) zQj7!_JcbFUHVq&8>E}?h3ZnXr&*#+Pym&G+>{#(n+n40G_ZYge;z_}(OXWv$kDvNl zt}5;AGqC@a&_f>Y>wc!E2kgAOGHSt;Wh1b2`#I+MCaghL>D^*yPxrQPN*s{U9}_amt{69ygG1Bc`@$*X08P9)fpNPjq z_zs?AL;e!?*ksGfS1s2yEAXgVzQ)=tVRlVl(^*Fcp0Zr%;}n$JX4{hdFKf(l2b#S6 zHFL<#Ypy0UDiT(R9+fN#t%%f2IX3+!;r_*<*^(7bo4ftIynXHjGme?$jODGh_VeFZ zRVG^6zV&DqXV1Pg#Mp0Rvf#q3zCTZGlvQndO|7rxlqqlz*6khu(Ey1c_l?6=X^`pwC)`8v7(?oXkU@9ag- zwVwB(X_SqLjmfYp2NoNxy)^B4(&eaUp{9P>#4#TZE1cb0H6g-3I#Xm{<6hahGx4hC z&25wZCjCp5ZMQ`(+x%>2+MO|D$r-)vl}m{U?(D66RcxnN2qcj-ixA0j3n-f;@M@nY+mklnq0(>c74Ft&i9&Z7=JG} z-93{1u6qlz+NG#j6ZWFv#(o>8ad@gnc-rcTX`f6pR-Z}mlZP!deXf}*Z{#{MuJFK( zSMu3%)1gTYm6P*+yKXX87}IiphlQ?D^ZSK3Y>tpOp4d41_ST}U@~VUVeqLN8gW78n zUgTTsIFUW$LfrOD^PcRl0mgnCjk!G4rOOdt;w7K3&d(1lokDzx>s9_NVy8GS%qcNp zr}38y>0h0~pT@gaMR`3;ocOqvZOZI@8?QTAPg6Jzm_NDA?et5j7Q0QxJ*kNFk1s!e z@BX@dQ9q$UtZ;UVU0LJ$@7?z%=Sa5#o2r@Zw&+H&FC{sYZ8DZcBD z6uNY~{I2J`&n+_MmhbA5`gNPhxE536SHHcr{m}5cqEs#5eGSOq_gr7H_^XxO_W7)nVv*wm}j(1<+@3?^X;_MS?HpkiTOX?l? zWZW6cCH@Cm42mrK(&FTRTKk@g_S+}{|bI*?#n{m7rlxD3n*+IUy ztbB8PSFwts5}z_9da7Ta-cs<3hlK01@Yama{E6nnCdJ=;xWq(b{A9*g*}Cm7j~1A= zNg2N($vV~eMZDje@QQV(QZ?}5rtUwTJ#D${@H$rZ_zM1r^k!}SUUqtV)%X%SVqKDT zYL5j8H`h#BaYN0Scf{1))P3f;#IF7wLZ=N(icArdnC7Uqu1hcQ-s5HL*K>y8W8CXf zn`uYRl)kf#c42K%|5SB(@>g%`M~_2`;_q-q^_~B`s z^2?HTJge-y+4Jwo@e)s?0{YI-VT}9s~jHKM|CQAmTMB#c;)RW145&mDxv(P+iKc3RlBX( z)#>TY(aqSGMi~2fec5{C*!E3j&&oSoSZi{#g}P04Ms_RK*r2=nC%ROwJK5s#+e07T zJ>CZo%DX-Htdnijyt70Zr~Q+I)_J1U(aPr8r(c<09hdidp-HvrG2%drPZGa_eRn=w z+i^_7tec_p&aT~}B6=dE>pO zET6yWXui*Q?6#eo4q1GX%vm+9pK{IcBG*ZpLYS+j_xpk2JS7oJ)(g z+=$>lY~}huxo}2q2O}b>NHg`tP;SzVH?1FZ%xGGW@nDii<;Ihy?up8)IcM@dO~@)d zbMxk2!J5(6LQl7!^45l(<7MpUHNEfa`=`%YW{s6TSyDL8?QWN;nA6>puRNOHZ9CO1 zqiCy#Wc8WE%Toi4?`$>8?4K=4XzsK2mCJB$|3yKoW=;7xX~|aypAUkQH}CB*y;*wn z(8Om;7Kh0mbWdA)wV-;K*B(D(Kd)cI3v!&-UcTLq%Xc18HJ>E#(7 z-F6vu&2uPBpT8n(@)?INgtY6_=G7^`IXMbe%5v`A5Dbd&`uFGMwJ{~4+<2}LSyjz3 z*?ih^&RqW~&jy8IeXAg^*O}(fo|9&|gKgg~IJ>LU;KUuira`%>L*YSf;(lT~K6|#< z8Ex`$RxdW2?RdOh1_iCxa+9>VbLXCI6q4Jfb?eqEqFCW$Uzi~D)GO{MU!$~nrA_DptA|pq8hrV0~2d<<2 zDEqzwCl`UEOCNiCfxZ2hrw7;9svyV2s3f+21qTPZ!blbSg^`hwk+1g%uU$i;rvI-u zv;6z})4w0s|Ao`%R>=_sN$_NtXwsi;;}7#;NtB1@BXiU;wPq$Sx|_; zc`aN>0m~5qq{IkPiX+5i8Q4>-#0ZpP1p(MXO$hi5oA87vset7uPlU<&%-<{sQqw21 z3820_C!RA)j7kxL6hK5Y?C9bua22_V+z_G2O=2%{a)DjNlD-aZ?rwcWVmFbC1LElD zDsggvoyAU$_K3ZUlhDc4(O%@@?B?p|?uPUgy0di0SPLMwqrIa&*S;^;-jPyG&W-{X z7oMAodtVo~KK3pGCwn&Qe@)>3=f6KI|37@_lfmzgr2a2{KOp}EB2wWf8OxQUBr2uvBl%Nm z;1A^A!O6wB-uW*s|DONykNm8xputL56pcXss0dLI2*jML3OVxZSyoosLsK*w4G#td zc^EF`%jm)c-{05Mdqjvg*O6z>BV$MwRV73ejmTlG&Y&;wMhPflaDYEJb)H3l0;9D$ zMeP8p1*#DomdPMJn?Zz1E{E}07W1zF3SoHBun?-CkHwH;5t0bj)W*8*r1)r#k6Z*aW~0j?xKAPE|S=x!l{WlB^*UxEjra*Ak}1X4&*MGUwT zj6OW(-wCFH-w)`2a3USSmBF|a`Frd?=X&;^v!lzu`v0H!84R=lto7*Q0~swvnf?et z>U5SIkpp{=?K%wA9xg9Zsss?*nK>LEm7@(5cd)Np-ko}!NMFCrl#h{9D#DdH8$3oH zLlu+$yMp^$e?Kn&azu=(f_G)$lbgef2-hC~zuDnw-{84J!_#}p7j!U{2riwUj> zlPhH?tPmkQRx~C@^zLbmM#D33JY%?&&q75M*4h$=o@|-1p+;~cblr;&7)nK?71k?;1>G}s2SJ!zK7oxvuk1j_s1&a%bWGaG0aByu2 z?Y{uf5IKy>1bU|iF~|U87Q{I3hcG^OeR)KTqoP4#grLC5Dd|@5B)G0Ztq-hv5dhts zz||2-ijvVPp`nLg`!APvH*pQ>*NGnduX+C8pZ@ok^gnG8{_q6wef{t3YVT}cNB=w9 zJN>Kw|B;`S6*NqS31J!J1;mzdpDJM-mLnvB6D%t$C`g9D1j3=cyks;?(vDwnR|BR- za2yrWm;2YP%z;paNTw2_3Mph5Y2+|hN2_r9JaZL6*O$_$(05>1SwWu6E#u_;7yQ9CJRACI6_h#V$o2*l{Y%B7C>?FEGr1A4MG6PW3_*e zfaQq3gaJqacnd*XgTj7DEd5niiy$!^mLi@qm>?*yAqLMNrogCegNc*rAfrF2GB_g9 z&sLNMrnN0l#JEls8^|gNO9?*JX8?+}@wHuJ>Y`YkERXtNSP(?QQtgb-6(d3vR&X8c zxwr!h`0+!SYu;f!ae^=zDvD(>Zhmk<0C3*h43=r&Si%NEB~1TFSPG#8WFvz~gdlA= z;ND_z7d=(nS26-4gK&gE6r>FePDcd+pFc?@L~sQ{A_Nb`_+m^%@KpqYbEPU&jPOAN z1m8-DBV46QCPNicF8vNbqBuZ@ssJ)HDB9XE6`sZ-%>BW$G6(v4^ zm^*o_tRP1q~B? zD+)XpQ*eba5zW=XWkGZs0tnp6P6sGSoNAH8K#UIsBcsz}1_q);C6iG@1d)hbNiip6 z3v`~=C<9}NBS1TXv9zNE%?kV($iNfSX%Sqf@MEpfz_hPx0c3$lAxaupf`)34`mDxe zDmfB_;Bu5;;%}bOutG{}T1=xra5}n)KuSu#5F}Ftl4B|b3GN4=5Dr!;1{0wKf(s-B zxE7UazCLgk1Tl#mT1qo|QtL@*Na-}JcJyq(XdNMK3o{|Z@2Q&qy0ZCisvAZGYpWa@ zKW$5YLEZdyh4c5T99@s=shvMkJWMRyki+%Ce@{$7A~B4H9)XdF0CY|ijcF8Go~G7U zkOY&7DKmk9#F&E7R5T0*1P|A8Hw}!^OA3qx5QK;f)6^Fu-XDMni$)ZX?j6-O!&_iL zwbl*9hE*iSrVON7eFXZ2r0?($MQboHY&2lQ9+4PC)fZFZE=LuJm@=X8UQ$XvIgpB= zl#K|J%VC9>5I|9=7~-m;1mNFc&{RmIA|bAr4Y47v#4(BnPa{O(i!hkVVkxK+l?*KB z1C@v(BpQ{FOd>)wOhAN4M6b}rv6SSB02Zj2fNUv3+H0>rfn_pGgNW^zSuO%oL2@`2 z(!jKap{+lZ_%pQj(4woL`YA*e^pry(LpP$t#PtT7QBWR0KY_6(qUEDOqdZZx923_r zp`A19fMFDxPAx+AK*fgwkPs{*5nMsd6@(}n5vybf&Vdk~ln1dX18@?XSI><5rqsb= zN)=MNkIVQ23YUw5h z%7S1)5HpboAP0MU%6>GUC3vI97+0er1R5+7QB%@?jd6fo?9cW09_{Tr3K#Qu?(I`laNPxnJg_s)Q(34B83S=}!Fw1l>n?%EEq!vvKJ&iP1 z2afU=oe6lZ&lrfmTSlFjwpNo$aD-3n}Oo4)I!Hld@A~<-Y>@ie^ND+dveN{|{ss8@WeI;nM z$0ef?E{m1QQTU=cb|xf<$03CFfL2pb3Q<#W4j4pQvFRrF1IGiW+e(l0#8h z0~#HI^+AY#h~>XWQEkAf9z}uOD@O6Z0Z9sn+8EH6TsPoH1DD8BC=AxF$0!?IEN1*3 z4GjYDoesrt-F?0E=#x0?tx$sp{eFv~fr0c3h_)025L*c2Y??^=I=a80vEuLjQ%09I;O6EyoV$WcfUwV{oMal$iz@lP;|O|26LCB;Gr#-+sHM0CS}_XVvD#-&7U zTwq9~B1lXQrelNbZp4r|NE}uWun2sXVbXsL-7r`NE;Fvft6Bq-o|z0f!wl8irwGrhL4E$&+`eAGGpu5K*0W~ zOFd7+{?{WPi0q0HaeX=tCbR~RP(?!2{0|C7>aT|eE5W+8{(vOC8>R&Hk|(Z1kiWuF zR$%4JWu_Q{OJZCh!j)mL7!h+NI40+U2Dum+jo@4|8diX5h`CPJ01$;yT~c~8#G*)A zpAls!2%MAP z=!QvWsI?~LI@7OiSpoQ3Yxo6Si0yunhPqhtdtsfi` zYX!&Px^WP)z{L9PK(rH-(n?Ys79sSF)qlz{LJ^Bn%LHGE(f{FFX`!N+f{RJG)CZa; z4L%H`+6zK(6caPImkS^#+8^leH8`lA!eGh7u(Dy-2QCvpHa5WBh^rBtc~D|Fsr?g2 zBxsDbkV>L|pp=@|2<-!^5Z8LpIZXrrIE;&;BVm%nbw@vLtq)K5Ft1nYSfl9M1lChpsS8an92lKfsho#pbDw> z9p8$A$ffY15Y|UqwHOK*?1Sh%dJwFLrB)9p!{!EQc#L~p4#xtmzc|Yx@(p4* zhQbxnBTMI={XzeKz?Uu(Aq2rSa2z$@Qy0lFm6*%yqr|DTDx!g9GQJg#5G0O@NG=0L zg5jV~+AeAR$qjcc1oR;oR!9*h=FSECAi@7A(}Rf-!#D}i%MUs@A%oS3En!C~JL(^5 z(!f+Con*~03#NdGXgQN<4Rqd+SctJ7nNTZ$rSpM{>DY`CBM4L|i-mycX%K*7YD%q9;;hh z^Fa-Q@9f}e2T;`lG(h>=K=p+T|71Wqxw<&paVTK4Oo>3!f)M!FAVh(wq|p#6sWYF^ zfpnP+k%1|cTAM{9uo|VO6qYVxB+yG(ls=5a=yjS>B(6fhUm&6m!H@#cK%`tL(T2LH zZ#W{y)J%8*L<;o7tCQ`z0Tg{shQ5s`5W#}n+}t4jcu^K7m|#8i+h9R;U?yNn?bcyb zA;oY+Oi?4MeiTmEDU^Vsz)TRO#SAn`N5pC)*^m<_h|V*h78*3UASMS2qLZMktRP>B z*1^rGl`utne)}7~8o-oi!mDg9yP+yK@gc1 zBsVQ5p1N!TZ4!YFq7ac_IHF}@U=0fqNQkKvVl8_i%$$r85Yn*b=0F6-0dqFvALHm! z6o3IsCk#@=;RQ1}HW&`^K!Ukm&uYD?pc~p*mTF!Jlk{%+I#>c(q;LVA77&gA(E-}) zB1R<=1lOg1)lJ1CbRr4B1i@rrWm!Ppi5rS14O@Yqv48}luPAK@S&8afzKma`v*UE%t(X+Ea zn|UHeI1nt6PzpAd1Cf{vp>1G-LobMM6vI(6Rzy)A(t3etCksYN1A$7x5dTS=tCqdZ zr@??oH)U<|t*HMJhzzjYe;2a0uUuFm=E4dR;KDAj%lLp#Qd)^?G3G(ZS=;UP!{3lW*t=&o;uD>1RZVF@KB z9$dc=gN?z=Wy8dTy>&i$gKR(TC!jcW+K_SX`x;L81jDWRSc4ej>bxP^Z`x!%NT?!W zg;Zx|B5oO6tGY`4rSp`X5t( zT0QEUf*`{axp1;}JIs+NoTvouXP#Ez+<5Kr4Pz zThYSs-_d-Au>Mti|Doao8tFgKd)nMz;7%biW=U4dTMCAYNpd3Uu84KpQEIR38d_Fs zLq~{iyS{FtKApY>HsQ1WRN}e_lPgsqdz*2%fn3g7#{twn3_!cL-_gZ2fH~b!siGe3 z<#d{aSX|4iNn&)=4y=TgGAtGm>rWe?+M*;1Q`8k{7UNcA*oHBCXxeJCB&k)^2*YA} zz&t2WA&Z5471Xi}90MnjpwucIqW#@W%Ax|()c3V8E^pmJj)5)5#E1-ZN2!#>^5}eT z#yJ40aDX3`5-);|^MKrR45!wBG&CkS3lyF~jvmuhW^JYyQ@mCHfIxr0N)Yf6Q4FH9 z-Y^A&1;rs8!?FN21x^WUM+G9H2Sb8ma^Qld$wY&(t&1!qMyRE=HX#ou?exxOnGDl- z$I#wgEo%ZOs02b{C>BRSB0tz{Kxn4|3VGmFQb-M4Dsk})$r!o>VIar@lMsv}x}6J# z18hU+cQWW#$DoQFCPmR&uO_vc#Zj1cEMN+R0Sl-N_8VfDm>vcWa5>-z%p9@jHH2}L z4N;MF>=2bB1P9U}Oxijq!-VeW0YfRCBr&EJ43TL>bjX4ok<77qAhkn7`#Q8K@QeqX z!bnFmuxo+(n`)FmY5_Cck@+1OK}0lgeZn#VAgmoB83;lkVxGZ7;9YAH`1V-pbTyzj zGd1gVG>(CsGaMuqh-;Pgj!{z5sNFV1SKvZ%laN>esK~A3jQ|rHymer)bQu3RbX@)(Z0ME6DF2Z9VO5ghJ?+#$6=IZqgPHuG ztif!p-GEHTUTp}v6;v4w5@`|O5)>f>gu`@=XqeVYw5;0z=Nnxv1VHcvRSCUA7Br|$ z)}v}Ni2y)$b-{fA62VDSLZ1Q3f@(c#Ge&98008N!{|s^~7(kYFE!Ob?{CW|1Q#j*19M9bq`NcDAx& zG4C4QMPhKs5^Y}^1k4+Xiq~EYF~=w=aj@P%R6rjQA{?fw*--3e(_j%Mk)W@GyBl4g ze(aUOBLGvNjDBwbeaIkeU28q2-Khdpu>g|OQ1nYF5DQjQ)`F8gv)>V-@g7C11xiUU z6QC!Z_!*?@L9mLRTZM==Lh&ER8R%+16lnNnN~s9L5scvLDb3YRTvl}Ms&=U9%?@A$ zS%xD+_3O_Q+JMY9x=pI1fN?-sOcPZEsqHHP;VKzrDJbcV!D3iR(xOIUbdnZGqtWdL z4S**h5J53EWy)X*g2Z8zF?awdtzF9Gei~%DX&Ferx0EU`&^}RfJS;;fHuOC%3x_61K)!k7pLEn&2C@|H5=kV@$pfoo!68kT1^49j4tJ9mh z?cVl0_c~`xxVzWeH(lqb2I$}2({*=GdjUmhm}SJ|(=%f6ebuJHF%?265SebIBDEuB zMS)aExe7$16)~)a`h()m7&}HlBeaMtFOU zvay3k)v0WNNF;$yF{ow-dHaWWL-vsO2rmi)>T9GhmP80>XmDV_H-JE3pBWDJo&($! z7)h~?t&LXD?QJ-a?!ke2&=S|ij;*7Gyf(cId|?J}sGo`e{x-J%;33}r>^dK7DId0> z>8Zt+U8@0oAHUViu)(3jyuaT}2s))+GZYB`T(;Ky`pzaAuup}VdKd$%Ax&Xr1rZ4H zry18Es?OE#(rM8D3Dw#s!@SbEB!h-UdWQ!E29NR%j`Z>k89c<_JJQR0=-^QQQIP@O zqk?@sL$qYl?&hH^Gd8OZRIpBE5)B&Ip#5J^G4;1-L*Lod-hdHOcW?H80jIyXG^Q=X zzr3P{pn7ZT`penxENB~E(l)%P{noPf8w*w!SVWB}mlE_CLHc{Jz&AQ@TJQb$8Q^>4 z`p08io0tIr0dQsuLXhVHTJ&!Eu% z5+UrrRX|G!c^x{i8v6TNLZkE5{D{~z#N7s>r1$%HAta2-h(A_Wj4App5fEaS41pEj zP+3e!#-QPEsw+JmI0m}X@F1FRp@1q#L|Rv+=}@3EWpprpNLxmuVlkqqFTcR}VKYml zI?Swu$!MxQg8}1fY4<0_yWS3r|75E9D`WR9n$#Ura6q3vrK&cNx{CR~a`@yQ%`aM) z?>|g1y+ZkBT<8awzIKmT)c@oE<`vjqvj4RnEP_8GaFlllkBlL|*T(nle+PRPr@HsQ zxj4H0d;jM@^6TB3Io%r)f-N&30Y?)}UxSG-_dTKnBt)1qyy?uX-o05Y!*dZ}g+31k z5kqPert_A*7382kG64?yh)YO<$z+&@YQ$>_8fp*t!jf3Lj{{&9J z-Sy`YW0It5e<7wvj%{ZL*}rk4Hwo}9oV3R&&=`G>JpZ2v^IdvSL||A} z7jf1_25?nf;n(I>)4kSqjVkwpqQ&G8a=Ex1;&Mqc7UH7R6GG{E(!*v1qDF9=AEOYL z4$ghEY4BA`Brc**d$5Cs=|`sCV6h=XDb-3`t*kw*Lb0QzxZyIjvM=oz-NWV5vFjg> zj?`zY6}>4Mfn3W5T!f+mO-IUrVc?BBBV}!GD>K@`}LBA>7?MlGKAUX;*xIu=*g86D(?-B~6!G!3 z6yAtHFYid-pgL*}Y|Z&W8Lq9oP!f?7W9`TD2ofe$1P>OAamr=^@0f>pwp~3Gf&zm_ z)j{H~G*2iI5nw&go^~@qJX^Pm_XkJbPHSzTl7^>ctx~3n+d)u#yn$k3H>{Z$Mlh84 zo(%aRE*FrZr;Zl?kEERDG4Q<>qZyug@?B=r9e*o_V<8frgg`JPK{SvYRj9OAyVpBJ z#WzTs{H?v4hNoM|g@GJ&kWUJ@3`n*BvZ*ywt3^M^L7E@r37cAi6XG2_+SjuI+4KuAx2^#t)LmE8}d+QKZd;>7+oIqA7(V!@mlfwVebB`%&jMp zmcM^sx$^&??{&GOf1qKtOhI*yE5UFLjEjGaGYGYa|AXA|#}pO(0MUE>BMjl-=*F|> z+4CI!9}V)4n=o~jf(;N!4a-n5Od>QkR84NZ;`A;oo(9Ghs6tBcaQc*lQLt3cO|((0 ztJ_mc{LwUg6jONPIEE9Dz@r{uwXO`oQ`e=6ZWswRWGhBRB*Z3|HD!aNZoq4HR0|-J zg$?zz`*z0=fEiDvl;W@$(KpCL#x6RqEzkhi>JbKN%fr4-vfCxYpPsB+2<$L zsa&ItxBvt~k_Ps$v&2U#BheMQMS&l>7TVo{pLE)Xpogg5h#M0;Pc8P=t6Ch`T=gNd zZT%5qhmI(*5%xTpiJA4%q{Oi~7}nK03`wZ8mk{#ZBi4F3W?~Me2W0Fg>C9hInZg2~|3|DgON}QjZMQkwZkwPwNj+7CNK$+Wc8q zpHH=OH0T909s^XD!>!+ih|Knur5i~s=OhSyslCLW=QGczKnzi~Z0T4o)jl%E&KxG0 z)FwskBv=C{(`(}Iv#BSjsQ!<)o#u9!`VpJq(GlDd9~)fU1?|dm3oK zM0<6WM4P$1b=?_~0C(z%^F*qr|99aI;&`CVtJh!}e671EM5T|5!)$%Zj8|L?`mXIh)=UJSoctp!Ceq z8ug8Yv|^nm1oNi;YL?gjH$^q{_qa}g$Jv77-#935p^N|fr`F|xWzoOQ5%KTG(uM+Q?>vyDtOX8KS`k z;tbso@MVLLwo}iM3FU#k(oqBG+F@gAHETVGGwpi+G63gaj5u}24v@ZP;tu|Erkx6v zn-pZTbCuP3JZA=LQwfTr`@o!!&190|zhZNcBzd;}&bvUNWwq0j3lrBcx{o+vc_&Gt zn%}CqhRq)C)OsbBYbM)KYeXhMin0WittI`_P#NTGPzu#K^>Xe-jgc=^KY_jqPQzya0A9V)a3=nMi_G1+%6swIG&_s*9mH zuVN9N^We+HbYa1J!?nI{FU4)m{YYNevGP+ zA9qoDgGzHTlLm0f-Ng^)>?NjLSvqW`frlgnm4<9qm^)mp-}e%w7Z|E`bdD0jl?^-c zA6;}s7+UXzRzy^9J}*xcEnY9#7ONcelmH(~?J`SqWY?-pSiRVAw-k@rKQNT5JA99m1RM9X3RDnI<$v)%ErKQgLe8`g+b;FPVTf`kqO`I*-biU(70Q z3;k2}qw{_)LZQiwo%xiRpVf0dX%^J0K%1gwLk(xOi@E@1YJ*r1UujNW4HG%LbS|j+ zXtBt2sygOG8feu{tV>|D=qPj`v-2In@h1{O)eynBbN&sa5jwB_sAmY+hgWfkfQIhr z7*TSBFc2w9rr&jIO2IuQRjS8f$-aJ-)}UWwV^C9cH6$~6EHt7D791S&N)%~-yv0YA zTXF7ql5G?Nym(s`hc+MM=~LD-_8$xTxhy*s98UWy&AIb1L$vM78j=q-(5+tXxg0xI zm^YQT9{EBnSB6116MSp}W(AMX5dni7naSeu+|^NIV%p$WGJO9UThFfot#`tb zn3H?NRQ;>r6|f|x;zg2h8PP#`>&1pafZxxkF+wfo1vx1%Tfx+8H6yu=*yuNOd#kGC z6i*hdc2F@Tnq=zOQdN?X|MD9aTuQ`^MycA;9DhcmD0mk60}R+os;wvLrIl3Kth>L~ zf34RueZ>p4YCAb<)Y8#tswq{Xniq$0IJe@4OOaL7LKb7o;jJ8di{fy>@tWu?L~)r$ zc~Ml~8OaY%mX*gQF(XPQ42iPfe}o{-wW7Vma{$~rT0@bCllU_l1r8?7 zfHi{&k*|{eOn?1V%3x}sU$6)HIpTM@LUyu~ zrek9-q24=z%rFV1$=!SLxVPdK1BVy4cte8;3j^b2J&R3I@OMUCRR7hj8$}yNn4qX^ zTKn{?`>A*Q@vx6R^^T7YdKX6@PP@Ola22Sl+`^1kpeE%bsZy5|#-iV1N=jB~eNnm8|C4dJKFWs3g z&iZFYkQ8+OuD5U8Na)uAV~Y>~EY^a__PD36{gN?W{2{i~hs^B7bvBSu4zO4NG0hB( zx`_EU@n!z}K17wcVg6OgWRxZ7m7YeBnKugkuim{7lf-=bCw0g29VNWFO-;!j=`mY( zR^sWDE>nGzY%jY><~TW(Zj}mC*|JO0^2KoJdiDsdB`#MLONXOu{h z3h6f5g^N@yqBw8;omX)-OONzQW&5i%T2MNb57^8excH!rM1%J??)}~(liW*Ab9IY=`-jqg&4?qw;Q$b4TA!fCD^ zFWb1G$3yG+z$q1(M3+{8+U)Gw;ed-jC-mkP^I^ky*JM#aenRY(=pUeMub~+jU-`RcU{}1t0;Q!LIwL#p#pFv`#hBT802J)3p zHuxWo_^&zs^Dkq2NZ8V+c7=S8gL^&JnXU@o)oxI>50p-=oKn~whSbIW>>%1#6dU(& zFxfyq$i(O|AOHFl(tybC=&!$Ej(*VHlR$mAMZ?`~;#!9NWdTQ@zoAv3(Z3ej=o-nL zEzI)iFt^LkIc2(UjU!5O?xmFL7Ef}_nLwJ8p)$ua!Sr8b0o=8!Iu(Wt)x z5wG;QBmYmvw=UQL=H35pZM9SUe{Xy1IsfZ}JSk?GoAyr7wq*N>EOv>Vp@{7lM>Pit zZ`u9hyAlmG$M=}sH+UFA2CM33x3r3EZCCcEQgX?5UZ9@iup30(Aq!pG$T`auM>g1V z{GxdF3_rw#qff&!)+4Q#jF21~;Z}&jQI6yQmK76>CY~pyD<2#dD}dgD7DZ z*YG7>jG{DKG5A?2zjD)&2BNc>>?S38EQ_>d2&=Q5^;VNxCuH=mFn&L_5bay&Cc`w{}4}#mlAyS)d2lYioHF;EF@TVhW9o)q66K&w&z-^d&{Hn)*m>`>(Bt_{O7P)YBHA1pXiD8K z>eS-h?MoN!?(A&s)DRkRXm3@``2^b^TxTW*2G!r_^IVzh2R!rmf2XsT;{Q9_yF1VP{~?|f z_b}X;V=4ZeIV8c`p_KL}mPuBk6o1bWeiddY*-{qZIdz{t$|UoTO@kGAWjEE6>&U$u9rLJuBe%v<{Ye{*v;E&sQl z^*;~uROSEg~=v4N+jXc70NB%E$jlBE_FpvN5ZKwJF?q>Vh z{_8=WuO(rNlW9t9{=EVuqQH}^W3^}qML z{vYI7;{H#~`H7nI149}>UeGCFVGvhNysiRJ zK|2Yka?DaA!_e$iLB1j<>1we`Gv#L$(W;-j?*DPn`vzF`=Ba|p_y4WE&CYJd{&Vly z|KmZPYDeoTo*qT{4-9kAzADnsRTkAN+T{bC)mO0jW^7TQWmORs`S_nU*HNA2yA7B_{4^yPFN-@jYcA7&K>R6np@H{4w#XUrDL5N2*EV4(E0*9j z6&sw37iEC6FIjR@KMnMoED(D#X@hhVsB~+p%p&0Asq#!{%faq0uDY+5}T%z74Q|SzmQF6pztjUzwk@8dDqR2y_31EtS zJqc*@GC-`Ogb$$HvLGrJ)NP3U%<$F&j##{>736A7Y;jRDg0V{fp9FQ6<$IOIlb0L% z$;hnA1}<63FpbO6k;Ih@hsF86lSrqEO}a-mP-{rt7N4ZvHmonHH@6vI)WRfrnZ=r_ zL;gT(C}4d^t%lZ0(3)l=k$(E=%}d4ESGvbu017W#LOtyLhHoHuY7u)p>2U#BxGq zx9d$uST9-<71P%*y9rx)Dy2A#)BV6EOhNUx<$V}%34L}3--rcEuhBv++|yN zNoHDJ>FTVy@=8CXHr<7H%c8~8I7fSXd#GiT>lU9(7X&G12hQopLy$IECSZA0m|9tW zf5dH|0!b|neAyEFs6Z0CDj<|;VR{6l2LBcrL~%bXBnHD3<)9`8#Ooc>3b%<_IPfdopKN7Zol9_TRN*o*sixMWc$QD=J$y}CGXmc+aPWfUm@{w0}1W2fz zOB@XHzzR7z{6cv^-Er&^vcBS_8vj`BI?Z@IEV)QC@IB!bni+G|Gr;_#!NSwJ;@Q08 zBz^;PcL$F8-^Z7Sr@eQ_hnE+}{rRHYjPN?DyR4pj@T;~XS2!vf&|Mt&FVD^oe>yzB z>>r+gIy}GJKRWyQ@O)`tJ)ew--zWYx@%O1W5$CV!@}~f2|M2{xggECYdn#-Ss-J%z z{(Jdu@^wl%Q;|wST@eMnB_Zn-prE>z!OS#W5!mzNC80e(UJTUC>r?Z+62gJd%JnN$5ip?pVZqO?a75`C^(LS}pXyQy#S)~{q( zE6KbZea_9fT!EHSsgp}4F7M)vxg!nm0ux#=@>Guh`g(<&`dREGbK6JXvuW>R-wM-2 zXaUqMi?JmSOmj&79&c0QNY`By_#s(_d&GC9pA5#BS1Z?aJX^E)o-S+rpN4}|n^;(1 z?k?$*lWMBSAt%oRA{Eg+2VW(dLbVM+a{A=P6YHdw&|Brq^Eb4d%kh_4$x(p)Bm&D- zepbfT@J{%`#O<*ZRm>?{Jka=vcf+b1?^7qLfA@zxk>OJ*It81t`Mi<9@WVVec zk89jahzlhsM+&}r=ESRO%8QdZGf*%LovERVzE(k8C0VUNPK&xq;A~248cw_DgiM(~ zOQMthNsj5123^#7Pb<>78BHcfo=eA@k(MlZB93iC|=~Um*_n7 zY#fk&;NyUdXAqh=S^>ZS_w$;ljMmY1C<4||}5sGw?8#+!6zWS{5yEg3Jz;iw%a`Ef4lJ&c1WpEF$h+&vA@11fDWU)PBP2Y1 zEad_7wdGds8HfH!@_WsdpHy>Tepb(9Tlo4M)Zy`-)y02UHvaR@-p=M$I{s6q{T%<{ zL7oSR>`<8R9a8AtS2WOMni1KRvs{jqZ#u$*8u}9o@z8ndGS9=rmQWd_zlq=y5v;jV zm?E)6kcq62oZmyP{8Z5T+{hD)_xFuQpisD}5P~A_ypmVD`Xpt+C<#MR(!CLgV)?G; zhN36|AQ_Be2^gNEQB(xy5u;Je2h%W)RfO>zkK#EV#dAE0=Xew=^h17*NAdK5eU3-* z9FL-O<&}PTjz{qvk7E8l@Enige@;A#Z{9TR+c5h3UIS8;97dB>mQgmBG+t`PbhoiA z9nfNa{R{-p5iOo0TBO$PJx8=yeXxlK37e7L$Re-=U$BQgA$QLi{N>T<(Z#{L%ij6> zVsFmU4i<}WF$d&duya8DszCqJJ1)d#3D~NWI{{9ir7X$k&b$D(zkhyocF~8>8Z&oICD?n8i2ysPxVd?yK(KRSUW%b>F8e-@#d2e{jxCTKK@j>2Of@$ z9x8V5uGc@jJUFe^gWwAXr&VEpcXWDCy=m&&*`_rYlycY93uf6`aSHjl%rF7jH?UzO za^T;APWy+w^ZlPMdlwg#nFsc*$t4bg${a-X@zc@qMRgVhy^N?6ROeJ5&yTCM9{Ntf zeo%Qkcn%r&95U`XWZa5F#uZ43pRmvOPcqjTSx(%DeXn!*aLk2`(DbQZaw5t-hqikT zZTB47?m4ubiOJ{CcF&>hvdic>wB2)PyCu!y3L@Ir%(^0egSde|^B8r5hP?WPC^ujE zWP|_Vi2s`7KmRfU-pE3I%cowzAmmVXjsT=n|r90>ErE zm^olJZsPp#4bY^sPc#yO_4y3NJ?G!r%Fd1n@kXOO}Q9QzK*%rU}fP`dM*z-=w0+K z`yW1@?;n;M-FQBAgAuAv7!TgYCvb7he*1SDg`D_r|IU#bs`?2E0r^uL_y5iTg9W~V z>cqajUT8C;^%mg0-2o;kd;UcdjSHXvzW^5A$PH+svYGD?tAnHf+nkfthc&Ze*THA7dvD%*|R zw(n-gu~J?6BnZ6s>A0u}c~Y=SzXipKDwL55O@*BL9 zvL?UD$JZr31|h9d!&lJeT}f$m8oz=TS3*qB$u0iJX;bvnN(JJHIuDd<8S~a+as-)U zbqS={AM-ByTyH4tUGtBS__K!K2=xtAS8BOL&k#Md{@eWFmfTSna+S;t^_$M?y<&zK zuZ<;qEwhy?`CMkkT9g&wThQ#}s0W@S>_62A`xV&plS?!4L~fO;-6$3R4oPE2ABP^m|s^I1ISvq0Z)5{tX$f4H`y5buQvAjU3i&p@R(uy9d@v52}WF@X(w4B-AU?mS$BO9Q_qDsTm@xLQPnaK z5(U%1M0-(%-lM%L(_Q=}-To=FiP&^1H1F!7>DHqUqVfBYN(7@?iA3_PrGuiQ+|^qZ ztOQhf4HZ~5%oCBs@zY%HCcNU1Ua)l6$REjib+bTS9n6#KGtpV9y+WKp{G)lD&0X*r zXw0vbMAcmU7xq_qGUkjkVj9LEV@3k?4Y}4pZ>mtD$HnB{6$!owWtKt2v7#0<|49rb zTkLC5lCY&EY82(z0#5nBnuNQ{f2E=yJoDtgot?D&x3jhREdM>ovxsD;jmhszv`e+W zQrRxm_5%ucB|SfcbeHOW<>Fnc{YRAVo<+N7(e7Ea`$j~&?@O{%*;5~Tv(I^!lK+|$ z;!Nq-Wj?9W#~k^uz0*m{e_MNdJJ0gpLp(3g84d#CyBq}!$vKs_EyIvHHg(6y!`2lZ z6W*-7Ko=9r5f43B?1)c@aTp)P6Gng{*Me!zTEdx7?038GK?ePmOg*P3G*wBY{| z{91GPr{9AA>lc%8OZ-p&$*1aAA$4dl1F?m< zNK5LxVX>*_P$3aDYqg)4kACiLAkQJ9Cr$|Z98ADC&toy%V;W4tp^&j7(|bkAflo+F z?#Ve;`Hcx)uhm|>Ko`gV=it0n8w>^(b2)QJ?FS@wKIjKw+eWG~(p}2-o9eaMwXRBC z9$?2o)0w~;z@LRcbO{g~xq;8@&=Sb4)qwdz7ih>>zylw99AT6@YdND=|2CABY~0^E zvWe%g8O#=QMU(#whs1YDK)7tO+iG1!ubPytYY7pBTx=4-grLtq6K5JjAjaF|lXbm; zD3b7-wc0y{H;FG~VHXVv3c215pnL3jJZ|kuy@3&}qY?8>pasDg6vswLz=HN=`_$FY z@+LB{IKdnZ32{+CcpzP+ZcA8QRckWKLi z5_B*A+G@5NLlWRE@%`)*@_cqp#c7)OdUF)Ck#z? zQ>*<0y?S*)y;rZg=$P^ViBYQ|bG1eWfD+M_T-_gCnumWe0ipiXvWY_i0-sH68^oWB zcvUT~kwvmkrtF$CuTfIAsA5lW-tvXvE5nZ>STu6j2{+SqO7jrWZ^IXp>Ie=LMpZyOnab~ZbT;%t0U$(>;^i-Lx*sKq#}wOItltxY{DS&7@fg{ zP(PySYpE`()oxMti6F`OmRJ5x&jFEc0%Fmu_$h_;Kw+Y+e(kog*t2N)$9(Pz>uv28 z4OBP}2%K_G#*_#CY*0KO@1Zz40C@o&iCV~4)$TIWtAB3Mz@<*%Q0CV+uu~fBWDxgg ztlK!O3cDu0Pi?}{AgA*Bs>ZwE=`$n(+;+$)Qu2OKtWLx4^Bb%gdL@%K4X56 zZaaY;kn~NQ=-W2&;jz|}3G2OJ$1qY%6VEL=k3RzA$)_FD&e3}$>RBarqHt-F8Swm8 z(>r>!mn-fgxUi7V5q1&wef*f4{4E-M{%wHPY(_YEgJIj2QQ?pmI*tMvwAS({L~P_S zo9jt5v19t{6yrO>jw+5UQC?~qX5z?d#RqM{vLEwV3GK-EdHy^(Q1@u?ou@1cO6*7- zSCg`3aFoD~$2bkx9Q@>92PB@S_}rpFRtK{Hnhfj&cwD7o4t4_kxC^N8xkZDo7rplo z_3y7Gh{wQA9GP-a+5ryd$)J``>bXUOqtPh~&V0g&n-Nat*H2=nbhpwy_Eq%Cqb&1( zVvpv^%Whf*b|B^aeDucHp(7;I)Jt6v;u97+HX0JdNvYc8!Jb<*fb9Cq?plBy!Bsyf zIc{!4x2PY0t~OxE!+t=qOzen?%VFkWo|Rxn`s$w%e@eL!;-bhDdF|e!Lm5z)x-^L6N2yDJi8RQPEg~;& zGP;ex0Y*0U!HQ^x)`S#k!Ck=3g!m+JV{!FboJe$l-~s4=2P5@|TFy2DesaV7t1Pvx zWMyTsQz9SUqN5~QWbH-*6Hi1)T!}PTjGY|$usU`gUr02h!6|jAO@@o%s1!T7@?mxC zJid@9umiV@OD?Ta?BvRa)v@#VLgFnN^qdgQvpFn0O?-6DvgesloGa=}DX z?0F4r*GAZayE@JV@1!pJ;1Rb!p`!pXABEILp?l@B8+QW<)+A$~)NvTF`s$QGw`kB_ ze#cVSNkwHVZ|@fUjIZV1q9siT;Ye&y>VSzG+*=cDgZA0IM%UPX6ghe&dzP6|x`H&Q zcJ$+e-dSWP@idipt&q}00oiVpkGq-Z+AJ31`kc_G8N(&HJ zY9r=PWpkhTZ{1dF!g%nxD~Rj2)(~@IyPyB-GY$fu4#R-__W8d)bBlTKL*@bg?YG~4 zy9=Ypz`82z$b{-uPN7F<;;8Er&IN;Y6(tGm$i)T?HJ1iyh0p4+l~XyAcTLKM9J7pVeU}aH`2nF?Ko; zW-gBVh`5$NyB8~*<)0Oe?WI9o z;#uL!3P%fL2YXK%IV;_>qCEa{v|l~FC5sV*p9;cbOkJMBk=o{E!%IVWmuKbJk#a{# zgSTKetA;E~YxV;qBW)q&_aA{;a2QO88|bU|2YgnC9U-k9oK{&`=Zpn#B5Ebr$q6Y| zb_!KzbfebN-QV-Gk~6xAosiEtY~@%tJ=sT%?Q-s*it4AaGk0y3*?v8>M`Nb~!^p3n z#ty^|Qsd7(THK;jbpRd7Kto)wu_t$pF0j+Nv*t8`otbM*eCD!{@3ZNY=2%sVbCyvI zykuyArpzWy)N>qmLu_>!*F^*74mLy=Qx=d*?0L@2`1{7E0TF*Y%)*Yk&ts#}igY}; zcWf+!9XFizDX zv;Ru8?j}@XcGd4woTt&a)vlOnd;4iS`$RIXP+T= z<@q1TqYVv21)GjW#8dE>BCCqCpeeVA2&k)YYhg~}51P_s2iomreL=k4qDvpUHk+bO8$1HB1oLy{ z?rAm3s?hHW{MBHoYGZ(@)Tw|X~C+Zms(G3`~I`oQ2J5H|REXYlr*$=aMDSwpZ>zmm5 zgnhn$Qdx4sNG7F2C)hI+lsz5Ht$1Y}LFTxgKQ89+iIpWY%_)3fe;iIBcEMA5?gcx) zV5gY*B(Ninp>Wy&g`D)vIzf*vaI#EtPk`EKwc|jeNRGgK&?J#12|h z#^X|^H-TQCV^1islb_?GJFl%2$K zwY;)iIJtP2VzJANZspjSZ~3g!GXrW;Xp!z-O6|;v%PGXRrS6FNQx(ZpVlETJuyBr; zzcg}Jf*muLLItaNBQBf@(GNl1mxkf~o?A4CB9t$E=bQ+kGQY=kG?u6P+@itG_SWXo z#FM~|4yr!KULl8eqC^l+>sjf_GO|dN@f|bKLh2e!wX`%iD}HX#;Ok!lv{t~F=AQ8q z*h%JZDBQDBNm%G8LJF`S%F)2gl<^1&i7`sJ-zz>%;u}fpe znoOBpjw8?wA{;2kQc(fz?d@q|itw{0lL^>@FO@|W5Nt}C39cS#E5VL=pHtmF)2OAQ z8=rmJUlxx0c~*}dWx%rUU^>mWu{-nGHMI#ux7X$_gEQSmAjweH-vD}gIE79I)>UXu z^X>wRwO`^Z=!->BIef`^@Dr23)2Eg zoM8JGp9bWEYmo&n)w8ri|C|@+$fTWf@<&K`@I*0miw3XX(^b;Wypw456siK|-(eK@ z^{7+m^7Z9?Rx0OWxvXqr2fV!yw$-&KhI9fdjGIq59M(8m^NDK{f8le^U7wX;N2T+0 znN9jC2VQB+2*GS*GCZIikBL!pI+o@rYet#{+47^EwN{B8JQ|79!JLq(x2UJeJ$($V z5<3BNh(C8}-J*-A+*8NTN^HM0?NsDDCm8Yw;UxRPcI3p(100Z1=y3ALSXw3RNJ5ye z-%;36bn`?JqhMVfc06WR*taUsj>l~N1aPx*>>ST0pK{uHGKf*It`IvuWe`+NoSh1l zsJG}$l~ac-!%2r=YXa=~iQs1?=PZRCupB*dX|S&&$>mWIXx*vGbeIf0_v8p^m3tOo zN9wLlSm+j*@+7dM&QqYZcyhS8H|&((_NB4&1o5I_T^)8fwTXpums6t0o^1BV=b-KVyA)vV^Iyp zqwZR(#7-pz#^M@`$KA75CGS*I0N6k$zhK-+gYgJlc~yH>H3h~UG#C$0ME8T8@*A7Q zH5iY`l~;wGY6^_+PlKVbQ_YuT5e-IPG`u`;cYapLl`DEnRMlWSHfGTMV5eMxQC)-a z1kkfW>{PVNy+yxFh%{+uNS2daH;&Y2+Uh>)vl5HkfcR7D!lB^3k1cXWe9G)Tv6yRT zm^AqIi4PG2b_ua1M^^0+G#1Us40w_dBBmzs^kkmZ#LuVK#3h`c`D{4X2k9350#VIoER>PWFiO-{M!Kq%r2$*X zvl6cClHi8X19w`jkYOFm6> zG!i@2HMNPoVa5!BYl%cUt&8J+tKUCX{D-6AOy8!e{Mu85%|*Fvj=Q@pECV~fQ)ywL zTO`VvxkqpUS?A2()9J?mnV?V$FwG3M(=A%>QN@KVQ!L}og?5fd6y_Z;x_gac}N+T2{ zY))}1P?2gWUTKeOV0nuMUkwJ(q^!j)AA6*W>OxGcZ=}8osJp2Crt^BQ{?{NMJEgI5 z^J3)s#HKt#&C`jPdmprO!dx0Kzko^0oW8+?g1MKH)B~o|p!5@M$ar8e_hugPv3UP5 z&wX%Zjh)yg+4L?+tSs$G0tW~qjy-2-H0flbHsuz(hU5BhW+LuBp4G&`$j44}hdD_0 z_`y@Si3-G7KMRTIQJ(u;S=0@Pf1SQdzeRmuY)F3w8CjXx$hf8kMd++hJXuGuBOtQ- zeeM%GazqzWk2;8ZRM=4p)JT%H0H=~jw-KT zf*oIsHRnF-Gko}MZ4v|?@3vY=anoiNH(s?I91tF~61m1&*b%3CcYFy=wbr$EULtV= zSrcMi$*9$Gd4e7iPd#TbWyWfPs3`Q%DISxiPsWr7eo;_^M5>lUePlQiRgtc`JUpv? zZqdMI))n!alr4P>O=HJnTB2GIR`mj=s41ZaADFBRgw2(j8JdU;AnKpf-|3R;?7U+l&PPO z9C>9^;BeiC6m&BaA@aWF(M?R#j}`{kY(}KjJhp8_vv3D2j(hAeTc-m_V8;r1z@{hi zuVQm$L)?)yBGtuHdsZqcn~A_n6sLzJ3BF^`>sZrVAx%^2JX66Rs@M<8RKh)tXT^Gy z3LZaYo<2_vKP&O{(b%bEJ^kHTP3L2$z!2@bvp~zoPJtoXcV~f?kDUTTwC~OWEgw4t zhG^fN1)9cACF|+$&T6^&E_>SX(#D zzj~~!7I(x>t)^9uGTtTj@stRLAme8V7BXlwI0?`dnZ1RpoX;E4&))_J`{NLlO#wrL z32~-~x;(&+Giaipn6K}9HfpuOU?4aUb4cw6WR^tJS;Hp|!JMF9YY55y;=8Xi%=r!T z?YB~;=&3(9;t~fqz(dT*+v%)ftKZNRLfOQe0+3qmVnPrevTMN>r&GvU4BE;GF*Vc! zU2PDB)6m_+fRhjnnudzfnIRgeyD*M0ir{kbl-OusfI4W_YCQ)65ePQ!%r+24|L&a} zgI%$_)8#Ntl<+tctik2=v~hj+t8I|c%|tYzFs-N5nqWUzYJM6c)pv7-r%oYu|AAh; zx}e^xS6%dP76MS(JwqEYd^XzoZO!;&y;ghi0_~eOjj#+AH1dT_0!$q)ioQUf72`yo z`sipn4Fk|X26${-Z`#b_O$Bb#V$)U}a4b+9tY~P>zVpL8h6p&{xWGSW=N{ z-I`!`oQ`HgNAaz3fX8440y~F|ZfGz`#J-c)54GAmi2!K=pyw1Lm)uC2kSz#Q(tw*$ zDd|WRyCyytqfj|#rk3` zS&SqrGyN0h(?3N=4&oLTvm+KUT25%gN*hRGYQ#7Px*EvUBy9m^iYiA`tb8_2 ztRd!8;s$a;y&{-k+*1$xlrvXH?exhwbg-{Mko`7OYk+bIi6Cf#ZH-F3FqkW5s-YF> zDl(twvnv*tnABRse60`eT?Cs!?Z^C&;$$pWX9Jyv(;@Li&k+8PNAdrPx`1Nmx)AE5 zI!S%r)cy2HfcVU{CO&gn$br|=08N=q3VVu+??dS>sdFp6vlY!nE8 zf`zPXfK>sqICiw*EK!PWcqXbDQ}P&+7#gIBhZ#$Faz_5PA_i?~nx(m39dLk)b$YSG5W8h_7xb>7UTI?g{%O)sfMh zvL+qOPKDCJ{Ay79t-1HDRlj|b4UnNVhQ9%S= z4rO7p$qBQ{Q7ei_%N1=Xa4fOy2&iwcThO;WvI^EX^GMW=q+nRYE|CnH6WK!472G&S z;3zx*Cnwk94MvvO-Nh~@&={c#@E|5fO`d`^nLtO-Ya$?RG=%_EfUkt?MJ!@N1XVF5 zr4yh@TW;`Xj%m5i!lE`7NVbGD^8;X`%}_5vu4H=*(iYYC^8p^mg3%-#HkJL55R3er zRQ4?)$F$bXGl5|V6Rp{#KxveD`>*D|oBwy9iPrOcCJq}wz?_K}VzGk2#1I4TT&T;X z!dbINu8$BZrAdNjNvCx!EDll>H>lN)Mt~R_qSr|V%k+8BAn(Gd z29gvs20=76Wmv=)^k)!)fq%Uy1oGh|G?2h3*yHsf-Zt%4*}AA*Oc*Ds=AtXZwy8UA z3Dn<+1BaSIjjZH2O>QO+50^Ie2MQE=t!7m1u`8RP;zhU!8G}vG62z=$NHn`7EvM*M zk@1nd9uq7SqmfVeL>|~(i%4b5XMOgJ2`}D+#xxN7kl29q_M`r7$i1l%qj6pBVoBjA zloCb6n7QRsPcnB}3|bQ%xrq6;iirM&SYe=|NXYsiw9U{oq{q4xG-8fu zWFX00!A#u1pLvYBK|{b`51aNtN?c^7g)57>Je+Fdt7uB*v+C416VxpF>dOx)UMx8A zz3|lt$&wZoSaYZ`0qH7PE0RpmF91vP48)1cDXewsj+j4Hr9x{0ti~5&oT$%*+^5xi zJm(yh7>SO`5f4M@8&yn8ScDv0Q-!=aX!6NmL;UlHGXTyDKbzw}2WoLiCB49!iU1>L z`{KA?t6d!Tqku4qru0?3mbQUHhY>H2&>uLwIWV_&sVoGYrF7d@Dk3Q-kC=d8d`KSC zwC{vsMv>mcBfc}!X$C}xCa5NCU2!f>#Kq~FVQ*BGCOVKjRk~A9k5e=#2PN%3&30vUv-t5K+XSrR2*joxH6VjJBSrq$f`n z7eh&YH|AFrxgxWAJY4bPACj91nii}4Q+ga-Qz%mxO+1#o;(~~otV_xtYZ2E<(iR7| z93DvRZWA3yCpzpR<~GJmApA4sJS4fh@l_O!!Tbs3d246y&F0oR^2r$ca61+kNkA(G zE2daXH5-*h$CsQHc3Z_a2ASC&$mAtF^a&!@#GeHd(YKH!;oL{Qc*F{bt$C+P$rK63 zpg1T_zT}54tR}^vK)o)rbeglX24@%Sn(b)oUFIW)jmH8geRN%qw+x#J5#X9)$%EsJ zQIda}dtaYUJ!hsAP)fRq?1iyqF^P302OEJi;!=X;H{ot)hNn*L1su^+heN61sL6l2 zHH0)w;&%h?tGdv80|c*zcmebbf101-w`Y+XNEh{-8$9Fi4G!F0_^BHfuc8)X$j>0& zL1%MoJ0EDRwyc3R<_SU#t6mVGa%+$xfZU6j7u^wpNT*c7nHUw~RR1|v6c;$_t;_8> zs_oh!bD}laXy0^R@2%_12BKvygiWbJpz&%k)PSlTA(~jsapY$>=@??~)oZR*eM%bP z022J7Q|e%lH|0@Ch+V^2Ao;AeG}Gr)`7|d^G`Sqfa7r|O4jndZNeULyH(W_eCq>nl zS-KJPspf3ztSj*>Lc2Oy#ID9EZxg_UvG4^w{t*(N3dx~QB!c$EOuyvGtDuw@B+LVx z0GvQ$M(MgxVidWUxbay?xJ#T!?R2TDzmO;4hD&Z53hKr+#SPq$2!>60UHTj_P1uMiv*4hP~2hy`Y(uE#Kk^kd;{GOG{rM{wUXS<1D{A8GV#RG)3vB* zN-U3Dn}i=5iRZ`sQnzVChTQ5uA|&TQS|I(H+wN^yySaTN3PlaZUCyad^75(IxX!DQ z^YXg(V-8w=%;GBZs+KncX_#(vUWtmv{t#8{hr@=YY2Y^XYExBQuE#W~qAd9)#u$-a zWPuV)#Nq&0I2sa%-Kb?EBs_H?M&wnxA81l;qMzA~kbE`}4~MF92YAUQEJA%XqB2y7 zp9W?yM>oWAlBy4oO7hy%ZC$zSCcOt6=i?0_)QBU#+}eP%$eTgX`RX&Gd=;(9=+sgm z{0lr8`m-F9pn&i|{8!VEcbW@U*sNM1w^(F(WDh&@V8|_7(0!sTkjv31bt9|!X&`2; zp{9+xV$0%$Z{*tiNQ`I9g)BBDx+(>;7MqSn)C!%TiFz)=u_{V=14yG%efMT6N~AE5 z-a7=<$w}7pDoa#Fep%@(u0ZK@gJ&BV=(Iu^Ut{XP0fV}r!%{{V(E@<25S_)@5bsHg z$phw-jNO@y1FVIESRUd?iD-kIOS%E_a4^y1h$PZxtriU;P)AO*?_fHW5+2+hiS&;f{O>?(plOe@!<4wzFEEw^YLx%>{^T~_jozCmV@y^cfx>j>W zOj_zv7?;S{K%O-4f+#P63@Ivb@P{K008=<1NCWVs?Is#gm-2}^L?;tO!IiW+ovWNd z+PoTUVk0V!SP=S*bxC0HPB?~>01gBU4gms7pJ9_psl+)po&rOD*Re_h%&&M0+k*VW zDWIVaCoP*;4)#ey0nm`3zK{+(jTs9YLo%lBx};vg(TcKYMSWHgH-;_>a*U+XG|)35ce_=7WPqWNpR`)l18*RS=z z{!->yzlcpJi4TS3jYz|-88ze;mDK&az$uXI&i2-(nglqHcs{Wx*T~q&o5e)7ueVZp ztaw_SF%Sw#3`U{}=tQL@k(mLkNW5yw%|{k8A}x6ip2a6%76x7zfNt9K#Zc=-F1iC{ z!(tI38U{CnxG1~(=*uwIMxPIW{h$v5ffPH1HXfJJwxM>RTCD*pgj56BZX%0Rt;RP^ z-!wP!Fy{!nGxK9^T!IZn&sw6OW0(2Fmg)?cko;%{s&g5)D#(Fb;lwBC>_h+J{rO@4 z@?-z-d?Wtz;GOZuS+C#!<-_@b@#^UG=;GkrW$*lbKl}EV-tocFIpF;4{Xy@d*F-&a z4d#=nig}z5Iv9URQ*KKu?usV0sb-~c(m|=?HpE6DFrikiqUuP0418A1iyyjCW@8}l zv?5ksK1m~Dl?2(;IZMex>SNXApDS;^_O-MzXrdlmXbg!C{NqY@>ty@piz=x z95iA`#8UUM6@axJ>{eVXb8#NBwVIZ>CJ(kL4}3ZdrKAM#O|Wk#B2nMxjppZ5@XJt8Wy9-;k_qgHNVXwrg6GDYKJbrB>%ap1qWvH%RFv>-|Xbg`a$; zji$7{*><{qc`@k zO=`8H;3Y>c5qk|5#K|I40%=g9E=Z$WZgm^1oOaaCJ8INd6P=SOfs<_!T*^vQaiKx>u&A!i%^fLn%t>By6FrW^*;vX*L(C`I z|3weh@PFap*kK&Il$%kZ&(deTdHnZrw9ovOsFVlr+t25RXU9kTy^Es{r*S>)TqA`+ zQ}XBGkOwr-)+?TaEiwU{6pk))VYrk6?`3{Zm+|t|h#vxrk8c73KUCRIl~9v#&~cfN z7l8ub2!;X5W8e;&j~Ge`%n`P+r{p}j8^HIU#WYA+D!C;H8Bd%n&(T(Uvr~FFljr%C z7dlQ$6o%^(9H1$|>gs=pt*aZcRe(cBK*2d>rteI~A@;Ew5K>4vaw8YK9{g*bNwCsJ#Nah&gsNV{5OQ|7!kgy~I<@SQl9h1!^>OORt-q zcC)jseIh;>oq!t?kftBHLXyhq&f&Gw-pQfV!~RYD?4R}a5C3+4`01#B^x^bxAI}bY z7l#LV+G_LpTmPbW@v)E4-}Zm*onIus_0G=Fr^9p6p23L!rq4&{Z`!N*Z=3DScBB2e z(cVU#t?t&F?#^~|@AcO9>-OgBUG!tS-EO0g7yEzHanSx2H`h>@_*hN^i%KX`0${s z_gxPM)&$jaM^%>`>x#NIWJwT9sZWBg`9~9b9xtp9(K=u;bYTnXibXS|woTk_EETiF zLKWrU@I9i$u@hFHFZC7m%MJ8WM^$?%x$euPJNrvm$s^sH#{EIeC5%4vPx6YR80EMe zZHj%M+`-q3dgVw`tS0iaQjA*9E?8km2)VoP>_6D@p1-)a@)!5^X1D#i+1_k#z215K zdV9{|e$(tUH}%q182d%~)m+iYl2;2}%#JK&gyd_InYq5yowRhvWUh3iD+^V#b&YFo-fozZ2>#+DD^bX+= z&#sk~M5216&(Q%b@fcG#7L^7jtq-(kIS4_or4V%HlM(%*PuI*>dC{XLsE<6K10B@gzxJPZ|NH+6ata*)H=Rp>=N>&gLbh&chkX~5AK zj?!y_0j+PuV#jqyX=j1CuN_3U66?yXOkPP~4voNh{FAKvPb#D?=A-wY{@IjXR$8ul z|LLDdDkgML6r7U(hCadK>Ht|_^Jn@=Uzi9M>WroXN<@tStj<|!5} zbnP}kNN=J;>^qc1Vj~=J0C!u+rZ&iTX5b`+MvM9Kz^S|x#gUU!*CJ?0h>HY~fiOLV zEfcm7X$p4aq8wpa5N<+J?(A*8?nt7>9#!ZZMAu}-GSXqxImq$)=oc_i(c`V_&HxSw zp-bY0f<5{Yu9tjb$ynh&;h`fv&)vLvkpAlz87UhL!>Om;&S71psCT!y)7;CPJ~k3} zqK*T~i$uCM1u47(J1J$etv$_^nlj;q2er=PElz*zv^P*k-l%sr1=ZXmY&*H^d( zHaZ>CS>625e)TGLZwF`kKt~0zBmFfD++{K*f{F^D4~_Bg9O_>2F8Zvg^XBHpyzgcH zxP^x-3|cO^;jPZ=H`}fF+*hISx>SP(_q zi0%si4jc32?a(j80egUycG{5KqRZu4KO9QiK4tO`@M=+cI72sr`-mQwxjYrEPeIAY zL!|^(sMd)R;X-_=ds*3LtuJ=XP(|Jt5n>Oqb%kQr0OIri#|Roys~w&G^Z}u_Z~uW_ zy^^l{siguNEqe8;78U#?P83)>LNoY^9m978eLHTJv4eR6>l=UN2+$pgSL9jgUHG!%|5ky(gui=we}5PRr8uC*3%hbVBHQ5JS8@0tbYFCsVx~k^E;YIIARK3s!8L{?SY_hROn@ru3bqW_djuZ@( z7AxIfLKWBPG`E_{%t$+ugODwFit_N8(y_0dP5>kji$IcdY*Pk!otMUE??<>PF6h#!O_e z7ujW@55a`^H&ib(Ace6`cLjU5ye$$uAV-0pd%+AA{ZlWPi8GH%Bi2+&v`Bu9-tqB= zUoH<%&My8Pwf%Ocat1_-_?Y_S5gBMui>X5gyI1CAjy4rDgJZ#czBCKHCJyri6tR=U zma#Md2Eh zcBRCj?#KVtAtl|0}DdM8dZu$xIi7R>jA4+1`sapJ@|O7*LUrY^c<7?S9v^frtKT;5iqpwXQ99$GZ9Ti#@{q|s*LgJOl7 z(Mcp?1A47RJbKV>{;T<~0UG+)m5CGw9e9)2myFvYX+X^b;(_O21ATxyD|JOF!>&Mn zqP0Q)@ch%!{vl+(8OW1C6xeTV@ZtC%W?}1k?HZc8SQM7GE145e;(jb(>h?^TbgO>U z-=`lg4*SjEi^}(x08~fd(RXjdS#&Fsuk{lQgkM`)*?6SxW!B`aEFgG2+L@vlGg)oD zPdu$4Dv1VI6#lOv9Fw_#0qmW7kfBJxDlO2J4v+B%LB03fJE`ZhEiJL0Nq5{;;iHdqejxik%nD0 ziW(DS5+Q1QjH;r8-bL?SudlxR1GR#w*AhpQ&}&9W?t$H=AG)bHmd4tUfgq=Fu?n`X z5%H-zz?c?!aujm2D_j!F%1!22l(F$de-Qo%&Yl6C5~Z+^2hK=t1O#*Xrwnoj^CTdS z9EapEVT$52tsz;d*oJzv(dicA3lMpMnM62TJr-j3Kl8Dhm4iW|08>4~>C#~qHm^N5 zRD6dRb@5b~qVZZH0HG8ZBSx?uD|WRYq7jh5qP{JN(P~Y|6vtM2z_GNUOv3bIM13BZ zyc4*lA&Ubln{!YZDf8dHK(^1k7?K2z|BqQtt;FgjLr#43v441;EdhQB$Y&0T3uqSy zh5ncCjxJ7nCr4la7*X)cL^ESwU>WYOeR@qDGA7_+oe!fxUl}+Bwb+f4o{YMJ(*EPy zdBm|}gy9(4_}%igzSwvjsgPq$i$z;vtunV4XJiLw$oxLq?RI;2dmH|3x7+D|+nue= z|LAPDJG-0Pn_KP9f3!DucQ?2G1GOIl0ih6k|D%29zS4vHMxM+(c54V^gC?J}CX8Km z(M!)K4J9dTi0!1Iq>h)VqKz9u$CIFoUN$-}zokX+9Y4#if2G-I7@p9Deav0|JMHxP zZ*T2Bum6X5UZ7(l#WWqcQ0f{?V^AER{Uafjax@I7V{>^&&I1(+ATJUdb&x*^V!9$VBY#~Z*3>n|5m%RxA(mMAL5Ce48*>l3QYajusuKb|17os zWkkgD!`{KkVRLHF>tpWzzqys#|F<_g&+Gp|o_*%ckWQcAXKtLaYqyx66O38s#Rz1O zOBLv9ioNHp{+oL4u>Mux-}!7{-umC$PRsv0TYJyv{|9+0MwY&7IB6@%X7YndH)|IV zv^E(hn!3NsaAhe*Bdv$9ZAY=8Ny&NS@ghT?fRfuCMVS&l7n(33xt5lTOYtHxU>OZ; zJ~O_<`Y(=%oZ<=d*8g@prT^RNZ0)t5*Z)I2|IS~a$}B4x#+dnW6l2K)bl_|36CG*W zMs}R8Kwe1<84L7VdZulNIAA1HK_gQNFD@!36M95** zRe2xt*8kR4TK?bJeAfRx%#$=g*P&45tw0SK>!ceQ<*Hy>X5u~dyN0y=K^L`~yUop- zO~-@>UBoANb7!}^x82@*y|wvf$KGmpMz-DAeLcb>dx-JgZrdiCdw96BJ#3FgTf4)Z z&eqQBH+Tnc?sRtAdz-`8uXk#ZpLrM6r5D$mM!R#-+3Rk%yY0>9-kY8Fo88XqH~+W( zd=9Dd+FTYC*Q}*n@n23ZJFc ze}4AA!amB^|Mt%AcIN(nb94K7{XfL>;stsy<9e#7JTeTG;j{7L1-^Enj zMPL7_z0hIfbrW4Qo$24FcuL|DMw4B5E0||o_@87Zzecr`H`u;|ITy|LjlaQ_uP`W> zHtKxw0{LVVv)syg{=}GNjC_#k^w3mY%2JYEjtwY60Umczr_+4XY&TRu%TBxDcWMZ| zc!By+TEbM+efil;^YT)L;eUzfC{A98C`T`46pEJ{h&Y_cNVE*SJQ|&{;LInSxWP-= zT!e-Ez>y&*eq$U`o3v!o!PX1UCk-!@8KC7mXh~3jks!eAO7`?24(lIfUUU)meLNFK z+B79J6*g4xB%NbwirrAA1_1jvI}^;YnHpDVM9gUIG(2XxV>48W=Hx1*EjpWZ<7D)0de!m!vm}L^L`IAZ#W_?|S{8 zVPT&3PL7aGhM~->L0yP5Ym=dYi!x6@Rk{Hk^VSQ|e1o}-A?A}t)NT#QKJ=xgSVaB6 zSN5Ks*yvzpB0grQ@U*>u>MK&H?SEnQe(^@cHR7x4;)t88%CLQ7fhR$`=x~__gC%Vrzp1nTS zX*ra{n8$ST*-lIbit7v^>?`~|ht;f{*{qV?s3n+WIYv&B<=D;g4Cnq?PBh{S+nL9B zB+p1txJsE8%#ezgC=2N*x&&E}URtMK2Y*JH!cXU_15Q;ClTkLNyxI-dlLf*$$|io9 z5Z4GO39gSpB)&g8QB^MwxP08gyHe8);-O8#YH2FeK{RV!2PjjYJUP|At^2 zQC3!IPS3k&KyB0r2VMC0J-S6!7@&q-M|IQ~Z4PAf5+Lw4Q;<3{(dsC4z|kNIq-jQ{ zuq>4;S_Q)tP*9trHG#;sc2reK^48TZ_iq+L9L~riPY0P?JcOo-EHR|6+;RjkvJ;Ql znaNH>(3CD?r7<=Y`KFpt3@u`ds4assLX%NkeQCLGhYs;oR@}M}0I%xJj2O2_=<9eP zPD3Z4o;67*>tO>UZ}2ew== zR=qNolb$((f`zDLrK_rRjm(7wBQ-MFX;hnD1*BNawTK62cu}P#kP^+EdROzfCq^wd z3{zU#hc{gMWC%{sPoPQ^IhP7S>5+8SKdbpeY~{3Ogayc>ix5aa6uJy0Kh-`T>aG4$ zEJ_DolXDf0t&28eNtMrBYvMDP$+#L*8lWk&Nf$A91F_L)L&X!g#GdEOqQB$~GWZ`c z3p+Uid6CEZo91rI58Z%HiO$7zgB|I%{{G{B!O#;RmYm2 zwEJ3|5oC}U=RgH5wxxgAMw}@>svsj2sUTX8Bb~5Jlo)fMX!^s&VOPlKaU|S-B+*+# zqJw_iNQ`%N{5v<|J?yI#Vk!r`3>^xIFh9n-35-K54$a1rAtMA$QV^PqR)C$M>Fm;Y zr4f7p;j?l*=$M~@bRI04S&S9EkAwuAYULU zCv;JLi2b@mQd}qcg+Bi#lelPc#7N<-q#a3q3OEQvlx*!2_WAya(oU$OrdHw5z#by( zkNG_z-JJL%=&k2N$g0HYUfG~Pes-OIEEU8(@UhFWr30Tl7`VS+N03UIRudLj=3ta` zkg`cL0+_=Rx2Y9Ghc`SW&OT_}#o<9T_O;F@*eCY8a5N%5uXj;>r`s(lZ1PeCK*?Ty3F%XCHivnWbTS*FLSF^hc zT8*O7f;Wcy*-uT+L!-yO0Aq)&>i2V4X&yZ@J>5M${ZQt18+kaQ$}G-`)Wb6&#Fj)L z6o1OIw{MTXGJVD>uriN(Tnjv%Q3itlW5ILnvW>y%sBHi*yB>$hKBc9>= z0ppo@jfL<{slae-e7J{Wjv`X)KeznW4hC`E*m@4b;Duz5hLYN$A8WU_l$_71cVQDS zUdAM;4AE&6n>G-%X8<&5!F5aHY#(h3$!;QLrgT{Ysbi#Op5A+M#9WZbYSf0q( zcMDvm#7~TzTnHYMF>Tyv0&dwes9vD{!u%>qh@~Z*V{Rv+R$)rYQ&d`ODPzvnC#(tz zN~BAN5+S&iklwo2X_nv?&xV07>0?VD0(=LkxZW0W| zlm;>cFRDNVRqCgtOYwqbE+v~$iwNiiS>_uFlmBcqbgLnYJ=XIuL^k52_2ISX@0g|` z3r;0;ZP=FDz-l06Q9BAqQma}TrBNGJR#4fPUeQ$jNHF)f{1c;0>q4Vm{zDM8gZKJJ z7zc$PMrVTg)G0~3gL9H)sp$^i^g^+h^}FtX3aJ!-WD&Oy4~5f-R9Y2Bsou7wUf`H< zK?m*P**Fm+7XN8$UBS^YD!RJ*R~z25n3@TA@qByBDc&=q(t`!`n5CK0t!er2EhE7z z5|Oy8;)1=`}Y61-z@_XCzjM$SPwvP!}%VM!_9&l20%P8`A z9R)x>JCOy}(Xql90W0Ld$}rS3#y^K99fSOMmg1;Jqu!0!DDaf?ODfK)^qNG`MkA#> zOT%vFsb+dC#WCq2X>D@-&`xm-Cm0z{-ne_v+VtiBgy^Aeh)J4NqS>wTrXY6WKRP5n zW=~Ye!eZcqAq?pdGf_1f@G1{FDcP(}IV&~bfxMYf(f7v6k0rl;QZhV88jn4}#YRA{ zHuzvDvt{l)e|I5ORd}h94N!gXo9Yas?A03VE2bZXos^_wbGBAddpDl9cA7f)5jJRn zJh{=lko~7>a(m~+^X9r}OztU@u^PiD#cb3cK-ep>e|e1_MKnU5CeCI9O0Gi5Qk;Uj zwAx`8`6W^{uc*vmHWI=(28zmtNl#yN$skZecBL*C@SY%FUbDB$YVzD7Bk$t^@2}wH z%a@R^mykH2kjzi*7ZvGCC+-X5K1*pJX5*rI2WJKqa=4Hg7&K(qsk{#>0$HcTspc$J z7EmBfpc)N0>S+b{dcj;uYJUIAe)Zp~yt-U*|=f=H^9TRpLGuBMjrdYD);J zQoX)vd37~~5Tm+@M^Us6F{^YXv&Mv6s&P2Y)}cFK%y^yYO=)_isSmK)PqxG=VWwrw zV@%QjIwq&@6;oJQArkZS7ygN|uwg0q zm}Wkwvs#;q!_Zvz3}dzFRA)sfaW4v3P}73f5i$iBu9S&DYNVHfAs#nd(xm3ARTo-t z*r@_b={5~z$e4j86a&Aq^@%(;OkgpE%X+LHi35+sS?K9E58F?M`CPFVYf`-q&4{P61>CDc(UV>rFG(pKCh9iS4r{B# zXgx&r(*g*!@E}teYN5L-h9@j|YnMn^uvaalps_gDin=}br)Z)u8 zc%!5Nov*RFW{NEU4+GjIsmXtnu)t8{(v=6k(dE_8{Muv8MyawMi;dA2Xaj5ed+F10 zodKOHAWmR;S73D~z7+crj}aX4pa!k2?dM4T6wG+lB5m_*OZVEtuN9Cww;htlVRa^x z)TeYdEFOJph|#GGY+ay5NKKcdXi175j}#r6>p{!xSbxF|Z;=5cA4m4tqq_eC<{8Co zW%GANeB5E5^Y_Z0u?@ei1Z-s;R!rTMKQz56bvT3Y$$j-OMAU9;Nki{RLy@@MgM?~B zTp6Wc+jdl;6bO5%{Ef}n{*Gf4HbvLB4ubyfADG|=W; zrP>~{fJQi+B#FkpG`?16b(uw9#;C#6$|nDsO0*|iQ+K5@BXw>vr-rJIO8GWT3l=)4 zun`DiC>VMdT>dBuhXHu;`v>hlIbDst0Y4t`yP&A~R>`LZEVLQceqv+3t~3 z=17N+$NVH6YE~%1I{_N_79%(;FoDTyX=pXhxZ?6TjZPVwfTeiP9~89~#c)>TRXA%+~q>nf~k8-CNx{c($&ZX#$}V~|ryX=fz$k5USa!Ydk!eI|1* zks!ohNy<8OE-k^lcHg=q&vfF+PBt1=Wqi|gbm3$1yH3-lV$2-Sh>YzUK;#_utzb*M z6IjbenR)rb0nDsDO6l1krF_7mpba~y#6cvs-nJaaK)e_@FTM^m@{n@&_OyD-nJL`U ztU(k~#J<+79?M$XT6+V_tI!oLdkK>P+O<-Zfs#W?icz@aUSC07m@IdSE$m}ep6f@k zLv1@JYO0HJ+`H!T8=ItQ7WTp}$xx`Xe`*6xDIH^z`}t=ybx?wmsP(h@IkEg3Ixg3F zL&x>i_9pd&N?dh;71S`F+#U#5W#jbpt)Y;eu@)+n&Uy&M9xygPw>`Y*$`j%_3%E1| zlVjT7Gea`t5pQg>MN$~v3BA%5fNw*dp;JMWH&Uc5Lz<;wmkV;lQgIA#G#vG=R#Tn} zCrZ4uuCMFvsEfxcM@qj*iU$!oLUP2rDG}9HL?0`)Mbx$af3|*lDGO9@LKPhESR5+y zUbAz+xF17ze1J5o?DdQXYOnaJdHKZk}UTW!jAk#?NDLbQB3eA&~hX-`={S^ni`hRo?VV@Q;Q=BF<`7 zV>UR8HZ0dwov`odaIHt|8M0|yuQ&alO7R|k`l;f>Tnd{2OHbyqC-VUkO55f~S+}cg zF`cwsr))%dOe3>W=X#|YqRF_A;SE(=-c?9EqCL@sbRg9u*x|dJ849qI{&`?LFXStL zzeZGGhkJVX_Hh3U0zV+A^MSonoc49t-#a~oPrn?#7Y%etMk3bt2ZWo(&W-=ks;RyX zEBhbbzdzhRTWP{ssj>ygIS>D~sx{&8?dc(G!r}V^0fG1mKc9SfH=#P9zgLPL;0Sfh zFcsJ8ir(UzE9+o>w8RfRtt(B}%)+oZQSuaraR+Jc@fMkqK`{DRoE^e$;UwuUZaCl8>cGuQmtTgSXPo6Mmu55D-I3e+lf#t>$lMm^sdupu>9E7#Z8g&>qp*cBjY zT4{d@*mW!|iXzr$+<0;gNqXrgao@S5V@!YDc03&s(^DCu9WRg5d_g){?W$%0c4CtTp5%w!Kf(r9VN1Tlv0*# z#6t{O#(n+%p9k3gnhf%d^Daq9Cyc@@q}%oO(R7~;6OvMJ|EuMJ~rvXY7llaaPiw4I(ETLNH*{@=4+@nH(hXLWF_;*d%WXu zdm)VitfFE-ZEm_vL%}K#w!RjGtpy-#83-$&sNJZtwVUR76%u<`+=bOBq9UR#+VFZ1==?B)cN(0AICV&Al+jR`DQd zdSM3Fn9432r0iOvs*n9DD8bXZ-9mrI1n*B(p~=j7)|85s0I0(jE|BF<7RKPZ;8$nC zR17ieW=(xxL#Hmr{UiRXghSO<9V3itPTRZS{vIFiot}RBaB^@8hbJc=PS7Y=?nj;J zPbK|Qx5#GyTAQ5O!LEPcZlO;U33|n@s{^<}y{9$QrF`(spNHlD%1d%V{=fZVyUhPz zEcL&S^W5$HCr&pe{RY~e)vzCh4EP@xRzY$bnO%di%mx3W{3k9mcR^h>40n;XcO=41K!%vb43EK-@j^^3Vm zR2iraVRu3en*!I7Qj0RXKk$tocw5lzV%z2MndG5Lhs#EPx=K+>9L?5S+|J9aP zAymB1xL8ByC#YqY(oR_WGq6}`#(kd9uCKkKeal}*Mt!>K7E8>UTdRTlPw%2rwIr|q z^ygvezeK1K`JZ|I+kF1KO#ioEzFgA($9NW?|A(Iw6`)NpsR{#;f9qSe8?^2xT?+1xF1Y9J-3LX?#K|Obe~m~K_Cgv6Azh}} za6VDlI+o8w9|Cd?9oi*=4{FxExcVAz%mvVT9f@Qf^18b?7#1MSpLtIGfzzG}rGMc$zEGrDy3W-kxf&b)clUSKzT-yK!kl%Hz)yf| z;%Jsk;QM(B3^M7l*wX>xEkMS%-|Kk92RjP1JrD$m;BhTc+ zNRA#Uwv{skd|l59@KxoIKZy%eyC_j`F}x!#Xqu4Qr77;nqI=}B{vXe`m;3)wo(1;*G5URlu?z~J z;|TX@21IKk5c{W50Er;#B;2Q&+V@H^QSy24;-b@odW&^D{c=vaFrj11wgVRqyr| zJO+Pq77L=d>wfVAk`Z5&K#<_}_SS_P%mTRc96T?eT^7)0jqd2xD2xIf;zwT4Nwo@* zH-IzOtuzO6(ey$L$0m2WJ9{NcO<9(f_yyH%Nfc&cLAdw>Jwk-EtA=gW7$pf!_X(#z zSE{0&X2mYD+($ttGO4xP6mn9DRlqOcLvxZrr1AhccPF>A&s#lyiaU^na`M zykh^++F8nfkMk@*|3Avb)q2@^9r|Qshuyjk0T9VQ%V%P~%=#T!yl59gebIEnQZ-YpCPC4%=E$yJPbCwxI3&ugG}2x!9TJ zYjt-^wgz04lQH?~`{mGA*BZeF&sa)>LdS-$a8E530-*T7to~)Of({;o;?;NIPUKrP zi>$M-RlWa|mAwg}QaFU%+hf!>3vIAhiwhcY6_>QIr+67QMO9PU?fSSkb-T|V)MWS9 zAxT3LbaM2XwI>Ub#&Umrzx$(z#zo&)T!=l4Kv@*=d>g;Zb@t(j0=sCbP~+rbwS=`_fJLV`V)G{>z#m z6~y&QPYa#4tomgzcFpp@nLLx)VX@8fnc&JtTRwv<`Cn$%D#M?td@mAoMRD^8U&d4aow~i8h&v#e4VWmX5B|J7h`=wKFeswjWS%vMYp}d{aj?*2TFqXZORdrc3k)6cVQ^vAiIZf->yPur78mN;FqDyvb4TTN(PN7GHFX`C4<;P~b*MVtm+=U>vsnJa6txgUXnH@2Xv`SfYe>Eb^?$7Uaoc_%9MKAx=qwuSlL%9C7MvGc`3J zV=?Wqo~OS}V@wn6iSdF+**fQWwXVZ#5XK5>&4Ws$cp__H|h%Ic>i z|0tW|nYGaJ_y+zOv5ekHY^g;7tsqFl{y?b*R8q2n3G`w(P-cS)59Yj}p530sQ{+4u z4a`08v)sv~oo3-fF3VWUp$+a=%S&p(Qj#sysy2(mDcK{=)yJX@KM=AgifxT>L4?uL z&b={3H&ooXwF@Zo%5W}Q#Afxb*D;5UT*+$a>0!hjOX^ah4W=-EgmuKVg z9I!4g^!fMF=ZxW5i5jYt+=DSN2=J&6OS0Ws}Mz4~gB(q8ykDKgi-}yV;z<>3NL4QO1 zqkr`%wP;$0TdjeihDe1QFba=3T!?$93wllqvx|93XGUY7j7wqCs4T<-rz zc^W$9sNM}aaVv(pbDTZ+4O6%lUjMPGB?}#oSLU2%N!aBZkt}+yu%sc%G#AhQ>Nt%C zoW1?u2Pckmad9yw!^jC}A_Swj8&Y+6EhI`6XFDtZ>1Y45KJF=DEDr*sIaR!<6eew&{m1E-;u-_(u@QoBW;uCbz(4HD|nHR zvvjTDSZ6W+g+>vBPb`fBR|3&!z)_qTLC|rmw7Dw33kRa-+yr2fX>2)M55n#Mx+FHC zbnuSsibgDfm|m;(P$DQ|LuLJ&nn{2Rm7MyH^Qy3%g$|J7|Mq6op(IIo-rA*lgUit@ zr4vM{UN(l zN{oob0yV`?FLlUE(Q2XFGrFbjK!;Esr@oaEgerxMT$CKmT52+vE zwttkZkdzFmm?D8B6nZR**tI-SbRvpZ{v7pG8ac=n2_yWb48+yuR#<~ZFkO~VG$0Sc zUXP-|EvH=#{Ms6NHm>T-;$)P4 zYk0ombK~523qNOq2pvgFYc6U@nRh~rSRL4 zuJ*@j1Iwh0WldwlAmjgx(r+vl$e~sj(#jV%VL9s-a&{`i#~xZ`A-`5y#K#rOCp^e7 zWg4p`!+bK&l3_lP$ELHTq<)jhhoQ5RGY38@Hcov0RR@#GLRuLFp8&)B_bjBdwx;55 zFFEFud6pdWi99x;Erh0@CT`ae+Cq%|N5sUbk2#s#F_OPNY98lb|5$BUWxt=}CKB4S zM0&R@4<}FOS(4f(^4O%d9RGbHwH2gxo_O|;i<7m0UMwCX|6)Cl9cW?}0w1tZ6o8x= z>A$0gxt?cgOKEpR<18BM%H4uIeevu9Sc-!7gAY}Z+I^CcP8fw*xTLmE=vh+RC-T_T zwrlNG-^vV`+e0cMQ4nlNB1GFXMB@WfvSjY}t)#twlLleJLWVKAn^#wHfrZplnI(W9alTe!`qK>y{ZiT!&F)LZ}0Q0lU^_`c^t4A5JNS-#*$|82(so z=&TGljwZ}l$YOM}3o}1<^kr3Kavlvh${Y^M#zBPXkPtB+ta5c8j^tKIW?0MIkoEn2q$=dxV%8qPL}`;vC1!5c+L^sTo+ZzWKt2npH9$OJ%Wb@iB zK+fvIV@EkwMVVL%u}|k&3b9Y*u_Yh);~9JVJu%S{&AMD3q43_ z4+YO!(%Gl;Ea~hMd2Bk1k|p;?Nk1h4%|+OOb0BBhQbf@(A|AZx%M(xshZ^<#A%(LW}Pvj{W zwaaZfJ7&xcyw+E5<(M&wOg|nbPJIlatt2$7F}W<|9C1|)mG@*wPe;98_!&8_`LlST zN#VD{Lj6Bh8@fTRQgwY*B~#r(UefWbKqF=$6??p--^cxP>ABZJn!HVzTkyMBt!YEW zz;34r?S>?R5E%*Y4(O0@@udMqg_%byOqI7@+X2YN32h6g!?^DN1Uc_)YZpIV+)7a{ zBL{>WBGx4t4IBXanGBPNwjsb;e#jih3cNU@tCKulHi-i(nu6W3zGIF1Vf@)~GSZ*b ztZXMEeY=^K-`eq8UO+n`iM`gQm+ovkPBMz3V-|(onXuwy_r^eE^T(#5Nq&HGYzP!14DQ!;h{!i>u74bvgj zNgSdva1C@U8xa)PfUo-T9Veijku|FwnGd2e0}^DsE)09}QV{PDqwtc7FJjNo&sjCXYo z;3JDhLt1ngTZf~bMlsiO*TL@QJ;ow+T@}qS2)TfhLogN-+Lh5mdC1~0?iV0-J=bwa zw@W#H#{xPF+&wG_Ll)$jP$t4%=;(x!;8PlA^aCyc5C5Lo*=hJUU7&}bUWbk&_`$4p zk4ZLAN%-_a28EVP0NH8itWifUdZVx$a$Xx?O>Aib8h|r^KsPYJw$-h{*&?$tSc{Qo zXAII#fU8-YmeTC84#%qTOFDi>k|d0gY82X1?@fGP*`_-3T+*?W1nWWxijQGD2?z;4 z>tG1(X>%<@?HW)UU<2C#Fp68m^ z?nJcyumjd&h6V}uI&e0mkcC6aMFZC)#x2!Z;5*QJ9Tozj#SHpkd0( zb0O%pUfTxbSyVp%jIk|geVo(trBo`t{GJjRMfFBa_*NB=3$N5@(`C`dw z$^_>IIy=v4+%?&mZf~8!po1jJN9_B)N*YGvtG3CBs-s08@1350`fze!CHqFD$_+`p;*#{$&k!g}7T9!Ubd76q{UefW@9#M2%utSymO)CbmS22H1 zLz^&}X)W!i;?|$KmjqQR*Z^W&;16eqr+)T16FW;3)9I2cc82X;J*r9erJI{o3)A;S z^_T|G+uU@UCdX5q3FAEdwHD~FrTUvQ|M|=Wx%aWi#P!8BIqC^Q)MIH^uuH~`J*rAH zit=}3a32t#bcaIBJac|!ImE!D2;u9s$W*L4xs zS4u@!s@Ab4gANG-SgG&encm{(q6s0Y4k!jdCvo7zS)QYU6VbZUM6~RQXg$nCw7$YbwCX29N4I~^WO(xKfW&>u9q0YV-ajbC#`0M{ X%V+s~m(TwM00960BE3)z0Ky9ZWKy3o literal 0 HcmV?d00001 diff --git a/assets/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway-1.2.100.tgz b/assets/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway-1.2.100.tgz new file mode 100644 index 0000000000000000000000000000000000000000..24e6579ec5da908bcb0da85fc7c8d7b8c5e2cef6 GIT binary patch literal 9482 zcmV+lCH2}LiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMYMQ`<=PFut$#DbC;gY8NOZ+dvZ5ze(!vAx@TBFfL58GnGm~ zBeiW!WVNQd4e<_nKKoOBk<_~Sf+3lC(2JR1_2rz?r~6#{$n`n(zuL%iZJ%+U*nT*s zm@#{dIKD&k=J5nk?#$6N_}jWqtJP|~JUo>DZ?#(a|F_$RFaFj(cy)Mi@bX3b)r-Hi z+OG~@9sCViYtOjCGh-alzqKAbS01@P$%Dd>aKwEQvW^AdB8~zwc3i}HfE}MST}-(@ z^0C)}2vHtlTH1`_03(L&5KVCh7IBq@BL5?%%qL+7Zrc`$qU6uEv+uMm4>Ong5tl!8 z;a@nIf-6`NMuft#93Q%Gj{z|_QG>&KH8}Vo<0uFuR^W$lB0#VJhM3;^E`~GACO|^? z_v{AK5Od5R3J@O=I<+Q5z(3(UVx4C5?(WV}xHvAETD~iwiCsU76De{93coUzZ-<&b_ z(DeT|AOKJV_9hrp^jkPiyRg{}ViU(h;g|$veN+R_T5^dPnNb%@pkj;_wk0U45s-%> zPN;R8S;|(+`rb_b{8T;*&;MH#%rJY909bJT?;o@a=l`pN_VfAw6wemC#UnHeIH-k| z$LqqgVGAxNJ_DZtf?vC5r?xmd5$D*0ksn~k62rOyq8M%w_0dg$8E^tO7$U?N_P`H0 zfjOB`;CL!dU(6iKQWGB!e(Asn1q_2_O);mw+xr?3$}tr(3V`C@XFe4oiPIUDKlxKM z#vS;5hUQXgWsWC-h#H64SdS!o87I}D(~>`lw;eb-Iy#bnGVIPM?m*+$-moEm3CQ>q z-{PPHy^D+Ui*)wEEC>c9@ZEU_PDXvg2NW|La?6rL?5fkTvl!g$X)2m?G>!%1;^{<- z5Oe0D0MidN=s-9N0#Mjd@^yYWk8lSlnZ;yKNFI|g#4b08ddo1q#q?y*i3c4}A{JQv z-F)fn1>Wi&k3`BP@HT7IWC`cYsCyXoNe>rW?!{$J7aki-Kmzn&vD`hMERIHdD%i zja-+^b0avCee{IJC<>bWSFKh{%^RQ_ zvD@O!p{N<3M3ShkBF3|xvHG)6{wK$C^J;>F2vg?pXf;(}f&6dnzc|dw|NZ^e%a_mc z|0$k7{;O<9#N7#WUW4;dDTA49Y>FDV2Tq2Z`r#Pv zf#Na#`pyqMXf&J7?x)V@-NLB%z^Om&1_3lW4fC&N+7ySL{P*{!)nD;hVgH*=Gl#J4 z;V2;UsW5-b?1cLLf6&@*9pv`^tCueipZEV$JYs+OBf!5Wn>*3Lr5*_1zGa*>D2iC~ zwrzd!L$3pGlZ6+0I`R-loy6ZzC9n-O?~gygxlo=Xryu_;rqohjs~ISYRNMIc$*5wE zYzp_{9Fvwzqjctm7?(xZ6=PBy1-^?|2ZR#IaDd%JH;5hYX1CwL~CDZ{B@ zz?wDP9PvN+_N}Tvb14#bNkg!mY80=Qv_(w46TsF?7P5eh{V+vEDyb=I@h|<7)^^4Y zaWUnrW*j1&kti_iqv8Z|C`YeGZkp1i+03-%%dW<5z!sdG4bCqvyZy_KGTc>PIQuZX zgr9rhQjCP{euGDZVo=Aqkl}hDK%ubMvp#^OkVB7)A9?~5#R*AKIL1|bFk=^`J1wS+ z*bw4h>6=AdDte@U!#(^yBRtc;oNTeKQ~*I(p)LtWNq;XBqAanIG!=%Wl@i|m8;JO*#N$M>r^+<{+cW)7TeG2L3GSalH1U*ZI0*|b6aS< zuiN{toR-sa+KqfGG5zZmPBz^wAY(hgw>YTj8@rQo{c(7kg;mkDKfL-d>|GddKv~=G zD4BLLKgT@vZ#=)iqx?IlI6vd(3!Zmi#xNDl$^jX4hr|DzU%Y)HU?RlW9ig68VDtP* zZhFqtQ{=sj2~);-nFbt<7w}x|&}l>X_6=%TQhT2Q;z}W1vK2GKXFPX>-6#gk117z2 z@<96b&H3Yxig&RhR-lM#lJ&R=q_#|No?|-JI?7ciS1n*q17F@JxCDf)GQLtPLdn;; z&F2xW1w3Ao#Kmf=Wy;ywC_l@SRUdZyOVDQ6?HBqdMz}qrLG~D$a2|D<&Gc}CY*$4o zAs++}y{e;tGK4oFqf-tUgd-?5X>dGK&mQe(jiJ& zq~fR^oWH&5ch7pu9gia)2VUvXDBlbapL7yq!KpZu<0*%O?(w6|E4N~q3UC*P*6IS3 zj9#WmtT3_!u32VH!4{mMFBsU2V&D_RldKczMfGLQ$pkSK2#FA%z!Zn#R~hsK6;X3| zAT1QxdPFD;PtFFXJ-9p_mLRi?;kXe5(WByc_TlnF_jENJ^Y&vcn(JC>u)taqk3m4u zB>A&kqAvilLVK-_aH&UYv5jhXP^luDZK71!#$@m#_{{7+S-bKH6*&AM6c8CAII(b_@P${WShgT?8p$Z}+!KRwrlJ$nYi;umFH88Fp_T5SUeedFGaB!FibHMJq2kbTxP^b(iJW?>BP8BYjpj;KsdUXq721$(24Q5_3=f(lsB=}mv2iZxv z>uS2G25=7nxx=*3f9=pkMv1EqTU0no>Y@a7F@o}NMSZa1F+iveQq+eiHWQ$Lr5Jfp zd;;p%vc#`hLCGqg*FulxB7f$F=F56A>;0JPPg&~1taD&KV5(BrlCfC+} z@}oDOIzniD26a)Tu|z6s78-pO!uF#@pnOy<;bfq1ytpJB`Qw>rl!3GYh~&~m4uW;! zbjDKU_s$laj9|w6a10*@zckMVznE7kwH~?$e1b!HuK1(5_ya=B?+E=Obit7yV0pHH zG3wpKcPDU%m}qh9dqSrpG1h(JVK^osrz8k4h3(`1@lLJTo8CDovWKltljCoFL3WAC0E_Pbzua%*{8hT3LtrqD+TnVhyR6d5XSXWC8;KQ$NiABmudU9$3SfQ5GaoZwjFj z_46Xob%lXc3E=Xc{RLK)RFdP7>K{5qwJDkzzbT(__ZCw$#viyJ`2R(!9?r{_d4%Sd zC<*rHdN&)7^yESkj~Vz`hCM+O`jjB=XB42&#WZVDWy3|AjL;alD|UuWCY(q6OM)+Z zCHL^FAu})Xmzs@HHdjV5P$q$<2qb$1AlVX7#>ED*V8(eo|Kl?;y>aI_g=vjM7dx>m zids*KzMixW=WsD%X6{T8LGd>IJ2#Bj)K7f=uOR>P6;zhi02bZ)#PfzrG@L2|8t=vwp zjmcW2+rPd`POv}r`meD6mC?6GC9p;N|6o5~|D*k?{apX?NuE{pe?z$x+)%3Bn~tny zG)lGM&m;8v3|r}7aX7yNjhnDPzuEt1OQjjaLH5jxC)_iCrDx&(cP2QP`s0vLyzU%} z_Wz6hmxcO&t!MlHNuDhjAkHxjWqm%i&Tu!uA>7RT!1Kc~M9BSu#+W&A**`Xmq?80U z!9f7yfZV7YJU<-o0mT90{w>ylgyeS=de#<%c&zHOZbuZ4{IA%9JD*SB|J!lkJPhVQ zLfKP*1QDhX_#t*I=k4%n$O*;P795l5l!Wl{cnF?PndOXq-jx4U;9Jhke`!p#NB#bP(SG@&u>V_!&-(w9 zJX_k&l`E-?!jh`Ws*p0^@Ybg!oZ^t{1cJ0WGqbFCph!C5Oa(Wzc zX0;vobb0!}@b=<=KW}gGz@t0Xz5}05#PHrs#yCH3Z~4ZbJJx{%pNho#IQRt!1)V=p zq}%81Erp$JY_;3yt4*jqjlSB5*(l8Kx*hAVbh6`>W^t>Bf8oHV4|45#U&X!;$8f9) zeY--}7sT|InMMOAGR#pm#=`7%W6yW^) z?DO^(OFP-RlPx;gai{!TY{z=#z^9Kso1wt}ub7MpyOeR?Ws*~je4-p1N@&iMF9c%q z?eq55Z915p4rY^)T`Zgy!=a(fIaYS8BL_Z-q2&r`er7;tVJLneA%rBf|8;peQ0D6A z?JcZZ$4(h$>((|2ZP9wdc_b}ZwqyO%flsw1)H{HHp{XEuTHEdO_EvTc^T;4u^)c$f z?O5%WV6{-!WS7f2!N!Rp_{Vr_^9eR8rtes7u~(0E3Y9ue28g05=9mh^UGtS4C9ifY z%i7w4pO7>`UN^)hZ@kf){--8-BVKR8Wf`L{+S45?cGG{E-C&moI)WR=b;mfw)OTY; z2yA;q$O#SsDIdAd!K z4yQ}Q>tgOn+1gB<`s_%0c^1}%hGN;}@^-eJCOT#?0NZAmL&;^n*T43L@!P7Lz1K;` zU&xG{zmi@_lHKc{P6oG!(Dghq;Tx#oips;c^Zy9l6VJeF8P(73FH=@F-k5?^Z8m8+ zs4qAu(z4u++Y|e3Pwcx&LJJ*4oE}9vuN9HxXwfzcOi_r&m^$!|Q1CEEejsz2R2rx_ zOh^cxKN?{w)S2|)(kTpV4;aR=D3&j})SdVoyL?9R=k3)#jnKRa$W3#K7{|2f5tlWQ zF`6^=b{xfk1B#{NmH8YqK|Bm25(MN<8f4~6KoqB0s3VDHoIbL=PG{1xV_7!z!ZcfK zcULuvFU+)^1E;mS3qFfE6nnWYauKAYj5{4TUo#!Vk_d!U(%C1*akK0B8oGlMK?58Lg;bDiclTY@f>p{Oy_Y+?yW+4oR)Pna z&}u0pctHSX3@U_-%Gec<$AZMzJSmg8WI9Em*RhPGydO>4{Yqxig1E&rPEQsjzM0o! zRKN#CzO9#-!99#Aj$oM;&2LOH|r}?L!CU~iH_RCSKkh+PPSv+uc{(4iY=&qRG56AM1 zAXGq?67*Af()yCH2%;E(>^Nd0WhCb6W?|#a>h`CSzU%3^)$(=^Jd)d9;skf#Bvc1F z{whrY=?=t*>3ae`({~AcW$Rxr(pat~qoqoV(MKHu*G_Re{~*Ux3|8`w&1r`}mU_6i zqC&p6yeeL|TPocfW!t1ur>xr_m7O-l{?oaw8{`??mzOcTdWL^2hDyPDbk?c0DK_I+ zYP{Kur%Q2)&^e}P4tGKlb0StrazYFx7*NVJ{etIG6+<&V5mL=n&MoA+(tAn7OvrGS zD%GXh0i~G?ac~jCN}3Bn>(*$3luQ=_=|HSb$x9KkeQ_wnz(X9xHy(t9r~%coE=e6= z3Re`SfC*}e#rNQvW5%xpU=g0G?SV3I8_i^sy<{zx(fKq~`BOWFj0ddlP6XJtfYbyL zZ21aec)+rxqLwi-iX;#^lTQEF(pDHJ#z}A|6rehXq|XxnxgvP2pqECOo?9(q#bH)W zv+pff|4QfIqlnJEx;r4BTAyX^<7>gFrOdssdwTuj0fQu0uU;EB*eZvsVC>^HIr=Za zIa$g1mt1mF7g#;U(|EIbFe#PsLJ(?xOIp_)!X8#J8X=})P_Y@Cyww>5sf&?Sn^&*@ST0dH{NV6*+2;?^Vm0|`Nhgu4MZvimKs1}$*WJSrrx9xp>SQff36+Nl2pk}YnYBD zSs;7G^`oxw%q*J51xp=rnZp=I&23wgbxzhd2A%Qd&GhIG(0;F18vQ^IjDPyBK?z@qnD5SoMx z*vy>>b}`SB&`Zw`nI>=%kJ6Q+2tL0|2I|Uz(&Jc_xA-EbRhK4BB{@+)6Y|9mM`MK35==3MnnGDidXgNa zs*=4MZ?YNU>6PSHQaB(VnWc@BV zokUfuE%1P<*UJ__t$_x(UkmC?rQYk9MMp}dQoajWDo}dAq$-dDG|j7Ipv(D>F9yfr ztO`RMs3TUfnJlubIPl^_$@W^f^hN>QYqLkctQ@cm58ce+({cZJ&2&k9+fOY-RVssA zym}uNK(b0p;i-!9W>FLyIrh3V&2}h6!CXcLQ0N(r zn{i2-F-6hDneb__Q%b<>%4OB>q98LRS&rBqX8t&o3Kl2AoGaZD8+j@Oq}a@El*Ezm z0qWV~VK9`?t0;HxL6n<+md zSl(?p9Qx<$Q@|XjmOV=7V}1$k+8880K&5A;s1H5*mbiz1wvLJl?i%CNaYyC@ZP%*( zP-#fhA`PAl|9kl7;o-q1#;HTzEEAb5y{tA!!i?K2RiLE8#!2iDOkC`+ebn077>VxT zpw-^M;@>aAo@LQr1N)&yUq&}Jga17ov^TN(wb+{}cgfm!VTvMwg*@D3&427A8Qkh4 zB{DTHamE(Xl-WapE~u-IfPCSbn%Ab!;Y=;5KLRAb6=iM`0#P-2%tUHf&{`Ch$E$G0_WxNAh{0tC{IDRUvHG6 zC6|64s_0uwP1Mw{qzwMYUE>l!jL%R#WSlzur3oA#?ETy|2@`og4O~Cc6XUDHI_r;9 zg>UvtU#V+L>oV^z2FL3BD#bqV8OIX;?f9@`m~%fI?`#5h`Q@{Rk5h$v{yS%hI6KiV zmPdc%k3xRqnoQ<%Xl46+IJ@}`yBtu!F%4CjJ?U{voVyzRM7NPCSc+UxQjr6E4~N|6 za~M%H#nOQ%M!>h2&Pj-2dpJ0G_pY}C>Vr{PAL4qL0*n072zQ!IeQn$ch>L<|$eQLR zYBJO`4w2a1Vk6g;x6-l{tIX>%=8f~iaFT~a==wjyigEa%=R!TRXv=;$FxFM+x`&T^r>o~*3FVzi{z7b7MJa(Oy@I9LmShF^Od znWPr`_@m32GfsVmnT#MH~)qbx3{4~$j;v!**ZfRNF5I)I&mSi#SY}ayipu;*irh zM8pr%x>SDXlBsz$Q{A0(W#nCZ+c_lxGioI$b=JJ>al+Ltl?c-jp;HFBq>mgSAjpFo z`Ar}{9A~bkd^#TdvTR6D6&u+}E7X1ZxJqXg_}i-}cAKY~#qpJ8$|V*7`3_1FMA!!&K9=|{P4>IirdxY5~lUJt)04BCV4KC z6-m+%wj)7)E+_UUDkr8ZY9fvTGJcGjn)O99i}%@+l9}!VyI;tRug3kE%(@-tPgFzy z&-^UZ|9+ogrXt?+RloZaKlS?G{{E|%`R{+V4i28{|3Ar-EUyq+VowVZ-bqs(El4zo z-D#JSMPdoN9M?m%ORx%!fjE|yiSuNF%beNPKS51C;ZcZub6p=~4n z{A3p5F(tF80}Z2U?@&3uStEm{4sOc0LN%t03*llS+R(~JqkwHeYl$yn#pRyz`iK~U zO~~DqKT19&oursH3}oVg$}uTs1h0h863Na6tiD1}Z=+j=h+~hTB76tR-^C0}Zl%rA@F+FgqMVq{(TwJ9UQ&iTbLOxAoB|5a0#W6W$OQ==?K~7Guny|7q zF^1j#N~-ZjaxyB&qF~7}#mf0B)tM-bRrzxTik958*nl~eyBcHCEi++-NtJ8l*Vt6K zrb}VDgjoeyyDGWQQjJO0yjlmWOaNQN?vMJ{4I~1S@?{^ zAEJ)KVMev0TOZ{^pblInXrqwu38rz+JzXGK9Hf^QA9{On36U_ag(#~pNg62+@t(ez zBlV&^{VfLhDQ!OlHoIZ?_nFv)BOeEzsY8?z2)2d#Kc!C^`D_l6+%;DcBp-@@0Piw>Hf2{7S1Qg|m&C9m!;Z9Pl(i8wm ziOTq8A_B?)7lU3(cYU>7P&N3(e{CfbR24Q`{T>nztGlX#v6S!fCcryo;=(D2ivk%R zWI<+2)2+gWkODR|s*dVfgnHmu1}r#PvN&x-BQGhaw@4eC`e8@aG8BKHuN^qpfA#WJ zif1kko~?#x%u=Pr!QcPB%+{!I&&5g}Y;z(R4SyA^J7lWY~|ZAnyYiNnqY z$r&v{$~1vptL(OqaSA2DiE@`$_H~7` zD+~E@=;^%E74rxVot6Q6Zr+c{kPiWDnf;J}baZrdR0)q}oreGu-!)m@=_W6IRDxuT zw-Btn*GyhciJfNscjx+_`kIRVOHQxDc zVQyr3R8em|NM&qo0PMZ{ciXnoDB7R(S76EKuEbrEEZcFDYVY=5MOIRM^+QKe`Z!s= z4n#r{K2rn>fOhmX{ol{R03bn%lqf%v?7ht&5{txRW-yo;3Nh~P~MW=?4hb0c!yyamj1Ja`G zz$0AJ86|!PMVQNw@WNu81OyAx4Dph5&~~n>;fVf1xS%ZTpqs-Qj-uq}Ve3`v=vB=p z!s9fO@UDw~BEb@QiWkw0anyq@Q1`Tldc)t4>c+k^y`f&x8{%;o(r{iw2n!^rPdv<9 zwFOhaE~Jb^=iuP>_O_(~Z+UE4qn_&5e&qPJHK%eBPh&y2!h?iTl{?T?%zw=V36@QO zQXI?|%?QtlI8aTsqHtbYVj4$_=tv*p%sfcl4KbLSQ62y z)%K7VeWXh~CrEXNX($j4b>ozUC?v!uzG`Vkq_+U!55;TnZwLJu;}s~bH94j5F{pG7 zk6Z2L$*b0JyB5VkFk}JsRvk2$T`)Q1M37J_P^h;HD1)8>#iO3mrduIeCv3+kKZHub zLWq+;W6G6EmOLi4+H$^>KS>!48J8XOefw2AeJ9Mz7cY)$dx%9O6bm|&YTyKs3V789 zqBE^q1yUn6B{ZBPpF{y$!APOYh=gOPNWvS+S-4dCua>meK{Ff(QrknJxWG#yBJ2^> ziChpAaWbPHfwk06PK<^@EQA-SF0VPYJGDI&P>+NH8j2OqV9z6wgi4a|r9f=vwqT0a z%>QZ(bd3%QS#8f+2E70aVSxiJY1=!Q5LQ#?jAsc8%2^|A$7` zG(;ryBSyoF3B;y?@Ebg(0hKF6K1Pg7!WA4t&OWYGyJJ1lmlx_^66(qL(_}I{%G*+^ zDe4h4=PZsC+t27c=Gs84DQnDKM*LL zTCIC}J|85`ZqV7T^5^Xt*ecDr3esC#;@%XClA-_USQ_>j|3LM=9@;h1=w zz|ScT{a>js7iVVh4M#d(0IJ^b-C7AR`q*P!nLM?Ad3K?laud` z;ithp(RtC^$g!|_6%O(*rzgJ^9{Ag4GCrGcgb-mu$L@yidwL6p1iEpJnqAE zAIx-t2I|E^vgOFgty40iA%*4;x}`yYLMD}BqoI&E2#DWOW3GP~8NH_@tRrw6O5B7S z8g|?DNkEih^<%E&vRY%9cP*`jZ}BP*!@i;&>3p|qCHB9f!eax zq$!;gj+CvxO9c`LlCNF&7-{`Kq9ty;mKVfA65a}!hl6@nGUz31(o*QJ{r#l}>k*!v z=D$b1D`gz-=nLF9{|}E|9=}|h|KAdfzM@d5UOSG!DKE8SvPZR%`SzLo*)Iom%&b|*6#R2$12=B2VURnY) z4ROa%#Vm)FK<^;6*oO@;^<=iz>b;nA5=v7majA_?>!$dBjV~{TSS~uKrGbI}NT$nk zA_Sh3s(qTiOs&lw#o}t2w0?sF>cgOGlvzZ=?r`wS@z`6CCAL0*h_i@rnfM`qkY>#7 zQ&dJhW}KRK7_(n3a+q_x%6*}dEZ2&ccVxiQE;onI@=u0z&n_H)rKu~BTwnf|OonpCf`HvBNcB!k8L{2xTXfO?ZGxJpZ-CJ5b`2P8i6>Yu=v$$yCA@vk|}6la7@b$ghQCEw+rem)Yp=U zx>=SOJhx4sb#%=bHN`5F_#;Xi(2_;l^};YJUt$UHnm7o{!U`vYPYLv>nzYCa=gaTE zKP*QTHejk^*@eMWU_!Nqp>{ezTBhC*m?FvEP7XJ-JvJvH;Yu*v7grL-%MN;9@1OTa zZ~GU$-|G!j@1FHX6ZJ=LG?)x}-81!fe>A!rsXu=0jxGilZ`Gd{myhL*o9?!8dQ_TQM zj%PFKAu3XF{eT>JcvL7*G=O^E=&4?r54B*B3`K;i`DAqqCqhX|Hd~jpum>9IiRh!} z?=DXJZ}wZLf+$i?H$+fFZCQDhJtW;wU9EpS`h3Lo_^21-8!aqk8vJHYmJ#Mrewyr+b5n$U4WA)z#gg6g(<4L z;6ymU;vjGuvp+MP>zCVmaRIaqc>yJ%42Td{H&J*+LXY{R^h4F2a+Q5j(yIQDLrTzH zM#qrJt&|Q~_N}F%dTWSmU-=X-i6V5-$w}f8_0*qgxClHdD z&xzd8kU%Adglh{a$sJ*ym=8)N5h0Zg&xwdwD2TIuc~E(NR3^`t%%`*M>yLZj4NC}P zH%W#xgXv%>mk1T*x=SmpH&|>}J_?uz;<14s@&-#}hF|0gYSMikn{62fl12e(GS7=S z2|d!(M6XKev5tBxk)WLpyccH1AIVvwBS1 zMAnqj69$~{sXZZ5cYz{ZmF0_iy1^}82_z)Mg(b_$I(Py7=gUU8Ur%+gGNuV9sJ^T_ z+^(0Is{iTAtdYT*CNr4!0>Xxf50MBJ!BPv4dRU|ND4V4MJN+@yW4T_B=UOpB$@C zj@2i}>euO5-M-BJ%#PQL{=A3lRjc-@1N%;`!IjOz;ElFyS1d-iSX*r)(_m(CW$a)5 z1J+|&if=XOwj-dPm~UXr0vtwX2tZdX>B7znVBY{7s>*k$@;pP%kTmsPchh4&*#*6y zCX-?61TbNgs*wi7bdryFsn)?q?REnlw~rd=Mf*hq5$RPzm4=ec;n42}Txm#`YO3k8 z0UL>;3!aoNA~F==1dC0gcAXfG#ga2obX!0Y+kX1#iwwOZ31VJ2>rp!MmC>>Dq>V7w zKE(BTYnnwlx6>of+=Y};Gs3HYVZW(KdB@QO?dc*Ul)l6w<2w902Dbp|vcV1+iyllg z3u4yMc03J5BF?1thnVO|8VX6UuQYN+hlJrCm_Q8CN9UVuKInDoRQJcGn{bNy>1r6U z@Zou8gX@_SQQgg6K`+B;Bekr8{S9SOhI&nprYqzHOsLU&+@bUN1G2MfEGw(1T(DRI zpDSGO+T4$Y6@8C`pP2?bZ)9&_PG_wd3k|HVr1+AC#9iv-WO(Y&-!Ak1jkdu5jds8< zht)T~AKgcp_iue(CuMeG6%&DlDD`=e3NoDvw>4@%;%6(zaaO7Q%#lOr^{ zR?E3UeJpW-q<>)lCq(7$==U^`Z442u<|#TpDkuRBQ~=3FX=t}rvLV180!Hf+pwZ0> zwNlsKI@sxtZoX6h#{moH5bVI>X#f!dOY9Xc<~L5k`%S-x8;auDw#gNmh5Q%mT+FH% z1wyj*iiKbv1z)alj#fmW*e~u*P`o4!DBLhG=Vnuc<<~ixh5*=O&80_Vz38C;zc1&F zp%+C@Z-F`XB;jUD#$%z7RK}pb6~Ib;gX6S}87m-FkrxZOP!nW{*R0*IfDy+Qwtqoh z6b}gdecADh3NTBbUz1e>s_ml)Q=aS%ve>Gr1ahW$NWLsW(^nX;~~$!ZId6LYLVM>M)2ei}`M%Sx%s8;x!g@I8}v1Cjx zvLH;;62=LhG!1E%Sh`>3=ZA0uFWSlW`rT+e`Tber+4%hOa`IDdf*JlISH=GO3hjfN zI`vyW8}&~IqkeB<-VHA=PS+-NmPDtVMLJVmev?Na^3fy2PuO2H5cH#q^YUG;MjD!8 zirQcg=D4xmjm{E>ZPKLqAs6Vy(f8oY^uaGto zpqXhPB3>(DX6Qge`paNgD}d1=(ltov&%VXeY1uMp%i{#N3)G^-%jom0;L;gdRqz#A zbftxXiFejebt4z_flf$pmD|s88DLZMkL!xTv0QxR36V;jF$wIejC^rX%E_6u#zW^q zLjNfO=U>1jbLYH7pUoko`0y&??1uVqFUuwzyRlp#orBOsl4@%V8bL`T4SoKE>)fZB zCW63m!YM%@n#)!|J0P5ABh#?S+O7>Zm~R2e!lxj@aP*pbYA!<8ckz`}UX5$!(1slq z2_Ox$z?L!ea#q=~GXjTVeKcJexQzfQ^TKCFzOW2a?No!b>re_nPy!x;gP8k?m!8_I z7STwBh;_>JO-~lI0eCRv%AI8p;Km^2?V5zzePK$@n66GEYS1+5-dc&k}3L`toDIX{_EF?^LnDN+gF-M-=09X1!q>q z3&%cH?6w{GvS&vF!AB`f`(lNs&`pR>B?U{Z6LCKH|qQu6TWgn z@;A`u%c5Uc8XWgmkT>_rpH>s4+KUg4SS5dz@UjUhATn23zlesAry@Y7ub&lloj5!S zyVMp}tw5od95c?U%&x0mid}0vDCDxX3mnOtm4vl=tGSL7$(oq?1zRO$uHP!!YSWg; zIymc_9(tR@?r*eE87!zWYgb_FYEh{h_e4HFJm_9~B-Q2Bxv?%r`oEZ$V36>MQP|lfPKRkIZAJdWGZazfB`(p?Hf`*;J ztwcq$2fdFtlgwk8gOFv~$(Fr?FA%OYtv3+-u@=^yrRUIeldfDXpJj#C&H65H<&B=c zT^6M~xD9j}nY>PLJ=^fN^gIH*nNY%;hvtGl2&T-!1GiZf0#tmQH$A|c|6mX7es^+m zoDH9JZnE1UmrE9Rw+)0PTse_M`dh0;peDLt(pfnH4U}1#R~<_l4nQxgA+phDq`7i^ zJ-^vDia4?NZ_^JO$3ve3U3=YJkEu^a{f~7`m?@qiZho&AghqEm zxKtt1xsWF#dQ2)SyKc5qx`QsY+z45;A!?3JO4StU z{B0Uv)!RJQ8yKf33aSA{Z<$}DikHhYRNc|#N-RTX+sJkg*H%Z+y^W3HWk5MPCe8|K zZHIq*UZB!NMW#^s0>gbO7*1vABvrqTF)@si-ppJLo41e?Ey(kkNtRI>Gma|nN5UE+ z=HzOF#3%>vogm7zjyZwjeQ{`L>OTWCaPN+g5ppmT8GlN%B!qBeczxh}SYh%+$N4niV@hXcZ!A(fmpaYPSDcyM^s zY9C~JJAkY}Qyk#Xqv8A@m>Qs*zw}mq5ai&jM$3(I)IPhY;(P}cT-t_P!5MhZQQLGu zeSYBn@u&j_J7NbeYS|zElB2dMKj4EH3_6ojn#ik2V`nO;<(0L3wii|dy{YszVVG&4 z+V)#-fy238Ity<>mPFsLu3A#k4_X92ISuFN-RMlIPF%Jks3HMfic~xc!-Uj6q%`u~ zX3Wnd#ABge*H#5{!`#mgbTvr3rk-7^r|`ybqQ#K}Ha$?%!<|93X`^}@GA|Ze?@7Wb z4-Rh#onTSB6Ku2>?AlO~prB9qNXh9mmRpYGY__s0gFk>NgRvJh-I98J}_#%qBgorO20X zlzu9NuWVcb;BZxJY@@t-j<8&mxy7=!GelmBN@YF9t|_Tj7UCX%4fr8vBuFGp6R@&8A;zn=P6Bb5F}bdG|@yKVp+>2qD*l(^&%HIM2Ap((;#dUl=`V0Us=I# zl3N;U^nJBp2t*MX8mPA*-nB`l5BoEEpATEwG495^H}&QkP;E2&Rh{FO2QD@SN$gCB zQeuE=FO*mf^b_GEO9q2_#-FfVzU@i@R8^3;M5r`rHxL4Lc$!G2ysjk+h#DZmb`()^ z)a466-nFBXLYz5%qn8FcB^umlv}TwWKa~XMgW$6$8wrrEdAV8z_K@wwLsj-7ib1zd zqBl4Y1oqjJ<1gBjRBJOD-ViQ{-$H{H$sC=5Aq!b$Ml1EdW}l1!1?*gAHI>w{?7U+& z7^-b`H2%MAOYWzi`wKeYDjfPqC%M%kuY%x4JBzN(@ono^-FN=$6`z{vj#-rCIjk~G zKD)5hYI9xMeyt+50A35mS1CdZ;Qe=&p=r@nlI}bW?jlpQ&*v_ZRoA?ueASh=NLgns z{#fgY|D8SNDA0fG(qfGgcU3plRZTTDvy(h2!fCU1vFRkWz@frTCz*+!#o?;jM69Tb z?v0lfk$r9DS1|;tYn}&#&a5vLoqwWK*@C%xn-B`UvKy<`x(>)PnEXs2=*6Ls|EwNW{ccUlB} zjk?I7_@s;;RT-g5X(P~mHjW@;iteLO9g%ql4KK%&1{%JbG?2~-fr#|B$m`s0>7&8F zDM(NJLudGMf^u`AxFl@GP8{yRlK2!Kq%Ab{_G2sZXGQpKx`uG8YRm;rWY6Yk9pP`# zZW1LV&UZ3`cemv_KecCk^HgHS+GX^ z@dR~;gAQCHCJqb|2mdsul71{Xw6q7ACg7HBT~HtqM`~H1lU@U>mJ&aI&Bz{d&iLF| z>wgdRvA3{A?W`ano(9A}@Tq`5RBvioqJ&m}=dGkNJYb{w9VB^7k}sE`-bQ6M*N^Q2 zI3SbZNAHa>j^|0KqzCgpX?zb6DiLV!G$v*#H4ChW zo=itdQ0Z&B_!83MK#O=uf*$OpB!DO)x6tn_=4pQ1B@XEf?zvJkTFpAmo?7~)y`Cn$ z>Pe~Xd5h|TaS2?huc*>5(#vioGh%U-={rSUBb&5hnbYHbZT&FaUj8(lLO!vaFc8sJ z3Fk%&+8kCIyGOXE!s9F)=gOirJ*qTNDqX*MdbCn#deO(GG7+2RdYq=>JkElE@B>Mf zQGg{82d41#D*+Wu+13g#gH3(3+wJyuFJ8d^?RGo&|KUmdW&4}MB2ce+~k~LSp_+``&%!k^2{UvgTMM4sNXFl}em~li1GiCnk!>q#^@>qce`# zDT$*fTT@x#kkiv_dRtC2EjYa*RMfM6A7nZy>;_)vtuR-z80SIP^H>~$5X>|IEYDeB z)uq{8%ACq+mIA0Ax&%w3{?}iLy$G++-+$Nh#fEVZ48b7mAg6qkyw+xAA|Z(vb1GMG z0QO^k1sQRALjy9;8Bqu_;@-H0EdurayR&XCzbyo0XP^(LM?yhb`j(L#8c9<>zkA&u zUGyjY@zta|{`qQfTHJ6wZ%lVj&&`dfNmpPb^1(2RebUw0_-ZgLY~6u+Q?sAYpE1)m zyJLV?g=@&TEQf4(Ihx!VHfXvSx`N)$-=0sdews{%l{#I{m+~hmqkJEm8m@+pZCMn7 zUqaFD>3Qk+UW~5*f^mQJOMkQrF?Fk(k+ZG88C<;WkFJKJ!NpDk);&FcL&G`YVCHY{ z>@fz&G<(nCDPrKux8upE-#x$TU7nrwdy~u2j&p5o2pk^Xn=lly8wxA9DGvQx>L({= z^+Yg6tm72w4S&-vy6)+D!(1?y)U_<8O#0`Q=KelnY*khas^eM@IakxR|XT`t5v6Qd(i@)V4R)UNb zJnzQ+(Knz*(nT&9K@~-&$dFUn`#Io}M3^x$q&66Uh3215wOt z0h`m%G?BqXKi6c{fm?mxKAv(shu!h`Umnj03vtW1U#yC6SP(DCxw0g4i_|7ss<+x@ za^OWDVO#5~e*H?+OSSuHe|UEJ`+5Ija&>-r+AoH5JUH$5x}!2U`xo8UXZ@@5%ZtI}ax}Pj zTinX;S>fuopd?j6rGhEEX$B|!3G*%YahotvU?@TI>*c6uLGj?AWahgwhXOVqa`tgm zZjhZ_z8#J(fBStKJ0vYtweyFUr@(I2WGQTe6v|Q80dTV(w*wWmtVynxE*TUH(RkSH zeJQYDKIKO#y$<2s=&WR@(lS>u54Osae3SL!!NPpLrU9Bw9h0!cQ4THD{)hww3(`u3 z!{2`^A>Z_<=TyvLX#5Sm01J^P7D<06MF$d>zb^JKj`xm z3E1wp6n59_$+!CV-<{I$N#hQAU<;>~QxDo>ZGu}%+||a#Tgy6(6K8SyIq?QJ_1=-$ z^}xOdyBMw<|DtsK?fbTVNXC0N|s1j!mRI}RN~3> zvV-wjYw6Bz(;=7sZFH&rQKo!r?m&L&eXFPEVV>Rgf35wwb;~#NY~KHEA02*ooZJ6B zZnsaK_J2ReQ>aLFaLGB2N>pifEmEXVHCL@OQ_VJZcKP0e2XJsKvl_d5P9 z>-I`IaOzETwU#cwzC$DMG71!hvD~3Gx0Y?oYAbg$oN#E9hF%c+1l4hfgO#M7Xz8zY z)XIY->5>S-oyeRu<0AzvEezH~iq?`yPCdu)-AFH|8B?*8UI;Cjze78!^m;2e_Nffm z{0;ynRZBr6HzeaSuG+G$SJJHHI28I&q^QJ$ZiP}%Hw~>@-wy7R>F{+vJL!K|3tu@q zDAnwME&9KG`0^;H|6iOOJ?a0?@{}y3Jx;P=Uuzx_y$-pI@SicMrKPNcrh}&8#cF!= zy;=JjXNmLrOJn}@e6#EP=Tq$MX8OakW&Xc7IeeL$|A#M6zI&SgpW`tGzdqtHVgbpx zRbaqzEEkN^|AE-a{3)G{p`mHmWOBVn6XA%yUJ?lMknmORH}p-fH-t~2$2pOzXg~%0e+xP5{(#dg#$_Z9^q~wmqd;4Tgw@$w^;RbH=z1q300O@3s!dPgW5@XAJwVZ7XoxkbIO%83au~ z6oo^-M!p=xrbvQolpwc5Tlq!`38n^Um&Uclop0KMq(Vh)q{rOqje1DrE#uc}Ii_b* zQ4cBeRDu6tyWExhMd$d6I?zW!>?=PxPj+V}1f zGFjKpBB>8be!2zK(mS9_s=wL`pW#P(AJ}IB+m3S?^v-t|3Fmc+i}Nx;$$6JzR>E94 z1WS2sGlDlXsyyM%Y;B;r4~I32dIOMCom9ftI}MrM;aJnVuW9Hj(fT;*mj%RZa$58@ zv|h8v&s?)$WBW#*icYPGGCMBjK*i?T?)A>)yAM?fQ(=eDLRFD^)!>6}zqC2G^Hah8 zAN9MZ=l#~wziS_x?f)0Y?fm-x@a2ma$4~bE=Xmz=LG@s{nRf%t3~;rcW(LILFr?ue zk~`|i&{nNB2oXl_e@nP=Q9rF6#U{;2P>gm8^p+_Pq4wPM`ENF3{ zOnmiElieseLv9cDTWGQ%c@oo5NM$Bxl69yiP?D$!?D7l7<)S%ev0Na@@oYvtn*wS{ zJ3L;T9(D#Q`3S$C(!hf}Y1@Ifmy!gQ$-vexZMBjcpSVoLX9LmnO-`0Mt{Rqrf z&$dxlT!zsShd!2!uMp<*SXp-v>?0N|4j?Cn>RmEaUlCDPf0#&V#S@b7WtwI{lg4&Z z0}dG|H2fHR{EjOa}^_tAU4%~#^1_e0K>L@r1y6a~1NBE^tFRMA0{6mK$9d>@kYDlK)3LzqKK^lK@t zw-R$x$Fjet*xXCZ8n>h5H!ZvAK698x}>7|7Vj9801S-7aWAGRz6=-9o+chHYNGSlDZwpi#4- z;>avL-yr1%TPk_qQ94QMHzjpE8CV2N({r^-ryj!o5;k>EvpM5z*$k*890xzx&72?p ziT!2M{`xUr%)+9J*loXn z(qa!`h`5IY-nakw;h*jcwG{p_W1L(tNvvJ+dX=1TO3^b=3WK5=KN9*%D34xudmD{! z>@R6}kZ}OO=G4JHQY&^n@6=yts@*E0RjVmgW|$5Qf{PFAaw)Ovksm`6AnGVgZMN*8 zqg|O-b=^1GshE@BpMP;BW;2cHK{huLm{Bw9rySM_Eu)S_qP5|8c|l>jd`m4IxlmS3 z0-E|Q67BD(we1;DHxq<}2e1(s5y~w>-w>+6< zYSHPRsazp*l0^NlOfniuuqK@z9bz%i_Wh>tyryKJx!vZ?(GvrtfwA+?#LM|( zr!4o4#ryN?y$1T=XuXC>msV)?d=~a8S(ZPE)hDs~?;=)<$yIeqRFR&8gbW^AMl6K% zjbNx{@GxJ@l{cnJ2mCDeatAvJ$GzyIUjDg_uA6{&o^|`^Ii1*d5lqXQVg#18_u&jeA6A--YM z*Ioo4ON;_01mO6gAWg8wPtA@Gt=!_tT`A)^rXl!TW|#)Zk4b7e5Mi(5S0rhnb9_xu zR`5)*ca7o*(&Cq(3j#YJI8^0;wo@`=TxsGaO##`79rVhJ6PUdi&B!exAMr9$%QQAa z3wCSs8Eg5jc|s@BR#l<^67eQEn**Qlj+#BtMpG5v(U<5dKm$rsjmo~cio#HJ3FNRm zgl+ItW3$WU!-o$!XG?R2{^@bQX}W>{${!OEc&a!dNPL885@v;1#~2iD^o9D+LA6>p zR`W(07Z*xCE1JQsl4OX4Gsd+Uss@D>|RN1;4GEPJ&jgX1Ec}Xh1sXy=vmh9q$L?(1W#x_iISANMQhvBCffA8Hbp!I<;C4 z{zyz~*c_6?TZHsaEl)V{V^13soQiA3nAB|VfDl3_}lQj8Ayx8tP=xOPjYY$;=`$Q7HRFf67pVAP?mS)EM zQT0viW3q)lCGwV#P_qYAxg}GVbfRIh@0l5Iuiu*zMF2rUsrLxXJZvCrFZFUVnJdX@ zZlX7L5Eu!stYIQ#PH2b@djHd8GE`(HS048tRBWubyx&0Y&&>Egcz0_J?;8e8!v#T$ znaB}GeWa|N27bJUvx-p7C14e;Uy%zFu=cGWNj0P40WhBI^EE2=w{V#*z z!*Rw9jrR3jQeqW)3(i6%pEK98CGtcK?_k(H&+Hh4{x-{atqv6#t})dW5Q8DYz7MUW zdzdXWkdXG@!)gXOWehJ{UnDqQa3W5ff{+X<6RNa5P{^rnJNNTFVu5ZbmoW}h@#nt` zhWkoFCcOU}`epc=8?9vOQSIh(FV1m0Y}IPNswJZ_Mbb)Uwbs~T>gi&@Q=?O}_DNKz zZO&W-t<&VV*n%|I#DbA?+<01{0^#kw9}T@igufU^OXlm0S4KCPi#vc%^oa}s`^2X6 z^}+0oPFv_QGzOXjKNY5dt>|ah{LZjChLVVgr*vgjnHudTDdEjScNO@H2^CW!J{w}5 z%K7WUIF^PsydkvD+yUjG0Ivu~FH_T7GPJ;<9}pxw5@Jr7Kq6KPMA1mExeDh9Zq9XL z<#5{QyU|$#O#|j#Yctjui7AP7KT3Yjl_)iOZw2fm((E^76!G0sNz=7q|NRu9# z8Nu~bV0~y!bPsju#@>Ls)crKM?W1X-Yo_{J3-&erH(1ku%1~7kF69I52S_kp*N-OG zSO%7g zg$#W{V%(BzdmIGKUx27Z_v|PJ$1p^%HUM%px$UO8T7hm4b&fvE=LXYYj<=pxOm$@ zgNrwp4b!ihl#@}n*Vl{0C4)_i8RJXi$q^#sA(TPP{`GoD>z^~e9A(KQW|EI4lW zY^plPQyNgYO155gr`ZI~PQTZ$gke5?QGH@st}QBa!S-5kxv5+W@EOdKg#O9gbIuNc zOT+O1yPuFxXEOp<$Jv?*Na?Pty@xE-S8z`Nm{F_E4%F0SaWKO|Fpt74gK3-?WJwze zRp8R}>~{un*!VG8LSLb2L)fVk3gKFn${N<*8bt>)Uir+E1;o8zKGE5%kSgIYyc$Ed z1-nlL%rg9~sYI7!{H*tAHSDH7b(spis##XpY3&o*e8o-a{BZfv@gkmDSLAuJ;6%^6 zr|0{*wTV^3d6wQJ0&Pt2qip3T5yuDnpEgm&Tz}%w<>+O*-B#MjqH+$|juf+n5Ob^r zrG6(I4lBCw#A){vx+{STo6lZ1vo@|fb*0-v(AdT?Q`7IOiPK&iSLf!20*Zic*I&)# z4%i$-v0hqtPtP^(4%+Io*`YMMc{0M^> zjuv}TULS@%#K2f3$Aqv{bX3dO^_z# zgIIg6?fKqi-z?55rJ&qolqJRszzM+zP)iwTrlF$MLG^5v**Od2f#e*BbsNvt_A#N|D5CE^x-t>BTtxsr@@B(PuV#BG+|33udP4laud` z6C78@3&>>}+yO3fHH4{)Urpeo&16Zlq1&~rnGOJ3hgNZ!qH!j)vwVQdlWaPj;v3GC zsgxaBD92`|rz(gQWZT@0dtp}Ve4k(_Kp0nb4D&fT@6x$$qbOo_t>eO+opgc|t zRdYb;)A|Xn!OUF`aS}j%*HVTX&}HiIFF1D8Soe7AFc^a3X#Ln!dd9pPKqfIsZ%D9m zQ$px~E%bZ${0w#n(nho=JTYk;=es>V=@!cz%(Od>`fO&c=EQnD@Zo})b=a@)GRT~s zo6yKT)c@WocaM|P6|%iJ9qn7=MP!D>kj&_~l(0Hk#Ji9do$Z{kl*#7$We|LAv-mc+_G)% zD@1lR&_Q*59i_exfQ0c9J|C~V73!# zNCyUVP~ADoVRryjHN9tQvX4W4GyRu>+r>FiKrVK$icip+G8PaVu3?yNTvK5)sabce zUWS1qL2pSX=cj2{ynF57nk4r^vjESx;p$@JgeN563u&%=%R)cg5T=ldb_c4&pP*~* z0#+{T!Zy${(Gccv2xP%AT#~34RltET^L`ijl8B-Vi$i438kc7o3u1l@YbE8Is6M!O zb7}rG@j~Vo1QFHOP);C76>EVKjhOGCduHnFf@wA+Xxl)TZB^qCuog;^;D&H2=?o%( z6dR4lXXr+|yxmc8VvJ0m7FyUZDH{-o?b!z4!^QVx>1sQ#OxIkvQ-+T&-@MtvMVA+b zJ513+NqTwVIN^7WnR4*cby=wDR2q$Z5Y76in3gZxsFk0|P83{^o2k|f+#rFr^;FCB zwIN!jwA1eCxz#>S*_3$aC3tO&L2>y6B2bd)X`bt#^n{*@)jAP|C)nY-~MS zZb!Vly5P0&!Oq zY^+5&2KMvzc5N)O-kZ;ePx}4P0xwe><4PG5z%dith+h zHW;P?H07Z%1r*DfH8!|J1C+*wI(THuILIU)w&0P5)l}fxYJfVSHKmXOqYv|pUK!~1 z5FHnK2+%2(MM)36T;+-&REU+SvV^qIXftlTDVHlR`*(rG4WDr#IxMp;pdTAKGt#wo zfgu-4Q!WlJ`>1d2@v$wtOHaAT85g^glkbkp(R0FMqU@;e*ljj)X7>Si05MJ7AC@J{ zE;ydy8_u3>9ENo;(7A5qj zetn*tyxcHP+&G}>GsOwear-h(!_8i_!7SrDOF}SAe9L`8c3iDLI^EfsRuJs7yOVG| v5U3=m^Q#L8%26*D^;CtJU)s(6^gKOJ&(rhtU8|CFlI;EKplYpzFcJz4 z=s)X+8i>|VN{Pu>>K6yVgPYxmRgK9+ncYH5nVUmiO^xH1y0xXDt%-+?@~u=W50!BIN+rg5-mlS2xFGN)m$8N z$3=tVLU0&@1=fhk@Vc;k#QY8u$W9=(;9Ds$W*ZVRg77MjZ08*>QEEn7yTwj zS|Y@wEII1DVW!>82XT?w88Ku&`U|~hMEB$CPbf24?~xY)4~l(*w9lmN z-KjkMS{1ZYSeSi6F?#hdBtP?G#wL^Q69sAj{qu7_J6c=$`SbMmg8s)h;$#^1-kVI4 zjpT%-%`DTc zDCAcghh@*h{%{QbamW|z(X;Xzb@PI&-rDhv=1>xu|1nwkJTxX(g?I5Pmmo^XnK>2+ zQOXrT#UQq`^AEPcPQONlaNb*fKB{+H;Ee!ShHu{sp@FsMGY#Yuv_s&)UAYDcJLmkj zp7H5)?mF?%+&FZ)X3e*ydzYwGg2dnED0e17;?x6LiyHI=KpMV?2!{+Mr3rv^nr{FP z;xup@?Vn*V_7gZoXR0&*v|b-2qO0OLQ~eF2{J^U1!UO)=i{rCK_{}OmIy8aeY{V%y zI=%=UIg(GXIY?x?bsPIM*349qOD{zLiVoMy^KF^Uo!i6TOKzrE0k3>`?%MHSQNvm_DiE?gB+{9)p;n9w6!w_|VNFvQS01Gp*aeWFOF$g^B4xnxxHE!;+UJQb(8i$p{RsVb zW@b=(vpEjLMNq1!^5HNVepxC^q--bztQdvkDiS5LhCnR-6!dwoO|iZ{6AmX&TYF{K zN+*TR`M^pI_hEkPw)I$eZx!P^zbJ)27Zw>F90cvT8OKX|>E!;kKP)rg$?$`XL5a)`Ak^#b>}y1_KEnX!Np7eT_Mpj z!Eyt8B+&sN?hb;-&V-!KbXaaeL^HptO?_zyvgN4vGk662S+FYRG+1SFqQT=8h0LF9 zfwsOjc}l2RIqqjg}Ne!OFQoFOIxSe3pVt@pXX0quG)E8qHhTs2r5OsG)Ntyn~w<>PZQ@et}8*xF!-Wnq1H&1xp)wEEO(^H zuQDSrFseg3BKU6S`=hs|Y8xxfY&nfO!OeC&RI}S5VG!tLzN=N5&k=Z<1-;v%3l4fDbB1s;?vsfnoM7xe!E8rP8OsJz4+WpWc+&bJrvQ-tz~HRyXYTR zSCjin)zKvL2jKdTK~c#?3v4!bCsbi1RgmK`*7 z@E4XPYo17)v>he+8Hg%0V?rpM_+vlhgQ5&@ z%FM9b?AE(4h?f|r4e@3t;KYZ^bzpSL#F1%+!AI1mnkw~)(LO7cX4i$-=ZLapZkrZVwJWI5wg{4IGB$T#Gq1UqUZxXg>5hrY= zhx~G3C{O$*x4exIPZF%&+)r|}pIC8CDSwBAEY2lvx@jqi`o4k74e$7D)Tfohjlf6t zvub~4Q)GFw0akk-Z@(G;j2-P=x(~teZxe$7bICTx*K_jcuri(4Q@cV@i>Pn}_9KFc zQIZ#imG=jQ=Zo)A9VvzhoK4m9^5XbFkJy`O9Vl(yrCEp`90rB4MeO235eL_AO=KNP z$oEoj&9D9rqyE%Iba==^UuA*Evo0{na2Mt58H!mOMMB>xaKrPBXyfo@{QL~DI?y9m ztT0dVUiz~1P{dI@@(s;J9cEKzeGY8HychO@9PqTAAr*sUF$8CU+FQYnc83bPN16x< zU$~fj(cgwp#!&uYB`$Uc15382?ch}p;AAS81u$plF>4pTN}^6e(|6KS;h2g-um>fG zIT}J?4&A23rr3&9ZJ=xB$dQiekqb5p2r*@qr3*M!b*3!q9d8&4Qf#G&^8BuAGh z*8Y3tP+#NYv@;}JH$1E#!oDzKKdWQhZexIJ^ zefjuX8%6=wJ5eO7BpbIw{=xaUX>CM7h=Cc;)rNPuZ6+Ic1shf1^RD_t$OwyjCez;& zNyW(S@z^55cTJrU+pG!0fVC@ZakBUvH}lFYp1BZq4WvX;YElXDBl-_4F^jQ*sO;t6 zI_Z<*)uOhDdG-(*w_@KIZB(joU?6aG2E@0+)K+3W-kWDSU+u|3xAl;P=<=+RD$4p5 zXxXg>#1E9NVj|bRVhl)kKyo40wV(t7uxNndE`5%x-Zc*HSrT9=5tE@3=aFJZ)amk6 zZxdllc`i$-u~B0PL*nry%aZP%d5*7VdUL|19tHNY2k{13pa*O4N5cs)KNHQ?WLU8= zGd_St5KKH2l4FLjLa5i?{!*T3$dO?a76UUQHCBAYP>S(NW{bRu82w3{lo3sInyY9? z-`D+@N8AC5yg3q0xU1aM@fp1~fmg?E3Pu&1eR`JmAMF-1rUX6!w|jkC$dmXJXA)pA zrcfGXdV`|Dx%pPJ?d;xc{JAn_r3v|=6jXg8m;AFlieEJ<^VOSVws8$T?51J4S@2G{ ztpVMfaWrT+Je?59_OrGH)5R79?}Syt-uJw#>iP0lc6MDR`~x-#W|}>Q)I55E`_Sjubo1EV;;&(JU=oT)< zTh8>~*x-sMC8|yaRDl=k?P5*Sdkl)2?D#&T{_kC*L`{J^FG@zpOy`|~?>jDSLlEo^ zr)hjl6M52m`m0|aAONVY2gfXI&h3S;&^06}v($Y*9ckkqr@MG7Gkl&@fW91QSmgaVd-P|(zU%y~70I+%8w!$C<9}%-MQig4S1!t4nA<*liPNA)2urD4ibSfxo z-Q#+GvgFr%34KY%bIGI`*yZQ1@t&>cIVP|V-sl=n`#J(EML{zpro&}s@W3g?6lzf9 zZwZu%WP$|cI(x~g#~F*SVZ%!(9n?-AR-85CJ{Ck_jiAr~ycM}t(0it291p&s)>UBF zn>DYOycR20#$g5m%x3R|Yo1uBL2(M`Jd$bAMsFI^X1kdYU3f zjIqKX?Ae5O#K!$By4|^X?OVu0qNc)x73;(rFN_AIL+)m@*GLLVp(PQL7EOZq+~-g~yeYX|#WPW<<5mmvC`O#PG+!(J~}yNe6j{^25r! zs0g^*NpYBlB_11Bs^8g&is86{{sFoe85Y@USpDRkC>#}P z-eXQY8vrHpl_~2P%pq4-0SMl6MMFo^EA3_NGgt2Z_&b7r&OZYkTaa_%I@27hHGKaP zDQ+qS=!o;!7l{me(Goa=yZkfmE&Kgye5(7ldF(7+b(5SNB+x~4RB zV!$Uvvvir_9tp?yg{!gD9!*oc2Z<6r+H&~i$^tjs!W-Qj%2Z;qBkZ*$VrjsiyjWH> z_gigVmU*;USe;$@=z5vw-)zT0IhElQ8w$G8&;}Fv=-ZJtX_muO#BQPDQ-_H$6(zUH z%kUnzmEG7T2vLG0#|?M(h7gih=-XsSgCUn5#5l_CWaQJ&Lit0pR>u989_Lm3ZE^AItm9` zv=ft6#S}-B6L)%S7ubP5p@al^QL;YeV|7+}WQjRZ$+T%-H)Oc4w513LFBLn|#oyXa zR^u)b<*xe|+crL`1Nt%&FJA1Mgm=B-O5xfHrz0Jfq5|wVYcVWH(X;C~8Cu=ex+be- zsg-P5{}cwjEGg%fCKwtx~(KARF7vQmVh8O#P&Ax@p^u8yWdE|4X#J$}sPLNOdY zAhbngFgKSrA`@ZT(5WssJHrEyjmb+vSv+_3k1d50vM0b}rKeI@2$L3l_Teg5zeiG> zr&;`>6yUw+Z%FTw3qaL#O0?kC4hIS_H>f&}?&C7;n6s2ml#NL`34CiWa5ebyFV_0U4Is1`u5i(-9^sQE0XW zZuH7ep5`oE5^jfUtkGncaq_=FV2F+f{PK7>%3Sd^G-p3FqQBgSQlM7M1jdamW+|hE z%iB)oC8LW4|G@dJifZeK&si!Ow}DoOb2=x)!HLyqfuvy(fNv>U81mJd5)VJ4C#y;K znZL(WLHy9LDiE0oI6yuJWy0Hs#`7LKE8tE^^ibHun$(OakuaiT3@0g|FVVV(z`Wyf zXM~St*jV~$C`(~~M)kXXvJkS^MFyl8q=BvUB6O!~m zMYHattAqy-oWT7t1O~&|Ok{I7M$^|gm^*rfACVcU(STgvLCCT#ZfhEVF^BblL8JpD zFqO%L?3^OC*JFJ}E)s|)pV3@yrrLiHcNT>Q(gzS)ju|JsGV28^odbPGz{oJmksHD=uwP9NuK91~B@fj{%! z!fh`|`~~hiV{TT0Gce7SFuuGh@H(2M>9N%y1Xw8?RiM*f&vtsRFb;cGOU+CDG&sNW zGybNNzu=wy+&phBv9m9rvWQgbPxT#DA@jhOJktq2xs~936E%D& zZ@P2&UkqSc>U2UEg;^%%Qnkq4L2{{W&ehkRUiipZw9}-N-Ynp8O=(~N_K2a z*kZx&gqK|dM%4vrZ2z2DL(N_3fUN)=+5sisE%SVtw<-d0%yHFBfAN&Kk4bJH=u<+1 z;1%M@$ICaY904&>W6jCXY;g4jiM0+5?q+k!?xnN4vMK4S$!;(9Wx~hq3_E&3Pahj( z=f6{VKTn}N#|ye?Tc(E_5_)x5jfG&5rchW_o#5Iq25L})aNjg9&x$MhjFh*j;IB1h z**wzM^9)Pa4)m|J1R_^V4d`@PML_A!yBi2#SIbtob@XDC z0F)>bnrNh$pW?lr2OJz z%7sv?j~+$u5fvNmvFAwIC`1HSM}oJp(2gtc0(Jv|4W3Q>)xUi(hHqu4Y1^nVrmHLH zNB^9iQUJK>?Fq){8kFC$)>X}$_{FO5 z?@I7bM_is6BKTU=W;5DRksI030Mob?p+YnIuz;c>Kp;$N-d@=#4Yx)WjJDSfrI!Y1 zNxarE&Gzeh2C-wPU3Dnmj-+CtI`DQjt*Uqp|#`5%M z%QoDss(aZnlx7lc#=;HNXaq~A9;Hh=fcwFTx!8X2npu_)UXU|I-SR2Dxg57ml%vp6 z<@wQ(y>K)C;g?Iz1|p|j%H`!lmuZc49%&prTkb0Aa?gVyPFU2$o1TQM)ADwQrnPE2 zIE2Y5B2-zO8CXTpn(5V_8u&;-N!W)0Rm$$>tZI^na9WmdIOY@|R?Y{#NhJCF6xu(u zH@Il&G(zm+CG)%CXzA4i^-H8Jf5hbZ3mP_3&ybUkzu>xByJdo#LgLlMr&{8IyM)3z z`PA#hENzPd9NB5npphp@HEMKDWzeNI*cmfi=?w|XRD@)dcB~(Y_eyNNGStJy2Tn~i z=$rOYnk&ZZ_}QB{1U8^{&Yp@-stJS<=2JQ>Ws}gL$o=W!k9M{@@eW4kNDz=Svf4Mt z>9iwZZLr|CVzET_xABQ`9q8!H?lDS(_QSy~XhU~oF%JWP6{tpr0co2I$0BvrRkIVh{3sYf2j3?k3*T?1|8HCK2qx*)ANu%g5gtZ6dvrV30HNG!|E zQP>^^ifp$l+X4pk{IN1q8}el=$xdI_TW`FWohGR^Buwt(=e*C0HDGC)LP|Phq}~+m zkqtPd&vaPJjf%W;eF|`%9fYGMG$LrRtvQOxHc0AJ6;hJ_%7T#nrD-q9E7{VFu{zK zoVCV=n{$Nea+{7ym8u|TMfwP^F>}^Q zvgs2vj1C;Q^}T8?`NhvG=*{^y$!#Y!C?}Rebp7wz)<>{)2ZSEn)Ri*H91l6Ji+|-a ztyHupf}kxV*27~IgFGaI;j=bqfGdz2CmSa8wv(d&?9C8mMh|JK)KwMZtwC7D{4z!3 zSP{pbhF?H0xu`_)EJD}%SQ_w=OLpjiUFDWYh`S&wcz_!V4xZ6LJ{-AyAP*102ymj- zB2({WZD-Q&)gzLpD?fg!{+c-O$`{Svo_rvu^~z*_Ov-_!NFSVxJx=95f$rwmYKchk zRXaMKF(vF>5CT)6xvf&rej#YSRxBicxWBL5&aqpn24bR6h^OQ#1%K=S~ z+c}bV8&yEFJhquR0vTS!Iei`n=ponJnK?9rh3$5mBsF`zXO^WOTigblL+X!x*2_nK zrQ{BG=1$`8rd(@7PqcCE|GaKBKK)_4t$|y_F^N7$?IS4MdWCmMuni&HOq08Iud}_8d{&X*@cD_Yz%)XEe_AP zIbsFfmyUScrmQ|nevYGlCD8>TF3`GD|jx5D);Pv|{gjxFN|j-IQBuq>ABhO%@x(b#KunDx4kaKry=55yq$gwn=Q z7{~~jpNrr#Xuhhl@FtUStgcOdn5Zbift0d{5xqzdw20&R*hDPJUP7I`F?B5w5RfGk z2|{y8;wE3Dj>6)AQ@l8_bb4y!8Z7voqwZOrY`<;Eqy5XQ@~kTF?De#iRT=!)A{|@C^e#-s<^dMhxEB4VrYLjc1RT zvfpdLRR6fo-dphLhqoTCG0H$QyfH(u#xU>_>7UC0La&a?GmI{_%j;8J1E(>A?Vy70%_S(Jj>m=&?_w*`Of!&#ITg%Lf5gD>0ollBdmAvev7 z_1sq`SPjJSqqI6M<_FM$=pXc;Q!1LM2W-+dK^HwW&*zdExz*{AH@J9M!0Yne?o61s z@+J6RCr!W=F!sZk(5@{boSo5t?hFjbh!rY;QDB`_7xM}(`&jSl(w4~8(cn$tp=2IQ zHI=td>Kj%{s#N{NCRzF)3H!7N#IFk!mAL(h%eBc`j*&bCDl*QWd7x>tq!Z?Q`;YUy zLbs}K;AV52IQu`!v#P(o&iNjrWJ<=e-oSV4+{6@h*6rT0PWpxZoG`W#ogyy3(?HB0 zd~G4jOV(5Q`jRXI_{rk|Xfr(--rw1k8euG%?O70$u-!E^BU`qlw#Z+f02~}@9tNr} z=DI_`z{oX392TU(R7&x7Y=8ayR_QGr$5%evRdlEvB3WOG87O3%D?~I-h5VBaYX%=QEF-t?D`F^WNU6a9&~rXDY^q6{o8^uT*n(CMUS`XzD$4J zS(r@8Y2kP@ze=Kpxk5EsLcLo~PnWZG`030DU! zUXYccnw=<#XRNv@Q6!ALe4^3jg)2WkK(Pctu4(4wcH`T%u+7S)Uc^=)9aU|Ud_yBR ziizvq)-?~Lk)+J&ViiAnk)dV=YyxlmZ{)@7Q=<6w&+0Y0zaX>CH;O5uIFH_O{aM>N z^<LjKkhvNl!|jgxRl!IPQY+=z!FY`m_(1+jF7X4}dE9j_X7ajV`&KMVmK z7MhfC4uFk>8jOHHA^fb2B_F8Yr4-cHH3RQ~?R>HuldRiuSVZx$fN~1bk)Z%OzmgLN z`HHki*;gR$?bmS$N3p6VFoN(k5);8Nx;nnuzfV>woE826k|JtL)ta9i3gen4YJ`}- zb+IJfnqk-OQzq+SYi3VRG3KQZ^G%nCMV1}-R{%s1T>&=?6Z#OyF2?0oo2 z##J!8_g$(q5xk$sRCTd%*LkZ&_S4`uby(=yc$~wHiwJjRX60W(BMIt?LX5JY8XOnF zw0``vIBsCVgGi{dw~x*!7#-Q#S%T5_FWdsO5QL==XrS~o?e|XU36K#9z2pl<$3C2| z?=_$TD(tF%FS+Ww7Yd*P<$MZ{caJ5>Ns{`z`C*KC3_U$Fvby; zuY^DDLR|j@dpc*l1lW}pCd1bp1J)7+kp43Qq+tq`VB`g)(3k&8TFRH3V4A}Y) zl$|H(IaGEoL>cG~u!9!og#G;xdsuZl1PJ@{Cl+l8g9SUo~FP&xb1TZXNp81tu~S z4e^RKuIRb+lF(qWU{I(cK_Y6zpY>enS2NJn6zD(PoIws%6YPw46V|0d*#d?B%U!Hn z_###X24to~Wf~Sq*T>BzrI{O@XJ>{1R)73TI0m<#9iKyNce;??p#NGVNSQjPBrr7< z`6zs&?!&|O8m_DEg^Coc0H+OxiiE_io_#wj4O;*~*uQ{G-U5m_Qdib;!{I7@&(IOH z8jvZvsst=jOSA5@YxK_@6D|dNAC{!{mW_s^4MB=1ON?l9@m9N&U zNL>z{{JTr&!v+Plq@wP*8>`p$cGzvH845@mR_0lIQbiL0uS& zrf)H?k?FSU{1eItJhPnN{zk{l)ex`2B2jZWGpMdUoFQP0UHc|Z-0&#w()~b@s#m(5 zo-F~zV}ja)gUh!H?0lOfx;E7a!DjRb?T#l)zayJ1)ozKOL+r%~jr5H@3kmDv*iy&H zqRTAqs@b^E@du~9x!d&#$phNfR>b8B!|eSpF(GalFozXtiP5}+SYZbSlT^EfH_>g5 zj9AD7*I(QxxP758$>c}}6T{*GB~vWmP)k}6S?^LoU46-*xOx5`VkpBP7%a$4W6m5gd{CKOeJi|OD_laT|A?=HjE{4b!{^ii(}L$m z1v*2J%YrBfWk4jlDVPt+Uqq@KyO7~cjx#Ln?}j7B;L^&1TWr=;$|O%>0q3W_#Rrij z>dUNcv>eC-!T~BA<@&~`r6_)*afCOa5-+1v9wSx^ZtTz@l{x5=0i3hxY&G>JT&cS{ zvdew5HX>JL@r00ImSh};4$>34@WV~hmWa5%EzbkC4%3ocPsieF5G1`)MQ3`_ZI$fy zi+i1c4l;XTJ~(!=8!-Fgg;W2TC*XD?))IuVqgR;>D>Q>i2l>^wTV`$tRYdsgr0ad& zI(G&HKe$u>3khg%8xRj*QqA9CzJl+LVqQ}L9!S+a@^YZ|DJQ0MFpm`{>vgM?4E_;= z#15?SBCLSyhoVg3fQl?VWl*iBJU|hLy{Du;f?mmtl^~qXpj2U4aL_0-Y&8S+bYs+V zLJrK6p>6^BA*K?t1VDHuZ$U=(3SOBRGcT(^d2UNi#2iTqy`zgU_rlnJ+!ZE^Dmb}f z%aA+5#J*OV1}^sAL^AhmRp+viwA}0m&%{c=ufi>q@m~E_bcfUn|Ex@#!u6~CP?1Fg z#vWca9$MPiV$E}}XHk(D${>t->xf2yjp;f@sMAJ`nX}f)PM^53@YPuwEVj*H_|p!- zqtR4Gtiz3k1iC!{hxIG91c3as7KZ zDX0i*Z@cQeO{2d+#f!rrR9_sd>RIn^mNoX~OVvxfkfjUn&2>$$SxLjv)u})M=%R7S zh!Q(mobGp3=SitjEt{-TtwII78cDyX-Y$QisatogfV~Gl*$=rg>{nP!fkz5#MLKb( zYng6mE`84Th&hx;t-Ih;#bOr+H-^C)T;LE)jWTDqqhm~AH1QmwC5*x-bZgJW0|2*E zVkZp!kwx8utbQ~mEKD9w+lpuDo=L8A-ddI_y*u!N+z`u^ilZM59z zM9PNVnv>k-fIAMZOFXJGsKk8x<lHl6vm&&f5 zd<#7qp&kf+8aY}LoWhQ@fgkWvXP$0mD_knV3Z(;;hdNUxY=arj{~}Cl#GkO%7!(zs;woT1AX?ZU$!HOS45|jBkFk2R4!hxuT+Zt&O~yxsbhfZg~_cow8f7BVL!z^n=~}y5~%aYzAb85tDI3wuV%MVA%E0nCl0K zHQR1sEoR`L7p8jocO@#2eZ`7kEIUI85f!Y!B6C39)X@bVJxl^}vviPuK=r^Q*FSY> zUGpN?;Y%(&Hd}1Ns&S1jLRLG7)o}iKjYlt*^RZ?4`p2~n;(tlK*=6{@7yr9Pm|ccy zb`fP0)aD#IF%H=1AQpgc_q_-?z4L0I>|2Hx77!(9Qwx!wwcUoaw_$Hxa+0p;ubBcp z5s5oc(gX1^(rA;Ro)vyUewopX>mZmQ`rDHU$7hdNYGl&ROt z`6i^CxyV(p)6HvJJ>HDqbcgg?P6s-=*!(fAxz4I^QyzX)k?6MQ6??I3_tUNcp=R5} z;+X7e;VCpYEHW>8cqy+(T4(m6fU|v}s-V|LXk;`^?uq@VVN1ycT|1pr zr#19MFSisI{aL_%TQSV7gn7%2H1w_B>MjxfL1j9w?Z?dB2HlVqewx*Tbv$a;9OddQG4#PN{H%a@8|56S6^E(JFi_*@t+M;0xp8@~iMz#VYpc1n z`W+SW%uZ#XI?|e8Xki*M49=M)aY9${pp7Ag{49`93m(PtzRZ=iKsE6N_m+=7$KVZiyi!HYGYRposot1}0-I4L+ZOFz2@kl1Z!b(!)0OR$%Vkg3Uq9ix z9@=m9Cl8vPmmGA0J_Peg|C&h3Jye9x4JQIE?sWE;7sN`?!(UcitoYEruZqi))!J&I zE1u-mbr5E1D+@9d9DQ6q_NLETG3`PQ10WWRWKugD313c=X0Y)}O7xaafK>~+D+zja1xJ3d__ zFl+>)Br03p@&l}ftP$O=X5z9UxO;}arrGNQAW&Q4jW2qHj;{YAeecv{7dLnbI$=Yw zOY-Evd7+`#ogIHqCC{;z{xoO1-szoNI{*=DOy)#Ns}u$LR4ni;%{dXRRHK zUrJ$EsrB!ZIJatIms}pZrTNUSFJt6U5@9wu>c&K}tNxM?sNbr-^gZIxX&12)&;tBo zqQB9g6*Et?L;58G&4U(#1$cuIs5v1Wh2P}qH7BP5VK=|Jeq<;Dretx3>;h3J@F?i zjV;LWmi$M?N7>H!B8=D$WAT2Sakze0AJwg#_`XxSRm zx7Md@XiVBv9Tk}2TCLq$8`Gx>{x@KH&=}pU^ZGCF!T&EX|L}2_Z1>-K-JE~r9Lo)N zYa?36vmDEgxK`3F^(o!C|BhWbNlYaCcV=!6TXS^tC!pxxBf6TJtj}L!e*+kiw!~_` z6EzL`CE*k`OJ%(st;5ZCoTwsfze~JqNeBitM3gy8^l`kW+{Qyn@ZjU0{ybhtS-Zl; zrOt=A%n!fJ2a93}r@SBZ`7-J2b$4O#Q_HCT?acN%o7?OD7EAnjAphaJ^|SPIH~jrQ znJW18b@k%5f+_g$rSFSk;T7xq^?pz3dgnAM{QUCsKDwP}n|71hI*Xf^6|jV3m-h|z z89l->tPO?de}aoqeVe=fO?-jJJ~LUjCBdI_#W7&xd|+PM5ucS;XHNQd08_x$=+H*N zay)VlP~$EhwuiBmkqO!uKw1)o-!@AKCPA~?f8o68^fY3jhilmD3<^BYCrp?)TtJYp+@*dN4xE65s?ZRzG;wy^5xk2cQtc*tvxVZ1GOO&I zSdBoaeNLs8aGWcLG1=$n&DFb(5rTQX8b~gf;Qf`xs47h_ zw@81Rt48&k%TGea;h*CM6!Jilv+Sx|yQE+Fr+Lx^EzmAyvN!dVeV_-0{9R&Hz=e}0lxvnemyvT}(Xqmg6- ztZJ8|Blovz)MKyZaV*lZ;V<6!Y?TyefTu^v>*3bobPgQ)oR4gX=|gEGtWgcQHigWJ zC$OWjAYz4eY^V#%#vn)8=DX9^&ME!)H@CI?-RY}L3*+LTEwYAe@&in0$Uy^?-1_Tv z_xG>Ag?)kSuN)k+qoY##Ram#YfDRqo@O7DSM5^3HrqRBnn3rDYh6uB=b`QO;u1TD8 zI~wg{vDwRws0j1iBB6OA-c79&o|LrAU**IeaH*%=G~1rEV4n&T>n2*bkc9ibP!WJE zgbIeCZXUc0bJB!VY2=<>WJ)e{&n(I>J|>-3eX0K`!BH8aI1>D_e2H&9b&qQKOtg|E zBCM=rc4t|0QnHME{{~0;BXt)wL%>*;Zl9zwsLR=a?yFt~4ZPW`Pb@BU7CUhN%(6+N z!D@_&&3U@OaGclb3#MzMsXfcU$ZlIzUll`n2*qD0C~HdJzH_x_il7N1xmBct(C@%p zhn@D8l439iP5>P`C{#q8G zyGgr;60v|+RmFN+MFb`Swm~kpuf#_pzRS^oOkCpX8rUbn>3e?ZBpPPN9!AV4Z+;s> zq`eK_N4B-7j3Ot?OT)%d62<=+YfSPXlzrjT5o_esDI)y4*4u;P=?Od--$x3L5lkUH z^l%XiD_1o+ucTH>^85+XLK{tDv6jSdQ4VFQ^O1(Gqfrhs9``91W{mH`YsA_jLgLiC zAC5l^!$fewL>GP(7en3Uygl<@@n^ZhvZ7>; zJGUF5v5JqyH%p4V;&qQipVBT56stcamu~Q-e{CB4VRw3cJw3Gu<`dpPliVAy>TjUo zjceG$2CTs_Z+agEQlL2(oY~+^bnIK<*m6%rB^5zop9J3u+i#( zY9zuMg;x59Du}Yg<#WH)^+PJrStnBHz^DF_=U|FH;oJo`+%6F2>Y=VeAqbJ$2d-_M ztc~&D1lZhbXbqH3Ta7hlkym=;FkgF3gOIcaD?-(3)6|%Ty^&~k@hx@*cAHXrDFDbE&tnSor_V4ouRWAJNy zuXcoV;D*RJIxRo_*D7|vm$ZV`e!TaIubFmh@#Ck@y>07%GaY;z9rXVY{h#Fb|8~dyE8hOk{r`S(F4_X# z7M9wrN38KBYR<}`UFyGWQ-hFBl4ygfV&?DCsJV{zBH4G8Qo_>P)3RTrSe<~{$r+3) ziaR6YgW*$y?K9Ph3>pBm)VV5uOncESx@Mtx&eOZ*H%cZd>j_`SoD3}k{0^zQc| z*bd0sLI*H7shVMaHGs2 zgjKO#Q;31H0^xKW;uzw+r~SzzrJaag@P)1d|0z{;RQ~bI>g#bt`$R2$n9O|0BfLQ6 ze}x*DgevgMNP-f{m~nJJ-~4RL;;bm~PeDbzE3in`MPbSi44DKwKFXPNi1m46{l}nj z9Q*l@36dCoWE-l4?A4aX@G*qy(u;vHm}nCgFwT9P_c;K=Izp#|+9mASbr(6u-5mb# zbY5>DeF>68-ABELGpGEzV8KIBvKT@4d2RLUL@Q~0P#iy&bQgNV|2`>*32rT38bQ}Q z3=$F%jm+3iw_1UOZ$JxHR1rs7+IQ+OHwBOO@Z+%vOod9wb0RDqam1uv0E*pEH7v*b z_fx@Mio$mO_P$S>qI^Y;@v!jlVRYL;$3=?}U@G!pKf>M)!sOWb!MJGz*jHRJ$9WZ% z%Gv(b1oKrPIR#{6(}4Ro9TOTtruZg*nftnUF$#;I2rtdXlFzS2u`u5 z8Vxws+uS6EqM7nBO)d3`)i^K7LUXae58gKkxkp}y{3I1q4HC=t9X9lrBhMld?)n6! z1RO%sB{suVX>4Vess<*Q52&X5K6*{)fyH-QIuY-9gE1)ypdCcv3r3@^PV7 zk<=2*k-#Stb{n^wz65gJ(q-55SvZ2LbK<#yxo~%X^(DisoF7}46~XP2V2E*2t{_6c zBVYb$uQ9nXxsm2ZD-anEl2fa2QR|m-;X+|SJ5PhC$Jj39Wp=3kB+uVgzl_=@h?m

WERq5pC! z8`^&|RqYu|1+^%z#Rm7zXgiO*%muX=@JI90KA;u@-i3;rD#ol6-8w!9QL%_DT?dL;M1X)|2|{f4Onb=;cP5yOOhN7@fsn%<{{#!U*(#La@CZPMowHALmmapGu? zNfmZW=P)GX!#CxZDc)mo2nWM(c!ZZB2B(tN3=Ju%BS3_AMLUzKt!pvJKDD}{F+2FD zC+yh4PB3BXMWCE+Xq|!FlD0mf&t_cPFegw^5C|wxr@+>Wc{QsK>$7e`XnxzRtHS;8jjh~CKY!H@WpH@QCZal<2q1Fu2oQ7Bdg}~b3oHw-7XlW zt`QT#!g@PfvTZ2Fla}L}YC#8<4L^2t7nD#C6>OB*m`wL{j}4}}d&c^@fo@J4wq+vm zpC+!d7#N<^Z5`_yVCuSt@6Z(UM%HlibHFL;StBUzLF@*4Mz|aHXRo6!u2rCBtock4hw&# zv4o@EoTLVi=rI2}y1P;B!4aicNmRWxurSRVoWLpySUk;SRB&vPqP)-> z%~D|G;IHcKWm_*;)5xLfrjs6NW$`(OeG3U32zj<9_ zm4XeqUe(BB<(RdKbKc2P&U5v1-}!4v0kpB;CGapY1c((vr!x59MZiF_bZj!>(s?wD z&b0_7kq*FJu`@B2wRP3i*P}M6T)#B|e}((|TIU1bLg=?9U<qS5Zg7XgYZ|1FgSWHr)OPbTHoyGc0%@IgKd?FOM00X79JNRI)73xI)q_24LnwX zHq0HjVCUUE>#O0H9;yR9*zeeIYOHHxPuHfh0xDp+A)VSh#I)t@V8~+`E9dqb=2X(u zx)6sEmys_cbPBilVfE2@4yiK#2=&h07hPyqgcuw`6|huE_W+&})j~m8K~CDWzPnED{vbjf@L1 zqvLOpWJnD^4>k&x$8kZJSmCQKixU2f5UrX}Nk8-tgV_tn9-0WGVVT73)o)GUu8L~O z(R*g~YzdPo*bd`_Y%T`!DZ1?#mKg#>-WWr2T-A2Hdp~jjd>ir|HF38R7g)%rVl%}b zzn<22lnh(fx($*cLq2}49qE0pkT=XJN^wIE`99c=^lugCs(vgqB5qY{TCe)0&8E@XQZ+TMxwbA>B&ba&X9kQt^AzhWn23Yghc1X~%s}<+tL; zp7f(urJ|;~y3ak~pUYa3dCu#qxw)9iYvdTD%8Z9K7ok;{1fdb-H^xaD#%)X!{FU56 zBmZ39maI{xRzJX@@F@}wBdJ531;); zBT9xTZ^jK54N2aP85)O|yfwiPT1sfmdbzOQ%ZBv?A6OzVTkOl=9I zYw|22F zgo}KlJ2{RQ1_RDov$nlGLL;|lVbfH}?KAP^9VZd(hzzK+X#z3Y+$?Jq?`Q`tEs;iW zs%oGx70|sNC7*)(cMx&%x?Tip+9M^?HS%BtDBH6oI}h3%&}IQY`E%P0P*%)Ox^8hS ziwpU~-#g>+j@8G++GFjpj?QD-k6j(diEH9&(TGoX#PNYsd{S5Q?&Nmt-df$>u7J^X z5fnOvf(amIhB<+dV?84tmThfq03k|Sb+l7zMW{b8I!{PjM)ee;^FC?HV01JBn3`3n zSO3TdbrQpGW(^l~M2J_+W=KnZKe7X$RN$Cy9qkbm%R|Vxx;=uUBiK$Yv#tj7~$?s&t*Vg|%@bmtm!3_sQ-X3XaXgHv6V|Tit zVec&s4STJ7{eBG%4SPND;&lxT4X>L>4kQ~It~vh=&#U`3G&F$h#`Hi#!qi(IqF~4n{V6a`~y}Va`pFL_m2D0A3NbN651Lu~j^F+7zufnovu=I%=?A|%y*vBh zJKyr-*as60Z~5_gnXhc?yx~hLz8AmxE9zf zyWyihS@G^mU%dXXE&Cj|-#-qy=khn5-*En~|M89N`RAQ?$~$j(;@m&~{GMl0-Cyn6 zYg701Y4e|(j7ERv?#vx;ByPL<@?Dqj+UGz2?LWV{`+?nmy(e2f{Jvd3+x^eGA3pZY z+kf@M6W@EsSI&Fj6aSlcK6TxHoHJVfpML$-Pak4^)!x45x?4Upb*Q<|_ipa{$}NAm;D?1^z3JkQncLp$9CPXM$8BjX zoSQiDEylLU7Uj<`I%hojgO-ea*VwP`Ir8@BqgVg)**EUG{+{eq!{xh2ci(=+wkQAh znC(A%@XgatS?4F(-(s{zwkYeLd+X?zetzNnyL$iowr`!?c=o<`=RW_N)I0WiVjpwn zs*5|Xy!cQ5-yP4Mc+IK5zrOpE7w`S?jUPE9{?^kjjQ;YzUmttp1Fv@*od0a=|HZ_O zcl^TfYze}3hP(KXwe&%fpHi{AIc&%F8M3s&BBdTemh#`E^GZh8FZ-S59U z_xZohUH$uu@4fBk1LwVX;Lgc>>kEH4`qt;Ze$(L>z3=XSKYpm^lRy0I16N-Am%n}d zP3N4t*Co4;`0W~S#j4_EH}3kr{;^f(9Qp0}>)KDhqVKmiZjRpA`S%Zg^G_Z3ed)@d z-O)aKL7-|8wYDCp^8YTN{V1e)!ox-+9AnUwq_4 zyGM5QG;bN$uW|Qv=e_u&`{ReL`sgXQ9RA_=^}li7)(iT~KYi?`Pki&BBM*5xdG1F( zci2edM{dnM)Oqn=cHMd6XJ#^w@Adv4efi|w2Y%v;kAL*c)BgG4;d7sP`*+@c(P8ub zU)^-*J$pa@gJ0kG&@peEe#)5N|AM}g_S&Q!_*nBZhpIQLW)ywEv}l ze+byf8?HU~HwSEga^J!I>}zg`et&q^r_Q#{)StiVoWzlT zy=O=}5H@?=LC+jCa^ZIlyJY)2d(YqJQ@8j2@z%TUezEZI^=)7O)!#okb=|u^{-fxp zcdfYdq0Z;#pPqj7_S`?dzJ34C46Ogu$&p|E{)w?Qk6(E9`X@hf&Hhp4C#k(QU6H)x z-c$QeyM3_#wtwvR@O6`y51svo-B&*GyIfAirVe&6${+yB1T ziaS62@sHlycFpzsbUgRrpFQyZ{i^Nhi}vpO-0e4?`}nhO-}mO}orV3^KAgYlo+sLK zvyW{#WBcjz-S_6&-+EDR;lZzb?!@1p_m%4p8_Ue>)StTGvEKK-^NKtE{g}f4{$ph9 z7hgE$fS$L%Z|{$9Jm>X_ccwQH@zW9awJMW);>I?5(bU@4x@iy>9t`ZAU#EJ>%MKckSBw z_>L#8IN+g!Pr2)_f4T9dKWDGmzwyq;|K;j#<+0|{JEz`X-h1|~KRs~%xcHsN{_%Bx z+_ml(pZr^7=B#tBx#pAqaru!SeB@iV4-S0vrYkSq_CLm_u3CHKkDcRkn+_Pf^7>8x zIP{FEZ?8Nj^2Z}*Ui{jlcaFTb^VTzO9f}^fZ|eoGAAEf5ll@I&8?R37byfSj&N}F_ z2J`d(w(83RNB-_ZU5P6XxMu&i{@4F}_m2B7yyB^kv?ToyEp%E$K410*D-&d`0eNu|M=xerTfl5^{Fqu{ey`^ zF38>Wqj$bZ`NUl(KX$44{!0#czOnt7r)Mwi`nP*W-u;C`zxVoYbd*LC+kSi4hZ0xc zbMJE>{L(-D_|TcbqaH5oKJbjG>)&3w;phK+-iuQ=y)g2H$dv_1!2W-^y8E#!F8|(q z%6Sgl{NB&~;r_cPdv|^N`?ng8opAVJ*WH)9ZDa3$9d`TCBTtQAY(KJk>ellII&Qt; z2d#5Q4t@IR-topS|Lor1{&Dj&kNx63kw>0_09zrzPhbA4HMg95e#4VjUBBYQ#?LkU zVxRBXkN){jXPo)m&k|SmeSIkL@pIl?{PgXY%|CSVKmGU%9e2EL@QOb@{mXmb^pDFv zeAbRnf8mSH8+#r*aj#9$tDpYDw;tW{!13zM>x?fJkABmy{^yAYZ~Ed-R{gHLPvn&N zFaIZf#ATZvZ@BRTyTASY^De(8_qE<#Z`k#dH@Z)q@s9m3*!?e8ckg}Lou^)O*{zQp zzt6=z58rmixqHnt9Q@F>lYY>+&!+jOI$wO9G4|gVT>G`s;rG1b_Su7rM}6qpeQ!DB zj%R-L!mqwR{@~@;?B95y9@(Ot-P&^S*rnSqTYK%bljn|I-BNt>vo{%M9K7WR`&(>Vd}|aum0v+a$o-WuK;{NgTJ5u;r;Rcwi|YQW9a9fD3$K~?)cU_ewAAL=wXLg zdp-Su#LDf5KL3NeU-;E$*7vR1s_fOg{r&w{pJzYw!1l}Tzvh3>IO#XPK6kGpGtYcw z{EcreJym#L`Q4w~yy2S@2mMsN`N6$E_`Y|3XT#Y~&OY|&n+|&JYkwTo{$I=X_xFGL z4*MsEAM)tlPc}XgAKL$kTVB|C?i=>|*5AMOpWoc;&}Tm~{i*LwoHcmIpWm%scWu+b z4Shd6;zN5s_`|zW2mH%PzaM|_ofou1RShnAA#v^5=Qq6bv(sCOt&O`s_R!da-zwes z(*q_R`1CRRyyLddrc=kCA76d#_imnj>y8_rZT{mUci;8y!&ZHC?JeIuM%ntAT`N}a zb|_%}U%(2nLeuRH7TD;|8?3S)Z!->g>-LY` zxZ$|#KKP!TOr2PG0ws*n3J3J^1Adzq{t&9{9{>?|9?I z{a@aCR(XZhciB}JAMpIaS9jbw^z_i zDwh9eXLplL2!eOs-S_wTUq0XO$?nd)dGF24n>X*hdBe{N>K4GyTCwU%@-I%s%d=mk zPI+GC`A>azjy`<4X#3R*q4>PSd)lJHI`b-L1!(aVthnR%~|v`M?0x&bIBFEvdPr1zf%M(4W?RI=oVv zm%Q!S)RXcxy(jU-J(4zLWG(#Ym$SY4{odox9DBl5qp~jHvB@?9+)$S3bw;5Arr`CEh)r@)0@za-F#7>BZJ}`JIDpLgdcm zk4bZO9zAdK;P<_+Bl92jd~;^v*XLCq_^#F4 z6DbZ)VkCzX!_E)RyL>(Ga=p^7(?T2ZV))_-gEVz>Vr?!zi7BqD|D5CU)66YJ1zSrN z%P*x=+c$95kij3PXDzquGT_9e%i~KrlSdCa@aIjoO+Q&P=E{&I%Ht~(_D1$Q5+ za(8_^aV=qU_@1x&G@zCF+5$&B1X zL8~IO>ltc4{pct5cnf8WTiQoscQBx!@pp|+556c8$FGlRr7O&;9cx$cX3FC+8Hb7r zpNusWehO^1&^G<#@{7M6+TnCKkN5h@hI$(q~nxtI+fdp2Zf!7n9Er!&=d+#|Ny_FdPtTkDc44{J9(tv^~c zq}`#z(#M(;-Ry4-pF6tR)^me2*Z(;9^Z5=942|pssmez#Zwi%)aW+@(#{8hmcJA;K z8C7`DsdGf;Prl3T3PvgJt2|0O)?3^>3rp>_D#dC0k!^>%irT!mW)o5nt~r`}A>{Jw zhZ{%tc@yK|7$!|bv3+ayy_4pD4qqPlZ0lJV>sCCYzUNG*m*4SX_?^#cZoUdXa=TXO z2LHVsZx!xeDGkQHJ3T3D+rve_UHOHh@<^lEARk9M{rJx2G0V#7nNkgQk zhNQ>}!i#F_KmQsY{cP2?()7Y+9bWrAe%p9_-qn@2UKH(z??n0CxHC-dU@xef@}vLZ z+xGWtqi@_hAKjthp{@yM(vl|*OTIQ*-EO3Re#G>q%ALEk^1@|-%_iHXdmgwedU|qD z+J1)|v9|q*y*Vd3G~PUTtu8vEHM-`#EWaM~dT;vFltTwHHxazR?lvKl24xQJS7o^U zq}xBe_sNfKEjchQq;T09!*}8*c>~@QM5p9Ah>$oeA!N?9+{_@y@a(j;2_G)pd^P1j z4PQ^~hS^19?iLL3xhnIUbuu%z#+atnTNahr-`=@nK=qI7hpoQTJ}x+Nv0vuX7?0uh zlg1wV5WNh4oRc@~*|wzg2OdLR)}g1j-rCz%yJ7#~rf6D=)>+EboCX=IQQ_WSa%^|C zm>@oT;9Bm5<^@H=T4yQI;r_>NzxiQo%{?8p8z$CDI(Mn#KF^s>VPQ5Qiw36UoEg8n zZbI>h77u?7TYP-$%-pTh3~wa2##NtHRWQ#kJ!#0N=Q$r|99^B_6t-d2A?IyNmd+U! zlON#|bpSss+}gVO$7=IW)@_SwSmAxra%mQMW`l$90oDk3{=t-L5Ja`Ax? zHDVMs-x`+9>QXN&Hg((`7)18pL4lM`lbC{!a{697R?*fSUVuU!+|}+ zc5Z(%La3TQ#cgPz{+CZ9S9H^En0GEMQd-in-b~wc&!y4BckQT^*fJw2+kN9#yD%@{?8=ey?M+gd4;W_Y%+7od{M>+bin?aLdgfOMl}B^_Qa zIlHA@A$+mguAG)FZG~aMHX)1V?A>YSU@zF#PWQPed?glHI6QFKnYfkurAeb}JWtGa zFO5mt-!5S*-_0d1IP$SeN#WGrg7-X2cBr=Tr-Hb`;eo@0bX{6j={a`mt|mM5Kk`bC z7e%eU-5_K2skf=w8*FN-bS1B%g-`ODWkseo-i{kSEA(Tlc4?S#wtxD)zB6+-1|4W0 z7koKh+<2XowDYh_Zx1IVQ&2bcK{m~*|1v2-{5NB*kuheRvTiruls$@@fyhD zBmEq*M*E+yHZ64hsNI|AjGMnAE9>STtC7>=wHjs+Dp53X_VD3b^eH`3)uznC5qQCRrw{IQ~_)vX$2w0$KB zIc8|GwR+4SHd|NQZ7XeXJqq<|X78qrq~BlBn)Z;nUw;O}i%RiSl?cX$DP;+J%iDy&Q7uaZ5q*;} ze$YKS&tqG@!{(WuRqX|*cFZ|gwD3WTkUh`d3<=ufldzm$|JWU$?AEr!#&*!&`r}Na zT}O)|+j`myPVG8c{Hw2Ms7>q8jk116HIee469+H;$?4Xz7>5UILu0?s>X&-4K}OrV zV?^4-6*DpI!}L2v<6q5w-DP;|%EH{cC@WB??;w{<Lsbd?MDDW<1CO7O>RswB>%23iq0~ROk)G<91{rNPKB&^>s^0f)a>x0b*B{q} zx7{&*OILkKQuPKIDf5pp7%i!PC~3fiOy!C*TYWNjZcA#gq49~1Ki z{g<4u9X3`m2685jOG3ep0n%i{-)7aeMp(=4lZ>OQv)F&QadlUIjL?HbaK`tBR* zoYQ<#7q5YvN7NCZt%~mY_N%tI zP7R^ClWWGr4Ibwdc7LUF#|>HP>g2nD&%0-y9-Tt`-0>A5Oy$h>>!{EoKv=l@2Lu;+5UN0%BBt!L*h z4?5s<+~xZ}64$p-@M6+}sfsIYulg$PZd+V`L+4etliuF$*X7oQjX?t_q#vxDb34fI zZ0rmE?DI8|DmaESG}Gs93;E2UGpNCcr2{4`9IIH})T#TlowMh3j0^UD zJb$u$u7lxbjS)%3k7hfgy*mB6|LOdF_Jg{J>n*iSm(N)^+kPL}D)am13ubtFmkfkj z=bvu4ap@0GS|>n4aUp8Iyk1tP)b}+LhR6NB)38^%=S4*n4??aRC3m`OgeS?g)#I5Ac-{0FRotT^c6+OG9FJ;#oT0E)-~^A__C1&Szm1!@v#R7$pSE2op*2QysO5ys&*H=K-_D8X zUo+R~^4Y@bal5O`Pk5e{o7^Q~E`Oy?LL3`&8z7x8d2ob%d{JBXFF`HI&DF5b{e&$oc(3+n^F0{b)TPiX4YL0t5P)Z$(Lsd-ge<-g3#?wh}T-j3QK?#fYlm)d8$b^qbx?OS^t zH&^R?zRzlE2q-$;l}*VDSde0`O)R}~z4REh;N8cCNzD`btbfvc?89(9wqRbPfM%0y z)8$vg;lSUw-K@U5_LJ(F_on3}&j|G``IsWJ83BJc5}>$cJc3tbeU z$71^K$*WT`ch10Pb92`P#q(m)Q2)s<-?yxp>))wizn!&1+>h3Am{Xg4;g-K^WIyqf zX<+3>Z4(@xC$5VDq|W1>w}0MTw%aA54yAk)jcr_Y$biL7 z5)^~O)}1Jdlt=HJzpuEeB;{&%r)8Voz7)QtRot3-p z+>S?huZf(b0a5t#+8Y->GHhmMcKOSDcu_?7CUY2R&?pudqZ0AleZn` zp0OF0{h_cSQR_Xtd}N!N4Ih5HURE@K{NRs-j#?s{m*lJ%cX0Kg??!L53i78z#`)+pXGr(@%hjY67T{dME$wOOyKzr6@6Nu%nq)<%K1{nXYC==2`k*6s6#e$LVfG-G2Sq)~t@?pi zeXsL{@o`FB`kP)WJ(oGH`D0ewJGt3sY}1>1ysbN3Jv(r?< zmy?-JHA2>_1L(h(Gdj$b%F7+ zY(&G|&Bt%FosZhwUgYy+M($S6twZM|c-#)oxsdG8di{XC?Gg?FttWEGpu*fKgxmA* z{0MR8(NDi*4!tE#xNvDq`s;?pUYT=k3ETOD@1B3RarEfk(h@E7-8 z_qvz1if4~q8V`|{2+pm_ypo$9g14^Hx8~5(qeMr-n$MiEBE{)f-LZqeUHN!3yZ-o) z`-gAO9HcK?wq|;hGj8Xr^=zH{de0HP!^{IWWxEBJsyE08sB%Q}^DgngM}syQrhN2Q zj(d@x;}=q_E7rH3a(!xwLFb~c@iuH*QX{khFNU8Tw^H9W>~c+Q(N_Px#}Z$zJa*vN z^=+l;g$0i~o~>5e{MTm&d+q!q{i@YWmNe=ucd!?vwj6V7oWs~QuwL(Q5?=Dt87JjZ z9BI=!3p=&!d_e1ODCSqM$$4ht5!gAD4z+kwqeZPQOKk6Z1( zCpPG9;8V_MviGq|VSG>(Y{{JY4YN`1y!7jkCrr>~bT-Z?9i*&}~@J+D378Lt(8sOS@e;ARWS5 z{)i@m*SXV6$5nYVx~hBQw}N22*TaVPA62Jo4jx=^*6G1kyRLoT64jRPYW1P{#9;?^ zpD2o5o%+~+=sm-lLsdm>KHQG!*SSg|aeGmN;?lz_SC)v=f;YW7{qx?P4ctl_XycZi zUYmXF_kx@?+e#awBrk@4LAE0N_L9->b@^8%>3*kYiCeg0hXS{i&Og3mJ+{FxbEmA> zkbhE=e$f8m$RoKEZ)_WO&)y|&`u^`X-m3AbQ{1qYGg~R!#$saK@&xTW`8oNi*1F9x z%kIq^Gj(CIz3;9$YpzMgytqx?o0C)0UG5&9UC&_SKg@2~+M##O@7~a|W`y{J^Ymm{ z?Bd_YKCd%(;K_QDtuAfRMF|V9AF?@dZQE<#^ZH++4t=;&)aI$d=_UV>|B!ou1&_o< zSlfp->#ps6jotd#y2J4HTRUtClI1x}UzK@iL5k3!v~fXaVzU48q&La_lX1V={*6yn zJr_59f6&BXYaB*>=4<;c4QZ`Z#A3lOmE`NjI$yH>2=SYHFYf8$KKELBq~Y@_=amh& z1SC*{=luHjP*JR{_m#ab@5FtE+m5^1zi45jQtzOTg2Ew^V`uYbzi61BA(@{y?Nz7d z{i2T_tizu-+cy1V-zJaRuW@`_{H*g>oA3?9yN@Yi>6naFhm;A0Np0>33&dwfoVx${ z>e;UTPxB5fJKjPxwE^K6^fF>ws=P zS0abEEFB)yq~*tB@1`U-C{z{f_AhPS>C;Bf`&*~XOs;eMU}OF~YUqYs8B{dZN%7fc zNsE;qT(nJ#9?p69wqyjn3>Xr{KKQ~V(@prj#;y)+vQnU|HUn5 z*WJ>JEE(4SlY&Y;p6Z@sl!~KURZm(v!4$!bD^->+Fnh5J*Y@%=3DytT@QVi z#5>83+n!C|@A>rpAH(;Kc~W||@N#zDqlRBIuI6^L|9xh(sP&ai>raZpv+G^AA2}}L z_`^@vC)|AXuC1GI!}#g0vvSX=RxW(HJAbLe?N`~8OEynWj+H+YJbu!t!~C3euBBBn zqF2KzUCGvgmrwglo!POMEU$j*slFpK0@`)&z1R1q;GJ{6c!S@;nJam>{@5_CYuM%3 zIwe2uK6X(2@`L1kmU7X}$4wqq>0SR}DwN&itC;@A*Em%Wo?UMt)N)PH z-t-)0N;l{8p;s?o-Ajybn%C@6!GVs&$*G?oUx}Ey^S99poQk{V=Voi_PMv3)*Dtr5 z`+!H6hiu^253mW5+vK3uS>E~Wg&;FW&6>K^7v2o)2 z-#xc=p1QBko7*j-65_?WhxPBeWE?u2=#`%$LG_C-X=tDui*eMHG*RP>?S-*23EzM)^QMMV#D7N09TkbU^*=R#e6hoEj< zE=KM1EB32*>gSwp_xKBcA5_$}TBf*4?$J7f!f!4i*JQ=!Zy4rvB{$2vIA!~mRYPx` z$Y^!;ww<6|(T)Ae0^)7f;VrlGj<7qZp_>( zA$G^QZoaT6ZszFueX&!!1rFzJdEFhCwlqx68b@YaEV-FuSNGKRUhlFSpV~ABzmTf< z&{11$c4o;EyOAk9P8;g4aeb$gMxdE zbS8gHdSJV5(TmzEYUcPAFIeVeKXyuKC%ef9yB%#cE65`}yWWO*=RYm8&+caX?B{Jg zuU_`Homez>q3nL%?5Ltx{pdpzt`feV8rPh+&|_`O9~Lys9&RtNR~&D3ZMo}=SB}re zwQ_mw*C5H2f3BxZ$m%(gGm|_0Fs5o|iQQ${+=rc1_8Pl^`5$iG*{zvXTldC0Ij6&S zjnsF0ja=My_A24FYmtjLkG7v(itRm?duZvvjh`jAE`OF69-ih|-(HX^dGhGVGNe=2 z>c#q_o%Kb>n%E8OJalfUQ?^(8gQNF^kJ#s!D0!c?Zm-9Qd{2+0`p^5s)xOv)Np(Rs zJ8RtLp7)z?Z=X5UR$TCG(IV&FRUQV-s(oa1irsp@+v?XB&Lk{Y@I~RIr`gzHETOQ`5$ufuBE=un>8a| zl)k!d+r_p^zPA2`*!gQ8Z%)54c(8iEd(Zm?9`BoJo(@!wn>+qt@PRdpZY&F)bJwl& zu@U1(jLS!|XXV_z6)elXzoFE*qg<#YWbR}dHJ_gMI}GvjD9ZsX@o8Wk(2jsctrpHbp5i(tsMrB{B=O4d`eS~ zh!VfEzDH-tQtD^dc2M+Ryk?QgrUdP`ml*rg>G{!(b}SgSx~@yybkAwW=Ig>vg`HcD z9M7}qeXP}mszDq4w%_1&sebE8Q5~B)3$NeJ@3%Mex48P}AN-Q38zabl|7g){S)D_r z#~b^V;&12n+rIF!a!22Vm)vs&OEn6QQH#~bRdIDrJX~~hY_?4k2iuw{8?JQy-0V*E zRm1LNFZGS(ziC~IEb+>%S)D(-k4?zx@dAdT;n@?w!e)foYl&FL`}!z0>n1&&T;~9{$7XQ~n)Czc1KzVDhxWX34%YL)~YJo}PTD z+$r!3`IL48K9Y32)x6L>wYtX^e5!S1OH;w?IVW2EFs-l!)&7Xzq9$J#3Qs*beA`|S zFf%`Mh3zKtZL8<64sW@wqqrodREf3;FORLu`O!}y44QRq;z#iahu$NTuil$ytG9VL z@v~~h#%Bj}?CPZsTb1IJX7e;TG-%p7}l*~o>zCkUn=u=BO^opfqki_k_<gzWBnZ&w)<&A4KIQ-w+IFJF!7VfV(PquX52H zhvxgQp1s{iJ$qos_t&@X?w>zgFS7j{<@F{jI$>nDj;VsnQ#S?Gj~6!_4Ef~M8;(40 zlpnw2fPZ}LF7~%-f11}obh9;=&Db0Kxkr&dIXU%gdTcFnp`Tzm8@t+bQY zCxf@A!{&jdmuoFvHu&9x=3^Rf?Z}@u%{Dz~UcsX$%QVwl+8_Kr^YZw}ltGV(J8QIY z9_M$~j-C)ZY{QLb1K+&X%=UAwJKewaYJS+3%r@N@7_Gv1$RGjecDM6m$>OCi2^~xhkKn)$d<%wzuS52g~O$xCtl97 zEwMX9?5XuZ5wf?_=6lPV3?4iAYSi?T%U7p3@x}2kN{V;OZ?{QWaQ#zukL((X;yxo* zj`ZGneY2pjMQrYiovq$(J~F%7?kXjcF1|UxXL%P_VSy*l1^wX-H>H>yIUEd2>-g2HJ0!~nUXD7}aP(_uepY}@NWg?nFaJ1ps#WF?<->Wm zhWgxWJ_hr+dE|xPcQ@;g@yWOJf1fkR}x zUZWQOadAYinimT$N`J7sFww8&mMSeyxZPShV`22D<8I9fWs5Q2m8AaS;VxOE%DVHr zr2C+N|9$}ht5XLR+DxlL7MBQY*B)y%bz11?$K9i`PQ_5b%WV$O_9OP$JzQSTJh`Q5 zk8zuV?ZUIudcoc6C4J9#fBbl^CtCgeKA)sH?r8Zr!@6HP)s$ee=qtpQ{88D1_>tf8|-FN);zE zFou-FBqE{H5LIz^b?YQ_a}&C|4sh)x@$izkdv$bmmAJYNezbR`Sp_vFM-_&$72MqD z3jKBbr&X#{sS+I6H(*Q8xC#IEVV3`XU;VQ<|20a75a2p2k>M{Se6jddaQ@4~-PP0L z{FkSXr|W;`zy67zvBM=Gb$^`E9`4Q*f}}xEz_JV(>%SSVNxD-m;sGmHgaxO`@A05s=R6oD8| z;Rj%{kq8cz*5ngY84zb864B_?*03{^Rt#y- z0J>ch=4RXmmlL;ZR}M9mW)!C73`)MgN=NBa!Qp)R8C-pY;Ux2DPI&noQ*p`#hnw-P zEWg5WECH1xP$UVHs0<1Yr|)ghC{U#iN9ao`0AtD*VE**oC^Y-HNJ60XFLSVLXZvwM z{8bj0ltxjZo}i_aD1t;Z zGDJk6qs_;amuqkI%NsspbrMRzR5~>RQ9vrU2MagV9Z1)Wq!B11=2#9`p^#rG%F2jh z1*$@XbRMz4Mj#`Zzf2z68;oQwLmx+&0(ohH9eAfv5XQfi7^b93uqV){$Rl=OC0-^lJwu2DxPC+AiN<)ctgb3h+kUpGfj)6 zI@w4o+MxLu7b<06=xhcVc0uR~AOgcnS+-apPPc9}>3ka=S*~nf&lFUSXh_T9P-zCR zd#D~V86_{F;DB=Z5NYf{x(duxLFNBT?2zFIU`bmbFfC zXmxk(jaEQyxz?NVU2$A8%d=2@L#pWM;ID!Sq7pqBtblYHIidiU#bY?6(Wz7dNJk(9 zxPXI=E{Nnn6&V8xNDP!WCm$4)8JlOA5MTumFmIX-_P@pk9HFm4Aw<-eLkN-($+S8P zCb+x0sw)`M%mreQOsj(!NR{s4V5Y8rcoY;t*Zn)_QX}fJo^>x**D$n_w9x?mG0t13RR<4`^~Ka!l=#yl`BmP)kUFHjc<>>)$VcYT~X&So$_^LFkSIgl$b>vF;cdy zP1{txtVuhOL~sqPGS&u|LN2B%0!VED|6n*QQz4XWQ4_={Rr^XiAp_YqjOzen?yh)A zERTAl3&heuZcZwA1<*G>(Nvf|65yj%KI-tYdZA@BfhG5%B0@z_umZ%b5eNxnuMSrU zAQb{9Ai!A;yfj)2Cm}?wB@N{(S!MYa6;U}&q5`&ArIteNtI1`Z|6fBykSSo`@1cab zyz1*H(K1fy%2E+dH}dyTpd%3ct0|x=eQjSvF?IgFzA)*7U)diVb+n8!T7IvX%KT+| zDh#QmKg#>jBB(i>GJ}8`g5&)H#d@&C{LPA0Ht5sRJ<393aOGF9tuWhl z;iwwM4V6>Myvk9^%p9jQKuCkhk*`k8YSpz3SZ{0iy%8uhF~(#j}n z6;U?=PJsJqNkWvUw%kLwDZh#y3KA5fCMvN_Dwm8tEDUC^RQbLsSDCaLUtBH`l~gUu zC4j4Fel_w|hn4474y(#5mgN#*p=N%?5K6Q}{!a~|#BVT!5-S=)Opxn0l2~d4gtPv2 zffYsr`V;c1Jc6u_D))*eCzRdZxQ zsS!L_qrkX&qw~TrYrm4;Aom^Un(a2O{w2rlm7?=N(9^>O#~9?Bn@JapL5WaskZw93!{xddR~&OrKf zX?s5J-#!EP|MSmcJTL|rHKHL2kqVQI{1$CgaR0BXho_sx`A;t|FVFwZfBq9cIepEx zMh5Qd7Xtq{*PscEa_sRf3AjR+kch>yco-)MkrX90uo@M~FtwQZn+HM6;VB8!N#r5& z3 zP!BCEi$|bPREB5>1R6+Bb;w=h%5!vNFU{BM^&%J)6k)hhtfC7O;?Q9Kz`l`zLU)m? zh)g7TRFz0sJfenKnE_!6I=RB29$}%70#zYA0u&g?%9I2*P_17Ag2O5mWEy%9p;N12 z+`wc0l|aTc3Y(~ZGea6Fm4gq_4;*+@hVNe#fCR^BiN=s{#WOga;g z7RE^<^6`jD4FT~c0?3A$+SgztLI*IQ8abMP%5|^`@*fyT@J!Gd*(ysw7)K-Z9F%W&so_+?+zzPK-BN2Hx-9i+OO4usajxw;QMFRu?6WGorn7kPY2w(#wMN}BI z$0ISbhM2A@eP>uKx41_cYBB!83QUp?B^pEY@bsK0}PbP6F}0SwkPt^Rzk%#P?)h&;~*)mE2s* z*7Buau(mn2R-&2`9^Oj6@i~zy44yTZ9APmwC8dx+9{-1^_#fzh&iq#+a#W}ORsx{H z`S0p&Isd)g|I`2ek>9tP|DI*%fO~~A$G2=H?=MXpPm77;{l)3;{(pyv|B3$R%zr`+ zt5pBo`d@bbd;Vwt{bzpv>ijQ%xvkvP@%-Zacl*CX#Q#M9Q}drT;E7GvIk7+3^Zq4K zP?7z|&D%2nr;nG9&wum(pZLKV4Mv(w6f&4Zlwe%5L61CGi*hYBuvTk)baNAR61nos zw(4NKSRCgNK(GeFq$3a+DZ~*v0T?$@Qw?iiC2%@GbY>FBrC&rq&#=h$bmAOX10iZ{ zJWQYjglQlokwi2EDn(T&X#la%mp6#< zfFX;A$|$Va5?sqQOb`f3hzSywjWnAQs9MQ+6oLXmH#gTrH#Z-VR-@#NL=1Wimjj0y z$B=G%;0cYy^MnxnjS*fHZ+JpTMrXa^sbQ3{UI1u_8b(zTlSzZ<&cT?Hg}`{W z6Ff&pC|rfW1R|hKyktB~(pFzRs!~B%0)peH9068X%gO=>)yPyjIjT`YTu-CGlpswG zkr<>S==w?;6)@(ghW&LoPOS=X0*tD_fmr1ik!8}SMj%R*AaQzaD3egt(UC_(0Sd2i zq)VWrWS%1gnS+o(Y6JT>NL64g!2u}&Zy`v?DI9_rI2rY*@7&{<6j<*0N8nRn#5VUt z7fm3Wjn>f-!V!gOwW1_2lS7vh#JEuubLKAzD+w`0GXNz4@f<8^OkEVSi1H{4h6h0; ztYlYwp&XH-utw_`p#Z7pFo_7+z8168Is$r)lvakrX3jWF1F0}2&1fi?gh(B(A)uZ;B7?xh?As$O7?LAWol;532UG*8 zQ4K0bq#Ry+N#9^f3qiw#*pUJ+#56)FOvDR~a6xdSRHtN*)Bp!12vVdF*HY^r=ozCN z<0yyK<2SZ8R$bC0n!olWqWF(If6g?G4Lc7EmANm*%}RueQgGi z2Rwx+$6NJm=Fm8Mj$KXdpS2jO0lglf z)AS&s2n3fXh~7A+(^Acs1%tIJp{V)h!sc6w z8)gcciyRt1wxvHIZvMQ$`TIqVk>WC9ry{|__`P&#ak6+! zuVKeDNT8>{RB}p9ARsxWVI&m|g8?DJ+0jh{qvVnXqYvFm5f!E{JB>sYfQXJqG?4Kf z)iyJ>K!>v04aA3aB*qtjqZ1q&fqbD<7ZQVH@p=q&8x5FC5s5)meK|GV)gWO5H3-{* zplbn>Oq{vQf{;LQs2mdN;w0eT-q09GrXwMtoDcCKp~5|m22UeI;fpYsstgoVg-!*w z^Zm4lCNdsXkW3&#JWN1@Oh)g}5T=9F zumRG;w1lCxKa}_yUi-1=YA8CTsD@s0C}ikHw3xh1XPX_*1bt1!tLf|;B3Zl|lbe@d z*GvmAj6gGrMaUJ1_$UApf>j{iokSo)7LUkvDg+lmh)5}d_>=-Tk}oQw#+5tkU^yiU zDcL7v>;asKsMe`SRI5US#&&2u&(YK{HIwM|CmfTPoj!kg_8Y@!WHdz3z7=j67Y61~ zDYKABAU9W6N`K_=61*{CY?dJIuOn=F&*YI4GI`|0Jmv+{l-1>o5;oNOj49}j#t~R< zfRIF#AgTFgk(y4#o_Ju!HkkEtl%Rmp8C9qetOg0jEwkDIsf}V9FkxsLP1$Z_7QIR^ zMTTi)h!*VYsVZWMDaO8I-tn}A7FYnmg2C06{J|Rn!Z8&BBtfJZtEeIoOx_0C?iU%( z!=DVwnT%?2&EeE$0L`p@I{T2pS+kTl*PRl`v>z@i?Zzbo7lr zC^&0^NFYojfG~wZ0O5!lBav8Gt5q3{PkJ0BX{n&XWFVoJC2OtN4*`EWiM++QPD7$< zL`V-Yp&nL=;z_m2v3HceFuF&mFf?#rU?_#Q2|0g&n*?&k6bfcz(+kJc^g?aC|02$e z&^Uq(^nX0f7=qLze+_Fr`3rHRmr6 zq8f-a0WmS&m4*>v0tzuH`^|#zs6i~Ege1G306M7Y!3r`iUJw|SC{UX?P=G*#)P`8j zJ7!`Sx6D9j8pjRfq9YJFq^B0;I8)!TSqtLWCCd0Mu6>yq^)E!>7P5w4Ay6AJjZlH&1S!OI8pws(M`k%A|r6lJSTT$1qaJ_JtX-yt18PvN>DQ zXPox`9=c#ULqq;c9AzC&WjM;F!u}hO zq;N3DAOOWBkTp9Rg$2N@2fH7mba1(xv3pqS1YkSuh2apA2&=U!L_+sIiNk@K1n^)w zZ_%q?Kl%kkYYGyGFNJYF%_LJD<6qE_VE`MWLc+N!g3)*A;m06HAw`%&8wlfse;8w* zU^bhq5eFsZQV7PC#NWhpZpR0M)_UMd!WsEjmj-(WSO@&|TzYWqL|OX3spFpkK3>J$nD zC-_XFx1RiDFff^&2bzFTT8#nIQR_LR)sgg7OdQRH!U81wqxlKab&5^t*2{3QJjF*w z+vmjuxF^R#2Lk$!CHKsd(Uf5y@a)PhQ`-RI2v*^d>PU!M|3Sf6V3&+XfJp$EKxV(r zO05c5(!n|>sFxzS1w;PKh;jrwUm=?uSx90+DI!#1upE&K6*#6Af(C^c8IRyXG9K1| zWr#V=%>hJVWXZ}vhFKI#%ML^p3LGaoG9J;8tX5U-@B|w;4ehtrDr4iNu!w1rwWdiR zIel!KR_QHERXF%e#lJZ4AgwY;3Y(7-Xp9gzP=Hzv!7BRyB(5V!@SaYI#=HiFz#EGK zYJ(}>z(4>M$*q&S$j#eVuvfi+AMm(Lltqh4g zM|03d3?vmGRNjO!exRyaKx3pk9kW4jM*$^%P)q~kz}UzXU`|_5`YB98VEKlm7)Dm6 z*I5vjJoaVsieeV83J4^ zl`^v#4I>n@D6ve4wHW;$u_Fr=#WX@pA*4RgW0LcsH`QJ^f}@z6zNeCqKpwO`Ff^b? zco~7gQ^{eib<+o~l0eSRz}$!@AUN}&#c-1S6Gs$iB3nqOFg;L0Eub&^fNJDs4@RSj z1OSI|S$r%^lDM%s@J4}BbD4c7i$^G}6g-eBg1dPz+nvy6D|0HDw-VYe5RMU)9OM>f zvWwCQLyXt^0aKTZeUdrjnxm$uG<5yMz$Om1)`Ep zSK}aIDicBtLQ(?;)hO9_Vn+(1kiv(_9m#lGSqvo%_Ux5$u*N{`9#CeObHeZ#^ST-~ z0I9%O)sL>MV?HLwFo2r0YgNz5}gCR^~C_(6uVJ=p*WoFS= zp;8>i4aU8-7}Oxdo^Ial0jexO4$9>NH5KCi$$<3m_VR2mpn%bHN(O=!q`<}oAsS4l zjE7K##d=0N(p4%%1(r~1Zx)Zh2`Ig!@QfZKiD`z#ncPT>T&Foj;yMKU1w85y3~3NO zM5?t4*40IQ!x1%>z_=HHr@+*`#<^|jKrzK+nA(T~9xTYm#|JX?7o~BU-@nex7oaB4 zsgEI)fKZJR!x1^fjkvO2I3rOg0mXrpAdbZhG)jBK%#pNa#Icg|p1D4T4uW!Ygn|{U zfm>h}FhyH_yKrB1Wy&+|RlbmKtqPwnV0z!^dtsfGV4hPHq8cRw%aj1$g_HBXJ*6`- z&Cpr#HCUOZfPWW43EGT9Afy12#bX#jdw@*&^Np<{xCnw=lv;PHmwH4;3XCz#5WTs8 zpxz;Y0&r7CJKFt9!m^Pd#)OmR-E^G3Q8nXl=P*BfpuaJi zfDIxrLX;v33`f{O476b>0!cBQM$Qf|gjthO0z#}yZUIDK0aqEJFUl)yWh=l$-)#m?S|jXax6DS^Hw;v~)_=! zfskTH8Yv+`V}&9F&m2vOQSpqxKzL3R_{_#sag*uO3$a-wERSBDC2Zu091%dULO}^w zg8(8i6~bg$7SJ0a9K~>yG=M8Gj8|mQMiz{k4FswLUHp|gmzlmTrojMDH>GWg9jX5k zhzbn3Zwr~FRS0Y3LRdqhLiWwKZHHQ_NCLFNVX9Dykg$+RO8A!=q*`J-N2tXSM6G4K zp;Y^k4DT2#|7}{FTfkdGP!cVtbs9y01>Dhk-<2@T8_1toWnme zcMW*MmM_Cb1E#~7*f)(aWR1f~(|3zc;nu?cm;%)9(bN08~n)5{9XgjzC@PxMxv*-z4v(_&w1zHPT6NFyn!Zy`s)O7Nc; z{ZEYkLt@mblp4dtp_U^T=@8X2Vv&AbfmAG4TG5l?+ekhxtp5bxUle>mBK-xq$Hx8w za|($uTQW0iDd;XH$ceDr5gU)AnD6YYZL3+=5n?>tZamaZhp&O7>b$QCT$f>Ltqw$Q zGX^&h%V~Ca-u&P^d;ZH*ySYH6}+?fE=w>Wf0Nv-i&boR1p9>DmA?b+Rp=G(=nXd1JckK=PVF- zoESZZRAz5xnx?o}ND#0PQ3J%NysyN2ske8<2;S?M=pJl?v0dm*=oU6F@-~5Rym@aTEmdgTn>{yA)8!1FMoo$uX%U zB{M8z_!5o*Cl5?QFpd~cE^s^8nJ}GXFzt>(6*WxC;#sREwVTCJm^Lh68iWB0xDC!5 zVwjxn1_3ZR;0Vm5*bC^%7|MF;NZNOZsu4l}=@BMu9h6~QcXWrL)R-hOh6;wsG$KZ1 z!HGyFXC4Uc(9^aKHUyrrfKwP5c?M1`P=8a65{MZv?upDV@CYK}f$0-g5ddMfhg84` zfyhOig&@#u5h%Yejj|eWoLQPpG8)G~%oz>>3*=^H0~58>Y-EoO(G`SH(n!Q00rdnB zrlphvN_Pm>2xvA)uDt~W5}RcHdDq2?JibZ`Wgqu@!4 zV^XA2W{Jv%nzIcFjg1KDM#PSs%HU0V9$Pq^dbVcTW3Ji=Kvb}S>v9Au2iFbhM!lm( zEv6%lFTHpWq<~SC4o3#W;|LLtspJyK8(59NAm+Sv2x72atw(t+0jn{adDP0{V+ue5y&{f`3^htfsqv~9#z?M)U@pM` ze5E7ssiuUK5{}6UI`)jF$-jq@BqKf48*ZE=Y(`!LlE8)>hN9r^85yoJ0Wp^>YJ|j5 z89|9745#+aj*dL$o%K^BoRmbge#vo|Tl0#WZ-$uML0TN_HxM0=M}!QAscO#DaC5d= zgb5_*{9l>A=r$BLxvUdTo^=tcT(+`x)qJm2xzc8&WF6a0Da7CQb|4h0BqS zU1htPKJ36=z^65%>+2cKVY9RGkm>-S98en52pvJPv=R`mQ&F0NmL?3A!&;J_Y9vMn zX@M{r<9X09cq9T5)WD`x8B9ZvIE*q14*$RCx*eM6L0#3ZaH! zkWPtk4vd7tN>d@Qu;UU)tBmCw2#Hm}$|MH9A3rI{bR?T^JJB{_s5+iX>w@`zz zax_?K{xE%5UTUD~Q+#MkkK^QIK2*!q>OVxoL}34bXq5r!7xU2LM6IjWS~5>6vNqWznX`F&#o^5S6i~ zV%eT@q(EwvLJgv4rtG@@)1u!0AtJjcLvB zPw(g~{7G8(QmITI-wI^0u|*Y-}N@>_+>41h;=XKiPl3zxP+!{D1V7Eus+w zruphND#-up>Fw!mk^j%l!}Y)XfB(oYi3dUawsi0EB@mx+7E%2yWcnP#m16o&N4|h6 zP8zfbRhG`^O25&NW^4;WmD`qlCNsYSgGQMOzt^rEpS*u7ca{e@E%+g%Y9QmmKKX zZuTBWG;#z7O{h>ghpjY9;9VH1;Y%PlYhU0*KF|TIe2dbcBn6k73Okv{{g>sR(e_mt z?ir~z<`;=DRyP*nD4ua4OZ{4L-ELR`)ORf^&8HUu1-9c?DQTs4e)w zv-Wp+lg4PPsm!#oHo7@e$z=BlKu8!>5fzIoMinh@3P>?bg}|C}L>A+c;WS*XxH9oU zz>$^QL^S20fNDrYX(`f-DA18IMi`Znmhq@uj%doxU!V~2nJtpVVAjH9Jk=hj!^AA_ zzM{X&oWS@iOU<9@yYhHq*{2{upDCou9Ehc0{wB#MD_UPzlkY#wFq1$j*Dq9wL2phG zkNSV|-@F5>Q2%GGRfM>2zX5@fA~KQu+BUwd|GT+*d3co7|Np!H?H~Dd=)h$6hNR%g z3<$u{$J5tfBFtrvC;>?kCWkj2xz(WqkH^i60BcNfFo+yVKw&y=sXQkK^^tLK&?zn< z1*TGAda99tzO>1g4xrJaWIX!+*n8LRwsB=a^nBg=6&R)W#7CTFfaN8Hrj4Z1<03wEZpMgx7p?hBpf&PmJmCC6EE!yLeI2c_u%K)<>KIy6!Q9g` zi#Rz*1+;1+XMG)pbjHwF`ya=l0Y)se`bJ^o>(x|j5}kbLoxM9f=$&`>-ya^IpLBb@ z-#(n~zxiqHA{vmP@SsT@7OT}tES$=qS-K=VzAn*-*kVW?d*vSfruo%zvA`BI;$SRs ze6Vj#bPcZeFLqF?<&q(D$$Dx{N&!$dCKFCUji?Gd4+$`p@Q^^zC>!56$2S9ElqG&+ zSFL7krY6hPBrR=2*lLAS)M^PaLoF)*B9hOGH&2hrB?+I_gHTId&XslzUk#92#J_yg zJb9O_Om4B7$fi<5aVe`k!%)^06&IIDSzoSe-qUKSyX)Gw;|fx5;9>$LXp34cy$Gn) zLIMBNL#-A>(5ZQ2-TDX+E$2P5jEgc%H6I90<7j087`CU%ngaGzf*L!JW>rYIn(Ut5QN$wycrh#*kjOkc#t? zqhj8P_odjxt!ZL$G-Eg#vk{0#@$FlR;T?b2KR7=;$*?(a&8bPlY34-*nexwDe>hxV z5pf5*ZYX6Ic&GpP)?CjG;pD^VS!NK+bk74a1k{86j5EQvX6(gVbLH2Kv_VJ3+p=NG zviLee-@aLlsaedKG$Pm(|C0tkYPA3qKgF|t)$e~uX6JV;h?`peV2SehR|$tLx*aAjIDK8T}S>;uV(X`A-~$# zy)1GkATsz}QLq3=m)N5&7DSCk)@8F}zKqLo=Q0bGco}&Ut+{k4P?PI3W#Ot@xVA2P085r8`f0s< zVgyF!M8P=3E=f9c$TSeMxZBIjRGMhbqmpNo&9$Ka`&RALdKS?Coll4tkdQkfSS%Ib zocw=V?X9f-Z@c~C#iRc3E}pMnH=m(PI_-cn-iUfc?h$XM5-h_B>7Zwu-@Y|usm8&V zK!@j2>N%~y2b6Idx?D@!=cnjY(P%3v0D+K{fj#Uj$&t!RbcL>w2qS-pUOb1NblQWU zhp5>~8k0Ov6Z__~MiSUu_o1?F{TX48jwo>v4g!^lpz#|~twVVs`;ZgiXh4QI;skvD z&_80+Hm#AQ#B(_q*@Kg<%3cVktF?g&NvO4#5b`}B!}V&&Bpl34$l6b`nZM#Pr3Gq1 zOzt)2kDp*#oj3It#TsWUa;R2PvO+S})Z2vz7=+XpBh>smZ~a|vS*g}kzl)$r`S0%$ zdsMKF0wh{~S$~SN&{?(D=C8u~e5{?LK`&YHWI#OQx>Igi}7nCorkzhKV zWz0E$CEgTmJMA{&Q2^>KMHq2p9+jd(c@zl-Kb7@;oX&{)kpDnO-$Q)J020bYA-OovXR>v3jW@1F{A z{>6w>f9wJ38z%1Izh=g%P`gP%HalNiohNH%u{NEcIKB@o_~@jQ6n{(1LDJ~C`FGv{ z46Ul2U0hhWmeqaC39CCvBh~y?Z5puS!zKjTU8eWb5X@II2Vnt5YnXuZw=Pwy1f#<$({Uym}@Bu7sA}QUg_K` z6qA);sDpF0U}7)Tg7C4bLVnyu@eL}?g-mvUOYSbAn6sDIa%JVTwFVxN5Y(EoU19EY zjeb8!m0n<~#?d)W2v;@j*nf0Uim-&)~9|`mR2=iUm23B3_Rx9mnE7V$IMmnu7Dx6jm zt%<;^--y1+EfP60C5yqB>2FT!rESc;`>xL%!w6<^6^DcbBJwjyiK~~Uz~tLnAiVg2@To+S z?+dA?IN4<3eMt&|OX?LNaz@jhs<|4JHlQlbfw>UO>};9yU{{z~b3W*btJQ#SU;u(v)nW3brgnYtAp!BiwoCu>oqTG@%)+Zmt)XN>a-<*9*>i z=>)9t_goUzd04(YG3&T3^e@$q$@{qohNd%i7Gq{{R?qpUSyHbCZpxZ1J)PAObqUDy z2C*Q#vYfmgBno!v!l9a@#Ujh8>(~ovfz>#%E&M0&Yg!H zqHRyrP<*h3t_`^ta_mH5?r3j4@`VghFg~YTHapV>=OrhL*d_ED{TVS~tk0Y7Kz?{r zQqk&EnW4v?hX&rli&J~1-lcna7s(?#nYRBVYRojSHsm1O0={Eh{e3UQ-VskXG|pVKHxo<;ry z1Gb84>#2HKB~?D_?(fato6THb38B_)r$CKbIU9pDl}c3m;xGy4R^D(Wu*zDuO_PisfFA@3zz4S;(k5#!A%0L0~Mm zx2w$FVs%S;xcp7E?C{o`T?C zSNH`7ke?%YS14qsJ8?W02PyU5d&mrvQkvYnmw*Q=Zc%u=yu~XjCM*)x%Vr*$vf#fN z^-=S8ziAb1Sz&_WvRUoZ@BXLm(Z_=x`qVu--0z+pemL&@?!#4}sd5b~UIUx7kEBku z!lgKM63-j8(BTNlRdS-xLsZ-LiwS{XPsnBdQ=uiJ3DJ4fQn_Dc-38FD93w0WwFQ3| zo00t2tiVdsK+MvmqR?AkFaNBvO0BD~NXY;@@$@&4RSr1UzgUEZkXZyA^9D>zP~Q~q z!#Mj^oj%ej;5b+%(W#C`pksUK{7eX=$ftis1YN1n`$>@fqy6rQs`8#e(!CLrP0q`^ zq?5p?+)FSXNW64oyg2EdSV2D%s}bt7S33&s{f03g?7Ucvz$>JPcq zOX_SOs~kYFWW+Q#HR>Z4x+GNj^Lr3g;);bA6^l`opjUYsL1x}K^uK=hL@p8w>0i_z zt9O*}`ZhHcdt|^|(^-Y5Q?^X~O>%45O|rnrsdB5-kjj@`5|_`8dZ?vxbIPA~*dNZ~ zbTgl_dap&08up74q_$NTDXh+G+TsXD863Bo*g&P#09Om937j0Jsng-+T0oeiE8=-7 zWiI5MvNPU+M>2R{1Qj|7Q$QTeanZIs1S6`F1w`*Y57~ z$Nm3K9!qObCIHBFcHGTp<(vC~W!s$DzzfZu*KcwAE;g6`LHBVm*`B+kn!i_WHt{Z? znyf?tH6W(rKh@Zzoz?8Tj~mqD&jS2EZIWG|{mh7LyJ1lS+)9@bRx-Aq|N7j=p_^HTubPPlWz(jRr4vh(EOKFH1Q3 z{0*%Rj(%Hcqidyix)jFhc9hi#;6_C=4|`Wyfd89R{|oB@=kWinmpeNd{=d`Sd5r&i zCr`nxp)u*t8a`t0uPDt*ejGM!Af%vcT)=?D6u>mIsa%X=PFl78 zOVB^R94>YPFjxL-XX$_Y<;(3y`oD`OLmpY$FQe|B3OKdAIHo&V35napTbtt1{g8QV zzgkSrCXkmkrEGINAVWD#F$=T{R7o2q*#}Bx9kbE`7FI~7%~>xkZ0B=1Jki`b^{#So zMb%Sa0*8zaz{|LMO@s(6#F39I)j_Y@uU_gG0*7NFPT+N>JSQHJjBXC9O|ckGj^KA8 zwjmTUk93fVM*SU#c$Lor{68JbdVw8a-u>_M=UW;6|9ofXG5_nGJQ-$LnD$QMwqpCK zEOx1#p^WX9M>PitZ`u9hhY}49#}Am>vv?Rn7OU#yx3rpU?S<-3r{q%YJV9O0V^@g! z0~YzNm2;MBj%=~#EqN1vMM6q9l-; zLFF{_CGhBwia22wH{(mY7{zI}lHup2{Mt>&8i@9Gx|@vXu`JM*L9F&p-djy=osiML zQ8++@c|pjgL`+D;5g&#)Aaf88M1b#nFTRgwf&D*k!Mz&&PkZ-8R{y{AeEa3&{(l!w zhL>4x5SgQ2+Oe?8mfuO_g%inWR6#8>JZ|`lZ1^F)q#hX)w}VF5ANt9(5m*DIs?P5OXdE6JtadYwXN&LDt+SjwW-ww zi)1l+=wplTx8`7n!i=Aig9o&u$_E}=Gca98KUsr)_1#_DuIyQW|I4%6qOKqC%;W#< z_R9?aZ|}T({>cCD;>mCi%Z)ja;!l}JQoJ2X8E;~hWF=1V_bB1lVTOt=!g<^ONh!ar^UtK9~eM^4E|PSx6K7Y3NwBPy1p!6V3o z0AOvQlodyJIAoD88s=I8dX95H&j~?|5)%QQYR<89-(}8QcK+!2RQ9-y+{3c~|5tiN zzW5Pf9{+#2ljZ;0+wDjDuRD3ZR)j51r$KSb&GS`}N0wiQY zE$w5fSF6nY5frD;tu;|YKc#`=QZJ?Wd~SMJ&yHCZNe{NX^8B&Y3(>L=|A*}z>+OAI z`v0vLJG)u=e|Ps$|9>ZsZ5mo4$Hk$+QZ8Ht!d}$|krFiRjpF8ga!a`(@Vtn*j|SCE;xV2mxV!*A3%MWQ(utq(l$ReZ|dMpzIM(S zv)(Y20puB-5*CT1a_V)R0hP3q8dZT=YHS#qzbYtJA*?RQPpa zTNG$nS43q#{@KWAOZp$)llNiCoN>|cY8fDzy;tuw$BQ_DP6&2A!a3Ma0^;%1K4xPh zjPq2Ny4_u-$W_5iNB3nRZ|c^h-VszjUdqd2VFZ3<`&QUPEm`1zxkuG_U1S7R+)#lp zZH5SHbpSGq#-0LUhz}>kjXV+_TlYv(>akucrcqX-nHO-%s4k!1)EfAUQh`l@#Ahza zJNejei+pZUJ670e@H789(O<(=C#m+4=Sa7uk> z;9ZD^AfU5zF_ql3cB+ zEiP_GGFIjPlfv$*e6Ol_`f|fOIhj@4z@a9x{#U{9i*p&OE-Uz7GVpKTI<@%Z zvg6AxyL_e>E)8|I)p>1hN^(L~x9dMA1lx_dbzdrJq&h4eYZ|C zs5OCa1 z9YwY3EXXP|ippjcUpE>|5K;z&WKvKk<#V6X3WRypbNvr<2iy5xmxT&WH2)A;^T=rH z_;M%2M9o(Ky}LacE~*Mb%kkNpa8=@8W>2naY2O~69e3X!p6?&L{rE0Jc5nfqS26T) zIMX4KP!pmXG&76il0h^sKDj6ToqXt>y*oYV{nyd?rw>OT-yfXsAD$NX+pNKvoAWw3 z`EYu6e*E$M+k=W;=7g?lR&mQ(dqzC4cl+J5ZYh}acD?&p;C&jFLA8XTXW?*udT?@d zxCdFC&)O-HEbKH3L_*kBeBi zc`nGTGta($*mv`;@|0gt)#Q}UFhrA552PrCb!5I zSKi57mQ!kTuNY1>FpKFZ)Xo(S21Ub)I63%2xuE_yaS2&pF{vg$R!gTjkB23R zG&jBnOrg0s*F6KwKN>8&tSes48!qB^uy!}#sQ-0zesJ7A^1tr{}$c(@zJd=X-}IzaE?}J=h>5BNFyVcuB%N8cgK* ztG@gxhqHHZdRBp)bCf+bHU-_!KMwx2d^g29rGll%B%!Veg6@(d>z06^zLvqxG+lGB zr$CGn6x0|__Rd+}(7I=W+yqFUkRD*J4C>Wnp9un-%Q0rrvj8uGR0CluG zkRRTZRI~=6?yhq82R1LOBr3$YCtsFzm0}LE@CBL8DH~IGf_Y8UnxOXfOJ~d3a@zX# zu|DQlh+J~NvjVW+2#RveZV{4A`!;Vykj!%mof~hTcz9N1U6iKSg3{RrgHl7KbW=gG znUZ>hGWDO|O1faS86FLXg!8jWNce<#Zbd`cqS>ZKn0ir2>NJ%ty0`*PVl$n?C(~u_ zj#0KyixhLuLUoBf$UQZLOt9@2i=t!(Iyb_}Ok2w$Wu}=MU}dJI8=+;UttIfX>Mm=U zbJe_qLamz;bFNxKX1o8psqgXDuVPv&$-EqYF3h=H1D7(XlPeak=;Dp}BQxLy7PMsM znH>Mk^%^<#^Uz7>wvWH()7~e(6}E}c0-#$KVoM&F=Ais7-liszt~*GC5m|{>>C+oe zqLW%eZ&k3)-w`=i!!Jk4ae)0a0IOAg!G3slCtg!iU7XBWfs$#MObs3M zwGQBF$!aBXTHI9%W>ezQXxc&V$&`h&G&t#BHcE?2PM*c+2Q=-DQ zHLEJdFbkRIQGfgqigb`4d0qn*?wYCCWChaq+;vi2UM4w6&WvZdiPn(yszmw4%sD06 z9p#)@)su10O&Zc!%rD4n1N{U$x|PH{DF`LvH0G*Y74OQuu$>$c!f+IQ&)n>muZB}N zv7}0Ra4HBx(OpLYawk?#DgDQv5#iZmDHkj>mRp5q9Qqe2?zK>U(#?VSSu>Yy;p<~i zhx>b$i~q37_|Lm9cekHs<3F|AkMSSwv2S>|;EN$9NQ#lvnxTF&@QZJc{}Iz+*g$|32|3zI)TO z@5AWtM-50(aTrZkSw`7h(Rig9)6M3xbU=&w^>ZV5jA-!~(IP{)w;a)8^}#0YBy2`@ zBa4S6`GPy>O1XQ^OX)CY1NE$Oz*Q0gH{Y%Hz6Vlx4ltM1ltxi6zIy zOEMUiL$q$}7PUb>25)%`-eNtg3f^MtwXCossXPrce>e%5&mz9Zrc)|VlZ{5r^?4BN z{p)z|*V7NjA3pZZ_ddLTe|T1bJT` z(4rjpmxaZuwKIjvnYcYm6|-K~-K`2nNsOSQ{qD*9({VoTPAbWDJ!(r;nLj`|G94gj z?w$uta|i%bw`F-quh*_TlrM1lSL5FM^`ORHt;Ri^km9{L3q0Y?J%O76l*WE)whP#e z@79Id>A^3D|EvkOkc{Y;g(3Ixm)bq>Xk_(JvxB$Y-og3)alIZSU)VpcJNCDS$NTl0 zroNkR+HgT7cTEE^%hyU$$j@blsgZpL8%8Pz{tfW7chEiE`}Mqgc2=8t;BYuO$3oQR zAi9rV4v)_2vnc3gL_JZTQ++%=s@HlHdL{co?d{+(WZYxOxW|xjD-Ib~A|-ypA>VtS zyUxgS;#T5&UC4(ME^LLS&-79dQSLFc-D7CG$Iy0a>VXydZs1qoZk7vU^m)E6yv^$SsMzVgWi|I?HIIpe>+SpjcUq24g0f#69g7gTP`7%_KWfMD^wC!LQ3`=^P;>(7z)>{ z$}Yi%*~invxgd+7)%m--`FH+*5*XD3M?w?vw3kvR*Oc78_Yy?eC*$quGy91rA1 zZ<$m^DO9R511cP(t;(CT>6?Ac(v`2ucB8QEo7r)!R98L`B6ydLi;7U71gq>@Q0&Vp zt^7tmUm;^)u|i#8ag)ocXNp_9ftIGY!5b-SikrNDUE+Np(keB4C2igml~$+mD`{~h z$n==p;=i3X#VoB-AimezC{)|XCYe|mK+(1pO zmP_>v5k;GS%%5(>9d#*J$=y)DZohh2&JYvYSi;vbU%8ggWp1uzSpmKW%}#-O;4#Af zLyfRsgFQdEG!qZxR;k{N(o(CM9@65gIp?Bjp-ZM^7q(ywk9i-;NouuuAM#4+dC3ck zYShVIkm}x6!DY3^wFQ*9!pTx3rJGrTm>x(DjRFu?WnxHu({6Q;c%g9g>07P1uK1KB zZ0NuUO4Bct_5mv)>iiE|?X4GE`TP%CkNF?&;<58TT((U%2NgYeflLnNQU6zy z%VB=DgfzB?`W^GQFJ50#c)S$Ow~d7hYx?JYv{=i#_ZQ zB_poUw3n`s?IiQLs=FSDsi#sLt^+c!tZLN|QU$YviT9!!y~lf1uDj$*w*6z~61nNr zXx=wPv#rM;WaGCZl}P5b5{cw{O9w?qh16SjSgBDJHB@5NFi%91$4{Hw?eWS(dI{;S zkw4S*ns$MvKA5NJGu2t9y;7J#{G)lD%_aEUXzZ`GMAbt0m-bhCG3LxOW*XKc6Gj5{ zExFbLZ>CVH$HnB{6$!ow<;WoBSaA!6|D>jpFZQ)8N!Zd7HHvd=0jIoUO~PXG-@>9F zJoDtg-QBGG*M9!|QU1G=XA#NH7?a3iDtf*P=`Pd#%Eh}(`}Zi{ zJ&JaZqTQot_nnA#KbB;tv!~woW?%5kmH(Ux@uqa_vyd#?#~k@@Yqy=1|D;s-DF5BX z^8}q>AxP+RBp6cbtZZ8b5%pZ^k5Pb!7kEs#(|Cf;CX^!{1wibGPl)HCvBw4~Lo)Tp z8z>|m7W9&U0l4)Z`)=b2^2u0P5U#1{fW%ez-~VIXK_7f?hL{gE<&aQ7LgZ1OI1OjN zcis~$B#kF%4@eMw+Up^ghP>g7sn~@7tKm1C!C&Df{NKEoj5p=~%%A+y-%J`B;Ne9S zAg~~7JahO}(0Jwy@I~X9Bc?&)+5gvgf@tczrDS?yPcu`_RIFp_9Ok@#q$K|(A>TMI%+gNCx860 zHW4D=oz2awt1H_9l!fEXbwoMBK4Jq&2Q5YN%*S5hU^>M<9+Rou4Ec-;GDT}2PWRuw z@2x9>$37y{V1ha2i1`StSUDX~kBS+HEzCzoQs=E9n+6`05|Ptr{K7)?Yj*<$9+5q9 zLeOV10pq-YCF34bF^L9J#*R(zHF}GXkWIBG7g*)DCV0Kkc=80D9sRHU(?+A;?+=;J znMWEwA-NkuKM1=n(v^|vQnl~s*LK&YD)qU*o`>l9p_8%vw=@|qea~;Yy*Bw~j zlaPQxDW`()Mx%uiu%ouq-u}7KQWM#he;|qX@~`L4R%<{6elEYCd_qCUE~z|ClhAC= za?WxLk?)ewo5>}j{wTy;gwaq$A<_5+*k~3Iz|}ZoF_y}g3RD0R`KQ5J@Sg4`Xx#4< zQOW}7ekS`;@t^d{a*HB_QTSmpBBMiEGNOS}|PTWM?PW;Ft*_ z7hzx4Fo0DZUr{eIG&QYv;CEW6O88{>(B>WFzB zyMhk!z$4s3sTd;%UJAc7o3M~P0jHP{8pb$%snkV{#x=@6@kk236_vlyvrm+pfFzm~ zKb2$M*N~{H-?(lq_AFZdKA)S8^}2D5`Z}Bk1Wq|6W6DK1>zA*`J1CC!L0&+IvK9(; zwVSN;>Yr=W_o-JpmHG88=u`$f=_fr}ben`#VV5KfsY^KO7gSzf)qEG6-EBk1qyj32 zj)})m0-d<>e=q2eR3@W-x<^RH#74*zGTujmNoav|YXQ(W+wl|xGacL#^llw@jMHH; z?qGLH{TKix7!)^g=NNQL(9ufj6BdeW+bQUPq;JE-+_uRN_eD?kSZ@V7mXTr>d9KlE z@(~zMG49xQj=?=)&nlr4hf7n;fETx#-O=N{Tyr1Eg{6Fsu#a#U;``j>uTlT=AAPju zGQz$w6DP z?E8FHf;%dHUN}zV-Ljrw2Dy6+(B-?t@@$AV50nQ~Fw0S*_apq3BnxkmlN(J>Pz zA>qW&2`BUGr=e51TbUkvI(p?{p7}qp$8hCkH!TY~kaB)LcoXQ*5mIUDm97Z!35z@z z4G7|-Qf+c)&o$~pcKu~{Er5>Xsvoo*H@Bf{)Dxhq6$}M96cl^j3>h&H6x&*tQbN%0s6@KD*AvX|NnR1@d8i z=-j`MXi0-p>Qk2t7K2eGbPDCe`p~(5AyGmHZW)&(txD(=%7^u#bN@o(HR^Z0D?FyOO==EU_s|DVrT zh>#8j z0Odd$zm#Gk@F67-vT$mQ!S;`3p#k;XrH8u2vqH*>Mhim+2M-!JE8Vl=JpOaEUtO~$ z%Nc{83c_PdeV&1l-sV-qOONm-&&r{r<3Ur*+Q!CKLfVlNKA+? z%+>oHKC6R{l-Bl->rmDyW5Upilm~4LF(*^NAbQ^ndWF!TzFQAE`^QrHgZUd~BA60+ z9@w*5=$r>xTc)BO&3QhJC=U@(D}hcyNU^F@s6L}xwU+MwmYe%5&mz9Zrc+vARVmL|Rx$9Bp#n{rOB~eoJa$D~eHqt5edhN!WEWE= z$TFM0M~iPqg7m0Vr@`xqB#G_FmoUt|@9ql1G! zax#iM*y*u*iTxpQQ(GG+LQsEvXC!!y`qSCDHO>V=1<wf8qGr$XI@? zOdGcnxzd8J{+072uzRfVDNugLa_tMTf+|xk8wsedVLQZ}Bp(c>sSb?W%ld+FyGG|B z_FXnb?Je*K#6w^%UNFIaG$kP&YU7*pI?&1a=FEW(2u^E5;L>vSedf242`vJrTd}9N z=C%|9WpSt0i7f-22P;;t8h3JDZ$&*8`N2KRXT^L+LT8^=o^Eo`K`sr^hCk%|*a^xW4&+u$S%;80 zt{aZad3=hpRHiu%4;+r8Da0;#D9^1x=Qr$?GoKW6vQZ0C3K2Y{FdTQl0G#K5@QEA zNo5g+kb7uNX^1`)d3I-3MV)u^%eB7DPPP)`OSDN#fF*x=u^G^gwRqSs`>j*1I6dpF#yg-_I=GU<|MY-BRDR?8gxdk-nQ!^5(=!8TGGI~e zURv$UiO(s-wx#}vg;O2LRzWTo#ISUYShzHBR{|Y7mqHDzc`GiQ4$%)m-j^Q3?LF71 zA4e!(`p!8OLS=rB*=Q^e_qj&>-JR##OCwJTIwq+49D9WV+=&xGJgjG>lx1a+sNy?z zqJ_*gm~Lt5;jH+%M*Xkf`e?0$G0i>WrJ$3}-%z?|WsrcLuR*)E8m2w2567I>X77xz#WN-5|n3JC@1{=;h0o2AN{`tf^!I zuH;Kqkp(21Qf7jy2ii)YW8df0x6ia{>FCBMpZ1m=$L&0;hmJO2+4C@+7TegJgzS>K z1fts;bC>>!X+tP9RP{FipYBeflN;+QG^a&(f#upS`4#lVvZ$KA;ym~PN`r-Wp|$I0 zp~Is=6>Q)X8V!@}i*AgnhA#{!UuinvB;?BI2X#Nzc1Logg7Ps~2Q|R*b)qPeb=VG<2Y(odUy%2WwwI_yj z0y>OaNH`qUI9dyd?~-ugbIwhll|VJfXC>z>4IQu? zJ@l#AGm+$qun4s7RA)L&2cCOyh_uQ*3!tNPSMOQmmzeUTprg-IptX2#u(>tpRNwYx zq4NOYV#c~U=y2+iAuc4RRF7TPm9Q`nN)wib&hjH#<+D=g)H21mRu0G}k07?Z6H`~B zl1sl=cQ*I-tdc9&Gd8GzPHb!N5FmqY2|B|{la~tU#1$V3cvf>4>fuXLQ-QIV1_N5Y zzsus4NP`MG^%NM3YcTE+LMwz$Jq5-x8jO2`&r0?zjXSjz7z=7J_`QN@g}75sfl*(B zale4kV_g|^>M1am(qP;dX{{DIH53?&YB26~*IFfXYAG-l*I?Z5p0z4@r=9}iMjDKJ z;L5Aov+5}@ZlJ-qdnCFY=v3d>EUv-0N3Ogo=+skS{CFA+4V`+vB#US;da~i=2Y2IV zgyWDH^+k_~Sc7{|r#dVWNeYUOcy*?|k z$Q2}6*Lk=GP+A1{0&em5x zHtEb#b36gGt-GlOTRQpjAWU#G&uaW6GSC_EcOi>PoQkgze6&+>C0V#0*mI5g?X9il zL&_FH$I41p)MGYJ*@Fens-OdVd3QLJ=cPH0Bo<{U*$=B~#+BN*it5&MEKJ{x$&4Wtm5`Gq-Mm&3<-2fX^3yvZ$4I&M;)jrp#eY5&XgMnRI zR~)?7F>WnsFkSxviGwTI(KFDg-n24%R$TWXZdxnhI~nLyZ(2Xxo|S=4^``a1?O7S< zRBu{8+@6(zPW7hs!|hqZcY!z_XhJ^?pcX$&_L%G>XA8FY~VgCnJ|P+h6KJ3@>xj?6$71rklB0y zrJ-{{W)B!bD}~Npw+8lHqrGk+`Z(xtBzLMy>JoRuju`^i5~*}rXGguwUhhcrAC3ky zbDOI3YflljiE`N-cQ+#}3p$}!i?Gl&lI85&BRB=DQ*vpNOdL^uzuVYKpfe>Rq{EuK z`Zeka914Ubo=oNL6>&tq$PN9$-S@3zM>o)^W&QQTMi8E3*JOI^2`uQ)vSnf+I%d8y zhMN%Vdh*Dw8@<6Q{oyI%v#Yt;X0F#w0MO+E~9Ksu-? z#l+@D=Bpfa2Q^=}U%hO8>lZ_(GFEO;jNFj8l*gcXI1zJi19#ptp9&V1Flm+3S4=3F zdud5sFp~zQmuf@B153C!3rL9N`@4B=gDV^8BsR&mcS(w}j3)^kAgnm{oMpjel8L&M z57{Lg*9S8jaJTWSCJsh1bmBYAe!9mGfrd?7Aj$e!ibVJF+$LpFUy$%JdzXHVdcfF_ z`3y3$HnUN2O)ZQtS)q8kj$}uGWVid=CUn${&XgXtpY*7qqZO=+07qB3BiO7MI?3*K z8hK?mH)*acnX*Mr=@$4sGv(ECxx(~LzQm&kVP8nBDnDNzwgn5LCjhOkw zSe+OP!8?AgmEsali8W}wm!UB3c4p`2^Meb#6A@W%o(tj+e02Y0*|W?>E+N7_#q@wjUUOC&${ovTd*YVall-Y4kQJgVZ;TSzE^*hn=4!5j;ax>E*{#mQc>AX1YV&yJ*Y_Vop@d+ zn&uj5nlk5^8van_eo(d&?qNJD)}z$$_^I;rd1&xiiKmZ&PA%){AI@sJ7&;|}Xg{0< zS}}A=4AFi#3$$YBlo+D@a29CA&?zxQ`{69m40LK)PycXM(5sD+O%ReBsQudL@a4`eJ zk5lG()E}#{H)|^7R2DBDI7;naC%OsRQ#WWQ%tbwOPJfu*-zzzzhXXvU4W1Y}r_3Xe z&Q|_-OMO=o$eMNschz-c??lqp6$>x!E33r~q0?v>m7|Jxi9eqo`x@7ZWH`u)D-K+GeJpO9S= zO=qo;cm#8Tes3V8`b+MllQ+{@%hkW3DTMNgIpsha zjk5_sc)%_tTbxcIYcXgmC&boJ_f55a98SY@4--z0sP9-RN^gd!(05@RVHA(c$5Y~> zzBSao(`a-(2t**+xHsEC82zjJ{s`=f)txSfWuk;9nP4q0ZEj(EU&J?AaL&o;~ZJf3XM#W!y825yNMzoj=yBKh_(KCr{9x zebWeJs7Iq-xI|#;aar^U`m7lz`qV>*(`h6?11a#>y54lzkUM&~&X7$vlaPy>6L!@S zY%}s*5^{lkw-u@eTe6LoRdT)2I0S?NyWZX*AI=x zTLl1R0$|n@BcEI;oKP)DP*TC|sFZZ1i(QhC%US50vr|m{q}&GLbnJtjw{J$xHxLWa zFr+YUbQyU*3Gsk>R7h+FzZ6HU<4FRfVQ%>+ETn(Qjy%MNSgwvFV#@WvsXz207bvZ- zkg1ix9Pp~Is7cuZ%rsVxsHA*0P0Kl8f4C*{{vPy@OygX#8CKQJ#zyb+*uP zG#!vo_6*_wcpU$)tP3c1Y6_utrjyL)ZPQPW2*hXpa1t_~MI3l76==#_Qrc5ed=E-@ zP?L>D&1{cF#r$S|f^lR+V55Ne6D(zAYgjd4>_^jHQX`q_R%Tpf<=Qbw%B}zHzB4`r z$=c>VB&kM?#E#CnItaiD<)-a zkqN(YP}k!u-$x}mve53&B0@f4SH9Y!HG9~DJ3soDWKTK)iDV2al4or44(!&f2yxR? z+h}xEE^)yE(=Ne4R47i^ zRb4^?66#w@`WN(Vdcq;ebYwNBcxt*yFvyk@bLk~@Be}GCP!=|uf-tKbZN?F4xyB7WoT1!yNhb4;s!7Kqv+kbDVc<_Cj~H$y{$T+8+t zq%CUh=LH@og3%-zINE+libY{TD*H_-$84_KX9CL-CZ^f6KxvhE^H1kr&j0Njqz!_Q z$-@R9FlX|GBvufZ7-Ha^3w60tI2-oJHL#L_Ig+^1CJM&qlL1zLNv^^X=9=)|<3P&^ zAkr%MK)2e98gRo9s-m5%2~+-S)^;zOm14TKfMhUWvq%=MD4*#3F(Zp8R+aShEyiqN zK{DNxxNhNuvMF%sP;BUmLp&wk9_C~N5ohe6uT4I|A#vYEl4N`N`5~1u1RX{g=fRGSW(y*k?Nztluy%dxqm-z$@X0k02Pcl^_ zZZ(DX$4n5zN2z87DQ+yT6#t!Hv~y`p-LUD*Pa z6X7Cg3^qYaAhTH^+3b?IoWWy_#)s;9OtMgnMj_!7bzt|0L@8T7o3m$vc*!O-rb6yR zasx8kkN&r%_NG<>#&x}mrG=kJNfa?-=EIN%in-JBp*iT#M=W%8MD#CY7zrIkLe&SM zZHA^17i!s+P)R|Pp6F80h1S3~CWXljhF z;w72Ssx$LUVYBS3r#@tOvE;5TvCYvNK$dI>ch0Ye4hQc!~=~l+XCm|iCV9^pDZ|U!? zmfY}KvfVe%rYz+Q!@}2cQkmCSmNjFMlR29Ze^-he7Z z7O`+C{W6ayZ<-~uZKf)j#Z$%QRMOwA_0>f#$gG)6SN`}<#myv6ODg}AokzzO%JfAO zPb9CTAYwM_Qu4=I%(c?E#lbCy3#Hw4(7tk_!#-kuYs@6TKU2;lQn(vm#L*b+pHQA} z?!J7z{d^sTWQ;?&9ZQO&Mk^;Pmsl<}8&yTeSDY1gTg^B6xz+BgLmhdw+1BwsJ)m4@f{(E zbXp~xi%}s@^`8?(af!3uy4s%O+P(`iCt8Dz_I3N!%XO34K(@@Ku&GoCG@%wt4XE3Z zqREhXp85smaE!LCmhiK}tO+XP@?5x&I7KO+)S zDLM3r0??jZ>8Ct>6_oLUgmr)ufF}%Ow5|)KW>E-MM#tmnFR9a=?|%FN|HyRO~TKu)bn$3sq3sELt*uw5mM`*ERcRKZ1=jV z-NHUnh2jR2F6Y#!c=^z4To%6r5}v*gBkC$W6b6+Y^eelP zlFtU>(Lh&j125SIA~aVcIzxs0X+Z{abVWQbt@;3|q^Ld9)`icmvU{*~KHiW*jXdJ3 ztqnMfx)}tWuQ?;CS20b-ra2X%vuon{SYN-PT zPJKk}TjCL>9$@OsAL?_k?+#|#oB^aU&(mfpe8b2=Ko$@(Sl0PGWNz{4cQg?^hv;;ID7cc=r*oY%$e34yO>B(CF$+SUu_*~G-iyX?62L-^!6SfR*)wc9 zDV03OCQD$+?!2E)5VppP{JO#A$;bhY#Ll1|fr3cVbLw%wgc3LwQwFYEN{dI-C zlB1Pn(TW4ZX~mp1*vq!Fi~gtl=Y^%h0R6d$LSOFY>G@uO&+LzdaS1jwJ{yUGj(rvqSE(~#L5iap z=+0H#Dp4?Q4U>?dlMlVKcc%xv^N+oQ(~acM{kPU1C*5A}w-2ZL)~mzg!?XRj=iSqH zz5LtXx<~tmrvUSlcl+J5u7kSz8Z0DJ9rL(&=wSS%Ou2_faaXpej$W10MF*vh-;x`J zgoLJCjn%RK82GGQmoW0<%*KG;Sw*b6d{RclItj9^b5@dt(#Pt{KVRK^?HOsK@1QPR zXbgx?MpURulxJ;cd7^HTqtTLK5;S5!B&mmZD8Skdb}KH)T%Lzqqo!rP&4XRaMMwvc zl9XV46CAp!NEBRzn99ut42wPl#P3b$NJvOaW)i>HfU}G|OA!k9`dSAIOKh~&Ff5(- zHc`iVGcb4-;Y`h3=~rfQ1&8`{)G4^aDAkF-Y2rw*=0-{Q4aLef_++YNJ7+kVGB^EI zX?6D1*-P7bgOpxD?}v&n{1P%_G-d3~cAPC|YeTCK1I9VkmRqrPvvt%cqRu>?za^YX zc`S25>60r{If+Q6ZWHj>j6g{-+RUZcQVt};*un%F&{#ZGE**^e!a;8_SEltFWerHV zP;$S4!UU_fZeG@<0!^^76OrtFU>Uc-2AB=9^~SK{Mq)D8-f~_v(r27~8ot?-L)i?* z@}Gt+6T?_eu$br~M*oaH2ICOBq|rDOPdW05+-tBzP8ORID1#DxK^ot3>)T-Mv038}c7gip#3f%?k!FvPygrryljQRBWGbV{ZKPPS#^(pH+93-$AdMSXQ{ z??|y@PWqCYn0chm#!5ySU_LSaFJ`iq{|g7l4(r&Z-Hb|omOh)!T zr}NMC3QsYMF7g@*)M}ZQUODY8r@do*B0gB1fEyE_W*GTWk}BxVvWJJFg^_BxkcRFcjCGYW6uj=2k4jX;nBf<$LzZS7Q+c@7S5`vIMxOAUC5FkNvTIf$Ns~?LBLDv zL$nSch7N2&9Z56;>bk`5BvLU;5vnW)hwl+3o}01)eQK_#pKhS1CaT&~#dV*i-PxZ4 zC67#R2KM_2m$3RQKFMp2VwK}+wi)(;3Mb#N>Qw_tvzpk?N;7J+x?qK&M#%kzSO3n) zdp>bLFDCAt?atOKXKQ=w`K#SmuXg4T_iLx^Y#Y+n5c^H})m+fnlGg}c%#AH&q~vR( znN45%PFlHRGG95;l_G>}wS)^aCUNL7#ZIVPYb9%Je!qEg?+^}g{e2O;Q{5`s=b zGNND1>6(Q)FM8Yr4N(v>!G_FJ1_%sHfZ+2X7ZkKkm&7+71jg7ueQB7qYwYYf5mB&# zruc#&CAKro(qgr6NJfyT-5lZkv2wgaFP*j=de?Ph)eEq^qy6ql`e1L$!&E_b)29b1 z2YHNLL_zGct{u<@m=hQ{6&#J>D7_{b(E3Iqc3if#b{3fX+J1a1v98_9)RhG0&{7tQiH@KrWPf4`Uwci3E-9ZO9^eBnNMmXXC?4Bc+x**@#fs-^Chb&YF zPVJ>AkDQ$PLxKi`_(&od2-8#8GGPl*reKFYDiD?>;-)0!_RH;8ZH3f0pc8y)T?y=Vk8nv5~qH^*m5sq|&wNk-|H$lhQWZ#?xG@DN|l}Q0pYw;>^eP z)&^>;8};_K#5&XJwzKP?L!~f)b(1rP5IhA}ASbq%@_nC@`prZnq zLt`>MkNOw9gFYMVyt=xw?|WG|-oyhIiA|qe@y+(D*E^fZxvxgyb)_VqTVq79h(a>O zBBWpHbdj#GZZ0MOOSRsBr{T7t&&%4S0@O=fun>nPG+9kK(QA!? zKQ^0<<&z)}#t_kfNLgB|I@6$*qPvE_$HqK;JM5#|j$KXdE8@@&TbYZ~hZKd!}6ZGo%6=EqeB>5f}ULW`h^9&LH z5?$huJC4;u>{6BK!i0@+Ql+zAvEat1lmkN9L!);}@utFiWNK$TXzSP9kF9*N?9-?x zT^Mn?)}H07YF`s2dOEA{5mO46w98YvLGTw*txct5s4wT_hH91S2^IwDv8J1O_AI}c z<}Uny$Yq_60neT_5c=Hy1O3uH>mGGb68T5FCWl~aqqjIu?~2MpSJ&J>IO`tDs%OR^ zBhg;VO*ZjpQ>k0>PT_LLQG$WiVrBbFsp8sg=eeWJjEo~W2-%XSXb+z$9f!v01cn4+ z5lC{LYwN*?Iha@s2m6WJx3LZuI`lxwJoqzouI)l9c`w}h52G+7zSxYFa?V6dy(db2 zaCrQ#_35zNI(fJM@%>5n=xE&2&nc1f90OE62yne0}HOvjJne+ydhXtjuB4Et} z7Zbh>32j%qqqg5O`;J759?A7x*_EJW({GRtW@FZ{-`;XwI$N#q#Vd2MZ9d5X@**!i zkB#Y2HRCgvIR94H7MM?T3k4B>)WGB0#gso^?nbq50HMRoXxqaL`8u{ej9tajHb8xg zCn-;22g0Xo`|H@}&z75$0ZJ;v?j_acO-BDfr&HomEQmLgvhe$p52t6{&DK2)=K1{7u#i_4`M>XD{9CLP+@G+UBTY1Zi^%jC{W-RUND12 z|1=OYdFIh+#2lSOixk)B9vyx7?fl^V$=Sc+w%^Qj&VX1EpJ1OlA_EQ@F?HZ!|H8h^ zF{Wa6a4fjbS7xD?#AAURMdBp!+#-!wW&-e1k-B6wcSA{p4~e-w;sJZyKzJnCwb0ju z%p;+l1T-6EBw#Lg8i(3cN1e>EuOtqAM{cnl9SUR=d7jFGJRx2nL86s=0C6@Tup63E zAGEWo;sH<4TX~v+-AoC>;QI)p7PEeG5D1Bi6DQA6x?eLjebJ@Dki;*Qw_!5j>b6n^ zt>*0a(4r09>L$}Atu|91G%MVWPa-iJFtir)=>C@TPv@U~GzhV;5-IlE@Fuk{S+_;X zfSL;ufahQfeSkYFeMPClu0VdGwSMp5^wZ(q0c5`EtCK+-*l(@>;b=c$Ve5u=Elph_ z3ai_d+zBXkKPH&IJ<}%Lx*z@b@rSd6o+G~Ke1EBdng~4R?rkuOZ$*l=ev*Ok%b`&= z9_o9UHFYZs0A7!GrZ~n-URxiMz$l0+q5+nL|7%J4&e%qo-U8;LHFHR@-~kg&CWiW1 zZDW7E%zTY}Aw$%n0)ajfu5QhZl00^LY&-_B!rsi~9u5+2jA!vq5^wbC04z5kS-iiY zl~!1wt2kTSFg?S#kt}j#$F3VitqHP`5VbzWRndO;toydx(_j7*ZHj5IDUT*m;KV@g zg572q`I$JD7Hz0NkW;u=1zXn``ScxNf{Q#o3$@vml7zN$Q#lq@Y&_W?gg=6_r=U}! z6&C8i8Ox0TU{3#1LGECkrO^G~ z#n8>m!5~q9sh;I@>9HZUuRS+(e1`;d$x_&&@meYXp%NHlMzEeJc8wrn0FZ*Bxh+V* zI-HOxPOS8RV;Mu4lpmt9U%V*Qd4 zCn5USJ2=gk0KWtjGLIw$jEjQ?|I@dJXUE<5hhP90WAM{dGviP~8Sbw`dPzMpCg5US zJVpt=s^OH>Vpm#vvg%4q`;YJEk;je^hGS@Jf@5`YqE#8vO-Yx`?e7A6whoFP^vm18v>r#LW{)vG+f=ZroRP za^K05TiZ?pfo$OL$>xNyiw=4kgrub3?fy=aK&J;(3COh!WFGYxj}<@8XG_ z4CKC_2~2(8V|#pV|CvkwD*EB+L3jWCfircN>0|Exzx_Nz|6AMJkMw^h&mIeA$fQpQ zb2rY|cQ;vB5RBR6#SkjUr4Dp8#lhoN|6M&b>0bx=U5*XRqyLvXS@~c7^+^AB@zjhg zebaE#!!(;I4l3<5&LC)QI!-k8|ET60$A%^q=aKu14E-LI-2N!el<>LK zgb6A7S}rcdlhlM&G_d*1xF-FVM?bE?6XwzX&Q@0cxBL9%i%0sui|1d(1gg!l(qW8Q zm_#vFJir9L#vw70wq4{V=?c`9#DFnjE?iC4ss*TGNphf;sa*?0*gO*=eBJUrcJ6xx z?)RBX|Jo`@1q|}o@M7^k=F$K2=UMr`z5S^FyPGF%fNnyes#}2uvgo7}8|CU?T6W?+ z{kwsT{Xqw9IWL^;hD*nUiw@!wyuJIP^KxhF<*Vo0uXo+&TkVnSwqLv&;gLJQ_~nZ& zmu$bpgWa9M)@bzn#bCGneD~FByo;Kz)JcrbI7Nh@#RsZnJJ^%0Q=IDR-Z6+ecXnUwN#d4lYGwxzJ&O z;wbPcH-wy!4m~RQU4rQy^z~cgi3uBTn&_bE%=|vaQ<9Xhn(V+^$vl(7{~$B429yrkr5|hYaCIRY^tP#n@@s}w1P-wfL8CIC5Zu6f&jZK z)zgP0tbd$&(MLE8@k}0RvzXv$Xz1WcCdbqi`;kfw0QPTgE|{Z}nO9{*%$Rms0dtd7 z*5Kr;Gb02cy~KjF%vx`n**<~!#&|1VRN<|ej z${R%i8XXD0-ZPNRjTW4c9EeozoLVJR2 zAAwG$N7-i0-c(~*rvqrPq0_V3iB9Y=+fSb4VVb1=B^Xl+j*&sR(MyAzmVe;qN)DX64LgmFz~7V4CGvIZ2jd zH_J1e+h;lPjB{*f9^+9wBZc8QWtx~F9WPN8GEsC18bW$$lX@Ne8C42DldBFmRY^=n z)tL5bw_Hya25k-cizo{?Zk z)^{bjPr;2uBH{mpU>k8(R%K4lJE%`x)Qb8Y`1k*3@7ufL#+7~l_ovWtXD*P94NVee zcHfh|E+I@dYw}Y#|h(ZB#{+UOKPfU%+x3{z4Og@UZh zj@;Icsu(1119!Rq;RWDu8jm~;GPyj2CL&ApqeN{vk{DG<%EQKBR}eIn%h*heO`N{9 zVvwO3wn(-WC?gbUaP^hteptjT!>G8f6aX(=zahpg1ASdC#BmYlQ5rMP)T89QPFb;B zNoxN&;$d_7+fSouxu1%cd>?oM#| z9$m6Ls*2un@C8=Yx}8a8Q-&YZK=oD_LPaeW2|k+WM=R$xta>z{Q=U0;21`*XsAt7+ zjXZ$`qck$jVZ=>ufldi{60j7`^)kzr>=ZM0_|8d1DqF2K3|m^-hc`m`WJpeMQt2w0 zLs!zhevUVIMS<3R4}?azr_V(0Wko{PdY_HyC@TOXa{kTY320tyYr)U5v;AjzvuiaKOo$&Gz0~B*lk42@iPIEAN zr3+fEeP-2vJ91%PZ9)MzhQdrdC4$vL)XK#Am6COP`iuPZ26%r3s{}%{g5e9?w_Au! zvZiU6^iD^PxF+)FC~o2B76`_DP5D_psssKsdQ?NDd<7yU4GlQ%9%<8}0XDZJVNajN zqy!#@sP$+K3?P$Ng8jni=NUanF5yRc+w$|fcj^UEazc-|eVVzdlgd2iFY@ts6~sl0 zBUT7+ly=ngL*f94s9M^4nu+~4sGY#0rdHuZdDtg38;Y;g>Gr@MLT!5)Kvq>w_h^Fx z@!56!u^Nbbp3y|mKm(uL8@V57ET>9+u2w9t?8cyUP_s$10L)>Dhf$E5!y6s5cptRx z^6(%F`|OGl%~<%N7z|h@+#YeCZEwGM;oiW+Y!5A;7J0j6Z;`+`a)jn~TO}M(qZj8P z^@v;wu{9A0#GiWa?c42dbf2*bZ1m%v&;n1t$cfzlA>o;J*#>aBX0AD1^0>Vx(AKru zA-6I?f^)B@jS0P+dwu39W5P0yw(!81(91_Ofo({;+m!`Lit1f?fSo0~v^fz~SQ}d8 zBbMY^s+u}I;rNy)1W?P=+bMNvJ&mG+4&1d=b0?o=KR#>Xk#zX)KCR9Ya_zzOiE_)Q zvHE|W6(WcCBQA3D8WO>qT7vP!_;8OW0z{YuHSE;Ztb#|IujWW$`a zKD?6k9kDFp;fbQIN1iBcU=v7L=8i*}wyKtjEbfuDHBdHYmn_2{Da0OEe*((1PE-ua zACjrPe5-#%Nm%(|bS4l_ozW~9ozXncOm*;P5XrTy-vuKkrBe8j$HG25R8A*KX;p0{ zzU?W!z!4Xc58BD|Nh(_`|I^dDg2N+FbOriXkG$mxGac~k>60C&de00>4<523p5>@p z)AHeKPQw>8rb&RfU~hFgn*_1om8+Q~m|1vb*hBqpt0PPFBt4Sg@~%}=*hA`%(6NFh z6Fb;=85B^Ua(zrE3bkD6)qHXw+enQYguWv5bzN2wV8~G3+tz!;?gY7f3}h`&pz$UQ7(z%yu*Zj#m}w>Rws+HefWaO%e0Bi(IZ{ZEP>ctcFHyn$x7E;b~y zlmF3>_z*o2Cks!A7>&u8jUf_Mr$b(ppp$Bw)gfn<20TYi?fjRVA!**}^Cp zVp&p9RqFM1%d2Zc3NctsQpE8lNqD0w6*VRjN{u5}zDa@+=f>+yFG^D@%X~uChv|+S zC5W^Pag1pe5_PyBhd+G!39{DSV7|2u2H0DURnT*X+noAZ0UZv+#qZ; z-nLtvfAoIe*b-m7iXp7fGn67ls&v+vIl6y$QkT2h|W(7DQqh{=z>- z3mcvhAHvL+d{%2yp&5FYJq4^b9qOz~C9FkB3us#4Izoj2gOM@_q(*wF7~%=DBu!|( zR&}98haD=g7H-pUhMXH(BH8duTc0RO!vvl%a`axIp6Xi@y#X7_MA27tt*rqWHM2w4 zbEUKZ``8;EGBn2U$T6eghb+q3y972e5&eht$WO1L7U4op&uX-zT9{}%K$9}U%!S4a zwmvoWi;GF=lGkTEhAVF?Y{gbb5#)s5t{YOmaNG|F=*fR#L zpv6~T;6_Okx>#Xt#Z*fmA_`eRGZX(N<)PuowJQ&JqtoNh^4epArb%YEj9q`?e2?~wJ@Roax96T326&iP~kYc<3E@C@{A> zuuyG?t57;Po{%caOBgO4&a-|%HNGL$gI3!qci#lK&_UCzNJao=J&tOE?p!PKfREDx zOsP@-1%{R8mvZ7!bttlw0;orJp6$Mg;7yPg^5^zgSuKQNMaih*K;Xd?;~tvgWnE2J zSdjZs%ZJkjm%i#-ZL%m2IdAP`Wx+mqm&6ltn8;I-AbBPknmjZUrG7^H!GvEmRUfE< zHs>lVd(1-?LvzwJp7_f68qew~ioU|AfzZk({u&0_Q>EcusftKln#^HS@u*ZT)2w2l z0}2~CK@11u2~r_v$YwQwQXE5ZX>NxyQm`^KnV_;$6|-I^mV`{6bhUk4mT#20-#F%1 z2cML(RZmSQB^nU+Nlx(ytm?t?U+7&$5)VqAWN2wPKHp%MVZR)4xO1U72022=b8CRt zMCn#g9#$cXid2Y7MtQi*BD$%e-LY7M5k?AvVA;6fLOt4B}wtM7^ zKGN{<5TB&a%m~GBC%{7A+6WFRo51w3G`t#m9C!JWM`s*Nz%sb!4=ZU8KBaOsY9Ahz z!6Tn9*rW&fHZdfC6hjV^O@wvrk&n8#-)~^2n@XD27?hk+*%>MQqmn}7=#nLJovD~h zG>qU^n(;ncNK3G&-M6mDGnII%lC6%F8QyF-I`NVG-KJ?njG31#rW5-H5OxmxR_Y zoQFc0f~hv`@0li<_Q*H3*&?kp@0eX`3&7Wr$ib-~E(@u0mNCn-C=ikz@k}1WI~@n# zwQ9;s;RMA?>-xIwj=FlRa+LI&W^fQ;1+XI#WK?EblXa}MCc$g{e|CTRQ6*^Jgd!bp zcoHFdZ&^9Sx)A#f*xy93%$!YlSV#qA_jn{NoCW3uE>ydPLX1Qma#dP=?%YW{E z{#?38yDjd_F7e6Djfbnyy&+rV$?o*FY+Y>lHTsM3 zn98%7RhUiAvIVPg#S``|9j-Dz(Qw{Ior=J==%r)2qvhrlEdosTSMrqsp zpmjSgi`lI0D&qwc35(50o#~P4$Rd*=z#C#&-ep8Rsy)%9bfDBDP~n?$Gn8bf!?VzM zUZ_`u{8=zLJKU3l*9ZHjB=kcHIv=uk0^Pnz_V-Q>$cKL)yp;t6G^a5i`Xee#VQ0qw zXx(JrBy0Qc-o8E9KV91(r?t!$A!j1`kCknM9K1d`Alu~N?Mq34{7Qa4e)ncdb^`uh z8F+vL)d`1CT_ zdvkDle7Jw2yGVP~NO{b4YNf*A6fgT*T%^AMV`(}`lNoO1Euu%=JNgUIbj$Owk_T^n zj3=aVpl*ufGfuJX=h*g>?6kA&l+!FB&C~UFLfhBH|C%5FMZHl9;VqEEmqmbE9{+vk z$+H#y+r2zBfmxoohaejsCWDNsfVV})9GXV&H4fxu*P&_pzJ~N_??8LxwX*Xh|7P)+ zz^nlV0RSZ$oWw*c@3Z`hu|&(G1fe8}6;&M_wbg9}XqEaC66J!$1K%0(F*8>yS65dR z5K1QsBuScA+Mhyxl_-m%m=C!yo?K&^UHEA-bS~Hg!e93sPa|S_7$Ms6N}MK-42lG_ z`HrU>;b@R3xcKx48`CK6Sr@1O$D+g`xUC@soKpeeG}k`fEH^aOX-*A*ckcKvxBhPx z0&Xt;>ytYE>(1`>3jh6Ho=(S{0&%t}tTu?*j-Vd>3E4l~+J8xM&SQZFC0uS)O!y9p zZ10tnr3&$2)~s+}zyD{+^{-i;*g6YnO8Ze90rF@}jn(;J?07t?|1_4vl@N8yl>8o!&;a5-Pxjp}9S;n(DoL@b2`2Wt%PM!Zh-R(YE@&EgH zmf-)VqYQlJVBpbf1_FW0^Bm$GLF{1dag3mMXy*e8eZ&`obiU*K3OY^T505Ts9EETa zJ&+Y_Z_6m|`T4N`E0VzhQsyl7HlH%qu=J&r`) zHX_X~*pRh>{?a9nHi+B|4H%#SPyowy3@=fyjd&Uy*)uSLKHT&ZKCn^~0jUgt0c^IL z0P72<6*cvuoLoUDyL^=KD>YSps28aup4RPF>N}!ve~O8wZ_e|&RE`88ZL>wl$?^w} z65_hVZ}x)87(vv{mi)e^4ll<2L-DJk19M}=KqK~P?>TXQOOEzVPCmRletAL;j*s6R zgHfmP($sS`wkLAB~;1Fk{uX*G2vAAIxY_WM72M1Fz& z|H-p@{I93aR{G!jd2V<9lcyUKegkaJTDBjYAn+fTtP{1{sOTD;=PvQztNl^$fBA^1 z)WlT*I`oz@jT={MF#B|7#p{q9&^LAZ`jeel+e5S_*B{FaIUUwg$v4*|=XxJ2&u2b{ zE3sH*`PQ$-D#0|Q*@Wj)a@ZWWjg?xQ+5JIm{UCahZ&%B%w;!4}_k4@vk5O0-VayC! zXiN!~z%%BBWkyk(9Yz9~IzhUd)4%O(l+#BiQok3OOBJfD-Q0RFM<2+$fve-`L!Cji zh054j7B6P_T55Ps6vSQit=~H0)n87fYSpMpHvE#_6Cu%ntV^MPUCC#5F&i)*%~(2B zN-GsZE!qU&^JlQis?bp(VW_v-Fp15r_Y|O;{V;tv&8=Yi?K2( zp-R*wn95Xfj_BlyqtZ0>s}?I}J=eDiF!J+D3ruIk;;}DAYF5t30^c!DvpyXMSn&{j zoPzzYH9bP8c>PH=hmKFsx?L(eVeQYr6V#0RB4vTEy`p`~Uq_)nT?W+@^ZM2*;O^bK zY*($=>tFr3J^xpeX94y<_x!j0^l6>{Kiz(|;{W&YEW!T|KBWlIrcj#Dz!WCPbd8zK zW4tm6fMF@O4#iEhsBVWklc%bzNCL9^1pbW1Cjfj&T(5b_q=-atdu23apj^=?hEPEu zAVhyslCJi!c@4k~rFpFKtOxvWD{E=ZpRRPIB9j~TIca_Az^Dhu#e0e5v3loK3d*RiW!z6INF zh-HwnV8eF~2bIuwrQe*@_fc+ux1iruB!eQ3k=ogPUV2~HM{1lW^{{v*&C~=7^}Bu1 z`6xk+z{2y@qSJJTDy6!08d@uFmnN`23oE6mdY74OE0yfu@45Z{FVJykz63C5|9{eb z_G5kj|8aMFwg2D8v&8=YiX|+Az;;T(r&xG-hub(_=ozATINml^xcKsnF&&wtYOUGPG-4Pb+2lrV*;lM(Yn72F&U^OSw`b}yM^3PZ2PY2z3NLjzV@Z+>4=%n8l2m>S)zk5;M`6V1F93Ku`RE+ zpJy$nO{{%G%Th{$Xz8Fz(a%XhbG>g*Pi)C(p2C)?PuzO3Kwx|Raw~T+dAlfBUxXKI zvd|j5V3Rv7LC7!v1w(|@IwPL!`gY?5+sjWT(#r?3&Y$hj)n@9*0(#Gh54G8|xMi-D zml4&EGV>dnruufusQP80&qvne= z`kx=4t>nLZd6vKbw=aOJ0Pbzu4^9#Q9xbnVEnL0!?Z-;6s4+mTD#Mc=*#OwUO0B~E z%Ey+Qd$0ZKzL8BkVmE7iK0DJ)ei{vGg;luxI{OpO@s%VSwd-8XlAGB0zq!A;_8m8< z78cA441Nk_Q(Lpz1iruL_WVCjV-(Ql?ErK5|Mu>7{rvyz$)0GAOIu5a4zDRsgRWhx}=~K(mS(2baw|6q2V&xm}s!78c)A3G+18 zU-TieVro)hm1UN7%yUh0{y%gaZ?xzBj%-tIzy6CnTFm@ouKc(AwBi5p^yzB--^;Va z`ac4{uP9NV02)Vl$Z|rpHUeh{%HN8=(8Y?p>wcnJg)?R{rtIU%x{2G z$;}NUzTI$O0a+jTYU}iz13c z4e_Hc=#*N8svE$$<5uefHE4Pu#uF1e-JL%YwW2IbOZWonwlt1%IUqv*0UjYz+QnvD zIf^u8**+EQ=SEhr(`?v9*6XO~M5dKinnF%Xu}ZnZtqCpeb=6_0`_@4#+tt!_wY#P|8EV+phT0v1&-Wy6 z7k|da+s%c_^uE@1w`6O;F`dHXYp++3Azo{QTO#Kf3o8|yeMNXUSU>>o1M})v$tpT{ z0L5#s!kxNrwG6V3!q)WuLo0g&p;9@7+}UH)Hv?^EuND{d#Km3GnmyIauoexs(lzm91Z(Xd}muX$^-B5ADF$M?HFs?)gY8w&%m2MCl^5zn{hcRdd{v{s4& zX(WHw|3iKh zQ}u;hfTmRyN7#mxSZVKbvX1w27Gb4;+31AlI^!&l9B8MV%v5O(L2{8? zzcG8Pbls|a82<*hv{1i8vgUbG-1NOs_SXKUeu)W$4Ip zON1}useeZ%FZ?<)7t;>+$kUhL-c5$ue&t?asKC9n#7Z+p7UQ4G2m#F&H=Oyw1+K=M zOvdWH`^NNi3XQb79`z6&8K3>yskgkkno=yzb}XnYr?%pBMaP`yZ&X&D7EENP?dlol z`LBXyZQHwFP6casR~bE-(c0&ykWRlDs=^=9VR2fog?+yeEZeAD{?%w( zrkmR3pP3!h);D+UpSHd!ORX@zxf9DmwQtPbwux0HUuE6l`K*g~xM3yba|qUfW82Eb-Fww0s1ZX;HUm)=XD zQY4Ug`*TIjhYP4-86=h}!j+gu7rLu0*AmK}FR_%RjiPJT!vKDo?RfN`c z)a?l?1>(wItR$7VR)k*sM<%_^Am*2P!6xRdI5Nw;T5k*WwMF~=^_n;app1L*6Zb8+S zxF+6BF^p?XWz|!Yf6(T5ZZ5Dqz9xSbJZHBOTUw`pRuE*-aD?gs3`$lpfnIJ7)VD#L z2MbuhuMeq3OHH=GQQfFEr)H11P#wz_ z{Dme9a%`)GOHLRq?c8~$=z^*Xw{@UqjSn`cy4)H=fx%F|U{7jCiH4B2WQR@>^z_le z91>J0pxLK{Zy~TR+@i0-3d*Fv3YH}`{oFKm0Aglyoz0kq#9lFJLn^Bp*|lYArmXG- zcD}}r(q7}2XA2em#I5*3^-S>>p2V%~xf`o$(=E+mTWuvSSj?B@a&3yMTQIuTli*)? zmP~EaoS8CZR;0DXZBK<+>HcQ;2e-HXx}sSUCBp?wfam&uZ8z+{x;v}*Klk!1VgL0( z4LG5FUgQY)p7A(_aN%?~%k0<86-<9hhcn<`k2%k03BawT**;UC|1zElu6E^hi3RAo zfw+`)^ww*Vu_62PbCiU{^|If73;*%xT8!wIEd%hr>SM*d%r$T#_ZV=YQ26B{&v-J7<@O+($&yf^@X$*hh0Wdu(*jD; zjEBk?n^=)GeFt2gjmLAy15t^IRz@M)8u2SH=UWB%cH}e(J*>r(wRl!a$MRkH+wjMS z{w&G={Sk}D(J#8JY0$A5Wpc9QdqIUTaELPx&eKOte13CABs`4;@E z$annyf3hw3SHBnyx8y(ir?^bE%7XedxF}NC`-Jn@7gwqC*zeN|=dquUQ|Iyjb2{Wb z%_3e1a`^HMUx*_vx&Dt2_Fld@@W zyW2ZI*8RV_KXzB^|6ZPs4mqk5$Xc|NG^!yrXUuXM z(wz28oY$#fycT$ol(TfM@kB>4|2KV};Gd_%4D_-RA~? zNrkZ$jiNEdjSx%q)LzO}^I%cwqvGIshIfX_0?xdcNXw?Oc0HKex#8ZJxgjp?80-oojO5fN4ITGx}r}4z%Pv zg<#~o4IXz+$zS-nCg=V+hMw0T3=i~a4x|<%W_0;ASsYgSJ{!|Q=-+rCVO7muIM>)W zuo%<05C-o2JA3|C1L-_|3~{kmlF!3=R+7&Hd2Bvw2N9gfXs<~#0-h9vAf7=P3i1A? z<8(sLZxw6te3J;q$j3vS?f3N#q{%qXH;fH~!v86k%Z>nUq`!uEf zD30=I#cdzZv*NZ7;rjhHro<*Zkjl2!f0!_ zJ#tC22tYELF}1(x1=#ce-QOv{yyepz$XW=$w&q@wg#+4ugCGo4)iRxr8FNiu>8rOoW(>0F`#Hi6+6MB1P38fOn1RIY@q&FH_s_NG zP6KJ;HbHE`?_#uOH5Gu}PEr;`G$s*jBqA8GF%|MlhZq%RiB_1Qw_eX7B%h?LC#jB- zp+iVm?wvjD;-`~aA<7kUKqN@a1DdnYA%uOR<1}VH5<)IN;*MhhFV3mzxWvn*Nob)d z*d^;b)?^qZpByKr!+FK3a&kJfi|P8^UBByvtRKu!75?i0sJi#R^waTLs@6*_w` zAygHAWHOrI2OvkT?ZsDgBGyPWDCv-Wwx*(WuWhQJ1cK#|{BZD==SLY6EXmgtJtzs4 z1ko&`6Niu}XDWKbY)W+yhj>DSCOT1tNDges$9jCn30c3edbO|OK{R?mkqp;`(Lh}a z!X089T`>7Yt{L_z&nStK0nf$?@>d~#3VSS6kO(=2_Y#oAX%a9jtj~H*$IL!^Vs$Ez zp4Dm5k=;CHkUPX0Wny=@(;=$qND%^Sc8KMmR4yP46*9M=ZpzTF8BP{~0j zF>v#mHw9mfxKL60O9FH9p2x+QRUO7Q$>BgxG1qf9iCxWGz#?^BL~{%yA?Xw(oX8Fh z6ndzLcoHSU3dOGHIt~p2Cd3;avU%k0K}s^_VHpW!D&3Weju{OkkyU|zXLG#_CQK0T0Or6dC&J8L@YsiOwHQyC7`uN`7_Y^?)21bP67 z?f}5HRjrw`)y>MxT0owi(?~l2uHNFblxDYeJi)>**yIgO(0?CLVb% z*hEQ!ZBT;pW0XuILebCr0Kq-0uNBm;A+M0D4(c$;gWR3qD<8LLh@@pwjEMNX2G6<_nzmqgA-$)+#Z>jAcBM1g=m^Co>dLt zyOjP}FoSShj>YHCmYjwrIM<}V`;;YtiOzI$<5U_Qrg7O~-}f8f96_}T&ZFM2)MxSP7hA}{8KJhmQ1F@B{%F0 zd(U;NrrDQnZ#OMW-&WOQnm})R+ublRp4v&KX^3=S!Ep=_+hjb!AYGo6 zJ!(Vs+;ul=z4_dAVXm*$lCCwaV@(7d8ir)8y@E%2iJ!?Lq^LS#0Dw-D&?l#5jJBZ2 zGNr+f3)XYYdSjnbp5??U=J})bi=xkhJci6ViaaP`MM?u^P*ls=Ks-+V5Im9OJ$FC* zlGpjxJiKuwW21uYJ|&(PvVezd!)fb??yWkaYj;HV%XCEdD|AG+y(2Wb{adc!$%7G1 lhD7AyvwBv~>iI68{~rJV|Nn@mQ;7hM3;Dc zVQyr3R8em|NM&qo0PKAUcpOKSuyzRx3}-eR%av3{4z?W4sl)czPLL(pmaQw29LKSP zRMTBE(@{@%r>aNN#1v_m?l$bXUE4?^V^S_g=kv1+j0Hpy9i?p1Rb)nf?mIe!32;cH0Si zve|65x4WDDo6TmU|K_@SyV`PHo4UKYdV6x4y4$k3?yg*S8_1qG6q-LZ;zQh)U2|Je z;{Hq?=s2zqeam%7Apw8^eQ3Mov;lqJMrq5<7>JG#3z-GrLF_vS#}>oLMv$PC1FNV2 zBBLq+J?lb*iRC&4Fqca}&r?4)rF+v|2@??mTb|Ee?b(UlGU#_5A6gE=U;>pb;^TUv z;!@xh-}gu%lex5nDGF{iW5}W@EQ)3lmO(+uvKY>%%a&iM6>9`xS{^w*tIMEd3_9#d zrV5FVaEAD>XroMYZrEh^=akTpkphvm98DYnXpX#1AOq*06yX zXJi-i?rrGP#GD*y`E*Y@m(3;~=_&Uo^+d<`9JFhQoY)0m8TsGSn{AN)Jw08guK0kqJtcjnaukJJ^BdAx2=n zf*fE}pi{P-vIJT|7^T4hw+2YXt=T4+b=-L{Ux7ZTyEQ=TnXcuO&rY<1KEptS0KbA{ z?Rm?ufWwDD`a(W9XHh*(YQs}eEdnMgS&qed>SEwQK8mZHAX=Mp+O`}dVfrr953p-9poUjtol!+qN^$@h+O}&z z+JD75E4jB;MA$(-BEYa~l;a6buv{0x;YHpEV2nb|vM9dt7rIT1OkHX$e&m zAO!iGxzI3NY|NyJpSshsNkfpE}EycO))c*vudy$wOTEnCjQ zveJl^I{9*lE=>!Z-^iig%>wXojZaJ8CX>j($RA~jXOedtL3qwGlw|Si9x8xg7n(bu z4IKkvA&ZBcGDd_fOSvd_@@cnt!x8FB&?bs}xvq@6#4lqsdBJc%P9r5AFGVi1Pd+j2 z?bJ%tmS#Q&PGi~ zCkIPBWLTxT(5Dn0z(hW@Y_0;*Wzj}(4gpm4{5l&bx<)c@**2&V`niZq6Pdt7xX9#x z+;mcHocw{O+AbuRA~(ob5@n~-+Y;d+5grhasQw>aHhfg25*?Au=-AZYWZGZw*WAW3 z_Fp!a%}4CN-fZ@i|L>$c{jO8S(68CT{$V;+g-+2+Ys9Bw({}5~Z0eIc`;PaKTu;>hlh5W)&Ht0}v^SmEfLRap|4td%ZaL9s+fviu zww6*9*t%UrYVAd)(j=sNs2v<+{?|)D3hb%bAit#(_Y}}|!$&DKm8$ln_Rv5?nDFZN| zMw#Y;pbX(UqC~P=BI$sxRU^42-J8xf;+Rvc=#ngVKrX-fR(jG64DU&A(ppipdUL9kHPPEJA-lD~p6A1mwvy{!ODhfI z@Z`6WOZTc)x>nyxS2`DMrHhI%)k=?SWeuI5Pj6nj5izCknj~GmvGc>Nbe))1mSI?4 zwvz8%eJi=fi5qSur&{S*ODheNGTcg5wX%jGmRq`Cvgw@anB1yY{VnNiI^QtL^4f%< zN`Y!;4KgO1&NqneNIR-?a@uO=uqX)*kpQn&v@HXOun4WLV)+{8TQ;3R%=EcRk* zaAIT<^orPf`U}$n`Vra)c`i23> zrNKZDnUPKiY?6YaBp?-N+n|ad4=nK!uJWxU!*xs%&%t))2nG zxBNPQHNWCw>vGnf+@g-D;a4DwkSb&7_;UMC@IgZWm7xs=8R!NiY7Qk($aH8hC=v_D z1kknx7#8KgKUs+IrbVzzCyN0QKWv6{CtzV`G6c$St5w$#kYtDqi`imuc!O!MQ|$A4 zHSDCGeG4hLbjy+_sbG-fj&M20JMOxVX+-$58%~W5r96;WwfVojQMq5vkd1ez5qjDl#h2u?#3Dh>xK|xGzo& zDE7t{KT7}t&K?G?Gfbd>5h2rXtDZ$Cl*^D4WR{VGFjI^}1nbhva2=u5GS@zzyH#Xb zkcGNvWbb$JY=cmkckwL4n8_hJ(t;^qIg$)D0XXXfSygBv0Oz1(vmNvx1X2u^PAX05 z08{~RP{{=;-5l4q45Y*x=M>+Bpkl@M>Dr>g%_z14#0Ka9v;eD~jc7#=yK|N)cP|j= z^QhWwEr24j-T97y3j+vSbI`Zu5TFbp$><26ZN&3HP%j{H9!SJhUQgB^|};bVnyZHY~bW{&KPGW_>mVk&_q^- z8C8UlT?e-1%reFmEr*R02Ubys>~zcV5iUW4EfSsD8mXAtfE48pa!Wz4Q{zRh@v%J~ zodashYV9coN;6Wdr3w!UEYv4#44Xm|k&s-@8&=E3O_A@^CWTL>zUx5SmSUUKidD-O z!b9pEY;-ZqiHM+4=!xjlh*}|gnJsrqt`@qYLZvcmo{sk-szAF0+){JprM1-_Bo$2} z-cqdhN-Vo2fNW&=*mW$UllDRp+H4%nV_MH)%16x++y`_P=uAfeqbQ$z5=<7xf6}?+ zQlw;;-iGUFIDsm(Y+Bj2h)+88B}=J7q)vQPCAtW=2&o~ugcxj%6eW1~)0K~FD@xbW znck_1k`0`-Dmm)<00Mokrjw0RIHF%GvgHh1R^`zdNabTS z(kQ4v0*VMZ03!o2NnWgn+6g8hL6_B#ubV7^|_yj5f`5sf?ge0UCo?$X>C|wK%319B^v@QVq{Tehu1k_|3c6Hs>v> zYdEfxVm(i+Irfu9T9&Ed*Ha~oP$#f3Msuz~1$o12F6=+rptQD7CshYMI*uD8 zT_Dc6&)u%mf$G_?-Wj~{5avrQVQ++Dq1$b`ny+LrQCq!^#BjT4WbU(XGTMEhUaLd3UxI;K^p_*R*t0LzemWOiL`?L9eGAdw0ibEk{Jr?@L3o=h$Zy3=3+ z>7F4TURj0pK(a-pkl}ik)NMlYXbCNkbqQ4)k!jVcoqQZojmGjTu3C}9W;0*Hn@F>qFF% z*vghs*=A8|lRIt#RazWWB;2Wk=@7zh)pF=K;npM3nx`U84QUFKhrOAca0(~fvZ1w% zkq<4WQ|ir{3D2wpr`|xE*05?Y7!aN8ETUQ+JH_bkq+-!TRB!6klnFLO{b0HY+JZB6 z5qzQ|HLSUD=_z3_w8gOv+9^Q9{E^GdrlzQvELsKibvF(Xpwa z{=p>h(SpzTO{bk`gR0zGJNoR>L_o|;Y2YmDFAbD5Jt4pdn#{%w1|5oJt30=_vtI}` zCK)&(jD*fs_^N@4=Wr}v*#zd~SfxPD&?U1RtbmR1UEJBoWhiw$&C4ZhgBUKAA~S_45OWCg&hjf3HdB>-@8}~^gCbEE9BO4IbaL(!%M1-2W=}zfHi{gxR+VaNXv9dt!tFoVol%*_7%ZI_ z(2k!>%v%MDi0c8k79D?_G0pZZVp$Ye6-;gA=XYKHJ?vx&x`F}`bm%C%7?>8-T0>fH zj0PXL_F}e-I2diO$SuWS(-}+~b{^lUH!($Y@0^-S3?6M-^X3HzH0)M|R$--e8*Y`W z(sUe!+%n2iiC6-m4(VaWj@Sv{wrZdSk~G-o*oY9;X=uT-EyJSbFN3IUkSPB~J*q`& z&MeK1)zozrX!^9ps3V7~dPUv)yb{w)s96k6ZNP94Ty-_&?jx^1>iV>j+Pz`xOVQ;< z8J)IeX5P_dq#{xgAWV>n_(l+&23nVhhPZaY9i%=AOrkPIeBjr`3}F@-T0n*-;+f!8 z48f=j`Jw6t+e7RH^rpd-R6t0YA7_+$wCOU*>2sA^+YzFS7aM9^eUaN3u!@ML(U4Ag z;1-CVE(T%@^TKk_N{l-LuahuSLx(Ccg2d%V^jMd&Gl~$`88(&!c>1BD=n7?YSY@lx zKPzXG>^HF*#4G`vQ=8IYz#`0aLYS7?4>9FST}=XoYO&4@SY~-s6Dtq{tQVQ_5_rKn zgANmOp9H9GptvGvRH7!TUfS|WxN|#z%Xa*deUo5lG6{C{O%6>;=I$Sw+C8>!3heKj znCKgw8XBAgV-xze{Mb&=H+lf<9U2|z1jyn$zzZHf=`1O+m|QV6H)$|~n4c6%IaLSq zoK?&q!i^%F*LesaAa_FsuPS1PW12Y8=dOgF*H0hb$|__ zokLTjgOfabpijUU@0*w!>fblqHvz`?O^lCC4)WEO?-ts~W{DU)*C7_$bznO)+$szY z7wCD|^{_?Nb4GAUoUvu&FOayJzm$6$38__?ts=#>MVMqKu3;%NnG1EX&&s^9`bKM` zG0Vr^<}?^qETxr(Em*W{ws}58S6+bT=-8!ra2SpYZ079rE6Bxl&DA1zvV0f&y34>p zW!owv$3PvOYPY*Hur^gzb*U&krs= zL(7MYK~Z*@ZShmP+#|rc7FJ<7?8B$EWk^5}9Ken{2TnH2F)WiRwtOprDlpuqYe8EA zl@i*hK*}P70mOXIoUY<(ttK_wj~cp+n>8h4YW$7mh|bjHs_rq^u;iY&#EOz_yL`Zw zUDuqqY~6P_3yAM}9xS6yrW4dC;w5O=HGZDE3hh$O36vYQ2*yN$uN64CPFR=A6YgNlPMpgAhwFK?XMn@O%brNwb7P9-DVk^3s<3f`wX}6#FYw zbq`P1=w{)P+ig+{H7c&ly`ap~8QN@TK34!i2{C!n2_VA|ItJ2mD|AZfS7+l6RUOM$ z^HJ^I+7fr*7H#2$VtPx4iXE!?@~sw&utiGPR~89v_nT)kOpFu;mb6gU>7Bj=z*t58wSEBOl>Bs#N{)c@O-{A-joz? zOjJUS$!kX_j;vY#4Bz^(tOKo1+r=*&Tpc>QS%Zowz(ZIE+OnW&W=)J7;X>Nx^wupa?v6Bl5_OA9}#l;W%`A2)0hx>kgDK1J{gMH4|{sr`7tIl1qu+%tib17f3M%}GfaY$hJA*X#8~ zaG2rkmZH0?i>$a9B&KFFg@;e49uNvP&;lyvvSTX+A?*<=2>9|P+~-n_w;W-HGSR3; zlu~gttKTg$Zy5}^?Bqa(z8vn$g`A4;=TttOWmQ_y(3|NVBIYcidnrTwlIU3^RG^s# zzDD(1D&CB3lL&=Skb|6Oaj^_wL#JGWWdzFZ9KudCvQKzR0)3q{(v?0H&;O_YMC1R* z_KyxuOrF>_mdpQ=&-F&*|GV<1@_(L`hb@0|GRd&a^{bNfhEfHKjJzp5*|5m_i_x5g z=GP47k>%)g7Jxz1_X1=KslfmdO9YGMM!9lZ8zSv6R3i zYKrNn5)rp%xXL!bQm--vIGhy4LPQ$7JVnenMoiNpmX8P+;F;qRiH&-`(_A{2KbMu} z`DtXSsYp5+(+!&{1qx??rL$_DU|yAgjz}s8ZIPvtAUua~dTz|iDT5(jm# zl`zPWp)5`g-nRI`sF|6WA|#cB0>fG{1Z9@o zJe{iAu<`320yBDQ)R|6T`Jl=SNFUB}&(}PtS`G{JqNYc)*4L{<3Pa;`a1^PztsNIh zb28Z3<|U~ZqXuMMrnZB?LG$6$+C`( z32;LP^IR;G_^Xt*GCON07I-wQv<2(b>Jr6vqybk{baWHp z)aX8UBw57ge!Yzwi;!5x#*G1yw15XOtRf#_vTQyD&Tq(ElE}g;kGHtlBcY9{zR)cP zS{wXAhHx@JahJkD_($SZB5_2`o^grF(v$3n_V7dB+KbJ?vw@DMa zjwl=`cfxD%h68;g!ySw(2QOLcux(5=-#AwGi7+yKCdFl5R~1?s!wslNMWT7dBcMN$ z@jk*Ct0XqKcpQdf+Q^Kc%C95n2(48NmE}1RMny|Q-wI<|=1O8xWcO!V=}J-1E)kgF zM(ixAZ)b|e!A|w(B{Klxa!tnG&M>7x7{xPbX^-=fMb(z6;Yn(dmyyr?5xxryjCdrF zyuU(bIA9Y1f{IIgY5{ag{{tNz^Det=hbXTCgC_3bS-rJ>C;^1UzRbL9QZh2Y2 zrYI$k9L!#_J*j^++^Pp1_HVKY0R3-W_HG|_O*HOeU({QRA7RP`Rp`{1pGyvXL_4t) zlq^hq(Rmq+d~6|Reb1sgcpeZpOB#@!Q?r62$Ivt>*&7h)U{?9OMJn2L7%T|iQDZ`v z)k0BK5isLGDY}DVBQ?UJ{)6lrB~{!a5_+^zHYW<| zfI#z`G}ER_4Ht2@Bw#^Up*v6c6LzusHc3H)T>wOhN-j-Q!+IDL=Q;-AXTyp}n<|`_ z4MR3cC%cd*pps~J6GaBDc32|9oYom6P5XTWm1;K2sX-FbvYVfuPY3sO#=gx^HrO@f z7$|dUH}B8jiSGYF&r4yJtMbI{0WP!upX=I`i{AgR>D2!J$$47b|J&zS)V7B)}^Wt+fvU7IU<{X@dwBc90OTh zwB2&1g0PwLDg2b>_-=~o7%9x*r)*dxsVakSQ1~e#;HN13lqNjHR%4&xTXR&uVrYif zO2Q+Y6FhKJY{ZDjyYs;~-((|*C1ByVLsO;ipu~kQUouiJxG?&X4Ya857M3f>wil^Y zVfpFAsl|yuQTcCJ8R0Naov^E*m%ab1CmX&0tEcx={@0W8w1Z)GA)gj|%dY10U4R^R zJt_-q?jHiU<`6EziAo~EEgJ4d54$}qc^M-cKc_-L|5Tso{I}h*o4M4$Df&m+bIK>6 zjb-M4Z+6qB$o%g)HUCf2^UCqjT~ACri_Xs{4(%S8XlrXb+Sb-~>ti3)*4DNO?AqDZ z)^=LCZ=|oS?W3=I{O{qT+uGWIv3p{qt?lyXwY6RG(zdqWwzaigac^5&E!)=iqnWn0 z!du(gp5a|{{DN(5ZGU;^`0&(VTU*=c@zIfEBg4msM~>|sJx2dOLjONJa%@EYF+6gd z{>RFUj2;^vJw7`A$?=J!yGD=i9X-mv9vdEJ|Iq>;9p!cD8&+%R6GOX>?xLTL@-o8= z$llT&U3wE&Tye$lt?cikdq-~?RS1mVG(LLsC`XJ|JUYtJ8@*+8=o3Q}=i__#y?@`x zaZ!Hs=-!c=M=rSKf>Bmw?C9RTAK%L{=fFpf?Hy)l4<8$T{wJS5dVJ5w@x3EQM@Ej0 zQ1m36y|?V;5QdKrw>{jp_t;)a(NX$|HpkxY`{#Y5#~EVBhj$*^Il=()GNZ>R;Uh!D(=R?0Ih-y5>e%q`O}v|iM{gS4%jg=`hS2b_;jx?d zj2_!Fa?{Aj@sT~Z?4hHGp}O~Gh7t#Ld}QP}?Z?q$bUZx#@Wbe_==W`HZTI;TqmymV z+F`!*UB~bI-hco44?p?tzkU2|S8RRCGxxpblmB`1RYOl4|Mr*Pxbrc8Z5;jWgC98b z=o^3ci+}jbXWu)Ye&^5s7UXXD{X5pZ_YKc@($$y$)q(%}wZ1dYnEu(o>F>Ye*t_5Q z`s?2F*zPMQ&)xru`@WPc{`8!`=yX1M|D%4?|G3eI<{tmC(_ZkYzkAx}Gk^b^4?pMb zH+}la-+I-*e)cOr7%M&SnZzglamssh^|sx;hrj>NAH4L{mi?V4yySl!Is3=2+i>Ca zU1vS@#Wy{_(thj2HP_Z(JNw03W}d$JSO4-K-~7<+Us%XqG~DqwZ@FvZ;@7`%$vtoX z;g(w=HeMh>RV>pA~_XHyZhg6zdiqt|9$r4-p4)dj5i+n z)a1E6J$K#l@(n#_-TUe5W*>g}{ck=}>)JYh)BNwQ{pQIPkwd> zcq};W(J%kjT_0Yoy!FE`*>Lsuj=%QwYYX$Qe8RE)Pk!U*%inwNTR;5V!Dsldy6=V4 z;2Xcn`p2e!KCp1;3%`EM$9rq<{@P1!J!9L&5AVJHKb*JWz-7<)bnc10v+usP_`p{#PS#%0`y=cBzW?LT zUH62=yMOwPXMX0${p)tW{9o^Q@FVlT^d4J%O#9B?Ua<8&XT9kYFZsa*e|YfBhyLbW zH$CKh_p(n`UiZu&A3)zd`oI~_`>${O>)~YYXx~Tv?b?CwY(4*u5B-z(?{9qL_5aj; z`MZYS_N=XU-sjwP{k!kG#R=UxBL5AOf<=We;>>hU}OZU5A|i}&w4Bf0;Ri639Gr;z?x{_dAOY2h_b zIsR8a|JKC7(GP4qa!KujH(uqv@R?8O_`_A(&VT9;9ysTm9oOCR^v`b{xbD2u?!9K~ zk46so|9Wuz+c!QqeQ)80ogD`^JpQLgPkY|+uU)=v%Vp=i^`>igzwI|y-3C7W><7N} z(qpgx_KW}f6L%arW8i}ye98JNzH{Ym?Ol&qcuLRPH{5j7OYS`S>oy9bdZR z6`RgRU2QM_-1yTUer(4#pZvp-gU@;Hdrtf1#H)`lJaxi+>2r1u?%(#Tj*B04??cxw z-1MxT=YUt8HE{crFF4)3@M-T{|EhPEAL#qZE84$*<_G#d_rVLEw(E6we&+Sx_CNcj z_VcfL?q$zTI`2$hXUu^oK4$kDdcXOCZ6j~!eaXA-`_PwvdHR#@xp&u#-+A|EYhQly z9iux&AO86Nd0#4Z=I!&zdu}j(^4_c4ukU%?m6zZ3w1>Zb;P+=-b^H0Xr~mZ!*KdBX zRD5#(J%#dRuiEvNPo2K&sw3xgt$Xb?Pdsx}c@_{3#_22W+&)-vf!Ykj?{=?5q%-wE0<$<^T9@T#fj{o%m79%a4y z{&iN@#BV=(;2YmMw|e~>J~4LqDd)fB74AFJ_dm*f;0vce@X?>V;w@)??a0^HKkj(u zrLRBZ*utBi`#@sgNPg=*_l|!m^WIlnf7b`zab@Rie{=fl{yzDnN5A0(cR!|M>la>q z^orLGJ^Y5}K5$_7fv0V~$Ev_Y*FE=cJ^Q2Ux85`Pw>zHuE%Wqm-1GG>-g@gDuXy}3 zUjOBfeCoDGUGR+Qmp^^el|5UkFaBbmx9=O7XT0O7_DuB?Up?>YSMK`kP1*ck9(>9N zFMDtO-Cx~t^|4o6{cQ5_r%&wp>N$5m=ht_gHki1f>%Rs+^s+ZiTy^K)eW--qedX(4 z)AO6erCndV@}thD?s&^=^<8f|awNa$yKMu<5B>A)uetf&yC-KqGrsjblP`L7*I8eG z{%3yo7k=tKaLy0@dhC5q9{JpzU--p~e>r;am0vskaj$>> zTRwE!#~yq1&j0-OI{n?CXb z@3|Yk@!M-Vk3Y+P$N&Dz-&}ppv6#yGShM^B69(QHx{V#eIcK-H`&wl-zxBc%Md*Arwi(mY`Tkrd?+k19> z=8cPQO&|E?+n;*Q-@SL?@&9z_!Q=(+yYH4;+AlrSf5+)RzU@8VPd)bhr@mqKslOUL z_XQjN@$R`V5B|%W&$8-|-*M}|f8~l-J^9Ri-r&Y(z3qoMcl3+k@^8QRhMPZd?;G~^ zzX<>Cw=cTm7Z24w{HxLH`tSPYw@Ysy*yLYy+2?M!_KOb={o_QH?6>#09m_{DAW@7w$j-~Qa=-~H0}?VlU}%8&L}w~`ljz3*$c;m7{> zJNj}rlh?iPuCJnhdTnKDbn4Yt_q^og?xPl7`rtDkdd)9xvmQS4AAWJu4gc`=H&3}A zdd)*G={xhrul)6mbG4)R$G3mx(SPw^`H9at?IC!<-TzTL;~yV&|3_xb8_#^}raQ0w z`Hkn7A9~si*B77ldGnX&fAp_^y!n5fzCQi6-*12Z?50PXkN%G{t?E|) z@pgwQ@Z3VpE5P)>{G6H%LxZCOAKo$Z;z!ziIrXgZiQ4~{)ezxnp6Y9L`>AJ{`=7e9 z4fp@|hD6L9rT%V%tb$meBW})B#{Dh5VIsXg{E;OJfwFoswaT-1r|VZ z=Ng|RgQh}y3m~a)Ch#`FEE1Oh5oFY`<;&a~q!Y{|Kz!^vWtP85CTXa zQvppZK|K!?0_$B5IfU2%L&pTE3R(bN`Slb*zwV)exK=p13?b`0u5X)Z^V!mK3`=axiMO;KVwT}c|S#kJ|h36&%9BC05|15!WYKpFF zBj_XmAQg9hn$(JNh)i3h0$`C%8ZA+*X&YJ{7KG5sD2j$Mv)F}TIJFq8oD|h`ZZto- z$YP@%SQX(Nk=|6iY6^f+3`SuUt%yhwBpsoU-C(~8{C!wn6Z%uIyae{Fjq#doi#V1T z{5Tj|Mg+SojZQ;xI`${U-YDA^4kCQ%TwGQbMdIo7*&zpO7~w&_$qPMCO!r|}M;L5k z4Fefl3{o;mDj7331Tn3FYBra|1H9O)2Amb=By8IId_R8Kjt+%bE-M5@D6AgWzEnr@(h?IE z8L)<)p}kFeIJs2dCmWr~WysZ|HbV=n9tYpJST=^z2gD<%R*l12up;0Atvbcqji)Fa z^h&`z?|Cgy+%jXusR%x}ll^v$E~Z1{N&Z{Lu!^5yhP1|2TdOlP9^!8!Psc@0;7K3) z>O^V~@ya4D81tH|2K*$LV6l!cV6Cr?%Z&qNyAJw9cFEFQ4IQaym6?;nVjTcd)U1J} z0klVG%r4C!9=faPhaCA4=(Wf#Lza(W7UuwCnG6vQM~ge9ndR6>AqVGObVZhbe}uT2 z2+o==zf3fqnP_#b2#!g_trX4VWkY3+ss^l+%jg2FuIWoA3y3W6aZ9^)B1GmB&=+w} zhtzx#*Pw*jUXuJ~L#VOew#(4#R=6O~KpQActjkfD2l?zSYZ)#?&rkyjWocDbCqJlu zA+J6uk@%xi>$@11QNIldX`$zbN-R?wzn$2{z^U1GC#VsTJ6hU}lN!{tG8KK7l@GIp z6*N@yf;j^*fS7CvO_V|F4Mph_pG*4aNU zh6Yc&S|#K%yQ5``XHd4G)+=H4EWeDm!WE_KXyy#FSi)qpSBw<(i&GSQB<$m|{HiGu6yutAiWnWA#Qiz@i@5@(!N+Rg`TjOTcvKCH*#_*s}bgZSs7)t(n|YopQv;4`!3Lz zSJ;1=y569yH}A!u%n7A)MVm&vpvlkMkmVhC~)7+C_S5^`cIvWfhW6 zr(>mpE}n+fN;#d7)d@MBmQ~2O=(t+BfQuPdE0u3C<4TCPL^~LAga#d})r!4ugom7x ztLw4r4;?;~6c-f^nTL`Ea40FxYVSsNbvhbt$AUf%B|E{PWC=mPh7nFe)LWwV>|-MxpBhZYZAa%gdVqroE;*#d}LMR z_#|z+#_S1bW4ZI+U0u=h-#wdpdQQcEo{Yyt9&$|N7#3o8cR10^LdJGQP2Ksfu2QbFX>)H+zH3Wwm(jDS2#Z}^33bIc+r7zWQ`t?a{FbR) zZ=rj0p?gz0+m*}Zw{-V*U3^NawfZbM|JR=Sfj!ISf9P(A|K7Ce)cNm|@`UF?wK^82R|0};Kvi|3@xqSDj`F}DV=vf!a zsXdoVK$U{K0GM%-2-#pKA`MsqESU(b;!^PwpIlHMl?ltB7^&-D;Cz~Ap05#v#hvVp zN$8vApXZ5B^w}U2pd@Bdecr_;Q;&49C^9N0QouxWu16A8Xo(J zp-KQLVuS0?L{V`~T1?r{1!|%+zh*6_u)2Ru6vVJ<#1s>Et_8)cDkRmIg5nyt#)U!n zBPg-5ALI#*fb+r}&aiU`Da`^;jbk@6XQ6qmdXvio5)I4GBRy~ar#vml|25|UTT=e# z@?F`kd{q8-^`6TAcv7Br6{yF%nO}*m`RWqwfMsH27rh2dYaUVv#1Uh7x}TdYSncTmSg$qj1xO!Q~-^K#-Qz44k~m}36fA=yn^(fB>?bj z=u-j<+V>%+-#8B6_T=z>+sk zxHbYiAVH?=2zIl%YqO826s)!}c`l(@wVVvB`4tyim$TjX3@$<=lc4{ntmTK%)m}Sx zZNx*NDD;}m6Sea~X)xrAOrLx-(8B6+;vmH`rqyIT74)oK*sXag@o@^QUoZYtzVqOl z%*Ux-AjkAv%khIZo@>eSPJrr zB*kAR+S?Q2lK>gR)b@6E=efMOo3d^)REP4o#_!JNS-&0EX8~VS4->i3Eh2J(Lk`Fy z>d>sIrTj0|Y?~iLKvj14yHpqwBJ*{Kem(1UBAkO89A2ceO{FAP`NV^;5H>M(Kw}m; zChvuC(s2M-_Ea-`S%A#eijm=BcJVb&j13N6!UkZ?M|d3il>*3wv!sicA$_wEXWD4E z7v(Vr77bnChtF6sem+8e4p#~Vwxoz-c^>i$;0UV-fQQ|MI=l66x`Lp|u4myV)V797 z5ab61z(pypZ;j0%j4czT=)6wt!?qfK+w`TMrvN{1YYa^>snD0EhoO@yx@J8^tjlS= ztcunN80TYHDp^KKL}-eLrI=5aqdxhz?7LMYR%b&#l0ltmJ1MjPtDcQS4)u0De|o!^ z)u9+Jo-SR~O0ZIWCcp6%+UkZ1CY$J}QJf_RmnogE>8wO&3 zF5#K+TyqlHh`x~WsY)f%Fz2^Q0uMc}u`<%`0Z8$#iQEp5k{!0s;iu@C2!Rw?;5v3a zbSRVxOnxeEBez{AxB-GjTstF= zu913I$2PGFNbYMnpl@PoXlGyl)Y!y< z>D^-^gBj!-nNU%-;!-FBJI2+^F=x_;*spoPH6Jo2l_Ot;3u7K~`d!E2H(l|}l1A)F4XJh@(d%o&_RxGss~6T2Ps6^U!t*v&M4g}+Pzu0w_ugXyB{ z`ozc3%M>jK;yUqNjM58LDR2PQ`)uf2b0`)^S6iVqLMYMeJ~L&*4c0NVwm@=J{FY46?FWBGQy-zA!FNu1(nAm6+kj4 zj;gV@hF4>+s^Sd~fQqZsSgVKDYGuSuF*yY`7|@5d<-iU(Zsm*NhVjcqTS^wt7$m;f zt^sYTO$NM*ZKfP$S)|QJnsp;qStNEBUIy-3=uIzB39>0owU(+Z6K|ja;9FJX*8E9i zxDJ)~UA@5qIY=cw@Gwd-@hr11(FIGvWx+&xZx8&>odR8|ULWVt82rSxV!GxnDn|&D4{dGiHyHfE_@=_^+{FX7@_9|(Rq(baXRkVBD1U39{Ih1w9@%jz?CqFGu zI+m(WD%3E>HOHZ1I=H$Q5`bOT2OBICWINQ*5@LR-(IxOt*%t9r$TuG05hnE++6-Fo zwa&#gr;qF-2p2#$cv~X7czkDeO=FZ)K!$Jb67g?ZtMbSVw^`h#SKk2ajU-?;bPJ>jO$q9 zRn8a0e}a0?Sv|v@-4>6F?%N#QJ<9aGAH+b|GDPp-)#Hrm&|IVuixUS6INq47pgWxST3E>_mnLP znEG$6u^;`lnuzJxF8wq ztkc5WGbQ9-G6DoSW-A~N<%s~mIXf({Ct|~diV=OdGxw)w*UFYd#J1p=gJe=RPkmg^ zU5Km=|F84=^^$=FBBW}SKUPrzQrE(@0z*-X}3$$#uN#arxblttc$(&I<29Q4JG$$k9#j?^B&i702K~A zLmjmify*SJ+;wl9K~&g{jE_xB^^Hyy6!Xm@uXDZeU;JiT9(P=IwLrSrd!np$P z=v?gAy!e`50>^xFB=chZ2;+GqXsUuRA0Q#7fxM9HVqg!I_-;=p+ozTJRSnl6u8o+# zkgvjy>jR8T3)7MByVUw+aZ0kN@Dz$)!){sbA|(LOwh`hyX&ez26T)}1*j$o1dt@>Y zr7g-0CtiUHZXpaOQPVhE?GkU(BAyNFnLRrv#&%_>B}&ePj(IMRv}tEApkwl%sR_i^ zc*`mK6(j=7`e?(n9OfSp+Y_%^!cAy-%pTg5W`Ujj_@>O{QUFO-lE0Ot6&f^>h%V90 zm$-6&;VEz7AJto^_m)fi#_pm@DBBB^FA0Dpx~2zCAXbNK7!*dRvqIwmIdc|v9TveL zkMa_}M@|KFk@=}utA5Q1Z!ydK*A7Ca)RBU42(E^T07?J}E5@>pGSmlyb}y987KFQt z5Aw;ui3W)Z(uS4BA?ARhtS_Y zI61jQ<(?(#YON1mG&RvT-9I+Eb7)rt!g6h|rmCtlI!N1Jvf99o>G83#VMb$L|J2Zh zgOTF7D1Y=CLj%K&<-^5C4opuD_D>8>O%IMcmIY1F&lIWeosQff$)`quqAPWp-=2@;C)+k9w!AHBCHw zK`pSjsPESA5y$!Y;xGJn1ECB6eBafuE#&y=DqKh#L9D=by**x#%c-=IAL$@gAZYvW z;S|@P;*gao27=-ZIFY(zqzxCNao4pct;-QZM1K)(%PN8NLNyHWqAH=4La%9AYKz5G zUWim);FT9zsC;QvC0P#BWVqEdsX6H?JBveQ4K0gN)%8(}#aKEyMm=qX?eVqTL>gDE zHPt7?R#mCx6-zlwLKuQcJD9c2j}N6~`aTNF_iU}&x(Ih|f>r=Z*`xZ{2~5%`@Mc{H zYkmbeK97rQojH27?P@o*m5O{KQB_}Ym%rO-*(pV!p&Ir za_drSk|G&-*)lX2D{&G^TB_d0#4jos;ixDb#}+E9oPK)PB7bVwE`a2vX3;1FUke#_ z>|g@fh$2btKd`u%(h6vDRcly=dWdP7i7yrWsgecqJsd$P)1M2##bv$L0DB$a9Vqk5 zwIZ`IhFXamPn=0Qyl_9oVHsOmm;ep!EipY?2pf*6{s9bvZo207|zH*tyS|z0%(Oh5fP;K zB1WD~B`?J?ERKRN5~s$P9&K{Oo$3J6N5Ub*N3iqRtgd&Fn+%aNP4gAYN8AJ{f;c7SJ}dzJ>X=Ek ze>}ko7Qn&vxon#M*OTeWukQrxMNYlAL;_>yqY2@$R25`bmF;U=4r*wUm5?5cbUF=E zDQb5%ztTp>Yy0}cA+$O}I4$ynQcDoUk&fwLu^kj_t4PK}9J!$c0uz~RkvG-R9JhEW zGJNKPnNY(`_F1BF3^tq%iX2w}S~zw1xKAAVVxqNpj7OAh;p|JTR6>|qTOjF{O3Bvh zE^!V>)CRz))SOvlPWu=-q=fJ^atznx@$Ort9JFFWVkJA^;;yXQlYK{jDXP{?g=5iVCm&jBQwEc>huWbKp0NJpv$jEKxp`ayb*)@#l zqDv~S&DandJStv$VQz@Gq{h}^9ZG@;6G7M?jf^cPfeJ0SN}RmVqf+J|j`s*Bn~>Yy z4*CL#!0j_L=0Y2msKbUJa<-C;Vc3*FBTfdVn^`hqN+IJtwJ~Yp;0*zoT$PD25ORVq$hmh$)I1vrDb@) z!Ug^&5!SenK5}Ge4$}tH8atrp*>zT$9l)c)Ekb%^FBzzvKHe5rA(6=-Gl8g>QL=25 z;!_)J5Ij+8p;J;?U)gobv?NDSzJ>E7MY_VjQggwJ%WD{=ind$Sv|O#l&u+u5lU zJCY?_(L7p&wgyru=@Z_@`$irN+@74vCC}6Bs%=IET8{o^N!vw7jy5;RT28aU7Ux_M zjR@9aV42&KtZ=GClB|cc-;G#=+yc!Zh8VaQ|?Z1OS^n-(b8mJu9p=B-*AKC5Ci z0NZrwa$YMz##(u>xVSA70uY5B6;G|S5Us;nX#kX1x*Hn0V4KkT&s)YL+4AHJOR6LY zPtRTKs}i+K%**_;({k0F+gOzyx~oB3R#m^_sy0@~$j5bAm;Y#1v9WTLVH`^2ZKf$A zP3GEiU*o?tPDashbiJ&?1t59K)@`l(*3cXO)23Qejw~aU8!%@AjxJvIytDr;H zWGyH#4U-Hb_6gc6Zy~75r&$21VW>dAvU2zypAp+Kta?2E2dPm&eY z314`X`X60$`}R+Q$u4kV*Qw>!+@2&|QnWBuaUkKBrxx2kzr}XRFdV%(I8P?KF6>&$ zN@!t-#4Mr254OD+-Qib^tVpR?Gfb1XON#LpBy$s!QMMG4yvvC67NvAkBXt`_Wyu)+ zCxav2F0(4OzR;;9Vri)#QXE>)1%lBpAG}?0d;Jt$cf>VOe1pOFP>b5@ zl}wcyK|>Dlp<|$aHT2`UKfd63KCYo{nI<0_5s5^bEDf7&M6LjM?DVV=G>#Fm%8uof z8OK6z82iFyq7dkNmREFe!LzX3kzkJw7*l8G3ip$d2+B#xE`PJez&U3ErMRDs$T(LO*XkS}#OsPZn^p=A=mX~4E+RP{!cvxE_;G_J!jA0lKmS%G6JwvKZ{U7-Oli%aZ+O}hH#iAbZ_ zIud#UCRD3-;!1(V8;$M*s;w2NS1XeE?2S12u%wjNLeqvy;!2Luos$6a z+$j9yuMG3xNk~}CWd+V5097hQT7@5X7EX5P2MADYG zecj>Fos-i;QK2e%6IaoLJox|wN_!!65I0pe6f>pntT>>wQu&5Q zckA_oIE`eeCBBWkVs3@wK*fHSY&|R}!VFj*cWw|BV)zltZ$3{#w8oMe?K1H@yiHO7 zJu)NzQo9v}pp4p4(B1_;fB7=rSFXj3vm$}BJItqepLGFrsp|vcT+D@rZ_3Nt_$lzb z7FOEvN-hTnT1Mb30)#5xlU-m&vV4X`)X(rfo#DaFXM;(ERMr*KH3&6R(y$6IcO8~> zg(n)bGgJX5ex{5w7&<0OS9}o>%m!Rx&2tLQlVp=I5*~%p{ZlxhGqBMu6B-?w2+`gy zHMw+0O9AxlpX^TU9_i~(P44c?_w-73g)Z{ZOhb`iNgO;RT{1XZo^lR~YRAgjIi5kj zi#IuBGR(#53VZ- zpZ{pczzMeLug=rz5Pp&(nM%f0OC~$Pe8n;lmb6dj~t&j>+@Dn1`H69~!gr5CZ=vgib*uHWldz)qzHp@vE^@f@3=| zSD1xvb_!{2DlszeJ&QLZ53TwYROKgEBZpSo+r@!1AGuJ1z@vZ_Fp1sHS9IqnZ)HXsHeK7nLX{4OTsbL!E>L3l zPjG2JBe)OxbsBgyqOTcnLeLUSgxV zu8yjc$`Xf+^<$p7uC6V-&0zgz$rh9Ov3t8Mr+n_z@Z`DubopX;Ya-Gv zzf28J>hF0|Y#6AtyOaovNcqV}1G{-pULnfQa2dX|O*Md^kKY#R*TIJVz7C#9%_?(x zDaQ=0ah{#6SZC+rn7Fk{C4{Ne;_b7H+Ih1HQAw9_HS@k9ku2y z0!-K8$wny-6b@&7ze-&hB;v+4$P0J;A9!RAqYquLPZD1dyQnRQ|e~6o6)3c~P!^GiIXvyq) zY&>8@kk5O(zi%(9lR!4;;{YR-dY6rbKD~?i5+Tp{$y;k@d1}|j7PRX@Pw+itJ*{6u zrYG@e35`TM7-i`MSSEl%qVYuTtmT*mFrdy`syqH<8iLS8nj$|!KX+beXUDq}0F?Qk zn-~L6`jvnT-_%+z24r|Ib88dh=5jZTX%{mgj9vUky}7ElyWt|Ge9yAiFNJP|h+e-m z?3RhtJ2+Otk4AhGVXQAyHkw0r0n9_}(7M$8r6X7#_iP6v&~gOVLK!DyMqmKuT|A5M zv`}Oa0ib&;H-ir!);An^G7E}Kn&TlioEVR%ZMQ5D)YH~zwHU5oadE2vE;jyCjbIw; zH$8bn0cTVvx888D=jK@^5KqRhdKuB6Why2#-F79U53r~#ongISk3hFvq8X0J%)eA+{Ax-eQ!4 zyyxbS;}b=N7*Lw|3s_Q(tpWtEMAa8nMdB>_0r>{+hfLL~a-*0?M1(AxW|lHLE-n`H zjBEJFPjL=!l^Z)M_v>^8lFD=yE=;q{umGWkGTckTi}k8PysM^J(v%3S?(CM{=EZby zx%_68w}lcF0hG^n$9<1Si1#{O#HK}_36Ss3W)-8jCqi5jy=0N1Yu4in@HRwGsv?_u zA_WL?njpcy^9(tP1+#Hq3Fywoek7_yGXOrSdec;%P0wS?M}n6<*=o2L9dXlQDFV54 zE{+S0n2JKSTb`!+CiJ%{tz1ah-t z{W{`9zed11-frDTg!0h`$#o1-jHtegwHo3Bg+C3;$nlf1>;gq?9%2)j^snUlIJAAM zN>|YJmIt_&z~wJSo!*4{ASeh*VnjUGA&7s8;;hPteru&zSMkR6&ePl8 z*Qb3C`tXp}SzLQr)e;yeK0tJ|f=VYRyA4=8LF%Y>-|(g#*Q=3=`XU|q2zk)9=8&4! zptnbTZ7*MLd7<)BfNP?gsvBuDvymCGq97Ok+LEIyE0L9!lg+H$=qgKyP4yMuHC&re zyKOGV|DTrs=Ec8VTU7|x zyQu~pdN`OcAD2U5r%PY05R}(UYFadA*-)AF%$St3Go2!#fYaSnvGdR9#k#InynR4r`V0;iI7KK z6H)M;Y(mbn>#=GC0X>5qRc1`ViP zZ5hDw05yz}h}h7f4vp)Veqz3z>(9FYs%u?^U%CM9x#Aj;#QUBrt_|`jvVEOs*EuA3!qc!JAqZ;+Q42$T zh}IyIw#GU{5qK(r@SjEk;avVCkRdvIa&lO05m#Vvf3VzX52P`_a=IP(w!Q(}nA2O_ z<;(Mx_N!ZWOD+~tkB%aB>tuiEX7VQWbTg#_!vOliZX*S2B^i<#UXk3$q4ny2baG^# z&$wroC9z@bI2GLYNC)?=DC8~QlWo{L&b1Kq7E?{e%B?Dbs=XbkdxAn9Mv@R&jwvVS zq2;GaE>4+6CIW-4_cYh+Tt5F;(Cw_{C1{16E|#F>HKp$8K<>2 zG-T~TLvP(aebv|&d}feG2r zrMh&f9WcmytE_LD{g%5}U!{5uA?sv%;EHF>Y(fU|_wHU@({rqjpD>T@6(! z6o3k3jkPpjt-{kZQxdxw3|hRC{MJEz85pXg{6#JOQfQszxK8}TU!t! zR%Kq@65l-akOh&IYp8|T*!rX8TYvm%`MREc)6N-}dU2b?*J!}ktwpQ`ex63C)#By~ z(p9|owmUmJHD*k2hV3)UlquRh+qL%Cqs&{=Vn$eoXr3i`_Bb=PWy>=`UrM&f3c*H5 zbU?#XmG~{$@=OS8AzK#j)-V(Q#gvecrG-5idKkt-s_kG;6xv@le|AJiZR<46Icy01 zo|Bw-ETJ^oL;t5??~oV9Nv;Z5wWPaJ#Di8V8}Ja2k&lE9_t46xgLkL>qdhqE%Av|9 z#;mG>tvk(c-7{DWLlOlRNTuVT=5NC^Yg*p;(MMVQvh@B~5TRA?S?~yhrmBW!SHje* zWN{eu`E&C>jlVs8{vY_*C+aspRVI&pp`h};u=dI6#ZlkOZnNda=yW=rovp3E$qGS* z|987PyIX(j_I9^=y`Amu?$+Nro86t>?%z=7OHJDTP?R!i*Fh;;-G~gCbM74c3jC?jcGQ!gK;meq1BqCM+SQH z%{@QOHHcYmtS|aOKkuKP9G|>J3-?%Wtn)>66;v?=t_{QMsVo%5zSQGCt@09emsIoN zz$=&L)qPh+0{>zkxh(1-B)p6x`dSYXkIMup`xi&&AAdah z<<-h6O-RgGgi=n9tueVpz0I}dF<(K%A5*mQ$pHU+hefCc{>45V_?djWYx$QoDP~mM zS=xD5s;SGF`18lXd_RKAt1P@G(NrY0nf=5Lrh#E*zA*H}1X}zX_|X8LHCw}zUafrU zA03<@U3@&*e}5z=J{R*Z_-RldVKP59JIhg74V1Qp#SAOR8f~T?dOk%`4{}uaiXq=-bxp) zeRw~dze9tmPLd!zozh*y#MNbihp8}OHzs;sII)V#gJ2Sf!1An~CT_1`M;|&d$0`u2 zSrZ=#&&~u8d00+P505^cot|I3T3J;uvPUFCt(GpZ4Gx2I5$55Y=x;xNMlFhdV>C{1 zHh$Io{aRcMJ%#THfxWB$`b%BD-MBiotI!2!@13HVWw29v!$g$mp^U1qa!D7ia=?8F z_gn}ElMo^+^tF}#7gu;|^<9}V$NOz^YYUHmzW#sjblPEqf1;_z2EbyD9q6XJ9Rj}C>qyTS5+A~r@XA2s2~{kzGnI5k;NIv2$J z-%a%W_ZIMGqtWxwJDkV9*}=Vr`q!dh>jJ(V%1uP5x2;<}g#T|T|L?~!i4u}BFH52& z#+dE@?QCytcMAUB&F#(JlmGWIKA%3d*U@!2*#l-X3?l+OWx|)mACo<_-Ugy;uQ!fv z6K?WB0wsR(q_zVT<27WvmJ9|gXbeE>Ez<(HzIOm!Ap}p07(5~BRS)_TWoaJ!Xr~AN z3@813I1F!5vt@v(mweSYif~57F6SVrMfrlL8qxni*z3$rYFN%Ers($^N8vCe0m4ZF z^YR)$69FCCXM7C44-5^6k8?&4qZ22a9-t|186lz@?tWF~x{#q&8Si^|(&uf#i1lw!&?8tny!qIV86hU$^=RoO~1AHRPuJM{^+n^9a>q1zfnPgf*BsFEvCfNDeoLmY`*`mhajG zB>t^(!~F@|l56|TZ=0z3v3Untc&ics_WSRg1dp?E9+4Pw7BY+UaRdawIQhdXz*TE5 z9-m9~4x8OAn=xxeARfE+?*>TY>0^%Jh{Ol`Zjx;uH&JhA+iFSDOt$TZqnHE-{EOA< zSEI^+SVM6bS*yVz@-aD7nWqE-umHLT5dTDjoh=gkNH&3c0o~+BGId&%H?a@zTG8q_ z%MwxhYYh!BCq^2pgpU{R`YO1pEgx|NbI!JWEn6j>M1})96Q}3oAT1Mf6Ey*|xnf2( zoGm%Nwx0f_K1cIFs!?7wceTa5qN-rRnQ|9O;;?egNn zrAoDfZTIA*dVPZcXZS}lT|={#OVL<)?s#L7@l@QhH*gZ_H2v3IC&8+S0bS6kQY2H8 zI8{93NRk<#3R!F5P|Rp91*&d8CTW=Akw8|)`rq8Dn(zwrwb}Q7O(MYqzMv9kM*C|q2$v^V)9`MA6|@vDn78T!XT2Ys zE8O|~3;s62$$SHFuKe#5<^T3}Z~N)|KgOp%Zo*d?RamVCpp&lLkUFBW+iu-@}^AFNMivHO=V6Ob%+9~S)z1^qt z|0tgsjvBGUeVMO7${IJ;c4qTdtF^r0pl?Phm_c)nxL-k^KR0bwP~Slce5;2F?i0OM zs%EI7{K~vzrNlh`M8D@Wt7IZ8E*G&{&af)@(pAucX`z!svY|Z_-oH%Cf%Q*@(t^EZ(xz3pm^l5I1u+P$J z=kWZ#fsja%B2eYJ1zIs4Sckbd?-*tPW+XL`A)xl5K-<220B-_xml@*8ll&Dvcjo^p zdrsO4;~~A5{3@&%DM@wvWXU~N|Cg`EA6&=dR+yrv zJ1~lsB^kv^C8H>taPv*KI`yuwhJwjdDnLf(`AYkL=kq@aN8;I3i}`7o%rXGy*?*l* zQU33Cwx9ezkMj9qe%%s%{54eoF%9CevGTjT2_wS1w(!)%cHm9WSN{Vaf~15tHw= zM4J{m7JpXx|9ETSG(M_mTM1YGAttJRS!9x%&TWPT-bRF2z{x#ew^}Xx;^b?e&M*JD zGyhN0kfvcaZTS&q_q+ey-YnbyyPYTg{}`Vc_rGd~p)iShLRXLn%pa2=kE-Osncclw z9^By}UOj^9;uzB9*Jqq|`aoOWX%x``j$}F#mEt`h!gPU|HtqBo3JL<^Z~ld^F7AB( zQyP)^Pk-Pu*Z)`2|F(MDPyYW$`4rB7I>3I-QHP&!o{ec5{s9(c>Byhch&U(x(F}eo ze52;z$91~fo!kRUdP5p%9uc9Q6hgmYRpBf_lSjV?z1R64gmJ)G{~R_j&;ILniuqr* zcXl_Q&i`Y49{l{j7Bun12CCQq%Ll&^KVy517E<>nc3yz_0ITvJ2o6Ida!#NOm&J_v zdWUaQnkO?haOr9Mb=94xPvLWC{=Z1zul&sA|E2if?at1V{r4!JFA}i#*ShMdjnI>E zk+VxsELYM(+}`Lc^tEEjz+W&jZw9U^k9#eqvOx(?{{2iW738@%er+m$`qX{y!T&{0 zz5Db3UT0^w#Q&e{|Ht{%@PF9bzlH#Ke4W1{7TSsUftkw}Udr4rUEx>Wn9NA^i{qGP zqDYefV0}^LSeOT+_8Fz1^bYI}hR*!g|?P{Z&X$0H(VQ}^qlQ>%quJ5NzN z7$~$Q%Lvy@*3OEpHZQ~Jh-7E8y4iWMRktLi8TDzjhb|7ztipyV%`-@ey&x)_-ibdSm5ZF5H3EO)!};gJb~| zf1BJ^p{W00`o4I1zUsbkoBP0RCKLSHV(aPiK%e{Se=>LHJ>UP9?tiy7pW;6s<+D)U z)cT-r$9ZYg#S&XBz@4wm*jaMc;PqIo82`Um)4Z!QcyZJF?&m+l85!mgoAdZ%?)l%{ z+TAXm|LxtKr~HqP^0Ch~P7-D=bNX_F`+pTr;A0=pdmDje0}xzzYMf*CAsMAOATu6a zD@4^>T-oEC;6S+TQu2EqrX)bkf5-ohb+xvC$H(u_PR}p)PcHV*hqJfm`-exUe{p(t zc65j`ijtIEb37r*Ktvh)=HKx-xemz_SS2b-aOmGRln!a zcC=*DC$o=@L;EuCJ=;Uw210of;EeRM6lY{43L;74{G3Kn7>_C(6^&o36{0(V)8W!cd}Zm0XYo?a9InfiyQpo5u3 zCH@u5Cv7Va86c=a_Cz*XwBlXJh4EfvM$T|HM$JVM1~x^eLpH{n+dC|uxH~EbXH%Au ziFi75m$60v76&kA(8cm$mJoDOS>6rDazfSFSUP+6h0-{e=Ls3WO)lcaW?7pye90M# zhYBlKWV(S?MC|6?tLmu~4GaYYdP5c+{%--JkgKOOxZ>n9{a$WhsVYV71i_jCoW@!* z+!L&m;=Y=i7l`hih2R&7*R5Rg()O24ox9jY0#-)SNf-llyiKuB&PW>4pig`nOR}!Q zer7KlZ@XqK*I&-^D6-OG2^@;QD305*Qen*jQn5y&Ai@ESGjf|5CZ6W;KKr0@zEn*v z4+Hz044I4>TBLaxhuMKBTSQVe|DagOEel%gj9vkWNJb7{pQSV*X%-T88uv4tW_e;T zQH$3Uty{sMmFV_OJv&%X*9+>*;h6uf{h-cniPuf_&UMgN6Wy?&4@__zm|fxcK4;_S z?iVe;@I^X7t>JYof3Q|_!l@m2?&r@?q%atGX8s23HI4EKdCyxj7oC!?za`pQjS$kq z)H{;vuxeHluHLtlOz1UfMU-W&A+p{{B3EF}p}xtV(xW+9fR zU8p$G{LVf5S3#JfR&tLKT!4OpTJO>!YG;$A289QlO=0Zuga&A*)A=GJd~GgU7_E}{ zYe$^19ZjdxoY=GF4z_(R_=n{Kflti>%q2)4AXc2Q--?fhSmAD5H0wdWRj{hZ#H+97Uv8WXjrE znzM`qHf+vchS!3<@aFas++{ece|eG5L4CQ8=pWK3ASpjlVCuQ-_x`HIca6fiUC__r zP?1~U0&a$&z{S@lsS5d0-2J-R9QUETI+)+pd)n%jKP8N0qI}-L{*PqJs`lWVH_Et_ zmxcBY_7QLUFzcw9V)1a<&@-C**jgVzgES zeD!ZqI@xp8c>wt%naanH_D352vtO@RH1p>&9&Xpp;vaY_qaMwCC0egqOhYwaayhFI zdx!-!ucc-!>BIQDmO4?TYa=tBxv#A8t5w+}_UyHhYW;pk-M!!e(AD;4qE)BVR^nLK z_{%AB#W|5QWAmmYHKNKH$lvY_|B6g&;m;u8xkXsc6ai*uH24V!_#ndJq{7RYfD@3Y z`aGI+GfDXO@pnF;ud**~7CIjYA{@}&v-``^WB zQ&DS(UVVoG>I!^t8E)FTXFy}}owcU*j?lS`>)5#)R)I-%wbH7(Sm8@M%e|b_nQ!a& z{<+CgZ1tS!!!6(Iq$Hs%%UYfx+a1_y-voyR8 zBQhdK%*PQHxz0rTvsr`taN_macp^RiajK%j%hZ7;Od9= z(C5$J74RoTlw@LS&beMS+ce2!=&K#zij#z|Rkg9WVnL{J*=rQlXmHhXp2y~wW}Q#Q zB&K#ovc8|)vzUjv3QDofT!=aibqzHA`-7O*5gplZIK|Ez7v1{=*Cut))L;v~a zWB-T!^P|I$hx-@%ulM^$A3yYu&QJE=AKlg5EO3iz1PfY-{V>5g?v;Io8sn8gsAL!O zAzX3uycA9wF;a>6JcRF51g(U)EbLWpc2#^aj}~-1MX5#Ums!fzOmaEf@ArQ`JwN|ND`RhO!*#EQ0)lk&hZ|CTg?yxq#aYCAJC&^J@(*bI5rvSy`+(!!P#e9amyfNVSz$L}yq9lt}>NCWI&<;nfV5-{A+ zs$#0t`1bpr+j_^hHRMNgZD@7&ZfnT0&}NPhsCO{@WS!lGJQ7Za>gQC|WlY6yejzq~ zt`Dy0WP9>LJdhWHkqotnZ4ib-^ebuw$RSG*7ax5Z57B?n-~V3GLK80f&vz&rleoge zt%6KUTX8`m-k{bEn9-V%nw4?0*L8r}HDKB{m|D^5k{DgLlqZ)YB9end^=Nh z*LYX%jl0mMeACR8d~$|8Im4cuVNcGmCui7`GwjJ3_5jW>okvwsjJ9}}&X0PR{xz9Q zE6B`={k5Jq*nVaY)$tvsiFa~5wcEaz8oPcCJvmp5s4EU4L+nd|W6CH)I~NozvT zqtGX@7Kt;P$p04};8rcSY`NT&3qv*+Gw2KWyHPuH9u=#;mCuT+)PTiT#g3VFJI%8F zXE2*EW*LqmlD5KlNS9k#-lOdT@P1=7uB57pb_;N#$8fhRR8t~6NpmyC>xKq$x3dsu zO$iRdm@syh(m^SCjX=U~VJpJpEKA;!g7+nvMTdpal9Ia(LG{&%n~u%Rg9N`fVG;8r zDVyChGqcy}5+dVIh@(Ri;px1zNrh=tbai1T3ngPJE>2Z0Ch>7Ytri7X3ed734sjUe zDY+P@gpFwwEDE#OugDqTt-;bzi~Z(Xgw=fOn#`nZr@{RQ+a2q#O4sfz9*C?9OLK3k zcHun;QM(`?h^AejOOo^o+&tQu03$jYk+kY!)b5tyQEeywo7>tb<25M<>#ivlvSq~J z)}Gi`#OP1R2#bA!njf2}*=pL~c;cJt`(n8^;zoEy%xZSRk=fa;*ci2Cv`0I`VbqG~ zNXE>r6ys6_?)G>O_DFA~@`;QBq!1gCREDNh1FD)ymGV>dbEUdbd3`0f_I$qDQQ?iQ z)RJ(9qcFzriZnCldar!(3spoW{{~4{@xkXtA>6<0KM9WyP~>+iCoqmesUgw$Nt4bDP!! zoMCrbux6gYWpdJ1x2!$BbM5nf7!V()OTN-8_nPxi56!#jk7+>qGJ(CBjs5N3oUG={ zjE09puCrTbUVZbBqhvH9X)z78_2rUdDdtcLB&_o)3jf#MVoo#rEQ(EjZNUC(BGV5S zG<^L$e<6?dqF}3Y_Z0?P=w8iQnQ9-~{T`6k$3Sa0yuJF%-3gX~*XALtaRfd95|xne zc26|_mWWJ}YxpRo?)WPezftihUN=lj?F|Rwcfk+fF8YugUf>L;RY= z57twAd%iyZV&RipgUC|R*VPwObFZal6Y&xwNn{tj1Ce&poouNY2EhZINdfpiTTp?r zO-rKP1Sb#5&q`1q_f~3=JE^4v=FD5B`GRp)_j}(n-9c2A@8^~YGWx2yz2{^%uHDry zk+yh&op->0DaEHY)APc+ddF-1xtID&il&9*r&`IiKLdxtb^n*ZLJVQyQMa@)t){CP z#W5C=`dWdqsVDq{ybC8`{f&q{DsMf5G-hNto3BzWvVK1v-I3d=+Nt7(cQw+O?r0Rr3toGObc!!;huRIl3m>b>s#v#?_fMR+P(8Uh@D`_$`@?=< zs(O&g*3jWhDs1Q;Gj2&|V`71G?*ZlIsT-zS!saf7euw3%IvRELpDnhuT>bAtNzEBG zrsviF-`?IS)&K5vp6Y);#;2yPKUWd&UiI5m;vcO5`29oVH6*OYH)I9Y67}0#r&zPl~xCgxt0kY zU}SPl(gQk4a7s|~`&ZXpue;@Sn#eoA2_A$|n1zISKjs4>*^u`(%q)&%^VgVUH#EHp z~Ou zEM_2GUo}7ese*6*L|Gb6`uT7e-lFEe>g@N6n9t~8D2OmOt z5o!>U1pXTPS0oNxPuxI!DR$R7*@71Aqpmy_<^Vcv%o7U7)J^k9#KTo$Hl|F)X&764 zg@0=w?uyne#QzWoK=Xo>9%q^Mv?e$kJK>Z1NyQvx)HWluzoy_RRICU!ULlS3zr|aEHp^0iCt*B#T!d!}pT((Qp7>ax`#h;q_3y83 z=GA_dvj1g3<8t1=x%U6&Zl`GfZ}mD)_Wz@N9yA8_;k<-(0k40dy96~;>n-0N`V;y+ z`$m@aZ@{1LPTzh!JU)N5($#;S?7u&HwXz9+pB*2*5)GfBpK+L>Ax%+4M<@tWlu^D8 z1dC|kn{gNs^eg%XwF0#ANdo?i{$rK>5(U4+PyvmJ0PWlD4O(aCM{kb*^=f4mvY?6< z9JkNtPsB)op0hS5l9hIQ^n6Vr3AtjkF##kq3M-%?zBzt(^lD`_VyM;4kk=M4#WkJSgZLA9gK;8 zRh|k$Cr3YjTwp>R#_`Yrzz=IYBEbgA#vwx!f@7vpO1WN30tnNI2?+rA45yhyT@#y3 z?%iDZq_FthMBlvPU)ZP#@^Er^UxiVGS})Pcr?cb3&-Ui)CVFBeXbs)w8R}Q#HEWZs zjS_zh!`gE@|8{@=XDRs~kHYx2ReUHgR|}YT|F_%i74QGIwzr?;|6_ctptn^!q7SxO z2AWttbuG--3N0=B?~7>x)#Ufr)C!8Paw;wg#lm8D@oR4i?|4yohx6~7VB(etKAyt? z=HCDBmd^j~)A@g#&+PM`MOL`@vPWJ<5s8?Zt9(Gxm}CSTi&<3T3|xW_SY-HDWC5Q( z)%l4>Bo;yc!aMAG$sa=I+n>9f|3zfJ{h53Iw>yRN-|P0C;{P7yvxxlvFA(~FT|qAw za+Zjn;4q#e+rO9t@eb!dAW1~06B5sp`|30M{C9VDy2be4t={g|)A@glPr-Zcp6jm@ z{bREdoFuHR`H6M^B@pFb^V6|R{2_F7nap2{vmlX9Euk@qvx-GgPfaSf)`^NK+CB34O(Jz%E?+{QaS1&CKDQ)G3EUYt5_rX(*e!n ztn_e*>3l$RreM;s4IF@NB7fS{xwrf@arBGK$i+qApJg49AM{xZ*2-hD*<9@;5>A)2@l!Zl;%lA z!%?_wvDNA`T2W@zrj9!lShc$^TUzxFgb8E_{hqtuwMK<60+5u54u{{FUkYV>o}t5| zv-6{a{fpz%6LfNVakPgn#sm#%6w#Y79-)w-j3REm@FhnqPoVzIkfx#-6hlc$P}l2u zU2b4nkZ-~$LIZ;Qh~St6C{IurBaArLN|9VD-M&(h8E2VOAG5a6vL$t_o=a5Iu>$0* zl{-3IVn}@vA#V#brswc+JHH3MgYiyIfeOg6*T)ibqR|7M*m4MYh|wuDaCXvti6C zqBAp-t1=trq;ai0ZePA`NaZ+Hl@*ralBlYZ!UF6OStT5PxVShgVNlL+HFKbPep4K& zUmmJhGIm~#hsveAM|p?pt+`WWhe}X)F6vMT?H=_UD&f_aa#&oZed*dHRiiweox7i% z2dj)yxiR-RIS*6~r3%=+&&{G0Q2zUBpv)GrR(Ch)ik$X;OEC&3Jgb=e|9R_;W9nCx zpkVDKi%%@1FjbeGm|Y6OS=r@^Ka?JFNlW>Qr)HP2E?+Duy9{S|q;%{R`h7(zxJr3a zxN)s=u#|Ymj6T&8;~qD#H9TlRtE03EGuEIg>THSSnBD#1)}>~yb5_VX_LYk;GmYMz zGb2{Ob`pF4X&y0FUhXf2&)}5R4vU0VYK&684tlX@%5-#k7M}DF@5IA+w+b zcCO^IGdJ2)Qbd2tyqhyQQw zbhe7|pF3MSPyGKeK6B&0YC^k#1pZ1KdC_Q%`^RThE~z>+a}zvN-aAzFo)e&jkO;gl z-(*QxP`bgOTZ-gz+BM%%9K6O6j(w6!r;A&m)a?{m&5zIIOMUmt8K@O{tI=xT{JXtX zK;cD-hr`gfFU~7}nt{j+Q1#+rp+)I~Fh0leNM#bP`*l85)WWSL5$m%5A+Py6@|u6~ z3;sD*`wP0OiB zM3Zn7)0Et8jCt?Bwl|CZpH8pWebWCQ$q(IiK1PQw1YL)J$92c*1Z9~YOH(NBx$VwpT;xv6HY^# zGjx1-#2Q|b(%*=mHM}q&xGmbH^tZ<8&nHLc{ja^HOMMnN{|7(ppS(SKcly?w1a}%^ z_W9r5-su(dKXp1!?>`^s^9=p-O-e_|x-LTy&&>ZDk4QvEjr}N+DOrF?KvEW<6RqY4 z)Xyg*&Pc%3d}zRrlhFzI%<~q z!5Z&{9=087qepgp4a^kV8qAnTGft6A5dt&#ngB)nGp)0c7GSlTJnv4g$H6 zae$IEoZxgSojv^Lga!Z^&8<2+Yr|fr&9Dc*85Ts#@E|Zi%N}&T0zjDdHJU`k$ ze1BxkdP~pREZci}O%S6Kf)dKIQA+q2(s<7(m-i{q!W6MF&7**yY3%zn1qA@kJV7iU zz^S*!>Z!5Jq3IL%G>iKP@2gNn~im} zzJC1v?DYI%|KwtQT^|Xc)&tJBQuG6fCdi7Ds#;pje>z>~Fb5<6;^W*8@~ z*7LfXR;xkIrUQCghVJ#cUiY$M36F<@(T7ZCxH9j;5lzvQ<_JfS^^EgOgyRZkw|Z$N zrtHO6LmV-3xwgS+fe|fv*4G0HMF;V4$k%pC^Y!&_3W&rgPev)0dRxS>{NSl!VPC6^2(wK4f2Sf0r4@X znlR(r8q*tuk~jkv#S@Z|)IjPfNZoEp z+(aSE5FIM9Q<~?d?z_48E^d3fkG_lB-mbyAtFSiQo0I5-m~|5YTY1X&%AN@5JT%3A zM1p~VsHu6jmQYxR?Z;mRDQ+3kWwK3d8rK{rAp;CU#&WU{8?N91mug|Qgc|rBPYY@w z3D5}_LspsX49P=fLeR7bJfW%pdBgQpC zpQb67k6Pcy5sK(2^ueN;By)*)*CFCf&@zRt2v`0F`L05~YptE&kTNiqcb#Kia6lam zXlt2m>?#O7jY?Rd>??W(o;Bub-gQrffHMQ4V}Y>rFUFOIgv0@f{i!f}85*W^f-V)$ z5?^|QFpKdd1jZ%*eOa;Q!g97({e`#d^8@!Qpsj8Xku;@-rECh;aP*RbvEgj|PadB7y_X z3AQ_<0b*h76G`DB%$DmYG>)cdvojj3d1kB~P1q%sVuD#l(jUnbG{xU&7{k9=QMuR@ zJkkZi5l*G3W(3HfH72*H2d7n|E57XRShL>}3^zr+Zjs+{{&j<=!UVHU-KBaiamnY& zNQM~YiWxY6l9VPSjiy37#;AY%_TuRLJxA#`e2vY(JvH#ABPgWy7ts--iHL$gEDJ~q zn;X#)C#T5+`FmMcsZ8_v%8F)vx8L+qm8V@gl2pGwL zKBQ`I8HUcnp;h}_8Gr|NqsujejHb=a&C=QD2qsxWR0IcPfC-73Do|Q$gr>n=dtpj>9QzFRbC7SsG4IAS{#}?^Xc3wY82Rd~bS$ z4D~h<=Zvd6TX3wg&sF3#3x^j9hprK6$FZMsdqVN7B&E00kAr+T6zBa9VgcCI0Co#} zHb6LvxDXjdL`2d8QwV52Fkfi#t*)g|wZez4aTvMHo0_Bn!7YXOv59E}t+%{r)N6pzAO&9HQfGZdKsHY3oBQsS6Aj#_)&; zC660*f~GdTTePal$|e@gcP#6luanR_y-8rLn8W%y-lk>~UE5?9F04c9Gii!jJ-Ssr zVsTR-)zc&&M4_+Z53IiWbhS7a(xI=)6> zJhD3ORCI(}ZqpT34)Q3QZrc^z=JME0V=k%dE)K%7yU)plUK5C+5q3HnMtFoStGt+( z=w=-HW8gX%?1zks9B@d*pvmLuEIDleYZ4qIe1_s?86K(&WGXH<4npA+jz`q z$=`1&RlwS@fZ>DDa6?nU%M;LUq^AHB5nGJBP|livV&{ScJknz#tp^}Osge=%=EbfT zGa{*#CCmWdRKTrMbv)rRgqSnnapn3FIGg!S&Eit{S@;GC-;t&31MB1K;$ubxYnkB5a!vKzB0a~K{yRO`2pmr*t&N+)aUU%0V z#-6;WjLqLL<$K51!(q=_;Pc*FXi-j-&iSJ1HPBC^bOpiML3WB zv5F#s$YFW69T?DC3bZf`0Q75;Wh8ZFnlJ$zGsliHyfhGd8e&gFe2>#B@!%CraH8}# z!0YnUXRGt3>MYjFnQ2BxBbZ%m8w4U;+d$}Q2%8#0ky$JTsiPrjK=XHh$LzlJah%X= zDO@XY5e!g0{zGSJNFg6!gbf8qM+ZRKt%X$6bxU{cI$gP{p&0|PCCB0hr%!7rcZr`x z{%cGAItXK&P8kSf6&PxU?CBvpg{5;=PTZ)NZksc^sa_EsQPZcZ`gGkTcKM!EclA!= zvPRCW*fMWoSw0-1D7+&28YZAV^Y9Jx@C5%sWAJH`E7pd0U|E}U!BHLtq|FlIhr_9Q z6xNc1wo)1qZ=6k{H8YJ)#Wdy<+qNOLt_%SJ7=}g;#l5haKi0Rr!sg?8l!x{~5e+jb zvT>eKG$JucVfew+!GP;NVahU5St?H~1UeN6fd4Qhf`8MYvgKHW+1T)5+tuVcWi<4c z8n|IpeUc$^%UO7s*`5c_{PRo-pjXZ2rSa4%S2uWT%@{BA7@JG%g7&s^5W5P*OPd_k zWrGR^6U*UP>js488r{+{uw5`kUpZF;yV9)#mqAgz$Hu-adZ9d2e8_4(by<-txAtj` zFb;0UVMZd!)Ic05Z&D?&Y?_c)wrl6oAg3AFPA%)h@l-^x(IFznA~7z2!BlCQwN}d| z!mJfCGj6YX+?WPLMaaASR}-Cqp;_8?y)YVEfp@~E!P)ADG$U{jFsFS&19ZIq9&t8e zVXIHSIUYarWtY?TX)-;HkFH5N?TdqZxgpdnmJ7=>15Cu*0t7J&>Ix#{T3Jd|$vbta z$3ZF^SGZy{GMW?gmO4k8n{~`|Y$d{A>w2g8l91alV}jDS1ugCEBqc3T0*_^QBsC;6 z3gCI_XO>tsp**OCUY{TB|9E`z7KuRL{x|FE{}`m-H`dn=Pk%nSIDUVG-XFjH;R3xr zLgz>S`{DTf=n%a*JxBW|=)>9D^Zmo4Z~otj2%6+96PGSyqCs-tDC)g7DS1Azuf+2m|b2-QYBU z=P5V~2N79cH;N670^Mizvg5tjts)brBjTaFa{lKxiFa3CeFB zzB|TDRdDwavx3QnX3VY{vm}UTv9X>~2LOiVFuO~E z=x7kTLOAzHVz1<>R&Ci;n4lXRX00JjTfv|ZN+78Gd8@@p2F>2k^iXmX!91Q@Lv5*{ zy35!+o9d1NVDuD>mrH@@S|CK|M?R7lL|T!A#*74r^t{y6u@Hx|IG=Wj-Jf70(w!n8Pz%Md+v)wyVkLN%vO?N(!uD4?Y(U@2} z$(Qh0I-paU1M!0+T3Cb9BVj>#seo)34GPG;hc3l6DCA_;E^*IKNx&{q9)r6Eu3UvF z1bT#WC20Q^oJ4Q}ukMTJW+e%g4Z?e+I1cPy;m|g00xt8{gm_b~iV{L0GtF0plmotM z+#3RqwGGal5-tnjDnA?Z)hQe+CL**suM%c+KnW8liI5~~8DFSnH2bN%XSN+JSSdV@ z?0V>c#@9qX7*Kw0{?n!>Le`}#%e{z%7CldUG;KY?_LT!#=HbFiYkTA8nN;+wTc+HiIzjdbTNNWLa`<`{3?2I4b!C;qlvIrW$qar5Ypt$~ zLZ;&4dDk(C5;3hq>R*x6j?d@%Qa~p-jH`@kKv6#z=sDa$I_9p(RD@jdSrT!ZTfrW5 z%>OdXu4{36JI1>xA7_EkTq`9)xpyxwiZE^*$&r`q(U2 z61YM+y&31BJcojx*f9Y@RKUFv%`>qq?ut6z01J^FjYv@dNTpIGoX}2s=(b(aO&$(G zWbn8sj59@gwh3jwGq+%x81mi%?ll~v<1=H_0yl4o$Qu#|Ft&|wuLih%y)QJi367!- zG$BElPejBMH&d(bLIALiIky~%9593~bK{1jlQ4#EZ&U1(GbeL$fu$O-Iw-umjB3;I zwk#MX4BR4kMr;miy!x*3U=fsb`m0+m6|$+v*)qhukY5xV7nNc+X&zaucS}i&xJoOr zV-rFl*@DV95S-%|`N)=`_ocMX4!jIg?R0!jOT_0mK4}<5ACH~VAa5xhMFbs0G!NjG z8IK4Ek`L$aVA(~!4;3_G0oCWj(vV0*r0@&|o(KZWLP^hv#_qML?L-BL`cN$6I_X#% z_?C*Vnl7h>b}Yucr6QrGHm!3Bp^lKeEfl$=Gd!}oc2w78OrDOV1NU?!$8?6@tkT-U zY#RHXPg8P6Y19w@AeS~+jhYee@@hYi!FZ6{HFcrNXpuo42NCgx1ZR1wQ$N}RboFBf zSL+tJhGftcV>vO-2kQz_-mNGcY`8j%xYwy&kbl1a7n;zR>j1Xx+>=ol5K8YXCn;Q^ z!N9S`50UgXA5IQE`l5L6SwX;M9ya4h7~!}ng@FkQ*LWTrql|FV z(#i4QlMSuZG3^%!gbrzg-F3sV>!xpfxaxkuQS?h>xG7~v8FG<1{=*2Cj5f*p_rG<7~{#LxwTIQ8q4m5;mnU0i3$CaB@Tw4Ad8|7tC8XfrN0G zC`XcLV+T_$2wg~+Dwy)!m_3KBiaEe7nc8oNUezaQU}@c(Qf5K4tWoj6wIl+sk|`(e z;$sOB`fDr?Fd~F2--f+e0h=pAZc6>4DX=MJl8G*#!6Ky%WXRkGqmP*-)qhrQr7GhJ zlyiBpDQx-Bp3ut*c%Wcp#R{JK3QoL*g3J*&Bqhkl5-!*O>}`Be0UMM?P!ykSZtbGg zg7;Cyd5Kq+YZfpQT)%|#_=UGy!7Huit%D=@>fqaNt+7lHe9tAI;*uEAKvMgm5v&%uis#3opn)l1X=_A=vcSr9gzuyt<_^(e*VeT^jnP;#rlwTZ8{Fsj73za4L6{lxg$_~Ptr?OIl}lFLV2HbN17p_> zbC!}Ik2A}?A-v+NLhP=|TaE~xakNdVk6^)lgmOU|yosWAuPa=m-&PC2XhUIOU~E^w zn7cPS-nN0Tr69a;l`Yp(q^B!h8huD3^>jTD_YwuCkGa+{Bk5rNB_yIqlvR2bVIwyq z^iAdPfmr;i2s&2zK!hW!L$+m*^9%jjSH3K{EYJYl#QHP|;U>!f(vjOz624e$+Fb)d zM{G+mwjcz3{&uBO3_;&ZAhGRrdlrn%LJ0bc8RS~!P!WD|p)I;b>aJ9f0eHs&F5QYI z*rq`L@O?%6DlXZ&g5EU?nWF?G=KbUsx}roRlkt$SuA;X&%QwYVtd2NRc>8 zr{c;HJR!`CrUPSlOM{sQMQLRGifHxl^~VqA@763z)-hpb@1!43zK2my7+-X@I%rkI zY)nOV28atJXb@5VO0i}fMJN+Vhh&C5uDZPFyy!w?B)J{qoMj}ia4-?1FAD2kPHbWY zEJBc>inkxgG!D7_AYTyErAqyvMwHPcFk;W4A>*hmgnWqSq3ROOH!q|O%-sr@!YKz1 zGw0=4b>Rm-#yg6GfsEfauy-`<%@So+WK&VcZdJZ?7S8Q8J3uf{5f3BIucqjF(~P!V zh!b4!99R&xbkyI=!djRWPEyj+{8g^9)U6<)hJIY3`{HyEW+_gm&YKe&>ja?i?2W6z zsYni*(11a3+K{Hc%)SzZ6CLE7%WF8F@3XwJ6gL2>u;Arlh%+1W@}+Ghz3AZ1ZjtI| zOGyJk$8%b8mMbs&2_&1@^g2o$nm#5Tvs+{uOs;uLhOR)G6FEHyF_QK`i;+w%i&kf~ zBlB{A{VNg&m-1w)cpLq^ngp&RS~gfSICd&EV6QWsKKM>|#M zu1c-v!Yw97g+;bXt4^dyq+0 zXiOFsMQz(DO3LR!muhRm3T8H#C)QcAN$Mz&%{dzFJ6Ng6(Xy?>xiOQnu;R(Law zRxc+aZtp4o`(u32ypNPs@1&fX(NdO)<6>=t z8}>Pu_?w;1R&6KFQDx3g48wRd9kr!MWbFp;cyV<8zK`}#4$;Bs$>H(E@##q)ULSqv zA8nxXqqFnV!w(1i>kVjic-+4@KYsmze**xz9y%moT<|mMH6%7oIin_GW3CcUAX5@V zJEs#NPjv=GeG$CDWr9vqu%U{S#{n0e#;Sx=Ji{;+4@>(h;dPfQ+%zAJ(M$1kD`eVS zF5*Sg5@J40rfE1DXNca!Bt^nm9cEL=azWGZ4;W9CHLvI)GBz+YN^zX2Xa~6t76N31 zBXk6yOGxCgwBSVWBS2ADh;%O!49&(wA{cVfJC-@SQW|ZDhjuc93?RM1X9EwjAU~iF zl{q9N*-%9j;Y<$bp*J!JGs)A0GQ!NN>J3+W)Ra(~FcpSY!!^;B-jH-dI_fwQVJ!Z= z0R{n*m8V&N5_JYyM-LFZ*-oD!xWhHGd*VloW<5JxU_ z3s1Ae8?2}&4+Y5H`MgrLid^z&kxCXB|Ju+6=Ec!$AMfg4#74K#tLnfj@nIR6%3+Th%j6QHji>SN6p6nBeh z7Wzc9H(9wp5Q$h2&N2)sLS(EM$5w(^H7|mkmow71+D{S^2jMLmkci%_nN>I>X?QKF z9PtHV%_0TxF{;-<&R#+iYoHJxfPzV5IEn!ugHwM>CxTb;p^)-MiHFmM8IS;CB5{OL zavj1}ZrEn{1|kt2&{X|JQ?jKl5kd#DI6ov5>EZiWBflj!gxTZE8 z^0*AK4?<$Yl975*OGxq6A#`YV{eZJ_DdQ`5ym$umk+sIt3#fE`DN8jT9GJ5wK*KV2 zT`eih3TL7hO>2?guntAWxjv0?6e+gN^1&p`B=b;u2T&JaF5VZ%2EDyQdQMFVOUQf8mgx|I+c~9i=x^{{7~lx#=qBa; zVo*NvSfvc(r@&rxVit<8Q^w3;f%Rt_Gewc+UG^9>ws1ld8TS%}EMptC$kM8i2%=^- z3l~=-T-5*>DO-r`=aNroD_YmG7k$HGBMucSrYm=%~>=>6P#WNAC%UPl*&a|IEtks74`@gwvrM#vud8u3}IxSRj*k- z!Ug?WPg|Y9xhjvnfSf;03WJ(gSSj%daPq;_8OIz#Mt;vpoJCWSzCEErTyurjI(~u? zZF=Y}SF8B22YUKSvqJq`2-l3(8#C51v$-6s9S;ranaL6{WelADqh6UJ~F!s#5QVLVb64GER(vk(3%TSGX4^eoZrKf*S$7kUF#j2toHX25jlj~nbxIj)iRAWh zHJo$(NhZ4&g}iTA9%g*15gF-pkP3OD6BM}OECvTMK_Jegscqo+W^<-$T53Ngps8kX zyBSXll&DlDWsJ&`q6`gl#-zwoT9uFvDy&M;3T8@SgX>R8e0p_d;ln_%f-Mi76WcT7 z!O#;tHJq);g&<~xxrY8cEf2PYtBvq>bVF6=f&Wu2kzKPH$=V8)oNU9GLa-o)v?hdP zg={f~ckMN_U9~1=nzIazIKCV`VQ-|w50j8^re&+X+B)Q)(nPV2)wXx+I}oF4%z-tg zaNHPGn%hz84TFzUPC_Z2gfXWRVLdWycqhXthbhz9m@H84$i6jlN-`YA8%l4sOn9&k z;%RAe*1&o|Ll7HqVXvj*hNSKd&K3j0^`;F=nE(>a%yE-*6E27fe2Og9)!YR4R4@QJ znQzdAz=AI&OoJAmT-n^ISCtL z^;sA=qyzR8jv>K!9OM(7&BLY`#aM*>r?#`m(_n$E2l$nT3A|MzsR;yD7wJzdOx?Xj z9v|BB<{1P^w^fc5)>^kuCqk9xbmX{Yw53w81e^`o24hFPg$7&IXo1W_ zA4K9LzG*7CX*3lOtqT(E-K$-l<{Lb0`rcG5kQUQ2}v0Vh`0#i$H3YWIgrpUgo89A z#v~f0L=gT|o)ECe$Sv_L77vV9FNi7qSF%0iUBHfqE|dboWJ*G%N9!z6pmN)9;$>hd zAPpq}B+J4R!Yqx3ZRjM%@=uc^G#tpS&_+i%3d{akb(++^Noi0a0>nz~dgw4@U^)0*&fmDhyb# zyt#>G*Z}Mz7%#>PwqZ6*o_%IeUFEnE?2n5ks@*!wn7g@a2y(EX=6)X?_nYYTe*d_y z7We1liyuxuT%e!#&(HTyE{>1-==9vamOp)i_D_C6KOUbPZXgnh8{peSR76%YfdpA3 zu-v5P1c9FvD?T+vH)5&4AWF+DmJZRy@x{BN4RmsP(mFnQbAEjC_UQf5$;AeGe{_EE z!~V&|{_Ep+#}~f<3B5VKI63Nz@PT~^<81%@;`rdhyZv)?_Tl{Ow0|U|t+*|WNW^V5 zme80%k}U``CBiCn$pt4#N|Q9?>N!kU)qMc^GaT3QmkMtqWBCMZ6~(SY2ArKyKh$Qj zVCwRo6}++bMQhoZ6}0!lL+|vG@=otUJP0GWJU`}=7m;fci>J~8Moduz&dzL1XgalA zE$SvKgTPheGKk423P&XN$=Zg#?cQ))x!UtHm)=)}qQFo}L#a$E(kW;GT~7peY)tEsI3nWa$wQ5yTTba((!`w+aa`!2yu$&p6q_*bgE5iMUGO z3XJgSh7e{7Koy796{iqR#hp2q;#yX-Jj#lOF05v*c}y<831hjL7GJeJ2CFmg#1&S2 z+7T55JEAnW2_xHgc!gL-lLU{*2IvHNCZFc!sgOoE8s@Q4Za@fDM1nwpkkoh9LkvvV z+6K@eSI~=&I0-{L({XSe!X>FpeM}h(mK5vALtFYgoG)n7Yx?Z0&M07 z5iN0K-G*qLTV9KR6IXuC8L45TfG=n|<`%_pbmJ+q$Uyppxy=*~1%KuTUYvJWo1tEt zfDB0-h#q4a1r@GyoKAofDdk$PqB+ianwr}(={d%X5hxKRov0gSzwuxyl?^kYDPIAz zrdpZ5v8d5f8#OM1fR9cNxm>LZgM;7q&(4lc4v+t}$F~r?1xXT3W%z;}y2pP5RBrTL z5<=)=!44ZTjKcLMD7Bh~5lKZh6k*M6*cCNM6fi_$KccdT;~>TU70DQCe)`-rMoNTz zCGDn)n1HKFtIx8eJ+vyacuJ>@bw(BNZ`Kf4>tLpuimnDI!Dtu!?*e( z6pVU-fQNo22uF;X!bkGLKpAb21r6wiF;OWB%q}9z;7Vbvu2u)cgsi{~slo(mm^PC% z1jjY!!A&kJ+?!7s`~q*+F$?v5yj(eT@2cH1#>s(Ge;i&bPH8R^KTW68>1Xsw)pRS| zvVMlWWC*m2n@LdKaQ_jw_wGS;~T5$6akq@ma89x~>vVS6c^^-}1C%xO@kf!|a8R*E+) zTb~dI1x4gChq14d8le%rCTU!Z?33OSqp!2_yu2?Tz5evM?`MJde_h7%u4BxM|KHr+ z+1}nN#{X~a?mor;KgQ=7`sbUJx*6D@-ot?|cYT%;;D0R42t$V?!(qf4jdk>+NiyB_ zx|`oN)*UcsDMcAXBq~?buOkBY6T)lERc2G0fpcW>q{^oghyI2sAuRyZ7H`l1HH`?k zo@C{WFp5w>T^(hw0r^UcDLGnaDQ(+-9|a=<@q?%Re*55v>zOL61myn|wa?cKFl;|E z(@zOaWsy>835n&Zk7Mw1i%Z2dw7!0FdU3S3z78R7RvAQ7Ttp`TUbf((XW^@Aq2b6$ z$gL|afHRfcf=*IOUZPTu|Em7s+~t^kG?~Y}kU|}?wohX&&RJVJ^;k=0APnPCTR!-c zTYD_#s+Ld_;WLr@jsJN78F~bfntb4m#%u8$J2VgkWt&1EYy(t|SPE+_)4u&`gB`nI z&Ab4D4~@K#u4(01fR92FXN|_?<>dggal?H+=u6NN693+F!C4(-z2D2rOEGV`B62A% zsG6YA0wvk&G^>!pRVbWxR*cI%7d2J4rqxo=>@?Y}7Wh~b?7Qi+1-flGrS=Im$o55Y zS2qu-O-eZvB*bpw;#^;xxV+kS$1*2D-&tf6Hm_1c#RkFRyX*6n}N+Xy_ss*vfvuTea6by%W#Sp{$2%Z>!^^Sos=FO2 zcg>kB3g<8+gqk($WU{B$(Uv7hP=RvXnlmKyicCq9BqDb3ghmCV3glWS$oFUHy+&8( z2XNQDfef5IPyyt;WEQ_Y)Z6KFjM%rgazZ9lCRjN*`(ScjG%gB^)h^~oCn}?QIS*8x zLd^^L`h@Q?WL<{3BqBqLn=5TY+7!HjWqu%6(I6u87gU&#uYkeXN&+q^_>PN$hU0KF zj;8DDMMH-PzQv(X!}EtZ2o&))MuqD|kZ;PGgpIuC2-n~6HC8LAb1^|clDI|}Bd^S*v@ zYQ|Naw>x#6@1T2eB?tI-AY4UU(kSLuG?wIT(A`bUHLuawkGMKF8cQdQExGvI4R4SK zRfH4C0}NK!4W4e)yLhBx(;DPqlsOfo8jDttQa8{tz5N8L#EVcb<G|LUMwFNWgEhp}rD}Zi>svuf-;a99AXWN9F0ZN`ZsErW1Kb zD$2p>rIM;)bQ5w#7S05hu`$F^N@=*nwwzzQX&)H& z^ldgK-)eYk4MFhAQzL9zsSfF~@CtSQ+YMIn9*&k_)e?Y$^s;UdW=xt>@}|?(o0Xp6 zfj+6#WI0@DW5#(GhjhsgNlUo3E_E_sFvrEiJ^6?V3uY&NmY!Ki1`xo_G#D)>Z~Bc3 z?dCpt)0eJm&XwQ{`BBa?sA4N|a$LQQ7V67FoK|OH1@ohLe8vG?p1kRQJU+W@w9tXb zDvi-4M^Nf&oF4Mz(y16PuIm9Px#i@nJL3zJtXpTsJBM*jxr%Gh{@K8S;*s|SIf zR(f!)U=O|LcGU_XP)@*%D$7fWIe1N^1f{x$Ha>eLJM%5w#ptVw|nxWNs0G?jPddhQ`Z*w1qD zjHGJ$#G!&<4-xyVUa?v^Ffn3Kok*UzfIxJ#4wv-D1Scp6*%e#UhXRVDsve9+B6hyu z+Vh0tL1ak~Z#75?ulj`zCacVdGL=dQRZODo;K!LIxD~ktyV1ZhK;}80(^RZFSlGa% zFoL3NVh}+)vN5o}KqLSao&r8av^vBr6SGB8ctudZf5`POXGzhc3hCbSs zD6jDwWF*eOTh_M-P*kXqwV{>D1o*gnQ|kwKb~kVcIkj`tB|!@=d-l*|+JZ%F@xCo3 z5ry)si7^wMp;XA8Rj?kD37%kQOE7mcbmBtnvb2 z4`pdi8p?I4kS$%X%)oT1%exs~%W4ymxMtNV6(x6Fkyff2)jb#=QdzF7=_-5!0I7Ul#IwW z;GzN)Z~)0W(bY&D@|-lPwEB6`HQe6*;_J4(U9wme>vvhC56I7mzm5TjHVpXAA}bh2 zcJ9KXSE9Y`>Ez(MD<2y_w>$0aPV;#G^yJ|9Z2r>47GgFCc%`6Q{lgY+CQpZ+v;TLASN2G1P`dKTVY74GIBMD( zYWnaF33Y_jncCZ=s~K0b6}jl*xSsMoMV$x%e13F5Fe-I?YNe{+eZr|E1If)so zV-keAa<9~N*HrKs-k?P=3PKutmCR}J&N(pfTFUIq9I&L6HC+B=WWIXkSQqv89u8h0 zh-M`9p@(c2bV@Ge6!#fmiADph;JEW-ZL!nKdKJ8nqpNng;P(3NF5Ba~Z4dVmYm01e zcV4{Rd(%8K`{ZH`-NQllZkeMDRN;)!?|h{Fy~S>U#(EC}I{He@{5&CzKjmrnBILd7bu$0Ud@Zz~&KEyNBny%Q#lRjiTc)b! z8UD<7ODZYWdXnPYxuUz`(LUh3>FM%+-nN=@MV!1nUU-#e+j_&Mxu(?WTC^owv4eJ& z(CbViCMTrRxxJI)v&O-3vz1fUD(l49J5uwRw$>pI9u=v*izIx25%PF#%MJL372+9A z)Atq&n5ke!%$gEpb!7C&t}&FUl37Dm7Y{als)4Op=VM!2VsbgzhIdy!f{XIrVdLOv z{%9B;ck6td)X|_OWjC*4wln$q?!L2!VH-VIjJR=JkHX4(<02YasostCK}UOh$ke;H z7d-FBUi`dr25(zY?m4k3du^TOMip2y$!mxga7REF0Z#tJXi($_&jpV>heSldc+3(~t3B7HRBCkPQ@dNe+^Rme+%$gd4*{-BX|cOi z>#d|(H?7pMndfK_tvvShTbqga{m=#n&BY>0oL9;^x^~vr(kIOzHL7R!Sml3gqz7?M zfG~>>iYSY=N-h^j4G_Pp+4BQO;3A0p9aXkM$ANO4+##1+l@Uv*PZKJ~01e*xW-5eW zvRND`Iv(%Xivdm3QUi9s7Kxl?`>OHGwA~>$wZC+LGn$imchUL!j6*{ZvWj*mM%UL` zl(kTM^%CJ%c9Zp955UaUQ3!{Ajfx0ePJS9UKW7-Sj&SaOS3Bc6Ke~N?-*!p^9eI4$w z(3Vh8J|k}8@KaY$ZK9qipa5$3-pU;O)%tn`&J|Tndzq(W0`AW4ZiJ9s>atH0Eyuc^ zn@KQYUeU_AVABeE8IYq!`>ffLs?_evDj%~*h>*mRP;JPr$@b&53IJ+AmA~r`Ia&Fb zmi%Pa3d{(6Te2mVa9BEvhr1L`nO%qGEu$tHAw&Qr!6gf)Y5Yb%vx!(q9W$dpqLF%W z{~HNEy9Z|2hXrwlf4KP_5n8r~k$t|E2GVStN;0ZA%)_8hM$?)O&Zx-^w-yEoi)px< zwy-;Yil`>;XL{hy2x_>^-7O}G70DE7xPv|wY=fkVu}=AIlwNC!aLk2!K1pQBJ`Kag z?qXjN<$8D?!~iucNhYZi1r4w0R2X;b?!s%O>*)nM5i+d0t3~I-lOKDeYr+>>gAT*-omMeDU)fG>iK`Qhqu) zI9}vH(dCLaYAxftZPiM`yB4)CdWxG~e9klcRsz4T^IP`tE~mGyzdLV2+{ekSro&%+ zZktJQ`&0XDnZvYT5!~^3o*~COAI@m;3jUO}O%h`rN?Xz1>kfK>dZm*4ezpQxRl9Jx z(P?eN4!8{x1fn)3Og;Ov!QNpIvHL)xSR?{>>v3oJ%l4B$u2}p(kLPSuT0(e11%OqU zmX=LcuV*qPXID9%eSex zU0iViSwchU)2<3_W#Lq}0Vb6!u8$pYyuN;Lbb8V{YaE~LIM2ioE@`&{-u`GqS3wm} zE`-B6M7W2qP*4`Okha0Oe#<5!@dM?Zt`KmXwEt#c6$(Z6)!blY%h~(EqABidgY+ue zo=C0S3dTP|Q`Sl6f(TYoZ&E@B(l;$-TnyD@jJ-TZUHA7MaAWGl6$z~>#nDjIzN&j z_c3H8WS2Bb6zF__P`@dtguG0AMF5;4<2#6jn6F}ZQVsQjv9Z0W2b9;sWEv0y2#ix>KvVaYHLqeYHSEUI0C))4zYM6;iMI!Y$E4M4pOMDtfmg|R zC_+CV;h+JxFIaRIQWo6IL9!NBhcX2A`FMH~H7{8_Z7YZXow8L70U|WAoTu^105)Z{ zGgvD`&FD-j6NSA5s1KElD|FGrisBz__39sQ*wi+-D;PRQ2Q@+blW2V@vC*^s-9*4e?!#@^XU z>wV|-$x*Y;lD=JUGUm3qOTlz_*=Q~!Nqj!br_MGGV@pw&_j54z8@gv#T#HhqDci2p z$nU@ls%#n_UCeVBCS=gh4cSMA9vjljfKTELWIywkmgx@6Mi6D%pCTD;RM3KB#a3wu z7lgjOV4#yDXo{8y(r&AVq;3&y?La?9Kv!Zr$ftKG90)}a6cH?+lW7r3*`i@m`14NL zUYVcAJ1Y1GL!)bJO{GBmsI+!Swh*XcAO>@7>VJ?4;pQ+SmMytZ?{4LQL%nUT2ZpWl_OZvk@%f+VD%?3&8 zMfvd){GoVqzBNquc@)W!zm!uY%O`>`IbeRu^Bps?kR+z(fVa*l1YNu3>~88`mhYp5 zWLeM~$+E6cD{8p3@j@ZWg`NfI`041E3?}UQx`U|!ilmj^fzTeG;PVjT5&Pum1!z&= zJy#=3x#U@_Jo@SAmq*xCrJ}-_C3iuT1%+H{cSO9R8AwjQkFE_OXcAADsd0tl-YZ@nH_501O%{5Pt1L_(>X8A>0PBl=YXTZWpw_A)`COaw1 zcDr5Ui`5_U0MpvYUn)*4r&>A15uB29=)&)P9zp&XjS;J2J4nKLxMqQAYFI>_rO3v> zw6qtIurY#QTI27a8$l*Mgwjie;6TTy_FoM1@MO0?~fLpq827UxEZ(`-=RH|L{VQt3=Hb;_yi{P_Fmx+bex z=+Q6qrE8qU;iCR1i1P19=9Z@7n`No4yi>>N6Oyx_G`Lz?F;B$`U|Jf``>kNHctj)r z(W{tG#^M2dK_egkS!*#+LNJJ9AE$9cQkCUm{E@AZ!6fjR2L=Rnfx*7jByXZ-DRl}o zNx6>WeJJQhH|sI(V`M;~i4{@!+)6Y8=06KCco30J%e| z>(x|mQ`S}6X#8{6I2`R$8c;I{oU)7v0CPRjloq}tNa^2Q9 zr@w%2O*_N6y{HY->K3o&H%72p2ax(T7|9J2?11Q`g#?`M^+@+v$giwb?#2ROoWP#8 zOccZhjHWfcVQ0Cl=#n#8G|2;$iADPnJg<-<&dZBu!ZVCHMNa1Qr7_(PG9LWrq)^KG zm`goXOuPDpaH$RE^Sl&pW! zeYIGAd=vo?f?4gm8Gh~}Upv>2_V-yTPGjNxK{~EqBs2;7Mu}KoSFv_!Nh`7qo`e+2 zqXFO1&usH)rD^t!YZ55m%o}*5JDS$)W$pL68))@1fRC_5^c=LB*OnR{k+-cw4MSPb zpuWB61c(}`QYF{Gj8mAz2_6~?Y~<++XhC#kX_^on32BJIMb5GblXT03)J?B{8ZOcxMH&=GLw~(%4TT5s`+Sm+0MY1k zFUw!4X?+6jU;8f*xN@19T{L^8+7NMN&(irv*VogjxxVgI+C|v1He9tm3-1_|s`rew z%5%8dr?@88RGR={k zUqHe~eVWw6pm*za_`m|-$vL;#od&0L+1$~zpsVPzwalt^0tjOU4?uh9Be+`~UHCyv zYGVSy&AI)*eo5nc`aEj?l8WR9()aIDpM3KTxf-y9)K2cwOno#Jf4~!21cv0=@AQ(^ zo_br}lP&Lenr1@#T_r&41yK^yDa>G~Ti8M!TbS2+wPY8CYNZ=!pN~8!;mPfB<_3z} zUF)!5xBI_uJ5)YYC8+tBVoaapCo%1Z=^ka!q_Pz_l=FLP=_|l#P*b8r<sOVnHpX7YoQQfQ%wO{BjaDt(%aGF&JnZ)4^`4Q)pysF8Gq`qi3 zTk@OKeDk9--Ixel$=o%ZWn-#^>jtS?RTn{UV@l7G~GkCx}y>MhRO ztpnDekcqCq4@NbA^CeO8O# zd_#yoz8KWxKWf)Ase7_?e=N(?ufKcNdG-W5RU1T;`a1EdgveQboy4@6Mo7I=YY3hJ z_0wc#v4KSametN(Ce42VWNuAOMPu5qVq4A$ruZn!vIU4R=tS7ftlF+hrtOCBnG{pm z(hflTIA%5D1)uYx*FKMkMPQurL9MYY@H$4WxT!9-)!oSXHb5Z6Wk9VH2Q4w83#*7x zU*4y>&Vi|-b#iBdJ;XCVmmJ}@y51?_fEc{Ujjftp_<~J=(eh%N z&xPAH6=d7yA*Y;;I9#0NI7E))FoV`p91(M7;zlx0b>4qlu*~a*1~PL(we&qBW`jT^ zD&-AkgMsUoUZ*-&@pux3_`7>6!^a;oj)O}%#dULTqGKIVQn4dkvJ5N`@sdz+k%qgl z+L-$_1FTh-EY^UnnqsG>8_y&1IF?>(br*95VSdaf4`VjKZyuH`ZXfC!!o*Y{wVL`3 zU#fS1l+rW>)wj>nV)_wH6@*u$^jEV9;ICu(xAij{(I8a6!QW_42e*24Lg5fuB7xws z?()V)5c%mORG2ej*Y5Lejf{tUFkmqefzSFhc9N{CS5J}g7lFe}6$h=H1|ewNd?HB5 z2Wqa`YZ=h|z|UUik=4ifY``l>?4_OP%mg$cdSmYAjKc%imVE(9N{<^y&Gu+~q(I%p>_J^#0 z0S+>J#L%(OIJKvlUgQ;%sSrC;u7|1D#W=vk(37!(V+o>^S>@Q63y1BFu|4Nf0$ zrd-w@JjjiuS}h9GLo&Z_vvRM*#z0 zWJC%?r3a;rKNXHkJ6CPNp;0la*;Cj-u~M$>pefrEhsSw#v++TJP&?-$qu{f1RCFD} z;tPphi=xC8KPxkpRJL@^;~A9|tUNr@Nrs2lmlv#J?(+%OnbL|_P4{=qVjc8g<~Ei| zy>lG^K^5YxJ#jDCH1iW)OZD&IK0s_lKdm#-gsK$OnJJD1Hq0=Az;a8VJmv8+6KPiG zbjog*@#BK>Za0u*0sl_cB`X|s{)8*-Y}sz)bWS!`>(e+@n^m7K?XZ)DhT9G}0XWq1 zkr$I57MxKgX4F54!l_DED*yaik8CT49C;1VeRnWoY9eK$;0 z_Tn_041!2wBH2&qMSItWlKO>!_Bpj1?i#f*)DUa4wzRAj1k7OfNnDPZodZo_XQnr` zwnbP3(I8~X@e>*_>TW59Kz|rqvKkM4^R_G;-wajaB=mK!gg1yezjW^8yN-|YJg)Hj zg7C6A++MNXkn;AKMjVQ$Sf(jynWP)=h(7B+}+=7_=gXbWvpr(~-A3~-u1%yf(s_)YZR45Qc^jReD z%Nsf06Wu6gI}E49pGI_~5?^YJG9L`DM!!9uM4;)24I;P+&)1GTP!qwZOykkRG!tja zm4-Le&x!`6k4cRPWAG7(7-RhveSzFaHL9D8!*046$#M0>P=TmGUXM-^j75h=ekX~8 z{)MPN06+U$GGw)69M*JS)=aOY+7yh&Hj;WwuM{I$+P1sA8Aj$sbPFt>NBdnd>3lf!0} z^g}AdZnZ!3{@}vXH2OSd-X2DdG*nHeJ!q3feJ-1v(S|DG9nvYEBtI*U>?VGjYY|!v zp{Q<@#{OZoJ>f zud83z9&h$PZhzYO`ta8^^7V)bK?m&X=*POQRK#r^8Oh0}u6phaLS2u-^NRg-h;~&R z8T%;8iyXMcooKguaQyNl1zFDxbuDJ+a?z%vU3a-by3b2lk+Ns~Fc=Hw{mznP9zQ=f zTF3Xt&yOyKmJ*rV#PGs0=8zed#z_qnEHO-%1>iJRbr!~vK~<1-5a5EyI@QWTA^x^v zoG$Q^82^zjQybB-Y+urJy)SMQcK?X`zX&F0-B9QkOGta~p8UoW#*iWj)o-GM?tzxQ%!$DIy{S>)7>X z!dN)Xfj-eKo<`luI)Q12Sx3{_Jd&z@enh$^`FA%zb!BU9mH*#4^sba)gZUbKshgdc zvhE%qtB5ZL6hxn~K?0}(V-}l4F$QgDWe#eOI`x~7qAd{cMsRl6hDX2#YEpeBMFc7T zMdctOug}g-+e**mqtPS^6wPtW6W-^cf^&$cW7#p3%UMh#0ny2abjsp1?r8PwuYQ2gt&=8>(Idf+`L(huiQE*C9l?0zu=f*tWl4L$P326Lej{Tg3)CP9~v%aC8Wq)_yh6q3-N=#=MmmJ^hRt2aP~P7W{=y zlDN-mQECM}359K0J43UPI;tes_QcpoHy-&@HerfY6n8JLQWgxO@qa@>eoR84EPv)P zTeh^@r(Qo!NDTmm`_xm9_ud6ld#W7dm}yI%iaK>BvgHUQB@TsgmFzX%uxU>Ists+6 zpE(NXIly9=*i^Z2sMEx&tOE``*+IlQ=cJMAnMZ767EkDwbIxNTCOyIan8?Ma8W3bP z;e=lDz@O87gQsQFU%TTx(b|eV*V~reJ2##cLUNt7=Uf()Lr$F@qe=G8rJe|_H~XAZ zi){{7F_D-_a|8xaIHO}4W?meL;Nb-R0INy!@XcZuEzPL9X3YVo%H6hfb;oB{iCFeA zpFb6Sp$Jp@jK!lMl2fqVK9pM&{?tYo zhE*F}W6hHrdN2cpOYL8Be#+MP`FY5x!9{R@IzrH7__+#}l$&q!dPg~THhylC#@>;; z{Un_Dyr^CIch70p&7}{he>B<9rZgRm<5;+;tIY}#mY@QtcN>UuRGXU!6-Q<|5#`OT zFK@07J?@AgU|qsWMryzRA69PQ96u|xZ#o$Kq` z_4W1j&b9jNSTe0&+n?&~=t`BEMSe{yusftG`+m#TWG}$(s+tki&%4-WjQO3GUJCAY zcG#B7X223Olv`Hx$e@5Bl$Z_-)#x%Cda4SB5%&PGjt?d_BmrC@qinOIX{k7B6OjV7$0 z0HTtW2}MdGeLB*H1Q>>$MYMZ+SmnQ!Za=2Uu%7UG5(-a#p|pJaYoq2LSOK2O$rce6 zHwX=RG)R>#p9zTA(#uh7Xr}EWRj+l`H4TkuXV)xxFezJ_a`!lgb-7VUMn|rxXG&G4 zU{&kZiW)IJ(uIyx-WG$e7@V8Jsb#<>He0?8Dy&|LOa_{Co~!rV?0mC3lY~}RY_FTld^2a7)BBkcC^!?0IFudF0A?%4T3{PR zE*v2woLuqv0^jbG3wcYsfTw`nEjH#NK*%7P3>9{_PAYD-M@6=kCF8AM;cf8|*xZ=^ zNG_d6HVh#ZkLV+$@krBHE7+-waU~0k7|820;9;8uV=b5LIi{=_FHj}fDLQqWv8$2M zRQ}UbL!i&N?2J_;Guq2JkNXU?hM1vE(3!!-mBul@p4NKYpVmb1r=0Vf^NYuf`n4n& zF+Pzro^38rM_!SN>bPZf3-C6zV;$Cr?NLm?S%5W_VmE!Nh}l&fB#iv0zIyq1t)B1; z7CHFWbvh2}7(!5wCSh2=e2k@jC~jf(!+(CQ|F*tXU-j14N?TfaTwmF$uWbJ?m;aJ6 zFuOo4ySr8M)1+!^1P@~knU`5!?e>Y@Q)6}N!|`$*)9IQ86ri1~3_xXiH?bz;1}08H zuto=e4>z3W7Roe!lipZ7Z?Vm|bVA%|N)Q4v?~JJsogt%A90V?zEdC)=MzAC;LVl@% z(YJP@k~-C1P{C?%i^Zwhjg_M5OJxEzCe`z(|ciPR?yJidibFkO!*pxH1?0FGWQW$?r z#zga6a=e{;%Y+p>6W6hL zE!uIQK3t=GvoWc=|2aHAj6?Y=k9B93-KA7xYMW~1+PlRrl`>T~o0Su)`Wg1DG9RLp zmoh_!bD7d`gL3U39KUKc+ihpEXVmx-b&!i64OYWv$z9pJQ()&gY_I^Nul6&Q>X#iOV4_-Q6}?tbFbArQ^s=VDDJUg z5cz~g2%iMDTx|i=&one<#vPuzMK;i|5eVbms13sE`5Er%=P{2GV_-J4_jr`VJPc(s zJl2_&B{lu@wZ8sK?In+|XzVk;w!XejP#aOePNQHjOw22idXQaTe>f4Wc5bSvDga~s zaD83B_aNZbRUjA+tGUjf2VsaSjtiy9OGP(f`r7Z&w@)GAB`~b3Z%x7m}fs8 zYg3z>#c|%whp2vfo3YJj?l16e&+6IYf+aP}YZXU8zqFT&4kizeGdWI+dA%o+g+0)G z^xf1ksgJ-yPjo38sXwIgc+In8Zj%^|&mvMh7j|vC--u4mI{yNqp9&S0AYz$}aK?JKI3`8PaFeLf4 zmD#PpeHov;C_V-UvGJZzf~Zt(%+7dfa>eS;jis{eGjwK>y|6zwr0k<$y-R;5HubycsqcWO}U7;rLkxp zigG(p#eh}Z5bt)e<+w-tmLzTd@-l6`XzZol1O*Z$%gGdo$2?>n+`zjQ@s_@l7l_XE z;lpop>68;k|6LDev=q{VR5ZkU6EW@a>!mr!6Hn;CT1N>Tlu=EI zZ+Y9Bx9K|&ckW(h9_OYJ%)@*OPW`2L$Prg6|DK$sU6+Wu-VmI@*~H0djvFb9g_y_@ zN7>6=>QrUFGQ>^nD{f+#<|!+MgY#paoW@MB4D*W71D480Zkg>;5@!ZhK&8Pa zK}6aKP1yM)Y_o*i%x8K5j(ch7oU*>DRUw>nC)>GKNA0l}ZtksTjW3uC3tRl~Ke3XVQrx zs9+vyx)}MdouNSKRqmH=9w?ZCnOsjEQ4cDTuO3f^7g`r;wQ4?MNV;Fd3!HVpQ@rsc2yybWxQCdVPKWgdCrot*^r#17C*x3U*Z*k*&?gPu4yMrxu4r zOy8Z`#q64MxYYx;Ah$*1doO&1!6l2B5T`NkF^wsoy^!j3*19km%hJUJX1p`ZAwH(b zu*7^r4qeKx&(2QCE0&;h%#7|5(yik(1-I49tvZ4Y*N2RTlH44g)Wvk4g>>3xeIEI! zn8OzuoH!$vK;LKK<>iKKeYbhL(HOHh;C@P0_vtmiBK$mI;FP4}mjRwSJ1jS3tBm$M z;>wLVL;Z#TdO=D|788U|3hfBDCN3rrX?!+}nHciW*Y=j9APPnk09+ERKS_d1MpRj) zwOX91Tt1P!G{(%=1a%_@q9H-tA%9K7 zo~>>_CPQ`&ukf^=uvn~lWDh;pQj|FKap7YY2@%RO*e5kvYx{B6Bapp>fS-b-83?N) zoXkAxqrTXO6BKmhv9EsbJI})f>(ar!Q-k5~qzSQK>7rP~RGS|G%!&fd-Q&AEVER544#PQ5Z zuk%RSBW(@jX~ARS7L|;{?%eBfk+NKzDXeQV*Mvj{EG=fT^1%*@Xr7s!wEee$9940G zPK@4?VSx&HB8UbU5r|%257MvYxA1>vm`A+uqHsf6y42^tBxD#Wyd`8V32}xy=aw+*k}zK!Mc0JSc1y?*FT5sv zwp&7mc;PkSuec>-_$s_6{3W*p%pJD>;uPTal7NYmNTD`%%}AlC+s%tsfWlYzd*0Zz zgD%ghs^F1*fVe}uyLLv7*@&w+8rloOAeowux~*Y{wZ4y_9MP2Qzo^A5gzt(sb`_b4 zah@vG_y)mjr)!ouA}<-8NNz;0PsS|TGa1|+f5#(w4P!>ph|SN5)UvI7@A>3Y+7iD1 z0_`E+Z5EKvqiEVx4^;*#M397w!FXyvWC2ZlH72Ww93BWldw_$*)-X#}JYb3SD+n^c z?AY1y#ceQusWOQni_HN!eaTcXf;+>C1l1^6`G$12pQX-HGl=F-nKEknNa3+TTFe`x z@=A|>!0R*5Ag~s`yjvyR3?KH{aznaRNIzPbn6$bO8`&<;WuxdYUC7mUHXF**D}BGlUS?S~@E!Gq!%RDU<5R#gMF4>(w<9Kxm_-Zt0khDfweU zLu^I|;<}`fKP$>`Bj1{R^2*xlQt{ZQ3EdCkb&wx)U}?$06K$q^7JE<+BRqAMP7@5| zQtNbSK4RuiBA-T%vwjI5Y1v{vwr5Z4nS4a&B5O3fA;&M<1XHk*gVS;WEb^I4d`RV} z9_hFVBo1aH17Ka;>$)s-$DR-A3);V!j1_q#-h;1Zke9@<&@A$EiTgO4t?OrFe#e1$ zslrrZ49HSO<_&G2Jh#`gDc7_><`VDIG3^J*)F_Qo=HT|F5B`#FKi-_H4a_7imunkV zEAF2Kilch8wbvo;+~5LX#kN@|w5`kN9b>WhirMPqC5w^?4ZUbG>aqCbTwaZ-dP{Ap z9|``5{#fucQSlXvMXi+)A8m7@-Tfyc<|F0~ypRdDc^Uo)Omvpk5F zpd3Kve6>z;l(T`6fj@ssUV?aoWwb$`SiV`Yvw=oC_uLfIF|yl!-j!dJX` zqurD@IngZ}ZMf(OOk)amN}n@9BAysEKlL;8ZZQGrm1u9f6E77;HIQZ@%` z^eP)PG@k)y)t51#3l%URb$)G+_jzB)W<5Hhe{z5vtm9K`Sck`gq&|r2F^zn=;z!{k z{KagL57*1`hlL6SH1o3veIByh6R@Fw&^RKpMA;B6`__~r?`#h_@{OO{oyOi?v)%5z zX}<3q?B9F$ogJc(J|e4FY}_mT)DT)k-@+WSET;ELzxYK((J$PjoPxL9uk_qMkC_K$sKZdK{!Ku4oHbg*OL1ku_A!1{$L?F5~K{TcwUzTZBvd>^98d z*{qCC>T;)~1THP*=I1;CxpAaM=x$~VBBB=~fiR}+ zz-LWN+!gTX4VxbL`MJVO0Z{D^_91m=7*LU$po>y}!=|m0A7C+FuuKcHcI|IL|$ zhcmBd6T!eECF(QxxX*O)tzZV=iB6KCET~e<7;OD7)aMNOr3Z5&*lEn<@fk#e;-0>3 z9THWbi z;=hb}l!2Q_0RGZpRtk1M!@WQAoT<$+!pN#&uK+ zzL0q8V44d49*F1e7=^^MHw`l9PEp_+wjf-`=fLMEAYKf}@i`DU;zc1hJ_p7|j(8cU z#^*rM_?=$TlW`)v>rwXpk%_6Gmz4Z66502ndm^4i!TW;5`#ff+oQLRKpuiZ-0}mC` zs87Z*S5BFLF5IUPxRpa(LQKPug`{Q7$QP5 zOi1ddJWjMUGxWdTT;RQIG4ew$iplF-Mr3tNV}Sq!6my7apP97`TMOWntpHBhY?g$` zy4#phX}1qEG}TbdZqd^3^S%_;fS29_7N-PeLV2^u(UFV8b}s>fXjME9LbicVwgqgY ziK3kL=1eOU^s_K4CQ9g@nSn63tkJ-UzA=Vx*sBoHdl3YZw88wjpyBMxpUjJK{K;y} zLUu_N?qxGdSUipc!5)FJcTKfnc7QyFfEX5TErn0@?e=Ru1#as}De1ZK`=yeW)ZB>p z8`9m{-u`~Ut)#fG*9+6m#kVg`J4ZTE=~V+By^3j{oo3@BZcGMNIco>9jJ^x6s+;hd zy84z`4`-1FkSlThQJwKOfb54QjO`*=Xw7fWaHmt=~ch?x3f=EM%cb3ZH|IBoFdjOgxwN zldQ_^aVF00JmPN7GdqaEtUb&Ei>CjsN?+AAtB?A=!R5D-SOIK=m5VC#@IG_l6)ZNX z;s*U8q^P-ygCt=Q1TO~X&XUxrXO$0C5a}a>KwMWclw1bj1#U806jX=4(eaqkm|U{B zN0VTrt06F*n1m3SJfcx>&P0Oo!rcPSyQWo4UJXEqm_G=zY7F_6+%-dX$B*3zZ44G9n`Q)}I5E38EBK|7olW_@kApY&$h!>`JxMOMuOwDAQ9d&|-LgJb9 z4vVFBSSGW>te$7GYAljb!?3VSUX2X#!rT&i%+s79`Q#F});?|GnLGoU?!6@!D5E$N zr`_h^-d=v@kx!p~3d!H~?Wcr%!Q+oZ{=Qy+W|Oy{e;o4n_5NeX3r{3Ii(^Bs%_3hN z$2$8OmMEhL7t7_zO06!;cM`O{aEJJ;HyLa|KEn+X@dR?bUC}t&AS{k~yg~YLkZced zvN(ZEjcml??3QGhlr@*)aYO^Dn4McIaSzk=Y3jn-xZ?b`UXcUB1sh|hrAbs73RK)Wt8+7^5k)ARG7ugTI}#rz$++ab(;|)y z%d#mVE!L@9a2r?_5_&E}yzG_0C0>k#n=PxaWs4FoeI6+$?mm&+k$9mMvViz!5xbZp z_a(*t5BE}cwB!_5BVU7x-;0h2OP~Mmg$#-(VR#8v%+Z3BmNh`Xl~A6 z=`TXiv^h#bVMC+e5V-3p$TaX*wKF+s@H9NW$K1aKNVG*95y19zMkd!!0cl{4F=oo( z6NVH*H#L|@zPn^eb1f2YxKGsz+>Sj0;(88zYAK#TRzL5-;piE##L zz5Onkf_MSyHuB*N25h{;1(6OHATE^8b}3nK7{4Lir}GgF7a~40MgqAgvytBti+win ztfBlKEaY>Emzv4%!9Kny@w}1z9<1Xz;#V|CUh;TfJ=z!D3x1{ndfDoieX@#9AF?j^ z_4~a{Hqy1Z7Ze~q<{}xyO#Bg+s$P%)FzSa~?(3&mzWqOk;B%SI-jHPmzN_ zBq^}cjZF_9BXyC2CJP=VOSHKX;%=JzLgKne0r6gtM06C?(}oMF7ZXqDAmbC9BVP6% z3dFzno_Sl})qK_qXjI$Uti|)+hO?Zcf7)}=;lvDhDfCS_KGved-&!d|iit!1&Cf&p z)XEl8Ox$??XNfQRDJR~%PFUnKU+NKF2!~9=_hZm7yDmHUE1~#vMhex3>kmuL_yvjQ zfD9bsBYNGj9fMLhnH$pGdRm_OKS#X~>e-E}#lS%aHtclVZCPBEmhL%e{n6C4Jv zy$c=sS>pON#f@nynQ^5C&!loQYC7g^$W z*E8l4xB8tSes?`1OB@q|c@g(nn}y&UUZiO_s~i%7f&0EtRouc0c%ziCk;V!XRw`q| zL=oH*8wn3tOv@Z2OWClh*=)>r1J3ONA-!bFj0se@=OIBRmKYI>iF+FmWMYZ&u$Z{p za2RLV0{Ccbsi~hl%#IB2_p28F-3`(mP1PSfru~qi-{wfjFW1UfuFHcT2bYCD4MkjF zVFI~6x;!3OhqO+`|8HA|g_RclWOxt@_uOQTD{c9fJd`AhE8?L< z54<}MXj2m)4==JHIA+M9tMT$PQn?o%E-WODMR;&hf8U)4EokGSJYy_AmmCZaD2v5- zxMw*`;?OhQDwe|}4ogLFZ#<;aVLlHT5!{A{h$UA%zCd4GFP~fThP+^XK4NeUF}`!h zSPQ+SwA1~}EyHSXscWRm-99sk|65wN#yGaYbE@#EPJ=(k57^TUy46INpcJVf9FBSdW!vNq4!)E`*yR4zd$I0|%*V zOf)_zU_P&B<%E{VqfrjjT1DFq30Wjk((D<-n{`{>=Xgq+d&T>I?0V6BGq|9BfQhD%zycO(x5|S{8 zE<~je!ld|H8`z}sufO5PR=j@i$0|FvGbAl0^%!;<^XuuJJ!$=H}+JCr|#R za?fS{yY+N)>+!#~w!eL{z5VRz*0)dowfT7a+s9A;MK(Ws@Bj6$e@#R}<9}`5nO3%Q z|0SOX+|K zdE`rZrs>c4Io`=))w?nD4zU5GuAv1SG8#vO_V^?*oWaPvIynA?@R&5lkU>o9Hf~!n zJ6B1h?IiYEvOeJv`GC{mD!2%iOm1(ZcGE{{h#tWZtpV#VrUo;_9#`0HVcU_jKq!}% zJo8edAln{}1 zHv4F*PsW3o`V5!KDLx8kNXULNE|Obt3!Emj`Uu~&JS zqFd}#wmh;2SW$*^WEy?1YEGmm3>W0$<6+3JWW)ITPNm!J$}$zGwNoJ^(}f*!Q;~{_ z5MgH=^Mv<#2;e=JTloK;{_kV;-|Zhv1$*qs$B)E&hg{8Y#U!6T)rAP_NhrL2oD{az z0W0Y8?Om{G+MZxS1U%|s&O$MyG4prY?Zcg|(GOOS<-XIwovhOj#zPhhLI{tr%!3CS z0mT_(tdBo@te~c+987Xt=R$bMr%#gh4@=gQ)pQ*_{o!6HxB30!HrlS_Kjev(aP8Y^ zF9}s$br&l9@9MvQjMV5o3f~X%({8E%vPx7%?u^%dmUT{uUSLBY}x$da+ zxy;AeMs~@=higWN1P;EkvSdZ{hit^O7(S)qXp9kV6HY;eK?EkmvFpJtow< zi<7!j0nW)%NiYhcfhBVYbD!4$6q5CI#h6{iLBhy?>MNuuuz|!3cei{6yY#eiQ>ML9ImB*wPGkTF7 zgM#)x{HOlgqcz#=N_o4Fq0#Mp-*q$PRk!N8R)08&E|}j*Vj2m#pjp)Cpu^~eOh`Wr zSd?@|^t#jI{jLx`W+Q)LCE);roJvPrb2XvjQZekhiPWA zW%`_71gxXtVE%XgKXq@N)YDRW+`t&nnZyD4-^^S zWk)~Ct=8sZWh>?RQ-K^(-ab1kSrH4Cq@zH7sacy~?c|chap1Gs3o2OcZ5)>EH#_zE z%8-j>XGLw8V;(0q*?Cl7>h@~DGqKxQqAu)xB|Oe<<~7e+u&^1~tHl|32|hC`Sd99< z!^Js|-L2r0R5>b@#~wLwl|ftc0KKF~#jpZuqb^aa>6;0)aptr6l}Sx$XtoxFWKlP4 zCu}VAsLBgwJ^V!I?yB$&tF4@0sil$(JTXzLa^m}l2%A>Klo2#`fqg>+#vGepaL)A z=fO3D1VeojD0IQ5UfN=djYHaJnWSy@W3;--SfiKF3l`xss7TnDYSkP6ac08x^p92RTF@>6uJSx^z4S@rLr^FDd9U7*o^xB1!C)sj&s z0A)a$za`)QqmaVqABFTEh14nYc@)x_s$j_q-T7|wyRD3p=??FLs^-G&|D!qnjWkDs zM=+kp+o{Hs9{>EjNMF#P>Uh}8L!I{cCG&D;y4KSAcDo}wmM2CHRZ4(ntJS1_0RBF^ zS#pNUCmzvYx%R1r+F@$RMK0beV?6B-19r(!d+h1A18snWGmf8I9oAig4#6AX+#qYI zj<~Ox&eLUyPNy|laKcKo$&n@`oZoXMRO?vy&Ci$IN=hQ_cE$&w@j=O~i868E(qq(D~+RT}Pw-+8~tz3_YQ z7qW_E6?C##t5nt@;eaF@2trB3u527)9>c|khEhA5!Ucy$DG*p1lU@)_zKiawYmmu6 zFnph4f~>FmTy}%d^K;fuB!REi*DLGru5I&8jc?~T4miB2e&=0p07vIRED{g{7)MmK zgcHo*ZEEs!S;tM16GWuc#GsaDFXTOKO(<}n*?ZkMe$_lYdF73KFE8+KQQ+Sd34DEh z|K#W6vxB21IcSqs^MBqRw3_?my+(eQj2~sSvUbUcKsD$JR8YLY4Esf(#Nflnm{?C>GcTeM`Af&RZ%k*F_XF(#F|?TtK^rmL0R*| z`6LW=?kjc;A<*FJF_M2S=`e8smB3vh@*g#?)xXx1-EDnc9=JQ}u=xmjiO5nLnk>Ng znzR>^iA)}t{*d)ANVj>7ZvhH5xvM4H#cWyxxgg&VWT3l7L=g2^4(j<_CtH`Y(2vBv z;#F@k@>U>r)O};iBQHYUzd&FFYEoX=t*)wNEryfC=U361s{7a@r^+w2i;NNEx0{Y= zx8aY1s7q?kNjKXI_)^!9f4hyCyA}1wUWuF%C3PilFdVE>Q6d!ZM^IuRv>$U}wxBgb zttY8*j;1&q(jiL+6kTw&XdOZd(q}d6xMA=7-IP$@BYR$L^D6jL9xkv#Y)Pcce4j@T6LQ7lc&fe19wy*5tM@O3WiEvaGtVOj3gAotOS1LH_ z;LZkrp-pK=y;1ciaga>)VV{ITRU>jEVhQGa+-tmHQ~k?d-PeCU`OjkOUwMAsX7Mku z{vU5{XV(AY?Qb9dv;M!t=K(onR9niyzQac2WQy4Y#RLv%nvlH%5>FyQdXpgZ1)&2P zL?Us#g5B#!nrBf?7Oyg6pZTjr@c;B@vGs2*#5JALVwtUA?)ks9nOXl&o^Edav;M!t zXU4j8JjqCE6u~238SHj2ht5BX_`meC*!oYHxb5M;!1~{Q`Yf~lx4zwe_RsqN5}(D_ zzZDpg*#YpjkQ#yI&k#<95f4xa(=d9K(SR93v`EUZ9bmQT}@yVVH)YD(Ur@hxYI6do}y+3VsTBk?*%@?~>{BO0e%>K#V zn`W!CcXD)k(r)fn@!#s7)k>w^JZ>MH9lUFH-ZbBL-Zc*2N{YAT-mRwF zd3nYC*1@}GD^CtlCClsC!(-z|&ZyCDwvHP|1zpqFf#r2i8}0VbC$0T_U444x<=H%J zw9gLq+Ra95@3q6Pf}j$N#{FR-)0w(i&NB^^vG2B$>x0`$+L4*9>>a+9^R?YPdwW{a zlFI1WX31ncuV=>xdyV$l%Y(zx&P73=isWSw&g-AencfNBH`}o0_t|+6DWgXKue|=G zZ#k@pejJPwkF?RSui}aEeU2tW@au?zL~;T~6S;E+VVYznhy=V9DNp`{6ZCIZq9C*n zFhp{d3dr@VToTe}Gz#rFeXl%NRCc<%)+B5-Uc5LsJNlnaV-L1R*f5+)6w_WWNRIyS zkU88!+<8>k$ieCCCW0}DT*^nbCMv+8B;9GhZ=W@fI`11taxuUL4A+aQRYvZl9oP=# z*6Cfy-7ozWcT4ZnIRjm?g_JN3Yt5Oj5uX-cdt?G>f7}2nm zt7v3dGf$m@RMNf2?5Fy#YWkxyC3dUMKdoYVAa|?!uWF^Do9i4lUNjGPtLgJ@wc<`S zRiJ6l&T7TX4)t>jX2a-@YNgU>ogKVv?46yo-s@kj_p@r{rmfnoVHGmPS0TOb@mThox_v8hLq`URmBjZ z<#u1!tXAZjFDRZaAxWy^2XTo)^19JHma1SzFBwwAr}V3ur^fz%=j=o;8aX*IYKba2 zLP`k`4-GZCHae9BB9SHZ4z4!Xedz8v|4%BI6TTHr^hd?Pjx-rTd4jrzb{w z9;8jlg|l1Dj^2=ul(P`PbQPuL-)(uIhbi+-+DPD7%t))!v14?bS7mXu=%u#v;`Un-~GR3%~Ydi`A9W*2(_c zy)!u6t0ah=Sg4iUL9{`9NxalIlvHXqEi-10Z{))%rtDY7xmT?6)NHj*TAkwk{vbl9 z$D(Cm^v1OK$_%?rwekR5AjttJ!sxE36bGfMz_Ak29t%CvHtxwICIo`EP35H-&3bY@ zzil1LmM$WG73B{cV?D{OE@L=xJCIhGXG{9RT}e$i*{-D48>cH)g?Xl}YUQBaNzJK6 zO`s9jQVA@D!o6WFrY{#xca?J9DGVw|DW6__{+n=qS1QH6PCQ+c^BB$qDJBAV{vF0Hzd z;kAqfYi$&<;4aG2stZ|dGt0BIF|$S=kUeF5)TROe8i0@-Jtef!%C@T6^FiIN0lXEO z0-TtG1Xg8_k#k5@p^O$8GlUA!QNeNY3O|W_7Lz(l`gQ%pQMYY)O2kD>9U*ym3X!5J zDwCCC{)HtY!@@>#dt7RdlzZ7vJcuBjj0zA^naAZfU_?wfVGtx0h#^VhiAYF~C07V( z18_Me)CuD-PeYoV^LXU_8m+!J``s9i4WRahP0=wQeDcY2(pJKQKM|`py_%=&>dGjw z^!rjdsW+^Ql&p$cHmGi{EdH?Ubv%(eM1EMu}7vA$GIR-&NGbR56cE5kaJz(eK=EkQF zu>LkTo)oP=Q_ZZulmmDbS94a1LOu5LNC!^I9YKWy%i+bx|4%Th;2EpOLLLoZNyuv( z=}i*7L7p5RzK5tVa4U`&^T7ZvIJsbK3@8~1f#4uH)gpf7kv%+IMpVw02!>|Fk|D<^ zGmdaEN?kV7)y#>bw})p3r-#kX>8nnA?{yQlg^)>=Qm|w)&fQ=T-lRWdBU&1py`X7T z+0}z+@JPLCJTk8umCk@AN6?RxNiv=!C-FNP2ecP5fMs0OI6sp}u!J;UzHH*OR~@si z^A~J-#@nFq?XGNDKQIWE4ldadUN3g7-(n^vVX|A@#H->167oSi2*W9u|3lb(|vSt^Xy_cY6s3{;hEaFUlax&YkuB_T+*Q&FOFqbqeXyVtEk9HHEQXA4& zXhq6Z$s3XK#O(g<2Y&Q0A?HEbOCFO;H8~1<{0Y`P;|3x@q@UQLfet7!Bv+w11E#~h} z!VtdR`eA!Ze)pcq?NooYt%|*fgTXLK>u-JkEi}qQAB&FUKGO;LV8G&6EIHynYtbt+ z>v57E!RzVDRy8$Gt;p}RQR?9M<;j`_loUkCIjLf4W%Sr@zIgj8U*>C3CDjirA7yKw zej`qmpBt^?e2tZly8EBL7GH~%k0`KDvYo2@8Jen+YNj>Vc*~kYF)i01m~cMjq<1f( zTlom%E*Yvloz2ujQm%dL$a!foFU7=yl3uD!E$jzmkB)5GdMgB20=tay)Rc+l*JBzhNkz1G~QiV1s$fk@-b6oXLD!kQsu8~g<*WB%%B`4=8!CZq|pQ@?SR9!JVthiOHC=IDmi81RF8VXJXox<}K z=A=ibnI0n{J5Op!9E?WH2PHsbhD1C`k7{|a@<|MH)FVGL;zJ;G3<(dwS{96g#IuCj zPH6w)ET;WbuIak|y0*P3aCysd-P&1sjHCL=UNL9Gm{Gr=x~w;%L6oh~#_QVIbX-jI zX-ZQJSr{6c4}ei}u&+B#5wue7a#Ht@RQ1=uazK=?cjzOmgdy5vuz7uR7r`K+;f4Z82c*zRO!yU8krjqu64NoMUdR?|-;)*HcvXvT z>uHyKV^2;{Yo$U*HlfD}A7^{4cKv>T636nMAa++)$AZ+@Ik_Q&n2ky8sxL*aseP)d z&6_2pYSnwRYxH%vw$Vi0q?8kp+^eI6tUfjO)S`PAB)Xdyl+}F!gncu2r6`qxkk84$_ z+EhPPGOxRPC&y>aU(WI?Tm7)Rvf2l`yjh$$C-YZ;Ov8sKuR1T9uN&_UPFmncbksa+ z=~DB*hZ?EGH0#E9{P&setF$$ zHuiU`^7u=C%M?=5>Kq;%H&gY*2v;j4sE@2{X)Pq*066)UHBft5tyj}#j$hjCEG$y9 z+piJ(YwIX?e~?3<)W`zktFDH6dg57eV4f6f zN>A#;>sd6#49@CSjKD2{P+xfDXY?%YbMQhSL3AEOLBdGL`Pd_G1;gz<;lyXX$pDVb zGyXCN3-1*xAGgdhOMgmeJYe9Oy<4yrAC7k?5zWJuKR1#0voFYIy-#bNG7DW97u3NILo14rp?SsR^_xTnw zGP2~P_qhie1~?rNdFB$IGZ-1Lc00xn&=%7{`80D>kVL{K{UNbNvQW!YFe27aDrF#m zTY)cCXZ1sWIO0Be_GELhMpdmtKG3%nkx{XKjpU^vzp+%w^XHj4s2fGadSD&*YP@nw z;JEoSYzjD3>8vSIHLK1hP;@Gi>dOB&^8j41XGp-TcRig{zxL&n)CaIVWp~{fT&qGL zxFTD8rj{%rR~ULu7nRaWXhspUgdCCL0Kuh5ub!eaG*^f`|K?fQW~?oCpIislcE`?F-Qt>=>TO$rs~$^Q%qJNQDTv0CWY@L7)EM~{ z26|f#Je2tKs~Y*rC)v;|NLIU4Q;$oULW}%zZEY8|rOveu_5H&jVgS-gT%(f|TCG<5 zHL9iqXLQu!u|sxx_!59?!9K<1h$bV5&9MV7EW=ZB4gJYIxt#yb9Zw<)P3mC7j6O zo@z$@=QY2Qi~;Vp;{kHT$nO)8$S#r*o%SHe^?VY7Nl_VD1A^{mvv8(cUg6B&AqqySavBZ z*h!FwrMwKR64`MeKz0lmk`>5_0!!Kei3Gut{mX%1Suz46R+PsENDN7^V#zq)dEE25 zRk!%)d1$zcY4YB4zw@2%eCIpg`Of#CyvZJl8{&%|J1!|kGUZdEc>7Vcxaj#ba=HS ztGW!`h^&Lu!EaGOTcYW4(-i|#MJ8Ys31r_8BS%ZD=kzE#{}7U?4nsdkVtrw;Hhg** zME)hzUBf{a3$ywt@XyL|;&zYm8BH$^*Wtqbv9j{u)rYUHRG_3xiGVG+fmcc}E+t`! zkE7HN4`cEmPP}lGKogfdg!(llKPV+fxD>ksTuS_bf+QS4-$ZXNCK#iVo6gu0yIF(` z)P4`S=+HmG;62Df&SPq}=IJX?oIt5}HzxE?s9C%)j~?;cmeiQb)>7(d?cpwwQhpLM zj%QAr%w+|Gmq8E`a0s<&>A?}4Ggpxxzk|=)0t=^jag5K$4!V7te-1t?RVMl2Y^=N} zUO=DYf(l7B>>lHDRYwrxeg~h&Rfqe}zMx)~FOKo~izGb8%vhk?$B}t6Qu?}ZhSz`!LQEmkH6;vLsQ7N|>3R{W9iEnT0b63MB&8_-mOBp+r zTTH4398r&u$=Gr~Jf!Ff5kKK8N3pe~8;WAoGcdiJ32#O_9f(Eh7RTzXq=g`}l>&kMKW=fMK(f_^|Wzc=4hgn*<2qj_EgfdyQV zk-EWo0?w!n4VS2Y+YkAl zLOmjI-sLBQQ~`rBJ3LKKsyewbKlM6=`FZj!)1WvitL$+#W znOjy@Jvf=VU(zkcP0$y=i0a$#?zcO&R!2BW7cyy=N$|`sEYJ~iufah=ec3qH%3?TH zv`J_?PA|I`stXx+=9Dfuzr07j6rWB|h)xV`{X|vMIShRuIFurhpjN7f+XFPC0?SJO~|2c@u+yQ@pOA_yS7!|UEUk>U31_Do(m^V zuvf+s6OqlHi8#eIq#qu#$M+n5#AJP>WvcuD?fYSq7wCw~tN^FF>-yn-jFV?y+HsSk zj6IiW?Ua?J<`a81wpMHJx%Paye`bh)s=`6{yy|$a-#?dW1Frrjcq8n4II24APtPeR zbR7&M9LJlKj&XI;CeGCVazv)u4}&uQ+F|#1Q#N#V$EUA&0|!UI&7)cvSPk4Wfa4&C zJF{{7bF=rz?H-SYtREG}nR{vbU&mVq4s!0jDt8n6U&l?(t#S`rg7kbjuxwKO@DSi? z71dZk0ORpJvTg1b`AXOm{9g0)3SmSI;^vfe{j6~#>LL@Uo6X0qW~bJvuQj(f3cMe- zW{ZNg=&{3(V?Q_ykKr$dZBe5r{ZOAzcp8L>--7}K@MqZf$T6m<@F*29Zi4X{^+&*G z2@!H(fC&A?YihzorCZNRw+5wKG~WhP@hV=V#2**N1$Bh1b}tvW5>1Hig6I=^Hj2$FQq70F(4`dhw}V%W^=fg^_fToHWN)zT4lr*LEJ@pDQGr4h zR59(5tENQ_lF=+H>B%{c(>rE)dk`&x(2?vFMCz|aVeoc%un|U^oPlQ(`J90dpo&#b zS_j;rnoCk>Nu0go5v|kToPuUGaEcmC zQ)x3gm7wu98M7x^X3bwVQ>c@ObPG#&;8hLWl~rCU#Z->TBq9eUoOErZq0JpM55DXN zVa)uFV6md2Jmc0K{DKV$mZI9+3o#uXSOv;-O-$Gul(E0TYQHlEYeA_#HIkW}(5UE! zmt0{ZvQ^;_qWsB-Il6~cYZOR0fzpB81l_y8`s%CbC>%wxwgwtOf}<0+Uv*x672Ug! z?!f_eK55bo1Den=CMRPuFZ?4P zjBNb2>41mn!gXUf0DD6m2IQk1H*yC!!4ZW~Tv>$+TpocRxC1!F7w@Uhk3#x<9S?Ef z#V8EWA!LAEMFBatK*?mHLBz)M7A&QB6>ZlF1-{bcWs-kq%e|YxR&N;Yi_+T+ds0I+ z*OyUEAq_2(%Ne#u^OnJYgpG*}DpP`HZhiOc$db3SBMTV}d!YMW5oha>@Ipdvf+36^ zSc;1yLc1mEh3iJAelWrIxG5o|tLaBBcT2{B7zOsqNC{3KxB*M;JiFC51_!$oq>6G-6#8|(h1q;DJ98ojD(J?q!ce?!i=p7 zM<#eOhL_L`V4Y5anMU3fWnRrJrYQZYNp=U&LObIgp25Cga!CdeNQ`;b5!)4VP8v+`u!X1ZlXwV){0m8%^W zue<>x#VaZQ`7h`3Ps9$NP)F7ti%Xj6^k+Z(O$V*;B29YQk(_~qrGh#+FrQ7;`W$2M zy@=EsdZBKX3#l6t+$+-j|7CJmJWaDi(2wt;Bph_zg!+cii{eA9dxg5}98qCKTfnnf zHLBbNmnE^8P^S(aI}L^0nJ;t!H1rPiDmfXeEy6-Na>Zc*K>0q<&S{EezVlzPailxgNc9Gpzb z%g!+}B%Rh|n{TIxATN@@J#E)p)h~SE3x(~+jqUg7pDW7`*q@JE&8IunmF3q8yy?pF z@-nLgBR<_~Za;3Oe~QF~;t8Q9lqlM%x3(H>D2w;-!E#}zv2J<(0Gx!w;W@pp>xRQ~ z>R%?`E5+d`>S{4I^h$@vL(pfC9KU#Rf3*~z;0Vf6$;WV7FY{e$x2A`6DZ`)KlG(O5 z`tBiAn$lIW3kB3zj(pbNKmaK1^ujK)&{CFfTbnj@ z1CJ4juxM(FgZ0MfZKx+Jmj2~n=&?l+g1hbk-Sm+oDDN=0-$m3NqT+=#&@lx`hvbOJ zW6Sqx;8eZiCP!u(k<_=3zfX@%VZ^rS02LR(uatI&O5oqp zQ@q8H;z32X(RCd8Cs<%X%kdEobCbk{BsV%gXaHD+1GK8Ypg&~7D)=mk+01^sQeQ|3@^np{W(MvV3Wqpg!U|H+l0VtyAf~RyEF_0|cNO3)^mNl75K*G} zg$(>)%ROrjaX{UUiWe)ZrTh1mmzT%ZRy(|(YVqRUYH4Np-UGQ|j1wMtbAPo&1ik#0 zY=VApxD_96gc0xWL1qiNuUAuRJlt^rMIe)wN{o~akiIWgjoQ@zL>=(r2wI|2phn-X z(Z)K({aE<1$Z(`XN%6w+ehlsdqX7ECo+STlz)-25keyqdoXiX@7o6-CEr$Gv5t6nV z(6J*0LkedAs;+FgXDApA4rr!Hi3m2N31#}>=_~5e;X8*p_1tBhTl#D*QYBi}6yQOs z0nCKuUC0O>h6Gi}@l3YXh$Uc`!aZIwjBe_^k_uYlRKZT8DeRPTs>xCUo+I0FvfAWi zE$IWDy`)!HWU-OTVgm4o!De#j*{mkDx>j}*aIeI2<3d4fS+OR&-QjTEOw7c+!1>lZ0BxdowTDiMy{7-&+VrOBmvp?)50n;gYB0_GESfp3uc zuFid&Rb`7=|7*^*>GgzMq_P<663v$u+;gI3t_! zAjGnJ6rKjChus7&S>i&bS11{7Oc;KY+7^vo3RXwZRv5~{4(x}gP*(5{w!iSSR+#*valz8ZNsh{cnRZ8g7qmX;6kdZ<$G>%D`Rcv?r z@X3Q!=Af4Mn{2Pu45wAaXLX)5gKYnWc{cDCA19b%s`zyh5VY^vZAO%b$P0Yfo)O5gHdiAL)Y7`%;w zxM-DuIg;a~bFJYUS)7XPo_@ra->eJh{>xoJ=^0Q@x)P~=+T3l$4|sa#Y7laP%L@Hi zFV&GBoP@{Nqq1_h$RIO^RDK*|Px(Wh3{SV-^?o zRQS-D`EBZM)c0w=Ge3s77jz2D!!~TtR zN@h<)mpQ<+&I!F?N(U%h7r-Zl^elBl%Le=G7R&9Q(&{S%EHa@$FD}p80X`l)OpLoq zg6BaH1|=euV5aUWSM~r~j1&1i34xf_vQyOz*YC$@F%Ai2<|pHVr#1Ldh!CS*KRk_7 z)sY5BgLhJVd6DWrUhkf#0Q@Kx2Kp$~J+<`gl*iaiz|H?XZ_@`oVE6@YckBVxH}6B5v{;7jXy% zeVpP0`bNb-5kcn8oJuE03@zQ^_#ZN9v$i_gEpkyD_J}qU9BZ_gI(~K^yQ#@zBViKU zP7#RJ;v!kpq%Y<$AU-qCQV^ae+|bSk@RdBvG&>#>?7RFHjPx^>YT!|ug+Wwt-46Fz z>45^4sVHUYCP(znYTb`mB&JCeW)y&{UP2nWPw_iurNNl{I|x@C8thMY8vcal^I;Y3 zCTJ+kgU_m**mMrKc9ztQYtaKtHyqN9zDy?X_q#>@O}fX6td8a;&x|@W4VT&~Bm2Wg zb{E!UKg)4BS>Rie;&Cp9i(!R5>*U@J4@#Dt!V=aLgWqAV4 z&htIt*`Tnyn6ueAosWPW3B);5Ndmb@FE=3T>Ve#B=`zDx_am0oAkUhXH!g4!S+T9{ z7wEK$O8q4V3I;8kqEID<#Tu%S#++kbwIQ8n`KU276&MNZ^UOTz(peT1FevB`0cnJG5~L*J6lmc%?6XK?o~mfZLE{s*&#TPp!==e~_3fQ!4d;n-pem|Uyr8Ye zPW5^5!r`gInSUU(fq~GMyzQ9n#bAKoc1&BUhEddCSdx{Z8HcHZ)JDqQbwV1fBFX9_ zH$I|)F=~skBReL^c8sK2{6X0)8_^=R%Usy0xij9Ni8JJE8E=UBwa{f0_2~$dtOu8% zh5(eh)#_w-NF%!O`r-bO8*jNu_ek~ypR|q1Jj2osE^9|o78(>BqFu@yPI2YA!y^rz zJH>m?jl1bRDf=drVPLHZL)z}KS=TE}vxL2Zr8~^DdB|B9S$6tNdXCHm-&@T zsv;#eo@=n{FMY7<*1_^TPTFwEV{^dv5mSA6`j|<( zmpy90jgC8Gi%Z<-T6Q=AXTk=TxDivgX9TXTJ58NvwrRaZ9ug_rf2FUg%Iz)th?#yw z0HuCH8nzQR8O4M}dem7L;b2+pf-$_+sxHzrkOBnjkb`19x{v`OBUo0(+TODt;6#cM zB!52CYdqn)M~3+OB6hW8uD?h?{;eIx|P4jfSu#I4PBUHQI$eKM`4tJfS?Xli=!crETd(| zy)c>e*k_Y5S}h-fpG2T|DFeM8A()I^%;MDC7!5|q+U>R_Ruot&G&~p5dDsqsp|Oa`A$LW1~CAF?xZX(`X>o;B%qE z6GsYa58a?i7t${FU@X`plN_f8Q1SVm2ujoof;EJYV9Zc@77!GMswRiembG|%PZwOON!XssdYN_)^>H_`B$IsE|;0OD>p=5@ubQzf-2S4fo(T)0E@)keG7X%kA6BlSk&e$1iFa`E`fZk%T z=kLf+1<-U)JrUY*f(OGef`nhZCVV@0*HR6(W7ZP?py7(l0iQ$z%HZSBe+XpvLg07|6KdNFi8_&Hw3^a^D4Obb6 zJ)Dt&l8+VVEL0X8bqbw@ivN6}xbQr9{+zrc;~6^(@MK}~bP6iY$VM+03C;Kl0w$}4tmR%YqtcFj#_sX0pOpIW2#dw$?O`%+poc&ga~EjChz z$3D%8%`0J`b)H>|a1#tmF_1zP(RDwvl_nG~^VQ2U?-_aakzKG&gR3@!ICfA8Y*$j6 zdzOR3Q(RcjKd7=q6?s3Gs`*nFsPhlTmGciQDT`=krDtE-->G$;RMVEy`YOl;WNvy& zvTx+iKTz-Er_P3Ax5})O23|sxNYhh?F}}1mws%cCX7nBFZb=tw&8?kgyKY5Cf0vDm z+EPY@iK2!Vg<9LM2(&flCbn=?siES`l93)|!v#T{6B+a({<^H?% zR@HgUsOZpaqt_WCw9gMnw+_eTb%){>VeiOI1cJHnp+-b;UA}hZF0G?{IHAjj zSMKtm*5y27%j)xC?H^|xdI&GXE`siR3B%_?rpVG#1z1VEu zo=|w0hCQBo0WyHbSrsXO8NdxziN;9_Ak$(EsDw6Zo!X|At-q9tJuHQQ1NR6sL3ajk)-qN^3y$Yq?PLz0sw@L>VEib+2ZUiT8-}iv0x}p>SuUfoCYo{3%K^)7V zXsD%vx^Ux`AIk?Mc(5-5HrXL62pzM$0#E5A$M=NXZXUM$dbk*Lmp$<)vQJ zC#kBj?HaD*3A!hIy@=%K_FGR`xVnPwcnMjKU$)Oj=+OcCL0bAj=7LI{?FW7g&N^j&shWb=GX&VK1+!IK z?|T{9GN)#zuuE^qfUAgadY@lm60wA~o7-uq_VtT%DsM&7a2DlOVnc}0iYCg@bXm^h zP;OL`7be8j3AsK+ZqFjJGmG>~b*By4OXRIZ)T-h&1@JOut0Ygynsl`8fn_9lH`A$Q z@z;ErjMcjOY@y_7s+XCZajler!^Hh2V&%3DFzlmlzmGj4+<9vByF7}zxxM)e@*~hD zkdGY1bXakP`#kA0RT79D;5@xB8?k#!naEOId)W)+}pqYU_N&foB!r9J=B z=KgxEQ`>Jfo1M$Eye)P;hEoNQg%1_7C(Ke}fSbQ;*c#E18rU636qJAtWBq=Q;aNtI zC=h#4e}Hm^9C~d1xZ=5q%k0)#G~)z>r8kfh-u_6Y_8eL{Gtcjd>m@=wV3L!U}ny6C_ zm0+)`kZ*!H>wPy){B9e34L%$ut#8)aoyOWrU{htVmu6Q3-&q*e{5UVmnqN*4wKhD- zV_Cw^DqC&nQ?`{v>P-sM7WVuPNi(1&O>Uk`VThOJP7TXhcvJs0FJ~HEX0oJ-oOqb> zr1Ez@wlp!POeuj{RsOmO*4zq%!|=mlO(?Ik{^%tzCk*n^%xT~`3wxR$=Vegy%St~y zj4j!8EG=oMmv@k_HE(C*e%t8zV~PKjzw`0GjWl!xNWfN=zivc0y9Wn;vh}48Nj~$U zQZGS7vw>b-N*lP&B&f}=bIWQ=$JyfAhNb*m6586MoO0VX5GJ}6fUEigm3>jo^9ToV zFI|^q!%fbS59JI_d=Gp4p^szXHQ9`qt1hRn=B~%#(6Hnc%NypXcF%m}DOG`_KF! zDg_uVBPrt$M$Yp<>qPD$eZ`AOy!octBXl6UmA{yd_=_2OeR24PWt^1B+c-)2It=>f zat*E+C(NqKIhmH=ihNH?$aPID{VCI$OuL$!M`=EL!KT)vNW4U~1Rv$&($sgEOJ2b@ zQz1e;f(2wMagFOsk&%%*BTyGw!VRL|RlR2iy?OhgeBlW~+@+a1X=U29d@0$ZgM~!h zkcs@>^aHGkYyx0E3HM#kvlV}2l^8g4vt0MlIm}hBTu8}bS-jGn$ zcI7llD4Q>3SZr!gnyMl@QIN}$>MYV&{2|fQ5*#ftrG&7Q8z47|+;g;eFYss!qRTB6 z=FtlOggihF1(k%5Kf@`^Bjp3+5Y>%>f{MuyB;yC7O6<^$W90IX8MsNqZkMP15i!al zQ90>>mB3pS`Q_@gEH`q_9ps#&XDC41PCm*PRFEL8IUVRT^ zh%oJsy2s}~h;~N7@hiX^0eXhE$#2d=LHU;Ny1dFa-V6_$kob*J+4c4le}KbLQY~J{ zf3B96%de`QN(5ll30ysXi>!3dkB5EtT;(`MP<0n)1lnitm|{u@6Z2drDMeJxXbE{r;ii=%Ot$%p|$spRzr>!-5kY0kc z0mD;|mBOs;>;Pov{jTZW|HkmtdmqsKN@Is+C33#*51j&!QlO8z;b0iX*eN`zZ*H+? zN4P(53auUfcQhP0h4uO)_9ylIbqWQV=aSZqw`E3^v!aUd1U4CZbstuGS@xM_nfJ(E z$4WG_BFw2qA!kCdL^Me7`9#VcfS9*M%hB!>&atMyXAN1qyJ*PEwM%IPS-llFyF*bH z*~F8C+*^hv&4CbmDe7k)vGUY{(~fX|h@-gR2Y&K|{%&l?P-66%JLuB}Ri}8tcx7DC zUzXz|MYJCIk+I;Dvd`=jHOWa3?dCNr9P$HElK?y|=Y_FRNMKKR6ro?^O=` zpmH|o_x*rn#N%b?*Y`IYk6N|XvuP0eKC?|K3`>*?jTR8~#`DXHtOUppdLcS@2b8PR zqR(b>>@EIHBj|+$E}a@lW1;*i$SFE`g8KvVQJM5(2}|5+JZ{y%S-<_P-KlTwKdWtR z?l-nKn$;Ze1enHlyHnfTthdNlV#$k;(aAV|#UEZLiV8S8hFo;zM6flyRvIec>!CPu(!cfuGX2lO;~k%~k6*dJyfAlc0fUNm%zfhaM-U#rz( z$=*;8PLS&EDR2@CfuSV}J`=lnreM^A6F&+AI5KEqu!MJFoS*~T3nOW*2pHS-FVm|B z&>xG7N;Ysue(NAd11?u$m*-#p%7(W_H5q-LrO7r9X5(cgX&@|?sX~(WBsN}S1}Mec z;SdLqed)xF)S^>Gt@;Jk^{B3cc4!$#nyD3Zi0s{ykeRm^yOyanIbs=N4 zEMz@_rjc>f&3qJi_;TAh<0Pv#!r!IIQ`i$opOQpqVRv;j9O7toZ-M;Y4^QduQuf~^ zm7h`ouT+uaMv32ZX{lkFFj8wEXCSb*IE&nKTQ!h$ks2h;K^wkNGTWLkMS#F^V;a}P z!MQQ2wK|QB+FGaCdWOOX$pO{Mg1hY2_VxyND^%s-%T|pwnnhEf#M6Glt;N6(80)bt zn{WvAO*Q?IM^2+PwWx3HPX!Foz z6RI>Db?i-Ou<}O!XKbzD)z1g)=G9!I#1MShFB;=nN)Pia z?q53b6Q#ny&&fWk9k@Y&qjus(33AqPg1ZU!WIT-S?;=0&6W;|Z{~(`A%U6PBoCbU` za$gxE3$C9K9vfbDRM9Dd(x{1nn(m+heog-c8|gO z{HpDJ)hRyA7Nu3$o=poMsIpOPNOmPIYjIM;mxO+n)@;!Ls=5Y{nf=(@oPnO%Vx!g0kZ=yEzDeL88J*`Khw+SL2 z$<|e4YosSSP+aJ+SRQ7B8q&Zl(19~&0Id+U ztSLomrYGB(Fu!V_ar&V*MwIz8+~l*94X4jexM~B>PLIgw8XN8ELUn<;_C)9ya}x@Gsf&hctl;U7D6jS7 zeCeA-!d-dV=Xo^HW_TzSn57Rl!$YMy`UDA<-os{EA=A5L>s7(i7)Q0hdmM$M;YJh= zh!m1WlUcjnFc9`bC>RGWDf^w~{@RoJ+B=l@A>3Merq~eyq;ei2i1#Z$gu? zDa83zNZ7U+#U`vIny2+rJwS$+8-d&h_U#_|C)m509!|sP_+}uplAXC>TSTDdP%>Ex z&c=5cesr@kU(ZlG;oK=j}a|M%c2zAVI5v;>I{4%2kpT6fv5BUcE_nYceuwg zuN%a4cwRJ{Jc5c@QYZyAXi@(ki05^qpg{i9=+TE3y~^f%EjeXd&Qb-#E;`A?Z8{kH z0d&BRhnMp-){i~P*&{t6+3Zg2U_@rIA0DoS!*g1u-3aet7Il?2{qS&0IGiigAtOy+ z-B%{pZuB+oL{i{9oy%mSEp{ENQ|Az9VBX1 zkDUq`xqjV2)`k5-hTq{XQYs(3kW}or1dpC7wiv;k4(-Mcjb)mw;i@ zgX1CY`aQpEl4#hIN%V3F#4ikTQ)Ai(wxJK*B*9TY_WXF-@Lw{6KqV6d$^0Svu|VWb zK2qfT)<%_{@SRks5%oS@FznDMwnG6&gefr*$Xv@ww|;O4BCr{((biCZ?Ruo4a-5{) zFXc{RdB#|+w~QK?Tu5gucrdSpp0y;UbnhqVAy`qPud3ic@ihCUL0(;P(=axO!3n!F zw~jD32j{G#Gr=CIY)94Gb8m7llLw)D^i)g7WZ;b-G1M`L=#WHaHWqtxf=U!Kr4fG7;g;8k$4oEfy8tNWWOJuCbG}m^617VlE;R zxE$FGK}NBD$l^FbMX=kA7S&arE|R4TAN56TaT;G}j(C|)QFJdA*=+roW{BiAx?K); zkEa#kXVZL!r>t`HmV^UV#N@OC6tN!lXcS}Go5>Jn;`0f2c)OCcaokr(TE8ue*8`TZwhc#MpE5_W)^Q>%rxprD*3u z$fTN3%$XC!t_p6C1~={kOjt{X<5LF7bTl*QZbwr&GH}c!2n;Q{1X<>}p_Fo4UH&r4 z8UCEM;|;QTZmRbllC_@wPLrkPIi~RO?bz{7y|5*pV$s7MciVa5)*-W(2NBxo{={KBQc8)&E1+^M%Z&(KC=lY28j4MCsg(2}|} zB);h?0cqZ83Ar@pH0+^bn!I&J(!rNyK0}O#>{mlqlvEPCvUsVEY4&GF`qkPo(|PP2 z+pfKC-4`btQk{IBMwSSQbP=Wtl;6K)_PM7DOYnvQ zv3A54FcoPam3X%BBew){SjvR&$B+#b2Z=6iHA$e5RB1c&Tn}8btq+I}q(t6GOJVGW$RvAS7JUkhNwr9?Ii zLVyQ3HiEZ72h2tmtIi-C1qnU=X4>2eGUgPLWNA!s-Ys5ma0E|of4rMI%lV1y?JvBk zMM+|MXTU&cMl-Qu#GowSUt)A?mR9c}7ES<?dX<9Ri ztKPh_jenXYa-xM%9k1a&X`0Ej516e_{Yp#e#O9RD=BDto(XLMC>1r2bg4z&1r2D59 zeOZ&=REU!?CYUN3(+f8O>K$i#R^~##MG$~e5l7-SN4YN?hJKK+S`y;wiS(jag$7zj z>FTAEtbAx%v$%4y?nl=9oL92d6LAQpB$QFN?PP5Coo-;0P+H?REi)sP{}wzaDk*go zj+D2C$(ZR%g8|9Bi;@^wb6c?9U|CR-xSq+kHuE#G9<(nn<31HhR~AW=&Wo2?k%ljp zna+3S75O1AgUs98T)e+S9nH3wOV%|n0pohsDPBC_iG#1aH28IkZF!_eKl>6<@<@EL zmWgHG;-kIH-o?&cX36p;FX~ZU*B@O3Gc`q1(&M1x5tiY%>{ zJCh|?s>4gXV;o*RX>HqGmF=FmA{kkhmn-w&+RY}!tlqCimo{%wlSWs-#q>E7coWGcn&M|Y_$cKk`Sl+i z@K$(&GnI;&obI7*<`uvrH^zZ*YPqr z&UJE4Vb^bIRegP`AwV2&^VtH{&8VFeFY^|e1^ZmmdS)LQC+a1PXl5D;9i;f02X&c* z%Ertl_-BEW;K5Ld&yYU0x15R#4`17o?s2AQR;1GjS{1xj6)&qR*)%n3`rfV~LUwlJ zNvZ;A@209iTKh}+o^3VXt(!S>W*OA%D$A$(z$Zr^P`AgAuNGj{0OnCA@&|~fwt5Gj z)BEEX9pV7fLgORwr#!-E=>9!aNFsl*B^v8ehrb}(az;w96E{+l&Pbn!eNTX{78k!* zypREorTkk<8DH&h;@~hj;%A@Y#k~A>EPoc@)3h^5?m)I;9pD(14ihqdV;yR;rqgO{ zp{-iGQ*XUff0j;x(wo3e?rC*-_5QtadV=o`QTF(aS2Q)ue%iv&37V0A=m+v75#A!- zkvSehP4Fo&)w}wrHvvIa?SwSV=`^4>^L)t>SMVk5H^80+TOG~RhHh+=;(V){CLB1X za&PHTzwb9#>vzenDZ?w@FD$Nnv*_`uPnPuX zK+)dihC6PAgS5G%TGMm4Rjt;J_OeSCJ=$k`sYtQrM;OJU10}njSU_4%)(J|O#b`LQ z!kcTuR>PYooKGfWt49b^LByuVDK7HgEd&?TvFNL6kh}25IWYBZTUfEq3+lXQ6K&Fj zX)tGFQ95;i* zkhW$q#>Ef}G9uzL3`J|W~+La$XKF5bGJV;Qfa#kFuS3}cK$oKmVA^N~1j6~zbAF$!FH z(wrTtv@Bl8vpcpVJ`f~!Qp_Er8D&PGc|-@wm|0CaAfVAd8RoL0k5oq%ilgA_DF||U zzHI#D<{`3#{H~jX(M}Zh{JtL?X3a__@^bA)pqXVZ zB+~6!%r;lbZDSykH^B|zY#C1@6A!iJvA}x56KX-7G=EEcnItcgY_J_iC!W*@j!LqZ z*vRxU{fODS^zl+j>_Ym;OzHxCyrg_CK$Mr5#zpJzBappC*=}Y@t%P!g@=?+E;Usv; zI}?9ga;wOih?-YLo-5ngeRlwA(ZR8NG7DXqF{Q%+JQ zG<1yVN`~HngPateqHpLer>Y+M2ba=9p6;yII(1fGHdRB=mm8fY=$-mARNG!hfI%MP zw~o?fgBR4zW9pb*is9TMi_*`trR#^jCuk|GsGAbpP-xj1`{7~R@AuDzs_ z*t0Tw;P}oXd^|s@Jg-!=!yo@q!QOze6Zk|Kq_te2He934O;+YJ(9HfG`)*=cR!z*ApBYCWI?Z1%m`1rOH`Cwc?Hf2IW3u>HjrUt`KM zEyPATSm<|~ww&qtXHcSO&PmIcL1|Y8ExX##lK|8T>SI~OS1$0fG!J#}u&nizPI`(t z=G>vP(Nu?y%ankj>}D+h1N3k*Am?!rnG917y<*tN}iZ5ut^A0FXK6$|(DM&R zbf7VEBg{P5M?@;`;AD( zd`y`0^!v-{vK93r#qZ;6l{QO*70GQh>0lw8cH+@4jA+QnB*wf^^_JU{GpKVFEjJfv zyRvItQS9|JzvD}2x7@whd}7mV^SK>s?XRxYN*BYk4C@o2$kOz8mr`9bby0*QL7@pP zZX2#nG!~2RZ9Z z#-CdBuS;+liS)E`gP3S~MXo)@;)P&%QzM9{OWY_)9YchO)x#b-wN^)|JOq}19C*{e zO?_I(p=7h(sjs8<)3vpFyS?#rbMu))v*`GV@Amz#OE+yXPHICkO!#Ym=#FAsKf~P- zg)3e&VH^0#6Wkx-D7Lqk8ZZ$K>yqQ&2zntAp!SdLZ7G~Xoa{uQH|i$#Z`1dpJ+mrg zw&%7KaFcR;h&t%CTP4&fOH}AFdy?8CTX?lK~ME(JwVEukwYG4C!7P;1r z{V;eha*aNPTPQyB6SPe8DAa>^6yX>RaN<&Hg&$LW#Vc$!AMZb^KdHUjXtwri>+Abl z^-ito6gM_&kN2NB1>sL-6!+8g2I|L|6&9dsnQ0Y0sGfKGHd3p7-f_Hx@=-Xzj^#X` z|9EcQ2RuH2sxu)E1fi1h5I$4AKe!j9S=cYe9&+Lr7i<*c7e&$Q3(2L|xWJTf)3@}O zf>0XshV11~vnn)RffptkC$j7pm$1WRwUMkP*{qf_tTYAXBNt*%%AOx__?Zpq=0clV z`I1kbSuR(1pv^N=6Kh~zC8{T9NQ>kgU#ak5jSu>(+Hq5IMS%k4mVlmY@8elq>MIo~ zAO$(|s`<~PAFmKEiFY)lyA3+QQB0&Y%#_sNUHaTeJ>v&#pJENF&cpI@d07cNa?kWO zujy@gC9g)X9(Ip$RCS2*uu)stXWpg))&R25!i*gL6#BWo$ad4t5u3_Jko2w=doOES5C)K{2X8O#syuQ5NztY&5jZ&(N*E*kw$hD0} z$rJxFPy`tEop%y6ZbeSjKEB?_8CqXsEPb%PtmtEDg!F-gAAO*&HT9{eyuUVzlW@Sa zO3lURl4agET%YN`@Ef5Fc&u)kKWtbya!H%s8l)wU)F_6rH!K#9Kk<+7gq#ky9-5sVXyKQ2eg1PyuamS zz~}|7pX^kfw1V!VT!6uN4MWcZbDUY98aWUEp2w)l;F1e)v*If8MYi%O&bQmRh z_?a}jc3uvna&IY_saHok5G3Oue%#dJhBNJ|x6 zruz|k#yId=*p0(r=O}VxoP(-u{gdmat&Y=`Nvs3BK|)(`m*^egzI%o}((~Gp8|C5R zmj20g(_6>s%JkL&UN^n-3h}IgNn+gEL=oh4UNhS1^ZKO`j?QPCSm~P^n%T66>zdjW z;)gu9=FrT^)!JmwuF;V0J5Prm%`GLxdeDFnK_0r97h;@D+_xv%Ajk*$#1gR2lu)C* zF*lQ=bwr2R;X0Cf!Y?K6qOK^X%xq*dt(X>}Ywv#^RtgXjU;`O}@1UTGI5r?Z=!Nh$ z>x7|;s@U2jq@-lBC z=|M)d7zXRwc^G^gWQ``z*AfQ~+%v>=!)szhW3a{*xlWAf;Y!*Um*q6}VJas1#nErix~)`yqn z^9k@K(0V4u&+J0ye|v9NSP8lcs;q=*hlH$^U{{f~m7q7ek(H34Vb8b{jPunst%NKR zXe%L;QqxvK)`yo}2@~K=p!G~EA+rm8CD?nr`btREb=y+NK2}Xx3;L15z8KP0H@O;& z6UpV4gG7t#T@NM|>T8-y3a=(P$b@9CnQss1=7Ss4!YoBv)FX8&aTsbDHnG-bA zV$tEUB_bfpS5-5v3IHvw4YC;c8eqV4E(5H5m9+xs+nX@es6AYI4FtFwCed{-19jLL zD?+19-i4ulmT%xnmcWU??3{{}41$^*1pdiUG*)hILpytc8Ccrpf97<18PNCSmC{Xj z5nIkZ+>bFrl9&4|V|Z>-1sUUd?tC~S6Q%!{J=6F|HE?p@Kvk9)DyC$pHw^f;P%Y8l zS~v<4BY(+Rw?FdmI_|lne!}d;N<^t&b&9WM?95e^EzKnEg(=kgVIFJeIJWR{j|kC4 zA63x`dIS0Bi&cgHVJKsVy!!m-mzE@NVL4m^S?{E6ci>LZ7w+ll@{oeO6qs~G(j78H zP82WJ>l?MFo1Og{_>k}KG+Ui9_sz|2-Rkg`dwUQyWy?IL(e~1}EHk(>NXt>%-JIe@ z{k=}Bw!hZg-e^3A6~$znO{hqd!!o-mK2smk(5^Zx>k3cR3r$~UOM5M4V4J#ZT*`50 zo6h;rSl1~}XSu-asCN_(tc|uTrsG$q=;~6_hZ%Q>uVsj)*R7y+W2@A`7px!XHYr&H zSXmxV`o?}1dAdm+CKj;L1qsS_{K)n>$tSSvcP}#H z#_S8XKh>v0L*KBRqp2Pi(>y(9ACU#b#Z-=(Xs)%*lwlf0Q=J>8Ia$m;R11iUscV7j zM|K<8bH}ldR5E=TLp86&r}`aSdaw!%W3+Zt%kykw3mLCAV9jGO2~!P?2xolO#Y5&x zcQ;*}=&pGua@Vj8lhgAgg4$2f*?yAw$Y_T;(P@yywk*VzAt-+fvg}%LDwV^9v`H$q zprIxv^wv6=;2ZnW(?8YeS#_Q-WO4GsbNk0B-IcF(#$cbnJRi<1+nN0^jT@m1Lq0lcA5ON{s2OGtmozZN-V3j93bS%N(dIvFF!!kg_PaCP?mYpC2qc zn@M0*t;?kn<@n-6VfoFwue?mJ3 z>OqDD;nfW0e<<|$?ok-V7#;bCM_Bebly7-rIRLe++9WdwFm_PsFhN9BwU2AeLX{_c zk3X3By`}7VdcN>uJ|sWTsDD@bpyM7B22dMl0|q(NR?&ba>K>u>jz1W=ebV_sC|{Y~ z?S?_@dpNqTZrRZiR?}n=a$z#zR%d^!_Fm^nt6p1g zoA1E5Xtga)5({K!uWzrn>a})rd*?~3)~=hNTlLM_d-ZklZ0$*{W$B!?_|nsQ>zUp} zn-I5~V?r!z`RX&03Dlet2}$~(wq~1>+FJIM)YdLJCAGClQ({`UGZ(kEMD8MUdD~Wz zw$Lm~@zU$;!=BbpSK3ER^nJwF8NYy`#t&H;O3S%ZJ*bfC2auDo6H+D0THfvY^zSSs zE06j#SqYn>SebSJ`D7?T4M^*r>-P(nJ{GW}!A)!ORB_X|R6g8W&erMOoaC@0H@G2X zo&Okz1L-_IkK!bZ;4&!D1CO!Wl~gZ-1Y+jKEX}2F%kx6}voql2+a+!h$af)bJt7#S zNV#pQX(MwUoV9H9;G0%@tt8-VQ zR1hYFTINCK(-X)iK`;8SRn?D$W+d-!kK7o0&0sqWYF`_|zNM=^LHg?2^007dHlH&2 zg5x@sh14XUc@L14r%oaPv*WCwEX~5MI((?wg|U;qR4mWs#8p=O(yV)+w)gzNL#+-R zV{2=vidG;mT1hSNYTZn)>g!e1S)y0L|H~QcVwqbX4{-vOF1xUj!X9Y_c7F7!aXmGz zTRj?OdKMQKHPU~6Wl7TcwQ13psH&e$T*jh~h@wz<9-BqZWi-XU8zUD~Cg4pet(r}Z zm`7V~bj)skVtVCHIKb7e;$~tB`DBGMm#amn8^fP<9mD)9J>G;DZRRHI=evvigla(7 zL7I=2Cc=Mg9+Y-Wt&Y^vdJt~J6W04Z+a(J>Gsy>q?9)M}#c0L_H3iwj#E$Hgjr-a+ z?TO@EwqY2va0v*BQ0~9A(%6$&z`l+R*NKTRF2hDIpTJz}$n`t1Rnh8VmmNiAIjo~ktX9?Y<=Dv_y3t``XXK81jLBI% zO&g8;APG4a!yZpgHlMO+ZWf)%3-puAqUaj6Hl$vm$=&Km;@QKA>-Xb) zq8kqRDAS~zUK`BBsrFs$nx{4A)P4LF?Nq_B*>9MU@#CrGs4>PLwx%O5qfhsTOR6yH zl-}4L@d>t@&9*U2RD{?DU?@Y9AYmHO>nopf{3SJ_PdWao9FMNas5blRQPnErPQ_55 zB;`s`x`blo#>m9*#`G&=|GZ`^q?9^9L<1h#z_@lGgmRI(OMk4WiUw6?U^!(mA zD2wzKfaV5ELWBeNppOZFGHOQtp&x+zDxp*PYyhEhv3r6&vg;!# zTWht>{*z8;r!C2(?b@Tw`Z|F}Ypl7< zPt!wL^_a`}35XSC!&{u7*v6JCab>1RxCGOu;S{ZodgBi{Kc$rn&2Q8y`Z3kmQxb}V zLw-*uXN=qk3va@#%mLRyNe!pk+QezSky$m)VlUs`ZJ!i&h<&LOquS6_kzkc{dV~kf zH))lbQ-eX~C1+ff4T$hFHYYg}719gAr<7=LKceQuh%klY+}xp3vR7Oau`)ud=20`~ zpWEqlm%BBaHgQh54cJU-Dt`gV2pCxdRIezm=y^7YCUl@z;~t=iu`{GJsjW??iNsSW zVP0Rc5JvV;`3Mk3C5>%H zzUub|{SCiw#8IEo$8ps*OdCn0XK^@+x_Co*W7#094&i)9dCe3X^6GU)VqKl6N_E6J zmSsBV_Xhnk-Sx|y1=;MH z_za+Q+D+2Xs|&fo8YO!<@J!`?2H-}0S`E16TrfLysYEIVf0@ab0Gk}peA=nEX5xY< z93?oC7{HoMdkPRhq}-J-nQTPM1&)ht!A2A9C{;(M3^lZskCJ4Vp6tuij_ol8-BQxR z#L7XA^lSUrA5wILoSatufj7)|>ZdmRHtvGtc6M4#A~qY_kI`1+ajVv8G`CT61HHGk zi8dOW^|q6LBockOKzEQM{i>AekhZqTtEhquXSqs>x~u)iIVO2M6bw?A=Pl=pJ2E& zfseH@PlnGG2KrWY6N7YZNZ>D?8*jS zG9+ON=J!BaM|*nIxMo{4d>DlDga#uie1dVkD0@)12Q$No#fY{89is61TyNJ`yB$go>EYn)~$|c9Nae-$`lulVsV{F{v zF?XPIU40Mx-VS?ZE$kQIQ~kYS_&(35(vadW1nHE%Z@a6H1RMo>jFg`wLJH?XO^`t3t&txpQj#s*)W| zeoT}0z*BgvqLQZIx6CTNqF#7Zf85x<*l1Uq8||v|+;PSiy)atztM}gUzqq~ehX48M zy`{r=bg)=KmAlSc&fTKFG+tr1*Xjt<{w$K=9HhBmDkbX-31cZyCs(KwUwe0i9JF{<$8o2kiC^0`5f z%u;VkYAqc(>lE|4Wjd~}RM8!CB6ue0=?Lo(QT{Q!c#%B@iSzWVW%iU{S=@JJrjbNz zbC}rAwdiIQ21WrkYRZ&j`7A=M`SN1qXB6^kii+`e?cLgbbB7$E+c|ZNaiPFdhchtT z*sATOI7lL6D^<2UWfM)@=nyCDjeYyHZPk;u=}BAkg#FP#YTZrTbw8>WY)HW&WW$f* zq)rA5D~-|azJqr zpSb;Z-N*+=PDgLxs57us$kS`e#bZ@qNmEJIsJ!qjG)y&7ei@*AAd|tOd};&JTj&F0 zYP^_Si)N<^lO4PGQqHXtLzG!h{!Zt6&$+KEHBqq5B%bpZ0g=H(&Z?$lbH{mtfDZF9d> z-`Q-e)jG{7GhzRR&xd(*%{iKLwd9F%5N3WYw%fh1?@4d&vp?Q;L{Du zna@4<4JHL$hG&`}>_FAp|OfGITHtRWz z;Sv_*u;UV=L&ZF9;T0PJX2wOjabS;Z_Ycym33PXgi)0IK^y;wf(&eII zO%}{-)LEhyxeS?{r7c)-*^msVImt3>@3|*{tyBv$miGZR{)JC_0I^VoQf}0fb9DjxI#Leg`#j#gu8_0qJf*-)&53)8K;IBeq_iBLMuQL z%>fP)6oeiw`<|Zbk;Q-WX4pfUet?mC5T0OQn2hgO`|Z%f4KLGgQhTN!7JTm=d|u7r zmBYtLy*-Xx(k-9E4402omA@f>kEsh-!+CkK71*Wx_sr zP0^Gc(%Tbx?C1qLjPMXSU-i9JBe!IP5Aj($iTvOYih>Y8MxBBP5BqKxcko$Kb>?r& z(ptRO7gM-@6o$tLDwGS@R2)dnb6m5-A(eKCXka#9QC&Ac2N=1dBpkSj-*x-_bL8O! zM*}~=9#auQD!03%C?d=FD2$W99bgnj2{L<(j1$cqsR86ePggzhTn zUKzcf52Z`fPIjWON6V^P=II!7tJjb>TlZt?a+y`U;T0yrPO>~+lpao`LM;3Imv5I;1mI@-)2f8xO~J>zHCIZ z6&Sntn;N|w;X!x;8dYX&@`2ku9u48_VFp{I7ip77+2cz81R8aRs5I=Qt;uhqYbsKx zBDdlCeJUKg;qYACEcJw`U->TGO9rSUgSWt=#Lys4aGh$?ix&+8FT_-3q^0w?8(k7I zN`efaUCA@C-;J=F;78D=+1m^c$*<&mpLafJ6vAeBNLuhyo65yF=~ig7N}skXpK*p@ zK%&H-4kFztvf$ue4|fy)1V4>&RJFZ$9EBrhlD^@MMa9J_Uc9{lmoW07LB+~wBgMFx zov+s)O~bFXGXr|0-~CQ=f9*+q?VYiMCSduv)qJ`mwN>?C!ei~Qmu&jMaV_xHfWw%{ zC|x6b3g1iJ>Wdc&Qe*WI^sdB*{u$gq!JX~%j$AN2j;m{Z)x8Q+`jSpVVheCo$qBW6|&Pw><)wMO*IB=QGaZk*ug z9ei&8PHDpWqcguFjvm1E8QogjDsb3_GVy!XM)^*%Yft=EYNve9*YCuS#p;JvqoL;} zIOU$~&uuN)Jom91JRLUs9=isaGUHjzb!ZbNL2JbMO)}DEahueHeq}e%*gvlq&hYudWzst+Z`oH(?KfFJ;a{sjl_wPS^b>+1ObL7eLgE_Q(;he_pYy(m1C`J`a%DyvjMNpg$z(`?$Cpc$! z!S0vME*R1ScZlMnaMbt6=YGI1&hVK#820h14M5d`H`8*dlEsc!Rc6(o4_S-U+QDDr zq|4rUZsKY$$s_jmG>ne5x5fF@n|>*zW*=Z zf9=!#|7HBlzfw8ygUW#$9~BBTLJX3jE-qaZxD_oSn|XD)Fpsv}Gt}`1I2_R;pAeH1 z3pW__L-!vpFBiDy_8Do~93_o_2Jghx;!0u5J!>(D#l=NitIEnUT3Ra1qc6KYxT&D^ zN05AqoZnF)?qfVe_m>N!Ao2TX7dh{DM^PV@VpIxIn*6zRikw>)M@cf=@6tm4m5nd1dwW<=5|3XyTfRJM=3jD;0X-R5`+KKRJ4znz!yPFFR=OjRLq1finTY z%nuF$IoUEIuq>5I2oUA1R+c%n3fvx8ykMjqLp_D!MM|16+S@B2sb&@QnqK)pCuREP z%umotfmy{OiL~tZ z1y1RM>VQr_7vRJivuRu5*X?U=MJHes2!d5}G_=5#LPb_kh6-T;#8nxw9~(L2vbp5OSheG2v!AJKXqhvFDzJ?XLqAAL z+6>$-AS4L^RJ=%uH!iT-M1728fB`0~;zsAw$G2SQ`5(5_`}BwZ10z=H@>0?LYe2xw*OTJgjZi=H~w9kN(U5zx!Qtb91Qsq_s6S_x0OzbKm&$b94V} zZf@=y|NGqBXnAh#|9F3HZuOgUbAM|1l9M^7?Oo`{cL(%FgKb{^0S?{^?)*f$#qZf1~|ZlmGMgp1pJYH~;pZJpHf6yLbM1 z^6j7d?eBG*AO8OMcRoM(rGNUT+q+Tezx~FKee>78HU8YM|K;8<{8aZ3=KkQDfACx1 z{I$>Ze)#WwNADY3-}RH#x7{UElkezxA2jAN~v9y8Z8c_vem(^Vw(r z@H>CM+xwOFxBlem!|(f@fAVks#^3&-zw`UQ`;UI%->4}STN{p$_Y{^;C~{;z-d-*%{p2eb|IJac`1g|+y*K^pum1E;eB&p+@!7xj@BFo&`_^xL>!1F5cl-mt z@r}R#t$*WN|M>NP?frlF?Qj3$_x;q5{ML{ClYabP{_IcwxxMj!@jL(efAW`p@*B6D z%G-~B?)Crq*Lwf)Kl_E=$$#);f2r{Oj|Urn{dfPwPyg=shCdU%fB$EH`7a!QfAHB~ z{H4ZE{qnzH@4MrgNZQ9KA{yI?3N~O3AgBqUgFzGp6r?IDAR=j-5J|Ezn-CCbcBLqA zqN1RlSP%<{*bs>#U_tZ%6_lo^C`P~rDx$y7?j|9ickjLL_btCaZa;UDot=5+nP=uH z^UO0dZ<4QbZ#(8ehFyRQL*OIPN^Y&G3*P-aQ_A8GVICzD&OGwCZ~1UOxO5@+7goz zBteopSt~kT*i!B{jSBk+ZFevm%_iXd@$-7d1)Y455;=4J?-iHg4B|9un8%-aPf~4H z=ZTN*BOl)P_Ls^}j(L8s&pD^>Q%iGAT}2wVJjJl?@e{j}#vwu#_!!aSA*-aa4mT^# z@>%;X%GaqzL6$2_wwLSe-g5oms71+Bt5=$Oxw|F}hRUVZlC3q&;~ye&U+;TV@xU|b zyVlwe4x#sr_3fVXrFy%!)a;t=;x5mTy??0!FT<@ovA(`^h63Cj)-(M1Y72G*} z{fxrM0<)D_ZZAug8kUg1#9w@C{`lnK`;}(lGYaaCN8RXp9FtfUXB@Y;;qxML=E^6_ zg3b%-wpn#aoDC;y5R!*4U%oOeD~nWaGCs_vp!YcQx}IMuyehPSC+Z%yxJs+?P)Vu4 zs7vC^csh-;mEpn4X2ngqedm*9^VqXR^9&|xoDzS?>8>dgIh0iPoO1v|raOAJeiVp?l)xiMw?pJm!*^!#bZVOf28Cq>7-IJ+hkK@k!K3*Mk=J}Ln&CD;|4j=6|ty%bJ!b(O80?e8G zWmtZ~vk{aI4X?q1ymG^qpCw`0p!?>k>q zjjDE}{rZTQcTU~BXUF}6RWF^9>3rA<<S5Mlk z2knyHR=5#LMkKt&+1M=0umEv|dyEPvTrp<$?6%a*|14Qc>Cg@CQGst%nszUx)Hcl7 zuX6(7!+LYIl+&m?(Jbzf`?0cV9HhYPS)uqvvF*SL{ z$Jv+G%*sAhcq-JTV5K_w`NMel_!b+7?_>e#i?)$Lg$nst^{e|TR~`i`Eb zX;38{o9m2kGZE>BZjDk4A9qhHau%t|u5(alto_6E&p2`P`n_$2U$tBQ;Nu|cfM2F1QCpC?2h4(XNNc?DD_1rVZ zuUNCxx3{XDAi6u{$+#rq*+-lf^BV12w(nRkgWA8Lxnm);{WqKRNW~WU-f33s<7G zD)ih$QPG1jN#8?DdjoTDhq(v=J;vrbw`CnFj`W6mfU?cmZyIVs=EoLZz0Gc$qo-T& zm|5XE|Ca6@>%fn+eS+r}p|`htn%^$EMu?c7Y)6cV_rGP zE9-4n-J_A;_V0*ZeIVxqJlv(tQPtfrw=3sTtAFEcYMDLz1mAjO{nPfQ(i3;5zlu`F zEhE)ET|8yKyHurQo22k+(xE)&+4-@~9FVyqfRS zJP5H~x2>f6?T7uE!wzqzkD70ogJ9xc<+pGDvlQgtsVy| z1$Xtvx2km*w3B=^+sk{`CJY;V>C4$;7gZ;JN)6jv%!>A^d>2D4$T!weal1YxQLX8E zwfBgz3t!Wk^pgpQs0K269rEM0tLXn0=FcY>NOm>{H(e5y+#A7aJYcInsp7ZA-m|xp zEb@!X!pE&H`DD`hyrw!vclxh3atamE@bJidNis zp7M-PGFw$Tfjxd4WoOBPSq1T%aCHtFX1eQL?rgmCzVgxQODn3r1X@1czWm0vw>NUf z<+r#BLc7*fN1u0y{#|`d;Sz>U>Dn$*%Fy{|DssIS*{7Or5;ZrSO1WaWvGL$+~iHG<4eBlN!yA{yLx}wQ!zHzdF5|O zg13NW54m>2=v(%m?nvg$Jsfi&bR+Ym#cxGRI0c5&Chi-yZ!&er$Q3(}e7ky())bZ3 zvH1q$@PZ9^(%i`G+`>J*4z*{7JYNuZyP-P&AvZAU@U^AqhL3Zn^TNRNBQdI9Qy%R} z{>X3?r_`1|y4?_Y{fa(5btf~|Ic#yyxQ&+!rs`Ydd#m}rUJ*U)Q+Ksh@2-QifbxBe z6_MGY(J9Zq?|BrEX8C$WbWY2D&!TrbpIpNg1(=*kwOVg9_K#n(x8lE4UM<;m@x&^@5e}j*{Bn+|zHt+qhEhKCFAY+Q-@ZK3};0sody!<$SxW<%}vH ziB`nuNA4S!S@yuqBSfaXxh?vW4!z5Wqq)V`?X7hbHw{_#S?^PMtmbQf^3`z9%H>Vf zbxqY;J+rrXXyg3xq;&zj(Y3*<)vx`#MvK4Kn(T}})!ufxdoQCZcJQTT34zOdw-)YK zpS7gCsyeRQUU>bACO&neTH1|a{xyO7SY_q08X`i^?v_?g!@1t_hhZmuE~Ly^zDTN{ zlNEh4Y0ruBHvcaw>$jin*6vP>8s$7yU4xL^`g>zjb^6^p&0`(G?cU_ImzO_ZV4HdI z%)}l&*Oq|$K@-bo=qwl#;GTN9D8?@CftXb z>}R`6Y<*kjXl{#oOzS44mQ(yX9tcl-86o~&Eb$N8HZdr(_ObWZ=T&Qw!aI?|JC?mK zUl*lvtbBRuar<52w{~sD6-}ado2K6FeE06ialdaGtw$Y~Z%*Md_c_4xXO~fH@Tu$6 z(r)AvE*}q_Z_0}C%xIh_94|P&f5P;x2XNjQM#ZhC+pODP8OM$jO^-N6?+9GccD#GS zR#~yL&*0N)UPouo(eGAi9Xaln_6PCqr;m-$ z)*vLaUYdNAvY0WdH7))-L=xlaJB3T7SB&fz=kK)Juimzr`J7|fGec|dq(Ufp{-Ic- zGbMS&vrVVGeW>c*=EJ+*aM!*1Lu<~Og&+Mb4LoV#Z0OSAOP^`Y-+lJGbeyiBLUX#d zjj@V1dN&;BkGHSjJ$~;~(m28++v(zrdgdm^aZL{n*1v7P zOntJ{;n9;IhNcE#bnLHAR~t2+srfy6R_Ql=T=DF%+bL1&gQ6a;;Z6;8YF@l`0;}L0 zpCQe3nYd9c&8n!y^v#Wcl*^j6B>uGWi?!v`bxtlnBJx|T&p!Nx-mC?DxR|y%wzw$& z1dMZWRCV7FkiXnpWu?Z3#+_emn}hYqMKSKu%)=4GNw1rhd~EZJZPGLaDNvYu(w2sN zR|6kO%8{_IcOSpsR5aAiil3d>zP6<;(Dnh{A>l@T!_c)8hUm6;Ycv*|T{5KiSWwoJ zX%si#y$<X#{aRofKQkr$cv!g7VlQTDCV^%o8K*_W?QV5dyhFJvXx zj?K+t6E7aGRXaC%9jT(|VZ+@?ZS6t&g)H_;r_#ocJEDhOn8D9pKO*u@)r?D4@kXAW zs_yB_QfhC%!cDrx;Hw1NNTISo{X^0eOEHd$QS9MQM4bb5) zX`WtmA*kTY>s3U~u1)4Eq~hb>LJ!R0XQ$pt@uhXo(27?}v&!&WdG73paNXQUiABy; z(nOOFvnLb=C$lC=O;5hBDb_eK%%3^E^IVc3PmdM3&1$j+flaPH`rKR13%7y^h}O`% zr@z}*acZiRdT;Q#T3uZ=qNkgxdwSBv0(DIdLf%x-_jaFykgs&5OXh9LL2*XpnxUQH z5{n-Hl*?1YPUFo@C~m&5OuD6;e|Njk5v4geXJ;Ely3%E(t7w+4%Dm{)=fSaGlGckOmXy}S>tjm7NtG&if_nqEt*Dg zs}3RQ9Hj}>E!ESeQNyATs3#VJClbcIiwq-my1el#IFEqM9GjaJ;eY1n{iL#?;NB8% z&B8TKm4ml<99w<?e1D@Lu*E%Z#zSl#<> zTzloh<|DD-$|p~{Gsdt@aQ;E_RQc|BvZbuYt_=blCVzIYuvhfY5t3)(vHf~_N7^RV{;APlif=r#-ASI|5WvK zmU>>#*t(@`YhAVWp~BCTb92edGDa7AC$I65q)79h@tb!z`ib}5cH_{cHZEcJeZ-#^ z?OW<-HPYqx3$k*Z}&B{(jeSCcfISH zo#_fyeUBWv_jR5xBlkDLuNs(GC zH%~J5kUSdv^+npllS4j|3tg?&msV-l$Easfr`L}5_bPwkdSn{Kjkz@EicT(Y@A<>0 z(Xdp{7|LdZNx~nv)49u5TKeupyhWfI@u4Ut-~|>TZ$Udn?H%w|8j1Bx<6^MU4tGpd`{A!tvdxJ`|?0_y$JMm+p+)2r~wH)o042hVfB&7rKVIC{N( zk>OYk!p$s0x0Qn{My}>=E^OcgBDg<3yLCbA{W#M(IfplX&Wjv7)J4_Z;$~-rB*ECHGM-5y`Xbddi}GPpDp0dY<^zO9Uso7{QZP!~BnsRxsXJW%46blz(&AbQBlSIP72dxfK0#l#eak#GU zg#R6B!i8$BmsR6n{ltd-u0=*=CciulKQ@_(^G|U@3LaE@V8?99+dC%P{*c;+PmSKQ z>hI>bErUFiN@^tGp}8Kv+I&Zz$}thhFTgUX-}fYC81va zFOzm}v$E-42Ix268kdu?14x;PHla((*4VFAI5YXnu&|Ys`vnoF8NaHfF@7IU{WhJa zK1{gftgAtOK%D6c)#|stXtU?eR^yD~Ke=AgYecHrp&k5t2FwXNaCm#*_&p~m8yh6pbO1{VnGDM1Hrcf8V*?n-nm z$(!6WhN;s%y)#_;%^Bg^6U#l{jO*N*X1n(4Z@0NFFpQdaW>fdrpy^obH*Fo;~W&~P>)wAPvy>#jT55#rhWDQWSd zVGTyr71AM;^D4W-Itv@3W`%9XA2gx3O&y{AMfa=ewaad`xUkCszr`9&U~N{nR15m* zWw2C|Qn6T)A{Fp7=c})ndDSkAarU_7P^0{`UoW+)XlhLOGy6HaTK zNOs({|M7#g$=XPBwDQ&C)YXEbxhcE5Bq@kWsW`s;F68k`(#U%4;~ z83N3iE%Z%I&bwnZ_~AV@bv>ns!h0?tMotP_c}Vn z$3xDKd_5%p*_PUry|HxlpeSOQKJC1TR=QdmBmK#C-@uO1*H-MKx9)E`SiT`; zg6`qW%hdQG=N(GalNxknD!F>G_rrBf+HGH$1Ttgp>)CldWA~UaJxcw(E;Nnm-k!9q zV|&9<*ASe43fpPpyDz%K8k}a1^DY?aZgG8-X3|LETl3~~q28p|TTso-RtwYY3_lRx zvDGN!O>gO1sj17<4RsSX*vE8E>zqVCZ?bq4Vtlkm>kJB9vUhwKbGhfy@^)W_U%{?R zU4zK64;+m$Pkj1BM64uD4Z_XK2RAPqrBXb~|LHM9H?M?-qc=`1OsQu(9vg#OEH0k5 z;P#{1sBJat)zTPEb?p+7WRv4K=3b-IbK0v)zeJ?Cz5X;~`)$=A$yZ0CvWgRTrzAGy zxH`PlS!cEJY+FvOv3k&KR&MxcenN3qOAE)BLgS}@*!bv^UluaB zd~0W?%#PKxx6y3Acm0HM*nT`IBV+!BJ1(mFHY`u6sY{!Ss(bpivurnw797QD$xzGJ z?Izt7TN`q2RJNIjJ4Rd{88UPUUUU@7y?3-_bru_eIiBz#qHVak_aH+4pq6K~Mcbr= z^<$0|IgGy*w5eetV$LCRisWW*wZpMSU1s52R!sMa+M;cj{onWzGS<}<#_|Ib?Plb( zEY;m^;E5nm=6DdwY4ID~Zazhl<15xxA*Rl+N}sd!k#y-XOKV&DiHR#$Hfk06p^#rZ z4V%G-CAdgqX3UkW;$K!Bnx8xrmfpP-XclR2MxyMopY<_^-aUOWg!8XjGXFfcuqh)h z)<`SYGV$331dSaH;{1({wojO+7dNM0r8PMq*0-$&fj#|U=EXDX%!kaHoLg~aXxFKv z89Jfb?h_we%UN@z@crOsNi6u_($V5A4LPpEasE}p>6O-wH{RdVqFgNS3L0PNm)x3i zclEjn(2#(VCrs~)Q)F|H>VTy$8wP#F4Y_E1H;%#*rG1=#&??jD@Y4jtCk>L@YH1TJ zKaJkXO>8)gg56htdQkg_70(Njh)E5{Z{!;dbw9=>Oswjtw$i=#yIs|ZvAJ1pbuE&+ zv8yEbp51S+Z1fB37+n~ce3bZ#)Xp~4A9O7`_)@Tx{X7qu6aE%!{1x@2u)9@j(>{#rvd-VG2CMB_-ctEFXU&=g zv~GgdUbQr z8eJ2WUirPI_pxM5ocr^ujqw3uY3AXr<8PZ+4xXpq@Zmy)_rc>Jsa3s@ohJAu*OMk~dpVti&dr%=UW z%^TExJ8v7YG6dih{X*zwX6523d4>_1onF9)spnfHhYb>fbqb;6`M<>)ohj*j^?XqU zX>i-y-E>>a*|QE?`)#k&U|VEAzhvGMNtv&EtGBWGgZ)F%$z#{s1GAD%C|hThIQqQ` z6Mxssy*TpuNQ+O51s4MgFW=tq%0y?oS3=An?V5x2VfDot^|~@g(mTS+lPd-df0$iA zuVi-JO4ALE`(4u=7X&|CVQH`FzxZg%jH-oSQm@jceYiaZpPHnWb|ZiI#}nbxJwH$E zWa!>98h_fI@cD6<;NgkdqTA0zkH&3$m3BL7yfjfX{qu#w7tfu8mZtzAE!Uwsb^N#+;fWTA073&xuFjO9}@ZXJ=7 z-fyctoY$kn7UKNzcj*Uw8uzXFB5Hm>PII`GK$>g@6}#m1>?%8Z49bp(FQ9itG~Xbn zUD0R_EooT)C@<)lh6!cspb{%6J=#!Y?EN&n1escSdy ziPEq;mvs0cdF|Uq;j^ULZbycNk3=g%)hS3l^T>)PmFKf{hb<U;I4ubg&z`YBg>ljhb#`Ng|qiJCn+ZT9d+r~Q#1qntJh97a0n+#Ga=vh}j-`k=#_ ztH0y<-Wl%tEM_p|_Kqd|pd+#qj#)+e`0VX75#{^*jFNGkDwV8pr<}u(!Bctc3(y{{ zW>a(V-4n`ps$tB7MeTdEdu&{L3DQ7vX+=}w+i}gg!laQ?o)Fte6{~JO|Nfw2w$q!Y;>Dd$bYryXwBl2fv!|C$zUFeg35Dr=xlH zlY;?H-TmZZ?#!|TIL- zX-?do(L^I275|#{YRAjr{({ff)*eouQ=I@U+N+y5`jnoqJ7!|jY=OJ9XNtw1S3UvB zL1u669%;09u!ZCI5Cx=$~wzGb^Pe#U%y)0pI&UZJ_p zQymvvw0lhWY}`!BcDNFM5Lf>+J7%_Lb?~U}U(c6bA-(%b{!++FfBb5EtIC2gt;v97 z{3qM;^4|KTw--*LHR&W1d?Z?X0Numw7t?B4v2%<`N_PF#F~9;1G>*<`@TtJUf%y`(lK*!tGM|n+q$>sV0+3r`Y(GNasK!* zCl1xa$0mHA|EA(vE!1|Zv{xtm%YCan`^}dYer%k)G%SQ9Y8}&Jl3RQ=+&WkMY|6~e z*H+IVwjdr;Ey=!mELenVWQorKHUvg3_$2rVT zZ*Q&Ldq-L%xqAJ(RMb4(bdSNWDjL-ZQ`;Y1X0^ee3a_4OY%0~;;<{`aW$U1tx~8b% zwXNBA7}mG$J|28v_}c9??&_tpPu@+Z#IM=q1>HPP(5zI$IT~c>Mrs#s|Ir15p9 z)B4xP$HfT31Kj3@8Vi4oe4%zU{q4vD!)hJ6c4r!CL~rVuslM^boa=fCu9iL$t?bmw zZQ{b zF_Lqao>&-ja^CYvIk*`%WqJv&`HLi4TPce=o}NpquQ^W-8(9#QJaLbDi=-&2`^oU; zu%i)cnjFQ`@;9rI+B(wHjnAvJx+aV)Sre;%%%PF{;cjK*)j75nXL@@cX69Msf1i&} zJn{P+LuZT7w_s4({cX_NA-h zR>d@fl7!lpdN;b{d3KNSjKI{#r=ssH9U*RVN#ClL=BggjL8|ne_4${w$PlS0;4UlS zk@UgfX5Qwe=6X(h_m0{%oy481MD8F%`0SCT-~BhoGJQ`^UmkjGNj_uK1k1(U4i$FS z6X>yHBqKGMi}oH)=csnGy)VMiJ8$js(>}X9C~LF{WvkVe(p@6Yo1S;}gJn&s3rh9w z4sy+QIP(ZMYe@a;_ED;%_SCgBdtc1|oie8K#qoU6T0+B@m+6W0QN=xFIu1R8PusoE z?5Sp*_1aTq(Ll)HF)df`<(6?Mqsm*;A4f}6$7`w$i_NZ?{e9w-A%}vVNHXk#@gMa^ z2)nHth7G|dE>v~TiX)hco(t0UtxEfubp5+*=Fx+ek6c9c-7#7x?>H;xLp_RcWiIq0OQ2bZz^?8Tq{_A zJ2EFv(-8mNQ`J37m1ruub2s2y6!R-I@%4qBYv6B@Q>Cv0PBO~f!VS}n?S|p+jlotWUAE!2wRMu)zu)Dj&FmcC z8RKwr<&LbIPBYegX**Z6af@_flwG`sMZD>o8?CGYf|dKXltUrKMF^Ehh$&$h z_OA43?XM0@qHDs#^}VE3nhQds9z07`6RWna|IRs(({ZI%T`M{0P^?jk>YFI{_x|k% zuBV8pmxtQ@a-&pl*X0Aaf}nPiSH`e0?i~|eR;k{>2ONksN|_QL{U9@R&;2mM)*^K~ zb-N8WViNJ-EckmOXRy|YSc|Pu-%H=9=2} z@^vO}tFFeCU-GNtd}9M%!cPwKDVCK5BmLF|2W3C%SoZM)FVVql^j0VREWGEbC>Qg* znlAGeGs=Y8R}wYK;PkpRvzJmVJAulb**)WihS_GGn(*?$vSIi;UaIcS-;Na(=NxW( zCDp#YU+uw&Fs*{zf>F3YpU3A{S$7^N8S&!7rOzK8A6`)UR@>|_I{yFmx?SnIpbVb zjkVFPXRIUaOPd1(gUa3xHuiaZPdL>~clY44*Y#e%AFp{%H8A_+;Y&JSnVa{<+4D0O zHrR~PiCjP%wZwUhD>h8R5=DVk* zH}&!ZS*@w{D{LQ6S_@e|E_v%P{PCEzwz&<*9GLscV(zZ>RDEUKX)i+{n@P5`CRF31zYrW}YK`p?$!5B7hX zSz6i-*#Bj2ZTt8B@Bhlfz>Znq(b4l-hyahu1<3#(f`u#r2(RX#dy4rG%tnR+8Qnq+ zlS#5+VoGBRc~majln!x8vfnrW2*XZhBLjA(wx*Ui2Ac)KLNWk{P%W%&$hLGdkWQaz zZAYKUm}$l|qgm4}?W`!{U9ua z$%@mIxG2BlZ5FWQhYQpBA~Jxtk{yoB=CXg1-P~+oemmrK6?XlqEPpr`Mj*@1h7IS2 zBiUGg>+t{R^Vj*G3o_Uu?!O`c{xSbs{Gk6WZT{x}|Hkt#^1szUezy2i{M(`+x*S`|KaDa^FPd`ayb7X{r?01TiN{0|NoWezr+7OHy8df|6Bdd|Nr6VFYv!C zsc*(cazax6ZRbCmn_F1@aQ?IT-}e81<)QM~%j9$WFmoK0&sV&fo15C2n&B8Ac2*vm zhW0#q-kc9M9DEmf5CAF#KRE*I!6QxK>>O!J$67I z3Jv5^*&H%@ku8?!sDv>NkU3}O$$Tn(`9X$&O?PB~FanN?a4*l4DNq#X_W}2Vhesjv zi3&oo*uoGIP1%DZ|4U>*^iWVhR4PBfJM_OE(|IeU? zm6`S5_TPWyF)#oYa3C6$1305>4Y0XX76|aE0xB02f&v(4U;y}VKq?Fp03IX+0bvML z2na*iFm_fq6b1?eYzB6@^T5IcfX$+vXJM#dXP_Gx z08X-7YN=sVHit^%D02J(vSch}G00-WLII{b&=emLhvN&<1)vaV5DtTaUU{Gx)np(t z3TFTS{XvicZiM`|7nKY4uSgyN$n4W*h=j(ZF)FA93Q?`Zt3oOZCLwJ`L18w&ylJwsY-qqL-;ZE$ z03f8Y`4WOfN|2BLHELCp5;uDab%3kwQf@P{0F) zAZ*HpNDPP$lSD8mAhJYk21r6HfJp{?0Z8PFI2<;QMa0rjNXQUSph^amtHNsX=41AZ z(pAP(9zYccs1X3f{9!1V%BX?80bCI*1Zb!YBtl_eF&K*L^AS}H^Qnj_)4yHt&l@JB z!l5up!8}Ah#2_k+1rpK{tZ_uXfE`8^f<$>|ljN;6K-;SrxJbgE4P1G1(4G(qL?F^> z5s(NFqt_B}*r6bL+%O0tW}AQtuzA=e1#F0im~FC484L^nHz6Pt33xCtZ?3N^%9&ns zJ>38XNE5MGh=5@804|%yW`Hy$TKt(oBFjxgD~3r12zVmIBhsjF2vGqS2VixO0rXN{ zl+&@r39B(FnqeMZCH2QWzAFnJ{`U9#Z{}z;OT|Tgj7CS|%vv zu7saSouA8{zF{B}J2cE#MsJSzb5Zke7dHP+aU)~F{vrp%PhQi%Aa4G3f%BgiIf@ql zAa?$d;K5`@zY&f!QY1j;gia7o2!_ifv=<}<$=Id#A&{6SAJfPL3}8YW24W|`00ZL5 zBozij2EtSzAKe%*L@x0lAqs&8av<@KY-IWmK=_4#JV23#)GZrZXot$p8vsug2_ZaU zA@yq`Dqn=yA@1}LF?L-)23Wa8LI}O+U+H>(WDrheA^b^@UExoMxLhia0h0j=n*k6- z6f*jE0k9UJi-Z7?fd}vak!eA}z+(s@_<}M_IS~j{rig>i_`Ufc&o_k46awN9Ha!Fg zp~3)6r(;uiMg+pSbQB9V0|rbGLYm3Xzo&9IkQii4lWDmCNCa@H5rCMANf^xhW5fRp ztsUg(@{o4Y*gQ<-Ajn{q@FB(zoh=hk4yb%W`x*}6E<-CdrH61KM*kdgojCxEOrR;m zB4CD!_@yXFfXWeq0v@6(V0sA15OF{O0RT-|rT`wX07LPnKiF}9$aPc(A_@`NN0d1X zlo*jK;t1J%4oFnggBf}TeH9~|M8=`m`9O>x`RD)4{&LEoNnp4TMc^moQfLOmgunrS zOp}lSb2Bq@Tt8x>DSa3V!q{{Wm`kT4I_dw8a9=u%fhJNh&?KBJK~~jI^%){<5Csh} zv7Q!yR7M1LV>-fcG6;YSq$wc3?H(K4DBCmGFai`tB@8lz5nG8qu&Cl{Rg_~eFAff; zdLop7NUmTJCXV=27#2eUhAdV7ie3jo4FhGjz`|to1`(N|2S@PeAp(d8iC|QO zu!R5@Vt`}-;t>Fd$t0k6;R?ZEDxc4ZP`rr+Y$3)|=>0E0v1fncoTgomd$ceSsX$Q1N+fL*^!403GXE?WW>IuQ+bHA zqk+Ke{`AEGNCm!qK>7%8hQV0e2NZC^SRFvz2Qs$gVn7)$fR7j# z*ae|VP*8CIa3g}1(qycrm~o;aM=@>y6A=tD05PJ{D1Cj0a4LckMK0hK-zd|5;L(4^ zl}Ms-AR38_ULH$Y>@wHc)5Vm_Fu=Hh$0AaRa=$7OHM$@kk;xXoLZU##15A)v2oDm1 zQ>NhzlniTG>tG)_GYo7q0tzre^_hqd3eZ=?nqhN576>Djqe#|Zq`m*)w!)aqAPPf3 zq5y(~M0sEIYb@@^&ggUL4s4%-?f-Y^qIyZGOa7=U6ax=4VU$EGVi_Wt|QwbXO4WPmR6=1SCAi(CqLXgTp_#CMTt%4WE7C=07eIkr1U?VaWXMps$9Lf1? z4yZhP#O@gfsC_>E|I(2EGm1LPGW|eN)M{j~1^)pg5ghtsfZY-L6E_rk2OomMT={GU zv0xbtnb+WFoq)O?=R*R;b%$8*3k6gcUKsk)7p^+r+Z#&&Ff~gC@HDCbj}fV_jN%s% z7=&V@(B_Cq#ALHPseHLDjtxHruc7Nl<)C*#4j8L) z>kQLON{x}32mLcBIXo~HXRzr)#pH*|1vyTr+Zr*x5nz#cID{$y8S_L;CMbaMWB_k% zX688$AB7G~ncdC~0}-nx0umwm9N>$D$ZvtNqXxkO5b@A?SO^GU7bGG)hF!V&0~P89&l-E-W{AXd)qi=zlb0aNq5k=sap* zseeF{=|86gl4!~pK#+fBL>Zv-Mxso`z(gTLq=7^ZL}h>sB2xfyiD-pHNEiYNh{6ym z4^>05+X$5aAs7uLrHhPM2uXh&h#WS$?jRC|fIOkxs`|s>iOzm_*uprU6&ymNn#!t_ z`=ZDI141n&%pWr_*FPM5ecAtX-~oJ=D~;NJlmKgq==uY8EhCkK{Vx=VU?G|w0>MH> zGMWiZ8IXY+(YK%<0i!08`AiE_a~nHTGgC8?g%!YMSYzr@AxTlsz@M=@+d&W4;$i91*oe|mI2`~8i)um zfGPw~^$pMwiPr&Z_bA|vI;)22uHjibB{~1mHLSz51ulwOR5a$8J$Be$eR3~79h%{up z_W9Rf00wz58@;euX`y1;0Q`_n5JQ4cfXac;g$X5u07&o$7!E{TW}x;{$^+D|Vp@TY zYq{wwga9xcq>F^IMb!ZVPL_arOB8SY4Qja;8DPj6N9nd!)Zq^?03HZ3Q0ieWL_{jF z1XMbRUHJJ|TrG5nM+f;rn1m1u5z8=%4`Kh14CGMR5RV8kiO2_ROe%d?fYj#$3fK@s zcKItAu*AG+9?o-peh?Tq4gfI|lGc+^=Z2m=MO7d|8q%6|$#COcf7NyO}X zL4=yKm;8mzWAuAbI8DeXaH@bF5=<2e1&Zp>6eb(tWqBGs1VpS-^hL;ll_wAVW+#}> zr++JDsbtJA-~+*k98}IOjNl_JM*fiHz5+KN)K5g0zmWkihzBYNU~Oe-f$P6ci#k0Z z2IvC`gfiEZ+&=VxsEm134wXj-1=vEJJfAWO@LycAR16YXVVKARg~)(m^H}mUk^usd zh~Oi;H(a(>DaVj3!`?>#g&{J7%8Ni|4{X^mNBu4+`CyrInoEs9r2@8hkzoqBAZ^z+Z4hqt~nxl{`m3aY@rTkcdI#W1S>GCaa*B%Hfa<1RyLFu<1gg z3=9(zppBBZN$!pPdE0!^HY}#{SfFglnh2PinPUGTwufwql>oIsO1~-)0@(Zm^X+q} zVW0^-4Uu-pA4F?FA|V!}EE_El4}e3svPflA=*^2zTxX5xSrnGSgUrB|Huw+>vuT_N z0JS}p)^B7+JdElTv?hRpUP=vza4E=eq1ae?QZQc?x+)+HLH!4TvdY*nECPc}eqt`m zv_6MT6Ho;aipezzEdi6P%x$KjsLBBBmg$k1 z21YJG7DEJJK|}@yfE!cp;U@G8IKo`Nvy_u&%ks-sC-Fr5&x+vj1X=GZRxadgeJGzJ zEoAdpGFXVEiuu<~&^1_$k)|O=ldKw^h{GWOJm`n2(B)Bp4P$;B7!(o!dI$u;*!qbA zR$r~4z!U&XSbPhlm*)EU5)?7Q05-b-fCcU@1mqJi6+hz4IyNlelHWPHr+ zTSCVIm>EAIKf-QK94ebDTdr0jzRxlz#bUgC4PF6}1~MT5C?CYAIZOiq8YJQ|$OwuRe$;}+0`3svm@bxus6Yb16b<3-le2PnD%uRW3PGyp zQ-vWYzyVmIyolg}x?0fn2y}S>bGtCuOeQE$L{AM2WrGzgiGuN=3PXPCFI2(<7SR-w z8u{9OANOODK?o^uVIvI>Q+6oAeJlGA4+MOcp)^x0o5(e=0y9`d!|=l6Q8Wew?%|1u zRfp*@PlzGkDnkSogH(o}fGq^Qd8i_T*=s;DV7Gw%6YByQo+3VjDg=Fn0;&*XMGOe4 zN3@v`X%Hf(&@e_Jj43o&`O}XM#=mB!BeGrqanLnmSOyLTg(L$EDI$zv#Rg$qe>BMo z%X2Y=Mz<_QKg&aslp5fPDdK*Sq&Q4FljVUM43Gd&nM_2$Mi2lY!~roQ7$#sdA^{r` zu!RwHgz|vg4TO1FAcPxWHVf_If70mcXK<4+Fz7llVs4TQkbhy2gATcWFJyUJiBukg zNaYFHM0v`;w;n`Q31PGrC882(ppZ&rf>fbM0REpUL~4?E4v{YaK`vjm9E#NME2Evv zj+Qr3_Ns&s>V^jZ4wVLSME_^p-jStI)Yu{=E10pK?A@XnXU^jp!f+J{9cwf3K42KK^8Z#hc0${8tYaE1B z`m-9*^$AQ5_04jAWUggO@p_7QRumrg1zix6lliX!`x%)25CE9X0O?c#EO#FBA%;Sq z3|O&2Q{?%7pko9i63Bwbc#4=WB~tc%AMnZNXYq5g49EnsuPOjgKGQ@X>|c-UP!f#l z=sXiJx3IKAg|`gnzMk+_j&%R&+#ORaR9UQ|EOZE)&C8~gnCu)dwe3H1|A{E|Mdbbf zNs8)%zXj>vg7m*6NPjA&*2)4o|3ENeF`hrjMJ)Nx#NwYxD~uWbJ(5ou*588f|0wuS ziS&Pydw_gd2UP4tSL{K@Ld($o<+y(;B%2O#`64tfS>_8vgB1Jibnm~C&Cm9KbB3l(IN!YF^LRT7+W|&L!}`B zGN;0z$yPg2@u3v-CTpr}uG2T@1^r@dP>%~TD^?go5Ko2$GMgqS=S5*7;P|L5#sle? z7mg`_xTsGTBNGP3WFWEt14O2(@(4G9a9W@DmcxO>F5#HFRPI4Rp|F_%7|!Rg>1;Hv z9F2X4<$@JK9`(}jSV}I6$S4`fWOVU?&{Y$v5TFV`MIgO$2OGnEf%Sc}O|%G?Dx`2kfK)n00_S-$$J0EK5L=96b3vE@h(TEt zHJV4Z7KU{g8yS;ANY)A&kugLR$f7&+Ft-^Ujg=5%z5{tgw#=i9V5FcK8bpu$Mk2>uC;05}A7B~m#sim<$gIH*@2WSA<6RhNDu^^f~fA^A{>%M@Lo#1lYh5SIX5 zsb}=d>k`gKxKX}~1uH-VB16FlGFpxRKzu~iBAVEZN5DKYh=i1b3yMPZ#vh_4pYr#K zH!M;Jb0A`d7>6AO@(?~lhK>NFGT7)FUjWg-zckJNtAWq*iinCzh*%{g1Es=f$~2rj zvk&tAGgld6k+7*8XOKgUP+r3W0Dk{+# z8L&aUFz6swN;Svf6d3<==ve<}u<6&KTu>-r(_v&3Kmud}U|@igrTsjVT@WFC|1dO;4hcXACiPL8D3=!oSPY)LtFfSMvzB zhz5apuuwo{%k&HiN^TCwV%U@-cH{%7Z-*I@pDcevL@Sj8BE!&C!~&H9-#w_TzD%e* z6_5cwD_AM8J(xpfMatki;3FgZHfG{~vXK%Gm;zBzL>U|6qW}_MX=7#v%tp66C@Nwi z655=roWxP64<(Zs2E#xBI{!ixIUC#Lp!og+cPh&DJ3&P`N*@`Ff2|Dz4K6CSWtJ9! zlt<`bh>hc@C_Iuo1QH2M;Ay4<@E38pRK&1V0;Y`4KMNS^SJ^z_U)<^`Z!u9JHx-*c z%}nk3Z#B2I_+j(pfc@HkZ=w8Q3#BtECzXRGWMRQFuK07wCKf;<5axj#MMnk8JIVk7 z$zu_Dpjggf#4t9MNR{v5VX`sLs;olKK4plY&1VHO6d~(a5&*0gf#`W*zAhdvPD=oW zDT9hmT!Fd1DA@^s(_CK{z|Ymi3jsi<3aK23Wg0?-6~KZO8#hc8#R-71led?bi_;S0 zX~2>Jg_RHqhS_VBicJGtJbYaMGr+~m8NmSg3d~>Z?fD1A0d%8`0Nr|uV$Fku$e=MX zmUFn7F#%A#m?JN8vKmjrE2zNjPbsCDyiyACh+x!PfcKa?&&2~j;A20jgO>-o%Xh{i z_~QFjfV3`{79j-TKdNTI+@%X#{=6DrghT_XK}dkY#mm+h3;;jc@c*CS_P;)g z=YR72U(SC*!yKumt6+%tr*-^;^Z%@DtOnlyVQp#o_xb<-l_wGh0QmpM-n+lIZ7T_& z`?LNEtlZt&sVUjctJQAKUdMJ*ePzhrYlXYnNRV({D~I0wSY8EBZZ^A$-^cPt-&Zo_!oLK508_;_GIyD{Bb7P*-WC z`5k43LsdOEDAC2sXo2@?v(3G!hq3@^*#t~Al`HJPo_o(p6c7$wgfwu_szHKxM>J~p z(00`q{J9MqW5u`k5tXXlEX*rHUt8|K7JsSIqY3uXQJ)$!UUZsPPYXE$h$=ec2BC6x z=T22xyJoryK+kFmzUkYA()-y2Fl%1t&ut!=M*sji)#EA`%n`y?-DjYNovmj-))cTL zapaH$$_ODX?Z?SI;$rXQ{fZE=Rad|wVp70EtLpE%MUx)Vn=G3u>UNe=cHrM964Ox3 zXIDl(t6KsC#zKOl8kS{l$DEF9*;R&zO@~*ykre7cpphh_B1=m_(D%G)8;!W-m<9of z%Ih~xV$(KfhXO%^aHKkQX3bgvw-=c7k{R($_M2rUunsZBiG?6dnN>i(ks^0qNdU5W zn~YWX-7&&4u2Op|(17yuBWkJtf4#l4$x`ya)nJJ3@w@YbvyS{MXZ0~#{@>nu{-PNF z|M}CM$N1lO@;rHBqPwC2n0&*9_tlt(oXTp}vafS4GrA)Ar_J$ce zfG#Q4b^>+UZS~P;wsnLvG-P4Ou2d)c$6DE^FRZVq9Mec&Q5a(puu?}2HRqi#U()-W zPI@(~K8Q=dV_NKJ-)L>a-323V$3CI;<%@^t5OqH2b8iJ>M_<1#02And76;52CFJ2E z5p-^0#8HsKSswuhtw&6vb@E3=S$kH?;BRkiKo{o>jf_KF>Z>|r+$o575}Dc291oqm zJ3D`KdT@5JyMJ_ed~vdScJ}ML)BRW9t$#`e#Frs7Y2vhaUS=Ushn-p!i&XJ#2+Lzg z9b;oG$FJI7Isum08D<(CAPrdawT-U97xcw5&IIcxN9Zc50S3@)lJr4;n zGx4F2U`Q~%I!raaJSi?_Yvrd$ZHK1HHC!sj2FLUG1bLp6Q{++gizvP=UwwZ}E(!m> z8HPN4%~IPne6>jONObwCeex!onbKsnk+bU7?NZ8Fy;ugZp_g2BnVj{~hT$cir!OHJ zUvp|qy@I=cl#wm+JTnQ%^H41Q2$APONQZ`3kKTL0Xg#A)Wdc-SlI6%mhDK)=0I)+{ z))sJw5;xdU6feA$Nzs8u&uHY6f_)zqR)t+Mw$ny+%S@qlxWd+sD_eD7u$2o}qIZiT zx2j#J+7>L4!kTrO7IJ|HN~>7((tRcksL-~~;q4TU_WmCnq!lC%!#jSre{gYlQebmn zDBf@l=b0CkWFkIp{oWB0%S3c=5O5`fz&rEfYkQ*v!pXbS^8ygdbT4A!1L;A3*0l9& zJM}7SIP)7;dZ0tJu4CpG$lGctQ3q`x^!2O5nA+8x$q<6O;=eQKN1g|$_%6l816t*p z#^8I7&|D|{nZ%aHW1QeAlK2xr7!Ao4n$RebL{!H)I6Se&lQ!2tCq0w>3O1Zz{R~tF zE4zoj&+XKgenSenYDg2`=N8V{!Rd#?y^6KdxZ|em-pfjT`Jy%-4rlgt8U^GtvJ1_% z8|zSG&%Ct(v)fVsF|*nJYL{PQ>Ry((GZb0+ZgBi~_;jBd0nXvDmMGNVydmRPmiNEfi z9v>dRNnL~?;(kCR@g)h+x`V(X2!?#h5Pbc*k=ib1Hs%ym6GCzpjlwD7M9C>SpqFF_ zUovXri1G{)foOy;InaY(IZd(Eq*I*?#`0|GSIl%a`sG zbV(;YaDExmkf=T7)kLAiACn$>(*63irAoC9KF21!j8@MX)jg0$r)A1{#xOg_sPz8f zWd$IRhqkPSohUnkIeAVL+u=#%qZd!%PdYh+s9mV-WsRvtWw>7VNh^!YYx>a1R{ltE zNQaaJ2*dURDGy{2s9u*P6PoT8}#?o-pgntDG37s*45yNrWp;K#?}Wq zrk2rOLd@cr_#3k^lkKi{K+gVCO#G6TsV&e5V`^`*KfZ%u^e z+}ni#j5&?u5Vik9c>kfcxLj+x-$lrz{_k&*dbF!~1raSjt>2|dh@9H%^JigWKGn|A zpx4ZJ22fiMw|x^La@$*$ZZxr+5}9zV?Zk1+SuCCupaCXH=ofASJeapl{{O8nqlNtXQNM;lnQ|xTc z9M)zMRHpZV6(2kKB$Zz?OOQNycK<{4fI?^0E>12?oac0(a>Ci2{S zjaaUmEyAo3oxvkbb1`cz**_f>L&XMVP+d{4;xg44`BL?Bc&yYvR8}eW*|Z0@F2_-@ z8^&XNoJ`R6)^d~32<=N_ds!?mfZc{zy%TKaviLN?tSd_`h-IhhVrZ_aScm5-_$o17 zTkzI!ZLjBN;y1g)UyyPg<>Eq=o7Srx`wT_qOf)p1xkfl~r)oj`I8`A%;-d5hmF8lm z2;h>t3zu{D5?8LAIc%e`hbY>OhU`|DJ6wAo5a&uSFjVW}nr1YbHSE-XaM2avXvr5^ z5ox{oygXO5e!Y}iY;w>u0(>U5>m;42NvpA5jWe6wnRqM*3T`Us*VJ4{^sjGY?qQ&= z>f`a?@py3W$AjvVwl&0Vc;Yt2=Pt-pMb=J39b^-dYh3&1t>1jjGFk z$1Y=I0p`dP7zMVL#o8an#$(H3)z4O_LK!`ZrDvxhQY*0o!)Q);`B;@%>MDJgGjpW5 zv|>kTjy%7hCVE+sxzW3gflmH+C1D<=2@GMy6S2TFlQ^? zCJIgH3i_u;olR4=2nzEF#;Q?QorG*Y?rQ2aK%T1Unc>_C$_yJ=5MM>U)C?09Jh>87 zD@ZOfou-aEkq%m|x8f2QtrL9rbuOVp5O!0M!weBj|K{H}IU%yz_bM@h@U{w(5gNKB zp>c-5=pa&+EWYctj5>2fnpDrCI)C}1Z3Vw%wq@>~%6Q@O&WRpYb4;izQFqpl7avt+ z#ku3jw^0x9;%zk?+I)-`W$H)l-xu~PS#}{lmi1j-9DT zJI0rbd?r4MM;BD6W~as+xvH+~FnEprNSMrQlNX|tjOEohU zJ?`a37ILb-;hD&)YoUy>bMQIy>d(-*b53+^u07v z$C#MBCArLHs_p_)T90jq`rYs;0GqW=hosLYYRV**(|oCfhZ`I9pLI(54ecJ60oY52 zzlof3z!m<%668Zjd2q}bFgZqjTf7f&_MJL?WKymOuu7m45m%4U~#)_5xPb+3P>c;PTjR`9T|MpStxTY_l$N;D+|B- zM5dcI2Z>|v0_TH9%|n<0)eO2uBEp}DuMH4ixw%cMbc&f!FrVIM;LRuTmbEv;S}JJS)Wie7gPo`P0Y!|1KWq+*2n2 zs5$Kf-6!>%`+;MQQP{vMEj2c7ar>^e@c7r*$04BH+!-?bedcD9?gF~WnKP;ZX2zYn z!6w~V&CdI{LEXV~L;jyP+^J^&bNT6n}*3|DDmFU!CnCXI)j;6{>B}ZuMB_8n1oJyTPn|VCGEe8G_wmKqJhj`{}-7 z*m#WPcoTgGx!N2){^biq0oLEq*RKHLceZ;X&4+6=c=3!xei7I*N1wl;H6gjL3vF~> zey7V3plL^6(0~oYjAs7DcBLEgf1CJmrXFw(|KED?;%R~ZZ*9ML)c@VdQ*rNMjlAsD zNAZ0wo##qfwqqx2c+WS>rtN?=vaF3StPTy9VKy^yTg^#VI{zzL|KifGzX6yl|CRE8 zyxiJ;l>hGJDHy;M*M8mVHWa_SIF@A}{$`hWA?0`dqPE`oPVs_fR>Z_t7|>b&9i48m z2^;Vi86S%7C4&Oo$P{GW!HR>Hp89T(F9#yJ` ze%k)=rFkJS9}#&1uM6b`35nuTi<3`1J=g*)Bt4{K&iyM&e)_o~|If#_tJwkO-Tyv) zR*e7p^4W_QkNp2Go&x``Op~FgUbFpN){ETEP`m1CqZ-0WTz3EXmiG|++3<=EE* zOMm><8P;M0YYeN2*01|mL%U(ft`Lm|EQtaqy_7JF+Tq&Si+ZRWbN-yYY{N_|S-l}= zlYF-YeA%Z0Z`7e6dyRyNsMu*_kda*c+ql5OD|2kQCz{e zagI1k;=<`~HdeoLBpcO^E+2v{41cjx8vmyh}1@8tPXk-*qY>aLm8>SVcv zLOKV`oa-V}IJZ%Jvz&j4gNk0t_dVsgXEp2J9QKx5|2sQ7MfvaLi=D^ye<#lp=YKQj zM`q5KJO7{M8mSf?=Y&J66eenboPGRXsP4apo}faxT{HYSnt}x@=k*E&m9M=SAyEKU zf2p=0uDbheJ_H&`!Y|#s1^cGS{FiH&H0{m6(5mZmIw35PS>@d8CIHp6lY^?_&LP$M z!=-{%ntQcrflJrxw|GDGsI9rD=cfCA7Er{4dz>m&(Cq#H>GsyklKtniNBgh4d77QY zo80u*#g^%0<^yM@$XTVbsNL|g7U-<~EpNUh?Kupo6E3ESuW7}#GMj0oHc!W|*gt@N zyoh1nnBX8JLT%87m_%+*b14h}J~gH8c*iMSO6M=5ZSw{WhgcC>Si7m7uyEDB=q3At zM7!{f{6dmr5nnZ=7_(r`?NZg1O?5-NMY0AY&L!<)2Ow}6@~)8Fgg+)h5)$rO0xA*B zd968BU5$2G8v9a{zrP%2*#Z1Tt#qkT60v}k%}w05RaPbyb@QldCg2)QGaS;0N+%PB zeN*3cT4(ugB?}2JQiAiczH_(cGW|=!Cp3Zv-f--b6T&GA&WO*Vz=dU2u^cmO*x+2e z5I^BmPWN;=<3dC6hO;Ej0aa|xlvxCvD*d4gjr%>_UD9mR^UnPnvy_l? zp>!fMYpNihCC7&mm3um3A>kr_0Z@)qoJIw68gpYT=AwqBy^SXyprw*#CHvx!CoD)c zuJ*16!HLxcu)w|^2DEw0GrdQG+a;9q)CTGpfC2Zb-_UB4qZLfgQYNY`=W>)hE5x)e zUTvFJ5{d;&xKBjBRQkH7qdn$1PF5*1P-tMWhir7}yiuNqx&s<@#kla+^FJ5fT$e2% zYXY2>)}?(Wp90EF#OA7s6Sde*v@(|~QJ4+6X;=-8wp}+_i=3wPkHGz7k=;h0os2h;Wt{6|6fOPw_ zUAv{%P2!9S2&LW4;h(c+dLCobtsSY=RxmkUm`B;&rDCP0tGU-?y%#ErWH7U;`ChD8 zLzP9bs6>x-qbd`bGpb55tQ28X8v zcz(Qlba=6U@cR9m!U}_cL}nIwg!$AsgP`^hhk_KdP6T9-jOsiaY=0;3&d%SQ9-RH} z+lvqH-o8INxY$2Dt?swofLXQYb#n6V^!(!Z{n6`#8NJML+G)>XVU5^m3fPwA-mU>%u>1BVccHNcidY4>u zCHNljiYtw|sh~Yy{$6-mS3H|HoWyTn?ix>7!EMtWu=HauYqNMBw{rW*VlK$2ObsEu zBx!!PYOys}Bo8h5oLwPhz*Q*jP_6O~83kVHZuQ$tL{gp(#s6^kx@D$QqatX|#uGIzJUJ>-$R9cCp2-=cPS#;{frbA5KS z^#-(52%0`);ws2V)v*9CFrg13-AwwaI?+r6)Gdp#WfotihyUR4m8x2m<}c-%^}64( z0aFnUK?CArdtp$$ea%hjSZK=0=ZH3Dc=l@uHFI_NYIC02jGt;ondjTtxoC;AQ^h=g zL#tsn{z?nMxApP}oPF%f_k46y{M{BGU5JM+g$NgfWf0P6$FA9}A%)>SEk=wY0Zk@7 zbVMeMPxFg{{z=}_36(vx{f0Jx&h;dnv!mDS<|&Nm%R=ZVazaroJdbsXB44WPJc$D= z$(iI>lF?KnvJ~AjU&smWnNKo&N^~TK_NdJHr_u3SN<1@22`=<(E82|i9cQ%VyPoTgHUogX zL)sEBJbI)x1m_+-(&mHd_+=Twc=Sno^huj@!~ISBq%C@-_vn=N=#=*8l;#rXqf^?g zJEeW|b_Wm6qNAZmUE`LPRdK!3X4GkR5Niz9(hh3#>pyy^J$k6!vxnO1oyYFP4X((h zQ?L#p#q+Kb59SR1;_&$JeE;>u?&+JeTAa`9U@?!iIUxUv!+pw|0{!dm+gfbS0NZqO zBfxbM?J~(%&b$KmZ142&T| z#ObfcXj5NIy+J-YV?H`#I?t+{F&&d5*GDiHh;SPDW6mO$h&?u$P>I@XIBajs!{FIJ zj`w~!eRurs{n^FdyQ8DS^BGiL7X-1?cf&nfZPqym%zVz@!`$wpWO9~4kOpJCp%3Q<6u4zH|WupTTw5$%@&DvFm>;+Eq8t%Pc4jSye8g73~s`uI=@?<#o zL~Q{$e_JDrw6`nRO%yc6+Udd1hyT|QZ=4M2=Y=u%{^!O$h-B#W(6EEoyJrU%`^U|C zP<&zkxGC(f50CeoH%+6U+_dF_T1cA2a$2sHB|e+W40Diu0~zR>=%pe;#AB$6$50iIp(-9jRXm2OcnnqX7^=dV@md$#fcc*Y z_edo96tcE?`aT5QZoi1}ruZXN|L=_c{OWk%>OyBer?C{7k8S1WIvK@Jgk%%w&l9?6 zfn0MI3iW_4amvmCs72lCk)SV6UUpL6af;zUx@GAdmW=`KiT!jYIc!yC& zTzjeo!;I8cT`tauX>KKfMv84UjWkjOsgN7j8H=5@e1cLm-~7t9xwtKPuI4-o@|uy{ zmU&cN`;}%=&5Wc}sqgH;4)tDvKRo3mK<&c_F&+?(Btv=xb{^1_B`6{!P@hChd^(&W zjM8S-tF0yAo8y}>3fTaMo!t4WSbn3u{Jp{c?)mP;*}M0rdj}WqPY-KVEitE&9HMr5 zMC|=X(EShbKSG2P7LZo~6>9VVNsZ%*IXG@?ILKV-O_e*Alijnkd%dVC0`q{?j>|-t z&e6@RyUI!+T@}RbX`seZ#&3#oln{#b&Q*L{m+DzR^A3!b?W|CjQQhRS$H(f{Zg7gM zZtzBj$?7KWU)OOTgtSTxL`|DFC8gDABx+h*2{Ane)2tK0w0_{o$Sbpz2vwwoxT*3a33JdE#pHFdvB?`q=i&;k@%lLip5E3#z?|+UC@q>lwnlw11yJ+!+@qwTrTJ zZSvFhk1y-_Nk&>r_!pEbH}W$mjkPWc;kR(|tT?_rM)Z5=5&gcUu$B)*Y1~XYf zEUGKi!7%dRVu|7E9Hyg{*avdGJa4$@hv~qaTQhST}yN8Zhq|VdMS$C#!V7!>8Hg_p$!-!dG$ z#vzV;#km_a9p)<(J1Kmg)!iA0ji*XHZGy6}uIelhas`XPq?=cR-qX#k)Lr(a*#0pK zh}xwZG#}Zb#n#ggs`1;AN))5|mL-x@Pf)cK;d?0}?IQkuRjt;z{MCn&P9r_%7P1Sx zIu6$?%60NbzFylc&^AZl{L0I9R%ovXWDbV8oy}d!C1~8Q%j3Vczs8d>XPhZJa0Z#N z2&nIfxDI*?g>pSECIYWW21cl~CQ@FMwqQ9+ZYbqqU+SZTuUxoBX>@Dgj`x^VNP^qiurF^SM1pM26&frhph5yBvdkdh-9Z*3bvcDN6)8+&>VlPR!Xqi7#6n z8W7yo=EtpiUlc^2U?^Q)TR2#?4_Nikw7 zB$=S~cc=TWkIpvqg2xdelX#2;6^KO$j3Wgd(2&Y02sbQ3LgFaEJP@AGCUHoW+|+5c zer6o~vb%|5*n*KD1bvi>F>w;J4DJz?<7CkB*(9~wHl!>$Azi&cSD18rW4zI7t*xQ+ zxBs<&`d_V9zu)&+Bv?pV-yya2K}QG&0W!6b?NfKqF|XaeZB-fxiNg?0rk)WfP#FZ( zC4g`kNzQ`ASJ-W}fcruhXuy~hlH*t)j4G$CV)*7?&sbk({cWIt#37r)bg@V^`S)Z% zctj)-y2)O*`zd|Zp=`qnk|+^smylzEKK??&Nd|!$Z%2$b><(gRf_GZ2*9LDIU&zN1 z8W5BSyB$FHIF3cu+9&e{Mzn#3jJrT9ig8Ge4UvKc?dkSuWT6!u%X6z z=0^~77IY}Nrif-JR8#6%0uf5FSp|6wzqNv5-9RWx|P}FQ7&{fq<^oIZLTjz0{}z zl&GJUY9T~wKO^IQuWF?%Kjr0K}sw=&^-$%3x|7rpf`>7j{kVpcbU2HqVUx|2AEvr#RGA9#uNd&SJ z?V^@VViu7|3WSAVKE={5&5R`UM1@enp$tRWDH?UBLl%bY3I>V?ArTJ7(+L}dIrN)V zpR$) z=>y--dUV!p=55a|3FkB*0`)5@Z>(y(3y$u#v13DuS7XO|Vb@?Mt^BWr9c$gL{Z0D$ z9zm_fhR7B&ZY)YbO9TPo&q1K|aS}NU7CN{k?A&MD}Y zuwzucCydKt+d1rjAnfAA-bSep_qCo}SZ@V8juBsxc&^cD_7NCQHSM@|fbl(1&nmG~ zOmbb_YH>$T_j1F16c<(kF~SkToa6i4Iryo-4oEx?@wrC*vWj8>G&$Ijc+{j~1$HF9-vw0rT%-P% z^W8U))#vLH#N%Km3s|-&?Er_1b*!@o^<1O=;qaKr6HWw)O2Wzf`g!ck+^uYnXC|oG zVVU_qu*Y)cWj8GcJCNOSK6*3k&>_+pF}1D;i7`vU01XHdWTx8W&Yo-3heV#s?plBy z#Z})KIc{!4*T^J+mJG$1ONzsAimVujDlDxsLkWF}gM`Tc2vdXFmpH0O0ZMTtZiI?s@lCq2RhCoji}7R_86V{SerHJ7EzovnJVkC z#3-N~Y;mS&T}hEXsLHR#gp-^?|I?4^L}KGc_Cf#KADSO#IR^~*$raZrCp4k~87zjQnb@h651V7>{)I$^ z9k_&Ba%s)PPNjU<96R?fBwnNbZg_>KGX=O=^{cT{8&bEAt`UURJ=}+5xniOP_Ph?Z zT|?}{4WVOFtT^9=Qo|Q<0HkntWX0G+n-=Drk12UpfqzxossSO#Q z=;l6(-+SHemBbJiWK_bcTAOGj0@L3Fh=oDqY|Ni^$H(?Yd zSXYG|o$Im5DfI9}9d$VoLNVCLP?ExqUTn}%XK9dD_^b{)amDRSb&p`KA0?9k;nvK@ zL5o^oK8qsa!&1U0LcVQ3yA9b4?rzAkz*1`d-Z;Y&+4$F^AI;#S*MIiyH=Du=u(J1nF0mT z`)1H9#15oVZi1ctV{%^#(v;CNSC&1`=LzK@B5EbrsR+3>>lA9v z=uWMryT9dUC1-ROJBgTc*s8E@da#cf+r`{L)zvRzXYSgXW&8Ee9*dm@45PY!5jzlP z$Be)7XmO2>%>i_%gYpQw#va@?y28%(jWwq^>`Wtn%vr<|vBxG8T47bG&RI?|a3Y}+ zO;|uWXg3Vm6$#8`To3hG)ZbKHOqe7WIF7@q^ZSZZN!0I<`8YK9d2Bdbk&fs3hK-f5 z6D5#an z?n0$z*Zh5qt27$dHh3;_io(&MgWd}=OhVY{ad3$vp9HzBO%N$*G`h1Tc#Zm#>4gL5 zf~W%QG*u~^9+$Lr@0cS9lpSMX)MOGHY5NnI=8V8ocTX>4s#jy`j}f(wZ;sqm<$s`$ zHdLw#0UZtrH?EdxVYR3$a*x=KU^S#h6jcW5`T7ne%xkN9Cj`#oG^ixe>XyI`2&7Br zphggjK-$!}*4JQEAfo=l>9vuy{I~~g+)5-+XCBO7C7%Pg#~I!S+JRS5NhSSIZS<9q z%Pm`!U!x0-qkv7&_7?aKVjtL07>{w3ObDmGG1Iwdf}N5VPgRd4>^xX8)EV1S1XQG* zMrXTP+IeWtifO0hA6M05mB-w}d{)eN6n6IM%yUo)J1C$W4OtjGyybO``W0~{`e_$@rRS=0TDQ6MHLAb=6YIo}?OVAaVyoU4>(H5V= z1T4_oKMU?=n=_s(%hz|Y^8s_Qchp$M!boQgLq|Ba(vlLn9uDSKys{1@ct zr%5E~gxGbJg?+feIBw@zF?QTEleM&C3(Y{&y1skVhmVOmy)j-L%j8z2<<(%Plz?=m zyaNV|`UvSHJY5=uTYNNj(7G`*_d!SF0=+TE@=#%?ItObl?PU2a)3_^cD3n~9R|sB* z*0nC_U6l`bVOI3XxIA4O%j{$;p`FSMt#xfyV#l^H2TgZnfsU!XfVS(rbwD*a(6=J8s`5eu- ze-+?IM@fKav>?K7~)#ZtsFb^?W0ZdVn9s+E!ru}D5nL9 z1ceB(G#WBKG4WtE=1P$OYv+jZrIEW5?6?^T8rar5!PRX1cgSV%@SbbbPose^eKVa4 zv@*ZPV$7C@`&^^`^Jh4tTlNuB*%S=m4 zgR|o28uhQcRY+w*hbdBk{ZN7WZdQW(+Rj%^J9W7m3SPRq z#wi0fD9j1M#*zUpvBagX5ai-#6$4#vbSB=<&1lCTlOPERufC}-_IT|0seJlTptL$# zXL4+96pXIoUZZKPhIWc+_h;Wn7)v~x_uV?XD;CrZ$YocIC-6fDn$`!35MPpYv4Kul zurBTlW7nuJd9t)2UJ*O~c*26&I0C&O!qT{(stV}k%a@jzQv9szkoMQ7qRZ%^B&3W(xlm;vBK^xaEVn-x{S-62yXfnvc ziWqid@RQ=~VIb-n_1o>6-h<|_GcSzaHL#a66TWXR4d3TT%m!8W|EzpvVc#c09I>Fz z+(lz&7m6WO?!n?lOM|Bb2fuPE$-BrW3tp&~X@~wfFB+0dJE!E2gb4XSF?5akKfa-> zq@8&u(ef!2u4^9JW)6=zg)U!TVaKF>j95UvXJn3>K$~A&eL)a9X~6vY_hb|K=-A3 zJi?G}#!a{@b#5YKog^fdWSE44+%uL|NjsVl=4&tvb`0G-P{bHmSBIUL1-tWgrwwQ) zW`TGBxLG-N-p(hV*|hUu5My9nA$B-r5L`^14rWr?-nPY_GtU|Cq2KM|w@N?6X zL=HV*7R`tl8Q@_4;Ba$m z*qMEyRm9E%#EXS>b=VO!AU>{KPPra;gFxZJVkp0`40e`>XqC@OvD3)f;97g)+I(}^ zansA)`YASjq^~9J?OBO}r+}T=_vtgRlU}Dk1k9jY!j3=Fs$&Lr(uxlSJ*&Cy3-Kjs zsKHoFg#j(!-+kyx#6gXnW*UseRT%e(p%r4MnFeDS6~?{cXC-@B zL!+me2IEF5jC)|qtJ<`hX)tb}!nk`Xx*hDyzOz|eg>jE;c~#hHros5@sW1$7n)ypC zqQW>+4KEMejh_`BLmPSoG*w~TH)hc7U}v@lqqz#>0ib6k*pY-!XasWa8;*T)LO5l? z8Sz;Zl-Lk>XsHh=i-`ycG|w^Z5HwQF=xk^A`K&0issPLXM&XUF(ca1X?h%#X5)S1A`5{$uGN=lHQJa)Ypi;f(=Qe2Pa~x8iO2uA8jC~?pY4e^Y1Lukm^#D><5M%urWzL8PCVFIG#@ph?~|*_)Y;kvp223+@4jy&g@O=FSlnEurqtp`pfNE z1?k-i)r6C8wUgEx)ds}^H5=G+C^ndz0Dv%$ax=XBFjw$kp` z;NTkdzc>t_Ls?h&9LJ=G+Dc4pZx+5PsC%gW)Ao-q+h6iyk3x51Syb}}0s*W5C< zvaD$(1UPkKmkL%ylT9-fP~o#n*xUzG7jd`otj0668at`Rv!CzrU2JfZ7ChYT%Wr7 zS&s%g<~X(pa!i#w!p(}YlkIM&Nm!@n$#Z4Jl%3_2Z$aEMQ(i4sE@0_5--0^d*U0d*kI6z~89An|x^=Dv*tFcySzdpi; z-`B@d#-i8l=Eco``NDbC4Y4Fbc5}HUx;P|U(r9!6O?5ZySzaS?6ZvD}e=-?zb;8pK zkIcmKM0kg?rH`RS z?8Ho{U8@>D71&W^d-I{(!gG!K#dwUKJp(o}k}P9K;?e9wdI>ucKZIOa6^~-e=eut% zj(3j^mSN8o*ol)c)D{O#X-CyS@dGqfxkmlN;W3jZoCp%l59(j4UyU7|HKN7^=?s#N zOkLFIgva-8l2UxEIJh1#qOI(35FlEHTQU@oIAl{2fD??d#LHpFPlRNXBmJx1yvY%G zbd6Mb@z9WnoC8k%qn9P!)FFYFTxS4xeLFoEvX^MFoA&6GWmTwbhEC~9og^=zqyE(AA zZC`11Ol*E`W+nEq!~-nItI5<0%-_%yLgiF83XoRod`u7?uuDbRlL_Sc0!>doVRxE~ zyPvu)+U{Y%d5HQQN4*nH5w%Ij1;QwWE5Z{JpuPiYztd{%hT!z2R$@5aL>T>J_vkI; zzScKlHkGf)awj)ZM9x&1n3J?JEs^$5%Gn|_e$_#{pny2QQ1anq3 zuz+6DAW>6mHV&*KCn=0ehL}lU?@9C z<68+s8wMO-Z959;D;(AItxp|_HBRF!bGD{nSi}+03|bJ~LfRGF)}`PWJOC#rm+B2h zzS`Z@F6QK(chU))$uqF#<8do`&4ss0rx1XW_>+>oh))8@52~hQ<^)*M)*HN=l}+!n zu&A8{QZAv5qyX4-Gqg)k7}*|!v_6*<8lunsf+dG}D&Q@QKHEXw{)+XwrcyuuyVEs!m1%a?I>-Gr8W}63zR1Xg;QW8lV z+v&FJOq2fAn1!UUTdQW3lpO?`ftkBkEnhR#hHkqB(Ap`#yJGy48he_h(kwtNQ5b79 zh$X4Bn5Mv6!N3uvK$ewhEtozNy8!^UI4-0_C%k-0D9*D}B|m(JuR4>M4L2ukJ5#DN zvIf+bo2H_VCnVg%f@~tv8FkQ?wishhg4c;!aiZNr?dMxtN3YvoJFV7Xl!i<+h!6xZ zFf|q#^m;mp)W%gh_JxuE6$Z61s}|R|YF34r3Mx>*B7z1})s{>LnX8eunj_m|CW&Q( z)U4zjGnH4GeNYBwnE=08xe&b0_9zV73K>@C0f;G~3ED}$?aF%n0>$-Pt-~Q8CV)U6 znm;mooO8&#cB+9S6^%i>AxjxP;fnqoLU8bJ7llGT9Ax?$7z2B@KGfSz(4Dm|TIXXX zh^e{g$_N4)jk*f;SL(cArqCiQKTek!Y1#iGpuBHDp_gVx%@(<`394U&i;ywIWL<)o z?F^}Am!#za9UC$})E5+rg<>@1M2z)$JMxLvm3*{E$Bgi@J!C|s+D6p=VRsMnucx;b zFGJ&o*@W`4OQHpWlramR(^xZiS`S(W9Y%=pfSC9$#80FirKt}x*Az_>A@#ItnUI1m zGgF12Aq!O_eNE;DW)ew0jTw!kr(g&MouID;CNj0MkcTj4)U5hC z(;o`FSaIT8;j1ZZ>Dts<;ys$DrIuv~`<145KbI;eTKeLauud7yBJC?r*Ap{s{ZPdEw8_=+C}cTxTZ6 zaLU|4cCC*l%##Ra$4H={;n8^~T(-Xs`!9~%cB~B$<0xdKk(w!cxZKEw9WX`4mlW&4 zXCaU^LvrWuj85WkYR*7rg{D?V*!LL^fE+Y0cRXLSQi|d`pk7qRzSbH@i3I^i3)wCG zPp^fLg-QMGfy%T8y?eksJoN(9yYSQfl)XJk%{Y5#H@w1A0pCDq?7^S5Vf89)F@yXB z92U2Co<6Gv+Mb+Sa3FYqP=iuH5umY3)MTtV9*a{oHLxY4l_)uxD#`R?rmLv2w%^bv zskC+!0N+IGsulFp_Kz<&Y#>9`vJ!cX7)+rr;)A*^J&Brj)bdh?HT@ZOYln4z`cc@^ zrs1CgK!U&MgoYS+rrypK>loOB5?2nw zZ7}O{PK_BaA9{_;su~q9FIzuUpyh`$u1c?3RWne8>AK>Ts_5(wX~nZ-;Q5vYt_!br zOvUATERrfJlW%T}De0w`pmMAh2f!lGfT+`~UM7e|RwqmJZ4Q@~lso7bc114X#wQt= z%GxkYwH?rA3BoB=Ctr6mzk{l8@)-|j3}VW(+@%3|r|cQDwV2Sa7q zn(lLDfm{xUg-Zd;Po^3Y*h+3s{tJjsh@uNa%36hF8Hrb(ND3dq~HP4XA)=inE#Mq(?a%a)JXR zbpYTrLe#ye7-AX%rA{Ls{*^ci22*pR2GUpMPrE;LUUUO8pg8h=>T<^9 zP;^5&aHw94*WNzg{?U8;{P~LwdsI)Ev_4WZp^>qPVr^ppZrVUO6TrbAp*{di;DDgb z$nxexXh}0W1{^Aprs_ zo?-JbsMR?(n*v9Ex6Z~Ai%+7914Vx76yTY|NjD&Vh&k~L0GVjsckzG2imO7C-z+P^5o}>R%|Gdz|2TCu{0m+0%YB$f1r=ZQ**BZ}#5=~tf z?lcII*5&jZJr0S6jQhmJ`~?of3!Nv*9JJD=dIbw3g+O1XVUAqCajSf7M?`i8MB+{! z+j%^``tn=bglzt;-BUjV(^f*iwR^v{opJrv{`%Ee2>hxxp*%hek~h=1&z4a`8WBz1 z|5P{yl70T{>5iEMIFH1f_*7VAY*x);F1YtA?LB6AT9zOH3TX_cqREIvgzL*}H{f@j zc-7IHk1phdN{B-|%}&59k#Qm+52I_*Y1WHgbo=HS)h9|clvjjAsJ#1Fg>Dp}kNd!W z&^v`dio@D##*1{@FuPEz<$(&J&_KDH)F{ea0OqVOEH{d=5C}(8_oHigl}ZJhhMuiN zK}QkeB+%*%n2@Sk!gj6$Psj?m4Nf>gC-2VA-<%$tUA#X#INi*C?!R_^oa~;R{rc{7 z-+6U-e0aY9`eOI=%~|>Fue)#e4^IK-CvWz5&v!d$*QjzinP3`$>aP-Xus_h&guYeW z)lF*0%u4N~gHk8*)JCB&VOFl8Y7?g3T&=5l;YpMxG6M20W+l-IRBgv*avl*rp+c)$ zjbveR_h|)oq_wwcV#Iz2?V?X)iUuSiLn?J8DvIV?B2zahXpCf-xtfd2m35_7 zXBl;tA{6eXj1Cs2*!qV8SSHO)rj8A#U~?z=RF7QiSEgzPeRDeM86=)$*sb?MebvT^ zWbMrwCtl6UHpO_NWxI|)p0FVQRcm$j_1Vjq8iJHQW4#}0zVI_=_Tt}~JUr`cb+$H* z`Y>if(1E_kPYvvxqej*0EYtaGBB+wb%>9hr6(e$GD`z1k0P7NuECgDLF;}(K#u^|Q zrnjWffSZ95fx5JVUSpxHJ2&eZP;#N-egjPjPHoe?s!JsrV|&-B*!#e_poI;v7$xJC zWydYYYGbSOqLn}6>{I@#t3c_-BlSpOS|eT?xygQGliv*Hheonx1=bgwm=|7bUl|9zY8Gr#95RRR3!ZvF0{aVQQgx;wtOw(2f*U9n*hlZlkCI@H8~sch$(pyDDX$c zFj}n>PKNZe-B^_H077Tl5#=c6OfsM8%*&u;p6btsLQ)X8F4aL^8-Q3_jl8}rYuB1d z2qKes6HV|Zb-d@ARcR*^dm`dw2q{S{_lic^>=C`}Y%9=rgCLbUK-7M_zk8D3(`Mx3V%)$`}qmZ#rNt}8N81ugYR%dUu9ZG>lu#2qYI2Ie5DX(3>+%^Z3Pc#b9`hI#K z-!Mjf`ZSIOGy+@E2VM8?GzwrRdh_A$9c|-g$^FfTzazaTTdyLl&8Z~?)9@)8aDo-v zg}Ki5*zXOqV?%UF$rUL5%)O>s_HDCZ+U5{yt@DhWqu4og9eF^X9dv+sNC~&Yh1CtX zdx`=Y04s4l4-Fc9#x<`sHlm8#3L5zY4U~+mhz!=m1WR9&u(<_2j8MfPUM=;mR{C_~ zBn-RTFL!?2)?5b1)S$DUYKXE7@@WV#fv#}o0HDr^Y970n+kIFYNkp>cgk$lr07{b2o zY<4N6@D8pB&6T^g^EVQD&IS@{on&m$e%#*LMB7@KyuG8S&bGSKdEP;Xdas0eQzHi- zwhFDVdw0}RrxoB7gJkIZ>G>@W{Zp_A{umJ^^v8b!E}rX^S&54$PmCLb)m}Q-*xq(s z1>6r?Po8AX1>nk%`eX#@(G3Q!&e%#uGCmoWUuMG#Y4l0-&__$1S65fAs*~|i7Y|q> zyAin(-R&QLde+SjcMS?}==0&+8bg9*qK+_<)6Y%1$XD2~XL6uYvt^1r-ZsrvVJu=m zvJ#SUb)L~yB;etbXcnoq0YI9nrd=4!W*Lp__UxFH2tu?!3E`Y^Bjx8&t>k)x|B#JD zUNQ132|*QJIG8!ReX3V&oh1W(t!+#M0bYA{8cflZ;y$X!W%P!s^$EzgA~EM5gX%QF zD#CK9rn|b$)|uKh6XW+ZBqSJM|C4GoGl%(q9G9(D>+tyJcL=?D^*8k7iFTwYEEU*j z(UT{wwBQFN_+gWT(AWUd2sz@&6Ln5j=VQ_7I6b5mafL3d(_SZ6x@go4R+wt@2#5sh zg${b7Wlrr}Rj6GsfNoxMKfT~8vQI0S2LN%t)}CW(>}p6d5!EUDmT4(9Z?Tqd5PX$% zYZE4kn}^ORbtYLH=V8q^^W;f+GOZf;-_^9vr+_Ca*>5SzhTzh}==5%-e@c51Q;c(YGd9(li=w$cp+YJY1 zdk)W8nBFxL2RSy`^Bhy^f zX~P_IHcNCc8as#m?XAws&X&ht{AhK$_LBloR2f-@Y(#zCOvD1x`KLayV=*=@RQOwJ zz*EIq&K$F(Ozc}k7$-k-?Y^mAr`PT=XEEX7v~c~^cX*OE1n)rnF=Kj^nrymqa|WPV zWjMH`=4Q{HV(DZ;0*WOGr%Dz+I(c_`zI%M$L#fd_tQKqao}Tp6b}crfIzVT~DOESM z<#cAEguV1i61|gS!mp@ZW$)hZmlR$JfPz2TB%zFW41{wr|QgOLST1H0BBNO zWB2XbcfVd79G#s1BW?TDR2$vvtAHHbMx_HZXvNe)h@(%g9>d;}x~|Ef%GMSUmn3Ad zf+DjIeCjNXRAvJ7Qkm1QS+z*!U!^G5CfVFXc&OO5G#WA%67D9jDEfHCED)X6p}D2f zCvzNWiNmOe9kyc}v4%+)>h!~762=N8WD|dI#zn z2Me;6~Ebt^ML=kb; zh7Q9qiKTJy!zuBZTgQwRMSc`|v#VVa=7Lw}2hfoTRDa-n3TIDAC&VZ$^no*#8v((B z{;5L@z&t64Q=3^mOqinVOzTKiCbEPbZF;%|_YlPZN(fg|QIFmKuEuUz4hD$=ZmAuA zgOK?+bmn~1xaVZ3%cjB=jn{MGAGE-jGJ=gvv15HJi7pAF1g|1X~v<^Si;wqHK3|GRh^h6uW8Tp&NsW~!qDbz0{TeIy_7herR@KKlhm zqwNTA5TrqV$c*#I{e}2B0(Dn3Oe5BPtTkppdMz#IoVAu4uy%=`&x~)d{_8{A6nMhC z_5W;Zry&1tKihuxxc=|r`A78vH3k~_cr=V>;b=4uun~+fCpKhKfPyUUoK{W_7?bwu z#YPWaU{x%+9H?V-<6(#$VPidQI0pEg`<{XOeU@7P)lpb$`Wl`t@aBxp^!|b$=2GM@xSl2kaOVap)X%sYc_V0ZK8)JQ~UQZ zo{+4B(_|0cBIG%R|4yd*Yg)_Lh3d>|DgD{F&Voes zy$(k8J)*-biY%f6eXkQMf4_-HD2R^7z|i+@+R^WIb153C-KP^lxHn2@K)TR@=&r?_ zcyXdb@#}Zck|F^oOqSb~?&)0?+$s%$8zIa&o~k{qND3W;4dX&&qXkZIl;{9iCZ~4M zrMXiW*G#|gbn$pG3$mO7VDE3@gTZ>)AYn3!qbYn&PBWSQ?0&TkC{@h?QYinh%%$|)64Y%xYi)o}X zW8jr0qj^S-!qp(P@3Zk5)`e^=34(lx^KWxtfN8T1 z#%iOE0;j6+OxBGV2N%Z*Z2{+I-2^04%iOBL3R_}!)PwY6o9=%GFhkeBp(@b4RRjr>F+FKDAS@`gKo z-Mj_}3{MTD;Z(IcOhT|ZO5Mp_M>XF!LHmtMxPpQP0<9}VZdsdk6Yg}w>~iYRIlbA@a(^chmrkIV| zpV?4Pv<}ylT9aCXPtzorYa5e#Mcc6I&270h(o2&t6{~8l4Su+aPeytgbE##@NKF8L zs?bHEnUS@fGH>lqMbX71JE@pgmtqI8XcMvFaMSqZT;Mnkr|B=Pe+4@}=HswJnyvHv z_^I=v%acgb39;ckuW+c{Ki<6G^M2iZ>%BeraPU@vU6ZK?di&X$fo4JF`nhrTP27t> z+gWaA`99JL+S9jLdLKg&@6Hc;O1RB}Df}&u-WEdjnS7v)Q^#*=&qSeB=(X?E{DaGc zWyLTKMOl^yT%hIVLV7%j(7HN;L`;%@-)OmsL97$64PnqL zjv1^H*I_eDV#494V?9WRPy*y~DsFqM=HkJVV*-J2JUbV;!M4hi(aTIZ3*$>y{r!Op zn^HNNL}@Bg!qf7L!&sGAs0!OxT2SoSFY40~FwUIMpZcb+jfzRqR8MtbjaqAJ#x0OP z(~!7F$GxI6*3 zaNy9JZ|wu-V(-Wt?QPamqyL~X7$D3?;+Bx^PW&PCw#&iwJ9jiTH#m@{!iKOd!~v2V zM*{oSf$+}2{S}9bREo5k&#vYS#z+VCd5Gp^7E+DXCl><3tj@3zC$icu2J(BFE3S}; zZsyio!s0xSS0R-ISP+3g{3&8DmszQVzVuGLgvVWB1)f17k=p;E;DvR4u!%PdwdSDY zNi`;nRY)EoOI_f>q0zHf@t$PffOz^U-Wzf@fh%s|!BxB`$2fv*$Qq_+4Jn9+6fQYpH(@tmm1q4It?mR=2;JK4) zH_Zt%Yk6zQ`Mi9SR73IFx34tB)*7nL%hj6$P~Cz-m6?%rYlgd#z2^jBU&EKFeo+}4s-4kbkt z73NyYn2q{G>xzS7Z4hZh2vMC7L>i+qA|%kEtU!OLxYCGYpTO-zBMp_$BA>)kbQSc9EsJi<^nbc*wpGd^j}1Nb zLDQu3;f?C=gmB7&GYwr2J=LnTazHXwI}Fs+ROn?A9`;bX4VpTBNx1nDL;4#1Cq!$r zg_2?RLov1eWBY?fLGDMYGl7&m1ap6Ufu-bWckpIN)mpai{4r5dDg2P3a1RfKJdD&Y z2sKs-)zf-`6DAZNbc@SrtVXO8_3zpIsGucEv!(XXF^fowfalMi?zHlkw9-j(Y7|pe zK77k?@EV6W@{ND}u`QQN*V^#DG9?n5?bgd8XWMt(HPxc0;86f)7nK&mo`L?vm?h$9 z>gKD-;z|pnnV#S&EK?oYBIuw4HAb8o5!(B;j_u270?YuiOV1)kTqNj>awhZ>i`2SV zAyRD1Ao6$v13-qI&;jf4#NtQ+i!x|+JhwRrXrPA%Z&}aL998I}{g5SrXKY8gI;@f_ z9EROBPK4ytm!4^6$T$qjj>+m`tH*W*V>pEn3;Mp=L)%*&{XZppnEO@CWhpGgy4X^rA|$o`64c#FEh%(P3f#*O$;?NJ7}u)ZuJQ z@FmrIN-O7WWR_SzyMiglrq@w$6G*ijkt-x8@z7oqX>aNYyELkK(6VRKn=bC6o; z$olBR?GJkS@+HdVONpE)7ZBR47vnN-gFn+~#5f5QHu~iotaMORpuUdOZXttC^=(of z$SN&PIq!urAVS)LXl)H04y}fJGiPn2Rloo3zWSRfZ>}cWUc0JFyKRF{rS}&0q7T-& z8X=8FrY$9@YW@1UV-&psd9HOgQ4)rmC}O3q;BFLAq4hX|$W7#r85704t!b}>cMw`1 z#XD-2AX^9I!oWO0`gDQNo4@Ns9_T;y)uqJ#C$P_O0u5K)qbS)tyFZ`c2#-imfqu2z zAoYm3t9Foo@?kH%iMJQ>C|n~>mW=qAZdLvTP| z#x#y>=hWDzFpfHqswm^LR-FpNuv^GE1U<0fa`RB8*>^$J0{0O*0I|@idrc^xRD8+V zv59m^rs16{^@R=`Zn)_}$o7;oNS4Av)xa-Zg`&u=^;tyF$p;-i$X=V+9XN$dBm)gs zyA5CztoGWTlIrw6cEkdb=21K)IQW%QN!~@UkqP=I>7gIr&Kw zqINTg%6bMFR|ANKYXWaMpUMixW@5VH^_+!pVeG_z?XGE{JfWeYM6~i?_EO37l!0l> zdmUHC*dsXuIMN$&&WzMa$q7~)0m*_qZMqSjbco=XQ^u*B`U>-zM+RtFAc3i%Bbed^ zg|3{y-PO&&EwK_eyK9h2$HX{VZOeA79*zPJN0NH>&1(CRkP`rUaggc_h{T==yLqDy zRZn(uyqFU*iOqGW8z0KZ(RPUDrvnhE;gL=)Vx{h~93Hdaty>~y!EU*bfhMRk_EI`V^z)MTSzmzrU8dokaFb0od>*eGr{KWJ<91|%`He( zPFVL-Wnx%UAk7YIepe=mO}|wqi*>Ts!d;8DY;z68D^I^pWVg)nMxTexp-gk1!r?G~ z_N`z>XF5V$ju)kQb{|>MBP+TaR&_7g04{X_p3_{X7p_$V`gfO)BEwzT>O ziI@)9=j^>P2kfDb-v{jbP4s1Tuja#EFDxiYuWD7XZ|k+k zvtxTa9?ypA*2hz0uQ&Xa%Ar$A#lr;A7fk6fiKpgJY+CuyU0SM@#JU? z&djP=C{z91bXK83P~v;gUzSNcjmgHF?9emIr4e~jnk;6X#$dA*k_laI(@3&yarAA8 z#pexhBP)#Di^Cr^;S?I8w8O)iiB-$S92BrFeBmrjBOZp9L@rd4f8**>^gx&Sitona zx#pzdY|%`0Y|11KG$=uD`7eaXjEF;)yyg5@g`fE-Z>^(6!HXCs?X2J1HN;Xx7F3zJ;-SEp2SEKbP z;RbEk{I1u1YS)rjmAI|{v}j3`u|E82!Tq+Sed8c%_5@zAH#Xd1eI847N&Ki6I?E&& zxQb$WTblGvKk3x{R4ZiLQQLLW=1$J*USle0)@;J^~%K43}-=V z@HA1c*QBgc;aBVlvPXK?a8-A0W$94T$uA9wQ#z+vkWG!kW&!pQR92De$?tma-g1TA z8y$zob-IXURaM-6f_E8K5>Tz_IOj}-IYZ&C0l(1=(*pHgMmXMY-hmc zWVh}QKIP2OC=EKPJ^!}ylAAqAdwI}MZJHXLX6FT^+m>C_*&@ykHJea#S_yw-@V}l< zXphW6U_GlinhEYxlp^^ zM>44JX$+tP+ihD`VX%dBc=e{+g&)WU-gR`347xY>ixRhccoK7_AGM*g9PZ;WdmOm$ zd#ls6~`Ljy}sXmyXVKa<2rrvX58~;yyC2@p6P-Z>B_1& z&e=YjG}qZeCvKo7cA)AAaxtSACjzVe7^}9j4mI~ND;K20>tZiNw3o9<MGA?iem&aH4UBC@w&a4`zumk;3$0+_0mO43>9L1hlu#JN$Nx#lfs3_jl6 zgoAOT3FDo{9wL)0{?lvLgm5?tp$p;76=Hy2;m1!OuMac_a$7Ov1xi>iQi{xd*03wQ z+h~D%>EVkdYoi%BD$L82@(%J|2|js7%7S2caTyMSosT816IiozKj3#z>Hz<4a<^XT z>`*uFFMfU>9`9y^B--f)NkDJ|dqY>@75Ej_(Y{~cF;B{hjds@|@GIc-LZO?bpBJAM z0QRKzeF5}{s9Y^9SBuMs1m*)GGr+zG{~y8a-;RoNdQQ*jIX(aX=dS<&0RR80Zq~*C GxC#JLgfnLV diff --git a/assets/artifactory-jcr/artifactory-jcr-3.4.0.tgz b/assets/artifactory-jcr/artifactory-jcr-3.4.0.tgz deleted file mode 100644 index 64873519cfe815338f7bfa7b0d88a424c5997f2a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 154560 zcmV)6K*+xziwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKAUcpOKSuol7s!n{Xc? z|5vZ7x~qG7bQ%ZtbAS0_O?TD1>eZ`PRj*!Q&o?Vr_Z_d1yF~Z$12ydVS_9Xuwqy1b z3WY*nPY?WCC=`nND6OOhZg!l#q)(-zHvaF^^aTQ{Q zt1{R%&nF%=9lM0)iW%&>;m=K4u}kaC7=-Gc>H6?)&rZ*&q5;SDv1tH?I!&h(z< z>zMk)%TphhEs{@m4$G-J`Ac*!$Ntb zGRU0cQdut7%s{4&P4Nz(lR7r75~>la{+y8U3_@Js&~4FZR0Uz5i!qblBGd^yod9Gh zA}*dLnPlcCDma+f6eZ}si{qOB9p0NMN<7r2O zq=Ey>N4(`x#qpBHLd&$H>6%HANfAaD^^cC^DvnpjzE2EPF)gBHGVN#wna3VM^EF~4 zy@u_oX;&rC8u5sRE^-1yYffMpXx4V-(R>a2sNn>N)iWH^uAZK0NBz1^C`Epa$lCL! zUqgouA?mY^9lK&y0}sleS<;}$w3oA+dEXLL7CI7Wt8`&Oa>taL;(sf7z35SvXEs`A2}6;6QwM2V6>$O+XgZmJ*X3# zdjcp;WTo};i%^Vqgn(A5eLk+TwyStf9R#4_r$IRn$(-@^^fbixv@Lroxt55mdeUX*KRw1KRF;C;64)EQ==q~chXGtV^L zBVtHJ2C0~~$z|(!$i-Zn>zp}On@QXQ7r~AjIOK23&5<~+}si1LgH6ec!oGIqs`lz@I z)g6x@zlLpeVSRx^WQ32qek5+xjuz^aNurvKUM!SQwmW*^_%-5{P&UhS%e1MFEsJoko7n8TQ9`~K@NVf_bc*O6@yEb_&hloX#G5nq(8~A?mz2i`V&tcY_x$8g|KRA5RyQ(8 z5lNboWrTq=Df1|pl@Y_50dxm$)x!p%%$&KN;}hLSj%BF407V-pDtiRaGRp^U7op53 z8Q90n5!%PWOcHD`Yuz9;D^;|D#>S^nK*46lr3B+_=u>S}q^(6vX@Z~apfw$x94vK- zZdMw?uL|iv2Jx|JaaWKHix$Ci1d+PyH$YKT&t%@TEEG`oxl9a$7|0-A8SH;rcM5SF zf5i)Nmonhc4S`6K;tc(_Ok5@63h|Km|HRuO~t`t07A)YR+OXAtG4m3Sl zZxfn=)~BE;hU}~hO|#SriqyKe)W&rm71zg3Aq7t)wIateMO@TfSO=bBGoCG4Aw*N) zjlc*`h34>|F;*1+ADQX_K~DAt~g%75CX~)P3-yC@eGpd8 zG`VDU5d3FeDEufWILJs4uY6oR2vZfl!p7I%=o&d{67nXkTX58+^>V@O2`tpLcAY6O z!8LWYz8Ic@#8X_m&M-XP&1kwhpcTTUr?bw=$OZsQJHQO5hjtUIuB=TmL(1orl1OPp z1A85cy+!M57I~jm3`Nl`MQ)?wn$5wMG~3pzZBnp=ysX($GbBx{^oACvOY72l8In=l zKwX>Gj-^N2lEl)Z=uVf`6Jl9Mv-D_vOJnJlSPJXnrD-exETE9+U~HZ7Afmp<%m&}{ zi6{ZX*YA3$Yx8<2X&Nr#{1!tj>*BYmL-r`jF2*E=rMPCtWJ}tRbo{XtwZ0I`n!S=O ztp6vmbcdrW!_q6UtfTR}w9QK+5nak#m!<1!Zu~fw?qh>x8G&_4EM0wT$5L$WxN$7S z5X+i942GqtQ^v6rLM-c0vEtJ0QqYQF!>rv?+`>GxCN1kyIt+6PLOkoRF$Jxw$#f_1 zgpE^FMmrm#t2ji8+@NfkIuhYjO5IT8>*#Li9q98E!@ zS&wg#;xraQ&%7wLlub6*u0ETYZH;5;(~6s7Xo`}VHTMOErRO-)U5F;h-Jp%dEo(v3 zt@TC_3lbtX3u}eg%^?=#=noV5uJu4HMi2|Jr2z$Cd<#MW(5Dsqw1R{nMn0G(Z(ci1 zU0PoRu_uIBNJ5-cW{?FrRwat=G#AjGfk|XJRR;y0l}eBA#7JTkbcs!g5O`N>Iwbt4 za51GYc#lzZC(IV3h~lVjA*JrHZTcp*r0GLW1-4OIE>G3iM2R!-P%onW89&MO-;v>g zp|PoYU zvAJ-er)8y@@4KaZetv#l!+=I}ylUR!sAwKyuBL}3N2gH#*dQ7h9~&H=9v&Z?LOaJN z(Y~pnPBb|*F*!cCZ-Bk-gi?dUQ`3{fJNB_R0HCO$!6+h2%Lr<+f}<>=HEda^PB0HH z^NCmITgbX&8zPPicH}APL>>_#H>P8E3Q(}!%#4y*4q&$#iy$x_s5M1&4y1_un&$-7 z8rs6Gn@PhZ^CVr4*F>1^xDC&&)_mm5GfU`rh}gdAHxLf|n&X+50X`X;l2XI3VTh2d zdf4{mw!e^rLI9~^3k?D2CL#ixF(_;^)&Yv7!Zr}LECB|hoA@V_P>xyzxphM9m-t}; z(VYmwPGtzB?$qm!Eg;FzIEdKe$9r2twqMFnUc8)`{k81lTV(IQ1A{ ztCE>FnKn5d+Gv^`ym@HNbQz?IS@9dlC7#YeZ|p6c*#YPrPY#L_P~cM^+Yt0dYuF=H zLNq&2nb@Ra>TE=fL09OEn*1Us$fAvo2Y-3l4z<;>4KkTCjex=Okg6X709hcOZbBr9 zOT4;CDJVSXnT%F6X|t+LLBL%WmX?y5=6a+;JP{64haOnx>(_P1Fe|3ccdTUto3?HR zAc}I}Bir$L%p#92q)x?$=wu$@hjhmvo$(M60fraol>J|cDXN$jQOw79`4Xc0&7@Dd%W+~iD6<0aZ}j7!0~3AjKaL*%>u<>hnS{CUBI*@ z8(|0Fq7!V@u|W`?!=?q1Gf@b%P?k<+O_>6Qfv-5U3(~sTj&JHDG;dr|d=rwH72juL zOBiO#s1+bKVjGbKTz4(PD!QICXBu+%lAwNydDPGyV?h1x_ElMZnzQLD2_h#ccnTRhnZ!Y-@e3k4{rgJLWV>0rQOZ2~%M2v0;p za=2`umgBV~zEkNGKC}9cjV()>Z5ov8rZ0?#^gBSifO0A#=R)#C)Oo_KkgW{E-IAk) z>ZmZQ4CtA@mq`s<735S}J1;96?NK)5NyJ%;@jf)mP6ZK*=)ULJrrya~p^Poiqj`_j zv%&cYY$1KbdVwl*5($dQ$){0g0r}I;C5NKWcBwcVTcHWnv1zf&mPviusSa78D?}UA zCv~ctaFf!2upvZ;F;bM^&Cf!5fFsxmK)rQ z1Ha%RCqS5acrNh+Y)SQ-cRb6OH<_T{Y>RX_- zMBS;EO*{1Jp<1$nWQfmj#c1n0!pVyhCs53@rjTQuhK4Jw{lmEs^-Z7Ybl51qS>+_) zDrTR-$cc&j#%RC_eQVF5GzS7>Z0JtF{3rg~v=K%Yo~ME7Ggd89<%0nBL*gT!AYm1k zGH@^^aKfpWYDaMNsBs#SE!iG*@KpU8;jUO*6Q#=}C!?aL$caYO$Hb5)y(&IBurA74 zPwEP$(qV&TaiM&nbVbCY!A(Jrh9-%+GQ`8H>$nkFwxku(9oLk;P0SuG;pIV-Ft?Ey zW>D|sdc-^$)2}(MVVC!9qNN5@W~ z-JQ%V8ie^xor*I7D(XkwP4E_-t4+|8G^ugVjayF%1Bf#maA;lPF*cbvd5`n_Xy8J^ zgHJLV7n;$*j8@qGV&cb|Iy*K#Jv=a!MLt>ZLEfy}2^`GjR`963OECc{J*7#q&|V5C zIrYR4wh430Na;wbSY_G{Rs6!Jfo0%~01KTfk*fkGUBany1!W75s5-W~N-wHJz16ia z91Ip@Vo75p>qtT|t)ffPuvInYF(p&`b$kH|nU%=SupzS=jeyPY9j~)l%2@h($|{$b z8>C37lISVmK+F-3HcD&o+YBkO zji4^w)|kdf!@}o(vN@AB4FoI~F|d{1nP9aFl?nF)ydbH6TrjQnEmB1k%__ic<>&St z{yo0P5;X+_BKS~Ac06R5%xjH#xhWoew6vG9WyHZKdqqwqg__Q&+dw`JyU}7QqOQ(` zT?ybZ)XHjJL_pJSRcsUvy>8v9b61+_QEXWzoT(&c0A_b&JX zsZXLQQPm?{@f)Itz>JJ65M43xV0c4;c%+JXGKHqOhu90~)6leZK&Zx#F-t$%aKLi< z+~rnwgqYyPh8lNY@Zelb@83MSZHfdFhG zL!(1u)17E^XmVh8|JZc@j^UBv>5D*xb`DRE4NdXzfqnsFqJMIFcwpa1|0J5&H#spr zHN;0-zFTM!3lgxnj!jM2b%322J}Zo?3wB-4aXpi{=fH49oUI4_i!83PUdmS+DGll{ zSCQu0q+r>pqnqJ0nHzPn&kC!t>PBnxWR~mRW(|#mB4w3EOk6fC*gPL*BQGLzOm`U_ z9ER;63l=;58gaaaveY7XvV6z$)g=R)R4ubgY@Kv;hP&OJv8CK_|`PhodFy?=1)85=$v50zz;StdWN&sPMXX)zpPQrGZVZ5a{} z1qVQygJ_Y>v~|;9jxFCxU=9pl(>1Xrfl3Rl*Dw!%835C%ntK>`BsZbVUQB@ zE0e~ydx(a1JM(NN#HW&>z(Ae~;D|qnXt6D2Hzf4A#kL46;)>VIkVa+{=mk$F+C_;h zdbCocsDW4$W^*R9!tFEb@Vvi+Y$~B_3{oMs!E4kU%Sc%|$6g&Qk#w#@DMsBn@VscZ zOspJZN(m&p5sRpu&FjYHhHy3_h8j!)kxWBpeqPZ=#cd2};R-x7Hps@+v@kgM-aj!h zG&VSVVTm;%tQNSg)ezweYUm#O2Bge~dr1hP=@nM!6k!zc)dcBQJElcE$QvSNbDhyl zzG4!~porMIr-aZ8rnGM*c-xl0i};h z;HP&Wn61M!Rb&e*lZXy6J5YvgWp9@C722?Uybx}L!la%PprH#0!WMOqM|f$mPAaW9 zl;wIuDR``W+7%_ag%MnAt(Hj?vcl6A%B?|GG3$CJEL<}ioMmH0eCJaHzc4Zhre?Sw zFC-`TUBl&>XpsYZdd-}ZmNME*Jk)438jI)<(Ct)`yR3^)Tqud5%$efq)2Rl8qK< z7<1XNm4T4+5oQSZ@FkYdr5kVBVj2pjG1REg#ZhMcP8n9qaBRs=Dl+z^x-S=UD#D+0 zU0MOEti(fa<$H*jvy8e*8IzYJ&!n*etvv8`y5G|A2C+>M5+gw>InUl?>d3-&HNaJZ zs?Hqo>||u0SS^YCb=u6Ab|NnSPyb2A|A+a@jvNE5Oy;b!b`xw+6u2cc9(W3R zWH>s{7g`tbMh=1{Q)cnwdETh$6CNq1k`tb1hlM4A_7C$HiTt7$ZtDls^Nke#b_y8N&Nwnc6{Y>8x>lz4N*OD~~ht{W8T?J{SfaW`CWB@5uU z#8dY9wJ@9Ie)&hNaU$_XnM5_y$+OmFGG;?Q&5MOUnzM<|98c4(=0&o~JU_gsG#(Sl zfIP$24#&@y$fc3V>>w4#BT^qAB`wGAPPATZ@B@_yPzz6w*wm zBXpoSc+2GHJPsZ_SjM!L3BdpsUBH(26%g0a;_#FT0UXL>kT~N)BtjO`j^vQLic!XE zo)?#&uLJMyV5{o~4wm9{igc7Hmy@7d)kL`*B-~BU85#XKfhnDLJY)Md`EJG)ug*a^ zxJZJ!SSQJB3BRtY`7NfH(Y`a zs@Yx-b|TY9b?}XSJj*Bb^Qdmx5W~W}s#e%HglD~nCzzs?*-S!-gx5G5aQt#fF2lxOFtW*f{J<&KXdT;OBZ5-$)P8ljDv;jXEgN}djWESm$&koGipCtDQ1&I3wLHWI zn~8ne0+YukZ2@iUcU?J)=*aYY%30>HjI1kMbT%A0HbK5wC#+$_;SG^hS_|{o8>|ox ze22{^b+Brzm}4O35BPzL%nDcm<}eTYthHdNi7yw*lOf!Rj?gfyPM~zQSd@%%n8dUZ zS@1nlCrHPXP`Is%h9wo$~sMKI6_u|WyZQ|5p@$UBt>J50Ecc9S=XDBu%pqC zelZ#+8v@FOpk?yo=A6k$3Sf%pj&0Bq>h3EPKpoD4wlA@sCNuu?mJ1Ka6gj$XZGo>J zmYq2gS7h3WTyDDzVi6v(iO7OU`C65aeNqW5W_;M>I?6{}=2kz#7gmMCDCl|pI!q_Pfbjh^1xC}dp zO^3$AG{A5g3hl2Ek3<7btHiZxlH%sXwfTJ$yC(Ywhh}(+*SgWcd+Q)$W=UI<8Mpah zHrJIHAA}%sIXCdCt?dRk4Iz~75DNNJe`0JdG4{0{w;m$84<0;-P=-5{+?C`!z#!1l zua8CtZClwpM;R+&#RWz@7;r37@ll!7Oxr*%>!*C7dCswdI-#*kKa`FBr~}vIqfeq^ zxpO+wG_CnHycOe2LtD|D%lrG=lm(En(p-DH9yXDNjPLE76 zN3lwL?k2NQ%_DrjO=gFe=LkVs7}Xr=GxhG2ZZRdupLgIY3mQ7R08QL-v34i&KnA5a zlHiZU^NzPDDL4qrvN39zqKrMdzi{#PtooIWvDk)xvn>Fqe+yqxW4_|{F~=YiY&_-l z*5lGnJE)HB034Ob`O>XOqrPaoyhnV`B;W|nk_LJ<68E?17^1<==wJ^v4950G zLOWnco;PVtNj482i5=<$Lxm_@h#-|UWT%vA>b|0ysNk~!PT`9E&gB?o+gD3_Zhjo9m1B8H7&5ugbRl>m7IUtI4@Mh_Z>3qd<#A z`uc;)eOL!!ZJIN?BF`#z$AZkc&lIsUl?<6hm&?uwYo)qd5zI7DA>UE4(SSm1U3A8^ z5*9b9gq}nSeWDbG;kCZ5PBWZ3Hf?b!9fGaS*v*3ciO>9fi{`Kn*K07QvP(0?nki;* zqvHIg4$332%S7oaT$W8Lo8%L&yNI}?%FQ1M#Z^KQ6T(@!faJKfk20qbPOj2S>e^HK zTXjWhor~tIn(x?92@;|9*3W^aGB=n0AFYDb5y|3G59%kPRZA1`*q)(VN}<73c`9U^LI^O z%beJotNr}CHE17%;5u5TA zPV6&N?FBaFCY*+cNV%`g*D9M9I2HZTlD=~K^;F@#SZLaTtcGw@+ObeB=aGOCp^_+v zCitldpnf~8b*t99p|9g9TPvrkQF3&3_#&$g}^K_=qj~m`SIN8?LcDSvr?dC^4 zysfQm6WX=2t*z~(YX4||TiZup`1>@7NLc|55h; zkv8%NK(>AW$hGJbgP-jDC)lyl&tNA`{Y*&|0rp7Y7)j2+!G zdUWsT;nC5QjNHH|oZy7ruvehq)sKz{N{)`6 zcjUa$8%49qCL5JHGrH&K9w2*k?~M%j7*rhp#5flY=SzS(GBR=lZ>Ev48^-nmUn7bN zjT{*nzj4plkv*d~jE){1-E-3(rbR&N-W!1=4(jOW=uy^=V@H@iJow;)*H(ZBO4}yyRU+Z~xx^{`wC;`R>1c{H-tC`oyR0d-W&(>&7dGA2;#sFTY{uBmYW2 z{M-9KaNrTw|Lzxm|FCD=J+Hm<=YNBW*Zuw-XT10IPksDVm;L2M|MRu}Q%{-s+2G0V zzwOAo-}1U^-t(xQE2hrA;N|yxDO>*OnSaq~fArpm|7hURV-L(d=3^&4?^A#Kuo>W^2`6&u>HT!`$#alKX*>=xzFD7ihtkbJ^!oK_jL{3__NbaZfk4%i}K!G zgZF;nhA(ewYioO?KRi10$nQVqNsm6Y@4GL3=iA%b9yvEW*gw7SjeD+sVCG3f&-~m| zcYkkiy7Zi4{)|)hZu!y=wmtsSPn`JD{U^WvwwGNub;TQ>_~e(~`ER%0+VzkBd-~Mg zM?d+LH(dUysk3`~@3`${8+%W?`_tFVKKQbG-*kDzUiPg!KD=0a%ZFdQ@v83~ea*>Nm*!vb*drG_;SFOid+*(E`S7!b zp6b8yp6Ab?Z~Us@ADQ|2;KG3~{Q8j}?+f1jwHM!f%C_e|xcAzZoqF#(u6LfX__zoD z>i<3W2KK~d+8@@uYKB&FCyPPeBUY0{_k)6>!EDlSpP@Max9i8ZUG%Zh5C1Cns`tGA z;ydpkw}1AOYjgL1{C96ZGH~G3Q_uXuc|X^#{^9$-`ur=qUV8G+o_ct4=I;B>z4z?@ zdgZ_L{;hZO(YgGG-+RUnw~hbL6EFV9H(q$P_T?Wx2hkI7Ho_xx8(U+`bv zwc2T08sB@@$KTxXmN(p-JLlSezW;(>f9|H6u9~?0-!7Ow!NVUo>+*|(4_<$z`~0Upw&M?1Zaeo$Ke+GAGk08b(^Edb zb?};VPP+T;TYofqk^iszC%%3C{WEu$uG`tMf8%3*dibPgAN|^8+qPVK&RcG{diPs@ zbLB1Q)6cl?TQ52Cx^KVee?M{C<);jO@PjYj@WSt0aZ7vmBNv|7`?ifY-0Xjc-uexcrLi&x250ze)O}?xaL>I zpH7^+?KJ}vuf6#<*SzCDpK<=$c)zO#B?|4&}t{{2%w(Eqs)p7-Qk zuf6>ZPyT_2y5Vyz9!#&+I(0l% za{AeSxaeIEH(zz{8D{t7Z$Em`H@}r^wIoFUU$log*QFxzRcj|U0d(Ed*W01_rCnvJ3jD^D>`ra>yuymciG23 z;`PtF^N}4}zwoNVFMQ4LgRg(qeHZP%=*e5}GHW=~eb?PvPygtKt#?iR&5mb%%Q*QP zcYXbfH{X2Q%OCU9*M0dTpStDY=RI}iWl!03MemmSi@wd4EldItUYQzrL(^~^h;`RhAQ8p>SP{og|$dg&V{ zue|+lKU5*_zT$PS?)^>XlI|~F@lpFzx4n6`{;oG(etFlX@3svdJ@C)BzWT_s`R$&2Jd^DxA0TvzB7ODSL5${!szF2|H3a` z^vkjRulU-@kAB_z-~6GIKK7`?xBu6--+|~0KJupT9@%?EW#ER7{`%?H%sj5=xr@&_ zwe!lqxaAv{yzwJHaG$mD8^67}^XSv9cl^V{esk5CM-IOF^_TWP<$2y`GJkVm=Y`+g z@RW*o*7VV;MzU@h8{_T4g9`jEJ?$4h0zI$%Esr`}z1Gk<0<6GYI z{oJF@ebVb^pY*Gtv!A!|AMc#|^3cD$=`^$Pm>oC&`&VB0$|sz<&mB7J>2Lj^S3LYh zblJCGblr^~xcl{c2VUU)?zbej3@7VK*;ofVW`^B^0ef9YtdDoMEw(yHv=HIvZ@4x-I$GrO`@4H}b;wwM8 zpuUwpzx#b(yTyCd|GuNYcq4u7`|kKE`KQ;^rpKmVbye?+U*YrbKZuNmDUw3W!>7O@#dG1I5>c^Y^-^m-aul;`eb7nU^!g$1g zo@#Ecf9yZBr+>cZnrda}X^(%|XTIlderEiiuXP^0;`1k6`kix5{@v4__0%8UbzocJ zdv_gp`zs&0@xcxEy`b&yp7Wcp{{D+^&9$|)o#_u<=o{E4CBFU9)>SBO$rX#auEKO- zOR2k1>g_qZP$(4&Po(bdSOtEzymbYv{makUv|)H?Z1BT74!-E2p1z!T*7+po|Ca`Y z@?-vu^)CB`&ocS{y9-V6|GmZT?i2I>TlA z&hN`ZdJQKC69q+Q3?pdaZTOI&l!vgO4US7}N-gAJ+d#P*SwP)g8yJCp!zCqgJzfSO z3zvyiLg|EN5UP4k;FeH!N>VH3oXup~mEEghevzgsd?8r)qRLr>UdAQ0k4CGqgUa2U z*@#9~WKa~5Ksh&M$FT^uGYHX|Ge1LvvQ&{7vrcIB+O0-B`K^n&D zBc!SmzhYD?o3`)ahGshHu`*dvO_fILqbm$0gaq(viPj8d)e-=3jK*-Ctcpny&6?m4 zZX#U+{XVX)i~MO^U4nYRF%ejnh_FbZkAq=lL>R`>hg8-$!9#qL7rUz;PTAQ_ScBzm=(9Y~K?5gpEu>n>+hSEG( zjx`-ziI^vLP*0;;h$4~!t2)i`rgIbz$7Eoh{p=NRykfzMI9aaT*#RqHgX!=@mj9N~ zmEvbyAS;uqrPLXoh{?BErW0akamvSjcx)$%#e|3p5MFE7U;s)B5vv3vz`iyqH!I3^ z74)%elBK2UTXZT6oLi|dr$)p$fTXEehe#u650TC;Eg&9Ls`!VT_)+YxP+GbypCT+S z0T7uCUX8~w+m(aMiIG9BIG%u|IHhIZu)gA8d<2XR-0)OrwCpu})5$$l#pYHqjfGAMW@QjkYa zbfQu7G7^_TS7DdAj1-bbR}h1;v@5H!A5}k}SD%tZ{L#7f9S>K@fQ2btLCX(UAX5jw zozC%)9avT;3aH2(DCdn+3REqeD*6tTkBbEg>LGd|oWT@8U|V7x<&PsCkMK)VsK#`c zP@ihL8zh9&RVdV#=^CcEl2msCBp|I=Bjk0a0~7nuB(Hls`K^(bz z&2yOuRI}@|;1kb=q=8~Afm8S!qbi-K-hh7`59>VbR-MvIt&SDXc!ng7aJ&+;p5=$} zl}IJ@b(HB0%vj=V!z*AV{KYwnK2rF&tb7B{TE?FoYLe={$q`K+&ZgpuhrqKskp#Gq)nbsV7pq}zceLVhd^u!ov1$%oF=JjS zcM}}R@#QR_u>P_-&RC_@w%tBa=lHi>|9UV`UC$ZwrT1orVj5 z$aV~}diPX?G$A03F-Ymo>N+`GjnA?ykE?Mm*6=(?)p?)s3+%J#pilG&{(k+=$9qV;5lB#+=t5m&}JI^f{O1RQ% zRI`O7BWqH#g=3&*3#(BxhWyxBzB;LwAwT_k4c{mSv`)L%in&zH>sns((%4(8%}e8O zO(qYRT$jC5*;=EyQ@L4-wM(?r+D)Cx%Ni`5%ExLAT{;hIwQ?#WYcp~xFKe)INxfRV zflJY=)!Mfdy%Odv(~gF1;X$W*wP8NdVY}j}e(Z(=hYn=LMK#05fousK$cnStyNOkw zNk-d2(8qynCpwU=5bOsYp-^c*gCpKZI1||OZQ|wo2L^J5!ltgCz603xwLD3U6l-L4V*6CH9DVi};8^bbcXxO4{CDrB-V^7) zkIQ2am)Hieb(7FiCI|bLcTz7p=yd%G$F&W>aQCL3O+AE=-rhcgY&N!R!abWemB|)^=v%tF zi(NgqucxoKh_Svo6W;I$n>Ss>T%njN^h_6fO1*uh;wG)HZ%gmyvkSeY?!pPHw$f+G z{=fdz5AZD4|BJ<*rvBg8bE5wrk7u?0A5x&@^O{UNsFr-Fc{%Z{{%Okp($uVZNXxVy zTd-XIuR>2E|3g=y*mdIk$8mYEYo0I1?YUwGyKeY%lUD4~dNZ*}*s;h1mO)Eq0;@U9 z0;T7@Q`ItK>Wrc=VLqPMcy`o)5>H&p*_euz(7oxz z{O`Ct?O~vv$gKreA}VWjnfCC`1dJ}~A05eYI}X=v^GlA~(GD_?J;IY~K?;3l?*+gb z@klHU_^j>Bqxl;4!*wxMtM9Je#CDe3gEGnd&XyR27%AtBg*4;}Qu|Rg2n^Nl!hexjpXIhp>eB{x&>2F7!!1j}$rc8tA*h>J+m?{!D z)0U!ed2G3+O-kL&lPdCcWfL;x30QG3po`%uKZvzm24E9NHQdg#4D&_%63X`VjG9^b zR(FFE$`%WC@rLgbG*>EiZEmX7)yt}7LRY0Emy|OIxfb?WpD!ujhwX|}LK_Z6i{050 z$|l#i^Q_}?-ILvBaWUJ8!o}`v3GGLRP_)#|piBsSthNkC&PJJ4v!S|&)M%1K27dA4 z#SKi?y!?Hna7a&>ltCM@ZhHn^!i9R!TQS3hD8rkRU$`_9uLEj#!OOmCYvmI%ne4 z4lWEYkuguA`yk7lWur)7`Lr|o8oPXs__`(&&+_|KQV@ix;mgEw=Ear4h%Df`%SOKy zSnO1)yE+tZ$CEM@N20nrqN{*fim@3?iBWZty!43@gc(t}=&BqJz1$G@eKxoNRn!@j zcv0fI%&)ZAOB%}EL^89wyo5-AX9eLo(%orpWBz9?=~S^qpT3 zfc9Su3K;mro4|gpg!1wGBE-ws@A6bq!xQQLG~ z;xn&?`*5!3EHvOMzL^@q%%&l6B6@4A1SNh{09}~l>kZNbJ`H1&`5B;hbt9R&xsQOVmwIsWZK~;-;!;&hASpO zMFb`K`sdpXA)P=(?AYdy(%6c*3AQ;(cy9bDwwJBl|_Ci{;I6GDmmVmiJMh&vWfTE^6GZRBqJ6%w$+HGEnp^=pPQ}M1Djuq19ME} zy0?v{dVQP>d6s6XL$oXBRk_(sbdET)?P=_`s|+_mP?+NmD05j=zeu{%DlmQYdaF7j!P;!Y+rf2XMkccFNu@#q3BG*7tm z5>2{g0)LtLBp>BcStAq8X=GfFmud&5xB>^3HNiUq8m^2v{)9&;vHiG}0Y(PoeMzoo zI*{Z?4^KWO?;mmqc0TPmtZ3<08vAJoru!} z{0>H!IvQoo^&FRYK6BF{Exl=@{>ka#o&5vT>eK-$`fDD$BM$(&7chKmUsV&fFkSNqHfRZT33(y7 z)f4kG2qm-u>pF4$0p^cv&lU@X>;}&2l)Put@sQ&Z8`X*LnL5l9xyh2(z(NsKX*Owa zGiuZ+Xh(EkrY4i;bDIT@*1@z%8ACeCaZ3AkkoB&EOhN|%3QQzXZnZN>Cdsn}XgKp0 zB1-sCT=xLgPE&g0jtf^0G_^ExY(%hLi%+Zm^vaPxOYe)TM>R16> ze&*Ns%bb`a#yzf?vg7#F_pqBUn>O|u)OS3hE!3r52ANneS52i+7W1)JWeye7&V)y| zW{T9dvrPS1QN)#zuW%{LQruc$GkHNevYaYwR6cY>zEKWgn7`$4V3@vUIo0@Uv4GY5 zLFR31RWZub5`IuDH80fSBbg(%-{PBDXT2{+7U1gn^fDGXrxpOKQ-5? z6CX2Ulu|4F)Le_tBvR^#4=ro>9wrrYR{3BMuiSv&@M46wtf~v)R5oh($=DhtC|R^d zDReGcZWL$E+Y@V)@J6mtHdkt{#g`~ops~|nw$Vl%``9vV+#&T=z8GoJUvBAhvVbBW z@x^jyaR(47vmKs6u(`q+PqH|dH5=j@D|%} zE|o(YXl+C6cTSK0_MJeFZCS=ncPWWm>dY;izoU|@bMEy*IGKUk^mS1C=Ia2OPr!D4# zb$2N)Si%hp-zFS5l(I+P1ff`vo?NWEiQD!=4OgNZVtSp*e3(>FAtkMNE38}t61byS ziscDdVH>t;AayCW<~Xz5@mvzPC@RaQVreduK;X zKekllGyCWmP=C0B=&b2Zc*MmXiQH|I@)SP~c=V`~=R1eZeO8{s;FY9565$tpFfqD^ ztsf=An{W)S3Ii54>(O*4+_F=p#eee&{itIQW%WCo6Y_%19r345k zULrd&0v8eeVF z7U~udEXVTXdnT5UmqbpnwQW9lNl)+8^6=3F}8z zI&MKVS}UQ;bJAE5z2=~76bs4<^Cehekh2LO#5Ps}f-so~09>*of_f^pT$4-SuP*1fc-&_WVNb7_b0p_jMtGq$l^@}tLQb~`wqcp|3#aTNhiNH254TyTL1urgxc*097 z99!&HGIb5FsK};WQIQoG?J%JPtIPx+z&@IcuqZcTR5>=Pn4WCgz~y@iQS2sK@6{fH zta#*CW7%jW-o1FY#Fj-2K~s*siH9OIeQ$_M$9He|ll00G0EvML|6MJXe@P-VDz}F@SN{sZ__%w)u*W$)!gKp8#GS4w<35GGH9hxG1Rq~Q;5Su=Vo-d;(pi{HH9L?bpy*Tb( z$`CfNI z#P|`X^YRE4M2>zRHbeUV#~IVGO58%Y$Jp zw;~xn`)znR~9&WlYLEEGi zw1OtG%gWq?C6tAd{HiO=jby?;iFlIi=ECM;b|rO3 z`!AfC-aR?gKRA^D(N!q4hA=QNG&QwE<=!RgD%giEoSy8T85keiIlLxcVC{etal#g0tcyOe-e7yMRMKe=F1CvA3GecwN&z#>M zBWGtU_Kcgby`(WoD(aBP0o5B~=*rnxU8UoLTl967G?<=8aqE0oLx|R}M+_NYV>#8T zX;-88KxOO+-zj5Fi>1b>7Ft|XqjdI&1XO(R7YmAmv7A*rz(BW5V*6ShFKBucBeY$` z#|v^hrG@rGi(-T#+=mY3xCfO+tW1g(6>p-6Hf&wf9gj>njx}XoMt~6YMI4t|LE1t+ z4)MY|WtC#DSy?t0OR2n&sJy@{FRY;QCH3%HkT_4eQ`cxyf(SlNA<& z1jxWW!vdSxD@LJtb#qBeu`uWLGX6wc7SDY+xl7c}HTdekfi3Zl`Ijh63q&#X-rp zabW4ZTy%c>d<>6G|B!OdB8k_&2#l@UbK(VU|Vj0sUx@kVWRP<+<-kNVJ2~NR( zE+NOOs=WT&(MZ-Hv1_7@Wm{LhX zlYxVhPD&^Z!?KVF#2Pj2z$bC4WkpTY&_u+RD2pyfmj+H`(Yb{!t+_$C(f;GN#VWk4 zC7YoIoRk)jL6~cnjRdd~=`7JLJ>ptyuwhij`&0Bq($pNUr}VkBqi{$r3vmePhj_RF z3-4f*`znc3*7G&fCw%w8ZaVKE7oRo;lvDzX@hbL`P|Mp3J0zkhSS~X80j6++V|W4$ z3=d8s58G8jqZmY3F)bnWe#a@;!=HqLCA5D-v7qt)dh^{~8#)oZD26XCmcSr~5v4p% zvPP_WINi5Qn>3+>5^~W-(=?RJv8i_JdnZ-8wr@BTBdaq;(;`1zx&%|4=#&N)J7CdH zk`z4l64wY~WDo=V8Y4W<=#(!ZIzO#28LFFXvrMxNHXW!;oY+Fj$&vUO$u#msM_b|9 zM^SbK2L^*mg?Ma&iLy?ml3iKdB@R!D+6d{jz@8<>jPGHaR){x4Y~3;V(Vnf+4q7V9 ztlF9m7>dfd=mcR%#gc~zm2yj-Pn1jPO?wr?6}h{S$U&gV^OF;f=ZmAcgX7_b2DopQ zGY?zL*ha-dR}aE8zAqNo6jr4iI|uPwa8?-90+mg^&c@)-B%ssz3RZ+3Z7yu?${-Y@ zNxqaN71ZJPqEe~V_rNqts95MOWDu$HxOE)VNuf_SE5M8VPpA}> zQ#s{hpV`PMzGW^|K5Ldk&H6^#AS*w}I$ zxKKg?#c@0}hH4Ib>DvX_7VNgSqyETt^2xiAaz7`e9kj4nm$fG4ZoC?smgnj6jKo-1Lx)8c2o%*j&aH@MG;crJMkbLzPHePN{;8R z8lN6g^Tn7|n+bvMK8jwlR2s^eLL0yh;Jr(#F+<-)o(6_4u~z6Q4KOx!mms^-YJE%2K)MI6|5tp=2a)7s3qC0I`c8lZ3+nB(Hk zHZcG)7{pK*71JUjZazxNBR|@e&_Av^PL-A9B+9pVp5|zG{8w%+dU09ckzCnw%F28| z!5Gt^a;(kNoJOH;wNM|Bl-S^aH|bemqormenNa+aqO$I$Ui zOd2R#+RB?iB1G#U)7YMc!nq2~LJKLso2iH`!?cDN6A%ZgzRLfx*~?36R=~lwypVXS zrOfrwvnEj^v`w`x=d2_oUMY_j7q{hO0Fuy?=4mAul63$}6QIn}&Ct{Y+r<3noMo1) zSKK+{mMV+l-E$Xw4NdJ5{jzJ>Zn@^hZLSJOj{|JUs^Rans?F6s;(HBQm;Y#0vAJ?m zU>r)~ZN4QTE&AGWU(>%dcSg}}Y`m=F1tet(u8PtYhA6SM3%A2O_YOyW5d@9 zsg9jTGq8{I;Q+WT9|M-e#Kvs)KJVAvZF%`?wfwC}kz01*VdET8RJWYKkQE}#!$wnG znU8HH(&4~`Bd*Ds(6S+zBzy=>8n>;+>Jfxh0Yd~RiJ~0nvwSUQ^*ExsfJ6b6#9|u6 z_Dz2ce8`%BAq3OZ$vgs|u(f&&QC;56B2Z1Lg8ka+;k&#?Y|BISbomdlNgZ8l3-H=X z8whYqj>X4(;0@jX&9s|1t`+tkOlP6k5NPiy}4g6H^NK(^&ud~7Bp5sI`lY}lSz1@P4F8Bj9e z5o%U#)2@QVVsAiv@iIvW>^0bn5FKJ9*(@X7!DW$kAO|7jG7L{KsT@yTC{$7$cj-(Y!laKOsb#(Bh zxGA%06JwueP0CYB&7`y_8Bx=!z*-1mljAABVG)tMycIc#a!F#6pI5TTxxS^ibxjFc z%m-FG8Gy=ib)We|*|?A1N!be9X_Yg#6+vCm^lnuhYNd1N)dEYO zXs0UTs_0$KOnmhKTTRzncc7K7v~pxE=h_Sb#QCB#W=W$HoxzW`+_&^jHo2v@lI z@~7^wrI5Tv2d*`wlrJY7ygz>jZ&eN6#D};@X~n}91IhZTrc?wzR6s3|$hr1vaqy{p zh@xpyzFI#vguk-A&@daq>V*`m%9}d|>=?LKA+A-qSF5u4@J5`US<=cYVSB?BaU0gy z&MAa>us1(4FGFB>_8y2wt>HO>aF`U8RpIA^dDx{%MVzTwwg@UWcu42o@T`Nxsq+Ir z$aV}OLM7YV(HP-*Cjg0`jMRowb|pNH(2hnKMR1A+>&%X$;R)naRH9&EWdlDevy@Ei z3e`+^`x%GEc23OnP{S-)ohVwZ6oS@kB;|l+n4@Q9h*Ba$V|&!m z88hCoOCn1U6P>6eHnp*9QgPEch+fVb)I&iC@z~ig{~34Iqbp_*irn{7>@0h(s)u5g zUUVpn&_9)LcnrK+KZ<6_#xU{C_EpO*9xW?&1ts>l$%qSJdD{8ZsFWg)*j*U&G{$Qx ztI5U_zvG)pCDbb~vsr3SrxcY5_g$2C(awl`nZBc-MAk!*XiFe2r}UNm66y|b-bq`C zFExD&*TS1WMeEb?lax)X#c|3~S8>;r5PorQI?VUM3ufiYmt)+c}+4>Y1FbcF|&V;l}c+6%X7Gy&EY~#mh{*igkr}JH~vj zZ@~cg zjE0Ttrp{Z3wY1D}D?Be--fOT?NmAE=;2Jo{h#`Vo&*4pOr^G_&;gf z=duz)e{|S3Jj&PHFwsG&lsidd7ca(q!7y<;Z$Xozkq4^%8maSB)rkYu?d{@-pYJ&q z&v57lVDNZ;bOkQ9EJv4FOj*gugO#pp)1B&QnM-$eHQ%1I?4>(hO_hq-v~!Gm@Ek^t z%LRcwB9bA?Q<;~r&#vd_{6bIex+`aal&r8KQK-nGScfj_!C_nhD-sf1w_A4Rm~3T& zDd@88XrWFSt<|jjxxkp=KhY)ig{GVWs#$d5H0+i_Q4Ya1hlU1%QY-1|T~H%7ie(gv zZvKsO{K#C$VV)i)CXp)FkoHLd62}q&ibjkGmb}U@%9T|@n>p){c?XiOWf07E!Yek# z5qjUTh$l6F|HY6=p#oan2-7Ig+7bug)g#Eo?(QwT5O_uwf9xq;&cWI06SJF~iyL# zO!zs9ZOn){dwOK*>;X2e!VTVpw#zTmBU9>ojtX=$OwG-hh-b;~L~y^cyr`TX<H{f_Aj00u`E|2#Gz6lHa700Vb6L5J( zj@ZmA6!{<_F@R&h*=YDTy5E+mj!BW>*gPRIqk+NUq8|v;+eWvHgu}U|`mt-cQl6jm zQ-vK*1stZ$K&9y7R3>`?jjwhboDIrE_bqwRw)n`(ZBz0Mo`Z5ZCfe;f)^yKDx!f#i zupch>>$O?Z;5SN_^hp1O0nRgGL5R)dP=&>A67{`qd`pT1-8iV{BkUFE3X+D@eYuZK$4Ti^V!<&F*-j3LH z-6EmL0AHt3k}dQ^xfV8o03YIugMs?oTCWcV4&+t1-0S5x0C2Mmw!u^nD_vyMJ93g29ga9vDm^Vul~|9Y zzCk=s9hxmNN30T>$DYmV*0ISHydsYjx1&*P+Cplv{4X*kIYRS}H%q)3;kpruP|sFA z`9E|>-MHncWf(CUr$cVsfsAJ?rz#0llSnDGfL64)xK#ib0Tj7rFirJap6+6R^I;>e z9C5UF>6!)-Pu{P)d4bS0LLs!=zNWO6JZsB*o~hl4FFm0FRpO!rJ%a1#kn}WpxkKUN zrv+R#^TAN5Zdk~Tn1wGiW?*8%n#|U%z-XC1Q$vf3r4~C0z|cY}7S3K%9z5Q1bHw&( z$c0cSWzvrz#m!a$f>&a`QCLONEZTwiI&X)3-K_Ja04fO)hH?hh2OuSZ@D%cn?h`-9 zCA?K`kcG*oXKI+%X6krh1~wHVf||M7S#qD*%_jfIAgM_(5|~tBt4P-q){u zkJ|8n(pcPkS>m=4Gj{W@braE%0VZBZ4OuMP^_tROXVOni?q; z>su9$3D_n+!sw=3V^%Y2(1c^t-Y(q>z1a;>{f<<*tIo#%XYXCN+qjWM;r!N9AdF@# zX~gD5H(S}x`D96UG-FHJqMS_DOpev;2FZ?^jh;rgBqs4*`$5imx&0*HLgC&wHYr(- z=ZI^~L?(ekp-?DP6{-r~vo+9RT2(qqSr>+Qg}%4Qf>#g9o99#`J!*j}CI6f|_r<4P zt>xCtda+4Yse|?NwGm=3kT((G6J*&1V-HC!Kh@Mge{X}Aw|yoaifg}eDQ>?{!m7Qo-|2uxXd{x(p?J`t_E&|pi%F8^ z*Cap2YYC$bBtzwWO9H0nf&NIvZlMx-CJc#K#Q$CTz%Cc%Lt$7@76V0Sd33Som6tja=x&ydvw| zHEF^#igQ0zPrqOFbb+D>Cr8Y#4m=dZh#AIM#HpB2PtMI(hZBB*o!%1Us&}P@UwR+? z&wu|PQBwbZ{`>#xnw@ZI^gsXof8G+$4gcrA|1S@`mE3%pxT8_v$twi`fblAmYgKiC z^M$eD%Y0#M0fROJvc0`k0)>5RUWPAl^Nr9q=;-+T;`s33^7v>!7d#;g=q7kdZur%R zi$+e_~cnAkTcZ(*n(@;#`WTd@yS6MQOC{l_R$-RnQXG{j;L25;5< z^TgE;n9FN?EsfOiNEL3tD_4KpI$v<{P9QE3>?ebVXFtX4JfOgS0&&N!uTS7}VGA4%hC)%L))~d>zCqtix-PNYL_e z1tv7CJ8Z~lHG)6++h&9Re2aV>fQ&2S@LYovFWKy!}=ZIkIGYMsY-b7Pw<}VmLcax9#I$;709Ux1IEN zm<%jD>z028Nw+wcPdoGHT8r<_Rd+qUOBq>xaNBe35oE>z*C!eCww`S~;{rCHo6+j+ z@aJ9&0=p=F9Jh$6u(H)FN8)CGH!*335M8Bi=kdCLQ|DtVi2PQP3_R7fQx*S z=^)MroutU6G@D|om&AqNQkPDoagKfdDw8yEe38Zy&YTrFq9x6xf>;o%ZP`38>$NOz z32~1@m!^T|c%;KR(2nfNW#x^`(AjfdIDHZH#gKjv50T1$?eBEAw;@Wb%)+|Ep3ZR* zkFrbeP#e*S@sGA={Ns1S-Sy4aos6{Oa$k1}t?iz%ilB3T+|>Eq1UJX^lu{3Xv8@k+TqB)XvB ziLcGG~sxh$vGSUW=@JI0P?m7~O8SySu&pm3UGs_upP`cW?Wv z-gb9)dvCYDx7GWq+wbjeZGVNjpK8+PC!?vGeAT`8Soz6)A)iAMjT1M`LT-yWkmCb7 z-!Bv;~pC;8;q#7s?Dds^m@oMO9TEop3L1;$~%@9V-+6;yp%LA?@Jj0 z{F8kIS!5n7f=zXSrgN)6*a7LS(_x;6NG@Pj# z7u;tn98Z+r!{%g|jCr;LyywM6%Me3|jDc`6$LOhp5Le7lN-Ka`Ms>9+f;}OJjsp>! z<@D_6_`~_x#pTP@HJQ6U#wlvI)!Y5x`ncdRE6%C<_Txv?Cg>MRqS#F*FI&GkG{&9- zkKO;H`?C`XTt2p>uLH6b)hoGHh#W`L4wPHZqj_?kLlWu?EQM;2;wfOsQ;!^1-ebc;NR~mkbyHDaLnK>?z#f5x$=}aR64M*6A%SlfTis{I>JE-CemFTS zS>VQ_FEq5p49|X(JYdGf$(_mAA&5UdD{_LyxsC%wyxYln^BsA9b_5z*jubKRo3eU{ zS{|9kB*IbpvXDy>@lvF%$}J%)DnQGUO`tCU3b6CBX<}w_9&CPX5sBPvE~}Cn#hjRu zv5E+lW%lF*>Pp{%*bPhM2a$L;J|VZ1hrAw%5D}xmc4?kTj;y*4B)Mml`RLo zb+gFRE4aTR|7r@hDtg`G+?dC$o4VCQ`2QC2|9+U@FvbaW(l}gTj5+?_-QM0#&i~ur z>F+-Ie;?!X+i#r>bQ4VXLD-Cf5Q9vaGO~CRypJ|Iz;vCBmE*gZnS4-citRk1?EuF( zE23RnL^kF$2H^F!ZUIu?IfSkdPpFOf$s~T8xSSBZC=wF!|2BQG`$cm6ZU2e3>@!Ay{RAWxrKVDnd=~1SjAZHp2cpyt9(M)b1-UqLxF%-v z5ZKnPke*-3VpXV2MjvTS10u59B7GVynN04^v4Mmckf>$x(IR}X1W$0O@rT-Id7JBj zw_D|oD-m`}Z^Hb^A$2xUZJ3cLqqv?9qR)Y@SzOA^b~8uBF7k$oRBQ7x3)idQ341Tk zyb5wl{LyLzU>>6yqJSN4vigoot+W%~3d-os;U#FR8oUi_F|YEx>Hr@fdBF1O8z_UVzuwZK>$Mzdm!;~W1YLxdOOtV7 z3NB1Mo}s(|)kKH+6C9YpFmY$=eJypB=9`k!gS%ini5Bh(SSm^mQBf2F+juS zO$jE_&z9MPg|72SR~)UDe$~zA6LJ1fi}a}@XPPCE3|Wh@RlPyj^t@_4T)@pUlG78` z_9PmSS2MuVFqeG-wq+3c_zpQx_K*Jn-&{bo)yTtUo1SVTQ?E~jyNS18FadZjLwQlfnB%g?9JV)y?# z39zkF5g|RWevJD2|8BRp)yv)g@AUS1Pxt?i@yW$a6|+3K27uBytZh|rM11avJ$)K| z7To{SAZiZ@Nokt6aobC<-#`G&+5f#>FQ5Op)8Bc@|9q6sZ$`)?(^|`{8(4NnBvn;6 z@ZHq?8=kGB`rrcISVnHL#{6wC?s{8s<3PQ%d(*R?B2(VDCP8(1Hq}pz@q$EgTmvds zf*m$RO>=Rfs@hL*5~S`}xDMsr;6Pk=i$)^sW4{nj$r{Kht4TO8323~g^{W5xPxK|+ z*;djy6P2uLngnr!by_dI5w!pO+`RnsS^Tq@{5Kl&tJt>ja%bfj^Yp*n-MswY?e%t^ zvYxRd*pUiZIG#eL}~RO0k#UzUKdWr8sc=MH2+yI@pTPhig7sXoHtLl%+Sh8N&MUV_SbC zFM=M}POI6<1{IC1+ZSFn;Vk=%>%aW|htohD{q-_np8u!Y+s*6$Tf0yG-$(h>IBLYD zwvLD@#!b~WZ@1eIZ#b;V4J{++ON2&ij#|KAv`mpv-9ab@Mh}?;&U>wvQ9@>e7iG+9 zLCE}${*{rmRM@QA(#B|6V|_5vTtjsqVQ_$3&Qu!eZYDoBH$HtH`?IwCmzBsHoB;FW zf4^Ul|GT}X{NG3U7y&DGbw;_q!tYPl?VpP!@Yg?`qe$`E7wE~iWVNrPbeorbC{Q~~ zL@W_6_Rdjdx+PlG9(e1}_|2?iR0EjeL_>yx8V?29yvqUbx58i#u9>J zbwNR~S}G`trulr6yh^>x(NJWNl_@}4=lM+Qzx4i}24h|}txdfoi0cf%x&FUG{inU| z?o<5NqkL-oe`>+MA1=*)$LCv&*cf&%=F|mj4k>Z%J|;!z1MPivQ|uZx!!< z`cLs6kMb$r=~xS!7y07HAR0T@oTjyeQR`A_^+`iHsPv6<{KRl|CvuaWYI&e?2G4bWQs2qs#1>7N9Eq+HLO3bdS^v|eOyv*S_YXz9-H_NHUeq?mKoW+<*FC;@u z)N7MP4^H?$%lv<=HMSZbm$WT~EB?VJDt~D*$-Z?yk!3J=A57_N?+q@9_+`IGB zf0ma2aT1UuNM~&?bm_hB|GPW=qW!=76#x4upBnvNt}wi^E=%a;&I9UAu%Crx=fSzz zz5F~_q7Yv-f-)cg3J_GkooV%fwyYCRMi%AB$Pu zCnUrTazDRn;{Pk?f7@F-PyYW$`Q-M0GIYI)tqwoASvny}@GJKV1G*<#aY2Gtejfieog&aX);3V!MLY+-7pX0%a{x%>{g#Lt&^`c>dAD@j)rtZqtz zV$tDwm5;^r+4uF6SJk%{o%-kAmyh+ihy3Sn>fB%cZ}kfCKRey6C;k6XJ{9sG*7nOd z03KiGFNuY=B7R`zBEwIb`-Lm{(i@YSr~ce1A}MI?;>yGLqRg={4@PAgF~77zh#!j; zB+Wmy*3Ll@ z^PNoDElx;EJQD7s%foZ{hVQFMn#S#fWGTFh*$^MYBfTVQ6%cB%G~lch9%;6ghED9q zn&(Ul+Al|H)^!nbr(WEqbTT)^!BQoR*BEm*qE(ZOYi1EQMDv&FU9E;j)eZ9ElGe^; zoSVv6D;7WZLH6`n>T_THPrTiAulwJe`uX}#JA2zt@gI-! zG556_$5dbD48#Htz7$X3V{gxU8-Yaw5Gt_BaZc#_c$~OCu1UI~*q8T~Wbke`1>C-2VBE-nvFFZa>=^EVd<9Ed~8}ePvwf{i9o^!X3(utd*iA#+k_;UqL>W&c^p%=~_ zA_?ksox4pmb+0j^SprYe$1bJ(Rn9C)7$HkRu;r#WEnPi89Q`voyI2hQ?_P53H_pGw|#lR%(16rN&#a~Qeu zR)xXkNmA=bv}1PhT|mDv+>KK`bC*?Zm)Uy)LBP!)`ib&u1GN|?B-0VnqEE*af**#ox^)wX@KcjG)Ubf z&0G2l@y<$6~=7>Du{yXwmwurFfO(ALAmgFR*U zYBn=Cs;#DXubWc?r*7nH=4F$AMkmkgFWO%2i)4!0qnk>xY%I-`2^l!*K7Q=r)a&>| zM-x+ny)oXfw9(;fVJZW>tsfpLry<{0-0Yvgz48+4Su3j=|0_h&r`rp($3lP&p*=4Dktq4UbZ?%yzNl z$bF>9L&1^UeT`?dlO`EWv2Vi8UqS-~*ovIp;3NrrtgLhW-iYqa#MPT3Ac zyd^q3K&~Xz<-{IwN%DN2hSc$r^Z^&ia~Z&SV_xIg!;Tpz!Ht_@2Dk}lESEp?Fu5|7 zQd16dFWwS#fzwI&G#{G3N{0A0KcjYpR)0IVxIB4%aCmuk@zaODo}HY2_}lSMAJKOY zJ9LMU?Vju2AbsrNQpGCQUk|qAIr*>)zS#P{I~ZIZUo5-A)`D_6%w19(-R%ES_q8;U z%65Q3O1P7Iosj9iZKVOszu}q4A2&ZL+N&_@s)?ChWrd|ZDMZUtqDV<0~+fS#|=VyeIl+K%w z(2h$dAbz_y{A)a`gkK{$=C~d?RnFz^PtS?}14xg<&<&>c%R$ZiIrKV+xuYE`ciei( z)kVzP$Tta<6iS5*yU!)YAN2xaAk1xY%Z8o=l?oS+7uc^24?rYB=RX`)fta&QR+5;S z>V(`zsC`lC9BPEuatN8aocu=a=~ZGZU3-DdNyrOgeNMQISC$V2U4QTrD4%R*M$M$ox2M}uH8FIl8{ zqCfwc?^_uqipcf1$S1a*7-AfwzG?jUB*Nd8pR$$L$W5bmngr}D6|2)EOs6hmy!7D# zo9&+I=K_qLg$to7y?TsOV8N4UL|)ARg%(;11DYboYT2@4H6P+ayG9JTVMuPzli(%@ z@faUd&kbE(e3aKCtz&PvZW_9cxx5ki;{-!^(;*+Q)bE=`k>Rw=_YkPI?CXlk*OIG; zW=7B4I}h=41e1g>TOAUoA{WKXIC0~c(W=~Mv1&jl_#lMWM4~811EuI9i}Ww8DtDxQ z`N0~=_`bep{-K95DET&XA*y#CDxj&~AH>TOlCcSgaqPTtD|fLQ$BxK*;Z|`KHkz%{ zV2VkW>d;d39r|u9#miigjXM(@PW8hjPDsY&?*~QVP zVwYk}++r*v``?dk6qLnSrwQ^8#y)beTGZ;-Ifq+~VqJ!V{7Kc&Seo}+v*3bFFFPWG~=&g7@yxHDc0EA!jwpC4kF!b@V+L*|=4(D3@zvD%?k zv!X-vF>f&Nzvcpg3TdrqL|diq;amb~1&taY8;$t(I|>rZu~IhD(Dkmf_==rTj-Jj}*HWaNfcp&UcQ3PjoI#T#@ss&N${8lh}I$7d5c zo}ERAo5Ym+32(^9PCSI!)=rUW4rexd6^{P&VJ$ESzrPmKSC(Dn#O(j<=Onf?9IFon-W@eu?-!DPCnkHOFb&p1gYh=3YHj zFJ5wtvd0&$18uc=f zYs@c(VO8DuJc2Z*JU4LnE^B-$f0@c27q;VK9y8IYW2%JJhGip+%GKi%XRa`Zt@gF5 zX^xzq#g)5|Q=_;@^&!i8UFNCiPafreGmml@csNq0Zfz6s-(1Ll8M#Hv#ipDavenG< zk;C7Px0+KkLiSxMk)fU{W^BLRsm@7KBW!|*rfwMGq#Z;fvKVDqkB$w%`Gu0Gl&ebG zHDaVc)YXKXRc+X=InbP#-5Lf=u&gNBA%uS=Ds|`DDRHrddoU$^F z{A0)2H3e9R&NCp6+#t*nd^t%losiIP3Nzm?FGL`JW?`uLe)H|qauIifYdPC$a6iVj z$NEzF+MdM&v2~6#_vUIF-h(i;4f26_+6KBHORs8`x}s2U)vZh;izFoDvB*E*&CQ!` z^gGm%cRh?+A6lr@ZkgXW{F?{4_FhFTj){Hay?EV2Izb%~2h&O2AZ&+ZEMl8i^Kr#| zj%Ky02TR&rElrJ*fFxpLoQR;EazJG>DN}XIelFD*N^kW93tY_C97^2Vr5co*x?vEx zZ}Yr0=hn5V+y6r>*-6RNbJHizEaQm9Ika9y7zH67VmGZ$e=-ERYFrWP(<*DrBXJTO z6B>xy_x)Yq!5o;<(uSQwEbqTH*@dug?^>M z{(TyjRVbmV8bu?&cvG-te%QibjV=HU%9MNR?w1%`9d)jp`6l%jySyv{FYv=0cj5ye zQ3`pv+ot(TQ2(hcT(J@!T8om+v(BJQV(>#ez$TlGx5z(@kwrZ*|V{#wdLt1%!R zU{7+u_gR7xlucgZ?WS)0pz^E$^>OdEn%rzHbYRxrRn0#b>$>0jwrYu^vUtn4NHo-E zeNAFc3H-`c{S>wB8?3wq{!=MFmCpe*UezUo1LlSXEO<0E4)kirH(m`6xuAhhfdwDJ zz@v(^RTau=9*Syo>MI4xIbT~g$F8DIiE>{^9x>qga{VPm1dR}*45!S{$a(~zl%vBFE*$O_a<-!%!qvl$< z9uotceIY7to9!s(0yfJq`V!#rJx4*Ny*Z&H2AAEfjpuEB_{`n^+x^`B-`?5Ve%k+!@o8YEw%hIU?S3dt(?xcC zt!?@MTi!Wjf2z!5{ml<5imAb-&*@jyo8M?C31G(alx%tRv;5-O|3dpe zh{g$~w9%$FK6Cc}?p{B?|NA>zdr$lSF+REdFIQM@|F+=8RZ-6#cz*w7dC;nPnCCk} z*ndT!IKDGd15`(&#h^Kid_J@SCuSxmpxo2*r?Ot44w%?&9jij|^adw~WE#5(My>B& z-t?T_w$p8QTgW+dV|N&YK^kD{{4E<|A&8teL2Ae(Q^H0#y(P(Y5RIMd=hO*E=cYHr zsoPsIO<%JIn|{Rpq;^xTGjMTz!m%$G))sw0>OGqJRjXMw($6ZGn9o2sCM$mYT}FHT zj?yHU4zkfGxI?XfMlC}ix3xsB9?gv+lA57q#uxi#7?>TZ(Lm*Rupy*(rvf3t;;&rq z8b`kEAszBB`RW>boAZLX*`+5*Z$Yb#PUo>)5J?vDfX!0OCWOksAnhYrW#5|HyQFm+ zv43y`pn2|`o}{VrlgDm4vEqAGdemxugoI=%PKxEqEGj9NNds!-+SX8QK61v^c?=9I z#ICi(ZCgWGDG9n%*!zCKSlkUSGQ0MMW0u_L7kH?euhUR)LmF1R7NgtQT2*ldl{u$z z7VKQ6-c$4_%En0J6Q=sxdUsW@ZgYgqtDA1M{T z*KFF7VdUS7*?$Y!{~~^NG4J18`@g@}-OKy`wz^OLzeo8zXvp=$c?qlHtG}Q-0Xb76 z)pQ^I4*kCQ8j9W0$qM}Q?b(|TM<*9AS9|K8rw8wjU#|Ay-{&VsFL}dn(2s7Aq7g|@ zNXEzy5|k1~2ki3T^V>-fV)PI6HER24^)~_dBl_8RYmmP($cOStggI!>Y_HKezc_w< z^7ogkYfxL4w_vz^M86}7ee{fW7?Z4aI^$>S5=p28olYz16w8=RsbB0fe@HXVxGfs@m-qvH=JM*^F`grVlohq-iv zFo?!x3$DR3Vx#tJYxqAaK3e@+f_Y0w%*cpuFmMsY5Zmse2;Tx(Z(WMK1iLBr4eF*z zh7D?dgAOOyyDm-zq0{3ZKQx#SgK;vl0IR)!)ufjy{@;ubQZd6`-xC zHs7E@IbL;(WGoc_$0(@Ww-0eExX}3@jf3c}ozF{|s|C!v|J&z%pjW1$?c!bP#HpEGUQw*-fG^}t3 zE+7pIX8aNb!Ee7+`HIIl;%OV)Lu`A>A1)qfnf>47%r`%C<9~L#x&6P@>+d}6|Ht?= zIsg9vhyIs)&^F@>9S6dwW}j_@C{q-6#Lw zqkM7>YI|RQp6DM_l(=zBJ4&7yo^p;T`jQCdjnqN=PPV)3@wCc#zLg$rBF$9{l^7>wjr)<)R+uzxx+0?wj%Z-ya(ia`G)W=jkerPSv z!V9$cE^fYN{L^UHH{umDjZ5Cv19zhhOhm~*dwkS@sI9D3e&Oo#PKw;O$ z#WXqAb(J(L-@R@8>TNPb?PPRQLaeHXHA6zvzl=y0`Q|f<=JTG70ga7UQL9RGmOu7V z2fDDRNTtzfNcJ5^AcDY z1r((OG2@956wxe(H>O4;;cv826ek${|o!Z4icNh>;g!H^M&3ViZKkMNDWW zNR+!(?MtQ5Bu%ZycPkq$`aG47{ zR?Cx;HlihcWMa}vM3y0^b=EKbEE-4g6F!Kh1)b&6ksq_VGEP0N2X?gg#AvE2Czt$c zk5O`0R5D(x`EdohsNX3*hE;N?pvqUu7Cg8b?Fi$IW>vO{hNgeK>IJ#xv!~Q}C`&K9 zF?4OQW@&oOsnlFL-B14tQ0X{j@1!gw>QULdD2-&ievsw+%ggfu2F0RuwFA{jKzpP? zaj5(|_f6CHj23#)sQySay4#h01V&%llQCA5TKa&K>4jmM>n zdzQeq%IW{EGdW9TZQ-73y`H8O&nV1yc31d4=301miPuulR%}=9tSv7GTidUkm6j=v zTNc<=NwH!%#?O7D{$+iZi2sOhyu~WO%!&W%?G*CA`g>3H-yY}lTe0qbwcuSV4-;88 zuI5XE$STDw^y85orL~pwL1kZ1l*j#Rn#gs`^N1M3ey>#usihmi4`>ex1)1m2fLr#E75#!MYi$zOUt9DoA;V-+mc?ZT^DE75bxo@;? z5$LC28M+kD(53Nh8h}zc0cg4C4y_7PsX||etkeX0FQ$GpR43+Y3ZL14XrTW)6C6&1 zaYPcl+!*un|91NM{QvG&fA>lMe~iyJ=-f@&MuJ10uQIxw;0O(~AoSV!AG_YQJI2&m z`37B10xC5Cis%G~AsUBd$g?DZXuQcd-c5rW3_$|M_e?eT21R%b`YT$C6Fds;u+ML( zzFv3GSrpC?iJ&J#3B@=;VGvostOsa5zAIkkA!p9Hbrie~$i& zGyFB_!2ioHCgTqKKlx936LmBo{zf1aZJ{e04!w<6Hk_e*y|Uq?(|Bd$zgE6MKe$Oi zGKx-)j_HaMC*&9Gr7KS0W4FWGCFGZtvmZ~7F9x4`Nf-Jw*#C#$ADq59etY)DnfgnO zQNRE9`n$Wk`TgI0+W(L9`3C*e@oqtJ!gR4%h}^6~#@7!vQA{XE1d!BcXB zeKbnQ)GXUkfoEUh*?*z%+}JpoGW6Ui-QU$0Uf-E50wTga=);a^rw9zPW+{Jve85 zH+3so8B4-XGczYyLx{y4cu5b{jv^6sQA5n>FCNBXj@TN4RpfJ z`5TOIl8^*VF{SR9Nr*H{BBseOy@}~A(-`(0Q=Cy2j}zC>O=*07Tj;xj|d`<*Q@O zp0mR?tgt1}DM>Nad-nGB)`86m+mpq>x;8D9RvJd1f;(Jq;HI0 z#1HU&+xVU#v2M(xFXz$UT4)~qKg2vVt{^xgC~Qj+iDY^u1-Tm&pXvjHiPwOp0Z}F= z@&oFT8=TBmHpJPPtIo|+WT9T25YiJu*|>jGGFb?5c{uq21u?+|Ib=*p*ZVsX1u025 z%Ygs_Rb3wr;!IiDK<5d*!BGnJ63+=uzbE8ca-%ro@E!ItIK4;EETcFF zFq$D(b%HYs;k$k`yWUdo{kZ|s%AtGYGqXTGxUSnS(sRT5fs|H40h0)$Z81=MNcEdP` za6uw(u>+^4WzV*=tH#oz;oPOvd`=AA1g`REi%1(_OxM40BM0OG@t zsA_CdO)54_Zvqa81Mix#R~DOkAQR|AwsrZ?)IfhnqQA)6b)DVMFA%!U?z%CNZ6(^w zW1Md|$XFkwvk(g=iW3s!B%Sd^xTS5n)xOz6!ys~#8T<7n@NuI2OU5u;#bKJz>kn`c zbe$cOUT_qgc`54anH)~YZG?u|7%}#`WjZE$8${V1^5g>rGvvY57V@C28;0B*N1mHe z#(5zbgC_vpx=F<3vk*A16Q;2|JkAuhnqlmqLD1HHwcw^&Lf?W`2T$VA7k+IU183Y1)qDPVhd#U{k zn`EU*-q(m}(jDK$gksZh6K69Ba5s0NgP>2SE^SPKD7*{ETzEFUUDxULtg-*q^wm@+Ux;Rghq|38;y*TC2XcN(VSi z1zRQzI7$2%|Eg@uIs$0p1*uy&{8(on)j~^0M8YGyk};ZkZT+Xt**`0 zH!85ax^;u}HA#+y7O>AXxGRHjP?kB15lw?IM65mM<)c@|=zD5(ePUc-*PmjP!7NO= z?UpoVdzVRlfo3hOb}IUdiB@;qRvq*9{4_{|vF-yCG34ZMU1%g2D; zuY}IE9?9uG0tXs5D=3`iyl}X5NJx9w+71f%c5}(K=RE)Hl55X-ZZ3h|)rM=L=_B9U@EF zxD|Wh+;w_g=k6Ib7R*r`2II?liWOlZeg>e${^?2$<{%rR-U5!KJ!k9l%Yk(@i>}k# zQPb$=WF;r*AQ(s3f1iXG*bhL%Wcy2-8ZvwtBKWi+>6l~i>y#`suS2BPGr{QM_~7W> zG1Ei1-zY+-ppy>!q0+qMr`ly=CGj^U^HA*0@`0-2B`; z67gFG)0|>Jr-8VnK-5cuIHeZAz65A!LPz2{$y#)HAVMZWS|EBQAjIM9-W`%C;#8nZ zkhxm|TKGvimUPT0PR_$@97M7n8ffX}1ojNTFBDwsIECV{DJhW-(#Nua-Vr|-1x%{* z%=0S*!qAGo;XfGTJy+vxExv5FK5WuwPl2t!py4-)Op*3|v5*nd9D=Ev%tQ<@h!x^< zZ>vy15E=f0J)2{8)tH(C2Vy0JPwVi2AAe?MoCdHX0W2bAc0tNKu2k7|wv;OVZpO|) z#SXu?36HM`B6Jle7+xAV`W~~HNl1|t` zYA&b}A-jvLXTRhe=UW1}^$>J%^gRxzD8VtI0RSl@t&%@o%Q!$j_JR3)>0}k`3-3&mx@{9x=!Lx5WozDFz?rz~^ge@(>KR8DW9;g)OU!OZO5n(JSqxGVLkzrJ z6RxoErzX*q_*sb25PL4;nt)mRC?dCTDV1RHyB=Y?WCXz8N$*nOSU_z!j@s?Wonjih z9!9a7xKo@;2h$6ANy{J^H~I3of#MouB#)iKJo~Ee0)G7+XYbKhamU%ySob8>&&wS$ zyo?-p6xdps69JuvB(4`?f2biUZeAdaV+U?G9+?c{xTR=FNJ`VhjdiUCra4XnaGr?U zg(hOSLmt^X>DN|rC`FV%_3=c0ChPWp@=|RAmtw;t}Ec6KW|^nT0Z1c41*h58qeAZ`<>)3eItF>0s-JEhnS+ zgpnxn@L_^|9HoI9Ql=5g%M7LOyCDk6IPk!tnZ|ROc+X=gyw9RqozeYR&q+sx|9#LBvR%x1bZuNW$i+ zwOE~nsP9I$ds{pzifW+Gi$LE&;A6offU<~fsw=qfxKX?piy}b3JB^1ixamrj4MT@zA_F+Ubsmhz5~|1&8ypGfYPzQ8+{W z?s&NF=&^PcV;58k?t1(io`I(L3kf3lo92~^K9`X;5QcCfj%o_mUsvr3zC&BETNS$e z%igXr`)w|86Vsg}A^j7?GGK$0C~gIDy3t$rwV57>OV<0N-GPnfq!o_J&nv zrBL_b48zQj2G4<}6uL8#rQ*R;{x&OUta{LH#h~I^%k`&0#ACYhdW{&r>TV&Ck(B0c;&%7} z1A0|(J;7Ltv3l|(w+>Q<+Kn#rAzy(oV>Vb<#gn#XBexi2S;3kNXZofycSX$LXcpVH z*ugOHj_*Y%_&rS!!Wc6ht|w}r2!tAjjq-;GKx2i8_0p-M;r{^BALz@ zNUyDM5UiO=*z1fhaN?koC{2i;d2E@gG9$0hD8QjewHXo;VmAV}r=u~`oV%41*GlPv zOH8)p#u*}ZeL&GD3&WWpSnw+|m^JWj3Glf``Igg{5V}tPg#yv73?0$ZGfjdi^0|ew z>)dgGcc#`cg70;YfTFEFVv=!fcN?~~>oFC1-N50w#K8zAKZ(4A*%MM`#R<8aeHdn= z5#R5>VgtaQ0#L3Sh?>MzvsEwhzSxx$BT+#~=`?yXCakG;@M zcy7jEOR_da!;FXb!6s5ycj%PdiWMDVi29@0cZ@mgmdt^lJnRr>J#?5V63>m8WeyBb zN;>rNt~-k>#F+-%i|^9JEm1`%IAnwfH#>`~Xq>W>V=y>Vfp`WU+a-7~-g+Mi?gGPw zM|*>k$Ba78Q+?+SttqxLnMKK+o*it!^-gE%8x*rdU)Sj?G0`(kX70i|A|4f{xY46m z)+6FK1wuWIvtbx`G9}gMt9GX?qrt(<1iYEk@j)FSS7otVgh`_?lujHF(!y5KYvzk6 zYIt@$MN@7jxe+A)d905{uBZ0>cICF`*A@_!;*p4w5Wgj3P${Og2FucVVJagU>$AR!S`%YP92&0y}{o&s-^l__=T8qZ|NE{`}j zI_{Qqgycuv6(|P}tLkn$CEe!A*uFNG4b?&PgyYrd<{;m zV6UJRoA^loz04oLLgq}|#BX~75B5S1>(LVL)Qn<$LIoa`T$_+UUO5$Ry0Em+};Z@JsoEpCuGRh(hcAUfLpZC%_46ilgpu?jJVtO zHE5OK#SH@h{R*ckPRbG`EHlR}K5?ZXsw7pe<^sfbZgR~Fz@n)eOZ^S-y87*-(OG4V za(Y=aP04r+vx`iFfLHO+5OmgIUqQ$Vi)N6zR_+@Bn!ozHdiDD{gM}ZirMPebC~HEZ zb2FG+LsH2k+?!hpsiLb+-{@IgnW~`#1BfNd;s&Qrdn8tg?M3!$Tl~uNIVc>+b}q+r z>Ck{7yE)QXl;bxlx?8`to9q>mG0}Z=ij+-aTkZ*USFN;L)X13?Ta-;S%|;^>2G>|! z!}!Fbj(bZTck2F1BJgSAYubVGfN6(G!EqM&xFhldWUauq7_^;`5Id7}8m{YUbW5f& zpV@Xav-Ly>kj~8l7)ShGSkB*7x4hiuV|tW>4nPqNWW=hQr9@_|anFK@0n>eggr+jG z*+8IMf&lmrjnqA1%hAxK6D@~LSCj3OQP5u~;95`(aEkC96X8K>dLA78=ean5Ubb3S z+EXiC-Qca&V?0-5^cPqK6jpm|%*&$Z(nH0DESFPPC2wd}R$Sx8!R;hSaVUhE9W-ACES<&prRmza(#RSJJpBL z#0b3OJ`E;TH-#DD`aZSV$HYe`2k#IQBL=o=_v`KPBO|+*wnyUGS#*4Zli7f8+^bEl zX3>mWo;>=Imz?4`Ao2<#U|LxsQgE3>;Fo#~q_lClD@GxsB*E4~`$$Q%uAYvmL}+Yn z?=&L`z6(;yIgMG+!rqP(+y+6##MM}6NO}~Nsicop9m<2+=+(vX!QW0!-ymN9W$^XJ z#(xZx?^ZT8j?R8Oy*zn$jNYBR`Ti2UIz|`A|M~vp;`j)?KD$5%r|A9pn~Q^^O9yn9~=e7Jd>kLt2P?`;8trb_9%wSDP z2D;jHcAUE_hu3D3-v*2h5o9!Z*SBusL&Y*T4Td4!*wBg%34PUP?W*g%aCWW$hf^X# ziFF~!jSY?1#s&|K6Uj=P^eYH$K=DYK!eq+biA!Zd!q;ekG5Uw$MgDosEES?;1LKx! zJfq-)1n4;&0xGx(`^bfhCjIg_w1Ww(r{$MqitjnS=UjTi*3tsWxJ}DnWg0q{&?l8Y2*By2+Fqq3Ej?j)U~QS7PBj;= zLg!98LU~ z3U0(r7))50(9VR=lp2tG3bLNyairqC4{SY@lkgc;FT;VLR8P|htJ?tIEdk$T@_M;< zg&q&76Wa>_={dV55S>QSvq*R%9MB2Lcv+;#hX_D8alj*CKzSj7?Bop!c#8^M@oP|c zt5mtf9WTK?y+T<8?i#pq<)#qm5z>{Q{9CXS!3n%3Y6!@aP}(4@SK>y#*((^ChK7)Zm>ugkbZ9VQ{Uks>%x^~UqnKSEk}7YO+CW&l>=Hj zap8rrywS5%D0;?rQ_eAJ)-NfqTmrClf`VbK1=BbTMl-dA(=6tR4il23IFio-f|!zS zPji3m>a+zzFo;7%GWNmwiLhh!Vb2#a!5&k$jOt&q)RZy8cF71$Hs6*3LxukL?6b-e zN;1a(v__r*t>u+bKxJG!>pH<<%%^q4vlfl`e5Nn?Wa8qDan zQ_@Xr4$fqdTogp9WIfY_GRqGeFm(+1Rs;8%8=;ePZPbD^Z}Z3-Su4#%c&h@qdA-jy zwW%A1n`nytAe-`tCuXLW-Gu;P6?1Ml5*c6!U1r9O&i;FoxE?;Y9s|vZR1H=Ih4&Uw zZMx330Yis@8w^jeDPgr&-!>i$h7wMHdCO(jRoi2xv|{E)eo>=1q7*kt78;^=Tb>qC znO0)PCItLs^GkCen8eS^k!{WI3u&EQ$PAP1RD4dG$LCl+X&6OqkKMu`Z=e((It)qX zBT?NC4wCm5Z-MN*47>~)F@UQ5VQ5G=#NzPuhmNR+6bODsB(kqfO(!ZqRGVTE*GbpV zz_(?5)od{>v}*|FZ5atQGkKkz5ONEN+d>GYN2xnDx^`vPMNFQqp#yKJNRC;J->lTy zbLlMd9FHXUoRDx3{EDwkunIMOxQna(ECS;}m9Mg(ifEBx7WpA|M%aavV7ufc4A4`_ z47S$IpP&#yS4Mrf2{x}F#oda;!Gx>Ah_||x1o`W`zoRKHpkvz3TOtYrLg_7X=879! z!IjUshzvRk5^H8UUiZ0uxx!CiRT6|D8ZX52$X8yLgjZ6Y%InnIF;1_LpJ92*NBCBh^qJ;>_Y~6I>RUyA zL`avQxq-vL!x6>Y=akDD;{)jAg#{caFAO=frGoN9Q8T&Rg)XGMKQAT;Kt3;RuN(kytRui8Z0Im3Wo$iOK-Bv~q)oTaH{ZkCd^ zzMfN|MA9@ihTGAoZsoYrj%PLcY?t>W19N?Brt~W%lnx(JI-a0l{t9amA;(=H3jInnUv>Zoa&NnWO+k0p&=Y5oMUOdZk z-2kS8>lbhyKX>*@WTnx(eRvFC9scDn##lNCe#>T{JW2G?fDtenD5Ey!ihR9=7(pG$FLZozZvmryPp{z% z9hGdD4@EWCTs?481w0o{WZhmrr^t;14OPV}+rgB@z|P=TCQXdTJkV9GkL*g1u_edY z$;oTu+Mh&d!c!giMRifB#nT}Memla+aHd>FdYFFsFb_Hv#eWN}VqXJL0mJ=;ASh0H zE^1;i2(_A0QE#x*?@QDN`vjqS$mc3Vd9PwfGLkM?d4s|4$~BBVJIq;}1X+|C?hWo0 zU*pH_y13;CA&sM>TYUfv?gMM3!Rsh$`?|t5`c1U}j5ZYb8pciujJa#GE1zOv5Y+2E z&uwMP_7th<@=T-mNvO+$!o5V!>7%c8^hhe0e}NN`7s@K6MVQFdgucldJ`jsv7C}c# z6GRxY`mrBQm**6dQy6rcvv?r8`rVp|+z4I!xgwMHyb!82K1P17Sw74?9cL@F^TJ+Xx=TcSJP-k4c&r)P6;@cJ%7Q`-`{h1}CeSFuiudk0g79q$` z#@i1?8HdbF$mh&-B}+fZ5k)i!jJRd-kapCTy@#SM;XIuotzqt!z~oLjaF|({W99FG zvoYQh*B^@bZ4G<(XX`l(i!)2AsmN`&CNiD5b9>zk5cFll1F!RpZu)w(om`w?!+l^t z*#6mi!@{72rf{6#wvw-c%0jn-f*LBhLiKf%VUQ+nGP80{NTdpYLfRWsgA-mHG$uZU z;It7*JW+im45li`S-uJ4v2_+#miz_)@~q(crV--Q#JqTETgopgxU-k%`ubB+L(uPQ z?3r>G9mG&h3?7HdN$mA zVN@W>wq}AJhpX}|Dw36T)-`;q$=OE6nDwz zKOAbP-CRg(QO^(+(_D%o62apdO-43iN4H7`ITk#8@#^4E?v_#==RB7)jn*y+^2u!k zby#G~F#7A!t3z3)7@kie8!IU zez&__*@=lxQQXsoVH}c-JL2r4ofX#c^7!K203Dnjp~JJ&qm#>%v(o{j8NDAIZ=#Fi z^NX{i_lNB3O=xv=GPt}rdG(%s0|0ssI>KN@z{{#D0-KhYQ47%t(|xB<5(&bZlPNzq zRjEXExns=J*hYwE-b5g_$+T3M{*b3qBrd=HcXQhGSMGC%godr8IRTP;TkOO)!-ZgLO2-5gr9z;D$DI15dr=Kas43 z)<^<>C9QRH)gk`h4{icKW3Uor@`nI`?{MM;pq1-TC&6cY6Tq?*SdHh-wjd`r&uK9{ zNuBV!?5Ri?hWd0oewlj>s9fM6^1=*AA$Zhdkor&0GvJ2g4g| z%Ke|aB{jsy8I*D_qV7gB{#}Bps4)l^6r#|e=gJL|CT>La#V%uI_D!gqAui(N0dSl4 z1O<%TG(9qn15ny|oq0Y@9WP@|*pyx#BwSEgiIDHzDfR;wQj3jg|45SSf>404A%-!? zA;xKX3j~pzhS~sUstW#e6HOrpQ{~k0{cp&nO(snl19~ze-&Jx!O1FrlfrpiN zl+!@WUO?hBkcbaKlOz#rMW2l!-ks;NiVcON+lgmLYhi$W2!3=!l;E2HmU7dyw>J?E z-62WjzepmN+1yP67(3-K#ZkJ+BiwE$B!o?YND_<#W+WHayeN;QoEll%e-q`&C#c7` zS*#s^7pF#or*5G3CyrhIkQt*3Ok;`@9L`V}MAtyLVGseIFpF?qE;u zsfb!YictrXkzVyfCd$PbU%KM?J)pL%F`gozRO-c9s_hk52<(Xx2+lGJdrrk=nZFOYK2^7IPPjs3sX@68=ei% z_wB-(* ztMZrxWb$#E8&s!TCD_9t$%iv*9K8uC{#S;hG@S7|?J?oUHB)$v?Z*XC-$8GfTE&Jv zRMVH56&hsxa7{_IF=K2qQz~QEn;?Tgh>4KljB9bA7yLvrKk$528Q+{r>kg2LZm5Urz_&(&DHse6q#(Zs#Mpyf$~z>X%Pk*GF>!*EmlKYyT~ zFN~4{LQxi4A&40{GpNH2Yoy}w<2YpICX`(VDl^$7P=m{0D%u*88_qZole$W7M%crY zx=8@LbCd+pSXwkVkY}H{@z>}&azm)YA`HOkP(HWE&-x(AcaRg3i7~){@B$Z8@@(Y9 z5Vve8%w!9Ay7K1JPtr@HxE6l^=_0-K&82Zo-y zGcDQjQV4=WsBP%a)AC?RnA!+QqMPy=9{4X&C$eoeBk_nrsU+LfrVtQBv(^;jG*=cz z%dY(uWmm29nPxOaV}>t7kJ}pw_JTOTOlX;^ud)u=r!Y}h1!bEn_AMNva?GJICU@Lu zRhrpRGFicM6UIUbnFbN#6K*|HV|c5SDT65=(pBZ2?2$cVYLNl;D#WskY|ErKf}e$cfTQ zF-~~43lTdGLglQP6pw0~X#P4c$RyTZ7=CQ2Tc>B2Cx^!^{**L->4C~In96O8W9}|P z1eENQ0%c*n3{cYabRnl#RQQohhfB#SV+u|33!w&*flmacu-SyJ2AFaRm(mrO%}r5= zUCPWU(@QV9=-mqWb97&#=}H_mtu=)#uA;R#d}|7Gi^)XH2ocZsPFjR`681#fE|^ z#(IPDz)fl8(Y*6p6Z^P?Mdo$*E5R z-(nrGr`!lCc}IRWRb@L&j*)_e+kbL7^D+$xY-HM(ZYJewA>O6Uc2^6u8c%Hg`Pbbm0+`}w~Z|ESZ<1# z-Z{0E03I9K@aAa*3b$3(DXg?^k4(8L&G^W2%P31FX9-vfvIEABOnL@eRcnFNLGO8m zB(`X>ifK6G5RD5G<=>d)wMfI6Ww@~_T~}JuXCvkvIb78nn%?I{Of#Wo0h$KGa1dN| z_2um&?|({C)=Ayo!1*#H+$dw)b`0hnJ4OICn#DMw*vI@Lh;0L7NyI>0yWkGe6l;@c zoM6uQGqFR!BExssGekTHUPTc7#$Unq5O)E)4!V>I2o<#lr5>%yL4nF`CcldaQa~DN z{|k}jPBAq!8oH^f6^noBI`AR|S1_%_cvE|wgqf-W&ml$=yOcyK*pNrCx(P2h8AQm( z)JuY)SPEry1mmFSpOw2wuA4XwN{#?dsXYfB1r$st{%+upZo=p?Q=34cI-GF>7A$XO zVrek|s|d!6_JVEd1rvLpYE;)4uGsY^c@x!a9i-G=+;s%SR#59;fKCQ2^y*-6GLXdm z@#OORv-g+i$AgQDgVW2C;{iImFt6p$UZaE4pU~e#arphg z>E*$zleZ_AKLHE9KDj(S9`Nvi0|Ddw;NtS+@cr9^3v~Ye;{0rI%uic>TNvVy*=jT< z5rt}65KoG^RcNz|8^;NWlYpt`Fk$(?1Mr`gxQ4%!dmAaureLc`aUD>Q?38$cGLyMb z7x%2-jWsV?i^eSHz2^>kt4PW^y$#%95dQz{y?cAxHu5OEf9q4AwAxsXN%@kbTPMoC ziY+HrU)%T*;ZZuKKuJ%1^@w)vgM>ryXREzC`(of9;%tjAg1Fe9MgD6Yn$5Iy=kd(wdUtu zdS6FDfs=qn;Q$0WnA|vFoNK#<8ZssRFy&w!FFzm1J+145C1jwsEW!lIQX_z_!c%{2 z>+nTyDh{nnOA$Xoo4L5f^J7P$%W5$B3Ffw(A7lfy5HuJ}H6J&yUDr0cx z3EoD2G@8ema08cMi6;nD0!fAzK5$^lYnwoaLO{;>1(+ zz6!Zz?x7xe!>+_j2%nM~VSrBqaJD}1Xo(}k8lq)xX%+z`uKZds(u|G5d_mI5tSA{r z&oo5_8AzS5cr%3~;3<9P?%j5KZnI-+raJtiy)N>t~5G6hbgglmn(>^RSpB(s)D z&9Topg<4=ziMma;0ragpl5f9X6#Kg{@6cVl@jRnqb-!e9di|r88(0 za6;o@#ALO`LE;ZDXv&FmbL(V}l*k{d+iszV3An0!^%*Z|kE~<5PN}pp&Zq+ZRgJ)F z9iFLK=~g`t`8qJJZNoMT1&tPQ>R)R^C_L(M0v`F15CS*|ILDGu z@a&>k?^a&M%CtJ5nac`TNYzZBSgA8hLQq@_9_)y_!nS-$=NAZ4_j#!8@e*^&?yA)@ znUcd#hLiA8amvh?c(Yh67PsU^6>rN~S#P1aB$B{*Guh;`X*z_Gbtr?ad@gIx1qk&X zku?bM#skzzF&>h53ULuwqoyb=;ux=fHUMpzZ>j7QA^WK!_xoHp zJ*3ZB#ne(-_)^mgxz%8q1pb-gw-USoZCy&ODJUYB$%=eoj zT$lGdx~c#D`GYBZ?h_z9s(hGGg_0O@mg_@52BkgPNNZ$c6sv2&7WF->U6(T@4Os_%2DkNP|Dbqiwe^?Zo?PHcP-3uAiKNEx}q!V73I!f-! z%!y$X`EIn=jZ1GpHC`w*yB)wmXO5vo(<0EAnO#L zpP%EpB}ODFdQ2@4g<47WIz23;o<;fD%;s^vXHQMl+i_h5%}np@x}Y+i`9nMHH%_+> zr_?;5*<`zzl-AClYLe2NV_63XSJBl2i^0JW^9gOhiWXicG^8oXK)2{T}IB=ov3WY1r-qk-Lf$Z|Ji zJZ0LYqqZqI4#7%q=9cVLwmtG%q8zk#ahib|EL47$j8mPRc6+Zot#1FU+3o&#+Bs-c z*TpqIOe5GknbX3J$qS94m*mBCA@8G?t|0@tjQqk`JoD2@!@2PU%^J&d)kJO`@*9Nr zJbOZ1H=sin&>CQL$J2%V%{yi63d7^&V~`AigT3dP)%n`1BD?7$qAjx0^;bOq#Z#N z@6WWK5JZ|zgm4{0Br;}rn$99>`hw`Gz^wu~B69cp8adX})p-qUyjMsDXAeXGd5P?i zG?}B0Q?69zBitjq&$hOJey{-H9%+xV;*2^kI1Kbp9B6ynyGDc407^rdoRV*n86Kw~ zD@>84fHCqUvXPm~=T8Qq|Ahz$A$-8v1#O)5?V7OI?t<4LsG*vLNw zIr4P@g=Kf*Xbu-HhC(Ut%n0&`8H+F{?^(jfFaD*kFsO5Ef&UqLP2h2K<=*v_%lu_ae!f08rMFg=%T?9+xNl>G1Ttd*H%-3k`Y>0k z_rl)H+A1R9N5dHpK6r1~86YJ#JT*^mIGZ<|r(0W7=V1WkzCrh$2lmy23#L&0A3gh&#z#mef^m#=sMDghi7q(c z6enJysM}oA4|CVlG>%x}!d&V&l{!qrwe)S^PLtbgyMUusHkLMU|42g~gb>hF)>vjvR$x?xs_9iiRvf z-;O{^MCJ|=m&gSok$_%lQ+IChPa%!=9sbqOR zxeA4#4`)K$u`+?+z#m=^8V5XEDW|l+Q9hVJ4^_o_m8$Xq+tTSB*7q~^^f;Z+#~NO( zf&{NLS@`Cc;*c))ucj`3yYiKLk0oUoH6lFGP1d9GIhW5(Y1p>k6-rLcnzRmMXmBlCCVUYIH^|fjEloGXd!Q~FY&KlJl#KJB42+-AIV~xDSgQcrNfgW3GxDDSPz2{~% z5+G1Pz?`X>`nXPC{L;WoJcPgNR6rq`^Z`UidIKaCnFo(ltV_J>Y~(ie35Tjv^27xcoZ+>1>~KQ;83{su!E5?ZfZel=OvjnxPc+YQEeCZGMNUUjrSO*ORFe#rvu{|6FX-75& z))!!6SJb44C6e`#&r@72iNXs?y4?dIe<>x*gk2e9WJ;AV-K*%MZCvF`^eQQhQ_v=M z4Fbf#%XqRJiaWa;;>2Zfc+o`V{IE4vxR06v<|d7$0v|GSK+Bn*PWDKBy1*9L7=FQ7 zwGD%z!8r7uni~y@a-e{qLd;W&=*Sm+Tskaz^r2LwFbOR(wA#8YrP@`KEf}EgnCXLz zn|Ek+%b!s0$g1$0F??AFRuy7Y_iyfdf>j)~8=}65M@n>&#?4%}S5WMoC}jU$a?+ad zOFE(Yd-t_jRT2kRW7pJGoSWhwd@Ey}OGWYbUeH!qOb?wo(?z3t^LqcR-#)l~Ab>2D zwFL3D^}cxNi;J?mD~)O!8{{peGa>FxL*?OW+);RcUU8T2o)>O^KX3te(`hL-Cc56<unix3hz4p}VwcUrI8 zrzfj+HQ0sd+}z)9b-Uuouf#bJhQ%>p39bE3t7iaH{KG_UuKtRm+5fxHD^?^VDAoD& z2<Swrtupt){^8Bg)D~sVA zqFp$u3&z9K`Z%d4ejHG5l1{N;tY-4$huu$L3}|UnZVZ_yqxGl&=-}<9W+12Pm+rya zFV0PxfSK;Dnnd^DZBMf0n&jo#(uxebxT<*!50G@C*?c&iMKs$fxCfSUe6R9O#X0EF zLYv*o%gW^U@}4oTB*FW26|r@n6E>ScREvgyWju3NTwT8T3a&WGTo9RfRO!1vGvKRx z6f!eR2awkq%P~XQJ(<~-V~*ZzbTxmD-X8(q#Mj%0i}`@=g#I+!{&AR2<^$M!!M>Fj zdYVvL$Kn=s>3*vE)?}<9zMy$H4I@ACD!JR@2kXMXXDKx+uE3F!+Hmoc#`*e{rCn6t zd$@TaCu$;D$OKd|@fYM$ka$2Lb!0?0U#Y z3>Mkl?Z0}r|F+fBd~!8Fzr#iL!$Ynz5QTF{|LiO6uZ?yiN3i!O^rs)?ed1s7k8mQz zVjoF>?dCCFcg@bpZHBR)DhES89AGB({fNy2{j@rer8FMw+ltU01GL8y+G7Q64S$6n z;CF_Kef0;NLNG3}8;)Zdyi1}EMIPJ`Z~nq#>Np%GjI&Wnn!k$M z|5d~W`R8@3PfvQy_DQQ#5MC=A zMC*Stb)wQ!#9lx=V+1HpNza@B@}TNNs#ramaEUT;!w8C zEB4OuqF1*(=-yS`!H4hxtEzURdIK))`$x_8@%_7@=h&#TSz1R0qrlyL9rKGR_P6=Y zK8E=W;4mWNxSmFp_u8dc1&73oWs3KLve#JGPgzs~AuqmiT}9vvi10X^&1gzo z_oZruns4P<*l;elotK8&%8TIyvh_)+zTp_QBd4yR)Dg@}R1jBoJY{>-0q-BW;Ly8T z1d?U7t)nY&y_T7H!_3H#PwJc5gV7=X>+61KJR@_pwvC=31;@n zI$cN$jpC$N2)fdkn#bXP=9C;`LCLptVL5Rcj@q(eR(aBNLp8jHCgPnOqd#XDn`RKQ zZW)3R(p$PX#~1O+ag01oSUiT5QN@5pMStczrLGss7r@P^4AW}%S!2|k~ zPq6BXcJDG<`zd5;7Ju^8AJdJE%Ekt~=>Zm(nXINvr=iGPUzN&!F7ssg=IV_K*07am!&BR#B;OML#9#u**4QtF#jIwD)5HXg9 zmo!>r@jk;G6ETXH=5~MT$I=7gFNFL&56n#;4nzU(Oxt3}G;=EPqbq;Gwfp(`%4g-=Q;<1? zgM2E~G8E%NXw1U)-?vnH3T!_k;#jTk?qr$cILdfZbqrFyKu6XSbynwPr}LbwKYL<<3S%*g zO<6QS@2oW-M&OA10KJ$wR!0cOF-vIRkvBpX*epST4gmsJ-82cO<>1BTqnB_&7b-+H zlxb)MES^f=EiO}thSQ8608Nj?(0VpYF7@0kCuoWWYU)`ORxX^$D;H0`XJNd8aPo_2 z_B)6s0!}8FeDV7nB#YnwO8Ne@eX`1hqS}=+YK7y^W7QJF4P&$~dW-8-{E>I~Cn5az zy1&H=Kj-#V{TufY#P4x)OLF*=?`=&KpMGoi9&(wM9D>ihp6|fpXJ5{!@d|$xy>+o} z6?$D!-uza!3u(0zd_UiTtV=GuTc|Lokus1%0qfeQJBfh-N3tUAwv7$IuO4p5&8!Yo%Y!KytK{}a(d!h_0b zj5>?Uot*2V43>4>*&H&a=I5QXc{dP3{a`$^FWyq>KhyFmdKINl^o`OY+FwMCtZFWXF`S|}$Zp5NbWk7*(~`SQ zfGoCOht%4NrGQtt9vG$*a`MPeQZEXJk81baMrNWs1w`IU0#?JTOGwsDWK=`@^eafk zGvSOHB{SJ9Yc9x1@NhY=&%LeW{gF;sfFV2)z4YT$)?5fN({+}FL_8+GB9P1^=Szu= zXdq*nG70s9(wWIrxMe5wZH$KE(n+WvEVQa$$hNk7Xciy@2}l=OfhONAHLs#`u$aKJ zgb9$~;WG5CMZ9YhmXJ=X+at}hwpYn{Y{ELA-lneYP;%&u%xds52h19|U8Ev#$YzVv zxOGXBMOUVjP!)^$1Ty5thBG-n89=8jIfHRRBt_>c`N&*dkSC#%a}6&utjPJJu3rA} zmM%<%yUe00#D<(Ad=>h)9Mu1&+W*I>7OuaN?j!08k+%W{MHML|p`4op;L__f@m+B( zog2Y<;wl0K2Nc-T#lX*-onHH}x!*hOyzjp`J#N)$IyC#uXUtT0$+RwBKDtd~63u7D z%JJHP?m?rA_cT1(_U^>?n-j*j;HzIxibr1r*FMpD{55 z2C_F4ZiE~V1QBdsz-d`lyH&%+@aMf{ys}8gdomabL&f)qNxA(2V<}G)e^$>M?~$>l zeln)%9--;bN+~K+bA4K1)E}Blu{7Lh$0N;nq0C_==@PY4)5?)#fXxCt&m%S-_`?f< zrE_E7q&0Wy&y0lfR%3f$ukw5Cxv3+R4l{W#)6&Tm@o--dpj?f6J&j!KJ@scgiM{yy z*q>z)YIk?KKXUJ`;mpXrbUL&6vFul0?K~{&y-{)o{>$hd#4%0ICm2+F#-ebzs8p;! zwR(b+E2x()lhlHq1pf(=M8vL)0&IGU9>K&)G#;{f0%hOv_JL#u+F|)>LSra@Xl5=6 zV}T#Y+ccafvaSl;_cC}{W#TxOQNc5qv5q$q&COd~Nd`FTg7{F^UbM1T%%J)#_bL^z zwzHrMCGi=QB+0KHYB{P(X(2bO)lw)5sdAaRQPoUCv4q=zhy#m-*}QpwK~lTum9 zA7vx}79=8R;*X%*0QDgV-EL(GLtU9=5fR_RD}TCoIIOPU4q}727ILPI*MDm^m!r zmm!Oxe3Hs3EMr|r%2-r0lCP>XnyN^bnKRXpUU*7pm^9Vce=FM)CQ^jdf*BI5R64RY zBi_7 z7*(`O@JCuB<9QfR4-^RU0fTFE#oV}S2z4@vlyn`3xVba3Za6kXa5{YYI${GqvW2Hl z3`oc-BJefqJNU}AmY7Z`j%+ootvc(jdO7_G^HyW$W^Nv8J!$!hm-LMhy~YJ3e+{RC zVS*kIowRTO>wC4+0~)a_sSCs~C2EmKD|V&ME3*6H>*Z{0LrF zNZHJnH_wGmUyYz#N@XEA|5Wtm|dxKg#-?=Tb{O{Ro1Jrq0emg z<+&^^o+msDn2_?IOSYcOQf&-?nbv_C3zVpy77yPaIRGF*pY}#>KA(eMvo@6S_jyp9 z#>(}kRGtH#`e``SLIjo)TU#?)8j)>a5|UXjbuuDlX1jl^ARLWA9?x8pK=`KK*dyoD zg=-$`U~s;PS}&ad6OM?YK?A(f)UcSm>l~@HoFxF&>qXW7RGB+vF&3;)hDE=?&{(1) z&n%!N(UnWf%BV<4Js3RX44qJ+L6C%(G-pN^*o6hkA4XT!@aEWUcFwu zIe687bK33Q?!iBWUYO*3 z8IsPk=buWSsWWHltd@HGjdNowJjiFj<|zp=JAc8l{FNl@Q*i$}c!h~PA41t>)GNe> zm`Qz>D!;q2k&))chF9s9<=QpVcbioBnL(+FXVfY$;c1`cc`;bg0UKV>1gqt7RiGDU zQC24p3DK*(graxoKBs>aSmb4i$z;hk?Uj%NM+$xcDVq-cv>t_nPdRA%{$IcJlX_+zHGj!a@|+BV z&*@LT`G#DLX-eGF&jC}PF8F`IL>7Z0+5N@8^xdc4w)bS)`^C>H=lvoJ<_*F)P5cE= zF!U{jP)7*&L3fsLQRudmfezW!gBG4(k9RUqWOtpT5^nc@A3KyjR7kA`#bL$XwJ5RK{EG#4QC`v_lBu$Jc&oaEm#`&Rh{uVK&e~s z>)YQw+uEu>c+79UA@f-L!~G?G_>7I!BHeEHx4d0%dwa{>?fcW<*%L3I167KBl+L_C zBEAXzSXML?|E$j#i|SK9j0Fn)I)bX-1@W722nl8vV^{p)Uf(&oCt43@qD}q!pU?Ww zp5UU~aXhbY5YHh*Q2BM5_^m8L>IZp-zznENlexnN8U;93d!Iuz{{<<8T}g^swPD1z zj0l!ISyq(|GQyw};d$=Vp37SDcKDtyNtSPIC9Iz%)YV?_1uuH#^N6_!v{OEaHHHRW z#mJR|I!9RNn+4wn2!yx{edESKO$_qFlC~ z@`#uoGYi&P+57*?f@R(`RU$JhR7<@x5;_ifDoX%ibsTtZsdK7oThHcEgumObGBo~> zSrT3f5?A2t!q_UJq+&+6V`+Mg z(_KC*2=k)>d6dvGe)DL_;SQj`9+>D3#C7FwXsK?z5ZKfW<+m@hX3B^r8-f)n`&Bam z{B%6RRk{w0iQKzX)7rvN=fQei(to&E}j$Y%FQjJj;;H5B%&^-C=c|-<|LZ3Y{q@ zI!%B&L~q7|f^v8aY&qai)b^x#-0Ge+_ggQ?i?h=MtT<^EvVC;pi7PEj8^=Fv{0!Xg z_7VAwqzQQ>{`WC{gedzVq*s|+VZ_FT2>=G}7<@=x9G$+-Wu!BV^pb6aahMuQUZR=u zaV~zeN#?Oks{k*oFjW;?DL7(aVOGpaJDkuVRP^L*O3|@UJGEz(Z^RRm$`CuPh zvk(i3&u20nOBiR9m5z<+B;@eeOfVQkyG;rXc$Hx0Gp)U~*Q*@~mePimT>xroTLm}o za9M5!LHVFu`v$k;Fx}T*E7KWN(A&VkygMRpSluY1@>_`c!)TVUtr_z1t7P_stH8Msue+ye# ztfXr@NXjPRu%tNMe0)&ICFfja7Xms$LDw3Xe<9Q>R4j4D&*MxM* zpOTsU)Yn;zEfU8Dn|hl7VTB{GyhQdx2(K{O2^&z$wL=YaPbEKJ2)yB$d zEn+bgR!C_DJ>M8rJtuxDOJc|(s_H#0lM02L@F9)GdwH|qd!m41^~Y#If<^34Wg$?N zqbvZ$tCnv^^B5!@zDYRK;rYsu2YO;MDh)h-lvO6pW~I^_Dzl=_(np0vgfaM-h!|u2 z<@g+DBgCllbQYaw%t-93$0st03e-92r{RqE{W$2SNjSXV^)>Lbchd=V(^=%Iwbb;g zgxC~LXJ#h##J`dg$t#EDoW!4zACKq$SZ0Dt8KM~!Yguv#WfN2y>%jt&w->IlEXKu8 zgb;XM?k-(8qhyVo7`tmyDv}6|hYQ=$b5A>Vmz->IejnZ3WP9&S7cLUlXdXpki4O6| z?Ja66gj}2@qc_8@HpvX!0ZBqfG*MO0KfxLQ@tM3&q|#F+Z?_|!kNsIbXepnPK?-Q9 zpW-!5GZ0#45c6Xc+W3S<5#hrmoPh-A-w|fLUK&Kb+6{cJ9Sto`cvofBr7`jf8%h>7 zW@Dsjw-*r5!F=3sz_4KF>Go$pLkZA!!`VMQ>7E|795Rf2&Ku5f;{AtlPmM8T3HA0d za-=DHTJQiSjfYHtyaR@8;vM-5Hcx+)9@#DYwg3^JM$l9NWy#pHJX_g#9L8f0TY0bi z;YBa;hxE)(1;fU1N&y4#88&~`CLS5~`%ZmARgnCun8S^SCq8w(6oT%ZnPYzGBB-c20i3`Mj`mXi1a_CWa4|8G}l> zev-N%VDU+IEFe##qpDI)byfw@2NPTn(Z{K*6yk3R#@PX165~HrZQQ9p6Y#~Dw)e$v zGI#%!1?2H{Nw@l4t9%Zh6@6I$97C4Y6&dbT@ys|-n?63-J z)|G$D*@mk3WbKi+ehW(0g&b@Iy`wG|0h=gE4XHp;I258{r5%$uz1~?@%9(6BoyVaZ zbC$4_4Ot}9IV6jjSQz4^m-sP<=;R}RL6a=*XuWsTwX}4bF#dq1SCq!&`@@8d$ywy5 zLi8aq3(y=AgdEKE9;y5|p)vG*#7CpBacgsU)qb z4aZ1B&xqrZ>6C;h2|mk0h}^J23q-=`lWZ&HNUT!#n)1FUBOqy zCOS^05r=Se2%J`aHL#%byX}lcEiZcdX)z9fKtvY&3!Nm9&ni?Z0X>blsaflx+DKki zV%8>MY-Wr{{FE=4Vl+kWIhf5hpLwh)d0%Hf9S*jiK)ila#oSP07k}q2pyvQhfUte(!Xa-Hud)Go z=*b>ttg~(!ah_RBH}9Ggy5)>mLil{Z>3`{-&#pwVSYzt*$vberg<@t$r?0!cX7`Qq z#7!tlO!BRr2qNLx%X>-v~Y+L(AdcQ#J@_n z?i^-Ph8w}=>1>X*bd5Vj-{OFM&Q`;a`t7|DD~d(m-gSGY$Nj_hQR`K!+3UYQK6?4b zN{H5KKf||WsXr-%Cjve9Xfh3BL4V!uk>F4GQx|hEtecrNYM$Wc;T-nUwPzwfJ@ba^GGg0lb-k(wOLK`A7(ij z(A4*AKQ;e~yHNgAEgj}8Ft$e=KZ*DJE57Fsr+e4e?)CNc_1?Ao>={_CUz;E2)5aAN zHH`yT$*+6F5h(dYXkrzhc9meb^T(dGJ9hoEPF|MVt9R5D2WL!E)RP-Z^jIeW!%Si- zE>tC#*;K^JDF)m_hIO=;m=l*!iX>}Ltd$Ha&-@4`dC9b_b}aRD=Ev~gGF@$szA+@^ zga!1BC8;_pm6F5p#rCxXJ)gL@C_yC3(-rfRaN^HXHifWZOuxe7dP37Aq?djqm|WpO zvdDN*-MrkO~E}za4t7Xhf#rR(n=}&l$>e>tqh1>k!o}-%eLtB zis48%&J+XYV0SQ#fKB}{mi(ghYO`+vA>jK%NaG`B?%XwVI7(K~nrti$MY;e@M(5I; zo2NH(F==Eh#dNyK(VM>0tkvI%fs#8xqeH6kbiQoqR}0fdlyeISDI-@bxj@sM^dRpj z5AZBscZbdx4>4nqpH5`zZdFs}W595N@p zj94;C2m^#eBzr_KeFKQ+t#TU>!hLR@luf6$!mc!jzJK*Viw1YW0*|(AY|UUH4~U9U}ecOfb@%zb^Ix(DnhUsj?&cK9#4#m;M~TXq zmpfkF?y2IbiM;jUdbv*gMa{?)pnR-!e#-21Vi4md)=j}&jaK?SWH>L4B-8j!_Ga8g7_?wAOvvUpZT2kC)5|{An?qj$@5$rPSdOj`N;*HuX`$MI=QcWPThA&q{C&) z5b?Z(?`EC=$vmRGQdyD^6nu0|w*l-Aos_I)D~S*xq#0{guF9N)Y&(Q_Jxt$_u(|dV ztP3h2LP!x{e@gtt=f7OsWpk%`ngao>75jO!DnN0_(#p z62G!UE#{$IN&=H?s#AdX30x|hR9!PGD^m3j;91LDh_bmXQ)F0=DV1$doc;F6>rSiN zwTL|@#xD^E$uj-i$~Wgq;>dh7qKP0v;;_-kS*h#2*DfK$$vnQGK|f9Wn2%`E2QMCs zdV6kIV+<^mylzS*AoJ)M1{8X?!djY=adjnD8*A0;eKwT4-bz0cw_VNoQ&ute2W7NaS{*T%+A?jcLA{3M`( zyRorBP#BSEou=V^HZs$cV?FpBWN zF;3NhnI=LSW2_fan39AJX?UrkqcMrROi^QD%ri~LO4DZ7aJ-N4VNO5AWlZgv{fp#{ z8I@}78?>uie_>#+YdEvw)+ht~a-0HDu_Raew0sfysej^-4_lg=;Lt8Lllc^^WYWv# zm-$a>582{8_45;>_i0SZx9_u)iu^&;P^_eqr652LH}R;|iOH=3mu#$s^N5X!KOQG^ z3^$)v#zBVuO)~Jgl|=FW#uvQufXW!Hv%H?_A-y}j!@4x23J9hT_Xn8=6( zOPSK4mo(w@OvocvT4`?@tTe{f*4EauCr{wNTU%SX|876s+TQuc_LHq=PriM&^X=~T zKel#uzunpS2if|=SO1TH{9`Uy$Un9|d#wE8{!2b<%B#;{EONsM>^SM-DdAF;C6gEf zr?VPXHV7dy_B5yO3UX;pz?*F9$APaD*rJmK%>!^I9G!T>&rQ&xN%9)wfyCQpm{6Jv zTM{ftNL4bniGnOR3TcF8ic~NWsaU!B?At)f(>bV+gIDEf1HPrMMN|Sui!AOlNhqH& zyt9m2kMc%J0Urk>%WIAJN> z*w~XDF?DGm2rV4U#fuv5jU^+B%S47eLq9a8;{Hwj5W{W3OBL|qK~gv*esYKvNufr) z2_8>~Sn-)6S+(wbG0Sv9IE_Z&B})VFV=-;2S!^4N3H67QQX@DXl`||Sn;Sx`BM&u< z$vI@8%W~6!q-A(8>qYLHUbAJphcX%@6Mx4`C0enQmh&w}m$8w2!U{AC+7XnC-x!yV z_(905oR$>=9b~TFQpVBKk#W+>fn0l`dle&5$X+oMrWAWI;kqrutWXM4I{@XDpx)k` zM}6fH16Iq+ZTx>v{dY(HSK2E?2XpU=3M^GdI37|@M`)1S+dAhFTE3IC6juL&EZc+ zzw7^cAtdIP-s9Rw@8(9QleUzZwi=VH*6g_ounI?Hy(&0%|GKZ=fJkkmK^{G-X(ST3 z_?ERLRX&{1DOG5=&Ct=Dp`HzHK_lH0&zc}U`r@qtJSI}y#R|HY9`&MC8cxG_Y~Y+G z2}|w+0F6ZdqHVBhn*y)sz@N?PL>Xg?9n9AMT9+Ma|5_1_Ks%|zbLguEaU5de*|b=0 z{{}|OJ8hK$445mm1;gHh5_li}UH|zpSU##N+Ca;|EbqEqSG`tI8Df&y{?xzj4_L71 z^YB+nw)81fKDgFs2ENeLmry_GOB*#I-)(K>ZGo%U3x|wdgtQN;X+r*Yq|Cp^zBZOeJ<}9k)*_>}n@Q}^z51-0? zCRu|CmKbK2@SDAQy$Ytds$`fmmZave_l=rqWns?5g!6#D!26cW@oq407*C1yK`>%f zt4~0PC4^M5nI8n!EJiG`S;4I?P}H`CLE97a0p5|NcB_IEgu|k2sO#8>t56n5$wiqL zg!nL)GM4WhnB=F>Pg^BMBXA#r0;)foj5A6e}>%UM+w&M|82{U+_O6yafr!=WU#FD(w#2{W!LxBPQ?=Z^|lsSMESCVze zUO)IJ(d#!Bn~%wq=k6;Y5iX0!yr2s&gV>?7$RFm^d&a-d)l0_Mz0|*;G3qRN zN@rx-%O8Y)YHkuu3xe9E3RD+86^!@sZYD7q2^mIZ@`7@i$ID(^>X0bHE8OWzOA`7?>SkpCbBXWl z;q)w@c!V4jlc=F|m}zox7Aj`cA5I`p1*FG;vK=S|q{=OpEm$oL%haY!7hDA0aMM=i zL6>`i=aTKf3_v+@6Vs{ zS;7AM?(B7^dC=;goc3DXRc*fJ=WhG&*0Y_R?VSC0>*>>Hf7^e*#HY;uyAP(ZcT!y- z9+}M`jqNU1y>!+DSeu+h(IXY~Z^??5A{UmtdcivB6szUy|juVij zqj{}TfqFuzOmgLum|jWmktvNK%^kSwMM6$n6e_Ih;yCNetH{+hWk4;4QE;-c5ilrP z>5oQqn2G_u+SsUUfQ8#!fv;9aW=Y7vy82J=8odHBdQzuPm)%lEAVp-Vd$N(}1D0}$ zTzHQ!RW`^&I*8an=@lR^4z>(jl+bSz0WCLaiHG?@|1jJA9c9R711aA0~VvMA8)*Uz`S@4TnywXalO8rxWES9~?o!^+iE2-$#otnyn+2RHG# zY!`fmF^kKEFBOI?HsFFT&?Ok4=jIS{xj~pL%qLw*MqNlXzJUW7xXc7jBctnl;Hj*x z@?^@>nC&CZ33RTy*o(D3UfECt2?HN2KNezTOL4hLe45PHBYo}u-HLmJQwt; zs#mJLFiT};fMppKRVn(zXdXqXMhd-#oMhkv1C{n4=t$CrPT)oo2aj9V@~@iIM`ktV zdW>)gfe5E`Qw_`FXhEhl^~FjsGR~r-btv>g&Rf@LBiTpq+H>vX*~L}hEXX$mCvaXP zJdB5hid>k23d+faoG9aYAm^%BjCd_+*ZFOayo%WH0&_r1jhr1lLDuE5=976Eu&cNx z`|fz;OeTXm$B7Y~?|HVP=gnXm#^=O+NzU`DfG<@K@oyW5eslUB*tD^A0WMJ$RlCH1x=R z6ymZFAM2^AqMSliWHv>5Qhjzk(wR%ju)NBRoQL#E@j#E9MuA<@9ol&{@efii+sv1 z4H-ANCIqa*@R~s6D2s^eCUnlJBmv?QRsFR~TAj{mXAeW+;QErcjLdhFKngxpHBy>* z^?MkkOn6r2YK((VE{aX5Ki(tTJKnCh&lu^+}fwY@E63KdYYqWUz2k%0Gz( z+;{%BzAfJWyIX&s|1a^m>s;DrB$xQ*&z|_-pWo%P+W8+xY~V+qc>UjZ{&%;xw(|G? z&eq@Z{}=iErRD!SuVti3(M%bqP>i=qjeYBFZ+klxLeNb1mM-?l;b(p-g#5z77+|&T z`P^MRTb12$bY;?Xu2Ll9+lM%YpMGe?XB7TY#v2tEDDDUyQAq`0}Z{IZkd75 zoXhtrYVtpeV zE?<}U?lQgknzT@H1_uGL`5;X6%z5}LJqo8`x0*>v2Y zv*|$PtVgOwddO8`p-1H9OQMijmk99E>-0Gp`stEit|m}7D4EmeBw&O`l+MWR)^n)A z;rzTZft#CXQEtiR=Snk_RA(@YE$r@OwH9=_g{NCtz9zd!gH@+t=bt5gu~fsKeSiJ^ z`Ml3+@}D;Rx~fLhLuA4G-haDKzRk&hPoDm*|NSzb|6chomjh6fXla_#KO4<|+0Sa{ z|5G(T___D|KYf-v|J&d0?*4uLzr^Q`^Pf9lhLByBW%C}>&3E22Z~LE?>E^xzZvNc5 zPQe8Ul4$_cseirC;uuRSa3N#w+&{@b8{2=q&kE-sLspT$Qjbp_JjR{p|H-r6-KS6U z=YRKa{m+;AtbJ7$m( zH9PI~n`dW7?fvGfqgKP|pEUbUrLzC7(`lXb`aiTf-S+88qq<$G{Mc!powYjs?tZ6z z*6a7)pSAj(v*Ux-tA>OBbxPYDobJDEb^80K$7iSAR>Q%+<)2Qa(ruk|+r9P=t^V8A z`~DBjqjzE+eNJN@rr{;T`t~Pb5YV{a7n55fT?pV+PC*xR!7JVOUFhF^)9kbk`cRtl zUFWFbV6ZQ`FuqG7C*QK$+JDz+_uluvKW(49ZN1k$)brJonxo}CkDJ|It5e!n>#)Q^ z?d~V12d#elK=+ARK)o<14D)^Shvu8p<5sp5|I&ZMrnCt1pxJA_YIa+Ic->yz7hbxU z(E@m@52C++cG~T|?zFlMCu8T!J05h}KeRf<;esT*q{;Gr=Jx1L^O7yfdURWzljd>B z(&n5dkSSwnUnTe!`>NZkh|kthv)gO$cU#TQ{u^t)H1c^G4mtIc;iPoZxxV?C=Kw65 zz73_Y1{+GYkUOF5AH5Uw+HLjToh^YR%VKp=xq0`>PTKp;Ztt*tv~+QCIP`gX7)JN4 z&zza!1n*m2IP(W|6voo%9fCJ=FdrHLE2w7iNEaR0q~;9$P-U+3c^sx+~)J_sf1oZi&Amd(5|JpLBc8qoYio=9ixS$ zK0r~!5r{BO3X~|fSbyTv{v`a51m5ldjeyaZEWItLY(QvFkjb>^i8;<&y zQ>iF${iEiq)=|UB+?bt;O=_}1%cM@HqNzjv+yQEs{>Q0Q%!29iSHn-#seFHUysv&Z z4k5jU%E|6j4%*#br~T?(uYG!=8Xc(ojvi)?u z$7n*AEXin+=w)?U2W@MBga#oOJ1MKY`-D%SEUHW$Aj6=1Jm2VF!$}BfD4{r4$YMx0 zn%EgbF_USP(7WBIP)dVvm+#i>IY%6L?C(7Y@G;EFejHxd@Ri#IBHJKgM)tWR2>>Y z9GJDlmw1fLq80)MDJ&OHw{oA|_cDnB%j+6TxgyM?AzE$up$%5kgP zZNAQqo?6{(+4_dD>AVN0oAG8je?~Zy6C+A(C@ekEc5k__& zWT3>sX*l`ao3N=2ih=4aI!Gx@x$Qxh4I+`ee2m^=mX)O}9Z>Or3@9Acr4Tdx8=;63 zd?u(h+oJcG4l6Oj&59UzOfIB)uh%f6iI`;;2l=iOwa{4HfM1~!jZ;1AoF2T}@4@Bn zkTAA#p;QYOP0jjUd`jRuzXXHfo}s|1*I%^H1W)L+y4{z1FQBNAsT6T6u+N{{v&gQq z)rP-!C;lQBtULwE z{UQ7jj>re%{z{x`aZrc+{2VfSXWfPqM%gq)XC*9C* z;wPc$Ji!r0Vdc(2=1JrcIk!FXp=8ECJC)l?r}et^(_j9Gc^l@5@;3g!Gv#gMkI;R? z{eFkW+px~aeFJ~Ssqi-BA-H1Y;@=>V@z*h`XPbiX5N-I;VX3~RvT|@B}00nts+q$yTh|ObN zQaz`Jkf|tSN*wWopT_}BNS&s`x-xOpO&y*@aoMDfadXtTVaegJ6i9)` zW%@|L%f4q}EU=&wVPM5W_(qkvqL2(E+dzco8h$qqrIgISqm(fhB0|bx)OQtPps9GJ&pVhe9+F2RM!}1BFa)Ev{R}Y3w|eVrJ+{6c2LHp1dl45FCkBX&oC#|8}p%aD|X71EOG}D6RpQXT7EJ$@D+~ctv;OE zu&n#b)2V;RpHB6QK6Sd~zd`T!FL(#+-E3{%et`40wfUs%{ONA`{ADu$tGJ|DfeLBt zXWC^?a0Hq5N^CD0|8Ie+z>GDZ5sSxgB*e3g4Cbj~kf$d{?;-mMgq6mW2A}}vj9gGU zgDjaTfg~7$)M9q!k$t>eroNz-7`A3g(+R_DDh$)bN^x0}tEP$LcSpVU*-@*1_PXEQ zf71fCfH}+{_@MBD!StrX37z^&GqSCyS~V&JN~^|WZPlps$22{Lb)3%A**rZ>e(;mf zA4C)!K^z1HdEr4l;~Wy~%ai z+uGZ{b;xhTzq%lgZg8KRDwrvC7vm-xdBui3f&+TGpac)Z2FZtqoha93~56Vsa{)DKF!i+)o- zjPo62Y2w~uRzB#{Y)n3(QKZLQgNc&%fm*naMJog^PnmQz;^x#u`}V<-xgpSqjZJQe zd*)cp)zMeKVK2deE%7+t>jrrAZFM_4A$c&k`+=WQG6-X_gI6rM;3Nn~Bbv}SjTTus z?W+leGS=wj@cQIk{Z;p%67s(2-{?6xgr(bp&M)Jdrp zn$)aq52xZiKAmaQ!PV_lZxGCFCW0(6{8ZO*o^$f}>%-pHJ@4z?lmCM!jp~5IyV`GU zZOQhd5V2`Wl|Vbv{S2>bUgxtgj%iY_^u@o{YZaWi{JP=PfBX2+h5y5?!eB)7e-9WA z#S#)iz=hw`e*Hf zM)fP%^=%kMsEgCSEaqLH%vOpSC3YjN_U4a%^)(}V&e@2`O0m1!_R26VXp>F%> zIr+vUP7rH_Ku5M<#VMQRS1h^y5F??6lsBsDGfrGOBEOMwLTALi8Vb~_(QX~dylF}t zqu=9(me=9g=BM%{C7p-_uZ~l)zN531hMY)UaF{}^S*)8sVOL~6Q%VaIzj-Y?5mjSQ z;*L|YT{sa16p?RUmSaWrxbnkPHn&?F$3Z-cTDf9v096;HPOp;28Qf?i%9PNd1=6Celp==62}RqIXjhxTa){D_WQy=HNk5?fZs7P~H@8lmi4(M~%2-h5eOJLq(o=SG2WB(Uo%25UgkMLcAdL zs~8iMhFpH(ksr~sc*wvDfrRlWjKh?Yh_RVR-f@cTJ!K@IgZUV)%pN-oqtbUp^=4Zi zv+SqTPsS8nvl}I+qSHEPcf@X;o+uX9K9rJlL`lfSVrD+)G}t8mfF)_}oMqrwdr<@Q zOx_$&!S9nf<|d=bfN@HuEI_Xe_y?o|AI!(%y&bVDniMADRBwK0bzYrzTYdRn_^Ls) zCY=0CzWHWpt2CL@dz!%L#ns87MMIQN;JGDW{q|e#mu~y$=zS4F4o3!_6rWpDWq`6B z5qB;L7=@hyZMUWD0BJGXl-oOZ1&6?#A;wOYN_jE^qp_7z7zp825D3v({xF~+M(>b1giBKF5vJQ|9O#UU?W=4em>MZtP(T=#On3P<3i^&>C^+^URf%0x}a zVghBiB5|t!-<=oWiYvnb^m$k0B-eEyNK#$ECdoEz3U(ccw3fq`->FNEkc|vQ(`BvH z5xS#^K0+2saf9Gdq)t!S9a?BaUVigz88cQIyFVT|TnzK2*3?Q8mXUJ#TrH@ec5w=z zpdw=HI!wvu0)s^fK-&WDm7l~90{LUJb5fihJS!do=H#^3DuNmKLePizj0Tp5X+)JK zUL5A^0qs)pdfMInusyBbK)YM`Q{`cS))`pzvse}I#yuaRh9vj3ES=1J@LBV@bM&$S z1)DQ8XP>!v$8N4B<9sR>NY zd5y(vpG9n*$RDkfk=sH6<92Pu4{0BtopyT7lO9>MOZ7%gCQm1FY(+))He7YYPxzFM zooz-d&a|9sz0-qJEG^;Vo?w9#KN`*>A^Sx%9;Xu$EMk8e3Qo8noS}k&gUUuUr*R;j z4Hv|Z!V6lmIrpBT2Yt#GRZdt^q-#`n;7@}!FFo&7*~idpLaZN{u&>C3Ml(+4To>8Z zO71KAD3HYqq6L|R7?PA?e~_PL0qr#@bN)y%;)Bymnn1K6_?U2VH3^3kGK}V6NI>_K zm@`#niGgt#5YMsHx&(MWoCc<(drn+@@2I(Q)0gEDSCCRhL~~Dqk^gzauEfNkzLezw zaz)86bDoMNlBvHKK#=Qb9)U_xDp|z?Qdjj752=|i786@D{pQ&@Sr22LQa^wSqr++N zlDstLkJYV;GY+|Oh}DHR6pG{sgL$f#O?5q^&)R5DQAWVomBl-vN?MI{Ex?GPCo!Td_$sXC4l{`{a z)ph1WPN&SlZ(T#HVHue0#K2aG4cH@kvd{I(NllKNJw?}^LD7&I3*(gM50-4Bwnsu# zJ)!P8jfYgL)#q_|?eWwfUeIeSqXp)0?fzKbe)9C$)9pHxlywDI*N+1?rPNKCtJdL0 zY|OT-Wd-87t9lY}SeOY(9(rIfgSwqrGES%gYU;fVNT z99~lJ9+V;H9M#q;eFfoZ0s)a+;6FvRcx8>eQr4DCnJdpy=4c(zq2N+s$|c21r%may zLcz-*W&#``T?hjpb9iU&k&wToi>{u9Q@y#Mi(7|$^Ns2bJ}V8$`QdGB{ZPGuF>fn2 zBwMk2K^L}+px6DDE_lOH{9X|5AxMeb@sl>)y|g#J{0~`1el6DKcFpc(>e`K*gKxe@XSmTHG!985BeMOk|v4 zTfNn8E0r-#&%}dXdkLM6-qJ-bxW~kM4!c_V%g}T|7eypVKdz7yf0)kUiUXygj7*kv z!A7Qz5ty*lLyobsQxuV*FRrY4Os{9io7Dv>Ee}Ybw(7%;iL=Zz$5_xMl3aC1E@@R7 zt(GK-DN?MXNY<1XVp265fxQCx;XZP?Bc^pF1|@!f*jKKGZ%&U}cWcVztGq;|T7U!b zsSz93C6DzYHpb~{7Jo-C$I`WB7mB6SE6nuMRCo{6(*avVw>Vj46>a8%Uq6C$3>+$$ z&cd0x?hRdcJ0(!$Pe{3TRSNAy1$yq3CettmMQ4fcf_VA>?8=%JOIS<{RO4-=E(mE= z$jJuAUKTv=hKlcl%5@%NP{o+07=8^ThI&`jQrg~jxptr8ZTHm@Z#z)2IB?}_PqeIX z+IxQ*y`j;JCRou8yfy_o6eb|hILB|dtOJ~zyUGqQ)Q1T5E&Xn*XV3iRee?JTkF3;< zp<=DL2Bo{{WRoIb3k3-ndOc+N&#n32eYUlFviO^raq;vczH_a`Z0E5q7y8M#{yatk z|5xB~2pRnhAeV)kkSL5H`LUjjR6RfXntzNR!7UiZLh^h0(qaOJ3{2Kku|FAbC06Rk zixiwuU0G<*d@9Mz7{u^6SX(0pGSrU7mtn$UsJ^R?KF60VUQp?Te1F&{e#F$DT09bP zeo!xiOaOy&vMNnaCOY|Cy?UL>+M4JqB`7tOJ^6KG$w&P5{UK?U&G?>v*fp04j1)h6 zKnfGaQ@e+Z^C<0sYr;V)a=ESeGN)Sl{;(BaHmd8e<21fhP7VJS$SsIPnK)9o%u7yJ zE55wK`zuRkedfHLCvJ`hq5x%rX33MXeYiOLJFPoaRbr>!zX%gDr zX2$MEjYmst=7^USd+vyyy6YVR(PcqezqG}41tWi$osaR??ymH8Qve-!*O}6ib^{XA zehy-i9|T8i++is)lI&78XbFu?#6h=sQoT8Rcd~!dJZ^p1`uSGfno~axe0Xt!zLFb6 zBrbc&;w;yYh>hjfJC1r{$}zHX%wbIWAv;xtD7nWcCAV(K`kbck{|71zl;62hYDZEw zn%_Bc;c6`%eWg3!9A7FTATfMATr`}(52J;N8*uf%q=zgDXwq=xpMg`c@H(9(l=CCR zBX8VwiA(X{OT<=(EcR4yN80c1xzMGJFMr|-b8s}=RYZ%ztfu}oz;TG9oY|EA`E>Nk zA70F7avXb(4<4l({z{Jr4smv#n#1t$S9+?b)g0kiqh1{cnN2EUV}P5h94-R_B#r+p zuFVfsbrOEo^bQ3ftbRfaQtFiK{Ol_w>bhj8N2jklr@dycwSRhYSW)B1Gh5Z9h0l(V z^DrK>3;0XUwwl8zcFgZ5d>gYg96==w_>)C}c*ayM8bt=oSe7lPm5+sHg_g2(A9wr&1u z(ep{1OnPccH1lQkBSo}R39J1s{5%9xUz9QfORBIj?=Ri4BD^3b6 z1y@-QSzoG=Tkw7&kA?}0Q-AQNhR+_c67)~wG=$(6#P`BvvoKkGsbxckAilpaz;#90@eD3B$G~jRIjj@ zDox92*S--Ehpzx;!>Jl`uluuEJ)ML};LiLcUDS2!>|ahLr!{b@IhaMEtuUwoO|@CF zd%ESa{aa2H_9l|NhGjSn8il!Ar`&Zp@-Y)d;=x4IVHs+$xkJ{#mwmvv^gDvXN~-3L zm)_tva!GI$?dAcaxH`}Zcz7o6xErjsKPR{5dFnt(dOMO?ywH$!!;eZ}6TH=;5Fz}T z6Laz&R-Jil%n5`J;-_S1ckk&_GGX(C=gvSoPHA%KM-AucQ?j#5HsF8N;nbEyvSgdb zED#*9oag4Jr_Cnqk@gA9K!Nk$CbDShXlIp3k^FlW96<-vM4*f6^O@=JSgpORijK#jFP9Z4Sl(lJ~!gRsh$flrg;4BuM z&iurm(v&6$qq@BZ23!?^ANx~y#aDOi?z?~#*crJ_!nc}!Nn*;c+y;Hobu?yJVHOY})?TV4PEv-d9GksQ^bungF6Co$YO zfe?aCxi!0z*3yi$yIvdF1D=&eyRs#XJTq&1t(CQ{=^m-AneK6Sj~-|T)<5@N!UgOY z0x@9wCILct+Yp;1yq3$u5M$sP2nNRlLI^KoNC-B;JpQkqT~%E@)1$}w5eq)A)Lnh* z)TvXaPMtcB6vzssL4uMoYz5~nLjz(qCNii<2^zWe?N%cT-*%2H%3xSQy5A;oRvro0 zIpkUx!tjA5+1r4$>%(5Sy1Qc8Eo_ey973|1zNk~TWYcD&FpU%tg41idjjms!ZG6%^ zG_dxFGznn}@Qe7=C+)Y4;0vzPs6)MWeedu9!KNur2o@k%6-ut3%Qcgh)JOylK=-h? zo*`e(_TzrROp^3J+aE;5BS8iZ;Sa?AXEm9y$eodePjc7cVX4RFPy(+}S39jG8STn`Q&-80kWk~5 zl;k>3n5I(Uhy)MEa1y$}mt7~Nn>4eZY)OBcpFzqd8aN3A5ZF<}M*?n9b<`UfI^<*= zju2eUIV(0!v#(IkOu&^$#Mlz2_CTZ8h)WEIT2sI+hG*th&2mG~gj)EuM})g@`zZ1hbxnO~+OcfTdlg7YH-a|m z*cUm!!G72txfii8XE4J-p(z*W5AWW^ZM-Vb(=I$4m^MlaV3$cEa~EHft&uE4zGXK| zDZ(1>?z#a6JWyVAtg;kLtnrqW?u{SOLLYW!j_FVlA^@ixA6T_|6(tZiao!gES*o>e z)84WoT2KV*%I1!Xo8Ewd;FT2r{1@~1$6|+|EJ(#aV5wSfj{mCzEdmfKK2d47sU&v z>=mk$b3~dHZ9$&RqEV$Exh%2G1Uq%m*lFKE4bcs90%_QEJiNYJG-0@ z-^-)vU9CH=4@R=3?8Nv~b}oOYl)=KDv}$T3c%e}*qRn!`S@1SIgpT~2c!2<<<|%T# zw(Nygd6|SjMcEsN1T9hrP*Wqhhw8rc29AvoBI zwQ3st|gQ5{Us~9s!53Q&S)faCL1|7RfNNR~9Z5p0K?+% z4h`-le;z304^3x=2G2{-rbB~+gQOA+`*botbs!)7$r2Z`Cy<(`MA3AvFgadCW%2gy z9ZXD*k1C$;MNYy_eGT8&m7V$;_Ale_m2fR^(SH_S>Ckux{0t?>Pp<6%1yD^s@>za^0zh#mhZRCY=xJbCyzj;8 z$l0J5BryqKFXS={^hNo$6>(GDHVBa*iw3qhwB884L+Z(pqJKUZx~Wiv&|P;8Z~8!E zl-G#cZ!aj`TNalj#8h06!eW5Khw^#P@Bmv7O-C%O^!>pX&WSakzXn94h$gwmWtpl1_Tc(yp4{UuC;73EO0qK$YHwg>nO>M%nuR( zQsDp$%P;T`oUpXH>bv?J)>oCS&@4*Tf%uZSre9Wmha!Rm@M-){YPD8Xei0&foAwg% zTjLnjd8ktyu#(1em2L`+r5*`0Cf8*k&4ln7Z%N{!oJ43^pLh(X3yuqV5^_+Wel&Qf zn&V`wyyL({#+|vDvs%T1|HX0$0Bm&|2A7Xdjpi>ef)~T5BkVL&(^r90H*F%UP%2vZ zC%GInv8yo&$-&-T33L`ZG-1`CD3Sa^YL-2zujcEfjoprt>qEl>dv*^F4mOporfEN! zC?!YJ;MV~(DQHMCTQ6UlitFZzE$1GNMLwitasf*Z>ew>;*@!o%SXCCPQg`zCT9XxOMP)8OQv z3K$ru`f%qKCnqvP%Q_{yLW_YvY=p3_1hlDf!H~=u0IMsL`YNy+wRxOrk|Tl&X-Ju> zvvRh$bm-0zo_gxCPAz?^7J(AYYYON=paFD*Wk1RY?Klusl;at0tu9Hx&V_rN9WuI! z_evsYj#C*sHQKOKz^P%DV(>KHjuX`;CTnpY$n3?v+9ZoLL>6O!9}PC+JC9~HuGN;Z z8-u$kmTM*wY|HW_*{#>>qq?u7h+Q#$5m}G0vmUSWVJnoE(dLm`B$#&`-$RK9QPm97 zFJr^QisLR3!AS`l^o58CIgF!8*5(JoDaoPZ4Yr}cjRs)m#e9wLxIkxz`Jp#IH&(ZuVM!?j0h(8G*t0e1;|J4AF2hrWwn zrs11`dVo4}bwstXnJ=Z zN~L%fDC@omo`bGRpjIQ{k?eyuaw@}?5jUfvO-gJg9MZ_0TN7k5XkBy=$}C@`;N%vN zo`FPI)ICI#G%iif%?tMPAlqcaGhM`dtS<02GT-L8uQ6vCD&J|#nDcx$qgk+1*r=(A zdMss=fIu>GZ3u=gqLb^mBks(8Hi%rhQV+68vjuO^3t4PDQ*sBp0rTgez|ACk;qPEz zq6{=Pm&0I(-OmqY80^sd(G9yh40aqM{xid1#{o@7mrv}8X}F0jHd+XnO#ab)u82%F z$lbE;I(5@+I|*T+j3A1)lTHI&P6j+sL#a>nWwVo+-xjiPi(<4Ti_YstEDYKGDn@cz z`a}k;yCzt09D|tp5BXNr^4F+wE!fKVnqSB`!<+F?h-G=vS+POI)O~cx;w2)zLg8>d z$ncH8wixOqp>zZ-I1VrDko|B4)s;a-njm5%{{^w|QBTnc%R_lJ0ymrTqE!ue!a^r| zbc>9gP`tWc#(t)IhB2X679HxX0!NC9p;1gyq++{XMW5^)CJt(Gzlru*jc{5Od{(<* zGnDN=(M<+kpyNcQ7{1yyzUwAFT7ia2?^&&R4QOz@bEqm6(9l5eABiw*(JtybjvrE& z;jBRITGW+c7n$T9?g{FMI1;YI*G=AXQE61G$Pz{O8G0W<`cx<05geO>mKx~*{f7E& zYBF4kwi+-)Cjc8LxKL9>+AV`2m^`^}>90_uH6RSyMnIgkiohK3aniBY@U|>Y!FG>7 zqRX$-1+?enE}-BHC?{QUML%uowqn^dy>rHPsK6zKew3H$z_OQ}CDXvNawbV26NglK z93xNZQH-`eIpzoWtI?`bcmVYvsq1Ay2u$>aLNfh zf%nKRz97enJft+T87(o8Ak^0RMiwk+meCWdYZF0I>wQ#;O%R_N5 zU;`bAoS}f&ntu z1>}*=$w`kR;9Gh(# zK%>kb?HMWiYa*LFa&>Yl+~UDOu^7ZKa|IXlpl+78h}L5E9a2??-T}fz!s@vr@*+qa zYge5Gy4vyf#0!9+R2az#wGg;dW>`pDR4hReo@hM}O87M%BO*xoC71#rj}`bCya|kt zHiyY3Fh1Ix1;hi~< zP8u6pu*1=q<;FA9ifYJO^PYGm4N5Mq?z=83p15yGp%<>SLn&&Ibvq4~YHfNo4 zIvoKy60mcokOZ<9Uv8kRtMh!bzKslT)N)BygE(uN-?)&Q$dGDn9|J38Fi`E&P{E+V zuqYIXp|FNZqzTV4t=bUGGk?_RmUky}b-^q%3WO-AF~26QPbl^gNdazzY7zt_ zq7*2Yo>L`}#xzw?hl4hk^(w70D-RbZ+m*L>nl+pz&OudCwd6W(-PAHilIt2x9ZviM zQ5!T6{F1h9lD!xiAgCQvm8zlPR(tw*rKrPU${?kYl6NHs2di+hdQtZlabS$tqN(wY zNxU7y&m>>Wn`K>G#CDJhJ27|01vqgApDp78HopqGG~6m4fsplJ1Jq!E0=HV3>>6x@ zH(tw`ThzTt-7hclzTmC4F`j2g+QC8TC`v+u>;*7`nL|qs9nol{!4WOF`$*_+dX~$+ ziOMjL){r4p_t>QCA);BLy@I4WjI??1Sr|!vUA*Ig-iAk#pVG?UmScm4TkQiVUe>ES zP=jFf*2{}1pCk$vP%9^33M&%|4Tbd0P|_Em?DsoTRmO{R6Zw(s#KC;AgwHBC*DvIp zwC!lJ8e=(g3#LErO~8p;bUeSa`R2RJhLJ+m9KxJK3W~xZ!a} zY;nHsZpjYE;I!D_eBCALc89>FbtkD4`68~jNJAod`!DxZM!3Bt9}&|J3!s!wNcEzx z`wb7WNCi9V0@EI3yP${ON>vwe8b}6$bVxyw9(9xfAtG3o$6DR9Wt%=1BMAT8C)a)y z&}ikz1$zSH(_+>a7i+sl*cr>Ls);yZ*^Slkh@{a#wnR=!1C|)@NKR(j(C+h6gQ>yP zkk-fB2PH5xJskhI8D0L8tF9}4f%y?tXC&$hQbQIU*GB>ZJ5=>H>NK(pmmN18ztdx% zO2$aFd?0=tfxNy5^eT{GJa!(5Q`0?AYm^sJeFBoAY_n)`g|HP!_C?zFh-Y0ZLlL?W zXqW8G+wD!8b5QrEou~~q;21c9qk%+&&$V=)al$zEUpWuMQophUSK2&x6*ESqkn>a0k$K=uyq-gEw*!StfDGT=J{ zWv5oxU30)+aR#t{?hRP>fZ_N9o>|wC69BDPK7cb$!uRvKw+KOrqZT;G!D0yWE?qb1*|&soi~ty-hjvIayJ^4rjk9jRS}QTD?JyU7E=UXvwN zT8EG-qb2u~zju?rvm^p>zotYtJXXl8L*2Vl__kp;`YmkAu_}N~IqqfWPT|S^V1S`L zn8SU*yoMsD*sKGB4oWF2syvJZKNgIkRxqmZU<^n=xLg^6J9Vc^bI-mPo_Fr~bY=Rk zRU24Yw0sje;0#n;r#7IYl{dgy$DpoU2YR&%s-}+8=%Q;;SGUk{5`F7!K;3k$nxqCU z>s&@xnx2F88ej^_i@K|q;f8~n;_ud%b+;S;vt!51*)zka?eOgEuBO(MU^49E0Np`g zckkk%GN8epy3Dj=->lUg7bX0nMJZ@Fq)Tt5EFWZx+37?#tuBx9^O5RAwgFtTUWIu1 z<|;DNl2RGyVaZ(e=W5mh&IB>H=s2OvHrHG*SHpG#{E7jQ?=&hnO~)Rky_PfR2L+f~ z8f(LQV<)*!Jkx+WW={_)H0Pz0>)fE4=ub9~W?JJy+St8z;3v+=xfqa?whv1l()G#c zmoDXvalsRR+Pg*acZ=lj-nMDq=6->oZWeHJ1I#43PG_kL6W8-BgoJNAXX7wX-9>7+ z$Ux*_hYaLDt~jSB-J^+9sP&|+BR$EUBleLa@EsgaQ|m!bdRk8>qhg0_baIiPoS++I zzTt7jT(Gde5|=bFp&QD{Co?>xnBm=z!5JR%(pRN9B4WCx+mI1ar_*`dhOY2zSR>AGdy<2~5L{T-uE~%@6>&f3s`+CVsI_aF>9uPVDT{DsrNfubO=n97GeJvkeI@t; zGTS{R(KqsI*NFG=ZD&KUTSeAMLta9dNbOUH5x!J5R(Fj%CiHE}Zb|DS`N`>gF{eaF zeix04*pf$tq%c0MrmXZT zdL%+afuc=%QH)INqZU-q=EW?Z6XR2du9zDgFO~}9`wyWsW31khzGMQFP>uQ?J2pU& zu#t(%XfWXQp}m(H@;T3T0%{B{M5p0{l||jhFo40KLvM>6JE#eU5}oWCa7~<6jb2(< zpkNvy7lNHTRU;{w#zEbeYaHZ@U|(ug?8oxFhMD3nN4B7o^W;ucgDIP~?|3o08Zm7@ zUsS)GyDV48Xy=70I^>Jse1Zt>^BUN#Mlm^G!??Mov8ekD!C3gYgjhN66 z;l_Nu*l6D#hk2Mf6`FbhWdQY}DpDY3KyI)?G)_8-Q6@M1P#bpv5`#f?gj_Y{gbCCPeC8hysV~>mUSv$IygRc zfciY;ixA;Sy^O5-kYYGl>_%L_9Iv!iH^r-PUbk4s4Vs!D=p*m34%uF#4z(oH0Qn+U z0u`Ydoj6!J07k^5qu@o$;NIf6L%9m2+>VuaMQ?=;6k1+z&pmE0>s8A@JXL0;0BF_X zNnATER1ri|3<`%@3aB$TZvHWUKtd1ZSimMZMA?oOF0VjSI`Q#64z=4b;Ilz!@l2@a zS<36Q^n&nGuIb}v#MpKT*Jcad6Mfwa_~`Z>he)`(fNrx7D2`vM&l_OJLiFe2OptMB za9}xH4vJ}_Z--`^q8VbHd`{K_`#b0r`H@3rn_*EdeESe-@duF$DsZ;1SsrrMNzqHy z0K{xafXyf{8&>r`8<8!uZFUN^^hOzQ1@VpV^V38k4uGlrR1m7Y_2L}MTb4AOM7a%+ zA$VX&66K)1ET?fO+bYQuE#m5!TyG<{I}zEDMf$nA(;?Xl<*h>0isCf@a57~pCr_J_ zbX4wvDZqI*aS*vepR zc{Nb(rTmTFleFiTPRxyFOWC@K-PeiTT8d_DfiU+5<%Cy167w$uG{g-vv4mwO{40MNmvuv3Mlx&| zIrcDMRIU_4Y&H#}jyaTrJuE`r4(7~NbvmWf*hJlpLsG;jisr%}K{za2_4jMCElx_n!pjM1$Ng zbB6HjggwI_$7Rs)m+7jr;3=}{C|crBFJnGlYuZl5{i@N^#~l9)f5+p06>0Da;D8Ma ze{G9!*5~IffAZ2tNj}q}QYS$~lYwqrN{4XmNKl8rjxDPd9Y>366_)&SPH0PyV#;mR zK#1rT01nF!MD_()!+;z_y>xYw4cA`-7Aj}3Y#F9OA6llzye9K5an+^tmE83x92}NB zq@=J&KKw9~0UAxd!x_b77-$@t1cN?|2ZIb)6JW513K)S~fp!(DCCU(Q9`SZ1*BP;z zsa;78uqFhike(b}j#K}c7lQ%Y1cQLfIAj9th%I%(_Yl0I#Ux(zqHvF>1KzFtSbM~e zbySm2L;POnLSXC(};}Tr1Wk?CRwuq&lWZE#(4#(zEoX?)I zsWK@NEm6(E2l2Qx@Li^om+?(oh$tRG0Wy%dq3cVQk&!whU>91*4Xoc`xn~W$Xy-ou z!V?K`9cSvqm1%?WrErh7dwg+2hVpyDvQ0^3LjZHWGp8Gds`w+R#6X#wagJiGp;JRHqlm;@6?3=9_LG zQA!|7={C?^S6>6YyKMuvfVx~?q8kj+Pv8TfVNkw<@@Hs?ZXkRBG^n~^P^e-u3X-vG zRwcHsdmhkf$PBtkGxah}`@>?CS)y{-11W(w%<{|Sa9M7kt!Y481BZbPrnH3oR!)zG za3L?{x;OAu7Gj<0P44C$zAH|{Hb{OZs6?Ci`*C~RHq2E>I#g_ieLr*2Y*V{{jMR`rc$i9&6n=6=D%IdXegY4*@WB9~OSq`W2O@THhf)C|Kw znWOY_*{u8himCG8*L&RX*OrIVTbmWVQKi5@ukXM>4v>@HsTE%90pVHH?1cjd`ov-TIJiE za2E0?@f)GCZp`^s&2$=mCb`c4IXp0!I#={mf&ep`t;_LSaHSiTSFh@8BF7Pein}-= z&>VqB6jMkTk3PfOTf_EIaZqVBByl5+{pM*xdUjHk{{s4N;8avK%{oZ(g9P0uIkbr? zOM8Icbt7dQ^+t3F8t$CpZgzD844@;5L;^6ZQEsG-;l6_(4QG<#_?sfz3uH)gV0ise z>Tnn&`OktqE&hN>5CSPcj%qft)2}RHf^)Gr+5DDPUaUDdHiI>8DuWw~p`6t~_y~*O zs)@7#Tn$J#btSrK)@#?ireV48fTjD39vnutUdIWOG4{lfessK$2})Zg2mAP!2lJD; zjF#*z8)E&-b(9REm_Jk)!3XI+ls2HgVvtgp+39HnSvy(|yZ2vEUonm%bgvwr##xE9 zmsoWzL8BD#qq0-0JD#Z}4(28%$+JbXTGJARY5KQYuW5m@AP z@(<$QL)$SbF?v|9RdIuimRu*i(oD-QQ{JK=S{E(XnATl?4b|kJg?ZWMsZ_ggr*JHj z05b?{ni$`I#pJ~9sAg4bezjKJou0Ss^lGhIwQQ0RkCveyotqfnU&s~?w}Vi%h;33} zSg2e`v_MgBG`}p%N&qao;(#^1hPgT@`W#MHRuSTMgbaZuO%V%Q1V_?RoilywtM6Lk8VoRQdjJC${ zN~^w=C<@@z7*f#{6Tw1#OKB*8QzJ-)WK0A{&H1fFPynY!kc#b?2#(P zZ%e8WX1-=3T!q2%9B0c@Iy$2K0t_Rm)`9O@=CTRb=wC(2L=PfU6(MllPa$}C^9 z5Tsn=%Nqy=m~{$0$PFHhj=l?(&V>6TKFgsJR>}3~nV@Np7EC`Fq1dn1`g)7bXAces~-tkNy%$pU*<<<&=F_pU^?s+%8@tT44~lO89-i(5ZX>qU?n3;;B+BB2@f*_ z1WFJKmtHg8ObAOTf{6?He9%E#F6IXm=3@RW=3)Ul&&FGVO{Z%r5}U`*lx}W;b+E{| z@bd-JC+j7oT(=XY=%Pc>MASW^TD4ruRK$lly^~c=4)RoG(bB0D{69I%cTO{sS`X_w zU>cWk#F<)=4iUY3LNe3#Y}X2FO&VJUDN-a7X%@VmfYZom;%45k4Rd4LIpHLwHbUP8 z$y3M^ls?6GLC?%^qh2@N;n^Ped(~ONzjN7t`$T>U0Gyoxn(q2mMaQLval%Nc0iS_D z-D1_%*HqO&f<+o4X$;!Xjgr{bm?;7YEZxI#Jrtbofo!2PK9(IRWGK2~^Wp#it2OC=(smY0Iz|1NVij z%!fLX75h-1vW_pp-#2uAM%$MfIzKhYH)_~L8oDe(^UllkYUibPrv?H1?~v9frKVEn z8x=dnx_k&zWG);quK|Nt>}?6Gq3EJ?Y?DBI$lRk+Am9MVr1Ty$+;gxL;3^mzl9a1X z@Rz4`Gqi|=rJx1IwYQ@VLL9USWTRmX^&w#dlIty)apt1gCO|2EVZ)I_g+gwsM6(gY zH%j#ammf>}wR#!}u?r%V50cWCV+gwJdqd;t3l8%n?w>pHL!}~wpB8;qo7ZjIbc??3 z`al~seY5PF29HOm`+i{AmT&3E%3q78($bZn7-tAR8@VNnkpx#NI>d{D+t-8rIYRWQ zgxgR%;U-8w+g#xaoC$KzsT$m?y^=^oz7FH|s8e1-*5`9o?=xC*U$iLA@b+w6_&}76 zY(r8jaZ!sC8@@R7qqJs)29S|8fXM8}p=}3Md%VP4;~iV@niWv#lXEUhjI4%@Ju_ND zlJs>#QO(1ZM8k#>OeT&2qR13$q?8r#hy|z;o)obPR2icew44c^ANnj*XlBH2W`p}4 zYDuFB#>qlVNtB1nZ7{stBe}1oHuNOx#bQ0F$53xAL_XlHtD&tCpXfr5c^5azQJm10 zdgE+SNVAV(5i#ximanCaub~dPaEllz{(NuH97=y=nXtL_uVVjgmpal?QFEAZGTRu# zOBBRZ_xPGXbhf0`G37AD1rLklVGdD)8<+w*;>->}3q(yxN|Bi9Np&WSui8hPe(;SE zX8s5_`RHWB!Lwzm+Ms7Ei*R(~W5rBQriZxpxM0boCK8->0b##nt|9LR^d0AQG&2Lv z4&G;83XXKAc0r<2XAAs-dl1~wFd$1NM820)GGJeY?2$n~8A$>tm*jFFwrQt3cVaVH z#&;Vg{A=Dd^`&TmfE%NGD0vYWj%|Vq0~Za^SV7YtVP30x@zOW5guDE-chhK~31@*T zFpD2fI155`^cE5SF+pKybgVQ-e~78%<>G_K<Y##g$R%a2l%E?pm>anS^F9i<=AH?5L{%V`dDi#a>H{bbOsgvXV-j$>reu7XB2 zlU$dv6FdY6yPKgk9~8)ss+BEo1H{25M ztRr?zM<)T(_EBa{P}A$c@&GPKOQIC?dJeso)EV>*AGCwk4|<9ZV7s)8wu^c!)4D-K zho?oe;UiQriwmW|1}*IWgW`F0*G|Cyj92hOgLeBA-ph5AAUFCGJll)m?5$& z9w}metD;JU`A!Pda4SzP7;hFS81r zJvdQL)d;Vt7AE?6P&TZDX7Tf4H>}DHsWW z=sSw`K*BbU_TrVU-&PWqRA&}$wlTf+dC#dfeC62;@}cT%hI>G7q);6m8YC+?lHR2# zlpK5?`X)SVu{Fg>ymO`Jt)MMFbfM}FuIJOUahsztK4Q|-aVXgu?S(ct2K1FBFfgWN zG|;nNcP-lo$)RQs>A8ri^~ODxZ$;m`QQzI5ggujZ$|m3$xL|rtb-Bf*m5K`t9OEQU zbsUrR25xv-#v?gZgG5|uKokC;_lUu@1i@MrQ-stUv<68l72DwkiU>`@a+J8J6B6Vl z(2?b9;ir%L3UeqDXVWd_hO4nHP5^bm$waI&7U4}AhKER7^a{KYe9@;|W6MD?Y3eXU zTtr%MIZzpbLdE(~7RMGUg4%A>E3Wcjk@Q9QsP{^XGxUYzh!^P;h4)gH&DQd8hDd6o zo1t)LX<89_HjQU^iYiC1NI0NGj88j&5vyR2MmDC|jtpU8e4gMAZ=3SkW~+<%FOmf| zYP$1CJ_N{wR$L4)2cg{B2pF6mkrwMYi^q77A01DdxlpVnzfvi-Q|y5KOd|LXJ-nB$LsMpt~AP;mANS;~)^U@De1M=jvR_ zZE^YYC`b5ns*X26<+&-|dvMlz@;gqJ8t0fo$2YCUJMhBhe2Q5Qv(#e5K)PcY+66D9gbRj>TE0hj{vGED&&46kM zS~!Om*KJ7Rhg~I5ns;16E{HjGDj*poZ|#tD=*twHAwom)Ye-k*R1&qaxS@`5_GgXz zRoOAodDI=NuDy2dH|m)bD8ih4`o9&ZC{qQk|YpFDzxo*u4_8nR`7pA zGYo&=`j47mVUlZlJ$f$b3S+mx$(mjl19Q1Grse>4OU!G$?IxK1$jUx<7!?^*3(0!^ zM;V3#n9d6IW;{eudybhb!LnH{QhYt$FZ~Uylo=cz=$OK2O8YfStg0MBi#4#Kd*Wu* zek~v)E+%rwAcXLM$42CBP(o%Sg;l5KG;ALqe4DL9BHwLkU; z&T^K|d;2qQYF3gM-x&}PlF^K<7&a)y_Zt`;Xp_n9apJ43puDCs+;AE+qb*L4lI{WU ze|;f35$i}WF>DhzEEn(L!9Xtn@-8j_VShk84F(KI-sM5F80L5o!%>?9m=Kof$mS;BkEq0Vp^E{y;wera?ASY%-b0AHu-3^FcS;*SO_GfZifYQ5FbssKdlvWim zqb{;N1*U1qC@y;Q@;3f`oyoKlul$$;cQMYKO5=lv>UH> zMkZ7n!b0i(u|=QP$+Us!i6+b6Xo z*wqv4MX(Chq>h5siziw5Fl^1D%E_qZD(`d7j#f|DAsCa8M_sj(k=?hwfsI3Hgx<7t zj8yzv@R+Cs)Dbw6-x^wDCMyjgNa4FEj*%s|1?3Hv0ws>?iF_*(KO^Nqd*d?hNs+W^ zk<{wExSkSI3!o_iqM6(ZnzGF2|tCl3z4CMYD$y%`R>jcO}YaZ z$xj~!$#n{|$=m#6bCL??WVSSd3e|GJV=_fM6uD4KFp{4t<)%t%j8#*;CBW$fTK2ND zWJ0bPYuE^4tQllVz;2}yK;7axnbxrG9nZ%%_8hk~ohR2}|6|Aq+e`(LqqXf^rO`wh z(jyhDw&M)>j>Td^(O9z~Vk(1DHU~EFOn2%Qs?DX4P=Nr`ZG#FZE-!{tUn5eAMnB6; z8_Z@X38f%-q&rZ7yThEVl3}4%3R_ix4X*c!S4Vt?MD!H@4z5~d;O%Z)rS|bIUfFO1 zOD^F}n&z6Nw&qh_htgatHVlEyB}v=CnvJ~Zin`!>9O(HGH)@=ndkb#R0?R@>$1`z2 zF?`$T592+~Mi_W|lSNNrA|+?A_?K*2)8uY1)VtB~yxr;L!n{v_T+ zl8MInDGxqE`AK^HhX*|AESr%^MMqBesBPpGz<%8`ZRXUnX*&Y#XG4azM6f&+u}mQ*Cx4poHm*j?6ieeg&X~GN{f~mM8UrCyqWKZjX;& zEkLOObc2#>)c{Uyb&0u#?~gsOVA>`wG~Ph|l#Avn*s~iXeAlW?vc|I1p)cUJ9FY=i zS$Bn`Gu-D+)nK4A$=(Z->pZ|Fmw&4-;;Xp{(_Ziw>Dec_-p#*l@}Jq}O3)c6cTl!s z8DJ9(EckHzp>-(9no?nW5=>@`rCi~X+~Hsfgx(l-d{4uJ!+Ul&gA;tY4x+~&dWBQN z%mpn%IzisG7A%{eB*@nO!2PXt+YT;R69|c=3pAYi{gAq5f|`<>{l}l z1-3Gpfek&hO|tW?Y?{!}F_n5tH>y>wb<;!0>Ow!jHkdY_2!=BaXw<~k<};N!N&^~i zL&Lu6*!x1^%GZe=ANXW(59bB#oo_g;yQUp9=TvKa?pCVR($SuG>B2|*XfG8m)_lCuwC^mhfp8Fdu;su<+X z{Bh>PdbcX9Smp(B-lK`uYQiL#oz7I~^OH42GNG_AqOiBZFRzskp4!z81imeRMCJ>} zY#pE_1y37>6X`n^NsW$t$yy)F)$_nPe|31e>jr^eZ7^Q(fF%vN4P!<7@3gzY-k7Ty z7oQ)BGT=)QbM~H=9%!4#pZ7{*sLn(}p52NO#1g?V@eetww=mMkclEwQy}8MV6h7<{ zA1h2#?N1Iw%W5O1+j~EQxY;~{5C_ZUx2?>q17uJshLkoy9w&0lg5y!Ui zlEfkNvOwZeQV5D54ZW8fH|+%nwG>mzx4>7@+#RflIbUc5&oT7GSQ0nqg){GL(ziibJ{VNDkqps_%}XOB>81S@C7}(@AP25G#}qi@rxE!Asnk_^*;%h1W#Hyej-$g+6^u z9a&Vm0p6lLwt?uj5mXN0b`W9#fb4pSxrRA5j>Z^YFYHt?WcmC$Q4J$^eatVCk?6mI zdboLACAOY2L!pJ$6J}xxs;;V(lYj|BI!1dXL+(HWS^!VbH{_OWRS)@t4QU~Vrbn}- z9H}oGs3G9;@zOzXN$xPnPK^SDK^)_^jM7Gf7sSn@?U+uA;ank$g3qI+>!ZFWNGYta zn-aRAkg_vYorR)Rt*!xW()1S{10>hS4o!_rWhZkpgR}VTj=zqq+{<2vvRR`?5neM= zAiY_sK<->N4|%5GQo~-LYH@OAYy&&PsIxK~$nl*<_!yR(K9WvLhd=rwg53sVC*l)f zkjip_(r`m?rN}q!u7iX&?Zj6Vp{1-5h9-%IU(rpqOvYNmg)HHXx z?*tvb+-+w_b=Cn*<+ahl<7`?Zf)hYS=@t;xv+Qi9g4k?Z%_f|qiimwUFGbzM|J6Onfo2s1Y@n?{uXv|5AmqBTU2hF?M z;FAEV6;w5O6<@f(i_$#Ay+g6q13Jkm=7@8L%tmb;IyO=Q2D6*801Tps76Cbqi%4sj zjEc=fqFgm~`%pd4>McZu1j`LucxK?`5JPVb0o8z}dd7w8hR|pmuq%JDAq{q9BA1;4 zho<4O1#oF~=&%vOqI0FSy}1MV6l%#{_%AqT$Kf5d9mbA>J0{7h<;9n>iYfVL0M*W* zHVI6K@mk$+eckqfwhR4$eAPgOI3NlYYoUP$>H*y~i3fY5PL$7J0rIOH!{Jfm^u^Yj zX?s;%Adq@av~|D9ZMq& zo`{)_EAgBRWmP~@t+Yx_qLkO*`Xi&h5s8?O7IPkazcF1lEncKpRWn+pjnZIQavMoH zC95T|1F}GE{rS{|q>TE{KjRjh*>?&6jdEL(McmvukbuSJ-QE9gE+>WL8 zo7ZZ&i{Va&^@LDlar(OrsjiW_C;*(Gkc1Ys4QE;!i`n-oAw|DvEuz55H4ck=54&KO z&BV(6D3+_ZdW(zWGcH`%3zzdmyg+G!BICBlpPKbAOK={E;Iy)hm`Hj>tUX5Ig%I+l z1}L7+*Ihqw3}GTx4tpqN3niiQ5VHK6w$c9Ez^4TsN+xop+$bm>8X3tIi(`i-CJt*j zi;m@6dewRfchlyXezp#WiT;|a>kZG$t(xTqhRa?PVQX9dL9<#nT~FPfYd}OeT9*|6 zal7I`0jmC3-4?@HF#T!QF&brG{cZ4`wI^1E$oABhg50EZiz6;}O(q8f-ZPo=M-zQ9 z$<2EnlcLB7b0Rf9_!RvhjRjE;~9pH<>GCGg@+NB70!&u$Ex{WTE1IlHP#* zIHSS>L@hI@qKB&I?c52(YM;9_V?MR$)J#oro{xV#SMCD_9Y98Fkp}`&NqC4p6TLsE z7i74wpJy6C^Ny{PQ8bSwS+B=9m)_6?CWo86rJodpf|xg;E{7Ubp>Y$u(9$>&Wxv>f z9VV&`XDx|lwSZx{DM&5qDE1^}ST2Ph*${6oxT%sa>EwmW<;o7Uab~Jz4b06%^~4Nm z;hf{sX&S6?O?6m0ZgQ?Ds6e?QpeNeC*dN~O{%(_WSpSEp+5%|(-k z>6dvq$JM@TXZnn?yq>(?uNear2=N0BKm0&mYvNN@d4Htg`A&^!m6D6k2FtvU=@!v{`H2i!5RhJX z!1UoF_nop+4MGJ-l%nH846mqFN9f2%R_mrWP_W0lP`!)&G}Y4yyeFQR~YK!o=NevqD?X&VJo_Z)kA(bYXO z233plCtFQh8K+H?SO&O_gjV9t(c3kv`l@Nbo<|mSHx3sU93 z&Y`-2b4zit9ylO`kq2+)3D5Lf?%OSG5by(eVjvpm=k%aZwHN|x%Xt|2IPe-x zoUb_!tm&(O>V{jyh@ruTuE=F#v=3L3zSt;VssM!u*b#e%A<8_;1K$Lf$_kahtL;?L zD3(=gm~t@ZZg}f5fy={Ia1nRnKDMTNu+N=fnNTFT~L96Xt4WSds#+Cy|i>+M`VJfH> zgo0WzS48;BO)d!~z*ZFB$f8hm60s`e{x-fWJSjRySQNQc-_=LZ`?$+NWdfJhf*C;F z>JzHcc-|rRbLedq-}4|vPM2xXj=!b$F$Z@Nt}ntXCyZ+31a-7nWVmFBFv$E>Rfnqr zf#%i*Tnuy#5a2PFfhl|ywF29Y)249_XPG2AAEzE~Y0Og&u>JD5>TFgB?SRP!EmjDxwh`U2ZkrT=F(cD<}&_ro2 zi+srErt^hTlltaHw=R@u%h_2JHKoctC((Apw=5mFGjPjM+TFC|dhUu+Av-scpBfuK zfL0WdaVnw0O%BQICiqM}N<-W1u#_u2P%k8XnJn#*fPq!&a_CZyI@^@i>Y;TV@N|?5 z%(Qq%u~*q>Qeiqiw~emOHQg6+hj?CuXgXgBS~j+F9lTKafozlFHGrYPW~*=1=f$C+ zCg;%E&F-Kem8t3~%Zzm;rHQ8-=V77%%UzIwXvdFepObh3OMUmkBOaQ4=JqH0bV%rj zEa#xDhebP2kIqM=0I}YdqgtA4RWlVbje@q$4egvPIv=V6#CqGcK=mWFjqHe~sYlA0 zzCuF{Ux~N%JJ|4G1sI{xs!c6NqKz$ZywZRrk44`JG&Crj&DFA5C%$z3!Quq{;X9H3 zkZl;Ao?8)AeTt6ulZ;13HPn_)gCw@4$4l3d^4G)5t{yF&Ug!y$1Y!#{l*EMGS|$_v zM!odpPi1;$v?D!HoZNFn{c%8d;cJ;O$mb`|hcn7{rv6G4TrK=QakvFkoDHmGW6nK) zaPJ@*#`%Ni58?1zcCvtv$zlj;C@LS5tvz}e(Pxe*6-KR?s8pDJ@l}}fI#o&3I!p_d zq@@lMp^u14OxRhcr56O*ihbR0kQ4+PIZ!EL&$sR%rBHCgAgRB7e6Zwf#(^aPk=cu< zcSYs)jylj8!f7?)V|K*lzt2P-@f3k;h0+{p30ut-OWD$)V#dR1FoJWE9P5}JiSrp3 zDj#tO(UR*H3(w%mCXK1J!rM-zY%AKL=C%X1E|y9ZPnSplp^!S~l7@7Ie(tEZs4v6a zL6Evova-Mu%LCbqr>TVHOd#Wx?A7&0LC8KS5zgLDi4bAOi_7Db@|x{vWN`-ENcMWC zR@YtXZ03_gp|H6p%BYPQ9jH*TTu*U64D%h|Y|1ed-b`i3Hk6R|v}i{_?TxS?oEyRX z`sYHT;Z_XM4Ax29AiQh zYkBiC5(zXsB^;9YL3TtnCE1baDanp(a7wZxt)?Vw;f`F~(h}(h;pMGbMbbi3EX574 zvqyVcpIm8=G12!JUuX0J1{*(kWhf};j`g5KpdX-|j3oyvQOfdeTc>|VDOqvUr`AeX z8^tPY2jEYJ98?>&uIN@ZvEgF@IT~!YCXW?2iA(vzz2a;g+|6+gJA8v}Qr78D=y1TD z$Gd^&J1)8m^5wu|Q!jI>SBL~`=9(nUrKQUAg8Nf5VC&l@Y7vNcA+9_kgh&x^TU*mc zC`lK%NMC(W9-ZJ}xvPes|lid!~`MryM(bbsg)F)+*{G(JSNs!H9J+NUe_xrjIIJmeERbDzFu@^Mfai>w$4y>Cwp3 zGuhiKk^Y>aK2GPCrbS+&qJGwL8M8Vff!WELrx;S~G22Xv$|A>QQDs;Sh7ZZN64 zOXTLq!&mN*19a&st|O-4PgWpuxhjNuX!xD3V>JIlkK5rz8@UNv@$Mp@pc>Ftkmj+a ziO?UF2c;TQr6V=B9+(?(i}k)+b;&}{O#DG1`g9O!G3szZwLx~lS0meI0JoY3x=kpkBuz*NK)eHo`_HpTJb>iPRhx;LsYjpRZtfE^9p4LoXtf zlJ1Wo^&II)$vr9!DY-YS0ZoOKo&RFmOz76X&aV4a+RVmups;2cXhPf+sFa~8;h5G+ zAL8;*iLDSHjzR4^&{H^bBUHang67>ulLiqgIGSp4p(vfLl&dlJ*|C)h*^vUtc_Y{c zsPUSjzo`3S9ybd3@uDl96jf2_Viz4nr8umEC#+UgvG~}@7`oAduV&zHA!6vT-W0nFzYfin6OTQJfpe zPfg`UO8LTE?uzkZshCNw;~Jbzp=p#)LJ;idnLa3^!c@R_YGvIg7=j7Q^G(|fXKwOL zpT65NF0L|wF_>6r9O7Zw5MPyXjlsoqd>cx(BXwKVJrCbMbl7eBqB8wn2TFwOXqZ z=lMK+xV=7DGLsRXL3MmQ^N?1@!L!$`wuY%D_2vq)X9OD?q9)wy`XQea)`WYYN$F)T z01KywQtB}q@e^PxN`*H&L6MCuR^rM?k+1=#55g%5CGo}|<^1GUGHSl9R?)|)#vYK6 zB^11LJqMfbz(#tx+oHql1`5B z!1*SXGP7+kNH^zc3h0v#%Xy|@K%!%Qe7>>4mhf2;~u|>p+2(9V{ zdAqu%rc*z4YYyAQDdon{W|9^83y}MLs1F{>Jiqh7_2y^Ly@Dw1%|Jg4E7%`xGPVuQ?Rkn=U+HBoHftMdtoWpyIM z)e)yyrtqMzs8v&V*G~oVMy+_ngA(`N^i@skEPWCBm$2N$9 zt|(~{#!3Sk_iJ&c=+xqFF|gTbnNAq1YUsIshie4-~Sc@%$9X zkAW*DC&1YFM6RgC9|=caD$q5calZOPHJLDg1VvgVa*sDJR@zv zNPC#!4ZLtj%oI%TfuxRR<*0GVwixnZV9pZ~phzzUb~*?hIHRoFK(uggm0>%iiHVnA z9OnS>9$#fvMRaMQv35Wpm4UeJ=TQa_mAO$c+_z>IcG_vhGEjphS}R?-@R-(2&}@m^ zDeI7DhVJl)JJ6b}zB^T8n!HjL_Os0u`MqHHUW=&G5a7=R%rmx>du1MFa(D461+585 zQWd~EzOh(S7N~P7Xc16aqKeeycSVW1NH&1$Yf-lsOf=zYV5G*lE%Jhr54daz1+!kY z%DUnXccb&q&F>yEi(5+nZK8d!E-u!W^?V&&3q97>gwSJvXGZKw{Q{|n>Q`u|%bMUuUUA%BE3^9o z>%ytA3#@Z8yZaWr#(ZxYr2DmtwEm>k*Bm0Z*Ww6+{uGj6OZuxgt~f@>J4tzTG!ih_ znjBX|6@4Zn$tM*PHacGN1u)p9m;kwzLm{49Hi!Jryld)9!qZSnjQ~Qx9c+LKA36bZ z^dU1CRy~zo)P{kCF=9Uk4`>%@Km(EsrckmjBw-XK>i7zEZ2Zz1QR%q!hc1sWVM0~- z;>}cRDS0GBkjPSRLTW7;Ipq}7x@9u1XJ^2!@I=r|((MtJA%gg0ICd<03>@dlSTl4wFNY5znRT~xK;_PMFx%@OdLKkD| z7|le2rVb}ysIgVrO-{ zI;#7Kz|PX6T7?`on9*d8UjgG&V|o4{+Pd6ot3s_9G1?+P4DOgAe%}N>4cjw)zyaip z1wde6s>g^NknA;=_3CB1YavHYO>UrxGtifa(`&%RO;KQRQwi57zwi_^3^Y-C86bSX zlR=?;N&}Ny$O9v4JeypFW+w`hX|?zg&aEv(2udO#>Mcs8BEr@Zl(5JaO5^-lYH4Vv;RvB{QwRLiwj9DPk!^N~1K!^u+i`wv=x(6Y6j1e1wm#F-Nl|mOK#-!o;sdb-U+O4eqVH(b(on zi?>eIP+bJt=E|7jaZRuDe;NVYb~lFd78!lZsBWJLHnx^VV-6(^XyRXiou5a%ot>C# zyQS8CA{WQTCvq{2;T#qzr)r>o4RKmEv;&NW9t!4h1+SYTA{QZ(qqGGjE@PYlH6~d)?LGDckd>-nhVa6dr$Zqc zHpL7S7mgWhb0z9BikC5+FhdyY=y`~u&Q>u4H-`2|Y?v9^Tt0ucCy7BT}{HRaUbNy{J-`7Z8K`8{ea(-JwHl+siEFRKTyoJP1~-YLy;Q=XDRo zO?kdvt(vZ=A&yTKOWBEuT!9(Ot{k79D;=KBsrDCX%hZzV+39IK7pYWQy&BNRf+0mb z25LvkM(CuNX(Q7M%-#nyvaL1QSlh>moq%eFt2@olatM#gu>_oNm6yE#iu} zEZ9Luaq(Azl*l~Wp&YO2btufxe+7{Z^*@!UX3A1cud8dZ!Lu_u&Lb;xO|OUS(c-jE z>h+Lyq2-~9Q|n~2P5?p{EHXkwh7eqIvIs%ooHhOpm(CED4gq>Wyo@FP51ky zzk!u91H%kGGDHQTB~TL0nrZvMb__FR8FH>i68}w`nFg4!Y!m47&a#OZCgMBNe#$Y- zaU;@iQhFvI7A)fub1f6YD~FB~dwVSEuvdV+Y5;f@{`+c9mrehjL50=7PCe^j*tdKt(|y zpirFx*Q{6dvRN`${fySVlb6=)#T=W$xkblW0;obcgN?-j*F45GJ36G|E&&eArYowf z+hE=Vdc${Wx^I>BYIO}5rf<46%Qg+7A~;xXmm97Nm+_+G`Lz#RF(pzMbkC0yaBdp8aRfgUbV`WUtI%U-7H&` zHDLJwHcV-p!4BzyaNJ6|`0WUStreWR-ndE9Pm*q*kvwZ8mCo*yS>+ zc*EI5ge^yTya+ukbBPdI-NVA4Wo#ivLP~h4yf-AR6*sBjD>}@-p6MUdbJ(L43yHQ- z0~?dP;R$RbfaTjvP6VeGDasp-XjTFv7k_P|mtC{wEF+C7GB$Z$FE2If==wg@iL zT9L9smHrkqD%Zh4y%MyBzp<{dNWqHSm~K_Ea4b9ZHFmR9VWxiJyI?P=fdL-80v;xY z1hIwdR1sgiNEjH7iB(2iI*+>1`3|8Zk^#6YekSJ1uBrRxe$*yknQ#{1ukd^ycRp|w z!i2K`ThLRR$i=2#PUB|jDsGorr3^uUxW3gMM6gpt!7(cpv+P^T<{{5?GpZK{T&F=y z(%ZbTh`4CU^^3>QB@BOP5U~oi;bPpvosZ`Bx5KY6-2r;A-?>tLZscHY=6BNOeQZCq*6%^5piVHEL<8RT*P%3^5HgcB7enFU6(Yr2>68?-3t=*zhei&Q^ z^8v^VO$5?%Y-0ABa29Y^b-m%4xmB~=z+?)y!#E+Gi-UZb>3Wu9M*vYb#*jQ;cYPN3 zqXrUCI_b@SmMSLnZ(}MAv1@oGQ<(kH*MKWZl$1k)ay|2}(mc2wNZkZ9^hue|< zo%&kakEKS$tm-VAZNHQn;V*sHs!i&iZ@QP5YwGWWCZs<+^V96;fw(@RTV-1T4%tvz zeoxv6-*I;Bmfv#igzxG4ZTT@<{is!=Zs@)la8LB-s+MG)tEO%rs^_Z)xdv%7<5A6J zXe}l|YDD>sGtx$J8`lJXr8dy0KUcRUdz5XoS>b#OB)mw;6ze5sqNZDR*ONc;4@dBU ztIKY>yr{drps1yhc_+;bnFq~k4bBZxiDLCJI5;@CZ|`38@8IB|{O|5P`}TAV?H$~= z_q=_(&)YN91)mHKb%DWcAAMI>R|9SfU4xtMOCH?gpV& z+ci)EQDm!NDhaywCT`)x6+v)1Kt_rXc!+a!7vz39+yz0prq_YD=rpPZ{M@qX#hJOP z*XmVsSOp-Xz?*2fSji&Cs|>Mf;D@9|VC|rb*}yWP+2UV@=ZJsH&5YNm*B#dvUXy1Dh3X>C_RP|xjE*fihp$88+E z<7JXViAjC6Kp-Z2dsVH{LxZ5NFVPJy*Dd6x0!H_v6P=1{@G1e;!x?+K%-_->=V=aUp;B`*1ovwEMi&U}`WmG<^Qx`Mc9NaZOsU zTj}MYG`?_3FPeJQUp$JIs^x>B1hI;_9BIk#=L`Xq3LMjI zXfT0%c?cPI4<@j81V0J{-86vLfReS+s8-ifsgz}daoh62h-3S@h4Sg(Pm8{TvsUos zQ9`X#sg#yTu6t$Is{0I7zP6%$wi1KpVhP%@fY9Zl=?I%I7v5wKV$ zxjO+l9Y}bPgFD0_IYd@LCi&t7ohK4GNs1%w+zAFM0BTlg({&w}w|HXgg9J3h4U6oD zrU6o^lzMFNj7#Q{8e_$d2gCieWkbcB0gy)9Xx*`Fe?Xdnoe2OqApnx=0r8p%a+@fR z5f0EcA*<-_TKn-0CMwpWE%l!Kp+7P9|Eja#@DB#ygH+vKh}%c&{eREU(9pT^{y(&5 z@X7uEWc<8xdg{RGiRUG{y1GsuKR8Uzo*U0tVK@Ql;Cy1Gtz@He-2b#*;$Av>Av z>bmXv-}|J&F+MRu&b-&0`iFn@-v{M|pBZan+dPP-T&dkhc8*W z?ZeMm`9IB>UBB`l{M+w7SJSS2zW4oeYM=g(KPb+)10Oj4#vAWG(LC+mTPh!YU-^-) zM{a!N8#ms4TIJd=Jf(7c^3=b4%D_eM|MoejzVo6}pL@z3r_5aYniD%;ar$XX_aA=h zub=kwa^xBmWM?atqPC*M5nBY*OR9WT4(H+P(Q#Zxal z?bpw}_bt!7zU%sL{rYdp*I#$tWiR;1gRlPgf4KMI{OJ2fPPt@s`O5WoEGCm*@sCwr zWMw{g>syY$<@i(o>VN*#-=6r!iT}8_+&t^P<6k-PyC=SV{<`~}-8bI& zuT}5OxBunKXPa;O{uwvi{FldfXz7a&{O$Rly1VknzxZfn`G3Fh=EU<4)W+WV&@*m* z=(*1O-J^SMzw2+^gGs(#1-1V z|Hixe$N#sl=zeMLTlb!G_b-#T{_eG(IDW^y<)yB-oR~dv_gjzr_+QUE`jvlr*7DDs z>obGDWA!Jl(Dpy_?AiDH!)w=HIQIWO_jlKJUwi78EARZ5{2!k3;8X3Dx8F4UwwwO# zzkmMc7u|OG5APU#(@jr#!@<{GoqqO}uT6gKzHgoXiEli^@ACd?VB)I_pZNUO5*J>( z=U*QD)1$xKxnp+Ek>2a?JnP0k`sANK>(U!`e(9>z)FlV6JI%TCfpbs1^2?QX{>R#_ zKfLMdpZkZ&>wa^_vBhftuYPpyU5|Y5Q)k`yM_>Na7ft8h^vS>Y#@jyd)Bk+KGhcrB zDL0=u`+Ix9TX)s}&nJ$5+Y_1g!pdh7W2K5;1diQ!+o>TmyT=)U*7?JJ)j zTs`OZuf4PRnTPIs*=s(1ZO^rDzW+Zj9lqtNZ(TO~LHBF_d+$RhMw8D!wf~0SzVgbe z-tgA9rtj>1?()9dfA!AFC(pY4b>7uWx7&?}f2(lM8J~a4CqCuwc<98a@y~rnUujG% zykp_oKfLSipYQqR@BQ^h_IE$;)c3CZQd{|$`&ZL{_u_|+j~er^)hGYr-|zXzmGAz} zYfj7@&-Gq0d0O|0+pqi0XYNm*x$93ZyYs9+{-cTCKDGabar@t1|EV|r?Q_m~?nBvE zzwRAp&UC--uF5xuZ~E!+doKF(mEr@Zyz(>ez4XKxZ+z<;{^TWB{_eL+uYUM>AAa7A zXRc4Y|B~n5`;=e)-*4Ub&GUYH`DfPp({C8R_>@bGGk(zf@bmRg-*@c?i}zhK`~L5o z{mrM}@{5NvKfB<6z2xGr|G`zpYay`F;a~jL2VVUzryu?CsZ*!9x80ficra1tk8@A;4F_Ld zIB|w`QP12}H|=Y@^CNfP`m9q9{J#&s_+7t#_iujnxktYE?uV17+IRkH>6yQO`g4A9 z$EVNw<3IXk{_bC#vg4jVe#4)9ec-k`o;vi%AAjW=|NS2a9=h=<Zk5~aImuagDb8+de!>q*DHh1zHzMfPw#ujML)dmeRrHWS6n$}{_KVy zjJ@IoZ~gqAo>%+VU(d{a^?AtU;e!Z=H77p_m5xyluJH4HTc|9FDqW~ zlhxC2ea`A{uYU68uT6-k<-?Q)K=K0tC+vmpn zKXLl2|1Gg^-(@%NHWMFu>(WAq!d*r7-dDh>&>?4IUFL;^xg+Dv%5B~SwI?2){n@)-vFo;{|7Z2)x4rkn zJ)f<1f9?MJzkAA^|KGsgZzr$*z>zNi55D#EZ~p#eU;2-qe&SRAUcT+=-S<53 zd$*2iKj>||VCj|3r>s8vi)XA~n7-%ypFHg+$1nKmoBlJg^3s>zcH5i&@-64Q>N|gT z_tfN{eClnt9QkMK&2Qg#&S$*~E0>%;^|m`M`StU!Ui#3^mnVL5&dP88`n&hcykhvS zm)td-Jmb{<8=f)sz}%ZAdgcz^nm^_3gD-sPbN)}4{m%cn>%EibeE&5gnYW#O+tZ)@ z_y7FS&)@&rxBl$)m76NJ&;B(3XLsDPwEJ(K^Yf>D@q#bD?NdM2h9>^kvl=%{eE)$T z+B@!i^NG)&`pnm4Zu#!FzWj|JeCR7TpL62!`Cp!O$t}-4@{&WvU)}Ryf8z^hf9u)T z4gB@jtKS~_@^k+FynkQ#-t2?F{@TTj`>wzIXYYRAt1{2Mq4K5Ayx^JI8^3hv4{otv zdGqPN>>fPtq19VP{^!?cUiPl%f9x55Gt`*L9QodvugTnc@7EuB)qDQiXP>_^wfEb# z6K7n#bjR}=ANhyhz3w+lpZe9zyAp4!K>|+v-mRlQco zhE|u|n$3FjjsnP`0Iu6m=#;l`vC+#d`>Y39Z8N%MdJKQ^`qjiKH8(sq`R)($NSl$U zTz6@0TC&?BenrXY9hZAQi#KJB=HI>_++(d@xzWk_xjDy^H)Klo4ozy7bh$bCZekbnl-zb1 zUM6F%hAm%v;n4uo)!q*-PF!fLF|sHfH~fT^sbAbX!PiD;59G&<2D{DkR@@vPD7 zyMFkvME0_+y5Cv6YDDR!>o=oarq4fF{p#&n^Jbgoh*}Npxt+o!{A$?hwGUGRU%F=; zY%SS!^WLXZMSOqmk;w;wZmv+Nt{xRelDE@ zwvC$SpOK7L7e}ov%6vR=_``b(jr)XD?-n+1rFtiy8=tr`bl5>@hb!=z5|agUyB{7l z?PW~ala?K7_EwG;Pq&Mj=f5r=ziip@iOEZ=3Vx7zMc(JB3!61Q^l|UjgT`IoFHx^L zCQTTT|2h%Q&a$yE@;%jKkx9v^Yk@7=4Sy~y>7K%&R5g_T*&}P(Vx#WAs>78WtK6lf zktK&zC$F@S7O!(N?Q-$g;J^Wk`Hoq~&cw8zeDb|*<)iD@61(;O#WnA!8#`islC`68 zhj;C_JS5JUw;0f}yu)PMR{atzH*46=IGfsllava11mMcs==j?TF=>IRvj3N zl$V$$b9o&Q=1Om zb1@@uWWOc6*{af#U8zT%W)-jhHNW|4|6LIY@z$8{+AXVFe6q-JxEfUDnzcA^Z83f( zbKv;RTe`4wdXKlkID?E$5c>gvSN2PU@kJpCo_>h-UYnxm{8yNM6a zW`9QVUvJ@8ytvZ+0lS~Cv7gw6{3R|q`&7R1;~NLxhLk=T^6tWnSyxvUR1YqbZY|i~ z@_n0pn`zl9-oWnV4}7nx#pN}S<89lhd53+vJ-RqtLdE->@t}K` z4X@Lu34IsbUR5wiQ_^Jg2g~<)N#@VP1;=9o^2d~1yIpdvP0fJ0{vBB1Z2t5JMeBk{ z<7>~ut6FQm7T7Lbu&bhMcl9dq)uhIUMlT#Y=JULqwWj??Zmz;$t;t! zv(3Vm507~?%x%rVJ)LVTeI7*I7~eUskHxSi z5q?V!A4&AxR?xY|a;~$0ss~>|BrhA?DI0}%t9*8S`@nIxi^Ap=9dq6_?Zo`yD>n}` z{>sTXGy)l$TfD^S`TU||J{v-E+r+kf@!5m#^d8DcOdqZ=J?d3v(cI$vm@7Pf^ww}o zRe4U!NYk=+v!6}PI95^qJR!FHi+AT0CTVBaUitmlUhCr}thd*;5BV(5S~@OAc*=_YAsvp9!;n>3Us zO$C~G~RtFLUH^4(O>g>w~Osy#z~PrwS8AE zl_VNpe-Qq&D%Ym>QZlsssCB>KtflU2P0J=r9?6_)`m|ZqB?n6xx*^GW&&kYV19&}N z-7@wo3sRgay6kuD?UU_OhQAAUvI-E!pxB{Jhdu~PzXq-Ke!2T1j18=s-`077_3P%W zaCX0oio0)uP8PTD-{yI+Pht7t^+I2)`T3bSnNL>!e*JUFv^CzaYfPZg1hbjNOFz1mMs^n*N%SjUvnjSY|9Q!%cV%HoCFVRN3RC+f&n?RGu?osf z-K_p}`R<$9N1D1jE4MAGnEIe>tlLeI$HKE&MNOx6YSOKu+N?Nx@2Do9w~pU<&o0V0 zWR*wOi*Tn2W-}8`e+pZJKPxC1|1vW!?XlB1+b!t%-Gv8xDz_az-U&_Z+C4{_QqV4A zBg#GaTY<^GuG9G!kK8J{+@-8yeD@qFI>GaF@w=ZBnjPq)+%}^{+@-614mmHd4hS&z zTRA$l;KH>1t<_Z%yFNJ)uB@|28?1DO(P1S?vC0?ac9&Yn-y&E)~UT(ns0`_!;}HToPfS z997!;$bs?Md!A3^%9hP`7+0?O?aQQf1C`sBTuKcQR`+SMz$DE%J#50hy)9z8WyIw= zZa>cNZ2NXVr<}+XX_s=|&NtVOneAv6F6mvlFB#9Yl*Y|>?rO$C1=qGb3N#tP8Yh8N zQ$*FhU$4Hnt5-RErSZOkZrx0{0lvn5E0Ygqo0^+(GJC1MRs^lbLdqw2uelJlUXva- zrDfv7M-E0TjDBqB0w$njNf;r=ac_j_g?2_H~?^U+MiKEPFo%c1^pCjj`c-w%kZQ z(-c{CGSEC{if4Y~x&B)x@86l6xNKcc&fWVPk@M3s~qg{CN!CbqUHEWJpRBsnn+r18M&V9LkdMi^+ zV@`-qx`(j3cQBuV`?~MgCKsE9-=9s&-tH@ipMQANgQc%ZOivp7mCyN*nOW0rn}rz% zWz9}!mA8NTdR0Kj3t4*urPsI91PHtrO4q@F@53 zps*6B%u@563!EF7an9{cK3cKjaaX?sFW-&zIpC&V%Wix6o?C8rlko|?m4){&bl7*Q zBBZCY8Ry)-Q&lJ2dE<<``)?Noo>GK}e~lTlYN>VMnsD>SoBbny$_Y%l(k`RtgQ+}a z%(?}b@=4mgifOM3#?SZvWxcS(Js-;O2%2Xmd0No*Tz@mpxg8<=u`7f6t+Bd(FJEJ# zIaLuN{x#x7re zF3MLDy8Wm{26W}ot@{Z?xuy4s%$#X+OvZn*pHU>z*tSVENfVFe-BUu>MRQ$3yMK)@ zxAYz|`AyBV8k6w}yG|Asc+8)&DrlK*?CxT;pEI_;jvE1 zPi-}2fPF6E3voLd+3ie48J!nu-tiBzqTxv2~H#5NMJ z^NL<>8+|5EsIhIcreAhad!c7h2Mska?J|09e{9s_rpEn!e4k}Ix1Lc1_1rsc*8oj* zT$6SgNy|<%7_Dx5EN;~FEa|!nyWO&~GvnHAv&icX`RATrb?_$Lt;hbW`e{1cOTHIV zn0|>W&_(Jp^W&QReQhEW=DT)T>K~k&deIkmHEs5$agU5U8CoOKW5ApNe!Zyg?*29fU1s)o8NG92 zD-LQ|@xVQ>@u83HoYV`7e)Va>3Qz4T@!!;8k4a^V=dJ?|c&Hb%-=$8;o*%o_qTd}( z(>HlP`^Z?~sUG?5qQ=biTb21L-|g$*IsN_KD0dqLnjM<5{UF*RO-!-S;#tkYqsAm! z2RvGD(`Q?byb1YXbmgF|OYF&ZQNA6rP2|SA`mv%vFLhpOUhGg_VL5S9>fu!Zi;6Y? zEWEkbhurk)q9Plwcis>+cFDs_9;do{vVW(#aNt^-r&rq(-4_+D^*LgF#`dTCF|ED3Q6;w&>$sgaHjN#={AIl7u{k|Ayj{eN5NDc0Z1$x9V?W0{ZUJY>!JGui z#- zHt5j4Cl0?@cE~KEKfg`7Nt!r$#Uisqq-EAmU6#*xcC8)_buT^NetY`QP-3Cs{Ch|EOK*i~Gji@;AFHg0X}od9*ItEyZVw({B5S3* zck1M4YyQ=rJ4F7TPRP{jE-Z$Rx~Lbkd)P+#Hok3}!M&302@2q`c;mRnhdy=usSH9> zwzkXYNfgHS`|06s;f$iRUlxRjs%?Y$Yr>1UQMq_Y*PLM~Kefx~8MkofpslT5c(l19 z;Gmu7rMN9``}DQda%>?pW_@SRY91a3Z&rn0_3Gd1Vl(np%KWSW>N%kK$1!7yOlE%E z9@E{^*l*>qm1FwY54`ed|BlG#tAy3IZKj)~iSuXw{`;j78OP>7F>#_0aLc#Mt(dm! z=*O!4Rg-Kq=Xz4IG&V9DFN_+$?!wDwmgUP9`JBw`TGLiyQQf;Tru>T+CAB-o1iWZp zIWNs^>hWJM2)ODQ?Dg5znlA5q%xoI|;K0B(Im1$d+GX@yRoLC;`Vh^7pFdrnI<~xn z_Yl9_=KX$&GF~u;!e_oonmARoxUItUlxie<-#U6!SX5Rg6lx1?!1|M6BDQ}cL-HN$y$ZjOKI=trqN@-2y9qTrI=ga7T()Y>1BbyajU%Ob|Bx=9WGIeE6QG9>( zV)lC5DBoT!I(+Q*iFe|#ZvjhvIO5kN>rT=+rcNf~KaH>o%}u=+oSRyXE6j(Qj_Z5e zT`k`Gn^RNkth8SaJuxyjKQwja=E4C%wv(2O1d5rn+iXY5pk-_C-c0M-f$C11EYoSG zCgT(2smrT!Q>iKC;%{T#O)mX?(6W*X3m=H8ZQCsTa6EVVps-`Blz9>Jz~s53>xYqZ zN{lQ^UuWfxDBZJUZ%aQ%>Ex2DcDW9Ne*Rosc+hHR<9_+WH&QGh>H9!5yTogGl9@85 z=KAfL)6|6b2~HzJN!G);1@ZI! z-K#$*iA=}GbI)`a?ze5T(j-m1^4{W*u`gSn7`IyVWNpd%yqT$;x@}r>7+%n1zsE__ z5xcx!q|hq8|njzB#4`GCxtb}MWp{-?u794Kj3y*PRF%f&@oe4<(5si^0y z*B`qzEAs5yJ}|qbpW~@k=E*I|R}Q87CI#}J&jm9#YN9r;j9Itf37oSg0E$4an znt8j^%zlZLc9mU3`)z|;QN~9_f<>dTqgHiPOU49j$*Twvhh;B2RMkk3baRmPnjP=o zb15sy+>CSX@cKE!TNxc|6@GtfPu~#>i?*EIH9WNt9kjJAD_C>PZrFu81@ZH*&oD_7 zm)x$%Rprhe)Lyd6diTJJtEWH4rusgA-)Hd!Jk zYG%QCjF`t4?aWVCggo4|vglCty(mAEv>5hjtYh!Dv+leP+ek52NWp;A0ZHcl zT+K_boZ4ZdUd!gErw=`F$=kTQt2CgT=UwJ)?6>m7Uewp@0V~RRR8yzt6}HtE=M`-~ zn_p(DdD-G{%jl+~*s3j9#+5A(CT~P3m>oH9W6PSG1~%ekHG1%{;K=-P&WyHOk9c%E zKYn&mXUd$T))XnFfhL=htgGx};G=MsJeGB#tOeWYUqA>PD%Q-Bju$Au*xl=baq#zA}ET61vEbcZJWyJlQG+O%p{avzIH z9sD}qJh6Ss=A1W;OLLQun}@a>n_INqr#UP9D%m^VWzg9-SK34!%pNhmV@_Dglhn(T zr+31dM4Y@Q2|Ukn`Pb9Z>yZs`RdDS&fTv3?tXPgyNr##w;$wQ zPMVm@u37%-=&UgH%how#Q?_uQ@hi}t-5Z@qh&&Wojy}qy)`Y(%SqGr&u8a-vIMObr zr*hj6zXeAUd?N$5?%(UB9-jY#J1DNyQ6uIfs-2Z1xN0R_H(W_ zX_w(;bW-u_KK|&Z5j$dMfA*9nzA7#7@T*c)X}Zt8JtrwvWvglWJ|Hu$1KN%i&d!Zm zujv_Zt(mf7x97prF|XI3K63hYW=&do+0#B38`pF>@iNv-x$I+g|%0uW4*1ZyQrzvlb;sR)oDX-a@LM|yj$C-Cy3>Bvv$PBG9m^M~dVe^OlPHRg zh?SQYdv{JTNjtkXYNO|YNT2ueE=HTDA92h4l+*9L$NK8tsm%qCQ-yw$CcRF`s5X|X zY*$SGdga>rD5@Ut-`R(A7P+r(HE!&d)HtIj%U_+z5AI=+lenV)9Y2qQ9#uZYu%x@O z(^KFQ+;>5 zIsfay>~;<{?UYgJ=Qrn`zEM`NDYM1`C0XI@%c6Bb#jB@$RF&Qoq89rMnt zS$1acR%~1Bf^1P$Z0T7++EKG7lTH@RxRW{lp_y&eyu&|jFKqgyZ`Am13oNBQBQd^e zty=j(d`Wz+yJ~0nnuklK&RG#}=Dsg^(=EZ&SHvVO!Y&$V&y z;yq{K9xXjB&NaFeHSe&`jPaYyCx2xt1JnJwOC^z*?`tXf)w8gO;hu>%M^>!pP~+@=Dz9MB{1yF(N^pwi%inaj_CN*Zj;rss+au|jDxljA3i7Xg;O&&9FwZc<9giV zmhmr6Joo79&5Hv(Uz8kMbEX^5=T-L>9R7_-tJmd`m)lBf|*zNP_53}RjmCMTZd)9RC`(?ZHqusL?#J4(g)PlW)VqL%M z5fus6lCQ?AyRQFatL#+qB>BVpZebSYd*6Flu}uAT2Fv@NSx8KCn%41oh2oX-=fuVf zHmwqsv`RTQd~p-+3BOJoQnIMxODE{e{Sw#GMa$DmgxoEfU(%la{Iq#E{^7*bO)Cdp zTZoNZ)ooGhU6y2ZV&{?pxL2?(L)J*)J@*BwN4Y#s1QC^WrzTv#NK_i;omP;XHfZxA(Gw zE%r4=8DSe?nW}pC=xgWQ<}BzlR8-P7<=lu#8D6~x4Lj(5m-E4b9xkU|NARX`oHM|IKSR4-(Tlm2`eucBD^Le9G5n*MsL||2}28b=82^62=FJnKkiK?o)ywz0Wn6{H6+1pIQa%y7jp7G~2d$cq2<)Z7Wr$$uo z-4^mv2&J6*OqXr5?Fx1cVcYt~n!?i2mAVh}5w-FC-@LSk#DuR~v4JW+s^?K=J0 zBIe@_=gfX{4h?@-+%;4k%~w5X`@lBi*zp*b49&wHeJh_kKRW5@eTkg!?`+0NF%n$x z7$%(BG<@i%pF_pmkW5qvhUy|S6W9Z6?Ck3l6l^@AHe(Gzvs!eBNr=Z2rtGN!G#U>7R?{B*k}*FwOrS%z@uvU8f&wJ*)@GlXB{1Q%5tHPQ&4W3ZAZhqV-O+S(zj2FetaDxLj!rocH1UvCjNoI=mV-`trOr-qZ7YXIwY<_fPIg(eC?|2} zkVjp%v--H6v0UhrH8Qu&yr_{c@9#@1yuM$gZkZjQ(s_mHgWMy@)%Tj0s<*^WDH)`( z%bH`tFMGLirOke$Cq4^Xo}7|oy49mt{`PWy-0^{Kj(a}W+**_AnDuoid(n>H2ln)G zob(DApSCt_V7K?~$}#1y%4fdF#g1d@@(w4l-$q~SHz&vD>*W5sKZQ=dvll(rdftbo zQ8p$vCc~~ASZuWR(zNGEm!qDAn)+oE$9y=faCU3egb4rWOp$$!du8X&#H*S&w@vz+ z^el;=OX7Nt%yo^hrUvor#MsS4CWwF1%BI zvvH|nPDyE@tfKnof+>~Ur4v+%ycK04L>BOik@$61c!POoY-A^qP zCAH0MX)YPLYST)YaWxuvkVsg1epy(Dz01dMY;7Ag&w1|YWvYO40hiVyXG)BRowmH( z$Y-0!o;$4mO$wh^v@&kB;`W2mz=K)8N43p={9Bf4DyQh<)0K-vt&Y{4vGAzD-!Bf_ zv*Ma`?}!yw9g8^W3W?L?Rq`{ks8)GTR^Cm>HSTC`(kyA)^#NZy-)pjA{Jq?C_el1; z?k&h_m!f7(*o%f6`)!=Y;i(?sX{#rueKO5heI~(A9=6c*xn`=ok?Y8~!UH#6$!E(= zhbB2xPR{%7y2)5!Ow0Wp7P>~w?-$~*IYQoeV&m-FTZ^{Js}A=2d2x{pYOhInk#Di% zMD~meaoaP^d$PX<82fEB=JHgRE=PQcmwduHKR>W^3h^bbSNXGuo#MPOr^JMv#$PU^ ze{~9f8t+~e<@GRe;^S7fDYN%&yzXQ@P2n_P{^T~d(=Vl3>^2$qq$1KkzWn^X`|I{a z{e%Xw!r3i$WsU2#!*I=M%Y}3M4>aSX_^vxr=+f=- zyPoqtx5$`VzN=5_*KH=_T1<^!{r1-OL&NWiTKRZQSZle%^S_v(J=|W&4iInp@sE-hF|;;{x7`vrnYi9B02TsdwO$ac3-- z_#bF7D6;HJi<7%Lao#59S^hk?yerlI#NR__-R5%7JwIM-#_?KEnzhbk2l?Kz^3CyG z#VU$Qe9DyQseXNWOTjN560Xm}TQffMCz=nN6o2#K5)+N_lNn!S>$blr~?x@qTZ@E7qM#)xd|Fy8m?cwB@qH>sZ<2EBGVQo3-_O+3D$3<4f#_bxGE#Jr*R~ zTr+9K4K-)p5mR?l_nGGsyZUzsoi;EjGDT2gnxopfF1^5ekC(Au&l!S`aj#2lrX4v` z`p!1mg|$WfQ`P0kU%jm#Jq|63zrz{Tb4I%iFGrd0LFvkS=3NfoyjVP3zG!rxkGFU4 zA6YshdlpOg(8}pA^ouIXisXM)TW`f!s>kOh76-lt%A8;u+ntzgc0+FH73- ztg`cF&%c8Y-q?wfg_PtkmPEBjn+-<$7T&39IpvK~*jMS6!8*`;=jfViEmo}=^Wkxq zsTRBYu$Rm=N%L7!_VoE0#k_82M}Nw?HZ3G6;wf=&lQPOFKf7hv^vLns?z|lR?yX{x zhkfgLp4~UH19ruGJ7iw3a(G}L)v4fFu1QqmmA9u12#s>8gz}eet7+d8eZ zH)CHKVeIGiW$Te++c%XxEAMb&t;x+6>NeRK*{xV(gYNF1=u)}vWQ)gd4}Ey|cpp3{ z@AllYPPS3=&Jtyu_D>F4=ZRKFE1PGZer0}jT;A)2Ce^0LhyyJ?N&F7>-T82B$1w@B zZidb~yLMxeHJcy(s=8{wxVT5$^4ni>2j@1GR1KfFev)hU?VX(Ru8~ErvMt~5Jh`ax zexqtZfA@kLIj&VkOmcGizKz#itd~8MZblEyiNG73dDYk^=jlF-(%jl`E-l(}BZB*| zmFolL!Wp?8jEJNn&D0k|xk)$Pw0_VrqiI3LgGnBh8&8_LCn~SzoXPt%A*=Ar&6|4# zYeruSJ>7oFTN`$cm$9GM^uDj}pFU@qHCFm$N#QuRyIrPYPIphf@@Rgy?NqmnqOBg1 z)n^hfPYp1>v(+rKf3_&0xzE~HF2lL~7X_`FHRa=^C0`wUJ_t_Uytl*jX6eyG6Q3 z&!I4V{)({4XB@f^(ymjRSEu~uXPQHMPMYNowtc(c?5<9O6Lg$K2X`-$!N?Ac;xw8_U= zz1VEFTZceiPuUD@5YUDkt9BP~Y#@Wco$eQ#HC&e&{2uqe`@jB)pO`*oK_LR?wQwN? zEJp;85+g_{ju4Y&U{A3UBT$MJ1Yip_A>cD?!V{vT0+ypZ5hmv|f3qM+O`psrfco;B zc+M;_Dn$rV01?r!ql>G+RpcsiLxdtXiM`0l1$Grn`Z~C|yY&@`-9#=9h@+#c#K{46 z7CSlGBla#%LMK;8dyxyp8}4pMU!glocZ{_FVmsP9+H>vua_t={)#U6baB<$c;`Z_e=Qof8X zOz{1EJ-tVScyk?j_B=9%WKmT@MA3*G*6IxU0&kRnA_fQegHz{O1Sl|Ct5ehtpjx0B z!C{#U(z6*vsN`}Ok7Y6c3ZM{%7Yz%c3i?Td~#(~ZGO`XDIg5DpTDMUxOQB#foc z_4)=&(}&`d(J*O4KuQ=Vb;w5}GC2fM5CRlpt zjBXXFwa1cCPoAT_xsLV@Zd`Y#zJ2Lqv8*6pg_yz{q1qQsf~5!)ilYF!CK?q**FwJ* z6$nU)V`@~4h;WE-gFVlIXV2Dx^+M>ASg0=W0T}Q_ ztbZ+lMp3PJj`jxE%Mjp70tAwvF^KLKGFYZW74#)|5GtpLhDjiW6jj84JHhC~WB#3B z8ut(Q0?LJBBe?Iv7MR2@liS2Kye5Ay5-%e$BFdy+f4ZwIi(_8nX|!TAx$u zzxDUy@-Iiks7n4<6u=+LzhhnbcXe|5SN{Kr-(Qq}=eqLj_+9yTuUp*pTjK9rOZ;8` z75~5a_v7+U$YGi6Z<_z>$-lGfzw-Z&{QepFZ`fS;WBGUfSN{Lz-w((?^Gffr<9mX2 z@PF(4e}@Ln|8;fv*Z=d6{9uIwBlRu{5lkXdAhTXD2~+E77OX@KJvFdWse5#A;PvI% zvuZ8Y0dD|*MG(y}AtU`c5UhYO;Y374a_IxpF$F9Gr;39myBt=)QV?KZE_`G`kZoYF z*N}h^JNiaQSOFn&Wi(8n1cWIdB!)y31S&*jC>aY*UB?seq=M{I9wG-=FsPm-Ihv5&rN5@O}O7>}v09Uq}Bt+q*datN;Ir zpOqCfOoj3+Rac83F&vg6o-&vqD6k<0&mgA2C~bp@lj$I%J*hG{BGJ!Pl>Vi4 zEl|U_P7xc(DhW#oKGkOcinj5!U1RE^Se-17`e0ZPM8Z<-jL#J#LKIeT9qhTd0}J@^ zLzrvcVLfqzFc~U}Wif7ka6tfY-rEe8Y2aAG20|rF|43L0p#)?jgGq!SZ8+fGVsIBd zRoquH0waTPgg_Le4Gm651p%KwNhL&Z1wtYO55@RmOhoWi1cGy=DpZW{K?4NeN{J&} zrAj746;dw!4nU$fK!>UTGHi-&DNsopD+V{&!wLw-aX1#jB=tCf$54ZQg5)ZKgoMDr zQ2`iq3Z5=*LCv#-5~l2w+WjIL?idLZlL)>}cDPDR%+*-}e5xmO=eSB7Rl_90)s8h^ z+gmHpUmf34FTTgO+U|gnAaNB!4O%Rwf;8Y(8W}nX0jJF)2xXJuaIIh*rhu3`d917; zUlJl!xPpL&3=Z)Df;nPvfG;FQges|&(hsNtlA{V#j0g>A@jYvUDa{296MQQQJQq`N zg)kA#)xl*!bQ=N)+{sP{C`p`Zk;FiZ4+SHm(_;qap+qH?Y`|z8A#DjWA;a&fn*X}8`ERNlMg(iC92!4uOMgM# z{B?!%_p2OTkL#(OKTHNTebmu9yw6A+E$RiUv<3MB$4tn95=)s1lV7EawB2h$18! zm5@v#LNrW3gh)iM&&9En2UuLm@*qqQu1Y2Afe(9zZ{Vu_mJBqd}uQQM4Qr*Dj%*GwXn1 z6q-&gLiRw#hXRlgEF%$ILCqC}C>jx~WC+fI5T29=u_*&^5}Q}gjQgh4!D31kQo4`J zcmoUsQLd7as8WV-b?wl0o|V2~N|NaLCkPYQ7oY!F`gLhEA{ruSzX59LCI-raU_lTw zkq96Mdwa@$G@vDTqsJImqap+vED}*u(tnPy{yjm1=E5{+K8tz5G}YjAMkyO=e#Rv9 zK;sB3j)jmIlmPeLFc2UHB#$zizz3SQfz*ppf&xm=St}|Mqf8}H-Kx5awSmCU9-8{Y z$V_@aKok+C5FtvihNr6VDWd4cj(NvY65vWbdcrWYmgsBM2?)nz2+#x}wMa!3(Ozv$ z`~5#Re%SmQjscJp(T{_gTSegt^9?5I_!kQ!fvE_f1W^)_V`4-AVG0g}NhBO_nLCL@!b+tqR`;aAQIggQ-~zJ-Eb<1thk(9) zd9Hk1r65r`!lhY^tAS;_Xi_e-8W!rw4IAvw_4gj_?N6btN6r)ACV*@(iG*3$48<`y zJyEOVLfSx!s@2gbNQ_8;!iR;J8sX5BORWlIG)6GXbTFGl!)l}!O$_~vG*<_X@)l4Q zx(K*~DFb3aZThkxs(}za5Iy1TX&AwJppYl6tZF6UQB2IEl%#e(0sWxFL#xOP@qz$X z(l=ZiKmiI3lE+3Gyki7Iw`2xNQ^z-ut%^XzkcOI+qx54(DH{r-DD4!b`xa$aPon;e zr;{&~VM4wf+-OaWvk_BpB`8jiTwJAqY^imW0wa+g zb}TD{r2*4BB1kI?b^A<#f^5NztWqL4c%^BqY*BS zVI)^O7PUIdsy`Tdk8|Dr>BRnjhc1{|4Tj`fL!o0l+6Xh49VpwDDy)4)Te|}77m!s7 zw7&r~`Wplj5KQN$q6&gUU@;}0X8~=gtF=+s5Agp zYF869`!UE-ND;N6jfQc;Gl20=FpEvC69*;5LI}pC#NR}8!-4k&tqsPdL~UGPNTec2 zOb(`FgY0g^kU2;kRuHfVe3oI-e+=C)SOzXLuEVQZ1CySa3_8P@2ek_rxNK+<7o#Fl zw|s-;h|ClC-KpgR1uTwDM8h~D9-@*+5S(BOAhwIWeZUZQJYY;_<$)1fR{;5knPs9G# zBOi$CiV<;rIu0hZ29HohLe%^Z3P$R$hXyOby0!j*B)uD^1oe_9u0xQ&!ckUW<;!KJ z7=lY;Tp_}hVXznxb0s(?=Yj^g7#WS=TrwI~fN6-iPS*esg;8BndNahLNLrr}Whe-o zsK{tUL29k4Z?Y#?z$xgsy;2$(ErfYYlUi?@01{)sQld@zx~2Y*`SiuV%XpAd>LY|} za|tw+3j!$gy~41J{y&MU2ok)H#t2gP8WaL=>J*U2>hld^31A{Q^mXJpxVrP~dG>rq zXGkt~p{GZkCI!BY?};~UIghFz4f_VigXKm2F0!m@gVtdn_ydH#B`~@VRMk4r812s7 zfNRJFl=?w21&jk{BU6CcZ$a6oFbRR_8xmp|`6HvQ1yOgz89_0)h?Yi*C$1%PEG@Dj zG#on4CXbDz-bT{Ec|^1Tn#u&=Am%!2B3k=`zO2>@g9uEHkkP0@%40V~(;w*UH^;gb zj&*UaLwwrk`=K@=TS}#YEiF0^ApsGHfflEWf(FAUL9h%1p%nv!Ah1!X zAq?xH&KRh*CgnQQuWnfZ_*!fFk{E=4Qj0)91?2<$Kbkg z5VF9;`t3lp6O__QQXCc`^o`Yj$}vI_i&D!3Uy0HG;ah2;qL_k;05O8&gv`+$P1g1cA1aNV7a%9zxGy|sx zCPsoVoMgOfTKmu+gT+H&8LSW?I2~%#mNP_w_`#s7j!Brx1XqEO6vLnjsrDV;ih{_c z@SzaaM_aWR3K;Bz=skK6tcayn4=BUt25ESVdtDC400lW7ff-jG;`u^*XGD}bf*fs5(bj1nUVR49vufaz%vfMRTT0!%5OB`At7 zM$~*FS{_AlOO&f~Kosq&0$~j@8n_R}GL4}Gp+d&nHef9?lfDcU;xHboTU+x%4TA6N z;A#g@)dDm?`P)GCg$(~>Ksvd)INNb3V6;q$K+=K`_}CysfvKd?5GtuNpV5JInGBJE zDU@29MI*2prKc2@E@C9mOIVaXjKt`5no=aLLcm`jq7K230?|OETq)6px~OkBBFEHB zcmYHT^uw!@?YaRJeNKkHjVKVog52EPApLkz7AKfsJ@wmQL3LmzU`p-QVN@Z-a70W| zBdUHBPS+`vfTF-m5T(ToG)hOrY9rZ@6DNqyGoTh4G`S!q2MVH-pscJQUy0Vi&8d|z zMSFhx8@?LAlxM=LY%aT@Dr`1~8GT*sMH{RHa!&OSRY)0Fl%Yzy*KI)%nHD5F%4TAk zQK)1x4y3^9H3j0k5K7Q)90DOZkSH3%2s#3!gQag3!Fdp5D^)sDqck`ygrmz~hUmow z1P$}^=1`xYUUc}Cghi7;j)_uBNqU}bfIkN7a{%b{YHLIXSql~A{)(IzM8rJvReB&Nd!r8=%Q^d}Pf)C5d{KtZDc z&2&){?F6jDj8F+_yliX$8g&v6*<3bdEr59}026Ds`f#CO1Qv(kD2W6rz(hu%QxE~< zJ`8QZxS-fmr4+*?5<=oIiAZDXr2JE}8A)}B(o-M}lO*T~jWGOF-@o`{Ryw8YaZCn+ z-UI`VKuEq7jTD!lu|g4oRU1u#&hQMzKzdFn_^i#TGUz}6JrUQ+gk{mQvp}19B1Sk6 zERj$OHkJdCm<*w9V1h$0h;S6cQ8HFUQ6AEIfoLZSMo9yKO2H8SNt>&dz0Ie=fJirG zZSt+C{}PA{u-tzavbL{WSRv-Z3KHdN-~4ymp{6R50Ie7hl`BL@m@7eGQiUV`QG--V z+QH!}aRiYonP@20eh5Q5#*Ef>k$E&g2zcQkNCpcLnbzp8Z-y%|vADl7~|@^A=+=+WIafzB4UMDjQ%~7 zMkIj7+K4e54rHUNYeRLup$0*4f}Vx+OPu`77$>xzVYIWf z!xOo1vUWSnky

mA;X{8lG?V%tL7rE zG^MI!8xp9d82PNe!2zJ8lj9npA@wx4BH#BCb>w`|50Zogs26&f1qR}L+lr*A=~$FV zh($wN9A0mf-Vya=Sku244BgZyLinz`MmBw5aLOCh?YAG4>ma!y475o=k|7y9@)&Dz zVPvIo%wg_~9N)b>ed!2-iXA!$m?j8O9FT;btPz}HR3uG;v$-E0bgMMs?V`N`9m?oJ z-~smK^aI-=iUohc)CVeqR_!XmY@rbl53cEa3Gk`FRpCM?%*BiB6&Bf7)aypJ68&j6 z&)_Jl(kshL5@9MYNNF*k;UoFHe`Js^h^8TN8eUtzS0)EE@+X3-V>^wT6cMLZ2!t=o z{;CfKvw%Dw(CyvCi?wP7_6j~#&zQkdG>u5;+sEFA$0paK+q46c{n)RRbO#2pe@jL3 z76Xz871>6|pl7c@js+>lhd9g(0uv{>QTaguKr0-85%mT6K@*mSYk_CZ6Ma?N3eTca z9Z0BUfsO^*?{Gwr1U^mvNv+kY+AkvHZqr^Nerp`#I*)Wp0#?#wuF_4ZvC<=D#^i(Xl#>k27?6+QY{3aZPf`vF+>e0{Rr7+3Rd*b;$b>UDcUG&|=)Xh`0YI#7 zBjBou>9PD(Meuy|bd;ZFYUUbn>(HUX3a6q)f6~iANL-C+NDlGtO5n55u}QmzM2X@T zQnQ^Yb1h$o4skn5ZVZnM?%y{wG}P3#nqmE9k{kO*28W0C9S|G(Fkq24`$que!I0b;fT$}|<{EGswFQ!CQXqm3X+)W-yL!I7blA=joqFc7&MbYp7NHU?Y6|#4 zr~!0^^z>;gjUXn4>7(#e1;oZ(QI&M0=v4Q0%;K-U>-6X}rtNIpbZRiu~x z4oGfLl94@1Pz%ZPj6|3;YmR;sF^}9GU_F?&)vqTmHqaPIPIQda2nauvJ`h9iIAr;# zG;Z2eVk@GQ(SV|y$D&#i0rZ0cG_9+UPBQ~NTF)$^M_9HuAGq^a)ljm*BLp%y@`M$1xTqVH#M!5{31+5e)LE_uyLDNd5QX&hK%|He(K-VQutI_aC{y`f#mEp@s zm{Hj#B{!1}Y4pym2{IYHF1iS1RxeUWatlPyP$DduKBh^UlqMJEh4^{UZL;A*4>KRH z3%rBOw{`Ao%-fdEciOh*{lLo@HtG~LY8tX0%h)6&kcwOzg5itke>Mg*8j{;_5Y5{uw}CGwLmsH% z)F}KY7ge=0M7;DL*3#Qc(hWvh&AUUIaqJlO(2o_z}qNe_1fnBwOb!J=(w=%Kj z7dFm_W;`5XSzdBi9Z-R0fG=76M66dR8m^BRz7g6MBfTWFj-UnC6@?wPAFkrMGPp<+ zLX76WpcX#nDLQHUIIl+NW>a3Wt07O=_+*c7k%<$EUpLFd&vgF?A@u5!%e+<4NO3VV zhDnN6Y&Wa;lLI5vL9Nqo;=NX5oK_{D)n3#LXZug|(t#J)II$^4taeTAx~Y#=sG+iZ zR(rt!1{&`?u1WR$EL8QK|8>|;eMNj3YVd+2h7n4!G;Ph(iE|F%V9_+PvKkk zE7E8!1cSAa5a+F8Fb86sbVqA=M;51KyC)y9<=5>3+J9yjPtS6YTt~4;DKZ1h7`envHne;NRos z;*lkU9DBV(fLNgpF&ln1XDCY-J0nX@IiV-;e$~Yn2Lc?M7)u`^uE#7LG}$t+(`*<6 zC|)))zd34gp-;IFT{OQ<&h)A_$#-V^IPL|kV&Eo3kh?BmpA^)y&elhq8MpX?PPQje0EDH&Xilib(48{FL)zkE z35w`M>-$K;uZtK_K`Ji66aaamz|WFRU}CH}LN|elvF4n3<4T+Xi*6;Dw4LRwV~z6t zBzm^fiMZBloW~(V=wl=gkT)_0k_d|K%%OBL_|U=~j{PB$Hg2mU-2xN%ZUt#G&ay&_ zw&SPwv6G5CjwDRNw^ImWCfSb`HR_8x4DipQXDJ+>$KBA@Yxpa1mPvLzD%fY)Eg0&j zDb&CtHj4;R`E@(K&k7F|c$xB2re?52?ySaak49ofi9(G6_^KC?hU`=9j#+BZWd07^ z6^8`-qn(C5A^Ci0MY|Rn3iaUADknOf17AA}>c+O{0Z}&`)Q!4KTJQI>N%l>+$MdX? z(M_Hjbx0a6xm8T|hllMhtjKz>ou2(=%uuv!L#)d2$+3>u1xLYWvEYp6n+=p3`E4dFbCM~$wjKuMsV zXX;TG&N8P!gn|b5Ycd9;Vjr;-5JspcK}aG-fdcg1DvdN|sfxNBG+Z&Otjer9T#{^8 z-QHQ&aF#d+S4B0F8>Ds9$ec)S7%X)-^$)~t@Ic5**0xFaVr+n5c1&HWhK5(|8xWPE zE{CatR7OhQm0S|6BFO3`(_bQiF>;HhAvz|Bc8nmCe7#2I3? zjEnjFYUtANs$>LG)`Lw@g98fPYE`lus1ezCZFhdj^ry_Ayd?U9x7x-;o}p<6hm@lz z4GnS@!7O18BRPD+V37tVjO4x(k-Ox<{@Tb zr1^EpjtBZ1K23hgDudgu0~%g+0N{98zwROpg45e9FX4QWI9NchoPcSfOlUL|+BZkZ zTtu=z=t@HwBFYjoriY#4XOlw1IcZi_AvQf*(5&*DeHv;TJl_`MTwsVm4PaE+7;*I4 zhNy8~gB?5LgB{Zj zmgR9$hKn9Y2dp14(U;qg8MQmpqsF+AamQ?Nf$43_4#(lN*x&-wqw02-z?F5Us1x}j zskg{NB1QYJ@Kr{-y`>*f(+>}zR8L6tVqgXhAF)VAjAlwKM$(4A0;$eIdY+%z{HH4^~EFFt`&90f>k{cCvB&( z79Ei?8pM{^NomlQ10Lzg%oyHxC^eKCN(~zWqJ2;S!_vcvkDKx3FNNy5@)v|3adk$j zu3$A}$@Ky(Ac#X%f1}PK%ShRA%MH3c_UUAdQp*S7ClJUVh(WJ{2qt3Z(>OKL2en3d z3D+l}Day8rrcel5gXBQ0eUEz9wK5dp8&Odc6AcD2I@jLL>_fIYzrZsdcBfNCEl81C zAI!qgD!7tm7YRR@3(3+dz7mbCWaDiKmlwXkU>Ot#cO4zvH8r@aNLNPacTe#RjZrDm zPb#^=z|qmILm!+1CrC7qZ1CBT;qfB{v4@V6qzhpeb9gM!LX+%=22lR_91luV3xeQU zAnpqEDphw?sReRiXy5*e_7A0(+||Lr9W1-Gy6M5eVAUNY`nf-7JA;-R4EnHcVkZDr zv3!tZoJ8*zOn(W1x^U>=g}wCOgze80cU8_0Wz&biNFL4>kIrA2D- zPVE_x#O6%4RLT{mGkqtnJuy2p_}mk77o14;Nlh-knEx5~@wMpFxeN3kLf4n{UUL>Cd(n2j4>iZE60L7Zb%C1g%(Ig3%;&6TJ9e#6 zYgq##i}-DL*RIqa$|#4?gMIXYWUtB6Dy_pEHY4-&q=gc-YXQ8yzcR*5Teg zDRSGe5C0Z5<=7R#r=0Y%d$;uDa5%uo9xUKK2(M$vX*TPSphHT^imC`>G3W@!a4Q(q z&R`5GK!jWwk~?*`OLPCh=N`K7BDOLE&#n!wF4+OZ4mg7q&#eubc;yWW)-j|j*MV8B zf+{p|8eM!X>X|k^PU3Im*u8s1s2pgxr>=1AIDoaf>*0i7tSAKwhxFL3 zlpTOs5qT0N1dYmX^xE4@+<@n6KH3BooB^lIun;+dQ}k z*P?a<@`?jd?=&hTO~-z%y;d;jhXt5g8f&9_V>h`^d}tvZv#$>qn)B1i4Pj7C{3jns zGi?YVZTwz4^b_agTnb6b+D9c1?fOjg%a-!yxZu%0?Y%Pjdu8(X?%1^NaKAuOHw&b> z1!j{%r*q7ON$7bFK_WMvbDc0y-NS0Q%s}*Emkbm1)#h5eZ$>ZODkJ)9pO&Kv!h8Y(R6%X(=5^10TwTs(0N?jQDYA+o2Urz$r{h!%uE-6q<+@d=yRjjW`JD6+Jggvvg*= zW+t@I93}KmtWon7+p&&c5f%+@YqkLW6QRRnmE^=`l`y~<%dUmE2@gv$km4$$W45O& zO~_w%RxdAl&&aZm%wpR#cGad3n+6!fwksjcJGkV0DT_#ErQ=u3&tywSGhs_%eI>*KGCMsb@i+48*U9(sZD&KWTgBE%!(Kv!NbOUH zQNGkR)^|-hru1#9Zb=)X`Kg(FF{edGeHV|5+)_k@=54)-R9auN>yAHsRh>?lOXfWsx;Jud_@&(U!3ThlJM7I%u)g?0^ zFn}eX!)}XRC#(sE6P@fC^dL#A#x5;vP=Hp%g<$t?-AD@1I%)=Lje~p<989gr{n)v!1ID0G5+QU7xO%3L919EwzQ$QQvy6cN(rb*Ni|VRDf{ zaPy$GWCk3;j_@H}UZm^tP>U`PZMjSBC=a&i^5B-cJg9WpmP5n8`lyLGbEvO7mg<56 zEzz;yf^9k-_B}=#cMiR=&~SoAhtQ9a#$vtLc;6nEdziWvmU;na0QKW4QebAlZm?1` zPFMh$6l(y3U_4vOP73Wwb}O>IM)OqfrV#^5@e2Am4z;Gghmi%ny(}gK56E40uuSgl z1xN7xldmaH!5*-@tWZkJI-M^aotQqte4g?}gz%JE##VhqF_J8HGp=8*Us|t2`6^u0 zEjCDlrXdOX*n6yFj^C&wEeTp6UldB9Vl?9u2P+4_n3!}Nyl7j(TM~DuR-she@e;52 zt<-@=%M0(hC!7_tYFn76%DfZ+t6DroYNtgif*6`Xkx)wsb?(M3J{Av1_`y66*rbOj z$2Fqm6 z4Of@YZ4Lm<@k{r41MFIi|6HC4I_?Y!EJw>hGfnL6@LW?iLu}B`>3ZOQhrMDya>Q)2 zJjz9EA0aLIAa+58&h|Ci$Idz_cBvYIn2QLoSq)|*y58qvvSqf-PNA3HI0LREzR7)l zno7h$FrA+cL$$YGoD+G=lZMkMw?R4t9}Fv^9JH6^EDmKyC3&JnTpgF|ZRB=0B0IK7 zzfgBNB72d%)reYIyoLbIq-+)BX;YDo+C4A@1n*`twKV>kEt95PSD!AFPMWG^Cc9iK zDa>K~eiP7gTMH2Hqh_@VEhOAoYV^G|pdHYy9xaRUu?2WW7T{o^n>E*MTWgr;H8uj>KR_w7YT8;q^42FAUNzwvvT_WX*;`LS#%J737>OPgnTUF^D# zPZgLfY^XSULN_G_nE6YGZ6rEU0Xu^e1qE1#(SAQi@k{}nC=gn>{s7?&G4xpbaoREi zliID7XvP)@3vX~vc>NZhHuZludthK(Y}ABK!7ltSp3O{1t24i#XJ$dGq}IdfIh5A1Rg z`x-nnOq!d_7E2SOXMjzm!ETyeBlvd1u+fh@W!dPLZA7gOPxM%nu-(d59r}cA1(CXw z!n6P_`ytW{NJ*2O=TbbxO>?J$WjDO3e%dK#M!Jk;$tZICVaSux-<`2#6m!Cq0;mz` zubp7cDc4za9~#!g<#ommp8@8?gWNQ8M)2&0J)<9Y%AnCN(^YrT*JRVtv?QTk)qgHW3;Zwr-5LMuNJCbD0Bl71Ye$5$xv*ddQ&&7h@|hKtIs+n_4s`QUI)ZCg zf;#$j$Ff?}alE+JVJSWrgtqdiL%FRR2o>EDz!CL<%)TINS%`y}m##^(;Rfr##^nrF zYztcKp$&cRHJSIQt1hFj;;zTwkg()o%^T{dwlDh1hCazvDW>YQASs5xeD*R1&oM+; z6|tb{tTXpcYWp)i2w<%qtP?h3{$K)j2FVv6eVEArgC*Y)jAAMbJPt#F!5(%7gAUk` zVDN_;7@=E%aV@ST$`Nm#@b@G)II)_kJxK%bCKRTWo*Z9}Gyj?AgFy#^As}QNg1|W8 zD4mEsgs)gJiRV2p+9U2jbSppA9`RFM^m=OXV$C=SlNVtS^0n(!*TouKJ`AW;m2omD z!R6VOl8|egSo$%hjWX>>$2>~%*>g74CPiW;ss;Ff>_FQfa!VWI_Tf$SfmBgV^9sq-Y z3S68&!$|Z3=>uRO)s29{6_at0jP39$v31k;fyqK<@J$*t%Pj2=k5T4{%25xr1l|bG zFP9@_xq-260An2-2M(Av66#wuJsQS^zEtbppjTOhb*4YLPjvXMxDCgm`I(Rs4axTt z&V*yZHAFgGY=(b7d+A)$xR~a|rY`-;H<=7bO2|b0`$?}-U2$IZjb(|#ZQ|yB5t1Ca zeY`Y#WFoOkDq2$hGI#jW%qMO}VBpMAX1NUO!CuW&`RMEYUi53*C+V$W#cWg=Fwh^k zs86QTW4|2VuGOog{;>~zkaG|Z3M>Hn7GZGAhu$cGVPrj0uf75yjxen@%FFA|2Qv+4 z`FzY94mb{`(QigyLi(2Nx~$4KoOBoSIPn{$vT4l+b`83XAd}n>{~Q?{N?j;>Dj|Rw z!!gzPEws`t+pky6b(!NRLFHYX5@?>nqlzgajL)8t?XBSixHzb?8j_@u!GH4&DLp%_ z%6~EYH*_khLRbe$agd-FCx?c(va}D_T{l+7ac@+YVByXw;bzygz#u-NC?o(Q2IEH7 z80|ac(MTpKkH0Ciy+nqj07ldwl@3QhQv593(>fn84MLy=$Z^d^e)?4J;vF_N3i*GSuomwDhv*GfOk?p}mflXr@J&Lybbr zgrbRP5a6?k6g$9TUKcG#x|29ZoBp0Qr0w>CIxE*Mq!Fa`R`A&!7iAGmJb}x+WoXhI z9AYm-{qzD_o|<#o60Fvt=O=8(4vv!FBik`9F?!srRY`-4k=&rX(oCx_Q~r`9T9<6k znlZg#9oOVwg?ahssZ_ggr)Vsb1Tze4nw&U%_0;6PxMo#*VXao(mtL@)^jfW2wH=xf zkCmYxo1dIGT*wxVw}Vi%sclkXSfpGiw7^ksEWa$zN&sx9;(~RvMz}gG`W#J;J;lD6 za4If>OQuH9SO~vza`H}&!fFkDltTSz!V;$@juf)kS-*I^SjtV!AJ0xr&QDB_=QAC^ z<6tJHi>2)3WUhd|;!B=~jJC${8oR!oC`#b;7&6h-A%cbaw$e}nr$>+p$qo@5gA3b< zpaf2jAQRgiA~;I6gY85z0#c8txGm{In8lijXcdObbAm5V<>-j>3vi5-S_gq=!xf0u z=#}IIC(BR-PfmI*M=?vG$~<4P6r@}e%Ns}rm<_U{ znP6#;7GV&MQ0~`g{k@cynhkmbH@Gr8d5lewScsklDn~emySTIL&)B$h6)E@{lS7DT zYPniHSZ9OAmB{!A=qXjz^&0@wK)AzZ1?%eF@e0D z%>WMmodxu@4594=g;p}E1kM!lQ|K^5LEr?jXz4XOn+a(N#V~OppAS1|%f;e=qFgM# zC0r~)7uk4Qu<3S9#bWcwnbNH-ur3yv5PrT01G-)!%5^(YiZ41eO=R68u2svm%tU;Y z)4N&a^dQev79*WXq5spfeD^e?sr87i17=7WN0O-(>k#p~Cn7Uz&v&h;)@1NykfKE* zv1TFa2_%h-A#dgl$AX*N&M7BpwGs9%OrAoY;Pfeh2l{458udE#M&|m^?^Sn|{4Qkw z9gz7c1aN)^7^WB46_b=2CJ7^z24V&ReTy~ET-Q|t2^VREq#e+PZIslu#!V4eV3|IN z>tWzbA7l%qiSg`cDPK4aTn~r=)zX67?ACVKIQCY^h{G4H8lxnOCP#^-{lvExHQS-A zN3(3=OQ4#$CO=IOLP307XDy>%48j+xG9T$kRqP{usye<5|KRXN8RKAT_@dO1*r?$Y zS?ID1%|DdsHx8xtrG^0d@31kTq^8p68p6# z$&D7wID6?_6W|oTsNv|bLLoO@V%dn%8?Aal%8#XkT0M=0*u}BR2TkcKFa%rn{gLqu zgok+=_b;6Ikx~)C&xk*(Etrl2y<%W`0Wij30LuZiL_8wh?*+DF2eyf={I$+hTDB52 zhh$L*`+B%P$A~_ia2swX+$8Dez*V8ZnI!kzswKQSpom25>oDPr zx#eYSeZEllK4T;g#*5O7XwN2v4`kWMHzd6h7q>Wx;Y&b2PHWa^02x&Sh|PW+*>-TX z$IIcm=-5Kmtc1#dnsZrUWIb%+nb8uGqOVhm8a}Bc8a0#)TIF1+tymNb@NoG!$aLV2{@hN8)3zCrH-;x^c*Ig%r?jH3Iz$(eX%AGn=NH^OuJlhA;Y41m?P8>2Bv|I zIkOAU5>Zo%QY2@3(wzxASM6g?Kjg-UFn^4je0;Lu@YxDeZSb?zB{aH;@nWVg(??x< zJg^LziG-wGz}PRtb?n`MzZ1NUW@o|q;rq;sz=__}9z;~;Y(ZWK55hYd4rCc3wP0*xKz817X$01>>+w%6ut5KYBDbdO6{J9BwT%Ey2JwSO&YF2cFj-KnMoS zxW)s-%1&c0%wP$uEsg*~li+EZ)f#Fz@V!ZGlDG0+(EJ2}>kd27NdUWgl}CC09%mk&$F< z*cR>m>Y|%}Z+M^o_MOsJP7%k+orHSbyppd)b*hC>W2F4}| zxzSR-Fp(?ngeId?h&xvy@wQDV)?y`*JguAR0cUvG5y(}{zU3u*1zJ1P!>a2o?+j#G zva@5@8WE^Cl(d$D-SJ(FA6<8op03l>aGmBxlSdq})IPk=VlXIodKTLP+eDV@&UVMw z?#^}-S;#xv9beTu+l{cqyX%M_)A30FIswkC32J5?*ghZyX=#*#ShP>+HhP3BW(lDb#Gpm|e{ejn={X7XpNR^2sL`u*&ewud zw&pCAh}cD2nYg14#U9TN7y1hsf|EGUB1MfN0Z?gFtB7EAThK363eIwr zSP~hE)0`m|al^FV1Pq-X?AKx0uGr-$iRu-RL}!*j?82a9YP9=6H}tw01kiKPp6|CC z{uyQvT*(CBWd1n&F-K%iXQb%xTOCy@+;>u2kRRk_@3!nMM&rVvYWqceX6j zH0-i{vTbvmg?@y!5GxodfcQI#_CTUGkM`n~t>0D>mR4t$Zng=%%?01BHUjP04Dq4v zY({#(Zo0LkHIAMLq_tMztzEZ>g4_u;;KL5X-KiIh#C zGjIX=Zgr)_rIn5gEE40SPIV_H>rLG7w2Vh`s}_y8GJqld!R`^mYYB?AE~W^pId~1y zRywvL4Kxv&l;s$4aVIp$OQIvs*CI}z@D<@uEY4?;UXD`@lo$r7H8xO z#St&oDT?f+Je#fUlMIo}MmNjg&at#2>}=YZ;VG^hy(Zy+7BMmH070xmJR13!=DIS3 zMe%u*JG^blYn!hw>c2=A*ckK{uzU!SiLAH|z#K(#YcpU-dPG*N=a^R|<>cp&y6!TF zqndj<4%58c1izvtVbLx&aKk z+67$W5n>!t*nDRIgLQ7u>?TwKQ;gc>aA6H&v@J!VQ$Ggg#4uCHkLHTSiRmMuUnIzn zgPB5pCRZpO2jdfy%$ot%5VT1SEuq_p#E-g4;56@~gj^VN>Q+E9Oy1fh>F}2+Hbaz# z^w)^4D5xZQWpPs-lkCri@T<0Cs`KbO)?It;-Yq<%*@wxRK|vK7W}fs-|}E(hicYfR4p{FYeM zc-u`d`%#sB;V>#Qs1cF%;*T~A2XLJg>CI$_vi96zvIN`Vxk$1JT=`dsFk0#N^I^f>4ZRe8uoVX};gY=s=rHZjTUO zZ4KoOo#95%pgCr(v(1}_{!inLVxMh1}4-W@=F;I7L2?+lK;c0PTK=CdQ zn{{B02OT(S3jh<+GJQn4rlTd`*4OjgCcn*&5_+DeG-Osj^#$U@jBE~MiM4wHwJS?m zyZHW0ZwqjGx2hSSg^bgx0&djBwx`fEtr*2+Z(h;H-_8=*(!wZ@H{w1SHIpeHP+On; zm6Fnl&MBJBN$zK(T%Gok)y~O;YeU#L-9NGDi<XNn1 zOCWMRYa}-gu*AVzUK;GWMYlY{qo00>NO>e4UCTtXZ?VyCX78eBz|HSpRTYu6=({+q zR`80^g|~0HZF0#0`4Apidg{V4)5#@J{6LY6)vw@2af##O2Az z;=Ej`2iI&oA-eT`jdZE=CXLc)3%EpmP9+@TJU9KQ2Dk+zbgtrO7!B%Qikay!Hkea> zifk7$Lxt6prpWVs-7}hU2QZqSIS!H=3}#cb`FG4oI+#=0(kL!eD**41DcYeZgj#~p z{B$WdUD9K$o9b-=&L+@yR@`NXxMsZJV2B;fAXftRX_Wxx7T3+RMs@Gbe0)2e!Vnpi`6tb)~coDtu#j+jt3)@+KH+MtxJfek&=-MWoyb7>@0 zD8Nj|VggFYi{aMSsgz>T&nnY~vl&T3DG46s4pidqC}-b;WH(K$n6 zddh!?SFI}Wb~mm{`_3+2`EWx^F6B*@=9;Ir7E@kF(p+mc42jJZN!!JmjlJlKyWn~R z==m`>YJ#168*b1-%R)QHGkHKA__nbh&U=E5F!c7Oi=M_rD$Zb?U$Pmo7n8huE}q2h zsd(AB?sa>tMz+VCG9m{1Gk6n8Cz{}=J@`oFC)xEM8Ss?50%MhmuAJ_1+t@3B!=?`% z?$oknI|A!xQ--!gxI8#oQiVl+D5b-osmzI?JKXkEO`YlFio&km(#raJTSEXp-gagS z7>h>jgm^`7k!i5cCaq`sp)sOv!iW}4L!pA?U$daDD52sp(+U1=-~_N%m*O*okM%9v z;=;n$ri6Q(HkuXcw1rlMU(1S@)|ITC8r6PpR}euvd*n%|0x9p>sz6HnP5GWp<*&>| zbLMn2sP0vk$Mk_mk3Jx8kB?j}K&t`tf|6&~07-3iIb0|A$39qu4kU%f8`z(639fV_?AjD>tV$jB0&UANDZy4uPf9u?eC}2)4my+Uza+UK0&EKTw+3RqnxBNuVz9){ zKFN(<@oiK5%z>+6XM)_p*@{(wO)$6^pz%l6p(1Nag^4LJl`WQXh0Alt!zqw@NlO;S{khFKP;f(1)Cu}aL*5ur+ zRjZYwz39?Kj`s0hDnhLJ5(Iu@LCUVj7m$*ZwS^LUO#8iI4`X!KP%$esJ+EJXEgU0AWo3-Y|j6Rp*RDKNX8smSMNYKl}s5n;q& zZ--xAD<3?)s~re^TL6vBmyX#cz)K39HY_*RcPy3~UHOu=K9=j}L2&-+@^se=LciK@ zyz&7{8FCxOiud1XcZ0n-S2H0#KN4jimLeAHJuN-ZwvNB(mBvw>jfFh79V6&S1b2vk z#8JJ4kw(3%4_xNWO-H2hVORKAW14Dza-dpP8#&$H`x$ha%_B_yLVZg46qCt~K_fl4 z=`oA)k>ynvTvrM64}zj<6A4_fx@4D^n9J#cTeZtXfYB86*yl7QC`56l67(7?P&;HG z;qVP$h`)zMkr0D+<`CX;Q-+Y@@u|s)>C3ych44QA>smp$(5773nbZgq>%N>SCOS3FBw#>jpCxHlLXxVa0{3KOYMj1g`B}2v_n78_n5S&|V$ipSq z4<_mvoVEd}`;CRFT|SB)&I~Bc_?PnGb6blHFeSSH>s7N1!KI9xBYQ8!BeWJq_Fl>+ z1pSKWHG;&&r5j`{%@NQ)>elM64*`!;3Uy;P664Y&|3ElKVOO3oXNN2;lN;jfHZ_S4 zIEjrAb0gA>Fe9e9M+QonSx!2@p^-l+=AxnxWJeZ)Bj@Ti2r_z}Y5c_H)CNU9(Ptb- zwlLcvh}rKUnPF7~JnUv0`#=H3gii9%2hYJvegVli!czhVh9kMjuT>q)oiV zGVMgPhS(fCQ3`gMc?c~byKDxoH{-b#yJ|a&akCPOyjZ&t(@ZlL0_o;7W}7YLwuvCp zX@VQX*&?2iOgzMvM+55-Psjyz!u&1%W|F)JvO#woZFy2dI7-Q0{79yk_D9UhrjM6W zVi(j$Y*H88#~I4!f{Ahl)3_-8Jq)t9NZU;}sg*!Sp?pO2Jv0ekI-QCCD!EleO+?PC zBF&u2}2)JsZbQD~kI}WnbV*q2&iSb)SX|ur#^5)TY zOlQP!u8~FI=ke0@A>R{}6jsDd3ExmC*%_tXmH8s*sTI^(U>R5X9E7W_ZMA!O;nyKAvVInLcQD6 z@~0B!FuLRiUWjOBZ-?nuol1Xx4g2CpEn8C{gd zn@ag|g`0quBbP%?6os^FX+*$NG1GM=o-?7WN=WLJR;5Xt@)}-$Wb`*8G4s)4&cp9F zr^}}0ixj&G<5k)?4VEXjQKW;0aLS2CxiBIjBdr*7N7Y+qPmZC^Rgw#dYE{E?wA5m-AG-AZdal<95cMn)k0t za1n{{w6cSkD0)RldyK{lA>vI9a6DaLdO_$I!bPka_E5?eN>b$^Z25@;d|bmS`}j3Gg}IF zlQM0AxWqM?9uP#&WWgUz_Qj+(@7eG@e=WFaTDBi}_5wyh`~8^EKnGyWGqoMtu5-0# zM*8G#p>WL(z!1r!kaPTo2Ypb3fk~_twomjGD>0crGJiOCG<)SlzA&F18=IfXm9iNl zIX;;^GJo7iaDTE$aX&?GAby;2VF9w18CKE5)$?}m26DB}J%+WAT5@a9(46NxKb~v% z0gDYFW3`o;#n(}18pZW)v^ZWR-$@33~3RZt|+)bxh9||-ut*4m-=*C2uJ}& zuWbH{(vMY$7sNZLlidcaK+i|g8qbu_;7am5l6uB==sraoWQ>EUq12ERc4V%pZ4Rkz zSS7CsXUr`xLoZ_>;0OEneHeh%Xp>pmWXWIc%(e> zX97hGL%;L3g2t@Kq1wmR8#+U)YmBB3R+kldER2vm5bz@p)U_r*<(2nG8-C!{s8*@C z_-wMw`?zUS{a2jGhy?-bbw^-;7J1;7-D(&rK%*304`Fz9tvbs7o?%TD0cCHsfH}kA zN-CI>lM{!po|@c;oe06;;2QR2?MtVN&|85X{>LuEG{9yBe#1JX@}jklYC9FHwiF&xnj(o#m3 z>VAlxK6I=CG=0~ZS@KLDc0kpl`pI_FR>f({Bvt|LAfdIm3-tD2)m(!X>Ung@^g7|< zg8IpJ(_6)9%k)+OZa2L<72N%>;4e5nHzAz)YR z8HK3ws0e%uT&gNm60f#XMdMgjuVJdiG?Yd=!oxB8Vwc<;(c-s>rQ=ATaCR)E+A(391Szt%P=mgt(QUSCN&Kpf=i(l@Oz0cexTG=c{d6 z32`J)RzfVL+O34R4>!9KTEJ^T>#kNpY!~WE(D%0Wl@O}yx}^|*tZK6s)FXv{F@&vl zay3LwB%50f0xh<8Jw&OXUl1BUN({wZ`)?joibg*MI}dZs2YA zGLVNIvmzAQbhRNDTAOQ2QmM2P&8I-u0uP1fkm*?&41VF_F|yV zi7TZX?jpLJd$8(500b}hZpLsTN)-?p*9qgH85uAAN9~!Bk7NTU^9__`NkqjI4D}HM zzAjXY_c!V`oFJ0FWUX9nSa1wh%tke!c48@_)Xo^m3uAWX42YLz0{7x6RQsVGYwOV0 z@NoqR(S93bz%aNN*x-_k#Q%6GO#{8U;DUhx!CP1imjK#3Y26*Tk+ivcdbm7@j3XzK8)Lcg?6Jwxd=~qV&(Guwr6%*ujc;8jv6gdlIBH6lc}}72rf*rgaAy#f zqq4gh$&K9Ar9yUoG(SB)aRjd@D&urQMVK6#*-i49dWeR$)nRE@c&J_|`Z8VGqag$9 z)aA&f9CNlQt=A*#I^^j%7nm9Oj^co}(Uit?d|?}1U1)kR<__^tjA*(@3tBa{3LQLG z`+;hc5;cI~p=PUZ^ykIl;illw*~{;s5S5wgs>+NFEv2cao8V!h0V`aPfOyA`c%PHb z1eX5pMMOL@``qnM_UTa2k66w@TMvtNo*vzgNCRS{El0I9*Xm{}Vj2Z)og3OYS#&>C z4Tz1lYk}!UdK=jZ!_bdZFnvXa8od&4>vyo}!AdY9qt%;QPQ)8q(0G*rD;|r18)|4s zIK#CvtW#gQz2V{nd!u(Edn2}Cbb4+@Q2i-7-cPbKGU}nWbQ+|wEq#8vj+MVYQFiqi z>GWb>*d!ENxS=8@)YdAQ@HhIUr+%u^Gh>|Si{s?J6Z(%sx=UZHj6pv?b3UALwln=# zvfygr_esJnkm76+C7W>WMMDRM@GveKx@ee$-|~|MdQ2BXL_^W}m~8LS!-_w1#HlcP z#YCsV9PC_$In=F6qSs+ss3a|Qm>7LTR$`*gIxW2*=vEw=92BxK=35)0U{!e6f@* z9V=#hk_IC@C#kWH+0jlu6GG)<4k1Qz!{*@`BH5HNwN`lBsg!L+Tio1sq1JVz5_P6a zB!E;%U2sXmI>KJzsJCRUpxr@|x=6C}z!KXB*~?~_gcVF66P4@>>JNdCeM};pzmpOn z#*Wu1k2A^}j%(1x8FC}t>)l%2^q8|*Ko5n|=AJ0yHZVR=p<;W!=6o3CJF(fcYiYch z%C2K+A?j6Ft`{1 zq^j!2)uf@yExw1>wftUF_B=da*ghMQ?I_gWD|}Egmk|TV4U_?6IaHLmLg^h| z*D$N7^95JDGTU2r9pAQ~w_V-Rqa|KVtwqR2lnGmJ8Ur0{dT}tLyP$v~c|bRG#Y9*r z%}-^oE*&l8vSY>QJ8WFk+7?@h1+=s0rpF4oY%xDQbF`2x=AxhrxykI+xiR!?^k}xA z>72H>;#jV5Ty3IEh*|DnLNsf6>oXDyG&&^$lH@^lR5vBr(fBFJj&5>FvZJl0Bx>P~ zUEInN*$bk}Tepgog{E1Gn_g!R^|U^=(jI1_?_s{q*aZwReu&CYSk9g3L5Wa5z&RO9 zE>WVi<=wVV|Bh3#I#HimD`9OEtEe47JQ)g59n`vF+SSCSj|KE-u+y46QQQola~fv5&F9aVPzi)k~FTmL%0?$>EE zo6~`!nq{a72~(g`hNh)sS}T1>$U`N!!hAT6wC_+)5zLK9{XPSlcNlidq-D_$VsPVI4ebwW^9O z#!hyi8!ZNUMlPAl5S_)tw9&wJ0+(?y-s929<}nuSm_@tt0)6zdDA-1=4aiq$ot*`S zG&Mwt zBgYs&)S8aCj2_z`HmSnMQ@Ue&#G}}5*4@U?QW2sXKtvf51PRrME*gG}<2R`hJ;w1{ z<#@17Mz!u&kE~Wj?o=WQl%QNmN*7nGOdmus+%f$svVU$flblIL*bWAGsFXBPXxsHl zRe#47u}z3)%T)|^zF(c$u3|j`tnE&9F9~23XDWwFlf@XJ8!2%-oiF7^z{H~C;^2?c zWKmq%4HAjO@_p?EHP^B$>sVPNw*VwJSl|NamS>^s^Z!K7qjtgD%poL&(=G=oW+WgdO54G*BX;fY^_T5>T@pIzK&=6& ziN?{c)i&FhGCC2KlB%vynlI(2Mzf{)qovYJQIJW~*~62$F$9m)SnoO`U0cv{8d%gz zG~+7}%p-!_73f%pENRtRtxBEe^X%cy`e3O{MtuhL@$uY4S|10`U$@#Crkl*0E6kn| zZfuyEXs_Fg_?)sP+5;h@m$L|Lk{(K{$85$=fUhVW-uwhbH@1!vSH_BjO)z~JPEjby zH~u*1r?8T7^BuK{K0-D2kc2$pkX=#9=>yY)+?y~ibHH{`Qo$)Z+HzWVWL6_*u`_S) z)=vsO#GcWKk!|R*NYF|;HNu1Bo7Bq8w!t91f-|nn21xitHYYI>6{i=%pAw?s`w=-O zh6f28W9JT)g1us!h!qoB)eG`YbzM)Vz09pSY7=La8^@bTR^~5EG6Y7{0Oc!+Eqb1{ zq6r!3*0=}LB(gJvG|7&(r-{H*Az>~W)(}SYP-M&=YC+r(nlmE$t{5MTIs>U6)> zIBb=jvRfye=*q?~w1jO!F&}HAO}f_|$+cL_krBV{k2Sgs#2y$UCHu;vlaw?<%?Sey zRjXc|`7yJuH#^iRp52q53#2r*G5M;mu2skFY9x+&jXd@WX4w)p<@fy(ZoTD3x}tH1teg$6zBRdl~Rp<-QBxk@~a>aLu`( zd+0)mR0e)ClP>^{azOrADOc!<3p}?GKu=%*Z8q&TKrkYyvVcizBU(q`nAqlQ)Y6WU zF+|D`LtAPo2&3uN z2ayA3oOK(>7VhmbY)3RP`SMHP93bE0>&&W{E-f_HE(oME5V!q2&H$n_H%f;4*6hMh zJFQp-X|PmlWh)mQ)0zpEEm1gS9rI!24v)G6t*h$0TeW8BD{Wyv2d=8`CByf6OqGTZ ze<5I=v!&WA_b5}l>#S1Hx|AeU1H9`Si*;>*I=6xs0iz|ZNKJp&l&Fhk1GK)DOlJ|| z3D*OoHO3v87qomJWJ@T(dettQnmgRh&c86f`{^uhEB$wf_Tjp?%v>?^b$l)Ka9a~n zk0G8Jxhwq(tRCuL;hipnD|U&U6XRC~?P%g-lC%du#gAoF!W8_PStVE0eTQ>LCZ;#W zi<$g*F=L!CjOIqg_4@71zKiWkrpGU~FUag0So9kU{b`WiYg}sVP1*y^VS0Nlk1*^{ zBMG*pzl!V0V??}@R7b}m0mH4y^<-4>XDX6nQZZ?x6D3~=gI|hCkXtzvlDXw`DE=&X z&|H?DMp9~o5JK+Y1JwA?NtojgxxujN>-3^F3?z+__%ZmvxYPg!P+Tyjl64UYqbX4* zR;c6SSJsG5$7Mfkc|-{lslwOUOtqGhCn5xiE%hd))>4tvPBE)nrs8^j2JDGW1j{7d z9$^(C=zI*PPQ{Nw;5;>JnLZ_09QSRRX#~-luLt^bE!bIwfl`2unlNQkJc|%(zPK3K z83ny+qhef^y)rwWpFv0HVuw0LGm&7a!zmbMY*lts=mcJ5E0wl9X%h`hZxIIcjeh&o zZPl%|=~i2Gi~TWz)R-BVW44z`=#avPka64dgB%(#UTNqTcDhjT#mz}7Tzz{{yl~#o zF!!qI5laD?O4|ppR!6@$pk~%_-A4>|jvdu1^svE=CiCJ7n3x{ViwDuxsHPAkj&$As07g zfh9~OTBG8^)6g)~MA>D4^npkQjq<4sOl_eKjH>Z`ay6QrEKFwf;!8TWwh$pWiGZxP zXqAc>TT58NB3md;jAutn`NHw}W5rw{A#ZpJ$<@|j(F5&ySq2b$jM1p2k)1{$gvL!B zh*R5g2zz9<*&`1?JlLE$ZYe5$M3xan0kJSr`AbLb&a24Am_%{+3bSJ`-+i zEse$kN(M0Gzd}2|hE&*z`>Yox!Iu&oo0O|K# zaD{L>>5wa?CH&BIi#=`=S9HpPU3Anb{#uXNe?cu1H1ZE>}Yi3}V&1!WWSTKNI&32$gRRovF?Q+BO&@x_f z{lGD65V#)t*oOgVU?(cnsCYD6$c@cU=f`sM6Jr26E4Jr4c=@kTQ&|d>mY@fTya5h` z7Kx#$SM9PLRM&xDhh@964(tG+hABfZ*kN4|jay5XpdCSowL);$n{X=b6!d*_kyt?v~N3*tm3Q*vX9NR!CWO z%{(nbX7#GGW@ENbTrT5^H=IvJ*h-woi`2u4kO-mGJuLcJAr@jRq@kHjXc0#6yFORiup&;}-3FEO)paeubGX&_n&s zm-6$YM{}c>Hx1AN%Oi#Su^FMQtOp|=E4r0n(sq`!jx~xojGBzXHNvLw>d>t|xgjCd zlpo>VrFhZJc14-7yB@(7y9}9k(<7AyX2(N}tkCABfhvPgmMsZIQ)Nnct5v`Uf{rDN zr+gSM8N!yruTqFixC1>VC?08oBAimj1v|2WV!F|BAz^g#EnXQ~#gD_r&ho@Bh!87& z*A-DBpHZTbX0GXqSLE5fE&0dr4BI&AbHhh>{gXIPxQ?wny3F}+}MBkV|@&nTgc-)U3fZT?D$5hW)!z!%=giDw12n0-u7dq5jCs2E3oaCN+a@R;Muh)(+{9`Ib7F&CpDq{k(r<2 zM-R;PG2Lq0N^t0g((-%SM*2>$Yq$JXXeWKo)^E#?`Rd258goX2#>1tI%3Zg3^fbn_#4k<2IoQ`ATn~(SNRQOZOW@J1!6h?|O*v_9v^)x{H8c-c{n>OMLqkJD2M-*;{|*fessHZVe{g@# z@PVO&2M!(FcWD1`&(QFpgF{0-U}#%M8uQaY+d|LKmitl%_XzpnQ$3QvE|gZI9E^xw zf(hcmLj=hPNUxY)+N}ra7gRiVQB>#?kzHkkh)%Oke(43%ZUDguNM1HRU&!Z6pezZ~s?B3(1xZ6^`ftWHfkFEte=+^mvt_Rt@rywg{~q>@^I^^qpk}rt%U!qHkASZ&`U8 z)EL+*p04tey#g(zQPo}awXMS0%?NGe6H`VwJcWqTVd|Sn!^K0=w-bgY;iYd)F+`dY z-m@Mq?Dw!?J;er=iOiPxGCD`%TVZDWM!oKOf%KX_OK4OVX)?N?6~73VXBEh0Rzr56 z4{9(lWj693YLWY}`f0uY7jei?%3s=2AMN)4;e!X&{eNix{>S$JGx5`VetN-n(hH`) zlt_>WF`Nvwe_$iQtY`t+%rirYUNB{@fs$Q=Zi5v0#4$NOcY^^h+JA6pD8W3p*HF`Z zBbabV@Q$BJ4kxC}wE~5h?C;mLN)Hc#fq_IXxXQG#n+g~^jFV5H^E*iRRS4@~|4^dg z1a=k70^?-4;Z?z)4+dQjCVw7W1;(z8r68!!mq{Ui^!rFUJ-qKwYA7|78Xmc5=%RgT zlDH;q*6sAlaGG2=rI(;t4VF$4^VYthAp^`^oWQO_*qH!fW;=@*Ingr0u^b#61Q=1) zYIulIE5Yo6$qh={Ca$ND+z3h21aorDwQ%4$qm2k+4aCDHWLB!}rL$RwYiVDm&HCuwn{-MhhH1t85T4L#5GM2jcEK1@JE z-LU9>2rZCGrSxM%XIwg$%or`nk62mz4X2#MEB z(Az|HjA(!kM66+Q!kl&IJbwbXm;hy5t~f7M-d#Z@$j9;E8d;#T@-z5nkY9v;3> z-T#O89eQm4KNCMMotZvzZsM7Vo}Qj_CytI4dU_srbx+S(7eDEoo}Qkw?)%m4Jv}{7 zSjG}T2o}Q7L zdU}4de)Hd4aY;{4&p8X19~tZU75d*Ff9Nf*?&%q}CdRU*wXgo`*H#1Ts@FX5iywaY z*sDg~??3S+U;FHD9JzVq=nIZbeC^;(H-F;v^{;#2tn+UA*wC;4^x2ikXZ`O3|I_@$ zXCD8`b9X=E-GBRp-@d2tnrr^#p68x?{3|Z{&V4K2`Qw?!0}md#{kJ}H-m|{?j^bN_ zA3SjU^5xq;`1I93YR>NYMR4C=f9Dy7al^Cx?_E&)#DDx&an>7r@Aa>{>CV&5bMC&i z^5J)tAMAPXrU$=%)1Bv3Zus2eD%Ve){b!FGy!1Way5Q`$U3&I2&U)Wjvp2l_^zPp| z_nhUg9e?~UpYYRiG_RM zy`uQ86C)pb$F7g0-~BH0$NzBZd7u6CXYPfkPn|sP-M=|hyW>~i&Nt8b&>wtm*Nboc z)%%`(_2Vx&=a_fOTnqi^X$xL-u=ew-+2Aw|NMXb`Cp&@`sx3;yWBkQp6kDK`oEw4)UNYBw{r8@F<1K%7{VpSY*^$4#=;L=*e*b45uB`l@*WHqM z){)xy+wOnTyYGL7`yTJ){@d?(`SP=z$A9D#6Ysj?UvKu-MVkN@+vPkzZ&XWer8{O|4uZ`xD;qmN$yx9~N4UUI<)Hf|rf_DvJt{phjeM@N44 zdw>0J!}q-7&0qTL(AovJf8}k>Pu_pei(meU8~Sc|!`J@vijiBd{pOW(@Atm)e-7M# zdMx>@v-jTk>(^X!?Q7rkrt}^C&saHl`!C*B`Pg|^z1n}l^6gIJfnO`!_0-S4@uMI2 zcHMt^%=)K+lP|R<7vH*g!*753&Y$l8#{c-s4;}7(=GpID{kgIF5%14u{^t4jUq5Co zpjIFI(|^C~L)X0h+b=&odws6|>Zx;jPv8EEUw!gx>1XfxgDdYi@ArRq^4HJad*g)j zZ?F0I>;C%b7d+$s?8{#L)@RT5zWURZZ;aghD$@x)ty_CV$*7ys`UUiQ`By4HFX0yZ}CvtN7f%l`S?lRrFr z`W)}JJCc7}y8aC}xG#i1f6GfU7yQTFGuBg4vnM?Lfv3;D>Vwa|<>Yh5U-|eq+&TWE zPk-Tyzp8!feS`1+ho8NE`SusT_LIp!zJAwT-xzsty5aoSyv5FVFeb?MrW*x#3?= zzxlrJefjS9{qhrkyWhR5`r4x}DV%<)eQDqPwKpGZyzN7GzWXU>9r=GBeEwhj^6kI+ z#b+M;{M#Q$p6%T6i{&T(=DAP*+50|m-tYhJ&+~Ww?5tgP{r+qJ;H!hTz3=hE5B~m_ zzW(3-VetN&9yjsUJ3sNVdw=@Ovp=zNs`kW#->QE6?)!!+Yu~^61t+iF82f5v=xH~N z*Z%QcZ@u&fuXxw{o;_b&Jq3Sq>nPg{mUf{ffJ^x^j|H;p$9yoUL?yo)n4`=3X`_s=q|GbS$jlvtR-*s2d(|?k><#nI? z&OhGvtsB2_{%v=>_t$QH-sgXM?Kh@ZKl1o{U$p1@RGN_^8@c(&fR|P z<43;z<=^w)@s8q3{;6*$-+kid=ChwX^sS+9Jn0)JPma9$!5{zVDS!3i4;7w$@r&W- z{`kD#`acJ*|J2WKFkbclyX6;|2OsyGbH4u3f4=8Me{%R=Z~XeJPrv-W7hU+%cbt6X z#c%(M>T|xf_LIN(ojtcb@jt7#y!o9U?E6%;_bXrf+IP;nUt_^a-E8`15c6_z#WY$^ZS7#*LHTyY~mqt~=gv`m<+0`Q@2gzw^y6e*OC&_|h#G zoW5$|=jUC1>oZQg@L2H|cip$Q@wxNA`LtII{^eJz-x~hn)Bo- zue|CfZ-3_RWu9?kdmUDmJJ9Oy&wOdF3*H>p>{1?yq$dmqR zxG|eK@!kKAz4riXBI_Q9DIyx%TCw67L{L-cU=$mmARq`LAR-YS1}c{CnUauD1h>7v|MP90_g$Hpd(S=R+A9Wl0B`@_g0R#dnnEAG%fOAPet~v&WYb5&wL5l#n>t(80gg{&9!XH=A0NG ztOhu{VCT!C8xdm?vQAut%SM>?$-F1JP{$2O4{mwQ`Z%s$Cd4ffqw zHHL4t_vYPal>yadx92k+zb62)2!IN_4*Mf1{845Pg6`PGGA3QzD$Hm4h#B}0rL<}B7gld$#S8yqq+B9?}w4U~8Ia0Z@c z5_HmVPAFs2rrsYvu8_Ry95wVDS~b4(@{L;&_OlnCs($@$gK?X!3j`g;^xs8b5_Bza z-G)cWKChh8j&v05y>%d)Nju^)15}d8H+y)y3f(iqfA<8~5n`QvJdH)%*BuJ1E{u7ske~2^f1s-0doO zw!~n`!oJ7G&UzJH_OyMsngf-g!r24E7kO>WN3WQ6e`@f`tb*%nT#@%>=F&DTkA6C^ z+yXC{o;^! z+>sf)DZ$)EzuWt++aF=)joS@xU*2uHWrv}0rdvvSln)wVT66r|+emKpC7((qziL$J zO^|(XMaeo-j$eJiL zIWx10o7{TL{!3{-6Nawf%vY3_>`gvyJFj@tZ~1N4dF>63i#10)Hf&$l?z2gn^)=rr zhm7Su8;a4h=_5k7ZSTd*av$N!%-Xp5M(pqARU2|&C(WO&5xghWE#iE$g$NMr@ z{3=RwjqCpVA0^Dlim`u)W@^RBHa zs2)`&-cfL<{fAEZ7PB%HoDqG?A9`Gi5|-BhHg_z;7aeo&^Z3D3(acq!xWnRlJ1w|z zrPs5v+iPcgN2FcNT6E)Eo9g8T?}xAZc=+^(JoCr-W1O~37GCqs?WF2>*K^(^+ZwF2 zor3cv?P1?uo8P3);(IK)v$kNQvZU3dkES2;5{zF2@lHg0=T9!Vey8Mmr<&mly}B`i znB3XHvW^8|`qy6sRdrN;E3o`^$=-^xebsA)*AiMDowPJ$@|Q(f8w`g{%)54dR`pQ) z^l@Y6ig^Yp=h_6_2w5jSo0njuVAZU8_*7DK@Jrt9s6D=ilSfRRP~LafmbmkYt9R#> z1%1++v;07Hx9VlF9b5+(8nKd|{!v_Vea)3S#yehxRrv5`9-I7ltmFD4`+L@yx<3rQ z8QL>%u*uj~!JaFQWygE$Ea+Kdy3meC)B~?VqE{{MmQ6(aR6f74Ys8d0MS+Woa_sib zI=OhJej)y{Wi&xmbSX`9jzS%#wldAp8FV0-s4?tRc>NuI@tIV-MIzIn6l_rR}4Pq&YpydYUBTIY<78GaVL!CW!hAmv;J z>)7v+V>se?@6_U+cz5*o4Lt@`-NMrM3ol)Gu-LxhxkW-(#URxV!K;udWxrSVSVUJl z@Ce&yFn;^+5q+!mp0@9LL3z3&WI)ad{&QL02&2NO%V)IQcR5&g=fUyc@&|QMbu(fm ziJw`%FBgmA^=~{3`dN`{G3Zx3p!~S`P``{{oi-SjO&2|u*wzg0w6<3kk~C&>g8BYa z={dtW{a)YJ_bl_3oi4iKdHvnfT{FhL53)7$=10TG(XB^6@=L$@Zg6|G?-GcNs9N0F zZi)Guwu~U=&`Yv=Z+%Y{xAWTRa%6B}`LRuW52WpdxmoE?*ZgtgOUbN@WxldCJ&=3Z z(tVo+)$D8TUD8|=62J02`R79t1ZBPz?Umn7`Ubw*oL-Ys-gD49=jR_xW|iF9RQS5$ z7kCyI?883f*alpi>#YtHbfi^;KbLSt{wkPe7+DfL^_L!5a~ zE-YW~)^nagie2_Y&dYPb$;XTfxblH{M+))=ne3UoO%dqV7vB0wP}&K2cO+#&LQZzZ zZj9kJQr~lKaK>aGy{SfXi+}y(SQ^%smmTj}zJ9B!E%!yq#P?-^2_?oHC>)9MOk7x$ z;cn)eo4hUR^ObvV=V!NevXk#zRx$HoS%~8;f%DRH8AYvU_Gs0oqS~l9^T5PbUv`9U zxj!)6!+))F#>*hvsYY|-&U_ABk3KIb34N6wlk&uNisg3r!oI>I{pCB4o#+84_wJh| zPAceVhxsSy`TM z{c@AH2`jSv*Je*^9VBY=LA8GAuufTFN!yQXU+(mE!`#ry^|l#~my2SQsS_-{J@q}; ztOz!dPb?jjeK<68|BGpC$;$cGQ_7XUe~sKYLcVjw9Zt`ppzmhXo5$O=mm_bTV?d3z(rXm^_+(V)tMiD0`k5_R#lSlXxW4(AbETK0xuU!gmwmUq01s{l)N2 z%G8({tt+E*ZEAv&j}3_0$F#N#_waviSzW&150AsIVvSqw`n4>)e5%`2cg3(idZXj^ z9qfKU`3s}wY(>D9;x1`h&VNYC-KpP3qNsiw$bM1MGs{28WIw98`>JC37FE#x z?Kcz8wuaW8@-fbu;ga8Sq1TS-hxR1KuiTiGb??Cz=)$b@n65i5j99Q~zDKUU{@^Jc zru513PD-8rK~?^maGhAkOE*Sd6@I^mM}*&ZW9Hg@V-c`ZEfRcv}p z*E?|6^?GsRUYala>2BMUsFbYjXJi3ergll&GB7CdNbbP7HS2Rss(10L2fp!Z%YLs zr-=~@X3S4zly`mhW^F=P`_$pXx@Gw!t(+EcB{!;4|D^QJ)s!H=^72>tXDR}=n086) z|CZ-@M%8^^tDpz^`?eUS*L1lP0NeL5sA!FU?46dzo0Qry%O`1uZ*FpV#v^&@&m#ks z>n?go1mzBHQ8#^+A1AB}7-{ai=;N*A+k(+BgAtUhlJ#z1Zu0C+Na6E7tg7d)Hwx!` ze4P7aWMGMHda3cAC3Y>0SmzHU9yKg@`Aez!k2WR368^=3Ej z=PM1Arz`x0zXiWcSMKm0`&7`oOV(HtTE;dnDQsWfBG=&8!`SsF<91{YV*U}mW^c>A z?SdXuCi<;Ryqx6apPO86Gub-P!YlV~%g;|zZtrRJo|olrH|NZ?ZiVrNTfjjD9fQW_ zJ#pVQFx*2FuiMZF#Q!r%45uJzcmIVG)^&fOV4Hk^G|KGDWg z-_vI2mkWswX`}{CvMa$97j1l28FKs_vF`<7KBi8vX{XM3(ywrZWbU{{;B!s~I-hoA96K>Ap zjM%kx-pBNqF0I}4J#Efcs&bcF-F`BD*o~uIlFnMkIQBBG7;q^rh%Gu8Pt=-_o4jvm3v|Bky{j5PrTL+Rd&0d zct5%@^)gYQm)L&pr}c-1ScJtbcIfr1mtSu3B@fiWu+7_+{nGBHv57J(PbW`UmuCvK6lZQnNC1jWqy5D@GMSFw}PHoW0Q_r4+=_4u%EZZd%(`b8p26N**He+S+ZuL1nua4#N*SM=fW*Po9yvShd4s z=v`Lpw|PIiOBg}P&iP%!Col9|oBlfA@!O~c!#v;0_v!f<9i6f32;443NDQIn^V$T3 zPmVYDe!R(I@Xjo0EBxc6%8?nDnbQY`dvwb*km~Op%82;#tKF~0#n$B&rqd#mkFE7y zRIf)*oukE~Z=w^etABug36<*opK9NBB$)?0&cjrrCubIp8TVtjm z|C4k79$OK~`QC5COK!_HvU_f6ts1xLRjf);)$2aL@)nLObW)GxTpwA6{SSI3FA^e`W}FmqYr;BXIz=PTz4mm90@wVoDJ z^=z31JZ8wrV=q@8H3}Za?UZVeB1~Mp%;+d?n(_&zKJ~?%d+q0LVSl7zlBkUrmxIUcqn0!KS%!PGyknWhzMAPm7C=>K%b1o&KX?DB z41kk%bV=)v6~+$z>Cry^oT8LpmiP;*E&aIbgNoVVxoAo6tg%TybxG?VvvkkM9UWde zce=`B!95oxIj-vb?2XwfWGUTeL*~zG8x#X>Qv_Xe9oFGe8~kCMfPgRGiA}y5X`xA31BrFpx3=iFS@zrzF@|DZnPo?*+=`1p-9#k1!{?(P3wYw*K zzwBDMD8+H+iQg{r*imzsn=-4Fy*~7t+dAms;Srs(#wPi8N$bD1u&>39(aMKEf4(s@ zq`aHkXwTfXLw^a^U$TI}XR$$wFj=s?v&`_+sY_n^o;HXOk7@7J<($#s&(YI{b*F)> z=pEmp)w`(VKJB-;Y%qU&ck;GN{R(@{z4!Y>)5N09?v})$yjk{abME|+D@!aC@v3rD zx7oJsjYg-sds&O(3;7~=`(xJs|fGX4~c#g+7y{zzf|5T{E*(tsLHIO z*kMu2nVT%bJqEPv_NmWj&dFmQ1&pX;!M`P#_Yf~Iv^5C*Jl-rIH~ErZZgM#)Gah3& zWylGqDB*$MZCjgXr2KO9sh+X%(V1(u6%O~cj9f8+6wIuBM!S zj}sP@=$V$j$;cgFx_`xi_MSH4=_S_&=30;Z`Ac!(5wkrlhvtvlLJR@XkcWc#C9bOy zjO5WZH}2G&Ar`#HC_AQC)VLildc{5URU)fabaU-F*C0iB%NKOJnSQU;q4qCYWjtC~ z5WCpRsrpNTz%VqHeYP+EkY%Se1}VZd_m}&Jyy|#z$~wW*4JDiM<|g;(vvvJ3a7n8} z&Zi6$i%jSx`MRIa?b#*W%07u$JmIJp!_#ZJthN++oe3I$xTHh%^2AB6mKSYzk6;8P z!!GmQeCpGt$Yn@ZpUn22Hm5rnC$`65TbCY;^x?i(NUq$lL6mW2^u{Hx7MZ8M{BmYy zImd0l+&ewy4vnuISlLT($kML^p?p-tnY0L*xVC$gXtMYAyb6C|VCKrBRV{c4w?>+; z-~HhOo6wSsjacW8ZCWs{gI-RDpa(npdyHRNwEf)Pamj`7$Q_*-e#)GIV=vwKQoza zH}62%t^^Ci(Ba~==qHy38lS1~f3$T?(b4Mr;hqL5(abYQ_d)OG-Te@_g&17^1;dkv zCm0WPFfP4%dbdT?1|~N(bERBT7mu5N!geG5#$?9O_pDr;-#(}I=J;^Cu$?8W7*Ih}W8 zJ9objI=`qVq0SL|ilkB>gRKeXRaVhbaeVdeg6ze|f?fu)QfJ@EN|1*va~izsVL+ed zX5It>XGd;Ac0CO2SYh2ScbC7ij~;u)m}_fBEV^4Bu*25gQLww`)TzatvI0rSPaZ@K zmSee$7zl)z8#HN@Sxl4kL;gq-D+6xv`fcZSM5z4 zY!cbcv*)doyJl?5dfT!zHvzhJbbHRiqFwH789~?ZLHYJ0&%M3cDf~$0_|WcIfk{u3 zuS}oa18Eg}>b}V5NI!ZHay>ZUSy7A6j8;c1uFMJ-D^lK%*<`ogeCvay{qGm$UNlJQ zVf&%uBI&ZCeI(d*h5K4mw43rcGm)KG^!vFC^VXg_q^zFTUR}5AbM+6WYrDIoZSlDC zF!xHrv|MJ*s@KQo1xCHng|EH}UmR!)AH z|8duh8Dsg?tWIkUQtYx{R-76+;-^oFHwL0t&n-e-n=@_{rFf!!^~SfEa$!2> zly|Qsi#H~ipH!SV{>P0k_i{VW@_c-vcuBCbeErr%-7i|_w;bKK=-uH{O5-Kj_XLMn z*IIQ+bJaT~`|Tii(zD>*s`+1B#PP373!FWx6jjQ;^Y1K3P$?{xtv`6D$8>|cFoKx5 z;hU8Gy|1^CSL|~+awhuCrZd@R?xfeGl$Sjle5qwkuamD-M)H-Xd|I}N<#ih?G&W)- z^_f{1ZyeVTR4R?nf$M&~Xf94gp?-a{kn`*F{raW%R~c812i^@h^e}g;+0rnREF@{n zZwco6PgOpDJmC_zW!dXh0!Q27!?xN7F27?0+w6RN)Vd}nd`zDUUy8548+u!@XUFM^ zkS$4;;fscy8X5RJO8Lz+?MVB_?QK2?#~umEI(BjHb4!!uB7$%C(r`?TT&f8e`|{g^8f z4N}f!w0*xjdXV?Wo|VEr7tFiw^JIOzSB2i*U66h8k>YOGdCyZW#&$1XrWo|`a8|q^ zB3LCYFLvvhWRP-hL--b#!(r|pq`maE&CYgA|C}}Sg7c>8LCI}-Pm=kbk&$oW(yH~P z3d_~Azg@k4A)Kg3+V8A_Sj(K&b(j*eJvm12>8jUf^ZojnWW}!@cGuJSh;x;DF(~S* zFS@m}yj^1Ih#T4b5VhqG>&|*tw5TRt@BNGxHYOif9_W~-U5&m-F0`3Ex$KhplYNH6 z$A7?DZa8TAx!0V~>_d4KVOx@(yG(hc+M3gX)9-U}kk3%Pa;$hwm#Uf*n>JN*lRb97 zz3|(S%r4e7UF6}Z7q;b|xmi}QHND0J#u-7(D}s%_#p`B#Qk34}r8r+$%I$51J2ByXm2ij4ZTkb&nv5#Kav01jWy1%H9y|()j-*U;; zwStlkN$1BcZ{;@iw^^f0mQ{T10i1nM;!wJ5RcZ;Jyi9p^Z{xt;D9 zMaHL{efssz?0auN_P2KG8nMV~Y0+iLrqwSGm8KdOzs;Rjy=PHunD8m<`HLZgRu*ix zs?kde+yY7z)%zx0zu>rF$>1@9lFmuz$492Q4j4K1h|@jRM~hPKPUquGHZckx?2I4o zeLbv0^)H9c9Ou6I%=?rjUUTnx_osSeJ3mbVa=U+U%**>y7;tf1FMf$h63aKY(`um4 z)`}x31>%Ge7WrPcuHQO>&FWFo^I2K;;Huc9Z_jV|Ey(<1#wzow;iW~nvW^Q@7?k)F zjj);c?0U#fW@lG@PoaULs=BGc3U+iUP#7ffRU34DH zpV>NS%;%p2j4H6|x9(q($8loufWVyMpLVUt@9I2eO~uoKwU^7Yb5ET9R<0-=I+bfNpCf#Hi<+_+N`+qU58&dWmk3s>&7+}L*J@*AFp zXNK>&vL<}VjFsb&^M_c*`38)UW~qHt^RnXcw5!$k3Jg1*-#_MKuF3h`iRhIi(dWVP zmdi4#*BM48jLOULF1s!3TYdTVhN)ErhHH1H{Ib$wed1;JWZ?vURZecV&he=?ZMWv` z>-S}cX`97!wyx?uU!Ard2*;iS^fh4&B1mbO>CcZe+*)V7=S;h4y^ z!cvKr*bnWCK3NxQ!B3a@_?mY-N?*V%}b#C!4V#d>JS@K#mI(?gXN zXSy3s8aicpjd`y9z~eIx`%XJ*7R~#Vwf%@~Ua6gJOy|mR;q9;XjFDUsEX#`DGx~9_ zU5vpFXHA#7XH3ZLv?zSSs|N>D3U3?|M77V1P3pPY@L_ItV)gyDrBT~eGfGA(2WBiV z;Fi5wv&Q0(-c$Fb?N7}}Fx=r>EPZz+Kjy>;N1Od$YHqJjx5@Z6hPiC_A0zs^+C;vF zLQ^)RjOg>hNj|y!b@|+vxyT75s=V7NTRAkuI>RajNXu6MJ3r_Kv|YgJGre z&O5_aZhO8bM46UNgTg?)>Dt{t!wVC_egwbJ@m}9S<~W6q1>ef z4+}j6xsP|&SPTwXac^(j<$!j|61O#r3{u<;BVKXyy@!4L>1<3yxgz+AccWnc2zTC0if8U_VktZi+2CX=#W!$*2K96{jl6;|LW`F z1LId;vngVw%0#x)*GkVy!aL+WU2`ukSHHWlL7Rk~H->-fdB4@>(EGWmPGQXVecR#H z_C;-4F_(?g_uMjz#Zf#)Q`SvO`D~cB?rfZ=G;pcm3*}5{3x^3Yg@w9j|XLA&nuLOUM6@5l}zBv5r4D4&nfb!?TdxUv`w()U$^uJzA{bn2V zEY_(i-1SlXv?m=blja}Xa>Leqmdtke;_034q+U)o*=I22X+@YleQ{|WYG z1Tov~&6qOmz`?g!*?kHus-pX^v6!`_@H*1I+c@PJ)1?cCjWA**d2GxswC{7}eg8#Y z+NCWl-#a+@+fIWi?PkWVdv|-+(Q)?#9o$`~t};kD*Z+^=FuPM#j?s<(Yci8OnFHRI2v0RswW^6Rrjejt$e0ySVv4Y?d zmry18N4+_-z2FyT5!-#~?Kxk#(~QSP#@>3g!a%A2bj~-)#$B(D7Z`R*3f-Jwo~-{e z*7I#p#m3XgO7K`~r=QN9FxW z#`dV6s;*4`=4Sr*NkCETUDm|@bGoFt+DJT(h}YaV?se?erQ&hYWs?Sfy0h=lgwm-> zj={G8`}bLaQIR7CC$X+C*zMjqg4=a6;8@aWDpc96G~z(EOGNu&MuqLauIR!s%gmd< z_%1qXOAlf$Bqe?|#j2eVTw|4#Hk578dG}$+p zxniL~iu;PPXD`;v7WFYY{!_;FS^f#Z&#?Pj<>9vZne78-hlTFE`)bnrcd}*9Rvj0) z^xeYr-W%&?oqnUr`k_^LkAmm92H`E&+?g>vAl$YR$p3X`P1n{@j_ddKcy?=28|LNl z`kt;|cVy@6+FJI!yxYYM2DjQpb;?Z3?7#@|y?1DuedWee?Vh|l`tkjfgW$-#I}6X* zT81w=hn2CqK0RWdCs-FDZ<~4Mwehtnd2f~)R2$}ChueJ?c^(VcfRJ1%55#G8aHiIq(kPNJ*@KHVMVVqO+V~8wXEeKy=vYt zr-GYV4pn+|aB}LwEjR4VS3VMNgO4r>x*+Xgq;ut#Q-)6Q@@rXV^FB|_C_H=X)&bu7N!J6; zbe-|ef|=#2@98>w$eRae&YNb0h@Y+~oZ@(|*G$Cr-l^BlZSQrS>6liu!&$WMZ2Xm( z-uicU7^M%(6vVZ4-|*Ug9DCR@-?j5*e2QH0&D#AV@6@gPyA5xZ9zQzm`HJO%l81d$ ze!W&uJ=S%B4ffpT73N)oEkeTrIoG|Jm@$9OpiJ^?K)77p5*= z9XS20buUcZduH3}q~C3AcxxnC_iyq>2D|?Eb9LR46kM*qP!F%FW*KZdW4d6W*No>Q z1Cb$Bfa{xdV_^R&quf!J@0Og~+hbJxZVyA>+~hIf$WAdoF>RhdUv3At`ZR9 z(It(5Hei)O%EE;U&$aN+?bNYj$JODCASRQ^?ChoQ>FVlA2HY)NxX{bWh}E%U$E4QV z63qYh$~E8g+$NR-o%7$?>FMd2<8DE?5X2!Km4-;q#>#pK+uE9KV>Qug2+!7@XJbFu z%8F-YHTl_*O*$2%h!7U3>Q}I~rYcNOFkkBF>FIg6jd$HUI(+v3`Y_9XzaRe9IsY|X z0b%5ISRB<~Ncd9c*TnfRTN^98I_JOa9PMrXJOA}>{4^cTBUATBfieLE&`EkR23wQo zo2Pxcmm}3m07jqv<^jwxfAPm8p;0GuVMNB$J(Wzg2}D9F4lo8m0Spo-P#9MMCGa!7_@5d zLVz6sMFX}r76gL0N)GXec3_#90RR$^4@r1H!-z5fK#U>^IS*j^tFcw{mdRk4)t-(8 zJfxr)(q%Z!Sn`WDpXnO_bvYG)L7G$eu81HKLIGGxr_Q2rB#O|9%>Xq}iW)wGNFY$g z001lkQHEg(zIs@M!6F`@zUEU+OI@sqHni%HiC44>1cYqAgrh2#hZ(&I$;#|zuys69u-OcyN;k?%ZIpkIiQ0HH$v$l~>NAc6;;WEI{2>7f;aEeXpR7uh z0jNSvjQ_gD3CZIRp;54aPVMi7fWpzB1e6H~N!X1gh{`~(O^RCX z=@R1>Ek`g20OfLeFlGLdf%7W6jLG) z497yOLhHgz;sgj#ELbAph!lWC=2rTC)0gM`krTL(`Kx74tS;Y-b- z21hD2jT`9B2G>pM;sL4>fI(;!m8qh!4x>t|TPI5Yl^!5^mFP)kok8eKUmsDQER1S` zL*S<~>uRSkMLLRzo4?4a%Fz34ywN1B{@kBiTW<1B7d@r9{E-rdUKk z79l7NOI!V-zW>7Irf}iNbJ5CV)5?JVSR}*;|c;zrW$rRL6lR zM52&F00E?VdobVHx|687{uBcB#GIM~4N%Bz7G?EBu?UtxY$}h~Un7u~%-<(Z-5a!I zu1BAiFeT+>9qh<=G7+ZvTZ|xLqJ)|S^lMOwu`yd_Qw(F6Y2))_LqsORIB@+bSEsYT z+kEY+HO8M_p8;Cf>nw+3{OPqGpq7=|+4H?#b|(4MTv8%HR}cri>*>d2R@3h&zGM6W zq9UNl;MpMh1Q0-|F4APb{8J=S*9kO0B$Yn&`(#p;n;?|FedvEps*uWFs!L>}xscfr z-|1oZQB8HQ`>6jL{j0eUqPb)@)$8t~>UDbShN!RG>8<}q3=n{FPypk)W= zWcyBXAs3wb#Hqg$lK$_eieWaE6y5+WyaDV-#4jcI>83e+g&?v4ZBTcNv&Dk%bT*BQ zdO;XXLL?0@_1RJfajJEVN$2n3QQej8$C&~PAsJqGI5e99>OIsbfq;;gfQM_NeDK$F zAXNpVtH8qlOY9J!5Xlfw^7k;r6KX&jG{KQb=x-E`f1M@t&G(H>7%IOqj-cOBW9tx1 zCI$D9(bK0%{*YIwufB!H~x8N`j*T(3q zSMYyH>ko@SEh7BgT>RW7YSGeY*EU%Ce@XV=Am(V&ni6kxv42XesYz#;kvcga#2VSO z$`K3~qYyS-@}s6@U#h161h0k+%Z-^`>s8hwxgMs>CR_yHGxci`R{N(fh+#?u71pu) zH)Qdz#SoCwwX|*fa&1VB+xE4f=(PP^lC^uee*ZYDZ)|Ri+WOWhEn01?#==cd+o<)X zaaWu+nT=Vf{zj^(>EI#(F{~Lq=^+9XG9e@)FN;S|K&FsLSbze9F!BNpb##Hh7F3QV zpa4h6^19@c1qGVsX(qTf0Ejei>J0Y3#s(Cku0g>##F&FH9ODS&iaJcNv9gjjF{J4W z!~lU@0nm_|-NPPqT^HW~z>li?PtYZWr1d@P_EuKja5HJ60Q_n4ys7GcKZO!l3OCqq z)=dybbQW2;*|ZQ{-l&x>muB~3*q#cbz zs0@^7YLl1(mbFz_fK)~PgP@>50ui!Bieb|w1DoxHbW^vXSqErychgH^W7KP0AaxDo zx}=h?Nc1&N6cx1}G4f-Bd{m(I^}@Q*1a-L=;OE5wJVa#N8V2E{>{Xx=79fGZD2Q~H zlU^D*g5m%qmE)?$m8|-F3-D{6CeZ}j8l;v$?T5)#JO6)#2>056fq#Y)`tqtDqeMyCNsPv{^K$MzV8YeRuP=jfCzsO>v)WuwMiZwUrv#xto4UNW?*~GR&XV--& zPbsr+L@Cp8oKgS*86t#!Tt(Ayq|%Va6ObBK*!~1nKeFaGN!O34XHAk;Pg!eQAuL-Y`kfFLQ>jBQe*WQx59$gy_h*iT`yfGJE71mX%5 z!pKS?1RVN}8jdfB;xY*3j&gBfTUj~U*f~sLPKlioIwjVk@i?t|bO4sF2zh59b-HvQ zlkvYk1NZ;uU!Czl8(^f6497SUL=gFRw9&-<<8lQNAc|ugK8(viDa;WdQZD^B0|4m5Q#@b@$ChKq z5W->z!+8J}0ovF*@EimV0!N51a1>byZ0$h@p=gM;qm$zhfzVN4Zw=YlIEZYmK|7(X zjTK~NZ_BrJu(1-@6Jx{45gNjGVyF*u3P}^bjTPH!2;0hLqSX+d-4LFYBgfXt&f3a$ zu$4W}*6Kgu(!}q3^Irx2J!in1n*Y}JHg)H}gO$~P^Z(!Y)t&zWL?(nOb*Dj>cN6kK z1WO6A1Xruz|C-YOehvNV%zyQvdbSkCVKHej{Oe+%iTQ7BYwuX^{(r~+*8hLy zXJ!VBl7oT>2=IahkPL%>N!02M*l?^EW@hS3^OZ^^2P6w}5LC>SP=ztBmxqhncz-vx z4abUuN8=2lioYNNl7ebA06;`ka)sbg-d?1DU|?i{NoqAA%9^a^69u85L;}(1}?PNP-2>I5G*!Kwuydk1}K_n=KfB+OGp(`U`L4*$aI$Xd2IdvRO$RV-i zak&o?wgEF|0@N{k>X~c?6p0`K4hem!76MS1r>@e_Q3f??fg}PX6V#oH(RnkXAd(FL zACe%%9uG%!8lt-z;{nX!&VVh)nq$ROLv^j)VgpJ_L{PjDFjEkbpFb>x2(C{aKdTLPkD=wH+S9IUPC z>VI~2w*Sfhf8(ds|Ab(o&FwroT#q*KsYRCBW~_b&XoDROU^=J`eZ)^7SMUI)o%#i3 zAZ(zLwN?FEPSgvvZBAV)T1p5H2QgFg98DA^pJj*;Qe#}3l!6D?{y#*;|AGG3n*UNr z2rHz2mjGyT{#!ZJ+yB}Ar~myczrSn#+tr@~HciePr}~u~zBh5~>P#Gm?@oW4|96P^ zKhghM^BzEU1%3{C*0&jH*ZI>2^VGxdSF&q>`>P!k)D%N^rlLgq;)>hHh){Y#xOw5Rc zR7wODk|uR68+h#lgRLQ-!3L;rwD=;p!(amfD(@9T3c|Ggf`kT1L0H18HELiZwJ_Eg z=ttAexZ3iN5QPOJg%C!7lM>Tj#u1^K3OXMc^{o6F8Oqi$N(|!>3cj}MPyH{OGB~ld z>eq1z{;x;D{gnwxP_`dwNbFi|jWB;+Sva+}SPyYWKKQl96tOVhM5}mBU zfE+|YDTG5P#xOGjd?gTwK`hF|i${PsW%X6U5($7rK`06fA<_z4w=xTWWdeyp2+PEP zwx^L*n;=aH;0U0=sQO|G6>`iG4ZA2%lvowOC=iyA2V%wFMV3yV>IaEo3`ePzp}sK0N|ilz2dWl5FZ9*Y-=kvN@&?;W`MsO62KxA0M;_c7m>gM6@xbNlksV! z>E2?LL zTB43SfD(xcz|ntV*2|Y!Z zF05g~a1e{cxSF}cmLo#8Mibx?lu*R6Oh zk_=KL5SJ6{AK5b+Ii{r^iWCwFmC+HB%89`VSdubNt&)*_h(e@vB>Qq8G11J(KYeI; zygDrsFq_#L1x)=~2Oxv=6vDWc9;ht_iO%mf4q9AFEX z025$~Y{Dt<6hZ{P5RIusML-oPB;m(7=Q@`)c#zkB4)0D!~zy# zfF;35D*_n7O;931l#p;By~+h63P1{~03}FC7)twtu^-{Jvl?9)K_?%UQA-Yi4AqDn z5!UN$o#UBgUtGPLozb1@EKtUwiZ-85xg@Ha)N-rclz}m`+&>yvUNxrGYSSLZ;Uq`t1J)K96 zP3Mv0GUyj{Qw=U>gs>sjXGBDGGzx)26#zxU7*5Q$I;rV6>Jtz2*d}Ma5XK0gR7MqI z1WU;T<8`yzky0B*WaNaQEHw4IkzVwg!4v@^6F_ouUr$uw5=_zb9sQ0W$K<31kX$gd zwIvtw4F;fy1R^DYzYeR2B7St<2FmW|@5?~>pr8S0S{AMbIjkVZ08uK8KESR%vQ59$ zI>C)ez$nO%0*F!8ep*$6jpwk#iw&;{g_kNJMXJ#-NClTBtSmUxe!r8V;y4^niRM3SwzeMATNmBM^+3rNR4WriEcbXLl=(t<(?G(f5f(|Siw49%9A6q=fG16V3BNC+s2MLE2- z@6=ff!qrQZ=3Dr{dNb-rES+4w1mSb3E1UT!1#knqhnrZ*PLzi4x>t{%-*A<$9M=4=i zs{?trfti`+6{YR+)L+P`Qd0VBL8HC_AO?U`Y$`0na0nC<^PFgjY(f?Vqlk=jpQuj= zGR%k`S0gzFmNX#I0kGBu@h=Ve?{QS^aH_{qbt>$C07(J|T?|}dlm|3qMU|sq-DFYZ1F-|5M*bKdAL<1_X$m}m$p=v; z#iZIgn!kXMP!b!BLZWq51g-B-!;eOeKnl}^HVH&A7jN1=L2owIMjRLy@&OPPWB(A- zwL9K}Y;6=O#&mH3)fZ+E%du8;w{})U07pR?1`5c}5=8v3p&JNFh@nzp>(I$pg z4|EG?nQW*jE`$ZRX8Q(8A&CoVcPF+F1h5z;76GD=aI``sf>4Y}Cwd#rj3oyqz4L&h zAVRBAAqrwW2jmKzx{66lb0M%Gll@WrB-3?rYtyaQ<6>iqkASkzb20LsoH{xXssGgF zo=!5Fdh8?py284tZAjuUwZg+!-~h4ylLf;_yJQ4Jn&cX&)dWihHOvX(B}Z6?A%A8> znUOnRwmLa78%NlDh%G@tAtYprP(;cm8)PGR1cb8j2v9~YL-c8GEkFcDby?{~GmBtp z{edWfNymu-kAP&jTB~Ywc#<198RfT^i^C%LAct;JZB63=Lh9HyrP9|e)#Tu-E&kns z2gt?ld{B3k05jR71BFz}0Z>ByA4e4!PQIs7qS3F(Lgbq|1*EFlcmowisz}yDY&g~q zP8=(a71zcNkP7XocOtAnNuwJy9STj;csQ zGn+z+Bh;C53^lU;6dcOWCRK$IZ^J0y94vwd%%mM~fLT8-AC_^k2=xm{5P<+pR|LQi zDTGJBGBJnQ5Ko&yY@>axgJWHs>oA|bFsnIj0+xhGBM-D_EQA<Il^VjZF6y*`s-z-g~=odHL` zAPqj6CtZbFZ3hR0>WKr(2xS)qkRp2#!`4Qiy6F2%+XWUi|>eggOrzqX~}$4x)mHFc8O4 zO>^WM5lqZw^*ccXL};bt11`a|HxD|y6UuC*OC|l5N7)5@5sZ+7+QsSYqEx~V&Gmky zsY{@K;sN6k8Khx=y`8NML)X(x8a?Q{0BP%*T0hjeZjW>|s>^AkfHl+Usu?77WsEI@ zaALr~GO_v{*NlM3Ch(ziN7CL_HHJJId-auZpiD*V9$ph1 z1dXIGhg22SPC|~lE$v7?ASPDJb6b}q+Dss(53Ekng2;$@^EWa@4VhGV*!h?SVQekKQ3E!0fdo+q+4MO|l-R36N>C!Tp<+2#UiBP#Ape3u=5V5OjV>?1CJoh2O)H0For3hP|F6iWqQ$Tnkc3=9iM?3_1V+KslETnmyRHMJHYTICjd0R~1vol70=4}`Xq>wDuha8|R1>Jw z#{i50uuP1gkdWX;czrLNhA0>V!pW5&T#XsoDCH5;MY16yP6Ijb>FZ;tASg34z(b@q zaIGHIDmC0r{RE5c8(Y>$ny{Mg)7 z05I0mjYZy+F@SQv;-Dasj4{zl^WTtzjZn>NV*se|YGDKHC#IW=1caruzg>&@zLQ)u z(FE!s0u4kyBtlR~J%~wdm=6JbL?IKZhZjVz$uI^$4NGnofFUe$&8F>REKP_4slZYJ zg9LLpesqitf&v^ez`Rz@s;#Lc8R}J*Xr8<>gaB9vOL8s}xR90>(j7s12PmtH5Eh9b zR1^MHHxv)kOi2=qFNjApXfD*k15@xddm43cLhbCQBm<6UaDfTJqqOabSZ!zmB7*?m zNhHrSUK8~KticRZ@F~13EJ!r!1RgTkOhQ{A*D-HI2x&5(`$3>E5QTBbM@BAW7(4^w z0Z!yS7knY>dJRhA@UMnmmo->4%WvIRWHnbxf6ZGJR?x)`^5=P^&Xf9eE;z zSO6#z5dv1l0&qkE(OH&R)P@L!5fsK%K4J{DV4|j=s&Mz>uD9 zLfhn;5&y*?2|48cUdU=%*`Q3w24y(RR=@ds+aZ=J93xxNVk(;t;UJq%O8A!=BwA8; z4qJ{wkW@~4Ly7kNY2MLlw3>bK5MgVqA?k1HU_F4Zz*KxBy7oOCM#KX` zEQE*!3$W1CwIGOZs6o;>L9IfyTb%k+Ym!#Dp(Y%cghzcLy7%YSY zAd0Ci$8tod#XlW)4f#f0z8)J@hytZ!-(;GQH7!ooey{V%x1sPqx&X0ztZfR=YL57# z+YZ$`G}p;ZCSYx2Ye$N18t2-c@X?ObZ*b#IEh``$YDq^vQCoR>KS@c>I{RAPZF>WP z)Sr<0b>t|y68tAd{}ZGCk{E4JO3kF>P#ckpRETOlu}HmcLMk>Yt*FWH_eef%SpNyW zzbN=fiS!rbo;voIG^gMQy(QDJmXh5?2RUJNcf^|GD7rhlhPKse*Ab*S+^#v)PKB?L zN7WfW6u2%xq;drry-ge3$XHID!}Gca=hf%mZR{Pqshjf1v+p+cR#GZVLMYU+YT^jx zwIg@JatWe>gtce$iMEItg~;koX$Eapq=yZy_E5Z4M@bU9s`1*zY5{WqADKi2c*uxt z8JPx7B!Y=uIzZXG>5xSkqO5Ogp-tYJjT{YIiU=VINse4DQE{kvZ`wFOR$-BLRAPEz zl%I!;O-E2-4@g0yowKCC(~8lfNu~E@wbK;U2?-)CM8p8mXm5y&#)23jEbX!+YyzB| z)E#Azfa(kpibzQlG{q(gjAdP90U<(*esDCO7-PA>Y+(OfkglmO$>3E z4CE&d8(`|CfIyzKD#^rJCY6|2nq@R!d=b*g1L6RPLYk8c+8u0x)t+Ri-5rxvq#!Pc zP+K*L-7E@&lwkppK{QyB+vIse1QAl*z#>f!CTJF3HAVoc%)O$E(l3K0#mgb>JWI^0#0D0;Td^qf%uzf6oYht zX`jga4vzpVf;4@C5{yJx-9r-62>}T?S_^@j&LYrwUutAE$#HsVu9eX!LdKk-WMF|% zr>tAFoS2R3V?$I0HV_jDsd!{P7J$eJ<$%x~JY+1&l0?XKHMr1Na;0k&HMNPNR#H-d zP4r!FJ@ zH)PtQui9{hB%n&$G)G!TVoVc%dRKUr35wN@WMrhKm!7}W|a zk01kSA<`r$fG_|BsTvU=C6%bTZb2H~sB-=!1Q)U@R%?(Y8&n7D5jE*R0CMhXockn5 z2*qI$l>?Lk=sc<;Mk&hx3DTwZGZ|Y!D@sJIG4x}j%s3^$7gi_n1tL#&+~sRH$VuQVRshzzFXdjseL zT5fBd{h0cs3Mq^U~5I6cLXTBCsJa85EAqP=t2d4`f4cfQ&4Lw z|Nmp}-QU}`l||A0>(XC=qja6vsYP2(oTNHCYhT57Q-8~Lye%hP>!!UHBtjBuieL%Q zjvD9w?dQV)Ai<|7S$<^4{Ju6aiN|0t7z_sUAm)bR#`g@WTCIzQQj^jl3kl<@Z`F9_n2u%#%&d@e#vwZH>S8M##3ep;4phJX^^Qdz!Z{*rq<_J}0IU!pOw z97YcDI4J}hd)Pt2_}p>`Irs4Ri*El-^UIgSCA(SRLfu3T`ueq{mtpfO+CO`0LlEEInaSxW?C=4E!d1w$+#o&Y}&gdDTbkC7ry@h+8q=jNQGroY$Ec z6R%(A{H8OZ8qlNnbk=)%4;ZCwWu)!t^|GjDZC4?S2=|E>&(yh@sVA~Yf86rPm04n~ zONv|AIKM%VchHYOheye7D8UZK=WgulpHUT^h+CSct5Xi6RgP9;4{e1fVsH71Der6%~o&)SY6Owe+o|=We^>hQpf3)Qv2Dwim z8Mea3G>tDy7iPVYPsBmr);#RK-9Kz*KBiNb*`lX`x0&i78Dm*D@46q}?N@ixqkrYP zktl$6n@0SqaH0V}6}|On0jr2pJb8jRAqx|(b*tV=ymSinpD5)gqhA@7NU%b>ANDpYQGe-2HHPc7C*fc6zYeGiWm2JSJ~^s#Q3rYD0qp2kjNGn7oTN zs&HyA5JIxP*(-o)$)mB743|F9Ba}N^=Z~`$2ioEzZSkSD>{wfJutg|;(0(AW-FJMl z$LDsRy7B*1$`+w&0t(IL*DUCV;AWoj^Z5PQ ze$Nq~#iD&w%m3}Io#)SU^8aK0hr4;6J=4*>(Ewa#zyRlJqS9azo$QfvG$1;Lx3b)N z_N>vc<04=`v4bHlx};dyEtOqz$dCGhLxs3RBj$PRN_Mh$tW>_rfaZ#d3H8-Yl{U8n zFCSF%0>%0ACBD{kVp9?MfnN?C-J+vHODG?hO>ly-?4=rCzO)b>A?Kqy3tQaXxW=Kc zUl)K0)Ln}Mrj4Z1a1kFmH!xz~MQc72XpQ_C1DrpICBQY;*U=ga3(97rj-fRb%soA_ zh?D(PK&vKl*4F`~Gls_6|2Pf}Fk+$AHwq(P&!%FN=;VFx?A_^p@4UNrbZ~rr((Uzr zeSf<5=7+V5Xh4R-gC=!YtX36GyJx7s0$bRKgR#W% z!M--pHMrite1TdmmkgOp)>Cs*ihwehOgIGvQ5AX~5@IUxA(5a-HokF=ZwA6ByZDV= zwHmbY()|cy=_q1B-?z;BvxWd#MxR^i**`iiUPXcPS zP{9B6P^$$IbZXvMw>|(y%XyD1_Q{kR?S9T!SQ!N`Glj;%6&pL$WYvMeX(~FD+Fi2Ts&t_$Th>T$V@R)CNX2={ ztzzDZ_odjxt!ZL$G-Es(vk{0#@%3wp;T^x<+dn@z$*?(a&8fMD)69zsGUcDPes{RQ zBH|8q-B8Lb@J|2nwYi=H;pF}4Sq6w@y5|8I0_j12#+l%2Gxp-GIrHmA+MuK2ZP_qo zS$rL#uU{?3)GX#qnh@+2|AR(9YPA3rKg76rK&xEQ7<^9=njQ0`lGx(#w^KYr0$&h> z(TH53DfJ_h+C3LU<>15^f1BJiPJEF26>QMKo)oAIR(1zHP3_c|!Dg?4HOsFy zbuUZY35pDT*Ep^`e7cWqN9S-@Llkmwtq}{aaOl>f41PJ>tVtd7G1{qt^#6S)1kv7p z~8$eOKOapi^OT;b5C{+K(Vijr`K#|bqlp*XJl zgF*gB)jnnZei*Wlqt2UL!F#$Nn?`d>BYYJtdRsZ*L|pLTYpB_qa#XOgo8k3B53?dRO?V)$UfviI2w>4jyM6I zKlIPov`uRyDe+tmM)u%jtFjlu>1u7DLK152C4_tr$Z)+HGYJPX1G4s$Z04`HOlg5y z7?XRA`Qrx|R_9IqNwMIJMGn)fsQdP%}vHVq^dHUIIZ?YwAhZJ_^bJFi+> zP2}w207F`AO1L8lP`Bc|qrw0t+iU6++RW#hm+b)&xZO;hCo(<#e+zez!~=CMUV~}y zrRky+sd@#fTc#q^uf%)-%UzG_(@Z%5|C&%pLR9E^qvA%4(SJNgaX5`GWH0H4;px zvy3_CFT|UoZKvHvJPJU)r4~jUnMb9lP##5s!B1sP#oU}7JPKlNs7NF<{)YE-26N5 z0EJf7&Q2~&T+8Y{=7iOqq={;NtM(eUd$>{SwOFp5Y)7vVl>jNu5>&O8%uh>YP_RL1 zR2S4MxEHlXzEu4b9t-seg;lbB*6qQr8)Dz>dcg!AM^n_^T5b|*p?zs=FN@^`uv-(W zcY@7S60|y)wPmRVv20ac49!Iq%kW$TUm>PT3*H*8&2@Vvev>=-1u5537A{1&alO*9 zS12Yc(NKrxYT?A5ss-_5RfYVxi_#lZnv0n%fJ^Q!p_sFm*m7m%u(bvrk`UAyvRz^B zaE*RHNR?h-sK(JbP6$^u?AU*F(G_87y%$;$alQGxJXN%Oz2sZ0bI{WQd?K~0EX}c9 zt2SW`62sj}Jmv$f*A?_jYAz)Dm$xzZFi=+Y@p$lfJh=DcLGel3SYy{baqHr97i6p= zYsL{Tk_kyQve4Sh)+}9-arbaVBg*=IT$qmw^Zpj*yQ~eYy40;!+Syj9wZx2cT3u8) ztR`9$fmgo~eUn=xa%4&tqcPLpoYqU*n0xnKpE-sRjN&Q|2?>kH&m<+To|*!aZ)=7u zTk^U1t$|E{c;WG3V+pOCe#~H#Tqe~DV<=NFHeY4st7!$l%s9+iNe3uSk`=1!r%K>c zi6oB-S5I-W$-?`R6akmiD5&fjLw0 zHc*&bHL8y(4y+Yp66RDVL#>piWD8ZeWg%K~ex@Gb&O46{P*bG|%}{l7y|`48TDG}f zaMnvFV2!`$lCaLB^5qw^j@v^2QvH~`pNmjvI%8)sWfo`koKKo1^=itqw8y3rJ#7aXuX4qEzzV?$5yJ6to)bXu;5Z5ZnP@ZmiG8_8b!&o z$e&=qR#9y|RWGZg%4gmEt@&HCnd>WAsCC;ZP@`6k#!yYA64kyqOv1U9H(ZIVvKI0f zTMlp4*jp5b3y#-DXDN!SG|G#j`o>7Ud$O!Ou1dsJa6aE9Ax{`lI$=nh1^)vCX>OG5 zC4mRvHqjc2J)Gp9@hGsEID$E1Le#6YKhxK*l^ix{J~R1Z7LWrThjBxW2`Zn$3>?AL z7f1JsvWvK&%9^fojRgBQo_g!Wwey1EA{N|McHub}7FNM}*4zKtcG@o%GOCWL5;buU z7|ZSLDzo>vWF4b+2^#eXWNI@mfQb6A`RN1llyFIDDl_L$793$Z#{fI)co^Se>c+rR z5d7;3zu*A!b0qHyh3s@Ej_2YarQSP&%rGgX$<2ESc(CFYg~!WVyrN>lB4NF3=CLUY z{=uk^n!ou?t7yv#6BL)tYM*}dKXwm4?Dx>e?%}~+_w3;PapyN5t^!S!YnbsG)TDhR zb*dFE#i^5c+^B^PMo7+*6NMh4+O}Uz2n2gVF7uxXEg4OS&ZCyf{VMA&Kz8L6VXaVG z@CVq8W|esN_c&nnuj`Tuj`>QotP&!o)*v=lf_@J#s zgSR*C-R>fj+)Yn&eV8h=f{THBdRP&6tq;d$nHCY!Q*p-XMy-1 zv2BPm!_!3~fXvDNvAy*&oBv~bXY18t{ExeMtk8!K!U!i5VzJm12c(oleC(jhcH@Hj zZYQz9XiSN~E*7}cK*?=kt(b}_vnD$uL6;!j;8pZYHG1$v?MP+zjf zcbP=@suWITzAp*kG*^$8Z`{)3q4i?mw2Dlj%cx*$kpgT5^~yS3ZCiw{kp^KqYoRcY zZUEv;%N>3Bs_v41xFE9)le^L~kOySdY98W@$!5?s;y%70L*=pb#?FaZbmg4v$MY9R z1>Wp(3*jtp(5BFpG^kKjRU_`^MQ&u~*L`!W$7hw#0{ef)5VciX9+?_0LbnGL+q?0Nkbx9?(e>F;zO2b1l&Q>yuUNm!9sjAuChe?d=Y8Cu7JnAt|7nx#`s{x$|KHhZ=lK8gmyi7aE}k0vUwO8+ zh%dq!BxY(UGkIVjU-)E$|LMv9obg{@t?eOYOP|>liaic)^;l=SDtuSFLDfD`Ikjp^ zVRsl%ABVHOcwf76b`vAP{)bpo_e(agi%l@{RtCe{DKdcZmSf9utY7a9KlqW$tQ z{_mYU1-FLAq(5u)Y~BweF4*))dp)g^Wm{fRnw5M%Y}#N*Vb{2T!4gvl)6AxFGKx8A z)%-89{`uu_u^WK7@?Sf<{-1Acy?9*zckyJFM|SO(t?r%*IJLYuraM~661Nv`?G=yi zXPL+LtHsON1oEa&WGIIzW`TBrDrv(c`#`CzV^&(g!V2lMIqRi`?R+i=Cz@NQ z-cHa-bvb4 zY(JI7F10h1vHkL><{;rMyMKIFqM_mV0dsp64@1aeRh|5nR+Fv0RQ>6cT&kTXsOx#` z3Q>Q+BHy)g&T`F>E%uzeD4#vc4>9HFQ!|}nQg0NpX}a4CPRx_TjqTgBKyt+nYC?L& zM%p*1e9e3gJUXNzPMF0Fd}$Y>IL%f9eqPG2-E^#hXm6*x$%r1yB5fJMYQM;PtEsIM zGWs_P0W_2sgltO0ghU+iVTc1VhwwlI_{R6*`*;@E|MM2ytI_|ocV1@o|1X}uXg}`% zckyI+ndJtNIr^m?3#)ATokU(Zk&H$a)H1{4hQG*$AJR+ekuh;QXoNj3d8V?Uk55KV zhepr#)VxuV@8UmW|5Ty;40b(Cr}0)=%0Zc~KZEa4pk3mz_by~n zz>Awy;KQ{aiZX~&u^{(wCtLnpPZ>%}U4;k_pscU6Dj_bc_hW#p_K6^R!LUk6n~ErejR40*is(g^!ZEj zI~-6g_@YmiKXdbUC883}qHsvyYxY=1i79qT!T}VCILXumWl|#J)}E{HlU@FgdluyX z1M0g{q+99z|MvFF-2MNf{^xFrAMZ;W6K+kdR=Q$y$QDP#%Q_VSc?z_x+%g!GipUNJ$k$ZR+;Qvam z$QM5X%;W#BUS#?I_V)Ip{nwp5Un;^Dr_-P~<>vXS$Ro?I!}68c*82ee8IjoNvp@@% zz>~}7tK*FQSx`340~(K~xxSutn{Jt(Et8Qcd%cs(!DwZcbqWplbJkl)XLI|g)pSWl zSxftv>eVVUAA;f(y0r#s)=z2RxYSE2KA)Q&*0V6nB57dDE6<0mUWk^3_&;p#Sa0tu z)BkV1e6f?2|94(K>i_TLu}wou$+N`$pQeK&O$W=}|MgOh6pN1YPM$@}xdh1S>%WES zuK1p??g)zS3F|l$l(tX;%Qttk7~9Jb-v#H-__8o4@&l-kbLtBcUfSlT=1m>C$=A*q zW7Y#h89<)VDPfUFDyLr80jQ*%6jTLfsj*>b{;Hr@k&||{Sf!crql#$N&m#MO65zfC z7QA&;LDl>J^H_Flc$953PoIw9Eg2HuUIO+5v|5Fbv68+jx=w(gOn)MLF?OrxwuGcVwjt-5@EQw#8yr2?BmiO*b; zck;2{7WwuR)J>zRp3JD%?`TAQDrVMv=r`qE$90zPRxpo*SxT^8mUnK~T&90P!YTEk zfp;Muk`oeAa5iARYr|4iEX8YTHaHhA+5l%)vE;OV8t6A&An{}}2I)3X+17NKMZhUi z<=N2K-;Y;&`8yX%Dzb$X_g~4yhS}k>HuEL>yvGVL%A06)FfKQlcre1rDiyucU^4%u7 zM!((5T1DtH4#!+Cpw{W!Wm|hm=2~9q>a4r+DnDd4-Gz6{vc=OnMXz4HLYpqR+~kw# zf*=*_zy%!z2+}621T4==Q!A_Q_qYwzAgRTHui6AwO=(L&SI$;nDz;iE7-h3|*J=6o zXR`FvQ8p756>R_BYH_Y=+UChwshIZ# zCB&6Ix#iec*{Jfo$r@E5_o@d$1?Mt-hxn>xr)#T#BW81j4Ov!DHQTFN&eemhr`jkw zifYwakX2?BmCY)?ZUjsaQU(jjq@Yg9=RTzs2=l7v`XA;Fw)4F%3l*Gb{vopFkHv{o?O+`zCAcQ?j9YS@9n?+@Gi6L-~vL=V(8;= zrb8m3CPX)AW+ulagJ@iQa!>j@dEYyGce>yE@5A$t?+-s5?Vs-*oEG=ntihR^^Ex?s ze|mO){Nd>Benl^HLRU4bxMi(9BL?iw$MLQZ!U?YKt1X9dcVFu z-8=vJ;IM4?WqXTufY_X4W}GLJB0;wnltlpkoQi;E9tGP!$xOQwWuIyWu4*3_v2gQT zkXdJ*f%Q@}xqJAbcea0e-aR=vKkgotOiIbEAP(Z+>3yxFv!gEb^~?L-Sp}0@WQ!~B zWG>4owYgUer+P71`N-=#0;JT=6%GbPU`3qlf2Leef1J34tgm>fCO=lYPIDd)OD@tJ zd=Geq=Ehw23^4y_u<*35cs6f1iQmB7-GHP1_u={earf=v{`uKqZ@wruBfN>4K5G^p z{Oawc+Y_OU+Y zScF`1zq10g-w2Cx&TbKtP5U-)MVQQU3Y{Bok9c@iWL=bAu?3~G4F;u#O6jJ8VlyT6 z2xaO&zm;^sY%@F>4hiRHlaTNU^W2JtvPH8^jWG41kkn}^TXb;+oTO$thfk)<+#REA zp%y9To`vcX8^~P+LMGVu%SA~tgPj}EWTvfUi89m74X85H(v8S6)7BDnS#_7S%(-gb zL7~=7i8)s-A+z28-PE^u>sK+Xm1JIyKNsd)u0czg)X5bSS9I~l{E-28fe9@cc_zny zbG=4R{XBNkx$Wcc`Ly?mZ-s3lv;gXs#n_Sura2^ki?^vsr0Wh6VMLbU9?6~QM~g8Q z)haX{&(|!!r^_4vXW`(~B|~g3cbD|Z$uw2wkW=IVk%{PDfUk;8q27j|IDLBKNpw<6 z=&cIo`5Ri!)%eS;DyC`*>2azz75 z3w_JtF1z3GY~gtu6fbkxOLZOvE*7LGLM+I5rm&t%@0c!RWp_-pZsbqYJS8e@TeGTS zjI)q=9`(l`phyS#k>@o~;jWpAO;#X%&z&dL+Bj#qed<9P7z>+Fy z;8YNXqPva);!dodQu>cSBf_)CQZ86%EVl~JIP@=4+-sryq?-ftvt};a!k5RO4)^yg z7yn_E@t=2I?QB2K#(!#WKgNH!ljlw%JCx>ohZMTE6%900*1$E6g9!Q$7mGu!L*EHHDNr)qj-!* z@feTdF&@PV{g5ByQ9OKLALCIx#-pfQd6gd?<54`uqnN)BJjSE=pA(Pbn>S7SHjMth z*MJlihtYJEWt7bojaQm6-E1sN2eg=9KL^2MM2p9W7MXQ>%MmSBA8g`I!e(SQvKTDM z7u-Qt%H4AYe|~U$aJKjMynFht+?%tqgT*3T%mMjV?CsI8F3`Vr4@!l_UJitgSIWAt3!LS^o zbz`@v4e~K~%VY2s>seLs7F(}ng&j%dX_)!LNyvN_@m)5ZQh}OmG-|HT!(i{<$Gg9r zzCV8dp?ALf{^;o7tb)qRazy0%uDNH+%{m2vp3nJvnBBb}O?wFhajuFR#%#LH_&C+m z{1{^9F~m&zxy=wWIYcbHG2Q-V^cctH7US4d-SzF$KQD~A4?oxLfkz{&hngL{?e_N1_m1oJAo;@Hab4Ko9vtu0Z<_jUzG=e+ zmE1KA#4KMcNg+R%8Kxln1~!aT4*VO?X>Y%Ky8Fv{_w1}T^T6S7a*lP z)n`%A%ZPfSKBxL{dRVXZDD+D9gWB7{W5~G2ka3S8<5nCpu0%@wh(o@6l)KKzbK+Lw zdtJzf6E19prqA?J5K-gpGw+kT!*%%jCjg#08r| ze=V+xX2>;Vu2v4{5~6DgzBZdWiAXU*4FB=HBr;0 zTn?yM$6Ri(vhXRrkO%E`&${Qm_a9Do_p6O=f{^-Rgqjn^#hc^=E|1x7{_diPlkm;o zInqPbKS3d&e#+zi-#K8g#8*(C*w@!fZDx$#Vm(1=VbMg_P|{XP!B9A7RdxwB&OV$T z%tcv@tiN^n#U9m$%AhrN_Kxu%q75AUSg>)opjNEVnPI3CE2-ZH6-QlwO6 z22=>7t;(CT>6?Ac(v`2ucB8QEo7r)!R98L`B6ydLi;7U71gq>@Q0&Vpt^7tmUm;^~ zu|i#8ag)ocXNp_9ftIGY!5b-SikrNDUE+NZ(keB4C2ii6lvbzlD`{~h#Ppcl;(wer z#Z0YIARg)SK(&^!Xf38kkULgaK#IdL@1Rf3me$@me?}ynwIoMqZlI=C%cXjTh@#Ek z=MT5yj=GeqzH%*}%iLJYvI2Yynw)>iiE|?X8zv`TP&tkNF?&;<58TT((U%2NgYeflLnNQU6zy%VB=DgxjjB}p9T4UNU*zD@}K$q|M|=3I~o4Jy}k45k^kStle-Hl3{0fVHFQjUi#c}Q zpdrH^;lo7G)45Pp;gk#;mnitw%JgzJ3rLOTAtOw-U3i&o@Q`8mE%vZKl#IAW(_Xql zwv)`~s_uFqrk+Z1xDLv^vZ_@eqzYz%iT9!!y~lf1uDj$*w*6z~61nNrXx=wPv#rM; zWaGCZl}P5b5{cwnO9w?qg{!wNSShHA8Y;1Bm?t91P8FYT}PWXu_7%rvY)CX58?TXL<1-b|rX zkBiB@D-wJW$}NMKW5q2P{*xL?zSx(tBwx$Xckw(yCs+s) z`Wy*{)I2NOmO(^4m-=HA;Nb-x6YeygptA|(h(`e|cEl&d^U&C11C=3}`r{205)TV{ zNx%TydXIg#@dWu~tSkuERCGY%s{8N%weFzzzBfb6hnf;36p#>k)F)2E+3TJ61Pe*y z3EG7vh(7N2kV`|}aK=<@!v7Wc4QKFIxC#F^FDBzn`9Jd~zw|egh6Z?e5d{b=$QsWa zeibyHIRkvrc;<*{(0KO$H=dx6IHWA%=wNT3H=H13e~_VQIMgM0Qa{X^_@9b=6)_?m|d*{XD`oD|k3DTjtd;fjdXnack_417v%s^~mJ~EOzZw=Wr@TioCoJQkk7NTFe8z}II?1>YCK8Xn! z=LIZ*drZY78b}#CHoe#6EkZ&z)t+2nmEW4+^+w~#6Lfa?fA&rrjefsBWIkseY5aiX zZV3G#?7B!-My5;EzN25;U7M=Z=K^~kn$9HF0RB7#vP*#Az!xENqoG7@qXEnpx zxZEVfgrHBq5O115Ajj+Q$-3DMcnKL&^-E40c@go23;mviY)Zt0L_o-b1+sg<$J>9NoTf(*gv@m)+gx{GeosOI2Bn+| z!W)eiO3;qlPJ8>uMoSH3TmFG0-OIn8J6o**5%{_Me)16oA-kmVG)+RYIm?(6rO1$xE!KZjMq2W(aAYDW`f8` z*poF3VpYdi)Js~5sSma+ggLq*p68$wO{D}4aU?+K8<3Hdid_cNF7(ok=|o|5#5|8( zL5FzY5pI!GOpyaGMPHgtSVW$nQ%ndAW17BH>Y_&D8s(oDl7eqVmDg7_-UUZ@+t@LwfQqqW z;xUw9C$9WI3p*s0$*7<15t1>n5i*60_mN-{TOi$92sF-iJcYqb2e*X1Tc;i4bXZI~ z*qu^8MnDM##ZBBf1>F*Mw37OSg(BN_3OgX_+c+_|ZSuo?ttT7STfvTHq?je1Yjm1? z1jbWLJGPx;a8J~;O6SSBkM3ZXiJuT zpU+BYN5#(z=gEPlM~m+~WKmFIN9nj6%9g=V3OfPgRIoYtDZma$JP+}?M*X}FW&t!= z*b#VKr(ywi1is$|RQg<_{+F}vJBa%CbqV6Ju#-flT$FZz!v!j+<%4>zQU73c%*07Z zIPr7B$^80h>{RYnrpKO+UU`sb{txUiTzT0|%fb$%oS%>01UqzuRGNCFD?)t2BF{ww zf;g#Eo7~xRjrx#Xf7x9Nup_zZdo9P!ZRi^H1n6o7Ljev2#hy1qMhrv+mSl-hin^pi zTs5!;y2BtO0a41ilpcH)g5yedbTf=v7_zY=D=vqbyLncE9p$TkLc%HKQizKqQxvs( zjrLVQUFuVj#E;UK0uyDBrCLNm(qw!afdxh`4Z(_NhSsDMIfT1_s|g87>c-;YwLFoS z0Kt9G|Mo}v551gS2K?lTg%^2hTgl4GW2ZtsyhaCUw5Zyx6eb>skhl_QupB!D@?m}K z+`o`$NrO}BQVj+sCiz5HR zXIK6PlB`L^KxyJgu;%KNK-Z|hwfv5yv6G3)R^8q;`UPLAy~RkH5WzqOlPUKNHB%DhI>uXAq*inlO z8giBfX@$?~uoD#A&J_0ujs|`-9gxu2FU2Vao1N ziiyC7lt9SBsWArIJC=n8)OVK#b%|$%D=Qi;j2#?2XymMP&x-T-&(VH$&6X@j41OvI zk1_Rm21k0ER}C)>;Z2^EV@Jsy6%Ag4-K-w6Ds9*gkc_g0RNsFDYQd415MP+9_d9%6 zhaD-c?H$)yS*MH%vsR=$Xj6zenF0mT`)1H9#18e{df3@JmeL=L-!K!wl*seIp4DRK zJjmKI74>M&^JzkPh=^JVb_zm@Rh>fh8QrS2boaOXtmKStV<+Ns4qFA*O%L|bV>_Qa zsIvN5?95$TRkmLb?J?M?!7z&JXR!mZgY@_dj~3VHSRX(~D$o!&YwW>Yqf6|xZ>%{@ zVQ1zKCn57$#CO?rN(-ziB=?8ebC z6QqN7A+QP>5Ht=67V09^ucF~4&;BdXy4z66+10;~agj#j+Qj-rR#7-QIOqc>qsW7u z9=n&=9}+jUwQ(W@^~ZO%1g}wlIy<-ETo6@&ow_Pz-Q$wB?v6f!K-mfAT1_UfmbNd* zEM){9`?IzZrg}A@!wI6sv(J*diu@1M(S{0H!KI@S3AHb2Tv#sZf+RSmBUlZw5k--K zdb++v3G>=2-U)%TSPe=^w74a(0|M#NI;auEe2_L3uGKXd<%q~%IKDPAmLDtA#;ruI zw6LpxOt2qKNl1s<_~yJ0c5=QsbFc$~)7lWYw48mP`K@F?i{R;2?CGtsEk!_C z+NpJ7%V6ihij}LTot)QOQIAD_a1ZlYG2fBc*`t-Gn;dqKOG7kbp8N35Zr7+^5DlY` z*0|ij)#iXXvh$|I2_n}M*+6AGu6euB^=AmGAmU%rkoge4;Sz^bIZ@A8gs#Al)uR_g z*>Q3mXF+Z1%)OhgM;!9qquP=aMk*;CI>LdSpzPsbZpAC>05ZpQ!*Mx} zPpvGKX-?w%rVbF8CYu=}>JL#xM5Di3Cv zAKYo=3pyocT_wRBZZMA9c~*=aJBw*4?U+IpXj)S@it0!)m1i;*7KdQDRjiQ-UfPojy<8oPH~FgQrbz;NaJEW!|S z53MN;(fcCL?#!&H^KO2+)|c7IRzf?434qJmEX0m!VGf$^_=vtD4^uk>?7X(F(H@0; z35PSexb&v3)6y;t$gMmp#LkC$7bN*ps9=bECc{VvS918D9xM=*-}pZ9wnFUGIG>}6 zTU8F;ag?}-`U@ib)}Ga`tfjbeW_jhgaC-4B#bTEk-O8~u-||_fX9m<{(4ySEwAz^y zpHql!OZ^cGr#h0Y!dxzhVd)&PaB1YO1Uq&vg&J1#R$Mq8q9201FAc-(J=droM<`$V z&N&rAWqyy@Xe)s6Bw?YW7%9MhC`WxeQ^GxN=_{q3vV0O5 z|J$y1w}1@_hXi45qW~8){BkG}WaDQQ16^)(I+D-LXlFPfZsd`$_zphXfKF~#^ui@8~LNXWmIPe+tzB^KUSU+j{gVbou(~J}Z-Rv07HPu>;;-2)p{)6GJ)y9mXvr z91d$7t%byQNx1Mi=cdm}u%pv?`phLgodd5jW`txmDj6QoPQc`-IUOr=lr<~Of@=BR z&RVO)4jzr<>0nOC)N9n$k6?GQU*cQfa}SP?R=H;Zc9ibwh(&&hDNhPJ`aA_%iwB3BTft~E5%MNQ;cinfNb&zV#_-*btNjf^pU!= zxwmJPT)CdHK?QbVTZ4yy8FWk78CIISRA48r_)yTZn!8XBUy_;%jKwq<(DMCV7OzAa zRM@Gfz*t;^agP{UA$IC1FqY9^+#7yYvS(@9sinYJP=mqm6-_Iooq7t4`WlS;MT~}Z zW!R~wz*tIyabHVowb-elz*tm+aj(19DzQ^bfw8y-<9_$7RmnT`6c{(sVB7;&Ue%se zPl0g*4aVIQ(d}TT`o?B)4aPlk2E6-xRupYln<3R{=Nj#v zeAql9Qx?u*111zI3pu{&(J6f}j@Q>n!P!Cm?VXoLw7(&NhrhN8jj^-!m5)t2v(y|< z0B!4TYQdIHK0gQ(+|08YKZy)>M*LmKq7tX#YXl$dR9s0Gt_Sv9qkem9Yx$6}h1jvO zk`?us%~SSZk+Ul7z+T=R4&`}ijw6Y+vXtzHRW;*EZCpilYdRLD@6EvcG7@Zx1sy^% zR~6GldEsPWNJS;&WJx!#l|=b2gsi;Bf{3YUJUy6aHSzQ5CGiR8Cm|cm^+CEuzd}^A z8H-e8GmKL8wUMrFWof`x@~ng_`$Sx^@IobuoR1y7vX1Rq%a7nTpVj1pPGJXpVD~=@ z68gA+DzDKV^PdWkaA-)-(4+Dc0eVzm)H)3p=$r5PxeeO+EDr=!NcO@5JS04ILwb$6 zw!c28qD=u6Y(`c0W{AUUh;gkNLZgsPO}J%$tUQxLJQ~p<8k$7p#zT2E*txl0In8&d zPX)!^9`W$3;52cK;0qd%5erGob5H#h{)T$hq!62gzsdqQ@v?@cY9U_JJp-kceiI{uv5KheRq3S z20PW8)_1pO36IxKL!X?{&klR>A?bmpqhHAxU1BE)$%uqKNO-+VgGq^fO6EQ*;zVcG zl=Yr+K-mzgBh@1D<>@oTNl+(Hw!*>w>1`k4S971`ac4+EK}V31r#f7vl@q|vCseXx zRjLawyWJa%bGc_Fx$Y;5sKe+q8mF(ySJGHF8zS{`GbL^T-k3E3}9a^?bEJVl5SH^G?f?ZD@ z*>$7$dM~jW@3jo=R7NOD*_`4`pd#H;veNF?!15aPzgP^wp=^^6LmZF}YDzJ&xsmxQ zq3)pOPwm&QnqT|H*r|+_TNEQVBrfGKY93C++}og?Bj!`V!V)H}a{7u11#>SgsS9S( zp!8C0sCZxr_htbJv3!3w&uwsJgPp`C+4e3;tt{h70tW~yjy-2tG?`?gF6BdZ3CH!p z%tqX8JgbR=QH-7V4zr)`@qM6i6BkIbewGr^y*#(MvZyaec$vLRzeYV^Y{+~D8Cjdz zsJNyUMVPEmJY7e!BOtQdeQpywYD8yBkJ?Xq)Y#Dq)JT*H0H>1j;gL-ft^r}wctMM6MXo6Z6ZX#JDZznanof(ZoS&{upnG)rgDvK zVo#px{qZ?8wYhGz^9qR@XgDFm3l+6mEllq+gk(&)2+M*R zq*Ar)n6WFbB+2g8(xsmp={}6XcjvG<8s$3#!nS?9-4~q8uhcWxm)H8 zSj+7pj~#)>)ra(Q>eCGMyivFhTXJu4NJ?L^=eiqrjy1mB70b)spmk)|ng zo~hvvRqh96E8!l-vtm6;4UeBHPoIZ|pOtv}80^%tp8oEvri-ytVu<$LS)dhTr^FEL zyR$$m#!iVL+IMGxR*anzL$vSC0?lBjmi6>^XEj}do#IXF+uE~M$aiX4Pk*<2RxRu4 z?{?3sWj+1f?pd|0r@y;BD+*jJNKb@Vkn#Ljv>%{2;=23;QY&R2c?=gbF#I@Wo=5$$ zg1uQ&A*Zr<@xW1P_d3x{(5|{cJ7F&BnREKX^!{GS89f}}VQuup*g0h$fpoU=$6M;V za)GRAcW_r-H}+2C+PY%l#eHS9xFL2L4Wn{Y@h)+Qr$jOY6+cU|kbbMhi9i=*_6DwU zK5fK5fA1q4jw4Vu35NO;;!P3txxk*+chJu)H1|CljYhxUmmG+Br11l?OQPwl6%vnN zPS9@+gj9dY-PZ}`{ECI{8>LbV^q(6^i9Iav0CVzYI%~Q5H#CJ%J~5{Rq|rE=5QGQp zQnJPA6tWhBwsJyj4RzmC>&M|VO!qM0G(>&JQc-#{M1{T!;|QY|E+0>ci~1I*eW%gr zdJu>}vT<*=fiU`a_vjGpiq)MihiRgOCz)U^E^nrdo4a3QgN&{wvI&i8Go`}`4#iUQ z(;Df%of)2brP%!kdiLy$2G5>#(7#y(KpFQ8W5n>uYUlSg>yPzD5*BP?uW)gC7bHc7#f^9~=OF}NN z@3unKU`w{qvP!Nu8V6u-!9~dYu{T2@k@Q1+o#s!DlBPgF)K|8?ZUn(1Yz?i0&L)&2 z;&YH`W-JP|vK*FFtXdyVus_a5v!SEp)>z;%n1R5~;i4-lCaKtW>iVJ4c&iYgOaRQB zV&s!6MH8w8iApNC9hH)fbg@ekaybf}b9RcUpOo7`oQ{34^Y#tYd;_r%4MPfWqsz$i zNr(s3qe4SO;c-#g_QV0O=wUC6O4Nr;E;0Wo2Z>38Al!t4G5}VC$k19SCB}8 zCfGHoGz)|Ia;92Fk**{2$v!)Bamh(-wCvaB;NC&788m(@{wPnzYIU~IaWox}Q1%Sr z|9Bk#udE9wc4`WtcBYfe=WWwZj|jwP{%{g9pG6#aEfr|WTvFOoQhXOmcTkg!M$K%G zMaBGPet>agLtvvo_!BH;WecntIQFAyFR76Xbt?l`S-EzMl5*>RyYGxoK{B_w56Qfq zF>950Ggv2@;9!w##AI)nalh3v`01mOhsP>=v?~Py`Q4Av=rg&vsIQomwM8cU%0XR^ zvwR2XN zIaBMRuwN}puu(|_UJhkpvndF(%F$*Vk(O)P(BKT^wj-gw!hT8L>c}ct<18R?JBor~ z5&J|jXiiiMaaVBT9D}3r0Gym$$~PDdMzMvIKo^n{39G_IRQjkg&*iv zdr<>zn1!m=&een||21p7m(5Bs-E|cQ)CLGjKxe24-EL+;YsL&y9uXz-;-vi=8A>G4 z2AL2(UfsjTz#GZJlEpw67I7_@e;tqv05+3k(Tehk&L1fJmkz~-t~kU~;_YHiHV|>f4*JsM6C4uvZ6ud0Z+1{~XKU-|ZS$+sXdL))lyr>< zP7niYd!9hArjrO|U#J4Q=>vqsppu5=>YNnKD%Vp%IdYj#&|oIp67e8YHR4uNbbrhQ zF?^J2R*>Sx;!5!!%D^%i;Mdd)@v2RaCT+OKusl#epfp9$EbX*zgvEY_;`)uo!3YrJ zLi9StV3|1&TI5|i)j*Px#vq8Mp^PC3CH+~1VBy~^3W|8|f=D*Dw=bgtLHAU$i6)?!a;TO5!3jBU}xc&!ed^zKW-0KC8}* zGeym^ub%pl;l+{@-wI!ik*sJ@gEfa5Q;@EbwIam?!xFFz&p@2`oWfeC{)mNBT`C$* zfYpRjjFa`bl>3aDj~ASyQX?@@Ig(*$eWQ+P35$?}YpRqt`wpMQpM&sKtgY3(hSHBZBT94I`Ukcii^{+!`|pB4%$;ZRk>&? z#kZ+g5EP}eeE1Vdc7}s<$L=GJfY2$4|4>%Zj=Iq)4X%-?->?MgPNVS*{Y*nHHjD?9 zI+4P7U@fX)Btcw&8Fd<<2e-7l^3RKCK!(CIE$LRq#3vygrf|^`9&hRIt(M&ITC&|Y z&ZaEo48y|La!{GqSe7-g$ibXVh`$jpp(5%khFzr-Iw9eda#%%%Y~Fw>L>94VDg81} zCvTc1qiv=tnaNYdoyQ7RvNR6Hg?sq#$B8 z>r(Q^TFkZ5w8g|08baPA|Y z12PoEHM~=&WQql2P#lyeUkW21R+DB>pk7y5I_=q6gR=|v?RJdyE(?*z#$ySTIl8VV zTZYS|2yjWU;=xJAD8)bRy{|{7fj83%C@tN@_QH5LWD4tA4z>bkB&8(Fci?VkhNoWR z2^`TgheM^|XsCZW4TKC#@^=gFt2)qo3k0v0d;#|aQrJ`~1e&ZCOAV;ok)p|vd7k%^~#c0R_gh&xYTvlkfE^pj|i!GP!>o(7Pfm`)ox)QsX}ps zNtbhKRJ?rXH7<*46ui7_{8)gNAM?1%y=oNAKo+L!f>*MlwLioad(ogZG&FFXd9|%8 zF4tq0R8gLMQ)7%tFSbAt6S+757LEqQV^?~aNC{70h!J&_9tuOs4*G>%Ny%pe@o1nc zw}F>z!y+_SBRWHc{ApnZb96;KFRl6jsideq)7FL0uCjZubw1vZLXAA)tE~+QgCSISnHT zeL9Kh?f11O3GuBXuJY$-UZu203KbuBkxC@vQV!E(XSj@ya@Y$AcD2+2fKwk)`<8fw zsRxug^N0Ez?7M@RHfI27%=5Ha3g0kt5G)G_87%938Zx)|bUb&Km0bGz)%MPawB1+k z^DQzUuic+;`z86Q{c6YE+8MpV?oZnm2OCL@)T{84=NLm_zmIC#Oa@c9jSkxMjG4=cOP>Z=DXT9r&Om)oTV$i|(OPO*HjpD9sQXM@jrIQXy9ls?v3W*85ay3=Q z`eWd;a$ds7k24zsd1n=|>heh$5$hz#w$52e7D^whFaLaX^R;WFjlP4raG^0EJ{eJ= zDp8)bo#lzTNkXF~!z5_LfXJmD;-LU*JJ_wbT;}pT& zrXo>r5n?Jg8!#+-9}vGcp(7zNEtyIDVgt@H@+?It-0N!{EKIS{Rs&c%?`@)v^=4r3 zEW()@xzex98Mk1g;A;#f78T~V9kw^@EeMiZScud$#%|gGG%W1tJ3Q1sk4{1 z^9CusV!a_H+$i1Ia?cAeHbv#skYpTt(&c*M$zib)A?J%sg%bu7nDA^ zGL@5vRO&VXj|~J$iqU2+#g=j)8O9bS(151msdDLH)E5qVi@7qb-zaN9%7v2q4HP9< zwRQ8dE){5kjh%>O?*q%Y1vbEJkgYd{9XAq_x%QUxvXMUH?9uSerUYd(7|VYewoDAL zoM180MU4I#eF(-Oc1fdgAf9sM6S>!5Nt`S;B~S(>`hqmR<<_^s+G!W=gMAdK)~qX- z# zo0xH=&c;ec8el##{x4>*mj4R}#}4b*rQM85eU?6%&Evlh<9+7$RHY(--+VgVKRGt1IKm+v5fGy`-RjV?zRj>$M=k?&fUfW#wusuIftDTt3EPtwF%%KdJL`4GEAORdUI zAB0r1-c)n$x(P!NuhL>)FU_Tuu?R+Lc}g%x9=if#482!iA2H93XKd}Y^DpOL>lL12 z*1E`RC{U|qT6*oYx19D1;}h}T>IB@FfHcF%my%RLcOGvXcaQd!9`2RLhVfj z{;5JTLdc4K@aiQuQzHdXi|I>>Qn5fmLR$L?C_+w}G9{497gMib&P*efB+}RqLl$<> zhm&`w-MxMEbNAqIf3IWq-2jW>1T_ms)l?kog8D9GNsvpaM?}Z|!@)toOY1|l4pbmp4}&GOf6^@J1O%}S5HO5SpO~;nlC3rK?r)SgrJjNAM8ze7%Iqa`t%^>Adj(& zD2RR5wFBA!a{_=)NeMT}faLjlg;QqpJH) zDy1$KqIVzv=_oHNBUioq_)nx16DBAM&d7g*kYIWC1c5hEG(6QOJ~l#^lw85hri-E-tp7vwuTaFRyjkcH~Nsl62C zk&{z@NYH=~A4wtuVR{N%CTt2RHL&WUz1tO$b?bn zAjg}dpJ1|Lz&9`3eK;UQK1mh|4(L<3UJA)j#R?Azk38jh?ibC2@?Ss8N!e%+O#|b0 z4(lpIy)T^|=T+|Xv5~qH^*m5sq|&u%NZ}pWNokvH<7uwdlqoMfsCANTapq%tYXh~_ zje2`qQk`ja+u3o@fl?U2yvdP62%dtgaod0fq;%jEgJ@*^Yz-SN^ap1?{1_9))yF>o z7dwR~F@=j~&$J`Gxx%%u(Qez$>h_1NXU`J%c5tQ_CMtj%>#t$pK2tFfbW{LyXiSFZ zQU8K>&?iHkS65f|eJ=~gn|Qz?vFVd5zS(~L(~HgI+*hOUx>AzQtuZ24L?M}C5z^0f zx=2@8Hy0B?rCM*m(|Fs^=Vk3u0qP|#Scu0U1x~SwF%c;iDYpSYnyjXr=(WbcADhj_ z@=1^fV~A)#q%5sfooQ4{(Ou);V`HAa9r~4cU=NVdPFs>&e7W4{MFVBqr%nC=ULz_G zX6QBt)+Lfio!UZBJ^fQ0=2 zv4Vy)8VAQezeniJn}48Z&y*{FW~snNi=I7e#05Xf69v}J2il2@`pDABJVV64M3*?^ zj$`!@yHsVmFkxeyROzf&EV%J0<$zH3(CD2~ys7XWnc5i-+WIy3Vk@64`!woF7a&g8 z+O>RD?Q5b$PiGZAWJ=+Zc6mxS2>v3fwW*X0_2r!0P_0ru!Ga(SYr2_d&+?OL?!y0< zoYwgi@a$Owp-=7K(a+tp?qLTdk$<#natO9IdW-Y)uBbe8bd*Rl97=$-BJ|MXO(=nW(f3rb-{z?ugxCVU$c z+OGD6+J4XMI}$B=B-eLkSAv#JzacspjhVxKd&_y{Y_-Cdug%4_`6L14MP7Oy8`Gg` z#%C^Z{!rHzm``*I1rdJ~;PLHZ%AYTHquMu!&|zk@?cs)e9ortpu3~8$puWYElqazR z;nTJKb?ozJ%gqUZa+P8Cl4|oNqko{&DRC(l#G6T3_~_*Q=~?&qtb<~&X;>}BZ91n& zwYAs2b)1rQV`o5XCUV$|?Xu8&F(KgliHW8+ahH^%>@a- zbFhWp!=07BqEum5AV1Mszqfz-@nCl!GT-#o$si8wx7L4uxR9KpzQLx8_Dk9y>iY9)nn6Z{~6j2MIT(vv?Go>qb#)f@~s0tq*ZkwAVfBzU}t(mw%v5F%355(Ig6-7|C6*+YBQ= z6UWk88!8aw6fRc5)-@(ReFvD(B2SM(ZFZ$gLR-119E&P8p6n08AHmsE&?(Uh3w7X( z&yLmYn zBnmLqvz#tHHpKR|=Z22&kf1J^3R^T@O9dcQ0%Obw))U395kw3EQdl&%1qoV*6Eek# zl^$>`VwjzK<>UJQzwCW`ciXnI@BjQ1I8=IUXPdO-S5n=Rv##T~saNyx zvfbpK+jiNI2uW-xf+a{h+Oh9vzY8+}2tM?(6DLiDwRdWfATW3h27{U3JVa`dR}958 zja-Pj2HO~vX5{c#N~MDI@-PYn-jRz;K>;)&v4yb>D(9J0IS0_%GEQ_D|A}yA6-I;BLo^5s zHZ+@Y9{GC6(62$s9S=;Tgx{u`FcDl|cf+MhiWXy9v_GL5tyke~=xfL9Vd&NF@Cs-spdu`2Gk z974;~&Z7XEry;^OEZ<}QYmdO!O>@`3vI;`LposTBEMLdG^}n-ImH#{2EB)WYq_P3J zhC;<#0f$)Yq-%_F6_}PCcu)Q95N&_ZC2fD--*$p<$VAp9Vnnz1_PbAZ+fSbEZ2!0y z?6fF&0>?QQ?bk9+MO_d8F2{J-w%9I{ASZv8K<`iC_4{J*Z260vQx|j13_hq@YJ7zbj^XmwdW)S{gQ97ttl-iT?Wy9kU{bRb&^Q zO6FN){)J8Ot@%oMgB?ax2wCiz^&4FIrhI+=b)($u=WKKFD;sY3kdM zS0ud#8&E6(GQ_3Tt{>!1|lWi!q^TN+J0^+q+?8tX`Ewd0I+`xYG96jrCl=- zG0ocX5*`$xtij1wMMg-{@QP;4(__7*Tib&6nt3Z9%$m2lIcO7`=1dM67%_qcBwA{6 z@K40>Wp>OZ^hUvsCdV1TW(xBB;Ou8um~ReVACrLfa*V4H#(*;$u%6WyvpfM+ZVxIJ zTP<0<$78QY#mF<|It1&`mzr`Bon@)A_e|ve2P0$nn5Dwg_Wp%8z&h}}F%4s5>#Pl@ zWyTG;&|1Xy5$INGlw~eh8x~e|I)DNl6`suwbYjD7w_0^Px~>jM3Z}JSx~P;g%B!!0 zpoR|d87HS2wXUmh@nrS&!t2+^IxL5h7@L?*GutVqf#NznfPIDEb6Cx1XEvXc-KZs4 zW;s?&lDn~+yEB|G&vHzQYiws8<3XNLn&B#BS~ejHFA+0o6kSI85MEk`UI%|h4B@9^ z)d8oPg2{-5DX(_R^<)WHM=av~h{YD5B)C3i#?47fH$*`|g8QD;MhrQO2HpM9H5%Dt z!FG!>PUQE2T<&9VBaxHvKLKpRL}f*DdeJ49VL-h6vJ3xxNp46#&xjYe#3kNf`x1*s zg23BMQ5sETse?QMM*{<-X`@s0`zltn0>hM4gn=OIvLoBtQB?)W+fcjQ|L`1eIE_c1 z2ANzQLQ^42^uido97zmTlJKB5*d+u_bQzn8v8kqSr5MG~3|k~^1Z9LG4X!>~?gx3q zQWX`~l>*=g*RP3j%RpZj3vrxBS(rr3GxeaH*D5NOD+%|X6CTu;&%IZ_?ihH)K4wsV zLvNMi+7k`1+9jQKTgs1CU&51uV)UCj==bH8bbo@2=gK9^qgeEoqaLWL8n-jaY>M!M z8mQh1Lx|L>BEd&f`O(U`4Xa)m(4l9JoWW95>Q_Hi;Tm}i3kEeZ^0CIZT;o1hu-^xSKh0m zcSo-z*#&WjKwFor@mL*ee$wu1MMRLxQadjdXmNo4VVgyyeDeV!6e$p`C_*PJyGyJw zP;>h2`B7KO=LHh(f0w)0A+mzAqL8BB)$#At!h1MWA;eS+c!UmxK$yQ4y9u;IE)LDc z%8(IqPKF>fS)~9wBjd@1^-L{`A`*^dnU<3qV))1{*}9vTtOmV()dpqWU2fFY)AF$) zRLnASG2YVAS3T-!Pa+S5M!2U>Mdqb>OxEQoD&`scj}6C;h_AtiH2!S2+Gg;kT8I5O zPgn{+Ew86=06E}j5sEL}R%JTjWg`YC=AIslQe&O^U~~%?v`YKTs{eZA!oFIE0vzLPX!sury zJ&Ld3M{(Qo)7!WBfS{bvC2o(VE_PD!jroiG_6G)W(c*{|!dpo@IQG9 zEaGSj4~z-DY(!(&hP1m~QIMpl+LcGDvt*anCnAQmp?Nl9ai*oJsnZjVZ!sc(TBhDk zp-by(6dmQjUCA|f@>%xdvnC!%hClacd6tkH53WzpEuTjC|18Z#2G2)aWacqsf+v*> zXI9E{YF~R}!Ug(v>eMQANwteAV~sNALUodL$w4W)bSM!*SOMv+ zd!3C6eR9kpVjPV)+~ZgT5uQ$=uu8g;hk!PAXWR$AK^bhGND7gy01gsN_n+ zl=c~1uq>oxGinh@y=2Q`E8+OhR!f%}^4Q}84PG^x$MH`@9h2(>F_H2^K7R zwXWd!1QcC;{i{pf@R*qn*xTLNcFOn6p!DDYJK<@jbZc5Ze8p+-oJKV6D_pQQI-gB~ zSn$f#OcM36@QSd9`q@@Xmgq@(B*Dd9tERB4s6SDT6*QjM!N!ZAfI=zP$8>_I<)~Nl z$&qX$HEt04iqO|}Sw(;$Lve3g?Gd{Z}!!eb&vV=`uA zh(y(Dk>>^IByO`hkB6Gb4g@V>_1hJJNtXP z8=JB)TvH}uHNYsvJRgooIH+v@c#R%KEP_2vp3O##UWK@&I3;&!wZbloOQd>SQH)@g zOJN*T&_@35wx0YrCo@FDx>OIxgY+6xFF=^FBpWG z{3l+%X0-nSEKIB*aZT4KQZz3t0LChUXSN-pr@A#F$TBE&76A^g3}MmA*?Kj#3KBKf2sk2B!1g0YOzYSJ5*pL+@|3S z88@_qvf)>@K2a2g2|Q-xRS`N0UOFh-b1?9)_{zP*`e#XQd)q0>@^RVGRE-8 zDWk#rG|brB7&bBy{+o5l)0bg`a3QB>IoeSrOtc-K35_r_q49#PS9Sg3Vp6)~^(l|w z%G(NCvDHGNJb_e&OgLpSyGHOl%diu%dttW$cu275Bsa}s|)Kk#{?p2|zNe_;fq>POdbsK8K+A1+xH&Okx2m&oU z!BB=;=&p<52@hV`IT9Wm)H5k+tetC3-3cEQ$AtRyd}kT#8G}~P;^P~*QPPAiR#;Op zpZ`VY8g6tlI(-^<0M$3GU& zl|5sZ{I(YGwN0{SzFqr6^Q%gQa~L14tIxwk?Xp%p^qxEvnA<&As5Zn!ln$;=NG0VZ z43`e)Sv{Z{-;nY_tLc<`XaZd5plMblBLK4=hZRA0t`&KokCPlssg?c<3@gnqbmGA} zkStUHb;&}uAqYxJMvMcY4yG#Zp($S0RfmNIxnF7d)U;7cANy9D zEXqU98#`N3uutB`(S#hw@{}Yu56uMC&&qx<=GS%AhtfcsbCoK4%mWrdbCM*Q z_-K5s&gvLNA2Dhmw6cl6rULC@Y3i;NBT^S8bE>K8s8lS|v}Bhb-%)}pr4^`Pz1l|oulWcmzT2vkf>CRnL3+dXndA8Gh_h)>dEW`rWR z6JUXFZ3IW9OZz@>VF8NIt_s1>lbW=&w8iRsUqMZ@yA5jX8!YdZbb%rsQXb{4$B;`G}kd|Ok zyKh~QXDacqlC75YF+ACDbmkNJyGhfgFlJt`h)(PqK-f9#TfvTeCTA_rGxKoIArM(R zPuck>Wn#pmpiA~ai35|^dfIUuL-BIt?0p$(@Q`x;>a2dtnW?#_w+5L>G5bcdddO?- z*4i5wuR_-Z))FQouxn*10;M1+Eu(PZT3-WQ80I^J5)R>0QRqjZLTx)Izf>3Huy)Pm zHx$XzEF6S=nt@Pf|I`MYC>=wQhsA3!bx?wm{OTw5b87xy*rfW+FKp8M*}=4$K#8j^ zu!4ror?3ZtQQ0~>du2FeZ=!_?rL!IrYBv~)U)UaAR^>_YoCg9;!LUt-2c}7;J@Scd zwn$6OJ7rhe0`OHRGH@!0ibBeqWz4cP>nIj|$qPpSNDP1dp2m_=Rd|JZr@1T)lcLKPjac^oSC-mr3rb%|U$*=es4 z;KW@r#!^s5k?-JU_DTv1J8k8ANRaMxyMu; zr1qa`;MwOX<6^7mX;1H4Ewm)nLyfKn7)H__8QHGoJKE~zHRCXfIEGSS`ZE`qZmS?^ z9!WtV!G_U*CYg!V4JK1y)M9)yU)!O*`#cs|N<$^@Kv7yORhF1`pdvMa3O`SozpH=A zEuKb9PQ#z`A+y{!UeRHZ3HJ50OOoM*<(_d7(cvdm{xkQ}r@}qjZE$CHiBE2CJ+%tm zTe3xV_Sx3{j$J>q$~E;jrM{rPxI4!Ig_))Jv(}Jba+kz zKcJxVAqQvB?VIHA;OvOJ|M}>RETB&_8u6h&qQVq*Vf>HQ&F7nB?eOiJH%Eu(Ya8Ue z^07t8g$Vy`eYQc4UY#A0HaU9pLQ){#lAliBzMk?q0e`O)JivkKm_sP8^)n?hejEQO0 zygc~z<!PwH%)w7RcetBEZeZf3M-c?d-4cUmqk@1ZH{S9)fIm z91l{80dMn^IW!61X&lI_jzg2=T?OgY-hmFtE41?@KeK2|VAcSG0Duw=PGX{!_gHq# zSghqyqM#%lLaeyz%2gZhD?qQ*n~*RQEE@REh>w}MT)Do!F2PVbVP6uZxuyLo;MXzQ z6h(Zb227SKc>1H?@CJL@TJ;KH` zjJnp<>HoGUafsU36bPJCg5fk5Ki(`yH0(B~0>L|H{Fht*cM1VF7yosqivPO3zrDhL ze~{E_nNy&eYlzhbG20cWM{hz7kGBqAkc{(4D1#C%H!3E4M~Q6jP|CtWJeV~r+}CeE zExGBLgr6ld_`#g@-|6gks_`G5tngnSCVl#}^_X0R<1XC)4#J3K zlY~7R%Wmn9SeHEBy1jK|F6WeGd5X#xnj|St(hzVYjAWpIUF7~O&v(9~zV(!zn7BBL z{L<91J}8QEiKjjd2Sl*(6-y8KIH4&c?tgXs&aT&XiGOI9^Gn`i>TCaHm}#1HIY}DE z8F9fg7H&JYt~x!I(N0kn00CC=((|7U5+(>a_U(;WW4y}e!K|GWF!dn^9`5NQeie?CgVXATBldCfo| zaCx3nct;RBSbH2R&^u-40}6eGF9!L1$N3d>n!q0(UC}5E;3Rq^D`>Y#_nCqZFPLMI zN%-n4A}fxV4@J6UJqY_5apB!BY~m6(q1njKxUZ>dw_V~QvXc4Z4czg#gOEi5e4;R* z+HH5kaIhMMoi9aUX9)^BhQb;tYK5w3?WTB9r^IfSaLIZUimYiw>RqrQYXkkIOCD_y zxfvQTKm(uvmg_3KM71{JX>erEzzF(q(@*%o%1s31G5`j!*=_=?FPv6z>V+A(hER6d zDCO5UReh*eQAs?l+bz|1LgD^YWtzS@&+Ae-5`;9(79l6gpFE6->k_}-3+BTRqHZ>P z?`!JR#khYgenmRe*Q#QmQT1u}8F7D)PY%w`-oHJ4aYl|#Pv4$`Q82DY9qCU6{ZhBc zX8l@=oY`R4KM1!}Cx`@ta@F+)+<@NGYU)Zp`0DBI`@iyt{0#g5&R#YC*Y4i_>iqX0 z>2BvgdAc#-H^BC+Vf#@N1pecab%MJMM%UmxbBX^B_eZ_|Wg~{UiHiX`^p-M>8<%S^ z`*do>>yRAKH+A~@m7Q7JLo{aBFN+T{I;`Z9Pi{!Y^*&ad&wLfG#A21jQ@ z4kLj~ogkgf>F>5Tis_>>;qOJ}Qi&>SH@BY4(FgKw;p%w$P^S=Wp)_`u#furfh8ms` zgt#j|^&3aL{L3j-jg2aOrrsnEL`XOw>r&`nNBPVyW&_5f9!sZ8X{lnUMVkP8`UF;4 zB|1uEtR##1>F)bKTIYR+{lC-cRPTRx_x4ut{~jbQvH$;KtV{~15}X86nW~y2Iy-Vy znk0VNV#TcI>Q(_petuzr>5N!3_QeQi<&00@z51qJpN<2JJVYO-VE=2(uOL*s-lY76 zj!)3IU80?^_GjR+(v15eVSQhFMf;Y&4x&C?^~*Wt^{rLF{kwPBu3E9zzk9kn|HsL* z0Q;YN{%h~|D_lO|+